diff options
author | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2013-10-22 17:07:53 +0300 |
---|---|---|
committer | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2013-10-22 17:07:53 +0300 |
commit | 95654041f2aa62f71aac4d8614dafe8433d10f95 (patch) | |
tree | fcfa0452bf9b196425a36ffa20911d30dd2274d5 /src | |
parent | a5a277a9016ccb34f1858a65e0ed1791b2fc3db3 (diff) | |
download | libgcrypt-95654041f2aa62f71aac4d8614dafe8433d10f95.tar.gz |
Add API to support AEAD cipher modes
* cipher/cipher.c (_gcry_cipher_authenticate, _gcry_cipher_checktag)
(_gcry_cipher_gettag): New.
* doc/gcrypt.texi: Add documentation for new API functions.
* src/visibility.c (gcry_cipher_authenticate, gcry_cipher_checktag)
(gcry_cipher_gettag): New.
* src/gcrypt.h.in, src/visibility.h: add declarations of these
functions.
* src/libgcrypt.defs, src/libgcrypt.vers: export functions.
--
Authenticated Encryption with Associated Data (AEAD) cipher modes
provide authentication tag that can be used to authenticate message. At
the same time it allows one to specify additional (unencrypted data)
that will be authenticated together with the message. This class of
cipher modes requires additional API present in this commit.
This patch is based on original patch by Dmitry Eremin-Solenikov.
Changes in v2:
- Change gcry_cipher_tag to gcry_cipher_checktag and gcry_cipher_gettag
for giving tag (checktag) for decryption and reading tag (gettag) after
encryption.
- Change gcry_cipher_authenticate to gcry_cipher_setaad, since
additional parameters needed for some AEAD modes (in this case CCM,
which needs the length of encrypted data and tag for MAC
initialization).
- Add some documentation.
Changes in v3:
- Change gcry_cipher_setaad back to gcry_cipher_authenticate. Additional
parameters (encrypt_len, tag_len, aad_len) for CCM will be given
through GCRY_CTL_SET_CCM_LENGTHS.
Changes in v4:
- log_fatal => log_error
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Diffstat (limited to 'src')
-rw-r--r-- | src/gcrypt.h.in | 11 | ||||
-rw-r--r-- | src/libgcrypt.def | 3 | ||||
-rw-r--r-- | src/libgcrypt.vers | 1 | ||||
-rw-r--r-- | src/visibility.c | 27 | ||||
-rw-r--r-- | src/visibility.h | 9 |
5 files changed, 51 insertions, 0 deletions
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 64cc0e4e..f0ae927a 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -953,6 +953,17 @@ gcry_error_t gcry_cipher_setkey (gcry_cipher_hd_t hd, gcry_error_t gcry_cipher_setiv (gcry_cipher_hd_t hd, const void *iv, size_t ivlen); +/* Provide additional authentication data for AEAD modes/ciphers. */ +gcry_error_t gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *abuf, + size_t abuflen); + +/* Get authentication tag for AEAD modes/ciphers. */ +gcry_error_t gcry_cipher_gettag (gcry_cipher_hd_t hd, void *outtag, + size_t taglen); + +/* Check authentication tag for AEAD modes/ciphers. */ +gcry_error_t gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag, + size_t taglen); /* Reset the handle to the state after open. */ #define gcry_cipher_reset(h) gcry_cipher_ctl ((h), GCRYCTL_RESET, NULL, 0) diff --git a/src/libgcrypt.def b/src/libgcrypt.def index ec0c1e3e..64ba370c 100644 --- a/src/libgcrypt.def +++ b/src/libgcrypt.def @@ -255,6 +255,9 @@ EXPORTS gcry_sexp_extract_param @225 + gcry_cipher_authenticate @226 + gcry_cipher_gettag @227 + gcry_cipher_checktag @228 ;; end of file with public symbols for Windows. diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers index be72aad5..93eaa932 100644 --- a/src/libgcrypt.vers +++ b/src/libgcrypt.vers @@ -51,6 +51,7 @@ GCRYPT_1.6 { gcry_cipher_info; gcry_cipher_map_name; gcry_cipher_mode_from_oid; gcry_cipher_open; gcry_cipher_setkey; gcry_cipher_setiv; gcry_cipher_setctr; + gcry_cipher_authenticate; gcry_cipher_gettag; gcry_cipher_checktag; gcry_pk_algo_info; gcry_pk_algo_name; gcry_pk_ctl; gcry_pk_decrypt; gcry_pk_encrypt; gcry_pk_genkey; diff --git a/src/visibility.c b/src/visibility.c index 848925e3..1f7bb3ad 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -713,6 +713,33 @@ gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen) return _gcry_cipher_setctr (hd, ctr, ctrlen); } +gcry_error_t +gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *abuf, size_t abuflen) +{ + if (!fips_is_operational ()) + return gpg_error (fips_not_operational ()); + + return _gcry_cipher_authenticate (hd, abuf, abuflen); +} + +gcry_error_t +gcry_cipher_gettag (gcry_cipher_hd_t hd, void *outtag, size_t taglen) +{ + if (!fips_is_operational ()) + return gpg_error (fips_not_operational ()); + + return _gcry_cipher_gettag (hd, outtag, taglen); +} + +gcry_error_t +gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag, size_t taglen) +{ + if (!fips_is_operational ()) + return gpg_error (fips_not_operational ()); + + return _gcry_cipher_checktag (hd, intag, taglen); +} + gcry_error_t gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) diff --git a/src/visibility.h b/src/visibility.h index 1c8f0477..b2fa4c01 100644 --- a/src/visibility.h +++ b/src/visibility.h @@ -81,6 +81,9 @@ #define gcry_cipher_setkey _gcry_cipher_setkey #define gcry_cipher_setiv _gcry_cipher_setiv #define gcry_cipher_setctr _gcry_cipher_setctr +#define gcry_cipher_authenticate _gcry_cipher_authenticate +#define gcry_cipher_checktag _gcry_cipher_checktag +#define gcry_cipher_gettag _gcry_cipher_gettag #define gcry_cipher_ctl _gcry_cipher_ctl #define gcry_cipher_decrypt _gcry_cipher_decrypt #define gcry_cipher_encrypt _gcry_cipher_encrypt @@ -297,6 +300,9 @@ gcry_err_code_t gcry_md_get (gcry_md_hd_t hd, int algo, #undef gcry_cipher_setkey #undef gcry_cipher_setiv #undef gcry_cipher_setctr +#undef gcry_cipher_authenticate +#undef gcry_cipher_checktag +#undef gcry_cipher_gettag #undef gcry_cipher_ctl #undef gcry_cipher_decrypt #undef gcry_cipher_encrypt @@ -474,6 +480,9 @@ MARK_VISIBLE (gcry_cipher_close) MARK_VISIBLE (gcry_cipher_setkey) MARK_VISIBLE (gcry_cipher_setiv) MARK_VISIBLE (gcry_cipher_setctr) +MARK_VISIBLE (gcry_cipher_authenticate) +MARK_VISIBLE (gcry_cipher_checktag) +MARK_VISIBLE (gcry_cipher_gettag) MARK_VISIBLE (gcry_cipher_ctl) MARK_VISIBLE (gcry_cipher_decrypt) MARK_VISIBLE (gcry_cipher_encrypt) |