791 lines
29 KiB
C
791 lines
29 KiB
C
/**
|
|
* @file cryptoApi.h
|
|
* @version $Format:%h%d$
|
|
*
|
|
* Prototypes for the Matrix crypto public APIs.
|
|
*/
|
|
/*
|
|
* Copyright (c) 2013-2016 INSIDE Secure Corporation
|
|
* Copyright (c) PeerSec Networks, 2002-2011
|
|
* All Rights Reserved
|
|
*
|
|
* The latest version of this code is available at http://www.matrixssl.org
|
|
*
|
|
* This software is open source; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This General Public License does NOT permit incorporating this software
|
|
* into proprietary programs. If you are unable to comply with the GPL, a
|
|
* commercial license for this software may be purchased from INSIDE at
|
|
* http://www.insidesecure.com/
|
|
*
|
|
* This program is distributed in WITHOUT ANY WARRANTY; without even the
|
|
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
* See the GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
* http://www.gnu.org/copyleft/gpl.html
|
|
*/
|
|
/******************************************************************************/
|
|
|
|
#ifndef _h_PS_CRYPTOAPI
|
|
#define _h_PS_CRYPTOAPI
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
#include "../core/coreApi.h" /* Must be included first */
|
|
#include "cryptoConfig.h" /* Must be included second */
|
|
#include "cryptolib.h"
|
|
|
|
/******************************************************************************/
|
|
/**
|
|
Public return codes.
|
|
These are in addition to those in core/
|
|
Failure codes MUST be < 0
|
|
@note The range for crypto error codes must be between -30 and -49
|
|
*/
|
|
#define PS_PARSE_FAIL -31
|
|
/**
|
|
@note Any future additions to certificate authentication failures
|
|
must be carried through to MatrixSSL code
|
|
*/
|
|
#define PS_CERT_AUTH_PASS PS_TRUE
|
|
#define PS_CERT_AUTH_FAIL_BC -32 /* BasicConstraint failure */
|
|
#define PS_CERT_AUTH_FAIL_DN -33 /* DistinguishedName failure */
|
|
#define PS_CERT_AUTH_FAIL_SIG -34 /* Signature validation failure */
|
|
#define PS_CERT_AUTH_FAIL_REVOKED -35 /* Revoked via CRL */
|
|
#define PS_CERT_AUTH_FAIL -36 /* Generic cert auth fail */
|
|
#define PS_CERT_AUTH_FAIL_EXTENSION -37 /* extension permission problem */
|
|
#define PS_CERT_AUTH_FAIL_PATH_LEN -38 /* pathLen exceeded */
|
|
#define PS_CERT_AUTH_FAIL_AUTHKEY -39 /* subjectKeyid != issuer authKeyid */
|
|
|
|
#define PS_SIGNATURE_MISMATCH -40 /* Algorithms all work but sig not a match */
|
|
|
|
#define PS_AUTH_FAIL -41 /* An AEAD or HASH authentication fail */
|
|
|
|
/* Set as authStatusFlags to certificate callback when authStatus
|
|
is PS_CERT_AUTH_FAIL_EXTENSION */
|
|
#define PS_CERT_AUTH_FAIL_KEY_USAGE_FLAG 0x01
|
|
#define PS_CERT_AUTH_FAIL_EKU_FLAG 0x02
|
|
#define PS_CERT_AUTH_FAIL_SUBJECT_FLAG 0x04
|
|
#define PS_CERT_AUTH_FAIL_DATE_FLAG 0x08
|
|
|
|
/******************************************************************************/
|
|
/**
|
|
Build the configuration string with the relevant build options for
|
|
runtime validation of compile-time configuration.
|
|
*/
|
|
#if defined PSTM_X86 || defined PSTM_X86_64 || defined PSTM_ARM || \
|
|
defined PSTM_MIPS
|
|
#define PSTM_ASM_CONFIG_STR "Y"
|
|
#else
|
|
#define PSTM_ASM_CONFIG_STR "N"
|
|
#endif
|
|
#ifdef PSTM_64BIT
|
|
#define PSTM_64_CONFIG_STR "Y"
|
|
#else
|
|
#define PSTM_64_CONFIG_STR "N"
|
|
#endif
|
|
#ifdef USE_AESNI_CRYPTO
|
|
#define AESNI_CONFIG_STR "Y"
|
|
#else
|
|
#define AESNI_CONFIG_STR "N"
|
|
#endif
|
|
#define HW_PKA_CONFIG_STR "N"
|
|
#define PKCS11_CONFIG_STR "N"
|
|
#define FIPS_CONFIG_STR "N"
|
|
|
|
#define PSCRYPTO_CONFIG \
|
|
"Y" \
|
|
PSTM_ASM_CONFIG_STR \
|
|
PSTM_64_CONFIG_STR \
|
|
AESNI_CONFIG_STR \
|
|
HW_PKA_CONFIG_STR \
|
|
PKCS11_CONFIG_STR \
|
|
FIPS_CONFIG_STR \
|
|
PSCORE_CONFIG
|
|
|
|
/******************************************************************************/
|
|
/*
|
|
Crypto module open/close
|
|
*/
|
|
PSPUBLIC int32_t psCryptoOpen(const char *config);
|
|
PSPUBLIC void psCryptoClose(void);
|
|
|
|
/******************************************************************************/
|
|
/*
|
|
Abstract Cipher API
|
|
Handles symmetric crypto, aead ciphers, hashes and macs.
