Crypt-Bear
view release on metacpan or search on metacpan
t/20_aes_cbc.t
t/21_aes_ctr.t
t/25_aes_gcm.t
t/30_prng.t
t/40_rsa.t
t/45_ec.t
t/50_pem.t
t/53_pem_certs.t
t/54_trust_anchors.t
t/56_cert_chains.t
t/58_private_key.t
t/60_client_server.t
t/server.crt
t/server.key
t/vTrus_ECC_Root_CA.pem
t/vTrus_Root_CA.pem
typemap
xt/author/pod-coverage.t
xt/author/pod-syntax.t
include/bearssl_ec.h view on Meta::CPAN
* recommended that the private key has the same length as the curve
* subgroup order.
*/
typedef struct {
/** \brief Identifier for the curve used by this key. */
int curve;
/** \brief Private key (integer, unsigned big-endian encoding). */
unsigned char *x;
/** \brief Private key length (in bytes). */
size_t xlen;
} br_ec_private_key;
/**
* \brief Type for an EC implementation.
*/
typedef struct {
/**
* \brief Supported curves.
*
* This word is a bitfield: bit `x` is set if the curve of ID `x`
* is supported. E.g. an implementation supporting both NIST P-256
include/bearssl_ec.h view on Meta::CPAN
*
* \param impl EC implementation to use.
* \param hf hash function used to process the data.
* \param hash_value signed data (hashed).
* \param sk EC private key.
* \param sig destination buffer.
* \return the signature length (in bytes), or 0 on error.
*/
typedef size_t (*br_ecdsa_sign)(const br_ec_impl *impl,
const br_hash_class *hf, const void *hash_value,
const br_ec_private_key *sk, void *sig);
/**
* \brief Type for an ECDSA signature verification function.
*
* A pointer to the EC implementation is provided. The hashed value,
* computed over the purportedly signed data, is also provided with
* its length.
*
* The signature format is either "raw" or "asn1", depending on the
* implementation.
include/bearssl_ec.h view on Meta::CPAN
*
* \param impl EC implementation to use.
* \param hf hash function used to process the data.
* \param hash_value signed data (hashed).
* \param sk EC private key.
* \param sig destination buffer.
* \return the signature length (in bytes), or 0 on error.
*/
size_t br_ecdsa_i31_sign_asn1(const br_ec_impl *impl,
const br_hash_class *hf, const void *hash_value,
const br_ec_private_key *sk, void *sig);
/**
* \brief ECDSA signature generator, "i31" implementation, "raw" format.
*
* \see br_ecdsa_sign()
*
* \param impl EC implementation to use.
* \param hf hash function used to process the data.
* \param hash_value signed data (hashed).
* \param sk EC private key.
* \param sig destination buffer.
* \return the signature length (in bytes), or 0 on error.
*/
size_t br_ecdsa_i31_sign_raw(const br_ec_impl *impl,
const br_hash_class *hf, const void *hash_value,
const br_ec_private_key *sk, void *sig);
/**
* \brief ECDSA signature verifier, "i31" implementation, "asn1" format.
*
* \see br_ecdsa_vrfy()
*
* \param impl EC implementation to use.
* \param hash signed data (hashed).
* \param hash_len hash value length (in bytes).
* \param pk EC public key.
include/bearssl_ec.h view on Meta::CPAN
*
* \param impl EC implementation to use.
* \param hf hash function used to process the data.
* \param hash_value signed data (hashed).
* \param sk EC private key.
* \param sig destination buffer.
* \return the signature length (in bytes), or 0 on error.
*/
size_t br_ecdsa_i15_sign_asn1(const br_ec_impl *impl,
const br_hash_class *hf, const void *hash_value,
const br_ec_private_key *sk, void *sig);
/**
* \brief ECDSA signature generator, "i15" implementation, "raw" format.
*
* \see br_ecdsa_sign()
*
* \param impl EC implementation to use.
* \param hf hash function used to process the data.
* \param hash_value signed data (hashed).
* \param sk EC private key.
* \param sig destination buffer.
* \return the signature length (in bytes), or 0 on error.
*/
size_t br_ecdsa_i15_sign_raw(const br_ec_impl *impl,
const br_hash_class *hf, const void *hash_value,
const br_ec_private_key *sk, void *sig);
/**
* \brief ECDSA signature verifier, "i15" implementation, "asn1" format.
*
* \see br_ecdsa_vrfy()
*
* \param impl EC implementation to use.
* \param hash signed data (hashed).
* \param hash_len hash value length (in bytes).
* \param pk EC public key.
include/bearssl_ec.h view on Meta::CPAN
* still generated and stored in `kbuf`.
*
* \param rng_ctx source PRNG context (already initialized).
* \param impl the elliptic curve implementation.
* \param sk the private key structure to fill, or `NULL`.
* \param kbuf the key element buffer, or `NULL`.
* \param curve the curve identifier.
* \return the key data length (in bytes), or zero.
*/
size_t br_ec_keygen(const br_prng_class **rng_ctx,
const br_ec_impl *impl, br_ec_private_key *sk,
void *kbuf, int curve);
/**
* \brief Compute EC public key from EC private key.
*
* This function uses the provided elliptic curve implementation (`impl`)
* to compute the public key corresponding to the private key held in `sk`.
* The public key point is written into `kbuf`, which is then linked from
* the `*pk` structure. The size of the public key point, i.e. the number
* of bytes used in `kbuf`, is returned.
include/bearssl_ec.h view on Meta::CPAN
* The private key MUST be valid. An off-range private key value is not
* necessarily detected, and leads to unpredictable results.
*
* \param impl the elliptic curve implementation.
* \param pk the public key structure to fill (or `NULL`).
* \param kbuf the public key point buffer (or `NULL`).
* \param sk the source private key.
* \return the public key point length (in bytes), or zero.
*/
size_t br_ec_compute_pub(const br_ec_impl *impl, br_ec_public_key *pk,
void *kbuf, const br_ec_private_key *sk);
#ifdef __cplusplus
}
#endif
#endif
include/bearssl_rsa.h view on Meta::CPAN
/** \brief First reduced private exponent length (in bytes). */
size_t dplen;
/** \brief Second reduced private exponent. */
unsigned char *dq;
/** \brief Second reduced private exponent length (in bytes). */
size_t dqlen;
/** \brief CRT coefficient. */
unsigned char *iq;
/** \brief CRT coefficient length (in bytes). */
size_t iqlen;
} br_rsa_private_key;
/**
* \brief Type for a RSA public key engine.
*
* The public key engine performs the modular exponentiation of the
* provided value with the public exponent. The value is modified in
* place.
*
* The value length (`xlen`) is verified to have _exactly_ the same
* length as the modulus (actual modulus length, without extra leading
include/bearssl_rsa.h view on Meta::CPAN
* the modulus length (`x[]` is assumed to have a length of
* `(sk->n_bitlen+7)/8` bytes).
*
* Returned value is 1 on success, 0 on error.
*
* \param x operand to exponentiate.
* \param sk RSA private key.
* \return 1 on success, 0 on error.
*/
typedef uint32_t (*br_rsa_private)(unsigned char *x,
const br_rsa_private_key *sk);
/**
* \brief Type for a RSA signature generation engine (PKCS#1 v1.5).
*
* Parameters are:
*
* - The encoded OID for the hash function. The provided array must begin
* with a single byte that contains the length of the OID value (in
* bytes), followed by exactly that many bytes. This parameter may
* also be `NULL`, in which case the raw hash value should be used
include/bearssl_rsa.h view on Meta::CPAN
*
* \param hash_oid encoded hash algorithm OID (or `NULL`).
* \param hash hash value.
* \param hash_len hash value length (in bytes).
* \param sk RSA private key.
* \param x output buffer for the signature value.
* \return 1 on success, 0 on error.
*/
typedef uint32_t (*br_rsa_pkcs1_sign)(const unsigned char *hash_oid,
const unsigned char *hash, size_t hash_len,
const br_rsa_private_key *sk, unsigned char *x);
/**
* \brief Type for a RSA signature generation engine (PSS).
*
* Parameters are:
*
* - An initialized PRNG for salt generation. If the salt length is
* zero (`salt_len` parameter), then the PRNG is optional (this is
* not the typical case, as the security proof of RSA/PSS is
* tighter when a non-empty salt is used).
include/bearssl_rsa.h view on Meta::CPAN
* \param hf_mgf1 hash function to use with MGF1.
* \param hash hashed message.
* \param salt_len salt length (in bytes).
* \param sk RSA private key.
* \param x output buffer for the signature value.
* \return 1 on success, 0 on error.
*/
typedef uint32_t (*br_rsa_pss_sign)(const br_prng_class **rng,
const br_hash_class *hf_data, const br_hash_class *hf_mgf1,
const unsigned char *hash_value, size_t salt_len,
const br_rsa_private_key *sk, unsigned char *x);
/**
* \brief Encoded OID for SHA-1 (in RSA PKCS#1 signatures).
*/
#define BR_HASH_OID_SHA1 \
((const unsigned char *)"\x05\x2B\x0E\x03\x02\x1A")
/**
* \brief Encoded OID for SHA-224 (in RSA PKCS#1 signatures).
*/
include/bearssl_rsa.h view on Meta::CPAN
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param sk RSA private key.
* \param data input/output buffer.
* \param len encrypted/decrypted message length.
* \return 1 on success, 0 on error.
*/
typedef uint32_t (*br_rsa_oaep_decrypt)(
const br_hash_class *dig, const void *label, size_t label_len,
const br_rsa_private_key *sk, void *data, size_t *len);
/*
* RSA "i32" engine. Integers are internally represented as arrays of
* 32-bit integers, and the core multiplication primitive is the
* 32x32->64 multiplication.
*/
/**
* \brief RSA public key engine "i32".
*
include/bearssl_rsa.h view on Meta::CPAN
/**
* \brief RSA private key engine "i32".
*
* \see br_rsa_private
*
* \param x operand to exponentiate.
* \param sk RSA private key.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i32_private(unsigned char *x,
const br_rsa_private_key *sk);
/**
* \brief RSA signature generation engine "i32" (PKCS#1 v1.5 signatures).
*
* \see br_rsa_pkcs1_sign
*
* \param hash_oid encoded hash algorithm OID (or `NULL`).
* \param hash hash value.
* \param hash_len hash value length (in bytes).
* \param sk RSA private key.
