1/* ---- NUMBER THEORY ---- */ 2 3enum { 4 PK_PUBLIC=0, 5 PK_PRIVATE=1 6}; 7 8int rand_prime(void *N, long len, prng_state *prng, int wprng); 9 10/* ---- RSA ---- */ 11#ifdef MRSA 12 13/* Min and Max RSA key sizes (in bits) */ 14#define MIN_RSA_SIZE 1024 15#define MAX_RSA_SIZE 4096 16 17/** RSA PKCS style key */ 18typedef struct Rsa_key { 19 /** Type of key, PK_PRIVATE or PK_PUBLIC */ 20 int type; 21 /** The public exponent */ 22 void *e; 23 /** The private exponent */ 24 void *d; 25 /** The modulus */ 26 void *N; 27 /** The p factor of N */ 28 void *p; 29 /** The q factor of N */ 30 void *q; 31 /** The 1/q mod p CRT param */ 32 void *qP; 33 /** The d mod (p - 1) CRT param */ 34 void *dP; 35 /** The d mod (q - 1) CRT param */ 36 void *dQ; 37} rsa_key; 38 39int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key); 40 41int rsa_exptmod(const unsigned char *in, unsigned long inlen, 42 unsigned char *out, unsigned long *outlen, int which, 43 rsa_key *key); 44 45void rsa_free(rsa_key *key); 46 47/* These use PKCS #1 v2.0 padding */ 48#define rsa_encrypt_key(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _prng, _prng_idx, _hash_idx, _key) \ 49 rsa_encrypt_key_ex(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _prng, _prng_idx, _hash_idx, LTC_PKCS_1_OAEP, _key) 50 51#define rsa_decrypt_key(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _hash_idx, _stat, _key) \ 52 rsa_decrypt_key_ex(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _hash_idx, LTC_PKCS_1_OAEP, _stat, _key) 53 54#define rsa_sign_hash(_in, _inlen, _out, _outlen, _prng, _prng_idx, _hash_idx, _saltlen, _key) \ 55 rsa_sign_hash_ex(_in, _inlen, _out, _outlen, LTC_PKCS_1_PSS, _prng, _prng_idx, _hash_idx, _saltlen, _key) 56 57#define rsa_verify_hash(_sig, _siglen, _hash, _hashlen, _hash_idx, _saltlen, _stat, _key) \ 58 rsa_verify_hash_ex(_sig, _siglen, _hash, _hashlen, LTC_PKCS_1_PSS, _hash_idx, _saltlen, _stat, _key) 59 60/* These can be switched between PKCS #1 v2.x and PKCS #1 v1.5 paddings */ 61int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen, 62 unsigned char *out, unsigned long *outlen, 63 const unsigned char *lparam, unsigned long lparamlen, 64 prng_state *prng, int prng_idx, int hash_idx, int padding, rsa_key *key); 65 66int rsa_decrypt_key_ex(const unsigned char *in, unsigned long inlen, 67 unsigned char *out, unsigned long *outlen, 68 const unsigned char *lparam, unsigned long lparamlen, 69 int hash_idx, int padding, 70 int *stat, rsa_key *key); 71 72int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen, 73 unsigned char *out, unsigned long *outlen, 74 int padding, 75 prng_state *prng, int prng_idx, 76 int hash_idx, unsigned long saltlen, 77 rsa_key *key); 78 79int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, 80 const unsigned char *hash, unsigned long hashlen, 81 int padding, 82 int hash_idx, unsigned long saltlen, 83 int *stat, rsa_key *key); 84 85/* PKCS #1 import/export */ 86int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key); 87int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key); 88 89#endif 90 91/* ---- Katja ---- */ 92#ifdef MKAT 93 94/* Min and Max KAT key sizes (in bits) */ 95#define MIN_KAT_SIZE 1024 96#define MAX_KAT_SIZE 4096 97 98/** Katja PKCS style key */ 99typedef struct KAT_key { 100 /** Type of key, PK_PRIVATE or PK_PUBLIC */ 101 int type; 102 /** The private exponent */ 103 void *d; 104 /** The modulus */ 105 void *N; 106 /** The p factor of N */ 107 void *p; 108 /** The q factor of N */ 109 void *q; 110 /** The 1/q mod p CRT param */ 111 void *qP; 112 /** The d mod (p - 1) CRT param */ 113 void *dP; 114 /** The d mod (q - 1) CRT param */ 115 void *dQ; 116 /** The pq param */ 117 