diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-09 12:48:01 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-09 12:48:01 +0000 |
commit | b2d2d555a704148968cb7e566735a2a1b1a2f189 (patch) | |
tree | 18549ff498338f40ecf7aa327620abf4c1c3ee43 /siv_nettle.c | |
parent | Initial commit. (diff) | |
download | chrony-b2d2d555a704148968cb7e566735a2a1b1a2f189.tar.xz chrony-b2d2d555a704148968cb7e566735a2a1b1a2f189.zip |
Adding upstream version 4.5.upstream/4.5
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'siv_nettle.c')
-rw-r--r-- | siv_nettle.c | 251 |
1 files changed, 251 insertions, 0 deletions
diff --git a/siv_nettle.c b/siv_nettle.c new file mode 100644 index 0000000..a8cba49 --- /dev/null +++ b/siv_nettle.c @@ -0,0 +1,251 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Miroslav Lichvar 2019, 2022 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + SIV ciphers using the Nettle library + */ + +#include "config.h" + +#include "sysincl.h" + +#ifdef HAVE_NETTLE_SIV_CMAC +#include <nettle/siv-cmac.h> +#else +#include "siv_nettle_int.c" +#endif + +#ifdef HAVE_NETTLE_SIV_GCM +#include <nettle/siv-gcm.h> +#endif + +#include "memory.h" +#include "siv.h" + +struct SIV_Instance_Record { + SIV_Algorithm algorithm; + int key_set; + int min_nonce_length; + int max_nonce_length; + int tag_length; + union { + struct siv_cmac_aes128_ctx cmac_aes128; +#ifdef HAVE_NETTLE_SIV_GCM + struct aes128_ctx aes128; +#endif + } ctx; +}; + +/* ================================================== */ + +SIV_Instance +SIV_CreateInstance(SIV_Algorithm algorithm) +{ + SIV_Instance instance; + + if (SIV_GetKeyLength(algorithm) <= 0) + return NULL; + + instance = MallocNew(struct SIV_Instance_Record); + instance->algorithm = algorithm; + instance->key_set = 0; + + switch (algorithm) { + case AEAD_AES_SIV_CMAC_256: + instance->min_nonce_length = SIV_MIN_NONCE_SIZE; + instance->max_nonce_length = INT_MAX; + instance->tag_length = SIV_DIGEST_SIZE; + break; +#ifdef HAVE_NETTLE_SIV_GCM + case AEAD_AES_128_GCM_SIV: + instance->min_nonce_length = SIV_GCM_NONCE_SIZE; + instance->max_nonce_length = SIV_GCM_NONCE_SIZE; + instance->tag_length = SIV_GCM_DIGEST_SIZE; + break; +#endif + default: + assert(0); + } + + return instance; +} + +/* ================================================== */ + +void +SIV_DestroyInstance(SIV_Instance instance) +{ + Free(instance); +} + +/* ================================================== */ + +int +SIV_GetKeyLength(SIV_Algorithm algorithm) +{ + assert(2 * AES128_KEY_SIZE <= SIV_MAX_KEY_LENGTH); + + switch (algorithm) { + case AEAD_AES_SIV_CMAC_256: + return 2 * AES128_KEY_SIZE; +#ifdef HAVE_NETTLE_SIV_GCM + case AEAD_AES_128_GCM_SIV: + return AES128_KEY_SIZE; +#endif + default: + return 0; + } +} + +/* ================================================== */ + +int +SIV_SetKey(SIV_Instance instance, const unsigned char *key, int length) +{ + if (length != SIV_GetKeyLength(instance->algorithm)) + return 0; + + switch (instance->algorithm) { + case AEAD_AES_SIV_CMAC_256: + siv_cmac_aes128_set_key(&instance->ctx.cmac_aes128, key); + break; +#ifdef HAVE_NETTLE_SIV_GCM + case AEAD_AES_128_GCM_SIV: + aes128_set_encrypt_key(&instance->ctx.aes128, key); + break; +#endif + default: + assert(0); + } + + instance->key_set = 1; + + return 1; +} + +/* ================================================== */ + +int +SIV_GetMinNonceLength(SIV_Instance instance) +{ + return instance->min_nonce_length; +} + +/* ================================================== */ + +int +SIV_GetMaxNonceLength(SIV_Instance instance) +{ + return instance->max_nonce_length; +} + +/* ================================================== */ + +int +SIV_GetTagLength(SIV_Instance instance) +{ + if (instance->tag_length < 1 || instance->tag_length > SIV_MAX_TAG_LENGTH) + assert(0); + return instance->tag_length; +} + +/* ================================================== */ + +int +SIV_Encrypt(SIV_Instance instance, + const unsigned char *nonce, int nonce_length, + const void *assoc, int assoc_length, + const void *plaintext, int plaintext_length, + unsigned char *ciphertext, int ciphertext_length) +{ + if (!instance->key_set) + return 0; + + if (nonce_length < instance->min_nonce_length || + nonce_length > instance->max_nonce_length || assoc_length < 0 || + plaintext_length < 0 || plaintext_length > ciphertext_length || + plaintext_length + SIV_GetTagLength(instance) != ciphertext_length) + return 0; + + assert(assoc && plaintext); + + switch (instance->algorithm) { + case AEAD_AES_SIV_CMAC_256: + siv_cmac_aes128_encrypt_message(&instance->ctx.cmac_aes128, + nonce_length, nonce, assoc_length, assoc, + ciphertext_length, ciphertext, plaintext); + break; +#ifdef HAVE_NETTLE_SIV_GCM + case AEAD_AES_128_GCM_SIV: + siv_gcm_aes128_encrypt_message(&instance->ctx.aes128, + nonce_length, nonce, assoc_length, assoc, + ciphertext_length, ciphertext, plaintext); + break; +#endif + default: + assert(0); + } + + return 1; +} + +/* ================================================== */ + +int +SIV_Decrypt(SIV_Instance instance, + const unsigned char *nonce, int nonce_length, + const void *assoc, int assoc_length, + const unsigned char *ciphertext, int ciphertext_length, + void *plaintext, int plaintext_length) +{ + if (!instance->key_set) + return 0; + + if (nonce_length < instance->min_nonce_length || + nonce_length > instance->max_nonce_length || assoc_length < 0 || + plaintext_length < 0 || plaintext_length > ciphertext_length || + plaintext_length + SIV_GetTagLength(instance) != ciphertext_length) + return 0; + + assert(assoc && plaintext); + + switch (instance->algorithm) { + case AEAD_AES_SIV_CMAC_256: + if (!siv_cmac_aes128_decrypt_message(&instance->ctx.cmac_aes128, + nonce_length, nonce, assoc_length, assoc, + plaintext_length, plaintext, ciphertext)) + return 0; + break; +#ifdef HAVE_NETTLE_SIV_GCM + case AEAD_AES_128_GCM_SIV: + if (!siv_gcm_aes128_decrypt_message(&instance->ctx.aes128, + nonce_length, nonce, assoc_length, assoc, + plaintext_length, plaintext, ciphertext)) + return 0; + break; +#endif + default: + assert(0); + } + + return 1; +} |