|
Packit Service |
4684c1 |
/*
|
|
Packit Service |
4684c1 |
* Copyright (C) 2011-2012 Free Software Foundation, Inc.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Author: Nikos Mavrogiannopoulos
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This file is part of GnuTLS.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The GnuTLS is free software; you can redistribute it and/or
|
|
Packit Service |
4684c1 |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit Service |
4684c1 |
* the License, or (at your option) any later version.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This library is distributed in the hope that it will be useful, but
|
|
Packit Service |
4684c1 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
4684c1 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit Service |
4684c1 |
* Lesser General Public License for more details.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* along with this program. If not, see <https://www.gnu.org/licenses/>
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#ifndef GNUTLS_LIB_CRYPTO_BACKEND_H
|
|
Packit Service |
4684c1 |
#define GNUTLS_LIB_CRYPTO_BACKEND_H
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#include <gnutls/crypto.h>
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define gnutls_crypto_single_cipher_st gnutls_crypto_cipher_st
|
|
Packit Service |
4684c1 |
#define gnutls_crypto_single_mac_st gnutls_crypto_mac_st
|
|
Packit Service |
4684c1 |
#define gnutls_crypto_single_digest_st gnutls_crypto_digest_st
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
typedef struct {
|
|
Packit Service |
4684c1 |
gnutls_cipher_init_func init;
|
|
Packit Service |
4684c1 |
gnutls_cipher_setkey_func setkey;
|
|
Packit Service |
4684c1 |
gnutls_cipher_setiv_func setiv;
|
|
Packit Service |
4684c1 |
gnutls_cipher_getiv_func getiv;
|
|
Packit Service |
4684c1 |
gnutls_cipher_encrypt_func encrypt;
|
|
Packit Service |
4684c1 |
gnutls_cipher_decrypt_func decrypt;
|
|
Packit Service |
4684c1 |
gnutls_cipher_aead_encrypt_func aead_encrypt;
|
|
Packit Service |
4684c1 |
gnutls_cipher_aead_decrypt_func aead_decrypt;
|
|
Packit Service |
4684c1 |
gnutls_cipher_deinit_func deinit;
|
|
Packit Service |
4684c1 |
gnutls_cipher_auth_func auth;
|
|
Packit Service |
4684c1 |
gnutls_cipher_tag_func tag;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Not needed for registered on run-time. Only included
|
|
Packit Service |
4684c1 |
* should define it. */
|
|
Packit Service |
4684c1 |
int (*exists) (gnutls_cipher_algorithm_t); /* true/false */
|
|
Packit Service |
4684c1 |
} gnutls_crypto_cipher_st;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
typedef struct {
|
|
Packit Service |
4684c1 |
gnutls_mac_init_func init;
|
|
Packit Service |
4684c1 |
gnutls_mac_setkey_func setkey;
|
|
Packit Service |
4684c1 |
gnutls_mac_setnonce_func setnonce;
|
|
Packit Service |
4684c1 |
gnutls_mac_hash_func hash;
|
|
Packit Service |
4684c1 |
gnutls_mac_output_func output;
|
|
Packit Service |
4684c1 |
gnutls_mac_deinit_func deinit;
|
|
Packit Service |
4684c1 |
gnutls_mac_fast_func fast;
|
|
Packit Service |
4684c1 |
gnutls_mac_copy_func copy;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Not needed for registered on run-time. Only included
|
|
Packit Service |
4684c1 |
* should define it. */
|
|
Packit Service |
4684c1 |
int (*exists) (gnutls_mac_algorithm_t);
|
|
Packit Service |
4684c1 |
} gnutls_crypto_mac_st;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
typedef struct {
