cipher: replace several bools with single flags instance

Replace bools in cipher_entry_st with flags field.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c
index aab370812899f7c2c1d1502deadd1ab2204652fb..fd47c13b6653dfed66e411770de1e0cedf68849e 100644 (file)
--- a/lib/algorithms/ciphers.c
+++ b/lib/algorithms/ciphers.c
@@ -86,7 +86,7 @@ static const cipher_entry_st algorithms[] = {
          .implicit_iv = 4,
          .explicit_iv = 8,
          .cipher_iv = 12,
-         .only_aead = 1,
+         .flags = GNUTLS_CIPHER_FLAG_ONLY_AEAD,
          .tagsize = 16},
        { .name = "AES-256-CCM",
          .id = GNUTLS_CIPHER_AES_256_CCM,
@@ -96,7 +96,7 @@ static const cipher_entry_st algorithms[] = {
          .implicit_iv = 4,
          .explicit_iv = 8,
          .cipher_iv = 12,
-         .only_aead = 1,
+         .flags = GNUTLS_CIPHER_FLAG_ONLY_AEAD,
          .tagsize = 16},
        { .name = "AES-128-CCM-8",
          .id = GNUTLS_CIPHER_AES_128_CCM_8,
@@ -106,7 +106,7 @@ static const cipher_entry_st algorithms[] = {
          .implicit_iv = 4,
          .explicit_iv = 8,
          .cipher_iv = 12,
-         .only_aead = 1,
+         .flags = GNUTLS_CIPHER_FLAG_ONLY_AEAD,
          .tagsize = 8},
        { .name = "AES-256-CCM-8",
          .id = GNUTLS_CIPHER_AES_256_CCM_8,
@@ -116,7 +116,7 @@ static const cipher_entry_st algorithms[] = {
          .implicit_iv = 4,
          .explicit_iv = 8,
          .cipher_iv = 12,
-         .only_aead = 1,
+         .flags = GNUTLS_CIPHER_FLAG_ONLY_AEAD,
          .tagsize = 8},
        { .name = "ARCFOUR-128",
          .id = GNUTLS_CIPHER_ARCFOUR_128,
@@ -164,10 +164,9 @@ static const cipher_entry_st algorithms[] = {
          .type = CIPHER_AEAD,
          .implicit_iv = 12,
          .explicit_iv = 0,
-         .xor_nonce = 1,
-         .cipher_iv = 12,
          /* in chacha20 we don't need a rekey after 2^24 messages */
-         .no_rekey = 1,
+         .flags = GNUTLS_CIPHER_FLAG_XOR_NONCE | GNUTLS_CIPHER_FLAG_NO_REKEY,
+         .cipher_iv = 12,
          .tagsize = 16
        },
        { .name = "CAMELLIA-128-GCM",

diff --git a/lib/cipher.c b/lib/cipher.c
index 679a5807c183cda3bfa2247174291223f020c69c..b69a228db5dda674b9c009259c80bb756004b5bd 100644 (file)
--- a/lib/cipher.c
+++ b/lib/cipher.c
@@ -332,7 +332,7 @@ encrypt_packet(gnutls_session_t session,
                        cipher_data += blocksize;
                }
        } else { /* AEAD */
-               if (params->cipher->xor_nonce == 0) {
+               if ((params->cipher->flags & GNUTLS_CIPHER_FLAG_XOR_NONCE) == 0) {
                        /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block
                         */
                         if (params->write.iv_size != imp_iv_size)
@@ -602,7 +602,7 @@ decrypt_packet(gnutls_session_t session,
                if (unlikely(ciphertext->size < (tag_size + exp_iv_size)))
                        return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
 
-               if (params->cipher->xor_nonce == 0) {
+               if ((params->cipher->flags & GNUTLS_CIPHER_FLAG_XOR_NONCE) == 0) {
                        /* Values in AEAD are pretty fixed in TLS 1.2 for 128-bit block
                         */
                         if (unlikely(params->read.iv_size != 4))

diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index 7308d7e7bbbe50f403db8f513cbab13e0b5ac7fc..d3e809456324d39ba8ebb0de5804f43798cbbc2c 100644 (file)
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -67,7 +67,7 @@ gnutls_cipher_init(gnutls_cipher_hd_t * handle,
                return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
 
