summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2013-03-19 08:13:54 +0100
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2013-03-19 08:13:58 +0100
commit10c585a92d05538fbd3936d9d81bd4296b7e3f8d (patch)
tree9998fe54423e2fe62200655daaa7f01199cc3580 /lib
parent7b4d1f763a2b2476074c903f3ab059f53dcdddc0 (diff)
downloadgnutls-10c585a92d05538fbd3936d9d81bd4296b7e3f8d.tar.gz
The HMAC subsystem can now be used for other MAC algorithms, like UMAC. UMAC-96 and UMAC-128 were conditionally added.
Diffstat (limited to 'lib')
-rw-r--r--lib/accelerated/cryptodev.c1
-rw-r--r--lib/accelerated/x86/hmac-padlock.c5
-rw-r--r--lib/algorithms/ciphers.c1
-rw-r--r--lib/algorithms/ciphersuites.c17
-rw-r--r--lib/algorithms/mac.c53
-rw-r--r--lib/crypto-api.c33
-rw-r--r--lib/crypto-backend.h4
-rw-r--r--lib/ext/session_ticket.c14
-rw-r--r--lib/gnutls_cipher.c7
-rw-r--r--lib/gnutls_cipher_int.c33
-rw-r--r--lib/gnutls_cipher_int.h15
-rw-r--r--lib/gnutls_constate.c2
-rw-r--r--lib/gnutls_dtls.c6
-rw-r--r--lib/gnutls_hash_int.c54
-rw-r--r--lib/gnutls_hash_int.h50
-rw-r--r--lib/gnutls_state.c16
-rw-r--r--lib/includes/gnutls/crypto.h1
-rw-r--r--lib/includes/gnutls/gnutls.h.in7
-rw-r--r--lib/libgnutls.map1
-rw-r--r--lib/nettle/cipher.c4
-rw-r--r--lib/nettle/mac.c112
-rw-r--r--lib/x509/pbkdf2-sha1.c4
-rw-r--r--lib/x509/pkcs12.c16
23 files changed, 294 insertions, 162 deletions
diff --git a/lib/accelerated/cryptodev.c b/lib/accelerated/cryptodev.c
index f0c583d319..63b0174cbd 100644
--- a/lib/accelerated/cryptodev.c
+++ b/lib/accelerated/cryptodev.c
@@ -352,6 +352,7 @@ int ret;
static const gnutls_crypto_mac_st mac_struct = {
.init = NULL,
.setkey = NULL,
+ .setnonce = NULL,
.hash = NULL,
.output = NULL,
.deinit = NULL,
diff --git a/lib/accelerated/x86/hmac-padlock.c b/lib/accelerated/x86/hmac-padlock.c
index 2ec4ad5f57..c2db4b98c6 100644
--- a/lib/accelerated/x86/hmac-padlock.c
+++ b/lib/accelerated/x86/hmac-padlock.c
@@ -292,6 +292,7 @@ wrap_padlock_hmac_deinit (void *hd)
static int
wrap_padlock_hmac_fast (gnutls_mac_algorithm_t algo,
+ const void* nonce, size_t nonce_size,
const void *key, size_t key_size, const void *text,
size_t text_size, void *digest)
{
@@ -300,7 +301,7 @@ wrap_padlock_hmac_fast (gnutls_mac_algorithm_t algo,
unsigned char *pad;
unsigned char pad2[SHA1_DATA_SIZE + MAX_SHA_DIGEST_SIZE];
unsigned char hkey[MAX_SHA_DIGEST_SIZE];
- unsigned int digest_size = _gnutls_hmac_get_algo_len (algo);
+ unsigned int digest_size = _gnutls_mac_get_algo_len (algo);
if (key_size > SHA1_DATA_SIZE)
{
@@ -353,6 +354,7 @@ wrap_padlock_hmac_fast (gnutls_mac_algorithm_t algo,
const gnutls_crypto_mac_st hmac_sha_padlock_struct = {
.init = NULL,
.setkey = NULL,
+ .setnonce = NULL,
.hash = NULL,
.reset = NULL,
.output = NULL,
@@ -363,6 +365,7 @@ const gnutls_crypto_mac_st hmac_sha_padlock_struct = {
const gnutls_crypto_mac_st hmac_sha_padlock_nano_struct = {
.init = wrap_padlock_hmac_init,
.setkey = wrap_padlock_hmac_setkey,
+ .setnonce = NULL,
.hash = wrap_padlock_hmac_update,
.reset = wrap_padlock_hmac_reset,
.output = wrap_padlock_hmac_output,
diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c
index 13eb7ff45d..704ac635c0 100644
--- a/lib/algorithms/ciphers.c
+++ b/lib/algorithms/ciphers.c
@@ -52,7 +52,6 @@ static const gnutls_cipher_entry algorithms[] = {
{"AES-128-GCM", GNUTLS_CIPHER_AES_128_GCM, 16, 16, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 0, 1},
{"AES-256-GCM", GNUTLS_CIPHER_AES_256_GCM, 16, 32, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 0, 1},
{"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0, 0},
- {"SALSA20R20-128", GNUTLS_CIPHER_SALSA20R20_128, 1, 16, CIPHER_STREAM, 8, 0, 0},
{"SALSA20R20-256", GNUTLS_CIPHER_SALSA20R20_256, 1, 32, CIPHER_STREAM, 8, 0, 0},
{"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK,
16, 0, 0},
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index d7b90903c6..189be67c63 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -218,10 +218,8 @@ typedef struct
#define GNUTLS_ECDHE_PSK_NULL_SHA384 { 0xC0, 0x3B }
/* Salsa 20 */
-#define GNUTLS_RSA_WITH_SALSA20R20_128_SHA256 {0xFA, 0xA1}
-#define GNUTLS_RSA_WITH_SALSA20R20_256_SHA256 {0xFA, 0xA2}
-#define GNUTLS_RSA_WITH_SALSA20R20_128_SHA1 {0xFA, 0xA3}
#define GNUTLS_RSA_WITH_SALSA20R20_256_SHA1 {0xFA, 0xA4}
+#define GNUTLS_RSA_WITH_SALSA20R20_256_UMAC_96 {0xFA, 0xA5}
#define CIPHER_SUITES_COUNT (sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1)
@@ -283,22 +281,13 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
GNUTLS_VERSION_MAX, 1),
/* Salsa20 */
- ENTRY (GNUTLS_RSA_WITH_SALSA20R20_128_SHA1,
- GNUTLS_CIPHER_SALSA20R20_128, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
- GNUTLS_VERSION_MAX, 1),
ENTRY (GNUTLS_RSA_WITH_SALSA20R20_256_SHA1,
GNUTLS_CIPHER_SALSA20R20_256, GNUTLS_KX_RSA,
GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
GNUTLS_VERSION_MAX, 1),
-
- ENTRY (GNUTLS_RSA_WITH_SALSA20R20_128_SHA256,
- GNUTLS_CIPHER_SALSA20R20_128, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_0,
- GNUTLS_VERSION_MAX, 1),
- ENTRY (GNUTLS_RSA_WITH_SALSA20R20_256_SHA256,
+ ENTRY (GNUTLS_RSA_WITH_SALSA20R20_256_UMAC_96,
GNUTLS_CIPHER_SALSA20R20_256, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_0,
+ GNUTLS_MAC_UMAC_96, GNUTLS_TLS1_0,
GNUTLS_VERSION_MAX, 1),
/* DHE_DSS */
diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c
index 3546b12659..17bb20c3ee 100644
--- a/lib/algorithms/mac.c
+++ b/lib/algorithms/mac.c
@@ -30,24 +30,29 @@ struct gnutls_hash_entry
const char *name;
const char *oid;
gnutls_mac_algorithm_t id;
- size_t key_size; /* in case of mac */
+ size_t output_size;
+ size_t key_size;
unsigned placeholder; /* if set, then not a real MAC */
unsigned secure; /* if set the this algorithm is secure as hash */
};
typedef struct gnutls_hash_entry gnutls_hash_entry;
static const gnutls_hash_entry hash_algorithms[] = {
- {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 0, 1},
- {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 0, 0},
- {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 0, 1},
- {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 0, 1},
- {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 0, 1},
- {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 0, 1},
- {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 1, 1},
- {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0, 0}, /* not used as MAC */
- {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 0, 1},
- {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0, 0},
- {0, 0, 0, 0, 0}
+ {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 20, 0, 1},
+ {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 16, 0, 0},
+ {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 32, 0, 1},
+ {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 48, 0, 1},
+ {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 64, 0, 1},
+ {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 28, 0, 1},
+#ifdef HAVE_UMAC
+ {"UMAC-96", NULL, GNUTLS_MAC_UMAC_96, 12, 16, 0, 1},
+ {"UMAC-128", NULL, GNUTLS_MAC_UMAC_128, 16, 16, 0, 1},
+#endif
+ {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 0, 1, 1},
+ {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0, 0, 0}, /* not used as MAC */
+ {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 20, 0, 1},
+ {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0, 0, 0},
+ {0, 0, 0, 0, 0, 0}
};
@@ -121,7 +126,7 @@ gnutls_mac_get_id (const char *name)
* gnutls_mac_get_key_size:
* @algorithm: is an encryption algorithm
*
- * Get size of MAC key.
+ * Get size of MAC key used in TLS.
*
* Returns: length (in bytes) of the given MAC key size, or 0 if the
* given MAC algorithm is invalid.
@@ -137,6 +142,26 @@ gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm)
return ret;
}
+/*-
+ * _gnutls_mac_get_algo_len:
+ * @algorithm: is an encryption algorithm
+ *
+ * Get size of MAC key.
+ *
+ * Returns: length (in bytes) of the MAC output size, or 0 if the
+ * given MAC algorithm is invalid.
+ -*/
+size_t
+_gnutls_mac_get_algo_len (gnutls_mac_algorithm_t algorithm)
+{
+ size_t ret = 0;
+
+ /* avoid prefix */
+ GNUTLS_HASH_ALG_LOOP (ret = p->output_size);
+
+ return ret;
+}
+
/**
* gnutls_mac_list:
*
@@ -160,7 +185,7 @@ static gnutls_mac_algorithm_t supported_macs[MAX_ALGOS] = { 0 };
int i = 0;
GNUTLS_HASH_LOOP (
- if (p->placeholder != 0 || _gnutls_hmac_exists(p->id))
+ if (p->placeholder != 0 || _gnutls_mac_exists(p->id))
supported_macs[i++]=p->id;
);
supported_macs[i++]=0;
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index 6710f2f9e8..10e1bc3a85 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -286,6 +286,9 @@ api_cipher_hd_st * h = handle;
* effectively use the current crypto backend in use by gnutls or the
* cryptographic accelerator in use.
*
+ * Note that despite the name of this function, it can be used
+ * for other MAC algorithms than HMAC.
+ *
* Returns: Zero or a negative error code on error.
*
* Since: 2.10.0
@@ -295,14 +298,30 @@ gnutls_hmac_init (gnutls_hmac_hd_t * dig,
gnutls_mac_algorithm_t algorithm,
const void *key, size_t keylen)
{
- *dig = gnutls_malloc (sizeof (digest_hd_st));
+ *dig = gnutls_malloc (sizeof (mac_hd_st));
if (*dig == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
- return _gnutls_hmac_init (((digest_hd_st *) * dig), algorithm, key, keylen);
+ return _gnutls_mac_init (((mac_hd_st *) * dig), algorithm, key, keylen);
+}
+
+/**
+ * gnutls_hmac_set_nonce:
+ * @handle: is a #gnutls_cipher_hd_t structure.
+ * @nonce: the data to set as nonce
+ * @nonce_len: The length of data
+ *
+ * This function will set the nonce in the MAC algorithm.
