1 /* ---- NUMBER THEORY ---- */ 2 3 enum { 4 PK_PUBLIC=0, 5 PK_PRIVATE=1 6 }; 7 8 int rand_prime(void *N, long len, prng_state *prng, int wprng); 9 10 /* ---- RSA ---- */ 11 #ifdef MRSA 12 13 /* Min and Max RSA key sizes (in bits) */ 14 #define MIN_RSA_SIZE 1024 15 #define MAX_RSA_SIZE 4096 16 17 /** RSA PKCS style key */ 18 typedef struct Rsa_key { 19 /** Type of key, PK_PRIVATE or PK_PUBLIC */ 20 int type; 21 /** The public exponent */ 22 void *e; 23 /** The private exponent */ 24 void *d; 25 /** The modulus */ 26 void *N; 27 /** The p factor of N */ 28 void *p; 29 /** The q factor of N */ 30 void *q; 31 /** The 1/q mod p CRT param */ 32 void *qP; 33 /** The d mod (p - 1) CRT param */ 34 void *dP; 35 /** The d mod (q - 1) CRT param */ 36 void *dQ; 37 } rsa_key; 38 39 int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key); 40 41 int rsa_exptmod(const unsigned char *in, unsigned long inlen, 42 unsigned char *out, unsigned long *outlen, int which, 43 rsa_key *key); 44 45 void rsa_free(rsa_key *key); 46 47 /* These use PKCS #1 v2.0 padding */ 48 #define rsa_encrypt_key(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _prng, _prng_idx, _hash_idx, _key) \ 49 rsa_encrypt_key_ex(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _prng, _prng_idx, _hash_idx, LTC_PKCS_1_OAEP, _key) 50 51 #define rsa_decrypt_key(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _hash_idx, _stat, _key) \ 52 rsa_decrypt_key_ex(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _hash_idx, LTC_PKCS_1_OAEP, _stat, _key) 53 54 #define rsa_sign_hash(_in, _inlen, _out, _outlen, _prng, _prng_idx, _hash_idx, _saltlen, _key) \ 55 rsa_sign_hash_ex(_in, _inlen, _out, _outlen, LTC_PKCS_1_PSS, _prng, _prng_idx, _hash_idx, _saltlen, _key) 56 57 #define rsa_verify_hash(_sig, _siglen, _hash, _hashlen, _hash_idx, _saltlen, _stat, _key) \ 58 rsa_verify_hash_ex(_sig, _siglen, _hash, _hashlen, LTC_PKCS_1_PSS, _hash_idx, _saltlen, _stat, _key) 59 60 /* These can be switched between PKCS #1 v2.x and PKCS #1 v1.5 paddings */ 61 int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen, 62 unsigned char *out, unsigned long *outlen, 63 const unsigned char *lparam, unsigned long lparamlen, 64 prng_state *prng, int prng_idx, int hash_idx, int padding, rsa_key *key); 65 66 int rsa_decrypt_key_ex(const unsigned char *in, unsigned long inlen, 67 unsigned char *out, unsigned long *outlen, 68 const unsigned char *lparam, unsigned long lparamlen, 69 int hash_idx, int padding, 70 int *stat, rsa_key *key); 71 72 int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen, 73 unsigned char *out, unsigned long *outlen, 74 int padding, 75 prng_state *prng, int prng_idx, 76 int hash_idx, unsigned long saltlen, 77 rsa_key *key); 78 79 int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, 80 const unsigned char *hash, unsigned long hashlen, 81 int padding, 82 int hash_idx, unsigned long saltlen, 83 int *stat, rsa_key *key); 84 85 /* PKCS #1 import/export */ 86 int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key); 87 int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key); 88 89 #endif 90 91 /* ---- Katja ---- */ 92 #ifdef MKAT 93 94 /* Min and Max KAT key sizes (in bits) */ 95 #define MIN_KAT_SIZE 1024 96 #define MAX_KAT_SIZE 4096 97 98 /** Katja PKCS style key */ 99 typedef struct KAT_key { 100 /** Type of key, PK_PRIVATE or PK_PUBLIC */ 101 int type; 102 /** The private exponent */ 103 void *d; 104 /** The modulus */ 105 void *N; 106 /** The p factor of N */ 107 void *p; 108 /** The q factor of N */ 109 void *q; 110 /** The 1/q mod p CRT param */ 111 void *qP; 112 /** The d mod (p - 1) CRT param */ 113 void *dP; 114 /** The d mod (q - 1) CRT param */ 115 void *dQ; 116 /** The pq param */ 117 void *pq; 