From 5121ce5bdbc92e134a42220a1aa23f95037c7625 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Sat, 3 Jan 2009 21:22:43 +0000 Subject: [PATCH] - Renamed include directory to polarssl --- ChangeLog | 155 ++ Makefile | 30 + XySSL.png | Bin 0 -> 27745 bytes contrib/indent.sh | 32 + include/polarssl/aes.h | 103 ++ include/polarssl/arc4.h | 51 + include/polarssl/base64.h | 62 + include/polarssl/bignum.h | 406 ++++++ include/polarssl/bn_mul.h | 700 +++++++++ include/polarssl/certs.h | 24 + include/polarssl/config.h | 284 ++++ include/polarssl/debug.h | 63 + include/polarssl/des.h | 149 ++ include/polarssl/dhm.h | 122 ++ include/polarssl/havege.h | 44 + include/polarssl/md2.h | 120 ++ include/polarssl/md4.h | 119 ++ include/polarssl/md5.h | 119 ++ include/polarssl/net.h | 103 ++ include/polarssl/openssl.h | 113 ++ include/polarssl/padlock.h | 73 + include/polarssl/rsa.h | 274 ++++ include/polarssl/sha1.h | 119 ++ include/polarssl/sha2.h | 127 ++ include/polarssl/sha4.h | 135 ++ include/polarssl/ssl.h | 517 +++++++ include/polarssl/timing.h | 50 + include/polarssl/x509.h | 295 ++++ library/Makefile | 57 + library/aes.c | 1134 +++++++++++++++ library/arc4.c | 158 ++ library/base64.c | 249 ++++ library/bignum.c | 1955 +++++++++++++++++++++++++ library/certs.c | 211 +++ library/debug.c | 202 +++ library/des.c | 876 ++++++++++++ library/dhm.c | 253 ++++ library/havege.c | 261 ++++ library/md2.c | 343 +++++ library/md4.c | 442 ++++++ library/md5.c | 565 ++++++++ library/net.c | 346 +++++ library/padlock.c | 159 +++ library/rsa.c | 730 ++++++++++ library/sha1.c | 607 ++++++++ library/sha2.c | 688 +++++++++ library/sha4.c | 743 ++++++++++ library/ssl_cli.c | 768 ++++++++++ library/ssl_srv.c | 930 ++++++++++++ library/ssl_tls.c | 1977 ++++++++++++++++++++++++++ library/timing.c | 250 ++++ library/x509parse.c | 1749 +++++++++++++++++++++++ programs/Makefile | 97 ++ programs/aes/aescrypt2.c | 396 ++++++ programs/hash/hello.c | 50 + programs/hash/md5sum.c | 156 ++ programs/hash/sha1sum.c | 156 ++ programs/hash/sha2sum.c | 156 ++ programs/pkey/dh_client.c | 249 ++++ programs/pkey/dh_genprime.c | 122 ++ programs/pkey/dh_prime.txt | 2 + programs/pkey/dh_server.c | 252 ++++ programs/pkey/mpi_demo.c | 76 + programs/pkey/rsa_genkey.c | 130 ++ programs/pkey/rsa_priv.txt | 8 + programs/pkey/rsa_pub.txt | 2 + programs/pkey/rsa_sign.c | 130 ++ programs/pkey/rsa_verify.c | 133 ++ programs/ssl/CA-HOWTO.txt | 144 ++ programs/ssl/ssl_client1.c | 172 +++ programs/ssl/ssl_client2.c | 283 ++++ programs/ssl/ssl_server.c | 399 ++++++ programs/ssl/test-ca/client1.crt | 76 + programs/ssl/test-ca/client1.key | 27 + programs/ssl/test-ca/client2.crt | 76 + programs/ssl/test-ca/client2.key | 27 + programs/ssl/test-ca/client2.pfx | Bin 0 -> 2397 bytes programs/ssl/test-ca/crl.pem | 11 + programs/ssl/test-ca/index | 4 + programs/ssl/test-ca/index.attr | 1 + programs/ssl/test-ca/newcerts/01.pem | 76 + programs/ssl/test-ca/newcerts/02.pem | 76 + programs/ssl/test-ca/newcerts/03.pem | 76 + programs/ssl/test-ca/newcerts/04.pem | 76 + programs/ssl/test-ca/serial | 1 + programs/ssl/test-ca/server1.crt | 76 + programs/ssl/test-ca/server1.key | 27 + programs/ssl/test-ca/server2.crt | 76 + programs/ssl/test-ca/server2.key | 27 + programs/ssl/test-ca/sslconf.txt | 60 + programs/ssl/test-ca/test-ca.crt | 79 + programs/ssl/test-ca/test-ca.key | 30 + programs/test/benchmark.c | 253 ++++ programs/test/selftest.c | 131 ++ programs/test/ssl_test.c | 580 ++++++++ visualc/_build.dsw | 368 +++++ visualc/_build_all.dsp | 63 + visualc/aescrypt2.dsp | 101 ++ visualc/benchmark.dsp | 101 ++ visualc/dh_client.dsp | 101 ++ visualc/dh_genprime.dsp | 101 ++ visualc/dh_prime.txt | 2 + visualc/dh_server.dsp | 101 ++ visualc/hello.dsp | 101 ++ visualc/md5sum.dsp | 101 ++ visualc/mpi_demo.dsp | 101 ++ visualc/rsa_genkey.dsp | 101 ++ visualc/rsa_priv.txt | 8 + visualc/rsa_pub.txt | 2 + visualc/rsa_sign.dsp | 101 ++ visualc/rsa_verify.dsp | 101 ++ visualc/selftest.dsp | 101 ++ visualc/sha1sum.dsp | 101 ++ visualc/sha2sum.dsp | 101 ++ visualc/ssl_client1.dsp | 101 ++ visualc/ssl_client2.dsp | 101 ++ visualc/ssl_server.dsp | 101 ++ visualc/ssl_test.dsp | 101 ++ visualc/xyssl.dsp | 276 ++++ 119 files changed, 27558 insertions(+) create mode 100644 ChangeLog create mode 100644 Makefile create mode 100644 XySSL.png create mode 100755 contrib/indent.sh create mode 100644 include/polarssl/aes.h create mode 100644 include/polarssl/arc4.h create mode 100644 include/polarssl/base64.h create mode 100644 include/polarssl/bignum.h create mode 100644 include/polarssl/bn_mul.h create mode 100644 include/polarssl/certs.h create mode 100644 include/polarssl/config.h create mode 100644 include/polarssl/debug.h create mode 100644 include/polarssl/des.h create mode 100644 include/polarssl/dhm.h create mode 100644 include/polarssl/havege.h create mode 100644 include/polarssl/md2.h create mode 100644 include/polarssl/md4.h create mode 100644 include/polarssl/md5.h create mode 100644 include/polarssl/net.h create mode 100644 include/polarssl/openssl.h create mode 100644 include/polarssl/padlock.h create mode 100644 include/polarssl/rsa.h create mode 100644 include/polarssl/sha1.h create mode 100644 include/polarssl/sha2.h create mode 100644 include/polarssl/sha4.h create mode 100644 include/polarssl/ssl.h create mode 100644 include/polarssl/timing.h create mode 100644 include/polarssl/x509.h create mode 100644 library/Makefile create mode 100644 library/aes.c create mode 100644 library/arc4.c create mode 100644 library/base64.c create mode 100644 library/bignum.c create mode 100644 library/certs.c create mode 100644 library/debug.c create mode 100644 library/des.c create mode 100644 library/dhm.c create mode 100644 library/havege.c create mode 100644 library/md2.c create mode 100644 library/md4.c create mode 100644 library/md5.c create mode 100644 library/net.c create mode 100644 library/padlock.c create mode 100644 library/rsa.c create mode 100644 library/sha1.c create mode 100644 library/sha2.c create mode 100644 library/sha4.c create mode 100644 library/ssl_cli.c create mode 100644 library/ssl_srv.c create mode 100644 library/ssl_tls.c create mode 100644 library/timing.c create mode 100644 library/x509parse.c create mode 100644 programs/Makefile create mode 100644 programs/aes/aescrypt2.c create mode 100644 programs/hash/hello.c create mode 100644 programs/hash/md5sum.c create mode 100644 programs/hash/sha1sum.c create mode 100644 programs/hash/sha2sum.c create mode 100644 programs/pkey/dh_client.c create mode 100644 programs/pkey/dh_genprime.c create mode 100644 programs/pkey/dh_prime.txt create mode 100644 programs/pkey/dh_server.c create mode 100644 programs/pkey/mpi_demo.c create mode 100644 programs/pkey/rsa_genkey.c create mode 100644 programs/pkey/rsa_priv.txt create mode 100644 programs/pkey/rsa_pub.txt create mode 100644 programs/pkey/rsa_sign.c create mode 100644 programs/pkey/rsa_verify.c create mode 100644 programs/ssl/CA-HOWTO.txt create mode 100644 programs/ssl/ssl_client1.c create mode 100644 programs/ssl/ssl_client2.c create mode 100644 programs/ssl/ssl_server.c create mode 100644 programs/ssl/test-ca/client1.crt create mode 100644 programs/ssl/test-ca/client1.key create mode 100644 programs/ssl/test-ca/client2.crt create mode 100644 programs/ssl/test-ca/client2.key create mode 100644 programs/ssl/test-ca/client2.pfx create mode 100644 programs/ssl/test-ca/crl.pem create mode 100644 programs/ssl/test-ca/index create mode 100644 programs/ssl/test-ca/index.attr create mode 100644 programs/ssl/test-ca/newcerts/01.pem create mode 100644 programs/ssl/test-ca/newcerts/02.pem create mode 100644 programs/ssl/test-ca/newcerts/03.pem create mode 100644 programs/ssl/test-ca/newcerts/04.pem create mode 100644 programs/ssl/test-ca/serial create mode 100644 programs/ssl/test-ca/server1.crt create mode 100644 programs/ssl/test-ca/server1.key create mode 100644 programs/ssl/test-ca/server2.crt create mode 100644 programs/ssl/test-ca/server2.key create mode 100644 programs/ssl/test-ca/sslconf.txt create mode 100644 programs/ssl/test-ca/test-ca.crt create mode 100644 programs/ssl/test-ca/test-ca.key create mode 100644 programs/test/benchmark.c create mode 100644 programs/test/selftest.c create mode 100644 programs/test/ssl_test.c create mode 100644 visualc/_build.dsw create mode 100644 visualc/_build_all.dsp create mode 100644 visualc/aescrypt2.dsp create mode 100644 visualc/benchmark.dsp create mode 100644 visualc/dh_client.dsp create mode 100644 visualc/dh_genprime.dsp create mode 100644 visualc/dh_prime.txt create mode 100644 visualc/dh_server.dsp create mode 100644 visualc/hello.dsp create mode 100644 visualc/md5sum.dsp create mode 100644 visualc/mpi_demo.dsp create mode 100644 visualc/rsa_genkey.dsp create mode 100644 visualc/rsa_priv.txt create mode 100644 visualc/rsa_pub.txt create mode 100644 visualc/rsa_sign.dsp create mode 100644 visualc/rsa_verify.dsp create mode 100644 visualc/selftest.dsp create mode 100644 visualc/sha1sum.dsp create mode 100644 visualc/sha2sum.dsp create mode 100644 visualc/ssl_client1.dsp create mode 100644 visualc/ssl_client2.dsp create mode 100644 visualc/ssl_server.dsp create mode 100644 visualc/ssl_test.dsp create mode 100644 visualc/xyssl.dsp diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 000000000..e9a7de98c --- /dev/null +++ b/ChangeLog @@ -0,0 +1,155 @@ + += Version 0.9 released on 2008-03-16 + + * Added support for ciphersuite: SSL_RSA_AES_128_SHA + * Enabled support for large files by default in aescrypt2.c + * Preliminary openssl wrapper contributed by David Barrett + * Fixed a bug in ssl_write() that caused the same payload to + be sent twice in non-blocking mode when send returns EAGAIN + * Fixed ssl_parse_client_hello(): session id and challenge must + not be swapped in the SSLv2 ClientHello (found by Greg Robson) + * Added user-defined callback debug function (Krystian Kolodziej) + * Before freeing a certificate, properly zero out all cert. data + * Fixed the "mode" parameter so that encryption/decryption are + not swapped on PadLock; also fixed compilation on older versions + of gcc (bug reported by David Barrett) + * Correctly handle the case in padlock_xcryptcbc() when input or + ouput data is non-aligned by falling back to the software + implementation, as VIA Nehemiah cannot handle non-aligned buffers + * Fixed a memory leak in x509parse_crt() which was reported by Greg + Robson-Garth; some x509write.c fixes by Pascal Vizeli, thanks to + Matthew Page who reported several bugs + * Fixed x509_get_ext() to accept some rare certificates which have + an INTEGER instead of a BOOLEAN for BasicConstraints::cA. + * Added support on the client side for the TLS "hostname" extension + (patch contributed by David Patino) + * Make x509parse_verify() return BADCERT_CN_MISMATCH when an empty + string is passed as the CN (bug reported by spoofy) + * Added an option to enable/disable the BN assembly code + * Updated rsa_check_privkey() to verify that (D*E) = 1 % (P-1)*(Q-1) + * Disabled obsolete hash functions by default (MD2, MD4); updated + selftest and benchmark to not test ciphers that have been disabled + * Updated x509parse_cert_info() to correctly display byte 0 of the + serial number, setup correct server port in the ssl client example + * Fixed a critical denial-of-service with X.509 cert. verification: + peer may cause xyssl to loop indefinitely by sending a certificate + for which the RSA signature check fails (bug reported by Benoit) + * Added test vectors for: AES-CBC, AES-CFB, DES-CBC and 3DES-CBC, + HMAC-MD5, HMAC-SHA1, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 + * Fixed HMAC-SHA-384 and HMAC-SHA-512 (thanks to Josh Sinykin) + * Modified ssl_parse_client_key_exchange() to protect against + Daniel Bleichenbacher attack on PKCS#1 v1.5 padding, as well + as the Klima-Pokorny-Rosa extension of Bleichenbacher's attack + * Updated rsa_gen_key() so that ctx->N is always nbits in size + * Fixed assembly PPC compilation errors on Mac OS X, thanks to + David Barrett and Dusan Semen + += Version 0.8 released on 2007-10-20 + + * Modified the HMAC functions to handle keys larger + than 64 bytes, thanks to Stephane Desneux and gary ng + * Fixed ssl_read_record() to properly update the handshake + message digests, which fixes IE6/IE7 client authentication + * Cleaned up the XYSSL* #defines, suggested by Azriel Fasten + * Fixed net_recv(), thanks to Lorenz Schori and Egon Kocjan + * Added user-defined callbacks for handling I/O and sessions + * Added lots of debugging output in the SSL/TLS functions + * Added preliminary X.509 cert. writing by Pascal Vizeli + * Added preliminary support for the VIA PadLock routines + * Added AES-CFB mode of operation, contributed by chmike + * Added an SSL/TLS stress testing program (ssl_test.c) + * Updated the RSA PKCS#1 code to allow choosing between + RSA_PUBLIC and RSA_PRIVATE, as suggested by David Barrett + * Updated ssl_read() to skip 0-length records from OpenSSL + * Fixed the make install target to comply with *BSD make + * Fixed a bug in mpi_read_binary() on 64-bit platforms + * mpi_is_prime() speedups, thanks to Kevin McLaughlin + * Fixed a long standing memory leak in mpi_is_prime() + * Replaced realloc with malloc in mpi_grow(), and set + the sign of zero as positive in mpi_init() (reported + by Jonathan M. McCune) + += Version 0.7 released on 2007-07-07 + + * Added support for the MicroBlaze soft-core processor + * Fixed a bug in ssl_tls.c which sometimes prevented SSL + connections from being established with non-blocking I/O + * Fixed a couple bugs in the VS6 and UNIX Makefiles + * Fixed the "PIC register ebx clobbered in asm" bug + * Added HMAC starts/update/finish support functions + * Added the SHA-224, SHA-384 and SHA-512 hash functions + * Fixed the net_set_*block routines, thanks to Andreas + * Added a few demonstration programs: md5sum, sha1sum, + dh_client, dh_server, rsa_genkey, rsa_sign, rsa_verify + * Added new bignum import and export helper functions + * Rewrote README.txt in program/ssl/ca to better explain + how to create a test PKI + += Version 0.6 released on 2007-04-01 + + * Ciphers used in SSL/TLS can now be disabled at compile + time, to reduce the memory footprint on embedded systems + * Added multiply assembly code for the TriCore and modified + havege_struct for this processor, thanks to David Patiño + * Added multiply assembly code for 64-bit PowerPCs, + thanks to Peking University and the OSU Open Source Lab + * Added experimental support of Quantum Cryptography + * Added support for autoconf, contributed by Arnaud Cornet + * Fixed "long long" compilation issues on IA-64 and PPC64 + * Fixed a bug introduced in xyssl-0.5/timing.c: hardclock + was not being correctly defined on ARM and MIPS + += Version 0.5 released on 2007-03-01 + + * Added multiply assembly code for SPARC and Alpha + * Added (beta) support for non-blocking I/O operations + * Implemented session resuming and client authentication + * Fixed some portability issues on WinCE, MINIX 3, Plan9 + (thanks to Benjamin Newman), HP-UX, FreeBSD and Solaris + * Improved the performance of the EDH key exchange + * Fixed a bug that caused valid packets with a payload + size of 16384 bytes to be rejected + += Version 0.4 released on 2007-02-01 + + * Added support for Ephemeral Diffie-Hellman key exchange + * Added multiply asm code for SSE2, ARM, PPC, MIPS and M68K + * Various improvement to the modular exponentiation code + * Rewrote the headers to generate the API docs with doxygen + * Fixed a bug in ssl_encrypt_buf (incorrect padding was + generated) and in ssl_parse_client_hello (max. client + version was not properly set), thanks to Didier Rebeix + * Fixed another bug in ssl_parse_client_hello: clients with + cipherlists larger than 96 bytes were incorrectly rejected + * Fixed a couple memory leak in x509_read.c + += Version 0.3 released on 2007-01-01 + + * Added server-side SSLv3 and TLSv1.0 support + * Multiple fixes to enhance the compatibility with g++, + thanks to Xosé Antón Otero Ferreira + * Fixed a bug in the CBC code, thanks to dowst; also, + the bignum code is no longer dependant on long long + * Updated rsa_pkcs1_sign to handle arbitrary large inputs + * Updated timing.c for improved compatibility with i386 + and 486 processors, thanks to Arnaud Cornet + += Version 0.2 released on 2006-12-01 + + * Updated timing.c to support ARM and MIPS arch + * Updated the MPI code to support 8086 on MSVC 1.5 + * Added the copyright notice at the top of havege.h + * Fixed a bug in sha2_hmac, thanks to newsoft/Wenfang Zhang + * Fixed a bug reported by Adrian Rüegsegger in x509_read_key + * Fixed a bug reported by Torsten Lauter in ssl_read_record + * Fixed a bug in rsa_check_privkey that would wrongly cause + valid RSA keys to be dismissed (thanks to oldwolf) + * Fixed a bug in mpi_is_prime that caused some primes to fail + the Miller-Rabin primality test + + I'd also like to thank Younès Hafri for the CRUX linux port, + Khalil Petit who added XySSL into pkgsrc and Arnaud Cornet + who maintains the Debian package :-) + += Version 0.1 released on 2006-11-01 + diff --git a/Makefile b/Makefile new file mode 100644 index 000000000..69ee04986 --- /dev/null +++ b/Makefile @@ -0,0 +1,30 @@ + +DESTDIR=/usr/local +PREFIX=xyssl_ + +.SILENT: + +all: + cd library && make all && cd .. + cd programs && make all && cd .. + +install: + mkdir -p $(DESTDIR)/include/xyssl + cp -r include/xyssl $(DESTDIR)/include + + mkdir -p $(DESTDIR)/lib + cp library/libxyssl.* $(DESTDIR)/lib + + mkdir -p $(DESTDIR)/bin + for p in programs/*/* ; do \ + if [ -x $$p ] && [ ! -d $$p ] ; \ + then \ + f=$(PREFIX)`basename $$p` ; \ + cp $$p $(DESTDIR)/bin/$$f ; \ + fi \ + done + +clean: + cd library && make clean && cd .. + cd programs && make clean && cd .. + diff --git a/XySSL.png b/XySSL.png new file mode 100644 index 0000000000000000000000000000000000000000..f631a3b0f5612e6eac7578b2ae2e12d7ba8befbc GIT binary patch literal 27745 zcma%jcRZDU_`ba|j**pdj3mj*$~;C^LXsqLNSq|udvlCrC!uU1SxHv*4%sUS*_-VB zyM4Z|@9*#L^Xj9|t8<+5Jn!dy-}iN2*L6RkI$Ej}WXxnZI5-sQYRbAeIJlYc|EVN+ z@UycmvJUUVAt4-wUVV3%`e;F;2?3-l@;_{f2~xzc-(tXDaW6; z_b2T7LxFPN@I?d(Hwy1YLhQ}?3m+mKemTua-QXZpM3W%uK9)cF;=W$ZaJ1KY^5u_g z%=hb;lxS3zBaI@W%XWWx0S4jRc8-NOG{X#)4NYtMG`v4$HzZ> zV5JXhwkSFBi{$b=t^I5C$Lo6awEL;0LHqiJl}dK6s&O0fB-f9u%cRr`TkwWb!+qRq7xw}pqoteJ?Il^3R#&SI&)kG4Uox?ejF0E*=Z#u_ z>&1K>d+|?Anh53BY!=-rEh^eHy*XoFp~KrG2$wW!E$)pLNnjn>T+1mNj@jRExY?w; z?zYusK`S|S60uR<_HWKs@{Bubucj`d@+_&#qQXckyFW`eS2tIbIUKIz%cHg{n}3_l zgo7KWwhlxRG?56~ir*3On*v3B)%=NF78$)c`gsSQHTrpCNnN_R16HN5pl$7%Z!g5Q z!-;T4t8vrh>hb;NtN14$={0;pZ~Ho~W7b;y5nr4}mTt9i;hZrN6;qbLM4T1PP{XDqesHKP=j=IEVGg7Q#macm8 zYO9xPEkhBP8tw|5V=qQDS`ALvtk{4rjyar2iw#LaPwb5dYlchUr@zfjQ(;t~p9klv z%*k-46h)Sb6tL~9gsxAO)Y{-TQwj07I=()}ob-C-OX9nBrI%GLX%$M>{k)LbN?V-_y0!bl*#qtuY1^-;BPE4BZ;x&X-~;=<&{ zsmYs9WG5wNh@;h-=C_I!_4wj+bLqmGnZs3(h{<;=lG0ST4zLgO_@?x{3mssU;DcJH zLz~Ssl?CFTi!!I_givj}`RmH}Sc``>o56+f#KM9mbtax=3s=;03rU}*LiETHxuQ19R{EHc0-Z3kFXJk1M-hvi_bCYC= zP|29Gm4t=Lxch#>)(CdQPGPx`z#74Bpm8C*-J;}Sc0W_N3jbVW-yPH1$m@QxCIa!X z?U}99c2(ovwelad;yY&Dt0T^0rla|#;e+S{b$H)sWLcF;u~1$LZ|UvrwJNnLHh_&B z-*M~vG^$O}*to(dqK4HEg`^`h&A?lnBwSfr!<%cH_*($)dh0Eh0ufQr zzVU96VSbl|gSk0@s)zg~2w4@*=+)I1k*&1kL`rE0@>SR&{L(Z6fiDz((}gP2kYTso zz4+-Ngds(`x-#k%K9bTruD#DBA=F0!QuSu>bSq)`AzluU- z8VStXSHM-DZyy8kr0aBK6-GbL_pZg{ILAhr9v`Fx6moLM-3wM_zOngvsbSurKQ-}0 zAnb@|iaJW!{TzC&v-Xe$;Um&?HjYjVnuOG-+#l553nm+>8F~1e3G3(VyC_i8&_PHf3EzMD?Ykuo8 zjrxDV0%vbrxW2M7Vl6&7ZtPGmcqv>(hHcNi8UokB;RYi)JsH-bqf(GuAK41=01-dD47U@5Q4@&27WV`HgA9Ssy<9y>mR(mF z$OW_Zw>YC!GB^+<5GRKDa5~%`*!uzqk{SDhg@v3h3kV*`^yQsO*yN|j6=SOr%AByB z;A01^eh;=<_TL>pv#($wC;Fh3-93*#(mcIsBoOSy8K-fdFK*BZen7263mN3=2h{uC z3B%z0)|8n^OXDz;D;tBIl&F>cq}V_tq3NnYt{%c5XLwnSWy;622`9I@An{&)3{6%3aJX>bn5`tui4B`8*&e|RnwpPQ~v;e)Rn(CZ9N*NgzU^9@-<&Y zc9uV3uec~ADms7>g=>XOHERzW(As+CSLyS6_wEg7|FZseFI!72>CSg=0)-9p;o^Fzl=?UtVgt@z@|hyu#(g&3P&batN~+M1dWf_xHW z1!R=F5t<45c>pMG)nw`L)-6Hyuoge!dc>}`Cl43FNexS7Ux6;l?q77T{yD!Du97is zBf%U_OH11t$^Ia35VAK>he9p24cBLGvumceIK19;S(xraiVALw*2wy8Bk`6vrJI3- z03xz+%CVN@lV4;74wnp@wj@iCTS#m-Bvbykp`oFpqoZ627dXY+w#=?_hU@Ut-$)>j z;gCzAO1p@pjA3LPzxK*nv|MiEL1Ne3z`#KGC5gGYxf%PLvF*xVBbvfOw8MGbN=85H z@lgg(pPn2Qn$%JTHwvNe@X!uw03Mj z5^By)J<7&dNeCvdb3PH1lG32DJz?a@(j`@3g1cv50U0fCFflo~#_MQzwj=&J{e{TZ zWgllezdD<;4)ZULQjhcXO>Mr8t$LSd)Cv;6O~v<=g~hX#{8m=hIAxoq3&oQ@?5VRe zJ#mm>zKY1n;~Kg#kHRwbF4kKay~I>(zpFhMn1lcV==IHlR zhrO+$sv5~IUsF^hBri{8)q9lGF*Cz0O>^LBoTdBtyX)rCU>+GZ{VZu<(XrI_l-GCdhz4IWf`y`9XZ`F=0)R8aE&ewD)9qp9$GAK*#LSV4fsmx})Z+YkBrH4pe87KAS7V0?dQ=(`}YEl9zR!ZWYH2u71rN2rnyN%0jO})L@ zaLE#zdm?db3dQQpMW_c_&l*~~=eI%_Ig5R5A4xPJXiH%~R=P;CNbd5*y{bpQOG%M; znCo2Z&z_R0S+5XcBi;+z1j19hi)ap^K+DfZ|hExKO417q0Y?k$z^4M z)W3bW^E|#|5F@Hq+^TA^6^pWj%zJbKAZ*I^b73K5b>}KsadGFJr9r{kV|z0*MI@r< zdp&;h{l(&pqbIPSf1AUeKY!lQ(b4uPK+Io{(amHgSTSvK>j3Ix|DvNLi+8OLGzE|t zO1kB$yiX2CMhu8MSr3dbsXgW*k83>LoSZJsUBt-3N{l_Ja|9fHo`f};&8Rmy%dbkpx(B^h>BefvH>8cU<2NajEwp26cace zJ`7dKKpI?)(=bZmZr&AH1}qLq_{(LrcR~rB#l^)P@q&-?hvXPAt(Hat!(j}9>Ag9+ zxd40LS*v=DwVDsPRU4-&anqQVjQ02Un|L40TBdlZc=^s0MzCyq7)N;yx3z^RrUAUd zD&lSyniZ>!=L~T1F_PQ7JU<#g0>Vv5PCoq`CTR1!Tv$r#5O+?owvU`Bz_`$|*q~@Q zDlubd!|^vq`=5bjryd-td1ItmL?^k~!t2Ort5#2T!I;J=*tDn^6cW-P_qV>S@{jWP z6-H~Jv{#_23B+ko8xlQ6#=5ot!p&vQD!nxehjWs*@yNHQ(0tuH5PPJ-o+{gC5@A`G9Ngq7dP z*XQbtvns6|PHa-AQZ&gM#PeFRH3{$GD6qx!9M9uPiva4<b+wD#<%cEW4#F=sTiDNv*3c3SmBRsLMSgw~^b*7smbs$`g!8ovDV-EH-k zm{rT-aI;Iy8`VDgCOZ3p=nCH_ev&GZEJUj32}0uKAJL?)+USZ@!?#@)Wro)Ys_N0f zYzi)+*FqU^vtcvJrN}q!LD?y~lY46!zi8Pd&lizBXeGuRuABRNbo8N#$=R~W*`d$b zo{vpgmCyGKW|u2k@1r!bV5`Vo{oxMnUYXsn=@8%w0K#hAKW4ue3CP?1ZR&*k-+1yH z$88US>g;6V>}0t1RE&iZP)buIY3dERw=9HWh78aV)}#69uf=x|1x#&q%b!7TRXQwh zpZ5C6dG=V6=yH>@l%tUbfB|gEOvkxiLQj~fyLctV(|)=od}?ZH;-?YgOQ(CV*baud zdhW)-bfFo%W-cxg^kFwyA|n14d25LUN-yt7;k+3LCa)_n(WZaj8GU|GTT=x$+Rgv` z@UrIMqtACPs&R9X53(NgYbrdkxU?}=zweq*c?UfV)<7b18OehNtz_N)nWt!S^7Z8x z6r9fcoX$&3c+!#(pys|9<|7j|vic_cAKQKnpu4Nk3#& zBwIA+nMPK6|Du3Vx$WO3(xtGY>z!DD^WV~x%+Q7Q!sac2-vWtr-r4mOL5UA*orV-D zPPWv^$j%z~YV-6<@xB5-Jrxy|5+iZ5@TRNh^XC`dtQFRtx_f$hngoO#=QW#EIIsTt z@q^4YaxwydQKkaPl@MiHG>-p%OuPAr^=?yB6ZQgw+Ut+nnU7$Lr<@(6ysSMDrz3;K zgw6s`g!2&q;!*3hkRjH#a<0k!wH#HUHPkQ%WAEzT(~^e^ga9uA|3mu4VhInex*~k6 zM46HG92K};bOb?+batqLnKT?G#~Xeq)F2r*k8bz+ty%hjdeorho(k5M_G4_9MQ~6M zWFELNIlY(#lhLZ~TYPbft)UyIZAR|@vXJQJ`7MQaS4!3*hJ^oo#H}w579PQfzH0uf zP+!oCF)ta_$nt-<;(-IZdQTCOyVM8D=qI|=AJn*^48VQsFe^S?ojA>Bmm_0>d*|Tb z@aWN_Ts^X9#IfxJxV$a$788J7w+>{|wL+ECjSDZ42WiV4nA_MCqztQ{wolm}&kFif zILvDSF|l=EQQ~H1W@c{>aY%bLIYQpA;X1WrTJn-FH-=be)NMWIU0-;dS`M`v;io?$ zM0abrEvR?K?skNd0bs}+w3?rrYfD-pW^I_-SRO8v5EoB%gJ#3_7d550NN6U}LnH!9 z17O`=Osd0^vN32SG0j${ zQ0R1bbaaG*UO0?@lv7+0QGvPxo14ZZrbaX5os-a&y9!2y!&F~gf31o)r3w*pI!WME z1tgFIdt_ETVpbeAAeqjWWBJ|ZtVTEY_+N)${mN=S}MV%M-h^rPglb zeR^P7Hs;k+L4sA}^blLc0Bs;!Nr_)i)-Rx2Cw&)Rqu@H_w(ir3ZseV!H@+_-TA z6780&OvrDj6bAejLX0_meF#Yf8vL<8XrZWMm6Q?c$X0e4SKG5wuaxdqixLW=#*vYc znVA{*xxX(-O?$Zp$I1(_^kaTY`5y_MWhTz0q=!7QK#l6_|n znv3#4$emL&m-#LRU=)XHEL1z5Gz zFdPz58=VEon;&*#nL`)fP_s}0t7X7{cyc;8ct2EG1dbaw91gb^x8}PeBO)3^mQa-{ z8N#BX+;JLd&4Io|gTdHS=I1#)MEp~eW$PY??;5X~-*kmyq@0pUK%8_Ni9q%f)6xW8 zi69FROEV)~)#zJvorC+vE3Z#87Q_GQP|jOPNo9o zJoM*)FR3fgOkJL#aQFy{>3FpV(0OYsD=anw21KxL)n5cR7JvOJDldPwn4OX=?NSi1 zuUj}w8>$Rk#S82lfowBLNCpbcu;58jbD^_OKM%V@x_`QF)y&BLMO|F+2!ryQAH#_D zEpBJ1Mgs2C;Z?T(mI6Qwm>F?#@w)Za-65+|7D`nl0&R+IoYLW?3s=b-{G^}v*uVg3 z@mT(CMdQ>yeD~XUXbN8G=CZJ{v0b{9lyH75o^K%_)l)nE?zrRo;m{mxaN14A*0DIU zb4+IF@FMvss~Rz)OOBQJSHII{0@CFrN9kN;i&QH2e}jlFKynulTy?=UxPF$sE8}4Z1K}x8t~Fh zI;C^6iYP-pb#T}k$h{XYXd>sl@(x&Skpy7T>jQ|VY@sy+vaZ^gN``X^3sg)L-ckXu zuDzHQ-nrGA@w&NR%ggt-7yHpdlA@xSy%^}~D1{lC9znjE)8(gsps(*=KRGn?wsET5 zZEJ30Lx_JF==X{Wh~lI!96C?)CHmN9T?cq)(cskz_-MY-lYGa=ikNo)Ys&)EV*%-oBw#f)_4{Fpq z62)NGx#i{MTs?_Ex(<=x2eVS=sZqW@+;y15sq)&Mw zQ;(xV`%_x(6|gAVJ=~DJK^}XH48zI<{&q!bFDk zluH?2z8>EJX)ZMr2=F&YNKYjZ7fH1XSiG4=poK~en`5vQ#EFV2EGW*h<#T@AlArzw z>}tCJ548x)S5^QlLYu%;3@<}M2R_W$-br%wz-$*_NcuP8LGhNV>Ji3Qk-9(yXn)V7bKp;P`R@}X+W z(9lrq6>S-|?w+2gdNhuMtF?6}Ml?o)RD=wR$0!7JcS`q|^*6zq{lC8}95k|GKtD`S zr^BJnH7FV}uJJs8FoudZa3xhe1Ar!WP`i>yu~a!*kdDkw@;!VsyvNPk+n6WTNoasX z+6RN-jqj-TJop#P?(J)s2?_)wIWUcBI+KHSTmg7RdVE=aXqwsc4&L>9F9zk*x8cl7 z_e!ps1K87OwO^~w`TF>r+_CCW!8D-+oM|D7YinzYzjYu#e-gQQQ{8<{XDjJ-*|^`> z>TZpH<3I(1>v5XSf@7u2`wQgNXd#mC`1!;XUQsAuJ`MAS&_ck%53oXFIgE|mPe$hn zF}{Y2)X17t+FlIAD^(v>Rq=6pk6$Fs$V8~_PKN_zcve;xw1o+pDkcSLeMntVSXS+ z@l`NT0-!)3Ac|qRAjjX17l`h=n8xVCh2OK%GIpyT&{5% z5mSyk!g`sh*{T#zaI(+6`j4&T@pPm-AKfeYlSOTv!^~{QcJnVlL;$%Isy_-Jc!@Gs`<$IN22)LMN-8>~2K-vxjX+Vo#lwiEV)XLvV-@M-bP}>ZrATMz2w&<6>XdZ7-`qID?9cile>t zjJE~AAeC{RkfCETdVl%-yrH}tN={n(CCfwD@%ZM!6(J5^Jojq0bSe^68bMrTab@{R zk6-vc>W>No4mlZ%eneUcfU=r5sOVT|z@NS;{so2S=i55%r+=pn_4?%Sek_e)DqE?< zqF=fuxkgHE2{!?c&M}(}I+DSP_27hfOLHOXOkFBJ`lNd03lM!C& zTN^a#m8K*4siJ7qTIfN@E{p##N-Cx>+xS~b(8NpvV)sQpwsXM{sv-VXLNIT z)?U`@knXdTo(8fzRfl(Bm09uQtp&&!y~J@Ys#Nx2mXDQ)fl@xl_93l?5*1 z?A>){*x#wA4D)TA0-ALD2R>CvF9sM^Xc3|9FE-G;Cw}{duHEv`b;{tah29LXK3J7X zvi#iG*k}%80A)n0!DqV=81&Qq=}2h!QRiS0s%8Bbe6Pa!213!))AwB#p#JUb?4X50 zK1O>51ry@orr!uTp|)V+&#iV}@Qa~1B|D_raFx;FJdC^oL~&Nu<&^H=g2GHL$#mS* z-T+=DlR)Kj-eLjNnwFNJ?s)(=IWqOqz~<#_#J8IVRw}$!Md@k}q(%xm8K7jTgL_(g zaI4wXh1nt{#KgoTB!Vf;*F6LXdfTdZ-c!ozQQINyhuGAPgZPxr?j9D^GLJ;N;1?3V zC^7w;wzUaR{xVH_?QusfDlz?vZIlTJWsk~iuF}0iA$u^QAg@UYLl8u0?;dYy@|-UV zBm?Aa9Ja=V1>RC!v%*6MFf;UBOVfF$kp&p~?c29VY+p9c7iCVSOP8QF+mu~ui|d}> zvx>fT4y6aJ2-ZRMl-v{b>65i98>=oa55a*YP&Lgp5+LsMJATco^+RYOSR*SjC1v8z zpP+sQGHe|IbiWHk#1VuGVjHwmf&Sy12$D(7yG~@gm1hyHRSXmqXyOTkm)@T4&Gnzi z$K|%5j{4FZC(nHu&ZIOqruHHx3Q+ifJ{vXYdAj?rl^E^vrkyOT8L#i=?!|ICXd9KE z7gqd+250SN<-5epGr`IzI#ki||@a1P5r4$x!fco5ZPVMnvlyj%B0CCT5pD%^j|TZA;TdkFL# zh_J*i9`WnH+0Chn{i3Us9X#Bv#J9Zd0~vHiz>y z0WY#teP7yo#CTLN1Lte90Fepv2AFfuZAyNnyd=T zw7e^di|y9`R1Xdgg8B>HV998mQ!3BtVq*l3J~zSE!ExS$!gG>9k1uUutous<3nH>r zN$jb3687ovjVmatfoM%$`mhCMQ05MEDUfF~TL<(E44~R3b-nGFMWC8fXv6OF(tR1V zrt9kuU_Fp3HS}8SyA1Y{;boKWu2XwQxD&a0uXyj^k>DUu1phqzP&hxy*!aCwWMxL? z^y=}LKQPANgJ%gWNLi1eFOF8Te(?g>Uwwi2^`uj%^U(dwZMs5xtTv}u`XSVw#pyD; z)>aU6SSH?tLJ95bNUvl4SBjtjw3~mbW(5^KK~v7{A3;NKi2v$N^6u)Ts^O8}zmLz^ zd?5H!>;1bdF0r$-Gche9K4mCS0Aw3dfpMWrYvs{pU4eLLi7RSqz^r-(ymWux{yUH< z6{hIw*UuXSRs&=Q0JLFYVW2`KXf{j(oD9sM3SbRSSC`hnA$EP?S`>BSJ5NF;%o)m^ zs6|Cv$BLwk@3>AM2G%vhd}k8>RWSx=s`MP{?eNYXaMSoXQe5?;G_4O%WHW8Aqe5mj z;Gf)_PC*|ZqE+wcBkdw|m-O?1Eb%_xRAmVe^`8tRxEdr!U!@yS_q0su>tw6ShBYE$z6M9j%B>h;C0{~!`t*I z-1E?Lz}@9gA~U9>yjWpGSudBv#1({kJ*322LE~v%Hio{+u6FtLrneLU_##ux2{Q>o z$*nn~%YjBz<30rXec{@*oIRWfi#qCWwhN9sW)hHot{9j*4cpuo7&F*I3Z-1I4M*`3RPjY715vOo(lhO3ye zr0rh7zj&lfPug$==fb;NB$0TDcWbd@L86<+;&Mq{L87#kjFu%2_t&31dEz1bEW%b` z!HL4_j<4kVha{e+ZczUQZleq~Y&8n@8GB0tB**~v9wK#KMtD~xuR+`_1 z%O%4$jFr9Yf1;Y=OmTNsS({XCSnJN6JDQpX{BNscXhg+xRWg{^*ua-Exu?%}v3BC@ z_+TqH_iCx(xb_pNeEsJoqiB`-7s_I%#(Kt0X=z787*X(;joYjXjIZA0jBW#ci!+)e zkr5@!QgO?Q?jk*;eh|$U9o;=Vq!A=5kJuGITYq^G#e!si2g>?Y0w%^|;AM1hE<8ij zsRF*s?gxk7r<|UWK-PTVi`-8(Hf)Ox2=M;qJF&Z3i(ew6E}|gBQ{am;G&Ga~p00-G z)w&!*+tt6d2piC2)sm1=z;pKK)tQT=>AcQtK73$*`6JUe^84>9Qxx=c(cRunu6s$e z_I{s*Kh36z%s5w-m6iEGctE;3Idn=y8OWt*XX%2-n7tsLyXk#;d~kBK2Y4sG1KU7Q z7xBuGxB=tX0YI=vCFt(A(o#^b^A;Buy(>Qh1Gc#MOqY(3A&xI_IQoMxVW7PieOT6@ z6@bmdsSm&+&(6+vb=`?d>D^EO!V~B6cX>u6UmRaj7wEe3?%QqF;{DRT<9^tP$ohe$ z(^&X815HG8g9N8a(A*HO(oc&L%tlWCA`T~_*Y9xAcnWP$$P;^&IsDMGrnIyapbyl0 z?YlQY&7}1REJvEdsnmRIeA~_8WuUQ;;F;4?6oFm8AvhqH>TwJ^5EAn9(qD2(ye<;YGK=FM z^3xm191C{7(3{REumGuv5W9d&AkDlHY*-B{BIS3k$0?J?4W@xDzoFv+p3-UU_e~X_ z%x^9U9l(|TQ$zF^KYVB>^&#q|Zwo_WR$Wf;4-WEbxiBBbvo;kK|G%~^<2Wnc*#Asf zv<(~F6Sd#I?Sgol{N{1U9;j--LN)2@jP|n@xWn!L_s_o6@Yba_y}fsnx`wXnxumKQ zcM@mmf>Q$822p0Pqb)lA0?)(e&)_}U%eX)gslrRA&lhJcew*10Y^1vH?tG!0qygeg zKaa2jD~DEfn(~rk=bnch^PgX5($aC|S`+YlS^bL|S%2*-)+TCSiZX-sL0Z5AspJZd zxJ}$1NsvU_%@g0h?*x~ktt;RKu;_rA8^VCX;x6HUi9z1S~F3=l%~W&7TdK;}zn#(hIx@09+l+MD{OQx? z^*sq@3Lz~-5r|Wn<9zK59CyPEN!p6RFa#T3gPSHq{swR9+B(hhXkJe8p-0py_+3Dr zQ2xZgz%V>Cgy6UpuT}n1KkwqpSSg0D+bm2>xWRz(TBbMIeU7R3$iI8AJ1joK0qLEE z8xm~1z+*#WV`C#D;JNSc(>qj+>$pOEAc_j+_xoq`h%cJ$NmQ2F|q&$P0A1 zTv0>-t#ghskF~=4Ij(-It_C0sq25rU{bbv3MRYHgI1HaexoR%OSV2Kp!HkPLQ6Y`#ZOw%l8Cx;eN@S!?dHZW*KPwjby+Mqyi z9I8x29gP=99$o^uMOOAj$*6^;B}hXX8&hBaUEDirH^r}EyYnb!4bMB~id*ZJ1&%Yj zJK~|2!9Q0ltLeTT-_AlW7o($Awu6VqrK)pP*wgbkOt5Al#Ld($>ea12{R6cj(a(30 zYMjx$bY#GIySW_z31)kOdE*U=$rqNKOI)YYqSo!fxuvw=iew=b&3lXK1g97T<3hY| zxSzmJy^;bh`dt0IYcGk7nq6g1!Isi$Rtz2g`}nZcjVR_wAz833OfTTk7@s7ph|$bDp~>m>W))`Rv=o+k(NW@Psz7q+ad7$mm2Vc zXC8EgBNvd1-P}ekN_xwN(cho`X`B6LE)tqf=s2P{bzKghkEoM2B zXf1xWTUHAU7__})*Rym(lfSe6{H(?eIXNna%j+|3XcM?XSV#!OB_z5(NJ~gaSc)>M zhi(!lg|(X>9&dGX{07HgdM~f8aY%7$Px?__uYbT{VJ2oJH7{P_t~QhJcraUt562?( z4T)VJjRYhZ$ywjBmKS1#@srkIEglpYEi#n=lqL$mZ4&Nlcr|dFHO>ycBsdt{?j%yD zfbjuMf4J!o^zi}rXgCBdb2txxWKXWXdYmfAHT#Y0W2@hkIdO}fCkB+cX-0qj0_z$8 z(P#Q`8rT(8ZHL!Oor=%H7^!90sIKcwZ|)x+9zu(Le0<#06xeRQUEbSo%txms-s5l(H{z22Z(5BI>&Ghz5Oq8<%j zU@N(@>8g_oP8OiwHm6%__y2~qx3{mQ<8dG54O;QU-h^AXvcmtYT)kQZyq}K>l{xR` z>vOaz{kXDsoqBnGuGlQKDfDL=+`MM9gf5GHebF#Bs|QeNy=&R;U_l8?oW%JFeCU5( zXxrZacH7$8z?~GyD*cV23Y(e6F6X%qs@-K8QoYwm3J7=-Y@CG^avMDAy5~j&Acw)0 zidBR(B^>A~6G8tlN^o5Zu_v0c_oHR^rmYTme!<9strVAOB~W<;}mWeqhsi>q<8Y32is1*`1x8 z;7!}To}IQU=Ci$USB6b>{V~h|3|fKzyES{Z{gi@}RjSziPXrj3bM-ncwt(h=3YlBU zaCRm-Vm%_cVO;e>N_XBBln%5I@Egb8K9VeN)ws=y8LRMQKT+LH7SOR04r);C1E?s%$ z)1w>=HXWZ+nZMt7wSlP@&6k<%PJhnKc?r~kJGK7~j(2yzfwOjJ>Ef@qAh3i~c)zQF zLh19b{Yp|&(zR>Xdg4$od6<=Ae!1YuZ@)~$ou%eFT)2qqt%O!3s7Un>zd=9XR%&DZM91zXAWHYN!02FrG>T4tUAOC=bnDaLr*5m=n z59BMk8KZZab6_ZfV`zw;&p(O`;Je5Dwy0~g65o7^0&H=9!)VvzOk8>W7gZBRodsZ- zZ!|3&4zq$`1x}jKa~ssr?u)(!_d>t@@fs6hVd2fe2PWVz0wVhg4JmIJ2OZX_+m+aY zXZpnfF26K*>#OG-rQ+YdZE0y)xb@mi=FiMbrg0%i5pf!XHy_gYD{wF$Wa;r;&cF3+ zjktlpxR3$;idE~rdYZ(OTuKptWw0T)!17!mz>8KRa7sn&TwYbi@oWnOR06gM{X7mF z;$d<<)!6nxo1O*y+sQI_-(2Ag-*J2_W94n92;3)_jCy|rNHJgv%>*XNIdqBs z3a3|MaCZIX!P}+vUUKvJz@c^`a`(%oD@#0xi8H4j-v&^JS!eoIm{&N-_(mRzeqa+n zVg?2*ii!deVibV%Xyh>PQ&V0@uRsEIU_myg)g=uX84#YOyK>rv9}W zuE^oFpet0K-rj$#O4A?Re5D!Hw2mHGJD*9g5=pQXNsAWvw8tUns^^gA^DA?_dtl&A zFGe~4g0aMQ#_r*@PsG10tHk_I%kiRT8tM0WPevyYBMSWH;5j~@@c9X(skJ!d5O8)@ z6cwRTWRYghM^?_UTcEPB>EqPEq#Uhw6P!$rlEK~%v?X|tY%TlA zV(l$?-8wyqgO?lqh}(-f%?Qh?cJ&srV72 z_p}y=(LxKhk~oml3ylP{wY0#I91naOk7@2&cI2&|{M8bM>=Yw~j9$;(QA?6w>hJiG zksz1o4HiiI;`!UboX4Ug=$G*wgaP$negS)fx1;0N`MAwXxq4D!V$ioBaut|BKY1aZ zq|8fEP0QhN+eiMu(;J3xSSYzhgFD;(bZKR~I6rl3F{ce#iRmq7__CV{;wXa!`Xl~( zBi>D1F<_cMO#nv#_5Am5Pw;{Ly9w&c2}vv>47~oflJBAN2at^4Wb`PTJ`i#k{qyH^ zCRQ7eYW>MtD@Kt`9f?SlxbXGD*eVP=rVUSW5t@6|=*Z;3^w^@3Qw96Md)$%gdxwLo z&PrXN)WCdFShM}f;SMN?U^z&!hn-6NpNg9){Z!Z z+Wivfs0REEvge#)JN4zDmXVQnkOU-IgoF{F#zseRcY)u8lPvvHZ6)6(3z;Oo12|Ix zJX{%m-nPBi#8g#>rHOPl+7@anJr`$Z6648gsMXw$dYW0#eoTG}6lKu3q%Vkpc$YT_ z^c1JpfOZWdo4X7fF{5dZP(iySf-5d9Fl9 zkTNNaC=;-T=sbooE^ZnyyTqG#!;l(%7~#_Hku&w*O;@xSfO{}ltUcH9fFV2CRg4Jr z-x1w;Cp`z!;Kpzje5@CPfKlqYSA-9Y+AV0oEfl8yDhq7X0Lv}y36@fU6U!&mqXZqy z?Ukni6(Bp0{Kr0aF7NnXyA;_j<}Ksm;_~yaN45qu%R&x3 z-rodj%++nX@C7t8kv_*yq(0R6oO$!p2bhKgu!eTHg#Lypt+pjA(L?}s9kU=3fVaW8 zF#F*)m;lU*L2Fm$RB%*<(W&$~s1r`lz+Rz;ja*v>1JBNmlll9*UZKv!M~P13^?qLS zW2@Ru+qZ8GUn*kRxCoVayBfPhJ%p3eO+^#{6po!8^}k-$9ei2S_+~SXr=&t4gXu(P zv=rsw3_m6t+VY7s7l1)bCnqN>D=TN`w;zj{2Gdlg&@jkSHU`V}ZONEd#lW68PROqp z?09Np>d|VBGhJ+Fx%Cm&CE$|}R|%*`8WzHY^8e0l-0!>lx@Pk^Oi}<%2AVM-93b8E z^`DfCYGu>bi~;`;O_ADK1^k${{D~-ngkMk)3N4*p>fi;Ez1NLP9~8VU;U)B9=uZDZ z;cRHYb8V2FzZ~BIFcf6(o&io4%8ZK=nKm$-8r%re%Hm1+mNB>t;GF@sebMo)#^vo< zyt%d85$hzBIFdPYRNf!Ip;oWrqHfXqGw8LUh-eGUz^<&4fte4n8G?PzLRnZ?c+S^% zA4@8eQ)eqJkbM@m;x5Z}Kux^dQk(Nf81vJQNpxy#(5V<@^rrUR!Tj{Le{zzdYuk7! z943GoUW10%s&U=o?3EgEb5(fb|Mvn|Z7k~00?!X4O6Mk!(_^G)1twj0;^14_qY&SWr-^yh3w#czwsNnpeKcFj&*Z zxJ_Oio06};40x-5QF)fdbIDVVs+K5xfA^R83=&ddpgE$F8gFr-`6#E}&!U9%zFazy zX8J2om2otFtVqQuie~BQwIK^QXDq>MW=QEb2jo+c47g5 zUS0p<3_=_HF@!0P! zDPRf$yQ3v4+#r>l%;W3P?Odz7AwxSE?uy2az=FqjG;#mVEBH1qD1C_9d4|i9*0#Kk zzXG%{FCAc8%HYOTXCPmp=U5pjhT`|LtE+b_xPAS^`wY}2$f#>;1@&muI(T>udFcYr z{rB6hGEjf*?CfCTQ1;tmA-L7S^{z8f1E!Bq<p5TNqew znzq9vfM$6)R$XuIpX+y^;JW95uK+50lDSV1-1;!n9R)_WoWaCEn%j%}EIEQyrL0uUzG*hKI=t}kf^&vO z%1I+vZ!PX4B2*b?0)(@giHZCp<7f*9A z;t&lbO!Rpw8E&l=Q6X3A%2HUNq1b4#d#c=z`EJ-pNljkw^~8Bbs?9rU0zbZL>w%s! zSAMza?S^p3c15|H#SsXh<4a9p(#UnCFONpp85g78!1SQnJH?NRVD<&4Ij9GspDQDl z0~ON%R|hF_PzGm!qmupt!8CI16&DO8;_8F{Oio(*!fK~i3Ouf(+Uv-fFYa(En7yZ$ ztlqV6aS7G_urGr68ChR~P<#hmj%&5CYpVy73lPKB*5n^9+WiEKgVNT1`9?AgXngQ$ zFza9>{Aj*X(ye)a15aygd+PmbbbsgO=W9<7pXUg{Y@pC2o4ofiOls1lE8@d2ScWVT zMsfn$)M7MTKLtsSj*!FxOofECb>Lr*mSF>{ooj_kMsbQIWge|6-o8?s1xh%NOWNBLXbKgL* z0OrRJ#Ti{EKDFtZ>A=O0RK~yiAWVvWfoOVGOH&gjx4kvQ9_52Y0va57j(-+Qe>}WhT|saQQjak3k)*udEX?nYB0Z)|eAXs(r<8!~B-{ zE%lcwblvG11P5!-Ng42w3_a2AnzI^XL z;J*EmdYtO`oX>e**Y&zyujj!AiU?%T=>$VelL76*oqo!`7EX<4k!arlB?daq(E?o7 zm&%}MW1${FuKynNsxm;6$Qf8Ai9zokcg?16g|{gP77It%f$fSD0GR~ByANBPfmhgQ$*@677G3s=`jV@++?+oKn2BhCLfMuMVW%62}gJzmKj8*9?{1) z6Oh$$B5=!Y!rd8~0%9917oc}X!nv6sP^*&p#3UpY)TjsDyR}3VlPA3q`&I`P0P zY4sl63cn*-6- zb`+!dl?qE3G2*7JY08Zo`}Y>4P#O31syiGSD5Ab)W@op!Eq;gD%+3#o@2aK;!lCpf zg!%|s1j@Qz-GrF9_%ttL{a4^5!G7=x7F<_b6a1yaF&Ymg^1z8~%uS}Xd-)UNHX;M> zbK1ZvEqFeGD}jfHcO=0j=!J=jmLW$zy|0TxrGY~uu=nI%Yg~e0OpYaACeN&^knvj` zh;$NCDc#PnL!aI=X%qZiJpTnef$hS-{N~IpO^P8QFBr9kVj1f%NPHd`W&)iHIvT9b z2Y2Du|1zBcpxBxP9^Y1FeZ3<{jUNTFAzBDZ)HmtJD0GQ0BnailYz1KT;or9H1!uF5 zr6n45^2NRsD=Vv}{0Xe2VBHQXo)B+#I>2qNj2yJ%MaTCD7LQ_-@C0Wv$ch!%S1@`(c6%9ya1e$razoF+iVF8SNHK(C;mXweKMHX4 zD@I^!h22T!FJNB4rN5u40w;;SfdNF8vDEW*I8e_+a^b?)3Mk$)=Qa!2?<6w|kj5=M zHSv$W38q#c3EfA4Xa6ZFIjU@i9!m4h;Ed@i1EhouE8!nP$%DQkpN43jBIR!<#q(Co z)wKN&t{L4}DEk0gB31_PaC<+Td{3oBa^$t}=Ec}b7x-y!kE5=`f^N>?obHs(-u>yvK+t}#3dU_DcqZ`XrVTmEdKA~@Dk3&KKK$!BJ@Rq5* zz7R~*kf^q7FchVWVF}whL=L)PdIrIIGyy+`iOw$19rSW2XmDQv0|^$G>5Bi{rL_?` zY7Za^2cAcmx6_zrPjVi$nqnQ|_};DW0`+>D-420)rn>h-suF83^S)1%Z~ z58-8SOcP=kFf)Ef_h8HxS`z0X?L9j?gG0oPWjhvM#~*^m+gn@t(YL%>fml?mwf9Bw zIgT@;4|0a2mI=V3fMr-jOU2Z7B)6TUyC%m=x+0QOj1LCi!M^9U-bQ(y?R;)6^4a422RXx^RR)B{t@yXd-!$`F=i-F(Nnz7 z7)^;{f|HaUoC^?H04pLRA*yPtsU#mCgnJ1LvyP_Fn(+%`zRkDMukZU1KF-X@Xo5o! zj%uYX-&xgY+uz{1v9SJ1i~h@V>5gbwi!B|BU&oIhKR}REP*CtEoj(=Z^Aw@}oK15f*+vtY#r>&I5pU|7y&95S6_qDLL#52wg$xXi+M z0KO8CUoenYP(pMLKAX@651T7g1|1^<%tz?4zBD(BN=RJ6NjCGz)4@#Fq)SQ|9hWlc zJBtU&#%aniQ))eWVkaYnVGOlQhMQ zsxgQ54zmrn%wATc+F$ZCvlL7w(6Fz2ysm#Pr2wPBLk@YjiaGf$4DsI|HOPp65$y`4 zO9ZCtb3yB91tL3|u+JNrg6fA>3Dp7g+c-B!Oj-Ln?XGZylNbfOKN0A8EP{Ll18SfQ zcB#v~c;Wx>%{Xt{~+pL?pTu?7bg>_B4U0= zwvbNiv1X8s!TR*LZKf?9`yQKtMAO^3%%28i6XxmwumRnIK{b zo*YG6kLDx+V)E$|N6D%Zb-i~N8NdXD77Fp?k8iP-u*Ptl_Zp49P*jRU`cagG*=6$2CuYA(62OfD1@$~YBD&7f_j$+6;h|8JMq_ndUD%wVH%-{p z6v1yHH?v}Pzb!CHneP=m!Fsnf>wtkl*D~SAlB$IL4da?|Bn$)=s1BQ>m0;5hotO&N zpe;QGhaA*LpqjMdZRRuLOkFmD%d)kKkW{r;E1Lca!uK$$D4uLPBqS41iF(}}{R*SX z*AEK)WUDWSY|$mn%@z}Sm+c!S|AUFaL9oyOdLa--!1p;9l}SBNsR zq(Yy4iI@tS`*?PF1)imOutY@2fP=E#O`6xU>rv4wb->gl&A~1nPMaRU>4oAUTa77mS_Z+843Pl$5UD}uMj||RNgsV$XFy80W@I&t zYa~Nk1ed0Cx7}w-0?q3|N-4Yu&W)+cOcaYddWe^s?0U!ko>uc(1rlP{%6T84StuVk zYw!~XV)pJsJ_uU<+eO*=gHukU$1P}EM6eYqLjfU#2?esVO-+i6_kXoq(=;Tn_7fXj zW)j9(KTgYs$WVu{{Md{ z8OKQ;ydTnujRd$4Am8g!Fy@A=45OY=s6+mn6dfxq>EDfgDi!``i6z@uQ6`ja)X;^$ zVK{SgecbNf@aMIx{(Amx9;*@EZMjHgIRqPB2-A`bHxqgY`C;Hb^5bd-IyO2{P~8}( z$C6L3yTQ}l%dJ-37=ug?k=B};p|LSiXP|1)>m~E$470|MPpvfGCFV)+auD=Stehh;q30H|^Ba z6ex+ffsd=uBe%CM$Haj*VSO-b-=J0gM)Au%%B_DD4%s4|%Y_2hpwHxPa5nA(`{;+n z3ioo>!=jtQI*&CWoDOt^pwnq@K#$bu|D1P~x&_1y8!r?AjyK8!7@1jF{%3ph2L}f` z4#FPi6`DR?*_M-+=H$<&xFE1uD zk>7sCM%~u%$OZYxRuk_yrj>z!m{)GTbUI+N1%@YTXn0|=Ws>i|@VSJXVc5ph zJJJ!BZJ;BpLMF#Rno?C)2eu!OoQD)uB)5Y^af*sxF+%reW1{``H~bWzKYRcRO#@g0 zkB*OftZf+^$}vxO?f*Tw8*eFa1#u|wcP#cxt32T2YY#lSxO^-=({UXAoHq;(^XnDG zHJJhiAYh!@)bZ}=jMUe}o}8nOYF%8H%6V7Nb-D;>#4>VoA=B;EoTF9`?H2^x!AQKN z6OmL5ySGd%&&~e82l^(yRTx;n%mIF-Vgbr}x$s--u2TJyV0&>bO2;8+5U(YFN=lg4 z5oR|+o{w#AZ*HbO@Kqlp9+E#r26SAXuxu7km3a?3@7!-PLIc5;+q6aK{{0V4O>Fd1 ziy=}YQV~HH{Ah%QiZ1xU+sZTsT!#h;X()tQs={7k&;f zC_#$yhqVE)cQ6Hqe>;&!g4r@gGwu(5V_6~{07kO%@}6R2CBA?4iWGRNR04c_&p?o= zi+zvO_)npa?U@Hd%ByQk%04pSCq*s&oQFuKX0*ioOpOoW1BhDXWM@N%Zkb@k>#I7Fa?ge+jOQKy;p8Txi;qj>Ps9d}^2V4;9vZT@9HzupCTG zJUwqP<_2ofHy%tZEO1`J*WRm2r`lx8R~F=8%=`ACzJBmHQ;`Xrpc8)buc(nFJ3G#r ziuHz-eCU4F4UW#vzqBD>@UqV)Pa;r6R1`|#&=x3AP$KIWVOZ++g&>Z_r<`0@ByOQB z;4ANPF5D>-zm?od^4KGpdZrj%=XOW;>gZN8OW)75dF)pXi6B!YmE{v4*7Gk7sj2SO z*6DKvI62;*0#$J6?7iUS)XWSwX{_<(k7lWH0P!N7V;wxH^8T&qeVZH*<)C47f?DTe0 z)~aW9Iw+-}p=GMPC_K;gVBhwPi(qK_&goZu&iho(SLglnJ{zmyJJar=*iE@qNsnZs z(H-g-dWQR6pYbX5RHmDvzbgUzDaME#y&=h=74plT0aRWo7o4zu@r{A1UXq zQv8y?8=gUjOAV1`IfvNKM?grBUj%83A6~%I@!X(oR=V1U-E28(WVjfUT{bp08o5O4 z8(_%jvBs{P52_0%b$JvV{AFqzmDQl{I5wIx5iDRHd zb#}^qC;0j6qSgsL2l8Mu^8h$b=M>}v%;m6c-mwaN&_LbwX9NrnH~o!4rgiM7|2Hcs zx%v1sy&sKUHW^xhUMW8QmMlBl`0>$^K;dPp=s&G($a}ICKx!WhCg76nU7izNdM=Ap zOQQxvMHnWP?(^hRR60vLzjvM#)~y z=hyW4vnh8vW3nRLAf1-3oITCiEoGCg%FjNYNt3cIioB%IS+>yE+BQYERn=V3Wa+AUhJ$&eVRkS=qDPmio8ps3xr(U2skS@6V?o89!FO;^I|n?$}@c? ztlS1kIrZ}g6IBiP=jhw_M96~EAbq*= z4f*D6J4?-Ede!ec(+Fem_J zQq)rH;Q`$bCn=E_V)BFADi?K^tO>HO!tk3jXwRV_p}CX~ok<;b9Qu+C6PnMsSTM#& z?btfpdpwrR=`W9c&iE)U1p0>tb;@nRPkRZ$!3GIb$pvO?sQterBNQQZmaS5zFw!;oG#B`dkEk>zLm z?EE(wGgY1)TW&7P|Ow0((!Z6S)mCf#!;=~S!ev13U z@638H=8tgGIM2f*4NqDx&0v0;ecu?4Y#>nx$LybPzA^^HzJGFC!cwbc| z>3X)g}EsaE7Vk8IAC^7t}Ht8+(k`{HJJW_#41dtiq9IFo^}fQ zvHXU$;byGe`?8IQ2UT)GQf0z4iP~dW2h$|!FdIOLglzd+ooCI{*RBQMLzW!fW>;M? znmmXqpB7hC#IC;w8_4Ix*1sID%Pybkbh5WoEJ>`Sz7>7R%o_I@siw`g(paB4GGfvn zV;YO}eecINOB>xBp;hc07F4UV^kj8=@J70ov{%D}{1a6B><0wND_+9iZsaYgHO2?+ zL*aK7Qc+D(G4K<`**{~fS!67W7$P{W#Y3h{a4G-!W6VTs=j3#` z_9hW#l(o}~i}Ukq9A2LdZ+0n0*SzaZe0}T!bci`w+EURSVe*jSbzey_}7CjKwsU#rh9c2WVlK$On4&%T5t}R(&@uN zD7HXV2j&5&@C%#Kj@qQzW8 zEIf_&8Vo;}bT3qa9zOx`-*oWOQ;7!}x+Yb(E`yjXM03Me;3guZ_ zBx7V8$Gu2mXqE1g!2EECjNal=yrfGR{qI%~Y5G<>u!RHu1^17CHa0j!auiXbaZpa; zEL}t9L{+-hD!LX6HuRWD^HoYU*d_wI=lU&ct-tf@i{K zI$d%C_(UTPZOtbl5thMKrE1zV+&|v}5mdI38^Dxrh5#kcMcP@Ae6k4d8W>>tjQ=#P z8-KO00@-L(>ybCp^-X7$_VXaj@gr!HmNn6$dE?qd6JI@uF}*xIy2<57EClnludg5b zEKb?*{5@7oZ{vWL3HsVky8fhb zL0yG63;d=B9`JvEJHZZ*P00Zc9ozrwTV~M+cx + +#define XYSSL_ERR_MPI_FILE_IO_ERROR -0x0002 +#define XYSSL_ERR_MPI_BAD_INPUT_DATA -0x0004 +#define XYSSL_ERR_MPI_INVALID_CHARACTER -0x0006 +#define XYSSL_ERR_MPI_BUFFER_TOO_SMALL -0x0008 +#define XYSSL_ERR_MPI_NEGATIVE_VALUE -0x000A +#define XYSSL_ERR_MPI_DIVISION_BY_ZERO -0x000C +#define XYSSL_ERR_MPI_NOT_ACCEPTABLE -0x000E + +#define MPI_CHK(f) if( ( ret = f ) != 0 ) goto cleanup + +/* + * Define the base integer type, architecture-wise + */ +#if defined(XYSSL_HAVE_INT8) +typedef unsigned char t_int; +typedef unsigned short t_dbl; +#else +#if defined(XYSSL_HAVE_INT16) +typedef unsigned short t_int; +typedef unsigned long t_dbl; +#else + typedef unsigned long t_int; + #if defined(_MSC_VER) && defined(_M_IX86) + typedef unsigned __int64 t_dbl; + #else + #if defined(__amd64__) || defined(__x86_64__) || \ + defined(__ppc64__) || defined(__powerpc64__) || \ + defined(__ia64__) || defined(__alpha__) + typedef unsigned int t_dbl __attribute__((mode(TI))); + #else + typedef unsigned long long t_dbl; + #endif + #endif +#endif +#endif + +/** + * \brief MPI structure + */ +typedef struct +{ + int s; /*!< integer sign */ + int n; /*!< total # of limbs */ + t_int *p; /*!< pointer to limbs */ +} +mpi; + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief Initialize one or more mpi + */ +void mpi_init( mpi *X, ... ); + +/** + * \brief Unallocate one or more mpi + */ +void mpi_free( mpi *X, ... ); + +/** + * \brief Enlarge to the specified number of limbs + * + * \return 0 if successful, + * 1 if memory allocation failed + */ +int mpi_grow( mpi *X, int nblimbs ); + +/** + * \brief Copy the contents of Y into X + * + * \return 0 if successful, + * 1 if memory allocation failed + */ +int mpi_copy( mpi *X, mpi *Y ); + +/** + * \brief Swap the contents of X and Y + */ +void mpi_swap( mpi *X, mpi *Y ); + +/** + * \brief Set value from integer + * + * \return 0 if successful, + * 1 if memory allocation failed + */ +int mpi_lset( mpi *X, int z ); + +/** + * \brief Return the number of least significant bits + */ +int mpi_lsb( mpi *X ); + +/** + * \brief Return the number of most significant bits + */ +int mpi_msb( mpi *X ); + +/** + * \brief Return the total size in bytes + */ +int mpi_size( mpi *X ); + +/** + * \brief Import from an ASCII string + * + * \param X destination mpi + * \param radix input numeric base + * \param s null-terminated string buffer + * + * \return 0 if successful, or an XYSSL_ERR_MPI_XXX error code + */ +int mpi_read_string( mpi *X, int radix, char *s ); + +/** + * \brief Export into an ASCII string + * + * \param X source mpi + * \param radix output numeric base + * \param s string buffer + * \param slen string buffer size + * + * \return 0 if successful, or an XYSSL_ERR_MPI_XXX error code + * + * \note Call this function with *slen = 0 to obtain the + * minimum required buffer size in *slen. + */ +int mpi_write_string( mpi *X, int radix, char *s, int *slen ); + +/** + * \brief Read X from an opened file + * + * \param X destination mpi + * \param radix input numeric base + * \param fin input file handle + * + * \return 0 if successful, or an XYSSL_ERR_MPI_XXX error code + */ +int mpi_read_file( mpi *X, int radix, FILE *fin ); + +/** + * \brief Write X into an opened file, or stdout + * + * \param p prefix, can be NULL + * \param X source mpi + * \param radix output numeric base + * \param fout output file handle + * + * \return 0 if successful, or an XYSSL_ERR_MPI_XXX error code + * + * \note Set fout == NULL to print X on the console. + */ +int mpi_write_file( char *p, mpi *X, int radix, FILE *fout ); + +/** + * \brief Import X from unsigned binary data, big endian + * + * \param X destination mpi + * \param buf input buffer + * \param buflen input buffer size + * + * \return 0 if successful, + * 1 if memory allocation failed + */ +int mpi_read_binary( mpi *X, unsigned char *buf, int buflen ); + +/** + * \brief Export X into unsigned binary data, big endian + * + * \param X source mpi + * \param buf output buffer + * \param buflen output buffer size + * + * \return 0 if successful, + * XYSSL_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough + * + * \note Call this function with *buflen = 0 to obtain the + * minimum required buffer size in *buflen. + */ +int mpi_write_binary( mpi *X, unsigned char *buf, int buflen ); + +/** + * \brief Left-shift: X <<= count + * + * \return 0 if successful, + * 1 if memory allocation failed + */ +int mpi_shift_l( mpi *X, int count ); + +/** + * \brief Right-shift: X >>= count + * + * \return 0 if successful, + * 1 if memory allocation failed + */ +int mpi_shift_r( mpi *X, int count ); + +/** + * \brief Compare unsigned values + * + * \return 1 if |X| is greater than |Y|, + * -1 if |X| is lesser than |Y| or + * 0 if |X| is equal to |Y| + */ +int mpi_cmp_abs( mpi *X, mpi *Y ); + +/** + * \brief Compare signed values + * + * \return 1 if X is greater than Y, + * -1 if X is lesser than Y or + * 0 if X is equal to Y + */ +int mpi_cmp_mpi( mpi *X, mpi *Y ); + +/** + * \brief Compare signed values + * + * \return 1 if X is greater than z, + * -1 if X is lesser than z or + * 0 if X is equal to z + */ +int mpi_cmp_int( mpi *X, int z ); + +/** + * \brief Unsigned addition: X = |A| + |B| + * + * \return 0 if successful, + * 1 if memory allocation failed + */ +int mpi_add_abs( mpi *X, mpi *A, mpi *B ); + +/** + * \brief Unsigned substraction: X = |A| - |B| + * + * \return 0 if successful, + * XYSSL_ERR_MPI_NEGATIVE_VALUE if B is greater than A + */ +int mpi_sub_abs( mpi *X, mpi *A, mpi *B ); + +/** + * \brief Signed addition: X = A + B + * + * \return 0 if successful, + * 1 if memory allocation failed + */ +int mpi_add_mpi( mpi *X, mpi *A, mpi *B ); + +/** + * \brief Signed substraction: X = A - B + * + * \return 0 if successful, + * 1 if memory allocation failed + */ +int mpi_sub_mpi( mpi *X, mpi *A, mpi *B ); + +/** + * \brief Signed addition: X = A + b + * + * \return 0 if successful, + * 1 if memory allocation failed + */ +int mpi_add_int( mpi *X, mpi *A, int b ); + +/** + * \brief Signed substraction: X = A - b + * + * \return 0 if successful, + * 1 if memory allocation failed + */ +int mpi_sub_int( mpi *X, mpi *A, int b ); + +/** + * \brief Baseline multiplication: X = A * B + * + * \return 0 if successful, + * 1 if memory allocation failed + */ +int mpi_mul_mpi( mpi *X, mpi *A, mpi *B ); + +/** + * \brief Baseline multiplication: X = A * b + * + * \return 0 if successful, + * 1 if memory allocation failed + */ +int mpi_mul_int( mpi *X, mpi *A, t_int b ); + +/** + * \brief Division by mpi: A = Q * B + R + * + * \return 0 if successful, + * 1 if memory allocation failed, + * XYSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0 + * + * \note Either Q or R can be NULL. + */ +int mpi_div_mpi( mpi *Q, mpi *R, mpi *A, mpi *B ); + +/** + * \brief Division by int: A = Q * b + R + * + * \return 0 if successful, + * 1 if memory allocation failed, + * XYSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0 + * + * \note Either Q or R can be NULL. + */ +int mpi_div_int( mpi *Q, mpi *R, mpi *A, int b ); + +/** + * \brief Modulo: R = A mod B + * + * \return 0 if successful, + * 1 if memory allocation failed, + * XYSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0 + */ +int mpi_mod_mpi( mpi *R, mpi *A, mpi *B ); + +/** + * \brief Modulo: r = A mod b + * + * \return 0 if successful, + * 1 if memory allocation failed, + * XYSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0 + */ +int mpi_mod_int( t_int *r, mpi *A, int b ); + +/** + * \brief Sliding-window exponentiation: X = A^E mod N + * + * \return 0 if successful, + * 1 if memory allocation failed, + * XYSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or even + * + * \note _RR is used to avoid re-computing R*R mod N across + * multiple calls, which speeds up things a bit. It can + * be set to NULL if the extra performance is unneeded. + */ +int mpi_exp_mod( mpi *X, mpi *A, mpi *E, mpi *N, mpi *_RR ); + +/** + * \brief Greatest common divisor: G = gcd(A, B) + * + * \return 0 if successful, + * 1 if memory allocation failed + */ +int mpi_gcd( mpi *G, mpi *A, mpi *B ); + +/** + * \brief Modular inverse: X = A^-1 mod N + * + * \return 0 if successful, + * 1 if memory allocation failed, + * XYSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or nil + * XYSSL_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N + */ +int mpi_inv_mod( mpi *X, mpi *A, mpi *N ); + +/** + * \brief Miller-Rabin primality test + * + * \return 0 if successful (probably prime), + * 1 if memory allocation failed, + * XYSSL_ERR_MPI_NOT_ACCEPTABLE if X is not prime + */ +int mpi_is_prime( mpi *X, int (*f_rng)(void *), void *p_rng ); + +/** + * \brief Prime number generation + * + * \param X destination mpi + * \param nbits required size of X in bits + * \param dh_flag if 1, then (X-1)/2 will be prime too + * \param f_rng RNG function + * \param p_rng RNG parameter + * + * \return 0 if successful (probably prime), + * 1 if memory allocation failed, + * XYSSL_ERR_MPI_BAD_INPUT_DATA if nbits is < 3 + */ +int mpi_gen_prime( mpi *X, int nbits, int dh_flag, + int (*f_rng)(void *), void *p_rng ); + +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int mpi_self_test( int verbose ); + +#ifdef __cplusplus +} +#endif + +#endif /* bignum.h */ diff --git a/include/polarssl/bn_mul.h b/include/polarssl/bn_mul.h new file mode 100644 index 000000000..4213e74f1 --- /dev/null +++ b/include/polarssl/bn_mul.h @@ -0,0 +1,700 @@ +/** + * \file bn_mul.h + */ +/* + * Multiply source vector [s] with b, add result + * to destination vector [d] and set carry c. + * + * Currently supports: + * + * . IA-32 (386+) . AMD64 / EM64T + * . IA-32 (SSE2) . Motorola 68000 + * . PowerPC, 32-bit . MicroBlaze + * . PowerPC, 64-bit . TriCore + * . SPARC v8 . ARM v3+ + * . Alpha . MIPS32 + * . C, longlong . C, generic + */ +#ifndef XYSSL_BN_MUL_H +#define XYSSL_BN_MUL_H + +#include "xyssl/config.h" + +#if defined(XYSSL_HAVE_ASM) + +#if defined(__GNUC__) +#if defined(__i386__) + +#define MULADDC_INIT \ + asm( "movl %%ebx, %0 " : "=m" (t)); \ + asm( "movl %0, %%esi " :: "m" (s)); \ + asm( "movl %0, %%edi " :: "m" (d)); \ + asm( "movl %0, %%ecx " :: "m" (c)); \ + asm( "movl %0, %%ebx " :: "m" (b)); + +#define MULADDC_CORE \ + asm( "lodsl " ); \ + asm( "mull %ebx " ); \ + asm( "addl %ecx, %eax " ); \ + asm( "adcl $0, %edx " ); \ + asm( "addl (%edi), %eax " ); \ + asm( "adcl $0, %edx " ); \ + asm( "movl %edx, %ecx " ); \ + asm( "stosl " ); + +#if defined(XYSSL_HAVE_SSE2) + +#define MULADDC_HUIT \ + asm( "movd %ecx, %mm1 " ); \ + asm( "movd %ebx, %mm0 " ); \ + asm( "movd (%edi), %mm3 " ); \ + asm( "paddq %mm3, %mm1 " ); \ + asm( "movd (%esi), %mm2 " ); \ + asm( "pmuludq %mm0, %mm2 " ); \ + asm( "movd 4(%esi), %mm4 " ); \ + asm( "pmuludq %mm0, %mm4 " ); \ + asm( "movd 8(%esi), %mm6 " ); \ + asm( "pmuludq %mm0, %mm6 " ); \ + asm( "movd 12(%esi), %mm7 " ); \ + asm( "pmuludq %mm0, %mm7 " ); \ + asm( "paddq %mm2, %mm1 " ); \ + asm( "movd 4(%edi), %mm3 " ); \ + asm( "paddq %mm4, %mm3 " ); \ + asm( "movd 8(%edi), %mm5 " ); \ + asm( "paddq %mm6, %mm5 " ); \ + asm( "movd 12(%edi), %mm4 " ); \ + asm( "paddq %mm4, %mm7 " ); \ + asm( "movd %mm1, (%edi) " ); \ + asm( "movd 16(%esi), %mm2 " ); \ + asm( "pmuludq %mm0, %mm2 " ); \ + asm( "psrlq $32, %mm1 " ); \ + asm( "movd 20(%esi), %mm4 " ); \ + asm( "pmuludq %mm0, %mm4 " ); \ + asm( "paddq %mm3, %mm1 " ); \ + asm( "movd 24(%esi), %mm6 " ); \ + asm( "pmuludq %mm0, %mm6 " ); \ + asm( "movd %mm1, 4(%edi) " ); \ + asm( "psrlq $32, %mm1 " ); \ + asm( "movd 28(%esi), %mm3 " ); \ + asm( "pmuludq %mm0, %mm3 " ); \ + asm( "paddq %mm5, %mm1 " ); \ + asm( "movd 16(%edi), %mm5 " ); \ + asm( "paddq %mm5, %mm2 " ); \ + asm( "movd %mm1, 8(%edi) " ); \ + asm( "psrlq $32, %mm1 " ); \ + asm( "paddq %mm7, %mm1 " ); \ + asm( "movd 20(%edi), %mm5 " ); \ + asm( "paddq %mm5, %mm4 " ); \ + asm( "movd %mm1, 12(%edi) " ); \ + asm( "psrlq $32, %mm1 " ); \ + asm( "paddq %mm2, %mm1 " ); \ + asm( "movd 24(%edi), %mm5 " ); \ + asm( "paddq %mm5, %mm6 " ); \ + asm( "movd %mm1, 16(%edi) " ); \ + asm( "psrlq $32, %mm1 " ); \ + asm( "paddq %mm4, %mm1 " ); \ + asm( "movd 28(%edi), %mm5 " ); \ + asm( "paddq %mm5, %mm3 " ); \ + asm( "movd %mm1, 20(%edi) " ); \ + asm( "psrlq $32, %mm1 " ); \ + asm( "paddq %mm6, %mm1 " ); \ + asm( "movd %mm1, 24(%edi) " ); \ + asm( "psrlq $32, %mm1 " ); \ + asm( "paddq %mm3, %mm1 " ); \ + asm( "movd %mm1, 28(%edi) " ); \ + asm( "addl $32, %edi " ); \ + asm( "addl $32, %esi " ); \ + asm( "psrlq $32, %mm1 " ); \ + asm( "movd %mm1, %ecx " ); + +#define MULADDC_STOP \ + asm( "emms " ); \ + asm( "movl %0, %%ebx " :: "m" (t)); \ + asm( "movl %%ecx, %0 " : "=m" (c)); \ + asm( "movl %%edi, %0 " : "=m" (d)); \ + asm( "movl %%esi, %0 " : "=m" (s) :: \ + "eax", "ecx", "edx", "esi", "edi" ); + +#else + +#define MULADDC_STOP \ + asm( "movl %0, %%ebx " :: "m" (t)); \ + asm( "movl %%ecx, %0 " : "=m" (c)); \ + asm( "movl %%edi, %0 " : "=m" (d)); \ + asm( "movl %%esi, %0 " : "=m" (s) :: \ + "eax", "ecx", "edx", "esi", "edi" ); + +#endif /* SSE2 */ +#endif /* i386 */ + +#if defined(__amd64__) || defined (__x86_64__) + +#define MULADDC_INIT \ + asm( "movq %0, %%rsi " :: "m" (s)); \ + asm( "movq %0, %%rdi " :: "m" (d)); \ + asm( "movq %0, %%rcx " :: "m" (c)); \ + asm( "movq %0, %%rbx " :: "m" (b)); \ + asm( "xorq %r8, %r8 " ); + +#define MULADDC_CORE \ + asm( "movq (%rsi),%rax " ); \ + asm( "mulq %rbx " ); \ + asm( "addq $8, %rsi " ); \ + asm( "addq %rcx, %rax " ); \ + asm( "movq %r8, %rcx " ); \ + asm( "adcq $0, %rdx " ); \ + asm( "nop " ); \ + asm( "addq %rax, (%rdi) " ); \ + asm( "adcq %rdx, %rcx " ); \ + asm( "addq $8, %rdi " ); + +#define MULADDC_STOP \ + asm( "movq %%rcx, %0 " : "=m" (c)); \ + asm( "movq %%rdi, %0 " : "=m" (d)); \ + asm( "movq %%rsi, %0 " : "=m" (s) :: \ + "rax", "rcx", "rdx", "rbx", "rsi", "rdi", "r8" ); + +#endif /* AMD64 */ + +#if defined(__mc68020__) || defined(__mcpu32__) + +#define MULADDC_INIT \ + asm( "movl %0, %%a2 " :: "m" (s)); \ + asm( "movl %0, %%a3 " :: "m" (d)); \ + asm( "movl %0, %%d3 " :: "m" (c)); \ + asm( "movl %0, %%d2 " :: "m" (b)); \ + asm( "moveq #0, %d0 " ); + +#define MULADDC_CORE \ + asm( "movel %a2@+, %d1 " ); \ + asm( "mulul %d2, %d4:%d1 " ); \ + asm( "addl %d3, %d1 " ); \ + asm( "addxl %d0, %d4 " ); \ + asm( "moveq #0, %d3 " ); \ + asm( "addl %d1, %a3@+ " ); \ + asm( "addxl %d4, %d3 " ); + +#define MULADDC_STOP \ + asm( "movl %%d3, %0 " : "=m" (c)); \ + asm( "movl %%a3, %0 " : "=m" (d)); \ + asm( "movl %%a2, %0 " : "=m" (s) :: \ + "d0", "d1", "d2", "d3", "d4", "a2", "a3" ); + +#define MULADDC_HUIT \ + asm( "movel %a2@+, %d1 " ); \ + asm( "mulul %d2, %d4:%d1 " ); \ + asm( "addxl %d3, %d1 " ); \ + asm( "addxl %d0, %d4 " ); \ + asm( "addl %d1, %a3@+ " ); \ + asm( "movel %a2@+, %d1 " ); \ + asm( "mulul %d2, %d3:%d1 " ); \ + asm( "addxl %d4, %d1 " ); \ + asm( "addxl %d0, %d3 " ); \ + asm( "addl %d1, %a3@+ " ); \ + asm( "movel %a2@+, %d1 " ); \ + asm( "mulul %d2, %d4:%d1 " ); \ + asm( "addxl %d3, %d1 " ); \ + asm( "addxl %d0, %d4 " ); \ + asm( "addl %d1, %a3@+ " ); \ + asm( "movel %a2@+, %d1 " ); \ + asm( "mulul %d2, %d3:%d1 " ); \ + asm( "addxl %d4, %d1 " ); \ + asm( "addxl %d0, %d3 " ); \ + asm( "addl %d1, %a3@+ " ); \ + asm( "movel %a2@+, %d1 " ); \ + asm( "mulul %d2, %d4:%d1 " ); \ + asm( "addxl %d3, %d1 " ); \ + asm( "addxl %d0, %d4 " ); \ + asm( "addl %d1, %a3@+ " ); \ + asm( "movel %a2@+, %d1 " ); \ + asm( "mulul %d2, %d3:%d1 " ); \ + asm( "addxl %d4, %d1 " ); \ + asm( "addxl %d0, %d3 " ); \ + asm( "addl %d1, %a3@+ " ); \ + asm( "movel %a2@+, %d1 " ); \ + asm( "mulul %d2, %d4:%d1 " ); \ + asm( "addxl %d3, %d1 " ); \ + asm( "addxl %d0, %d4 " ); \ + asm( "addl %d1, %a3@+ " ); \ + asm( "movel %a2@+, %d1 " ); \ + asm( "mulul %d2, %d3:%d1 " ); \ + asm( "addxl %d4, %d1 " ); \ + asm( "addxl %d0, %d3 " ); \ + asm( "addl %d1, %a3@+ " ); \ + asm( "addxl %d0, %d3 " ); + +#endif /* MC68000 */ + +#if defined(__powerpc__) || defined(__ppc__) +#if defined(__powerpc64__) || defined(__ppc64__) + +#if defined(__MACH__) && defined(__APPLE__) + +#define MULADDC_INIT \ + asm( "ld r3, %0 " :: "m" (s)); \ + asm( "ld r4, %0 " :: "m" (d)); \ + asm( "ld r5, %0 " :: "m" (c)); \ + asm( "ld r6, %0 " :: "m" (b)); \ + asm( "addi r3, r3, -8 " ); \ + asm( "addi r4, r4, -8 " ); \ + asm( "addic r5, r5, 0 " ); + +#define MULADDC_CORE \ + asm( "ldu r7, 8(r3) " ); \ + asm( "mulld r8, r7, r6 " ); \ + asm( "mulhdu r9, r7, r6 " ); \ + asm( "adde r8, r8, r5 " ); \ + asm( "ld r7, 8(r4) " ); \ + asm( "addze r5, r9 " ); \ + asm( "addc r8, r8, r7 " ); \ + asm( "stdu r8, 8(r4) " ); + +#define MULADDC_STOP \ + asm( "addze r5, r5 " ); \ + asm( "addi r4, r4, 8 " ); \ + asm( "addi r3, r3, 8 " ); \ + asm( "std r5, %0 " : "=m" (c)); \ + asm( "std r4, %0 " : "=m" (d)); \ + asm( "std r3, %0 " : "=m" (s) :: \ + "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); + +#else + +#define MULADDC_INIT \ + asm( "ld %%r3, %0 " :: "m" (s)); \ + asm( "ld %%r4, %0 " :: "m" (d)); \ + asm( "ld %%r5, %0 " :: "m" (c)); \ + asm( "ld %%r6, %0 " :: "m" (b)); \ + asm( "addi %r3, %r3, -8 " ); \ + asm( "addi %r4, %r4, -8 " ); \ + asm( "addic %r5, %r5, 0 " ); + +#define MULADDC_CORE \ + asm( "ldu %r7, 8(%r3) " ); \ + asm( "mulld %r8, %r7, %r6 " ); \ + asm( "mulhdu %r9, %r7, %r6 " ); \ + asm( "adde %r8, %r8, %r5 " ); \ + asm( "ld %r7, 8(%r4) " ); \ + asm( "addze %r5, %r9 " ); \ + asm( "addc %r8, %r8, %r7 " ); \ + asm( "stdu %r8, 8(%r4) " ); + +#define MULADDC_STOP \ + asm( "addze %r5, %r5 " ); \ + asm( "addi %r4, %r4, 8 " ); \ + asm( "addi %r3, %r3, 8 " ); \ + asm( "std %%r5, %0 " : "=m" (c)); \ + asm( "std %%r4, %0 " : "=m" (d)); \ + asm( "std %%r3, %0 " : "=m" (s) :: \ + "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); + +#endif + +#else /* PPC32 */ + +#if defined(__MACH__) && defined(__APPLE__) + +#define MULADDC_INIT \ + asm( "lwz r3, %0 " :: "m" (s)); \ + asm( "lwz r4, %0 " :: "m" (d)); \ + asm( "lwz r5, %0 " :: "m" (c)); \ + asm( "lwz r6, %0 " :: "m" (b)); \ + asm( "addi r3, r3, -4 " ); \ + asm( "addi r4, r4, -4 " ); \ + asm( "addic r5, r5, 0 " ); + +#define MULADDC_CORE \ + asm( "lwzu r7, 4(r3) " ); \ + asm( "mullw r8, r7, r6 " ); \ + asm( "mulhwu r9, r7, r6 " ); \ + asm( "adde r8, r8, r5 " ); \ + asm( "lwz r7, 4(r4) " ); \ + asm( "addze r5, r9 " ); \ + asm( "addc r8, r8, r7 " ); \ + asm( "stwu r8, 4(r4) " ); + +#define MULADDC_STOP \ + asm( "addze r5, r5 " ); \ + asm( "addi r4, r4, 4 " ); \ + asm( "addi r3, r3, 4 " ); \ + asm( "stw r5, %0 " : "=m" (c)); \ + asm( "stw r4, %0 " : "=m" (d)); \ + asm( "stw r3, %0 " : "=m" (s) :: \ + "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); + +#else + +#define MULADDC_INIT \ + asm( "lwz %%r3, %0 " :: "m" (s)); \ + asm( "lwz %%r4, %0 " :: "m" (d)); \ + asm( "lwz %%r5, %0 " :: "m" (c)); \ + asm( "lwz %%r6, %0 " :: "m" (b)); \ + asm( "addi %r3, %r3, -4 " ); \ + asm( "addi %r4, %r4, -4 " ); \ + asm( "addic %r5, %r5, 0 " ); + +#define MULADDC_CORE \ + asm( "lwzu %r7, 4(%r3) " ); \ + asm( "mullw %r8, %r7, %r6 " ); \ + asm( "mulhwu %r9, %r7, %r6 " ); \ + asm( "adde %r8, %r8, %r5 " ); \ + asm( "lwz %r7, 4(%r4) " ); \ + asm( "addze %r5, %r9 " ); \ + asm( "addc %r8, %r8, %r7 " ); \ + asm( "stwu %r8, 4(%r4) " ); + +#define MULADDC_STOP \ + asm( "addze %r5, %r5 " ); \ + asm( "addi %r4, %r4, 4 " ); \ + asm( "addi %r3, %r3, 4 " ); \ + asm( "stw %%r5, %0 " : "=m" (c)); \ + asm( "stw %%r4, %0 " : "=m" (d)); \ + asm( "stw %%r3, %0 " : "=m" (s) :: \ + "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); + +#endif + +#endif /* PPC32 */ +#endif /* PPC64 */ + +#if defined(__sparc__) + +#define MULADDC_INIT \ + asm( "ld %0, %%o0 " :: "m" (s)); \ + asm( "ld %0, %%o1 " :: "m" (d)); \ + asm( "ld %0, %%o2 " :: "m" (c)); \ + asm( "ld %0, %%o3 " :: "m" (b)); + +#define MULADDC_CORE \ + asm( "ld [%o0], %o4 " ); \ + asm( "inc 4, %o0 " ); \ + asm( "ld [%o1], %o5 " ); \ + asm( "umul %o3, %o4, %o4 " ); \ + asm( "addcc %o4, %o2, %o4 " ); \ + asm( "rd %y, %g1 " ); \ + asm( "addx %g1, 0, %g1 " ); \ + asm( "addcc %o4, %o5, %o4 " ); \ + asm( "st %o4, [%o1] " ); \ + asm( "addx %g1, 0, %o2 " ); \ + asm( "inc 4, %o1 " ); + +#define MULADDC_STOP \ + asm( "st %%o2, %0 " : "=m" (c)); \ + asm( "st %%o1, %0 " : "=m" (d)); \ + asm( "st %%o0, %0 " : "=m" (s) :: \ + "g1", "o0", "o1", "o2", "o3", "o4", "o5" ); + +#endif /* SPARCv8 */ + +#if defined(__microblaze__) || defined(microblaze) + +#define MULADDC_INIT \ + asm( "lwi r3, %0 " :: "m" (s)); \ + asm( "lwi r4, %0 " :: "m" (d)); \ + asm( "lwi r5, %0 " :: "m" (c)); \ + asm( "lwi r6, %0 " :: "m" (b)); \ + asm( "andi r7, r6, 0xffff" ); \ + asm( "bsrli r6, r6, 16 " ); + +#define MULADDC_CORE \ + asm( "lhui r8, r3, 0 " ); \ + asm( "addi r3, r3, 2 " ); \ + asm( "lhui r9, r3, 0 " ); \ + asm( "addi r3, r3, 2 " ); \ + asm( "mul r10, r9, r6 " ); \ + asm( "mul r11, r8, r7 " ); \ + asm( "mul r12, r9, r7 " ); \ + asm( "mul r13, r8, r6 " ); \ + asm( "bsrli r8, r10, 16 " ); \ + asm( "bsrli r9, r11, 16 " ); \ + asm( "add r13, r13, r8 " ); \ + asm( "add r13, r13, r9 " ); \ + asm( "bslli r10, r10, 16 " ); \ + asm( "bslli r11, r11, 16 " ); \ + asm( "add r12, r12, r10 " ); \ + asm( "addc r13, r13, r0 " ); \ + asm( "add r12, r12, r11 " ); \ + asm( "addc r13, r13, r0 " ); \ + asm( "lwi r10, r4, 0 " ); \ + asm( "add r12, r12, r10 " ); \ + asm( "addc r13, r13, r0 " ); \ + asm( "add r12, r12, r5 " ); \ + asm( "addc r5, r13, r0 " ); \ + asm( "swi r12, r4, 0 " ); \ + asm( "addi r4, r4, 4 " ); + +#define MULADDC_STOP \ + asm( "swi r5, %0 " : "=m" (c)); \ + asm( "swi r4, %0 " : "=m" (d)); \ + asm( "swi r3, %0 " : "=m" (s) :: \ + "r3", "r4" , "r5" , "r6" , "r7" , "r8" , \ + "r9", "r10", "r11", "r12", "r13" ); + +#endif /* MicroBlaze */ + +#if defined(__tricore__) + +#define MULADDC_INIT \ + asm( "ld.a %%a2, %0 " :: "m" (s)); \ + asm( "ld.a %%a3, %0 " :: "m" (d)); \ + asm( "ld.w %%d4, %0 " :: "m" (c)); \ + asm( "ld.w %%d1, %0 " :: "m" (b)); \ + asm( "xor %d5, %d5 " ); + +#define MULADDC_CORE \ + asm( "ld.w %d0, [%a2+] " ); \ + asm( "madd.u %e2, %e4, %d0, %d1 " ); \ + asm( "ld.w %d0, [%a3] " ); \ + asm( "addx %d2, %d2, %d0 " ); \ + asm( "addc %d3, %d3, 0 " ); \ + asm( "mov %d4, %d3 " ); \ + asm( "st.w [%a3+], %d2 " ); + +#define MULADDC_STOP \ + asm( "st.w %0, %%d4 " : "=m" (c)); \ + asm( "st.a %0, %%a3 " : "=m" (d)); \ + asm( "st.a %0, %%a2 " : "=m" (s) :: \ + "d0", "d1", "e2", "d4", "a2", "a3" ); + +#endif /* TriCore */ + +#if defined(__arm__) + +#define MULADDC_INIT \ + asm( "ldr r0, %0 " :: "m" (s)); \ + asm( "ldr r1, %0 " :: "m" (d)); \ + asm( "ldr r2, %0 " :: "m" (c)); \ + asm( "ldr r3, %0 " :: "m" (b)); + +#define MULADDC_CORE \ + asm( "ldr r4, [r0], #4 " ); \ + asm( "mov r5, #0 " ); \ + asm( "ldr r6, [r1] " ); \ + asm( "umlal r2, r5, r3, r4 " ); \ + asm( "adds r7, r6, r2 " ); \ + asm( "adc r2, r5, #0 " ); \ + asm( "str r7, [r1], #4 " ); + +#define MULADDC_STOP \ + asm( "str r2, %0 " : "=m" (c)); \ + asm( "str r1, %0 " : "=m" (d)); \ + asm( "str r0, %0 " : "=m" (s) :: \ + "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7" ); + +#endif /* ARMv3 */ + +#if defined(__alpha__) + +#define MULADDC_INIT \ + asm( "ldq $1, %0 " :: "m" (s)); \ + asm( "ldq $2, %0 " :: "m" (d)); \ + asm( "ldq $3, %0 " :: "m" (c)); \ + asm( "ldq $4, %0 " :: "m" (b)); + +#define MULADDC_CORE \ + asm( "ldq $6, 0($1) " ); \ + asm( "addq $1, 8, $1 " ); \ + asm( "mulq $6, $4, $7 " ); \ + asm( "umulh $6, $4, $6 " ); \ + asm( "addq $7, $3, $7 " ); \ + asm( "cmpult $7, $3, $3 " ); \ + asm( "ldq $5, 0($2) " ); \ + asm( "addq $7, $5, $7 " ); \ + asm( "cmpult $7, $5, $5 " ); \ + asm( "stq $7, 0($2) " ); \ + asm( "addq $2, 8, $2 " ); \ + asm( "addq $6, $3, $3 " ); \ + asm( "addq $5, $3, $3 " ); + +#define MULADDC_STOP \ + asm( "stq $3, %0 " : "=m" (c)); \ + asm( "stq $2, %0 " : "=m" (d)); \ + asm( "stq $1, %0 " : "=m" (s) :: \ + "$1", "$2", "$3", "$4", "$5", "$6", "$7" ); + +#endif /* Alpha */ + +#if defined(__mips__) + +#define MULADDC_INIT \ + asm( "lw $10, %0 " :: "m" (s)); \ + asm( "lw $11, %0 " :: "m" (d)); \ + asm( "lw $12, %0 " :: "m" (c)); \ + asm( "lw $13, %0 " :: "m" (b)); + +#define MULADDC_CORE \ + asm( "lw $14, 0($10) " ); \ + asm( "multu $13, $14 " ); \ + asm( "addi $10, $10, 4 " ); \ + asm( "mflo $14 " ); \ + asm( "mfhi $9 " ); \ + asm( "addu $14, $12, $14 " ); \ + asm( "lw $15, 0($11) " ); \ + asm( "sltu $12, $14, $12 " ); \ + asm( "addu $15, $14, $15 " ); \ + asm( "sltu $14, $15, $14 " ); \ + asm( "addu $12, $12, $9 " ); \ + asm( "sw $15, 0($11) " ); \ + asm( "addu $12, $12, $14 " ); \ + asm( "addi $11, $11, 4 " ); + +#define MULADDC_STOP \ + asm( "sw $12, %0 " : "=m" (c)); \ + asm( "sw $11, %0 " : "=m" (d)); \ + asm( "sw $10, %0 " : "=m" (s) :: \ + "$9", "$10", "$11", "$12", "$13", "$14", "$15" ); + +#endif /* MIPS */ +#endif /* GNUC */ + +#if (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__) + +#define MULADDC_INIT \ + __asm mov esi, s \ + __asm mov edi, d \ + __asm mov ecx, c \ + __asm mov ebx, b + +#define MULADDC_CORE \ + __asm lodsd \ + __asm mul ebx \ + __asm add eax, ecx \ + __asm adc edx, 0 \ + __asm add eax, [edi] \ + __asm adc edx, 0 \ + __asm mov ecx, edx \ + __asm stosd + +#if defined(XYSSL_HAVE_SSE2) + +#define EMIT __asm _emit + +#define MULADDC_HUIT \ + EMIT 0x0F EMIT 0x6E EMIT 0xC9 \ + EMIT 0x0F EMIT 0x6E EMIT 0xC3 \ + EMIT 0x0F EMIT 0x6E EMIT 0x1F \ + EMIT 0x0F EMIT 0xD4 EMIT 0xCB \ + EMIT 0x0F EMIT 0x6E EMIT 0x16 \ + EMIT 0x0F EMIT 0xF4 EMIT 0xD0 \ + EMIT 0x0F EMIT 0x6E EMIT 0x66 EMIT 0x04 \ + EMIT 0x0F EMIT 0xF4 EMIT 0xE0 \ + EMIT 0x0F EMIT 0x6E EMIT 0x76 EMIT 0x08 \ + EMIT 0x0F EMIT 0xF4 EMIT 0xF0 \ + EMIT 0x0F EMIT 0x6E EMIT 0x7E EMIT 0x0C \ + EMIT 0x0F EMIT 0xF4 EMIT 0xF8 \ + EMIT 0x0F EMIT 0xD4 EMIT 0xCA \ + EMIT 0x0F EMIT 0x6E EMIT 0x5F EMIT 0x04 \ + EMIT 0x0F EMIT 0xD4 EMIT 0xDC \ + EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x08 \ + EMIT 0x0F EMIT 0xD4 EMIT 0xEE \ + EMIT 0x0F EMIT 0x6E EMIT 0x67 EMIT 0x0C \ + EMIT 0x0F EMIT 0xD4 EMIT 0xFC \ + EMIT 0x0F EMIT 0x7E EMIT 0x0F \ + EMIT 0x0F EMIT 0x6E EMIT 0x56 EMIT 0x10 \ + EMIT 0x0F EMIT 0xF4 EMIT 0xD0 \ + EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ + EMIT 0x0F EMIT 0x6E EMIT 0x66 EMIT 0x14 \ + EMIT 0x0F EMIT 0xF4 EMIT 0xE0 \ + EMIT 0x0F EMIT 0xD4 EMIT 0xCB \ + EMIT 0x0F EMIT 0x6E EMIT 0x76 EMIT 0x18 \ + EMIT 0x0F EMIT 0xF4 EMIT 0xF0 \ + EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x04 \ + EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ + EMIT 0x0F EMIT 0x6E EMIT 0x5E EMIT 0x1C \ + EMIT 0x0F EMIT 0xF4 EMIT 0xD8 \ + EMIT 0x0F EMIT 0xD4 EMIT 0xCD \ + EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x10 \ + EMIT 0x0F EMIT 0xD4 EMIT 0xD5 \ + EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x08 \ + EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ + EMIT 0x0F EMIT 0xD4 EMIT 0xCF \ + EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x14 \ + EMIT 0x0F EMIT 0xD4 EMIT 0xE5 \ + EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x0C \ + EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ + EMIT 0x0F EMIT 0xD4 EMIT 0xCA \ + EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x18 \ + EMIT 0x0F EMIT 0xD4 EMIT 0xF5 \ + EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x10 \ + EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ + EMIT 0x0F EMIT 0xD4 EMIT 0xCC \ + EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x1C \ + EMIT 0x0F EMIT 0xD4 EMIT 0xDD \ + EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x14 \ + EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ + EMIT 0x0F EMIT 0xD4 EMIT 0xCE \ + EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x18 \ + EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ + EMIT 0x0F EMIT 0xD4 EMIT 0xCB \ + EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x1C \ + EMIT 0x83 EMIT 0xC7 EMIT 0x20 \ + EMIT 0x83 EMIT 0xC6 EMIT 0x20 \ + EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ + EMIT 0x0F EMIT 0x7E EMIT 0xC9 + +#define MULADDC_STOP \ + EMIT 0x0F EMIT 0x77 \ + __asm mov c, ecx \ + __asm mov d, edi \ + __asm mov s, esi \ + +#else + +#define MULADDC_STOP \ + __asm mov c, ecx \ + __asm mov d, edi \ + __asm mov s, esi \ + +#endif /* SSE2 */ +#endif /* MSVC */ + +#endif /* XYSSL_HAVE_ASM */ + +#if !defined(MULADDC_CORE) +#if defined(XYSSL_HAVE_LONGLONG) + +#define MULADDC_INIT \ +{ \ + t_dbl r; \ + t_int r0, r1; + +#define MULADDC_CORE \ + r = *(s++) * (t_dbl) b; \ + r0 = r; \ + r1 = r >> biL; \ + r0 += c; r1 += (r0 < c); \ + r0 += *d; r1 += (r0 < *d); \ + c = r1; *(d++) = r0; + +#define MULADDC_STOP \ +} + +#else +#define MULADDC_INIT \ +{ \ + t_int s0, s1, b0, b1; \ + t_int r0, r1, rx, ry; \ + b0 = ( b << biH ) >> biH; \ + b1 = ( b >> biH ); + +#define MULADDC_CORE \ + s0 = ( *s << biH ) >> biH; \ + s1 = ( *s >> biH ); s++; \ + rx = s0 * b1; r0 = s0 * b0; \ + ry = s1 * b0; r1 = s1 * b1; \ + r1 += ( rx >> biH ); \ + r1 += ( ry >> biH ); \ + rx <<= biH; ry <<= biH; \ + r0 += rx; r1 += (r0 < rx); \ + r0 += ry; r1 += (r0 < ry); \ + r0 += c; r1 += (r0 < c); \ + r0 += *d; r1 += (r0 < *d); \ + c = r1; *(d++) = r0; + +#define MULADDC_STOP \ +} + +#endif /* C (generic) */ +#endif /* C (longlong) */ + +#endif /* bn_mul.h */ diff --git a/include/polarssl/certs.h b/include/polarssl/certs.h new file mode 100644 index 000000000..7b91bafbe --- /dev/null +++ b/include/polarssl/certs.h @@ -0,0 +1,24 @@ +/** + * \file certs.h + */ +#ifndef XYSSL_CERTS_H +#define XYSSL_CERTS_H + +#ifdef __cplusplus +extern "C" { +#endif + +extern char test_ca_crt[]; +extern char test_ca_key[]; +extern char test_ca_pwd[]; +extern char test_srv_crt[]; +extern char test_srv_key[]; +extern char test_cli_crt[]; +extern char test_cli_key[]; +extern char xyssl_ca_crt[]; + +#ifdef __cplusplus +} +#endif + +#endif /* certs.h */ diff --git a/include/polarssl/config.h b/include/polarssl/config.h new file mode 100644 index 000000000..f0c760960 --- /dev/null +++ b/include/polarssl/config.h @@ -0,0 +1,284 @@ +/** + * \file config.h + * + * This set of compile-time options may be used to enable + * or disable features selectively, and reduce the global + * memory footprint. + */ +#ifndef XYSSL_CONFIG_H +#define XYSSL_CONFIG_H + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +/* + * Uncomment if native integers are 8-bit wide. + * +#define XYSSL_HAVE_INT8 + */ + +/* + * Uncomment if native integers are 16-bit wide. + * +#define XYSSL_HAVE_INT16 + */ + +/* + * Uncomment if the compiler supports long long. + * +#define XYSSL_HAVE_LONGLONG + */ + +/* + * Uncomment to enable the use of assembly code. + */ +#define XYSSL_HAVE_ASM + +/* + * Uncomment if the CPU supports SSE2 (IA-32 specific). + * +#define XYSSL_HAVE_SSE2 + */ + +/* + * Enable all SSL/TLS debugging messages. + */ +#define XYSSL_DEBUG_MSG + +/* + * Enable the checkup functions (*_self_test). + */ +#define XYSSL_SELF_TEST + +/* + * Enable the prime-number generation code. + */ +#define XYSSL_GENPRIME + +/* + * Uncomment this macro to store the AES tables in ROM. + * +#define XYSSL_AES_ROM_TABLES + */ + +/* + * Module: library/aes.c + * Caller: library/ssl_tls.c + * + * This module enables the following ciphersuites: + * SSL_RSA_AES_128_SHA + * SSL_RSA_AES_256_SHA + * SSL_EDH_RSA_AES_256_SHA + */ +#define XYSSL_AES_C + +/* + * Module: library/arc4.c + * Caller: library/ssl_tls.c + * + * This module enables the following ciphersuites: + * SSL_RSA_RC4_128_MD5 + * SSL_RSA_RC4_128_SHA + */ +#define XYSSL_ARC4_C + +/* + * Module: library/base64.c + * Caller: library/x509parse.c + * + * This module is required for X.509 support. + */ +#define XYSSL_BASE64_C + +/* + * Module: library/bignum.c + * Caller: library/dhm.c + * library/rsa.c + * library/ssl_tls.c + * library/x509parse.c + * + * This module is required for RSA and DHM support. + */ +#define XYSSL_BIGNUM_C + +/* + * Module: library/certs.c + * Caller: + * + * This module is used for testing (ssl_client/server). + */ +#define XYSSL_CERTS_C + +/* + * Module: library/debug.c + * Caller: library/ssl_cli.c + * library/ssl_srv.c + * library/ssl_tls.c + * + * This module provides debugging functions. + */ +#define XYSSL_DEBUG_C + +/* + * Module: library/des.c + * Caller: library/ssl_tls.c + * + * This module enables the following ciphersuites: + * SSL_RSA_DES_168_SHA + * SSL_EDH_RSA_DES_168_SHA + */ +#define XYSSL_DES_C + +/* + * Module: library/dhm.c + * Caller: library/ssl_cli.c + * library/ssl_srv.c + * + * This module enables the following ciphersuites: + * SSL_EDH_RSA_DES_168_SHA + * SSL_EDH_RSA_AES_256_SHA + */ +#define XYSSL_DHM_C + +/* + * Module: library/havege.c + * Caller: + * + * This module enables the HAVEGE random number generator. + */ +#define XYSSL_HAVEGE_C + +/* + * Module: library/md2.c + * Caller: library/x509parse.c + * + * Uncomment to enable support for (rare) MD2-signed X.509 certs. + * +#define XYSSL_MD2_C + */ + +/* + * Module: library/md4.c + * Caller: library/x509parse.c + * + * Uncomment to enable support for (rare) MD4-signed X.509 certs. + * +#define XYSSL_MD4_C + */ + +/* + * Module: library/md5.c + * Caller: library/ssl_tls.c + * library/x509parse.c + * + * This module is required for SSL/TLS and X.509. + */ +#define XYSSL_MD5_C + +/* + * Module: library/net.c + * Caller: + * + * This module provides TCP/IP networking routines. + */ +#define XYSSL_NET_C + +/* + * Module: library/padlock.c + * Caller: library/aes.c + * + * This modules adds support for the VIA PadLock on x86. + */ +#define XYSSL_PADLOCK_C + +/* + * Module: library/rsa.c + * Caller: library/ssl_cli.c + * library/ssl_srv.c + * library/ssl_tls.c + * library/x509.c + * + * This module is required for SSL/TLS and MD5-signed certificates. + */ +#define XYSSL_RSA_C + +/* + * Module: library/sha1.c + * Caller: library/ssl_cli.c + * library/ssl_srv.c + * library/ssl_tls.c + * library/x509parse.c + * + * This module is required for SSL/TLS and SHA1-signed certificates. + */ +#define XYSSL_SHA1_C + +/* + * Module: library/sha2.c + * Caller: + * + * This module adds support for SHA-224 and SHA-256. + */ +#define XYSSL_SHA2_C + +/* + * Module: library/sha4.c + * Caller: + * + * This module adds support for SHA-384 and SHA-512. + */ +#define XYSSL_SHA4_C + +/* + * Module: library/ssl_cli.c + * Caller: + * + * This module is required for SSL/TLS client support. + */ +#define XYSSL_SSL_CLI_C + +/* + * Module: library/ssl_srv.c + * Caller: + * + * This module is required for SSL/TLS server support. + */ +#define XYSSL_SSL_SRV_C + +/* + * Module: library/ssl_tls.c + * Caller: library/ssl_cli.c + * library/ssl_srv.c + * + * This module is required for SSL/TLS. + */ +#define XYSSL_SSL_TLS_C + +/* + * Module: library/timing.c + * Caller: library/havege.c + * + * This module is used by the HAVEGE random number generator. + */ +#define XYSSL_TIMING_C + +/* + * Module: library/x509parse.c + * Caller: library/ssl_cli.c + * library/ssl_srv.c + * library/ssl_tls.c + * + * This module is required for X.509 certificate parsing. + */ +#define XYSSL_X509_PARSE_C + +/* + * Module: library/x509_write.c + * Caller: + * + * This module is required for X.509 certificate writing. + */ +#define XYSSL_X509_WRITE_C + +#endif /* config.h */ diff --git a/include/polarssl/debug.h b/include/polarssl/debug.h new file mode 100644 index 000000000..1ffb0ecee --- /dev/null +++ b/include/polarssl/debug.h @@ -0,0 +1,63 @@ +/** + * \file debug.h + */ +#ifndef SSL_DEBUG_H +#define SSL_DEBUG_H + +#include "xyssl/config.h" +#include "xyssl/ssl.h" + +#if defined(XYSSL_DEBUG_MSG) + +#define SSL_DEBUG_MSG( level, args ) \ + debug_print_msg( ssl, level, __FILE__, __LINE__, debug_fmt args ); + +#define SSL_DEBUG_RET( level, text, ret ) \ + debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret ); + +#define SSL_DEBUG_BUF( level, text, buf, len ) \ + debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len ); + +#define SSL_DEBUG_MPI( level, text, X ) \ + debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X ); + +#define SSL_DEBUG_CRT( level, text, crt ) \ + debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt ); + +#else + +#define SSL_DEBUG_MSG( level, args ) do { } while( 0 ) +#define SSL_DEBUG_RET( level, text, ret ) do { } while( 0 ) +#define SSL_DEBUG_BUF( level, text, buf, len ) do { } while( 0 ) +#define SSL_DEBUG_MPI( level, text, X ) do { } while( 0 ) +#define SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 ) + +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +char *debug_fmt( const char *format, ... ); + +void debug_print_msg( ssl_context *ssl, int level, + char *file, int line, char *text ); + +void debug_print_ret( ssl_context *ssl, int level, + char *file, int line, char *text, int ret ); + +void debug_print_buf( ssl_context *ssl, int level, + char *file, int line, char *text, + unsigned char *buf, int len ); + +void debug_print_mpi( ssl_context *ssl, int level, + char *file, int line, char *text, mpi *X ); + +void debug_print_crt( ssl_context *ssl, int level, + char *file, int line, char *text, x509_cert *crt ); + +#ifdef __cplusplus +} +#endif + +#endif /* debug.h */ diff --git a/include/polarssl/des.h b/include/polarssl/des.h new file mode 100644 index 000000000..f118eac4e --- /dev/null +++ b/include/polarssl/des.h @@ -0,0 +1,149 @@ +/** + * \file des.h + */ +#ifndef XYSSL_DES_H +#define XYSSL_DES_H + +#define DES_ENCRYPT 1 +#define DES_DECRYPT 0 + +/** + * \brief DES context structure + */ +typedef struct +{ + int mode; /*!< encrypt/decrypt */ + unsigned long sk[32]; /*!< DES subkeys */ +} +des_context; + +/** + * \brief Triple-DES context structure + */ +typedef struct +{ + int mode; /*!< encrypt/decrypt */ + unsigned long sk[96]; /*!< 3DES subkeys */ +} +des3_context; + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief DES key schedule (56-bit, encryption) + * + * \param ctx DES context to be initialized + * \param key 8-byte secret key + */ +void des_setkey_enc( des_context *ctx, unsigned char key[8] ); + +/** + * \brief DES key schedule (56-bit, decryption) + * + * \param ctx DES context to be initialized + * \param key 8-byte secret key + */ +void des_setkey_dec( des_context *ctx, unsigned char key[8] ); + +/** + * \brief Triple-DES key schedule (112-bit, encryption) + * + * \param ctx 3DES context to be initialized + * \param key 16-byte secret key + */ +void des3_set2key_enc( des3_context *ctx, unsigned char key[16] ); + +/** + * \brief Triple-DES key schedule (112-bit, decryption) + * + * \param ctx 3DES context to be initialized + * \param key 16-byte secret key + */ +void des3_set2key_dec( des3_context *ctx, unsigned char key[16] ); + +/** + * \brief Triple-DES key schedule (168-bit, encryption) + * + * \param ctx 3DES context to be initialized + * \param key 24-byte secret key + */ +void des3_set3key_enc( des3_context *ctx, unsigned char key[24] ); + +/** + * \brief Triple-DES key schedule (168-bit, decryption) + * + * \param ctx 3DES context to be initialized + * \param key 24-byte secret key + */ +void des3_set3key_dec( des3_context *ctx, unsigned char key[24] ); + +/** + * \brief DES-ECB block encryption/decryption + * + * \param ctx DES context + * \param input 64-bit input block + * \param output 64-bit output block + */ +void des_crypt_ecb( des_context *ctx, + unsigned char input[8], + unsigned char output[8] ); + +/** + * \brief DES-CBC buffer encryption/decryption + * + * \param ctx DES context + * \param mode DES_ENCRYPT or DES_DECRYPT + * \param length length of the input data + * \param iv initialization vector (updated after use) + * \param input buffer holding the input data + * \param output buffer holding the output data + */ +void des_crypt_cbc( des_context *ctx, + int mode, + int length, + unsigned char iv[8], + unsigned char *input, + unsigned char *output ); + +/** + * \brief 3DES-ECB block encryption/decryption + * + * \param ctx 3DES context + * \param input 64-bit input block + * \param output 64-bit output block + */ +void des3_crypt_ecb( des3_context *ctx, + unsigned char input[8], + unsigned char output[8] ); + +/** + * \brief 3DES-CBC buffer encryption/decryption + * + * \param ctx 3DES context + * \param mode DES_ENCRYPT or DES_DECRYPT + * \param length length of the input data + * \param iv initialization vector (updated after use) + * \param input buffer holding the input data + * \param output buffer holding the output data + */ +void des3_crypt_cbc( des3_context *ctx, + int mode, + int length, + unsigned char iv[8], + unsigned char *input, + unsigned char *output ); + +/* + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int des_self_test( int verbose ); + +#ifdef __cplusplus +} +#endif + +#endif /* des.h */ diff --git a/include/polarssl/dhm.h b/include/polarssl/dhm.h new file mode 100644 index 000000000..127d626ca --- /dev/null +++ b/include/polarssl/dhm.h @@ -0,0 +1,122 @@ +/** + * \file dhm.h + */ +#ifndef XYSSL_DHM_H +#define XYSSL_DHM_H + +#include "xyssl/bignum.h" + +#define XYSSL_ERR_DHM_BAD_INPUT_DATA -0x0480 +#define XYSSL_ERR_DHM_READ_PARAMS_FAILED -0x0490 +#define XYSSL_ERR_DHM_MAKE_PARAMS_FAILED -0x04A0 +#define XYSSL_ERR_DHM_READ_PUBLIC_FAILED -0x04B0 +#define XYSSL_ERR_DHM_MAKE_PUBLIC_FAILED -0x04C0 +#define XYSSL_ERR_DHM_CALC_SECRET_FAILED -0x04D0 + +typedef struct +{ + int len; /*!< size(P) in chars */ + mpi P; /*!