Commit 83296eb6 authored by Niels Möller's avatar Niels Möller

Merge branch 'master' into siv-mode

The cmac changes on master breaks the previous version of the siv
code. Now updated, and improved to use const context arguments for the
_message functions.
parents f8c206ed 22fda42f
2019-06-06 Niels Möller <nisse@lysator.liu.se>
Update for cmac changes, enabling const for the _message fucntions.
* siv-cmac.c (_siv_s2v): Take a const struct cmac128_key as argument,
and use a local struct cmac128_ctx for message-specific state.
(siv_cmac_set_key): Take a struct cmac128_key as argument. Updated
callers.
(siv_cmac_encrypt_message, siv_cmac_decrypt_message): Take a const
struct cmac128_key as argument. Updated callers.
* siv-cmac.h (SIV_CMAC_CTX): Changed to use struct cmac128_key
rather than struct cmac128_ctx.
* siv-cmac-aes256.c (siv_cmac_aes256_encrypt_message)
(siv_cmac_aes256_decrypt_message): Likewise.
* siv-cmac-aes128.c (siv_cmac_aes128_encrypt_message)
(siv_cmac_aes128_decrypt_message): The ctx argument made const.
2019-05-15 Niels Möller <nisse@lysator.liu.se> 2019-05-15 Niels Möller <nisse@lysator.liu.se>
* siv-cmac.h (SIV_CMAC_AES128_KEY_SIZE, SIV_CMAC_AES256_KEY_SIZE): * siv-cmac.h (SIV_CMAC_AES128_KEY_SIZE, SIV_CMAC_AES256_KEY_SIZE):
...@@ -38,6 +56,41 @@ ...@@ -38,6 +56,41 @@
* cmac-internal.h (_cmac128_block_mulx): New file, declare function. * cmac-internal.h (_cmac128_block_mulx): New file, declare function.
* Makefile.in (DISTFILES): Added cmac-internal.h. * Makefile.in (DISTFILES): Added cmac-internal.h.
2019-06-05 Niels Möller <nisse@lysator.liu.se>
Further separation of CMAC per-message state from the
message-independent subkeys, analogous to the gcm implementation.
* cmac.h (struct cmac128_ctx): Remove key, instead a struct
cmac128_key should be passed separately to functions that need it.
(CMAC128_CTX): Include both a struct cmac128_key and a struct
cmac128_ctx.
(CMAC128_SET_KEY, CMAC128_DIGEST): Updated accordingly.
* cmac.c (cmac128_set_key): Change argument type from cmac128_ctx
to cmac128_key. Use a nettle_block16 for the constant zero block.
(cmac128_init): New function, to initialize a cmac128_ctx.
(cmac128_digest): Add cmac128_key argument. Move padding memset
into the block handling a partial block. Call cmac128_init to
reset state.
2019-06-01 Niels Möller <nisse@lysator.liu.se>
* cmac.h (struct cmac128_key): New struct.
* cmac.h (struct cmac128_ctx): Use struct cmac128_key.
* cmac.c (cmac128_set_key, cmac128_digest): Update accordingly.
2019-05-12 Niels Möller <nisse@lysator.liu.se>
Delete old libdes/openssl compatibility interface.
* des-compat.c: Delete file.
* des-compat.h: Delete file.
* testsuite/des-compat-test.c: Delete file.
* nettle.texinfo (Compatibility functions): Delete mention in documentation.
2019-05-11 Niels Möller <nisse@lysator.liu.se>
* NEWS: More updates for Nettle-3.5.
2019-04-27 Niels Möller <nisse@lysator.liu.se> 2019-04-27 Niels Möller <nisse@lysator.liu.se>
From Simo Sorce: From Simo Sorce:
......
