int
pubkey_verify_hashed_data (gnutls_pk_algorithm_t pk,
- gnutls_digest_algorithm_t algo,
+ const mac_entry_st * algo,
const gnutls_datum_t * hash,
const gnutls_datum_t * signature,
gnutls_pk_params_st * issuer_params);
int pubkey_verify_data (gnutls_pk_algorithm_t pk,
- gnutls_digest_algorithm_t algo,
+ const mac_entry_st * algo,
const gnutls_datum_t * data,
const gnutls_datum_t * signature,
gnutls_pk_params_st * issuer_params);
-gnutls_digest_algorithm_t _gnutls_dsa_q_to_hash (gnutls_pk_algorithm_t algo,
- const gnutls_pk_params_st* params, unsigned int* hash_len);
+const mac_entry_st*
+_gnutls_dsa_q_to_hash (gnutls_pk_algorithm_t algo,
+ const gnutls_pk_params_st* params);
#endif
#include <nettle/macros.h>
#include <aes-padlock.h>
#include <sha-padlock.h>
+#include <algorithms.h>
#ifdef HAVE_LIBNETTLE
unsigned char *pad;
unsigned char pad2[SHA1_DATA_SIZE + MAX_SHA_DIGEST_SIZE];
unsigned char hkey[MAX_SHA_DIGEST_SIZE];
- unsigned int digest_size = _gnutls_mac_get_algo_len (algo);
+ unsigned int digest_size = _gnutls_mac_get_algo_len (mac_to_entry(algo));
if (key_size > SHA1_DATA_SIZE)
{
int _gnutls_version_has_explicit_iv (gnutls_protocol_t version);
/* Functions for MACs. */
-int _gnutls_mac_is_ok (gnutls_mac_algorithm_t algorithm);
-gnutls_digest_algorithm_t _gnutls_x509_oid_to_digest (const char *oid);
-const char *_gnutls_x509_mac_to_oid (gnutls_mac_algorithm_t mac);
+const mac_entry_st* mac_to_entry(gnutls_mac_algorithm_t c);
-/* Functions for digests. */
-inline static const char *
-_gnutls_x509_digest_to_oid (gnutls_digest_algorithm_t algorithm)
+inline static int
+_gnutls_mac_is_ok (const mac_entry_st * e)
+{
+ if (unlikely(e==NULL) || e->id == 0)
+ return 0;
+ else
+ return 1;
+}
+
+/*-
+ * _gnutls_mac_get_algo_len:
+ * @algorithm: is an encryption algorithm
+ *
+ * Get size of MAC key.
+ *
+ * Returns: length (in bytes) of the MAC output size, or 0 if the
+ * given MAC algorithm is invalid.
+ -*/
+inline static size_t
+_gnutls_mac_get_algo_len (const mac_entry_st * e)
+{
+ if (unlikely(e==NULL))
+ return 0;
+ else
+ return e->output_size;
+}
+
+inline static const char*
+_gnutls_x509_mac_to_oid (const mac_entry_st * e)
{
- return _gnutls_x509_mac_to_oid ((gnutls_mac_algorithm_t) algorithm);
+ if (unlikely(e==NULL))
+ return NULL;
+ else
+ return e->oid;
}
-inline static const char *
-_gnutls_digest_get_name (gnutls_digest_algorithm_t algorithm)
+inline static const char*
+_gnutls_mac_get_name (const mac_entry_st * e)
{
- return gnutls_mac_get_name ((gnutls_mac_algorithm_t) algorithm);
+ if (unlikely(e==NULL))
+ return NULL;
+ else
+ return e->name;
}
-int _gnutls_digest_is_secure (gnutls_digest_algorithm_t algorithm);
+inline static int
+_gnutls_mac_block_size (const mac_entry_st * e)
+{
+ if (unlikely(e==NULL))
+ return 0;
+ else
+ return e->block_size;
+}
+
+inline static int
+_gnutls_mac_get_key_size (const mac_entry_st * e)
+{
+ if (unlikely(e==NULL))
+ return 0;
+ else
+ return e->key_size;
+}
+
+gnutls_digest_algorithm_t _gnutls_x509_oid_to_digest (const char *oid);
+
+/* Functions for digests. */
+#define _gnutls_x509_digest_to_oid _gnutls_x509_mac_to_oid
+#define _gnutls_digest_get_name _gnutls_mac_get_name
+#define _gnutls_hash_get_algo_len _gnutls_mac_get_algo_len
+
+inline static int
+_gnutls_digest_is_secure (const mac_entry_st * e)
+{
+ if (unlikely(e==NULL))
+ return 0;
+ else
+ return e->secure;
+}
/* Functions for cipher suites. */
int _gnutls_supported_ciphersuites (gnutls_session_t session,
unsigned int max_cipher_suite_size);
const char *_gnutls_cipher_suite_get_name (const uint8_t suite[2]);
gnutls_mac_algorithm_t _gnutls_cipher_suite_get_prf (const uint8_t suite[2]);
-gnutls_cipher_algorithm_t _gnutls_cipher_suite_get_cipher_algo (const
+const cipher_entry_st* _gnutls_cipher_suite_get_cipher_algo (const
uint8_t suite[2]);
gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo (const uint8_t suite[2]);
-gnutls_mac_algorithm_t _gnutls_cipher_suite_get_mac_algo (const
+const mac_entry_st* _gnutls_cipher_suite_get_mac_algo (const
uint8_t suite[2]);
int
gnutls_mac_algorithm_t mac_algorithm, uint8_t suite[2]);
/* Functions for ciphers. */
-int _gnutls_cipher_is_block (gnutls_cipher_algorithm_t algorithm);
-int _gnutls_cipher_algo_is_aead (gnutls_cipher_algorithm_t algorithm);
-int _gnutls_cipher_is_ok (gnutls_cipher_algorithm_t algorithm);
-int _gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t algorithm);
+const cipher_entry_st* cipher_to_entry(gnutls_cipher_algorithm_t c);
+
+inline static int
+_gnutls_cipher_is_block (const cipher_entry_st* e)
+{
+ if (unlikely(e==NULL))
+ return 0;
+ return e->block;
+}
+
+inline static int
+_gnutls_cipher_get_block_size (const cipher_entry_st* e)
+{
+ if (unlikely(e==NULL))
+ return 0;
+ return e->blocksize;
+}
+
+inline static int
+_gnutls_cipher_get_iv_size (const cipher_entry_st* e)
+{
+ if (unlikely(e==NULL))
+ return 0;
+ return e->iv;
+}
+
+inline static int
+_gnutls_cipher_get_key_size (const cipher_entry_st* e)
+{
+ if (unlikely(e==NULL))
+ return 0;
+ return e->keysize;
+}
+
+inline static const char*
+_gnutls_cipher_get_name (const cipher_entry_st* e)
+{
+ if (unlikely(e==NULL))
+ return NULL;
+ return e->name;
+}
+
+inline static int
+_gnutls_cipher_algo_is_aead (const cipher_entry_st* e)
+{
+ if (unlikely(e==NULL))
+ return 0;
+ return e->aead;
+}
+
+inline static int
+_gnutls_cipher_is_ok (const cipher_entry_st* e)
+{
+ if (unlikely(e==NULL) || e->id == 0)
+ return 0;
+ else
+ return 1;
+}
+
+inline static int
+_gnutls_cipher_get_tag_size (const cipher_entry_st* e)
+{
+ size_t ret = 0;
+
+ if (unlikely(e==NULL))
+ return ret;
+
+ if (e->aead)
+ ret = e->blocksize; /* FIXME: happens to be the same for now */
+ else
+ ret = 0;
+ return ret;
+}
/* Functions for key exchange. */
int _gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm);
int _gnutls_mac_priority (gnutls_session_t session,
gnutls_mac_algorithm_t algorithm);
int _gnutls_cipher_priority (gnutls_session_t session,
- gnutls_cipher_algorithm_t algorithm);
+ gnutls_cipher_algorithm_t a);
int _gnutls_kx_priority (gnutls_session_t session,
gnutls_kx_algorithm_t algorithm);
#include <gnutls_errors.h>
#include <x509/common.h>
-struct gnutls_cipher_entry
-{
- const char *name;
- gnutls_cipher_algorithm_t id;
- uint16_t blocksize;
- uint16_t keysize;
- unsigned block:1;
- uint16_t iv; /* the size of IV */
- unsigned auth:1; /* Whether it is authenc cipher */
-};
-typedef struct gnutls_cipher_entry gnutls_cipher_entry;
/* Note that all algorithms are in CBC or STREAM modes.
* Do not add any algorithms in other modes (avoid modified algorithms).
*
* Make sure to update MAX_CIPHER_BLOCK_SIZE and MAX_CIPHER_KEY_SIZE as well.
*/
-static const gnutls_cipher_entry algorithms[] = {
+static const cipher_entry_st algorithms[] = {
{"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK, 16, 0},
{"AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC, 16, 24, CIPHER_BLOCK, 16, 0},
{"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK, 16, 0},
};
#define GNUTLS_CIPHER_LOOP(b) \
- const gnutls_cipher_entry *p; \
+ const cipher_entry_st *p; \
for(p = algorithms; p->name != NULL; p++) { b ; }
#define GNUTLS_ALG_LOOP(a) \
/* CIPHER functions */
+const cipher_entry_st* cipher_to_entry(gnutls_cipher_algorithm_t c)
+{
+ GNUTLS_CIPHER_LOOP (if (c==p->id) return p);
+
+ return NULL;
+}
+
/**
* gnutls_cipher_get_block_size:
* @algorithm: is an encryption algorithm
return ret;
}
-int
-_gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t algorithm)
-{
- size_t ret = 0;
-
- GNUTLS_ALG_LOOP (
- if (p->auth)
- ret = p->block; /* FIXME: happens to be the same for now */
- else
- ret = 0;
- );
- return ret;
-
-}
/* returns the priority */
int
return -1;
}
-
-int
-_gnutls_cipher_is_block (gnutls_cipher_algorithm_t algorithm)
-{
- size_t ret = 0;
-
- GNUTLS_ALG_LOOP (ret = p->block);
- return ret;
-
-}
-
-int
-_gnutls_cipher_algo_is_aead (gnutls_cipher_algorithm_t algorithm)
-{
- size_t ret = 0;
-
- GNUTLS_ALG_LOOP (ret = p->auth);
- return ret;
-
-}
-
/**
* gnutls_cipher_get_key_size:
* @algorithm: is an encryption algorithm
return supported_ciphers;
}
-int
-_gnutls_cipher_is_ok (gnutls_cipher_algorithm_t algorithm)
-{
- ssize_t ret = -1;
- GNUTLS_ALG_LOOP (ret = p->id);
- if (ret >= 0)
- ret = 0;
- else
- ret = 1;
- return ret;
-}
/* Cipher Suite's functions */
-gnutls_cipher_algorithm_t
+const cipher_entry_st*
_gnutls_cipher_suite_get_cipher_algo (const uint8_t suite[2])
{
int ret = 0;
CIPHER_SUITE_ALG_LOOP (ret = p->block_algorithm);
- return ret;
+ return cipher_to_entry(ret);
}
gnutls_kx_algorithm_t
}
-gnutls_mac_algorithm_t
+const mac_entry_st*
_gnutls_cipher_suite_get_mac_algo (const uint8_t suite[2])
{ /* In bytes */
int ret = 0;
CIPHER_SUITE_ALG_LOOP (ret = p->mac_algorithm);
- return ret;
+ return mac_to_entry(ret);
}
#include <gnutls_errors.h>
#include <x509/common.h>
-struct gnutls_hash_entry
-{
- const char *name;
- const char *oid;
- gnutls_mac_algorithm_t id;
- size_t output_size;
- size_t key_size;
- size_t nonce_size;
- unsigned placeholder; /* if set, then not a real MAC */
- unsigned secure; /* if set the this algorithm is secure as hash */
-};
-typedef struct gnutls_hash_entry gnutls_hash_entry;
-
-static const gnutls_hash_entry hash_algorithms[] = {
- {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 20, 0, 0, 1},
- {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 16, 0, 0, 0},
- {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 32, 0, 0, 1},
- {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 48, 0, 0, 1},
- {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 64, 0, 0, 1},
- {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 28, 0, 0, 1},
- {"UMAC-96", NULL, GNUTLS_MAC_UMAC_96, 12, 16, 8, 0, 1},
- {"UMAC-128", NULL, GNUTLS_MAC_UMAC_128, 16, 16, 8, 0, 1},
- {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 0, 0, 1, 1},
- {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0, 0, 0, 0}, /* not used as MAC */
- {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 20, 0, 0, 1},
- {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0, 0, 0, 0},
- {0, 0, 0, 0, 0, 0, 0}
+static const mac_entry_st hash_algorithms[] = {
+ {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 20, 0, 0, 1, 64},
+ {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 16, 0, 0, 0, 64},
+ {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 32, 0, 0, 1, 64},
+ {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 48, 0, 0, 1, 64},
+ {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 64, 0, 0, 1, 64},
+ {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 28, 0, 0, 1, 64},
+ {"UMAC-96", NULL, GNUTLS_MAC_UMAC_96, 12, 16, 8, 0, 1, 0},
+ {"UMAC-128", NULL, GNUTLS_MAC_UMAC_128, 16, 16, 8, 0, 1, 0},
+ {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 0, 0, 1, 1, 0},
+ {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0, 0, 0, 0, 0}, /* not used as MAC */
+ {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 20, 0, 0, 1, 64},
+ {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0, 0, 0, 0, 0},
+ {0, 0, 0, 0, 0, 0, 0, 0}
};
#define GNUTLS_HASH_LOOP(b) \
- const gnutls_hash_entry *p; \
+ const mac_entry_st *p; \
for(p = hash_algorithms; p->name != NULL; p++) { b ; }
#define GNUTLS_HASH_ALG_LOOP(a) \
GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } )
+const mac_entry_st* mac_to_entry(gnutls_mac_algorithm_t c)
+{
+ GNUTLS_HASH_LOOP (if (c==p->id) return p);
+
+ return NULL;
+}
+
int
_gnutls_mac_priority (gnutls_session_t session,
gnutls_mac_algorithm_t algorithm)
return ret;
}
-/*-
- * _gnutls_mac_get_algo_len:
- * @algorithm: is an encryption algorithm
- *
- * Get size of MAC key.
