Reverted all previous changes to combine hashes with MAC algorithms.

It is now permissible to register a hash algorithm separately from a MAC.
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2009-12-05 11:47:33 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2009-12-05 11:47:33 +0200
commit: 0d3a8537747e8460459a9a97a6f68c1510a65c1f (patch)
tree: c17cfe798503679e703cad8eb235dfde38287f62 /lib
parent: e64d8f55e46fe0638191e1c01f6bde303753d91b (diff)
download: gnutls-0d3a8537747e8460459a9a97a6f68c1510a65c1f.tar.gz
13 files changed, 160 insertions, 80 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 8ebfd7bdbd..54a91b737a 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -81,7 +81,7 @@ COBJECTS = gnutls_record.c gnutls_compress.c debug.c gnutls_cipher.c	\
 	auth_dh_common.c gnutls_helper.c gnutls_supplemental.c		\
 	crypto.c random.c pk-libgcrypt.c mpi-libgcrypt.c cryptodev.c	\
 	rnd-libgcrypt.c cipher-libgcrypt.c mac-libgcrypt.c ext_signature.c \
-	crypto-api.c compat.c
+	crypto-api.c
 
 if ENABLE_OPRFI
 COBJECTS += $(OPRFI_COBJECTS)
diff --git a/lib/compat.c b/lib/compat.c
deleted file mode 100644
index 1b78f10938..0000000000
--- a/lib/compat.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (C) 2009 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include <gnutls_errors.h>
-#include <gnutls_int.h>
-#include <gnutls/crypto.h>
-#include <crypto.h>
-#include <gnutls_mpi.h>
-#include <gnutls_pk.h>
-#include <random.h>
-#include <gnutls_cipher_int.h>
-
-int gnutls_crypto_single_mac_register2 (int priority, ...);
-int gnutls_crypto_mac_register2 (int priority, ...);
-
-int
-gnutls_crypto_single_mac_register2 (int priority, ...)
-{
-      return GNUTLS_E_UNIMPLEMENTED_FEATURE;
-}
-
-int gnutls_crypto_mac_register2 (int priority, ...)
-{
-      return GNUTLS_E_UNIMPLEMENTED_FEATURE;
-}
-
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index 853dbc6774..8eb4179df9 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -59,3 +59,87 @@ gnutls_cipher_deinit (gnutls_cipher_hd_t handle)
 {
   return _gnutls_cipher_deinit((cipher_hd_st*)handle);
 }
+
+
+/* HMAC */
+int
+gnutls_hmac_init (gnutls_hmac_hd_t * dig, gnutls_digest_algorithm_t algorithm,
+		   const void *key, int keylen)
+{
+  *dig = gnutls_malloc(sizeof(digest_hd_st));
+  if (*dig == NULL) {
+    gnutls_assert();
+    return GNUTLS_E_MEMORY_ERROR;
+  }
+  
+  return _gnutls_hmac_init(((digest_hd_st*)*dig), algorithm, key, keylen);
+}
+
+int gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen)
+{
+  return _gnutls_hmac((digest_hd_st*)handle, text, textlen);
+}
+
+void
+gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest)
+{
+  return _gnutls_hmac_output((digest_hd_st*)handle, digest);
+}
+
+void
+gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest)
+{
+  _gnutls_hmac_deinit((digest_hd_st*)handle, digest);
+}
+
+int gnutls_hmac_get_len( gnutls_mac_algorithm_t algorithm)
+{
+  return _gnutls_hmac_get_algo_len(algorithm);
+}
+
+int gnutls_hmac_fast( gnutls_mac_algorithm_t algorithm, const void* key, int keylen, 
+	const void* text, size_t textlen, void* digest)
+{
+  return _gnutls_hmac_fast(algorithm, key, keylen, text, textlen, digest);
+}
+
+/* HASH */
+int
+gnutls_hash_init (gnutls_hash_hd_t * dig, gnutls_digest_algorithm_t algorithm)
+{
+  *dig = gnutls_malloc(sizeof(digest_hd_st));
+  if (*dig == NULL) {
+    gnutls_assert();
+    return GNUTLS_E_MEMORY_ERROR;
+  }
+  
+  return _gnutls_hash_init(((digest_hd_st*)*dig), algorithm);
+}
+
+int gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen)
+{
+  return _gnutls_hash((digest_hd_st*)handle, text, textlen);
+}
+
+void
+gnutls_hash_output (gnutls_hash_hd_t handle, void *digest)
+{
+  return _gnutls_hash_output((digest_hd_st*)handle, digest);
+}
+
+void
+gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest)
+{
+  _gnutls_hash_deinit((digest_hd_st*)handle, digest);
+}
+
+int gnutls_hash_get_len( gnutls_digest_algorithm_t algorithm)
+{
+  return _gnutls_hash_get_algo_len(algorithm);
+}
+
+int gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
+                   const void *text, size_t textlen, void *digest)
+{
+  return _gnutls_hash_fast(algorithm, text, textlen, digest);
+}
diff --git a/lib/crypto.c b/lib/crypto.c
index 0a84dd4270..6a201e5532 100644
--- a/lib/crypto.c
+++ b/lib/crypto.c
@@ -35,7 +35,7 @@ typedef struct algo_list
 {
   int algorithm;
   int priority;
-  void *alg_data;
+  const void *alg_data;
   struct algo_list *next;
 } algo_list;
 
