From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Mon, 25 Sep 2017 08:44:43 +0000 (+0200)
Subject: crypto-api: introduce internal version of AEAD API
X-Git-Tag: gnutls_3_6_3~392
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=2eef509ce5f2d250f8dcaeffa46444dd2b694e91;p=thirdparty%2Fgnutls.git

crypto-api: introduce internal version of AEAD API

This allows to initialize the TLS 1.3 connection state without
additional allocations as required by the external API.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---

diff --git a/lib/Makefile.am b/lib/Makefile.am
index 9134014273..c75177774d 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -74,7 +74,7 @@ COBJECTS = range.c record.c compress.c debug.c cipher.c gthreads.h handshake-tls
 	system/certs.c system/threads.c system/fastopen.c system/sockets.c	\
 	system/inet_ntop.c str-iconv.c system/vasprintf.c vasprintf.h system.c \
 	str.c str-unicode.c str-idna.c state.c x509.c file.c supplemental.c	\
-	random.c crypto-api.c privkey.c pcert.c	pubkey.c locks.c dtls.c		\
+	random.c crypto-api.c crypto-api.h privkey.c pcert.c pubkey.c locks.c dtls.c \
 	system_override.c crypto-backend.c verify-tofu.c pin.c tpm.c fips.c	\
 	safe-memfuncs.c system/inet_pton.c atfork.c atfork.h randomart.c \
 	system-keys.h urls.c urls.h prf.c auto-verify.c dh-session.c \
diff --git a/lib/cipher.c b/lib/cipher.c
index a380a71d75..4f81425e94 100644
--- a/lib/cipher.c
+++ b/lib/cipher.c
@@ -471,7 +471,7 @@ encrypt_packet_tls13(gnutls_session_t session,
 	if (min_pad)
 		memset(&fdata[plain->size+1], 0, min_pad);
 
-	ret = gnutls_aead_cipher_encrypt(params->write.ctx.aead,
+	ret = gnutls_aead_cipher_encrypt(&params->write.ctx.aead,
 					 nonce, iv_size,
 					 NULL, 0,
 					 tag_size,
@@ -921,7 +921,7 @@ decrypt_packet_tls13(gnutls_session_t session,
 		    gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
 	}
 
-	ret = gnutls_aead_cipher_decrypt(params->read.ctx.aead,
+	ret = gnutls_aead_cipher_decrypt(&params->read.ctx.aead,
 					 nonce, iv_size,
 					 NULL, 0,
 					 tag_size,
diff --git a/lib/constate.c b/lib/constate.c
index 161c9b3fb4..1e6862e06a 100644
--- a/lib/constate.c
+++ b/lib/constate.c
@@ -38,6 +38,7 @@
 #include "dtls.h"
 #include "secrets.h"
 #include "handshake.h"
+#include "crypto-api.h"
 
 static const char keyexp[] = "key expansion";
 static const int keyexp_length = sizeof(keyexp) - 1;
@@ -743,7 +744,7 @@ static inline void free_record_state(record_state_st * state)
 	_gnutls_free_datum(&state->key);
 
 	if (state->is_aead)
-		gnutls_aead_cipher_deinit(state->ctx.aead);
+		_gnutls_aead_cipher_deinit(&state->ctx.aead);
 	else
 		_gnutls_auth_cipher_deinit(&state->ctx.tls12);
 }
@@ -785,12 +786,12 @@ _tls13_init_record_state(record_parameters_st * params)
 {
 	int ret;
 
-	ret = gnutls_aead_cipher_init(&params->read.ctx.aead,
+	ret = _gnutls_aead_cipher_init(&params->read.ctx.aead,
 				       params->cipher->id, &params->read.key);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
 
