/src/gnutls/lib/nettle/mac.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (C) 2008-2012 Free Software Foundation, Inc. |
3 | | * |
4 | | * Author: Nikos Mavrogiannopoulos |
5 | | * |
6 | | * This file is part of GNUTLS. |
7 | | * |
8 | | * The GNUTLS library is free software; you can redistribute it and/or |
9 | | * modify it under the terms of the GNU Lesser General Public License |
10 | | * as published by the Free Software Foundation; either version 2.1 of |
11 | | * the License, or (at your option) any later version. |
12 | | * |
13 | | * This library is distributed in the hope that it will be useful, but |
14 | | * WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
16 | | * Lesser General Public License for more details. |
17 | | * |
18 | | * You should have received a copy of the GNU Lesser General Public License |
19 | | * along with this program. If not, see <https://www.gnu.org/licenses/> |
20 | | * |
21 | | */ |
22 | | |
23 | | /* This file provides the backend hash/mac API for nettle. |
24 | | */ |
25 | | |
26 | | #include "gnutls_int.h" |
27 | | #include <hash_int.h> |
28 | | #include "errors.h" |
29 | | #include <nettle/md5.h> |
30 | | #include <nettle/md2.h> |
31 | | #include <nettle/sha.h> |
32 | | #include <nettle/sha3.h> |
33 | | #include <nettle/hmac.h> |
34 | | #include <nettle/umac.h> |
35 | | #include <nettle/hkdf.h> |
36 | | #include <nettle/pbkdf2.h> |
37 | | #include <nettle/cmac.h> |
38 | | #if ENABLE_GOST |
39 | | # include "gost/hmac-gost.h" |
40 | | # ifndef HAVE_NETTLE_GOST28147_SET_KEY |
41 | | # include "gost/gost28147.h" |
42 | | # endif |
43 | | # include "gost/cmac.h" |
44 | | #endif |
45 | | #include <nettle/gcm.h> |
46 | | |
47 | | typedef void (*update_func)(void *, size_t, const uint8_t *); |
48 | | typedef void (*digest_func)(void *, size_t, uint8_t *); |
49 | | typedef void (*set_key_func)(void *, size_t, const uint8_t *); |
50 | | typedef void (*set_nonce_func)(void *, size_t, const uint8_t *); |
51 | | |
52 | | static int wrap_nettle_hash_init(gnutls_digest_algorithm_t algo, void **_ctx); |
53 | | |
54 | | struct md5_sha1_ctx { |
55 | | struct md5_ctx md5; |
56 | | struct sha1_ctx sha1; |
57 | | }; |
58 | | |
59 | | struct gmac_ctx { |
60 | | unsigned int pos; |
61 | | uint8_t buffer[GCM_BLOCK_SIZE]; |
62 | | struct gcm_key key; |
63 | | struct gcm_ctx ctx; |
64 | | nettle_cipher_func *encrypt; |
65 | | union { |
66 | | struct aes128_ctx aes128; |
67 | | struct aes192_ctx aes192; |
68 | | struct aes256_ctx aes256; |
69 | | } cipher; |
70 | | }; |
71 | | |
72 | | struct nettle_hash_ctx { |
73 | | union { |
74 | | struct md5_ctx md5; |
75 | | struct sha224_ctx sha224; |
76 | | struct sha256_ctx sha256; |
77 | | struct sha384_ctx sha384; |
78 | | struct sha512_ctx sha512; |
79 | | struct sha3_224_ctx sha3_224; |
80 | | struct sha3_256_ctx sha3_256; |
81 | | struct sha3_384_ctx sha3_384; |
82 | | struct sha3_512_ctx sha3_512; |
83 | | struct sha1_ctx sha1; |
84 | | struct md2_ctx md2; |
85 | | struct md5_sha1_ctx md5_sha1; |
86 | | #if ENABLE_GOST |
87 | | struct gosthash94cp_ctx gosthash94cp; |
88 | | struct streebog256_ctx streebog256; |
89 | | struct streebog512_ctx streebog512; |
90 | | #endif |
91 | | } ctx; |
92 | | void *ctx_ptr; |
93 | | gnutls_digest_algorithm_t algo; |
94 | | size_t length; |
95 | | update_func update; |
96 | | digest_func digest; |
97 | | }; |
98 | | |
99 | | struct nettle_mac_ctx { |
100 | | union { |
101 | | struct hmac_md5_ctx md5; |
102 | | struct hmac_sha224_ctx sha224; |
103 | | struct hmac_sha256_ctx sha256; |
104 | | struct hmac_sha384_ctx sha384; |
105 | | struct hmac_sha512_ctx sha512; |
106 | | struct hmac_sha1_ctx sha1; |
107 | | #if ENABLE_GOST |
108 | | struct hmac_gosthash94cp_ctx gosthash94cp; |
109 | | struct hmac_streebog256_ctx streebog256; |
110 | | struct hmac_streebog512_ctx streebog512; |
111 | | struct gost28147_imit_ctx gost28147_imit; |
112 | | struct cmac_magma_ctx magma; |
113 | | struct cmac_kuznyechik_ctx kuznyechik; |
114 | | #endif |
115 | | struct umac96_ctx umac96; |
116 | | struct umac128_ctx umac128; |
117 | | struct cmac_aes128_ctx cmac128; |
118 | | struct cmac_aes256_ctx cmac256; |
119 | | struct gmac_ctx gmac; |
120 | | } ctx; |
121 | | |
122 | | void *ctx_ptr; |
123 | | gnutls_mac_algorithm_t algo; |