* \param x output buffer for the hash value.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i32_pkcs1_sign(const unsigned char *hash_oid,
const unsigned char *hash, size_t hash_len,
const br_rsa_private_key *sk, unsigned char *x);
/**
* \brief RSA signature generation engine "i32" (PSS signatures).
*
* \see br_rsa_pss_sign
*
* \param rng PRNG for salt generation (`NULL` if `salt_len` is zero).
* \param hf_data hash function used to hash the signed data.
* \param hf_mgf1 hash function to use with MGF1.
* \param hash hashed message.
* \param salt_len salt length (in bytes).
* \param sk RSA private key.
* \param x output buffer for the signature value.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i32_pss_sign(const br_prng_class **rng,
const br_hash_class *hf_data, const br_hash_class *hf_mgf1,
const unsigned char *hash_value, size_t salt_len,
const br_rsa_private_key *sk, unsigned char *x);
/*
* RSA "i31" engine. Similar to i32, but only 31 bits are used per 32-bit
* word. This uses slightly more stack space (about 4% more) and code
* space, but it quite faster.
*/
/**
* \brief RSA public key engine "i31".
*
include/bearssl_rsa.h view on Meta::CPAN
/**
* \brief RSA private key engine "i31".
*
* \see br_rsa_private
*
* \param x operand to exponentiate.
* \param sk RSA private key.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i31_private(unsigned char *x,
const br_rsa_private_key *sk);
/**
* \brief RSA signature generation engine "i31" (PKCS#1 v1.5 signatures).
*
* \see br_rsa_pkcs1_sign
*
* \param hash_oid encoded hash algorithm OID (or `NULL`).
* \param hash hash value.
* \param hash_len hash value length (in bytes).
* \param sk RSA private key.
* \param x output buffer for the hash value.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i31_pkcs1_sign(const unsigned char *hash_oid,
const unsigned char *hash, size_t hash_len,
const br_rsa_private_key *sk, unsigned char *x);
/**
* \brief RSA signature generation engine "i31" (PSS signatures).
*
* \see br_rsa_pss_sign
*
* \param rng PRNG for salt generation (`NULL` if `salt_len` is zero).
* \param hf_data hash function used to hash the signed data.
* \param hf_mgf1 hash function to use with MGF1.
* \param hash hashed message.
* \param salt_len salt length (in bytes).
* \param sk RSA private key.
* \param x output buffer for the signature value.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i31_pss_sign(const br_prng_class **rng,
const br_hash_class *hf_data, const br_hash_class *hf_mgf1,
const unsigned char *hash_value, size_t salt_len,
const br_rsa_private_key *sk, unsigned char *x);
/*
* RSA "i62" engine. Similar to i31, but internal multiplication use
* 64x64->128 multiplications. This is available only on architecture
* that offer such an opcode.
*/
/**
* \brief RSA public key engine "i62".
*
include/bearssl_rsa.h view on Meta::CPAN
* opcode. Use `br_rsa_i62_private_get()` to dynamically obtain a pointer
* to that function.
*
* \see br_rsa_private
*
* \param x operand to exponentiate.
* \param sk RSA private key.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i62_private(unsigned char *x,
const br_rsa_private_key *sk);
/**
* \brief RSA signature generation engine "i62" (PKCS#1 v1.5 signatures).
*
* This function is defined only on architecture that offer a 64x64->128
* opcode. Use `br_rsa_i62_pkcs1_sign_get()` to dynamically obtain a pointer
* to that function.
*
* \see br_rsa_pkcs1_sign
*
* \param hash_oid encoded hash algorithm OID (or `NULL`).
* \param hash hash value.
* \param hash_len hash value length (in bytes).
* \param sk RSA private key.
* \param x output buffer for the hash value.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i62_pkcs1_sign(const unsigned char *hash_oid,
const unsigned char *hash, size_t hash_len,
const br_rsa_private_key *sk, unsigned char *x);
/**
* \brief RSA signature generation engine "i62" (PSS signatures).
*
* This function is defined only on architecture that offer a 64x64->128
* opcode. Use `br_rsa_i62_pss_sign_get()` to dynamically obtain a pointer
* to that function.
*
* \see br_rsa_pss_sign
*
include/bearssl_rsa.h view on Meta::CPAN
* \param hf_mgf1 hash function to use with MGF1.
* \param hash hashed message.
* \param salt_len salt length (in bytes).
* \param sk RSA private key.
* \param x output buffer for the signature value.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i62_pss_sign(const br_prng_class **rng,
const br_hash_class *hf_data, const br_hash_class *hf_mgf1,
const unsigned char *hash_value, size_t salt_len,
const br_rsa_private_key *sk, unsigned char *x);
/**
* \brief Get the RSA "i62" implementation (public key operations),
* if available.
*
* \return the implementation, or 0.
*/
br_rsa_public br_rsa_i62_public_get(void);
/**
include/bearssl_rsa.h view on Meta::CPAN
/**
* \brief RSA private key engine "i15".
*
* \see br_rsa_private
*
* \param x operand to exponentiate.
* \param sk RSA private key.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i15_private(unsigned char *x,
const br_rsa_private_key *sk);
/**
* \brief RSA signature generation engine "i15" (PKCS#1 v1.5 signatures).
*
* \see br_rsa_pkcs1_sign
*
* \param hash_oid encoded hash algorithm OID (or `NULL`).
* \param hash hash value.
* \param hash_len hash value length (in bytes).
* \param sk RSA private key.
* \param x output buffer for the hash value.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i15_pkcs1_sign(const unsigned char *hash_oid,
const unsigned char *hash, size_t hash_len,
const br_rsa_private_key *sk, unsigned char *x);
/**
* \brief RSA signature generation engine "i15" (PSS signatures).
*
* \see br_rsa_pss_sign
*
* \param rng PRNG for salt generation (`NULL` if `salt_len` is zero).
* \param hf_data hash function used to hash the signed data.
* \param hf_mgf1 hash function to use with MGF1.
* \param hash hashed message.
* \param salt_len salt length (in bytes).
* \param sk RSA private key.
* \param x output buffer for the signature value.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i15_pss_sign(const br_prng_class **rng,
const br_hash_class *hf_data, const br_hash_class *hf_mgf1,
const unsigned char *hash_value, size_t salt_len,
const br_rsa_private_key *sk, unsigned char *x);
/**
* \brief Get "default" RSA implementation (public-key operations).
*
* This returns the preferred implementation of RSA (public-key operations)
* on the current system.
*
* \return the default implementation.
*/
br_rsa_public br_rsa_public_get_default(void);
include/bearssl_rsa.h view on Meta::CPAN
* incorrect decrypted value length are reported with a returned value of
* 0; on success, 1 is returned. The caller (SSL server engine) is supposed
* to proceed with a random pre-master secret in case of error.
*
* \param core RSA private key engine.
* \param sk RSA private key.
* \param data input/output buffer.
* \param len length (in bytes) of the data to decrypt.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_ssl_decrypt(br_rsa_private core, const br_rsa_private_key *sk,
unsigned char *data, size_t len);
/**
* \brief RSA encryption (OAEP) with the "i15" engine.
*
* \see br_rsa_oaep_encrypt
*
* \param rnd source of random bytes.
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
include/bearssl_rsa.h view on Meta::CPAN
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param sk RSA private key.
* \param data input/output buffer.
* \param len encrypted/decrypted message length.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i15_oaep_decrypt(
const br_hash_class *dig, const void *label, size_t label_len,
const br_rsa_private_key *sk, void *data, size_t *len);
/**
* \brief RSA encryption (OAEP) with the "i31" engine.
*
* \see br_rsa_oaep_encrypt
*
* \param rnd source of random bytes.
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
include/bearssl_rsa.h view on Meta::CPAN
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param sk RSA private key.
* \param data input/output buffer.
* \param len encrypted/decrypted message length.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i31_oaep_decrypt(
const br_hash_class *dig, const void *label, size_t label_len,
const br_rsa_private_key *sk, void *data, size_t *len);
/**
* \brief RSA encryption (OAEP) with the "i32" engine.
*
* \see br_rsa_oaep_encrypt
*
* \param rnd source of random bytes.
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
include/bearssl_rsa.h view on Meta::CPAN
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param sk RSA private key.
* \param data input/output buffer.
* \param len encrypted/decrypted message length.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i32_oaep_decrypt(
const br_hash_class *dig, const void *label, size_t label_len,
const br_rsa_private_key *sk, void *data, size_t *len);
/**
* \brief RSA encryption (OAEP) with the "i62" engine.
*
* This function is defined only on architecture that offer a 64x64->128
* opcode. Use `br_rsa_i62_oaep_encrypt_get()` to dynamically obtain a pointer
* to that function.
*
* \see br_rsa_oaep_encrypt
*
include/bearssl_rsa.h view on Meta::CPAN
* \param dig hash function to use with MGF1.
* \param label label value (may be `NULL` if `label_len` is zero).
* \param label_len label length, in bytes.
* \param sk RSA private key.
* \param data input/output buffer.
* \param len encrypted/decrypted message length.
* \return 1 on success, 0 on error.
*/
uint32_t br_rsa_i62_oaep_decrypt(
const br_hash_class *dig, const void *label, size_t label_len,
const br_rsa_private_key *sk, void *data, size_t *len);
/**
* \brief Get buffer size to hold RSA private key elements.
*
* This macro returns the length (in bytes) of the buffer needed to
* receive the elements of a RSA private key, as generated by one of
* the `br_rsa_*_keygen()` functions. If the provided size is a constant
* expression, then the whole macro evaluates to a constant expression.
*
* \param size target key size (modulus size, in bits)
include/bearssl_rsa.h view on Meta::CPAN
* \param sk RSA private key structure (destination)
* \param kbuf_priv buffer for private key elements
* \param pk RSA public key structure (destination), or `NULL`
* \param kbuf_pub buffer for public key elements, or `NULL`
* \param size target RSA modulus size (in bits)
* \param pubexp public exponent to use, or zero
* \return 1 on success, 0 on error (invalid parameters)
*/
typedef uint32_t (*br_rsa_keygen)(
const br_prng_class **rng_ctx,
br_rsa_private_key *sk, void *kbuf_priv,
br_rsa_public_key *pk, void *kbuf_pub,
unsigned size, uint32_t pubexp);
/**
* \brief RSA key pair generation with the "i15" engine.
