david/ipxe
david
/
ipxe
Archived
1
0
Fork 0
Code

[crypto] Remove unused files

This commit is contained in:
Michael Brown 2009-02-10 15:47:44 +00:00
parent 750c19466a
commit 5a99c586cf
7 changed files with 0 additions and 1851 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
src/crypto/cryptoLayer.h
View File

@ -1,120 +0,0 @@
#ifndef _MATRIXSSL_CRYPTOLAYER_H
#define _MATRIXSSL_CRYPTOLAYER_H
/** @file
*
* Compatibility layer for MatrixSSL
*
*/
#include <stdint.h>
#include <stddef.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <assert.h>
#include <byteswap.h>
#include <gpxe/rotate.h>
#include <gpxe/crypto.h>
/* Drag in pscrypto.h */
typedef uint64_t ulong64;
typedef void psPool_t;
#define SMALL_CODE
#define USE_INT64
#define USE_RSA
#define USE_RSA_PUBLIC_ENCRYPT
#define CRYPT
#include "matrixssl/pscrypto.h"
#define SMALL_CODE
#undef CLEAN_STACK
#define sslAssert( ... ) assert ( __VA_ARGS__ )
static inline __attribute__ (( always_inline )) void * __malloc
psMalloc ( psPool_t *pool __unused, size_t len ) {
return malloc ( len );
}
static inline __attribute__ (( always_inline )) void *
psRealloc ( void *ptr, size_t len ) {
return realloc ( ptr, len );
}
static inline __attribute__ (( always_inline )) void psFree ( void *ptr ) {
free ( ptr );
}
#define matrixStrDebugMsg( ... ) DBG ( __VA_ARGS__ )
#define matrixIntDebugMsg( ... ) DBG ( __VA_ARGS__ )
/* Use our standard cpu_to_leXX etc. macros */
#undef LOAD32L
#define LOAD32L( cpu32, ptr ) do { \
uint32_t *le32 = ( ( uint32_t * ) ptr ); \
cpu32 = le32_to_cpu ( *le32 ); \
} while ( 0 )
#undef LOAD32H
#define LOAD32H( cpu32, ptr ) do { \
uint32_t *be32 = ( ( uint32_t * ) ptr ); \
cpu32 = be32_to_cpu ( *be32 ); \
} while ( 0 )
#undef LOAD64L
#define LOAD64L( cpu64, ptr ) do { \
uint64_t *le64 = ( ( uint64_t * ) ptr ); \
cpu64 = le64_to_cpu ( *le64 ); \
} while ( 0 )
#undef LOAD64H
#define LOAD64H( cpu64, ptr ) do { \
uint64_t *be64 = ( ( uint64_t * ) ptr ); \
cpu64 = be64_to_cpu ( *be64 ); \
} while ( 0 )
#undef STORE32L
#define STORE32L( cpu32, ptr ) do { \
uint32_t *le32 = ( ( uint32_t * ) ptr ); \
*le32 = cpu_to_le32 ( cpu32 ); \
} while ( 0 )
#undef STORE32H
#define STORE32H( cpu32, ptr ) do { \
uint32_t *be32 = ( ( uint32_t * ) ptr ); \
*be32 = cpu_to_be32 ( cpu32 ); \
} while ( 0 )
#undef STORE64L
#define STORE64L( cpu64, ptr ) do { \
uint64_t *le64 = ( ( uint64_t * ) ptr ); \
*le64 = cpu_to_le64 ( cpu64 ); \
} while ( 0 )
#undef STORE64H
#define STORE64H( cpu64, ptr ) do { \
uint64_t *be64 = ( ( uint64_t * ) ptr ); \
*be64 = cpu_to_be64 ( cpu64 ); \
} while ( 0 )
/* Use rolXX etc. from bitops.h */
#undef ROL
#define ROL( data, rotation ) rol32 ( (data), (rotation) )
#undef ROLc
#define ROLc( data, rotation ) rol32 ( (data), (rotation) )
#undef ROR
#define ROR( data, rotation ) ror32 ( (data), (rotation) )
#undef RORc
#define RORc( data, rotation ) ror32 ( (data), (rotation) )
#undef ROL64
#define ROL64( data, rotation ) rol64 ( (data), (rotation) )
#undef ROL64c
#define ROL64c( data, rotation ) rol64 ( (data), (rotation) )
#undef ROR64
#define ROR64( data, rotation ) ror64 ( (data), (rotation) )
#undef ROR64c
#define ROR64c( data, rotation ) ror64 ( (data), (rotation) )
#endif /* _MATRIXSSL_CRYPTOLAYER_H */

86
src/crypto/framework.c
View File

@ -1,86 +0,0 @@
/* mcb - this file breaks the build process; temporarily deactivating */
#if 0
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include "ssl.h"
int main(int argc, char *argv[])
{
SSL_t ssl;
int sockfd, portno, rc;
struct sockaddr_in serv_addr;
struct hostent *server;
portno = 443;
sockfd = socket(AF_INET,SOCK_STREAM,0);
if(sockfd<0){
fprintf(stderr,"Error creating socket\n");
exit(sockfd);
}
server = gethostbyname(argv[1]);
if(server==NULL){
fprintf(stderr,"Error looking up host %s\n",argv[1]);
exit(1);
}
/**
*matrixSslOpen()
*matrixSslReadKeys()
**/
printf("Calling CreateSSLHello()\n");
rc = CreateSSLHello(&ssl);
printf("Finished calling CreateSSLHello()\n");
bzero((char *) &serv_addr, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
bcopy((char *)server->h_addr,(char *)&serv_addr.sin_addr.s_addr,server->h_length);
serv_addr.sin_port = htons(portno);
if(connect(sockfd,(struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0){
fprintf(stderr,"ERROR connecting to server\n");
exit(1);
}
PrintSSLPacket(&ssl);
printf("Write ssl.buffer\n");
write(sockfd,ssl.buffer,ssl.length);
printf("Finished writing\n");
ssl.length = read(sockfd,ssl.buffer,ssl.max_size);
ReadSSLHello(&ssl);
/**
*matrixSslNewSession()
*matrixSslSetCetValidator()
*encodeSslHandshake()
*write handshake buffer
*readSslResponse() <-+
|
*read return code |-- similar/same function??
|
*sslEncode() |
*sslDecode() <-------+
*encodeSslCloseAlert()
*write close alert buffer
**/
close(sockfd);
/**
*sslClose()
* -free connection
* -free keys
* -close pki interface
**/
return 0;
}
#endif