...@@ -94,7 +94,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ ...@@ -94,7 +94,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
chacha-crypt.c chacha-core-internal.c \ chacha-crypt.c chacha-core-internal.c \
chacha-poly1305.c chacha-poly1305-meta.c \ chacha-poly1305.c chacha-poly1305-meta.c \
chacha-set-key.c chacha-set-nonce.c \ chacha-set-key.c chacha-set-nonce.c \
ctr.c ctr16.c des.c des3.c des-compat.c \ ctr.c ctr16.c des.c des3.c \
eax.c eax-aes128.c eax-aes128-meta.c \ eax.c eax-aes128.c eax-aes128-meta.c \
gcm.c gcm-aes.c \ gcm.c gcm-aes.c \
gcm-aes128.c gcm-aes128-meta.c \ gcm-aes128.c gcm-aes128-meta.c \
...@@ -194,7 +194,7 @@ OPT_SOURCES = fat-x86_64.c fat-arm.c mini-gmp.c ...@@ -194,7 +194,7 @@ OPT_SOURCES = fat-x86_64.c fat-arm.c mini-gmp.c
HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h \ HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h \
base16.h base64.h bignum.h buffer.h camellia.h cast128.h \ base16.h base64.h bignum.h buffer.h camellia.h cast128.h \
cbc.h ccm.h cfb.h chacha.h chacha-poly1305.h ctr.h \ cbc.h ccm.h cfb.h chacha.h chacha-poly1305.h ctr.h \
curve25519.h des.h des-compat.h dsa.h dsa-compat.h eax.h \ curve25519.h des.h dsa.h dsa-compat.h eax.h \
ecc-curve.h ecc.h ecdsa.h eddsa.h \ ecc-curve.h ecc.h ecdsa.h eddsa.h \
gcm.h gosthash94.h hmac.h \ gcm.h gosthash94.h hmac.h \
knuth-lfib.h hkdf.h \ knuth-lfib.h hkdf.h \
......
...@@ -26,6 +26,8 @@ NEWS for the Nettle 3.5 release ...@@ -26,6 +26,8 @@ NEWS for the Nettle 3.5 release
* Support for CMAC (RFC 4493), contributed by Nikos * Support for CMAC (RFC 4493), contributed by Nikos
Mavrogiannopoulos. Mavrogiannopoulos.
* Support for XTS mode, contributed by Simo Sorce.
Optimizations: Optimizations:
* Improved performance of the x86_64 AES implementation using * Improved performance of the x86_64 AES implementation using
...@@ -50,6 +52,22 @@ NEWS for the Nettle 3.5 release ...@@ -50,6 +52,22 @@ NEWS for the Nettle 3.5 release
operation, benchmarked on x86_64. Table sizes unchanged, operation, benchmarked on x86_64. Table sizes unchanged,
around 16 KB per curve. around 16 KB per curve.
* In ARM fat builds, automatically select Neon implementation
of Chacha, where possible. Contributed by Yuriy M.
Kaminskiy.
Deleted features:
* The header file des-compat.h and everything declared therein
has been deleted, as announced earlier. This file provided a
subset of the old libdes/ssleay/openssl interface for DES
and triple-DES. DES is still supported, via the functions
declared in des.h.
* Functions using the old struct aes_ctx have been marked as
deprecated. Use the fixed key size interface instead, e.g.,
struct aes256_ctx, introduced in Nettle-3.0.
Miscellaneous: Miscellaneous:
* Support for big-endian ARM systems, contributed by Michael * Support for big-endian ARM systems, contributed by Michael
...@@ -59,6 +77,17 @@ NEWS for the Nettle 3.5 release ...@@ -59,6 +77,17 @@ NEWS for the Nettle 3.5 release
gcmdata are no longer built by default. Makefile gcmdata are no longer built by default. Makefile
improvements contributed by Jay Foad. improvements contributed by Jay Foad.
* The header file nettle-stdint.h, and corresponding autoconf
tests, have been deleted. Nettle now requires that the
compiler/libc provides <stdint.h>.
* The "example" program examples/eratosthenes.c has been
deleted.
* The contents of hash context structs, and the deprecated
aes_ctx struct, have been reorganized, to enable later
optimizations.