124 | | size_t length; |
125 | | update_func update; |
126 | | digest_func digest; |
127 | | set_key_func set_key; |
128 | | set_nonce_func set_nonce; |
129 | | }; |
130 | | |
131 | | #if ENABLE_GOST |
132 | | static void |
133 | | _wrap_gost28147_imit_set_key_tc26z(void *ctx, size_t len, const uint8_t * key) |
134 | 0 | { |
135 | 0 | gost28147_imit_set_param(ctx, &gost28147_param_TC26_Z); |
136 | 0 | gost28147_imit_set_key(ctx, len, key); |
137 | 0 | } |
138 | | |
139 | | static void _wrap_cmac_magma_set_key(void *ctx, size_t len, const uint8_t * key) |
140 | 0 | { |
141 | 0 | cmac_magma_set_key(ctx, key); |
142 | 0 | } |
143 | | |
144 | | static void |
145 | | _wrap_cmac_kuznyechik_set_key(void *ctx, size_t len, const uint8_t * key) |
146 | 0 | { |
147 | 0 | cmac_kuznyechik_set_key(ctx, key); |
148 | 0 | } |
149 | | #endif |
150 | | |
151 | | static void _wrap_umac96_set_key(void *ctx, size_t len, const uint8_t * key) |
152 | 0 | { |
153 | 0 | if (unlikely(len != 16)) |
154 | 0 | abort(); |
155 | 0 | umac96_set_key(ctx, key); |
156 | 0 | } |
157 | | |
158 | | static void _wrap_umac128_set_key(void *ctx, size_t len, const uint8_t * key) |
159 | 0 | { |
160 | 0 | if (unlikely(len != 16)) |
161 | 0 | abort(); |
162 | 0 | umac128_set_key(ctx, key); |
163 | 0 | } |
164 | | |
165 | | static void _wrap_cmac128_set_key(void *ctx, size_t len, const uint8_t * key) |
166 | 0 | { |
167 | 0 | if (unlikely(len != 16)) |
168 | 0 | abort(); |
169 | 0 | cmac_aes128_set_key(ctx, key); |
170 | 0 | } |
171 | | |
172 | | static void _wrap_cmac256_set_key(void *ctx, size_t len, const uint8_t * key) |
173 | 0 | { |
174 | 0 | if (unlikely(len != 32)) |
175 | 0 | abort(); |
176 | 0 | cmac_aes256_set_key(ctx, key); |
177 | 0 | } |
178 | | |
179 | | static void |
180 | | _wrap_gmac_aes128_set_key(void *_ctx, size_t len, const uint8_t * key) |
181 | 0 | { |
182 | 0 | struct gmac_ctx *ctx = _ctx; |
183 | |
|
184 | 0 | if (unlikely(len != 16)) |
185 | 0 | abort(); |
186 | 0 | aes128_set_encrypt_key(&ctx->cipher.aes128, key); |
187 | 0 | gcm_set_key(&ctx->key, &ctx->cipher, ctx->encrypt); |
188 | 0 | ctx->pos = 0; |
189 | 0 | } |
190 | | |
191 | | static void |
192 | | _wrap_gmac_aes192_set_key(void *_ctx, size_t len, const uint8_t * key) |
193 | 0 | { |
194 | 0 | struct gmac_ctx *ctx = _ctx; |
195 | |
|
196 | 0 | if (unlikely(len != 24)) |
197 | 0 | abort(); |
198 | 0 | aes192_set_encrypt_key(&ctx->cipher.aes192, key); |
199 | 0 | gcm_set_key(&ctx->key, &ctx->cipher, ctx->encrypt); |
200 | 0 | ctx->pos = 0; |
201 | 0 | } |
202 | | |
203 | | static void |
204 | | _wrap_gmac_aes256_set_key(void *_ctx, size_t len, const uint8_t * key) |
205 | 0 | { |
206 | 0 | struct gmac_ctx *ctx = _ctx; |
207 | |
|
208 | 0 | if (unlikely(len != 32)) |
209 | 0 | abort(); |
210 | 0 | aes256_set_encrypt_key(&ctx->cipher.aes256, key); |
211 | 0 | gcm_set_key(&ctx->key, &ctx->cipher, ctx->encrypt); |
212 | 0 | ctx->pos = 0; |
213 | 0 | } |
214 | | |
215 | | static void _wrap_gmac_set_nonce(void *_ctx, size_t nonce_length, |
216 | | const uint8_t * nonce) |
217 | 0 | { |
218 | 0 | struct gmac_ctx *ctx = _ctx; |
219 | |
|
220 | 0 | gcm_set_iv(&ctx->ctx, &ctx->key, nonce_length, nonce); |
221 | 0 | } |
222 | | |
223 | | static void _wrap_gmac_update(void *_ctx, size_t length, const uint8_t * data) |
224 | 0 | { |
225 | 0 | struct gmac_ctx *ctx = _ctx; |
226 | |
|
227 | 0 | if (ctx->pos + length < GCM_BLOCK_SIZE) { |
228 | 0 | memcpy(&ctx->buffer[ctx->pos], data, length); |
229 | 0 | ctx->pos += length; |
230 | 0 | return; |
231 | 0 | } |
232 | | |
233 | 0 | if (ctx->pos) { |
234 | 0 | memcpy(&ctx->buffer[ctx->pos], data, GCM_BLOCK_SIZE - ctx->pos); |
235 | 0 | gcm_update(&ctx->ctx, &ctx->key, GCM_BLOCK_SIZE, ctx->buffer); |
236 | 0 | data += GCM_BLOCK_SIZE - ctx->pos; |
237 | 0 | length -= GCM_BLOCK_SIZE - ctx->pos; |
238 | 0 | } |
239 | |
|
240 | 0 | if (length >= GCM_BLOCK_SIZE) { |
241 | 0 | gcm_update(&ctx->ctx, &ctx->key, |
242 | 0 | length / GCM_BLOCK_SIZE * GCM_BLOCK_SIZE, data); |
243 | 0 | data += length / GCM_BLOCK_SIZE * GCM_BLOCK_SIZE; |
244 | 0 | length %= GCM_BLOCK_SIZE; |
245 | 0 | } |
246 | |
|
247 | 0 | memcpy(ctx->buffer, data, length); |
248 | 0 | ctx->pos = length; |
249 | 0 | } |
250 | | |