*
* \see br_rsa_keygen
*
* \param rng_ctx source PRNG context (already initialized)
* \param sk RSA private key structure (destination)
* \param kbuf_priv buffer for private key elements
* \param pk RSA public key structure (destination), or `NULL`
* \param kbuf_pub buffer for public key elements, or `NULL`
* \param size target RSA modulus size (in bits)
* \param pubexp public exponent to use, or zero
* \return 1 on success, 0 on error (invalid parameters)
*/
uint32_t br_rsa_i15_keygen(
const br_prng_class **rng_ctx,
br_rsa_private_key *sk, void *kbuf_priv,
br_rsa_public_key *pk, void *kbuf_pub,
unsigned size, uint32_t pubexp);
/**
* \brief RSA key pair generation with the "i31" engine.
*
* \see br_rsa_keygen
*
* \param rng_ctx source PRNG context (already initialized)
* \param sk RSA private key structure (destination)
* \param kbuf_priv buffer for private key elements
* \param pk RSA public key structure (destination), or `NULL`
* \param kbuf_pub buffer for public key elements, or `NULL`
* \param size target RSA modulus size (in bits)
* \param pubexp public exponent to use, or zero
* \return 1 on success, 0 on error (invalid parameters)
*/
uint32_t br_rsa_i31_keygen(
const br_prng_class **rng_ctx,
br_rsa_private_key *sk, void *kbuf_priv,
br_rsa_public_key *pk, void *kbuf_pub,
unsigned size, uint32_t pubexp);
/**
* \brief RSA key pair generation with the "i62" engine.
*
* This function is defined only on architecture that offer a 64x64->128
* opcode. Use `br_rsa_i62_keygen_get()` to dynamically obtain a pointer
* to that function.
*
include/bearssl_rsa.h view on Meta::CPAN
* \param sk RSA private key structure (destination)
* \param kbuf_priv buffer for private key elements
* \param pk RSA public key structure (destination), or `NULL`
* \param kbuf_pub buffer for public key elements, or `NULL`
* \param size target RSA modulus size (in bits)
* \param pubexp public exponent to use, or zero
* \return 1 on success, 0 on error (invalid parameters)
*/
uint32_t br_rsa_i62_keygen(
const br_prng_class **rng_ctx,
br_rsa_private_key *sk, void *kbuf_priv,
br_rsa_public_key *pk, void *kbuf_pub,
unsigned size, uint32_t pubexp);
/**
* \brief Get the RSA "i62" implementation (key pair generation),
* if available.
*
* \return the implementation, or 0.
*/
br_rsa_keygen br_rsa_i62_keygen_get(void);
include/bearssl_rsa.h view on Meta::CPAN
* encoded modulus (unsigned big-endian) is written on `n`, and the size
* (in bytes) is returned. If `n` is `NULL`, then the size is returned but
* the modulus itself is not computed.
*
* If the key size exceeds an internal limit, 0 is returned.
*
* \param n destination buffer (or `NULL`).
* \param sk RSA private key.
* \return the modulus length (in bytes), or 0.
*/
typedef size_t (*br_rsa_compute_modulus)(void *n, const br_rsa_private_key *sk);
/**
* \brief Recompute RSA modulus ("i15" engine).
*
* \see br_rsa_compute_modulus
*
* \param n destination buffer (or `NULL`).
* \param sk RSA private key.
* \return the modulus length (in bytes), or 0.
*/
size_t br_rsa_i15_compute_modulus(void *n, const br_rsa_private_key *sk);
/**
* \brief Recompute RSA modulus ("i31" engine).
*
* \see br_rsa_compute_modulus
*
* \param n destination buffer (or `NULL`).
* \param sk RSA private key.
* \return the modulus length (in bytes), or 0.
*/
size_t br_rsa_i31_compute_modulus(void *n, const br_rsa_private_key *sk);
/**
* \brief Get "default" RSA implementation (recompute modulus).
*
* This returns the preferred implementation of RSA (recompute modulus)
* on the current system.
*
* \return the default implementation.
*/
br_rsa_compute_modulus br_rsa_compute_modulus_get_default(void);
include/bearssl_rsa.h view on Meta::CPAN
*
* - The private key is invalid in some way.
*
* For all private keys produced by the key generator functions
* (`br_rsa_keygen` type), this function succeeds and returns the true
* public exponent. The public exponent is always an odd integer greater
* than 1.
*
* \return the public exponent, or 0.
*/
typedef uint32_t (*br_rsa_compute_pubexp)(const br_rsa_private_key *sk);
/**
* \brief Recompute RSA public exponent ("i15" engine).
*
* \see br_rsa_compute_pubexp
*
* \return the public exponent, or 0.
*/
uint32_t br_rsa_i15_compute_pubexp(const br_rsa_private_key *sk);
/**
* \brief Recompute RSA public exponent ("i31" engine).
*
* \see br_rsa_compute_pubexp
*
* \return the public exponent, or 0.
*/
uint32_t br_rsa_i31_compute_pubexp(const br_rsa_private_key *sk);
/**
* \brief Get "default" RSA implementation (recompute public exponent).
*
* This returns the preferred implementation of RSA (recompute public
* exponent) on the current system.
*
* \return the default implementation.
*/
br_rsa_compute_pubexp br_rsa_compute_pubexp_get_default(void);
/**
* \brief Type for a private exponent computing function.
*
* An RSA private key (`br_rsa_private_key`) contains two reduced
* private exponents, which are sufficient to perform private key
* operations. However, standard encoding formats for RSA private keys
* require also a copy of the complete private exponent (non-reduced),
* which this function recomputes.
*
* This function suceeds if all the following conditions hold:
*
* - Both private factors `p` and `q` are equal to 3 modulo 4.
*
* - The provided public exponent `pubexp` is correct, and, in particular,
include/bearssl_rsa.h view on Meta::CPAN
*
* Not all error conditions are detected when `d` is `NULL`; therefore, the
* returned value shall be checked also when actually producing the value.
*
* \param d destination buffer (or `NULL`).
* \param sk RSA private key.
* \param pubexp the public exponent.
* \return the private exponent length (in bytes), or 0.
*/
typedef size_t (*br_rsa_compute_privexp)(void *d,
const br_rsa_private_key *sk, uint32_t pubexp);
/**
* \brief Recompute RSA private exponent ("i15" engine).
*
* \see br_rsa_compute_privexp
*
* \param d destination buffer (or `NULL`).
* \param sk RSA private key.
* \param pubexp the public exponent.
* \return the private exponent length (in bytes), or 0.
*/
size_t br_rsa_i15_compute_privexp(void *d,
const br_rsa_private_key *sk, uint32_t pubexp);
/**
* \brief Recompute RSA private exponent ("i31" engine).
*
* \see br_rsa_compute_privexp
*
* \param d destination buffer (or `NULL`).
* \param sk RSA private key.
* \param pubexp the public exponent.
* \return the private exponent length (in bytes), or 0.
*/
size_t br_rsa_i31_compute_privexp(void *d,
const br_rsa_private_key *sk, uint32_t pubexp);
/**
* \brief Get "default" RSA implementation (recompute private exponent).
*
* This returns the preferred implementation of RSA (recompute private
* exponent) on the current system.
*
* \return the default implementation.
*/
br_rsa_compute_privexp br_rsa_compute_privexp_get_default(void);
include/bearssl_ssl.h view on Meta::CPAN
*
* Apart from the first field (vtable pointer), its contents are
* opaque and shall not be accessed directly.
*/
typedef struct {
/** \brief Pointer to vtable. */
const br_ssl_client_certificate_class *vtable;
#ifndef BR_DOXYGEN_IGNORE
const br_x509_certificate *chain;
size_t chain_len;
const br_rsa_private_key *sk;
br_rsa_pkcs1_sign irsasign;
#endif
} br_ssl_client_certificate_rsa_context;
/**
* \brief A single-chain EC client certificate handler.
*
* This handler uses a single certificate chain, with a RSA
* signature. The list of trust anchor DN is ignored.
*
include/bearssl_ssl.h view on Meta::CPAN
*
* Apart from the first field (vtable pointer), its contents are
* opaque and shall not be accessed directly.
*/
typedef struct {
/** \brief Pointer to vtable. */
const br_ssl_client_certificate_class *vtable;
#ifndef BR_DOXYGEN_IGNORE
const br_x509_certificate *chain;
size_t chain_len;
const br_ec_private_key *sk;
unsigned allowed_usages;
unsigned issuer_key_type;
const br_multihash_context *mhash;
const br_ec_impl *iec;
br_ecdsa_sign iecdsa;
#endif
} br_ssl_client_certificate_ec_context;
/**
* \brief Context structure for a SSL client.
include/bearssl_ssl.h view on Meta::CPAN
* again upon renegotiations.
*
* \param cc SSL client context.
* \param chain client certificate chain (SSL order: EE comes first).
* \param chain_len client chain length (number of certificates).
* \param sk client private key.
* \param irsasign RSA signature implementation (PKCS#1 v1.5).
*/
void br_ssl_client_set_single_rsa(br_ssl_client_context *cc,
const br_x509_certificate *chain, size_t chain_len,
const br_rsa_private_key *sk, br_rsa_pkcs1_sign irsasign);
/*
* \brief Set the client certificate chain and key (single EC case).
*
* This function sets a client certificate chain, that the client will
* send to the server whenever a client certificate is requested. This
* certificate uses an EC public key; the corresponding private key is
* invoked for authentication. Trust anchor names sent by the server are
* ignored.
*
include/bearssl_ssl.h view on Meta::CPAN
* \param chain server certificate chain to send.
* \param chain_len chain length (number of certificates).
* \param sk server private key (EC).
* \param allowed_usages allowed private key usages.
* \param cert_issuer_key_type issuing CA's key type.
* \param iec EC core implementation.
* \param iecdsa ECDSA signature implementation ("asn1" format).
*/
void br_ssl_client_set_single_ec(br_ssl_client_context *cc,
const br_x509_certificate *chain, size_t chain_len,
const br_ec_private_key *sk, unsigned allowed_usages,
unsigned cert_issuer_key_type,
const br_ec_impl *iec, br_ecdsa_sign iecdsa);
/**
* \brief Type for a "translated cipher suite", as an array of two
* 16-bit integers.
*
* The first element is the cipher suite identifier (as used on the wire).
* The second element is the concatenation of four 4-bit elements which
* characterise the cipher suite contents. In most to least significant
include/bearssl_ssl.h view on Meta::CPAN
*
* Apart from the first field (vtable pointer), its contents are
* opaque and shall not be accessed directly.
