kris
/
boringssl
1
0
Derivar 0
Código Questões 0 Pedidos de integração 0 Lançamentos 0 Wiki Trabalho
Não pode escolher mais do que 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
2065 Cometimentos
12 Ramos
38 MiB
Árvore: fde89b43c3
Ramos Etiquetas
${ item.name }
Criar ramo ${ searchTerm }
de 'fde89b43c3'
${ noResults }
boringssl/include/openssl/aead.h

aead.h 16 KiB
Em bruto Vista normal Histórico

Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Correct the spelling of "primitive". Spotted by Matt Smart. Change-Id: Id9c61ba6a293ddc52b2e2c93c427860765848c6d Reviewed-on: https://boringssl-review.googlesource.com/6430 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Remove AES-GCM cipher indices. Those ciphers go through EVP_AEAD now. Change-Id: Ia97af9960223724f041dc2c249def9e626fd03f8 Reviewed-on: https://boringssl-review.googlesource.com/1520 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Remove AES-GCM cipher indices. Those ciphers go through EVP_AEAD now. Change-Id: Ia97af9960223724f041dc2c249def9e626fd03f8 Reviewed-on: https://boringssl-review.googlesource.com/1520 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Add the RFC 7539 ChaCha20-Poly1305 AEAD. Change-Id: I07dfde7cc304d903c2253600905cc3e6257716c5 Reviewed-on: https://boringssl-review.googlesource.com/6101 Reviewed-by: Adam Langley <alangley@gmail.com>
há 9 anos
For now, give the unsuffixed ChaCha20 AEAD name to the old version. QUIC has a complex relationship with BoringSSL owing to it living both in Chromium and the Google-internal repository. In order for it to handle the ChaCha20-Poly1305 AEAD switch more easily this change gives the unsuffixed name to the old AEAD, for now. Once QUIC has moved to the “_old” version the unsuffixed name can be given to the new version. Change-Id: Id8a77be6e3fe2358d78e022413fe088e5a274dca Reviewed-on: https://boringssl-review.googlesource.com/6361 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <alangley@gmail.com>
há 9 anos
Fix aead.h header typo. EVP_aead_chacha20_poly1305_old is listed twice instead of EVP_aead_chacha20_poly1305. Change-Id: I281eee7a8359cd2a2b04047c829ef351ea4a7b82 Reviewed-on: https://boringssl-review.googlesource.com/6381 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Add the RFC 7539 ChaCha20-Poly1305 AEAD. Change-Id: I07dfde7cc304d903c2253600905cc3e6257716c5 Reviewed-on: https://boringssl-review.googlesource.com/6101 Reviewed-by: Adam Langley <alangley@gmail.com>
há 9 anos
For now, give the unsuffixed ChaCha20 AEAD name to the old version. QUIC has a complex relationship with BoringSSL owing to it living both in Chromium and the Google-internal repository. In order for it to handle the ChaCha20-Poly1305 AEAD switch more easily this change gives the unsuffixed name to the old AEAD, for now. Once QUIC has moved to the “_old” version the unsuffixed name can be given to the new version. Change-Id: Id8a77be6e3fe2358d78e022413fe088e5a274dca Reviewed-on: https://boringssl-review.googlesource.com/6361 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <alangley@gmail.com>
há 9 anos
Add AES Key Wrap mode. This is needed in order to support Web Crypto. https://code.google.com/p/chromium/issues/detail?id=396407 Change-Id: I900d8cad2716c2e3341eeae153659502326c9173 Reviewed-on: https://boringssl-review.googlesource.com/1335 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Implement all TLS ciphers with stateful AEADs. The EVP_CIPHER codepath should no longer be used with TLS. It still exists for DTLS and SSLv3. The AEAD construction in TLS does not allow for variable-overhead AEADs, so stateful AEADs do not include the length in the ad parameter. Rather the AEADs internally append the unpadded length once it is known. EVP_aead_rc4_md5_tls is modified to account for this. Tests are added (and RC4-MD5's regenerated) for each of the new AEADs. The cipher tests are all moved into crypto/cipher/test because there's now a lot of them and they clutter the directory listing. In ssl/, the stateful AEAD logic is also modified to account for stateful AEADs with a fixed IV component, and for AEADs which use a random nonce (for the explicit-IV CBC mode ciphers). The new implementation fixes a bug/quirk in stateless CBC mode ciphers where the fixed IV portion of the keyblock was generated regardless. This is at the end, so it's only relevant for EAP-TLS which generates a MSK from the end of the key block. Change-Id: I2d8b8aa11deb43bde2fd733f4f90b5d5b8cb1334 Reviewed-on: https://boringssl-review.googlesource.com/2692 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Add AES Key Wrap mode. This is needed in order to support Web Crypto. https://code.google.com/p/chromium/issues/detail?id=396407 Change-Id: I900d8cad2716c2e3341eeae153659502326c9173 Reviewed-on: https://boringssl-review.googlesource.com/1335 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Convert all zero-argument functions to '(void)' Otherwise, in C, it becomes a K&R function declaration which doesn't actually type-check the number of arguments. Change-Id: I0731a9fefca46fb1c266bfb1c33d464cf451a22e Reviewed-on: https://boringssl-review.googlesource.com/1582 