251 | | static void _wrap_gmac_digest(void *_ctx, size_t length, uint8_t * digest) |
252 | 0 | { |
253 | 0 | struct gmac_ctx *ctx = _ctx; |
254 | |
|
255 | 0 | if (ctx->pos) |
256 | 0 | gcm_update(&ctx->ctx, &ctx->key, ctx->pos, ctx->buffer); |
257 | 0 | gcm_digest(&ctx->ctx, &ctx->key, &ctx->cipher, ctx->encrypt, length, |
258 | 0 | digest); |
259 | 0 | ctx->pos = 0; |
260 | 0 | } |
261 | | |
262 | | static int _mac_ctx_init(gnutls_mac_algorithm_t algo, |
263 | | struct nettle_mac_ctx *ctx) |
264 | 0 | { |
265 | | /* Any FIPS140-2 related enforcement is performed on |
266 | | * gnutls_hash_init() and gnutls_hmac_init() */ |
267 | |
|
268 | 0 | ctx->set_nonce = NULL; |
269 | 0 | switch (algo) { |
270 | 0 | case GNUTLS_MAC_MD5: |
271 | 0 | ctx->update = (update_func) hmac_md5_update; |
272 | 0 | ctx->digest = (digest_func) hmac_md5_digest; |
273 | 0 | ctx->set_key = (set_key_func) hmac_md5_set_key; |
274 | 0 | ctx->ctx_ptr = &ctx->ctx.md5; |
275 | 0 | ctx->length = MD5_DIGEST_SIZE; |
276 | 0 | break; |
277 | 0 | case GNUTLS_MAC_SHA1: |
278 | 0 | ctx->update = (update_func) hmac_sha1_update; |
279 | 0 | ctx->digest = (digest_func) hmac_sha1_digest; |
280 | 0 | ctx->set_key = (set_key_func) hmac_sha1_set_key; |
281 | 0 | ctx->ctx_ptr = &ctx->ctx.sha1; |
282 | 0 | ctx->length = SHA1_DIGEST_SIZE; |
283 | 0 | break; |
284 | 0 | case GNUTLS_MAC_SHA224: |
285 | 0 | ctx->update = (update_func) hmac_sha224_update; |
286 | 0 | ctx->digest = (digest_func) hmac_sha224_digest; |
287 | 0 | ctx->set_key = (set_key_func) hmac_sha224_set_key; |
288 | 0 | ctx->ctx_ptr = &ctx->ctx.sha224; |
289 | 0 | ctx->length = SHA224_DIGEST_SIZE; |
290 | 0 | break; |
291 | 0 | case GNUTLS_MAC_SHA256: |
292 | 0 | ctx->update = (update_func) hmac_sha256_update; |
293 | 0 | ctx->digest = (digest_func) hmac_sha256_digest; |
294 | 0 | ctx->set_key = (set_key_func) hmac_sha256_set_key; |
295 | 0 | ctx->ctx_ptr = &ctx->ctx.sha256; |
296 | 0 | ctx->length = SHA256_DIGEST_SIZE; |
297 | 0 | break; |
298 | 0 | case GNUTLS_MAC_SHA384: |
299 | 0 | ctx->update = (update_func) hmac_sha384_update; |
300 | 0 | ctx->digest = (digest_func) hmac_sha384_digest; |
301 | 0 | ctx->set_key = (set_key_func) hmac_sha384_set_key; |
302 | 0 | ctx->ctx_ptr = &ctx->ctx.sha384; |
303 | 0 | ctx->length = SHA384_DIGEST_SIZE; |
304 | 0 | break; |
305 | 0 | case GNUTLS_MAC_SHA512: |
306 | 0 | ctx->update = (update_func) hmac_sha512_update; |
307 | 0 | ctx->digest = (digest_func) hmac_sha512_digest; |
308 | 0 | ctx->set_key = (set_key_func) hmac_sha512_set_key; |
309 | 0 | ctx->ctx_ptr = &ctx->ctx.sha512; |
310 | 0 | ctx->length = SHA512_DIGEST_SIZE; |
311 | 0 | break; |
312 | 0 | #if ENABLE_GOST |
313 | 0 | case GNUTLS_MAC_GOSTR_94: |
314 | 0 | ctx->update = (update_func) hmac_gosthash94cp_update; |
315 | 0 | ctx->digest = (digest_func) hmac_gosthash94cp_digest; |
316 | 0 | ctx->set_key = (set_key_func) hmac_gosthash94cp_set_key; |
317 | 0 | ctx->ctx_ptr = &ctx->ctx.gosthash94cp; |
318 | 0 | ctx->length = GOSTHASH94CP_DIGEST_SIZE; |
319 | 0 | break; |
320 | 0 | case GNUTLS_MAC_STREEBOG_256: |
321 | 0 | ctx->update = (update_func) hmac_streebog256_update; |
322 | 0 | ctx->digest = (digest_func) hmac_streebog256_digest; |
323 | 0 | ctx->set_key = (set_key_func) hmac_streebog256_set_key; |
324 | 0 | ctx->ctx_ptr = &ctx->ctx.streebog256; |
325 | 0 | ctx->length = STREEBOG256_DIGEST_SIZE; |
326 | 0 | break; |
327 | 0 | case GNUTLS_MAC_STREEBOG_512: |
328 | 0 | ctx->update = (update_func) hmac_streebog512_update; |
329 | 0 | ctx->digest = (digest_func) hmac_streebog512_digest; |
330 | 0 | ctx->set_key = (set_key_func) hmac_streebog512_set_key; |
331 | 0 | ctx->ctx_ptr = &ctx->ctx.streebog512; |
332 | 0 | ctx->length = STREEBOG512_DIGEST_SIZE; |
333 | 0 | break; |
334 | 0 | case GNUTLS_MAC_GOST28147_TC26Z_IMIT: |
335 | 0 | ctx->update = (update_func) gost28147_imit_update; |
336 | 0 | ctx->digest = (digest_func) gost28147_imit_digest; |
337 | 0 | ctx->set_key = _wrap_gost28147_imit_set_key_tc26z; |
338 | 0 | ctx->ctx_ptr = &ctx->ctx.gost28147_imit; |
339 | 0 | ctx->length = GOST28147_IMIT_DIGEST_SIZE; |
340 | 0 | break; |
341 | 0 | case GNUTLS_MAC_MAGMA_OMAC: |
342 | 0 | ctx->update = (update_func) cmac_magma_update; |
343 | 0 | ctx->digest = (digest_func) cmac_magma_digest; |
344 | 0 | ctx->set_key = _wrap_cmac_magma_set_key; |
