Previous: Random number generation, Up: Using GnuTLS as a cryptographic library [Contents][Index]

In systems which provide a hardware accelerated cipher implementation that is not directly supported by GnuTLS, it is possible to utilize it. There are functions which allow overriding the default cipher, digest and MAC implementations. Those are described below.

To override public key operations see Abstract private keys.

- Function:
*int***gnutls_crypto_register_cipher***(gnutls_cipher_algorithm_t*`algorithm`, int`priority`, gnutls_cipher_init_func`init`, gnutls_cipher_setkey_func`setkey`, gnutls_cipher_setiv_func`setiv`, gnutls_cipher_encrypt_func`encrypt`, gnutls_cipher_decrypt_func`decrypt`, gnutls_cipher_deinit_func`deinit`) `algorithm`: is the gnutls algorithm identifier`priority`: is the priority of the algorithm`init`: A function which initializes the cipher`setkey`: A function which sets the key of the cipher`setiv`: A function which sets the nonce/IV of the cipher (non-AEAD)`encrypt`: A function which performs encryption (non-AEAD)`decrypt`: A function which performs decryption (non-AEAD)`deinit`: A function which deinitializes the cipherThis function will register a cipher algorithm to be used by gnutls. Any algorithm registered will override the included algorithms and by convention kernel implemented algorithms have priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be used by gnutls.

In the case the registered init or setkey functions return

`GNUTLS_E_NEED_FALLBACK`

, GnuTLS will attempt to use the next in priority registered cipher.The functions which are marked as non-AEAD they are not required when registering a cipher to be used with the new AEAD API introduced in GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API.

**Returns:**`GNUTLS_E_SUCCESS`

on success, otherwise a negative error code.**Since:**3.4.0

- Function:
*int***gnutls_crypto_register_aead_cipher***(gnutls_cipher_algorithm_t*`algorithm`, int`priority`, gnutls_cipher_init_func`init`, gnutls_cipher_setkey_func`setkey`, gnutls_cipher_aead_encrypt_func`aead_encrypt`, gnutls_cipher_aead_decrypt_func`aead_decrypt`, gnutls_cipher_deinit_func`deinit`) `algorithm`: is the gnutls AEAD cipher identifier`priority`: is the priority of the algorithm`init`: A function which initializes the cipher`setkey`: A function which sets the key of the cipher`aead_encrypt`: Perform the AEAD encryption`aead_decrypt`: Perform the AEAD decryption`deinit`: A function which deinitializes the cipherThis function will register a cipher algorithm to be used by gnutls. Any algorithm registered will override the included algorithms and by convention kernel implemented algorithms have priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be used by gnutls.

In the case the registered init or setkey functions return

`GNUTLS_E_NEED_FALLBACK`

, GnuTLS will attempt to use the next in priority registered cipher.The functions registered will be used with the new AEAD API introduced in GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API.

**Returns:**`GNUTLS_E_SUCCESS`

on success, otherwise a negative error code.**Since:**3.4.0

- Function:
*int***gnutls_crypto_register_mac***(gnutls_mac_algorithm_t*`algorithm`, int`priority`, gnutls_mac_init_func`init`, gnutls_mac_setkey_func`setkey`, gnutls_mac_setnonce_func`setnonce`, gnutls_mac_hash_func`hash`, gnutls_mac_output_func`output`, gnutls_mac_deinit_func`deinit`, gnutls_mac_fast_func`hash_fast`) `algorithm`: is the gnutls MAC identifier`priority`: is the priority of the algorithm`init`: A function which initializes the MAC`setkey`: A function which sets the key of the MAC`setnonce`: A function which sets the nonce for the mac (may be`NULL`

for common MAC algorithms)`hash`: Perform the hash operation`output`: Provide the output of the MAC`deinit`: A function which deinitializes the MAC`hash_fast`: Perform the MAC operation in one goThis function will register a MAC algorithm to be used by gnutls. Any algorithm registered will override the included algorithms and by convention kernel implemented algorithms have priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be used by gnutls.

**Returns:**`GNUTLS_E_SUCCESS`

on success, otherwise a negative error code.**Since:**3.4.0

- Function:
*int***gnutls_crypto_register_digest***(gnutls_digest_algorithm_t*`algorithm`, int`priority`, gnutls_digest_init_func`init`, gnutls_digest_hash_func`hash`, gnutls_digest_output_func`output`, gnutls_digest_deinit_func`deinit`, gnutls_digest_fast_func`hash_fast`) `algorithm`: is the gnutls digest identifier`priority`: is the priority of the algorithm`init`: A function which initializes the digest`hash`: Perform the hash operation`output`: Provide the output of the digest`deinit`: A function which deinitializes the digest`hash_fast`: Perform the digest operation in one goThis function will register a digest algorithm to be used by gnutls. Any algorithm registered will override the included algorithms and by convention kernel implemented algorithms have priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be used by gnutls.

**Returns:**`GNUTLS_E_SUCCESS`

on success, otherwise a negative error code.**Since:**3.4.0

Previous: Random number generation, Up: Using GnuTLS as a cryptographic library [Contents][Index]