1 /*
2 * cryptolib.h
3 * Release $Name: MATRIXSSL-3-3-0-OPEN $
4 */
5 /*
6 * Copyright (c) AuthenTec, Inc. 2011-2012
7 * Copyright (c) PeerSec Networks, 2002-2011
8 * All Rights Reserved
9 *
10 * The latest version of this code is available at http://www.matrixssl.org
11 *
12 * This software is open source; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
16 *
17 * This General Public License does NOT permit incorporating this software
18 * into proprietary programs. If you are unable to comply with the GPL, a
19 * commercial license for this software may be purchased from AuthenTec at
20 * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.aspx
21 *
22 * This program is distributed in WITHOUT ANY WARRANTY; without even the
23 * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
24 * See the GNU General Public License for more details.
25 *
26 * You should have received a copy of the GNU General Public License
27 * along with this program; if not, write to the Free Software
28 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
29 * http://www.gnu.org/copyleft/gpl.html
30 */
31 /******************************************************************************/
32
33 #ifndef _h_PS_CRYPTOLIB
34 #define _h_PS_CRYPTOLIB
35
36 #include "symmetric/symmetric.h"
37 #include "digest/digest.h"
38 #include "math/pstm.h"
39 #include "pubkey/pubkey.h"
40 #include "keyformat/asn1.h"
41 #include "keyformat/x509.h"
42 #include "prng/prng.h"
43
44 /******************************************************************************/
45 /*
46 Configuration checks
47 */
48 #ifdef USE_CERT_PARSE
49 #ifndef USE_X509
50 #error "Must enable USE_X509 if USE_CERT_PARSE is enabled"
51 #endif
52 #if !defined(USE_MD5) || !defined(USE_SHA1)
53 #error "Both USE_MD5 and USE_SHA1 must be enabled when enabling USE_X509"
54 #endif
55 #endif
56
57 #ifdef USE_HMAC
58 #if !defined(USE_MD5) && !defined(USE_SHA1)
59 #error "Must enable either MD5 or SHA1 in cryptoConfig.h for HMAC support"
60 #endif
61 #endif
62
63 #ifdef USE_PKCS5
64 #ifndef USE_MD5
65 #error "Enable USE_MD5 in cryptoConfig.h for PKCS5 support"
66 #endif
67 #ifndef USE_3DES
68 #error "Enable USE_3DES in cryptoConfig.h for PKCS5 support"
69 #endif
70 #endif
71
72 #ifdef USE_PKCS8
73 #ifndef USE_HMAC
74 #error "Enable USE_HMAC in cryptoConfig.h for PKCS8 support"
75 #endif
76 #endif
77
78 #ifdef USE_PKCS12
79 #ifndef USE_PKCS8
80 #error "Enable USE_PKCS8 in cryptoConfig.h for PKCS12 support"
81 #endif
82 #endif
83
84 /******************************************************************************/
85 /*
86 Crypto trace
87 */
88 #ifndef USE_CRYPTO_TRACE
89 #define psTraceCrypto(x)
90 #define psTraceStrCrypto(x, y)
91 #define psTraceIntCrypto(x, y)
92 #define psTracePtrCrypto(x, y)
93 #else
94 #define psTraceCrypto(x) _psTrace(x)
95 #define psTraceStrCrypto(x, y) _psTraceStr(x, y)
96 #define psTraceIntCrypto(x, y) _psTraceInt(x, y)
97 #define psTracePtrCrypto(x, y) _psTracePtr(x, y)
98 #endif /* USE_CRYPTO_TRACE */
99
100
101 /******************************************************************************/
102 /*
103 Helpers
104 */
105 extern int32 psBase64decode(const unsigned char *in, uint32 len,
106 unsigned char *out, uint32 *outlen);
107
108 /******************************************************************************/
