diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-03-19 08:13:54 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-03-19 08:13:58 +0100 |
commit | 10c585a92d05538fbd3936d9d81bd4296b7e3f8d (patch) | |
tree | 9998fe54423e2fe62200655daaa7f01199cc3580 /lib | |
parent | 7b4d1f763a2b2476074c903f3ab059f53dcdddc0 (diff) | |
download | gnutls-10c585a92d05538fbd3936d9d81bd4296b7e3f8d.tar.gz |
The HMAC subsystem can now be used for other MAC algorithms, like UMAC. UMAC-96 and UMAC-128 were conditionally added.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/accelerated/cryptodev.c | 1 | ||||
-rw-r--r-- | lib/accelerated/x86/hmac-padlock.c | 5 | ||||
-rw-r--r-- | lib/algorithms/ciphers.c | 1 | ||||
-rw-r--r-- | lib/algorithms/ciphersuites.c | 17 | ||||
-rw-r--r-- | lib/algorithms/mac.c | 53 | ||||
-rw-r--r-- | lib/crypto-api.c | 33 | ||||
-rw-r--r-- | lib/crypto-backend.h | 4 | ||||
-rw-r--r-- | lib/ext/session_ticket.c | 14 | ||||
-rw-r--r-- | lib/gnutls_cipher.c | 7 | ||||
-rw-r--r-- | lib/gnutls_cipher_int.c | 33 | ||||
-rw-r--r-- | lib/gnutls_cipher_int.h | 15 | ||||
-rw-r--r-- | lib/gnutls_constate.c | 2 | ||||
-rw-r--r-- | lib/gnutls_dtls.c | 6 | ||||
-rw-r--r-- | lib/gnutls_hash_int.c | 54 | ||||
-rw-r--r-- | lib/gnutls_hash_int.h | 50 | ||||
-rw-r--r-- | lib/gnutls_state.c | 16 | ||||
-rw-r--r-- | lib/includes/gnutls/crypto.h | 1 | ||||
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 7 | ||||
-rw-r--r-- | lib/libgnutls.map | 1 | ||||
-rw-r--r-- | lib/nettle/cipher.c | 4 | ||||
-rw-r--r-- | lib/nettle/mac.c | 112 | ||||
-rw-r--r-- | lib/x509/pbkdf2-sha1.c | 4 | ||||
-rw-r--r-- | lib/x509/pkcs12.c | 16 |
23 files changed, 294 insertions, 162 deletions
diff --git a/lib/accelerated/cryptodev.c b/lib/accelerated/cryptodev.c index f0c583d319..63b0174cbd 100644 --- a/lib/accelerated/cryptodev.c +++ b/lib/accelerated/cryptodev.c @@ -352,6 +352,7 @@ int ret; static const gnutls_crypto_mac_st mac_struct = { .init = NULL, .setkey = NULL, + .setnonce = NULL, .hash = NULL, .output = NULL, .deinit = NULL, diff --git a/lib/accelerated/x86/hmac-padlock.c b/lib/accelerated/x86/hmac-padlock.c index 2ec4ad5f57..c2db4b98c6 100644 --- a/lib/accelerated/x86/hmac-padlock.c +++ b/lib/accelerated/x86/hmac-padlock.c @@ -292,6 +292,7 @@ wrap_padlock_hmac_deinit (void *hd) static int wrap_padlock_hmac_fast (gnutls_mac_algorithm_t algo, + const void* nonce, size_t nonce_size, const void *key, size_t key_size, const void *text, size_t text_size, void *digest) { @@ -300,7 +301,7 @@ wrap_padlock_hmac_fast (gnutls_mac_algorithm_t algo, unsigned char *pad; unsigned char pad2[SHA1_DATA_SIZE + MAX_SHA_DIGEST_SIZE]; unsigned char hkey[MAX_SHA_DIGEST_SIZE]; - unsigned int digest_size = _gnutls_hmac_get_algo_len (algo); + unsigned int digest_size = _gnutls_mac_get_algo_len (algo); if (key_size > SHA1_DATA_SIZE) { @@ -353,6 +354,7 @@ wrap_padlock_hmac_fast (gnutls_mac_algorithm_t algo, const gnutls_crypto_mac_st hmac_sha_padlock_struct = { .init = NULL, .setkey = NULL, + .setnonce = NULL, .hash = NULL, .reset = NULL, .output = NULL, @@ -363,6 +365,7 @@ const gnutls_crypto_mac_st hmac_sha_padlock_struct = { const gnutls_crypto_mac_st hmac_sha_padlock_nano_struct = { .init = wrap_padlock_hmac_init, .setkey = wrap_padlock_hmac_setkey, + .setnonce = NULL, .hash = wrap_padlock_hmac_update, .reset = wrap_padlock_hmac_reset, .output = wrap_padlock_hmac_output, diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c index 13eb7ff45d..704ac635c0 100644 --- a/lib/algorithms/ciphers.c +++ b/lib/algorithms/ciphers.c @@ -52,7 +52,6 @@ static const gnutls_cipher_entry algorithms[] = { {"AES-128-GCM", GNUTLS_CIPHER_AES_128_GCM, 16, 16, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 0, 1}, {"AES-256-GCM", GNUTLS_CIPHER_AES_256_GCM, 16, 32, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 0, 1}, {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0, 0}, - {"SALSA20R20-128", GNUTLS_CIPHER_SALSA20R20_128, 1, 16, CIPHER_STREAM, 8, 0, 0}, {"SALSA20R20-256", GNUTLS_CIPHER_SALSA20R20_256, 1, 32, CIPHER_STREAM, 8, 0, 0}, {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK, 16, 0, 0}, diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index d7b90903c6..189be67c63 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -218,10 +218,8 @@ typedef struct #define GNUTLS_ECDHE_PSK_NULL_SHA384 { 0xC0, 0x3B } /* Salsa 20 */ -#define GNUTLS_RSA_WITH_SALSA20R20_128_SHA256 {0xFA, 0xA1} -#define GNUTLS_RSA_WITH_SALSA20R20_256_SHA256 {0xFA, 0xA2} -#define GNUTLS_RSA_WITH_SALSA20R20_128_SHA1 {0xFA, 0xA3} #define GNUTLS_RSA_WITH_SALSA20R20_256_SHA1 {0xFA, 0xA4} +#define GNUTLS_RSA_WITH_SALSA20R20_256_UMAC_96 {0xFA, 0xA5} #define CIPHER_SUITES_COUNT (sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1) @@ -283,22 +281,13 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_VERSION_MAX, 1), /* Salsa20 */ - ENTRY (GNUTLS_RSA_WITH_SALSA20R20_128_SHA1, - GNUTLS_CIPHER_SALSA20R20_128, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, - GNUTLS_VERSION_MAX, 1), ENTRY (GNUTLS_RSA_WITH_SALSA20R20_256_SHA1, GNUTLS_CIPHER_SALSA20R20_256, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), - - ENTRY (GNUTLS_RSA_WITH_SALSA20R20_128_SHA256, - GNUTLS_CIPHER_SALSA20R20_128, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_0, - GNUTLS_VERSION_MAX, 