- *
- * Returns: length (in bytes) of the MAC output size, or 0 if the
- * given MAC algorithm is invalid.
- -*/
-size_t
-_gnutls_mac_get_algo_len (gnutls_mac_algorithm_t algorithm)
-{
- size_t ret = 0;
-
- /* avoid prefix */
- GNUTLS_HASH_ALG_LOOP (ret = p->output_size);
-
- return ret;
-}
-
/**
* gnutls_mac_list:
*
return supported_macs;
}
-const char *
-_gnutls_x509_mac_to_oid (gnutls_mac_algorithm_t algorithm)
-{
- const char *ret = NULL;
-
- /* avoid prefix */
- GNUTLS_HASH_ALG_LOOP (ret = p->oid);
-
- return ret;
-}
-
gnutls_digest_algorithm_t
_gnutls_x509_oid_to_digest (const char *oid)
{
return ret;
}
-int
-_gnutls_mac_is_ok (gnutls_mac_algorithm_t algorithm)
-{
- ssize_t ret = -1;
- GNUTLS_HASH_ALG_LOOP (ret = p->id);
- if (ret >= 0)
- ret = 0;
- else
- ret = 1;
- return ret;
-}
-
-int
-_gnutls_digest_is_secure (gnutls_digest_algorithm_t algo)
-{
- ssize_t ret = 0;
- gnutls_mac_algorithm_t algorithm = algo;
-
- GNUTLS_HASH_ALG_LOOP (ret = p->secure);
-
- return ret;
-}
/* TLS Versions */
-
-typedef struct
-{
- const char *name;
- gnutls_protocol_t id; /* gnutls internal version number */
- uint8_t major; /* defined by the protocol */
- uint8_t minor; /* defined by the protocol */
- transport_t transport; /* Type of transport, stream or datagram */
- unsigned int supported:1; /* 0 not supported, > 0 is supported */
-} gnutls_version_entry;
-
-static const gnutls_version_entry sup_versions[] = {
+static const version_entry_st sup_versions[] = {
{"SSL3.0", GNUTLS_SSL3, 3, 0, GNUTLS_STREAM, 1},
{"TLS1.0", GNUTLS_TLS1, 3, 1, GNUTLS_STREAM, 1},
{"TLS1.1", GNUTLS_TLS1_1, 3, 2, GNUTLS_STREAM, 1},
};
#define GNUTLS_VERSION_LOOP(b) \
- const gnutls_version_entry *p; \
+ const version_entry_st *p; \
for(p = sup_versions; p->name != NULL; p++) { b ; }
#define GNUTLS_VERSION_ALG_LOOP(a) \
GNUTLS_SIGN_ALG_LOOP (dig = p->mac);
if (dig != GNUTLS_DIG_UNKNOWN)
- return _gnutls_digest_is_secure(dig);
+ return _gnutls_digest_is_secure(mac_to_entry(dig));
return 0;
}
#include <gnutls_cipher_int.h>
#include <gnutls_datum.h>
#include <gnutls/crypto.h>
+#include <algorithms.h>
#include <random.h>
#include <crypto.h>
}
h = *handle;
- ret = _gnutls_cipher_init (&h->ctx_enc, cipher, key, iv, 1);
+ ret = _gnutls_cipher_init (&h->ctx_enc, cipher_to_entry(cipher), key, iv, 1);
- if (ret >= 0 && _gnutls_cipher_is_aead( &h->ctx_enc) == 0) /* AEAD ciphers are stream - so far */
- ret = _gnutls_cipher_init (&h->ctx_dec, cipher, key, iv, 0);
+ if (ret >= 0 && _gnutls_cipher_is_aead(&h->ctx_enc) == 0) /* AEAD ciphers are stream - so far */
+ ret = _gnutls_cipher_init (&h->ctx_dec, cipher_to_entry(cipher), key, iv, 0);
return ret;
}
{
api_cipher_hd_st * h = handle;
- if (_gnutls_cipher_is_aead( &h->ctx_enc)==0)
+ if (_gnutls_cipher_is_aead(&h->ctx_enc)==0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
_gnutls_cipher_tag( &h->ctx_enc, tag, tag_size);
{
api_cipher_hd_st * h = handle;
- if (_gnutls_cipher_is_aead( &h->ctx_enc)==0)
+ if (_gnutls_cipher_is_aead(&h->ctx_enc)==0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
_gnutls_cipher_auth( &h->ctx_enc, text, text_size);
_gnutls_cipher_setiv( &h->ctx_enc, iv, ivlen);
- if (_gnutls_cipher_is_aead( &h->ctx_enc)==0)
+ if (_gnutls_cipher_is_aead(&h->ctx_enc)==0)
_gnutls_cipher_setiv( &h->ctx_dec, iv, ivlen);
}
{
api_cipher_hd_st * h = handle;
- if (_gnutls_cipher_is_aead( &h->ctx_enc)!=0)
+ if (_gnutls_cipher_is_aead(&h->ctx_enc)!=0)
return _gnutls_cipher_decrypt (&h->ctx_enc, ciphertext, ciphertextlen);
else
return _gnutls_cipher_decrypt (&h->ctx_dec, ciphertext, ciphertextlen);
{
api_cipher_hd_st * h = handle;
- if (_gnutls_cipher_is_aead( &h->ctx_enc)!=0)
+ if (_gnutls_cipher_is_aead(&h->ctx_enc)!=0)
return _gnutls_cipher_decrypt2 (&h->ctx_enc, ciphertext,
ciphertextlen, text, textlen);
else
api_cipher_hd_st * h = handle;
_gnutls_cipher_deinit (&h->ctx_enc);
- if (_gnutls_cipher_is_aead( &h->ctx_enc)==0)
+ if (_gnutls_cipher_is_aead(&h->ctx_enc)==0)
_gnutls_cipher_deinit (&h->ctx_dec);
gnutls_free (handle);
}
return GNUTLS_E_MEMORY_ERROR;
}
- return _gnutls_mac_init (((mac_hd_st *) * dig), algorithm, key, keylen);
+ return _gnutls_mac_init (((mac_hd_st *) * dig),
+ mac_to_entry(algorithm), key, keylen);
}
/**
int
gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm)
{
- return _gnutls_mac_get_algo_len (algorithm);
+ return _gnutls_mac_get_algo_len (mac_to_entry(algorithm));
}
/**
return GNUTLS_E_MEMORY_ERROR;
}
- return _gnutls_hash_init (((digest_hd_st *) * dig), algorithm);
+ return _gnutls_hash_init (((digest_hd_st *) * dig), mac_to_entry(algorithm));
}
/**
int
gnutls_hash_get_len (gnutls_digest_algorithm_t algorithm)
{
- return _gnutls_hash_get_algo_len (algorithm);
+ return _gnutls_hash_get_algo_len (mac_to_entry(algorithm));
}
/**
uint16_t length16;
int ret;
- ret = _gnutls_mac_init (&digest_hd, GNUTLS_MAC_SHA256, key->data,
- key->size);
+ ret = _gnutls_mac_init (&digest_hd, mac_to_entry(GNUTLS_MAC_SHA256),
+ key->data, key->size);
if (ret < 0)
{
gnutls_assert ();
IV.data = ticket->IV;
IV.size = IV_SIZE;
ret =
- _gnutls_cipher_init (&cipher_hd, GNUTLS_CIPHER_AES_128_CBC, &key, &IV, 0);
+ _gnutls_cipher_init (&cipher_hd, cipher_to_entry(GNUTLS_CIPHER_AES_128_CBC),
+ &key, &IV, 0);
if (ret < 0)
{
gnutls_assert ();
IV.data = priv->session_ticket_IV;
IV.size = IV_SIZE;
ret =
- _gnutls_cipher_init (&cipher_hd, GNUTLS_CIPHER_AES_128_CBC, &key, &IV, 1);
+ _gnutls_cipher_init (&cipher_hd, cipher_to_entry(GNUTLS_CIPHER_AES_128_CBC),
+ &key, &IV, 1);
if (ret < 0)
{
gnutls_assert ();
uint8_t preamble[MAX_PREAMBLE_SIZE];
int preamble_size;
int tag_size = _gnutls_auth_cipher_tag_len (¶ms->write.cipher_state);
- int blocksize = gnutls_cipher_get_block_size (params->cipher_algorithm);
+ int blocksize = _gnutls_cipher_get_block_size (params->cipher);
unsigned block_algo =
- _gnutls_cipher_is_block (params->cipher_algorithm);
+ _gnutls_cipher_is_block (params->cipher);
uint8_t *data_ptr;
int ver = gnutls_protocol_get_version (session);
int explicit_iv = _gnutls_version_has_explicit_iv (session->security_parameters.version);
uint8_t nonce[MAX_CIPHER_BLOCK_SIZE];
unsigned iv_size;
- iv_size = gnutls_cipher_get_iv_size(params->cipher_algorithm);
+ iv_size = _gnutls_cipher_get_iv_size(params->cipher);
_gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n",
- session, gnutls_cipher_get_name(params->cipher_algorithm), gnutls_mac_get_name(params->mac_algorithm),
+ session, _gnutls_cipher_get_name(params->cipher), _gnutls_mac_get_name(params->mac),
(unsigned int)params->epoch);
preamble_size =
uint8_t preamble[MAX_PREAMBLE_SIZE];
int preamble_size;
int tag_size = _gnutls_auth_cipher_tag_len (¶ms->write.cipher_state);
- int blocksize = gnutls_cipher_get_block_size (params->cipher_algorithm);
+ int blocksize = _gnutls_cipher_get_block_size (params->cipher);
unsigned block_algo =
- _gnutls_cipher_is_block (params->cipher_algorithm);
+ _gnutls_cipher_is_block (params->cipher);
uint8_t *data_ptr;
int ver = gnutls_protocol_get_version (session);
int explicit_iv = _gnutls_version_has_explicit_iv (session->security_parameters.version);
uint8_t nonce[MAX_CIPHER_BLOCK_SIZE];
unsigned iv_size;
- iv_size = gnutls_cipher_get_iv_size(params->cipher_algorithm);
+ iv_size = _gnutls_cipher_get_iv_size(params->cipher);
_gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n",
- session, gnutls_cipher_get_name(params->cipher_algorithm), gnutls_mac_get_name(params->mac_algorithm),
+ session, _gnutls_cipher_get_name(params->cipher), _gnutls_mac_get_name(params->mac),
(unsigned int)params->epoch);
/* Call _gnutls_rnd() once. Get data used for the IV
unsigned pad_failed, unsigned int pad, unsigned total)
{
/* this hack is only needed on CBC ciphers */
- if (_gnutls_cipher_is_block (params->cipher_algorithm) == CIPHER_BLOCK)
+ if (_gnutls_cipher_is_block (params->cipher) == CIPHER_BLOCK)
{
unsigned len;
*/
if (pad_failed == 0 && pad > 0)
{
- len = _gnutls_get_hash_block_len(params->mac_algorithm);
+ len = _gnutls_mac_block_size(params->mac);
if (len > 0)
{
/* This is really specific to the current hash functions.