void *pq; 118} katja_key; 119 120int katja_make_key(prng_state *prng, int wprng, int size, katja_key *key); 121 122int katja_exptmod(const unsigned char *in, unsigned long inlen, 123 unsigned char *out, unsigned long *outlen, int which, 124 katja_key *key); 125 126void katja_free(katja_key *key); 127 128/* These use PKCS #1 v2.0 padding */ 129int katja_encrypt_key(const unsigned char *in, unsigned long inlen, 130 unsigned char *out, unsigned long *outlen, 131 const unsigned char *lparam, unsigned long lparamlen, 132 prng_state *prng, int prng_idx, int hash_idx, katja_key *key); 133 134int katja_decrypt_key(const unsigned char *in, unsigned long inlen, 135 unsigned char *out, unsigned long *outlen, 136 const unsigned char *lparam, unsigned long lparamlen, 137 int hash_idx, int *stat, 138 katja_key *key); 139 140/* PKCS #1 import/export */ 141int katja_export(unsigned char *out, unsigned long *outlen, int type, katja_key *key); 142int katja_import(const unsigned char *in, unsigned long inlen, katja_key *key); 143 144#endif 145 146/* ---- ECC Routines ---- */ 147#ifdef MECC 148 149/* size of our temp buffers for exported keys */ 150#define ECC_BUF_SIZE 256 151 152/* max private key size */ 153#define ECC_MAXSIZE 66 154 155/** Structure defines a NIST GF(p) curve */ 156typedef struct { 157 /** The size of the curve in octets */ 158 int size; 159 160 /** name of curve */ 161 char *name; 162 163 /** The prime that defines the field the curve is in (encoded in hex) */ 164 char *prime; 165 166 /** The fields B param (hex) */ 167 char *B; 168 169 /** The order of the curve (hex) */ 170 char *order; 171 172 /** The x co-ordinate of the base point on the curve (hex) */ 173 char *Gx; 174 175 /** The y co-ordinate of the base point on the curve (hex) */ 176 char *Gy; 177} ltc_ecc_set_type; 178 179/** A point on a ECC curve, stored in Jacbobian format such that (x,y,z) => (x/z^2, y/z^3, 1) when interpretted as affine */ 180typedef struct { 181 /** The x co-ordinate */ 182 void *x; 183 184 /** The y co-ordinate */ 185 void *y; 186 187 /** The z co-ordinate */ 188 void *z; 189} ecc_point; 190 191/** An ECC key */ 192typedef struct { 193 /** Type of key, PK_PRIVATE or PK_PUBLIC */ 194 int type; 195 196 /** Index into the ltc_ecc_sets[] for the parameters of this curve; if -1, then this key is using user supplied curve in dp */ 197 int idx; 198 199 /** pointer to domain parameters; either points to NIST curves (identified by idx >= 0) or user supplied curve */ 200 const ltc_ecc_set_type *dp; 201 202 /** The public key */ 203 ecc_point pubkey; 204 205 /** The private key */ 206 void *k; 207} ecc_key; 208 209/** the ECC params provided */ 210extern const ltc_ecc_set_type ltc_ecc_sets[]; 211 212int ecc_test(void); 213void ecc_sizes(int *low, int *high); 214int ecc_get_size(ecc_key *key); 215 216int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key); 217int ecc_make_key_ex(prng_state *prng, int wprng, ecc_key *key, const ltc_ecc_set_type *dp); 218void ecc_free(ecc_key *key); 219 220int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key); 221int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key); 222int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_set_type *dp); 223 224int ecc_ansi_x963_export(ecc_key *key, unsigned char *out, unsigned long *outlen); 225int ecc_ansi_x963_import(const unsigned char *in, unsigned long inlen, ecc_key *key); 226int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, ltc_ecc_set_type *dp); 227 228int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key, 229 unsigned char *out, unsigned long *outlen); 230 231int ecc_encrypt_key(const unsigned char *in, unsigned long inlen, 232 unsigned char *out, unsigned long *outlen, 233 prng_state *prng, int wprng, int hash, 234 ecc_key *key); 235 236int ecc_decrypt_key(const unsigned char *in, unsigned long inlen, 237 unsigned char *out, unsigned long *outlen, 238 ecc_key *key); 239 240int ecc_sign_hash(const unsigned char *in, unsigned long inlen, 241 unsigned char *out, unsigned long *outlen, 242 prng_state *prng, int wprng, ecc_key *key); 243 244int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, 245 const unsigned char *hash, unsigned long hashlen, 246 int *stat, ecc_key *key); 247 248/* low level functions */ 249ecc_point *ltc_ecc_new_point(void); 250void ltc_ecc_del_point(ecc_point *p); 251int ltc_ecc_is_valid_idx(int n); 252 253/* point ops (mp == montgomery digit) */ 254#if !defined(MECC_ACCEL) || defined(LTM_DESC) || defined(GMP_DESC) 255/* R = 2P */ 256int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void *mp); 257 258/* R = P + Q */ 259int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *mp); 260#endif 261 262#if defined(MECC_FP) 263int ltc_ecc_fp_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map); 264int ltc_ecc_fp_save_state(unsigned char **out, unsigned long *outlen); 265int ltc_ecc_fp_restore_state(unsigned char *in, unsigned long inlen); 266void ltc_ecc_fp_free(void); 267#endif 268 269/* R = kG */ 270int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map); 271 272#ifdef LTC_ECC_SHAMIR 273/* kA*A + kB*B = C */ 274int ltc_ecc_mul2add(ecc_point *A, void *kA, 275 ecc_point *B, void *kB, 276 ecc_point *C, 277 void *modulus); 278 279#ifdef MECC_FP 280int ltc_ecc_fp_mul2add(ecc_point *A, void *kA, 281 ecc_point *B, void *kB, 282 ecc_point *C, void *modulus); 283#endif 284 285#endif 286 287 288/* map P to affine from projective */ 289int ltc_ecc_map(ecc_point *P, void *modulus, void *mp); 290 291#endif 292 293#ifdef MDSA 294 295/* Max diff between group and modulus size in bytes */ 296#define MDSA_DELTA 512 297 298/* Max DSA group size in bytes (default allows 4k-bit groups) */ 299#define MDSA_MAX_GROUP 512 300 301/** DSA key structure */ 302typedef struct { 303 /** The key type, PK_PRIVATE or PK_PUBLIC */ 304 int type; 305 306 /** The order of the sub-group used in octets */ 307 int qord; 308 309 /** The generator */ 310 void *g; 311 312 /** The prime used to generate the sub-group */ 313 void *q; 314 315 /** The large prime that generats the field the contains the sub-group */ 316 void *p; 317 318 /** The private key */ 319 void *x; 320 321 /** The public key */ 322 void *y; 323} dsa_key; 324 325int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key); 326void dsa_free(dsa_key *key); 327 328int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen, 329 void *r, void *s, 330 prng_state *prng, int wprng, dsa_key *key); 331 332int dsa_sign_hash(const unsigned char *in, unsigned long inlen, 333 unsigned char *out, unsigned long *outlen, 334 prng_state *prng, int wprng, dsa_key *key); 335 336int dsa_verify_hash_raw( void *r, void *s, 337 const unsigned char *hash, unsigned long hashlen, 338 int *stat, dsa_key *key); 339 340int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, 341 const unsigned char *hash, unsigned long hashlen, 342 int *stat, dsa_key *key); 343 344int dsa_encrypt_key(const unsigned char *in, unsigned long inlen, 345 unsigned char *out, unsigned long *outlen, 346 prng_state *prng, int wprng, int hash, 347 dsa_key *key); 348 349int dsa_decrypt_key(const unsigned char *in, unsigned long inlen, 350 unsigned char *out, unsigned long *outlen, 351 dsa_key *key); 352 353int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key); 354int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key); 355int dsa_verify_key(dsa_key *key, int *stat); 356 357int dsa_shared_secret(void *private_key, void *base, 358 dsa_key *public_key, 359 unsigned char *out, unsigned long *outlen); 360#endif 361 362#ifdef LTC_DER 363/* DER handling */ 364 365enum { 366 LTC_ASN1_EOL, 367 LTC_ASN1_BOOLEAN, 368 LTC_ASN1_INTEGER, 369 LTC_ASN1_SHORT_INTEGER, 370 LTC_ASN1_BIT_STRING, 371 LTC_ASN1_OCTET_STRING, 372 LTC_ASN1_NULL, 373 LTC_ASN1_OBJECT_IDENTIFIER, 374 LTC_ASN1_IA5_STRING, 375 LTC_ASN1_PRINTABLE_STRING, 376 LTC_ASN1_UTF8_STRING, 377 LTC_ASN1_UTCTIME, 378 LTC_ASN1_CHOICE, 379 LTC_ASN1_SEQUENCE, 380 LTC_ASN1_SET, 381 LTC_ASN1_SETOF 382}; 383 384/** A LTC ASN.1 list type */ 385typedef struct ltc_asn1_list_ { 386 /** The LTC ASN.1 enumerated type identifier */ 387 int type; 388 /** The data to encode or place for decoding */ 389 void *data; 390 /** The size of the input or resulting output */ 391 unsigned long size; 392 /** The used flag, this is used by the CHOICE ASN.1 type to indicate which choice was made */ 393 int used; 394 /** prev/next entry in the list */ 395 struct ltc_asn1_list_ *prev, *next, *child, *parent; 396} ltc_asn1_list; 397 398#define LTC_SET_ASN1(list, index, Type, Data, Size) \ 399 do { \ 400 int LTC_MACRO_temp = (index); \ 401 ltc_asn1_list *LTC_MACRO_list = (list); \ 402 LTC_MACRO_list[LTC_MACRO_temp].type = (Type); \ 403 LTC_MACRO_list[LTC_MACRO_temp].data = (void*)(Data); \ 404 LTC_MACRO_list[LTC_MACRO_temp].size = (Size); \ 405 LTC_MACRO_list[LTC_MACRO_temp].used = 0; \ 406 } while (0); 407 408/* SEQUENCE */ 409int der_encode_sequence_ex(ltc_asn1_list *list, unsigned long inlen, 410 unsigned char *out, unsigned long *outlen, int type_of); 411 412#define der_encode_sequence(list, inlen, out, outlen) der_encode_sequence_ex(list, inlen, out, outlen, LTC_ASN1_SEQUENCE) 413 414int der_decode_sequence_ex(const unsigned char *in, unsigned long inlen, 415 ltc_asn1_list *list, unsigned long outlen, int ordered); 416 417#define der_decode_sequence(in, inlen, list, outlen) der_decode_sequence_ex(in, inlen, list, outlen, 1) 418 419int der_length_sequence(ltc_asn1_list *list, unsigned long inlen, 420 unsigned long *outlen); 421 422/* SET */ 423#define der_decode_set(in, inlen, list, outlen) der_decode_sequence_ex(in, inlen, list, outlen, 0) 424#define der_length_set der_length_sequence 425int der_encode_set(ltc_asn1_list *list, unsigned long inlen, 426 unsigned char *out, unsigned long *outlen); 427 428int der_encode_setof(ltc_asn1_list *list, unsigned long inlen, 429 unsigned char *out, unsigned long *outlen); 430 431/* VA list handy helpers with triplets of <type, size, data> */ 432int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...); 433int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...); 434 435/* FLEXI DECODER handle unknown list decoder */ 436int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out); 437void der_free_sequence_flexi(ltc_asn1_list *list); 438void der_sequence_free(ltc_asn1_list *in); 439 440/* BOOLEAN */ 441int der_length_boolean(unsigned long *outlen); 442int der_encode_boolean(int in, 443 unsigned char *out, unsigned long *outlen); 444int der_decode_boolean(const unsigned char *in, unsigned long inlen, 445 int *out); 446/* INTEGER */ 447int der_encode_integer(void *num, unsigned char *out, unsigned long *outlen); 448int der_decode_integer(const unsigned char *in, unsigned long inlen, void *num); 449int der_length_integer(void *num, unsigned long *len); 450 451/* INTEGER -- handy for 0..2^32-1 values */ 452int der_decode_short_integer(const unsigned char *in, unsigned long inlen, unsigned long *num); 453int der_encode_short_integer(unsigned long num, unsigned char *out, unsigned long *outlen); 454int