/** * @file cryptolib.h * @version $Format:%h%d$ * * Header file for definitions used with crypto lib. */ /* * Copyright (c) 2013-2018 Rambus Inc. * Copyright (c) PeerSec Networks, 2002-2011 * All Rights Reserved * * The latest version of this code is available at http://www.matrixssl.org * * This software is open source; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This General Public License does NOT permit incorporating this software * into proprietary programs. If you are unable to comply with the GPL, a * commercial license for this software may be purchased from Rambus at * http://www.rambus.com/ * * This program is distributed in WITHOUT ANY WARRANTY; without even the * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * http://www.gnu.org/copyleft/gpl.html */ /******************************************************************************/ #ifndef _h_PS_CRYPTOLIB # define _h_PS_CRYPTOLIB /******************************************************************************/ /* Additional 'hidden' algorithm configuration here for deprecated support */ /** Symmetric. @security These are generally insecure and not enabled by default. */ /* #define USE_RC2 */ /* #define USE_ARC4 */ /* #define USE_SEED */ /* #define USE_IDEA */ # ifdef USE_PKCS12 /* #define USE_RC2 / * Only PKCS#12 parse should ever want this algorithm * / */ # endif /** Digest. @security These are generally insecure and not enabled by default */ /* #define USE_MD4 */ /* #define USE_MD2 */ /** PRNG. @security By default the OS PRNG will be used directly. */ # define USE_PRNG /* #define USE_YARROW */ /******************************************************************************/ /* Additional configuration that is usually not modified. */ # define OCSP_VALID_TIME_WINDOW 604800 /* In seconds (1 week default window) */ /******************************************************************************/ /* Include crypto provider layer headers */ # include "layer/layer.h" /* Configuration validation/sanity checks */ # include "cryptoCheck.h" /* Implementation layer */ # include "symmetric/symmetric.h" # include "digest/digest.h" # include "math/pstm.h" # include "pubkey/pubkey.h" # include "keyformat/asn1.h" # include "keyformat/x509.h" # include "prng/prng.h" # ifdef USE_ECC extern const psEccCurve_t eccCurves[]; # endif /******************************************************************************/ /* Crypto trace */ # ifndef USE_CRYPTO_TRACE # define psTraceCrypto(x) # define psTraceStrCrypto(x, y) # define psTraceIntCrypto(x, y) # define psTracePtrCrypto(x, y) # define psTracefCrypto(x, y) # else # define psTraceCrypto(x) _psTrace(x) # define psTraceStrCrypto(x, y) _psTraceStr(x, y) # define psTraceIntCrypto(x, y) _psTraceInt(x, y) # define psTracePtrCrypto(x, y) _psTracePtr(x, y) # define psTracefCrypto(x, y) # endif /* USE_CRYPTO_TRACE */ /******************************************************************************/ /* Helpers */ extern int32_t psBase64decode(const unsigned char *in, psSize_t len, unsigned char *out, psSize_t *outlen); extern void psOpenPrng(void); extern void psClosePrng(void); extern int32_t psGetPrngLocked(unsigned char *bytes, psSize_t size, void *userPtr); /******************************************************************************/ /* RFC 3279 OID and PKCS standards OIDs Matrix uses an oid summing mechanism to arrive at these defines. The byte values of the OID are summed and compared with OID database entries to produce a unique numbers (assuming MATRIXSSL_NO_OID_DATABASE is not set.) */ # ifdef MATRIXSSL_NO_OID_DATABASE /* Without OID database, some entries will be duplicates. */ # define OID_COLLISION 0 # else /* To prevent collisions, some oids are added a sufficient multiple of this to make them unique. */ # define OID_COLLISION 1024 /* Marking for OIDs that have not been discovered in the database. The OIDs not discovered are guaranteed to be this value or larger. */ # define OID_NOT_FOUND 32768 # endif /* MATRIXSSL_NO_OID_DATABASE */ /* Raw digest algorithms */ # define OID_SHA1_ALG_STR "1.3.14.3.2.26" # define OID_SHA1_ALG 88 # define OID_SHA1_ALG_HEX "\x06\x05\x2B\x0E\x03\x02\x1A" # define OID_SHA224_ALG_STR "2.16.840.1.101.3.4.2.4" # define OID_SHA224_ALG (417 + OID_COLLISION) # define