2 * Copyright (c) 2007, Cameron Rich
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
9 * * Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 * * Neither the name of the axTLS project nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 #ifndef HEADER_CRYPTO_H
36 #define HEADER_CRYPTO_H
44 #include "bigint_impl.h"
47 /* enable features based on a 'super-set' capbaility. */
48 #if defined(CONFIG_SSL_FULL_MODE)
49 #define CONFIG_SSL_ENABLE_CLIENT
50 #define CONFIG_SSL_CERT_VERIFICATION
51 #elif defined(CONFIG_SSL_ENABLE_CLIENT)
52 #define CONFIG_SSL_CERT_VERIFICATION
55 /**************************************************************************
57 **************************************************************************/
59 #define AES_MAXROUNDS 14
60 #define AES_BLOCKSIZE 16
61 #define AES_IV_SIZE 16
63 typedef struct aes_key_st
67 uint32_t ks
[(AES_MAXROUNDS
+1)*8];
68 uint8_t iv
[AES_IV_SIZE
];
77 void AES_set_key(AES_CTX
*ctx
, const uint8_t *key
,
78 const uint8_t *iv
, AES_MODE mode
);
79 void AES_cbc_encrypt(AES_CTX
*ctx
, const uint8_t *msg
,
80 uint8_t *out
, int length
);
81 void AES_cbc_decrypt(AES_CTX
*ks
, const uint8_t *in
, uint8_t *out
, int length
);
82 void AES_convert_key(AES_CTX
*ctx
);
84 /**************************************************************************
86 **************************************************************************/
93 void RC4_setup(RC4_CTX
*s
, const uint8_t *key
, int length
);
94 void RC4_crypt(RC4_CTX
*s
, const uint8_t *msg
, uint8_t *data
, int length
);
96 /**************************************************************************
98 **************************************************************************/
103 * This structure will hold context information for the SHA-1
108 uint32_t Intermediate_Hash
[SHA1_SIZE
/4]; /* Message Digest */
109 uint32_t Length_Low
; /* Message length in bits */
110 uint32_t Length_High
; /* Message length in bits */
111 uint16_t Message_Block_Index
; /* Index into message block array */
112 uint8_t Message_Block
[64]; /* 512-bit message blocks */
115 void SHA1_Init(SHA1_CTX
*);
116 void SHA1_Update(SHA1_CTX
*, const uint8_t * msg
, int len
);
117 void SHA1_Final(uint8_t *digest
, SHA1_CTX
*);
119 /**************************************************************************
121 **************************************************************************/
127 unsigned char cksum
[16]; /* checksum of the data block */
128 unsigned char state
[48]; /* intermediate digest state */
129 unsigned char buffer
[16]; /* data block being processed */
130 int left
; /* amount of data in buffer */
133 EXP_FUNC
void STDCALL
MD2_Init(MD2_CTX
*ctx
);
134 EXP_FUNC
void STDCALL
MD2_Update(MD2_CTX
*ctx
, const uint8_t *input
, int ilen
);
135 EXP_FUNC
void STDCALL
MD2_Final(uint8_t *digest
, MD2_CTX
*ctx
);
137 /**************************************************************************
139 **************************************************************************/
145 uint32_t state
[4]; /* state (ABCD) */
146 uint32_t count
[2]; /* number of bits, modulo 2^64 (lsb first) */
147 uint8_t buffer
[64]; /* input buffer */
150 EXP_FUNC
void STDCALL
MD5_Init(MD5_CTX
*);
151 EXP_FUNC
void STDCALL
MD5_Update(MD5_CTX
*, const uint8_t *msg
, int len
);
152 EXP_FUNC
void STDCALL
MD5_Final(uint8_t *digest
, MD5_CTX
*);
154 /**************************************************************************
156 **************************************************************************/
157 void hmac_md5(const uint8_t *msg
, int length
, const uint8_t *key
,
158 int key_len
, uint8_t *digest
);
159 void hmac_sha1(const uint8_t *msg
, int length
, const uint8_t *key
,
160 int key_len
, uint8_t *digest
);
162 /**************************************************************************
164 **************************************************************************/
168 bigint
*m
; /* modulus */
169 bigint
*e
; /* public exponent */
170 bigint
*d
; /* private exponent */
171 #ifdef CONFIG_BIGINT_CRT
172 bigint
*p
; /* p as in m = pq */
173 bigint
*q
; /* q as in m = pq */
174 bigint
*dP
; /* d mod (p-1) */
175 bigint
*dQ
; /* d mod (q-1) */
176 bigint
*qInv
; /* q^-1 mod p */
182 void RSA_priv_key_new(RSA_CTX
**rsa_ctx
,
183 const uint8_t *modulus
, int mod_len
,
184 const uint8_t *pub_exp
, int pub_len
,
185 const uint8_t *priv_exp
, int priv_len
186 #ifdef CONFIG_BIGINT_CRT
187 , const uint8_t *p
, int p_len
,
188 const uint8_t *q
, int q_len
,
189 const uint8_t *dP
, int dP_len
,
190 const uint8_t *dQ
, int dQ_len
,
191 const uint8_t *qInv
, int qInv_len
194 void RSA_pub_key_new(RSA_CTX
**rsa_ctx
,
195 const uint8_t *modulus
, int mod_len
,
196 const uint8_t *pub_exp
, int pub_len
);
197 void RSA_free(RSA_CTX
*ctx
);
198 int RSA_decrypt(const RSA_CTX
*ctx
, const uint8_t *in_data
, uint8_t *out_data
,
200 bigint
*RSA_private(const RSA_CTX
*c
, bigint
*bi_msg
);
201 #if defined(CONFIG_SSL_CERT_VERIFICATION) || defined(CONFIG_SSL_GENERATE_X509_CERT)
202 bigint
*RSA_sign_verify(BI_CTX
*ctx
, const uint8_t *sig
, int sig_len
,
203 bigint
*modulus
, bigint
*pub_exp
);
204 bigint
*RSA_public(const RSA_CTX
* c
, bigint
*bi_msg
);
205 int RSA_encrypt(const RSA_CTX
*ctx
, const uint8_t *in_data
, uint16_t in_len
,
206 uint8_t *out_data
, int is_signing
);
207 void RSA_print(const RSA_CTX
*ctx
);
210 /**************************************************************************
212 **************************************************************************/
213 EXP_FUNC
void STDCALL
RNG_initialize(const uint8_t *seed_buf
, int size
);
214 EXP_FUNC
void STDCALL
RNG_terminate(void);
215 EXP_FUNC
void STDCALL
get_random(int num_rand_bytes
, uint8_t *rand_data
);
216 void get_random_NZ(int num_rand_bytes
, uint8_t *rand_data
);