2N/A * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 2N/A * 2005, 2007, 2008 Free Software Foundation, Inc. 2N/A * This file is part of Libgcrypt. 2N/A * Libgcrypt is free software; you can redistribute it and/or modify 2N/A * it under the terms of the GNU Lesser general Public License as 2N/A * published by the Free Software Foundation; either version 2.1 of 2N/A * the License, or (at your option) any later version. 2N/A * Libgcrypt is distributed in the hope that it will be useful, 2N/A * but WITHOUT ANY WARRANTY; without even the implied warranty of 2N/A * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 2N/A * GNU Lesser General Public License for more details. 2N/A * You should have received a copy of the GNU Lesser General Public 2N/A/* A dummy extraspec so that we do not need to tests the extraspec 2N/A field from the module specification against NULL and instead 2N/A directly test the respective fields of extraspecs. */ 2N/A/* This is the list of the default ciphers, which are included in 2N/A/* List of registered ciphers. */ 2N/A/* This is the lock protecting CIPHERS_REGISTERED. */ 2N/A/* Flag to check wether the default ciphers have already been 2N/A/* Convenient macro for registering the default ciphers. */ 2N/A/* A VIA processor with the Padlock engine requires an alignment of 2N/A most data on a 16 byte boundary. Because we trick out the compiler 2N/A while allocating the context, the align attribute as used in 2N/A that the entire context structure is a aligned on that boundary. 2N/A We achieve this by defining a new type and use that instead of our 2N/A usual alignment type. */ 2N/A/* The handle structure. */ 2N/A /* The algorithm id. This is a hack required because the module 2N/A interface does not easily allow to retrieve this value. */ 2N/A /* A structure with function pointers for bulk operations. Due to 2N/A limitations of the module system (we don't want to change the 2N/A API) we need to keep these function pointers here. The cipher 2N/A open function intializes them and the actual encryption routines 2N/A use them if they are not NULL. */ 2N/A /* The initialization vector. To help code optimization we make 2N/A sure that it is aligned on an unsigned long and u32 boundary. */ 2N/A int unused;
/* Number of unused bytes in the IV. */ 2N/A /* What follows are two contexts of the cipher in use. The first 2N/A one needs to be aligned well enough for the cipher operation 2N/A whereas the second one is a copy created by cipher_setkey and 2N/A used by cipher_reset. That second copy has no need for proper 2N/A aligment because it is only accessed by memcpy. */ 2N/A/* These dummy functions are used in case a cipher implementation 2N/A refuses to provide it's own functions. */ 2N/A/* Internal function. Register all the ciphers included in 2N/A CIPHER_TABLE. Note, that this function gets only used by the macro 2N/A REGISTER_DEFAULT_CIPHERS which protects it using a mutex. */ 2N/A/* Internal callback function. Used via _gcry_module_lookup. */ 2N/A/* Internal callback function. Used via _gcry_module_lookup. */ 2N/A/* Internal function. Lookup a cipher entry by it's name. */ 2N/A/* Internal function. Lookup a cipher entry by it's oid. */ 2N/A/* Register a new cipher module whose specification can be found in 2N/A CIPHER. On success, a new algorithm ID is stored in ALGORITHM_ID 2N/A and a pointer representhing this module is stored in MODULE. */ 2N/A /* We do not support module loading in fips mode. */ 2N/A/* Unregister the cipher identified by MODULE, which must have been 2N/A registered with gcry_cipher_register. */ 2N/A/* Locate the OID in the oid table and return the index or -1 when not 2N/A found. An opitonal "oid." or "OID." prefix in OID is ignored, the 2N/A OID is expected to be in standard IETF dotted notation. The 2N/A internal algorithm number is returned in ALGORITHM unless it 2N/A ispassed as NULL. A pointer to the specification of the module 2N/A implementing this algorithm is return in OID_SPEC unless passed as 2N/A/* Map STRING to the cipher algorithm identifier. Returns the 2N/A algorithm ID of the cipher for the given name or 0 if the name is 2N/A not known. It is valid to pass NULL for STRING which results in a 2N/A return value of 0. */ 2N/A /* If the string starts with a digit (optionally prefixed with 2N/A either "OID." or "oid."), we first look into our table of ASN.1 2N/A object identifiers to figure out the algorithm */ 2N/A/* Given a STRING with an OID in dotted decimal notation, this 2N/A function returns the cipher mode (GCRY_CIPHER_MODE_*) associated 2N/A with that OID or 0 if no mode is known. Passing NULL for string 2N/A yields a return value of 0. */ 2N/A/* Map the cipher algorithm whose ID is contained in ALGORITHM to a 2N/A string representation of the algorithm name. For unknown algorithm 2N/A IDs this function returns "?". */ 2N/A/* Map the cipher algorithm identifier ALGORITHM to a string 2N/A representing this algorithm. This string is the default name as 2N/A used by