lib/crypto-api.c

   1 /*
   2  * Copyright (C) 2000, 2004, 2005, 2008, 2010, 2011 Free Software Foundation,
   3  * Inc.
   4  *
   5  * Author: Nikos Mavrogiannopoulos
   6  *
   7  * This file is part of GnuTLS.
   8  *
   9  * The GnuTLS is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public License
  11  * as published by the Free Software Foundation; either version 3 of
  12  * the License, or (at your option) any later version.
  13  *
  14  * This library is distributed in the hope that it will be useful, but
  15  * WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17  * Lesser General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Lesser General Public License
  20  * along with this program.  If not, see <http://www.gnu.org/licenses/>
  21  *
  22  */
  23
  24 #include <gnutls_int.h>
  25 #include <gnutls_errors.h>
  26 #include <gnutls_cipher_int.h>
  27 #include <gnutls_datum.h>
  28 #include <gnutls/crypto.h>
  29 #include <random.h>
  30 #include <crypto.h>
  31
  32 /**
  33  * gnutls_cipher_init:
  34  * @handle: is a #gnutls_cipher_hd_t structure.
  35  * @cipher: the encryption algorithm to use
  36  * @key: The key to be used for encryption
  37  * @iv: The IV to use (if not applicable set NULL)
  38  *
  39  * This function will initialize an context that can be used for
  40  * encryption/decryption of data. This will effectively use the
  41  * current crypto backend in use by gnutls or the cryptographic
  42  * accelerator in use.
  43  *
  44  * Returns: Zero or a negative error code on error.
  45  *
  46  * Since: 2.10.0
  47  **/
  48 int
  49 gnutls_cipher_init (gnutls_cipher_hd_t * handle,
  50                     gnutls_cipher_algorithm_t cipher,
  51                     const gnutls_datum_t * key, const gnutls_datum_t * iv)
  52 {
  53   *handle = gnutls_malloc (sizeof (cipher_hd_st));
  54   if (*handle == NULL)
  55     {
  56       gnutls_assert ();
  57       return GNUTLS_E_MEMORY_ERROR;
  58     }
  59
  60   return _gnutls_cipher_init (((cipher_hd_st *) * handle), cipher, key, iv);
  61 }
  62
  63 /**
  64  * gnutls_cipher_tag:
  65  * @handle: is a #gnutls_cipher_hd_t structure.
  66  * @tag: will hold the tag
  67  * @tag_size: The length of the tag to return
  68  *
  69  * This function operates on authenticated encryption with
  70  * associated data (AEAD) ciphers and will return the
  71  * output tag.
  72  *
  73  * Returns: Zero or a negative error code on error.
  74  *
  75  * Since: 3.0.0
  76  **/
  77 int
  78 gnutls_cipher_tag (gnutls_cipher_hd_t handle, void *tag, size_t tag_size)
  79 {
  80   if (_gnutls_cipher_is_aead( (cipher_hd_st*)handle)==0)
  81     return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
  82
  83   _gnutls_cipher_tag( (cipher_hd_st*)handle, tag, tag_size);
  84
  85   return 0;
  86 }
  87
  88 /**
  89  * gnutls_cipher_add_auth:
  90  * @handle: is a #gnutls_cipher_hd_t structure.
  91  * @text: the data to be authenticated
  92  * @text_size: The length of the data
  93  *
  94  * This function operates on authenticated encryption with
  95  * associated data (AEAD) ciphers and authenticate the
  96  * input data. This function can only be called once
  97  * and before any encryption operations.
  98  *
  99  * Returns: Zero or a negative error code on error.
 100  *
 101  * Since: 3.0.0
 102  **/
 103 int
 104 gnutls_cipher_add_auth (gnutls_cipher_hd_t handle, const void *text, size_t text_size)
 105 {
 106   if (_gnutls_cipher_is_aead( (cipher_hd_st*)handle)==0)
 107     return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 108
 109   _gnutls_cipher_auth( (cipher_hd_st*)handle, text, text_size);
 110
 111   return 0;
 112 }
 113
 114 /**
 115  * gnutls_cipher_set_iv:
 116  * @handle: is a #gnutls_cipher_hd_t structure.
 117  * @iv: the IV to set
 118  * @ivlen: The length of the IV
 119  *
 120  * This function will set the IV to be used for the next
 121  * encryption block.
