/* * Copyright (C) 2011-2012 Free Software Foundation, Inc. * * Author: Nikos Mavrogiannopoulos * * This file is part of GnuTLS. * * The GnuTLS is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License * as published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program. If not, see * */ #ifndef GNUTLS_LIB_CRYPTO_BACKEND_H #define GNUTLS_LIB_CRYPTO_BACKEND_H #include #define gnutls_crypto_single_cipher_st gnutls_crypto_cipher_st #define gnutls_crypto_single_mac_st gnutls_crypto_mac_st #define gnutls_crypto_single_digest_st gnutls_crypto_digest_st typedef struct { gnutls_cipher_init_func init; gnutls_cipher_setkey_func setkey; gnutls_cipher_setiv_func setiv; gnutls_cipher_getiv_func getiv; gnutls_cipher_encrypt_func encrypt; gnutls_cipher_decrypt_func decrypt; gnutls_cipher_aead_encrypt_func aead_encrypt; gnutls_cipher_aead_decrypt_func aead_decrypt; gnutls_cipher_deinit_func deinit; gnutls_cipher_auth_func auth; gnutls_cipher_tag_func tag; /* Not needed for registered on run-time. Only included * should define it. */ int (*exists) (gnutls_cipher_algorithm_t); /* true/false */ } gnutls_crypto_cipher_st; typedef struct { gnutls_mac_init_func init; gnutls_mac_setkey_func setkey; gnutls_mac_setnonce_func setnonce; gnutls_mac_hash_func hash; gnutls_mac_output_func output; gnutls_mac_deinit_func deinit; gnutls_mac_fast_func fast; gnutls_mac_copy_func copy; /* Not needed for registered on run-time. Only included * should define it. */ int (*exists) (gnutls_mac_algorithm_t); } gnutls_crypto_mac_st; typedef struct { gnutls_digest_init_func init; gnutls_digest_hash_func hash; gnutls_digest_output_func output; gnutls_digest_deinit_func deinit; gnutls_digest_fast_func fast; gnutls_digest_copy_func copy; /* Not needed for registered on run-time. Only included * should define it. */ int (*exists) (gnutls_digest_algorithm_t); } gnutls_crypto_digest_st; typedef struct { int (*hkdf_extract) (gnutls_mac_algorithm_t, const void *key, size_t keysize, const void *salt, size_t saltsize, void *output); int (*hkdf_expand) (gnutls_mac_algorithm_t, const void *key, size_t keysize, const void *info, size_t infosize, void *output, size_t length); int (*pbkdf2) (gnutls_mac_algorithm_t, const void *key, size_t keysize, const void *salt, size_t saltsize, unsigned iter_count, void *output, size_t length); } gnutls_crypto_kdf_st; typedef struct gnutls_crypto_rnd { int (*init) (void **ctx); /* called prior to first usage of randomness */ int (*rnd) (void *ctx, int level, void *data, size_t datasize); void (*rnd_refresh) (void *ctx); void (*deinit) (void *ctx); int (*self_test) (void); /* this should not require rng initialization */ } gnutls_crypto_rnd_st; typedef void *bigint_t; /** * gnutls_bigint_format_t: * @GNUTLS_MPI_FORMAT_USG: Raw unsigned integer format. * @GNUTLS_MPI_FORMAT_STD: Raw signed integer format, always a leading * zero when positive. * * Enumeration of different bignum integer encoding formats. */ typedef enum { /* raw unsigned integer format */ GNUTLS_MPI_FORMAT_USG = 0, /* raw signed integer format - always a leading zero when positive */ GNUTLS_MPI_FORMAT_STD = 1, /* raw unsigned integer format, little endian format */ GNUTLS_MPI_FORMAT_ULE = 2 } gnutls_bigint_format_t; /* Multi precision integer arithmetic */ typedef struct gnutls_crypto_bigint { int (*bigint_init) (bigint_t*); int (*bigint_init_multi) (bigint_t*, ...); void (*bigint_release) (bigint_t n); void (*bigint_clear) (bigint_t n); /* zeros the int */ /* 0 for equality, > 0 for m1>m2, < 0 for m1 ret == a */ int (*bigint_set) (bigint_t a, const bigint_t b); bigint_t (*bigint_copy) (const bigint_t a); /* a = b -> ret == a */ int (*bigint_set_ui) (bigint_t a, unsigned long b); unsigned int (*bigint_get_nbits) (const bigint_t a); /* w = b ^ e mod m */ int (*bigint_powm) (bigint_t w, const bigint_t b, const bigint_t e, const bigint_t m); /* w = a + b mod m */ int (*bigint_addm) (bigint_t w, const bigint_t a, const bigint_t b, const bigint_t m); /* w = a - b mod m */ int (*bigint_subm) (bigint_t w, const bigint_t a, const bigint_t b, const bigint_t m); /* w = a * b mod m */ int (*bigint_mulm) (bigint_t w, const bigint_t a, const bigint_t b, const bigint_t m); /* w = a + b */ int (*bigint_add) (bigint_t w, const bigint_t a, const bigint_t b); /* w = a - b */ int (*bigint_sub) (bigint_t w, const bigint_t a, const bigint_t b); /* w = a * b */ int (*bigint_mul) (bigint_t w, const bigint_t a, const bigint_t b); /* w = a + b */ int (*bigint_add_ui) (bigint_t w, const bigint_t a, unsigned long b); /* w = a - b */ int (*bigint_sub_ui) (bigint_t w, const bigint_t a, unsigned long b); /* w = a * b */ int (*bigint_mul_ui) (bigint_t w, const bigint_t a, unsigned long b); /* q = a / b */ int (*bigint_div) (bigint_t q, const bigint_t a, const bigint_t b); /* 0 if prime */ int (*bigint_prime_check) (const bigint_t pp); /* reads a bigint from a buffer */ /* stores a bigint into the buffer. returns * GNUTLS_E_SHORT_MEMORY_BUFFER if buf_size is not sufficient to * store this integer, and updates the buf_size; */ int (*bigint_scan) (bigint_t m, const void *buf, size_t buf_size, gnutls_bigint_format_t format); int (*bigint_print) (const bigint_t a, void *buf, size_t * buf_size, gnutls_bigint_format_t format); } gnutls_crypto_bigint_st; /* Additional information about the public key, filled from * SubjectPublicKeyInfo parameters. When there are no parameters, * the pk field will be set to GNUTLS_PK_UNKNOWN. */ typedef struct gnutls_x509_spki_st { /* We can have a key which is of type RSA, but a certificate * of type RSA-PSS; the value here will be the expected value * for signatures (i.e., RSA-PSS) */ gnutls_pk_algorithm_t pk; /* the digest used by RSA-PSS */ gnutls_digest_algorithm_t rsa_pss_dig; /* the size of salt used by RSA-PSS */ unsigned int salt_size; /* if non-zero, the legacy value for PKCS#7 signatures will be * written for RSA signatures. */ unsigned int legacy; /* the digest used by ECDSA/DSA */ gnutls_digest_algorithm_t dsa_dig; /* flags may include GNUTLS_PK_FLAG_REPRODUCIBLE for * deterministic ECDSA/DSA */ unsigned int flags; } gnutls_x509_spki_st; #define GNUTLS_MAX_PK_PARAMS 16 typedef struct { bigint_t params[GNUTLS_MAX_PK_PARAMS]; unsigned int params_nr; /* the number of parameters */ unsigned int pkflags; /* gnutls_pk_flag_t */ unsigned int qbits; /* GNUTLS_PK_DH */ gnutls_ecc_curve_t curve; /* GNUTLS_PK_EC, GNUTLS_PK_ED25519, GNUTLS_PK_GOST* */ gnutls_group_t dh_group; /* GNUTLS_PK_DH - used by ext/key_share */ gnutls_gost_paramset_t gost_params; /* GNUTLS_PK_GOST_* */ gnutls_datum_t raw_pub; /* used by x25519 */ gnutls_datum_t raw_priv; unsigned int