crypto.h

Go to the documentation of this file.
00001 /*
00002  *  Copyright(C) 2006 Cameron Rich
00003  *
00004  *  This library is free software; you can redistribute it and/or modify
00005  *  it under the terms of the GNU Lesser General Public License as published by
00006  *  the Free Software Foundation; either version 2 of the License, or
00007  *  (at your option) any later version.
00008  *
00009  *  This library is distributed in the hope that it will be useful,
00010  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00011  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00012  *  GNU Lesser General Public License for more details.
00013  *
00014  *  You should have received a copy of the GNU Lesser General Public License
00015  *  along with this library; if not, write to the Free Software
00016  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
00017  */
00018 
00019 /**
00020  * @file crypto.h
00021  */
00022 
00023 #ifndef HEADER_CRYPTO_H
00024 #define HEADER_CRYPTO_H
00025 
00026 #ifdef __cplusplus
00027 extern "C" {
00028 #endif
00029 
00030 #include "bigint.h"
00031 
00032 /**************************************************************************
00033  * AES declarations 
00034  **************************************************************************/
00035 
00036 #define AES_MAXROUNDS                   14
00037 
00038 typedef struct aes_key_st 
00039 {
00040     uint16_t rounds;
00041     uint16_t key_size;
00042     uint32_t ks[(AES_MAXROUNDS+1)*8];
00043     uint8_t iv[16];
00044 } AES_CTX;
00045 
00046 typedef enum
00047 {
00048     AES_MODE_128,
00049     AES_MODE_256
00050 } AES_MODE;
00051 
00052 void AES_set_key(AES_CTX *ctx, const uint8_t *key, 
00053         const uint8_t *iv, AES_MODE mode);
00054 void AES_cbc_encrypt(AES_CTX *ctx, const uint8_t *msg, 
00055         uint8_t *out, int length);
00056 void AES_cbc_decrypt(AES_CTX *ks, const uint8_t *in, uint8_t *out, int length);
00057 void AES_convert_key(AES_CTX *ctx);
00058 void AES_encrypt(const AES_CTX *ctx, uint32_t *data);
00059 void AES_decrypt(const AES_CTX *ctx, uint32_t *data);
00060 
00061 /**************************************************************************
00062  * RC4 declarations 
00063  **************************************************************************/
00064 
00065 typedef struct 
00066 {
00067     int x, y, m[256];
00068 } RC4_CTX;
00069 
00070 void RC4_setup(RC4_CTX *s, const uint8_t *key, int length);
00071 void RC4_crypt(RC4_CTX *s, const uint8_t *msg, uint8_t *data, int length);
00072 
00073 /**************************************************************************
00074  * SHA1 declarations 
00075  **************************************************************************/
00076 
00077 #define SHA1_SIZE   20
00078 
00079 /*
00080  *  This structure will hold context information for the SHA-1
00081  *  hashing operation
00082  */
00083 typedef struct 
00084 {
00085     uint32_t Intermediate_Hash[SHA1_SIZE/4]; /* Message Digest  */
00086     uint32_t Length_Low;            /* Message length in bits      */
00087     uint32_t Length_High;           /* Message length in bits      */
00088     uint16_t Message_Block_Index;   /* Index into message block array   */
00089     uint8_t Message_Block[64];      /* 512-bit message blocks      */
00090 } SHA1_CTX;
00091 
00092 void SHA1Init(SHA1_CTX *);
00093 void SHA1Update(SHA1_CTX *, const uint8_t * msg, int len);
00094 void SHA1Final(SHA1_CTX *, uint8_t *digest);
00095 
00096 /**************************************************************************
00097  * MD5 declarations 
00098  **************************************************************************/
00099 
00100 /* MD5 context. */
00101 
00102 #define MD5_SIZE    16
00103 
00104 typedef struct 
00105 {
00106   uint32_t state[4];        /* state (ABCD) */