+ *
+ * Since: 3.1.10
+ **/
+void
+gnutls_hmac_set_nonce (gnutls_hmac_hd_t handle, const void *nonce, size_t nonce_len)
+{
+ _gnutls_mac_set_nonce ((mac_hd_st *) handle, nonce, nonce_len);
}
/**
@@ -321,7 +340,7 @@ gnutls_hmac_init (gnutls_hmac_hd_t * dig,
int
gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen)
{
- return _gnutls_hmac ((digest_hd_st *) handle, text, textlen);
+ return _gnutls_mac ((mac_hd_st *) handle, text, textlen);
}
/**
@@ -336,7 +355,7 @@ gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen)
void
gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest)
{
- _gnutls_hmac_output ((digest_hd_st *) handle, digest);
+ _gnutls_mac_output ((mac_hd_st *) handle, digest);
}
/**
@@ -352,7 +371,7 @@ gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest)
void
gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest)
{
- _gnutls_hmac_deinit ((digest_hd_st *) handle, digest);
+ _gnutls_mac_deinit ((mac_hd_st *) handle, digest);
gnutls_free (handle);
}
@@ -370,7 +389,7 @@ gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest)
int
gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm)
{
- return _gnutls_hmac_get_algo_len (algorithm);
+ return _gnutls_mac_get_algo_len (algorithm);
}
/**
@@ -394,7 +413,7 @@ gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm,
const void *key, size_t keylen,
const void *text, size_t textlen, void *digest)
{
- return _gnutls_hmac_fast (algorithm, key, keylen, text, textlen, digest);
+ return _gnutls_mac_fast (algorithm, key, keylen, text, textlen, digest);
}
/* HASH */
diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h
index ba18e50023..4975f4a005 100644
--- a/lib/crypto-backend.h
+++ b/lib/crypto-backend.h
@@ -51,11 +51,13 @@
{
int (*init) (gnutls_mac_algorithm_t, void **ctx);
int (*setkey) (void *ctx, const void *key, size_t keysize);
+ int (*setnonce) (void *ctx, const void *nonce, size_t noncesize);
void (*reset) (void *ctx);
int (*hash) (void *ctx, const void *text, size_t textsize);
int (*output) (void *src_ctx, void *digest, size_t digestsize);
void (*deinit) (void *ctx);
- int (*fast)(gnutls_mac_algorithm_t, const void *key, size_t keysize, const void *text, size_t textsize, void *digest);
+ int (*fast)(gnutls_mac_algorithm_t, const void* nonce, size_t nonce_size,
+ const void *key, size_t keysize, const void *text, size_t textsize, void *digest);
/* Not needed for registered on run-time. Only included
* should define it. */
diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c
index 0bb222c4eb..fe5bdedd12 100644
--- a/lib/ext/session_ticket.c
+++ b/lib/ext/session_ticket.c
@@ -93,24 +93,24 @@ static int
digest_ticket (const gnutls_datum_t * key, struct ticket *ticket,
uint8_t * digest)
{
- digest_hd_st digest_hd;
+ mac_hd_st digest_hd;
uint16_t length16;
int ret;
- ret = _gnutls_hmac_init (&digest_hd, GNUTLS_MAC_SHA256, key->data,
+ ret = _gnutls_mac_init (&digest_hd, GNUTLS_MAC_SHA256, key->data,
key->size);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
- _gnutls_hmac (&digest_hd, ticket->key_name, KEY_NAME_SIZE);
- _gnutls_hmac (&digest_hd, ticket->IV, IV_SIZE);
+ _gnutls_mac (&digest_hd, ticket->key_name, KEY_NAME_SIZE);
+ _gnutls_mac (&digest_hd, ticket->IV, IV_SIZE);
length16 = _gnutls_conv_uint16 (ticket->encrypted_state_len);
- _gnutls_hmac (&digest_hd, &length16, 2);
- _gnutls_hmac (&digest_hd, ticket->encrypted_state,
+ _gnutls_mac (&digest_hd, &length16, 2);
+ _gnutls_mac (&digest_hd, ticket->encrypted_state,
ticket->encrypted_state_len);
- _gnutls_hmac_deinit (&digest_hd, digest);
+ _gnutls_mac_deinit (&digest_hd, digest);
return 0;
}
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index 390a6b1ce8..48f3cefa11 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -434,6 +434,8 @@ compressed_to_ciphertext (gnutls_session_t session,
memset (data_ptr, pad - 1, pad);
}
+ _gnutls_auth_cipher_set_mac_nonce(&params->write.cipher_state, UINT64DATA(params->write.sequence_number), 8);
+
/* add the authenticate data */
ret = _gnutls_auth_cipher_add_auth(&params->write.cipher_state, preamble, preamble_size);
if (ret < 0)
@@ -590,6 +592,7 @@ compressed_to_ciphertext_new (gnutls_session_t session,
(params->write.sequence_number),
type, compressed->size+2+pad, ver, preamble);
+ _gnutls_auth_cipher_set_mac_nonce(&params->write.cipher_state, UINT64DATA(params->write.sequence_number), 8);
/* add the authenticated data */
ret = _gnutls_auth_cipher_add_auth(&params->write.cipher_state, preamble, preamble_size);
if (ret < 0)
@@ -717,6 +720,7 @@ ciphertext_to_compressed (gnutls_session_t session,
make_preamble (UINT64DATA(*sequence), type,
length, ver, preamble);
+ _gnutls_auth_cipher_set_mac_nonce(&params->read.cipher_state, UINT64DATA(*sequence), 8);
ret = _gnutls_auth_cipher_add_auth (&params->read.cipher_state, preamble, preamble_size);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -786,6 +790,8 @@ ciphertext_to_compressed (gnutls_session_t session,
preamble_size =
make_preamble (UINT64DATA(*sequence), type,
length, ver, preamble);
+
+ _gnutls_auth_cipher_set_mac_nonce(&params->read.cipher_state, UINT64DATA(*sequence), 8);
ret = _gnutls_auth_cipher_add_auth (&params->read.cipher_state, preamble, preamble_size);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -915,6 +921,7 @@ ciphertext_to_compressed_new (gnutls_session_t session,
make_preamble (UINT64DATA(*sequence), type,
length, ver, preamble);
