[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-10-g0477fd0
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-10-g0477fd0 |
|
Date: |
Sat, 28 Nov 2009 23:08:58 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=0477fd0883cbd9cd9809c3b8029ce146187b5431
The branch, master has been updated
via 0477fd0883cbd9cd9809c3b8029ce146187b5431 (commit)
from 02ee5842f8f5f37ee93e258d5edfc2560b00ac2c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0477fd0883cbd9cd9809c3b8029ce146187b5431
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Nov 29 00:11:12 2009 +0200
Added cryptodev support (/dev/crypto). Tested with
http://www.logix.cz/michal/devel/cryptodev/.
Added benchmark utility for AES. Exported API to access encryption
algorithms.
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 1 +
configure.ac | 16 +++
lib/Makefile.am | 7 +-
lib/crypto-api.c | 61 +++++++++
lib/crypto.c | 31 +++---
lib/cryptodev.c | 255 +++++++++++++++++++++++++++++++++++++++
lib/gnutls_cipher_int.c | 2 +-
lib/gnutls_cryptodev.h | 2 +
lib/gnutls_errors.c | 6 +
lib/gnutls_global.c | 4 +
lib/gnutls_hash_int.c | 4 +-
lib/gnutls_hash_int.h | 12 +-
lib/includes/gnutls/crypto.h | 54 ++++-----
lib/includes/gnutls/gnutls.h.in | 3 +
lib/libgnutls.map | 5 +
src/Makefile.am | 4 +
src/benchmark.c | 79 ++++++++++++
17 files changed, 488 insertions(+), 58 deletions(-)
create mode 100644 lib/crypto-api.c
create mode 100644 lib/cryptodev.c
create mode 100644 lib/gnutls_cryptodev.h
create mode 100644 src/benchmark.c
diff --git a/.gitignore b/.gitignore
index 03811f4..8f3e0ca 100644
--- a/.gitignore
+++ b/.gitignore
@@ -81,6 +81,7 @@ src/printlist
src/psktool
src/req
src/srptool
+src/benchmark
stamp-h1
tests/anonself
tests/certder
diff --git a/configure.ac b/configure.ac
index 80a1e9b..60668e9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -187,6 +187,21 @@ LIBS=$SAVED_LIBS
AC_MSG_CHECKING([whether to use the included libcfg])
AC_MSG_RESULT($libcfg_enabled)
+# For cryptodev
+enable_cryptodev=no
+AC_MSG_CHECKING([whether to add cryptodev support])
+AC_ARG_ENABLE(cryptodev,
+ AS_HELP_STRING([--enable-cryptodev], [enable cryptodev support]),
+enable_cryptodev=yes)
+AC_MSG_RESULT($enable_cryptodev)
+
+if test "$enable_cryptodev" = "yes"; then
+AC_CHECK_MEMBER(struct crypt_opv.iovec,
+[AC_DEFINE([ENABLE_CRYPTODEV_IOVEC], 1, [Enable cryptodev iovec
support])],,[[#include <crypto/cryptodev.h>]])
+AC_DEFINE([ENABLE_CRYPTODEV], 1, [Enable cryptodev support])
+fi
+
+
AC_LIBTOOL_WIN32_DLL
AC_PROG_LIBTOOL
@@ -303,4 +318,5 @@ AC_MSG_NOTICE([summary of build options:
Guile wrappers: $opt_guile_bindings
C++ library: $use_cxx
OpenSSL library: $enable_openssl
+ /dev/crypto: $enable_cryptodev
])
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 07d3a97..54a91b7 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -79,8 +79,9 @@ COBJECTS = gnutls_record.c gnutls_compress.c debug.c