345 | 0 | ctx->ctx_ptr = &ctx->ctx.magma; |
346 | 0 | ctx->length = CMAC64_DIGEST_SIZE; |
347 | 0 | break; |
348 | 0 | case GNUTLS_MAC_KUZNYECHIK_OMAC: |
349 | 0 | ctx->update = (update_func) cmac_kuznyechik_update; |
350 | 0 | ctx->digest = (digest_func) cmac_kuznyechik_digest; |
351 | 0 | ctx->set_key = _wrap_cmac_kuznyechik_set_key; |
352 | 0 | ctx->ctx_ptr = &ctx->ctx.kuznyechik; |
353 | 0 | ctx->length = CMAC128_DIGEST_SIZE; |
354 | 0 | break; |
355 | 0 | #endif |
356 | 0 | case GNUTLS_MAC_UMAC_96: |
357 | 0 | ctx->update = (update_func) umac96_update; |
358 | 0 | ctx->digest = (digest_func) umac96_digest; |
359 | 0 | ctx->set_key = _wrap_umac96_set_key; |
360 | 0 | ctx->set_nonce = (set_nonce_func) umac96_set_nonce; |
361 | 0 | ctx->ctx_ptr = &ctx->ctx.umac96; |
362 | 0 | ctx->length = 12; |
363 | 0 | break; |
364 | 0 | case GNUTLS_MAC_UMAC_128: |
365 | 0 | ctx->update = (update_func) umac128_update; |
366 | 0 | ctx->digest = (digest_func) umac128_digest; |
367 | 0 | ctx->set_key = _wrap_umac128_set_key; |
368 | 0 | ctx->set_nonce = (set_nonce_func) umac128_set_nonce; |
369 | 0 | ctx->ctx_ptr = &ctx->ctx.umac128; |
370 | 0 | ctx->length = 16; |
371 | 0 | break; |
372 | 0 | case GNUTLS_MAC_AES_CMAC_128: |
373 | 0 | ctx->update = (update_func) cmac_aes128_update; |
374 | 0 | ctx->digest = (digest_func) cmac_aes128_digest; |
375 | 0 | ctx->set_key = _wrap_cmac128_set_key; |
376 | 0 | ctx->ctx_ptr = &ctx->ctx.cmac128; |
377 | 0 | ctx->length = CMAC128_DIGEST_SIZE; |
378 | 0 | break; |
379 | 0 | case GNUTLS_MAC_AES_CMAC_256: |
380 | 0 | ctx->update = (update_func) cmac_aes256_update; |
381 | 0 | ctx->digest = (digest_func) cmac_aes256_digest; |
382 | 0 | ctx->set_key = _wrap_cmac256_set_key; |
383 | 0 | ctx->ctx_ptr = &ctx->ctx.cmac256; |
384 | 0 | ctx->length = CMAC128_DIGEST_SIZE; |
385 | 0 | break; |
386 | 0 | case GNUTLS_MAC_AES_GMAC_128: |
387 | 0 | ctx->set_key = _wrap_gmac_aes128_set_key; |
388 | 0 | ctx->set_nonce = _wrap_gmac_set_nonce; |
389 | 0 | ctx->update = _wrap_gmac_update; |
390 | 0 | ctx->digest = _wrap_gmac_digest; |
391 | 0 | ctx->ctx_ptr = &ctx->ctx.gmac; |
392 | 0 | ctx->length = GCM_DIGEST_SIZE; |
393 | 0 | ctx->ctx.gmac.encrypt = (nettle_cipher_func *) aes128_encrypt; |
394 | 0 | break; |
395 | 0 | case GNUTLS_MAC_AES_GMAC_192: |
396 | 0 | ctx->set_key = _wrap_gmac_aes192_set_key; |
397 | 0 | ctx->set_nonce = _wrap_gmac_set_nonce; |
398 | 0 | ctx->update = _wrap_gmac_update; |
399 | 0 | ctx->digest = _wrap_gmac_digest; |
400 | 0 | ctx->ctx_ptr = &ctx->ctx.gmac; |
401 | 0 | ctx->length = GCM_DIGEST_SIZE; |
402 | 0 | ctx->ctx.gmac.encrypt = (nettle_cipher_func *) aes192_encrypt; |
403 | 0 | break; |
404 | 0 | case GNUTLS_MAC_AES_GMAC_256: |
405 | 0 | ctx->set_key = _wrap_gmac_aes256_set_key; |
406 | 0 | ctx->set_nonce = _wrap_gmac_set_nonce; |
407 | 0 | ctx->update = _wrap_gmac_update; |
408 | 0 | ctx->digest = _wrap_gmac_digest; |
409 | 0 | ctx->ctx_ptr = &ctx->ctx.gmac; |
410 | 0 | ctx->length = GCM_DIGEST_SIZE; |
411 | 0 | ctx->ctx.gmac.encrypt = (nettle_cipher_func *) aes256_encrypt; |
412 | 0 | break; |
413 | 0 | default: |
414 | 0 | gnutls_assert(); |
415 | 0 | return GNUTLS_E_INVALID_REQUEST; |
416 | 0 | } |
417 | | |
418 | 0 | return 0; |
419 | 0 | } |
420 | | |
421 | | static int wrap_nettle_mac_fast(gnutls_mac_algorithm_t algo, |
422 | | const void *nonce, size_t nonce_size, |
423 | | const void *key, size_t key_size, |
424 | | const void *text, size_t text_size, |
425 | | void *digest) |
426 | 0 | { |
427 | 0 | struct nettle_mac_ctx ctx; |
428 | 0 | int ret; |
429 | |
|
430 | 0 | ret = _mac_ctx_init(algo, &ctx); |
431 | 0 | if (ret < 0) |
432 | 0 | return gnutls_assert_val(ret); |
433 | | |
434 | 0 | ctx.set_key(&ctx, key_size, key); |
435 | 0 | if (ctx.set_nonce) { |
436 | 0 | if (nonce == NULL || nonce_size == 0) |
437 | 0 | return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); |
438 | | |
439 | 0 | ctx.set_nonce(&ctx, nonce_size, nonce); |
440 | 0 | } |
441 | 0 | ctx.update(&ctx, text_size, text); |
442 | 0 | ctx.digest(&ctx, ctx.length, digest); |
443 | |
|
444 | 0 | zeroize_temp_key(&ctx, sizeof(ctx)); |
445 | |
|
446 | 0 | return 0; |
447 | 0 | } |
448 | | |
449 | | static int wrap_nettle_mac_exists(gnutls_mac_algorithm_t algo) |
450 | 0 | { |