OID_SHA224_ALG_HEX "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x04" # define OID_SHA256_ALG_STR "2.16.840.1.101.3.4.2.1" # define OID_SHA256_ALG 414 # define OID_SHA256_ALG_HEX "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01" # define OID_SHA384_ALG_STR "2.16.840.1.101.3.4.2.2" # define OID_SHA384_ALG 415 # define OID_SHA384_ALG_HEX "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02" # define OID_SHA512_ALG_STR "2.16.840.1.101.3.4.2.3" # define OID_SHA512_ALG 416 # define OID_SHA512_ALG_HEX "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03" # define OID_MD2_ALG_STR "1.2.840.113549.2.2" # define OID_MD2_ALG 646 # define OID_MD2_ALG_HEX "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x02\x02" # define OID_MD4_ALG_STR "1.2.840.113549.2.4" # define OID_MD4_ALG (648 + OID_COLLISION) # define OID_MD4_ALG_HEX "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x02\x04" # define OID_MD5_ALG_STR "1.2.840.113549.2.5" # define OID_MD5_ALG 649 # define OID_MD5_ALG_HEX "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x02\x05" # define OID_SM3_ALG_STR "1.2.156.10197.1.401" # define OID_SM3_ALG 640 # define OID_SM3_ALG_HEX "\x06\x08\x2A\x81\x1C\xCF\x55\x01\x83\x11" # define OID_HMAC_WITH_SHA1_STR "1.2.840.113549.2.7" # define OID_HMAC_WITH_SHA1 (651 + OID_COLLISION) # define OID_HMAC_WITH_SHA1_HEX "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x02\x07" # define OID_HMAC_WITH_SHA224_STR "1.2.840.113549.2.8" # define OID_HMAC_WITH_SHA224 (652 + OID_COLLISION * 3) # define OID_HMAC_WITH_SHA224_HEX "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x02\x08" # define OID_HMAC_WITH_SHA256_STR "1.2.840.113549.2.9" # define OID_HMAC_WITH_SHA256 (653 + OID_COLLISION) # define OID_HMAC_WITH_SHA256_HEX "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x02\x09" # define OID_HMAC_WITH_SHA384_STR "1.2.840.113549.2.10" # define OID_HMAC_WITH_SHA384 (654 + OID_COLLISION * 2) # define OID_HMAC_WITH_SHA384_HEX "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x02\x0A" # define OID_HMAC_WITH_SHA512_STR "1.2.840.113549.2.11" # define OID_HMAC_WITH_SHA512 (655 + OID_COLLISION * 2) # define OID_HMAC_WITH_SHA512_HEX "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x02\x0B" # define OID_HMAC_WITH_SHA512_224_STR "1.2.840.113549.2.12" # define OID_HMAC_WITH_SHA512_224 (656 + OID_COLLISION * 2) # define OID_HMAC_WITH_SHA512_224_HEX "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x02\x0C" # define OID_HMAC_WITH_SHA512_256_STR "1.2.840.113549.2.13" # define OID_HMAC_WITH_SHA512_256 (657 + OID_COLLISION * 2) # define OID_HMAC_WITH_SHA512_256_HEX "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x02\x0D" /* Signature algorithms */ # define OID_MD2_RSA_SIG_STR "1.2.840.113549.1.1.2" # define OID_MD2_RSA_SIG (646 + OID_COLLISION) # define OID_MD2_RSA_SIG_HEX "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02" # define OID_MD4_RSA_SIG_STR "1.2.840.113549.1.1.3" # define OID_MD4_RSA_SIG 647 # define OID_MD4_RSA_SIG_HEX "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x03" # define OID_MD5_RSA_SIG_STR "1.2.840.113549.1.1.4" # define OID_MD5_RSA_SIG 648 # define OID_MD5_RSA_SIG_HEX "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04" # define OID_SHA1_RSA_SIG_STR "1.2.840.113549.1.1.5" # define OID_SHA1_RSA_SIG (649 + OID_COLLISION) # define OID_SHA1_RSA_SIG_HEX "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05" # define OID_SHA1_RSA_SIG2_STR "1.3.14.3.2.29" # define OID_SHA1_RSA_SIG2 91/* Older, alternate for SHA1_RSA */ # define OID_SHA1_RSA_SIG2_HEX "\x06\x05\x2B\x0E\x03\x02\x1D" # define OID_ID_MGF1_STR "1.2.840.113549.1.1.8" # define OID_ID_MGF1 (652 + OID_COLLISION * 2) # define OID_ID_MGF1_HEX "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x08" # define OID_RSASSA_PSS_STR "1.2.840.113549.1.1.10" # define OID_RSASSA_PSS (654 + OID_COLLISION) # define OID_RSASSA_PSS_HEX "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0A" # define OID_SHA224_RSA_SIG_STR "1.2.840.113549.1.1.14" # define OID_SHA224_RSA_SIG (658 + OID_COLLISION) # define OID_SHA224_RSA_SIG_HEX "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0E" # define OID_SHA256_RSA_SIG_STR "1.2.840.113549.1.1.11" # define OID_SHA256_RSA_SIG (655 + OID_COLLISION) # define