/*
* Copyright (C) 2009-2013 Free Software Foundation, Inc.
* Copyright (C) 2013 Nikos Mavrogiannopoulos
*
* Author: Nikos Mavrogiannopoulos
*
* This file is part of GnuTLS.
*
* The GnuTLS is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* as published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program. If not, see
*
*/
#include
#include
#include
#include
#include
#include
#include
#define SR(x, cleanup) if ( (x)<0 ) { \
gnutls_assert(); \
ret = GNUTLS_E_INTERNAL_ERROR; \
goto cleanup; \
}
/* Returns true(non-zero) or false(0) if the
* provided cipher exists
*/
int _gnutls_cipher_exists(gnutls_cipher_algorithm_t cipher)
{
const gnutls_crypto_cipher_st *cc;
int ret;
cc = _gnutls_get_crypto_cipher (cipher);
if (cc != NULL) return 1;
ret = _gnutls_cipher_ops.exists(cipher);
return ret;
}
int
_gnutls_cipher_init (cipher_hd_st * handle, const cipher_entry_st* e,
const gnutls_datum_t * key, const gnutls_datum_t * iv, int enc)
{
int ret = GNUTLS_E_INTERNAL_ERROR;
const gnutls_crypto_cipher_st *cc = NULL;
if (unlikely(e == NULL || e->id == GNUTLS_CIPHER_NULL))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
handle->e = e;
/* check if a cipher has been registered
*/
cc = _gnutls_get_crypto_cipher (e->id);
if (cc != NULL)
{
handle->encrypt = cc->encrypt;
handle->decrypt = cc->decrypt;
handle->deinit = cc->deinit;
handle->auth = cc->auth;
handle->tag = cc->tag;
handle->setiv = cc->setiv;
SR (cc->init (e->id, &handle->handle, enc), cc_cleanup);
SR (cc->setkey( handle->handle, key->data, key->size), cc_cleanup);
if (iv)
{
SR (cc->setiv( handle->handle, iv->data, iv->size), cc_cleanup);
}
return 0;
}
handle->encrypt = _gnutls_cipher_ops.encrypt;
handle->decrypt = _gnutls_cipher_ops.decrypt;
handle->deinit = _gnutls_cipher_ops.deinit;
handle->auth = _gnutls_cipher_ops.auth;
handle->tag = _gnutls_cipher_ops.tag;
handle->setiv = _gnutls_cipher_ops.setiv;
/* otherwise use generic cipher interface
*/
ret = _gnutls_cipher_ops.init (e->id, &handle->handle, enc);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
ret = _gnutls_cipher_ops.setkey(handle->handle, key->data, key->size);
if (ret < 0)
{
gnutls_assert ();
goto cc_cleanup;
}
if (iv)
{
ret = _gnutls_cipher_ops.setiv(handle->handle, iv->data, iv->size);
if (ret < 0)
{
gnutls_assert ();
goto cc_cleanup;
}
}
return 0;
cc_cleanup:
if (handle->handle)
handle->deinit (handle->handle);
return ret;
}
/* Auth_cipher API
*/
int _gnutls_auth_cipher_init (auth_cipher_hd_st * handle,
const cipher_entry_st* e,
const gnutls_datum_t * cipher_key,
const gnutls_datum_t * iv,
const mac_entry_st* me,
const gnutls_datum_t * mac_key,
int ssl_hmac, int enc)
{
int ret;
if (unlikely(e == NULL))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
memset(handle, 0, sizeof(*handle));
if (e->id != GNUTLS_CIPHER_NULL)
{
handle->non_null = 1;
ret = _gnutls_cipher_init(&handle->cipher, e, cipher_key, iv, enc);
if (ret < 0)
return gnutls_assert_val(ret);
}
else
handle->non_null = 0;
if (me->id != GNUTLS_MAC_AEAD)
{
handle->is_mac = 1;
handle->ssl_hmac = ssl_hmac;
if (ssl_hmac)
ret = _gnutls_mac_init_ssl3(&handle->mac.dig, me, mac_key->data, mac_key->size);
else
ret = _gnutls_mac_init(&handle->mac.mac, me, mac_key->data, mac_key->size);
if (ret < 0)
{
gnutls_assert();
goto cleanup;
}
handle->tag_size = _gnutls_mac_get_algo_len(me);
}
else if (_gnutls_cipher_algo_is_aead(e))
{
handle->tag_size = _gnutls_cipher_get_tag_size(e);
}
else
{
gnutls_assert();
ret = GNUTLS_E_INVALID_REQUEST;
goto cleanup;
}
return 0;
cleanup:
if (handle->non_null != 0)
_gnutls_cipher_deinit(&handle->cipher);
return ret;
}
int _gnutls_auth_cipher_add_auth (auth_cipher_hd_st * handle, const void *text,
int textlen)
{
if (handle->is_mac)
{
if (handle->ssl_hmac)
return _gnutls_hash(&handle->mac.dig, text, textlen);