118 } katja_key; 119 120 int katja_make_key(prng_state *prng, int wprng, int size, katja_key *key); 121 122 int katja_exptmod(const unsigned char *in, unsigned long inlen, 123 unsigned char *out, unsigned long *outlen, int which, 124 katja_key *key); 125 126 void katja_free(katja_key *key); 127 128 /* These use PKCS #1 v2.0 padding */ 129 int katja_encrypt_key(const unsigned char *in, unsigned long inlen, 130 unsigned char *out, unsigned long *outlen, 131 const unsigned char *lparam, unsigned long lparamlen, 132 prng_state *prng, int prng_idx, int hash_idx, katja_key *key); 133 134 int katja_decrypt_key(const unsigned char *in, unsigned long inlen, 135 unsigned char *out, unsigned long *outlen, 136 const unsigned char *lparam, unsigned long lparamlen, 137 int hash_idx, int *stat, 138 katja_key *key); 139 140 /* PKCS #1 import/export */ 141 int katja_export(unsigned char *out, unsigned long *outlen, int type, katja_key *key); 142 int katja_import(const unsigned char *in, unsigned long inlen, katja_key *key); 143 144 #endif 145 146 /* ---- ECC Routines ---- */ 147 #ifdef MECC 148 149 /* size of our temp buffers for exported keys */ 150 #define ECC_BUF_SIZE 256 151 152 /* max private key size */ 153 #define ECC_MAXSIZE 66 154 155 /** Structure defines a NIST GF(p) curve */ 156 typedef struct { 157 /** The size of the curve in octets */ 158 int size; 159 160 /** name of curve */ 161 char *name; 162 163 /** The prime that defines the field the curve is in (encoded in hex) */ 164 char *prime; 165 166 /** The fields B param (hex) */ 167 char *B; 168 169 /** The order of the curve (hex) */ 170 char *order; 171 172 /** The x co-ordinate of the base point on the curve (hex) */ 173 char *Gx; 174 175 /** The y co-ordinate of the base point on the curve (hex) */ 176 char *Gy; 177 } ltc_ecc_set_type; 178 179 /** A point on a ECC curve, stored in Jacbobian format such that (x,y,z) => (x/z^2, y/z^3, 1) when interpretted as affine */ 180 typedef struct { 181 /** The x co-ordinate */ 182 void *x; 183 184 /** The y co-ordinate */ 185 void *y; 186 187 /** The z co-ordinate */ 188 void *z; 189 } ecc_point; 190 191 /** An ECC key */ 192 typedef struct { 193 /** Type of key, PK_PRIVATE or PK_PUBLIC */ 194 int type; 195 196 /** Index into the ltc_ecc_sets[] for the parameters of this curve; if -1, then this key is using user supplied curve in dp */ 197 int idx; 198 199 /** pointer to domain parameters; either points to NIST curves (identified by idx >= 0) or user supplied curve */ 200 const ltc_ecc_set_type *dp; 201 202 /** The public key */ 203 ecc_point pubkey; 204 205 /** The private key */ 206 void *k; 207 } ecc_key; 208 209 /** the ECC params provided */ 210 extern const ltc_ecc_set_type ltc_ecc_sets[]; 211 212 int ecc_test(void); 213 void ecc_sizes(int *low, int *high); 214 int ecc_get_size(ecc_key *key); 215 216 int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key); 217 int ecc_make_key_ex(prng_state *prng, int wprng, ecc_key *key, const ltc_ecc_set_type *dp); 218 void ecc_free(ecc_key *key); 219 220 int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key); 221 int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key); 222 int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_set_type *dp); 223 224 int ecc_ansi_x963_export(ecc_key *key, unsigned char *out, unsigned long *outlen); 225 int ecc_ansi_x963_import(const unsigned char *in, unsigned long inlen, ecc_key *key); 226 int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, ltc_ecc_set_type *dp); 227 228 int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key, 229 unsigned char *out, unsigned long *outlen); 230 231 int ecc_encrypt_key(const unsigned char *in, unsigned long inlen, 232 unsigned char *out, unsigned