Home | History | Annotate | Download | only in axtls
      1 /*
      2  *  Copyright(C) 2006 Cameron Rich
      3  *
      4  *  This library is free software; you can redistribute it and/or modify
      5  *  it under the terms of the GNU Lesser General Public License as published by
      6  *  the Free Software Foundation; either version 2 of the License, or
      7  *  (at your option) any later version.
      8  *
      9  *  This library is distributed in the hope that it will be useful,
     10  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
     11  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     12  *  GNU Lesser General Public License for more details.
     13  *
     14  *  You should have received a copy of the GNU Lesser General Public License
     15  *  along with this library; if not, write to the Free Software
     16  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
     17  */
     18 
     19 /**
     20  * @file crypto.h
     21  */
     22 
     23 #ifndef HEADER_CRYPTO_H
     24 #define HEADER_CRYPTO_H
     25 
     26 #ifdef __cplusplus
     27 extern "C" {
     28 #endif
     29 
     30 #include "bigint.h"
     31 
     32 /**************************************************************************
     33  * AES declarations
     34  **************************************************************************/
     35 
     36 #define AES_MAXROUNDS			14
     37 
     38 typedef struct aes_key_st
     39 {
     40     uint16_t rounds;
     41     uint16_t key_size;
     42     uint32_t ks[(AES_MAXROUNDS+1)*8];
     43     uint8_t iv[16];
     44 } AES_CTX;
     45 
     46 typedef enum
     47 {
     48     AES_MODE_128,
     49     AES_MODE_256
     50 } AES_MODE;
     51 
     52 void AES_set_key(AES_CTX *ctx, const uint8_t *key,
     53         const uint8_t *iv, AES_MODE mode);
     54 void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg,
     55         uint8_t *out, int length);
     56 void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
     57 void AES_convert_key(AES_CTX *ctx);
     58 void AES_encrypt(const AES_CTX *ctx, uint32_t *data);
     59 void AES_decrypt(const AES_CTX *ctx, uint32_t *data);
     60 
     61 /**************************************************************************
     62  * RC4 declarations
     63  **************************************************************************/
     64 
     65 typedef struct
     66 {
     67     int x, y, m[256];
     68 } RC4_CTX;
     69 
     70 void RC4_setup(RC4_CTX *s, const uint8_t *key, int length);
     71 void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length);
     72 
     73 /**************************************************************************
     74  * SHA1 declarations
     75  **************************************************************************/
     76 
     77 #define SHA1_SIZE   20
     78 
     79 /*
     80  *  This structure will hold context information for the SHA-1
     81  *  hashing operation
     82  */
     83 typedef struct
     84 {
     85     uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest  */
     86     uint32_t Length_Low;            /* Message length in bits      */
     87     uint32_t Length_High;           /* Message length in bits      */
     88     uint16_t Message_Block_Index;   /* Index into message block array   */
     89     uint8_t Message_Block[64];      /* 512-bit message blocks      */
     90 } SHA1_CTX;
     91 
     92 void SHA1Init(SHA1_CTX *);
     93 void SHA1Update(SHA1_CTX *, const uint8_t * msg, int len);
     94 void SHA1Final(SHA1_CTX *, uint8_t *digest);
     95 
     96 /**************************************************************************
     97  * MD5 declarations
     98  **************************************************************************/
     99 
    100 /* MD5 context. */
    101 
    102 #define MD5_SIZE    16
    103 
    104 typedef struct
    105 {
    106   uint32_t state[4];        /* state (ABCD) */
    107   uint32_t count[2];        /* number of bits, modulo 2^64 (lsb first) */
    108   uint8_t buffer[64];       /* input buffer */
    109 } MD5_CTX;
    110 
    111 void MD5Init(MD5_CTX *);
    112 void MD5Update(MD5_CTX *, const uint8_t *msg, int len);
    113 void MD5Final(MD5_CTX *, uint8_t *digest);
    114 
    115 /**************************************************************************
    116  * HMAC declarations
    117  **************************************************************************/
    118 void hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
    119         int key_len, uint8_t *digest);
    120 void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
    121         int key_len, uint8_t *digest);
    122 
    123 /**************************************************************************
    124  * RNG declarations
    125  **************************************************************************/
    126 void RNG_initialize(const uint8_t *seed_buf, int size);
    127 void RNG_terminate(void);
    128 void get_random(int num_rand_bytes, uint8_t *rand_data);
    129 //void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
    130 
    131 #include <string.h>
    132 static inline void get_random_NZ(int num_rand_bytes, uint8_t *rand_data) {
    133 	memset ( rand_data, 0x01, num_rand_bytes );
    134 }
    135 
    136 /**************************************************************************
    137  * RSA declarations
    138  **************************************************************************/
    139 
    140 typedef struct
    141 {
    142     bigint *m;              /* modulus */
    143     bigint *e;              /* public exponent */
    144     bigint *d;              /* private exponent */
    145 #ifdef CONFIG_BIGINT_CRT
    146     bigint *p;              /* p as in m = pq */
    147     bigint *q;              /* q as in m = pq */
    148     bigint *dP;             /* d mod (p-1) */
