File Coverage

inc/matrixssl-3-9-3-open/crypto/cryptoApi.h

Criterion	Covered	Total	%
statement	2	10	20.0
branch			n/a
condition			n/a
subroutine			n/a
pod			n/a
total	2	10	20.0

line	stmt	code
1		/**
2		* @file cryptoApi.h
3		* @version 950bba4 (HEAD -> master)
4		*
5		* Prototypes for the Matrix crypto public APIs.
6		*/
7		/*
8		* Copyright (c) 2013-2017 INSIDE Secure Corporation
9		* Copyright (c) PeerSec Networks, 2002-2011
10		* All Rights Reserved
11		*
12		* The latest version of this code is available at http://www.matrixssl.org
13		*
14		* This software is open source; you can redistribute it and/or modify
15		* it under the terms of the GNU General Public License as published by
16		* the Free Software Foundation; either version 2 of the License, or
17		* (at your option) any later version.
18		*
19		* This General Public License does NOT permit incorporating this software
20		* into proprietary programs. If you are unable to comply with the GPL, a
21		* commercial license for this software may be purchased from INSIDE at
22		* http://www.insidesecure.com/
23		*
24		* This program is distributed in WITHOUT ANY WARRANTY; without even the
25		* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
26		* See the GNU General Public License for more details.
27		*
28		* You should have received a copy of the GNU General Public License
29		* along with this program; if not, write to the Free Software
30		* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
31		* http://www.gnu.org/copyleft/gpl.html
32		*/
33		/******************************************************************************/
34
35		#ifndef _h_PS_CRYPTOAPI
36		# define _h_PS_CRYPTOAPI
37
38		# ifdef __cplusplus
39		extern "C" {
40		# endif
41
42		# include "../core/coreApi.h" /* Must be included first */
43		# ifdef MATRIX_CONFIGURATION_INCDIR_FIRST
44		# include /* Must be included second */
45		# else
46		# include "cryptoConfig.h" /* Must be included second */
47		# endif
48		# include "cryptolib.h"
49
50		/* Use optional constant time modular exponentiation algorithm.
51		The setting is set here unless explicitly requested not to. */
52		# ifndef USE_NON_CONSTANT_TIME_MODEXP
53		# define USE_CONSTANT_TIME_MODEXP
54		# endif
55
56		/******************************************************************************/
57		/**
58		Public return codes.
59		These are in addition to those in core/
60		Failure codes MUST be < 0
61		@note The range for crypto error codes must be between -30 and -49
62		*/
63		# define PS_PARSE_FAIL -31
64		/**
65		@note Any future additions to certificate authentication failures
66		must be carried through to MatrixSSL code
67		*/
68		# define PS_CERT_AUTH_PASS PS_TRUE
69		# define PS_CERT_AUTH_FAIL_BC -32 /* BasicConstraint failure */
70		# define PS_CERT_AUTH_FAIL_DN -33 /* DistinguishedName failure */
71		# define PS_CERT_AUTH_FAIL_SIG -34 /* Signature validation failure */
72		# define PS_CERT_AUTH_FAIL_REVOKED -35 /* Revoked via CRL or OCSP */
73		# define PS_CERT_AUTH_FAIL -36 /* Generic cert auth fail */
74		# define PS_CERT_AUTH_FAIL_EXTENSION -37 /* extension permission problem */
75		# define PS_CERT_AUTH_FAIL_PATH_LEN -38 /* pathLen exceeded */
76		# define PS_CERT_AUTH_FAIL_AUTHKEY -39 /* subjectKeyid != issuer authKeyid */
77
78		# define PS_SIGNATURE_MISMATCH -40 /* Algorithms all work but sig not a match */
79
80		# define PS_AUTH_FAIL -41 /* An AEAD or HASH authentication fail */
81		# define PS_MESSAGE_UNSUPPORTED -42 /* Request/Response format/type is unsupported. */
82		# define PS_VERSION_UNSUPPORTED -43 /* Request/Response version is unsupported. */
83
84		# define PS_SELFTEST_FAILED -44 /* Selftest, such as FIPS 140-2
85		Powerup selftest has failed.
86		Software initialization has
87		failed. */
88
89		/** Public return value codes for OCSP.
90
91		These are additional possible return values from OCSP parsing.
92		Currently these values are for OCSP Response and thus map directly to
93		RFC 6960, section 4.2.1 (values -86 ... -81 correspond to 1 ... 6.)
94		When one of these values is returned by psOcspParseResponse(), function
95		psOcspResponseGetStatus() can be used to map it into an OCSP Response Status
96		code.
97
98		@note The additional range used by OCSP error codes is between -80 and -89.
99		*/
100		# define PS_OCSP_UNAUTHORIZED -81 /* Request unauthorized */
101		# define PS_OCSP_SIG_REQUIRED -82 /* Must sign the request */
102		/* -83 Is reserved for future extensions. */
103		# define PS_OCSP_TRY_LATER -84 /* Try again later */
104		# define PS_OCSP_INTERNAL_ERROR -85 /* Internal error in issuer */
105		# define PS_OCSP_MALFORMED_REQUEST -86 /* Illegal confirmation request */
106
107		/******************************************************************************/
108
109		/* Set as authStatusFlags to certificate callback when authStatus
110		is PS_CERT_AUTH_FAIL_EXTENSION */
111		# define PS_CERT_AUTH_FAIL_KEY_USAGE_FLAG 0x01
112		# define PS_CERT_AUTH_FAIL_EKU_FLAG 0x02
113		# define PS_CERT_AUTH_FAIL_SUBJECT_FLAG 0x04
114		# define PS_CERT_AUTH_FAIL_DATE_FLAG 0x08
115		/* Set as authStatusFlags to certificate callback when authStatus
116		is PS_CERT_AUTH_FAIL_PATH_LEN. This flag indicates that the maximum
117		peer cert chain verification depth specified in session options
118		was exceeded.
119		*/
120		# define PS_CERT_AUTH_FAIL_VERIFY_DEPTH_FLAG 0x10
121
122		/******************************************************************************/
123		/**
124		Build the configuration string with the relevant build options for
125		runtime validation of compile-time configuration.
