summaryrefslogtreecommitdiffabout
path: root/pwmanager/libcrypt/cipher/cipher.c
authorzautrix <zautrix>2004-10-19 20:16:14 (UTC)
committer zautrix <zautrix>2004-10-19 20:16:14 (UTC)
commiteca49bb06a71980ef61d078904573f25890fc7f2 (patch) (unidiff)
treec5338e3b12430248979a9ac2c1c7e6646ea9ecdf /pwmanager/libcrypt/cipher/cipher.c
parent53cc32b6e7b1f672bf91b2baf2df6c1e8baf3e0a (diff)
downloadkdepimpi-eca49bb06a71980ef61d078904573f25890fc7f2.zip
kdepimpi-eca49bb06a71980ef61d078904573f25890fc7f2.tar.gz
kdepimpi-eca49bb06a71980ef61d078904573f25890fc7f2.tar.bz2
Initial revision
Diffstat (limited to 'pwmanager/libcrypt/cipher/cipher.c') (more/less context) (ignore whitespace changes)
-rw-r--r--pwmanager/libcrypt/cipher/cipher.c1391
1 files changed, 1391 insertions, 0 deletions
diff --git a/pwmanager/libcrypt/cipher/cipher.c b/pwmanager/libcrypt/cipher/cipher.c
new file mode 100644
index 0000000..78ea940
--- a/dev/null
+++ b/pwmanager/libcrypt/cipher/cipher.c
@@ -0,0 +1,1391 @@
1 /* cipher.c -cipher dispatcher
2 * Copyright (C) 1998,1999,2000,2001,2002,2003 Free Software Foundation, Inc.
3 *
4 * This file is part of Libgcrypt.
5 *
6 * Libgcrypt is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser general Public License as
8 * published by the Free Software Foundation; either version 2.1 of
9 * the License, or (at your option) any later version.
10 *
11 * Libgcrypt is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19 */
20
21#include <config.h>
22#include <stdio.h>
23#include <stdlib.h>
24#include <string.h>
25#include <errno.h>
26#include <assert.h>
27
28#include "g10lib.h"
29#include "cipher.h"
30#include "ath.h"
31
32#define MAX_BLOCKSIZE 16
33#define TABLE_SIZE 14
34#define CTX_MAGIC_NORMAL 0x24091964
35#define CTX_MAGIC_SECURE 0x46919042
36
37/* This is the list of the default ciphers, which are included in
38 libgcrypt. */
39static struct cipher_table_entry
40{
41 gcry_cipher_spec_t *cipher;
42 unsigned int algorithm;
43} cipher_table[] =
44 {
45#if USE_BLOWFISH
46 { &_gcry_cipher_spec_blowfish, GCRY_CIPHER_BLOWFISH },
47#endif
48#if USE_DES
49 { &_gcry_cipher_spec_des, GCRY_CIPHER_DES },
50 { &_gcry_cipher_spec_tripledes, GCRY_CIPHER_3DES },
51#endif
52#if USE_ARCFOUR
53 { &_gcry_cipher_spec_arcfour, GCRY_CIPHER_ARCFOUR },
54#endif
55#if USE_CAST5
56 { &_gcry_cipher_spec_cast5, GCRY_CIPHER_CAST5 },
57#endif
58#if USE_AES
59 { &_gcry_cipher_spec_aes, GCRY_CIPHER_AES },
60 { &_gcry_cipher_spec_aes192, GCRY_CIPHER_AES192 },
61 { &_gcry_cipher_spec_aes256, GCRY_CIPHER_AES256 },
62#endif
63#if USE_TWOFISH
64 { &_gcry_cipher_spec_twofish, GCRY_CIPHER_TWOFISH },
65 { &_gcry_cipher_spec_twofish128, GCRY_CIPHER_TWOFISH128 },
66#endif
67#if USE_SERPENT
68 { &_gcry_cipher_spec_serpent128, GCRY_CIPHER_SERPENT128 },
69 { &_gcry_cipher_spec_serpent192, GCRY_CIPHER_SERPENT192 },
70 { &_gcry_cipher_spec_serpent256, GCRY_CIPHER_SERPENT256 },
71#endif
72#ifdef USE_RFC2268
73 { &_gcry_cipher_spec_rfc2268_40, GCRY_CIPHER_RFC2268_40 },
74#endif
75 { NULL },
76 };
77
78/* List of registered ciphers. */
79static gcry_module_t ciphers_registered;
80
81/* This is the lock protecting CIPHERS_REGISTERED. */
82static ath_mutex_t ciphers_registered_lock = ATH_MUTEX_INITIALIZER;
83
84/* Flag to check wether the default ciphers have already been
85 registered. */
86static int default_ciphers_registered;
87
88/* Convenient macro for registering the default ciphers. */
89#define REGISTER_DEFAULT_CIPHERS \
90 do \
91 { \
92 ath_mutex_lock (&ciphers_registered_lock); \
93 if (! default_ciphers_registered) \
94 { \
95 gcry_cipher_register_default (); \
96 default_ciphers_registered = 1; \
97 } \
98 ath_mutex_unlock (&ciphers_registered_lock); \
99 } \
100 while (0)
101
102/* The handle structure. */
103struct gcry_cipher_handle
104{
105 int magic;
106 size_t actual_handle_size; /* Allocated size of this handle. */
107 gcry_cipher_spec_t *cipher;
108 gcry_module_t module;
109 int mode;
110 unsigned int flags;
111 unsigned char iv[MAX_BLOCKSIZE];/* (this should be ulong aligned) */
112 unsigned char lastiv[MAX_BLOCKSIZE];
113 int unused; /* in IV */
114 unsigned char ctr[MAX_BLOCKSIZE]; /* For Counter (CTR) mode. */
115 PROPERLY_ALIGNED_TYPE context;
116};
117
118
119/* These dummy functions are used in case a cipher implementation
120 refuses to provide it's own functions. */
121
122static gcry_err_code_t
123dummy_setkey (void *c, const unsigned char *key, unsigned keylen)
124{
125 return GPG_ERR_NO_ERROR;
126}
127
128static void
129dummy_encrypt_block (void *c,
130 unsigned char *outbuf, const unsigned char *inbuf)
131{
132 BUG();
133}
134
135static void
136dummy_decrypt_block (void *c,
137 unsigned char *outbuf, const unsigned char *inbuf)
138{
139 BUG();
140}
141
142static void
143dummy_encrypt_stream (void *c,
144 unsigned char *outbuf, const unsigned char *inbuf,
145 unsigned int n)
146{
147 BUG();
148}
149
150static void
151dummy_decrypt_stream (void *c,
152 unsigned char *outbuf, const unsigned char *inbuf,
153 unsigned int n)
154{
155 BUG();
156}
157
158
159/* Internal function. Register all the ciphers included in
160 CIPHER_TABLE. Note, that this function gets only used by the macro
161 REGISTER_DEFAULT_CIPHERS which protects it using a mutex. */
162static void
