diff options
| author | Daiki Ueno <ueno@gnu.org> | 2020-09-06 08:56:07 +0200 |
|---|---|---|
| committer | Daiki Ueno <ueno@gnu.org> | 2020-11-04 08:55:00 +0100 |
| commit | e0928a2edd318ba26279591abe62f8801c814c7a (patch) | |
| tree | 4a3d080e52dcb99c1ee6f13d7083c7c37582f4ea | |
| parent | 4511d0cebd3b37d7878139fd9c6e2fda68707169 (diff) | |
| download | gnutls-e0928a2edd318ba26279591abe62f8801c814c7a.tar.gz | |
build: hard require nettle 3.6
This allows us to remove several backports, including XTS, CFB8,
raw-ChaCha, CMAC64, Curve448, and the GOST curves and hashes.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | bootstrap.conf | 1 | ||||
| -rw-r--r-- | configure.ac | 72 | ||||
| -rwxr-xr-x | devel/import-ecc-from-nettle.sh | 225 | ||||
| -rwxr-xr-x | devel/import-from-nettle.sh | 59 | ||||
| -rw-r--r-- | lib/nettle/Makefile.am | 119 | ||||
| -rw-r--r-- | lib/nettle/cipher.c | 17 | ||||
| -rw-r--r-- | lib/nettle/gost/cmac-kuznyechik.c | 4 | ||||
| -rw-r--r-- | lib/nettle/gost/cmac-magma.c | 4 | ||||
| -rw-r--r-- | lib/nettle/gost/gostdsa-mask.c | 18 | ||||
| -rw-r--r-- | lib/nettle/gost/gosthash94-meta.c | 47 | ||||
| -rw-r--r-- | lib/nettle/gost/gosthash94.c | 376 | ||||
| -rw-r--r-- | lib/nettle/gost/gosthash94.h | 101 | ||||
| -rw-r--r-- | lib/nettle/gost/hmac-gost.h | 26 | ||||
| -rw-r--r-- | lib/nettle/gost/hmac-gosthash94.c | 65 | ||||
| -rw-r--r-- | lib/nettle/mac.c | 14 | ||||
| -rw-r--r-- | lib/nettle/pk.c | 5 | ||||
| -rw-r--r-- | m4/hooks.m4 | 2 |
18 files changed, 20 insertions, 1137 deletions
@@ -7,6 +7,8 @@ See the end for copying conditions. * Version 3.7.0 (unreleased) +** libgnutls: Depend on nettle 3.6. + ** libgnutls: Added a new API that provides a callback function to retrieve missing certificates from incomplete certificate chains (#202). diff --git a/bootstrap.conf b/bootstrap.conf index 9e5a834cb5..31eb7a33a6 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -104,7 +104,6 @@ bootstrap_post_import_hook () # Automake requires that ChangeLog exist. touch ChangeLog || return 1 - devel/import-ecc-from-nettle.sh devel/import-from-nettle.sh devel/import-minitasn1.sh } diff --git a/configure.ac b/configure.ac index 42e3c0bc3f..157178d392 100644 --- a/configure.ac +++ b/configure.ac @@ -637,52 +637,6 @@ AC_CHECK_FUNCS(nettle_rsa_sec_decrypt, ) LIBS=$save_LIBS -# Check if nettle has CFB8 support -if test -z "$ac_cv_func_nettle_cfb8_encrypt"; then - # nettle_cfb8_decrypt in nettle upto 3.6 is known to be broken - if ! $PKG_CONFIG --atleast-version=3.6 nettle; then - ac_cv_func_nettle_cfb8_encrypt=no - fi -fi - -save_LIBS=$LIBS -LIBS="$LIBS $NETTLE_LIBS" -AC_CHECK_FUNCS(nettle_cfb8_encrypt) -LIBS=$save_LIBS -AM_CONDITIONAL(NEED_CFB, [test "$ac_cv_func_nettle_cfb8_encrypt" != "yes"]) - -# Check if nettle has CMAC support -save_CFLAGS=$CFLAGS -CFLAGS="$CFLAGS $NETTLE_CFLAGS" -AC_CHECK_TYPES([union nettle_block8], , , [[#include <nettle/nettle-types.h>]]) -CFLAGS=$save_CFLAGS - -save_LIBS=$LIBS -LIBS="$LIBS $NETTLE_LIBS" -AC_CHECK_FUNCS(nettle_cmac128_update) -LIBS=$save_LIBS -AM_CONDITIONAL(NEED_CMAC, [test "$ac_cv_func_nettle_cmac128_update" != "yes"]) - -# Check for CMAC-64 support -save_LIBS=$LIBS -LIBS="$LIBS $NETTLE_LIBS" -AC_CHECK_FUNCS(nettle_cmac64_update) -LIBS=$save_LIBS -AM_CONDITIONAL(NEED_CMAC64, [test "$ac_cv_func_nettle_cmac64_update" != "yes"]) - -# Check if nettle has XTS support -save_LIBS=$LIBS -LIBS="$LIBS $NETTLE_LIBS" -AC_CHECK_FUNCS(nettle_xts_encrypt_message) -LIBS=$save_LIBS -AM_CONDITIONAL(NEED_XTS, [test "$ac_cv_func_nettle_xts_encrypt_message" != "yes"]) - -# Check for Gosthash94 with CryptoPro S-box support -save_LIBS=$LIBS -LIBS="$LIBS $NETTLE_LIBS" -AC_CHECK_FUNCS(nettle_gosthash94cp_update) -LIBS=$save_LIBS - # Check for GOST28147 save_LIBS=$LIBS LIBS="$LIBS $NETTLE_LIBS" @@ -695,32 +649,6 @@ LIBS="$LIBS $NETTLE_LIBS" AC_CHECK_FUNCS(nettle_streebog512_update) LIBS=$save_LIBS -# Check for Curve448 and Ed448 -have_new_ecc=yes -save_LIBS=$LIBS -LIBS="$LIBS $HOGWEED_LIBS $NETTLE_LIBS" -AC_CHECK_FUNCS([nettle_curve448_mul nettle_ed448_shake256_sign nettle_get_gost_gc256b nettle_get_gost_gc512a nettle_gostdsa_sign], - [], [have_new_ecc=no]) -LIBS=$save_LIBS -AS_IF([test "$have_new_ecc" != "yes"], AC_DEFINE([NEED_INT_ECC], 1, [Use backported Curve448/GOST R 34.10 DSA support])) -AM_CONDITIONAL(NEED_INT_ECC, test "$have_new_ecc" != "yes") - -# Check if nettle has ChaCha20 initial block counter support -have_chacha_set_counter=no -save_LIBS=$LIBS -LIBS="$LIBS $NETTLE_LIBS" -AC_CHECK_FUNCS([nettle_chacha_set_counter], - [have_chacha_set_counter=yes]) -LIBS=$save_LIBS -AM_CONDITIONAL(NEED_CHACHA, [test "$have_chacha_set_counter" != "yes"]) - -# Check for SIV-CMAC -save_LIBS=$LIBS -LIBS="$LIBS $NETTLE_LIBS" -AC_CHECK_FUNCS(nettle_siv_cmac_aes128_set_key) -LIBS=$save_LIBS -AM_CONDITIONAL(NEED_SIV, [test "$ac_cv_func_nettle_siv_cmac_aes128_set_key" != "yes"]) - # Check for Magma save_LIBS=$LIBS LIBS="$LIBS $NETTLE_LIBS" diff --git a/devel/import-ecc-from-nettle.sh b/devel/import-ecc-from-nettle.sh deleted file mode 100755 index 2ce6285d39..0000000000 --- a/devel/import-ecc-from-nettle.sh +++ /dev/null @@ -1,225 +0,0 @@ -#!