Merge BoringSSL 0f8bfde: Make |gcm128_context| memcpy-safe.
This merge is complicated by the fact that *ring* had already had made this change, but BoringSSL used a slightly modified version. In particular, the |_sk| suffixes were removed and the |OPENSSL_EXPORT| was removed from each function in the BoringSSL version. In this merge, the removal of the |_sk| suffixes was done. However, the removal of |OPENSSL_EXPORT| would have broke the build, so it was not done.
This commit is contained in:
commit
2ace2131ff
@ -200,14 +200,14 @@ static void aesni_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out,
|
||||
|
||||
static char aesni_capable(void);
|
||||
|
||||
static ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_CONTEXT_SK *gcm_ctx,
|
||||
static ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_CONTEXT *gcm_ctx,
|
||||
block128_f *out_block, const uint8_t *key,
|
||||
size_t key_len)
|
||||
OPENSSL_SUPPRESS_UNREACHABLE_CODE_WARNINGS {
|
||||
if (aesni_capable()) {
|
||||
aesni_set_encrypt_key(key, key_len * 8, aes_key);
|
||||
if (gcm_ctx != NULL) {
|
||||
CRYPTO_gcm128_init_sk(gcm_ctx, aes_key, (block128_f)aesni_encrypt);
|
||||
CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)aesni_encrypt);
|
||||
}
|
||||
if (out_block) {
|
||||
*out_block = (block128_f) aesni_encrypt;
|
||||
@ -218,7 +218,7 @@ static ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_CONTEXT_SK *gcm_ctx,
|
||||
if (hwaes_capable()) {
|
||||
aes_v8_set_encrypt_key(key, key_len * 8, aes_key);
|
||||
if (gcm_ctx != NULL) {
|
||||
CRYPTO_gcm128_init_sk(gcm_ctx, aes_key, (block128_f)aes_v8_encrypt);
|
||||
CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)aes_v8_encrypt);
|
||||
}
|
||||
if (out_block) {
|
||||
*out_block = (block128_f) aes_v8_encrypt;
|
||||
@ -229,7 +229,7 @@ static ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_CONTEXT_SK *gcm_ctx,
|
||||
if (bsaes_capable()) {
|
||||
AES_set_encrypt_key(key, key_len * 8, aes_key);
|
||||
if (gcm_ctx != NULL) {
|
||||
CRYPTO_gcm128_init_sk(gcm_ctx, aes_key, (block128_f)AES_encrypt);
|
||||
CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);
|
||||
}
|
||||
if (out_block) {
|
||||
*out_block = (block128_f) AES_encrypt;
|
||||
@ -243,14 +243,14 @@ static ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_CONTEXT_SK *gcm_ctx,
|
||||
*out_block = (block128_f) vpaes_encrypt;
|
||||
}
|
||||
if (gcm_ctx != NULL) {
|
||||
CRYPTO_gcm128_init_sk(gcm_ctx, aes_key, (block128_f)vpaes_encrypt);
|
||||
CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)vpaes_encrypt);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
AES_set_encrypt_key(key, key_len * 8, aes_key);
|
||||
if (gcm_ctx != NULL) {
|
||||
CRYPTO_gcm128_init_sk(gcm_ctx, aes_key, (block128_f)AES_encrypt);
|
||||
CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt);
|
||||
}
|
||||
if (out_block) {
|
||||