163gcry_cipher_register_default (void)
164{
165 gcry_err_code_t err = GPG_ERR_NO_ERROR;
166 int i;
167
168 for (i = 0; !err && cipher_table[i].cipher; i++)
169 {
170 if (! cipher_table[i].cipher->setkey)
171 cipher_table[i].cipher->setkey = dummy_setkey;
172 if (! cipher_table[i].cipher->encrypt)
173 cipher_table[i].cipher->encrypt = dummy_encrypt_block;
174 if (! cipher_table[i].cipher->decrypt)
175 cipher_table[i].cipher->decrypt = dummy_decrypt_block;
176 if (! cipher_table[i].cipher->stencrypt)
177 cipher_table[i].cipher->stencrypt = dummy_encrypt_stream;
178 if (! cipher_table[i].cipher->stdecrypt)
179 cipher_table[i].cipher->stdecrypt = dummy_decrypt_stream;
180
181 err = _gcry_module_add (&ciphers_registered,
182 cipher_table[i].algorithm,
183 (void *) cipher_table[i].cipher,
184 NULL);
185 }
186
187 if (err)
188 BUG ();
189}
190
191/* Internal callback function. Used via _gcry_module_lookup. */
192static int
193gcry_cipher_lookup_func_name (void *spec, void *data)
194{
195 gcry_cipher_spec_t *cipher = (gcry_cipher_spec_t *) spec;
196 char *name = (char *) data;
197 const char **aliases = cipher->aliases;
198 int i, ret = ! stricmp (name, cipher->name);
199
200 if (aliases)
201 for (i = 0; aliases[i] && (! ret); i++)
202 ret = ! stricmp (name, aliases[i]);
203
204 return ret;
205}
206
207/* Internal callback function. Used via _gcry_module_lookup. */
208static int
209gcry_cipher_lookup_func_oid (void *spec, void *data)
210{
211 gcry_cipher_spec_t *cipher = (gcry_cipher_spec_t *) spec;
212 char *oid = (char *) data;
213 gcry_cipher_oid_spec_t *oid_specs = cipher->oids;
214 int ret = 0, i;
215
216 if (oid_specs)
217 for (i = 0; oid_specs[i].oid && (! ret); i++)
218 if (! stricmp (oid, oid_specs[i].oid))
219 ret = 1;
220
221 return ret;
222}
223
224/* Internal function. Lookup a cipher entry by it's name. */
225static gcry_module_t
226gcry_cipher_lookup_name (const char *name)
227{
228 gcry_module_t cipher;
229
230 cipher = _gcry_module_lookup (ciphers_registered, (void *) name,
231 gcry_cipher_lookup_func_name);
232
233 return cipher;
234}
235
236/* Internal function. Lookup a cipher entry by it's oid. */
237static gcry_module_t
238gcry_cipher_lookup_oid (const char *oid)
239{
240 gcry_module_t cipher;
241
242 cipher = _gcry_module_lookup (ciphers_registered, (void *) oid,
243 gcry_cipher_lookup_func_oid);
244
245 return cipher;
246}
247
248/* Register a new cipher module whose specification can be found in
249 CIPHER. On success, a new algorithm ID is stored in ALGORITHM_ID
250 and a pointer representhing this module is stored in MODULE. */
251gcry_error_t
252gcry_cipher_register (gcry_cipher_spec_t *cipher,
253 unsigned int *algorithm_id,
254 gcry_module_t *module)
255{
256 gcry_err_code_t err = 0;
257 gcry_module_t mod;
258
259 ath_mutex_lock (&ciphers_registered_lock);
260 err = _gcry_module_add (&ciphers_registered, 0,
261 (void *) cipher, &mod);
262 ath_mutex_unlock (&ciphers_registered_lock);
263
264 if (! err)
265 {
266 *module = mod;
267 *algorithm_id = mod->mod_id;
268 }
269
270 return gcry_error (err);
271}
272
273/* Unregister the cipher identified by MODULE, which must have been
274 registered with gcry_cipher_register. */
275void
276gcry_cipher_unregister (gcry_module_t module)
277{
278 ath_mutex_lock (&ciphers_registered_lock);
279 _gcry_module_release (module);
280 ath_mutex_unlock (&ciphers_registered_lock);
281}
282
283/* Locate the OID in the oid table and return the index or -1 when not
284 found. An opitonal "oid." or "OID." prefix in OID is ignored, the
285 OID is expected to be in standard IETF dotted notation. The
286 internal algorithm number is returned in ALGORITHM unless it
287 ispassed as NULL. A pointer to the specification of the module
288 implementing this algorithm is return in OID_SPEC unless passed as
289 NULL.*/
290static int
291search_oid (const char *oid, int *algorithm, gcry_cipher_oid_spec_t *oid_spec)
292{
293 gcry_module_t module;
294 int ret = 0;
295
296 if (oid && ((! strncmp (oid, "oid.", 4))
297 || (! strncmp (oid, "OID.", 4))))
298 oid += 4;
299
300 module = gcry_cipher_lookup_oid (oid);
301 if (module)
302 {
303 gcry_cipher_spec_t *cipher = module->spec;
304 int i;
305
306 for (i = 0; cipher->oids[i].oid && !ret; i++)
307 if (! stricmp (oid, cipher->oids[i].oid))
308 {
309 if (algorithm)
310 *algorithm = module->mod_id;
311 if (oid_spec)
312 *oid_spec = cipher->oids[i];
313 ret = 1;
314 }
315 _gcry_module_release (module);
316 }
317
318 return ret;
319}
320
321/* Map STRING to the cipher algorithm identifier. Returns the
322 algorithm ID of the cipher for the given name or 0 if the name is
323 not known. It is valid to pass NULL for STRING which results in a
324 return value of 0. */
325int
326gcry_cipher_map_name (const char *string)
327{
328 gcry_module_t cipher;
329 int ret, algorithm = 0;
330
331 if (! string)
332 return 0;
333
334 REGISTER_DEFAULT_CIPHERS;
335
336 /* If the string starts with a digit (optionally prefixed with
337 either "OID." or "oid."), we first look into our table of ASN.1
338 object identifiers to figure out the algorithm */
339
340 ath_mutex_lock (&ciphers_registered_lock);
341
342 ret = search_oid (string, &algorithm, NULL);
343 if (! ret)
344 {