126		*/
127		# if defined PSTM_X86 \|\| defined PSTM_X86_64 \|\| defined PSTM_ARM \|\| \
128		defined PSTM_MIPS
129		# define PSTM_ASM_CONFIG_STR "Y"
130		# else
131		# define PSTM_ASM_CONFIG_STR "N"
132		# endif
133		# ifdef PSTM_64BIT
134		# define PSTM_64_CONFIG_STR "Y"
135		# else
136		# define PSTM_64_CONFIG_STR "N"
137		# endif
138		# ifdef USE_AESNI_CRYPTO
139		# define AESNI_CONFIG_STR "Y"
140		# else
141		# define AESNI_CONFIG_STR "N"
142		# endif
143		# define HW_PKA_CONFIG_STR "N"
144		# define PKCS11_CONFIG_STR "N"
145		# define FIPS_CONFIG_STR "N"
146
147		# define PSCRYPTO_CONFIG \
148		"Y" \
149		PSTM_ASM_CONFIG_STR \
150		PSTM_64_CONFIG_STR \
151		AESNI_CONFIG_STR \
152		HW_PKA_CONFIG_STR \
153		PKCS11_CONFIG_STR \
154		FIPS_CONFIG_STR \
155		PSCORE_CONFIG
156
157		/******************************************************************************/
158		/*
159		Crypto module open/close
160		*/
161		PSPUBLIC int32_t psCryptoOpen(const char *config);
162		PSPUBLIC void psCryptoClose(void);
163
164		/******************************************************************************/
165		/*
166		Crypto module control (only available with CLS crypto)
167		*/
168
169		/******************************************************************************/
170		/*
171		Abstract Cipher API
172		Handles symmetric crypto, aead ciphers, hashes and macs.
173		*/
174		typedef enum
175		{
176
177		AES_CBC_ENC = 1,
178		AES_CBC_DEC,
179		AES_GCM_ENC,
180		AES_GCM_DEC,
181		CHACHA20_POLY1305_ENC,
182		CHACHA20_POLY1305_DEC,
183		ARC4,
184		DES3,
185		IDEA,
186		SEED,
187
188		HASH_MD2,
189		HASH_MD5,
190		HASH_SHA1,
191		HASH_MD5SHA1,
192		HASH_SHA256,
193		HASH_SHA384,
194		HASH_SHA512,
195
196		HMAC_MD5,
197		HMAC_SHA1,
198		HMAC_SHA256,
199		HMAC_SHA384,
200
201		} psCipherType_e;
202
203		/******************************************************************************/
204		/*
205		Symmetric Cipher Algorithms
206		*/
207		# ifdef USE_AES
208
209		# define PS_AES_ENCRYPT 0x1
210		# define PS_AES_DECRYPT 0x2
211
212		# ifdef USE_AES_BLOCK
213		/******************************************************************************/
214		PSPUBLIC int32_t psAesInitBlockKey(psAesKey_t *key,
215		const unsigned char ckey[AES_MAXKEYLEN], uint8_t keylen,
216		uint32_t flags);
217		PSPUBLIC void psAesEncryptBlock(psAesKey_t key, const unsigned char pt,
218		unsigned char *ct);
219		PSPUBLIC void psAesDecryptBlock(psAesKey_t key, const unsigned char ct,
220		unsigned char *pt);
221		PSPUBLIC void psAesClearBlockKey(psAesKey_t *key);
222		# endif
223
224		# ifdef USE_AES_CBC
225		/******************************************************************************/
226		PSPUBLIC int32_t psAesInitCBC(psAesCbc_t *ctx,
227		const unsigned char IV[AES_IVLEN],
228		const unsigned char key[AES_MAXKEYLEN], uint8_t keylen,
229		uint32_t flags);
230		PSPUBLIC void psAesDecryptCBC(psAesCbc_t *ctx,
231		const unsigned char ct, unsigned char pt,
232		uint32_t len);
233		PSPUBLIC void psAesEncryptCBC(psAesCbc_t *ctx,
234		const unsigned char pt, unsigned char ct,
235		uint32_t len);
236		PSPUBLIC void psAesClearCBC(psAesCbc_t *ctx);
237		# endif
238
239		# ifdef USE_AES_GCM
240		/******************************************************************************/
241		PSPUBLIC int32_t psAesInitGCM(psAesGcm_t *ctx,
242		const unsigned char key[AES_MAXKEYLEN], uint8_t keylen);
243		PSPUBLIC void psAesReadyGCM(psAesGcm_t *ctx,
244		const unsigned char IV[AES_IVLEN],
245		const unsigned char *aad, psSize_t aadLen);
246		PSPUBLIC int32_t psAesReadyGCMRandomIV(psAesGcm_t * ctx,
247		unsigned char IV[12],
248		const unsigned char *aad, psSize_t aadLen,
249		void *poolUserPtr);
250		PSPUBLIC void psAesEncryptGCM(psAesGcm_t *ctx,
251		const unsigned char pt, unsigned char ct,
252		uint32_t len);
253		PSPUBLIC int32_t psAesDecryptGCM(psAesGcm_t *ctx,
254		const unsigned char *ct, uint32_t ctLen,
255		unsigned char *pt, uint32_t ptLen);
256
257		PSPUBLIC int32_t psAesDecryptGCM2(psAesGcm_t *ctx,
258		const unsigned char *ct,
259		unsigned char *pt, uint32_t len,
260		const unsigned char *tag, uint32_t tagLen);
261
262		PSPUBLIC void psAesDecryptGCMtagless(psAesGcm_t *ctx,
263		const unsigned char ct, unsigned char pt,
264		uint32_t len);
265		PSPUBLIC void psAesGetGCMTag(psAesGcm_t * ctx,
266		uint8_t tagBytes, unsigned char tag[AES_BLOCKLEN]);
267		PSPUBLIC void psAesClearGCM(psAesGcm_t *ctx);
268
269		# endif /* USE_AES_GCM */
270
271		# endif /* USE_AES */
272
273		# ifdef USE_CHACHA20_POLY1305
274		/******************************************************************************/
275		PSPUBLIC int32_t psChacha20Poly1305Init(psChacha20Poly1305_t *ctx,
276		const unsigned char key[crypto_aead_chacha20poly1305_KEYBYTES],
277		uint8_t keylen);
278		PSPUBLIC void psChacha20Poly1305Ready(psChacha20Poly1305_t *ctx,
