NONCE_LEN: The length of the nonce AUTH_IOV: additional data to be authenticated AUTH_IOVCNT: The number of buffers in ‘auth_iov’ IOV: the data to decrypt IOVCNT: The number of buffers in ‘iov’ TAG: The authentication tag TAG_SIZE: The size of the tag to use (use zero for the default) This is similar to ‘gnutls_aead_cipher_decrypt()’ , but it performs in-place encryption on the provided data buffers. *Returns:* Zero or a negative error code on error. *Since:* 3.6.10 gnutls_aead_cipher_deinit ------------------------- -- Function: void gnutls_aead_cipher_deinit (gnutls_aead_cipher_hd_t HANDLE) HANDLE: is a ‘gnutls_aead_cipher_hd_t’ type. This function will deinitialize all resources occupied by the given authenticated-encryption context. *Since:* 3.4.0 gnutls_aead_cipher_encrypt -------------------------- -- Function: int gnutls_aead_cipher_encrypt (gnutls_aead_cipher_hd_t HANDLE, const void * NONCE, size_t NONCE_LEN, const void * AUTH, size_t AUTH_LEN, size_t TAG_SIZE, const void * PTEXT, size_t PTEXT_LEN, void * CTEXT, size_t * CTEXT_LEN) HANDLE: is a ‘gnutls_aead_cipher_hd_t’ type. NONCE: the nonce to set NONCE_LEN: The length of the nonce AUTH: additional data to be authenticated AUTH_LEN: The length of the data TAG_SIZE: The size of the tag to use (use zero for the default) PTEXT: the data to encrypt PTEXT_LEN: The length of data to encrypt CTEXT: the encrypted data including authentication tag CTEXT_LEN: the length of encrypted data (initially must hold the maximum available size, including space for tag) This function will encrypt the given data using the algorithm specified by the context. The output data will contain the authentication tag. *Returns:* Zero or a negative error code on error. *Since:* 3.4.0 gnutls_aead_cipher_encryptv --------------------------- -- Function: int gnutls_aead_cipher_encryptv (gnutls_aead_cipher_hd_t HANDLE, const void * NONCE, size_t NONCE_LEN, const giovec_t * AUTH_IOV, int AUTH_IOVCNT, size_t TAG_SIZE, const giovec_t * IOV, int IOVCNT, void * CTEXT, size_t * CTEXT_LEN) HANDLE: is a ‘gnutls_aead_cipher_hd_t’ type. NONCE: the nonce to set NONCE_LEN: The length of the nonce AUTH_IOV: additional data to be authenticated AUTH_IOVCNT: The number of buffers in ‘auth_iov’ TAG_SIZE: The size of the tag to use (use zero for the default) IOV: the data to be encrypted IOVCNT: The number of buffers in ‘iov’ CTEXT: the encrypted data including authentication tag CTEXT_LEN: the length of encrypted data (initially must hold the maximum available size, including space for tag) This function will encrypt the provided data buffers using the algorithm specified by the context. The output data will contain the authentication tag. *Returns:* Zero or a negative error code on error. *Since:* 3.6.3 gnutls_aead_cipher_encryptv2 ---------------------------- -- Function: int gnutls_aead_cipher_encryptv2 (gnutls_aead_cipher_hd_t HANDLE, const void * NONCE, size_t NONCE_LEN, const giovec_t * AUTH_IOV, int AUTH_IOVCNT, const giovec_t * IOV, int IOVCNT, void * TAG, size_t * TAG_SIZE) HANDLE: is a ‘gnutls_aead_cipher_hd_t’ type. NONCE: the nonce to set NONCE_LEN: The length of the nonce AUTH_IOV: additional data to be authenticated AUTH_IOVCNT: The number of buffers in ‘auth_iov’ IOV: the data to be encrypted IOVCNT: The number of buffers in ‘iov’ TAG: The authentication tag TAG_SIZE: The size of the tag to use (use zero for the default) This is similar to ‘gnutls_aead_cipher_encrypt()’ , but it performs in-place encryption on the provided data buffers. *Returns:* Zero or a negative error code on error. *Since:* 3.6.10 gnutls_aead_cipher_init ----------------------- -- Function: int gnutls_aead_cipher_init (gnutls_aead_cipher_hd_t * HANDLE, gnutls_cipher_algorithm_t CIPHER, const gnutls_datum_t * KEY) HANDLE: is a ‘gnutls_aead_cipher_hd_t’ type. CIPHER: the authenticated-encryption algorithm to use KEY: The key to be used for encryption This function will initialize