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Add AES Key Wrap mode. This is needed in order to support Web Crypto. https://code.google.com/p/chromium/issues/detail?id=396407 Change-Id: I900d8cad2716c2e3341eeae153659502326c9173 Reviewed-on: https://boringssl-review.googlesource.com/1335 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Convert all zero-argument functions to '(void)' Otherwise, in C, it becomes a K&R function declaration which doesn't actually type-check the number of arguments. Change-Id: I0731a9fefca46fb1c266bfb1c33d464cf451a22e Reviewed-on: https://boringssl-review.googlesource.com/1582 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Add AES Key Wrap mode. This is needed in order to support Web Crypto. https://code.google.com/p/chromium/issues/detail?id=396407 Change-Id: I900d8cad2716c2e3341eeae153659502326c9173 Reviewed-on: https://boringssl-review.googlesource.com/1335 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Add AEADs for AES-CTR with HMAC-SHA256. Change-Id: Id035d2c6ab9c6ae034326c313ffe35e0d035dec1 Reviewed-on: https://boringssl-review.googlesource.com/3911 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Fix up several comments and detect problems in the future. This change fixes up several comments (many of which were spotted by Kenny Root) and also changes doc.go to detect cases where comments don't start with the correct word. (This is a common error.) Since we have docs builders now, these errors will be found automatically in the future. Change-Id: I58c6dd4266bf3bd4ec748763c8762b1a67ae5ab3 Reviewed-on: https://boringssl-review.googlesource.com/6440 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Add AEADs for AES-CTR with HMAC-SHA256. Change-Id: Id035d2c6ab9c6ae034326c313ffe35e0d035dec1 Reviewed-on: https://boringssl-review.googlesource.com/3911 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Prefer AES-GCM when hardware support is available. BUG=396787 Change-Id: I72ddb0ec3c71dbc70054403163930cbbde4b6009 Reviewed-on: https://boringssl-review.googlesource.com/1581 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Document exactly how the stateful AEADs are weird. Probably worth spelling that out. Change-Id: Ie8815fc645e2836f4fb5bf7d09df1e5326751544 Reviewed-on: https://boringssl-review.googlesource.com/3970 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Document exactly how the stateful AEADs are weird. Probably worth spelling that out. Change-Id: Ie8815fc645e2836f4fb5bf7d09df1e5326751544 Reviewed-on: https://boringssl-review.googlesource.com/3970 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Convert all zero-argument functions to '(void)' Otherwise, in C, it becomes a K&R function declaration which doesn't actually type-check the number of arguments. Change-Id: I0731a9fefca46fb1c266bfb1c33d464cf451a22e Reviewed-on: https://boringssl-review.googlesource.com/1582 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Implement all TLS ciphers with stateful AEADs. The EVP_CIPHER codepath should no longer be used with TLS. It still exists for DTLS and SSLv3. The AEAD construction in TLS does not allow for variable-overhead AEADs, so stateful AEADs do not include the length in the ad parameter. Rather the AEADs internally append the unpadded length once it is known. EVP_aead_rc4_md5_tls is modified to account for this. Tests are added (and RC4-MD5's regenerated) for each of the new AEADs. The cipher tests are all moved into crypto/cipher/test because there's now a lot of them and they clutter the directory listing. In ssl/, the stateful AEAD logic is also modified to account for stateful AEADs with a fixed IV component, and for AEADs which use a random nonce (for the explicit-IV CBC mode ciphers). The new implementation fixes a bug/quirk in stateless CBC mode ciphers where the fixed IV portion of the keyblock was generated regardless. This is at the end, so it's only relevant for EAP-TLS which generates a MSK from the end of the key block. Change-Id: I2d8b8aa11deb43bde2fd733f4f90b5d5b8cb1334 Reviewed-on: https://boringssl-review.googlesource.com/2692 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Implement all TLS ciphers with stateful AEADs. The EVP_CIPHER codepath should no longer be used with TLS. It still exists for DTLS and SSLv3. The AEAD construction in TLS does not allow for variable-overhead AEADs, so stateful AEADs do not include the length in the ad parameter. Rather the AEADs internally append the unpadded length once it is known. EVP_aead_rc4_md5_tls is modified to account for this. Tests are added (and RC4-MD5's regenerated) for each of the new AEADs. The cipher tests are all moved into crypto/cipher/test because there's now a lot of them and they clutter the directory listing. In ssl/, the stateful AEAD logic is also modified to account for stateful AEADs with a fixed IV component, and for AEADs which use a random nonce (for the explicit-IV CBC mode ciphers). The new implementation fixes a bug/quirk in stateless CBC mode ciphers where the fixed IV portion of the keyblock was generated regardless. This is at the end, so it's only relevant for EAP-TLS which generates a MSK from the end of the key block. Change-Id: I2d8b8aa11deb43bde2fd733f4f90b5d5b8cb1334 Reviewed-on: https://boringssl-review.googlesource.com/2692 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Restore the NULL-SHA ciphersuite. (Alas.) Change-Id: Ia5398f3b86a13fb20dba053f730b51a0e57b9aa4 Reviewed-on: https://boringssl-review.googlesource.com/5791 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