Libgcrypt. An pointer to an empty string is returned for 2N/A an unknown algorithm. NULL is never returned. */ 2N/A/* Flag the cipher algorithm with the identifier ALGORITHM as 2N/A disabled. There is no error return, the function does nothing for 2N/A unknown algorithms. Disabled algorithms are vitually not available 2N/A/* Return 0 if the cipher algorithm with identifier ALGORITHM is 2N/A available. Returns a basic error code value if it is not 2N/A/* Return the standard length of the key for the cipher algorithm with 2N/A the identifier ALGORITHM. This function expects a valid algorithm 2N/A and will abort if the algorithm is not available or the length of 2N/A the key is not known. */ 2N/A/* Return the block length of the cipher algorithm with the identifier 2N/A ALGORITHM. This function expects a valid algorithm and will abort 2N/A if the algorithm is not available or the length of the key is not 2N/A Open a cipher handle for use with cipher algorithm ALGORITHM, using 2N/A the cipher mode MODE (one of the GCRY_CIPHER_MODE_*) and return a 2N/A handle in HANDLE. Put NULL into HANDLE and return an error code if 2N/A something goes wrong. FLAGS may be used to modify the 2N/A operation. The defined flags are: 2N/A GCRY_CIPHER_SECURE: allocate all internal buffers in secure memory. 2N/A GCRY_CIPHER_ENABLE_SYNC: Enable the sync operation as used in OpenPGP. 2N/A GCRY_CIPHER_CBC_CTS: Enable CTS mode. 2N/A GCRY_CIPHER_CBC_MAC: Enable MAC mode. 2N/A Values for these flags may be combined using OR. 2N/A /* If the application missed to call the random poll function, we do 2N/A it here to ensure that it is used once in a while. */ 2N/A /* Fetch the according module and check wether the cipher is marked 2N/A available for use. */ 2N/A /* Not available for use. */ 2N/A /* check that a valid mode has been requested */ 2N/A /* This mode may be used for debugging. It copies the main 2N/A text verbatim to the ciphertext. We do not allow this in 2N/A fips mode or if no debug flag has been set. */ 2N/A /* Perform selftest here and mark this with a flag in cipher_table? 2N/A No, we should not do this as it takes too long. Further it does 2N/A not make sense to exclude algorithms with failing selftests at 2N/A runtime: If a selftest fails there is something seriously wrong 2N/A with the system and thus we better die immediately. */ 2N/A +
15 /* Space for leading alignment gap. */ 2N/A#
endif /*NEED_16BYTE_ALIGNED_CONTEXT*/ 2N/A if ( ((
unsigned long)h &
0x0f) )
2N/A /* The malloced block is not aligned on a 16 byte 2N/A boundary. Correct for this. */ 2N/A off =
16 - ((
unsigned long)h &
0x0f);
2N/A#
endif /*NEED_16BYTE_ALIGNED_CONTEXT*/ 2N/A /* Setup bulk encryption routines. */ 2N/A /* Release module. */ 2N/A/* Release all resources associated with the cipher handle H. H may be 2N/A NULL in which case this is a no-operation. */ 2N/A /* Release module. */ 2N/A /* We always want to wipe out the memory even when the context has 2N/A been allocated in secure memory. The user might have disabled 2N/A secure memory or is using his own implementation which does not 2N/A do the wiping. To accomplish this we need to keep track of the 2N/A actual size of this structure because we have no way to known 2N/A how large the allocated area was when using a standard malloc. */ 2N/A/* Set the key to be used for the encryption context C to KEY with 2N/A length KEYLEN. The length should match the required length. */ 2N/A /* Duplicate initial context. */ 2N/A/* Set the IV to be used for the encryption context C to IV with 2N/A length IVLEN. The length should match the required length. */ 2N/A log_info (
"WARNING: cipher_setiv: ivlen=%u blklen=%u\n",
2N/A/* Reset the cipher context to the initial context. This is basically 2N/A the same as an release followed by a new. */ 2N/A /* We have to be careful here, since outbuf might be equal to 2N/A /* Because outbuf and inbuf might be the same, we have to 2N/A * save the original ciphertext block. We use LASTIV for 2N/A * this here because it is not used otherwise. */ 2N/A /* c->lastiv is now really lastlastiv, does this matter? */ 2N/A /* Short enough to be encoded by the remaining XOR mask. */ 2N/A /* XOR the input with the IV and store input into IV. */ 2N/A /* XOR the input with the IV and store input into IV */ 2N/A /* Now we can process complete blocks. We use a loop as long as we 2N/A have at least 2 blocks and use conditions for the rest. This 2N/A also allows to use a bulk encryption function if available. */ 2N/A /* Encrypt the IV. */ 2N/A /* XOR the input with the IV and store input into IV. */ 2N/A /* Save the current IV and then encrypt the IV. */ 2N/A /* XOR the input with the IV and store input into IV */ 2N/A /* Save the current IV and then encrypt the IV. */ 2N/A /* Apply the XOR. */ 2N/A /* Short enough to be encoded by the remaining XOR mask. */ 2N/A /* XOR the input with the IV and store input into IV. */ 2N/A /* XOR the input with the IV and store input into IV. */ 2N/A /* Now we can process complete blocks. We use a loop as long as we 2N/A have at least 2 blocks and use conditions for the rest. This 2N/A also allows to use a bulk encryption function if available. */ 2N/A /* Encrypt the IV. */ 2N/A /* XOR the input with the IV and store input into IV. */ 2N/A /* Save the current IV and then encrypt the IV. */ 2N/A /* XOR the input with the IV and store input into IV */ 2N/A /* Save the current IV and then encrypt the IV. */ 2N/A /* Apply the XOR. */ 2N/A /* Short enough to be encoded by the remaining XOR mask. */ 2N/A /* XOR the input with the IV */ 2N/A /* Now we can process complete blocks. */ 2N/A /* Encrypt the IV (and save the current one). */ 2N/A {