345 cipher = gcry_cipher_lookup_name (string);
346 if (cipher)
347 {
348 algorithm = cipher->mod_id;
349 _gcry_module_release (cipher);
350 }
351 }
352
353 ath_mutex_unlock (&ciphers_registered_lock);
354
355 return algorithm;
356}
357
358
359/* Given a STRING with an OID in dotted decimal notation, this
360 function returns the cipher mode (GCRY_CIPHER_MODE_*) associated
361 with that OID or 0 if no mode is known. Passing NULL for string
362 yields a return value of 0. */
363int
364gcry_cipher_mode_from_oid (const char *string)
365{
366 gcry_cipher_oid_spec_t oid_spec;
367 int ret = 0, mode = 0;
368
369 if (!string)
370 return 0;
371
372 ath_mutex_lock (&ciphers_registered_lock);
373 ret = search_oid (string, NULL, &oid_spec);
374 if (ret)
375 mode = oid_spec.mode;
376 ath_mutex_unlock (&ciphers_registered_lock);
377
378 return mode;
379}
380
381
382/* Map the cipher algorithm identifier ALGORITHM to a string
383 representing this algorithm. This string is the default name as
384 used by Libgcrypt. NULL is returned for an unknown algorithm. */
385static const char *
386cipher_algo_to_string (int algorithm)
387{
388 gcry_module_t cipher;
389 const char *name = NULL;
390
391 REGISTER_DEFAULT_CIPHERS;
392
393 ath_mutex_lock (&ciphers_registered_lock);
394 cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
395 if (cipher)
396 {
397 name = ((gcry_cipher_spec_t *) cipher->spec)->name;
398 _gcry_module_release (cipher);
399 }
400 ath_mutex_unlock (&ciphers_registered_lock);
401
402 return name;
403}
404
405/* Map the cipher algorithm identifier ALGORITHM to a string
406 representing this algorithm. This string is the default name as
407 used by Libgcrypt. An pointer to an empty string is returned for
408 an unknown algorithm. NULL is never returned. */
409const char *
410gcry_cipher_algo_name (int algorithm)
411{
412 const char *s = cipher_algo_to_string (algorithm);
413 return s ? s : "";
414}
415
416
417/* Flag the cipher algorithm with the identifier ALGORITHM as
418 disabled. There is no error return, the function does nothing for
419 unknown algorithms. Disabled algorithms are vitually not available
420 in Libgcrypt. */
421static void
422disable_cipher_algo (int algorithm)
423{
424 gcry_module_t cipher;
425
426 REGISTER_DEFAULT_CIPHERS;
427
428 ath_mutex_lock (&ciphers_registered_lock);
429 cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
430 if (cipher)
431 {
432 if (! (cipher->flags & FLAG_MODULE_DISABLED))
433 cipher->flags |= FLAG_MODULE_DISABLED;
434 _gcry_module_release (cipher);
435 }
436 ath_mutex_unlock (&ciphers_registered_lock);
437}
438
439
440/* Return 0 if the cipher algorithm with indentifier ALGORITHM is
441 available. Returns a basic error code value if it is not available. */
442static gcry_err_code_t
443check_cipher_algo (int algorithm)
444{
445 gcry_err_code_t err = GPG_ERR_NO_ERROR;
446 gcry_module_t cipher;
447
448 REGISTER_DEFAULT_CIPHERS;
449
450 ath_mutex_lock (&ciphers_registered_lock);
451 cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
452 if (cipher)
453 {
454 if (cipher->flags & FLAG_MODULE_DISABLED)
455 err = GPG_ERR_CIPHER_ALGO;
456 _gcry_module_release (cipher);
457 }
458 else
459 err = GPG_ERR_CIPHER_ALGO;
460 ath_mutex_unlock (&ciphers_registered_lock);
461
462 return err;
463}
464
465
466/* Return the standard length of the key for the cipher algorithm with
467 the identifier ALGORITHM. This function expects a valid algorithm
468 and will abort if the algorithm is not available or the length of
469 the key is not known. */
470static unsigned int
471cipher_get_keylen (int algorithm)
472{
473 gcry_module_t cipher;
474 unsigned len = 0;
475
476 REGISTER_DEFAULT_CIPHERS;
477
478 ath_mutex_lock (&ciphers_registered_lock);
479 cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
480 if (cipher)
481 {
482 len = ((gcry_cipher_spec_t *) cipher->spec)->keylen;
483 if (! len)
484 log_bug ("cipher %d w/o key length\n", algorithm);
485 _gcry_module_release (cipher);
486 }
487 else
488 log_bug ("cipher %d not found\n", algorithm);
489 ath_mutex_unlock (&ciphers_registered_lock);
490
491 return len;
492}
493
494/* Return the block length of the cipher algorithm with the identifier
495 ALGORITHM. This function expects a valid algorithm and will abort
496 if the algorithm is not available or the length of the key is not
497 known. */
498static unsigned int
499cipher_get_blocksize (int algorithm)
500{
501 gcry_module_t cipher;
502 unsigned len = 0;
503
504 REGISTER_DEFAULT_CIPHERS;
505
506 ath_mutex_lock (&ciphers_registered_lock);
507 cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
508 if (cipher)
509 {
510 len = ((gcry_cipher_spec_t *) cipher->spec)->blocksize;
511 if (! len)
512 log_bug ("cipher %d w/o blocksize\n", algorithm);
513 _gcry_module_release (cipher);
514 }
515 else
516 log_bug ("cipher %d not found\n", algorithm);
517 ath_mutex_unlock (&ciphers_registered_lock);
518
519 return len;
520}
521
522
523/*
524 Open a cipher handle for use with cipher algorithm ALGORITHM, using
525 the cipher mode MODE (one of the GCRY_CIPHER_MODE_*) and return a
526 handle in HANDLE. Put NULL into HANDLE and return an error code if
527 something goes wrong. FLAGS may be used to modify the
528 operation. The defined flags are:
529
530 GCRY_CIPHER_SECURE: allocate all internal buffers in secure memory.
531 GCRY_CIPHER_ENABLE_SYNC: Enable the sync operation as used in OpenPGP.
532 GCRY_CIPHER_CBC_CTS: Enable CTS mode.
533 GCRY_CIPHER_CBC_MAC: Enable MAC mode.
534
535 Values for these flags may be combined using OR.
536 */
537gcry_error_t
538gcry_cipher_open (gcry_cipher_hd_t *handle,
539 int algo, int mode, unsigned int flags)
540{
541 int secure = (flags & GCRY_CIPHER_SECURE);
542 gcry_cipher_spec_t *cipher = NULL;
543 gcry_module_t module = NULL;
544 gcry_cipher_hd_t h = NULL;
545 gcry_err_code_t err = 0;
546
547 /* If the application missed to call the random poll function, we do
548 it here to ensure that it is used once in a while. */
549 _gcry_fast_random_poll ();
550
551 REGISTER_DEFAULT_CIPHERS;
552
553 /* Fetch the according module and check wether the cipher is marked
554 available for use. */
555 ath_mutex_lock (&ciphers_registered_lock);
556 module = _gcry_module_lookup_id (ciphers_registered, algo);
557 if (module)
558 {
559 /* Found module. */
560
561 if (module->flags & FLAG_MODULE_DISABLED)
562 {
563 /* Not available for use. */
564 err = GPG_ERR_CIPHER_ALGO;
565 _gcry_module_release (module);
566 }
567 else
568 cipher = (gcry_cipher_spec_t *) module->spec;
569 }
570 else
571 err = GPG_ERR_CIPHER_ALGO;
572 ath_mutex_unlock (&ciphers_registered_lock);
573
574 /* check flags */
575 if ((! err)
576 && ((flags & ~(0
577 | GCRY_CIPHER_SECURE
578 | GCRY_CIPHER_ENABLE_SYNC
579 | GCRY_CIPHER_CBC_CTS
580 | GCRY_CIPHER_CBC_MAC))
581 || (flags & GCRY_CIPHER_CBC_CTS & GCRY_CIPHER_CBC_MAC)))
582 err = GPG_ERR_CIPHER_ALGO;
583
584 /* check that a valid mode has been requested */
585 if (! err)
586 switch (mode)
587 {
588 case GCRY_CIPHER_MODE_ECB:
589 case GCRY_CIPHER_MODE_CBC:
590 case GCRY_CIPHER_MODE_CFB:
591 case GCRY_CIPHER_MODE_CTR:
592 if ((cipher->encrypt == dummy_encrypt_block)
593 || (cipher->decrypt == dummy_decrypt_block))
594 err = GPG_ERR_INV_CIPHER_MODE;
595 break;
596
597 case GCRY_CIPHER_MODE_STREAM:
598 if ((cipher->stencrypt == dummy_encrypt_stream)
599 || (cipher->stdecrypt == dummy_decrypt_stream))
600 err = GPG_ERR_INV_CIPHER_MODE;
601 break;
602
603 case GCRY_CIPHER_MODE_NONE:
604 /* FIXME: issue a warning when this mode is used */
605 break;
606
607 default:
608 err = GPG_ERR_INV_CIPHER_MODE;
609 }
610
611 /* ? FIXME: perform selftest here and mark this with a flag in
612 cipher_table ? */
613
614 if (! err)
615 {
616 size_t size = (sizeof (*h)
617 + 2 * cipher->contextsize
618 - sizeof (PROPERLY_ALIGNED_TYPE));
619
620 if (secure)
621 h = gcry_calloc_secure (1, size);
622 else
623 h = gcry_calloc (1, size);
624
625 if (! h)
626 err = gpg_err_code_from_errno (errno);
627 else
628 {
629 h->magic = secure ? CTX_MAGIC_SECURE : CTX_MAGIC_NORMAL;
630 h->actual_handle_size = size;
631 h->cipher = cipher;
632 h->module = module;
633 h->mode = mode;
634 h->flags = flags;
635 }
636 }
637
638 /* Done. */
639
640 if (err)
641 {
642 if (module)
643 {
644 /* Release module. */
645 ath_mutex_lock (&ciphers_registered_lock);
646 _gcry_module_release (module);
647 ath_mutex_unlock (&ciphers_registered_lock);
648 }
649 }
650
651 *handle = err ? NULL : h;
652
653 return gcry_error (err);
654}
655
656
657/* Release all resources associated with the cipher handle H. H may be
658 NULL in which case this is a no-operation. */
659void
660gcry_cipher_close (gcry_cipher_hd_t h)
661{
662 if (! h)
663 return;
664
665 if ((h->magic != CTX_MAGIC_SECURE)
666 && (h->magic != CTX_MAGIC_NORMAL))
667 _gcry_fatal_error(GPG_ERR_INTERNAL,
668 "gcry_cipher_close: already closed/invalid handle");
669 else
670 h->magic = 0;
671
672 /* Release module. */
673 ath_mutex_lock (&ciphers_registered_lock);
674 _gcry_module_release (h->module);
675 ath_mutex_unlock (&ciphers_registered_lock);
676
677 /* We always want to wipe out the memory even when the context has
678 been allocated in secure memory. The user might have disabled
679 secure memory or is using his own implementation which does not
680 do the wiping. To accomplish this we need to keep track of the
681 actual size of this structure because we have no way to known
682 how large the allocated area was when using a standard malloc. */
683 wipememory (h, h->actual_handle_size);
684
685 gcry_free (h);
686}
687
688
689/* Set the key to be used for the encryption context C to KEY with
690 length KEYLEN. The length should match the required length. */
691static gcry_error_t
692cipher_setkey (gcry_cipher_hd_t c, byte *key, unsigned keylen)
693{
694 gcry_err_code_t ret;
695
696 ret = (*c->cipher->setkey) (&c->context.c, key, keylen);
697 if (! ret)
698 /* Duplicate initial context. */
699 memcpy ((void *) ((char *) &c->context.c + c->cipher->contextsize),
700 (void *) &c->context.c,
701 c->cipher->contextsize);
702
703 return gcry_error (ret);
704}
705
706
707/* Set the IV to be used for the encryption context C to IV with
708 length IVLEN. The length should match the required length. */
709static void
710cipher_setiv( gcry_cipher_hd_t c, const byte *iv, unsigned ivlen )