More documentation fixes. Missing newlines. I think they got lost in some patch reordering. Change-Id: Ib1e5833623f4ef613965d32b4e82ba18b6a551e6 Reviewed-on: https://boringssl-review.googlesource.com/2970 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Document exactly how the stateful AEADs are weird. Probably worth spelling that out. Change-Id: Ie8815fc645e2836f4fb5bf7d09df1e5326751544 Reviewed-on: https://boringssl-review.googlesource.com/3970 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Implement SSLv3 ciphers with stateful AEADs. This introduces another knob into SSL_AEAD_CTX to omit the version from the ad parameter. It also allows us to fold a few more SSL3_ENC_METHOD hooks together. Change-Id: I6540d410d4722f734093554fb434dab6e5217d4f Reviewed-on: https://boringssl-review.googlesource.com/2698 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Document exactly how the stateful AEADs are weird. Probably worth spelling that out. Change-Id: Ie8815fc645e2836f4fb5bf7d09df1e5326751544 Reviewed-on: https://boringssl-review.googlesource.com/3970 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Implement SSLv3 ciphers with stateful AEADs. This introduces another knob into SSL_AEAD_CTX to omit the version from the ad parameter. It also allows us to fold a few more SSL3_ENC_METHOD hooks together. Change-Id: I6540d410d4722f734093554fb434dab6e5217d4f Reviewed-on: https://boringssl-review.googlesource.com/2698 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Restore the NULL-SHA ciphersuite. (Alas.) Change-Id: Ia5398f3b86a13fb20dba053f730b51a0e57b9aa4 Reviewed-on: https://boringssl-review.googlesource.com/5791 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Implement SSLv3 ciphers with stateful AEADs. This introduces another knob into SSL_AEAD_CTX to omit the version from the ad parameter. It also allows us to fold a few more SSL3_ENC_METHOD hooks together. Change-Id: I6540d410d4722f734093554fb434dab6e5217d4f Reviewed-on: https://boringssl-review.googlesource.com/2698 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
More documentation fixes. Missing newlines. I think they got lost in some patch reordering. Change-Id: Ib1e5833623f4ef613965d32b4e82ba18b6a551e6 Reviewed-on: https://boringssl-review.googlesource.com/2970 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Implement all TLS ciphers with stateful AEADs. The EVP_CIPHER codepath should no longer be used with TLS. It still exists for DTLS and SSLv3. The AEAD construction in TLS does not allow for variable-overhead AEADs, so stateful AEADs do not include the length in the ad parameter. Rather the AEADs internally append the unpadded length once it is known. EVP_aead_rc4_md5_tls is modified to account for this. Tests are added (and RC4-MD5's regenerated) for each of the new AEADs. The cipher tests are all moved into crypto/cipher/test because there's now a lot of them and they clutter the directory listing. In ssl/, the stateful AEAD logic is also modified to account for stateful AEADs with a fixed IV component, and for AEADs which use a random nonce (for the explicit-IV CBC mode ciphers). The new implementation fixes a bug/quirk in stateless CBC mode ciphers where the fixed IV portion of the keyblock was generated regardless. This is at the end, so it's only relevant for EAP-TLS which generates a MSK from the end of the key block. Change-Id: I2d8b8aa11deb43bde2fd733f4f90b5d5b8cb1334 Reviewed-on: https://boringssl-review.googlesource.com/2692 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Implement all TLS ciphers with stateful AEADs. The EVP_CIPHER codepath should no longer be used with TLS. It still exists for DTLS and SSLv3. The AEAD construction in TLS does not allow for variable-overhead AEADs, so stateful AEADs do not include the length in the ad parameter. Rather the AEADs internally append the unpadded length once it is known. EVP_aead_rc4_md5_tls is modified to account for this. Tests are added (and RC4-MD5's regenerated) for each of the new AEADs. The cipher tests are all moved into crypto/cipher/test because there's now a lot of them and they clutter the directory listing. In ssl/, the stateful AEAD logic is also modified to account for stateful AEADs with a fixed IV component, and for AEADs which use a random nonce (for the explicit-IV CBC mode ciphers). The new implementation fixes a bug/quirk in stateless CBC mode ciphers where the fixed IV portion of the keyblock was generated regardless. This is at the end, so it's only relevant for EAP-TLS which generates a MSK from the end of the key block. Change-Id: I2d8b8aa11deb43bde2fd733f4f90b5d5b8cb1334 Reviewed-on: https://boringssl-review.googlesource.com/2692 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Don't delay-initialize legacy AEADs. Instead, add a separate init_with_direction hook. Normal AEADs ignore the direction, while legacy AEADs must be initialized with it. This avoids maintaining extra state to support the delayed initialization. Change-Id: I25271f0e56ee2783a2fd4d4026434154d58dc0a8 Reviewed-on: https://boringssl-review.googlesource.com/3731 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Add EVP_AEAD_CTX_zero. Match the other stack-allocated types in that we expose a wrapper function to get them into the zero state. Makes it more amenable to templates like ScopedOpenSSLContext. Change-Id: Ibc7b2b1bc0421ce5ccc84760c78c0b143441ab0f Reviewed-on: https://boringssl-review.googlesource.com/5753 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
