Crypt-MatrixSSL
view release on metacpan or search on metacpan
ca-certificates.crt view on Meta::CPAN
5NfXjhSrtRlYs85s4E2C0wOEwasAGHpJqBV9CMkBYCeU6PsJYJ7RP07NE6N4/WX3
EV/2mwAwjCLtKIllG9MfYXvDI6PjxoD5g/P3ut6GeF/2lcOMakgiZYXTInn2/UQW
6A9hBDYqdcbb4mUUJ2LcglyWEjMOTBjV9jydsc1hHLGF+QPRuvZM1u6ffdGSIfD2
ChakNIf3Vo+TvpevUqcCAwEAAaM8MDowCwYDVR0PBAQDAgHEMAwGA1UdEwQFMAMB
Af8wHQYDVR0OBBYEFPjNzO5Zx9l6SQKcbWNh7+dtGe0HMA0GCSqGSIb3DQEBBAUA
A4IBAQCDld3QdwdCZqXldjxNjr2xNO+kYt3LGyaiOl9QmEe7VvrFOYZt2yPntFEK
4RBaPUDkohrrF4MiOCXm5u0+q4WNg4SQS104Jf32nmNuOUjKbVOXoB3SEVuPx5z0
B+s7QkHtkQp+9H0wkE4f/cU2bMtLT0M29yfJxO2x6PwOepUR5w4xzKYfQrcUaYyj
mg5Myzqtl4weqt2iUpdUB9E+yALbM8wHv3rxXoAr9r3vcAyJeMl7gNfZ8W0Rk53q
jZcC9l4DLXLcOplp/L5JeS5R5dcxD44BBIeEksmmYlIZhueGmrLLYu22xCln/RMU
PDCBC5nFDqG+sBr7jVC6+MemssBp
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC2zCCAcOgAwIBAAIBADANBgkqhkiG9w0BAQQFADAtMQswCQYDVQQGEwJhdTEe
MBwGA1UEChMVU2VjdXJlTmV0IENBIFNHQyBSb290MCYXETk5MDYzMDAwMDAwMCsx
MDAwFxEwOTEwMTUyMzU5MDArMTAwMDAtMQswCQYDVQQGEwJhdTEeMBwGA1UEChMV
U2VjdXJlTmV0IENBIFNHQyBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAp1uxDYpTIbpSiDiQQmVE/Vbrc8WF8wYx5Qj8jLHVescLIwq8WgkiAfin
wN5XdDGLrTbMXnP39kTwMcr1LKIF8wocMHqGM+JGU/Zk1kersVOUY3fEYtMvC+pf
sHUCXvgrzybz3tKt62V/vC5BhPyZmumBG6ecZsf49bKEGyB1ciHHhP8CRswPpmmF
fVkh1Q6nXVYVT8wfQSx/Zhuv691Bo+yp5lZK/h6nxFwiny/gC3QBcMhzgwoHpGie
ca-certificates.crt view on Meta::CPAN
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDITCCAoqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCWkEx
FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
ZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFBlcnNvbmFsIEJhc2lj
IENBMSgwJgYJKoZIhvcNAQkBFhlwZXJzb25hbC1iYXNpY0B0aGF3dGUuY29tMB4X
DTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgcsxCzAJBgNVBAYTAlpBMRUw
EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UE
ChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQZXJzb25hbCBCYXNpYyBD
QTEoMCYGCSqGSIb3DQEJARYZcGVyc29uYWwtYmFzaWNAdGhhd3RlLmNvbTCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvLyTU23AUE+CFeZIlDWmWr5vQvoPR+53
dXLdjUmbllegeNTKP1GzaQuRdhciB5dqxFGTS+CN7zeVoQxN2jSQHReJl+A1OFdK
wPQIcOk8RHtQfmGakOMj04gRRif1CwcOu93RfyAKiLlWCy4cgNrx454p7xS9CkT7
G1sY0b8jkyECAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQF
AAOBgQAt4plrsD16iddZopQBHyvdEktTwq1/qqcAXJFAVyVKOKqEcLnZgA+le1z7
c8a914phXAPjLSeoF+CEhULcXpvGt7Jtu3Sv5D/Lp7ew4F2+eIMllNLbgQ95B21P
9DkVWlIBe94y1k049hJcBlDfBVu9FEuh3ym6O0GN92NWod8isQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
matrixssl-1-8-6-open/src/cipherSuite.c view on Meta::CPAN
#endif
#ifdef USE_SSL_RSA_WITH_RC4_128_MD5
static int32 matrixCipher4Init(sslSec_t *sec, int32 type);
#endif /* USE_SSL_RSA_WITH_RC4_128_MD5 */
#ifdef USE_SSL_RSA_WITH_RC4_128_SHA
static int32 matrixCipher5Init(sslSec_t *sec, int32 type);
#endif /* USE_SSL_RSA_WITH_RC4_128_SHA */
#ifdef USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA
static int32 matrixCipherAInit(sslSec_t *sec, int32 type);
#endif /* USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA */
static int32 nullInit(sslSec_t *sec, int32 type);
static int32 nullEncrypt(sslCipherContext_t *ctx, unsigned char *in,
unsigned char *out, int32 len);
static int32 nullDecrypt(sslCipherContext_t *ctx, unsigned char *in,
unsigned char *out, int32 len);
static int32 nullEncryptPub(psPool_t *pool, sslRsaKey_t *key,
matrixssl-1-8-6-open/src/cipherSuite.c view on Meta::CPAN
int32 len, unsigned char *mac);
/******************************************************************************/
static sslCipherSpec_t supportedCiphers[] = {
/*
New ciphers should be added here, similar to the ones below
These ciphers should be in order of the most desireable to the
least desireable ciphers to negotiate.
*/
#ifdef USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA
{SSL_RSA_WITH_3DES_EDE_CBC_SHA,
20, /* macSize */
24, /* keySize */
8, /* ivSize */
8, /* blocksize */
matrixCipherAInit,
matrix3desEncrypt,
matrix3desDecrypt,
matrixRsaEncryptPub,
matrixRsaDecryptPriv,
sha1GenerateMac,
sha1VerifyMac},
#endif /* USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA */
#ifdef USE_SSL_RSA_WITH_RC4_128_SHA
{SSL_RSA_WITH_RC4_128_SHA,
20, /* macSize */
16, /* keySize */
0, /* ivSize */
1, /* blocksize */
matrixCipher5Init,
matrixArc4,
matrixArc4,
matrixRsaEncryptPub,
matrixssl-1-8-6-open/src/cipherSuite.c view on Meta::CPAN
} else {
matrixArc4Init(&(sec->decryptCtx), sec->readKey, 16);
}
return 0;
}
#endif /* USE_SSL_RSA_WITH_RC4_128_SHA */
/******************************************************************************/
/*
SSL_RSA_WITH_3DES_EDE_CBC_SHA cipher init
*/
#ifdef USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA
static int32 matrixCipherAInit(sslSec_t *sec, int32 type)
{
if (type == INIT_ENCRYPT_CIPHER) {
if (matrix3desInit(&(sec->encryptCtx), sec->writeIV, sec->writeKey,
SSL_DES3_KEY_LEN) < 0) {
return -1;
}
} else {
if (matrix3desInit(&(sec->decryptCtx), sec->readIV, sec->readKey,
SSL_DES3_KEY_LEN) < 0) {
return -1;
}
}
return 0;
}
#endif /* USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA */
/******************************************************************************/
/*
SSL_NULL_WITH_NULL_NULL cipher functions
Used in handshaking before SSL_RECORD_TYPE_CHANGE_CIPHER_SPEC message
FUTURE - remove the memcpy to support in-situ decryption
*/
static int32 nullInit(sslSec_t *sec, int32 type)
{
return 0;
matrixssl-1-8-6-open/src/crypto/cryptoLayer.h view on Meta::CPAN
#define USE_SHA1_MAC
#define USE_RSA
#endif
#ifdef USE_SSL_RSA_WITH_RC4_128_MD5
#define USE_ARC4
#define USE_MD5_MAC
#define USE_RSA
#endif
#ifdef USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA
#define USE_3DES
#define USE_SHA1_MAC
#define USE_RSA
#endif
/*
Support for optionally encrypted private key files. These are
usually encrypted with 3DES.