109 /*
110 RFC 3279 OID
111 Matrix uses an oid summing mechanism to arrive at these defines.
112 The byte values of the OID are summed to produce a "relatively unique" int
113
114 The duplicate defines do not pose a problem as long as they don't
115 exist in the same OID groupings
116 */
117 #ifdef USE_X509
118 /* Raw digest algorithms */
119 #define OID_SHA1_ALG 88
120 #define OID_SHA256_ALG 414
121 #define OID_SHA512_ALG 416
122 #define OID_MD2_ALG 646
123 #define OID_MD5_ALG 649
124
125 /* Signature algorithms */
126 #define OID_MD2_RSA_SIG 646
127 #define OID_MD5_RSA_SIG 648 /* 42.134.72.134.247.13.1.1.4 */
128 #define OID_SHA1_RSA_SIG 649 /* 42.134.72.134.247.13.1.1.5 */
129 #define OID_SHA256_RSA_SIG 655 /* 42.134.72.134.247.13.1.1.11 */
130 #define OID_SHA512_RSA_SIG 657 /* 42.134.72.134.247.13.1.1.13 */
131 #define OID_SHA1_ECDSA_SIG 520 /* 42.134.72.206.61.4.1 */
132 #define OID_SHA224_ECDSA_SIG 523 /* 42.134.72.206.61.4.3.1 */
133 #define OID_SHA256_ECDSA_SIG 524 /* 42.134.72.206.61.4.3.2 */
134 #define OID_SHA384_ECDSA_SIG 525 /* 42.134.72.206.61.4.3.3 */
135 #define OID_SHA512_ECDSA_SIG 526 /* 42.134.72.206.61.4.3.4 */
136 #endif /* USE_X509 */
137
138 /* Public key algorithms */
139 #define OID_RSA_KEY_ALG 645 /* 42.134.72.134.247.13.1.1.1 */
140 #define OID_ECDSA_KEY_ALG 518 /* 42.134.72.206.61.2.1 */
141
142 #ifdef USE_PKCS5
143 #define OID_DES_EDE3_CBC 652 /* 42.134.72.134.247.13.3.7 */
144
145 #define OID_PKCS_PBKDF2 660 /* 42.134.72.134.247.13.1.5.12 */
146 #define OID_PKCS_PBES2 661 /* 42.134.72.134.247.13.1.5.13 */
147 #endif /* USE_PKCS5 */
148
149 #ifdef USE_PKCS12
150 #define OID_PKCS_PBESHA128RC4 657
151 #define OID_PKCS_PBESHA40RC4 658
152 #define OID_PKCS_PBESHA3DES3 659
153 #define OID_PKCS_PBESHA3DES2 660 /* warning: collision with pkcs5 */
154 #define OID_PKCS_PBESHA128RC2 661 /* warning: collision with pkcs5 */
155 #define OID_PKCS_PBESHA40RC2 662
156
157 #define PKCS7_DATA 651
158 #define PKCS7_SIGNED_DATA 652
159 #define PKCS7_ENVELOPED_DATA 653
160 #define PKCS7_SIGNED_ENVELOPED_DATA 654
161 #define PKCS7_DIGESTED_DATA 655
162 #define PKCS7_ENCRYPTED_DATA 656
163
164 #define PKCS12_BAG_TYPE_KEY 667
165 #define PKCS12_BAG_TYPE_SHROUD 668
166 #define PKCS12_BAG_TYPE_CERT 669
167 #define PKCS12_BAG_TYPE_CRL 670
168 #define PKCS12_BAG_TYPE_SECRET 671
169 #define PKCS12_BAG_TYPE_SAFE 672
170
171 #define PBE12 1
172 #define PBES2 2
173 #define AUTH_SAFE_3DES 1
174 #define AUTH_SAFE_RC2 2
175
176 #define PKCS12_KEY_ID 1
177 #define PKCS12_IV_ID 2
178 #define PKCS12_MAC_ID 3
179
180 #define PKCS9_CERT_TYPE_X509 675
181 #define PKCS9_CERT_TYPE_SDSI 676
182 #endif /* USE_PKCS12 */
183
184 /******************************************************************************/
185 /* These values are all mutually exlusive bits to define Cipher flags */
186 #define CRYPTO_FLAGS_AES 0x01
187 #define CRYPTO_FLAGS_AES256 0x02
188 #define CRYPTO_FLAGS_3DES 0x04
189 #define CRYPTO_FLAGS_ARC4 0x08
