2 * Copyright (c) 2007, Cameron Rich
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
9 * * Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 * * Neither the name of the axTLS project nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 #ifndef HEADER_CRYPTO_H
36 #define HEADER_CRYPTO_H
42 #include "bigint_impl.h"
53 /* enable features based on a 'super-set' capbaility. */
54 #if defined(CONFIG_SSL_FULL_MODE)
55 #define CONFIG_SSL_ENABLE_CLIENT
56 #define CONFIG_SSL_CERT_VERIFICATION
57 #elif defined(CONFIG_SSL_ENABLE_CLIENT)
58 #define CONFIG_SSL_CERT_VERIFICATION
61 /**************************************************************************
63 **************************************************************************/
65 #define AES_MAXROUNDS 14
66 #define AES_BLOCKSIZE 16
67 #define AES_IV_SIZE 16
69 typedef struct aes_key_st
73 uint32_t ks[(AES_MAXROUNDS+1)*8];
74 uint8_t iv[AES_IV_SIZE];
83 void AES_set_key(AES_CTX *ctx, const uint8_t *key,
84 const uint8_t *iv, AES_MODE mode);
85 void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg,
86 uint8_t *out, int length);
87 void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
88 void AES_convert_key(AES_CTX *ctx);
90 /**************************************************************************
92 **************************************************************************/
99 void RC4_setup(RC4_CTX *s, const uint8_t *key, int length);
100 void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length);
102 /**************************************************************************
104 **************************************************************************/
109 * This structure will hold context information for the SHA-1
114 uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest */
115 uint32_t Length_Low; /* Message length in bits */
116 uint32_t Length_High; /* Message length in bits */
117 uint16_t Message_Block_Index; /* Index into message block array */
118 uint8_t Message_Block[64]; /* 512-bit message blocks */
121 void SHA1_Init(SHA1_CTX *);
122 void SHA1_Update(SHA1_CTX *, const uint8_t * msg, int len);
123 void SHA1_Final(uint8_t *digest, SHA1_CTX *);
125 /**************************************************************************
127 **************************************************************************/
133 unsigned char cksum[16]; /* checksum of the data block */
134 unsigned char state[48]; /* intermediate digest state */
135 unsigned char buffer[16]; /* data block being processed */
136 int left; /* amount of data in buffer */
139 EXP_FUNC void STDCALL MD2_Init(MD2_CTX *ctx);
140 EXP_FUNC void STDCALL MD2_Update(MD2_CTX *ctx, const uint8_t *input, int ilen);
141 EXP_FUNC void STDCALL MD2_Final(uint8_t *digest, MD2_CTX *ctx);
143 /**************************************************************************
145 **************************************************************************/
148 #define MAX_KEYBLOCK_SIZE 136
151 uint32_t state[4]; /* state (ABCD) */
152 uint32_t count[2]; /* number of bits, modulo 2^64 (lsb first) */
153 uint8_t buffer[64]; /* input buffer */
156 EXP_FUNC void STDCALL MD5_Init(MD5_CTX *);
157 EXP_FUNC void STDCALL MD5_Update(MD5_CTX *, const uint8_t *msg, int len);
158 EXP_FUNC void STDCALL MD5_Final(uint8_t *digest, MD5_CTX *);
160 /**************************************************************************
162 **************************************************************************/
163 void hmac_md5(const uint8_t *msg, int length, const uint8_t *key,
164 int key_len, uint8_t *digest);
165 void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key,
166 int key_len, uint8_t *digest);
168 /**************************************************************************
170 **************************************************************************/
174 bigint *m; /* modulus */
175 bigint *e; /* public exponent */
176 bigint *d; /* private exponent */
177 #ifdef CONFIG_BIGINT_CRT
178 bigint *p; /* p as in m = pq */
179 bigint *q; /* q as in m = pq */
180 bigint *dP; /* d mod (p-1) */
181 bigint *dQ; /* d mod (q-1) */
182 bigint *qInv; /* q^-1 mod p */
188 void RSA_priv_key_new(RSA_CTX **rsa_ctx,
189 const uint8_t *modulus, int mod_len,
190 const uint8_t *pub_exp, int pub_len,
191 const uint8_t *priv_exp, int priv_len
192 #ifdef CONFIG_BIGINT_CRT
193 , const uint8_t *p, int p_len,
194 const uint8_t *q, int q_len,
195 const uint8_t *dP, int dP_len,
196 const uint8_t *dQ, int dQ_len,
197 const uint8_t *qInv, int qInv_len
200 void RSA_pub_key_new(RSA_CTX **rsa_ctx,
201 const uint8_t *modulus, int mod_len,
202 const uint8_t *pub_exp, int pub_len);
203 void RSA_free(RSA_CTX *ctx);
204 int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
206 bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
207 #if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
208 bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
209 bigint *modulus, bigint *pub_exp);
210 bigint *RSA_public(const RSA_CTX * c, bigint *bi_msg);
211 int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len,
212 uint8_t *out_data, int is_signing);
213 void RSA_print(const RSA_CTX *ctx);
216 /**************************************************************************
218 **************************************************************************/
219 EXP_FUNC void STDCALL RNG_initialize(void);
220 EXP_FUNC void STDCALL RNG_custom_init(const uint8_t *seed_buf, int size);
221 EXP_FUNC void STDCALL RNG_terminate(void);
222 EXP_FUNC void STDCALL get_random(int num_rand_bytes, uint8_t *rand_data);
223 void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);