On Fri, 2018-06-08 at 13:34 +0200, Niels Möller wrote: > Nikos Mavrogiannopoulos <[email protected]> writes: > > > If you mean removing them from the public headers and placing them > > in > > one (or multiple) internal ones, it makes sense to me. > > Sounds reasonable. Then it's harder to use them without realizing > they're internal and not compatible over version changes (even though > we > ought to document the conventions). > > > > What do you think? Are there any of the current _nettle_* symbols > > > that should be in the advertised API (and hence renamed)? > > > > I do not use any of them in gnutls, but searching at the debian > > code, I > > see: _nettle_md5_compress (sogo), _nettle_sha1_compress > > (filezilla/putty) > > We could promote those to advertised ABI, then. I.e., linker symbols > nettle_*_compress after the ABI change, while we could keep > _nettle_*_compress as aliases in the header file, not not also break > the API.
I attach the current state. It does move all internal symbols into multiple internal headers and removes them from exported list. The last patch renames _nettle_md5_compress and _nettle_sha1_compress and includes it into the exported list (quite ugly, maybe we skip that rename?). regards, Nikos
From 22f05736f097ab9e166e55b6c11b77c61aec4181 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos <[email protected]> Date: Wed, 6 Jun 2018 15:17:00 +0200 Subject: [PATCH 1/3] abi: explicitly export intended symbols and hide others This adds all exported symbols in the map files explicitly under the following rules: - Symbols mentioned in internal headers go in a section which is valid only for testing, and linking with these symbols will break in library updates. - Symbols mentioned in installed headers go in the exported sections and are considered part of the ABI. - All internal symbols move to internal headers. - The _nettle_md5_compress and _nettle_sha1_compress remain exported due to existing usage. --- Makefile.in | 5 +- bignum.h | 7 - chacha-core-internal.c | 1 + chacha-crypt.c | 1 + chacha-internal.h | 46 ++++ chacha-poly1305.c | 1 + chacha.h | 4 - dsa-gen-params.c | 1 + dsa-hash.c | 1 + dsa-internal.h | 47 ++++ dsa-sign.c | 1 + dsa-verify.c | 1 + dsa.c | 1 + dsa.h | 6 - ecc-curve.h | 6 - ecc-internal.h | 6 + ed25519-sha512-pubkey.c | 1 + ed25519-sha512-sign.c | 1 + ed25519-sha512-verify.c | 1 + eddsa-compress.c | 1 + eddsa-decompress.c | 1 + eddsa-expand.c | 1 + eddsa-hash.c | 1 + eddsa-internal.h | 115 +++++++++ eddsa-pubkey.c | 1 + eddsa-sign.c | 1 + eddsa-verify.c | 1 + eddsa.h | 78 ------ examples/nettle-benchmark.c | 1 + hogweed-internal.h | 54 ++++ libhogweed.map.in | 239 +++++++++++++++++- libnettle.map.in | 422 +++++++++++++++++++++++++++++++- nettle-internal.h | 2 + nettle-lookup-hash.c | 1 + nettle-meta.h | 8 - pkcs1-rsa-digest.c | 2 +- pkcs1-rsa-md5.c | 1 + pkcs1-rsa-sha1.c | 1 + pkcs1-rsa-sha256.c | 1 + pkcs1-rsa-sha512.c | 1 + pkcs1.c | 1 + pkcs1.h | 8 - ripemd160-internal.h | 43 ++++ ripemd160.c | 1 + ripemd160.h | 5 - rsa-blind.c | 1 + rsa-decrypt-tr.c | 1 + rsa-encrypt.c | 1 + rsa-internal.h | 68 +++++ rsa-keygen.c | 1 + rsa-md5-sign-tr.c | 1 + rsa-md5-sign.c | 1 + rsa-md5-verify.c | 1 + rsa-pkcs1-sign-tr.c | 1 + rsa-pkcs1-sign.c | 1 + rsa-pkcs1-verify.c | 1 + rsa-pss-sha256-sign-tr.c | 1 + rsa-pss-sha256-verify.c | 1 + rsa-pss-sha512-sign-tr.c | 1 + rsa-pss-sha512-verify.c | 1 + rsa-sha1-sign-tr.c | 1 + rsa-sha1-sign.c | 1 + rsa-sha1-verify.c | 1 + rsa-sha256-sign-tr.c | 1 + rsa-sha256-sign.c | 1 + rsa-sha256-verify.c | 1 + rsa-sha512-sign-tr.c | 1 + rsa-sha512-sign.c | 1 + rsa-sha512-verify.c | 1 + rsa-sign-tr.c | 1 + rsa-sign.c | 1 + rsa-verify.c | 1 + rsa.c | 1 + rsa.h | 27 -- salsa20-core-internal.c | 1 + salsa20-crypt.c | 1 + salsa20-internal.h | 45 ++++ salsa20.h | 4 - salsa20r12-crypt.c | 1 + sha2-internal.h | 52 ++++ sha2.h | 12 - sha256-compress.c | 1 + sha256.c | 1 + sha3-224-meta.c | 1 + sha3-224.c | 1 + sha3-256-meta.c | 1 + sha3-256.c | 1 + sha3-384-meta.c | 1 + sha3-384.c | 1 + sha3-512-meta.c | 1 + sha3-512.c | 1 + sha3-internal.h | 52 ++++ sha3-permute.c | 1 + sha3.c | 1 + sha3.h | 11 - sha512.c | 1 + testsuite/chacha-test.c | 1 + testsuite/eddsa-compress-test.c | 1 + testsuite/eddsa-sign-test.c | 1 + testsuite/eddsa-verify-test.c | 1 + testsuite/pkcs1-test.c | 1 + testsuite/sha3-permute-test.c | 1 + umac-internal.h | 95 +++++++ umac-l2.c | 1 + umac-l3.c | 1 + umac-nh-n.c | 1 + umac-nh.c | 1 + umac-poly128.c | 1 + umac-poly64.c | 1 + umac-set-key.c | 1 + umac.h | 55 ----- umac128.c | 1 + umac32.c | 1 + umac64.c | 1 + umac96.c | 1 + 115 files changed, 1371 insertions(+), 239 deletions(-) create mode 100644 chacha-internal.h create mode 100644 dsa-internal.h create mode 100644 eddsa-internal.h create mode 100644 hogweed-internal.h create mode 100644 ripemd160-internal.h create mode 100644 rsa-internal.h create mode 100644 salsa20-internal.h create mode 100644 sha2-internal.h create mode 100644 sha3-internal.h create mode 100644 umac-internal.h diff --git a/Makefile.in b/Makefile.in index 52ac0482..d4fa628a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -226,8 +226,11 @@ DISTFILES = $(SOURCES) $(HEADERS) getopt.h getopt_int.h \ $(des_headers) descore.README desdata.stamp \ aes-internal.h camellia-internal.h serpent-internal.h \ cast128_sboxes.h desinfo.h desCode.h \ + ripemd160-internal.h sha2-internal.h \ memxor-internal.h nettle-internal.h nettle-write.h \ - ctr-internal.h \ + ctr-internal.h chacha-internal.h sha3-internal.h \ + salsa20-internal.h umac-internal.h hogweed-internal.h \ + rsa-internal.h dsa-internal.h eddsa-internal.h \ gmp-glue.h ecc-internal.h fat-setup.h \ mini-gmp.h asm.m4 \ nettle.texinfo nettle.info nettle.html nettle.pdf sha-example.c diff --git a/bignum.h b/bignum.h index 9afcd299..cace4d4f 100644 --- a/bignum.h +++ b/bignum.h @@ -109,13 +109,6 @@ nettle_random_prime(mpz_t p, unsigned bits, int top_bits_set, void *ctx, nettle_random_func *random, void *progress_ctx, nettle_progress_func *progress); -void -_nettle_generate_pocklington_prime (mpz_t p, mpz_t r, - unsigned bits, int top_bits_set, - void *ctx, nettle_random_func *random, - const mpz_t p0, - const mpz_t q, - const mpz_t p0q); /* sexp parsing */ struct sexp_iterator; diff --git a/chacha-core-internal.c b/chacha-core-internal.c index 48545aee..af278bb0 100644 --- a/chacha-core-internal.c +++ b/chacha-core-internal.c @@ -47,6 +47,7 @@ #include <string.h> #include "chacha.h" +#include "chacha-internal.h" #include "macros.h" diff --git a/chacha-crypt.c b/chacha-crypt.c index ed1bb577..63d799ce 100644 --- a/chacha-crypt.c +++ b/chacha-crypt.c @@ -47,6 +47,7 @@ #include <string.h> #include "chacha.h" +#include "chacha-internal.h" #include "macros.h" #include "memxor.h" diff --git a/chacha-internal.h b/chacha-internal.h new file mode 100644 index 00000000..1bca8e74 --- /dev/null +++ b/chacha-internal.h @@ -0,0 +1,46 @@ +/* chacha-internal.h + + The ChaCha stream cipher. + + Copyright (C) 2013 Joachim Strömbergson + Copyright (C) 2012 Simon Josefsson + Copyright (C) 2014 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#ifndef NETTLE_CHACHA_INTERNAL_H_INCLUDED +#define NETTLE_CHACHA_INTERNAL_H_INCLUDED + +#include "nettle-types.h" + +#define _chacha_core _nettle_chacha_core + +void +_chacha_core(uint32_t *dst, const uint32_t *src, unsigned rounds); + +#endif /* NETTLE_CHACHA_INTERNAL_H_INCLUDED */ diff --git a/chacha-poly1305.c b/chacha-poly1305.c index c5109b86..974a5022 100644 --- a/chacha-poly1305.c +++ b/chacha-poly1305.c @@ -52,6 +52,7 @@ #include <assert.h> #include <string.h> +#include "chacha-internal.h" #include "chacha-poly1305.h" #include "macros.h" diff --git a/chacha.h b/chacha.h index 3f082834..429a55b6 100644 --- a/chacha.h +++ b/chacha.h @@ -47,7 +47,6 @@ extern "C" { #define chacha_set_nonce nettle_chacha_set_nonce #define chacha_set_nonce96 nettle_chacha_set_nonce96 #define chacha_crypt nettle_chacha_crypt -#define _chacha_core _nettle_chacha_core /* Currently, only 256-bit keys are supported. */ #define CHACHA_KEY_SIZE 32 @@ -86,9 +85,6 @@ void chacha_crypt(struct chacha_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void -_chacha_core(uint32_t *dst, const uint32_t *src, unsigned rounds); - #ifdef __cplusplus } #endif diff --git a/dsa-gen-params.c b/dsa-gen-params.c index 28bc1183..7d9300b6 100644 --- a/dsa-gen-params.c +++ b/dsa-gen-params.c @@ -42,6 +42,7 @@ #include "bignum.h" #include "nettle-internal.h" +#include "hogweed-internal.h" /* Valid sizes, according to FIPS 186-3 are (1024, 160), (2048, 224), diff --git a/dsa-hash.c b/dsa-hash.c index 5fc97fc4..1a2ff5c3 100644 --- a/dsa-hash.c +++ b/dsa-hash.c @@ -34,6 +34,7 @@ #endif #include "dsa.h" +#include "dsa-internal.h" #include "bignum.h" diff --git a/dsa-internal.h b/dsa-internal.h new file mode 100644 index 00000000..b82adf3f --- /dev/null +++ b/dsa-internal.h @@ -0,0 +1,47 @@ +/* dsa-internal.h + + The DSA publickey algorithm. + + Copyright (C) 2002, 2013, 2014 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#ifndef NETTLE_DSA_INTERNAL_H_INCLUDED +#define NETTLE_DSA_INTERNAL_H_INCLUDED + +#include "nettle-types.h" + +#define _dsa_hash _nettle_dsa_hash + +/* Internal functions. */ +void +_dsa_hash (mpz_t h, unsigned bit_size, + size_t length, const uint8_t *digest); + + +#endif /* NETTLE_DSA_INTERNAL_H_INCLUDED */ diff --git a/dsa-sign.c b/dsa-sign.c index b713743e..2c72f847 100644 --- a/dsa-sign.c +++ b/dsa-sign.c @@ -39,6 +39,7 @@ #include <stdlib.h> #include "dsa.h" +#include "dsa-internal.h" #include "bignum.h" diff --git a/dsa-verify.c b/dsa-verify.c index cc984bd3..348afdc4 100644 --- a/dsa-verify.c +++ b/dsa-verify.c @@ -38,6 +38,7 @@ #include <stdlib.h> #include "dsa.h" +#include "dsa-internal.h" #include "bignum.h" diff --git a/dsa.c b/dsa.c index efafb79e..db055876 100644 --- a/dsa.c +++ b/dsa.c @@ -36,6 +36,7 @@ #endif #include "dsa.h" +#include "dsa-internal.h" #include "bignum.h" diff --git a/dsa.h b/dsa.h index 7aa982ab..553ef327 100644 --- a/dsa.h +++ b/dsa.h @@ -59,7 +59,6 @@ extern "C" { #define dsa_public_key_from_der_iterator nettle_dsa_public_key_from_der_iterator #define dsa_openssl_private_key_from_der_iterator nettle_dsa_openssl_private_key_from_der_iterator #define dsa_openssl_private_key_from_der nettle_openssl_provate_key_from_der -#define _dsa_hash _nettle_dsa_hash /* For FIPS approved parameters */ #define DSA_SHA1_MIN_P_BITS 512 @@ -204,11 +203,6 @@ dsa_openssl_private_key_from_der(struct dsa_params *params, size_t length, const uint8_t *data); -/* Internal functions. */ -void -_dsa_hash (mpz_t h, unsigned bit_size, - size_t length, const uint8_t *digest); - #ifdef __cplusplus } #endif diff --git a/ecc-curve.h b/ecc-curve.h index 10d491d4..8af75fdd 100644 --- a/ecc-curve.h +++ b/ecc-curve.h @@ -41,12 +41,6 @@ extern "C" { /* The contents of this struct is internal. */ struct ecc_curve; -extern const struct ecc_curve _nettle_secp_192r1; -extern const struct ecc_curve _nettle_secp_224r1; -extern const struct ecc_curve _nettle_secp_256r1; -extern const struct ecc_curve _nettle_secp_384r1; -extern const struct ecc_curve _nettle_secp_521r1; - #ifdef __GNUC__ #define NETTLE_PURE __attribute__((pure)) #else diff --git a/ecc-internal.h b/ecc-internal.h index ce1e34fb..94fc218b 100644 --- a/ecc-internal.h +++ b/ecc-internal.h @@ -73,6 +73,12 @@ #define sec_modinv _nettle_sec_modinv #define curve25519_eh_to_x _nettle_curve25519_eh_to_x +extern const struct ecc_curve _nettle_secp_192r1; +extern const struct ecc_curve _nettle_secp_224r1; +extern const struct ecc_curve _nettle_secp_256r1; +extern const struct ecc_curve _nettle_secp_384r1; +extern const struct ecc_curve _nettle_secp_521r1; + /* Keep this structure internal for now. It's misnamed (since it's really implementing the equivalent twisted Edwards curve, with different coordinates). And we're not quite ready to provide diff --git a/ed25519-sha512-pubkey.c b/ed25519-sha512-pubkey.c index 438446e2..7afb1ccd 100644 --- a/ed25519-sha512-pubkey.c +++ b/ed25519-sha512-pubkey.c @@ -34,6 +34,7 @@ #endif #include "eddsa.h" +#include "eddsa-internal.h" #include "ecc-internal.h" #include "sha2.h" diff --git a/ed25519-sha512-sign.c b/ed25519-sha512-sign.c index af9de209..84cb1698 100644 --- a/ed25519-sha512-sign.c +++ b/ed25519-sha512-sign.c @@ -34,6 +34,7 @@ #endif #include "eddsa.h" +#include "eddsa-internal.h" #include "ecc-internal.h" #include "sha2.h" diff --git a/ed25519-sha512-verify.c b/ed25519-sha512-verify.c index e9ba5ae4..1d6a8c22 100644 --- a/ed25519-sha512-verify.c +++ b/ed25519-sha512-verify.c @@ -36,6 +36,7 @@ #include <string.h> #include "eddsa.h" +#include "eddsa-internal.h" #include "ecc-internal.h" #include "sha2.h" diff --git a/eddsa-compress.c b/eddsa-compress.c index 40959586..547ba736 100644 --- a/eddsa-compress.c +++ b/eddsa-compress.c @@ -34,6 +34,7 @@ #endif #include "eddsa.h" +#include "eddsa-internal.h" #include "ecc-internal.h" #include "gmp-glue.h" diff --git a/eddsa-decompress.c b/eddsa-decompress.c index 75550168..f114b576 100644 --- a/eddsa-decompress.c +++ b/eddsa-decompress.c @@ -34,6 +34,7 @@ #endif #include "eddsa.h" +#include "eddsa-internal.h" #include "ecc-internal.h" #include "gmp-glue.h" diff --git a/eddsa-expand.c b/eddsa-expand.c index dc2bfaf1..62a64378 100644 --- a/eddsa-expand.c +++ b/eddsa-expand.c @@ -37,6 +37,7 @@ #include <string.h> #include "eddsa.h" +#include "eddsa-internal.h" #include "ecc.h" #include "ecc-internal.h" diff --git a/eddsa-hash.c b/eddsa-hash.c index 4fb79f1b..46f6ca34 100644 --- a/eddsa-hash.c +++ b/eddsa-hash.c @@ -36,6 +36,7 @@ #include <assert.h> #include "eddsa.h" +#include "eddsa-internal.h" #include "ecc.h" #include "ecc-internal.h" diff --git a/eddsa-internal.h b/eddsa-internal.h new file mode 100644 index 00000000..abf02f48 --- /dev/null +++ b/eddsa-internal.h @@ -0,0 +1,115 @@ +/* eddsa.h + + Copyright (C) 2014 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#ifndef NETTLE_EDDSA_INTERNAL_H +#define NETTLE_EDDSA_INTERNAL_H + +#include "nettle-types.h" + +#define _eddsa_compress _nettle_eddsa_compress +#define _eddsa_compress_itch _nettle_eddsa_compress_itch +#define _eddsa_decompress _nettle_eddsa_decompress +#define _eddsa_decompress_itch _nettle_eddsa_decompress_itch +#define _eddsa_hash _nettle_eddsa_hash +#define _eddsa_expand_key _nettle_eddsa_expand_key +#define _eddsa_sign _nettle_eddsa_sign +#define _eddsa_sign_itch _nettle_eddsa_sign_itch +#define _eddsa_verify _nettle_eddsa_verify +#define _eddsa_verify_itch _nettle_eddsa_verify_itch +#define _eddsa_public_key_itch _nettle_eddsa_public_key_itch +#define _eddsa_public_key _nettle_eddsa_public_key + +/* Low-level internal functions */ + +struct ecc_curve; +struct ecc_modulo; + +mp_size_t +_eddsa_compress_itch (const struct ecc_curve *ecc); +void +_eddsa_compress (const struct ecc_curve *ecc, uint8_t *r, mp_limb_t *p, + mp_limb_t *scratch); + +mp_size_t +_eddsa_decompress_itch (const struct ecc_curve *ecc); +int +_eddsa_decompress (const struct ecc_curve *ecc, mp_limb_t *p, + const uint8_t *cp, + mp_limb_t *scratch); + +void +_eddsa_hash (const struct ecc_modulo *m, + mp_limb_t *rp, const uint8_t *digest); + +mp_size_t +_eddsa_sign_itch (const struct ecc_curve *ecc); + +void +_eddsa_sign (const struct ecc_curve *ecc, + const struct nettle_hash *H, + const uint8_t *pub, + void *ctx, + const mp_limb_t *k2, + size_t length, + const uint8_t *msg, + uint8_t *signature, + mp_limb_t *scratch); + +mp_size_t +_eddsa_verify_itch (const struct ecc_curve *ecc); + +int +_eddsa_verify (const struct ecc_curve *ecc, + const struct nettle_hash *H, + const uint8_t *pub, + const mp_limb_t *A, + void *ctx, + size_t length, + const uint8_t *msg, + const uint8_t *signature, + mp_limb_t *scratch); + +void +_eddsa_expand_key (const struct ecc_curve *ecc, + const struct nettle_hash *H, + void *ctx, + const uint8_t *key, + uint8_t *digest, + mp_limb_t *k2); + +mp_size_t +_eddsa_public_key_itch (const struct ecc_curve *ecc); + +void +_eddsa_public_key (const struct ecc_curve *ecc, + const mp_limb_t *k, uint8_t *pub, mp_limb_t *scratch); + +#endif /* NETTLE_EDDSA_INTERNAL_H */ diff --git a/eddsa-pubkey.c b/eddsa-pubkey.c index d1546707..c952ad17 100644 --- a/eddsa-pubkey.c +++ b/eddsa-pubkey.c @@ -34,6 +34,7 @@ #endif #include "eddsa.h" +#include "eddsa-internal.h" #include "ecc-internal.h" diff --git a/eddsa-sign.c b/eddsa-sign.c index c1404f67..5832c23a 100644 --- a/eddsa-sign.c +++ b/eddsa-sign.c @@ -36,6 +36,7 @@ #include <assert.h> #include "eddsa.h" +#include "eddsa-internal.h" #include "ecc.h" #include "ecc-internal.h" diff --git a/eddsa-verify.c b/eddsa-verify.c index 5541d975..7718a126 100644 --- a/eddsa-verify.c +++ b/eddsa-verify.c @@ -36,6 +36,7 @@ #include <assert.h> #include "eddsa.h" +#include "eddsa-internal.h" #include "ecc.h" #include "ecc-internal.h" diff --git a/eddsa.h b/eddsa.h index 49f1a025..968ffffb 100644 --- a/eddsa.h +++ b/eddsa.h @@ -46,19 +46,6 @@ extern "C" { #define ed25519_sha512_sign nettle_ed25519_sha512_sign #define ed25519_sha512_verify nettle_ed25519_sha512_verify -#define _eddsa_compress _nettle_eddsa_compress -#define _eddsa_compress_itch _nettle_eddsa_compress_itch -#define _eddsa_decompress _nettle_eddsa_decompress -#define _eddsa_decompress_itch _nettle_eddsa_decompress_itch -#define _eddsa_hash _nettle_eddsa_hash -#define _eddsa_expand_key _nettle_eddsa_expand_key -#define _eddsa_sign _nettle_eddsa_sign -#define _eddsa_sign_itch _nettle_eddsa_sign_itch -#define _eddsa_verify _nettle_eddsa_verify -#define _eddsa_verify_itch _nettle_eddsa_verify_itch -#define _eddsa_public_key_itch _nettle_eddsa_public_key_itch -#define _eddsa_public_key _nettle_eddsa_public_key - #define ED25519_KEY_SIZE 32 #define ED25519_SIGNATURE_SIZE 64 @@ -76,71 +63,6 @@ ed25519_sha512_verify (const uint8_t *pub, size_t length, const uint8_t *msg, const uint8_t *signature); -/* Low-level internal functions */ - -struct ecc_curve; -struct ecc_modulo; - -mp_size_t -_eddsa_compress_itch (const struct ecc_curve *ecc); -void -_eddsa_compress (const struct ecc_curve *ecc, uint8_t *r, mp_limb_t *p, - mp_limb_t *scratch); - -mp_size_t -_eddsa_decompress_itch (const struct ecc_curve *ecc); -int -_eddsa_decompress (const struct ecc_curve *ecc, mp_limb_t *p, - const uint8_t *cp, - mp_limb_t *scratch); - -void -_eddsa_hash (const struct ecc_modulo *m, - mp_limb_t *rp, const uint8_t *digest); - -mp_size_t -_eddsa_sign_itch (const struct ecc_curve *ecc); - -void -_eddsa_sign (const struct ecc_curve *ecc, - const struct nettle_hash *H, - const uint8_t *pub, - void *ctx, - const mp_limb_t *k2, - size_t length, - const uint8_t *msg, - uint8_t *signature, - mp_limb_t *scratch); - -mp_size_t -_eddsa_verify_itch (const struct ecc_curve *ecc); - -int -_eddsa_verify (const struct ecc_curve *ecc, - const struct nettle_hash *H, - const uint8_t *pub, - const mp_limb_t *A, - void *ctx, - size_t length, - const uint8_t *msg, - const uint8_t *signature, - mp_limb_t *scratch); - -void -_eddsa_expand_key (const struct ecc_curve *ecc, - const struct nettle_hash *H, - void *ctx, - const uint8_t *key, - uint8_t *digest, - mp_limb_t *k2); - -mp_size_t -_eddsa_public_key_itch (const struct ecc_curve *ecc); - -void -_eddsa_public_key (const struct ecc_curve *ecc, - const mp_limb_t *k, uint8_t *pub, mp_limb_t *scratch); - #ifdef __cplusplus } diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c index b6863cb5..61f1a7ba 100644 --- a/examples/nettle-benchmark.c +++ b/examples/nettle-benchmark.c @@ -58,6 +58,7 @@ #include "gcm.h" #include "memxor.h" #include "salsa20.h" +#include "salsa20-internal.h" #include "serpent.h" #include "sha1.h" #include "sha2.h" diff --git a/hogweed-internal.h b/hogweed-internal.h new file mode 100644 index 00000000..e758ab66 --- /dev/null +++ b/hogweed-internal.h @@ -0,0 +1,54 @@ +/* hogweed-internal.h + + Bignum operations that are missing from gmp. + + Copyright (C) 2001 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#ifndef NETTLE_HOGWEED_INTERNAL_H_INCLUDED +#define NETTLE_HOGWEED_INTERNAL_H_INCLUDED + +void +_nettle_generate_pocklington_prime (mpz_t p, mpz_t r, + unsigned bits, int top_bits_set, + void *ctx, nettle_random_func *random, + const mpz_t p0, + const mpz_t q, + const mpz_t p0q); + +#define _pkcs1_signature_prefix _nettle_pkcs1_signature_prefix + +uint8_t * +_pkcs1_signature_prefix(unsigned key_size, + uint8_t *buffer, + unsigned id_size, + const uint8_t *id, + unsigned digest_size); + +#endif /* NETTLE_HOGWEED_INTERNAL_H_INCLUDED */ diff --git a/libhogweed.map.in b/libhogweed.map.in index eea6ed81..4cd18b57 100644 --- a/libhogweed.map.in +++ b/libhogweed.map.in @@ -1,4 +1,4 @@ -# libhogweed.map -- libhogweed linker version script. -*- ld-script -*- +# libhogweed.map.in -- linker version script. -*- ld-script -*- # # The symbol version must be updated on every hogweed @@ -8,11 +8,244 @@ HOGWEED_@LIBHOGWEED_MAJOR@ { global: - nettle_*; - _nettle_*; @HOGWEED_EXTRA_SYMBOLS@ + nettle_sexp_iterator_assoc; + nettle_sexp_iterator_check_type; + nettle_sexp_iterator_check_types; + nettle_sexp_iterator_enter_list; + nettle_sexp_iterator_exit_list; + nettle_sexp_iterator_first; + nettle_sexp_iterator_get_uint32; + nettle_sexp_iterator_next; + nettle_sexp_iterator_subexpr; + nettle_sexp_format; + nettle_sexp_vformat; + nettle_sexp_transport_iterator_first; + nettle_sexp_transport_format; + nettle_sexp_transport_vformat; + nettle_mpz_get_str_256; + nettle_mpz_init_set_str_256_s; + nettle_mpz_init_set_str_256_u; + nettle_mpz_set_str_256_s; + nettle_mpz_set_str_256_u; + nettle_mpz_sizeinbase_256_s; + nettle_mpz_sizeinbase_256_u; + nettle_mpz_random; + nettle_mpz_random_size; + nettle_random_prime; + nettle_mpz_set_sexp; + nettle_pkcs1_encrypt; + nettle_pkcs1_decrypt; + nettle_pkcs1_rsa_digest_encode; + nettle_pkcs1_rsa_md5_encode; + nettle_pkcs1_rsa_md5_encode_digest; + nettle_pkcs1_rsa_sha1_encode; + nettle_pkcs1_rsa_sha1_encode_digest; + nettle_pkcs1_rsa_sha256_encode; + nettle_pkcs1_rsa_sha256_encode_digest; + nettle_pkcs1_rsa_sha512_encode; + nettle_pkcs1_rsa_sha512_encode_digest; + nettle_pss_encode_mgf1; + nettle_pss_verify_mgf1; + nettle_pss_mgf1; + nettle_rsa_public_key_clear; + nettle_rsa_public_key_init; + nettle_rsa_public_key_prepare; + nettle_rsa_compute_root; + nettle_rsa_private_key_clear; + nettle_rsa_private_key_init; + nettle_rsa_private_key_prepare; + nettle_rsa_compute_root_tr; + nettle_rsa_pkcs1_sign; + nettle_rsa_pkcs1_sign_tr; + nettle_rsa_pkcs1_verify; + nettle_rsa_md5_sign; + nettle_rsa_md5_sign_digest; + nettle_rsa_md5_sign_digest_tr; + nettle_rsa_md5_sign_tr; + nettle_rsa_md5_verify; + nettle_rsa_md5_verify_digest; + nettle_rsa_sha1_sign; + nettle_rsa_sha1_sign_digest; + nettle_rsa_sha1_sign_digest_tr; + nettle_rsa_sha1_sign_tr; + nettle_rsa_sha1_verify; + nettle_rsa_sha1_verify_digest; + nettle_rsa_sha256_sign; + nettle_rsa_sha256_sign_digest; + nettle_rsa_sha256_sign_digest_tr; + nettle_rsa_sha256_sign_tr; + nettle_rsa_sha256_verify; + nettle_rsa_sha256_verify_digest; + nettle_rsa_sha512_sign; + nettle_rsa_sha512_sign_digest; + nettle_rsa_sha512_sign_digest_tr; + nettle_rsa_sha512_sign_tr; + nettle_rsa_sha512_verify; + nettle_rsa_sha512_verify_digest; + nettle_rsa_pss_sha256_sign_digest_tr; + nettle_rsa_pss_sha256_verify_digest; + nettle_rsa_pss_sha384_sign_digest_tr; + nettle_rsa_pss_sha512_sign_digest_tr; + nettle_rsa_pss_sha384_verify_digest; + nettle_rsa_pss_sha512_verify_digest; + nettle_rsa_encrypt; + nettle_rsa_decrypt; + nettle_rsa_decrypt_tr; + nettle_rsa_generate_keypair; + nettle_rsa_keypair_to_sexp; + nettle_rsa_keypair_from_sexp; + nettle_rsa_keypair_from_sexp_alist; + nettle_dsa_params_clear; + nettle_dsa_params_init; + nettle_dsa_signature_clear; + nettle_dsa_signature_init; + nettle_dsa_private_key_clear; + nettle_dsa_private_key_init; + nettle_dsa_public_key_clear; + nettle_dsa_public_key_init; + nettle_dsa_compat_generate_keypair; + nettle_dsa_generate_params; + nettle_dsa_sign; + nettle_dsa_verify; + nettle_dsa_generate_keypair; + nettle_dsa_sha1_sign; + nettle_dsa_sha1_sign_digest; + nettle_dsa_sha1_verify; + nettle_dsa_sha1_verify_digest; + nettle_dsa_sha256_sign; + nettle_dsa_sha256_sign_digest; + nettle_dsa_sha256_verify; + nettle_dsa_sha256_verify_digest; + nettle_dsa_keypair_to_sexp; + nettle_dsa_keypair_from_sexp_alist; + nettle_dsa_sha1_keypair_from_sexp; + nettle_dsa_sha256_keypair_from_sexp; + nettle_dsa_signature_from_sexp; + nettle_pgp_armor; + nettle_pgp_crc24; + nettle_pgp_put_header; + nettle_pgp_put_header_length; + nettle_pgp_put_length; + nettle_pgp_put_mpi; + nettle_pgp_put_public_rsa_key; + nettle_pgp_put_rsa_sha1_signature; + nettle_pgp_put_string; + nettle_pgp_put_sub_packet; + nettle_pgp_put_uint16; + nettle_pgp_put_uint32; + nettle_pgp_put_userid; + nettle_pgp_sub_packet_end; + nettle_pgp_sub_packet_start; + nettle_rsa_keypair_to_openpgp; + nettle_asn1_der_decode_bitstring; + nettle_asn1_der_decode_bitstring_last; + nettle_asn1_der_decode_constructed; + nettle_asn1_der_decode_constructed_last; + nettle_asn1_der_get_bignum; + nettle_asn1_der_get_uint32; + nettle_asn1_der_iterator_first; + nettle_asn1_der_iterator_next; + nettle_rsa_keypair_from_der; + nettle_rsa_private_key_from_der_iterator; + nettle_rsa_public_key_from_der_iterator; + nettle_dsa_openssl_private_key_from_der_iterator; + nettle_dsa_params_from_der_iterator; + nettle_dsa_public_key_from_der_iterator; + nettle_openssl_provate_key_from_der; + nettle_get_secp_192r1; + nettle_get_secp_224r1; + nettle_get_secp_256r1; + nettle_get_secp_384r1; + nettle_get_secp_521r1; + nettle_ecc_bit_size; + nettle_ecc_size; + nettle_ecc_size_a; + nettle_ecc_size_j; + nettle_ecc_scalar_random; + nettle_ecc_point_clear; + nettle_ecc_point_get; + nettle_ecc_point_init; + nettle_ecc_point_set; + nettle_ecc_scalar_clear; + nettle_ecc_scalar_get; + nettle_ecc_scalar_init; + nettle_ecc_scalar_set; + nettle_ecc_point_mul; + nettle_ecc_point_mul_g; + nettle_ecc_ecdsa_sign; + nettle_ecc_ecdsa_sign_itch; + nettle_ecdsa_sign; + nettle_ecc_ecdsa_verify; + nettle_ecc_ecdsa_verify_itch; + nettle_ecdsa_verify; + nettle_ecdsa_generate_keypair; + nettle_curve25519_mul_g; + nettle_curve25519_mul; + nettle_ed25519_sha512_public_key; + nettle_ed25519_sha512_sign; + nettle_ed25519_sha512_verify; local: *; }; +# Internal symbols which are to be used only for unit or other +# testing. Compatibility may break across releases. +HOGWEED_INTERNAL_@LIBHOGWEED_MAJOR@_@LIBNETTLE_MINOR@ +{ + global: + _nettle_mpz_limbs_cmp; + _nettle_mpz_limbs_copy; + _nettle_mpz_limbs_read_n; + _nettle_sec_add_1; + _nettle_sec_sub_1; + _nettle_sec_tabselect; + _nettle_cnd_copy; + _nettle_ecc_mod; + _nettle_ecc_mod_inv; + _nettle_ecc_mod_add; + _nettle_ecc_mod_addmul_1; + _nettle_ecc_mod_mul; + _nettle_ecc_mod_mul_1; + _nettle_ecc_mod_sqr; + _nettle_ecc_mod_sub; + _nettle_ecc_mod_submul_1; + _nettle_ecc_pp1_redc; + _nettle_ecc_pm1_redc; + _nettle_curve25519; + _nettle_ecc_j_to_a; + _nettle_ecc_a_to_j; + _nettle_ecc_dup_jj; + _nettle_ecc_add_jja; + _nettle_ecc_add_jjj; + _nettle_ecc_eh_to_a; + _nettle_ecc_dup_eh; + _nettle_ecc_add_eh; + _nettle_ecc_add_ehh; + _nettle_ecc_mul_g_eh; + _nettle_ecc_mul_a_eh; + _nettle_ecc_mul_g; + _nettle_ecc_mul_a; + _nettle_ecc_hash; + _nettle_ecc_mod_random; + _nettle_curve25519_eh_to_x; + _nettle_pkcs1_signature_prefix; + _nettle_secp_192r1; + _nettle_secp_224r1; + _nettle_secp_256r1; + _nettle_secp_384r1; + _nettle_secp_521r1; + _nettle_eddsa_verify_itch; + _nettle_eddsa_sign_itch; + _nettle_eddsa_decompress; + _nettle_eddsa_decompress_itch; + _nettle_eddsa_compress; + _nettle_eddsa_verify; + _nettle_eddsa_public_key; + _nettle_eddsa_expand_key; + _nettle_eddsa_sign; + + local: + *; +}; diff --git a/libnettle.map.in b/libnettle.map.in index 02455bc5..01902f79 100644 --- a/libnettle.map.in +++ b/libnettle.map.in @@ -1,4 +1,4 @@ -# libnettle.map -- libnettle linker version script. -*- ld-script -*- +# libnettle.map.in -- linker version script. -*- ld-script -*- # # The symbol version must be updated on every nettle @@ -8,10 +8,426 @@ NETTLE_@LIBNETTLE_MAJOR@ { global: - nettle_*; - _nettle_*; + + nettle_aes128_decrypt; + nettle_aes192_decrypt; + nettle_aes256_decrypt; + nettle_aes_decrypt; + nettle_aes128_encrypt; + nettle_aes192_encrypt; + nettle_aes256_encrypt; + nettle_aes_encrypt; + nettle_aes_set_encrypt_key; + nettle_aes_invert_key; + nettle_aes_set_decrypt_key; + nettle_aes128_set_encrypt_key; + nettle_aes128_invert_key; + nettle_aes128_set_decrypt_key; + nettle_aes128; + nettle_aes192_set_encrypt_key; + nettle_aes192_invert_key; + nettle_aes192_set_decrypt_key; + nettle_aes192; + nettle_aes256_set_encrypt_key; + nettle_aes256_invert_key; + nettle_aes256_set_decrypt_key; + nettle_aes256; + nettle_arcfour128_set_key; + nettle_arcfour_set_key; + nettle_arcfour_crypt; + nettle_arctwo128_set_key; + nettle_arctwo128_set_key_gutmann; + nettle_arctwo40_set_key; + nettle_arctwo64_set_key; + nettle_arctwo_decrypt; + nettle_arctwo_encrypt; + nettle_arctwo_set_key; + nettle_arctwo_set_key_ekb; + nettle_arctwo_set_key_gutmann; + nettle_arctwo128; + nettle_arctwo40; + nettle_arctwo64; + nettle_arctwo_gutmann128; + nettle_blowfish128_set_key; + nettle_blowfish_decrypt; + nettle_blowfish_encrypt; + nettle_blowfish_set_key; + nettle_base16_encode_single; + nettle_base16_encode_update; + nettle_base16_decode_final; + nettle_base16_decode_init; + nettle_base16_decode_single; + nettle_base16_decode_update; + nettle_base16; + nettle_base64_encode_final; + nettle_base64_encode_group; + nettle_base64_encode_init; + nettle_base64_encode_raw; + nettle_base64_encode_single; + nettle_base64_encode_update; + nettle_base64_decode_final; + nettle_base64_decode_init; + nettle_base64_decode_single; + nettle_base64_decode_update; + nettle_base64; + nettle_base64url_encode_init; + nettle_base64url_decode_init; + nettle_base64url; + nettle_buffer_clear; + nettle_buffer_copy; + nettle_buffer_grow; + nettle_buffer_init_realloc; + nettle_buffer_init_size; + nettle_buffer_reset; + nettle_buffer_space; + nettle_buffer_write; + nettle_buffer_init; + nettle_camellia128_set_encrypt_key; + nettle_camellia128_crypt; + nettle_camellia128_invert_key; + nettle_camellia_set_decrypt_key; + nettle_camellia128; + nettle_camellia192; + nettle_camellia192_set_encrypt_key; + nettle_camellia256_set_encrypt_key; + nettle_camellia256_crypt; + nettle_camellia192_set_decrypt_key; + nettle_camellia256_invert_key; + nettle_camellia256_set_decrypt_key; + nettle_camellia256; + nettle_cast128_decrypt; + nettle_cast128_encrypt; + nettle_cast128_set_key; + nettle_cast5_set_key; + nettle_cast128; + nettle_cbc_decrypt; + nettle_cbc_encrypt; + nettle_ccm_decrypt; + nettle_ccm_decrypt_message; + nettle_ccm_digest; + nettle_ccm_encrypt; + nettle_ccm_encrypt_message; + nettle_ccm_set_nonce; + nettle_ccm_update; + nettle_ccm_aes128_decrypt; + nettle_ccm_aes128_decrypt_message; + nettle_ccm_aes128_digest; + nettle_ccm_aes128_encrypt; + nettle_ccm_aes128_encrypt_message; + nettle_ccm_aes128_set_key; + nettle_ccm_aes128_set_nonce; + nettle_ccm_aes128_update; + nettle_ccm_aes192_decrypt; + nettle_ccm_aes192_decrypt_message; + nettle_ccm_aes192_digest; + nettle_ccm_aes192_encrypt; + nettle_ccm_aes192_encrypt_message; + nettle_ccm_aes192_set_key; + nettle_ccm_aes192_set_nonce; + nettle_ccm_aes192_update; + nettle_ccm_aes256_decrypt; + nettle_ccm_aes256_decrypt_message; + nettle_ccm_aes256_digest; + nettle_ccm_aes256_encrypt; + nettle_ccm_aes256_encrypt_message; + nettle_ccm_aes256_set_key; + nettle_ccm_aes256_set_nonce; + nettle_ccm_aes256_update; + nettle_cfb8_decrypt; + nettle_cfb8_encrypt; + nettle_cfb_decrypt; + nettle_cfb_encrypt; + nettle_chacha_crypt; + nettle_chacha_poly1305_decrypt; + nettle_chacha_poly1305_digest; + nettle_chacha_poly1305_encrypt; + nettle_chacha_poly1305_set_key; + nettle_chacha_poly1305_set_nonce; + nettle_chacha_poly1305_update; + nettle_chacha_poly1305; + nettle_chacha_set_key; + nettle_chacha_set_nonce; + nettle_chacha_set_nonce96; + nettle_ctr_crypt; + nettle_des_check_parity; + nettle_des_decrypt; + nettle_des_encrypt; + nettle_des_fix_parity; + nettle_des_set_key; + nettle_des3_decrypt; + nettle_des3_encrypt; + nettle_des3_set_key; + nettle_openssl_des_cbc_cksum; + nettle_openssl_des_cbc_encrypt; + nettle_openssl_des_check_key; + nettle_openssl_des_ecb3_encrypt; + nettle_openssl_des_ecb_encrypt; + nettle_openssl_des_ede3_cbc_encrypt; + nettle_openssl_des_is_weak_key; + nettle_openssl_des_key_sched; + nettle_openssl_des_ncbc_encrypt; + nettle_openssl_des_set_odd_parity; + nettle_eax_decrypt; + nettle_eax_digest; + nettle_eax_encrypt; + nettle_eax_set_key; + nettle_eax_set_nonce; + nettle_eax_update; + nettle_eax_aes128_decrypt; + nettle_eax_aes128_digest; + nettle_eax_aes128_encrypt; + nettle_eax_aes128_set_key; + nettle_eax_aes128_set_nonce; + nettle_eax_aes128_update; + nettle_eax_aes128; + nettle_gcm_decrypt; + nettle_gcm_digest; + nettle_gcm_encrypt; + nettle_gcm_set_iv; + nettle_gcm_set_key; + nettle_gcm_update; + nettle_gcm_aes_decrypt; + nettle_gcm_aes_digest; + nettle_gcm_aes_encrypt; + nettle_gcm_aes_set_iv; + nettle_gcm_aes_set_key; + nettle_gcm_aes_update; + nettle_gcm_aes128_decrypt; + nettle_gcm_aes128_digest; + nettle_gcm_aes128_encrypt; + nettle_gcm_aes128_set_iv; + nettle_gcm_aes128_set_key; + nettle_gcm_aes128_update; + nettle_gcm_aes128; + nettle_gcm_aes192_decrypt; + nettle_gcm_aes192_digest; + nettle_gcm_aes192_encrypt; + nettle_gcm_aes192_set_iv; + nettle_gcm_aes192_set_key; + nettle_gcm_aes192_update; + nettle_gcm_aes192; + nettle_gcm_aes256_decrypt; + nettle_gcm_aes256_digest; + nettle_gcm_aes256_encrypt; + nettle_gcm_aes256_set_iv; + nettle_gcm_aes256_set_key; + nettle_gcm_aes256_update; + nettle_gcm_aes256; + nettle_gcm_camellia128_decrypt; + nettle_gcm_camellia128_digest; + nettle_gcm_camellia128_encrypt; + nettle_gcm_camellia128_set_iv; + nettle_gcm_camellia128_set_key; + nettle_gcm_camellia128_update; + nettle_gcm_camellia128; + nettle_gcm_camellia256_decrypt; + nettle_gcm_camellia256_digest; + nettle_gcm_camellia256_encrypt; + nettle_gcm_camellia256_set_iv; + nettle_gcm_camellia256_set_key; + nettle_gcm_camellia256_update; + nettle_gcm_camellia256; + nettle_cmac128_digest; + nettle_cmac128_set_key; + nettle_cmac128_update; + nettle_cmac_aes128_digest; + nettle_cmac_aes128_set_key; + nettle_cmac_aes128_update; + nettle_cmac_aes256_digest; + nettle_cmac_aes256_set_key; + nettle_cmac_aes256_update; + nettle_gosthash94_digest; + nettle_gosthash94_init; + nettle_gosthash94_update; + nettle_gosthash94; + nettle_hmac_digest; + nettle_hmac_set_key; + nettle_hmac_update; + nettle_hmac_md5_digest; + nettle_hmac_md5_set_key; + nettle_hmac_md5_update; + nettle_hmac_ripemd160_digest; + nettle_hmac_ripemd160_set_key; + nettle_hmac_ripemd160_update; + nettle_hmac_sha1_digest; + nettle_hmac_sha1_set_key; + nettle_hmac_sha1_update; + nettle_hmac_sha224_digest; + nettle_hmac_sha224_set_key; + nettle_hmac_sha256_digest; + nettle_hmac_sha256_set_key; + nettle_hmac_sha256_update; + nettle_hmac_sha384_digest; + nettle_hmac_sha384_set_key; + nettle_hmac_sha512_digest; + nettle_hmac_sha512_set_key; + nettle_hmac_sha512_update; + nettle_knuth_lfib_get; + nettle_knuth_lfib_get_array; + nettle_knuth_lfib_init; + nettle_knuth_lfib_random; + nettle_hkdf_expand; + nettle_hkdf_extract; + nettle_md2_digest; + nettle_md2_init; + nettle_md2_update; + nettle_md2; + nettle_md4_digest; + nettle_md4_init; + nettle_md4_update; + nettle_md4; + nettle_md5_digest; + nettle_md5_init; + nettle_md5_update; + _nettle_md5_compress; + nettle_MD5Final; + nettle_MD5Init; + nettle_MD5Update; + nettle_md5; + nettle_memeql_sec; + nettle_memxor; + nettle_memxor3; + nettle_lookup_hash; + nettle_get_aeads; + nettle_get_armors; + nettle_get_ciphers; + nettle_get_hashes; + nettle_pbkdf2; + nettle_pbkdf2_hmac_sha1; + nettle_pbkdf2_hmac_sha256; + nettle_poly1305_aes_digest; + nettle_poly1305_aes_set_key; + nettle_poly1305_aes_set_nonce; + nettle_poly1305_aes_update; + nettle_poly1305_digest; + nettle_poly1305_set_key; + nettle_realloc; + nettle_xrealloc; + nettle_ripemd160_digest; + nettle_ripemd160_init; + nettle_ripemd160_update; + nettle_ripemd160; + nettle_salsa20_crypt; + nettle_salsa20r12_crypt; + nettle_salsa20_set_key; + nettle_salsa20_set_nonce; + nettle_salsa20_128_set_key; + nettle_salsa20_256_set_key; + nettle_sha1_digest; + nettle_sha1_init; + nettle_sha1_update; + _nettle_sha1_compress; + nettle_sha1; + nettle_sha224_digest; + nettle_sha224_init; + nettle_sha256_digest; + nettle_sha256_init; + nettle_sha256_update; + nettle_sha224; + nettle_sha256; + nettle_sha384_digest; + nettle_sha384_init; + nettle_sha512_224_digest; + nettle_sha512_224_init; + nettle_sha512_256_digest; + nettle_sha512_256_init; + nettle_sha512_digest; + nettle_sha512_init; + nettle_sha512_update; + nettle_sha384; + nettle_sha512; + nettle_sha512_224; + nettle_sha512_256; + nettle_sha3_permute; + nettle_sha3_224_digest; + nettle_sha3_224_init; + nettle_sha3_224_update; + nettle_sha3_224; + nettle_sha3_256_digest; + nettle_sha3_256_init; + nettle_sha3_256_update; + nettle_sha3_256; + nettle_sha3_384_digest; + nettle_sha3_384_init; + nettle_sha3_384_update; + nettle_sha3_384; + nettle_sha3_512_digest; + nettle_sha3_512_init; + nettle_sha3_512_update; + nettle_sha3_512; + nettle_serpent128_set_key; + nettle_serpent192_set_key; + nettle_serpent256_set_key; + nettle_serpent_set_key; + nettle_serpent_encrypt; + nettle_serpent_decrypt; + nettle_serpent128; + nettle_serpent192; + nettle_serpent256; + nettle_twofish128_set_key; + nettle_twofish192_set_key; + nettle_twofish256_set_key; + nettle_twofish_decrypt; + nettle_twofish_encrypt; + nettle_twofish_set_key; + nettle_twofish128; + nettle_twofish192; + nettle_twofish256; + nettle_umac32_digest; + nettle_umac32_set_key; + nettle_umac32_set_nonce; + nettle_umac32_update; + nettle_umac64_digest; + nettle_umac64_set_key; + nettle_umac64_set_nonce; + nettle_umac64_update; + nettle_umac96_digest; + nettle_umac96_set_key; + nettle_umac96_set_nonce; + nettle_umac96_update; + nettle_umac128_digest; + nettle_umac128_set_key; + nettle_umac128_set_nonce; + nettle_umac128_update; + nettle_version_major; + nettle_version_minor; + nettle_yarrow256_fast_reseed; + nettle_yarrow256_init; + nettle_yarrow256_is_seeded; + nettle_yarrow256_needed_sources; + nettle_yarrow256_random; + nettle_yarrow256_seed; + nettle_yarrow256_slow_reseed; + nettle_yarrow256_update; + nettle_yarrow_key_event_estimate; + nettle_yarrow_key_event_init; local: *; }; +# Internal symbols which are to be used only for unit or other +# testing. Compatibility may break across releases. +NETTLE_INTERNAL_@LIBNETTLE_MAJOR@_@LIBNETTLE_MINOR@ +{ + global: + _nettle_salsa20_core; + _nettle_aes_decrypt; + _nettle_aes_encrypt_table; + _nettle_aes_invert; + _nettle_aes_set_key; + _nettle_camellia_crypt; + _nettle_camellia_table; + _nettle_camellia_absorb; + _nettle_camellia_invert_key; + _nettle_ctr_crypt16; + _nettle_gcm_hash8; + _nettle_aes_encrypt; + _nettle_chacha_core; + _nettle_write_be32; + _nettle_write_le32; + _nettle_write_le64; + + local: + *; +}; diff --git a/nettle-internal.h b/nettle-internal.h index dbd989b7..dc379f1f 100644 --- a/nettle-internal.h +++ b/nettle-internal.h @@ -115,4 +115,6 @@ extern const struct nettle_aead nettle_openssl_arcfour128; extern const struct nettle_hash nettle_openssl_md5; extern const struct nettle_hash nettle_openssl_sha1; +extern const struct nettle_hash * const _nettle_hashes[]; + #endif /* NETTLE_INTERNAL_H_INCLUDED */ diff --git a/nettle-lookup-hash.c b/nettle-lookup-hash.c index f508783a..555091ea 100644 --- a/nettle-lookup-hash.c +++ b/nettle-lookup-hash.c @@ -37,6 +37,7 @@ #include <string.h> #include "nettle-meta.h" +#include "nettle-internal.h" const struct nettle_hash * nettle_lookup_hash (const char *name) diff --git a/nettle-meta.h b/nettle-meta.h index 3c13e9b2..8fe1cf84 100644 --- a/nettle-meta.h +++ b/nettle-meta.h @@ -61,8 +61,6 @@ struct nettle_cipher }; /* null-terminated list of ciphers implemented by this version of nettle */ -extern const struct nettle_cipher * const _nettle_ciphers[]; - const struct nettle_cipher * const * #ifdef __GNUC__ __attribute__((pure)) @@ -123,8 +121,6 @@ struct nettle_hash } /* null-terminated list of digests implemented by this version of nettle */ -extern const struct nettle_hash * const _nettle_hashes[]; - const struct nettle_hash * const * #ifdef __GNUC__ __attribute__((pure)) @@ -176,8 +172,6 @@ struct nettle_aead /* null-terminated list of aead constructions implemented by this version of nettle */ -extern const struct nettle_aead * const _nettle_aeads[]; - const struct nettle_aead * const * #ifdef __GNUC__ __attribute__((pure)) @@ -244,8 +238,6 @@ struct nettle_armor } /* null-terminated list of armor schemes implemented by this version of nettle */ -extern const struct nettle_armor * const _nettle_armors[]; - const struct nettle_armor * const * #ifdef __GNUC__ __attribute__((pure)) diff --git a/pkcs1-rsa-digest.c b/pkcs1-rsa-digest.c index 79555a89..60d20555 100644 --- a/pkcs1-rsa-digest.c +++ b/pkcs1-rsa-digest.c @@ -34,10 +34,10 @@ #endif #include "pkcs1.h" - #include "bignum.h" #include "gmp-glue.h" #include "nettle-internal.h" +#include "hogweed-internal.h" int pkcs1_rsa_digest_encode(mpz_t m, size_t key_size, diff --git a/pkcs1-rsa-md5.c b/pkcs1-rsa-md5.c index aaf3b4bd..4b44155d 100644 --- a/pkcs1-rsa-md5.c +++ b/pkcs1-rsa-md5.c @@ -43,6 +43,7 @@ #include "bignum.h" #include "pkcs1.h" +#include "hogweed-internal.h" #include "gmp-glue.h" diff --git a/pkcs1-rsa-sha1.c b/pkcs1-rsa-sha1.c index f2467d8a..b9ac83aa 100644 --- a/pkcs1-rsa-sha1.c +++ b/pkcs1-rsa-sha1.c @@ -43,6 +43,7 @@ #include "bignum.h" #include "pkcs1.h" +#include "hogweed-internal.h" #include "gmp-glue.h" diff --git a/pkcs1-rsa-sha256.c b/pkcs1-rsa-sha256.c index a93211cd..3c524318 100644 --- a/pkcs1-rsa-sha256.c +++ b/pkcs1-rsa-sha256.c @@ -43,6 +43,7 @@ #include "bignum.h" #include "pkcs1.h" +#include "hogweed-internal.h" #include "gmp-glue.h" diff --git a/pkcs1-rsa-sha512.c b/pkcs1-rsa-sha512.c index a798f5ac..b9e788f3 100644 --- a/pkcs1-rsa-sha512.c +++ b/pkcs1-rsa-sha512.c @@ -43,6 +43,7 @@ #include "bignum.h" #include "pkcs1.h" +#include "hogweed-internal.h" #include "gmp-glue.h" diff --git a/pkcs1.c b/pkcs1.c index c2ff6899..15d54e1f 100644 --- a/pkcs1.c +++ b/pkcs1.c @@ -39,6 +39,7 @@ #include <string.h> #include "pkcs1.h" +#include "hogweed-internal.h" /* Formats the PKCS#1 padding, of the form * diff --git a/pkcs1.h b/pkcs1.h index 70aa21f1..06ad5f91 100644 --- a/pkcs1.h +++ b/pkcs1.h @@ -42,7 +42,6 @@ extern "C" { #endif /* Name mangling */ -#define _pkcs1_signature_prefix _nettle_pkcs1_signature_prefix #define pkcs1_rsa_digest_encode nettle_pkcs1_rsa_digest_encode #define pkcs1_rsa_md5_encode nettle_pkcs1_rsa_md5_encode #define pkcs1_rsa_md5_encode_digest nettle_pkcs1_rsa_md5_encode_digest @@ -60,13 +59,6 @@ struct sha1_ctx; struct sha256_ctx; struct sha512_ctx; -uint8_t * -_pkcs1_signature_prefix(unsigned key_size, - uint8_t *buffer, - unsigned id_size, - const uint8_t *id, - unsigned digest_size); - int pkcs1_encrypt (size_t key_size, /* For padding */ diff --git a/ripemd160-internal.h b/ripemd160-internal.h new file mode 100644 index 00000000..e44e2fbe --- /dev/null +++ b/ripemd160-internal.h @@ -0,0 +1,43 @@ +/* ripemd160-internal.h + + RIPEMD-160 hash function. + + Copyright (C) 2011 Andres Mejia + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#ifndef NETTLE_RIPEMD160_INTERNAL_H_INCLUDED +#define NETTLE_RIPEMD160_INTERNAL_H_INCLUDED + + +/* Internal compression function. STATE points to 5 uint32_t words, + and DATA points to 64 bytes of input data, possibly unaligned. */ +void +_nettle_ripemd160_compress(uint32_t *state, const uint8_t *data); + +#endif /* NETTLE_RIPEMD160_INTERNAL_H_INCLUDED */ diff --git a/ripemd160.c b/ripemd160.c index c5743d6a..56ffee33 100644 --- a/ripemd160.c +++ b/ripemd160.c @@ -40,6 +40,7 @@ #include <assert.h> #include "ripemd160.h" +#include "ripemd160-internal.h" #include "macros.h" #include "nettle-write.h" diff --git a/ripemd160.h b/ripemd160.h index 80d1d8a7..4fee0c60 100644 --- a/ripemd160.h +++ b/ripemd160.h @@ -76,11 +76,6 @@ ripemd160_digest(struct ripemd160_ctx *ctx, size_t length, uint8_t *digest); -/* Internal compression function. STATE points to 5 uint32_t words, - and DATA points to 64 bytes of input data, possibly unaligned. */ -void -_nettle_ripemd160_compress(uint32_t *state, const uint8_t *data); - #ifdef __cplusplus } #endif diff --git a/rsa-blind.c b/rsa-blind.c index 16b03d77..0deb9443 100644 --- a/rsa-blind.c +++ b/rsa-blind.c @@ -36,6 +36,7 @@ #endif #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" diff --git a/rsa-decrypt-tr.c b/rsa-decrypt-tr.c index e4fbc5fe..e800b71e 100644 --- a/rsa-decrypt-tr.c +++ b/rsa-decrypt-tr.c @@ -37,6 +37,7 @@ #endif #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" #include "pkcs1.h" diff --git a/rsa-encrypt.c b/rsa-encrypt.c index b2761ba2..b9903279 100644 --- a/rsa-encrypt.c +++ b/rsa-encrypt.c @@ -36,6 +36,7 @@ #endif #include "rsa.h" +#include "rsa-internal.h" #include "pkcs1.h" diff --git a/rsa-internal.h b/rsa-internal.h new file mode 100644 index 00000000..e367ce5a --- /dev/null +++ b/rsa-internal.h @@ -0,0 +1,68 @@ +/* rsa-internal.h + + The RSA publickey algorithm. + + Copyright (C) 2001, 2002 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#ifndef NETTLE_RSA_INTERNAL_H_INCLUDED +#define NETTLE_RSA_INTERNAL_H_INCLUDED + +#include "nettle-types.h" + +#define _rsa_verify _nettle_rsa_verify +#define _rsa_verify_recover _nettle_rsa_verify_recover +#define _rsa_check_size _nettle_rsa_check_size +#define _rsa_blind _nettle_rsa_blind +#define _rsa_unblind _nettle_rsa_unblind + +/* Internal functions. */ +int +_rsa_verify(const struct rsa_public_key *key, + const mpz_t m, + const mpz_t s); + +int +_rsa_verify_recover(const struct rsa_public_key *key, + mpz_t m, + const mpz_t s); + +size_t +_rsa_check_size(mpz_t n); + +/* _rsa_blind and _rsa_unblind are deprecated, unused in the library, + and will likely be removed with the next ABI break. */ +void +_rsa_blind (const struct rsa_public_key *pub, + void *random_ctx, nettle_random_func *random, + mpz_t c, mpz_t ri); +void +_rsa_unblind (const struct rsa_public_key *pub, mpz_t c, const mpz_t ri); + +#endif /* NETTLE_RSA_INTERNAL_H_INCLUDED */ diff --git a/rsa-keygen.c b/rsa-keygen.c index a9ce8ee1..bf04cb82 100644 --- a/rsa-keygen.c +++ b/rsa-keygen.c @@ -39,6 +39,7 @@ #include <stdlib.h> #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" #ifndef DEBUG diff --git a/rsa-md5-sign-tr.c b/rsa-md5-sign-tr.c index 318d5390..4c362ec5 100644 --- a/rsa-md5-sign-tr.c +++ b/rsa-md5-sign-tr.c @@ -38,6 +38,7 @@ #include <assert.h> #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" #include "pkcs1.h" diff --git a/rsa-md5-sign.c b/rsa-md5-sign.c index d39fd08b..84f1cc00 100644 --- a/rsa-md5-sign.c +++ b/rsa-md5-sign.c @@ -38,6 +38,7 @@ #include <assert.h> #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" #include "pkcs1.h" diff --git a/rsa-md5-verify.c b/rsa-md5-verify.c index b3205b62..2211f2e4 100644 --- a/rsa-md5-verify.c +++ b/rsa-md5-verify.c @@ -38,6 +38,7 @@ #include <assert.h> #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" #include "pkcs1.h" diff --git a/rsa-pkcs1-sign-tr.c b/rsa-pkcs1-sign-tr.c index 00094b56..5ac14ff9 100644 --- a/rsa-pkcs1-sign-tr.c +++ b/rsa-pkcs1-sign-tr.c @@ -35,6 +35,7 @@ # include "config.h" #endif #include "rsa.h" +#include "rsa-internal.h" #include "pkcs1.h" diff --git a/rsa-pkcs1-sign.c b/rsa-pkcs1-sign.c index 27a8b24b..a1a6b2e8 100644 --- a/rsa-pkcs1-sign.c +++ b/rsa-pkcs1-sign.c @@ -36,6 +36,7 @@ #endif #include "rsa.h" +#include "rsa-internal.h" #include "pkcs1.h" diff --git a/rsa-pkcs1-verify.c b/rsa-pkcs1-verify.c index 12c41246..def1c02c 100644 --- a/rsa-pkcs1-verify.c +++ b/rsa-pkcs1-verify.c @@ -36,6 +36,7 @@ #endif #include "rsa.h" +#include "rsa-internal.h" #include "pkcs1.h" diff --git a/rsa-pss-sha256-sign-tr.c b/rsa-pss-sha256-sign-tr.c index b17e40ed..a0880098 100644 --- a/rsa-pss-sha256-sign-tr.c +++ b/rsa-pss-sha256-sign-tr.c @@ -36,6 +36,7 @@ #endif #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" #include "pss.h" diff --git a/rsa-pss-sha256-verify.c b/rsa-pss-sha256-verify.c index 81bc4e68..496f1bd3 100644 --- a/rsa-pss-sha256-verify.c +++ b/rsa-pss-sha256-verify.c @@ -36,6 +36,7 @@ #endif #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" #include "pss.h" diff --git a/rsa-pss-sha512-sign-tr.c b/rsa-pss-sha512-sign-tr.c index 59536d6d..fb840b0f 100644 --- a/rsa-pss-sha512-sign-tr.c +++ b/rsa-pss-sha512-sign-tr.c @@ -36,6 +36,7 @@ #endif #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" #include "pss.h" diff --git a/rsa-pss-sha512-verify.c b/rsa-pss-sha512-verify.c index 34f8e81d..a74120ae 100644 --- a/rsa-pss-sha512-verify.c +++ b/rsa-pss-sha512-verify.c @@ -36,6 +36,7 @@ #endif #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" #include "pss.h" diff --git a/rsa-sha1-sign-tr.c b/rsa-sha1-sign-tr.c index 707acdec..6305611e 100644 --- a/rsa-sha1-sign-tr.c +++ b/rsa-sha1-sign-tr.c @@ -38,6 +38,7 @@ #include <assert.h> #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" #include "pkcs1.h" diff --git a/rsa-sha1-sign.c b/rsa-sha1-sign.c index 69d6efc3..4eb9963c 100644 --- a/rsa-sha1-sign.c +++ b/rsa-sha1-sign.c @@ -38,6 +38,7 @@ #include <assert.h> #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" #include "pkcs1.h" diff --git a/rsa-sha1-verify.c b/rsa-sha1-verify.c index a7ae5a90..b2fbd8ca 100644 --- a/rsa-sha1-verify.c +++ b/rsa-sha1-verify.c @@ -38,6 +38,7 @@ #include <assert.h> #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" #include "pkcs1.h" diff --git a/rsa-sha256-sign-tr.c b/rsa-sha256-sign-tr.c index 4179af8f..0b1c3df7 100644 --- a/rsa-sha256-sign-tr.c +++ b/rsa-sha256-sign-tr.c @@ -38,6 +38,7 @@ #include <assert.h> #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" #include "pkcs1.h" diff --git a/rsa-sha256-sign.c b/rsa-sha256-sign.c index b4fe40bf..7491c626 100644 --- a/rsa-sha256-sign.c +++ b/rsa-sha256-sign.c @@ -38,6 +38,7 @@ #include <assert.h> #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" #include "pkcs1.h" diff --git a/rsa-sha256-verify.c b/rsa-sha256-verify.c index a7b07920..f8b24dcb 100644 --- a/rsa-sha256-verify.c +++ b/rsa-sha256-verify.c @@ -38,6 +38,7 @@ #include <assert.h> #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" #include "pkcs1.h" diff --git a/rsa-sha512-sign-tr.c b/rsa-sha512-sign-tr.c index 158b80f2..e19ff7ae 100644 --- a/rsa-sha512-sign-tr.c +++ b/rsa-sha512-sign-tr.c @@ -38,6 +38,7 @@ #include <assert.h> #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" #include "pkcs1.h" diff --git a/rsa-sha512-sign.c b/rsa-sha512-sign.c index bfdddb7b..a96ed61d 100644 --- a/rsa-sha512-sign.c +++ b/rsa-sha512-sign.c @@ -38,6 +38,7 @@ #include <assert.h> #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" #include "pkcs1.h" diff --git a/rsa-sha512-verify.c b/rsa-sha512-verify.c index aa3e1204..03dfded5 100644 --- a/rsa-sha512-verify.c +++ b/rsa-sha512-verify.c @@ -38,6 +38,7 @@ #include <assert.h> #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" #include "pkcs1.h" diff --git a/rsa-sign-tr.c b/rsa-sign-tr.c index 8542cae2..257a02b4 100644 --- a/rsa-sign-tr.c +++ b/rsa-sign-tr.c @@ -37,6 +37,7 @@ #endif #include "rsa.h" +#include "rsa-internal.h" /* Blinds m, by computing c = m r^e (mod n), for a random r. Also returns the inverse (ri), for use by rsa_unblind. */ diff --git a/rsa-sign.c b/rsa-sign.c index 48323527..a5b6cfab 100644 --- a/rsa-sign.c +++ b/rsa-sign.c @@ -36,6 +36,7 @@ #endif #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" diff --git a/rsa-verify.c b/rsa-verify.c index 43a55d21..b090946a 100644 --- a/rsa-verify.c +++ b/rsa-verify.c @@ -36,6 +36,7 @@ #endif #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" diff --git a/rsa.c b/rsa.c index f5941409..65f00f64 100644 --- a/rsa.c +++ b/rsa.c @@ -36,6 +36,7 @@ #endif #include "rsa.h" +#include "rsa-internal.h" #include "bignum.h" diff --git a/rsa.h b/rsa.h index 2143fcd2..7d66d004 100644 --- a/rsa.h +++ b/rsa.h @@ -98,11 +98,6 @@ extern "C" { #define rsa_private_key_from_der_iterator nettle_rsa_private_key_from_der_iterator #define rsa_keypair_from_der nettle_rsa_keypair_from_der #define rsa_keypair_to_openpgp nettle_rsa_keypair_to_openpgp -#define _rsa_verify _nettle_rsa_verify -#define _rsa_verify_recover _nettle_rsa_verify_recover -#define _rsa_check_size _nettle_rsa_check_size -#define _rsa_blind _nettle_rsa_blind -#define _rsa_unblind _nettle_rsa_unblind /* This limit is somewhat arbitrary. Technically, the smallest modulo which makes sense at all is 15 = 3*5, phi(15) = 8, size 4 bits. But @@ -524,28 +519,6 @@ rsa_keypair_to_openpgp(struct nettle_buffer *buffer, /* A single user id. NUL-terminated utf8. */ const char *userid); -/* Internal functions. */ -int -_rsa_verify(const struct rsa_public_key *key, - const mpz_t m, - const mpz_t s); - -int -_rsa_verify_recover(const struct rsa_public_key *key, - mpz_t m, - const mpz_t s); - -size_t -_rsa_check_size(mpz_t n); - -/* _rsa_blind and _rsa_unblind are deprecated, unused