NEWS for the Nettle 3.4.1 release NEWS for the Nettle 3.4.1 release
This release fixes a few bugs, and makes the RSA private key This release fixes a few bugs, and makes the RSA private key
......
...@@ -71,21 +71,24 @@ _cmac128_block_mulx(union nettle_block16 *dst, ...@@ -71,21 +71,24 @@ _cmac128_block_mulx(union nettle_block16 *dst,
#endif /* !WORDS_BIGENDIAN */ #endif /* !WORDS_BIGENDIAN */
void void
cmac128_set_key(struct cmac128_ctx *ctx, const void *cipher, cmac128_set_key(struct cmac128_key *key, const void *cipher,
nettle_cipher_func *encrypt) nettle_cipher_func *encrypt)
{ {
static const uint8_t const_zero[] = { static const union nettle_block16 zero_block;
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, union nettle_block16 L;
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
union nettle_block16 *L = &ctx->block;
memset(ctx, 0, sizeof(*ctx));
/* step 1 - generate subkeys k1 and k2 */ /* step 1 - generate subkeys k1 and k2 */
encrypt(cipher, 16, L->b, const_zero); encrypt(cipher, 16, L.b, zero_block.b);
_cmac128_block_mulx(&ctx->K1, L); _cmac128_block_mulx(&key->K1, &L);
_cmac128_block_mulx(&ctx->K2, &ctx->K1); _cmac128_block_mulx(&key->K2, &key->K1);
}
void
cmac128_init(struct cmac128_ctx *ctx)
{
memset(&ctx->X, 0, sizeof(ctx->X));
ctx->index = 0;
} }
#define MIN(x,y) ((x)<(y)?(x):(y)) #define MIN(x,y) ((x)<(y)?(x):(y))
...@@ -136,24 +139,23 @@ cmac128_update(struct cmac128_ctx *ctx, const void *cipher, ...@@ -136,24 +139,23 @@ cmac128_update(struct cmac128_ctx *ctx, const void *cipher,
} }
void void
cmac128_digest(struct cmac128_ctx *ctx, const void *cipher, cmac128_digest(struct cmac128_ctx *ctx, const struct cmac128_key *key,
nettle_cipher_func *encrypt, const void *cipher, nettle_cipher_func *encrypt,
unsigned length, unsigned length, uint8_t *dst)
uint8_t *dst)
{ {
union nettle_block16 Y; union nettle_block16 Y;
memset(ctx->block.b+ctx->index, 0, sizeof(ctx->block.b)-ctx->index);
/* re-use ctx->block for memxor output */ /* re-use ctx->block for memxor output */
if (ctx->index < 16) if (ctx->index < 16)
{ {
ctx->block.b[ctx->index] = 0x80; ctx->block.b[ctx->index] = 0x80;
memxor(ctx->block.b, ctx->K2.b, 16); memset(ctx->block.b + ctx->index + 1, 0, 16 - 1 - ctx->index);
memxor(ctx->block.b, key->K2.b, 16);
} }
else else
{ {
memxor(ctx->block.b, ctx->K1.b, 16); memxor(ctx->block.b, key->K1.b, 16);
} }
memxor3(Y.b, ctx->block.b, ctx->X.b, 16); memxor3(Y.b, ctx->block.b, ctx->X.b, 16);
...@@ -170,6 +172,5 @@ cmac128_digest(struct cmac128_ctx *ctx, const void *cipher, ...@@ -170,6 +172,5 @@ cmac128_digest(struct cmac128_ctx *ctx, const void *cipher,
} }
/* reset state for re-use */ /* reset state for re-use */
memset(&ctx->X, 0, sizeof(ctx->X)); cmac128_init(ctx);
ctx->index = 0;
} }