+ _gnutls_auth_cipher_set_mac_nonce(&params->write.cipher_state, UINT64DATA(*sequence), 8);
ret = _gnutls_auth_cipher_add_auth (&params->read.cipher_state, preamble, preamble_size);
if (ret < 0)
return gnutls_assert_val(ret);
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index 7b5fd7065b..0744aea4e3 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -157,16 +157,16 @@ int ret;
handle->ssl_hmac = ssl_hmac;
if (ssl_hmac)
- ret = _gnutls_mac_init_ssl3(&handle->mac, mac, mac_key->data, mac_key->size);
+ ret = _gnutls_mac_init_ssl3(&handle->mac.dig, mac, mac_key->data, mac_key->size);
else
- ret = _gnutls_hmac_init(&handle->mac, mac, mac_key->data, mac_key->size);
+ ret = _gnutls_mac_init(&handle->mac.mac, mac, mac_key->data, mac_key->size);
if (ret < 0)
{
gnutls_assert();
goto cleanup;
}
- handle->tag_size = _gnutls_hmac_get_algo_len(mac);
+ handle->tag_size = _gnutls_mac_get_algo_len(mac);
}
else if (_gnutls_cipher_is_aead(&handle->cipher))
handle->tag_size = _gnutls_cipher_tag_len(&handle->cipher);
@@ -185,9 +185,9 @@ int _gnutls_auth_cipher_add_auth (auth_cipher_hd_st * handle, const void *text,
if (handle->is_mac)
{
if (handle->ssl_hmac)
- return _gnutls_hash(&handle->mac, text, textlen);
+ return _gnutls_hash(&handle->mac.dig, text, textlen);
else
- return _gnutls_hmac(&handle->mac, text, textlen);
+ return _gnutls_mac(&handle->mac.mac, text, textlen);
}
else if (_gnutls_cipher_is_aead(&handle->cipher))
return _gnutls_cipher_auth(&handle->cipher, text, textlen);
@@ -205,9 +205,9 @@ int ret;
if (handle->is_mac)
{
if (handle->ssl_hmac)
- ret = _gnutls_hash(&handle->mac, text, auth_size);
+ ret = _gnutls_hash(&handle->mac.dig, text, auth_size);
else
- ret = _gnutls_hmac(&handle->mac, text, auth_size);
+ ret = _gnutls_mac(&handle->mac.mac, text, auth_size);
if (ret < 0)
{
gnutls_assert();
@@ -258,9 +258,9 @@ int ret;
textlen -= handle->tag_size;
if (handle->ssl_hmac)
- return _gnutls_hash(&handle->mac, text, textlen);
+ return _gnutls_hash(&handle->mac.dig, text, textlen);
else
- return _gnutls_hmac(&handle->mac, text, textlen);
+ return _gnutls_mac(&handle->mac.mac, text, textlen);
}
return 0;
@@ -268,21 +268,22 @@ int ret;
int _gnutls_auth_cipher_tag(auth_cipher_hd_st * handle, void* tag, int tag_size)
{
-int ret = 0;
+int ret;
+
if (handle->is_mac)
{
if (handle->ssl_hmac)
{
- ret = _gnutls_mac_output_ssl3 (&handle->mac, tag);
+ ret = _gnutls_mac_output_ssl3 (&handle->mac.dig, tag);
if (ret < 0)
return gnutls_assert_val(ret);
- _gnutls_mac_reset_ssl3 (&handle->mac);
+ _gnutls_mac_reset_ssl3 (&handle->mac.dig);
}
else
{
- _gnutls_hmac_output (&handle->mac, tag);
- _gnutls_hmac_reset (&handle->mac);
+ _gnutls_mac_output (&handle->mac.mac, tag);
+ _gnutls_mac_reset (&handle->mac.mac);
}
}
else if (_gnutls_cipher_is_aead(&handle->cipher))
@@ -298,9 +299,9 @@ void _gnutls_auth_cipher_deinit (auth_cipher_hd_st * handle)
if (handle->is_mac)
{
if (handle->ssl_hmac) /* failure here doesn't matter */
- _gnutls_mac_deinit_ssl3 (&handle->mac, NULL);
+ _gnutls_mac_deinit_ssl3 (&handle->mac.dig, NULL);
else
- _gnutls_hmac_deinit(&handle->mac, NULL);
+ _gnutls_mac_deinit(&handle->mac.mac, NULL);
}
if (handle->is_null==0)
_gnutls_cipher_deinit(&handle->cipher);
diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h
index 76b416dd52..fae3a4a85b 100644
--- a/lib/gnutls_cipher_int.h
+++ b/lib/gnutls_cipher_int.h
@@ -141,7 +141,10 @@ inline static int _gnutls_cipher_auth (const cipher_hd_st * handle, const void *
typedef struct
{
cipher_hd_st cipher;
- digest_hd_st mac;
+ union {
+ digest_hd_st dig;
+ mac_hd_st mac;
+ } mac;
unsigned int is_mac:1;
unsigned int ssl_hmac:1;
unsigned int is_null:1;
@@ -173,6 +176,16 @@ inline static void _gnutls_auth_cipher_setiv (const auth_cipher_hd_st * handle,
_gnutls_cipher_setiv(&handle->cipher, iv, ivlen);
}
+inline static
+int _gnutls_auth_cipher_set_mac_nonce (auth_cipher_hd_st * handle,
+ const void *nonce, int nonce_len)
+{
+ if (handle->is_mac && !handle->ssl_hmac)
+ return _gnutls_mac_set_nonce(&handle->mac.mac, nonce, nonce_len);
+ else
+ return 0;
+}
+
inline static size_t _gnutls_auth_cipher_tag_len( auth_cipher_hd_st * handle)
{
return handle->tag_size;
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index e86fb2c0e1..67882121b7 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -428,7 +428,7 @@ _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch)
IV_size = gnutls_cipher_get_iv_size (cipher_algo);
key_size = gnutls_cipher_get_key_size (cipher_algo);
export_flag = _gnutls_cipher_get_export_flag (cipher_algo);
- hash_size = _gnutls_hmac_get_algo_len (mac_algo);
+ hash_size = gnutls_mac_get_key_size (mac_algo);
ret = _gnutls_set_keys
(session, params, hash_size, IV_size, key_size, export_flag);
diff --git a/lib/gnutls_dtls.c b/lib/gnutls_dtls.c
index 24fa2e1c18..90c0f44777 100644
--- a/lib/gnutls_dtls.c
+++ b/lib/gnutls_dtls.c
@@ -626,7 +626,7 @@ int total = 0, ret, iv_size;
total += _gnutls_cipher_get_tag_size(params->cipher_algorithm);
else
{
- ret = _gnutls_hmac_get_algo_len(params->mac_algorithm);
+ ret = _gnutls_mac_get_algo_len(params->mac_algorithm);
if (ret < 0)
return gnutls_assert_val(ret);
total+=ret;
@@ -856,7 +856,7 @@ uint8_t digest[C_HASH_SIZE];
hvr[hvr_size++] = 255;
hvr[hvr_size++] = COOKIE_SIZE;
- ret = _gnutls_hmac_fast(C_HASH, key->data, key->size, client_data, client_data_size, digest);