711{
712 memset( c->iv, 0, c->cipher->blocksize );
713 if( iv ) {
714 if( ivlen != c->cipher->blocksize )
715 log_info("WARNING: cipher_setiv: ivlen=%u blklen=%u\n",
716 ivlen, (unsigned) c->cipher->blocksize );
717 if (ivlen > c->cipher->blocksize)
718 ivlen = c->cipher->blocksize;
719 memcpy( c->iv, iv, ivlen );
720 }
721 c->unused = 0;
722}
723
724
725/* Reset the cipher context to the initial contex. This is basically
726 the same as an release followed by a new. */
727static void
728cipher_reset (gcry_cipher_hd_t c)
729{
730 memcpy (&c->context.c,
731 (char *) &c->context.c + c->cipher->contextsize,
732 c->cipher->contextsize);
733 memset (c->iv, 0, c->cipher->blocksize);
734 memset (c->lastiv, 0, c->cipher->blocksize);
735 memset (c->ctr, 0, c->cipher->blocksize);
736}
737
738
739static void
740do_ecb_encrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
741 unsigned int nblocks )
742{
743 unsigned int n;
744
745 for(n=0; n < nblocks; n++ ) {
746 c->cipher->encrypt ( &c->context.c, outbuf, (byte*)/*arggg*/inbuf );
747 inbuf += c->cipher->blocksize;
748 outbuf += c->cipher->blocksize;
749 }
750}
751
752static void
753do_ecb_decrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
754 unsigned int nblocks )
755{
756 unsigned n;
757
758 for(n=0; n < nblocks; n++ ) {
759 c->cipher->decrypt ( &c->context.c, outbuf, (byte*)/*arggg*/inbuf );
760 inbuf += c->cipher->blocksize;
761 outbuf += c->cipher->blocksize;
762 }
763}
764
765static void
766do_cbc_encrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
767 unsigned int nbytes )
768{
769 unsigned int n;
770 byte *ivp;
771 int i;
772 size_t blocksize = c->cipher->blocksize;
773 unsigned nblocks = nbytes / blocksize;
774
775 if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize) {
776 if ((nbytes % blocksize) == 0)
777 nblocks--;
778 }
779
780 for(n=0; n < nblocks; n++ ) {
781 /* fixme: the xor should work on words and not on
782 * bytes. Maybe it is a good idea to enhance the cipher backend
783 * API to allow for CBC handling direct in the backend */
784 for(ivp=c->iv,i=0; i < blocksize; i++ )
785 outbuf[i] = inbuf[i] ^ *ivp++;
786 c->cipher->encrypt ( &c->context.c, outbuf, outbuf );
787 memcpy(c->iv, outbuf, blocksize );
788 inbuf += c->cipher->blocksize;
789 if (!(c->flags & GCRY_CIPHER_CBC_MAC))
790 outbuf += c->cipher->blocksize;
791 }
792
793 if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize)
794 {
795 int restbytes;
796
797 if ((nbytes % blocksize) == 0)
798 restbytes = blocksize;
799 else
800 restbytes = nbytes % blocksize;
801
802 memcpy(outbuf, outbuf - c->cipher->blocksize, restbytes);
803 outbuf -= c->cipher->blocksize;
804
805 for(ivp=c->iv,i=0; i < restbytes; i++ )
806 outbuf[i] = inbuf[i] ^ *ivp++;
807 for(; i < blocksize; i++ )
808 outbuf[i] = 0 ^ *ivp++;
809
810 c->cipher->encrypt ( &c->context.c, outbuf, outbuf );
811 memcpy(c->iv, outbuf, blocksize );
812 }
813}
814
815static void
816do_cbc_decrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
817 unsigned int nbytes )
818{
819 unsigned int n;
820 byte *ivp;
821 int i;
822 size_t blocksize = c->cipher->blocksize;
823 unsigned int nblocks = nbytes / blocksize;
824
825 if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize) {
826 nblocks--;
827 if ((nbytes % blocksize) == 0)
828 nblocks--;
829 memcpy(c->lastiv, c->iv, blocksize );
830 }
831
832 for(n=0; n < nblocks; n++ ) {
833 /* Because outbuf and inbuf might be the same, we have
834 * to save the original ciphertext block. We use lastiv
835 * for this here because it is not used otherwise. */
836 memcpy(c->lastiv, inbuf, blocksize );
837 c->cipher->decrypt ( &c->context.c, outbuf, inbuf );
838 for(ivp=c->iv,i=0; i < blocksize; i++ )
839 outbuf[i] ^= *ivp++;
840 memcpy(c->iv, c->lastiv, blocksize );
841 inbuf += c->cipher->blocksize;
842 outbuf += c->cipher->blocksize;
843 }
844
845 if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize) {
846 int restbytes;
847
848 if ((nbytes % blocksize) == 0)
849 restbytes = blocksize;
850 else
851 restbytes = nbytes % blocksize;
852
853 memcpy(c->lastiv, c->iv, blocksize ); /* save Cn-2 */
854 memcpy(c->iv, inbuf + blocksize, restbytes ); /* save Cn */
855
856 c->cipher->decrypt ( &c->context.c, outbuf, inbuf );
857 for(ivp=c->iv,i=0; i < restbytes; i++ )
858 outbuf[i] ^= *ivp++;
859
860 memcpy(outbuf + blocksize, outbuf, restbytes);
861 for(i=restbytes; i < blocksize; i++)
862 c->iv[i] = outbuf[i];
863 c->cipher->decrypt ( &c->context.c, outbuf, c->iv );
864 for(ivp=c->lastiv,i=0; i < blocksize; i++ )
865 outbuf[i] ^= *ivp++;
866 /* c->lastiv is now really lastlastiv, does this matter? */
867 }
868}
869
870
871static void
872do_cfb_encrypt( gcry_cipher_hd_t c,
873 byte *outbuf, const byte *inbuf, unsigned nbytes )
874{
875 byte *ivp;
876 size_t blocksize = c->cipher->blocksize;
877
878 if( nbytes <= c->unused ) {
879 /* Short enough to be encoded by the remaining XOR mask. */
880 /* XOR the input with the IV and store input into IV. */
881 for (ivp=c->iv+c->cipher->blocksize - c->unused;
882 nbytes;
883 nbytes--, c->unused-- )
