diff options
| author | NIIBE Yutaka <gniibe@fsij.org> | 2021-10-07 13:53:08 +0900 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2021-10-07 14:12:32 +0900 |
| commit | 082ea0efa9b129e8ca7703eeb6b1c9325caeedfd (patch) | |
| tree | 36048dad546f4bd32915759de4bfe68ac4aa00aa /src/gcrypt.h.in | |
| parent | 16a9eaad5d1add3a95b1da6e037b074f18b094c7 (diff) | |
| download | libgcrypt-082ea0efa9b129e8ca7703eeb6b1c9325caeedfd.tar.gz | |
cipher: Add sign+hash, verify+hash, and random-override API.
* cipher/pubkey.c (_gcry_pk_sign_md, _gcry_pk_verify_md): New.
(_gcry_pk_random_override_new): New.
(_gcry_pk_get_random_override): New.
* src/gcrypt-int.h: Add those routines.
* src/context.h (CONTEXT_TYPE_RANDOM_OVERRIDE): New.
* src/context.c (_gcry_ctx_alloc, _gcry_ctx_release): Handle
CONTEXT_TYPE_RANDOM_OVERRIDE.
* src/gcrypt.h.in (gcry_error_t gcry_pk_hash_sign): New.
(gcry_error_t gcry_pk_hash_verify): New.
(gcry_pk_random_override_new): New.
* src/libgcrypt.def, src/libgcrypt.vers: Update.
* src/visibility.c (gcry_pk_hash_sign, gcry_pk_hash_verify): New.
(gcry_pk_random_override_new): New.
* src/visibility.h: Add those routines.
--
GnuPG-bug-id: 4894
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'src/gcrypt.h.in')
| -rw-r--r-- | src/gcrypt.h.in | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 70953e70..403c8fe1 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -1832,6 +1832,32 @@ int gcry_is_secure (const void *a) _GCRY_GCC_ATTR_PURE; /* Return true if Libgcrypt is in FIPS mode. */ #define gcry_fips_mode_active() !!gcry_control (GCRYCTL_FIPS_MODE_P, 0) +/* Variant of gcry_pk_sign which takes as additional parameter a HD + * handle for hash and an optional context. The hash algorithm used by the + * handle needs to be enabled and input needs to be supplied beforehand. + * DATA-TMPL specifies a template to compose an S-expression to be signed. + * A template should include '(hash %s %b)' or '(hash ALGONAME %b)'. + * For the former case, '%s' is substituted by the string of algorithm + * of gcry_md_get_algo (HD) and when gcry_md_read is called, ALGO=0 is + * used internally. For the latter case, hash algorithm by ALGONAME + * is used when gcry_md_read is called internally. + * The hash handle must not yet been finalized; the function + * takes a copy of the state and does a finalize on the copy. This + * function shall be used if a policy requires that hashing and signing + * is done by the same function. CTX is currently not used and should + * be passed as NULL. */ +gcry_error_t gcry_pk_hash_sign (gcry_sexp_t *result, + const char *data_tmpl, gcry_sexp_t skey, + gcry_md_hd_t hd, gcry_ctx_t ctx); + +/* Variant of gcry_pk_verify which takes as additional parameter a HD + * handle for hash and an optional context. Similar to gcry_pk_hash_sign. */ +gcry_error_t gcry_pk_hash_verify (gcry_sexp_t sigval, + const char *data_tmpl, gcry_sexp_t pkey, + gcry_md_hd_t hd, gcry_ctx_t ctx); + +gcry_error_t gcry_pk_random_override_new (gcry_ctx_t *r_ctx, + const unsigned char *p, size_t len); #if 0 /* (Keep Emacsens' auto-indent happy.) */ { |