/bin/sh - -# This script copies the Curve448 and Ed448, GOST 34.10 implementation from the -# nettle upstream, with necessary adjustments for bundling in GnuTLS. - -set +e - -: ${srcdir=.} -SRC=$srcdir/devel/nettle -DST=$srcdir/lib/nettle/ecc - -IMPORTS=" -cnd-copy.c -curve448-eh-to-x.c -curve448.h -curve448-mul.c -curve448-mul-g.c -eccdata.c -ecc-curve448.c -ecc-add-eh.c -ecc-add-ehh.c -ecc-add-jja.c -ecc-add-jjj.c -ecc-a-to-j.c -ecc-dup-eh.c -ecc-dup-jj.c -ecc-eh-to-a.c -ecc-gost-gc256b.c -ecc-gost-gc512a.c -ecc-gostdsa-sign.c -ecc-gostdsa-verify.c -ecc-internal.h -ecc-j-to-a.c -ecc-mod-arith.c -ecc-mod.c -ecc-mod-inv.c -ecc-mul-a.c -ecc-mul-a-eh.c -ecc-mul-g.c -ecc-mul-g-eh.c -ecc-mul-m.c -ecc-random.c -ed448-shake256.c -ed448-shake256-pubkey.c -ed448-shake256-sign.c -ed448-shake256-verify.c -eddsa-compress.c -eddsa-decompress.c -eddsa-expand.c -eddsa.h -eddsa-hash.c -eddsa-internal.h -eddsa-pubkey.c -eddsa-sign.c -eddsa-verify.c -gostdsa.h -gostdsa-sign.c -gostdsa-verify.c -gostdsa-vko.c -gmp-glue.h -gmp-glue.c -nettle-write.h -sec-add-1.c -sec-tabselect.c -sha3.c -sha3.h -sha3-256.c -sha3-internal.h -sha3-permute.c -shake256.c -write-le64.c -" - -PUBLIC=" -bignum.h -dsa.h -ecc-curve.h -ecc.h -ecdsa.h -macros.h -memxor.h -nettle-meta.h -nettle-types.h -" - -test -d $DST || mkdir $DST - -for f in $IMPORTS; do - src=$SRC/$f - dst=$DST/$f - if test -f $src; then - if test -f $dst; then - echo "Replacing $dst (existing file backed up in $dst~)" - mv $dst $dst~ - else - echo "Copying file $dst" - fi - cp $src $dst - # Use <nettle/*.h> for public headers. - for h in $PUBLIC; do - p=$(echo $h | sed 's/\./\\./g') - if grep '^#include "'$p'"' $dst 2>&1 >/dev/null; then - sed 's!^#include "'$p'"!#include <nettle/'$h'>!' $dst > $dst-t && \ - mv $dst-t $dst - fi - done - # Remove unused <assert.h>. - if grep '^#include <assert\.h>' $dst 2>&1 >/dev/null; then - if ! grep 'assert *(' $dst 2>&1 >/dev/null; then - sed '/^#include <assert\.h>/d' $dst > $dst-t && mv $dst-t $dst - fi - fi - case $dst in - *.h) - # Rename header guard so as not to conflict with the public ones. - if grep '^#ifndef NETTLE_.*_H\(_INCLUDED\)*' $dst 2>&1 >/dev/null; then - g=$(sed -n 's/^#ifndef NETTLE_\(.*_H\(_INCLUDED\)*\)/\1/p' $dst) - sed 's/\(NETTLE_'$g'\)/GNUTLS_LIB_NETTLE_ECC_\1/' $dst > $dst-t && \ - mv $dst-t $dst - fi - # Add prefix to function symbols avoid clashing with the public ones. - sed -e 's/^#define \(.*\) nettle_\1/#define \1 gnutls_nettle_ecc_\1/' \ - -e 's/^#define \(.*\) _nettle_\1/#define \1 _gnutls_nettle_ecc_\1/' \ - -e 's/^#define _\(.*\) _nettle_\1/#define _\1 _gnutls_nettle_ecc_\1/' \ - -e '/^_nettle_/ { h ; s/^_nettle_\(.*\)(.*/#define _nettle_\1 _gnutls_nettle_ecc_\1/g ; p; x; }' \ - -e '/^extern const struct ecc_curve _nettle_\(.*\);/ { h ; s/.*_nettle\(.*\);/#define _nettle_\1 _gnutls_nettle_ecc_\1/ ; p; x; }' \ - -e '/^extern const struct ecc_eddsa _nettle_\(.*\);/ { h ; s/.*_nettle\(.*\);/#define _nettle_\1 _gnutls_nettle_ecc_\1/ ; p; x; }' \ - -e '/gostdsa_generate_keypair/d' \ - $dst > $dst-t && \ - mv $dst-t $dst - ;; - */eccdata.c) - sed 's/^#include "mini-gmp.c"/#include <gmp.h>/' $dst > $dst-t && \ - mv $dst-t $dst - ;; - */ecc-curve448.c) - # The generated file is arch dependent, conditionalize the - # inclusion. - sed '/^#include "ecc-curve448\.h"/ { i\ -#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)\ -# pragma GCC diagnostic ignored "-Wunused-const-variable"\ -#endif\ -#if GMP_NUMB_BITS == 32\ -#include "ecc/ecc-curve448-32.h"\ -#elif GMP_NUMB_BITS == 64\ -#include "ecc/ecc-curve448-64.h"\ -#else\ -#error unsupported configuration\ -#endif -; d -}' $dst > $dst-t && mv $dst-t $dst - ;; - */ecc-gost-gc256b.c) - # The generated file is arch dependent, conditionalize the - # inclusion. - sed -e '/^#include "ecc-gost-gc256b\.h"/ { i\ -#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)\ -# pragma GCC diagnostic ignored "-Wunused-const-variable"\ -#endif\ -#if GMP_NUMB_BITS == 32\ -#include "ecc/ecc-gost-gc256b-32.h"\ -#elif GMP_NUMB_BITS == 64\ -#include "ecc/ecc-gost-gc256b-64.h"\ -#else\ -#error unsupported configuration\ -#endif -; d -}' \ - -e '/#include "ecc-internal.h"/ { i\ -#include "ecc-gost-curve.h" -; }' \ - $dst > $dst-t && mv $dst-t $dst - ;; - */ecc-gost-gc512a.c) - # The generated file is arch dependent, conditionalize the - # inclusion. - sed -e '/^#include "ecc-gost-gc512a\.h"/ { i\ -#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)\ -# pragma GCC diagnostic ignored "-Wunused-const-variable"\ -#endif\ -#if GMP_NUMB_BITS == 32\ -#include "ecc/ecc-gost-gc512a-32.h"\ -#elif GMP_NUMB_BITS == 64\ -#include "ecc/ecc-gost-gc512a-64.h"\ -#else\ -#error unsupported configuration\ -#endif -; d -}' \ - -e '/#include "ecc-internal.h"/ { i\ -#include "ecc-gost-curve.h" -; }' \ - $dst > $dst-t && mv $dst-t $dst - ;; - */eddsa-hash.c) - # Known to be unnecessary. - sed '/^#include "nettle-internal\.h"/d' $dst > $dst-t && mv $dst-t $dst - ;; - */ecc-add-eh*.c) - # Suppress whitespace errors in 'make syntax-check'. - sed 's/ * / /g' $dst > $dst-t && mv $dst-t $dst - ;; - */ecc-random.c ) - sed \ - -e '/^#include "nettle-internal\.h"/ { i\ -#include "nettle-alloca.h"\ -\ -void gnutls_ecc_scalar_random(struct ecc_scalar *, void *, nettle_random_func *); -; d -}' \ - -e 's/ecc_scalar_random/gnutls_ecc_scalar_random/' \ - -e 's/^ & (mpn_sub_n/ \& (int)(mpn_sub_n/' \ - $dst > $dst-t && mv $dst-t $dst - ;; - */gostdsa-sign.c) - sed \ - -e 's/"nettle-internal\.h"/"nettle-alloca.h"/' \ - $dst > $dst-t && mv $dst-t $dst - ;; - esac - else - echo "Error: $src not found" 1>&2 - exit 1 - fi -done diff --git a/devel/import-from-nettle.sh b/devel/import-from-nettle.sh index 9e370ad2dd..0a1e68df97 100755 --- a/devel/import-from-nettle.sh +++ b/devel/import-from-nettle.sh @@ -11,33 +11,6 @@ DST=$srcdir/lib/nettle/backport IMPORTS=" block-internal.h -cfb.c -cfb.h -cmac.c -cmac.h -cmac64.c -cmac64.h -cmac-aes128.c -cmac-aes256.c -chacha-core-internal.c -chacha-crypt.c -chacha-internal.h -chacha-poly1305.c -chacha-poly1305.h -chacha-set-key.c -chacha-set-nonce.c -chacha.h -poly1305-internal.c -poly1305-internal.h -poly1305.h -xts.c -xts.h -xts-aes128.c -xts-aes256.c -siv-cmac.c -siv-cmac.h -siv-cmac-aes128.c -siv-cmac-aes256.c " PUBLIC=" @@ -59,9 +32,6 @@ test -d $DST || mkdir $DST for f in $IMPORTS; do src=$SRC/$f dst=$DST/$f - if test "$f" = "cmac64.h"; then - src=$SRC/cmac.h - fi if test -f $src; then if test -f $dst; then echo "Replacing $dst (existing file backed up in $dst~)" @@ -105,13 +75,6 @@ for f in $IMPORTS; do ;; esac case $dst in - */cfb.c | */cmac.c | */cmac64.c | */xts.c | */siv-cmac.c) - sed \ - -e 's/"nettle-internal\.h"/"nettle-alloca.h"/' \ - $dst > $dst-t && mv $dst-t $dst - ;; - esac - case $dst in */*.[ch]) sed \ -e '/^#include <nettle\/nettle-types\.h>/a\ @@ -120,28 +83,6 @@ for f in $IMPORTS; do $dst > $dst-t && mv $dst-t $dst ;; esac - case $dst in - # Special file that can be included in parallel with nettle's cmac.h defininig 128-bit CMAC - */cmac64.h) - sed \ - -e 's/CMAC128/_FOO_CMAC128/g' \ - -e 's/cmac128/_foo_cmac128/g' \ - -e 's/cmac_aes/_foo_cmac_aes/g' \ - $dst > $dst-t && mv $dst-t $dst - ;; - */siv-cmac*.[ch]) - sed \ - -e '/^#include "cmac\.h"/ { i\ -#ifdef HAVE_NETTLE_CMAC128_UPDATE\ -#include <nettle/cmac.h>\ -#else\ -#include "cmac.h"\ -#endif -; d -}' \ - $dst > $dst-t && mv $dst-t $dst - ;; - esac else echo "Error: $src not found" 1>&2 exit 1 diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am index 3dddeec71e..a3aa22a64d 100644 --- a/lib/nettle/Makefile.am +++ b/lib/nettle/Makefile.am @@ -77,9 +77,8 @@ if ENABLE_GOST libcrypto_la_SOURCES += \ gost/nettle-write.h gost/write-le32.c \ gost/gost28147.c gost/gost28147.h gost/gost-wrap.c \ - gost/gosthash94.c gost/gosthash94.h gost/gosthash94-meta.c \ gost/streebog.c gost/streebog.h gost/streebog-meta.c \ - gost/hmac-gosthash94.c gost/hmac-streebog.c gost/hmac-gost.h + gost/hmac-streebog.c gost/hmac-gost.h libcrypto_la_SOURCES += \ gost/bignum-le.c gost/bignum-le.h @@ -95,119 +94,3 @@ libcrypto_la_SOURCES += \ gost/acpkm.c gost/acpkm.h \ gost/cmac.h gost/cmac-magma.c gost/cmac-kuznyechik.c endif - -if NEED_INT_ECC -ecc_generated_headers = \ - ecc/ecc-gost-gc256b-32.h ecc/ecc-gost-gc256b-64.h \ - ecc/ecc-gost-gc512a-32.h ecc/ecc-gost-gc512a-64.h \ - ecc/ecc-curve448-32.h ecc/ecc-curve448-64.h - -BUILT_SOURCES = $(ecc_generated_headers) -EXTRA_DIST = $(ecc_generated_headers) ecc/eccdata.stamp - -noinst_PROGRAMS = ecc/eccdata$(EXEEXT) - -ecc_eccdata_SOURCES = ecc/eccdata.c -ecc_eccdata_CFLAGS = $(GMP_CFLAGS) -ecc_eccdata_LDADD = $(GMP_LIBS) ../../gl/libgnu.la - -ecc/eccdata.stamp: $(ecc_eccdata_SOURCES) - $(AM_V_GEN)$(MAKE) $(AM_MAKEFLAGS) ecc/eccdata$(EXEEXT) && touch $@ - -ecc/ecc-curve448-32.h: ecc/eccdata.stamp - $(AM_V_GEN)ecc/eccdata$(EXEEXT) curve448 38 6 32 > $@T && mv $@T $@ - -ecc/ecc-curve448-64.h: ecc/eccdata.stamp - $(AM_V_GEN)ecc/eccdata$(EXEEXT) curve448 38 6 64 > $@T && mv $@T $@ - -ecc/ecc-gost-gc256b-32.h: ecc/eccdata.stamp - $(AM_V_GEN)ecc/eccdata$(EXEEXT) gost_gc256b 11 6 32 > $@T && mv $@T $@ - -ecc/ecc-gost-gc256b-64.h: ecc/eccdata.stamp - $(AM_V_GEN)ecc/eccdata$(EXEEXT) gost_gc256b 11 6 64 > $@T && mv $@T $@ - -ecc/ecc-gost-gc512a-32.h: ecc/eccdata.stamp - $(AM_V_GEN)ecc/eccdata$(EXEEXT) gost_gc512a 43 6 32 > $@T && mv $@T $@ - -ecc/ecc-gost-gc512a-64.h: ecc/eccdata.stamp - $(AM_V_GEN)ecc/eccdata$(EXEEXT) gost_gc512a 43 6 64 > $@T && mv $@T $@ - -libcrypto_la_SOURCES += \ - gost/ecc-gost-hash.c nettle-alloca.h ecc-gost-curve.h - -libcrypto_la_SOURCES += \ - ecc/write-le64.c \ - ecc/nettle-write.h ecc/gmp-glue.h ecc/gmp-glue.c - -libcrypto_la_SOURCES += \ - ecc/sha3.c ecc/sha3.h ecc/sha3-256.c \ - ecc/sha3-permute.c ecc/sha3-internal.h \ - ecc/shake256.c - -libcrypto_la_SOURCES += \ - ecc/ecc-internal.h \ - ecc/ecc-add-eh.c ecc/ecc-add-ehh.c ecc/ecc-dup-eh.c \ - ecc/ecc-eh-to-a.c ecc/ecc-mul-a-eh.c ecc/ecc-mul-g-eh.c \ - ecc/ecc-mul-m.c ecc/ecc-mod.c ecc/ecc-mod-arith.c \ - ecc/ecc-mod-inv.c \ - ecc/ecc-a-to-j.c \ - ecc/sec-tabselect.c ecc/cnd-copy.c ecc/sec-add-1.c \ - ecc/ecc-curve448.c $(ecc_genereated_headers) \ - ecc/curve448-eh-to-x.c ecc/curve448.h ecc/curve448-mul.c \ - ecc/curve448-mul-g.c - -libcrypto_la_SOURCES += \ - gost/gost-point.c gost/gost-point-mul-g.c gost/gostdsa-keygen.c \ - ecc/ecc-add-jja.c ecc/ecc-add-jjj.c ecc/ecc-dup-jj.c \ - ecc/ecc-mul-a.c ecc/ecc-mul-g.c \ - ecc/ecc-random.c \ - ecc/ecc-j-to-a.c \ - ecc/ecc-gost-gc256b.c ecc/ecc-gost-gc512a.c \ - ecc/ecc-gostdsa-sign.c ecc/ecc-gostdsa-verify.c \ - ecc/gostdsa.h ecc/gostdsa-sign.c ecc/gostdsa-verify.c ecc/gostdsa-vko.c - -libcrypto_la_SOURCES += \ - ecc/eddsa.h ecc/eddsa-compress.c ecc/eddsa-decompress.c \ - ecc/eddsa-expand.c ecc/eddsa-hash.c ecc/eddsa-internal.h \ - ecc/eddsa-pubkey.c ecc/eddsa-sign.c ecc/eddsa-verify.c \ - ecc/ed448-shake256.c ecc/ed448-shake256-pubkey.c \ - ecc/ed448-shake256-sign.c ecc/ed448-shake256-verify.c -endif - -if NEED_CFB -libcrypto_la_SOURCES += \ - backport/cfb.c backport/cfb.h -endif - -if NEED_CMAC -libcrypto_la_SOURCES += \ - backport/cmac.c backport/cmac.h \ - backport/cmac-aes128.c backport/cmac-aes256.c -endif - -if NEED_CMAC64 -libcrypto_la_SOURCES += \ - backport/cmac64.c backport/cmac.h backport/cmac64.h -endif - -if NEED_XTS -libcrypto_la_SOURCES += \ - backport/xts.c backport/xts.h \ - backport/xts-aes128.c backport/xts-aes256.c -endif - -if NEED_CHACHA -libcrypto_la_SOURCES += \ - backport/chacha-core-internal.c backport/chacha-crypt.c \ - backport/chacha-internal.h backport/chacha-poly1305.c \ - backport/chacha-poly1305.h backport/chacha-set-key.c \ - backport/chacha-set-nonce.c backport/chacha.h \ - backport/poly1305.h backport/poly1305-internal.c \ - backport/poly1305-internal.h -endif - -if NEED_SIV -libcrypto_la_SOURCES += \ - backport/siv-cmac-aes128.c backport/siv-cmac-aes256.c \ - backport/siv-cmac.c backport/siv-cmac.h -endif diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index a82386b100..ab4c46d2d0 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -57,28 +57,11 @@ #include <nettle/cbc.h> #include <nettle/gcm.h> #include <nettle/ccm.h> -#ifdef HAVE_NETTLE_CHACHA_SET_COUNTER #include <nettle/chacha.h> #include <nettle/chacha-poly1305.h> -#else -#include "chacha.h" -#include "chacha-poly1305.h" -#endif -#ifdef HAVE_NETTLE_CFB8_ENCRYPT #include <nettle/cfb.h> -#else -#include "cfb.h" -#endif /* HAVE_NETTLE_CFB8_ENCRYPT */ -#ifdef HAVE_NETTLE_XTS_ENCRYPT_MESSAGE #include <nettle/xts.h> -#else -#include "xts.h" -#endif -#ifdef HAVE_NETTLE_SIV_CMAC_AES128_SET_KEY #include <nettle/siv-cmac.h> -#else -#include "siv-cmac.h" -#endif #include <fips.h> struct nettle_cipher_ctx; diff --git a/lib/nettle/gost/cmac-kuznyechik.c b/lib/nettle/gost/cmac-kuznyechik.c index 1a1abe7e87..0fd4af1017 100644 --- a/lib/nettle/gost/cmac-kuznyechik.c +++ b/lib/nettle/gost/cmac-kuznyechik.c @@ -28,11 +28,7 @@ #ifndef HAVE_NETTLE_CMAC_KUZNYECHIK_UPDATE -#ifdef HAVE_NETTLE_CMAC128_UPDATE #include <nettle/cmac.h> -#else -#include "backport/cmac.h" -#endif #include "gost/cmac.h" diff --git a/lib/nettle/gost/cmac-magma.c b/lib/nettle/gost/cmac-magma.c index f63458f781..9191967c0e 100644 --- a/lib/nettle/gost/cmac-magma.c +++ b/lib/nettle/gost/cmac-magma.c @@ -28,11 +28,7 @@ #ifndef HAVE_NETTLE_CMAC_MAGMA_UPDATE -#ifdef HAVE_NETTLE_CMAC64_UPDATE #include <nettle/cmac.h> -#else -#include "backport/cmac.h" -#endif #include "magma.h" #include "cmac.h" diff --git a/lib/nettle/gost/gostdsa-mask.c b/lib/nettle/gost/gostdsa-mask.c index 552e5fb9e6..8344e9d6fb 100644 --- a/lib/nettle/gost/gostdsa-mask.c +++ b/lib/nettle/gost/gostdsa-mask.c @@ -37,8 +37,15 @@ #include <stdlib.h> +#include <nettle/ecc-curve.h> #include "gostdsa2.h" -#include "ecc/ecc-internal.h" + +#define GOST_GC256B_Q "ffffffffffffffffffffffffffffffff" \ + "6c611070995ad10045841b09b761b893" +#define GOST_GC512A_Q "ffffffffffffffffffffffffffffffff" \ + "ffffffffffffffffffffffffffffffff" \ + "27e69532f48d89116ff22b8d4e056060" \ + "9b4b38abfad2b85dcacdb1411f10b275" /* Key comes in form .... M_2 M_1 K_0, unmask is K_i = K_i-1 * M_i mod Q */ @@ -56,7 +63,14 @@ gostdsa_unmask_key (const struct ecc_curve *ecc, mpz_init (unmasked); mpz_init (temp); mpz_init (temp2); - mpz_roinit_n (q, ecc->q.m, ecc->q.size); + + if (ecc == nettle_get_gost_gc256b ()) + mpz_init_set_str (q, GOST_GC256B_Q, 16); + else if (ecc == nettle_get_gost_gc512a ()) + mpz_init_set_str (q, GOST_GC512A_Q, 16); + else + abort (); + mpz_tdiv_r_2exp (unmasked, key, bits); mpz_tdiv_q_2exp (key, key, bits); keybits -= bits; diff --git a/lib/nettle/gost/gosthash94-meta.c b/lib/nettle/gost/gosthash94-meta.c deleted file mode 100644 index 9cdbe8d566..0000000000 --- a/lib/nettle/gost/gosthash94-meta.c +++ /dev/null @@ -1,47 +0,0 @@ -/* gosthash94-meta.c - - Copyright (C) 2012 Nikos Mavrogiannopoulos, Niels Möller - - This file is part of GNU Nettle. - - GNU Nettle is free software: you can redistribute it and/or - modify it under the terms of either: - - * the GNU Lesser General Public License as published by the Free - Software Foundation; either