crypto: add private API to retrieve internal IVtmp-getiv

For FIPS validation purposes, this adds a new function
_gnutls_cipher_get_iv() that exposes internal IV after encryption and
decryption.  The function is not generally useful because the IV value
can be easily calculated from the initial IV and the subsequent
ciphertext but for FIPS validation purposes.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

1 files changed, 27 insertions, 0 deletions

diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index ed1499315f..a275a7611f 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -168,6 +168,33 @@ gnutls_cipher_set_iv(gnutls_cipher_hd_t handle, void *iv, size_t ivlen)
 }
 
 /**
+ * _gnutls_cipher_get_iv:
+ * @handle: is a #gnutls_cipher_hd_t type
+ * @iv: the IV to set
+ * @ivlen: the length of the IV
+ *
+ * This function will retrieve the internal IV value.  @iv must have @ivlen
+ * length at least.
+ *
+ * This is sorely for validation purposes of our crypto
+ * implementation.  For other purposes, the IV can be typically
+ * calculated from the initial IV value and the subsequent ciphertext
+ * values.  As such, this function only works with the internally
+ * registered ciphers.
+ *
+ * Returns: The length of IV or a negative error code on error.
+ *
+ * Since: 3.6.8
+ **/
+int
+_gnutls_cipher_get_iv(gnutls_cipher_hd_t handle, void *iv, size_t ivlen)
+{
+	api_cipher_hd_st *h = handle;
+
+	return _gnutls_cipher_getiv(&h->ctx_enc, iv, ivlen);
+}
+
+/**
  * gnutls_cipher_encrypt:
  * @handle: is a #gnutls_cipher_hd_t type
  * @ptext: the data to encrypt