diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-06-02 04:19:47 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-06-02 04:22:35 +0200 |
| commit | 82ad8cac4b23990bef76be1de4e0a1740b59241c (patch) | |
| tree | 2706de9dc2eb83304c6c1543b565b5e865fe49a7 | |
| parent | 67b80d69ebe910c47f993cb0e6240c3e5115deab (diff) | |
| download | gnutls-82ad8cac4b23990bef76be1de4e0a1740b59241c.tar.gz | |
gnutls/crypto.h no longer includes functions to register ciphers.
Thus the following functions
- gnutls_crypto_bigint_register
- gnutls_crypto_cipher_register
- gnutls_crypto_digest_register
- gnutls_crypto_mac_register
- gnutls_crypto_pk_register
- gnutls_crypto_rnd_register
- gnutls_crypto_single_cipher_register
- gnutls_crypto_single_digest_register
- gnutls_crypto_single_mac_register
are only available internally via crypto-backend.h.
| -rw-r--r-- | NEWS | 9 | ||||
| -rw-r--r-- | lib/Makefile.am | 7 | ||||
| -rw-r--r-- | lib/auth/psk_passwd.c | 2 | ||||
| -rw-r--r-- | lib/auth/rsa.c | 4 | ||||
| -rw-r--r-- | lib/auth/rsa_export.c | 2 | ||||
| -rw-r--r-- | lib/auth/srp_passwd.c | 6 | ||||
| -rw-r--r-- | lib/crypto-api.c | 2 | ||||
| -rw-r--r-- | lib/crypto-backend.c (renamed from lib/crypto.c) | 146 | ||||
| -rw-r--r-- | lib/crypto-backend.h | 295 | ||||
| -rw-r--r-- | lib/ext/session_ticket.c | 2 | ||||
| -rw-r--r-- | lib/gnutls_cipher.c | 4 | ||||
| -rw-r--r-- | lib/gnutls_cipher_int.h | 1 | ||||
| -rw-r--r-- | lib/gnutls_handshake.c | 4 | ||||
| -rw-r--r-- | lib/gnutls_hash_int.h | 1 | ||||
| -rw-r--r-- | lib/gnutls_mpi.c | 2 | ||||
| -rw-r--r-- | lib/gnutls_mpi.h | 2 | ||||
| -rw-r--r-- | lib/gnutls_pk.c | 4 | ||||
| -rw-r--r-- | lib/includes/gnutls/crypto.h | 294 | ||||
| -rw-r--r-- | lib/libgnutls.map | 11 | ||||
| -rw-r--r-- | lib/nettle/mpi.c | 6 | ||||
| -rw-r--r-- | lib/nettle/pk.c | 2 | ||||
| -rw-r--r-- | lib/opencdk/misc.c | 2 | ||||
| -rw-r--r-- | lib/pkcs11_secret.c | 2 | ||||
| -rw-r--r-- | lib/random.h | 3 | ||||
| -rw-r--r-- | lib/x509/pkcs12.c | 2 | ||||
| -rw-r--r-- | lib/x509/privkey_pkcs8.c | 6 | ||||
| -rw-r--r-- | libextra/gnutls_openssl.c | 4 | ||||
| -rw-r--r-- | src/psk.c | 2 | ||||
| -rw-r--r-- | src/srptool.c | 2 | ||||
| -rw-r--r-- | tests/Makefile.am | 2 | ||||
| -rw-r--r-- | tests/crypto_rng.c | 84 | ||||
| -rw-r--r-- | tests/rng-fork.c | 5 |
32 files changed, 390 insertions, 530 deletions
@@ -11,6 +11,15 @@ instruction. Uses Andy Polyakov's assembly code. ** libgnutls: Added ECDHE-PSK ciphersuites for TLS (RFC 5489). ** API and ABI modifications: +gnutls_crypto_bigint_register: REMOVED +gnutls_crypto_cipher_register: REMOVED +gnutls_crypto_digest_register: REMOVED +gnutls_crypto_mac_register: REMOVED +gnutls_crypto_pk_register: REMOVED +gnutls_crypto_rnd_register: REMOVED +gnutls_crypto_single_cipher_register: REMOVED +gnutls_crypto_single_digest_register: REMOVED +gnutls_crypto_single_mac_register: REMOVED GNUTLS_KX_ECDHE_PSK: New key exchange method diff --git a/lib/Makefile.am b/lib/Makefile.am index 1110daa605..48bf7528cf 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -71,10 +71,11 @@ COBJECTS = gnutls_record.c gnutls_compress.c debug.c gnutls_cipher.c \ gnutls_mem.c gnutls_ui.c gnutls_sig.c gnutls_ecc.c \ gnutls_dh_primes.c gnutls_alert.c system.c \ gnutls_str.c gnutls_state.c gnutls_x509.c gnutls_rsa_export.c \ - gnutls_helper.c gnutls_supplemental.c crypto.c random.c \ + gnutls_helper.c gnutls_supplemental.c random.c \ crypto-api.c gnutls_privkey.c gnutls_pcert.c \ pkcs11.c pkcs11_privkey.c gnutls_pubkey.c pkcs11_write.c locks.c \ - pkcs11_secret.c hash.c gnutls_dtls.c system_override.c + pkcs11_secret.c hash.c gnutls_dtls.c system_override.c \ + crypto-backend.c if ENABLE_NETTLE @@ -92,7 +93,7 @@ HFILES = abstract_int.h debug.h gnutls_compress.h gnutls_cipher.h \ gnutls_mpi.h gnutls_pk.h gnutls_record.h \ gnutls_constate.h gnutls_global.h gnutls_sig.h gnutls_mem.h \ gnutls_session_pack.h gnutls_str.h \ - gnutls_state.h gnutls_x509.h \ + gnutls_state.h gnutls_x509.h crypto-backend.h \ gnutls_rsa_export.h gnutls_srp.h auth/srp.h auth/srp_passwd.h \ gnutls_helper.h gnutls_supplemental.h crypto.h random.h system.h\ locks.h gnutls_mbuffers.h pkcs11_int.h \ diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c index 71437d5657..f25d988e14 100644 --- a/lib/auth/psk_passwd.c +++ b/lib/auth/psk_passwd.c @@ -109,7 +109,7 @@ _randomize_psk (gnutls_datum_t * psk) psk->size = 16; - ret = _gnutls_rnd (GNUTLS_RND_NONCE, (char *) psk->data, 16); + ret = gnutls_rnd (GNUTLS_RND_NONCE, (char *) psk->data, 16); if (ret < 0) { gnutls_assert (); diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c index f43bab8c1b..cb5cf133ea 100644 --- a/lib/auth/rsa.c +++ b/lib/auth/rsa.c @@ -215,7 +215,7 @@ proc_rsa_client_kx (gnutls_session_t session, opaque * data, /* we do not need strong random numbers here. */ - ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key->key.data, + ret = gnutls_rnd (GNUTLS_RND_NONCE, session->key->key.data, session->key->key.size); if (ret < 0) { @@ -270,7 +270,7 @@ _gnutls_gen_rsa_client_kx (gnutls_session_t session, gnutls_buffer_st* data) return GNUTLS_E_MEMORY_ERROR; } - ret = _gnutls_rnd (GNUTLS_RND_RANDOM, session->key->key.data, + ret = gnutls_rnd (GNUTLS_RND_RANDOM, session->key->key.data, session->key->key.size); if (ret < 0) { diff --git a/lib/auth/rsa_export.c b/lib/auth/rsa_export.c index baa990ff27..18b39a288f 100644 --- a/lib/auth/rsa_export.c +++ b/lib/auth/rsa_export.c @@ -206,7 +206,7 @@ proc_rsa_export_client_kx (gnutls_session_t session, opaque * data, /* we do not need strong random numbers here. */ - ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key->key.data, + ret = gnutls_rnd (GNUTLS_RND_NONCE, session->key->key.data, session->key->key.size); if (ret < 0) { diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c index 84c703a697..b2b1c19382 100644 --- a/lib/auth/srp_passwd.c +++ b/lib/auth/srp_passwd.c @@ -406,7 +406,7 @@ _randomize_pwd_entry (SRP_PWD_ENTRY * entry) return