1 /* 2 * Copyright (C) 2008-2012 Free Software Foundation, Inc. 3 * 4 * Author: Nikos Mavrogiannopoulos 5 * 6 * This file is part of GnuTLS. 7 * 8 * The GnuTLS is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU Lesser General Public License 10 * as published by the Free Software Foundation; either version 2.1 of 11 * the License, or (at your option) any later version. 12 * 13 * This library is distributed in the hope that it will be useful, but 14 * WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 * Lesser General Public License for more details. 17 * 18 * You should have received a copy of the GNU Lesser General Public License 19 * along with this program. If not, see <https://www.gnu.org/licenses/> 20 * 21 */ 22 23 #ifndef GNUTLS_CRYPTO_H 24 #define GNUTLS_CRYPTO_H 25 26 #include <gnutls/gnutls.h> 27 28 /* *INDENT-OFF* */ 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 /* *INDENT-ON* */ 33 34 typedef struct api_cipher_hd_st *gnutls_cipher_hd_t; 35 36 int gnutls_cipher_init(gnutls_cipher_hd_t * handle, 37 gnutls_cipher_algorithm_t cipher, 38 const gnutls_datum_t * key, 39 const gnutls_datum_t * iv); 40 int gnutls_cipher_encrypt(const gnutls_cipher_hd_t handle, 41 void *text, size_t textlen); 42 int gnutls_cipher_decrypt(const gnutls_cipher_hd_t handle, 43 void *ciphertext, size_t ciphertextlen); 44 int gnutls_cipher_decrypt2(gnutls_cipher_hd_t handle, 45 const void *ciphertext, 46 size_t ciphertextlen, void *text, 47 size_t textlen); 48 int gnutls_cipher_encrypt2(gnutls_cipher_hd_t handle, 49 const void *text, size_t textlen, 50 void *ciphertext, size_t ciphertextlen); 51 52 void gnutls_cipher_set_iv(gnutls_cipher_hd_t handle, void *iv, 53 size_t ivlen); 54 55 int gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag, 56 size_t tag_size); 57 int gnutls_cipher_add_auth(gnutls_cipher_hd_t handle, 58 const void *text, size_t text_size); 59 60 void gnutls_cipher_deinit(gnutls_cipher_hd_t handle); 61 unsigned gnutls_cipher_get_block_size(gnutls_cipher_algorithm_t algorithm) __GNUTLS_CONST__; 62 unsigned gnutls_cipher_get_iv_size(gnutls_cipher_algorithm_t algorithm) __GNUTLS_CONST__; 63 unsigned gnutls_cipher_get_tag_size(gnutls_cipher_algorithm_t algorithm) __GNUTLS_CONST__; 64 65 /* AEAD API 66 */ 67 typedef struct api_aead_cipher_hd_st *gnutls_aead_cipher_hd_t; 68 69 int gnutls_aead_cipher_init(gnutls_aead_cipher_hd_t * handle, 70 gnutls_cipher_algorithm_t cipher, 71 const gnutls_datum_t * key); 72 int 73 gnutls_aead_cipher_decrypt(gnutls_aead_cipher_hd_t handle, 74 const void *nonce, size_t nonce_len, 75 const void *auth, size_t auth_len, 76 size_t tag_size, 77 const void *ctext, size_t ctext_len, 78 void *ptext, size_t *ptext_len); 79 int 80 gnutls_aead_cipher_encrypt(gnutls_aead_cipher_hd_t handle, 81 const void *nonce, size_t nonce_len, 82 const void *auth, size_t auth_len, 83 size_t tag_size, 84 const void *ptext, size_t ptext_len, 85 void *ctext, size_t *ctext_len); 86 87 int 88 gnutls_aead_cipher_encryptv(gnutls_aead_cipher_hd_t handle, 89 const void *nonce, size_t nonce_len, 90 const giovec_t *auth_iov, int auth_iovcnt, 91 size_t tag_size, 92 const giovec_t *iov, int iovcnt, 93 void *ctext, size_t *ctext_len); 94 95 int 96 gnutls_aead_cipher_encryptv2(gnutls_aead_cipher_hd_t handle, 97 const void *nonce, size_t nonce_len, 98 const giovec_t *auth_iov, int auth_iovcnt, 99 const giovec_t *iov, int iovcnt, 100 void *tag, size_t *tag_size); 101 102 int 103 gnutls_aead_cipher_decryptv2(gnutls_aead_cipher_hd_t handle, 104 const void *nonce, size_t nonce_len, 105 const giovec_t *auth_iov, int auth_iovcnt, 106 const giovec_t *iov, int iovcnt, 107 void *tag, size_t tag_size); 108 109 void gnutls_aead_cipher_deinit(gnutls_aead_cipher_hd_t handle); 110 111 /* Hash - MAC API */ 112 113 typedef struct hash_hd_st *gnutls_hash_hd_t; 114 typedef struct hmac_hd_st *gnutls_hmac_hd_t; 115 116 