190 #define CRYPTO_FLAGS_SEED 0x10
191
192 #define CRYPTO_FLAGS_SHA1 0x20
193 #define CRYPTO_FLAGS_SHA2 0x40
194 #define CRYPTO_FLAGS_MD5 0x80
195
196 #define CRYPTO_FLAGS_TLS 0x100
197
198 #define CRYPTO_FLAGS_INBOUND 0x200
199 #define CRYPTO_FLAGS_ARC4INIT 0x400
200 #define CRYPTO_FLAGS_BLOCKING 0x800
201
202 #define CRYPTO_FLAGS_DISABLED 0x1000
203
204 /******************************************************************************/
205
206 #define CRYPT_INVALID_KEYSIZE -21
207 #define CRYPT_INVALID_ROUNDS -22
208
209 /******************************************************************************/
210 /* 32-bit Rotates */
211 /******************************************************************************/
212 #if defined(_MSC_VER)
213 /******************************************************************************/
214
215 /* instrinsic rotate */
216 #include <stdlib.h>
217 #pragma intrinsic(_lrotr,_lrotl)
218 #define ROR(x,n) _lrotr(x,n)
219 #define ROL(x,n) _lrotl(x,n)
220
221 /******************************************************************************/
222 #elif defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && \
223 !defined(INTEL_CC) && !defined(PS_NO_ASM)
224
ROL(unsigned word,int i)225 static inline unsigned ROL(unsigned word, int i)
226 {
227 asm ("roll %%cl,%0"
228 :"=r" (word)
229 :"0" (word),"c" (i));
230 return word;
231 }
232
ROR(unsigned word,int i)233 static inline unsigned ROR(unsigned word, int i)
234 {
235 asm ("rorl %%cl,%0"
236 :"=r" (word)
237 :"0" (word),"c" (i));
238 return word;
239 }
240
241 /******************************************************************************/
242 #else
243
244 /* rotates the hard way */
245 #define ROL(x, y) \
246 ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | \
247 (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & \
248 0xFFFFFFFFUL)
249 #define ROR(x, y) \
250 ( ((((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)((y)&31)) | \
251 ((unsigned long)(x)<<(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
252
253 #endif /* 32-bit Rotates */
254 /******************************************************************************/
255
256 #ifdef HAVE_NATIVE_INT64
257 #ifdef _MSC_VER
258 #define CONST64(n) n ## ui64
259 #else
260 #define CONST64(n) n ## ULL
261 #endif
262 #endif
263
264 /******************************************************************************/
265 /*
266 Controls endianess and size of registers. Leave uncommented to get
267 platform neutral [slower] code detect x86-32 machines somewhat
268 */
269 #if (defined(_MSC_VER) && defined(WIN32)) || \
270 (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || \
271 defined(__MINGW32__) || defined(__i386__)))
272 #define ENDIAN_LITTLE
273 #define ENDIAN_32BITWORD
274 #endif
275
276 /* #define ENDIAN_LITTLE */
277 /* #define ENDIAN_BIG */
278
279 /* #define ENDIAN_32BITWORD */
280 /* #define ENDIAN_64BITWORD */
281
282 #if (defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) && \