GNUTLS_E_INTERNAL_ERROR; } - ret = _gnutls_rnd (GNUTLS_RND_NONCE, &rnd, 1); + ret = gnutls_rnd (GNUTLS_RND_NONCE, &rnd, 1); if (ret < 0) { gnutls_assert (); @@ -423,7 +423,7 @@ _randomize_pwd_entry (SRP_PWD_ENTRY * entry) return GNUTLS_E_MEMORY_ERROR; } - ret = _gnutls_rnd (GNUTLS_RND_RANDOM, entry->v.data, 20); + ret = gnutls_rnd (GNUTLS_RND_RANDOM, entry->v.data, 20); if (ret < 0) { gnutls_assert (); @@ -437,7 +437,7 @@ _randomize_pwd_entry (SRP_PWD_ENTRY * entry) return GNUTLS_E_MEMORY_ERROR; } - ret = _gnutls_rnd (GNUTLS_RND_NONCE, entry->salt.data, entry->salt.size); + ret = gnutls_rnd (GNUTLS_RND_NONCE, entry->salt.data, entry->salt.size); if (ret < 0) { gnutls_assert (); diff --git a/lib/crypto-api.c b/lib/crypto-api.c index 5e3f5c7fdc..bdf95847c3 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -502,7 +502,7 @@ gnutls_key_generate (gnutls_datum_t * key, unsigned int key_size) return GNUTLS_E_MEMORY_ERROR; } - ret = _gnutls_rnd (GNUTLS_RND_RANDOM, key->data, key->size); + ret = gnutls_rnd (GNUTLS_RND_RANDOM, key->data, key->size); if (ret < 0) { gnutls_assert (); diff --git a/lib/crypto.c b/lib/crypto-backend.c index aa914b0873..df881d9035 100644 --- a/lib/crypto.c +++ b/lib/crypto-backend.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008, 2010 Free Software Foundation, Inc. + * Copyright (C) 2008, 2010, 2011 Free Software Foundation, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -25,6 +25,7 @@ #include <gnutls_errors.h> #include <gnutls_int.h> #include <gnutls/crypto.h> +#include <crypto-backend.h> #include <crypto.h> #include <gnutls_mpi.h> #include <gnutls_pk.h> @@ -146,11 +147,10 @@ _gnutls_crypto_deregister (void) _deregister (&glob_dl); } -/** - * gnutls_crypto_single_cipher_register2: +/*- + * gnutls_crypto_single_cipher_register: * @algorithm: is the gnutls algorithm identifier * @priority: is the priority of the algorithm - * @version: should be set to %GNUTLS_CRYPTO_API_VERSION * @s: is a structure holding new cipher's data * * This function will register a cipher algorithm to be used by @@ -167,18 +167,12 @@ _gnutls_crypto_deregister (void) * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. * * Since: 2.6.0 - **/ + -*/ int -gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t algorithm, - int priority, int version, +gnutls_crypto_single_cipher_register (gnutls_cipher_algorithm_t algorithm, + int priority, const gnutls_crypto_cipher_st * s) { - if (version != GNUTLS_CRYPTO_API_VERSION) - { - gnutls_assert (); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; - } - return _algo_register (&glob_cl, algorithm, priority, s); } @@ -188,10 +182,9 @@ _gnutls_get_crypto_cipher (gnutls_cipher_algorithm_t algo) return _get_algo (&glob_cl, algo); } -/** - * gnutls_crypto_rnd_register2: +/*- + * gnutls_crypto_rnd_register: * @priority: is the priority of the generator - * @version: should be set to %GNUTLS_CRYPTO_API_VERSION * @s: is a structure holding new generator's data * * This function will register a random generator to be used by @@ -208,17 +201,11 @@ _gnutls_get_crypto_cipher (gnutls_cipher_algorithm_t algo) * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. * * Since: 2.6.0 - **/ + -*/ int -gnutls_crypto_rnd_register2 (int priority, int version, +gnutls_crypto_rnd_register (int priority, const gnutls_crypto_rnd_st * s) { - if (version != GNUTLS_CRYPTO_API_VERSION) - { - gnutls_assert (); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; - } - if (crypto_rnd_prio > priority) { memcpy (&_gnutls_rnd_ops, s, sizeof (*s)); @@ -229,11 +216,10 @@ gnutls_crypto_rnd_register2 (int priority, int version, return GNUTLS_E_CRYPTO_ALREADY_REGISTERED; } -/** - * gnutls_crypto_single_mac_register2: +/*- + * gnutls_crypto_single_mac_register: * @algorithm: is the gnutls algorithm identifier * @priority: is the priority of the algorithm - * @version: should be set to %GNUTLS_CRYPTO_API_VERSION * @s: is a structure holding new algorithms's data * * This function will register a MAC algorithm to be used by gnutls. @@ -250,18 +236,12 @@ gnutls_crypto_rnd_register2 (int priority, int version, * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. * * Since: 2.6.0 - **/ + -*/ int -gnutls_crypto_single_mac_register2 (gnutls_mac_algorithm_t algorithm, - int priority, int version, +gnutls_crypto_single_mac_register (gnutls_mac_algorithm_t algorithm, + int priority, const gnutls_crypto_mac_st * s) { - if (version != GNUTLS_CRYPTO_API_VERSION) - { - gnutls_assert (); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; - } - return _algo_register (&glob_ml, algorithm, priority, s); } @@ -271,11 +251,10 @@ _gnutls_get_crypto_mac (gnutls_mac_algorithm_t algo) return _get_algo (&glob_ml, algo); } -/** - * gnutls_crypto_single_digest_register2: +/*- + * gnutls_crypto_single_digest_register: * @algorithm: is the gnutls algorithm identifier * @priority: is the priority of the algorithm - * @version: should be set to %GNUTLS_CRYPTO_API_VERSION * @s: is a structure holding new algorithms's data * * This function will register a digest (hash) algorithm to be used by @@ -292,18 +271,12 @@ _gnutls_get_crypto_mac (gnutls_mac_algorithm_t algo) * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. * * Since: 2.6.0 - **/ + -*/ int -gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t algorithm, - int priority, int version, +gnutls_crypto_single_digest_register (gnutls_digest_algorithm_t algorithm, + int priority, const gnutls_crypto_digest_st * s) { - if (version != GNUTLS_CRYPTO_API_VERSION) - { - gnutls_assert (); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; - } - return _algo_register (&glob_dl, algorithm, priority, s); } @@ -313,10 +286,9 @@ _gnutls_get_crypto_digest (gnutls_digest_algorithm_t algo) return _get_algo (&glob_dl, algo); } -/** - * gnutls_crypto_bigint_register2: +/*- + * gnutls_crypto_bigint_register: * @priority: is the priority of the interface - * @version: should be set to %GNUTLS_CRYPTO_API_VERSION * @s: is a