AEADs don't go through ENGINE. They'll probably stay that way too, so document it as being an ignored parameter. Change-Id: Iff385715f5413290a7186c38ea9ef2dd4fce9b38 Reviewed-on: https://boringssl-review.googlesource.com/5175 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
AEAD: allow _cleanup after failed _init. This change makes it safe to call EVP_AEAD_CTX_cleanup after a failed EVP_AEAD_CTX_init. Change-Id: I608ed550e08d638cd7e941f5067edd3da4c850ab Reviewed-on: https://boringssl-review.googlesource.com/4692 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Don't delay-initialize legacy AEADs. Instead, add a separate init_with_direction hook. Normal AEADs ignore the direction, while legacy AEADs must be initialized with it. This avoids maintaining extra state to support the delayed initialization. Change-Id: I25271f0e56ee2783a2fd4d4026434154d58dc0a8 Reviewed-on: https://boringssl-review.googlesource.com/3731 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
AEAD: allow _cleanup after failed _init. This change makes it safe to call EVP_AEAD_CTX_cleanup after a failed EVP_AEAD_CTX_init. Change-Id: I608ed550e08d638cd7e941f5067edd3da4c850ab Reviewed-on: https://boringssl-review.googlesource.com/4692 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Fix doc reference to EVP_AEAD_max_overhead. The documentation referred to the old name of |EVP_AEAD_overhead|. Merged from Android's https://android-review.googlesource.com/#/c/149947/ Change-Id: Ifd1b850355c8f7d9f3e990f514fa072d4cacef1c
há 9 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Add visibility rules. This change marks public symbols as dynamically exported. This means that it becomes viable to build a shared library of libcrypto and libssl with -fvisibility=hidden. On Windows, one not only needs to mark functions for export in a component, but also for import when using them from a different component. Because of this we have to build with |BORINGSSL_IMPLEMENTATION| defined when building the code. Other components, when including our headers, won't have that defined and then the |OPENSSL_EXPORT| tag becomes an import tag instead. See the #defines in base.h In the asm code, symbols are now hidden by default and those that need to be exported are wrapped by a C function. In order to support Chromium, a couple of libssl functions were moved to ssl.h from ssl_locl.h: ssl_get_new_session and ssl_update_cache. Change-Id: Ib4b76e2f1983ee066e7806c24721e8626d08a261 Reviewed-on: https://boringssl-review.googlesource.com/1350 Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
Add SSL_get_rc4_state. This allows the current RC4 state of an SSL* to be extracted. We have internal uses for this functionality. Change-Id: Ic124c4b253c8325751f49e7a4c021768620ea4b7 Reviewed-on: https://boringssl-review.googlesource.com/3722 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Add SSL_get_ivs. This function allows one to extract the current IVs from an SSL connection. This is needed for the CBC cipher suites with implicit IVs because, for those, the IV can't be extracted from the handshake key material. Change-Id: I247a1d0813b7a434b3cfc88db86d2fe8754344b6 Reviewed-on: https://boringssl-review.googlesource.com/6433 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Add SSL_get_rc4_state. This allows the current RC4 state of an SSL* to be extracted. We have internal uses for this functionality. Change-Id: Ic124c4b253c8325751f49e7a4c021768620ea4b7 Reviewed-on: https://boringssl-review.googlesource.com/3722 Reviewed-by: Adam Langley <agl@google.com>
há 9 anos
Add missing newline in aead.h. c2d3280f was missing a newline before the trailer. Change-Id: I0118259b7a8ab15aaaa55125a0f92f3a97794b81
há 9 anos
Move public headers to include/openssl/ Previously, public headers lived next to the respective code and there were symlinks from include/openssl to them. This doesn't work on Windows. This change moves the headers to live in include/openssl. In cases where some symlinks pointed to the same header, I've added a file that just includes the intended target. These cases are all for backwards-compat. Change-Id: I6e285b74caf621c644b5168a4877db226b07fd92 Reviewed-on: https://boringssl-review.googlesource.com/1180 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
há 10 anos
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346 
  1. /* Copyright (c) 2014, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #ifndef OPENSSL_HEADER_AEAD_H