< prime modulus */ + mpi G; /*!< generator */ + mpi X; /*!< secret value */ + mpi GX; /*!< self = G^X mod P */ + mpi GY; /*!< peer = G^Y mod P */ + mpi K; /*!< key = GY^X mod P */ + mpi RP; /*!< cached R^2 mod P */ +} +dhm_context; + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief Parse the ServerKeyExchange parameters + * + * \param ctx DHM context + * \param p &(start of input buffer) + * \param end end of buffer + * + * \return 0 if successful, or an XYSSL_ERR_DHM_XXX error code + */ +int dhm_read_params( dhm_context *ctx, + unsigned char **p, + unsigned char *end ); + +/** + * \brief Setup and write the ServerKeyExchange parameters + * + * \param ctx DHM context + * \param x_size private value size in bits + * \param output destination buffer + * \param olen number of chars written + * \param f_rng RNG function + * \param p_rng RNG parameter + * + * \note This function assumes that ctx->P and ctx->G + * have already been properly set (for example + * using mpi_read_string or mpi_read_binary). + * + * \return 0 if successful, or an XYSSL_ERR_DHM_XXX error code + */ +int dhm_make_params( dhm_context *ctx, int s_size, + unsigned char *output, int *olen, + int (*f_rng)(void *), void *p_rng ); + +/** + * \brief Import the peer's public value G^Y + * + * \param ctx DHM context + * \param input input buffer + * \param ilen size of buffer + * + * \return 0 if successful, or an XYSSL_ERR_DHM_XXX error code + */ +int dhm_read_public( dhm_context *ctx, + unsigned char *input, int ilen ); + +/** + * \brief Create own private value X and export G^X + * + * \param ctx DHM context + * \param x_size private value size in bits + * \param output destination buffer + * \param olen must be equal to ctx->P.len + * \param f_rng RNG function + * \param p_rng RNG parameter + * + * \return 0 if successful, or an XYSSL_ERR_DHM_XXX error code + */ +int dhm_make_public( dhm_context *ctx, int s_size, + unsigned char *output, int olen, + int (*f_rng)(void *), void *p_rng ); + +/** + * \brief Derive and export the shared secret (G^Y)^X mod P + * + * \param ctx DHM context + * \param output destination buffer + * \param olen number of chars written + * + * \return 0 if successful, or an XYSSL_ERR_DHM_XXX error code + */ +int dhm_calc_secret( dhm_context *ctx, + unsigned char *output, int *olen ); + +/* + * \brief Free the components of a DHM key + */ +void dhm_free( dhm_context *ctx ); + +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int dhm_self_test( int verbose ); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/polarssl/havege.h b/include/polarssl/havege.h new file mode 100644 index 000000000..3ad84b4a7 --- /dev/null +++ b/include/polarssl/havege.h @@ -0,0 +1,44 @@ +/** + * \file havege.h + */ +#ifndef XYSSL_HAVEGE_H +#define XYSSL_HAVEGE_H + +#define COLLECT_SIZE 1024 + +/** + * \brief HAVEGE state structure + */ +typedef struct +{ + int PT1, PT2, offset[2]; + int pool[COLLECT_SIZE]; + int WALK[8192]; +} +havege_state; + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief HAVEGE initialization + * + * \param hs HAVEGE state to be initialized + */ +void havege_init( havege_state *hs ); + +/** + * \brief HAVEGE rand function + * + * \param rng_st points to an HAVEGE state + * + * \return A random int + */ +int havege_rand( void *p_rng ); + +#ifdef __cplusplus +} +#endif + +#endif /* havege.h */ diff --git a/include/polarssl/md2.h b/include/polarssl/md2.h new file mode 100644 index 000000000..c3034835f --- /dev/null +++ b/include/polarssl/md2.h @@ -0,0 +1,120 @@ +/** + * \file md2.h + */ +#ifndef XYSSL_MD2_H +#define XYSSL_MD2_H + +/** + * \brief MD2 context structure + */ +typedef struct +{ + unsigned char cksum[16]; /*!< checksum of the data block */ + unsigned char state[48]; /*!< intermediate digest state */ + unsigned char buffer[16]; /*!< data block being processed */ + + unsigned char ipad[64]; /*!< HMAC: inner padding */ + unsigned char opad[64]; /*!< HMAC: outer padding */ + int left; /*!< amount of data in buffer */ +} +md2_context; + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief MD2 context setup + * + * \param ctx context to be initialized + */ +void md2_starts( md2_context *ctx ); + +/** + * \brief MD2 process buffer + * + * \param ctx MD2 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void md2_update( md2_context *ctx, unsigned char *input, int ilen ); + +/** + * \brief MD2 final digest + * + * \param ctx MD2 context + * \param output MD2 checksum result + */ +void md2_finish( md2_context *ctx, unsigned char output[16] ); + +/** + * \brief Output = MD2( input buffer ) + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output MD2 checksum result + */ +void md2( unsigned char *input, int ilen, unsigned char output[16] ); + +/** + * \brief Output = MD2( file contents ) + * + * \param path input file name + * \param output MD2 checksum result + * + * \return 0 if successful, 1 if fopen failed, + * or 2 if fread failed + */ +int md2_file( char *path, unsigned char output[16] ); + +/** + * \brief MD2 HMAC context setup + * + * \param ctx HMAC context to be initialized + * \param key HMAC secret key + * \param keylen length of the HMAC key + */ +void md2_hmac_starts( md2_context *ctx, unsigned char *key, int keylen ); + +/** + * \brief MD2 HMAC process buffer + * + * \param ctx HMAC context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void md2_hmac_update( md2_context *ctx, unsigned char *input, int ilen ); + +/** + * \brief MD2 HMAC final digest + * + * \param ctx HMAC context + * \param output MD2 HMAC checksum result + */ +void md2_hmac_finish( md2_context *ctx, unsigned char output[16] ); + +/** + * \brief Output = HMAC-MD2( hmac key, input buffer ) + * + * \param key HMAC secret key + * \param keylen length of the HMAC key + * \param input buffer holding the data + * \param ilen length of the input data + * \param output HMAC-MD2 result + */ +void md2_hmac( unsigned char *key, int keylen, + unsigned char *input, int ilen, + unsigned char output[16] ); + +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int md2_self_test( int verbose ); + +#ifdef __cplusplus +} +#endif + +#endif /* md2.h */ diff --git a/include/polarssl/md4.h b/include/polarssl/md4.h new file mode 100644 index 000000000..f0a7c33ca --- /dev/null +++ b/include/polarssl/md4.h @@ -0,0 +1,119 @@ +/** + * \file md4.h + */ +#ifndef XYSSL_MD4_H +#define XYSSL_MD4_H + +/** + * \brief MD4 context structure + */ +typedef struct +{ + unsigned long total[2]; /*!< number of bytes processed */ + unsigned long state[4]; /*!< intermediate digest state */ + unsigned char buffer[64]; /*!< data block being processed */ + + unsigned char ipad[64]; /*!< HMAC: inner padding */ + unsigned char opad[64]; /*!< HMAC: outer padding */ +} +md4_context; + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief MD4 context setup + * + * \param ctx context to be initialized + */ +void md4_starts( md4_context *ctx ); + +/** + * \brief MD4 process buffer + * + * \param ctx MD4 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void md4_update( md4_context *ctx, unsigned char *input, int ilen ); + +/** + * \brief MD4 final digest + * + * \param ctx MD4 context + * \param output MD4 checksum result + */ +void md4_finish( md4_context *ctx, unsigned char output[16] ); + +/** + * \brief Output = MD4( input buffer ) + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output MD4 checksum result + */ +void md4( unsigned char *input, int ilen, unsigned char output[16] ); + +/** + * \brief Output = MD4( file contents ) + * + * \param path input file name + * \param output MD4 checksum result + * + * \return 0 if successful, 1 if fopen failed, + * or 2 if fread failed + */ +int md4_file( char *path, unsigned char output[16] ); + +/** + * \brief MD4 HMAC context setup + * + * \param ctx HMAC context to be initialized + * \param key HMAC secret key + * \param keylen length of the HMAC key + */ +void md4_hmac_starts( md4_context *ctx, unsigned char *key, int keylen ); + +/** + * \brief MD4 HMAC process buffer + * + * \param ctx HMAC context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void md4_hmac_update( md4_context *ctx, unsigned char *input, int ilen ); + +/** + * \brief MD4 HMAC final digest + * + * \param ctx HMAC context + * \param output MD4 HMAC checksum result + */ +void md4_hmac_finish( md4_context *ctx, unsigned char output[16] ); + +/** + * \brief Output = HMAC-MD4( hmac key, input buffer ) + * + * \param key HMAC secret key + * \param keylen length of the HMAC key + * \param input buffer holding the data + * \param ilen length of the input data + * \param output HMAC-MD4 result + */ +void md4_hmac( unsigned char *key, int keylen, + unsigned char *input, int ilen, + unsigned char output[16] ); + +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int md4_self_test( int verbose ); + +#ifdef __cplusplus +} +#endif + +#endif /* md4.h */ diff --git a/include/polarssl/md5.h b/include/polarssl/md5.h new file mode 100644 index 000000000..a772542b4 --- /dev/null +++ b/include/polarssl/md5.h @@ -0,0 +1,119 @@ +/** + * \file md5.h + */ +#ifndef XYSSL_MD5_H +#define XYSSL_MD5_H + +/** + * \brief MD5 context structure + */ +typedef struct +{ + unsigned long total[2]; /*!< number of bytes processed */ + unsigned long state[4]; /*!< intermediate digest state */ + unsigned char buffer[64]; /*!< data block being processed */ + + unsigned char ipad[64]; /*!< HMAC: inner padding */ + unsigned char opad[64]; /*!< HMAC: outer padding */ +} +md5_context; + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief MD5 context setup + * + * \param ctx context to be initialized + */ +void md5_starts( md5_context *ctx ); + +/** + * \brief MD5 process buffer + * + * \param ctx MD5 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void md5_update( md5_context *ctx, unsigned char *input, int ilen ); + +/** + * \brief MD5 final digest + * + * \param ctx MD5 context + * \param output MD5 checksum result + */ +void md5_finish( md5_context *ctx, unsigned char output[16] ); + +/** + * \brief Output = MD5( input buffer ) + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output MD5 checksum result + */ +void md5( unsigned char *input, int ilen, unsigned char output[16] ); + +/** + * \brief Output = MD5( file contents ) + * + * \param path input file name + * \param output MD5 checksum result + * + * \return 0 if successful, 1 if fopen failed, + * or 2 if fread failed + */ +int md5_file( char *path, unsigned char output[16] ); + +/** + * \brief MD5 HMAC context setup + * + * \param ctx HMAC context to be initialized + * \param key HMAC secret key + * \param keylen length of the HMAC key + */ +void md5_hmac_starts( md5_context *ctx, unsigned char *key, int keylen ); + +/** + * \brief MD5 HMAC process buffer + * + * \param ctx HMAC context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void md5_hmac_update( md5_context *ctx, unsigned char *input, int ilen ); + +/** + * \brief MD5 HMAC final digest + * + * \param ctx HMAC context + * \param output MD5 HMAC checksum result + */ +void md5_hmac_finish( md5_context *ctx, unsigned char output[16] ); + +/** + * \brief Output = HMAC-MD5( hmac key, input buffer ) + * + * \param key HMAC secret key + * \param keylen length of the HMAC key + * \param input buffer holding the data + * \param ilen length of the input data + * \param output HMAC-MD5 result + */ +void md5_hmac( unsigned char *key, int keylen, + unsigned char *input, int ilen, + unsigned char output[16] ); + +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int md5_self_test( int verbose ); + +#ifdef __cplusplus +} +#endif + +#endif /* md5.h */ diff --git a/include/polarssl/net.h b/include/polarssl/net.h new file mode 100644 index 000000000..1860b3d58 --- /dev/null +++ b/include/polarssl/net.h @@ -0,0 +1,103 @@ +/** + * \file net.h + */ +#ifndef XYSSL_NET_H +#define XYSSL_NET_H + +#define XYSSL_ERR_NET_UNKNOWN_HOST -0x0F00 +#define XYSSL_ERR_NET_SOCKET_FAILED -0x0F10 +#define XYSSL_ERR_NET_CONNECT_FAILED -0x0F20 +#define XYSSL_ERR_NET_BIND_FAILED -0x0F30 +#define XYSSL_ERR_NET_LISTEN_FAILED -0x0F40 +#define XYSSL_ERR_NET_ACCEPT_FAILED -0x0F50 +#define XYSSL_ERR_NET_RECV_FAILED -0x0F60 +#define XYSSL_ERR_NET_SEND_FAILED -0x0F70 +#define XYSSL_ERR_NET_CONN_RESET -0x0F80 +#define XYSSL_ERR_NET_TRY_AGAIN -0x0F90 + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief Initiate a TCP connection with host:port + * + * \return 0 if successful, or one of: + * XYSSL_ERR_NET_SOCKET_FAILED, + * XYSSL_ERR_NET_UNKNOWN_HOST, + * XYSSL_ERR_NET_CONNECT_FAILED + */ +int net_connect( int *fd, char *host, int port ); + +/** + * \brief Create a listening socket on bind_ip:port. + * If bind_ip == NULL, all interfaces are binded. + * + * \return 0 if successful, or one of: + * XYSSL_ERR_NET_SOCKET_FAILED, + * XYSSL_ERR_NET_BIND_FAILED, + * XYSSL_ERR_NET_LISTEN_FAILED + */ +int net_bind( int *fd, char *bind_ip, int port ); + +/** + * \brief Accept a connection from a remote client + * + * \return 0 if successful, XYSSL_ERR_NET_ACCEPT_FAILED, or + * XYSSL_ERR_NET_WOULD_BLOCK is bind_fd was set to + * non-blocking and accept() is blocking. + */ +int net_accept( int bind_fd, int *client_fd, void *client_ip ); + +/** + * \brief Set the socket blocking + * + * \return 0 if successful, or a non-zero error code + */ +int net_set_block( int fd ); + +/** + * \brief Set the socket non-blocking + * + * \return 0 if successful, or a non-zero error code + */ +int net_set_nonblock( int fd ); + +/** + * \brief Portable usleep helper + * + * \note Real amount of time slept will not be less than + * select()'s timeout granularity (typically, 10ms). + */ +void net_usleep( unsigned long usec ); + +/** + * \brief Read at most 'len' characters. len is updated to + * reflect the actual number of characters read. + * + * \return This function returns the number of bytes received, + * or a negative error code; XYSSL_ERR_NET_TRY_AGAIN + * indicates read() is blocking. + */ +int net_recv( void *ctx, unsigned char *buf, int len ); + +/** + * \brief Write at most 'len' characters. len is updated to + * reflect the number of characters _not_ written. + * + * \return This function returns the number of bytes sent, + * or a negative error code; XYSSL_ERR_NET_TRY_AGAIN + * indicates write() is blocking. + */ +int net_send( void *ctx, unsigned char *buf, int len ); + +/** + * \brief Gracefully shutdown the connection + */ +void net_close( int fd ); + +#ifdef __cplusplus +} +#endif + +#endif /* net.h */ diff --git a/include/polarssl/openssl.h b/include/polarssl/openssl.h new file mode 100644 index 000000000..0006754e6 --- /dev/null +++ b/include/polarssl/openssl.h @@ -0,0 +1,113 @@ +/** + * \file openssl.h + */ +/* + * OpenSSL wrapper contributed by David Barett + */ +#ifndef XYSSL_OPENSSL_H +#define XYSSL_OPENSSL_H + +#include "xyssl/aes.h" +#include "xyssl/md5.h" +#include "xyssl/rsa.h" +#include "xyssl/sha1.h" + +#define AES_SIZE 16 +#define AES_BLOCK_SIZE 16 +#define AES_KEY aes_context +#define MD5_CTX md5_context +#define SHA_CTX sha1_context + +#define SHA1_Init( CTX ) \ + sha1_starts( (CTX) ) +#define SHA1_Update( CTX, BUF, LEN ) \ + sha1_update( (CTX), (unsigned char *)(BUF), (LEN) ) +#define SHA1_Final( OUT, CTX ) \ + sha1_finish( (CTX), (OUT) ) + +#define MD5_Init( CTX ) \ + md5_starts( (CTX) ) +#define MD5_Update( CTX, BUF, LEN ) \ + md5_update( (CTX), (unsigned char *)(BUF), (LEN) ) +#define MD5_Final( OUT, CTX ) \ + md5_finish( (CTX), (OUT) ) + +#define AES_set_encrypt_key( KEY, KEYSIZE, CTX ) \ + aes_setkey_enc( (CTX), (KEY), (KEYSIZE) ) +#define AES_set_decrypt_key( KEY, KEYSIZE, CTX ) \ + aes_setkey_dec( (CTX), (KEY), (KEYSIZE) ) +#define AES_cbc_encrypt( INPUT, OUTPUT, LEN, CTX, IV, MODE ) \ + aes_crypt_cbc( (CTX), (MODE), (LEN), (IV), (INPUT), (OUTPUT) ) + +/* + * RSA stuff follows. TODO: needs cleanup + */ +inline int __RSA_Passthrough( void *output, void *input, int size ) +{ + memcpy( output, input, size ); + return size; +} + +inline rsa_context* d2i_RSA_PUBKEY( void *ignore, unsigned char **bufptr, + int len ) +{ + unsigned char *buffer = *(unsigned char **) bufptr; + rsa_context *rsa; + + /* + * Not a general-purpose parser: only parses public key from *exactly* + * openssl genrsa -out privkey.pem 512 (or 1024) + * openssl rsa -in privkey.pem -out privatekey.der -outform der + * openssl rsa -in privkey.pem -out pubkey.der -outform der -pubout + * + * TODO: make a general-purpose parse + */ + if( ignore != 0 || ( len != 94 && len != 162 ) ) + return( 0 ); + + rsa = (rsa_context *) malloc( sizeof( rsa_rsa ) ); + if( rsa == NULL ) + return( 0 ); + + memset( rsa, 0, sizeof( rsa_context ) ); + + if( ( len == 94 && + mpi_read_binary( &rsa->N, &buffer[ 25], 64 ) == 0 && + mpi_read_binary( &rsa->E, &buffer[ 91], 3 ) == 0 ) || + ( len == 162 && + mpi_read_binary( &rsa->N, &buffer[ 29], 128 ) == 0 ) && + mpi_read_binary( &rsa->E, &buffer[159], 3 ) == 0 ) + { + /* + * key read successfully + */ + rsa->len = ( mpi_msb( &rsa->N ) + 7 ) >> 3; + return( rsa ); + } + else + { + memset( rsa, 0, sizeof( rsa_context ) ); + free( rsa ); + return( 0 ); + } +} + +#define RSA rsa_context +#define RSA_PKCS1_PADDING 1 /* ignored; always encrypt with this */ +#define RSA_size( CTX ) (CTX)->len +#define RSA_free( CTX ) rsa_free( CTX ) +#define ERR_get_error( ) "ERR_get_error() not supported" +#define RSA_blinding_off( IGNORE ) + +#define d2i_RSAPrivateKey( a, b, c ) new rsa_context /* TODO: C++ bleh */ + +inline int RSA_public_decrypt ( int size, unsigned char* input, unsigned char* output, RSA* key, int ignore ) { int outsize=size; if( !rsa_pkcs1_decrypt( key, RSA_PUBLIC, &outsize, input, output ) ) return outsize; else return -1; } +inline int RSA_private_decrypt( int size, unsigned char* input, unsigned char* output, RSA* key, int ignore ) { int outsize=size; if( !rsa_pkcs1_decrypt( key, RSA_PRIVATE, &outsize, input, output ) ) return outsize; else return -1; } +inline int RSA_public_encrypt ( int size, unsigned char* input, unsigned char* output, RSA* key, int ignore ) { if( !rsa_pkcs1_encrypt( key, RSA_PUBLIC, size, input, output ) ) return RSA_size(key); else return -1; } +inline int RSA_private_encrypt( int size, unsigned char* input, unsigned char* output, RSA* key, int ignore ) { if( !rsa_pkcs1_encrypt( key, RSA_PRIVATE, size, input, output ) ) return RSA_size(key); else return -1; } + +#ifdef __cplusplus +} +#endif + +#endif /* openssl.h */ diff --git a/include/polarssl/padlock.h b/include/polarssl/padlock.h new file mode 100644 index 000000000..e577de71b --- /dev/null +++ b/include/polarssl/padlock.h @@ -0,0 +1,73 @@ +/** + * \file padlock.h + */ +#ifndef XYSSL_PADLOCK_H +#define XYSSL_PADLOCK_H + +#include "xyssl/aes.h" + +#if (defined(__GNUC__) && defined(__i386__)) + +#ifndef XYSSL_HAVE_X86 +#define XYSSL_HAVE_X86 +#endif + +#define PADLOCK_RNG 0x000C +#define PADLOCK_ACE 0x00C0 +#define PADLOCK_PHE 0x0C00 +#define PADLOCK_PMM 0x3000 + +#define PADLOCK_ALIGN16(x) (unsigned long *) (16 + ((long) x & ~15)) + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief PadLock detection routine + * + * \return 1 if CPU has support for the feature, 0 otherwise + */ +int padlock_supports( int feature ); + +/** + * \brief PadLock AES-ECB block en(de)cryption + * + * \param ctx AES context + * \param mode AES_ENCRYPT or AES_DECRYPT + * \param input 16-byte input block + * \param output 16-byte output block + * + * \return 0 if success, 1 if operation failed + */ +int padlock_xcryptecb( aes_context *ctx, + int mode, + unsigned char input[16], + unsigned char output[16] ); + +/** + * \brief PadLock AES-CBC buffer en(de)cryption + * + * \param ctx AES context + * \param mode AES_ENCRYPT or AES_DECRYPT + * \param length length of the input data + * \param iv initialization vector (updated after use) + * \param input buffer holding the input data + * \param output buffer holding the output data + * + * \return 0 if success, 1 if operation failed + */ +int padlock_xcryptcbc( aes_context *ctx, + int mode, + int length, + unsigned char iv[16], + unsigned char *input, + unsigned char *output ); + +#ifdef __cplusplus +} +#endif + +#endif /* HAVE_X86 */ + +#endif /* padlock.h */ diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h new file mode 100644 index 000000000..9a8a5dc23 --- /dev/null +++ b/include/polarssl/rsa.h @@ -0,0 +1,274 @@ +/** + * \file rsa.h + */ +#ifndef XYSSL_RSA_H +#define XYSSL_RSA_H + +#include "xyssl/bignum.h" + +#define XYSSL_ERR_RSA_BAD_INPUT_DATA -0x0400 +#define XYSSL_ERR_RSA_INVALID_PADDING -0x0410 +#define XYSSL_ERR_RSA_KEY_GEN_FAILED -0x0420 +#define XYSSL_ERR_RSA_KEY_CHECK_FAILED -0x0430 +#define XYSSL_ERR_RSA_PUBLIC_FAILED -0x0440 +#define XYSSL_ERR_RSA_PRIVATE_FAILED -0x0450 +#define XYSSL_ERR_RSA_VERIFY_FAILED -0x0460 + +/* + * PKCS#1 constants + */ +#define RSA_RAW 0 +#define RSA_MD2 2 +#define RSA_MD4 3 +#define RSA_MD5 4 +#define RSA_SHA1 5 +#define RSA_SHA256 6 + +#define RSA_PUBLIC 0 +#define RSA_PRIVATE 1 + +#define RSA_PKCS_V15 0 +#define RSA_PKCS_V21 1 + +#define RSA_SIGN 1 +#define RSA_CRYPT 2 + +/* + * DigestInfo ::= SEQUENCE { + * digestAlgorithm DigestAlgorithmIdentifier, + * digest Digest } + * + * DigestAlgorithmIdentifier ::= AlgorithmIdentifier + * + * Digest ::= OCTET STRING + */ +#define ASN1_HASH_MDX \ + "\x30\x20\x30\x0C\x06\x08\x2A\x86\x48" \ + "\x86\xF7\x0D\x02\x00\x05\x00\x04\x10" + +#define ASN1_HASH_SHA1 \ + "\x30\x21\x30\x09\x06\x05\x2B\x0E\x03" \ + "\x02\x1A\x05\x00\x04\x14" + +/** + * \brief RSA context structure + */ +typedef struct +{ + int ver; /*!< always 0 */ + int len; /*!< size(N) in chars */ + + mpi N; /*!< public modulus */ + mpi E; /*!< public exponent */ + + mpi D; /*!< private exponent */ + mpi P; /*!< 1st prime factor */ + mpi Q; /*!< 2nd prime factor */ + mpi DP; /*!< D % (P - 1) */ + mpi DQ; /*!< D % (Q - 1) */ + mpi QP; /*!< 1 / (Q % P) */ + + mpi RN; /*!< cached R^2 mod N */ + mpi RP; /*!< cached R^2 mod P */ + mpi RQ; /*!< cached R^2 mod Q */ + + int padding; /*!< 1.5 or OAEP/PSS */ + int hash_id; /*!< hash identifier */ + int (*f_rng)(void *); /*!< RNG function */ + void *p_rng; /*!< RNG parameter */ +} +rsa_context; + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief Initialize an RSA context + * + * \param ctx RSA context to be initialized + * \param padding RSA_PKCS_V15 or RSA_PKCS_V21 + * \param hash_id RSA_PKCS_V21 hash identifier + * \param f_rng RNG function + * \param p_rng RNG parameter + * + * \note The hash_id parameter is actually ignored + * when using RSA_PKCS_V15 padding. + * + * \note Currently (xyssl-0.8), RSA_PKCS_V21 padding + * is not supported. + */ +void rsa_init( rsa_context *ctx, + int padding, + int hash_id, + int (*f_rng)(void *), + void *p_rng ); + +/** + * \brief Generate an RSA keypair + * + * \param ctx RSA context that will hold the key + * \param nbits size of the public key in bits + * \param exponent public exponent (e.g., 65537) + * + * \note rsa_init() must be called beforehand to setup + * the RSA context (especially f_rng and p_rng). + * + * \return 0 if successful, or an XYSSL_ERR_RSA_XXX error code + */ +int rsa_gen_key( rsa_context *ctx, int nbits, int exponent ); + +/** + * \brief Check a public RSA key + * + * \param ctx RSA context to be checked + * + * \return 0 if successful, or an XYSSL_ERR_RSA_XXX error code + */ +int rsa_check_pubkey( rsa_context *ctx ); + +/** + * \brief Check a private RSA key + * + * \param ctx RSA context to be checked + * + * \return 0 if successful, or an XYSSL_ERR_RSA_XXX error code + */ +int rsa_check_privkey( rsa_context *ctx ); + +/** + * \brief Do an RSA public key operation + * + * \param ctx RSA context + * \param input input buffer + * \param output output buffer + * + * \return 0 if successful, or an XYSSL_ERR_RSA_XXX error code + * + * \note This function does NOT take care of message + * padding. Also, be sure to set input[0] = 0. + * + * \note The input and output buffers must be large + * enough (eg. 128 bytes if RSA-1024 is used). + */ +int rsa_public( rsa_context *ctx, + unsigned char *input, + unsigned char *output ); + +/** + * \brief Do an RSA private key operation + * + * \param ctx RSA context + * \param input input buffer + * \param output output buffer + * + * \return 0 if successful, or an XYSSL_ERR_RSA_XXX error code + * + * \note The input and output buffers must be large + * enough (eg. 128 bytes if RSA-1024 is used). + */ +int rsa_private( rsa_context *ctx, + unsigned char *input, + unsigned char *output ); + +/** + * \brief Add the message padding, then do an RSA operation + * + * \param ctx RSA context + * \param mode RSA_PUBLIC or RSA_PRIVATE + * \param ilen contains the the plaintext length + * \param input buffer holding the data to be encrypted + * \param output buffer that will hold the ciphertext + * + * \return 0 if successful, or an XYSSL_ERR_RSA_XXX error code + * + * \note The output buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). + */ +int rsa_pkcs1_encrypt( rsa_context *ctx, + int mode, int ilen, + unsigned char *input, + unsigned char *output ); + +/** + * \brief Do an RSA operation, then remove the message padding + * + * \param ctx RSA context + * \param mode RSA_PUBLIC or RSA_PRIVATE + * \param input buffer holding the encrypted data + * \param output buffer that will hold the plaintext + * \param olen will contain the plaintext length + * + * \return 0 if successful, or an XYSSL_ERR_RSA_XXX error code + * + * \note The output buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). + */ +int rsa_pkcs1_decrypt( rsa_context *ctx, + int mode, int *olen, + unsigned char *input, + unsigned char *output ); + +/** + * \brief Do a private RSA to sign a message digest + * + * \param ctx RSA context + * \param mode RSA_PUBLIC or RSA_PRIVATE + * \param hash_id RSA_RAW, RSA_MD{2,4,5} or RSA_SHA{1,256} + * \param hashlen message digest length (for RSA_RAW only) + * \param hash buffer holding the message digest + * \param sig buffer that will hold the ciphertext + * + * \return 0 if the signing operation was successful, + * or an XYSSL_ERR_RSA_XXX error code + * + * \note The "sig" buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). + */ +int rsa_pkcs1_sign( rsa_context *ctx, + int mode, + int hash_id, + int hashlen, + unsigned char *hash, + unsigned char *sig ); + +/** + * \brief Do a public RSA and check the message digest + * + * \param ctx points to an RSA public key + * \param mode RSA_PUBLIC or RSA_PRIVATE + * \param hash_id RSA_RAW, RSA_MD{2,4,5} or RSA_SHA{1,256} + * \param hashlen message digest length (for RSA_RAW only) + * \param hash buffer holding the message digest + * \param sig buffer holding the ciphertext + * + * \return 0 if the verify operation was successful, + * or an XYSSL_ERR_RSA_XXX error code + * + * \note The "sig" buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). + */ +int rsa_pkcs1_verify( rsa_context *ctx, + int mode, + int hash_id, + int hashlen, + unsigned char *hash, + unsigned char *sig ); + +/** + * \brief Free the components of an RSA key + */ +void rsa_free( rsa_context *ctx ); + +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int rsa_self_test( int verbose ); + +#ifdef __cplusplus +} +#endif + +#endif /* rsa.h */ diff --git a/include/polarssl/sha1.h b/include/polarssl/sha1.h new file mode 100644 index 000000000..7d44c6721 --- /dev/null +++ b/include/polarssl/sha1.h @@ -0,0 +1,119 @@ +/** + * \file sha1.h + */ +#ifndef XYSSL_SHA1_H +#define XYSSL_SHA1_H + +/** + * \brief SHA-1 context structure + */ +typedef struct +{ + unsigned long total[2]; /*!< number of bytes processed */ + unsigned long state[5]; /*!< intermediate digest state */ + unsigned char buffer[64]; /*!< data block being processed */ + + unsigned char ipad[64]; /*!< HMAC: inner padding */ + unsigned char opad[64]; /*!< HMAC: outer padding */ +} +sha1_context; + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief SHA-1 context setup + * + * \param ctx context to be initialized + */ +void sha1_starts( sha1_context *ctx ); + +/** + * \brief SHA-1 process buffer + * + * \param ctx SHA-1 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void sha1_update( sha1_context *ctx, unsigned char *input, int ilen ); + +/** + * \brief SHA-1 final digest + * + * \param ctx SHA-1 context + * \param output SHA-1 checksum result + */ +void sha1_finish( sha1_context *ctx, unsigned char output[20] ); + +/** + * \brief Output = SHA-1( input buffer ) + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output SHA-1 checksum result + */ +void sha1( unsigned char *input, int ilen, unsigned char output[20] ); + +/** + * \brief Output = SHA-1( file contents ) + * + * \param path input file name + * \param output SHA-1 checksum result + * + * \return 0 if successful, 1 if fopen failed, + * or 2 if fread failed + */ +int sha1_file( char *path, unsigned char output[20] ); + +/** + * \brief SHA-1 HMAC context setup + * + * \param ctx HMAC context to be initialized + * \param key HMAC secret key + * \param keylen length of the HMAC key + */ +void sha1_hmac_starts( sha1_context *ctx, unsigned char *key, int keylen ); + +/** + * \brief SHA-1 HMAC process buffer + * + * \param ctx HMAC context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void sha1_hmac_update( sha1_context *ctx, unsigned char *input, int ilen ); + +/** + * \brief SHA-1 HMAC final digest + * + * \param ctx HMAC context + * \param output SHA-1 HMAC checksum result + */ +void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] ); + +/** + * \brief Output = HMAC-SHA-1( hmac key, input buffer ) + * + * \param key HMAC secret key + * \param keylen length of the HMAC key + * \param input buffer holding the data + * \param ilen length of the input data + * \param output HMAC-SHA-1 result + */ +void sha1_hmac( unsigned char *key, int keylen, + unsigned char *input, int ilen, + unsigned char output[20] ); + +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int sha1_self_test( int verbose ); + +#ifdef __cplusplus +} +#endif + +#endif /* sha1.h */ diff --git a/include/polarssl/sha2.h b/include/polarssl/sha2.h new file mode 100644 index 000000000..ad2d37b7c --- /dev/null +++ b/include/polarssl/sha2.h @@ -0,0 +1,127 @@ +/** + * \file sha2.h + */ +#ifndef XYSSL_SHA2_H +#define XYSSL_SHA2_H + +/** + * \brief SHA-256 context structure + */ +typedef struct +{ + unsigned long total[2]; /*!< number of bytes processed */ + unsigned long state[8]; /*!< intermediate digest state */ + unsigned char buffer[64]; /*!< data block being processed */ + + unsigned char ipad[64]; /*!< HMAC: inner padding */ + unsigned char opad[64]; /*!< HMAC: outer padding */ + int is224; /*!< 0 => SHA-256, else SHA-224 */ +} +sha2_context; + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief SHA-256 context setup + * + * \param ctx context to be initialized + * \param is224 0 = use SHA256, 1 = use SHA224 + */ +void sha2_starts( sha2_context *ctx, int is224 ); + +/** + * \brief SHA-256 process buffer + * + * \param ctx SHA-256 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void sha2_update( sha2_context *ctx, unsigned char *input, int ilen ); + +/** + * \brief SHA-256 final digest + * + * \param ctx SHA-256 context + * \param output SHA-224/256 checksum result + */ +void sha2_finish( sha2_context *ctx, unsigned char output[32] ); + +/** + * \brief Output = SHA-256( input buffer ) + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output SHA-224/256 checksum result + * \param is224 0 = use SHA256, 1 = use SHA224 + */ +void sha2( unsigned char *input, int ilen, + unsigned char output[32], int is224 ); + +/** + * \brief Output = SHA-256( file contents ) + * + * \param path input file name + * \param output SHA-224/256 checksum result + * \param is224 0 = use SHA256, 1 = use SHA224 + * + * \return 0 if successful, 1 if fopen failed, + * or 2 if fread failed + */ +int sha2_file( char *path, unsigned char output[32], int is224 ); + +/** + * \brief SHA-256 HMAC context setup + * + * \param ctx HMAC context to be initialized + * \param key HMAC secret key + * \param keylen length of the HMAC key + * \param is224 0 = use SHA256, 1 = use SHA224 + */ +void sha2_hmac_starts( sha2_context *ctx, unsigned char *key, int keylen, + int is224 ); + +/** + * \brief SHA-256 HMAC process buffer + * + * \param ctx HMAC context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void sha2_hmac_update( sha2_context *ctx, unsigned char *input, int ilen ); + +/** + * \brief SHA-256 HMAC final digest + * + * \param ctx HMAC context + * \param output SHA-224/256 HMAC checksum result + */ +void sha2_hmac_finish( sha2_context *ctx, unsigned char output[32] ); + +/** + * \brief Output = HMAC-SHA-256( hmac key, input buffer ) + * + * \param key HMAC secret key + * \param keylen length of the HMAC key + * \param input buffer holding the data + * \param ilen length of the input data + * \param output HMAC-SHA-224/256 result + * \param is224 0 = use SHA256, 1 = use SHA224 + */ +void sha2_hmac( unsigned char *key, int keylen, + unsigned char *input, int ilen, + unsigned char output[32], int is224 ); + +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int sha2_self_test( int verbose ); + +#ifdef __cplusplus +} +#endif + +#endif /* sha2.h */ diff --git a/include/polarssl/sha4.h b/include/polarssl/sha4.h new file mode 100644 index 000000000..6c80085ae --- /dev/null +++ b/include/polarssl/sha4.h @@ -0,0 +1,135 @@ +/** + * \file sha4.h + */ +#ifndef XYSSL_SHA4_H +#define XYSSL_SHA4_H + +#if defined(_MSC_VER) || defined(__WATCOMC__) + #define UL64(x) x##ui64 + #define int64 __int64 +#else + #define UL64(x) x##ULL + #define int64 long long +#endif + +/** + * \brief SHA-512 context structure + */ +typedef struct +{ + unsigned int64 total[2]; /*!< number of bytes processed */ + unsigned int64 state[8]; /*!< intermediate digest state */ + unsigned char buffer[128]; /*!< data block being processed */ + + unsigned char ipad[128]; /*!< HMAC: inner padding */ + unsigned char opad[128]; /*!< HMAC: outer padding */ + int is384; /*!< 0 => SHA-512, else SHA-384 */ +} +sha4_context; + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief SHA-512 context setup + * + * \param ctx context to be initialized + * \param is384 0 = use SHA512, 1 = use SHA384 + */ +void sha4_starts( sha4_context *ctx, int is384 ); + +/** + * \brief SHA-512 process buffer + * + * \param ctx SHA-512 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void sha4_update( sha4_context *ctx, unsigned char *input, int ilen ); + +/** + * \brief SHA-512 final digest + * + * \param ctx SHA-512 context + * \param output SHA-384/512 checksum result + */ +void sha4_finish( sha4_context *ctx, unsigned char output[64] ); + +/** + * \brief Output = SHA-512( input buffer ) + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output SHA-384/512 checksum result + * \param is384 0 = use SHA512, 1 = use SHA384 + */ +void sha4( unsigned char *input, int ilen, + unsigned char output[64], int is384 ); + +/** + * \brief Output = SHA-512( file contents ) + * + * \param path input file name + * \param output SHA-384/512 checksum result + * \param is384 0 = use SHA512, 1 = use SHA384 + * + * \return 0 if successful, 1 if fopen failed, + * or 2 if fread failed + */ +int sha4_file( char *path, unsigned char output[64], int is384 ); + +/** + * \brief SHA-512 HMAC context setup + * + * \param ctx HMAC context to be initialized + * \param is384 0 = use SHA512, 1 = use SHA384 + * \param key HMAC secret key + * \param keylen length of the HMAC key + */ +void sha4_hmac_starts( sha4_context *ctx, unsigned char *key, int keylen, + int is384 ); + +/** + * \brief SHA-512 HMAC process buffer + * + * \param ctx HMAC context + * \param input buffer holding the data + * \param ilen length of the input data + */ +void sha4_hmac_update( sha4_context *ctx, unsigned char *input, int ilen ); + +/** + * \brief SHA-512 HMAC final digest + * + * \param ctx HMAC context + * \param output SHA-384/512 HMAC checksum result + */ +void sha4_hmac_finish( sha4_context *ctx, unsigned char output[64] ); + +/** + * \brief Output = HMAC-SHA-512( hmac key, input buffer ) + * + * \param key HMAC secret key + * \param keylen length of the HMAC key + * \param input buffer holding the data + * \param ilen length of the input data + * \param output HMAC-SHA-384/512 result + * \param is384 0 = use SHA512, 1 = use SHA384 + */ +void sha4_hmac( unsigned char *key, int keylen, + unsigned char *input, int ilen, + unsigned char output[64], int is384 ); + +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int sha4_self_test( int verbose ); + +#ifdef __cplusplus +} +#endif + +#endif /* sha4.h */ diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h new file mode 100644 index 000000000..d6bd0daed --- /dev/null +++ b/include/polarssl/ssl.h @@ -0,0 +1,517 @@ +/** + * \file ssl.h + */ +#ifndef XYSSL_SSL_H +#define XYSSL_SSL_H + +#include + +#include "xyssl/net.h" +#include "xyssl/dhm.h" +#include "xyssl/rsa.h" +#include "xyssl/md5.h" +#include "xyssl/sha1.h" +#include "xyssl/x509.h" + +#define XYSSL_ERR_SSL_FEATURE_UNAVAILABLE -0x1000 +#define XYSSL_ERR_SSL_BAD_INPUT_DATA -0x1800 +#define XYSSL_ERR_SSL_INVALID_MAC -0x2000 +#define XYSSL_ERR_SSL_INVALID_RECORD -0x2800 +#define XYSSL_ERR_SSL_INVALID_MODULUS_SIZE -0x3000 +#define XYSSL_ERR_SSL_UNKNOWN_CIPHER -0x3800 +#define XYSSL_ERR_SSL_NO_CIPHER_CHOSEN -0x4000 +#define XYSSL_ERR_SSL_NO_SESSION_FOUND -0x4800 +#define XYSSL_ERR_SSL_NO_CLIENT_CERTIFICATE -0x5000 +#define XYSSL_ERR_SSL_CERTIFICATE_TOO_LARGE -0x5800 +#define XYSSL_ERR_SSL_CERTIFICATE_REQUIRED -0x6000 +#define XYSSL_ERR_SSL_PRIVATE_KEY_REQUIRED -0x6800 +#define XYSSL_ERR_SSL_CA_CHAIN_REQUIRED -0x7000 +#define XYSSL_ERR_SSL_UNEXPECTED_MESSAGE -0x7800 +#define XYSSL_ERR_SSL_FATAL_ALERT_MESSAGE -0x8000 +#define XYSSL_ERR_SSL_PEER_VERIFY_FAILED -0x8800 +#define XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY -0x9000 +#define XYSSL_ERR_SSL_BAD_HS_CLIENT_HELLO -0x9800 +#define XYSSL_ERR_SSL_BAD_HS_SERVER_HELLO -0xA000 +#define XYSSL_ERR_SSL_BAD_HS_CERTIFICATE -0xA800 +#define XYSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0xB000 +#define XYSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0xB800 +#define XYSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0xC000 +#define XYSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0xC800 +#define XYSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0xD000 +#define XYSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0xD800 +#define XYSSL_ERR_SSL_BAD_HS_FINISHED -0xE000 + +/* + * Various constants + */ +#define SSL_MAJOR_VERSION_3 3 +#define SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */ +#define SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */ +#define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */ + +#define SSL_IS_CLIENT 0 +#define SSL_IS_SERVER 1 +#define SSL_COMPRESS_NULL 0 + +#define SSL_VERIFY_NONE 0 +#define SSL_VERIFY_OPTIONAL 1 +#define SSL_VERIFY_REQUIRED 2 + +#define SSL_MAX_CONTENT_LEN 16384 + +/* + * Allow an extra 512 bytes for the record header + * and encryption overhead (counter + MAC + padding). + */ +#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + 512) + +/* + * Supported ciphersuites + */ +#define SSL_RSA_RC4_128_MD5 4 +#define SSL_RSA_RC4_128_SHA 5 +#define SSL_RSA_DES_168_SHA 10 +#define SSL_EDH_RSA_DES_168_SHA 22 +#define SSL_RSA_AES_128_SHA 47 +#define SSL_RSA_AES_256_SHA 53 +#define SSL_EDH_RSA_AES_256_SHA 57 + +/* + * Message, alert and handshake types + */ +#define SSL_MSG_CHANGE_CIPHER_SPEC 20 +#define SSL_MSG_ALERT 21 +#define SSL_MSG_HANDSHAKE 22 +#define SSL_MSG_APPLICATION_DATA 23 + +#define SSL_ALERT_CLOSE_NOTIFY 0 +#define SSL_ALERT_WARNING 1 +#define SSL_ALERT_FATAL 2 +#define SSL_ALERT_NO_CERTIFICATE 41 + +#define SSL_HS_HELLO_REQUEST 0 +#define SSL_HS_CLIENT_HELLO 1 +#define SSL_HS_SERVER_HELLO 2 +#define SSL_HS_CERTIFICATE 11 +#define SSL_HS_SERVER_KEY_EXCHANGE 12 +#define SSL_HS_CERTIFICATE_REQUEST 13 +#define SSL_HS_SERVER_HELLO_DONE 14 +#define SSL_HS_CERTIFICATE_VERIFY 15 +#define SSL_HS_CLIENT_KEY_EXCHANGE 16 +#define SSL_HS_FINISHED 20 + +/* + * TLS extensions + */ +#define TLS_EXT_SERVERNAME 0 +#define TLS_EXT_SERVERNAME_HOSTNAME 0 + +/* + * SSL state machine + */ +typedef enum +{ + SSL_HELLO_REQUEST, + SSL_CLIENT_HELLO, + SSL_SERVER_HELLO, + SSL_SERVER_CERTIFICATE, + SSL_SERVER_KEY_EXCHANGE, + SSL_CERTIFICATE_REQUEST, + SSL_SERVER_HELLO_DONE, + SSL_CLIENT_CERTIFICATE, + SSL_CLIENT_KEY_EXCHANGE, + SSL_CERTIFICATE_VERIFY, + SSL_CLIENT_CHANGE_CIPHER_SPEC, + SSL_CLIENT_FINISHED, + SSL_SERVER_CHANGE_CIPHER_SPEC, + SSL_SERVER_FINISHED, + SSL_FLUSH_BUFFERS, + SSL_HANDSHAKE_OVER +} +ssl_states; + +typedef struct _ssl_session ssl_session; +typedef struct _ssl_context ssl_context; + +/* + * This structure is used for session resuming. + */ +struct _ssl_session +{ + time_t start; /*!< starting time */ + int cipher; /*!< chosen cipher */ + int length; /*!< session id length */ + unsigned char id[32]; /*!< session identifier */ + unsigned char master[48]; /*!< the master secret */ + ssl_session *next; /*!< next session entry */ +}; + +struct _ssl_context +{ + /* + * Miscellaneous + */ + int state; /*!< SSL handshake: current state */ + + int major_ver; /*!< equal to SSL_MAJOR_VERSION_3 */ + int minor_ver; /*!< either 0 (SSL3) or 1 (TLS1.0) */ + + int max_major_ver; /*!< max. major version from client */ + int max_minor_ver; /*!< max. minor version from client */ + + /* + * Callbacks (RNG, debug, I/O) + */ + int (*f_rng)(void *); + void (*f_dbg)(void *, int, char *); + int (*f_recv)(void *, unsigned char *, int); + int (*f_send)(void *, unsigned char *, int); + + void *p_rng; /*!< context for the RNG function */ + void *p_dbg; /*!< context for the debug function */ + void *p_recv; /*!< context for reading operations */ + void *p_send; /*!< context for writing operations */ + + /* + * Session layer + */ + int resume; /*!< session resuming flag */ + int timeout; /*!< sess. expiration time */ + ssl_session *session; /*!< current session data */ + int (*s_get)(ssl_context *); /*!< (server) get callback */ + int (*s_set)(ssl_context *); /*!< (server) set callback */ + + /* + * Record layer (incoming data) + */ + unsigned char *in_ctr; /*!< 64-bit incoming message counter */ + unsigned char *in_hdr; /*!< 5-byte record header (in_ctr+8) */ + unsigned char *in_msg; /*!< the message contents (in_hdr+5) */ + unsigned char *in_offt; /*!< read offset in application data */ + + int in_msgtype; /*!< record header: message type */ + int in_msglen; /*!< record header: message length */ + int in_left; /*!< amount of data read so far */ + + int in_hslen; /*!< current handshake message length */ + int nb_zero; /*!< # of 0-length encrypted messages */ + + /* + * Record layer (outgoing data) + */ + unsigned char *out_ctr; /*!< 64-bit outgoing message counter */ + unsigned char *out_hdr; /*!< 5-byte record header (out_ctr+8) */ + unsigned char *out_msg; /*!< the message contents (out_hdr+5) */ + + int out_msgtype; /*!< record header: message type */ + int out_msglen; /*!< record header: message length */ + int out_left; /*!< amount of data not yet written */ + + /* + * PKI layer + */ + rsa_context *rsa_key; /*!< own RSA private key */ + x509_cert *own_cert; /*!< own X.509 certificate */ + x509_cert *ca_chain; /*!< own trusted CA chain */ + x509_cert *peer_cert; /*!< peer X.509 cert chain */ + char *peer_cn; /*!< expected peer CN */ + + int endpoint; /*!< 0: client, 1: server */ + int authmode; /*!< verification mode */ + int client_auth; /*!< flag for client auth. */ + int verify_result; /*!< verification result */ + + /* + * Crypto layer + */ + dhm_context dhm_ctx; /*!< DHM key exchange */ + md5_context fin_md5; /*!< Finished MD5 checksum */ + sha1_context fin_sha1; /*!< Finished SHA-1 checksum */ + + int do_crypt; /*!< en(de)cryption flag */ + int *ciphers; /*!< allowed ciphersuites */ + int pmslen; /*!< premaster length */ + int keylen; /*!< symmetric key length */ + int minlen; /*!< min. ciphertext length */ + int ivlen; /*!< IV length */ + int maclen; /*!< MAC length */ + + unsigned char randbytes[64]; /*!< random bytes */ + unsigned char premaster[256]; /*!< premaster secret */ + + unsigned char iv_enc[16]; /*!< IV (encryption) */ + unsigned char iv_dec[16]; /*!< IV (decryption) */ + + unsigned char mac_enc[32]; /*!< MAC (encryption) */ + unsigned char mac_dec[32]; /*!< MAC (decryption) */ + + unsigned long ctx_enc[128]; /*!< encryption context */ + unsigned long ctx_dec[128]; /*!< decryption context */ + + /* + * TLS extensions + */ + unsigned char *hostname; + unsigned long hostname_len; +}; + +#ifdef __cplusplus +extern "C" { +#endif + +extern int ssl_default_ciphers[]; + +/** + * \brief Initialize an SSL context + * + * \param ssl SSL context + * + * \return 0 if successful, or 1 if memory allocation failed + */ +int ssl_init( ssl_context *ssl ); + +/** + * \brief Set the current endpoint type + * + * \param ssl SSL context + * \param endpoint must be SSL_IS_CLIENT or SSL_IS_SERVER + */ +void ssl_set_endpoint( ssl_context *ssl, int endpoint ); + +/** + * \brief Set the certificate verification mode + * + * \param ssl SSL context + * \param mode can be: + * + * SSL_VERIFY_NONE: peer certificate is not checked (default), + * this is insecure and SHOULD be avoided. + * + * SSL_VERIFY_OPTIONAL: peer certificate is checked, however the + * handshake continues even if verification failed; + * ssl_get_verify_result() can be called after the + * handshake is complete. + * + * SSL_VERIFY_REQUIRED: peer *must* present a valid certificate, + * handshake is aborted if verification failed. + */ +void ssl_set_authmode( ssl_context *ssl, int authmode ); + +/** + * \brief Set the random number generator callback + * + * \param ssl SSL context + * \param f_rng RNG function + * \param p_rng RNG parameter + */ +void ssl_set_rng( ssl_context *ssl, + int (*f_rng)(void *), + void *p_rng ); + +/** + * \brief Set the debug callback + * + * \param ssl SSL context + * \param f_dbg debug function + * \param p_dbg debug parameter + */ +void ssl_set_dbg( ssl_context *ssl, + void (*f_dbg)(void *, int, char *), + void *p_dbg ); + +/** + * \brief Set the underlying BIO read and write callbacks + * + * \param ssl SSL context + * \param f_recv read callback + * \param p_recv read parameter + * \param f_send write callback + * \param p_send write parameter + */ +void ssl_set_bio( ssl_context *ssl, + int (*f_recv)(void *, unsigned char *, int), void *p_recv, + int (*f_send)(void *, unsigned char *, int), void *p_send ); + +/** + * \brief Set the session callbacks (server-side only) + * + * \param ssl SSL context + * \param s_get session get callback + * \param s_set session set callback + */ +void ssl_set_scb( ssl_context *ssl, + int (*s_get)(ssl_context *), + int (*s_set)(ssl_context *) ); + +/** + * \brief Set the session resuming flag, timeout and data + * + * \param ssl SSL context + * \param resume if 0 (default), the session will not be resumed + * \param timeout session timeout in seconds, or 0 (no timeout) + * \param session session context + */ +void ssl_set_session( ssl_context *ssl, int resume, int timeout, + ssl_session *session ); + +/** + * \brief Set the list of allowed ciphersuites + * + * \param ssl SSL context + * \param ciphers 0-terminated list of allowed ciphers + */ +void ssl_set_ciphers( ssl_context *ssl, int *ciphers ); + +/** + * \brief Set the data required to verify peer certificate + * + * \param ssl SSL context + * \param ca_chain trusted CA chain + * \param peer_cn expected peer CommonName (or NULL) + * + * \note TODO: add two more parameters: depth and crl + */ +void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain, + char *peer_cn ); + +/** + * \brief Set own certificate and private key + * + * \param ssl SSL context + * \param own_cert own public certificate + * \param rsa_key own private RSA key + */ +void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert, + rsa_context *rsa_key ); + +/** + * \brief Set the Diffie-Hellman public P and G values, + * read as hexadecimal strings (server-side only) + * + * \param ssl SSL context + * \param dhm_P Diffie-Hellman-Merkle modulus + * \param dhm_G Diffie-Hellman-Merkle generator + * + * \return 0 if successful + */ +int ssl_set_dh_param( ssl_context *ssl, char *dhm_P, char *dhm_G ); + +/** + * \brief Set hostname for ServerName TLS Extension + * + * + * \param ssl SSL context + * \param hostname the server hostname + * + * \return 0 if successful + */ +int ssl_set_hostname( ssl_context *ssl, char *hostname ); + +/** + * \brief Return the number of data bytes available to read + * + * \param ssl SSL context + * + * \return how many bytes are available in the read buffer + */ +int ssl_get_bytes_avail( ssl_context *ssl ); + +/** + * \brief Return the result of the certificate verification + * + * \param ssl SSL context + * + * \return 0 if successful, or a combination of: + * BADCERT_EXPIRED + * BADCERT_REVOKED + * BADCERT_CN_MISMATCH + * BADCERT_NOT_TRUSTED + */ +int ssl_get_verify_result( ssl_context *ssl ); + +/** + * \brief Return the name of the current cipher + * + * \param ssl SSL context + * + * \return a string containing the cipher name + */ +char *ssl_get_cipher( ssl_context *ssl ); + +/** + * \brief Perform the SSL handshake + * + * \param ssl SSL context + * + * \return 0 if successful, XYSSL_ERR_NET_TRY_AGAIN, + * or a specific SSL error code. + */ +int ssl_handshake( ssl_context *ssl ); + +/** + * \brief Read at most 'len' application data bytes + * + * \param ssl SSL context + * \param buf buffer that will hold the data + * \param len how many bytes must be read + * + * \return This function returns the number of bytes read, + * or a negative error code. + */ +int ssl_read( ssl_context *ssl, unsigned char *buf, int len ); + +/** + * \brief Write exactly 'len' application data bytes + * + * \param ssl SSL context + * \param buf buffer holding the data + * \param len how many bytes must be written + * + * \return This function returns the number of bytes written, + * or a negative error code. + * + * \note When this function returns XYSSL_ERR_NET_TRY_AGAIN, + * it must be called later with the *same* arguments, + * until it returns a positive value. + */ +int ssl_write( ssl_context *ssl, unsigned char *buf, int len ); + +/** + * \brief Notify the peer that the connection is being closed + */ +int ssl_close_notify( ssl_context *ssl ); + +/** + * \brief Free an SSL context + */ +void ssl_free( ssl_context *ssl ); + +/* + * Internal functions (do not call directly) + */ +int ssl_handshake_client( ssl_context *ssl ); +int ssl_handshake_server( ssl_context *ssl ); + +int ssl_derive_keys( ssl_context *ssl ); +void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] ); + +int ssl_read_record( ssl_context *ssl ); +int ssl_fetch_input( ssl_context *ssl, int nb_want ); + +int ssl_write_record( ssl_context *ssl ); +int ssl_flush_output( ssl_context *ssl ); + +int ssl_parse_certificate( ssl_context *ssl ); +int ssl_write_certificate( ssl_context *ssl ); + +int ssl_parse_change_cipher_spec( ssl_context *ssl ); +int ssl_write_change_cipher_spec( ssl_context *ssl ); + +int ssl_parse_finished( ssl_context *ssl ); +int ssl_write_finished( ssl_context *ssl ); + +#ifdef __cplusplus +} +#endif + +#endif /* ssl.h */ diff --git a/include/polarssl/timing.h b/include/polarssl/timing.h new file mode 100644 index 000000000..32e53e8c0 --- /dev/null +++ b/include/polarssl/timing.h @@ -0,0 +1,50 @@ +/** + * \file timing.h + */ +#ifndef XYSSL_TIMING_H +#define XYSSL_TIMING_H + +/** + * \brief timer structure + */ +struct hr_time +{ + unsigned char opaque[32]; +}; + +#ifdef __cplusplus +extern "C" { +#endif + +extern int alarmed; + +/** + * \brief Return the CPU cycle counter value + */ +unsigned long hardclock( void ); + +/** + * \brief Return the elapsed time in milliseconds + * + * \param val points to a timer structure + * \param reset if set to 1, the timer is restarted + */ +unsigned long get_timer( struct hr_time *val, int reset ); + +/** + * \brief Setup an alarm clock + * + * \param seconds delay before the "alarmed" flag is set + */ +void set_alarm( int seconds ); + +/** + * \brief Sleep for a certain amount of time + */ +void m_sleep( int milliseconds ); + +#ifdef __cplusplus +} +#endif + +#endif /* timing.h */ diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h new file mode 100644 index 000000000..0ada35501 --- /dev/null +++ b/include/polarssl/x509.h @@ -0,0 +1,295 @@ +/** + * \file x509.h + */ +#ifndef XYSSL_X509_H +#define XYSSL_X509_H + +#include "xyssl/rsa.h" + +#define XYSSL_ERR_ASN1_OUT_OF_DATA -0x0014 +#define XYSSL_ERR_ASN1_UNEXPECTED_TAG -0x0016 +#define XYSSL_ERR_ASN1_INVALID_LENGTH -0x0018 +#define XYSSL_ERR_ASN1_LENGTH_MISMATCH -0x001A +#define XYSSL_ERR_ASN1_INVALID_DATA -0x001C + +#define XYSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020 +#define XYSSL_ERR_X509_CERT_INVALID_PEM -0x0040 +#define XYSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060 +#define XYSSL_ERR_X509_CERT_INVALID_VERSION -0x0080 +#define XYSSL_ERR_X509_CERT_INVALID_SERIAL -0x00A0 +#define XYSSL_ERR_X509_CERT_INVALID_ALG -0x00C0 +#define XYSSL_ERR_X509_CERT_INVALID_NAME -0x00E0 +#define XYSSL_ERR_X509_CERT_INVALID_DATE -0x0100 +#define XYSSL_ERR_X509_CERT_INVALID_PUBKEY -0x0120 +#define XYSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x0140 +#define XYSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x0160 +#define XYSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x0180 +#define XYSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x01A0 +#define XYSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0 +#define XYSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0 +#define XYSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200 +#define XYSSL_ERR_X509_KEY_INVALID_PEM -0x0220 +#define XYSSL_ERR_X509_KEY_INVALID_VERSION -0x0240 +#define XYSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260 +#define XYSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280 +#define XYSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0 +#define XYSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0 +#define XYSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0 +#define XYSSL_ERR_X509_POINT_ERROR -0x0300 +#define XYSSL_ERR_X509_VALUE_TO_LENGTH -0x0320 + +#define BADCERT_EXPIRED 1 +#define BADCERT_REVOKED 2 +#define BADCERT_CN_MISMATCH 4 +#define BADCERT_NOT_TRUSTED 8 + +/* + * DER constants + */ +#define ASN1_BOOLEAN 0x01 +#define ASN1_INTEGER 0x02 +#define ASN1_BIT_STRING 0x03 +#define ASN1_OCTET_STRING 0x04 +#define ASN1_NULL 0x05 +#define ASN1_OID 0x06 +#define ASN1_UTF8_STRING 0x0C +#define ASN1_SEQUENCE 0x10 +#define ASN1_SET 0x11 +#define ASN1_PRINTABLE_STRING 0x13 +#define ASN1_T61_STRING 0x14 +#define ASN1_IA5_STRING 0x16 +#define ASN1_UTC_TIME 0x17 +#define ASN1_UNIVERSAL_STRING 0x1C +#define ASN1_BMP_STRING 0x1E +#define ASN1_PRIMITIVE 0x00 +#define ASN1_CONSTRUCTED 0x20 +#define ASN1_CONTEXT_SPECIFIC 0x80 + +/* + * various object identifiers + */ +#define X520_COMMON_NAME 3 +#define X520_COUNTRY 6 +#define X520_LOCALITY 7 +#define X520_STATE 8 +#define X520_ORGANIZATION 10 +#define X520_ORG_UNIT 11 +#define PKCS9_EMAIL 1 + +#define X509_OUTPUT_DER 0x01 +#define X509_OUTPUT_PEM 0x02 +#define PEM_LINE_LENGTH 72 +#define X509_ISSUER 0x01 +#define X509_SUBJECT 0x02 + +#define OID_X520 "\x55\x04" +#define OID_CN "\x55\x04\x03" +#define OID_PKCS1 "\x2A\x86\x48\x86\xF7\x0D\x01\x01" +#define OID_PKCS1_RSA "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01" +#define OID_PKCS1_RSA_SHA "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05" +#define OID_PKCS9 "\x2A\x86\x48\x86\xF7\x0D\x01\x09" +#define OID_PKCS9_EMAIL "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01" + +/* + * Structures for parsing X.509 certificates + */ +typedef struct _x509_buf +{ + int tag; + int len; + unsigned char *p; +} +x509_buf; + +typedef struct _x509_name +{ + x509_buf oid; + x509_buf val; + struct _x509_name *next; +} +x509_name; + +typedef struct _x509_time +{ + int year, mon, day; + int hour, min, sec; +} +x509_time; + +typedef struct _x509_cert +{ + x509_buf raw; + x509_buf tbs; + + int version; + x509_buf serial; + x509_buf sig_oid1; + + x509_buf issuer_raw; + x509_buf subject_raw; + + x509_name issuer; + x509_name subject; + + x509_time valid_from; + x509_time valid_to; + + x509_buf pk_oid; + rsa_context rsa; + + x509_buf issuer_id; + x509_buf subject_id; + x509_buf v3_ext; + + int ca_istrue; + int max_pathlen; + + x509_buf sig_oid2; + x509_buf sig; + + struct _x509_cert *next; +} +x509_cert; + +/* + * Structures for writing X.509 certificates + */ +typedef struct _x509_node +{ + unsigned char *data; + unsigned char *p; + unsigned char *end; + + size_t len; +} +x509_node; + +typedef struct _x509_raw +{ + x509_node raw; + x509_node tbs; + + x509_node version; + x509_node serial; + x509_node tbs_signalg; + x509_node issuer; + x509_node validity; + x509_node subject; + x509_node subpubkey; + + x509_node signalg; + x509_node sign; +} +x509_raw; + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief Parse one or more certificates and add them + * to the chained list + * + * \param chain points to the start of the chain + * \param buf buffer holding the certificate data + * \param buflen size of the buffer + * + * \return 0 if successful, or a specific X509 error code + */ +int x509parse_crt( x509_cert *crt, unsigned char *buf, int buflen ); + +/** + * \brief Load one or more certificates and add them + * to the chained list + * + * \param chain points to the start of the chain + * \param path filename to read the certificates from + * + * \return 0 if successful, or a specific X509 error code + */ +int x509parse_crtfile( x509_cert *crt, char *path ); + +/** + * \brief Parse a private RSA key + * + * \param rsa RSA context to be initialized + * \param buf input buffer + * \param buflen size of the buffer + * \param pwd password for decryption (optional) + * \param pwdlen size of the password + * + * \return 0 if successful, or a specific X509 error code + */ +int x509parse_key( rsa_context *rsa, + unsigned char *buf, int buflen, + unsigned char *pwd, int pwdlen ); + +/** + * \brief Load and parse a private RSA key + * + * \param rsa RSA context to be initialized + * \param path filename to read the private key from + * \param pwd password to decrypt the file (can be NULL) + * + * \return 0 if successful, or a specific X509 error code + */ +int x509parse_keyfile( rsa_context *rsa, char *path, char *password ); + +/** + * \brief Store the certificate DN in printable form into buf; + * no more than (end - buf) characters will be written. + */ +int x509parse_dn_gets( char *buf, char *end, x509_name *dn ); + +/** + * \brief Returns an informational string about the + * certificate. + */ +char *x509parse_cert_info( char *prefix, x509_cert *crt ); + +/** + * \brief Return 0 if the certificate is still valid, + * or BADCERT_EXPIRED + */ +int x509parse_expired( x509_cert *crt ); + +/** + * \brief Verify the certificate signature + * + * \param crt a certificate to be verified + * \param trust_ca the trusted CA chain + * \param cn expected Common Name (can be set to + * NULL if the CN must not be verified) + * \param flags result of the verification + * + * \return 0 if successful or XYSSL_ERR_X509_SIG_VERIFY_FAILED, + * in which case *flags will have one or more of + * the following values set: + * BADCERT_EXPIRED -- + * BADCERT_REVOKED -- + * BADCERT_CN_MISMATCH -- + * BADCERT_NOT_TRUSTED + * + * \note TODO: add two arguments, depth and crl + */ +int x509parse_verify( x509_cert *crt, + x509_cert *trust_ca, + char *cn, int *flags ); + +/** + * \brief Unallocate all certificate data + */ +void x509_free( x509_cert *crt ); + +/** + * \brief Checkup routine + * + * \return 0 if successful, or 1 if the test failed + */ +int x509_self_test( int verbose ); + +#ifdef __cplusplus +} +#endif + +#endif /* x509.h */ diff --git a/library/Makefile b/library/Makefile new file mode 100644 index 000000000..aef615d47 --- /dev/null +++ b/library/Makefile @@ -0,0 +1,57 @@ + +# Also see "include/xyssl/config.h" + +CFLAGS = -I../include -D_FILE_OFFSET_BITS=64 +OFLAGS = -O + +# MicroBlaze specific options: +# CFLAGS += -mno-xl-soft-mul -mxl-barrel-shift + +# To compile on Plan9: +# CFLAGS += -D_BSD_EXTENSION + +# To compile as a shared library: +# CFLAGS += -fPIC + +DLEXT=so +# OSX shared library extension: +# DLEXT=dylib + +OBJS= aes.o arc4.o base64.o \ + bignum.o certs.o debug.o \ + des.o dhm.o havege.o \ + md2.o md4.o md5.o \ + net.o padlock.o rsa.o \ + sha1.o sha2.o sha4.o \ + ssl_cli.o ssl_srv.o ssl_tls.o \ + timing.o x509parse.o + +.SILENT: + +all: static + +static: libxyssl.a + +shared: libxyssl.$(DLEXT) + +libxyssl.a: $(OBJS) + echo " AR $@" + ar r $@ $(OBJS) + echo " RL $@" + ranlib $@ + +libxyssl.so: libxyssl.a + echo " LD $@" + $(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS) + +libxyssl.dylib: libxyssl.a + echo " LD $@" + $(CC) -dynamiclib -o $@ $(OBJS) + +.c.o: + echo " CC $<" + $(CC) $(CFLAGS) $(OFLAGS) -c $< + +clean: + rm -f *.o libxyssl.* + diff --git a/library/aes.c b/library/aes.c new file mode 100644 index 000000000..84fb037c3 --- /dev/null +++ b/library/aes.c @@ -0,0 +1,1134 @@ +/* + * FIPS-197 compliant AES implementation + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +/* + * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. + * + * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf + * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_AES_C) + +#include "xyssl/aes.h" +#include "xyssl/padlock.h" + +#include + +/* + * 32-bit integer manipulation macros (little endian) + */ +#ifndef GET_ULONG_LE +#define GET_ULONG_LE(n,b,i) \ +{ \ + (n) = ( (unsigned long) (b)[(i) ] ) \ + | ( (unsigned long) (b)[(i) + 1] << 8 ) \ + | ( (unsigned long) (b)[(i) + 2] << 16 ) \ + | ( (unsigned long) (b)[(i) + 3] << 24 ); \ +} +#endif + +#ifndef PUT_ULONG_LE +#define PUT_ULONG_LE(n,b,i) \ +{ \ + (b)[(i) ] = (unsigned char) ( (n) ); \ + (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \ + (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \ + (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \ +} +#endif + +#if defined(XYSSL_AES_ROM_TABLES) +/* + * Forward S-box + */ +static const unsigned char FSb[256] = +{ + 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, + 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, + 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, + 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, + 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, + 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, + 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, + 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75, + 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, + 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, + 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, + 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, + 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, + 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8, + 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, + 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, + 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, + 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73, + 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, + 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB, + 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, + 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, + 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, + 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08, + 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, + 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A, + 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, + 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, + 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, + 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, + 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, + 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 +}; + +/* + * Forward tables + */ +#define FT \ +\ + V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \ + V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \ + V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \ + V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \ + V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \ + V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \ + V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \ + V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \ + V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \ + V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \ + V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \ + V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \ + V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \ + V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \ + V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \ + V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \ + V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \ + V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \ + V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \ + V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \ + V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \ + V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \ + V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \ + V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \ + V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \ + V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \ + V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \ + V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \ + V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \ + V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \ + V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \ + V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \ + V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \ + V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \ + V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \ + V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \ + V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \ + V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \ + V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \ + V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \ + V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \ + V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \ + V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \ + V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \ + V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \ + V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \ + V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \ + V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \ + V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \ + V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \ + V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \ + V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \ + V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \ + V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \ + V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \ + V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \ + V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \ + V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \ + V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \ + V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \ + V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \ + V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \ + V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \ + V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C) + +#define V(a,b,c,d) 0x##a##b##c##d +static const unsigned long FT0[256] = { FT }; +#undef V + +#define V(a,b,c,d) 0x##b##c##d##a +static const unsigned long FT1[256] = { FT }; +#undef V + +#define V(a,b,c,d) 0x##c##d##a##b +static const unsigned long FT2[256] = { FT }; +#undef V + +#define V(a,b,c,d) 0x##d##a##b##c +static const unsigned long FT3[256] = { FT }; +#undef V + +#undef FT + +/* + * Reverse S-box + */ +static const unsigned char RSb[256] = +{ + 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, + 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB, + 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, + 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB, + 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, + 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E, + 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, + 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25, + 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, + 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92, + 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, + 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84, + 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, + 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06, + 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, + 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B, + 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, + 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73, + 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, + 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E, + 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, + 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B, + 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, + 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4, + 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, + 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F, + 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, + 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF, + 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, + 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61, + 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, + 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D +}; + +/* + * Reverse tables + */ +#define RT \ +\ + V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \ + V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \ + V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \ + V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \ + V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \ + V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \ + V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \ + V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \ + V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \ + V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \ + V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \ + V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \ + V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \ + V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \ + V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \ + V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \ + V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \ + V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \ + V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \ + V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \ + V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \ + V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \ + V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \ + V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \ + V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \ + V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \ + V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \ + V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \ + V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \ + V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \ + V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \ + V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \ + V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \ + V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \ + V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \ + V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \ + V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \ + V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \ + V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \ + V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \ + V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \ + V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \ + V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \ + V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \ + V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \ + V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \ + V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \ + V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \ + V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \ + V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \ + V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \ + V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \ + V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \ + V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \ + V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \ + V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \ + V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \ + V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \ + V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \ + V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \ + V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \ + V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \ + V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \ + V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0) + +#define V(a,b,c,d) 0x##a##b##c##d +static const unsigned long RT0[256] = { RT }; +#undef V + +#define V(a,b,c,d) 0x##b##c##d##a +static const unsigned long RT1[256] = { RT }; +#undef V + +#define V(a,b,c,d) 0x##c##d##a##b +static const unsigned long RT2[256] = { RT }; +#undef V + +#define V(a,b,c,d) 0x##d##a##b##c +static const unsigned long RT3[256] = { RT }; +#undef V + +#undef RT + +/* + * Round constants + */ +static const unsigned long RCON[10] = +{ + 0x00000001, 0x00000002, 0x00000004, 0x00000008, + 0x00000010, 0x00000020, 0x00000040, 0x00000080, + 0x0000001B, 0x00000036 +}; + +#else + +/* + * Forward S-box & tables + */ +static unsigned char FSb[256]; +static unsigned long FT0[256]; +static unsigned long FT1[256]; +static unsigned long FT2[256]; +static unsigned long FT3[256]; + +/* + * Reverse S-box & tables + */ +static unsigned char RSb[256]; +static unsigned long RT0[256]; +static unsigned long RT1[256]; +static unsigned long RT2[256]; +static unsigned long RT3[256]; + +/* + * Round constants + */ +static unsigned long RCON[10]; + +/* + * Tables generation code + */ +#define ROTL8(x) ( ( x << 8 ) & 0xFFFFFFFF ) | ( x >> 24 ) +#define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) ) +#define MUL(x,y) ( ( x && y ) ? pow[(log[x]+log[y]) % 255] : 0 ) + +static int aes_init_done = 0; + +static void aes_gen_tables( void ) +{ + int i, x, y, z; + int pow[256]; + int log[256]; + + /* + * compute pow and log tables over GF(2^8) + */ + for( i = 0, x = 1; i < 256; i++ ) + { + pow[i] = x; + log[x] = i; + x = ( x ^ XTIME( x ) ) & 0xFF; + } + + /* + * calculate the round constants + */ + for( i = 0, x = 1; i < 10; i++ ) + { + RCON[i] = (unsigned long) x; + x = XTIME( x ) & 0xFF; + } + + /* + * generate the forward and reverse S-boxes + */ + FSb[0x00] = 0x63; + RSb[0x63] = 0x00; + + for( i = 1; i < 256; i++ ) + { + x = pow[255 - log[i]]; + + y = x; y = ( (y << 1) | (y >> 7) ) & 0xFF; + x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF; + x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF; + x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF; + x ^= y ^ 0x63; + + FSb[i] = (unsigned char) x; + RSb[x] = (unsigned char) i; + } + + /* + * generate the forward and reverse tables + */ + for( i = 0; i < 256; i++ ) + { + x = FSb[i]; + y = XTIME( x ) & 0xFF; + z = ( y ^ x ) & 0xFF; + + FT0[i] = ( (unsigned long) y ) ^ + ( (unsigned long) x << 8 ) ^ + ( (unsigned long) x << 16 ) ^ + ( (unsigned long) z << 24 ); + + FT1[i] = ROTL8( FT0[i] ); + FT2[i] = ROTL8( FT1[i] ); + FT3[i] = ROTL8( FT2[i] ); + + x = RSb[i]; + + RT0[i] = ( (unsigned long) MUL( 0x0E, x ) ) ^ + ( (unsigned long) MUL( 0x09, x ) << 8 ) ^ + ( (unsigned long) MUL( 0x0D, x ) << 16 ) ^ + ( (unsigned long) MUL( 0x0B, x ) << 24 ); + + RT1[i] = ROTL8( RT0[i] ); + RT2[i] = ROTL8( RT1[i] ); + RT3[i] = ROTL8( RT2[i] ); + } +} + +#endif + +/* + * AES key schedule (encryption) + */ +void aes_setkey_enc( aes_context *ctx, unsigned char *key, int keysize ) +{ + int i; + unsigned long *RK; + +#if !defined(XYSSL_AES_ROM_TABLES) + if( aes_init_done == 0 ) + { + aes_gen_tables(); + aes_init_done = 1; + } +#endif + + switch( keysize ) + { + case 128: ctx->nr = 10; break; + case 192: ctx->nr = 12; break; + case 256: ctx->nr = 14; break; + default : return; + } + +#if defined(PADLOCK_ALIGN16) + ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf ); +#else + ctx->rk = RK = ctx->buf; +#endif + + for( i = 0; i < (keysize >> 5); i++ ) + { + GET_ULONG_LE( RK[i], key, i << 2 ); + } + + switch( ctx->nr ) + { + case 10: + + for( i = 0; i < 10; i++, RK += 4 ) + { + RK[4] = RK[0] ^ RCON[i] ^ + ( (unsigned long) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^ + ( (unsigned long) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^ + ( (unsigned long) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^ + ( (unsigned long) FSb[ ( RK[3] ) & 0xFF ] << 24 ); + + RK[5] = RK[1] ^ RK[4]; + RK[6] = RK[2] ^ RK[5]; + RK[7] = RK[3] ^ RK[6]; + } + break; + + case 12: + + for( i = 0; i < 8; i++, RK += 6 ) + { + RK[6] = RK[0] ^ RCON[i] ^ + ( (unsigned long) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^ + ( (unsigned long) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^ + ( (unsigned long) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^ + ( (unsigned long) FSb[ ( RK[5] ) & 0xFF ] << 24 ); + + RK[7] = RK[1] ^ RK[6]; + RK[8] = RK[2] ^ RK[7]; + RK[9] = RK[3] ^ RK[8]; + RK[10] = RK[4] ^ RK[9]; + RK[11] = RK[5] ^ RK[10]; + } + break; + + case 14: + + for( i = 0; i < 7; i++, RK += 8 ) + { + RK[8] = RK[0] ^ RCON[i] ^ + ( (unsigned long) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^ + ( (unsigned long) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^ + ( (unsigned long) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^ + ( (unsigned long) FSb[ ( RK[7] ) & 0xFF ] << 24 ); + + RK[9] = RK[1] ^ RK[8]; + RK[10] = RK[2] ^ RK[9]; + RK[11] = RK[3] ^ RK[10]; + + RK[12] = RK[4] ^ + ( (unsigned long) FSb[ ( RK[11] ) & 0xFF ] ) ^ + ( (unsigned long) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^ + ( (unsigned long) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^ + ( (unsigned long) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 ); + + RK[13] = RK[5] ^ RK[12]; + RK[14] = RK[6] ^ RK[13]; + RK[15] = RK[7] ^ RK[14]; + } + break; + + default: + + break; + } +} + +/* + * AES key schedule (decryption) + */ +void aes_setkey_dec( aes_context *ctx, unsigned char *key, int keysize ) +{ + int i, j; + aes_context cty; + unsigned long *RK; + unsigned long *SK; + + switch( keysize ) + { + case 128: ctx->nr = 10; break; + case 192: ctx->nr = 12; break; + case 256: ctx->nr = 14; break; + default : return; + } + +#if defined(PADLOCK_ALIGN16) + ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf ); +#else + ctx->rk = RK = ctx->buf; +#endif + + aes_setkey_enc( &cty, key, keysize ); + SK = cty.rk + cty.nr * 4; + + *RK++ = *SK++; + *RK++ = *SK++; + *RK++ = *SK++; + *RK++ = *SK++; + + for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 ) + { + for( j = 0; j < 4; j++, SK++ ) + { + *RK++ = RT0[ FSb[ ( *SK ) & 0xFF ] ] ^ + RT1[ FSb[ ( *SK >> 8 ) & 0xFF ] ] ^ + RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^ + RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ]; + } + } + + *RK++ = *SK++; + *RK++ = *SK++; + *RK++ = *SK++; + *RK++ = *SK++; + + memset( &cty, 0, sizeof( aes_context ) ); +} + +#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ +{ \ + X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \ + FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \ + FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \ + FT3[ ( Y3 >> 24 ) & 0xFF ]; \ + \ + X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \ + FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \ + FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \ + FT3[ ( Y0 >> 24 ) & 0xFF ]; \ + \ + X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \ + FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \ + FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \ + FT3[ ( Y1 >> 24 ) & 0xFF ]; \ + \ + X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \ + FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \ + FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \ + FT3[ ( Y2 >> 24 ) & 0xFF ]; \ +} + +#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ +{ \ + X0 = *RK++ ^ RT0[ ( Y0 ) & 0xFF ] ^ \ + RT1[ ( Y3 >> 8 ) & 0xFF ] ^ \ + RT2[ ( Y2 >> 16 ) & 0xFF ] ^ \ + RT3[ ( Y1 >> 24 ) & 0xFF ]; \ + \ + X1 = *RK++ ^ RT0[ ( Y1 ) & 0xFF ] ^ \ + RT1[ ( Y0 >> 8 ) & 0xFF ] ^ \ + RT2[ ( Y3 >> 16 ) & 0xFF ] ^ \ + RT3[ ( Y2 >> 24 ) & 0xFF ]; \ + \ + X2 = *RK++ ^ RT0[ ( Y2 ) & 0xFF ] ^ \ + RT1[ ( Y1 >> 8 ) & 0xFF ] ^ \ + RT2[ ( Y0 >> 16 ) & 0xFF ] ^ \ + RT3[ ( Y3 >> 24 ) & 0xFF ]; \ + \ + X3 = *RK++ ^ RT0[ ( Y3 ) & 0xFF ] ^ \ + RT1[ ( Y2 >> 8 ) & 0xFF ] ^ \ + RT2[ ( Y1 >> 16 ) & 0xFF ] ^ \ + RT3[ ( Y0 >> 24 ) & 0xFF ]; \ +} + +/* + * AES-ECB block encryption/decryption + */ +void aes_crypt_ecb( aes_context *ctx, + int mode, + unsigned char input[16], + unsigned char output[16] ) +{ + int i; + unsigned long *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3; + +#if defined(XYSSL_PADLOCK_C) && defined(XYSSL_HAVE_X86) + if( padlock_supports( PADLOCK_ACE ) ) + { + if( padlock_xcryptecb( ctx, mode, input, output ) == 0 ) + return; + } +#endif + + RK = ctx->rk; + + GET_ULONG_LE( X0, input, 0 ); X0 ^= *RK++; + GET_ULONG_LE( X1, input, 4 ); X1 ^= *RK++; + GET_ULONG_LE( X2, input, 8 ); X2 ^= *RK++; + GET_ULONG_LE( X3, input, 12 ); X3 ^= *RK++; + + if( mode == AES_DECRYPT ) + { + for( i = (ctx->nr >> 1) - 1; i > 0; i-- ) + { + AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); + AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); + } + + AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); + + X0 = *RK++ ^ \ + ( (unsigned long) RSb[ ( Y0 ) & 0xFF ] ) ^ + ( (unsigned long) RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^ + ( (unsigned long) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^ + ( (unsigned long) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 ); + + X1 = *RK++ ^ \ + ( (unsigned long) RSb[ ( Y1 ) & 0xFF ] ) ^ + ( (unsigned long) RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^ + ( (unsigned long) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^ + ( (unsigned long) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 ); + + X2 = *RK++ ^ \ + ( (unsigned long) RSb[ ( Y2 ) & 0xFF ] ) ^ + ( (unsigned long) RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^ + ( (unsigned long) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^ + ( (unsigned long) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 ); + + X3 = *RK++ ^ \ + ( (unsigned long) RSb[ ( Y3 ) & 0xFF ] ) ^ + ( (unsigned long) RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^ + ( (unsigned long) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^ + ( (unsigned long) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 ); + } + else /* AES_ENCRYPT */ + { + for( i = (ctx->nr >> 1) - 1; i > 0; i-- ) + { + AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); + AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); + } + + AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); + + X0 = *RK++ ^ \ + ( (unsigned long) FSb[ ( Y0 ) & 0xFF ] ) ^ + ( (unsigned long) FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^ + ( (unsigned long) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^ + ( (unsigned long) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 ); + + X1 = *RK++ ^ \ + ( (unsigned long) FSb[ ( Y1 ) & 0xFF ] ) ^ + ( (unsigned long) FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^ + ( (unsigned long) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^ + ( (unsigned long) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 ); + + X2 = *RK++ ^ \ + ( (unsigned long) FSb[ ( Y2 ) & 0xFF ] ) ^ + ( (unsigned long) FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^ + ( (unsigned long) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^ + ( (unsigned long) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 ); + + X3 = *RK++ ^ \ + ( (unsigned long) FSb[ ( Y3 ) & 0xFF ] ) ^ + ( (unsigned long) FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^ + ( (unsigned long) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^ + ( (unsigned long) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 ); + } + + PUT_ULONG_LE( X0, output, 0 ); + PUT_ULONG_LE( X1, output, 4 ); + PUT_ULONG_LE( X2, output, 8 ); + PUT_ULONG_LE( X3, output, 12 ); +} + +/* + * AES-CBC buffer encryption/decryption + */ +void aes_crypt_cbc( aes_context *ctx, + int mode, + int length, + unsigned char iv[16], + unsigned char *input, + unsigned char *output ) +{ + int i; + unsigned char temp[16]; + +#if defined(XYSSL_PADLOCK_C) && defined(XYSSL_HAVE_X86) + if( padlock_supports( PADLOCK_ACE ) ) + { + if( padlock_xcryptcbc( ctx, mode, length, iv, input, output ) == 0 ) + return; + } +#endif + + if( mode == AES_DECRYPT ) + { + while( length > 0 ) + { + memcpy( temp, input, 16 ); + aes_crypt_ecb( ctx, mode, input, output ); + + for( i = 0; i < 16; i++ ) + output[i] = (unsigned char)( output[i] ^ iv[i] ); + + memcpy( iv, temp, 16 ); + + input += 16; + output += 16; + length -= 16; + } + } + else + { + while( length > 0 ) + { + for( i = 0; i < 16; i++ ) + output[i] = (unsigned char)( input[i] ^ iv[i] ); + + aes_crypt_ecb( ctx, mode, output, output ); + memcpy( iv, output, 16 ); + + input += 16; + output += 16; + length -= 16; + } + } +} + +/* + * AES-CFB128 buffer encryption/decryption + */ +void aes_crypt_cfb128( aes_context *ctx, + int mode, + int length, + int *iv_off, + unsigned char iv[16], + unsigned char *input, + unsigned char *output ) +{ + int c, n = *iv_off; + + if( mode == AES_DECRYPT ) + { + while( length-- ) + { + if( n == 0 ) + aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); + + c = *input++; + *output++ = (unsigned char)( c ^ iv[n] ); + iv[n] = (unsigned char) c; + + n = (n + 1) & 0x0F; + } + } + else + { + while( length-- ) + { + if( n == 0 ) + aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv ); + + iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); + + n = (n + 1) & 0x0F; + } + } + + *iv_off = n; +} + +#if defined(XYSSL_SELF_TEST) + +#include + +/* + * AES test vectors from: + * + * http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip + */ +static const unsigned char aes_test_ecb_dec[3][16] = +{ + { 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58, + 0x33, 0x03, 0x91, 0x7E, 0x6B, 0xE9, 0xEB, 0xE0 }, + { 0x48, 0xE3, 0x1E, 0x9E, 0x25, 0x67, 0x18, 0xF2, + 0x92, 0x29, 0x31, 0x9C, 0x19, 0xF1, 0x5B, 0xA4 }, + { 0x05, 0x8C, 0xCF, 0xFD, 0xBB, 0xCB, 0x38, 0x2D, + 0x1F, 0x6F, 0x56, 0x58, 0x5D, 0x8A, 0x4A, 0xDE } +}; + +static const unsigned char aes_test_ecb_enc[3][16] = +{ + { 0xC3, 0x4C, 0x05, 0x2C, 0xC0, 0xDA, 0x8D, 0x73, + 0x45, 0x1A, 0xFE, 0x5F, 0x03, 0xBE, 0x29, 0x7F }, + { 0xF3, 0xF6, 0x75, 0x2A, 0xE8, 0xD7, 0x83, 0x11, + 0x38, 0xF0, 0x41, 0x56, 0x06, 0x31, 0xB1, 0x14 }, + { 0x8B, 0x79, 0xEE, 0xCC, 0x93, 0xA0, 0xEE, 0x5D, + 0xFF, 0x30, 0xB4, 0xEA, 0x21, 0x63, 0x6D, 0xA4 } +}; + +static const unsigned char aes_test_cbc_dec[3][16] = +{ + { 0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73, + 0xDF, 0x70, 0x6E, 0x73, 0xF7, 0xC9, 0xAF, 0x86 }, + { 0x5D, 0xF6, 0x78, 0xDD, 0x17, 0xBA, 0x4E, 0x75, + 0xB6, 0x17, 0x68, 0xC6, 0xAD, 0xEF, 0x7C, 0x7B }, + { 0x48, 0x04, 0xE1, 0x81, 0x8F, 0xE6, 0x29, 0x75, + 0x19, 0xA3, 0xE8, 0x8C, 0x57, 0x31, 0x04, 0x13 } +}; + +static const unsigned char aes_test_cbc_enc[3][16] = +{ + { 0x8A, 0x05, 0xFC, 0x5E, 0x09, 0x5A, 0xF4, 0x84, + 0x8A, 0x08, 0xD3, 0x28, 0xD3, 0x68, 0x8E, 0x3D }, + { 0x7B, 0xD9, 0x66, 0xD5, 0x3A, 0xD8, 0xC1, 0xBB, + 0x85, 0xD2, 0xAD, 0xFA, 0xE8, 0x7B, 0xB1, 0x04 }, + { 0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5, + 0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 } +}; + +/* + * AES-CFB128 test vectors from: + * + * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf + */ +static const unsigned char aes_test_cfb128_key[3][32] = +{ + { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, + 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }, + { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, + 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, + 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }, + { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, + 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, + 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, + 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 } +}; + +static const unsigned char aes_test_cfb128_iv[16] = +{ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F +}; + +static const unsigned char aes_test_cfb128_pt[64] = +{ + 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, + 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, + 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, + 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51, + 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11, + 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF, + 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17, + 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10 +}; + +static const unsigned char aes_test_cfb128_ct[3][64] = +{ + { 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, + 0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A, + 0xC8, 0xA6, 0x45, 0x37, 0xA0, 0xB3, 0xA9, 0x3F, + 0xCD, 0xE3, 0xCD, 0xAD, 0x9F, 0x1C, 0xE5, 0x8B, + 0x26, 0x75, 0x1F, 0x67, 0xA3, 0xCB, 0xB1, 0x40, + 0xB1, 0x80, 0x8C, 0xF1, 0x87, 0xA4, 0xF4, 0xDF, + 0xC0, 0x4B, 0x05, 0x35, 0x7C, 0x5D, 0x1C, 0x0E, + 0xEA, 0xC4, 0xC6, 0x6F, 0x9F, 0xF7, 0xF2, 0xE6 }, + { 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB, + 0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74, + 0x67, 0xCE, 0x7F, 0x7F, 0x81, 0x17, 0x36, 0x21, + 0x96, 0x1A, 0x2B, 0x70, 0x17, 0x1D, 0x3D, 0x7A, + 0x2E, 0x1E, 0x8A, 0x1D, 0xD5, 0x9B, 0x88, 0xB1, + 0xC8, 0xE6, 0x0F, 0xED, 0x1E, 0xFA, 0xC4, 0xC9, + 0xC0, 0x5F, 0x9F, 0x9C, 0xA9, 0x83, 0x4F, 0xA0, + 0x42, 0xAE, 0x8F, 0xBA, 0x58, 0x4B, 0x09, 0xFF }, + { 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B, + 0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60, + 0x39, 0xFF, 0xED, 0x14, 0x3B, 0x28, 0xB1, 0xC8, + 0x32, 0x11, 0x3C, 0x63, 0x31, 0xE5, 0x40, 0x7B, + 0xDF, 0x10, 0x13, 0x24, 0x15, 0xE5, 0x4B, 0x92, + 0xA1, 0x3E, 0xD0, 0xA8, 0x26, 0x7A, 0xE2, 0xF9, + 0x75, 0xA3, 0x85, 0x74, 0x1A, 0xB9, 0xCE, 0xF8, + 0x20, 0x31, 0x62, 0x3D, 0x55, 0xB1, 0xE4, 0x71 } +}; + +/* + * Checkup routine + */ +int aes_self_test( int verbose ) +{ + int i, j, u, v, offset; + unsigned char key[32]; + unsigned char buf[64]; + unsigned char prv[16]; + unsigned char iv[16]; + aes_context ctx; + + memset( key, 0, 32 ); + + /* + * ECB mode + */ + for( i = 0; i < 6; i++ ) + { + u = i >> 1; + v = i & 1; + + if( verbose != 0 ) + printf( " AES-ECB-%3d (%s): ", 128 + u * 64, + ( v == AES_DECRYPT ) ? "dec" : "enc" ); + + memset( buf, 0, 16 ); + + if( v == AES_DECRYPT ) + { + aes_setkey_dec( &ctx, key, 128 + u * 64 ); + + for( j = 0; j < 10000; j++ ) + aes_crypt_ecb( &ctx, v, buf, buf ); + + if( memcmp( buf, aes_test_ecb_dec[u], 16 ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + } + else + { + aes_setkey_enc( &ctx, key, 128 + u * 64 ); + + for( j = 0; j < 10000; j++ ) + aes_crypt_ecb( &ctx, v, buf, buf ); + + if( memcmp( buf, aes_test_ecb_enc[u], 16 ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + } + + if( verbose != 0 ) + printf( "passed\n" ); + } + + if( verbose != 0 ) + printf( "\n" ); + + /* + * CBC mode + */ + for( i = 0; i < 6; i++ ) + { + u = i >> 1; + v = i & 1; + + if( verbose != 0 ) + printf( " AES-CBC-%3d (%s): ", 128 + u * 64, + ( v == AES_DECRYPT ) ? "dec" : "enc" ); + + memset( iv , 0, 16 ); + memset( prv, 0, 16 ); + memset( buf, 0, 16 ); + + if( v == AES_DECRYPT ) + { + aes_setkey_dec( &ctx, key, 128 + u * 64 ); + + for( j = 0; j < 10000; j++ ) + aes_crypt_cbc( &ctx, v, 16, iv, buf, buf ); + + if( memcmp( buf, aes_test_cbc_dec[u], 16 ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + } + else + { + aes_setkey_enc( &ctx, key, 128 + u * 64 ); + + for( j = 0; j < 10000; j++ ) + { + unsigned char tmp[16]; + + aes_crypt_cbc( &ctx, v, 16, iv, buf, buf ); + + memcpy( tmp, prv, 16 ); + memcpy( prv, buf, 16 ); + memcpy( buf, tmp, 16 ); + } + + if( memcmp( prv, aes_test_cbc_enc[u], 16 ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + } + + if( verbose != 0 ) + printf( "passed\n" ); + } + + if( verbose != 0 ) + printf( "\n" ); + + /* + * CFB128 mode + */ + for( i = 0; i < 6; i++ ) + { + u = i >> 1; + v = i & 1; + + if( verbose != 0 ) + printf( " AES-CFB128-%3d (%s): ", 128 + u * 64, + ( v == AES_DECRYPT ) ? "dec" : "enc" ); + + memcpy( iv, aes_test_cfb128_iv, 16 ); + memcpy( key, aes_test_cfb128_key[u], 16 + u * 8 ); + + offset = 0; + aes_setkey_enc( &ctx, key, 128 + u * 64 ); + + if( v == AES_DECRYPT ) + { + memcpy( buf, aes_test_cfb128_ct[u], 64 ); + aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf ); + + if( memcmp( buf, aes_test_cfb128_pt, 64 ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + } + else + { + memcpy( buf, aes_test_cfb128_pt, 64 ); + aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf ); + + if( memcmp( buf, aes_test_cfb128_ct[u], 64 ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + } + + if( verbose != 0 ) + printf( "passed\n" ); + } + + + if( verbose != 0 ) + printf( "\n" ); + + return( 0 ); +} + +#endif + +#endif diff --git a/library/arc4.c b/library/arc4.c new file mode 100644 index 000000000..d226c07c4 --- /dev/null +++ b/library/arc4.c @@ -0,0 +1,158 @@ +/* + * An implementation of the ARCFOUR algorithm + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +/* + * The ARCFOUR algorithm was publicly disclosed on 94/09. + * + * http://groups.google.com/group/sci.crypt/msg/10a300c9d21afca0 + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_ARC4_C) + +#include "xyssl/arc4.h" + +/* + * ARC4 key schedule + */ +void arc4_setup( arc4_context *ctx, unsigned char *key, int keylen ) +{ + int i, j, k, a; + unsigned char *m; + + ctx->x = 0; + ctx->y = 0; + m = ctx->m; + + for( i = 0; i < 256; i++ ) + m[i] = (unsigned char) i; + + j = k = 0; + + for( i = 0; i < 256; i++, k++ ) + { + if( k >= keylen ) k = 0; + + a = m[i]; + j = ( j + a + key[k] ) & 0xFF; + m[i] = m[j]; + m[j] = (unsigned char) a; + } +} + +/* + * ARC4 cipher function + */ +void arc4_crypt( arc4_context *ctx, unsigned char *buf, int buflen ) +{ + int i, x, y, a, b; + unsigned char *m; + + x = ctx->x; + y = ctx->y; + m = ctx->m; + + for( i = 0; i < buflen; i++ ) + { + x = ( x + 1 ) & 0xFF; a = m[x]; + y = ( y + a ) & 0xFF; b = m[y]; + + m[x] = (unsigned char) b; + m[y] = (unsigned char) a; + + buf[i] = (unsigned char) + ( buf[i] ^ m[(unsigned char)( a + b )] ); + } + + ctx->x = x; + ctx->y = y; +} + +#if defined(XYSSL_SELF_TEST) + +#include +#include + +/* + * ARC4 tests vectors as posted by Eric Rescorla in sep. 1994: + * + * http://groups.google.com/group/comp.security.misc/msg/10a300c9d21afca0 + */ +static const unsigned char arc4_test_key[3][8] = +{ + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } +}; + +static const unsigned char arc4_test_pt[3][8] = +{ + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } +}; + +static const unsigned char arc4_test_ct[3][8] = +{ + { 0x75, 0xB7, 0x87, 0x80, 0x99, 0xE0, 0xC5, 0x96 }, + { 0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79 }, + { 0xDE, 0x18, 0x89, 0x41, 0xA3, 0x37, 0x5D, 0x3A } +}; + +/* + * Checkup routine + */ +int arc4_self_test( int verbose ) +{ + int i; + unsigned char buf[8]; + arc4_context ctx; + + for( i = 0; i < 3; i++ ) + { + if( verbose != 0 ) + printf( " ARC4 test #%d: ", i + 1 ); + + memcpy( buf, arc4_test_pt[i], 8 ); + + arc4_setup( &ctx, (unsigned char *) arc4_test_key[i], 8 ); + arc4_crypt( &ctx, buf, 8 ); + + if( memcmp( buf, arc4_test_ct[i], 8 ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n" ); + } + + if( verbose != 0 ) + printf( "\n" ); + + return( 0 ); +} + +#endif + +#endif diff --git a/library/base64.c b/library/base64.c new file mode 100644 index 000000000..be6c02414 --- /dev/null +++ b/library/base64.c @@ -0,0 +1,249 @@ +/* + * RFC 1521 base64 encoding/decoding + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_BASE64_C) + +#include "xyssl/base64.h" + +static const unsigned char base64_enc_map[64] = +{ + 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', + 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', + 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', + 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', + 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', + 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', + '8', '9', '+', '/' +}; + +static const unsigned char base64_dec_map[128] = +{ + 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, + 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, + 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, + 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, + 127, 127, 127, 62, 127, 127, 127, 63, 52, 53, + 54, 55, 56, 57, 58, 59, 60, 61, 127, 127, + 127, 64, 127, 127, 127, 0, 1, 2, 3, 4, + 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, + 25, 127, 127, 127, 127, 127, 127, 26, 27, 28, + 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, + 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, + 49, 50, 51, 127, 127, 127, 127, 127 +}; + +/* + * Encode a buffer into base64 format + */ +int base64_encode( unsigned char *dst, int *dlen, + unsigned char *src, int slen ) +{ + int i, n; + int C1, C2, C3; + unsigned char *p; + + if( slen == 0 ) + return( 0 ); + + n = (slen << 3) / 6; + + switch( (slen << 3) - (n * 6) ) + { + case 2: n += 3; break; + case 4: n += 2; break; + default: break; + } + + if( *dlen < n + 1 ) + { + *dlen = n + 1; + return( XYSSL_ERR_BASE64_BUFFER_TOO_SMALL ); + } + + n = (slen / 3) * 3; + + for( i = 0, p = dst; i < n; i += 3 ) + { + C1 = *src++; + C2 = *src++; + C3 = *src++; + + *p++ = base64_enc_map[(C1 >> 2) & 0x3F]; + *p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F]; + *p++ = base64_enc_map[(((C2 & 15) << 2) + (C3 >> 6)) & 0x3F]; + *p++ = base64_enc_map[C3 & 0x3F]; + } + + if( i < slen ) + { + C1 = *src++; + C2 = ((i + 1) < slen) ? *src++ : 0; + + *p++ = base64_enc_map[(C1 >> 2) & 0x3F]; + *p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F]; + + if( (i + 1) < slen ) + *p++ = base64_enc_map[((C2 & 15) << 2) & 0x3F]; + else *p++ = '='; + + *p++ = '='; + } + + *dlen = p - dst; + *p = 0; + + return( 0 ); +} + +/* + * Decode a base64-formatted buffer + */ +int base64_decode( unsigned char *dst, int *dlen, + unsigned char *src, int slen ) +{ + int i, j, n; + unsigned long x; + unsigned char *p; + + for( i = j = n = 0; i < slen; i++ ) + { + if( ( slen - i ) >= 2 && + src[i] == '\r' && src[i + 1] == '\n' ) + continue; + + if( src[i] == '\n' ) + continue; + + if( src[i] == '=' && ++j > 2 ) + return( XYSSL_ERR_BASE64_INVALID_CHARACTER ); + + if( src[i] > 127 || base64_dec_map[src[i]] == 127 ) + return( XYSSL_ERR_BASE64_INVALID_CHARACTER ); + + if( base64_dec_map[src[i]] < 64 && j != 0 ) + return( XYSSL_ERR_BASE64_INVALID_CHARACTER ); + + n++; + } + + if( n == 0 ) + return( 0 ); + + n = ((n * 6) + 7) >> 3; + + if( *dlen < n ) + { + *dlen = n; + return( XYSSL_ERR_BASE64_BUFFER_TOO_SMALL ); + } + + for( j = 3, n = x = 0, p = dst; i > 0; i--, src++ ) + { + if( *src == '\r' || *src == '\n' ) + continue; + + j -= ( base64_dec_map[*src] == 64 ); + x = (x << 6) | ( base64_dec_map[*src] & 0x3F ); + + if( ++n == 4 ) + { + n = 0; + if( j > 0 ) *p++ = (unsigned char)( x >> 16 ); + if( j > 1 ) *p++ = (unsigned char)( x >> 8 ); + if( j > 2 ) *p++ = (unsigned char)( x ); + } + } + + *dlen = p - dst; + + return( 0 ); +} + +#if defined(XYSSL_SELF_TEST) + +#include +#include + +static const unsigned char base64_test_dec[64] = +{ + 0x24, 0x48, 0x6E, 0x56, 0x87, 0x62, 0x5A, 0xBD, + 0xBF, 0x17, 0xD9, 0xA2, 0xC4, 0x17, 0x1A, 0x01, + 0x94, 0xED, 0x8F, 0x1E, 0x11, 0xB3, 0xD7, 0x09, + 0x0C, 0xB6, 0xE9, 0x10, 0x6F, 0x22, 0xEE, 0x13, + 0xCA, 0xB3, 0x07, 0x05, 0x76, 0xC9, 0xFA, 0x31, + 0x6C, 0x08, 0x34, 0xFF, 0x8D, 0xC2, 0x6C, 0x38, + 0x00, 0x43, 0xE9, 0x54, 0x97, 0xAF, 0x50, 0x4B, + 0xD1, 0x41, 0xBA, 0x95, 0x31, 0x5A, 0x0B, 0x97 +}; + +static const unsigned char base64_test_enc[] = + "JEhuVodiWr2/F9mixBcaAZTtjx4Rs9cJDLbpEG8i7hPK" + "swcFdsn6MWwINP+Nwmw4AEPpVJevUEvRQbqVMVoLlw=="; + +/* + * Checkup routine + */ +int base64_self_test( int verbose ) +{ + int len; + unsigned char *src, buffer[128]; + + if( verbose != 0 ) + printf( " Base64 encoding test: " ); + + len = sizeof( buffer ); + src = (unsigned char *) base64_test_dec; + + if( base64_encode( buffer, &len, src, 64 ) != 0 || + memcmp( base64_test_enc, buffer, 88 ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n Base64 decoding test: " ); + + len = sizeof( buffer ); + src = (unsigned char *) base64_test_enc; + + if( base64_decode( buffer, &len, src, 88 ) != 0 || + memcmp( base64_test_dec, buffer, 64 ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n\n" ); + + return( 0 ); +} + +#endif + +#endif diff --git a/library/bignum.c b/library/bignum.c new file mode 100644 index 000000000..f25fc4d12 --- /dev/null +++ b/library/bignum.c @@ -0,0 +1,1955 @@ +/* + * Multi-precision integer library + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +/* + * This MPI implementation is based on: + * + * http://www.cacr.math.uwaterloo.ca/hac/about/chap14.pdf + * http://www.stillhq.com/extracted/gnupg-api/mpi/ + * http://math.libtomcrypt.com/files/tommath.pdf + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_BIGNUM_C) + +#include "xyssl/bignum.h" +#include "xyssl/bn_mul.h" + +#include +#include +#include + +#define ciL ((int) sizeof(t_int)) /* chars in limb */ +#define biL (ciL << 3) /* bits in limb */ +#define biH (ciL << 2) /* half limb size */ + +/* + * Convert between bits/chars and number of limbs + */ +#define BITS_TO_LIMBS(i) (((i) + biL - 1) / biL) +#define CHARS_TO_LIMBS(i) (((i) + ciL - 1) / ciL) + +/* + * Initialize one or more mpi + */ +void mpi_init( mpi *X, ... ) +{ + va_list args; + + va_start( args, X ); + + while( X != NULL ) + { + X->s = 1; + X->n = 0; + X->p = NULL; + + X = va_arg( args, mpi* ); + } + + va_end( args ); +} + +/* + * Unallocate one or more mpi + */ +void mpi_free( mpi *X, ... ) +{ + va_list args; + + va_start( args, X ); + + while( X != NULL ) + { + if( X->p != NULL ) + { + memset( X->p, 0, X->n * ciL ); + free( X->p ); + } + + X->s = 1; + X->n = 0; + X->p = NULL; + + X = va_arg( args, mpi* ); + } + + va_end( args ); +} + +/* + * Enlarge to the specified number of limbs + */ +int mpi_grow( mpi *X, int nblimbs ) +{ + t_int *p; + + if( X->n < nblimbs ) + { + if( ( p = (t_int *) malloc( nblimbs * ciL ) ) == NULL ) + return( 1 ); + + memset( p, 0, nblimbs * ciL ); + + if( X->p != NULL ) + { + memcpy( p, X->p, X->n * ciL ); + memset( X->p, 0, X->n * ciL ); + free( X->p ); + } + + X->n = nblimbs; + X->p = p; + } + + return( 0 ); +} + +/* + * Copy the contents of Y into X + */ +int mpi_copy( mpi *X, mpi *Y ) +{ + int ret, i; + + if( X == Y ) + return( 0 ); + + for( i = Y->n - 1; i > 0; i-- ) + if( Y->p[i] != 0 ) + break; + i++; + + X->s = Y->s; + + MPI_CHK( mpi_grow( X, i ) ); + + memset( X->p, 0, X->n * ciL ); + memcpy( X->p, Y->p, i * ciL ); + +cleanup: + + return( ret ); +} + +/* + * Swap the contents of X and Y + */ +void mpi_swap( mpi *X, mpi *Y ) +{ + mpi T; + + memcpy( &T, X, sizeof( mpi ) ); + memcpy( X, Y, sizeof( mpi ) ); + memcpy( Y, &T, sizeof( mpi ) ); +} + +/* + * Set value from integer + */ +int mpi_lset( mpi *X, int z ) +{ + int ret; + + MPI_CHK( mpi_grow( X, 1 ) ); + memset( X->p, 0, X->n * ciL ); + + X->p[0] = ( z < 0 ) ? -z : z; + X->s = ( z < 0 ) ? -1 : 1; + +cleanup: + + return( ret ); +} + +/* + * Return the number of least significant bits + */ +int mpi_lsb( mpi *X ) +{ + int i, j, count = 0; + + for( i = 0; i < X->n; i++ ) + for( j = 0; j < (int) biL; j++, count++ ) + if( ( ( X->p[i] >> j ) & 1 ) != 0 ) + return( count ); + + return( 0 ); +} + +/* + * Return the number of most significant bits + */ +int mpi_msb( mpi *X ) +{ + int i, j; + + for( i = X->n - 1; i > 0; i-- ) + if( X->p[i] != 0 ) + break; + + for( j = biL - 1; j >= 0; j-- ) + if( ( ( X->p[i] >> j ) & 1 ) != 0 ) + break; + + return( ( i * biL ) + j + 1 ); +} + +/* + * Return the total size in bytes + */ +int mpi_size( mpi *X ) +{ + return( ( mpi_msb( X ) + 7 ) >> 3 ); +} + +/* + * Convert an ASCII character to digit value + */ +static int mpi_get_digit( t_int *d, int radix, char c ) +{ + *d = 255; + + if( c >= 0x30 && c <= 0x39 ) *d = c - 0x30; + if( c >= 0x41 && c <= 0x46 ) *d = c - 0x37; + if( c >= 0x61 && c <= 0x66 ) *d = c - 0x57; + + if( *d >= (t_int) radix ) + return( XYSSL_ERR_MPI_INVALID_CHARACTER ); + + return( 0 ); +} + +/* + * Import from an ASCII string + */ +int mpi_read_string( mpi *X, int radix, char *s ) +{ + int ret, i, j, n; + t_int d; + mpi T; + + if( radix < 2 || radix > 16 ) + return( XYSSL_ERR_MPI_BAD_INPUT_DATA ); + + mpi_init( &T, NULL ); + + if( radix == 16 ) + { + n = BITS_TO_LIMBS( strlen( s ) << 2 ); + + MPI_CHK( mpi_grow( X, n ) ); + MPI_CHK( mpi_lset( X, 0 ) ); + + for( i = strlen( s ) - 1, j = 0; i >= 0; i--, j++ ) + { + if( i == 0 && s[i] == '-' ) + { + X->s = -1; + break; + } + + MPI_CHK( mpi_get_digit( &d, radix, s[i] ) ); + X->p[j / (2 * ciL)] |= d << ( (j % (2 * ciL)) << 2 ); + } + } + else + { + MPI_CHK( mpi_lset( X, 0 ) ); + + for( i = 0; i < (int) strlen( s ); i++ ) + { + if( i == 0 && s[i] == '-' ) + { + X->s = -1; + continue; + } + + MPI_CHK( mpi_get_digit( &d, radix, s[i] ) ); + MPI_CHK( mpi_mul_int( &T, X, radix ) ); + MPI_CHK( mpi_add_int( X, &T, d ) ); + } + } + +cleanup: + + mpi_free( &T, NULL ); + + return( ret ); +} + +/* + * Helper to write the digits high-order first + */ +static int mpi_write_hlp( mpi *X, int radix, char **p ) +{ + int ret; + t_int r; + + if( radix < 2 || radix > 16 ) + return( XYSSL_ERR_MPI_BAD_INPUT_DATA ); + + MPI_CHK( mpi_mod_int( &r, X, radix ) ); + MPI_CHK( mpi_div_int( X, NULL, X, radix ) ); + + if( mpi_cmp_int( X, 0 ) != 0 ) + MPI_CHK( mpi_write_hlp( X, radix, p ) ); + + if( r < 10 ) + *(*p)++ = (char)( r + 0x30 ); + else + *(*p)++ = (char)( r + 0x37 ); + +cleanup: + + return( ret ); +} + +/* + * Export into an ASCII string + */ +int mpi_write_string( mpi *X, int radix, char *s, int *slen ) +{ + int ret = 0, n; + char *p; + mpi T; + + if( radix < 2 || radix > 16 ) + return( XYSSL_ERR_MPI_BAD_INPUT_DATA ); + + n = mpi_msb( X ); + if( radix >= 4 ) n >>= 1; + if( radix >= 16 ) n >>= 1; + n += 3; + + if( *slen < n ) + { + *slen = n; + return( XYSSL_ERR_MPI_BUFFER_TOO_SMALL ); + } + + p = s; + mpi_init( &T, NULL ); + + if( X->s == -1 ) + *p++ = '-'; + + if( radix == 16 ) + { + int c, i, j, k; + + for( i = X->n - 1, k = 0; i >= 0; i-- ) + { + for( j = ciL - 1; j >= 0; j-- ) + { + c = ( X->p[i] >> (j << 3) ) & 0xFF; + + if( c == 0 && k == 0 && (i + j) != 0 ) + continue; + + p += sprintf( p, "%02X", c ); + k = 1; + } + } + } + else + { + MPI_CHK( mpi_copy( &T, X ) ); + MPI_CHK( mpi_write_hlp( &T, radix, &p ) ); + } + + *p++ = '\0'; + *slen = p - s; + +cleanup: + + mpi_free( &T, NULL ); + + return( ret ); +} + +/* + * Read X from an opened file + */ +int mpi_read_file( mpi *X, int radix, FILE *fin ) +{ + t_int d; + int slen; + char *p; + char s[1024]; + + memset( s, 0, sizeof( s ) ); + if( fgets( s, sizeof( s ) - 1, fin ) == NULL ) + return( XYSSL_ERR_MPI_FILE_IO_ERROR ); + + slen = strlen( s ); + if( s[slen - 1] == '\n' ) { slen--; s[slen] = '\0'; } + if( s[slen - 1] == '\r' ) { slen--; s[slen] = '\0'; } + + p = s + slen; + while( --p >= s ) + if( mpi_get_digit( &d, radix, *p ) != 0 ) + break; + + return( mpi_read_string( X, radix, p + 1 ) ); +} + +/* + * Write X into an opened file (or stdout if fout == NULL) + */ +int mpi_write_file( char *p, mpi *X, int radix, FILE *fout ) +{ + int n, ret; + size_t slen; + size_t plen; + char s[1024]; + + n = sizeof( s ); + memset( s, 0, n ); + n -= 2; + + MPI_CHK( mpi_write_string( X, radix, s, (int *) &n ) ); + + if( p == NULL ) p = ""; + + plen = strlen( p ); + slen = strlen( s ); + s[slen++] = '\r'; + s[slen++] = '\n'; + + if( fout != NULL ) + { + if( fwrite( p, 1, plen, fout ) != plen || + fwrite( s, 1, slen, fout ) != slen ) + return( XYSSL_ERR_MPI_FILE_IO_ERROR ); + } + else + printf( "%s%s", p, s ); + +cleanup: + + return( ret ); +} + +/* + * Import X from unsigned binary data, big endian + */ +int mpi_read_binary( mpi *X, unsigned char *buf, int buflen ) +{ + int ret, i, j, n; + + for( n = 0; n < buflen; n++ ) + if( buf[n] != 0 ) + break; + + MPI_CHK( mpi_grow( X, CHARS_TO_LIMBS( buflen - n ) ) ); + MPI_CHK( mpi_lset( X, 0 ) ); + + for( i = buflen - 1, j = 0; i >= n; i--, j++ ) + X->p[j / ciL] |= ((t_int) buf[i]) << ((j % ciL) << 3); + +cleanup: + + return( ret ); +} + +/* + * Export X into unsigned binary data, big endian + */ +int mpi_write_binary( mpi *X, unsigned char *buf, int buflen ) +{ + int i, j, n; + + n = mpi_size( X ); + + if( buflen < n ) + return( XYSSL_ERR_MPI_BUFFER_TOO_SMALL ); + + memset( buf, 0, buflen ); + + for( i = buflen - 1, j = 0; n > 0; i--, j++, n-- ) + buf[i] = (unsigned char)( X->p[j / ciL] >> ((j % ciL) << 3) ); + + return( 0 ); +} + +/* + * Left-shift: X <<= count + */ +int mpi_shift_l( mpi *X, int count ) +{ + int ret, i, v0, t1; + t_int r0 = 0, r1; + + v0 = count / (biL ); + t1 = count & (biL - 1); + + i = mpi_msb( X ) + count; + + if( X->n * (int) biL < i ) + MPI_CHK( mpi_grow( X, BITS_TO_LIMBS( i ) ) ); + + ret = 0; + + /* + * shift by count / limb_size + */ + if( v0 > 0 ) + { + for( i = X->n - 1; i >= v0; i-- ) + X->p[i] = X->p[i - v0]; + + for( ; i >= 0; i-- ) + X->p[i] = 0; + } + + /* + * shift by count % limb_size + */ + if( t1 > 0 ) + { + for( i = v0; i < X->n; i++ ) + { + r1 = X->p[i] >> (biL - t1); + X->p[i] <<= t1; + X->p[i] |= r0; + r0 = r1; + } + } + +cleanup: + + return( ret ); +} + +/* + * Right-shift: X >>= count + */ +int mpi_shift_r( mpi *X, int count ) +{ + int i, v0, v1; + t_int r0 = 0, r1; + + v0 = count / biL; + v1 = count & (biL - 1); + + /* + * shift by count / limb_size + */ + if( v0 > 0 ) + { + for( i = 0; i < X->n - v0; i++ ) + X->p[i] = X->p[i + v0]; + + for( ; i < X->n; i++ ) + X->p[i] = 0; + } + + /* + * shift by count % limb_size + */ + if( v1 > 0 ) + { + for( i = X->n - 1; i >= 0; i-- ) + { + r1 = X->p[i] << (biL - v1); + X->p[i] >>= v1; + X->p[i] |= r0; + r0 = r1; + } + } + + return( 0 ); +} + +/* + * Compare unsigned values + */ +int mpi_cmp_abs( mpi *X, mpi *Y ) +{ + int i, j; + + for( i = X->n - 1; i >= 0; i-- ) + if( X->p[i] != 0 ) + break; + + for( j = Y->n - 1; j >= 0; j-- ) + if( Y->p[j] != 0 ) + break; + + if( i < 0 && j < 0 ) + return( 0 ); + + if( i > j ) return( 1 ); + if( j > i ) return( -1 ); + + for( ; i >= 0; i-- ) + { + if( X->p[i] > Y->p[i] ) return( 1 ); + if( X->p[i] < Y->p[i] ) return( -1 ); + } + + return( 0 ); +} + +/* + * Compare signed values + */ +int mpi_cmp_mpi( mpi *X, mpi *Y ) +{ + int i, j; + + for( i = X->n - 1; i >= 0; i-- ) + if( X->p[i] != 0 ) + break; + + for( j = Y->n - 1; j >= 0; j-- ) + if( Y->p[j] != 0 ) + break; + + if( i < 0 && j < 0 ) + return( 0 ); + + if( i > j ) return( X->s ); + if( j > i ) return( -X->s ); + + if( X->s > 0 && Y->s < 0 ) return( 1 ); + if( Y->s > 0 && X->s < 0 ) return( -1 ); + + for( ; i >= 0; i-- ) + { + if( X->p[i] > Y->p[i] ) return( X->s ); + if( X->p[i] < Y->p[i] ) return( -X->s ); + } + + return( 0 ); +} + +/* + * Compare signed values + */ +int mpi_cmp_int( mpi *X, int z ) +{ + mpi Y; + t_int p[1]; + + *p = ( z < 0 ) ? -z : z; + Y.s = ( z < 0 ) ? -1 : 1; + Y.n = 1; + Y.p = p; + + return( mpi_cmp_mpi( X, &Y ) ); +} + +/* + * Unsigned addition: X = |A| + |B| (HAC 14.7) + */ +int mpi_add_abs( mpi *X, mpi *A, mpi *B ) +{ + int ret, i, j; + t_int *o, *p, c; + + if( X == B ) + { + mpi *T = A; A = X; B = T; + } + + if( X != A ) + MPI_CHK( mpi_copy( X, A ) ); + + for( j = B->n - 1; j >= 0; j-- ) + if( B->p[j] != 0 ) + break; + + MPI_CHK( mpi_grow( X, j + 1 ) ); + + o = B->p; p = X->p; c = 0; + + for( i = 0; i <= j; i++, o++, p++ ) + { + *p += c; c = ( *p < c ); + *p += *o; c += ( *p < *o ); + } + + while( c != 0 ) + { + if( i >= X->n ) + { + MPI_CHK( mpi_grow( X, i + 1 ) ); + p = X->p + i; + } + + *p += c; c = ( *p < c ); i++; + } + +cleanup: + + return( ret ); +} + +/* + * Helper for mpi substraction + */ +static void mpi_sub_hlp( int n, t_int *s, t_int *d ) +{ + int i; + t_int c, z; + + for( i = c = 0; i < n; i++, s++, d++ ) + { + z = ( *d < c ); *d -= c; + c = ( *d < *s ) + z; *d -= *s; + } + + while( c != 0 ) + { + z = ( *d < c ); *d -= c; + c = z; i++; d++; + } +} + +/* + * Unsigned substraction: X = |A| - |B| (HAC 14.9) + */ +int mpi_sub_abs( mpi *X, mpi *A, mpi *B ) +{ + mpi TB; + int ret, n; + + if( mpi_cmp_abs( A, B ) < 0 ) + return( XYSSL_ERR_MPI_NEGATIVE_VALUE ); + + mpi_init( &TB, NULL ); + + if( X == B ) + { + MPI_CHK( mpi_copy( &TB, B ) ); + B = &TB; + } + + if( X != A ) + MPI_CHK( mpi_copy( X, A ) ); + + ret = 0; + + for( n = B->n - 1; n >= 0; n-- ) + if( B->p[n] != 0 ) + break; + + mpi_sub_hlp( n + 1, B->p, X->p ); + +cleanup: + + mpi_free( &TB, NULL ); + + return( ret ); +} + +/* + * Signed addition: X = A + B + */ +int mpi_add_mpi( mpi *X, mpi *A, mpi *B ) +{ + int ret, s = A->s; + + if( A->s * B->s < 0 ) + { + if( mpi_cmp_abs( A, B ) >= 0 ) + { + MPI_CHK( mpi_sub_abs( X, A, B ) ); + X->s = s; + } + else + { + MPI_CHK( mpi_sub_abs( X, B, A ) ); + X->s = -s; + } + } + else + { + MPI_CHK( mpi_add_abs( X, A, B ) ); + X->s = s; + } + +cleanup: + + return( ret ); +} + +/* + * Signed substraction: X = A - B + */ +int mpi_sub_mpi( mpi *X, mpi *A, mpi *B ) +{ + int ret, s = A->s; + + if( A->s * B->s > 0 ) + { + if( mpi_cmp_abs( A, B ) >= 0 ) + { + MPI_CHK( mpi_sub_abs( X, A, B ) ); + X->s = s; + } + else + { + MPI_CHK( mpi_sub_abs( X, B, A ) ); + X->s = -s; + } + } + else + { + MPI_CHK( mpi_add_abs( X, A, B ) ); + X->s = s; + } + +cleanup: + + return( ret ); +} + +/* + * Signed addition: X = A + b + */ +int mpi_add_int( mpi *X, mpi *A, int b ) +{ + mpi _B; + t_int p[1]; + + p[0] = ( b < 0 ) ? -b : b; + _B.s = ( b < 0 ) ? -1 : 1; + _B.n = 1; + _B.p = p; + + return( mpi_add_mpi( X, A, &_B ) ); +} + +/* + * Signed substraction: X = A - b + */ +int mpi_sub_int( mpi *X, mpi *A, int b ) +{ + mpi _B; + t_int p[1]; + + p[0] = ( b < 0 ) ? -b : b; + _B.s = ( b < 0 ) ? -1 : 1; + _B.n = 1; + _B.p = p; + + return( mpi_sub_mpi( X, A, &_B ) ); +} + +/* + * Helper for mpi multiplication + */ +static void mpi_mul_hlp( int i, t_int *s, t_int *d, t_int b ) +{ + t_int c = 0, t = 0; + +#if defined(MULADDC_HUIT) + for( ; i >= 8; i -= 8 ) + { + MULADDC_INIT + MULADDC_HUIT + MULADDC_STOP + } + + for( ; i > 0; i-- ) + { + MULADDC_INIT + MULADDC_CORE + MULADDC_STOP + } +#else + for( ; i >= 16; i -= 16 ) + { + MULADDC_INIT + MULADDC_CORE MULADDC_CORE + MULADDC_CORE MULADDC_CORE + MULADDC_CORE MULADDC_CORE + MULADDC_CORE MULADDC_CORE + + MULADDC_CORE MULADDC_CORE + MULADDC_CORE MULADDC_CORE + MULADDC_CORE MULADDC_CORE + MULADDC_CORE MULADDC_CORE + MULADDC_STOP + } + + for( ; i >= 8; i -= 8 ) + { + MULADDC_INIT + MULADDC_CORE MULADDC_CORE + MULADDC_CORE MULADDC_CORE + + MULADDC_CORE MULADDC_CORE + MULADDC_CORE MULADDC_CORE + MULADDC_STOP + } + + for( ; i > 0; i-- ) + { + MULADDC_INIT + MULADDC_CORE + MULADDC_STOP + } +#endif + + t++; + + do { + *d += c; c = ( *d < c ); d++; + } + while( c != 0 ); +} + +/* + * Baseline multiplication: X = A * B (HAC 14.12) + */ +int mpi_mul_mpi( mpi *X, mpi *A, mpi *B ) +{ + int ret, i, j; + mpi TA, TB; + + mpi_init( &TA, &TB, NULL ); + + if( X == A ) { MPI_CHK( mpi_copy( &TA, A ) ); A = &TA; } + if( X == B ) { MPI_CHK( mpi_copy( &TB, B ) ); B = &TB; } + + for( i = A->n - 1; i >= 0; i-- ) + if( A->p[i] != 0 ) + break; + + for( j = B->n - 1; j >= 0; j-- ) + if( B->p[j] != 0 ) + break; + + MPI_CHK( mpi_grow( X, i + j + 2 ) ); + MPI_CHK( mpi_lset( X, 0 ) ); + + for( i++; j >= 0; j-- ) + mpi_mul_hlp( i, A->p, X->p + j, B->p[j] ); + + X->s = A->s * B->s; + +cleanup: + + mpi_free( &TB, &TA, NULL ); + + return( ret ); +} + +/* + * Baseline multiplication: X = A * b + */ +int mpi_mul_int( mpi *X, mpi *A, t_int b ) +{ + mpi _B; + t_int p[1]; + + _B.s = 1; + _B.n = 1; + _B.p = p; + p[0] = b; + + return( mpi_mul_mpi( X, A, &_B ) ); +} + +/* + * Division by mpi: A = Q * B + R (HAC 14.20) + */ +int mpi_div_mpi( mpi *Q, mpi *R, mpi *A, mpi *B ) +{ + int ret, i, n, t, k; + mpi X, Y, Z, T1, T2; + + if( mpi_cmp_int( B, 0 ) == 0 ) + return( XYSSL_ERR_MPI_DIVISION_BY_ZERO ); + + mpi_init( &X, &Y, &Z, &T1, &T2, NULL ); + + if( mpi_cmp_abs( A, B ) < 0 ) + { + if( Q != NULL ) MPI_CHK( mpi_lset( Q, 0 ) ); + if( R != NULL ) MPI_CHK( mpi_copy( R, A ) ); + return( 0 ); + } + + MPI_CHK( mpi_copy( &X, A ) ); + MPI_CHK( mpi_copy( &Y, B ) ); + X.s = Y.s = 1; + + MPI_CHK( mpi_grow( &Z, A->n + 2 ) ); + MPI_CHK( mpi_lset( &Z, 0 ) ); + MPI_CHK( mpi_grow( &T1, 2 ) ); + MPI_CHK( mpi_grow( &T2, 3 ) ); + + k = mpi_msb( &Y ) % biL; + if( k < (int) biL - 1 ) + { + k = biL - 1 - k; + MPI_CHK( mpi_shift_l( &X, k ) ); + MPI_CHK( mpi_shift_l( &Y, k ) ); + } + else k = 0; + + n = X.n - 1; + t = Y.n - 1; + mpi_shift_l( &Y, biL * (n - t) ); + + while( mpi_cmp_mpi( &X, &Y ) >= 0 ) + { + Z.p[n - t]++; + mpi_sub_mpi( &X, &X, &Y ); + } + mpi_shift_r( &Y, biL * (n - t) ); + + for( i = n; i > t ; i-- ) + { + if( X.p[i] >= Y.p[t] ) + Z.p[i - t - 1] = ~0; + else + { +#if defined(XYSSL_HAVE_LONGLONG) + t_dbl r; + + r = (t_dbl) X.p[i] << biL; + r |= (t_dbl) X.p[i - 1]; + r /= Y.p[t]; + if( r > ((t_dbl) 1 << biL) - 1) + r = ((t_dbl) 1 << biL) - 1; + + Z.p[i - t - 1] = (t_int) r; +#else + /* + * __udiv_qrnnd_c, from gmp/longlong.h + */ + t_int q0, q1, r0, r1; + t_int d0, d1, d, m; + + d = Y.p[t]; + d0 = ( d << biH ) >> biH; + d1 = ( d >> biH ); + + q1 = X.p[i] / d1; + r1 = X.p[i] - d1 * q1; + r1 <<= biH; + r1 |= ( X.p[i - 1] >> biH ); + + m = q1 * d0; + if( r1 < m ) + { + q1--, r1 += d; + while( r1 >= d && r1 < m ) + q1--, r1 += d; + } + r1 -= m; + + q0 = r1 / d1; + r0 = r1 - d1 * q0; + r0 <<= biH; + r0 |= ( X.p[i - 1] << biH ) >> biH; + + m = q0 * d0; + if( r0 < m ) + { + q0--, r0 += d; + while( r0 >= d && r0 < m ) + q0--, r0 += d; + } + r0 -= m; + + Z.p[i - t - 1] = ( q1 << biH ) | q0; +#endif + } + + Z.p[i - t - 1]++; + do + { + Z.p[i - t - 1]--; + + MPI_CHK( mpi_lset( &T1, 0 ) ); + T1.p[0] = (t < 1) ? 0 : Y.p[t - 1]; + T1.p[1] = Y.p[t]; + MPI_CHK( mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) ); + + MPI_CHK( mpi_lset( &T2, 0 ) ); + T2.p[0] = (i < 2) ? 0 : X.p[i - 2]; + T2.p[1] = (i < 1) ? 0 : X.p[i - 1]; + T2.p[2] = X.p[i]; + } + while( mpi_cmp_mpi( &T1, &T2 ) > 0 ); + + MPI_CHK( mpi_mul_int( &T1, &Y, Z.p[i - t - 1] ) ); + MPI_CHK( mpi_shift_l( &T1, biL * (i - t - 1) ) ); + MPI_CHK( mpi_sub_mpi( &X, &X, &T1 ) ); + + if( mpi_cmp_int( &X, 0 ) < 0 ) + { + MPI_CHK( mpi_copy( &T1, &Y ) ); + MPI_CHK( mpi_shift_l( &T1, biL * (i - t - 1) ) ); + MPI_CHK( mpi_add_mpi( &X, &X, &T1 ) ); + Z.p[i - t - 1]--; + } + } + + if( Q != NULL ) + { + mpi_copy( Q, &Z ); + Q->s = A->s * B->s; + } + + if( R != NULL ) + { + mpi_shift_r( &X, k ); + mpi_copy( R, &X ); + + R->s = A->s; + if( mpi_cmp_int( R, 0 ) == 0 ) + R->s = 1; + } + +cleanup: + + mpi_free( &X, &Y, &Z, &T1, &T2, NULL ); + + return( ret ); +} + +/* + * Division by int: A = Q * b + R + * + * Returns 0 if successful + * 1 if memory allocation failed + * XYSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0 + */ +int mpi_div_int( mpi *Q, mpi *R, mpi *A, int b ) +{ + mpi _B; + t_int p[1]; + + p[0] = ( b < 0 ) ? -b : b; + _B.s = ( b < 0 ) ? -1 : 1; + _B.n = 1; + _B.p = p; + + return( mpi_div_mpi( Q, R, A, &_B ) ); +} + +/* + * Modulo: R = A mod B + */ +int mpi_mod_mpi( mpi *R, mpi *A, mpi *B ) +{ + int ret; + + MPI_CHK( mpi_div_mpi( NULL, R, A, B ) ); + + while( mpi_cmp_int( R, 0 ) < 0 ) + MPI_CHK( mpi_add_mpi( R, R, B ) ); + + while( mpi_cmp_mpi( R, B ) >= 0 ) + MPI_CHK( mpi_sub_mpi( R, R, B ) ); + +cleanup: + + return( ret ); +} + +/* + * Modulo: r = A mod b + */ +int mpi_mod_int( t_int *r, mpi *A, int b ) +{ + int i; + t_int x, y, z; + + if( b == 0 ) + return( XYSSL_ERR_MPI_DIVISION_BY_ZERO ); + + if( b < 0 ) + b = -b; + + /* + * handle trivial cases + */ + if( b == 1 ) + { + *r = 0; + return( 0 ); + } + + if( b == 2 ) + { + *r = A->p[0] & 1; + return( 0 ); + } + + /* + * general case + */ + for( i = A->n - 1, y = 0; i >= 0; i-- ) + { + x = A->p[i]; + y = ( y << biH ) | ( x >> biH ); + z = y / b; + y -= z * b; + + x <<= biH; + y = ( y << biH ) | ( x >> biH ); + z = y / b; + y -= z * b; + } + + *r = y; + + return( 0 ); +} + +/* + * Fast Montgomery initialization (thanks to Tom St Denis) + */ +static void mpi_montg_init( t_int *mm, mpi *N ) +{ + t_int x, m0 = N->p[0]; + + x = m0; + x += ( ( m0 + 2 ) & 4 ) << 1; + x *= ( 2 - ( m0 * x ) ); + + if( biL >= 16 ) x *= ( 2 - ( m0 * x ) ); + if( biL >= 32 ) x *= ( 2 - ( m0 * x ) ); + if( biL >= 64 ) x *= ( 2 - ( m0 * x ) ); + + *mm = ~x + 1; +} + +/* + * Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) + */ +static void mpi_montmul( mpi *A, mpi *B, mpi *N, t_int mm, mpi *T ) +{ + int i, n, m; + t_int u0, u1, *d; + + memset( T->p, 0, T->n * ciL ); + + d = T->p; + n = N->n; + m = ( B->n < n ) ? B->n : n; + + for( i = 0; i < n; i++ ) + { + /* + * T = (T + u0*B + u1*N) / 2^biL + */ + u0 = A->p[i]; + u1 = ( d[0] + u0 * B->p[0] ) * mm; + + mpi_mul_hlp( m, B->p, d, u0 ); + mpi_mul_hlp( n, N->p, d, u1 ); + + *d++ = u0; d[n + 1] = 0; + } + + memcpy( A->p, d, (n + 1) * ciL ); + + if( mpi_cmp_abs( A, N ) >= 0 ) + mpi_sub_hlp( n, N->p, A->p ); + else + /* prevent timing attacks */ + mpi_sub_hlp( n, A->p, T->p ); +} + +/* + * Montgomery reduction: A = A * R^-1 mod N + */ +static void mpi_montred( mpi *A, mpi *N, t_int mm, mpi *T ) +{ + t_int z = 1; + mpi U; + + U.n = U.s = z; + U.p = &z; + + mpi_montmul( A, &U, N, mm, T ); +} + +/* + * Sliding-window exponentiation: X = A^E mod N (HAC 14.85) + */ +int mpi_exp_mod( mpi *X, mpi *A, mpi *E, mpi *N, mpi *_RR ) +{ + int ret, i, j, wsize, wbits; + int bufsize, nblimbs, nbits; + t_int ei, mm, state; + mpi RR, T, W[64]; + + if( mpi_cmp_int( N, 0 ) < 0 || ( N->p[0] & 1 ) == 0 ) + return( XYSSL_ERR_MPI_BAD_INPUT_DATA ); + + /* + * Init temps and window size + */ + mpi_montg_init( &mm, N ); + mpi_init( &RR, &T, NULL ); + memset( W, 0, sizeof( W ) ); + + i = mpi_msb( E ); + + wsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 : + ( i > 79 ) ? 4 : ( i > 23 ) ? 3 : 1; + + j = N->n + 1; + MPI_CHK( mpi_grow( X, j ) ); + MPI_CHK( mpi_grow( &W[1], j ) ); + MPI_CHK( mpi_grow( &T, j * 2 ) ); + + /* + * If 1st call, pre-compute R^2 mod N + */ + if( _RR == NULL || _RR->p == NULL ) + { + MPI_CHK( mpi_lset( &RR, 1 ) ); + MPI_CHK( mpi_shift_l( &RR, N->n * 2 * biL ) ); + MPI_CHK( mpi_mod_mpi( &RR, &RR, N ) ); + + if( _RR != NULL ) + memcpy( _RR, &RR, sizeof( mpi ) ); + } + else + memcpy( &RR, _RR, sizeof( mpi ) ); + + /* + * W[1] = A * R^2 * R^-1 mod N = A * R mod N + */ + if( mpi_cmp_mpi( A, N ) >= 0 ) + mpi_mod_mpi( &W[1], A, N ); + else mpi_copy( &W[1], A ); + + mpi_montmul( &W[1], &RR, N, mm, &T ); + + /* + * X = R^2 * R^-1 mod N = R mod N + */ + MPI_CHK( mpi_copy( X, &RR ) ); + mpi_montred( X, N, mm, &T ); + + if( wsize > 1 ) + { + /* + * W[1 << (wsize - 1)] = W[1] ^ (wsize - 1) + */ + j = 1 << (wsize - 1); + + MPI_CHK( mpi_grow( &W[j], N->n + 1 ) ); + MPI_CHK( mpi_copy( &W[j], &W[1] ) ); + + for( i = 0; i < wsize - 1; i++ ) + mpi_montmul( &W[j], &W[j], N, mm, &T ); + + /* + * W[i] = W[i - 1] * W[1] + */ + for( i = j + 1; i < (1 << wsize); i++ ) + { + MPI_CHK( mpi_grow( &W[i], N->n + 1 ) ); + MPI_CHK( mpi_copy( &W[i], &W[i - 1] ) ); + + mpi_montmul( &W[i], &W[1], N, mm, &T ); + } + } + + nblimbs = E->n; + bufsize = 0; + nbits = 0; + wbits = 0; + state = 0; + + while( 1 ) + { + if( bufsize == 0 ) + { + if( nblimbs-- == 0 ) + break; + + bufsize = sizeof( t_int ) << 3; + } + + bufsize--; + + ei = (E->p[nblimbs] >> bufsize) & 1; + + /* + * skip leading 0s + */ + if( ei == 0 && state == 0 ) + continue; + + if( ei == 0 && state == 1 ) + { + /* + * out of window, square X + */ + mpi_montmul( X, X, N, mm, &T ); + continue; + } + + /* + * add ei to current window + */ + state = 2; + + nbits++; + wbits |= (ei << (wsize - nbits)); + + if( nbits == wsize ) + { + /* + * X = X^wsize R^-1 mod N + */ + for( i = 0; i < wsize; i++ ) + mpi_montmul( X, X, N, mm, &T ); + + /* + * X = X * W[wbits] R^-1 mod N + */ + mpi_montmul( X, &W[wbits], N, mm, &T ); + + state--; + nbits = 0; + wbits = 0; + } + } + + /* + * process the remaining bits + */ + for( i = 0; i < nbits; i++ ) + { + mpi_montmul( X, X, N, mm, &T ); + + wbits <<= 1; + + if( (wbits & (1 << wsize)) != 0 ) + mpi_montmul( X, &W[1], N, mm, &T ); + } + + /* + * X = A^E * R * R^-1 mod N = A^E mod N + */ + mpi_montred( X, N, mm, &T ); + +cleanup: + + for( i = (1 << (wsize - 1)); i < (1 << wsize); i++ ) + mpi_free( &W[i], NULL ); + + if( _RR != NULL ) + mpi_free( &W[1], &T, NULL ); + else mpi_free( &W[1], &T, &RR, NULL ); + + return( ret ); +} + +#if defined(XYSSL_GENPRIME) + +/* + * Greatest common divisor: G = gcd(A, B) (HAC 14.54) + */ +int mpi_gcd( mpi *G, mpi *A, mpi *B ) +{ + int ret; + mpi TG, TA, TB; + + mpi_init( &TG, &TA, &TB, NULL ); + + MPI_CHK( mpi_lset( &TG, 1 ) ); + MPI_CHK( mpi_copy( &TA, A ) ); + MPI_CHK( mpi_copy( &TB, B ) ); + + TA.s = TB.s = 1; + + while( mpi_cmp_int( &TA, 0 ) != 0 ) + { + while( ( TA.p[0] & 1 ) == 0 ) MPI_CHK( mpi_shift_r( &TA, 1 ) ); + while( ( TB.p[0] & 1 ) == 0 ) MPI_CHK( mpi_shift_r( &TB, 1 ) ); + + if( mpi_cmp_mpi( &TA, &TB ) >= 0 ) + { + MPI_CHK( mpi_sub_abs( &TA, &TA, &TB ) ); + MPI_CHK( mpi_shift_r( &TA, 1 ) ); + } + else + { + MPI_CHK( mpi_sub_abs( &TB, &TB, &TA ) ); + MPI_CHK( mpi_shift_r( &TB, 1 ) ); + } + } + + MPI_CHK( mpi_mul_mpi( G, &TG, &TB ) ); + +cleanup: + + mpi_free( &TB, &TA, &TG, NULL ); + + return( ret ); +} + +/* + * Modular inverse: X = A^-1 mod N (HAC 14.61 / 14.64) + */ +int mpi_inv_mod( mpi *X, mpi *A, mpi *N ) +{ + int ret; + mpi G, TA, TU, U1, U2, TB, TV, V1, V2; + + if( mpi_cmp_int( N, 0 ) <= 0 ) + return( XYSSL_ERR_MPI_BAD_INPUT_DATA ); + + mpi_init( &TA, &TU, &U1, &U2, &G, + &TB, &TV, &V1, &V2, NULL ); + + MPI_CHK( mpi_gcd( &G, A, N ) ); + + if( mpi_cmp_int( &G, 1 ) != 0 ) + { + ret = XYSSL_ERR_MPI_NOT_ACCEPTABLE; + goto cleanup; + } + + MPI_CHK( mpi_mod_mpi( &TA, A, N ) ); + MPI_CHK( mpi_copy( &TU, &TA ) ); + MPI_CHK( mpi_copy( &TB, N ) ); + MPI_CHK( mpi_copy( &TV, N ) ); + + MPI_CHK( mpi_lset( &U1, 1 ) ); + MPI_CHK( mpi_lset( &U2, 0 ) ); + MPI_CHK( mpi_lset( &V1, 0 ) ); + MPI_CHK( mpi_lset( &V2, 1 ) ); + + do + { + while( ( TU.p[0] & 1 ) == 0 ) + { + MPI_CHK( mpi_shift_r( &TU, 1 ) ); + + if( ( U1.p[0] & 1 ) != 0 || ( U2.p[0] & 1 ) != 0 ) + { + MPI_CHK( mpi_add_mpi( &U1, &U1, &TB ) ); + MPI_CHK( mpi_sub_mpi( &U2, &U2, &TA ) ); + } + + MPI_CHK( mpi_shift_r( &U1, 1 ) ); + MPI_CHK( mpi_shift_r( &U2, 1 ) ); + } + + while( ( TV.p[0] & 1 ) == 0 ) + { + MPI_CHK( mpi_shift_r( &TV, 1 ) ); + + if( ( V1.p[0] & 1 ) != 0 || ( V2.p[0] & 1 ) != 0 ) + { + MPI_CHK( mpi_add_mpi( &V1, &V1, &TB ) ); + MPI_CHK( mpi_sub_mpi( &V2, &V2, &TA ) ); + } + + MPI_CHK( mpi_shift_r( &V1, 1 ) ); + MPI_CHK( mpi_shift_r( &V2, 1 ) ); + } + + if( mpi_cmp_mpi( &TU, &TV ) >= 0 ) + { + MPI_CHK( mpi_sub_mpi( &TU, &TU, &TV ) ); + MPI_CHK( mpi_sub_mpi( &U1, &U1, &V1 ) ); + MPI_CHK( mpi_sub_mpi( &U2, &U2, &V2 ) ); + } + else + { + MPI_CHK( mpi_sub_mpi( &TV, &TV, &TU ) ); + MPI_CHK( mpi_sub_mpi( &V1, &V1, &U1 ) ); + MPI_CHK( mpi_sub_mpi( &V2, &V2, &U2 ) ); + } + } + while( mpi_cmp_int( &TU, 0 ) != 0 ); + + while( mpi_cmp_int( &V1, 0 ) < 0 ) + MPI_CHK( mpi_add_mpi( &V1, &V1, N ) ); + + while( mpi_cmp_mpi( &V1, N ) >= 0 ) + MPI_CHK( mpi_sub_mpi( &V1, &V1, N ) ); + + MPI_CHK( mpi_copy( X, &V1 ) ); + +cleanup: + + mpi_free( &V2, &V1, &TV, &TB, &G, + &U2, &U1, &TU, &TA, NULL ); + + return( ret ); +} + +static const int small_prime[] = +{ + 3, 5, 7, 11, 13, 17, 19, 23, + 29, 31, 37, 41, 43, 47, 53, 59, + 61, 67, 71, 73, 79, 83, 89, 97, + 101, 103, 107, 109, 113, 127, 131, 137, + 139, 149, 151, 157, 163, 167, 173, 179, + 181, 191, 193, 197, 199, 211, 223, 227, + 229, 233, 239, 241, 251, 257, 263, 269, + 271, 277, 281, 283, 293, 307, 311, 313, + 317, 331, 337, 347, 349, 353, 359, 367, + 373, 379, 383, 389, 397, 401, 409, 419, + 421, 431, 433, 439, 443, 449, 457, 461, + 463, 467, 479, 487, 491, 499, 503, 509, + 521, 523, 541, 547, 557, 563, 569, 571, + 577, 587, 593, 599, 601, 607, 613, 617, + 619, 631, 641, 643, 647, 653, 659, 661, + 673, 677, 683, 691, 701, 709, 719, 727, + 733, 739, 743, 751, 757, 761, 769, 773, + 787, 797, 809, 811, 821, 823, 827, 829, + 839, 853, 857, 859, 863, 877, 881, 883, + 887, 907, 911, 919, 929, 937, 941, 947, + 953, 967, 971, 977, 983, 991, 997, -103 +}; + +/* + * Miller-Rabin primality test (HAC 4.24) + */ +int mpi_is_prime( mpi *X, int (*f_rng)(void *), void *p_rng ) +{ + int ret, i, j, n, s, xs; + mpi W, R, T, A, RR; + unsigned char *p; + + if( mpi_cmp_int( X, 0 ) == 0 ) + return( 0 ); + + mpi_init( &W, &R, &T, &A, &RR, NULL ); + + xs = X->s; X->s = 1; + + /* + * test trivial factors first + */ + if( ( X->p[0] & 1 ) == 0 ) + return( XYSSL_ERR_MPI_NOT_ACCEPTABLE ); + + for( i = 0; small_prime[i] > 0; i++ ) + { + t_int r; + + if( mpi_cmp_int( X, small_prime[i] ) <= 0 ) + return( 0 ); + + MPI_CHK( mpi_mod_int( &r, X, small_prime[i] ) ); + + if( r == 0 ) + return( XYSSL_ERR_MPI_NOT_ACCEPTABLE ); + } + + /* + * W = |X| - 1 + * R = W >> lsb( W ) + */ + s = mpi_lsb( &W ); + MPI_CHK( mpi_sub_int( &W, X, 1 ) ); + MPI_CHK( mpi_copy( &R, &W ) ); + MPI_CHK( mpi_shift_r( &R, s ) ); + + i = mpi_msb( X ); + /* + * HAC, table 4.4 + */ + n = ( ( i >= 1300 ) ? 2 : ( i >= 850 ) ? 3 : + ( i >= 650 ) ? 4 : ( i >= 350 ) ? 8 : + ( i >= 250 ) ? 12 : ( i >= 150 ) ? 18 : 27 ); + + for( i = 0; i < n; i++ ) + { + /* + * pick a random A, 1 < A < |X| - 1 + */ + MPI_CHK( mpi_grow( &A, X->n ) ); + + p = (unsigned char *) A.p; + for( j = 0; j < A.n * ciL; j++ ) + *p++ = (unsigned char) f_rng( p_rng ); + + j = mpi_msb( &A ) - mpi_msb( &W ); + MPI_CHK( mpi_shift_r( &A, j + 1 ) ); + A.p[0] |= 3; + + /* + * A = A^R mod |X| + */ + MPI_CHK( mpi_exp_mod( &A, &A, &R, X, &RR ) ); + + if( mpi_cmp_mpi( &A, &W ) == 0 || + mpi_cmp_int( &A, 1 ) == 0 ) + continue; + + j = 1; + while( j < s && mpi_cmp_mpi( &A, &W ) != 0 ) + { + /* + * A = A * A mod |X| + */ + MPI_CHK( mpi_mul_mpi( &T, &A, &A ) ); + MPI_CHK( mpi_mod_mpi( &A, &T, X ) ); + + if( mpi_cmp_int( &A, 1 ) == 0 ) + break; + + j++; + } + + /* + * not prime if A != |X| - 1 or A == 1 + */ + if( mpi_cmp_mpi( &A, &W ) != 0 || + mpi_cmp_int( &A, 1 ) == 0 ) + { + ret = XYSSL_ERR_MPI_NOT_ACCEPTABLE; + break; + } + } + +cleanup: + + X->s = xs; + + mpi_free( &RR, &A, &T, &R, &W, NULL ); + + return( ret ); +} + +/* + * Prime number generation + */ +int mpi_gen_prime( mpi *X, int nbits, int dh_flag, + int (*f_rng)(void *), void *p_rng ) +{ + int ret, k, n; + unsigned char *p; + mpi Y; + + if( nbits < 3 ) + return( XYSSL_ERR_MPI_BAD_INPUT_DATA ); + + mpi_init( &Y, NULL ); + + n = BITS_TO_LIMBS( nbits ); + + MPI_CHK( mpi_grow( X, n ) ); + MPI_CHK( mpi_lset( X, 0 ) ); + + p = (unsigned char *) X->p; + for( k = 0; k < X->n * ciL; k++ ) + *p++ = (unsigned char) f_rng( p_rng ); + + k = mpi_msb( X ); + if( k < nbits ) MPI_CHK( mpi_shift_l( X, nbits - k ) ); + if( k > nbits ) MPI_CHK( mpi_shift_r( X, k - nbits ) ); + + X->p[0] |= 3; + + if( dh_flag == 0 ) + { + while( ( ret = mpi_is_prime( X, f_rng, p_rng ) ) != 0 ) + { + if( ret != XYSSL_ERR_MPI_NOT_ACCEPTABLE ) + goto cleanup; + + MPI_CHK( mpi_add_int( X, X, 2 ) ); + } + } + else + { + MPI_CHK( mpi_sub_int( &Y, X, 1 ) ); + MPI_CHK( mpi_shift_r( &Y, 1 ) ); + + while( 1 ) + { + if( ( ret = mpi_is_prime( X, f_rng, p_rng ) ) == 0 ) + { + if( ( ret = mpi_is_prime( &Y, f_rng, p_rng ) ) == 0 ) + break; + + if( ret != XYSSL_ERR_MPI_NOT_ACCEPTABLE ) + goto cleanup; + } + + if( ret != XYSSL_ERR_MPI_NOT_ACCEPTABLE ) + goto cleanup; + + MPI_CHK( mpi_add_int( &Y, X, 1 ) ); + MPI_CHK( mpi_add_int( X, X, 2 ) ); + MPI_CHK( mpi_shift_r( &Y, 1 ) ); + } + } + +cleanup: + + mpi_free( &Y, NULL ); + + return( ret ); +} + +#endif + +#if defined(XYSSL_SELF_TEST) + +/* + * Checkup routine + */ +int mpi_self_test( int verbose ) +{ + int ret; + mpi A, E, N, X, Y, U, V; + + mpi_init( &A, &E, &N, &X, &Y, &U, &V, NULL ); + + MPI_CHK( mpi_read_string( &A, 16, + "EFE021C2645FD1DC586E69184AF4A31E" \ + "D5F53E93B5F123FA41680867BA110131" \ + "944FE7952E2517337780CB0DB80E61AA" \ + "E7C8DDC6C5C6AADEB34EB38A2F40D5E6" ) ); + + MPI_CHK( mpi_read_string( &E, 16, + "B2E7EFD37075B9F03FF989C7C5051C20" \ + "34D2A323810251127E7BF8625A4F49A5" \ + "F3E27F4DA8BD59C47D6DAABA4C8127BD" \ + "5B5C25763222FEFCCFC38B832366C29E" ) ); + + MPI_CHK( mpi_read_string( &N, 16, + "0066A198186C18C10B2F5ED9B522752A" \ + "9830B69916E535C8F047518A889A43A5" \ + "94B6BED27A168D31D4A52F88925AA8F5" ) ); + + MPI_CHK( mpi_mul_mpi( &X, &A, &N ) ); + + MPI_CHK( mpi_read_string( &U, 16, + "602AB7ECA597A3D6B56FF9829A5E8B85" \ + "9E857EA95A03512E2BAE7391688D264A" \ + "A5663B0341DB9CCFD2C4C5F421FEC814" \ + "8001B72E848A38CAE1C65F78E56ABDEF" \ + "E12D3C039B8A02D6BE593F0BBBDA56F1" \ + "ECF677152EF804370C1A305CAF3B5BF1" \ + "30879B56C61DE584A0F53A2447A51E" ) ); + + if( verbose != 0 ) + printf( " MPI test #1 (mul_mpi): " ); + + if( mpi_cmp_mpi( &X, &U ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n" ); + + MPI_CHK( mpi_div_mpi( &X, &Y, &A, &N ) ); + + MPI_CHK( mpi_read_string( &U, 16, + "256567336059E52CAE22925474705F39A94" ) ); + + MPI_CHK( mpi_read_string( &V, 16, + "6613F26162223DF488E9CD48CC132C7A" \ + "0AC93C701B001B092E4E5B9F73BCD27B" \ + "9EE50D0657C77F374E903CDFA4C642" ) ); + + if( verbose != 0 ) + printf( " MPI test #2 (div_mpi): " ); + + if( mpi_cmp_mpi( &X, &U ) != 0 || + mpi_cmp_mpi( &Y, &V ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n" ); + + MPI_CHK( mpi_exp_mod( &X, &A, &E, &N, NULL ) ); + + MPI_CHK( mpi_read_string( &U, 16, + "36E139AEA55215609D2816998ED020BB" \ + "BD96C37890F65171D948E9BC7CBAA4D9" \ + "325D24D6A3C12710F10A09FA08AB87" ) ); + + if( verbose != 0 ) + printf( " MPI test #3 (exp_mod): " ); + + if( mpi_cmp_mpi( &X, &U ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n" ); + + MPI_CHK( mpi_inv_mod( &X, &A, &N ) ); + + MPI_CHK( mpi_read_string( &U, 16, + "003A0AAEDD7E784FC07D8F9EC6E3BFD5" \ + "C3DBA76456363A10869622EAC2DD84EC" \ + "C5B8A74DAC4D09E03B5E0BE779F2DF61" ) ); + + if( verbose != 0 ) + printf( " MPI test #4 (inv_mod): " ); + + if( mpi_cmp_mpi( &X, &U ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n" ); + +cleanup: + + if( ret != 0 && verbose != 0 ) + printf( "Unexpected error, return code = %08X\n", ret ); + + mpi_free( &V, &U, &Y, &X, &N, &E, &A, NULL ); + + if( verbose != 0 ) + printf( "\n" ); + + return( ret ); +} + +#endif + +#endif diff --git a/library/certs.c b/library/certs.c new file mode 100644 index 000000000..8d0abb60c --- /dev/null +++ b/library/certs.c @@ -0,0 +1,211 @@ +/* + * X.509 test certificates + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_CERTS_C) + +char test_ca_crt[] = +"-----BEGIN CERTIFICATE-----\r\n" +"MIIDpTCCAo2gAwIBAgIBADANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJGUjEO\r\n" +"MAwGA1UEBxMFUGFyaXMxDjAMBgNVBAoTBVh5U1NMMRYwFAYDVQQDEw1YeVNTTCBU\r\n" +"ZXN0IENBMB4XDTA3MDcwNzA1MDAxOFoXDTE3MDcwNzA1MDAxOFowRTELMAkGA1UE\r\n" +"BhMCRlIxDjAMBgNVBAcTBVBhcmlzMQ4wDAYDVQQKEwVYeVNTTDEWMBQGA1UEAxMN\r\n" +"WHlTU0wgVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+k\r\n" +"gt70fIPiYqmvXr+9uPmWoN405eoSzxdiRLLCHqL4V/Ts0E/H+JNfHS4DHlAgxrJu\r\n" +"+ZIadvSJuHkI6e1iMkAh5SU1DqaF3jrrFdJCooM6a077M4CRkE1tdAeZDf+BYp0q\r\n" +"BeMU9Y2+j7ibsQaPAizunbXLf4QdteExCwhYRJ8OVXSEaSNt339gJzTD6kOhES3b\r\n" +"lEN3qbx6lqFaJ5MLHTix5uNVc2rvbOizV5oLhJNqm52AKOp11tv6WTiI8loagvAc\r\n" +"jlhEZRNb9el5SL6Jai/uFcqXKzfXNKW3FYPQHFGobmiMfGt1lUSBJ3F2mrqEC7gC\r\n" +"wHy/FDvAI64/k5LZAFkCAwEAAaOBnzCBnDAMBgNVHRMEBTADAQH/MB0GA1UdDgQW\r\n" +"BBS87h+Y6Porg+SkfV7DdXKTMdkyZzBtBgNVHSMEZjBkgBS87h+Y6Porg+SkfV7D\r\n" +"dXKTMdkyZ6FJpEcwRTELMAkGA1UEBhMCRlIxDjAMBgNVBAcTBVBhcmlzMQ4wDAYD\r\n" +"VQQKEwVYeVNTTDEWMBQGA1UEAxMNWHlTU0wgVGVzdCBDQYIBADANBgkqhkiG9w0B\r\n" +"AQUFAAOCAQEAIHdoh0NCg6KAAhwDSmfEgSbKUI8/Zr/d56uw42HO0sj/uKPQzUco\r\n" +"3Mx2BYE1m1itg7q5OhrkB7J4ZB78EtNZM84nV+y6od3YpR0Z9VUxCx7948MozYRy\r\n" +"TKF5x/lKHRx1PJKfEO4clKdWTFAtWtGhewXrHJQ8C+ENh2Up2wTVh3Z+pEzuZNv3\r\n" +"u/JYu1H+vkt3l1WCy/9mxUnu+anW1DzxPWnjy4lx6Mi0BD2qfKBWLjVS+7v6ALcj\r\n" +"S2oRWWr4LUvXT7z9BBAvw2eJQD+a4uAya6EURG7AsAvr5MnWn/r0wLWmBJ6fB1Yp\r\n" +"F1kOmamOFvstLMf74rLX+LGKeJ/nwuI5FQ==\r\n" +"-----END CERTIFICATE-----\r\n"; + +char test_ca_key[] = +"-----BEGIN RSA PRIVATE KEY-----\r\n" +"Proc-Type: 4,ENCRYPTED\r\n" +"DEK-Info: DES-EDE3-CBC,7BDC280BA4C2F45C\r\n" +"\r\n" +"KI6rmwY0ChjF/0/Q7d1vE2jojZQTuF8j0wJUOf02PUUD4en8/FCLj69Pf3/lvOlu\r\n" +"F8hU4IuBHxN2+feuXp6xTmGd/VyKdWh4+NGtKr2V1gXfk2wqHk3/P/YuF7QhOQjZ\r\n" +"BlNF7n5o76Nufr3iwBbtIABCGQfNRUwGzrvmFXLIrSqns8ppv83qaD5jHVQQj5MM\r\n" +"cGIoidwmNORdVmBCVZ17dQ+lMPfqjhN27GBhzXbp9a2EP3w+IqrXOvcl4DqSY+DU\r\n" +"PIhS6KuQZ4iek4dI93wmw2D8Q67omcKYOX/BjCkZ/v6oq481qOej6MicIY/L9LxH\r\n" +"r91jqIYLJC+1w20YavB3kIkSe5zys30RzhPTOtG60j8kgiQ4Fh+L/nKBP5noOXGE\r\n" +"uzDBa051HCEYfufOVkXr6wBCFo9boqM1p/GI0Ze5gCsYY+Vzyu96gu+OGv55Jtyo\r\n" +"fY2yEwVKhfqNy+xJ+8dwf8dcc5vQLatXebDynuSPI2jbaos6MJT6n0LoY2TpAz47\r\n" +"vNE7UtEEdgZPPVwE4xO+dVa0kCqJxuG8b+ZZTHZidlQ6MBiebL4vXbeIFieQRzUM\r\n" +"06IQ7YqsiBVLYxicMlApdFpJ4QM2fFKlZRo+fHg8EN9HEbRpgxIf4IwAAFjOgsiO\r\n" +"ll7OmyzSF12NUIrRsIo02E4Y8X6xSFeYnOIiqZqdxG4xz/DZKoX6Js8WdYbtzrDv\r\n" +"7gYYEZy1cuR9PJzMDKXoLz/mjBqDsh11Vgm1nAHbhBqFaWSuueH/LV2rgRijUBKh\r\n" +"yMTnGXrz56DeJ85bYLjVEOM3xhvjsz6Fq5xLqXRTAzyQn7QuqRg2szLtCnN8olCh\r\n" +"rdS1Gd7EV5g24WnF9gTzYJ4lwO9oxOsPKKCD1Z77B+lbZLoxTu7+rakTtqLikWMv\r\n" +"7OILfR4iaIu1nKxhhXpwnze3u+1OWcuk0UnBjSnF519tlrgV3dmA0P2LHd6h6xru\r\n" +"vIgUFHbigCV0i55peEPxtcy9JGLGJ3WvHA3NGSsqkkB/ymdfEaMmEH7403UKqQqq\r\n" +"+K9Z1cYmeZlfoXClmdSjsxkYeN5raB0kOOSV/MEOySG+lztyLUGB4n46AZG2PgXN\r\n" +"A9g9tv2gqc51Vl+55qwTg5429DigjiByRkcmBU3A1aF8yzD1QerwobPmqeNZ0mWv\r\n" +"SllAvgVs2uy2Wf9/5gEWm+HjnJwS9VPNTocG/r+4BnDK8XG0Jy4oI+jSPxj/Y8Jt\r\n" +"0ejFPM5A7HGngiaPFYHxcwPwo4Aa4HZnk+keFrA+vF9eDd1IOj195a9TESL+IGt1\r\n" +"nuNmmuYjyJqM9Uvi1Mutv0UQ6Fl6yv4XxaUtMZKl4LtrAaMdW1T0PEgUG0tjSIxX\r\n" +"hBd1W+Ob4nmK29aa4iuXaOxeAA3QK7KCZo18CJFgnp1w97qohwlKf+4FuNXHL64Q\r\n" +"FgmpycV9nfP8G9aUYKAxs1+xutNv/B6opHmfLNL6d0cwi8dvGsrDdGlcyi8Dk/PF\r\n" +"GKSqlQTF5V7l4UOanefB51tuziEBY+LWcXP4XgqNGPQknPF90NnbH1EglQG2paqb\r\n" +"5bLyT8G6kfCSY4uHxs9lPuvfOjk9ptjy2FwfyBb3Sl4K+IFEE8XTNuNErh83AKh2\r\n" +"-----END RSA PRIVATE KEY-----\r\n"; + +char test_ca_pwd[] = "test"; + +char test_srv_crt[] = +"-----BEGIN CERTIFICATE-----\r\n" +"MIIDPjCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJGUjEO\r\n" +"MAwGA1UEBxMFUGFyaXMxDjAMBgNVBAoTBVh5U1NMMRYwFAYDVQQDEw1YeVNTTCBU\r\n" +"ZXN0IENBMB4XDTA3MDcwNzA1MDEyOVoXDTA4MDcwNjA1MDEyOVowMTELMAkGA1UE\r\n" +"BhMCRlIxDjAMBgNVBAoTBVh5U1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0G\r\n" +"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC40PDcGTgmHkt6noXDfkjVuymjiNYB\r\n" +"gjtiL7uA1Ke3tXStacEecQek/OJxYqYr7ffcWalS29LL6HbKpi0xLZKBbD9ACkDh\r\n" +"1Z/SvHlyQPILJdYb9DMw+kzZds5myXUjzn7Aem1YjoxMZUAMyc34i2900X2pL0v2\r\n" +"SfCeJ9Ym4MOnZxYl217+dX9ZbkgIgrT6uY2IYK4boDwxbTcyT8i/NPsVsiMwtWPM\r\n" +"rnQMr+XbgS98sUzcZE70Pe1TlV9Iy8j/8d2OiFo+qTyMu/6UpM2s3gdkQkMzx+Sm\r\n" +"4QitRUjzmEXeUePRUjEgHIv7vz069xuVBzrks36w5BXiVAhLke/OTKVPAgMBAAGj\r\n" +"TTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFNkOyCTx64SDdPySGWl/tzD7/WMSMB8G\r\n" +"A1UdIwQYMBaAFLzuH5jo+iuD5KR9XsN1cpMx2TJnMA0GCSqGSIb3DQEBBQUAA4IB\r\n" +"AQBelJv5t+suaqy5Lo5bjNeHjNZfgg8EigDQ7NqaosvlQZAsh2N34Gg5YdkGyVdg\r\n" +"s32I/K5aaywyUbG9qVXQxCM2T95qBqyK56h9yJoZKWQD9H//+zB8kCK/16WvRfv3\r\n" +"VA7eSR19qOFWlHe+1qGh2YhxeDUfyi+fm4D36dGxqC2A34tZjo0QPHKtIeqM0kJy\r\n" +"zzL65TlbJQKkyTuRHofFv0jW9ZFG2wkGysVgCY5fjuLI1do/sWUaXd2987iNFa+K\r\n" +"FrHsTi6urSfZuGlZNxDXDHEE7Q2snAvvev+KR7DD9X4DJGcPX9gA4CGJj+9ZzyAA\r\n" +"ZTGpOzk1hIH44RFs2lJMZRlE\r\n" +"-----END CERTIFICATE-----\r\n"; + +char test_srv_key[] = +"-----BEGIN RSA PRIVATE KEY-----\r\n" +"MIIEowIBAAKCAQEAuNDw3Bk4Jh5Lep6Fw35I1bspo4jWAYI7Yi+7gNSnt7V0rWnB\r\n" +"HnEHpPzicWKmK+333FmpUtvSy+h2yqYtMS2SgWw/QApA4dWf0rx5ckDyCyXWG/Qz\r\n" +"MPpM2XbOZsl1I85+wHptWI6MTGVADMnN+ItvdNF9qS9L9knwnifWJuDDp2cWJdte\r\n" +"/nV/WW5ICIK0+rmNiGCuG6A8MW03Mk/IvzT7FbIjMLVjzK50DK/l24EvfLFM3GRO\r\n" +"9D3tU5VfSMvI//HdjohaPqk8jLv+lKTNrN4HZEJDM8fkpuEIrUVI85hF3lHj0VIx\r\n" +"IByL+789OvcblQc65LN+sOQV4lQIS5HvzkylTwIDAQABAoIBABeah8h0aBlmMRmd\r\n" +"+VN4Y3D4kF7UcRCMQ21Mz1Oq1Si/QgGLyiBLK0DFE16LzNE7eTZpNRjh/lAQhmtn\r\n" +"QcpQGa/x1TomlRbCo8DUVWZkKQWHdYroa0lMDliPtdimzhEepE2M1T5EJmLzY3S+\r\n" +"qVGe7UMsJjJfWgJAezyXteANQK+2YSt+CjPIqIHch1KexUnvdN9++1oEx6AbuZ8T\r\n" +"4avhFYZQP15tZNGsk2LfQlYS/NfbowkCsd0/TVubJBmDGUML/E5MbxjxLzlaNB2M\r\n" +"V59cBNgsgA35CODAUF4xOyoSfZGqG1Rb9qQrv1E6Jz56dG8SsKF3HqnDjxiPOVBN\r\n" +"FBnVJ+ECgYEA29MhAsKMm4XqBUKp6pIMFTgm/s1E5vxig70vqIiL+guvBhhQ7zs1\r\n" +"8UMTNXZoMELNoB/ev9fN0Cjc1Vr46b/x/yDw7wMb96i+vzENOzu4RHWi3OWpCPbp\r\n" +"qBKEi3hzN8M+BulPX8CDQx3aLRrfxw51J5EuA0NeybngbItgxTi0u6kCgYEA1zr0\r\n" +"6P5YdOhYHtSWDlkeD49MApcVuzaHnsHZVAhUqu3Rwiy9LRaJLZfr7fQDb9DYJbZp\r\n" +"sxTRLG6LSAcsR7mw+m+GvNqGt/9pSqbtW+L/VwVWSyF+YYklxZUD3UAAyrDVcDEC\r\n" +"a5S+jad4Csi/lVHt5ulWIckWL1fJvadn5ubKNDcCgYA+71xVGPP+lsFgTiytfrC8\r\n" +"5n2rl4MxinJ9+w0I+EbzCKNMYGvTgiU4dJasSMEdiBKs1FMGo7dF8F0BLHF1IsIa\r\n" +"5Ah2tXItXn9154o9OiTQXMmK6qmRaneM6fhOoeaCwYAhpGxYIpqx/Xr4TOhiag46\r\n" +"jMMaphAeOvw4t1K2RDziOQKBgQCyPCCU0gxuw/o1jda2CxbZy9EmU/erEX09+0n+\r\n" +"TOfQpSEPq/z9WaxAFY9LfsdZ0ZktoeHma1bNdL3i6A3DWAM3YSQzQMRPmzOWnqXx\r\n" +"cgoCBmlvzkzaeLjO5phMoLQHJmmafvuCG6uxov3F8Hi3LyHUF2c8k0nL6ucmJ3vj\r\n" +"uzu4AQKBgBSASMAJS63M9UJB1Eazy2v2NWw04CmzNxUfWrHuKpd/C2ik4QKu0sRO\r\n" +"r9KnkDgxxEhjDm7lXhlW12PU42yORst5I3Eaa1Cfi4KPFn/ozt+iNBYrzd8Tyvnb\r\n" +"qkdECl0+G2Fo/ER4NRCv7a24WNEsOMGzGRqw5cnSJrjbZLYMaIyK\r\n" +"-----END RSA PRIVATE KEY-----\r\n"; + +char test_cli_crt[] = +"-----BEGIN CERTIFICATE-----\r\n" +"MIIDPTCCAiWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJGUjEO\r\n" +"MAwGA1UEBxMFUGFyaXMxDjAMBgNVBAoTBVh5U1NMMRYwFAYDVQQDEw1YeVNTTCBU\r\n" +"ZXN0IENBMB4XDTA3MDcwNzA1MDEyMFoXDTA4MDcwNjA1MDEyMFowMDELMAkGA1UE\r\n" +"BhMCRlIxDjAMBgNVBAoTBVh5U1NMMREwDwYDVQQDEwhKb2UgVXNlcjCCASIwDQYJ\r\n" +"KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKZkg8ANl6kGmLGqKc6KUHb9IsZwb2+K\r\n" +"jBw83Qb0KuvPVnu3MzEcXFvOZ83g0PL/z8ob5PKr8HP6bVYzhsD65imcCDEEVPk2\r\n" +"9r0XGTggGjB601Fd8aTShUWE4NLrKw6YNXTXgTNdvhHNxXwqmdNVLkmZjj3ZwYUc\r\n" +"cEE8eE5jHs8cMDXJLMCwgKIM7Sax22OhSHQHKwifVO4/Fdw5G+Suys8PhMX2jDXM\r\n" +"ICFwq8ld+bZGoNUtgp48FWhAMfJyTEaHh9LC46KkqGSDRIzx7/4cPB6QqrpzJN0o\r\n" +"Kr8kH7vdRDTFDmO23D4C5l0Bw/2aC76DhEJpB2bGA4iIszJs+F/PIL8CAwEAAaNN\r\n" +"MEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUiWX1IvjRdYGt0zz5Sq16x01k0o4wHwYD\r\n" +"VR0jBBgwFoAUvO4fmOj6K4PkpH1ew3VykzHZMmcwDQYJKoZIhvcNAQEFBQADggEB\r\n" +"AGdqD7VThJmC+oeeMUHk2TQX2wZNU+GsC+RLjtlenckny95KnljGvMtCznyLkS5D\r\n" +"fAjLKfR1No8pk5gRdscqgyIuQx5WnHNv4QBZmMsmvDICxzRQaxuPFHbS4aLXldeL\r\n" +"yOWm5Z4qkMHpCKvA86blYsEkksGDV47fF9ZkOQ8nkh7Z4eY4/5TwqTY72ww5g4NL\r\n" +"6DZtWpcpGbX99NRaNVzcq9D+ElxkgHnH4YWafOKBclSgqrutbRLi2uZx/QpvuF+i\r\n" +"sUbe+HFPMWwU5lBv/oOhQkz0VD+HusYtXWS2lG88cT40aNly2CkYUugdTR/b9Uea\r\n" +"p/i862sL/lO40qlQ0xV5N7U=\r\n" +"-----END CERTIFICATE-----\r\n"; + +char test_cli_key[] = +"-----BEGIN RSA PRIVATE KEY-----\r\n" +"MIIEowIBAAKCAQEApmSDwA2XqQaYsaopzopQdv0ixnBvb4qMHDzdBvQq689We7cz\r\n" +"MRxcW85nzeDQ8v/Pyhvk8qvwc/ptVjOGwPrmKZwIMQRU+Tb2vRcZOCAaMHrTUV3x\r\n" +"pNKFRYTg0usrDpg1dNeBM12+Ec3FfCqZ01UuSZmOPdnBhRxwQTx4TmMezxwwNcks\r\n" +"wLCAogztJrHbY6FIdAcrCJ9U7j8V3Dkb5K7Kzw+ExfaMNcwgIXCryV35tkag1S2C\r\n" +"njwVaEAx8nJMRoeH0sLjoqSoZINEjPHv/hw8HpCqunMk3SgqvyQfu91ENMUOY7bc\r\n" +"PgLmXQHD/ZoLvoOEQmkHZsYDiIizMmz4X88gvwIDAQABAoIBAE0nBkAjDVN+j4ax\r\n" +"1DjEwZKqxVkmAUXDBDyDrCjxRoWY2gz7YW1ALUMUbeV0fO5v1zVrwbkUKKZeVBxI\r\n" +"QA9zRw28H8A6tfvolHgRIcx4dixMh3ePC+DVDJ6zglvKV2ipAwBufKYIrX0r4Io2\r\n" +"ZqUrNg9CeEYNlkHWceaN12rhYwO82pgHxnB1p5pI42pY7lzyLgSddf5n+M5UBOJI\r\n" +"gsNCkvbGdv7WQPVFTRDiRgEnCJ3rI8oPSK6MOUWJw3rh2hbkx+ex8NPvEKbzEXiU\r\n" +"p5j1AlbHIWP5sYBbA1YviFtryAV4fyfLcWPfoqa33Oozofjlwoj0Aixz+6rerLjZ\r\n" +"cpTSrAECgYEA2oCffUo6HH3Lq9oeWhFCoOyG3YjZmFrJaJwjHnvroX9/pXHqYKog\r\n" +"TehcjUJBtFZw0klcetYbZCFqT8v9nf0uPlgaiVGCtXf1MSbFXDUFKkYBiFwzdWMT\r\n" +"Ysmvhff82jMWZ8ecsXTyDRl858SR5WPZ52qEsCc5X2un7QENm6FtVT8CgYEAwvKS\r\n" +"zQNzuoJETqZX7AalmK3JM8Fdam+Qm5LNMcbvhbKwI8HKMS1VMuqaR0XdAX/iMXAx\r\n" +"P1VhSsmoSDbsMpxBEZIptpCen/GcqctITxANTakrBHxqb2aQ5EEu7SzgfHZWse3/\r\n" +"vQEyfcFTBlPIdcZUDzk4/w7WmyivpYtCWoAh1IECgYEA0UYZ+1UJfVpapRj+swMP\r\n" +"DrQbo7i7t7lUaFYLKNpFX2OPLTWC5txqnlOruTu5VHDqE+5hneDNUUTT3uOg4B2q\r\n" +"mdmmaNjh2M6wz0e0BVFexhNQynqMaqTe32IOM8DFs3L0xacgg7JfVn6P7CeQGOVe\r\n" +"wc96kICw6ZxhtJSqpOGipt8CgYBI/0Pw+IXxJK4nNSpe+u4vCYP5mUI9hKEFYCbt\r\n" +"qKwvyAUknn/zgiIQ+r/iSErFMPmlwXjvWi0gL/qPb+Fp4hCLX8u2zNhY08Px4Gin\r\n" +"Ej+pANtWxq+kHyfKEI5dyRwV/snfvlqwjy404JsSF3VMhIMdYDPzbb72Qnni5w5l\r\n" +"jO0eAQKBgBqt9jJMd1JdpemC2dm0BuuDIz2h3/MH+CMjfaDLenVpKykn17B6N92h\r\n" +"klMesqK3RQzDGwauDw431LQw0R69onn9fCM3wJw2yEC6wC9sF8I8hsNZbt64yZhZ\r\n" +"4Bi2YRTiHhpEuBqKlhHLDFHneo3SMYh8PU/PDQQcyWGHHUi9z1RE\r\n" +"-----END RSA PRIVATE KEY-----\r\n"; + +char xyssl_ca_crt[] = +"-----BEGIN CERTIFICATE-----\r\n" +"MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh\r\n" +"MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE\r\n" +"YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3\r\n" +"MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo\r\n" +"ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg\r\n" +"MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN\r\n" +"ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA\r\n" +"PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w\r\n" +"wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi\r\n" +"EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY\r\n" +"avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+\r\n" +"YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE\r\n" +"sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h\r\n" +"/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5\r\n" +"IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj\r\n" +"YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD\r\n" +"ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy\r\n" +"OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P\r\n" +"TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ\r\n" +"HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER\r\n" +"dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf\r\n" +"ReYNnyicsbkqWletNw+vHX/bvZ8=\r\n" +"-----END CERTIFICATE-----\r\n"; + +#endif diff --git a/library/debug.c b/library/debug.c new file mode 100644 index 000000000..4862fc46e --- /dev/null +++ b/library/debug.c @@ -0,0 +1,202 @@ +/* + * Debugging routines + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_DEBUG_C) + +#include "xyssl/debug.h" + +#include +#include + +#if defined _MSC_VER && !defined snprintf +#define snprintf _snprintf +#endif + +#if defined _MSC_VER && !defined vsnprintf +#define vsnprintf _vsnprintf +#endif + +char *debug_fmt( const char *format, ... ) +{ + va_list argp; + static char str[512]; + int maxlen = sizeof( str ) - 1; + + va_start( argp, format ); + vsnprintf( str, maxlen, format, argp ); + va_end( argp ); + + str[maxlen] = '\0'; + return( str ); +} + +void debug_print_msg( ssl_context *ssl, int level, + char *file, int line, char *text ) +{ + char str[512]; + int maxlen = sizeof( str ) - 1; + + if( ssl->f_dbg == NULL ) + return; + + snprintf( str, maxlen, "%s(%04d): %s\n", file, line, text ); + str[maxlen] = '\0'; + ssl->f_dbg( ssl->p_dbg, level, str ); +} + +void debug_print_ret( ssl_context *ssl, int level, + char *file, int line, char *text, int ret ) +{ + char str[512]; + int maxlen = sizeof( str ) - 1; + + if( ssl->f_dbg == NULL ) + return; + + snprintf( str, maxlen, "%s(%04d): %s() returned %d (0x%x)\n", + file, line, text, ret, ret ); + + str[maxlen] = '\0'; + ssl->f_dbg( ssl->p_dbg, level, str ); +} + +void debug_print_buf( ssl_context *ssl, int level, + char *file, int line, char *text, + unsigned char *buf, int len ) +{ + char str[512]; + int i, maxlen = sizeof( str ) - 1; + + if( ssl->f_dbg == NULL || len < 0 ) + return; + + snprintf( str, maxlen, "%s(%04d): dumping '%s' (%d bytes)\n", + file, line, text, len ); + + str[maxlen] = '\0'; + ssl->f_dbg( ssl->p_dbg, level, str ); + + for( i = 0; i < len; i++ ) + { + if( i >= 4096 ) + break; + + if( i % 16 == 0 ) + { + if( i > 0 ) + ssl->f_dbg( ssl->p_dbg, level, "\n" ); + + snprintf( str, maxlen, "%s(%04d): %04x: ", file, line, i ); + + str[maxlen] = '\0'; + ssl->f_dbg( ssl->p_dbg, level, str ); + } + + snprintf( str, maxlen, " %02x", (unsigned int) buf[i] ); + + str[maxlen] = '\0'; + ssl->f_dbg( ssl->p_dbg, level, str ); + } + + if( len > 0 ) + ssl->f_dbg( ssl->p_dbg, level, "\n" ); +} + +void debug_print_mpi( ssl_context *ssl, int level, + char *file, int line, char *text, mpi *X ) +{ + char str[512]; + int i, j, k, n, maxlen = sizeof( str ) - 1; + + if( ssl->f_dbg == NULL || X == NULL ) + return; + + for( n = X->n - 1; n >= 0; n-- ) + if( X->p[n] != 0 ) + break; + + snprintf( str, maxlen, "%s(%04d): value of '%s' (%d bits) is:\n", + file, line, text, ((n + 1) * sizeof( t_int )) << 3 ); + + str[maxlen] = '\0'; + ssl->f_dbg( ssl->p_dbg, level, str ); + + for( i = n, j = 0; i >= 0; i--, j++ ) + { + if( j % ( 16 / sizeof( t_int ) ) == 0 ) + { + if( j > 0 ) + ssl->f_dbg( ssl->p_dbg, level, "\n" ); + + snprintf( str, maxlen, "%s(%04d): ", file, line ); + + str[maxlen] = '\0'; + ssl->f_dbg( ssl->p_dbg, level, str ); + } + + for( k = sizeof( t_int ) - 1; k >= 0; k-- ) + { + snprintf( str, maxlen, " %02x", (unsigned int) + ( X->p[i] >> (k << 3) ) & 0xFF ); + + str[maxlen] = '\0'; + ssl->f_dbg( ssl->p_dbg, level, str ); + } + } + + ssl->f_dbg( ssl->p_dbg, level, "\n" ); +} + +void debug_print_crt( ssl_context *ssl, int level, + char *file, int line, char *text, x509_cert *crt ) +{ + char str[512], prefix[64], *p; + int i = 0, maxlen = sizeof( prefix ) - 1; + + if( ssl->f_dbg == NULL || crt == NULL ) + return; + + snprintf( prefix, maxlen, "%s(%04d): ", file, line ); + prefix[maxlen] = '\0'; + maxlen = sizeof( str ) - 1; + + while( crt != NULL && crt->next != NULL ) + { + p = x509parse_cert_info( prefix, crt ); + + snprintf( str, maxlen, "%s(%04d): %s #%d:\n%s", + file, line, text, ++i, p ); + + str[maxlen] = '\0'; + ssl->f_dbg( ssl->p_dbg, level, str ); + + debug_print_mpi( ssl, level, file, line, + "crt->rsa.N", &crt->rsa.N ); + + debug_print_mpi( ssl, level, file, line, + "crt->rsa.E", &crt->rsa.E ); + + crt = crt->next; + } +} + +#endif diff --git a/library/des.c b/library/des.c new file mode 100644 index 000000000..aec027da9 --- /dev/null +++ b/library/des.c @@ -0,0 +1,876 @@ +/* + * FIPS-46-3 compliant Triple-DES implementation + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +/* + * DES, on which TDES is based, was originally designed by Horst Feistel + * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS). + * + * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_DES_C) + +#include "xyssl/des.h" + +#include + +/* + * 32-bit integer manipulation macros (big endian) + */ +#ifndef GET_ULONG_BE +#define GET_ULONG_BE(n,b,i) \ +{ \ + (n) = ( (unsigned long) (b)[(i) ] << 24 ) \ + | ( (unsigned long) (b)[(i) + 1] << 16 ) \ + | ( (unsigned long) (b)[(i) + 2] << 8 ) \ + | ( (unsigned long) (b)[(i) + 3] ); \ +} +#endif + +#ifndef PUT_ULONG_BE +#define PUT_ULONG_BE(n,b,i) \ +{ \ + (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ + (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ + (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ + (b)[(i) + 3] = (unsigned char) ( (n) ); \ +} +#endif + +/* + * Expanded DES S-boxes + */ +static const unsigned long SB1[64] = +{ + 0x01010400, 0x00000000, 0x00010000, 0x01010404, + 0x01010004, 0x00010404, 0x00000004, 0x00010000, + 0x00000400, 0x01010400, 0x01010404, 0x00000400, + 0x01000404, 0x01010004, 0x01000000, 0x00000004, + 0x00000404, 0x01000400, 0x01000400, 0x00010400, + 0x00010400, 0x01010000, 0x01010000, 0x01000404, + 0x00010004, 0x01000004, 0x01000004, 0x00010004, + 0x00000000, 0x00000404, 0x00010404, 0x01000000, + 0x00010000, 0x01010404, 0x00000004, 0x01010000, + 0x01010400, 0x01000000, 0x01000000, 0x00000400, + 0x01010004, 0x00010000, 0x00010400, 0x01000004, + 0x00000400, 0x00000004, 0x01000404, 0x00010404, + 0x01010404, 0x00010004, 0x01010000, 0x01000404, + 0x01000004, 0x00000404, 0x00010404, 0x01010400, + 0x00000404, 0x01000400, 0x01000400, 0x00000000, + 0x00010004, 0x00010400, 0x00000000, 0x01010004 +}; + +static const unsigned long SB2[64] = +{ + 0x80108020, 0x80008000, 0x00008000, 0x00108020, + 0x00100000, 0x00000020, 0x80100020, 0x80008020, + 0x80000020, 0x80108020, 0x80108000, 0x80000000, + 0x80008000, 0x00100000, 0x00000020, 0x80100020, + 0x00108000, 0x00100020, 0x80008020, 0x00000000, + 0x80000000, 0x00008000, 0x00108020, 0x80100000, + 0x00100020, 0x80000020, 0x00000000, 0x00108000, + 0x00008020, 0x80108000, 0x80100000, 0x00008020, + 0x00000000, 0x00108020, 0x80100020, 0x00100000, + 0x80008020, 0x80100000, 0x80108000, 0x00008000, + 0x80100000, 0x80008000, 0x00000020, 0x80108020, + 0x00108020, 0x00000020, 0x00008000, 0x80000000, + 0x00008020, 0x80108000, 0x00100000, 0x80000020, + 0x00100020, 0x80008020, 0x80000020, 0x00100020, + 0x00108000, 0x00000000, 0x80008000, 0x00008020, + 0x80000000, 0x80100020, 0x80108020, 0x00108000 +}; + +static const unsigned long SB3[64] = +{ + 0x00000208, 0x08020200, 0x00000000, 0x08020008, + 0x08000200, 0x00000000, 0x00020208, 0x08000200, + 0x00020008, 0x08000008, 0x08000008, 0x00020000, + 0x08020208, 0x00020008, 0x08020000, 0x00000208, + 0x08000000, 0x00000008, 0x08020200, 0x00000200, + 0x00020200, 0x08020000, 0x08020008, 0x00020208, + 0x08000208, 0x00020200, 0x00020000, 0x08000208, + 0x00000008, 0x08020208, 0x00000200, 0x08000000, + 0x08020200, 0x08000000, 0x00020008, 0x00000208, + 0x00020000, 0x08020200, 0x08000200, 0x00000000, + 0x00000200, 0x00020008, 0x08020208, 0x08000200, + 0x08000008, 0x00000200, 0x00000000, 0x08020008, + 0x08000208, 0x00020000, 0x08000000, 0x08020208, + 0x00000008, 0x00020208, 0x00020200, 0x08000008, + 0x08020000, 0x08000208, 0x00000208, 0x08020000, + 0x00020208, 0x00000008, 0x08020008, 0x00020200 +}; + +static const unsigned long SB4[64] = +{ + 0x00802001, 0x00002081, 0x00002081, 0x00000080, + 0x00802080, 0x00800081, 0x00800001, 0x00002001, + 0x00000000, 0x00802000, 0x00802000, 0x00802081, + 0x00000081, 0x00000000, 0x00800080, 0x00800001, + 0x00000001, 0x00002000, 0x00800000, 0x00802001, + 0x00000080, 0x00800000, 0x00002001, 0x00002080, + 0x00800081, 0x00000001, 0x00002080, 0x00800080, + 0x00002000, 0x00802080, 0x00802081, 0x00000081, + 0x00800080, 0x00800001, 0x00802000, 0x00802081, + 0x00000081, 0x00000000, 0x00000000, 0x00802000, + 0x00002080, 0x00800080, 0x00800081, 0x00000001, + 0x00802001, 0x00002081, 0x00002081, 0x00000080, + 0x00802081, 0x00000081, 0x00000001, 0x00002000, + 0x00800001, 0x00002001, 0x00802080, 0x00800081, + 0x00002001, 0x00002080, 0x00800000, 0x00802001, + 0x00000080, 0x00800000, 0x00002000, 0x00802080 +}; + +static const unsigned long SB5[64] = +{ + 0x00000100, 0x02080100, 0x02080000, 0x42000100, + 0x00080000, 0x00000100, 0x40000000, 0x02080000, + 0x40080100, 0x00080000, 0x02000100, 0x40080100, + 0x42000100, 0x42080000, 0x00080100, 0x40000000, + 0x02000000, 0x40080000, 0x40080000, 0x00000000, + 0x40000100, 0x42080100, 0x42080100, 0x02000100, + 0x42080000, 0x40000100, 0x00000000, 0x42000000, + 0x02080100, 0x02000000, 0x42000000, 0x00080100, + 0x00080000, 0x42000100, 0x00000100, 0x02000000, + 0x40000000, 0x02080000, 0x42000100, 0x40080100, + 0x02000100, 0x40000000, 0x42080000, 0x02080100, + 0x40080100, 0x00000100, 0x02000000, 0x42080000, + 0x42080100, 0x00080100, 0x42000000, 0x42080100, + 0x02080000, 0x00000000, 0x40080000, 0x42000000, + 0x00080100, 0x02000100, 0x40000100, 0x00080000, + 0x00000000, 0x40080000, 0x02080100, 0x40000100 +}; + +static const unsigned long SB6[64] = +{ + 0x20000010, 0x20400000, 0x00004000, 0x20404010, + 0x20400000, 0x00000010, 0x20404010, 0x00400000, + 0x20004000, 0x00404010, 0x00400000, 0x20000010, + 0x00400010, 0x20004000, 0x20000000, 0x00004010, + 0x00000000, 0x00400010, 0x20004010, 0x00004000, + 0x00404000, 0x20004010, 0x00000010, 0x20400010, + 0x20400010, 0x00000000, 0x00404010, 0x20404000, + 0x00004010, 0x00404000, 0x20404000, 0x20000000, + 0x20004000, 0x00000010, 0x20400010, 0x00404000, + 0x20404010, 0x00400000, 0x00004010, 0x20000010, + 0x00400000, 0x20004000, 0x20000000, 0x00004010, + 0x20000010, 0x20404010, 0x00404000, 0x20400000, + 0x00404010, 0x20404000, 0x00000000, 0x20400010, + 0x00000010, 0x00004000, 0x20400000, 0x00404010, + 0x00004000, 0x00400010, 0x20004010, 0x00000000, + 0x20404000, 0x20000000, 0x00400010, 0x20004010 +}; + +static const unsigned long SB7[64] = +{ + 0x00200000, 0x04200002, 0x04000802, 0x00000000, + 0x00000800, 0x04000802, 0x00200802, 0x04200800, + 0x04200802, 0x00200000, 0x00000000, 0x04000002, + 0x00000002, 0x04000000, 0x04200002, 0x00000802, + 0x04000800, 0x00200802, 0x00200002, 0x04000800, + 0x04000002, 0x04200000, 0x04200800, 0x00200002, + 0x04200000, 0x00000800, 0x00000802, 0x04200802, + 0x00200800, 0x00000002, 0x04000000, 0x00200800, + 0x04000000, 0x00200800, 0x00200000, 0x04000802, + 0x04000802, 0x04200002, 0x04200002, 0x00000002, + 0x00200002, 0x04000000, 0x04000800, 0x00200000, + 0x04200800, 0x00000802, 0x00200802, 0x04200800, + 0x00000802, 0x04000002, 0x04200802, 0x04200000, + 0x00200800, 0x00000000, 0x00000002, 0x04200802, + 0x00000000, 0x00200802, 0x04200000, 0x00000800, + 0x04000002, 0x04000800, 0x00000800, 0x00200002 +}; + +static const unsigned long SB8[64] = +{ + 0x10001040, 0x00001000, 0x00040000, 0x10041040, + 0x10000000, 0x10001040, 0x00000040, 0x10000000, + 0x00040040, 0x10040000, 0x10041040, 0x00041000, + 0x10041000, 0x00041040, 0x00001000, 0x00000040, + 0x10040000, 0x10000040, 0x10001000, 0x00001040, + 0x00041000, 0x00040040, 0x10040040, 0x10041000, + 0x00001040, 0x00000000, 0x00000000, 0x10040040, + 0x10000040, 0x10001000, 0x00041040, 0x00040000, + 0x00041040, 0x00040000, 0x10041000, 0x00001000, + 0x00000040, 0x10040040, 0x00001000, 0x00041040, + 0x10001000, 0x00000040, 0x10000040, 0x10040000, + 0x10040040, 0x10000000, 0x00040000, 0x10001040, + 0x00000000, 0x10041040, 0x00040040, 0x10000040, + 0x10040000, 0x10001000, 0x10001040, 0x00000000, + 0x10041040, 0x00041000, 0x00041000, 0x00001040, + 0x00001040, 0x00040040, 0x10000000, 0x10041000 +}; + +/* + * PC1: left and right halves bit-swap + */ +static const unsigned long LHs[16] = +{ + 0x00000000, 0x00000001, 0x00000100, 0x00000101, + 0x00010000, 0x00010001, 0x00010100, 0x00010101, + 0x01000000, 0x01000001, 0x01000100, 0x01000101, + 0x01010000, 0x01010001, 0x01010100, 0x01010101 +}; + +static const unsigned long RHs[16] = +{ + 0x00000000, 0x01000000, 0x00010000, 0x01010000, + 0x00000100, 0x01000100, 0x00010100, 0x01010100, + 0x00000001, 0x01000001, 0x00010001, 0x01010001, + 0x00000101, 0x01000101, 0x00010101, 0x01010101, +}; + +/* + * Initial Permutation macro + */ +#define DES_IP(X,Y) \ +{ \ + T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \ + T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \ + T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \ + T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \ + Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \ + T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \ + X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \ +} + +/* + * Final Permutation macro + */ +#define DES_FP(X,Y) \ +{ \ + X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \ + T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \ + Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \ + T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \ + T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \ + T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \ + T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \ +} + +/* + * DES round macro + */ +#define DES_ROUND(X,Y) \ +{ \ + T = *SK++ ^ X; \ + Y ^= SB8[ (T ) & 0x3F ] ^ \ + SB6[ (T >> 8) & 0x3F ] ^ \ + SB4[ (T >> 16) & 0x3F ] ^ \ + SB2[ (T >> 24) & 0x3F ]; \ + \ + T = *SK++ ^ ((X << 28) | (X >> 4)); \ + Y ^= SB7[ (T ) & 0x3F ] ^ \ + SB5[ (T >> 8) & 0x3F ] ^ \ + SB3[ (T >> 16) & 0x3F ] ^ \ + SB1[ (T >> 24) & 0x3F ]; \ +} + +#define SWAP(a,b) { unsigned long t = a; a = b; b = t; t = 0; } + +static void des_setkey( unsigned long SK[32], unsigned char key[8] ) +{ + int i; + unsigned long X, Y, T; + + GET_ULONG_BE( X, key, 0 ); + GET_ULONG_BE( Y, key, 4 ); + + /* + * Permuted Choice 1 + */ + T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4); + T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T ); + + X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2) + | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] ) + | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6) + | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4); + + Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2) + | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] ) + | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6) + | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4); + + X &= 0x0FFFFFFF; + Y &= 0x0FFFFFFF; + + /* + * calculate subkeys + */ + for( i = 0; i < 16; i++ ) + { + if( i < 2 || i == 8 || i == 15 ) + { + X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF; + Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF; + } + else + { + X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF; + Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF; + } + + *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000) + | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000) + | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000) + | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000) + | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000) + | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000) + | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400) + | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100) + | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010) + | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004) + | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001); + + *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000) + | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000) + | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000) + | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000) + | ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000) + | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000) + | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000) + | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400) + | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100) + | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011) + | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002); + } +} + +/* + * DES key schedule (56-bit, encryption) + */ +void des_setkey_enc( des_context *ctx, unsigned char key[8] ) +{ + des_setkey( ctx->sk, key ); +} + +/* + * DES key schedule (56-bit, decryption) + */ +void des_setkey_dec( des_context *ctx, unsigned char key[8] ) +{ + int i; + + des_setkey( ctx->sk, key ); + + for( i = 0; i < 16; i += 2 ) + { + SWAP( ctx->sk[i ], ctx->sk[30 - i] ); + SWAP( ctx->sk[i + 1], ctx->sk[31 - i] ); + } +} + +static void des3_set2key( unsigned long esk[96], + unsigned long dsk[96], + unsigned char key[16] ) +{ + int i; + + des_setkey( esk, key ); + des_setkey( dsk + 32, key + 8 ); + + for( i = 0; i < 32; i += 2 ) + { + dsk[i ] = esk[30 - i]; + dsk[i + 1] = esk[31 - i]; + + esk[i + 32] = dsk[62 - i]; + esk[i + 33] = dsk[63 - i]; + + esk[i + 64] = esk[i ]; + esk[i + 65] = esk[i + 1]; + + dsk[i + 64] = dsk[i ]; + dsk[i + 65] = dsk[i + 1]; + } +} + +/* + * Triple-DES key schedule (112-bit, encryption) + */ +void des3_set2key_enc( des3_context *ctx, unsigned char key[16] ) +{ + unsigned long sk[96]; + + des3_set2key( ctx->sk, sk, key ); + memset( sk, 0, sizeof( sk ) ); +} + +/* + * Triple-DES key schedule (112-bit, decryption) + */ +void des3_set2key_dec( des3_context *ctx, unsigned char key[16] ) +{ + unsigned long sk[96]; + + des3_set2key( sk, ctx->sk, key ); + memset( sk, 0, sizeof( sk ) ); +} + +static void des3_set3key( unsigned long esk[96], + unsigned long dsk[96], + unsigned char key[24] ) +{ + int i; + + des_setkey( esk, key ); + des_setkey( dsk + 32, key + 8 ); + des_setkey( esk + 64, key + 16 ); + + for( i = 0; i < 32; i += 2 ) + { + dsk[i ] = esk[94 - i]; + dsk[i + 1] = esk[95 - i]; + + esk[i + 32] = dsk[62 - i]; + esk[i + 33] = dsk[63 - i]; + + dsk[i + 64] = esk[30 - i]; + dsk[i + 65] = esk[31 - i]; + } +} + +/* + * Triple-DES key schedule (168-bit, encryption) + */ +void des3_set3key_enc( des3_context *ctx, unsigned char key[24] ) +{ + unsigned long sk[96]; + + des3_set3key( ctx->sk, sk, key ); + memset( sk, 0, sizeof( sk ) ); +} + +/* + * Triple-DES key schedule (168-bit, decryption) + */ +void des3_set3key_dec( des3_context *ctx, unsigned char key[24] ) +{ + unsigned long sk[96]; + + des3_set3key( sk, ctx->sk, key ); + memset( sk, 0, sizeof( sk ) ); +} + +/* + * DES-ECB block encryption/decryption + */ +void des_crypt_ecb( des_context *ctx, + unsigned char input[8], + unsigned char output[8] ) +{ + int i; + unsigned long X, Y, T, *SK; + + SK = ctx->sk; + + GET_ULONG_BE( X, input, 0 ); + GET_ULONG_BE( Y, input, 4 ); + + DES_IP( X, Y ); + + for( i = 0; i < 8; i++ ) + { + DES_ROUND( Y, X ); + DES_ROUND( X, Y ); + } + + DES_FP( Y, X ); + + PUT_ULONG_BE( Y, output, 0 ); + PUT_ULONG_BE( X, output, 4 ); +} + +/* + * DES-CBC buffer encryption/decryption + */ +void des_crypt_cbc( des_context *ctx, + int mode, + int length, + unsigned char iv[8], + unsigned char *input, + unsigned char *output ) +{ + int i; + unsigned char temp[8]; + + if( mode == DES_ENCRYPT ) + { + while( length > 0 ) + { + for( i = 0; i < 8; i++ ) + output[i] = (unsigned char)( input[i] ^ iv[i] ); + + des_crypt_ecb( ctx, output, output ); + memcpy( iv, output, 8 ); + + input += 8; + output += 8; + length -= 8; + } + } + else /* DES_DECRYPT */ + { + while( length > 0 ) + { + memcpy( temp, input, 8 ); + des_crypt_ecb( ctx, input, output ); + + for( i = 0; i < 8; i++ ) + output[i] = (unsigned char)( output[i] ^ iv[i] ); + + memcpy( iv, temp, 8 ); + + input += 8; + output += 8; + length -= 8; + } + } +} + +/* + * 3DES-ECB block encryption/decryption + */ +void des3_crypt_ecb( des3_context *ctx, + unsigned char input[8], + unsigned char output[8] ) +{ + int i; + unsigned long X, Y, T, *SK; + + SK = ctx->sk; + + GET_ULONG_BE( X, input, 0 ); + GET_ULONG_BE( Y, input, 4 ); + + DES_IP( X, Y ); + + for( i = 0; i < 8; i++ ) + { + DES_ROUND( Y, X ); + DES_ROUND( X, Y ); + } + + for( i = 0; i < 8; i++ ) + { + DES_ROUND( X, Y ); + DES_ROUND( Y, X ); + } + + for( i = 0; i < 8; i++ ) + { + DES_ROUND( Y, X ); + DES_ROUND( X, Y ); + } + + DES_FP( Y, X ); + + PUT_ULONG_BE( Y, output, 0 ); + PUT_ULONG_BE( X, output, 4 ); +} + +/* + * 3DES-CBC buffer encryption/decryption + */ +void des3_crypt_cbc( des3_context *ctx, + int mode, + int length, + unsigned char iv[8], + unsigned char *input, + unsigned char *output ) +{ + int i; + unsigned char temp[8]; + + if( mode == DES_ENCRYPT ) + { + while( length > 0 ) + { + for( i = 0; i < 8; i++ ) + output[i] = (unsigned char)( input[i] ^ iv[i] ); + + des3_crypt_ecb( ctx, output, output ); + memcpy( iv, output, 8 ); + + input += 8; + output += 8; + length -= 8; + } + } + else /* DES_DECRYPT */ + { + while( length > 0 ) + { + memcpy( temp, input, 8 ); + des3_crypt_ecb( ctx, input, output ); + + for( i = 0; i < 8; i++ ) + output[i] = (unsigned char)( output[i] ^ iv[i] ); + + memcpy( iv, temp, 8 ); + + input += 8; + output += 8; + length -= 8; + } + } +} + +#if defined(XYSSL_SELF_TEST) + +#include + +/* + * DES and 3DES test vectors from: + * + * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip + */ +static const unsigned char des3_test_keys[24] = +{ + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, + 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, + 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23 +}; + +static const unsigned char des3_test_iv[8] = +{ + 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF, +}; + +static const unsigned char des3_test_buf[8] = +{ + 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74 +}; + +static const unsigned char des3_test_ecb_dec[3][8] = +{ + { 0xCD, 0xD6, 0x4F, 0x2F, 0x94, 0x27, 0xC1, 0x5D }, + { 0x69, 0x96, 0xC8, 0xFA, 0x47, 0xA2, 0xAB, 0xEB }, + { 0x83, 0x25, 0x39, 0x76, 0x44, 0x09, 0x1A, 0x0A } +}; + +static const unsigned char des3_test_ecb_enc[3][8] = +{ + { 0x6A, 0x2A, 0x19, 0xF4, 0x1E, 0xCA, 0x85, 0x4B }, + { 0x03, 0xE6, 0x9F, 0x5B, 0xFA, 0x58, 0xEB, 0x42 }, + { 0xDD, 0x17, 0xE8, 0xB8, 0xB4, 0x37, 0xD2, 0x32 } +}; + +static const unsigned char des3_test_cbc_dec[3][8] = +{ + { 0x12, 0x9F, 0x40, 0xB9, 0xD2, 0x00, 0x56, 0xB3 }, + { 0x47, 0x0E, 0xFC, 0x9A, 0x6B, 0x8E, 0xE3, 0x93 }, + { 0xC5, 0xCE, 0xCF, 0x63, 0xEC, 0xEC, 0x51, 0x4C } +}; + +static const unsigned char des3_test_cbc_enc[3][8] = +{ + { 0x54, 0xF1, 0x5A, 0xF6, 0xEB, 0xE3, 0xA4, 0xB4 }, + { 0x35, 0x76, 0x11, 0x56, 0x5F, 0xA1, 0x8E, 0x4D }, + { 0xCB, 0x19, 0x1F, 0x85, 0xD1, 0xED, 0x84, 0x39 } +}; + +/* + * Checkup routine + */ +int des_self_test( int verbose ) +{ + int i, j, u, v; + des_context ctx; + des3_context ctx3; + unsigned char key[24]; + unsigned char buf[8]; + unsigned char prv[8]; + unsigned char iv[8]; + + memset( key, 0, 24 ); + + /* + * ECB mode + */ + for( i = 0; i < 6; i++ ) + { + u = i >> 1; + v = i & 1; + + if( verbose != 0 ) + printf( " DES%c-ECB-%3d (%s): ", + ( u == 0 ) ? ' ' : '3', 56 + u * 56, + ( v == DES_DECRYPT ) ? "dec" : "enc" ); + + memcpy( buf, des3_test_buf, 8 ); + + switch( i ) + { + case 0: + des_setkey_dec( &ctx, (unsigned char *) des3_test_keys ); + break; + + case 1: + des_setkey_enc( &ctx, (unsigned char *) des3_test_keys ); + break; + + case 2: + des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys ); + break; + + case 3: + des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys ); + break; + + case 4: + des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys ); + break; + + case 5: + des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys ); + break; + + default: + return( 1 ); + } + + for( j = 0; j < 10000; j++ ) + { + if( u == 0 ) + des_crypt_ecb( &ctx, buf, buf ); + else + des3_crypt_ecb( &ctx3, buf, buf ); + } + + if( ( v == DES_DECRYPT && + memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) || + ( v != DES_DECRYPT && + memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n" ); + } + + if( verbose != 0 ) + printf( "\n" ); + + /* + * CBC mode + */ + for( i = 0; i < 6; i++ ) + { + u = i >> 1; + v = i & 1; + + if( verbose != 0 ) + printf( " DES%c-CBC-%3d (%s): ", + ( u == 0 ) ? ' ' : '3', 56 + u * 56, + ( v == DES_DECRYPT ) ? "dec" : "enc" ); + + memcpy( iv, des3_test_iv, 8 ); + memcpy( prv, des3_test_iv, 8 ); + memcpy( buf, des3_test_buf, 8 ); + + switch( i ) + { + case 0: + des_setkey_dec( &ctx, (unsigned char *) des3_test_keys ); + break; + + case 1: + des_setkey_enc( &ctx, (unsigned char *) des3_test_keys ); + break; + + case 2: + des3_set2key_dec( &ctx3, (unsigned char *) des3_test_keys ); + break; + + case 3: + des3_set2key_enc( &ctx3, (unsigned char *) des3_test_keys ); + break; + + case 4: + des3_set3key_dec( &ctx3, (unsigned char *) des3_test_keys ); + break; + + case 5: + des3_set3key_enc( &ctx3, (unsigned char *) des3_test_keys ); + break; + + default: + return( 1 ); + } + + if( v == DES_DECRYPT ) + { + for( j = 0; j < 10000; j++ ) + { + if( u == 0 ) + des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); + else + des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); + } + } + else + { + for( j = 0; j < 10000; j++ ) + { + unsigned char tmp[8]; + + if( u == 0 ) + des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); + else + des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); + + memcpy( tmp, prv, 8 ); + memcpy( prv, buf, 8 ); + memcpy( buf, tmp, 8 ); + } + + memcpy( buf, prv, 8 ); + } + + if( ( v == DES_DECRYPT && + memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) || + ( v != DES_DECRYPT && + memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n" ); + } + + if( verbose != 0 ) + printf( "\n" ); + + return( 0 ); +} + +#endif + +#endif diff --git a/library/dhm.c b/library/dhm.c new file mode 100644 index 000000000..4fff26488 --- /dev/null +++ b/library/dhm.c @@ -0,0 +1,253 @@ +/* + * Diffie-Hellman-Merkle key exchange + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +/* + * Reference: + * + * http://www.cacr.math.uwaterloo.ca/hac/ (chapter 12) + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_DHM_C) + +#include "xyssl/dhm.h" + +#include + +/* + * helper to validate the mpi size and import it + */ +static int dhm_read_bignum( mpi *X, + unsigned char **p, + unsigned char *end ) +{ + int ret, n; + + if( end - *p < 2 ) + return( XYSSL_ERR_DHM_BAD_INPUT_DATA ); + + n = ( (*p)[0] << 8 ) | (*p)[1]; + (*p) += 2; + + if( (int)( end - *p ) < n ) + return( XYSSL_ERR_DHM_BAD_INPUT_DATA ); + + if( ( ret = mpi_read_binary( X, *p, n ) ) != 0 ) + return( XYSSL_ERR_DHM_READ_PARAMS_FAILED | ret ); + + (*p) += n; + + return( 0 ); +} + +/* + * Parse the ServerKeyExchange parameters + */ +int dhm_read_params( dhm_context *ctx, + unsigned char **p, + unsigned char *end ) +{ + int ret, n; + + memset( ctx, 0, sizeof( dhm_context ) ); + + if( ( ret = dhm_read_bignum( &ctx->P, p, end ) ) != 0 || + ( ret = dhm_read_bignum( &ctx->G, p, end ) ) != 0 || + ( ret = dhm_read_bignum( &ctx->GY, p, end ) ) != 0 ) + return( ret ); + + ctx->len = mpi_size( &ctx->P ); + + if( end - *p < 2 ) + return( XYSSL_ERR_DHM_BAD_INPUT_DATA ); + + n = ( (*p)[0] << 8 ) | (*p)[1]; + (*p) += 2; + + if( end != *p + n ) + return( XYSSL_ERR_DHM_BAD_INPUT_DATA ); + + return( 0 ); +} + +/* + * Setup and write the ServerKeyExchange parameters + */ +int dhm_make_params( dhm_context *ctx, int x_size, + unsigned char *output, int *olen, + int (*f_rng)(void *), void *p_rng ) +{ + int i, ret, n, n1, n2, n3; + unsigned char *p; + + /* + * generate X and calculate GX = G^X mod P + */ + n = x_size / sizeof( t_int ); + MPI_CHK( mpi_grow( &ctx->X, n ) ); + MPI_CHK( mpi_lset( &ctx->X, 0 ) ); + + n = x_size >> 3; + p = (unsigned char *) ctx->X.p; + for( i = 0; i < n; i++ ) + *p++ = (unsigned char) f_rng( p_rng ); + + while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) + mpi_shift_r( &ctx->X, 1 ); + + MPI_CHK( mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X, + &ctx->P , &ctx->RP ) ); + + /* + * export P, G, GX + */ +#define DHM_MPI_EXPORT(X,n) \ + MPI_CHK( mpi_write_binary( X, p + 2, n ) ); \ + *p++ = (unsigned char)( n >> 8 ); \ + *p++ = (unsigned char)( n ); p += n; + + n1 = mpi_size( &ctx->P ); + n2 = mpi_size( &ctx->G ); + n3 = mpi_size( &ctx->GX ); + + p = output; + DHM_MPI_EXPORT( &ctx->P , n1 ); + DHM_MPI_EXPORT( &ctx->G , n2 ); + DHM_MPI_EXPORT( &ctx->GX, n3 ); + + *olen = p - output; + + ctx->len = n1; + +cleanup: + + if( ret != 0 ) + return( ret | XYSSL_ERR_DHM_MAKE_PARAMS_FAILED ); + + return( 0 ); +} + +/* + * Import the peer's public value G^Y + */ +int dhm_read_public( dhm_context *ctx, + unsigned char *input, int ilen ) +{ + int ret; + + if( ctx == NULL || ilen < 1 || ilen > ctx->len ) + return( XYSSL_ERR_DHM_BAD_INPUT_DATA ); + + if( ( ret = mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 ) + return( XYSSL_ERR_DHM_READ_PUBLIC_FAILED | ret ); + + return( 0 ); +} + +/* + * Create own private value X and export G^X + */ +int dhm_make_public( dhm_context *ctx, int x_size, + unsigned char *output, int olen, + int (*f_rng)(void *), void *p_rng ) +{ + int ret, i, n; + unsigned char *p; + + if( ctx == NULL || olen < 1 || olen > ctx->len ) + return( XYSSL_ERR_DHM_BAD_INPUT_DATA ); + + /* + * generate X and calculate GX = G^X mod P + */ + n = x_size / sizeof( t_int ); + MPI_CHK( mpi_grow( &ctx->X, n ) ); + MPI_CHK( mpi_lset( &ctx->X, 0 ) ); + + n = x_size >> 3; + p = (unsigned char *) ctx->X.p; + for( i = 0; i < n; i++ ) + *p++ = (unsigned char) f_rng( p_rng ); + + while( mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) + mpi_shift_r( &ctx->X, 1 ); + + MPI_CHK( mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X, + &ctx->P , &ctx->RP ) ); + + MPI_CHK( mpi_write_binary( &ctx->GX, output, olen ) ); + +cleanup: + + if( ret != 0 ) + return( XYSSL_ERR_DHM_MAKE_PUBLIC_FAILED | ret ); + + return( 0 ); +} + +/* + * Derive and export the shared secret (G^Y)^X mod P + */ +int dhm_calc_secret( dhm_context *ctx, + unsigned char *output, int *olen ) +{ + int ret; + + if( ctx == NULL || *olen < ctx->len ) + return( XYSSL_ERR_DHM_BAD_INPUT_DATA ); + + MPI_CHK( mpi_exp_mod( &ctx->K, &ctx->GY, &ctx->X, + &ctx->P, &ctx->RP ) ); + + *olen = mpi_size( &ctx->K ); + + MPI_CHK( mpi_write_binary( &ctx->K, output, *olen ) ); + +cleanup: + + if( ret != 0 ) + return( XYSSL_ERR_DHM_CALC_SECRET_FAILED | ret ); + + return( 0 ); +} + +/* + * Free the components of a DHM key + */ +void dhm_free( dhm_context *ctx ) +{ + mpi_free( &ctx->RP, &ctx->K, &ctx->GY, + &ctx->GX, &ctx->X, &ctx->G, + &ctx->P, NULL ); +} + +#if defined(XYSSL_SELF_TEST) + +/* + * Checkup routine + */ +int dhm_self_test( int verbose ) +{ + return( verbose++ ); +} + +#endif + +#endif diff --git a/library/havege.c b/library/havege.c new file mode 100644 index 000000000..48ae7e6a3 --- /dev/null +++ b/library/havege.c @@ -0,0 +1,261 @@ +/* + * HAVEGE: HArdware Volatile Entropy Gathering and Expansion + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +/* + * The HAVEGE RNG was designed by Andre Seznec in 2002. + * + * http://www.irisa.fr/caps/projects/hipsor/publi.php + * + * Contact: seznec(at)irisa_dot_fr - orocheco(at)irisa_dot_fr + */ + +#include +#include + +#include "xyssl/config.h" + +#if defined(XYSSL_HAVEGE_C) + +#include "xyssl/havege.h" +#include "xyssl/timing.h" + +/* ------------------------------------------------------------------------ + * On average, one iteration accesses two 8-word blocks in the havege WALK + * table, and generates 16 words in the RES array. + * + * The data read in the WALK table is updated and permuted after each use. + * The result of the hardware clock counter read is used for this update. + * + * 25 conditional tests are present. The conditional tests are grouped in + * two nested groups of 12 conditional tests and 1 test that controls the + * permutation; on average, there should be 6 tests executed and 3 of them + * should be mispredicted. + * ------------------------------------------------------------------------ + */ + +#define SWAP(X,Y) { int *T = X; X = Y; Y = T; } + +#define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1; +#define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1; + +#define TST1_LEAVE U1++; } +#define TST2_LEAVE U2++; } + +#define ONE_ITERATION \ + \ + PTEST = PT1 >> 20; \ + \ + TST1_ENTER TST1_ENTER TST1_ENTER TST1_ENTER \ + TST1_ENTER TST1_ENTER TST1_ENTER TST1_ENTER \ + TST1_ENTER TST1_ENTER TST1_ENTER TST1_ENTER \ + \ + TST1_LEAVE TST1_LEAVE TST1_LEAVE TST1_LEAVE \ + TST1_LEAVE TST1_LEAVE TST1_LEAVE TST1_LEAVE \ + TST1_LEAVE TST1_LEAVE TST1_LEAVE TST1_LEAVE \ + \ + PTX = (PT1 >> 18) & 7; \ + PT1 &= 0x1FFF; \ + PT2 &= 0x1FFF; \ + CLK = (int) hardclock(); \ + \ + i = 0; \ + A = &WALK[PT1 ]; RES[i++] ^= *A; \ + B = &WALK[PT2 ]; RES[i++] ^= *B; \ + C = &WALK[PT1 ^ 1]; RES[i++] ^= *C; \ + D = &WALK[PT2 ^ 4]; RES[i++] ^= *D; \ + \ + IN = (*A >> (1)) ^ (*A << (31)) ^ CLK; \ + *A = (*B >> (2)) ^ (*B << (30)) ^ CLK; \ + *B = IN ^ U1; \ + *C = (*C >> (3)) ^ (*C << (29)) ^ CLK; \ + *D = (*D >> (4)) ^ (*D << (28)) ^ CLK; \ + \ + A = &WALK[PT1 ^ 2]; RES[i++] ^= *A; \ + B = &WALK[PT2 ^ 2]; RES[i++] ^= *B; \ + C = &WALK[PT1 ^ 3]; RES[i++] ^= *C; \ + D = &WALK[PT2 ^ 6]; RES[i++] ^= *D; \ + \ + if( PTEST & 1 ) SWAP( A, C ); \ + \ + IN = (*A >> (5)) ^ (*A << (27)) ^ CLK; \ + *A = (*B >> (6)) ^ (*B << (26)) ^ CLK; \ + *B = IN; CLK = (int) hardclock(); \ + *C = (*C >> (7)) ^ (*C << (25)) ^ CLK; \ + *D = (*D >> (8)) ^ (*D << (24)) ^ CLK; \ + \ + A = &WALK[PT1 ^ 4]; \ + B = &WALK[PT2 ^ 1]; \ + \ + PTEST = PT2 >> 1; \ + \ + PT2 = (RES[(i - 8) ^ PTY] ^ WALK[PT2 ^ PTY ^ 7]); \ + PT2 = ((PT2 & 0x1FFF) & (~8)) ^ ((PT1 ^ 8) & 0x8); \ + PTY = (PT2 >> 10) & 7; \ + \ + TST2_ENTER TST2_ENTER TST2_ENTER TST2_ENTER \ + TST2_ENTER TST2_ENTER TST2_ENTER TST2_ENTER \ + TST2_ENTER TST2_ENTER TST2_ENTER TST2_ENTER \ + \ + TST2_LEAVE TST2_LEAVE TST2_LEAVE TST2_LEAVE \ + TST2_LEAVE TST2_LEAVE TST2_LEAVE TST2_LEAVE \ + TST2_LEAVE TST2_LEAVE TST2_LEAVE TST2_LEAVE \ + \ + C = &WALK[PT1 ^ 5]; \ + D = &WALK[PT2 ^ 5]; \ + \ + RES[i++] ^= *A; \ + RES[i++] ^= *B; \ + RES[i++] ^= *C; \ + RES[i++] ^= *D; \ + \ + IN = (*A >> ( 9)) ^ (*A << (23)) ^ CLK; \ + *A = (*B >> (10)) ^ (*B << (22)) ^ CLK; \ + *B = IN ^ U2; \ + *C = (*C >> (11)) ^ (*C << (21)) ^ CLK; \ + *D = (*D >> (12)) ^ (*D << (20)) ^ CLK; \ + \ + A = &WALK[PT1 ^ 6]; RES[i++] ^= *A; \ + B = &WALK[PT2 ^ 3]; RES[i++] ^= *B; \ + C = &WALK[PT1 ^ 7]; RES[i++] ^= *C; \ + D = &WALK[PT2 ^ 7]; RES[i++] ^= *D; \ + \ + IN = (*A >> (13)) ^ (*A << (19)) ^ CLK; \ + *A = (*B >> (14)) ^ (*B << (18)) ^ CLK; \ + *B = IN; \ + *C = (*C >> (15)) ^ (*C << (17)) ^ CLK; \ + *D = (*D >> (16)) ^ (*D << (16)) ^ CLK; \ + \ + PT1 = ( RES[(i - 8) ^ PTX] ^ \ + WALK[PT1 ^ PTX ^ 7] ) & (~1); \ + PT1 ^= (PT2 ^ 0x10) & 0x10; \ + \ + for( n++, i = 0; i < 16; i++ ) \ + hs->pool[n % COLLECT_SIZE] ^= RES[i]; + +/* + * Entropy gathering function + */ +static void havege_fill( havege_state *hs ) +{ + int i, n = 0; + int U1, U2, *A, *B, *C, *D; + int PT1, PT2, *WALK, RES[16]; + int PTX, PTY, CLK, PTEST, IN; + + WALK = hs->WALK; + PT1 = hs->PT1; + PT2 = hs->PT2; + + PTX = U1 = 0; + PTY = U2 = 0; + + memset( RES, 0, sizeof( RES ) ); + + while( n < COLLECT_SIZE * 4 ) + { + ONE_ITERATION + ONE_ITERATION + ONE_ITERATION + ONE_ITERATION + } + + hs->PT1 = PT1; + hs->PT2 = PT2; + + hs->offset[0] = 0; + hs->offset[1] = COLLECT_SIZE / 2; +} + +/* + * HAVEGE initialization + */ +void havege_init( havege_state *hs ) +{ + memset( hs, 0, sizeof( havege_state ) ); + + havege_fill( hs ); +} + +/* + * HAVEGE rand function + */ +int havege_rand( void *p_rng ) +{ + int ret; + havege_state *hs = (havege_state *) p_rng; + + if( hs->offset[1] >= COLLECT_SIZE ) + havege_fill( hs ); + + ret = hs->pool[hs->offset[0]++]; + ret ^= hs->pool[hs->offset[1]++]; + + return( ret ); +} + +#if defined(XYSSL_RAND_TEST) + +#include + +int main( int argc, char *argv[] ) +{ + FILE *f; + time_t t; + int i, j, k; + havege_state hs; + unsigned char buf[1024]; + + if( argc < 2 ) + { + fprintf( stderr, "usage: %s \n", argv[0] ); + return( 1 ); + } + + if( ( f = fopen( argv[1], "wb+" ) ) == NULL ) + { + printf( "failed to open '%s' for writing.\n", argv[0] ); + return( 1 ); + } + + havege_init( &hs ); + + t = time( NULL ); + + for( i = 0, k = 32768; i < k; i++ ) + { + for( j = 0; j < sizeof( buf ); j++ ) + buf[j] = havege_rand( &hs ); + + fwrite( buf, sizeof( buf ), 1, f ); + + printf( "Generating 32Mb of data in file '%s'... %04.1f" \ + "%% done\r", argv[1], (100 * (float) (i + 1)) / k ); + fflush( stdout ); + } + + if( t == time( NULL ) ) + t--; + + fclose( f ); + return( 0 ); +} + +#endif + +#endif diff --git a/library/md2.c b/library/md2.c new file mode 100644 index 000000000..9cfce4ab0 --- /dev/null +++ b/library/md2.c @@ -0,0 +1,343 @@ +/* + * RFC 1115/1319 compliant MD2 implementation + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +/* + * The MD2 algorithm was designed by Ron Rivest in 1989. + * + * http://www.ietf.org/rfc/rfc1115.txt + * http://www.ietf.org/rfc/rfc1319.txt + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_MD2_C) + +#include "xyssl/md2.h" + +#include +#include + +static const unsigned char PI_SUBST[256] = +{ + 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36, + 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, 0x62, 0xA7, 0x05, 0xF3, + 0xC0, 0xC7, 0x73, 0x8C, 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, + 0x82, 0xCA, 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16, + 0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, 0xBE, 0x4E, + 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, 0xA0, 0xFB, 0xF5, 0x8E, + 0xBB, 0x2F, 0xEE, 0x7A, 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, + 0x07, 0x3F, 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21, + 0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, 0x35, 0x3E, + 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, 0xFF, 0x19, 0x30, 0xB3, + 0x48, 0xA5, 0xB5, 0xD1, 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, + 0xAA, 0xC6, 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6, + 0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, 0x45, 0x9D, + 0x70, 0x59, 0x64, 0x71, 0x87, 0x20, 0x86, 0x5B, 0xCF, 0x65, + 0xE6, 0x2D, 0xA8, 0x02, 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, + 0xB9, 0xF6, 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F, + 0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, 0xC3, 0x5C, + 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, 0x2C, 0x53, 0x0D, 0x6E, + 0x85, 0x28, 0x84, 0x09, 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, + 0x4D, 0x52, 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA, + 0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, 0x78, 0x88, + 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, 0xE9, 0xCB, 0xD5, 0xFE, + 0x3B, 0x00, 0x1D, 0x39, 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, + 0xD0, 0xE4, 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A, + 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, 0xDB, 0x99, + 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14 +}; + +/* + * MD2 context setup + */ +void md2_starts( md2_context *ctx ) +{ + memset( ctx, 0, sizeof( md2_context ) ); +} + +static void md2_process( md2_context *ctx ) +{ + int i, j; + unsigned char t = 0; + + for( i = 0; i < 16; i++ ) + { + ctx->state[i + 16] = ctx->buffer[i]; + ctx->state[i + 32] = + (unsigned char)( ctx->buffer[i] ^ ctx->state[i]); + } + + for( i = 0; i < 18; i++ ) + { + for( j = 0; j < 48; j++ ) + { + ctx->state[j] = (unsigned char) + ( ctx->state[j] ^ PI_SUBST[t] ); + t = ctx->state[j]; + } + + t = (unsigned char)( t + i ); + } + + t = ctx->cksum[15]; + + for( i = 0; i < 16; i++ ) + { + ctx->cksum[i] = (unsigned char) + ( ctx->cksum[i] ^ PI_SUBST[ctx->buffer[i] ^ t] ); + t = ctx->cksum[i]; + } +} + +/* + * MD2 process buffer + */ +void md2_update( md2_context *ctx, unsigned char *input, int ilen ) +{ + int fill; + + while( ilen > 0 ) + { + if( ctx->left + ilen > 16 ) + fill = 16 - ctx->left; + else + fill = ilen; + + memcpy( ctx->buffer + ctx->left, input, fill ); + + ctx->left += fill; + input += fill; + ilen -= fill; + + if( ctx->left == 16 ) + { + ctx->left = 0; + md2_process( ctx ); + } + } +} + +/* + * MD2 final digest + */ +void md2_finish( md2_context *ctx, unsigned char output[16] ) +{ + int i; + unsigned char x; + + x = (unsigned char)( 16 - ctx->left ); + + for( i = ctx->left; i < 16; i++ ) + ctx->buffer[i] = x; + + md2_process( ctx ); + + memcpy( ctx->buffer, ctx->cksum, 16 ); + md2_process( ctx ); + + memcpy( output, ctx->state, 16 ); +} + +/* + * output = MD2( input buffer ) + */ +void md2( unsigned char *input, int ilen, unsigned char output[16] ) +{ + md2_context ctx; + + md2_starts( &ctx ); + md2_update( &ctx, input, ilen ); + md2_finish( &ctx, output ); + + memset( &ctx, 0, sizeof( md2_context ) ); +} + +/* + * output = MD2( file contents ) + */ +int md2_file( char *path, unsigned char output[16] ) +{ + FILE *f; + size_t n; + md2_context ctx; + unsigned char buf[1024]; + + if( ( f = fopen( path, "rb" ) ) == NULL ) + return( 1 ); + + md2_starts( &ctx ); + + while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) + md2_update( &ctx, buf, (int) n ); + + md2_finish( &ctx, output ); + + memset( &ctx, 0, sizeof( md2_context ) ); + + if( ferror( f ) != 0 ) + { + fclose( f ); + return( 2 ); + } + + fclose( f ); + return( 0 ); +} + +/* + * MD2 HMAC context setup + */ +void md2_hmac_starts( md2_context *ctx, unsigned char *key, int keylen ) +{ + int i; + unsigned char sum[16]; + + if( keylen > 64 ) + { + md2( key, keylen, sum ); + keylen = 16; + key = sum; + } + + memset( ctx->ipad, 0x36, 64 ); + memset( ctx->opad, 0x5C, 64 ); + + for( i = 0; i < keylen; i++ ) + { + ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] ); + ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] ); + } + + md2_starts( ctx ); + md2_update( ctx, ctx->ipad, 64 ); + + memset( sum, 0, sizeof( sum ) ); +} + +/* + * MD2 HMAC process buffer + */ +void md2_hmac_update( md2_context *ctx, unsigned char *input, int ilen ) +{ + md2_update( ctx, input, ilen ); +} + +/* + * MD2 HMAC final digest + */ +void md2_hmac_finish( md2_context *ctx, unsigned char output[16] ) +{ + unsigned char tmpbuf[16]; + + md2_finish( ctx, tmpbuf ); + md2_starts( ctx ); + md2_update( ctx, ctx->opad, 64 ); + md2_update( ctx, tmpbuf, 16 ); + md2_finish( ctx, output ); + + memset( tmpbuf, 0, sizeof( tmpbuf ) ); +} + +/* + * output = HMAC-MD2( hmac key, input buffer ) + */ +void md2_hmac( unsigned char *key, int keylen, unsigned char *input, int ilen, + unsigned char output[16] ) +{ + md2_context ctx; + + md2_hmac_starts( &ctx, key, keylen ); + md2_hmac_update( &ctx, input, ilen ); + md2_hmac_finish( &ctx, output ); + + memset( &ctx, 0, sizeof( md2_context ) ); +} + +#if defined(XYSSL_SELF_TEST) + +/* + * RFC 1319 test vectors + */ +static const char md2_test_str[7][81] = +{ + { "" }, + { "a" }, + { "abc" }, + { "message digest" }, + { "abcdefghijklmnopqrstuvwxyz" }, + { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, + { "12345678901234567890123456789012345678901234567890123456789012" \ + "345678901234567890" } +}; + +static const unsigned char md2_test_sum[7][16] = +{ + { 0x83, 0x50, 0xE5, 0xA3, 0xE2, 0x4C, 0x15, 0x3D, + 0xF2, 0x27, 0x5C, 0x9F, 0x80, 0x69, 0x27, 0x73 }, + { 0x32, 0xEC, 0x01, 0xEC, 0x4A, 0x6D, 0xAC, 0x72, + 0xC0, 0xAB, 0x96, 0xFB, 0x34, 0xC0, 0xB5, 0xD1 }, + { 0xDA, 0x85, 0x3B, 0x0D, 0x3F, 0x88, 0xD9, 0x9B, + 0x30, 0x28, 0x3A, 0x69, 0xE6, 0xDE, 0xD6, 0xBB }, + { 0xAB, 0x4F, 0x49, 0x6B, 0xFB, 0x2A, 0x53, 0x0B, + 0x21, 0x9F, 0xF3, 0x30, 0x31, 0xFE, 0x06, 0xB0 }, + { 0x4E, 0x8D, 0xDF, 0xF3, 0x65, 0x02, 0x92, 0xAB, + 0x5A, 0x41, 0x08, 0xC3, 0xAA, 0x47, 0x94, 0x0B }, + { 0xDA, 0x33, 0xDE, 0xF2, 0xA4, 0x2D, 0xF1, 0x39, + 0x75, 0x35, 0x28, 0x46, 0xC3, 0x03, 0x38, 0xCD }, + { 0xD5, 0x97, 0x6F, 0x79, 0xD8, 0x3D, 0x3A, 0x0D, + 0xC9, 0x80, 0x6C, 0x3C, 0x66, 0xF3, 0xEF, 0xD8 } +}; + +/* + * Checkup routine + */ +int md2_self_test( int verbose ) +{ + int i; + unsigned char md2sum[16]; + + for( i = 0; i < 7; i++ ) + { + if( verbose != 0 ) + printf( " MD2 test #%d: ", i + 1 ); + + md2( (unsigned char *) md2_test_str[i], + strlen( md2_test_str[i] ), md2sum ); + + if( memcmp( md2sum, md2_test_sum[i], 16 ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n" ); + } + + if( verbose != 0 ) + printf( "\n" ); + + return( 0 ); +} + +#endif + +#endif diff --git a/library/md4.c b/library/md4.c new file mode 100644 index 000000000..67fcd9995 --- /dev/null +++ b/library/md4.c @@ -0,0 +1,442 @@ +/* + * RFC 1186/1320 compliant MD4 implementation + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +/* + * The MD4 algorithm was designed by Ron Rivest in 1990. + * + * http://www.ietf.org/rfc/rfc1186.txt + * http://www.ietf.org/rfc/rfc1320.txt + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_MD4_C) + +#include "xyssl/md4.h" + +#include +#include + +/* + * 32-bit integer manipulation macros (little endian) + */ +#ifndef GET_ULONG_LE +#define GET_ULONG_LE(n,b,i) \ +{ \ + (n) = ( (unsigned long) (b)[(i) ] ) \ + | ( (unsigned long) (b)[(i) + 1] << 8 ) \ + | ( (unsigned long) (b)[(i) + 2] << 16 ) \ + | ( (unsigned long) (b)[(i) + 3] << 24 ); \ +} +#endif + +#ifndef PUT_ULONG_LE +#define PUT_ULONG_LE(n,b,i) \ +{ \ + (b)[(i) ] = (unsigned char) ( (n) ); \ + (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \ + (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \ + (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \ +} +#endif + +/* + * MD4 context setup + */ +void md4_starts( md4_context *ctx ) +{ + ctx->total[0] = 0; + ctx->total[1] = 0; + + ctx->state[0] = 0x67452301; + ctx->state[1] = 0xEFCDAB89; + ctx->state[2] = 0x98BADCFE; + ctx->state[3] = 0x10325476; +} + +static void md4_process( md4_context *ctx, unsigned char data[64] ) +{ + unsigned long X[16], A, B, C, D; + + GET_ULONG_LE( X[ 0], data, 0 ); + GET_ULONG_LE( X[ 1], data, 4 ); + GET_ULONG_LE( X[ 2], data, 8 ); + GET_ULONG_LE( X[ 3], data, 12 ); + GET_ULONG_LE( X[ 4], data, 16 ); + GET_ULONG_LE( X[ 5], data, 20 ); + GET_ULONG_LE( X[ 6], data, 24 ); + GET_ULONG_LE( X[ 7], data, 28 ); + GET_ULONG_LE( X[ 8], data, 32 ); + GET_ULONG_LE( X[ 9], data, 36 ); + GET_ULONG_LE( X[10], data, 40 ); + GET_ULONG_LE( X[11], data, 44 ); + GET_ULONG_LE( X[12], data, 48 ); + GET_ULONG_LE( X[13], data, 52 ); + GET_ULONG_LE( X[14], data, 56 ); + GET_ULONG_LE( X[15], data, 60 ); + +#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n))) + + A = ctx->state[0]; + B = ctx->state[1]; + C = ctx->state[2]; + D = ctx->state[3]; + +#define F(x, y, z) ((x & y) | ((~x) & z)) +#define P(a,b,c,d,x,s) { a += F(b,c,d) + x; a = S(a,s); } + + P( A, B, C, D, X[ 0], 3 ); + P( D, A, B, C, X[ 1], 7 ); + P( C, D, A, B, X[ 2], 11 ); + P( B, C, D, A, X[ 3], 19 ); + P( A, B, C, D, X[ 4], 3 ); + P( D, A, B, C, X[ 5], 7 ); + P( C, D, A, B, X[ 6], 11 ); + P( B, C, D, A, X[ 7], 19 ); + P( A, B, C, D, X[ 8], 3 ); + P( D, A, B, C, X[ 9], 7 ); + P( C, D, A, B, X[10], 11 ); + P( B, C, D, A, X[11], 19 ); + P( A, B, C, D, X[12], 3 ); + P( D, A, B, C, X[13], 7 ); + P( C, D, A, B, X[14], 11 ); + P( B, C, D, A, X[15], 19 ); + +#undef P +#undef F + +#define F(x,y,z) ((x & y) | (x & z) | (y & z)) +#define P(a,b,c,d,x,s) { a += F(b,c,d) + x + 0x5A827999; a = S(a,s); } + + P( A, B, C, D, X[ 0], 3 ); + P( D, A, B, C, X[ 4], 5 ); + P( C, D, A, B, X[ 8], 9 ); + P( B, C, D, A, X[12], 13 ); + P( A, B, C, D, X[ 1], 3 ); + P( D, A, B, C, X[ 5], 5 ); + P( C, D, A, B, X[ 9], 9 ); + P( B, C, D, A, X[13], 13 ); + P( A, B, C, D, X[ 2], 3 ); + P( D, A, B, C, X[ 6], 5 ); + P( C, D, A, B, X[10], 9 ); + P( B, C, D, A, X[14], 13 ); + P( A, B, C, D, X[ 3], 3 ); + P( D, A, B, C, X[ 7], 5 ); + P( C, D, A, B, X[11], 9 ); + P( B, C, D, A, X[15], 13 ); + +#undef P +#undef F + +#define F(x,y,z) (x ^ y ^ z) +#define P(a,b,c,d,x,s) { a += F(b,c,d) + x + 0x6ED9EBA1; a = S(a,s); } + + P( A, B, C, D, X[ 0], 3 ); + P( D, A, B, C, X[ 8], 9 ); + P( C, D, A, B, X[ 4], 11 ); + P( B, C, D, A, X[12], 15 ); + P( A, B, C, D, X[ 2], 3 ); + P( D, A, B, C, X[10], 9 ); + P( C, D, A, B, X[ 6], 11 ); + P( B, C, D, A, X[14], 15 ); + P( A, B, C, D, X[ 1], 3 ); + P( D, A, B, C, X[ 9], 9 ); + P( C, D, A, B, X[ 5], 11 ); + P( B, C, D, A, X[13], 15 ); + P( A, B, C, D, X[ 3], 3 ); + P( D, A, B, C, X[11], 9 ); + P( C, D, A, B, X[ 7], 11 ); + P( B, C, D, A, X[15], 15 ); + +#undef F +#undef P + + ctx->state[0] += A; + ctx->state[1] += B; + ctx->state[2] += C; + ctx->state[3] += D; +} + +/* + * MD4 process buffer + */ +void md4_update( md4_context *ctx, unsigned char *input, int ilen ) +{ + int fill; + unsigned long left; + + if( ilen <= 0 ) + return; + + left = ctx->total[0] & 0x3F; + fill = 64 - left; + + ctx->total[0] += ilen; + ctx->total[0] &= 0xFFFFFFFF; + + if( ctx->total[0] < (unsigned long) ilen ) + ctx->total[1]++; + + if( left && ilen >= fill ) + { + memcpy( (void *) (ctx->buffer + left), + (void *) input, fill ); + md4_process( ctx, ctx->buffer ); + input += fill; + ilen -= fill; + left = 0; + } + + while( ilen >= 64 ) + { + md4_process( ctx, input ); + input += 64; + ilen -= 64; + } + + if( ilen > 0 ) + { + memcpy( (void *) (ctx->buffer + left), + (void *) input, ilen ); + } +} + +static const unsigned char md4_padding[64] = +{ + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* + * MD4 final digest + */ +void md4_finish( md4_context *ctx, unsigned char output[16] ) +{ + unsigned long last, padn; + unsigned long high, low; + unsigned char msglen[8]; + + high = ( ctx->total[0] >> 29 ) + | ( ctx->total[1] << 3 ); + low = ( ctx->total[0] << 3 ); + + PUT_ULONG_LE( low, msglen, 0 ); + PUT_ULONG_LE( high, msglen, 4 ); + + last = ctx->total[0] & 0x3F; + padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); + + md4_update( ctx, (unsigned char *) md4_padding, padn ); + md4_update( ctx, msglen, 8 ); + + PUT_ULONG_LE( ctx->state[0], output, 0 ); + PUT_ULONG_LE( ctx->state[1], output, 4 ); + PUT_ULONG_LE( ctx->state[2], output, 8 ); + PUT_ULONG_LE( ctx->state[3], output, 12 ); +} + +/* + * output = MD4( input buffer ) + */ +void md4( unsigned char *input, int ilen, unsigned char output[16] ) +{ + md4_context ctx; + + md4_starts( &ctx ); + md4_update( &ctx, input, ilen ); + md4_finish( &ctx, output ); + + memset( &ctx, 0, sizeof( md4_context ) ); +} + +/* + * output = MD4( file contents ) + */ +int md4_file( char *path, unsigned char output[16] ) +{ + FILE *f; + size_t n; + md4_context ctx; + unsigned char buf[1024]; + + if( ( f = fopen( path, "rb" ) ) == NULL ) + return( 1 ); + + md4_starts( &ctx ); + + while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) + md4_update( &ctx, buf, (int) n ); + + md4_finish( &ctx, output ); + + memset( &ctx, 0, sizeof( md4_context ) ); + + if( ferror( f ) != 0 ) + { + fclose( f ); + return( 2 ); + } + + fclose( f ); + return( 0 ); +} + +/* + * MD4 HMAC context setup + */ +void md4_hmac_starts( md4_context *ctx, unsigned char *key, int keylen ) +{ + int i; + unsigned char sum[16]; + + if( keylen > 64 ) + { + md4( key, keylen, sum ); + keylen = 16; + key = sum; + } + + memset( ctx->ipad, 0x36, 64 ); + memset( ctx->opad, 0x5C, 64 ); + + for( i = 0; i < keylen; i++ ) + { + ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] ); + ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] ); + } + + md4_starts( ctx ); + md4_update( ctx, ctx->ipad, 64 ); + + memset( sum, 0, sizeof( sum ) ); +} + +/* + * MD4 HMAC process buffer + */ +void md4_hmac_update( md4_context *ctx, unsigned char *input, int ilen ) +{ + md4_update( ctx, input, ilen ); +} + +/* + * MD4 HMAC final digest + */ +void md4_hmac_finish( md4_context *ctx, unsigned char output[16] ) +{ + unsigned char tmpbuf[16]; + + md4_finish( ctx, tmpbuf ); + md4_starts( ctx ); + md4_update( ctx, ctx->opad, 64 ); + md4_update( ctx, tmpbuf, 16 ); + md4_finish( ctx, output ); + + memset( tmpbuf, 0, sizeof( tmpbuf ) ); +} + +/* + * output = HMAC-MD4( hmac key, input buffer ) + */ +void md4_hmac( unsigned char *key, int keylen, unsigned char *input, int ilen, + unsigned char output[16] ) +{ + md4_context ctx; + + md4_hmac_starts( &ctx, key, keylen ); + md4_hmac_update( &ctx, input, ilen ); + md4_hmac_finish( &ctx, output ); + + memset( &ctx, 0, sizeof( md4_context ) ); +} + +#if defined(XYSSL_SELF_TEST) + +/* + * RFC 1320 test vectors + */ +static const char md4_test_str[7][81] = +{ + { "" }, + { "a" }, + { "abc" }, + { "message digest" }, + { "abcdefghijklmnopqrstuvwxyz" }, + { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, + { "12345678901234567890123456789012345678901234567890123456789012" \ + "345678901234567890" } +}; + +static const unsigned char md4_test_sum[7][16] = +{ + { 0x31, 0xD6, 0xCF, 0xE0, 0xD1, 0x6A, 0xE9, 0x31, + 0xB7, 0x3C, 0x59, 0xD7, 0xE0, 0xC0, 0x89, 0xC0 }, + { 0xBD, 0xE5, 0x2C, 0xB3, 0x1D, 0xE3, 0x3E, 0x46, + 0x24, 0x5E, 0x05, 0xFB, 0xDB, 0xD6, 0xFB, 0x24 }, + { 0xA4, 0x48, 0x01, 0x7A, 0xAF, 0x21, 0xD8, 0x52, + 0x5F, 0xC1, 0x0A, 0xE8, 0x7A, 0xA6, 0x72, 0x9D }, + { 0xD9, 0x13, 0x0A, 0x81, 0x64, 0x54, 0x9F, 0xE8, + 0x18, 0x87, 0x48, 0x06, 0xE1, 0xC7, 0x01, 0x4B }, + { 0xD7, 0x9E, 0x1C, 0x30, 0x8A, 0xA5, 0xBB, 0xCD, + 0xEE, 0xA8, 0xED, 0x63, 0xDF, 0x41, 0x2D, 0xA9 }, + { 0x04, 0x3F, 0x85, 0x82, 0xF2, 0x41, 0xDB, 0x35, + 0x1C, 0xE6, 0x27, 0xE1, 0x53, 0xE7, 0xF0, 0xE4 }, + { 0xE3, 0x3B, 0x4D, 0xDC, 0x9C, 0x38, 0xF2, 0x19, + 0x9C, 0x3E, 0x7B, 0x16, 0x4F, 0xCC, 0x05, 0x36 } +}; + +/* + * Checkup routine + */ +int md4_self_test( int verbose ) +{ + int i; + unsigned char md4sum[16]; + + for( i = 0; i < 7; i++ ) + { + if( verbose != 0 ) + printf( " MD4 test #%d: ", i + 1 ); + + md4( (unsigned char *) md4_test_str[i], + strlen( md4_test_str[i] ), md4sum ); + + if( memcmp( md4sum, md4_test_sum[i], 16 ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n" ); + } + + if( verbose != 0 ) + printf( "\n" ); + + return( 0 ); +} + +#endif + +#endif diff --git a/library/md5.c b/library/md5.c new file mode 100644 index 000000000..b52941d2f --- /dev/null +++ b/library/md5.c @@ -0,0 +1,565 @@ +/* + * RFC 1321 compliant MD5 implementation + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +/* + * The MD5 algorithm was designed by Ron Rivest in 1991. + * + * http://www.ietf.org/rfc/rfc1321.txt + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_MD5_C) + +#include "xyssl/md5.h" + +#include +#include + +/* + * 32-bit integer manipulation macros (little endian) + */ +#ifndef GET_ULONG_LE +#define GET_ULONG_LE(n,b,i) \ +{ \ + (n) = ( (unsigned long) (b)[(i) ] ) \ + | ( (unsigned long) (b)[(i) + 1] << 8 ) \ + | ( (unsigned long) (b)[(i) + 2] << 16 ) \ + | ( (unsigned long) (b)[(i) + 3] << 24 ); \ +} +#endif + +#ifndef PUT_ULONG_LE +#define PUT_ULONG_LE(n,b,i) \ +{ \ + (b)[(i) ] = (unsigned char) ( (n) ); \ + (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \ + (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \ + (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \ +} +#endif + +/* + * MD5 context setup + */ +void md5_starts( md5_context *ctx ) +{ + ctx->total[0] = 0; + ctx->total[1] = 0; + + ctx->state[0] = 0x67452301; + ctx->state[1] = 0xEFCDAB89; + ctx->state[2] = 0x98BADCFE; + ctx->state[3] = 0x10325476; +} + +static void md5_process( md5_context *ctx, unsigned char data[64] ) +{ + unsigned long X[16], A, B, C, D; + + GET_ULONG_LE( X[ 0], data, 0 ); + GET_ULONG_LE( X[ 1], data, 4 ); + GET_ULONG_LE( X[ 2], data, 8 ); + GET_ULONG_LE( X[ 3], data, 12 ); + GET_ULONG_LE( X[ 4], data, 16 ); + GET_ULONG_LE( X[ 5], data, 20 ); + GET_ULONG_LE( X[ 6], data, 24 ); + GET_ULONG_LE( X[ 7], data, 28 ); + GET_ULONG_LE( X[ 8], data, 32 ); + GET_ULONG_LE( X[ 9], data, 36 ); + GET_ULONG_LE( X[10], data, 40 ); + GET_ULONG_LE( X[11], data, 44 ); + GET_ULONG_LE( X[12], data, 48 ); + GET_ULONG_LE( X[13], data, 52 ); + GET_ULONG_LE( X[14], data, 56 ); + GET_ULONG_LE( X[15], data, 60 ); + +#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n))) + +#define P(a,b,c,d,k,s,t) \ +{ \ + a += F(b,c,d) + X[k] + t; a = S(a,s) + b; \ +} + + A = ctx->state[0]; + B = ctx->state[1]; + C = ctx->state[2]; + D = ctx->state[3]; + +#define F(x,y,z) (z ^ (x & (y ^ z))) + + P( A, B, C, D, 0, 7, 0xD76AA478 ); + P( D, A, B, C, 1, 12, 0xE8C7B756 ); + P( C, D, A, B, 2, 17, 0x242070DB ); + P( B, C, D, A, 3, 22, 0xC1BDCEEE ); + P( A, B, C, D, 4, 7, 0xF57C0FAF ); + P( D, A, B, C, 5, 12, 0x4787C62A ); + P( C, D, A, B, 6, 17, 0xA8304613 ); + P( B, C, D, A, 7, 22, 0xFD469501 ); + P( A, B, C, D, 8, 7, 0x698098D8 ); + P( D, A, B, C, 9, 12, 0x8B44F7AF ); + P( C, D, A, B, 10, 17, 0xFFFF5BB1 ); + P( B, C, D, A, 11, 22, 0x895CD7BE ); + P( A, B, C, D, 12, 7, 0x6B901122 ); + P( D, A, B, C, 13, 12, 0xFD987193 ); + P( C, D, A, B, 14, 17, 0xA679438E ); + P( B, C, D, A, 15, 22, 0x49B40821 ); + +#undef F + +#define F(x,y,z) (y ^ (z & (x ^ y))) + + P( A, B, C, D, 1, 5, 0xF61E2562 ); + P( D, A, B, C, 6, 9, 0xC040B340 ); + P( C, D, A, B, 11, 14, 0x265E5A51 ); + P( B, C, D, A, 0, 20, 0xE9B6C7AA ); + P( A, B, C, D, 5, 5, 0xD62F105D ); + P( D, A, B, C, 10, 9, 0x02441453 ); + P( C, D, A, B, 15, 14, 0xD8A1E681 ); + P( B, C, D, A, 4, 20, 0xE7D3FBC8 ); + P( A, B, C, D, 9, 5, 0x21E1CDE6 ); + P( D, A, B, C, 14, 9, 0xC33707D6 ); + P( C, D, A, B, 3, 14, 0xF4D50D87 ); + P( B, C, D, A, 8, 20, 0x455A14ED ); + P( A, B, C, D, 13, 5, 0xA9E3E905 ); + P( D, A, B, C, 2, 9, 0xFCEFA3F8 ); + P( C, D, A, B, 7, 14, 0x676F02D9 ); + P( B, C, D, A, 12, 20, 0x8D2A4C8A ); + +#undef F + +#define F(x,y,z) (x ^ y ^ z) + + P( A, B, C, D, 5, 4, 0xFFFA3942 ); + P( D, A, B, C, 8, 11, 0x8771F681 ); + P( C, D, A, B, 11, 16, 0x6D9D6122 ); + P( B, C, D, A, 14, 23, 0xFDE5380C ); + P( A, B, C, D, 1, 4, 0xA4BEEA44 ); + P( D, A, B, C, 4, 11, 0x4BDECFA9 ); + P( C, D, A, B, 7, 16, 0xF6BB4B60 ); + P( B, C, D, A, 10, 23, 0xBEBFBC70 ); + P( A, B, C, D, 13, 4, 0x289B7EC6 ); + P( D, A, B, C, 0, 11, 0xEAA127FA ); + P( C, D, A, B, 3, 16, 0xD4EF3085 ); + P( B, C, D, A, 6, 23, 0x04881D05 ); + P( A, B, C, D, 9, 4, 0xD9D4D039 ); + P( D, A, B, C, 12, 11, 0xE6DB99E5 ); + P( C, D, A, B, 15, 16, 0x1FA27CF8 ); + P( B, C, D, A, 2, 23, 0xC4AC5665 ); + +#undef F + +#define F(x,y,z) (y ^ (x | ~z)) + + P( A, B, C, D, 0, 6, 0xF4292244 ); + P( D, A, B, C, 7, 10, 0x432AFF97 ); + P( C, D, A, B, 14, 15, 0xAB9423A7 ); + P( B, C, D, A, 5, 21, 0xFC93A039 ); + P( A, B, C, D, 12, 6, 0x655B59C3 ); + P( D, A, B, C, 3, 10, 0x8F0CCC92 ); + P( C, D, A, B, 10, 15, 0xFFEFF47D ); + P( B, C, D, A, 1, 21, 0x85845DD1 ); + P( A, B, C, D, 8, 6, 0x6FA87E4F ); + P( D, A, B, C, 15, 10, 0xFE2CE6E0 ); + P( C, D, A, B, 6, 15, 0xA3014314 ); + P( B, C, D, A, 13, 21, 0x4E0811A1 ); + P( A, B, C, D, 4, 6, 0xF7537E82 ); + P( D, A, B, C, 11, 10, 0xBD3AF235 ); + P( C, D, A, B, 2, 15, 0x2AD7D2BB ); + P( B, C, D, A, 9, 21, 0xEB86D391 ); + +#undef F + + ctx->state[0] += A; + ctx->state[1] += B; + ctx->state[2] += C; + ctx->state[3] += D; +} + +/* + * MD5 process buffer + */ +void md5_update( md5_context *ctx, unsigned char *input, int ilen ) +{ + int fill; + unsigned long left; + + if( ilen <= 0 ) + return; + + left = ctx->total[0] & 0x3F; + fill = 64 - left; + + ctx->total[0] += ilen; + ctx->total[0] &= 0xFFFFFFFF; + + if( ctx->total[0] < (unsigned long) ilen ) + ctx->total[1]++; + + if( left && ilen >= fill ) + { + memcpy( (void *) (ctx->buffer + left), + (void *) input, fill ); + md5_process( ctx, ctx->buffer ); + input += fill; + ilen -= fill; + left = 0; + } + + while( ilen >= 64 ) + { + md5_process( ctx, input ); + input += 64; + ilen -= 64; + } + + if( ilen > 0 ) + { + memcpy( (void *) (ctx->buffer + left), + (void *) input, ilen ); + } +} + +static const unsigned char md5_padding[64] = +{ + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* + * MD5 final digest + */ +void md5_finish( md5_context *ctx, unsigned char output[16] ) +{ + unsigned long last, padn; + unsigned long high, low; + unsigned char msglen[8]; + + high = ( ctx->total[0] >> 29 ) + | ( ctx->total[1] << 3 ); + low = ( ctx->total[0] << 3 ); + + PUT_ULONG_LE( low, msglen, 0 ); + PUT_ULONG_LE( high, msglen, 4 ); + + last = ctx->total[0] & 0x3F; + padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); + + md5_update( ctx, (unsigned char *) md5_padding, padn ); + md5_update( ctx, msglen, 8 ); + + PUT_ULONG_LE( ctx->state[0], output, 0 ); + PUT_ULONG_LE( ctx->state[1], output, 4 ); + PUT_ULONG_LE( ctx->state[2], output, 8 ); + PUT_ULONG_LE( ctx->state[3], output, 12 ); +} + +/* + * output = MD5( input buffer ) + */ +void md5( unsigned char *input, int ilen, unsigned char output[16] ) +{ + md5_context ctx; + + md5_starts( &ctx ); + md5_update( &ctx, input, ilen ); + md5_finish( &ctx, output ); + + memset( &ctx, 0, sizeof( md5_context ) ); +} + +/* + * output = MD5( file contents ) + */ +int md5_file( char *path, unsigned char output[16] ) +{ + FILE *f; + size_t n; + md5_context ctx; + unsigned char buf[1024]; + + if( ( f = fopen( path, "rb" ) ) == NULL ) + return( 1 ); + + md5_starts( &ctx ); + + while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) + md5_update( &ctx, buf, (int) n ); + + md5_finish( &ctx, output ); + + memset( &ctx, 0, sizeof( md5_context ) ); + + if( ferror( f ) != 0 ) + { + fclose( f ); + return( 2 ); + } + + fclose( f ); + return( 0 ); +} + +/* + * MD5 HMAC context setup + */ +void md5_hmac_starts( md5_context *ctx, unsigned char *key, int keylen ) +{ + int i; + unsigned char sum[16]; + + if( keylen > 64 ) + { + md5( key, keylen, sum ); + keylen = 16; + key = sum; + } + + memset( ctx->ipad, 0x36, 64 ); + memset( ctx->opad, 0x5C, 64 ); + + for( i = 0; i < keylen; i++ ) + { + ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] ); + ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] ); + } + + md5_starts( ctx ); + md5_update( ctx, ctx->ipad, 64 ); + + memset( sum, 0, sizeof( sum ) ); +} + +/* + * MD5 HMAC process buffer + */ +void md5_hmac_update( md5_context *ctx, unsigned char *input, int ilen ) +{ + md5_update( ctx, input, ilen ); +} + +/* + * MD5 HMAC final digest + */ +void md5_hmac_finish( md5_context *ctx, unsigned char output[16] ) +{ + unsigned char tmpbuf[16]; + + md5_finish( ctx, tmpbuf ); + md5_starts( ctx ); + md5_update( ctx, ctx->opad, 64 ); + md5_update( ctx, tmpbuf, 16 ); + md5_finish( ctx, output ); + + memset( tmpbuf, 0, sizeof( tmpbuf ) ); +} + +/* + * output = HMAC-MD5( hmac key, input buffer ) + */ +void md5_hmac( unsigned char *key, int keylen, unsigned char *input, int ilen, + unsigned char output[16] ) +{ + md5_context ctx; + + md5_hmac_starts( &ctx, key, keylen ); + md5_hmac_update( &ctx, input, ilen ); + md5_hmac_finish( &ctx, output ); + + memset( &ctx, 0, sizeof( md5_context ) ); +} + +#if defined(XYSSL_SELF_TEST) +/* + * RFC 1321 test vectors + */ +static unsigned char md5_test_buf[7][81] = +{ + { "" }, + { "a" }, + { "abc" }, + { "message digest" }, + { "abcdefghijklmnopqrstuvwxyz" }, + { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, + { "12345678901234567890123456789012345678901234567890123456789012" \ + "345678901234567890" } +}; + +static const int md5_test_buflen[7] = +{ + 0, 1, 3, 14, 26, 62, 80 +}; + +static const unsigned char md5_test_sum[7][16] = +{ + { 0xD4, 0x1D, 0x8C, 0xD9, 0x8F, 0x00, 0xB2, 0x04, + 0xE9, 0x80, 0x09, 0x98, 0xEC, 0xF8, 0x42, 0x7E }, + { 0x0C, 0xC1, 0x75, 0xB9, 0xC0, 0xF1, 0xB6, 0xA8, + 0x31, 0xC3, 0x99, 0xE2, 0x69, 0x77, 0x26, 0x61 }, + { 0x90, 0x01, 0x50, 0x98, 0x3C, 0xD2, 0x4F, 0xB0, + 0xD6, 0x96, 0x3F, 0x7D, 0x28, 0xE1, 0x7F, 0x72 }, + { 0xF9, 0x6B, 0x69, 0x7D, 0x7C, 0xB7, 0x93, 0x8D, + 0x52, 0x5A, 0x2F, 0x31, 0xAA, 0xF1, 0x61, 0xD0 }, + { 0xC3, 0xFC, 0xD3, 0xD7, 0x61, 0x92, 0xE4, 0x00, + 0x7D, 0xFB, 0x49, 0x6C, 0xCA, 0x67, 0xE1, 0x3B }, + { 0xD1, 0x74, 0xAB, 0x98, 0xD2, 0x77, 0xD9, 0xF5, + 0xA5, 0x61, 0x1C, 0x2C, 0x9F, 0x41, 0x9D, 0x9F }, + { 0x57, 0xED, 0xF4, 0xA2, 0x2B, 0xE3, 0xC9, 0x55, + 0xAC, 0x49, 0xDA, 0x2E, 0x21, 0x07, 0xB6, 0x7A } +}; + +/* + * RFC 2202 test vectors + */ +static unsigned char md5_hmac_test_key[7][26] = +{ + { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" }, + { "Jefe" }, + { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" }, + { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10" + "\x11\x12\x13\x14\x15\x16\x17\x18\x19" }, + { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C" }, + { "" }, /* 0xAA 80 times */ + { "" } +}; + +static const int md5_hmac_test_keylen[7] = +{ + 16, 4, 16, 25, 16, 80, 80 +}; + +static unsigned char md5_hmac_test_buf[7][74] = +{ + { "Hi There" }, + { "what do ya want for nothing?" }, + { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" }, + { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" + "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" + "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" + "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" + "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" }, + { "Test With Truncation" }, + { "Test Using Larger Than Block-Size Key - Hash Key First" }, + { "Test Using Larger Than Block-Size Key and Larger" + " Than One Block-Size Data" } +}; + +static const int md5_hmac_test_buflen[7] = +{ + 8, 28, 50, 50, 20, 54, 73 +}; + +static const unsigned char md5_hmac_test_sum[7][16] = +{ + { 0x92, 0x94, 0x72, 0x7A, 0x36, 0x38, 0xBB, 0x1C, + 0x13, 0xF4, 0x8E, 0xF8, 0x15, 0x8B, 0xFC, 0x9D }, + { 0x75, 0x0C, 0x78, 0x3E, 0x6A, 0xB0, 0xB5, 0x03, + 0xEA, 0xA8, 0x6E, 0x31, 0x0A, 0x5D, 0xB7, 0x38 }, + { 0x56, 0xBE, 0x34, 0x52, 0x1D, 0x14, 0x4C, 0x88, + 0xDB, 0xB8, 0xC7, 0x33, 0xF0, 0xE8, 0xB3, 0xF6 }, + { 0x69, 0x7E, 0xAF, 0x0A, 0xCA, 0x3A, 0x3A, 0xEA, + 0x3A, 0x75, 0x16, 0x47, 0x46, 0xFF, 0xAA, 0x79 }, + { 0x56, 0x46, 0x1E, 0xF2, 0x34, 0x2E, 0xDC, 0x00, + 0xF9, 0xBA, 0xB9, 0x95 }, + { 0x6B, 0x1A, 0xB7, 0xFE, 0x4B, 0xD7, 0xBF, 0x8F, + 0x0B, 0x62, 0xE6, 0xCE, 0x61, 0xB9, 0xD0, 0xCD }, + { 0x6F, 0x63, 0x0F, 0xAD, 0x67, 0xCD, 0xA0, 0xEE, + 0x1F, 0xB1, 0xF5, 0x62, 0xDB, 0x3A, 0xA5, 0x3E } +}; + +/* + * Checkup routine + */ +int md5_self_test( int verbose ) +{ + int i, buflen; + unsigned char buf[1024]; + unsigned char md5sum[16]; + md5_context ctx; + + for( i = 0; i < 7; i++ ) + { + if( verbose != 0 ) + printf( " MD5 test #%d: ", i + 1 ); + + md5( md5_test_buf[i], md5_test_buflen[i], md5sum ); + + if( memcmp( md5sum, md5_test_sum[i], 16 ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n" ); + } + + if( verbose != 0 ) + printf( "\n" ); + + for( i = 0; i < 7; i++ ) + { + if( verbose != 0 ) + printf( " HMAC-MD5 test #%d: ", i + 1 ); + + if( i == 5 || i == 6 ) + { + memset( buf, '\xAA', buflen = 80 ); + md5_hmac_starts( &ctx, buf, buflen ); + } + else + md5_hmac_starts( &ctx, md5_hmac_test_key[i], + md5_hmac_test_keylen[i] ); + + md5_hmac_update( &ctx, md5_hmac_test_buf[i], + md5_hmac_test_buflen[i] ); + + md5_hmac_finish( &ctx, md5sum ); + + buflen = ( i == 4 ) ? 12 : 16; + + if( memcmp( md5sum, md5_hmac_test_sum[i], buflen ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n" ); + } + + if( verbose != 0 ) + printf( "\n" ); + + return( 0 ); +} + +#endif + +#endif diff --git a/library/net.c b/library/net.c new file mode 100644 index 000000000..78525c31e --- /dev/null +++ b/library/net.c @@ -0,0 +1,346 @@ +/* + * TCP networking functions + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_NET_C) + +#include "xyssl/net.h" + +#if defined(WIN32) || defined(_WIN32_WCE) + +#include +#include + +#if defined(_WIN32_WCE) +#pragma comment( lib, "ws2.lib" ) +#else +#pragma comment( lib, "ws2_32.lib" ) +#endif + +#define read(fd,buf,len) recv(fd,buf,len,0) +#define write(fd,buf,len) send(fd,buf,len,0) +#define close(fd) closesocket(fd) + +static int wsa_init_done = 0; + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#endif + +#include +#include +#include +#include + +/* + * htons() is not always available + */ +static unsigned short net_htons( int port ) +{ + unsigned char buf[4]; + + buf[0] = (unsigned char)( port >> 8 ); + buf[1] = (unsigned char)( port ); + buf[2] = buf[3] = 0; + + return( *(unsigned short *) buf ); +} + +/* + * Initiate a TCP connection with host:port + */ +int net_connect( int *fd, char *host, int port ) +{ + struct sockaddr_in server_addr; + struct hostent *server_host; + +#if defined(WIN32) || defined(_WIN32_WCE) + WSADATA wsaData; + + if( wsa_init_done == 0 ) + { + if( WSAStartup( MAKEWORD(2,0), &wsaData ) == SOCKET_ERROR ) + return( XYSSL_ERR_NET_SOCKET_FAILED ); + + wsa_init_done = 1; + } +#else + signal( SIGPIPE, SIG_IGN ); +#endif + + if( ( server_host = gethostbyname( host ) ) == NULL ) + return( XYSSL_ERR_NET_UNKNOWN_HOST ); + + if( ( *fd = socket( AF_INET, SOCK_STREAM, IPPROTO_IP ) ) < 0 ) + return( XYSSL_ERR_NET_SOCKET_FAILED ); + + memcpy( (void *) &server_addr.sin_addr, + (void *) server_host->h_addr, + server_host->h_length ); + + server_addr.sin_family = AF_INET; + server_addr.sin_port = net_htons( port ); + + if( connect( *fd, (struct sockaddr *) &server_addr, + sizeof( server_addr ) ) < 0 ) + { + close( *fd ); + return( XYSSL_ERR_NET_CONNECT_FAILED ); + } + + return( 0 ); +} + +/* + * Create a listening socket on bind_ip:port + */ +int net_bind( int *fd, char *bind_ip, int port ) +{ + int n, c[4]; + struct sockaddr_in server_addr; + +#if defined(WIN32) || defined(_WIN32_WCE) + WSADATA wsaData; + + if( wsa_init_done == 0 ) + { + if( WSAStartup( MAKEWORD(2,0), &wsaData ) == SOCKET_ERROR ) + return( XYSSL_ERR_NET_SOCKET_FAILED ); + + wsa_init_done = 1; + } +#else + signal( SIGPIPE, SIG_IGN ); +#endif + + if( ( *fd = socket( AF_INET, SOCK_STREAM, IPPROTO_IP ) ) < 0 ) + return( XYSSL_ERR_NET_SOCKET_FAILED ); + + n = 1; + setsockopt( *fd, SOL_SOCKET, SO_REUSEADDR, + (const char *) &n, sizeof( n ) ); + + server_addr.sin_addr.s_addr = INADDR_ANY; + server_addr.sin_family = AF_INET; + server_addr.sin_port = net_htons( port ); + + if( bind_ip != NULL ) + { + memset( c, 0, sizeof( c ) ); + sscanf( bind_ip, "%d.%d.%d.%d", &c[0], &c[1], &c[2], &c[3] ); + + for( n = 0; n < 4; n++ ) + if( c[n] < 0 || c[n] > 255 ) + break; + + if( n == 4 ) + server_addr.sin_addr.s_addr = + ( (unsigned long) c[0] << 24 ) | + ( (unsigned long) c[1] << 16 ) | + ( (unsigned long) c[2] << 8 ) | + ( (unsigned long) c[3] ); + } + + if( bind( *fd, (struct sockaddr *) &server_addr, + sizeof( server_addr ) ) < 0 ) + { + close( *fd ); + return( XYSSL_ERR_NET_BIND_FAILED ); + } + + if( listen( *fd, 10 ) != 0 ) + { + close( *fd ); + return( XYSSL_ERR_NET_LISTEN_FAILED ); + } + + return( 0 ); +} + +/* + * Check if the current operation is blocking + */ +static int net_is_blocking( void ) +{ +#if defined(WIN32) || defined(_WIN32_WCE) + return( WSAGetLastError() == WSAEWOULDBLOCK ); +#else + switch( errno ) + { +#if defined EAGAIN + case EAGAIN: +#endif +#if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN + case EWOULDBLOCK: +#endif + return( 1 ); + } + return( 0 ); +#endif +} + +/* + * Accept a connection from a remote client + */ +int net_accept( int bind_fd, int *client_fd, void *client_ip ) +{ + struct sockaddr_in client_addr; + +#if defined(__socklen_t_defined) + socklen_t n = (socklen_t) sizeof( client_addr ); +#else + int n = (int) sizeof( client_addr ); +#endif + + *client_fd = accept( bind_fd, (struct sockaddr *) + &client_addr, &n ); + + if( *client_fd < 0 ) + { + if( net_is_blocking() != 0 ) + return( XYSSL_ERR_NET_TRY_AGAIN ); + + return( XYSSL_ERR_NET_ACCEPT_FAILED ); + } + + if( client_ip != NULL ) + memcpy( client_ip, &client_addr.sin_addr.s_addr, + sizeof( client_addr.sin_addr.s_addr ) ); + + return( 0 ); +} + +/* + * Set the socket blocking or non-blocking + */ +int net_set_block( int fd ) +{ +#if defined(WIN32) || defined(_WIN32_WCE) + long n = 0; + return( ioctlsocket( fd, FIONBIO, &n ) ); +#else + return( fcntl( fd, F_SETFL, fcntl( fd, F_GETFL ) & ~O_NONBLOCK ) ); +#endif +} + +int net_set_nonblock( int fd ) +{ +#if defined(WIN32) || defined(_WIN32_WCE) + long n = 1; + return( ioctlsocket( fd, FIONBIO, &n ) ); +#else + return( fcntl( fd, F_SETFL, fcntl( fd, F_GETFL ) | O_NONBLOCK ) ); +#endif +} + +/* + * Portable usleep helper + */ +void net_usleep( unsigned long usec ) +{ + struct timeval tv; + tv.tv_sec = 0; + tv.tv_usec = usec; + select( 0, NULL, NULL, NULL, &tv ); +} + +/* + * Read at most 'len' characters + */ +int net_recv( void *ctx, unsigned char *buf, int len ) +{ + int ret = read( *((int *) ctx), buf, len ); + + if( len > 0 && ret == 0 ) + return( XYSSL_ERR_NET_CONN_RESET ); + + if( ret < 0 ) + { + if( net_is_blocking() != 0 ) + return( XYSSL_ERR_NET_TRY_AGAIN ); + +#if defined(WIN32) || defined(_WIN32_WCE) + if( WSAGetLastError() == WSAECONNRESET ) + return( XYSSL_ERR_NET_CONN_RESET ); +#else + if( errno == EPIPE || errno == ECONNRESET ) + return( XYSSL_ERR_NET_CONN_RESET ); + + if( errno == EINTR ) + return( XYSSL_ERR_NET_TRY_AGAIN ); +#endif + + return( XYSSL_ERR_NET_RECV_FAILED ); + } + + return( ret ); +} + +/* + * Write at most 'len' characters + */ +int net_send( void *ctx, unsigned char *buf, int len ) +{ + int ret = write( *((int *) ctx), buf, len ); + + if( ret < 0 ) + { + if( net_is_blocking() != 0 ) + return( XYSSL_ERR_NET_TRY_AGAIN ); + +#if defined(WIN32) || defined(_WIN32_WCE) + if( WSAGetLastError() == WSAECONNRESET ) + return( XYSSL_ERR_NET_CONN_RESET ); +#else + if( errno == EPIPE || errno == ECONNRESET ) + return( XYSSL_ERR_NET_CONN_RESET ); + + if( errno == EINTR ) + return( XYSSL_ERR_NET_TRY_AGAIN ); +#endif + + return( XYSSL_ERR_NET_SEND_FAILED ); + } + + return( ret ); +} + +/* + * Gracefully close the connection + */ +void net_close( int fd ) +{ + shutdown( fd, 2 ); + close( fd ); +} + +#endif diff --git a/library/padlock.c b/library/padlock.c new file mode 100644 index 000000000..8d761b2fd --- /dev/null +++ b/library/padlock.c @@ -0,0 +1,159 @@ +/* + * VIA PadLock support functions + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +/* + * This implementation is based on the VIA PadLock Programming Guide: + * + * http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/ + * programming_guide.pdf + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_PADLOCK_C) + +#include "xyssl/aes.h" +#include "xyssl/padlock.h" + +#if defined(XYSSL_HAVE_X86) + +#include + +/* + * PadLock detection routine + */ +int padlock_supports( int feature ) +{ + static int flags = -1; + int ebx, edx; + + if( flags == -1 ) + { + asm( "movl %%ebx, %0 \n" \ + "movl $0xC0000000, %%eax \n" \ + "cpuid \n" \ + "cmpl $0xC0000001, %%eax \n" \ + "movl $0, %%edx \n" \ + "jb unsupported \n" \ + "movl $0xC0000001, %%eax \n" \ + "cpuid \n" \ + "unsupported: \n" \ + "movl %%edx, %1 \n" \ + "movl %2, %%ebx \n" + : "=m" (ebx), "=m" (edx) + : "m" (ebx) + : "eax", "ecx", "edx" ); + + flags = edx; + } + + return( flags & feature ); +} + +/* + * PadLock AES-ECB block en(de)cryption + */ +int padlock_xcryptecb( aes_context *ctx, + int mode, + unsigned char input[16], + unsigned char output[16] ) +{ + int ebx; + unsigned long *rk; + unsigned long *blk; + unsigned long *ctrl; + unsigned char buf[256]; + + rk = ctx->rk; + blk = PADLOCK_ALIGN16( buf ); + memcpy( blk, input, 16 ); + + ctrl = blk + 4; + *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode^1 ) - 10 ) << 9 ); + + asm( "pushfl; popfl \n" \ + "movl %%ebx, %0 \n" \ + "movl $1, %%ecx \n" \ + "movl %2, %%edx \n" \ + "movl %3, %%ebx \n" \ + "movl %4, %%esi \n" \ + "movl %4, %%edi \n" \ + ".byte 0xf3,0x0f,0xa7,0xc8\n" \ + "movl %1, %%ebx \n" + : "=m" (ebx) + : "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk) + : "ecx", "edx", "esi", "edi" ); + + memcpy( output, blk, 16 ); + + return( 0 ); +} + +/* + * PadLock AES-CBC buffer en(de)cryption + */ +int padlock_xcryptcbc( aes_context *ctx, + int mode, + int length, + unsigned char iv[16], + unsigned char *input, + unsigned char *output ) +{ + int ebx, count; + unsigned long *rk; + unsigned long *iw; + unsigned long *ctrl; + unsigned char buf[256]; + + if( ( (long) input & 15 ) != 0 || + ( (long) output & 15 ) != 0 ) + return( 1 ); + + rk = ctx->rk; + iw = PADLOCK_ALIGN16( buf ); + memcpy( iw, iv, 16 ); + + ctrl = iw + 4; + *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + (mode^1) - 10 ) << 9 ); + + count = (length + 15) >> 4; + + asm( "pushfl; popfl \n" \ + "movl %%ebx, %0 \n" \ + "movl %2, %%ecx \n" \ + "movl %3, %%edx \n" \ + "movl %4, %%ebx \n" \ + "movl %5, %%esi \n" \ + "movl %6, %%edi \n" \ + "movl %7, %%eax \n" \ + ".byte 0xf3,0x0f,0xa7,0xd0\n" \ + "movl %1, %%ebx \n" + : "=m" (ebx) + : "m" (ebx), "m" (count), "m" (ctrl), + "m" (rk), "m" (input), "m" (output), "m" (iw) + : "eax", "ecx", "edx", "esi", "edi" ); + + memcpy( iv, iw, 16 ); + + return( 0 ); +} + +#endif + +#endif diff --git a/library/rsa.c b/library/rsa.c new file mode 100644 index 000000000..9d54032ca --- /dev/null +++ b/library/rsa.c @@ -0,0 +1,730 @@ +/* + * The RSA public-key cryptosystem + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +/* + * RSA was designed by Ron Rivest, Adi Shamir and Len Adleman. + * + * http://theory.lcs.mit.edu/~rivest/rsapaper.pdf + * http://www.cacr.math.uwaterloo.ca/hac/about/chap8.pdf + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_RSA_C) + +#include "xyssl/rsa.h" + +#include +#include +#include + +/* + * Initialize an RSA context + */ +void rsa_init( rsa_context *ctx, + int padding, + int hash_id, + int (*f_rng)(void *), + void *p_rng ) +{ + memset( ctx, 0, sizeof( rsa_context ) ); + + ctx->padding = padding; + ctx->hash_id = hash_id; + + ctx->f_rng = f_rng; + ctx->p_rng = p_rng; +} + +#if defined(XYSSL_GENPRIME) + +/* + * Generate an RSA keypair + */ +int rsa_gen_key( rsa_context *ctx, int nbits, int exponent ) +{ + int ret; + mpi P1, Q1, H, G; + + if( ctx->f_rng == NULL || nbits < 128 || exponent < 3 ) + return( XYSSL_ERR_RSA_BAD_INPUT_DATA ); + + mpi_init( &P1, &Q1, &H, &G, NULL ); + + /* + * find primes P and Q with Q < P so that: + * GCD( E, (P-1)*(Q-1) ) == 1 + */ + MPI_CHK( mpi_lset( &ctx->E, exponent ) ); + + do + { + MPI_CHK( mpi_gen_prime( &ctx->P, ( nbits + 1 ) >> 1, 0, + ctx->f_rng, ctx->p_rng ) ); + + MPI_CHK( mpi_gen_prime( &ctx->Q, ( nbits + 1 ) >> 1, 0, + ctx->f_rng, ctx->p_rng ) ); + + if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 ) + mpi_swap( &ctx->P, &ctx->Q ); + + if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 ) + continue; + + MPI_CHK( mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) ); + if( mpi_msb( &ctx->N ) != nbits ) + continue; + + MPI_CHK( mpi_sub_int( &P1, &ctx->P, 1 ) ); + MPI_CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) ); + MPI_CHK( mpi_mul_mpi( &H, &P1, &Q1 ) ); + MPI_CHK( mpi_gcd( &G, &ctx->E, &H ) ); + } + while( mpi_cmp_int( &G, 1 ) != 0 ); + + /* + * D = E^-1 mod ((P-1)*(Q-1)) + * DP = D mod (P - 1) + * DQ = D mod (Q - 1) + * QP = Q^-1 mod P + */ + MPI_CHK( mpi_inv_mod( &ctx->D , &ctx->E, &H ) ); + MPI_CHK( mpi_mod_mpi( &ctx->DP, &ctx->D, &P1 ) ); + MPI_CHK( mpi_mod_mpi( &ctx->DQ, &ctx->D, &Q1 ) ); + MPI_CHK( mpi_inv_mod( &ctx->QP, &ctx->Q, &ctx->P ) ); + + ctx->len = ( mpi_msb( &ctx->N ) + 7 ) >> 3; + +cleanup: + + mpi_free( &G, &H, &Q1, &P1, NULL ); + + if( ret != 0 ) + { + rsa_free( ctx ); + return( XYSSL_ERR_RSA_KEY_GEN_FAILED | ret ); + } + + return( 0 ); +} + +#endif + +/* + * Check a public RSA key + */ +int rsa_check_pubkey( rsa_context *ctx ) +{ + if( ( ctx->N.p[0] & 1 ) == 0 || + ( ctx->E.p[0] & 1 ) == 0 ) + return( XYSSL_ERR_RSA_KEY_CHECK_FAILED ); + + if( mpi_msb( &ctx->N ) < 128 || + mpi_msb( &ctx->N ) > 4096 ) + return( XYSSL_ERR_RSA_KEY_CHECK_FAILED ); + + if( mpi_msb( &ctx->E ) < 2 || + mpi_msb( &ctx->E ) > 64 ) + return( XYSSL_ERR_RSA_KEY_CHECK_FAILED ); + + return( 0 ); +} + +/* + * Check a private RSA key + */ +int rsa_check_privkey( rsa_context *ctx ) +{ + int ret; + mpi PQ, DE, P1, Q1, H, I, G; + + if( ( ret = rsa_check_pubkey( ctx ) ) != 0 ) + return( ret ); + + mpi_init( &PQ, &DE, &P1, &Q1, &H, &I, &G, NULL ); + + MPI_CHK( mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) ); + MPI_CHK( mpi_mul_mpi( &DE, &ctx->D, &ctx->E ) ); + MPI_CHK( mpi_sub_int( &P1, &ctx->P, 1 ) ); + MPI_CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) ); + MPI_CHK( mpi_mul_mpi( &H, &P1, &Q1 ) ); + MPI_CHK( mpi_mod_mpi( &I, &DE, &H ) ); + MPI_CHK( mpi_gcd( &G, &ctx->E, &H ) ); + + if( mpi_cmp_mpi( &PQ, &ctx->N ) == 0 && + mpi_cmp_int( &I, 1 ) == 0 && + mpi_cmp_int( &G, 1 ) == 0 ) + { + mpi_free( &G, &I, &H, &Q1, &P1, &DE, &PQ, NULL ); + return( 0 ); + } + +cleanup: + + mpi_free( &G, &I, &H, &Q1, &P1, &DE, &PQ, NULL ); + return( XYSSL_ERR_RSA_KEY_CHECK_FAILED | ret ); +} + +/* + * Do an RSA public key operation + */ +int rsa_public( rsa_context *ctx, + unsigned char *input, + unsigned char *output ) +{ + int ret, olen; + mpi T; + + mpi_init( &T, NULL ); + + MPI_CHK( mpi_read_binary( &T, input, ctx->len ) ); + + if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 ) + { + mpi_free( &T, NULL ); + return( XYSSL_ERR_RSA_BAD_INPUT_DATA ); + } + + olen = ctx->len; + MPI_CHK( mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) ); + MPI_CHK( mpi_write_binary( &T, output, olen ) ); + +cleanup: + + mpi_free( &T, NULL ); + + if( ret != 0 ) + return( XYSSL_ERR_RSA_PUBLIC_FAILED | ret ); + + return( 0 ); +} + +/* + * Do an RSA private key operation + */ +int rsa_private( rsa_context *ctx, + unsigned char *input, + unsigned char *output ) +{ + int ret, olen; + mpi T, T1, T2; + + mpi_init( &T, &T1, &T2, NULL ); + + MPI_CHK( mpi_read_binary( &T, input, ctx->len ) ); + + if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 ) + { + mpi_free( &T, NULL ); + return( XYSSL_ERR_RSA_BAD_INPUT_DATA ); + } + +#if 0 + MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) ); +#else + /* + * faster decryption using the CRT + * + * T1 = input ^ dP mod P + * T2 = input ^ dQ mod Q + */ + MPI_CHK( mpi_exp_mod( &T1, &T, &ctx->DP, &ctx->P, &ctx->RP ) ); + MPI_CHK( mpi_exp_mod( &T2, &T, &ctx->DQ, &ctx->Q, &ctx->RQ ) ); + + /* + * T = (T1 - T2) * (Q^-1 mod P) mod P + */ + MPI_CHK( mpi_sub_mpi( &T, &T1, &T2 ) ); + MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->QP ) ); + MPI_CHK( mpi_mod_mpi( &T, &T1, &ctx->P ) ); + + /* + * output = T2 + T * Q + */ + MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->Q ) ); + MPI_CHK( mpi_add_mpi( &T, &T2, &T1 ) ); +#endif + + olen = ctx->len; + MPI_CHK( mpi_write_binary( &T, output, olen ) ); + +cleanup: + + mpi_free( &T, &T1, &T2, NULL ); + + if( ret != 0 ) + return( XYSSL_ERR_RSA_PRIVATE_FAILED | ret ); + + return( 0 ); +} + +/* + * Add the message padding, then do an RSA operation + */ +int rsa_pkcs1_encrypt( rsa_context *ctx, + int mode, int ilen, + unsigned char *input, + unsigned char *output ) +{ + int nb_pad, olen; + unsigned char *p = output; + + olen = ctx->len; + + switch( ctx->padding ) + { + case RSA_PKCS_V15: + + if( ilen < 0 || olen < ilen + 11 ) + return( XYSSL_ERR_RSA_BAD_INPUT_DATA ); + + nb_pad = olen - 3 - ilen; + + *p++ = 0; + *p++ = RSA_CRYPT; + + while( nb_pad-- > 0 ) + { + do { + *p = (unsigned char) rand(); + } while( *p == 0 ); + p++; + } + *p++ = 0; + memcpy( p, input, ilen ); + break; + + default: + + return( XYSSL_ERR_RSA_INVALID_PADDING ); + } + + return( ( mode == RSA_PUBLIC ) + ? rsa_public( ctx, output, output ) + : rsa_private( ctx, output, output ) ); +} + +/* + * Do an RSA operation, then remove the message padding + */ +int rsa_pkcs1_decrypt( rsa_context *ctx, + int mode, int *olen, + unsigned char *input, + unsigned char *output ) +{ + int ret, ilen; + unsigned char *p; + unsigned char buf[512]; + + ilen = ctx->len; + + if( ilen < 16 || ilen > (int) sizeof( buf ) ) + return( XYSSL_ERR_RSA_BAD_INPUT_DATA ); + + ret = ( mode == RSA_PUBLIC ) + ? rsa_public( ctx, input, buf ) + : rsa_private( ctx, input, buf ); + + if( ret != 0 ) + return( ret ); + + p = buf; + + switch( ctx->padding ) + { + case RSA_PKCS_V15: + + if( *p++ != 0 || *p++ != RSA_CRYPT ) + return( XYSSL_ERR_RSA_INVALID_PADDING ); + + while( *p != 0 ) + { + if( p >= buf + ilen - 1 ) + return( XYSSL_ERR_RSA_INVALID_PADDING ); + p++; + } + p++; + break; + + default: + + return( XYSSL_ERR_RSA_INVALID_PADDING ); + } + + *olen = ilen - (int)(p - buf); + memcpy( output, p, *olen ); + + return( 0 ); +} + +/* + * Do an RSA operation to sign the message digest + */ +int rsa_pkcs1_sign( rsa_context *ctx, + int mode, + int hash_id, + int hashlen, + unsigned char *hash, + unsigned char *sig ) +{ + int nb_pad, olen; + unsigned char *p = sig; + + olen = ctx->len; + + switch( ctx->padding ) + { + case RSA_PKCS_V15: + + switch( hash_id ) + { + case RSA_RAW: + nb_pad = olen - 3 - hashlen; + break; + + case RSA_MD2: + case RSA_MD4: + case RSA_MD5: + nb_pad = olen - 3 - 34; + break; + + case RSA_SHA1: + nb_pad = olen - 3 - 35; + break; + + default: + return( XYSSL_ERR_RSA_BAD_INPUT_DATA ); + } + + if( nb_pad < 8 ) + return( XYSSL_ERR_RSA_BAD_INPUT_DATA ); + + *p++ = 0; + *p++ = RSA_SIGN; + memset( p, 0xFF, nb_pad ); + p += nb_pad; + *p++ = 0; + break; + + default: + + return( XYSSL_ERR_RSA_INVALID_PADDING ); + } + + switch( hash_id ) + { + case RSA_RAW: + memcpy( p, hash, hashlen ); + break; + + case RSA_MD2: + memcpy( p, ASN1_HASH_MDX, 18 ); + memcpy( p + 18, hash, 16 ); + p[13] = 2; break; + + case RSA_MD4: + memcpy( p, ASN1_HASH_MDX, 18 ); + memcpy( p + 18, hash, 16 ); + p[13] = 4; break; + + case RSA_MD5: + memcpy( p, ASN1_HASH_MDX, 18 ); + memcpy( p + 18, hash, 16 ); + p[13] = 5; break; + + case RSA_SHA1: + memcpy( p, ASN1_HASH_SHA1, 15 ); + memcpy( p + 15, hash, 20 ); + break; + + default: + return( XYSSL_ERR_RSA_BAD_INPUT_DATA ); + } + + return( ( mode == RSA_PUBLIC ) + ? rsa_public( ctx, sig, sig ) + : rsa_private( ctx, sig, sig ) ); +} + +/* + * Do an RSA operation and check the message digest + */ +int rsa_pkcs1_verify( rsa_context *ctx, + int mode, + int hash_id, + int hashlen, + unsigned char *hash, + unsigned char *sig ) +{ + int ret, len, siglen; + unsigned char *p, c; + unsigned char buf[512]; + + siglen = ctx->len; + + if( siglen < 16 || siglen > (int) sizeof( buf ) ) + return( XYSSL_ERR_RSA_BAD_INPUT_DATA ); + + ret = ( mode == RSA_PUBLIC ) + ? rsa_public( ctx, sig, buf ) + : rsa_private( ctx, sig, buf ); + + if( ret != 0 ) + return( ret ); + + p = buf; + + switch( ctx->padding ) + { + case RSA_PKCS_V15: + + if( *p++ != 0 || *p++ != RSA_SIGN ) + return( XYSSL_ERR_RSA_INVALID_PADDING ); + + while( *p != 0 ) + { + if( p >= buf + siglen - 1 || *p != 0xFF ) + return( XYSSL_ERR_RSA_INVALID_PADDING ); + p++; + } + p++; + break; + + default: + + return( XYSSL_ERR_RSA_INVALID_PADDING ); + } + + len = siglen - (int)( p - buf ); + + if( len == 34 ) + { + c = p[13]; + p[13] = 0; + + if( memcmp( p, ASN1_HASH_MDX, 18 ) != 0 ) + return( XYSSL_ERR_RSA_VERIFY_FAILED ); + + if( ( c == 2 && hash_id == RSA_MD2 ) || + ( c == 4 && hash_id == RSA_MD4 ) || + ( c == 5 && hash_id == RSA_MD5 ) ) + { + if( memcmp( p + 18, hash, 16 ) == 0 ) + return( 0 ); + else + return( XYSSL_ERR_RSA_VERIFY_FAILED ); + } + } + + if( len == 35 && hash_id == RSA_SHA1 ) + { + if( memcmp( p, ASN1_HASH_SHA1, 15 ) == 0 && + memcmp( p + 15, hash, 20 ) == 0 ) + return( 0 ); + else + return( XYSSL_ERR_RSA_VERIFY_FAILED ); + } + + if( len == hashlen && hash_id == RSA_RAW ) + { + if( memcmp( p, hash, hashlen ) == 0 ) + return( 0 ); + else + return( XYSSL_ERR_RSA_VERIFY_FAILED ); + } + + return( XYSSL_ERR_RSA_INVALID_PADDING ); +} + +/* + * Free the components of an RSA key + */ +void rsa_free( rsa_context *ctx ) +{ + mpi_free( &ctx->RQ, &ctx->RP, &ctx->RN, + &ctx->QP, &ctx->DQ, &ctx->DP, + &ctx->Q, &ctx->P, &ctx->D, + &ctx->E, &ctx->N, NULL ); +} + +#if defined(XYSSL_SELF_TEST) + +#include "xyssl/sha1.h" + +/* + * Example RSA-1024 keypair, for test purposes + */ +#define KEY_LEN 128 + +#define RSA_N "9292758453063D803DD603D5E777D788" \ + "8ED1D5BF35786190FA2F23EBC0848AEA" \ + "DDA92CA6C3D80B32C4D109BE0F36D6AE" \ + "7130B9CED7ACDF54CFC7555AC14EEBAB" \ + "93A89813FBF3C4F8066D2D800F7C38A8" \ + "1AE31942917403FF4946B0A83D3D3E05" \ + "EE57C6F5F5606FB5D4BC6CD34EE0801A" \ + "5E94BB77B07507233A0BC7BAC8F90F79" + +#define RSA_E "10001" + +#define