diff options
Diffstat (limited to 'release/src/router/matrixssl/src')
33 files changed, 0 insertions, 17496 deletions
diff --git a/release/src/router/matrixssl/src/Makefile b/release/src/router/matrixssl/src/Makefile deleted file mode 100644 index db058d4f..00000000 --- a/release/src/router/matrixssl/src/Makefile +++ /dev/null @@ -1,130 +0,0 @@ -# -# Makefile for MatrixSSL library -# Builds optimized shared library by default. -# See comments below for building a debug library. -# Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. -# - -CC = $(CROSS_COMPILE)gcc -STRIP = $(CROSS_COMPILE)strip -AR = $(CROSS_COMPILE)ar -RANLIB = $(CROSS_COMPILE)ranlib -O = .o -SO = .so -A = .a -E = - -LIBRARY = libmatrixssl$(SO) -STATIC = libmatrixsslstatic$(A) - -OBJECTS = \ - cipherSuite$(O) \ - matrixSsl$(O) \ - sslDecode$(O) \ - sslEncode$(O) \ - sslv3$(O) \ - os/debug$(O) \ - os/linux/linux$(O) \ - crypto/peersec/arc4$(O) \ - crypto/peersec/base64$(O) \ - crypto/peersec/des3$(O) \ - crypto/peersec/md5$(O) \ - crypto/peersec/md2$(O) \ - crypto/peersec/mpi$(O) \ - crypto/peersec/rsa$(O) \ - crypto/peersec/sha1$(O) \ - pki/asn1$(O) \ - pki/rsaPki$(O) \ - pki/x509$(O) - -# -# Debug flags (Define MATRIXSSL_DEBUG in shell to build debug) -# bash: export MATRIXSSL_DEBUG=1 -# unset MATRIXSSL_DEBUG -# tcsh: setenv MATRIXSSL_DEBUG 1 -# unsetenv MATRIXSSL_DEBUG -# -#MATRIXSSL_DEBUG = 1 -ifdef MATRIXSSL_DEBUG -DFLAGS = -g -Wall -Winline -Wdisabled-optimization -Wno-pointer-sign -Wno-sign-compare -DDEBUG -STRIP = test -else -#DFLAGS = -Os -DFLAGS = -O3 -endif - -ifdef MATRIXSSL_PROFILE -DFLAGS += -g -pg -STRIP = test -endif - -# -# Override variables for compilation on x86-64 (AMD64, Nacona, etc) -# -# ifeq ($(shell uname -m),x86_64) -# DFLAGS += -march=k8 -fPIC -DFP_64BIT -DTFM_X86_64 -DRDTSC -# endif - -# -# Compile options -# -SHARED = -shared -CFLAGS = $(DFLAGS) -fPIC -DLINUX -I./ -# Add these for MPI2 -funroll-all-loops -fomit-frame-pointer -LDFLAGS += -lc -lpthread - -# -# Override variables for compilation on Mac OS X (Darwin) -# -ifeq ($(shell uname),Darwin) -CC = cc -SO = .dylib -SHARED = -dynamiclib -CFLAGS += -DOSX -isystem -I/usr/include -#LDFLAGS += -install_name @rpath/$(LIBRARY) -LDFLAGS += -flat_namespace -install_name @executable_path/./$(LIBRARY) -STRIP = test -endif - -# -# Override variables for compilation on uClinux (example only) -# -ifdef UCLINUX -CC = /opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc -STRIP = /opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-strip -endif - -all: compile - -compile: $(OBJECTS) $(LIBRARY) $(STATIC) - -# -# Manual dependencies -# -*.o: ../matrixSsl.h ../matrixCommon.h matrixInternal.h matrixConfig.h Makefile -os/*.o: matrixInternal.h matrixConfig.h Makefile os/osLayer.h os/psMalloc.h -os/linux/*.o: matrixInternal.h matrixConfig.h Makefile os/osLayer.h -crypto/peersec/*.o: matrixInternal.h matrixConfig.h Makefile \ - crypto/peersec/mpi.h \ - crypto/cryptoLayer.h crypto/peersec/pscrypto.h -pki/*.o: matrixInternal.h matrixConfig.h Makefile \ - pki/matrixPki.h pki/pkiInternal.h -# -# Build the library -# -$(LIBRARY): $(OBJECTS) - $(CC) $(SHARED) -o $@ $^ $(LDFLAGS) - $(STRIP) $(LIBRARY) - -# -# Build the static library -# -$(STATIC): $(OBJECTS) - $(AR) -rcuv $@ $^ - $(RANLIB) $@ - -# -# Clean up all generated files -# -clean: - rm -f $(LIBRARY) $(OBJECTS) $(STATIC) diff --git a/release/src/router/matrixssl/src/cipherSuite.c b/release/src/router/matrixssl/src/cipherSuite.c deleted file mode 100644 index c61724ac..00000000 --- a/release/src/router/matrixssl/src/cipherSuite.c +++ /dev/null @@ -1,441 +0,0 @@ -/* - * cipherSuite.