*/
typedef struct {
/** \brief Pointer to vtable. */
const br_ssl_server_policy_class *vtable;
#ifndef BR_DOXYGEN_IGNORE
const br_x509_certificate *chain;
size_t chain_len;
const br_rsa_private_key *sk;
unsigned allowed_usages;
br_rsa_private irsacore;
br_rsa_pkcs1_sign irsasign;
#endif
} br_ssl_server_policy_rsa_context;
/**
* \brief A single-chain EC policy handler.
*
* This policy context uses a single certificate chain, and an EC
include/bearssl_ssl.h view on Meta::CPAN
*
* Apart from the first field (vtable pointer), its contents are
* opaque and shall not be accessed directly.
*/
typedef struct {
/** \brief Pointer to vtable. */
const br_ssl_server_policy_class *vtable;
#ifndef BR_DOXYGEN_IGNORE
const br_x509_certificate *chain;
size_t chain_len;
const br_ec_private_key *sk;
unsigned allowed_usages;
unsigned cert_issuer_key_type;
const br_multihash_context *mhash;
const br_ec_impl *iec;
br_ecdsa_sign iecdsa;
#endif
} br_ssl_server_policy_ec_context;
/**
* \brief Class type for a session parameter cache.
include/bearssl_ssl.h view on Meta::CPAN
* all supported algorithms and cipher suites that rely on a RSA
* key pair.
*
* \param cc server context to initialise.
* \param chain server certificate chain.
* \param chain_len certificate chain length (number of certificate).
* \param sk RSA private key.
*/
void br_ssl_server_init_full_rsa(br_ssl_server_context *cc,
const br_x509_certificate *chain, size_t chain_len,
const br_rsa_private_key *sk);
/**
* \brief SSL server profile: full_ec.
*
* This function initialises the provided SSL server context with
* all supported algorithms and cipher suites that rely on an EC
* key pair.
*
* The key type of the CA that issued the server's certificate must
* be provided, since it matters for ECDH cipher suites (ECDH_RSA
include/bearssl_ssl.h view on Meta::CPAN
* `BR_KEYTYPE_RSA` or `BR_KEYTYPE_EC`.
*
* \param cc server context to initialise.
* \param chain server certificate chain.
* \param chain_len chain length (number of certificates).
* \param cert_issuer_key_type certificate issuer's key type.
* \param sk EC private key.
*/
void br_ssl_server_init_full_ec(br_ssl_server_context *cc,
const br_x509_certificate *chain, size_t chain_len,
unsigned cert_issuer_key_type, const br_ec_private_key *sk);
/**
* \brief SSL server profile: minr2g.
*
* This profile uses only TLS_RSA_WITH_AES_128_GCM_SHA256. Server key is
* RSA, and RSA key exchange is used (not forward secure, but uses little
* CPU in the client).
*
* \param cc server context to initialise.
* \param chain server certificate chain.
* \param chain_len certificate chain length (number of certificate).
* \param sk RSA private key.
*/
void br_ssl_server_init_minr2g(br_ssl_server_context *cc,
const br_x509_certificate *chain, size_t chain_len,
const br_rsa_private_key *sk);
/**
* \brief SSL server profile: mine2g.
*
* This profile uses only TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. Server key
* is RSA, and ECDHE key exchange is used. This suite provides forward
* security, with a higher CPU expense on the client, and a somewhat
* larger code footprint (compared to "minr2g").
*
* \param cc server context to initialise.
* \param chain server certificate chain.
* \param chain_len certificate chain length (number of certificate).
* \param sk RSA private key.
*/
void br_ssl_server_init_mine2g(br_ssl_server_context *cc,
const br_x509_certificate *chain, size_t chain_len,
const br_rsa_private_key *sk);
/**
* \brief SSL server profile: minf2g.
*
* This profile uses only TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256.
* Server key is EC, and ECDHE key exchange is used. This suite provides
* forward security, with a higher CPU expense on the client and server
* (by a factor of about 3 to 4), and a somewhat larger code footprint
* (compared to "minu2g" and "minv2g").
*
* \param cc server context to initialise.
* \param chain server certificate chain.
* \param chain_len certificate chain length (number of certificate).
* \param sk EC private key.
*/
void br_ssl_server_init_minf2g(br_ssl_server_context *cc,
const br_x509_certificate *chain, size_t chain_len,
const br_ec_private_key *sk);
/**
* \brief SSL server profile: minu2g.
*
* This profile uses only TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256.
* Server key is EC, and ECDH key exchange is used; the issuing CA used
* a RSA key.
*
* The "minu2g" and "minv2g" profiles do not provide forward secrecy,
* but are the lightest on the server (for CPU usage), and are rather
* inexpensive on the client as well.
*
* \param cc server context to initialise.
* \param chain server certificate chain.
* \param chain_len certificate chain length (number of certificate).
* \param sk EC private key.
*/
void br_ssl_server_init_minu2g(br_ssl_server_context *cc,
const br_x509_certificate *chain, size_t chain_len,
const br_ec_private_key *sk);
/**
* \brief SSL server profile: minv2g.
*
* This profile uses only TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256.
* Server key is EC, and ECDH key exchange is used; the issuing CA used
* an EC key.
*
* The "minu2g" and "minv2g" profiles do not provide forward secrecy,
* but are the lightest on the server (for CPU usage), and are rather
* inexpensive on the client as well.
*
* \param cc server context to initialise.
* \param chain server certificate chain.
* \param chain_len certificate chain length (number of certificate).
* \param sk EC private key.
*/
void br_ssl_server_init_minv2g(br_ssl_server_context *cc,
const br_x509_certificate *chain, size_t chain_len,
const br_ec_private_key *sk);
/**
* \brief SSL server profile: mine2c.
*
* This profile uses only TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256.
* Server key is RSA, and ECDHE key exchange is used. This suite
* provides forward security.
*
* \param cc server context to initialise.
* \param chain server certificate chain.
* \param chain_len certificate chain length (number of certificate).
* \param sk RSA private key.
*/
void br_ssl_server_init_mine2c(br_ssl_server_context *cc,
const br_x509_certificate *chain, size_t chain_len,
const br_rsa_private_key *sk);
/**
* \brief SSL server profile: minf2c.
*
* This profile uses only TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256.
* Server key is EC, and ECDHE key exchange is used. This suite provides
* forward security.
*
* \param cc server context to initialise.
* \param chain server certificate chain.
* \param chain_len certificate chain length (number of certificate).
* \param sk EC private key.
*/
void br_ssl_server_init_minf2c(br_ssl_server_context *cc,
const br_x509_certificate *chain, size_t chain_len,
const br_ec_private_key *sk);
/**
* \brief Get the supported client suites.
*
* This function shall be called only after the ClientHello has been
* processed, typically from the policy engine. The returned array
* contains the cipher suites that are supported by both the client
* and the server; these suites are in client preference order, unless
* the `BR_OPT_ENFORCE_SERVER_PREFERENCES` flag was set, in which case
* they are in server preference order.
include/bearssl_ssl.h view on Meta::CPAN
* \param cc server context.
* \param chain server certificate chain to send to the client.
* \param chain_len chain length (number of certificates).
* \param sk server private key (RSA).
* \param allowed_usages allowed private key usages.
* \param irsacore RSA core implementation.
* \param irsasign RSA signature implementation (PKCS#1 v1.5).
*/
void br_ssl_server_set_single_rsa(br_ssl_server_context *cc,
const br_x509_certificate *chain, size_t chain_len,
const br_rsa_private_key *sk, unsigned allowed_usages,
br_rsa_private irsacore, br_rsa_pkcs1_sign irsasign);
/**
* \brief Set the server certificate chain and key (single EC case).
*
* This function uses a policy context included in the server context.
* It configures use of a single server certificate chain with an EC
* private key. The `allowed_usages` is a combination of usages, namely
* `BR_KEYTYPE_KEYX` and/or `BR_KEYTYPE_SIGN`; this enables or disables
* the corresponding cipher suites (i.e. `TLS_ECDH_*` use the EC key for
include/bearssl_ssl.h view on Meta::CPAN
* \param chain server certificate chain to send.
* \param chain_len chain length (number of certificates).
* \param sk server private key (EC).
* \param allowed_usages allowed private key usages.
* \param cert_issuer_key_type issuing CA's key type.
* \param iec EC core implementation.
* \param iecdsa ECDSA signature implementation ("asn1" format).
*/
void br_ssl_server_set_single_ec(br_ssl_server_context *cc,
const br_x509_certificate *chain, size_t chain_len,
const br_ec_private_key *sk, unsigned allowed_usages,
unsigned cert_issuer_key_type,
const br_ec_impl *iec, br_ecdsa_sign iecdsa);
/**
* \brief Activate client certificate authentication.
*
* The trust anchor encoded X.500 names (DN) to send to the client are
* provided. A client certificate will be requested and validated through
* the X.509 validator configured in the SSL engine. If `num` is 0, then
* client certificate authentication is disabled.
include/bearssl_x509.h view on Meta::CPAN
* The private key decoder recognises RSA and EC private keys, either in
* their raw, DER-encoded format, or wrapped in an unencrypted PKCS#8
* archive (again DER-encoded).
*
* Structure contents are opaque and shall not be accessed directly.
*/
typedef struct {
#ifndef BR_DOXYGEN_IGNORE
/* Structure for returning the private key. */
union {
br_rsa_private_key rsa;
br_ec_private_key ec;
} key;
/* CPU for the T0 virtual machine. */
struct {
uint32_t *dp;
uint32_t *rp;
const unsigned char *ip;
} cpu;
uint32_t dp_stack[32];
uint32_t rp_stack[32];
include/bearssl_x509.h view on Meta::CPAN
* \brief Get the decoded RSA private key.
*
* This function returns `NULL` if the decoding failed, or is not
* finished, or the key is not RSA. The returned pointer references
* structures within the context that can become invalid if the context
* is reused or released.
*
* \param ctx key decoder context.
* \return decoded RSA private key, or `NULL`.
*/
static inline const br_rsa_private_key *
br_skey_decoder_get_rsa(const br_skey_decoder_context *ctx)
{
if (ctx->err == 0 && ctx->key_type == BR_KEYTYPE_RSA) {
return &ctx->key.rsa;
} else {
return NULL;
}
}
/**
* \brief Get the decoded EC private key.
*
* This function returns `NULL` if the decoding failed, or is not
* finished, or the key is not EC. The returned pointer references
* structures within the context that can become invalid if the context
* is reused or released.