451 | 0 | switch (algo) { |
452 | 0 | case GNUTLS_MAC_MD5: |
453 | 0 | case GNUTLS_MAC_SHA1: |
454 | 0 | case GNUTLS_MAC_SHA224: |
455 | 0 | case GNUTLS_MAC_SHA256: |
456 | 0 | case GNUTLS_MAC_SHA384: |
457 | 0 | case GNUTLS_MAC_SHA512: |
458 | 0 | case GNUTLS_MAC_UMAC_96: |
459 | 0 | case GNUTLS_MAC_UMAC_128: |
460 | 0 | case GNUTLS_MAC_AES_CMAC_128: |
461 | 0 | case GNUTLS_MAC_AES_CMAC_256: |
462 | 0 | case GNUTLS_MAC_AES_GMAC_128: |
463 | 0 | case GNUTLS_MAC_AES_GMAC_192: |
464 | 0 | case GNUTLS_MAC_AES_GMAC_256: |
465 | 0 | #if ENABLE_GOST |
466 | 0 | case GNUTLS_MAC_GOSTR_94: |
467 | 0 | case GNUTLS_MAC_STREEBOG_256: |
468 | 0 | case GNUTLS_MAC_STREEBOG_512: |
469 | 0 | case GNUTLS_MAC_GOST28147_TC26Z_IMIT: |
470 | 0 | case GNUTLS_MAC_MAGMA_OMAC: |
471 | 0 | case GNUTLS_MAC_KUZNYECHIK_OMAC: |
472 | 0 | #endif |
473 | 0 | return 1; |
474 | 0 | default: |
475 | 0 | return 0; |
476 | 0 | } |
477 | 0 | } |
478 | | |
479 | | static int wrap_nettle_mac_init(gnutls_mac_algorithm_t algo, void **_ctx) |
480 | 0 | { |
481 | 0 | struct nettle_mac_ctx *ctx; |
482 | 0 | int ret; |
483 | |
|
484 | 0 | ctx = gnutls_calloc(1, sizeof(struct nettle_mac_ctx)); |
485 | 0 | if (ctx == NULL) { |
486 | 0 | gnutls_assert(); |
487 | 0 | return GNUTLS_E_MEMORY_ERROR; |
488 | 0 | } |
489 | | |
490 | 0 | ctx->algo = algo; |
491 | |
|
492 | 0 | ret = _mac_ctx_init(algo, ctx); |
493 | 0 | if (ret < 0) { |
494 | 0 | gnutls_free(ctx); |
495 | 0 | return gnutls_assert_val(ret); |
496 | 0 | } |
497 | | |
498 | 0 | *_ctx = ctx; |
499 | |
|
500 | 0 | return 0; |
501 | 0 | } |
502 | | |
503 | | static void *wrap_nettle_mac_copy(const void *_ctx) |
504 | 0 | { |
505 | 0 | const struct nettle_mac_ctx *ctx = _ctx; |
506 | 0 | struct nettle_mac_ctx *new_ctx; |
507 | 0 | ptrdiff_t off = (uint8_t *) ctx->ctx_ptr - (uint8_t *) (&ctx->ctx); |
508 | |
|
509 | 0 | new_ctx = gnutls_calloc(1, sizeof(struct nettle_mac_ctx)); |
510 | 0 | if (new_ctx == NULL) |
511 | 0 | return NULL; |
512 | | |
513 | 0 | memcpy(new_ctx, ctx, sizeof(*ctx)); |
514 | 0 | new_ctx->ctx_ptr = (uint8_t *) & new_ctx->ctx + off; |
515 | |
|
516 | 0 | return new_ctx; |
517 | 0 | } |
518 | | |
519 | | static int wrap_nettle_mac_set_key(void *_ctx, const void *key, size_t keylen) |
520 | 0 | { |
521 | 0 | struct nettle_mac_ctx *ctx = _ctx; |
522 | |
|
523 | 0 | ctx->set_key(ctx->ctx_ptr, keylen, key); |
524 | 0 | return 0; |
525 | 0 | } |
526 | | |
527 | | static int |
528 | | wrap_nettle_mac_set_nonce(void *_ctx, const void *nonce, size_t noncelen) |
529 | 0 | { |
530 | 0 | struct nettle_mac_ctx *ctx = _ctx; |
531 | |
|
532 | 0 | if (ctx->set_nonce == NULL) |
533 | 0 | return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); |
534 | | |
535 | 0 | if (nonce == NULL || noncelen == 0) |
536 | 0 | return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); |
537 | | |
538 | 0 | ctx->set_nonce(ctx->ctx_ptr, noncelen, nonce); |
539 | |
|
540 | 0 | return GNUTLS_E_SUCCESS; |
541 | 0 | } |
542 | | |
543 | | static int wrap_nettle_mac_update(void *_ctx, const void *text, size_t textsize) |
544 | 0 | { |
545 | 0 | struct nettle_mac_ctx *ctx = _ctx; |
546 | |
|
547 | 0 | ctx->update(ctx->ctx_ptr, textsize, text); |
548 | |
|
549 | 0 | return GNUTLS_E_SUCCESS; |
550 | 0 | } |
551 | | |
552 | | static int |
553 | | wrap_nettle_mac_output(void *src_ctx, void *digest, size_t digestsize) |
554 | 0 | { |
555 | 0 | struct nettle_mac_ctx *ctx; |
556 | 0 | ctx = src_ctx; |
557 | |
|
558 | 0 | if (digestsize < ctx->length) { |
559 | 0 | gnutls_assert(); |
560 | 0 | return GNUTLS_E_SHORT_MEMORY_BUFFER; |
561 | 0 | } |
562 | | |
563 | 0 | ctx->digest(ctx->ctx_ptr, digestsize, digest); |
564 | |
|
565 | 0 | return 0; |
566 | 0 | } |
567 | | |
568 | | static void wrap_nettle_mac_deinit(void *hd) |
569 | 0 | { |
570 | 0 | struct nettle_mac_ctx *ctx = hd; |
571 | |
|
572 | 0 | zeroize_temp_key(ctx, sizeof(*ctx)); |
573 | 0 | gnutls_free(ctx); |
574 | 0 | } |
575 | | |
576 | | /* Hash functions |
577 | | */ |
578 | | static int |
579 | | wrap_nettle_hash_update(void *_ctx, const void *text, size_t textsize) |
580 | 0 | { |
581 | 0 | struct nettle_hash_ctx *ctx = _ctx; |
582 | |
|
583 | 0 | ctx->update(ctx->ctx_ptr, textsize, text); |
584 | |
|
585 | 0 | return GNUTLS_E_SUCCESS; |
586 | 0 | } |
