Crypt-Bear
view release on metacpan or search on metacpan
src/inner.h view on Meta::CPAN
* Check PKCS#1 v1.5 padding (for signatures). 'hash_oid' is the encoded
* hash function OID, or NULL. The provided 'sig' value is _after_ the
* modular exponentiation, i.e. it should be the padded hash. On
* success, the hashed message is extracted.
*/
uint32_t br_rsa_pkcs1_sig_unpad(const unsigned char *sig, size_t sig_len,
const unsigned char *hash_oid, size_t hash_len,
unsigned char *hash_out);
/*
* Apply proper PSS padding. The 'x' buffer is output only: it
* receives the value that is to be exponentiated.
*/
uint32_t br_rsa_pss_sig_pad(const br_prng_class **rng,
const br_hash_class *hf_data, const br_hash_class *hf_mgf1,
const unsigned char *hash, size_t salt_len,
uint32_t n_bitlen, unsigned char *x);
/*
* Check PSS padding. The provided value is the one _after_
* the modular exponentiation; it is modified by this function.
* This function infers the signature length from the public key
* size, i.e. it assumes that this has already been verified (as
* part of the exponentiation).
*/
uint32_t br_rsa_pss_sig_unpad(
const br_hash_class *hf_data, const br_hash_class *hf_mgf1,
const unsigned char *hash, size_t salt_len,
const br_rsa_public_key *pk, unsigned char *x);
/*
* Apply OAEP padding. Returned value is the actual padded string length,
* or zero on error.
*/
size_t br_rsa_oaep_pad(const br_prng_class **rnd, const br_hash_class *dig,
const void *label, size_t label_len, const br_rsa_public_key *pk,
void *dst, size_t dst_nax_len, const void *src, size_t src_len);
/*
* Unravel and check OAEP padding. If the padding is correct, then 1 is
* returned, '*len' is adjusted to the length of the message, and the
* data is moved to the start of the 'data' buffer. If the padding is
* incorrect, then 0 is returned and '*len' is untouched. Either way,
* the complete buffer contents are altered.
*/
uint32_t br_rsa_oaep_unpad(const br_hash_class *dig,
const void *label, size_t label_len, void *data, size_t *len);
/*
* Compute MGF1 for a given seed, and XOR the output into the provided
* buffer.
*/
void br_mgf1_xor(void *data, size_t len,
const br_hash_class *dig, const void *seed, size_t seed_len);
/*
* Inner function for RSA key generation; used by the "i31" and "i62"
* implementations.
*/
uint32_t br_rsa_i31_keygen_inner(const br_prng_class **rng,
br_rsa_private_key *sk, void *kbuf_priv,
br_rsa_public_key *pk, void *kbuf_pub,
unsigned size, uint32_t pubexp, br_i31_modpow_opt_type mp31);
/* ==================================================================== */
/*
* Elliptic curves.
*/
/*
* Type for generic EC parameters: curve order (unsigned big-endian
* encoding) and encoded conventional generator.
*/
typedef struct {
int curve;
const unsigned char *order;
size_t order_len;
const unsigned char *generator;
size_t generator_len;
} br_ec_curve_def;
extern const br_ec_curve_def br_secp256r1;
extern const br_ec_curve_def br_secp384r1;
extern const br_ec_curve_def br_secp521r1;
/*
* For Curve25519, the advertised "order" really is 2^255-1, since the
* point multipliction function really works over arbitrary 255-bit
* scalars. This value is only meant as a hint for ECDH key generation;
* only ECDSA uses the exact curve order, and ECDSA is not used with
* that specific curve.
*/
extern const br_ec_curve_def br_curve25519;
/*
* Decode some bytes as an i31 integer, with truncation (corresponding
* to the 'bits2int' operation in RFC 6979). The target ENCODED bit
* length is provided as last parameter. The resulting value will have
* this declared bit length, and consists the big-endian unsigned decoding
* of exactly that many bits in the source (capped at the source length).
*/
void br_ecdsa_i31_bits2int(uint32_t *x,
const void *src, size_t len, uint32_t ebitlen);
/*
* Decode some bytes as an i15 integer, with truncation (corresponding
* to the 'bits2int' operation in RFC 6979). The target ENCODED bit
* length is provided as last parameter. The resulting value will have
* this declared bit length, and consists the big-endian unsigned decoding
* of exactly that many bits in the source (capped at the source length).