*/
#ifdef USE_ENCRYPTED_PRIVATE_KEYS
matrixssl-1-8-6-open/src/crypto/peersec/des3.c view on Meta::CPAN
0x10041040UL, 0x00041000UL, 0x00041000UL, 0x00001040UL,
0x00001040UL, 0x00040040UL, 0x10000000UL, 0x10041000UL,
0xe1f27f3aUL, 0xf5710fb0UL, 0xada0e5c4UL, 0x98e4c919UL
};
static void cookey(const ulong32 *raw1, ulong32 *keyout);
static void deskey(const unsigned char *key, short edf, ulong32 *keyout);
/******************************************************************************/
/*
Init the 3DES block cipher context for CBC-EDE mode.
IV should point to 8 bytes of initialization vector
Key should point to 24 bytes of data
*/
int32 matrix3desInit(sslCipherContext_t *ctx, unsigned char *IV,
unsigned char *key, int32 keylen)
{
int32 x, err;
if (IV == NULL || key == NULL || ctx == NULL || keylen != SSL_DES3_KEY_LEN){
return -1;
matrixssl-1-8-6-open/src/crypto/peersec/des3.c view on Meta::CPAN
ctx->des3.blocklen = SSL_DES3_IV_LEN;
for (x = 0; x < ctx->des3.blocklen; x++) {
ctx->des3.IV[x] = IV[x];
}
ctx->des3.explicitIV = 0;
return 0;
}
/******************************************************************************/
/*
Encrypt a buffer using 3DES-EDE-CBC
(Encrypt Decrypt Encrypt and Cipher Block Chaining)
len must be a multiple of blockLen (8 bytes)
*/
int32 matrix3desEncrypt(sslCipherContext_t *ctx, unsigned char *pt,
unsigned char *ct, int32 len)
{
int32 x, i;
unsigned char tmp[MAXBLOCKSIZE];
if (pt == NULL || ct == NULL || ctx == NULL || (len & 0x7) != 0) {
matrixssl-1-8-6-open/src/crypto/peersec/des3.c view on Meta::CPAN
}
#ifdef CLEAN_STACK
psZeromem(tmp, sizeof(tmp));
#endif /* CLEAN STACK */
return len;
}
/******************************************************************************/
/*
Decrypt a buffer using 3DES-EDE-CBC
(Encrypt Decrypt Encrypt and Cipher Block Chaining)
len must be a multiple of blockLen (8 bytes)
*/
int32 matrix3desDecrypt(sslCipherContext_t *ctx, unsigned char *ct,
unsigned char *pt, int32 len)
{
int32 x, i;
unsigned char tmp[MAXBLOCKSIZE], tmp2[MAXBLOCKSIZE];
if (pt == NULL || ct == NULL || ctx == NULL || (len & 0x7) != 0) {
matrixssl-1-8-6-open/src/crypto/peersec/des3.c view on Meta::CPAN
3. E01FE01FF10EF10E 1FE01FEOOEF10EF1
4. 01FE01FE01FE01FE FE01FE01FE01FE01
5. 011F011F0l0E010E 1F011F0l0E0l0E01
6. E0FEE0FEFlFEFlFE FEE0FEE0FEFlFEF1
7. 0101010101010101
8. FEFEFEFEFEFEFEFE
9. E0E0E0E0FlFlFlFl
10. lFlFlFlF0E0E0E0E
*/
int32 des3_setup(const unsigned char *key, int32 keylen, int32 num_rounds,
des3_CBC *skey)
{
if (key == NULL || skey == NULL) {
return -1;
}
if( num_rounds != 0 && num_rounds != 16) {
return CRYPT_INVALID_ROUNDS;
}
if (keylen != 24) {
matrixssl-1-8-6-open/src/crypto/peersec/des3.c view on Meta::CPAN
deskey(key+16, EN0, skey->key.ek[2]);
deskey(key, DE1, skey->key.dk[2]);
deskey(key+8, EN0, skey->key.dk[1]);
deskey(key+16, DE1, skey->key.dk[0]);
return CRYPT_OK;
}
int des_setup(const unsigned char *key, int keylen, int num_rounds,
des3_CBC *skey)
{
if (num_rounds != 0 && num_rounds != 16) {
return CRYPT_INVALID_ROUNDS;
}
if (keylen != 8) {
return CRYPT_INVALID_KEYSIZE;
}
deskey(key, EN0, skey->key.ek[0]);
deskey(key, DE1, skey->key.dk[0]);
return CRYPT_OK;
}
void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct,
des3_CBC *key)
{
ulong32 work[2];
LOAD32H(work[0], pt+0);
LOAD32H(work[1], pt+4);