487
src/crypto/matrixssl/mpi.h
View File

@ -1,487 +0,0 @@
/*
* mpi.h
* Release $Name$
*
* multiple-precision integer library
*/
/*
* Copyright (c) PeerSec Networks, 2002-2006. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl.org
*
* This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This General Public License does NOT permit incorporating this software
* into proprietary programs. If you are unable to comply with the GPL, a
* commercial license for this software may be purchased from PeerSec Networks
* at http://www.peersec.com
*
* This program is distributed in WITHOUT ANY WARRANTY; without even the
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html
*/
/******************************************************************************/
#ifndef _h_MPI
#define _h_MPI
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
#include <limits.h>
#undef MIN
#define MIN(x,y) ((x)<(y)?(x):(y))
#undef MAX
#define MAX(x,y) ((x)>(y)?(x):(y))
#ifdef __cplusplus
extern "C" {
/*
C++ compilers don't like assigning void * to mp_digit *
*/
#define OPT_CAST(x) (x *)
#else
/*
C on the other hand doesn't care
*/
#define OPT_CAST(x)
#endif /* __cplusplus */
/******************************************************************************/
/*
some default configurations.
A "mp_digit" must be able to hold DIGIT_BIT + 1 bits
A "mp_word" must be able to hold 2*DIGIT_BIT + 1 bits
At the very least a mp_digit must be able to hold 7 bits
[any size beyond that is ok provided it doesn't overflow the data type]
*/
#ifdef MP_8BIT
typedef unsigned char mp_digit;
typedef unsigned short mp_word;
#elif defined(MP_16BIT)
typedef unsigned short mp_digit;
typedef unsigned long mp_word;
#elif defined(MP_64BIT)
/*
for GCC only on supported platforms
*/
#ifndef CRYPT
typedef unsigned long long ulong64;
typedef signed long long long64;
#endif /* CRYPT */
typedef ulong64 mp_digit;
typedef unsigned long mp_word __attribute__ ((mode(TI)));
#define DIGIT_BIT 60
#else /* MP_8BIT */
/*
this is the default case, 28-bit digits
*/
#ifndef CRYPT
#if defined(_MSC_VER) || defined(__BORLANDC__)
typedef unsigned __int64 ulong64;
typedef signed __int64 long64;
#else
typedef unsigned long long ulong64;
typedef signed long long long64;
#endif
#endif /* CRYPT */
typedef unsigned long mp_digit;
typedef ulong64 mp_word;
#ifdef MP_31BIT
/*
this is an extension that uses 31-bit digits
*/
#define DIGIT_BIT 31
#else /* MP_31BIT */
/*
default case is 28-bit digits, defines MP_28BIT as a handy macro to test
*/
#define DIGIT_BIT 28
#define MP_28BIT
#endif /* MP_31BIT */
#endif /* MP_8BIT */
/*
otherwise the bits per digit is calculated automatically from the size of
a mp_digit
*/
#ifndef DIGIT_BIT
#define DIGIT_BIT ((int32)((CHAR_BIT * sizeof(mp_digit) - 1))) /* bits per digit */
#endif /* DIGIT_BIT */
#define MP_DIGIT_BIT DIGIT_BIT
#define MP_MASK ((((mp_digit)1)<<((mp_digit)DIGIT_BIT))-((mp_digit)1))
#define MP_DIGIT_MAX MP_MASK
/******************************************************************************/
/*
equalities
*/
#define MP_LT -1 /* less than */
#define MP_EQ 0 /* equal to */
#define MP_GT 1 /* greater than */
#define MP_ZPOS 0 /* positive integer */
#define MP_NEG 1 /* negative */
#define MP_OKAY 0 /* ok result */
#define MP_MEM -2 /* out of mem */
#define MP_VAL -3 /* invalid input */
#define MP_RANGE MP_VAL
#define MP_YES 1 /* yes response */
#define MP_NO 0 /* no response */
typedef int32 mp_err;
/******************************************************************************/
/*
various build options
*/
#define MP_PREC 64 /* default digits of precision */
/*
define this to use lower memory usage routines (exptmods mostly)
*/
#define MP_LOW_MEM
/*
size of comba arrays, should be at least
2 * 2**(BITS_PER_WORD - BITS_PER_DIGIT*2)
*/
#define MP_WARRAY (1 << (sizeof(mp_word) * CHAR_BIT - 2 * DIGIT_BIT + 1))
typedef struct {
int32 used, alloc, sign;
mp_digit *dp;
} mp_int;
#define USED(m) ((m)->used)
#define DIGIT(m,k) ((m)->dp[(k)])
#define SIGN(m) ((m)->sign)
/******************************************************************************/
/*
init and deinit bignum functions
*/
/*
init a bignum
*/
extern int32 mp_init(psPool_t *pool, mp_int *a);
/*
free a bignum
*/
extern void mp_clear(mp_int *a);
/*
init a series of arguments
*/
extern int32 _mp_init_multi(psPool_t *pool, mp_int *mp0, mp_int *mp1, mp_int *mp2,
mp_int *mp3, mp_int *mp4, mp_int *mp5, mp_int *mp6,
mp_int *mp7);
/*
clear a series of arguments
*/
extern void _mp_clear_multi(mp_int *mp0, mp_int *mp1, mp_int *mp2, mp_int *mp3,
mp_int *mp4, mp_int *mp5, mp_int *mp6, mp_int *mp7);
/*
exchange two ints
*/
extern void mp_exch(mp_int *a, mp_int *b);
/*
shrink ram required for a bignum
*/
extern int32 mp_shrink(mp_int *a);
/*
grow an int32 to a given size
*/
extern int32 mp_grow(mp_int *a, int32 size);
/*
init to a given number of digits
*/
extern int32 mp_init_size(psPool_t *pool, mp_int *a, int32 size);
/******************************************************************************/
/*
Basic Manipulations
*/
#define mp_iszero(a) (((a)->used == 0) ? MP_YES : MP_NO)
#define mp_iseven(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? MP_YES : MP_NO)
#define mp_isodd(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? MP_YES : MP_NO)
extern int32 mp_add_d (mp_int * a, mp_digit b, mp_int * c);