|
|
Packit Service |
4684c1 |
gnutls_digest_init_func init;
|
|
Packit Service |
4684c1 |
gnutls_digest_hash_func hash;
|
|
Packit Service |
4684c1 |
gnutls_digest_output_func output;
|
|
Packit Service |
4684c1 |
gnutls_digest_deinit_func deinit;
|
|
Packit Service |
4684c1 |
gnutls_digest_fast_func fast;
|
|
Packit Service |
4684c1 |
gnutls_digest_copy_func copy;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Not needed for registered on run-time. Only included
|
|
Packit Service |
4684c1 |
* should define it. */
|
|
Packit Service |
4684c1 |
int (*exists) (gnutls_digest_algorithm_t);
|
|
Packit Service |
4684c1 |
} gnutls_crypto_digest_st;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
typedef struct {
|
|
Packit Service |
4684c1 |
int (*hkdf_extract) (gnutls_mac_algorithm_t,
|
|
Packit Service |
4684c1 |
const void *key, size_t keysize,
|
|
Packit Service |
4684c1 |
const void *salt, size_t saltsize,
|
|
Packit Service |
4684c1 |
void *output);
|
|
Packit Service |
4684c1 |
int (*hkdf_expand) (gnutls_mac_algorithm_t,
|
|
Packit Service |
4684c1 |
const void *key, size_t keysize,
|
|
Packit Service |
4684c1 |
const void *info, size_t infosize,
|
|
Packit Service |
4684c1 |
void *output, size_t length);
|
|
Packit Service |
4684c1 |
int (*pbkdf2) (gnutls_mac_algorithm_t,
|
|
Packit Service |
4684c1 |
const void *key, size_t keysize,
|
|
Packit Service |
4684c1 |
const void *salt, size_t saltsize,
|
|
Packit Service |
4684c1 |
unsigned iter_count,
|
|
Packit Service |
4684c1 |
void *output, size_t length);
|
|
Packit Service |
4684c1 |
} gnutls_crypto_kdf_st;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
typedef struct gnutls_crypto_rnd {
|
|
Packit Service |
4684c1 |
int (*init) (void **ctx); /* called prior to first usage of randomness */
|
|
Packit Service |
4684c1 |
int (*rnd) (void *ctx, int level, void *data, size_t datasize);
|
|
Packit Service |
4684c1 |
void (*rnd_refresh) (void *ctx);
|
|
Packit Service |
4684c1 |
void (*deinit) (void *ctx);
|
|
Packit Service |
4684c1 |
int (*self_test) (void); /* this should not require rng initialization */
|
|
Packit Service |
4684c1 |
} gnutls_crypto_rnd_st;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
typedef void *bigint_t;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_bigint_format_t:
|
|
Packit Service |
4684c1 |
* @GNUTLS_MPI_FORMAT_USG: Raw unsigned integer format.
|
|
Packit Service |
4684c1 |
* @GNUTLS_MPI_FORMAT_STD: Raw signed integer format, always a leading
|
|
Packit Service |
4684c1 |
* zero when positive.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Enumeration of different bignum integer encoding formats.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
typedef enum {
|
|
Packit Service |
4684c1 |
/* raw unsigned integer format */
|
|
Packit Service |
4684c1 |
GNUTLS_MPI_FORMAT_USG = 0,
|
|
Packit Service |
4684c1 |
/* raw signed integer format - always a leading zero when positive */
|
|
Packit Service |
4684c1 |
GNUTLS_MPI_FORMAT_STD = 1,
|
|
Packit Service |
4684c1 |
/* raw unsigned integer format, little endian format */
|
|
Packit Service |
4684c1 |
GNUTLS_MPI_FORMAT_ULE = 2
|
|
Packit Service |
4684c1 |
} gnutls_bigint_format_t;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Multi precision integer arithmetic */
|
|
Packit Service |
4684c1 |
typedef struct gnutls_crypto_bigint {
|
|
Packit Service |
4684c1 |
int (*bigint_init) (bigint_t*);
|
|
Packit Service |
4684c1 |
int (*bigint_init_multi) (bigint_t*, ...);
|
|
Packit Service |