@@ -44,7 +44,7 @@ typedef struct algo_list
 #define digest_list algo_list
 
 static int
-_algo_register (algo_list * al, int algorithm, int priority, void *s)
+_algo_register (algo_list * al, int algorithm, int priority, const void *s)
 {
   algo_list *cl;
   algo_list *last_cl = al;
@@ -92,7 +92,7 @@ _algo_register (algo_list * al, int algorithm, int priority, void *s)
 
 }
 
-static void *
+static const void *
 _get_algo (algo_list * al, int algo)
 {
   cipher_list *cl;
@@ -166,7 +166,7 @@ _gnutls_crypto_deregister (void)
 int
 gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t algorithm,
 				       int priority, int version,
-				       const gnutls_crypto_single_cipher_st * s)
+				       const gnutls_crypto_cipher_st * s)
 {
   if (version != GNUTLS_CRYPTO_API_VERSION)
     {
@@ -177,7 +177,7 @@ gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t algorithm,
   return _algo_register (&glob_cl, algorithm, priority, s);
 }
 
-gnutls_crypto_single_cipher_st *
+const gnutls_crypto_cipher_st *
 _gnutls_get_crypto_cipher (gnutls_cipher_algorithm_t algo)
 {
   return _get_algo (&glob_cl, algo);
@@ -248,7 +248,7 @@ gnutls_crypto_rnd_register2 (int priority, int version,
 int
 gnutls_crypto_single_mac_register2 (gnutls_mac_algorithm_t algorithm,
 				    int priority, int version,
-				    const gnutls_crypto_single_mac_st * s)
+				    const gnutls_crypto_mac_st * s)
 {
   if (version != GNUTLS_CRYPTO_API_VERSION)
     {
@@ -259,7 +259,7 @@ gnutls_crypto_single_mac_register2 (gnutls_mac_algorithm_t algorithm,
   return _algo_register (&glob_ml, algorithm, priority, s);
 }
 
-gnutls_crypto_single_mac_st *
+const gnutls_crypto_mac_st *
 _gnutls_get_crypto_mac (gnutls_mac_algorithm_t algo)
 {
   return _get_algo (&glob_ml, algo);
@@ -290,7 +290,7 @@ _gnutls_get_crypto_mac (gnutls_mac_algorithm_t algo)
 int
 gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t algorithm,
 				       int priority, int version,
-				       const gnutls_crypto_single_digest_st * s)
+				       const gnutls_crypto_digest_st * s)
 {
   if (version != GNUTLS_CRYPTO_API_VERSION)
     {
@@ -301,7 +301,7 @@ gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t algorithm,
   return _algo_register (&glob_dl, algorithm, priority, s);
 }
 