gnutls_cipher.c \
gnutls_str.c gnutls_state.c gnutls_x509.c ext_cert_type.c \
gnutls_rsa_export.c auth_rsa_export.c ext_server_name.c \
auth_dh_common.c gnutls_helper.c gnutls_supplemental.c \
- crypto.c random.c pk-libgcrypt.c mpi-libgcrypt.c \
- rnd-libgcrypt.c cipher-libgcrypt.c mac-libgcrypt.c ext_signature.c
+ crypto.c random.c pk-libgcrypt.c mpi-libgcrypt.c cryptodev.c \
+ rnd-libgcrypt.c cipher-libgcrypt.c mac-libgcrypt.c ext_signature.c \
+ crypto-api.c
if ENABLE_OPRFI
COBJECTS += $(OPRFI_COBJECTS)
@@ -100,7 +101,7 @@ HFILES = debug.h gnutls_compress.h gnutls_cipher.h
gnutls_buffers.h \
ext_srp.h gnutls_srp.h auth_srp.h auth_srp_passwd.h \
gnutls_helper.h auth_psk.h auth_psk_passwd.h \
gnutls_supplemental.h ext_oprfi.h crypto.h random.h \
- ext_session_ticket.h ext_signature.h
+ ext_session_ticket.h ext_signature.h gnutls_cryptodev.h
# Separate so we can create the documentation
diff --git a/lib/crypto-api.c b/lib/crypto-api.c
new file mode 100644
index 0000000..853dbc6
--- /dev/null
+++ b/lib/crypto-api.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2000, 2004, 2005, 2008 Free Software Foundation
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_cipher_int.h>
+#include <gnutls_datum.h>
+#include <gnutls/crypto.h>
+#include <crypto.h>
+
+int
+gnutls_cipher_init (gnutls_cipher_hd_t * handle, gnutls_cipher_algorithm_t
cipher,
+ const gnutls_datum_t * key, const gnutls_datum_t * iv)
+{
+ *handle = gnutls_malloc(sizeof(cipher_hd_st));
+ if (*handle == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return _gnutls_cipher_init(((cipher_hd_st*)*handle), cipher, key, iv);
+}
+
+int gnutls_cipher_encrypt (gnutls_cipher_hd_t handle, void *text, int textlen)
+{
+ return _gnutls_cipher_encrypt((cipher_hd_st*)handle, text, textlen);
+}
+
+int
+gnutls_cipher_decrypt (gnutls_cipher_hd_t handle, void *ciphertext,
+ int ciphertextlen)
+{
+ return _gnutls_cipher_decrypt((cipher_hd_st*)handle, ciphertext,
ciphertextlen);
+}
+
+void
+gnutls_cipher_deinit (gnutls_cipher_hd_t handle)
+{
+ return _gnutls_cipher_deinit((cipher_hd_st*)handle);
+}
diff --git a/lib/crypto.c b/lib/crypto.c
index 714430a..628fc39 100644
--- a/lib/crypto.c
+++ b/lib/crypto.c
@@ -75,7 +75,7 @@ _algo_register (algo_list * al, int algorithm, int priority,
void *s)
last_cl = cl;
}
- cl = gnutls_malloc (sizeof (cipher_list));
+ cl = gnutls_calloc (1, sizeof (cipher_list));
if (cl == NULL)
{
@@ -83,12 +83,11 @@ _algo_register (algo_list * al, int algorithm, int
priority, void *s)
return GNUTLS_E_MEMORY_ERROR;
}
- cl->algorithm = algorithm;
- cl->priority = priority;
- cl->alg_data = s;
- cl->next = NULL;
-
+ last_cl->algorithm = algorithm;
+ last_cl->priority = priority;
+ last_cl->alg_data = s;
last_cl->next = cl;
+
return 0;
}
@@ -100,7 +99,7 @@ _get_algo (algo_list * al, int algo)
/* look if there is any cipher with lowest priority. In that case do not add.
