From: Nikos Mavrogiannopoulos Date: Wed, 6 Nov 2013 16:36:48 +0000 (+0100) Subject: separated the TLS IV size and the cipher IV size. X-Git-Tag: gnutls_3_2_7~102 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f91850c0c1fc345bb4dfaa0266141d85ddfd7b07;p=thirdparty%2Fgnutls.git separated the TLS IV size and the cipher IV size. --- diff --git a/lib/algorithms.h b/lib/algorithms.h index a4675cd262..e2c89e4941 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -193,7 +193,7 @@ _gnutls_cipher_get_block_size (const cipher_entry_st* e) } inline static int -_gnutls_cipher_get_iv_size (const cipher_entry_st* e) +_gnutls_cipher_get_implicit_iv_size (const cipher_entry_st* e) { if (unlikely(e==NULL)) return 0; diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c index 48b4031452..2d57933e7a 100644 --- a/lib/algorithms/ciphers.c +++ b/lib/algorithms/ciphers.c @@ -34,46 +34,46 @@ * Make sure to update MAX_CIPHER_BLOCK_SIZE and MAX_CIPHER_KEY_SIZE as well. */ static const cipher_entry_st algorithms[] = { - {"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK, 16, 0}, - {"AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC, 16, 24, CIPHER_BLOCK, 16, 0}, - {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK, 16, 0}, - {"AES-128-GCM", GNUTLS_CIPHER_AES_128_GCM, 16, 16, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 1}, - {"AES-256-GCM", GNUTLS_CIPHER_AES_256_GCM, 16, 32, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 1}, - {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0}, - {"ESTREAM-SALSA20-256", GNUTLS_CIPHER_ESTREAM_SALSA20_256, 64, 32, CIPHER_STREAM, 8, 0}, - {"SALSA20-256", GNUTLS_CIPHER_SALSA20_256, 64, 32, CIPHER_STREAM, 8, 0}, + {"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK, 16, 16, 0}, + {"AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC, 16, 24, CIPHER_BLOCK, 16, 16, 0}, + {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK, 16, 16, 0}, + {"AES-128-GCM", GNUTLS_CIPHER_AES_128_GCM, 16, 16, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1}, + {"AES-256-GCM", GNUTLS_CIPHER_AES_256_GCM, 16, 32, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1}, + {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0, 0}, + {"ESTREAM-SALSA20-256", GNUTLS_CIPHER_ESTREAM_SALSA20_256, 64, 32, CIPHER_STREAM, 8, 8, 0}, + {"SALSA20-256", GNUTLS_CIPHER_SALSA20_256, 64, 32, CIPHER_STREAM, 8, 8, 0}, {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK, - 16, 0}, + 16, 16, 0}, {"CAMELLIA-192-CBC", GNUTLS_CIPHER_CAMELLIA_192_CBC, 16, 24, CIPHER_BLOCK, - 16, 0}, + 16, 16, 0}, {"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16, CIPHER_BLOCK, - 16, 0}, - {"CAMELLIA-128-GCM", GNUTLS_CIPHER_CAMELLIA_128_GCM, 16, 16, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 1}, - {"CAMELLIA-256-GCM", GNUTLS_CIPHER_CAMELLIA_256_GCM, 16, 32, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 1}, - {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 0}, - {"DES-CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 0}, - {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 0}, - {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 0}, + 16, 16, 0}, + {"CAMELLIA-128-GCM", GNUTLS_CIPHER_CAMELLIA_128_GCM, 16, 16, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1}, + {"CAMELLIA-256-GCM", GNUTLS_CIPHER_CAMELLIA_256_GCM, 16, 32, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1}, + {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 8, 0}, + {"DES-CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 8, 0}, + {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 0, 0}, + {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 8, 0}, #ifdef ENABLE_OPENPGP - {"IDEA-PGP-CFB", GNUTLS_CIPHER_IDEA_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 0}, - {"3DES-PGP-CFB", GNUTLS_CIPHER_3DES_PGP_CFB, 8, 24, CIPHER_BLOCK, 8, 0}, - {"CAST5-PGP-CFB", GNUTLS_CIPHER_CAST5_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 0}, + {"IDEA-PGP-CFB", GNUTLS_CIPHER_IDEA_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 8, 0}, + {"3DES-PGP-CFB", GNUTLS_CIPHER_3DES_PGP_CFB, 8, 24, CIPHER_BLOCK, 8, 8, 0}, + {"CAST5-PGP-CFB", GNUTLS_CIPHER_CAST5_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 