 122  *
 123  * Since: 3.0.0
 124  **/
 125 void
 126 gnutls_cipher_set_iv (gnutls_cipher_hd_t handle, void *iv, size_t ivlen)
 127 {
 128   _gnutls_cipher_setiv((cipher_hd_st *)handle, iv, ivlen);
 129 }
 130
 131 /**
 132  * gnutls_cipher_encrypt:
 133  * @handle: is a #gnutls_cipher_hd_t structure.
 134  * @text: the data to encrypt
 135  * @textlen: The length of data to encrypt
 136  *
 137  * This function will encrypt the given data using the algorithm
 138  * specified by the context.
 139  *
 140  * Returns: Zero or a negative error code on error.
 141  *
 142  * Since: 2.10.0
 143  **/
 144 int
 145 gnutls_cipher_encrypt (gnutls_cipher_hd_t handle, void *text, size_t textlen)
 146 {
 147   return _gnutls_cipher_encrypt ((cipher_hd_st *) handle, text, textlen);
 148 }
 149
 150 /**
 151  * gnutls_cipher_decrypt:
 152  * @handle: is a #gnutls_cipher_hd_t structure.
 153  * @ciphertext: the data to encrypt
 154  * @ciphertextlen: The length of data to encrypt
 155  *
 156  * This function will decrypt the given data using the algorithm
 157  * specified by the context.
 158  *
 159  * Returns: Zero or a negative error code on error.
 160  *
 161  * Since: 2.10.0
 162  **/
 163 int
 164 gnutls_cipher_decrypt (gnutls_cipher_hd_t handle, void *ciphertext,
 165                        size_t ciphertextlen)
 166 {
 167   return _gnutls_cipher_decrypt ((cipher_hd_st *) handle, ciphertext,
 168                                  ciphertextlen);
 169 }
 170
 171 /**
 172  * gnutls_cipher_encrypt2:
 173  * @handle: is a #gnutls_cipher_hd_t structure.
 174  * @text: the data to encrypt
 175  * @textlen: The length of data to encrypt
 176  * @ciphertext: the encrypted data
 177  * @ciphertextlen: The available length for encrypted data
 178  *
 179  * This function will encrypt the given data using the algorithm
 180  * specified by the context.
 181  *
 182  * Returns: Zero or a negative error code on error.
 183  *
 184  * Since: 2.12.0
 185  **/
 186 int
 187 gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, const void *text, size_t textlen,
 188                         void *ciphertext, size_t ciphertextlen)
 189 {
 190   return _gnutls_cipher_encrypt2 ((cipher_hd_st *) handle, text, textlen,
 191                                   ciphertext, ciphertextlen);
 192 }
 193
 194 /**
 195  * gnutls_cipher_decrypt2:
 196  * @handle: is a #gnutls_cipher_hd_t structure.
 197  * @ciphertext: the data to encrypt
 198  * @ciphertextlen: The length of data to encrypt
 199  * @text: the decrypted data
 200  * @textlen: The available length for decrypted data
 201  *
 202  * This function will decrypt the given data using the algorithm
 203  * specified by the context.
 204  *
 205  * Returns: Zero or a negative error code on error.
 206  *
 207  * Since: 2.12.0
 208  **/
 209 int
 210 gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle, const void *ciphertext,
 211                         size_t ciphertextlen, void *text, size_t textlen)
 212 {
 213   return _gnutls_cipher_decrypt2 ((cipher_hd_st *) handle, ciphertext,
 214                                   ciphertextlen, text, textlen);
 215 }
 216
 217 /**
 218  * gnutls_cipher_deinit:
 219  * @handle: is a #gnutls_cipher_hd_t structure.
 220  *
 221  * This function will deinitialize all resources occupied by the given
 222  * encryption context.
 223  *
 224  * Since: 2.10.0
 225  **/
 226 void
 227 gnutls_cipher_deinit (gnutls_cipher_hd_t handle)
 228 {
 229   _gnutls_cipher_deinit ((cipher_hd_st *) handle);
 230   gnutls_free (handle);
 231 }
 232
 233
 234 /* HMAC */
 235
 236 /**
 237  * gnutls_hmac_init:
 238  * @dig: is a #gnutls_hmac_hd_t structure.