884 *outbuf++ = (*ivp++ ^= *inbuf++);
885 return;
886 }
887
888 if( c->unused ) {
889 /* XOR the input with the IV and store input into IV */
890 nbytes -= c->unused;
891 for(ivp=c->iv+blocksize - c->unused; c->unused; c->unused-- )
892 *outbuf++ = (*ivp++ ^= *inbuf++);
893 }
894
895 /* Now we can process complete blocks. */
896 while( nbytes >= blocksize ) {
897 int i;
898 /* Encrypt the IV (and save the current one). */
899 memcpy( c->lastiv, c->iv, blocksize );
900 c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
901 /* XOR the input with the IV and store input into IV */
902 for(ivp=c->iv,i=0; i < blocksize; i++ )
903 *outbuf++ = (*ivp++ ^= *inbuf++);
904 nbytes -= blocksize;
905 }
906 if( nbytes ) { /* process the remaining bytes */
907 /* encrypt the IV (and save the current one) */
908 memcpy( c->lastiv, c->iv, blocksize );
909 c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
910 c->unused = blocksize;
911 /* and apply the xor */
912 c->unused -= nbytes;
913 for(ivp=c->iv; nbytes; nbytes-- )
914 *outbuf++ = (*ivp++ ^= *inbuf++);
915 }
916}
917
918static void
919do_cfb_decrypt( gcry_cipher_hd_t c,
920 byte *outbuf, const byte *inbuf, unsigned int nbytes )
921{
922 byte *ivp;
923 ulong temp;
924 size_t blocksize = c->cipher->blocksize;
925
926 if( nbytes <= c->unused ) {
927 /* Short enough to be encoded by the remaining XOR mask. */
928 /* XOR the input with the IV and store input into IV. */
929 for(ivp=c->iv+blocksize - c->unused; nbytes; nbytes--,c->unused--) {
930 temp = *inbuf++;
931 *outbuf++ = *ivp ^ temp;
932 *ivp++ = temp;
933 }
934 return;
935 }
936
937 if( c->unused ) {
938 /* XOR the input with the IV and store input into IV. */
939 nbytes -= c->unused;
940 for(ivp=c->iv+blocksize - c->unused; c->unused; c->unused-- ) {
941 temp = *inbuf++;
942 *outbuf++ = *ivp ^ temp;
943 *ivp++ = temp;
944 }
945 }
946
947 /* now we can process complete blocks */
948 while( nbytes >= blocksize ) {
949 int i;
950 /* encrypt the IV (and save the current one) */
951 memcpy( c->lastiv, c->iv, blocksize );
952 c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
953 /* XOR the input with the IV and store input into IV */
954 for(ivp=c->iv,i=0; i < blocksize; i++ ) {
955 temp = *inbuf++;
956 *outbuf++ = *ivp ^ temp;
957 *ivp++ = temp;
958 }
959 nbytes -= blocksize;
960 }
961 if( nbytes ) { /* process the remaining bytes */
962 /* encrypt the IV (and save the current one) */
963 memcpy( c->lastiv, c->iv, blocksize );
964 c->cipher->encrypt ( &c->context.c, c->iv, c->iv );
965 c->unused = blocksize;
966 /* and apply the xor */
967 c->unused -= nbytes;
968 for(ivp=c->iv; nbytes; nbytes-- ) {
969 temp = *inbuf++;
970 *outbuf++ = *ivp ^ temp;
971 *ivp++ = temp;
972 }
973 }
974}
975
976
977static void
978do_ctr_encrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
979 unsigned int nbytes )
980{
981 unsigned int n;
982 byte tmp[MAX_BLOCKSIZE];
983 int i;
984
985 for(n=0; n < nbytes; n++)
986 {
987 if ((n % c->cipher->blocksize) == 0)
988 {
989 c->cipher->encrypt (&c->context.c, tmp, c->ctr);
990
991 for (i = c->cipher->blocksize; i > 0; i--)
992 {
993 c->ctr[i-1]++;
994 if (c->ctr[i-1] != 0)
995 break;
996 }
997 }
998
999 /* XOR input with encrypted counter and store in output. */
1000 outbuf[n] = inbuf[n] ^ tmp[n % c->cipher->blocksize];
1001 }
1002}
1003
1004static void
1005do_ctr_decrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
1006 unsigned int nbytes )
1007{
1008 do_ctr_encrypt (c, outbuf, inbuf, nbytes);
1009}
1010
1011
1012/****************
1013 * Encrypt INBUF to OUTBUF with the mode selected at open.
1014 * inbuf and outbuf may overlap or be the same.
1015 * Depending on the mode some contraints apply to NBYTES.
1016 */
1017static gcry_err_code_t
1018cipher_encrypt (gcry_cipher_hd_t c, byte *outbuf,
1019 const byte *inbuf, unsigned int nbytes)
1020{
1021 gcry_err_code_t rc = GPG_ERR_NO_ERROR;
1022
1023 switch( c->mode ) {
1024 case GCRY_CIPHER_MODE_ECB:
1025 if (!(nbytes%c->cipher->blocksize))
1026 do_ecb_encrypt(c, outbuf, inbuf, nbytes/c->cipher->blocksize );
1027 else
1028 rc = GPG_ERR_INV_ARG;
1029 break;
1030 case GCRY_CIPHER_MODE_CBC:
1031 if (!(nbytes%c->cipher->blocksize)
1032 || (nbytes > c->cipher->blocksize
1033 && (c->flags & GCRY_CIPHER_CBC_CTS)))
1034 do_cbc_encrypt(c, outbuf, inbuf, nbytes );
1035 else
1036 rc = GPG_ERR_INV_ARG;
1037 break;
1038 case GCRY_CIPHER_MODE_CFB:
1039 do_cfb_encrypt(c, outbuf, inbuf, nbytes );
1040 break;
1041 case GCRY_CIPHER_MODE_CTR:
1042 do_ctr_encrypt(c, outbuf, inbuf, nbytes );
1043 break;
1044 case GCRY_CIPHER_MODE_STREAM:
1045 c->cipher->stencrypt ( &c->context.c,
1046 outbuf, (byte*)/*arggg*/inbuf, nbytes );
1047 break;
1048 case GCRY_CIPHER_MODE_NONE:
1049 if( inbuf != outbuf )
1050 memmove( outbuf, inbuf, nbytes );
1051 break;
1052 default:
1053 log_fatal("cipher_encrypt: invalid mode %d\n", c->mode );
1054 rc = GPG_ERR_INV_CIPHER_MODE;
1055 break;
1056 }
1057 return rc;
1058}
1059
1060
1061/****************
1062 * Encrypt IN and write it to OUT. If IN is NULL, in-place encryption has
1063 * been requested.