version 3 of the License, or (at your - option) any later version. - - or - - * the GNU General Public License as published by the Free - Software Foundation; either version 2 of the License, or (at your - option) any later version. - - or both in parallel, as here. - - GNU Nettle is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received copies of the GNU General Public License and - the GNU Lesser General Public License along with this program. If - not, see https://www.gnu.org/licenses/. -*/ - -#if HAVE_CONFIG_H -# include "config.h" -#endif - -#ifndef HAVE_NETTLE_GOSTHASH94CP_UPDATE - -#include <gnutls_int.h> - -#include <nettle/nettle-meta.h> - -#include "gosthash94.h" - -const struct nettle_hash nettle_gosthash94cp -= _NETTLE_HASH(gosthash94cp, GOSTHASH94CP); - -#endif diff --git a/lib/nettle/gost/gosthash94.c b/lib/nettle/gost/gosthash94.c deleted file mode 100644 index ae96cd6a80..0000000000 --- a/lib/nettle/gost/gosthash94.c +++ /dev/null @@ -1,376 +0,0 @@ -/* gosthash94.c - an implementation of GOST Hash Function - * - * based on the Russian Standard GOST R 34.11-94. - * English description in RFC 5831. - * See also RFC 4357. - * - * Copyright: 2009-2012 Aleksey Kravchenko <rhash.admin@gmail.com> - * - * Permission is hereby granted, free of charge, to any person obtaining a - * copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be included - * in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS - * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. - * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY - * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, - * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -/* - * Ported to nettle by Nikos Mavrogiannopoulos. - */ - -#if HAVE_CONFIG_H -#include "config.h" -#endif - -#ifndef HAVE_NETTLE_GOSTHASH94CP_UPDATE -#include <gnutls_int.h> - -#include <string.h> - -#include <nettle/macros.h> -#include "nettle-write.h" -#include "gosthash94.h" -#include "gost28147.h" - -/** - * The core transformation. Process a 512-bit block. - * - * @param hash intermediate message hash - * @param block the message block to process - */ -static void -gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block, - const uint32_t *sbox) -{ - unsigned i; - uint32_t key[8], u[8], v[8], w[8], s[8]; - - /* u := hash, v := <256-bit message block> */ - memcpy (u, ctx->hash, sizeof (u)); - memcpy (v, block, sizeof (v)); - - /* w := u xor v */ - w[0] = u[0] ^ v[0], w[1] = u[1] ^ v[1]; - w[2] = u[2] ^ v[2], w[3] = u[3] ^ v[3]; - w[4] = u[4] ^ v[4], w[5] = u[5] ^ v[5]; - w[6] = u[6] ^ v[6], w[7] = u[7] ^ v[7]; - - /* calculate keys, encrypt hash and store result to the s[] array */ - for (i = 0;; i += 2) - { - /* key generation: key_i := P(w) */ - key[0] = - (w[0] & 0x000000ff) | ((w[2] & 0x000000ff) << 8) | - ((w[4] & 0x000000ff) << 16) | ((w[6] & 0x000000ff) << 24); - key[1] = - ((w[0] & 0x0000ff00) >> 8) | (w[2] & 0x0000ff00) | - ((w[4] & 0x0000ff00) << 8) | ((w[6] & 0x0000ff00) << 16); - key[2] = - ((w[0] & 0x00ff0000) >> 16) | ((w[2] & 0x00ff0000) >> 8) | - (w[4] & 0x00ff0000) | ((w[6] & 0x00ff0000) << 8); - key[3] = - ((w[0] & 0xff000000) >> 24) | ((w[2] & 0xff000000) >> 16) | - ((w[4] & 0xff000000) >> 8) | (w[6] & 0xff000000); - key[4] = - (w[1] & 0x000000ff) | ((w[3] & 0x000000ff) << 8) | - ((w[5] & 0x000000ff) << 16) | ((w[7] & 0x000000ff) << 24); - key[5] = - ((w[1] & 0x0000ff00) >> 8) | (w[3] & 0x0000ff00) | - ((w[5] & 0x0000ff00) << 8) | ((w[7] & 0x0000ff00) << 16); - key[6] = - ((w[1] & 0x00ff0000) >> 16) | ((w[3] & 0x00ff0000) >> 8) | - (w[5] & 0x00ff0000) | ((w[7] & 0x00ff0000) << 8); - key[7] = - ((w[1] & 0xff000000) >> 24) | ((w[3] & 0xff000000) >> 16) | - ((w[5] & 0xff000000) >> 8) | (w[7] & 0xff000000); - - /* encryption: s_i := E_{key_i} (h_i) */ - gost28147_encrypt_simple (key, sbox, &ctx->hash[i], &s[i]); - - if (i == 0) - { - /* w:= A(u) ^ A^2(v) */ - w[0] = u[2] ^ v[4], w[1] = u[3] ^ v[5]; - w[2] = u[4] ^ v[6], w[3] = u[5] ^ v[7]; - w[4] = u[6] ^ (v[0] ^= v[2]); - w[5] = u[7] ^ (v[1] ^= v[3]); - w[6] = (u[0] ^= u[2]) ^ (v[2] ^= v[4]); - w[7] = (u[1] ^= u[3]) ^ (v[3] ^= v[5]); - } - else if ((i & 2) != 0) - { - if (i == 6) - break; - - /* w := A^2(u) xor A^4(v) xor C_3; u := A(u) xor C_3 */ - /* C_3=0xff00ffff000000ffff0000ff00ffff0000ff00ff00ff00ffff00ff00ff00ff00 */ - u[2] ^= u[4] ^ 0x000000ff; - u[3] ^= u[5] ^ 0xff00ffff; - u[4] ^= 0xff00ff00; - u[5] ^= 0xff00ff00; - u[6] ^= 0x00ff00ff; - u[7] ^= 0x00ff00ff; - u[0] ^= 0x00ffff00; - u[1] ^= 0xff0000ff; - - w[0] = u[4] ^ v[0]; - w[2] = u[6] ^ v[2]; - w[4] = u[0] ^ (v[4] ^= v[6]); - w[6] = u[2] ^ (v[6] ^= v[0]); - w[1] = u[5] ^ v[1]; - w[3] = u[7] ^ v[3]; - w[5] = u[1] ^ (v[5] ^= v[7]); - w[7] = u[3] ^ (v[7] ^= v[1]); - } - else - { - /* i==4 here */ - /* w:= A( A^2(u) xor C_3 ) xor A^6(v) */ - w[0] = u[6] ^ v[4], w[1] = u[7] ^ v[5]; - w[2] = u[0] ^ v[6], w[3] = u[1] ^ v[7]; - w[4] = u[2] ^ (v[0] ^= v[2]); - w[5] = u[3] ^ (v[1] ^= v[3]); - w[6] = (u[4] ^= u[6]) ^ (v[2] ^= v[4]); - w[7] = (u[5] ^= u[7]) ^ (v[3] ^= v[5]); - } - } - - /* step