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Wrappers for the various cipher suites. - * Contributors should add additional cipher suites here. - * Enable specific suites at compile time in matrixConfig.h - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "matrixInternal.h" - -/******************************************************************************/ -/* - Using void *ssl rather than ssl_t *ssl is a workaround for a chicken-egg - issue in matrixInternal.h where these function prototypes are used - before ssl_t is defined. -*/ -#ifdef USE_SHA1_MAC -static int32 sha1GenerateMac(void *ssl, unsigned char type, unsigned char *data, - int32 len, unsigned char *mac); -static int32 sha1VerifyMac(void *ssl, unsigned char type, unsigned char *data, - int32 len, unsigned char *mac); -#endif - -#ifdef USE_MD5_MAC -static int32 md5GenerateMac(void *ssl, unsigned char type, unsigned char *data, - int32 len, unsigned char *mac); -static int32 md5VerifyMac(void *ssl, unsigned char type, unsigned char *data, - int32 len, unsigned char *mac); -#endif - -#ifdef USE_SSL_RSA_WITH_RC4_128_MD5 -static int32 matrixCipher4Init(sslSec_t *sec, int32 type); -#endif /* USE_SSL_RSA_WITH_RC4_128_MD5 */ - -#ifdef USE_SSL_RSA_WITH_RC4_128_SHA -static int32 matrixCipher5Init(sslSec_t *sec, int32 type); -#endif /* USE_SSL_RSA_WITH_RC4_128_SHA */ - -#ifdef USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA -static int32 matrixCipherAInit(sslSec_t *sec, int32 type); -#endif /* USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA */ - - - - -static int32 nullInit(sslSec_t *sec, int32 type); -static int32 nullEncrypt(sslCipherContext_t *ctx, unsigned char *in, - unsigned char *out, int32 len); -static int32 nullDecrypt(sslCipherContext_t *ctx, unsigned char *in, - unsigned char *out, int32 len); -static int32 nullEncryptPub(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen); -static int32 nullDecryptPriv(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen); -static int32 nullGenerateMac(void *ssl, unsigned char type, unsigned char *data, - int32 len, unsigned char *mac); -static int32 nullVerifyMac(void *ssl, unsigned char type, unsigned char *data, - int32 len, unsigned char *mac); - -/******************************************************************************/ - -static sslCipherSpec_t supportedCiphers[] = { -/* - New ciphers should be added here, similar to the ones below - These ciphers should be in order of the most desireable to the - least desireable ciphers to negotiate. -*/ -#ifdef USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA - {SSL_RSA_WITH_3DES_EDE_CBC_SHA, - 20, /* macSize */ - 24, /* keySize */ - 8, /* ivSize */ - 8, /* blocksize */ - matrixCipherAInit, - matrix3desEncrypt, - matrix3desDecrypt, - NULL, - matrixRsaDecryptPub, - matrixRsaEncryptPub, - matrixRsaDecryptPriv, - sha1GenerateMac, - sha1VerifyMac}, -#endif /* USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA */ -#ifdef USE_SSL_RSA_WITH_RC4_128_SHA - {SSL_RSA_WITH_RC4_128_SHA, - 20, /* macSize */ - 16, /* keySize */ - 0, /* ivSize */ - 1, /* blocksize */ - matrixCipher5Init, - matrixArc4, - matrixArc4, - NULL, - matrixRsaDecryptPub, - matrixRsaEncryptPub, - matrixRsaDecryptPriv, - sha1GenerateMac, - sha1VerifyMac}, -#endif /* USE_SSL_RSA_WITH_RC4_128_SHA */ -#ifdef USE_SSL_RSA_WITH_RC4_128_MD5 - {SSL_RSA_WITH_RC4_128_MD5, - 16, /* macSize */ - 16, /* keySize */ - 0, /* ivSize */ - 1, /* blocksize */ - matrixCipher4Init, - matrixArc4, - matrixArc4, - NULL, - matrixRsaDecryptPub, - matrixRsaEncryptPub, - matrixRsaDecryptPriv, - md5GenerateMac, - md5VerifyMac}, -#endif /* USE_SSL_RSA_WITH_RC4_128_MD5 */ -/* - These two USE_SSL_RSA_WITH_NULL ciphers are not recommended for use - in production applications. -*/ -#ifdef USE_SSL_RSA_WITH_NULL_MD5 - {SSL_RSA_WITH_NULL_MD5, - 16, /* macSize */ - 0, /* keySize */ - 0, /* ivSize */ - 0, /* blocksize */ - nullInit, - nullEncrypt, - nullDecrypt, - matrixRsaEncryptPriv, - matrixRsaDecryptPub, - matrixRsaEncryptPub, - matrixRsaDecryptPriv, - md5GenerateMac, - md5VerifyMac}, -#endif /* USE_SSL_RSA_WITH_NULL_MD5 */ -#ifdef USE_SSL_RSA_WITH_NULL_SHA - {SSL_RSA_WITH_NULL_SHA, - 20, /* macSize */ - 0, /* keySize */ - 0, /* ivSize */ - 0, /* blocksize */ - nullInit, - nullEncrypt, - nullDecrypt, - matrixRsaEncryptPriv, - matrixRsaDecryptPub, - matrixRsaEncryptPub, - matrixRsaDecryptPriv, - sha1GenerateMac, - sha1VerifyMac}, -#endif /* USE_SSL_RSA_WITH_NULL_SHA */ -/* - The NULL Cipher suite must exist and be the last in this list -*/ - {SSL_NULL_WITH_NULL_NULL, - 0, - 0, - 0, - 0, - nullInit, - nullEncrypt, - nullDecrypt, - nullEncryptPub, - nullDecryptPriv, - nullEncryptPub, - nullDecryptPriv, - nullGenerateMac, - nullVerifyMac} -}; - -/******************************************************************************/ -/* - Lookup the given cipher spec ID and return a pointer to the structure - if found. This is used when negotiating security, to find out what suites - we support. -*/ -sslCipherSpec_t *sslGetCipherSpec(int32 id) -{ - int32 i; - - i = 0; - do { - if ((int32)supportedCiphers[i].id == id) { - return &supportedCiphers[i]; - } - } while (supportedCiphers[i++].id != SSL_NULL_WITH_NULL_NULL) ; - - return NULL; -} - -/******************************************************************************/ -/* - Write out a list of the supported cipher suites to the caller's buffer - First 2 bytes are the number of cipher suite bytes, the remaining bytes are - the cipher suites, as two byte, network byte order values. -*/ -int32 sslGetCipherSpecList(unsigned char *c, int32 len) -{ - unsigned char *end, *p; - unsigned short i; - - if (len < 4) { - return -1; - } - end = c + len; - p = c; c += 2; - for (i = 0; supportedCiphers[i].id != SSL_NULL_WITH_NULL_NULL; i++) { - if (end - c < 2) { - return -1; - } - *c = (unsigned char)((supportedCiphers[i].id & 0xFF00) >> 8); c++; - *c = (unsigned char)(supportedCiphers[i].id & 0xFF); c++; - } - i *= 2; - *p = (unsigned