diff options
author | NIIBE Yutaka <gniibe@fsij.org> | 2022-08-25 14:31:07 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-08-25 14:31:07 +0900 |
commit | 373b1f6c17948fa7d31880c3705391bef08a0471 (patch) | |
tree | d501a0204631027d908f4f53f333ced6c0bfd9f2 /src | |
parent | 249ca431ef881d510b90a5d3db9cd8507c4d697b (diff) | |
download | libgcrypt-373b1f6c17948fa7d31880c3705391bef08a0471.tar.gz |
cipher: Support internal generation of IV for AEAD cipher mode.
* cipher/cipher-gcm.c (_gcry_cipher_gcm_setiv_zero): New.
(_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt)
(_gcry_cipher_gcm_authenticate): Use _gcry_cipher_gcm_setiv_zero.
* cipher/cipher-internal.h (struct gcry_cipher_handle): Add aead field.
* cipher/cipher.c (_gcry_cipher_setiv): Check calling setiv to reject
direct invocation in FIPS mode.
(_gcry_cipher_setup_geniv, _gcry_cipher_geniv): New.
* doc/gcrypt.texi: Add explanation for two new functions.
* src/gcrypt-int.h (_gcry_cipher_setup_geniv, _gcry_cipher_geniv): New.
* src/gcrypt.h.in (enum gcry_cipher_geniv_methods): New.
(gcry_cipher_setup_geniv, gcry_cipher_geniv): New.
* src/libgcrypt.def (gcry_cipher_setup_geniv, gcry_cipher_geniv): Add.
* src/libgcrypt.vers: Likewise.
* src/visibility.c (gcry_cipher_setup_geniv, gcry_cipher_geniv): Add.
* src/visibility.h: Likewise.
--
GnuPG-bug-id: 4873
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/gcrypt-int.h | 6 | ||||
-rw-r--r-- | src/gcrypt.h.in | 16 | ||||
-rw-r--r-- | src/libgcrypt.def | 3 | ||||
-rw-r--r-- | src/libgcrypt.vers | 3 | ||||
-rw-r--r-- | src/visibility.c | 16 | ||||
-rw-r--r-- | src/visibility.h | 4 |
6 files changed, 48 insertions, 0 deletions
diff --git a/src/gcrypt-int.h b/src/gcrypt-int.h index 04953ffc..c3ca5d71 100644 --- a/src/gcrypt-int.h +++ b/src/gcrypt-int.h @@ -69,6 +69,12 @@ gcry_err_code_t _gcry_cipher_setkey (gcry_cipher_hd_t hd, const void *key, size_t keylen); gcry_err_code_t _gcry_cipher_setiv (gcry_cipher_hd_t hd, const void *iv, size_t ivlen); +gcry_err_code_t _gcry_cipher_setup_geniv (gcry_cipher_hd_t hd, int method, + const void *fixed_iv, + size_t fixed_ivlen, + const void *dyn_iv, size_t dyn_ivlen); +gcry_err_code_t _gcry_cipher_geniv (gcry_cipher_hd_t hd, + void *iv, size_t ivlen); gpg_err_code_t _gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *abuf, size_t abuflen); gpg_err_code_t _gcry_cipher_gettag (gcry_cipher_hd_t hd, void *outtag, diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 60bcb6d1..8451a4ce 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -986,6 +986,13 @@ enum gcry_cipher_flags GCRY_CIPHER_EXTENDED = 16 /* Enable extended AES-WRAP. */ }; +/* Methods used for AEAD IV generation. */ +enum gcry_cipher_geniv_methods + { + GCRY_CIPHER_GENIV_METHOD_CONCAT = 1, + GCRY_CIPHER_GENIV_METHOD_XOR = 2 + }; + /* GCM works only with blocks of 128 bits */ #define GCRY_GCM_BLOCK_LEN (128 / 8) @@ -1057,6 +1064,15 @@ gcry_error_t gcry_cipher_setkey (gcry_cipher_hd_t hd, gcry_error_t gcry_cipher_setiv (gcry_cipher_hd_t hd, const void *iv, size_t