Next: Compatibility API, Previous: DANE API, Up: API reference [Contents][Index]
The following functions are to be used for low-level cryptographic operations. Their prototypes lie in gnutls/crypto.h.
Note that due to historic reasons several functions, (e.g. gnutls_mac_list, gnutls_mac_get_name) of this API are part of the Core TLS API.
handle: is a gnutls_aead_cipher_hd_t type.
nonce: the nonce to set
nonce_len: The length of the nonce
auth: additional data to be authenticated
auth_len: The length of the data
tag_size: The size of the tag to use (use zero for the default)
ctext: the data to decrypt (including the authentication tag)
ctext_len: the length of data to decrypt (includes tag size)
ptext: the decrypted data
ptext_len: the length of decrypted data (initially must hold the maximum available size)
This function will decrypt the given data using the algorithm specified by the context. This function must be provided the complete data to be decrypted, including the authentication tag. On several AEAD ciphers, the authentication tag is appended to the ciphertext, though this is not a general rule. This function will fail if the tag verification fails.
Returns: Zero or a negative error code on verification failure or other error.
Since: 3.4.0
handle: is a gnutls_aead_cipher_hd_t type.
nonce: the nonce to set
nonce_len: The length of the nonce
auth_iov: additional data to be authenticated
auth_iovcnt: The number of buffers in auth_iov
iov: the data to decrypt
iovcnt: The number of buffers in iov
tag: The authentication tag
tag_size: The size of the tag to use (use zero for the default)
This is similar to gnutls_aead_cipher_decrypt() , but it performs
in-place encryption on the provided data buffers.
Returns: Zero or a negative error code on error.
Since: 3.6.10
handle: is a gnutls_aead_cipher_hd_t type.
This function will deinitialize all resources occupied by the given authenticated-encryption context.
Since: 3.4.0
handle: is a gnutls_aead_cipher_hd_t type.
nonce: the nonce to set
nonce_len: The length of the nonce
auth: additional data to be authenticated
auth_len: The length of the data
tag_size: The size of the tag to use (use zero for the default)
ptext: the data to encrypt
ptext_len: The length of data to encrypt
ctext: the encrypted data including authentication tag
ctext_len: the length of encrypted data (initially must hold the maximum available size, including space for tag)
This function will encrypt the given data using the algorithm specified by the context. The output data will contain the authentication tag.
Returns: Zero or a negative error code on error.
Since: 3.4.0
handle: is a gnutls_aead_cipher_hd_t type.
nonce: the nonce to set
nonce_len: The length of the nonce
auth_iov: additional data to be authenticated
auth_iovcnt: The number of buffers in auth_iov
tag_size: The size of the tag to use (use zero for the default)
iov: the data to be encrypted
iovcnt: The number of buffers in iov
ctext: the encrypted data including authentication tag
ctext_len: the length of encrypted data (initially must hold the maximum available size, including space for tag)
This function will encrypt the provided data buffers using the algorithm specified by the context. The output data will contain the authentication tag.
Returns: Zero or a negative error code on error.
Since: 3.6.3
handle: is a gnutls_aead_cipher_hd_t type.
nonce: the nonce to set
nonce_len: The length of the nonce
auth_iov: additional data to be authenticated
auth_iovcnt: The number of buffers in auth_iov
iov: the data to be encrypted
iovcnt: The number of buffers in iov
tag: The authentication tag
tag_size: The size of the tag to use (use zero for the default)
This is similar to gnutls_aead_cipher_encrypt() , but it performs
in-place encryption on the provided data buffers.
Returns: Zero or a negative error code on error.
Since: 3.6.10
handle: is a gnutls_aead_cipher_hd_t type.
cipher: the authenticated-encryption algorithm to use
key: The key to be used for encryption
This function will initialize an context that can be used for encryption/decryption of data. This will effectively use the current crypto backend in use by gnutls or the cryptographic accelerator in use.
Returns: Zero or a negative error code on error.
Since: 3.4.0
handle: is a gnutls_aead_cipher_hd_t type.
key: The key to be used for encryption
This function will set a new key without re-initializing the context.
Returns: Zero or a negative error code on error.
