removed ENABLE_CAMELLIA and NETTLE_GCM.
endif
if ENABLE_NETTLE
-libgnutls_la_LDFLAGS += $(LTLIBNETTLE) $(NETTLE_LIBS)
+libgnutls_la_LDFLAGS += $(LTLIBNETTLE)
libgnutls_la_LIBADD += nettle/libcrypto.la
else
libgnutls_la_LDFLAGS += $(LTLIBGCRYPT)
{"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0, 0},
{"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 1, 0},
{"RC2-40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 1, 0},
-#ifdef ENABLE_CAMELLIA
{"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK,
16, 0, 0},
{"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16, CIPHER_BLOCK,
16, 0, 0},
-#endif
#ifdef ENABLE_OPENPGP
{"IDEA-PGP-CFB", GNUTLS_CIPHER_IDEA_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 0, 0},
#define GNUTLS_ANON_DH_AES_256_CBC_SHA1 { 0x00, 0x3A }
/* rfc4132 */
-#ifdef ENABLE_CAMELLIA
#define GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 }
#define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
-#endif
#define GNUTLS_ANON_DH_AES_128_CBC_SHA256 { 0x00, 0x6C }
#define GNUTLS_ANON_DH_AES_256_CBC_SHA256 { 0x00, 0x6D }
#define GNUTLS_RSA_AES_256_CBC_SHA1 { 0x00, 0x35 }
/* rfc4132 */
-#ifdef ENABLE_CAMELLIA
#define GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x41 }
#define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 }
-#endif
#define GNUTLS_RSA_AES_128_CBC_SHA256 { 0x00, 0x3C }
#define GNUTLS_RSA_AES_256_CBC_SHA256 { 0x00, 0x3D }
#define GNUTLS_DHE_DSS_AES_128_CBC_SHA1 { 0x00, 0x32 }
/* rfc4132 */
-#ifdef ENABLE_CAMELLIA
#define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 { 0x00,0x44 }
#define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 }
-#endif
#define GNUTLS_DHE_DSS_AES_128_CBC_SHA256 { 0x00, 0x40 }
#define GNUTLS_DHE_DSS_AES_256_CBC_SHA256 { 0x00, 0x6A }
#define GNUTLS_DHE_RSA_AES_256_CBC_SHA1 { 0x00, 0x39 }
/* rfc4132 */
-#ifdef ENABLE_CAMELLIA
#define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x45 }
#define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 }
-#endif
#define GNUTLS_DHE_RSA_AES_128_CBC_SHA256 { 0x00, 0x67 }
#define GNUTLS_DHE_RSA_AES_256_CBC_SHA256 { 0x00, 0x6B }
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_VERSION_MAX, 1),
-#ifdef ENABLE_CAMELLIA
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_128_CBC,
GNUTLS_KX_ANON_DH,
GNUTLS_KX_ANON_DH,
GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_VERSION_MAX, 1),
-#endif
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA256,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_VERSION_MAX, 1),
-#ifdef ENABLE_CAMELLIA
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_128_CBC,
GNUTLS_KX_DHE_DSS,
GNUTLS_KX_DHE_DSS,
GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_VERSION_MAX, 1),
-#endif
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_VERSION_MAX, 1),
-#ifdef ENABLE_CAMELLIA
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_128_CBC,
GNUTLS_KX_DHE_RSA,
GNUTLS_KX_DHE_RSA,
GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_VERSION_MAX, 1),
-#endif
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
GNUTLS_MAC_SHA1, GNUTLS_SSL3,
GNUTLS_VERSION_MAX, 1),
-#ifdef ENABLE_CAMELLIA
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_VERSION_MAX, 1),
-#endif
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256,
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
GCRY_CIPHER_MODE_CBC, 0);
break;
-#ifdef ENABLE_CAMELLIA
case GNUTLS_CIPHER_CAMELLIA_128_CBC:
err =
gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA128,
gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA256,
GCRY_CIPHER_MODE_CBC, 0);
break;
-#endif
default:
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
#include <nettle/des.h>
#include <nettle/nettle-meta.h>
#include <nettle/cbc.h>
-# ifdef NETTLE_GCM
#include <nettle/gcm.h>
-# endif
/* Functions that refer to the libgcrypt library.