 239  * @algorithm: the HMAC algorithm to use
 240  * @key: The key to be used for encryption
 241  * @keylen: The length of the key
 242  *
 243  * This function will initialize an context that can be used to
 244  * produce a Message Authentication Code (MAC) of data.  This will
 245  * effectively use the current crypto backend in use by gnutls or the
 246  * cryptographic accelerator in use.
 247  *
 248  * Returns: Zero or a negative error code on error.
 249  *
 250  * Since: 2.10.0
 251  **/
 252 int
 253 gnutls_hmac_init (gnutls_hmac_hd_t * dig,
 254                   gnutls_digest_algorithm_t algorithm,
 255                   const void *key, size_t keylen)
 256 {
 257   *dig = gnutls_malloc (sizeof (digest_hd_st));
 258   if (*dig == NULL)
 259     {
 260       gnutls_assert ();
 261       return GNUTLS_E_MEMORY_ERROR;
 262     }
 263
 264   return _gnutls_hmac_init (((digest_hd_st *) * dig), algorithm, key, keylen);
 265 }
 266
 267 /**
 268  * gnutls_hmac:
 269  * @handle: is a #gnutls_cipher_hd_t structure.
 270  * @text: the data to hash
 271  * @textlen: The length of data to hash
 272  *
 273  * This function will hash the given data using the algorithm
 274  * specified by the context.
 275  *
 276  * Returns: Zero or a negative error code on error.
 277  *
 278  * Since: 2.10.0
 279  **/
 280 int
 281 gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen)
 282 {
 283   return _gnutls_hmac ((digest_hd_st *) handle, text, textlen);
 284 }
 285
 286 /**
 287  * gnutls_hmac_output:
 288  * @handle: is a #gnutls_hmac_hd_t structure.
 289  * @digest: is the output value of the MAC
 290  *
 291  * This function will output the current MAC value.
 292  *
 293  * Since: 2.10.0
 294  **/
 295 void
 296 gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest)
 297 {
 298   _gnutls_hmac_output ((digest_hd_st *) handle, digest);
 299 }
 300
 301 /**
 302  * gnutls_hmac_deinit:
 303  * @handle: is a #gnutls_hmac_hd_t structure.
 304  * @digest: is the output value of the MAC
 305  *
 306  * This function will deinitialize all resources occupied by
 307  * the given hmac context.
 308  *
 309  * Since: 2.10.0
 310  **/
 311 void
 312 gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest)
 313 {
 314   _gnutls_hmac_deinit ((digest_hd_st *) handle, digest);
 315   gnutls_free (handle);
 316 }
 317
 318 /**
 319  * gnutls_hmac_get_len:
 320  * @algorithm: the hmac algorithm to use
 321  *
 322  * This function will return the length of the output data
 323  * of the given hmac algorithm.
 324  *
 325  * Returns: The length or zero on error.
 326  *
 327  * Since: 2.10.0
 328  **/
 329 int
 330 gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm)
 331 {
 332   return _gnutls_hmac_get_algo_len (algorithm);
 333 }
 334
 335 /**
 336  * gnutls_hmac_fast:
 337  * @algorithm: the hash algorithm to use
 338  * @key: the key to use
 339  * @keylen: The length of the key
 340  * @text: the data to hash
 341  * @textlen: The length of data to hash
 342  * @digest: is the output value of the hash
 343  *
 344  * This convenience function will hash the given data and return output
 345  * on a single call.
 346  *
 347  * Returns: Zero or a negative error code on error.
 348  *
 349  * Since: 2.10.0
 350  **/
 351 int
 352 gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm,
 353                   const void *key, size_t keylen,
 354                   const void *text, size_t textlen, void *digest)
 355 {
 356   return _gnutls_hmac_fast (algorithm, key, keylen, text, textlen, digest);
 357 }
 358
 359 /* HASH */
 360
 361 /**
 362  * gnutls_hash_init:
 363  * @dig: is a #gnutls_hash_hd_t structure.
 364  * @algorithm: the hash algorithm to use
 365  *
 366  * This function will initialize an context that can be used to
 367  * produce a Message Digest of data.  This will effectively use the
 368  * current crypto backend in use by gnutls or the cryptographic
 369  * accelerator in use.
 370  *
 371  * Returns: Zero or a negative error code on error.