size_t gnutls_mac_get_nonce_size(gnutls_mac_algorithm_t algorithm) __GNUTLS_CONST__; 117 int gnutls_hmac_init(gnutls_hmac_hd_t * dig, 118 gnutls_mac_algorithm_t algorithm, 119 const void *key, size_t keylen); 120 void gnutls_hmac_set_nonce(gnutls_hmac_hd_t handle, 121 const void *nonce, size_t nonce_len); 122 int gnutls_hmac(gnutls_hmac_hd_t handle, const void *text, size_t textlen); 123 void gnutls_hmac_output(gnutls_hmac_hd_t handle, void *digest); 124 void gnutls_hmac_deinit(gnutls_hmac_hd_t handle, void *digest); 125 unsigned gnutls_hmac_get_len(gnutls_mac_algorithm_t algorithm) __GNUTLS_CONST__; 126 unsigned gnutls_hmac_get_key_size(gnutls_mac_algorithm_t algorithm) __GNUTLS_CONST__; 127 int gnutls_hmac_fast(gnutls_mac_algorithm_t algorithm, 128 const void *key, size_t keylen, 129 const void *text, size_t textlen, void *digest); 130 gnutls_hmac_hd_t gnutls_hmac_copy(gnutls_hmac_hd_t handle); 131 132 int gnutls_hash_init(gnutls_hash_hd_t * dig, 133 gnutls_digest_algorithm_t algorithm); 134 int gnutls_hash(gnutls_hash_hd_t handle, const void *text, size_t textlen); 135 void gnutls_hash_output(gnutls_hash_hd_t handle, void *digest); 136 void gnutls_hash_deinit(gnutls_hash_hd_t handle, void *digest); 137 unsigned gnutls_hash_get_len(gnutls_digest_algorithm_t algorithm) __GNUTLS_CONST__; 138 int gnutls_hash_fast(gnutls_digest_algorithm_t algorithm, 139 const void *text, size_t textlen, void *digest); 140 gnutls_hash_hd_t gnutls_hash_copy(gnutls_hash_hd_t handle); 141 142 /* KDF API */ 143 144 int gnutls_hkdf_extract(gnutls_mac_algorithm_t mac, 145 const gnutls_datum_t *key, 146 const gnutls_datum_t *salt, 147 void *output); 148 149 int gnutls_hkdf_expand(gnutls_mac_algorithm_t mac, 150 const gnutls_datum_t *key, 151 const gnutls_datum_t *info, 152 void *output, size_t length); 153 154 int gnutls_pbkdf2(gnutls_mac_algorithm_t mac, 155 const gnutls_datum_t *key, 156 const gnutls_datum_t *salt, 157 unsigned iter_count, 158 void *output, size_t length); 159 160 /* register ciphers */ 161 162 163 /** 164 * gnutls_rnd_level_t: 165 * @GNUTLS_RND_NONCE: Non-predictable random number. Fatal in parts 166 * of session if broken, i.e., vulnerable to statistical analysis. 167 * @GNUTLS_RND_RANDOM: Pseudo-random cryptographic random number. 168 * Fatal in session if broken. Example use: temporal keys. 169 * @GNUTLS_RND_KEY: Fatal in many sessions if broken. Example use: 170 * Long-term keys. 171 * 172 * Enumeration of random quality levels. 173 */ 174 typedef enum gnutls_rnd_level { 175 GNUTLS_RND_NONCE = 0, 176 GNUTLS_RND_RANDOM = 1, 177 GNUTLS_RND_KEY = 2 178 } gnutls_rnd_level_t; 179 180 int gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len); 181 182 void gnutls_rnd_refresh(void); 183 184 185 /* API to override ciphers and MAC algorithms 186 */ 187 188 typedef int (*gnutls_cipher_init_func) (gnutls_cipher_algorithm_t, void **ctx, int enc); 189 typedef int (*gnutls_cipher_setkey_func) (void *ctx, const void *key, size_t keysize); 190 /* old style ciphers */ 191 typedef int (*gnutls_cipher_setiv_func) (void *ctx, const void *iv, size_t ivsize); 192 typedef int (*gnutls_cipher_getiv_func) (void *ctx, void *iv, size_t ivsize); 193 typedef int (*gnutls_cipher_encrypt_func) (void *ctx, const void *plain, size_t plainsize, 194 void *encr, size_t encrsize); 195 typedef int (*gnutls_cipher_decrypt_func) (void *ctx, const void *encr, size_t encrsize, 196 void *plain, size_t plainsize); 197 198 /* aead ciphers */ 199 typedef int (*gnutls_cipher_auth_func) (void *ctx, const void *data, size_t datasize); 200 typedef void (*gnutls_cipher_tag_func) (void *ctx, void *tag, size_t tagsize); 201 202 typedef int (*gnutls_cipher_aead_encrypt_func) (void *ctx, 203 const void *nonce, size_t noncesize, 204 const void *auth, size_t authsize, 205 size_t tag_size, 206 const void *plain, size_t plainsize, 207 void *encr, size_t encrsize); 