+ ret = _gnutls_mac_fast(C_HASH, key->data, key->size, client_data, client_data_size, digest);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -931,7 +931,7 @@ uint8_t digest[C_HASH_SIZE];
return gnutls_assert_val(GNUTLS_E_BAD_COOKIE);
}
- ret = _gnutls_hmac_fast(C_HASH, key->data, key->size, client_data, client_data_size, digest);
+ ret = _gnutls_mac_fast(C_HASH, key->data, key->size, client_data, client_data_size, digest);
if (ret < 0)
return gnutls_assert_val(ret);
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index b0c8c0b409..439b91c647 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -56,7 +56,6 @@ digest_length (int algo)
}
}
-
int
_gnutls_hash_init (digest_hd_st * dig, gnutls_digest_algorithm_t algorithm)
{
@@ -157,7 +156,7 @@ _gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
/* HMAC interface */
int
-_gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
+_gnutls_mac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
int keylen, const void *text, size_t textlen, void *digest)
{
int ret;
@@ -168,7 +167,7 @@ _gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
cc = _gnutls_get_crypto_mac (algorithm);
if (cc != NULL)
{
- if (cc->fast (algorithm, key, keylen, text, textlen, digest) < 0)
+ if (cc->fast (algorithm, NULL, 0, key, keylen, text, textlen, digest) < 0)
{
gnutls_assert ();
return GNUTLS_E_HASH_FAILED;
@@ -177,7 +176,7 @@ _gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
return 0;
}
- ret = _gnutls_mac_ops.fast (algorithm, key, keylen, text, textlen, digest);
+ ret = _gnutls_mac_ops.fast (algorithm, NULL, 0, key, keylen, text, textlen, digest);
if (ret < 0)
{
gnutls_assert ();
@@ -191,7 +190,7 @@ _gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
/* Returns true(non-zero) or false(0) if the
* provided hash exists
*/
-int _gnutls_hmac_exists(gnutls_mac_algorithm_t algo)
+int _gnutls_mac_exists(gnutls_mac_algorithm_t algo)
{
const gnutls_crypto_mac_st *cc = NULL;
@@ -202,58 +201,59 @@ int _gnutls_hmac_exists(gnutls_mac_algorithm_t algo)
}
int
-_gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm,
+_gnutls_mac_init (mac_hd_st * mac, gnutls_mac_algorithm_t algorithm,
const void *key, int keylen)
{
int result;
const gnutls_crypto_mac_st *cc = NULL;
- dig->algorithm = (gnutls_digest_algorithm_t)algorithm;
- dig->key = key;
- dig->keysize = keylen;
+ mac->algorithm = algorithm;
+ mac->mac_len = _gnutls_mac_get_algo_len (algorithm);
/* check if a digest has been registered
*/
cc = _gnutls_get_crypto_mac (algorithm);
if (cc != NULL && cc->init != NULL)
{
- if (cc->init (algorithm, &dig->handle) < 0)
+ if (cc->init (algorithm, &mac->handle) < 0)
{
gnutls_assert ();
return GNUTLS_E_HASH_FAILED;
}
- if (cc->setkey (dig->handle, key, keylen) < 0)
+ if (cc->setkey (mac->handle, key, keylen) < 0)
{
gnutls_assert ();
- cc->deinit (dig->handle);
+ cc->deinit (mac->handle);
return GNUTLS_E_HASH_FAILED;
}
- dig->hash = cc->hash;
- dig->output = cc->output;
- dig->deinit = cc->deinit;
- dig->reset = cc->reset;
+ mac->hash = cc->hash;
+ mac->setnonce = cc->setnonce;
+ mac->output = cc->output;
+ mac->deinit = cc->deinit;
+ mac->reset = cc->reset;
return 0;
}
- result = _gnutls_mac_ops.init (algorithm, &dig->handle);
+ result = _gnutls_mac_ops.init (algorithm, &mac->handle);
if (result < 0)
{
gnutls_assert ();
return result;
}
- dig->hash = _gnutls_mac_ops.hash;
- dig->output = _gnutls_mac_ops.output;
- dig->deinit = _gnutls_mac_ops.deinit;
- dig->reset = _gnutls_mac_ops.reset;
+ mac->hash = _gnutls_mac_ops.hash;
+ mac->setnonce = _gnutls_mac_ops.setnonce;
+ mac->output = _gnutls_mac_ops.output;
+ mac->deinit = _gnutls_mac_ops.deinit;
+ mac->reset = _gnutls_mac_ops.reset;
- if (_gnutls_mac_ops.setkey (dig->handle, key, keylen) < 0)
+ if (_gnutls_mac_ops.setkey (mac->handle, key, keylen) < 0)
{
gnutls_assert();
- dig->deinit(dig->handle);
+ mac->deinit(mac->handle);
return GNUTLS_E_HASH_FAILED;
}
@@ -261,7 +261,7 @@ _gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm,
}
void
-_gnutls_hmac_deinit (digest_hd_st * handle, void *digest)
+_gnutls_mac_deinit (mac_hd_st * handle, void *digest)
{
if (handle->handle == NULL)
{
@@ -269,7 +269,7 @@ _gnutls_hmac_deinit (digest_hd_st * handle, void *digest)
}
if (digest)
- _gnutls_hmac_output (handle, digest);
+ _gnutls_mac_output (handle, digest);
handle->deinit (handle->handle);
handle->handle = NULL;
@@ -373,7 +373,7 @@ _gnutls_mac_output_ssl3 (digest_hd_st * handle, void *digest)
_gnutls_hash (&td, handle->key, handle->keysize);
_gnutls_hash (&td, opad, padsize);
- block = _gnutls_hmac_get_algo_len (handle->algorithm);
+ block = _gnutls_mac_get_algo_len (handle->algorithm);
_gnutls_hash_output (handle, ret); /* get the previous hash */
_gnutls_hash (&td, ret, block);
@@ -427,7 +427,7 @@ _gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle,
_gnutls_hash (&td, key, key_size);
_gnutls_hash (&td, opad, padsize);
- block = _gnutls_hmac_get_algo_len (handle->algorithm);
+ block = _gnutls_mac_get_algo_len (handle->algorithm);
if (key_size > 0)
_gnutls_hash (handle, key, key_size);
diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h
index 2438e70381..cb0de13d22 100644
--- a/lib/gnutls_hash_int.h
+++ b/lib/gnutls_hash_int.h
@@ -37,6 +37,7 @@ extern int crypto_digest_prio;
extern gnutls_crypto_digest_st _gnutls_digest_ops;
typedef int (*hash_func) (void *handle, const void *text, size_t size);
+typedef int (*nonce_func) (void *handle, const void *text, size_t size);
typedef void (*reset_func) (void *ctx);