unsigned int explicit_iv = _gnutls_version_has_explicit_iv (session->security_parameters.version);
unsigned iv_size;
- iv_size = gnutls_cipher_get_iv_size(params->cipher_algorithm);
- blocksize = gnutls_cipher_get_block_size (params->cipher_algorithm);
+ iv_size = _gnutls_cipher_get_iv_size(params->cipher);
+ blocksize = _gnutls_cipher_get_block_size (params->cipher);
/* actual decryption (inplace)
*/
- switch (_gnutls_cipher_is_block (params->cipher_algorithm))
+ switch (_gnutls_cipher_is_block (params->cipher))
{
case CIPHER_STREAM:
/* The way AEAD ciphers are defined in RFC5246, it allows
unsigned int explicit_iv = _gnutls_version_has_explicit_iv (session->security_parameters.version);
unsigned iv_size;
- iv_size = gnutls_cipher_get_iv_size(params->cipher_algorithm);
- blocksize = gnutls_cipher_get_block_size (params->cipher_algorithm);
+ iv_size = _gnutls_cipher_get_iv_size(params->cipher);
+ blocksize = _gnutls_cipher_get_block_size (params->cipher);
/* actual decryption (inplace)
*/
- switch (_gnutls_cipher_is_block (params->cipher_algorithm))
+ switch (_gnutls_cipher_is_block (params->cipher))
{
case CIPHER_STREAM:
/* The way AEAD ciphers are defined in RFC5246, it allows
/*
- * Copyright (C) 2009-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2009-2013 Free Software Foundation, Inc.
+ * Copyright (C) 2013 Nikos Mavrogiannopoulos
*
* Author: Nikos Mavrogiannopoulos
*
}
int
-_gnutls_cipher_init (cipher_hd_st * handle, gnutls_cipher_algorithm_t cipher,
+_gnutls_cipher_init (cipher_hd_st * handle, const cipher_entry_st* e,
const gnutls_datum_t * key, const gnutls_datum_t * iv, int enc)
{
int ret = GNUTLS_E_INTERNAL_ERROR;
const gnutls_crypto_cipher_st *cc = NULL;
- if (cipher == GNUTLS_CIPHER_NULL)
+ if (unlikely(e == NULL || e->id == GNUTLS_CIPHER_NULL))
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- handle->is_aead = _gnutls_cipher_algo_is_aead(cipher);
- if (handle->is_aead)
- handle->tag_size = gnutls_cipher_get_block_size(cipher);
+ handle->e = e;
/* check if a cipher has been registered
*/
- cc = _gnutls_get_crypto_cipher (cipher);
+ cc = _gnutls_get_crypto_cipher (e->id);
if (cc != NULL)
{
handle->encrypt = cc->encrypt;
handle->tag = cc->tag;
handle->setiv = cc->setiv;
- SR (cc->init (cipher, &handle->handle, enc), cc_cleanup);
+ SR (cc->init (e->id, &handle->handle, enc), cc_cleanup);
SR (cc->setkey( handle->handle, key->data, key->size), cc_cleanup);
if (iv)
{
/* otherwise use generic cipher interface
*/
- ret = _gnutls_cipher_ops.init (cipher, &handle->handle, enc);
+ ret = _gnutls_cipher_ops.init (e->id, &handle->handle, enc);
if (ret < 0)
{
gnutls_assert ();
/* Auth_cipher API
*/
int _gnutls_auth_cipher_init (auth_cipher_hd_st * handle,
- gnutls_cipher_algorithm_t cipher,
+ const cipher_entry_st* e,
const gnutls_datum_t * cipher_key,
const gnutls_datum_t * iv,
- gnutls_mac_algorithm_t mac,
+ const mac_entry_st* me,
const gnutls_datum_t * mac_key,
int ssl_hmac, int enc)
{
int ret;
+ if (unlikely(e == NULL))
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
memset(handle, 0, sizeof(*handle));
- if (cipher != GNUTLS_CIPHER_NULL)
+ if (e->id != GNUTLS_CIPHER_NULL)
{
- ret = _gnutls_cipher_init(&handle->cipher, cipher, cipher_key, iv, enc);
+ ret = _gnutls_cipher_init(&handle->cipher, e, cipher_key, iv, enc);
if (ret < 0)
return gnutls_assert_val(ret);
}
else
handle->is_null = 1;
- if (mac != GNUTLS_MAC_AEAD)
+ if (me->id != GNUTLS_MAC_AEAD)
{
handle->is_mac = 1;
handle->ssl_hmac = ssl_hmac;
if (ssl_hmac)
- ret = _gnutls_mac_init_ssl3(&handle->mac.dig, mac, mac_key->data, mac_key->size);
+ ret = _gnutls_mac_init_ssl3(&handle->mac.dig, me, mac_key->data, mac_key->size);
else
- ret = _gnutls_mac_init(&handle->mac.mac, mac, mac_key->data, mac_key->size);
+ ret = _gnutls_mac_init(&handle->mac.mac, me, mac_key->data, mac_key->size);
if (ret < 0)
{
gnutls_assert();
goto cleanup;
}
- handle->tag_size = _gnutls_mac_get_algo_len(mac);
+ handle->tag_size = _gnutls_mac_get_algo_len(me);
+ }
+ else if (_gnutls_cipher_algo_is_aead(e))
+ {
+ handle->tag_size = _gnutls_cipher_get_tag_size(e);
+ }
+ else
+ {
+ gnutls_assert();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
}
- else if (_gnutls_cipher_is_aead(&handle->cipher))
- handle->tag_size = _gnutls_cipher_tag_len(&handle->cipher);
return 0;
cleanup:
typedef struct
{
void *handle;
+ const cipher_entry_st* e;
cipher_encrypt_func encrypt;
cipher_decrypt_func decrypt;
cipher_auth_func auth;
cipher_tag_func tag;
cipher_setiv_func setiv;
cipher_deinit_func deinit;
-
- size_t tag_size;
- unsigned int is_aead:1;
} cipher_hd_st;
-int _gnutls_cipher_init (cipher_hd_st *, gnutls_cipher_algorithm_t cipher,
+int _gnutls_cipher_init (cipher_hd_st *, const cipher_entry_st* e,
const gnutls_datum_t * key,
const gnutls_datum_t * iv, int enc);
}
int _gnutls_cipher_exists(gnutls_cipher_algorithm_t cipher);
-inline static size_t _gnutls_cipher_tag_len( cipher_hd_st * handle)
-{
- return handle->tag_size;
-}
-inline static unsigned int _gnutls_cipher_is_aead( cipher_hd_st * handle)
-{
- return handle->is_aead;
-}
+#define _gnutls_cipher_is_aead(h) _gnutls_cipher_algo_is_aead((h)->e)
/* returns the tag in AUTHENC ciphers */
inline static void _gnutls_cipher_tag( const cipher_hd_st * handle, void* tag, size_t tag_size)
} auth_cipher_hd_st;
int _gnutls_auth_cipher_init (auth_cipher_hd_st * handle,
- gnutls_cipher_algorithm_t cipher,
+ const cipher_entry_st* e,
const gnutls_datum_t * cipher_key,
const gnutls_datum_t * iv,
- gnutls_mac_algorithm_t mac,
+ const mac_entry_st *me,
const gnutls_datum_t * mac_key, int ssl_hmac, int enc);
int _gnutls_auth_cipher_add_auth (auth_cipher_hd_st * handle, const void *text,
return handle->tag_size;
}
-inline static unsigned int _gnutls_auth_cipher_is_aead( auth_cipher_hd_st * handle)
-{
- return _gnutls_cipher_is_aead(&handle->cipher);
-}
+#define _gnutls_auth_cipher_is_aead(h) _gnutls_cipher_is_aead(&(h)->cipher)
void _gnutls_auth_cipher_deinit (auth_cipher_hd_st * handle);
if (!_gnutls_version_has_explicit_iv(ver))
{
- if (_gnutls_cipher_is_block (params->cipher_algorithm) != CIPHER_STREAM)
+ if (_gnutls_cipher_is_block (params->cipher) != CIPHER_STREAM)
iv = &state->IV;
}
ret = _gnutls_auth_cipher_init (&state->cipher_state,
- params->cipher_algorithm, &state->key, iv,
- params->mac_algorithm, &state->mac_secret, (ver==GNUTLS_SSL3)?1:0, 1-read/*1==encrypt*/);
- if (ret < 0 && params->cipher_algorithm != GNUTLS_CIPHER_NULL)
+ params->cipher, &state->key, iv,
+ params->mac, &state->mac_secret, (ver==GNUTLS_SSL3)?1:0, 1-read/*1==encrypt*/);
+ if (ret < 0 && params->cipher->id != GNUTLS_CIPHER_NULL)
return gnutls_assert_val (ret);
ret =
_gnutls_epoch_set_cipher_suite (gnutls_session_t session,
int epoch_rel, const uint8_t suite[2])
{
- gnutls_cipher_algorithm_t cipher_algo;
- gnutls_mac_algorithm_t mac_algo;
+ const cipher_entry_st * cipher_algo;
+ const mac_entry_st* mac_algo;
record_parameters_st *params;
int ret;
return gnutls_assert_val (ret);
if (params->initialized
- || params->cipher_algorithm != GNUTLS_CIPHER_UNKNOWN
- || params->mac_algorithm != GNUTLS_MAC_UNKNOWN)
+ || params->cipher != NULL
+ || params->mac != NULL)
return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
cipher_algo = _gnutls_cipher_suite_get_cipher_algo (suite);
mac_algo = _gnutls_cipher_suite_get_mac_algo (suite);
- if (_gnutls_cipher_is_ok (cipher_algo) != 0
- || _gnutls_mac_is_ok (mac_algo) != 0)
+ if (_gnutls_cipher_priority (session, cipher_algo->id) < 0)
return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
- params->cipher_algorithm = cipher_algo;
- params->mac_algorithm = mac_algo;
+ if (_gnutls_mac_priority (session, mac_algo->id) < 0)
+ return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+
+ if (_gnutls_cipher_is_ok (cipher_algo) == 0
+ || _gnutls_mac_is_ok (mac_algo) == 0)
+ return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+
+ params->cipher = cipher_algo;
+ params->mac = mac_algo;
return 0;
}
return;
}
- params->cipher_algorithm = GNUTLS_CIPHER_NULL;
- params->mac_algorithm = GNUTLS_MAC_NULL;
+ params->cipher = cipher_to_entry(GNUTLS_CIPHER_NULL);
+ params->mac = mac_to_entry(GNUTLS_MAC_NULL);
params->compression_algorithm = GNUTLS_COMP_NULL;
params->initialized = 1;
}
int hash_size;
int IV_size;
int key_size;
- gnutls_cipher_algorithm_t cipher_algo;
- gnutls_mac_algorithm_t mac_algo;
gnutls_compression_method_t comp_algo;
record_parameters_st *params;
int ret;
_gnutls_record_log
("REC[%p]: Initializing epoch #%u\n", session, params->epoch);
- cipher_algo = params->cipher_algorithm;
- mac_algo = params->mac_algorithm;
comp_algo = params->compression_algorithm;
- if (_gnutls_cipher_is_ok (cipher_algo) != 0
- || _gnutls_mac_is_ok (mac_algo) != 0)
- return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
+ if (_gnutls_cipher_priority (session, params->cipher->id) < 0)
+ return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+
+ if (_gnutls_mac_priority (session, params->mac->id) < 0)
+ return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+
+ if (_gnutls_cipher_is_ok (params->cipher) == 0
+ || _gnutls_mac_is_ok (params->mac) == 0)
+ return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
if (_gnutls_compression_is_ok (comp_algo) != 0)
return gnutls_assert_val (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
- IV_size = gnutls_cipher_get_iv_size (cipher_algo);
- key_size = gnutls_cipher_get_key_size (cipher_algo);
- hash_size = gnutls_mac_get_key_size (mac_algo);
+ IV_size = _gnutls_cipher_get_iv_size (params->cipher);
+ key_size = _gnutls_cipher_get_key_size (params->cipher);
+ hash_size = _gnutls_mac_get_key_size (params->mac);
ret = _gnutls_set_keys
(session, params, hash_size, IV_size, key_size);
return 0;
}
-
-
-static int
-_gnutls_check_algos (gnutls_session_t session,
- const uint8_t suite[2],
- gnutls_compression_method_t comp_algo)
-{
- gnutls_cipher_algorithm_t cipher_algo;