*
* \param ctx key decoder context.
* \return decoded EC private key, or `NULL`.
*/
static inline const br_ec_private_key *
br_skey_decoder_get_ec(const br_skey_decoder_context *ctx)
{
if (ctx->err == 0 && ctx->key_type == BR_KEYTYPE_EC) {
return &ctx->key.ec;
} else {
return NULL;
}
}
/**
include/bearssl_x509.h view on Meta::CPAN
* `NULL`, then nothing is written, but the encoded length is still
* computed and returned.
*
* \param dest the destination buffer (or `NULL`).
* \param sk the RSA private key.
* \param pk the RSA public key.
* \param d the RSA private exponent.
* \param dlen the RSA private exponent length (in bytes).
* \return the encoded key length (in bytes).
*/
size_t br_encode_rsa_raw_der(void *dest, const br_rsa_private_key *sk,
const br_rsa_public_key *pk, const void *d, size_t dlen);
/**
* \brief Encode an RSA private key (PKCS#8 DER format).
*
* This function encodes the provided key into the PKCS#8 format
* (RFC 5958, type `OneAsymmetricKey`). It wraps around the "raw DER"
* format for the RSA key, as implemented by `br_encode_rsa_raw_der()`.
*
* The key elements are:
include/bearssl_x509.h view on Meta::CPAN
* `NULL`, then nothing is written, but the encoded length is still
* computed and returned.
*
* \param dest the destination buffer (or `NULL`).
* \param sk the RSA private key.
* \param pk the RSA public key.
* \param d the RSA private exponent.
* \param dlen the RSA private exponent length (in bytes).
* \return the encoded key length (in bytes).
*/
size_t br_encode_rsa_pkcs8_der(void *dest, const br_rsa_private_key *sk,
const br_rsa_public_key *pk, const void *d, size_t dlen);
/**
* \brief Encode an EC private key (raw DER format).
*
* This function encodes the provided key into the "raw" format specified
* in RFC 5915 (type `ECPrivateKey`), with DER encoding rules.
*
* The private key is provided in `sk`, the public key being `pk`. If
* `pk` is `NULL`, then the encoded key will not include the public key
include/bearssl_x509.h view on Meta::CPAN
*
* If the key cannot be encoded (e.g. because there is no known OBJECT
* IDENTIFIER for the used curve), then 0 is returned.
*
* \param dest the destination buffer (or `NULL`).
* \param sk the EC private key.
* \param pk the EC public key (or `NULL`).
* \return the encoded key length (in bytes), or 0.
*/
size_t br_encode_ec_raw_der(void *dest,
const br_ec_private_key *sk, const br_ec_public_key *pk);
/**
* \brief Encode an EC private key (PKCS#8 DER format).
*
* This function encodes the provided key into the PKCS#8 format
* (RFC 5958, type `OneAsymmetricKey`). The curve is identified
* by an OID provided as parameters to the `privateKeyAlgorithm`
* field. The private key value (contents of the `privateKey` field)
* contains the DER encoding of the `ECPrivateKey` type defined in
* RFC 5915, without the `parameters` field (since they would be
include/bearssl_x509.h view on Meta::CPAN
*
* If the key cannot be encoded (e.g. because there is no known OBJECT
* IDENTIFIER for the used curve), then 0 is returned.
*
* \param dest the destination buffer (or `NULL`).
* \param sk the EC private key.
* \param pk the EC public key (or `NULL`).
* \return the encoded key length (in bytes), or 0.
*/
size_t br_encode_ec_pkcs8_der(void *dest,
const br_ec_private_key *sk, const br_ec_public_key *pk);
/**
* \brief PEM banner for RSA private key (raw).
*/
#define BR_ENCODE_PEM_RSA_RAW "RSA PRIVATE KEY"
/**
* \brief PEM banner for EC private key (raw).
*/
#define BR_ENCODE_PEM_EC_RAW "EC PRIVATE KEY"
lib/Crypt/Bear.xs view on Meta::CPAN
return 0;
}
static const MGVTBL Crypt__Bear__RSA__PublicKey_magic = {
.svt_dup = rsa_key_dup,
.svt_free = rsa_key_free,
};
typedef br_rsa_public_key* Crypt__Bear__RSA__PublicKey;
static void S_rsa_private_key_copy(pTHX_ br_rsa_private_key* dest, const br_rsa_private_key* source) {
char* buffer = safemalloc(source->plen + source->qlen + source->dplen + source->dqlen + source->iqlen);
dest->n_bitlen = source->n_bitlen;
dest->p = memcpy(buffer, source->p, source->plen);
dest->plen = source->plen;
buffer += source->plen;
dest->q = memcpy(buffer, source->q, source->qlen);
dest->qlen = source->qlen;
buffer += source->qlen;
dest->dp = memcpy(buffer, source->dp, source->dplen);
dest->dplen = source->dplen;
buffer += source->dplen;
dest->dq = memcpy(buffer, source->dq, source->dqlen);
dest->dqlen = source->dqlen;
buffer += source->dqlen;
dest->iq = memcpy(buffer, source->iq, source->iqlen);
dest->iqlen = source->iqlen;
buffer += source->iqlen;
}
#define rsa_private_key_copy(dest, source) S_rsa_private_key_copy(aTHX_ dest, source)
#define rsa_private_key_destroy(target) Safefree((target)->p)
static int rsa_private_key_dup(pTHX_ MAGIC* magic, CLONE_PARAMS* params) {
br_rsa_private_key* old = (br_rsa_private_key*)magic->mg_ptr;
br_rsa_private_key* self = safemalloc(sizeof(br_rsa_private_key));
rsa_private_key_copy(self, old);
magic->mg_ptr = (char*)self;
return 0;
}
static int rsa_private_key_free(pTHX_ SV* sv, MAGIC* magic) {
br_rsa_private_key* self = (br_rsa_private_key*)magic->mg_ptr;
rsa_private_key_destroy(self);
Safefree(self);
return 0;
}
static const MGVTBL Crypt__Bear__RSA__PrivateKey_magic = {
.svt_dup = rsa_private_key_dup,
.svt_free = rsa_private_key_free,
};
typedef br_rsa_private_key* Crypt__Bear__RSA__PrivateKey;
/* EC stuff */
static const size_t ecdsa_max_size = 132;
typedef U32 curve_type;
#define curve_entry_for(name) make_map_int_entry(#name, BR_EC_ ## name)
static const map curves = {
lib/Crypt/Bear.xs view on Meta::CPAN
ec_key_destroy(self);
Safefree(self);
return 0;
}
static const MGVTBL Crypt__Bear__EC__PublicKey_magic = {
.svt_dup = ec_key_dup,
.svt_free = ec_key_free,
};
static void S_ec_private_key_copy(pTHX_ br_ec_private_key* dest, const br_ec_private_key* source) {
dest->curve = source->curve;
dest->x = saveupvn(source->x, source->xlen);
dest->xlen = source->xlen;
}
#define ec_private_key_copy(dest, source) S_ec_private_key_copy(aTHX_ dest, source)
#define ec_private_key_destroy(target) Safefree((target)->x)
static int ec_privatekey_dup(pTHX_ MAGIC* magic, CLONE_PARAMS* params) {
br_ec_private_key* old = (br_ec_private_key*)magic->mg_ptr;
br_ec_private_key* self = safemalloc(sizeof(br_ec_private_key));
ec_private_key_copy(self, old);
magic->mg_ptr = (char*)self;
return 0;
}
static int ec_privatekey_free(pTHX_ SV* sv, MAGIC* magic) {
br_ec_private_key* self = (br_ec_private_key*)magic->mg_ptr;
ec_private_key_destroy(self);
Safefree(self);
return 0;
}
static const MGVTBL Crypt__Bear__EC__PrivateKey_magic = {
.svt_dup = ec_privatekey_dup,
.svt_free = ec_privatekey_free,
};
static const br_ec_impl* ec_default;
static const br_ec_impl* ec_c25519;
static br_ecdsa_sign ec_sign_default;
static br_ecdsa_vrfy ec_verify_default;
typedef br_ec_public_key* Crypt__Bear__EC__PublicKey;
typedef br_ec_private_key* Crypt__Bear__EC__PrivateKey;
typedef const br_ec_impl* Crypt__Bear__EC;
/* PEM stuff */
#define pem_flag_entry_for(name, value) make_map_int_entry(name, BR_PEM_ ## value)
static const map pem_flags = {
pem_flag_entry_for("line64", LINE64),
pem_flag_entry_for("crlf", CRLF),
};
lib/Crypt/Bear.xs view on Meta::CPAN
certificate_chain_destroy(chain);
Safefree(chain);
return 0;
}
static const MGVTBL Crypt__Bear__X509__Certificate__Chain_magic = {
.svt_dup = certificate_chain_dup,
.svt_free = certificate_chain_free,
};
typedef struct private_key {
unsigned key_type;
union {
br_rsa_private_key rsa;
br_ec_private_key ec;
};
} *Crypt__Bear__X509__PrivateKey;
static void S_private_key_copy(pTHX_ struct private_key* copy, const struct private_key* old) {
copy->key_type = old->key_type;
if (old->key_type == BR_KEYTYPE_RSA)
rsa_private_key_copy(©->rsa, &old->rsa);
else
ec_private_key_copy(©->ec, &old->ec);
}
#define private_key_copy(copy, old) S_private_key_copy(aTHX_ copy, old)
static int private_key_dup(pTHX_ MAGIC* magic, CLONE_PARAMS* params) {
struct private_key* old = (struct private_key*)magic->mg_ptr;
struct private_key* copy = safemalloc(sizeof *copy);
private_key_copy(copy, old);
return 0;
}