4684c1 |
void (*bigint_release) (bigint_t n);
|
|
Packit Service |
4684c1 |
void (*bigint_clear) (bigint_t n); /* zeros the int */
|
|
Packit Service |
4684c1 |
/* 0 for equality, > 0 for m1>m2, < 0 for m1
|
|
Packit Service |
4684c1 |
int (*bigint_cmp) (const bigint_t m1, const bigint_t m2);
|
|
Packit Service |
4684c1 |
/* as bigint_cmp */
|
|
Packit Service |
4684c1 |
int (*bigint_cmp_ui) (const bigint_t m1, unsigned long m2);
|
|
Packit Service |
4684c1 |
/* r = a % b */
|
|
Packit Service |
4684c1 |
int (*bigint_modm) (bigint_t r, const bigint_t a, const bigint_t b);
|
|
Packit Service |
4684c1 |
/* a = b -> ret == a */
|
|
Packit Service |
4684c1 |
int (*bigint_set) (bigint_t a, const bigint_t b);
|
|
Packit Service |
4684c1 |
bigint_t (*bigint_copy) (const bigint_t a);
|
|
Packit Service |
4684c1 |
/* a = b -> ret == a */
|
|
Packit Service |
4684c1 |
int (*bigint_set_ui) (bigint_t a, unsigned long b);
|
|
Packit Service |
4684c1 |
unsigned int (*bigint_get_nbits) (const bigint_t a);
|
|
Packit Service |
4684c1 |
/* w = b ^ e mod m */
|
|
Packit Service |
4684c1 |
int (*bigint_powm) (bigint_t w, const bigint_t b,
|
|
Packit Service |
4684c1 |
const bigint_t e, const bigint_t m);
|
|
Packit Service |
4684c1 |
/* w = a + b mod m */
|
|
Packit Service |
4684c1 |
int (*bigint_addm) (bigint_t w, const bigint_t a,
|
|
Packit Service |
4684c1 |
const bigint_t b, const bigint_t m);
|
|
Packit Service |
4684c1 |
/* w = a - b mod m */
|
|
Packit Service |
4684c1 |
int (*bigint_subm) (bigint_t w, const bigint_t a,
|
|
Packit Service |
4684c1 |
const bigint_t b, const bigint_t m);
|
|
Packit Service |
4684c1 |
/* w = a * b mod m */
|
|
Packit Service |
4684c1 |
int (*bigint_mulm) (bigint_t w, const bigint_t a,
|
|
Packit Service |
4684c1 |
const bigint_t b, const bigint_t m);
|
|
Packit Service |
4684c1 |
/* w = a + b */ int (*bigint_add) (bigint_t w,
|
|
Packit Service |
4684c1 |
const bigint_t a,
|
|
Packit Service |
4684c1 |
const bigint_t b);
|
|
Packit Service |
4684c1 |
/* w = a - b */ int (*bigint_sub) (bigint_t w,
|
|
Packit Service |
4684c1 |
const bigint_t a,
|
|
Packit Service |
4684c1 |
const bigint_t b);
|
|
Packit Service |
4684c1 |
/* w = a * b */
|
|
Packit Service |
4684c1 |
int (*bigint_mul) (bigint_t w, const bigint_t a,
|
|
Packit Service |
4684c1 |
const bigint_t b);
|
|
Packit Service |
4684c1 |
/* w = a + b */
|
|
Packit Service |
4684c1 |
int (*bigint_add_ui) (bigint_t w, const bigint_t a,
|
|
Packit Service |
4684c1 |
unsigned long b);
|
|
Packit Service |
4684c1 |
/* w = a - b */
|
|
Packit Service |
4684c1 |
int (*bigint_sub_ui) (bigint_t w, const bigint_t a,
|
|
Packit Service |
4684c1 |
unsigned long b);
|
|
Packit Service |
4684c1 |
/* w = a * b */
|
|
Packit Service |
4684c1 |
int (*bigint_mul_ui) (bigint_t w, const bigint_t a,
|
|
Packit Service |
4684c1 |
unsigned long b);
|
|
Packit Service |
4684c1 |
/* q = a / b */
|
|
Packit Service |
4684c1 |
int (*bigint_div) (bigint_t q, const bigint_t a,
|
|
Packit Service |
4684c1 |
const bigint_t b);
|
|
Packit Service |
4684c1 |
/* 0 if prime */
|
|
Packit Service |
4684c1 |
int (*bigint_prime_check) (const bigint_t pp);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* reads a bigint from a buffer */
|
|
Packit Service |
4684c1 |
/* stores a bigint into the buffer. returns
|
|
Packit Service |
4684c1 |
* GNUTLS_E_SHORT_MEMORY_BUFFER if buf_size is not sufficient to
|
|
Packit Service |
4684c1 |
* store this integer, and updates the buf_size;
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