extern int32 mp_sub_d (mp_int * a, mp_digit b, mp_int * c);
/*
set to zero
*/
extern void mp_zero(mp_int *a);
/*
set to a digit
*/
extern void mp_set(mp_int *a, mp_digit b);
/*
copy, b = a
*/
extern int32 mp_copy(mp_int *a, mp_int *b);
/*
inits and copies, a = b
*/
extern int32 mp_init_copy(psPool_t *pool, mp_int *a, mp_int *b);
/*
trim unused digits
*/
extern void mp_clamp(mp_int *a);
/******************************************************************************/
/*
digit manipulation
*/
/*
right shift by "b" digits
*/
extern void mp_rshd(mp_int *a, int32 b);
/*
left shift by "b" digits
*/
extern int32 mp_lshd(mp_int *a, int32 b);
/*
c = a / 2**b
*/
extern int32 mp_div_2d(psPool_t *pool, mp_int *a, int32 b, mp_int *c, mp_int *d);
/*
b = a/2
*/
extern int32 mp_div_2(mp_int *a, mp_int *b);
/*
c = a * 2**b
*/
extern int32 mp_mul_2d(mp_int *a, int32 b, mp_int *c);
/*
c = a mod 2**d
*/
extern int32 mp_mod_2d(mp_int *a, int32 b, mp_int *c);
/*
computes a = 2**b
*/
extern int32 mp_2expt(mp_int *a, int32 b);
/******************************************************************************/
/*
Basic arithmetic
*/
/*
b = |a|
*/
extern int32 mp_abs(mp_int *a, mp_int *b);
/*
compare a to b
*/
extern int32 mp_cmp(mp_int *a, mp_int *b);
/*
compare |a| to |b|
*/
extern int32 mp_cmp_mag(mp_int *a, mp_int *b);
/*
c = a + b
*/
extern int32 mp_add(mp_int *a, mp_int *b, mp_int *c);
/*
c = a - b
*/
extern int32 mp_sub(mp_int *a, mp_int *b, mp_int *c);
/*
c = a * b
b = a*a
*/
/* STEVE - moved mp_mul out of SLOW case */
extern int32 mp_mul(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c);
#ifdef USE_SMALL_WORD
extern int32 mp_sqr(psPool_t *pool, mp_int *a, mp_int *b);
#endif
/*
a/b => cb + d == a
*/
extern int32 mp_div(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, mp_int *d);
/*
c = a mod b, 0 <= c < b
*/
extern int32 mp_mod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c);
/******************************************************************************/
/*
single digit functions
*/
/*
compare against a single digit
*/
extern int32 mp_cmp_d(mp_int *a, mp_digit b);
/*
c = a * b
*/
extern int32 mp_mul_d(mp_int *a, mp_digit b, mp_int *c);
/******************************************************************************/
/*
number theory
*/
/*
d = a + b (mod c)
*/
extern int32 mp_addmod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, mp_int *d);
/*
d = a * b (mod c)
*/
extern int32 mp_mulmod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, mp_int *d);
/*
c = 1/a (mod b)
*/
#ifdef USE_SMALL_WORD
extern int32 mp_invmod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c);
#endif
/*
setups the montgomery reduction
*/
extern int32 mp_montgomery_setup(mp_int *a, mp_digit *mp);
/*
computes a = B**n mod b without division or multiplication useful for
normalizing numbers in a Montgomery system.
*/
extern int32 mp_montgomery_calc_normalization(mp_int *a, mp_int *b);
/*
computes x/R == x (mod N) via Montgomery Reduction
*/
#ifdef USE_SMALL_WORD
extern int32 mp_montgomery_reduce(mp_int *a, mp_int *m, mp_digit mp);
#endif
/*
d = a**b (mod c)
*/
/* TODO - we never define this */
extern int32 mp_exptmod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, mp_int *d);
/******************************************************************************/
/*
If we're using 1024 or 2048 bit keys and 28 bit digits, we only need the
fast_ versions of these functions, removing the others to save space.
Otherwise, we include the slow versions as well and which version to use
is done at runtime.
*/
#ifdef USE_SMALL_WORD
extern int32 s_mp_mul_digs(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c,
int32 digs);
extern int32 s_mp_sqr(psPool_t *pool, mp_int *a, mp_int *b);
#else
#define mp_montgomery_reduce fast_mp_montgomery_reduce
#define mp_sqr fast_s_mp_sqr
#if STEVE
#define mp_mul(P, A, B, C) fast_s_mp_mul_digs(P, A, B, C, (A)->used + (B)->used + 1)
#endif
#define s_mp_mul_digs fast_s_mp_mul_digs
#define mp_invmod fast_mp_invmod
#endif
/******************************************************************************/
/*
radix conversion
*/
extern int32 mp_count_bits(mp_int *a);
extern int32 mp_unsigned_bin_size(mp_int *a);
extern int32 mp_read_unsigned_bin(mp_int *a, unsigned char *b, int32 c);
extern int32 mp_to_unsigned_bin(psPool_t *pool, mp_int *a, unsigned char *b);
extern int32 mp_signed_bin_size(mp_int *a);
/*
lowlevel functions, do not call!
*/
#if STEVE
#ifdef USE_SMALL_WORD
#define s_mp_mul(P, A, B, C) s_mp_mul_digs(P, A, B, C, (A)->used + (B)->used + 1)
#else
#define s_mp_mul(P, A, B, C) sslAssert();
#endif
#endif /* STEVE */
/* define this in all cases for now STEVE */
#define s_mp_mul(P, A, B, C) s_mp_mul_digs(P, A, B, C, (A)->used + (B)->used + 1)
/*
b = a*2
*/
extern int32 mp_mul_2(mp_int *a, mp_int *b);
extern int32 s_mp_add(mp_int *a, mp_int *b, mp_int *c);
extern int32 s_mp_sub(mp_int *a, mp_int *b, mp_int *c);
extern int32 fast_s_mp_mul_digs(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c,
int32 digs);
extern int32 fast_s_mp_sqr(psPool_t *pool, mp_int *a, mp_int *b);
extern int32 fast_mp_invmod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c);
extern int32 fast_mp_montgomery_reduce(mp_int *a, mp_int *m, mp_digit mp);
extern void bn_reverse(unsigned char *s, int32 len);
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif /* _h_MPI */