static void S_private_key_destroy(pTHX_ struct private_key* self) {
if (self->key_type == BR_KEYTYPE_RSA)
rsa_private_key_destroy(&self->rsa);
else
ec_private_key_destroy(&self->ec);
}
#define private_key_destroy(self) S_private_key_destroy(aTHX_ self)
static int private_key_free(pTHX_ SV* sv, MAGIC* magic) {
struct private_key* self = (struct private_key*)magic->mg_ptr;
private_key_destroy(self);
return 0;
}
static const MGVTBL Crypt__Bear__X509__PrivateKey_magic = {
.svt_dup = private_key_dup,
.svt_free = private_key_free,
};
static unsigned S_private_key_usage(pTHX_ struct private_key* key) {
if (key->key_type == BR_KEYTYPE_EC) {
unsigned result = BR_KEYTYPE_KEYX;
if (key->ec.curve == BR_EC_secp256r1 || key->ec.curve == BR_EC_secp384r1 || BR_EC_secp521r1)
result |= BR_KEYTYPE_SIGN;
return result;
} else {
return BR_KEYTYPE_SIGN;
}
}
#define private_key_usage(key) S_private_key_usage(aTHX_ key)
typedef const br_x509_class** Crypt__Bear__X509__Validator;
typedef struct validator_minimal {
br_x509_minimal_context context;
struct trust_anchors anchors;
} *Crypt__Bear__X509__Validator__Minimal;
typedef br_x509_knownkey_context* Crypt__Bear__X509__Validator__KnownKey;
lib/Crypt/Bear.xs view on Meta::CPAN
typedef unsigned ssl_version_type;
typedef br_ssl_session_parameters* Crypt__Bear__SSL__Session;
typedef br_ssl_engine_context* Crypt__Bear__SSL__Engine;
typedef const br_ssl_client_certificate_class** Crypt__Bear__SSL__Client__Certificate;
typedef struct private_certificate {
struct certificate_chain chain;
struct private_key key;
unsigned usage;
} *Crypt__Bear__SSL__PrivateCertificate;
#define private_certificate_init(self) memset(self, '\0', sizeof(struct private_certificate))
static void S_private_certificate_copy(pTHX_ struct private_certificate* dest, const struct private_certificate* source) {
certificate_chain_copy(&dest->chain, &source->chain);
private_key_copy(&dest->key, &source->key);
}
#define private_certificate_copy(dest, source) S_private_certificate_copy(aTHX_ dest, source)
static int private_certificate_dup(pTHX_ MAGIC* magic, CLONE_PARAMS* params) {
struct private_certificate* old = (struct private_certificate*)magic->mg_ptr;
struct private_certificate* copy = safemalloc(sizeof *copy);
private_certificate_copy(copy, old);
magic->mg_ptr = (char*)copy;
return 0;
}
static void S_private_certificate_destroy(pTHX_ struct private_certificate* self) {
private_key_destroy(&self->key);
certificate_chain_destroy(&self->chain);
}
#define private_certificate_destroy(self) S_private_certificate_destroy(aTHX_ self)
static int private_certificate_free(pTHX_ SV* sv, MAGIC* magic) {
struct private_certificate* self = (struct private_certificate*)magic->mg_ptr;
private_certificate_destroy(self);
Safefree(self);
return 0;
}
lib/Crypt/Bear.xs view on Meta::CPAN
static const MGVTBL Crypt__Bear__SSL__Server_magic = {
.svt_dup = ssl_server_dup,
.svt_free = ssl_server_free,
};
/* DIRTY STUFF */
// Make various default values pretty for XS's error messages
#define automatic private_key_usage(key)
#define undef &PL_sv_undef
// Unicode stuff. This will force byte semantics on all string
#undef SvPV
#define SvPV(sv, len) SvPVbyte(sv, len)
#undef SvPV_nolen
#define SvPV_nolen(sv) SvPVbyte_nolen(sv)
MODULE = Crypt::Bear PACKAGE = Crypt::Bear PREFIX = br_
lib/Crypt/Bear.xs view on Meta::CPAN
MODULE = Crypt::Bear PACKAGE = Crypt::Bear::RSA PREFIX = br_rsa_
BOOT:
rsa_keygen = br_rsa_keygen_get_default();
void br_rsa_generate_keypair(Crypt::Bear::PRNG prng, size_t size, UV exponent = 0)
PPCODE:
br_rsa_public_key* key = safemalloc(sizeof(br_rsa_public_key));
char* public_buffer = safemalloc(BR_RSA_KBUF_PUB_SIZE(size));
br_rsa_private_key* private_key = safemalloc(sizeof(br_rsa_private_key));
char* private_buffer = safemalloc(BR_RSA_KBUF_PRIV_SIZE(size));
bool success = rsa_keygen(prng, private_key, private_buffer, key, public_buffer, size, exponent);
if (success) {
SV* public = make_magic(key, "Crypt::Bear::RSA::PublicKey", &Crypt__Bear__RSA__PublicKey_magic);
mXPUSHs(public);
SV* private = make_magic(private_key, "Crypt::Bear::RSA::PrivateKey", &Crypt__Bear__RSA__PrivateKey_magic);
mXPUSHs(private);
}
MODULE = Crypt::Bear PACKAGE = Crypt::Bear::RSA::PublicKey PREFIX = br_rsa_public_key_
BOOT:
rsa_pkcs1_verify = br_rsa_pkcs1_vrfy_get_default();
rsa_oaep_encrypt = br_rsa_oaep_encrypt_get_default();
SV* br_rsa_public_key_pkcs1_verify(Crypt::Bear::RSA::PublicKey self, hash_oid_type hash, const unsigned char* signature, size_t length(signature))
lib/Crypt/Bear.xs view on Meta::CPAN
size_t length = rsa_oaep_encrypt(prng, hash, label, STRLEN_length_of_label, self, SvPV_nolen(RETVAL), self->nlen, plain, STRLEN_length_of_plain);
if (length)
SvCUR_set(RETVAL, length);
else
Perl_croak(aTHX_ "Could not encrypt");
OUTPUT:
RETVAL
MODULE = Crypt::Bear PACKAGE = Crypt::Bear::RSA::PrivateKey PREFIX = br_rsa_private_key_
BOOT:
rsa_pkcs1_sign = br_rsa_pkcs1_sign_get_default();
rsa_oaep_decrypt = br_rsa_oaep_decrypt_get_default();
SV* br_rsa_private_key_pkcs1_sign(Crypt::Bear::RSA::PrivateKey self, hash_oid_type hash_oid, const unsigned char* hash, size_t length(hash))
CODE:
if (STRLEN_length_of_hash != hash_oid->length)
Perl_croak(aTHX_ "Hash has incorrect length");
RETVAL = make_buffer((self->n_bitlen+7)/8);
bool success = rsa_pkcs1_sign(hash_oid->oid, hash, STRLEN_length_of_hash, self, (unsigned char*)SvPV_nolen(RETVAL));
if (!success)
Perl_croak(aTHX_ "Could not sign");
OUTPUT:
RETVAL
SV* br_rsa_private_key_oaep_decrypt(Crypt::Bear::RSA::PrivateKey self, hash_type hash, const char* ciphertext, size_t length(ciphertext), const char* label, size_t length(label))
CODE:
RETVAL = newSVpvn(ciphertext, STRLEN_length_of_ciphertext);
size_t len = STRLEN_length_of_ciphertext;
bool succes = rsa_oaep_decrypt(hash, label, STRLEN_length_of_label, self, SvPV_nolen(RETVAL), &len);
if (succes)
SvCUR_set(RETVAL, len);
else
sv_setsv(RETVAL, &PL_sv_undef);
OUTPUT:
RETVAL
lib/Crypt/Bear.xs view on Meta::CPAN
bool br_ec_public_key_ecdsa_verify(Crypt::Bear::EC::PublicKey self, hash_type hash_name, unsigned char* hash_value, size_t length(hash_value), unsigned char* signature, size_t length(signature))
CODE:
size_t hash_size = ((hash_name->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK);
if (STRLEN_length_of_hash_value != hash_size)
Perl_croak(aTHX_ "Hash is inappropriately sized");
RETVAL = ec_verify_default(ec_default, hash_value, hash_size, self, signature, STRLEN_length_of_signature);
OUTPUT:
RETVAL
MODULE = Crypt::Bear PACKAGE = Crypt::Bear::EC::PrivateKey PREFIX = br_ec_private_key_
Crypt::Bear::EC::PrivateKey br_ec_private_key_new(curve_type curve, const char* data, size_t length(data))
CODE:
RETVAL = safemalloc(sizeof *RETVAL);
RETVAL->curve = curve;
RETVAL->x = saveupvn(data, STRLEN_length_of_data);
RETVAL->xlen = STRLEN_length_of_data;
OUTPUT:
RETVAL
curve_type br_ec_private_key_curve(Crypt::Bear::EC::PrivateKey self)
CODE:
RETVAL = self->curve;
OUTPUT:
RETVAL
Crypt::Bear::EC::PrivateKey br_ec_private_key_generate(class, curve_type curve, Crypt::Bear::PRNG prng)
CODE:
RETVAL = safemalloc(sizeof *RETVAL);
size_t length = br_ec_keygen(prng, ec_default, RETVAL, NULL, curve);
char* buffer = safemalloc(length);
br_ec_keygen(prng, ec_default, RETVAL, buffer, curve);
OUTPUT:
RETVAL
Crypt::Bear::EC::PublicKey br_ec_private_key_public_key(Crypt::Bear::EC::PrivateKey self)
CODE:
RETVAL = safemalloc(sizeof *RETVAL);
size_t length = br_ec_compute_pub(ec_default, RETVAL, NULL, self);
char* buffer = safemalloc(length);
br_ec_compute_pub(ec_default, RETVAL, buffer, self);
OUTPUT:
RETVAL
SV* br_ec_private_key_ecdsa_sign(Crypt::Bear::EC::PrivateKey self, hash_type hash_name, unsigned char* hash_value, size_t length(hash_value))
CODE:
size_t hash_size = ((hash_name->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK);
if (STRLEN_length_of_hash_value != hash_size)
Perl_croak(aTHX_ "Hash is inappropriately sized");
RETVAL = make_buffer(ecdsa_max_size);
size_t length = ec_sign_default(ec_default, hash_name, hash_value, self, SvPV_nolen(RETVAL));
if (!length)