...@@ -46,6 +46,7 @@ extern "C" { ...@@ -46,6 +46,7 @@ extern "C" {
#define CMAC128_DIGEST_SIZE 16 #define CMAC128_DIGEST_SIZE 16
#define cmac128_set_key nettle_cmac128_set_key #define cmac128_set_key nettle_cmac128_set_key
#define cmac128_init nettle_cmac128_init
#define cmac128_update nettle_cmac128_update #define cmac128_update nettle_cmac128_update
#define cmac128_digest nettle_cmac128_digest #define cmac128_digest nettle_cmac128_digest
#define cmac_aes128_set_key nettle_cmac_aes128_set_key #define cmac_aes128_set_key nettle_cmac_aes128_set_key
...@@ -55,12 +56,14 @@ extern "C" { ...@@ -55,12 +56,14 @@ extern "C" {
#define cmac_aes256_update nettle_cmac_aes256_update #define cmac_aes256_update nettle_cmac_aes256_update
#define cmac_aes256_digest nettle_cmac_aes256_digest #define cmac_aes256_digest nettle_cmac_aes256_digest
struct cmac128_ctx struct cmac128_key
{ {
/* Key */
union nettle_block16 K1; union nettle_block16 K1;
union nettle_block16 K2; union nettle_block16 K2;
};
struct cmac128_ctx
{
/* MAC state */ /* MAC state */
union nettle_block16 X; union nettle_block16 X;
...@@ -70,21 +73,24 @@ struct cmac128_ctx ...@@ -70,21 +73,24 @@ struct cmac128_ctx
}; };
void void
cmac128_set_key(struct cmac128_ctx *ctx, const void *cipher, cmac128_set_key(struct cmac128_key *key, const void *cipher,
nettle_cipher_func *encrypt); nettle_cipher_func *encrypt);
void
cmac128_init(struct cmac128_ctx *ctx);
void void
cmac128_update(struct cmac128_ctx *ctx, const void *cipher, cmac128_update(struct cmac128_ctx *ctx, const void *cipher,
nettle_cipher_func *encrypt, nettle_cipher_func *encrypt,
size_t msg_len, const uint8_t *msg); size_t msg_len, const uint8_t *msg);
void void
cmac128_digest(struct cmac128_ctx *ctx, const void *cipher, cmac128_digest(struct cmac128_ctx *ctx, const struct cmac128_key *key,
nettle_cipher_func *encrypt, const void *cipher, nettle_cipher_func *encrypt,
unsigned length, unsigned length, uint8_t *digest);
uint8_t *digest);
#define CMAC128_CTX(type) \ #define CMAC128_CTX(type) \
{ struct cmac128_ctx ctx; type cipher; } { struct cmac128_key key; struct cmac128_ctx ctx; type cipher; }
/* NOTE: Avoid using NULL, as we don't include anything defining it. */ /* NOTE: Avoid using NULL, as we don't include anything defining it. */
#define CMAC128_SET_KEY(self, set_key, encrypt, cmac_key) \ #define CMAC128_SET_KEY(self, set_key, encrypt, cmac_key) \
...@@ -92,20 +98,25 @@ cmac128_digest(struct cmac128_ctx *ctx, const void *cipher, ...@@ -92,20 +98,25 @@ cmac128_digest(struct cmac128_ctx *ctx, const void *cipher,
(set_key)(&(self)->cipher, (cmac_key)); \ (set_key)(&(self)->cipher, (cmac_key)); \
if (0) (encrypt)(&(self)->cipher, ~(size_t) 0, \ if (0) (encrypt)(&(self)->cipher, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0); \ (uint8_t *) 0, (const uint8_t *) 0); \