hash function: x(block, hash) := psi^61(hash xor psi(block xor psi^12(S))) */ - - /* 12 rounds of the LFSR and xor in <message block> */ - u[0] = block[0] ^ s[6]; - u[1] = block[1] ^ s[7]; - u[2] = - block[2] ^ (s[0] << 16) ^ (s[0] >> 16) ^ (s[0] & 0xffff) ^ (s[1] & - 0xffff) - ^ (s[1] >> 16) ^ (s[2] << 16) ^ s[6] ^ (s[6] << 16) ^ (s[7] & - 0xffff0000) - ^ (s[7] >> 16); - u[3] = - block[3] ^ (s[0] & 0xffff) ^ (s[0] << 16) ^ (s[1] & 0xffff) ^ (s[1] - << - 16) - ^ (s[1] >> 16) ^ (s[2] << 16) ^ (s[2] >> 16) ^ (s[3] << 16) ^ s[6] - ^ (s[6] << 16) ^ (s[6] >> 16) ^ (s[7] & 0xffff) ^ (s[7] << 16) ^ - (s[7] >> 16); - u[4] = - block[4] ^ (s[0] & 0xffff0000) ^ (s[0] << 16) ^ (s[0] >> 16) ^ - (s[1] & 0xffff0000) ^ (s[1] >> 16) ^ (s[2] << 16) ^ (s[2] >> 16) ^ - (s[3] << 16) ^ (s[3] >> 16) ^ (s[4] << 16) ^ (s[6] << 16) ^ (s[6] - >> 16) - ^ (s[7] & 0xffff) ^ (s[7] << 16) ^ (s[7] >> 16); - u[5] = - block[5] ^ (s[0] << 16) ^ (s[0] >> 16) ^ (s[0] & 0xffff0000) ^ - (s[1] & 0xffff) ^ s[2] ^ (s[2] >> 16) ^ (s[3] << 16) ^ (s[3] >> 16) - ^ (s[4] << 16) ^ (s[4] >> 16) ^ (s[5] << 16) ^ (s[6] << 16) ^ (s[6] - >> - 16) - ^ (s[7] & 0xffff0000) ^ (s[7] << 16) ^ (s[7] >> 16); - u[6] = - block[6] ^ s[0] ^ (s[1] >> 16) ^ (s[2] << 16) ^ s[3] ^ (s[3] >> 16) - ^ (s[4] << 16) ^ (s[4] >> 16) ^ (s[5] << 16) ^ (s[5] >> 16) ^ s[6] - ^ (s[6] << 16) ^ (s[6] >> 16) ^ (s[7] << 16); - u[7] = - block[7] ^ (s[0] & 0xffff0000) ^ (s[0] << 16) ^ (s[1] & 0xffff) ^ - (s[1] << 16) ^ (s[2] >> 16) ^ (s[3] << 16) ^ s[4] ^ (s[4] >> 16) ^ - (s[5] << 16) ^ (s[5] >> 16) ^ (s[6] >> 16) ^ (s[7] & 0xffff) ^ - (s[7] << 16) ^ (s[7] >> 16); - - /* 1 round of the LFSR (a mixing transformation) and xor with <hash> */ - v[0] = ctx->hash[0] ^ (u[1] << 16) ^ (u[0] >> 16); - v[1] = ctx->hash[1] ^ (u[2] << 16) ^ (u[1] >> 16); - v[2] = ctx->hash[2] ^ (u[3] << 16) ^ (u[2] >> 16); - v[3] = ctx->hash[3] ^ (u[4] << 16) ^ (u[3] >> 16); - v[4] = ctx->hash[4] ^ (u[5] << 16) ^ (u[4] >> 16); - v[5] = ctx->hash[5] ^ (u[6] << 16) ^ (u[5] >> 16); - v[6] = ctx->hash[6] ^ (u[7] << 16) ^ (u[6] >> 16); - v[7] = - ctx-> - hash[7] ^ (u[0] & 0xffff0000) ^ (u[0] << 16) ^ (u[1] & 0xffff0000) - ^ (u[1] << 16) ^ (u[6] << 16) ^ (u[7] & 0xffff0000) ^ (u[7] >> 16); - - /* 61 rounds of LFSR, mixing up hash */ - ctx->hash[0] = (v[0] & 0xffff0000) ^ (v[0] << 16) ^ (v[0] >> 16) ^ - (v[1] >> 16) ^ (v[1] & 0xffff0000) ^ (v[2] << 16) ^ - (v[3] >> 16) ^ (v[4] << 16) ^ (v[5] >> 16) ^ v[5] ^ - (v[6] >> 16) ^ (v[7] << 16) ^ (v[7] >> 16) ^ (v[7] & 0xffff); - ctx->hash[1] = (v[0] << 16) ^ (v[0] >> 16) ^ (v[0] & 0xffff0000) ^ - (v[1] & 0xffff) ^ v[2] ^ (v[2] >> 16) ^ (v[3] << 16) ^ - (v[4] >> 16) ^ (v[5] << 16) ^ (v[6] << 16) ^ v[6] ^ - (v[7] & 0xffff0000) ^ (v[7] >> 16); - ctx->hash[2] = (v[0] & 0xffff) ^ (v[0] << 16) ^ (v[1] << 16) ^ - (v[1] >> 16) ^ (v[1] & 0xffff0000) ^ (v[2] << 16) ^ (v[3] >> 16) ^ - v[3] ^ (v[4] << 16) ^ (v[5] >> 16) ^ v[6] ^ (v[6] >> 16) ^ - (v[7] & 0xffff) ^ (v[7] << 16) ^ (v[7] >> 16); - ctx->hash[3] = (v[0] << 16) ^ (v[0] >> 16) ^ (v[0] & 0xffff0000) ^ - (v[1] & 0xffff0000) ^ (v[1] >> 16) ^ (v[2] << 16) ^ - (v[2] >> 16) ^ v[2] ^ (v[3] << 16) ^ (v[4] >> 16) ^ v[4] ^ - (v[5] << 16) ^ (v[6] << 16) ^ (v[7] & 0xffff) ^ (v[7] >> 16); - ctx->hash[4] = - (v[0] >> 16) ^ (v[1] << 16) ^ v[1] ^ (v[2] >> 16) ^ v[2] ^ (v[3] << - 16) ^ - (v[3] >> 16) ^ v[3] ^ (v[4] << 16) ^ (v[5] >> 16) ^ v[5] ^ (v[6] << - 16) ^ - (v[6] >> 16) ^ (v[7] << 16); - ctx->hash[5] = - (v[0] << 16) ^ (v[0] & 0xffff0000) ^ (v[1] << 16) ^ (v[1] >> 16) ^ - (v[1] & 0xffff0000) ^ (v[2] << 16) ^ v[2] ^ (v[3] >> 16) ^ v[3] ^ - (v[4] << 16) ^ (v[4] >> 16) ^ v[4] ^ (v[5] << 16) ^ (v[6] << 16) ^ - (v[6] >> 16) ^ v[6] ^ (v[7] << 16) ^ (v[7] >> 16) ^ (v[7] & - 0xffff0000); - ctx->hash[6] = - v[0] ^ v[2] ^ (v[2] >> 16) ^ v[3] ^ (v[3] << 16) ^ v[4] ^ (v[4] >> - 16) ^ - (v[5] << 16) ^ (v[5] >> 16) ^ v[5] ^ (v[6] << 16) ^ (v[6] >> 16) ^ - v[6] ^ (v[7] << 16) ^ v[7]; - ctx->hash[7] = - v[0] ^ (v[0] >> 16) ^ (v[1] << 16) ^ (v[1] >> 16) ^ (v[2] << 16) ^ - (v[3] >> 16) ^ v[3] ^ (v[4] << 16) ^ v[4] ^ (v[5] >> 16) ^ v[5] ^ - (v[6] << 16) ^ (v[6] >> 16) ^ (v[7] << 16) ^ v[7]; -} - -/** - * This function calculates hash value by 256-bit blocks. - * It updates 256-bit check sum as follows: - * *(uint256_t)(ctx->sum) += *(uint256_t*)block; - * and then updates intermediate hash value ctx->hash - * by calling gost_block_compress(). - * - * @param ctx algorithm context - * @param block the 256-bit message block to process - */ -static void -gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block, - const uint32_t *sbox) -{ - uint32_t block_le[8]; - unsigned i, carry; - - /* compute the 256-bit sum */ - for (i = carry = 0; i < 8; i++, block += 4) - { - block_le[i] = LE_READ_UINT32(block); - ctx->sum[i] += carry; - carry = (ctx->sum[i] < carry); - ctx->sum[i] += block_le[i]; - carry += (ctx->sum[i] < block_le[i]); - } - - /* update message hash */ - gost_block_compress (ctx, block_le, sbox); -} - -/** - * Calculate message hash. - * Can be called repeatedly with chunks of the message to be hashed. - * - * @param