int (*bigint_scan) (bigint_t m, const void *buf, size_t buf_size,
|
|
Packit Service |
4684c1 |
gnutls_bigint_format_t format);
|
|
Packit Service |
4684c1 |
int (*bigint_print) (const bigint_t a, void *buf,
|
|
Packit Service |
4684c1 |
size_t * buf_size,
|
|
Packit Service |
4684c1 |
gnutls_bigint_format_t format);
|
|
Packit Service |
4684c1 |
} gnutls_crypto_bigint_st;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Additional information about the public key, filled from
|
|
Packit Service |
4684c1 |
* SubjectPublicKeyInfo parameters. When there are no parameters,
|
|
Packit Service |
4684c1 |
* the pk field will be set to GNUTLS_PK_UNKNOWN.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
typedef struct gnutls_x509_spki_st {
|
|
Packit Service |
4684c1 |
/* We can have a key which is of type RSA, but a certificate
|
|
Packit Service |
4684c1 |
* of type RSA-PSS; the value here will be the expected value
|
|
Packit Service |
4684c1 |
* for signatures (i.e., RSA-PSS) */
|
|
Packit Service |
4684c1 |
gnutls_pk_algorithm_t pk;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* the digest used by RSA-PSS */
|
|
Packit Service |
4684c1 |
gnutls_digest_algorithm_t rsa_pss_dig;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* the size of salt used by RSA-PSS */
|
|
Packit Service |
4684c1 |
unsigned int salt_size;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* if non-zero, the legacy value for PKCS#7 signatures will be
|
|
Packit Service |
4684c1 |
* written for RSA signatures. */
|
|
Packit Service |
4684c1 |
unsigned int legacy;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* the digest used by ECDSA/DSA */
|
|
Packit Service |
4684c1 |
gnutls_digest_algorithm_t dsa_dig;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* flags may include GNUTLS_PK_FLAG_REPRODUCIBLE for
|
|
Packit Service |
4684c1 |
* deterministic ECDSA/DSA */
|
|
Packit Service |
4684c1 |
unsigned int flags;
|
|
Packit Service |
4684c1 |
} gnutls_x509_spki_st;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define GNUTLS_MAX_PK_PARAMS 16
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
typedef struct {
|
|
Packit Service |
4684c1 |
bigint_t params[GNUTLS_MAX_PK_PARAMS];
|
|
Packit Service |
4684c1 |
unsigned int params_nr; /* the number of parameters */
|
|
Packit Service |
4684c1 |
unsigned int pkflags; /* gnutls_pk_flag_t */
|
|
Packit Service |
4684c1 |
unsigned int qbits; /* GNUTLS_PK_DH */
|
|
Packit Service |
4684c1 |
gnutls_ecc_curve_t curve; /* GNUTLS_PK_EC, GNUTLS_PK_ED25519, GNUTLS_PK_GOST* */
|
|
Packit Service |
4684c1 |
gnutls_group_t dh_group; /* GNUTLS_PK_DH - used by ext/key_share */
|
|
Packit Service |
4684c1 |
gnutls_gost_paramset_t gost_params; /* GNUTLS_PK_GOST_* */
|
|
Packit Service |
4684c1 |
gnutls_datum_t raw_pub; /* used by x25519 */
|
|
Packit Service |
4684c1 |
gnutls_datum_t raw_priv;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
unsigned int seed_size;
|
|
Packit Service |
4684c1 |
uint8_t seed[MAX_PVP_SEED_SIZE];
|
|
Packit Service |
4684c1 |
gnutls_digest_algorithm_t palgo;
|
|
Packit Service |
4684c1 |
/* public key information */
|
|
Packit Service |
4684c1 |
gnutls_x509_spki_st spki;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_pk_algorithm_t algo;
|
|
Packit Service |
4684c1 |
} gnutls_pk_params_st;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_pk_flag_t:
|
|
Packit Service |
4684c1 |
* @GNUTLS_PK_FLAG_NONE: No flag.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Enumeration of public-key flag.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