1), - ENTRY (GNUTLS_RSA_WITH_SALSA20R20_256_SHA256, + ENTRY (GNUTLS_RSA_WITH_SALSA20R20_256_UMAC_96, GNUTLS_CIPHER_SALSA20R20_256, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_0, + GNUTLS_MAC_UMAC_96, GNUTLS_TLS1_0, GNUTLS_VERSION_MAX, 1), /* DHE_DSS */ diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c index 3546b12659..17bb20c3ee 100644 --- a/lib/algorithms/mac.c +++ b/lib/algorithms/mac.c @@ -30,24 +30,29 @@ struct gnutls_hash_entry const char *name; const char *oid; gnutls_mac_algorithm_t id; - size_t key_size; /* in case of mac */ + size_t output_size; + size_t key_size; unsigned placeholder; /* if set, then not a real MAC */ unsigned secure; /* if set the this algorithm is secure as hash */ }; typedef struct gnutls_hash_entry gnutls_hash_entry; static const gnutls_hash_entry hash_algorithms[] = { - {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 0, 1}, - {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 0, 0}, - {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 0, 1}, - {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 0, 1}, - {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 0, 1}, - {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 0, 1}, - {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 1, 1}, - {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0, 0}, /* not used as MAC */ - {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 0, 1}, - {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0, 0}, - {0, 0, 0, 0, 0} + {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 20, 0, 1}, + {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 16, 0, 0}, + {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 32, 0, 1}, + {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 48, 0, 1}, + {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 64, 0, 1}, + {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 28, 0, 1}, +#ifdef HAVE_UMAC + {"UMAC-96", NULL, GNUTLS_MAC_UMAC_96, 12, 16, 0, 1}, + {"UMAC-128", NULL, GNUTLS_MAC_UMAC_128, 16, 16, 0, 1}, +#endif + {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 0, 1, 1}, + {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0, 0, 0}, /* not used as MAC */ + {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 20, 0, 1}, + {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0, 0, 0}, + {0, 0, 0, 0, 0, 0} }; @@ -121,7 +126,7 @@ gnutls_mac_get_id (const char *name) * gnutls_mac_get_key_size: * @algorithm: is an encryption algorithm * - * Get size of MAC key. + * Get size of MAC key used in TLS. * * Returns: length (in bytes) of the given MAC key size, or 0 if the * given MAC algorithm is invalid. @@ -137,6 +142,26 @@ gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm) return ret; } +/*- + * _gnutls_mac_get_algo_len: + * @algorithm: is an encryption algorithm + * + * Get size of MAC key. + * + * Returns: length (in bytes) of the MAC output size, or 0 if the + * given MAC algorithm is invalid. + -*/ +size_t +_gnutls_mac_get_algo_len (gnutls_mac_algorithm_t algorithm) +{ + size_t ret = 0; + + /* avoid prefix */ + GNUTLS_HASH_ALG_LOOP (ret = p->output_size); + + return ret; +} + /** * gnutls_mac_list: * @@ -160,7 +185,7 @@ static gnutls_mac_algorithm_t supported_macs[MAX_ALGOS] = { 0 }; int i = 0; GNUTLS_HASH_LOOP ( - if (p->placeholder != 0 || _gnutls_hmac_exists(p->id)) + if (p->placeholder != 0 || _gnutls_mac_exists(p->id)) supported_macs[i++]=p->id; ); supported_macs[i++]=0; diff --git a/lib/crypto-api.c b/lib/crypto-api.c index 6710f2f9e8..10e1bc3a85 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -286,6 +286,9 @@ api_cipher_hd_st * h = handle; * effectively use the current crypto backend in use by gnutls or the * cryptographic accelerator in use. * + * Note that despite the name of this function, it can be used + * for other MAC algorithms than HMAC. + * * Returns: Zero or a negative error code on error. * * Since: 2.10.0 @@ -295,14 +298,30 @@ gnutls_hmac_init (gnutls_hmac_hd_t * dig, gnutls_mac_algorithm_t algorithm, const void *key, size_t keylen) { - *dig = gnutls_malloc (sizeof (digest_hd_st)); + *dig = gnutls_malloc (sizeof (mac_hd_st)); if (*dig == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } - return _gnutls_hmac_init (((digest_hd_st *) * dig), algorithm, key, keylen); + return _gnutls_mac_init (((mac_hd_st *) * dig), algorithm, key, keylen); +} + +/** + * gnutls_hmac_set_nonce: + * @handle: is a #gnutls_cipher_hd_t structure. + * @nonce: the data to set as nonce + * @nonce_len: The length of data + * + * This function will set the nonce in the MAC algorithm. + * + * Since: 3.1.10 + **/ +void +gnutls_hmac_set_nonce (gnutls_hmac_hd_t handle, const void *nonce, size_t nonce_len) +{ + _gnutls_mac_set_nonce ((mac_hd_st *) handle, nonce, nonce_len); } /** @@ -321,7 +340,7 @@ gnutls_hmac_init (gnutls_hmac_hd_t * dig, int gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen) { - return _gnutls_hmac ((digest_hd_st *) handle, text, textlen); + return _gnutls_mac ((mac_hd_st *) handle, text, textlen); } /** @@ -336,7 +355,7 @@ gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen) void gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest) { - _gnutls_hmac_output ((digest_hd_st *) handle, digest); + _gnutls_mac_output ((mac_hd_st *) handle, digest); } /** @@ -352,7 +371,7 @@ gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest) void gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest) { - _gnutls_hmac_deinit ((digest_hd_st *) handle, digest); + _gnutls_mac_deinit ((mac_hd_st *) handle, digest); gnutls_free (handle); } @@ -370,7 +389,7 @@ gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest) int gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm) { - return _gnutls_hmac_get_algo_len (algorithm); + return _gnutls_mac_get_algo_len (algorithm); } /** @@ -394,7 +413,7 @@ gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key, size_t keylen, const void *text, size_t textlen, void *digest) { - return _gnutls_hmac_fast (algorithm, key, keylen, text, textlen, digest); + return _gnutls_mac_fast (algorithm, key, keylen, text, textlen, digest); } /* HASH */ diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h index ba18e50023..4975f4a005 100644 --- a/lib/crypto-backend.h +++ b/lib/crypto-backend.h @@ -51,11 +51,13 @@ { int (*init) (gnutls_mac_algorithm_t, void **ctx); int (*setkey) (void *ctx, const void *key, size_t keysize); + int (*setnonce) (void *ctx, const void *nonce, size_t noncesize); void (*reset) (void *ctx); int (*hash) (void *ctx, const void *text, size_t textsize); int (*output) (void *src_ctx, void *digest, size_t digestsize); void (*deinit) (void *ctx); - int (*fast)(gnutls_mac_algorithm_t, const void *key, size_t keysize, const void *text, size_t textsize, void *digest); + int (*fast)(gnutls_mac_algorithm_t, const void* nonce, size_t nonce_size, + const void *key, size_t keysize, const void *text, size_t textsize, void *digest); /* Not needed for registered on run-time. Only included * should define it. */ diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c index 0bb222c4eb..fe5bdedd12 100644 --- a/lib/ext/session_ticket.c +++ b/lib/ext/session_ticket.c @@ -93,24 +93,24 @@ static int digest_ticket (const gnutls_datum_t * key, struct ticket *ticket, uint8_t * digest) { - digest_hd_st digest_hd; + mac_hd_st digest_hd; uint16_t length16; int ret; - ret = _gnutls_hmac_init (&digest_hd, GNUTLS_MAC_SHA256, key->data, + ret = _gnutls_mac_init (&digest_hd, GNUTLS_MAC_SHA256, key->data, key->size); if (ret < 0) { gnutls_assert (); return ret; } - _gnutls_hmac (&digest_hd, ticket->key_name, KEY_NAME_SIZE); - _gnutls_hmac (&digest_hd, ticket->IV, IV_SIZE); + _gnutls_mac (&digest_hd, ticket->key_name, KEY_NAME_SIZE); + _gnutls_mac (&digest_hd, ticket->IV, IV_SIZE); length16 = _gnutls_conv_uint16 (ticket->encrypted_state_len); - _gnutls_hmac (&digest_hd, &length16, 2); - _gnutls_hmac (&digest_hd, ticket->encrypted_state, + _gnutls_mac (&digest_hd, &length16, 2); + _gnutls_mac (&digest_hd, ticket->encrypted_state, ticket->encrypted_state_len); - _gnutls_hmac_deinit (&digest_hd, digest); + _gnutls_mac_deinit (&digest_hd, digest); return 0; } diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index 390a6b1ce8..48f3cefa11 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -434,6 +434,8 @@ compressed_to_ciphertext (gnutls_session_t session, memset (data_ptr, pad - 1, pad); } + _gnutls_auth_cipher_set_mac_nonce(¶ms->write.cipher_state, UINT64DATA(params->write.sequence_number), 8); + /* add the authenticate data */ ret = _gnutls_auth_cipher_add_auth(¶ms->write.cipher_state, preamble, preamble_size); if (ret < 0) @@ -590,6 +592,7 @@ compressed_to_ciphertext_new (gnutls_session_t session, (params->write.sequence_number), type, compressed->size+2+pad, ver, preamble); + _gnutls_auth_cipher_set_mac_nonce(¶ms->write.cipher_state, UINT64DATA(params->write.sequence_number), 8); /* add the authenticated data */ ret = _gnutls_auth_cipher_add_auth(¶ms->write.cipher_state, preamble, preamble_size); if (ret < 0) @@ -717,6 +720,7 @@ ciphertext_to_compressed (gnutls_session_t session, make_preamble (UINT64DATA(*sequence), type, length, ver, preamble); + _gnutls_auth_cipher_set_mac_nonce(¶ms->read.cipher_state, UINT64DATA(*sequence), 8); ret = _gnutls_auth_cipher_add_auth (¶ms->read.cipher_state, preamble, preamble_size); if (ret < 0) return gnutls_assert_val(ret); @@ -786,6 +790,8 @@ ciphertext_to_compressed (gnutls_session_t session, preamble_size = make_preamble (UINT64DATA(*sequence), type, length, ver, preamble); + + _gnutls_auth_cipher_set_mac_nonce(¶ms->read.cipher_state, UINT64DATA(*sequence), 8); ret = _gnutls_auth_cipher_add_auth (¶ms->read.cipher_state, preamble, preamble_size); if (ret < 0) return gnutls_assert_val(ret); @@ -915,6 +921,7 @@ ciphertext_to_compressed_new (gnutls_session_t session, make_preamble (UINT64DATA(*sequence), type, length, ver, preamble); + _gnutls_auth_cipher_set_mac_nonce(¶ms->write.cipher_state, UINT64DATA(*sequence), 8); ret = _gnutls_auth_cipher_add_auth (¶ms->read.cipher_state, preamble, preamble_size); if (ret < 0) return gnutls_assert_val(ret); diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c index 7b5fd7065b..0744aea4e3 100644 --- a/lib/gnutls_cipher_int.c +++ b/lib/gnutls_cipher_int.c @@ -157,16 +157,16 @@ int ret; handle->ssl_hmac = ssl_hmac; if (ssl_hmac) - ret = _gnutls_mac_init_ssl3(&handle->mac, mac, mac_key->data, mac_key->size); + ret = _gnutls_mac_init_ssl3(&handle->mac.dig, mac, mac_key->data, mac_key->size); else - ret = _gnutls_hmac_init(&handle->mac, mac, mac_key->data, mac_key->size); + ret = _gnutls_mac_init(&handle->mac.mac, mac, mac_key->data, mac_key->size); if (ret < 0) { gnutls_assert(); goto cleanup; } - handle->tag_size = _gnutls_hmac_get_algo_len(mac); + handle->tag_size = _gnutls_mac_get_algo_len(mac); } else if (_gnutls_cipher_is_aead(&handle->cipher)) handle->tag_size = _gnutls_cipher_tag_len(&handle->cipher); @@ -185,9 +185,9 @@ int _gnutls_auth_cipher_add_auth (auth_cipher_hd_st * handle, const void *text, if (handle->is_mac) { if (handle->ssl_hmac) - return _gnutls_hash(&handle->mac, text, textlen); + return _gnutls_hash(&handle->mac.dig, text, textlen); else - return _gnutls_hmac(&handle->mac, text, textlen); + return _gnutls_mac(&handle->mac.mac, text, textlen); } else if (_gnutls_cipher_is_aead(&handle->cipher)) return _gnutls_cipher_auth(&handle->cipher, text, textlen); @@ -205,9 +205,9 @@ int ret; if (handle->is_mac) { if (handle->ssl_hmac) - ret = _gnutls_hash(&handle->mac, text, auth_size); + ret = _gnutls_hash(&handle->mac.dig, text, auth_size); else - ret = _gnutls_hmac(&handle->mac, text, auth_size); + ret = _gnutls_mac(&handle->mac.mac, text, auth_size); if (ret < 0) { gnutls_assert(); @@ -258,9 +258,9 @@ int ret; textlen -= handle->tag_size; if (handle->ssl_hmac) - return _gnutls_hash(&handle->mac, text, textlen); + return _gnutls_hash(&handle->mac.dig, text, textlen); else - return _gnutls_hmac(&handle->mac, text, textlen); + return _gnutls_mac(&handle->mac.mac, text, textlen); } return 0; @@ -268,21 +268,22 @@ int ret; int _gnutls_auth_cipher_tag(auth_cipher_hd_st * handle, void* tag, int tag_size) { -int ret = 0; +int ret; + if (handle->is_mac) { if (handle->ssl_hmac) { - ret = _gnutls_mac_output_ssl3 (&handle->mac, tag); + ret = _gnutls_mac_output_ssl3 (&handle->mac.dig, tag); if (ret < 0) return gnutls_assert_val(ret); - _gnutls_mac_reset_ssl3 (&handle->mac); + _gnutls_mac_reset_ssl3 (&handle->mac.dig); } else { - _gnutls_hmac_output (&handle->mac, tag); - _gnutls_hmac_reset (&handle->mac); + _gnutls_mac_output (&handle->mac.mac, tag); + _gnutls_mac_reset (&handle->mac.mac); } } else if (_gnutls_cipher_is_aead(&handle->cipher)) @@ -298,9 +299,9 @@ void _gnutls_auth_cipher_deinit (auth_cipher_hd_st * handle) if (handle->is_mac) { if (handle->ssl_hmac) /* failure here doesn't matter */ - _gnutls_mac_deinit_ssl3 (&handle->mac, NULL); + _gnutls_mac_deinit_ssl3 (&handle->mac.dig, NULL); else - _gnutls_hmac_deinit(&handle->mac, NULL); + _gnutls_mac_deinit(&handle->mac.mac, NULL); } if (handle->is_null==0) _gnutls_cipher_deinit(&handle->cipher); diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h index 76b416dd52..fae3a4a85b 100644 --- a/lib/gnutls_cipher_int.h +++ b/lib/gnutls_cipher_int.h @@ -141,7 +141,10 @@ inline static int _gnutls_cipher_auth (const cipher_hd_st * handle, const void * typedef struct { cipher_hd_st cipher; - digest_hd_st mac; + union { + digest_hd_st dig; + mac_hd_st mac; + } mac; unsigned int is_mac:1; unsigned int ssl_hmac:1; unsigned int is_null:1; @@ -173,6 +176,16 @@ inline static void _gnutls_auth_cipher_setiv (const auth_cipher_hd_st * handle, _gnutls_cipher_setiv(&handle->cipher, iv, ivlen); } +inline static +int _gnutls_auth_cipher_set_mac_nonce (auth_cipher_hd_st * handle, + const void *nonce, int nonce_len) +{ + if (handle->is_mac && !handle->ssl_hmac) + return _gnutls_mac_set_nonce(&handle->mac.mac, nonce, nonce_len); + else + return 0; +} + inline static size_t _gnutls_auth_cipher_tag_len( auth_cipher_hd_st * handle) { return handle->tag_size; diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index e86fb2c0e1..67882121b7 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -428,7 +428,7 @@ _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch) IV_size = gnutls_cipher_get_iv_size (cipher_algo); key_size = gnutls_cipher_get_key_size (cipher_algo); export_flag = _gnutls_cipher_get_export_flag (cipher_algo); - hash_size = _gnutls_hmac_get_algo_len (mac_algo); + hash_size = gnutls_mac_get_key_size (mac_algo); ret = _gnutls_set_keys (session, params, hash_size, IV_size, key_size, export_flag); diff --git a/lib/gnutls_dtls.c b/lib/gnutls_dtls.c index 24fa2e1c18..90c0f44777 100644 --- a/lib/gnutls_dtls.c +++ b/lib/gnutls_dtls.c @@ -626,7 +626,7 @@ int total = 0, ret, iv_size; total += _gnutls_cipher_get_tag_size(params->cipher_algorithm); else { - ret = _gnutls_hmac_get_algo_len(params->mac_algorithm); + ret = _gnutls_mac_get_algo_len(params->mac_algorithm); if (ret < 0) return gnutls_assert_val(ret); total+=ret; @@ -856,7 +856,7 @@ uint8_t digest[C_HASH_SIZE]; hvr[hvr_size++] = 255; hvr[hvr_size++] = COOKIE_SIZE; - ret = _gnutls_hmac_fast(C_HASH, key->data, key->size, client_data, client_data_size, digest); + ret = _gnutls_mac_fast(C_HASH, key->data, key->size, client_data, client_data_size, digest); if (ret < 0) return gnutls_assert_val(ret); @@ -931,7 +931,7 @@ uint8_t digest[C_HASH_SIZE]; return gnutls_assert_val(GNUTLS_E_BAD_COOKIE); } - ret = _gnutls_hmac_fast(C_HASH, key->data, key->size, client_data, client_data_size, digest); + ret = _gnutls_mac_fast(C_HASH, key->data, key->size, client_data, client_data_size, digest); if (ret < 0) return gnutls_assert_val(ret); diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index b0c8c0b409..439b91c647 