283 !(defined(ENDIAN_32BITWORD) || defined(ENDIAN_64BITWORD))
284 #error You must specify a word size as well as endianess
285 #endif
286
287 #if !(defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE))
288 #define ENDIAN_NEUTRAL
289 #endif
290
291 /*
292 helper macros
293 */
294 #if defined (ENDIAN_NEUTRAL)
295
296 #define STORE32L(x, y) { \
297 (y)[3] = (unsigned char)(((x)>>24)&255); \
298 (y)[2] = (unsigned char)(((x)>>16)&255); \
299 (y)[1] = (unsigned char)(((x)>>8)&255); \
300 (y)[0] = (unsigned char)((x)&255); \
301 }
302
303 #define LOAD32L(x, y) { \
304 x = ((unsigned long)((y)[3] & 255)<<24) | \
305 ((unsigned long)((y)[2] & 255)<<16) | \
306 ((unsigned long)((y)[1] & 255)<<8) | \
307 ((unsigned long)((y)[0] & 255)); \
308 }
309
310 #define STORE64L(x, y) { \
311 (y)[7] = (unsigned char)(((x)>>56)&255); \
312 (y)[6] = (unsigned char)(((x)>>48)&255); \
313 (y)[5] = (unsigned char)(((x)>>40)&255); \
314 (y)[4] = (unsigned char)(((x)>>32)&255); \
315 (y)[3] = (unsigned char)(((x)>>24)&255); \
316 (y)[2] = (unsigned char)(((x)>>16)&255); \
317 (y)[1] = (unsigned char)(((x)>>8)&255); \
318 (y)[0] = (unsigned char)((x)&255); \
319 }
320
321 #define LOAD64L(x, y) { \
322 x = (((uint64)((y)[7] & 255))<<56)|(((uint64)((y)[6] & 255))<<48)| \
323 (((uint64)((y)[5] & 255))<<40)|(((uint64)((y)[4] & 255))<<32)| \
324 (((uint64)((y)[3] & 255))<<24)|(((uint64)((y)[2] & 255))<<16)| \
325 (((uint64)((y)[1] & 255))<<8)|(((uint64)((y)[0] & 255))); \
326 }
327
328 #define STORE32H(x, y) { \
329 (y)[0] = (unsigned char)(((x)>>24)&255); \
330 (y)[1] = (unsigned char)(((x)>>16)&255); \
331 (y)[2] = (unsigned char)(((x)>>8)&255); \
332 (y)[3] = (unsigned char)((x)&255); \
333 }
334
335 #define LOAD32H(x, y) { \
336 x = ((unsigned long)((y)[0] & 255)<<24) | \
337 ((unsigned long)((y)[1] & 255)<<16) | \
338 ((unsigned long)((y)[2] & 255)<<8) | \
339 ((unsigned long)((y)[3] & 255)); \
340 }
341
342 #define STORE64H(x, y) { \
343 (y)[0] = (unsigned char)(((x)>>56)&255); \
344 (y)[1] = (unsigned char)(((x)>>48)&255); \
345 (y)[2] = (unsigned char)(((x)>>40)&255); \
346 (y)[3] = (unsigned char)(((x)>>32)&255); \
347 (y)[4] = (unsigned char)(((x)>>24)&255); \
348 (y)[5] = (unsigned char)(((x)>>16)&255); \
349 (y)[6] = (unsigned char)(((x)>>8)&255); \
350 (y)[7] = (unsigned char)((x)&255); \
351 }
352
353 #define LOAD64H(x, y) { \
354 x = (((uint64)((y)[0] & 255))<<56)|(((uint64)((y)[1] & 255))<<48) | \
355 (((uint64)((y)[2] & 255))<<40)|(((uint64)((y)[3] & 255))<<32) | \
356 (((uint64)((y)[4] & 255))<<24)|(((uint64)((y)[5] & 255))<<16) | \
357 (((uint64)((y)[6] & 255))<<8)|(((uint64)((y)[7] & 255))); \
358 }
359
360 #endif /* ENDIAN_NEUTRAL */
361
362 #ifdef ENDIAN_LITTLE
363
364 #define STORE32H(x, y) { \
365 (y)[0] = (unsigned char)(((x)>>24)&255); \
366 (y)[1] = (unsigned char)(((x)>>16)&255); \
367 (y)[2] = (unsigned char)(((x)>>8)&255); \
368 (y)[3] = (unsigned char)((x)&255); \
369 }