an context that can be used for encryption/decryption of data. This will effectively use the current crypto backend in use by gnutls or the cryptographic accelerator in use. *Returns:* Zero or a negative error code on error. *Since:* 3.4.0 gnutls_aead_cipher_set_key -------------------------- -- Function: int gnutls_aead_cipher_set_key (gnutls_aead_cipher_hd_t HANDLE, const gnutls_datum_t * KEY) HANDLE: is a ‘gnutls_aead_cipher_hd_t’ type. KEY: The key to be used for encryption This function will set a new key without re-initializing the context. *Returns:* Zero or a negative error code on error. *Since:* 3.7.5 gnutls_cipher_add_auth ---------------------- -- Function: int gnutls_cipher_add_auth (gnutls_cipher_hd_t HANDLE, const void * PTEXT, size_t PTEXT_SIZE) HANDLE: is a ‘gnutls_cipher_hd_t’ type PTEXT: the data to be authenticated PTEXT_SIZE: the length of the data This function operates on authenticated encryption with associated data (AEAD) ciphers and authenticate the input data. This function can only be called once and before any encryption operations. *Returns:* Zero or a negative error code on error. *Since:* 3.0 gnutls_cipher_decrypt --------------------- -- Function: int gnutls_cipher_decrypt (gnutls_cipher_hd_t HANDLE, void * CTEXT, size_t CTEXT_LEN) HANDLE: is a ‘gnutls_cipher_hd_t’ type CTEXT: the data to decrypt CTEXT_LEN: the length of data to decrypt This function will decrypt the given data using the algorithm specified by the context. Note that in AEAD ciphers, this will not check the tag. You will need to compare the tag sent with the value returned from ‘gnutls_cipher_tag()’ . *Returns:* Zero or a negative error code on error. *Since:* 2.10.0 gnutls_cipher_decrypt2 ---------------------- -- Function: int gnutls_cipher_decrypt2 (gnutls_cipher_hd_t HANDLE, const void * CTEXT, size_t CTEXT_LEN, void * PTEXT, size_t PTEXT_LEN) HANDLE: is a ‘gnutls_cipher_hd_t’ type CTEXT: the data to decrypt CTEXT_LEN: the length of data to decrypt PTEXT: the decrypted data PTEXT_LEN: the available length for decrypted data This function will decrypt the given data using the algorithm specified by the context. For block ciphers the ‘ctext_len’ must be a multiple of the block size. For the supported ciphers the plaintext data length will equal the ciphertext size. Note that in AEAD ciphers, this will not check the tag. You will need to compare the tag sent with the value returned from ‘gnutls_cipher_tag()’ . *Returns:* Zero or a negative error code on error. *Since:* 2.12.0 gnutls_cipher_decrypt3 ---------------------- -- Function: int gnutls_cipher_decrypt3 (gnutls_cipher_hd_t HANDLE, const void * CTEXT, size_t CTEXT_LEN, void * PTEXT, size_t * PTEXT_LEN, unsigned FLAGS) HANDLE: is a ‘gnutls_cipher_hd_t’ type CTEXT: the data to decrypt CTEXT_LEN: the length of data to decrypt PTEXT: the decrypted data PTEXT_LEN: the available length for decrypted data FLAGS: flags for padding This function will decrypt the given data using the algorithm specified by the context. If ‘flags’ is specified, padding for the decrypted data will be removed accordingly and ‘ptext_len’ will be updated. *Returns:* Zero or a negative error code on error. *Since:* 3.7.7 gnutls_cipher_deinit -------------------- -- Function: void gnutls_cipher_deinit (gnutls_cipher_hd_t HANDLE) HANDLE: is a ‘gnutls_cipher_hd_t’ type This function will deinitialize all resources occupied by the given encryption context. *Since:* 2.10.0 gnutls_cipher_encrypt --------------------- -- Function: int gnutls_cipher_encrypt (gnutls_cipher_hd_t HANDLE, void * PTEXT, size_t PTEXT_LEN) HANDLE: is a ‘gnutls_cipher_hd_t’ type PTEXT: the data to encrypt PTEXT_LEN: the length of data to encrypt This function will encrypt the given data using the algorithm specified by the context. *Returns:* Zero or a negative error code on error. *Since:* 2.10.0 gnutls_cipher_encrypt2 ---------------------- -- Function: int gnutls_cipher_encrypt2 (gnutls_cipher_hd_t HANDLE, const void * PTEXT, size_t PTEXT_LEN, void * CTEXT, size_t CTEXT_LEN) HANDLE: is a ‘gnutls_cipher_hd_t’ type PTEXT: the data to encrypt PTEXT_LEN: the length of data to encrypt CTEXT: the encrypted data CTEXT_LEN: the available length for encrypted data This function will encrypt the given data using the algorithm specified by the context. For block ciphers the ‘ptext_len’ must be a multiple of the block size. For the supported ciphers the encrypted data length will equal the plaintext size. *Returns:* Zero or a negative error code on error. *Since:* 2.12.0 gnutls_cipher_encrypt3 ---------------------- -- Function: int gnutls_cipher_encrypt3 (gnutls_cipher_hd_t HANDLE, const void * PTEXT, size_t PTEXT_LEN, void * CTEXT, size_t * CTEXT_LEN, unsigned FLAGS) HANDLE: is a ‘gnutls_cipher_hd_t’ type PTEXT: the data to encrypt PTEXT_LEN: the length of data to encrypt CTEXT: the encrypted data CTEXT_LEN: the length of encrypted data (initially must hold the maximum available size) FLAGS: flags for padding This function will encrypt the given data using the algorithm specified by the context. For block ciphers, ‘ptext_len’ is typically a multiple of the block size. If not, the caller can instruct the function to pad the last block according to ‘flags’ . Currently, the only available padding scheme is ‘GNUTLS_CIPHER_PADDING_PKCS7’ . If ‘ctext’ is not ‘NULL’ , it must hold enough space to store resulting cipher text. To check the required size, this function can be called with ‘ctext’ set to ‘NULL’ . Then ‘ctext_len’ will be updated without performing actual encryption. *Returns:* Zero or a negative error code on error. *Since:* 3.7.7 gnutls_cipher_get_block_size ---------------------------- -- Function: unsigned gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t ALGORITHM) ALGORITHM: is an encryption algorithm *Returns:* the block size of the encryption algorithm. *Since:* 2.10.0 gnutls_cipher_get_iv_size ------------------------- -- Function: unsigned gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t ALGORITHM) ALGORITHM: is an encryption algorithm This function returns the size of the initialization vector (IV) for the provided algorithm. For algorithms with variable size IV (e.g., AES-CCM), the returned size will be the one used by TLS. *Returns:* block size for encryption algorithm. *Since:* 3.2.0 gnutls_cipher_get_tag_size -------------------------- -- Function: unsigned gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t ALGORITHM) ALGORITHM: is an encryption algorithm This function returns the tag size of an authenticated encryption algorithm. For non-AEAD algorithms, it returns zero. *Returns:* the tag size of the authenticated encryption algorithm. *Since:* 3.2.2 gnutls_cipher_init ------------------ -- Function: int gnutls_cipher_init (gnutls_cipher_hd_t * HANDLE, gnutls_cipher_algorithm_t CIPHER, const gnutls_datum_t * KEY, const gnutls_datum_t * IV) HANDLE: is a ‘gnutls_cipher_hd_t’ type CIPHER: the encryption algorithm to use KEY: the key to be used for encryption/decryption IV: the IV to use (if not applicable set NULL) This function will initialize the ‘handle’ context to be usable for encryption/decryption of data. This will effectively use the current crypto backend in use by gnutls or the cryptographic accelerator in use. *Returns:* Zero or a negative error code on error. *Since:* 2.10.0 gnutls_cipher_set_iv -------------------- -- Function: void gnutls_cipher_set_iv (gnutls_cipher_hd_t HANDLE, void * IV, size_t IVLEN) HANDLE: is a ‘gnutls_cipher_hd_t’ type IV: the IV to set IVLEN: the length of the IV This function will set the IV to be used for the next encryption block. *Since:* 3.0 gnutls_cipher_tag ----------------- -- Function: int gnutls_cipher_tag (gnutls_cipher_hd_t HANDLE, void * TAG, size_t TAG_SIZE) HANDLE: is a ‘gnutls_cipher_hd_t’ type TAG: will hold the tag TAG_SIZE: the length of the tag to