diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-03-18 13:04:43 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-03-18 13:44:21 +0100 |
commit | f19902a4889c23632d1aecaeed6793a7e0af60fe (patch) | |
tree | 6b55aba141e0b41ae4ee1b69f95960d99952b48e /lib | |
parent | 441325bdf3e33db39d4f833e10102ad48fb0cd4f (diff) | |
download | gnutls-f19902a4889c23632d1aecaeed6793a7e0af60fe.tar.gz |
Added API to register MAC and digest algorithms.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/accelerated/cryptodev.c | 4 | ||||
-rw-r--r-- | lib/accelerated/x86/x86-common.c | 46 | ||||
-rw-r--r-- | lib/crypto-backend.c | 105 | ||||
-rw-r--r-- | lib/crypto-backend.h | 31 | ||||
-rw-r--r-- | lib/includes/gnutls/crypto.h | 41 | ||||
-rw-r--r-- | lib/libgnutls.map | 2 |
6 files changed, 180 insertions, 49 deletions
diff --git a/lib/accelerated/cryptodev.c b/lib/accelerated/cryptodev.c index 9d97637458..c67dfd2473 100644 --- a/lib/accelerated/cryptodev.c +++ b/lib/accelerated/cryptodev.c @@ -430,7 +430,7 @@ static int register_mac_digest(int cfd) ioctl(cfd, CIOCFSESSION, &sess.ses); ret = - gnutls_crypto_single_mac_register(i, 90, &mac_struct); + gnutls_crypto_single_mac_register(i, 90, &mac_struct, 0); if (ret < 0) { gnutls_assert(); return ret; @@ -467,7 +467,7 @@ static int register_mac_digest(int cfd) gnutls_mac_get_name(i)); ret = gnutls_crypto_single_digest_register(i, 90, - &digest_struct); + &digest_struct, 0); if (ret < 0) { gnutls_assert(); return ret; diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c index 73c356594f..6c4eb53786 100644 --- a/lib/accelerated/x86/x86-common.c +++ b/lib/accelerated/x86/x86-common.c @@ -242,7 +242,7 @@ void register_x86_padlock_crypto(unsigned capabilities) ret = gnutls_crypto_single_digest_register (GNUTLS_DIG_SHA384, 80, - &_gnutls_sha_padlock_nano); + &_gnutls_sha_padlock_nano, 0); if (ret < 0) { gnutls_assert(); } @@ -250,7 +250,7 @@ void register_x86_padlock_crypto(unsigned capabilities) ret = gnutls_crypto_single_digest_register (GNUTLS_DIG_SHA512, 80, - &_gnutls_sha_padlock_nano); + &_gnutls_sha_padlock_nano, 0); if (ret < 0) { gnutls_assert(); } @@ -258,7 +258,7 @@ void register_x86_padlock_crypto(unsigned capabilities) ret = gnutls_crypto_single_mac_register (GNUTLS_MAC_SHA384, 80, - &_gnutls_hmac_sha_padlock_nano); + &_gnutls_hmac_sha_padlock_nano, 0); if (ret < 0) { gnutls_assert(); } @@ -266,7 +266,7 @@ void register_x86_padlock_crypto(unsigned capabilities) ret = gnutls_crypto_single_mac_register (GNUTLS_MAC_SHA512, 80, - &_gnutls_hmac_sha_padlock_nano); + &_gnutls_hmac_sha_padlock_nano, 0); if (ret < 0) { gnutls_assert(); } @@ -275,7 +275,7 @@ void register_x86_padlock_crypto(unsigned capabilities) ret = gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA1, 80, - &_gnutls_sha_padlock_nano); + &_gnutls_sha_padlock_nano, 0); if (ret < 0) { gnutls_assert(); } @@ -283,7 +283,7 @@ void register_x86_padlock_crypto(unsigned capabilities) ret = gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA224, 80, - &_gnutls_sha_padlock_nano); + &_gnutls_sha_padlock_nano, 0); if (ret < 0) { gnutls_assert(); } @@ -291,7 +291,7 @@ void register_x86_padlock_crypto(unsigned capabilities) ret = gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA256, 