  16. #define OPENSSL_HEADER_AEAD_H

  17. 

  18. #include <openssl/base.h>

  19. 

  20. #if defined(__cplusplus)

  21. extern "C" {

  22. #endif

  23. 

  24. 

  25. /* Authenticated Encryption with Additional Data.

  26.  *

  27.  * AEAD couples confidentiality and integrity in a single primitive. AEAD

  28.  * algorithms take a key and then can seal and open individual messages. Each

  29.  * message has a unique, per-message nonce and, optionally, additional data

  30.  * which is authenticated but not included in the ciphertext.

  31.  *

  32.  * The |EVP_AEAD_CTX_init| function initialises an |EVP_AEAD_CTX| structure and

  33.  * performs any precomputation needed to use |aead| with |key|. The length of

  34.  * the key, |key_len|, is given in bytes.

  35.  *

  36.  * The |tag_len| argument contains the length of the tags, in bytes, and allows

  37.  * for the processing of truncated authenticators. A zero value indicates that

  38.  * the default tag length should be used and this is defined as

  39.  * |EVP_AEAD_DEFAULT_TAG_LENGTH| in order to make the code clear. Using

  40.  * truncated tags increases an attacker's chance of creating a valid forgery.

  41.  * Be aware that the attacker's chance may increase more than exponentially as

  42.  * would naively be expected.

  43.  *

  44.  * When no longer needed, the initialised |EVP_AEAD_CTX| structure must be

  45.  * passed to |EVP_AEAD_CTX_cleanup|, which will deallocate any memory used.

  46.  *

  47.  * With an |EVP_AEAD_CTX| in hand, one can seal and open messages. These

  48.  * operations are intended to meet the standard notions of privacy and

  49.  * authenticity for authenticated encryption. For formal definitions see

  50.  * Bellare and Namprempre, "Authenticated encryption: relations among notions

  51.  * and analysis of the generic composition paradigm," Lecture Notes in Computer

  52.  * Science B<1976> (2000), 531–545,

  53.  * http://www-cse.ucsd.edu/~mihir/papers/oem.html.

  54.  *

  55.  * When sealing messages, a nonce must be given. The length of the nonce is

  56.  * fixed by the AEAD in use and is returned by |EVP_AEAD_nonce_length|. *The

  57.  * nonce must be unique for all messages with the same key*. This is critically

  58.  * important - nonce reuse may completely undermine the security of the AEAD.

  59.  * Nonces may be predictable and public, so long as they are unique. Uniqueness

  60.  * may be achieved with a simple counter or, if large enough, may be generated

  61.  * randomly. The nonce must be passed into the "open" operation by the receiver

  62.  * so must either be implicit (e.g. a counter), or must be transmitted along

  63.  * with the sealed message.

  64.  *

  65.  * The "seal" and "open" operations are atomic - an entire message must be

  66.  * encrypted or decrypted in a single call. Large messages may have to be split

  67.  * up in order to accomodate this. When doing so, be mindful of the need not to

  68.  * repeat nonces and the possibility that an attacker could duplicate, reorder

  69.  * or drop message chunks. For example, using a single key for a given (large)

  70.  * message and sealing chunks with nonces counting from zero would be secure as

  71.  * long as the number of chunks was securely transmitted. (Otherwise an

  72.  * attacker could truncate the message by dropping chunks from the end.)

  73.  *

  74.  * The number of chunks could be transmitted by prefixing it to the plaintext,

  75.  * for example. This also assumes that no other message would ever use the same

  76.  * key otherwise the rule that nonces must be unique for a given key would be

  77.  * violated.

  78.  *

  79.  * The "seal" and "open" operations also permit additional data to be

  80.  * authenticated via the |ad| parameter. This data is not included in the

  81.  * ciphertext and must be identical for both the "seal" and "open" call. This

  82.  * permits implicit context to be authenticated but may be empty if not needed.