RSA_D "24BF6185468786FDD303083D25E64EFC" \ + "66CA472BC44D253102F8B4A9D3BFA750" \ + "91386C0077937FE33FA3252D28855837" \ + "AE1B484A8A9A45F7EE8C0C634F99E8CD" \ + "DF79C5CE07EE72C7F123142198164234" \ + "CABB724CF78B8173B9F880FC86322407" \ + "AF1FEDFDDE2BEB674CA15F3E81A1521E" \ + "071513A1E85B5DFA031F21ECAE91A34D" + +#define RSA_P "C36D0EB7FCD285223CFB5AABA5BDA3D8" \ + "2C01CAD19EA484A87EA4377637E75500" \ + "FCB2005C5C7DD6EC4AC023CDA285D796" \ + "C3D9E75E1EFC42488BB4F1D13AC30A57" + +#define RSA_Q "C000DF51A7C77AE8D7C7370C1FF55B69" \ + "E211C2B9E5DB1ED0BF61D0D9899620F4" \ + "910E4168387E3C30AA1E00C339A79508" \ + "8452DD96A9A5EA5D9DCA68DA636032AF" + +#define RSA_DP "C1ACF567564274FB07A0BBAD5D26E298" \ + "3C94D22288ACD763FD8E5600ED4A702D" \ + "F84198A5F06C2E72236AE490C93F07F8" \ + "3CC559CD27BC2D1CA488811730BB5725" + +#define RSA_DQ "4959CBF6F8FEF750AEE6977C155579C7" \ + "D8AAEA56749EA28623272E4F7D0592AF" \ + "7C1F1313CAC9471B5C523BFE592F517B" \ + "407A1BD76C164B93DA2D32A383E58357" + +#define RSA_QP "9AE7FBC99546432DF71896FC239EADAE" \ + "F38D18D2B2F0E2DD275AA977E2BF4411" \ + "F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \ + "A74206CEC169D74BF5A8C50D6F48EA08" + +#define PT_LEN 24 +#define RSA_PT "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \ + "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD" + +/* + * Checkup routine + */ +int rsa_self_test( int verbose ) +{ + int len; + rsa_context rsa; + unsigned char sha1sum[20]; + unsigned char rsa_plaintext[PT_LEN]; + unsigned char rsa_decrypted[PT_LEN]; + unsigned char rsa_ciphertext[KEY_LEN]; + + memset( &rsa, 0, sizeof( rsa_context ) ); + + rsa.len = KEY_LEN; + mpi_read_string( &rsa.N , 16, RSA_N ); + mpi_read_string( &rsa.E , 16, RSA_E ); + mpi_read_string( &rsa.D , 16, RSA_D ); + mpi_read_string( &rsa.P , 16, RSA_P ); + mpi_read_string( &rsa.Q , 16, RSA_Q ); + mpi_read_string( &rsa.DP, 16, RSA_DP ); + mpi_read_string( &rsa.DQ, 16, RSA_DQ ); + mpi_read_string( &rsa.QP, 16, RSA_QP ); + + if( verbose != 0 ) + printf( " RSA key validation: " ); + + if( rsa_check_pubkey( &rsa ) != 0 || + rsa_check_privkey( &rsa ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n PKCS#1 encryption : " ); + + memcpy( rsa_plaintext, RSA_PT, PT_LEN ); + + if( rsa_pkcs1_encrypt( &rsa, RSA_PUBLIC, PT_LEN, + rsa_plaintext, rsa_ciphertext ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n PKCS#1 decryption : " ); + + if( rsa_pkcs1_decrypt( &rsa, RSA_PRIVATE, &len, + rsa_ciphertext, rsa_decrypted ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n PKCS#1 data sign : " ); + + sha1( rsa_plaintext, PT_LEN, sha1sum ); + + if( rsa_pkcs1_sign( &rsa, RSA_PRIVATE, RSA_SHA1, 20, + sha1sum, rsa_ciphertext ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n PKCS#1 sig. verify: " ); + + if( rsa_pkcs1_verify( &rsa, RSA_PUBLIC, RSA_SHA1, 20, + sha1sum, rsa_ciphertext ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n\n" ); + + rsa_free( &rsa ); + + return( 0 ); +} + +#endif + +#endif diff --git a/library/sha1.c b/library/sha1.c new file mode 100644 index 000000000..b15a5bfce --- /dev/null +++ b/library/sha1.c @@ -0,0 +1,607 @@ +/* + * FIPS-180-1 compliant SHA-1 implementation + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +/* + * The SHA-1 standard was published by NIST in 1993. + * + * http://www.itl.nist.gov/fipspubs/fip180-1.htm + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_SHA1_C) + +#include "xyssl/sha1.h" + +#include +#include + +/* + * 32-bit integer manipulation macros (big endian) + */ +#ifndef GET_ULONG_BE +#define GET_ULONG_BE(n,b,i) \ +{ \ + (n) = ( (unsigned long) (b)[(i) ] << 24 ) \ + | ( (unsigned long) (b)[(i) + 1] << 16 ) \ + | ( (unsigned long) (b)[(i) + 2] << 8 ) \ + | ( (unsigned long) (b)[(i) + 3] ); \ +} +#endif + +#ifndef PUT_ULONG_BE +#define PUT_ULONG_BE(n,b,i) \ +{ \ + (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ + (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ + (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ + (b)[(i) + 3] = (unsigned char) ( (n) ); \ +} +#endif + +/* + * SHA-1 context setup + */ +void sha1_starts( sha1_context *ctx ) +{ + ctx->total[0] = 0; + ctx->total[1] = 0; + + ctx->state[0] = 0x67452301; + ctx->state[1] = 0xEFCDAB89; + ctx->state[2] = 0x98BADCFE; + ctx->state[3] = 0x10325476; + ctx->state[4] = 0xC3D2E1F0; +} + +static void sha1_process( sha1_context *ctx, unsigned char data[64] ) +{ + unsigned long temp, W[16], A, B, C, D, E; + + GET_ULONG_BE( W[ 0], data, 0 ); + GET_ULONG_BE( W[ 1], data, 4 ); + GET_ULONG_BE( W[ 2], data, 8 ); + GET_ULONG_BE( W[ 3], data, 12 ); + GET_ULONG_BE( W[ 4], data, 16 ); + GET_ULONG_BE( W[ 5], data, 20 ); + GET_ULONG_BE( W[ 6], data, 24 ); + GET_ULONG_BE( W[ 7], data, 28 ); + GET_ULONG_BE( W[ 8], data, 32 ); + GET_ULONG_BE( W[ 9], data, 36 ); + GET_ULONG_BE( W[10], data, 40 ); + GET_ULONG_BE( W[11], data, 44 ); + GET_ULONG_BE( W[12], data, 48 ); + GET_ULONG_BE( W[13], data, 52 ); + GET_ULONG_BE( W[14], data, 56 ); + GET_ULONG_BE( W[15], data, 60 ); + +#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n))) + +#define R(t) \ +( \ + temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \ + W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \ + ( W[t & 0x0F] = S(temp,1) ) \ +) + +#define P(a,b,c,d,e,x) \ +{ \ + e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \ +} + + A = ctx->state[0]; + B = ctx->state[1]; + C = ctx->state[2]; + D = ctx->state[3]; + E = ctx->state[4]; + +#define F(x,y,z) (z ^ (x & (y ^ z))) +#define K 0x5A827999 + + P( A, B, C, D, E, W[0] ); + P( E, A, B, C, D, W[1] ); + P( D, E, A, B, C, W[2] ); + P( C, D, E, A, B, W[3] ); + P( B, C, D, E, A, W[4] ); + P( A, B, C, D, E, W[5] ); + P( E, A, B, C, D, W[6] ); + P( D, E, A, B, C, W[7] ); + P( C, D, E, A, B, W[8] ); + P( B, C, D, E, A, W[9] ); + P( A, B, C, D, E, W[10] ); + P( E, A, B, C, D, W[11] ); + P( D, E, A, B, C, W[12] ); + P( C, D, E, A, B, W[13] ); + P( B, C, D, E, A, W[14] ); + P( A, B, C, D, E, W[15] ); + P( E, A, B, C, D, R(16) ); + P( D, E, A, B, C, R(17) ); + P( C, D, E, A, B, R(18) ); + P( B, C, D, E, A, R(19) ); + +#undef K +#undef F + +#define F(x,y,z) (x ^ y ^ z) +#define K 0x6ED9EBA1 + + P( A, B, C, D, E, R(20) ); + P( E, A, B, C, D, R(21) ); + P( D, E, A, B, C, R(22) ); + P( C, D, E, A, B, R(23) ); + P( B, C, D, E, A, R(24) ); + P( A, B, C, D, E, R(25) ); + P( E, A, B, C, D, R(26) ); + P( D, E, A, B, C, R(27) ); + P( C, D, E, A, B, R(28) ); + P( B, C, D, E, A, R(29) ); + P( A, B, C, D, E, R(30) ); + P( E, A, B, C, D, R(31) ); + P( D, E, A, B, C, R(32) ); + P( C, D, E, A, B, R(33) ); + P( B, C, D, E, A, R(34) ); + P( A, B, C, D, E, R(35) ); + P( E, A, B, C, D, R(36) ); + P( D, E, A, B, C, R(37) ); + P( C, D, E, A, B, R(38) ); + P( B, C, D, E, A, R(39) ); + +#undef K +#undef F + +#define F(x,y,z) ((x & y) | (z & (x | y))) +#define K 0x8F1BBCDC + + P( A, B, C, D, E, R(40) ); + P( E, A, B, C, D, R(41) ); + P( D, E, A, B, C, R(42) ); + P( C, D, E, A, B, R(43) ); + P( B, C, D, E, A, R(44) ); + P( A, B, C, D, E, R(45) ); + P( E, A, B, C, D, R(46) ); + P( D, E, A, B, C, R(47) ); + P( C, D, E, A, B, R(48) ); + P( B, C, D, E, A, R(49) ); + P( A, B, C, D, E, R(50) ); + P( E, A, B, C, D, R(51) ); + P( D, E, A, B, C, R(52) ); + P( C, D, E, A, B, R(53) ); + P( B, C, D, E, A, R(54) ); + P( A, B, C, D, E, R(55) ); + P( E, A, B, C, D, R(56) ); + P( D, E, A, B, C, R(57) ); + P( C, D, E, A, B, R(58) ); + P( B, C, D, E, A, R(59) ); + +#undef K +#undef F + +#define F(x,y,z) (x ^ y ^ z) +#define K 0xCA62C1D6 + + P( A, B, C, D, E, R(60) ); + P( E, A, B, C, D, R(61) ); + P( D, E, A, B, C, R(62) ); + P( C, D, E, A, B, R(63) ); + P( B, C, D, E, A, R(64) ); + P( A, B, C, D, E, R(65) ); + P( E, A, B, C, D, R(66) ); + P( D, E, A, B, C, R(67) ); + P( C, D, E, A, B, R(68) ); + P( B, C, D, E, A, R(69) ); + P( A, B, C, D, E, R(70) ); + P( E, A, B, C, D, R(71) ); + P( D, E, A, B, C, R(72) ); + P( C, D, E, A, B, R(73) ); + P( B, C, D, E, A, R(74) ); + P( A, B, C, D, E, R(75) ); + P( E, A, B, C, D, R(76) ); + P( D, E, A, B, C, R(77) ); + P( C, D, E, A, B, R(78) ); + P( B, C, D, E, A, R(79) ); + +#undef K +#undef F + + ctx->state[0] += A; + ctx->state[1] += B; + ctx->state[2] += C; + ctx->state[3] += D; + ctx->state[4] += E; +} + +/* + * SHA-1 process buffer + */ +void sha1_update( sha1_context *ctx, unsigned char *input, int ilen ) +{ + int fill; + unsigned long left; + + if( ilen <= 0 ) + return; + + left = ctx->total[0] & 0x3F; + fill = 64 - left; + + ctx->total[0] += ilen; + ctx->total[0] &= 0xFFFFFFFF; + + if( ctx->total[0] < (unsigned long) ilen ) + ctx->total[1]++; + + if( left && ilen >= fill ) + { + memcpy( (void *) (ctx->buffer + left), + (void *) input, fill ); + sha1_process( ctx, ctx->buffer ); + input += fill; + ilen -= fill; + left = 0; + } + + while( ilen >= 64 ) + { + sha1_process( ctx, input ); + input += 64; + ilen -= 64; + } + + if( ilen > 0 ) + { + memcpy( (void *) (ctx->buffer + left), + (void *) input, ilen ); + } +} + +static const unsigned char sha1_padding[64] = +{ + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* + * SHA-1 final digest + */ +void sha1_finish( sha1_context *ctx, unsigned char output[20] ) +{ + unsigned long last, padn; + unsigned long high, low; + unsigned char msglen[8]; + + high = ( ctx->total[0] >> 29 ) + | ( ctx->total[1] << 3 ); + low = ( ctx->total[0] << 3 ); + + PUT_ULONG_BE( high, msglen, 0 ); + PUT_ULONG_BE( low, msglen, 4 ); + + last = ctx->total[0] & 0x3F; + padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); + + sha1_update( ctx, (unsigned char *) sha1_padding, padn ); + sha1_update( ctx, msglen, 8 ); + + PUT_ULONG_BE( ctx->state[0], output, 0 ); + PUT_ULONG_BE( ctx->state[1], output, 4 ); + PUT_ULONG_BE( ctx->state[2], output, 8 ); + PUT_ULONG_BE( ctx->state[3], output, 12 ); + PUT_ULONG_BE( ctx->state[4], output, 16 ); +} + +/* + * output = SHA-1( input buffer ) + */ +void sha1( unsigned char *input, int ilen, unsigned char output[20] ) +{ + sha1_context ctx; + + sha1_starts( &ctx ); + sha1_update( &ctx, input, ilen ); + sha1_finish( &ctx, output ); + + memset( &ctx, 0, sizeof( sha1_context ) ); +} + +/* + * output = SHA-1( file contents ) + */ +int sha1_file( char *path, unsigned char output[20] ) +{ + FILE *f; + size_t n; + sha1_context ctx; + unsigned char buf[1024]; + + if( ( f = fopen( path, "rb" ) ) == NULL ) + return( 1 ); + + sha1_starts( &ctx ); + + while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) + sha1_update( &ctx, buf, (int) n ); + + sha1_finish( &ctx, output ); + + memset( &ctx, 0, sizeof( sha1_context ) ); + + if( ferror( f ) != 0 ) + { + fclose( f ); + return( 2 ); + } + + fclose( f ); + return( 0 ); +} + +/* + * SHA-1 HMAC context setup + */ +void sha1_hmac_starts( sha1_context *ctx, unsigned char *key, int keylen ) +{ + int i; + unsigned char sum[20]; + + if( keylen > 64 ) + { + sha1( key, keylen, sum ); + keylen = 20; + key = sum; + } + + memset( ctx->ipad, 0x36, 64 ); + memset( ctx->opad, 0x5C, 64 ); + + for( i = 0; i < keylen; i++ ) + { + ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] ); + ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] ); + } + + sha1_starts( ctx ); + sha1_update( ctx, ctx->ipad, 64 ); + + memset( sum, 0, sizeof( sum ) ); +} + +/* + * SHA-1 HMAC process buffer + */ +void sha1_hmac_update( sha1_context *ctx, unsigned char *input, int ilen ) +{ + sha1_update( ctx, input, ilen ); +} + +/* + * SHA-1 HMAC final digest + */ +void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] ) +{ + unsigned char tmpbuf[20]; + + sha1_finish( ctx, tmpbuf ); + sha1_starts( ctx ); + sha1_update( ctx, ctx->opad, 64 ); + sha1_update( ctx, tmpbuf, 20 ); + sha1_finish( ctx, output ); + + memset( tmpbuf, 0, sizeof( tmpbuf ) ); +} + +/* + * output = HMAC-SHA-1( hmac key, input buffer ) + */ +void sha1_hmac( unsigned char *key, int keylen, + unsigned char *input, int ilen, + unsigned char output[20] ) +{ + sha1_context ctx; + + sha1_hmac_starts( &ctx, key, keylen ); + sha1_hmac_update( &ctx, input, ilen ); + sha1_hmac_finish( &ctx, output ); + + memset( &ctx, 0, sizeof( sha1_context ) ); +} + +#if defined(XYSSL_SELF_TEST) +/* + * FIPS-180-1 test vectors + */ +static unsigned char sha1_test_buf[3][57] = +{ + { "abc" }, + { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, + { "" } +}; + +static const int sha1_test_buflen[3] = +{ + 3, 56, 1000 +}; + +static const unsigned char sha1_test_sum[3][20] = +{ + { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E, + 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D }, + { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE, + 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 }, + { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E, + 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F } +}; + +/* + * RFC 2202 test vectors + */ +static unsigned char sha1_hmac_test_key[7][26] = +{ + { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" + "\x0B\x0B\x0B\x0B" }, + { "Jefe" }, + { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA" }, + { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10" + "\x11\x12\x13\x14\x15\x16\x17\x18\x19" }, + { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C" + "\x0C\x0C\x0C\x0C" }, + { "" }, /* 0xAA 80 times */ + { "" } +}; + +static const int sha1_hmac_test_keylen[7] = +{ + 20, 4, 20, 25, 20, 80, 80 +}; + +static unsigned char sha1_hmac_test_buf[7][74] = +{ + { "Hi There" }, + { "what do ya want for nothing?" }, + { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" }, + { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" + "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" + "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" + "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" + "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" }, + { "Test With Truncation" }, + { "Test Using Larger Than Block-Size Key - Hash Key First" }, + { "Test Using Larger Than Block-Size Key and Larger" + " Than One Block-Size Data" } +}; + +static const int sha1_hmac_test_buflen[7] = +{ + 8, 28, 50, 50, 20, 54, 73 +}; + +static const unsigned char sha1_hmac_test_sum[7][20] = +{ + { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B, + 0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 }, + { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74, + 0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 }, + { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3, + 0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 }, + { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84, + 0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA }, + { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2, + 0x7B, 0xE1 }, + { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70, + 0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 }, + { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B, + 0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 } +}; + +/* + * Checkup routine + */ +int sha1_self_test( int verbose ) +{ + int i, j, buflen; + unsigned char buf[1024]; + unsigned char sha1sum[20]; + sha1_context ctx; + + /* + * SHA-1 + */ + for( i = 0; i < 3; i++ ) + { + if( verbose != 0 ) + printf( " SHA-1 test #%d: ", i + 1 ); + + sha1_starts( &ctx ); + + if( i == 2 ) + { + memset( buf, 'a', buflen = 1000 ); + + for( j = 0; j < 1000; j++ ) + sha1_update( &ctx, buf, buflen ); + } + else + sha1_update( &ctx, sha1_test_buf[i], + sha1_test_buflen[i] ); + + sha1_finish( &ctx, sha1sum ); + + if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n" ); + } + + if( verbose != 0 ) + printf( "\n" ); + + for( i = 0; i < 7; i++ ) + { + if( verbose != 0 ) + printf( " HMAC-SHA-1 test #%d: ", i + 1 ); + + if( i == 5 || i == 6 ) + { + memset( buf, '\xAA', buflen = 80 ); + sha1_hmac_starts( &ctx, buf, buflen ); + } + else + sha1_hmac_starts( &ctx, sha1_hmac_test_key[i], + sha1_hmac_test_keylen[i] ); + + sha1_hmac_update( &ctx, sha1_hmac_test_buf[i], + sha1_hmac_test_buflen[i] ); + + sha1_hmac_finish( &ctx, sha1sum ); + + buflen = ( i == 4 ) ? 12 : 20; + + if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n" ); + } + + if( verbose != 0 ) + printf( "\n" ); + + return( 0 ); +} + +#endif + +#endif diff --git a/library/sha2.c b/library/sha2.c new file mode 100644 index 000000000..03e5b7072 --- /dev/null +++ b/library/sha2.c @@ -0,0 +1,688 @@ +/* + * FIPS-180-2 compliant SHA-256 implementation + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +/* + * The SHA-256 Secure Hash Standard was published by NIST in 2002. + * + * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_SHA2_C) + +#include "xyssl/sha2.h" + +#include +#include + +/* + * 32-bit integer manipulation macros (big endian) + */ +#ifndef GET_ULONG_BE +#define GET_ULONG_BE(n,b,i) \ +{ \ + (n) = ( (unsigned long) (b)[(i) ] << 24 ) \ + | ( (unsigned long) (b)[(i) + 1] << 16 ) \ + | ( (unsigned long) (b)[(i) + 2] << 8 ) \ + | ( (unsigned long) (b)[(i) + 3] ); \ +} +#endif + +#ifndef PUT_ULONG_BE +#define PUT_ULONG_BE(n,b,i) \ +{ \ + (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ + (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ + (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ + (b)[(i) + 3] = (unsigned char) ( (n) ); \ +} +#endif + +/* + * SHA-256 context setup + */ +void sha2_starts( sha2_context *ctx, int is224 ) +{ + ctx->total[0] = 0; + ctx->total[1] = 0; + + if( is224 == 0 ) + { + /* SHA-256 */ + ctx->state[0] = 0x6A09E667; + ctx->state[1] = 0xBB67AE85; + ctx->state[2] = 0x3C6EF372; + ctx->state[3] = 0xA54FF53A; + ctx->state[4] = 0x510E527F; + ctx->state[5] = 0x9B05688C; + ctx->state[6] = 0x1F83D9AB; + ctx->state[7] = 0x5BE0CD19; + } + else + { + /* SHA-224 */ + ctx->state[0] = 0xC1059ED8; + ctx->state[1] = 0x367CD507; + ctx->state[2] = 0x3070DD17; + ctx->state[3] = 0xF70E5939; + ctx->state[4] = 0xFFC00B31; + ctx->state[5] = 0x68581511; + ctx->state[6] = 0x64F98FA7; + ctx->state[7] = 0xBEFA4FA4; + } + + ctx->is224 = is224; +} + +static void sha2_process( sha2_context *ctx, unsigned char data[64] ) +{ + unsigned long temp1, temp2, W[64]; + unsigned long A, B, C, D, E, F, G, H; + + GET_ULONG_BE( W[ 0], data, 0 ); + GET_ULONG_BE( W[ 1], data, 4 ); + GET_ULONG_BE( W[ 2], data, 8 ); + GET_ULONG_BE( W[ 3], data, 12 ); + GET_ULONG_BE( W[ 4], data, 16 ); + GET_ULONG_BE( W[ 5], data, 20 ); + GET_ULONG_BE( W[ 6], data, 24 ); + GET_ULONG_BE( W[ 7], data, 28 ); + GET_ULONG_BE( W[ 8], data, 32 ); + GET_ULONG_BE( W[ 9], data, 36 ); + GET_ULONG_BE( W[10], data, 40 ); + GET_ULONG_BE( W[11], data, 44 ); + GET_ULONG_BE( W[12], data, 48 ); + GET_ULONG_BE( W[13], data, 52 ); + GET_ULONG_BE( W[14], data, 56 ); + GET_ULONG_BE( W[15], data, 60 ); + +#define SHR(x,n) ((x & 0xFFFFFFFF) >> n) +#define ROTR(x,n) (SHR(x,n) | (x << (32 - n))) + +#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) +#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) + +#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) +#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) + +#define F0(x,y,z) ((x & y) | (z & (x | y))) +#define F1(x,y,z) (z ^ (x & (y ^ z))) + +#define R(t) \ +( \ + W[t] = S1(W[t - 2]) + W[t - 7] + \ + S0(W[t - 15]) + W[t - 16] \ +) + +#define P(a,b,c,d,e,f,g,h,x,K) \ +{ \ + temp1 = h + S3(e) + F1(e,f,g) + K + x; \ + temp2 = S2(a) + F0(a,b,c); \ + d += temp1; h = temp1 + temp2; \ +} + + A = ctx->state[0]; + B = ctx->state[1]; + C = ctx->state[2]; + D = ctx->state[3]; + E = ctx->state[4]; + F = ctx->state[5]; + G = ctx->state[6]; + H = ctx->state[7]; + + P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 ); + P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 ); + P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF ); + P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 ); + P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B ); + P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 ); + P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 ); + P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 ); + P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 ); + P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 ); + P( G, H, A, B, C, D, E, F, W[10], 0x243185BE ); + P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 ); + P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 ); + P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE ); + P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 ); + P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 ); + P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 ); + P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 ); + P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 ); + P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC ); + P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F ); + P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA ); + P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC ); + P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA ); + P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 ); + P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D ); + P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 ); + P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 ); + P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 ); + P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 ); + P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 ); + P( B, C, D, E, F, G, H, A, R(31), 0x14292967 ); + P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 ); + P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 ); + P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC ); + P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 ); + P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 ); + P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB ); + P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E ); + P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 ); + P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 ); + P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B ); + P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 ); + P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 ); + P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 ); + P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 ); + P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 ); + P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 ); + P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 ); + P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 ); + P( G, H, A, B, C, D, E, F, R(50), 0x2748774C ); + P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 ); + P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 ); + P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A ); + P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F ); + P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 ); + P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE ); + P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F ); + P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 ); + P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 ); + P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA ); + P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB ); + P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 ); + P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 ); + + ctx->state[0] += A; + ctx->state[1] += B; + ctx->state[2] += C; + ctx->state[3] += D; + ctx->state[4] += E; + ctx->state[5] += F; + ctx->state[6] += G; + ctx->state[7] += H; +} + +/* + * SHA-256 process buffer + */ +void sha2_update( sha2_context *ctx, unsigned char *input, int ilen ) +{ + int fill; + unsigned long left; + + if( ilen <= 0 ) + return; + + left = ctx->total[0] & 0x3F; + fill = 64 - left; + + ctx->total[0] += ilen; + ctx->total[0] &= 0xFFFFFFFF; + + if( ctx->total[0] < (unsigned long) ilen ) + ctx->total[1]++; + + if( left && ilen >= fill ) + { + memcpy( (void *) (ctx->buffer + left), + (void *) input, fill ); + sha2_process( ctx, ctx->buffer ); + input += fill; + ilen -= fill; + left = 0; + } + + while( ilen >= 64 ) + { + sha2_process( ctx, input ); + input += 64; + ilen -= 64; + } + + if( ilen > 0 ) + { + memcpy( (void *) (ctx->buffer + left), + (void *) input, ilen ); + } +} + +static const unsigned char sha2_padding[64] = +{ + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* + * SHA-256 final digest + */ +void sha2_finish( sha2_context *ctx, unsigned char output[32] ) +{ + unsigned long last, padn; + unsigned long high, low; + unsigned char msglen[8]; + + high = ( ctx->total[0] >> 29 ) + | ( ctx->total[1] << 3 ); + low = ( ctx->total[0] << 3 ); + + PUT_ULONG_BE( high, msglen, 0 ); + PUT_ULONG_BE( low, msglen, 4 ); + + last = ctx->total[0] & 0x3F; + padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); + + sha2_update( ctx, (unsigned char *) sha2_padding, padn ); + sha2_update( ctx, msglen, 8 ); + + PUT_ULONG_BE( ctx->state[0], output, 0 ); + PUT_ULONG_BE( ctx->state[1], output, 4 ); + PUT_ULONG_BE( ctx->state[2], output, 8 ); + PUT_ULONG_BE( ctx->state[3], output, 12 ); + PUT_ULONG_BE( ctx->state[4], output, 16 ); + PUT_ULONG_BE( ctx->state[5], output, 20 ); + PUT_ULONG_BE( ctx->state[6], output, 24 ); + + if( ctx->is224 == 0 ) + PUT_ULONG_BE( ctx->state[7], output, 28 ); +} + +/* + * output = SHA-256( input buffer ) + */ +void sha2( unsigned char *input, int ilen, + unsigned char output[32], int is224 ) +{ + sha2_context ctx; + + sha2_starts( &ctx, is224 ); + sha2_update( &ctx, input, ilen ); + sha2_finish( &ctx, output ); + + memset( &ctx, 0, sizeof( sha2_context ) ); +} + +/* + * output = SHA-256( file contents ) + */ +int sha2_file( char *path, unsigned char output[32], int is224 ) +{ + FILE *f; + size_t n; + sha2_context ctx; + unsigned char buf[1024]; + + if( ( f = fopen( path, "rb" ) ) == NULL ) + return( 1 ); + + sha2_starts( &ctx, is224 ); + + while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) + sha2_update( &ctx, buf, (int) n ); + + sha2_finish( &ctx, output ); + + memset( &ctx, 0, sizeof( sha2_context ) ); + + if( ferror( f ) != 0 ) + { + fclose( f ); + return( 2 ); + } + + fclose( f ); + return( 0 ); +} + +/* + * SHA-256 HMAC context setup + */ +void sha2_hmac_starts( sha2_context *ctx, unsigned char *key, int keylen, + int is224 ) +{ + int i; + unsigned char sum[32]; + + if( keylen > 64 ) + { + sha2( key, keylen, sum, is224 ); + keylen = ( is224 ) ? 28 : 32; + key = sum; + } + + memset( ctx->ipad, 0x36, 64 ); + memset( ctx->opad, 0x5C, 64 ); + + for( i = 0; i < keylen; i++ ) + { + ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] ); + ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] ); + } + + sha2_starts( ctx, is224 ); + sha2_update( ctx, ctx->ipad, 64 ); + + memset( sum, 0, sizeof( sum ) ); +} + +/* + * SHA-256 HMAC process buffer + */ +void sha2_hmac_update( sha2_context *ctx, unsigned char *input, int ilen ) +{ + sha2_update( ctx, input, ilen ); +} + +/* + * SHA-256 HMAC final digest + */ +void sha2_hmac_finish( sha2_context *ctx, unsigned char output[32] ) +{ + int is224, hlen; + unsigned char tmpbuf[32]; + + is224 = ctx->is224; + hlen = ( is224 == 0 ) ? 32 : 28; + + sha2_finish( ctx, tmpbuf ); + sha2_starts( ctx, is224 ); + sha2_update( ctx, ctx->opad, 64 ); + sha2_update( ctx, tmpbuf, hlen ); + sha2_finish( ctx, output ); + + memset( tmpbuf, 0, sizeof( tmpbuf ) ); +} + +/* + * output = HMAC-SHA-256( hmac key, input buffer ) + */ +void sha2_hmac( unsigned char *key, int keylen, + unsigned char *input, int ilen, + unsigned char output[32], int is224 ) +{ + sha2_context ctx; + + sha2_hmac_starts( &ctx, key, keylen, is224 ); + sha2_hmac_update( &ctx, input, ilen ); + sha2_hmac_finish( &ctx, output ); + + memset( &ctx, 0, sizeof( sha2_context ) ); +} + +#if defined(XYSSL_SELF_TEST) +/* + * FIPS-180-2 test vectors + */ +static unsigned char sha2_test_buf[3][57] = +{ + { "abc" }, + { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, + { "" } +}; + +static const int sha2_test_buflen[3] = +{ + 3, 56, 1000 +}; + +static const unsigned char sha2_test_sum[6][32] = +{ + /* + * SHA-224 test vectors + */ + { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22, + 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3, + 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7, + 0xE3, 0x6C, 0x9D, 0xA7 }, + { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC, + 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50, + 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19, + 0x52, 0x52, 0x25, 0x25 }, + { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8, + 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B, + 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE, + 0x4E, 0xE7, 0xAD, 0x67 }, + + /* + * SHA-256 test vectors + */ + { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA, + 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23, + 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C, + 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD }, + { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8, + 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39, + 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67, + 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 }, + { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92, + 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67, + 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E, + 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 } +}; + +/* + * RFC 4231 test vectors + */ +static unsigned char sha2_hmac_test_key[7][26] = +{ + { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" + "\x0B\x0B\x0B\x0B" }, + { "Jefe" }, + { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA" }, + { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10" + "\x11\x12\x13\x14\x15\x16\x17\x18\x19" }, + { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C" + "\x0C\x0C\x0C\x0C" }, + { "" }, /* 0xAA 131 times */ + { "" } +}; + +static const int sha2_hmac_test_keylen[7] = +{ + 20, 4, 20, 25, 20, 131, 131 +}; + +static unsigned char sha2_hmac_test_buf[7][153] = +{ + { "Hi There" }, + { "what do ya want for nothing?" }, + { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" }, + { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" + "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" + "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" + "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" + "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" }, + { "Test With Truncation" }, + { "Test Using Larger Than Block-Size Key - Hash Key First" }, + { "This is a test using a larger than block-size key " + "and a larger than block-size data. The key needs to " + "be hashed before being used by the HMAC algorithm." } +}; + +static const int sha2_hmac_test_buflen[7] = +{ + 8, 28, 50, 50, 20, 54, 152 +}; + +static const unsigned char sha2_hmac_test_sum[14][32] = +{ + /* + * HMAC-SHA-224 test vectors + */ + { 0x89, 0x6F, 0xB1, 0x12, 0x8A, 0xBB, 0xDF, 0x19, + 0x68, 0x32, 0x10, 0x7C, 0xD4, 0x9D, 0xF3, 0x3F, + 0x47, 0xB4, 0xB1, 0x16, 0x99, 0x12, 0xBA, 0x4F, + 0x53, 0x68, 0x4B, 0x22 }, + { 0xA3, 0x0E, 0x01, 0x09, 0x8B, 0xC6, 0xDB, 0xBF, + 0x45, 0x69, 0x0F, 0x3A, 0x7E, 0x9E, 0x6D, 0x0F, + 0x8B, 0xBE, 0xA2, 0xA3, 0x9E, 0x61, 0x48, 0x00, + 0x8F, 0xD0, 0x5E, 0x44 }, + { 0x7F, 0xB3, 0xCB, 0x35, 0x88, 0xC6, 0xC1, 0xF6, + 0xFF, 0xA9, 0x69, 0x4D, 0x7D, 0x6A, 0xD2, 0x64, + 0x93, 0x65, 0xB0, 0xC1, 0xF6, 0x5D, 0x69, 0xD1, + 0xEC, 0x83, 0x33, 0xEA }, + { 0x6C, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3C, 0xAC, + 0x6A, 0x2A, 0xBC, 0x1B, 0xB3, 0x82, 0x62, 0x7C, + 0xEC, 0x6A, 0x90, 0xD8, 0x6E, 0xFC, 0x01, 0x2D, + 0xE7, 0xAF, 0xEC, 0x5A }, + { 0x0E, 0x2A, 0xEA, 0x68, 0xA9, 0x0C, 0x8D, 0x37, + 0xC9, 0x88, 0xBC, 0xDB, 0x9F, 0xCA, 0x6F, 0xA8 }, + { 0x95, 0xE9, 0xA0, 0xDB, 0x96, 0x20, 0x95, 0xAD, + 0xAE, 0xBE, 0x9B, 0x2D, 0x6F, 0x0D, 0xBC, 0xE2, + 0xD4, 0x99, 0xF1, 0x12, 0xF2, 0xD2, 0xB7, 0x27, + 0x3F, 0xA6, 0x87, 0x0E }, + { 0x3A, 0x85, 0x41, 0x66, 0xAC, 0x5D, 0x9F, 0x02, + 0x3F, 0x54, 0xD5, 0x17, 0xD0, 0xB3, 0x9D, 0xBD, + 0x94, 0x67, 0x70, 0xDB, 0x9C, 0x2B, 0x95, 0xC9, + 0xF6, 0xF5, 0x65, 0xD1 }, + + /* + * HMAC-SHA-256 test vectors + */ + { 0xB0, 0x34, 0x4C, 0x61, 0xD8, 0xDB, 0x38, 0x53, + 0x5C, 0xA8, 0xAF, 0xCE, 0xAF, 0x0B, 0xF1, 0x2B, + 0x88, 0x1D, 0xC2, 0x00, 0xC9, 0x83, 0x3D, 0xA7, + 0x26, 0xE9, 0x37, 0x6C, 0x2E, 0x32, 0xCF, 0xF7 }, + { 0x5B, 0xDC, 0xC1, 0x46, 0xBF, 0x60, 0x75, 0x4E, + 0x6A, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xC7, + 0x5A, 0x00, 0x3F, 0x08, 0x9D, 0x27, 0x39, 0x83, + 0x9D, 0xEC, 0x58, 0xB9, 0x64, 0xEC, 0x38, 0x43 }, + { 0x77, 0x3E, 0xA9, 0x1E, 0x36, 0x80, 0x0E, 0x46, + 0x85, 0x4D, 0xB8, 0xEB, 0xD0, 0x91, 0x81, 0xA7, + 0x29, 0x59, 0x09, 0x8B, 0x3E, 0xF8, 0xC1, 0x22, + 0xD9, 0x63, 0x55, 0x14, 0xCE, 0xD5, 0x65, 0xFE }, + { 0x82, 0x55, 0x8A, 0x38, 0x9A, 0x44, 0x3C, 0x0E, + 0xA4, 0xCC, 0x81, 0x98, 0x99, 0xF2, 0x08, 0x3A, + 0x85, 0xF0, 0xFA, 0xA3, 0xE5, 0x78, 0xF8, 0x07, + 0x7A, 0x2E, 0x3F, 0xF4, 0x67, 0x29, 0x66, 0x5B }, + { 0xA3, 0xB6, 0x16, 0x74, 0x73, 0x10, 0x0E, 0xE0, + 0x6E, 0x0C, 0x79, 0x6C, 0x29, 0x55, 0x55, 0x2B }, + { 0x60, 0xE4, 0x31, 0x59, 0x1E, 0xE0, 0xB6, 0x7F, + 0x0D, 0x8A, 0x26, 0xAA, 0xCB, 0xF5, 0xB7, 0x7F, + 0x8E, 0x0B, 0xC6, 0x21, 0x37, 0x28, 0xC5, 0x14, + 0x05, 0x46, 0x04, 0x0F, 0x0E, 0xE3, 0x7F, 0x54 }, + { 0x9B, 0x09, 0xFF, 0xA7, 0x1B, 0x94, 0x2F, 0xCB, + 0x27, 0x63, 0x5F, 0xBC, 0xD5, 0xB0, 0xE9, 0x44, + 0xBF, 0xDC, 0x63, 0x64, 0x4F, 0x07, 0x13, 0x93, + 0x8A, 0x7F, 0x51, 0x53, 0x5C, 0x3A, 0x35, 0xE2 } +}; + +/* + * Checkup routine + */ +int sha2_self_test( int verbose ) +{ + int i, j, k, buflen; + unsigned char buf[1024]; + unsigned char sha2sum[32]; + sha2_context ctx; + + for( i = 0; i < 6; i++ ) + { + j = i % 3; + k = i < 3; + + if( verbose != 0 ) + printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 ); + + sha2_starts( &ctx, k ); + + if( j == 2 ) + { + memset( buf, 'a', buflen = 1000 ); + + for( j = 0; j < 1000; j++ ) + sha2_update( &ctx, buf, buflen ); + } + else + sha2_update( &ctx, sha2_test_buf[j], + sha2_test_buflen[j] ); + + sha2_finish( &ctx, sha2sum ); + + if( memcmp( sha2sum, sha2_test_sum[i], 32 - k * 4 ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n" ); + } + + if( verbose != 0 ) + printf( "\n" ); + + for( i = 0; i < 14; i++ ) + { + j = i % 7; + k = i < 7; + + if( verbose != 0 ) + printf( " HMAC-SHA-%d test #%d: ", 256 - k * 32, j + 1 ); + + if( j == 5 || j == 6 ) + { + memset( buf, '\xAA', buflen = 131 ); + sha2_hmac_starts( &ctx, buf, buflen, k ); + } + else + sha2_hmac_starts( &ctx, sha2_hmac_test_key[j], + sha2_hmac_test_keylen[j], k ); + + sha2_hmac_update( &ctx, sha2_hmac_test_buf[j], + sha2_hmac_test_buflen[j] ); + + sha2_hmac_finish( &ctx, sha2sum ); + + buflen = ( j == 4 ) ? 16 : 32 - k * 4; + + if( memcmp( sha2sum, sha2_hmac_test_sum[i], buflen ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n" ); + } + + if( verbose != 0 ) + printf( "\n" ); + + return( 0 ); +} + +#endif + +#endif diff --git a/library/sha4.c b/library/sha4.c new file mode 100644 index 000000000..52422a07f --- /dev/null +++ b/library/sha4.c @@ -0,0 +1,743 @@ +/* + * FIPS-180-2 compliant SHA-384/512 implementation + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +/* + * The SHA-512 Secure Hash Standard was published by NIST in 2002. + * + * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_SHA4_C) + +#include "xyssl/sha4.h" + +#include +#include + +/* + * 64-bit integer manipulation macros (big endian) + */ +#ifndef GET_UINT64_BE +#define GET_UINT64_BE(n,b,i) \ +{ \ + (n) = ( (unsigned int64) (b)[(i) ] << 56 ) \ + | ( (unsigned int64) (b)[(i) + 1] << 48 ) \ + | ( (unsigned int64) (b)[(i) + 2] << 40 ) \ + | ( (unsigned int64) (b)[(i) + 3] << 32 ) \ + | ( (unsigned int64) (b)[(i) + 4] << 24 ) \ + | ( (unsigned int64) (b)[(i) + 5] << 16 ) \ + | ( (unsigned int64) (b)[(i) + 6] << 8 ) \ + | ( (unsigned int64) (b)[(i) + 7] ); \ +} +#endif + +#ifndef PUT_UINT64_BE +#define PUT_UINT64_BE(n,b,i) \ +{ \ + (b)[(i) ] = (unsigned char) ( (n) >> 56 ); \ + (b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \ + (b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \ + (b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \ + (b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \ + (b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \ + (b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \ + (b)[(i) + 7] = (unsigned char) ( (n) ); \ +} +#endif + +/* + * Round constants + */ +static const unsigned int64 K[80] = +{ + UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD), + UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC), + UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019), + UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118), + UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE), + UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2), + UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1), + UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694), + UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3), + UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65), + UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483), + UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5), + UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210), + UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4), + UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725), + UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70), + UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926), + UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF), + UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8), + UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B), + UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001), + UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30), + UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910), + UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8), + UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53), + UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8), + UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB), + UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3), + UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60), + UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC), + UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9), + UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B), + UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207), + UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178), + UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6), + UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B), + UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493), + UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C), + UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A), + UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817) +}; + +/* + * SHA-512 context setup + */ +void sha4_starts( sha4_context *ctx, int is384 ) +{ + ctx->total[0] = 0; + ctx->total[1] = 0; + + if( is384 == 0 ) + { + /* SHA-512 */ + ctx->state[0] = UL64(0x6A09E667F3BCC908); + ctx->state[1] = UL64(0xBB67AE8584CAA73B); + ctx->state[2] = UL64(0x3C6EF372FE94F82B); + ctx->state[3] = UL64(0xA54FF53A5F1D36F1); + ctx->state[4] = UL64(0x510E527FADE682D1); + ctx->state[5] = UL64(0x9B05688C2B3E6C1F); + ctx->state[6] = UL64(0x1F83D9ABFB41BD6B); + ctx->state[7] = UL64(0x5BE0CD19137E2179); + } + else + { + /* SHA-384 */ + ctx->state[0] = UL64(0xCBBB9D5DC1059ED8); + ctx->state[1] = UL64(0x629A292A367CD507); + ctx->state[2] = UL64(0x9159015A3070DD17); + ctx->state[3] = UL64(0x152FECD8F70E5939); + ctx->state[4] = UL64(0x67332667FFC00B31); + ctx->state[5] = UL64(0x8EB44A8768581511); + ctx->state[6] = UL64(0xDB0C2E0D64F98FA7); + ctx->state[7] = UL64(0x47B5481DBEFA4FA4); + } + + ctx->is384 = is384; +} + +static void sha4_process( sha4_context *ctx, unsigned char data[128] ) +{ + int i; + unsigned int64 temp1, temp2, W[80]; + unsigned int64 A, B, C, D, E, F, G, H; + +#define SHR(x,n) (x >> n) +#define ROTR(x,n) (SHR(x,n) | (x << (64 - n))) + +#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7)) +#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6)) + +#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39)) +#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41)) + +#define F0(x,y,z) ((x & y) | (z & (x | y))) +#define F1(x,y,z) (z ^ (x & (y ^ z))) + +#define P(a,b,c,d,e,f,g,h,x,K) \ +{ \ + temp1 = h + S3(e) + F1(e,f,g) + K + x; \ + temp2 = S2(a) + F0(a,b,c); \ + d += temp1; h = temp1 + temp2; \ +} + + for( i = 0; i < 16; i++ ) + { + GET_UINT64_BE( W[i], data, i << 3 ); + } + + for( ; i < 80; i++ ) + { + W[i] = S1(W[i - 2]) + W[i - 7] + + S0(W[i - 15]) + W[i - 16]; + } + + A = ctx->state[0]; + B = ctx->state[1]; + C = ctx->state[2]; + D = ctx->state[3]; + E = ctx->state[4]; + F = ctx->state[5]; + G = ctx->state[6]; + H = ctx->state[7]; + i = 0; + + do + { + P( A, B, C, D, E, F, G, H, W[i], K[i] ); i++; + P( H, A, B, C, D, E, F, G, W[i], K[i] ); i++; + P( G, H, A, B, C, D, E, F, W[i], K[i] ); i++; + P( F, G, H, A, B, C, D, E, W[i], K[i] ); i++; + P( E, F, G, H, A, B, C, D, W[i], K[i] ); i++; + P( D, E, F, G, H, A, B, C, W[i], K[i] ); i++; + P( C, D, E, F, G, H, A, B, W[i], K[i] ); i++; + P( B, C, D, E, F, G, H, A, W[i], K[i] ); i++; + } + while( i < 80 ); + + ctx->state[0] += A; + ctx->state[1] += B; + ctx->state[2] += C; + ctx->state[3] += D; + ctx->state[4] += E; + ctx->state[5] += F; + ctx->state[6] += G; + ctx->state[7] += H; +} + +/* + * SHA-512 process buffer + */ +void sha4_update( sha4_context *ctx, unsigned char *input, int ilen ) +{ + int fill; + unsigned int64 left; + + if( ilen <= 0 ) + return; + + left = ctx->total[0] & 0x7F; + fill = (int)( 128 - left ); + + ctx->total[0] += ilen; + + if( ctx->total[0] < (unsigned int64) ilen ) + ctx->total[1]++; + + if( left && ilen >= fill ) + { + memcpy( (void *) (ctx->buffer + left), + (void *) input, fill ); + sha4_process( ctx, ctx->buffer ); + input += fill; + ilen -= fill; + left = 0; + } + + while( ilen >= 128 ) + { + sha4_process( ctx, input ); + input += 128; + ilen -= 128; + } + + if( ilen > 0 ) + { + memcpy( (void *) (ctx->buffer + left), + (void *) input, ilen ); + } +} + +static const unsigned char sha4_padding[128] = +{ + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* + * SHA-512 final digest + */ +void sha4_finish( sha4_context *ctx, unsigned char output[64] ) +{ + int last, padn; + unsigned int64 high, low; + unsigned char msglen[16]; + + high = ( ctx->total[0] >> 61 ) + | ( ctx->total[1] << 3 ); + low = ( ctx->total[0] << 3 ); + + PUT_UINT64_BE( high, msglen, 0 ); + PUT_UINT64_BE( low, msglen, 8 ); + + last = (int)( ctx->total[0] & 0x7F ); + padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last ); + + sha4_update( ctx, (unsigned char *) sha4_padding, padn ); + sha4_update( ctx, msglen, 16 ); + + PUT_UINT64_BE( ctx->state[0], output, 0 ); + PUT_UINT64_BE( ctx->state[1], output, 8 ); + PUT_UINT64_BE( ctx->state[2], output, 16 ); + PUT_UINT64_BE( ctx->state[3], output, 24 ); + PUT_UINT64_BE( ctx->state[4], output, 32 ); + PUT_UINT64_BE( ctx->state[5], output, 40 ); + + if( ctx->is384 == 0 ) + { + PUT_UINT64_BE( ctx->state[6], output, 48 ); + PUT_UINT64_BE( ctx->state[7], output, 56 ); + } +} + +/* + * output = SHA-512( input buffer ) + */ +void sha4( unsigned char *input, int ilen, + unsigned char output[64], int is384 ) +{ + sha4_context ctx; + + sha4_starts( &ctx, is384 ); + sha4_update( &ctx, input, ilen ); + sha4_finish( &ctx, output ); + + memset( &ctx, 0, sizeof( sha4_context ) ); +} + +/* + * output = SHA-512( file contents ) + */ +int sha4_file( char *path, unsigned char output[64], int is384 ) +{ + FILE *f; + size_t n; + sha4_context ctx; + unsigned char buf[1024]; + + if( ( f = fopen( path, "rb" ) ) == NULL ) + return( 1 ); + + sha4_starts( &ctx, is384 ); + + while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) + sha4_update( &ctx, buf, (int) n ); + + sha4_finish( &ctx, output ); + + memset( &ctx, 0, sizeof( sha4_context ) ); + + if( ferror( f ) != 0 ) + { + fclose( f ); + return( 2 ); + } + + fclose( f ); + return( 0 ); +} + +/* + * SHA-512 HMAC context setup + */ +void sha4_hmac_starts( sha4_context *ctx, unsigned char *key, int keylen, + int is384 ) +{ + int i; + unsigned char sum[64]; + + if( keylen > 128 ) + { + sha4( key, keylen, sum, is384 ); + keylen = ( is384 ) ? 48 : 64; + key = sum; + } + + memset( ctx->ipad, 0x36, 128 ); + memset( ctx->opad, 0x5C, 128 ); + + for( i = 0; i < keylen; i++ ) + { + ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] ); + ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] ); + } + + sha4_starts( ctx, is384 ); + sha4_update( ctx, ctx->ipad, 128 ); + + memset( sum, 0, sizeof( sum ) ); +} + +/* + * SHA-512 HMAC process buffer + */ +void sha4_hmac_update( sha4_context *ctx, + unsigned char *input, int ilen ) +{ + sha4_update( ctx, input, ilen ); +} + +/* + * SHA-512 HMAC final digest + */ +void sha4_hmac_finish( sha4_context *ctx, unsigned char output[64] ) +{ + int is384, hlen; + unsigned char tmpbuf[64]; + + is384 = ctx->is384; + hlen = ( is384 == 0 ) ? 64 : 48; + + sha4_finish( ctx, tmpbuf ); + sha4_starts( ctx, is384 ); + sha4_update( ctx, ctx->opad, 128 ); + sha4_update( ctx, tmpbuf, hlen ); + sha4_finish( ctx, output ); + + memset( tmpbuf, 0, sizeof( tmpbuf ) ); +} + +/* + * output = HMAC-SHA-512( hmac key, input buffer ) + */ +void sha4_hmac( unsigned char *key, int keylen, + unsigned char *input, int ilen, + unsigned char output[64], int is384 ) +{ + sha4_context ctx; + + sha4_hmac_starts( &ctx, key, keylen, is384 ); + sha4_hmac_update( &ctx, input, ilen ); + sha4_hmac_finish( &ctx, output ); + + memset( &ctx, 0, sizeof( sha4_context ) ); +} + +#if defined(XYSSL_SELF_TEST) + +/* + * FIPS-180-2 test vectors + */ +static unsigned char sha4_test_buf[3][113] = +{ + { "abc" }, + { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" + "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" }, + { "" } +}; + +static const int sha4_test_buflen[3] = +{ + 3, 112, 1000 +}; + +static const unsigned char sha4_test_sum[6][64] = +{ + /* + * SHA-384 test vectors + */ + { 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B, + 0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07, + 0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63, + 0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED, + 0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23, + 0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7 }, + { 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8, + 0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47, + 0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2, + 0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12, + 0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9, + 0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39 }, + { 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB, + 0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C, + 0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52, + 0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B, + 0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB, + 0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 }, + + /* + * SHA-512 test vectors + */ + { 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA, + 0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31, + 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2, + 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A, + 0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8, + 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD, + 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E, + 0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F }, + { 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA, + 0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F, + 0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1, + 0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18, + 0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4, + 0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A, + 0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54, + 0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09 }, + { 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64, + 0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63, + 0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28, + 0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB, + 0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A, + 0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B, + 0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E, + 0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B } +}; + +/* + * RFC 4231 test vectors + */ +static unsigned char sha4_hmac_test_key[7][26] = +{ + { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" + "\x0B\x0B\x0B\x0B" }, + { "Jefe" }, + { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA" }, + { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10" + "\x11\x12\x13\x14\x15\x16\x17\x18\x19" }, + { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C" + "\x0C\x0C\x0C\x0C" }, + { "" }, /* 0xAA 131 times */ + { "" } +}; + +static const int sha4_hmac_test_keylen[7] = +{ + 20, 4, 20, 25, 20, 131, 131 +}; + +static unsigned char sha4_hmac_test_buf[7][153] = +{ + { "Hi There" }, + { "what do ya want for nothing?" }, + { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" }, + { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" + "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" + "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" + "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" + "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" }, + { "Test With Truncation" }, + { "Test Using Larger Than Block-Size Key - Hash Key First" }, + { "This is a test using a larger than block-size key " + "and a larger than block-size data. The key needs to " + "be hashed before being used by the HMAC algorithm." } +}; + +static const int sha4_hmac_test_buflen[7] = +{ + 8, 28, 50, 50, 20, 54, 152 +}; + +static const unsigned char sha4_hmac_test_sum[14][64] = +{ + /* + * HMAC-SHA-384 test vectors + */ + { 0xAF, 0xD0, 0x39, 0x44, 0xD8, 0x48, 0x95, 0x62, + 0x6B, 0x08, 0x25, 0xF4, 0xAB, 0x46, 0x90, 0x7F, + 0x15, 0xF9, 0xDA, 0xDB, 0xE4, 0x10, 0x1E, 0xC6, + 0x82, 0xAA, 0x03, 0x4C, 0x7C, 0xEB, 0xC5, 0x9C, + 0xFA, 0xEA, 0x9E, 0xA9, 0x07, 0x6E, 0xDE, 0x7F, + 0x4A, 0xF1, 0x52, 0xE8, 0xB2, 0xFA, 0x9C, 0xB6 }, + { 0xAF, 0x45, 0xD2, 0xE3, 0x76, 0x48, 0x40, 0x31, + 0x61, 0x7F, 0x78, 0xD2, 0xB5, 0x8A, 0x6B, 0x1B, + 0x9C, 0x7E, 0xF4, 0x64, 0xF5, 0xA0, 0x1B, 0x47, + 0xE4, 0x2E, 0xC3, 0x73, 0x63, 0x22, 0x44, 0x5E, + 0x8E, 0x22, 0x40, 0xCA, 0x5E, 0x69, 0xE2, 0xC7, + 0x8B, 0x32, 0x39, 0xEC, 0xFA, 0xB2, 0x16, 0x49 }, + { 0x88, 0x06, 0x26, 0x08, 0xD3, 0xE6, 0xAD, 0x8A, + 0x0A, 0xA2, 0xAC, 0xE0, 0x14, 0xC8, 0xA8, 0x6F, + 0x0A, 0xA6, 0x35, 0xD9, 0x47, 0xAC, 0x9F, 0xEB, + 0xE8, 0x3E, 0xF4, 0xE5, 0x59, 0x66, 0x14, 0x4B, + 0x2A, 0x5A, 0xB3, 0x9D, 0xC1, 0x38, 0x14, 0xB9, + 0x4E, 0x3A, 0xB6, 0xE1, 0x01, 0xA3, 0x4F, 0x27 }, + { 0x3E, 0x8A, 0x69, 0xB7, 0x78, 0x3C, 0x25, 0x85, + 0x19, 0x33, 0xAB, 0x62, 0x90, 0xAF, 0x6C, 0xA7, + 0x7A, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9C, + 0xC5, 0x57, 0x7C, 0x6E, 0x1F, 0x57, 0x3B, 0x4E, + 0x68, 0x01, 0xDD, 0x23, 0xC4, 0xA7, 0xD6, 0x79, + 0xCC, 0xF8, 0xA3, 0x86, 0xC6, 0x74, 0xCF, 0xFB }, + { 0x3A, 0xBF, 0x34, 0xC3, 0x50, 0x3B, 0x2A, 0x23, + 0xA4, 0x6E, 0xFC, 0x61, 0x9B, 0xAE, 0xF8, 0x97 }, + { 0x4E, 0xCE, 0x08, 0x44, 0x85, 0x81, 0x3E, 0x90, + 0x88, 0xD2, 0xC6, 0x3A, 0x04, 0x1B, 0xC5, 0xB4, + 0x4F, 0x9E, 0xF1, 0x01, 0x2A, 0x2B, 0x58, 0x8F, + 0x3C, 0xD1, 0x1F, 0x05, 0x03, 0x3A, 0xC4, 0xC6, + 0x0C, 0x2E, 0xF6, 0xAB, 0x40, 0x30, 0xFE, 0x82, + 0x96, 0x24, 0x8D, 0xF1, 0x63, 0xF4, 0x49, 0x52 }, + { 0x66, 0x17, 0x17, 0x8E, 0x94, 0x1F, 0x02, 0x0D, + 0x35, 0x1E, 0x2F, 0x25, 0x4E, 0x8F, 0xD3, 0x2C, + 0x60, 0x24, 0x20, 0xFE, 0xB0, 0xB8, 0xFB, 0x9A, + 0xDC, 0xCE, 0xBB, 0x82, 0x46, 0x1E, 0x99, 0xC5, + 0xA6, 0x78, 0xCC, 0x31, 0xE7, 0x99, 0x17, 0x6D, + 0x38, 0x60, 0xE6, 0x11, 0x0C, 0x46, 0x52, 0x3E }, + + /* + * HMAC-SHA-512 test vectors + */ + { 0x87, 0xAA, 0x7C, 0xDE, 0xA5, 0xEF, 0x61, 0x9D, + 0x4F, 0xF0, 0xB4, 0x24, 0x1A, 0x1D, 0x6C, 0xB0, + 0x23, 0x79, 0xF4, 0xE2, 0xCE, 0x4E, 0xC2, 0x78, + 0x7A, 0xD0, 0xB3, 0x05, 0x45, 0xE1, 0x7C, 0xDE, + 0xDA, 0xA8, 0x33, 0xB7, 0xD6, 0xB8, 0xA7, 0x02, + 0x03, 0x8B, 0x27, 0x4E, 0xAE, 0xA3, 0xF4, 0xE4, + 0xBE, 0x9D, 0x91, 0x4E, 0xEB, 0x61, 0xF1, 0x70, + 0x2E, 0x69, 0x6C, 0x20, 0x3A, 0x12, 0x68, 0x54 }, + { 0x16, 0x4B, 0x7A, 0x7B, 0xFC, 0xF8, 0x19, 0xE2, + 0xE3, 0x95, 0xFB, 0xE7, 0x3B, 0x56, 0xE0, 0xA3, + 0x87, 0xBD, 0x64, 0x22, 0x2E, 0x83, 0x1F, 0xD6, + 0x10, 0x27, 0x0C, 0xD7, 0xEA, 0x25, 0x05, 0x54, + 0x97, 0x58, 0xBF, 0x75, 0xC0, 0x5A, 0x99, 0x4A, + 0x6D, 0x03, 0x4F, 0x65, 0xF8, 0xF0, 0xE6, 0xFD, + 0xCA, 0xEA, 0xB1, 0xA3, 0x4D, 0x4A, 0x6B, 0x4B, + 0x63, 0x6E, 0x07, 0x0A, 0x38, 0xBC, 0xE7, 0x37 }, + { 0xFA, 0x73, 0xB0, 0x08, 0x9D, 0x56, 0xA2, 0x84, + 0xEF, 0xB0, 0xF0, 0x75, 0x6C, 0x89, 0x0B, 0xE9, + 0xB1, 0xB5, 0xDB, 0xDD, 0x8E, 0xE8, 0x1A, 0x36, + 0x55, 0xF8, 0x3E, 0x33, 0xB2, 0x27, 0x9D, 0x39, + 0xBF, 0x3E, 0x84, 0x82, 0x79, 0xA7, 0x22, 0xC8, + 0x06, 0xB4, 0x85, 0xA4, 0x7E, 0x67, 0xC8, 0x07, + 0xB9, 0x46, 0xA3, 0x37, 0xBE, 0xE8, 0x94, 0x26, + 0x74, 0x27, 0x88, 0x59, 0xE1, 0x32, 0x92, 0xFB }, + { 0xB0, 0xBA, 0x46, 0x56, 0x37, 0x45, 0x8C, 0x69, + 0x90, 0xE5, 0xA8, 0xC5, 0xF6, 0x1D, 0x4A, 0xF7, + 0xE5, 0x76, 0xD9, 0x7F, 0xF9, 0x4B, 0x87, 0x2D, + 0xE7, 0x6F, 0x80, 0x50, 0x36, 0x1E, 0xE3, 0xDB, + 0xA9, 0x1C, 0xA5, 0xC1, 0x1A, 0xA2, 0x5E, 0xB4, + 0xD6, 0x79, 0x27, 0x5C, 0xC5, 0x78, 0x80, 0x63, + 0xA5, 0xF1, 0x97, 0x41, 0x12, 0x0C, 0x4F, 0x2D, + 0xE2, 0xAD, 0xEB, 0xEB, 0x10, 0xA2, 0x98, 0xDD }, + { 0x41, 0x5F, 0xAD, 0x62, 0x71, 0x58, 0x0A, 0x53, + 0x1D, 0x41, 0x79, 0xBC, 0x89, 0x1D, 0x87, 0xA6 }, + { 0x80, 0xB2, 0x42, 0x63, 0xC7, 0xC1, 0xA3, 0xEB, + 0xB7, 0x14, 0x93, 0xC1, 0xDD, 0x7B, 0xE8, 0xB4, + 0x9B, 0x46, 0xD1, 0xF4, 0x1B, 0x4A, 0xEE, 0xC1, + 0x12, 0x1B, 0x01, 0x37, 0x83, 0xF8, 0xF3, 0x52, + 0x6B, 0x56, 0xD0, 0x37, 0xE0, 0x5F, 0x25, 0x98, + 0xBD, 0x0F, 0xD2, 0x21, 0x5D, 0x6A, 0x1E, 0x52, + 0x95, 0xE6, 0x4F, 0x73, 0xF6, 0x3F, 0x0A, 0xEC, + 0x8B, 0x91, 0x5A, 0x98, 0x5D, 0x78, 0x65, 0x98 }, + { 0xE3, 0x7B, 0x6A, 0x77, 0x5D, 0xC8, 0x7D, 0xBA, + 0xA4, 0xDF, 0xA9, 0xF9, 0x6E, 0x5E, 0x3F, 0xFD, + 0xDE, 0xBD, 0x71, 0xF8, 0x86, 0x72, 0x89, 0x86, + 0x5D, 0xF5, 0xA3, 0x2D, 0x20, 0xCD, 0xC9, 0x44, + 0xB6, 0x02, 0x2C, 0xAC, 0x3C, 0x49, 0x82, 0xB1, + 0x0D, 0x5E, 0xEB, 0x55, 0xC3, 0xE4, 0xDE, 0x15, + 0x13, 0x46, 0x76, 0xFB, 0x6D, 0xE0, 0x44, 0x60, + 0x65, 0xC9, 0x74, 0x40, 0xFA, 0x8C, 0x6A, 0x58 } +}; + +/* + * Checkup routine + */ +int sha4_self_test( int verbose ) +{ + int i, j, k, buflen; + unsigned char buf[1024]; + unsigned char sha4sum[64]; + sha4_context ctx; + + for( i = 0; i < 6; i++ ) + { + j = i % 3; + k = i < 3; + + if( verbose != 0 ) + printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 ); + + sha4_starts( &ctx, k ); + + if( j == 2 ) + { + memset( buf, 'a', buflen = 1000 ); + + for( j = 0; j < 1000; j++ ) + sha4_update( &ctx, buf, buflen ); + } + else + sha4_update( &ctx, sha4_test_buf[j], + sha4_test_buflen[j] ); + + sha4_finish( &ctx, sha4sum ); + + if( memcmp( sha4sum, sha4_test_sum[i], 64 - k * 16 ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n" ); + } + + if( verbose != 0 ) + printf( "\n" ); + + for( i = 0; i < 14; i++ ) + { + j = i % 7; + k = i < 7; + + if( verbose != 0 ) + printf( " HMAC-SHA-%d test #%d: ", 512 - k * 128, j + 1 ); + + if( j == 5 || j == 6 ) + { + memset( buf, '\xAA', buflen = 131 ); + sha4_hmac_starts( &ctx, buf, buflen, k ); + } + else + sha4_hmac_starts( &ctx, sha4_hmac_test_key[j], + sha4_hmac_test_keylen[j], k ); + + sha4_hmac_update( &ctx, sha4_hmac_test_buf[j], + sha4_hmac_test_buflen[j] ); + + sha4_hmac_finish( &ctx, sha4sum ); + + buflen = ( j == 4 ) ? 16 : 64 - k * 16; + + if( memcmp( sha4sum, sha4_hmac_test_sum[i], buflen ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( 1 ); + } + + if( verbose != 0 ) + printf( "passed\n" ); + } + + if( verbose != 0 ) + printf( "\n" ); + + return( 0 ); +} + +#endif + +#endif diff --git a/library/ssl_cli.c b/library/ssl_cli.c new file mode 100644 index 000000000..ad91b5f35 --- /dev/null +++ b/library/ssl_cli.c @@ -0,0 +1,768 @@ +/* + * SSLv3/TLSv1 client-side functions + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_SSL_CLI_C) + +#include "xyssl/debug.h" +#include "xyssl/ssl.h" + +#include +#include +#include +#include + +static int ssl_write_client_hello( ssl_context *ssl ) +{ + int ret, i, n; + unsigned char *buf; + unsigned char *p; + time_t t; + + SSL_DEBUG_MSG( 2, ( "=> write client hello" ) ); + + ssl->major_ver = SSL_MAJOR_VERSION_3; + ssl->minor_ver = SSL_MINOR_VERSION_0; + + ssl->max_major_ver = SSL_MAJOR_VERSION_3; + ssl->max_minor_ver = SSL_MINOR_VERSION_1; + + /* + * 0 . 0 handshake type + * 1 . 3 handshake length + * 4 . 5 highest version supported + * 6 . 9 current UNIX time + * 10 . 37 random bytes + */ + buf = ssl->out_msg; + p = buf + 4; + + *p++ = (unsigned char) ssl->max_major_ver; + *p++ = (unsigned char) ssl->max_minor_ver; + + SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]", + buf[4], buf[5] ) ); + + t = time( NULL ); + *p++ = (unsigned char)( t >> 24 ); + *p++ = (unsigned char)( t >> 16 ); + *p++ = (unsigned char)( t >> 8 ); + *p++ = (unsigned char)( t ); + + SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) ); + + for( i = 28; i > 0; i-- ) + *p++ = (unsigned char) ssl->f_rng( ssl->p_rng ); + + memcpy( ssl->randbytes, buf + 6, 32 ); + + SSL_DEBUG_BUF( 3, "client hello, random bytes", buf + 6, 32 ); + + /* + * 38 . 38 session id length + * 39 . 39+n session id + * 40+n . 41+n cipherlist length + * 42+n . .. cipherlist + * .. . .. compression alg. (0) + * .. . .. extensions (unused) + */ + n = ssl->session->length; + + if( n < 16 || n > 32 || ssl->resume == 0 || + t - ssl->session->start > ssl->timeout ) + n = 0; + + *p++ = (unsigned char) n; + + for( i = 0; i < n; i++ ) + *p++ = ssl->session->id[i]; + + SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) ); + SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n ); + + for( n = 0; ssl->ciphers[n] != 0; n++ ); + *p++ = (unsigned char)( n >> 7 ); + *p++ = (unsigned char)( n << 1 ); + + SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphers", n ) ); + + for( i = 0; i < n; i++ ) + { + SSL_DEBUG_MSG( 3, ( "client hello, add cipher: %2d", + ssl->ciphers[i] ) ); + + *p++ = (unsigned char)( ssl->ciphers[i] >> 8 ); + *p++ = (unsigned char)( ssl->ciphers[i] ); + } + + SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 1 ) ); + SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d", 0 ) ); + + *p++ = 1; + *p++ = SSL_COMPRESS_NULL; + + if ( ssl->hostname != NULL ) + { + SSL_DEBUG_MSG( 3, ( "client hello, server name extension: %s", + ssl->hostname ) ); + + *p++ = (unsigned char)( ( (ssl->hostname_len + 9) >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( (ssl->hostname_len + 9) ) & 0xFF ); + + *p++ = (unsigned char)( ( TLS_EXT_SERVERNAME >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( TLS_EXT_SERVERNAME ) & 0xFF ); + + *p++ = (unsigned char)( ( (ssl->hostname_len + 5) >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( (ssl->hostname_len + 5) ) & 0xFF ); + + *p++ = (unsigned char)( ( (ssl->hostname_len + 3) >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( (ssl->hostname_len + 3) ) & 0xFF ); + + *p++ = (unsigned char)( ( TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF ); + *p++ = (unsigned char)( ( ssl->hostname_len >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( ssl->hostname_len ) & 0xFF ); + + memcpy( p, ssl->hostname, ssl->hostname_len ); + + p += ssl->hostname_len; + } + + ssl->out_msglen = p - buf; + ssl->out_msgtype = SSL_MSG_HANDSHAKE; + ssl->out_msg[0] = SSL_HS_CLIENT_HELLO; + + ssl->state++; + + if( ( ret = ssl_write_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_write_record", ret ); + return( ret ); + } + + SSL_DEBUG_MSG( 2, ( "<= write client hello" ) ); + + return( 0 ); +} + +static int ssl_parse_server_hello( ssl_context *ssl ) +{ + time_t t; + int ret, i, n; + int ext_len; + unsigned char *buf; + + SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) ); + + /* + * 0 . 0 handshake type + * 1 . 3 handshake length + * 4 . 5 protocol version + * 6 . 9 UNIX time() + * 10 . 37 random bytes + */ + buf = ssl->in_msg; + + if( ( ret = ssl_read_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_read_record", ret ); + return( ret ); + } + + if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) + { + SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + return( XYSSL_ERR_SSL_UNEXPECTED_MESSAGE ); + } + + SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]", + buf[4], buf[5] ) ); + + if( ssl->in_hslen < 42 || + buf[0] != SSL_HS_SERVER_HELLO || + buf[4] != SSL_MAJOR_VERSION_3 ) + { + SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + + if( buf[5] != SSL_MINOR_VERSION_0 && + buf[5] != SSL_MINOR_VERSION_1 ) + { + SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + + ssl->minor_ver = buf[5]; + + t = ( (time_t) buf[6] << 24 ) + | ( (time_t) buf[7] << 16 ) + | ( (time_t) buf[8] << 8 ) + | ( (time_t) buf[9] ); + + memcpy( ssl->randbytes + 32, buf + 6, 32 ); + + n = buf[38]; + + SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); + SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 ); + + /* + * 38 . 38 session id length + * 39 . 38+n session id + * 39+n . 40+n chosen cipher + * 41+n . 41+n chosen compression alg. + * 42+n . 43+n extensions length + * 44+n . 44+n+m extensions + */ + if( n < 0 || n > 32 || ssl->in_hslen > 42 + n ) + { + ext_len = ( ( buf[42 + n] << 8 ) + | ( buf[43 + n] ) ) + 2; + } + else + { + ext_len = 0; + } + + if( n < 0 || n > 32 || ssl->in_hslen != 42 + n + ext_len ) + { + SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + + i = ( buf[39 + n] << 8 ) | buf[40 + n]; + + SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) ); + SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n ); + + /* + * Check if the session can be resumed + */ + if( ssl->resume == 0 || n == 0 || + ssl->session->cipher != i || + ssl->session->length != n || + memcmp( ssl->session->id, buf + 39, n ) != 0 ) + { + ssl->state++; + ssl->resume = 0; + ssl->session->start = time( NULL ); + ssl->session->cipher = i; + ssl->session->length = n; + memcpy( ssl->session->id, buf + 39, n ); + } + else + { + ssl->state = SSL_SERVER_CHANGE_CIPHER_SPEC; + ssl_derive_keys( ssl ); + } + + SSL_DEBUG_MSG( 3, ( "%s session has been resumed", + ssl->resume ? "a" : "no" ) ); + + SSL_DEBUG_MSG( 3, ( "server hello, chosen cipher: %d", i ) ); + SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[41 + n] ) ); + + i = 0; + while( 1 ) + { + if( ssl->ciphers[i] == 0 ) + { + SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + + if( ssl->ciphers[i++] == ssl->session->cipher ) + break; + } + + if( buf[41 + n] != SSL_COMPRESS_NULL ) + { + SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + + /* TODO: Process extensions */ + + SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) ); + + return( 0 ); +} + +static int ssl_parse_server_key_exchange( ssl_context *ssl ) +{ + int ret, n; + unsigned char *p, *end; + unsigned char hash[36]; + md5_context md5; + sha1_context sha1; + + SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) ); + + if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA && + ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA ) + { + SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) ); + ssl->state++; + return( 0 ); + } + +#if !defined(XYSSL_DHM_C) + SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) ); + return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE ); +#else + if( ( ret = ssl_read_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_read_record", ret ); + return( ret ); + } + + if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) + { + SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + return( XYSSL_ERR_SSL_UNEXPECTED_MESSAGE ); + } + + if( ssl->in_msg[0] != SSL_HS_SERVER_KEY_EXCHANGE ) + { + SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } + + /* + * Ephemeral DH parameters: + * + * struct { + * opaque dh_p<1..2^16-1>; + * opaque dh_g<1..2^16-1>; + * opaque dh_Ys<1..2^16-1>; + * } ServerDHParams; + */ + p = ssl->in_msg + 4; + end = ssl->in_msg + ssl->in_hslen; + + if( ( ret = dhm_read_params( &ssl->dhm_ctx, &p, end ) ) != 0 ) + { + SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } + + if( (int)( end - p ) != ssl->peer_cert->rsa.len ) + { + SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } + + if( ssl->dhm_ctx.len < 64 || ssl->dhm_ctx.len > 256 ) + { + SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + } + + SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->dhm_ctx.P ); + SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->dhm_ctx.G ); + SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->dhm_ctx.GY ); + + /* + * digitally-signed struct { + * opaque md5_hash[16]; + * opaque sha_hash[20]; + * }; + * + * md5_hash + * MD5(ClientHello.random + ServerHello.random + * + ServerParams); + * sha_hash + * SHA(ClientHello.random + ServerHello.random + * + ServerParams); + */ + n = ssl->in_hslen - ( end - p ) - 6; + + md5_starts( &md5 ); + md5_update( &md5, ssl->randbytes, 64 ); + md5_update( &md5, ssl->in_msg + 4, n ); + md5_finish( &md5, hash ); + + sha1_starts( &sha1 ); + sha1_update( &sha1, ssl->randbytes, 64 ); + sha1_update( &sha1, ssl->in_msg + 4, n ); + sha1_finish( &sha1, hash + 16 ); + + SSL_DEBUG_BUF( 3, "parameters hash", hash, 36 ); + + if( ( ret = rsa_pkcs1_verify( &ssl->peer_cert->rsa, RSA_PUBLIC, + RSA_RAW, 36, hash, p ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret ); + return( ret ); + } + + ssl->state++; + + SSL_DEBUG_MSG( 2, ( "<= parse server key exchange" ) ); + + return( 0 ); +#endif +} + +static int ssl_parse_certificate_request( ssl_context *ssl ) +{ + int ret; + + SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) ); + + /* + * 0 . 0 handshake type + * 1 . 3 handshake length + * 4 . 5 SSL version + * 6 . 6 cert type count + * 7 .. n-1 cert types + * n .. n+1 length of all DNs + * n+2 .. n+3 length of DN 1 + * n+4 .. ... Distinguished Name #1 + * ... .. ... length of DN 2, etc. + */ + if( ( ret = ssl_read_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_read_record", ret ); + return( ret ); + } + + if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) + { + SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); + return( XYSSL_ERR_SSL_UNEXPECTED_MESSAGE ); + } + + ssl->client_auth = 0; + ssl->state++; + + if( ssl->in_msg[0] == SSL_HS_CERTIFICATE_REQUEST ) + ssl->client_auth++; + + SSL_DEBUG_MSG( 3, ( "got %s certificate request", + ssl->client_auth ? "a" : "no" ) ); + + SSL_DEBUG_MSG( 2, ( "<= parse certificate request" ) ); + + return( 0 ); +} + +static int ssl_parse_server_hello_done( ssl_context *ssl ) +{ + int ret; + + SSL_DEBUG_MSG( 2, ( "=> parse server hello done" ) ); + + if( ssl->client_auth != 0 ) + { + if( ( ret = ssl_read_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_read_record", ret ); + return( ret ); + } + + if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) + { + SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) ); + return( XYSSL_ERR_SSL_UNEXPECTED_MESSAGE ); + } + } + + if( ssl->in_hslen != 4 || + ssl->in_msg[0] != SSL_HS_SERVER_HELLO_DONE ) + { + SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE ); + } + + ssl->state++; + + SSL_DEBUG_MSG( 2, ( "<= parse server hello done" ) ); + + return( 0 ); +} + +static int ssl_write_client_key_exchange( ssl_context *ssl ) +{ + int ret, i, n; + + SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) ); + + if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA || + ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA ) + { +#if !defined(XYSSL_DHM_C) + SSL_DEBUG_MSG( 1, ( "support for dhm in not available" ) ); + return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE ); +#else + /* + * DHM key exchange -- send G^X mod P + */ + n = ssl->dhm_ctx.len; + + ssl->out_msg[4] = (unsigned char)( n >> 8 ); + ssl->out_msg[5] = (unsigned char)( n ); + i = 6; + + ret = dhm_make_public( &ssl->dhm_ctx, 256, + &ssl->out_msg[i], n, + ssl->f_rng, ssl->p_rng ); + if( ret != 0 ) + { + SSL_DEBUG_RET( 1, "dhm_make_public", ret ); + return( ret ); + } + + SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->dhm_ctx.X ); + SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->dhm_ctx.GX ); + + ssl->pmslen = ssl->dhm_ctx.len; + + if( ( ret = dhm_calc_secret( &ssl->dhm_ctx, + ssl->premaster, + &ssl->pmslen ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "dhm_calc_secret", ret ); + return( ret ); + } + + SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->dhm_ctx.K ); +#endif + } + else + { + /* + * RSA key exchange -- send rsa_public(pkcs1 v1.5(premaster)) + */ + ssl->premaster[0] = (unsigned char) ssl->max_major_ver; + ssl->premaster[1] = (unsigned char) ssl->max_minor_ver; + ssl->pmslen = 48; + + for( i = 2; i < ssl->pmslen; i++ ) + ssl->premaster[i] = (unsigned char) ssl->f_rng( ssl->p_rng ); + + i = 4; + n = ssl->peer_cert->rsa.len; + + if( ssl->minor_ver != SSL_MINOR_VERSION_0 ) + { + i += 2; + ssl->out_msg[4] = (unsigned char)( n >> 8 ); + ssl->out_msg[5] = (unsigned char)( n ); + } + + ret = rsa_pkcs1_encrypt( &ssl->peer_cert->rsa, RSA_PUBLIC, + ssl->pmslen, ssl->premaster, + ssl->out_msg + i ); + if( ret != 0 ) + { + SSL_DEBUG_RET( 1, "rsa_pkcs1_encrypt", ret ); + return( ret ); + } + } + + ssl_derive_keys( ssl ); + + ssl->out_msglen = i + n; + ssl->out_msgtype = SSL_MSG_HANDSHAKE; + ssl->out_msg[0] = SSL_HS_CLIENT_KEY_EXCHANGE; + + ssl->state++; + + if( ( ret = ssl_write_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_write_record", ret ); + return( ret ); + } + + SSL_DEBUG_MSG( 2, ( "<= write client key exchange" ) ); + + return( 0 ); +} + +static int ssl_write_certificate_verify( ssl_context *ssl ) +{ + int ret, n; + unsigned char hash[36]; + + SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); + + if( ssl->client_auth == 0 ) + { + SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); + ssl->state++; + return( 0 ); + } + + if( ssl->rsa_key == NULL ) + { + SSL_DEBUG_MSG( 1, ( "got no private key" ) ); + return( XYSSL_ERR_SSL_PRIVATE_KEY_REQUIRED ); + } + + /* + * Make an RSA signature of the handshake digests + */ + ssl_calc_verify( ssl, hash ); + + n = ssl->rsa_key->len; + ssl->out_msg[4] = (unsigned char)( n >> 8 ); + ssl->out_msg[5] = (unsigned char)( n ); + + if( ( ret = rsa_pkcs1_sign( ssl->rsa_key, RSA_PRIVATE, RSA_RAW, + 36, hash, ssl->out_msg + 6 ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "rsa_pkcs1_sign", ret ); + return( ret ); + } + + ssl->out_msglen = 6 + n; + ssl->out_msgtype = SSL_MSG_HANDSHAKE; + ssl->out_msg[0] = SSL_HS_CERTIFICATE_VERIFY; + + ssl->state++; + + if( ( ret = ssl_write_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_write_record", ret ); + return( ret ); + } + + SSL_DEBUG_MSG( 2, ( "<= write certificate verify" ) ); + + return( 0 ); +} + +/* + * SSL handshake -- client side + */ +int ssl_handshake_client( ssl_context *ssl ) +{ + int ret = 0; + + SSL_DEBUG_MSG( 2, ( "=> handshake client" ) ); + + while( ssl->state != SSL_HANDSHAKE_OVER ) + { + SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) ); + + if( ( ret = ssl_flush_output( ssl ) ) != 0 ) + break; + + switch( ssl->state ) + { + case SSL_HELLO_REQUEST: + ssl->state = SSL_CLIENT_HELLO; + break; + + /* + * ==> ClientHello + */ + case SSL_CLIENT_HELLO: + ret = ssl_write_client_hello( ssl ); + break; + + /* + * <== ServerHello + * Certificate + * ( ServerKeyExchange ) + * ( CertificateRequest ) + * ServerHelloDone + */ + case SSL_SERVER_HELLO: + ret = ssl_parse_server_hello( ssl ); + break; + + case SSL_SERVER_CERTIFICATE: + ret = ssl_parse_certificate( ssl ); + break; + + case SSL_SERVER_KEY_EXCHANGE: + ret = ssl_parse_server_key_exchange( ssl ); + break; + + case SSL_CERTIFICATE_REQUEST: + ret = ssl_parse_certificate_request( ssl ); + break; + + case SSL_SERVER_HELLO_DONE: + ret = ssl_parse_server_hello_done( ssl ); + break; + + /* + * ==> ( Certificate/Alert ) + * ClientKeyExchange + * ( CertificateVerify ) + * ChangeCipherSpec + * Finished + */ + case SSL_CLIENT_CERTIFICATE: + ret = ssl_write_certificate( ssl ); + break; + + case SSL_CLIENT_KEY_EXCHANGE: + ret = ssl_write_client_key_exchange( ssl ); + break; + + case SSL_CERTIFICATE_VERIFY: + ret = ssl_write_certificate_verify( ssl ); + break; + + case SSL_CLIENT_CHANGE_CIPHER_SPEC: + ret = ssl_write_change_cipher_spec( ssl ); + break; + + case SSL_CLIENT_FINISHED: + ret = ssl_write_finished( ssl ); + break; + + /* + * <== ChangeCipherSpec + * Finished + */ + case SSL_SERVER_CHANGE_CIPHER_SPEC: + ret = ssl_parse_change_cipher_spec( ssl ); + break; + + case SSL_SERVER_FINISHED: + ret = ssl_parse_finished( ssl ); + break; + + case SSL_FLUSH_BUFFERS: + SSL_DEBUG_MSG( 2, ( "handshake: done" ) ); + ssl->state = SSL_HANDSHAKE_OVER; + break; + + default: + SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) ); + return( XYSSL_ERR_SSL_BAD_INPUT_DATA ); + } + + if( ret != 0 ) + break; + } + + SSL_DEBUG_MSG( 2, ( "<= handshake client" ) ); + + return( ret ); +} + +#endif diff --git a/library/ssl_srv.c b/library/ssl_srv.c new file mode 100644 index 000000000..b8dd6618e --- /dev/null +++ b/library/ssl_srv.c @@ -0,0 +1,930 @@ +/* + * SSLv3/TLSv1 server-side functions + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_SSL_SRV_C) + +#include "xyssl/debug.h" +#include "xyssl/ssl.h" + +#include +#include +#include +#include + +static int ssl_parse_client_hello( ssl_context *ssl ) +{ + int ret, i, j, n; + int ciph_len, sess_len; + int chal_len, comp_len; + unsigned char *buf, *p; + + SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) ); + + if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_fetch_input", ret ); + return( ret ); + } + + buf = ssl->in_hdr; + + if( ( buf[0] & 0x80 ) != 0 ) + { + SSL_DEBUG_BUF( 4, "record header", buf, 5 ); + + SSL_DEBUG_MSG( 3, ( "client hello v2, message type: %d", + buf[2] ) ); + SSL_DEBUG_MSG( 3, ( "client hello v2, message len.: %d", + ( ( buf[0] & 0x7F ) << 8 ) | buf[1] ) ); + SSL_DEBUG_MSG( 3, ( "client hello v2, max. version: [%d:%d]", + buf[3], buf[4] ) ); + + /* + * SSLv2 Client Hello + * + * Record layer: + * 0 . 1 message length + * + * SSL layer: + * 2 . 2 message type + * 3 . 4 protocol version + */ + if( buf[2] != SSL_HS_CLIENT_HELLO || + buf[3] != SSL_MAJOR_VERSION_3 ) + { + SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + n = ( ( buf[0] << 8 ) | buf[1] ) & 0x7FFF; + + if( n < 17 || n > 512 ) + { + SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + ssl->max_major_ver = buf[3]; + ssl->max_minor_ver = buf[4]; + + ssl->major_ver = SSL_MAJOR_VERSION_3; + ssl->minor_ver = ( buf[4] <= SSL_MINOR_VERSION_1 ) + ? buf[4] : SSL_MINOR_VERSION_1; + + if( ( ret = ssl_fetch_input( ssl, 2 + n ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_fetch_input", ret ); + return( ret ); + } + + md5_update( &ssl->fin_md5 , buf + 2, n ); + sha1_update( &ssl->fin_sha1, buf + 2, n ); + + buf = ssl->in_msg; + n = ssl->in_left - 5; + + /* + * 0 . 1 cipherlist length + * 2 . 3 session id length + * 4 . 5 challenge length + * 6 . .. cipherlist + * .. . .. session id + * .. . .. challenge + */ + SSL_DEBUG_BUF( 4, "record contents", buf, n ); + + ciph_len = ( buf[0] << 8 ) | buf[1]; + sess_len = ( buf[2] << 8 ) | buf[3]; + chal_len = ( buf[4] << 8 ) | buf[5]; + + SSL_DEBUG_MSG( 3, ( "ciph_len: %d, sess_len: %d, chal_len: %d", + ciph_len, sess_len, chal_len ) ); + + /* + * Make sure each parameter length is valid + */ + if( ciph_len < 3 || ( ciph_len % 3 ) != 0 ) + { + SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + if( sess_len < 0 || sess_len > 32 ) + { + SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + if( chal_len < 8 || chal_len > 32 ) + { + SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + if( n != 6 + ciph_len + sess_len + chal_len ) + { + SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + SSL_DEBUG_BUF( 3, "client hello, cipherlist", + buf + 6, ciph_len ); + SSL_DEBUG_BUF( 3, "client hello, session id", + buf + 6 + ciph_len, sess_len ); + SSL_DEBUG_BUF( 3, "client hello, challenge", + buf + 6 + ciph_len + sess_len, chal_len ); + + p = buf + 6 + ciph_len; + ssl->session->length = sess_len; + memset( ssl->session->id, 0, sizeof( ssl->session->id ) ); + memcpy( ssl->session->id, p, ssl->session->length ); + + p += sess_len; + memset( ssl->randbytes, 0, 64 ); + memcpy( ssl->randbytes + 32 - chal_len, p, chal_len ); + + for( i = 0; ssl->ciphers[i] != 0; i++ ) + { + for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 ) + { + if( p[0] == 0 && + p[1] == 0 && + p[2] == ssl->ciphers[i] ) + goto have_cipher; + } + } + } + else + { + SSL_DEBUG_BUF( 4, "record header", buf, 5 ); + + SSL_DEBUG_MSG( 3, ( "client hello v3, message type: %d", + buf[0] ) ); + SSL_DEBUG_MSG( 3, ( "client hello v3, message len.: %d", + ( buf[3] << 8 ) | buf[4] ) ); + SSL_DEBUG_MSG( 3, ( "client hello v3, protocol ver: [%d:%d]", + buf[1], buf[2] ) ); + + /* + * SSLv3 Client Hello + * + * Record layer: + * 0 . 0 message type + * 1 . 2 protocol version + * 3 . 4 message length + */ + if( buf[0] != SSL_MSG_HANDSHAKE || + buf[1] != SSL_MAJOR_VERSION_3 ) + { + SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + n = ( buf[3] << 8 ) | buf[4]; + + if( n < 45 || n > 512 ) + { + SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + if( ( ret = ssl_fetch_input( ssl, 5 + n ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_fetch_input", ret ); + return( ret ); + } + + buf = ssl->in_msg; + n = ssl->in_left - 5; + + md5_update( &ssl->fin_md5 , buf, n ); + sha1_update( &ssl->fin_sha1, buf, n ); + + /* + * SSL layer: + * 0 . 0 handshake type + * 1 . 3 handshake length + * 4 . 5 protocol version + * 6 . 9 UNIX time() + * 10 . 37 random bytes + * 38 . 38 session id length + * 39 . 38+x session id + * 39+x . 