Since: 3.7.5
handle: is a gnutls_cipher_hd_t type
ptext: the data to be authenticated
ptext_size: the length of the data
This function operates on authenticated encryption with associated data (AEAD) ciphers and authenticate the input data. This function can only be called once and before any encryption operations.
Returns: Zero or a negative error code on error.
Since: 3.0
handle: is a gnutls_cipher_hd_t type
ctext: the data to decrypt
ctext_len: the length of data to decrypt
This function will decrypt the given data using the algorithm specified by the context.
Note that in AEAD ciphers, this will not check the tag. You will
need to compare the tag sent with the value returned from gnutls_cipher_tag() .
Returns: Zero or a negative error code on error.
Since: 2.10.0
handle: is a gnutls_cipher_hd_t type
ctext: the data to decrypt
ctext_len: the length of data to decrypt
ptext: the decrypted data
ptext_len: the available length for decrypted data
This function will decrypt the given data using the algorithm
specified by the context. For block ciphers the ctext_len must be
a multiple of the block size. For the supported ciphers the plaintext
data length will equal the ciphertext size.
Note that in AEAD ciphers, this will not check the tag. You will
need to compare the tag sent with the value returned from gnutls_cipher_tag() .
Returns: Zero or a negative error code on error.
Since: 2.12.0
handle: is a gnutls_cipher_hd_t type
ctext: the data to decrypt
ctext_len: the length of data to decrypt
ptext: the decrypted data
ptext_len: the available length for decrypted data
flags: flags for padding
This function will decrypt the given data using the algorithm
specified by the context. If flags is specified, padding for the
decrypted data will be removed accordingly and ptext_len will be
updated.
Returns: Zero or a negative error code on error.
Since: 3.7.7
handle: is a gnutls_cipher_hd_t type
This function will deinitialize all resources occupied by the given encryption context.
Since: 2.10.0
handle: is a gnutls_cipher_hd_t type
ptext: the data to encrypt
ptext_len: the length of data to encrypt
This function will encrypt the given data using the algorithm specified by the context.
Returns: Zero or a negative error code on error.
Since: 2.10.0
handle: is a gnutls_cipher_hd_t type
ptext: the data to encrypt
ptext_len: the length of data to encrypt
ctext: the encrypted data
ctext_len: the available length for encrypted data
This function will encrypt the given data using the algorithm
specified by the context. For block ciphers the ptext_len must be
a multiple of the block size. For the supported ciphers the encrypted
data length will equal the plaintext size.
Returns: Zero or a negative error code on error.
Since: 2.12.0
handle: is a gnutls_cipher_hd_t type
ptext: the data to encrypt
ptext_len: the length of data to encrypt
ctext: the encrypted data
ctext_len: the length of encrypted data (initially must hold the maximum available size)
flags: flags for padding
This function will encrypt the given data using the algorithm
specified by the context. For block ciphers, ptext_len is
typically a multiple of the block size. If not, the caller can
instruct the function to pad the last block according to flags .
Currently, the only available padding scheme is
GNUTLS_CIPHER_PADDING_PKCS7 .
If ctext is not NULL , it must hold enough space to store
resulting cipher text. To check the required size, this function
can be called with ctext set to NULL . Then ctext_len will be
updated without performing actual encryption.
Returns: Zero or a negative error code on error.
Since: 3.7.7
algorithm: is an encryption algorithm
Returns: the block size of the encryption algorithm.
Since: 2.10.0
algorithm: is an encryption algorithm
This function returns the size of the initialization vector (IV) for the provided algorithm. For algorithms with variable size IV (e.g., AES-CCM), the returned size will be the one used by TLS.
Returns: block size for encryption algorithm.
Since: 3.2.0
algorithm: is an encryption algorithm
This function returns the tag size of an authenticated encryption algorithm. For non-AEAD algorithms, it returns zero.
Returns: the tag size of the authenticated encryption algorithm.
Since: 3.2.2
handle: is a gnutls_cipher_hd_t type
cipher: the encryption algorithm to use
key: the key to be used for encryption/decryption
iv: the IV to use (if not applicable set NULL)
This function will initialize the handle context to be usable
for encryption/decryption of data. This will effectively use the
current crypto backend in use by gnutls or the cryptographic
accelerator in use.