-gnutls_crypto_single_digest_st *
+const gnutls_crypto_digest_st *
 _gnutls_get_crypto_digest (gnutls_digest_algorithm_t algo)
 {
   return _get_algo (&glob_dl, algo);
diff --git a/lib/crypto.h b/lib/crypto.h
index f93ac1e550..508fce670a 100644
--- a/lib/crypto.h
+++ b/lib/crypto.h
@@ -25,9 +25,9 @@
 #ifndef CRYPTO_H
 # define CRYPTO_H
 
-gnutls_crypto_single_cipher_st *_gnutls_get_crypto_cipher( gnutls_cipher_algorithm_t algo);
-gnutls_crypto_single_digest_st *_gnutls_get_crypto_digest( gnutls_digest_algorithm_t algo);
-gnutls_crypto_single_mac_st *_gnutls_get_crypto_mac( gnutls_mac_algorithm_t algo);
+const gnutls_crypto_cipher_st *_gnutls_get_crypto_cipher( gnutls_cipher_algorithm_t algo);
+const gnutls_crypto_digest_st *_gnutls_get_crypto_digest( gnutls_digest_algorithm_t algo);
+const gnutls_crypto_mac_st *_gnutls_get_crypto_mac( gnutls_mac_algorithm_t algo);
 void _gnutls_crypto_deregister(void);
 
 #endif /* CRYPTO_H */
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index d470f3aef3..5eb71bde7d 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -193,7 +193,7 @@ _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext,
   return ret;
 }
 
-inline static int
+static inline int
 mac_init (digest_hd_st * td, gnutls_mac_algorithm_t mac, opaque * secret,
 	  int secret_size, int ver)
 {
@@ -216,7 +216,20 @@ mac_init (digest_hd_st * td, gnutls_mac_algorithm_t mac, opaque * secret,
   return ret;
 }
 
-static void
+static inline void
+mac_hash (digest_hd_st * td, void * data, int data_size, int ver)
+{
+  if (ver == GNUTLS_SSL3)
+    {				/* SSL 3.0 */
+      _gnutls_hash (td, data, data_size);
+    }
+  else
+    {
+      _gnutls_hmac (td, data, data_size);
+    }
+}
+
+static inline void
 mac_deinit (digest_hd_st * td, opaque * res, int ver)
 {
   if (ver == GNUTLS_SSL3)
@@ -356,8 +369,8 @@ _gnutls_compressed2ciphertext (gnutls_session_t session,
           return ret;
         }
       preamble_size = make_preamble( UINT64DATA (session->connection_state.write_sequence_number), type, c_length, ver, preamble);
-      _gnutls_hash (&td, preamble, preamble_size);
-      _gnutls_hash (&td, compressed.data, compressed.size);
+      mac_hash (&td, preamble, preamble_size, ver);
+      mac_hash (&td, compressed.data, compressed.size, ver);
       mac_deinit (&td, MAC, ver);
     }
 
@@ -554,9 +567,9 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
         }
 
       preamble_size = make_preamble( UINT64DATA (session->connection_state.read_sequence_number), type, c_length, ver, preamble);
-      _gnutls_hash (&td, preamble, preamble_size);
+      mac_hash (&td, preamble, preamble_size, ver);
       if (length > 0)
-	_gnutls_hmac (&td, ciphertext.data, length);
+	mac_hash (&td, ciphertext.data, length, ver);
 
       mac_deinit (&td, MAC, ver);
     }
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index d370d849e0..b496c688ff 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -40,7 +40,7 @@ _gnutls_cipher_init (cipher_hd_st * handle, gnutls_cipher_algorithm_t cipher,
 		     const gnutls_datum_t * key, const gnutls_datum_t * iv)
 {
   int ret = GNUTLS_E_INTERNAL_ERROR;
-  gnutls_crypto_single_cipher_st *cc = NULL;
+  const gnutls_crypto_cipher_st *cc = NULL;
 