8, 0}, {"BLOWFISH-PGP-CFB", GNUTLS_CIPHER_BLOWFISH_PGP_CFB, 8, - 16 /*actually unlimited */ , CIPHER_BLOCK, 8, 0}, + 16 /*actually unlimited */ , CIPHER_BLOCK, 8, 8, 0}, {"SAFER-SK128-PGP-CFB", GNUTLS_CIPHER_SAFER_SK128_PGP_CFB, 8, 16, - CIPHER_BLOCK, 8, 0}, + CIPHER_BLOCK, 8, 8, 0}, {"AES-128-PGP-CFB", GNUTLS_CIPHER_AES128_PGP_CFB, 16, 16, CIPHER_BLOCK, 16, - 0}, + 16, 0}, {"AES-192-PGP-CFB", GNUTLS_CIPHER_AES192_PGP_CFB, 16, 24, CIPHER_BLOCK, 16, - 0}, + 16, 0}, {"AES-256-PGP-CFB", GNUTLS_CIPHER_AES256_PGP_CFB, 16, 32, CIPHER_BLOCK, 16, - 0}, + 16, 0}, {"TWOFISH-PGP-CFB", GNUTLS_CIPHER_TWOFISH_PGP_CFB, 16, 16, CIPHER_BLOCK, 16, - 0}, + 16, 0}, #endif - {"NULL", GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0, 0}, - {0, 0, 0, 0, 0, 0} + {"NULL", GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0, 0, 0}, + {0, 0, 0, 0, 0, 0, 0} }; #define GNUTLS_CIPHER_LOOP(b) \ @@ -137,7 +137,7 @@ int gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm) { size_t ret = 0; - GNUTLS_ALG_LOOP (ret = p->iv); + GNUTLS_ALG_LOOP (ret = p->cipher_iv); return ret; } diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index eeda3394f3..1586f7e33f 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -328,7 +328,7 @@ compressed_to_ciphertext (gnutls_session_t session, if (unlikely(ver == NULL)) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - iv_size = _gnutls_cipher_get_iv_size(params->cipher); + iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher); _gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n", session, _gnutls_cipher_get_name(params->cipher), _gnutls_mac_get_name(params->mac), @@ -464,7 +464,7 @@ compressed_to_ciphertext_new (gnutls_session_t session, if (unlikely(ver == NULL)) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - iv_size = _gnutls_cipher_get_iv_size(params->cipher); + iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher); _gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n", session, _gnutls_cipher_get_name(params->cipher), _gnutls_mac_get_name(params->mac), @@ -672,7 +672,7 @@ ciphertext_to_compressed (gnutls_session_t session, if (unlikely(ver == NULL)) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - iv_size = _gnutls_cipher_get_iv_size(params->cipher); + iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher); blocksize = _gnutls_cipher_get_block_size (params->cipher); /* actual decryption (inplace) @@ -874,7 +874,7 @@ ciphertext_to_compressed_new (gnutls_session_t restrict session, if (unlikely(ver == NULL)) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - iv_size = _gnutls_cipher_get_iv_size(params->cipher); + iv_size = _gnutls_cipher_get_implicit_iv_size(params->cipher); blocksize = _gnutls_cipher_get_block_size (params->cipher); /* actual decryption (inplace) diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index 18c93541b8..a7c2d636a9 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -337,7 +337,7 @@ _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch) if (_gnutls_compression_is_ok (comp_algo) != 0) return gnutls_assert_val (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM); - IV_size = _gnutls_cipher_get_iv_size (params->cipher); + IV_size = _gnutls_cipher_get_implicit_iv_size (params->cipher); key_size = _gnutls_cipher_get_key_size (params->cipher); hash_size = _gnutls_mac_get_key_size (params->mac); diff --git a/lib/gnutls_dtls.c b/lib/gnutls_dtls.c index 009b63cd2d..64bf54a5d6 100644 --- a/lib/gnutls_dtls.c +++ b/lib/gnutls_dtls.c @@ -590,7 +590,7 @@ int t, ret; if (_gnutls_cipher_is_block (cipher) == CIPHER_BLOCK) { - t = _gnutls_cipher_get_iv_size(cipher); + t = _gnutls_cipher_get_implicit_iv_size(cipher); total += t; /* padding */ diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index f3974c46ad..2bda56f0fc 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -457,7 +457,8 @@ typedef struct cipher_entry_st uint16_t blocksize; uint16_t keysize; unsigned block:1; - uint16_t iv; /* the size of IV */ + uint16_t iv; /* the size of implicit IV - TLS related */ + uint16_t cipher_iv; /* the size of IV needed by the cipher */ unsigned aead:1; /* Whether it is authenc cipher */ } cipher_entry_st;