*/
- cl = al->next;
+ cl = al;
while (cl && cl->alg_data)
{
if (cl->algorithm == algo)
@@ -167,7 +166,7 @@ _gnutls_crypto_deregister (void)
int
gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t algorithm,
int priority, int version,
- gnutls_crypto_single_cipher_st * s)
+ const gnutls_crypto_single_cipher_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
@@ -207,7 +206,7 @@ _gnutls_get_crypto_cipher (gnutls_cipher_algorithm_t algo)
**/
int
gnutls_crypto_rnd_register2 (int priority, int version,
- gnutls_crypto_rnd_st * s)
+ const gnutls_crypto_rnd_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
@@ -249,7 +248,7 @@ gnutls_crypto_rnd_register2 (int priority, int version,
int
gnutls_crypto_single_mac_register2 (gnutls_mac_algorithm_t algorithm,
int priority, int version,
- gnutls_crypto_single_mac_st * s)
+ const gnutls_crypto_single_mac_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
@@ -291,7 +290,7 @@ _gnutls_get_crypto_mac (gnutls_mac_algorithm_t algo)
int
gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t algorithm,
int priority, int version,
- gnutls_crypto_single_digest_st * s)
+ const gnutls_crypto_single_digest_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
@@ -334,7 +333,7 @@ _gnutls_get_crypto_digest (gnutls_digest_algorithm_t algo)
**/
int
gnutls_crypto_bigint_register2 (int priority, int version,
- gnutls_crypto_bigint_st * s)
+ const gnutls_crypto_bigint_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
@@ -378,7 +377,7 @@ gnutls_crypto_bigint_register2 (int priority, int version,
**/
int
gnutls_crypto_pk_register2 (int priority, int version,
- gnutls_crypto_pk_st * s)
+ const gnutls_crypto_pk_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
@@ -419,7 +418,7 @@ gnutls_crypto_pk_register2 (int priority, int version,
**/
int
gnutls_crypto_cipher_register2 (int priority, int version,
- gnutls_crypto_cipher_st * s)
+ const gnutls_crypto_cipher_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
@@ -460,7 +459,7 @@ gnutls_crypto_cipher_register2 (int priority, int version,
**/
int
gnutls_crypto_mac_register2 (int priority, int version,
- gnutls_crypto_mac_st * s)
+ const gnutls_crypto_mac_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
@@ -501,7 +500,7 @@ gnutls_crypto_mac_register2 (int priority, int version,
**/
int
gnutls_crypto_digest_register2 (int priority, int version,
- gnutls_crypto_digest_st * s)
+ const gnutls_crypto_digest_st * s)
{
if (version != GNUTLS_CRYPTO_API_VERSION)
{
diff --git a/lib/cryptodev.c b/lib/cryptodev.c
new file mode 100644
index 0000000..92cc740
--- /dev/null
+++ b/lib/cryptodev.c
@@ -0,0 +1,255 @@
+/*
+ * Copyright (C) 2009 Free Software Foundation
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_errors.h>
+#include <gnutls_int.h>
+#include <sys/ioctl.h>
+#include <fcntl.h>
+#include <crypto/cryptodev.h>
+#include <gnutls/crypto.h>
+
+#ifdef ENABLE_CRYPTODEV
+
+#ifndef CRYPTO_CIPHER_MAX_KEY_LEN
+# define CRYPTO_CIPHER_MAX_KEY_LEN 64
+#endif
+
+static int cryptodev_fd = -1;
+
+struct cryptodev_ctx {
+ struct session_op sess;
+ struct crypt_op cryp;
+ opaque iv[EALG_MAX_BLOCK_LEN];
+ opaque key[CRYPTO_CIPHER_MAX_KEY_LEN];