typedef int (*output_func) (void *src_ctx, void *digest, size_t digestsize);
typedef void (*deinit_func) (void *handle);
@@ -44,29 +45,44 @@ typedef void (*deinit_func) (void *handle);
typedef struct
{
gnutls_digest_algorithm_t algorithm;
- const void *key;
+ hash_func hash;
+ reset_func reset;
+ output_func output;
+ deinit_func deinit;
+
+ const void *key; /* esoteric use by SSL3 MAC functions */
int keysize;
+ void *handle;
+} digest_hd_st;
+
+typedef struct
+{
+ gnutls_mac_algorithm_t algorithm;
+ int mac_len;
+
hash_func hash;
reset_func reset;
+ nonce_func setnonce;
output_func output;
deinit_func deinit;
void *handle;
-} digest_hd_st;
+} mac_hd_st;
/* basic functions */
-int _gnutls_hmac_exists(gnutls_mac_algorithm_t algorithm);
-int _gnutls_hmac_init (digest_hd_st *, gnutls_mac_algorithm_t algorithm,
+int _gnutls_mac_exists(gnutls_mac_algorithm_t algorithm);
+int _gnutls_mac_init (mac_hd_st *, gnutls_mac_algorithm_t algorithm,
const void *key, int keylen);
size_t _gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm);
-#define _gnutls_hmac_get_algo_len(x) _gnutls_hash_get_algo_len((gnutls_digest_algorithm_t)x)
-int _gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
+
+size_t _gnutls_mac_get_algo_len (gnutls_mac_algorithm_t algorithm);
+int _gnutls_mac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
int keylen, const void *text, size_t textlen,
void *digest);
inline static int
-_gnutls_hmac (digest_hd_st * handle, const void *text, size_t textlen)
+_gnutls_mac (mac_hd_st * handle, const void *text, size_t textlen)
{
if (textlen > 0)
{
@@ -76,23 +92,27 @@ _gnutls_hmac (digest_hd_st * handle, const void *text, size_t textlen)
}
inline static void
-_gnutls_hmac_output (digest_hd_st * handle, void *digest)
+_gnutls_mac_output (mac_hd_st * handle, void *digest)
{
- size_t maclen;
-
- maclen = _gnutls_hmac_get_algo_len (handle->algorithm);
-
if (digest != NULL)
{
- handle->output (handle->handle, digest, maclen);
+ handle->output (handle->handle, digest, handle->mac_len);
}
}
+inline static int
+_gnutls_mac_set_nonce (mac_hd_st * handle, const void *nonce, size_t n_size)
+{
+ if (handle->setnonce)
+ return handle->setnonce (handle->handle, nonce, n_size);
+ return 0;
+}
+
void
-_gnutls_hmac_deinit (digest_hd_st * handle, void *digest);
+_gnutls_mac_deinit (mac_hd_st * handle, void *digest);
inline static void
-_gnutls_hmac_reset (digest_hd_st * handle)
+_gnutls_mac_reset (mac_hd_st * handle)
{
if (handle->handle == NULL)
{
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 3f768f7798..2f460a6b92 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -798,7 +798,7 @@ _gnutls_cal_PRF_A (gnutls_mac_algorithm_t algorithm,
{
int ret;
- ret = _gnutls_hmac_fast (algorithm, secret, secret_size, seed, seed_size, result);
+ ret = _gnutls_mac_fast (algorithm, secret, secret_size, seed, seed_size, result);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -817,7 +817,7 @@ P_hash (gnutls_mac_algorithm_t algorithm,
int total_bytes, uint8_t * ret)
{
- digest_hd_st td2;
+ mac_hd_st td2;
int i, times, how, blocksize, A_size;
uint8_t final[MAX_HASH_SIZE], Atmp[MAX_SEED_SIZE];
int output_bytes, result;
@@ -828,7 +828,7 @@ P_hash (gnutls_mac_algorithm_t algorithm,
return GNUTLS_E_INTERNAL_ERROR;
}
- blocksize = _gnutls_hmac_get_algo_len (algorithm);
+ blocksize = _gnutls_mac_get_algo_len (algorithm);
output_bytes = 0;
do
@@ -846,7 +846,7 @@ P_hash (gnutls_mac_algorithm_t algorithm,
for (i = 0; i < times; i++)
{
- result = _gnutls_hmac_init (&td2, algorithm, secret, secret_size);
+ result = _gnutls_mac_init (&td2, algorithm, secret, secret_size);
if (result < 0)
{
gnutls_assert ();
@@ -859,15 +859,15 @@ P_hash (gnutls_mac_algorithm_t algorithm,
A_size, Atmp)) < 0)
{
gnutls_assert ();
- _gnutls_hmac_deinit (&td2, final);
+ _gnutls_mac_deinit (&td2, final);
return result;
}
A_size = blocksize;
- _gnutls_hmac (&td2, Atmp, A_size);
- _gnutls_hmac (&td2, seed, seed_size);
- _gnutls_hmac_deinit (&td2, final);
+ _gnutls_mac (&td2, Atmp, A_size);
+ _gnutls_mac (&td2, seed, seed_size);
+ _gnutls_mac_deinit (&td2, final);
if ((1 + i) * blocksize < total_bytes)
{
diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h
index 1bc429040c..cb3c568445 100644
--- a/lib/includes/gnutls/crypto.h
+++ b/lib/includes/gnutls/crypto.h
@@ -61,6 +61,7 @@ extern "C"
int gnutls_hmac_init (gnutls_hmac_hd_t * dig,
gnutls_mac_algorithm_t algorithm, const void *key,
size_t keylen);
+ void gnutls_hmac_set_nonce (gnutls_hmac_hd_t handle, const void *nonce, size_t nonce_len);
int gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen);
void gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest);
void gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest);
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 00c9689870..6b96247736 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -111,8 +111,7 @@ extern "C"
GNUTLS_CIPHER_AES_128_GCM = 93,
GNUTLS_CIPHER_AES_256_GCM = 94,
GNUTLS_CIPHER_CAMELLIA_192_CBC = 95,
- GNUTLS_CIPHER_SALSA20R20_128 = 96,
- GNUTLS_CIPHER_SALSA20R20_256 = 97,
+ GNUTLS_CIPHER_SALSA20R20_256 = 96,
/* used only for PGP internals. Ignored in TLS/SSL
*/
@@ -234,7 +233,9 @@ extern "C"
GNUTLS_MAC_SHA224 = 9,
/* If you add anything here, make sure you align with
gnutls_digest_algorithm_t. */
- GNUTLS_MAC_AEAD = 200 /* indicates that MAC is on the cipher */
+ GNUTLS_MAC_AEAD = 200, /* indicates that MAC is on the cipher */