typedef enum {
|
|
Packit Service |
4684c1 |
GNUTLS_PK_FLAG_NONE = 0,
|
|
Packit Service |
4684c1 |
GNUTLS_PK_FLAG_PROVABLE = 1,
|
|
Packit Service |
4684c1 |
GNUTLS_PK_FLAG_REPRODUCIBLE = 2
|
|
Packit Service |
4684c1 |
} gnutls_pk_flag_t;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define FIX_SIGN_PARAMS(params, flags, dig) do { \
|
|
Packit Service |
4684c1 |
if ((flags) & GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE) { \
|
|
Packit Service |
4684c1 |
(params).flags |= GNUTLS_PK_FLAG_REPRODUCIBLE; \
|
|
Packit Service |
4684c1 |
(params).dsa_dig = (dig); \
|
|
Packit Service |
4684c1 |
} \
|
|
Packit Service |
4684c1 |
} while (0)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
void gnutls_pk_params_release(gnutls_pk_params_st * p);
|
|
Packit Service |
4684c1 |
void gnutls_pk_params_clear(gnutls_pk_params_st * p);
|
|
Packit Service |
4684c1 |
void gnutls_pk_params_init(gnutls_pk_params_st * p);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* parameters should not be larger than this limit */
|
|
Packit Service |
4684c1 |
#define DSA_PUBLIC_PARAMS 4
|
|
Packit Service |
4684c1 |
#define DH_PUBLIC_PARAMS 4
|
|
Packit Service |
4684c1 |
#define RSA_PUBLIC_PARAMS 2
|
|
Packit Service |
4684c1 |
#define ECC_PUBLIC_PARAMS 2
|
|
Packit Service |
4684c1 |
#define GOST_PUBLIC_PARAMS 2
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS /* ok for RSA and DSA */
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* parameters should not be larger than this limit */
|
|
Packit Service |
4684c1 |
#define DSA_PRIVATE_PARAMS 5
|
|
Packit Service |
4684c1 |
#define DH_PRIVATE_PARAMS 5
|
|
Packit Service |
4684c1 |
#define RSA_PRIVATE_PARAMS 8
|
|
Packit Service |
4684c1 |
#define ECC_PRIVATE_PARAMS 3
|
|
Packit Service |
4684c1 |
#define GOST_PRIVATE_PARAMS 3
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#if MAX_PRIV_PARAMS_SIZE - RSA_PRIVATE_PARAMS < 0
|
|
Packit Service |
4684c1 |
#error INCREASE MAX_PRIV_PARAMS
|
|
Packit Service |
4684c1 |
#endif
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#if MAX_PRIV_PARAMS_SIZE - ECC_PRIVATE_PARAMS < 0
|
|
Packit Service |
4684c1 |
#error INCREASE MAX_PRIV_PARAMS
|
|
Packit Service |
4684c1 |
#endif
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#if MAX_PRIV_PARAMS_SIZE - GOST_PRIVATE_PARAMS < 0
|
|
Packit Service |
4684c1 |
#error INCREASE MAX_PRIV_PARAMS
|
|
Packit Service |
4684c1 |
#endif
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#if MAX_PRIV_PARAMS_SIZE - DSA_PRIVATE_PARAMS < 0
|
|
Packit Service |
4684c1 |
#error INCREASE MAX_PRIV_PARAMS
|
|
Packit Service |
4684c1 |
#endif
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* params are:
|
|
Packit Service |
4684c1 |
* RSA:
|
|
Packit Service |
4684c1 |
* [0] is modulus
|
|
Packit Service |
4684c1 |
* [1] is public exponent
|
|
Packit Service |
4684c1 |
* [2] is private exponent (private key only)
|
|
Packit Service |
4684c1 |
* [3] is prime1 (p) (private key only)
|
|
Packit Service |
4684c1 |
* [4] is prime2 (q) (private key only)
|
|
Packit Service |
4684c1 |
* [5] is coefficient (u == inverse of p mod q) (private key only)
|
|
Packit Service |
4684c1 |
* [6] e1 == d mod (p-1)
|
|
Packit Service |
4684c1 |
* [7] e2 == d mod (q-1)
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* note that for libgcrypt that does not use the inverse of q mod p,
|
|
Packit Service |
4684c1 |
* we need to perform conversions using fixup_params().