+ int cfd;
+};
+
+const static int gnutls_cipher_map[] = {
+ [GNUTLS_CIPHER_AES_128_CBC] = CRYPTO_AES_CBC,
+ [GNUTLS_CIPHER_AES_192_CBC] = CRYPTO_AES_CBC,
+ [GNUTLS_CIPHER_AES_256_CBC] = CRYPTO_AES_CBC,
+ [GNUTLS_CIPHER_3DES_CBC] = CRYPTO_3DES_CBC,
+ [GNUTLS_CIPHER_CAMELLIA_128_CBC] = CRYPTO_CAMELLIA_CBC,
+ [GNUTLS_CIPHER_CAMELLIA_256_CBC] = CRYPTO_CAMELLIA_CBC,
+ [GNUTLS_CIPHER_DES_CBC] = CRYPTO_DES_CBC,
+};
+
+static int cryptodev_cipher_init(gnutls_cipher_algorithm_t algorithm, void**
_ctx)
+{
+struct cryptodev_ctx* ctx;
+int cipher = gnutls_cipher_map[algorithm];
+
+ *_ctx = gnutls_calloc(1, sizeof(struct cryptodev_ctx));
+ if (*_ctx == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ctx = *_ctx;
+
+ if (ioctl(cryptodev_fd, CRIOGET, &ctx->cfd)) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ if (fcntl(ctx->cfd, F_SETFD, 1) == -1) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ ctx->sess.cipher = cipher;
+ ctx->sess.key = ctx->key;
+ ctx->cryp.iv = ctx->iv;
+
+ return 0;
+}
+
+static int cryptodev_setkey( void* _ctx, const void *key, size_t keysize)
+{
+struct cryptodev_ctx* ctx = _ctx;
+
+ ctx->sess.keylen = keysize;
+ memcpy(ctx->key, key, keysize);
+
+ if (ioctl(ctx->cfd, CIOCGSESSION, &ctx->sess)) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+ ctx->cryp.ses = ctx->sess.ses;
+
+ return 0;
+
+}
+
+static int cryptodev_setiv( void* _ctx, const void* iv, size_t iv_size)
+{
+struct cryptodev_ctx* ctx = _ctx;
+
+ memcpy(ctx->iv, iv, iv_size);
+
+ return 0;
+}
+
+static int cryptodev_encrypt(void* _ctx, const void* plain, size_t plainsize,
+ void* encr, size_t encrsize)
+{
+struct cryptodev_ctx* ctx = _ctx;
+ ctx->cryp.len = plainsize;
+ ctx->cryp.src = (void*)plain;
+ ctx->cryp.dst = encr;
+ ctx->cryp.op = COP_ENCRYPT;
+ if (ioctl(ctx->cfd, CIOCCRYPT, &ctx->cryp)) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+ return 0;
+}
+
+static int cryptodev_decrypt(void* _ctx, const void* encr, size_t encrsize,
+ void* plain, size_t plainsize)
+{
+struct cryptodev_ctx* ctx = _ctx;
+
+ ctx->cryp.len = encrsize;
+ ctx->cryp.src = (void*)encr;
+ ctx->cryp.dst = plain;
+ ctx->cryp.op = COP_DECRYPT;
+ if (ioctl(ctx->cfd, CIOCCRYPT, &ctx->cryp)) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+ return 0;
+
+}
+
+static void cryptodev_deinit(void* _ctx)
+{
+struct cryptodev_ctx* ctx = _ctx;
+
+ close(ctx->cfd);
+ gnutls_free(ctx);
+}
+
+const static gnutls_crypto_single_cipher_st cipher_struct = {
+ .init = cryptodev_cipher_init,
+ .setkey = cryptodev_setkey,
+ .setiv = cryptodev_setiv,
+ .encrypt = cryptodev_encrypt,
+ .decrypt = cryptodev_decrypt,
+ .deinit = cryptodev_deinit,
+};
+
+struct cipher_map {
+ gnutls_cipher_algorithm_t gnutls_cipher;
+ int cryptodev_cipher;
+ int keylen;
+};
+
+static const struct cipher_map cipher_map[] = {
+ {GNUTLS_CIPHER_3DES_CBC, CRYPTO_3DES_CBC, 21},
+ {GNUTLS_CIPHER_AES_128_CBC, CRYPTO_AES_CBC, 16},
+ {GNUTLS_CIPHER_AES_192_CBC, CRYPTO_AES_CBC, 24},
+ {GNUTLS_CIPHER_AES_256_CBC, CRYPTO_AES_CBC, 32},
+ {GNUTLS_CIPHER_CAMELLIA_128_CBC, CRYPTO_CAMELLIA_CBC, 16},
+ {GNUTLS_CIPHER_CAMELLIA_256_CBC, CRYPTO_CAMELLIA_CBC, 24},