Perl_croak(aTHX_ "Could not sign");
SvCUR_set(RETVAL, length);
OUTPUT:
RETVAL
SV* br_ec_private_key_ecdh_key_exchange(Crypt::Bear::EC::PrivateKey self, Crypt::Bear::EC::PublicKey other)
CODE:
if (self->curve != other->curve)
Perl_croak(aTHX_ "Keys must be on same curve for EC key exchange");
size_t out_length = 0;
(ec_default->generator)(self->curve, &out_length);
RETVAL = make_buffer(out_length);
memcpy(SvPV_nolen(RETVAL), other->q, other->qlen);
(ec_default->mul)(SvPV_nolen(RETVAL), other->qlen, self->x, self->xlen, self->curve);
lib/Crypt/Bear.xs view on Meta::CPAN
RETVAL = x509_key_unpack(result);
OUTPUT:
RETVAL
bool br_x509_certificate_is_ca(Crypt::Bear::X509::Certificate self)
key_kind_type br_x509_certificate_signer_key_type(Crypt::Bear::X509::Certificate self)
MODULE = Crypt::Bear PACKAGE = Crypt::Bear::X509::PrivateKey PREFIX = br_x509_private_key_
Crypt::Bear::X509::PrivateKey br_x509_private_key_new(class, const char* data, size_t length(data))
CODE:
br_skey_decoder_context context;
br_skey_decoder_init(&context);
br_skey_decoder_push(&context, data, STRLEN_length_of_data);
br_error_type error = br_skey_decoder_last_error(&context);
if (error != 0)
Perl_croak(aTHX_ "Could not decode private key: %s", lookup_error(error));
RETVAL = safemalloc(sizeof *RETVAL);
RETVAL->key_type = br_skey_decoder_key_type(&context);
if (RETVAL->key_type == BR_KEYTYPE_RSA) {
rsa_private_key_copy(&RETVAL->rsa, br_skey_decoder_get_rsa(&context));
} else if (RETVAL->key_type == BR_KEYTYPE_EC) {
ec_private_key_copy(&RETVAL->ec, br_skey_decoder_get_ec(&context));
}
OUTPUT:
RETVAL
SV* br_x509_private_key_unpack(Crypt::Bear::X509::PrivateKey self)
CODE:
RETVAL = &PL_sv_undef;
if (self->key_type == BR_KEYTYPE_RSA) {
br_rsa_private_key* key = safemalloc(sizeof *key);
rsa_private_key_copy(key, &self->rsa);
RETVAL = make_magic(key, "Crypt::Bear::RSA::PrivateKey", &Crypt__Bear__RSA__PrivateKey_magic);
} else if (self->key_type == BR_KEYTYPE_EC) {
br_ec_private_key* key = safemalloc(sizeof *key);
ec_private_key_copy(key, &self->ec);
RETVAL = make_magic(key, "Crypt::Bear::EC::PrivateKey", &Crypt__Bear__EC__PrivateKey_magic);
}
OUTPUT:
RETVAL
key_kind_type br_x509_private_key_type(Crypt::Bear::X509::PrivateKey self)
CODE:
RETVAL = self->key_type;
OUTPUT:
RETVAL
MODULE = Crypt::Bear PACKAGE = Crypt::Bear::X509::TrustAnchors PREFIX = br_x509_trust_anchors_
Crypt::Bear::X509::TrustAnchors br_x509_trust_anchors_new(class)
lib/Crypt/Bear.xs view on Meta::CPAN
RETVAL
MODULE = Crypt::Bear PACKAGE = Crypt::Bear::SSL::PrivateCertificate PREFIX = br_ssl_private_certificate_
Crypt::Bear::SSL::PrivateCertificate br_ssl_private_certificate_new(class, Crypt::Bear::X509::Certificate::Chain certs, Crypt::Bear::X509::PrivateKey key, usage_type usage = automatic)
CODE:
RETVAL = safemalloc(sizeof *RETVAL);
certificate_chain_copy(&RETVAL->chain, certs);
private_key_copy(&RETVAL->key, key);
RETVAL->usage = usage;
OUTPUT:
RETVAL
Crypt::Bear::X509::Certificate::Chain br_ssl_private_certificate_chain(Crypt::Bear::SSL::PrivateCertificate self)
CODE:
RETVAL = safemalloc(sizeof *RETVAL);
certificate_chain_copy(RETVAL, &self->chain);
OUTPUT:
RETVAL
Crypt::Bear::X509::PrivateKey br_ssl_private_certificate_key(Crypt::Bear::SSL::PrivateCertificate self)
CODE:
RETVAL = safemalloc(sizeof *RETVAL);
private_key_copy(RETVAL, &self->key);
OUTPUT:
RETVAL
MODULE = Crypt::Bear PACKAGE = Crypt::Bear::SSL::Engine PREFIX = br_ssl_engine_
const char* br_ssl_engine_get_server_name(Crypt::Bear::SSL::Engine self)
ssl_version_type br_ssl_engine_get_version(Crypt::Bear::SSL::Engine self)
lib/Crypt/Bear/EC/PrivateKey.pm view on Meta::CPAN
=head1 NAME
Crypt::Bear::EC::PrivateKey - An EC private key in BearSSL
=head1 VERSION
version 0.002
=head1 SYNOPSIS
my $private_key = Crypt::Bear::EC::PrivateKey->generate('secp256r1', $prng);
my $signature = $private_key->ecdsa_sign('sha256', $hash);
my $shared = $private_key->ecdh_key_exchange($some_public_key);
=head1 DESCRIPTION
This represents a elliptic curve private key. The curve type can be one of the following:
=over 4
=item * C<'sect163k1'>
=item * C<'sect163r1'>
lib/Crypt/Bear/EC/PublicKey.pm view on Meta::CPAN
=head1 VERSION
version 0.002
=head1 SYNOPSIS
if ($public_key->ecdsa_verify('sha256', $hash, $signature)) {
say "Success!";
}
my $shared = $private_key->ecdh_key_exchange($public_key);
=head1 DESCRIPTION
This represents a elliptic curve public key. The curve type can be one of the following:
=over 4
=item * C<'sect163k1'>
=item * C<'sect163r1'>
lib/Crypt/Bear/RSA.pm view on Meta::CPAN
=head1 VERSION
version 0.002
=head1 SYNOPSIS
my ($public, $private) = Crypt::Bear::RSA::generate_keypair($prng, 2048);
my $ciphertext = $public_key->oaep_encrypt('sha256', $input, $prng, '');
my $plaintext = $private_key->oaep_decrypt('sha256', $ciphertext, '');
my $signature = $private_key->pkcs1_sign('sha256', $hash);
if ($public_key->pkcs1_verify('sha256', $signature) eq $hash) {
...
}
=head1 DESCRIPTION
RSA is supported by two classes, L<PublicKey|Crypt::Bear::RSA::PublicKey> and L<PrivateKey|Crypt::Bear::RSA::PrivateKey>, each implementing half of it.
=head1 METHODS
lib/Crypt/Bear/RSA/PrivateKey.pm view on Meta::CPAN
=head1 NAME
Crypt::Bear::RSA::PrivateKey - An RSA private key in BearSSL
=head1 VERSION
version 0.002
=head1 SYNOPSIS
my $plaintext = $private_key->oaep_decrypt('sha256', $data, '');
my $signature = $private_key->pkcs1_sign('sha256', $hash);
=head1 DESCRIPTION
This represents an RSA public key.
=head1 METHODS
=head2 oaep_decrypt($digest, $ciphertext, $label)
This decrypts data encrypted by C<oaep_encrypt>. The C<$digest> and C<$label> must match the values used with the encrypt operation.
lib/Crypt/Bear/X509/PrivateKey.pm view on Meta::CPAN
=head1 NAME
Crypt::Bear::X509::PrivateKey - A X509 private key
=head1 VERSION
version 0.002
=head1 SYNOPSIS
my $private_key = Crypt::Bear::X509::PrivateKey->load($filename);
=head1 DESCRIPTION
This represents a X509 private key.
#ABSTRACT: A X509 private key
=head1 METHODS
=head2 new($payload)
src/ec/ec_keygen.c view on Meta::CPAN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include "inner.h"
/* see bearssl_ec.h */
size_t
br_ec_keygen(const br_prng_class **rng_ctx,
const br_ec_impl *impl, br_ec_private_key *sk,
void *kbuf, int curve)
{
const unsigned char *order;
unsigned char *buf;
size_t len;
unsigned mask;
if (curve < 0 || curve >= 32
|| ((impl->supported_curves >> curve) & 1) == 0)
{
src/ec/ec_pubkey.c view on Meta::CPAN
65, /* brainpoolP256r1 */
97, /* brainpoolP384r1 */
129, /* brainpoolP512r1 */
32, /* curve25519 */
56, /* curve448 */
};
/* see bearssl_ec.h */
size_t
br_ec_compute_pub(const br_ec_impl *impl, br_ec_public_key *pk,
void *kbuf, const br_ec_private_key *sk)
{
int curve;
size_t len;
curve = sk->curve;
if (curve < 0 || curve >= 32 || curve >= (int)(sizeof POINT_LEN)
|| ((impl->supported_curves >> curve) & 1) == 0)
{
return 0;
}
src/ec/ecdsa_i15_sign_asn1.c view on Meta::CPAN
*/
#include "inner.h"
#define ORDER_LEN ((BR_MAX_EC_SIZE + 7) >> 3)
/* see bearssl_ec.h */
size_t
br_ecdsa_i15_sign_asn1(const br_ec_impl *impl,
const br_hash_class *hf, const void *hash_value,
const br_ec_private_key *sk, void *sig)
{
unsigned char rsig[(ORDER_LEN << 1) + 12];
size_t sig_len;
sig_len = br_ecdsa_i15_sign_raw(impl, hf, hash_value, sk, rsig);
if (sig_len == 0) {
return 0;
}
sig_len = br_ecdsa_raw_to_asn1(rsig, sig_len);
memcpy(sig, rsig, sig_len);
src/ec/ecdsa_i15_sign_raw.c view on Meta::CPAN
#include "inner.h"
#define I15_LEN ((BR_MAX_EC_SIZE + 29) / 15)
#define POINT_LEN (1 + (((BR_MAX_EC_SIZE + 7) >> 3) << 1))
#define ORDER_LEN ((BR_MAX_EC_SIZE + 7) >> 3)
/* see bearssl_ec.h */
size_t
br_ecdsa_i15_sign_raw(const br_ec_impl *impl,
const br_hash_class *hf, const void *hash_value,
const br_ec_private_key *sk, void *sig)
{
/*
* IMPORTANT: this code is fit only for curves with a prime
* order. This is needed so that modular reduction of the X
* coordinate of a point can be done with a simple subtraction.
* We also rely on the last byte of the curve order to be distinct
* from 0 and 1.