40+x cipherlist length + * 41+x . .. cipherlist + * .. . .. compression alg. + * .. . .. extensions + */ + SSL_DEBUG_BUF( 4, "record contents", buf, n ); + + SSL_DEBUG_MSG( 3, ( "client hello v3, handshake type: %d", + buf[0] ) ); + SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %d", + ( buf[1] << 16 ) | ( buf[2] << 8 ) | buf[3] ) ); + SSL_DEBUG_MSG( 3, ( "client hello v3, max. version: [%d:%d]", + buf[4], buf[5] ) ); + + /* + * Check the handshake type and protocol version + */ + if( buf[0] != SSL_HS_CLIENT_HELLO || + buf[4] != SSL_MAJOR_VERSION_3 ) + { + SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + ssl->major_ver = SSL_MAJOR_VERSION_3; + ssl->minor_ver = ( buf[5] <= SSL_MINOR_VERSION_1 ) + ? buf[5] : SSL_MINOR_VERSION_1; + + ssl->max_major_ver = buf[4]; + ssl->max_minor_ver = buf[5]; + + memcpy( ssl->randbytes, buf + 6, 32 ); + + /* + * Check the handshake message length + */ + if( buf[1] != 0 || n != 4 + ( ( buf[2] << 8 ) | buf[3] ) ) + { + SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + /* + * Check the session length + */ + sess_len = buf[38]; + + if( sess_len < 0 || sess_len > 32 ) + { + SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + ssl->session->length = sess_len; + memset( ssl->session->id, 0, sizeof( ssl->session->id ) ); + memcpy( ssl->session->id, buf + 39 , ssl->session->length ); + + /* + * Check the cipherlist length + */ + ciph_len = ( buf[39 + sess_len] << 8 ) + | ( buf[40 + sess_len] ); + + if( ciph_len < 2 || ciph_len > 256 || ( ciph_len % 2 ) != 0 ) + { + SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + /* + * Check the compression algorithms length + */ + comp_len = buf[41 + sess_len + ciph_len]; + + if( comp_len < 1 || comp_len > 16 ) + { + SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + SSL_DEBUG_BUF( 3, "client hello, random bytes", + buf + 6, 32 ); + SSL_DEBUG_BUF( 3, "client hello, session id", + buf + 38, sess_len ); + SSL_DEBUG_BUF( 3, "client hello, cipherlist", + buf + 41 + sess_len, ciph_len ); + SSL_DEBUG_BUF( 3, "client hello, compression", + buf + 42 + sess_len + ciph_len, comp_len ); + + /* + * Search for a matching cipher + */ + for( i = 0; ssl->ciphers[i] != 0; i++ ) + { + for( j = 0, p = buf + 41 + sess_len; j < ciph_len; + j += 2, p += 2 ) + { + if( p[0] == 0 && p[1] == ssl->ciphers[i] ) + goto have_cipher; + } + } + } + + SSL_DEBUG_MSG( 1, ( "got no ciphers in common" ) ); + + return( XYSSL_ERR_SSL_NO_CIPHER_CHOSEN ); + +have_cipher: + + ssl->session->cipher = ssl->ciphers[i]; + ssl->in_left = 0; + ssl->state++; + + SSL_DEBUG_MSG( 2, ( "<= parse client hello" ) ); + + return( 0 ); +} + +static int ssl_write_server_hello( ssl_context *ssl ) +{ + time_t t; + int ret, i, n; + unsigned char *buf, *p; + + SSL_DEBUG_MSG( 2, ( "=> write server hello" ) ); + + /* + * 0 . 0 handshake type + * 1 . 3 handshake length + * 4 . 5 protocol version + * 6 . 9 UNIX time() + * 10 . 37 random bytes + */ + buf = ssl->out_msg; + p = buf + 4; + + *p++ = (unsigned char) ssl->major_ver; + *p++ = (unsigned char) ssl->minor_ver; + + SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]", + buf[4], buf[5] ) ); + + t = time( NULL ); + *p++ = (unsigned char)( t >> 24 ); + *p++ = (unsigned char)( t >> 16 ); + *p++ = (unsigned char)( t >> 8 ); + *p++ = (unsigned char)( t ); + + SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); + + for( i = 28; i > 0; i-- ) + *p++ = (unsigned char) ssl->f_rng( ssl->p_rng ); + + memcpy( ssl->randbytes + 32, buf + 6, 32 ); + + SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 ); + + /* + * 38 . 38 session id length + * 39 . 38+n session id + * 39+n . 40+n chosen cipher + * 41+n . 41+n chosen compression alg. + */ + ssl->session->length = n = 32; + *p++ = (unsigned char) ssl->session->length; + + if( ssl->s_get == NULL || + ssl->s_get( ssl ) != 0 ) + { + /* + * Not found, create a new session id + */ + ssl->resume = 0; + ssl->state++; + + for( i = 0; i < n; i++ ) + ssl->session->id[i] = + (unsigned char) ssl->f_rng( ssl->p_rng ); + } + else + { + /* + * Found a matching session, resume it + */ + ssl->resume = 1; + ssl->state = SSL_SERVER_CHANGE_CIPHER_SPEC; + ssl_derive_keys( ssl ); + } + + memcpy( p, ssl->session->id, ssl->session->length ); + p += ssl->session->length; + + SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) ); + SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n ); + SSL_DEBUG_MSG( 3, ( "%s session has been resumed", + ssl->resume ? "a" : "no" ) ); + + *p++ = (unsigned char)( ssl->session->cipher >> 8 ); + *p++ = (unsigned char)( ssl->session->cipher ); + *p++ = SSL_COMPRESS_NULL; + + SSL_DEBUG_MSG( 3, ( "server hello, chosen cipher: %d", + ssl->session->cipher ) ); + SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", 0 ) ); + + ssl->out_msglen = p - buf; + ssl->out_msgtype = SSL_MSG_HANDSHAKE; + ssl->out_msg[0] = SSL_HS_SERVER_HELLO; + + ret = ssl_write_record( ssl ); + + SSL_DEBUG_MSG( 2, ( "<= write server hello" ) ); + + return( ret ); +} + +static int ssl_write_certificate_request( ssl_context *ssl ) +{ + int ret, n; + unsigned char *buf, *p; + x509_cert *crt; + + SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) ); + + ssl->state++; + + if( ssl->authmode == SSL_VERIFY_NONE ) + { + SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) ); + return( 0 ); + } + + /* + * 0 . 0 handshake type + * 1 . 3 handshake length + * 4 . 4 cert type count + * 5 .. n-1 cert types + * n .. n+1 length of all DNs + * n+2 .. n+3 length of DN 1 + * n+4 .. ... Distinguished Name #1 + * ... .. ... length of DN 2, etc. + */ + buf = ssl->out_msg; + p = buf + 4; + + /* + * At the moment, only RSA certificates are supported + */ + *p++ = 1; + *p++ = 1; + + p += 2; + crt = ssl->ca_chain; + + while( crt != NULL && crt->next != NULL ) + { + if( p - buf > 4096 ) + break; + + n = crt->subject_raw.len; + *p++ = (unsigned char)( n >> 8 ); + *p++ = (unsigned char)( n ); + memcpy( p, crt->subject_raw.p, n ); + + SSL_DEBUG_BUF( 3, "requested DN", p, n ); + p += n; crt = crt->next; + } + + ssl->out_msglen = n = p - buf; + ssl->out_msgtype = SSL_MSG_HANDSHAKE; + ssl->out_msg[0] = SSL_HS_CERTIFICATE_REQUEST; + ssl->out_msg[6] = (unsigned char)( ( n - 8 ) >> 8 ); + ssl->out_msg[7] = (unsigned char)( ( n - 8 ) ); + + ret = ssl_write_record( ssl ); + + SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) ); + + return( ret ); +} + +static int ssl_write_server_key_exchange( ssl_context *ssl ) +{ + int ret, n; + unsigned char hash[36]; + md5_context md5; + sha1_context sha1; + + SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) ); + + if( ssl->session->cipher != SSL_EDH_RSA_DES_168_SHA && + ssl->session->cipher != SSL_EDH_RSA_AES_256_SHA ) + { + SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) ); + ssl->state++; + return( 0 ); + } + +#if !defined(XYSSL_DHM_C) + SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) ); + return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE ); +#else + /* + * Ephemeral DH parameters: + * + * struct { + * opaque dh_p<1..2^16-1>; + * opaque dh_g<1..2^16-1>; + * opaque dh_Ys<1..2^16-1>; + * } ServerDHParams; + */ + if( ( ret = dhm_make_params( &ssl->dhm_ctx, 256, ssl->out_msg + 4, + &n, ssl->f_rng, ssl->p_rng ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "dhm_make_params", ret ); + return( ret ); + } + + SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->dhm_ctx.X ); + SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->dhm_ctx.P ); + SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->dhm_ctx.G ); + SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->dhm_ctx.GX ); + + /* + * digitally-signed struct { + * opaque md5_hash[16]; + * opaque sha_hash[20]; + * }; + * + * md5_hash + * MD5(ClientHello.random + ServerHello.random + * + ServerParams); + * sha_hash + * SHA(ClientHello.random + ServerHello.random + * + ServerParams); + */ + md5_starts( &md5 ); + md5_update( &md5, ssl->randbytes, 64 ); + md5_update( &md5, ssl->out_msg + 4, n ); + md5_finish( &md5, hash ); + + sha1_starts( &sha1 ); + sha1_update( &sha1, ssl->randbytes, 64 ); + sha1_update( &sha1, ssl->out_msg + 4, n ); + sha1_finish( &sha1, hash + 16 ); + + SSL_DEBUG_BUF( 3, "parameters hash", hash, 36 ); + + ssl->out_msg[4 + n] = (unsigned char)( ssl->rsa_key->len >> 8 ); + ssl->out_msg[5 + n] = (unsigned char)( ssl->rsa_key->len ); + + ret = rsa_pkcs1_sign( ssl->rsa_key, RSA_PRIVATE, + RSA_RAW, 36, hash, ssl->out_msg + 6 + n ); + if( ret != 0 ) + { + SSL_DEBUG_RET( 1, "rsa_pkcs1_sign", ret ); + return( ret ); + } + + SSL_DEBUG_BUF( 3, "my RSA sig", ssl->out_msg + 6 + n, + ssl->rsa_key->len ); + + ssl->out_msglen = 6 + n + ssl->rsa_key->len; + ssl->out_msgtype = SSL_MSG_HANDSHAKE; + ssl->out_msg[0] = SSL_HS_SERVER_KEY_EXCHANGE; + + ssl->state++; + + if( ( ret = ssl_write_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_write_record", ret ); + return( ret ); + } + + SSL_DEBUG_MSG( 2, ( "<= write server key exchange" ) ); + + return( 0 ); +#endif +} + +static int ssl_write_server_hello_done( ssl_context *ssl ) +{ + int ret; + + SSL_DEBUG_MSG( 2, ( "=> write server hello done" ) ); + + ssl->out_msglen = 4; + ssl->out_msgtype = SSL_MSG_HANDSHAKE; + ssl->out_msg[0] = SSL_HS_SERVER_HELLO_DONE; + + ssl->state++; + + if( ( ret = ssl_write_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_write_record", ret ); + return( ret ); + } + + SSL_DEBUG_MSG( 2, ( "<= write server hello done" ) ); + + return( 0 ); +} + +static int ssl_parse_client_key_exchange( ssl_context *ssl ) +{ + int ret, i, n; + + SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) ); + + if( ( ret = ssl_read_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_read_record", ret ); + return( ret ); + } + + if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) + { + SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + } + + if( ssl->in_msg[0] != SSL_HS_CLIENT_KEY_EXCHANGE ) + { + SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + } + + if( ssl->session->cipher == SSL_EDH_RSA_DES_168_SHA || + ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA ) + { +#if !defined(XYSSL_DHM_C) + SSL_DEBUG_MSG( 1, ( "support for dhm is not available" ) ); + return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE ); +#else + /* + * Receive G^Y mod P, premaster = (G^Y)^X mod P + */ + n = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; + + if( n < 1 || n > ssl->dhm_ctx.len || + n + 6 != ssl->in_hslen ) + { + SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + } + + if( ( ret = dhm_read_public( &ssl->dhm_ctx, + ssl->in_msg + 6, n ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "dhm_read_public", ret ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE | ret ); + } + + SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->dhm_ctx.GY ); + + ssl->pmslen = ssl->dhm_ctx.len; + + if( ( ret = dhm_calc_secret( &ssl->dhm_ctx, + ssl->premaster, &ssl->pmslen ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "dhm_calc_secret", ret ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE | ret ); + } + + SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->dhm_ctx.K ); +#endif + } + else + { + /* + * Decrypt the premaster using own private RSA key + */ + i = 4; + n = ssl->rsa_key->len; + ssl->pmslen = 48; + + if( ssl->minor_ver != SSL_MINOR_VERSION_0 ) + { + i += 2; + if( ssl->in_msg[4] != ( ( n >> 8 ) & 0xFF ) || + ssl->in_msg[5] != ( ( n ) & 0xFF ) ) + { + SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + } + } + + if( ssl->in_hslen != i + n ) + { + SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + } + + ret = rsa_pkcs1_decrypt( ssl->rsa_key, RSA_PRIVATE, &ssl->pmslen, + ssl->in_msg + i, ssl->premaster ); + + if( ret != 0 || ssl->pmslen != 48 || + ssl->premaster[0] != ssl->max_major_ver || + ssl->premaster[1] != ssl->max_minor_ver ) + { + SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); + + /* + * Protection against Bleichenbacher's attack: + * invalid PKCS#1 v1.5 padding must not cause + * the connection to end immediately; instead, + * send a bad_record_mac later in the handshake. + */ + ssl->pmslen = 48; + + for( i = 0; i < ssl->pmslen; i++ ) + ssl->premaster[i] = (unsigned char) ssl->f_rng( ssl->p_rng ); + } + } + + ssl_derive_keys( ssl ); + + if( ssl->s_set != NULL ) + ssl->s_set( ssl ); + + ssl->state++; + + SSL_DEBUG_MSG( 2, ( "<= parse client key exchange" ) ); + + return( 0 ); +} + +static int ssl_parse_certificate_verify( ssl_context *ssl ) +{ + int n1, n2, ret; + unsigned char hash[36]; + + SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); + + if( ssl->peer_cert == NULL ) + { + SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); + ssl->state++; + return( 0 ); + } + + ssl_calc_verify( ssl, hash ); + + if( ( ret = ssl_read_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_read_record", ret ); + return( ret ); + } + + ssl->state++; + + if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) + { + SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + } + + if( ssl->in_msg[0] != SSL_HS_CERTIFICATE_VERIFY ) + { + SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + } + + n1 = ssl->peer_cert->rsa.len; + n2 = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; + + if( n1 + 6 != ssl->in_hslen || n1 != n2 ) + { + SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + } + + ret = rsa_pkcs1_verify( &ssl->peer_cert->rsa, RSA_PUBLIC, + RSA_RAW, 36, hash, ssl->in_msg + 6 ); + if( ret != 0 ) + { + SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret ); + return( ret ); + } + + SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) ); + + return( 0 ); +} + +/* + * SSL handshake -- server side + */ +int ssl_handshake_server( ssl_context *ssl ) +{ + int ret = 0; + + SSL_DEBUG_MSG( 2, ( "=> handshake server" ) ); + + while( ssl->state != SSL_HANDSHAKE_OVER ) + { + SSL_DEBUG_MSG( 2, ( "server state: %d", ssl->state ) ); + + if( ( ret = ssl_flush_output( ssl ) ) != 0 ) + break; + + switch( ssl->state ) + { + case SSL_HELLO_REQUEST: + ssl->state = SSL_CLIENT_HELLO; + break; + + /* + * <== ClientHello + */ + case SSL_CLIENT_HELLO: + ret = ssl_parse_client_hello( ssl ); + break; + + /* + * ==> ServerHello + * Certificate + * ( ServerKeyExchange ) + * ( CertificateRequest ) + * ServerHelloDone + */ + case SSL_SERVER_HELLO: + ret = ssl_write_server_hello( ssl ); + break; + + case SSL_SERVER_CERTIFICATE: + ret = ssl_write_certificate( ssl ); + break; + + case SSL_SERVER_KEY_EXCHANGE: + ret = ssl_write_server_key_exchange( ssl ); + break; + + case SSL_CERTIFICATE_REQUEST: + ret = ssl_write_certificate_request( ssl ); + break; + + case SSL_SERVER_HELLO_DONE: + ret = ssl_write_server_hello_done( ssl ); + break; + + /* + * <== ( Certificate/Alert ) + * ClientKeyExchange + * ( CertificateVerify ) + * ChangeCipherSpec + * Finished + */ + case SSL_CLIENT_CERTIFICATE: + ret = ssl_parse_certificate( ssl ); + break; + + case SSL_CLIENT_KEY_EXCHANGE: + ret = ssl_parse_client_key_exchange( ssl ); + break; + + case SSL_CERTIFICATE_VERIFY: + ret = ssl_parse_certificate_verify( ssl ); + break; + + case SSL_CLIENT_CHANGE_CIPHER_SPEC: + ret = ssl_parse_change_cipher_spec( ssl ); + break; + + case SSL_CLIENT_FINISHED: + ret = ssl_parse_finished( ssl ); + break; + + /* + * ==> ChangeCipherSpec + * Finished + */ + case SSL_SERVER_CHANGE_CIPHER_SPEC: + ret = ssl_write_change_cipher_spec( ssl ); + break; + + case SSL_SERVER_FINISHED: + ret = ssl_write_finished( ssl ); + break; + + case SSL_FLUSH_BUFFERS: + SSL_DEBUG_MSG( 2, ( "handshake: done" ) ); + ssl->state = SSL_HANDSHAKE_OVER; + break; + + default: + SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) ); + return( XYSSL_ERR_SSL_BAD_INPUT_DATA ); + } + + if( ret != 0 ) + break; + } + + SSL_DEBUG_MSG( 2, ( "<= handshake server" ) ); + + return( ret ); +} + +#endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c new file mode 100644 index 000000000..72d98b8fe --- /dev/null +++ b/library/ssl_tls.c @@ -0,0 +1,1977 @@ +/* + * SSLv3/TLSv1 shared functions + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +/* + * The SSL 3.0 specification was drafted by Netscape in 1996, + * and became an IETF standard in 1999. + * + * http://wp.netscape.com/eng/ssl3/ + * http://www.ietf.org/rfc/rfc2246.txt + * http://www.ietf.org/rfc/rfc4346.txt + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_SSL_TLS_C) + +#include "xyssl/aes.h" +#include "xyssl/arc4.h" +#include "xyssl/des.h" +#include "xyssl/debug.h" +#include "xyssl/ssl.h" + +#include +#include +#include + +/* + * Key material generation + */ +static int tls1_prf( unsigned char *secret, int slen, char *label, + unsigned char *random, int rlen, + unsigned char *dstbuf, int dlen ) +{ + int nb, hs; + int i, j, k; + unsigned char *S1, *S2; + unsigned char tmp[128]; + unsigned char h_i[20]; + + if( sizeof( tmp ) < 20 + strlen( label ) + rlen ) + return( XYSSL_ERR_SSL_BAD_INPUT_DATA ); + + hs = ( slen + 1 ) / 2; + S1 = secret; + S2 = secret + slen - hs; + + nb = strlen( label ); + memcpy( tmp + 20, label, nb ); + memcpy( tmp + 20 + nb, random, rlen ); + nb += rlen; + + /* + * First compute P_md5(secret,label+random)[0..dlen] + */ + md5_hmac( S1, hs, tmp + 20, nb, 4 + tmp ); + + for( i = 0; i < dlen; i += 16 ) + { + md5_hmac( S1, hs, 4 + tmp, 16 + nb, h_i ); + md5_hmac( S1, hs, 4 + tmp, 16, 4 + tmp ); + + k = ( i + 16 > dlen ) ? dlen % 16 : 16; + + for( j = 0; j < k; j++ ) + dstbuf[i + j] = h_i[j]; + } + + /* + * XOR out with P_sha1(secret,label+random)[0..dlen] + */ + sha1_hmac( S2, hs, tmp + 20, nb, tmp ); + + for( i = 0; i < dlen; i += 20 ) + { + sha1_hmac( S2, hs, tmp, 20 + nb, h_i ); + sha1_hmac( S2, hs, tmp, 20, tmp ); + + k = ( i + 20 > dlen ) ? dlen % 20 : 20; + + for( j = 0; j < k; j++ ) + dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] ); + } + + memset( tmp, 0, sizeof( tmp ) ); + memset( h_i, 0, sizeof( h_i ) ); + + return( 0 ); +} + +int ssl_derive_keys( ssl_context *ssl ) +{ + int i; + md5_context md5; + sha1_context sha1; + unsigned char tmp[64]; + unsigned char padding[16]; + unsigned char sha1sum[20]; + unsigned char keyblk[256]; + unsigned char *key1; + unsigned char *key2; + + SSL_DEBUG_MSG( 2, ( "=> derive keys" ) ); + + /* + * SSLv3: + * master = + * MD5( premaster + SHA1( 'A' + premaster + randbytes ) ) + + * MD5( premaster + SHA1( 'BB' + premaster + randbytes ) ) + + * MD5( premaster + SHA1( 'CCC' + premaster + randbytes ) ) + * + * TLSv1: + * master = PRF( premaster, "master secret", randbytes )[0..47] + */ + if( ssl->resume == 0 ) + { + int len = ssl->pmslen; + + SSL_DEBUG_BUF( 3, "premaster secret", ssl->premaster, len ); + + if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) + { + for( i = 0; i < 3; i++ ) + { + memset( padding, 'A' + i, 1 + i ); + + sha1_starts( &sha1 ); + sha1_update( &sha1, padding, 1 + i ); + sha1_update( &sha1, ssl->premaster, len ); + sha1_update( &sha1, ssl->randbytes, 64 ); + sha1_finish( &sha1, sha1sum ); + + md5_starts( &md5 ); + md5_update( &md5, ssl->premaster, len ); + md5_update( &md5, sha1sum, 20 ); + md5_finish( &md5, ssl->session->master + i * 16 ); + } + } + else + tls1_prf( ssl->premaster, len, "master secret", + ssl->randbytes, 64, ssl->session->master, 48 ); + + memset( ssl->premaster, 0, sizeof( ssl->premaster ) ); + } + else + SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); + + /* + * Swap the client and server random values. + */ + memcpy( tmp, ssl->randbytes, 64 ); + memcpy( ssl->randbytes, tmp + 32, 32 ); + memcpy( ssl->randbytes + 32, tmp, 32 ); + memset( tmp, 0, sizeof( tmp ) ); + + /* + * SSLv3: + * key block = + * MD5( master + SHA1( 'A' + master + randbytes ) ) + + * MD5( master + SHA1( 'BB' + master + randbytes ) ) + + * MD5( master + SHA1( 'CCC' + master + randbytes ) ) + + * MD5( master + SHA1( 'DDDD' + master + randbytes ) ) + + * ... + * + * TLSv1: + * key block = PRF( master, "key expansion", randbytes ) + */ + if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) + { + for( i = 0; i < 16; i++ ) + { + memset( padding, 'A' + i, 1 + i ); + + sha1_starts( &sha1 ); + sha1_update( &sha1, padding, 1 + i ); + sha1_update( &sha1, ssl->session->master, 48 ); + sha1_update( &sha1, ssl->randbytes, 64 ); + sha1_finish( &sha1, sha1sum ); + + md5_starts( &md5 ); + md5_update( &md5, ssl->session->master, 48 ); + md5_update( &md5, sha1sum, 20 ); + md5_finish( &md5, keyblk + i * 16 ); + } + + memset( &md5, 0, sizeof( md5 ) ); + memset( &sha1, 0, sizeof( sha1 ) ); + + memset( padding, 0, sizeof( padding ) ); + memset( sha1sum, 0, sizeof( sha1sum ) ); + } + else + tls1_prf( ssl->session->master, 48, "key expansion", + ssl->randbytes, 64, keyblk, 256 ); + + SSL_DEBUG_MSG( 3, ( "cipher = %s", ssl_get_cipher( ssl ) ) ); + SSL_DEBUG_BUF( 3, "master secret", ssl->session->master, 48 ); + SSL_DEBUG_BUF( 4, "random bytes", ssl->randbytes, 64 ); + SSL_DEBUG_BUF( 4, "key block", keyblk, 256 ); + + memset( ssl->randbytes, 0, sizeof( ssl->randbytes ) ); + + /* + * Determine the appropriate key, IV and MAC length. + */ + switch( ssl->session->cipher ) + { +#if defined(XYSSL_ARC4_C) + case SSL_RSA_RC4_128_MD5: + ssl->keylen = 16; ssl->minlen = 16; + ssl->ivlen = 0; ssl->maclen = 16; + break; + + case SSL_RSA_RC4_128_SHA: + ssl->keylen = 16; ssl->minlen = 20; + ssl->ivlen = 0; ssl->maclen = 20; + break; +#endif + +#if defined(XYSSL_DES_C) + case SSL_RSA_DES_168_SHA: + case SSL_EDH_RSA_DES_168_SHA: + ssl->keylen = 24; ssl->minlen = 24; + ssl->ivlen = 8; ssl->maclen = 20; + break; +#endif + +#if defined(XYSSL_AES_C) + case SSL_RSA_AES_128_SHA: + ssl->keylen = 16; ssl->minlen = 32; + ssl->ivlen = 16; ssl->maclen = 20; + break; + + case SSL_RSA_AES_256_SHA: + case SSL_EDH_RSA_AES_256_SHA: + ssl->keylen = 32; ssl->minlen = 32; + ssl->ivlen = 16; ssl->maclen = 20; + break; +#endif + + default: + SSL_DEBUG_MSG( 1, ( "cipher %s is not available", + ssl_get_cipher( ssl ) ) ); + return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + } + + SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d", + ssl->keylen, ssl->minlen, ssl->ivlen, ssl->maclen ) ); + + /* + * Finally setup the cipher contexts, IVs and MAC secrets. + */ + if( ssl->endpoint == SSL_IS_CLIENT ) + { + key1 = keyblk + ssl->maclen * 2; + key2 = keyblk + ssl->maclen * 2 + ssl->keylen; + + memcpy( ssl->mac_enc, keyblk, ssl->maclen ); + memcpy( ssl->mac_dec, keyblk + ssl->maclen, ssl->maclen ); + + memcpy( ssl->iv_enc, key2 + ssl->keylen, ssl->ivlen ); + memcpy( ssl->iv_dec, key2 + ssl->keylen + ssl->ivlen, + ssl->ivlen ); + } + else + { + key1 = keyblk + ssl->maclen * 2 + ssl->keylen; + key2 = keyblk + ssl->maclen * 2; + + memcpy( ssl->mac_dec, keyblk, ssl->maclen ); + memcpy( ssl->mac_enc, keyblk + ssl->maclen, ssl->maclen ); + + memcpy( ssl->iv_dec, key1 + ssl->keylen, ssl->ivlen ); + memcpy( ssl->iv_enc, key1 + ssl->keylen + ssl->ivlen, + ssl->ivlen ); + } + + switch( ssl->session->cipher ) + { +#if defined(XYSSL_ARC4_C) + case SSL_RSA_RC4_128_MD5: + case SSL_RSA_RC4_128_SHA: + arc4_setup( (arc4_context *) ssl->ctx_enc, key1, ssl->keylen ); + arc4_setup( (arc4_context *) ssl->ctx_dec, key2, ssl->keylen ); + break; +#endif + +#if defined(XYSSL_DES_C) + case SSL_RSA_DES_168_SHA: + case SSL_EDH_RSA_DES_168_SHA: + des3_set3key_enc( (des3_context *) ssl->ctx_enc, key1 ); + des3_set3key_dec( (des3_context *) ssl->ctx_dec, key2 ); + break; +#endif + +#if defined(XYSSL_AES_C) + case SSL_RSA_AES_128_SHA: + aes_setkey_enc( (aes_context *) ssl->ctx_enc, key1, 128 ); + aes_setkey_dec( (aes_context *) ssl->ctx_dec, key2, 128 ); + break; + + case SSL_RSA_AES_256_SHA: + case SSL_EDH_RSA_AES_256_SHA: + aes_setkey_enc( (aes_context *) ssl->ctx_enc, key1, 256 ); + aes_setkey_dec( (aes_context *) ssl->ctx_dec, key2, 256 ); + break; +#endif + + default: + return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + } + + memset( keyblk, 0, sizeof( keyblk ) ); + + SSL_DEBUG_MSG( 2, ( "<= derive keys" ) ); + + return( 0 ); +} + +void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] ) +{ + md5_context md5; + sha1_context sha1; + unsigned char pad_1[48]; + unsigned char pad_2[48]; + + SSL_DEBUG_MSG( 2, ( "=> calc verify" ) ); + + memcpy( &md5 , &ssl->fin_md5 , sizeof( md5_context ) ); + memcpy( &sha1, &ssl->fin_sha1, sizeof( sha1_context ) ); + + if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) + { + memset( pad_1, 0x36, 48 ); + memset( pad_2, 0x5C, 48 ); + + md5_update( &md5, ssl->session->master, 48 ); + md5_update( &md5, pad_1, 48 ); + md5_finish( &md5, hash ); + + md5_starts( &md5 ); + md5_update( &md5, ssl->session->master, 48 ); + md5_update( &md5, pad_2, 48 ); + md5_update( &md5, hash, 16 ); + md5_finish( &md5, hash ); + + sha1_update( &sha1, ssl->session->master, 48 ); + sha1_update( &sha1, pad_1, 40 ); + sha1_finish( &sha1, hash + 16 ); + + sha1_starts( &sha1 ); + sha1_update( &sha1, ssl->session->master, 48 ); + sha1_update( &sha1, pad_2, 40 ); + sha1_update( &sha1, hash + 16, 20 ); + sha1_finish( &sha1, hash + 16 ); + } + else /* TLSv1 */ + { + md5_finish( &md5, hash ); + sha1_finish( &sha1, hash + 16 ); + } + + SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); + SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); + + return; +} + +/* + * SSLv3.0 MAC functions + */ +static void ssl_mac_md5( unsigned char *secret, + unsigned char *buf, int len, + unsigned char *ctr, int type ) +{ + unsigned char header[11]; + unsigned char padding[48]; + md5_context md5; + + memcpy( header, ctr, 8 ); + header[ 8] = (unsigned char) type; + header[ 9] = (unsigned char)( len >> 8 ); + header[10] = (unsigned char)( len ); + + memset( padding, 0x36, 48 ); + md5_starts( &md5 ); + md5_update( &md5, secret, 16 ); + md5_update( &md5, padding, 48 ); + md5_update( &md5, header, 11 ); + md5_update( &md5, buf, len ); + md5_finish( &md5, buf + len ); + + memset( padding, 0x5C, 48 ); + md5_starts( &md5 ); + md5_update( &md5, secret, 16 ); + md5_update( &md5, padding, 48 ); + md5_update( &md5, buf + len, 16 ); + md5_finish( &md5, buf + len ); +} + +static void ssl_mac_sha1( unsigned char *secret, + unsigned char *buf, int len, + unsigned char *ctr, int type ) +{ + unsigned char header[11]; + unsigned char padding[40]; + sha1_context sha1; + + memcpy( header, ctr, 8 ); + header[ 8] = (unsigned char) type; + header[ 9] = (unsigned char)( len >> 8 ); + header[10] = (unsigned char)( len ); + + memset( padding, 0x36, 40 ); + sha1_starts( &sha1 ); + sha1_update( &sha1, secret, 20 ); + sha1_update( &sha1, padding, 40 ); + sha1_update( &sha1, header, 11 ); + sha1_update( &sha1, buf, len ); + sha1_finish( &sha1, buf + len ); + + memset( padding, 0x5C, 40 ); + sha1_starts( &sha1 ); + sha1_update( &sha1, secret, 20 ); + sha1_update( &sha1, padding, 40 ); + sha1_update( &sha1, buf + len, 20 ); + sha1_finish( &sha1, buf + len ); +} + +/* + * Encryption/decryption functions + */ +static int ssl_encrypt_buf( ssl_context *ssl ) +{ + int i, padlen; + + SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) ); + + /* + * Add MAC then encrypt + */ + if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) + { + if( ssl->maclen == 16 ) + ssl_mac_md5( ssl->mac_enc, + ssl->out_msg, ssl->out_msglen, + ssl->out_ctr, ssl->out_msgtype ); + + if( ssl->maclen == 20 ) + ssl_mac_sha1( ssl->mac_enc, + ssl->out_msg, ssl->out_msglen, + ssl->out_ctr, ssl->out_msgtype ); + } + else + { + if( ssl->maclen == 16 ) + md5_hmac( ssl->mac_enc, 16, + ssl->out_ctr, ssl->out_msglen + 13, + ssl->out_msg + ssl->out_msglen ); + + if( ssl->maclen == 20 ) + sha1_hmac( ssl->mac_enc, 20, + ssl->out_ctr, ssl->out_msglen + 13, + ssl->out_msg + ssl->out_msglen ); + } + + SSL_DEBUG_BUF( 4, "computed mac", + ssl->out_msg + ssl->out_msglen, ssl->maclen ); + + ssl->out_msglen += ssl->maclen; + + for( i = 7; i >= 0; i-- ) + if( ++ssl->out_ctr[i] != 0 ) + break; + + if( ssl->ivlen == 0 ) + { +#if defined(XYSSL_ARC4_C) + padlen = 0; + + SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " + "including %d bytes of padding", + ssl->out_msglen, 0 ) ); + + SSL_DEBUG_BUF( 4, "before encrypt: output payload", + ssl->out_msg, ssl->out_msglen ); + + arc4_crypt( (arc4_context *) ssl->ctx_enc, + ssl->out_msg, ssl->out_msglen ); +#else + return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE ); +#endif + } + else + { + padlen = ssl->ivlen - ( ssl->out_msglen + 1 ) % ssl->ivlen; + if( padlen == ssl->ivlen ) + padlen = 0; + + for( i = 0; i <= padlen; i++ ) + ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen; + + ssl->out_msglen += padlen + 1; + + SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " + "including %d bytes of padding", + ssl->out_msglen, padlen + 1 ) ); + + SSL_DEBUG_BUF( 4, "before encrypt: output payload", + ssl->out_msg, ssl->out_msglen ); + + switch( ssl->ivlen ) + { + case 8: +#if defined(XYSSL_DES_C) + des3_crypt_cbc( (des3_context *) ssl->ctx_enc, + DES_ENCRYPT, ssl->out_msglen, + ssl->iv_enc, ssl->out_msg, ssl->out_msg ); + break; +#endif + + case 16: +#if defined(XYSSL_AES_C) + aes_crypt_cbc( (aes_context *) ssl->ctx_enc, + AES_ENCRYPT, ssl->out_msglen, + ssl->iv_enc, ssl->out_msg, ssl->out_msg ); + break; +#endif + + default: + return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + } + } + + SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) ); + + return( 0 ); +} + +static int ssl_decrypt_buf( ssl_context *ssl ) +{ + int i, padlen; + unsigned char tmp[20]; + + SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) ); + + if( ssl->in_msglen < ssl->minlen ) + { + SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)", + ssl->in_msglen, ssl->minlen ) ); + return( XYSSL_ERR_SSL_INVALID_MAC ); + } + + if( ssl->ivlen == 0 ) + { +#if defined(XYSSL_ARC4_C) + padlen = 0; + arc4_crypt( (arc4_context *) ssl->ctx_dec, + ssl->in_msg, ssl->in_msglen ); +#else + return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE ); +#endif + } + else + { + /* + * Decrypt and check the padding + */ + if( ssl->in_msglen % ssl->ivlen != 0 ) + { + SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0", + ssl->in_msglen, ssl->ivlen ) ); + return( XYSSL_ERR_SSL_INVALID_MAC ); + } + + switch( ssl->ivlen ) + { +#if defined(XYSSL_DES_C) + case 8: + des3_crypt_cbc( (des3_context *) ssl->ctx_dec, + DES_DECRYPT, ssl->in_msglen, + ssl->iv_dec, ssl->in_msg, ssl->in_msg ); + break; +#endif + +#if defined(XYSSL_AES_C) + case 16: + aes_crypt_cbc( (aes_context *) ssl->ctx_dec, + AES_DECRYPT, ssl->in_msglen, + ssl->iv_dec, ssl->in_msg, ssl->in_msg ); + break; +#endif + + default: + return( XYSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + } + + padlen = 1 + ssl->in_msg[ssl->in_msglen - 1]; + + if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) + { + if( padlen > ssl->ivlen ) + { + SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, " + "should be no more than %d", + padlen, ssl->ivlen ) ); + padlen = 0; + } + } + else + { + /* + * TLSv1: always check the padding + */ + for( i = 1; i <= padlen; i++ ) + { + if( ssl->in_msg[ssl->in_msglen - i] != padlen - 1 ) + { + SSL_DEBUG_MSG( 1, ( "bad padding byte: should be " + "%02x, but is %02x", padlen - 1, + ssl->in_msg[ssl->in_msglen - i] ) ); + padlen = 0; + } + } + } + } + + SSL_DEBUG_BUF( 4, "raw buffer after decryption", + ssl->in_msg, ssl->in_msglen ); + + /* + * Always compute the MAC (RFC4346, CBCTIME). + */ + ssl->in_msglen -= ( ssl->maclen + padlen ); + + ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 ); + ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen ); + + memcpy( tmp, ssl->in_msg + ssl->in_msglen, 20 ); + + if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) + { + if( ssl->maclen == 16 ) + ssl_mac_md5( ssl->mac_dec, + ssl->in_msg, ssl->in_msglen, + ssl->in_ctr, ssl->in_msgtype ); + else + ssl_mac_sha1( ssl->mac_dec, + ssl->in_msg, ssl->in_msglen, + ssl->in_ctr, ssl->in_msgtype ); + } + else + { + if( ssl->maclen == 16 ) + md5_hmac( ssl->mac_dec, 16, + ssl->in_ctr, ssl->in_msglen + 13, + ssl->in_msg + ssl->in_msglen ); + else + sha1_hmac( ssl->mac_dec, 20, + ssl->in_ctr, ssl->in_msglen + 13, + ssl->in_msg + ssl->in_msglen ); + } + + SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->maclen ); + SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen, + ssl->maclen ); + + if( memcmp( tmp, ssl->in_msg + ssl->in_msglen, + ssl->maclen ) != 0 ) + { + SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); + return( XYSSL_ERR_SSL_INVALID_MAC ); + } + + /* + * Finally check the padding length; bad padding + * will produce the same error as an invalid MAC. + */ + if( ssl->ivlen != 0 && padlen == 0 ) + return( XYSSL_ERR_SSL_INVALID_MAC ); + + if( ssl->in_msglen == 0 ) + { + ssl->nb_zero++; + + /* + * Three or more empty messages may be a DoS attack + * (excessive CPU consumption). + */ + if( ssl->nb_zero > 3 ) + { + SSL_DEBUG_MSG( 1, ( "received four consecutive empty " + "messages, possible DoS attack" ) ); + return( XYSSL_ERR_SSL_INVALID_MAC ); + } + } + else + ssl->nb_zero = 0; + + for( i = 7; i >= 0; i-- ) + if( ++ssl->in_ctr[i] != 0 ) + break; + + SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) ); + + return( 0 ); +} + +/* + * Fill the input message buffer + */ +int ssl_fetch_input( ssl_context *ssl, int nb_want ) +{ + int ret, len; + + SSL_DEBUG_MSG( 2, ( "=> fetch input" ) ); + + while( ssl->in_left < nb_want ) + { + len = nb_want - ssl->in_left; + ret = ssl->f_recv( ssl->p_recv, ssl->in_hdr + ssl->in_left, len ); + + SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d", + ssl->in_left, nb_want ) ); + SSL_DEBUG_RET( 2, "ssl->f_recv", ret ); + + if( ret < 0 ) + return( ret ); + + ssl->in_left += ret; + } + + SSL_DEBUG_MSG( 2, ( "<= fetch input" ) ); + + return( 0 ); +} + +/* + * Flush any data not yet written + */ +int ssl_flush_output( ssl_context *ssl ) +{ + int ret; + unsigned char *buf; + + SSL_DEBUG_MSG( 2, ( "=> flush output" ) ); + + while( ssl->out_left > 0 ) + { + SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d", + 5 + ssl->out_msglen, ssl->out_left ) ); + + buf = ssl->out_hdr + 5 + ssl->out_msglen - ssl->out_left; + ret = ssl->f_send( ssl->p_send, buf, ssl->out_left ); + SSL_DEBUG_RET( 2, "ssl->f_send", ret ); + + if( ret <= 0 ) + return( ret ); + + ssl->out_left -= ret; + } + + SSL_DEBUG_MSG( 2, ( "<= flush output" ) ); + + return( 0 ); +} + +/* + * Record layer functions + */ +int ssl_write_record( ssl_context *ssl ) +{ + int ret, len = ssl->out_msglen; + + SSL_DEBUG_MSG( 2, ( "=> write record" ) ); + + ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype; + ssl->out_hdr[1] = (unsigned char) ssl->major_ver; + ssl->out_hdr[2] = (unsigned char) ssl->minor_ver; + ssl->out_hdr[3] = (unsigned char)( len >> 8 ); + ssl->out_hdr[4] = (unsigned char)( len ); + + if( ssl->out_msgtype == SSL_MSG_HANDSHAKE ) + { + ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 ); + ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 ); + ssl->out_msg[3] = (unsigned char)( ( len - 4 ) ); + + md5_update( &ssl->fin_md5 , ssl->out_msg, len ); + sha1_update( &ssl->fin_sha1, ssl->out_msg, len ); + } + + if( ssl->do_crypt != 0 ) + { + if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret ); + return( ret ); + } + + len = ssl->out_msglen; + ssl->out_hdr[3] = (unsigned char)( len >> 8 ); + ssl->out_hdr[4] = (unsigned char)( len ); + } + + ssl->out_left = 5 + ssl->out_msglen; + + SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, " + "version = [%d:%d], msglen = %d", + ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2], + ( ssl->out_hdr[3] << 8 ) | ssl->out_hdr[4] ) ); + + SSL_DEBUG_BUF( 4, "output record sent to network", + ssl->out_hdr, 5 + ssl->out_msglen ); + + if( ( ret = ssl_flush_output( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_flush_output", ret ); + return( ret ); + } + + SSL_DEBUG_MSG( 2, ( "<= write record" ) ); + + return( 0 ); +} + +int ssl_read_record( ssl_context *ssl ) +{ + int ret; + + SSL_DEBUG_MSG( 2, ( "=> read record" ) ); + + if( ssl->in_hslen != 0 && + ssl->in_hslen < ssl->in_msglen ) + { + /* + * Get next Handshake message in the current record + */ + ssl->in_msglen -= ssl->in_hslen; + + memcpy( ssl->in_msg, ssl->in_msg + ssl->in_hslen, + ssl->in_msglen ); + + ssl->in_hslen = 4; + ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3]; + + SSL_DEBUG_MSG( 3, ( "handshake message: msglen =" + " %d, type = %d, hslen = %d", + ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); + + if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 ) + { + SSL_DEBUG_MSG( 1, ( "bad handshake length" ) ); + return( XYSSL_ERR_SSL_INVALID_RECORD ); + } + + if( ssl->in_msglen < ssl->in_hslen ) + { + SSL_DEBUG_MSG( 1, ( "bad handshake length" ) ); + return( XYSSL_ERR_SSL_INVALID_RECORD ); + } + + md5_update( &ssl->fin_md5 , ssl->in_msg, ssl->in_hslen ); + sha1_update( &ssl->fin_sha1, ssl->in_msg, ssl->in_hslen ); + + return( 0 ); + } + + ssl->in_hslen = 0; + + /* + * Read the record header and validate it + */ + if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_fetch_input", ret ); + return( ret ); + } + + ssl->in_msgtype = ssl->in_hdr[0]; + ssl->in_msglen = ( ssl->in_hdr[3] << 8 ) | ssl->in_hdr[4]; + + SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, " + "version = [%d:%d], msglen = %d", + ssl->in_hdr[0], ssl->in_hdr[1], ssl->in_hdr[2], + ( ssl->in_hdr[3] << 8 ) | ssl->in_hdr[4] ) ); + + if( ssl->in_hdr[1] != ssl->major_ver ) + { + SSL_DEBUG_MSG( 1, ( "major version mismatch" ) ); + return( XYSSL_ERR_SSL_INVALID_RECORD ); + } + + if( ssl->in_hdr[2] != SSL_MINOR_VERSION_0 && + ssl->in_hdr[2] != SSL_MINOR_VERSION_1 ) + { + SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) ); + return( XYSSL_ERR_SSL_INVALID_RECORD ); + } + + /* + * Make sure the message length is acceptable + */ + if( ssl->do_crypt == 0 ) + { + if( ssl->in_msglen < 1 || + ssl->in_msglen > SSL_MAX_CONTENT_LEN ) + { + SSL_DEBUG_MSG( 1, ( "bad message length" ) ); + return( XYSSL_ERR_SSL_INVALID_RECORD ); + } + } + else + { + if( ssl->in_msglen < ssl->minlen ) + { + SSL_DEBUG_MSG( 1, ( "bad message length" ) ); + return( XYSSL_ERR_SSL_INVALID_RECORD ); + } + + if( ssl->minor_ver == SSL_MINOR_VERSION_0 && + ssl->in_msglen > ssl->minlen + SSL_MAX_CONTENT_LEN ) + { + SSL_DEBUG_MSG( 1, ( "bad message length" ) ); + return( XYSSL_ERR_SSL_INVALID_RECORD ); + } + + /* + * TLS encrypted messages can have up to 256 bytes of padding + */ + if( ssl->minor_ver == SSL_MINOR_VERSION_1 && + ssl->in_msglen > ssl->minlen + SSL_MAX_CONTENT_LEN + 256 ) + { + SSL_DEBUG_MSG( 1, ( "bad message length" ) ); + return( XYSSL_ERR_SSL_INVALID_RECORD ); + } + } + + /* + * Read and optionally decrypt the message contents + */ + if( ( ret = ssl_fetch_input( ssl, 5 + ssl->in_msglen ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_fetch_input", ret ); + return( ret ); + } + + SSL_DEBUG_BUF( 4, "input record from network", + ssl->in_hdr, 5 + ssl->in_msglen ); + + if( ssl->do_crypt != 0 ) + { + if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret ); + return( ret ); + } + + SSL_DEBUG_BUF( 4, "input payload after decrypt", + ssl->in_msg, ssl->in_msglen ); + + if( ssl->in_msglen > SSL_MAX_CONTENT_LEN ) + { + SSL_DEBUG_MSG( 1, ( "bad message length" ) ); + return( XYSSL_ERR_SSL_INVALID_RECORD ); + } + } + + if( ssl->in_msgtype == SSL_MSG_HANDSHAKE ) + { + ssl->in_hslen = 4; + ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3]; + + SSL_DEBUG_MSG( 3, ( "handshake message: msglen =" + " %d, type = %d, hslen = %d", + ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); + + /* + * Additional checks to validate the handshake header + */ + if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 ) + { + SSL_DEBUG_MSG( 1, ( "bad handshake length" ) ); + return( XYSSL_ERR_SSL_INVALID_RECORD ); + } + + if( ssl->in_msglen < ssl->in_hslen ) + { + SSL_DEBUG_MSG( 1, ( "bad handshake length" ) ); + return( XYSSL_ERR_SSL_INVALID_RECORD ); + } + + md5_update( &ssl->fin_md5 , ssl->in_msg, ssl->in_hslen ); + sha1_update( &ssl->fin_sha1, ssl->in_msg, ssl->in_hslen ); + } + + if( ssl->in_msgtype == SSL_MSG_ALERT ) + { + SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]", + ssl->in_msg[0], ssl->in_msg[1] ) ); + + /* + * Ignore non-fatal alerts, except close_notify + */ + if( ssl->in_msg[0] == SSL_ALERT_FATAL ) + { + SSL_DEBUG_MSG( 1, ( "is a fatal alert message" ) ); + return( XYSSL_ERR_SSL_FATAL_ALERT_MESSAGE | ssl->in_msg[1] ); + } + + if( ssl->in_msg[0] == SSL_ALERT_WARNING && + ssl->in_msg[1] == SSL_ALERT_CLOSE_NOTIFY ) + { + SSL_DEBUG_MSG( 2, ( "is a close notify message" ) ); + return( XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY ); + } + } + + ssl->in_left = 0; + + SSL_DEBUG_MSG( 2, ( "<= read record" ) ); + + return( 0 ); +} + +/* + * Handshake functions + */ +int ssl_write_certificate( ssl_context *ssl ) +{ + int ret, i, n; + x509_cert *crt; + + SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); + + if( ssl->endpoint == SSL_IS_CLIENT ) + { + if( ssl->client_auth == 0 ) + { + SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); + ssl->state++; + return( 0 ); + } + + /* + * If using SSLv3 and got no cert, send an Alert message + * (otherwise an empty Certificate message will be sent). + */ + if( ssl->own_cert == NULL && + ssl->minor_ver == SSL_MINOR_VERSION_0 ) + { + ssl->out_msglen = 2; + ssl->out_msgtype = SSL_MSG_ALERT; + ssl->out_msg[0] = SSL_ALERT_WARNING; + ssl->out_msg[1] = SSL_ALERT_NO_CERTIFICATE; + + SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) ); + goto write_msg; + } + } + else /* SSL_IS_SERVER */ + { + if( ssl->own_cert == NULL ) + { + SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) ); + return( XYSSL_ERR_SSL_CERTIFICATE_REQUIRED ); + } + } + + SSL_DEBUG_CRT( 3, "own certificate", ssl->own_cert ); + + /* + * 0 . 0 handshake type + * 1 . 3 handshake length + * 4 . 6 length of all certs + * 7 . 9 length of cert. 1 + * 10 . n-1 peer certificate + * n . n+2 length of cert. 2 + * n+3 . ... upper level cert, etc. + */ + i = 7; + crt = ssl->own_cert; + + while( crt != NULL && crt->next != NULL ) + { + n = crt->raw.len; + if( i + 3 + n > SSL_MAX_CONTENT_LEN ) + { + SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d", + i + 3 + n, SSL_MAX_CONTENT_LEN ) ); + return( XYSSL_ERR_SSL_CERTIFICATE_TOO_LARGE ); + } + + ssl->out_msg[i ] = (unsigned char)( n >> 16 ); + ssl->out_msg[i + 1] = (unsigned char)( n >> 8 ); + ssl->out_msg[i + 2] = (unsigned char)( n ); + + i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); + i += n; crt = crt->next; + } + + ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 ); + ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 ); + ssl->out_msg[6] = (unsigned char)( ( i - 7 ) ); + + ssl->out_msglen = i; + ssl->out_msgtype = SSL_MSG_HANDSHAKE; + ssl->out_msg[0] = SSL_HS_CERTIFICATE; + +write_msg: + + ssl->state++; + + if( ( ret = ssl_write_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_write_record", ret ); + return( ret ); + } + + SSL_DEBUG_MSG( 2, ( "<= write certificate" ) ); + + return( 0 ); +} + +int ssl_parse_certificate( ssl_context *ssl ) +{ + int ret, i, n; + + SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); + + if( ssl->endpoint == SSL_IS_SERVER && + ssl->authmode == SSL_VERIFY_NONE ) + { + SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); + ssl->state++; + return( 0 ); + } + + if( ( ret = ssl_read_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_read_record", ret ); + return( ret ); + } + + ssl->state++; + + /* + * Check if the client sent an empty certificate + */ + if( ssl->endpoint == SSL_IS_SERVER && + ssl->minor_ver == SSL_MINOR_VERSION_0 ) + { + if( ssl->in_msglen == 2 && + ssl->in_msgtype == SSL_MSG_ALERT && + ssl->in_msg[0] == SSL_ALERT_WARNING && + ssl->in_msg[1] == SSL_ALERT_NO_CERTIFICATE ) + { + SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) ); + + if( ssl->authmode == SSL_VERIFY_OPTIONAL ) + return( 0 ); + else + return( XYSSL_ERR_SSL_NO_CLIENT_CERTIFICATE ); + } + } + + if( ssl->endpoint == SSL_IS_SERVER && + ssl->minor_ver != SSL_MINOR_VERSION_0 ) + { + if( ssl->in_hslen == 7 && + ssl->in_msgtype == SSL_MSG_HANDSHAKE && + ssl->in_msg[0] == SSL_HS_CERTIFICATE && + memcmp( ssl->in_msg + 4, "\0\0\0", 3 ) == 0 ) + { + SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) ); + + if( ssl->authmode == SSL_VERIFY_REQUIRED ) + return( XYSSL_ERR_SSL_NO_CLIENT_CERTIFICATE ); + else + return( 0 ); + } + } + + if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) + { + SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); + return( XYSSL_ERR_SSL_UNEXPECTED_MESSAGE ); + } + + if( ssl->in_msg[0] != SSL_HS_CERTIFICATE || ssl->in_hslen < 10 ) + { + SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CERTIFICATE ); + } + + /* + * Same message structure as in ssl_write_certificate() + */ + n = ( ssl->in_msg[5] << 8 ) | ssl->in_msg[6]; + + if( ssl->in_msg[4] != 0 || ssl->in_hslen != 7 + n ) + { + SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CERTIFICATE ); + } + + if( ( ssl->peer_cert = (x509_cert *) malloc( + sizeof( x509_cert ) ) ) == NULL ) + { + SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", + sizeof( x509_cert ) ) ); + return( 1 ); + } + + memset( ssl->peer_cert, 0, sizeof( x509_cert ) ); + + i = 7; + + while( i < ssl->in_hslen ) + { + if( ssl->in_msg[i] != 0 ) + { + SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CERTIFICATE ); + } + + n = ( (unsigned int) ssl->in_msg[i + 1] << 8 ) + | (unsigned int) ssl->in_msg[i + 2]; + i += 3; + + if( n < 128 || i + n > ssl->in_hslen ) + { + SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CERTIFICATE ); + } + + ret = x509parse_crt( ssl->peer_cert, ssl->in_msg + i, n ); + if( ret != 0 ) + { + SSL_DEBUG_RET( 1, " x509parse_crt", ret ); + return( ret ); + } + + i += n; + } + + SSL_DEBUG_CRT( 3, "peer certificate", ssl->peer_cert ); + + if( ssl->authmode != SSL_VERIFY_NONE ) + { + if( ssl->ca_chain == NULL ) + { + SSL_DEBUG_MSG( 1, ( "got no CA chain" ) ); + return( XYSSL_ERR_SSL_CA_CHAIN_REQUIRED ); + } + + ret = x509parse_verify( ssl->peer_cert, ssl->ca_chain, + ssl->peer_cn, &ssl->verify_result ); + + if( ret != 0 ) + SSL_DEBUG_RET( 1, "x509_verify_cert", ret ); + + if( ssl->authmode != SSL_VERIFY_REQUIRED ) + ret = 0; + } + + SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); + + return( ret ); +} + +int ssl_write_change_cipher_spec( ssl_context *ssl ) +{ + int ret; + + SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) ); + + ssl->out_msgtype = SSL_MSG_CHANGE_CIPHER_SPEC; + ssl->out_msglen = 1; + ssl->out_msg[0] = 1; + + ssl->do_crypt = 0; + ssl->state++; + + if( ( ret = ssl_write_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_write_record", ret ); + return( ret ); + } + + SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) ); + + return( 0 ); +} + +int ssl_parse_change_cipher_spec( ssl_context *ssl ) +{ + int ret; + + SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) ); + + ssl->do_crypt = 0; + + if( ( ret = ssl_read_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_read_record", ret ); + return( ret ); + } + + if( ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC ) + { + SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) ); + return( XYSSL_ERR_SSL_UNEXPECTED_MESSAGE ); + } + + if( ssl->in_msglen != 1 || ssl->in_msg[0] != 1 ) + { + SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC ); + } + + ssl->state++; + + SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) ); + + return( 0 ); +} + +static void ssl_calc_finished( + ssl_context *ssl, unsigned char *buf, int from, + md5_context *md5, sha1_context *sha1 ) +{ + int len = 12; + char *sender; + unsigned char padbuf[48]; + unsigned char md5sum[16]; + unsigned char sha1sum[20]; + + SSL_DEBUG_MSG( 2, ( "=> calc finished" ) ); + + /* + * SSLv3: + * hash = + * MD5( master + pad2 + + * MD5( handshake + sender + master + pad1 ) ) + * + SHA1( master + pad2 + + * SHA1( handshake + sender + master + pad1 ) ) + * + * TLSv1: + * hash = PRF( master, finished_label, + * MD5( handshake ) + SHA1( handshake ) )[0..11] + */ + + SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *) + md5->state, sizeof( md5->state ) ); + + SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *) + sha1->state, sizeof( sha1->state ) ); + + if( ssl->minor_ver == SSL_MINOR_VERSION_0 ) + { + sender = ( from == SSL_IS_CLIENT ) ? (char *) "CLNT" + : (char *) "SRVR"; + + memset( padbuf, 0x36, 48 ); + + md5_update( md5, (unsigned char *) sender, 4 ); + md5_update( md5, ssl->session->master, 48 ); + md5_update( md5, padbuf, 48 ); + md5_finish( md5, md5sum ); + + sha1_update( sha1, (unsigned char *) sender, 4 ); + sha1_update( sha1, ssl->session->master, 48 ); + sha1_update( sha1, padbuf, 40 ); + sha1_finish( sha1, sha1sum ); + + memset( padbuf, 0x5C, 48 ); + + md5_starts( md5 ); + md5_update( md5, ssl->session->master, 48 ); + md5_update( md5, padbuf, 48 ); + md5_update( md5, md5sum, 16 ); + md5_finish( md5, buf ); + + sha1_starts( sha1 ); + sha1_update( sha1, ssl->session->master, 48 ); + sha1_update( sha1, padbuf , 40 ); + sha1_update( sha1, sha1sum, 20 ); + sha1_finish( sha1, buf + 16 ); + + len += 24; + } + else + { + sender = ( from == SSL_IS_CLIENT ) + ? (char *) "client finished" + : (char *) "server finished"; + + md5_finish( md5, padbuf ); + sha1_finish( sha1, padbuf + 16 ); + + tls1_prf( ssl->session->master, 48, sender, + padbuf, 36, buf, len ); + } + + SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); + + memset( md5, 0, sizeof( md5_context ) ); + memset( sha1, 0, sizeof( sha1_context ) ); + + memset( padbuf, 0, sizeof( padbuf ) ); + memset( md5sum, 0, sizeof( md5sum ) ); + memset( sha1sum, 0, sizeof( sha1sum ) ); + + SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); +} + +int ssl_write_finished( ssl_context *ssl ) +{ + int ret, hash_len; + md5_context md5; + sha1_context sha1; + + SSL_DEBUG_MSG( 2, ( "=> write finished" ) ); + + memcpy( &md5 , &ssl->fin_md5 , sizeof( md5_context ) ); + memcpy( &sha1, &ssl->fin_sha1, sizeof( sha1_context ) ); + + ssl_calc_finished( ssl, ssl->out_msg + 4, + ssl->endpoint, &md5, &sha1 ); + + hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_0 ) ? 36 : 12; + + ssl->out_msglen = 4 + hash_len; + ssl->out_msgtype = SSL_MSG_HANDSHAKE; + ssl->out_msg[0] = SSL_HS_FINISHED; + + /* + * In case of session resuming, invert the client and server + * ChangeCipherSpec messages order. + */ + if( ssl->resume != 0 ) + { + if( ssl->endpoint == SSL_IS_CLIENT ) + ssl->state = SSL_HANDSHAKE_OVER; + else + ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC; + } + else + ssl->state++; + + ssl->do_crypt = 1; + + if( ( ret = ssl_write_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_write_record", ret ); + return( ret ); + } + + SSL_DEBUG_MSG( 2, ( "<= write finished" ) ); + + return( 0 ); +} + +int ssl_parse_finished( ssl_context *ssl ) +{ + int ret, hash_len; + md5_context md5; + sha1_context sha1; + unsigned char buf[36]; + + SSL_DEBUG_MSG( 2, ( "=> parse finished" ) ); + + memcpy( &md5 , &ssl->fin_md5 , sizeof( md5_context ) ); + memcpy( &sha1, &ssl->fin_sha1, sizeof( sha1_context ) ); + + ssl->do_crypt = 1; + + if( ( ret = ssl_read_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_read_record", ret ); + return( ret ); + } + + if( ssl->in_msgtype != SSL_MSG_HANDSHAKE ) + { + SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); + return( XYSSL_ERR_SSL_UNEXPECTED_MESSAGE ); + } + + hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_0 ) ? 36 : 12; + + if( ssl->in_msg[0] != SSL_HS_FINISHED || + ssl->in_hslen != 4 + hash_len ) + { + SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_FINISHED ); + } + + ssl_calc_finished( ssl, buf, ssl->endpoint ^ 1, &md5, &sha1 ); + + if( memcmp( ssl->in_msg + 4, buf, hash_len ) != 0 ) + { + SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); + return( XYSSL_ERR_SSL_BAD_HS_FINISHED ); + } + + if( ssl->resume != 0 ) + { + if( ssl->endpoint == SSL_IS_CLIENT ) + ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC; + + if( ssl->endpoint == SSL_IS_SERVER ) + ssl->state = SSL_HANDSHAKE_OVER; + } + else + ssl->state++; + + SSL_DEBUG_MSG( 2, ( "<= parse finished" ) ); + + return( 0 ); +} + +/* + * Initialize an SSL context + */ +int ssl_init( ssl_context *ssl ) +{ + int len = SSL_BUFFER_LEN; + + memset( ssl, 0, sizeof( ssl_context ) ); + + ssl->in_ctr = (unsigned char *) malloc( len ); + ssl->in_hdr = ssl->in_ctr + 8; + ssl->in_msg = ssl->in_ctr + 13; + + if( ssl->in_ctr == NULL ) + { + SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) ); + return( 1 ); + } + + ssl->out_ctr = (unsigned char *) malloc( len ); + ssl->out_hdr = ssl->out_ctr + 8; + ssl->out_msg = ssl->out_ctr + 13; + + if( ssl->out_ctr == NULL ) + { + SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) ); + free( ssl-> in_ctr ); + return( 1 ); + } + + memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN ); + memset( ssl->out_ctr, 0, SSL_BUFFER_LEN ); + + ssl->hostname = NULL; + ssl->hostname_len = 0; + + md5_starts( &ssl->fin_md5 ); + sha1_starts( &ssl->fin_sha1 ); + + return( 0 ); +} + +/* + * SSL set accessors + */ +void ssl_set_endpoint( ssl_context *ssl, int endpoint ) +{ + ssl->endpoint = endpoint; +} + +void ssl_set_authmode( ssl_context *ssl, int authmode ) +{ + ssl->authmode = authmode; +} + +void ssl_set_rng( ssl_context *ssl, + int (*f_rng)(void *), + void *p_rng ) +{ + ssl->f_rng = f_rng; + ssl->p_rng = p_rng; +} + +void ssl_set_dbg( ssl_context *ssl, + void (*f_dbg)(void *, int, char *), + void *p_dbg ) +{ + ssl->f_dbg = f_dbg; + ssl->p_dbg = p_dbg; +} + +void ssl_set_bio( ssl_context *ssl, + int (*f_recv)(void *, unsigned char *, int), void *p_recv, + int (*f_send)(void *, unsigned char *, int), void *p_send ) +{ + ssl->f_recv = f_recv; + ssl->f_send = f_send; + ssl->p_recv = p_recv; + ssl->p_send = p_send; +} + +void ssl_set_scb( ssl_context *ssl, + int (*s_get)(ssl_context *), + int (*s_set)(ssl_context *) ) +{ + ssl->s_get = s_get; + ssl->s_set = s_set; +} + +void ssl_set_session( ssl_context *ssl, int resume, int timeout, + ssl_session *session ) +{ + ssl->resume = resume; + ssl->timeout = timeout; + ssl->session = session; +} + +void ssl_set_ciphers( ssl_context *ssl, int *ciphers ) +{ + ssl->ciphers = ciphers; +} + +void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain, + char *peer_cn ) +{ + ssl->ca_chain = ca_chain; + ssl->peer_cn = peer_cn; +} + +void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert, + rsa_context *rsa_key ) +{ + ssl->own_cert = own_cert; + ssl->rsa_key = rsa_key; +} + +int ssl_set_dh_param( ssl_context *ssl, char *dhm_P, char *dhm_G ) +{ + int ret; + + if( ( ret = mpi_read_string( &ssl->dhm_ctx.P, 16, dhm_P ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "mpi_read_string", ret ); + return( ret ); + } + + if( ( ret = mpi_read_string( &ssl->dhm_ctx.G, 16, dhm_G ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "mpi_read_string", ret ); + return( ret ); + } + + return( 0 ); +} + +int ssl_set_hostname( ssl_context *ssl, char *hostname ) +{ + if( hostname == NULL ) + return( XYSSL_ERR_SSL_BAD_INPUT_DATA ); + + ssl->hostname_len = strlen( hostname ); + ssl->hostname = (unsigned char *) malloc( ssl->hostname_len ); + + memcpy( ssl->hostname, (unsigned char *) hostname, + ssl->hostname_len ); + + return( 0 ); +} + +/* + * SSL get accessors + */ +int ssl_get_bytes_avail( ssl_context *ssl ) +{ + return( ssl->in_offt == NULL ? 0 : ssl->in_msglen ); +} + +int ssl_get_verify_result( ssl_context *ssl ) +{ + return( ssl->verify_result ); +} + +char *ssl_get_cipher( ssl_context *ssl ) +{ + switch( ssl->session->cipher ) + { +#if defined(XYSSL_ARC4_C) + case SSL_RSA_RC4_128_MD5: + return( "SSL_RSA_RC4_128_MD5" ); + + case SSL_RSA_RC4_128_SHA: + return( "SSL_RSA_RC4_128_SHA" ); +#endif + +#if defined(XYSSL_DES_C) + case SSL_RSA_DES_168_SHA: + return( "SSL_RSA_DES_168_SHA" ); + + case SSL_EDH_RSA_DES_168_SHA: + return( "SSL_EDH_RSA_DES_168_SHA" ); +#endif + +#if defined(XYSSL_AES_C) + case SSL_RSA_AES_128_SHA: + return( "SSL_RSA_AES_128_SHA" ); + + case SSL_RSA_AES_256_SHA: + return( "SSL_RSA_AES_256_SHA" ); + + case SSL_EDH_RSA_AES_256_SHA: + return( "SSL_EDH_RSA_AES_256_SHA" ); +#endif + + default: + break; + } + + return( "unknown" ); +} + +int ssl_default_ciphers[] = +{ +#if defined(XYSSL_DHM_C) +#if defined(XYSSL_AES_C) + SSL_EDH_RSA_AES_256_SHA, +#endif +#if defined(XYSSL_DES_C) + SSL_EDH_RSA_DES_168_SHA, +#endif +#endif + +#if defined(XYSSL_AES_C) + SSL_RSA_AES_128_SHA, + SSL_RSA_AES_256_SHA, +#endif +#if defined(XYSSL_DES_C) + SSL_RSA_DES_168_SHA, +#endif +#if defined(XYSSL_ARC4_C) + SSL_RSA_RC4_128_SHA, + SSL_RSA_RC4_128_MD5, +#endif + 0 +}; + +/* + * Perform the SSL handshake + */ +int ssl_handshake( ssl_context *ssl ) +{ + int ret = XYSSL_ERR_SSL_FEATURE_UNAVAILABLE; + + SSL_DEBUG_MSG( 2, ( "=> handshake" ) ); + +#if defined(XYSSL_SSL_CLI_C) + if( ssl->endpoint == SSL_IS_CLIENT ) + ret = ssl_handshake_client( ssl ); +#endif + +#if defined(XYSSL_SSL_SRV_C) + if( ssl->endpoint == SSL_IS_SERVER ) + ret = ssl_handshake_server( ssl ); +#endif + + SSL_DEBUG_MSG( 2, ( "<= handshake" ) ); + + return( ret ); +} + +/* + * Receive application data decrypted from the SSL layer + */ +int ssl_read( ssl_context *ssl, unsigned char *buf, int len ) +{ + int ret, n; + + SSL_DEBUG_MSG( 2, ( "=> read" ) ); + + if( ssl->state != SSL_HANDSHAKE_OVER ) + { + if( ( ret = ssl_handshake( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_handshake", ret ); + return( ret ); + } + } + + if( ssl->in_offt == NULL ) + { + if( ( ret = ssl_read_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_read_record", ret ); + return( ret ); + } + + if( ssl->in_msglen == 0 && + ssl->in_msgtype == SSL_MSG_APPLICATION_DATA ) + { + /* + * OpenSSL sends empty messages to randomize the IV + */ + if( ( ret = ssl_read_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_read_record", ret ); + return( ret ); + } + } + + if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA ) + { + SSL_DEBUG_MSG( 1, ( "bad application data message" ) ); + return( XYSSL_ERR_SSL_UNEXPECTED_MESSAGE ); + } + + ssl->in_offt = ssl->in_msg; + } + + n = ( len < ssl->in_msglen ) + ? len : ssl->in_msglen; + + memcpy( buf, ssl->in_offt, n ); + ssl->in_msglen -= n; + + if( ssl->in_msglen == 0 ) + /* all bytes consumed */ + ssl->in_offt = NULL; + else + /* more data available */ + ssl->in_offt += n; + + SSL_DEBUG_MSG( 2, ( "<= read" ) ); + + return( n ); +} + +/* + * Send application data to be encrypted by the SSL layer + */ +int ssl_write( ssl_context *ssl, unsigned char *buf, int len ) +{ + int ret, n; + + SSL_DEBUG_MSG( 2, ( "=> write" ) ); + + if( ssl->state != SSL_HANDSHAKE_OVER ) + { + if( ( ret = ssl_handshake( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_handshake", ret ); + return( ret ); + } + } + + n = ( len < SSL_MAX_CONTENT_LEN ) + ? len : SSL_MAX_CONTENT_LEN; + + if( ssl->out_left != 0 ) + { + if( ( ret = ssl_flush_output( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_flush_output", ret ); + return( ret ); + } + } + else + { + ssl->out_msglen = n; + ssl->out_msgtype = SSL_MSG_APPLICATION_DATA; + memcpy( ssl->out_msg, buf, n ); + + if( ( ret = ssl_write_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_write_record", ret ); + return( ret ); + } + } + + SSL_DEBUG_MSG( 2, ( "<= write" ) ); + + return( n ); +} + +/* + * Notify the peer that the connection is being closed + */ +int ssl_close_notify( ssl_context *ssl ) +{ + int ret; + + SSL_DEBUG_MSG( 2, ( "=> write close notify" ) ); + + if( ( ret = ssl_flush_output( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_flush_output", ret ); + return( ret ); + } + + if( ssl->state == SSL_HANDSHAKE_OVER ) + { + ssl->out_msgtype = SSL_MSG_ALERT; + ssl->out_msglen = 2; + ssl->out_msg[0] = SSL_ALERT_WARNING; + ssl->out_msg[1] = SSL_ALERT_CLOSE_NOTIFY; + + if( ( ret = ssl_write_record( ssl ) ) != 0 ) + { + SSL_DEBUG_RET( 1, "ssl_write_record", ret ); + return( ret ); + } + } + + SSL_DEBUG_MSG( 2, ( "<= write close notify" ) ); + + return( ret ); +} + +/* + * Free an SSL context + */ +void ssl_free( ssl_context *ssl ) +{ + SSL_DEBUG_MSG( 2, ( "=> free" ) ); + + if( ssl->peer_cert != NULL ) + { + x509_free( ssl->peer_cert ); + memset( ssl->peer_cert, 0, sizeof( x509_cert ) ); + free( ssl->peer_cert ); + } + + if( ssl->out_ctr != NULL ) + { + memset( ssl->out_ctr, 0, SSL_BUFFER_LEN ); + free( ssl->out_ctr ); + } + + if( ssl->in_ctr != NULL ) + { + memset( ssl->in_ctr, 0, SSL_BUFFER_LEN ); + free( ssl->in_ctr ); + } + +#if defined(XYSSL_DHM_C) + dhm_free( &ssl->dhm_ctx ); +#endif + + if ( ssl->hostname != NULL) + { + memset( ssl->hostname, 0, ssl->hostname_len ); + free( ssl->hostname ); + ssl->hostname_len = 0; + } + + memset( ssl, 0, sizeof( ssl_context ) ); + + SSL_DEBUG_MSG( 2, ( "<= free" ) ); +} + +#endif diff --git a/library/timing.c b/library/timing.c new file mode 100644 index 000000000..49fe7f3c3 --- /dev/null +++ b/library/timing.c @@ -0,0 +1,250 @@ +/* + * Portable interface to the CPU cycle counter + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_TIMING_C) + +#include "xyssl/timing.h" + +#if defined(WIN32) + +#include +#include + +struct _hr_time +{ + LARGE_INTEGER start; +}; + +#else + +#include +#include +#include +#include +#include + +struct _hr_time +{ + struct timeval start; +}; + +#endif + +#if (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__) + +unsigned long hardclock( void ) +{ + unsigned long tsc; + __asm rdtsc + __asm mov [tsc], eax + return( tsc ); +} + +#else +#if defined(__GNUC__) && defined(__i386__) + +unsigned long hardclock( void ) +{ + unsigned long tsc; + asm( "rdtsc" : "=a" (tsc) ); + return( tsc ); +} + +#else +#if defined(__GNUC__) && (defined(__amd64__) || defined(__x86_64__)) + +unsigned long hardclock( void ) +{ + unsigned long lo, hi; + asm( "rdtsc" : "=a" (lo), "=d" (hi) ); + return( lo | (hi << 32) ); +} + +#else +#if defined(__GNUC__) && (defined(__powerpc__) || defined(__ppc__)) + +unsigned long hardclock( void ) +{ + unsigned long tbl, tbu0, tbu1; + + do + { + asm( "mftbu %0" : "=r" (tbu0) ); + asm( "mftb %0" : "=r" (tbl ) ); + asm( "mftbu %0" : "=r" (tbu1) ); + } + while( tbu0 != tbu1 ); + + return( tbl ); +} + +#else +#if defined(__GNUC__) && defined(__sparc__) + +unsigned long hardclock( void ) +{ + unsigned long tick; + asm( ".byte 0x83, 0x41, 0x00, 0x00" ); + asm( "mov %%g1, %0" : "=r" (tick) ); + return( tick ); +} + +#else +#if defined(__GNUC__) && defined(__alpha__) + +unsigned long hardclock( void ) +{ + unsigned long cc; + asm( "rpcc %0" : "=r" (cc) ); + return( cc & 0xFFFFFFFF ); +} + +#else +#if defined(__GNUC__) && defined(__ia64__) + +unsigned long hardclock( void ) +{ + unsigned long itc; + asm( "mov %0 = ar.itc" : "=r" (itc) ); + return( itc ); +} + +#else + +static int hardclock_init = 0; +static struct timeval tv_init; + +unsigned long hardclock( void ) +{ + struct timeval tv_cur; + + if( hardclock_init == 0 ) + { + gettimeofday( &tv_init, NULL ); + hardclock_init = 1; + } + + gettimeofday( &tv_cur, NULL ); + return( ( tv_cur.tv_sec - tv_init.tv_sec ) * 1000000 + + ( tv_cur.tv_usec - tv_init.tv_usec ) ); +} + +#endif /* generic */ +#endif /* IA-64 */ +#endif /* Alpha */ +#endif /* SPARC8 */ +#endif /* PowerPC */ +#endif /* AMD64 */ +#endif /* i586+ */ + +int alarmed = 0; + +#if defined(WIN32) + +unsigned long get_timer( struct hr_time *val, int reset ) +{ + unsigned long delta; + LARGE_INTEGER offset, hfreq; + struct _hr_time *t = (struct _hr_time *) val; + + QueryPerformanceCounter( &offset ); + QueryPerformanceFrequency( &hfreq ); + + delta = (unsigned long)( ( 1000 * + ( offset.QuadPart - t->start.QuadPart ) ) / + hfreq.QuadPart ); + + if( reset ) + QueryPerformanceCounter( &t->start ); + + return( delta ); +} + +DWORD WINAPI TimerProc( LPVOID uElapse ) +{ + Sleep( (DWORD) uElapse ); + alarmed = 1; + return( TRUE ); +} + +void set_alarm( int seconds ) +{ + DWORD ThreadId; + + alarmed = 0; + CloseHandle( CreateThread( NULL, 0, TimerProc, + (LPVOID) ( seconds * 1000 ), 0, &ThreadId ) ); +} + +void m_sleep( int milliseconds ) +{ + Sleep( milliseconds ); +} + +#else + +unsigned long get_timer( struct hr_time *val, int reset ) +{ + unsigned long delta; + struct timeval offset; + struct _hr_time *t = (struct _hr_time *) val; + + gettimeofday( &offset, NULL ); + + delta = ( offset.tv_sec - t->start.tv_sec ) * 1000 + + ( offset.tv_usec - t->start.tv_usec ) / 1000; + + if( reset ) + { + t->start.tv_sec = offset.tv_sec; + t->start.tv_usec = offset.tv_usec; + } + + return( delta ); +} + +static void sighandler( int signum ) +{ + alarmed = 1; + signal( signum, sighandler ); +} + +void set_alarm( int seconds ) +{ + alarmed = 0; + signal( SIGALRM, sighandler ); + alarm( seconds ); +} + +void m_sleep( int milliseconds ) +{ + struct timeval tv; + + tv.tv_sec = milliseconds / 1000; + tv.tv_usec = milliseconds * 1000; + + select( 0, NULL, NULL, NULL, &tv ); +} + +#endif + +#endif diff --git a/library/x509parse.c b/library/x509parse.c new file mode 100644 index 000000000..5bac80fc6 --- /dev/null +++ b/library/x509parse.c @@ -0,0 +1,1749 @@ +/* + * X.509 certificate and private key decoding + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +/* + * The ITU-T X.509 standard defines a certificat format for PKI. + * + * http://www.ietf.org/rfc/rfc2459.txt + * http://www.ietf.org/rfc/rfc3279.txt + * + * ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc + * + * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf + * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf + */ + +#include "xyssl/config.h" + +#if defined(XYSSL_X509_PARSE_C) + +#include "xyssl/x509.h" +#include "xyssl/base64.h" +#include "xyssl/des.h" +#include "xyssl/md2.h" +#include "xyssl/md4.h" +#include "xyssl/md5.h" +#include "xyssl/sha1.h" + +#include +#include +#include +#include + +/* + * ASN.1 DER decoding routines + */ +static int asn1_get_len( unsigned char **p, + unsigned char *end, + int *len ) +{ + if( ( end - *p ) < 1 ) + return( XYSSL_ERR_ASN1_OUT_OF_DATA ); + + if( ( **p & 0x80 ) == 0 ) + *len = *(*p)++; + else + { + switch( **p & 0x7F ) + { + case 1: + if( ( end - *p ) < 2 ) + return( XYSSL_ERR_ASN1_OUT_OF_DATA ); + + *len = (*p)[1]; + (*p) += 2; + break; + + case 2: + if( ( end - *p ) < 3 ) + return( XYSSL_ERR_ASN1_OUT_OF_DATA ); + + *len = ( (*p)[1] << 8 ) | (*p)[2]; + (*p) += 3; + break; + + default: + return( XYSSL_ERR_ASN1_INVALID_LENGTH ); + break; + } + } + + if( *len > (int) ( end - *p ) ) + return( XYSSL_ERR_ASN1_OUT_OF_DATA ); + + return( 0 ); +} + +static int asn1_get_tag( unsigned char **p, + unsigned char *end, + int *len, int tag ) +{ + if( ( end - *p ) < 1 ) + return( XYSSL_ERR_ASN1_OUT_OF_DATA ); + + if( **p != tag ) + return( XYSSL_ERR_ASN1_UNEXPECTED_TAG ); + + (*p)++; + + return( asn1_get_len( p, end, len ) ); +} + +static int asn1_get_bool( unsigned char **p, + unsigned char *end, + int *val ) +{ + int ret, len; + + if( ( ret = asn1_get_tag( p, end, &len, ASN1_BOOLEAN ) ) != 0 ) + return( ret ); + + if( len != 1 ) + return( XYSSL_ERR_ASN1_INVALID_LENGTH ); + + *val = ( **p != 0 ) ? 1 : 0; + (*p)++; + + return( 0 ); +} + +static int asn1_get_int( unsigned char **p, + unsigned char *end, + int *val ) +{ + int ret, len; + + if( ( ret = asn1_get_tag( p, end, &len, ASN1_INTEGER ) ) != 0 ) + return( ret ); + + if( len > (int) sizeof( int ) || ( **p & 0x80 ) != 0 ) + return( XYSSL_ERR_ASN1_INVALID_LENGTH ); + + *val = 0; + + while( len-- > 0 ) + { + *val = ( *val << 8 ) | **p; + (*p)++; + } + + return( 0 ); +} + +static int asn1_get_mpi( unsigned char **p, + unsigned char *end, + mpi *X ) +{ + int ret, len; + + if( ( ret = asn1_get_tag( p, end, &len, ASN1_INTEGER ) ) != 0 ) + return( ret ); + + ret = mpi_read_binary( X, *p, len ); + + *p += len; + + return( ret ); +} + +/* + * Version ::= INTEGER { v1(0), v2(1), v3(2) } + */ +static int x509_get_version( unsigned char **p, + unsigned char *end, + int *ver ) +{ + int ret, len; + + if( ( ret = asn1_get_tag( p, end, &len, + ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) != 0 ) + { + if( ret == XYSSL_ERR_ASN1_UNEXPECTED_TAG ) + return( *ver = 0 ); + + return( ret ); + } + + end = *p + len; + + if( ( ret = asn1_get_int( p, end, ver ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_VERSION | ret ); + + if( *p != end ) + return( XYSSL_ERR_X509_CERT_INVALID_VERSION | + XYSSL_ERR_ASN1_LENGTH_MISMATCH ); + + return( 0 ); +} + +/* + * CertificateSerialNumber ::= INTEGER + */ +static int x509_get_serial( unsigned char **p, + unsigned char *end, + x509_buf *serial ) +{ + int ret; + + if( ( end - *p ) < 1 ) + return( XYSSL_ERR_X509_CERT_INVALID_SERIAL | + XYSSL_ERR_ASN1_OUT_OF_DATA ); + + if( **p != ( ASN1_CONTEXT_SPECIFIC | ASN1_PRIMITIVE | 2 ) && + **p != ASN1_INTEGER ) + return( XYSSL_ERR_X509_CERT_INVALID_SERIAL | + XYSSL_ERR_ASN1_UNEXPECTED_TAG ); + + serial->tag = *(*p)++; + + if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_SERIAL | ret ); + + serial->p = *p; + *p += serial->len; + + return( 0 ); +} + +/* + * AlgorithmIdentifier ::= SEQUENCE { + * algorithm OBJECT IDENTIFIER, + * parameters ANY DEFINED BY algorithm OPTIONAL } + */ +static int x509_get_alg( unsigned char **p, + unsigned char *end, + x509_buf *alg ) +{ + int ret, len; + + if( ( ret = asn1_get_tag( p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_ALG | ret ); + + end = *p + len; + alg->tag = **p; + + if( ( ret = asn1_get_tag( p, end, &alg->len, ASN1_OID ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_ALG | ret ); + + alg->p = *p; + *p += alg->len; + + if( *p == end ) + return( 0 ); + + /* + * assume the algorithm parameters must be NULL + */ + if( ( ret = asn1_get_tag( p, end, &len, ASN1_NULL ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_ALG | ret ); + + if( *p != end ) + return( XYSSL_ERR_X509_CERT_INVALID_ALG | + XYSSL_ERR_ASN1_LENGTH_MISMATCH ); + + return( 0 ); +} + +/* + * RelativeDistinguishedName ::= + * SET OF AttributeTypeAndValue + * + * AttributeTypeAndValue ::= SEQUENCE { + * type AttributeType, + * value AttributeValue } + * + * AttributeType ::= OBJECT IDENTIFIER + * + * AttributeValue ::= ANY DEFINED BY AttributeType + */ +static int x509_get_name( unsigned char **p, + unsigned char *end, + x509_name *cur ) +{ + int ret, len; + unsigned char *end2; + x509_buf *oid; + x509_buf *val; + + if( ( ret = asn1_get_tag( p, end, &len, + ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_NAME | ret ); + + end2 = end; + end = *p + len; + + if( ( ret = asn1_get_tag( p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_NAME | ret ); + + if( *p + len != end ) + return( XYSSL_ERR_X509_CERT_INVALID_NAME | + XYSSL_ERR_ASN1_LENGTH_MISMATCH ); + + oid = &cur->oid; + oid->tag = **p; + + if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_NAME | ret ); + + oid->p = *p; + *p += oid->len; + + if( ( end - *p ) < 1 ) + return( XYSSL_ERR_X509_CERT_INVALID_NAME | + XYSSL_ERR_ASN1_OUT_OF_DATA ); + + if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING && + **p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING && + **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING ) + return( XYSSL_ERR_X509_CERT_INVALID_NAME | + XYSSL_ERR_ASN1_UNEXPECTED_TAG ); + + val = &cur->val; + val->tag = *(*p)++; + + if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_NAME | ret ); + + val->p = *p; + *p += val->len; + + cur->next = NULL; + + if( *p != end ) + return( XYSSL_ERR_X509_CERT_INVALID_NAME | + XYSSL_ERR_ASN1_LENGTH_MISMATCH ); + + /* + * recurse until end of SEQUENCE is reached + */ + if( *p == end2 ) + return( 0 ); + + cur->next = (x509_name *) malloc( + sizeof( x509_name ) ); + + if( cur->next == NULL ) + return( 1 ); + + return( x509_get_name( p, end2, cur->next ) ); +} + +/* + * Validity ::= SEQUENCE { + * notBefore Time, + * notAfter Time } + * + * Time ::= CHOICE { + * utcTime UTCTime, + * generalTime GeneralizedTime } + */ +static int x509_get_dates( unsigned char **p, + unsigned char *end, + x509_time *from, + x509_time *to ) +{ + int ret, len; + char date[64]; + + if( ( ret = asn1_get_tag( p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_DATE | ret ); + + end = *p + len; + + /* + * TODO: also handle GeneralizedTime + */ + if( ( ret = asn1_get_tag( p, end, &len, ASN1_UTC_TIME ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_DATE | ret ); + + memset( date, 0, sizeof( date ) ); + memcpy( date, *p, ( len < (int) sizeof( date ) - 1 ) ? + len : (int) sizeof( date ) - 1 ); + + if( sscanf( date, "%2d%2d%2d%2d%2d%2d", + &from->year, &from->mon, &from->day, + &from->hour, &from->min, &from->sec ) < 5 ) + return( XYSSL_ERR_X509_CERT_INVALID_DATE ); + + from->year += 100 * ( from->year < 90 ); + from->year += 1900; + + *p += len; + + if( ( ret = asn1_get_tag( p, end, &len, ASN1_UTC_TIME ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_DATE | ret ); + + memset( date, 0, sizeof( date ) ); + memcpy( date, *p, ( len < (int) sizeof( date ) - 1 ) ? + len : (int) sizeof( date ) - 1 ); + + if( sscanf( date, "%2d%2d%2d%2d%2d%2d", + &to->year, &to->mon, &to->day, + &to->hour, &to->min, &to->sec ) < 5 ) + return( XYSSL_ERR_X509_CERT_INVALID_DATE ); + + to->year += 100 * ( to->year < 90 ); + to->year += 1900; + + *p += len; + + if( *p != end ) + return( XYSSL_ERR_X509_CERT_INVALID_DATE | + XYSSL_ERR_ASN1_LENGTH_MISMATCH ); + + return( 0 ); +} + +/* + * SubjectPublicKeyInfo ::= SEQUENCE { + * algorithm AlgorithmIdentifier, + * subjectPublicKey BIT STRING } + */ +static int x509_get_pubkey( unsigned char **p, + unsigned char *end, + x509_buf *pk_alg_oid, + mpi *N, mpi *E ) +{ + int ret, len; + unsigned char *end2; + + if( ( ret = x509_get_alg( p, end, pk_alg_oid ) ) != 0 ) + return( ret ); + + /* + * only RSA public keys handled at this time + */ + if( pk_alg_oid->len != 9 || + memcmp( pk_alg_oid->p, OID_PKCS1_RSA, 9 ) != 0 ) + return( XYSSL_ERR_X509_CERT_UNKNOWN_PK_ALG ); + + if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_PUBKEY | ret ); + + if( ( end - *p ) < 1 ) + return( XYSSL_ERR_X509_CERT_INVALID_PUBKEY | + XYSSL_ERR_ASN1_OUT_OF_DATA ); + + end2 = *p + len; + + if( *(*p)++ != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_PUBKEY ); + + /* + * RSAPublicKey ::= SEQUENCE { + * modulus INTEGER, -- n + * publicExponent INTEGER -- e + * } + */ + if( ( ret = asn1_get_tag( p, end2, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_PUBKEY | ret ); + + if( *p + len != end2 ) + return( XYSSL_ERR_X509_CERT_INVALID_PUBKEY | + XYSSL_ERR_ASN1_LENGTH_MISMATCH ); + + if( ( ret = asn1_get_mpi( p, end2, N ) ) != 0 || + ( ret = asn1_get_mpi( p, end2, E ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_PUBKEY | ret ); + + if( *p != end ) + return( XYSSL_ERR_X509_CERT_INVALID_PUBKEY | + XYSSL_ERR_ASN1_LENGTH_MISMATCH ); + + return( 0 ); +} + +static int x509_get_sig( unsigned char **p, + unsigned char *end, + x509_buf *sig ) +{ + int ret, len; + + sig->tag = **p; + + if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_SIGNATURE | ret ); + + if( --len < 1 || *(*p)++ != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_SIGNATURE ); + + sig->len = len; + sig->p = *p; + + *p += len; + + return( 0 ); +} + +/* + * X.509 v2/v3 unique identifier (not parsed) + */ +static int x509_get_uid( unsigned char **p, + unsigned char *end, + x509_buf *uid, int n ) +{ + int ret; + + if( *p == end ) + return( 0 ); + + uid->tag = **p; + + if( ( ret = asn1_get_tag( p, end, &uid->len, + ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | n ) ) != 0 ) + { + if( ret == XYSSL_ERR_ASN1_UNEXPECTED_TAG ) + return( 0 ); + + return( ret ); + } + + uid->p = *p; + *p += uid->len; + + return( 0 ); +} + +/* + * X.509 v3 extensions (only BasicConstraints are parsed) + */ +static int x509_get_ext( unsigned char **p, + unsigned char *end, + x509_buf *ext, + int *ca_istrue, + int *max_pathlen ) +{ + int ret, len; + int is_critical = 1; + int is_cacert = 0; + unsigned char *end2; + + if( *p == end ) + return( 0 ); + + ext->tag = **p; + + if( ( ret = asn1_get_tag( p, end, &ext->len, + ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3 ) ) != 0 ) + { + if( ret == XYSSL_ERR_ASN1_UNEXPECTED_TAG ) + return( 0 ); + + return( ret ); + } + + ext->p = *p; + end = *p + ext->len; + + /* + * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension + * + * Extension ::= SEQUENCE { + * extnID OBJECT IDENTIFIER, + * critical BOOLEAN DEFAULT FALSE, + * extnValue OCTET STRING } + */ + if( ( ret = asn1_get_tag( p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_EXTENSIONS | ret ); + + if( end != *p + len ) + return( XYSSL_ERR_X509_CERT_INVALID_EXTENSIONS | + XYSSL_ERR_ASN1_LENGTH_MISMATCH ); + + while( *p < end ) + { + if( ( ret = asn1_get_tag( p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_EXTENSIONS | ret ); + + if( memcmp( *p, "\x06\x03\x55\x1D\x13", 5 ) != 0 ) + { + *p += len; + continue; + } + + *p += 5; + + if( ( ret = asn1_get_bool( p, end, &is_critical ) ) != 0 && + ( ret != XYSSL_ERR_ASN1_UNEXPECTED_TAG ) ) + return( XYSSL_ERR_X509_CERT_INVALID_EXTENSIONS | ret ); + + if( ( ret = asn1_get_tag( p, end, &len, + ASN1_OCTET_STRING ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_EXTENSIONS | ret ); + + /* + * BasicConstraints ::= SEQUENCE { + * cA BOOLEAN DEFAULT FALSE, + * pathLenConstraint INTEGER (0..MAX) OPTIONAL } + */ + end2 = *p + len; + + if( ( ret = asn1_get_tag( p, end2, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_EXTENSIONS | ret ); + + if( *p == end2 ) + continue; + + if( ( ret = asn1_get_bool( p, end2, &is_cacert ) ) != 0 ) + { + if( ret == XYSSL_ERR_ASN1_UNEXPECTED_TAG ) + ret = asn1_get_int( p, end2, &is_cacert ); + + if( ret != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_EXTENSIONS | ret ); + + if( is_cacert != 0 ) + is_cacert = 1; + } + + if( *p == end2 ) + continue; + + if( ( ret = asn1_get_int( p, end2, max_pathlen ) ) != 0 ) + return( XYSSL_ERR_X509_CERT_INVALID_EXTENSIONS | ret ); + + if( *p != end2 ) + return( XYSSL_ERR_X509_CERT_INVALID_EXTENSIONS | + XYSSL_ERR_ASN1_LENGTH_MISMATCH ); + + max_pathlen++; + } + + if( *p != end ) + return( XYSSL_ERR_X509_CERT_INVALID_EXTENSIONS | + XYSSL_ERR_ASN1_LENGTH_MISMATCH ); + + *ca_istrue = is_critical & is_cacert; + + return( 0 ); +} + +/* + * Parse one or more certificates and add them to the chained list + */ +int x509parse_crt( x509_cert *chain, unsigned char *buf, int buflen ) +{ + int ret, len; + unsigned char *s1, *s2; + unsigned char *p, *end; + x509_cert *crt; + + crt = chain; + + while( crt->version != 0 ) + crt = crt->next; + + /* + * check if the certificate is encoded in base64 + */ + s1 = (unsigned char *) strstr( (char *) buf, + "-----BEGIN CERTIFICATE-----" ); + + if( s1 != NULL ) + { + s2 = (unsigned char *) strstr( (char *) buf, + "-----END CERTIFICATE-----" ); + + if( s2 == NULL || s2 <= s1 ) + return( XYSSL_ERR_X509_CERT_INVALID_PEM ); + + s1 += 27; + if( *s1 == '\r' ) s1++; + if( *s1 == '\n' ) s1++; + else return( XYSSL_ERR_X509_CERT_INVALID_PEM ); + + /* + * get the DER data length and decode the buffer + */ + len = 0; + ret = base64_decode( NULL, &len, s1, s2 - s1 ); + + if( ret == XYSSL_ERR_BASE64_INVALID_CHARACTER ) + return( XYSSL_ERR_X509_CERT_INVALID_PEM | ret ); + + if( ( p = (unsigned char *) malloc( len ) ) == NULL ) + return( 1 ); + + if( ( ret = base64_decode( p, &len, s1, s2 - s1 ) ) != 0 ) + { + free( p ); + return( XYSSL_ERR_X509_CERT_INVALID_PEM | ret ); + } + + /* + * update the buffer size and offset + */ + s2 += 25; + if( *s2 == '\r' ) s2++; + if( *s2 == '\n' ) s2++; + else + { + free( p ); + return( XYSSL_ERR_X509_CERT_INVALID_PEM ); + } + + buflen -= s2 - buf; + buf = s2; + } + else + { + /* + * nope, copy the raw DER data + */ + p = (unsigned char *) malloc( len = buflen ); + + if( p == NULL ) + return( 1 ); + + memcpy( p, buf, buflen ); + + buflen = 0; + } + + crt->raw.p = p; + crt->raw.len = len; + end = p + len; + + /* + * Certificate ::= SEQUENCE { + * tbsCertificate TBSCertificate, + * signatureAlgorithm AlgorithmIdentifier, + * signatureValue BIT STRING } + */ + if( ( ret = asn1_get_tag( &p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + { + x509_free( crt ); + return( XYSSL_ERR_X509_CERT_INVALID_FORMAT ); + } + + if( len != (int) ( end - p ) ) + { + x509_free( crt ); + return( XYSSL_ERR_X509_CERT_INVALID_FORMAT | + XYSSL_ERR_ASN1_LENGTH_MISMATCH ); + } + + /* + * TBSCertificate ::= SEQUENCE { + */ + crt->tbs.p = p; + + if( ( ret = asn1_get_tag( &p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + { + x509_free( crt ); + return( XYSSL_ERR_X509_CERT_INVALID_FORMAT | ret ); + } + + end = p + len; + crt->tbs.len = end - crt->tbs.p; + + /* + * Version ::= INTEGER { v1(0), v2(1), v3(2) } + * + * CertificateSerialNumber ::= INTEGER + * + * signature AlgorithmIdentifier + */ + if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 || + ( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 || + ( ret = x509_get_alg( &p, end, &crt->sig_oid1 ) ) != 0 ) + { + x509_free( crt ); + return( ret ); + } + + crt->version++; + + if( crt->version > 3 ) + { + x509_free( crt ); + return( XYSSL_ERR_X509_CERT_UNKNOWN_VERSION ); + } + + if( crt->sig_oid1.len != 9 || + memcmp( crt->sig_oid1.p, OID_PKCS1, 8 ) != 0 ) + { + x509_free( crt ); + return( XYSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG ); + } + + if( crt->sig_oid1.p[8] < 2 || + crt->sig_oid1.p[8] > 5 ) + { + x509_free( crt ); + return( XYSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG ); + } + + /* + * issuer Name + */ + crt->issuer_raw.p = p; + + if( ( ret = asn1_get_tag( &p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + { + x509_free( crt ); + return( XYSSL_ERR_X509_CERT_INVALID_FORMAT | ret ); + } + + if( ( ret = x509_get_name( &p, p + len, &crt->issuer ) ) != 0 ) + { + x509_free( crt ); + return( ret ); + } + + crt->issuer_raw.len = p - crt->issuer_raw.p; + + /* + * Validity ::= SEQUENCE { + * notBefore Time, + * notAfter Time } + * + */ + if( ( ret = x509_get_dates( &p, end, &crt->valid_from, + &crt->valid_to ) ) != 0 ) + { + x509_free( crt ); + return( ret ); + } + + /* + * subject Name + */ + crt->subject_raw.p = p; + + if( ( ret = asn1_get_tag( &p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + { + x509_free( crt ); + return( XYSSL_ERR_X509_CERT_INVALID_FORMAT | ret ); + } + + if( ( ret = x509_get_name( &p, p + len, &crt->subject ) ) != 0 ) + { + x509_free( crt ); + return( ret ); + } + + crt->subject_raw.len = p - crt->subject_raw.p; + + /* + * SubjectPublicKeyInfo ::= SEQUENCE + * algorithm AlgorithmIdentifier, + * subjectPublicKey BIT STRING } + */ + if( ( ret = asn1_get_tag( &p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + { + x509_free( crt ); + return( XYSSL_ERR_X509_CERT_INVALID_FORMAT | ret ); + } + + if( ( ret = x509_get_pubkey( &p, p + len, &crt->pk_oid, + &crt->rsa.N, &crt->rsa.E ) ) != 0 ) + { + x509_free( crt ); + return( ret ); + } + + if( ( ret = rsa_check_pubkey( &crt->rsa ) ) != 0 ) + { + x509_free( crt ); + return( ret ); + } + + crt->rsa.len = mpi_size( &crt->rsa.N ); + + /* + * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, + * -- If present, version shall be v2 or v3 + * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, + * -- If present, version shall be v2 or v3 + * extensions [3] EXPLICIT Extensions OPTIONAL + * -- If present, version shall be v3 + */ + if( crt->version == 2 || crt->version == 3 ) + { + ret = x509_get_uid( &p, end, &crt->issuer_id, 1 ); + if( ret != 0 ) + { + x509_free( crt ); + return( ret ); + } + } + + if( crt->version == 2 || crt->version == 3 ) + { + ret = x509_get_uid( &p, end, &crt->subject_id, 2 ); + if( ret != 0 ) + { + x509_free( crt ); + return( ret ); + } + } + + if( crt->version == 3 ) + { + ret = x509_get_ext( &p, end, &crt->v3_ext, + &crt->ca_istrue, &crt->max_pathlen ); + if( ret != 0 ) + { + x509_free( crt ); + return( ret ); + } + } + + if( p != end ) + { + x509_free( crt ); + return( XYSSL_ERR_X509_CERT_INVALID_FORMAT | + XYSSL_ERR_ASN1_LENGTH_MISMATCH ); + } + + end = crt->raw.p + crt->raw.len; + + /* + * signatureAlgorithm AlgorithmIdentifier, + * signatureValue BIT STRING + */ + if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2 ) ) != 0 ) + { + x509_free( crt ); + return( ret ); + } + + if( memcmp( crt->sig_oid1.p, crt->sig_oid2.p, 9 ) != 0 ) + { + x509_free( crt ); + return( XYSSL_ERR_X509_CERT_SIG_MISMATCH ); + } + + if( ( ret = x509_get_sig( &p, end, &crt->sig ) ) != 0 ) + { + x509_free( crt ); + return( ret ); + } + + if( p != end ) + { + x509_free( crt ); + return( XYSSL_ERR_X509_CERT_INVALID_FORMAT | + XYSSL_ERR_ASN1_LENGTH_MISMATCH ); + } + + crt->next = (x509_cert *) malloc( sizeof( x509_cert ) ); + + if( crt->next == NULL ) + { + x509_free( crt ); + return( 1 ); + } + + crt = crt->next; + memset( crt, 0, sizeof( x509_cert ) ); + + if( buflen > 0 ) + return( x509parse_crt( crt, buf, buflen ) ); + + return( 0 ); +} + +/* + * Load one or more certificates and add them to the chained list + */ +int x509parse_crtfile( x509_cert *chain, char *path ) +{ + int ret; + FILE *f; + size_t n; + unsigned char *buf; + + if( ( f = fopen( path, "rb" ) ) == NULL ) + return( 1 ); + + fseek( f, 0, SEEK_END ); + n = (size_t) ftell( f ); + fseek( f, 0, SEEK_SET ); + + if( ( buf = (unsigned char *) malloc( n + 1 ) ) == NULL ) + return( 1 ); + + if( fread( buf, 1, n, f ) != n ) + { + fclose( f ); + free( buf ); + return( 1 ); + } + + buf[n] = '\0'; + + ret = x509parse_crt( chain, buf, (int) n ); + + memset( buf, 0, n + 1 ); + free( buf ); + fclose( f ); + + return( ret ); +} + +#if defined(XYSSL_DES_C) +/* + * Read a 16-byte hex string and convert it to binary + */ +static int x509_get_iv( unsigned char *s, unsigned char iv[8] ) +{ + int i, j, k; + + memset( iv, 0, 8 ); + + for( i = 0; i < 16; i++, s++ ) + { + if( *s >= '0' && *s <= '9' ) j = *s - '0'; else + if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else + if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else + return( XYSSL_ERR_X509_KEY_INVALID_ENC_IV ); + + k = ( ( i & 1 ) != 0 ) ? j : j << 4; + + iv[i >> 1] = (unsigned char)( iv[i >> 1] | k ); + } + + return( 0 ); +} + +/* + * Decrypt with 3DES-CBC, using PBKDF1 for key derivation + */ +static void x509_des3_decrypt( unsigned char des3_iv[8], + unsigned char *buf, int buflen, + unsigned char *pwd, int pwdlen ) +{ + md5_context md5_ctx; + des3_context des3_ctx; + unsigned char md5sum[16]; + unsigned char des3_key[24]; + + /* + * 3DES key[ 0..15] = MD5(pwd || IV) + * key[16..23] = MD5(pwd || IV || 3DES key[ 0..15]) + */ + md5_starts( &md5_ctx ); + md5_update( &md5_ctx, pwd, pwdlen ); + md5_update( &md5_ctx, des3_iv, 8 ); + md5_finish( &md5_ctx, md5sum ); + memcpy( des3_key, md5sum, 16 ); + + md5_starts( &md5_ctx ); + md5_update( &md5_ctx, md5sum, 16 ); + md5_update( &md5_ctx, pwd, pwdlen ); + md5_update( &md5_ctx, des3_iv, 8 ); + md5_finish( &md5_ctx, md5sum ); + memcpy( des3_key + 16, md5sum, 8 ); + + des3_set3key_dec( &des3_ctx, des3_key ); + des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen, + des3_iv, buf, buf ); + + memset( &md5_ctx, 0, sizeof( md5_ctx ) ); + memset( &des3_ctx, 0, sizeof( des3_ctx ) ); + memset( md5sum, 0, 16 ); + memset( des3_key, 0, 24 ); +} +#endif + +/* + * Parse a private RSA key + */ +int x509parse_key( rsa_context *rsa, unsigned char *buf, int buflen, + unsigned char *pwd, int pwdlen ) +{ + int ret, len, enc; + unsigned char *s1, *s2; + unsigned char *p, *end; + unsigned char des3_iv[8]; + + s1 = (unsigned char *) strstr( (char *) buf, + "-----BEGIN RSA PRIVATE KEY-----" ); + + if( s1 != NULL ) + { + s2 = (unsigned char *) strstr( (char *) buf, + "-----END RSA PRIVATE KEY-----" ); + + if( s2 == NULL || s2 <= s1 ) + return( XYSSL_ERR_X509_KEY_INVALID_PEM ); + + s1 += 31; + if( *s1 == '\r' ) s1++; + if( *s1 == '\n' ) s1++; + else return( XYSSL_ERR_X509_KEY_INVALID_PEM ); + + enc = 0; + + if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) + { +#if defined(XYSSL_DES_C) + enc++; + + s1 += 22; + if( *s1 == '\r' ) s1++; + if( *s1 == '\n' ) s1++; + else return( XYSSL_ERR_X509_KEY_INVALID_PEM ); + + if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) != 0 ) + return( XYSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG ); + + s1 += 23; + if( x509_get_iv( s1, des3_iv ) != 0 ) + return( XYSSL_ERR_X509_KEY_INVALID_ENC_IV ); + + s1 += 16; + if( *s1 == '\r' ) s1++; + if( *s1 == '\n' ) s1++; + else return( XYSSL_ERR_X509_KEY_INVALID_PEM ); +#else + return( XYSSL_ERR_X509_FEATURE_UNAVAILABLE ); +#endif + } + + len = 0; + ret = base64_decode( NULL, &len, s1, s2 - s1 ); + + if( ret == XYSSL_ERR_BASE64_INVALID_CHARACTER ) + return( ret | XYSSL_ERR_X509_KEY_INVALID_PEM ); + + if( ( buf = (unsigned char *) malloc( len ) ) == NULL ) + return( 1 ); + + if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 ) + { + free( buf ); + return( ret | XYSSL_ERR_X509_KEY_INVALID_PEM ); + } + + buflen = len; + + if( enc != 0 ) + { +#if defined(XYSSL_DES_C) + if( pwd == NULL ) + { + free( buf ); + return( XYSSL_ERR_X509_KEY_PASSWORD_REQUIRED ); + } + + x509_des3_decrypt( des3_iv, buf, buflen, pwd, pwdlen ); + + if( buf[0] != 0x30 || buf[1] != 0x82 || + buf[4] != 0x02 || buf[5] != 0x01 ) + { + free( buf ); + return( XYSSL_ERR_X509_KEY_PASSWORD_MISMATCH ); + } +#else + return( XYSSL_ERR_X509_FEATURE_UNAVAILABLE ); +#endif + } + } + + memset( rsa, 0, sizeof( rsa_context ) ); + + p = buf; + end = buf + buflen; + + /* + * RSAPrivateKey ::= SEQUENCE { + * version Version, + * modulus INTEGER, -- n + * publicExponent INTEGER, -- e + * privateExponent INTEGER, -- d + * prime1 INTEGER, -- p + * prime2 INTEGER, -- q + * exponent1 INTEGER, -- d mod (p-1) + * exponent2 INTEGER, -- d mod (q-1) + * coefficient INTEGER, -- (inverse of q) mod p + * otherPrimeInfos OtherPrimeInfos OPTIONAL + * } + */ + if( ( ret = asn1_get_tag( &p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + { + if( s1 != NULL ) + free( buf ); + + rsa_free( rsa ); + return( XYSSL_ERR_X509_KEY_INVALID_FORMAT | ret ); + } + + end = p + len; + + if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 ) + { + if( s1 != NULL ) + free( buf ); + + rsa_free( rsa ); + return( XYSSL_ERR_X509_KEY_INVALID_FORMAT | ret ); + } + + if( rsa->ver != 0 ) + { + if( s1 != NULL ) + free( buf ); + + rsa_free( rsa ); + return( ret | XYSSL_ERR_X509_KEY_INVALID_VERSION ); + } + + if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 || + ( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 || + ( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 || + ( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 || + ( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 || + ( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 || + ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 || + ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 ) + { + if( s1 != NULL ) + free( buf ); + + rsa_free( rsa ); + return( ret | XYSSL_ERR_X509_KEY_INVALID_FORMAT ); + } + + rsa->len = mpi_size( &rsa->N ); + + if( p != end ) + { + if( s1 != NULL ) + free( buf ); + + rsa_free( rsa ); + return( XYSSL_ERR_X509_KEY_INVALID_FORMAT | + XYSSL_ERR_ASN1_LENGTH_MISMATCH ); + } + + if( ( ret = rsa_check_privkey( rsa ) ) != 0 ) + { + if( s1 != NULL ) + free( buf ); + + rsa_free( rsa ); + return( ret ); + } + + if( s1 != NULL ) + free( buf ); + + return( 0 ); +} + +/* + * Load and parse a private RSA key + */ +int x509parse_keyfile( rsa_context *rsa, char *path, char *pwd ) +{ + int ret; + FILE *f; + size_t n; + unsigned char *buf; + + if( ( f = fopen( path, "rb" ) ) == NULL ) + return( 1 ); + + fseek( f, 0, SEEK_END ); + n = (size_t) ftell( f ); + fseek( f, 0, SEEK_SET ); + + if( ( buf = (unsigned char *) malloc( n + 1 ) ) == NULL ) + return( 1 ); + + if( fread( buf, 1, n, f ) != n ) + { + fclose( f ); + free( buf ); + return( 1 ); + } + + buf[n] = '\0'; + + if( pwd == NULL ) + ret = x509parse_key( rsa, buf, (int) n, NULL, 0 ); + else + ret = x509parse_key( rsa, buf, (int) n, + (unsigned char *) pwd, strlen( pwd ) ); + + memset( buf, 0, n + 1 ); + free( buf ); + fclose( f ); + + return( ret ); +} + +#if defined _MSC_VER && !defined snprintf +#define snprintf _snprintf +#endif + +/* + * Store the name in printable form into buf; no more + * than (end - buf) characters will be written + */ +int x509parse_dn_gets( char *buf, char *end, x509_name *dn ) +{ + int i; + unsigned char c; + x509_name *name; + char s[128], *p; + + memset( s, 0, sizeof( s ) ); + + name = dn; + p = buf; + + while( name != NULL ) + { + if( name != dn ) + p += snprintf( p, end - p, ", " ); + + if( memcmp( name->oid.p, OID_X520, 2 ) == 0 ) + { + switch( name->oid.p[2] ) + { + case X520_COMMON_NAME: + p += snprintf( p, end - p, "CN=" ); break; + + case X520_COUNTRY: + p += snprintf( p, end - p, "C=" ); break; + + case X520_LOCALITY: + p += snprintf( p, end - p, "L=" ); break; + + case X520_STATE: + p += snprintf( p, end - p, "ST=" ); break; + + case X520_ORGANIZATION: + p += snprintf( p, end - p, "O=" ); break; + + case X520_ORG_UNIT: + p += snprintf( p, end - p, "OU=" ); break; + + default: + p += snprintf( p, end - p, "0x%02X=", + name->oid.p[2] ); + break; + } + } + else if( memcmp( name->oid.p, OID_PKCS9, 8 ) == 0 ) + { + switch( name->oid.p[8] ) + { + case PKCS9_EMAIL: + p += snprintf( p, end - p, "emailAddress=" ); break; + + default: + p += snprintf( p, end - p, "0x%02X=", + name->oid.p[8] ); + break; + } + } + else + p += snprintf( p, end - p, "\?\?=" ); + + for( i = 0; i < name->val.len; i++ ) + { + if( i >= (int) sizeof( s ) - 1 ) + break; + + c = name->val.p[i]; + if( c < 32 || c == 127 || ( c > 128 && c < 160 ) ) + s[i] = '?'; + else s[i] = c; + } + s[i] = '\0'; + p += snprintf( p, end - p, "%s", s ); + name = name->next; + } + + return( p - buf ); +} + +/* + * Return an informational string about the + * certificate, or NULL if memory allocation failed + */ +char *x509parse_cert_info( char *prefix, x509_cert *crt ) +{ + int i, n; + char *p, *end; + static char buf[512]; + + p = buf; + end = buf + sizeof( buf ) - 1; + + p += snprintf( p, end - p, "%scert. version : %d\n", + prefix, crt->version ); + p += snprintf( p, end - p, "%sserial number : ", + prefix ); + + n = ( crt->serial.len <= 32 ) + ? crt->serial.len : 32; + + for( i = 0; i < n; i++ ) + p += snprintf( p, end - p, "%02X%s", + crt->serial.p[i], ( i < n - 1 ) ? ":" : "" ); + + p += snprintf( p, end - p, "\n%sissuer name : ", prefix ); + p += x509parse_dn_gets( p, end, &crt->issuer ); + + p += snprintf( p, end - p, "\n%ssubject name : ", prefix ); + p += x509parse_dn_gets( p, end, &crt->subject ); + + p += snprintf( p, end - p, "\n%sissued on : " \ + "%04d-%02d-%02d %02d:%02d:%02d", prefix, + crt->valid_from.year, crt->valid_from.mon, + crt->valid_from.day, crt->valid_from.hour, + crt->valid_from.min, crt->valid_from.sec ); + + p += snprintf( p, end - p, "\n%sexpires on : " \ + "%04d-%02d-%02d %02d:%02d:%02d", prefix, + crt->valid_to.year, crt->valid_to.mon, + crt->valid_to.day, crt->valid_to.hour, + crt->valid_to.min, crt->valid_to.sec ); + + p += snprintf( p, end - p, "\n%ssigned using : RSA+", prefix ); + + switch( crt->sig_oid1.p[8] ) + { + case RSA_MD2 : p += snprintf( p, end - p, "MD2" ); break; + case RSA_MD4 : p += snprintf( p, end - p, "MD4" ); break; + case RSA_MD5 : p += snprintf( p, end - p, "MD5" ); break; + case RSA_SHA1: p += snprintf( p, end - p, "SHA1" ); break; + default: p += snprintf( p, end - p, "???" ); break; + } + + p += snprintf( p, end - p, "\n%sRSA key size : %d bits\n", prefix, + crt->rsa.N.n * (int) sizeof( unsigned long ) * 8 ); + + return( buf ); +} + +/* + * Return 0 if the certificate is still valid, or BADCERT_EXPIRED + */ +int x509parse_expired( x509_cert *crt ) +{ + struct tm *lt; + time_t tt; + + tt = time( NULL ); + lt = localtime( &tt ); + + if( lt->tm_year > crt->valid_to.year - 1900 ) + return( BADCERT_EXPIRED ); + + if( lt->tm_year == crt->valid_to.year - 1900 && + lt->tm_mon > crt->valid_to.mon - 1 ) + return( BADCERT_EXPIRED ); + + if( lt->tm_year == crt->valid_to.year - 1900 && + lt->tm_mon == crt->valid_to.mon - 1 && + lt->tm_mday > crt->valid_to.day ) + return( BADCERT_EXPIRED ); + + return( 0 ); +} + +static void x509_hash( unsigned char *in, int len, int alg, + unsigned char *out ) +{ + switch( alg ) + { +#if defined(XYSSL_MD2_C) + case RSA_MD2 : md2( in, len, out ); break; +#endif +#if defined(XYSSL_MD4_C) + case RSA_MD4 : md4( in, len, out ); break; +#endif + case RSA_MD5 : md5( in, len, out ); break; + case RSA_SHA1 : sha1( in, len, out ); break; + default: + memset( out, '\xFF', len ); + break; + } +} + +/* + * Verify the certificate validity + */ +int x509parse_verify( x509_cert *crt, + x509_cert *trust_ca, + char *cn, int *flags ) +{ + int cn_len; + int hash_id; + int pathlen; + x509_cert *cur; + x509_name *name; + unsigned char hash[20]; + + *flags = x509parse_expired( crt ); + + if( cn != NULL ) + { + name = &crt->subject; + cn_len = strlen( cn ); + + while( name != NULL ) + { + if( memcmp( name->oid.p, OID_CN, 3 ) == 0 && + memcmp( name->val.p, cn, cn_len ) == 0 && + name->val.len == cn_len ) + break; + + name = name->next; + } + + if( name == NULL ) + *flags |= BADCERT_CN_MISMATCH; + } + + *flags |= BADCERT_NOT_TRUSTED; + + /* + * Iterate upwards in the given cert chain, + * ignoring any upper cert with CA != TRUE. + */ + cur = crt->next; + + pathlen = 1; + + while( cur->version != 0 ) + { + if( cur->ca_istrue == 0 || + crt->issuer_raw.len != cur->subject_raw.len || + memcmp( crt->issuer_raw.p, cur->subject_raw.p, + crt->issuer_raw.len ) != 0 ) + { + cur = cur->next; + continue; + } + + hash_id = crt->sig_oid1.p[8]; + + x509_hash( crt->tbs.p, crt->tbs.len, hash_id, hash ); + + if( rsa_pkcs1_verify( &cur->rsa, RSA_PUBLIC, hash_id, + 0, hash, crt->sig.p ) != 0 ) + return( XYSSL_ERR_X509_CERT_VERIFY_FAILED ); + + pathlen++; + + crt = cur; + cur = crt->next; + } + + /* + * Atempt to validate topmost cert with our CA chain. + */ + while( trust_ca->version != 0 ) + { + if( crt->issuer_raw.len != trust_ca->subject_raw.len || + memcmp( crt->issuer_raw.p, trust_ca->subject_raw.p, + crt->issuer_raw.len ) != 0 ) + { + trust_ca = trust_ca->next; + continue; + } + + if( trust_ca->max_pathlen > 0 && + trust_ca->max_pathlen < pathlen ) + break; + + hash_id = crt->sig_oid1.p[8]; + + x509_hash( crt->tbs.p, crt->tbs.len, hash_id, hash ); + + if( rsa_pkcs1_verify( &trust_ca->rsa, RSA_PUBLIC, hash_id, + 0, hash, crt->sig.p ) == 0 ) + { + /* + * cert. is signed by a trusted CA + */ + *flags &= ~BADCERT_NOT_TRUSTED; + break; + } + + trust_ca = trust_ca->next; + } + + if( *flags != 0 ) + return( XYSSL_ERR_X509_CERT_VERIFY_FAILED ); + + return( 0 ); +} + +/* + * Unallocate all certificate data + */ +void x509_free( x509_cert *crt ) +{ + x509_cert *cert_cur = crt; + x509_cert *cert_prv; + x509_name *name_cur; + x509_name *name_prv; + + if( crt == NULL ) + return; + + do + { + rsa_free( &cert_cur->rsa ); + + name_cur = cert_cur->issuer.next; + while( name_cur != NULL ) + { + name_prv = name_cur; + name_cur = name_cur->next; + memset( name_prv, 0, sizeof( x509_name ) ); + free( name_prv ); + } + + name_cur = cert_cur->subject.next; + while( name_cur != NULL ) + { + name_prv = name_cur; + name_cur = name_cur->next; + memset( name_prv, 0, sizeof( x509_name ) ); + free( name_prv ); + } + + if( cert_cur->raw.p != NULL ) + { + memset( cert_cur->raw.p, 0, cert_cur->raw.len ); + free( cert_cur->raw.p ); + } + + cert_cur = cert_cur->next; + } + while( cert_cur != NULL ); + + cert_cur = crt; + do + { + cert_prv = cert_cur; + cert_cur = cert_cur->next; + + memset( cert_prv, 0, sizeof( x509_cert ) ); + if( cert_prv != crt ) + free( cert_prv ); + } + while( cert_cur != NULL ); +} + +#if defined(XYSSL_SELF_TEST) + +#include "xyssl/certs.h" + +/* + * Checkup routine + */ +int x509_self_test( int verbose ) +{ + int ret, i, j; + x509_cert cacert; + x509_cert clicert; + rsa_context rsa; + + if( verbose != 0 ) + printf( " X.509 certificate load: " ); + + memset( &clicert, 0, sizeof( x509_cert ) ); + + ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt, + strlen( test_cli_crt ) ); + if( ret != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( ret ); + } + + memset( &cacert, 0, sizeof( x509_cert ) ); + + ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt, + strlen( test_ca_crt ) ); + if( ret != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( ret ); + } + + if( verbose != 0 ) + printf( "passed\n X.509 private key load: " ); + + i = strlen( test_ca_key ); + j = strlen( test_ca_pwd ); + + if( ( ret = x509parse_key( &rsa, + (unsigned char *) test_ca_key, i, + (unsigned char *) test_ca_pwd, j ) ) != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( ret ); + } + + if( verbose != 0 ) + printf( "passed\n X.509 signature verify: "); + + ret = x509parse_verify( &clicert, &cacert, "Joe User", &i ); + if( ret != 0 ) + { + if( verbose != 0 ) + printf( "failed\n" ); + + return( ret ); + } + + if( verbose != 0 ) + printf( "passed\n\n" ); + + x509_free( &cacert ); + x509_free( &clicert ); + rsa_free( &rsa ); + + return( 0 ); +} + +#endif + +#endif diff --git a/programs/Makefile b/programs/Makefile new file mode 100644 index 000000000..5771a57fb --- /dev/null +++ b/programs/Makefile @@ -0,0 +1,97 @@ + +# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS +# To compile on MinGW: add "-lws2_32" to LDFLAGS + +CFLAGS = -I../include -D_FILE_OFFSET_BITS=64 +OFLAGS = -O +LDFLAGS = -L../library -lxyssl + +APPS = aes/aescrypt2 hash/hello \ + hash/md5sum hash/sha1sum \ + hash/sha2sum pkey/dh_client \ + pkey/dh_genprime pkey/dh_server \ + pkey/mpi_demo pkey/rsa_genkey \ + pkey/rsa_sign pkey/rsa_verify \ + ssl/ssl_client1 ssl/ssl_client2 \ + ssl/ssl_server test/benchmark \ + test/selftest test/ssl_test + +.SILENT: + +all: $(APPS) + +aes/aescrypt2: aes/aescrypt2.c ../library/libxyssl.a + echo " CC aes/aescrypt2.c" + $(CC) $(CFLAGS) $(OFLAGS) aes/aescrypt2.c $(LDFLAGS) -o $@ + +hash/hello: hash/hello.c ../library/libxyssl.a + echo " CC hash/hello.c" + $(CC) $(CFLAGS) $(OFLAGS) hash/hello.c $(LDFLAGS) -o $@ + +hash/md5sum: hash/md5sum.c ../library/libxyssl.a + echo " CC hash/md5sum.c" + $(CC) $(CFLAGS) $(OFLAGS) hash/md5sum.c $(LDFLAGS) -o $@ + +hash/sha1sum: hash/sha1sum.c ../library/libxyssl.a + echo " CC hash/sha1sum.c" + $(CC) $(CFLAGS) $(OFLAGS) hash/sha1sum.c $(LDFLAGS) -o $@ + +hash/sha2sum: hash/sha2sum.c ../library/libxyssl.a + echo " CC hash/sha2sum.c" + $(CC) $(CFLAGS) $(OFLAGS) hash/sha2sum.c $(LDFLAGS) -o $@ + +pkey/dh_client: pkey/dh_client.c ../library/libxyssl.a + echo " CC pkey/dh_client.c" + $(CC) $(CFLAGS) $(OFLAGS) pkey/dh_client.c $(LDFLAGS) -o $@ + +pkey/dh_genprime: pkey/dh_genprime.c ../library/libxyssl.a + echo " CC pkey/dh_genprime.c" + $(CC) $(CFLAGS) $(OFLAGS) pkey/dh_genprime.c $(LDFLAGS) -o $@ + +pkey/dh_server: pkey/dh_server.c ../library/libxyssl.a + echo " CC pkey/dh_server.c" + $(CC) $(CFLAGS) $(OFLAGS) pkey/dh_server.c $(LDFLAGS) -o $@ + +pkey/mpi_demo: pkey/mpi_demo.c ../library/libxyssl.a + echo " CC pkey/mpi_demo.c" + $(CC) $(CFLAGS) $(OFLAGS) pkey/mpi_demo.c $(LDFLAGS) -o $@ + +pkey/rsa_genkey: pkey/rsa_genkey.c ../library/libxyssl.a + echo " CC pkey/rsa_genkey.c" + $(CC) $(CFLAGS) $(OFLAGS) pkey/rsa_genkey.c $(LDFLAGS) -o $@ + +pkey/rsa_sign: pkey/rsa_sign.c ../library/libxyssl.a + echo " CC pkey/rsa_sign.c" + $(CC) $(CFLAGS) $(OFLAGS) pkey/rsa_sign.c $(LDFLAGS) -o $@ + +pkey/rsa_verify: pkey/rsa_verify.c ../library/libxyssl.a + echo " CC pkey/rsa_verify.c" + $(CC) $(CFLAGS) $(OFLAGS) pkey/rsa_verify.c $(LDFLAGS) -o $@ + +ssl/ssl_client1: ssl/ssl_client1.c ../library/libxyssl.a + echo " CC ssl/ssl_client1.c" + $(CC) $(CFLAGS) $(OFLAGS) ssl/ssl_client1.c $(LDFLAGS) -o $@ + +ssl/ssl_client2: ssl/ssl_client2.c ../library/libxyssl.a + echo " CC ssl/ssl_client2.c" + $(CC) $(CFLAGS) $(OFLAGS) ssl/ssl_client2.c $(LDFLAGS) -o $@ + +ssl/ssl_server: ssl/ssl_server.c ../library/libxyssl.a + echo " CC ssl/ssl_server.c" + $(CC) $(CFLAGS) $(OFLAGS) ssl/ssl_server.c $(LDFLAGS) -o $@ + +test/benchmark: test/benchmark.c ../library/libxyssl.a + echo " CC test/benchmark.c" + $(CC) $(CFLAGS) $(OFLAGS) test/benchmark.c $(LDFLAGS) -o $@ + +test/selftest: test/selftest.c ../library/libxyssl.a + echo " CC test/selftest.c" + $(CC) $(CFLAGS) $(OFLAGS) test/selftest.c $(LDFLAGS) -o $@ + +test/ssl_test: test/ssl_test.c ../library/libxyssl.a + echo " CC test/ssl_test.c" + $(CC) $(CFLAGS) $(OFLAGS) test/ssl_test.c $(LDFLAGS) -o $@ + +clean: + rm -f $(APPS) + diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c new file mode 100644 index 000000000..3d9c06da8 --- /dev/null +++ b/programs/aes/aescrypt2.c @@ -0,0 +1,396 @@ +/* + * AES-256 file encryption program + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#if defined(WIN32) +#include +#include +#else +#include +#include +#endif + +#include +#include +#include +#include + +#include "xyssl/aes.h" +#include "xyssl/sha2.h" + +#define MODE_ENCRYPT 0 +#define MODE_DECRYPT 1 + +#define USAGE \ + "\n aescrypt2 \n" \ + "\n : 0 = encrypt, 1 = decrypt\n" \ + "\n example: aescrypt2 0 file file.aes hex:E76B2413958B00E193\n" \ + "\n" + +int main( int argc, char *argv[] ) +{ + int ret = 1, i, n; + int keylen, mode, lastn; + FILE *fkey, *fin, *fout; + + char *p; + unsigned char IV[16]; + unsigned char key[512]; + unsigned char digest[32]; + unsigned char buffer[1024]; + + aes_context aes_ctx; + sha2_context sha_ctx; + +#if defined(WIN32) + LARGE_INTEGER li_size; + __int64 filesize, offset; +#else + off_t filesize, offset; +#endif + + /* + * Parse the command-line arguments. + */ + if( argc != 5 ) + { + printf( USAGE ); + +#if defined(WIN32) + printf( "\n Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + goto exit; + } + + mode = atoi( argv[1] ); + + if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT ) + { + fprintf( stderr, "invalide operation mode\n" ); + goto exit; + } + + if( strcmp( argv[2], argv[3] ) == 0 ) + { + fprintf( stderr, "input and output filenames must differ\n" ); + goto exit; + } + + if( ( fin = fopen( argv[2], "rb" ) ) == NULL ) + { + fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] ); + goto exit; + } + + if( ( fout = fopen( argv[3], "wb+" ) ) == NULL ) + { + fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] ); + goto exit; + } + + /* + * Read the secret key and clean the command line. + */ + if( ( fkey = fopen( argv[4], "rb" ) ) != NULL ) + { + keylen = fread( key, 1, sizeof( key ), fkey ); + fclose( fkey ); + } + else + { + if( memcmp( argv[4], "hex:", 4 ) == 0 ) + { + p = &argv[4][4]; + keylen = 0; + + while( sscanf( p, "%02X", &n ) > 0 && + keylen < (int) sizeof( key ) ) + { + key[keylen++] = (unsigned char) n; + p += 2; + } + } + else + { + keylen = strlen( argv[4] ); + + if( keylen > (int) sizeof( key ) ) + keylen = (int) sizeof( key ); + + memcpy( key, argv[4], keylen ); + } + } + + memset( argv[4], 0, strlen( argv[4] ) ); + +#if defined(WIN32) + /* + * Support large files (> 2Gb) on Win32 + */ + li_size.QuadPart = 0; + li_size.LowPart = + SetFilePointer( (HANDLE) _get_osfhandle( _fileno( fin ) ), + li_size.LowPart, &li_size.HighPart, FILE_END ); + + if( li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR ) + { + fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" ); + goto exit; + } + + filesize = li_size.QuadPart; +#else + if( ( filesize = lseek( fileno( fin ), 0, SEEK_END ) ) < 0 ) + { + perror( "lseek" ); + goto exit; + } +#endif + + if( fseek( fin, 0, SEEK_SET ) < 0 ) + { + fprintf( stderr, "fseek(0,SEEK_SET) failed\n" ); + goto exit; + } + + if( mode == MODE_ENCRYPT ) + { + /* + * Generate the initialization vector as: + * IV = SHA-256( filesize || filename )[0..15] + */ + for( i = 0; i < 8; i++ ) + buffer[i] = (unsigned char)( filesize >> ( i << 3 ) ); + + p = argv[2]; + + sha2_starts( &sha_ctx, 0 ); + sha2_update( &sha_ctx, buffer, 8 ); + sha2_update( &sha_ctx, (unsigned char *) p, strlen( p ) ); + sha2_finish( &sha_ctx, digest ); + + memcpy( IV, digest, 16 ); + + /* + * The last four bits in the IV are actually used + * to store the file size modulo the AES block size. + */ + lastn = (int)( filesize & 0x0F ); + + IV[15] = (unsigned char) + ( ( IV[15] & 0xF0 ) | lastn ); + + /* + * Append the IV at the beginning of the output. + */ + if( fwrite( IV, 1, 16, fout ) != 16 ) + { + fprintf( stderr, "fwrite(%d bytes) failed\n", 16 ); + goto exit; + } + + /* + * Hash the IV and the secret key together 8192 times + * using the result to setup the AES context and HMAC. + */ + memset( digest, 0, 32 ); + memcpy( digest, IV, 16 ); + + for( i = 0; i < 8192; i++ ) + { + sha2_starts( &sha_ctx, 0 ); + sha2_update( &sha_ctx, digest, 32 ); + sha2_update( &sha_ctx, key, keylen ); + sha2_finish( &sha_ctx, digest ); + } + + memset( key, 0, sizeof( key ) ); + aes_setkey_enc( &aes_ctx, digest, 256 ); + sha2_hmac_starts( &sha_ctx, digest, 32, 0 ); + + /* + * Encrypt and write the ciphertext. + */ + for( offset = 0; offset < filesize; offset += 16 ) + { + n = ( filesize - offset > 16 ) ? 16 : (int) + ( filesize - offset ); + + if( fread( buffer, 1, n, fin ) != (size_t) n ) + { + fprintf( stderr, "fread(%d bytes) failed\n", n ); + goto exit; + } + + for( i = 0; i < 16; i++ ) + buffer[i] = (unsigned char)( buffer[i] ^ IV[i] ); + + aes_crypt_ecb( &aes_ctx, AES_ENCRYPT, buffer, buffer ); + sha2_hmac_update( &sha_ctx, buffer, 16 ); + + if( fwrite( buffer, 1, 16, fout ) != 16 ) + { + fprintf( stderr, "fwrite(%d bytes) failed\n", 16 ); + goto exit; + } + + memcpy( IV, buffer, 16 ); + } + + /* + * Finally write the HMAC. + */ + sha2_hmac_finish( &sha_ctx, digest ); + + if( fwrite( digest, 1, 32, fout ) != 32 ) + { + fprintf( stderr, "fwrite(%d bytes) failed\n", 16 ); + goto exit; + } + } + + if( mode == MODE_DECRYPT ) + { + unsigned char tmp[16]; + + /* + * The encrypted file must be structured as follows: + * + * 00 .. 15 Initialization Vector + * 16 .. 31 AES Encrypted Block #1 + * .. + * N*16 .. (N+1)*16 - 1 AES Encrypted Block #N + * (N+1)*16 .. (N+1)*16 + 32 HMAC-SHA-256(ciphertext) + */ + if( filesize < 48 ) + { + fprintf( stderr, "File too short to be encrypted.\n" ); + goto exit; + } + + if( ( filesize & 0x0F ) != 0 ) + { + fprintf( stderr, "File size not a multiple of 16.\n" ); + goto exit; + } + + /* + * Substract the IV + HMAC length. + */ + filesize -= ( 16 + 32 ); + + /* + * Read the IV and original filesize modulo 16. + */ + if( fread( buffer, 1, 16, fin ) != 16 ) + { + fprintf( stderr, "fread(%d bytes) failed\n", 16 ); + goto exit; + } + + memcpy( IV, buffer, 16 ); + lastn = IV[15] & 0x0F; + + /* + * Hash the IV and the secret key together 8192 times + * using the result to setup the AES context and HMAC. + */ + memset( digest, 0, 32 ); + memcpy( digest, IV, 16 ); + + for( i = 0; i < 8192; i++ ) + { + sha2_starts( &sha_ctx, 0 ); + sha2_update( &sha_ctx, digest, 32 ); + sha2_update( &sha_ctx, key, keylen ); + sha2_finish( &sha_ctx, digest ); + } + + memset( key, 0, sizeof( key ) ); + aes_setkey_dec( &aes_ctx, digest, 256 ); + sha2_hmac_starts( &sha_ctx, digest, 32, 0 ); + + /* + * Decrypt and write the plaintext. + */ + for( offset = 0; offset < filesize; offset += 16 ) + { + if( fread( buffer, 1, 16, fin ) != 16 ) + { + fprintf( stderr, "fread(%d bytes) failed\n", 16 ); + goto exit; + } + + memcpy( tmp, buffer, 16 ); + + sha2_hmac_update( &sha_ctx, buffer, 16 ); + aes_crypt_ecb( &aes_ctx, AES_DECRYPT, buffer, buffer ); + + for( i = 0; i < 16; i++ ) + buffer[i] = (unsigned char)( buffer[i] ^ IV[i] ); + + memcpy( IV, tmp, 16 ); + + n = ( lastn > 0 && offset == filesize - 16 ) + ? lastn : 16; + + if( fwrite( buffer, 1, n, fout ) != (size_t) n ) + { + fprintf( stderr, "fwrite(%d bytes) failed\n", n ); + goto exit; + } + } + + /* + * Verify the message authentication code. + */ + sha2_hmac_finish( &sha_ctx, digest ); + + if( fread( buffer, 1, 32, fin ) != 32 ) + { + fprintf( stderr, "fread(%d bytes) failed\n", 32 ); + goto exit; + } + + if( memcmp( digest, buffer, 32 ) != 0 ) + { + fprintf( stderr, "HMAC check failed: wrong key, " + "or file corrupted.\n" ); + goto exit; + } + } + + ret = 0; + +exit: + + memset( buffer, 0, sizeof( buffer ) ); + memset( digest, 0, sizeof( digest ) ); + + memset( &aes_ctx, 0, sizeof( aes_context ) ); + memset( &sha_ctx, 0, sizeof( sha2_context ) ); + + return( ret ); +} diff --git a/programs/hash/hello.c b/programs/hash/hello.c new file mode 100644 index 000000000..12e016734 --- /dev/null +++ b/programs/hash/hello.c @@ -0,0 +1,50 @@ +/* + * Classic "Hello, world" demonstration program + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include + +#include "xyssl/md5.h" + +int main( void ) +{ + int i; + unsigned char digest[16]; + char str[] = "Hello, world!"; + + printf( "\n MD5('%s') = ", str ); + + md5( (unsigned char *) str, 13, digest ); + + for( i = 0; i < 16; i++ ) + printf( "%02x", digest[i] ); + + printf( "\n\n" ); + +#ifdef WIN32 + printf( " Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( 0 ); +} diff --git a/programs/hash/md5sum.c b/programs/hash/md5sum.c new file mode 100644 index 000000000..10e9a7101 --- /dev/null +++ b/programs/hash/md5sum.c @@ -0,0 +1,156 @@ +/* + * md5sum demonstration program + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include +#include + +#include "xyssl/md5.h" + +static int md5_wrapper( char *filename, unsigned char *sum ) +{ + int ret = md5_file( filename, sum ); + + if( ret == 1 ) + fprintf( stderr, "failed to open: %s\n", filename ); + + if( ret == 2 ) + fprintf( stderr, "failed to read: %s\n", filename ); + + return( ret ); +} + +static int md5_print( char *filename ) +{ + int i; + unsigned char sum[16]; + + if( md5_wrapper( filename, sum ) != 0 ) + return( 1 ); + + for( i = 0; i < 16; i++ ) + printf( "%02x", sum[i] ); + + printf( " %s\n", filename ); + return( 0 ); +} + +static int md5_check( char *filename ) +{ + int i; + size_t n; + FILE *f; + int nb_err1, nb_err2; + int nb_tot1, nb_tot2; + unsigned char sum[16]; + char buf[33], line[1024]; + + if( ( f = fopen( filename, "rb" ) ) == NULL ) + { + printf( "failed to open: %s\n", filename ); + return( 1 ); + } + + nb_err1 = nb_err2 = 0; + nb_tot1 = nb_tot2 = 0; + + memset( line, 0, sizeof( line ) ); + + n = sizeof( line ); + + while( fgets( line, n - 1, f ) != NULL ) + { + n = strlen( line ); + + if( n < 36 ) + continue; + + if( line[32] != ' ' || line[33] != ' ' ) + continue; + + if( line[n - 1] == '\n' ) { n--; line[n] = '\0'; } + if( line[n - 1] == '\r' ) { n--; line[n] = '\0'; } + + nb_tot1++; + + if( md5_wrapper( line + 34, sum ) != 0 ) + { + nb_err1++; + continue; + } + + nb_tot2++; + + for( i = 0; i < 16; i++ ) + sprintf( buf + i * 2, "%02x", sum[i] ); + + if( memcmp( line, buf, 32 ) != 0 ) + { + nb_err2++; + fprintf( stderr, "wrong checksum: %s\n", line + 34 ); + } + + n = sizeof( line ); + } + + if( nb_err1 != 0 ) + { + printf( "WARNING: %d (out of %d) input files could " + "not be read\n", nb_err1, nb_tot1 ); + } + + if( nb_err2 != 0 ) + { + printf( "WARNING: %d (out of %d) computed checksums did " + "not match\n", nb_err2, nb_tot2 ); + } + + return( nb_err1 != 0 || nb_err2 != 0 ); +} + +int main( int argc, char *argv[] ) +{ + int ret, i; + + if( argc == 1 ) + { + printf( "print mode: md5sum ...\n" ); + printf( "check mode: md5sum -c \n" ); + +#ifdef WIN32 + printf( "\n Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( 1 ); + } + + if( argc == 3 && strcmp( "-c", argv[1] ) == 0 ) + return( md5_check( argv[2] ) ); + + ret = 0; + for( i = 1; i < argc; i++ ) + ret |= md5_print( argv[i] ); + + return( ret ); +} diff --git a/programs/hash/sha1sum.c b/programs/hash/sha1sum.c new file mode 100644 index 000000000..33c3142d6 --- /dev/null +++ b/programs/hash/sha1sum.c @@ -0,0 +1,156 @@ +/* + * sha1sum demonstration program + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include +#include + +#include "xyssl/sha1.h" + +static int sha1_wrapper( char *filename, unsigned char *sum ) +{ + int ret = sha1_file( filename, sum ); + + if( ret == 1 ) + fprintf( stderr, "failed to open: %s\n", filename ); + + if( ret == 2 ) + fprintf( stderr, "failed to read: %s\n", filename ); + + return( ret ); +} + +static int sha1_print( char *filename ) +{ + int i; + unsigned char sum[20]; + + if( sha1_wrapper( filename, sum ) != 0 ) + return( 1 ); + + for( i = 0; i < 20; i++ ) + printf( "%02x", sum[i] ); + + printf( " %s\n", filename ); + return( 0 ); +} + +static int sha1_check( char *filename ) +{ + int i; + size_t n; + FILE *f; + int nb_err1, nb_err2; + int nb_tot1, nb_tot2; + unsigned char sum[20]; + char buf[41], line[1024]; + + if( ( f = fopen( filename, "rb" ) ) == NULL ) + { + printf( "failed to open: %s\n", filename ); + return( 1 ); + } + + nb_err1 = nb_err2 = 0; + nb_tot1 = nb_tot2 = 0; + + memset( line, 0, sizeof( line ) ); + + n = sizeof( line ); + + while( fgets( line, n - 1, f ) != NULL ) + { + n = strlen( line ); + + if( n < 44 ) + continue; + + if( line[40] != ' ' || line[41] != ' ' ) + continue; + + if( line[n - 1] == '\n' ) { n--; line[n] = '\0'; } + if( line[n - 1] == '\r' ) { n--; line[n] = '\0'; } + + nb_tot1++; + + if( sha1_wrapper( line + 42, sum ) != 0 ) + { + nb_err1++; + continue; + } + + nb_tot2++; + + for( i = 0; i < 20; i++ ) + sprintf( buf + i * 2, "%02x", sum[i] ); + + if( memcmp( line, buf, 40 ) != 0 ) + { + nb_err2++; + fprintf( stderr, "wrong checksum: %s\n", line + 42 ); + } + + n = sizeof( line ); + } + + if( nb_err1 != 0 ) + { + printf( "WARNING: %d (out of %d) input files could " + "not be read\n", nb_err1, nb_tot1 ); + } + + if( nb_err2 != 0 ) + { + printf( "WARNING: %d (out of %d) computed checksums did " + "not match\n", nb_err2, nb_tot2 ); + } + + return( nb_err1 != 0 || nb_err2 != 0 ); +} + +int main( int argc, char *argv[] ) +{ + int ret, i; + + if( argc == 1 ) + { + printf( "print mode: sha1sum ...\n" ); + printf( "check mode: sha1sum -c \n" ); + +#ifdef WIN32 + printf( "\n Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( 1 ); + } + + if( argc == 3 && strcmp( "-c", argv[1] ) == 0 ) + return( sha1_check( argv[2] ) ); + + ret = 0; + for( i = 1; i < argc; i++ ) + ret |= sha1_print( argv[i] ); + + return( ret ); +} diff --git a/programs/hash/sha2sum.c b/programs/hash/sha2sum.c new file mode 100644 index 000000000..c0d42a844 --- /dev/null +++ b/programs/hash/sha2sum.c @@ -0,0 +1,156 @@ +/* + * sha2sum demonstration program + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include +#include + +#include "xyssl/sha2.h" + +static int sha2_wrapper( char *filename, unsigned char *sum ) +{ + int ret = sha2_file( filename, sum, 0 ); + + if( ret == 1 ) + fprintf( stderr, "failed to open: %s\n", filename ); + + if( ret == 2 ) + fprintf( stderr, "failed to read: %s\n", filename ); + + return( ret ); +} + +static int sha2_print( char *filename ) +{ + int i; + unsigned char sum[32]; + + if( sha2_wrapper( filename, sum ) != 0 ) + return( 1 ); + + for( i = 0; i < 32; i++ ) + printf( "%02x", sum[i] ); + + printf( " %s\n", filename ); + return( 0 ); +} + +static int sha2_check( char *filename ) +{ + int i; + size_t n; + FILE *f; + int nb_err1, nb_err2; + int nb_tot1, nb_tot2; + unsigned char sum[32]; + char buf[65], line[1024]; + + if( ( f = fopen( filename, "rb" ) ) == NULL ) + { + printf( "failed to open: %s\n", filename ); + return( 1 ); + } + + nb_err1 = nb_err2 = 0; + nb_tot1 = nb_tot2 = 0; + + memset( line, 0, sizeof( line ) ); + + n = sizeof( line ); + + while( fgets( line, n - 1, f ) != NULL ) + { + n = strlen( line ); + + if( n < 68 ) + continue; + + if( line[64] != ' ' || line[65] != ' ' ) + continue; + + if( line[n - 1] == '\n' ) { n--; line[n] = '\0'; } + if( line[n - 1] == '\r' ) { n--; line[n] = '\0'; } + + nb_tot1++; + + if( sha2_wrapper( line + 66, sum ) != 0 ) + { + nb_err1++; + continue; + } + + nb_tot2++; + + for( i = 0; i < 32; i++ ) + sprintf( buf + i * 2, "%02x", sum[i] ); + + if( memcmp( line, buf, 64 ) != 0 ) + { + nb_err2++; + fprintf( stderr, "wrong checksum: %s\n", line + 66 ); + } + + n = sizeof( line ); + } + + if( nb_err1 != 0 ) + { + printf( "WARNING: %d (out of %d) input files could " + "not be read\n", nb_err1, nb_tot1 ); + } + + if( nb_err2 != 0 ) + { + printf( "WARNING: %d (out of %d) computed checksums did " + "not match\n", nb_err2, nb_tot2 ); + } + + return( nb_err1 != 0 || nb_err2 != 0 ); +} + +int main( int argc, char *argv[] ) +{ + int ret, i; + + if( argc == 1 ) + { + printf( "print mode: sha2sum ...\n" ); + printf( "check mode: sha2sum -c \n" ); + +#ifdef WIN32 + printf( "\n Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( 1 ); + } + + if( argc == 3 && strcmp( "-c", argv[1] ) == 0 ) + return( sha2_check( argv[2] ) ); + + ret = 0; + for( i = 1; i < argc; i++ ) + ret |= sha2_print( argv[i] ); + + return( ret ); +} diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c new file mode 100644 index 000000000..212207882 --- /dev/null +++ b/programs/pkey/dh_client.c @@ -0,0 +1,249 @@ +/* + * Diffie-Hellman-Merkle key exchange (client side) + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include +#include + +#include "xyssl/net.h" +#include "xyssl/aes.h" +#include "xyssl/dhm.h" +#include "xyssl/rsa.h" +#include "xyssl/sha1.h" +#include "xyssl/havege.h" + +#define SERVER_NAME "localhost" +#define SERVER_PORT 11999 + +int main( void ) +{ + FILE *f; + + int ret, n, buflen; + int server_fd = -1; + + unsigned char *p, *end; + unsigned char buf[1024]; + unsigned char hash[20]; + + havege_state hs; + rsa_context rsa; + dhm_context dhm; + aes_context aes; + + memset( &rsa, 0, sizeof( rsa ) ); + memset( &dhm, 0, sizeof( dhm ) ); + + /* + * 1. Setup the RNG + */ + printf( "\n . Seeding the random number generator" ); + fflush( stdout ); + + havege_init( &hs ); + + /* + * 2. Read the server's public RSA key + */ + printf( "\n . Reading public key from rsa_pub.txt" ); + fflush( stdout ); + + if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL ) + { + ret = 1; + printf( " failed\n ! Could not open rsa_pub.txt\n" \ + " ! Please run rsa_genkey first\n\n" ); + goto exit; + } + + rsa_init( &rsa, RSA_PKCS_V15, 0, NULL, NULL ); + + if( ( ret = mpi_read_file( &rsa.N, 16, f ) ) != 0 || + ( ret = mpi_read_file( &rsa.E, 16, f ) ) != 0 ) + { + printf( " failed\n ! mpi_read_file returned %d\n\n", ret ); + goto exit; + } + + rsa.len = ( mpi_msb( &rsa.N ) + 7 ) >> 3; + + fclose( f ); + + /* + * 3. Initiate the connection + */ + printf( "\n . Connecting to tcp/%s/%d", SERVER_NAME, + SERVER_PORT ); + fflush( stdout ); + + if( ( ret = net_connect( &server_fd, SERVER_NAME, + SERVER_PORT ) ) != 0 ) + { + printf( " failed\n ! net_connect returned %d\n\n", ret ); + goto exit; + } + + /* + * 4a. First get the buffer length + */ + printf( "\n . Receiving the server's DH parameters" ); + fflush( stdout ); + + memset( buf, 0, sizeof( buf ) ); + + if( ( ret = net_recv( &server_fd, buf, 2 ) ) != 2 ) + { + printf( " failed\n ! net_recv returned %d\n\n", ret ); + goto exit; + } + + n = buflen = ( buf[0] << 8 ) | buf[1]; + if( buflen < 1 || buflen > (int) sizeof( buf ) ) + { + printf( " failed\n ! Got an invalid buffer length\n\n" ); + goto exit; + } + + /* + * 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P + */ + memset( buf, 0, sizeof( buf ) ); + + if( ( ret = net_recv( &server_fd, buf, n ) ) != n ) + { + printf( " failed\n ! net_recv returned %d\n\n", ret ); + goto exit; + } + + p = buf, end = buf + buflen; + + if( ( ret = dhm_read_params( &dhm, &p, end ) ) != 0 ) + { + printf( " failed\n ! dhm_read_params returned %d\n\n", ret ); + goto exit; + } + + if( dhm.len < 64 || dhm.len > 256 ) + { + ret = 1; + printf( " failed\n ! Invalid DHM modulus size\n\n" ); + goto exit; + } + + /* + * 5. Check that the server's RSA signature matches + * the SHA-1 hash of (P,G,Ys) + */ + printf( "\n . Verifying the server's RSA signature" ); + fflush( stdout ); + + if( ( n = (int)( end - p ) ) != rsa.len ) + { + ret = 1; + printf( " failed\n ! Invalid RSA signature size\n\n" ); + goto exit; + } + + sha1( buf, (int)( p - 2 - buf ), hash ); + + if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, RSA_SHA1, + 0, hash, p ) ) != 0 ) + { + printf( " failed\n ! rsa_pkcs1_verify returned %d\n\n", ret ); + goto exit; + } + + /* + * 6. Send our public value: Yc = G ^ Xc mod P + */ + printf( "\n . Sending own public value to server" ); + fflush( stdout ); + + n = dhm.len; + if( ( ret = dhm_make_public( &dhm, 256, buf, n, + havege_rand, &hs ) ) != 0 ) + { + printf( " failed\n ! dhm_make_public returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = net_send( &server_fd, buf, n ) ) != n ) + { + printf( " failed\n ! net_send returned %d\n\n", ret ); + goto exit; + } + + /* + * 7. Derive the shared secret: K = Ys ^ Xc mod P + */ + printf( "\n . Shared secret: " ); + fflush( stdout ); + + n = dhm.len; + if( ( ret = dhm_calc_secret( &dhm, buf, &n ) ) != 0 ) + { + printf( " failed\n ! dhm_calc_secret returned %d\n\n", ret ); + goto exit; + } + + for( n = 0; n < 16; n++ ) + printf( "%02x", buf[n] ); + + /* + * 8. Setup the AES-256 decryption key + * + * This is an overly simplified example; best practice is + * to hash the shared secret with a random value to derive + * the keying material for the encryption/decryption keys, + * IVs and MACs. + */ + printf( "...\n . Receiving and decrypting the ciphertext" ); + fflush( stdout ); + + aes_setkey_dec( &aes, buf, 256 ); + + memset( buf, 0, sizeof( buf ) ); + + if( ( ret = net_recv( &server_fd, buf, 16 ) ) != 16 ) + { + printf( " failed\n ! net_recv returned %d\n\n", ret ); + goto exit; + } + + aes_crypt_ecb( &aes, AES_DECRYPT, buf, buf ); + buf[16] = '\0'; + printf( "\n . Plaintext is \"%s\"\n\n", (char *) buf ); + +exit: + + net_close( server_fd ); + rsa_free( &rsa ); + dhm_free( &dhm ); + +#ifdef WIN32 + printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( ret ); +} diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c new file mode 100644 index 000000000..09d9b1d70 --- /dev/null +++ b/programs/pkey/dh_genprime.c @@ -0,0 +1,122 @@ +/* + * Diffie-Hellman-Merkle key exchange (prime generation) + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include + +#include "xyssl/bignum.h" +#include "xyssl/config.h" +#include "xyssl/havege.h" + +/* + * Note: G = 4 is always a quadratic residue mod P, + * so it is a generator of order Q (with P = 2*Q+1). + */ +#define DH_P_SIZE 1024 +#define GENERATOR "4" + +int main( void ) +{ + int ret = 1; + +#if defined(XYSSL_GENPRIME) + mpi G, P, Q; + havege_state hs; + FILE *fout; + + mpi_init( &G, &P, &Q, NULL ); + mpi_read_string( &G, 10, GENERATOR ); + + printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + havege_init( &hs ); + + printf( " ok\n . Generating the modulus, please wait..." ); + fflush( stdout ); + + /* + * This can take a long time... + */ + if( ( ret = mpi_gen_prime( &P, DH_P_SIZE, 1, + havege_rand, &hs ) ) != 0 ) + { + printf( " failed\n ! mpi_gen_prime returned %d\n\n", ret ); + goto exit; + } + + printf( " ok\n . Verifying that Q = (P-1)/2 is prime..." ); + fflush( stdout ); + + if( ( ret = mpi_sub_int( &Q, &P, 1 ) ) != 0 ) + { + printf( " failed\n ! mpi_sub_int returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mpi_div_int( &Q, NULL, &Q, 2 ) ) != 0 ) + { + printf( " failed\n ! mpi_div_int returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mpi_is_prime( &Q, havege_rand, &hs ) ) != 0 ) + { + printf( " failed\n ! mpi_is_prime returned %d\n\n", ret ); + goto exit; + } + + printf( " ok\n . Exporting the value in dh_prime.txt..." ); + fflush( stdout ); + + if( ( fout = fopen( "dh_prime.txt", "wb+" ) ) == NULL ) + { + ret = 1; + printf( " failed\n ! Could not create dh_prime.txt\n\n" ); + goto exit; + } + + if( ( ret = mpi_write_file( "P = ", &P, 16, fout ) != 0 ) || + ( ret = mpi_write_file( "G = ", &G, 16, fout ) != 0 ) ) + { + printf( " failed\n ! mpi_write_file returned %d\n\n", ret ); + goto exit; + } + + printf( " ok\n\n" ); + fclose( fout ); + +exit: + + mpi_free( &Q, &P, &G, NULL ); +#else + printf( "\n ! Prime-number generation is not available.\n\n" ); +#endif + +#ifdef WIN32 + printf( " Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( ret ); +} diff --git a/programs/pkey/dh_prime.txt b/programs/pkey/dh_prime.txt new file mode 100644 index 000000000..e62c27967 --- /dev/null +++ b/programs/pkey/dh_prime.txt @@ -0,0 +1,2 @@ +P = C3CF8BCFD9E88B0CC35EC526F3D63FA001DC9392E6CA81F3B414173955C582758B52038FAFBF402B8C29DC32F5231B0D2E25B252850C7DCDBFF46D0E7989E51DEA07A53BCF7947D4C95EBA28F9CBAFB0267EC3BCF57B15A49964236B56773851D6621E546F410D504F13827218CD14A1FDB69522DC72DD67D880E51B2E00894F +G = 04 diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c new file mode 100644 index 000000000..4990dcf4f --- /dev/null +++ b/programs/pkey/dh_server.c @@ -0,0 +1,252 @@ +/* + * Diffie-Hellman-Merkle key exchange (server side) + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include +#include + +#include "xyssl/net.h" +#include "xyssl/aes.h" +#include "xyssl/dhm.h" +#include "xyssl/rsa.h" +#include "xyssl/sha1.h" +#include "xyssl/havege.h" + +#define SERVER_PORT 11999 +#define PLAINTEXT "==Hello there!==" + +int main( void ) +{ + FILE *f; + + int ret, n, buflen; + int listen_fd = -1; + int client_fd = -1; + + unsigned char buf[1024]; + unsigned char hash[20]; + unsigned char buf2[2]; + + havege_state hs; + rsa_context rsa; + dhm_context dhm; + aes_context aes; + + memset( &rsa, 0, sizeof( rsa ) ); + memset( &dhm, 0, sizeof( dhm ) ); + + /* + * 1. Setup the RNG + */ + printf( "\n . Seeding the random number generator" ); + fflush( stdout ); + + havege_init( &hs ); + + /* + * 2a. Read the server's private RSA key + */ + printf( "\n . Reading private key from rsa_priv.txt" ); + fflush( stdout ); + + if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL ) + { + ret = 1; + printf( " failed\n ! Could not open rsa_priv.txt\n" \ + " ! Please run rsa_genkey first\n\n" ); + goto exit; + } + + rsa_init( &rsa, RSA_PKCS_V15, 0, NULL, NULL ); + + if( ( ret = mpi_read_file( &rsa.N , 16, f ) ) != 0 || + ( ret = mpi_read_file( &rsa.E , 16, f ) ) != 0 || + ( ret = mpi_read_file( &rsa.D , 16, f ) ) != 0 || + ( ret = mpi_read_file( &rsa.P , 16, f ) ) != 0 || + ( ret = mpi_read_file( &rsa.Q , 16, f ) ) != 0 || + ( ret = mpi_read_file( &rsa.DP, 16, f ) ) != 0 || + ( ret = mpi_read_file( &rsa.DQ, 16, f ) ) != 0 || + ( ret = mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) + { + printf( " failed\n ! mpi_read_file returned %d\n\n", ret ); + goto exit; + } + + rsa.len = ( mpi_msb( &rsa.N ) + 7 ) >> 3; + + fclose( f ); + + /* + * 2b. Get the DHM modulus and generator + */ + printf( "\n . Reading DH parameters from dh_prime.txt" ); + fflush( stdout ); + + if( ( f = fopen( "dh_prime.txt", "rb" ) ) == NULL ) + { + ret = 1; + printf( " failed\n ! Could not open dh_prime.txt\n" \ + " ! Please run dh_genprime first\n\n" ); + goto exit; + } + + if( mpi_read_file( &dhm.P, 16, f ) != 0 || + mpi_read_file( &dhm.G, 16, f ) != 0 ) + { + printf( " failed\n ! Invalid DH parameter file\n\n" ); + goto exit; + } + + fclose( f ); + + /* + * 3. Wait for a client to connect + */ + printf( "\n . Waiting for a remote connection" ); + fflush( stdout ); + + if( ( ret = net_bind( &listen_fd, NULL, SERVER_PORT ) ) != 0 ) + { + printf( " failed\n ! net_bind returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 ) + { + printf( " failed\n ! net_accept returned %d\n\n", ret ); + goto exit; + } + + /* + * 4. Setup the DH parameters (P,G,Ys) + */ + printf( "\n . Sending the server's DH parameters" ); + fflush( stdout ); + + memset( buf, 0, sizeof( buf ) ); + + if( ( ret = dhm_make_params( &dhm, 256, buf, &n, + havege_rand, &hs ) ) != 0 ) + { + printf( " failed\n ! dhm_make_params returned %d\n\n", ret ); + goto exit; + } + + /* + * 5. Sign the parameters and send them + */ + sha1( buf, n, hash ); + + buf[n ] = (unsigned char)( rsa.len >> 8 ); + buf[n + 1] = (unsigned char)( rsa.len ); + + if( ( ret = rsa_pkcs1_sign( &rsa, RSA_PRIVATE, RSA_SHA1, + 0, hash, buf + n + 2 ) ) != 0 ) + { + printf( " failed\n ! rsa_pkcs1_sign returned %d\n\n", ret ); + goto exit; + } + + buflen = n + 2 + rsa.len; + buf2[0] = (unsigned char)( buflen >> 8 ); + buf2[1] = (unsigned char)( buflen ); + + if( ( ret = net_send( &client_fd, buf2, 2 ) ) != 2 || + ( ret = net_send( &client_fd, buf, buflen ) ) != buflen ) + { + printf( " failed\n ! net_send returned %d\n\n", ret ); + goto exit; + } + + /* + * 6. Get the client's public value: Yc = G ^ Xc mod P + */ + printf( "\n . Receiving the client's public value" ); + fflush( stdout ); + + memset( buf, 0, sizeof( buf ) ); + n = dhm.len; + + if( ( ret = net_recv( &client_fd, buf, n ) ) != n ) + { + printf( " failed\n ! net_recv returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = dhm_read_public( &dhm, buf, dhm.len ) ) != 0 ) + { + printf( " failed\n ! dhm_read_public returned %d\n\n", ret ); + goto exit; + } + + /* + * 7. Derive the shared secret: K = Ys ^ Xc mod P + */ + printf( "\n . Shared secret: " ); + fflush( stdout ); + + if( ( ret = dhm_calc_secret( &dhm, buf, &n ) ) != 0 ) + { + printf( " failed\n ! dhm_calc_secret returned %d\n\n", ret ); + goto exit; + } + + for( n = 0; n < 16; n++ ) + printf( "%02x", buf[n] ); + + /* + * 8. Setup the AES-256 encryption key + * + * This is an overly simplified example; best practice is + * to hash the shared secret with a random value to derive + * the keying material for the encryption/decryption keys + * and MACs. + */ + printf( "...\n . Encrypting and sending the ciphertext" ); + fflush( stdout ); + + aes_setkey_enc( &aes, buf, 256 ); + memcpy( buf, PLAINTEXT, 16 ); + aes_crypt_ecb( &aes, AES_ENCRYPT, buf, buf ); + + if( ( ret = net_send( &client_fd, buf, 16 ) ) != 16 ) + { + printf( " failed\n ! net_send returned %d\n\n", ret ); + goto exit; + } + + printf( "\n\n" ); + +exit: + + net_close( client_fd ); + rsa_free( &rsa ); + dhm_free( &dhm ); + +#ifdef WIN32 + printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( ret ); +} diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c new file mode 100644 index 000000000..699fa5aee --- /dev/null +++ b/programs/pkey/mpi_demo.c @@ -0,0 +1,76 @@ +/* + * Simple MPI demonstration program + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include + +#include "xyssl/bignum.h" + +int main( void ) +{ + mpi E, P, Q, N, H, D, X, Y, Z; + + mpi_init( &E, &P, &Q, &N, &H, + &D, &X, &Y, &Z, NULL ); + + mpi_read_string( &P, 10, "2789" ); + mpi_read_string( &Q, 10, "3203" ); + mpi_read_string( &E, 10, "257" ); + mpi_mul_mpi( &N, &P, &Q ); + + printf( "\n Public key:\n\n" ); + mpi_write_file( " N = ", &N, 10, NULL ); + mpi_write_file( " E = ", &E, 10, NULL ); + + printf( "\n Private key:\n\n" ); + mpi_write_file( " P = ", &P, 10, NULL ); + mpi_write_file( " Q = ", &Q, 10, NULL ); + + mpi_sub_int( &P, &P, 1 ); + mpi_sub_int( &Q, &Q, 1 ); + mpi_mul_mpi( &H, &P, &Q ); + mpi_inv_mod( &D, &E, &H ); + + mpi_write_file( " D = E^-1 mod (P-1)*(Q-1) = ", + &D, 10, NULL ); + + mpi_read_string( &X, 10, "55555" ); + mpi_exp_mod( &Y, &X, &E, &N, NULL ); + mpi_exp_mod( &Z, &Y, &D, &N, NULL ); + + printf( "\n RSA operation:\n\n" ); + mpi_write_file( " X (plaintext) = ", &X, 10, NULL ); + mpi_write_file( " Y (ciphertext) = X^E mod N = ", &Y, 10, NULL ); + mpi_write_file( " Z (decrypted) = Y^D mod N = ", &Z, 10, NULL ); + printf( "\n" ); + + mpi_free( &Z, &Y, &X, &D, &H, + &N, &Q, &P, &E, NULL ); + +#ifdef WIN32 + printf( " Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( 0 ); +} diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c new file mode 100644 index 000000000..0619f1547 --- /dev/null +++ b/programs/pkey/rsa_genkey.c @@ -0,0 +1,130 @@ +/* + * Example RSA key generation program + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include + +#include "xyssl/havege.h" +#include "xyssl/bignum.h" +#include "xyssl/x509.h" +#include "xyssl/rsa.h" + +#define KEY_SIZE 1024 +#define EXPONENT 65537 + +int main( void ) +{ + int ret; + rsa_context rsa; + havege_state hs; + FILE *fpub = NULL; + FILE *fpriv = NULL; + x509_raw cert; + + printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + havege_init( &hs ); + + printf( " ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE ); + fflush( stdout ); + + rsa_init( &rsa, RSA_PKCS_V15, 0, havege_rand, &hs ); + + if( ( ret = rsa_gen_key( &rsa, KEY_SIZE, EXPONENT ) ) != 0 ) + { + printf( " failed\n ! rsa_gen_key returned %d\n\n", ret ); + goto exit; + } + + printf( " ok\n . Exporting the public key in rsa_pub.txt...." ); + fflush( stdout ); + + if( ( fpub = fopen( "rsa_pub.txt", "wb+" ) ) == NULL ) + { + printf( " failed\n ! could not open rsa_pub.txt for writing\n\n" ); + ret = 1; + goto exit; + } + + if( ( ret = mpi_write_file( "N = ", &rsa.N, 16, fpub ) ) != 0 || + ( ret = mpi_write_file( "E = ", &rsa.E, 16, fpub ) ) != 0 ) + { + printf( " failed\n ! mpi_write_file returned %d\n\n", ret ); + goto exit; + } + + printf( " ok\n . Exporting the private key in rsa_priv.txt..." ); + fflush( stdout ); + + if( ( fpriv = fopen( "rsa_priv.txt", "wb+" ) ) == NULL ) + { + printf( " failed\n ! could not open rsa_priv.txt for writing\n" ); + ret = 1; + goto exit; + } + + if( ( ret = mpi_write_file( "N = " , &rsa.N , 16, fpriv ) ) != 0 || + ( ret = mpi_write_file( "E = " , &rsa.E , 16, fpriv ) ) != 0 || + ( ret = mpi_write_file( "D = " , &rsa.D , 16, fpriv ) ) != 0 || + ( ret = mpi_write_file( "P = " , &rsa.P , 16, fpriv ) ) != 0 || + ( ret = mpi_write_file( "Q = " , &rsa.Q , 16, fpriv ) ) != 0 || + ( ret = mpi_write_file( "DP = ", &rsa.DP, 16, fpriv ) ) != 0 || + ( ret = mpi_write_file( "DQ = ", &rsa.DQ, 16, fpriv ) ) != 0 || + ( ret = mpi_write_file( "QP = ", &rsa.QP, 16, fpriv ) ) != 0 ) + { + printf( " failed\n ! mpi_write_file returned %d\n\n", ret ); + goto exit; + } +/* + printf( " ok\n . Generating the certificate..." ); + + x509write_init_raw( &cert ); + x509write_add_pubkey( &cert, &rsa ); + x509write_add_subject( &cert, "CN='localhost'" ); + x509write_add_validity( &cert, "2007-09-06 17:00:32", + "2010-09-06 17:00:32" ); + x509write_create_selfsign( &cert, &rsa ); + x509write_crtfile( &cert, "cert.der", X509_OUTPUT_DER ); + x509write_crtfile( &cert, "cert.pem", X509_OUTPUT_PEM ); + x509write_free_raw( &cert ); +*/ + printf( " ok\n\n" ); + +exit: + + if( fpub != NULL ) + fclose( fpub ); + + if( fpriv != NULL ) + fclose( fpriv ); + + rsa_free( &rsa ); + +#ifdef WIN32 + printf( " Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( ret ); +} diff --git a/programs/pkey/rsa_priv.txt b/programs/pkey/rsa_priv.txt new file mode 100644 index 000000000..06b2e4d61 --- /dev/null +++ b/programs/pkey/rsa_priv.txt @@ -0,0 +1,8 @@ +N = 807E3526556FADF8D4CA64074ADA36862646D5ECB24E363821306588722AF2B58058CFB88E8C0BEA5C7084F3055D232F110E59C8837A0D132A4B907E91DB4A4924134A85E7445935E55A772C0B72E12C94501D9DF66B71BA030F842531721AEF43AE48F9505BF7504CDEEA3CAA6F94530835648D770AE2E6C628DD484D10AA57 +E = 010001 +D = 56B3D2AD612D10993D0CAC5E7755B340E6071A46B3322F47C4AD6175A683F06E2482C8F761C88229CBE268F38B0503BEB8A59453C6D3CE8AC6196310E4DEB1CA939DF7F7EE26C4697EEDD1E5122795BFC83861DE2E3EC9E3E84F42B3A9DD25EB09B30FDDFFACCE5091493BC5577530CE9CD9C8BA244EC5FD3DF91BCECFD73961 +P = F8DAD6A5651CED9011D979A076D70C4FBD095AAE2E53EF51415832C63AD61618F0BB369F29D1363345FE481FE6C28F0830FE33A1C41F8743A4E02DD682A2E099 +Q = 842EABF3171F972DE7D6B571B70F969F8F1C305851785BB042CDAE3B794014659A744EA7D16D881B7168463CEEAF52BA0F78755BBE89CFE1361076CE3E20886F +DP = B1C694047FE1548CD1538D21E703E595A933DF86032E8F0E7B21E8D3D8004CB4F074ADA6B296F4A35863395F20D8E8992F76C9A7CC95C169BF852EF9C9455631 +DQ = 143C54E49D289FEB4E2FC78D461A23D3FF83B03F0511E8EF7DFAA0EEC7EC3073318716B7884F3D63FE239985208144A7E950669F09F76D14AC432EFCF9F3DF0F +QP = C2F98F412476BDA2B14F5882D929090C62BB24ED74E8B78A3BE287EABDB3FADC445D041F1DE04EBE2D39A8913DAF03C23FF632D1B3FB6CCBDD65B2A576F127F5 diff --git a/programs/pkey/rsa_pub.txt b/programs/pkey/rsa_pub.txt new file mode 100644 index 000000000..dddb25cec --- /dev/null +++ b/programs/pkey/rsa_pub.txt @@ -0,0 +1,2 @@ +N = 807E3526556FADF8D4CA64074ADA36862646D5ECB24E363821306588722AF2B58058CFB88E8C0BEA5C7084F3055D232F110E59C8837A0D132A4B907E91DB4A4924134A85E7445935E55A772C0B72E12C94501D9DF66B71BA030F842531721AEF43AE48F9505BF7504CDEEA3CAA6F94530835648D770AE2E6C628DD484D10AA57 +E = 010001 diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c new file mode 100644 index 000000000..0e7077e1c --- /dev/null +++ b/programs/pkey/rsa_sign.c @@ -0,0 +1,130 @@ +/* + * RSA/SHA-1 signature creation program + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include +#include + +#include "xyssl/rsa.h" +#include "xyssl/sha1.h" + +int main( int argc, char *argv[] ) +{ + FILE *f; + int ret, i; + rsa_context rsa; + unsigned char hash[20]; + unsigned char buf[512]; + + ret = 1; + + if( argc != 2 ) + { + printf( "usage: rsa_sign \n" ); + +#ifdef WIN32 + printf( "\n" ); +#endif + + goto exit; + } + + printf( "\n . Reading private key from rsa_priv.txt" ); + fflush( stdout ); + + if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL ) + { + ret = 1; + printf( " failed\n ! Could not open rsa_priv.txt\n" \ + " ! Please run rsa_genkey first\n\n" ); + goto exit; + } + + rsa_init( &rsa, RSA_PKCS_V15, 0, NULL, NULL ); + + if( ( ret = mpi_read_file( &rsa.N , 16, f ) ) != 0 || + ( ret = mpi_read_file( &rsa.E , 16, f ) ) != 0 || + ( ret = mpi_read_file( &rsa.D , 16, f ) ) != 0 || + ( ret = mpi_read_file( &rsa.P , 16, f ) ) != 0 || + ( ret = mpi_read_file( &rsa.Q , 16, f ) ) != 0 || + ( ret = mpi_read_file( &rsa.DP, 16, f ) ) != 0 || + ( ret = mpi_read_file( &rsa.DQ, 16, f ) ) != 0 || + ( ret = mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) + { + printf( " failed\n ! mpi_read_file returned %d\n\n", ret ); + goto exit; + } + + rsa.len = ( mpi_msb( &rsa.N ) + 7 ) >> 3; + + fclose( f ); + + /* + * Compute the SHA-1 hash of the input file, + * then calculate the RSA signature of the hash. + */ + printf( "\n . Generating the RSA/SHA-1 signature" ); + fflush( stdout ); + + if( ( ret = sha1_file( argv[1], hash ) ) != 0 ) + { + printf( " failed\n ! Could not open or read %s\n\n", argv[1] ); + goto exit; + } + + if( ( ret = rsa_pkcs1_sign( &rsa, RSA_PRIVATE, RSA_SHA1, + 20, hash, buf ) ) != 0 ) + { + printf( " failed\n ! rsa_pkcs1_sign returned %d\n\n", ret ); + goto exit; + } + + /* + * Write the signature into -sig.txt + */ + memcpy( argv[1] + strlen( argv[1] ), ".sig", 5 ); + + if( ( f = fopen( argv[1], "wb+" ) ) == NULL ) + { + ret = 1; + printf( " failed\n ! Could not create %s\n\n", argv[1] ); + goto exit; + } + + for( i = 0; i < rsa.len; i++ ) + fprintf( f, "%02X%s", buf[i], + ( i + 1 ) % 16 == 0 ? "\r\n" : " " ); + + fclose( f ); + + printf( "\n . Done (created \"%s\")\n\n", argv[1] ); + +exit: + +#ifdef WIN32 + printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( ret ); +} diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c new file mode 100644 index 000000000..aacc664f5 --- /dev/null +++ b/programs/pkey/rsa_verify.c @@ -0,0 +1,133 @@ +/* + * RSA/SHA-1 signature verification program + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include +#include + +#include "xyssl/rsa.h" +#include "xyssl/sha1.h" + +int main( int argc, char *argv[] ) +{ + FILE *f; + int ret, i, c; + rsa_context rsa; + unsigned char hash[20]; + unsigned char buf[512]; + + ret = 1; + if( argc != 2 ) + { + printf( "usage: rsa_verify \n" ); + +#ifdef WIN32 + printf( "\n" ); +#endif + + goto exit; + } + + printf( "\n . Reading public key from rsa_pub.txt" ); + fflush( stdout ); + + if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL ) + { + printf( " failed\n ! Could not open rsa_pub.txt\n" \ + " ! Please run rsa_genkey first\n\n" ); + goto exit; + } + + rsa_init( &rsa, RSA_PKCS_V15, 0, NULL, NULL ); + + if( ( ret = mpi_read_file( &rsa.N, 16, f ) ) != 0 || + ( ret = mpi_read_file( &rsa.E, 16, f ) ) != 0 ) + { + printf( " failed\n ! mpi_read_file returned %d\n\n", ret ); + goto exit; + } + + rsa.len = ( mpi_msb( &rsa.N ) + 7 ) >> 3; + + fclose( f ); + + /* + * Extract the RSA signature from the text file + */ + ret = 1; + i = strlen( argv[1] ); + memcpy( argv[1] + i, ".sig", 5 ); + + if( ( f = fopen( argv[1], "rb" ) ) == NULL ) + { + printf( "\n ! Could not open %s\n\n", argv[1] ); + goto exit; + } + + argv[1][i] = '\0', i = 0; + + while( fscanf( f, "%02X", &c ) > 0 && + i < (int) sizeof( buf ) ) + buf[i++] = (unsigned char) c; + + fclose( f ); + + if( i != rsa.len ) + { + printf( "\n ! Invalid RSA signature format\n\n" ); + goto exit; + } + + /* + * Compute the SHA-1 hash of the input file and compare + * it with the hash decrypted from the RSA signature. + */ + printf( "\n . Verifying the RSA/SHA-1 signature" ); + fflush( stdout ); + + if( ( ret = sha1_file( argv[1], hash ) ) != 0 ) + { + printf( " failed\n ! Could not open or read %s\n\n", argv[1] ); + goto exit; + } + + if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, RSA_SHA1, + 20, hash, buf ) ) != 0 ) + { + printf( " failed\n ! rsa_pkcs1_verify returned %d\n\n", ret ); + goto exit; + } + + printf( "\n . OK (the decrypted SHA-1 hash matches)\n\n" ); + + ret = 0; + +exit: + +#ifdef WIN32 + printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( ret ); +} diff --git a/programs/ssl/CA-HOWTO.txt b/programs/ssl/CA-HOWTO.txt new file mode 100644 index 000000000..6f052115c --- /dev/null +++ b/programs/ssl/CA-HOWTO.txt @@ -0,0 +1,144 @@ + + + + How to setup your own Certificate Authority + =========================================== + + +Note: this howto requires the openssl binary, as well as classic +UNIX tools (cat, touch, echo). If you use Windows, please consider +installing Cygwin -- see http://cygwin.com/ + + + 1. Configure OpenSSL + -------------------- + +First of all, create sslconf.txt in the current directory +(a basic example is provided at the end of this file). + +cat > sslconf.txt <<"EOF" +[paste contents here] +EOF + +Then you need to create the database and a starting serial number: + +touch index +echo "01" > serial +mkdir newcerts + + + 2. Generate the CA certificate + ------------------------------ + +openssl req -config sslconf.txt -days 3653 -x509 -newkey rsa:2048 \ + -set_serial 0 -text -keyout test-ca.key -out test-ca.crt + + + 3. Generate the private keys and certificate requests + ----------------------------------------------------- + +openssl genrsa -out server1.key 2048 +openssl genrsa -out server2.key 2048 +openssl genrsa -out client1.key 2048 +openssl genrsa -out client2.key 2048 + +openssl req -config sslconf.txt -new -key server1.key -out server1.req +openssl req -config sslconf.txt -new -key server2.key -out server2.req +openssl req -config sslconf.txt -new -key client1.key -out client1.req +openssl req -config sslconf.txt -new -key client2.key -out client2.req + + + 4. Issue and sign the certificates + ---------------------------------- + +openssl ca -config sslconf.txt -in server1.req -out server1.crt +openssl ca -config sslconf.txt -in server2.req -out server2.crt +openssl ca -config sslconf.txt -in client1.req -out client1.crt +openssl ca -config sslconf.txt -in client2.req -out client2.crt + + + 5. To revoke a certificate and update the CRL + --------------------------------------------- + +openssl ca -config sslconf.txt -revoke server1.crt +openssl ca -config sslconf.txt -revoke client1.crt +openssl ca -config sslconf.txt -gencrl -out crl.pem + + + 6. To display a certificate and verify its validity + --------------------------------------------------- + +openssl x509 -in server2.crt -text -noout +cat test-ca.crt crl.pem > ca_crl.pem +openssl verify -CAfile ca_crl.pem -crl_check server2.crt +rm ca_crl.pem + + + 7. To export a certificate into a .pfx file + ------------------------------------------- + +openssl pkcs12 -export -in client2.crt -inkey client2.key \ + -out client2.pfx + + +##================================================================ +##============== Example OpenSSL configuration file ============== +##================================================================ + +# References: +# +# /etc/ssl/openssl.conf +# http://www.openssl.org/docs/apps/config.html +# http://www.openssl.org/docs/apps/x509v3_config.html + +[ ca ] +default_ca = my_ca + +[ my_ca ] +certificate = test-ca.crt +private_key = test-ca.key +database = index +serial = serial + +new_certs_dir = newcerts +default_crl_days = 60 +default_days = 730 +default_md = sha1 +policy = my_policy +x509_extensions = v3_usr + +[ my_policy ] +countryName = optional +stateOrProvinceName = optional +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +distinguished_name = my_req_dn +x509_extensions = v3_ca + +[ my_req_dn ] +countryName = Country Name.............. +countryName_min = 2 +countryName_max = 2 +stateOrProvinceName = State or Province Name.... +localityName = Locality Name............. +0.organizationName = Organization Name......... +organizationalUnitName = Org. Unit Name............ +commonName = Common Name (required).... +commonName_max = 64 +emailAddress = Email Address............. +emailAddress_max = 64 + +[ v3_ca ] +basicConstraints = CA:TRUE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always + +[ v3_usr ] +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer + diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c new file mode 100644 index 000000000..e752d87c8 --- /dev/null +++ b/programs/ssl/ssl_client1.c @@ -0,0 +1,172 @@ +/* + * SSL client demonstration program + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include +#include + +#include "xyssl/net.h" +#include "xyssl/ssl.h" +#include "xyssl/havege.h" + +#define SERVER_PORT 443 +/* +#define SERVER_NAME "localhost" +#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n" +*/ +#define SERVER_NAME "xyssl.org" +#define GET_REQUEST \ + "GET /hello/ HTTP/1.1\r\n" \ + "Host: xyssl.org\r\n\r\n" + +#define DEBUG_LEVEL 0 + +void my_debug( void *ctx, int level, char *str ) +{ + if( level < DEBUG_LEVEL ) + { + fprintf( (FILE *) ctx, "%s", str ); + fflush( (FILE *) ctx ); + } +} + +int main( void ) +{ + int ret, len, server_fd; + unsigned char buf[1024]; + havege_state hs; + ssl_context ssl; + ssl_session ssn; + + /* + * 0. Initialize the RNG and the session data + */ + havege_init( &hs ); + memset( &ssn, 0, sizeof( ssl_session ) ); + + /* + * 1. Start the connection + */ + printf( "\n . Connecting to tcp/%s/%4d...", SERVER_NAME, + SERVER_PORT ); + fflush( stdout ); + + if( ( ret = net_connect( &server_fd, SERVER_NAME, + SERVER_PORT ) ) != 0 ) + { + printf( " failed\n ! net_connect returned %d\n\n", ret ); + goto exit; + } + + printf( " ok\n" ); + + /* + * 2. Setup stuff + */ + printf( " . Setting up the SSL/TLS structure..." ); + fflush( stdout ); + + if( ( ret = ssl_init( &ssl ) ) != 0 ) + { + printf( " failed\n ! ssl_init returned %d\n\n", ret ); + goto exit; + } + + printf( " ok\n" ); + + ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); + ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); + + ssl_set_rng( &ssl, havege_rand, &hs ); + ssl_set_dbg( &ssl, my_debug, stdout ); + ssl_set_bio( &ssl, net_recv, &server_fd, + net_send, &server_fd ); + + ssl_set_ciphers( &ssl, ssl_default_ciphers ); + ssl_set_session( &ssl, 1, 600, &ssn ); + + /* + * 3. Write the GET request + */ + printf( " > Write to server:" ); + fflush( stdout ); + + len = sprintf( (char *) buf, GET_REQUEST ); + + while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 ) + { + if( ret != XYSSL_ERR_NET_TRY_AGAIN ) + { + printf( " failed\n ! ssl_write returned %d\n\n", ret ); + goto exit; + } + } + + len = ret; + printf( " %d bytes written\n\n%s", len, (char *) buf ); + + /* + * 7. Read the HTTP response + */ + printf( " < Read from server:" ); + fflush( stdout ); + + do + { + len = sizeof( buf ) - 1; + memset( buf, 0, sizeof( buf ) ); + ret = ssl_read( &ssl, buf, len ); + + if( ret == XYSSL_ERR_NET_TRY_AGAIN ) + continue; + + if( ret == XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY ) + break; + + if( ret <= 0 ) + { + printf( "failed\n ! ssl_read returned %d\n\n", ret ); + break; + } + + len = ret; + printf( " %d bytes read\n\n%s", len, (char *) buf ); + } + while( 0 ); + + ssl_close_notify( &ssl ); + +exit: + + net_close( server_fd ); + ssl_free( &ssl ); + + memset( &ssl, 0, sizeof( ssl ) ); + +#ifdef WIN32 + printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( ret ); +} diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c new file mode 100644 index 000000000..a19c37b66 --- /dev/null +++ b/programs/ssl/ssl_client2.c @@ -0,0 +1,283 @@ +/* + * SSL client with certificate authentication + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include +#include + +#include "xyssl/net.h" +#include "xyssl/ssl.h" +#include "xyssl/havege.h" +#include "xyssl/certs.h" +#include "xyssl/x509.h" + +#define SERVER_PORT 443 +/* +#define SERVER_NAME "localhost" +#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n" +*/ +#define SERVER_NAME "xyssl.org" +#define GET_REQUEST \ + "GET /hello/ HTTP/1.1\r\n" \ + "Host: xyssl.org\r\n\r\n" + +#define DEBUG_LEVEL 0 + +void my_debug( void *ctx, int level, char *str ) +{ + if( level < DEBUG_LEVEL ) + { + fprintf( (FILE *) ctx, "%s", str ); + fflush( (FILE *) ctx ); + } +} + +int main( void ) +{ + int ret, len, server_fd; + unsigned char buf[1024]; + havege_state hs; + ssl_context ssl; + ssl_session ssn; + x509_cert cacert; + x509_cert clicert; + rsa_context rsa; + + /* + * 0. Initialize the RNG and the session data + */ + havege_init( &hs ); + memset( &ssn, 0, sizeof( ssl_session ) ); + + /* + * 1.1. Load the trusted CA + */ + printf( "\n . Loading the CA root certificate ..." ); + fflush( stdout ); + + memset( &cacert, 0, sizeof( x509_cert ) ); + + /* + * Alternatively, you may load the CA certificates from a .pem or + * .crt file by calling x509parse_crtfile( &cacert, "myca.crt" ). + */ + ret = x509parse_crt( &cacert, (unsigned char *) xyssl_ca_crt, + strlen( xyssl_ca_crt ) ); + if( ret != 0 ) + { + printf( " failed\n ! x509parse_crt returned %d\n\n", ret ); + goto exit; + } + + printf( " ok\n" ); + + /* + * 1.2. Load own certificate and private key + * + * (can be skipped if client authentication is not required) + */ + printf( " . Loading the client cert. and key..." ); + fflush( stdout ); + + memset( &clicert, 0, sizeof( x509_cert ) ); + + ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt, + strlen( test_cli_crt ) ); + if( ret != 0 ) + { + printf( " failed\n ! x509parse_crt returned %d\n\n", ret ); + goto exit; + } + + ret = x509parse_key( &rsa, (unsigned char *) test_cli_key, + strlen( test_cli_key ), NULL, 0 ); + if( ret != 0 ) + { + printf( " failed\n ! x509parse_key returned %d\n\n", ret ); + goto exit; + } + + printf( " ok\n" ); + + /* + * 2. Start the connection + */ + printf( " . Connecting to tcp/%s/%-4d...", SERVER_NAME, + SERVER_PORT ); + fflush( stdout ); + + if( ( ret = net_connect( &server_fd, SERVER_NAME, + SERVER_PORT ) ) != 0 ) + { + printf( " failed\n ! net_connect returned %d\n\n", ret ); + goto exit; + } + + printf( " ok\n" ); + + /* + * 3. Setup stuff + */ + printf( " . Setting up the SSL/TLS structure..." ); + fflush( stdout ); + + havege_init( &hs ); + + if( ( ret = ssl_init( &ssl ) ) != 0 ) + { + printf( " failed\n ! ssl_init returned %d\n\n", ret ); + goto exit; + } + + printf( " ok\n" ); + + ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); + ssl_set_authmode( &ssl, SSL_VERIFY_OPTIONAL ); + + ssl_set_rng( &ssl, havege_rand, &hs ); + ssl_set_bio( &ssl, net_recv, &server_fd, + net_send, &server_fd ); + + ssl_set_ciphers( &ssl, ssl_default_ciphers ); + ssl_set_session( &ssl, 1, 600, &ssn ); + + ssl_set_ca_chain( &ssl, &cacert, SERVER_NAME ); + ssl_set_own_cert( &ssl, &clicert, &rsa ); + + ssl_set_hostname( &ssl, SERVER_NAME ); + + /* + * 4. Handshake + */ + printf( " . Performing the SSL/TLS handshake..." ); + fflush( stdout ); + + while( ( ret = ssl_handshake( &ssl ) ) != 0 ) + { + if( ret != XYSSL_ERR_NET_TRY_AGAIN ) + { + printf( " failed\n ! ssl_handshake returned %d\n\n", ret ); + goto exit; + } + } + + printf( " ok\n [ Cipher is %s ]\n", + ssl_get_cipher( &ssl ) ); + + /* + * 5. Verify the server certificate + */ + printf( " . Verifying peer X.509 certificate..." ); + + if( ( ret = ssl_get_verify_result( &ssl ) ) != 0 ) + { + printf( " failed\n" ); + + if( ( ret & BADCERT_EXPIRED ) != 0 ) + printf( " ! server certificate has expired\n" ); + + if( ( ret & BADCERT_REVOKED ) != 0 ) + printf( " ! server certificate has been revoked\n" ); + + if( ( ret & BADCERT_CN_MISMATCH ) != 0 ) + printf( " ! CN mismatch (expected CN=%s)\n", SERVER_NAME ); + + if( ( ret & BADCERT_NOT_TRUSTED ) != 0 ) + printf( " ! self-signed or not signed by a trusted CA\n" ); + + printf( "\n" ); + } + else + printf( " ok\n" ); + + printf( " . Peer certificate information ...\n" ); + printf( x509parse_cert_info( " ", ssl.peer_cert ) ); + + /* + * 6. Write the GET request + */ + printf( " > Write to server:" ); + fflush( stdout ); + + len = sprintf( (char *) buf, GET_REQUEST ); + + while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 ) + { + if( ret != XYSSL_ERR_NET_TRY_AGAIN ) + { + printf( " failed\n ! ssl_write returned %d\n\n", ret ); + goto exit; + } + } + + len = ret; + printf( " %d bytes written\n\n%s", len, (char *) buf ); + + /* + * 7. Read the HTTP response + */ + printf( " < Read from server:" ); + fflush( stdout ); + + do + { + len = sizeof( buf ) - 1; + memset( buf, 0, sizeof( buf ) ); + ret = ssl_read( &ssl, buf, len ); + + if( ret == XYSSL_ERR_NET_TRY_AGAIN ) + continue; + + if( ret == XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY ) + break; + + if( ret <= 0 ) + { + printf( "failed\n ! ssl_read returned %d\n\n", ret ); + break; + } + + len = ret; + printf( " %d bytes read\n\n%s", len, (char *) buf ); + } + while( 0 ); + + ssl_close_notify( &ssl ); + +exit: + + net_close( server_fd ); + x509_free( &clicert ); + x509_free( &cacert ); + rsa_free( &rsa ); + ssl_free( &ssl ); + + memset( &ssl, 0, sizeof( ssl ) ); + +#ifdef WIN32 + printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( ret ); +} diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c new file mode 100644 index 000000000..565fed292 --- /dev/null +++ b/programs/ssl/ssl_server.c @@ -0,0 +1,399 @@ +/* + * SSL server demonstration program + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#ifdef WIN32 +#include +#endif + +#include +#include +#include + +#include "xyssl/havege.h" +#include "xyssl/certs.h" +#include "xyssl/x509.h" +#include "xyssl/ssl.h" +#include "xyssl/net.h" + +#define HTTP_RESPONSE \ + "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ + "

Successful connection using: %s\r\n" + +/* + * Computing a "safe" DH-1024 prime can take a very + * long time, so a precomputed value is provided below. + * You may run dh_genprime to generate a new value. + */ +char *my_dhm_P = + "E4004C1F94182000103D883A448B3F80" \ + "2CE4B44A83301270002C20D0321CFD00" \ + "11CCEF784C26A400F43DFB901BCA7538" \ + "F2C6B176001CF5A0FD16D2C48B1D0C1C" \ + "F6AC8E1DA6BCC3B4E1F96B0564965300" \ + "FFA1D0B601EB2800F489AA512C4B248C" \ + "01F76949A60BB7F00A40B1EAB64BDD48" \ + "E8A700D60B7F1200FA8E77B0A979DABF"; + +char *my_dhm_G = "4"; + +/* + * Sorted by order of preference + */ +int my_ciphers[] = +{ + SSL_EDH_RSA_AES_256_SHA, + SSL_EDH_RSA_DES_168_SHA, + SSL_RSA_AES_256_SHA, + SSL_RSA_AES_128_SHA, + SSL_RSA_DES_168_SHA, + SSL_RSA_RC4_128_SHA, + SSL_RSA_RC4_128_MD5, + 0 +}; + +#define DEBUG_LEVEL 0 + +void my_debug( void *ctx, int level, char *str ) +{ + if( level < DEBUG_LEVEL ) + { + fprintf( (FILE *) ctx, "%s", str ); + fflush( (FILE *) ctx ); + } +} + +/* + * These session callbacks use a simple chained list + * to store and retrieve the session information. + */ +ssl_session *s_list_1st = NULL; +ssl_session *cur, *prv; + +static int my_get_session( ssl_context *ssl ) +{ + time_t t = time( NULL ); + + if( ssl->resume == 0 ) + return( 1 ); + + cur = s_list_1st; + prv = NULL; + + while( cur != NULL ) + { + prv = cur; + cur = cur->next; + + if( ssl->timeout != 0 && t - prv->start > ssl->timeout ) + continue; + + if( ssl->session->cipher != prv->cipher || + ssl->session->length != prv->length ) + continue; + + if( memcmp( ssl->session->id, prv->id, prv->length ) != 0 ) + continue; + + memcpy( ssl->session->master, prv->master, 48 ); + return( 0 ); + } + + return( 1 ); +} + +static int my_set_session( ssl_context *ssl ) +{ + time_t t = time( NULL ); + + cur = s_list_1st; + prv = NULL; + + while( cur != NULL ) + { + if( ssl->timeout != 0 && t - cur->start > ssl->timeout ) + break; /* expired, reuse this slot */ + + if( memcmp( ssl->session->id, cur->id, cur->length ) == 0 ) + break; /* client reconnected */ + + prv = cur; + cur = cur->next; + } + + if( cur == NULL ) + { + cur = (ssl_session *) malloc( sizeof( ssl_session ) ); + if( cur == NULL ) + return( 1 ); + + if( prv == NULL ) + s_list_1st = cur; + else prv->next = cur; + } + + memcpy( cur, ssl->session, sizeof( ssl_session ) ); + + return( 0 ); +} + +int main( void ) +{ + int ret, len; + int listen_fd; + int client_fd; + unsigned char buf[1024]; + + havege_state hs; + ssl_context ssl; + ssl_session ssn; + x509_cert srvcert; + rsa_context rsa; + + /* + * 1. Load the certificates and private RSA key + */ + printf( "\n . Loading the server cert. and key..." ); + fflush( stdout ); + + memset( &srvcert, 0, sizeof( x509_cert ) ); + + /* + * This demonstration program uses embedded test certificates. + * Instead, you may want to use x509parse_crtfile() to read the + * server and CA certificates, as well as x509parse_keyfile(). + */ + ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt, + strlen( test_srv_crt ) ); + if( ret != 0 ) + { + printf( " failed\n ! x509parse_crt returned %d\n\n", ret ); + goto exit; + } + + ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt, + strlen( test_ca_crt ) ); + if( ret != 0 ) + { + printf( " failed\n ! x509parse_crt returned %d\n\n", ret ); + goto exit; + } + + ret = x509parse_key( &rsa, (unsigned char *) test_srv_key, + strlen( test_srv_key ), NULL, 0 ); + if( ret != 0 ) + { + printf( " failed\n ! x509parse_key returned %d\n\n", ret ); + goto exit; + } + + printf( " ok\n" ); + + /* + * 2. Setup the listening TCP socket + */ + printf( " . Bind on https://localhost:4433/ ..." ); + fflush( stdout ); + + if( ( ret = net_bind( &listen_fd, NULL, 4433 ) ) != 0 ) + { + printf( " failed\n ! net_bind returned %d\n\n", ret ); + goto exit; + } + + printf( " ok\n" ); + + /* + * 3. Wait until a client connects + */ +#ifdef WIN32 + ShellExecute( NULL, "open", "https://localhost:4433/", + NULL, NULL, SW_SHOWNORMAL ); +#endif + + client_fd = -1; + memset( &ssl, 0, sizeof( ssl ) ); + +accept: + + net_close( client_fd ); + ssl_free( &ssl ); + + printf( " . Waiting for a remote connection ..." ); + fflush( stdout ); + + if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 ) + { + printf( " failed\n ! net_accept returned %d\n\n", ret ); + goto exit; + } + + printf( " ok\n" ); + + /* + * 4. Setup stuff + */ + printf( " . Setting up the RNG and SSL data...." ); + fflush( stdout ); + + havege_init( &hs ); + + if( ( ret = ssl_init( &ssl ) ) != 0 ) + { + printf( " failed\n ! ssl_init returned %d\n\n", ret ); + goto accept; + } + + printf( " ok\n" ); + + ssl_set_endpoint( &ssl, SSL_IS_SERVER ); + ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); + + ssl_set_rng( &ssl, havege_rand, &hs ); + ssl_set_dbg( &ssl, my_debug, stdout ); + ssl_set_bio( &ssl, net_recv, &client_fd, + net_send, &client_fd ); + ssl_set_scb( &ssl, my_get_session, + my_set_session ); + + ssl_set_ciphers( &ssl, my_ciphers ); + ssl_set_session( &ssl, 1, 0, &ssn ); + + memset( &ssn, 0, sizeof( ssl_session ) ); + + ssl_set_ca_chain( &ssl, srvcert.next, NULL ); + ssl_set_own_cert( &ssl, &srvcert, &rsa ); + ssl_set_dh_param( &ssl, my_dhm_P, my_dhm_G ); + + /* + * 5. Handshake + */ + printf( " . Performing the SSL/TLS handshake..." ); + fflush( stdout ); + + while( ( ret = ssl_handshake( &ssl ) ) != 0 ) + { + if( ret != XYSSL_ERR_NET_TRY_AGAIN ) + { + printf( " failed\n ! ssl_handshake returned %d\n\n", ret ); + goto accept; + } + } + + printf( " ok\n" ); + + /* + * 6. Read the HTTP Request + */ + printf( " < Read from client:" ); + fflush( stdout ); + + do + { + len = sizeof( buf ) - 1; + memset( buf, 0, sizeof( buf ) ); + ret = ssl_read( &ssl, buf, len ); + + if( ret == XYSSL_ERR_NET_TRY_AGAIN ) + continue; + + if( ret <= 0 ) + { + switch( ret ) + { + case XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY: + printf( " connection was closed gracefully\n" ); + break; + + case XYSSL_ERR_NET_CONN_RESET: + printf( " connection was reset by peer\n" ); + break; + + default: + printf( " ssl_read returned %d\n", ret ); + break; + } + + break; + } + + len = ret; + printf( " %d bytes read\n\n%s", len, (char *) buf ); + } + while( 0 ); + + /* + * 7. Write the 200 Response + */ + printf( " > Write to client:" ); + fflush( stdout ); + + len = sprintf( (char *) buf, HTTP_RESPONSE, + ssl_get_cipher( &ssl ) ); + + while( ( ret = ssl_write( &ssl, buf, len ) ) <= 0 ) + { + if( ret == XYSSL_ERR_NET_CONN_RESET ) + { + printf( " failed\n ! peer closed the connection\n\n" ); + goto accept; + } + + if( ret != XYSSL_ERR_NET_TRY_AGAIN ) + { + printf( " failed\n ! ssl_write returned %d\n\n", ret ); + goto exit; + } + } + + len = ret; + printf( " %d bytes written\n\n%s\n", len, (char *) buf ); + + ssl_close_notify( &ssl ); + goto accept; + +exit: + + net_close( client_fd ); + x509_free( &srvcert ); + rsa_free( &rsa ); + ssl_free( &ssl ); + + cur = s_list_1st; + while( cur != NULL ) + { + prv = cur; + cur = cur->next; + memset( prv, 0, sizeof( ssl_session ) ); + free( prv ); + } + + memset( &ssl, 0, sizeof( ssl_context ) ); + +#ifdef WIN32 + printf( " Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( ret ); +} diff --git a/programs/ssl/test-ca/client1.crt b/programs/ssl/test-ca/client1.crt new file mode 100644 index 000000000..679bbea09 --- /dev/null +++ b/programs/ssl/test-ca/client1.crt @@ -0,0 +1,76 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha1WithRSAEncryption + Issuer: O=XySSL, CN=XySSL Test CA + Validity + Not Before: Nov 29 19:50:42 2007 GMT + Not After : Nov 28 19:50:42 2009 GMT + Subject: O=XySSL, CN=Test User 1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:a7:2b:e9:c3:d5:68:7c:e7:4b:23:20:31:c8:0e: + be:9f:c8:e6:b6:a7:09:c5:59:67:ab:6d:e9:f3:7e: + b2:e7:3b:1c:99:28:33:e0:b8:e9:8b:ee:45:a3:de: + 91:f8:03:59:34:f1:b6:e0:b3:62:33:45:87:64:8e: + 59:d3:34:4f:f9:fb:3c:64:53:a2:f2:53:20:97:a3: + 2b:fe:6d:c4:f3:38:83:02:92:c8:cb:8f:9e:d9:d3: + 5e:87:36:ec:17:b3:50:5b:68:b7:03:04:e2:90:2f: + d4:0e:48:40:b1:ad:11:28:de:8a:a9:4c:df:20:05: + 47:8a:ef:ba:24:09:fa:ec:f6:d4:f1:0f:a1:31:b7: + f0:54:d5:d5:23:19:1e:41:6d:b7:96:17:81:ff:b3: + 1e:83:92:76:4b:7c:ce:b1:8f:18:b0:69:20:60:f9: + 41:8b:04:ae:89:84:a8:20:48:ae:f3:1f:50:ec:1c: + 61:97:bd:81:50:54:61:5d:23:c3:c2:84:ed:19:1b: + ee:0f:22:38:28:de:51:04:41:6d:e1:82:43:76:e7: + 7b:40:fd:84:ea:9e:e8:d8:da:c2:72:c4:31:c6:b0: + ca:ce:ac:7b:5c:fa:43:15:5f:41:1c:21:be:dc:96: + 95:d6:77:16:ef:1d:51:8d:10:65:aa:f5:9e:f8:47: + 6a:41 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + F2:C4:96:02:CF:BF:C1:AA:B0:D2:1A:DA:E7:F3:4B:2C:5D:D1:DF:14 + X509v3 Authority Key Identifier: + keyid:F2:67:B1:5D:5F:51:5E:DA:51:89:E9:D9:E9:6B:CA:8B:AF:A5:2E:69 + + Signature Algorithm: sha1WithRSAEncryption + ca:29:3f:44:90:8d:9c:c6:0d:f9:e2:a9:50:d8:e5:d6:0a:e0: + be:6e:48:fb:e8:7a:f4:5f:50:dc:6b:d1:76:a5:f9:88:91:96: + 62:e5:66:89:da:eb:17:01:f7:d0:d2:f7:3b:35:78:dd:80:45: + d0:64:32:13:67:20:a8:fc:d8:62:e1:44:d4:ae:41:37:2e:e7: + 63:94:37:66:61:3b:38:e9:7d:8a:b6:18:d4:b7:2c:59:ea:46: + a0:ed:ab:84:79:04:be:da:0f:9e:2d:68:34:a0:06:63:fa:33: + 61:bc:8a:00:07:62:c3:81:11:0d:28:d9:80:8f:51:a2:db:be: + 23:16:a4:37:65:18:72:34:17:c2:a9:63:e3:5f:f4:0e:7c:58: + 5e:e4:a5:44:8f:6b:23:ba:18:4e:e3:0c:25:2a:86:ee:5d:c2: + a2:e7:92:8d:a8:84:77:ef:b5:9c:af:2c:53:5d:4c:1b:eb:96: + a4:56:27:f5:bf:cb:82:91:51:6e:8a:f4:49:6a:84:39:44:a3: + 23:7e:d0:83:ce:2b:4a:5f:18:1b:d1:1f:74:14:6f:91:da:1a: + ee:95:1d:ee:c7:9e:77:a2:df:1c:22:72:c2:08:bc:98:60:a0: + d6:5f:eb:d8:e8:ad:b3:f5:05:c4:1a:9b:a9:8d:29:83:7e:26: + 62:fa:e3:79 +-----BEGIN CERTIFICATE----- +MIIDFjCCAf6gAwIBAgIBAzANBgkqhkiG9w0BAQUFADAoMQ4wDAYDVQQKEwVYeVNT +TDEWMBQGA1UEAxMNWHlTU0wgVGVzdCBDQTAeFw0wNzExMjkxOTUwNDJaFw0wOTEx +MjgxOTUwNDJaMCYxDjAMBgNVBAoTBVh5U1NMMRQwEgYDVQQDEwtUZXN0IFVzZXIg +MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcr6cPVaHznSyMgMcgO +vp/I5ranCcVZZ6tt6fN+suc7HJkoM+C46YvuRaPekfgDWTTxtuCzYjNFh2SOWdM0 +T/n7PGRTovJTIJejK/5txPM4gwKSyMuPntnTXoc27BezUFtotwME4pAv1A5IQLGt +ESjeiqlM3yAFR4rvuiQJ+uz21PEPoTG38FTV1SMZHkFtt5YXgf+zHoOSdkt8zrGP +GLBpIGD5QYsEromEqCBIrvMfUOwcYZe9gVBUYV0jw8KE7Rkb7g8iOCjeUQRBbeGC +Q3bne0D9hOqe6NjawnLEMcawys6se1z6QxVfQRwhvtyWldZ3Fu8dUY0QZar1nvhH +akECAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQU8sSWAs+/waqw0hra5/NL +LF3R3xQwHwYDVR0jBBgwFoAU8mexXV9RXtpRienZ6WvKi6+lLmkwDQYJKoZIhvcN +AQEFBQADggEBAMopP0SQjZzGDfniqVDY5dYK4L5uSPvoevRfUNxr0Xal+YiRlmLl +Zona6xcB99DS9zs1eN2ARdBkMhNnIKj82GLhRNSuQTcu52OUN2ZhOzjpfYq2GNS3 +LFnqRqDtq4R5BL7aD54taDSgBmP6M2G8igAHYsOBEQ0o2YCPUaLbviMWpDdlGHI0 +F8KpY+Nf9A58WF7kpUSPayO6GE7jDCUqhu5dwqLnko2ohHfvtZyvLFNdTBvrlqRW +J/W/y4KRUW6K9ElqhDlEoyN+0IPOK0pfGBvRH3QUb5HaGu6VHe7Hnnei3xwicsII +vJhgoNZf69jorbP1BcQam6mNKYN+JmL643k= +-----END CERTIFICATE----- diff --git a/programs/ssl/test-ca/client1.key b/programs/ssl/test-ca/client1.key new file mode 100644 index 000000000..1b784041d --- /dev/null +++ b/programs/ssl/test-ca/client1.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEApyvpw9VofOdLIyAxyA6+n8jmtqcJxVlnq23p836y5zscmSgz +4Ljpi+5Fo96R+ANZNPG24LNiM0WHZI5Z0zRP+fs8ZFOi8lMgl6Mr/m3E8ziDApLI +y4+e2dNehzbsF7NQW2i3AwTikC/UDkhAsa0RKN6KqUzfIAVHiu+6JAn67PbU8Q+h +MbfwVNXVIxkeQW23lheB/7Meg5J2S3zOsY8YsGkgYPlBiwSuiYSoIEiu8x9Q7Bxh +l72BUFRhXSPDwoTtGRvuDyI4KN5RBEFt4YJDdud7QP2E6p7o2NrCcsQxxrDKzqx7 +XPpDFV9BHCG+3JaV1ncW7x1RjRBlqvWe+EdqQQIDAQABAoIBAQCmgiHUMnNhvYtk +kEOlbbJHOvc6RQSBcjzFTrRxGOifUox4rMeHdQcCnrD0uNMRglxPVNb/1wzf3sgt +y3AC458pcinEEF5EGbJj913xjWpXjBlJ7eRchVAGzPbhnT3pmWxXr+Rh+HKmhU0l +cKgnkSd/WrIoUW4I2dlZtM/l557seI3Mz34MdWfPgMRdHUFhOa0iJakHtYt1/o4/ +adxjoIdwAjerru0g918frKb3vi13ir67UMrh/A0uUPsVMi/hSZvuT0c2C+Kd+xtH +e0ttWZ6x8eBEzsimghz2YuaQs4OyPwZHP0unRRpN+Am453b2VjnKPF/S2qFCNOMq +jWnxyKrBAoGBANx93if4pTTwYeQop4EtYWmfr2OEX9syZzIbv4i1cPQTQo7stDGA +wX32ytFYvQwm7GZmmHp1buPrfOrYgmD5T29wfjETNqttKxzmJ+aXa30t7UnTH04H +NCU7O4xAVrFcNeZ4+7o6CwbjHKzflaJXeWlkl/X8hWXUiMAGz6nOKcfpAoGBAMIX +1cCRTYqfM804Yql1F23b2nX8fFy6VqbWk/ViFWKwamdn0+C3ffLuULnK0s6Xya3G +/6Ecr/6/+H+KlSNRhenOHHasdhA02QwlEgHFXHG53NSCLLTXjf/LAUNyOvjlnL8P +tWDqBOWJg4M9aMvsxdv7ALPa/pd7d7kodDvccXCZAoGAI16pkX3oeoqJGYGQBT/T +XY85Ilysx8vZFAexfOumN/ES/zxnV32RDHTXaiezA80GpRKWKSbHaBZxjna2y3mS +zYydIaA0Z+F2RgeBpRLrMkR4yRvt7KVpLwPGdKQphAAHwXXs453GAQ/TnMOtDEK9 +/jMd0V71wzUJzswI6fNhbmkCgYByIiX16PvaCigiA4gw8cPnPCNIwkI3HPQbg47Z ++uVsdST8zZdQS1Zq5izeNCCmj6du4tgrW306ppRwG4P7ktLWW/ds6Zk7ingfpiTi +mbX0wkDTTgEQDrlXs354tNFsz0jPKWOVK8fZWnXVVOUtFXx8ESuml56iYV5TqTBA +iy7B8QKBgFrmftKKVycQ3EofuhVz2TlxBK+SLnhjNyGyLm6mIgyn09g837ObxMkC +s/zkUNoZVEW1qcFg10yyqB5F5r94h1qwyTRFPQoBHU88JHMBAkyWMy3yR9z/ca+r +AzK+oYwtRcRsLdWaMN+nHkJESRZg8QPvT6YJlvRHMEExYndqovRJ +-----END RSA PRIVATE KEY----- diff --git a/programs/ssl/test-ca/client2.crt b/programs/ssl/test-ca/client2.crt new file mode 100644 index 000000000..14a90ca89 --- /dev/null +++ b/programs/ssl/test-ca/client2.crt @@ -0,0 +1,76 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: O=XySSL, CN=XySSL Test CA + Validity + Not Before: Nov 29 19:50:48 2007 GMT + Not After : Nov 28 19:50:48 2009 GMT + Subject: O=XySSL, CN=Test User 2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:e5:7b:e1:94:06:e5:dd:20:0a:0d:6a:4f:9e:2c: + 43:ea:74:f8:af:90:ab:60:7e:45:17:27:d9:1b:1d: + 90:44:97:42:45:67:22:32:d5:eb:97:4e:76:ef:45: + 99:3f:80:29:c5:45:94:7d:43:c0:0b:01:bd:ac:9c: + 9d:cf:ff:3f:ea:1e:04:1c:2a:70:94:ff:6b:d1:63: + 6f:cd:b0:5f:1d:bf:d6:45:f2:e1:32:17:18:87:b4: + 79:39:52:01:23:50:5d:8d:10:89:02:c7:e8:a8:67: + a5:14:41:0f:1a:d7:25:2b:91:f8:6a:c6:5d:e3:b0: + fe:30:7c:47:56:95:93:e1:e8:e4:74:e5:1f:bf:00: + 32:49:8e:f7:1d:29:07:68:4c:8e:ca:6f:84:96:37: + 37:3d:ee:92:1d:15:b3:18:30:ef:a0:46:b1:6e:7b: + ec:d4:a6:27:8d:11:f9:35:31:9c:91:04:c8:e2:8a: + ac:4f:cb:b4:49:b0:92:2b:82:59:4e:69:00:62:51: + 4f:5d:10:72:54:03:5c:24:39:8a:fb:39:6b:c1:da: + 84:10:15:c3:04:cb:31:26:91:b8:0a:b1:b5:32:69: + ec:0f:64:a7:51:53:dc:64:13:b1:c2:ec:fc:55:0a: + d8:f5:22:e7:c4:d9:4f:73:8d:85:b6:cc:8b:2a:51: + 76:e3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 72:A9:55:09:13:A6:61:1E:1D:9F:00:BA:AF:93:D9:8D:69:86:1D:20 + X509v3 Authority Key Identifier: + keyid:F2:67:B1:5D:5F:51:5E:DA:51:89:E9:D9:E9:6B:CA:8B:AF:A5:2E:69 + + Signature Algorithm: sha1WithRSAEncryption + 68:32:9c:c5:ea:15:03:a3:2a:5b:e0:3b:ef:02:72:72:5e:5f: + 57:b3:32:1f:a8:46:93:33:38:75:92:5f:41:e3:99:97:3a:f2: + 0d:7d:2b:71:81:31:a7:ff:15:28:e8:f1:fe:d4:c1:83:2b:0b: + 1a:1b:6c:b3:81:01:e1:4c:77:51:8b:09:2d:7f:da:52:2c:f5: + 9e:38:a7:59:b8:cc:dc:f5:42:d4:3f:7f:22:96:7e:4a:89:f0: + cc:6e:77:f0:ee:79:d3:82:20:7a:0c:17:e2:c8:14:77:81:cd: + bf:34:27:76:7c:c2:eb:4f:93:dd:0a:a3:ee:2e:b9:f6:8a:d2: + 7f:0b:f0:69:0f:90:05:6e:d6:ca:23:91:6d:38:68:28:2b:c7: + 2d:99:17:c7:2a:1b:a6:1b:78:ea:68:56:cb:2e:83:d4:98:54: + 1f:a5:77:cd:88:59:9c:bd:a2:88:70:4e:f4:68:f0:0e:70:45: + 9c:c0:ef:d4:48:f0:14:cc:24:b5:47:40:08:07:2f:df:78:0b: + 0b:50:f6:49:85:41:8c:48:12:78:3a:67:67:d9:82:09:0f:54: + a5:fe:14:7c:d4:21:60:a2:45:2b:ea:97:df:38:cc:f5:5a:cd: + 4d:62:5a:a1:cf:51:cb:93:36:2e:c7:17:ec:77:89:06:f2:c9: + 55:70:96:f3 +-----BEGIN CERTIFICATE----- +MIIDFjCCAf6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADAoMQ4wDAYDVQQKEwVYeVNT +TDEWMBQGA1UEAxMNWHlTU0wgVGVzdCBDQTAeFw0wNzExMjkxOTUwNDhaFw0wOTEx +MjgxOTUwNDhaMCYxDjAMBgNVBAoTBVh5U1NMMRQwEgYDVQQDEwtUZXN0IFVzZXIg +MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOV74ZQG5d0gCg1qT54s +Q+p0+K+Qq2B+RRcn2RsdkESXQkVnIjLV65dOdu9FmT+AKcVFlH1DwAsBvaycnc// +P+oeBBwqcJT/a9Fjb82wXx2/1kXy4TIXGIe0eTlSASNQXY0QiQLH6KhnpRRBDxrX +JSuR+GrGXeOw/jB8R1aVk+Ho5HTlH78AMkmO9x0pB2hMjspvhJY3Nz3ukh0Vsxgw +76BGsW577NSmJ40R+TUxnJEEyOKKrE/LtEmwkiuCWU5pAGJRT10QclQDXCQ5ivs5 +a8HahBAVwwTLMSaRuAqxtTJp7A9kp1FT3GQTscLs/FUK2PUi58TZT3ONhbbMiypR +duMCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUcqlVCROmYR4dnwC6r5PZ +jWmGHSAwHwYDVR0jBBgwFoAU8mexXV9RXtpRienZ6WvKi6+lLmkwDQYJKoZIhvcN +AQEFBQADggEBAGgynMXqFQOjKlvgO+8CcnJeX1ezMh+oRpMzOHWSX0HjmZc68g19 +K3GBMaf/FSjo8f7UwYMrCxobbLOBAeFMd1GLCS1/2lIs9Z44p1m4zNz1QtQ/fyKW +fkqJ8Mxud/DuedOCIHoMF+LIFHeBzb80J3Z8wutPk90Ko+4uufaK0n8L8GkPkAVu +1sojkW04aCgrxy2ZF8cqG6YbeOpoVssug9SYVB+ld82IWZy9oohwTvRo8A5wRZzA +79RI8BTMJLVHQAgHL994CwtQ9kmFQYxIEng6Z2fZggkPVKX+FHzUIWCiRSvql984 +zPVazU1iWqHPUcuTNi7HF+x3iQbyyVVwlvM= +-----END CERTIFICATE----- diff --git a/programs/ssl/test-ca/client2.key b/programs/ssl/test-ca/client2.key new file mode 100644 index 000000000..8696e10d2 --- /dev/null +++ b/programs/ssl/test-ca/client2.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA5XvhlAbl3SAKDWpPnixD6nT4r5CrYH5FFyfZGx2QRJdCRWci +MtXrl05270WZP4ApxUWUfUPACwG9rJydz/8/6h4EHCpwlP9r0WNvzbBfHb/WRfLh +MhcYh7R5OVIBI1BdjRCJAsfoqGelFEEPGtclK5H4asZd47D+MHxHVpWT4ejkdOUf +vwAySY73HSkHaEyOym+Eljc3Pe6SHRWzGDDvoEaxbnvs1KYnjRH5NTGckQTI4oqs +T8u0SbCSK4JZTmkAYlFPXRByVANcJDmK+zlrwdqEEBXDBMsxJpG4CrG1MmnsD2Sn +UVPcZBOxwuz8VQrY9SLnxNlPc42FtsyLKlF24wIDAQABAoIBAENov1uPJyhsR+em +6dpJoG2XjJFtypmencbugpyvc3higioG4InUQs8AUnl4lUqM6Dg1dyfQpfHVwhSZ +MNYvYWPxCz4GzWlHGjG4ptfhzh7cAiIr9TCUjjUWs2E+EG2CJujQCZ8Sf+ov/9LS +RZCZ0CZbS4B54oyGqjQt3Xq2l2kNRODdKbaSK3zZWp9nMNyu0iUpmAtgh6FliARI +pPr7oUHNxnmkF5JHyLFaGBtr33FZnmh8q9/gGnqEujkd6ynNwERCDVBZiBolVoCm +sIoC5kBZjaY//I+0dZoBqDsSOGUupdICiy1dHeC8Nc0GIX79pVLNLabCeQbxxOBg +QTN25FECgYEA8vnRvr6Hq53otreRO5RWFRnpGC0QS+nZArLxuva33IK5srN8CBbD +qMyszUiG7URHtQudvG9uno2X8fZmvRxRp42NTo3xCUX6HQmbo7o2B1RvQnJ/k+NF +A9IjqWS0jzneKo7jpoRhKPVolubADGZh7E9IRF+I0ajyOatv6eOB0RkCgYEA8cjr +9Lg80TSiY4v1z0KzFVRmYsUj2OlkYqSF9XMTIQGO2mGn8ApDh/OzpnxCSK0RjLeR +WUu3/6pCxUjM4ddOi81hiX51gkx6TC0SZ5jXPUm+NZVfkln8uYmvXE/4qSMZVvnl +iJnhOV8wNfwhriHQv22+OkoDD1Ul5Cv0GZZim1sCgYEA8BDEm6HEilvKwj080ZEO +PGsNU0WzBE5Yi8Ih9IgvwT+oGlgcBCH5z53qXil6ppMABnEjuDqhISblKbw6Zj7E +rre9FhBIRtFM/cOwc2RYXYWfKBfY1VWHqu7FLWjCvYB/ca0cYDoLhVxzqiTzO00t +Ez6COIvrsrsqGLC6Mm0GpoECgYEA22QQTtdaQA69hwx5uF5yd1lFKjxuAaYNs8BL +2WNYqStrv1a7dwEpM9R7YAcCckWwVfo/hkJBrFiHC9K6LfcbS5nJ9mPsJpZUpoiD +WcODExa15JMszHSg8I4xs9bQ8FBr7tMEZwYSKufnrCSjPwlqDDl9UhDUY/ZEUp1b +elhOE18CgYEAprkUGSy8JHB/Y23U/DUEfHLvUy9W1HjOYXe/SOL+z3TQV3vg/FVr +VJJ+PIUoSaHkCm9Vm5J4uZaRf5NhajgLPKiIDxvR6oeeU7kC4Pi55voJ6spnCS0+ +xp7hjCLiFeWNqNlF9y6YCmaEM+ULVfw5WerNeeZs36T6iVu5CIiVgsY= +-----END RSA PRIVATE KEY----- diff --git a/programs/ssl/test-ca/client2.pfx b/programs/ssl/test-ca/client2.pfx new file mode 100644 index 0000000000000000000000000000000000000000..9d7c25c8abb52f194da457da82f8a541c2014914 GIT binary patch literal 2397 zcmY+Ec{J1uAI4|KZ!ioc4Z_$5MPrbC$X-HM*236}8vCwk29ps+N~JW{I+yIbi-<^M zS9WE{9U?-;F7bBHdEfWG?;qduJ?HbB^ZfUDFl5*@2$&5+hKaMo&ct7g-{ApsfOE*O z;{X{3|Ajd*WVYA;MC>_aw#r|q6aohQdinn(V2mg`*S{O!V0H{Iz}W|ZrtPh1dP5+b zpcpb+WRx1Bm*Uj6+g-S~*ED>8aTT>2i-x?(<`KrXT1b0xUN;j ztf8)nyceae;;?)nM|+$o4Hb~X0J{tLP%D4bzNZwFn8_)QPwKP=#E$vDFpFJu+Zr$Q zO~aB#$W0!5R7=Zkee;I}`uU}d-Ubp?C094ksNxfya;#&p)8eUA!Mp@*UaIQqj5Nrh zjDRhxq)%>b`+~3YRPRtKD7SJ0o`rNm5%0BCizMsJ zeT@>_gl?}?Sl2HEs(toJQmA6S)L8ts|1u=w%VARQh$<$~tXeo4{beZV+8D(ukzd}6 zBnvf^P_YYr7MuSgWeWY)R!c?J)XC=bYJ{=7=H_4E-ux$it7LKd?WE>W9kamaMa>?l zFlSF(OVD@6wA>yp8JQF6OrG0hbgpOK?o_mr6V=*T1QcxzP)&ig{atJ#OH!u;ujST( zP?-%A5a&}ju5Z$3tm4Wk?l`USmf(}S(5R&t9vcFMxc0R?`=0V=5u$^&6#D`-l|K_@ zFwg(ZM3sDOK(d+nZX0m2h4<9nydUtz{&oq%>J}Po*ra1_wPep17JU98K_>Qzd8iJg zK!!NIz`xft@$mj1C6@ht&c`J6Bifg*b9~U5wSj(7s|)79n|q3JOB-jD%_vujef&r@ zT2dpt8c!d%nUo^quVbgQ*${qIBDz+a)G8mAoo>P`j)8;ARJDgRpTzgsOIY2Skmn!2 z%pTS};2HUH{7DvkLn;3at96pmC;|zxX9=Tvvz&VN#dORn-B>=dalNJCq)zohw#QZ7 zm)%qPtA#C{fs5cnyl-*{^?tJcDjQK6x4l$it3K-PvFBd6<&JWqne3ijNLi?7rSg#MuF-ri(Se?;-gfN9`K>2KD%Tuce>{-Kx|t%5l1gzDd$j z4&G#*st%P^zzWqlz5G}Aptd>fpyrfH%j*94@4@e{uJKMQgqTlkocVBEmRDBYjCt4^ zN!a;{0U_8e>sua~X7Fh@5H*8ikt4?VB3|4ig{5IXaBA+Mcq7ZxD~*~}g3Bz+U6kB# z*##e_WjF7G7*>YEUOHG5TbD85i~?$6`i@$z2>eVRSHos@w7c8$RzXI$in-!FjQ5p3 zfaQs;m_$?TR~9CPb{(OiVBf$h=8ukgRga8yyynkq5mrT<3l*~G8j`o*l8o~TB^h{~ zhE;zO$!R!u;wU&Cy5_sbeUv`2UviX*zX=K(W1T!_+O~}-FwX=EYx^|G?lQoQBD8`te4RJ)uF2!GM8pjXxG8O7AcaPU*8fb~_^UzAkMV-L z>n%qU3CK*))1`f_wjj!$W86xd23ua3_?<*o`tx)}w$SUI@T}rsn-UVdGn#a{;x7dm zRQA)L0DYx*FRoiz0$(=XaP#80`uETcRxX~Ed7PJ~msMKEOdq0FFNqhOK(<}6e)~vd z=TQO^%4N-ztIlog?-G|CSZbF&j}XfPF}tJ^Nqv0q!-UQ?jtak_4aI&zOV#3Rn&y*O zX5ika+!F0o>iYe)xD~d*P(_y8qMyb3vwLzB8Yo0iW^nh|)YN6B-37t=y3|Y+4XQKi zDz@gZ+xSAtSo)4K%qt+Alsr3esXQZH&|g#3D%^R4il8^E(|?eRScctZDEd#~xiU*2 zaqwRFq8(28>QA0W-yRI^hw+cyg<=bRs@;&k-`Xz4($GetLX^6D;-IFnEw!yhlA&O? zhSi!rKf8zcd!VGL_j#*?z_(gqHOTOm23vi!oqbuOr0U?5tI0frV^PG)U$gLaX#G~8a|M==xHqbWH{bSbq3Y)r?ZA0sx zd7fnDv`MKMOr>meiNvlF0YL;V^Ds6KlNy?UQOtdMBEQP{TYYJ zvj_4|%~T5m4`V$J9FZ|hg^G^#lI6#9SC(8NY9>`oA`BvjkkM)6rO@>oN+r_1or>qA zq(J7N>1`STuQpQeR%{H`O9Dk#89n$KZViV^iPQ*+mRcdzSFTg^Z9HJFRu$_UQjOc1 zI}Zd11zV>yvQ2=~0}i{C4Ez1)w1)g^xz0#GN_{~!r_(oQoJWg?!_#=8+=p#(?6w1X z>~4%m8X3N+b3IDqQ-#upGwaFgFF&ORJQqyA5u%L3NdI>oVF+ab;3Pm`e&FGHeooq( zs2*OXQ_r +#include +#include + +#include "xyssl/config.h" + +#include "xyssl/md4.h" +#include "xyssl/md5.h" +#include "xyssl/sha1.h" +#include "xyssl/sha2.h" +#include "xyssl/arc4.h" +#include "xyssl/des.h" +#include "xyssl/aes.h" +#include "xyssl/rsa.h" +#include "xyssl/timing.h" + +#define BUFSIZE 1024 + +static int myrand( void *rng_state ) +{ + if( rng_state != NULL ) + rng_state = NULL; + + return( rand() ); +} + +unsigned char buf[BUFSIZE]; + +int main( void ) +{ + int keysize; + unsigned long i, j, tsc; + unsigned char tmp[32]; +#if defined(XYSSL_ARC4_C) + arc4_context arc4; +#endif +#if defined(XYSSL_DES_C) + des3_context des3; + des_context des; +#endif +#if defined(XYSSL_AES_C) + aes_context aes; +#endif +#if defined(XYSSL_RSA_C) + rsa_context rsa; +#endif + + memset( buf, 0xAA, sizeof( buf ) ); + + printf( "\n" ); + +#if defined(XYSSL_MD4_C) + printf( " MD4 : " ); + fflush( stdout ); + + set_alarm( 1 ); + for( i = 1; ! alarmed; i++ ) + md4( buf, BUFSIZE, tmp ); + + tsc = hardclock(); + for( j = 0; j < 1024; j++ ) + md4( buf, BUFSIZE, tmp ); + + printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024, + ( hardclock() - tsc ) / ( j * BUFSIZE ) ); +#endif + +#if defined(XYSSL_MD5_C) + printf( " MD5 : " ); + fflush( stdout ); + + set_alarm( 1 ); + for( i = 1; ! alarmed; i++ ) + md5( buf, BUFSIZE, tmp ); + + tsc = hardclock(); + for( j = 0; j < 1024; j++ ) + md5( buf, BUFSIZE, tmp ); + + printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024, + ( hardclock() - tsc ) / ( j * BUFSIZE ) ); +#endif + +#if defined(XYSSL_SHA1_C) + printf( " SHA-1 : " ); + fflush( stdout ); + + set_alarm( 1 ); + for( i = 1; ! alarmed; i++ ) + sha1( buf, BUFSIZE, tmp ); + + tsc = hardclock(); + for( j = 0; j < 1024; j++ ) + sha1( buf, BUFSIZE, tmp ); + + printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024, + ( hardclock() - tsc ) / ( j * BUFSIZE ) ); +#endif + +#if defined(XYSSL_SHA2_C) + printf( " SHA-256 : " ); + fflush( stdout ); + + set_alarm( 1 ); + for( i = 1; ! alarmed; i++ ) + sha2( buf, BUFSIZE, tmp, 0 ); + + tsc = hardclock(); + for( j = 0; j < 1024; j++ ) + sha2( buf, BUFSIZE, tmp, 0 ); + + printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024, + ( hardclock() - tsc ) / ( j * BUFSIZE ) ); +#endif + +#if defined(XYSSL_ARC4_C) + printf( " ARC4 : " ); + fflush( stdout ); + + arc4_setup( &arc4, tmp, 32 ); + + set_alarm( 1 ); + for( i = 1; ! alarmed; i++ ) + arc4_crypt( &arc4, buf, BUFSIZE ); + + tsc = hardclock(); + for( j = 0; j < 1024; j++ ) + arc4_crypt( &arc4, buf, BUFSIZE ); + + printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024, + ( hardclock() - tsc ) / ( j * BUFSIZE ) ); +#endif + +#if defined(XYSSL_DES_C) + printf( " 3DES : " ); + fflush( stdout ); + + des3_set3key_enc( &des3, tmp ); + + set_alarm( 1 ); + for( i = 1; ! alarmed; i++ ) + des3_crypt_cbc( &des3, DES_ENCRYPT, BUFSIZE, tmp, buf, buf ); + + tsc = hardclock(); + for( j = 0; j < 1024; j++ ) + des3_crypt_cbc( &des3, DES_ENCRYPT, BUFSIZE, tmp, buf, buf ); + + printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024, + ( hardclock() - tsc ) / ( j * BUFSIZE ) ); + + printf( " DES : " ); + fflush( stdout ); + + des_setkey_enc( &des, tmp ); + + set_alarm( 1 ); + for( i = 1; ! alarmed; i++ ) + des_crypt_cbc( &des, DES_ENCRYPT, BUFSIZE, tmp, buf, buf ); + + tsc = hardclock(); + for( j = 0; j < 1024; j++ ) + des_crypt_cbc( &des, DES_ENCRYPT, BUFSIZE, tmp, buf, buf ); + + printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024, + ( hardclock() - tsc ) / ( j * BUFSIZE ) ); +#endif + +#if defined(XYSSL_AES_C) + for( keysize = 128; keysize <= 256; keysize += 64 ) + { + printf( " AES-%d : ", keysize ); + fflush( stdout ); + + memset( buf, 0, sizeof( buf ) ); + memset( tmp, 0, sizeof( tmp ) ); + aes_setkey_enc( &aes, tmp, keysize ); + + set_alarm( 1 ); + + for( i = 1; ! alarmed; i++ ) + aes_crypt_cbc( &aes, AES_ENCRYPT, BUFSIZE, tmp, buf, buf ); + + tsc = hardclock(); + for( j = 0; j < 4096; j++ ) + aes_crypt_cbc( &aes, AES_ENCRYPT, BUFSIZE, tmp, buf, buf ); + + printf( "%9lu Kb/s, %9lu cycles/byte\n", i * BUFSIZE / 1024, + ( hardclock() - tsc ) / ( j * BUFSIZE ) ); + } +#endif + +#if defined(XYSSL_RSA_C) + rsa_init( &rsa, RSA_PKCS_V15, 0, myrand, NULL ); + rsa_gen_key( &rsa, 1024, 65537 ); + + printf( " RSA-1024 : " ); + fflush( stdout ); + set_alarm( 3 ); + + for( i = 1; ! alarmed; i++ ) + { + buf[0] = 0; + rsa_public( &rsa, buf, buf ); + } + + printf( "%9lu public/s\n", i / 3 ); + + printf( " RSA-1024 : " ); + fflush( stdout ); + set_alarm( 3 ); + + for( i = 1; ! alarmed; i++ ) + { + buf[0] = 0; + rsa_private( &rsa, buf, buf ); + } + + printf( "%9lu private/s\n\n", i / 3 ); + + rsa_free( &rsa ); +#endif + +#ifdef WIN32 + printf( " Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( 0 ); +} diff --git a/programs/test/selftest.c b/programs/test/selftest.c new file mode 100644 index 000000000..6fc0e1f3e --- /dev/null +++ b/programs/test/selftest.c @@ -0,0 +1,131 @@ +/* + * Self-test demonstration program + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include +#include + +#include "xyssl/config.h" + +#include "xyssl/md2.h" +#include "xyssl/md4.h" +#include "xyssl/md5.h" +#include "xyssl/sha1.h" +#include "xyssl/sha2.h" +#include "xyssl/sha4.h" +#include "xyssl/arc4.h" +#include "xyssl/des.h" +#include "xyssl/aes.h" +#include "xyssl/base64.h" +#include "xyssl/bignum.h" +#include "xyssl/rsa.h" +#include "xyssl/x509.h" + +int main( int argc, char *argv[] ) +{ + int ret, v; + + if( argc == 2 && strcmp( argv[1], "-quiet" ) == 0 ) + v = 0; + else + { + v = 1; + printf( "\n" ); + } + +#if defined(XYSSL_MD2_C) + if( ( ret = md2_self_test( v ) ) != 0 ) + return( ret ); +#endif + +#if defined(XYSSL_MD4_C) + if( ( ret = md4_self_test( v ) ) != 0 ) + return( ret ); +#endif + +#if defined(XYSSL_MD5_C) + if( ( ret = md5_self_test( v ) ) != 0 ) + return( ret ); +#endif + +#if defined(XYSSL_SHA1_C) + if( ( ret = sha1_self_test( v ) ) != 0 ) + return( ret ); +#endif + +#if defined(XYSSL_SHA2_C) + if( ( ret = sha2_self_test( v ) ) != 0 ) + return( ret ); +#endif + +#if defined(XYSSL_SHA4_C) + if( ( ret = sha4_self_test( v ) ) != 0 ) + return( ret ); +#endif + +#if defined(XYSSL_ARC4_C) + if( ( ret = arc4_self_test( v ) ) != 0 ) + return( ret ); +#endif + +#if defined(XYSSL_DES_C) + if( ( ret = des_self_test( v ) ) != 0 ) + return( ret ); +#endif + +#if defined(XYSSL_AES_C) + if( ( ret = aes_self_test( v ) ) != 0 ) + return( ret ); +#endif + +#if defined(XYSSL_BASE64_C) + if( ( ret = base64_self_test( v ) ) != 0 ) + return( ret ); +#endif + +#if defined(XYSSL_BIGNUM_C) + if( ( ret = mpi_self_test( v ) ) != 0 ) + return( ret ); +#endif + +#if defined(XYSSL_RSA_C) + if( ( ret = rsa_self_test( v ) ) != 0 ) + return( ret ); +#endif + +#if defined(XYSSL_X509_C) + if( ( ret = x509_self_test( v ) ) != 0 ) + return( ret ); +#endif + + if( v != 0 ) + { + printf( " [ All tests passed ]\n\n" ); +#ifdef WIN32 + printf( " Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + } + + return( ret ); +} diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c new file mode 100644 index 000000000..44ff7d8eb --- /dev/null +++ b/programs/test/ssl_test.c @@ -0,0 +1,580 @@ +/* + * SSL/TLS stress testing program + * + * Copyright (C) 2006-2007 Christophe Devine + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include +#include +#include + +#include "xyssl/net.h" +#include "xyssl/ssl.h" +#include "xyssl/havege.h" +#include "xyssl/timing.h" +#include "xyssl/certs.h" + +#define OPMODE_NONE 0 +#define OPMODE_CLIENT 1 +#define OPMODE_SERVER 2 + +#define IOMODE_BLOCK 0 +#define IOMODE_NONBLOCK 1 + +#define COMMAND_READ 1 +#define COMMAND_WRITE 2 +#define COMMAND_BOTH 3 + +#define DFL_OPMODE OPMODE_NONE +#define DFL_IOMODE IOMODE_BLOCK +#define DFL_SERVER_NAME "localhost" +#define DFL_SERVER_PORT 4433 +#define DFL_COMMAND COMMAND_READ +#define DFL_BUFFER_SIZE 1024 +#define DFL_MAX_BYTES 0 +#define DFL_DEBUG_LEVEL 0 +#define DFL_CONN_TIMEOUT 0 +#define DFL_MAX_CONNECTIONS 0 +#define DFL_SESSION_REUSE 1 +#define DFL_SESSION_LIFETIME 86400 +#define DFL_FORCE_CIPHER 0 + +/* + * server-specific data + */ +char *dhm_G = "4"; +char *dhm_P = +"E4004C1F94182000103D883A448B3F802CE4B44A83301270002C20D0321CFD00" \ +"11CCEF784C26A400F43DFB901BCA7538F2C6B176001CF5A0FD16D2C48B1D0C1C" \ +"F6AC8E1DA6BCC3B4E1F96B0564965300FFA1D0B601EB2800F489AA512C4B248C" \ +"01F76949A60BB7F00A40B1EAB64BDD48E8A700D60B7F1200FA8E77B0A979DABF"; + +int server_fd = -1; + +/* + * global options + */ +struct options +{ + int opmode; /* operation mode (client or server) */ + int iomode; /* I/O mode (blocking or non-blocking) */ + char *server_name; /* hostname of the server (client only) */ + int server_port; /* port on which the ssl service runs */ + int command; /* what to do: read or write operation */ + int buffer_size; /* size of the send/receive buffer */ + int max_bytes; /* max. # of bytes before a reconnect */ + int debug_level; /* level of debugging */ + int conn_timeout; /* max. delay before a reconnect */ + int max_connections; /* max. number of reconnections */ + int session_reuse; /* flag to reuse the keying material */ + int session_lifetime; /* if reached, session data is expired */ + int force_cipher[2]; /* protocol/cipher to use, or all */ +}; + +/* + * Although this PRNG has good statistical properties (eg. passes + * DIEHARD), it is not cryptographically secure. + */ +unsigned long int lcppm5( unsigned long int *state ) +{ + unsigned long int u, v; + + u = v = state[4] ^ 1; + state[u & 3] ^= u; + u ^= (v << 12) ^ (v >> 12); + u ^= v * state[0]; v >>= 8; + u ^= v * state[1]; v >>= 8; + u ^= v * state[2]; v >>= 8; + u ^= v * state[3]; + u &= 0xFFFFFFFF; + state[4] = u; + + return( u ); +} + +void my_debug( void *ctx, int level, char *str ) +{ + if( level < ((struct options *) ctx)->debug_level ) + fprintf( stderr, "%s", str ); +} + +/* + * perform a single SSL connection + */ +static int ssl_test( struct options *opt ) +{ + int ret, i; + int client_fd; + int bytes_to_read; + int bytes_to_write; + int offset_to_read; + int offset_to_write; + + long int nb_read; + long int nb_written; + + unsigned long read_state[5]; + unsigned long write_state[5]; + + unsigned char *read_buf; + unsigned char *write_buf; + + struct hr_time t; + havege_state hs; + ssl_context ssl; + ssl_session ssn; + x509_cert srvcert; + rsa_context rsa; + + ret = 1; + + havege_init( &hs ); + get_timer( &t, 1 ); + + memset( read_state, 0, sizeof( read_state ) ); + memset( write_state, 0, sizeof( write_state ) ); + + memset( &srvcert, 0, sizeof( x509_cert ) ); + memset( &rsa, 0, sizeof( rsa_context ) ); + + if( opt->opmode == OPMODE_CLIENT ) + { + if( ( ret = net_connect( &client_fd, opt->server_name, + opt->server_port ) ) != 0 ) + { + printf( " ! net_connect returned %d\n\n", ret ); + return( ret ); + } + + if( ( ret = ssl_init( &ssl ) ) != 0 ) + { + printf( " ! ssl_init returned %d\n\n", ret ); + return( ret ); + } + + ssl_set_endpoint( &ssl, SSL_IS_CLIENT ); + } + + if( opt->opmode == OPMODE_SERVER ) + { + ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt, + strlen( test_srv_crt ) ); + if( ret != 0 ) + { + printf( " ! x509parse_crt returned %d\n\n", ret ); + goto exit; + } + + ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt, + strlen( test_ca_crt ) ); + if( ret != 0 ) + { + printf( " ! x509parse_crt returned %d\n\n", ret ); + goto exit; + } + + ret = x509parse_key( &rsa, (unsigned char *) test_srv_key, + strlen( test_srv_key ), NULL, 0 ); + if( ret != 0 ) + { + printf( " ! x509parse_key returned %d\n\n", ret ); + goto exit; + } + + if( server_fd < 0 ) + { + if( ( ret = net_bind( &server_fd, NULL, + opt->server_port ) ) != 0 ) + { + printf( " ! net_bind returned %d\n\n", ret ); + return( ret ); + } + } + + if( ( ret = net_accept( server_fd, &client_fd, NULL ) ) != 0 ) + { + printf( " ! net_accept returned %d\n\n", ret ); + return( ret ); + } + + if( ( ret = ssl_init( &ssl ) ) != 0 ) + { + printf( " ! ssl_init returned %d\n\n", ret ); + return( ret ); + } + + ssl_set_endpoint( &ssl, SSL_IS_SERVER ); + ssl_set_dh_param( &ssl, dhm_P, dhm_G ); + ssl_set_ca_chain( &ssl, srvcert.next, NULL ); + ssl_set_own_cert( &ssl, &srvcert, &rsa ); + } + + ssl_set_authmode( &ssl, SSL_VERIFY_NONE ); + + ssl_set_rng( &ssl, havege_rand, &hs ); + ssl_set_dbg( &ssl, my_debug, opt ); + ssl_set_bio( &ssl, net_recv, &client_fd, + net_send, &client_fd ); + + ssl_set_session( &ssl, opt->session_reuse, + opt->session_lifetime, &ssn ); + + if( opt->force_cipher[0] == DFL_FORCE_CIPHER ) + ssl_set_ciphers( &ssl, ssl_default_ciphers ); + else ssl_set_ciphers( &ssl, opt->force_cipher ); + + if( opt->iomode == IOMODE_NONBLOCK ) + net_set_nonblock( client_fd ); + + read_buf = (unsigned char *) malloc( opt->buffer_size ); + write_buf = (unsigned char *) malloc( opt->buffer_size ); + + if( read_buf == NULL || write_buf == NULL ) + { + printf( " ! malloc(%d bytes) failed\n\n", opt->buffer_size ); + goto exit; + } + + nb_read = bytes_to_read = 0; + nb_written = bytes_to_write = 0; + + while( 1 ) + { + if( opt->command & COMMAND_WRITE ) + { + if( bytes_to_write == 0 ) + { + while( bytes_to_write == 0 ) + bytes_to_write = rand() % opt->buffer_size; + + for( i = 0; i < bytes_to_write; i++ ) + write_buf[i] = (unsigned char) lcppm5( write_state ); + + offset_to_write = 0; + } + + ret = ssl_write( &ssl, write_buf + offset_to_write, + bytes_to_write ); + + if( ret >= 0 ) + { + nb_written += ret; + bytes_to_write -= ret; + offset_to_write += ret; + } + + if( ret == XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY || + ret == XYSSL_ERR_NET_CONN_RESET ) + { + ret = 0; + goto exit; + } + + if( ret < 0 && ret != XYSSL_ERR_NET_TRY_AGAIN ) + { + printf( " ! ssl_write returned %d\n\n", ret ); + break; + } + } + + if( opt->command & COMMAND_READ ) + { + if( bytes_to_read == 0 ) + { + bytes_to_read = rand() % opt->buffer_size; + offset_to_read = 0; + } + + ret = ssl_read( &ssl, read_buf + offset_to_read, + bytes_to_read ); + + if( ret >= 0 ) + { + for( i = 0; i < ret; i++ ) + { + if( read_buf[offset_to_read + i] != + (unsigned char) lcppm5( read_state ) ) + { + ret = 1; + printf( " ! plaintext mismatch\n\n" ); + goto exit; + } + } + + nb_read += ret; + bytes_to_read -= ret; + offset_to_read += ret; + } + + if( ret == XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY || + ret == XYSSL_ERR_NET_CONN_RESET ) + { + ret = 0; + goto exit; + } + + if( ret < 0 && ret != XYSSL_ERR_NET_TRY_AGAIN ) + { + printf( " ! ssl_read returned %d\n\n", ret ); + break; + } + } + + ret = 0; + + if( opt->max_bytes != 0 && + ( opt->max_bytes <= nb_read || + opt->max_bytes <= nb_written ) ) + break; + + if( opt->conn_timeout != 0 && + opt->conn_timeout <= (int) get_timer( &t, 0 ) ) + break; + } + +exit: + + fflush( stdout ); + + if( read_buf != NULL ) + free( read_buf ); + + if( write_buf != NULL ) + free( write_buf ); + + ssl_close_notify( &ssl ); + x509_free( &srvcert ); + rsa_free( &rsa ); + ssl_free( &ssl ); + net_close( client_fd ); + + return( ret ); +} + +#define USAGE \ + "\n usage: ssl_test opmode=<> command=<>...\n" \ + "\n acceptable parameters:\n" \ + " opmode=client/server default: \n" \ + " iomode=block/nonblock default: block\n" \ + " server_name=%%s default: localhost\n" \ + " server_port=%%d default: 4433\n" \ + " command=read/write/both default: read\n" \ + " buffer_size=%%d (bytes) default: 1024\n" \ + " max_bytes=%%d (bytes) default: 0 (no limit)\n" \ + " debug_level=%%d default: 0 (disabled)\n" \ + " conn_timeout=%%d (ms) default: 0 (no timeout)\n" \ + " max_connections=%%d default: 0 (no limit)\n" \ + " session_reuse=on/off default: on (enabled)\n" \ + " session_lifetime=%%d (s) default: 86400\n" \ + " force_cipher= default: all enabled\n" \ + " acceptable cipher names:\n" \ + " SSL_RSA_RC4_128_MD5 SSL_RSA_RC4_128_SHA\n" \ + " SSL_RSA_DES_168_SHA SSL_EDH_RSA_DES_168_SHA\n" \ + " SSL_RSA_AES_128_SHA SSL_EDH_RSA_AES_256_SHA\n" \ + " SSL_RSA_AES_256_SHA\n\n" + +int main( int argc, char *argv[] ) +{ + int i, j, n; + int ret = 1; + int nb_conn; + char *p, *q; + struct options opt; + + if( argc == 1 ) + { + usage: + printf( USAGE ); + goto exit; + } + + opt.opmode = DFL_OPMODE; + opt.iomode = DFL_IOMODE; + opt.server_name = DFL_SERVER_NAME; + opt.server_port = DFL_SERVER_PORT; + opt.command = DFL_COMMAND; + opt.buffer_size = DFL_BUFFER_SIZE; + opt.max_bytes = DFL_MAX_BYTES; + opt.debug_level = DFL_DEBUG_LEVEL; + opt.conn_timeout = DFL_CONN_TIMEOUT; + opt.max_connections = DFL_MAX_CONNECTIONS; + opt.session_reuse = DFL_SESSION_REUSE; + opt.session_lifetime = DFL_SESSION_LIFETIME; + opt.force_cipher[0] = DFL_FORCE_CIPHER; + + for( i = 1; i < argc; i++ ) + { + n = strlen( argv[i] ); + + for( j = 0; j < n; j++ ) + { + if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' ) + argv[i][j] |= 0x20; + } + + p = argv[i]; + if( ( q = strchr( p, '=' ) ) == NULL ) + continue; + *q++ = '\0'; + + if( strcmp( p, "opmode" ) == 0 ) + { + if( strcmp( q, "client" ) == 0 ) + opt.opmode = OPMODE_CLIENT; + else + if( strcmp( q, "server" ) == 0 ) + opt.opmode = OPMODE_SERVER; + else goto usage; + } + + if( strcmp( p, "iomode" ) == 0 ) + { + if( strcmp( q, "block" ) == 0 ) + opt.iomode = IOMODE_BLOCK; + else + if( strcmp( q, "nonblock" ) == 0 ) + opt.iomode = IOMODE_NONBLOCK; + else goto usage; + } + + if( strcmp( p, "server_name" ) == 0 ) + opt.server_name = q; + + if( strcmp( p, "server_port" ) == 0 ) + { + opt.server_port = atoi( q ); + if( opt.server_port < 1 || opt.server_port > 65535 ) + goto usage; + } + + if( strcmp( p, "command" ) == 0 ) + { + if( strcmp( q, "read" ) == 0 ) + opt.command = COMMAND_READ; + else + if( strcmp( q, "write" ) == 0 ) + opt.command = COMMAND_WRITE; + else + if( strcmp( q, "both" ) == 0 ) + { + opt.iomode = IOMODE_NONBLOCK; + opt.command = COMMAND_BOTH; + } + else goto usage; + } + + if( strcmp( p, "buffer_size" ) == 0 ) + { + opt.buffer_size = atoi( q ); + if( opt.buffer_size < 1 || opt.buffer_size > 1048576 ) + goto usage; + } + + if( strcmp( p, "max_bytes" ) == 0 ) + opt.max_bytes = atoi( q ); + + if( strcmp( p, "debug_level" ) == 0 ) + opt.debug_level = atoi( q ); + + if( strcmp( p, "conn_timeout" ) == 0 ) + opt.conn_timeout = atoi( q ); + + if( strcmp( p, "max_connections" ) == 0 ) + opt.max_connections = atoi( q ); + + if( strcmp( p, "session_reuse" ) == 0 ) + { + if( strcmp( q, "on" ) == 0 ) + opt.session_reuse = 1; + else + if( strcmp( q, "off" ) == 0 ) + opt.session_reuse = 0; + else + goto usage; + } + + if( strcmp( p, "session_lifetime" ) == 0 ) + opt.session_lifetime = atoi( q ); + + if( strcmp( p, "force_cipher" ) == 0 ) + { + opt.force_cipher[0] = -1; + + if( strcmp( q, "ssl_rsa_rc4_128_md5" ) == 0 ) + opt.force_cipher[0] = SSL_RSA_RC4_128_MD5; + + if( strcmp( q, "ssl_rsa_rc4_128_sha" ) == 0 ) + opt.force_cipher[0] = SSL_RSA_RC4_128_SHA; + + if( strcmp( q, "ssl_rsa_des_168_sha" ) == 0 ) + opt.force_cipher[0] = SSL_RSA_DES_168_SHA; + + if( strcmp( q, "ssl_edh_rsa_des_168_sha" ) == 0 ) + opt.force_cipher[0] = SSL_EDH_RSA_DES_168_SHA; + + if( strcmp( q, "ssl_rsa_aes_128_sha" ) == 0 ) + opt.force_cipher[0] = SSL_RSA_AES_128_SHA; + + if( strcmp( q, "ssl_rsa_aes_256_sha" ) == 0 ) + opt.force_cipher[0] = SSL_RSA_AES_256_SHA; + + if( strcmp( q, "ssl_edh_rsa_aes_256_sha" ) == 0 ) + opt.force_cipher[0] = SSL_EDH_RSA_AES_256_SHA; + + if( opt.force_cipher[0] < 0 ) + goto usage; + + opt.force_cipher[1] = 0; + } + } + + switch( opt.opmode ) + { + case OPMODE_CLIENT: + break; + + case OPMODE_SERVER: + break; + + default: + goto usage; + } + + nb_conn = 0; + + do { + nb_conn++; + ret = ssl_test( &opt ); + if( opt.max_connections != 0 && + opt.max_connections <= nb_conn ) + break; + } + while( ret == 0 ); + +exit: + +#ifdef WIN32 + printf( " Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + return( ret ); +} diff --git a/visualc/_build.dsw b/visualc/_build.dsw new file mode 100644 index 000000000..2d568c22d --- /dev/null +++ b/visualc/_build.dsw @@ -0,0 +1,368 @@ +Microsoft Developer Studio Workspace File, Format Version 6.00 +# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE! + +############################################################################### + +Project: "_build_all"=".\_build_all.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name xyssl + End Project Dependency + Begin Project Dependency + Project_Dep_Name aescrypt2 + End Project Dependency + Begin Project Dependency + Project_Dep_Name hello + End Project Dependency + Begin Project Dependency + Project_Dep_Name md5sum + End Project Dependency + Begin Project Dependency + Project_Dep_Name sha1sum + End Project Dependency + Begin Project Dependency + Project_Dep_Name sha2sum + End Project Dependency + Begin Project Dependency + Project_Dep_Name benchmark + End Project Dependency + Begin Project Dependency + Project_Dep_Name dh_client + End Project Dependency + Begin Project Dependency + Project_Dep_Name dh_genprime + End Project Dependency + Begin Project Dependency + Project_Dep_Name dh_server + End Project Dependency + Begin Project Dependency + Project_Dep_Name mpi_demo + End Project Dependency + Begin Project Dependency + Project_Dep_Name rsa_genkey + End Project Dependency + Begin Project Dependency + Project_Dep_Name rsa_sign + End Project Dependency + Begin Project Dependency + Project_Dep_Name rsa_verify + End Project Dependency + Begin Project Dependency + Project_Dep_Name selftest + End Project Dependency + Begin Project Dependency + Project_Dep_Name ssl_client1 + End Project Dependency + Begin Project Dependency + Project_Dep_Name ssl_client2 + End Project Dependency + Begin Project Dependency + Project_Dep_Name ssl_server + End Project Dependency + Begin Project Dependency + Project_Dep_Name ssl_test + End Project Dependency +}}} + +############################################################################### + +Project: "aescrypt2"=".\aescrypt2.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name xyssl + End Project Dependency +}}} + +############################################################################### + +Project: "benchmark"=".\benchmark.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name xyssl + End Project Dependency +}}} + +############################################################################### + +Project: "dh_client"=".\dh_client.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name xyssl + End Project Dependency +}}} + +############################################################################### + +Project: "dh_genprime"=".\dh_genprime.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name xyssl + End Project Dependency +}}} + +############################################################################### + +Project: "dh_server"=".\dh_server.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name xyssl + End Project Dependency +}}} + +############################################################################### + +Project: "hello"=".\hello.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name xyssl + End Project Dependency +}}} + +############################################################################### + +Project: "md5sum"=".\md5sum.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name xyssl + End Project Dependency +}}} + +############################################################################### + +Project: "mpi_demo"=".\mpi_demo.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name xyssl + End Project Dependency +}}} + +############################################################################### + +Project: "rsa_genkey"=".\rsa_genkey.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name xyssl + End Project Dependency +}}} + +############################################################################### + +Project: "rsa_sign"=".\rsa_sign.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name xyssl + End Project Dependency +}}} + +############################################################################### + +Project: "rsa_verify"=".\rsa_verify.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name xyssl + End Project Dependency +}}} + +############################################################################### + +Project: "selftest"=".\selftest.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name xyssl + End Project Dependency +}}} + +############################################################################### + +Project: "sha1sum"=".\sha1sum.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name xyssl + End Project Dependency +}}} + +############################################################################### + +Project: "sha2sum"=".\sha2sum.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name xyssl + End Project Dependency +}}} + +############################################################################### + +Project: "ssl_client1"=".\ssl_client1.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name xyssl + End Project Dependency +}}} + +############################################################################### + +Project: "ssl_client2"=".\ssl_client2.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name xyssl + End Project Dependency +}}} + +############################################################################### + +Project: "ssl_server"=".\ssl_server.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name xyssl + End Project Dependency +}}} + +############################################################################### + +Project: "ssl_test"=".\ssl_test.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ + Begin Project Dependency + Project_Dep_Name xyssl + End Project Dependency +}}} + +############################################################################### + +Project: "xyssl"=".\xyssl.dsp" - Package Owner=<4> + +Package=<5> +{{{ +}}} + +Package=<4> +{{{ +}}} + +############################################################################### + +Global: + +Package=<5> +{{{ +}}} + +Package=<3> +{{{ +}}} + +############################################################################### + diff --git a/visualc/_build_all.dsp b/visualc/_build_all.dsp new file mode 100644 index 000000000..15663bffd --- /dev/null +++ b/visualc/_build_all.dsp @@ -0,0 +1,63 @@ +# Microsoft Developer Studio Project File - Name="_build_all" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Generic Project" 0x010a + +CFG=_build_all - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "_build_all.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "_build_all.mak" CFG="_build_all - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "_build_all - Win32 Release" (based on "Win32 (x86) Generic Project") +!MESSAGE "_build_all - Win32 Debug" (based on "Win32 (x86) Generic Project") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +MTL=midl.exe + +!IF "$(CFG)" == "_build_all - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" + +!ELSEIF "$(CFG)" == "_build_all - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" + +!ENDIF + +# Begin Target + +# Name "_build_all - Win32 Release" +# Name "_build_all - Win32 Debug" +# End Target +# End Project diff --git a/visualc/aescrypt2.dsp b/visualc/aescrypt2.dsp new file mode 100644 index 000000000..9ca26c55c --- /dev/null +++ b/visualc/aescrypt2.dsp @@ -0,0 +1,101 @@ +# Microsoft Developer Studio Project File - Name="aescrypt2" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Console Application" 0x0103 + +CFG=aescrypt2 - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "aescrypt2.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "aescrypt2.mak" CFG="aescrypt2 - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "aescrypt2 - Win32 Release" (based on "Win32 (x86) Console Application") +!MESSAGE "aescrypt2 - Win32 Debug" (based on "Win32 (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "aescrypt2 - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD BASE RSC /l 0x40c /d "NDEBUG" +# ADD RSC /l 0x40c /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 + +!ELSEIF "$(CFG)" == "aescrypt2 - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD BASE RSC /l 0x40c /d "_DEBUG" +# ADD RSC /l 0x40c /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "aescrypt2 - Win32 Release" +# Name "aescrypt2 - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\programs\aes\aescrypt2.c +# ADD CPP /I "../include" +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/visualc/benchmark.dsp b/visualc/benchmark.dsp new file mode 100644 index 000000000..4a063e5bf --- /dev/null +++ b/visualc/benchmark.dsp @@ -0,0 +1,101 @@ +# Microsoft Developer Studio Project File - Name="benchmark" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Console Application" 0x0103 + +CFG=benchmark - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "benchmark.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "benchmark.mak" CFG="benchmark - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "benchmark - Win32 Release" (based on "Win32 (x86) Console Application") +!MESSAGE "benchmark - Win32 Debug" (based on "Win32 (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "benchmark - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD BASE RSC /l 0x40c /d "NDEBUG" +# ADD RSC /l 0x40c /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 + +!ELSEIF "$(CFG)" == "benchmark - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD BASE RSC /l 0x40c /d "_DEBUG" +# ADD RSC /l 0x40c /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "benchmark - Win32 Release" +# Name "benchmark - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\programs\test\benchmark.c +# ADD CPP /I "../include" +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/visualc/dh_client.dsp b/visualc/dh_client.dsp new file mode 100644 index 000000000..58a138b02 --- /dev/null +++ b/visualc/dh_client.dsp @@ -0,0 +1,101 @@ +# Microsoft Developer Studio Project File - Name="dh_client" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Console Application" 0x0103 + +CFG=dh_client - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "dh_client.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "dh_client.mak" CFG="dh_client - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "dh_client - Win32 Release" (based on "Win32 (x86) Console Application") +!MESSAGE "dh_client - Win32 Debug" (based on "Win32 (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "dh_client - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD BASE RSC /l 0x40c /d "NDEBUG" +# ADD RSC /l 0x40c /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 + +!ELSEIF "$(CFG)" == "dh_client - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD BASE RSC /l 0x40c /d "_DEBUG" +# ADD RSC /l 0x40c /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "dh_client - Win32 Release" +# Name "dh_client - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\programs\pkey\dh_client.c +# ADD CPP /I "../include" +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/visualc/dh_genprime.dsp b/visualc/dh_genprime.dsp new file mode 100644 index 000000000..a17511cd7 --- /dev/null +++ b/visualc/dh_genprime.dsp @@ -0,0 +1,101 @@ +# Microsoft Developer Studio Project File - Name="dh_genprime" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Console Application" 0x0103 + +CFG=dh_genprime - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "dh_genprime.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "dh_genprime.mak" CFG="dh_genprime - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "dh_genprime - Win32 Release" (based on "Win32 (x86) Console Application") +!MESSAGE "dh_genprime - Win32 Debug" (based on "Win32 (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "dh_genprime - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD BASE RSC /l 0x40c /d "NDEBUG" +# ADD RSC /l 0x40c /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 + +!ELSEIF "$(CFG)" == "dh_genprime - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD BASE RSC /l 0x40c /d "_DEBUG" +# ADD RSC /l 0x40c /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "dh_genprime - Win32 Release" +# Name "dh_genprime - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\programs\pkey\dh_genprime.c +# ADD CPP /I "../include" +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/visualc/dh_prime.txt b/visualc/dh_prime.txt new file mode 100644 index 000000000..e62c27967 --- /dev/null +++ b/visualc/dh_prime.txt @@ -0,0 +1,2 @@ +P = C3CF8BCFD9E88B0CC35EC526F3D63FA001DC9392E6CA81F3B414173955C582758B52038FAFBF402B8C29DC32F5231B0D2E25B252850C7DCDBFF46D0E7989E51DEA07A53BCF7947D4C95EBA28F9CBAFB0267EC3BCF57B15A49964236B56773851D6621E546F410D504F13827218CD14A1FDB69522DC72DD67D880E51B2E00894F +G = 04 diff --git a/visualc/dh_server.dsp b/visualc/dh_server.dsp new file mode 100644 index 000000000..23f03f217 --- /dev/null +++ b/visualc/dh_server.dsp @@ -0,0 +1,101 @@ +# Microsoft Developer Studio Project File - Name="dh_server" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Console Application" 0x0103 + +CFG=dh_server - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "dh_server.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "dh_server.mak" CFG="dh_server - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "dh_server - Win32 Release" (based on "Win32 (x86) Console Application") +!MESSAGE "dh_server - Win32 Debug" (based on "Win32 (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "dh_server - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD BASE RSC /l 0x40c /d "NDEBUG" +# ADD RSC /l 0x40c /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 + +!ELSEIF "$(CFG)" == "dh_server - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD BASE RSC /l 0x40c /d "_DEBUG" +# ADD RSC /l 0x40c /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "dh_server - Win32 Release" +# Name "dh_server - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\programs\pkey\dh_server.c +# ADD CPP /I "../include" +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/visualc/hello.dsp b/visualc/hello.dsp new file mode 100644 index 000000000..29c0fdfcc --- /dev/null +++ b/visualc/hello.dsp @@ -0,0 +1,101 @@ +# Microsoft Developer Studio Project File - Name="hello" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Console Application" 0x0103 + +CFG=hello - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "hello.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "hello.mak" CFG="hello - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "hello - Win32 Release" (based on "Win32 (x86) Console Application") +!MESSAGE "hello - Win32 Debug" (based on "Win32 (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "hello - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD BASE RSC /l 0x40c /d "NDEBUG" +# ADD RSC /l 0x40c /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 + +!ELSEIF "$(CFG)" == "hello - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD BASE RSC /l 0x40c /d "_DEBUG" +# ADD RSC /l 0x40c /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "hello - Win32 Release" +# Name "hello - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\programs\hash\hello.c +# ADD CPP /I "../include" +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/visualc/md5sum.dsp b/visualc/md5sum.dsp new file mode 100644 index 000000000..aa86c46ac --- /dev/null +++ b/visualc/md5sum.dsp @@ -0,0 +1,101 @@ +# Microsoft Developer Studio Project File - Name="md5sum" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Console Application" 0x0103 + +CFG=md5sum - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "md5sum.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "md5sum.mak" CFG="md5sum - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "md5sum - Win32 Release" (based on "Win32 (x86) Console Application") +!MESSAGE "md5sum - Win32 Debug" (based on "Win32 (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "md5sum - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD BASE RSC /l 0x40c /d "NDEBUG" +# ADD RSC /l 0x40c /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 + +!ELSEIF "$(CFG)" == "md5sum - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD BASE RSC /l 0x40c /d "_DEBUG" +# ADD RSC /l 0x40c /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "md5sum - Win32 Release" +# Name "md5sum - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\programs\hash\md5sum.c +# ADD CPP /I "../include" +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/visualc/mpi_demo.dsp b/visualc/mpi_demo.dsp new file mode 100644 index 000000000..657900429 --- /dev/null +++ b/visualc/mpi_demo.dsp @@ -0,0 +1,101 @@ +# Microsoft Developer Studio Project File - Name="mpi_demo" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Console Application" 0x0103 + +CFG=mpi_demo - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "mpi_demo.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "mpi_demo.mak" CFG="mpi_demo - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "mpi_demo - Win32 Release" (based on "Win32 (x86) Console Application") +!MESSAGE "mpi_demo - Win32 Debug" (based on "Win32 (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "mpi_demo - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD BASE RSC /l 0x40c /d "NDEBUG" +# ADD RSC /l 0x40c /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 + +!ELSEIF "$(CFG)" == "mpi_demo - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD BASE RSC /l 0x40c /d "_DEBUG" +# ADD RSC /l 0x40c /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "mpi_demo - Win32 Release" +# Name "mpi_demo - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\programs\pkey\mpi_demo.c +# ADD CPP /I "../include" +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/visualc/rsa_genkey.dsp b/visualc/rsa_genkey.dsp new file mode 100644 index 000000000..4305df8b4 --- /dev/null +++ b/visualc/rsa_genkey.dsp @@ -0,0 +1,101 @@ +# Microsoft Developer Studio Project File - Name="rsa_genkey" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Console Application" 0x0103 + +CFG=rsa_genkey - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "rsa_genkey.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "rsa_genkey.mak" CFG="rsa_genkey - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "rsa_genkey - Win32 Release" (based on "Win32 (x86) Console Application") +!MESSAGE "rsa_genkey - Win32 Debug" (based on "Win32 (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "rsa_genkey - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD BASE RSC /l 0x40c /d "NDEBUG" +# ADD RSC /l 0x40c /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 + +!ELSEIF "$(CFG)" == "rsa_genkey - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD BASE RSC /l 0x40c /d "_DEBUG" +# ADD RSC /l 0x40c /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "rsa_genkey - Win32 Release" +# Name "rsa_genkey - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\programs\pkey\rsa_genkey.c +# ADD CPP /I "../include" +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/visualc/rsa_priv.txt b/visualc/rsa_priv.txt new file mode 100644 index 000000000..7dac3590c --- /dev/null +++ b/visualc/rsa_priv.txt @@ -0,0 +1,8 @@ +N=6F440E8C8510107B2040ADEC23C2052769FF89E5EAE061AD5FCE8556E051DBF25FBA31DC83AAFCDFACA70912B8BA8CC73EC67132AB66CE79D2F91A190D57CC42C148728B33190D85E311F1744BF6DB95E7C2DBDC8C3FC291825527BC5556E67FFAD2CAB926A6FBF2B47BC746BEC67A8C205C3AFD4028FC0864F5EEEB27FFA91B +E=010001 +D=0D277AA0DA4A5FE86E93B6FC27EE1435E8AE315B613D4DCEF578B102E85A452A8E6EB0DE65229DEAC3BAABB3EEEAFF21BF262ED3D2B7C0C95E4BDCEE0149D3F81746F38B0D2A36390258BEC37C337E1608859E0133C686E139B6F5162E38F204C61CFBD30ED0F4314B2B079B36EC163225262D618BC4EA0CDF533E7308C41E41 +P=D831261F5EDE9AFD544C95B2BAAF93BEC1032F4426DC048ACA686ED0813A2779B04D09398D3761786781B3B740B16ADAA81D4918ABCBD61F5FD5D726A7DAD843 +Q=83C0E71E39D1ED34E12EC9B54F7EB6ACC5E27B566348B17A9B1B6A60F2ABBD1E137C0B3E7CE3693D215A3312C774B5E177713727D005331148C9FEFA511F2A49 +DP=87C8C6D2E939134B8D48D4B4FF000BE1C14488C95B46D12B82D978D0487A08152C20166D293EE15F48537456E2B10C15ED8507461190E319AD8D97A655C2E415 +DQ=067720E04AD6125DD5EF05D6EFDFB7F7227ECAAEA2909EA4F59792D0CF17BE600B74BAD8862862B1AD414FE04C095E238248FBFBE82959282FFA3998EF022881 +QP=8C2FAEF2C7F8FEE6C6F2B4F811DA5745A3328E5B06256C5F7E8F924EC6E552718095A2F9B4B52DE5B7B22F697FB3CC6D72ED6415555CDC2C4B193D2296249488 diff --git a/visualc/rsa_pub.txt b/visualc/rsa_pub.txt new file mode 100644 index 000000000..483685d6f --- /dev/null +++ b/visualc/rsa_pub.txt @@ -0,0 +1,2 @@ +N=6F440E8C8510107B2040ADEC23C2052769FF89E5EAE061AD5FCE8556E051DBF25FBA31DC83AAFCDFACA70912B8BA8CC73EC67132AB66CE79D2F91A190D57CC42C148728B33190D85E311F1744BF6DB95E7C2DBDC8C3FC291825527BC5556E67FFAD2CAB926A6FBF2B47BC746BEC67A8C205C3AFD4028FC0864F5EEEB27FFA91B +E=010001 diff --git a/visualc/rsa_sign.dsp b/visualc/rsa_sign.dsp new file mode 100644 index 000000000..47bfe567d --- /dev/null +++ b/visualc/rsa_sign.dsp @@ -0,0 +1,101 @@ +# Microsoft Developer Studio Project File - Name="rsa_sign" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Console Application" 0x0103 + +CFG=rsa_sign - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "rsa_sign.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "rsa_sign.mak" CFG="rsa_sign - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "rsa_sign - Win32 Release" (based on "Win32 (x86) Console Application") +!MESSAGE "rsa_sign - Win32 Debug" (based on "Win32 (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "rsa_sign - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD BASE RSC /l 0x40c /d "NDEBUG" +# ADD RSC /l 0x40c /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 + +!ELSEIF "$(CFG)" == "rsa_sign - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD BASE RSC /l 0x40c /d "_DEBUG" +# ADD RSC /l 0x40c /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "rsa_sign - Win32 Release" +# Name "rsa_sign - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\programs\pkey\rsa_sign.c +# ADD CPP /I "../include" +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/visualc/rsa_verify.dsp b/visualc/rsa_verify.dsp new file mode 100644 index 000000000..59507f696 --- /dev/null +++ b/visualc/rsa_verify.dsp @@ -0,0 +1,101 @@ +# Microsoft Developer Studio Project File - Name="rsa_verify" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Console Application" 0x0103 + +CFG=rsa_verify - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "rsa_verify.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "rsa_verify.mak" CFG="rsa_verify - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "rsa_verify - Win32 Release" (based on "Win32 (x86) Console Application") +!MESSAGE "rsa_verify - Win32 Debug" (based on "Win32 (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "rsa_verify - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD BASE RSC /l 0x40c /d "NDEBUG" +# ADD RSC /l 0x40c /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 + +!ELSEIF "$(CFG)" == "rsa_verify - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD BASE RSC /l 0x40c /d "_DEBUG" +# ADD RSC /l 0x40c /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "rsa_verify - Win32 Release" +# Name "rsa_verify - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\programs\pkey\rsa_verify.c +# ADD CPP /I "../include" +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/visualc/selftest.dsp b/visualc/selftest.dsp new file mode 100644 index 000000000..05217b709 --- /dev/null +++ b/visualc/selftest.dsp @@ -0,0 +1,101 @@ +# Microsoft Developer Studio Project File - Name="selftest" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Console Application" 0x0103 + +CFG=selftest - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "selftest.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "selftest.mak" CFG="selftest - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "selftest - Win32 Release" (based on "Win32 (x86) Console Application") +!MESSAGE "selftest - Win32 Debug" (based on "Win32 (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "selftest - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD BASE RSC /l 0x40c /d "NDEBUG" +# ADD RSC /l 0x40c /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 + +!ELSEIF "$(CFG)" == "selftest - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD BASE RSC /l 0x40c /d "_DEBUG" +# ADD RSC /l 0x40c /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "selftest - Win32 Release" +# Name "selftest - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\programs\test\selftest.c +# ADD CPP /I "../include" +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/visualc/sha1sum.dsp b/visualc/sha1sum.dsp new file mode 100644 index 000000000..b8ceafc6f --- /dev/null +++ b/visualc/sha1sum.dsp @@ -0,0 +1,101 @@ +# Microsoft Developer Studio Project File - Name="sha1sum" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Console Application" 0x0103 + +CFG=sha1sum - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "sha1sum.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "sha1sum.mak" CFG="sha1sum - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "sha1sum - Win32 Release" (based on "Win32 (x86) Console Application") +!MESSAGE "sha1sum - Win32 Debug" (based on "Win32 (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "sha1sum - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD BASE RSC /l 0x40c /d "NDEBUG" +# ADD RSC /l 0x40c /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 + +!ELSEIF "$(CFG)" == "sha1sum - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD BASE RSC /l 0x40c /d "_DEBUG" +# ADD RSC /l 0x40c /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "sha1sum - Win32 Release" +# Name "sha1sum - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\programs\hash\sha1sum.c +# ADD CPP /I "../include" +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/visualc/sha2sum.dsp b/visualc/sha2sum.dsp new file mode 100644 index 000000000..b0502585f --- /dev/null +++ b/visualc/sha2sum.dsp @@ -0,0 +1,101 @@ +# Microsoft Developer Studio Project File - Name="sha2sum" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Console Application" 0x0103 + +CFG=sha2sum - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "sha2sum.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "sha2sum.mak" CFG="sha2sum - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "sha2sum - Win32 Release" (based on "Win32 (x86) Console Application") +!MESSAGE "sha2sum - Win32 Debug" (based on "Win32 (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "sha2sum - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD BASE RSC /l 0x40c /d "NDEBUG" +# ADD RSC /l 0x40c /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 + +!ELSEIF "$(CFG)" == "sha2sum - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD BASE RSC /l 0x40c /d "_DEBUG" +# ADD RSC /l 0x40c /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "sha2sum - Win32 Release" +# Name "sha2sum - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\programs\hash\sha2sum.c +# ADD CPP /I "../include" +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/visualc/ssl_client1.dsp b/visualc/ssl_client1.dsp new file mode 100644 index 000000000..a7585f229 --- /dev/null +++ b/visualc/ssl_client1.dsp @@ -0,0 +1,101 @@ +# Microsoft Developer Studio Project File - Name="ssl_client1" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Console Application" 0x0103 + +CFG=ssl_client1 - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "ssl_client1.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "ssl_client1.mak" CFG="ssl_client1 - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "ssl_client1 - Win32 Release" (based on "Win32 (x86) Console Application") +!MESSAGE "ssl_client1 - Win32 Debug" (based on "Win32 (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "ssl_client1 - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD BASE RSC /l 0x40c /d "NDEBUG" +# ADD RSC /l 0x40c /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 + +!ELSEIF "$(CFG)" == "ssl_client1 - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD BASE RSC /l 0x40c /d "_DEBUG" +# ADD RSC /l 0x40c /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "ssl_client1 - Win32 Release" +# Name "ssl_client1 - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\programs\ssl\ssl_client1.c +# ADD CPP /I "../include" +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/visualc/ssl_client2.dsp b/visualc/ssl_client2.dsp new file mode 100644 index 000000000..adc370f4a --- /dev/null +++ b/visualc/ssl_client2.dsp @@ -0,0 +1,101 @@ +# Microsoft Developer Studio Project File - Name="ssl_client2" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Console Application" 0x0103 + +CFG=ssl_client2 - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "ssl_client2.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "ssl_client2.mak" CFG="ssl_client2 - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "ssl_client2 - Win32 Release" (based on "Win32 (x86) Console Application") +!MESSAGE "ssl_client2 - Win32 Debug" (based on "Win32 (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "ssl_client2 - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD BASE RSC /l 0x40c /d "NDEBUG" +# ADD RSC /l 0x40c /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 + +!ELSEIF "$(CFG)" == "ssl_client2 - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD BASE RSC /l 0x40c /d "_DEBUG" +# ADD RSC /l 0x40c /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "ssl_client2 - Win32 Release" +# Name "ssl_client2 - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\programs\ssl\ssl_client2.c +# ADD CPP /I "../include" +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/visualc/ssl_server.dsp b/visualc/ssl_server.dsp new file mode 100644 index 000000000..45fb8b173 --- /dev/null +++ b/visualc/ssl_server.dsp @@ -0,0 +1,101 @@ +# Microsoft Developer Studio Project File - Name="ssl_server" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Console Application" 0x0103 + +CFG=ssl_server - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "ssl_server.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "ssl_server.mak" CFG="ssl_server - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "ssl_server - Win32 Release" (based on "Win32 (x86) Console Application") +!MESSAGE "ssl_server - Win32 Debug" (based on "Win32 (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "ssl_server - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD BASE RSC /l 0x40c /d "NDEBUG" +# ADD RSC /l 0x40c /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 + +!ELSEIF "$(CFG)" == "ssl_server - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD BASE RSC /l 0x40c /d "_DEBUG" +# ADD RSC /l 0x40c /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "ssl_server - Win32 Release" +# Name "ssl_server - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\programs\ssl\ssl_server.c +# ADD CPP /I "../include" +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/visualc/ssl_test.dsp b/visualc/ssl_test.dsp new file mode 100644 index 000000000..ec2fb609c --- /dev/null +++ b/visualc/ssl_test.dsp @@ -0,0 +1,101 @@ +# Microsoft Developer Studio Project File - Name="ssl_test" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Console Application" 0x0103 + +CFG=ssl_test - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "ssl_test.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "ssl_test.mak" CFG="ssl_test - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "ssl_test - Win32 Release" (based on "Win32 (x86) Console Application") +!MESSAGE "ssl_test - Win32 Debug" (based on "Win32 (x86) Console Application") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "ssl_test - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c +# ADD BASE RSC /l 0x40c /d "NDEBUG" +# ADD RSC /l 0x40c /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 + +!ELSEIF "$(CFG)" == "ssl_test - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c +# ADD BASE RSC /l 0x40c /d "_DEBUG" +# ADD RSC /l 0x40c /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept + +!ENDIF + +# Begin Target + +# Name "ssl_test - Win32 Release" +# Name "ssl_test - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\programs\test\ssl_test.c +# ADD CPP /I "../include" +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# End Group +# Begin Group "Resource Files" + +# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" +# End Group +# End Target +# End Project diff --git a/visualc/xyssl.dsp b/visualc/xyssl.dsp new file mode 100644 index 000000000..1c69355ab --- /dev/null +++ b/visualc/xyssl.dsp @@ -0,0 +1,276 @@ +# Microsoft Developer Studio Project File - Name="xyssl" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Static Library" 0x0104 + +CFG=xyssl - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "xyssl.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "xyssl.mak" CFG="xyssl - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "xyssl - Win32 Release" (based on "Win32 (x86) Static Library") +!MESSAGE "xyssl - Win32 Debug" (based on "Win32 (x86) Static Library") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +RSC=rc.exe + +!IF "$(CFG)" == "xyssl - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_MBCS" /D "_LIB" /YX /FD /c +# ADD CPP /nologo /W3 /GX /O2 /I "../include" /D "NDEBUG" /D "WIN32" /D "_MBCS" /D "_LIB" /YX /FD /c +# ADD BASE RSC /l 0x40c /d "NDEBUG" +# ADD RSC /l 0x40c /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LIB32=link.exe -lib +# ADD BASE LIB32 /nologo +# ADD LIB32 /nologo + +!ELSEIF "$(CFG)" == "xyssl - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "" +# PROP BASE Intermediate_Dir "temp" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "" +# PROP Intermediate_Dir "temp" +# PROP Target_Dir "" +# ADD BASE CPP /nologo /W3 /Gm /GX /Z7 /Od /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c +# ADD CPP /nologo /W3 /Gm /GX /Z7 /Od /I "../include" /D "_DEBUG" /D "WIN32" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c +# ADD BASE RSC /l 0x40c /d "_DEBUG" +# ADD RSC /l 0x40c /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LIB32=link.exe -lib +# ADD BASE LIB32 /nologo +# ADD LIB32 /nologo + +!ENDIF + +# Begin Target + +# Name "xyssl - Win32 Release" +# Name "xyssl - Win32 Debug" +# Begin Group "Source Files" + +# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" +# Begin Source File + +SOURCE=..\library\aes.c +# End Source File +# Begin Source File + +SOURCE=..\library\arc4.c +# End Source File +# Begin Source File + +SOURCE=..\library\base64.c +# End Source File +# Begin Source File + +SOURCE=..\library\bignum.c +# End Source File +# Begin Source File + +SOURCE=..\library\certs.c +# End Source File +# Begin Source File + +SOURCE=..\library\debug.c +# End Source File +# Begin Source File + +SOURCE=..\library\des.c +# End Source File +# Begin Source File + +SOURCE=..\library\dhm.c +# End Source File +# Begin Source File + +SOURCE=..\library\havege.c +# End Source File +# Begin Source File + +SOURCE=..\library\md2.c +# End Source File +# Begin Source File + +SOURCE=..\library\md4.c +# End Source File +# Begin Source File + +SOURCE=..\library\md5.c +# End Source File +# Begin Source File + +SOURCE=..\library\net.c +# End Source File +# Begin Source File + +SOURCE=..\library\padlock.c +# End Source File +# Begin Source File + +SOURCE=..\library\rsa.c +# End Source File +# Begin Source File + +SOURCE=..\library\sha1.c +# End Source File +# Begin Source File + +SOURCE=..\library\sha2.c +# End Source File +# Begin Source File + +SOURCE=..\library\sha4.c +# End Source File +# Begin Source File + +SOURCE=..\library\ssl_cli.c +# End Source File +# Begin Source File + +SOURCE=..\library\ssl_srv.c +# End Source File +# Begin Source File + +SOURCE=..\library\ssl_tls.c +# End Source File +# Begin Source File + +SOURCE=..\library\timing.c +# End Source File +# Begin Source File + +SOURCE=..\library\x509parse.c +# End Source File +# End Group +# Begin Group "Header Files" + +# PROP Default_Filter "h;hpp;hxx;hm;inl" +# Begin Source File + +SOURCE=..\include\xyssl\aes.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\arc4.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\base64.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\bignum.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\bn_mul.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\certs.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\config.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\debug.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\des.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\dhm.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\havege.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\md2.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\md4.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\md5.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\net.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\padlock.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\rsa.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\sha1.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\sha2.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\sha4.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\ssl.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\timing.h +# End Source File +# Begin Source File + +SOURCE=..\include\xyssl\x509.h +# End Source File +# End Group +# End Target +# End Project