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* DSA:
|
|
Packit Service |
4684c1 |
* [0] is p
|
|
Packit Service |
4684c1 |
* [1] is q
|
|
Packit Service |
4684c1 |
* [2] is g
|
|
Packit Service |
4684c1 |
* [3] is y (public key)
|
|
Packit Service |
4684c1 |
* [4] is x (private key only)
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* DH: as DSA
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* ECC:
|
|
Packit Service |
4684c1 |
* [0] is prime
|
|
Packit Service |
4684c1 |
* [1] is order
|
|
Packit Service |
4684c1 |
* [2] is A
|
|
Packit Service |
4684c1 |
* [3] is B
|
|
Packit Service |
4684c1 |
* [4] is Gx
|
|
Packit Service |
4684c1 |
* [5] is Gy
|
|
Packit Service |
4684c1 |
* [6] is x
|
|
Packit Service |
4684c1 |
* [7] is y
|
|
Packit Service |
4684c1 |
* [8] is k (private key)
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define ECC_X 0
|
|
Packit Service |
4684c1 |
#define ECC_Y 1
|
|
Packit Service |
4684c1 |
#define ECC_K 2
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define GOST_X 0
|
|
Packit Service |
4684c1 |
#define GOST_Y 1
|
|
Packit Service |
4684c1 |
#define GOST_K 2
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define DSA_P 0
|
|
Packit Service |
4684c1 |
#define DSA_Q 1
|
|
Packit Service |
4684c1 |
#define DSA_G 2
|
|
Packit Service |
4684c1 |
#define DSA_Y 3
|
|
Packit Service |
4684c1 |
#define DSA_X 4
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define DH_P 0
|
|
Packit Service |
4684c1 |
#define DH_Q 1
|
|
Packit Service |
4684c1 |
#define DH_G 2
|
|
Packit Service |
4684c1 |
#define DH_Y 3
|
|
Packit Service |
4684c1 |
#define DH_X 4
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define RSA_MODULUS 0
|
|
Packit Service |
4684c1 |
#define RSA_PUB 1
|
|
Packit Service |
4684c1 |
#define RSA_PRIV 2
|
|
Packit Service |
4684c1 |
#define RSA_PRIME1 3
|
|
Packit Service |
4684c1 |
#define RSA_PRIME2 4
|
|
Packit Service |
4684c1 |
#define RSA_COEF 5
|
|
Packit Service |
4684c1 |
#define RSA_E1 6
|
|
Packit Service |
4684c1 |
#define RSA_E2 7
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_direction_t:
|
|
Packit Service |
4684c1 |
* @GNUTLS_IMPORT: Import direction.
|
|
Packit Service |
4684c1 |
* @GNUTLS_EXPORT: Export direction.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Enumeration of different directions.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
typedef enum {
|
|
Packit Service |
4684c1 |
GNUTLS_IMPORT = 0,
|
|
Packit Service |
4684c1 |
GNUTLS_EXPORT = 1
|
|
Packit Service |
4684c1 |
} gnutls_direction_t;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Public key algorithms */
|
|
Packit Service |
4684c1 |
typedef struct gnutls_crypto_pk {
|
|
Packit Service |
4684c1 |
/* The params structure should contain the private or public key
|
|
Packit Service |
4684c1 |
* parameters, depending on the operation */
|
|
Packit Service |
4684c1 |
int (*encrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * ciphertext,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * plaintext,
|
|
Packit Service |
4684c1 |
const gnutls_pk_params_st * pub);
|
|
Packit Service |
4684c1 |
int (*decrypt) (gnutls_pk_algorithm_t,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * plaintext,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * ciphertext,
|
|
Packit Service |
4684c1 |
const gnutls_pk_params_st * priv);
|
|
Packit Service |
4684c1 |
int (*decrypt2) (gnutls_pk_algorithm_t,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * ciphertext,
|
|
Packit Service |
4684c1 |
unsigned char * plaintext,
|
|
Packit Service |
4684c1 |
size_t paintext_size,
|
|
Packit Service |
4684c1 |
const gnutls_pk_params_st * priv);
|
|
Packit Service |
4684c1 |
int (*sign) (gnutls_pk_algorithm_t, gnutls_datum_t * signature,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * data,
|
|
Packit Service |
4684c1 |
const gnutls_pk_params_st *priv,
|
|
Packit Service |
4684c1 |
const gnutls_x509_spki_st *sign);
|
|
Packit Service |
4684c1 |
int (*verify) (gnutls_pk_algorithm_t, const gnutls_datum_t * data,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * sig,
|
|
Packit Service |
4684c1 |
const gnutls_pk_params_st *pub,
|
|
Packit Service |
4684c1 |
const gnutls_x509_spki_st *sign);
|
|
Packit Service |
4684c1 |
/* sanity checks the public key parameters */