  83.  *

  84.  * The "seal" and "open" operations may work in-place if the |out| and |in|

  85.  * arguments are equal. They may also be used to shift the data left inside the

  86.  * same buffer if |out| is less than |in|. However, |out| may not point inside

  87.  * the input data otherwise the input may be overwritten before it has been

  88.  * read. This situation will cause an error.

  89.  *

  90.  * The "seal" and "open" operations return one on success and zero on error. */

  91. 

  92. 

  93. /* AEAD algorithms. */

  94. 

  95. /* EVP_aead_aes_128_gcm is AES-128 in Galois Counter Mode. */

  96. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm(void);

  97. 

  98. /* EVP_aead_aes_256_gcm is AES-256 in Galois Counter Mode. */

  99. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm(void);

  100. 

  101. /* EVP_aead_chacha20_poly1305_old is an AEAD built from ChaCha20 and

  102.  * Poly1305 that is used in the experimental ChaCha20-Poly1305 TLS cipher

  103.  * suites. */

  104. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_chacha20_poly1305_old(void);

  105. 

  106. /* EVP_aead_chacha20_poly1305 is currently an alias for

  107.  * |EVP_aead_chacha20_poly1305_old|. In the future, the RFC 7539 version will

  108.  * take this name. */

  109. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_chacha20_poly1305(void);

  110. 

  111. /* EVP_aead_chacha20_poly1305_rfc7539 is the AEAD built from ChaCha20 and

  112.  * Poly1305 as described in RFC 7539.

  113.  *

  114.  * WARNING: this function is not ready yet. It will be renamed in the future to

  115.  * drop the “_rfc7539” suffix. */

  116. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_chacha20_poly1305_rfc7539(void);

  117. 

  118. /* EVP_aead_aes_128_key_wrap is AES-128 Key Wrap mode. This should never be

  119.  * used except to interoperate with existing systems that use this mode.

  120.  *

  121.  * If the nonce is empty then the default nonce will be used, otherwise it must

  122.  * be eight bytes long. The input must be a multiple of eight bytes long. No

  123.  * additional data can be given to this mode. */

  124. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_key_wrap(void);

  125. 

  126. /* EVP_aead_aes_256_key_wrap is AES-256 in Key Wrap mode. This should never be

  127.  * used except to interoperate with existing systems that use this mode.

  128.  *

  129.  * See |EVP_aead_aes_128_key_wrap| for details. */

  130. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_key_wrap(void);

  131. 

  132. /* EVP_aead_aes_128_ctr_hmac_sha256 is AES-128 in CTR mode with HMAC-SHA256 for

  133.  * authentication. The nonce is 12 bytes; the bottom 32-bits are used as the

  134.  * block counter, thus the maximum plaintext size is 64GB. */

  135. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ctr_hmac_sha256(void);

  136. 

  137. /* EVP_aead_aes_256_ctr_hmac_sha256 is AES-256 in CTR mode with HMAC-SHA256 for

  138.  * authentication. See |EVP_aead_aes_128_ctr_hmac_sha256| for details. */

  139. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_ctr_hmac_sha256(void);

  140. 

  141. /* EVP_has_aes_hardware returns one if we enable hardware support for fast and

  142.  * constant-time AES-GCM. */

  143. OPENSSL_EXPORT int EVP_has_aes_hardware(void);

  144. 

  145. 

  146. /* TLS-specific AEAD algorithms.

  147.  *

  148.  * These AEAD primitives do not meet the definition of generic AEADs. They are

  149.  * all specific to TLS and should not be used outside of that context. They must

  150.  * be initialized with |EVP_AEAD_CTX_init_with_direction|, are stateful, and may

  151.  * not be used concurrently. Any nonces are used as IVs, so they must be

  152.  * unpredictable. They only accept an |ad| parameter of length 11 (the standard

  153.  * TLS one with length omitted). */

  154. 

  155. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_md5_tls(void);

  156. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_sha1_tls(void);

  157. 

  158. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_tls(void);

  159. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_tls_implicit_iv(void);

  160. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha256_tls(void);

  161. 

  162. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_tls(void);

  163. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_tls_implicit_iv(void);

  164. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha256_tls(void);

  165. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha384_tls(void);

  166. 

  167. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls(void);

  168. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv(void);

  169. 

  170. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_null_sha1_tls(void);

  171. 

  172. 

  173. /* SSLv3-specific AEAD algorithms.

  174.  *

  175.  * These AEAD primitives do not meet the definition of generic AEADs. They are

  176.  * all specific to SSLv3 and should not be used outside of that context. They

  177.  * must be initialized with |EVP_AEAD_CTX_init_with_direction|, are stateful,

  178.  * and may not be used concurrently. They only accept an |ad| parameter of

  179.  * length 9 (the standard TLS one with length and version omitted). */

  180. 