-	ret = gnutls_aead_cipher_init(&params->write.ctx.aead,
+	ret = _gnutls_aead_cipher_init(&params->write.ctx.aead,
 				       params->cipher->id, &params->write.key);
 	if (ret < 0)
 		return gnutls_assert_val(ret);
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
index a3c872d0ec..841eb8c541 100644
--- a/lib/crypto-api.c
+++ b/lib/crypto-api.c
@@ -30,6 +30,7 @@
 #include <random.h>
 #include <crypto.h>
 #include <fips.h>
+#include "crypto-api.h"
 
 typedef struct api_cipher_hd_st {
 	cipher_hd_st ctx_enc;
@@ -623,9 +624,6 @@ int gnutls_key_generate(gnutls_datum_t * key, unsigned int key_size)
 }
 
 /* AEAD API */
-typedef struct api_aead_cipher_hd_st {
-	cipher_hd_st ctx_enc;
-} api_aead_cipher_hd_st;
 
 /**
  * gnutls_aead_cipher_init:
@@ -648,7 +646,6 @@ int gnutls_aead_cipher_init(gnutls_aead_cipher_hd_t *handle,
 {
 	api_aead_cipher_hd_st *h;
 	const cipher_entry_st *e;
-	int ret;
 
 	if (is_cipher_algo_forbidden(cipher))
 		return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM);
@@ -665,14 +662,7 @@ int gnutls_aead_cipher_init(gnutls_aead_cipher_hd_t *handle,
 
 	h = *handle;
 
-	ret =
-	    _gnutls_cipher_init(&h->ctx_enc, e, key,
-				NULL, 1);
-	if (ret < 0) {
-		gnutls_free(*handle);
-		*handle = NULL;
-	}
-	return ret;
+	return _gnutls_aead_cipher_init(h, cipher, key);
 }
 
 /**
@@ -798,8 +788,6 @@ gnutls_aead_cipher_encrypt(gnutls_aead_cipher_hd_t handle,
  **/
 void gnutls_aead_cipher_deinit(gnutls_aead_cipher_hd_t handle)
 {
-	api_aead_cipher_hd_st *h = handle;
-
-	_gnutls_cipher_deinit(&h->ctx_enc);
+	_gnutls_aead_cipher_deinit(handle);
 	gnutls_free(handle);
 }
diff --git a/lib/crypto-api.h b/lib/crypto-api.h
new file mode 100644
index 0000000000..e02397d925
--- /dev/null
+++ b/lib/crypto-api.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2000-2016 Free Software Foundation, Inc.
+ * Copyright (C) 2016-2017 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+#ifndef CRYPTO_API_H
+# define CRYPTO_API_H
+
+#include <gnutls_int.h>
+
+inline static
+int _gnutls_aead_cipher_init(gnutls_aead_cipher_hd_t handle,
+			     gnutls_cipher_algorithm_t cipher,
+			     const gnutls_datum_t * key)
+{
+	const cipher_entry_st* e;
+
+	e = cipher_to_entry(cipher);
+	if (e == NULL || e->type != CIPHER_AEAD)
+		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+	return
+	    _gnutls_cipher_init(&handle->ctx_enc, e, key,
+				NULL, 1);
+}
+
+inline static
+void _gnutls_aead_cipher_deinit(gnutls_aead_cipher_hd_t handle)
+{
+	api_aead_cipher_hd_st *h = handle;
+
+	_gnutls_cipher_deinit(&h->ctx_enc);
+}
+
+#endif
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 21aa56bafe..c59cbdb0f6 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -669,13 +669,17 @@ typedef struct {
 	const version_entry_st *pversion;
 } security_parameters_st;
 
+typedef struct api_aead_cipher_hd_st {
+	cipher_hd_st ctx_enc;
+} api_aead_cipher_hd_st;
+
 struct record_state_st {
 	gnutls_datum_t mac_secret;
 	gnutls_datum_t IV;
 	gnutls_datum_t key;
 	union {
 		auth_cipher_hd_st tls12;
-		gnutls_aead_cipher_hd_t aead;
+		api_aead_cipher_hd_st aead;
 	} ctx;
 	unsigned aead_tag_size;
 	unsigned is_aead;