diff options
Diffstat (limited to 'lib/crypto/gnutls_helpers.h')
-rw-r--r-- | lib/crypto/gnutls_helpers.h | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/lib/crypto/gnutls_helpers.h b/lib/crypto/gnutls_helpers.h index eb6e469fa0c..6719a599604 100644 --- a/lib/crypto/gnutls_helpers.h +++ b/lib/crypto/gnutls_helpers.h @@ -144,6 +144,42 @@ samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt(TALLOC_CTX *mem_ctx, uint8_t pauth_tag[64]); /** + * @brief Decypt cipher text using AEAD_AES_256_CBC_HMAC_SHA512 and the session + * key. + * + * This decrypts the cipher text using AEAD_AES_256_CBC_HMAC_SHA512 with the + * given content decryption key key. The plaintext will be zeroed as soon as the + * data blob is freed. + * + * @param mem_ctx The memory context to allocate the plaintext on. + * + * @param ciphertext The cipher text to decrypt. + * + * @param cdk The content decryption key. + * + * @param key_salt The salt used to calculate the encryption key. + * + * @param key_salt The salt used to calculate the mac key. + + * @param iv The initialization vector used for the encryption. + * + * @param auth_tag[64] The authentication blob to be verified. + * + * @param pplaintext A pointer to a DATA_BLOB to store the plaintext. + * + * @return NT_STATUS_OK on success, an nt status error code otherwise. + */ +NTSTATUS +samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt(TALLOC_CTX *mem_ctx, + const DATA_BLOB *ciphertext, + const DATA_BLOB *cdk, + const DATA_BLOB *key_salt, + const DATA_BLOB *mac_salt, + const DATA_BLOB *iv, + const uint8_t auth_tag[64], + DATA_BLOB *pplaintext); + +/** * @brief Check if weak crypto is allowed. * * @return true if weak crypo is allowed, false otherwise. |