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -56,7 +56,6 @@ digest_length (int algo) } } - int _gnutls_hash_init (digest_hd_st * dig, gnutls_digest_algorithm_t algorithm) { @@ -157,7 +156,7 @@ _gnutls_hash_fast (gnutls_digest_algorithm_t algorithm, /* HMAC interface */ int -_gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key, +_gnutls_mac_fast (gnutls_mac_algorithm_t algorithm, const void *key, int keylen, const void *text, size_t textlen, void *digest) { int ret; @@ -168,7 +167,7 @@ _gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key, cc = _gnutls_get_crypto_mac (algorithm); if (cc != NULL) { - if (cc->fast (algorithm, key, keylen, text, textlen, digest) < 0) + if (cc->fast (algorithm, NULL, 0, key, keylen, text, textlen, digest) < 0) { gnutls_assert (); return GNUTLS_E_HASH_FAILED; @@ -177,7 +176,7 @@ _gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key, return 0; } - ret = _gnutls_mac_ops.fast (algorithm, key, keylen, text, textlen, digest); + ret = _gnutls_mac_ops.fast (algorithm, NULL, 0, key, keylen, text, textlen, digest); if (ret < 0) { gnutls_assert (); @@ -191,7 +190,7 @@ _gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key, /* Returns true(non-zero) or false(0) if the * provided hash exists */ -int _gnutls_hmac_exists(gnutls_mac_algorithm_t algo) +int _gnutls_mac_exists(gnutls_mac_algorithm_t algo) { const gnutls_crypto_mac_st *cc = NULL; @@ -202,58 +201,59 @@ int _gnutls_hmac_exists(gnutls_mac_algorithm_t algo) } int -_gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm, +_gnutls_mac_init (mac_hd_st * mac, gnutls_mac_algorithm_t algorithm, const void *key, int keylen) { int result; const gnutls_crypto_mac_st *cc = NULL; - dig->algorithm = (gnutls_digest_algorithm_t)algorithm; - dig->key = key; - dig->keysize = keylen; + mac->algorithm = algorithm; + mac->mac_len = _gnutls_mac_get_algo_len (algorithm); /* check if a digest has been registered */ cc = _gnutls_get_crypto_mac (algorithm); if (cc != NULL && cc->init != NULL) { - if (cc->init (algorithm, &dig->handle) < 0) + if (cc->init (algorithm, &mac->handle) < 0) { gnutls_assert (); return GNUTLS_E_HASH_FAILED; } - if (cc->setkey (dig->handle, key, keylen) < 0) + if (cc->setkey (mac->handle, key, keylen) < 0) { gnutls_assert (); - cc->deinit (dig->handle); + cc->deinit (mac->handle); return GNUTLS_E_HASH_FAILED; } - dig->hash = cc->hash; - dig->output = cc->output; - dig->deinit = cc->deinit; - dig->reset = cc->reset; + mac->hash = cc->hash; + mac->setnonce = cc->setnonce; + mac->output = cc->output; + mac->deinit = cc->deinit; + mac->reset = cc->reset; return 0; } - result = _gnutls_mac_ops.init (algorithm, &dig->handle); + result = _gnutls_mac_ops.init (algorithm, &mac->handle); if (result < 0) { gnutls_assert (); return result; } - dig->hash = _gnutls_mac_ops.hash; - dig->output = _gnutls_mac_ops.output; - dig->deinit = _gnutls_mac_ops.deinit; - dig->reset = _gnutls_mac_ops.reset; + mac->hash = _gnutls_mac_ops.hash; + mac->setnonce = _gnutls_mac_ops.setnonce; + mac->output = _gnutls_mac_ops.output; + mac->deinit = _gnutls_mac_ops.deinit; + mac->reset = _gnutls_mac_ops.reset; - if (_gnutls_mac_ops.setkey (dig->handle, key, keylen) < 0) + if (_gnutls_mac_ops.setkey (mac->handle, key, keylen) < 0) { gnutls_assert(); - dig->deinit(dig->handle); + mac->deinit(mac->handle); return GNUTLS_E_HASH_FAILED; } @@ -261,7 +261,7 @@ _gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm, } void -_gnutls_hmac_deinit (digest_hd_st * handle, void *digest) +_gnutls_mac_deinit (mac_hd_st * handle, void *digest) { if (handle->handle == NULL) { @@ -269,7 +269,7 @@ _gnutls_hmac_deinit (digest_hd_st * handle, void *digest) } if (digest) - _gnutls_hmac_output (handle, digest); + _gnutls_mac_output (handle, digest); handle->deinit (handle->handle); handle->handle = NULL; @@ -373,7 +373,7 @@ _gnutls_mac_output_ssl3 (digest_hd_st * handle, void *digest) _gnutls_hash (&td, handle->key, handle->keysize); _gnutls_hash (&td, opad, padsize); - block = _gnutls_hmac_get_algo_len (handle->algorithm); + block = _gnutls_mac_get_algo_len (handle->algorithm); _gnutls_hash_output (handle, ret); /* get the previous hash */ _gnutls_hash (&td, ret, block); @@ -427,7 +427,7 @@ _gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle, _gnutls_hash (&td, key, key_size); _gnutls_hash (&td, opad, padsize); - block = _gnutls_hmac_get_algo_len (handle->algorithm); + block = _gnutls_mac_get_algo_len (handle->algorithm); if (key_size > 0) _gnutls_hash (handle, key, key_size); diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h index 2438e70381..cb0de13d22 100644 --- a/lib/gnutls_hash_int.h +++ b/lib/gnutls_hash_int.h @@ -37,6 +37,7 @@ extern int crypto_digest_prio; extern gnutls_crypto_digest_st _gnutls_digest_ops; typedef int (*hash_func) (void *handle, const void *text, size_t size); +typedef int (*nonce_func) (void *handle, const void *text, size_t size); typedef void (*reset_func) (void *ctx); typedef int (*output_func) (void *src_ctx, void *digest, size_t digestsize); typedef void (*deinit_func) (void *handle); @@ -44,29 +45,44 @@ typedef void (*deinit_func) (void *handle); typedef struct { gnutls_digest_algorithm_t algorithm; - const void *key; + hash_func hash; + reset_func reset; + output_func output; + deinit_func deinit; + + const