  181. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_md5_ssl3(void);

  182. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_rc4_sha1_ssl3(void);

  183. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_ssl3(void);

  184. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_ssl3(void);

  185. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_ssl3(void);

  186. OPENSSL_EXPORT const EVP_AEAD *EVP_aead_null_sha1_ssl3(void);

  187. 

  188. 

  189. /* Utility functions. */

  190. 

  191. /* EVP_AEAD_key_length returns the length, in bytes, of the keys used by

  192.  * |aead|. */

  193. OPENSSL_EXPORT size_t EVP_AEAD_key_length(const EVP_AEAD *aead);

  194. 

  195. /* EVP_AEAD_nonce_length returns the length, in bytes, of the per-message nonce

  196.  * for |aead|. */

  197. OPENSSL_EXPORT size_t EVP_AEAD_nonce_length(const EVP_AEAD *aead);

  198. 

  199. /* EVP_AEAD_max_overhead returns the maximum number of additional bytes added

  200.  * by the act of sealing data with |aead|. */

  201. OPENSSL_EXPORT size_t EVP_AEAD_max_overhead(const EVP_AEAD *aead);

  202. 

  203. /* EVP_AEAD_max_tag_len returns the maximum tag length when using |aead|. This

  204.  * is the largest value that can be passed as |tag_len| to

  205.  * |EVP_AEAD_CTX_init|. */

  206. OPENSSL_EXPORT size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead);

  207. 

  208. 

  209. /* AEAD operations. */

  210. 

  211. /* An EVP_AEAD_CTX represents an AEAD algorithm configured with a specific key

  212.  * and message-independent IV. */

  213. typedef struct evp_aead_ctx_st {

  214.   const EVP_AEAD *aead;

  215.   /* aead_state is an opaque pointer to whatever state the AEAD needs to

  216.    * maintain. */

  217.   void *aead_state;

  218. } EVP_AEAD_CTX;

  219. 

  220. /* EVP_AEAD_MAX_KEY_LENGTH contains the maximum key length used by

  221.  * any AEAD defined in this header. */

  222. #define EVP_AEAD_MAX_KEY_LENGTH 80

  223. 

  224. /* EVP_AEAD_MAX_NONCE_LENGTH contains the maximum nonce length used by

  225.  * any AEAD defined in this header. */

  226. #define EVP_AEAD_MAX_NONCE_LENGTH 16

  227. 

  228. /* EVP_AEAD_MAX_OVERHEAD contains the maximum overhead used by any AEAD

  229.  * defined in this header. */

  230. #define EVP_AEAD_MAX_OVERHEAD 64

  231. 

  232. /* EVP_AEAD_DEFAULT_TAG_LENGTH is a magic value that can be passed to

  233.  * EVP_AEAD_CTX_init to indicate that the default tag length for an AEAD should

  234.  * be used. */

  235. #define EVP_AEAD_DEFAULT_TAG_LENGTH 0

  236. 

  237. /* evp_aead_direction_t denotes the direction of an AEAD operation. */

  238. enum evp_aead_direction_t {

  239.   evp_aead_open,

  240.   evp_aead_seal,

  241. };

  242. 

  243. /* EVP_AEAD_CTX_zero sets an uninitialized |ctx| to the zero state. It must be

  244.  * initialized with |EVP_AEAD_CTX_init| before use. It is safe, but not

  245.  * necessary, to call |EVP_AEAD_CTX_cleanup| in this state. This may be used for

  246.  * more uniform cleanup of |EVP_AEAD_CTX|. */

  247. OPENSSL_EXPORT void EVP_AEAD_CTX_zero(EVP_AEAD_CTX *ctx);

  248. 

  249. /* EVP_AEAD_CTX_init initializes |ctx| for the given AEAD algorithm. The |impl|

  250.  * argument is ignored and should be NULL. Authentication tags may be truncated

  251.  * by passing a size as |tag_len|. A |tag_len| of zero indicates the default

  252.  * tag length and this is defined as EVP_AEAD_DEFAULT_TAG_LENGTH for

  253.  * readability.

  254.  *

  255.  * Returns 1 on success. Otherwise returns 0 and pushes to the error stack. In

  256.  * the error case, you do not need to call |EVP_AEAD_CTX_cleanup|, but it's

  257.  * harmless to do so. */

  258. OPENSSL_EXPORT int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,

  259.                                      const uint8_t *key, size_t key_len,

  260.                                      size_t tag_len, ENGINE *impl);

  261. 

  262. /* EVP_AEAD_CTX_init_with_direction calls |EVP_AEAD_CTX_init| for normal

  263.  * AEADs. For TLS-specific and SSL3-specific AEADs, it initializes |ctx| for a

  264.  * given direction. */

  265. OPENSSL_EXPORT int EVP_AEAD_CTX_init_with_direction(

  266.     EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, const uint8_t *key, size_t key_len,

  267.     size_t tag_len, enum evp_aead_direction_t dir);

  268. 