ctx the algorithm context containing current hashing state - * @param msg message chunk - * @param size length of the message chunk - */ -static void -gosthash94_update_int (struct gosthash94_ctx *ctx, - size_t length, const uint8_t *msg, - const uint32_t *sbox) -{ - unsigned index = (unsigned) ctx->length & 31; - ctx->length += length; - - /* fill partial block */ - if (index) - { - unsigned left = GOSTHASH94_BLOCK_SIZE - index; - memcpy (ctx->message + index, msg, (length < left ? length : left)); - if (length < left) - return; - - /* process partial block */ - gost_compute_sum_and_hash (ctx, ctx->message, sbox); - msg += left; - length -= left; - } - while (length >= GOSTHASH94_BLOCK_SIZE) - { - gost_compute_sum_and_hash (ctx, msg, sbox); - msg += GOSTHASH94_BLOCK_SIZE; - length -= GOSTHASH94_BLOCK_SIZE; - } - if (length) - { - /* save leftovers */ - memcpy (ctx->message, msg, length); - } -} - -/** - * Calculate message hash. - * Can be called repeatedly with chunks of the message to be hashed. - * - * @param ctx the algorithm context containing current hashing state - * @param msg message chunk - * @param size length of the message chunk - */ -void -gosthash94cp_update (struct gosthash94_ctx *ctx, - size_t length, const uint8_t *msg) -{ - gosthash94_update_int (ctx, length, msg, - gost28147_param_CryptoPro_3411.sbox); -} - -/** - * Finish hashing and store message digest into given array. - * - * @param ctx the algorithm context containing current hashing state - * @param result calculated hash in binary form - */ -static void -gosthash94_write_digest (struct gosthash94_ctx *ctx, - size_t length, uint8_t *result, - const uint32_t *sbox) -{ - unsigned index = ctx->length & 31; - uint32_t msg32[8]; - - assert(length <= GOSTHASH94_DIGEST_SIZE); - - /* pad the last block with zeroes and hash it */ - if (index > 0) - { - memset (ctx->message + index, 0, 32 - index); - gost_compute_sum_and_hash (ctx, ctx->message, sbox); - } - - /* hash the message length and the sum */ - msg32[0] = ctx->length << 3; - msg32[1] = ctx->length >> 29; - memset (msg32 + 2, 0, sizeof (uint32_t) * 6); - - gost_block_compress (ctx, msg32, sbox); - gost_block_compress (ctx, ctx->sum, sbox); - - /* convert hash state to result bytes */ - _nettle_write_le32(length, result, ctx->hash); - gosthash94_init (ctx); -} - -void -gosthash94cp_digest (struct gosthash94_ctx *ctx, - size_t length, uint8_t *result) -{ - gosthash94_write_digest (ctx, length, result, - gost28147_param_CryptoPro_3411.sbox); -} -#endif diff --git a/lib/nettle/gost/gosthash94.h b/lib/nettle/gost/gosthash94.h deleted file mode 100644 index c37701d620..0000000000 --- a/lib/nettle/gost/gosthash94.h +++ /dev/null @@ -1,101 +0,0 @@ -/* gosthash94.h - - The GOST R 34.11-94 hash function, described in RFC 5831. - - Copyright (C) 2012 Nikos Mavrogiannopoulos, Niels Möller - - This file is part of GNU Nettle. - - GNU Nettle is free software: you can redistribute it and/or - modify it under the terms of either: - - * the GNU Lesser General Public License as published by the Free - Software Foundation; either version 3 of the License, or (at your - option) any later version. - - or - - * the GNU General Public License as published by the Free - Software Foundation; either version 2 of the License, or (at your - option) any later version. - - or both in parallel, as here. - - GNU Nettle is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received copies of the GNU General Public License and - the GNU Lesser General Public License along with this program. If - not, see https://www.gnu.org/licenses/. -*/ - -/* Based on rhash gost.h. */ - -/* Copyright: 2009-2012 Aleksey Kravchenko <rhash.admin@gmail.com> - * - * Permission is hereby granted, free of charge, to any person obtaining a - * copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be included - * in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS - * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. - * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY - * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, - * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - */ - -/* - * Ported to nettle by Nikos Mavrogiannopoulos. - */ - -#ifndef GNUTLS_LIB_NETTLE_GOST_GOSTHASH94_H -#define GNUTLS_LIB_NETTLE_GOST_GOSTHASH94_H - -#include "config.h" - -#ifndef HAVE_NETTLE_GOSTHASH94CP_UPDATE - -#include <nettle/nettle-types.h> - -#ifdef __cplusplus -extern "C" { -#endif - -#include <nettle/gosthash94.h> -#include <nettle/nettle-meta.h> - -#define gosthash94cp_update _gnutls_gosthash94cp_update -#define gosthash94cp_digest _gnutls_gosthash94cp_digest - -#define GOSTHASH94CP_BLOCK_SIZE GOSTHASH94_BLOCK_SIZE -#define GOSTHASH94CP_DIGEST_SIZE GOSTHASH94_DIGEST_SIZE - -#define gosthash94cp_ctx gosthash94_ctx - -#define gosthash94cp_init gosthash94_init -void gosthash94cp_update(struct gosthash94_ctx *ctx, - size_t length, const uint8_t *msg); -void gosthash94cp_digest(struct gosthash94_ctx *ctx, - size_t length, uint8_t *result); - -#define nettle_gosthash94cp _gnutls_gosthash94cp -extern const struct nettle_hash _gnutls_gosthash94cp; - -#ifdef __cplusplus -} -#endif - -#endif - -#endif /* GNUTLS_LIB_NETTLE_GOST_GOSTHASH94_H */ diff --git a/lib/nettle/gost/hmac-gost.h b/lib/nettle/gost/hmac-gost.h index 7b697183ec..c8212ab54e 100644 --- a/lib/nettle/gost/hmac-gost.h +++ b/lib/nettle/gost/hmac-gost.h @@ -38,9 +38,6 @@ #include <nettle/hmac.h> -#ifndef HAVE_NETTLE_GOSTHASH94CP_UPDATE -#include "gosthash94.h" -#endif #ifndef HAVE_NETTLE_STREEBOG512_UPDATE #include "streebog.h" #endif @@ -50,11 +47,6 @@ extern "C" { #endif /* Namespace mangling */ -#ifndef HAVE_NETTLE_GOSTHASH94CP_UPDATE -#define hmac_gosthash94cp_set_key _gnutls_hmac_gosthash94cp_set_key -#define hmac_gosthash94cp_update _gnutls_hmac_gosthash94cp_update -#define hmac_gosthash94cp_digest _gnutls_hmac_gosthash94cp_digest -#endif #ifndef HAVE_NETTLE_STREEBOG512_UPDATE #define hmac_streebog256_set_key _gnutls_hmac_streebog256_set_key #define hmac_streebog256_digest _gnutls_hmac_streebog256_digest @@ -63,24 +55,6 @@ extern "C" { #define hmac_streebog512_digest _gnutls_hmac_streebog512_digest #endif -/* hmac-gosthash94 */ -#ifndef HAVE_NETTLE_GOSTHASH94CP_UPDATE -struct hmac_gosthash94cp_ctx HMAC_CTX(struct gosthash94cp_ctx); - -void -hmac_gosthash94cp_set_key(struct hmac_gosthash94cp_ctx *ctx, - size_t key_length, const uint8_t *key); - -void -hmac_gosthash94cp_update(struct hmac_gosthash94cp_ctx *ctx, - size_t length, const uint8_t *data); - -void -hmac_gosthash94cp_digest(struct hmac_gosthash94cp_ctx *ctx, - size_t length, uint8_t *digest); -#endif - - /* hmac-streebog */ #ifndef HAVE_NETTLE_STREEBOG512_UPDATE struct hmac_streebog512_ctx HMAC_CTX(struct streebog512_ctx); diff --git a/lib/nettle/gost/hmac-gosthash94.c b/lib/nettle/gost/hmac-gosthash94.c deleted file mode 100644 index 1fca292ba7..0000000000 --- a/lib/nettle/gost/hmac-gosthash94.c +++ /dev/null @@ -1,65 +0,0 @@ -/* hmac-gosthash94.c - - HMAC-GOSTHASH94 message authentication code. - - Copyright (C) 2016 Dmitry Eremin-Solenikov - - This file is part of GNU Nettle. - - GNU Nettle is free software: you can redistribute it and/or - modify it under the terms of either: - - * the GNU Lesser General Public License as published by the Free - Software Foundation; either version 3 of the License, or (at your - option) any later version. - - or - - * the GNU General Public License as published by the Free - Software Foundation; either version 2 of the License, or (at your - option) any later version. - - or both in parallel, as here. - - GNU Nettle is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received copies of the GNU General Public License and - the GNU Lesser General Public License along with this program. If - not, see https://www.gnu.org/licenses/. -*/ - -#if HAVE_CONFIG_H -# include <config.h> -#endif - -#ifndef HAVE_NETTLE_GOSTHASH94CP_UPDATE - -#include <gnutls_int.h> - -#include <nettle/hmac.h> -#include "hmac-gost.h" -#include "gosthash94.h" - -void -hmac_gosthash94cp_set_key(struct hmac_gosthash94cp_ctx *ctx, - size_t key_length, const uint8_t *key) -{ - HMAC_SET_KEY(ctx, &nettle_gosthash94cp, key_length, key); -} - -void -hmac_gosthash94cp_update(struct hmac_gosthash94cp_ctx *ctx, - size_t length, const uint8_t *data) -{ - gosthash94cp_update(&ctx->state, length, data); -} -void -hmac_gosthash94cp_digest(struct hmac_gosthash94cp_ctx *ctx, - size_t length, uint8_t *digest) -{ - HMAC_DIGEST(ctx, &nettle_gosthash94cp, length, digest); -} -#endif diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c index 07a218ea48..1b20a0cf82 100644 --- a/lib/nettle/mac.c +++ b/lib/nettle/mac.c @@ -34,25 +34,11 @@ #include <nettle/umac.h> #include <nettle/hkdf.h> #include <nettle/pbkdf2.h> -#ifdef HAVE_NETTLE_CMAC128_UPDATE #include <nettle/cmac.h> -#ifndef HAVE_NETTLE_CMAC64_UPDATE -#include "cmac64.h" -#endif /* HAVE_NETTLE_CMAC64_UPDATE */ -#else -#include "cmac.h" -#endif /* HAVE_NETTLE_CMAC128_UPDATE */ #if ENABLE_GOST #include "gost/hmac-gost.h" -#ifndef HAVE_NETTLE_GOSTHASH94CP_UPDATE -#include "gost/gosthash94.h" -#endif -#ifndef HAVE_NETTLE_STREEBOG512_UPDATE -#include "gost/streebog.h" -#endif #ifndef HAVE_NETTLE_GOST28147_SET_KEY #include "gost/gost28147.h" -#include "gost/cmac.h" #endif #include "gost/cmac.h" #endif diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 0c91aac493..e6fff8d886 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -48,12 +48,7 @@ #include <nettle/ecdsa.h> #include <nettle/ecc-curve.h> #include <nettle/curve25519.h> -#if !NEED_INT_ECC #include <nettle/curve448.h> -#else -#include "ecc/curve448.h" -#include "ecc/eddsa.h" -#endif #include <nettle/eddsa.h> #include <nettle/version.h> #if ENABLE_GOST diff --git a/m4/hooks.m4 b/m4/hooks.m4 index 1f83d35f68..c56c601fde 100644 --- a/m4/hooks.m4 +++ b/m4/hooks.m4 @@ -68,7 +68,7 @@ AC_DEFUN([LIBGNUTLS_HOOKS], DLL_SSL_VERSION=`expr ${LT_SSL_CURRENT} - ${LT_SSL_AGE}` AC_SUBST(DLL_SSL_VERSION) -NETTLE_MINIMUM=3.4.1 +NETTLE_MINIMUM=3.6 PKG_CHECK_MODULES(NETTLE, [nettle >= $NETTLE_MINIMUM], [cryptolib="nettle"], [ AC_MSG_ERROR([[ *** |