80, - &_gnutls_sha_padlock_nano); + &_gnutls_sha_padlock_nano, 0); if (ret < 0) { gnutls_assert(); } @@ -299,7 +299,7 @@ void register_x86_padlock_crypto(unsigned capabilities) ret = gnutls_crypto_single_mac_register(GNUTLS_MAC_SHA1, 80, - &_gnutls_hmac_sha_padlock_nano); + &_gnutls_hmac_sha_padlock_nano, 0); if (ret < 0) { gnutls_assert(); } @@ -309,7 +309,7 @@ void register_x86_padlock_crypto(unsigned capabilities) ret = gnutls_crypto_single_mac_register(GNUTLS_MAC_SHA256, 80, - &_gnutls_hmac_sha_padlock_nano); + &_gnutls_hmac_sha_padlock_nano, 0); if (ret < 0) { gnutls_assert(); } @@ -321,7 +321,7 @@ void register_x86_padlock_crypto(unsigned capabilities) ret = gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA1, 80, - &_gnutls_sha_padlock); + &_gnutls_sha_padlock, 0); if (ret < 0) { gnutls_assert(); } @@ -329,7 +329,7 @@ void register_x86_padlock_crypto(unsigned capabilities) ret = gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA256, 80, - &_gnutls_sha_padlock); + &_gnutls_sha_padlock, 0); if (ret < 0) { gnutls_assert(); } @@ -337,7 +337,7 @@ void register_x86_padlock_crypto(unsigned capabilities) ret = gnutls_crypto_single_mac_register(GNUTLS_MAC_SHA1, 80, - &_gnutls_hmac_sha_padlock); + &_gnutls_hmac_sha_padlock, 0); if (ret < 0) { gnutls_assert(); } @@ -345,7 +345,7 @@ void register_x86_padlock_crypto(unsigned capabilities) ret = gnutls_crypto_single_mac_register(GNUTLS_MAC_SHA256, 80, - &_gnutls_hmac_sha_padlock); + &_gnutls_hmac_sha_padlock, 0); if (ret < 0) { gnutls_assert(); } @@ -431,7 +431,7 @@ void register_x86_intel_crypto(unsigned capabilities) ret = gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA1, 80, - &_gnutls_sha_x86_ssse3); + &_gnutls_sha_x86_ssse3, 0); if (ret < 0) { gnutls_assert(); } @@ -439,7 +439,7 @@ void register_x86_intel_crypto(unsigned capabilities) ret = gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA224, 80, - &_gnutls_sha_x86_ssse3); + &_gnutls_sha_x86_ssse3, 0); if (ret < 0) { gnutls_assert(); } @@ -447,7 +447,7 @@ void register_x86_intel_crypto(unsigned capabilities) ret = gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA256, 80, - &_gnutls_sha_x86_ssse3); + &_gnutls_sha_x86_ssse3, 0); if (ret < 0) { gnutls_assert(); } @@ -456,21 +456,21 @@ void register_x86_intel_crypto(unsigned capabilities) ret = gnutls_crypto_single_mac_register(GNUTLS_MAC_SHA1, 80, - &_gnutls_hmac_sha_x86_ssse3); + &_gnutls_hmac_sha_x86_ssse3, 0); if (ret < 0) gnutls_assert(); ret = gnutls_crypto_single_mac_register(GNUTLS_MAC_SHA224, 80, - &_gnutls_hmac_sha_x86_ssse3); + &_gnutls_hmac_sha_x86_ssse3, 0); if (ret < 0) gnutls_assert(); ret = gnutls_crypto_single_mac_register(GNUTLS_MAC_SHA256, 80, - &_gnutls_hmac_sha_x86_ssse3); + &_gnutls_hmac_sha_x86_ssse3, 0); if (ret < 0) gnutls_assert(); @@ -478,27 +478,27 @@ void register_x86_intel_crypto(unsigned capabilities) ret = gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA384, 80, - &_gnutls_sha_x86_ssse3); + &_gnutls_sha_x86_ssse3, 0); if (ret < 0) gnutls_assert(); ret = gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA512, 80, - &_gnutls_sha_x86_ssse3); + &_gnutls_sha_x86_ssse3, 0); if (ret < 0) gnutls_assert(); ret = gnutls_crypto_single_mac_register(GNUTLS_MAC_SHA384, 80, - &_gnutls_hmac_sha_x86_ssse3); + &_gnutls_hmac_sha_x86_ssse3, 