1064 */
1065gcry_error_t
1066gcry_cipher_encrypt (gcry_cipher_hd_t h, byte *out, size_t outsize,
1067 const byte *in, size_t inlen)
1068{
1069 gcry_err_code_t err;
1070
1071 if (!in)
1072 /* Caller requested in-place encryption. */
1073 /* Actullay cipher_encrypt() does not need to know about it, but
1074 * we may change this to get better performance. */
1075 err = cipher_encrypt (h, out, out, outsize);
1076 else if (outsize < ((h->flags & GCRY_CIPHER_CBC_MAC) ?
1077 h->cipher->blocksize : inlen))
1078 err = GPG_ERR_TOO_SHORT;
1079 else if ((h->mode == GCRY_CIPHER_MODE_ECB
1080 || (h->mode == GCRY_CIPHER_MODE_CBC
1081 && (! ((h->flags & GCRY_CIPHER_CBC_CTS)
1082 && (inlen > h->cipher->blocksize)))))
1083 && (inlen % h->cipher->blocksize))
1084 err = GPG_ERR_INV_ARG;
1085 else
1086 err = cipher_encrypt (h, out, in, inlen);
1087
1088 if (err && out)
1089 memset (out, 0x42, outsize); /* Failsafe: Make sure that the
1090 plaintext will never make it into
1091 OUT. */
1092
1093 return gcry_error (err);
1094}
1095
1096
1097
1098/****************
1099 * Decrypt INBUF to OUTBUF with the mode selected at open.
1100 * inbuf and outbuf may overlap or be the same.
1101 * Depending on the mode some some contraints apply to NBYTES.
1102 */
1103static gcry_err_code_t
1104cipher_decrypt (gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
1105 unsigned int nbytes)
1106{
1107 gcry_err_code_t rc = GPG_ERR_NO_ERROR;
1108
1109 switch( c->mode ) {
1110 case GCRY_CIPHER_MODE_ECB:
1111 if (!(nbytes%c->cipher->blocksize))
1112 do_ecb_decrypt(c, outbuf, inbuf, nbytes/c->cipher->blocksize );
1113 else
1114 rc = GPG_ERR_INV_ARG;
1115 break;
1116 case GCRY_CIPHER_MODE_CBC:
1117 if (!(nbytes%c->cipher->blocksize)
1118 || (nbytes > c->cipher->blocksize
1119 && (c->flags & GCRY_CIPHER_CBC_CTS)))
1120 do_cbc_decrypt(c, outbuf, inbuf, nbytes );
1121 else
1122 rc = GPG_ERR_INV_ARG;
1123 break;
1124 case GCRY_CIPHER_MODE_CFB:
1125 do_cfb_decrypt(c, outbuf, inbuf, nbytes );
1126 break;
1127 case GCRY_CIPHER_MODE_CTR:
1128 do_ctr_decrypt(c, outbuf, inbuf, nbytes );
1129 break;
1130 case GCRY_CIPHER_MODE_STREAM:
1131 c->cipher->stdecrypt ( &c->context.c,
1132 outbuf, (byte*)/*arggg*/inbuf, nbytes );
1133 break;
1134 case GCRY_CIPHER_MODE_NONE:
1135 if( inbuf != outbuf )
1136 memmove( outbuf, inbuf, nbytes );
1137 break;
1138 default:
1139 log_fatal ("cipher_decrypt: invalid mode %d\n", c->mode );
1140 rc = GPG_ERR_INV_CIPHER_MODE;
1141 break;
1142 }
1143 return rc;
1144}
1145
1146
1147gcry_error_t
1148gcry_cipher_decrypt (gcry_cipher_hd_t h, byte *out, size_t outsize,
1149 const byte *in, size_t inlen)
1150{
1151 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1152
1153 if (! in)
1154 /* Caller requested in-place encryption. */
1155 /* Actullay cipher_encrypt() does not need to know about it, but
1156 * we may chnage this to get better performance. */
1157 err = cipher_decrypt (h, out, out, outsize);
1158 else if (outsize < inlen)
1159 err = GPG_ERR_TOO_SHORT;
1160 else if (((h->mode == GCRY_CIPHER_MODE_ECB)
1161 || ((h->mode == GCRY_CIPHER_MODE_CBC)
1162 && (! ((h->flags & GCRY_CIPHER_CBC_CTS)
1163 && (inlen > h->cipher->blocksize)))))
1164 && (inlen % h->cipher->blocksize) != 0)
1165 err = GPG_ERR_INV_ARG;
1166 else
1167 err = cipher_decrypt (h, out, in, inlen);
1168
1169 return gcry_error (err);
1170}
1171
1172
1173
1174/****************
1175 * Used for PGP's somewhat strange CFB mode. Only works if
1176 * the corresponding flag is set.
1177 */
1178static void
1179cipher_sync( gcry_cipher_hd_t c )
1180{
1181 if( (c->flags & GCRY_CIPHER_ENABLE_SYNC) && c->unused ) {
1182 memmove(c->iv + c->unused, c->iv, c->cipher->blocksize - c->unused );
1183 memcpy(c->iv, c->lastiv + c->cipher->blocksize - c->unused, c->unused);
1184 c->unused = 0;
1185 }
1186}
1187
1188
1189gcry_error_t
1190gcry_cipher_ctl( gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
1191{
1192 gcry_err_code_t rc = GPG_ERR_NO_ERROR;
1193
1194 switch (cmd)
1195 {
1196 case GCRYCTL_SET_KEY:
1197 rc = cipher_setkey( h, buffer, buflen );
1198 break;
1199 case GCRYCTL_SET_IV:
1200 cipher_setiv( h, buffer, buflen );
1201 break;
1202 case GCRYCTL_RESET:
1203 cipher_reset (h);
1204 break;
1205 case GCRYCTL_CFB_SYNC:
1206 cipher_sync( h );
1207 break;
1208 case GCRYCTL_SET_CBC_CTS:
1209 if (buflen)
1210 if (h->flags & GCRY_CIPHER_CBC_MAC)
1211 rc = GPG_ERR_INV_FLAG;
1212 else
1213 h->flags |= GCRY_CIPHER_CBC_CTS;
1214 else
1215 h->flags &= ~GCRY_CIPHER_CBC_CTS;
1216 break;
1217 case GCRYCTL_SET_CBC_MAC:
1218 if (buflen)
1219 if (h->flags & GCRY_CIPHER_CBC_CTS)
1220 rc = GPG_ERR_INV_FLAG;
1221 else
1222 h->flags |= GCRY_CIPHER_CBC_MAC;
1223 else
1224 h->flags &= ~GCRY_CIPHER_CBC_MAC;
1225 break;
1226 case GCRYCTL_DISABLE_ALGO:
1227 /* this one expects a NULL handle and buffer pointing to an
1228 * integer with the algo number.