- gnutls_mac_algorithm_t mac_algo;
-
- cipher_algo = _gnutls_cipher_suite_get_cipher_algo (suite);
- mac_algo = _gnutls_cipher_suite_get_mac_algo (suite);
-
- if (_gnutls_cipher_is_ok (cipher_algo) != 0)
- return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
-
- if (_gnutls_cipher_priority (session, cipher_algo) < 0)
- return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
-
-
- if (_gnutls_mac_is_ok (mac_algo) != 0)
- return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
-
- if (_gnutls_mac_priority (session, mac_algo) < 0)
- return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
-
-
- if (_gnutls_compression_is_ok (comp_algo) != 0)
- return gnutls_assert_val (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
-
- return 0;
-}
-
int _gnutls_epoch_get_compression(gnutls_session_t session, int epoch)
{
record_parameters_st *params;
*/
if (session->internals.resumed == RESUME_FALSE)
{
-
- ret = _gnutls_check_algos (session,
- session->
- security_parameters.cipher_suite,
- _gnutls_epoch_get_compression(session, epoch_next));
- if (ret < 0)
- return ret;
-
ret = _gnutls_set_kx (session,
_gnutls_cipher_suite_get_kx_algo
(session->
*/
if (session->internals.resumed == RESUME_FALSE)
{
- ret = _gnutls_check_algos (session,
- session->
- security_parameters.cipher_suite,
- _gnutls_epoch_get_compression(session, epoch_next));
- if (ret < 0)
- return ret;
-
ret = _gnutls_set_kx (session,
_gnutls_cipher_suite_get_kx_algo
(session->
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
(*slot)->epoch = epoch;
- (*slot)->cipher_algorithm = GNUTLS_CIPHER_UNKNOWN;
- (*slot)->mac_algorithm = GNUTLS_MAC_UNKNOWN;
+ (*slot)->cipher = NULL;
+ (*slot)->mac = NULL;
(*slot)->compression_algorithm = GNUTLS_COMP_UNKNOWN;
if (IS_DTLS (session))
return gnutls_assert_val(ret);
/* requires padding */
- iv_size = gnutls_cipher_get_iv_size(params->cipher_algorithm);
+ iv_size = _gnutls_cipher_get_iv_size(params->cipher);
total += iv_size;
- if (_gnutls_cipher_is_block (params->cipher_algorithm) == CIPHER_BLOCK)
+ if (_gnutls_cipher_is_block (params->cipher) == CIPHER_BLOCK)
{
*blocksize = iv_size; /* in block ciphers */
if (session->security_parameters.new_record_padding != 0)
total += 2;
- if (params->mac_algorithm == GNUTLS_MAC_AEAD)
- total += _gnutls_cipher_get_tag_size(params->cipher_algorithm);
+ if (params->mac->id == GNUTLS_MAC_AEAD)
+ total += _gnutls_cipher_get_tag_size(params->cipher);
else
{
- ret = _gnutls_mac_get_algo_len(params->mac_algorithm);
+ ret = _gnutls_mac_get_algo_len(params->mac);
if (ret < 0)
return gnutls_assert_val(ret);
total+=ret;
else
len = session->internals.handshake_hash_buffer_prev_len;
- rc = _gnutls_hash_init (&td_sha, GNUTLS_DIG_SHA1);
+ rc = _gnutls_hash_init (&td_sha, mac_to_entry(GNUTLS_DIG_SHA1));
if (rc < 0)
return gnutls_assert_val(rc);
- rc = _gnutls_hash_init (&td_md5, GNUTLS_DIG_MD5);
+ rc = _gnutls_hash_init (&td_md5, mac_to_entry(GNUTLS_DIG_MD5));
if (rc < 0)
{
_gnutls_hash_deinit (&td_sha, NULL);
if (rc < 0)
return gnutls_assert_val(rc);
- hash_len = _gnutls_hash_get_algo_len (algorithm);
+ hash_len = _gnutls_hash_get_algo_len (mac_to_entry(algorithm));
}
if (type == GNUTLS_SERVER)
#include <gnutls_int.h>
#include <gnutls_hash_int.h>
#include <gnutls_errors.h>
-
-static size_t
-digest_length (int algo)
-{
- switch (algo)
- {
- case GNUTLS_DIG_NULL:
- case GNUTLS_MAC_AEAD:
- return 0;
- case GNUTLS_DIG_MD5:
- case GNUTLS_DIG_MD2:
- return 16;
- case GNUTLS_DIG_SHA1:
- case GNUTLS_DIG_RMD160:
- return 20;
- case GNUTLS_DIG_SHA256:
- return 32;
- case GNUTLS_DIG_SHA384:
- return 48;
- case GNUTLS_DIG_SHA512:
- return 64;
- case GNUTLS_DIG_SHA224:
- return 28;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-}
+#include <algorithms.h>
int
-_gnutls_hash_init (digest_hd_st * dig, gnutls_digest_algorithm_t algorithm)
+_gnutls_hash_init (digest_hd_st * dig, const mac_entry_st* e)
{
int result;
const gnutls_crypto_digest_st *cc = NULL;
- dig->algorithm = algorithm;
+ dig->e = e;
/* check if a digest has been registered
*/
- cc = _gnutls_get_crypto_digest (algorithm);
+ cc = _gnutls_get_crypto_digest (e->id);
if (cc != NULL && cc->init)
{
- if (cc->init (algorithm, &dig->handle) < 0)
+ if (cc->init (e->id, &dig->handle) < 0)
{
gnutls_assert ();
return GNUTLS_E_HASH_FAILED;
return 0;
}
- result = _gnutls_digest_ops.init (algorithm, &dig->handle);
+ result = _gnutls_digest_ops.init (e->id, &dig->handle);
if (result < 0)
{
gnutls_assert ();
handle->handle = NULL;
}
-/* returns the output size of the given hash/mac algorithm
- */
-size_t
-_gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm)
-{
- return digest_length (algorithm);
-}
-
int
_gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
const void *text, size_t textlen, void *digest)
}
int
-_gnutls_mac_init (mac_hd_st * mac, gnutls_mac_algorithm_t algorithm,
+_gnutls_mac_init (mac_hd_st * mac, const mac_entry_st* e,
const void *key, int keylen)
{
int result;
const gnutls_crypto_mac_st *cc = NULL;
- mac->algorithm = algorithm;
- mac->mac_len = _gnutls_mac_get_algo_len (algorithm);
+ mac->e = e;
+ mac->mac_len = _gnutls_mac_get_algo_len (e);
/* check if a digest has been registered
*/
- cc = _gnutls_get_crypto_mac (algorithm);
+ cc = _gnutls_get_crypto_mac (e->id);
if (cc != NULL && cc->init != NULL)
{
- if (cc->init (algorithm, &mac->handle) < 0)
+ if (cc->init (e->id, &mac->handle) < 0)
{
gnutls_assert ();
return GNUTLS_E_HASH_FAILED;
return 0;
}
- result = _gnutls_mac_ops.init (algorithm, &mac->handle);
+ result = _gnutls_mac_ops.init (e->id, &mac->handle);
if (result < 0)
{
gnutls_assert ();
*/
int
-_gnutls_mac_init_ssl3 (digest_hd_st * ret, gnutls_mac_algorithm_t algorithm,
+_gnutls_mac_init_ssl3 (digest_hd_st * ret, const mac_entry_st* e,
void *key, int keylen)
{
uint8_t ipad[48];
int padsize, result;
- padsize = get_padsize ((gnutls_digest_algorithm_t)algorithm);
+ padsize = get_padsize ((gnutls_digest_algorithm_t)e->id);
if (padsize == 0)
{
gnutls_assert ();
memset (ipad, 0x36, padsize);
- result = _gnutls_hash_init (ret, (gnutls_digest_algorithm_t)algorithm);
+ result = _gnutls_hash_init (ret, e);
if (result < 0)
{
gnutls_assert ();
int padsize;
int block, rc;
- padsize = get_padsize (handle->algorithm);
+ padsize = get_padsize (handle->e->id);
if (padsize == 0)
{
gnutls_assert ();
memset (opad, 0x5C, padsize);
- rc = _gnutls_hash_init (&td, handle->algorithm);
+ rc = _gnutls_hash_init (&td, handle->e);
if (rc < 0)
{
gnutls_assert ();
_gnutls_hash (&td, handle->key, handle->keysize);
_gnutls_hash (&td, opad, padsize);
- block = _gnutls_mac_get_algo_len (handle->algorithm);
+ block = _gnutls_mac_get_algo_len (handle->e);
_gnutls_hash_output (handle, ret); /* get the previous hash */
_gnutls_hash (&td, ret, block);
int padsize;
int block, rc;
- padsize = get_padsize (handle->algorithm);
+ padsize = get_padsize (handle->e->id);
if (padsize == 0)
{
gnutls_assert ();
memset (opad, 0x5C, padsize);
memset (ipad, 0x36, padsize);
- rc = _gnutls_hash_init (&td, handle->algorithm);
+ rc = _gnutls_hash_init (&td, handle->e);
if (rc < 0)
{
gnutls_assert ();
_gnutls_hash (&td, key, key_size);
_gnutls_hash (&td, opad, padsize);
- block = _gnutls_mac_get_algo_len (handle->algorithm);
+ block = _gnutls_mac_get_algo_len (handle->e);
if (key_size > 0)
_gnutls_hash (handle, key, key_size);
text1[j] = 65 + i; /* A==65 */
}
- ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
+ ret = _gnutls_hash_init (&td, mac_to_entry(GNUTLS_MAC_SHA1));
if (ret < 0)
{
gnutls_assert ();
digest_hd_st td;
int ret;
- ret = _gnutls_hash_init (&td, GNUTLS_MAC_MD5);
+ ret = _gnutls_hash_init (&td, mac_to_entry(GNUTLS_MAC_MD5));
if (ret < 0)
{
gnutls_assert ();
int block = MD5_DIGEST_OUTPUT;
int rc;
- rc = _gnutls_hash_init (&td, GNUTLS_MAC_MD5);
+ rc = _gnutls_hash_init (&td, mac_to_entry(GNUTLS_MAC_MD5));
if (rc < 0)
{
gnutls_assert ();
typedef struct
{
- gnutls_digest_algorithm_t algorithm;
+ const mac_entry_st * e;
hash_func hash;
output_func output;
deinit_func deinit;
typedef struct
{
- gnutls_mac_algorithm_t algorithm;
+ const mac_entry_st * e;
int mac_len;
hash_func hash;
/* basic functions */
int _gnutls_mac_exists(gnutls_mac_algorithm_t algorithm);
-int _gnutls_mac_init (mac_hd_st *, gnutls_mac_algorithm_t algorithm,
+int _gnutls_mac_init (mac_hd_st *, const mac_entry_st* e,
const void *key, int keylen);
-size_t _gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm);
-size_t _gnutls_mac_get_algo_len (gnutls_mac_algorithm_t algorithm);
int _gnutls_mac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
int keylen, const void *text, size_t textlen,
void *digest);
_gnutls_mac_deinit (mac_hd_st * handle, void *digest);
/* Hash interface */
-int _gnutls_hash_init (digest_hd_st *, gnutls_digest_algorithm_t algorithm);
+int _gnutls_hash_init (digest_hd_st *, const mac_entry_st* e);
inline static int
_gnutls_hash (digest_hd_st * handle, const void *text, size_t textlen)
/* when the current output is needed without calling deinit
*/
-inline static void
-_gnutls_hash_output (digest_hd_st * handle, void *digest)
-{
- size_t maclen;
-
- maclen = _gnutls_hash_get_algo_len (handle->algorithm);
-
- if (digest != NULL)
- {
- handle->output (handle->handle, digest, maclen);
- }
-}
+#define _gnutls_hash_output(h, d) \
+ (h)->output((h)->handle, d, _gnutls_hash_get_algo_len((h)->e))
void
_gnutls_hash_deinit (digest_hd_st * handle, void *digest);
const void *text, size_t textlen, void *digest);
/* help functions */
-int _gnutls_mac_init_ssl3 (digest_hd_st *, gnutls_mac_algorithm_t algorithm,
+int _gnutls_mac_init_ssl3 (digest_hd_st *, const mac_entry_st* e,
void *key, int keylen);
int _gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void *digest);
int _gnutls_mac_output_ssl3 (digest_hd_st * handle, void *digest);
return 0;
}
-/* We shouldn't need to know that, but a work-around in decoding
- * TLS record padding requires that.
