Add MAC api to support copying of instances

GOST ciphersuites requires continuously computing MAC of all the
previously sent or received data. The easies way to support that is to
add support for copy function, that creates MAC instance with the same
internal state.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h
index f2fbba947de7a9f28c8f81931233cf00bf288fa5..f91a5387d10dbfa585ae92cd1e32dd073a70ba05 100644 (file)
--- a/lib/crypto-backend.h
+++ b/lib/crypto-backend.h
@@ -55,6 +55,7 @@ typedef struct {
        gnutls_mac_output_func output;
        gnutls_mac_deinit_func deinit;
        gnutls_mac_fast_func fast;
+       gnutls_mac_copy_func copy;
 
        /* Not needed for registered on run-time. Only included
         * should define it. */

diff --git a/lib/hash_int.c b/lib/hash_int.c
index fbc56b4333b407478945540e18aad251aaa2446c..61e24d53750d36b13936302ed700d7e546655fee 100644 (file)
--- a/lib/hash_int.c
+++ b/lib/hash_int.c
@@ -225,6 +225,7 @@ _gnutls_mac_init(mac_hd_st * mac, const mac_entry_st * e,
                mac->setnonce = cc->setnonce;
                mac->output = cc->output;
                mac->deinit = cc->deinit;
+               mac->copy = cc->copy;
 
                return 0;
        }
@@ -239,6 +240,7 @@ _gnutls_mac_init(mac_hd_st * mac, const mac_entry_st * e,
        mac->setnonce = _gnutls_mac_ops.setnonce;
        mac->output = _gnutls_mac_ops.output;
        mac->deinit = _gnutls_mac_ops.deinit;
+       mac->copy = _gnutls_mac_ops.copy;
 
        if (_gnutls_mac_ops.setkey(mac->handle, key, keylen) < 0) {
                gnutls_assert();
@@ -249,6 +251,20 @@ _gnutls_mac_init(mac_hd_st * mac, const mac_entry_st * e,
        return 0;
 }
 
+int _gnutls_mac_copy(const mac_hd_st * handle, mac_hd_st * dst)
+{
+       if (handle->copy == NULL)
+               return gnutls_assert_val(GNUTLS_E_HASH_FAILED);
+
+       *dst = *handle; /* copy data */
+       dst->handle = handle->copy(handle->handle);
+
+       if (dst->handle == NULL)
+               return GNUTLS_E_HASH_FAILED;
+
+       return 0;
+}
+
 void _gnutls_mac_deinit(mac_hd_st * handle, void *digest)
 {
        if (handle->handle == NULL) {

diff --git a/lib/hash_int.h b/lib/hash_int.h
index 52fb2b01f055c81db5fcddad03d54fe565704617..8e3154daa6ad77e85b9269eafff39d73446f966a 100644 (file)
--- a/lib/hash_int.h
+++ b/lib/hash_int.h
@@ -41,6 +41,7 @@ typedef int (*nonce_func) (void *handle, const void *text, size_t size);
 typedef int (*output_func) (void *src_ctx, void *digest,
                            size_t digestsize);
 typedef void (*hash_deinit_func) (void *handle);
+typedef void *(*copy_func) (const void *handle);
 
 typedef struct {
        const mac_entry_st *e;
@@ -62,6 +63,7 @@ typedef struct {
        nonce_func setnonce;
        output_func output;
        hash_deinit_func deinit;
+       copy_func copy;
 
        void *handle;
 } mac_hd_st;
@@ -73,6 +75,8 @@ int _gnutls_mac_exists(gnutls_mac_algorithm_t algorithm);
 int _gnutls_mac_init(mac_hd_st *, const mac_entry_st * e,
                     const void *key, int keylen);
 
+int _gnutls_mac_copy(const mac_hd_st * handle, mac_hd_st * dst);
+
 int _gnutls_mac_fast(gnutls_mac_algorithm_t algorithm, const void *key,
                     int keylen, const void *text, size_t textlen,
                     void *digest);

diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h
index 93a157857ccd3a046787c4f684daba3b2fa5da67..640924bed5f107a467003a800de95f4ee62152a1 100644 (file)
--- a/lib/includes/gnutls/crypto.h
+++ b/lib/includes/gnutls/crypto.h
@@ -208,6 +208,7 @@ typedef void (*gnutls_mac_deinit_func) (void *ctx);
 typedef int (*gnutls_mac_fast_func) (gnutls_mac_algorithm_t, const void *nonce,
                     size_t nonce_size, const void *key, size_t keysize,
                     const void *text, size_t textsize, void *digest);
+typedef void *(*gnutls_mac_copy_func) (const void *ctx);
 
 int
 gnutls_crypto_register_mac(gnutls_mac_algorithm_t mac,