661
src/crypto/matrixssl/pscrypto.h
View File

@ -1,661 +0,0 @@
/*
* pscrypto.h
* Release $Name$
*
* Internal definitions for PeerSec Networks MatrixSSL cryptography provider
*/
/*
* Copyright (c) PeerSec Networks, 2002-2006. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl.org
*
* This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This General Public License does NOT permit incorporating this software
* into proprietary programs. If you are unable to comply with the GPL, a
* commercial license for this software may be purchased from PeerSec Networks
* at http://www.peersec.com
*
* This program is distributed in WITHOUT ANY WARRANTY; without even the
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html
*/
/******************************************************************************/
#ifndef _h_PSCRYPTO
#define _h_PSCRYPTO
#ifdef __cplusplus
extern "C" {
#endif
/*
PeerSec crypto-specific defines.
*/
#define SMALL_CODE
#define CLEAN_STACK
/*
If Native 64 bit integers are not supported, we must set the 16 bit flag
to produce 32 bit mp_words in mpi.h
We must also include the slow MPI functions because the fast ones only
work with larger (28 bit) digit sizes.
*/
#ifndef USE_INT64
#define MP_16BIT
#define USE_SMALL_WORD
#endif /* USE_INT64 */
/******************************************************************************/
#ifdef USE_RSA
#include "mpi.h"
#if LINUX
#define _stat stat
#endif
/* this is the "32-bit at least" data type
* Re-define it to suit your platform but it must be at least 32-bits
*/
typedef unsigned long ulong32;
/*
Primary RSA Key struct. Define here for crypto
*/
typedef struct {
mp_int e, d, N, qP, dP, dQ, p, q;
int32 size; /* Size of the key in bytes */
int32 optimized; /* 1 for optimized */
} sslRsaKey_t;
#endif /* USE_RSA */
/*
* Private
*/
extern int32 ps_base64_decode(const unsigned char *in, uint32 len,
unsigned char *out, uint32 *outlen);
/*
* Memory routines
*/
extern void psZeromem(void *dst, size_t len);
extern void psBurnStack(unsigned long len);
/* max size of either a cipher/hash block or symmetric key [largest of the two] */
#define MAXBLOCKSIZE 24
/* ch1-01-1 */
/* error codes [will be expanded in future releases] */
enum {
CRYPT_OK=0, /* Result OK */
CRYPT_ERROR, /* Generic Error */
CRYPT_NOP, /* Not a failure but no operation was performed */
CRYPT_INVALID_KEYSIZE, /* Invalid key size given */
CRYPT_INVALID_ROUNDS, /* Invalid number of rounds */
CRYPT_FAIL_TESTVECTOR, /* Algorithm failed test vectors */
CRYPT_BUFFER_OVERFLOW, /* Not enough space for output */
CRYPT_INVALID_PACKET, /* Invalid input packet given */
CRYPT_INVALID_PRNGSIZE, /* Invalid number of bits for a PRNG */
CRYPT_ERROR_READPRNG, /* Could not read enough from PRNG */
CRYPT_INVALID_CIPHER, /* Invalid cipher specified */
CRYPT_INVALID_HASH, /* Invalid hash specified */
CRYPT_INVALID_PRNG, /* Invalid PRNG specified */
CRYPT_MEM, /* Out of memory */
CRYPT_PK_TYPE_MISMATCH, /* Not equivalent types of PK keys */
CRYPT_PK_NOT_PRIVATE, /* Requires a private PK key */
CRYPT_INVALID_ARG, /* Generic invalid argument */
CRYPT_FILE_NOTFOUND, /* File Not Found */
CRYPT_PK_INVALID_TYPE, /* Invalid type of PK key */
CRYPT_PK_INVALID_SYSTEM, /* Invalid PK system specified */
CRYPT_PK_DUP, /* Duplicate key already in key ring */
CRYPT_PK_NOT_FOUND, /* Key not found in keyring */
CRYPT_PK_INVALID_SIZE, /* Invalid size input for PK parameters */
CRYPT_INVALID_PRIME_SIZE /* Invalid size of prime requested */
};
/******************************************************************************/
/*
hash defines
*/
struct sha1_state {
#ifdef USE_INT64
ulong64 length;
#else
ulong32 lengthHi;
ulong32 lengthLo;
#endif /* USE_INT64 */
ulong32 state[5], curlen;
unsigned char buf[64];
};
struct md5_state {
#ifdef USE_INT64
ulong64 length;
#else
ulong32 lengthHi;
ulong32 lengthLo;
#endif /* USE_INT64 */
ulong32 state[4], curlen;
unsigned char buf[64];
};
#ifdef USE_MD2
struct md2_state {
unsigned char chksum[16], X[48], buf[16];
unsigned long curlen;
};
#endif /* USE_MD2 */
#ifdef USE_SHA256
struct sha256_state {
ulong64 length;
ulong32 state[8], curlen;
unsigned char buf[64];
};
#endif /* USE_SHA256 */
typedef union {
struct sha1_state sha1;
struct md5_state md5;
#ifdef USE_MD2
struct md2_state md2;
#endif /* USE_MD2 */
#ifdef USE_SHA256
struct sha256_state sha256;
#endif
} hash_state;
typedef hash_state sslSha1Context_t;
typedef hash_state sslMd5Context_t;
#ifdef USE_MD2
typedef hash_state sslMd2Context_t;
#endif /* USE_MD2 */
#ifdef USE_SHA256
typedef hash_state sslSha256Context_t;
#endif /* USE_SHA256 */
typedef struct {
unsigned char pad[64];
union {
sslMd5Context_t md5;
sslSha1Context_t sha1;
} u;
} sslHmacContext_t;
/******************************************************************************/
/*
RC4
*/
#ifdef USE_ARC4
typedef struct {
unsigned char state[256];
uint32 byteCount;
unsigned char x;
unsigned char y;
} rc4_key;
#endif /* USE_ARC4 */
#define SSL_DES3_KEY_LEN 24
#define SSL_DES3_IV_LEN 8
#ifdef USE_3DES
typedef struct {
ulong32 ek[3][32], dk[3][32];
} des3_key;
/*
A block cipher CBC structure
*/
typedef struct {
int32 blocklen;
unsigned char IV[8];
des3_key key;
int32 explicitIV; /* 1 if yes */
} des3_CBC;
extern int32 des3_setup(const unsigned char *key, int32 keylen, int32 num_rounds,
des3_CBC *skey);
extern void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct,
des3_CBC *key);
extern void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt,
des3_CBC *key);
extern int32 des3_keysize(int32 *desired_keysize);
extern int32 des_setup(const unsigned char *key, int32 keylen, int32 num_rounds,
des3_CBC *skey);
extern void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct,
des3_CBC *key);
extern void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt,
des3_CBC *key);
#endif /* USE_3DES */
typedef union {
#ifdef USE_ARC4
rc4_key arc4;
#endif
#ifdef USE_3DES
des3_CBC des3;
#endif
} sslCipherContext_t;
/*
Controls endianess and size of registers. Leave uncommented to get
platform neutral [slower] code detect x86-32 machines somewhat
*/
#if (defined(_MSC_VER) && defined(WIN32)) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__)))
#define ENDIAN_LITTLE
#define ENDIAN_32BITWORD
#endif
/* #define ENDIAN_LITTLE */
/* #define ENDIAN_BIG */
/* #define ENDIAN_32BITWORD */
/* #define ENDIAN_64BITWORD */
#if (defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) && !(defined(ENDIAN_32BITWORD) || defined(ENDIAN_64BITWORD))
#error You must specify a word size as well as endianess
#endif
#if !(defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE))
#define ENDIAN_NEUTRAL
#endif
/*
helper macros
*/
#if defined (ENDIAN_NEUTRAL)
#define STORE32L(x, y) \
{ (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \
(y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); }
#define LOAD32L(x, y) \
{ x = ((unsigned long)((y)[3] & 255)<<24) | \
((unsigned long)((y)[2] & 255)<<16) | \
((unsigned long)((y)[1] & 255)<<8) | \
((unsigned long)((y)[0] & 255)); }
#define STORE64L(x, y) \
{ (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \
(y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \
(y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \
(y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); }
#define LOAD64L(x, y) \
{ x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \
(((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32)| \
(((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16)| \
(((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); }
#define STORE32H(x, y) \
{ (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \
(y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); }
#define LOAD32H(x, y) \
{ x = ((unsigned long)((y)[0] & 255)<<24) | \
((unsigned long)((y)[1] & 255)<<16) | \
((unsigned long)((y)[2] & 255)<<8) | \
((unsigned long)((y)[3] & 255)); }
#define STORE64H(x, y) \
{ (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \
(y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \
(y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \
(y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); }
#define LOAD64H(x, y) \
{ x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \
(((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32) | \
(((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16) | \
(((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); }
#endif /* ENDIAN_NEUTRAL */
#ifdef ENDIAN_LITTLE
#define STORE32H(x, y) \
{ (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \
(y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); }
#define LOAD32H(x, y) \
{ x = ((unsigned long)((y)[0] & 255)<<24) | \
((unsigned long)((y)[1] & 255)<<16) | \
((unsigned long)((y)[2] & 255)<<8) | \
((unsigned long)((y)[3] & 255)); }
#define STORE64H(x, y) \
{ (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \
(y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \
(y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \
(y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); }
#define LOAD64H(x, y) \
{ x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \
(((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32) | \
(((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16) | \
(((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); }
#ifdef ENDIAN_32BITWORD
#define STORE32L(x, y) \
{ unsigned long __t = (x); memcpy(y, &__t, 4); }
#define LOAD32L(x, y) \
memcpy(&(x), y, 4);
#define STORE64L(x, y) \
{ (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \
(y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \
(y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \
(y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); }
#define LOAD64L(x, y) \
{ x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \
(((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32)| \
(((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16)| \
(((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); }
#else /* 64-bit words then */
#define STORE32L(x, y) \
{ unsigned long __t = (x); memcpy(y, &__t, 4); }
#define LOAD32L(x, y) \
{ memcpy(&(x), y, 4); x &= 0xFFFFFFFF; }
#define STORE64L(x, y) \
{ ulong64 __t = (x); memcpy(y, &__t, 8); }
#define LOAD64L(x, y) \
{ memcpy(&(x), y, 8); }
#endif /* ENDIAN_64BITWORD */
#endif /* ENDIAN_LITTLE */
#ifdef ENDIAN_BIG
#define STORE32L(x, y) \
{ (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \
(y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); }
#define LOAD32L(x, y) \
{ x = ((unsigned long)((y)[3] & 255)<<24) | \
((unsigned long)((y)[2] & 255)<<16) | \
((unsigned long)((y)[1] & 255)<<8) | \
((unsigned long)((y)[0] & 255)); }
#define STORE64L(x, y) \
{ (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \
(y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \
(y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \
(y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); }
#define LOAD64L(x, y) \
{ x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48) | \
(((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32) | \
(((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16) | \
(((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); }
#ifdef ENDIAN_32BITWORD
#define STORE32H(x, y) \
{ unsigned long __t = (x); memcpy(y, &__t, 4); }
#define LOAD32H(x, y) \
memcpy(&(x), y, 4);
#define STORE64H(x, y) \
{ (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \
(y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \
(y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \
(y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); }
#define LOAD64H(x, y) \
{ x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48)| \
(((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32)| \
(((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16)| \
(((ulong64)((y)[6] & 255))<<8)| (((ulong64)((y)[7] & 255))); }
#else /* 64-bit words then */
#define STORE32H(x, y) \
{ unsigned long __t = (x); memcpy(y, &__t, 4); }
#define LOAD32H(x, y) \
{ memcpy(&(x), y, 4); x &= 0xFFFFFFFF; }
#define STORE64H(x, y) \
{ ulong64 __t = (x); memcpy(y, &__t, 8); }
#define LOAD64H(x, y) \
{ memcpy(&(x), y, 8); }
#endif /* ENDIAN_64BITWORD */
#endif /* ENDIAN_BIG */
/*
packet code */
#if defined(USE_RSA) || defined(MDH) || defined(MECC)
#define PACKET
/*
size of a packet header in bytes */
#define PACKET_SIZE 4
/*
Section tags
*/
#define PACKET_SECT_RSA 0
#define PACKET_SECT_DH 1
#define PACKET_SECT_ECC 2
#define PACKET_SECT_DSA 3
/*
Subsection Tags for the first three sections
*/
#define PACKET_SUB_KEY 0
#define PACKET_SUB_ENCRYPTED 1
#define PACKET_SUB_SIGNED 2
#define PACKET_SUB_ENC_KEY 3
#endif
/*
fix for MSVC ...evil!
*/
#ifdef WIN32
#ifdef _MSC_VER
#define CONST64(n) n ## ui64
typedef unsigned __int64 ulong64;
#else
#define CONST64(n) n ## ULL
typedef unsigned long long ulong64;
#endif
#endif /* WIN32 */
#define BSWAP(x) ( ((x>>24)&0x000000FFUL) | ((x<<24)&0xFF000000UL) | \
((x>>8)&0x0000FF00UL) | ((x<<8)&0x00FF0000UL) )
#ifdef _MSC_VER
/*
instrinsic rotate
*/
#include <stdlib.h>
#pragma intrinsic(_lrotr,_lrotl)
#define ROR(x,n) _lrotr(x,n)
#define ROL(x,n) _lrotl(x,n)
#define RORc(x,n) _lrotr(x,n)
#define ROLc(x,n) _lrotl(x,n)
/*
#elif defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && !defined(INTEL_CC) && !defined(PS_NO_ASM)
static inline unsigned ROL(unsigned word, int32 i)
{
asm ("roll %%cl,%0"
:"0" (word),"c" (i));
return word;
}
static inline unsigned ROR(unsigned word, int32 i)
{
asm ("rorl %%cl,%0"
:"=r" (word)
:"0" (word),"c" (i));
return word;
}
*/
/*
#ifndef PS_NO_ROLC
static inline unsigned ROLc(unsigned word, const int32 i)
{
asm ("roll %2,%0"
:"=r" (word)
:"0" (word),"I" (i));
return word;
}
static inline unsigned RORc(unsigned word, const int32 i)
{
asm ("rorl %2,%0"
:"=r" (word)
:"0" (word),"I" (i));
return word;
}
#else
#define ROLc ROL
#define RORc ROR
#endif
*/
#else /* _MSC_VER */
/*
rotates the hard way
*/
#define ROL(x, y) ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
#define ROR(x, y) ( ((((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)((y)&31)) | ((unsigned long)(x)<<(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
#define ROLc(x, y) ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
#define RORc(x, y) ( ((((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)((y)&31)) | ((unsigned long)(x)<<(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
#endif /* _MSC_VER */
/* 64-bit Rotates */
#if 0
#if defined(__GNUC__) && defined(__x86_64__) && !defined(PS_NO_ASM)
static inline unsigned long ROL64(unsigned long word, int32 i)
{
asm("rolq %%cl,%0"
:"=r" (word)
:"0" (word),"c" (i));
return word;
}
static inline unsigned long ROR64(unsigned long word, int32 i)
{
asm("rorq %%cl,%0"
:"=r" (word)
:"0" (word),"c" (i));
return word;
}
#ifndef PS_NO_ROLC
static inline unsigned long ROL64c(unsigned long word, const int32 i)
{
asm("rolq %2,%0"
:"=r" (word)
:"0" (word),"J" (i));
return word;
}
static inline unsigned long ROR64c(unsigned long word, const int32 i)
{
asm("rorq %2,%0"
:"=r" (word)
:"0" (word),"J" (i));
return word;
}
#else /* PS_NO_ROLC */
#define ROL64c ROL
#define ROR64c ROR
#endif /* PS_NO_ROLC */
#endif
#endif /* commented out */
#define ROL64(x, y) \
( (((x)<<((ulong64)(y)&63)) | \
(((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)64-((y)&63)))) & CONST64(0xFFFFFFFFFFFFFFFF))
#define ROR64(x, y) \
( ((((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)(y)&CONST64(63))) | \
((x)<<((ulong64)(64-((y)&CONST64(63)))))) & CONST64(0xFFFFFFFFFFFFFFFF))
#define ROL64c(x, y) \
( (((x)<<((ulong64)(y)&63)) | \
(((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)64-((y)&63)))) & CONST64(0xFFFFFFFFFFFFFFFF))
#define ROR64c(x, y) \
( ((((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)(y)&CONST64(63))) | \
((x)<<((ulong64)(64-((y)&CONST64(63)))))) & CONST64(0xFFFFFFFFFFFFFFFF))
#undef MAX
#undef MIN
#define MAX(x, y) ( ((x)>(y))?(x):(y) )
#define MIN(x, y) ( ((x)<(y))?(x):(y) )
/*
extract a byte portably This MSC code causes runtime errors in VS.NET,
always use the other
*/
/*
#ifdef _MSC_VER
#define byte(x, n) ((unsigned char)((x) >> (8 * (n))))
#else
*/
#define byte(x, n) (((x) >> (8 * (n))) & 255)
/*
#endif
*/
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif /* _h_PSCRYPTO */
/******************************************************************************/