   /* check if a cipher has been registered
    */
diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h
index f004f55b27..ab6db0479d 100644
--- a/lib/gnutls_cipher_int.h
+++ b/lib/gnutls_cipher_int.h
@@ -31,7 +31,7 @@ extern int crypto_cipher_prio;
 extern gnutls_crypto_cipher_st _gnutls_cipher_ops;
 
 typedef struct {
-  gnutls_crypto_single_cipher_st* cc;
+  const gnutls_crypto_single_cipher_st* cc;
   void* ctx;
 } reg_hd;
 
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index 7f3b322049..288de91b14 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -61,7 +61,7 @@ int
 _gnutls_hash_init (digest_hd_st * dig, gnutls_digest_algorithm_t algorithm)
 {
   int result;
-  gnutls_crypto_single_digest_st *cc = NULL;
+  const gnutls_crypto_digest_st *cc = NULL;
 
   dig->algorithm = algorithm;
 
@@ -103,7 +103,7 @@ _gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm)
 }
 
 int
-_gnutls_hash (const digest_hd_st * handle, const void *text, size_t textlen)
+_gnutls_hash (digest_hd_st * handle, const void *text, size_t textlen)
 {
   if (textlen > 0)
     {
@@ -252,7 +252,7 @@ _gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm,
 		   const void *key, int keylen)
 {
   int result;
-  gnutls_crypto_single_mac_st *cc = NULL;
+  const gnutls_crypto_mac_st *cc = NULL;
 
   dig->algorithm = algorithm;
   dig->key = key;
@@ -299,7 +299,7 @@ _gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm,
 }
 
 int
-_gnutls_hmac (const digest_hd_st * handle, const void *text, size_t textlen)
+_gnutls_hmac (digest_hd_st * handle, const void *text, size_t textlen)
 {
   if (textlen > 0)
     {
diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h
index c91fd85329..7041665c18 100644
--- a/lib/gnutls_hash_int.h
+++ b/lib/gnutls_hash_int.h
@@ -38,7 +38,7 @@ extern int crypto_digest_prio;
 extern gnutls_crypto_digest_st _gnutls_digest_ops;
 
 typedef struct {
-  gnutls_crypto_single_mac_st* cc;
+  const gnutls_crypto_mac_st* cc;
   void* ctx;
 } digest_reg_hd;
 
@@ -59,7 +59,7 @@ typedef struct
 int _gnutls_hmac_init (digest_hd_st*, gnutls_mac_algorithm_t algorithm,
 			    const void *key, int keylen);
 int _gnutls_hmac_get_algo_len (gnutls_mac_algorithm_t algorithm);
-int _gnutls_hmac (const digest_hd_st* handle, const void *text,
+int _gnutls_hmac (digest_hd_st* handle, const void *text,
 		  size_t textlen);
 
 int _gnutls_hmac_fast( gnutls_mac_algorithm_t algorithm, const void* key, int keylen, 
@@ -70,11 +70,15 @@ void _gnutls_hmac_output (digest_hd_st* handle, void *digest);
 
 int _gnutls_hash_init (digest_hd_st*, gnutls_digest_algorithm_t algorithm);
 int _gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm);
-int _gnutls_hash (const digest_hd_st* handle, const void *text,
+int _gnutls_hash (digest_hd_st* handle, const void *text,
 		  size_t textlen);
 void _gnutls_hash_deinit (digest_hd_st* handle, void *digest);
 void _gnutls_hash_output (digest_hd_st* handle, void *digest);
 