Returns: Zero or a negative error code on error.
Since: 2.10.0
handle: is a gnutls_cipher_hd_t type
iv: the IV to set
ivlen: the length of the IV
This function will set the IV to be used for the next encryption block.
Since: 3.0
handle: is a gnutls_cipher_hd_t type
tag: will hold the tag
tag_size: the length of the tag to return
This function operates on authenticated encryption with associated data (AEAD) ciphers and will return the output tag.
Returns: Zero or a negative error code on error.
Since: 3.0
algorithm: is the gnutls AEAD cipher identifier
priority: is the priority of the algorithm
init: A function which initializes the cipher
setkey: A function which sets the key of the cipher
aead_encrypt: Perform the AEAD encryption
aead_decrypt: Perform the AEAD decryption
deinit: A function which deinitializes the cipher
This function will register a cipher algorithm to be used by gnutls. Any algorithm registered will override the included algorithms and by convention kernel implemented algorithms have priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be used by gnutls.
In the case the registered init or setkey functions return GNUTLS_E_NEED_FALLBACK ,
GnuTLS will attempt to use the next in priority registered cipher.
The functions registered will be used with the new AEAD API introduced in GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API.
Deprecated: since 3.7.0 it is no longer possible to override cipher implementation
Returns: GNUTLS_E_SUCCESS on success, otherwise a negative error code.
Since: 3.4.0
algorithm: is the gnutls algorithm identifier
priority: is the priority of the algorithm
init: A function which initializes the cipher
setkey: A function which sets the key of the cipher
setiv: A function which sets the nonce/IV of the cipher (non-AEAD)
encrypt: A function which performs encryption (non-AEAD)
decrypt: A function which performs decryption (non-AEAD)
deinit: A function which deinitializes the cipher
This function will register a cipher algorithm to be used by gnutls. Any algorithm registered will override the included algorithms and by convention kernel implemented algorithms have priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be used by gnutls.
In the case the registered init or setkey functions return GNUTLS_E_NEED_FALLBACK ,
GnuTLS will attempt to use the next in priority registered cipher.
The functions which are marked as non-AEAD they are not required when registering a cipher to be used with the new AEAD API introduced in GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API.
Deprecated: since 3.7.0 it is no longer possible to override cipher implementation
Returns: GNUTLS_E_SUCCESS on success, otherwise a negative error code.
Since: 3.4.0
algorithm: is the gnutls digest identifier
priority: is the priority of the algorithm
init: A function which initializes the digest
hash: Perform the hash operation
output: Provide the output of the digest
deinit: A function which deinitializes the digest
hash_fast: Perform the digest operation in one go
This function will register a digest algorithm to be used by gnutls. Any algorithm registered will override the included algorithms and by convention kernel implemented algorithms have priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be used by gnutls.
Deprecated: since 3.7.0 it is no longer possible to override cipher implementation
Returns: GNUTLS_E_SUCCESS on success, otherwise a negative error code.
Since: 3.4.0
algorithm: is the gnutls MAC identifier
priority: is the priority of the algorithm
init: A function which initializes the MAC
setkey: A function which sets the key of the MAC
setnonce: A function which sets the nonce for the mac (may be NULL for common MAC algorithms)
hash: Perform the hash operation
output: Provide the output of the MAC
deinit: A function which deinitializes the MAC
hash_fast: Perform the MAC operation in one go
This function will register a MAC algorithm to be used by gnutls. Any algorithm registered will override the included algorithms and by convention kernel implemented algorithms have priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be used by gnutls.
Deprecated: since 3.7.0 it is no longer possible to override cipher implementation
Returns: GNUTLS_E_SUCCESS on success, otherwise a negative error code.
Since: 3.4.0
info: an RSA BER encoded DigestInfo structure
hash: will contain the hash algorithm of the structure
digest: will contain the hash output of the structure
digest_size: will contain the hash size of the structure; initially must hold the maximum size of digest
This function will parse an RSA PKCS1 1.5 DigestInfo structure
and report the hash algorithm used as well as the digest data.