0); if (ret < 0) gnutls_assert(); ret = gnutls_crypto_single_mac_register(GNUTLS_MAC_SHA512, 80, - &_gnutls_hmac_sha_x86_ssse3); + &_gnutls_hmac_sha_x86_ssse3, 0); if (ret < 0) gnutls_assert(); #endif diff --git a/lib/crypto-backend.c b/lib/crypto-backend.c index 4e5e7515b1..a4415169ca 100644 --- a/lib/crypto-backend.c +++ b/lib/crypto-backend.c @@ -111,9 +111,9 @@ static const void *_get_algo(algo_list * al, int algo) return NULL; } -static cipher_list glob_cl = { GNUTLS_CIPHER_NULL, 0, NULL, NULL }; -static mac_list glob_ml = { GNUTLS_MAC_NULL, 0, NULL, NULL }; -static digest_list glob_dl = { GNUTLS_MAC_NULL, 0, NULL, NULL }; +static cipher_list glob_cl = { GNUTLS_CIPHER_NULL, 0, NULL, 0, NULL }; +static mac_list glob_ml = { GNUTLS_MAC_NULL, 0, NULL, 0, NULL }; +static digest_list glob_dl = { GNUTLS_MAC_NULL, 0, NULL, 0, NULL }; static void _deregister(algo_list * cl) { @@ -326,9 +326,10 @@ gnutls_crypto_rnd_register(int priority, const gnutls_crypto_rnd_st * s) int gnutls_crypto_single_mac_register(gnutls_mac_algorithm_t algorithm, int priority, - const gnutls_crypto_mac_st * s) + const gnutls_crypto_mac_st * s, + int free_s) { - return _algo_register(&glob_ml, algorithm, priority, s, 0); + return _algo_register(&glob_ml, algorithm, priority, (void*)s, free_s); } const gnutls_crypto_mac_st *_gnutls_get_crypto_mac(gnutls_mac_algorithm_t @@ -361,9 +362,10 @@ const gnutls_crypto_mac_st *_gnutls_get_crypto_mac(gnutls_mac_algorithm_t int gnutls_crypto_single_digest_register(gnutls_digest_algorithm_t algorithm, int priority, - const gnutls_crypto_digest_st * s) + const gnutls_crypto_digest_st * s, + int free_s) { - return _algo_register(&glob_dl, algorithm, priority, s, 0); + return _algo_register(&glob_dl, algorithm, priority, (void*)s, free_s); } const gnutls_crypto_digest_st @@ -442,3 +444,92 @@ int gnutls_crypto_pk_register(int priority, const gnutls_crypto_pk_st * s) return GNUTLS_E_CRYPTO_ALREADY_REGISTERED; } +/** + * gnutls_crypto_register_mac: + * @algorithm: is the gnutls MAC identifier + * @priority: is the priority of the algorithm + * @init: A function which initializes the MAC + * @setkey: A function which sets the key of the MAC + * @setnonce: A function which sets the nonce for the mac (may be %NULL for common MAC algorithms) + * @hash: Perform the hash operation + * @output: Provide the output of the MAC + * @deinit: A function which deinitializes the MAC + * @hash_fast: Perform the MAC operation in one go + * + * This function will register a MAC algorithm to be used by gnutls. + * Any algorithm registered will override the included algorithms and + * by convention kernel implemented algorithms have priority of 90 + * and CPU-assisted of 80. + * The algorithm with the lowest priority will be used by gnutls. + * + * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. + * + * Since: 3.4.0 + **/ +int +gnutls_crypto_register_mac(gnutls_mac_algorithm_t algorithm, + int priority, + gnutls_mac_init_func init, + gnutls_mac_setkey_func setkey, + gnutls_mac_setnonce_func setnonce, + gnutls_mac_hash_func hash, + gnutls_mac_output_func output, + gnutls_mac_deinit_func deinit, + gnutls_mac_fast_func hash_fast) +{ + gnutls_crypto_mac_st *s = gnutls_calloc(1, sizeof(gnutls_crypto_mac_st)); + if (s == NULL) + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + + s->init = init; + s->setkey = setkey; + s->setnonce = setnonce; + s->hash = hash; + s->output = output; + s->fast = hash_fast; + s->deinit = deinit; + + return gnutls_crypto_single_mac_register(algorithm, priority, s, 1); +} + +/** + * gnutls_crypto_register_digest: + * @algorithm: is the gnutls digest identifier + * @priority: is the priority of the algorithm + * @init: A function which initializes the digest + * @hash: Perform the hash operation + * @output: Provide the output of the digest + * @deinit: A function which deinitializes the digest + * @hash_fast: Perform the digest operation in one go + * + * This function will register a digest algorithm to be used by gnutls. + * Any algorithm registered will override the included algorithms and + * by convention kernel implemented algorithms have priority of 90 + * and CPU-assisted of 80. + * The algorithm with the lowest priority will be used by gnutls. + * + * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. + * + * Since: 3.4.0 + **/ +int +gnutls_crypto_register_digest(gnutls_digest_algorithm_t algorithm, + int priority, + gnutls_digest_init_func init, + gnutls_digest_hash_func hash, + gnutls_digest_output_func output, + gnutls_digest_deinit_func deinit, + gnutls_digest_fast_func hash_fast) +{ + gnutls_crypto_digest_st *s = gnutls_calloc(1, sizeof(gnutls_crypto_digest_st)); + if (s == NULL) + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); + + s->init = init; + s->hash = hash; + s->output = output; + s->fast = hash_fast; + s->deinit = deinit; + + return gnutls_crypto_single_digest_register(algorithm, priority, s, 1); +} diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h index 1984d90562..5f6c228fb4 100644 --- a/lib/crypto-backend.h +++ b/lib/crypto-backend.h @@ -47,15 +47,13 @@ typedef struct { } gnutls_crypto_cipher_st; typedef struct { - int (*init) (gnutls_mac_algorithm_t, void **ctx); - int (*setkey) (void *ctx, const void *key, size_t keysize); - int (*setnonce) (void *ctx, const void *nonce, size_t noncesize); - int (*hash) (void *ctx, const void *text, size_t textsize); - int (*output) (void *src_ctx, void *digest, size_t digestsize); - void (*deinit) (void *ctx); - int (*fast) (gnutls_mac_algorithm_t, const void *nonce, - size_t nonce_size, const void *key, size_t keysize, - const void *text, size_t textsize, void *digest); + gnutls_mac_init_func init; + gnutls_mac_setkey_func setkey; + gnutls_mac_setnonce_func setnonce; + gnutls_mac_hash_func hash; + gnutls_mac_output_func output; + gnutls_mac_deinit_func deinit; + gnutls_mac_fast_func fast; /* Not needed for registered on run-time. Only included * should define it. */ @@ -63,12 +61,11 @@ typedef struct { } gnutls_crypto_mac_st; typedef struct { - int (*init) (gnutls_digest_algorithm_t, void **ctx); - int (*hash) (void *ctx, const void *src, size_t srcsize); - int (*output) (void *src_ctx, void *digest, size_t digestsize); - void (*deinit) (void *ctx); - int (*fast) (gnutls_digest_algorithm_t, const void *src, - size_t srcsize, void *digest); + gnutls_digest_init_func init; + gnutls_digest_hash_func hash; + gnutls_digest_output_func output; + gnutls_digest_deinit_func deinit; + gnutls_digest_fast_func