|
|
*/
|
|
typedef enum {
|
|
|
|
AES_CBC_ENC = 1,
|
|
AES_CBC_DEC,
|
|
AES_GCM_ENC,
|
|
AES_GCM_DEC,
|
|
CHACHA20_POLY1305_ENC,
|
|
CHACHA20_POLY1305_DEC,
|
|
ARC4,
|
|
DES3,
|
|
IDEA,
|
|
SEED,
|
|
|
|
HASH_MD2,
|
|
HASH_MD5,
|
|
HASH_SHA1,
|
|
HASH_MD5SHA1,
|
|
HASH_SHA256,
|
|
HASH_SHA384,
|
|
HASH_SHA512,
|
|
|
|
HMAC_MD5,
|
|
HMAC_SHA1,
|
|
HMAC_SHA256,
|
|
HMAC_SHA384,
|
|
|
|
} psCipherType_e;
|
|
|
|
/******************************************************************************/
|
|
/*
|
|
Symmetric Cipher Algorithms
|
|
*/
|
|
#ifdef USE_AES
|
|
|
|
#define PS_AES_ENCRYPT 0x1
|
|
#define PS_AES_DECRYPT 0x2
|
|
|
|
#ifdef USE_AES_BLOCK
|
|
/******************************************************************************/
|
|
PSPUBLIC int32_t psAesInitBlockKey(psAesKey_t *key,
|
|
const unsigned char ckey[AES_MAXKEYLEN], uint8_t keylen,
|
|
uint32_t flags);
|
|
PSPUBLIC void psAesEncryptBlock(psAesKey_t *key, const unsigned char *pt,
|
|
unsigned char *ct);
|
|
PSPUBLIC void psAesDecryptBlock(psAesKey_t *key, const unsigned char *ct,
|
|
unsigned char *pt);
|
|
PSPUBLIC void psAesClearBlockKey(psAesKey_t *key);
|
|
#endif
|
|
|
|
#ifdef USE_AES_CBC
|
|
/******************************************************************************/
|
|
PSPUBLIC int32_t psAesInitCBC(psAesCbc_t *ctx,
|
|
const unsigned char IV[AES_IVLEN],
|
|
const unsigned char key[AES_MAXKEYLEN], uint8_t keylen,
|
|
uint32_t flags);
|
|
PSPUBLIC void psAesDecryptCBC(psAesCbc_t *ctx,
|
|
const unsigned char *ct, unsigned char *pt,
|
|
uint32_t len);
|
|
PSPUBLIC void psAesEncryptCBC(psAesCbc_t *ctx,
|
|
const unsigned char *pt, unsigned char *ct,
|
|
uint32_t len);
|
|
PSPUBLIC void psAesClearCBC(psAesCbc_t *ctx);
|
|
#endif
|
|
|
|
#ifdef USE_AES_GCM
|
|
/******************************************************************************/
|
|
PSPUBLIC int32_t psAesInitGCM(psAesGcm_t *ctx,
|
|
const unsigned char key[AES_MAXKEYLEN], uint8_t keylen);
|
|
PSPUBLIC void psAesReadyGCM(psAesGcm_t *ctx,
|
|
const unsigned char IV[AES_IVLEN],
|
|
const unsigned char *aad, uint16_t aadLen);
|
|
PSPUBLIC int32_t psAesReadyGCMRandomIV(psAesGcm_t *ctx,
|
|
unsigned char IV[12],
|
|
const unsigned char *aad, uint16_t aadLen,
|
|
void *poolUserPtr);
|
|
PSPUBLIC void psAesEncryptGCM(psAesGcm_t *ctx,
|
|
const unsigned char *pt, unsigned char *ct,
|
|
uint32_t len);
|
|
PSPUBLIC int32_t psAesDecryptGCM(psAesGcm_t *ctx,
|
|
const unsigned char *ct, uint32_t ctLen,
|
|
unsigned char *pt, uint32_t ptLen);
|
|
|
|
PSPUBLIC int32_t psAesDecryptGCM2(psAesGcm_t *ctx,
|
|
const unsigned char *ct,
|
|
unsigned char *pt, uint32_t len,
|
|
const unsigned char *tag, uint32_t tagLen);
|
|
|
|
PSPUBLIC void psAesDecryptGCMtagless(psAesGcm_t *ctx,
|
|
const unsigned char *ct, unsigned char *pt,
|
|
uint32_t len);
|
|
PSPUBLIC void psAesGetGCMTag(psAesGcm_t *ctx,
|
|
uint8_t tagBytes, unsigned char tag[AES_BLOCKLEN]);
|
|
PSPUBLIC void psAesClearGCM(psAesGcm_t *ctx);
|
|
|
|
#endif /* USE_AES_GCM */
|
|
|
|
#endif /* USE_AES */
|
|
|
|
#ifdef USE_CHACHA20_POLY1305
|
|
/******************************************************************************/
|
|
PSPUBLIC int32_t psChacha20Poly1305Init(psChacha20Poly1305_t *ctx,
|
|
const unsigned char key[crypto_aead_chacha20poly1305_KEYBYTES],
|
|
uint8_t keylen);
|
|
PSPUBLIC void psChacha20Poly1305Ready(psChacha20Poly1305_t *ctx,
|
|
const unsigned char IV[crypto_aead_chacha20poly1305_NPUBBYTES+4],
|
|
const unsigned char *aad, uint16_t aadLen);
|
|
PSPUBLIC void psChacha20Poly1305Encrypt(psChacha20Poly1305_t *ctx,
|
|
const unsigned char *pt, unsigned char *ct,uint32_t len);
|
|
|
|
PSPUBLIC int32_t psChacha20Poly1305Decrypt(psChacha20Poly1305_t *ctx,
|
|
const unsigned char *ct, uint32_t ctLen,
|
|
unsigned char *pt, uint32_t ptLen);
|
|
|
|
PSPUBLIC void psChacha20Poly1305DecryptTagless(psChacha20Poly1305_t *ctx,