- */
-inline static size_t
-_gnutls_get_hash_block_len (gnutls_digest_algorithm_t algo)
-{
- switch (algo)
- {
- case GNUTLS_DIG_MD5:
- case GNUTLS_DIG_SHA1:
- case GNUTLS_DIG_RMD160:
- case GNUTLS_DIG_SHA256:
- case GNUTLS_DIG_SHA384:
- case GNUTLS_DIG_SHA512:
- case GNUTLS_DIG_SHA224:
- return 64;
- default:
- return 0;
- }
-}
-
#endif /* GNUTLS_HASH_INT_H */
struct record_parameters_st;
typedef struct record_parameters_st record_parameters_st;
+/* cipher and mac parameters */
+typedef struct cipher_entry_st
+{
+ const char *name;
+ gnutls_cipher_algorithm_t id;
+ uint16_t blocksize;
+ uint16_t keysize;
+ unsigned block:1;
+ uint16_t iv; /* the size of IV */
+ unsigned aead:1; /* Whether it is authenc cipher */
+} cipher_entry_st;
+
+typedef struct mac_entry_st
+{
+ const char *name;
+ const char *oid;
+ gnutls_mac_algorithm_t id;
+ unsigned output_size;
+ unsigned key_size;
+ unsigned nonce_size;
+ unsigned placeholder; /* if set, then not a real MAC */
+ unsigned secure; /* if set the this algorithm is secure as hash */
+ unsigned block_size; /* internal block size for HMAC */
+} mac_entry_st;
+
+typedef struct
+{
+ const char *name;
+ gnutls_protocol_t id; /* gnutls internal version number */
+ uint8_t major; /* defined by the protocol */
+ uint8_t minor; /* defined by the protocol */
+ transport_t transport; /* Type of transport, stream or datagram */
+ unsigned int supported:1; /* 0 not supported, > 0 is supported */
+} version_entry_st;
+
+
/* STATE (cont) */
#include <gnutls_hash_int.h>
uint64 sequence_number;
};
+
/* These are used to resolve relative epochs. These values are just
outside the 16 bit range to prevent off-by-one errors. An absolute
epoch may be referred to by its numeric id in the range
uint16_t epoch;
int initialized;
- gnutls_cipher_algorithm_t cipher_algorithm;
- gnutls_mac_algorithm_t mac_algorithm;
+// gnutls_cipher_algorithm_t cipher_algorithm;
+// gnutls_mac_algorithm_t mac_algorithm;
gnutls_compression_method_t compression_algorithm;
+ const cipher_entry_st* cipher;
+ const mac_entry_st* mac;
+
/* for DTLS */
uint64_t record_sw[DTLS_RECORD_WINDOW_SIZE];
unsigned int record_sw_head_idx;
* structure. The digest info is allocated and stored into the info structure.
*/
int
-encode_ber_digest_info (gnutls_digest_algorithm_t hash,
+encode_ber_digest_info (const mac_entry_st* e,
const gnutls_datum_t * digest,
gnutls_datum_t * output)
{
uint8_t *tmp_output;
int tmp_output_size;
- algo = _gnutls_x509_mac_to_oid ((gnutls_mac_algorithm_t) hash);
+ algo = _gnutls_x509_mac_to_oid (e);
if (algo == NULL)
{
gnutls_assert ();
- _gnutls_debug_log ("Hash algorithm: %d has no OID\n", hash);
+ _gnutls_debug_log ("Hash algorithm: %d has no OID\n", e->id);
return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
}
bigint_t * s);
int
-encode_ber_digest_info (gnutls_digest_algorithm_t hash,
+encode_ber_digest_info (const mac_entry_st* e,
const gnutls_datum_t * digest,
gnutls_datum_t * output);
#include <openpgp/openpgp_int.h>
#include <openpgp/gnutls_openpgp.h>
#include <gnutls_sig.h>
+#include <algorithms.h>
#include <abstract_int.h>
/**
{
int ret;
gnutls_datum_t digest;
+ const mac_entry_st* me = mac_to_entry(hash);
if (flags & GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- ret = pk_hash_data (signer->pk_algorithm, hash, NULL, data, &digest);
+ ret = pk_hash_data (signer->pk_algorithm, me, NULL, data, &digest);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
- ret = pk_prepare_hash (signer->pk_algorithm, hash, &digest);
+ ret = pk_prepare_hash (signer->pk_algorithm, me, &digest);
if (ret < 0)
{
gnutls_assert ();
digest.size = hash_data->size;
memcpy (digest.data, hash_data->data, digest.size);
- ret = pk_prepare_hash (signer->pk_algorithm, hash_algo, &digest);
+ ret = pk_prepare_hash (signer->pk_algorithm, mac_to_entry(hash_algo), &digest);
if (ret < 0)
{
gnutls_assert ();
if (ret < 0)
return gnutls_assert_val(ret);
- ret = pubkey_verify_data( pubkey->pk_algorithm, hash, data, signature,
- &pubkey->params);
+ ret = pubkey_verify_data( pubkey->pk_algorithm, mac_to_entry(hash),
+ data, signature, &pubkey->params);
if (ret < 0)
{
gnutls_assert();
const gnutls_datum_t * signature)
{
int ret;
+ const mac_entry_st* me;
if (pubkey == NULL)
{
if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- ret = pubkey_verify_data( pubkey->pk_algorithm, gnutls_sign_get_hash_algorithm(algo),
+ me = mac_to_entry(gnutls_sign_get_hash_algorithm(algo));
+ ret = pubkey_verify_data( pubkey->pk_algorithm, me,
data, signature, &pubkey->params);
if (ret < 0)
{
const gnutls_datum_t * hash,
const gnutls_datum_t * signature)
{
+ const mac_entry_st* me;
+
if (key == NULL)
{
gnutls_assert ();
}
else
{
- return pubkey_verify_hashed_data (key->pk_algorithm, gnutls_sign_get_hash_algorithm(algo),
+ me = mac_to_entry(gnutls_sign_get_hash_algorithm(algo));
+ return pubkey_verify_hashed_data (key->pk_algorithm, me,
hash, signature, &key->params);
}
}
gnutls_sign_algorithm_t sign)
{
unsigned int hash_size;
-unsigned int hash_algo;
unsigned int sig_hash_size;
+const mac_entry_st* me;
if (pubkey->pk_algorithm == GNUTLS_PK_DSA)
{
- hash_algo = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params, &hash_size);
+ me = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params);
+ hash_size = _gnutls_hash_get_algo_len(me);
/* DSA keys over 1024 bits cannot be used with TLS 1.x, x<2 */
if (!_gnutls_version_has_selectable_sighash (ver))
{
- if (hash_algo != GNUTLS_DIG_SHA1)
+ if (me->id != GNUTLS_MAC_SHA1)
return gnutls_assert_val(GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL);
}
else if (sign != GNUTLS_SIGN_UNKNOWN)
{
- sig_hash_size = _gnutls_hash_get_algo_len(gnutls_sign_get_hash_algorithm(sign));
+ me = mac_to_entry(gnutls_sign_get_hash_algorithm(sign));
+ sig_hash_size = _gnutls_hash_get_algo_len(me);
if (sig_hash_size < hash_size)
_gnutls_audit_log(session, "The hash size used in signature (%u) is less than the expected (%u)\n", sig_hash_size, hash_size);
}
{
if (_gnutls_version_has_selectable_sighash (ver) && sign != GNUTLS_SIGN_UNKNOWN)
{
- _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params, &hash_size);
- sig_hash_size = _gnutls_hash_get_algo_len(gnutls_sign_get_hash_algorithm(sign));
+ me = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params);
+ hash_size = _gnutls_hash_get_algo_len(me);
+
+ me = mac_to_entry(gnutls_sign_get_hash_algorithm(sign));
+ sig_hash_size = _gnutls_hash_get_algo_len(me);
if (sig_hash_size < hash_size)
_gnutls_audit_log(session, "The hash size used in signature (%u) is less than the expected (%u)\n", sig_hash_size, hash_size);
* params[1] is public key
*/
static int
-_pkcs1_rsa_verify_sig (gnutls_digest_algorithm_t hash,
+_pkcs1_rsa_verify_sig (const mac_entry_st* me,
const gnutls_datum_t * text,
const gnutls_datum_t * prehash,
const gnutls_datum_t * signature,
gnutls_datum_t d, di;
digest_hd_st hd;
- digest_size = _gnutls_hash_get_algo_len (hash);
+ digest_size = _gnutls_hash_get_algo_len (me);
if (prehash)
{
if (prehash->data == NULL || prehash->size != digest_size)
return GNUTLS_E_INVALID_REQUEST;
}
- ret = _gnutls_hash_init (&hd, hash);
+ ret = _gnutls_hash_init (&hd, me);
if (ret < 0)
{
gnutls_assert ();
/* decrypted is a BER encoded data of type DigestInfo
*/
- ret = encode_ber_digest_info (hash, &d, &di);
+ ret = encode_ber_digest_info (me, &d, &di);
if (ret < 0)
return gnutls_assert_val(ret);
*/
static int
dsa_verify_hashed_data (gnutls_pk_algorithm_t pk,
- gnutls_digest_algorithm_t algo,
+ const mac_entry_st* algo,
const gnutls_datum_t * hash,
const gnutls_datum_t * signature,
gnutls_pk_params_st* params)
gnutls_datum_t digest;
unsigned int hash_len;
- if (algo == GNUTLS_DIG_UNKNOWN)
- algo = _gnutls_dsa_q_to_hash (pk, params, &hash_len);
- else hash_len = _gnutls_hash_get_algo_len(algo);
+ if (algo == NULL)
+ algo = _gnutls_dsa_q_to_hash (pk, params);
+
+ hash_len = _gnutls_hash_get_algo_len(algo);
/* SHA1 or better allowed */
if (!hash->data || hash->size < hash_len)
{
gnutls_assert();
- _gnutls_debug_log("Hash size (%d) does not correspond to hash %s(%d) or better.\n", (int)hash->size, gnutls_mac_get_name(algo), hash_len);