return This function operates on authenticated encryption with associated data (AEAD) ciphers and will return the output tag. *Returns:* Zero or a negative error code on error. *Since:* 3.0 gnutls_crypto_register_aead_cipher ---------------------------------- -- Function: int gnutls_crypto_register_aead_cipher (gnutls_cipher_algorithm_t ALGORITHM, int PRIORITY, gnutls_cipher_init_func INIT, gnutls_cipher_setkey_func SETKEY, gnutls_cipher_aead_encrypt_func AEAD_ENCRYPT, gnutls_cipher_aead_decrypt_func AEAD_DECRYPT, gnutls_cipher_deinit_func DEINIT) ALGORITHM: is the gnutls AEAD cipher identifier PRIORITY: is the priority of the algorithm INIT: A function which initializes the cipher SETKEY: A function which sets the key of the cipher AEAD_ENCRYPT: Perform the AEAD encryption AEAD_DECRYPT: Perform the AEAD decryption DEINIT: A function which deinitializes the cipher This function will register a cipher algorithm to be used by gnutls. Any algorithm registered will override the included algorithms and by convention kernel implemented algorithms have priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be used by gnutls. In the case the registered init or setkey functions return ‘GNUTLS_E_NEED_FALLBACK’ , GnuTLS will attempt to use the next in priority registered cipher. The functions registered will be used with the new AEAD API introduced in GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API. *Deprecated:* since 3.7.0 it is no longer possible to override cipher implementation *Returns:* ‘GNUTLS_E_SUCCESS’ on success, otherwise a negative error code. *Since:* 3.4.0 gnutls_crypto_register_cipher ----------------------------- -- Function: int gnutls_crypto_register_cipher (gnutls_cipher_algorithm_t ALGORITHM, int PRIORITY, gnutls_cipher_init_func INIT, gnutls_cipher_setkey_func SETKEY, gnutls_cipher_setiv_func SETIV, gnutls_cipher_encrypt_func ENCRYPT, gnutls_cipher_decrypt_func DECRYPT, gnutls_cipher_deinit_func DEINIT) ALGORITHM: is the gnutls algorithm identifier PRIORITY: is the priority of the algorithm INIT: A function which initializes the cipher SETKEY: A function which sets the key of the cipher SETIV: A function which sets the nonce/IV of the cipher (non-AEAD) ENCRYPT: A function which performs encryption (non-AEAD) DECRYPT: A function which performs decryption (non-AEAD) DEINIT: A function which deinitializes the cipher This function will register a cipher algorithm to be used by gnutls. Any algorithm registered will override the included algorithms and by convention kernel implemented algorithms have priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be used by gnutls. In the case the registered init or setkey functions return ‘GNUTLS_E_NEED_FALLBACK’ , GnuTLS will attempt to use the next in priority registered cipher. The functions which are marked as non-AEAD they are not required when registering a cipher to be used with the new AEAD API introduced in GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API. *Deprecated:* since 3.7.0 it is no longer possible to override cipher implementation *Returns:* ‘GNUTLS_E_SUCCESS’ on success, otherwise a negative error code. *Since:* 3.4.0 gnutls_crypto_register_digest ----------------------------- -- Function: int gnutls_crypto_register_digest (gnutls_digest_algorithm_t ALGORITHM, int PRIORITY, gnutls_digest_init_func INIT, gnutls_digest_hash_func HASH, gnutls_digest_output_func OUTPUT, gnutls_digest_deinit_func DEINIT, gnutls_digest_fast_func HASH_FAST) ALGORITHM: is the gnutls digest identifier PRIORITY: is the priority of the algorithm INIT: A function which initializes the digest HASH: Perform the hash operation OUTPUT: Provide the output of the digest DEINIT: A function which deinitializes the digest HASH_FAST: Perform the digest operation in one go This function will register a digest algorithm to be used by gnutls. Any algorithm registered will override the included algorithms and by convention kernel