*/
struct arctwo_ctx arctwo;
struct des3_ctx des3;
struct des_ctx des;
-#ifdef NETTLE_GCM
struct gcm_aes_ctx aes_gcm;
-#endif
} ctx;
void *ctx_ptr;
uint8_t iv[MAX_BLOCK_SIZE];
tag_func tag;
};
-#ifdef NETTLE_GCM
#define GCM_DEFAULT_NONCE_SIZE 12
static void _gcm_encrypt(void *_ctx, nettle_crypt_func f,
return gcm_aes_decrypt(_ctx, length, dst, src);
}
-#endif
-
static int
wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx)
{
switch (algo)
{
-#ifdef NETTLE_GCM
case GNUTLS_CIPHER_AES_128_GCM:
case GNUTLS_CIPHER_AES_256_GCM:
ctx->encrypt = _gcm_encrypt;
ctx->ctx_ptr = &ctx->ctx.aes_gcm;
ctx->block_size = AES_BLOCK_SIZE;
break;
-#endif
case GNUTLS_CIPHER_CAMELLIA_128_CBC:
case GNUTLS_CIPHER_CAMELLIA_256_CBC:
ctx->encrypt = cbc_encrypt;
switch (ctx->algo)
{
-#ifdef NETTLE_GCM
case GNUTLS_CIPHER_AES_128_GCM:
case GNUTLS_CIPHER_AES_256_GCM:
gcm_aes_set_key(&ctx->ctx.aes_gcm, keysize, key);
break;
-#endif
case GNUTLS_CIPHER_AES_128_CBC:
case GNUTLS_CIPHER_AES_192_CBC:
case GNUTLS_CIPHER_AES_256_CBC:
switch (ctx->algo)
{
-#ifdef NETTLE_GCM
case GNUTLS_CIPHER_AES_128_GCM:
case GNUTLS_CIPHER_AES_256_GCM:
if (ivsize != GCM_DEFAULT_NONCE_SIZE)
gcm_aes_set_iv(&ctx->ctx.aes_gcm, GCM_DEFAULT_NONCE_SIZE, iv);
break;
-#endif
default:
if (ivsize > ctx->block_size)
{
AC_MSG_CHECKING([whether to use nettle])
if test "$cryptolib" = "nettle";then
AC_MSG_RESULT(yes)
- AC_LIB_HAVE_LINKFLAGS([nettle],, [#include <nettle/aes.h>],
- [nettle_aes_invert_key (0, 0)])
+ AC_LIB_HAVE_LINKFLAGS([nettle], [hogweed gmp], [#include <nettle/gcm.h>],
+ [gcm_set_iv (0, 0, 0, 0)])
if test "$ac_cv_libnettle" != yes; then
AC_MSG_ERROR([[
***
- *** Libnettle 2.1 was not found.
+ *** Libnettle 2.2 was not found.
]])
fi
- AC_TRY_COMPILE(,
- [
- #include <nettle/gcm.h>
- gcm_set_nonce(0, 0, 0);
- return 0;
- ], [
- AC_DEFINE([NETTLE_GCM], 1, [Nettle supports GCM])
- ], [
- ])
- NETTLE_LIBS="-lgmp -lhogweed"
else
AC_MSG_RESULT(no)
fi
- AC_SUBST(NETTLE_LIBS)
AM_CONDITIONAL(ENABLE_NETTLE, test "$cryptolib" = "nettle")
AC_ARG_WITH(included-libtasn1,
fi
AM_CONDITIONAL(ENABLE_ANON, test "$ac_enable_anon" != "no")
- # Allow disabling Camellia
- if test "$nettle" != "yes";then
- AC_ARG_ENABLE(camellia,
- AS_HELP_STRING([--disable-camellia], [disable Camellia cipher]),
- enable_camellia=$enableval, enable_camellia=yes)
- else
- enable_camellia=no
- fi
-
- AC_MSG_CHECKING([whether to disable Camellia cipher])
- if test "$enable_camellia" != "no"; then
- AC_MSG_RESULT([no])
- AC_DEFINE([ENABLE_CAMELLIA], 1, [enable camellia block cipher])
- else
- AC_MSG_RESULT([yes])
- fi
-
AC_MSG_CHECKING([whether to disable extra PKI stuff])
AC_ARG_ENABLE(extra-pki,
AS_HELP_STRING([--disable-extra-pki],