587 | | |
588 | | static void wrap_nettle_hash_deinit(void *hd) |
589 | 0 | { |
590 | 0 | gnutls_free(hd); |
591 | 0 | } |
592 | | |
593 | | static int wrap_nettle_hash_exists(gnutls_digest_algorithm_t algo) |
594 | 0 | { |
595 | 0 | switch (algo) { |
596 | 0 | case GNUTLS_DIG_MD5: |
597 | 0 | case GNUTLS_DIG_SHA1: |
598 | 0 | case GNUTLS_DIG_MD5_SHA1: |
599 | |
|
600 | 0 | case GNUTLS_DIG_SHA224: |
601 | 0 | case GNUTLS_DIG_SHA256: |
602 | 0 | case GNUTLS_DIG_SHA384: |
603 | 0 | case GNUTLS_DIG_SHA512: |
604 | |
|
605 | 0 | #ifdef NETTLE_SHA3_FIPS202 |
606 | 0 | case GNUTLS_DIG_SHA3_224: |
607 | 0 | case GNUTLS_DIG_SHA3_256: |
608 | 0 | case GNUTLS_DIG_SHA3_384: |
609 | 0 | case GNUTLS_DIG_SHA3_512: |
610 | 0 | #endif |
611 | |
|
612 | 0 | case GNUTLS_DIG_SHAKE_128: |
613 | 0 | case GNUTLS_DIG_SHAKE_256: |
614 | |
|
615 | 0 | case GNUTLS_DIG_MD2: |
616 | 0 | case GNUTLS_DIG_RMD160: |
617 | |
|
618 | 0 | #if ENABLE_GOST |
619 | 0 | case GNUTLS_DIG_GOSTR_94: |
620 | 0 | case GNUTLS_DIG_STREEBOG_256: |
621 | 0 | case GNUTLS_DIG_STREEBOG_512: |
622 | 0 | #endif |
623 | 0 | return 1; |
624 | 0 | default: |
625 | 0 | return 0; |
626 | 0 | } |
627 | 0 | } |
628 | | |
629 | | static void _md5_sha1_update(void *_ctx, size_t len, const uint8_t * data) |
630 | 0 | { |
631 | 0 | struct md5_sha1_ctx *ctx = _ctx; |
632 | |
|
633 | 0 | md5_update(&ctx->md5, len, data); |
634 | 0 | sha1_update(&ctx->sha1, len, data); |
635 | 0 | } |
636 | | |
637 | | static void _md5_sha1_digest(void *_ctx, size_t len, uint8_t * digest) |
638 | 0 | { |
639 | 0 | struct md5_sha1_ctx *ctx = _ctx; |
640 | |
|
641 | 0 | md5_digest(&ctx->md5, len <= MD5_DIGEST_SIZE ? len : MD5_DIGEST_SIZE, |
642 | 0 | digest); |
643 | |
|
644 | 0 | if (len > MD5_DIGEST_SIZE) |
645 | 0 | sha1_digest(&ctx->sha1, len - MD5_DIGEST_SIZE, |
646 | 0 | digest + MD5_DIGEST_SIZE); |
647 | 0 | } |
648 | | |
649 | | static int _ctx_init(gnutls_digest_algorithm_t algo, |
650 | | struct nettle_hash_ctx *ctx) |
651 | 0 | { |
652 | | /* Any FIPS140-2 related enforcement is performed on |
653 | | * gnutls_hash_init() and gnutls_hmac_init() */ |
654 | 0 | switch (algo) { |
655 | 0 | case GNUTLS_DIG_MD5: |
656 | 0 | md5_init(&ctx->ctx.md5); |
657 | 0 | ctx->update = (update_func) md5_update; |
658 | 0 | ctx->digest = (digest_func) md5_digest; |
659 | 0 | ctx->ctx_ptr = &ctx->ctx.md5; |
660 | 0 | ctx->length = MD5_DIGEST_SIZE; |
661 | 0 | break; |
662 | 0 | case GNUTLS_DIG_SHA1: |
663 | 0 | sha1_init(&ctx->ctx.sha1); |
664 | 0 | ctx->update = (update_func) sha1_update; |
665 | 0 | ctx->digest = (digest_func) sha1_digest; |
666 | 0 | ctx->ctx_ptr = &ctx->ctx.sha1; |
667 | 0 | ctx->length = SHA1_DIGEST_SIZE; |
668 | 0 | break; |
669 | 0 | case GNUTLS_DIG_MD5_SHA1: |
670 | 0 | md5_init(&ctx->ctx.md5_sha1.md5); |
671 | 0 | sha1_init(&ctx->ctx.md5_sha1.sha1); |
672 | 0 | ctx->update = (update_func) _md5_sha1_update; |
673 | 0 | ctx->digest = (digest_func) _md5_sha1_digest; |
674 | 0 | ctx->ctx_ptr = &ctx->ctx.md5_sha1; |
675 | 0 | ctx->length = MD5_DIGEST_SIZE + SHA1_DIGEST_SIZE; |
676 | 0 | break; |
677 | 0 | case GNUTLS_DIG_SHA224: |
678 | 0 | sha224_init(&ctx->ctx.sha224); |
679 | 0 | ctx->update = (update_func) sha224_update; |
680 | 0 | ctx->digest = (digest_func) sha224_digest; |
681 | 0 | ctx->ctx_ptr = &ctx->ctx.sha224; |
682 | 0 | ctx->length = SHA224_DIGEST_SIZE; |
683 | 0 | break; |
684 | 0 | case GNUTLS_DIG_SHA256: |
685 | 0 | sha256_init(&ctx->ctx.sha256); |
686 | 0 | ctx->update = (update_func) sha256_update; |
687 | 0 | ctx->digest = (digest_func) sha256_digest; |
688 | 0 | ctx->ctx_ptr = &ctx->ctx.sha256; |
689 | 0 | ctx->length = SHA256_DIGEST_SIZE; |
690 | 0 | break; |
691 | 0 | case GNUTLS_DIG_SHA384: |
692 | 0 | sha384_init(&ctx->ctx.sha384); |
693 | 0 | ctx->update = (update_func) sha384_update; |
694 | 0 | ctx->digest = (digest_func) sha384_digest; |
695 | 0 | ctx->ctx_ptr = &ctx->ctx.sha384; |
696 | 0 | ctx->length = SHA384_DIGEST_SIZE; |
697 | 0 | break; |
698 | 0 | case GNUTLS_DIG_SHA512: |
699 | 0 | sha512_init(&ctx->ctx.sha512); |
700 | 0 | ctx->update = (update_func) sha512_update; |
701 | 0 | ctx->digest = (digest_func) sha512_digest; |
702 | 0 | ctx->ctx_ptr = &ctx->ctx.sha512; |
703 | 0 | ctx->length = SHA512_DIGEST_SIZE; |
704 | 0 | break; |