long *outlen, 233 prng_state *prng, int wprng, int hash, 234 ecc_key *key); 235 236 int ecc_decrypt_key(const unsigned char *in, unsigned long inlen, 237 unsigned char *out, unsigned long *outlen, 238 ecc_key *key); 239 240 int ecc_sign_hash(const unsigned char *in, unsigned long inlen, 241 unsigned char *out, unsigned long *outlen, 242 prng_state *prng, int wprng, ecc_key *key); 243 244 int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, 245 const unsigned char *hash, unsigned long hashlen, 246 int *stat, ecc_key *key); 247 248 /* low level functions */ 249 ecc_point *ltc_ecc_new_point(void); 250 void ltc_ecc_del_point(ecc_point *p); 251 int ltc_ecc_is_valid_idx(int n); 252 253 /* point ops (mp == montgomery digit) */ 254 #if !defined(MECC_ACCEL) || defined(LTM_DESC) || defined(GMP_DESC) 255 /* R = 2P */ 256 int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void *mp); 257 258 /* R = P + Q */ 259 int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *mp); 260 #endif 261 262 #if defined(MECC_FP) 263 int ltc_ecc_fp_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map); 264 int ltc_ecc_fp_save_state(unsigned char **out, unsigned long *outlen); 265 int ltc_ecc_fp_restore_state(unsigned char *in, unsigned long inlen); 266 void ltc_ecc_fp_free(void); 267 #endif 268 269 /* R = kG */ 270 int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map); 271 272 #ifdef LTC_ECC_SHAMIR 273 /* kA*A + kB*B = C */ 274 int ltc_ecc_mul2add(ecc_point *A, void *kA, 275 ecc_point *B, void *kB, 276 ecc_point *C, 277 void *modulus); 278 279 #ifdef MECC_FP 280 int ltc_ecc_fp_mul2add(ecc_point *A, void *kA, 281 ecc_point *B, void *kB, 282 ecc_point *C, void *modulus); 283 #endif 284 285 #endif 286 287 288 /* map P to affine from projective */ 289 int ltc_ecc_map(ecc_point *P, void *modulus, void *mp); 290 291 #endif 292 293 #ifdef MDSA 294 295 /* Max diff between group and modulus size in bytes */ 296 #define MDSA_DELTA 512 297 298 /* Max DSA group size in bytes (default allows 4k-bit groups) */ 299 #define MDSA_MAX_GROUP 512 300 301 /** DSA key structure */ 302 typedef struct { 303 /** The key type, PK_PRIVATE or PK_PUBLIC */ 304 int type; 305 306 /** The order of the sub-group used in octets */ 307 int qord; 308 309 /** The generator */ 310 void *g; 311 312 /** The prime used to generate the sub-group */ 313 void *q; 314 315 /** The large prime that generats the field the contains the sub-group */ 316 void *p; 317 318 /** The private key */ 319 void *x; 320 321 /** The public key */ 322 void *y; 323 } dsa_key; 324 325 int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key); 326 void dsa_free(dsa_key *key); 327 328 int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen, 329 void *r, void *s, 330 prng_state *prng, int wprng, dsa_key *key); 331 332 int dsa_sign_hash(const unsigned char *in, unsigned long inlen, 333 unsigned char *out, unsigned long *outlen, 334 prng_state *prng, int wprng, dsa_key *key); 335 336 int dsa_verify_hash_raw( void *r, void *s, 337 const unsigned char *hash, unsigned long hashlen, 338 int *stat, dsa_key *key); 339 340 int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, 341 const unsigned char *hash, unsigned long hashlen, 342 int *stat, dsa_key *key); 343 344 int dsa_encrypt_key(const unsigned char *in, unsigned long inlen, 345 unsigned char *out, unsigned long *outlen, 346 prng_state *prng, int wprng, int hash, 347 dsa_key *key); 348 349 int dsa_decrypt_key(const unsigned char *in, unsigned long inlen, 350 unsigned char *out, unsigned long *outlen, 351 dsa_key *key); 352 353 int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key); 354 int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key); 355 int dsa_verify_key(dsa_key *key, int *stat); 356 357 int dsa_shared_secret(void *private_key, void *base, 358 dsa_key *public_key, 359 unsigned char *out, unsigned long *outlen); 360 #endif 361 362 #ifdef LTC_DER 363 /* DER handling */ 364 365 enum { 366 LTC_ASN1_EOL, 367 LTC_ASN1_BOOLEAN, 368 LTC_ASN1_INTEGER, 369 LTC_ASN1_SHORT_INTEGER, 370 LTC_ASN1_BIT_STRING, 371 LTC_ASN1_OCTET_STRING, 372 LTC_ASN1_NULL, 373 LTC_ASN1_OBJECT_IDENTIFIER, 374 LTC_ASN1_IA5_STRING, 375 LTC_ASN1_PRINTABLE_STRING, 376 LTC_ASN1_UTF8_STRING, 377 LTC_ASN1_UTCTIME, 378 LTC_ASN1_CHOICE, 379 LTC_ASN1_SEQUENCE, 380 LTC_ASN1_SET, 381 LTC_ASN1_SETOF 382 }; 383 384 /** A LTC ASN.1 list type */ 385 typedef struct ltc_asn1_list_ { 386 /** The LTC ASN.1 enumerated type identifier */ 387 int type; 388 /** The data to encode or place for decoding */ 389 void *data; 390 /** The size of the input or resulting output */ 391 unsigned long size; 392 /** The used flag, this is used by the CHOICE ASN.1 type to indicate which choice was made */ 393 int used; 394 /** prev/next entry in the list */ 395 struct ltc_asn1_list_ *prev, *next, *child, *parent; 396 } ltc_asn1_list; 397 398 #define LTC_SET_ASN1(list, index, Type, Data, Size) \ 399 do { \ 400 int LTC_MACRO_temp = (index); \ 401 ltc_asn1_list *LTC_MACRO_list = (list); \ 402 LTC_MACRO_list[LTC_MACRO_temp].type = (Type); \ 403 LTC_MACRO_list[LTC_MACRO_temp].data = (void*)(Data); \ 404 LTC_MACRO_list[LTC_MACRO_temp].size = (Size); \ 405 LTC_MACRO_list[LTC_MACRO_temp].used = 0; \ 406 } while (0); 407 408 /* SEQUENCE */ 409 int der_encode_sequence_ex(ltc_asn1_list *list, unsigned long inlen, 410 unsigned char *out, unsigned long *outlen, int type_of); 411 412 #define der_encode_sequence(list, inlen, out, outlen) der_encode_sequence_ex(list, inlen, out, outlen, LTC_ASN1_SEQUENCE) 413 414 int der_decode_sequence_ex(const unsigned char *in, unsigned long inlen, 415 ltc_asn1_list *list, unsigned long outlen, int ordered); 416 417 #define der_decode_sequence(in, inlen, list, outlen) der_decode_sequence_ex(in, inlen, list, outlen, 1) 418 419 int der_length_sequence(ltc_asn1_list *list, unsigned long inlen, 420 unsigned long *outlen); 421 422 /* SET */ 423 #define der_decode_set(in, inlen, list, outlen) der_decode_sequence_ex(in, inlen, list, outlen, 0) 424 #define der_length_set der_length_sequence 425 int der_encode_set(ltc_asn1_list *list, unsigned long inlen, 426 unsigned char *out, unsigned long *outlen); 427 428 int der_encode_setof(ltc_asn1_list *list, unsigned long inlen, 429 unsigned char *out, unsigned long *outlen); 430 431 /* VA list handy helpers with triplets of <type, size, data> */ 432 int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...); 433 int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...); 434 435 /* FLEXI DECODER handle unknown list decoder */ 436 int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out); 437 void der_free_sequence_flexi(ltc_asn1_list *list); 438 void der_sequence_free(ltc_asn1_list *in); 439 440 /* BOOLEAN */ 441 int der_length_boolean(unsigned long *outlen); 442 int der_encode_boolean(int in, 443 unsigned char *out, unsigned long *outlen); 444 int der_decode_boolean(const unsigned char *in, unsigned long inlen, 445 int *out); 446 /* INTEGER */ 447 int der_encode_integer(void *num, unsigned char *out, unsigned long *outlen); 448 int der_decode_integer(const unsigned char *in, unsigned long inlen, void *num); 449 int der_length_integer(void *num, unsigned long *len); 450 451 /* INTEGER -- handy for 0..2^32-1 values */ 452 int der_decode_short_integer(const unsigned char *in, unsigned long inlen, unsigned long *num); 453 int der_encode_short_integer(unsigned long num, unsigned char *out, unsigned long *outlen); 454 int