|
|
const unsigned char *ct, unsigned char *pt,
|
|
uint32_t len);
|
|
|
|
PSPUBLIC void psChacha20Poly1305GetTag(psChacha20Poly1305_t *ctx,
|
|
uint8_t tagBytes,
|
|
unsigned char tag[crypto_aead_chacha20poly1305_ABYTES]);
|
|
PSPUBLIC void psChacha20Poly1305Clear(psChacha20Poly1305_t *ctx);
|
|
#endif
|
|
|
|
#ifdef USE_3DES
|
|
/******************************************************************************/
|
|
PSPUBLIC int32_t psDes3Init(psDes3_t *ctx, const unsigned char IV[DES3_IVLEN],
|
|
const unsigned char key[DES3_KEYLEN]);
|
|
PSPUBLIC void psDes3Decrypt(psDes3_t *ctx, const unsigned char *ct,
|
|
unsigned char *pt, uint32_t len);
|
|
PSPUBLIC void psDes3Encrypt(psDes3_t *ctx, const unsigned char *pt,
|
|
unsigned char *ct, uint32_t len);
|
|
PSPUBLIC void psDes3Clear(psDes3_t *ctx);
|
|
#endif
|
|
|
|
/******************************************************************************/
|
|
/*
|
|
Hash Digest Algorithms
|
|
*/
|
|
#ifdef USE_MD5
|
|
/******************************************************************************/
|
|
PSPUBLIC int32_t psMd5Init(psMd5_t *md5);
|
|
PSPUBLIC void psMd5Update(psMd5_t *md5, const unsigned char *buf, uint32_t len);
|
|
PSPUBLIC void psMd5Final(psMd5_t *md, unsigned char hash[MD5_HASHLEN]);
|
|
#endif
|
|
|
|
#ifdef USE_SHA1
|
|
/******************************************************************************/
|
|
/* Pre-init should be called for uninitialized, e.g. function local
|
|
digest contexts, before calling the initialization function. */
|
|
static __inline void psSha1PreInit(psSha1_t *sha1)
|
|
{
|
|
/* Nothing to pre-initialize for native crypto. */
|
|
}
|
|
PSPUBLIC int32_t psSha1Init(psSha1_t *sha1);
|
|
PSPUBLIC void psSha1Update(psSha1_t *sha1,
|
|
const unsigned char *buf, uint32_t len);
|
|
PSPUBLIC void psSha1Final(psSha1_t *sha1, unsigned char hash[SHA1_HASHLEN]);
|
|
static __inline void psSha1Sync(psSha1_t *ctx, int sync_all)
|
|
{
|
|
}
|
|
static __inline void psSha1Cpy(psSha1_t *d, const psSha1_t *s)
|
|
{
|
|
memcpy(d, s, sizeof(psSha1_t));
|
|
}
|
|
#endif /* USE_SHA1 */
|
|
|
|
#ifdef USE_MD5SHA1
|
|
/******************************************************************************/
|
|
/* Pre-init should be called for uninitialized, e.g. function local
|
|
digest contexts, before calling the initialization function. */
|
|
static __inline void psMd5Sha1PreInit(psMd5Sha1_t *md)
|
|
{
|
|
/* Nothing to pre-initialize for native crypto. */
|
|
}
|
|
PSPUBLIC int32_t psMd5Sha1Init(psMd5Sha1_t *md);
|
|
PSPUBLIC void psMd5Sha1Update(psMd5Sha1_t *md,
|
|
const unsigned char *buf, uint32_t len);
|
|
PSPUBLIC void psMd5Sha1Final(psMd5Sha1_t *md,
|
|
unsigned char hash[MD5SHA1_HASHLEN]);
|
|
static __inline void psMd5Sha1Sync(psMd5Sha1_t *ctx, int sync_all)
|
|
{
|
|
}
|
|
static __inline void psMd5Sha1Cpy(psMd5Sha1_t *d, const psMd5Sha1_t *s)
|
|
{
|
|
memcpy(d, s, sizeof(psMd5Sha1_t));
|
|
}
|
|
#endif /* USE_MD5SHA1 */
|
|
|
|
#ifdef USE_SHA256
|
|
/******************************************************************************/
|
|
/* Pre-init should be called for uninitialized, e.g. function local
|
|
digest contexts, before calling the initialization function. */
|
|
static __inline void psSha256PreInit(psSha256_t *sha256)
|
|
{
|
|
/* Nothing to pre-initialize for native crypto. */
|
|
}
|
|
PSPUBLIC int32_t psSha256Init(psSha256_t *sha256);
|
|
PSPUBLIC void psSha256Update(psSha256_t *sha256,
|
|
const unsigned char *buf, uint32_t len);
|
|
PSPUBLIC void psSha256Final(psSha256_t *sha256,
|
|
unsigned char hash[SHA256_HASHLEN]);
|
|
static __inline void psSha256Sync(psSha256_t * md, int sync_all)
|
|
{
|
|
}
|
|
static __inline void psSha256Cpy(psSha256_t * d, const psSha256_t * s)
|
|
{
|
|
memcpy(d, s, sizeof(psSha256_t));
|
|
}
|
|
#endif /* USE_SHA256 */
|
|
|
|
/******************************************************************************/