705 | 0 | #ifdef NETTLE_SHA3_FIPS202 |
706 | 0 | case GNUTLS_DIG_SHA3_224: |
707 | 0 | sha3_224_init(&ctx->ctx.sha3_224); |
708 | 0 | ctx->update = (update_func) sha3_224_update; |
709 | 0 | ctx->digest = (digest_func) sha3_224_digest; |
710 | 0 | ctx->ctx_ptr = &ctx->ctx.sha3_224; |
711 | 0 | ctx->length = SHA3_224_DIGEST_SIZE; |
712 | 0 | break; |
713 | 0 | case GNUTLS_DIG_SHA3_256: |
714 | 0 | sha3_256_init(&ctx->ctx.sha3_256); |
715 | 0 | ctx->update = (update_func) sha3_256_update; |
716 | 0 | ctx->digest = (digest_func) sha3_256_digest; |
717 | 0 | ctx->ctx_ptr = &ctx->ctx.sha3_256; |
718 | 0 | ctx->length = SHA3_256_DIGEST_SIZE; |
719 | 0 | break; |
720 | 0 | case GNUTLS_DIG_SHA3_384: |
721 | 0 | sha3_384_init(&ctx->ctx.sha3_384); |
722 | 0 | ctx->update = (update_func) sha3_384_update; |
723 | 0 | ctx->digest = (digest_func) sha3_384_digest; |
724 | 0 | ctx->ctx_ptr = &ctx->ctx.sha3_384; |
725 | 0 | ctx->length = SHA3_384_DIGEST_SIZE; |
726 | 0 | break; |
727 | 0 | case GNUTLS_DIG_SHA3_512: |
728 | 0 | sha3_512_init(&ctx->ctx.sha3_512); |
729 | 0 | ctx->update = (update_func) sha3_512_update; |
730 | 0 | ctx->digest = (digest_func) sha3_512_digest; |
731 | 0 | ctx->ctx_ptr = &ctx->ctx.sha3_512; |
732 | 0 | ctx->length = SHA3_512_DIGEST_SIZE; |
733 | 0 | break; |
734 | 0 | #endif |
735 | 0 | case GNUTLS_DIG_MD2: |
736 | 0 | md2_init(&ctx->ctx.md2); |
737 | 0 | ctx->update = (update_func) md2_update; |
738 | 0 | ctx->digest = (digest_func) md2_digest; |
739 | 0 | ctx->ctx_ptr = &ctx->ctx.md2; |
740 | 0 | ctx->length = MD2_DIGEST_SIZE; |
741 | 0 | break; |
742 | 0 | #if ENABLE_GOST |
743 | 0 | case GNUTLS_DIG_GOSTR_94: |
744 | 0 | gosthash94cp_init(&ctx->ctx.gosthash94cp); |
745 | 0 | ctx->update = (update_func) gosthash94cp_update; |
746 | 0 | ctx->digest = (digest_func) gosthash94cp_digest; |
747 | 0 | ctx->ctx_ptr = &ctx->ctx.gosthash94cp; |
748 | 0 | ctx->length = GOSTHASH94_DIGEST_SIZE; |
749 | 0 | break; |
750 | 0 | case GNUTLS_DIG_STREEBOG_256: |
751 | 0 | streebog256_init(&ctx->ctx.streebog256); |
752 | 0 | ctx->update = (update_func) streebog256_update; |
753 | 0 | ctx->digest = (digest_func) streebog256_digest; |
754 | 0 | ctx->ctx_ptr = &ctx->ctx.streebog256; |
755 | 0 | ctx->length = STREEBOG256_DIGEST_SIZE; |
756 | 0 | break; |
757 | 0 | case GNUTLS_DIG_STREEBOG_512: |
758 | 0 | streebog512_init(&ctx->ctx.streebog512); |
759 | 0 | ctx->update = (update_func) streebog512_update; |
760 | 0 | ctx->digest = (digest_func) streebog512_digest; |
761 | 0 | ctx->ctx_ptr = &ctx->ctx.streebog512; |
762 | 0 | ctx->length = STREEBOG512_DIGEST_SIZE; |
763 | 0 | break; |
764 | 0 | #endif |
765 | 0 | default: |
766 | 0 | gnutls_assert(); |
767 | 0 | return GNUTLS_E_INVALID_REQUEST; |
768 | 0 | } |
769 | | |
770 | 0 | return 0; |
771 | 0 | } |
772 | | |
773 | | static int wrap_nettle_hash_fast(gnutls_digest_algorithm_t algo, |
774 | | const void *text, size_t text_size, |
775 | | void *digest) |
776 | 0 | { |
777 | 0 | struct nettle_hash_ctx ctx; |
778 | 0 | int ret; |
779 | |
|
780 | 0 | ret = _ctx_init(algo, &ctx); |
781 | 0 | if (ret < 0) |
782 | 0 | return gnutls_assert_val(ret); |
783 | | |
784 | 0 | if (text_size > 0) { |
785 | 0 | ctx.update(&ctx, text_size, text); |
786 | 0 | } |
787 | 0 | ctx.digest(&ctx, ctx.length, digest); |
788 | 0 | zeroize_temp_key(&ctx, sizeof(ctx)); |
789 | |
|
790 | 0 | return 0; |
791 | 0 | } |
792 | | |
793 | | static int wrap_nettle_hash_init(gnutls_digest_algorithm_t algo, void **_ctx) |
794 | 0 | { |
795 | 0 | struct nettle_hash_ctx *ctx; |
796 | 0 | int ret; |
797 | |
|
798 | 0 | ctx = gnutls_malloc(sizeof(struct nettle_hash_ctx)); |
799 | 0 | if (ctx == NULL) { |
800 | 0 | gnutls_assert(); |
801 | 0 | return GNUTLS_E_MEMORY_ERROR; |
802 | 0 | } |
803 | | |
804 | 0 | ctx->algo = algo; |
805 | |
|
806 | 0 | if ((ret = _ctx_init(algo, ctx)) < 0) { |
807 | 0 | gnutls_assert(); |
808 | 0 | gnutls_free(ctx); |
809 | 0 | return ret; |
810 | 0 | } |
811 | | |
812 | 0 | *_ctx = ctx; |
813 | |
|
814 | 0 | return 0; |
815 | 0 | } |
816 | | |
817 | | static void *wrap_nettle_hash_copy(const void *_ctx) |
818 | 0 | { |
819 | 0 | const struct nettle_hash_ctx *ctx = _ctx; |
820 | 0 | struct nettle_hash_ctx *new_ctx; |
821 | 0 | ptrdiff_t off = (uint8_t *) ctx->ctx_ptr - (uint8_t *) (&ctx->ctx); |