+ {GNUTLS_CIPHER_DES_CBC, CRYPTO_DES_CBC, 8},
+ {GNUTLS_CIPHER_UNKNOWN, 0}
+};
+
+static int register_crypto(int cfd)
+{
+ struct session_op sess;
+ struct crypt_op cryp;
+ char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
+ int i=0, ret;
+
+ memset(&sess, 0, sizeof(sess));
+ do {
+ /* test if a cipher is support it and if yes register it */
+ sess.cipher = cipher_map[i].cryptodev_cipher;
+ sess.keylen = cipher_map[i].keylen;
+ sess.key = fake_key;
+
+ if (ioctl(cfd, CIOCGSESSION, &sess)) {
+ continue;
+ }
+
+ ret =
gnutls_crypto_single_cipher_register(cipher_map[i].gnutls_cipher, 90,
&cipher_struct);
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ } while(cipher_map[i++].gnutls_cipher != GNUTLS_CIPHER_UNKNOWN);
+
+ return 0;
+}
+
+int _gnutls_cryptodev_init()
+{
+ int cfd = -1, ret;
+
+ /* Open the crypto device */
+ cryptodev_fd = open("/dev/crypto", O_RDWR, 0);
+ if (cryptodev_fd < 0) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_DEVICE_ERROR;
+ }
+
+ /* Clone file descriptor */
+ if (ioctl(cryptodev_fd, CRIOGET, &cfd)) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ /* Set close-on-exec (not really neede here) */
+ if (fcntl(cfd, F_SETFD, 1) == -1) {
+ gnutls_assert();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ /* Run the test itself */
+ ret = register_crypto(cfd);
+
+ close(cfd);
+ return ret;
+}
+
+void _gnutls_cryptodev_deinit()
+{
+ close(cryptodev_fd);
+}
+
+#else
+int _gnutls_cryptodev_init()
+{
+ return 0;
+}
+
+void _gnutls_cryptodev_deinit()
+{
+ return;
+}
+
+#endif /* ENABLE_CRYPTODEV */
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index e8f7df7..d370d84 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -49,7 +49,7 @@ _gnutls_cipher_init (cipher_hd_st * handle,
gnutls_cipher_algorithm_t cipher,
{
handle->registered = 1;
handle->hd.rh.cc = cc;
- SR (cc->init (&handle->hd.rh.ctx), cc_cleanup);
+ SR (cc->init (cipher, &handle->hd.rh.ctx), cc_cleanup);
SR (cc->setkey (handle->hd.rh.ctx, key->data, key->size), cc_cleanup);
if (iv->data && iv->size && cc->setiv)
SR (cc->setiv (handle->hd.rh.ctx, iv->data, iv->size), cc_cleanup);
diff --git a/lib/gnutls_cryptodev.h b/lib/gnutls_cryptodev.h
new file mode 100644
index 0000000..645cce0
--- /dev/null
+++ b/lib/gnutls_cryptodev.h
@@ -0,0 +1,2 @@
+void _gnutls_cryptodev_deinit();
+int _gnutls_cryptodev_init();
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index fa81cd2..fdea4ef 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -261,6 +261,12 @@ static const gnutls_error_entry error_algorithms[] = {
"check gnutls_handshake_set_max_packet_length()."),
GNUTLS_E_HANDSHAKE_TOO_LARGE, 1),
+ ERROR_ENTRY (N_("Error opening /dev/crypto"),
+ GNUTLS_E_CRYPTODEV_DEVICE_ERROR, 1),
+
+ ERROR_ENTRY (N_("Error interfacing with /dev/crypto"),
+ GNUTLS_E_CRYPTODEV_IOCTL_ERROR, 1),
+
{NULL, NULL, 0, 0}
};
diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c
index 8930de2..3f5a154 100644
--- a/lib/gnutls_global.c
+++ b/lib/gnutls_global.c
@@ -30,6 +30,7 @@
#include <gcrypt.h>
#include <gnutls_extensions.h> /* for _gnutls_ext_init */
+#include <gnutls_cryptodev.h>
#include "sockets.h"
#include "gettext.h"