ivlen); +/* Initialization vector generation setup for AEAD modes/ciphers. */ +gcry_error_t gcry_cipher_setup_geniv (gcry_cipher_hd_t hd, int method, + const void *fixed_iv, size_t fixed_ivlen, + const void *dyn_iv, size_t dyn_ivlen); + +/* Initialization vector generation for AEAD modes/ciphers. */ +gcry_error_t gcry_cipher_geniv (gcry_cipher_hd_t hd, + void *iv, size_t ivlen); + /* Provide additional authentication data for AEAD modes/ciphers. */ gcry_error_t gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *abuf, size_t abuflen); diff --git a/src/libgcrypt.def b/src/libgcrypt.def index d6de731f..a66511c8 100644 --- a/src/libgcrypt.def +++ b/src/libgcrypt.def @@ -298,4 +298,7 @@ EXPORTS gcry_kdf_final @260 gcry_kdf_close @261 + gcry_cipher_setup_geniv @262 + gcry_cipher_geniv @263 + ;; end of file with public symbols for Windows. diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers index 2e274f60..62b0e4ee 100644 --- a/src/libgcrypt.vers +++ b/src/libgcrypt.vers @@ -125,6 +125,9 @@ GCRYPT_1.6 { gcry_pk_hash_sign; gcry_pk_hash_verify; gcry_pk_random_override_new; gcry_kdf_open; gcry_kdf_compute; gcry_kdf_final; gcry_kdf_close; + + gcry_cipher_setup_geniv; gcry_cipher_geniv; + local: *; diff --git a/src/visibility.c b/src/visibility.c index daaf4033..150b197d 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -774,6 +774,22 @@ gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen) } gcry_error_t +gcry_cipher_setup_geniv (gcry_cipher_hd_t hd, int method, + const void *fixed_iv, size_t fixed_iv_len, + const void *dyn_iv, size_t dyn_iv_len) +{ + return gcry_error (_gcry_cipher_setup_geniv (hd, method, + fixed_iv, fixed_iv_len, + dyn_iv, dyn_iv_len)); +} + +gcry_error_t +gcry_cipher_geniv (gcry_cipher_hd_t hd, void *iv, size_t iv_len) +{ + return gcry_error (_gcry_cipher_geniv (hd, iv, iv_len)); +} + +gcry_error_t gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *abuf, size_t abuflen) { if (!fips_is_operational ()) diff --git a/src/visibility.h b/src/visibility.h index 14bf6248..6aef3278 100644 --- a/src/visibility.h +++ b/src/visibility.h @@ -122,6 +122,8 @@ MARK_VISIBLEX (gcry_cipher_close) MARK_VISIBLEX (gcry_cipher_setkey) MARK_VISIBLEX (gcry_cipher_setiv) MARK_VISIBLEX (gcry_cipher_setctr) +MARK_VISIBLEX (gcry_cipher_setup_geniv) +MARK_VISIBLEX (gcry_cipher_geniv) MARK_VISIBLEX (gcry_cipher_authenticate) MARK_VISIBLEX (gcry_cipher_checktag) MARK_VISIBLEX (gcry_cipher_gettag) @@ -344,6 +346,8 @@ MARK_VISIBLEX (_gcry_mpi_get_const) #define gcry_cipher_setctr _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_cipher_algo_info _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_cipher_algo_name _gcry_USE_THE_UNDERSCORED_FUNCTION +#define gcry_cipher_setup_geniv _gcry_USE_THE_UNDERSCORED_FUNCTION +#define gcry_cipher_geniv _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_cipher_authenticate _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_cipher_checktag _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_cipher_gettag _gcry_USE_THE_UNDERSCORED_FUNCTION |