822 | |
|
823 | 0 | new_ctx = gnutls_calloc(1, sizeof(struct nettle_hash_ctx)); |
824 | 0 | if (new_ctx == NULL) |
825 | 0 | return NULL; |
826 | | |
827 | 0 | memcpy(new_ctx, ctx, sizeof(*ctx)); |
828 | 0 | new_ctx->ctx_ptr = (uint8_t *) & new_ctx->ctx + off; |
829 | |
|
830 | 0 | return new_ctx; |
831 | 0 | } |
832 | | |
833 | | static int |
834 | | wrap_nettle_hash_output(void *src_ctx, void *digest, size_t digestsize) |
835 | 0 | { |
836 | 0 | struct nettle_hash_ctx *ctx; |
837 | 0 | ctx = src_ctx; |
838 | |
|
839 | 0 | if (digestsize < ctx->length) { |
840 | 0 | gnutls_assert(); |
841 | 0 | return GNUTLS_E_SHORT_MEMORY_BUFFER; |
842 | 0 | } |
843 | | |
844 | 0 | ctx->digest(ctx->ctx_ptr, digestsize, digest); |
845 | |
|
846 | 0 | return 0; |
847 | 0 | } |
848 | | |
849 | | /* KDF functions based on MAC |
850 | | */ |
851 | | static int |
852 | | wrap_nettle_hkdf_extract(gnutls_mac_algorithm_t mac, |
853 | | const void *key, size_t keysize, |
854 | | const void *salt, size_t saltsize, void *output) |
855 | 0 | { |
856 | 0 | struct nettle_mac_ctx ctx; |
857 | 0 | int ret; |
858 | |
|
859 | 0 | ret = _mac_ctx_init(mac, &ctx); |
860 | 0 | if (ret < 0) |
861 | 0 | return gnutls_assert_val(ret); |
862 | | |
863 | 0 | ctx.set_key(&ctx, saltsize, salt); |
864 | 0 | hkdf_extract(&ctx.ctx, ctx.update, ctx.digest, ctx.length, |
865 | 0 | keysize, key, output); |
866 | |
|
867 | 0 | zeroize_temp_key(&ctx, sizeof(ctx)); |
868 | 0 | return 0; |
869 | 0 | } |
870 | | |
871 | | static int |
872 | | wrap_nettle_hkdf_expand(gnutls_mac_algorithm_t mac, |
873 | | const void *key, size_t keysize, |
874 | | const void *info, size_t infosize, |
875 | | void *output, size_t length) |
876 | 0 | { |
877 | 0 | struct nettle_mac_ctx ctx; |
878 | 0 | int ret; |
879 | |
|
880 | 0 | ret = _mac_ctx_init(mac, &ctx); |
881 | 0 | if (ret < 0) |
882 | 0 | return gnutls_assert_val(ret); |
883 | | |
884 | | /* RFC 5869 2.3: L must be <= 255 * HashLen */ |
885 | 0 | if (length > ctx.length * 255) { |
886 | 0 | return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); |
887 | 0 | } |
888 | | |
889 | 0 | ctx.set_key(&ctx, keysize, key); |
890 | 0 | hkdf_expand(&ctx.ctx, ctx.update, ctx.digest, ctx.length, |
891 | 0 | infosize, info, length, output); |
892 | 0 | zeroize_temp_key(&ctx, sizeof(ctx)); |
893 | |
|
894 | 0 | return 0; |
895 | 0 | } |
896 | | |
897 | | static int |
898 | | wrap_nettle_pbkdf2(gnutls_mac_algorithm_t mac, |
899 | | const void *key, size_t keysize, |
900 | | const void *salt, size_t saltsize, |
901 | | unsigned iter_count, void *output, size_t length) |
902 | 0 | { |
903 | 0 | struct nettle_mac_ctx ctx; |
904 | 0 | int ret; |
905 | |
|
906 | 0 | ret = _mac_ctx_init(mac, &ctx); |
907 | 0 | if (ret < 0) |
908 | 0 | return gnutls_assert_val(ret); |
909 | | |
910 | 0 | ctx.set_key(&ctx, keysize, key); |
911 | 0 | pbkdf2(&ctx.ctx, ctx.update, ctx.digest, ctx.length, |
912 | 0 | iter_count, saltsize, salt, length, output); |
913 | 0 | zeroize_temp_key(&ctx, sizeof(ctx)); |
914 | |
|
915 | 0 | return 0; |
916 | 0 | } |
917 | | |
918 | | gnutls_crypto_mac_st _gnutls_mac_ops = { |
919 | | .init = wrap_nettle_mac_init, |
920 | | .setkey = wrap_nettle_mac_set_key, |
921 | | .setnonce = wrap_nettle_mac_set_nonce, |
922 | | .hash = wrap_nettle_mac_update, |
923 | | .output = wrap_nettle_mac_output, |
924 | | .deinit = wrap_nettle_mac_deinit, |
925 | | .fast = wrap_nettle_mac_fast, |
926 | | .exists = wrap_nettle_mac_exists, |
927 | | .copy = wrap_nettle_mac_copy, |
928 | | }; |
929 | | |
930 | | gnutls_crypto_digest_st _gnutls_digest_ops = { |
931 | | .init = wrap_nettle_hash_init, |
932 | | .hash = wrap_nettle_hash_update, |
933 | | .output = wrap_nettle_hash_output, |
934 | | .deinit = wrap_nettle_hash_deinit, |
935 | | .fast = wrap_nettle_hash_fast, |
936 | | .exists = wrap_nettle_hash_exists, |
937 | | .copy = wrap_nettle_hash_copy, |
938 | | }; |
939 | | |
940 | | /* These names are clashing with nettle's name mangling. */ |
941 | | #undef hkdf_extract |
942 | | #undef hkdf_expand |
943 | | #undef pbkdf2 |
944 | | gnutls_crypto_kdf_st _gnutls_kdf_ops = { |
945 | | .hkdf_extract = wrap_nettle_hkdf_extract, |
946 | | .hkdf_expand = wrap_nettle_hkdf_expand, |
947 | | .pbkdf2 = wrap_nettle_pbkdf2, |
948 | | }; |