OID_SHA256_RSA_SIG_HEX "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B" # define OID_SHA384_RSA_SIG_STR "1.2.840.113549.1.1.12" # define OID_SHA384_RSA_SIG (656 + OID_COLLISION) # define OID_SHA384_RSA_SIG_HEX "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0C" # define OID_SHA512_RSA_SIG_STR "1.2.840.113549.1.1.13" # define OID_SHA512_RSA_SIG (657 + OID_COLLISION) # define OID_SHA512_RSA_SIG_HEX "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0D" # define OID_SHA1_DSA_SIG_STR "1.2.840.10040.4.3" # define OID_SHA1_DSA_SIG 517 # define OID_SHA1_DSA_SIG_HEX "\x06\x07\x2A\x86\x48\xCE\x38\x04\x03" # define OID_SHA1_ECDSA_SIG_STR "1.2.840.10045.4.1" # define OID_SHA1_ECDSA_SIG 520 # define OID_SHA1_ECDSA_SIG_HEX "\x06\x07\x2A\x86\x48\xCE\x3D\x04\x01" # define OID_SHA224_ECDSA_SIG_STR "1.2.840.10045.4.3.1" # define OID_SHA224_ECDSA_SIG 523 # define OID_SHA224_ECDSA_SIG_HEX "\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x01" # define OID_SHA256_ECDSA_SIG_STR "1.2.840.10045.4.3.2" # define OID_SHA256_ECDSA_SIG 524 # define OID_SHA256_ECDSA_SIG_HEX "\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x02" # define OID_SHA384_ECDSA_SIG_STR "1.2.840.10045.4.3.3" # define OID_SHA384_ECDSA_SIG 525 # define OID_SHA384_ECDSA_SIG_HEX "\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x03" # define OID_SHA512_ECDSA_SIG_STR "1.2.840.10045.4.3.4" # define OID_SHA512_ECDSA_SIG 526 # define OID_SHA512_ECDSA_SIG_HEX "\x06\x08\x2A\x86\x48\xCE\x3D\x04\x03\x04" # define OID_SM3_SM2_SIG_STR "1.2.156.10197.1.501" # define OID_SM3_SM2_SIG 740 # define OID_SM3_SM2_SIG_HEX "\x06\x08\x2A\x81\x1C\xCF\x55\x01\x83\x75" /* The SSL 3.0, TLS 1.0/1.1 MD5-SHA1 based signature scheme for RSA. Not based on an OID (because there isn't one). This is a MatrixSSL internal ID. */ # define OID_RSA_TLS_SIG_ALG 666 /* Generic ID for PKCS #1.5 RSA signatures. Hash algoritm to use must be specified in some other way. */ # define OID_RSA_PKCS15_SIG_ALG (667 + OID_COLLISION) /* Generic ID for ECDSA signatures in TLS. Hash algoritm to use must be specified in some other way. */ # define OID_ECDSA_TLS_SIG_ALG (668 + OID_COLLISION) /* Public key algorithms */ # define OID_RSA_KEY_ALG_STR "1.2.840.113549.1.1.1" # define OID_RSA_KEY_ALG 645 # define OID_RSA_KEY_ALG_HEX "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01" # define OID_DSA_KEY_ALG_STR "1.2.840.10040.4.1" # define OID_DSA_KEY_ALG 515 # define OID_DSA_KEY_ALG_HEX "\x06\x07\x2A\x86\x48\xCE\x38\x04\x01" # define OID_ECDSA_KEY_ALG_STR "1.2.840.10045.2.1" # define OID_ECDSA_KEY_ALG 518 # define OID_ECDSA_KEY_ALG_HEX "\x06\x07\x2A\x86\x48\xCE\x3D\x02\x01" # define OID_ED25519_KEY_STR "1.3.101.112" # define OID_ED25519_KEY_ALG 256 # define OID_ED25519_KEY_ALG_HEX "\x06\x03\x2B\x65\x70" # define OID_SM2_KEY_ALG_STR "1.2.156.10197.1.301.3" # define OID_SM2_KEY_ALG (670 + OID_COLLISION) # define OID_SM2_KEY_ALG_HEX "\x06\x09\x2A\x81\x1C\xCF\x55\x01\x82\x2D\x03" /* Encryption algorithms */ # define OID_DES_EDE3_CBC_STR "1.2.840.113549.3.7" # define OID_DES_EDE3_CBC (652 + OID_COLLISION) # define OID_DES_EDE3_CBC_HEX "\x06\x08\x2A\x86\x48\x86\xF7\x0D\x03\x07" # define OID_AES_128_CBC_STR "2.16.840.1.101.3.4.1.2" # define OID_AES_128_CBC (414 + OID_COLLISION) # define OID_AES_128_CBC_HEX "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x01\x02" # define OID_AES_128_WRAP_STR "2.16.840.1.101.3.4.1.5" # define OID_AES_128_WRAP 417 # define OID_AES_128_WRAP_HEX "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x01\x05" # define OID_AES_128_GCM_STR "2.16.840.1.101.3.4.1.6" # define OID_AES_128_GCM 418 # define OID_AES_128_GCM_HEX "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x01\x06" # define OID_AES_192_CBC_STR "2.16.840.1.101.3.4.1.22" # define OID_AES_192_CBC 434 # define OID_AES_192_CBC_HEX "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x01\x16" # define OID_AES_192_WRAP_STR "2.16.840.1.101.3.4.1.25" # define OID_AES_192_WRAP 437 # define OID_AES_192_WRAP_HEX "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x01\x19" # define OID_AES_192_GCM_STR "2.16.840.1.101.3.4.1.26" # define OID_AES_192_GCM 438 # define OID_AES_192_GCM_HEX "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x01\x1A" # define OID_AES_256_CBC_STR "2.16.840.1.101.3.4.1.42" # define OID_AES_256_CBC 454 # define OID_AES_256_CBC_HEX "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x01\x2A" # define OID_AES_256_WRAP_STR "2.16.840.1.101.3.4.1.45" # define OID_AES_256_WRAP 457 # define OID_AES_256_WRAP_HEX "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x01\x2D" # define OID_AES_256_GCM_STR "2.16.840.1.101.3.4.1.46" # define OID_AES_256_GCM 458 # define OID_AES_256_GCM_HEX "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x01\x2E" # define OID_AES_CMAC_STR "2.16.840.1.101.3.4.1.200_alt" # define OID_AES_CMAC 612 # define OID_AES_CMAC_HEX "\x06\x0A\x60\x86\x48\x01\x65\x03\x04\x01\xC8" # define OID_AES_CBC_CMAC_128_STR "0.4.0.127.0.7.1.1.1.2" # define OID_AES_CBC_CMAC_128 143 # define OID_AES_CBC_CMAC_128_HEX "\x06\x09\x04\x00\x7F\x00\x07\x01\x01\x01\x02" # define OID_AES_CBC_CMAC_192_STR "0.4.0.127.0.7.1.1.1.3" # define OID_AES_CBC_CMAC_192 144 # define OID_AES_CBC_CMAC_192_HEX "\x06\x09\x04\x00\x7F\x00\x07\x01\x01\x01\x03" # define OID_AES_CBC_CMAC_256_STR "0.4.0.127.0.7.1.1.1.4" # define OID_AES_CBC_CMAC_256 145 # define OID_AES_CBC_CMAC_256_HEX "\x06\x09\x04\x00\x7F\x00\x07\x01\x01\x01\x04" # define OID_AUTH_ENC_256_SUM_STR "1.2.840.113549.1.9.16.3.16" # define OID_AUTH_ENC_256_SUM 687/* See RFC 6476 */ # define OID_AUTH_ENC_256_SUM_HEX "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x10" # define OID_PKCS_PBKDF2_STR "1.2.840.113549.1.5.12" # define OID_PKCS_PBKDF2 (660 + OID_COLLISION) # define OID_PKCS_PBKDF2_HEX "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x05\x0C" # define OID_PKCS_PBES2_STR "1.2.840.113549.1.5.13" # define OID_PKCS_PBES2 (661 + OID_COLLISION) # define OID_PKCS_PBES2_HEX "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x05\x0D" # define OID_PKCS_PBESHA128RC4_STR "1.2.840.113549.1.12.1.1" # define OID_PKCS_PBESHA128RC4 657 # define OID_PKCS_PBESHA128RC4_HEX "\x06\x0A\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x01" # define OID_PKCS_PBESHA40RC4_STR "1.2.840.113549.1.12.1.2" # define OID_PKCS_PBESHA40RC4 658 # define OID_PKCS_PBESHA40RC4_HEX "\x06\x0A\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x02" # define OID_PKCS_PBESHA3DES3_STR "1.2.840.113549.1.12.1.3" # define OID_PKCS_PBESHA3DES3 659 # define OID_PKCS_PBESHA3DES3_HEX "\x06\x0A\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x03" # define OID_PKCS_PBESHA2DES3_STR "1.2.840.113549.1.12.1.4" # define OID_PKCS_PBESHA2DES3 660 # define OID_PKCS_PBESHA2DES3_HEX "\x06\x0A\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x04" # define OID_PKCS_PBESHA128RC2_STR "1.2.840.113549.1.12.1.5" # define OID_PKCS_PBESHA128RC2 661 # define OID_PKCS_PBESHA128RC2_HEX "\x06\x0A\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x05" # define OID_PKCS_PBESHA40RC2_STR "1.2.840.113549.1.12.1.6" # define OID_PKCS_PBESHA40RC2 662 # define OID_PKCS_PBESHA40RC2_HEX "\x06\x0A\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x06" # define OID_PKCS12_BAG_TYPE_KEY_STR "1.2.840.113549.1.12.10.1.1" # define OID_PKCS12_BAG_TYPE_KEY 667 # define OID_PKCS12_BAG_TYPE_KEY_HEX "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x01" # define OID_PKCS12_BAG_TYPE_SHROUD_STR "1.2.840.113549.1.12.10.1.2" # define OID_PKCS12_BAG_TYPE_SHROUD 668 # define OID_PKCS12_BAG_TYPE_SHROUD_HEX "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x02" # define OID_PKCS12_BAG_TYPE_CERT_STR "1.2.840.113549.1.12.10.1.3" # define OID_PKCS12_BAG_TYPE_CERT 669 # define OID_PKCS12_BAG_TYPE_CERT_HEX "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x03" # define OID_PKCS12_BAG_TYPE_CRL_STR "1.2.840.113549.1.12.10.1.4" # define OID_PKCS12_BAG_TYPE_CRL 670 # define OID_PKCS12_BAG_TYPE_CRL_HEX "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x04" # define OID_PKCS12_BAG_TYPE_SECRET_STR "1.2.840.113549.1.12.10.1.5" # define OID_PKCS12_BAG_TYPE_SECRET 671 # define OID_PKCS12_BAG_TYPE_SECRET_HEX "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x05" # define OID_PKCS12_BAG_TYPE_SAFE_STR "1.2.840.113549.1.12.10.1.6" # define OID_PKCS12_BAG_TYPE_SAFE 672 # define OID_PKCS12_BAG_TYPE_SAFE_HEX "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x06" # define OID_PKCS9_CERT_TYPE_X509_STR "1.2.840.113549.1.9.22.1" # define OID_PKCS9_CERT_TYPE_X509 