*out_block = (block128_f) AES_encrypt;
|
||||
@ -268,7 +268,7 @@ struct aead_aes_gcm_ctx {
|
||||
double align;
|
||||
AES_KEY ks;
|
||||
} ks;
|
||||
GCM128_CONTEXT_SK gcm;
|
||||
GCM128_CONTEXT gcm;
|
||||
ctr128_f ctr;
|
||||
};
|
||||
|
||||
@ -300,29 +300,28 @@ int evp_aead_aes_gcm_seal(const void *ctx_buf, uint8_t *out, size_t *out_len,
|
||||
return 0;
|
||||
}
|
||||
|
||||
GCM128_CONTEXT_SK gcm;
|
||||
GCM128_CONTEXT gcm;
|
||||
|
||||
const AES_KEY *key = &gcm_ctx->ks.ks;
|
||||
|
||||
memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
|
||||
CRYPTO_gcm128_set_96_bit_iv_sk(&gcm, key, nonce);
|
||||
CRYPTO_gcm128_set_96_bit_iv(&gcm, key, nonce);
|
||||
|
||||
if (ad_len > 0 && !CRYPTO_gcm128_aad_sk(&gcm, ad, ad_len)) {
|
||||
if (ad_len > 0 && !CRYPTO_gcm128_aad(&gcm, ad, ad_len)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (gcm_ctx->ctr) {
|
||||
if (!CRYPTO_gcm128_encrypt_ctr32_sk(&gcm, key, in, out, in_len,
|
||||
gcm_ctx->ctr)) {
|
||||
if (!CRYPTO_gcm128_encrypt_ctr32(&gcm, key, in, out, in_len, gcm_ctx->ctr)) {
|
||||
return 0;
|
||||
}
|
||||
} else {
|
||||
if (!CRYPTO_gcm128_encrypt_sk(&gcm, key, in, out, in_len)) {
|
||||
if (!CRYPTO_gcm128_encrypt(&gcm, key, in, out, in_len)) {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
CRYPTO_gcm128_tag_sk(&gcm, out + in_len, EVP_AEAD_AES_GCM_TAG_LEN);
|
||||
CRYPTO_gcm128_tag(&gcm, out + in_len, EVP_AEAD_AES_GCM_TAG_LEN);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -344,33 +343,33 @@ int evp_aead_aes_gcm_open(const void *ctx_buf, uint8_t *out, size_t *out_len,
|
||||
|
||||
uint8_t tag[EVP_AEAD_AES_GCM_TAG_LEN];
|
||||
size_t plaintext_len;
|
||||
GCM128_CONTEXT_SK gcm;
|
||||
GCM128_CONTEXT gcm;
|
||||
|
||||
plaintext_len = in_len - EVP_AEAD_AES_GCM_TAG_LEN;
|
||||
|
||||
const AES_KEY *key = &gcm_ctx->ks.ks;
|
||||
|
||||
memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
|
||||
CRYPTO_gcm128_set_96_bit_iv_sk(&gcm, key, nonce);
|
||||
CRYPTO_gcm128_set_96_bit_iv(&gcm, key, nonce);
|
||||
|
||||
if (!CRYPTO_gcm128_aad_sk(&gcm, ad, ad_len)) {
|
||||
if (!CRYPTO_gcm128_aad(&gcm, ad, ad_len)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (gcm_ctx->ctr) {
|
||||
if (!CRYPTO_gcm128_decrypt_ctr32_sk(&gcm, key, in, out,
|
||||
in_len - EVP_AEAD_AES_GCM_TAG_LEN,
|
||||
gcm_ctx->ctr)) {
|
||||
if (!CRYPTO_gcm128_decrypt_ctr32(&gcm, key, in, out,
|
||||
in_len - EVP_AEAD_AES_GCM_TAG_LEN,
|
||||
gcm_ctx->ctr)) {
|
||||
return 0;
|
||||
}
|
||||
} else {
|
||||
if (!CRYPTO_gcm128_decrypt_sk(&gcm, key, in, out,
|
||||
in_len - EVP_AEAD_AES_GCM_TAG_LEN)) {
|
||||
if (!CRYPTO_gcm128_decrypt(&gcm, key, in, out,
|
||||
in_len - EVP_AEAD_AES_GCM_TAG_LEN)) {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
CRYPTO_gcm128_tag_sk(&gcm, tag, EVP_AEAD_AES_GCM_TAG_LEN);
|
||||
CRYPTO_gcm128_tag(&gcm, tag, EVP_AEAD_AES_GCM_TAG_LEN);
|
||||