00107   uint32_t count[2];        /* number of bits, modulo 2^64 (lsb first) */
00108   uint8_t buffer[64];       /* input buffer */
00109 } MD5_CTX;
00110 
00111 void MD5Init(MD5_CTX *);
00112 void MD5Update(MD5_CTX *, const uint8_t *msg, int len);
00113 void MD5Final(MD5_CTX *, uint8_t *digest);
00114 
00115 /**************************************************************************
00116  * HMAC declarations 
00117  **************************************************************************/
00118 void hmac_md5(const uint8_t *msg, int length, const uint8_t *key, 
00119         int key_len, uint8_t *digest);
00120 void hmac_sha1(const uint8_t *msg, int length, const uint8_t *key, 
00121         int key_len, uint8_t *digest);
00122 
00123 /**************************************************************************
00124  * RNG declarations 
00125  **************************************************************************/
00126 void RNG_initialize(const uint8_t *seed_buf, int size);
00127 void RNG_terminate(void);
00128 void get_random(int num_rand_bytes, uint8_t *rand_data);
00129 //void get_random_NZ(int num_rand_bytes, uint8_t *rand_data);
00130 
00131 #include <string.h>
00132 static inline void get_random_NZ(int num_rand_bytes, uint8_t *rand_data) {
00133         memset ( rand_data, 0x01, num_rand_bytes );
00134 }
00135 
00136 /**************************************************************************
00137  * RSA declarations 
00138  **************************************************************************/
00139 
00140 typedef struct 
00141 {
00142     bigint *m;              /* modulus */
00143     bigint *e;              /* public exponent */
00144     bigint *d;              /* private exponent */
00145 #ifdef CONFIG_BIGINT_CRT
00146     bigint *p;              /* p as in m = pq */
00147     bigint *q;              /* q as in m = pq */
00148     bigint *dP;             /* d mod (p-1) */
00149     bigint *dQ;             /* d mod (q-1) */
00150     bigint *qInv;           /* q^-1 mod p */
00151 #endif
00152     int num_octets;
00153     bigint *sig_m;         /* signature modulus */
00154     BI_CTX *bi_ctx;
00155 } RSA_CTX;
00156 
00157 void RSA_priv_key_new(RSA_CTX **rsa_ctx, 
00158         const uint8_t *modulus, int mod_len,
00159         const uint8_t *pub_exp, int pub_len,
00160         const uint8_t *priv_exp, int priv_len
00161 #ifdef CONFIG_BIGINT_CRT
00162       , const uint8_t *p, int p_len,
00163         const uint8_t *q, int q_len,
00164         const uint8_t *dP, int dP_len,
00165         const uint8_t *dQ, int dQ_len,
00166         const uint8_t *qInv, int qInv_len
00167 #endif
00168         );
00169 void RSA_pub_key_new(RSA_CTX **rsa_ctx, 
00170         const uint8_t *modulus, int mod_len,
00171         const uint8_t *pub_exp, int pub_len);
00172 void RSA_free(RSA_CTX *ctx);
00173 int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data,
00174         int is_decryption);
00175 bigint *RSA_private(const RSA_CTX *c, bigint *bi_msg);
00176 #ifdef CONFIG_SSL_CERT_VERIFICATION
00177 bigint *RSA_raw_sign_verify(RSA_CTX *c, bigint *bi_msg);
00178 bigint *RSA_sign_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
00179         bigint *modulus, bigint *pub_exp);
00180 bigint *RSA_public(const RSA_CTX *c, bigint *bi_msg);
00181 int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, 
00182         uint8_t *out_data, int is_signing);
00183 void RSA_print(const RSA_CTX *ctx);
00184 #endif
00185 
00186 /**************************************************************************
00187  * ASN1 declarations 
00188  **************************************************************************/
00189 #define X509_OK                             0
00190 #define X509_NOT_OK                         -1
00191 #define X509_VFY_ERROR_NO_TRUSTED_CERT      -2
