diff options
author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-10-18 13:19:04 +0300 |
---|---|---|
committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-10-21 14:16:24 +0300 |
commit | 9e6d30751c911a64cc0bbe37f65ca124a9ec51cc (patch) | |
tree | 99268b45584fc5ca0b1a8a8a7149105a7d3867fb | |
parent | c6b6f3130d4b9c88a5471ff7f7b113be8e8c8411 (diff) | |
download | gnutls-9e6d30751c911a64cc0bbe37f65ca124a9ec51cc.tar.gz |
cipher: replace several bools with single flags instance
Replace bools in cipher_entry_st with flags field.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-rw-r--r-- | lib/algorithms/ciphers.c | 13 | ||||
-rw-r--r-- | lib/cipher.c | 4 | ||||
-rw-r--r-- | lib/crypto-api.c | 8 | ||||
-rw-r--r-- | lib/gnutls_int.h | 8 | ||||
-rw-r--r-- | lib/record.c | 2 |
5 files changed, 18 insertions, 17 deletions
diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c index aab3708128..fd47c13b66 100644 --- a/lib/algorithms/ciphers.c +++ b/lib/algorithms/ciphers.c @@ -86,7 +86,7 @@ static const cipher_entry_st algorithms[] = { .implicit_iv = 4, .explicit_iv = 8, .cipher_iv = 12, - .only_aead = 1, + .flags = GNUTLS_CIPHER_FLAG_ONLY_AEAD, .tagsize = 16}, { .name = "AES-256-CCM", .id = GNUTLS_CIPHER_AES_256_CCM, @@ -96,7 +96,7 @@ static const cipher_entry_st algorithms[] = { .implicit_iv = 4, .explicit_iv = 8, .cipher_iv = 12, - .only_aead = 1, + .flags = GNUTLS_CIPHER_FLAG_ONLY_AEAD, .tagsize = 16}, { .name = "AES-128-CCM-8", .id = GNUTLS_CIPHER_AES_128_CCM_8, @@ -106,7 +106,7 @@ static const cipher_entry_st algorithms[] = { .implicit_iv = 4, .explicit_iv = 8, .cipher_iv = 12, - .only_aead = 1, + .flags = GNUTLS_CIPHER_FLAG_ONLY_AEAD, .tagsize = 8}, { .name = "AES-256-CCM-8", .id = GNUTLS_CIPHER_AES_256_CCM_8, @@ -116,7 +116,7 @@ static const cipher_entry_st algorithms[] = { .implicit_iv = 4, .explicit_iv = 8, .cipher_iv = 12, - .only_aead = 1, + .flags = GNUTLS_CIPHER_FLAG_ONLY_AEAD, .tagsize = 8}, { .name = "ARCFOUR-128", .id = GNUTLS_CIPHER_ARCFOUR_128, @@ -164,10 +164,9 @@ static const cipher_entry_st algorithms[] = { .type = CIPHER_AEAD, .implicit_iv = 12, .explicit_iv = 0, - .xor_nonce = 1, - .cipher_iv = 12, /* in chacha20 we don't need a rekey after 2^24 messages */ - .no_rekey = 1, + .flags = GNUTLS_CIPHER_FLAG_XOR_NONCE | GNUTLS_CIPHER_FLAG_NO_REKEY, + .cipher_iv = 12, .tagsize = 16 }, { .name = "CAMELLIA-128-GCM", diff --git a/lib/cipher.c b/lib/cipher.c index 679a5807c1..b69a228db5 100644 --- a/lib/cipher.c +++ b/lib/cipher.c @@ -332,7 +332,7 @@ encrypt_packet(gnutls_session_t session, cipher_data += blocksize; } } else { /* AEAD */ - if (params->cipher->xor_nonce == 0) { + if ((params->cipher->flags & GNUTLS_CIPHER_FLAG_XOR_NONCE) == 0) { /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block */ if (params->write.iv_size != imp_iv_size) @@ -602,7 +602,7 @@ decrypt_packet(gnutls_session_t session, if (unlikely(ciphertext->size < (tag_size + exp_iv_size))) return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED); - if (params->cipher->xor_nonce == 0) { + if ((params->cipher->flags & GNUTLS_CIPHER_FLAG_XOR_NONCE) == 0) { /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block */ if (unlikely(params->read.iv_size != 4)) diff --git a/lib/crypto-api.c b/lib/crypto-api.c index 7308d7e7bb..d3e8094563 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -67,7 +67,7 @@ gnutls_cipher_init(gnutls_cipher_hd_t * handle, return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); e = cipher_to_entry(cipher); - if (e == NULL || e->only_aead) + if (e == NULL || (e->flags & GNUTLS_CIPHER_FLAG_ONLY_AEAD)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); *handle = gnutls_calloc(1, sizeof(api_cipher_hd_st)); @@ -1006,7 +1006,7 @@ gnutls_aead_cipher_encryptv(gnutls_aead_cipher_hd_t handle, else if (tag_size > (unsigned)_gnutls_cipher_get_tag_size(h->ctx_enc.e)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - if (handle->ctx_enc.e->only_aead || handle->ctx_enc.encrypt == NULL) { + if ((handle->ctx_enc.e->flags & GNUTLS_CIPHER_FLAG_ONLY_AEAD) || handle->ctx_enc.encrypt == NULL) { /* ciphertext cannot be produced in a piecemeal approach */ struct iov_store_st auth; struct iov_store_st ptext; @@ -1130,7 +1130,7 @@ gnutls_aead_cipher_encryptv2(gnutls_aead_cipher_hd_t handle, * AEAD ciphers. When an AEAD cipher is used registered with gnutls_crypto_register_aead_cipher(), * then this becomes a convenience function as it missed the lower-level primitives * necessary for piecemeal encryption. */ - if (handle->ctx_enc.e->only_aead || handle->ctx_enc.encrypt == NULL) { + if ((handle->ctx_enc.e->flags & GNUTLS_CIPHER_FLAG_ONLY_AEAD) || handle->ctx_enc.encrypt == NULL) { /* ciphertext cannot be produced in a piecemeal approach */ struct iov_store_st auth; struct iov_store_st ptext; @@ -1274,7 +1274,7 @@ gnutls_aead_cipher_decryptv2(gnutls_aead_cipher_hd_t handle, * AEAD ciphers. When an AEAD cipher is used registered with gnutls_crypto_register_aead_cipher(), * then this becomes a convenience function as it missed the lower-level primitives * necessary for piecemeal encryption. */ - if (handle->ctx_enc.e->only_aead || handle->ctx_enc.encrypt == NULL) { + if ((handle->ctx_enc.e->flags & GNUTLS_CIPHER_FLAG_ONLY_AEAD) || handle->ctx_enc.encrypt == NULL) { /* ciphertext cannot be produced in a piecemeal approach */ struct iov_store_st auth; struct iov_store_st ctext; diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 7f7b6a7c97..33c2318030 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -645,6 +645,10 @@ typedef struct record_state_st record_state_st; struct record_parameters_st; typedef struct record_parameters_st record_parameters_st; +#define GNUTLS_CIPHER_FLAG_ONLY_AEAD (1 << 0) /* When set, this cipher is only available through the new AEAD API */ +#define GNUTLS_CIPHER_FLAG_XOR_NONCE (1 << 1) /* In this TLS AEAD cipher xor the implicit_iv with the nonce */ +#define GNUTLS_CIPHER_FLAG_NO_REKEY (1 << 2) /* whether this tls1.3 cipher doesn't need to rekey after 2^24 messages */ + /* cipher and mac parameters */ typedef struct cipher_entry_st { const char *name; @@ -656,9 +660,7 @@ typedef struct cipher_entry_st { uint16_t explicit_iv; /* the size of explicit IV - the IV stored in record */ uint16_t cipher_iv; /* the size of IV needed by the cipher */ uint16_t tagsize; - bool xor_nonce; /* In this TLS AEAD cipher xor the implicit_iv with the nonce */ - bool only_aead; /* When set, this cipher is only available through the new AEAD API */ - bool no_rekey; /* whether this tls1.3 cipher doesn't need to rekey after 2^24 messages */ + unsigned flags; } cipher_entry_st; typedef struct gnutls_cipher_suite_entry_st { diff --git a/lib/record.c b/lib/record.c index 5105c13fdd..ced217c245 100644 --- a/lib/record.c +++ b/lib/record.c @@ -584,7 +584,7 @@ _gnutls_send_tlen_int(gnutls_session_t session, content_type_t type, (int) cipher_size); if (vers->tls13_sem && !(session->internals.flags & GNUTLS_NO_AUTO_REKEY) && - !(record_params->cipher->no_rekey)) { + !(record_params->cipher->flags & GNUTLS_CIPHER_FLAG_NO_REKEY)) { if (unlikely(record_state->sequence_number.i[7] == 0xfd && record_state->sequence_number.i[6] == 0xff && record_state->sequence_number.i[5] == 0xff)) { |