crypto-api: refuse to run gnutls_cipher_init() in full AEAD modes

That is, there are AEAD modes like CCM that can only be used through
the AEAD API. Always refuse calls to gnutls_cipher_init() in these
modes.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c
index ea0cf51bbfc0fcbe52d20e14bcc94cd4de1c3e78..6143467bcda73c8ee9853826f22d8bf811e49f7e 100644 (file)
--- a/lib/algorithms/ciphers.c
+++ b/lib/algorithms/ciphers.c
@@ -84,6 +84,7 @@ static const cipher_entry_st algorithms[] = {
          .implicit_iv = 4,
          .explicit_iv = 8,
          .cipher_iv = 12,
+         .only_aead = 1,
          .tagsize = 16},
        { .name = "AES-256-CCM",
          .id = GNUTLS_CIPHER_AES_256_CCM,
@@ -93,6 +94,7 @@ static const cipher_entry_st algorithms[] = {
          .implicit_iv = 4,
          .explicit_iv = 8,
          .cipher_iv = 12,
+         .only_aead = 1,
          .tagsize = 16},
        { .name = "AES-128-CCM-8",
          .id = GNUTLS_CIPHER_AES_128_CCM_8,
@@ -102,6 +104,7 @@ static const cipher_entry_st algorithms[] = {
          .implicit_iv = 4,
          .explicit_iv = 8,
          .cipher_iv = 12,
+         .only_aead = 1,
          .tagsize = 8},
        { .name = "AES-256-CCM-8",
          .id = GNUTLS_CIPHER_AES_256_CCM_8,
@@ -111,6 +114,7 @@ static const cipher_entry_st algorithms[] = {
          .implicit_iv = 4,
          .explicit_iv = 8,
          .cipher_iv = 12,
+         .only_aead = 1,
          .tagsize = 8},
        { .name = "ARCFOUR-128",
          .id = GNUTLS_CIPHER_ARCFOUR_128,

diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index 6b3b065f08a192a92bce8d028800e3df99739030..1a0b13b90cb75534d239811ab29f90f1584245d0 100644 (file)
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -62,7 +62,7 @@ gnutls_cipher_init(gnutls_cipher_hd_t * handle,
        const cipher_entry_st* e;
 
        e = cipher_to_entry(cipher);
-       if (e == NULL)
+       if (e == NULL || e->only_aead)
                return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
        *handle = gnutls_calloc(1, sizeof(api_cipher_hd_st));

diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 0aff2d28d5be0305c0236293fa9bc3a32ef3c1dc..5d013c83c2ee28954bf1f4c4bf8482f8dca0d815 100644 (file)
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -445,7 +445,8 @@ typedef struct cipher_entry_st {
        uint16_t explicit_iv;   /* the size of explicit IV - the IV stored in record */
        uint16_t cipher_iv;     /* the size of IV needed by the cipher */
        uint16_t tagsize;
-       bool    xor_nonce;      /* In this TLS AEAD cipher xor the implicit_iv with the nonce */
+       bool xor_nonce; /* In this TLS AEAD cipher xor the implicit_iv with the nonce */
+       bool only_aead; /* When set, this cipher is only available through the new AEAD API */
 } cipher_entry_st;
 
 typedef struct gnutls_cipher_suite_entry_st {