00192 #define X509_VFY_ERROR_BAD_SIGNATURE        -3      
00193 #define X509_VFY_ERROR_NOT_YET_VALID        -4
00194 #define X509_VFY_ERROR_EXPIRED              -5
00195 #define X509_VFY_ERROR_SELF_SIGNED          -6
00196 #define X509_VFY_ERROR_INVALID_CHAIN        -7
00197 #define X509_VFY_ERROR_UNSUPPORTED_DIGEST   -8
00198 #define X509_INVALID_PRIV_KEY               -9
00199 
00200 /*
00201  * The Distinguished Name
00202  */
00203 #define X509_NUM_DN_TYPES                   3
00204 #define X509_COMMON_NAME                    0
00205 #define X509_ORGANIZATION                   1
00206 #define X509_ORGANIZATIONAL_TYPE            2
00207 
00208 #define ASN1_INTEGER            0x02
00209 #define ASN1_BIT_STRING         0x03
00210 #define ASN1_OCTET_STRING       0x04
00211 #define ASN1_NULL               0x05
00212 #define ASN1_OID                0x06
00213 #define ASN1_PRINTABLE_STR      0x13
00214 #define ASN1_TELETEX_STR        0x14
00215 #define ASN1_IA5_STR            0x16
00216 #define ASN1_UTC_TIME           0x17
00217 #define ASN1_SEQUENCE           0x30
00218 #define ASN1_SET                0x31
00219 #define ASN1_IMPLICIT_TAG       0x80
00220 #define ASN1_EXPLICIT_TAG       0xa0
00221 
00222 #define SALT_SIZE               8
00223 
00224 struct _x509_ctx
00225 {
00226     char *ca_cert_dn[X509_NUM_DN_TYPES];
00227     char *cert_dn[X509_NUM_DN_TYPES];
00228 #if defined(_WIN32_WCE)
00229     long not_before;
00230     long not_after;
00231 #else
00232     time_t not_before;
00233     time_t not_after;
00234 #endif
00235     uint8_t *signature;
00236     uint16_t sig_len;
00237     uint8_t sig_type;
00238     RSA_CTX *rsa_ctx;
00239     bigint *digest;
00240     struct _x509_ctx *next;
00241 };
00242 
00243 typedef struct _x509_ctx X509_CTX;
00244 
00245 #ifdef CONFIG_SSL_CERT_VERIFICATION
00246 typedef struct 
00247 {
00248     X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS];
00249 } CA_CERT_CTX;
00250 #endif
00251 
00252 int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
00253 int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
00254 int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
00255 int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object);
00256 int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
00257 void x509_free(X509_CTX *x509_ctx);
00258 #ifdef CONFIG_SSL_CERT_VERIFICATION
00259 int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
00260 const uint8_t *x509_get_signature(const uint8_t *asn1_signature, int *len);
00261 #endif
00262 #ifdef CONFIG_SSL_FULL_MODE
00263 void x509_print(CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
00264 void x509_display_error(int error);
00265 #endif
00266 
00267 /**************************************************************************
00268  * MISC declarations 
00269  **************************************************************************/
00270 
00271 extern const char * const unsupported_str;
00272 
00273 typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int);
00274 typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key, 
00275         int key_len, uint8_t *digest);
00276 
00277 typedef struct
00278 {
00279     uint8_t *pre_data;  /* include the ssl record bytes */
00280     uint8_t *data;      /* the regular ssl data */
00281     int max_len;
00282     int index;
00283 } BUF_MEM;
00284 
00285 BUF_MEM buf_new(void);
00286 void buf_grow(BUF_MEM *bm, int len);
00287 void buf_free(BUF_MEM *bm);
00288 int get_file(const char *filename, uint8_t **buf);
00289 
00290 #if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG)
00291 void print_blob(const char *format, const uint8_t *data, int size, ...);
00292 #else
00293     #define print_blob(...)
00294 #endif
00295 
00296 #ifdef __cplusplus
00297 }
00298 #endif
00299 
00300 #endif