136
src/crypto/ssl.c
View File

@ -1,136 +0,0 @@
#if 0
#include "ssl.h"
#include "ssl_constructs.h"
#include <string.h> // for bcopy()
#include <time.h> // for time()
#include <stdlib.h> // for rand(), htons?, htonl?
// note net byte order is big-endian
// Need to set error codes
int CreateSSLHello(SSL_t *ssl)
{
printf("In CreateSSLHello()\n",ssl);
// Initalize the structure
bzero(ssl,sizeof(SSL_t));
//ssl->max_size = sizeof(ssl->buffer);
ssl->max_size = 18456;
// Declare variables
int i; void *ptr;
// Set pointers into buffer
SSLPlaintext *record = (SSLPlaintext *)ssl->buffer;
Handshake *handshake = (Handshake *)record->fragment;
// the body starts right after the handshake
printf("sizeof(Handshake) = %d\n",sizeof(Handshake));
ClientHello *hello = (ClientHello *)(handshake + 1);
printf("record->%#x, handshake->%#x, hello->%#x\n",record,handshake,hello);
// Construct ClientHello Message
hello->client_version = version;
i = htonl(time(NULL));
bcopy(&i,hello->random.gmt_unix_time,4);
for(i=0;i<28;i++){ hello->random.random_bytes[i] = (uint8)rand(); }
hello->session_id_length = 0;
hello->session_id = &hello->session_id_length;
hello->session_id_end = hello->session_id;
hello->cipher_suites_length = (CipherSuiteLength *)(hello->session_id_end + 1);
hello->cipher_suites = (hello->cipher_suites_length + 1);
hello->cipher_suites_end = hello->cipher_suites;
i = htons(2*5); // 2 bytes per Suite * 5 Suites
bcopy(&i,hello->cipher_suites_length,2);
bcopy(SSL_NULL_WITH_NULL_NULL,hello->cipher_suites_end,sizeof(CipherSuite));
*hello->cipher_suites_end++;
bcopy(SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,hello->cipher_suites_end,sizeof(CipherSuite));
*hello->cipher_suites_end++;
bcopy(SSL_DH_DSS_WITH_DES_CBC_SHA,hello->cipher_suites_end,sizeof(CipherSuite));
*hello->cipher_suites_end++;
bcopy(SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,hello->cipher_suites_end,sizeof(CipherSuite));
*hello->cipher_suites_end++;
bcopy(SSL_DH_anon_WITH_RC4_128_MD5,hello->cipher_suites_end,sizeof(CipherSuite));
hello->compression_methods_length = (CompressionMethodLength *)(hello->cipher_suites_end + 1);
hello->compression_methods = (hello->compression_methods_length + 1);
hello->compression_methods_end = hello->compression_methods;
*hello->compression_methods_length = 1;
*hello->compression_methods_end = compression_method_null;
// Construct Handshake Message
handshake->msg_type = handshake_type_client_hello;
i = (void *)(hello->compression_methods_end + 1) - (void *)hello;
printf("Handshake.length = %d\n", i);
handshake->length[0] = (char)*(&i+8);
handshake->length[1] = (char)*(&i+8);
handshake->length[2] = (char)i;
//bcopy((&i+1),handshake->length,3); // +1 so we copy 3 bytes
// Construct SSL Record
printf("sizeof(ContentType)=%d\n",sizeof(ContentType));
printf("sizeof(uint8)=%d\n",sizeof(uint8));
record->type = content_type_handshake;
record->version = version;
i += sizeof(Handshake);
printf("SSLPlaintext.length = %d\n",i);
record->length[0] = (char)*(&i+8);
record->length[1] = (char)i;
//bcopy(&i,record->length,4); // length of handshake
// Set total size of message
i += sizeof(ContentType) + sizeof(ProtocolVersion) + sizeof(uint16);
ssl->length = i;
printf("End of CreateSSLHello\n");
return 0;
}
void PrintSSLPacket(SSL_t *ssl)
{
printf("Printing packet with length:%d\n", ssl->length);
char *ptr = ssl->buffer;
char *begin = ptr;
char *tmp;
char *end = ssl->buffer + ssl->length;
printf("Record Layer:\n");
printf("\tContentType: %2hhX\n",(char)*ptr++);
printf("\tVersion: %2hhX %2hhX\n", (char)*ptr++, (char)*ptr++);
printf("\tLength: %2hhX %2hhX\n", (char)*ptr++, (char)*ptr++);
printf("Handshake:\n");
printf("\tType: %2hhX\n", (char)*ptr++);
printf("\tLength: %2hhX %2hhX %2hhX\n", (char)*ptr++, (char)*ptr++, (char)*ptr++);
printf("\tVersion: %2hhX %2hhX\n", (char)*ptr++, (char)*ptr++);
printf("\tgmt_unix_time: %2hhX %2hhX %2hhX %2hhX\n", (char)*ptr++, (char)*ptr++, (char)*ptr++, (char)*ptr++);
printf("\trandom: ");
tmp = ptr + 28;
for(;ptr<tmp;ptr++){printf("%2hhX ", (char)*ptr);}
printf("\n\nHexDump:\n");
int ctr = 0;
for(;begin<end;begin++){printf("%2hhX ",(char)*begin);if(++ctr%10==0){printf("\n");}}
printf("\n\n");
}
int ReadSSLHello(SSL_t *ssl)
{
SSLCiphertext *ct = (SSLCiphertext *)ssl->buffer;
if(ct->type == content_type_alert){
// assuming text is still plaintext
Alert *a = (Alert *)&ct->fragment;
if(a->level == alert_level_fatal){
printf("Fatal Alert %d, connection terminated\n",a->description);
return (1);
}else if(a->level == alert_level_warning){
printf("Warning Alert %d\n", a->description);
}else{
printf("Unknown alert level %d\n", a->level);
}
}else{
printf("SSL type %d\n",ct->type);
}
return (0);
}
#endif