        e = cipher_to_entry(cipher);
-       if (e == NULL || e->only_aead)
+       if (e == NULL || (e->flags & GNUTLS_CIPHER_FLAG_ONLY_AEAD))
                return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
        *handle = gnutls_calloc(1, sizeof(api_cipher_hd_st));
@@ -1006,7 +1006,7 @@ gnutls_aead_cipher_encryptv(gnutls_aead_cipher_hd_t handle,
        else if (tag_size > (unsigned)_gnutls_cipher_get_tag_size(h->ctx_enc.e))
                return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
-       if (handle->ctx_enc.e->only_aead || handle->ctx_enc.encrypt == NULL) {
+       if ((handle->ctx_enc.e->flags & GNUTLS_CIPHER_FLAG_ONLY_AEAD) || handle->ctx_enc.encrypt == NULL) {
                /* ciphertext cannot be produced in a piecemeal approach */
                struct iov_store_st auth;
                struct iov_store_st ptext;
@@ -1130,7 +1130,7 @@ gnutls_aead_cipher_encryptv2(gnutls_aead_cipher_hd_t handle,
         * AEAD ciphers. When an AEAD cipher is used registered with gnutls_crypto_register_aead_cipher(),
         * then this becomes a convenience function as it missed the lower-level primitives
         * necessary for piecemeal encryption. */
-       if (handle->ctx_enc.e->only_aead || handle->ctx_enc.encrypt == NULL) {
+       if ((handle->ctx_enc.e->flags & GNUTLS_CIPHER_FLAG_ONLY_AEAD) || handle->ctx_enc.encrypt == NULL) {
                /* ciphertext cannot be produced in a piecemeal approach */
                struct iov_store_st auth;
                struct iov_store_st ptext;
@@ -1274,7 +1274,7 @@ gnutls_aead_cipher_decryptv2(gnutls_aead_cipher_hd_t handle,
         * AEAD ciphers. When an AEAD cipher is used registered with gnutls_crypto_register_aead_cipher(),
         * then this becomes a convenience function as it missed the lower-level primitives
         * necessary for piecemeal encryption. */
-       if (handle->ctx_enc.e->only_aead || handle->ctx_enc.encrypt == NULL) {
+       if ((handle->ctx_enc.e->flags & GNUTLS_CIPHER_FLAG_ONLY_AEAD) || handle->ctx_enc.encrypt == NULL) {
                /* ciphertext cannot be produced in a piecemeal approach */
                struct iov_store_st auth;
                struct iov_store_st ctext;

diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 7f7b6a7c970b4f1eaad85afcd4a01320f85a4591..33c2318030653dfa98f28bafc740dd738db50fab 100644 (file)
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -645,6 +645,10 @@ typedef struct record_state_st record_state_st;
 struct record_parameters_st;
 typedef struct record_parameters_st record_parameters_st;
 
+#define GNUTLS_CIPHER_FLAG_ONLY_AEAD   (1 << 0) /* When set, this cipher is only available through the new AEAD API */
+#define GNUTLS_CIPHER_FLAG_XOR_NONCE   (1 << 1) /* In this TLS AEAD cipher xor the implicit_iv with the nonce */
+#define GNUTLS_CIPHER_FLAG_NO_REKEY    (1 << 2) /* whether this tls1.3 cipher doesn't need to rekey after 2^24 messages */
+
 /* cipher and mac parameters */
 typedef struct cipher_entry_st {
        const char *name;
@@ -656,9 +660,7 @@ typedef struct cipher_entry_st {
        uint16_t explicit_iv;   /* the size of explicit IV - the IV stored in record */
        uint16_t cipher_iv;     /* the size of IV needed by the cipher */
        uint16_t tagsize;
-       bool xor_nonce; /* In this TLS AEAD cipher xor the implicit_iv with the nonce */
-       bool only_aead; /* When set, this cipher is only available through the new AEAD API */
-       bool no_rekey; /* whether this tls1.3 cipher doesn't need to rekey after 2^24 messages */
+       unsigned flags;
 } cipher_entry_st;
 
 typedef struct gnutls_cipher_suite_entry_st {

diff --git a/lib/record.c b/lib/record.c
index 5105c13fdd71b9c31f31cc8d35db0fd27751c6f0..ced217c245f20b02631d774667286538e5a78612 100644 (file)
--- a/lib/record.c
+++ b/lib/record.c
@@ -584,7 +584,7 @@ _gnutls_send_tlen_int(gnutls_session_t session, content_type_t type,
             (int) cipher_size);
 
        if (vers->tls13_sem && !(session->internals.flags & GNUTLS_NO_AUTO_REKEY) &&
-           !(record_params->cipher->no_rekey)) {
+           !(record_params->cipher->flags & GNUTLS_CIPHER_FLAG_NO_REKEY)) {
                if (unlikely(record_state->sequence_number.i[7] == 0xfd &&
                    record_state->sequence_number.i[6] == 0xff &&
                    record_state->sequence_number.i[5] == 0xff)) {