675 # define OID_PKCS9_CERT_TYPE_X509_HEX "\x06\x0A\x2A\x86\x48\x86\xF7\x0D\x01\x09\x16\x01" # define OID_PKCS9_CERT_TYPE_SDSI_STR "1.2.840.113549.1.9.22.2" # define OID_PKCS9_CERT_TYPE_SDSI 676 # define OID_PKCS9_CERT_TYPE_SDSI_HEX "\x06\x0A\x2A\x86\x48\x86\xF7\x0D\x01\x09\x16\x02" # define OID_PKCS7_DATA_STR "1.2.840.113549.1.7.1" # define OID_PKCS7_DATA 651 # define OID_PKCS7_DATA_HEX "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x01" # define OID_PKCS7_SIGNED_DATA_STR "1.2.840.113549.1.7.2" # define OID_PKCS7_SIGNED_DATA 652 # define OID_PKCS7_SIGNED_DATA_HEX "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x02" # define OID_PKCS7_ENVELOPED_DATA_STR "1.2.840.113549.1.7.3" # define OID_PKCS7_ENVELOPED_DATA 653 # define OID_PKCS7_ENVELOPED_DATA_HEX "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x03" # define OID_PKCS7_SIGNED_ENVELOPED_DATA_STR "1.2.840.113549.1.7.4" # define OID_PKCS7_SIGNED_ENVELOPED_DATA 654 # define OID_PKCS7_SIGNED_ENVELOPED_DATA_HEX "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x04" # define OID_PKCS7_DIGESTED_DATA_STR "1.2.840.113549.1.7.5" # define OID_PKCS7_DIGESTED_DATA 655 # define OID_PKCS7_DIGESTED_DATA_HEX "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x05" # define OID_PKCS7_ENCRYPTED_DATA_STR "1.2.840.113549.1.7.6" # define OID_PKCS7_ENCRYPTED_DATA 656 # define OID_PKCS7_ENCRYPTED_DATA_HEX "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x06" # define OID_OCSP_STR "1.3.6.1.5.5.7.48.1" # define OID_OCSP 116 # define OID_OCSP_HEX "\x06\x08\x2B\x06\x01\x05\x05\x07\x30\x01" # define OID_BASIC_OCSP_RESPONSE_STR "1.3.6.1.5.5.7.48.1.1" # define OID_BASIC_OCSP_RESPONSE 117 # define OID_BASIC_OCSP_RESPONSE_HEX "\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01" /* These definitions are for MatrixCMS (optional component). */ # define OID_ECKA_EG_X963KDF_SHA256_STR "0.4.0.127.0.7.1.1.5.1.1.3" # define OID_ECKA_EG_X963KDF_SHA256 150 # define OID_ECKA_EG_X963KDF_SHA256_HEX "\x06\x0B\x04\x00\x7F\x00\x07\x01\x01\x05\x01\x01\x03" # define OID_ECKA_EG_X963KDF_SHA384_STR "0.4.0.127.0.7.1.1.5.1.1.4" # define OID_ECKA_EG_X963KDF_SHA384 151 # define OID_ECKA_EG_X963KDF_SHA384_HEX "\x06\x0B\x04\x00\x7F\x00\x07\x01\x01\x05\x01\x01\x04" # define OID_ECKA_EG_X963KDF_SHA512_STR "0.4.0.127.0.7.1.1.5.1.1.5" # define OID_ECKA_EG_X963KDF_SHA512 152 # define OID_ECKA_EG_X963KDF_SHA512_HEX "\x06\x0B\x04\x00\x7F\x00\x07\x01\x01\x05\x01\x01\x05" # define OID_DHSINGLEPASS_STDDH_SHA1KDF_SCHEME_STR "1.3.133.16.840.63.0.2" # define OID_DHSINGLEPASS_STDDH_SHA1KDF_SCHEME 464 # define OID_DHSINGLEPASS_STDDH_SHA1KDF_SCHEME_HEX "\x06\x09\x2B\x81\x05\x10\x86\x48\x3F\x00\x02" # define OID_DHSINGLEPASS_COFACTORDH_SHA1KDF_SCHEME_STR "1.3.133.16.840.63.0.3" # define OID_DHSINGLEPASS_COFACTORDH_SHA1KDF_SCHEME 465 # define OID_DHSINGLEPASS_COFACTORDH_SHA1KDF_SCHEME_HEX "\x06\x09\x2B\x81\x05\x10\x86\x48\x3F\x00\x03" # define OID_MQVSINGLEPASS_SHA1KDF_SCHEME_STR "1.3.133.16.840.63.0.16" # define OID_MQVSINGLEPASS_SHA1KDF_SCHEME 478 # define OID_MQVSINGLEPASS_SHA1KDF_SCHEME_HEX "\x06\x09\x2B\x81\x05\x10\x86\x48\x3F\x00\x10" # define OID_DHSINGLEPASS_STDDH_SHA256KDF_SCHEME_STR "1.3.132.1.11.1" # define OID_DHSINGLEPASS_STDDH_SHA256KDF_SCHEME 189 # define OID_DHSINGLEPASS_STDDH_SHA256KDF_SCHEME_HEX "\x06\x06\x2B\x81\x04\x01\x0B\x01" # define OID_DHSINGLEPASS_STDDH_SHA384KDF_SCHEME_STR "1.3.132.1.11.2" # define OID_DHSINGLEPASS_STDDH_SHA384KDF_SCHEME 190 # define OID_DHSINGLEPASS_STDDH_SHA384KDF_SCHEME_HEX "\x06\x06\x2B\x81\x04\x01\x0B\x02" # define OID_DHSINGLEPASS_STDDH_SHA512KDF_SCHEME_STR "1.3.132.1.11.3" # define OID_DHSINGLEPASS_STDDH_SHA512KDF_SCHEME 191 # define OID_DHSINGLEPASS_STDDH_SHA512KDF_SCHEME_HEX "\x06\x06\x2B\x81\x04\x01\x0B\x03" # define PBE12 1 # define PBES2 2 # define AUTH_SAFE_3DES 1 # define AUTH_SAFE_RC2 2 # define PKCS12_KEY_ID 1 # define PKCS12_IV_ID 2 # define PKCS12_MAC_ID 3 # if defined(USE_PKCS1_OAEP) || defined(USE_PKCS1_PSS) # define PKCS1_SHA1_ID 0 # define PKCS1_MD5_ID 1 # define PKCS1_SHA256_ID 2 # define PKCS1_SHA384_ID 3 # define PKCS1_SHA512_ID 4 # define PKCS1_SHA224_ID 5 # endif /* SignatureScheme values. */ # define sigalg_rsa_pkcs1_sha256 0x0401 # define sigalg_rsa_pkcs1_sha384 0x0501 # define sigalg_rsa_pkcs1_sha512 0x0601 # define sigalg_ecdsa_secp256r1_sha256 0x0403 # define sigalg_ecdsa_secp384r1_sha384 0x0503 # define sigalg_ecdsa_secp521r1_sha512 0x0603 # define sigalg_rsa_pss_rsae_sha256 0x0804 # define sigalg_rsa_pss_rsae_sha384 0x0805 # define sigalg_rsa_pss_rsae_sha512 0x0806 # define sigalg_ed25519 0x0807 # define sigalg_ed448 0x0808 # define sigalg_rsa_pss_pss_sha256 0x0809 # define sigalg_rsa_pss_pss_sha384 0x080a # define sigalg_rsa_pss_pss_sha512 0x080b # define sigalg_rsa_pkcs1_sha1 0x0201 # define sigalg_ecdsa_sha1 0x0203 # define sigalg_sm2sig_sm3 0x0708 /* TLS 1.3 NamedGroup values. */ # define namedgroup_secp192r1 0x0013 # define namedgroup_secp224r1 0x0015 # define namedgroup_secp256r1 0x0017 # define namedgroup_secp384r1 0x0018 # define namedgroup_secp521r1 0x0019 # define namedgroup_brain256r1 0x001a # define namedgroup_brain384r1 0x001b # define namedgroup_brain512r1 0x001c # define namedgroup_x25519 0x001d # define namedgroup_x448 0x001e # define namedgroup_ffdhe2048 0x0100 # define namedgroup_ffdhe3072 0x0101 # define namedgroup_ffdhe4096 0x0102 # define namedgroup_ffdhe6144 0x0103 # define namedgroup_ffdhe8192 0x0104 # define namedgroup_curveSM2 0x0029 /******************************************************************************/ /* These values are all mutually exlusive bits to define Cipher flags */ # define CRYPTO_FLAGS_AES (1 << 0) # define CRYPTO_FLAGS_AES256 (1 << 1) # define CRYPTO_FLAGS_3DES (1 << 2) # define CRYPTO_FLAGS_ARC4 (1 << 3) # define CRYPTO_FLAGS_SEED (1 << 4) # define CRYPTO_FLAGS_IDEA (1 << 5) # define CRYPTO_FLAGS_CHACHA (1 << 6) /* Short for CHACHA20_POLY1305_IETF */ # define CRYPTO_FLAGS_SM4 (1 << 7) # define CRYPTO_FLAGS_SHA1 (1 << 8) # define CRYPTO_FLAGS_SHA2 (1 << 9) # define CRYPTO_FLAGS_SHA3 (1 << 10) # define CRYPTO_FLAGS_GCM (1 << 11) # define CRYPTO_FLAGS_CCM (1 << 12) # define CRYPTO_FLAGS_CCM_8 (1 << 13)/* CCM mode with 8 byte ICV */ # define CRYPTO_FLAGS_MD5 (1 << 14) # define CRYPTO_FLAGS_SM3 (1 << 15) # define CRYPTO_FLAGS_TLS (1 << 16) # define CRYPTO_FLAGS_TLS_1_1 (1 << 17) # define CRYPTO_FLAGS_TLS_1_2 (1 << 18) # define CRYPTO_FLAGS_INBOUND (1 << 24) # define CRYPTO_FLAGS_ARC4INITE (1 << 25) # define CRYPTO_FLAGS_ARC4INITD (1 << 26) # define CRYPTO_FLAGS_BLOCKING (1 << 27) # define CRYPTO_FLAGS_DISABLED (1 << 30) /******************************************************************************/ # define CRYPT_INVALID_KEYSIZE -21 # define CRYPT_INVALID_ROUNDS -22 /******************************************************************************/ /* 32-bit Rotates */ /******************************************************************************/ # if defined(_MSC_VER) /******************************************************************************/ /* instrinsic rotate */ # include "osdep_stdlib.h" # pragma intrinsic(_lrotr,_lrotl) # define ROR(x, n) _lrotr(x, n) # define ROL(x, n) _lrotl(x, n) /******************************************************************************/ # elif defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && \ !defined(INTEL_CC) && !defined(PS_NO_ASM) static inline unsigned ROL(unsigned word, int i) { __asm ("roll %%cl,%0" : "=r" (word) : "0" (word), "c" (i)); return word; } static inline unsigned ROR(unsigned word, int i) { __asm ("rorl %%cl,%0" : "=r" (word) : "0" (word), "c" (i)); return word; } /******************************************************************************/ # else /* rotates the hard way */ # define ROL(x, y) \ ( (((unsigned long) (x) << (unsigned long) ((y) & 31)) | \ (((unsigned long) (x) & 0xFFFFFFFFUL) >> (unsigned long) (32 - ((y) & 31)))) & \ 0xFFFFFFFFUL) # define ROR(x, y) \ ( ((((unsigned long) (x) & 0xFFFFFFFFUL) >> (unsigned long) ((y) & 31)) | \ ((unsigned long) (x) << (unsigned long) (32 - ((y) & 31)))) & 0xFFFFFFFFUL) # endif /* 32-bit Rotates */ /******************************************************************************/ # ifdef HAVE_NATIVE_INT64 # ifdef _MSC_VER # define CONST64(n) n ## ui64 # else # define CONST64(n) n ## ULL # endif # endif /******************************************************************************/ /* Endian helper macros */ # if defined (ENDIAN_NEUTRAL) # define STORE32L(x, y) { \ (y)[3] = (unsigned char) (((x) >> 24) & 255); \ (y)[2] = (unsigned