if (CRYPTO_memcmp(tag, in + plaintext_len, EVP_AEAD_AES_GCM_TAG_LEN) != 0) {
|
||||
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
|
||||
return 0;
|
||||
|
@ -406,18 +406,18 @@ void gcm_ghash_neon(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
|
||||
#endif
|
||||
#endif
|
||||
|
||||
GCM128_CONTEXT_SK *CRYPTO_gcm128_new_sk(const void *key, block128_f block) {
|
||||
GCM128_CONTEXT_SK *ret;
|
||||
GCM128_CONTEXT *CRYPTO_gcm128_new(const void *key, block128_f block) {
|
||||
GCM128_CONTEXT *ret;
|
||||
|
||||
ret = (GCM128_CONTEXT_SK *)OPENSSL_malloc(sizeof(GCM128_CONTEXT_SK));
|
||||
ret = (GCM128_CONTEXT *)OPENSSL_malloc(sizeof(GCM128_CONTEXT));
|
||||
if (ret != NULL) {
|
||||
CRYPTO_gcm128_init_sk(ret, key, block);
|
||||
CRYPTO_gcm128_init(ret, key, block);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
void CRYPTO_gcm128_init_sk(GCM128_CONTEXT_SK *ctx, const void *key,
|
||||
void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, const void *key,
|
||||
block128_f block) {
|
||||
const union {
|
||||
long one;
|
||||
@ -491,8 +491,8 @@ void CRYPTO_gcm128_init_sk(GCM128_CONTEXT_SK *ctx, const void *key,
|
||||
#endif
|
||||
}
|
||||
|
||||
void CRYPTO_gcm128_set_96_bit_iv_sk(GCM128_CONTEXT_SK *ctx, const void *key,
|
||||
const uint8_t *iv) {
|
||||
void CRYPTO_gcm128_set_96_bit_iv(GCM128_CONTEXT *ctx, const void *key,
|
||||
const uint8_t *iv) {
|
||||
const union {
|
||||
long one;
|
||||
char little;
|
||||
@ -521,7 +521,7 @@ void CRYPTO_gcm128_set_96_bit_iv_sk(GCM128_CONTEXT_SK *ctx, const void *key,
|
||||
}
|
||||
}
|
||||
|
||||
int CRYPTO_gcm128_aad_sk(GCM128_CONTEXT_SK *ctx, const uint8_t *aad, size_t len) {
|
||||
int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const uint8_t *aad, size_t len) {
|
||||
size_t i;
|
||||
unsigned int n;
|
||||
uint64_t alen = ctx->len.u[0];
|
||||
@ -585,9 +585,9 @@ int CRYPTO_gcm128_aad_sk(GCM128_CONTEXT_SK *ctx, const uint8_t *aad, size_t len)
|
||||
return 1;
|
||||
}
|
||||
|
||||
int CRYPTO_gcm128_encrypt_sk(GCM128_CONTEXT_SK *ctx, const void *key,
|
||||
const unsigned char *in, unsigned char *out,
|
||||
size_t len) {
|
||||
int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const void *key,
|
||||
const unsigned char *in, unsigned char *out,
|
||||
size_t len) {
|
||||
const union {
|
||||
long one;
|
||||
char little;
|
||||
@ -745,9 +745,9 @@ int CRYPTO_gcm128_encrypt_sk(GCM128_CONTEXT_SK *ctx, const void *key,
|
||||
return 1;
|
||||
}
|
||||
|
||||
int CRYPTO_gcm128_decrypt_sk(GCM128_CONTEXT_SK *ctx, const void *key,
|
||||
const unsigned char *in, unsigned char *out,
|
||||
size_t len) {
|
||||
int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const void *key,
|
||||
const unsigned char *in, unsigned char *out,
|
||||
size_t len) {
|
||||
const union {
|
||||
long one;
|
||||
char little;
|
||||