+ GNUTLS_MAC_UMAC_96 = 201,
+ GNUTLS_MAC_UMAC_128 = 202,
} gnutls_mac_algorithm_t;
/**
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 5c57278290..920c2df8fd 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -904,6 +904,7 @@ GNUTLS_3_1_0 {
gnutls_privkey_sign_raw_data;
gnutls_privkey_status;
gnutls_cipher_get_iv_size;
+ gnutls_hmac_set_nonce;
} GNUTLS_3_0_0;
GNUTLS_PRIVATE {
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index f17cc44a0e..a2248d1510 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -118,7 +118,6 @@ static int wrap_nettle_cipher_exists(gnutls_cipher_algorithm_t algo)
case GNUTLS_CIPHER_3DES_CBC:
case GNUTLS_CIPHER_DES_CBC:
case GNUTLS_CIPHER_ARCFOUR_128:
- case GNUTLS_CIPHER_SALSA20R20_128:
case GNUTLS_CIPHER_SALSA20R20_256:
case GNUTLS_CIPHER_ARCFOUR_40:
case GNUTLS_CIPHER_RC2_40_CBC:
@@ -200,7 +199,6 @@ wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx, int enc)
ctx->ctx_ptr = &ctx->ctx.arcfour;
ctx->block_size = 1;
break;
- case GNUTLS_CIPHER_SALSA20R20_128:
case GNUTLS_CIPHER_SALSA20R20_256:
ctx->encrypt = stream_encrypt;
ctx->decrypt = stream_encrypt;
@@ -291,7 +289,6 @@ wrap_nettle_cipher_setkey (void *_ctx, const void *key, size_t keysize)
case GNUTLS_CIPHER_ARCFOUR_40:
arcfour_set_key (ctx->ctx_ptr, keysize, key);
break;
- case GNUTLS_CIPHER_SALSA20R20_128:
case GNUTLS_CIPHER_SALSA20R20_256:
salsa20_set_key (ctx->ctx_ptr, keysize, key);
break;
@@ -320,7 +317,6 @@ struct nettle_cipher_ctx *ctx = _ctx;
gcm_aes_set_iv(&ctx->ctx.aes_gcm, GCM_DEFAULT_NONCE_SIZE, iv);
break;
- case GNUTLS_CIPHER_SALSA20R20_128:
case GNUTLS_CIPHER_SALSA20R20_256:
if (ivsize != SALSA20_IV_SIZE)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c
index 3a260ff505..008751150d 100644
--- a/lib/nettle/mac.c
+++ b/lib/nettle/mac.c
@@ -30,10 +30,14 @@
#include <nettle/md2.h>
#include <nettle/sha.h>
#include <nettle/hmac.h>
+#ifdef HAVE_UMAC
+# include <nettle/umac.h>
+#endif
typedef void (*update_func) (void *, unsigned, const uint8_t *);
typedef void (*digest_func) (void *, unsigned, uint8_t *);
typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
+typedef void (*set_nonce_func) (void *, unsigned, const uint8_t *);
static int wrap_nettle_hash_init (gnutls_digest_algorithm_t algo, void **_ctx);
@@ -56,7 +60,7 @@ struct nettle_hash_ctx
digest_func digest;
};
-struct nettle_hmac_ctx
+struct nettle_mac_ctx
{
union
{
@@ -66,6 +70,9 @@ struct nettle_hmac_ctx
struct hmac_sha384_ctx sha384;
struct hmac_sha512_ctx sha512;
struct hmac_sha1_ctx sha1;
+#ifdef HAVE_UMAC
+ struct umac_aes_ctx umac;
+#endif
} ctx;
/* this is the context just after
@@ -79,6 +86,9 @@ struct nettle_hmac_ctx
struct hmac_sha384_ctx sha384;
struct hmac_sha512_ctx sha512;
struct hmac_sha1_ctx sha1;
+#ifdef HAVE_UMAC
+ struct umac_aes_ctx umac;
+#endif
} init_ctx;
void *ctx_ptr;
gnutls_mac_algorithm_t algo;
@@ -86,10 +96,12 @@ struct nettle_hmac_ctx
update_func update;
digest_func digest;
set_key_func setkey;
+ set_nonce_func setnonce;
};
-static int _hmac_ctx_init(gnutls_mac_algorithm_t algo, struct nettle_hmac_ctx *ctx)
+static int _mac_ctx_init(gnutls_mac_algorithm_t algo, struct nettle_mac_ctx *ctx)
{
+ ctx->setnonce = NULL;
switch (algo)
{
case GNUTLS_MAC_MD5:
@@ -134,25 +146,49 @@ static int _hmac_ctx_init(gnutls_mac_algorithm_t algo, struct nettle_hmac_ctx *c
ctx->ctx_ptr = &ctx->ctx.sha512;
ctx->length = SHA512_DIGEST_SIZE;
break;
+#ifdef HAVE_UMAC
+ case GNUTLS_MAC_UMAC_96:
+ ctx->update = (update_func) umac_aes_update;
+ ctx->digest = (digest_func) umac_aes_digest;
+ ctx->setkey = (set_key_func) umac_aes_set_key;
+ ctx->setnonce = (set_nonce_func) umac_aes_set_nonce;
+ ctx->ctx_ptr = &ctx->ctx.umac;
+ umac_aes_init(ctx->ctx_ptr, 12);
+ ctx->length = 12;
+ break;
+ case GNUTLS_MAC_UMAC_128:
+ ctx->update = (update_func) umac_aes_update;
+ ctx->digest = (digest_func) umac_aes_digest;
+ ctx->setkey = (set_key_func) umac_aes_set_key;
+ ctx->setnonce = (set_nonce_func) umac_aes_set_nonce;
+ ctx->ctx_ptr = &ctx->ctx.umac;
+ umac_aes_init(ctx->ctx_ptr, 16);
+ ctx->length = 16;
+ break;
+#endif
default:
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
-
+
return 0;
}
-static int wrap_nettle_hmac_fast(gnutls_mac_algorithm_t algo,
- const void *key, size_t key_size, const void* text, size_t text_size,
+static int wrap_nettle_mac_fast(gnutls_mac_algorithm_t algo,
+ const void* nonce, size_t nonce_size,
+ const void *key, size_t key_size,
+ const void* text, size_t text_size,
void* digest)
{
- struct nettle_hmac_ctx ctx;
+ struct nettle_mac_ctx ctx;
int ret;
- ret = _hmac_ctx_init(algo, &ctx);
+ ret = _mac_ctx_init(algo, &ctx);
if (ret < 0)
return gnutls_assert_val(ret);
+ if (ctx.setnonce)
+ ctx.setnonce (&ctx, nonce_size, nonce);
ctx.setkey (&ctx, key_size, key);
ctx.update (&ctx, text_size, text);
ctx.digest (&ctx, ctx.length, digest);
@@ -160,7 +196,7 @@ static int wrap_nettle_hmac_fast(gnutls_mac_algorithm_t algo,
return 0;
}
-static int wrap_nettle_hmac_exists(gnutls_mac_algorithm_t algo)
+static int wrap_nettle_mac_exists(gnutls_mac_algorithm_t algo)
{
switch (algo)
{
@@ -170,6 +206,10 @@ static int wrap_nettle_hmac_exists(gnutls_mac_algorithm_t algo)
case GNUTLS_MAC_SHA256:
case GNUTLS_MAC_SHA384:
case GNUTLS_MAC_SHA512:
+#ifdef HAVE_UMAC
+ case GNUTLS_MAC_UMAC_96:
+ case GNUTLS_MAC_UMAC_128:
+#endif
return 1;
default:
return 0;
@@ -177,12 +217,12 @@ static int wrap_nettle_hmac_exists(gnutls_mac_algorithm_t algo)
