kris
/
boringssl
1
0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
4071 Révisions
12 Branches
38 MiB
 
 
 
 
 
 
Aborescence: 6fdea2aba9
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '6fdea2aba9'
${ noResults }
boringssl/crypto/cipher/internal.h

175 lignes
8.0 KiB
Brut Annotations Historique 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #ifndef OPENSSL_HEADER_CIPHER_INTERNAL_H

  58. #define OPENSSL_HEADER_CIPHER_INTERNAL_H

  59. 

  60. #include <openssl/base.h>

  61. 

  62. #include <openssl/aead.h>

  63. #include <openssl/aes.h>

  64. 

  65. #include "../modes/internal.h"

  66. 

  67. #if defined(__cplusplus)

  68. extern "C" {

  69. #endif

  70. 

  71. 

  72. /* EVP_CIPH_MODE_MASK contains the bits of |flags| that represent the mode. */

  73. #define EVP_CIPH_MODE_MASK 0x3f

  74. 

  75. 

  76. /* EVP_AEAD represents a specific AEAD algorithm. */

  77. struct evp_aead_st {

  78.   uint8_t key_len;

  79.   uint8_t nonce_len;

  80.   uint8_t overhead;

  81.   uint8_t max_tag_len;

  82. 

  83.   /* init initialises an |EVP_AEAD_CTX|. If this call returns zero then

  84.    * |cleanup| will not be called for that context. */

  85.   int (*init)(EVP_AEAD_CTX *, const uint8_t *key, size_t key_len,

  86.               size_t tag_len);

  87.   int (*init_with_direction)(EVP_AEAD_CTX *, const uint8_t *key, size_t key_len,

  88.                              size_t tag_len, enum evp_aead_direction_t dir);

  89.   void (*cleanup)(EVP_AEAD_CTX *);

  90. 

  91.   int (*seal)(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len,

  92.               size_t max_out_len, const uint8_t *nonce, size_t nonce_len,

  93.               const uint8_t *in, size_t in_len, const uint8_t *ad,

  94.               size_t ad_len);

  95. 

  96.   int (*open)(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len,

  97.               size_t max_out_len, const uint8_t *nonce, size_t nonce_len,

  98.               const uint8_t *in, size_t in_len, const uint8_t *ad,

  99.               size_t ad_len);

  100. 

  101.   int (*get_iv)(const EVP_AEAD_CTX *ctx, const uint8_t **out_iv,

  102.                 size_t *out_len);

  103. };

  104. 

  105. 

  106. /* EVP_tls_cbc_get_padding determines the padding from the decrypted, TLS, CBC

  107.  * record in |in|. This decrypted record should not include any "decrypted"

  108.  * explicit IV. If the record is publicly invalid, it returns zero. Otherwise,

  109.  * it returns one and sets |*out_padding_ok| to all ones (0xfff..f) if the

  110.  * padding is valid and zero otherwise. It then sets |*out_len| to the length

  111.  * with the padding removed or |in_len| if invalid.

  112.  *

  113.  * If the function returns one, it runs in time independent of the contents of

  114.  * |in|. It is also guaranteed that |*out_len| >= |mac_size|, satisfying

  115.  * |EVP_tls_cbc_copy_mac|'s precondition. */

  116. int EVP_tls_cbc_remove_padding(size_t *out_padding_ok, size_t *out_len,

  117.                                const uint8_t *in, size_t in_len,

  118.                                size_t block_size, size_t mac_size);

  119. 

  120. /* EVP_tls_cbc_copy_mac copies |md_size| bytes from the end of the first

  121.  * |in_len| bytes of |in| to |out| in constant time (independent of the concrete

  122.  * value of |in_len|, which may vary within a 256-byte window). |in| must point

  123.  * to a buffer of |orig_len| bytes.

  124.  *

  125.  * On entry:

  126.  *   orig_len >= in_len >= md_size

  127.  *   md_size <= EVP_MAX_MD_SIZE */

  128. void EVP_tls_cbc_copy_mac(uint8_t *out, size_t md_size, const uint8_t *in,

  129.                           size_t in_len, size_t orig_len);

  130. 

  131. /* EVP_tls_cbc_record_digest_supported returns 1 iff |md| is a hash function

  132.  * which EVP_tls_cbc_digest_record supports. */

  133. int EVP_tls_cbc_record_digest_supported(const EVP_MD *md);

  134. 

  135. /* EVP_tls_cbc_digest_record computes the MAC of a decrypted, padded TLS

  136.  * record.

  137.  *

  138.  *   md: the hash function used in the HMAC.

  139.  *     EVP_tls_cbc_record_digest_supported must return true for this hash.

  140.  *   md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.

  141.  *   md_out_size: the number of output bytes is written here.

  142.  *   header: the 13-byte, TLS record header.

  143.  *   data: the record data itself

  144.  *   data_plus_mac_size: the secret, reported length of the data and MAC

  145.  *     once the padding has been removed.

  146.  *   data_plus_mac_plus_padding_size: the public length of the whole

  147.  *     record, including padding.

  148.  *

  149.  * On entry: by virtue of having been through one of the remove_padding

  150.  * functions, above, we know that data_plus_mac_size is large enough to contain

  151.  * a padding byte and MAC. (If the padding was invalid, it might contain the

  152.  * padding too. ) */

  153. int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out,

  154.                               size_t *md_out_size, const uint8_t header[13],

  155.                               const uint8_t *data, size_t data_plus_mac_size,

  156.                               size_t data_plus_mac_plus_padding_size,

  157.                               const uint8_t *mac_secret,

  158.                               unsigned mac_secret_length);

  159. 

  160. /* aes_ctr_set_key initialises |*aes_key| using |key_bytes| bytes from |key|,

  161.  * where |key_bytes| must either be 16, 24 or 32. If not NULL, |*out_block| is

  162.  * set to a function that encrypts single blocks. If not NULL, |*gcm_ctx| is

  163.  * initialised to do GHASH with the given key. It returns a function for

  164.  * optimised CTR-mode, or NULL if CTR-mode should be built using

  165.  * |*out_block|. */

  166. ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_CONTEXT *gcm_ctx,

  167.                          block128_f *out_block, const uint8_t *key,

  168.                          size_t key_bytes);

  169. 

  170. #if defined(__cplusplus)

  171. } /* extern C */

  172. #endif

  173. 

  174. #endif /* OPENSSL_HEADER_CIPHER_INTERNAL_H */