279		const unsigned char IV[crypto_aead_chacha20poly1305_NPUBBYTES + 4],
280		const unsigned char *aad, psSize_t aadLen);
281		PSPUBLIC void psChacha20Poly1305Encrypt(psChacha20Poly1305_t *ctx,
282		const unsigned char pt, unsigned char ct, uint32_t len);
283
284		PSPUBLIC int32_t psChacha20Poly1305Decrypt(psChacha20Poly1305_t *ctx,
285		const unsigned char *ct, uint32_t ctLen,
286		unsigned char *pt, uint32_t ptLen);
287
288		PSPUBLIC void psChacha20Poly1305DecryptTagless(psChacha20Poly1305_t *ctx,
289		const unsigned char ct, unsigned char pt,
290		uint32_t len);
291
292		PSPUBLIC void psChacha20Poly1305GetTag(psChacha20Poly1305_t * ctx,
293		uint8_t tagBytes,
294		unsigned char tag[crypto_aead_chacha20poly1305_ABYTES]);
295		PSPUBLIC void psChacha20Poly1305Clear(psChacha20Poly1305_t *ctx);
296		# endif
297
298		# ifdef USE_3DES
299		/******************************************************************************/
300		PSPUBLIC int32_t psDes3Init(psDes3_t *ctx, const unsigned char IV[DES3_IVLEN],
301		const unsigned char key[DES3_KEYLEN]);
302		PSPUBLIC void psDes3Decrypt(psDes3_t ctx, const unsigned char ct,
303		unsigned char *pt, uint32_t len);
304		PSPUBLIC void psDes3Encrypt(psDes3_t ctx, const unsigned char pt,
305		unsigned char *ct, uint32_t len);
306		PSPUBLIC void psDes3Clear(psDes3_t *ctx);
307		# endif
308
309		/******************************************************************************/
310		/*
311		Hash Digest Algorithms
312		*/
313		# ifdef USE_MD5
314		/******************************************************************************/
315		static __inline void psMd5PreInit(psMd5_t *md5)
316		{
317		/* Nothing to pre-initialize for native crypto. */
318		}
319		PSPUBLIC int32_t psMd5Init(psMd5_t *md5);
320		PSPUBLIC void psMd5Update(psMd5_t md5, const unsigned char buf, uint32_t len);
321		PSPUBLIC void psMd5Final(psMd5_t * md, unsigned char hash[MD5_HASHLEN]);
322		# endif
323
324		# ifdef USE_SHA1
325		/******************************************************************************/
326		/* Pre-init should be called for uninitialized, e.g. function local
327		digest contexts, before calling the initialization function. */
328	0	static __inline void psSha1PreInit(psSha1_t *sha1)
329		{
330		/* Nothing to pre-initialize for native crypto. */
331	0	}
332		PSPUBLIC int32_t psSha1Init(psSha1_t *sha1);
333		PSPUBLIC void psSha1Update(psSha1_t *sha1,
334		const unsigned char *buf, uint32_t len);
335		PSPUBLIC void psSha1Final(psSha1_t * sha1, unsigned char hash[SHA1_HASHLEN]);
336		static __inline void psSha1Sync(psSha1_t *ctx, int sync_all)
337		{
338		}
339		static __inline void psSha1Cpy(psSha1_t d, const psSha1_t s)
340		{
341		memcpy(d, s, sizeof(psSha1_t));
342		}
343		# endif /* USE_SHA1 */
344
345		# ifdef USE_MD5SHA1
346		/******************************************************************************/
347		/* Pre-init should be called for uninitialized, e.g. function local
348		digest contexts, before calling the initialization function. */
349	0	static __inline void psMd5Sha1PreInit(psMd5Sha1_t *md)
350		{
351		/* Nothing to pre-initialize for native crypto. */
352	0	}
353		PSPUBLIC int32_t psMd5Sha1Init(psMd5Sha1_t *md);
354		PSPUBLIC void psMd5Sha1Update(psMd5Sha1_t *md,
355		const unsigned char *buf, uint32_t len);
356		PSPUBLIC void psMd5Sha1Final(psMd5Sha1_t * md,
357		unsigned char hash[MD5SHA1_HASHLEN]);
358		static __inline void psMd5Sha1Sync(psMd5Sha1_t *ctx, int sync_all)
359		{
360		}
361		static __inline void psMd5Sha1Cpy(psMd5Sha1_t d, const psMd5Sha1_t s)
362		{
363		memcpy(d, s, sizeof(psMd5Sha1_t));
364		}
365		# endif /* USE_MD5SHA1 */
366
367		# ifdef USE_SHA224
368		/******************************************************************************/
369		/* Pre-init should be called for uninitialized, e.g. function local
370		digest contexts, before calling the initialization function. */
371		static __inline void psSha224PreInit(psSha256_t *sha224)
372		{
373		/* Nothing to pre-initialize for native crypto. */
374		}
375		PSPUBLIC void psSha224Init(psSha256_t *sha224);
376		PSPUBLIC void psSha224Update(psSha256_t *sha224,
377		const unsigned char *buf, uint32_t len);
378		PSPUBLIC void psSha224Final(psSha256_t * sha224,
379		unsigned char hash[SHA224_HASHLEN]);
380		static __inline void psSha224Sync(psSha256_t *md, int sync_all)
381		{
382		}
383		static __inline void psSha224Cpy(psSha256_t d, const psSha256_t s)
384		{
385		memcpy(d, s, sizeof(psSha256_t));
386		}
387		# endif /* USE_SHA224 */
388
389		# ifdef USE_SHA256
390		/******************************************************************************/
391		/* Pre-init should be called for uninitialized, e.g. function local
392		digest contexts, before calling the initialization function. */
