diff options
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | lib/algorithms/ciphers.c | 2 | ||||
| -rw-r--r-- | lib/algorithms/mac.c | 50 | ||||
| -rw-r--r-- | lib/crypto-api.c | 2 | ||||
| -rw-r--r-- | lib/includes/gnutls/crypto.h | 3 | ||||
| -rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 3 |
6 files changed, 42 insertions, 19 deletions
@@ -9,6 +9,7 @@ See the end for copying conditions. ** API and ABI modifications: gnutls_cipher_get_iv_size: Added gnutls_hmac_set_nonce: Added +gnutls_mac_get_nonce_size: Added * Version 3.1.10 (released 2013-03-22) diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c index 426a9e3eb1..d9dcea7ee8 100644 --- a/lib/algorithms/ciphers.c +++ b/lib/algorithms/ciphers.c @@ -121,7 +121,7 @@ gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm) * * Returns: block size for encryption algorithm. * - * Since: 3.1.10 + * Since: 3.2.0 **/ int gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm) diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c index 17bb20c3ee..cea3fd8caf 100644 --- a/lib/algorithms/mac.c +++ b/lib/algorithms/mac.c @@ -32,27 +32,28 @@ struct gnutls_hash_entry gnutls_mac_algorithm_t id; size_t output_size; size_t key_size; + size_t nonce_size; unsigned placeholder; /* if set, then not a real MAC */ unsigned secure; /* if set the this algorithm is secure as hash */ }; typedef struct gnutls_hash_entry gnutls_hash_entry; static const gnutls_hash_entry hash_algorithms[] = { - {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 20, 0, 1}, - {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 16, 0, 0}, - {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 32, 0, 1}, - {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 48, 0, 1}, - {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 64, 0, 1}, - {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 28, 0, 1}, + {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 20, 0, 0, 1}, + {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 16, 0, 0, 0}, + {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 32, 0, 0, 1}, + {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 48, 0, 0, 1}, + {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 64, 0, 0, 1}, + {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 28, 0, 0, 1}, #ifdef HAVE_UMAC - {"UMAC-96", NULL, GNUTLS_MAC_UMAC_96, 12, 16, 0, 1}, - {"UMAC-128", NULL, GNUTLS_MAC_UMAC_128, 16, 16, 0, 1}, + {"UMAC-96", NULL, GNUTLS_MAC_UMAC_96, 12, 16, 8, 0, 1}, + {"UMAC-128", NULL, GNUTLS_MAC_UMAC_128, 16, 16, 8, 0, 1}, #endif - {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 0, 1, 1}, - {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0, 0, 0}, /* not used as MAC */ - {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 20, 0, 1}, - {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0, 0, 0}, - {0, 0, 0, 0, 0, 0} + {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 0, 0, 1, 1}, + {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0, 0, 0, 0}, /* not used as MAC */ + {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 20, 0, 0, 1}, + {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0, 0, 0, 0}, + {0, 0, 0, 0, 0, 0, 0} }; @@ -126,7 +127,7 @@ gnutls_mac_get_id (const char *name) * gnutls_mac_get_key_size: * @algorithm: is an encryption algorithm * - * Get size of MAC key used in TLS. + * Returns the size of the MAC key used in TLS. * * Returns: length (in bytes) of the given MAC key size, or 0 if the * given MAC algorithm is invalid. @@ -142,6 +143,27 @@ gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm) return ret; } +/** + * gnutls_mac_get_nonce_size: + * @algorithm: is an encryption algorithm + * + * Returns the size of the nonce used by the MAC in TLS. + * + * Returns: length (in bytes) of the given MAC nonce size, or 0. + * + * Since: 3.2.0 + **/ +size_t +gnutls_mac_get_nonce_size (gnutls_mac_algorithm_t algorithm) +{ + size_t ret = 0; + + /* avoid prefix */ + GNUTLS_HASH_ALG_LOOP (ret = p->nonce_size); + + return ret; +} + /*- * _gnutls_mac_get_algo_len: * @algorithm: is an encryption algorithm diff --git a/lib/crypto-api.c b/lib/crypto-api.c index 10e1bc3a85..771e0a5176 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -316,7 +316,7 @@ gnutls_hmac_init (gnutls_hmac_hd_t * dig, * * This function will set the nonce in the MAC algorithm. * - * Since: 3.1.10 + * Since: 3.2.0 **/ void gnutls_hmac_set_nonce (gnutls_hmac_hd_t handle, const void *nonce, size_t nonce_len) diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h index cb3c568445..9ef417b437 100644 --- a/lib/includes/gnutls/crypto.h +++ b/lib/includes/gnutls/crypto.h @@ -30,6 +30,7 @@ extern "C" typedef struct api_cipher_hd_st *gnutls_cipher_hd_t; + size_t gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm); int gnutls_cipher_init (gnutls_cipher_hd_t * handle, gnutls_cipher_algorithm_t cipher, const gnutls_datum_t * key, @@ -58,6 +59,8 @@ extern "C" typedef struct hash_hd_st *gnutls_hash_hd_t; typedef struct hmac_hd_st *gnutls_hmac_hd_t; + size_t gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm); + size_t gnutls_mac_get_nonce_size (gnutls_mac_algorithm_t algorithm); int gnutls_hmac_init (gnutls_hmac_hd_t * dig, gnutls_mac_algorithm_t algorithm, const void *key, size_t keylen); diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 835aa50114..f67412aa10 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -817,9 +817,6 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session); size_t indx, gnutls_sign_algorithm_t * algo); - size_t gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm); - size_t gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm); - /* the name of the specified algorithms */ const char *gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm); const char *gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm); |