}
static int
-wrap_nettle_hmac_init (gnutls_mac_algorithm_t algo, void **_ctx)
+wrap_nettle_mac_init (gnutls_mac_algorithm_t algo, void **_ctx)
{
- struct nettle_hmac_ctx *ctx;
+ struct nettle_mac_ctx *ctx;
int ret;
- ctx = gnutls_calloc (1, sizeof (struct nettle_hmac_ctx));
+ ctx = gnutls_calloc (1, sizeof (struct nettle_mac_ctx));
if (ctx == NULL)
{
gnutls_assert ();
@@ -191,7 +231,7 @@ wrap_nettle_hmac_init (gnutls_mac_algorithm_t algo, void **_ctx)
ctx->algo = algo;
- ret = _hmac_ctx_init(algo, ctx);
+ ret = _mac_ctx_init(algo, ctx);
if (ret < 0)
{
gnutls_free(ctx);
@@ -204,9 +244,9 @@ wrap_nettle_hmac_init (gnutls_mac_algorithm_t algo, void **_ctx)
}
static int
-wrap_nettle_hmac_setkey (void *_ctx, const void *key, size_t keylen)
+wrap_nettle_mac_setkey (void *_ctx, const void *key, size_t keylen)
{
- struct nettle_hmac_ctx *ctx = _ctx;
+ struct nettle_mac_ctx *ctx = _ctx;
ctx->setkey (ctx->ctx_ptr, keylen, key);
@@ -215,18 +255,31 @@ wrap_nettle_hmac_setkey (void *_ctx, const void *key, size_t keylen)
return GNUTLS_E_SUCCESS;
}
+static int
+wrap_nettle_mac_set_nonce (void *_ctx, const void *nonce, size_t noncelen)
+{
+ struct nettle_mac_ctx *ctx = _ctx;
+
+ if (ctx->setnonce == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+ ctx->setnonce (ctx->ctx_ptr, noncelen, nonce);
+
+ return GNUTLS_E_SUCCESS;
+}
+
static void
-wrap_nettle_hmac_reset (void *_ctx)
+wrap_nettle_mac_reset (void *_ctx)
{
- struct nettle_hmac_ctx *ctx = _ctx;
+ struct nettle_mac_ctx *ctx = _ctx;
memcpy(&ctx->ctx, &ctx->init_ctx, sizeof(ctx->ctx));
}
static int
-wrap_nettle_hmac_update (void *_ctx, const void *text, size_t textsize)
+wrap_nettle_mac_update (void *_ctx, const void *text, size_t textsize)
{
- struct nettle_hmac_ctx *ctx = _ctx;
+ struct nettle_mac_ctx *ctx = _ctx;
ctx->update (ctx->ctx_ptr, textsize, text);
@@ -234,9 +287,9 @@ wrap_nettle_hmac_update (void *_ctx, const void *text, size_t textsize)
}
static int
-wrap_nettle_hmac_output (void *src_ctx, void *digest, size_t digestsize)
+wrap_nettle_mac_output (void *src_ctx, void *digest, size_t digestsize)
{
- struct nettle_hmac_ctx *ctx;
+ struct nettle_mac_ctx *ctx;
ctx = src_ctx;
if (digestsize < ctx->length)
@@ -251,7 +304,7 @@ wrap_nettle_hmac_output (void *src_ctx, void *digest, size_t digestsize)
}
static void
-wrap_nettle_hmac_deinit (void *hd)
+wrap_nettle_mac_deinit (void *hd)
{
gnutls_free (hd);
}
@@ -424,14 +477,15 @@ wrap_nettle_hash_reset (void *src_ctx)
gnutls_crypto_mac_st _gnutls_mac_ops = {
- .init = wrap_nettle_hmac_init,
- .setkey = wrap_nettle_hmac_setkey,
- .hash = wrap_nettle_hmac_update,
- .reset = wrap_nettle_hmac_reset,
- .output = wrap_nettle_hmac_output,
- .deinit = wrap_nettle_hmac_deinit,
- .fast = wrap_nettle_hmac_fast,
- .exists = wrap_nettle_hmac_exists,
+ .init = wrap_nettle_mac_init,
+ .setkey = wrap_nettle_mac_setkey,
+ .setnonce = wrap_nettle_mac_set_nonce,
+ .hash = wrap_nettle_mac_update,
+ .reset = wrap_nettle_mac_reset,
+ .output = wrap_nettle_mac_output,
+ .deinit = wrap_nettle_mac_deinit,
+ .fast = wrap_nettle_mac_fast,
+ .exists = wrap_nettle_mac_exists,
};
gnutls_crypto_digest_st _gnutls_digest_ops = {
diff --git a/lib/x509/pbkdf2-sha1.c b/lib/x509/pbkdf2-sha1.c
index c468460fc8..b43ce5963c 100644
--- a/lib/x509/pbkdf2-sha1.c
+++ b/lib/x509/pbkdf2-sha1.c
@@ -173,10 +173,10 @@ _gnutls_pbkdf2_sha1 (const char *P, size_t Plen,
tmp[Slen + 3] = (i & 0x000000ff) >> 0;
rc =
- _gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, tmp, tmplen, U);
+ _gnutls_mac_fast (GNUTLS_MAC_SHA1, P, Plen, tmp, tmplen, U);
}
else
- rc = _gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, U, hLen, U);
+ rc = _gnutls_mac_fast (GNUTLS_MAC_SHA1, P, Plen, U, hLen, U);
if (rc < 0)
{
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 1d12947b16..448b1658fc 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -871,7 +871,7 @@ gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass)
uint8_t salt[8], key[20];
int result;
const int iter = 1;
- digest_hd_st td1;
+ mac_hd_st td1;
gnutls_datum_t tmp = { NULL, 0 };
uint8_t sha_mac[20];
@@ -937,17 +937,17 @@ gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass)
/* MAC the data
*/
- result = _gnutls_hmac_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key));
+ result = _gnutls_mac_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key));
if (result < 0)
{
gnutls_assert ();
goto cleanup;
}
- _gnutls_hmac (&td1, tmp.data, tmp.size);
+ _gnutls_mac (&td1, tmp.data, tmp.size);
_gnutls_free_datum (&tmp);
- _gnutls_hmac_deinit (&td1, sha_mac);
+ _gnutls_mac_deinit (&td1, sha_mac);
result =
@@ -1005,7 +1005,7 @@ gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass)
int result;
unsigned int iter;
int len;
- digest_hd_st td1;
+ mac_hd_st td1;
gnutls_datum_t tmp = { NULL, 0 }, salt =
{
NULL, 0};
@@ -1063,17 +1063,17 @@ gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass)
/* MAC the data
*/
- result = _gnutls_hmac_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key));
+ result = _gnutls_mac_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key));
if (result < 0)
{
gnutls_assert ();
goto cleanup;
}
- _gnutls_hmac (&td1, tmp.data, tmp.size);
+ _gnutls_mac (&td1, tmp.data, tmp.size);
_gnutls_free_datum (&tmp);
- _gnutls_hmac_deinit (&td1, sha_mac);
+ _gnutls_mac_deinit (&td1, sha_mac);
len = sizeof (sha_mac_orig);
result =
View Lorry Controller Status