@ -912,9 +912,9 @@ int CRYPTO_gcm128_decrypt_sk(GCM128_CONTEXT_SK *ctx, const void *key,
|
||||
return 1;
|
||||
}
|
||||
|
||||
int CRYPTO_gcm128_encrypt_ctr32_sk(GCM128_CONTEXT_SK *ctx, const void *key,
|
||||
const uint8_t *in, uint8_t *out, size_t len,
|
||||
ctr128_f stream) {
|
||||
int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const void *key,
|
||||
const uint8_t *in, uint8_t *out, size_t len,
|
||||
ctr128_f stream) {
|
||||
const union {
|
||||
long one;
|
||||
char little;
|
||||
@ -1021,9 +1021,9 @@ int CRYPTO_gcm128_encrypt_ctr32_sk(GCM128_CONTEXT_SK *ctx, const void *key,
|
||||
return 1;
|
||||
}
|
||||
|
||||
int CRYPTO_gcm128_decrypt_ctr32_sk(GCM128_CONTEXT_SK *ctx, const void *key,
|
||||
const uint8_t *in, uint8_t *out, size_t len,
|
||||
ctr128_f stream) {
|
||||
int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const void *key,
|
||||
const uint8_t *in, uint8_t *out, size_t len,
|
||||
ctr128_f stream) {
|
||||
const union {
|
||||
long one;
|
||||
char little;
|
||||
@ -1137,8 +1137,8 @@ int CRYPTO_gcm128_decrypt_ctr32_sk(GCM128_CONTEXT_SK *ctx, const void *key,
|
||||
return 1;
|
||||
}
|
||||
|
||||
int CRYPTO_gcm128_finish_sk(GCM128_CONTEXT_SK *ctx, const uint8_t *tag,
|
||||
size_t len) {
|
||||
int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const uint8_t *tag,
|
||||
size_t len) {
|
||||
const union {
|
||||
long one;
|
||||
char little;
|
||||
@ -1182,13 +1182,13 @@ int CRYPTO_gcm128_finish_sk(GCM128_CONTEXT_SK *ctx, const uint8_t *tag,
|
||||
}
|
||||
}
|
||||
|
||||
void CRYPTO_gcm128_tag_sk(GCM128_CONTEXT_SK *ctx, unsigned char *tag,
|
||||
size_t len) {
|
||||
CRYPTO_gcm128_finish_sk(ctx, NULL, 0);
|
||||
void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag,
|
||||
size_t len) {
|
||||
CRYPTO_gcm128_finish(ctx, NULL, 0);
|
||||
memcpy(tag, ctx->Xi.c, len <= sizeof(ctx->Xi.c) ? len : sizeof(ctx->Xi.c));
|
||||
}
|
||||
|
||||
void CRYPTO_gcm128_release_sk(GCM128_CONTEXT_SK *ctx) {
|
||||
void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx) {
|
||||
if (ctx) {
|
||||
OPENSSL_cleanse(ctx, sizeof(*ctx));
|
||||
OPENSSL_free(ctx);
|
||||
|
@ -242,7 +242,7 @@ static int run_test_case(unsigned test_num, const struct test_case *test) {
|
||||
*nonce = NULL, *ciphertext = NULL, *tag = NULL, *out = NULL;
|
||||
int ret = 0;
|
||||
AES_KEY aes_key;
|
||||
GCM128_CONTEXT_SK ctx;
|
||||
GCM128_CONTEXT ctx;
|
||||
|
||||
if (!decode_hex(&key, &key_len, test->key, test_num, "key") ||
|
||||
!decode_hex(&plaintext, &plaintext_len, test->plaintext, test_num,
|
||||
@ -286,16 +286,16 @@ static int run_test_case(unsigned test_num, const struct test_case *test) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
CRYPTO_gcm128_init_sk(&ctx, &aes_key, (block128_f) AES_encrypt);
|
||||
CRYPTO_gcm128_set_96_bit_iv_sk(&ctx, &aes_key, nonce);
|
||||
CRYPTO_gcm128_init(&ctx, &aes_key, (block128_f) AES_encrypt);
|
||||