393	1057	static __inline void psSha256PreInit(psSha256_t *sha256)
394		{
395		/* Nothing to pre-initialize for native crypto. */
396	1057	}
397		PSPUBLIC int32_t psSha256Init(psSha256_t *sha256);
398		PSPUBLIC void psSha256Update(psSha256_t *sha256,
399		const unsigned char *buf, uint32_t len);
400		PSPUBLIC void psSha256Final(psSha256_t * sha256,
401		unsigned char hash[SHA256_HASHLEN]);
402		static __inline void psSha256Sync(psSha256_t *md, int sync_all)
403		{
404		}
405		static __inline void psSha256Cpy(psSha256_t d, const psSha256_t s)
406		{
407		memcpy(d, s, sizeof(psSha256_t));
408		}
409		# endif /* USE_SHA256 */
410
411		/******************************************************************************/
412		# ifdef USE_SHA384
413		/* Pre-init should be called for uninitialized, e.g. function local
414		digest contexts, before calling the initialization function. */
415	0	static __inline void psSha384PreInit(psSha384_t *sha384)
416		{
417		/* Nothing to pre-initialize for native crypto. */
418	0	}
419		PSPUBLIC int32_t psSha384Init(psSha384_t *sha384);
420		PSPUBLIC void psSha384Update(psSha384_t *sha384,
421		const unsigned char *buf, uint32_t len);
422		PSPUBLIC void psSha384Final(psSha384_t * sha384,
423		unsigned char hash[SHA384_HASHLEN]);
424		static __inline void psSha384Sync(psSha384_t *md, int sync_all)
425		{
426		}
427		static __inline void psSha384Cpy(psSha384_t d, const psSha384_t s)
428		{
429		memcpy(d, s, sizeof(psSha384_t));
430		}
431		# endif /* USE_SHA384 */
432
433		# ifdef USE_SHA512
434		/******************************************************************************/
435		/* Pre-init should be called for uninitialized, e.g. function local
436		digest contexts, before calling the initialization function. */
437	0	static __inline void psSha512PreInit(psSha512_t *sha512)
438		{
439		/* Nothing to pre-initialize for native crypto. */
440	0	}
441		PSPUBLIC int32_t psSha512Init(psSha512_t *md);
442		PSPUBLIC void psSha512Update(psSha512_t *md,
443		const unsigned char *buf, uint32_t len);
444		PSPUBLIC void psSha512Final(psSha512_t * md,
445		unsigned char hash[SHA512_HASHLEN]);
446		static __inline void psSha512Sync(psSha512_t *md, int sync_all)
447		{
448		}
449		static __inline void psSha512Cpy(psSha512_t d, const psSha512_t s)
450		{
451		memcpy(d, s, sizeof(psSha512_t));
452		}
453		# endif /* USE_SHA512 */
454
455		/******************************************************************************/
456		/*
457		HMAC Algorithms
458		*/
459		/* Generic HMAC algorithms, specify cipher by type. */
460		PSPUBLIC int32_t psHmacInit(psHmac_t *ctx, psCipherType_e type,
461		const unsigned char *key, psSize_t keyLen);
462		PSPUBLIC void psHmacUpdate(psHmac_t *ctx,
463		const unsigned char *buf, uint32_t len);
464		PSPUBLIC void psHmacFinal(psHmac_t * ctx,
465		unsigned char hash[MAX_HASHLEN]);
466
467		# ifdef USE_HMAC_MD5
468		/******************************************************************************/
469		PSPUBLIC int32_t psHmacMd5(const unsigned char *key, psSize_t keyLen,
470		const unsigned char *buf, uint32_t len,
471		unsigned char hash[MD5_HASHLEN],
472		unsigned char hmacKey, psSize_t hmacKeyLen);
473		PSPUBLIC int32_t psHmacMd5Init(psHmacMd5_t *ctx,
474		const unsigned char *key, psSize_t keyLen);
475		PSPUBLIC void psHmacMd5Update(psHmacMd5_t *ctx,
476		const unsigned char *buf, uint32_t len);
477		PSPUBLIC void psHmacMd5Final(psHmacMd5_t * ctx,
478		unsigned char hash[MD5_HASHLEN]);
479		# endif
480
481		# ifdef USE_HMAC_SHA1
482		/******************************************************************************/
483		PSPUBLIC int32_t psHmacSha1(const unsigned char *key, psSize_t keyLen,
484		const unsigned char *buf, uint32_t len,
485		unsigned char hash[SHA1_HASHLEN],
486		unsigned char hmacKey, psSize_t hmacKeyLen);
487		# ifdef USE_HMAC_TLS
488		PSPUBLIC int32_t psHmacSha1Tls(const unsigned char *key, uint32_t keyLen,
489		const unsigned char *buf1, uint32_t len1,
490		const unsigned char *buf2, uint32_t len2,
491		const unsigned char *buf3, uint32_t len3,
492		uint32_t len3_alt, unsigned char *hmac);
493		# endif
494		PSPUBLIC int32_t psHmacSha1Init(psHmacSha1_t *ctx,
495		const unsigned char *key, psSize_t keyLen);
496		PSPUBLIC void psHmacSha1Update(psHmacSha1_t *ctx,
497		const unsigned char *buf, uint32_t len);
498		PSPUBLIC void psHmacSha1Final(psHmacSha1_t * ctx,
499		unsigned char hash[SHA1_HASHLEN]);
500		# endif
501
502		# ifdef USE_HMAC_SHA256
503		/******************************************************************************/
504		PSPUBLIC int32_t psHmacSha256(const unsigned char *key, psSize_t keyLen,
505		const unsigned char *buf, uint32_t len,
506		unsigned char hash[SHA256_HASHLEN],
507		unsigned char hmacKey, psSize_t hmacKeyLen);
508		# ifdef USE_HMAC_TLS