|
|
#ifdef USE_SHA384
|
|
/* Pre-init should be called for uninitialized, e.g. function local
|
|
digest contexts, before calling the initialization function. */
|
|
static __inline void psSha384PreInit(psSha384_t *sha384)
|
|
{
|
|
/* Nothing to pre-initialize for native crypto. */
|
|
}
|
|
PSPUBLIC int32_t psSha384Init(psSha384_t *sha384);
|
|
PSPUBLIC void psSha384Update(psSha384_t *sha384,
|
|
const unsigned char *buf, uint32_t len);
|
|
PSPUBLIC void psSha384Final(psSha384_t *sha384,
|
|
unsigned char hash[SHA384_HASHLEN]);
|
|
static __inline void psSha384Sync(psSha384_t * md, int sync_all)
|
|
{
|
|
}
|
|
static __inline void psSha384Cpy(psSha384_t * d, const psSha384_t * s)
|
|
{
|
|
memcpy(d, s, sizeof(psSha384_t));
|
|
}
|
|
#endif /* USE_SHA384 */
|
|
|
|
#ifdef USE_SHA512
|
|
/******************************************************************************/
|
|
/* Pre-init should be called for uninitialized, e.g. function local
|
|
digest contexts, before calling the initialization function. */
|
|
static __inline void psSha512PreInit(psSha512_t *sha512)
|
|
{
|
|
/* Nothing to pre-initialize for native crypto. */
|
|
}
|
|
PSPUBLIC int32_t psSha512Init(psSha512_t *md);
|
|
PSPUBLIC void psSha512Update(psSha512_t *md,
|
|
const unsigned char *buf, uint32_t len);
|
|
PSPUBLIC void psSha512Final(psSha512_t *md,
|
|
unsigned char hash[SHA512_HASHLEN]);
|
|
static __inline void psSha512Sync(psSha512_t * md, int sync_all)
|
|
{
|
|
}
|
|
static __inline void psSha512Cpy(psSha512_t * d, const psSha512_t * s)
|
|
{
|
|
memcpy(d, s, sizeof(psSha512_t));
|
|
}
|
|
#endif /* USE_SHA512 */
|
|
|
|
/******************************************************************************/
|
|
/*
|
|
HMAC Algorithms
|
|
*/
|
|
/* Generic HMAC algorithms, specify cipher by type. */
|
|
PSPUBLIC int32_t psHmacInit(psHmac_t *ctx, psCipherType_e type,
|
|
const unsigned char *key, uint16_t keyLen);
|
|
PSPUBLIC void psHmacUpdate(psHmac_t *ctx,
|
|
const unsigned char *buf, uint32_t len);
|
|
PSPUBLIC void psHmacFinal(psHmac_t *ctx,
|
|
unsigned char hash[MAX_HASHLEN]);
|
|
|
|
#ifdef USE_HMAC_MD5
|
|
/******************************************************************************/
|
|
PSPUBLIC int32_t psHmacMd5(const unsigned char *key, uint16_t keyLen,
|
|
const unsigned char *buf, uint32_t len,
|
|
unsigned char hash[MD5_HASHLEN],
|
|
unsigned char *hmacKey, uint16_t *hmacKeyLen);
|
|
PSPUBLIC int32_t psHmacMd5Init(psHmacMd5_t *ctx,
|
|
const unsigned char *key, uint16_t keyLen);
|
|
PSPUBLIC void psHmacMd5Update(psHmacMd5_t *ctx,
|
|
const unsigned char *buf, uint32_t len);
|
|
PSPUBLIC void psHmacMd5Final(psHmacMd5_t *ctx,
|
|
unsigned char hash[MD5_HASHLEN]);
|
|
#endif
|
|
|
|
#ifdef USE_HMAC_SHA1
|
|
/******************************************************************************/
|
|
PSPUBLIC int32_t psHmacSha1(const unsigned char *key, uint16_t keyLen,
|
|
const unsigned char *buf, uint32_t len,
|
|
unsigned char hash[SHA1_HASHLEN],
|
|
unsigned char *hmacKey, uint16_t *hmacKeyLen);
|
|
#ifdef USE_HMAC_TLS
|
|
PSPUBLIC int32_t psHmacSha1Tls(const unsigned char *key, uint32_t keyLen,
|
|
const unsigned char *buf1, uint32_t len1,
|
|
const unsigned char *buf2, uint32_t len2,
|
|
const unsigned char *buf3, uint32_t len3,
|
|
uint32_t len3_alt, unsigned char *hmac);
|
|
#endif
|
|
PSPUBLIC int32_t psHmacSha1Init(psHmacSha1_t *ctx,
|
|
const unsigned char *key, uint16_t keyLen);
|
|
PSPUBLIC void psHmacSha1Update(psHmacSha1_t *ctx,
|
|
const unsigned char *buf, uint32_t len);
|
|
PSPUBLIC void psHmacSha1Final(psHmacSha1_t *ctx,
|
|
unsigned char hash[SHA1_HASHLEN]);
|
|
#endif
|
|
|
|
#ifdef USE_HMAC_SHA256
|
|
/******************************************************************************/
|
|
PSPUBLIC int32_t psHmacSha256(const unsigned char *key, uint16_t keyLen,
|
|
const unsigned char *buf, uint32_t len,