@@ -246,6 +247,8 @@ gnutls_global_init (void)
gnutls_assert ();
goto out;
}
+
+ _gnutls_cryptodev_init();
out:
return result;
@@ -271,6 +274,7 @@ gnutls_global_deinit (void)
asn1_delete_structure (&_gnutls_gnutls_asn);
asn1_delete_structure (&_gnutls_pkix1_asn);
_gnutls_crypto_deregister ();
+ _gnutls_cryptodev_deinit();
}
_gnutls_init--;
}
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index 45cdbc6..7f3b322 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -72,7 +72,7 @@ _gnutls_hash_init (digest_hd_st * dig,
gnutls_digest_algorithm_t algorithm)
{
dig->registered = 1;
dig->hd.rh.cc = cc;
- if (cc->init (&dig->hd.rh.ctx) < 0)
+ if (cc->init (algorithm, &dig->hd.rh.ctx) < 0)
{
gnutls_assert ();
return GNUTLS_E_HASH_FAILED;
@@ -266,7 +266,7 @@ _gnutls_hmac_init (digest_hd_st * dig,
gnutls_mac_algorithm_t algorithm,
dig->registered = 1;
dig->hd.rh.cc = cc;
- if (cc->init (&dig->hd.rh.ctx) < 0)
+ if (cc->init (algorithm, &dig->hd.rh.ctx) < 0)
{
gnutls_assert ();
return GNUTLS_E_HASH_FAILED;
diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h
index d915af5..ed38d56 100644
--- a/lib/gnutls_hash_int.h
+++ b/lib/gnutls_hash_int.h
@@ -55,6 +55,7 @@ typedef struct
int active;
} digest_hd_st;
+/* basic functions */
int _gnutls_hmac_init (digest_hd_st*, gnutls_mac_algorithm_t algorithm,
const void *key, int keylen);
int _gnutls_hmac_get_algo_len (gnutls_mac_algorithm_t algorithm);
@@ -67,10 +68,6 @@ int _gnutls_hmac_fast( gnutls_mac_algorithm_t algorithm,
const void* key, int ke
void _gnutls_hmac_deinit (digest_hd_st* handle, void *digest);
void _gnutls_hmac_output (digest_hd_st* handle, void *digest);
-int _gnutls_mac_init_ssl3 (digest_hd_st*, gnutls_mac_algorithm_t algorithm,
void *key,
- int keylen);
-void _gnutls_mac_deinit_ssl3 (digest_hd_st* handle, void *digest);
-
int _gnutls_hash_init (digest_hd_st*, gnutls_digest_algorithm_t algorithm);
int _gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm);
int _gnutls_hash (const digest_hd_st* handle, const void *text,
@@ -78,8 +75,11 @@ int _gnutls_hash (const digest_hd_st* handle, const void
*text,
void _gnutls_hash_deinit (digest_hd_st* handle, void *digest);
void _gnutls_hash_output (digest_hd_st* handle, void *digest);
-int _gnutls_hash_fast( gnutls_digest_algorithm_t algorithm,
- const void* text, size_t textlen, void* digest);
+
+/* help functions */
+int _gnutls_mac_init_ssl3 (digest_hd_st*, gnutls_mac_algorithm_t algorithm,
void *key,
+ int keylen);
+void _gnutls_mac_deinit_ssl3 (digest_hd_st* handle, void *digest);
int _gnutls_ssl3_generate_random (void *secret, int secret_len,
void *rnd, int random_len, int bytes,
diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h
index 7e49cec..9040952 100644
--- a/lib/includes/gnutls/crypto.h
+++ b/lib/includes/gnutls/crypto.h
@@ -25,29 +25,23 @@
#ifndef GNUTLS_CRYPTO_H
# define GNUTLS_CRYPTO_H
-# define GNUTLS_CRYPTO_API_VERSION 0x01
+typedef struct cipher_hd_st* gnutls_cipher_hd_t;
-typedef struct
-{
- int (*init) (void **ctx);
- int (*setkey) (void *ctx, const void *key, size_t keysize);
- int (*setiv) (void *ctx, const void *iv, size_t ivsize);
- int (*encrypt) (void *ctx, const void *plain, size_t plainsize,