CRYPTO_gcm128_set_96_bit_iv(&ctx, &aes_key, nonce);
|
||||
memset(out, 0, plaintext_len);
|
||||
if (additional_data) {
|
||||
CRYPTO_gcm128_aad_sk(&ctx, additional_data, additional_data_len);
|
||||
CRYPTO_gcm128_aad(&ctx, additional_data, additional_data_len);
|
||||
}
|
||||
if (plaintext) {
|
||||
CRYPTO_gcm128_encrypt_sk(&ctx, &aes_key, plaintext, out, plaintext_len);
|
||||
CRYPTO_gcm128_encrypt(&ctx, &aes_key, plaintext, out, plaintext_len);
|
||||
}
|
||||
if (!CRYPTO_gcm128_finish_sk(&ctx, tag, tag_len) ||
|
||||
if (!CRYPTO_gcm128_finish(&ctx, tag, tag_len) ||
|
||||
(ciphertext && memcmp(out, ciphertext, plaintext_len) != 0)) {
|
||||
fprintf(stderr, "%u: encrypt failed.\n", test_num);
|
||||
hexdump(stderr, "got :", out, plaintext_len);
|
||||
@ -303,15 +303,15 @@ static int run_test_case(unsigned test_num, const struct test_case *test) {
|
||||
goto out;
|
||||
}
|
||||
|
||||
CRYPTO_gcm128_set_96_bit_iv_sk(&ctx, &aes_key, nonce);
|
||||
CRYPTO_gcm128_set_96_bit_iv(&ctx, &aes_key, nonce);
|
||||
memset(out, 0, plaintext_len);
|
||||
if (additional_data) {
|
||||
CRYPTO_gcm128_aad_sk(&ctx, additional_data, additional_data_len);
|
||||
CRYPTO_gcm128_aad(&ctx, additional_data, additional_data_len);
|
||||
}
|
||||
if (ciphertext) {
|
||||
CRYPTO_gcm128_decrypt_sk(&ctx, &aes_key, ciphertext, out, plaintext_len);
|
||||
CRYPTO_gcm128_decrypt(&ctx, &aes_key, ciphertext, out, plaintext_len);
|
||||
}
|
||||
if (!CRYPTO_gcm128_finish_sk(&ctx, tag, tag_len)) {
|
||||
if (!CRYPTO_gcm128_finish(&ctx, tag, tag_len)) {
|
||||
fprintf(stderr, "%u: decrypt failed.\n", test_num);
|
||||
goto out;
|
||||
}
|
||||
|
@ -152,10 +152,10 @@ __inline uint32_t _bswap4(uint32_t val) {
|
||||
/* GCM definitions */
|
||||
typedef struct { uint64_t hi,lo; } u128;
|
||||
|
||||
/* This differs from the old |gcm128_context| in that it does not have the
|
||||
/* This differs from OpenSSL's |gcm128_context| in that it does not have the
|
||||
* |key| pointer, in order to make it |memcpy|-friendly. See openssl/modes.h
|
||||
* for more info. */
|
||||
struct gcm128_context_sk {
|
||||
struct gcm128_context {
|
||||
/* Following 6 names follow names in GCM specification */
|
||||
union {
|
||||
uint64_t u[2];
|
||||
|
@ -93,84 +93,88 @@ OPENSSL_EXPORT void CRYPTO_ctr128_encrypt_ctr32(
|
||||
|
||||
/* GCM.
|
||||
*
|
||||
* This API differs from the upstream API slightly. Every name ends with a "_sk"
|
||||
* suffix that signifies that |GCM128_CONTEXT_SK| does not have a |key| pointer
|
||||
* that points to the key like |GCM128_CONTEXT| did. Instead, every function
|
||||
* takes a |key| parameter. This way |GCM128_CONTEXT_SK| can be safely copied
|
||||
* with memcpy or equivalent. */
|
||||
* This API differs from the OpenSSL API slightly. The |GCM128_CONTEXT| does
|
||||
* not have a |key| pointer that points to the key as OpenSSL's version does.