*/
const br_ec_curve_def *cd;
uint16_t n[I15_LEN], r[I15_LEN], s[I15_LEN], x[I15_LEN];
src/ec/ecdsa_i31_sign_asn1.c view on Meta::CPAN
*/
#include "inner.h"
#define ORDER_LEN ((BR_MAX_EC_SIZE + 7) >> 3)
/* see bearssl_ec.h */
size_t
br_ecdsa_i31_sign_asn1(const br_ec_impl *impl,
const br_hash_class *hf, const void *hash_value,
const br_ec_private_key *sk, void *sig)
{
unsigned char rsig[(ORDER_LEN << 1) + 12];
size_t sig_len;
sig_len = br_ecdsa_i31_sign_raw(impl, hf, hash_value, sk, rsig);
if (sig_len == 0) {
return 0;
}
sig_len = br_ecdsa_raw_to_asn1(rsig, sig_len);
memcpy(sig, rsig, sig_len);
src/ec/ecdsa_i31_sign_raw.c view on Meta::CPAN
#include "inner.h"
#define I31_LEN ((BR_MAX_EC_SIZE + 61) / 31)
#define POINT_LEN (1 + (((BR_MAX_EC_SIZE + 7) >> 3) << 1))
#define ORDER_LEN ((BR_MAX_EC_SIZE + 7) >> 3)
/* see bearssl_ec.h */
size_t
br_ecdsa_i31_sign_raw(const br_ec_impl *impl,
const br_hash_class *hf, const void *hash_value,
const br_ec_private_key *sk, void *sig)
{
/*
* IMPORTANT: this code is fit only for curves with a prime
* order. This is needed so that modular reduction of the X
* coordinate of a point can be done with a simple subtraction.
* We also rely on the last byte of the curve order to be distinct
* from 0 and 1.
*/
const br_ec_curve_def *cd;
uint32_t n[I31_LEN], r[I31_LEN], s[I31_LEN], x[I31_LEN];
src/inner.h view on Meta::CPAN
* buffer.
*/
void br_mgf1_xor(void *data, size_t len,
const br_hash_class *dig, const void *seed, size_t seed_len);
/*
* Inner function for RSA key generation; used by the "i31" and "i62"
* implementations.
*/
uint32_t br_rsa_i31_keygen_inner(const br_prng_class **rng,
br_rsa_private_key *sk, void *kbuf_priv,
br_rsa_public_key *pk, void *kbuf_pub,
unsigned size, uint32_t pubexp, br_i31_modpow_opt_type mp31);
/* ==================================================================== */
/*
* Elliptic curves.
*/
/*
* Type for generic EC parameters: curve order (unsigned big-endian
src/inner.h view on Meta::CPAN
*/
const unsigned char *br_get_curve_OID(int curve);
/*
* Inner function for EC private key encoding. This is equivalent to
* the API function br_encode_ec_raw_der(), except for an extra
* parameter: if 'include_curve_oid' is zero, then the curve OID is
* _not_ included in the output blob (this is for PKCS#8 support).
*/
size_t br_encode_ec_raw_der_inner(void *dest,
const br_ec_private_key *sk, const br_ec_public_key *pk,
int include_curve_oid);
/* ==================================================================== */
/*
* SSL/TLS support functions.
*/
/*
* Record types.
*/
src/rsa/rsa_i15_keygen.c view on Meta::CPAN
w = buf1[u];
buf1[u] = buf2[u];
buf2[u] = w;
}
}
/* see bearssl_rsa.h */
uint32_t
br_rsa_i15_keygen(const br_prng_class **rng,
br_rsa_private_key *sk, void *kbuf_priv,
br_rsa_public_key *pk, void *kbuf_pub,
unsigned size, uint32_t pubexp)
{
uint32_t esize_p, esize_q;
size_t plen, qlen, tlen;
uint16_t *p, *q, *t;
uint16_t tmp[TEMPS];
uint32_t r;
if (size < BR_MIN_RSA_SIZE || size > BR_MAX_RSA_SIZE) {
src/rsa/rsa_i15_modulus.c view on Meta::CPAN
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include "inner.h"
/* see bearssl_rsa.h */
size_t
br_rsa_i15_compute_modulus(void *n, const br_rsa_private_key *sk)
{
uint16_t tmp[4 * (((BR_MAX_RSA_SIZE / 2) + 14) / 15) + 5];
uint16_t *t, *p, *q;
const unsigned char *pbuf, *qbuf;
size_t nlen, plen, qlen, tlen;
/*
* Compute actual byte and lengths for p and q.
*/
pbuf = sk->p;
src/rsa/rsa_i15_oaep_decrypt.c view on Meta::CPAN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include "inner.h"
/* see bearssl_rsa.h */
uint32_t
br_rsa_i15_oaep_decrypt(const br_hash_class *dig,
const void *label, size_t label_len,
const br_rsa_private_key *sk, void *data, size_t *len)
{
uint32_t r;
if (*len != ((sk->n_bitlen + 7) >> 3)) {
return 0;
}
r = br_rsa_i15_private(data, sk);
r &= br_rsa_oaep_unpad(dig, label, label_len, data, len);
return r;
}
src/rsa/rsa_i15_pkcs1_sign.c view on Meta::CPAN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include "inner.h"
/* see bearssl_rsa.h */
uint32_t
br_rsa_i15_pkcs1_sign(const unsigned char *hash_oid,
const unsigned char *hash, size_t hash_len,
const br_rsa_private_key *sk, unsigned char *x)
{
if (!br_rsa_pkcs1_sig_pad(hash_oid, hash, hash_len, sk->n_bitlen, x)) {
return 0;
}
return br_rsa_i15_private(x, sk);
}
src/rsa/rsa_i15_priv.c view on Meta::CPAN
* SOFTWARE.
*/
#include "inner.h"
#define U (2 + ((BR_MAX_RSA_FACTOR + 14) / 15))
#define TLEN (8 * U)
/* see bearssl_rsa.h */
uint32_t
br_rsa_i15_private(unsigned char *x, const br_rsa_private_key *sk)
{
const unsigned char *p, *q;
size_t plen, qlen;
size_t fwlen;
uint16_t p0i, q0i;
size_t xlen, u;
uint16_t tmp[1 + TLEN];
long z;
uint16_t *mp, *mq, *s1, *s2, *t1, *t2, *t3;
uint32_t r;
src/rsa/rsa_i15_privexp.c view on Meta::CPAN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include "inner.h"
/* see bearssl_rsa.h */
size_t
br_rsa_i15_compute_privexp(void *d,
const br_rsa_private_key *sk, uint32_t e)
{
/*
* We want to invert e modulo phi = (p-1)(q-1). This first
* requires computing phi, which is easy since we have the factors
* p and q in the private key structure.
*
* Since p = 3 mod 4 and q = 3 mod 4, phi/4 is an odd integer.
* We could invert e modulo phi/4 then patch the result to
* modulo phi, but this would involve assembling three modulus-wide
* values (phi/4, 1 and e) and calling moddiv, that requires
src/rsa/rsa_i15_pss_sign.c view on Meta::CPAN
* SOFTWARE.
*/
#include "inner.h"
/* see bearssl_rsa.h */
uint32_t
br_rsa_i15_pss_sign(const br_prng_class **rng,
const br_hash_class *hf_data, const br_hash_class *hf_mgf1,
const unsigned char *hash, size_t salt_len,
const br_rsa_private_key *sk, unsigned char *x)
{
if (!br_rsa_pss_sig_pad(rng, hf_data, hf_mgf1, hash,
salt_len, sk->n_bitlen, x))
{
return 0;
}
return br_rsa_i15_private(x, sk);
}
src/rsa/rsa_i15_pubexp.c view on Meta::CPAN
* bit length.
*/
e = (uint32_t)x[1] | ((uint32_t)x[2] << 15) | ((uint32_t)x[3] << 30);
e &= -LT(br_i15_bit_length(x + 1, len - 1), 35);
e &= -(e & 1);
return e;
}
/* see bearssl_rsa.h */
uint32_t
br_rsa_i15_compute_pubexp(const br_rsa_private_key *sk)
{
/*
* Get the public exponent from both p and q. This is the right
* exponent if we get twice the same value.
*/
uint32_t ep, eq;
ep = get_pubexp(sk->p, sk->plen, sk->dp, sk->dplen);
eq = get_pubexp(sk->q, sk->qlen, sk->dq, sk->dqlen);
return ep & -EQ(ep, eq);
src/rsa/rsa_i31_keygen.c view on Meta::CPAN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include "inner.h"
/* see bearssl_rsa.h */
uint32_t
br_rsa_i31_keygen(const br_prng_class **rng,
br_rsa_private_key *sk, void *kbuf_priv,
br_rsa_public_key *pk, void *kbuf_pub,
unsigned size, uint32_t pubexp)
{
return br_rsa_i31_keygen_inner(rng,
sk, kbuf_priv, pk, kbuf_pub, size, pubexp,
&br_i31_modpow_opt);
}
src/rsa/rsa_i31_keygen_inner.c view on Meta::CPAN
w = buf1[u];
buf1[u] = buf2[u];
buf2[u] = w;
}
}
/* see inner.h */
uint32_t
br_rsa_i31_keygen_inner(const br_prng_class **rng,
br_rsa_private_key *sk, void *kbuf_priv,
br_rsa_public_key *pk, void *kbuf_pub,
unsigned size, uint32_t pubexp, br_i31_modpow_opt_type mp31)
{
uint32_t esize_p, esize_q;
size_t plen, qlen, tlen;
uint32_t *p, *q, *t;
union {
uint32_t t32[TEMPS];
uint64_t t64[TEMPS >> 1]; /* for 64-bit alignment */
} tmp;
src/rsa/rsa_i31_modulus.c view on Meta::CPAN
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include "inner.h"
/* see bearssl_rsa.h */
size_t
br_rsa_i31_compute_modulus(void *n, const br_rsa_private_key *sk)
{
uint32_t tmp[4 * (((BR_MAX_RSA_SIZE / 2) + 30) / 31) + 5];
uint32_t *t, *p, *q;
const unsigned char *pbuf, *qbuf;
size_t nlen, plen, qlen, tlen;
/*
* Compute actual byte and lengths for p and q.
*/
pbuf = sk->p;
src/rsa/rsa_i31_oaep_decrypt.c view on Meta::CPAN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include "inner.h"
/* see bearssl_rsa.h */
uint32_t
br_rsa_i31_oaep_decrypt(const br_hash_class *dig,
const void *label, size_t label_len,
const br_rsa_private_key *sk, void *data, size_t *len)
{
uint32_t r;
if (*len != ((sk->n_bitlen + 7) >> 3)) {
return 0;
}
r = br_rsa_i31_private(data, sk);
r &= br_rsa_oaep_unpad(dig, label, label_len, data, len);
return r;
}
( run in 0.497 second using v1.01-cache-2.11-cpan-4d50c553e7e )