  269. /* EVP_AEAD_CTX_cleanup frees any data allocated by |ctx|. It is a no-op to

  270.  * call |EVP_AEAD_CTX_cleanup| on a |EVP_AEAD_CTX| that has been |memset| to

  271.  * all zeros. */

  272. OPENSSL_EXPORT void EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx);

  273. 

  274. /* EVP_AEAD_CTX_seal encrypts and authenticates |in_len| bytes from |in| and

  275.  * authenticates |ad_len| bytes from |ad| and writes the result to |out|. It

  276.  * returns one on success and zero otherwise.

  277.  *

  278.  * This function may be called (with the same |EVP_AEAD_CTX|) concurrently with

  279.  * itself or |EVP_AEAD_CTX_open|.

  280.  *

  281.  * At most |max_out_len| bytes are written to |out| and, in order to ensure

  282.  * success, |max_out_len| should be |in_len| plus the result of

  283.  * |EVP_AEAD_max_overhead|. On successful return, |*out_len| is set to the

  284.  * actual number of bytes written.

  285.  *

  286.  * The length of |nonce|, |nonce_len|, must be equal to the result of

  287.  * |EVP_AEAD_nonce_length| for this AEAD.

  288.  *

  289.  * |EVP_AEAD_CTX_seal| never results in a partial output. If |max_out_len| is

  290.  * insufficient, zero will be returned. (In this case, |*out_len| is set to

  291.  * zero.)

  292.  *

  293.  * If |in| and |out| alias then |out| must be <= |in|. */

  294. OPENSSL_EXPORT int EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,

  295.                                      size_t *out_len, size_t max_out_len,

  296.                                      const uint8_t *nonce, size_t nonce_len,

  297.                                      const uint8_t *in, size_t in_len,

  298.                                      const uint8_t *ad, size_t ad_len);

  299. 

  300. /* EVP_AEAD_CTX_open authenticates |in_len| bytes from |in| and |ad_len| bytes

  301.  * from |ad| and decrypts at most |in_len| bytes into |out|. It returns one on

  302.  * success and zero otherwise.

  303.  *

  304.  * This function may be called (with the same |EVP_AEAD_CTX|) concurrently with

  305.  * itself or |EVP_AEAD_CTX_seal|.

  306.  *

  307.  * At most |in_len| bytes are written to |out|. In order to ensure success,

  308.  * |max_out_len| should be at least |in_len|. On successful return, |*out_len|

  309.  * is set to the the actual number of bytes written.

  310.  *

  311.  * The length of |nonce|, |nonce_len|, must be equal to the result of

  312.  * |EVP_AEAD_nonce_length| for this AEAD.

  313.  *

  314.  * |EVP_AEAD_CTX_open| never results in a partial output. If |max_out_len| is

  315.  * insufficient, zero will be returned. (In this case, |*out_len| is set to

  316.  * zero.)

  317.  *

  318.  * If |in| and |out| alias then |out| must be <= |in|. */

  319. OPENSSL_EXPORT int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, uint8_t *out,

  320.                                      size_t *out_len, size_t max_out_len,

  321.                                      const uint8_t *nonce, size_t nonce_len,

  322.                                      const uint8_t *in, size_t in_len,

  323.                                      const uint8_t *ad, size_t ad_len);

  324. 

  325. 

  326. /* Obscure functions. */

  327. 

  328. /* EVP_AEAD_CTX_get_rc4_state sets |*out_key| to point to an RC4 key structure.

  329.  * It returns one on success or zero if |ctx| doesn't have an RC4 key. */

  330. OPENSSL_EXPORT int EVP_AEAD_CTX_get_rc4_state(const EVP_AEAD_CTX *ctx,

  331.                                               const RC4_KEY **out_key);

  332. 

  333. /* EVP_AEAD_CTX_get_iv sets |*out_len| to the length of the IV for |ctx| and

  334.  * sets |*out_iv| to point to that many bytes of the current IV. This is only

  335.  * meaningful for AEADs with implicit IVs (i.e. CBC mode in SSLv3 and TLS 1.0).

  336.  *

  337.  * It returns one on success or zero on error. */

  338. OPENSSL_EXPORT int EVP_AEAD_CTX_get_iv(const EVP_AEAD_CTX *ctx,

  339.                                        const uint8_t **out_iv, size_t *out_len);

  340. 

  341. 

  342. #if defined(__cplusplus)

  343. }  /* extern C */

  344. #endif

  345. 

  346. #endif  /* OPENSSL_HEADER_AEAD_H */