208 typedef int (*gnutls_cipher_aead_decrypt_func) (void *ctx, 209 const void *nonce, size_t noncesize, 210 const void *auth, size_t authsize, 211 size_t tag_size, 212 const void *encr, size_t encrsize, 213 void *plain, size_t plainsize); 214 typedef void (*gnutls_cipher_deinit_func) (void *ctx); 215 216 int 217 gnutls_crypto_register_cipher(gnutls_cipher_algorithm_t algorithm, 218 int priority, 219 gnutls_cipher_init_func init, 220 gnutls_cipher_setkey_func setkey, 221 gnutls_cipher_setiv_func setiv, 222 gnutls_cipher_encrypt_func encrypt, 223 gnutls_cipher_decrypt_func decrypt, 224 gnutls_cipher_deinit_func deinit) 225 _GNUTLS_GCC_ATTR_DEPRECATED; 226 227 int 228 gnutls_crypto_register_aead_cipher(gnutls_cipher_algorithm_t algorithm, 229 int priority, 230 gnutls_cipher_init_func init, 231 gnutls_cipher_setkey_func setkey, 232 gnutls_cipher_aead_encrypt_func aead_encrypt, 233 gnutls_cipher_aead_decrypt_func aead_decrypt, 234 gnutls_cipher_deinit_func deinit) 235 _GNUTLS_GCC_ATTR_DEPRECATED; 236 237 typedef int (*gnutls_mac_init_func) (gnutls_mac_algorithm_t, void **ctx); 238 typedef int (*gnutls_mac_setkey_func) (void *ctx, const void *key, size_t keysize); 239 typedef int (*gnutls_mac_setnonce_func) (void *ctx, const void *nonce, size_t noncesize); 240 typedef int (*gnutls_mac_hash_func) (void *ctx, const void *text, size_t textsize); 241 typedef int (*gnutls_mac_output_func) (void *src_ctx, void *digest, size_t digestsize); 242 typedef void (*gnutls_mac_deinit_func) (void *ctx); 243 typedef int (*gnutls_mac_fast_func) (gnutls_mac_algorithm_t, const void *nonce, 244 size_t nonce_size, const void *key, size_t keysize, 245 const void *text, size_t textsize, void *digest); 246 typedef void *(*gnutls_mac_copy_func) (const void *ctx); 247 248 int 249 gnutls_crypto_register_mac(gnutls_mac_algorithm_t mac, 250 int priority, 251 gnutls_mac_init_func init, 252 gnutls_mac_setkey_func setkey, 253 gnutls_mac_setnonce_func setnonce, 254 gnutls_mac_hash_func hash, 255 gnutls_mac_output_func output, 256 gnutls_mac_deinit_func deinit, 257 gnutls_mac_fast_func hash_fast) 258 _GNUTLS_GCC_ATTR_DEPRECATED; 259 260 typedef int (*gnutls_digest_init_func) (gnutls_digest_algorithm_t, void **ctx); 261 typedef int (*gnutls_digest_hash_func) (void *ctx, const void *text, size_t textsize); 262 typedef int (*gnutls_digest_output_func) (void *src_ctx, void *digest, size_t digestsize); 263 typedef void (*gnutls_digest_deinit_func) (void *ctx); 264 typedef int (*gnutls_digest_fast_func) (gnutls_digest_algorithm_t, 265 const void *text, size_t textsize, void *digest); 266 typedef void *(*gnutls_digest_copy_func) (const void *ctx); 267 268 int 269 gnutls_crypto_register_digest(gnutls_digest_algorithm_t digest, 270 int priority, 271 gnutls_digest_init_func init, 272 gnutls_digest_hash_func hash, 273 gnutls_digest_output_func output, 274 gnutls_digest_deinit_func deinit, 275 gnutls_digest_fast_func hash_fast) 276 _GNUTLS_GCC_ATTR_DEPRECATED; 277 278 /* RSA-PKCS#1 1.5 helper functions */ 279 int 280 gnutls_encode_ber_digest_info(gnutls_digest_algorithm_t hash, 281 const gnutls_datum_t * digest, 282 gnutls_datum_t * output); 283 284 int 285 gnutls_decode_ber_digest_info(const gnutls_datum_t * info, 286 gnutls_digest_algorithm_t *hash, 287 unsigned char *digest, unsigned int *digest_size); 288 289 int gnutls_decode_rs_value(const gnutls_datum_t * sig_value, gnutls_datum_t *r, gnutls_datum_t *s); 290 int gnutls_encode_rs_value(gnutls_datum_t * sig_value, const gnutls_datum_t * r, const gnutls_datum_t * s); 291 292 int gnutls_encode_gost_rs_value(gnutls_datum_t * sig_value, const gnutls_datum_t * r, const gnutls_datum_t *s); 293 int gnutls_decode_gost_rs_value(const gnutls_datum_t * sig_value, gnutls_datum_t * r, gnutls_datum_t * s); 294 295 /* *INDENT-OFF* */ 296 #ifdef __cplusplus 297 } 298 #endif 299 /* *INDENT-ON* */ 300 #endif 301