implemented algorithms have priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be used by gnutls. *Deprecated:* since 3.7.0 it is no longer possible to override cipher implementation *Returns:* ‘GNUTLS_E_SUCCESS’ on success, otherwise a negative error code. *Since:* 3.4.0 gnutls_crypto_register_mac -------------------------- -- Function: int gnutls_crypto_register_mac (gnutls_mac_algorithm_t ALGORITHM, int PRIORITY, gnutls_mac_init_func INIT, gnutls_mac_setkey_func SETKEY, gnutls_mac_setnonce_func SETNONCE, gnutls_mac_hash_func HASH, gnutls_mac_output_func OUTPUT, gnutls_mac_deinit_func DEINIT, gnutls_mac_fast_func HASH_FAST) ALGORITHM: is the gnutls MAC identifier PRIORITY: is the priority of the algorithm INIT: A function which initializes the MAC SETKEY: A function which sets the key of the MAC SETNONCE: A function which sets the nonce for the mac (may be ‘NULL’ for common MAC algorithms) HASH: Perform the hash operation OUTPUT: Provide the output of the MAC DEINIT: A function which deinitializes the MAC HASH_FAST: Perform the MAC operation in one go This function will register a MAC algorithm to be used by gnutls. Any algorithm registered will override the included algorithms and by convention kernel implemented algorithms have priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be used by gnutls. *Deprecated:* since 3.7.0 it is no longer possible to override cipher implementation *Returns:* ‘GNUTLS_E_SUCCESS’ on success, otherwise a negative error code. *Since:* 3.4.0 gnutls_decode_ber_digest_info ----------------------------- -- Function: int gnutls_decode_ber_digest_info (const gnutls_datum_t * INFO, gnutls_digest_algorithm_t * HASH, unsigned char * DIGEST, unsigned int * DIGEST_SIZE) INFO: an RSA BER encoded DigestInfo structure HASH: will contain the hash algorithm of the structure DIGEST: will contain the hash output of the structure DIGEST_SIZE: will contain the hash size of the structure; initially must hold the maximum size of ‘digest’ This function will parse an RSA PKCS‘1’ 1.5 DigestInfo structure and report the hash algorithm used as well as the digest data. *Returns:* On success, ‘GNUTLS_E_SUCCESS’ (0) is returned, otherwise an error code is returned. *Since:* 3.5.0 gnutls_decode_gost_rs_value --------------------------- -- Function: int gnutls_decode_gost_rs_value (const gnutls_datum_t * SIG_VALUE, gnutls_datum_t * R, gnutls_datum_t * S) SIG_VALUE: will holds a GOST signature according to RFC 4491 section 2.2.2 R: will contain the r value S: will contain the s value This function will decode the provided ‘sig_value’ , into ‘r’ and ‘s’ elements. See RFC 4491 section 2.2.2 for the format of signature value. The output values may be padded with a zero byte to prevent them from being interpreted as negative values. The value should be deallocated using ‘gnutls_free()’ . *Returns:* On success, ‘GNUTLS_E_SUCCESS’ (0) is returned, otherwise an error code is returned. *Since:* 3.6.0 gnutls_decode_rs_value ---------------------- -- Function: int gnutls_decode_rs_value (const gnutls_datum_t * SIG_VALUE, gnutls_datum_t * R, gnutls_datum_t * S) SIG_VALUE: holds a Dss-Sig-Value DER or BER encoded structure R: will contain the r value S: will contain the s value This function will decode the provided ‘sig_value’ , into ‘r’ and ‘s’ elements. The Dss-Sig-Value is used for DSA and ECDSA signatures. The output values may be padded with a zero byte to prevent them from being interpreted as negative values. The value should be deallocated using ‘gnutls_free()’ . *Returns:* On success, ‘GNUTLS_E_SUCCESS’ (0) is returned, otherwise an error code is returned. *Since:* 3.6.0 gnutls_encode_ber_digest_info ----------------------------- -- Function: int gnutls_encode_ber_digest_info (gnutls_digest_algorithm_t HASH, const gnutls_datum_t * DIGEST, gnutls_datum_t * OUTPUT) HASH: the hash algorithm that was used to get the digest DIGEST: must contain the digest data