char)(i >> 8); p++; - *p = (unsigned char)(i & 0xFF); - return i + 2; -} - -/******************************************************************************/ -/* - Return the length of the cipher spec list, including initial length bytes -*/ -int32 sslGetCipherSpecListLen(void) -{ - int32 i; - - for (i = 0; supportedCiphers[i].id != SSL_NULL_WITH_NULL_NULL; i++) { - } - return (i * 2) + 2; -} - - -/******************************************************************************/ -/* -*/ -#ifdef USE_SHA1_MAC -static int32 sha1GenerateMac(void *sslv, unsigned char type, unsigned char *data, - int32 len, unsigned char *mac) -{ - ssl_t *ssl = (ssl_t*)sslv; - return ssl3HMACSha1(ssl->sec.writeMAC, ssl->sec.seq, type, data, len, mac); -} - -static int32 sha1VerifyMac(void *sslv, unsigned char type, unsigned char *data, - int32 len, unsigned char *mac) -{ - ssl_t *ssl = (ssl_t*)sslv; - unsigned char buf[SSL_SHA1_HASH_SIZE]; - - ssl3HMACSha1(ssl->sec.readMAC, ssl->sec.remSeq, type, data, len, buf); - if (memcmp(buf, mac, SSL_SHA1_HASH_SIZE) == 0) { - return 0; - } - return -1; -} -#endif /* USE_SHA1_MAC */ - -/******************************************************************************/ -/* -*/ -#ifdef USE_MD5_MAC -static int32 md5GenerateMac(void *sslv, unsigned char type, unsigned char *data, - int32 len, unsigned char *mac) -{ - ssl_t *ssl = (ssl_t*)sslv; - return ssl3HMACMd5(ssl->sec.writeMAC, ssl->sec.seq, type, data, len, mac); -} - -static int32 md5VerifyMac(void *sslv, unsigned char type, unsigned char *data, - int32 len, unsigned char *mac) -{ - ssl_t *ssl = (ssl_t*)sslv; - unsigned char buf[SSL_MD5_HASH_SIZE]; - - ssl3HMACMd5(ssl->sec.readMAC, ssl->sec.remSeq, type, data, len, buf); - if (memcmp(buf, mac, SSL_MD5_HASH_SIZE) == 0) { - return 0; - } - return -1; -} - -#endif /* USE_MD5_MAC */ - -/******************************************************************************/ -/* - SSL_RSA_WITH_RC4_128_SHA cipher init -*/ -#ifdef USE_SSL_RSA_WITH_RC4_128_MD5 -static int32 matrixCipher4Init(sslSec_t *sec, int32 type) -{ - if (type == INIT_ENCRYPT_CIPHER) { - matrixArc4Init(&(sec->encryptCtx), sec->writeKey, 16); - } else { - matrixArc4Init(&(sec->decryptCtx), sec->readKey, 16); - } - - return 0; -} -#endif /* USE_SSL_RSA_WITH_RC4_128_MD5 */ - -/******************************************************************************/ -/* - SSL_RSA_WITH_RC4_128_SHA cipher init -*/ -#ifdef USE_SSL_RSA_WITH_RC4_128_SHA -static int32 matrixCipher5Init(sslSec_t *sec, int32 type) -{ - if (type == INIT_ENCRYPT_CIPHER) { - matrixArc4Init(&(sec->encryptCtx), sec->writeKey, 16); - } else { - matrixArc4Init(&(sec->decryptCtx), sec->readKey, 16); - } - - return 0; -} -#endif /* USE_SSL_RSA_WITH_RC4_128_SHA */ - -/******************************************************************************/ -/* - SSL_RSA_WITH_3DES_EDE_CBC_SHA cipher init -*/ -#ifdef USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA -static int32 matrixCipherAInit(sslSec_t *sec, int32 type) -{ - if (type == INIT_ENCRYPT_CIPHER) { - if (matrix3desInit(&(sec->encryptCtx), sec->writeIV, sec->writeKey, - SSL_DES3_KEY_LEN) < 0) { - return -1; - } - } else { - if (matrix3desInit(&(sec->decryptCtx), sec->readIV, sec->readKey, - SSL_DES3_KEY_LEN) < 0) { - return -1; - } - } - return 0; -} -#endif /* USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA */ - - -/******************************************************************************/ -/* - SSL_NULL_WITH_NULL_NULL cipher functions - Used in handshaking before SSL_RECORD_TYPE_CHANGE_CIPHER_SPEC message - FUTURE - remove the memcpy to support in-situ decryption -*/ -static int32 nullInit(sslSec_t *sec, int32 type) -{ - return 0; -} - -static int32 nullEncrypt(sslCipherContext_t *ctx, unsigned char *in, - unsigned char *out, int32 len) -{ - if (out != in) { - memcpy(out, in, len); - } - return len; -} - -static int32 nullDecrypt(sslCipherContext_t *ctx, unsigned char *in, - unsigned char *out, int32 len) -{ - if (out != in) { - memcpy(out, in, len); - } - return len; -} - -/* - FUTURE - remove both apis below -*/ -static int32 nullEncryptPub(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen) -{ - if (inlen <= outlen) { - matrixStrDebugMsg("Error: output buffer too small for NULL encrypt\n", - NULL); - return -1; - } - memcpy(out, in, inlen); - return inlen; -} - -static int32 nullDecryptPriv(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen) -{ - if (inlen <= outlen) { - matrixStrDebugMsg("Error: output buffer too small for NULL decrypt\n", - NULL); - return -1; - } - memcpy(out, in, inlen); - return inlen; -} - -static int32 nullGenerateMac(void *ssl, unsigned char type, unsigned char *data, - int32 len, unsigned char *mac) -{ - return 0; -} - -static int32 nullVerifyMac(void *ssl, unsigned char type, unsigned char *data, - int32 len, unsigned char *mac) -{ - return 0; -} - - - -/******************************************************************************/ diff --git a/release/src/router/matrixssl/src/crypto/cryptoLayer.h b/release/src/router/matrixssl/src/crypto/cryptoLayer.h deleted file mode 100644 index b90baaf4..00000000 --- a/release/src/router/matrixssl/src/crypto/cryptoLayer.h +++ /dev/null @@ -1,156 +0,0 @@ -/* - * cryptoLayer.h - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Cryptography provider layered header. This layer decouples - * the cryptography implementation from the SSL protocol implementation. - * Contributors adding new providers must implement all functions - * externed below. - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#ifndef _h_CRYPTO_LAYER -#define _h_CRYPTO_LAYER -#define _h_EXPORT_SYMBOLS - -/******************************************************************************/ -/* - Crypto may have some reliance on os layer (psMalloc in particular) -*/ -#include "../os/osLayer.h" - -/* - Return the length of padding bytes required for a record of 'LEN' bytes - The name Pwr2 indicates that calculations will work with 'BLOCKSIZE' - that are powers of 2. - Because of the trailing pad length byte, a length that is a multiple - of the pad bytes -*/ -#define sslPadLenPwr2(LEN, BLOCKSIZE) \ - BLOCKSIZE <= 1 ? (unsigned char)0 : \ - (unsigned char)(BLOCKSIZE - ((LEN) & (BLOCKSIZE - 1))) - -/* - Define the default crypto provider here -*/ -#define USE_PEERSEC_CRYPTO - -#ifdef __cplusplus -extern "C" { -#endif - -#define SSL_MD5_HASH_SIZE 16 -#define