|
||||
* Instead, every function takes a |key| parameter. This way |GCM128_CONTEXT|
|
||||
* can be safely copied with memcpy or equivalent. */
|
||||
|
||||
typedef struct gcm128_context_sk GCM128_CONTEXT_SK;
|
||||
typedef struct gcm128_context GCM128_CONTEXT;
|
||||
|
||||
/* CRYPTO_gcm128_new_sk allocates a fresh |GCM128_CONTEXT| and calls
|
||||
* |CRYPTO_gcm128_init_sk|. It returns the new context, or NULL on error. */
|
||||
OPENSSL_EXPORT GCM128_CONTEXT_SK *CRYPTO_gcm128_new_sk(const void *key,
|
||||
block128_f block);
|
||||
/* CRYPTO_gcm128_new allocates a fresh |GCM128_CONTEXT| and calls
|
||||
* |CRYPTO_gcm128_init|. It returns the new context, or NULL on error. */
|
||||
GCM128_CONTEXT *CRYPTO_gcm128_new(const void *key, block128_f block);
|
||||
|
||||
/* CRYPTO_gcm128_init_sk initialises |ctx| to use |block| (typically AES) with
|
||||
/* CRYPTO_gcm128_init initialises |ctx| to use |block| (typically AES) with the
|
||||
* given key. */
|
||||
OPENSSL_EXPORT GCM128_CONTEXT *CRYPTO_gcm128_new(const void *key,
|
||||
block128_f block);
|
||||
|
||||
/* CRYPTO_gcm128_init initialises |ctx| to use |block| (typically AES) with
|
||||
* the given key. */
|
||||
OPENSSL_EXPORT void CRYPTO_gcm128_init_sk(GCM128_CONTEXT_SK *ctx,
|
||||
const void *key, block128_f block);
|
||||
OPENSSL_EXPORT void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, const void *key,
|
||||
block128_f block);
|
||||
|
||||
/* CRYPTO_gcm128_set_96_bit_iv_sk sets the IV (nonce) for |ctx|. |key| must be
|
||||
/* CRYPTO_gcm128_set_96_bit_iv sets the IV (nonce) for |ctx|. The |key| must be
|
||||
* the same key that was passed to |CRYPTO_gcm128_init|. |iv| must be 12 bytes
|
||||
* (96 bits) long. */
|
||||
OPENSSL_EXPORT void CRYPTO_gcm128_set_96_bit_iv_sk (GCM128_CONTEXT_SK *ctx,
|
||||
const void *key,
|
||||
const uint8_t *iv);
|
||||
OPENSSL_EXPORT void CRYPTO_gcm128_set_96_bit_iv(GCM128_CONTEXT *ctx,
|
||||
const void *key,
|
||||
const uint8_t *iv);
|
||||
|
||||
/* CRYPTO_gcm128_aad_sk sets the authenticated data for an instance of GCM.
|
||||
/* CRYPTO_gcm128_aad sets the authenticated data for an instance of GCM.
|
||||
* This must be called before and data is encrypted. It returns one on success
|
||||
* and zero otherwise. */
|
||||
OPENSSL_EXPORT int CRYPTO_gcm128_aad_sk(GCM128_CONTEXT_SK *ctx,
|
||||
const uint8_t *aad, size_t len);
|
||||
OPENSSL_EXPORT int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const uint8_t *aad,
|
||||
size_t len);
|
||||
|
||||
/* CRYPTO_gcm128_encrypt_sk encrypts |len| bytes from |in| to |out|. |key| must
|
||||
* be the same key that was passed to |CRYPTO_gcm128_init|. It returns one on
|
||||
* success and zero otherwise. */
|
||||
OPENSSL_EXPORT int CRYPTO_gcm128_encrypt_sk(GCM128_CONTEXT_SK *ctx,
|
||||
const void *key, const uint8_t *in,
|
||||
uint8_t *out, size_t len);
|
||||
|
||||
/* CRYPTO_gcm128_decrypt_sk decrypts |len| bytes from |in| to |out|. |key| must
|
||||
* be the same key that was passed to |CRYPTO_gcm128_init|. It returns one on
|
||||
* success and zero otherwise. */
|
||||
OPENSSL_EXPORT int CRYPTO_gcm128_decrypt_sk(GCM128_CONTEXT_SK *ctx,
|
||||
const void *key,
|
||||
const uint8_t *in,
|
||||
uint8_t *out, size_t len);
|
||||
|
||||
/* CRYPTO_gcm128_encrypt_ctr32_sk encrypts |len| bytes from |in| to |out| using
|
||||
* a CTR function that only handles the bottom 32 bits of the nonce, like
|
||||
* |CRYPTO_ctr128_encrypt_ctr32|. |key| must be the same key that was passed to
|
||||
* |CRYPTO_gcm128_init|. It returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int CRYPTO_gcm128_encrypt_ctr32_sk(GCM128_CONTEXT_SK *ctx,
|
||||
const void *key,
|
||||
const uint8_t *in,
|
||||
uint8_t *out,
|
||||
size_t len, ctr128_f stream);
|
||||
|
||||
/* CRYPTO_gcm128_decrypt_ctr32_sk decrypts |len| bytes from |in| to |out| using
|
||||
* a CTR function that only handles the bottom 32 bits of the nonce, like
|
||||
* |CRYPTO_ctr128_encrypt_ctr32|. |key| must be the same key that was passed to
|
||||
* |CRYPTO_gcm128_init|. It returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int CRYPTO_gcm128_decrypt_ctr32_sk(GCM128_CONTEXT_SK *ctx,
|
||||
const void *key,
|
||||
const uint8_t *in,
|
||||
uint8_t *out, size_t len,
|
||||
ctr128_f stream);
|
||||
|
||||
/* CRYPTO_gcm128_finish_sk calculates the authenticator and compares it against
|
||||
* |len| bytes of |tag|. It returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int CRYPTO_gcm128_finish_sk(GCM128_CONTEXT_SK *ctx,
|
||||
const uint8_t *tag, size_t len);
|
||||
|
||||
/* CRYPTO_gcm128_tag_sk calculates the authenticator and copies it into |tag|.