+ _gnutls_debug_log("Hash size (%d) does not correspond to hash %s(%d) or better.\n",
+ (int)hash->size, _gnutls_mac_get_name(algo), hash_len);
if (hash->size != 20) /* SHA1 is allowed */
return gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED);
static int
dsa_verify_data (gnutls_pk_algorithm_t pk,
- gnutls_digest_algorithm_t algo,
+ const mac_entry_st* algo,
const gnutls_datum_t * data,
const gnutls_datum_t * signature,
gnutls_pk_params_st* params)
gnutls_datum_t digest;
digest_hd_st hd;
- if (algo == GNUTLS_DIG_UNKNOWN)
- algo = _gnutls_dsa_q_to_hash (pk, params, NULL);
+ if (algo == NULL)
+ algo = _gnutls_dsa_q_to_hash (pk, params);
ret = _gnutls_hash_init (&hd, algo);
if (ret < 0)
*/
int
pubkey_verify_hashed_data (gnutls_pk_algorithm_t pk,
- gnutls_digest_algorithm_t hash_algo,
+ const mac_entry_st* hash_algo,
const gnutls_datum_t * hash,
const gnutls_datum_t * signature,
gnutls_pk_params_st * issuer_params)
*/
int
pubkey_verify_data (gnutls_pk_algorithm_t pk,
- gnutls_digest_algorithm_t hash_algo,
+ const mac_entry_st* me,
const gnutls_datum_t * data,
const gnutls_datum_t * signature,
gnutls_pk_params_st * issuer_params)
case GNUTLS_PK_RSA:
if (_pkcs1_rsa_verify_sig
- (hash_algo, data, NULL, signature, issuer_params) != 0)
+ (me, data, NULL, signature, issuer_params) != 0)
{
gnutls_assert ();
return GNUTLS_E_PK_SIG_VERIFY_FAILED;
case GNUTLS_PK_EC:
case GNUTLS_PK_DSA:
- if (dsa_verify_data(pk, hash_algo, data, signature, issuer_params) != 0)
+ if (dsa_verify_data(pk, me, data, signature, issuer_params) != 0)
{
gnutls_assert ();
return GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
}
-gnutls_digest_algorithm_t
-_gnutls_dsa_q_to_hash (gnutls_pk_algorithm_t algo, const gnutls_pk_params_st* params,
- unsigned int* hash_len)
+const mac_entry_st*
+_gnutls_dsa_q_to_hash (gnutls_pk_algorithm_t algo, const gnutls_pk_params_st* params)
{
int bits = 0;
+ int ret;
if (algo == GNUTLS_PK_DSA)
bits = _gnutls_mpi_get_nbits (params->params[1]);
if (bits <= 160)
{
- if (hash_len) *hash_len = 20;
- return GNUTLS_DIG_SHA1;
+ ret = GNUTLS_DIG_SHA1;
}
else if (bits <= 192)
{
- if (hash_len) *hash_len = 24;
- return GNUTLS_DIG_SHA256;
+ ret = GNUTLS_DIG_SHA256;
}
else if (bits <= 224)
{
- if (hash_len) *hash_len = 28;
- return GNUTLS_DIG_SHA256;
+ ret = GNUTLS_DIG_SHA256;
}
else if (bits <= 256)
{
- if (hash_len) *hash_len = 32;
- return GNUTLS_DIG_SHA256;
+ ret = GNUTLS_DIG_SHA256;
}
else if (bits <= 384)
{
- if (hash_len) *hash_len = 48;
- return GNUTLS_DIG_SHA384;
+ ret = GNUTLS_DIG_SHA384;
}
else
{
- if (hash_len) *hash_len = 64;
- return GNUTLS_DIG_SHA512;
+ ret = GNUTLS_DIG_SHA512;
}
+
+ return mac_to_entry(ret);
}
/**
this_pad = MIN (max_pad, max_frag - data_length);
block_size =
- gnutls_cipher_get_block_size (record_params->cipher_algorithm);
+ _gnutls_cipher_get_block_size (record_params->cipher);
tag_size =
_gnutls_auth_cipher_tag_len (&record_params->write.cipher_state);
- switch (_gnutls_cipher_is_block (record_params->cipher_algorithm))
+ switch (_gnutls_cipher_is_block (record_params->cipher))
{
case CIPHER_STREAM:
return this_pad;
return 0;
}
- switch (_gnutls_cipher_is_block (record_params->cipher_algorithm))
+ switch (_gnutls_cipher_is_block (record_params->cipher))
{
case CIPHER_BLOCK:
return 1;
#include <abstract_int.h>
static int
-sign_tls_hash (gnutls_session_t session, gnutls_digest_algorithm_t hash_algo,
+sign_tls_hash (gnutls_session_t session, const mac_entry_st* hash_algo,
gnutls_pcert_st* cert, gnutls_privkey_t pkey,
const gnutls_datum_t * hash_concat,
gnutls_datum_t * signature);
digest_hd_st td_sha;
uint8_t concat[MAX_SIG_SIZE];
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
- gnutls_digest_algorithm_t hash_algo;
+ const mac_entry_st* hash_algo;
*sign_algo =
_gnutls_session_get_sign_algo (session, cert);
gnutls_sign_algorithm_set_server(session, *sign_algo);
- hash_algo = gnutls_sign_get_hash_algorithm (*sign_algo);
+ hash_algo = mac_to_entry(gnutls_sign_get_hash_algorithm (*sign_algo));
_gnutls_handshake_log ("HSK[%p]: signing handshake data: using %s\n",
session, gnutls_sign_algorithm_get_name (*sign_algo));
{
digest_hd_st td_md5;
- ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5);
+ ret = _gnutls_hash_init (&td_md5, mac_to_entry(GNUTLS_MAC_MD5));
if (ret < 0)
{
gnutls_assert ();
case GNUTLS_PK_EC:
_gnutls_hash_deinit (&td_sha, concat);
- if (!IS_SHA(hash_algo))
+ if (!IS_SHA(hash_algo->id))
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
* it supports signing.
*/
static int
-sign_tls_hash (gnutls_session_t session, gnutls_digest_algorithm_t hash_algo,
+sign_tls_hash (gnutls_session_t session, const mac_entry_st* hash_algo,
gnutls_pcert_st* cert, gnutls_privkey_t pkey,
const gnutls_datum_t * hash_concat,
gnutls_datum_t * signature)
{
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
unsigned int key_usage = 0;
+
/* If our certificate supports signing
*/
-
if (cert != NULL)
{
gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
if (!_gnutls_version_has_selectable_sighash (ver))
return gnutls_privkey_sign_raw_data (pkey, 0, hash_concat, signature);
else
- return gnutls_privkey_sign_hash (pkey, hash_algo, 0, hash_concat, signature);
+ return gnutls_privkey_sign_hash (pkey, hash_algo->id, 0, hash_concat, signature);
}
static int
uint8_t concat[MAX_SIG_SIZE];
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
gnutls_digest_algorithm_t hash_algo;
+ const mac_entry_st * me;
if (_gnutls_version_has_selectable_sighash (ver))
{
return gnutls_assert_val(ret);
hash_algo = gnutls_sign_get_hash_algorithm (sign_algo);
+ me = mac_to_entry(hash_algo);
}
else
{
- ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5);
+ me = mac_to_entry(GNUTLS_DIG_MD5);
+ ret = _gnutls_hash_init (&td_md5, me);
if (ret < 0)
{
gnutls_assert ();
GNUTLS_RANDOM_SIZE);
_gnutls_hash (&td_md5, params->data, params->size);
- hash_algo = GNUTLS_DIG_SHA1;
+ me = mac_to_entry(GNUTLS_DIG_SHA1);
}
- ret = _gnutls_hash_init (&td_sha, hash_algo);
+ ret = _gnutls_hash_init (&td_sha, me);
if (ret < 0)
{
gnutls_assert ();
_gnutls_hash_deinit (&td_sha, concat);
dconcat.data = concat;
- dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
+ dconcat.size = _gnutls_hash_get_algo_len (me);
}
ret = verify_tls_hash (session, ver, cert, &dconcat, signature,
- dconcat.size - _gnutls_hash_get_algo_len (hash_algo),
+ dconcat.size - _gnutls_hash_get_algo_len (me),
sign_algo, gnutls_sign_get_pk_algorithm (sign_algo));
if (ret < 0)
{
int ret;
uint8_t concat[MAX_HASH_SIZE];
gnutls_datum_t dconcat;
- gnutls_digest_algorithm_t hash_algo;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
gnutls_pk_algorithm_t pk = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
+ const mac_entry_st *me;
ret = _gnutls_session_sign_algo_enabled(session, sign_algo);
if (ret < 0)
gnutls_sign_algorithm_set_client(session, sign_algo);
- hash_algo = gnutls_sign_get_hash_algorithm(sign_algo);
+ me = mac_to_entry(gnutls_sign_get_hash_algorithm(sign_algo));
- ret = _gnutls_hash_fast(hash_algo, session->internals.handshake_hash_buffer.data,
+ ret = _gnutls_hash_fast(me->id, session->internals.handshake_hash_buffer.data,
session->internals.handshake_hash_buffer_prev_len,
concat);
if (ret < 0)
return gnutls_assert_val(ret);
dconcat.data = concat;
- dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
+ dconcat.size = _gnutls_hash_get_algo_len (me);
ret =
verify_tls_hash (session, ver, cert, &dconcat, signature, 0, sign_algo, pk);
sign_algo);
ret =
- _gnutls_hash_init (&td_md5, GNUTLS_DIG_MD5);
+ _gnutls_hash_init (&td_md5, mac_to_entry(GNUTLS_DIG_MD5));
if (ret < 0)
{
gnutls_assert ();
}
ret =
- _gnutls_hash_init (&td_sha, GNUTLS_DIG_SHA1);
+ _gnutls_hash_init (&td_sha, mac_to_entry(GNUTLS_DIG_SHA1));
if (ret < 0)
{
gnutls_assert ();
int ret;
uint8_t concat[MAX_SIG_SIZE];
gnutls_sign_algorithm_t sign_algo;
- gnutls_digest_algorithm_t hash_algo;
+ const mac_entry_st* me;
sign_algo =
_gnutls_session_get_sign_algo (session, cert);
gnutls_sign_algorithm_set_client(session, sign_algo);