seed_size; uint8_t seed[MAX_PVP_SEED_SIZE]; gnutls_digest_algorithm_t palgo; /* public key information */ gnutls_x509_spki_st spki; gnutls_pk_algorithm_t algo; } gnutls_pk_params_st; /** * gnutls_pk_flag_t: * @GNUTLS_PK_FLAG_NONE: No flag. * * Enumeration of public-key flag. */ typedef enum { GNUTLS_PK_FLAG_NONE = 0, GNUTLS_PK_FLAG_PROVABLE = 1, GNUTLS_PK_FLAG_REPRODUCIBLE = 2, GNUTLS_PK_FLAG_RSA_PSS_FIXED_SALT_LENGTH = 4 } gnutls_pk_flag_t; #define FIX_SIGN_PARAMS(params, flags, dig) do { \ if ((flags) & GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE) { \ (params).flags |= GNUTLS_PK_FLAG_REPRODUCIBLE; \ (params).dsa_dig = (dig); \ } \ } while (0) void gnutls_pk_params_release(gnutls_pk_params_st * p); void gnutls_pk_params_clear(gnutls_pk_params_st * p); void gnutls_pk_params_init(gnutls_pk_params_st * p); #define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */ /* parameters should not be larger than this limit */ #define DSA_PUBLIC_PARAMS 4 #define DH_PUBLIC_PARAMS 4 #define RSA_PUBLIC_PARAMS 2 #define ECC_PUBLIC_PARAMS 2 #define GOST_PUBLIC_PARAMS 2 #define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS /* ok for RSA and DSA */ /* parameters should not be larger than this limit */ #define DSA_PRIVATE_PARAMS 5 #define DH_PRIVATE_PARAMS 5 #define RSA_PRIVATE_PARAMS 8 #define ECC_PRIVATE_PARAMS 3 #define GOST_PRIVATE_PARAMS 3 #if MAX_PRIV_PARAMS_SIZE - RSA_PRIVATE_PARAMS < 0 #error INCREASE MAX_PRIV_PARAMS #endif #if MAX_PRIV_PARAMS_SIZE - ECC_PRIVATE_PARAMS < 0 #error INCREASE MAX_PRIV_PARAMS #endif #if MAX_PRIV_PARAMS_SIZE - GOST_PRIVATE_PARAMS < 0 #error INCREASE MAX_PRIV_PARAMS #endif #if MAX_PRIV_PARAMS_SIZE - DSA_PRIVATE_PARAMS < 0 #error INCREASE MAX_PRIV_PARAMS #endif /* params are: * RSA: * [0] is modulus * [1] is public exponent * [2] is private exponent (private key only) * [3] is prime1 (p) (private key only) * [4] is prime2 (q) (private key only) * [5] is coefficient (u == inverse of p mod q) (private key only) * [6] e1 == d mod (p-1) * [7] e2 == d mod (q-1) * * note that for libgcrypt that does not use the inverse of q mod p, * we need to perform conversions using fixup_params(). * * DSA: * [0] is p * [1] is q * [2] is g * [3] is y (public key) * [4] is x (private key only) * * DH: as DSA * * ECC: * [0] is prime * [1] is order * [2] is A * [3] is B * [4] is Gx * [5] is Gy * [6] is x * [7] is y * [8] is k (private key) */ #define ECC_X 0 #define ECC_Y 1 #define ECC_K 2 #define GOST_X 0 #define GOST_Y 1 #define GOST_K 2 #define DSA_P 0 #define DSA_Q 1 #define DSA_G 2 #define DSA_Y 3 #define DSA_X 4 #define DH_P 0 #define DH_Q 1 #define DH_G 2 #define DH_Y 3 #define DH_X 4 #define RSA_MODULUS 0 #define RSA_PUB 1 #define RSA_PRIV 2 #define RSA_PRIME1 3 #define RSA_PRIME2 4 #define RSA_COEF 5 #define RSA_E1 6 #define RSA_E2 7 /** * gnutls_direction_t: * @GNUTLS_IMPORT: Import direction. * @GNUTLS_EXPORT: Export direction. * * Enumeration of different directions. */ typedef enum { GNUTLS_IMPORT = 0, GNUTLS_EXPORT = 1 } gnutls_direction_t; /* Public key algorithms */ typedef struct gnutls_crypto_pk { /* The params structure should contain the private or public key * parameters, depending on the operation */ int (*encrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * ciphertext, const gnutls_datum_t * plaintext, const gnutls_pk_params_st * pub); int (*decrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * plaintext, const gnutls_datum_t * ciphertext, const gnutls_pk_params_st * priv); int (*decrypt2) (gnutls_pk_algorithm_t, const gnutls_datum_t * ciphertext, unsigned char * plaintext, size_t paintext_size, const gnutls_pk_params_st * priv); int (*sign) (gnutls_pk_algorithm_t, gnutls_datum_t * signature, const gnutls_datum_t * data, const gnutls_pk_params_st *priv, const gnutls_x509_spki_st *sign); int (*verify) (gnutls_pk_algorithm_t, const gnutls_datum_t * data, const gnutls_datum_t * sig, const gnutls_pk_params_st *pub, const gnutls_x509_spki_st *sign); /* sanity checks the public key parameters */ int (*verify_priv_params) (gnutls_pk_algorithm_t, const gnutls_pk_params_st * priv); int (*verify_pub_params) (gnutls_pk_algorithm_t, const gnutls_pk_params_st * pub); int (*generate_keys) (gnutls_pk_algorithm_t, unsigned int nbits, gnutls_pk_params_st *, unsigned ephemeral); int (*generate_params) (gnutls_pk_algorithm_t, unsigned int nbits, gnutls_pk_params_st *); /* this function should convert params to ones suitable * for the above functions */ int (*pk_fixup_private_params) (gnutls_pk_algorithm_t, gnutls_direction_t, gnutls_pk_params_st *); #define PK_DERIVE_TLS13 1 int (*derive) (gnutls_pk_algorithm_t, gnutls_datum_t * out, const gnutls_pk_params_st * priv, const gnutls_pk_params_st * pub, const gnutls_datum_t *nonce, unsigned int flags); int (*curve_exists) (gnutls_ecc_curve_t); /* true/false */ int (*pk_exists) (gnutls_pk_algorithm_t); /* true/false */ int (*sign_exists) (gnutls_sign_algorithm_t); /* true/false */ } gnutls_crypto_pk_st; /* priority: infinity for backend algorithms, 90 for kernel algorithms, lowest wins */ int gnutls_crypto_single_cipher_register(gnutls_cipher_algorithm_t algorithm, int priority, const gnutls_crypto_single_cipher_st *s, int free_s); int gnutls_crypto_single_mac_register(gnutls_mac_algorithm_t algorithm, int priority, const gnutls_crypto_single_mac_st * s, int free_s); int gnutls_crypto_single_digest_register(gnutls_digest_algorithm_t algorithm, int priority, const gnutls_crypto_single_digest_st * s, int free_s); int gnutls_crypto_rnd_register(int priority, const gnutls_crypto_rnd_st * s); int gnutls_crypto_pk_register(int priority, const gnutls_crypto_pk_st * s); int gnutls_crypto_bigint_register(int priority, const gnutls_crypto_bigint_st * s); /* Provided by crypto-backend */ int _gnutls_prf_raw(gnutls_mac_algorithm_t mac, size_t master_size, const void *master, size_t label_size, const char *label, size_t seed_size, const uint8_t *seed, size_t outsize, char *out); int _gnutls_gost_key_wrap(gnutls_gost_paramset_t gost_params, const gnutls_datum_t *kek, const gnutls_datum_t *ukm, const gnutls_datum_t *cek, gnutls_datum_t *enc, gnutls_datum_t *imit); int _gnutls_gost_key_unwrap(gnutls_gost_paramset_t gost_params, const gnutls_datum_t *kek, const gnutls_datum_t *ukm, const gnutls_datum_t *enc, const gnutls_datum_t *imit, gnutls_datum_t *cek); int _gnutls_rsa_pkcs1_sign_pad(size_t key_bits, const gnutls_datum_t *data, unsigned char *buffer, size_t buffer_size); int _gnutls_rsa_pss_sign_pad(gnutls_x509_spki_st *params, size_t key_bits, const gnutls_datum_t *data, unsigned char *buffer, size_t buffer_size); #endif /* GNUTLS_LIB_CRYPTO_BACKEND_H */