Returns: On success, GNUTLS_E_SUCCESS (0) is returned, otherwise
an error code is returned.
Since: 3.5.0
sig_value: will holds a GOST signature according to RFC 4491 section 2.2.2
r: will contain the r value
s: will contain the s value
This function will decode the provided sig_value , into r and s elements.
See RFC 4491 section 2.2.2 for the format of signature value.
The output values may be padded with a zero byte to prevent them
from being interpreted as negative values. The value
should be deallocated using gnutls_free() .
Returns: On success, GNUTLS_E_SUCCESS (0) is returned, otherwise
an error code is returned.
Since: 3.6.0
sig_value: holds a Dss-Sig-Value DER or BER encoded structure
r: will contain the r value
s: will contain the s value
This function will decode the provided sig_value ,
into r and s elements. The Dss-Sig-Value is used for DSA and ECDSA
signatures.
The output values may be padded with a zero byte to prevent them
from being interpreted as negative values. The value
should be deallocated using gnutls_free() .
Returns: On success, GNUTLS_E_SUCCESS (0) is returned, otherwise
an error code is returned.
Since: 3.6.0
hash: the hash algorithm that was used to get the digest
digest: must contain the digest data
output: will contain the allocated DigestInfo BER encoded data
This function will encode the provided digest data, and its
algorithm into an RSA PKCS1 1.5 DigestInfo structure.
Returns: On success, GNUTLS_E_SUCCESS (0) is returned, otherwise
an error code is returned.
Since: 3.5.0
sig_value: will hold a GOST signature according to RFC 4491 section 2.2.2
r: must contain the r value
s: must contain the s value
This function will encode the provided r and s values, into binary representation according to RFC 4491 section 2.2.2, used for GOST R 34.10-2001 (and thus also for GOST R 34.10-2012) signatures.
The output value should be deallocated using gnutls_free() .
Returns: On success, GNUTLS_E_SUCCESS (0) is returned, otherwise
an error code is returned.
Since: 3.6.0
sig_value: will hold a Dss-Sig-Value DER encoded structure
r: must contain the r value
s: must contain the s value
This function will encode the provided r and s values, into a Dss-Sig-Value structure, used for DSA and ECDSA signatures.
The output value should be deallocated using gnutls_free() .
Returns: On success, GNUTLS_E_SUCCESS (0) is returned, otherwise
an error code is returned.
Since: 3.6.0
handle: is a gnutls_hash_hd_t type
ptext: the data to hash
ptext_len: the length of data to hash
This function will hash the given data using the algorithm specified by the context.
Returns: Zero or a negative error code on error.
Since: 2.10.0
handle: is a gnutls_hash_hd_t type
This function will create a copy of Message Digest context, containing all
its current state. Copying contexts for Message Digests registered using
gnutls_crypto_register_digest() is not supported and will always result in
an error. In addition to that, some of the Message Digest implementations do
not support this operation. Applications should check the return value and
provide a proper fallback.
Returns: new Message Digest context or NULL in case of an error.
Since: 3.6.9
handle: is a gnutls_hash_hd_t type
digest: is the output value of the hash
This function will deinitialize all resources occupied by the given hash context.
Since: 2.10.0
algorithm: the hash algorithm to use
ptext: the data to hash
ptext_len: the length of data to hash
digest: is the output value of the hash
This convenience function will hash the given data and return output on a single call.
Returns: Zero or a negative error code on error.
Since: 2.10.0
algorithm: the hash algorithm to use
This function will return the length of the output data of the given hash algorithm.
Returns: The length or zero on error.
Since: 2.10.0
dig: is a gnutls_hash_hd_t type
algorithm: the hash algorithm to use
This function will initialize an context that can be used to produce a Message Digest of data. This will effectively use the current crypto backend in use by gnutls or the cryptographic accelerator in use.
Returns: Zero or a negative error code on error.
Since: 2.10.0
handle: is a gnutls_hash_hd_t type
digest: is the output value of the hash
This function will output the current hash value and reset the state of the hash.
