1 /* 2 * Copyright(C) 2006 Cameron Rich 3 * 4 * This library is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU Lesser General Public License as published by 6 * the Free Software Foundation; either version 2 of the License, or 7 * (at your option) any later version. 8 * 9 * This library is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU Lesser General Public License for more details. 13 * 14 * You should have received a copy of the GNU Lesser General Public License 15 * along with this library; if not, write to the Free Software 16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 17 */ 18 19 /** 20 * @file crypto.h 21 */ 22 23 #ifndef HEADER_CRYPTO_H 24 #define HEADER_CRYPTO_H 25 26 #ifdef __cplusplus 27 extern "C" { 28 #endif 29 30 #include "bigint.h" 31 32 /************************************************************************** 33 * AES declarations 34 **************************************************************************/ 35 36 #define AES_MAXROUNDS 14 37 38 typedef struct aes_key_st 39 { 40 uint16_t rounds; 41 uint16_t key_size; 42 uint32_t ks[(AES_MAXROUNDS+1)*8]; 43 uint8_t iv[16]; 44 } AES_CTX; 45 46 typedef enum 47 { 48 AES_MODE_128, 49 AES_MODE_256 50 } AES_MODE; 51 52 void AES_set_key(AES_CTX *ctx, const uint8_t *key, 53 const uint8_t *iv, AES_MODE mode); 54 void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, 55 uint8_t *out, int length); 56 void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length); 57 void AES_convert_key(AES_CTX *ctx); 58 void AES_encrypt(const AES_CTX *ctx, uint32_t *data); 59 void AES_decrypt(const AES_CTX *ctx, uint32_t *data); 60 61 /************************************************************************** 62 * RC4 declarations 63 **************************************************************************/ 64 65 typedef struct 66 { 67 int x, y, m[256]; 68 } RC4_CTX; 69 70 void RC4_setup(RC4_CTX *s, const uint8_t *key, int length); 71 void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length); 72 73 /************************************************************************** 74 * SHA1 declarations 75 **************************************************************************/ 76 77 #define SHA1_SIZE 20 78 79 /* 80 * This structure will hold context information for the SHA-1 81 * hashing operation 82 */ 83 typedef struct 84 { 85 uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest */ 86 uint32_t Length_Low; /* Message length in bits */ 87 uint32_t Length_High; /* Message length in bits */ 88 uint16_t Message_Block_Index; /* Index into message block array */ 89 uint8_t Message_Block[64]; /* 512-bit message blocks */ 90 } SHA1_CTX; 91 92 void SHA1Init(SHA1_CTX *); 93 void SHA1Update(SHA1_CTX *, const uint8_t * msg, int len); 94 void SHA1Final(SHA1_CTX *, uint8_t *digest); 95 96 /************************************************************************** 97 * MD5 declarations 98 **************************************************************************/ 99 100 /* MD5 context. */ 101 102 #define MD5_SIZE 16 103 104 typedef struct 105 { 106 uint32_t state[4]; /* state (ABCD) */ 107 uint32_t count[2]; /* number of bits, modulo 2^64 (lsb first) */ 108 uint8_t buffer[64]; /* input buffer */ 109 } MD5_CTX; 110 111 void MD5Init(MD5_CTX *); 112 void MD5Update(MD5_CTX *, const uint8_t *msg, int len); 113 void MD5Final(MD5_CTX *, uint8_t *digest); 114 115 /************************************************************************** 116 * HMAC declarations 117 **************************************************************************/ 118 void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 119 int key_len, uint8_t *digest); 120 void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 121 int key_len, uint8_t *digest); 122 123 /************************************************************************** 124 * RNG declarations 125 **************************************************************************/ 126 void RNG_initialize(const uint8_t *seed_buf, int size); 127 void RNG_terminate(void); 128 void get_random(int num_rand_bytes, uint8_t *rand_data); 129 //void get_random_NZ(int num_rand_bytes, uint8_t *rand_data); 130 131 #include <string.h> 132 static inline void get_random_NZ(int num_rand_bytes, uint8_t *rand_data) { 133 memset ( rand_data, 0x01, num_rand_bytes ); 134 } 135 136 /************************************************************************** 137 * RSA declarations 138 **************************************************************************/ 139 140 typedef struct 141 { 142 bigint *m; /* modulus */ 143 bigint *e; /* public exponent */ 144 bigint *d; /* private exponent */ 145 #ifdef CONFIG_BIGINT_CRT 146 bigint *p; /* p as in m = pq */ 147 bigint *q; /* q as in m = pq */ 148 bigint *dP; /* d mod (p-1) */ 149 bigint *dQ; /* d mod (q-1) */ 150 bigint *qInv; /* q^-1 mod p */ 151 #endif 152 int num_octets; 153 bigint *sig_m; /* signature modulus */ 154 BI_CTX *bi_ctx; 155 } RSA_CTX; 156 157 void RSA_priv_key_new(RSA_CTX **rsa_ctx, 158 const uint8_t *modulus, int mod_len, 159 const uint8_t *pub_exp, int pub_len, 160 const uint8_t *priv_exp, int priv_len 161 #ifdef CONFIG_BIGINT_CRT 162 , const uint8_t *p, int p_len, 163 const uint8_t *q, int q_len, 164 const uint8_t *dP, int dP_len, 165 const uint8_t *dQ, int dQ_len, 166 const uint8_t *qInv, int qInv_len 167 #endif 168 ); 169 void RSA_pub_key_new(RSA_CTX **rsa_ctx, 170 const uint8_t *modulus, int mod_len, 171 const uint8_t *pub_exp, int pub_len); 172 void RSA_free(RSA_CTX *ctx); 173 int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data, 174 int is_decryption); 175 bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg); 176 #ifdef CONFIG_SSL_CERT_VERIFICATION 177 bigint *RSA_raw_sign_verify(RSA_CTX *c, bigint *bi_msg); 178 bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len, 179 bigint *modulus, bigint *pub_exp); 180 bigint *RSA_public(const RSA_CTX *c, bigint *bi_msg); 181 int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 182 uint8_t *out_data, int is_signing); 183 void RSA_print(const RSA_CTX *ctx); 184 #endif 185 186 /************************************************************************** 187 * ASN1 declarations 188 **************************************************************************/ 189 #define X509_OK 0 190 #define X509_NOT_OK -1 191 #define X509_VFY_ERROR_NO_TRUSTED_CERT -2 192 #define X509_VFY_ERROR_BAD_SIGNATURE -3 193 #define X509_VFY_ERROR_NOT_YET_VALID -4 194 #define X509_VFY_ERROR_EXPIRED -5 195 #define X509_VFY_ERROR_SELF_SIGNED -6 196 #define X509_VFY_ERROR_INVALID_CHAIN -7 197 #define X509_VFY_ERROR_UNSUPPORTED_DIGEST -8 198 #define X509_INVALID_PRIV_KEY -9 199 200 /* 201 * The Distinguished Name 202 */ 203 #define X509_NUM_DN_TYPES 3 204 #define X509_COMMON_NAME 0 205 #define X509_ORGANIZATION 1 206 #define X509_ORGANIZATIONAL_TYPE 2 207 208 #define ASN1_INTEGER 0x02 209 #define ASN1_BIT_STRING 0x03 210 #define ASN1_OCTET_STRING 0x04 211 #define ASN1_NULL 0x05 212 #define ASN1_OID 0x06 213 #define ASN1_PRINTABLE_STR 0x13 214 #define ASN1_TELETEX_STR 0x14 215 #define ASN1_IA5_STR 0x16 216 #define ASN1_UTC_TIME 0x17 217 #define ASN1_SEQUENCE 0x30 218 #define ASN1_SET 0x31 219 #define ASN1_IMPLICIT_TAG 0x80 220 #define ASN1_EXPLICIT_TAG 0xa0 221 222 #define SALT_SIZE 8 223 224 struct _x509_ctx 225 { 226 char *ca_cert_dn[X509_NUM_DN_TYPES]; 227 char *cert_dn[X509_NUM_DN_TYPES]; 228 #if defined(_WIN32_WCE) 229 long not_before; 230 long not_after; 231 #else 232 time_t not_before; 233 time_t not_after; 234 #endif 235 uint8_t *signature; 236 uint16_t sig_len; 237 uint8_t sig_type; 238 RSA_CTX *rsa_ctx; 239 bigint *digest; 240 struct _x509_ctx *next; 241 }; 242 243 typedef struct _x509_ctx X509_CTX; 244 245 #ifdef CONFIG_SSL_CERT_VERIFICATION 246 typedef struct 247 { 248 X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS]; 249 } CA_CERT_CTX; 250 #endif 251 252 int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx); 253 int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type); 254 int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type); 255 int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object); 256 int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx); 257 void x509_free(X509_CTX *x509_ctx); 258 #ifdef CONFIG_SSL_CERT_VERIFICATION 259 int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert); 260 const uint8_t *x509_get_signature(const uint8_t *asn1_signature, int *len); 261 #endif 262 #ifdef CONFIG_SSL_FULL_MODE 263 void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert); 264 void x509_display_error(int error); 265 #endif 266 267 /************************************************************************** 268 * MISC declarations 269 **************************************************************************/ 270 271 extern const char * const unsupported_str; 272 273 typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int); 274 typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key, 275 int key_len, uint8_t *digest); 276 277 typedef struct 278 { 279 uint8_t *pre_data; /* include the ssl record bytes */ 280 uint8_t *data; /* the regular ssl data */ 281 int max_len; 282 int index; 283 } BUF_MEM; 284 285 BUF_MEM buf_new(void); 286 void buf_grow(BUF_MEM *bm, int len); 287 void buf_free(BUF_MEM *bm); 288 int get_file(const char *filename, uint8_t **buf); 289 290 #if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG) 291 void print_blob(const char *format, const uint8_t *data, int size, ...); 292 #else 293 #define print_blob(...) 294 #endif 295 296 #ifdef __cplusplus 297 } 298 #endif 299 300 #endif 301