OUTPUT: will contain the allocated DigestInfo BER encoded data This function will encode the provided digest data, and its algorithm into an RSA PKCS‘1’ 1.5 DigestInfo structure. *Returns:* On success, ‘GNUTLS_E_SUCCESS’ (0) is returned, otherwise an error code is returned. *Since:* 3.5.0 gnutls_encode_gost_rs_value --------------------------- -- Function: int gnutls_encode_gost_rs_value (gnutls_datum_t * SIG_VALUE, const gnutls_datum_t * R, const gnutls_datum_t * S) SIG_VALUE: will hold a GOST signature according to RFC 4491 section 2.2.2 R: must contain the r value S: must contain the s value This function will encode the provided r and s values, into binary representation according to RFC 4491 section 2.2.2, used for GOST R 34.10-2001 (and thus also for GOST R 34.10-2012) signatures. The output value should be deallocated using ‘gnutls_free()’ . *Returns:* On success, ‘GNUTLS_E_SUCCESS’ (0) is returned, otherwise an error code is returned. *Since:* 3.6.0 gnutls_encode_rs_value ---------------------- -- Function: int gnutls_encode_rs_value (gnutls_datum_t * SIG_VALUE, const gnutls_datum_t * R, const gnutls_datum_t * S) SIG_VALUE: will hold a Dss-Sig-Value DER encoded structure R: must contain the r value S: must contain the s value This function will encode the provided r and s values, into a Dss-Sig-Value structure, used for DSA and ECDSA signatures. The output value should be deallocated using ‘gnutls_free()’ . *Returns:* On success, ‘GNUTLS_E_SUCCESS’ (0) is returned, otherwise an error code is returned. *Since:* 3.6.0 gnutls_hash ----------- -- Function: int gnutls_hash (gnutls_hash_hd_t HANDLE, const void * PTEXT, size_t PTEXT_LEN) HANDLE: is a ‘gnutls_hash_hd_t’ type PTEXT: the data to hash PTEXT_LEN: the length of data to hash This function will hash the given data using the algorithm specified by the context. *Returns:* Zero or a negative error code on error. *Since:* 2.10.0 gnutls_hash_copy ---------------- -- Function: gnutls_hash_hd_t gnutls_hash_copy (gnutls_hash_hd_t HANDLE) HANDLE: is a ‘gnutls_hash_hd_t’ type This function will create a copy of Message Digest context, containing all its current state. Copying contexts for Message Digests registered using ‘gnutls_crypto_register_digest()’ is not supported and will always result in an error. In addition to that, some of the Message Digest implementations do not support this operation. Applications should check the return value and provide a proper fallback. *Returns:* new Message Digest context or NULL in case of an error. *Since:* 3.6.9 gnutls_hash_deinit ------------------ -- Function: void gnutls_hash_deinit (gnutls_hash_hd_t HANDLE, void * DIGEST) HANDLE: is a ‘gnutls_hash_hd_t’ type DIGEST: is the output value of the hash This function will deinitialize all resources occupied by the given hash context. *Since:* 2.10.0 gnutls_hash_fast ---------------- -- Function: int gnutls_hash_fast (gnutls_digest_algorithm_t ALGORITHM, const void * PTEXT, size_t PTEXT_LEN, void * DIGEST) ALGORITHM: the hash algorithm to use PTEXT: the data to hash PTEXT_LEN: the length of data to hash DIGEST: is the output value of the hash This convenience function will hash the given data and return output on a single call. *Returns:* Zero or a negative error code on error. *Since:* 2.10.0 gnutls_hash_get_len ------------------- -- Function: unsigned gnutls_hash_get_len (gnutls_digest_algorithm_t ALGORITHM) ALGORITHM: the hash algorithm to use This function will return the length of the output data of the given hash algorithm. *Returns:* The length or zero on error. *Since:* 2.10.0 gnutls_hash_init ---------------- -- Function: int gnutls_hash_init (gnutls_hash_hd_t * DIG, gnutls_digest_algorithm_t ALGORITHM) DIG: is a ‘gnutls_hash_hd_t’ type ALGORITHM: the hash algorithm to use This function will initialize an context that can be used to produce a Message Digest of data. This will effectively use the current crypto backend in use