Since: 2.10.0
mac: the mac algorithm used internally
key: the pseudorandom key created with HKDF-Extract
info: the optional informational data
output: the output value of the expand operation
length: the desired length of the output key
This function will derive a variable length keying material from the pseudorandom key using the HKDF-Expand function as defined in RFC 5869.
Returns: Zero or a negative error code on error.
Since: 3.6.13
mac: the mac algorithm used internally
key: the initial keying material
salt: the optional salt
output: the output value of the extract operation
This function will derive a fixed-size key using the HKDF-Extract function as defined in RFC 5869.
Returns: Zero or a negative error code on error.
Since: 3.6.13
handle: is a gnutls_hmac_hd_t type
ptext: the data to hash
ptext_len: the length of data to hash
This function will hash the given data using the algorithm specified by the context.
Returns: Zero or a negative error code on error.
Since: 2.10.0
handle: is a gnutls_hmac_hd_t type
This function will create a copy of MAC context, containing all its current
state. Copying contexts for MACs registered using
gnutls_crypto_register_mac() is not supported and will always result in an
error. In addition to that, some of the MAC implementations do not support
this operation. Applications should check the return value and provide a
proper fallback.
Returns: new MAC context or NULL in case of an error.
Since: 3.6.9
handle: is a gnutls_hmac_hd_t type
digest: is the output value of the MAC
This function will deinitialize all resources occupied by the given hmac context.
Since: 2.10.0
algorithm: the hash algorithm to use
key: the key to use
keylen: the length of the key
ptext: the data to hash
ptext_len: the length of data to hash
digest: is the output value of the hash
This convenience function will hash the given data and return output on a single call. Note, this call will not work for MAC algorithms that require nonce (like UMAC or GMAC).
Returns: Zero or a negative error code on error.
Since: 2.10.0
algorithm: the mac algorithm to use
This function will return the size of the key to be used with this algorithm. On the algorithms which may accept arbitrary key sizes, the returned size is the MAC key size used in the TLS protocol.
Returns: The key size or zero on error.
Since: 3.6.12
algorithm: the hmac algorithm to use
This function will return the length of the output data of the given hmac algorithm.
Returns: The length or zero on error.
Since: 2.10.0
dig: is a gnutls_hmac_hd_t type
algorithm: the HMAC algorithm to use
key: the key to be used for encryption
keylen: the length of the key
This function will initialize an context that can be used to produce a Message Authentication Code (MAC) of data. This will effectively use the current crypto backend in use by gnutls or the cryptographic accelerator in use.
Note that despite the name of this function, it can be used for other MAC algorithms than HMAC.
Returns: Zero or a negative error code on error.
Since: 2.10.0
handle: is a gnutls_hmac_hd_t type
digest: is the output value of the MAC
This function will output the current MAC value and reset the state of the MAC.
Since: 2.10.0
handle: is a gnutls_hmac_hd_t type
nonce: the data to set as nonce
nonce_len: the length of data
This function will set the nonce in the MAC algorithm.
Since: 3.2.0
algorithm: is an encryption algorithm
Returns the size of the nonce used by the MAC in TLS.
Returns: length (in bytes) of the given MAC nonce size, or 0.
Since: 3.2.0
mac: the mac algorithm used internally
key: the initial keying material
salt: the salt
iter_count: the iteration count
output: the output value
length: the desired length of the output key
This function will derive a variable length keying material from
a password according to PKCS 5 PBKDF2.
Returns: Zero or a negative error code on error.
Since: 3.6.13
level: a security level
data: place to store random bytes
len: The requested size
This function will generate random data and store it to output
buffer. The value of level should be one of GNUTLS_RND_NONCE ,
GNUTLS_RND_RANDOM and GNUTLS_RND_KEY . See the manual and
gnutls_rnd_level_t for detailed information.
This function is thread-safe and also fork-safe.
Returns: Zero on success, or a negative error code on error.
Since: 2.12.0
This function refreshes the random generator state. That is the current precise time, CPU usage, and other values are input into its state.
On a slower rate input from /dev/urandom is mixed too.
Since: 3.1.7
Next: Compatibility API, Previous: DANE API, Up: API reference [Contents][Index]