char) (((x) >> 16) & 255); \ (y)[1] = (unsigned char) (((x) >> 8) & 255); \ (y)[0] = (unsigned char) ((x) & 255); \ } # define LOAD32L(x, y) { \ x = ((unsigned long) ((y)[3] & 255) << 24) | \ ((unsigned long) ((y)[2] & 255) << 16) | \ ((unsigned long) ((y)[1] & 255) << 8) | \ ((unsigned long) ((y)[0] & 255)); \ } # define STORE64L(x, y) { \ (y)[7] = (unsigned char) (((x) >> 56) & 255); \ (y)[6] = (unsigned char) (((x) >> 48) & 255); \ (y)[5] = (unsigned char) (((x) >> 40) & 255); \ (y)[4] = (unsigned char) (((x) >> 32) & 255); \ (y)[3] = (unsigned char) (((x) >> 24) & 255); \ (y)[2] = (unsigned char) (((x) >> 16) & 255); \ (y)[1] = (unsigned char) (((x) >> 8) & 255); \ (y)[0] = (unsigned char) ((x) & 255); \ } # define LOAD64L(x, y) { \ x = (((uint64) ((y)[7] & 255)) << 56) | (((uint64) ((y)[6] & 255)) << 48) | \ (((uint64) ((y)[5] & 255)) << 40) | (((uint64) ((y)[4] & 255)) << 32) | \ (((uint64) ((y)[3] & 255)) << 24) | (((uint64) ((y)[2] & 255)) << 16) | \ (((uint64) ((y)[1] & 255)) << 8) | (((uint64) ((y)[0] & 255))); \ } # define STORE32H(x, y) { \ (y)[0] = (unsigned char) (((x) >> 24) & 255); \ (y)[1] = (unsigned char) (((x) >> 16) & 255); \ (y)[2] = (unsigned char) (((x) >> 8) & 255); \ (y)[3] = (unsigned char) ((x) & 255); \ } # define LOAD32H(x, y) { \ x = ((unsigned long) ((y)[0] & 255) << 24) | \ ((unsigned long) ((y)[1] & 255) << 16) | \ ((unsigned long) ((y)[2] & 255) << 8) | \ ((unsigned long) ((y)[3] & 255)); \ } # define STORE64H(x, y) { \ (y)[0] = (unsigned char) (((x) >> 56) & 255); \ (y)[1] = (unsigned char) (((x) >> 48) & 255); \ (y)[2] = (unsigned char) (((x) >> 40) & 255); \ (y)[3] = (unsigned char) (((x) >> 32) & 255); \ (y)[4] = (unsigned char) (((x) >> 24) & 255); \ (y)[5] = (unsigned char) (((x) >> 16) & 255); \ (y)[6] = (unsigned char) (((x) >> 8) & 255); \ (y)[7] = (unsigned char) ((x) & 255); \ } # define LOAD64H(x, y) { \ x = (((uint64) ((y)[0] & 255)) << 56) | (((uint64) ((y)[1] & 255)) << 48) | \ (((uint64) ((y)[2] & 255)) << 40) | (((uint64) ((y)[3] & 255)) << 32) | \ (((uint64) ((y)[4] & 255)) << 24) | (((uint64) ((y)[5] & 255)) << 16) | \ (((uint64) ((y)[6] & 255)) << 8) | (((uint64) ((y)[7] & 255))); \ } # endif /* ENDIAN_NEUTRAL */ # ifdef ENDIAN_LITTLE # define STORE32H(x, y) { \ (y)[0] = (unsigned char) (((x) >> 24) & 255); \ (y)[1] = (unsigned char) (((x) >> 16) & 255); \ (y)[2] = (unsigned char) (((x) >> 8) & 255); \ (y)[3] = (unsigned char) ((x) & 255); \ } # define LOAD32H(x, y) { \ x = ((unsigned long) ((y)[0] & 255) << 24) | \ ((unsigned long) ((y)[1] & 255) << 16) | \ ((unsigned long) ((y)[2] & 255) << 8) | \ ((unsigned long) ((y)[3] & 255)); \ } # define STORE64H(x, y) { \ (y)[0] = (unsigned char) (((x) >> 56) & 255); \ (y)[1] = (unsigned char) (((x) >> 48) & 255); \ (y)[2] = (unsigned char) (((x) >> 40) & 255); \ (y)[3] = (unsigned char) (((x) >> 32) & 255); \ (y)[4] = (unsigned char) (((x) >> 24) & 255); \ (y)[5] = (unsigned char) (((x) >> 16) & 255); \ (y)[6] = (unsigned char) (((x) >> 8) & 255); \ (y)[7] = (unsigned char) ((x) & 255); \ } # define LOAD64H(x, y) { \ x = (((uint64) ((y)[0] & 255)) << 56) | (((uint64) ((y)[1] & 255)) << 48) | \ (((uint64) ((y)[2] & 255)) << 40) | (((uint64) ((y)[3] & 255)) << 32) | \ (((uint64) ((y)[4] & 255)) << 24) | (((uint64) ((y)[5] & 255)) << 16) | \ (((uint64) ((y)[6] & 255)) << 8) | (((uint64) ((y)[7] & 255))); } # ifdef ENDIAN_32BITWORD # define STORE32L(x, y) { \ unsigned long __t = (x); Memcpy(y, &__t, 4); \ } # define LOAD32L(x, y) Memcpy(&(x), y, 4); # define STORE64L(x, y) { \ (y)[7] = (unsigned char) (((x) >> 56) & 255); \ (y)[6] = (unsigned char) (((x) >> 48) & 255); \ (y)[5] = (unsigned char) (((x) >> 40) & 255); \ (y)[4] = (unsigned char) (((x) >> 32) & 255); \ (y)[3] = (unsigned char) (((x) >> 24) & 255); \ (y)[2] = (unsigned char) (((x) >> 16) & 255); \ (y)[1] = (unsigned char) (((x) >> 8) & 255); \ (y)[0] = (unsigned char) ((x) & 255); \ } # define LOAD64L(x, y) { \ x = (((uint64) ((y)[7] & 255)) << 56) | (((uint64) ((y)[6] & 255)) << 48) | \ (((uint64) ((y)[5] & 255)) << 40) | (((uint64) ((y)[4] & 255)) << 32) | \ (((uint64) ((y)[3] & 255)) << 24) | (((uint64) ((y)[2] & 255)) << 16) | \ (((uint64) ((y)[1] & 255)) << 8) | (((uint64) ((y)[0] & 255))); \ } # else /* 64-bit words then */ # define STORE32L(x, y) \ { unsigned int __t = (x); Memcpy(y, &__t, 4); } # define LOAD32L(x, y) \ { Memcpy(&(x), y, 4); x &= 0xFFFFFFFF; } # define STORE64L(x, y) \ { uint64 __t = (x); Memcpy(y, &__t, 8); } # define LOAD64L(x, y) \ { Memcpy(&(x), y, 8); } # endif /* ENDIAN_64BITWORD */ # endif /* ENDIAN_LITTLE */ /******************************************************************************/ # ifdef ENDIAN_BIG # define STORE32L(x, y) { \ (y)[3] = (unsigned char) (((x) >> 24) & 255); \ (y)[2] = (unsigned char) (((x) >> 16) & 255); \ (y)[1] = (unsigned char) (((x) >> 8) & 255); \ (y)[0] = (unsigned char) ((x) & 255); \ } # define LOAD32L(x, y) { \ x = ((unsigned long) ((y)[3] & 255) << 24) | \ ((unsigned long) ((y)[2] & 255) << 16) | \ ((unsigned long) ((y)[1] & 255) << 8) | \ ((unsigned long) ((y)[0] & 255)); \ } # define STORE64L(x, y) { \ (y)[7] = (unsigned char) (((x) >> 56) & 255); \ (y)[6] = (unsigned char) (((x) >> 48) & 255); \ (y)[5] = (unsigned char) (((x) >> 40) & 255); \ (y)[4] = (unsigned char) (((x) >> 32) & 255); \ (y)[3] = (unsigned char) (((x) >> 24) & 255); \ (y)[2] = (unsigned char) (((x) >> 16) & 255); \ (y)[1] = (unsigned char) (((x) >> 8) & 255); \ (y)[0] = (unsigned char) ((x) & 255); \ } # define LOAD64L(x, y) { \ x = (((uint64) ((y)[7] & 255)) << 56) | (((uint64) ((y)[6] & 255)) << 48) | \ (((uint64) ((y)[5] & 255)) << 40) | (((uint64) ((y)[4] & 255)) << 32) | \ (((uint64) ((y)[3] & 255)) << 24) | (((uint64) ((y)[2] & 255)) << 16) | \ (((uint64) ((y)[1] & 255)) << 8) | (((uint64) ((y)[0] & 255))); \ } /******************************************************************************/ # ifdef ENDIAN_32BITWORD # define STORE32H(x, y) \ { unsigned int __t = (x); Memcpy(y, &__t, 4); } # define LOAD32H(x, y) Memcpy(&(x), y, 4); # define STORE64H(x, y) { \ (y)[0] = (unsigned char) (((x) >> 56) & 255); \ (y)[1] = (unsigned char) (((x) >> 48) & 255); \ (y)[2] = (unsigned char) (((x) >> 40) & 255); \ (y)[3] = (unsigned char) (((x) >> 32) & 255); \ (y)[4] = (unsigned char) (((x) >> 24) & 255); \ (y)[5] = (unsigned char) (((x) >> 16) & 255); \ (y)[6] = (unsigned char) (((x) >> 8) & 255); \ (y)[7] = (unsigned char) ((x) & 255); \ } # define LOAD64H(x, y) { \ x = (((uint64) ((y)[0] & 255)) << 56) | (((uint64) ((y)[1] & 255)) << 48) | \ (((uint64) ((y)[2] & 255)) << 40) | (((uint64) ((y)[3] & 255)) << 32) | \ (((uint64) ((y)[4] & 255)) << 24) | (((uint64) ((y)[5] & 255)) << 16) | \ (((uint64) ((y)[6] & 255)) << 8) | (((uint64) ((y)[7] & 255))); \ } /******************************************************************************/ # else /* 64-bit words then */ # define STORE32H(x, y) \ { unsigned int __t = (x); Memcpy(y, &__t, 4); } # define LOAD32H(x, y) \ { Memcpy(&(x), y, 4); x &= 0xFFFFFFFF; } # define STORE64H(x, y) \ { uint64 __t = (x); Memcpy(y, &__t, 8); } # define LOAD64H(x, y) \ { Memcpy(&(x), y, 8); } # endif /* ENDIAN_64BITWORD */ # endif /* ENDIAN_BIG */ /******************************************************************************/ # ifdef HAVE_NATIVE_INT64 # define ROL64c(x, y) \ ( (((x) << ((uint64) (y) & 63)) | \ (((x) & CONST64(0xFFFFFFFFFFFFFFFF)) >> ((uint64) 64 - ((y) & 63)))) & CONST64(0xFFFFFFFFFFFFFFFF)) # define ROR64c(x, y) \ ( ((((x) & CONST64(0xFFFFFFFFFFFFFFFF)) >> ((uint64) (y) & CONST64(63))) | \ ((x) << ((uint64) (64 - ((y) & CONST64(63)))))) & CONST64(0xFFFFFFFFFFFFFFFF)) # endif /* HAVE_NATIVE_INT64 */ /******************************************************************************/ /* Return the length of padding bytes required for a record of 'LEN' bytes The name Pwr2 indicates that calculations will work with 'BLOCKSIZE' that are powers of 2. Because of the trailing pad length byte, a length that is a multiple of the pad bytes */ # define psPadLenPwr2(LEN, BLOCKSIZE) \ BLOCKSIZE <= 1 ? (unsigned char) 0 : \ (unsigned char) (BLOCKSIZE - ((LEN) &(BLOCKSIZE - 1))) /* Return nearest multiple of n greater than or equal to x. */ static inline psSizeL_t psRoundUpToBlockSize(psSizeL_t x, psSizeL_t n) { psSizeL_t res; res = (x + n - 1) / n; res *= n; return res; } # ifdef USE_CRL extern int32_t psCrlOpen(void); extern void psCrlClose(void); # endif #endif /* _h_PS_CRYPTOLIB */ /******************************************************************************/