by gnutls or the cryptographic accelerator in use. *Returns:* Zero or a negative error code on error. *Since:* 2.10.0 gnutls_hash_output ------------------ -- Function: void gnutls_hash_output (gnutls_hash_hd_t HANDLE, void * DIGEST) HANDLE: is a ‘gnutls_hash_hd_t’ type DIGEST: is the output value of the hash This function will output the current hash value and reset the state of the hash. If ‘digest’ is ‘NULL’ , it only resets the state of the hash. *Since:* 2.10.0 gnutls_hash_squeeze ------------------- -- Function: int gnutls_hash_squeeze (gnutls_hash_hd_t HANDLE, void * OUTPUT, size_t LENGTH) HANDLE: a ‘gnutls_hash_hd_t’ OUTPUT: destination to store the output; must be equal to or larger than ‘length’ LENGTH: length of ‘output’ This function will extract digest output of ‘length’ bytes. The ‘handle’ must be initialized with ‘gnutls_hash_init()’ as an extended output function (XOF), such as ‘GNUTLS_DIG_SHAKE_128’ or ‘GNUTLS_DIG_SHAKE_256’ . This function can be called multiple times. To reset the state of ‘handle’ , call ‘gnutls_hash_deinit()’ with ‘NULL’ as the digest argument. *Returns:* ‘GNUTLS_E_SUCCESS’ (0) on success; negative error code otherwise. *Since:* 3.8.6 gnutls_hkdf_expand ------------------ -- Function: int gnutls_hkdf_expand (gnutls_mac_algorithm_t MAC, const gnutls_datum_t * KEY, const gnutls_datum_t * INFO, void * OUTPUT, size_t LENGTH) MAC: the mac algorithm used internally KEY: the pseudorandom key created with HKDF-Extract INFO: the optional informational data OUTPUT: the output value of the expand operation LENGTH: the desired length of the output key This function will derive a variable length keying material from the pseudorandom key using the HKDF-Expand function as defined in RFC 5869. *Returns:* Zero or a negative error code on error. *Since:* 3.6.13 gnutls_hkdf_extract ------------------- -- Function: int gnutls_hkdf_extract (gnutls_mac_algorithm_t MAC, const gnutls_datum_t * KEY, const gnutls_datum_t * SALT, void * OUTPUT) MAC: the mac algorithm used internally KEY: the initial keying material SALT: the optional salt OUTPUT: the output value of the extract operation This function will derive a fixed-size key using the HKDF-Extract function as defined in RFC 5869. *Returns:* Zero or a negative error code on error. *Since:* 3.6.13 gnutls_hmac ----------- -- Function: int gnutls_hmac (gnutls_hmac_hd_t HANDLE, const void * PTEXT, size_t PTEXT_LEN) HANDLE: is a ‘gnutls_hmac_hd_t’ type PTEXT: the data to hash PTEXT_LEN: the length of data to hash This function will hash the given data using the algorithm specified by the context. *Returns:* Zero or a negative error code on error. *Since:* 2.10.0 gnutls_hmac_copy ---------------- -- Function: gnutls_hmac_hd_t gnutls_hmac_copy (gnutls_hmac_hd_t HANDLE) HANDLE: is a ‘gnutls_hmac_hd_t’ type This function will create a copy of MAC context, containing all its current state. Copying contexts for MACs registered using ‘gnutls_crypto_register_mac()’ is not supported and will always result in an error. In addition to that, some of the MAC implementations do not support this operation. Applications should check the return value and provide a proper fallback. *Returns:* new MAC context or NULL in case of an error. *Since:* 3.6.9 gnutls_hmac_deinit ------------------ -- Function: void gnutls_hmac_deinit (gnutls_hmac_hd_t HANDLE, void * DIGEST) HANDLE: is a ‘gnutls_hmac_hd_t’ type DIGEST: is the output value of the MAC This function will deinitialize all resources occupied by the given hmac context. *Since:* 2.10.0 gnutls_hmac_fast ---------------- -- Function: int gnutls_hmac_fast (gnutls_mac_algorithm_t ALGORITHM, const void * KEY, size_t KEYLEN, const void * PTEXT, size_t PTEXT_LEN, void * DIGEST) ALGORITHM: the hash algorithm to use KEY: the key to use KEYLEN: the length of the key PTEXT: the data to hash PTEXT_LEN: the length of data to hash DIGEST: is the output value of the hash This convenience