der_length_short_integer(unsigned long num, unsigned long *outlen); 455 456 /* BIT STRING */ 457 int der_encode_bit_string(const unsigned char *in, unsigned long inlen, 458 unsigned char *out, unsigned long *outlen); 459 int der_decode_bit_string(const unsigned char *in, unsigned long inlen, 460 unsigned char *out, unsigned long *outlen); 461 int der_length_bit_string(unsigned long nbits, unsigned long *outlen); 462 463 /* OCTET STRING */ 464 int der_encode_octet_string(const unsigned char *in, unsigned long inlen, 465 unsigned char *out, unsigned long *outlen); 466 int der_decode_octet_string(const unsigned char *in, unsigned long inlen, 467 unsigned char *out, unsigned long *outlen); 468 int der_length_octet_string(unsigned long noctets, unsigned long *outlen); 469 470 /* OBJECT IDENTIFIER */ 471 int der_encode_object_identifier(unsigned long *words, unsigned long nwords, 472 unsigned char *out, unsigned long *outlen); 473 int der_decode_object_identifier(const unsigned char *in, unsigned long inlen, 474 unsigned long *words, unsigned long *outlen); 475 int der_length_object_identifier(unsigned long *words, unsigned long nwords, unsigned long *outlen); 476 unsigned long der_object_identifier_bits(unsigned long x); 477 478 /* IA5 STRING */ 479 int der_encode_ia5_string(const unsigned char *in, unsigned long inlen, 480 unsigned char *out, unsigned long *outlen); 481 int der_decode_ia5_string(const unsigned char *in, unsigned long inlen, 482 unsigned char *out, unsigned long *outlen); 483 int der_length_ia5_string(const unsigned char *octets, unsigned long noctets, unsigned long *outlen); 484 485 int der_ia5_char_encode(int c); 486 int der_ia5_value_decode(int v); 487 488 /* Printable STRING */ 489 int der_encode_printable_string(const unsigned char *in, unsigned long inlen, 490 unsigned char *out, unsigned long *outlen); 491 int der_decode_printable_string(const unsigned char *in, unsigned long inlen, 492 unsigned char *out, unsigned long *outlen); 493 int der_length_printable_string(const unsigned char *octets, unsigned long noctets, unsigned long *outlen); 494 495 int der_printable_char_encode(int c); 496 int der_printable_value_decode(int v); 497 498 /* UTF-8 */ 499 #if (defined(SIZE_MAX) || __STDC_VERSION__ >= 199901L || defined(WCHAR_MAX) || defined(_WCHAR_T) || defined(_WCHAR_T_DEFINED)) && !defined(LTC_NO_WCHAR) 500 #include <wchar.h> 501 #else 502 typedef ulong32 wchar_t; 503 #endif 504 505 int der_encode_utf8_string(const wchar_t *in, unsigned long inlen, 506 unsigned char *out, unsigned long *outlen); 507 508 int der_decode_utf8_string(const unsigned char *in, unsigned long inlen, 509 wchar_t *out, unsigned long *outlen); 510 unsigned long der_utf8_charsize(const wchar_t c); 511 int der_length_utf8_string(const wchar_t *in, unsigned long noctets, unsigned long *outlen); 512 513 514 /* CHOICE */ 515 int der_decode_choice(const unsigned char *in, unsigned long *inlen, 516 ltc_asn1_list *list, unsigned long outlen); 517 518 /* UTCTime */ 519 typedef struct { 520 unsigned YY, /* year */ 521 MM, /* month */ 522 DD, /* day */ 523 hh, /* hour */ 524 mm, /* minute */ 525 ss, /* second */ 526 off_dir, /* timezone offset direction 0 == +, 1 == - */ 527 off_hh, /* timezone offset hours */ 528 off_mm; /* timezone offset minutes */ 529 } ltc_utctime; 530 531 int der_encode_utctime(ltc_utctime *utctime, 532 unsigned char *out, unsigned long *outlen); 533 534 int der_decode_utctime(const unsigned char *in, unsigned long *inlen, 535 ltc_utctime *out); 536 537 int der_length_utctime(ltc_utctime *utctime, unsigned long *outlen); 538 539 540 #endif 541 542 /* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_pk.h,v $ */ 543 /* $Revision: 1.77 $ */ 544 /* $Date: 2006/12/03 00:39:56 $ */ 545
