crypto: add private API to retrieve internal IVtmp-getiv

For FIPS validation purposes, this adds a new function
_gnutls_cipher_get_iv() that exposes internal IV after encryption and
decryption.  The function is not generally useful because the IV value
can be easily calculated from the initial IV and the subsequent
ciphertext but for FIPS validation purposes.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

1 files changed, 15 insertions, 0 deletions

diff --git a/lib/cipher_int.h b/lib/cipher_int.h
index de83c36362..e3e010a8e7 100644
--- a/lib/cipher_int.h
+++ b/lib/cipher_int.h
@@ -50,6 +50,7 @@ typedef void (*cipher_deinit_func) (void *hd);
 
 typedef int (*cipher_auth_func) (void *hd, const void *data, size_t);
 typedef int (*cipher_setiv_func) (void *hd, const void *iv, size_t);
+typedef int (*cipher_getiv_func) (void *hd, void *iv, size_t);
 
 typedef void (*cipher_tag_func) (void *hd, void *tag, size_t);
 
@@ -63,6 +64,7 @@ typedef struct {
 	cipher_auth_func auth;
 	cipher_tag_func tag;
 	cipher_setiv_func setiv;
+	cipher_getiv_func getiv;
 	cipher_deinit_func deinit;
 } cipher_hd_st;
 
@@ -76,6 +78,16 @@ inline static int _gnutls_cipher_setiv(const cipher_hd_st * handle,
 	return handle->setiv(handle->handle, iv, ivlen);
 }
 
+inline static int _gnutls_cipher_getiv(const cipher_hd_st * handle,
+				       void *iv, size_t ivlen)
+{
+	if (unlikely(handle == NULL || handle->handle == NULL ||
+		    handle->getiv == NULL))
+		return GNUTLS_E_INVALID_REQUEST;
+
+	return handle->getiv(handle->handle, iv, ivlen);
+}
+
 inline static int
 _gnutls_cipher_encrypt2(const cipher_hd_st * handle, const void *text,
 			size_t textlen, void *ciphertext,
@@ -158,6 +170,9 @@ inline static void _gnutls_cipher_deinit(cipher_hd_st * handle)
 
 int _gnutls_cipher_exists(gnutls_cipher_algorithm_t cipher);
 
+int _gnutls_cipher_get_iv(gnutls_cipher_hd_t handle, void *iv,
+			  size_t ivlen);
+
 #define _gnutls_cipher_is_aead(h) _gnutls_cipher_algo_is_aead((h)->e)
 
 /* returns the tag in AUTHENC ciphers */