- void *encr, size_t encrsize);
- int (*decrypt) (void *ctx, const void *encr, size_t encrsize,
- void *plain, size_t plainsize);
- void (*deinit) (void *ctx);
-} gnutls_crypto_single_cipher_st;
+int gnutls_cipher_init (gnutls_cipher_hd_t*, gnutls_cipher_algorithm_t cipher,
+ const gnutls_datum_t * key,
+ const gnutls_datum_t * iv);
+int gnutls_cipher_encrypt (const gnutls_cipher_hd_t handle, void *text, int
textlen);
+int gnutls_cipher_decrypt (const gnutls_cipher_hd_t handle, void *ciphertext,
+ int ciphertextlen);
+void gnutls_cipher_deinit (gnutls_cipher_hd_t handle);
-typedef struct
-{
- int (*init) (void **ctx);
- int (*setkey) (void *ctx, const void *key, size_t keysize);
- int (*hash) (void *ctx, const void *text, size_t textsize);
- int (*copy) (void **dst_ctx, void *src_ctx);
- int (*output) (void *src_ctx, void *digest, size_t digestsize);
- void (*deinit) (void *ctx);
-} gnutls_crypto_single_mac_st;
+
+/* register ciphers */
+
+#define GNUTLS_CRYPTO_API_VERSION 0x02
+
+#define gnutls_crypto_single_cipher_st gnutls_crypto_cipher_st
+#define gnutls_crypto_single_mac_st gnutls_crypto_mac_st
typedef struct
{
@@ -256,13 +250,13 @@ typedef struct gnutls_crypto_pk
int gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t algorithm,
int priority, int version,
- gnutls_crypto_single_cipher_st *s);
+ const gnutls_crypto_single_cipher_st
*s);
int gnutls_crypto_single_mac_register2 (gnutls_mac_algorithm_t algorithm,
int priority, int version,
- gnutls_crypto_single_mac_st * s);
+ const gnutls_crypto_single_mac_st * s);
int gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t algorithm,
int priority, int version,
- gnutls_crypto_single_digest_st *s);
+ const gnutls_crypto_single_digest_st
*s);
# define gnutls_crypto_cipher_register(prio, st) \
gnutls_crypto_cipher_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
@@ -272,11 +266,11 @@ int gnutls_crypto_single_digest_register2
(gnutls_digest_algorithm_t algorithm,
gnutls_crypto_digest_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
int gnutls_crypto_cipher_register2 (int priority, int version,
- gnutls_crypto_cipher_st * s);
+ const gnutls_crypto_cipher_st * s);
int gnutls_crypto_mac_register2 (int priority, int version,
- gnutls_crypto_mac_st * s);
+ const gnutls_crypto_mac_st * s);
int gnutls_crypto_digest_register2 (int priority, int version,
- gnutls_crypto_digest_st * s);
+ const gnutls_crypto_digest_st * s);
# define gnutls_crypto_rnd_register(prio, st) \
gnutls_crypto_rnd_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
@@ -286,10 +280,10 @@ int gnutls_crypto_digest_register2 (int priority, int
version,
gnutls_crypto_bigint_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
int gnutls_crypto_rnd_register2 (int priority, int version,
- gnutls_crypto_rnd_st * s);
+ const gnutls_crypto_rnd_st * s);
int gnutls_crypto_pk_register2 (int priority, int version,
- gnutls_crypto_pk_st * s);
+ const gnutls_crypto_pk_st * s);
int gnutls_crypto_bigint_register2 (int priority, int version,
- gnutls_crypto_bigint_st * s);
+ const gnutls_crypto_bigint_st * s);
#endif