void *key; /* esoteric use by SSL3 MAC functions */ int keysize; + void *handle; +} digest_hd_st; + +typedef struct +{ + gnutls_mac_algorithm_t algorithm; + int mac_len; + hash_func hash; reset_func reset; + nonce_func setnonce; output_func output; deinit_func deinit; void *handle; -} digest_hd_st; +} mac_hd_st; /* basic functions */ -int _gnutls_hmac_exists(gnutls_mac_algorithm_t algorithm); -int _gnutls_hmac_init (digest_hd_st *, gnutls_mac_algorithm_t algorithm, +int _gnutls_mac_exists(gnutls_mac_algorithm_t algorithm); +int _gnutls_mac_init (mac_hd_st *, gnutls_mac_algorithm_t algorithm, const void *key, int keylen); size_t _gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm); -#define _gnutls_hmac_get_algo_len(x) _gnutls_hash_get_algo_len((gnutls_digest_algorithm_t)x) -int _gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key, + +size_t _gnutls_mac_get_algo_len (gnutls_mac_algorithm_t algorithm); +int _gnutls_mac_fast (gnutls_mac_algorithm_t algorithm, const void *key, int keylen, const void *text, size_t textlen, void *digest); inline static int -_gnutls_hmac (digest_hd_st * handle, const void *text, size_t textlen) +_gnutls_mac (mac_hd_st * handle, const void *text, size_t textlen) { if (textlen > 0) { @@ -76,23 +92,27 @@ _gnutls_hmac (digest_hd_st * handle, const void *text, size_t textlen) } inline static void -_gnutls_hmac_output (digest_hd_st * handle, void *digest) +_gnutls_mac_output (mac_hd_st * handle, void *digest) { - size_t maclen; - - maclen = _gnutls_hmac_get_algo_len (handle->algorithm); - if (digest != NULL) { - handle->output (handle->handle, digest, maclen); + handle->output (handle->handle, digest, handle->mac_len); } } +inline static int +_gnutls_mac_set_nonce (mac_hd_st * handle, const void *nonce, size_t n_size) +{ + if (handle->setnonce) + return handle->setnonce (handle->handle, nonce, n_size); + return 0; +} + void -_gnutls_hmac_deinit (digest_hd_st * handle, void *digest); +_gnutls_mac_deinit (mac_hd_st * handle, void *digest); inline static void -_gnutls_hmac_reset (digest_hd_st * handle) +_gnutls_mac_reset (mac_hd_st * handle) { if (handle->handle == NULL) { diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 3f768f7798..2f460a6b92 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -798,7 +798,7 @@ _gnutls_cal_PRF_A (gnutls_mac_algorithm_t algorithm, { int ret; - ret = _gnutls_hmac_fast (algorithm, secret, secret_size, seed, seed_size, result); + ret = _gnutls_mac_fast (algorithm, secret, secret_size, seed, seed_size, result); if (ret < 0) return gnutls_assert_val(ret); @@ -817,7 +817,7 @@ P_hash (gnutls_mac_algorithm_t algorithm, int total_bytes, uint8_t * ret) { - digest_hd_st td2; + mac_hd_st td2; int i, times, how, blocksize, A_size; uint8_t final[MAX_HASH_SIZE], Atmp[MAX_SEED_SIZE]; int output_bytes, result; @@ -828,7 +828,7 @@ P_hash (gnutls_mac_algorithm_t algorithm, return GNUTLS_E_INTERNAL_ERROR; } - blocksize = _gnutls_hmac_get_algo_len (algorithm); + blocksize = _gnutls_mac_get_algo_len (algorithm); output_bytes = 0; do @@ -846,7 +846,7 @@ P_hash (gnutls_mac_algorithm_t algorithm, for (i = 0; i < times; i++) { - result = _gnutls_hmac_init (&td2, algorithm, secret, secret_size); + result = _gnutls_mac_init (&td2, algorithm, secret, secret_size); if (result < 0) { gnutls_assert (); @@ -859,15 +859,15 @@ P_hash (gnutls_mac_algorithm_t algorithm, A_size, Atmp)) < 0) { gnutls_assert (); - _gnutls_hmac_deinit (&td2, final); + _gnutls_mac_deinit (&td2, final); return result; } A_size = blocksize; - _gnutls_hmac (&td2, Atmp, A_size); - _gnutls_hmac (&td2, seed, seed_size); - _gnutls_hmac_deinit (&td2, final); + _gnutls_mac (&td2, Atmp, A_size); + _gnutls_mac (&td2, seed, seed_size); + _gnutls_mac_deinit (&td2, final); if ((1 + i) * blocksize < total_bytes) { diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h index 1bc429040c..cb3c568445 100644 --- a/lib/includes/gnutls/crypto.h +++ b/lib/includes/gnutls/crypto.h @@ -61,6 +61,7 @@ extern "C" int gnutls_hmac_init (gnutls_hmac_hd_t * dig, gnutls_mac_algorithm_t algorithm, const void *key, size_t keylen); + void gnutls_hmac_set_nonce (gnutls_hmac_hd_t handle, const void *nonce, size_t nonce_len); int gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen); void gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest); void gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest); diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 00c9689870..6b96247736 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -111,8 +111,7 @@ extern "C" GNUTLS_CIPHER_AES_128_GCM = 93, GNUTLS_CIPHER_AES_256_GCM = 94, GNUTLS_CIPHER_CAMELLIA_192_CBC = 95, - GNUTLS_CIPHER_SALSA20R20_128 = 96, - GNUTLS_CIPHER_SALSA20R20_256 = 97, + GNUTLS_CIPHER_SALSA20R20_256 = 96, /* used only for PGP internals. Ignored in TLS/SSL */ @@ -234,7 +233,9 @@ extern "C" GNUTLS_MAC_SHA224 = 9, /* If you add anything here, make sure you align with gnutls_digest_algorithm_t. */ - GNUTLS_MAC_AEAD = 200 /* indicates that MAC is on the cipher */ + GNUTLS_MAC_AEAD = 200, /* indicates that MAC is on the cipher */ + GNUTLS_MAC_UMAC_96 = 201, + GNUTLS_MAC_UMAC_128 = 202, } gnutls_mac_algorithm_t; /** diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 5c57278290..920c2df8fd 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -904,6 +904,7 @@ GNUTLS_3_1_0 { gnutls_privkey_sign_raw_data; gnutls_privkey_status; gnutls_cipher_get_iv_size; + gnutls_hmac_set_nonce; } GNUTLS_3_0_0; GNUTLS_PRIVATE { diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index f17cc44a0e..a2248d1510 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -118,7 +118,6 @@ static int wrap_nettle_cipher_exists(gnutls_cipher_algorithm_t algo) case GNUTLS_CIPHER_3DES_CBC: case GNUTLS_CIPHER_DES_CBC: case GNUTLS_CIPHER_ARCFOUR_128: - case GNUTLS_CIPHER_SALSA20R20_128: case GNUTLS_CIPHER_SALSA20R20_256: case GNUTLS_CIPHER_ARCFOUR_40: case GNUTLS_CIPHER_RC2_40_CBC: @@ -200,7 +199,6 @@ wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx, int enc) ctx->ctx_ptr = &ctx->ctx.arcfour; ctx->block_size = 1; break; - case GNUTLS_CIPHER_SALSA20R20_128: case GNUTLS_CIPHER_SALSA20R20_256: ctx->encrypt = stream_encrypt; ctx->decrypt = stream_encrypt; @@ -291,7 +289,6 @@ wrap_nettle_cipher_setkey (void *_ctx, const void *key, size_t keysize) case GNUTLS_CIPHER_ARCFOUR_40: arcfour_set_key (ctx->ctx_ptr, keysize, key); break; - case GNUTLS_CIPHER_SALSA20R20_128: case GNUTLS_CIPHER_SALSA20R20_256: salsa20_set_key (ctx->ctx_ptr, keysize, key); break; @@ -320,7 +317,6 @@ struct nettle_cipher_ctx *ctx = _ctx; gcm_aes_set_iv(&ctx->ctx.aes_gcm, GCM_DEFAULT_NONCE_SIZE, iv); break; - case GNUTLS_CIPHER_SALSA20R20_128: case GNUTLS_CIPHER_SALSA20R20_256: if (ivsize != SALSA20_IV_SIZE) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c index 3a260ff505..008751150d 100644 --- a/lib/nettle/mac.c +++ b/lib/nettle/mac.c @@ -30,10 +30,14 @@ #include <nettle/md2.h> #include <nettle/sha.h> #include <nettle/hmac.h> +#ifdef HAVE_UMAC +# include <nettle/umac.h> +#endif typedef void (*update_func) (void *, unsigned, const uint8_t *); typedef void (*digest_func) (void *, unsigned, uint8_t *); typedef void (*set_key_func) (void *, unsigned, const uint8_t *); +typedef void (*set_nonce_func) (void *, unsigned, const uint8_t *); static int wrap_nettle_hash_init (gnutls_digest_algorithm_t algo, void **_ctx); @@ -56,7 +60,7 @@ struct nettle_hash_ctx digest_func digest; }; -struct nettle_hmac_ctx +struct nettle_mac_ctx { union { @@ -66,6 +70,9 @@ struct nettle_hmac_ctx struct hmac_sha384_ctx sha384; struct hmac_sha512_ctx sha512; struct hmac_sha1_ctx sha1; +#ifdef HAVE_UMAC + struct umac_aes_ctx umac; +#endif } ctx; /* this is the context just after @@ -79,6 +86,9 @@ struct nettle_hmac_ctx struct hmac_sha384_ctx sha384; struct hmac_sha512_ctx sha512; struct hmac_sha1_ctx sha1; +#ifdef HAVE_UMAC + struct umac_aes_ctx umac; +#endif } init_ctx; void *ctx_ptr; gnutls_mac_algorithm_t algo; @@ -86,10 +96,12 @@ struct nettle_hmac_ctx update_func update; digest_func digest; set_key_func setkey; + set_nonce_func setnonce; }; -static int _hmac_ctx_init(gnutls_mac_algorithm_t algo, struct nettle_hmac_ctx *ctx) +static int _mac_ctx_init(gnutls_mac_algorithm_t algo, struct nettle_mac_ctx *ctx) { + ctx->setnonce = NULL; switch (algo) { case GNUTLS_MAC_MD5: @@ -134,25 +146,49 @@ static int _hmac_ctx_init(gnutls_mac_algorithm_t algo, struct nettle_hmac_ctx *c ctx->ctx_ptr = &ctx->ctx.sha512; ctx->length = SHA512_DIGEST_SIZE; break; +#ifdef HAVE_UMAC + case GNUTLS_MAC_UMAC_96: + ctx->update = (update_func) umac_aes_update; + ctx->digest = (digest_func) umac_aes_digest; + ctx->setkey = (set_key_func) umac_aes_set_key; + ctx->setnonce = (set_nonce_func) umac_aes_set_nonce; + ctx->ctx_ptr = &ctx->ctx.umac; + umac_aes_init(ctx->ctx_ptr, 12); + ctx->length = 12; + break; + case GNUTLS_MAC_UMAC_128: + ctx->update = (update_func) umac_aes_update; + ctx->digest = (digest_func) umac_aes_digest; + ctx->setkey = (set_key_func) umac_aes_set_key; + ctx->setnonce = (set_nonce_func) umac_aes_set_nonce; + ctx->ctx_ptr = &ctx->ctx.umac; + umac_aes_init(ctx->ctx_ptr, 16); + ctx->length = 16; + break; +#endif default: gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } - + return 0; } -static int wrap_nettle_hmac_fast(gnutls_mac_algorithm_t algo, - const void *key, size_t key_size, const void* text, size_t text_size, +static int wrap_nettle_mac_fast(gnutls_mac_algorithm_t algo, + const void* nonce, size_t nonce_size, + const void *key, size_t key_size, + const void* text, size_t text_size, void* digest) { - struct nettle_hmac_ctx ctx; + struct nettle_mac_ctx ctx; int ret; - ret = _hmac_ctx_init(algo, &ctx); + ret = _mac_ctx_init(algo, &ctx); if (ret < 0) return gnutls_assert_val(ret); + if (ctx.setnonce) + ctx.setnonce (&ctx, nonce_size, nonce); ctx.setkey (&ctx, key_size, key); ctx.update (&ctx, text_size, text); ctx.digest (&ctx, ctx.length, digest); @@ -160,7 +196,7 @@ static int wrap_nettle_hmac_fast(gnutls_mac_algorithm_t algo, return 0; } -static int wrap_nettle_hmac_exists(gnutls_mac_algorithm_t algo) +static int wrap_nettle_mac_exists(gnutls_mac_algorithm_t algo) { switch (algo) { @@ -170,6 +206,10 @@ static int wrap_nettle_hmac_exists(gnutls_mac_algorithm_t algo) case GNUTLS_MAC_SHA256: case GNUTLS_MAC_SHA384: case GNUTLS_MAC_SHA512: +#ifdef HAVE_UMAC + case GNUTLS_MAC_UMAC_96: + case GNUTLS_MAC_UMAC_128: +#endif return 1; default: return 0; @@ -177,12 +217,12 @@ static int wrap_nettle_hmac_exists(gnutls_mac_algorithm_t algo) } static int -wrap_nettle_hmac_init (gnutls_mac_algorithm_t algo, void **_ctx) +wrap_nettle_mac_init (gnutls_mac_algorithm_t algo, void **_ctx) { - struct nettle_hmac_ctx *ctx; + struct nettle_mac_ctx *ctx; int ret; - ctx = gnutls_calloc (1, sizeof (struct nettle_hmac_ctx)); + ctx = gnutls_calloc (1, sizeof (struct nettle_mac_ctx)); if (ctx == NULL) { gnutls_assert (); @@ -191,7 +231,7 @@ wrap_nettle_hmac_init (gnutls_mac_algorithm_t algo, void **_ctx) ctx->algo = algo; - ret = _hmac_ctx_init(algo, ctx); + ret = _mac_ctx_init(algo, ctx); if (ret < 0) { gnutls_free(ctx); @@ -204,9 +244,9 @@ wrap_nettle_hmac_init (gnutls_mac_algorithm_t algo, void **_ctx) } static int -wrap_nettle_hmac_setkey (void *_ctx, const void *key, size_t keylen) +wrap_nettle_mac_setkey (void *_ctx, const void *key, size_t keylen) { - struct nettle_hmac_ctx *ctx = _ctx; + struct nettle_mac_ctx *ctx = _ctx; ctx->setkey (ctx->ctx_ptr, keylen, key); @@ -215,18 +255,31 @@ wrap_nettle_hmac_setkey (void *_ctx, const void *key, size_t keylen) return GNUTLS_E_SUCCESS; } +static int +wrap_nettle_mac_set_nonce (void *_ctx, const void *nonce, size_t noncelen) +{ + struct nettle_mac_ctx *ctx = _ctx; + + if (ctx->setnonce == NULL) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + + ctx->setnonce (ctx->ctx_ptr, noncelen, nonce); + + return GNUTLS_E_SUCCESS; +} + static void -wrap_nettle_hmac_reset (void *_ctx) +wrap_nettle_mac_reset (void *_ctx) { - struct nettle_hmac_ctx *ctx = _ctx; + struct nettle_mac_ctx *ctx = _ctx; memcpy(&ctx->ctx, &ctx->init_ctx, sizeof(ctx->ctx)); } static int -wrap_nettle_hmac_update (void *_ctx, const void *text, size_t textsize) +wrap_nettle_mac_update (void *_ctx, const void *text, size_t textsize) { - struct nettle_hmac_ctx *ctx = _ctx; + struct nettle_mac_ctx *ctx = _ctx; ctx->update (ctx->ctx_ptr, textsize, text); @@ -234,9 +287,9 @@ wrap_nettle_hmac_update (void *_ctx, const void *text, size_t textsize) } static int -wrap_nettle_hmac_output (void *src_ctx, void *digest, size_t digestsize) +wrap_nettle_mac_output (void *src_ctx, void *digest, size_t digestsize) { - struct nettle_hmac_ctx *ctx; + struct nettle_mac_ctx *ctx; ctx = src_ctx; if (digestsize < ctx->length) @@ -251,7 +304,7 @@ wrap_nettle_hmac_output (void *src_ctx, void *digest, size_t digestsize) } static void -wrap_nettle_hmac_deinit (void *hd) +wrap_nettle_mac_deinit (void *hd) { gnutls_free (hd); } @@ -424,14 +477,15 @@ wrap_nettle_hash_reset (void *src_ctx) gnutls_crypto_mac_st _gnutls_mac_ops = { - .init = wrap_nettle_hmac_init, - .setkey = wrap_nettle_hmac_setkey, - .hash = wrap_nettle_hmac_update, - .reset = wrap_nettle_hmac_reset, - .output = wrap_nettle_hmac_output, - .deinit = wrap_nettle_hmac_deinit, - .fast = wrap_nettle_hmac_fast, - .exists = wrap_nettle_hmac_exists, + .init = wrap_nettle_mac_init, + .setkey = wrap_nettle_mac_setkey, + .setnonce = wrap_nettle_mac_set_nonce, + .hash = wrap_nettle_mac_update, + .reset = wrap_nettle_mac_reset, + .output = wrap_nettle_mac_output, + .deinit = wrap_nettle_mac_deinit, + .fast = wrap_nettle_mac_fast, + .exists = wrap_nettle_mac_exists, }; gnutls_crypto_digest_st _gnutls_digest_ops = { diff --git a/lib/x509/pbkdf2-sha1.c b/lib/x509/pbkdf2-sha1.c index c468460fc8..b43ce5963c 100644 --- a/lib/x509/pbkdf2-sha1.c +++ b/lib/x509/pbkdf2-sha1.c @@ -173,10 +173,10 @@ _gnutls_pbkdf2_sha1 (const char *P, size_t Plen, tmp[Slen + 3] = (i & 0x000000ff) >> 0; rc = - _gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, tmp, tmplen, U); + _gnutls_mac_fast (GNUTLS_MAC_SHA1, P, Plen, tmp, tmplen, U); } else - rc = _gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, U, hLen, U); + rc = _gnutls_mac_fast (GNUTLS_MAC_SHA1, P, Plen, U, hLen, U); if (rc < 0) { diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index 1d12947b16..448b1658fc 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -871,7 +871,7 @@ gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass) uint8_t salt[8], key[20]; int result; const int iter = 1; - digest_hd_st td1; + mac_hd_st td1; gnutls_datum_t tmp = { NULL, 0 }; uint8_t sha_mac[20]; @@ -937,17 +937,17 @@ gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass) /* MAC the data */ - result = _gnutls_hmac_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key)); + result = _gnutls_mac_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key)); if (result < 0) { gnutls_assert (); goto cleanup; } - _gnutls_hmac (&td1, tmp.data, tmp.size); + _gnutls_mac (&td1, tmp.data, tmp.size); _gnutls_free_datum (&tmp); - _gnutls_hmac_deinit (&td1, sha_mac); + _gnutls_mac_deinit (&td1, sha_mac); result = @@ -1005,7 +1005,7 @@ gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass) int result; unsigned int iter; int len; - digest_hd_st td1; + mac_hd_st td1; gnutls_datum_t tmp = { NULL, 0 }, salt = { NULL, 0}; @@ -1063,17 +1063,17 @@ gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass) /* MAC the data */ - result = _gnutls_hmac_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key)); + result = _gnutls_mac_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key)); if (result < 0) { gnutls_assert (); goto cleanup; } - _gnutls_hmac (&td1, tmp.data, tmp.size); + _gnutls_mac (&td1, tmp.data, tmp.size); _gnutls_free_datum (&tmp); - _gnutls_hmac_deinit (&td1, sha_mac); + _gnutls_mac_deinit (&td1, sha_mac); len = sizeof (sha_mac_orig); result = |