desfunc(work, key->key.ek[0]);
desfunc(work, key->key.ek[1]);
desfunc(work, key->key.ek[2]);
STORE32H(work[0],ct+0);
STORE32H(work[1],ct+4);
}
void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct,
des3_CBC *key)
{
ulong32 work[2];
LOAD32H(work[0], pt+0);
LOAD32H(work[1], pt+4);
desfunc(work, key->key.ek[0]);
STORE32H(work[0],ct+0);
STORE32H(work[1],ct+4);
}
void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt,
des3_CBC *key)
{
ulong32 work[2];
LOAD32H(work[0], ct+0);
LOAD32H(work[1], ct+4);
desfunc(work, key->key.dk[0]);
desfunc(work, key->key.dk[1]);
desfunc(work, key->key.dk[2]);
STORE32H(work[0],pt+0);
STORE32H(work[1],pt+4);
}
void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt,
des3_CBC *key)
{
ulong32 work[2];
LOAD32H(work[0], ct+0);
LOAD32H(work[1], ct+4);
desfunc(work, key->key.dk[0]);
STORE32H(work[0],pt+0);
STORE32H(work[1],pt+4);
}
int32 des3_keysize(int32 *desired_keysize)
matrixssl-1-8-6-open/src/crypto/peersec/des3.c view on Meta::CPAN
matrixMd5Final(&state, md5);
memcpy(key + SSL_MD5_HASH_SIZE, md5, SSL_DES3_KEY_LEN - SSL_MD5_HASH_SIZE);
}
#ifdef PEERSEC_TEST
int32 matrixDes3Test()
{
unsigned char key[24], pt[8], ct[8], tmp[8];
des3_CBC skey;
int32 x, err;
for (x = 0; x < 8; x++) {
pt[x] = x;
}
for (x = 0; x < 24; x++) {
key[x] = x;
}
matrixssl-1-8-6-open/src/crypto/peersec/des3.c view on Meta::CPAN
if (memcmp(pt, tmp, 8) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
return CRYPT_OK;
}
int32 matrixDesTest()
{
unsigned char key[8], pt[8], ct[8], tmp[8];
des3_CBC skey;
int32 x, err;
for (x = 0; x < 8; x++) {
pt[x] = x;
}
for (x = 0; x < 8; x++) {
key[x] = x;
}
matrixssl-1-8-6-open/src/crypto/peersec/pscrypto.h view on Meta::CPAN
#define SSL_DES3_IV_LEN 8
#define SSL_DES_KEY_LEN 8
#ifdef USE_3DES
typedef struct {
ulong32 ek[3][32], dk[3][32];
} des3_key;
/*
A block cipher CBC structure
*/
typedef struct {
int32 blocklen;
unsigned char IV[8];
des3_key key;
int32 explicitIV; /* 1 if yes */
} des3_CBC;
extern int32 des3_setup(const unsigned char *key, int32 keylen, int32 num_rounds,
des3_CBC *skey);
extern void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct,
des3_CBC *key);
extern void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt,
des3_CBC *key);
extern int32 des3_keysize(int32 *desired_keysize);
extern int32 des_setup(const unsigned char *key, int32 keylen, int32 num_rounds,
des3_CBC *skey);
extern void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct,
des3_CBC *key);
extern void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt,
des3_CBC *key);
#endif /* USE_3DES */
typedef union {
#ifdef USE_ARC4
rc4_key arc4;
#endif
#ifdef USE_3DES
des3_CBC des3;
#endif
} sslCipherContext_t;
/*
Controls endianess and size of registers. Leave uncommented to get
platform neutral [slower] code detect x86-32 machines somewhat
*/
#if (defined(_MSC_VER) && defined(WIN32)) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__)))
#define ENDIAN_LITTLE
matrixssl-1-8-6-open/src/matrixConfig.h view on Meta::CPAN
#define SSL_SESSION_TABLE_SIZE 32
/******************************************************************************/
/*
Define the following to enable various cipher suites
At least one of these must be defined. If multiple are defined,
the handshake will determine which is best for the connection.