cmac128_set_key(&(self)->ctx, &(self)->cipher, \ cmac128_set_key(&(self)->key, &(self)->cipher, \
(nettle_cipher_func *) (encrypt)); \ (nettle_cipher_func *) (encrypt)); \
cmac128_init(&(self)->ctx); \
} while (0) } while (0)
#define CMAC128_UPDATE(self, encrypt, length, src) \ #define CMAC128_UPDATE(self, encrypt, length, src) \
cmac128_update(&(self)->ctx, &(self)->cipher, \ (0 ? (encrypt)(&(self)->cipher, ~(size_t) 0, \
(nettle_cipher_func *)encrypt, (length), (src)) (uint8_t *) 0, (const uint8_t *) 0) \
: cmac128_update(&(self)->ctx, &(self)->cipher, \
(nettle_cipher_func *)encrypt, \
(length), (src)))
#define CMAC128_DIGEST(self, encrypt, length, digest) \ #define CMAC128_DIGEST(self, encrypt, length, digest) \
(0 ? (encrypt)(&(self)->cipher, ~(size_t) 0, \ (0 ? (encrypt)(&(self)->cipher, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0) \ (uint8_t *) 0, (const uint8_t *) 0) \
: cmac128_digest(&(self)->ctx, &(self)->cipher, \ : cmac128_digest(&(self)->ctx, &(self)->key, \
(nettle_cipher_func *) (encrypt), \ &(self)->cipher, \
(length), (digest))) (nettle_cipher_func *) (encrypt), \
(length), (digest)))
struct cmac_aes128_ctx CMAC128_CTX(struct aes128_ctx); struct cmac_aes128_ctx CMAC128_CTX(struct aes128_ctx);
......
/* des-compat.c
The des block cipher, old libdes/openssl-style interface.
Copyright (C) 2001 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include "des-compat.h"
#include "cbc.h"
#include "macros.h"
#include "memxor.h"
struct des_compat_des3 { const struct des_ctx *keys[3]; };
static void
des_compat_des3_encrypt(struct des_compat_des3 *ctx,
size_t length, uint8_t *dst, const uint8_t *src)
{
nettle_des_encrypt(ctx->keys[0], length, dst, src);
nettle_des_decrypt(ctx->keys[1], length, dst, dst);
nettle_des_encrypt(ctx->keys[2], length, dst, dst);
}
static void
des_compat_des3_decrypt(struct des_compat_des3 *ctx,
size_t length, uint8_t *dst, const uint8_t *src)
{
nettle_des_decrypt(ctx->keys[2], length, dst, src);
nettle_des_encrypt(ctx->keys[1], length, dst, dst);
nettle_des_decrypt(ctx->keys[0], length, dst, dst);
}
void
des_ecb3_encrypt(const_des_cblock *src, des_cblock *dst,
des_key_schedule k1,
des_key_schedule k2,
des_key_schedule k3, int enc)
{
struct des_compat_des3 keys;
keys.keys[0] = k1;
keys.keys[1] = k2;
keys.keys[2] = k3;
((enc == DES_ENCRYPT) ? des_compat_des3_encrypt : des_compat_des3_decrypt)
(&keys, DES_BLOCK_SIZE, *dst, *src);
}
/* If input is not a integral number of blocks, the final block is
padded with zeros, no length field or anything like that. That's
pretty broken, since it means that "$100" and "$100\0" always have
the same checksum, but I think that's how it's supposed to work. */
uint32_t
des_cbc_cksum(const uint8_t *src, des_cblock *dst,