der_length_short_integer(unsigned long num, unsigned long *outlen); 455 456/* BIT STRING */ 457int der_encode_bit_string(const unsigned char *in, unsigned long inlen, 458 unsigned char *out, unsigned long *outlen); 459int der_decode_bit_string(const unsigned char *in, unsigned long inlen, 460 unsigned char *out, unsigned long *outlen); 461int der_length_bit_string(unsigned long nbits, unsigned long *outlen); 462 463/* OCTET STRING */ 464int der_encode_octet_string(const unsigned char *in, unsigned long inlen, 465 unsigned char *out, unsigned long *outlen); 466int der_decode_octet_string(const unsigned char *in, unsigned long inlen, 467 unsigned char *out, unsigned long *outlen); 468int der_length_octet_string(unsigned long noctets, unsigned long *outlen); 469 470/* OBJECT IDENTIFIER */ 471int der_encode_object_identifier(unsigned long *words, unsigned long nwords, 472 unsigned char *out, unsigned long *outlen); 473int der_decode_object_identifier(const unsigned char *in, unsigned long inlen, 474 unsigned long *words, unsigned long *outlen); 475int der_length_object_identifier(unsigned long *words, unsigned long nwords, unsigned long *outlen); 476unsigned long der_object_identifier_bits(unsigned long x); 477 478/* IA5 STRING */ 479int der_encode_ia5_string(const unsigned char *in, unsigned long inlen, 480 unsigned char *out, unsigned long *outlen); 481int der_decode_ia5_string(const unsigned char *in, unsigned long inlen, 482 unsigned char *out, unsigned long *outlen); 483int der_length_ia5_string(const unsigned char *octets, unsigned long noctets, unsigned long *outlen); 484 485int der_ia5_char_encode(int c); 486int der_ia5_value_decode(int v); 487 488/* Printable STRING */ 489int der_encode_printable_string(const unsigned char *in, unsigned long inlen, 490 unsigned char *out, unsigned long *outlen); 491int der_decode_printable_string(const unsigned char *in, unsigned long inlen, 492 unsigned char *out, unsigned long *outlen); 493int der_length_printable_string(const unsigned char *octets, unsigned long noctets, unsigned long *outlen); 494 495int der_printable_char_encode(int c); 496int der_printable_value_decode(int v); 497 498/* UTF-8 */ 499#if (defined(SIZE_MAX) || __STDC_VERSION__ >= 199901L || defined(WCHAR_MAX) || defined(_WCHAR_T) || defined(_WCHAR_T_DEFINED)) && !defined(LTC_NO_WCHAR) 500#include <wchar.h> 501#else 502typedef ulong32 wchar_t; 503#endif 504 505int der_encode_utf8_string(const wchar_t *in, unsigned long inlen, 506 unsigned char *out, unsigned long *outlen); 507 508int der_decode_utf8_string(const unsigned char *in, unsigned long inlen, 509 wchar_t *out, unsigned long *outlen); 510unsigned long der_utf8_charsize(const wchar_t c); 511int der_length_utf8_string(const wchar_t *in, unsigned long noctets, unsigned long *outlen); 512 513 514/* CHOICE */ 515int der_decode_choice(const unsigned char *in, unsigned long *inlen, 516 ltc_asn1_list *list, unsigned long outlen); 517 518/* UTCTime */ 519typedef struct { 520 unsigned YY, /* year */ 521 MM, /* month */ 522 DD, /* day */ 523 hh, /* hour */ 524 mm, /* minute */ 525 ss, /* second */ 526 off_dir, /* timezone offset direction 0 == +, 1 == - */ 527 off_hh, /* timezone offset hours */ 528 off_mm; /* timezone offset minutes */ 529} ltc_utctime; 530 531int der_encode_utctime(ltc_utctime *utctime, 532 unsigned char *out, unsigned long *outlen); 533 534int der_decode_utctime(const unsigned char *in, unsigned long *inlen, 535 ltc_utctime *out); 536 537int der_length_utctime(ltc_utctime *utctime, unsigned long *outlen); 538 539 540#endif 541 542/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_pk.h,v $ */ 543/* $Revision: 1.77 $ */ 544/* $Date: 2006/12/03 00:39:56 $ */ 545