fast; /* Not needed for registered on run-time. Only included * should define it. */ @@ -346,12 +343,12 @@ int gnutls_crypto_single_cipher_register(gnutls_cipher_algorithm_t int gnutls_crypto_single_mac_register(gnutls_mac_algorithm_t algorithm, int priority, const gnutls_crypto_single_mac_st * - s); + s, int free_s); int gnutls_crypto_single_digest_register(gnutls_digest_algorithm_t algorithm, int priority, const gnutls_crypto_single_digest_st * - s); + s, int free_s); int gnutls_crypto_rnd_register(int priority, const gnutls_crypto_rnd_st * s); diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h index 76bcc0652d..157a5b7acb 100644 --- a/lib/includes/gnutls/crypto.h +++ b/lib/includes/gnutls/crypto.h @@ -135,6 +135,10 @@ int gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len); void gnutls_rnd_refresh(void); + +/* API to override ciphers and MAC algorithms + */ + typedef int (*gnutls_cipher_init_func) (gnutls_cipher_algorithm_t, void **ctx, int enc); typedef int (*gnutls_cipher_setkey_func) (void *ctx, const void *key, size_t keysize); /* old style ciphers */ @@ -181,6 +185,43 @@ gnutls_crypto_register_aead_cipher(gnutls_cipher_algorithm_t algorithm, gnutls_cipher_aead_decrypt_func aead_decrypt, gnutls_cipher_deinit_func deinit); +typedef int (*gnutls_mac_init_func) (gnutls_mac_algorithm_t, void **ctx); +typedef int (*gnutls_mac_setkey_func) (void *ctx, const void *key, size_t keysize); +typedef int (*gnutls_mac_setnonce_func) (void *ctx, const void *nonce, size_t noncesize); +typedef int (*gnutls_mac_hash_func) (void *ctx, const void *text, size_t textsize); +typedef int (*gnutls_mac_output_func) (void *src_ctx, void *digest, size_t digestsize); +typedef void (*gnutls_mac_deinit_func) (void *ctx); +typedef int (*gnutls_mac_fast_func) (gnutls_mac_algorithm_t, const void *nonce, + size_t nonce_size, const void *key, size_t keysize, + const void *text, size_t textsize, void *digest); + +int +gnutls_crypto_register_mac(gnutls_mac_algorithm_t mac, + int priority, + gnutls_mac_init_func init, + gnutls_mac_setkey_func setkey, + gnutls_mac_setnonce_func setnonce, + gnutls_mac_hash_func hash, + gnutls_mac_output_func output, + gnutls_mac_deinit_func deinit, + gnutls_mac_fast_func hash_fast); + +typedef int (*gnutls_digest_init_func) (gnutls_digest_algorithm_t, void **ctx); +typedef int (*gnutls_digest_hash_func) (void *ctx, const void *text, size_t textsize); +typedef int (*gnutls_digest_output_func) (void *src_ctx, void *digest, size_t digestsize); +typedef void (*gnutls_digest_deinit_func) (void *ctx); +typedef int (*gnutls_digest_fast_func) (gnutls_digest_algorithm_t, + const void *text, size_t textsize, void *digest); + +int +gnutls_crypto_register_digest(gnutls_digest_algorithm_t digest, + int priority, + gnutls_digest_init_func init, + gnutls_digest_hash_func hash, + gnutls_digest_output_func output, + gnutls_digest_deinit_func deinit, + gnutls_digest_fast_func hash_fast); + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 3ea41a057e..f72c4bbf5b 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1017,6 +1017,8 @@ GNUTLS_3_4 gnutls_pkcs11_obj_set_info; gnutls_crypto_register_cipher; gnutls_crypto_register_aead_cipher; + gnutls_crypto_register_mac; + gnutls_crypto_register_digest; local: *; }; |