in the library, - and will likely be removed with the next ABI break. */ -void -_rsa_blind (const struct rsa_public_key *pub, - void *random_ctx, nettle_random_func *random, - mpz_t c, mpz_t ri); -void -_rsa_unblind (const struct rsa_public_key *pub, mpz_t c, const mpz_t ri); #ifdef __cplusplus } diff --git a/salsa20-core-internal.c b/salsa20-core-internal.c index c26057d5..f9d3daf2 100644 --- a/salsa20-core-internal.c +++ b/salsa20-core-internal.c @@ -45,6 +45,7 @@ #include <string.h> #include "salsa20.h" +#include "salsa20-internal.h" #include "macros.h" diff --git a/salsa20-crypt.c b/salsa20-crypt.c index eef5c75c..770b3b4c 100644 --- a/salsa20-crypt.c +++ b/salsa20-crypt.c @@ -44,6 +44,7 @@ #include <string.h> #include "salsa20.h" +#include "salsa20-internal.h" #include "macros.h" #include "memxor.h" diff --git a/salsa20-internal.h b/salsa20-internal.h new file mode 100644 index 00000000..e056b8d3 --- /dev/null +++ b/salsa20-internal.h @@ -0,0 +1,45 @@ +/* salsa20-internal.h + + The Salsa20 stream cipher. + + Copyright (C) 2012 Simon Josefsson + Copyright (C) 2001 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#ifndef NETTLE_SALSA20_INTERNAL_H_INCLUDED +#define NETTLE_SALSA20_INTERNAL_H_INCLUDED + +#include "nettle-types.h" + +#define _salsa20_core _nettle_salsa20_core + +void +_salsa20_core(uint32_t *dst, const uint32_t *src, unsigned rounds); + +#endif /* NETTLE_SALSA20_INTERNAL_H_INCLUDED */ diff --git a/salsa20.h b/salsa20.h index 43019884..9f731f26 100644 --- a/salsa20.h +++ b/salsa20.h @@ -47,7 +47,6 @@ extern "C" { #define salsa20_256_set_key nettle_salsa20_256_set_key #define salsa20_set_nonce nettle_salsa20_set_nonce #define salsa20_crypt nettle_salsa20_crypt -#define _salsa20_core _nettle_salsa20_core #define salsa20r12_crypt nettle_salsa20r12_crypt @@ -104,9 +103,6 @@ salsa20r12_crypt(struct salsa20_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); -void -_salsa20_core(uint32_t *dst, const uint32_t *src, unsigned rounds); - #ifdef __cplusplus } #endif diff --git a/salsa20r12-crypt.c b/salsa20r12-crypt.c index a71c4cc3..20aecfc0 100644 --- a/salsa20r12-crypt.c +++ b/salsa20r12-crypt.c @@ -44,6 +44,7 @@ #include <string.h> #include "salsa20.h" +#include "salsa20-internal.h" #include "macros.h" #include "memxor.h" diff --git a/sha2-internal.h b/sha2-internal.h new file mode 100644 index 00000000..0b97210a --- /dev/null +++ b/sha2-internal.h @@ -0,0 +1,52 @@ +/* sha2-internal.h + + The sha2 family of hash functions. + + Copyright (C) 2001, 2012 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#ifndef NETTLE_SHA2_INTERNAL_H_INCLUDED +#define NETTLE_SHA2_INTERNAL_H_INCLUDED + +#include "nettle-types.h" + +/* Internal compression function. STATE points to 8 uint32_t words, + DATA points to 64 bytes of input data, possibly unaligned, and K + points to the table of constants. */ +void +_nettle_sha256_compress(uint32_t *state, const uint8_t *data, const uint32_t *k); + +/* Internal compression function. STATE points to 8 uint64_t words, + DATA points to 128 bytes of input data, possibly unaligned, and K + points to the table of constants. */ +void +_nettle_sha512_compress(uint64_t *state, const uint8_t *data, const uint64_t *k); + + +#endif /* NETTLE_SHA2_INTERNAL_H_INCLUDED */ diff --git a/sha2.h b/sha2.h index 6537c0ec..7e02f186 100644 --- a/sha2.h +++ b/sha2.h @@ -91,12 +91,6 @@ sha256_digest(struct sha256_ctx *ctx, size_t length, uint8_t *digest); -/* Internal compression function. STATE points to 8 uint32_t words, - DATA points to 64 bytes of input data, possibly unaligned, and K - points to the table of constants. */ -void -_nettle_sha256_compress(uint32_t *state, const uint8_t *data, const uint32_t *k); - /* SHA224, a truncated SHA256 with different initial state. */ @@ -144,12 +138,6 @@ sha512_digest(struct sha512_ctx *ctx, size_t length, uint8_t *digest); -/* Internal compression function. STATE points to 8 uint64_t words, - DATA points to 128 bytes of input data, possibly unaligned, and K - points to the table of constants. */ -void -_nettle_sha512_compress(uint64_t *state, const uint8_t *data, const uint64_t *k); - /* SHA384, a truncated SHA512 with different initial state. */ diff --git a/sha256-compress.c b/sha256-compress.c index 156c8cf9..cf17e3e1 100644 --- a/sha256-compress.c +++ b/sha256-compress.c @@ -53,6 +53,7 @@ #include <string.h> #include "sha2.h" +#include "sha2-internal.h" #include "macros.h" diff --git a/sha256.c b/sha256.c index c632b7f4..253c1319 100644 --- a/sha256.c +++ b/sha256.c @@ -43,6 +43,7 @@ #include <string.h> #include "sha2.h" +#include "sha2-internal.h" #include "macros.h" #include "nettle-write.h" diff --git a/sha3-224-meta.c b/sha3-224-meta.c index f0021b4f..bf39bc3b 100644 --- a/sha3-224-meta.c +++ b/sha3-224-meta.c @@ -36,6 +36,7 @@ #include "nettle-meta.h" #include "sha3.h" +#include "sha3-internal.h" const struct nettle_hash nettle_sha3_224 = _NETTLE_HASH(sha3_224, SHA3_224); diff --git a/sha3-224.c b/sha3-224.c index 83fce158..853c9503 100644 --- a/sha3-224.c +++ b/sha3-224.c @@ -39,6 +39,7 @@ #include <string.h> #include "sha3.h" +#include "sha3-internal.h" #include "nettle-write.h" diff --git a/sha3-256-meta.c b/sha3-256-meta.c index d56ee898..649d7422 100644 --- a/sha3-256-meta.c +++ b/sha3-256-meta.c @@ -36,6 +36,7 @@ #include "nettle-meta.h" #include "sha3.h" +#include "sha3-internal.h" const struct nettle_hash nettle_sha3_256 = _NETTLE_HASH(sha3_256, SHA3_256); diff --git a/sha3-256.c b/sha3-256.c index ca9b0209..cf3e7b02 100644 --- a/sha3-256.c +++ b/sha3-256.c @@ -39,6 +39,7 @@ #include <string.h> #include "sha3.h" +#include "sha3-internal.h" #include "nettle-write.h" diff --git a/sha3-384-meta.c b/sha3-384-meta.c index 3d38526c..38373394 100644 --- a/sha3-384-meta.c +++ b/sha3-384-meta.c @@ -36,6 +36,7 @@ #include "nettle-meta.h" #include "sha3.h" +#include "sha3-internal.h" const struct nettle_hash nettle_sha3_384 = _NETTLE_HASH(sha3_384, SHA3_384); diff --git a/sha3-384.c b/sha3-384.c index 148ba1d3..c0dec517 100644 --- a/sha3-384.c +++ b/sha3-384.c @@ -39,6 +39,7 @@ #include <string.h> #include "sha3.h" +#include "sha3-internal.h" #include "nettle-write.h" diff --git a/sha3-512-meta.c b/sha3-512-meta.c index e000128f..aff96373 100644 --- a/sha3-512-meta.c +++ b/sha3-512-meta.c @@ -36,6 +36,7 @@ #include "nettle-meta.h" #include "sha3.h" +#include "sha3-internal.h" const struct nettle_hash nettle_sha3_512 = _NETTLE_HASH(sha3_512, SHA3_512); diff --git a/sha3-512.c b/sha3-512.c index 145662b0..b477ec1b 100644 --- a/sha3-512.c +++ b/sha3-512.c @@ -39,6 +39,7 @@ #include <string.h> #include "sha3.h" +#include "sha3-internal.h" #include "nettle-write.h" diff --git a/sha3-internal.h b/sha3-internal.h new file mode 100644 index 00000000..27f3a95b --- /dev/null +++ b/sha3-internal.h @@ -0,0 +1,52 @@ +/* sha3-internal.h + + The sha3 hash function (aka Keccak). + + Copyright (C) 2012 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#ifndef NETTLE_SHA3_INTERNAL_H_INCLUDED +#define NETTLE_SHA3_INTERNAL_H_INCLUDED + +#include "nettle-types.h" + +#define _sha3_update _nettle_sha3_update +#define _sha3_pad _nettle_sha3_pad + +unsigned +_sha3_update (struct sha3_state *state, + unsigned block_size, uint8_t *block, + unsigned pos, + size_t length, const uint8_t *data); +void +_sha3_pad (struct sha3_state *state, + unsigned block_size, uint8_t *block, unsigned pos); + + +#endif diff --git a/sha3-permute.c b/sha3-permute.c index 14fb0d4c..b1b8a56d 100644 --- a/sha3-permute.c +++ b/sha3-permute.c @@ -36,6 +36,7 @@ #endif #include "sha3.h" +#include "sha3-internal.h" #include "macros.h" diff --git a/sha3.c b/sha3.c index 24581db2..4a083be2 100644 --- a/sha3.c +++ b/sha3.c @@ -39,6 +39,7 @@ #include <string.h> #include "sha3.h" +#include "sha3-internal.h" #include "macros.h" #include "memxor.h" diff --git a/sha3.h b/sha3.h index 0c655376..ad9b71c8 100644 --- a/sha3.h +++ b/sha3.h @@ -42,8 +42,6 @@ extern "C" { /* Name mangling */ #define sha3_permute nettle_sha3_permute -#define _sha3_update _nettle_sha3_update -#define _sha3_pad _nettle_sha3_pad #define sha3_224_init nettle_sha3_224_init #define sha3_224_update nettle_sha3_224_update #define sha3_224_digest nettle_sha3_224_digest @@ -75,15 +73,6 @@ struct sha3_state void sha3_permute (struct sha3_state *state); -unsigned -_sha3_update (struct sha3_state *state, - unsigned block_size, uint8_t *block, - unsigned pos, - size_t length, const uint8_t *data); -void -_sha3_pad (struct sha3_state *state, - unsigned block_size, uint8_t *block, unsigned pos); - /* The "capacity" is set to 2*(digest size), 512 bits or 64 octets. The "rate" is the width - capacity, or width - 2 * (digest size). */ diff --git a/sha512.c b/sha512.c index 249c4f05..6936cb50 100644 --- a/sha512.c +++ b/sha512.c @@ -44,6 +44,7 @@ #include <string.h> #include "sha2.h" +#include "sha2-internal.h" #include "macros.h" diff --git a/testsuite/chacha-test.c b/testsuite/chacha-test.c index 9edb9410..d6489e9c 100644 --- a/testsuite/chacha-test.c +++ b/testsuite/chacha-test.c @@ -35,6 +35,7 @@ #include "testutils.h" #include "chacha.h" +#include "chacha-internal.h" static void test_chacha(const struct tstring *key, const struct tstring *nonce, diff --git a/testsuite/eddsa-compress-test.c b/testsuite/eddsa-compress-test.c index 9ceb6fe9..f95da870 100644 --- a/testsuite/eddsa-compress-test.c +++ b/testsuite/eddsa-compress-test.c @@ -32,6 +32,7 @@ #include "testutils.h" #include "eddsa.h" +#include "eddsa-internal.h" #define COUNT 1000 diff --git a/testsuite/eddsa-sign-test.c b/testsuite/eddsa-sign-test.c index c496e6eb..c1da8228 100644 --- a/testsuite/eddsa-sign-test.c +++ b/testsuite/eddsa-sign-test.c @@ -32,6 +32,7 @@ #include "testutils.h" #include "eddsa.h" +#include "eddsa-internal.h" static void test_eddsa_sign (const struct ecc_curve *ecc, diff --git a/testsuite/eddsa-verify-test.c b/testsuite/eddsa-verify-test.c index dd6712ab..77008059 100644 --- a/testsuite/eddsa-verify-test.c +++ b/testsuite/eddsa-verify-test.c @@ -32,6 +32,7 @@ #include "testutils.h" #include "eddsa.h" +#include "eddsa-internal.h" static void test_eddsa (const struct ecc_curve *ecc, diff --git a/testsuite/pkcs1-test.c b/testsuite/pkcs1-test.c index 891ed3d5..7aedc388 100644 --- a/testsuite/pkcs1-test.c +++ b/testsuite/pkcs1-test.c @@ -1,6 +1,7 @@ #include "testutils.h" #include "pkcs1.h" +#include "hogweed-internal.h" void test_main(void) diff --git a/testsuite/sha3-permute-test.c b/testsuite/sha3-permute-test.c index 81892a37..1e4e9dea 100644 --- a/testsuite/sha3-permute-test.c +++ b/testsuite/sha3-permute-test.c @@ -1,6 +1,7 @@ #include "testutils.h" #include "sha3.h" +#include "sha3-internal.h" static void display (const struct sha3_state *state) diff --git a/umac-internal.h b/umac-internal.h new file mode 100644 index 00000000..1d2cc091 --- /dev/null +++ b/umac-internal.h @@ -0,0 +1,95 @@ +/* umac-internal.h + + UMAC message authentication code (RFC-4418). + + Copyright (C) 2013 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#ifndef NETTLE_UMAC_INTERNAL_H_INCLUDED +#define NETTLE_UMAC_INTERNAL_H_INCLUDED + +#include "nettle-types.h" + +#define _umac_set_key _nettle_umac_set_key +#define _umac_nh _nettle_umac_nh +#define _umac_nh_n _nettle_umac_nh_n +#define _umac_poly64 _nettle_umac_poly64 +#define _umac_poly128 _nettle_umac_poly128 +#define _umac_l2_init _nettle_umac_l2_init +#define _umac_l2 _nettle_umac_l2 +#define _umac_l2_final _nettle_umac_l2_final +#define _umac_l3_init _nettle_umac_l3_init +#define _umac_l3 _nettle_umac_l3 + +void +_umac_set_key (uint32_t *l1_key, uint32_t *l2_key, + uint64_t *l3_key1, uint32_t *l3_key2, + struct aes128_ctx *pad, const uint8_t *key, unsigned n); + +uint64_t +_umac_nh (const uint32_t *key, unsigned length, const uint8_t *msg); + +/* Equivalent to + + for (i = 0; i < n; i++) + out[i] = _umac_nh (key + 4*i, length, msg); + + but processing input only once. +*/ +void +_umac_nh_n (uint64_t *out, unsigned n, const uint32_t *key, + unsigned length, const uint8_t *msg); + +/* Returns y*k + m (mod p), including "marker" processing. Return + value is *not* in canonical representation, and must be normalized + before the output is used. */ +uint64_t +_umac_poly64 (uint32_t kh, uint32_t kl, uint64_t y, uint64_t m); + +void +_umac_poly128 (const uint32_t *k, uint64_t *y, uint64_t mh, uint64_t ml); + +void +_umac_l2_init (unsigned size, uint32_t *k); + +void +_umac_l2(const uint32_t *key, uint64_t *state, unsigned n, + uint64_t count, const uint64_t *m); + +void +_umac_l2_final(const uint32_t *key, uint64_t *state, unsigned n, + uint64_t count); + +void +_umac_l3_init (unsigned size, uint64_t *k); + +uint32_t +_umac_l3 (const uint64_t *key, const uint64_t *m); + +#endif /* NETTLE_UMAC_INTERNAL_H_INCLUDED */ diff --git a/umac-l2.c b/umac-l2.c index cd20baca..97d6e2cb 100644 --- a/umac-l2.c +++ b/umac-l2.c @@ -37,6 +37,7 @@ #include <string.h> #include "umac.h" +#include "umac-internal.h" #include "macros.h" diff --git a/umac-l3.c b/umac-l3.c index f7b4c2be..6812ddfb 100644 --- a/umac-l3.c +++ b/umac-l3.c @@ -34,6 +34,7 @@ #endif #include "umac.h" +#include "umac-internal.h" #include "macros.h" diff --git a/umac-nh-n.c b/umac-nh-n.c index e9233716..7c399897 100644 --- a/umac-nh-n.c +++ b/umac-nh-n.c @@ -37,6 +37,7 @@ #include <string.h> #include "umac.h" +#include "umac-internal.h" #include "macros.h" /* For fat builds */ diff --git a/umac-nh.c b/umac-nh.c index ab1b392a..9afbe804 100644 --- a/umac-nh.c +++ b/umac-nh.c @@ -36,6 +36,7 @@ #include <assert.h> #include "umac.h" +#include "umac-internal.h" #include "macros.h" /* For fat builds */ diff --git a/umac-poly128.c b/umac-poly128.c index 890e94a8..1049b909 100644 --- a/umac-poly128.c +++ b/umac-poly128.c @@ -36,6 +36,7 @@ #include <assert.h> #include "umac.h" +#include "umac-internal.h" #define HI(x) (x >> 32) #define LO(x) (x & 0xffffffffUL) diff --git a/umac-poly64.c b/umac-poly64.c index d3dafdf3..11137cb5 100644 --- a/umac-poly64.c +++ b/umac-poly64.c @@ -36,6 +36,7 @@ #include <assert.h> #include "umac.h" +#include "umac-internal.h" static uint64_t poly64_mul (uint32_t kh, uint32_t kl, uint64_t y) diff --git a/umac-set-key.c b/umac-set-key.c index 13a9589c..24aa390b 100644 --- a/umac-set-key.c +++ b/umac-set-key.c @@ -36,6 +36,7 @@ #include <string.h> #include "umac.h" +#include "umac-internal.h" #include "macros.h" diff --git a/umac.h b/umac.h index f4d3c7ad..0db87221 100644 --- a/umac.h +++ b/umac.h @@ -55,16 +55,6 @@ extern "C" { #define umac64_digest nettle_umac64_digest #define umac96_digest nettle_umac96_digest #define umac128_digest nettle_umac128_digest -#define _umac_set_key _nettle_umac_set_key -#define _umac_nh _nettle_umac_nh -#define _umac_nh_n _nettle_umac_nh_n -#define _umac_poly64 _nettle_umac_poly64 -#define _umac_poly128 _nettle_umac_poly128 -#define _umac_l2_init _nettle_umac_l2_init -#define _umac_l2 _nettle_umac_l2 -#define _umac_l2_final _nettle_umac_l2_final -#define _umac_l3_init _nettle_umac_l3_init -#define _umac_l3 _nettle_umac_l3 #include "nettle-types.h" #include "aes.h" @@ -201,51 +191,6 @@ umac128_digest (struct umac128_ctx *ctx, #define UMAC_P128_HI (~(uint64_t) 0) #define UMAC_P128_LO (-(uint64_t) UMAC_P128_OFFSET) -void -_umac_set_key (uint32_t *l1_key, uint32_t *l2_key, - uint64_t *l3_key1, uint32_t *l3_key2, - struct aes128_ctx *pad, const uint8_t *key, unsigned n); - -uint64_t -_umac_nh (const uint32_t *key, unsigned length, const uint8_t *msg); - -/* Equivalent to - - for (i = 0; i < n; i++) - out[i] = _umac_nh (key + 4*i, length, msg); - - but processing input only once. -*/ -void -_umac_nh_n (uint64_t *out, unsigned n, const uint32_t *key, - unsigned length, const uint8_t *msg); - -/* Returns y*k + m (mod p), including "marker" processing. Return - value is *not* in canonical representation, and must be normalized - before the output is used. */ -uint64_t -_umac_poly64 (uint32_t kh, uint32_t kl, uint64_t y, uint64_t m); - -void -_umac_poly128 (const uint32_t *k, uint64_t *y, uint64_t mh, uint64_t ml); - -void -_umac_l2_init (unsigned size, uint32_t *k); - -void -_umac_l2(const uint32_t *key, uint64_t *state, unsigned n, - uint64_t count, const uint64_t *m); - -void -_umac_l2_final(const uint32_t *key, uint64_t *state, unsigned n, - uint64_t count); - -void -_umac_l3_init (unsigned size, uint64_t *k); - -uint32_t -_umac_l3 (const uint64_t *key, const uint64_t *m); - #ifdef __cplusplus } #endif diff --git a/umac128.c b/umac128.c index d0c607e8..527e91ce 100644 --- a/umac128.c +++ b/umac128.c @@ -37,6 +37,7 @@ #include <string.h> #include "umac.h" +#include "umac-internal.h" #include "macros.h" diff --git a/umac32.c b/umac32.c index 32f34c39..cf9487c0 100644 --- a/umac32.c +++ b/umac32.c @@ -37,6 +37,7 @@ #include <string.h> #include "umac.h" +#include "umac-internal.h" #include "macros.h" diff --git a/umac64.c b/umac64.c index a1122cb1..a53b950d 100644 --- a/umac64.c +++ b/umac64.c @@ -37,6 +37,7 @@ #include <string.h> #include "umac.h" +#include "umac-internal.h" #include "macros.h" diff --git a/umac96.c b/umac96.c index 8d72f1bf..1f558539 100644 --- a/umac96.c +++ b/umac96.c @@ -37,6 +37,7 @@ #include <string.h> #include "umac.h" +#include "umac-internal.h" #include "macros.h" -- 2.17.0
From ac5caaf0a4b12565fb65539bf8bc3447c53d6ebf Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos <[email protected]> Date: Tue, 12 Jun 2018 13:26:00 +0200 Subject: [PATCH 2/3] .gitlab-ci.yml: link with shared library on x86-64 build This allows testing whether exported symbols are sufficient for the included test suite. --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c1586e9a..abfb81a3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -13,7 +13,7 @@ build/x86-64: image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - ./.bootstrap && - ./configure --enable-fat --disable-documentation && make -j4 && + ./configure --disable-static --enable-fat --disable-documentation && make -j4 && make check -j4 tags: - shared -- 2.17.0
From 5d0456c06f23b9afb2a28e3e03398157263d400e Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos <[email protected]> Date: Tue, 12 Jun 2018 13:32:54 +0200 Subject: [PATCH 3/3] nettle_md5/sha1_compress are now part of API These were exported for long time and are now part of existing software. Signed-off-by: Nikos Mavrogiannopoulos <[email protected]> --- arm/fat/sha1-compress-2.asm | 2 +- arm/v6/sha1-compress.asm | 6 +++--- examples/nettle-benchmark.c | 2 +- fat-arm.c | 8 ++++---- fat-setup.h | 3 +++ fat-x86_64.c | 12 ++++++------ libnettle.map.in | 4 ++-- md5-compress.c | 2 +- md5.c | 4 ++-- md5.h | 3 ++- sha1-compress.c | 6 +++--- sha1.c | 4 ++-- sha1.h | 3 ++- testsuite/md5-test.c | 2 +- x86/md5-compress.asm | 6 +++--- x86/sha1-compress.asm | 6 +++--- x86_64/md5-compress.asm | 6 +++--- x86_64/sha1-compress.asm | 6 +++--- x86_64/sha_ni/sha1-compress.asm | 6 +++--- 19 files changed, 48 insertions(+), 43 deletions(-) diff --git a/arm/fat/sha1-compress-2.asm b/arm/fat/sha1-compress-2.asm index c326befd..b915bb45 100644 --- a/arm/fat/sha1-compress-2.asm +++ b/arm/fat/sha1-compress-2.asm @@ -31,7 +31,7 @@ ifelse(< not, see http://www.gnu.org/licenses/. >) -dnl PROLOGUE(_nettle_sha1_compress) picked up by configure +dnl PROLOGUE(nettle_sha1_compress) picked up by configure define(<fat_transform>, <$1_armv6>) include_src(<arm/v6/sha1-compress.asm>) diff --git a/arm/v6/sha1-compress.asm b/arm/v6/sha1-compress.asm index 8cc22be7..f60b4230 100644 --- a/arm/v6/sha1-compress.asm +++ b/arm/v6/sha1-compress.asm @@ -101,7 +101,7 @@ define(<ROUND3>, < ror $2, $2, #2 add $5, $5, T0 >) - C void _nettle_sha1_compress(uint32_t *state, const uint8_t *input) + C void nettle_sha1_compress(uint32_t *state, const uint8_t *input) .text .align 2 @@ -112,7 +112,7 @@ define(<ROUND3>, < .LK3: .int 0x8F1BBCDC -PROLOGUE(_nettle_sha1_compress) +PROLOGUE(nettle_sha1_compress) push {r4,r5,r6,r7,r8,r10,lr} sub sp, sp, #64 @@ -246,7 +246,7 @@ IF_BE(< rsb SHIFT, SHIFT, #32>) add sp, sp, #64 stm STATE, {SA,SB,SC,SD,SE} pop {r4,r5,r6,r7,r8,r10,pc} -EPILOGUE(_nettle_sha1_compress) +EPILOGUE(nettle_sha1_compress) .LK4: .int 0xCA62C1D6 diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c index 61f1a7ba..5a88e72d 100644 --- a/examples/nettle-benchmark.c +++ b/examples/nettle-benchmark.c @@ -718,7 +718,7 @@ bench_sha1_compress(void) uint8_t data[SHA1_BLOCK_SIZE]; double t; - TIME_CYCLES (t, _nettle_sha1_compress(state, data)); + TIME_CYCLES (t, nettle_sha1_compress(state, data)); printf("sha1_compress: %.2f cycles\n", t); } diff --git a/fat-arm.c b/fat-arm.c index d52b1439..a0f061a9 100644 --- a/fat-arm.c +++ b/fat-arm.c @@ -147,7 +147,7 @@ DECLARE_FAT_FUNC(_nettle_salsa20_core, salsa20_core_func) DECLARE_FAT_FUNC_VAR(salsa20_core, salsa20_core_func, c) DECLARE_FAT_FUNC_VAR(salsa20_core, salsa20_core_func, neon) -DECLARE_FAT_FUNC(_nettle_sha1_compress, sha1_compress_func) +DECLARE_FAT_FUNC(nettle_sha1_compress, sha1_compress_func) DECLARE_FAT_FUNC_VAR(sha1_compress, sha1_compress_func, c) DECLARE_FAT_FUNC_VAR(sha1_compress, sha1_compress_func, armv6) @@ -191,7 +191,7 @@ fat_init (void) fprintf (stderr, "libnettle: enabling armv6 code.