|
|
unsigned char hash[SHA256_HASHLEN],
|
|
unsigned char *hmacKey, uint16_t *hmacKeyLen);
|
|
#ifdef USE_HMAC_TLS
|
|
PSPUBLIC int32 psHmacSha2Tls(const unsigned char *key, uint32 keyLen,
|
|
const unsigned char *buf1, uint32 len1,
|
|
const unsigned char *buf2, uint32 len2,
|
|
const unsigned char *buf3, uint32 len3,
|
|
uint32 len3_alt, unsigned char *hmac,
|
|
uint32 hashSize);
|
|
#endif
|
|
PSPUBLIC int32_t psHmacSha256Init(psHmacSha256_t *ctx,
|
|
const unsigned char *key, uint16_t keyLen);
|
|
PSPUBLIC void psHmacSha256Update(psHmacSha256_t *ctx,
|
|
const unsigned char *buf, uint32_t len);
|
|
PSPUBLIC void psHmacSha256Final(psHmacSha256_t *ctx,
|
|
unsigned char hash[SHA256_HASHLEN]);
|
|
#endif
|
|
#ifdef USE_HMAC_SHA384
|
|
/******************************************************************************/
|
|
PSPUBLIC int32_t psHmacSha384(const unsigned char *key, uint16_t keyLen,
|
|
const unsigned char *buf, uint32_t len,
|
|
unsigned char hash[SHA384_HASHLEN],
|
|
unsigned char *hmacKey, uint16_t *hmacKeyLen);
|
|
PSPUBLIC int32_t psHmacSha384Init(psHmacSha384_t *ctx,
|
|
const unsigned char *key, uint16_t keyLen);
|
|
PSPUBLIC void psHmacSha384Update(psHmacSha384_t *ctx,
|
|
const unsigned char *buf, uint32_t len);
|
|
PSPUBLIC void psHmacSha384Final(psHmacSha384_t *ctx,
|
|
unsigned char hash[SHA384_HASHLEN]);
|
|
#endif
|
|
|
|
/******************************************************************************/
|
|
/*
|
|
Private Key Parsing
|
|
PKCS#1 - RSA specific
|
|
PKCS#8 - General private key storage format
|
|
*/
|
|
#ifdef USE_PRIVATE_KEY_PARSING
|
|
#ifdef MATRIX_USE_FILE_SYSTEM
|
|
#ifdef USE_RSA
|
|
PSPUBLIC int32_t pkcs1ParsePrivFile(psPool_t *pool, const char *fileName,
|
|
const char *password, psRsaKey_t *key);
|
|
#endif
|
|
PSPUBLIC int32_t pkcs1DecodePrivFile(psPool_t *pool, const char *fileName,
|
|
const char *password, unsigned char **DERout, uint16_t *DERlen);
|
|
#endif /* MATRIX_USE_FILESYSTEM */
|
|
#ifdef USE_PKCS8
|
|
PSPUBLIC int32 pkcs8ParsePrivBin(psPool_t *pool, unsigned char *p,
|
|
int32 size, char *pass, psPubKey_t *key);
|
|
#if defined(MATRIX_USE_FILE_SYSTEM) && defined (USE_PKCS12)
|
|
PSPUBLIC int32 psPkcs12Parse(psPool_t *pool, psX509Cert_t **cert,
|
|
psPubKey_t *privKey, const unsigned char *file, int32 flags,
|
|
unsigned char *importPass, int32 ipasslen,
|
|
unsigned char *privkeyPass, int32 kpasslen);
|
|
#endif
|
|
#endif /* USE_PKCS8 */
|
|
#endif /* USE_PRIVATE_KEY_PARSING */
|
|
|
|
#ifdef USE_PKCS5
|
|
/******************************************************************************/
|
|
/*
|
|
PKCS#5 PBKDF v1 and v2 key generation
|
|
*/
|
|
PSPUBLIC void pkcs5pbkdf1(unsigned char *pass, uint32 passlen,
|
|
unsigned char *salt, int32 iter, unsigned char *key);
|
|
PSPUBLIC void pkcs5pbkdf2(unsigned char *password, uint32 pLen,
|
|
unsigned char *salt, uint32 sLen, int32 rounds,
|
|
unsigned char *key, uint32 kLen);
|
|
#endif /* USE_PKCS5 */
|
|
|
|
/******************************************************************************/
|
|
/*
|
|
Public Key Cryptography
|
|
*/
|
|
#if defined(USE_RSA) || defined(USE_ECC) || defined(USE_DH)
|
|
PSPUBLIC int32_t psInitPubKey(psPool_t *pool, psPubKey_t *key, uint8_t type);
|
|
PSPUBLIC void psClearPubKey(psPubKey_t *key);
|
|
PSPUBLIC int32_t psNewPubKey(psPool_t *pool, uint8_t type, psPubKey_t **key);
|
|
PSPUBLIC void psDeletePubKey(psPubKey_t **key);
|
|
PSPUBLIC int32_t psParseUnknownPrivKey(psPool_t *pool, int pemOrDer,
|
|
char *keyfile, char *password, psPubKey_t *privkey);
|
|
#endif
|
|
|
|
#ifdef USE_RSA
|
|
/******************************************************************************/
|
|
|
|
PSPUBLIC int32_t psRsaInitKey(psPool_t *pool, psRsaKey_t *key);
|
|
PSPUBLIC void psRsaClearKey(psRsaKey_t *key);
|
|
PSPUBLIC int32_t psRsaCopyKey(psRsaKey_t *to, const psRsaKey_t *from);