|
||||
* The minimum of |len| and 16 bytes are copied into |tag|. */
|
||||
OPENSSL_EXPORT void CRYPTO_gcm128_tag_sk(GCM128_CONTEXT_SK *ctx, uint8_t *tag,
|
||||
/* CRYPTO_gcm128_encrypt encrypts |len| bytes from |in| to |out|. The |key|
|
||||
* must be the same key that was passed to |CRYPTO_gcm128_init|. It returns one
|
||||
* on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const void *key,
|
||||
const uint8_t *in, uint8_t *out,
|
||||
size_t len);
|
||||
|
||||
/* CRYPTO_gcm128_release_sk clears and frees |ctx|. */
|
||||
OPENSSL_EXPORT void CRYPTO_gcm128_release_sk(GCM128_CONTEXT_SK *ctx);
|
||||
/* CRYPTO_gcm128_decrypt decrypts |len| bytes from |in| to |out|. The |key|
|
||||
* must be the same key that was passed to |CRYPTO_gcm128_init|. It returns one
|
||||
* on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const void *key,
|
||||
const uint8_t *in, uint8_t *out,
|
||||
size_t len);
|
||||
|
||||
/* CRYPTO_gcm128_encrypt_ctr32 encrypts |len| bytes from |in| to |out| using
|
||||
* a CTR function that only handles the bottom 32 bits of the nonce, like
|
||||
* |CRYPTO_ctr128_encrypt_ctr32|. The |key| must be the same key that was
|
||||
* passed to |CRYPTO_gcm128_init|. It returns one on success and zero
|
||||
* otherwise. */
|
||||
OPENSSL_EXPORT int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
|
||||
const void *key,
|
||||
const uint8_t *in,
|
||||
uint8_t *out,
|
||||
size_t len, ctr128_f stream);
|
||||
|
||||
/* CRYPTO_gcm128_decrypt_ctr32 decrypts |len| bytes from |in| to |out| using
|
||||
* a CTR function that only handles the bottom 32 bits of the nonce, like
|
||||
* |CRYPTO_ctr128_encrypt_ctr32|. The |key| must be the same key that was
|
||||
* passed to |CRYPTO_gcm128_init|. It returns one on success and zero
|
||||
* otherwise. */
|
||||
OPENSSL_EXPORT int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
|
||||
const void *key,
|
||||
const uint8_t *in,
|
||||
uint8_t *out, size_t len,
|
||||
ctr128_f stream);
|
||||
|
||||
/* CRYPTO_gcm128_finish calculates the authenticator and compares it against
|
||||
* |len| bytes of |tag|. It returns one on success and zero otherwise. */
|
||||
OPENSSL_EXPORT int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const uint8_t *tag,
|
||||
size_t len);
|
||||
|
||||
/* CRYPTO_gcm128_tag calculates the authenticator and copies it into |tag|.
|
||||
* The minimum of |len| and 16 bytes are copied into |tag|. */
|
||||
OPENSSL_EXPORT void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, uint8_t *tag,
|
||||
size_t len);
|
||||
|
||||
/* CRYPTO_gcm128_release clears and frees |ctx|. */
|
||||
OPENSSL_EXPORT void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx);
|
||||
|
||||
|
||||
/* CBC. */
|
||||
|
Loading…
x
Reference in New Issue
Block a user