\n"); _nettle_aes_encrypt_vec = _nettle_aes_encrypt_armv6; _nettle_aes_decrypt_vec = _nettle_aes_decrypt_armv6; - _nettle_sha1_compress_vec = _nettle_sha1_compress_armv6; + nettle_sha1_compress_vec = nettle_sha1_compress_armv6; _nettle_sha256_compress_vec = _nettle_sha256_compress_armv6; } else @@ -200,7 +200,7 @@ fat_init (void) fprintf (stderr, "libnettle: not enabling armv6 code.\n"); _nettle_aes_encrypt_vec = _nettle_aes_encrypt_arm; _nettle_aes_decrypt_vec = _nettle_aes_decrypt_arm; - _nettle_sha1_compress_vec = _nettle_sha1_compress_c; + nettle_sha1_compress_vec = nettle_sha1_compress_c; _nettle_sha256_compress_vec = _nettle_sha256_compress_c; } if (features.have_neon) @@ -243,7 +243,7 @@ DEFINE_FAT_FUNC(_nettle_salsa20_core, void, (uint32_t *dst, const uint32_t *src, unsigned rounds), (dst, src, rounds)) -DEFINE_FAT_FUNC(_nettle_sha1_compress, void, +DEFINE_FAT_FUNC(nettle_sha1_compress, void, (uint32_t *state, const uint8_t *input), (state, input)) diff --git a/fat-setup.h b/fat-setup.h index eb7166a7..2b3b14fd 100644 --- a/fat-setup.h +++ b/fat-setup.h @@ -152,6 +152,9 @@ #define DECLARE_FAT_FUNC_VAR(name, type, var) \ type _nettle_##name##_##var; +#define DECLARE_FAT_FUNC_VAR_EXP(name, type, var) \ + type nettle_##name##_##var; + typedef void void_func (void); typedef void aes_crypt_internal_func (unsigned rounds, const uint32_t *keys, diff --git a/fat-x86_64.c b/fat-x86_64.c index b66d0861..3f5fee52 100644 --- a/fat-x86_64.c +++ b/fat-x86_64.c @@ -123,9 +123,9 @@ DECLARE_FAT_FUNC(nettle_memxor, memxor_func) DECLARE_FAT_FUNC_VAR(memxor, memxor_func, x86_64) DECLARE_FAT_FUNC_VAR(memxor, memxor_func, sse2) -DECLARE_FAT_FUNC(_nettle_sha1_compress, sha1_compress_func) -DECLARE_FAT_FUNC_VAR(sha1_compress, sha1_compress_func, x86_64) -DECLARE_FAT_FUNC_VAR(sha1_compress, sha1_compress_func, sha_ni) +DECLARE_FAT_FUNC(nettle_sha1_compress, sha1_compress_func) +DECLARE_FAT_FUNC_VAR_EXP(sha1_compress, sha1_compress_func, x86_64) +DECLARE_FAT_FUNC_VAR_EXP(sha1_compress, sha1_compress_func, sha_ni) DECLARE_FAT_FUNC(_nettle_sha256_compress, sha256_compress_func) DECLARE_FAT_FUNC_VAR(sha256_compress, sha256_compress_func, x86_64) @@ -175,14 +175,14 @@ fat_init (void) { if (verbose) fprintf (stderr, "libnettle: using sha_ni instructions.\n"); - _nettle_sha1_compress_vec = _nettle_sha1_compress_sha_ni; + nettle_sha1_compress_vec = nettle_sha1_compress_sha_ni; _nettle_sha256_compress_vec = _nettle_sha256_compress_sha_ni; } else { if (verbose) fprintf (stderr, "libnettle: not using sha_ni instructions.\n"); - _nettle_sha1_compress_vec = _nettle_sha1_compress_x86_64; + nettle_sha1_compress_vec = nettle_sha1_compress_x86_64; _nettle_sha256_compress_vec = _nettle_sha256_compress_x86_64; } if (features.vendor == X86_INTEL) @@ -217,7 +217,7 @@ DEFINE_FAT_FUNC(nettle_memxor, void *, (void *dst, const void *src, size_t n), (dst, src, n)) -DEFINE_FAT_FUNC(_nettle_sha1_compress, void, +DEFINE_FAT_FUNC(nettle_sha1_compress, void, (uint32_t *state, const uint8_t *input), (state, input)) diff --git a/libnettle.map.in b/libnettle.map.in index 01902f79..f6537b13 100644 --- a/libnettle.map.in +++ b/libnettle.map.in @@ -279,7 +279,7 @@ NETTLE_@LIBNETTLE_MAJOR@ nettle_md5_digest; nettle_md5_init; nettle_md5_update; - _nettle_md5_compress; + nettle_md5_compress; nettle_MD5Final; nettle_MD5Init; nettle_MD5Update; @@ -316,7 +316,7 @@ NETTLE_@LIBNETTLE_MAJOR@ nettle_sha1_digest; nettle_sha1_init; nettle_sha1_update; - _nettle_sha1_compress; + nettle_sha1_compress; nettle_sha1; nettle_sha224_digest; nettle_sha224_init; diff --git a/md5-compress.c b/md5-compress.c index dab33e30..6fe3256e 100644 --- a/md5-compress.c +++ b/md5-compress.c @@ -79,7 +79,7 @@ * (_MD5_DIGEST_LENGTH) words. */ void -_nettle_md5_compress(uint32_t *digest, const uint8_t *input) +nettle_md5_compress(uint32_t *digest, const uint8_t *input) { uint32_t data[MD5_DATA_LENGTH]; uint32_t a, b, c, d; diff --git a/md5.c b/md5.c index 142b112e..cc009b4a 100644 --- a/md5.c +++ b/md5.c @@ -61,7 +61,7 @@ md5_init(struct md5_ctx *ctx) ctx->index = 0; } -#define COMPRESS(ctx, data) (_nettle_md5_compress((ctx)->state, (data))) +#define COMPRESS(ctx, data) (nettle_md5_compress((ctx)->state, (data))) void md5_update(struct md5_ctx *ctx, @@ -86,7 +86,7 @@ md5_digest(struct md5_ctx *ctx, bit_count = (ctx->count << 9) | (ctx->index << 3); LE_WRITE_UINT64(ctx->block + (MD5_BLOCK_SIZE - 8), bit_count); - _nettle_md5_compress(ctx->state, ctx->block); + nettle_md5_compress(ctx->state, ctx->block); _nettle_write_le32(length, digest, ctx->state); md5_init(ctx); diff --git a/md5.h b/md5.h index 040cf9de..c7b82810 100644 --- a/md5.h +++ b/md5.h @@ -76,8 +76,9 @@ md5_digest(struct md5_ctx *ctx, /* Internal compression function. STATE points to 4 uint32_t words, and DATA points to 64 bytes of input data, possibly unaligned. */ +#define _nettle_md5_compress nettle_md5_compress void -_nettle_md5_compress(uint32_t *state, const uint8_t *data); +nettle_md5_compress(uint32_t *state, const uint8_t *data); #ifdef __cplusplus } diff --git a/sha1-compress.c b/sha1-compress.c index 377b9c1e..dac376d6 100644 --- a/sha1-compress.c +++ b/sha1-compress.c @@ -132,8 +132,8 @@ /* For fat builds */ #if HAVE_NATIVE_sha1_compress void -_nettle_sha1_compress_c(uint32_t *state, const uint8_t *input); -#define _nettle_sha1_compress _nettle_sha1_compress_c +nettle_sha1_compress_c(uint32_t *state, const uint8_t *input); +#define nettle_sha1_compress nettle_sha1_compress_c #endif /* Perform the SHA transformation. Note that this code, like MD5, seems to @@ -142,7 +142,7 @@ _nettle_sha1_compress_c(uint32_t *state, const uint8_t *input); sections, e.g. based on the four subrounds. */ void -_nettle_sha1_compress(uint32_t *state, const uint8_t *input) +nettle_sha1_compress(uint32_t *state, const uint8_t *input) { uint32_t data[SHA1_DATA_LENGTH]; uint32_t A, B, C, D, E; /* Local vars */ diff --git a/sha1.c b/sha1.c index a585727e..af73096c 100644 --- a/sha1.c +++ b/sha1.c @@ -68,7 +68,7 @@ sha1_init(struct sha1_ctx *ctx) ctx->index = 0; } -#define COMPRESS(ctx, data) (_nettle_sha1_compress((ctx)->state, data)) +#define COMPRESS(ctx, data) (nettle_sha1_compress((ctx)->state, data)) void sha1_update(struct sha1_ctx *ctx, @@ -93,7 +93,7 @@ sha1_digest(struct sha1_ctx *ctx, /* append the 64 bit count */ WRITE_UINT64(ctx->block + (SHA1_BLOCK_SIZE - 8), bit_count); - _nettle_sha1_compress(ctx->state, ctx->block); + nettle_sha1_compress(ctx->state, ctx->block); _nettle_write_be32(length, digest, ctx->state); sha1_init(ctx); diff --git a/sha1.h b/sha1.h index 7500d0c2..410812f5 100644 --- a/sha1.h +++ b/sha1.h @@ -78,8 +78,9 @@ sha1_digest(struct sha1_ctx *ctx, /* Internal compression function. STATE points to 5 uint32_t words, and DATA points to 64 bytes of input data, possibly unaligned. */ +#define _nettle_sha1_compress nettle_sha1_compress void -_nettle_sha1_compress(uint32_t *state, const uint8_t *data); +nettle_sha1_compress(uint32_t *state, const uint8_t *data); #ifdef __cplusplus } diff --git a/testsuite/md5-test.c b/testsuite/md5-test.c index 37c2fb15..ebf3e085 100644 --- a/testsuite/md5-test.c +++ b/testsuite/md5-test.c @@ -95,7 +95,7 @@ test_main(void) SHEX(M1 N3), SHEX(H1)); } -/* Intermediate values for the single _nettle_md5_compress call for +/* Intermediate values for the single nettle_md5_compress call for the first test case. Each row gives the values for a, b, c, d after the i:th round. The row i = -1 gives the initial values, and i = 99 gives the output values. diff --git a/x86/md5-compress.asm b/x86/md5-compress.asm index 98814119..c849c082 100644 --- a/x86/md5-compress.asm +++ b/x86/md5-compress.asm @@ -78,11 +78,11 @@ define(<ROUND>,< .file "md5-compress.asm" - C _nettle_md5_compress(uint32_t *state, uint8_t *data) + C nettle_md5_compress(uint32_t *state, uint8_t *data) .text ALIGN(16) -PROLOGUE(_nettle_md5_compress) +PROLOGUE(nettle_md5_compress) C save all registers that need to be saved C 24(%esp) input @@ -184,4 +184,4 @@ PROLOGUE(_nettle_md5_compress) popl %ebp popl %ebx ret -EPILOGUE(_nettle_md5_compress) +EPILOGUE(nettle_md5_compress) diff --git a/x86/sha1-compress.asm b/x86/sha1-compress.asm index d829de82..03bdcdc9 100644 --- a/x86/sha1-compress.asm +++ b/x86/sha1-compress.asm @@ -155,11 +155,11 @@ define(<ROUND_F3>, < .file "sha1-compress.asm" - C _nettle_sha1_compress(uint32_t *state, uint8_t *data) + C nettle_sha1_compress(uint32_t *state, uint8_t *data) .text -PROLOGUE(_nettle_sha1_compress) +PROLOGUE(nettle_sha1_compress) C save all registers that need to be saved C 88(%esp) data C 84(%esp) state @@ -1540,7 +1540,7 @@ C ROUND_F2(SB, SC, SD, SE, SA, 79, K4VALUE) popl %ebp popl %ebx ret -EPILOGUE(_nettle_sha1_compress) +EPILOGUE(nettle_sha1_compress) C TODO: diff --git a/x86_64/md5-compress.asm b/x86_64/md5-compress.asm index 49cc3385..182b8f18 100644 --- a/x86_64/md5-compress.asm +++ b/x86_64/md5-compress.asm @@ -79,10 +79,10 @@ define(<ROUND>,< .file "md5-compress.asm" - C _nettle_md5_compress(uint32_t *state, uint8_t *input) + C nettle_md5_compress(uint32_t *state, uint8_t *input) .text ALIGN(16) -PROLOGUE(_nettle_md5_compress) +PROLOGUE(nettle_md5_compress) W64_ENTRY(2,0) C save all registers that need to be saved push %rbp @@ -173,4 +173,4 @@ PROLOGUE(_nettle_md5_compress) W64_EXIT(2,0) ret -EPILOGUE(_nettle_md5_compress) +EPILOGUE(nettle_md5_compress) diff --git a/x86_64/sha1-compress.asm b/x86_64/sha1-compress.asm index e48a13c3..dd48de0e 100644 --- a/x86_64/sha1-compress.asm +++ b/x86_64/sha1-compress.asm @@ -171,11 +171,11 @@ define(<ROUND_F3>, < .file "sha1-compress.asm" - C _nettle_sha1_compress(uint32_t *state, uint8_t *input) + C nettle_sha1_compress(uint32_t *state, uint8_t *input) .text ALIGN(16) -PROLOGUE(_nettle_sha1_compress) +PROLOGUE(nettle_sha1_compress) C save all registers that need to be saved W64_ENTRY(2, 0) @@ -304,4 +304,4 @@ PROLOGUE(_nettle_sha1_compress) add $64, %rsp W64_EXIT(2, 0) ret -EPILOGUE(_nettle_sha1_compress) +EPILOGUE(nettle_sha1_compress) diff --git a/x86_64/sha_ni/sha1-compress.asm b/x86_64/sha_ni/sha1-compress.asm index f0097eef..ab848fdd 100644 --- a/x86_64/sha_ni/sha1-compress.asm +++ b/x86_64/sha_ni/sha1-compress.asm @@ -59,13 +59,13 @@ define(<QROUND>, < .file "sha1-compress.asm" - C _nettle_sha1_compress(uint32_t *state, uint8_t *input) + C nettle_sha1_compress(uint32_t *state, uint8_t *input) .text ALIGN(16) .Lswap_mask: .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 -PROLOGUE(_nettle_sha1_compress) +PROLOGUE(nettle_sha1_compress) C save all registers that need to be saved W64_ENTRY(2, 10) movups (STATE), ABCD @@ -145,4 +145,4 @@ PROLOGUE(_nettle_sha1_compress) W64_EXIT(2, 10) ret -EPILOGUE(_nettle_sha1_compress) +EPILOGUE(nettle_sha1_compress) -- 2.17.0
_______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