structure holding new interface's data * * This function will register an interface for gnutls to operate @@ -336,17 +308,11 @@ _gnutls_get_crypto_digest (gnutls_digest_algorithm_t algo) * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. * * Since: 2.6.0 - **/ + -*/ int -gnutls_crypto_bigint_register2 (int priority, int version, +gnutls_crypto_bigint_register (int priority, const gnutls_crypto_bigint_st * s) { - if (version != GNUTLS_CRYPTO_API_VERSION) - { - gnutls_assert (); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; - } - if (crypto_bigint_prio > priority) { memcpy (&_gnutls_mpi_ops, s, sizeof (*s)); @@ -357,10 +323,9 @@ gnutls_crypto_bigint_register2 (int priority, int version, return GNUTLS_E_CRYPTO_ALREADY_REGISTERED; } -/** - * gnutls_crypto_pk_register2: +/*- + * gnutls_crypto_pk_register: * @priority: is the priority of the interface - * @version: should be set to %GNUTLS_CRYPTO_API_VERSION * @s: is a structure holding new interface's data * * This function will register an interface for gnutls to operate @@ -380,17 +345,11 @@ gnutls_crypto_bigint_register2 (int priority, int version, * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. * * Since: 2.6.0 - **/ + -*/ int -gnutls_crypto_pk_register2 (int priority, int version, +gnutls_crypto_pk_register (int priority, const gnutls_crypto_pk_st * s) { - if (version != GNUTLS_CRYPTO_API_VERSION) - { - gnutls_assert (); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; - } - if (crypto_pk_prio > priority) { memcpy (&_gnutls_pk_ops, s, sizeof (*s)); @@ -401,10 +360,9 @@ gnutls_crypto_pk_register2 (int priority, int version, return GNUTLS_E_CRYPTO_ALREADY_REGISTERED; } -/** - * gnutls_crypto_cipher_register2: +/*- + * gnutls_crypto_cipher_register: * @priority: is the priority of the cipher interface - * @version: should be set to %GNUTLS_CRYPTO_API_VERSION * @s: is a structure holding new interface's data * * This function will register a cipher interface to be used by @@ -421,17 +379,11 @@ gnutls_crypto_pk_register2 (int priority, int version, * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. * * Since: 2.6.0 - **/ + -*/ int -gnutls_crypto_cipher_register2 (int priority, int version, - const gnutls_crypto_cipher_st * s) +gnutls_crypto_cipher_register (int priority, + const gnutls_crypto_cipher_st * s) { - if (version != GNUTLS_CRYPTO_API_VERSION) - { - gnutls_assert (); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; - } - if (crypto_cipher_prio > priority) { memcpy (&_gnutls_cipher_ops, s, sizeof (*s)); @@ -442,10 +394,9 @@ gnutls_crypto_cipher_register2 (int priority, int version, return GNUTLS_E_CRYPTO_ALREADY_REGISTERED; } -/** - * gnutls_crypto_mac_register2: +/*- + * gnutls_crypto_mac_register: * @priority: is the priority of the mac interface - * @version: should be set to %GNUTLS_CRYPTO_API_VERSION * @s: is a structure holding new interface's data * * This function will register a mac interface to be used by @@ -462,17 +413,11 @@ gnutls_crypto_cipher_register2 (int priority, int version, * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. * * Since: 2.6.0 - **/ + -*/ int -gnutls_crypto_mac_register2 (int priority, int version, +gnutls_crypto_mac_register (int priority, const gnutls_crypto_mac_st * s) { - if (version != GNUTLS_CRYPTO_API_VERSION) - { - gnutls_assert (); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; - } - if (crypto_mac_prio > priority) { memcpy (&_gnutls_mac_ops, s, sizeof (*s)); @@ -483,10 +428,9 @@ gnutls_crypto_mac_register2 (int priority, int version, return GNUTLS_E_CRYPTO_ALREADY_REGISTERED; } -/** - * gnutls_crypto_digest_register2: +/*- + * gnutls_crypto_digest_register: * @priority: is the priority of the digest interface - * @version: should be set to %GNUTLS_CRYPTO_API_VERSION * @s: is a structure holding new interface's data * * This function will register a digest interface to be used by @@ -503,17 +447,11 @@ gnutls_crypto_mac_register2 (int priority, int version, * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. * * Since: 2.6.0 - **/ + -*/ int -gnutls_crypto_digest_register2 (int priority, int version, +gnutls_crypto_digest_register (int priority, const gnutls_crypto_digest_st * s) { - if (version != GNUTLS_CRYPTO_API_VERSION) - { - gnutls_assert (); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; - } - if (crypto_digest_prio > priority) { memcpy (&_gnutls_digest_ops, s, sizeof (*s)); diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h new file mode 100644 index 0000000000..828222bc56 --- /dev/null +++ b/lib/crypto-backend.h @@ -0,0 +1,295 @@ +/* + * Copyright (C) 2011 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + * USA + * + */ + +#ifndef GNUTLS_CRYPTO_BACKEND_H +# define GNUTLS_CRYPTO_BACKEND_H + +# include <gnutls/crypto.h> + +# define gnutls_crypto_single_cipher_st gnutls_crypto_cipher_st +# define gnutls_crypto_single_mac_st gnutls_crypto_mac_st +# define gnutls_crypto_single_digest_st gnutls_crypto_digest_st + + typedef struct + { + int (*init) (gnutls_cipher_algorithm_t, void **ctx); + int (*setkey) (void *ctx, const void *key, size_t keysize); + int (*setiv) (void *ctx, const void *iv, size_t ivsize); + int (*encrypt) (void *ctx, const void *plain, size_t plainsize, + void *encr, size_t encrsize); + int (*decrypt) (void *ctx, const void *encr, size_t encrsize, + void *plain, size_t plainsize); + int (*auth) (void *ctx, const void *data, size_t datasize); + void (*tag) (void *ctx, void *tag, size_t tagsize); + void (*deinit) (void *ctx); + } gnutls_crypto_cipher_st; + + typedef struct + { + int (*init) (gnutls_mac_algorithm_t, void **ctx); + int (*setkey) (void *ctx, const void *key, size_t keysize); + void (*reset) (void *ctx); + int (*hash) (void *ctx, const void *text, size_t textsize); + int (*output) (void *src_ctx, void *digest, size_t digestsize); + void (*deinit) (void *ctx); + } gnutls_crypto_mac_st; + + typedef struct + { + int (*init) (gnutls_mac_algorithm_t, void **ctx); + void (*reset) (void *ctx); + int (*hash) (void *ctx, const void *text, size_t textsize); + int (*copy) (void **dst_ctx, void *src_ctx); + int (*output) (void *src_ctx, void *digest, size_t digestsize); + void (*deinit) (void *ctx); + } gnutls_crypto_digest_st; + + typedef struct gnutls_crypto_rnd + { + int (*init) (void **ctx); + int (*rnd) (void *ctx, int level, void *data, size_t datasize); + void (*deinit) (void *ctx); + } gnutls_crypto_rnd_st; + + typedef void *bigint_t; + + typedef struct + { + bigint_t g; /* group generator */ + bigint_t p; /* prime */ + } gnutls_group_st; + +/** + * gnutls_bigint_format_t: + * @GNUTLS_MPI_FORMAT_USG: Raw unsigned integer format. + * @GNUTLS_MPI_FORMAT_STD: Raw signed integer format, always a leading + * zero when positive. + * @GNUTLS_MPI_FORMAT_PGP: The pgp integer format. + * + * Enumeration of different bignum integer encoding formats. + */ + typedef enum + { + /* raw unsigned integer format */ + GNUTLS_MPI_FORMAT_USG = 0, + /* raw signed integer format - always a leading zero when positive */ + GNUTLS_MPI_FORMAT_STD = 1, + /* the pgp integer format */ + GNUTLS_MPI_FORMAT_PGP = 2 + } gnutls_bigint_format_t; + +/* Multi precision integer arithmetic */ + typedef struct gnutls_crypto_bigint + { + bigint_t (*bigint_new) (int nbits); + void (*bigint_release) (bigint_t n); + /* 0 for equality, > 0 for m1>m2, < 0 for m1<m2 */ + int (*bigint_cmp) (const bigint_t m1, const bigint_t m2); + /* as bigint_cmp */ + int (*bigint_cmp_ui) (const bigint_t m1, unsigned long m2); + /* ret = a % b */ + bigint_t (*bigint_mod) (const bigint_t a, const bigint_t b); + /* a = b -> ret == a */ + bigint_t (*bigint_set) (bigint_t a, const bigint_t b); + /* a = b -> ret == a */ + bigint_t (*bigint_set_ui) (bigint_t a, unsigned long b); + unsigned int (*bigint_get_nbits) (const bigint_t a); + /* w = b ^ e mod m */ + bigint_t (*bigint_powm) (bigint_t w, const bigint_t b, + const bigint_t e, const bigint_t m); + /* w = a + b mod m */ + bigint_t (*bigint_addm) (bigint_t w, const bigint_t a, + const bigint_t b, const bigint_t m); + /* w = a - b mod m */ + bigint_t (*bigint_subm) (bigint_t w, const bigint_t a, const bigint_t b, + const bigint_t m); + /* w = a * b mod m */ + bigint_t (*bigint_mulm) (bigint_t w, const bigint_t a, const bigint_t b, + const bigint_t m); + /* w = a + b */ bigint_t (*bigint_add) (bigint_t w, const bigint_t a, + const bigint_t b); + /* w = a - b */ bigint_t (*bigint_sub) (bigint_t w, const bigint_t a, + const bigint_t b); + /* w = a * b */ + bigint_t (*bigint_mul) (bigint_t w, const bigint_t a, const bigint_t b); + /* w = a + b */ + bigint_t (*bigint_add_ui) (bigint_t w, const bigint_t a, + unsigned long b); + /* w = a - b */ + bigint_t (*bigint_sub_ui) (bigint_t w, const bigint_t a, + unsigned long b); + /* w = a * b */ + bigint_t (*bigint_mul_ui) (bigint_t w, const bigint_t a, + unsigned long b); + /* q = a / b */ + bigint_t (*bigint_div) (bigint_t q, const bigint_t a, const bigint_t b); + /* 0 if prime */ + int (*bigint_prime_check) (const bigint_t pp); + int (*bigint_generate_group) (gnutls_group_st * gg, unsigned int bits); + + /* reads an bigint from a buffer */ + /* stores an bigint into the buffer. returns + * GNUTLS_E_SHORT_MEMORY_BUFFER if buf_size is not sufficient to + * store this integer, and updates the buf_size; + */ + bigint_t (*bigint_scan) (const void *buf, size_t buf_size, + gnutls_bigint_format_t format); + int (*bigint_print) (const bigint_t a, void *buf, size_t * buf_size, + gnutls_bigint_format_t format); + } gnutls_crypto_bigint_st; + +#define GNUTLS_MAX_PK_PARAMS 16 + + typedef struct + { + bigint_t params[GNUTLS_MAX_PK_PARAMS]; + unsigned int params_nr; /* the number of parameters */ + unsigned int flags; + } gnutls_pk_params_st; + +/** + * gnutls_pk_flag_t: + * @GNUTLS_PK_FLAG_NONE: No flag. + * + * Enumeration of public-key flag. + */ + typedef enum + { + GNUTLS_PK_FLAG_NONE = 0 + } gnutls_pk_flag_t; + + + void gnutls_pk_params_release (gnutls_pk_params_st * p); + void gnutls_pk_params_init (gnutls_pk_params_st * p); + +/* params are: + * RSA: + * [0] is modulus + * [1] is public exponent + * [2] is private exponent (private key only) + * [3] is prime1 (p) (private key only) + * [4] is prime2 (q) (private key only) + * [5] is coefficient (u == inverse of p mod q) (private key only) + * [6] e1 == d mod (p-1) + * [7] e2 == d mod (q-1) + * + * note that for libgcrypt that does not use the inverse of q mod p, + * we need to perform conversions using fixup_params(). + * + * DSA: + * [0] is p + * [1] is q + * [2] is g + * [3] is y (public key) + * [4] is x (private key only) + * + * ECC: + * [0] is prime + * [1] is order + * [2] is A + * [3] is Gx + * [4] is Gy + * [5] is x + * [6] is y + * [7] is k (private key) + */ + +/** + * gnutls_direction_t: + * @GNUTLS_IMPORT: Import direction. + * @GNUTLS_EXPORT: Export direction. + * + * Enumeration of different directions. + */ + typedef enum + { + GNUTLS_IMPORT = 0, + GNUTLS_EXPORT = 1 + } gnutls_direction_t; + +/* Public key algorithms */ + typedef struct gnutls_crypto_pk + { + /* The params structure should contain the private or public key + * parameters, depending on the operation */ + int (*encrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * ciphertext, + const gnutls_datum_t * plaintext, + const gnutls_pk_params_st * pub); + int (*decrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * plaintext, + const gnutls_datum_t * ciphertext, + const gnutls_pk_params_st * priv); + + int (*sign) (gnutls_pk_algorithm_t, gnutls_datum_t * signature, + const gnutls_datum_t * data, + const gnutls_pk_params_st * priv); + int (*verify) (gnutls_pk_algorithm_t, const gnutls_datum_t * data, + const gnutls_datum_t * signature, + const gnutls_pk_params_st * pub); + int (*generate) (gnutls_pk_algorithm_t, unsigned int nbits, + gnutls_pk_params_st *); + /* this function should convert params to ones suitable + * for the above functions + */ + int (*pk_fixup_private_params) (gnutls_pk_algorithm_t, gnutls_direction_t, + gnutls_pk_params_st *); + int (*derive) (gnutls_pk_algorithm_t, gnutls_datum_t * out, + const gnutls_pk_params_st * priv, + const gnutls_pk_params_st * pub); + + + } gnutls_crypto_pk_st; + +/* priority: infinity for backend algorithms, 90 for kernel + algorithms, lowest wins + */ + int gnutls_crypto_single_cipher_register (gnutls_cipher_algorithm_t + algorithm, int priority, + const + gnutls_crypto_single_cipher_st * + s); + int gnutls_crypto_single_mac_register (gnutls_mac_algorithm_t algorithm, + int priority, + const gnutls_crypto_single_mac_st * + s); + int gnutls_crypto_single_digest_register (gnutls_digest_algorithm_t + algorithm, int priority, + const + gnutls_crypto_single_digest_st * + s); + + int gnutls_crypto_cipher_register (int priority, + const gnutls_crypto_cipher_st * s); + int gnutls_crypto_mac_register (int priority, + const gnutls_crypto_mac_st * s); + int gnutls_crypto_digest_register (int priority, + const gnutls_crypto_digest_st * s); + + int gnutls_crypto_rnd_register (int priority, + const gnutls_crypto_rnd_st * s); + int gnutls_crypto_pk_register (int priority, + const gnutls_crypto_pk_st * s); + int gnutls_crypto_bigint_register (int priority, + const gnutls_crypto_bigint_st * s); + +#endif diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c index 3bae19bfc5..bb9eaf6f28 100644 --- a/lib/ext/session_ticket.c +++ b/lib/ext/session_ticket.c @@ -557,7 +557,7 @@ gnutls_session_ticket_enable_server (gnutls_session_t session, } epriv.ptr = priv; - ret = _gnutls_rnd (GNUTLS_RND_NONCE, priv->session_ticket_IV, IV_SIZE); + ret = gnutls_rnd (GNUTLS_RND_NONCE, priv->session_ticket_IV, IV_SIZE); if (ret < 0) { gnutls_assert (); diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index 1130ab8d47..3ad6a3b70e 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -232,7 +232,7 @@ calc_enc_length (gnutls_session_t session, int data_size, break; case CIPHER_BLOCK: - ret = _gnutls_rnd (GNUTLS_RND_NONCE, &rnd, 1); + ret = gnutls_rnd (GNUTLS_RND_NONCE, &rnd, 1); if (ret < 0) return gnutls_assert_val(ret); @@ -369,7 +369,7 @@ _gnutls_compressed2ciphertext (gnutls_session_t session, { /* copy the random IV. */ - ret = _gnutls_rnd (GNUTLS_RND_NONCE, data_ptr, blocksize); + ret = gnutls_rnd (GNUTLS_RND_NONCE, data_ptr, blocksize); if (ret < 0) return gnutls_assert_val(ret); diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h index 13de47726d..f16e11a0a5 100644 --- a/lib/gnutls_cipher_int.h +++ b/lib/gnutls_cipher_int.h @@ -27,6 +27,7 @@ #define GNUTLS_CIPHER_INT #include <gnutls/crypto.h> +#include <crypto-backend.h> extern int crypto_cipher_prio; extern gnutls_crypto_cipher_st _gnutls_cipher_ops; diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 9eeafae5e8..ff1a6504ba 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -350,7 +350,7 @@ _gnutls_tls_create_random (opaque * dst) /* generate server random value */ _gnutls_write_uint32 (tim, dst); - ret = _gnutls_rnd (GNUTLS_RND_NONCE, &dst[4], GNUTLS_RANDOM_SIZE - 4); + ret = gnutls_rnd (GNUTLS_RND_NONCE, &dst[4], GNUTLS_RANDOM_SIZE - 4); if (ret < 0) { gnutls_assert (); @@ -3102,7 +3102,7 @@ _gnutls_generate_session_id (opaque * session_id, uint8_t * len) *len = TLS_MAX_SESSION_ID_SIZE; - ret = _gnutls_rnd (GNUTLS_RND_NONCE, session_id, *len); + ret = gnutls_rnd (GNUTLS_RND_NONCE, session_id, *len); if (ret < 0) { gnutls_assert (); diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h index 75a8bb82bc..5a06024cd5 100644 --- a/lib/gnutls_hash_int.h +++ b/lib/gnutls_hash_int.h @@ -28,6 +28,7 @@ #include <gnutls_int.h> #include <gnutls/crypto.h> +#include <crypto-backend.h> #include <crypto.h> /* for message digests */ diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c index 2193654efe..33f95f67f6 100644 --- a/lib/gnutls_mpi.c +++ b/lib/gnutls_mpi.c @@ -68,7 +68,7 @@ _gnutls_mpi_randomize (bigint_t r, unsigned int bits, } - ret = _gnutls_rnd (level, buf, size); + ret = gnutls_rnd (level, buf, size); if (ret < 0) { gnutls_assert (); diff --git a/lib/gnutls_mpi.h b/lib/gnutls_mpi.h index 19154ef267..ef0d33f77f 100644 --- a/lib/gnutls_mpi.h +++ b/lib/gnutls_mpi.h @@ -28,7 +28,7 @@ #include <gnutls_int.h> -#include <gnutls/crypto.h> +#include <crypto-backend.h> extern int crypto_bigint_prio; extern gnutls_crypto_bigint_st _gnutls_mpi_ops; diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index 38632f96a9..fa72e13be1 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -93,7 +93,7 @@ _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, return GNUTLS_E_INTERNAL_ERROR; } - ret = _gnutls_rnd (GNUTLS_RND_RANDOM, ps, psize); + ret = gnutls_rnd (GNUTLS_RND_RANDOM, ps, psize); if (ret < 0) { gnutls_assert (); @@ -103,7 +103,7 @@ _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, for (i = 0; i < psize; i++) while (ps[i] == 0) { - ret = _gnutls_rnd (GNUTLS_RND_RANDOM, &ps[i], 1); + ret = gnutls_rnd (GNUTLS_RND_RANDOM, &ps[i], 1); if (ret < 0) { gnutls_assert (); diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h index d781c07a79..2681d8187e 100644 --- a/lib/includes/gnutls/crypto.h +++ b/lib/includes/gnutls/crypto.