19
src/crypto/ssl.h
View File

@ -1,19 +0,0 @@
// At the moment I have hard coded one buffer. The size
// is the max size of SSLCiphertext.length (so, actually it should
// be increased to include the other information in the struct)
// I might need to make a new, or split the current, buffer because
// I have to have space to read in and write out, as well as keep
// any data that has not been translated.
// It works for now.
typedef struct _ssl_t{
char buffer[18456];
int length;
int max_size; // can't define const here
// Current CipherSuite
// Client random / Server random ???
// pointers to different crypto functions
} SSL_t;
int CreateSSLHello(SSL_t *ssl);
int ReadSSLHello(SSL_t *ssl);
void PrintSSLPacket(SSL_t *ssl);

342
src/crypto/ssl_constructs.h
View File

@ -1,342 +0,0 @@
// Note: This file still needs some work.
// Note: I had to redefine the enums to a set of const values,
// so that the size of the variable would be correct.
// Typedefs
// (As defined by the SSL v3.0 RFC Draft)
// URL: http://wp.netscape.com/eng/ssl3/draft302.txt
typedef unsigned char uint8;
typedef uint8 uint16[2];
typedef uint8 uint24[3];
typedef uint8 uint32[4];
typedef uint8 uint64[8];
// Record layers
typedef struct _ProtocolVersion{
uint8 major, minor;
} ProtocolVersion;
const ProtocolVersion version = { 3, 0 };
typedef uint8 ContentType;
const ContentType content_type_change_cipher_spec_type = 20;
const ContentType content_type_alert = 21;
const ContentType content_type_handshake = 22;
const ContentType content_type_application_data = 23;
typedef struct _SSLPlaintext{
ContentType type;
ProtocolVersion version;
uint16 length; // can not exceed 2^14 bytes
uint8 fragment[16384]; // 2^14 = 16,384 bytes
} SSLPlaintext;
typedef struct _SSLCompressed{
ContentType type;
ProtocolVersion version;
uint16 length; // can not exceed 2^14 + 1024
uint8 fragment[17408]; // SSLCompressed.length
} SSLCompressed;
typedef struct _SSLCiphertext{
ContentType type;
ProtocolVersion version;
uint16 length;
uint8 fragment; // so we have a pointer to the data, and don't have to do math
// fragment; type GenericStreamCipher or GenericBlockCipher
} SSLCiphertext; // recast to get fragment
typedef struct _GenericStreamCipher{
uint8 content[17408]; // SSLCompressed.length
uint8 MAC[]; // CipherSpec.hash_size
} GenericStreamCipher;
typedef struct _SSLStreamCiphertext{
ContentType type;
ProtocolVersion version;
uint16 length; // can not exceed 2^14 + 2048 = 18,456
GenericStreamCipher fragment;
} SSLStreamCiphertext;
typedef struct _GenericBlockCipher{
uint8 content[17408]; // SSLConpressed.length
uint8 MAC[0]; // CipherSpec.hash_size
// padding is used to bring the plaintext to
// a multiple of the block cipher's block length.
uint8 padding[0]; // GenericBlockCipher.padding_length
uint8 padding_length;
} GenericBlockCipher;
typedef struct _SSLBlockCiphertext{
ContentType type;
ProtocolVersion version;
uint16 length; // can not exceed 2^14 + 2048 = 18,456
GenericBlockCipher fragment;
} SSLBlockCiphertext;
// Change cipher specs message
typedef struct _ChangeCipherSpec{
enum { type_change_cipher_spec=1, type_size=255 } type;
} ChangeCipherSpec;
// Alert messages
typedef uint8 AlertLevel;
const AlertLevel alert_level_warning = 1;
const AlertLevel alert_level_fatal=2;
typedef uint8 AlertDescription;
const AlertDescription alert_description_close_notify = 0;
const AlertDescription alert_description_unexpected_message = 10;
const AlertDescription alert_description_bad_record_mac = 20;
const AlertDescription alert_description_decompression_failure = 30;
const AlertDescription alert_description_handshake_failure = 40;
const AlertDescription alert_description_no_certificate = 41;
const AlertDescription alert_description_bad_certificate = 42;
const AlertDescription alert_description_unsupported_certificate = 43;
const AlertDescription alert_description_certificate_revoked = 44;
const AlertDescription alert_description_certificate_expired = 45;
const AlertDescription alert_description_certificate_unknown = 46;
const AlertDescription alert_description_illegal_parameter = 47;
typedef struct _Alert{
AlertLevel level;
AlertDescription description;
} Alert;
// Handshake protocol
// What is the best way to have a generic pointer to the body struct??
typedef uint8 HandshakeType;
const HandshakeType handshake_type_hello_request = 0;
const HandshakeType handshake_type_client_hello = 1;
const HandshakeType handshake_type_server_hello = 2;
const HandshakeType handshake_type_certificate = 11;
const HandshakeType handshake_type_server_key_exchange = 12;
const HandshakeType handshake_type_certificate_request = 13;
const HandshakeType handshake_type_server_done = 14;
const HandshakeType handshake_type_certificate_verify = 15;
const HandshakeType handshake_type_client_key_exchange = 16;
const HandshakeType handshake_type_finished = 20;
typedef struct _Handshake{
HandshakeType msg_type;
uint24 length;
// body; // one of HandshakeType structs
} Handshake; // generic Handshake, need to recast to get body
// Hello messages
typedef struct _HelloRequest{} HelloRequest;
typedef struct _HelloRequestHandshake{
HandshakeType msg_type;
uint24 length;
HelloRequest body;
} HelloRequestHandshake;
typedef struct _Random{
uint32 gmt_unix_time;
uint8 random_bytes[28];
} Random;
//typedef uint8 SessionID[32]; // <0..32>
typedef uint8 SessionIDLength;
typedef uint8 SessionID;
typedef uint16 CipherSuiteLength;
typedef uint8 CipherSuite[2];
typedef uint8 CompressionMethodLength;
typedef uint8 CompressionMethod;
const CompressionMethod compression_method_null = 0;
typedef struct _ClientHello{
ProtocolVersion client_version;
Random random;
SessionIDLength session_id_length;
SessionID *session_id;
SessionID *session_id_end;
CipherSuiteLength *cipher_suites_length;
CipherSuite *cipher_suites; // min size is one entry