509		PSPUBLIC int32 psHmacSha2Tls(const unsigned char *key, uint32 keyLen,
510		const unsigned char *buf1, uint32 len1,
511		const unsigned char *buf2, uint32 len2,
512		const unsigned char *buf3, uint32 len3,
513		uint32 len3_alt, unsigned char *hmac,
514		uint32 hashSize);
515		# endif
516		PSPUBLIC int32_t psHmacSha256Init(psHmacSha256_t *ctx,
517		const unsigned char *key, psSize_t keyLen);
518		PSPUBLIC void psHmacSha256Update(psHmacSha256_t *ctx,
519		const unsigned char *buf, uint32_t len);
520		PSPUBLIC void psHmacSha256Final(psHmacSha256_t * ctx,
521		unsigned char hash[SHA256_HASHLEN]);
522		# endif
523		# ifdef USE_HMAC_SHA384
524		/******************************************************************************/
525		PSPUBLIC int32_t psHmacSha384(const unsigned char *key, psSize_t keyLen,
526		const unsigned char *buf, uint32_t len,
527		unsigned char hash[SHA384_HASHLEN],
528		unsigned char hmacKey, psSize_t hmacKeyLen);
529		PSPUBLIC int32_t psHmacSha384Init(psHmacSha384_t *ctx,
530		const unsigned char *key, psSize_t keyLen);
531		PSPUBLIC void psHmacSha384Update(psHmacSha384_t *ctx,
532		const unsigned char *buf, uint32_t len);
533		PSPUBLIC void psHmacSha384Final(psHmacSha384_t * ctx,
534		unsigned char hash[SHA384_HASHLEN]);
535		# endif
536
537		/******************************************************************************/
538		/*
539		Private Key Parsing
540		PKCS#1 - RSA specific
541		PKCS#8 - General private key storage format
542		*/
543		# ifdef USE_PRIVATE_KEY_PARSING
544		# ifdef MATRIX_USE_FILE_SYSTEM
545		# ifdef USE_RSA
546		PSPUBLIC int32_t psPkcs1ParsePrivFile(psPool_t pool, const char fileName,
547		const char password, psRsaKey_t key);
548		PSPUBLIC int32_t psPkcs1ParsePubFile(psPool_t pool, const char fileName,
549		psRsaKey_t *key);
550		# endif
551		PSPUBLIC int32_t psPkcs1DecodePrivFile(psPool_t pool, const char fileName,
552		const char password, unsigned char DERout, psSize_t DERlen);
553		# endif /* MATRIX_USE_FILESYSTEM */
554		# ifdef USE_PKCS8
555		PSPUBLIC int32 psPkcs8ParsePrivBin(psPool_t pool, unsigned char p,
556		int32 size, char pass, psPubKey_t key);
557		# if defined(MATRIX_USE_FILE_SYSTEM) && defined (USE_PKCS12)
558		PSPUBLIC int32 psPkcs12Parse(psPool_t pool, psX509Cert_t *cert,
559		psPubKey_t privKey, const unsigned char file, int32 flags,
560		unsigned char *importPass, int32 ipasslen,
561		unsigned char *privkeyPass, int32 kpasslen);
562		# endif
563		# endif /* USE_PKCS8 */
564		# endif /* USE_PRIVATE_KEY_PARSING */
565
566		# ifdef USE_PKCS5
567		/******************************************************************************/
568		/*
569		PKCS#5 PBKDF v1 and v2 key generation
570		*/
571		PSPUBLIC int32_t psPkcs5Pbkdf1(unsigned char *pass, uint32 passlen,
572		unsigned char salt, int32 iter, unsigned char key);
573		PSPUBLIC void psPkcs5Pbkdf2(unsigned char *password, uint32 pLen,
574		unsigned char *salt, uint32 sLen, int32 rounds,
575		unsigned char *key, uint32 kLen);
576		# endif /* USE_PKCS5 */
577
578		/******************************************************************************/
579		/*
580		Public Key Cryptography
581		*/
582		# if defined(USE_RSA) \|\| defined(USE_ECC) \|\| defined(USE_DH)
583		PSPUBLIC int32_t psInitPubKey(psPool_t pool, psPubKey_t key, uint8_t type);
584		PSPUBLIC void psClearPubKey(psPubKey_t *key);
585		PSPUBLIC int32_t psNewPubKey(psPool_t pool, uint8_t type, psPubKey_t *key);
586		PSPUBLIC void psDeletePubKey(psPubKey_t **key);
587		PSPUBLIC int32_t psParseUnknownPrivKey(psPool_t *pool, int pemOrDer,
588		const char keyfile, const char password,
589		psPubKey_t *privkey);
590		PSPUBLIC int32_t psParseUnknownPrivKeyMem(psPool_t *pool,
591		unsigned char *keyBuf, int32 keyBufLen,
592		const char password, psPubKey_t privkey);
593		PSPUBLIC int32_t psParseUnknownPubKey(psPool_t *pool, int pemOrDer,
594		char keyfile, const char password, psPubKey_t *pubkey);
595		# endif
596
597		# ifdef USE_RSA
598		/******************************************************************************/
599
600		PSPUBLIC int32_t psRsaInitKey(psPool_t pool, psRsaKey_t key);
601		PSPUBLIC void psRsaClearKey(psRsaKey_t *key);
602		PSPUBLIC int32_t psRsaCopyKey(psRsaKey_t to, const psRsaKey_t from);
603
604		PSPUBLIC int32_t psRsaParsePkcs1PrivKey(psPool_t *pool,
605		const unsigned char *p, psSize_t size,
606		psRsaKey_t *key);
607		PSPUBLIC int32_t psRsaParseAsnPubKey(psPool_t * pool,
608		const unsigned char **pp, psSize_t len,
609		psRsaKey_t * key, unsigned char sha1KeyHash[SHA1_HASHLEN]);
610		PSPUBLIC psSize_t psRsaSize(const psRsaKey_t *key);
611		PSPUBLIC int32_t psRsaCmpPubKey(const psRsaKey_t k1, const psRsaKey_t k2);
612
613		PSPUBLIC int32_t psRsaEncryptPriv(psPool_t pool, psRsaKey_t key,
614		const unsigned char *in, psSize_t inlen,