    149     bigint *dQ;             /* d mod (q-1) */
    150     bigint *qInv;           /* q^-1 mod p */
    151 #endif
    152     int num_octets;
    153     bigint *sig_m;         /* signature modulus */
    154     BI_CTX *bi_ctx;
    155 } RSA_CTX;
    156 
    157 void RSA_priv_key_new(RSA_CTX **rsa_ctx,
    158         const uint8_t *modulus, int mod_len,
    159         const uint8_t *pub_exp, int pub_len,
    160         const uint8_t *priv_exp, int priv_len
    161 #ifdef CONFIG_BIGINT_CRT
    162       , const uint8_t *p, int p_len,
    163         const uint8_t *q, int q_len,
    164         const uint8_t *dP, int dP_len,
    165         const uint8_t *dQ, int dQ_len,
    166         const uint8_t *qInv, int qInv_len
    167 #endif
    168         );
    169 void RSA_pub_key_new(RSA_CTX **rsa_ctx,
    170         const uint8_t *modulus, int mod_len,
    171         const uint8_t *pub_exp, int pub_len);
    172 void RSA_free(RSA_CTX *ctx);
    173 int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
    174         int is_decryption);
    175 bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
    176 #ifdef CONFIG_SSL_CERT_VERIFICATION
    177 bigint *RSA_raw_sign_verify(RSA_CTX *c, bigint *bi_msg);
    178 bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
    179         bigint *modulus, bigint *pub_exp);
    180 bigint *RSA_public(const RSA_CTX *c, bigint *bi_msg);
    181 int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,
    182         uint8_t *out_data, int is_signing);
    183 void RSA_print(const RSA_CTX *ctx);
    184 #endif
    185 
    186 /**************************************************************************
    187  * ASN1 declarations
    188  **************************************************************************/
    189 #define X509_OK                             0
    190 #define X509_NOT_OK                         -1
    191 #define X509_VFY_ERROR_NO_TRUSTED_CERT      -2
    192 #define X509_VFY_ERROR_BAD_SIGNATURE        -3
    193 #define X509_VFY_ERROR_NOT_YET_VALID        -4
    194 #define X509_VFY_ERROR_EXPIRED              -5
    195 #define X509_VFY_ERROR_SELF_SIGNED          -6
    196 #define X509_VFY_ERROR_INVALID_CHAIN        -7
    197 #define X509_VFY_ERROR_UNSUPPORTED_DIGEST   -8
    198 #define X509_INVALID_PRIV_KEY               -9
    199 
    200 /*
    201  * The Distinguished Name
    202  */
    203 #define X509_NUM_DN_TYPES                   3
    204 #define X509_COMMON_NAME                    0
    205 #define X509_ORGANIZATION                   1
    206 #define X509_ORGANIZATIONAL_TYPE            2
    207 
    208 #define ASN1_INTEGER            0x02
    209 #define ASN1_BIT_STRING         0x03
    210 #define ASN1_OCTET_STRING       0x04
    211 #define ASN1_NULL               0x05
    212 #define ASN1_OID                0x06
    213 #define ASN1_PRINTABLE_STR      0x13
    214 #define ASN1_TELETEX_STR        0x14
    215 #define ASN1_IA5_STR            0x16
    216 #define ASN1_UTC_TIME           0x17
    217 #define ASN1_SEQUENCE           0x30
    218 #define ASN1_SET                0x31
    219 #define ASN1_IMPLICIT_TAG       0x80
    220 #define ASN1_EXPLICIT_TAG       0xa0
    221 
    222 #define SALT_SIZE               8
    223 
    224 struct _x509_ctx
    225 {
    226     char *ca_cert_dn[X509_NUM_DN_TYPES];
    227     char *cert_dn[X509_NUM_DN_TYPES];
    228 #if defined(_WIN32_WCE)
    229     long not_before;
    230     long not_after;
    231 #else
    232     time_t not_before;
    233     time_t not_after;
    234 #endif
    235     uint8_t *signature;
    236     uint16_t sig_len;
    237     uint8_t sig_type;
    238     RSA_CTX *rsa_ctx;
    239     bigint *digest;
    240     struct _x509_ctx *next;
    241 };
    242 
    243 typedef struct _x509_ctx X509_CTX;
    244 
    245 #ifdef CONFIG_SSL_CERT_VERIFICATION
    246 typedef struct
    247 {
    248     X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS];
    249 } CA_CERT_CTX;
    250 #endif
    251 
    252 int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
    253 int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
    254 int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
    255 int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object);
    256 int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
    257 void x509_free(X509_CTX *x509_ctx);
    258 #ifdef CONFIG_SSL_CERT_VERIFICATION
    259 int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
    260 const uint8_t *x509_get_signature(const uint8_t *asn1_signature, int *len);
    261 #endif
    262 #ifdef CONFIG_SSL_FULL_MODE
    263 void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
    264 void x509_display_error(int error);
    265 #endif
    266 
    267 /**************************************************************************
    268  * MISC declarations
    269  **************************************************************************/
    270 
    271 extern const char * const unsupported_str;
    272 
    273 typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int);
    274 typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key,
    275         int key_len, uint8_t *digest);
    276 
    277 typedef struct
    278 {
    279     uint8_t *pre_data;	/* include the ssl record bytes */
    280     uint8_t *data;	/* the regular ssl data */
    281     int max_len;
    282     int index;
    283 } BUF_MEM;
    284 
    285 BUF_MEM buf_new(void);
    286 void buf_grow(BUF_MEM *bm, int len);
    287 void buf_free(BUF_MEM *bm);
    288 int get_file(const char *filename, uint8_t **buf);
    289 
    290 #if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG)
    291 void print_blob(const char *format, const uint8_t *data, int size, ...);
    292 #else
    293     #define print_blob(...)
    294 #endif
    295 
    296 #ifdef __cplusplus
    297 }
    298 #endif
    299 
    300 #endif
    301