function will hash the given data and return output on a single call. Note, this call will not work for MAC algorithms that require nonce (like UMAC or GMAC). *Returns:* Zero or a negative error code on error. *Since:* 2.10.0 gnutls_hmac_get_key_size ------------------------ -- Function: unsigned gnutls_hmac_get_key_size (gnutls_mac_algorithm_t ALGORITHM) ALGORITHM: the mac algorithm to use This function will return the size of the key to be used with this algorithm. On the algorithms which may accept arbitrary key sizes, the returned size is the MAC key size used in the TLS protocol. *Returns:* The key size or zero on error. *Since:* 3.6.12 gnutls_hmac_get_len ------------------- -- Function: unsigned gnutls_hmac_get_len (gnutls_mac_algorithm_t ALGORITHM) ALGORITHM: the hmac algorithm to use This function will return the length of the output data of the given hmac algorithm. *Returns:* The length or zero on error. *Since:* 2.10.0 gnutls_hmac_init ---------------- -- Function: int gnutls_hmac_init (gnutls_hmac_hd_t * DIG, gnutls_mac_algorithm_t ALGORITHM, const void * KEY, size_t KEYLEN) DIG: is a ‘gnutls_hmac_hd_t’ type ALGORITHM: the HMAC algorithm to use KEY: the key to be used for encryption KEYLEN: the length of the key This function will initialize an context that can be used to produce a Message Authentication Code (MAC) of data. This will effectively use the current crypto backend in use by gnutls or the cryptographic accelerator in use. Note that despite the name of this function, it can be used for other MAC algorithms than HMAC. *Returns:* Zero or a negative error code on error. *Since:* 2.10.0 gnutls_hmac_output ------------------ -- Function: void gnutls_hmac_output (gnutls_hmac_hd_t HANDLE, void * DIGEST) HANDLE: is a ‘gnutls_hmac_hd_t’ type DIGEST: is the output value of the MAC This function will output the current MAC value and reset the state of the MAC. *Since:* 2.10.0 gnutls_hmac_set_nonce --------------------- -- Function: void gnutls_hmac_set_nonce (gnutls_hmac_hd_t HANDLE, const void * NONCE, size_t NONCE_LEN) HANDLE: is a ‘gnutls_hmac_hd_t’ type NONCE: the data to set as nonce NONCE_LEN: the length of data This function will set the nonce in the MAC algorithm. *Since:* 3.2.0 gnutls_mac_get_nonce_size ------------------------- -- Function: size_t gnutls_mac_get_nonce_size (gnutls_mac_algorithm_t ALGORITHM) ALGORITHM: is an encryption algorithm Returns the size of the nonce used by the MAC in TLS. *Returns:* length (in bytes) of the given MAC nonce size, or 0. *Since:* 3.2.0 gnutls_pbkdf2 ------------- -- Function: int gnutls_pbkdf2 (gnutls_mac_algorithm_t MAC, const gnutls_datum_t * KEY, const gnutls_datum_t * SALT, unsigned ITER_COUNT, void * OUTPUT, size_t LENGTH) MAC: the mac algorithm used internally KEY: the initial keying material SALT: the salt ITER_COUNT: the iteration count OUTPUT: the output value LENGTH: the desired length of the output key This function will derive a variable length keying material from a password according to PKCS ‘5’ PBKDF2. *Returns:* Zero or a negative error code on error. *Since:* 3.6.13 gnutls_rnd ---------- -- Function: int gnutls_rnd (gnutls_rnd_level_t LEVEL, void * DATA, size_t LEN) LEVEL: a security level DATA: place to store random bytes LEN: The requested size This function will generate random data and store it to output buffer. The value of ‘level’ should be one of ‘GNUTLS_RND_NONCE’ , ‘GNUTLS_RND_RANDOM’ and ‘GNUTLS_RND_KEY’ . See the manual and ‘gnutls_rnd_level_t’ for detailed information. This function is thread-safe and also fork-safe. *Returns:* Zero on success, or a negative error code on error. *Since:* 2.12.0 gnutls_rnd_refresh ------------------ -- Function: void gnutls_rnd_refresh ( VOID) This function refreshes the random generator state. That is the current precise time, CPU usage, and other values are input into its state. On a slower rate input from /dev/urandom is mixed too. *Since:* 3.1.7