*/
void br_ecdsa_i15_bits2int(uint16_t *x,
const void *src, size_t len, uint32_t ebitlen);
/* ==================================================================== */
/*
* ASN.1 support functions.
*/
/*
* A br_asn1_uint structure contains encoding information about an
* INTEGER nonnegative value: pointer to the integer contents (unsigned
* big-endian representation), length of the integer contents,
* and length of the encoded value. The data shall have minimal length:
* - If the integer value is zero, then 'len' must be zero.
* - If the integer value is not zero, then data[0] must be non-zero.
*
* Under these conditions, 'asn1len' is necessarily equal to either len
* or len+1.
*/
typedef struct {
const unsigned char *data;
size_t len;
size_t asn1len;
} br_asn1_uint;
/*
* Given an encoded integer (unsigned big-endian, with possible leading
* bytes of value 0), returned the "prepared INTEGER" structure.
*/
br_asn1_uint br_asn1_uint_prepare(const void *xdata, size_t xlen);
/*
* Encode an ASN.1 length. The length of the encoded length is returned.
* If 'dest' is NULL, then no encoding is performed, but the length of
* the encoded length is still computed and returned.
*/
size_t br_asn1_encode_length(void *dest, size_t len);
/*
* Convenient macro for computing lengths of lengths.
*/
#define len_of_len(len) br_asn1_encode_length(NULL, len)
/*
* Encode a (prepared) ASN.1 INTEGER. The encoded length is returned.
* If 'dest' is NULL, then no encoding is performed, but the length of
* the encoded integer is still computed and returned.
*/
size_t br_asn1_encode_uint(void *dest, br_asn1_uint pp);
/*
* Get the OID that identifies an elliptic curve. Returned value is
* the DER-encoded OID, with the length (always one byte) but without
* the tag. Thus, the first byte of the returned buffer contains the
* number of subsequent bytes in the value. If the curve is not
* recognised, NULL is returned.
*/
const unsigned char *br_get_curve_OID(int curve);
/*
* Inner function for EC private key encoding. This is equivalent to
* the API function br_encode_ec_raw_der(), except for an extra
* parameter: if 'include_curve_oid' is zero, then the curve OID is
* _not_ included in the output blob (this is for PKCS#8 support).
*/
size_t br_encode_ec_raw_der_inner(void *dest,
const br_ec_private_key *sk, const br_ec_public_key *pk,
int include_curve_oid);
/* ==================================================================== */
/*
* SSL/TLS support functions.
*/
/*
* Record types.
*/
#define BR_SSL_CHANGE_CIPHER_SPEC 20
#define BR_SSL_ALERT 21
#define BR_SSL_HANDSHAKE 22
#define BR_SSL_APPLICATION_DATA 23
/*
* Handshake message types.
*/
#define BR_SSL_HELLO_REQUEST 0
#define BR_SSL_CLIENT_HELLO 1
#define BR_SSL_SERVER_HELLO 2
#define BR_SSL_CERTIFICATE 11
#define BR_SSL_SERVER_KEY_EXCHANGE 12
#define BR_SSL_CERTIFICATE_REQUEST 13
#define BR_SSL_SERVER_HELLO_DONE 14
#define BR_SSL_CERTIFICATE_VERIFY 15
#define BR_SSL_CLIENT_KEY_EXCHANGE 16
#define BR_SSL_FINISHED 20
/*
* Alert levels.
*/
#define BR_LEVEL_WARNING 1
#define BR_LEVEL_FATAL 2
/*
* Low-level I/O state.
*/
#define BR_IO_FAILED 0
#define BR_IO_IN 1
#define BR_IO_OUT 2
#define BR_IO_INOUT 3
/*
* Mark a SSL engine as failed. The provided error code is recorded if
* the engine was not already marked as failed. If 'err' is 0, then the
* engine is marked as closed (without error).
*/
void br_ssl_engine_fail(br_ssl_engine_context *cc, int err);
/*
* Test whether the engine is closed (normally or as a failure).
*/
static inline int
br_ssl_engine_closed(const br_ssl_engine_context *cc)
{
return cc->iomode == BR_IO_FAILED;
}
/*
( run in 1.311 second using v1.01-cache-2.11-cpan-ceb78f64989 )