615		unsigned char *out, psSize_t outlen,
616		void *data);
617		PSPUBLIC int32_t psRsaEncryptPub(psPool_t pool, psRsaKey_t key,
618		const unsigned char *in, psSize_t inlen,
619		unsigned char *out, psSize_t outlen,
620		void *data);
621		PSPUBLIC int32_t psRsaDecryptPriv(psPool_t pool, psRsaKey_t key,
622		unsigned char *in, psSize_t inlen,
623		unsigned char *out, psSize_t outlen,
624		void *data);
625		PSPUBLIC int32_t psRsaDecryptPub(psPool_t pool, psRsaKey_t key,
626		unsigned char *in, psSize_t inlen,
627		unsigned char *out, psSize_t outlen,
628		void *data);
629
630		PSPUBLIC int32_t psRsaCrypt(psPool_t pool, psRsaKey_t key,
631		const unsigned char *in, psSize_t inlen,
632		unsigned char out, psSize_t outlen,
633		uint8_t type, void *data);
634
635		PSPUBLIC int32_t pubRsaDecryptSignedElement(psPool_t pool, psRsaKey_t key,
636		unsigned char *in, psSize_t inlen,
637		unsigned char *out, psSize_t outlen,
638		void *data);
639		PSPUBLIC int32_t pubRsaDecryptSignedElementExt(psPool_t pool, psRsaKey_t key,
640		unsigned char *in, psSize_t inlen,
641		unsigned char *out, psSize_t outlen,
642		int32_t signatureAlgorithm, void *data);
643		PSPUBLIC int32_t privRsaEncryptSignedElement(psPool_t pool, psRsaKey_t key,
644		const unsigned char *in, psSize_t inlen,
645		unsigned char *out, psSize_t outlen,
646		void *data);
647		# ifdef USE_PKCS1_OAEP
648		PSPUBLIC int32 psPkcs1OaepEncode(psPool_t pool, const unsigned char msg,
649		uint32 msglen, const unsigned char *lparam,
650		uint32 lparamlen, unsigned char *seed, uint32 seedLen,
651		uint32 modulus_bitlen, int32 hash_idx,
652		unsigned char out, psSize_t outlen);
653		PSPUBLIC int32 psPkcs1OaepDecode(psPool_t pool, const unsigned char msg,
654		uint32 msglen, const unsigned char *lparam, uint32 lparamlen,
655		uint32 modulus_bitlen, int32 hash_idx,
656		unsigned char out, psSize_t outlen);
657		# endif /* USE_PKCS1_OAEP */
658		# ifdef USE_PKCS1_PSS
659		PSPUBLIC int32 psPkcs1PssEncode(psPool_t pool, const unsigned char msghash,
660		uint32 msghashlen, unsigned char *salt, uint32 saltlen,
661		int32 hash_idx, uint32 modulus_bitlen, unsigned char *out,
662		psSize_t *outlen);
663		PSPUBLIC int32 psPkcs1PssDecode(psPool_t pool, const unsigned char msghash,
664		uint32 msghashlen, const unsigned char *sig, uint32 siglen,
665		uint32 saltlen, int32 hash_idx, uint32 modulus_bitlen, int32 *res);
666		# endif /* USE_PKCS1_PSS */
667		# endif /* USE_RSA */
668
669		# ifdef USE_ECC
670		/******************************************************************************/
671
672		PSPUBLIC int32_t psEccInitKey(psPool_t pool, psEccKey_t key,
673		const psEccCurve_t *curve);
674		PSPUBLIC void psEccClearKey(psEccKey_t *key);
675		PSPUBLIC int32_t psEccNewKey(psPool_t pool, psEccKey_t *key,
676		const psEccCurve_t *curve);
677		PSPUBLIC void psEccDeleteKey(psEccKey_t **key);
678		PSPUBLIC int32 psEccCopyKey(psEccKey_t to, psEccKey_t from);
679		PSPUBLIC uint8_t psEccSize(const psEccKey_t *key);
680
681		PSPUBLIC int32_t psEccGenKey(psPool_t pool, psEccKey_t key,
682		const psEccCurve_t curve, void usrData);
683
684		PSPUBLIC int32_t psEccParsePrivKey(psPool_t *pool,
685		const unsigned char *keyBuf, psSize_t keyBufLen,
686		psEccKey_t keyPtr, const psEccCurve_t curve);
687		PSPUBLIC int32_t psEccParsePrivFile(psPool_t *pool,
688		const char fileName, const char password,
689		psEccKey_t *key);
690
691		PSPUBLIC int32_t psEccX963ImportKey(psPool_t *pool,
692		const unsigned char *in, psSize_t inlen,
693		psEccKey_t key, const psEccCurve_t curve);
694		PSPUBLIC int32_t psEccX963ExportKey(psPool_t pool, const psEccKey_t key,
695		unsigned char out, psSize_t outlen);
696
697		PSPUBLIC int32_t psEccGenSharedSecret(psPool_t *pool,
698		const psEccKey_t privKey, const psEccKey_t pubKey,
699		unsigned char outbuf, psSize_t outlen, void *usrData);
700
701		PSPUBLIC int32_t psEccDsaSign(psPool_t pool, const psEccKey_t privKey,
702		const unsigned char *buf, psSize_t buflen,
703		unsigned char sig, psSize_t siglen,
704		uint8_t includeSize, void *usrData);
705		PSPUBLIC int32_t psEccDsaVerify(psPool_t pool, const psEccKey_t key,
706		const unsigned char *buf, psSize_t bufLen,
707		const unsigned char *sig, psSize_t siglen,
708		int32_t status, void usrData);
709		# endif /* USE_ECC */
710
711		# ifdef USE_DH
712		/******************************************************************************/
713		/*
714		PKCS#3 - Diffie-Hellman parameters
715		*/
716		PSPUBLIC int32_t psPkcs3ParseDhParamBin(psPool_t *pool,
717		const unsigned char *dhBin, psSize_t dhBinLen,
718		psDhParams_t *params);
719		# ifdef MATRIX_USE_FILE_SYSTEM
720		PSPUBLIC int32_t psPkcs3ParseDhParamFile(psPool_t pool, const char fileName,
721		psDhParams_t *params);
722		# endif
723		PSPUBLIC int32_t psDhExportParameters(psPool_t *pool,