|
|
|
|
PSPUBLIC int32_t psRsaParsePkcs1PrivKey(psPool_t *pool,
|
|
const unsigned char *p, uint16_t size,
|
|
psRsaKey_t *key);
|
|
PSPUBLIC int32_t psRsaParseAsnPubKey(psPool_t *pool,
|
|
const unsigned char **pp, uint16_t len,
|
|
psRsaKey_t *key, unsigned char sha1KeyHash[SHA1_HASHLEN]);
|
|
PSPUBLIC uint16_t psRsaSize(const psRsaKey_t *key);
|
|
PSPUBLIC int32_t psRsaCmpPubKey(const psRsaKey_t *k1, const psRsaKey_t *k2);
|
|
|
|
PSPUBLIC int32_t psRsaEncryptPriv(psPool_t *pool, psRsaKey_t *key,
|
|
const unsigned char *in, uint16_t inlen,
|
|
unsigned char *out, uint16_t outlen,
|
|
void *data);
|
|
PSPUBLIC int32_t psRsaEncryptPub(psPool_t *pool, psRsaKey_t *key,
|
|
const unsigned char *in, uint16_t inlen,
|
|
unsigned char *out, uint16_t outlen,
|
|
void *data);
|
|
PSPUBLIC int32_t psRsaDecryptPriv(psPool_t *pool, psRsaKey_t *key,
|
|
unsigned char *in, uint16_t inlen,
|
|
unsigned char *out, uint16_t outlen,
|
|
void *data);
|
|
PSPUBLIC int32_t psRsaDecryptPub(psPool_t *pool, psRsaKey_t *key,
|
|
unsigned char *in, uint16_t inlen,
|
|
unsigned char *out, uint16_t outlen,
|
|
void *data);
|
|
|
|
PSPUBLIC int32_t psRsaCrypt(psPool_t *pool, psRsaKey_t *key,
|
|
const unsigned char *in, uint16_t inlen,
|
|
unsigned char *out, uint16_t *outlen,
|
|
uint8_t type, void *data);
|
|
|
|
PSPUBLIC int32_t pubRsaDecryptSignedElement(psPool_t *pool, psRsaKey_t *key,
|
|
unsigned char *in, uint16_t inlen,
|
|
unsigned char *out, uint16_t outlen,
|
|
void *data);
|
|
PSPUBLIC int32_t privRsaEncryptSignedElement(psPool_t *pool, psRsaKey_t *key,
|
|
const unsigned char *in, uint16_t inlen,
|
|
unsigned char *out, uint16_t outlen,
|
|
void *data);
|
|
#ifdef USE_PKCS1_OAEP
|
|
PSPUBLIC int32 pkcs1OaepEncode(psPool_t *pool, const unsigned char *msg,
|
|
uint32 msglen, const unsigned char *lparam,
|
|
uint32 lparamlen, unsigned char *seed, uint32 seedLen,
|
|
uint32 modulus_bitlen, int32 hash_idx,
|
|
unsigned char *out, uint16_t *outlen);
|
|
PSPUBLIC int32 pkcs1OaepDecode(psPool_t *pool, const unsigned char *msg,
|
|
uint32 msglen, const unsigned char *lparam, uint32 lparamlen,
|
|
uint32 modulus_bitlen, int32 hash_idx,
|
|
unsigned char *out, uint16_t *outlen);
|
|
#endif /* USE_PKCS1_OAEP */
|
|
#ifdef USE_PKCS1_PSS
|
|
PSPUBLIC int32 pkcs1PssEncode(psPool_t *pool, const unsigned char *msghash,
|
|
uint32 msghashlen, unsigned char *salt, uint32 saltlen,
|
|
int32 hash_idx, uint32 modulus_bitlen, unsigned char *out,
|
|
uint16_t *outlen);
|
|
PSPUBLIC int32 pkcs1PssDecode(psPool_t *pool, const unsigned char *msghash,
|
|
uint32 msghashlen, const unsigned char *sig, uint32 siglen,
|
|
uint32 saltlen, int32 hash_idx, uint32 modulus_bitlen, int32 *res);
|
|
#endif /* USE_PKCS1_PSS */
|
|
#endif /* USE_RSA */
|
|
|
|
#ifdef USE_ECC
|
|
/******************************************************************************/
|
|
|
|
PSPUBLIC int32_t psEccInitKey(psPool_t *pool, psEccKey_t *key,
|
|
const psEccCurve_t *curve);
|
|
PSPUBLIC void psEccClearKey(psEccKey_t *key);
|
|
PSPUBLIC int32_t psEccNewKey(psPool_t *pool, psEccKey_t **key,
|
|
const psEccCurve_t *curve);
|
|
PSPUBLIC void psEccDeleteKey(psEccKey_t **key);
|
|
PSPUBLIC int32 psEccCopyKey(psEccKey_t *to, psEccKey_t *from);
|
|
PSPUBLIC uint8_t psEccSize(const psEccKey_t *key);
|
|
|
|
PSPUBLIC int32_t psEccGenKey(psPool_t *pool, psEccKey_t *key,
|
|
const psEccCurve_t *curve, void *usrData);
|
|
|
|
PSPUBLIC int32_t psEccParsePrivKey(psPool_t *pool,
|
|
const unsigned char *keyBuf, uint16_t keyBufLen,
|
|
psEccKey_t *keyPtr, const psEccCurve_t *curve);
|
|
PSPUBLIC int32_t psEccParsePrivFile(psPool_t *pool,
|
|
const char *fileName, const char *password,
|
|
psEccKey_t *key);
|
|
|
|
PSPUBLIC int32_t psEccX963ImportKey(psPool_t *pool,
|
|
const unsigned char *in, uint16_t inlen,
|
|
psEccKey_t *key, const psEccCurve_t *curve);
|
|