|
|
Packit Service |
4684c1 |
int (*verify_priv_params) (gnutls_pk_algorithm_t,
|
|
Packit Service |
4684c1 |
const gnutls_pk_params_st * priv);
|
|
Packit Service |
4684c1 |
int (*verify_pub_params) (gnutls_pk_algorithm_t,
|
|
Packit Service |
4684c1 |
const gnutls_pk_params_st * pub);
|
|
Packit Service |
4684c1 |
int (*generate_keys) (gnutls_pk_algorithm_t, unsigned int nbits,
|
|
Packit Service |
4684c1 |
gnutls_pk_params_st *, unsigned ephemeral);
|
|
Packit Service |
4684c1 |
int (*generate_params) (gnutls_pk_algorithm_t, unsigned int nbits,
|
|
Packit Service |
4684c1 |
gnutls_pk_params_st *);
|
|
Packit Service |
4684c1 |
/* this function should convert params to ones suitable
|
|
Packit Service |
4684c1 |
* for the above functions
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
int (*pk_fixup_private_params) (gnutls_pk_algorithm_t,
|
|
Packit Service |
4684c1 |
gnutls_direction_t,
|
|
Packit Service |
4684c1 |
gnutls_pk_params_st *);
|
|
Packit Service |
4684c1 |
#define PK_DERIVE_TLS13 1
|
|
Packit Service |
4684c1 |
int (*derive) (gnutls_pk_algorithm_t, gnutls_datum_t * out,
|
|
Packit Service |
4684c1 |
const gnutls_pk_params_st * priv,
|
|
Packit Service |
4684c1 |
const gnutls_pk_params_st * pub,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t *nonce,
|
|
Packit Service |
4684c1 |
unsigned int flags);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int (*curve_exists) (gnutls_ecc_curve_t); /* true/false */
|
|
Packit Service |
4684c1 |
} gnutls_crypto_pk_st;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* priority: infinity for backend algorithms, 90 for kernel
|
|
Packit Service |
4684c1 |
algorithms, lowest wins
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
int gnutls_crypto_single_cipher_register(gnutls_cipher_algorithm_t
|
|
Packit Service |
4684c1 |
algorithm, int priority,
|
|
Packit Service |
4684c1 |
const gnutls_crypto_single_cipher_st *s,
|
|
Packit Service |
4684c1 |
int free_s);
|
|
Packit Service |
4684c1 |
int gnutls_crypto_single_mac_register(gnutls_mac_algorithm_t algorithm,
|
|
Packit Service |
4684c1 |
int priority,
|
|
Packit Service |
4684c1 |
const gnutls_crypto_single_mac_st *
|
|
Packit Service |
4684c1 |
s, int free_s);
|
|
Packit Service |
4684c1 |
int gnutls_crypto_single_digest_register(gnutls_digest_algorithm_t
|
|
Packit Service |
4684c1 |
algorithm, int priority,
|
|
Packit Service |
4684c1 |
const
|
|
Packit Service |
4684c1 |
gnutls_crypto_single_digest_st *
|
|
Packit Service |
4684c1 |
s, int free_s);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int gnutls_crypto_rnd_register(int priority,
|
|
Packit Service |
4684c1 |
const gnutls_crypto_rnd_st * s);
|
|
Packit Service |
4684c1 |
int gnutls_crypto_pk_register(int priority, const gnutls_crypto_pk_st * s);
|
|
Packit Service |
4684c1 |
int gnutls_crypto_bigint_register(int priority,
|
|
Packit Service |
4684c1 |
const gnutls_crypto_bigint_st * s);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Provided by crypto-backend */
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
_gnutls_prf_raw(gnutls_mac_algorithm_t mac,
|
|
Packit Service |
4684c1 |
size_t master_size, const void *master,
|
|
Packit Service |
4684c1 |
size_t label_size, const char *label,
|
|
Packit Service |
4684c1 |
size_t seed_size, const uint8_t *seed, size_t outsize,
|
|
Packit Service |
4684c1 |
char *out);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int _gnutls_gost_key_wrap(gnutls_gost_paramset_t gost_params,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t *kek,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t *ukm,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t *cek,
|
|
Packit Service |
4684c1 |
gnutls_datum_t *enc,
|
|
Packit Service |
4684c1 |
gnutls_datum_t *imit);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int _gnutls_gost_key_unwrap(gnutls_gost_paramset_t gost_params,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t *kek,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t *ukm,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t *enc,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t *imit,
|
|
Packit Service |
4684c1 |
gnutls_datum_t *cek);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#endif /* GNUTLS_LIB_CRYPTO_BACKEND_H */
|