370
371 #define LOAD32H(x, y) { \
372 x = ((unsigned long)((y)[0] & 255)<<24) | \
373 ((unsigned long)((y)[1] & 255)<<16) | \
374 ((unsigned long)((y)[2] & 255)<<8) | \
375 ((unsigned long)((y)[3] & 255)); \
376 }
377
378 #define STORE64H(x, y) { \
379 (y)[0] = (unsigned char)(((x)>>56)&255); \
380 (y)[1] = (unsigned char)(((x)>>48)&255); \
381 (y)[2] = (unsigned char)(((x)>>40)&255); \
382 (y)[3] = (unsigned char)(((x)>>32)&255); \
383 (y)[4] = (unsigned char)(((x)>>24)&255); \
384 (y)[5] = (unsigned char)(((x)>>16)&255); \
385 (y)[6] = (unsigned char)(((x)>>8)&255); \
386 (y)[7] = (unsigned char)((x)&255); \
387 }
388
389 #define LOAD64H(x, y) { \
390 x = (((uint64)((y)[0] & 255))<<56)|(((uint64)((y)[1] & 255))<<48) | \
391 (((uint64)((y)[2] & 255))<<40)|(((uint64)((y)[3] & 255))<<32) | \
392 (((uint64)((y)[4] & 255))<<24)|(((uint64)((y)[5] & 255))<<16) | \
393 (((uint64)((y)[6] & 255))<<8)|(((uint64)((y)[7] & 255))); }
394
395 #ifdef ENDIAN_32BITWORD
396
397 #define STORE32L(x, y) { \
398 unsigned long __t = (x); memcpy(y, &__t, 4); \
399 }
400
401 #define LOAD32L(x, y) memcpy(&(x), y, 4);
402
403 #define STORE64L(x, y) { \
404 (y)[7] = (unsigned char)(((x)>>56)&255); \
405 (y)[6] = (unsigned char)(((x)>>48)&255); \
406 (y)[5] = (unsigned char)(((x)>>40)&255); \
407 (y)[4] = (unsigned char)(((x)>>32)&255); \
408 (y)[3] = (unsigned char)(((x)>>24)&255); \
409 (y)[2] = (unsigned char)(((x)>>16)&255); \
410 (y)[1] = (unsigned char)(((x)>>8)&255); \
411 (y)[0] = (unsigned char)((x)&255); \
412 }
413
414 #define LOAD64L(x, y) { \
415 x = (((uint64)((y)[7] & 255))<<56)|(((uint64)((y)[6] & 255))<<48)| \
416 (((uint64)((y)[5] & 255))<<40)|(((uint64)((y)[4] & 255))<<32)| \
417 (((uint64)((y)[3] & 255))<<24)|(((uint64)((y)[2] & 255))<<16)| \
418 (((uint64)((y)[1] & 255))<<8)|(((uint64)((y)[0] & 255))); \
419 }
420
421 #else /* 64-bit words then */
422
423 #define STORE32L(x, y) \
424 { unsigned long __t = (x); memcpy(y, &__t, 4); }
425
426 #define LOAD32L(x, y) \
427 { memcpy(&(x), y, 4); x &= 0xFFFFFFFF; }
428
429 #define STORE64L(x, y) \
430 { uint64 __t = (x); memcpy(y, &__t, 8); }
431
432 #define LOAD64L(x, y) \
433 { memcpy(&(x), y, 8); }
434
435 #endif /* ENDIAN_64BITWORD */
436 #endif /* ENDIAN_LITTLE */
437
438 #ifdef ENDIAN_BIG
439
440 #define STORE32L(x, y) { \
441 (y)[3] = (unsigned char)(((x)>>24)&255); \
442 (y)[2] = (unsigned char)(((x)>>16)&255); \
443 (y)[1] = (unsigned char)(((x)>>8)&255); \
444 (y)[0] = (unsigned char)((x)&255); \
445 }
446
447 #define LOAD32L(x, y) { \
448 x = ((unsigned long)((y)[3] & 255)<<24) | \
449 ((unsigned long)((y)[2] & 255)<<16) | \
450 ((unsigned long)((y)[1] & 255)<<8) | \
451 ((unsigned long)((y)[0] & 255)); \
452 }
453
454 #define STORE64L(x, y) { \
455 (y)[7] = (unsigned char)(((x)>>56)&255); \
456 (y)[6] = (unsigned char)(((x)>>48)&255); \
457 (y)[5] = (unsigned char)(((x)>>40)&255); \
458 (y)[4] = (unsigned char)(((x)>>32)&255); \
459 (y)[3] = (unsigned char)(((x)>>24)&255); \