*/
#define USE_SSL_RSA_WITH_RC4_128_MD5
#define USE_SSL_RSA_WITH_RC4_128_SHA
#define USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA
/******************************************************************************/
/*
Support for encrypted private key files, using 3DES
*/
#define USE_ENCRYPTED_PRIVATE_KEYS
/******************************************************************************/
/*
Support for client side SSL
matrixssl-1-8-6-open/src/matrixInternal.h view on Meta::CPAN
/*
SSL cipher suite values
*/
#define SSL_NULL_WITH_NULL_NULL 0x0000
#define SSL_RSA_WITH_NULL_MD5 0x0001
#define SSL_RSA_WITH_NULL_SHA 0x0002
#define SSL_RSA_WITH_RC4_128_MD5 0x0004
#define SSL_RSA_WITH_RC4_128_SHA 0x0005
#define SSL_RSA_WITH_3DES_EDE_CBC_SHA 0x000A
/*
Maximum key block size for any defined cipher
This must be validated if new ciphers are added
Value is largest total among all cipher suites for
2*macSize + 2*keySize + 2*ivSize
*/
#define SSL_MAX_KEY_BLOCK_SIZE 2*20 + 2*24 + 2*8
/*
matrixssl-1-8-6-open/src/pki/rsaPki.c view on Meta::CPAN
#define ATTRIB_COUNTRY_NAME 6
#define ATTRIB_LOCALITY 7
#define ATTRIB_ORGANIZATION 10
#define ATTRIB_ORG_UNIT 11
#define ATTRIB_DN_QUALIFIER 46
#define ATTRIB_STATE_PROVINCE 8
#define ATTRIB_COMMON_NAME 3
#ifdef USE_3DES
static const char encryptHeader[] = "DEK-Info: DES-EDE3-CBC,";
static int32 hexToBinary(unsigned char *hex, unsigned char *bin, int32 binlen);
#endif
static int32 psAsnParsePrivateKey(psPool_t *pool, unsigned char **pp,
int32 size, sslRsaKey_t *key);
#endif /* USE_RSA */
/******************************************************************************/
/*
t/cert/testserver.key.des3 view on Meta::CPAN
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,CFB6890B16E0776A
AsVMgUuSBiVXmi9BP8vR0mV/8FCDZexYUVQMQdMv+j3qvHgkWCbhTBjwrW/GUBwx
wrEiWjchaE64hXu4/HDKIMwSUieyiE86zthPWRJ1rL7tw1FPkpWh2NpgqVmOfRX9
tmOwVqnTAMLiQBIWGbzq50mDA0BCagFoLO4Aag/sTerjpUCOwwPxHybRxrkGA0+v
trm+ip/YhhItArqOhj9yrkIDUWuUQveJGcv7iydOpTdIWNTrfOQxOeWf9H1lYHWD
bn1tIzou8l/CuFwpZUOAgB3NgWJoy+mX+zudu5Rak5Rc3fW6hMgL/PrNjhnn01uN
ZYUllVDFny9TPM0nJQSiTcOvvHrsnUE8CPT3wCegeljYWeGj8c3WEGo4YVsycFju
QsijFEBQ/pKad+P99yW9WJZdT+47S6rtP+OXvbkEvggFupmsKJElwOq2e6F2QEUs
yKJGxFKDk5d1RqZeU6TNWNasjsC0rzy39Zxtl3Uz52VqdxVsIOOqzaZ2lh4lTPtv
obDfF4Sm62+dRWXgGX63bWSBPDATvpcUkQtk6xkpkI6OF0IRJXedSGDfWTSnTKbw
( run in 1.334 second using v1.01-cache-2.11-cpan-e1769b4cff6 )