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008, 2009, 2010 Free Software Foundation, Inc. + * Copyright (C) 2008, 2009, 2010, 2011 Free Software Foundation, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -81,45 +81,6 @@ extern "C" /* register ciphers */ -#define GNUTLS_CRYPTO_API_VERSION 0x04 - -#define gnutls_crypto_single_cipher_st gnutls_crypto_cipher_st -#define gnutls_crypto_single_mac_st gnutls_crypto_mac_st -#define gnutls_crypto_single_digest_st gnutls_crypto_digest_st - - typedef struct - { - int (*init) (gnutls_cipher_algorithm_t, void **ctx); - int (*setkey) (void *ctx, const void *key, size_t keysize); - int (*setiv) (void *ctx, const void *iv, size_t ivsize); - int (*encrypt) (void *ctx, const void *plain, size_t plainsize, - void *encr, size_t encrsize); - int (*decrypt) (void *ctx, const void *encr, size_t encrsize, - void *plain, size_t plainsize); - int (*auth) (void *ctx, const void *data, size_t datasize); - void (*tag) (void *ctx, void *tag, size_t tagsize); - void (*deinit) (void *ctx); - } gnutls_crypto_cipher_st; - - typedef struct - { - int (*init) (gnutls_mac_algorithm_t, void **ctx); - int (*setkey) (void *ctx, const void *key, size_t keysize); - void (*reset) (void *ctx); - int (*hash) (void *ctx, const void *text, size_t textsize); - int (*output) (void *src_ctx, void *digest, size_t digestsize); - void (*deinit) (void *ctx); - } gnutls_crypto_mac_st; - - typedef struct - { - int (*init) (gnutls_mac_algorithm_t, void **ctx); - void (*reset) (void *ctx); - int (*hash) (void *ctx, const void *text, size_t textsize); - int (*copy) (void **dst_ctx, void *src_ctx); - int (*output) (void *src_ctx, void *digest, size_t digestsize); - void (*deinit) (void *ctx); - } gnutls_crypto_digest_st; /** * gnutls_rnd_level_t: @@ -140,259 +101,6 @@ extern "C" int gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len); - -/** - * gnutls_pk_flag_t: - * @GNUTLS_PK_FLAG_NONE: No flag. - * - * Enumeration of public-key flag. - */ - typedef enum - { - GNUTLS_PK_FLAG_NONE = 0 - } gnutls_pk_flag_t; - - typedef struct gnutls_crypto_rnd - { - int (*init) (void **ctx); - int (*rnd) (void *ctx, int level, void *data, size_t datasize); - void (*deinit) (void *ctx); - } gnutls_crypto_rnd_st; - - typedef void *bigint_t; - -/** - * gnutls_bigint_format_t: - * @GNUTLS_MPI_FORMAT_USG: Raw unsigned integer format. - * @GNUTLS_MPI_FORMAT_STD: Raw signed integer format, always a leading - * zero when positive. - * @GNUTLS_MPI_FORMAT_PGP: The pgp integer format. - * - * Enumeration of different bignum integer encoding formats. - */ - typedef enum - { - /* raw unsigned integer format */ - GNUTLS_MPI_FORMAT_USG = 0, - /* raw signed integer format - always a leading zero when positive */ - GNUTLS_MPI_FORMAT_STD = 1, - /* the pgp integer format */ - GNUTLS_MPI_FORMAT_PGP = 2 - } gnutls_bigint_format_t; - - typedef struct - { - bigint_t g; /* group generator */ - bigint_t p; /* prime */ - } gnutls_group_st; - -/* Multi precision integer arithmetic */ - typedef struct gnutls_crypto_bigint - { - bigint_t (*bigint_new) (int nbits); - void (*bigint_release) (bigint_t n); - /* 0 for equality, > 0 for m1>m2, < 0 for m1<m2 */ - int (*bigint_cmp) (const bigint_t m1, const bigint_t m2); - /* as bigint_cmp */ - int (*bigint_cmp_ui) (const bigint_t m1, unsigned long m2); - /* ret = a % b */ - bigint_t (*bigint_mod) (const bigint_t a, const bigint_t b); - /* a = b -> ret == a */ - bigint_t (*bigint_set) (bigint_t a, const bigint_t b); - /* a = b -> ret == a */ - bigint_t (*bigint_set_ui) (bigint_t a, unsigned long b); - unsigned int (*bigint_get_nbits) (const bigint_t a); - /* w = b ^ e mod m */ - bigint_t (*bigint_powm) (bigint_t w, const bigint_t b, - const bigint_t e, const bigint_t m); - /* w = a + b mod m */ - bigint_t (*bigint_addm) (bigint_t w, const bigint_t a, - const bigint_t b, const bigint_t m); - /* w = a - b mod m */ - bigint_t (*bigint_subm) (bigint_t w, const bigint_t a, const bigint_t b, - const bigint_t m); - /* w = a * b mod m */ - bigint_t (*bigint_mulm) (bigint_t w, const bigint_t a, const bigint_t b, - const bigint_t m); - /* w = a + b */ bigint_t (*bigint_add) (bigint_t w, const bigint_t a, - const bigint_t b); - /* w = a - b */ bigint_t (*bigint_sub) (bigint_t w, const bigint_t a, - const bigint_t b); - /* w = a * b */ - bigint_t (*bigint_mul) (bigint_t w, const bigint_t a, const bigint_t b); - /* w = a + b */ - bigint_t (*bigint_add_ui) (bigint_t w, const bigint_t a, - unsigned long b); - /* w = a - b */ - bigint_t (*bigint_sub_ui) (bigint_t w, const bigint_t a, - unsigned long b); - /* w = a * b */ - bigint_t (*bigint_mul_ui) (bigint_t w, const bigint_t a, - unsigned long b); - /* q = a / b */ - bigint_t (*bigint_div) (bigint_t q, const bigint_t a, const bigint_t b); - /* 0 if prime */ - int (*bigint_prime_check) (const bigint_t pp); - int (*bigint_generate_group) (gnutls_group_st * gg, unsigned int bits); - - /* reads an bigint from a buffer */ - /* stores an bigint into the buffer. returns - * GNUTLS_E_SHORT_MEMORY_BUFFER if buf_size is not sufficient to - * store this integer, and updates the buf_size; - */ - bigint_t (*bigint_scan) (const void *buf, size_t buf_size, - gnutls_bigint_format_t format); - int (*bigint_print) (const bigint_t a, void *buf, size_t * buf_size, - gnutls_bigint_format_t format); - } gnutls_crypto_bigint_st; - -#define GNUTLS_MAX_PK_PARAMS 16 - - typedef struct - { - bigint_t params[GNUTLS_MAX_PK_PARAMS]; - unsigned int params_nr; /* the number of parameters */ - unsigned int flags; - } gnutls_pk_params_st; - - void gnutls_pk_params_release (gnutls_pk_params_st * p); - void gnutls_pk_params_init (gnutls_pk_params_st * p); - -/* params are: - * RSA: - * [0] is modulus - * [1] is public exponent - * [2] is private exponent (private key only) - * [3] is prime1 (p) (private key only) - * [4] is prime2 (q) (private key only) - * [5] is coefficient (u == inverse of p mod q) (private key only) - * [6] e1 == d mod (p-1) - * [7] e2 == d mod (q-1) - * - * note that for libgcrypt that does not use the inverse of q mod p, - * we need to perform conversions using fixup_params(). - * - * DSA: - * [0] is p - * [1] is q - * [2] is g - * [3] is y (public key) - * [4] is x (private key only) - * - * ECC: - * [0] is prime - * [1] is order - * [2] is A - * [3] is Gx - * [4] is Gy - * [5] is x - * [6] is y - * [7] is k (private key) - */ - -/** - * gnutls_direction_t: - * @GNUTLS_IMPORT: Import direction. - * @GNUTLS_EXPORT: Export direction. - * - * Enumeration of different directions. - */ - typedef enum - { - GNUTLS_IMPORT = 0, - GNUTLS_EXPORT = 1 - } gnutls_direction_t; - -/* Public key algorithms */ - typedef struct gnutls_crypto_pk - { - /* The params structure should contain the private or public key - * parameters, depending on the operation */ - int (*encrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * ciphertext, - const gnutls_datum_t * plaintext, - const gnutls_pk_params_st * pub); - int (*decrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * plaintext, - const gnutls_datum_t * ciphertext, - const gnutls_pk_params_st * priv); - - int (*sign) (gnutls_pk_algorithm_t, gnutls_datum_t * signature, - const gnutls_datum_t * data, - const gnutls_pk_params_st * priv); - int (*verify) (gnutls_pk_algorithm_t, const gnutls_datum_t * data, - const gnutls_datum_t * signature, - const gnutls_pk_params_st * pub); - int (*generate) (gnutls_pk_algorithm_t, unsigned int nbits, - gnutls_pk_params_st *); - /* this function should convert params to ones suitable - * for the above functions - */ - int (*pk_fixup_private_params) (gnutls_pk_algorithm_t, gnutls_direction_t, - gnutls_pk_params_st *); - int (*derive) (gnutls_pk_algorithm_t, gnutls_datum_t * out, - const gnutls_pk_params_st * priv, - const gnutls_pk_params_st * pub); - - - } gnutls_crypto_pk_st; - -/* priority: infinity for backend algorithms, 90 for kernel - algorithms, lowest wins - */ -#define gnutls_crypto_single_cipher_register(algo, prio, st) \ - gnutls_crypto_single_cipher_register2 (algo, prio, \ - GNUTLS_CRYPTO_API_VERSION, st) -#define gnutls_crypto_single_mac_register(algo, prio, st) \ - gnutls_crypto_single_mac_register2 (algo, prio, \ - GNUTLS_CRYPTO_API_VERSION, st) -#define gnutls_crypto_single_digest_register(algo, prio, st) \ - gnutls_crypto_single_digest_register2(algo, prio, \ - GNUTLS_CRYPTO_API_VERSION, st) - - int gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t - algorithm, int priority, - int version, - const - gnutls_crypto_single_cipher_st * - s); - int gnutls_crypto_single_mac_register2 (gnutls_mac_algorithm_t algorithm, - int priority, int version, - const gnutls_crypto_single_mac_st * - s); - int gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t - algorithm, int priority, - int version, - const - gnutls_crypto_single_digest_st * - s); - -#define gnutls_crypto_cipher_register(prio, st) \ - gnutls_crypto_cipher_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st) -#define gnutls_crypto_mac_register(prio, st) \ - gnutls_crypto_mac_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st) -#define gnutls_crypto_digest_register(prio, st) \ - gnutls_crypto_digest_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st) - - int gnutls_crypto_cipher_register2 (int priority, int version, - const gnutls_crypto_cipher_st * s); - int gnutls_crypto_mac_register2 (int priority, int version, - const gnutls_crypto_mac_st * s); - int gnutls_crypto_digest_register2 (int priority, int version, - const gnutls_crypto_digest_st * s); - -#define gnutls_crypto_rnd_register(prio, st) \ - gnutls_crypto_rnd_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st) -#define gnutls_crypto_pk_register(prio, st) \ - gnutls_crypto_pk_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st) -#define gnutls_crypto_bigint_register(prio, st) \ - gnutls_crypto_bigint_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st) - - int gnutls_crypto_rnd_register2 (int priority, int version, - const gnutls_crypto_rnd_st * s); - int gnutls_crypto_pk_register2 (int priority, int version, - const gnutls_crypto_pk_st * s); - int gnutls_crypto_bigint_register2 (int priority, int version, - const gnutls_crypto_bigint_st * s); - #ifdef __cplusplus } #endif diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 3d906e6211..042b2f95cb 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -102,15 +102,6 @@ GNUTLS_1_4 gnutls_compression_set_priority; gnutls_credentials_clear; gnutls_credentials_set; - gnutls_crypto_bigint_register2; - gnutls_crypto_cipher_register2; - gnutls_crypto_digest_register2; - gnutls_crypto_mac_register2; - gnutls_crypto_pk_register2; - gnutls_crypto_rnd_register2; - gnutls_crypto_single_cipher_register2; - gnutls_crypto_single_digest_register2; - gnutls_crypto_single_mac_register2; gnutls_db_check_entry; gnutls_db_get_ptr; gnutls_db_remove_session; @@ -724,6 +715,8 @@ GNUTLS_3_0_0 { GNUTLS_PRIVATE { global: # Internal symbols needed by libgnutls-extra: + gnutls_crypto_single_mac_register; + gnutls_crypto_single_digest_register; _gnutls_log_level; _gnutls_write_uint24; _gnutls_log; diff --git a/lib/nettle/mpi.c b/lib/nettle/mpi.c index e6082dd2d3..523804b49e 100644 --- a/lib/nettle/mpi.c +++ b/lib/nettle/mpi.c @@ -461,7 +461,7 @@ gen_group (mpz_t * prime, mpz_t * generator, unsigned int nbits) */ for (;;) { - ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, q_bytes); + ret = gnutls_rnd (GNUTLS_RND_RANDOM, buffer, q_bytes); if (ret < 0) { gnutls_assert (); @@ -493,7 +493,7 @@ gen_group (mpz_t * prime, mpz_t * generator, unsigned int nbits) for (;;) { - ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, w_bytes); + ret = gnutls_rnd (GNUTLS_RND_RANDOM, buffer, w_bytes); if (ret < 0) { gnutls_assert (); @@ -541,7 +541,7 @@ gen_group (mpz_t * prime, mpz_t * generator, unsigned int nbits) for (;;) { - ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, r_bytes); + ret = gnutls_rnd (GNUTLS_RND_RANDOM, buffer, r_bytes); if (ret < 0) { gnutls_assert (); diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 2689a6093f..15696cd681 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -50,7 +50,7 @@ static inline int is_supported_curve(int curve); static void rnd_func (void *_ctx, unsigned length, uint8_t * data) { - _gnutls_rnd (GNUTLS_RND_RANDOM, data, length); + gnutls_rnd (GNUTLS_RND_RANDOM, data, length); } static void diff --git a/lib/opencdk/misc.c b/lib/opencdk/misc.c index 7173ee8070..4c50156391 100644 --- a/lib/opencdk/misc.c +++ b/lib/opencdk/misc.c @@ -188,7 +188,7 @@ _cdk_tmpfile (void) FILE *fp; int fd, i; - _gnutls_rnd (GNUTLS_RND_NONCE, rnd, DIM (rnd)); + gnutls_rnd (GNUTLS_RND_NONCE, rnd, DIM (rnd)); for (i = 0; i < DIM (rnd) - 1; i++) { char c = letters[(unsigned char) rnd[i] % 26]; diff --git a/lib/pkcs11_secret.c