/* process the remaining bytes */ 2N/A /* Short enough to be encoded by the remaining XOR mask. */ 2N/A /* Now we can process complete blocks. */ 2N/A /* Encrypt the IV (and save the current one). */ 2N/A {
/* Process the remaining bytes. */ 2N/A /* Encrypt the IV (and save the current one). */ 2N/A /* XOR input with encrypted counter and store in output. */ 2N/A * Encrypt INBUF to OUTBUF with the mode selected at open. 2N/A * inbuf and outbuf may overlap or be the same. 2N/A * Depending on the mode some contraints apply to NBYTES. 2N/A * Encrypt IN and write it to OUT. If IN is NULL, in-place encryption has 2N/A /* Caller requested in-place encryption. */ 2N/A /* Actually cipher_encrypt() does not need to know about it, but 2N/A * we may change it in the future to get better performance. */ 2N/A plaintext will never make it into 2N/A * Decrypt INBUF to OUTBUF with the mode selected at open. 2N/A * inbuf and outbuf may overlap or be the same. 2N/A * Depending on the mode some some contraints apply to NBYTES. 2N/A /* Caller requested in-place encryption. */ 2N/A /* Actually cipher_encrypt() does not need to know about it, but 2N/A * we may change it in the future to get better performance. */ 2N/A * Used for PGP's somewhat strange CFB mode. Only works if 2N/A * the corresponding flag is set. 2N/A/* Set counter for CTR mode. (CTR,CTRLEN) must denote a buffer of 2N/A block size length, or (NULL,0) to set the CTR to the all-zero 2N/A /* This command expects NULL for H and BUFFER to point to an 2N/A integer with the algo number. */ 2N/A case 61:
/* Disable weak key detection (private). */ 2N/A case 62:
/* Return current input vector (private). */ 2N/A /* This is the input block as used in CFB and OFB mode which has 2N/A initially been set as IV. The returned format is: 2N/A 1 byte Actual length of the block in bytes. 2N/A If the provided buffer is too short, an error is returned. */ 2N/A/* Return information about the cipher handle H. CMD is the kind of 2N/A information requested. BUFFER and NBYTES are reserved for now. 2N/A There are no values for CMD yet defined. 2N/A The fucntion always returns GPG_ERR_INV_OP. 2N/A/* Return information about the given cipher algorithm ALGO. 2N/A WHAT select the kind of information returned: 2N/A Return the length of the key. If the algorithm ALGO 2N/A supports multiple key lengths, the maximum supported key length 2N/A is returned. The key length is returned as number of octets. 2N/A BUFFER and NBYTES must be zero. 2N/A Return the blocklength of the algorithm ALGO counted in octets. 2N/A BUFFER and NBYTES must be zero. 2N/A Returns 0 if the specified algorithm ALGO is available for use. 2N/A BUFFER and NBYTES must be zero. 2N/A Note: Because this function is in most cases used to return an 2N/A integer value, we can make it easier for the caller to just look at 2N/A the return value. The caller will in all cases consult the value 2N/A and thereby detecting whether a error occured or not (i.e. while 2N/A checking the block size) 2N/A /* The only reason is an invalid algo or a strange 2N/A /* The only reason is an invalid algo or a strange 2N/A/* This function returns length of the key for algorithm ALGO. If the 2N/A algorithm supports multiple key lengths, the maximum supported key 2N/A length is returned. On error 0 is returned. The key length is 2N/A returned as number of octets. 2N/A This is a convenience functions which should be preferred over 2N/A gcry_cipher_algo_info because it allows for proper type 2N/A/* This functions returns the blocklength of the algorithm ALGO 2N/A counted in octets. On error 0 is returned. 2N/A This is a convenience functions which should be preferred over 2N/A gcry_cipher_algo_info because it allows for proper type 2N/A/* Explicitly initialize this module. */ 2N/A/* Get a list consisting of the IDs of the loaded cipher modules. If 2N/A LIST is zero, write the number of loaded cipher modules to 2N/A LIST_LENGTH and return. If LIST is non-zero, the first 2N/A *LIST_LENGTH algorithm IDs are stored in LIST, which must be of 2N/A according size. In case there are less cipher modules than 2N/A *LIST_LENGTH, *LIST_LENGTH is updated to the correct number. */ 2N/A/* Run the selftests for cipher algorithm ALGO with optional reporting 2N/A "no selftest available" :
2N/A module?
"algorithm disabled" :
"algorithm not found");