+int
+_gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
+                   const void *text, size_t textlen, void *digest);
+                   
 /* help functions */
 int _gnutls_mac_init_ssl3 (digest_hd_st*, gnutls_mac_algorithm_t algorithm, void *key,
 				int keylen);
diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h
index 824ca66687..e7a3281a08 100644
--- a/lib/includes/gnutls/crypto.h
+++ b/lib/includes/gnutls/crypto.h
@@ -37,12 +37,33 @@ void gnutls_cipher_deinit (gnutls_cipher_hd_t handle);
 int gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm);
 
 
+typedef struct hash_hd_st* gnutls_hash_hd_t;
+typedef struct hmac_hd_st* gnutls_hmac_hd_t;
+
+int gnutls_hmac_init (gnutls_hmac_hd_t * dig, gnutls_digest_algorithm_t algorithm,
+		   const void *key, int keylen);
+int gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen);
+void gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest);
+void gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest);
+int gnutls_hmac_get_len( gnutls_mac_algorithm_t algorithm);
+int gnutls_hmac_fast( gnutls_mac_algorithm_t algorithm, const void* key, int keylen, 
+	const void* text, size_t textlen, void* digest);
+
+int gnutls_hash_init (gnutls_hash_hd_t * dig, gnutls_digest_algorithm_t algorithm);
+int gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen);
+void gnutls_hash_output (gnutls_hash_hd_t handle, void *digest);
+void gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest);
+int gnutls_hash_get_len( gnutls_digest_algorithm_t algorithm);
+int gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
+                   const void *text, size_t textlen, void *digest);
+
 /* register ciphers */
 
 #define GNUTLS_CRYPTO_API_VERSION 0x02
 
 #define gnutls_crypto_single_cipher_st gnutls_crypto_cipher_st
 #define gnutls_crypto_single_mac_st gnutls_crypto_mac_st
+#define gnutls_crypto_single_digest_st gnutls_crypto_digest_st
 
 typedef struct
 {
@@ -67,7 +88,6 @@ typedef struct
 } gnutls_crypto_mac_st;
 
 /* the same... setkey should be null */
-typedef gnutls_crypto_single_mac_st gnutls_crypto_single_digest_st;
 typedef gnutls_crypto_mac_st gnutls_crypto_digest_st;
 
 typedef enum gnutls_rnd_level
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 6361e50a2d..f148c1635e 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -135,9 +135,10 @@ extern "C" {
     GNUTLS_MAC_MD2,
     GNUTLS_MAC_SHA256,
     GNUTLS_MAC_SHA384,
-    GNUTLS_MAC_SHA512
+    GNUTLS_MAC_SHA512,
+    GNUTLS_MAC_SHA224, /* unused as MAC */
     /* If you add anything here, make sure you align with
-       gnutls_digest_algorithm_t, in particular SHA-224. */
+       gnutls_digest_algorithm_t. */
   } gnutls_mac_algorithm_t;
 
   /* The enumerations here should have the same value with
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 5e73768743..a937a928ba 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -586,12 +586,17 @@ GNUTLS_2_10
     gnutls_cipher_deinit;
     gnutls_cipher_get_block_size;
     gnutls_hash_init;
-    gnutls_hash_get_algo_len;
+    gnutls_hash_get_len;
     gnutls_hash;
     gnutls_hash_fast;
     gnutls_hash_deinit;
     gnutls_hash_output;
-    gnutls_hash_reset;
+    gnutls_hmac_init;
+    gnutls_hmac_get_len;
+    gnutls_hmac;
+    gnutls_hmac_fast;
+    gnutls_hmac_deinit;
+    gnutls_hmac_output;
 } GNUTLS_2_8;
 
 GNUTLS_PRIVATE {
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2009-12-05 11:47:33 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2009-12-05 11:47:33 +0200
commit	0d3a8537747e8460459a9a97a6f68c1510a65c1f (patch)
tree	c17cfe798503679e703cad8eb235dfde38287f62 /lib
parent	e64d8f55e46fe0638191e1c01f6bde303753d91b (diff)
download	gnutls-0d3a8537747e8460459a9a97a6f68c1510a65c1f.tar.gz