b/lib/pkcs11_secret.c index 3cfb1e161b..3b8a80c0ab 100644 --- a/lib/pkcs11_secret.c +++ b/lib/pkcs11_secret.c @@ -69,7 +69,7 @@ gnutls_pkcs11_copy_secret_key (const char *token_url, gnutls_datum_t * key, } /* generate a unique ID */ - ret = _gnutls_rnd (GNUTLS_RND_NONCE, id, sizeof (id)); + ret = gnutls_rnd (GNUTLS_RND_NONCE, id, sizeof (id)); if (ret < 0) { gnutls_assert (); diff --git a/lib/random.h b/lib/random.h index 8475d9a98b..0ed26324b2 100644 --- a/lib/random.h +++ b/lib/random.h @@ -26,12 +26,11 @@ #define RANDOM_H #include <gnutls/crypto.h> +#include <crypto-backend.h> extern int crypto_rnd_prio; extern gnutls_crypto_rnd_st _gnutls_rnd_ops; -int _gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len); -#define _gnutls_rnd gnutls_rnd void _gnutls_rnd_deinit (void); int _gnutls_rnd_init (void); diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index f278612414..f184c0f0df 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -880,7 +880,7 @@ gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass) /* Generate the salt. */ - result = _gnutls_rnd (GNUTLS_RND_NONCE, salt, sizeof (salt)); + result = gnutls_rnd (GNUTLS_RND_NONCE, salt, sizeof (salt)); if (result < 0) { gnutls_assert (); diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index 4bb99c5366..3d7b21fd1f 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -1905,7 +1905,7 @@ generate_key (schema_id schema, opaque rnd[2]; int ret; - ret = _gnutls_rnd (GNUTLS_RND_RANDOM, rnd, 2); + ret = gnutls_rnd (GNUTLS_RND_RANDOM, rnd, 2); if (ret < 0) { gnutls_assert (); @@ -1948,7 +1948,7 @@ generate_key (schema_id schema, return GNUTLS_E_INVALID_REQUEST; } - ret = _gnutls_rnd (GNUTLS_RND_RANDOM, kdf_params->salt, + ret = gnutls_rnd (GNUTLS_RND_RANDOM, kdf_params->salt, kdf_params->salt_size); if (ret < 0) { @@ -1990,7 +1990,7 @@ generate_key (schema_id schema, if (enc_params->iv_size) { - ret = _gnutls_rnd (GNUTLS_RND_NONCE, + ret = gnutls_rnd (GNUTLS_RND_NONCE, enc_params->iv, enc_params->iv_size); if (ret < 0) { diff --git a/libextra/gnutls_openssl.c b/libextra/gnutls_openssl.c index 3754d96ff9..88752a953e 100644 --- a/libextra/gnutls_openssl.c +++ b/libextra/gnutls_openssl.c @@ -806,14 +806,14 @@ RAND_seed (const void *buf, int num) int RAND_bytes (unsigned char *buf, int num) { - _gnutls_rnd (GNUTLS_RND_RANDOM, buf, num); + gnutls_rnd (GNUTLS_RND_RANDOM, buf, num); return 1; } int RAND_pseudo_bytes (unsigned char *buf, int num) { - _gnutls_rnd (GNUTLS_RND_NONCE, buf, num); + gnutls_rnd (GNUTLS_RND_NONCE, buf, num); return 1; } @@ -44,7 +44,7 @@ main (int argc, char **argv) #include <gnutls/extra.h> #include <psk-gaa.h> -#include "../lib/random.h" /* for random */ +#include <gnutls/crypto.h> /* for random */ #include <sys/types.h> #include <sys/stat.h> diff --git a/src/srptool.c b/src/srptool.c index 742cafaa02..5c25c85a4c 100644 --- a/src/srptool.c +++ b/src/srptool.c @@ -27,7 +27,7 @@ #include <gnutls/gnutls.h> #include <gnutls/extra.h> #include <srptool-gaa.h> -#include "../lib/random.h" /* for random */ +#include <gnutls/crypto.h> /* for random */ #include <sys/types.h> #include <sys/stat.h> diff --git a/tests/Makefile.am b/tests/Makefile.am index 48b1e41398..bd259311f7 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -59,7 +59,7 @@ noinst_LTLIBRARIES = libutils.la libutils_la_SOURCES = utils.h utils.c ctests = simple gc set_pkcs12_cred certder certuniqueid mpi \ - certificate_set_x509_crl dn parse_ca moredn crypto_rng mini \ + certificate_set_x509_crl dn parse_ca moredn mini \ hostname-check cve-2008-4989 pkcs12_s2k chainverify \ crq_key_id x509sign-verify cve-2009-1415 cve-2009-1416 \ crq_apis init_roundtrip pkcs12_s2k_pem dn2 mini-eagain \ diff --git a/tests/crypto_rng.c b/tests/crypto_rng.c deleted file mode 100644 index fbeb10c5af..0000000000 --- a/tests/crypto_rng.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright (C) 2008, 2010 Free Software Foundation, Inc. - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GnuTLS. - * - * GnuTLS is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * GnuTLS is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with GnuTLS. If not, see <http://www.gnu.org/licenses/>. - * - */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif - -#include <stdio.h> - -#include "utils.h" - -#include <gnutls/gnutls.h> -#include <gnutls/crypto.h> -#include "../lib/random.h" - -static int -rng_init (void **ctx) -{ - return 0; -} - -static int -rng_rnd (void *ctx, int level, void *data, size_t datasize) -{ - memset (data, 1, datasize); - return 0; -} - -static void -rng_deinit (void *ctx) -{ -} - -void -doit (void) -{ - int rc; - char buf1[32]; - char buf2[32]; - int failed = 0; - gnutls_crypto_rnd_st rng = { rng_init, rng_rnd, rng_deinit }; - - - rc = gnutls_crypto_rnd_register (0, &rng); - - gnutls_global_init (); - - memset (buf2, 1, sizeof (buf2)); - - _gnutls_rnd (GNUTLS_RND_RANDOM, buf1, sizeof (buf1)); - - if (memcmp (buf1, buf2, sizeof (buf1)) != 0) - failed = 1; - - gnutls_global_deinit (); - - if (failed == 0) - { - success ("rng registered ok\n"); - } - else - { - fail ("rng register test failed: %d\n", rc); - } -} diff --git a/tests/rng-fork.c b/tests/rng-fork.c index 4bb396bc6d..5b086b9043 100644 --- a/tests/rng-fork.c +++ b/tests/rng-fork.c @@ -34,7 +34,6 @@ #include "utils.h" #include <gnutls/gnutls.h> #include <gnutls/crypto.h> -#include "../lib/random.h" #if !defined(_WIN32) static void dump(const char* name, unsigned char* buf, int buf_size) @@ -65,7 +64,7 @@ doit (void) if (fp == NULL) fail("cannot open file"); - _gnutls_rnd (GNUTLS_RND_RANDOM, buf1, sizeof (buf1)); + gnutls_rnd (GNUTLS_RND_RANDOM, buf1, sizeof (buf1)); if (debug) dump("buf1", buf1, sizeof(buf1)); fwrite(buf1, 1, sizeof(buf1), fp); @@ -74,7 +73,7 @@ doit (void) else { /* daddy */ - _gnutls_rnd (GNUTLS_RND_RANDOM, buf2, sizeof (buf2)); + gnutls_rnd (GNUTLS_RND_RANDOM, buf2, sizeof (buf2)); if (debug) dump("buf2", buf2, sizeof(buf2)); waitpid(pid, NULL, 0); |