724		const psDhParams_t *params,
725		unsigned char *pp, psSize_t pLen,
726		unsigned char *pg, psSize_t gLen);
727		PSPUBLIC void psPkcs3ClearDhParams(psDhParams_t *params);
728
729		PSPUBLIC int32_t psDhImportPubKey(psPool_t *pool,
730		const unsigned char *inbuf, psSize_t inlen,
731		psDhKey_t *key);
732		PSPUBLIC int32_t psDhExportPubKey(psPool_t pool, const psDhKey_t key,
733		unsigned char out, psSize_t outlen);
734		PSPUBLIC void psDhClearKey(psDhKey_t *key);
735		PSPUBLIC psSize_t psDhSize(const psDhKey_t *key);
736
737		PSPUBLIC int32_t psDhGenKey(psPool_t *pool, psSize_t keysize,
738		const unsigned char *pBin, psSize_t pLen,
739		const unsigned char *gBin, psSize_t gLen,
740		psDhKey_t key, void usrData);
741		PSPUBLIC int32_t psDhGenKeyInts(psPool_t *pool, psSize_t keysize,
742		const pstm_int p, const pstm_int g,
743		psDhKey_t key, void usrData);
744
745		PSPUBLIC int32_t psDhGenSharedSecret(psPool_t *pool,
746		const psDhKey_t privKey, const psDhKey_t pubKey,
747		const unsigned char *pBin, psSize_t pBinLen,
748		unsigned char out, psSize_t outlen, void *usrData);
749
750		# endif /* USE_DH */
751
752		# ifdef USE_X509
753		/******************************************************************************/
754		/*
755		X.509 Certificate support
756		*/
757		PSPUBLIC int32 psX509ParseCertFile(psPool_t pool, char fileName,
758		psX509Cert_t **outcert, int32 flags);
759		PSPUBLIC int32 psX509ParseCert(psPool_t pool, const unsigned char pp, uint32 size,
760		psX509Cert_t **outcert, int32 flags);
761		PSPUBLIC void psX509FreeCert(psX509Cert_t *cert);
762		# ifdef USE_CERT_PARSE
763		PSPUBLIC int32 psX509GetCertPublicKeyDer(psX509Cert_t *cert,
764		unsigned char *der_out,
765		psSize_t *der_out_len);
766		PSPUBLIC int32 psX509AuthenticateCert(psPool_t pool, psX509Cert_t subjectCert,
767		psX509Cert_t issuerCert, psX509Cert_t *foundIssuer,
768		void hwCtx, void poolUserPtr);
769		# endif
770		# ifdef USE_CRL
771		# define CRL_CHECK_EXPECTED 5 /* cert had a dist point but not fetched yet */
772		# define CRL_CHECK_NOT_EXPECTED 6 /* cert didn't have dist point */
773		# define CRL_CHECK_PASSED_AND_AUTHENTICATED 7 /* all completely good */
774		# define CRL_CHECK_PASSED_BUT_NOT_AUTHENTICATED 8 /* had CRL but no auth done */
775		# define CRL_CHECK_REVOKED_AND_AUTHENTICATED 9
776		# define CRL_CHECK_REVOKED_BUT_NOT_AUTHENTICATED 10
777		# define CRL_CHECK_CRL_EXPIRED 11/* CRL expired. Revocation not tested */
778
779
780		PSPUBLIC int32 psX509GetCRLVersion(const unsigned char *crlBin,
781		int32 crlBinLen);
782		PSPUBLIC int32_t psX509ParseCRL(psPool_t pool, psX509Crl_t *crl,
783		unsigned char *crlBin, int32 crlBinLen);
784		PSPUBLIC void psX509FreeCRL(psX509Crl_t *crl);
785		PSPUBLIC int32_t psX509GetCRLdistURL(psX509Cert_t cert, char *url,
786		uint32_t *urlLen);
787		PSPUBLIC int32_t psX509AuthenticateCRL(psX509Cert_t CA, psX509Crl_t CRL,
788		void *poolUserPtr);
789
790		/* CRL global cache management */
791		PSPUBLIC int psCRL_Update(psX509Crl_t *crl, int deleteExisting);
792		PSPUBLIC int psCRL_Insert(psX509Crl_t *crl);
793		PSPUBLIC int psCRL_Remove(psX509Crl_t crl); / Doesn't delete! */
794		PSPUBLIC int psCRL_Delete(psX509Crl_t *crl);
795		PSPUBLIC void psCRL_RemoveAll();
796		PSPUBLIC void psCRL_DeleteAll();
797		PSPUBLIC psX509Crl_t psCRL_GetCRLForCert(psX509Cert_t cert);
798		PSPUBLIC int32_t psCRL_isRevoked(psX509Cert_t cert, psX509Crl_t CRL);
799		PSPUBLIC int32_t psCRL_determineRevokedStatus(psX509Cert_t *cert);
800		PSPUBLIC int32_t psCRL_determineRevokedStatusBDT(psX509Cert_t *cert,
801		psBrokenDownTime_t *bdt);
802
803		# endif /* USE_CRL */
804		# endif /* USE_X509 */
805
806		/******************************************************************************/
807		/*
808		Pseudorandom Number Generation
809		*/
810		PSPUBLIC int32_t psInitPrng(psRandom_t ctx, void userPtr);
811		PSPUBLIC int32_t psGetPrng(psRandom_t ctx, unsigned char bytes, psSize_t size,
812		void *userPtr);
813
814		# ifdef USE_YARROW
815		/******************************************************************************/
816		PSPUBLIC int32 psYarrowStart(psYarrow_t *ctx);
817		PSPUBLIC int32 psYarrowAddEntropy(unsigned char *in, uint32 inlen,
818		psYarrow_t *prng);
819		PSPUBLIC int32 psYarrowReseed(psYarrow_t *ctx);
820		PSPUBLIC uint32 psYarrowRead(unsigned char out, uint32 outlen, psYarrow_t cx);
821		PSPUBLIC int32 psYarrowDone(psYarrow_t *ctx);
822		PSPUBLIC int32 psYarrowExport(unsigned char out, uint32 outlen,
823		psYarrow_t *ctx);
824		PSPUBLIC int32 psYarrowImport(unsigned char in, uint32 inlen, psYarrow_t ctx);
825		# endif /* USE_YARROW */
826
827		/******************************************************************************/
828		/*
829		Deprecated Algorithms
830		*/
831		# ifdef USE_ARC4