PSPUBLIC int32_t psEccX963ExportKey(psPool_t *pool, const psEccKey_t *key,
|
|
unsigned char *out, uint16_t *outlen);
|
|
|
|
PSPUBLIC int32_t psEccGenSharedSecret(psPool_t *pool,
|
|
const psEccKey_t *privKey, const psEccKey_t *pubKey,
|
|
unsigned char *outbuf, uint16_t *outlen, void *usrData);
|
|
|
|
PSPUBLIC int32_t psEccDsaSign(psPool_t *pool, const psEccKey_t *privKey,
|
|
const unsigned char *buf, uint16_t buflen,
|
|
unsigned char *sig, uint16_t *siglen,
|
|
uint8_t includeSize, void *usrData);
|
|
PSPUBLIC int32_t psEccDsaVerify(psPool_t *pool, const psEccKey_t *key,
|
|
const unsigned char *buf, uint16_t bufLen,
|
|
const unsigned char *sig, uint16_t siglen,
|
|
int32_t *status, void *usrData);
|
|
#endif /* USE_ECC */
|
|
|
|
#ifdef USE_DH
|
|
/******************************************************************************/
|
|
/*
|
|
PKCS#3 - Diffie-Hellman parameters
|
|
*/
|
|
PSPUBLIC int32_t pkcs3ParseDhParamBin(psPool_t *pool,
|
|
const unsigned char *dhBin, uint16_t dhBinLen,
|
|
psDhParams_t *params);
|
|
#ifdef MATRIX_USE_FILE_SYSTEM
|
|
PSPUBLIC int32_t pkcs3ParseDhParamFile(psPool_t *pool,const char *fileName,
|
|
psDhParams_t *params);
|
|
#endif
|
|
PSPUBLIC int32_t psDhExportParameters(psPool_t *pool,
|
|
const psDhParams_t *params,
|
|
unsigned char **pp, uint16_t *pLen,
|
|
unsigned char **pg, uint16_t *gLen);
|
|
PSPUBLIC void pkcs3ClearDhParams(psDhParams_t *params);
|
|
|
|
PSPUBLIC int32_t psDhImportPubKey(psPool_t *pool,
|
|
const unsigned char *inbuf, uint16_t inlen,
|
|
psDhKey_t *key);
|
|
PSPUBLIC int32_t psDhExportPubKey(psPool_t *pool, const psDhKey_t *key,
|
|
unsigned char *out, uint16_t *outlen);
|
|
PSPUBLIC void psDhClearKey(psDhKey_t *key);
|
|
PSPUBLIC uint16_t psDhSize(const psDhKey_t *key);
|
|
|
|
PSPUBLIC int32_t psDhGenKey(psPool_t *pool, uint16_t keysize,
|
|
const unsigned char *pBin, uint16_t pLen,
|
|
const unsigned char *gBin, uint16_t gLen,
|
|
psDhKey_t *key, void *usrData);
|
|
PSPUBLIC int32_t psDhGenKeyInts(psPool_t *pool, uint16_t keysize,
|
|
const pstm_int *p, const pstm_int *g,
|
|
psDhKey_t *key, void *usrData);
|
|
|
|
PSPUBLIC int32_t psDhGenSharedSecret(psPool_t *pool,
|
|
const psDhKey_t *privKey, const psDhKey_t *pubKey,
|
|
const unsigned char *pBin, uint16_t pBinLen,
|
|
unsigned char *out, uint16_t *outlen, void *usrData);
|
|
|
|
#endif /* USE_DH */
|
|
|
|
#ifdef USE_X509
|
|
/******************************************************************************/
|
|
/*
|
|
X.509 Certificate support
|
|
*/
|
|
PSPUBLIC int32 psX509ParseCertFile(psPool_t *pool, char *fileName,
|
|
psX509Cert_t **outcert, int32 flags);
|
|
PSPUBLIC int32 psX509ParseCert(psPool_t *pool, const unsigned char *pp, uint32 size,
|
|
psX509Cert_t **outcert, int32 flags);
|
|
PSPUBLIC void psX509FreeCert(psX509Cert_t *cert);
|
|
#ifdef USE_CERT_PARSE
|
|
PSPUBLIC int32 psX509GetCertPublicKeyDer(psX509Cert_t *cert,
|
|
unsigned char *der_out,
|
|
uint16_t *der_out_len);
|
|
PSPUBLIC int32 psX509AuthenticateCert(psPool_t *pool, psX509Cert_t *subjectCert,
|
|
psX509Cert_t *issuerCert, psX509Cert_t **foundIssuer,
|
|
void *hwCtx, void *poolUserPtr);
|
|
#endif
|
|
#ifdef USE_CRL
|
|
#define CRL_CHECK_EXPECTED 5 /* cert had a dist point but not fetched yet */
|
|
#define CRL_CHECK_NOT_EXPECTED 6 /* cert didn't have dist point */
|
|
#define CRL_CHECK_PASSED_AND_AUTHENTICATED 7 /* all completely good */
|
|
#define CRL_CHECK_PASSED_BUT_NOT_AUTHENTICATED 8 /* had CRL but no auth done */
|
|
#define CRL_CHECK_REVOKED_AND_AUTHENTICATED 9
|
|
#define CRL_CHECK_REVOKED_BUT_NOT_AUTHENTICATED 10
|
|
#define CRL_CHECK_CRL_EXPIRED 11 /* CRL expired. Revocation not tested */
|
|
|
|
|
|
PSPUBLIC int32_t psX509ParseCRL(psPool_t *pool, psX509Crl_t **crl,
|
|
unsigned char *crlBin, int32 crlBinLen);
|
|
PSPUBLIC void psX509FreeCRL(psX509Crl_t *crl);
|
|
PSPUBLIC int32_t psX509GetCRLdistURL(psX509Cert_t *cert, char **url,