long length, des_key_schedule ctx,
const_des_cblock *iv)
{
/* FIXME: I'm not entirely sure how this function is supposed to
* work, in particular what it should return, and if iv can be
* modified. */
uint8_t block[DES_BLOCK_SIZE];
memcpy(block, *iv, DES_BLOCK_SIZE);
while (length >= DES_BLOCK_SIZE)
{
memxor(block, src, DES_BLOCK_SIZE);
nettle_des_encrypt(ctx, DES_BLOCK_SIZE, block, block);
src += DES_BLOCK_SIZE;
length -= DES_BLOCK_SIZE;
}
if (length > 0)
{
memxor(block, src, length);
nettle_des_encrypt(ctx, DES_BLOCK_SIZE, block, block);
}
memcpy(*dst, block, DES_BLOCK_SIZE);
return LE_READ_UINT32(block + 4);
}
void
des_ncbc_encrypt(const_des_cblock *src, des_cblock *dst, long length,
des_key_schedule ctx, des_cblock *iv,
int enc)
{
switch (enc)
{
case DES_ENCRYPT:
nettle_cbc_encrypt(ctx, (nettle_cipher_func *) des_encrypt,
DES_BLOCK_SIZE, *iv,
length, *dst, *src);
break;
case DES_DECRYPT:
nettle_cbc_decrypt(ctx,
(nettle_cipher_func *) des_decrypt,
DES_BLOCK_SIZE, *iv,
length, *dst, *src);
break;
default:
abort();
}
}
void
des_cbc_encrypt(const_des_cblock *src, des_cblock *dst, long length,
des_key_schedule ctx, const_des_cblock *civ,
int enc)
{
des_cblock iv;
memcpy(iv, civ, DES_BLOCK_SIZE);
des_ncbc_encrypt(src, dst, length, ctx, &iv, enc);
}
void
des_ecb_encrypt(const_des_cblock *src, des_cblock *dst,
des_key_schedule ctx,
int enc)
{
((enc == DES_ENCRYPT) ? nettle_des_encrypt : nettle_des_decrypt)
(ctx, DES_BLOCK_SIZE, *dst, *src);
}
void
des_ede3_cbc_encrypt(const_des_cblock *src, des_cblock *dst, long length,
des_key_schedule k1,
des_key_schedule k2,
des_key_schedule k3,
des_cblock *iv,
int enc)
{
struct des_compat_des3 keys;
keys.keys[0] = k1;
keys.keys[1] = k2;
keys.keys[2] = k3;
switch (enc)
{
case DES_ENCRYPT:
nettle_cbc_encrypt(&keys, (nettle_cipher_func *) des_compat_des3_encrypt,
DES_BLOCK_SIZE, *iv,
length, *dst, *src);
break;
case DES_DECRYPT:
nettle_cbc_decrypt(&keys, (nettle_cipher_func *) des_compat_des3_decrypt,
DES_BLOCK_SIZE, *iv,
length, *dst, *src);
break;
default:
abort();
}
}
int
des_set_odd_parity(des_cblock *key)
{
nettle_des_fix_parity(DES_KEY_SIZE, *key, *key);
/* FIXME: What to return? */
return 0;
}
/* If des_check_key is non-zero, returns
*
* 0 for ok, -1 for bad parity, and -2 for weak keys.
*
* If des_check_key is zero (the default), always returns zero.
*/
int des_check_key = 0;
int
des_key_sched(const_des_cblock *key, des_key_schedule ctx)
{
if (des_check_key && !des_check_parity (DES_KEY_SIZE, *key))
/* Bad parity */
return -1;
if (!nettle_des_set_key(ctx, *key) && des_check_key)
/* Weak key */
return -2;
return 0;
}
int
des_is_weak_key(const_des_cblock *key)
{
struct des_ctx ctx;
return !nettle_des_set_key(&ctx, *key);
}
/* des-compat.h
The des block cipher, old libdes/openssl-style interface.