 372  *
 373  * Since: 2.10.0
 374  **/
 375 int
 376 gnutls_hash_init (gnutls_hash_hd_t * dig, gnutls_digest_algorithm_t algorithm)
 377 {
 378   *dig = gnutls_malloc (sizeof (digest_hd_st));
 379   if (*dig == NULL)
 380     {
 381       gnutls_assert ();
 382       return GNUTLS_E_MEMORY_ERROR;
 383     }
 384
 385   return _gnutls_hash_init (((digest_hd_st *) * dig), algorithm);
 386 }
 387
 388 /**
 389  * gnutls_hash:
 390  * @handle: is a #gnutls_cipher_hd_t structure.
 391  * @text: the data to hash
 392  * @textlen: The length of data to hash
 393  *
 394  * This function will hash the given data using the algorithm
 395  * specified by the context.
 396  *
 397  * Returns: Zero or a negative error code on error.
 398  *
 399  * Since: 2.10.0
 400  **/
 401 int
 402 gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen)
 403 {
 404   return _gnutls_hash ((digest_hd_st *) handle, text, textlen);
 405 }
 406
 407 /**
 408  * gnutls_hash_output:
 409  * @handle: is a #gnutls_hash_hd_t structure.
 410  * @digest: is the output value of the hash
 411  *
 412  * This function will output the current hash value.
 413  *
 414  * Since: 2.10.0
 415  **/
 416 void
 417 gnutls_hash_output (gnutls_hash_hd_t handle, void *digest)
 418 {
 419   _gnutls_hash_output ((digest_hd_st *) handle, digest);
 420 }
 421
 422 /**
 423  * gnutls_hash_deinit:
 424  * @handle: is a #gnutls_hash_hd_t structure.
 425  * @digest: is the output value of the hash
 426  *
 427  * This function will deinitialize all resources occupied by
 428  * the given hash context.
 429  *
 430  * Since: 2.10.0
 431  **/
 432 void
 433 gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest)
 434 {
 435   _gnutls_hash_deinit ((digest_hd_st *) handle, digest);
 436   gnutls_free (handle);
 437 }
 438
 439 /**
 440  * gnutls_hash_get_len:
 441  * @algorithm: the hash algorithm to use
 442  *
 443  * This function will return the length of the output data
 444  * of the given hash algorithm.
 445  *
 446  * Returns: The length or zero on error.
 447  *
 448  * Since: 2.10.0
 449  **/
 450 int
 451 gnutls_hash_get_len (gnutls_digest_algorithm_t algorithm)
 452 {
 453   return _gnutls_hash_get_algo_len (algorithm);
 454 }
 455
 456 /**
 457  * gnutls_hash_fast:
 458  * @algorithm: the hash algorithm to use
 459  * @text: the data to hash
 460  * @textlen: The length of data to hash
 461  * @digest: is the output value of the hash
 462  *
 463  * This convenience function will hash the given data and return output
 464  * on a single call.
 465  *
 466  * Returns: Zero or a negative error code on error.
 467  *
 468  * Since: 2.10.0
 469  **/
 470 int
 471 gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
 472                   const void *text, size_t textlen, void *digest)
 473 {
 474   return _gnutls_hash_fast (algorithm, text, textlen, digest);
 475 }
 476
 477 /**
 478  * gnutls_key_generate:
 479  * @key: is a pointer to a #gnutls_datum_t which will contain a newly
 480  * created key.
 481  * @key_size: The number of bytes of the key.
 482  *
 483  * Generates a random key of @key_bytes size.
 484  *
 485  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
 486  * error code.
 487  *
 488  * Since: 3.0.0
 489  **/
 490 int
 491 gnutls_key_generate (gnutls_datum_t * key, unsigned int key_size)
 492 {
 493   int ret;
 494
 495   key->size = key_size;
 496   key->data = gnutls_malloc (key->size);
 497   if (!key->data)
 498     {
 499       gnutls_assert ();
 500       return GNUTLS_E_MEMORY_ERROR;
 501     }
 502
 503   ret = gnutls_rnd (GNUTLS_RND_RANDOM, key->data, key->size);
 504   if (ret < 0)
 505     {
 506       gnutls_assert ();
 507       _gnutls_free_datum (key);
 508       return ret;
 509     }
 510
 511   return 0;
 512 }