CipherSuite *cipher_suites_end;
//CipherSuite cipher_suites[32768]; // <2..2^16-1> = 65,536 bytes and CipherSuite is 2 bytes
CompressionMethodLength *compression_methods_length;
CompressionMethod *compression_methods;
CompressionMethod *compression_methods_end;
//CompressionMethod *compression_methods; // min size is zero
//CompressionMethod compression_methods[256]; // <0..2^8-1> = 256 bytes and CompressionMethod is 1 byte
} ClientHello;
typedef struct _ClientHelloHandshake{
//HandshakeType msg_type;
uint8 msg_type;
uint24 length;
ClientHello body;
} ClientHelloHandshake;
typedef struct _ServerHello{
ProtocolVersion server_version;
Random random;
SessionID session_id;
CipherSuite cipher_suite;
CompressionMethod compression_method;
} ServerHello;
typedef struct _ServerHelloHandshake{
HandshakeType msg_type;
uint24 length;
ServerHello body;
} ServerHelloHandshake;
// Server authentication and key exchange messages
typedef uint8 ASN1Cert[16777216]; // <1..2^24-1> = 16,777,216 bytes
typedef struct _Certificate{
ASN1Cert certificate_list[1]; // <1..2^24-1> / ANS1Cert = 1
// for some reason the size of certificate_list and ASN1Cert is the same, so only one certificate in the list
} Certificate;
typedef uint8 KeyExchangeAlgorithm;
const KeyExchangeAlgorithm key_exchange_algorithm_rsa = 0;
const KeyExchangeAlgorithm key_exchange_algorithm_diffie_hellman = 1;
const KeyExchangeAlgorithm key_exchange_algorithm_fortezza_kea = 2;
typedef struct _AnonSignature{
struct {};
} AnonSignature;
typedef struct _RSASignature{
uint8 md5_hash[16];
uint8 sha_hash[20];
} RSASignature;
typedef struct _DSASignature{
uint8 sha_hash[20];
} DSASignature;
// use union??, make a mess to reference, but easy to make Signature type.
typedef union _Signature{ AnonSignature anon; RSASignature rsa; DSASignature dsa; } Signature;
typedef struct _ServerRSAParams{
uint8 RSA_modulus[65536]; // <1..2^16-1> = 65,536
uint8 RSA_exponent[65536]; // <1..2^16-1> = 65,536
} ServerRSAParams;
typedef struct _ServerDHParams{
uint8 DH_p[65536]; // <1..2^16-1>
uint8 DH_g[65536]; // <1..2^16-1>
uint8 DH_Ys[65536]; // <1..2^16-1>
} ServerDHParams;
typedef struct _ServerDHKeyExchange{
ServerDHParams params;
Signature signed_params;
} ServerDHKeyExchange;
typedef struct _ServerRSAKeyExchange{
ServerRSAParams params;
Signature signed_params;
} ServerRSAKeyExchange;
typedef uint8 SignatureAlgorithm;
const SignatureAlgorithm signature_algorithm_anonymous = 0;
const SignatureAlgorithm signature_algorithm_rsa = 1;
const SignatureAlgorithm signature_algorithm_dsa = 2;
typedef uint8 CertificateType;
const CertificateType certificate_type_RSA_sign = 1;
const CertificateType certificate_type_DSS_sign = 2;
const CertificateType certificate_type_RSA_fixed_DH = 3;
const CertificateType certificate_type_DSS_fixed_DH = 4;
const CertificateType certificate_type_RSA_ephemeral_DH = 5;
const CertificateType certificate_type_DSS_ephemeral_DH = 6;
const CertificateType certificate_type_FORTEZZA_MISSI = 20;
typedef uint8 DistinguishedName[65536]; // <1..2^16-1> = 65,536
typedef struct _CertificateRequest{
CertificateType certificate_types[256]; // <1..2^8-1>
DistinguishedName certificate_authorities[1]; // <3...2^16-1> / DistinguishedName
// this is another one that is odd with a list size of 1
} CertificateRequest;
typedef struct _ServerHelloDone{} ServerHelloDone;
// Client authentication and key exchange messages
typedef struct _PreMasterSecret{
ProtocolVersion client_version;
uint8 random[46];
} PreMasterSecret;
typedef struct _EncryptedPreMasterSecret{
PreMasterSecret pre_master_secret;
} EncryptedPreMasterSecret;
typedef struct _RSAClientKeyExchange{
EncryptedPreMasterSecret exchange_keys;
} RSAClientKeyExchange;
typedef uint8 PublicValueEncoding;
const PublicValueEncoding public_value_encoding_implicit = 0;
const PublicValueEncoding public_value_encoding_explicit = 1;
typedef struct _ClientDiffieHellmanPublic{
// This is a select on PublicValueEncoding, and I chose the larger size
uint8 dh_public[65536]; // DH_Yc<1..2^16-1>, the dh public value
} ClientDiffieHellmanPublic;
typedef struct _DHClientKeyExhange{
ClientDiffieHellmanPublic exchange_keys;
} DHClientKeyExchange;
typedef struct _CertificateVerify{
Signature signature;
} CertificateVerify;
// Handshake finalization message
typedef struct _Finished{
uint8 md5_hash[16];
uint8 sha_hash[20];
} Finished;
// The CipherSuite
CipherSuite SSL_NULL_WITH_NULL_NULL = { 0x00, 0x13 };
CipherSuite SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x0B };
CipherSuite SSL_DH_DSS_WITH_DES_CBC_SHA = { 0x00, 0x0C };
CipherSuite SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x11 };
CipherSuite SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = { 0x00, 0x17 };
CipherSuite SSL_DH_anon_WITH_RC4_128_MD5 = { 0x00, 0x18 };
// The CipherSpec
typedef uint8 CipherType;
const CipherType cipher_type_stream = 0;
const CipherType cipher_type_block = 1;
typedef uint8 IsExportable;
const IsExportable is_exportable_true = 0;
const IsExportable is_exportable_false = 1;
typedef uint8 BulkCipherAlgorithm;
const BulkCipherAlgorithm bulk_cipher_algorithm_null = 0;
const BulkCipherAlgorithm bulk_cipher_algorithm_rc4 = 1;
const BulkCipherAlgorithm bulk_cipher_algorithm_rc2 = 2;
const BulkCipherAlgorithm bulk_cipher_algorithm_des = 3;
const BulkCipherAlgorithm bulk_cipher_algorithm_3des = 4;
const BulkCipherAlgorithm bulk_cipher_algorithm_des40 = 5;
const BulkCipherAlgorithm bulk_cipher_algorithm_fortezza = 6;
typedef uint8 MACAlgorithm;
const MACAlgorithm mac_algorithm_null = 0;
const MACAlgorithm mac_algorithm_md5 = 1;
const MACAlgorithm mac_algorithm_sha = 2;
typedef struct _CipherSpec{
BulkCipherAlgorithm bulk_cipher_algorithm;
MACAlgorithm mac_algorithm;
CipherType cipher_type;
IsExportable is_exportable;
uint8 hash_size;
uint8 key_material;
uint8 IV_size;
} CipherSpec;