crypto: add private API to retrieve internal IVtmp-getiv

For FIPS validation purposes, this adds a new function
_gnutls_cipher_get_iv() that exposes internal IV after encryption and
decryption.  The function is not generally useful because the IV value
can be easily calculated from the initial IV and the subsequent
ciphertext but for FIPS validation purposes.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

1 files changed, 14 insertions, 0 deletions

diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index 9194fb750c..632528140a 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -841,6 +841,19 @@ wrap_nettle_cipher_setiv(void *_ctx, const void *iv, size_t iv_size)
 }
 
 static int
+wrap_nettle_cipher_getiv(void *_ctx, void *iv, size_t iv_size)
+{
+	struct nettle_cipher_ctx *ctx = _ctx;
+
+	if (iv_size < ctx->iv_size)
+		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+	memcpy(iv, ctx->iv, ctx->iv_size);
+
+	return (int) ctx->iv_size;
+}
+
+static int
 wrap_nettle_cipher_decrypt(void *_ctx, const void *encr, size_t encr_size,
 			   void *plain, size_t plain_size)
 {
@@ -974,6 +987,7 @@ gnutls_crypto_cipher_st _gnutls_cipher_ops = {
 	.init = wrap_nettle_cipher_init,
 	.exists = wrap_nettle_cipher_exists,
 	.setiv = wrap_nettle_cipher_setiv,
+	.getiv = wrap_nettle_cipher_getiv,
 	.setkey = wrap_nettle_cipher_setkey,
 	.encrypt = wrap_nettle_cipher_encrypt,
 	.decrypt = wrap_nettle_cipher_decrypt,