Copyright (C) 2001 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_DES_COMPAT_H_INCLUDED
#define NETTLE_DES_COMPAT_H_INCLUDED
/* According to Assar, des_set_key, des_set_key_odd_parity,
* des_is_weak_key, plus the encryption functions (des_*_encrypt and
* des_cbc_cksum) would be a pretty useful subset. */
/* NOTE: This is quite experimental, and not all functions are
* implemented. Contributions, in particular test cases are welcome. */
#include "des.h"
#ifdef __cplusplus
extern "C" {
#endif
/* We use some name mangling, to avoid collisions with either other
* nettle functions or with libcrypto. */
#define des_ecb3_encrypt nettle_openssl_des_ecb3_encrypt
#define des_cbc_cksum nettle_openssl_des_cbc_cksum
#define des_ncbc_encrypt nettle_openssl_des_ncbc_encrypt
#define des_cbc_encrypt nettle_openssl_des_cbc_encrypt
#define des_ecb_encrypt nettle_openssl_des_ecb_encrypt
#define des_ede3_cbc_encrypt nettle_openssl_des_ede3_cbc_encrypt
#define des_set_odd_parity nettle_openssl_des_set_odd_parity
#define des_check_key nettle_openssl_des_check_key
#define des_key_sched nettle_openssl_des_key_sched
#define des_is_weak_key nettle_openssl_des_is_weak_key
/* An extra alias */
#undef des_set_key
#define des_set_key nettle_openssl_des_key_sched
enum { DES_DECRYPT = 0, DES_ENCRYPT = 1 };
/* Types */
typedef uint32_t DES_LONG;
/* Note: Typedef:ed arrays should be avoided, but they're used here
* for compatibility. */
typedef struct des_ctx des_key_schedule[1];
typedef uint8_t des_cblock[DES_BLOCK_SIZE];
/* Note: The proper definition,
typedef const uint8_t const_des_cblock[DES_BLOCK_SIZE];
would have worked, *if* all the prototypes had used arguments like
foo(const_des_cblock src, des_cblock dst), letting argument arrays
"decay" into pointers of type uint8_t * and const uint8_t *.
But since openssl's prototypes use *pointers* const_des_cblock *src,
des_cblock *dst, this ends up in type conflicts, and the workaround
is to not use const at all.
*/
#define const_des_cblock des_cblock
/* Aliases */
#define des_ecb2_encrypt(i,o,k1,k2,e) \
des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
/* Global flag */
extern int des_check_key;
/* Prototypes */
/* Typing is a little confusing. Since both des_cblock and
des_key_schedule are typedef:ed arrays, it automatically decay to
a pointers.
But the functions are declared taking pointers to des_cblock, i.e.
pointers to arrays. And on the other hand, they take plain
des_key_schedule arguments, which is equivalent to pointers to
struct des_ctx. */
void
des_ecb3_encrypt(const_des_cblock *src, des_cblock *dst,
des_key_schedule k1,
des_key_schedule k2,
des_key_schedule k3, int enc);
/* des_cbc_cksum in libdes returns a 32 bit integer, representing the
* latter half of the output block, using little endian byte order. */
uint32_t
des_cbc_cksum(const uint8_t *src, des_cblock *dst,
long length, des_key_schedule ctx,
const_des_cblock *iv);
/* NOTE: Doesn't update iv. */
void
des_cbc_encrypt(const_des_cblock *src, des_cblock *dst, long length,
des_key_schedule ctx, const_des_cblock *iv,
int enc);
/* Similar, but updates iv. */
void
des_ncbc_encrypt(const_des_cblock *src, des_cblock *dst, long length,
des_key_schedule ctx, des_cblock *iv,
int enc);
void
des_ecb_encrypt(const_des_cblock *src, des_cblock *dst,
des_key_schedule ctx, int enc);
void
des_ede3_cbc_encrypt(const_des_cblock *src, des_cblock *dst, long length,
des_key_schedule k1,
des_key_schedule k2,
des_key_schedule k3,
des_cblock *iv,
int enc);
int
des_set_odd_parity(des_cblock *key);
int
des_key_sched(const_des_cblock *key, des_key_schedule ctx);
int
des_is_weak_key(const_des_cblock *key);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_DES_COMPAT_H_INCLUDED */
...@@ -3826,7 +3826,8 @@ the @acronym{AES} block cipher. ...@@ -3826,7 +3826,8 @@ the @acronym{AES} block cipher.
Nettle defines @acronym{CMAC} in @file{<nettle/cmac.h>}. Nettle defines @acronym{CMAC} in @file{<nettle/cmac.h>}.
@deftp {Context struct} {struct cmac128_ctx} @deftp {Context struct} {struct cmac_aes128_ctx}
@deftpx {Context struct} {struct cmac_aes256_ctx}
@end deftp