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 115a3fe..6361e50 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1399,6 +1399,9 @@ extern "C" {
#define GNUTLS_E_HANDSHAKE_TOO_LARGE -210
+#define GNUTLS_E_CRYPTODEV_IOCTL_ERROR -211
+#define GNUTLS_E_CRYPTODEV_DEVICE_ERROR -212
+
#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
#define GNUTLS_E_APPLICATION_ERROR_MAX -65000
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 5e6f78d..c9d33f4 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -580,6 +580,11 @@ GNUTLS_2_10
gnutls_x509_crt_get_issuer_alt_name;
gnutls_x509_crt_get_issuer_alt_othername_oid;
gnutls_sign_algorithm_get_requested;
+ gnutls_cipher_init;
+ gnutls_cipher_encrypt;
+ gnutls_cipher_decrypt;
+ gnutls_cipher_deinit;
+
} GNUTLS_2_8;
GNUTLS_PRIVATE {
diff --git a/src/Makefile.am b/src/Makefile.am
index 80b4f76..9b6eb7e 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -28,6 +28,7 @@ AM_CPPFLAGS = \
-I$(srcdir)/../libextra/includes \
-I$(srcdir)/cfg
+noinst_PROGRAMS = benchmark
bin_PROGRAMS = gnutls-serv gnutls-cli psktool gnutls-cli-debug
if ENABLE_PKI
bin_PROGRAMS += certtool
@@ -60,6 +61,9 @@ noinst_LTLIBRARIES += libcmd-psk.la
libcmd_psk_la_CFLAGS =
libcmd_psk_la_SOURCES = psk.gaa psk-gaa.h psk-gaa.c
+benchmark_SOURCES = benchmark.c
+benchmark_LDADD = ../lib/libgnutls.la ../gl/libgnu.la -lrt
+
gnutls_cli_SOURCES = cli.c common.h common.c
gnutls_cli_LDADD = ../lib/libgnutls.la ../libextra/libgnutls-extra.la
gnutls_cli_LDADD += libcmd-cli.la ../gl/libgnu.la
diff --git a/src/benchmark.c b/src/benchmark.c
new file mode 100644
index 0000000..83d57f4
--- /dev/null
+++ b/src/benchmark.c
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2009 Free Software Foundation
+ *
+ * This file is part of GNUTLS.
+ *
+ * GNUTLS is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUTLS is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+#include <time.h>
+
+static unsigned char data[64*1024];
+
+void cipher_bench(int size)
+{
+int ret, i;
+gnutls_cipher_hd_t ctx;
+gnutls_datum_t key = {
"\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01", 16 };
+gnutls_datum_t iv = {
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff", 16 };
+struct timespec start, stop;
+double secs;
+long data_size = 0;
+double dd;
+
+ gnutls_global_init();
+
+ printf("Checking AES (%dkb payload)... ", size);
+ fflush(stdout);
+ clock_gettime(CLOCK_MONOTONIC, &start);
+
+ ret = gnutls_cipher_init( &ctx, GNUTLS_CIPHER_AES_128_CBC, &key, &iv);
+ if (ret < 0) {
+ fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
+ return;
+ }
+
+ for (i=0;i<7*1024;i++) {
+ gnutls_cipher_encrypt(ctx, data, size*1024);
+ data_size+= size*1024;
+ }
+
+ gnutls_cipher_deinit(ctx);
+
+ clock_gettime(CLOCK_MONOTONIC, &stop);
+
+ secs =
(stop.tv_sec*1000+stop.tv_nsec/(1000*1000)-(start.tv_sec*1000+start.tv_nsec/(1000*1000)));
+ secs /= 1000;
+ dd = (((double)data_size/(double)secs))/1000;
+ printf("Transferred %u kb in %.2f secs: ", data_size/1000, secs);
+ printf("%.2f kbyte/sec\n", dd);
+
+}
+
+
+int main()
+{
+ cipher_bench(8);
+ cipher_bench(16);
+ cipher_bench(32);
+
+ return 0;
+}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-10-g0477fd0,
Nikos Mavrogiannopoulos <=