832		/******************************************************************************/
833		PSPUBLIC int32_t psArc4Init(psArc4_t *ctx,
834		const unsigned char *key, uint8_t keylen);
835		PSPUBLIC void psArc4(psArc4_t ctx, const unsigned char in,
836		unsigned char *out, uint32_t len);
837		PSPUBLIC void psArc4Clear(psArc4_t *ctx);
838		# endif
839
840		# ifdef USE_SEED
841		/******************************************************************************/
842		PSPUBLIC int32_t psSeedInit(psSeed_t *ctx, const unsigned char IV[SEED_IVLEN],
843		const unsigned char key[SEED_KEYLEN]);
844		PSPUBLIC void psSeedDecrypt(psSeed_t ctx, const unsigned char ct,
845		unsigned char *pt, uint32_t len);
846		PSPUBLIC void psSeedEncrypt(psSeed_t ctx, const unsigned char pt,
847		unsigned char *ct, uint32_t len);
848		PSPUBLIC void psSeedClear(psSeed_t *ctx);
849		# endif
850
851		# ifdef USE_IDEA
852		/******************************************************************************/
853		PSPUBLIC int32_t psIdeaInit(psIdea_t *ctx, const unsigned char IV[IDEA_IVLEN],
854		const unsigned char key[IDEA_KEYLEN]);
855		PSPUBLIC void psIdeaDecrypt(psIdea_t ctx, const unsigned char ct,
856		unsigned char *pt, uint32_t len);
857		PSPUBLIC void psIdeaEncrypt(psIdea_t ctx, const unsigned char pt,
858		unsigned char *ct, uint32_t len);
859		PSPUBLIC void psIdeaClear(psIdea_t *ctx);
860		# endif
861
862		# ifdef USE_RC2
863		/******************************************************************************/
864		PSPUBLIC int32_t psRc2Init(psRc2Cbc_t ctx, const unsigned char IV,
865		const unsigned char *key, uint8_t keylen);
866		PSPUBLIC int32_t psRc2Decrypt(psRc2Cbc_t ctx, const unsigned char ct,
867		unsigned char *pt, uint32_t len);
868		PSPUBLIC int32_t psRc2Encrypt(psRc2Cbc_t ctx, const unsigned char pt,
869		unsigned char *ct, uint32_t len);
870		# endif
871
872		# ifdef USE_MD4
873		/******************************************************************************/
874		PSPUBLIC void psMd4Init(psMd4_t *md);
875		PSPUBLIC void psMd4Update(psMd4_t md, const unsigned char buf, uint32_t len);
876		PSPUBLIC int32_t psMd4Final(psMd4_t md, unsigned char hash);
877		# endif
878
879		# ifdef USE_MD2
880		/******************************************************************************/
881		static __inline void psMd2PreInit(psMd2_t *md2)
882		{
883		/* Nothing to pre-initialize for native crypto. */
884		}
885		PSPUBLIC void psMd2Init(psMd2_t *md);
886		PSPUBLIC int32_t psMd2Update(psMd2_t md, const unsigned char buf,
887		uint32_t len);
888		PSPUBLIC int32_t psMd2Final(psMd2_t md, unsigned char hash);
889		# endif
890
891		/* MatrixSSL 3.9.0 has cleaned up namespaces used by MatrixSSL crypto library.
892		These aliases are provided for backwards compatibility with applications
893		using MatrixSSL 3.8.x API. */
894		# ifndef NO_MATRIXSSL_3_8_API_COMPATIBILITY
895		# define pkcs1OaepEncode psPkcs1OaepEncode
896		# define pkcs1OaepDecode psPkcs1OaepDecode
897		# define pkcs1PssEncode psPkcs1PssEncode
898		# define pkcs1PssDecode psPkcs1PssDecode
899		# define pkcs1ParsePrivFile psPkcs1ParsePrivFile
900		# define pkcs1DecodePrivFile psPkcs1DecodePrivFile
901		# define pkcs8ParsePrivBin psPkcs8ParsePrivBin
902		# define pkcs5pbkdf1 psPkcs5Pbkdf1
903		# define pkcs5pbkdf2 psPkcs5Pbkdf2
904		# define pkcs3ParseDhParamBin psPkcs3ParseDhParamBin
905		# define pkcs3ParseDhParamFile psPkcs3ParseDhParamFile
906		# define pkcs3ClearDhParams psPkcs3ClearDhParams
907		# define matrixSslWriteOCSPRequest psOcspRequestWriteOld
908		# define matrixSslWriteOCSPRequestInfoSetSigning \
909		psOcspRequestWriteInfoSetSigning
910		# define matrixSslWriteOCSPRequestInfoSetRequestorId \
911		psOcspRequestWriteInfoSetRequestorId
912		# define matrixSslWriteOCSPRequestInfoFreeRequestorId \
913		psOcspRequestWriteInfoFreeRequestorId
914		# define matrixSslWriteOCSPRequestExt psOcspRequestWrite
915		# define matrixSslWriteOCSPRequestVersion \
916		psOcspRequestWriteVersion
917		# define matrixSslOCSPNonceExtension psOcspWriteNonceExtension
918		# define validateOCSPResponse psOcspResponseValidateOld
919		# define validateOCSPResponse_ex psOcspResponseValidate
920		# define parseOCSPResponse psOcspParseResponse
921		# define getOCSPResponseStatus psOcspResponseGetStatus
922		# define checkOCSPResponseDates psOcspResponseCheckDates
923		# define uninitOCSPResponse psOcspResponseUninit
924		# define matrixCryptoGetPrngData psGetPrngLocked
925		# define s_pstm_sub pstm_sub_s
926		# define mOCSPResponse_t psOcspResponse_t
927		# define mOCSPSingleResponse_t psOcspSingleResponse_t
928
929		# endif /* NO_MATRIXSSL_3_8_API_COMPATIBILITY */
930
931		# ifdef __cplusplus
932		}
933		# endif
934
935		#endif /* _h_PS_CRYPTOAPI */
936
937		/******************************************************************************/
938