diff options
| author | Hans Nilsson <[email protected]> | 2019-01-31 10:27:23 +0100 |
|---|---|---|
| committer | Hans Nilsson <[email protected]> | 2019-02-25 10:01:24 +0100 |
| commit | c7cab680b80ef9220832151ed2c8c23a5d590b8b (patch) | |
| tree | c197e1682ecdea385f93b5bbeee540e444b84e06 /lib/crypto/c_src/cipher.h | |
| parent | b3dbf45fdbe8c584c89b5e061f6e9a28a5d3ea86 (diff) | |
| download | otp-c7cab680b80ef9220832151ed2c8c23a5d590b8b.tar.gz otp-c7cab680b80ef9220832151ed2c8c23a5d590b8b.tar.bz2 otp-c7cab680b80ef9220832151ed2c8c23a5d590b8b.zip | |
crypto: New experimental api
The new files api_ng.h and api_ng.c implements an api using EVP.
The api is not by any mean new, except for the crypto application
in Erlang/OTP.
The aims at using the block api in a stream manor, that is
1) call crypto_init/4
2..N) call crypto_update/{2,3}
The purpose is to simplify and hopefully optimize the SSL and SSH
applications.
By keeping the crypto state in C in an enif_resource the costful state
copying in SSL and SSH is reduced with 1-2 per message sent or received.
Changes in other files are for adaptation like FIPS etc since many
functions uses the central get_cipher_type() function.
Diffstat (limited to 'lib/crypto/c_src/cipher.h')
| -rw-r--r-- | lib/crypto/c_src/cipher.h | 31 |
1 files changed, 27 insertions, 4 deletions
diff --git a/lib/crypto/c_src/cipher.h b/lib/crypto/c_src/cipher.h index 3fb27f0ba3..6b43afea99 100644 --- a/lib/crypto/c_src/cipher.h +++ b/lib/crypto/c_src/cipher.h @@ -32,19 +32,42 @@ struct cipher_type_t { const EVP_CIPHER* (*funcp)(void); /* before init, NULL if notsup */ const EVP_CIPHER* p; /* after init, NULL if notsup */ }cipher; - const size_t key_len; /* != 0 to also match on key_len */ + size_t key_len; /* != 0 to also match on key_len */ + unsigned flags; + union { + struct aead_ctrl {int ctx_ctrl_set_ivlen, ctx_ctrl_get_tag, ctx_ctrl_set_tag;} aead; + } extra; }; -#ifdef HAVE_EVP_AES_CTR +/* masks in the flags field if cipher_type_t */ +#define NO_FIPS_CIPHER 1 +#define AES_CFBx 2 +#define ECB_BUG_0_9_8L 4 +#define AEAD_CIPHER 8 +#define NON_EVP_CIPHER 16 +#define AES_CTR_COMPAT 32 + + +#ifdef FIPS_SUPPORT +/* May have FIPS support, must check dynamically if it is enabled */ +# define FORBIDDEN_IN_FIPS(P) (((P)->flags & NO_FIPS_CIPHER) && FIPS_mode()) +#else +/* No FIPS support since the symbol FIPS_SUPPORT is undefined */ +# define FORBIDDEN_IN_FIPS(P) 0 +#endif + extern ErlNifResourceType* evp_cipher_ctx_rtype; struct evp_cipher_ctx { EVP_CIPHER_CTX* ctx; }; -#endif int init_cipher_ctx(ErlNifEnv *env); void init_cipher_types(ErlNifEnv* env); -struct cipher_type_t* get_cipher_type(ERL_NIF_TERM type, size_t key_len); +const struct cipher_type_t* get_cipher_type(ERL_NIF_TERM type, size_t key_len); + +int cmp_cipher_types(const void *keyp, const void *elemp); + +ERL_NIF_TERM cipher_types_as_list(ErlNifEnv* env); #endif /* E_CIPHER_H__ */ |