- hash_algo = gnutls_sign_get_hash_algorithm (sign_algo);
+ me = mac_to_entry(gnutls_sign_get_hash_algorithm (sign_algo));
_gnutls_debug_log ("sign handshake cert vrfy: picked %s with %s\n",
gnutls_sign_algorithm_get_name (sign_algo),
- gnutls_mac_get_name ((gnutls_mac_algorithm_t)hash_algo));
+ _gnutls_mac_get_name (me));
- ret = _gnutls_hash_fast (hash_algo, session->internals.handshake_hash_buffer.data,
+ ret = _gnutls_hash_fast (me->id, session->internals.handshake_hash_buffer.data,
session->internals.handshake_hash_buffer.length,
concat);
if (ret < 0)
return gnutls_assert_val(ret);
dconcat.data = concat;
- dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
+ dconcat.size = _gnutls_hash_get_algo_len (me);
- ret = sign_tls_hash (session, hash_algo, cert, pkey, &dconcat, signature);
+ ret = sign_tls_hash (session, me, cert, pkey, &dconcat, signature);
if (ret < 0)
{
gnutls_assert ();
signature);
ret =
- _gnutls_hash_init (&td_sha, GNUTLS_DIG_SHA1);
+ _gnutls_hash_init (&td_sha, mac_to_entry(GNUTLS_DIG_SHA1));
if (ret < 0)
{
gnutls_assert ();
{
case GNUTLS_PK_RSA:
ret =
- _gnutls_hash_init (&td_md5, GNUTLS_DIG_MD5);
+ _gnutls_hash_init (&td_md5, mac_to_entry(GNUTLS_DIG_MD5));
if (ret < 0)
return gnutls_assert_val(ret);
default:
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
}
- ret = sign_tls_hash (session, GNUTLS_DIG_NULL, cert, pkey, &dconcat, signature);
+ ret = sign_tls_hash (session, NULL, cert, pkey, &dconcat, signature);
if (ret < 0)
{
gnutls_assert ();
}
int
-pk_hash_data (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
+pk_hash_data (gnutls_pk_algorithm_t pk, const mac_entry_st* hash,
gnutls_pk_params_st* params,
const gnutls_datum_t * data, gnutls_datum_t * digest)
{
return GNUTLS_E_MEMORY_ERROR;
}
- ret = _gnutls_hash_fast (hash, data->data, data->size, digest->data);
+ ret = _gnutls_hash_fast (hash->id, data->data, data->size, digest->data);
if (ret < 0)
{
gnutls_assert ();
*/
int
pk_prepare_hash (gnutls_pk_algorithm_t pk,
- gnutls_digest_algorithm_t hash, gnutls_datum_t * digest)
+ const mac_entry_st* hash, gnutls_datum_t * digest)
{
int ret;
gnutls_datum_t old_digest = { digest->data, digest->size };
switch (pk)
{
case GNUTLS_PK_RSA:
+ if (unlikely(hash == NULL))
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
/* Encode the digest as a DigestInfo
*/
if ((ret = encode_ber_digest_info (hash, &old_digest, digest)) != 0)
gnutls_datum_t * signature,
gnutls_sign_algorithm_t algo);
-int pk_prepare_hash (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
+int pk_prepare_hash (gnutls_pk_algorithm_t pk, const mac_entry_st* hash,
gnutls_datum_t * output);
-int pk_hash_data (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
+int pk_hash_data (gnutls_pk_algorithm_t pk, const mac_entry_st* hash,
gnutls_pk_params_st * params, const gnutls_datum_t * data,
gnutls_datum_t * digest);
#include <gnutls_mpi.h>
#include <gnutls_num.h>
#include <gnutls_helper.h>
+#include <algorithms.h>
#include "debug.h"
digest_hd_st td;
uint8_t res[MAX_HASH_SIZE];
int ret;
+ const mac_entry_st* me = mac_to_entry(GNUTLS_MAC_SHA1);
*size = 20;
- ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
+ ret = _gnutls_hash_init (&td, me);
if (ret < 0)
{
return GNUTLS_E_MEMORY_ERROR;
_gnutls_hash_deinit (&td, res);
- ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
+ ret = _gnutls_hash_init (&td, me);
if (ret < 0)
{
return GNUTLS_E_MEMORY_ERROR;
if (ret < 0)
return gnutls_assert_val(GNUTLS_CIPHER_NULL);
- return record_params->cipher_algorithm;
+ return record_params->cipher->id;
}
/**
if (ret < 0)
return gnutls_assert_val(GNUTLS_MAC_NULL);
- return record_params->mac_algorithm;
+ return record_params->mac->id;
}
/**
}
inline static int
-_gnutls_cal_PRF_A (gnutls_mac_algorithm_t algorithm,
+_gnutls_cal_PRF_A (const mac_entry_st* me,
const void *secret, int secret_size,
const void *seed, int seed_size, void *result)
{
int ret;
- ret = _gnutls_mac_fast (algorithm, secret, secret_size, seed, seed_size, result);
+ ret = _gnutls_mac_fast (me->id, secret, secret_size, seed, seed_size, result);
if (ret < 0)
return gnutls_assert_val(ret);
int i, times, how, blocksize, A_size;
uint8_t final[MAX_HASH_SIZE], Atmp[MAX_SEED_SIZE];
int output_bytes, result;
+ const mac_entry_st* me = mac_to_entry(algorithm);
if (seed_size > MAX_SEED_SIZE || total_bytes <= 0)
{
return GNUTLS_E_INTERNAL_ERROR;
}
- blocksize = _gnutls_mac_get_algo_len (algorithm);
+ blocksize = _gnutls_mac_get_algo_len (me);
output_bytes = 0;
do
for (i = 0; i < times; i++)
{
- result = _gnutls_mac_init (&td2, algorithm, secret, secret_size);
+ result = _gnutls_mac_init (&td2, me, secret, secret_size);
if (result < 0)
{
gnutls_assert ();
/* here we calculate A(i+1) */
if ((result =
- _gnutls_cal_PRF_A (algorithm, secret, secret_size, Atmp,
+ _gnutls_cal_PRF_A (me, secret, secret_size, Atmp,
A_size, Atmp)) < 0)
{
gnutls_assert ();
#include <gnutls_datum.h>
#include <extras/randomart.h>
#include <read-file.h>
+#include <algorithms.h>
/**
* gnutls_random_art:
size_t * result_size)
{
int ret;
- int hash_len = _gnutls_hash_get_algo_len (algo);
+ int hash_len = _gnutls_hash_get_algo_len (mac_to_entry(algo));
if (hash_len < 0 || (unsigned) hash_len > *result_size || result == NULL)
{
const gnutls_pk_params_st * pk_params)
{
int ret;
- unsigned int hash;
unsigned int hash_len;
+ const mac_entry_st* me;
switch (algo)
{
dsa_signature_init (&sig);
- hash = _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
+ me = _gnutls_dsa_q_to_hash (algo, pk_params);
+ hash_len = _gnutls_hash_get_algo_len(me);
+
if (hash_len > vdata->size)
{
gnutls_assert ();
- _gnutls_debug_log("Security level of algorithm requires hash %s(%d) or better\n", gnutls_mac_get_name(hash), hash_len);
+ _gnutls_debug_log("Security level of algorithm requires hash %s(%d) or better\n", _gnutls_mac_get_name(me), hash_len);
hash_len = vdata->size;
}
dsa_signature_init (&sig);
- hash = _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
+ me = _gnutls_dsa_q_to_hash (algo, pk_params);
+ hash_len = _gnutls_hash_get_algo_len(me);
+
if (hash_len > vdata->size)
{
gnutls_assert ();
- _gnutls_debug_log("Security level of algorithm requires hash %s(%d) or better\n", gnutls_mac_get_name(hash), hash_len);
+ _gnutls_debug_log("Security level of algorithm requires hash %s(%d) or better\n", _gnutls_mac_get_name(me), hash_len);
hash_len = vdata->size;
}
{
int ret;
unsigned int hash_len;
+ const mac_entry_st* me;
bigint_t tmp[2] = { NULL, NULL };
switch (algo)
memcpy (&sig.r, tmp[0], sizeof (sig.r));
memcpy (&sig.s, tmp[1], sizeof (sig.s));
- _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
+ me = _gnutls_dsa_q_to_hash (algo, pk_params);
+ hash_len = _gnutls_hash_get_algo_len(me);
+
if (hash_len > vdata->size)
hash_len = vdata->size;
memcpy (&sig.r, tmp[0], sizeof (sig.r));
memcpy (&sig.s, tmp[1], sizeof (sig.s));
- _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
+ me = _gnutls_dsa_q_to_hash (algo, pk_params);
+ hash_len = _gnutls_hash_get_algo_len(me);
+
if (hash_len > vdata->size)
hash_len = vdata->size;
unsigned digest_size;
mpz_t s;
struct rsa_public_key pub;
+ const mac_entry_st* me;
int ret;
mpz_init(s);
case GNUTLS_PK_DSA:
case GNUTLS_PK_EC:
+ me = _gnutls_dsa_q_to_hash (pk, issuer_params);
if (hash_algo)
- *hash_algo = _gnutls_dsa_q_to_hash (pk, issuer_params, NULL);
+ *hash_algo = me->id;
ret = 0;
break;
goto cleanup;
}
- if (digest_size != _gnutls_hash_get_algo_len (*hash_algo))
+ if (digest_size != _gnutls_hash_get_algo_len (mac_to_entry(*hash_algo)))
{
gnutls_assert ();
ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
noinst_LTLIBRARIES = libminiopencdk.la
libminiopencdk_la_SOURCES = armor.c filters.h keydb.h types.h \
- kbnode.c main.h packet.h sig-check.c hash.c \
+ kbnode.c main.h packet.h sig-check.c \
keydb.c pubkey.c stream.c write-packet.c misc.c seskey.c \
context.h literal.c new-packet.c read-packet.c stream.h opencdk.h
+++ /dev/null
-/* hash.c - Hash filters
- * Copyright (C) 2002-2012 Free Software Foundation, Inc.
- *
- * Author: Timo Schulz
- *
- * This file is part of OpenCDK.