|
|
uint32_t *urlLen);
|
|
PSPUBLIC int32_t psX509AuthenticateCRL(psX509Cert_t *CA, psX509Crl_t *CRL,
|
|
void *poolUserPtr);
|
|
|
|
/* CRL global cache management */
|
|
PSPUBLIC int psCRL_Update(psX509Crl_t *crl, int deleteExisting);
|
|
PSPUBLIC int psCRL_Insert(psX509Crl_t *crl);
|
|
PSPUBLIC int psCRL_Remove(psX509Crl_t *crl); /* Doesn't delete! */
|
|
PSPUBLIC int psCRL_Delete(psX509Crl_t *crl);
|
|
PSPUBLIC void psCRL_RemoveAll();
|
|
PSPUBLIC void psCRL_DeleteAll();
|
|
PSPUBLIC psX509Crl_t* psCRL_GetCRLForCert(psX509Cert_t *cert);
|
|
PSPUBLIC int32_t psCRL_isRevoked(psX509Cert_t *cert, psX509Crl_t *CRL);
|
|
PSPUBLIC int32_t psCRL_determineRevokedStatus(psX509Cert_t *cert);
|
|
|
|
#endif /* USE_CRL */
|
|
#endif /* USE_X509 */
|
|
|
|
/******************************************************************************/
|
|
/*
|
|
Pseudorandom Number Generation
|
|
*/
|
|
PSPUBLIC int32_t psInitPrng(psRandom_t *ctx, void *userPtr);
|
|
PSPUBLIC int32_t psGetPrng(psRandom_t *ctx, unsigned char *bytes, uint16_t size,
|
|
void *userPtr);
|
|
|
|
/******************************************************************************/
|
|
/*
|
|
Deprecated Algorithms
|
|
*/
|
|
#ifdef USE_ARC4
|
|
/******************************************************************************/
|
|
PSPUBLIC int32_t psArc4Init(psArc4_t *ctx,
|
|
const unsigned char *key, uint8_t keylen);
|
|
PSPUBLIC void psArc4(psArc4_t *ctx, const unsigned char *in,
|
|
unsigned char *out, uint32_t len);
|
|
PSPUBLIC void psArc4Clear(psArc4_t *ctx);
|
|
#endif
|
|
|
|
#ifdef USE_SEED
|
|
/******************************************************************************/
|
|
PSPUBLIC int32_t psSeedInit(psSeed_t *ctx, const unsigned char IV[SEED_IVLEN],
|
|
const unsigned char key[SEED_KEYLEN]);
|
|
PSPUBLIC void psSeedDecrypt(psSeed_t *ctx, const unsigned char *ct,
|
|
unsigned char *pt, uint32_t len);
|
|
PSPUBLIC void psSeedEncrypt(psSeed_t *ctx, const unsigned char *pt,
|
|
unsigned char *ct, uint32_t len);
|
|
PSPUBLIC void psSeedClear(psSeed_t *ctx);
|
|
#endif
|
|
|
|
#ifdef USE_IDEA
|
|
/******************************************************************************/
|
|
PSPUBLIC int32_t psIdeaInit(psIdea_t *ctx, const unsigned char IV[IDEA_IVLEN],
|
|
const unsigned char key[IDEA_KEYLEN]);
|
|
PSPUBLIC void psIdeaDecrypt(psIdea_t *ctx, const unsigned char *ct,
|
|
unsigned char *pt, uint32_t len);
|
|
PSPUBLIC void psIdeaEncrypt(psIdea_t *ctx, const unsigned char *pt,
|
|
unsigned char *ct, uint32_t len);
|
|
PSPUBLIC void psIdeaClear(psIdea_t *ctx);
|
|
#endif
|
|
|
|
#ifdef USE_RC2
|
|
/******************************************************************************/
|
|
PSPUBLIC int32_t psRc2Init(psRc2Cbc_t *ctx, const unsigned char *IV,
|
|
const unsigned char *key, uint8_t keylen);
|
|
PSPUBLIC int32_t psRc2Decrypt(psRc2Cbc_t *ctx, const unsigned char *ct,
|
|
unsigned char *pt, uint32_t len);
|
|
PSPUBLIC int32_t psRc2Encrypt(psRc2Cbc_t *ctx, const unsigned char *pt,
|
|
unsigned char *ct, uint32_t len);
|
|
#endif
|
|
|
|
#ifdef USE_MD4
|
|
/******************************************************************************/
|
|
PSPUBLIC void psMd4Init(psMd4_t *md);
|
|
PSPUBLIC void psMd4Update(psMd4_t *md, const unsigned char *buf, uint32_t len);
|
|
PSPUBLIC int32_t psMd4Final(psMd4_t *md, unsigned char *hash);
|
|
#endif
|
|
|
|
#ifdef USE_MD2
|
|
/******************************************************************************/
|
|
PSPUBLIC void psMd2Init(psMd2_t *md);
|
|
PSPUBLIC int32_t psMd2Update(psMd2_t *md, const unsigned char *buf,
|
|
uint32_t len);
|
|
PSPUBLIC int32_t psMd2Final(psMd2_t *md, unsigned char *hash);
|
|
#endif
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* _h_PS_CRYPTOAPI */
|
|
|
|
/******************************************************************************/
|
|
|