diff options
author | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2013-11-15 12:28:07 +0200 |
---|---|---|
committer | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2013-11-16 12:52:17 +0200 |
commit | fcd6da37d55f248d3558ee0ff385b41b866e7ded (patch) | |
tree | b942fea4e29d43427b4e5c221d8c40455e6b8cfe /src/gcrypt.h.in | |
parent | b95a557a43aeed68ea5e5ce02aca42ee97bfdb3b (diff) | |
download | libgcrypt-fcd6da37d55f248d3558ee0ff385b41b866e7ded.tar.gz |
Add new MAC API, initially with HMAC
* cipher/Makefile.am: Add 'mac.c', 'mac-internal.h' and 'mac-hmac.c'.
* cipher/bufhelp.h (buf_eq_const): New.
* cipher/cipher-ccm.c (_gcry_cipher_ccm_tag): Use 'buf_eq_const' for
constant-time compare.
* cipher/mac-hmac.c: New.
* cipher/mac-internal.h: New.
* cipher/mac.c: New.
* doc/gcrypt.texi: Add documentation for MAC API.
* src/gcrypt-int.h [GPG_ERROR_VERSION_NUMBER < 1.13]
(GPG_ERR_MAC_ALGO): New.
* src/gcrypt.h.in (gcry_mac_handle, gcry_mac_hd_t, gcry_mac_algos)
(gcry_mac_flags, gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
(gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
(gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
(gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name)
(gcry_mac_reset, gcry_mac_test_algo): New.
* src/libgcrypt.def (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
(gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
(gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
(gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
* src/libgcrypt.vers (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
(gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
(gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
(gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
* src/visibility.c (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
(gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
(gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
(gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
* src/visibility.h (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
(gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
(gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
(gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
* tests/basic.c (check_one_mac, check_mac): New.
(main): Call 'check_mac'.
* tests/bench-slope.c (bench_print_header, bench_print_footer): Allow
variable algorithm name width.
(_cipher_bench, hash_bench): Update to above change.
(bench_hash_do_bench): Add 'gcry_md_reset'.
(bench_mac_mode, bench_mac_init, bench_mac_free, bench_mac_do_bench)
(mac_ops, mac_modes, mac_bench_one, _mac_bench, mac_bench): New.
(main): Add 'mac' benchmark options.
* tests/benchmark.c (mac_repetitions, mac_bench): New.
(main): Add 'mac' benchmark options.
--
Add MAC API, with HMAC algorithms. Internally uses HMAC functionality of the
MD module.
[v2]:
- Add documentation for MAC API.
- Change length argument for gcry_mac_read from size_t to size_t* for
returning number of written bytes.
[v3]:
- HMAC algorithm ids start from 101.
- Fix coding style for new files.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Diffstat (limited to 'src/gcrypt.h.in')
-rw-r--r-- | src/gcrypt.h.in | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index fffc15ca..a9bc5ffb 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -1279,6 +1279,103 @@ void gcry_md_debug (gcry_md_hd_t hd, const char *suffix); #define gcry_md_get_asnoid(a,b,n) \ gcry_md_algo_info((a), GCRYCTL_GET_ASNOID, (b), (n)) + + +/********************************************** + * * + * Message Authentication Code Functions * + * * + **********************************************/ + +/* The data object used to hold a handle to an encryption object. */ +struct gcry_mac_handle; +typedef struct gcry_mac_handle *gcry_mac_hd_t; + +/* Algorithm IDs for the hash functions we know about. Not all of them + are implemented. */ +enum gcry_mac_algos + { + GCRY_MAC_NONE = 0, + + GCRY_MAC_HMAC_SHA256 = 101, + GCRY_MAC_HMAC_SHA224 = 102, + GCRY_MAC_HMAC_SHA512 = 103, + GCRY_MAC_HMAC_SHA384 = 104, + GCRY_MAC_HMAC_SHA1 = 105, + GCRY_MAC_HMAC_MD5 = 106, + GCRY_MAC_HMAC_MD4 = 107, + GCRY_MAC_HMAC_RMD160 = 108, + GCRY_MAC_HMAC_TIGER1 = 109, /* The fixed TIGER variant */ + GCRY_MAC_HMAC_WHIRLPOOL = 110, + GCRY_MAC_HMAC_GOSTR3411_94 = 111, + GCRY_MAC_HMAC_STRIBOG256 = 112, + GCRY_MAC_HMAC_STRIBOG512 = 113 + }; + +/* Flags used with the open function. */ +enum gcry_mac_flags + { + GCRY_MAC_FLAG_SECURE = 1, /* Allocate all buffers in "secure" memory. */ + }; + +/* Create a MAC handle for algorithm ALGO. FLAGS may be given as an bitwise OR + of the gcry_mac_flags values. CTX maybe NULL or gcry_ctx_t object to be + associated with HANDLE. */ +gcry_error_t gcry_mac_open (gcry_mac_hd_t *handle, int algo, + unsigned int flags, gcry_ctx_t ctx); + +/* Close the MAC handle H and release all resource. */ +void gcry_mac_close (gcry_mac_hd_t h); + +/* Perform various operations on the MAC object H. */ +gcry_error_t gcry_mac_ctl (gcry_mac_hd_t h, int cmd, void *buffer, + size_t buflen); + +/* Retrieve various information about the MAC algorithm ALGO. */ +gcry_error_t gcry_mac_algo_info (int algo, int what, void *buffer, + size_t *nbytes); + +/* Set KEY of length KEYLEN bytes for the MAC handle HD. */ +gcry_error_t gcry_mac_setkey (gcry_mac_hd_t hd, const void *key, + size_t keylen); + +/* Set initialization vector IV of length IVLEN for the MAC handle HD. */ +gcry_error_t gcry_mac_setiv (gcry_mac_hd_t hd, const void *iv, + size_t ivlen); + +/* Pass LENGTH bytes of data in BUFFER to the MAC object HD so that + it can update the MAC values. */ +gcry_error_t gcry_mac_write (gcry_mac_hd_t hd, const void *buffer, + size_t length); + +/* Read out the final authentication code from the MAC object HD to BUFFER. */ +gcry_error_t gcry_mac_read (gcry_mac_hd_t hd, void *buffer, size_t *buflen); + +/* Verify the final authentication code from the MAC object HD with BUFFER. */ +gcry_error_t gcry_mac_verify (gcry_mac_hd_t hd, const void *buffer, + size_t buflen); + +/* Retrieve the length in bytes of the MAC yielded by algorithm ALGO. */ +unsigned int gcry_mac_get_algo_maclen (int algo); + +/* Retrieve the default key length in bytes used with algorithm A. */ +unsigned int gcry_mac_get_algo_keylen (int algo); + +/* Map the MAC algorithm whose ID is contained in ALGORITHM to a + string representation of the algorithm name. For unknown algorithm + IDs this function returns "?". */ +const char *gcry_mac_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE; + +/* Map the algorithm name NAME to an MAC algorithm ID. Return 0 if + the algorithm name is not known. */ +int gcry_mac_map_name (const char *name) _GCRY_GCC_ATTR_PURE; + +/* Reset the handle to the state after open/setkey. */ +#define gcry_mac_reset(h) gcry_mac_ctl ((h), GCRYCTL_RESET, NULL, 0) + +/* Return 0 if the algorithm A is available for use. */ +#define gcry_mac_test_algo(a) \ + gcry_mac_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL ) /****************************** |