else
return _gnutls_mac(&handle->mac.mac, text, textlen);
}
else if (_gnutls_cipher_is_aead(&handle->cipher))
return _gnutls_cipher_auth(&handle->cipher, text, textlen);
else
return 0;
}
/* The caller must make sure that textlen+pad_size+tag_size is divided by the block size of the cipher */
int _gnutls_auth_cipher_encrypt2_tag (auth_cipher_hd_st * handle, const uint8_t *text,
int textlen, void *_ciphertext, int ciphertextlen,
int pad_size)
{
int ret;
uint8_t * ciphertext = _ciphertext;
unsigned blocksize = _gnutls_cipher_get_block_size(handle->cipher.e);
unsigned l;
if (handle->is_mac)
{
if (handle->ssl_hmac)
ret = _gnutls_hash(&handle->mac.dig, text, textlen);
else
ret = _gnutls_mac(&handle->mac.mac, text, textlen);
if (unlikely(ret < 0))
return gnutls_assert_val(ret);
if (unlikely(textlen+pad_size+handle->tag_size) > ciphertextlen)
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
if (handle->non_null != 0)
{
l = (textlen/blocksize)*blocksize;
ret = _gnutls_cipher_encrypt2(&handle->cipher, text, l, ciphertext, ciphertextlen);
if (ret < 0)
return gnutls_assert_val(ret);
textlen -= l;
text += l;
ciphertext += l;
ciphertextlen -= l;
if (ciphertext != text && textlen > 0)
memcpy(ciphertext, text, textlen);
ret = _gnutls_auth_cipher_tag(handle, ciphertext+textlen, handle->tag_size);
if (ret < 0)
return gnutls_assert_val(ret);
textlen += handle->tag_size;
/* TLS 1.0 style padding */
if (pad_size > 0)
{
memset (ciphertext+textlen, pad_size - 1, pad_size);
textlen += pad_size;
}
ret = _gnutls_cipher_encrypt2(&handle->cipher, ciphertext, textlen, ciphertext, ciphertextlen);
if (ret < 0)
return gnutls_assert_val(ret);
}
else /* null cipher */
{
if (text != ciphertext)
memcpy(ciphertext, text, textlen);
ret = _gnutls_auth_cipher_tag(handle, ciphertext+textlen, handle->tag_size);
if (ret < 0)
return gnutls_assert_val(ret);
}
}
else if (_gnutls_cipher_is_aead(&handle->cipher))
{
ret = _gnutls_cipher_encrypt2(&handle->cipher, text, textlen, ciphertext, ciphertextlen);
if (unlikely(ret < 0))
return gnutls_assert_val(ret);
ret = _gnutls_auth_cipher_tag(handle, ciphertext+textlen, handle->tag_size);
if (unlikely(ret < 0))
return gnutls_assert_val(ret);
}
else if (handle->non_null == 0 && text != ciphertext)
memcpy(ciphertext, text, textlen);
return 0;
}
int _gnutls_auth_cipher_decrypt2 (auth_cipher_hd_st * handle,
const void *ciphertext, int ciphertextlen,
void *text, int textlen)
{
int ret;
if (unlikely(ciphertextlen > textlen))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
if (handle->non_null != 0)
{
ret = _gnutls_cipher_decrypt2(&handle->cipher, ciphertext, ciphertextlen,
text, textlen);
if (ret < 0)
return gnutls_assert_val(ret);
}
else if (handle->non_null == 0 && text != ciphertext)
memcpy(text, ciphertext, ciphertextlen);
if (handle->is_mac)
{
/* The MAC is not to be hashed */
ciphertextlen -= handle->tag_size;
if (handle->ssl_hmac)
return _gnutls_hash(&handle->mac.dig, text, ciphertextlen);
else
return _gnutls_mac(&handle->mac.mac, text, ciphertextlen);
}
return 0;
}
int _gnutls_auth_cipher_tag(auth_cipher_hd_st * handle, void* tag, int tag_size)
{
int ret;
if (handle->is_mac)
{
if (handle->ssl_hmac)
{
ret = _gnutls_mac_output_ssl3 (&handle->mac.dig, tag);
if (ret < 0)
return gnutls_assert_val(ret);
}
else
{
_gnutls_mac_output (&handle->mac.mac, tag);
}
}
else if (_gnutls_cipher_is_aead(&handle->cipher))
{
_gnutls_cipher_tag(&handle->cipher, tag, tag_size);
}
else
memset(tag, 0, tag_size);
return 0;
}
void _gnutls_auth_cipher_deinit (auth_cipher_hd_st * handle)
{
if (handle->is_mac)
{
if (handle->ssl_hmac) /* failure here doesn't matter */
_gnutls_mac_deinit_ssl3 (&handle->mac.dig, NULL);
else
_gnutls_mac_deinit(&handle->mac.mac, NULL);
}
if (handle->non_null!=0)
_gnutls_cipher_deinit(&handle->cipher);
}