460 (y)[2] = (unsigned char)(((x)>>16)&255); \
461 (y)[1] = (unsigned char)(((x)>>8)&255); \
462 (y)[0] = (unsigned char)((x)&255); \
463 }
464
465 #define LOAD64L(x, y) { \
466 x = (((uint64)((y)[7] & 255))<<56)|(((uint64)((y)[6] & 255))<<48) | \
467 (((uint64)((y)[5] & 255))<<40)|(((uint64)((y)[4] & 255))<<32) | \
468 (((uint64)((y)[3] & 255))<<24)|(((uint64)((y)[2] & 255))<<16) | \
469 (((uint64)((y)[1] & 255))<<8)|(((uint64)((y)[0] & 255))); \
470 }
471
472 #ifdef ENDIAN_32BITWORD
473
474 #define STORE32H(x, y) \
475 { unsigned long __t = (x); memcpy(y, &__t, 4); }
476
477 #define LOAD32H(x, y) memcpy(&(x), y, 4);
478
479 #define STORE64H(x, y) { \
480 (y)[0] = (unsigned char)(((x)>>56)&255); \
481 (y)[1] = (unsigned char)(((x)>>48)&255); \
482 (y)[2] = (unsigned char)(((x)>>40)&255); \
483 (y)[3] = (unsigned char)(((x)>>32)&255); \
484 (y)[4] = (unsigned char)(((x)>>24)&255); \
485 (y)[5] = (unsigned char)(((x)>>16)&255); \
486 (y)[6] = (unsigned char)(((x)>>8)&255); \
487 (y)[7] = (unsigned char)((x)&255); \
488 }
489
490 #define LOAD64H(x, y) { \
491 x = (((uint64)((y)[0] & 255))<<56)|(((uint64)((y)[1] & 255))<<48)| \
492 (((uint64)((y)[2] & 255))<<40)|(((uint64)((y)[3] & 255))<<32)| \
493 (((uint64)((y)[4] & 255))<<24)|(((uint64)((y)[5] & 255))<<16)| \
494 (((uint64)((y)[6] & 255))<<8)| (((uint64)((y)[7] & 255))); \
495 }
496
497 #else /* 64-bit words then */
498
499 #define STORE32H(x, y) \
500 { unsigned long __t = (x); memcpy(y, &__t, 4); }
501
502 #define LOAD32H(x, y) \
503 { memcpy(&(x), y, 4); x &= 0xFFFFFFFF; }
504
505 #define STORE64H(x, y) \
506 { uint64 __t = (x); memcpy(y, &__t, 8); }
507
508 #define LOAD64H(x, y) \
509 { memcpy(&(x), y, 8); }
510
511 #endif /* ENDIAN_64BITWORD */
512 #endif /* ENDIAN_BIG */
513
514 #ifdef HAVE_NATIVE_INT64
515 #define ROL64c(x, y) \
516 ( (((x)<<((uint64)(y)&63)) | \
517 (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((uint64)64-((y)&63)))) & CONST64(0xFFFFFFFFFFFFFFFF))
518
519 #define ROR64c(x, y) \
520 ( ((((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((uint64)(y)&CONST64(63))) | \
521 ((x)<<((uint64)(64-((y)&CONST64(63)))))) & CONST64(0xFFFFFFFFFFFFFFFF))
522 #endif /* HAVE_NATIVE_INT64 */
523 /******************************************************************************/
524
525
526 /******************************************************************************/
527 /*
528 Return the length of padding bytes required for a record of 'LEN' bytes
529 The name Pwr2 indicates that calculations will work with 'BLOCKSIZE'
530 that are powers of 2.
531 Because of the trailing pad length byte, a length that is a multiple
532 of the pad bytes
533 */
534 #define psPadLenPwr2(LEN, BLOCKSIZE) \
535 BLOCKSIZE <= 1 ? (unsigned char)0 : \
536 (unsigned char)(BLOCKSIZE - ((LEN) & (BLOCKSIZE - 1)))
537
538 #endif /* _h_PS_CRYPTOLIB */
539 /******************************************************************************/
540
541