1229 */
1230 if( h || !buffer || buflen != sizeof(int) )
1231 return gcry_error (GPG_ERR_CIPHER_ALGO);
1232 disable_cipher_algo( *(int*)buffer );
1233 break;
1234 case GCRYCTL_SET_CTR:
1235 if (buffer && buflen == h->cipher->blocksize)
1236 memcpy (h->ctr, buffer, h->cipher->blocksize);
1237 else if (buffer == NULL || buflen == 0)
1238 memset (h->ctr, 0, h->cipher->blocksize);
1239 else
1240 rc = GPG_ERR_INV_ARG;
1241 break;
1242
1243 default:
1244 rc = GPG_ERR_INV_OP;
1245 }
1246
1247 return gcry_error (rc);
1248}
1249
1250
1251/****************
1252 * Return information about the cipher handle.
1253 */
1254gcry_error_t
1255gcry_cipher_info( gcry_cipher_hd_t h, int cmd, void *buffer, size_t *nbytes)
1256{
1257 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1258
1259 switch (cmd)
1260 {
1261 default:
1262 err = GPG_ERR_INV_OP;
1263 }
1264
1265 return gcry_error (err);
1266}
1267
1268/****************
1269 * Return information about the given cipher algorithm
1270 * WHAT select the kind of information returned:
1271 * GCRYCTL_GET_KEYLEN:
1272 *Return the length of the key, if the algorithm
1273 *supports multiple key length, the maximum supported value
1274 *is returnd. The length is return as number of octets.
1275 *buffer and nbytes must be zero.
1276 *The keylength is returned in _bytes_.
1277 * GCRYCTL_GET_BLKLEN:
1278 *Return the blocklength of the algorithm counted in octets.
1279 *buffer and nbytes must be zero.
1280 * GCRYCTL_TEST_ALGO:
1281 *Returns 0 when the specified algorithm is available for use.
1282 *buffer and nbytes must be zero.
1283 *
1284 * Note: Because this function is in most cases used to return an
1285 * integer value, we can make it easier for the caller to just look at
1286 * the return value. The caller will in all cases consult the value
1287 * and thereby detecting whether a error occured or not (i.e. while checking
1288 * the block size)
1289 */
1290gcry_error_t
1291gcry_cipher_algo_info (int algo, int what, void *buffer, size_t *nbytes)
1292{
1293 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1294 unsigned int ui;
1295
1296 switch (what)
1297 {
1298 case GCRYCTL_GET_KEYLEN:
1299 if (buffer || (! nbytes))
1300 err = GPG_ERR_CIPHER_ALGO;
1301 else
1302 {
1303 ui = cipher_get_keylen (algo);
1304 if ((ui > 0) && (ui <= 512))
1305 *nbytes = (size_t) ui / 8;
1306 else
1307 /* The only reason is an invalid algo or a strange
1308 blocksize. */
1309 err = GPG_ERR_CIPHER_ALGO;
1310 }
1311 break;
1312
1313 case GCRYCTL_GET_BLKLEN:
1314 if (buffer || (! nbytes))
1315 err = GPG_ERR_CIPHER_ALGO;
1316 else
1317 {
1318 ui = cipher_get_blocksize (algo);
1319 if ((ui > 0) && (ui < 10000))
1320 *nbytes = ui;
1321 else
1322 /* The only reason is an invalid algo or a strange
1323 blocksize. */
1324 err = GPG_ERR_CIPHER_ALGO;
1325 }
1326 break;
1327
1328 case GCRYCTL_TEST_ALGO:
1329 if (buffer || nbytes)
1330 err = GPG_ERR_INV_ARG;
1331 else
1332 err = check_cipher_algo (algo);
1333 break;
1334
1335 default:
1336 err = GPG_ERR_INV_OP;
1337 }
1338
1339 return gcry_error (err);
1340}
1341
1342
1343size_t
1344gcry_cipher_get_algo_keylen (int algo)
1345{
1346 size_t n;
1347
1348 if (gcry_cipher_algo_info( algo, GCRYCTL_GET_KEYLEN, NULL, &n))
1349 n = 0;
1350 return n;
1351}
1352
1353
1354size_t
1355gcry_cipher_get_algo_blklen (int algo)
1356{
1357 size_t n;
1358
1359 if (gcry_cipher_algo_info( algo, GCRYCTL_GET_BLKLEN, NULL, &n))
1360 n = 0;
1361 return n;
1362}
1363
1364
1365gcry_err_code_t
1366_gcry_cipher_init (void)
1367{
1368 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1369
1370 REGISTER_DEFAULT_CIPHERS;
1371
1372 return err;
1373}
1374
1375/* Get a list consisting of the IDs of the loaded cipher modules. If
1376 LIST is zero, write the number of loaded cipher modules to
1377 LIST_LENGTH and return. If LIST is non-zero, the first
1378 *LIST_LENGTH algorithm IDs are stored in LIST, which must be of
1379 according size. In case there are less cipher modules than
1380 *LIST_LENGTH, *LIST_LENGTH is updated to the correct number. */
1381gcry_error_t
1382gcry_cipher_list (int *list, int *list_length)
1383{
1384 gcry_err_code_t err = GPG_ERR_NO_ERROR;
1385
1386 ath_mutex_lock (&ciphers_registered_lock);
1387 err = _gcry_module_list (ciphers_registered, list, list_length);
1388 ath_mutex_unlock (&ciphers_registered_lock);
1389
1390 return err;
1391}