- *
- * The OpenCDK library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <sys/stat.h>
-
-#include "opencdk.h"
-#include "main.h"
-#include "filters.h"
-
-static cdk_error_t
-hash_encode (void *data, FILE * in, FILE * out)
-{
- md_filter_t *mfx = data;
- byte buf[BUFSIZE];
- int err;
- int nread;
-
- if (!mfx)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
-
- _cdk_log_debug ("hash filter: encode algo=%d\n", mfx->digest_algo);
-
- if (!mfx->md_initialized)
- {
- err = _gnutls_hash_init (&mfx->md, mfx->digest_algo);
- if (err < 0)
- {
- gnutls_assert ();
- return map_gnutls_error (err);
- }
-
- mfx->md_initialized = 1;
- }
-
- while (!feof (in))
- {
- nread = fread (buf, 1, BUFSIZE, in);
- if (!nread)
- break;
- _gnutls_hash (&mfx->md, buf, nread);
- }
-
- memset (buf, 0, sizeof (buf));
- return 0;
-}
-
-cdk_error_t
-_cdk_filter_hash (void *data, int ctl, FILE * in, FILE * out)
-{
- if (ctl == STREAMCTL_READ)
- return hash_encode (data, in, out);
- else if (ctl == STREAMCTL_FREE)
- {
- md_filter_t *mfx = data;
- if (mfx)
- {
- _cdk_log_debug ("free hash filter\n");
- _gnutls_hash_deinit (&mfx->md, NULL);
- mfx->md_initialized = 0;
- return 0;
- }
- }
-
- gnutls_assert ();
- return CDK_Inv_Mode;
-}
int ret, algo;
unsigned int i;
gnutls_pk_params_st params;
+ const mac_entry_st* me;
if (!pk || !sig || !md)
{
gnutls_assert ();
goto leave;
}
-
- rc = _gnutls_set_datum (&di, md, _gnutls_hash_get_algo_len (sig->digest_algo));
+
+ me = mac_to_entry(sig->digest_algo);
+ rc = _gnutls_set_datum (&di, md, _gnutls_hash_get_algo_len(me));
if (rc < 0)
{
rc = gnutls_assert_val(CDK_Out_Of_Core);
goto leave;
}
- rc = pk_prepare_hash (algo, sig->digest_algo, &di);
+ rc = pk_prepare_hash (algo, me, &di);
if (rc < 0)
{
rc = gnutls_assert_val(CDK_General_Error);
int md_algo;
int dlen = 0;
int err;
+ const mac_entry_st* me;
if (!pk || !fpr)
return CDK_Inv_Value;
md_algo = GNUTLS_DIG_MD5; /* special */
else
md_algo = GNUTLS_DIG_SHA1;
- dlen = _gnutls_hash_get_algo_len (md_algo);
- err = _gnutls_hash_init (&hd, md_algo);
+
+ me = mac_to_entry(md_algo);
+
+ dlen = _gnutls_hash_get_algo_len (me);
+ err = _gnutls_hash_init (&hd, me);
if (err < 0)
{
gnutls_assert ();
#include "opencdk.h"
#include "main.h"
#include "packet.h"
+#include <algorithms.h>
/**
* cdk_s2k_new:
if (mode != 0x00 && mode != 0x01 && mode != 0x03)
return CDK_Inv_Mode;
- if (_gnutls_hash_get_algo_len (digest_algo) <= 0)
+ if (_gnutls_hash_get_algo_len (mac_to_entry(digest_algo)) <= 0)
return CDK_Inv_Algo;
s2k = cdk_calloc (1, sizeof *s2k);
#include <config.h>
#endif
#include <stdio.h>
-#include <assert.h>
+#include <gnutls_int.h>
+#include <algorithms.h>
#include "opencdk.h"
#include "main.h"
if (sig->hashed != NULL)
{
byte *p = _cdk_subpkt_get_array (sig->hashed, 0, &n);
- assert (p != NULL);
+ if (p == NULL)
+ return gnutls_assert_val(CDK_Inv_Value);
+
buf[0] = n >> 8;
buf[1] = n >> 0;
_gnutls_hash (md, buf, 2);
pk = knode->pkt->pkt.public_key;
sig = snode->pkt->pkt.signature;
- err = _gnutls_hash_init (&md, sig->digest_algo);
+ err = _gnutls_hash_init (&md, mac_to_entry(sig->digest_algo));
if (err < 0)
{
gnutls_assert ();
return 0;
}
-
-/**
- * cdk_stream_set_hash_flag:
- * @s: the stream object
- * @digest_algo: the digest algorithm to use
- *
- * This is for read-only streams. It pushes a digest filter to
- * calculate the digest of the given stream data.
- **/
-cdk_error_t
-cdk_stream_set_hash_flag (cdk_stream_t s, int digest_algo)
-{
- struct stream_filter_s *f;
-
- if (!s)
- {
- gnutls_assert ();
- return CDK_Inv_Value;
- }
- if (stream_get_mode (s))
- {
- gnutls_assert ();
- return CDK_Inv_Mode;
- }
- f = filter_add (s, _cdk_filter_hash, fHASH);
- if (!f)
- {
- gnutls_assert ();
- return CDK_Out_Of_Core;
- }
- f->ctl = stream_get_mode (s);
- f->u.mfx.digest_algo = digest_algo;
- f->flags.rdonly = 1;
- return 0;
-}
-
-
/**
* cdk_stream_enable_cache:
* @s: the stream object
size_t kp_len, phash_size;
time_t expiration;
int ret;
-gnutls_digest_algorithm_t hash_algo;
+const mac_entry_st* hash_algo;
uint8_t phash[MAX_HASH_SIZE];
uint8_t hphash[MAX_HASH_SIZE*2+1];
if (p == NULL)
return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
- hash_algo = (time_t)atol(p);
+ hash_algo = mac_to_entry(atol(p));
if (_gnutls_digest_get_name(hash_algo) == NULL)
return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
if (p != NULL) *p = 0;
/* hash and hex encode */
- ret = _gnutls_hash_fast (hash_algo, skey->data, skey->size, phash);
+ ret = _gnutls_hash_fast (hash_algo->id, skey->data, skey->size, phash);
if (ret < 0)
return gnutls_assert_val(ret);
FILE* fd = NULL;
int ret;
char local_file[MAX_FILENAME];
+const mac_entry_st* me = mac_to_entry(hash_algo);
- if (_gnutls_digest_is_secure(hash_algo) == 0)
+ if (_gnutls_digest_is_secure(me) == 0)
return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
- if (_gnutls_hash_get_algo_len(hash_algo) != hash->size)
+ if (_gnutls_hash_get_algo_len(me) != hash->size)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
if (db_name == NULL && tdb == NULL)
_gnutls_debug_log("Configuration file: %s\n", db_name);
- tdb->cstore(db_name, host, service, expiration, hash_algo, hash);
+ tdb->cstore(db_name, host, service, expiration, me->id, hash);
ret = 0;
goto cleanup;
}
- ret = pubkey_verify_data(gnutls_x509_crq_get_pk_algorithm (crq, NULL), algo,
+ ret = pubkey_verify_data(gnutls_x509_crq_get_pk_algorithm (crq, NULL),
+ mac_to_entry(algo),
&data, &signature, ¶ms);
if (ret < 0)
{
return GNUTLS_E_INVALID_REQUEST;
}
- oid = _gnutls_x509_digest_to_oid (digest);
+ oid = _gnutls_x509_digest_to_oid (mac_to_entry(digest));
if (oid == NULL)
{
gnutls_assert ();
goto cleanup;
}
- hash_len = _gnutls_hash_get_algo_len(digest);
+ hash_len = _gnutls_hash_get_algo_len(mac_to_entry(digest));
if (hash_len != rdn_hash.size)
{
ret = gnutls_assert_val(GNUTLS_E_OCSP_RESPONSE_ERROR);
continue;
}
addf (str, "\t\t\tHash Algorithm: %s\n",
- _gnutls_digest_get_name (digest));
+ _gnutls_digest_get_name (mac_to_entry(digest)));
adds (str, "\t\t\tIssuer Name Hash: ");
_gnutls_buffer_hexprint (str, in.data, in.size);
continue;
}
addf (str, "\t\t\tHash Algorithm: %s\n",
- _gnutls_digest_get_name (digest));
+ _gnutls_digest_get_name (mac_to_entry(digest)));
adds (str, "\t\t\tIssuer Name Hash: ");
_gnutls_buffer_hexprint (str, in.data, in.size);
/* MAC the data
*/
- result = _gnutls_mac_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key));
+ result = _gnutls_mac_init (&td1, mac_to_entry(GNUTLS_MAC_SHA1),
+ key, sizeof (key));
if (result < 0)
{
gnutls_assert ();
/* MAC the data
*/
- result = _gnutls_mac_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key));
+ result = _gnutls_mac_init (&td1, mac_to_entry(GNUTLS_MAC_SHA1),
+ key, sizeof (key));
if (result < 0)
{
gnutls_assert ();
#include <gnutls_errors.h>
#include <x509_int.h>
#include <c-ctype.h>
+#include <algorithms.h>
/* Returns 0 if the password is ok, or a negative error
* code instead.
for (;;)
{
- rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1);
+ rc = _gnutls_hash_init (&md, mac_to_entry(GNUTLS_MAC_SHA1));
if (rc < 0)
{
gnutls_assert ();
-*/
static int
_gnutls_x509_privkey_sign_hash2 (gnutls_x509_privkey_t signer,
- gnutls_digest_algorithm_t hash_algo,
+ const mac_entry_st *me,
unsigned int flags,
const gnutls_datum_t * hash_data,
gnutls_datum_t * signature)
digest.size = hash_data->size;
memcpy (digest.data, hash_data->data, digest.size);
- ret = pk_prepare_hash (signer->pk_algorithm, hash_algo, &digest);
+ ret = pk_prepare_hash (signer->pk_algorithm, me, &digest);
if (ret < 0)
{
gnutls_assert ();
int result;
gnutls_datum_t sig = { NULL, 0 };
gnutls_datum_t hash;
+ const mac_entry_st *me = mac_to_entry(digest);
if (key == NULL)
{
}
result =
- pk_hash_data (key->pk_algorithm, digest, &key->params, data, &hash);
+ pk_hash_data (key->pk_algorithm, me, &key->params, data, &hash);
if (result < 0)
{
gnutls_assert ();
}
result =
- _gnutls_x509_privkey_sign_hash2 (key, digest, flags, &hash, &sig);
+ _gnutls_x509_privkey_sign_hash2 (key, me, flags, &hash, &sig);
_gnutls_free_datum(&hash);
d_iv.data = (uint8_t *) enc_params->iv;
d_iv.size = enc_params->iv_size;
- result = _gnutls_cipher_init (&ch, enc_params->cipher, &dkey, &d_iv, 0);
+ result = _gnutls_cipher_init (&ch, cipher_to_entry(enc_params->cipher), &dkey, &d_iv, 0);
gnutls_free (key);
key = NULL;
d_iv.data = (uint8_t *) enc_params->iv;
d_iv.size = enc_params->iv_size;
- result = _gnutls_cipher_init (&ch, enc_params->cipher, key, &d_iv, 1);
+ result = _gnutls_cipher_init (&ch, cipher_to_entry(enc_params->cipher), key, &d_iv, 1);
if (result < 0)
{
hash_algo = gnutls_sign_get_hash_algorithm(result);
result =
- _gnutls_x509_verify_data (hash_algo, &cert_signed_data, &cert_signature,
+ _gnutls_x509_verify_data (mac_to_entry(hash_algo), &cert_signed_data, &cert_signature,
issuer);
if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)
{
* 'signature' is the signature!
*/
int
-_gnutls_x509_verify_data (gnutls_digest_algorithm_t algo,
+_gnutls_x509_verify_data (const mac_entry_st* me,
const gnutls_datum_t * data,
const gnutls_datum_t * signature,
gnutls_x509_crt_t issuer)
}
ret =
- pubkey_verify_data (gnutls_x509_crt_get_pk_algorithm (issuer, NULL), algo,
- data, signature, &issuer_params);
+ pubkey_verify_data (gnutls_x509_crt_get_pk_algorithm (issuer, NULL),
+ me, data, signature, &issuer_params);
if (ret < 0)
{
gnutls_assert ();
hash_algo = gnutls_sign_get_hash_algorithm(result);
result =
- _gnutls_x509_verify_data (hash_algo, &crl_signed_data, &crl_signature,
+ _gnutls_x509_verify_data (mac_to_entry(hash_algo), &crl_signed_data, &crl_signature,
issuer);
if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)
{
int ret = 0;
gnutls_datum_t der = { NULL, 0 };
const gnutls_digest_algorithm_t hash = GNUTLS_DIG_SHA1;
- unsigned int digest_len = _gnutls_hash_get_algo_len(hash);
+ unsigned int digest_len = _gnutls_hash_get_algo_len(mac_to_entry(hash));
if (output_data == NULL || *output_data_size < digest_len)
{
}
ret =
- pubkey_verify_hashed_data (gnutls_x509_crt_get_pk_algorithm (crt, NULL), algo,
+ pubkey_verify_hashed_data (gnutls_x509_crt_get_pk_algorithm (crt, NULL),
+ mac_to_entry(algo),
hash, signature, ¶ms);
if (ret < 0)
{
gnutls_pk_algorithm_t pk,
gnutls_pk_params_st * issuer_params);
-int _gnutls_x509_verify_data (gnutls_digest_algorithm_t algo,
+int _gnutls_x509_verify_data (const mac_entry_st* me,
const gnutls_datum_t * data,
const gnutls_datum_t * signature,
gnutls_x509_crt_t issuer);