SSL_SHA1_HASH_SIZE 20 - -#define SSL_MAX_MAC_SIZE 20 -#define SSL_MAX_IV_SIZE 16 -#define SSL_MAX_BLOCK_SIZE 16 -#define SSL_MAX_SYM_KEY_SIZE 32 - -#define USE_X509 /* Must define for certificate support */ -/* - Enable the algorithms used for each cipher suite -*/ - -#ifdef USE_SSL_RSA_WITH_NULL_MD5 -#define USE_RSA -#define USE_MD5_MAC -#endif - -#ifdef USE_SSL_RSA_WITH_NULL_SHA -#define USE_RSA -#define USE_SHA1_MAC -#endif - -#ifdef USE_SSL_RSA_WITH_RC4_128_SHA -#define USE_ARC4 -#define USE_SHA1_MAC -#define USE_RSA -#endif - -#ifdef USE_SSL_RSA_WITH_RC4_128_MD5 -#define USE_ARC4 -#define USE_MD5_MAC -#define USE_RSA -#endif - -#ifdef USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA -#define USE_3DES -#define USE_SHA1_MAC -#define USE_RSA -#endif - -/* - Support for optionally encrypted private key files. These are - usually encrypted with 3DES. -*/ -#ifdef USE_ENCRYPTED_PRIVATE_KEYS -#define USE_3DES -#endif - -/* - Support for client side SSL -*/ -#ifdef USE_CLIENT_SIDE_SSL -#define USE_RSA_PUBLIC_ENCRYPT -#endif - -/* - Support for client authentication -*/ - -/* - Addtional crypt support -*/ -/* #define USE_MD2 */ - -/* - Now that we've set up the required defines, include the crypto provider -*/ -#ifdef USE_PEERSEC_CRYPTO -#include "peersec/pscrypto.h" -#endif - -/******************************************************************************/ -/* - Include the public prototypes now. This level of indirection is needed - to properly expose the public APIs to DLLs. The circular reference - between these two files is avoided with the top level defines and the - order in which they are included is the key to making this work so edit - with caution. -*/ -#include "matrixCrypto.h" - - -#ifdef __cplusplus - } -#endif - -#endif /* _h_CRYPTO_LAYER */ - -/******************************************************************************/ - - diff --git a/release/src/router/matrixssl/src/crypto/matrixCrypto.h b/release/src/router/matrixssl/src/crypto/matrixCrypto.h deleted file mode 100644 index 58f45f3d..00000000 --- a/release/src/router/matrixssl/src/crypto/matrixCrypto.h +++ /dev/null @@ -1,145 +0,0 @@ -/* - * matrixCrypto.h - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Public API set for matrixCrypto - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#ifndef _h_MATRIX_CRYPTO -#define _h_MATRIX_CRYPTO - -#ifdef __cplusplus -extern "C" { -#endif - -#include "../../matrixCommon.h" - -/* - User application. Now include cryptoLayer to get the proper algorithm - defines so we know what API set to expose -*/ -#include "cryptoLayer.h" - -/******************************************************************************/ - - -MATRIXPUBLIC int32 matrixGetRandomBytes(unsigned char *bytes, int32 size); - -#ifdef USE_ARC4 -MATRIXPUBLIC void matrixArc4Init(sslCipherContext_t *ctx, unsigned char *key, - int32 keylen); -MATRIXPUBLIC int32 matrixArc4(sslCipherContext_t *ctx, unsigned char *in, - unsigned char *out, int32 len); -#endif /* USE_ARC4 */ - -#ifdef USE_3DES -MATRIXPUBLIC int32 matrix3desInit(sslCipherContext_t *ctx, unsigned char *IV, - unsigned char *key, int32 keylen); -MATRIXPUBLIC int32 matrix3desEncrypt(sslCipherContext_t *ctx, unsigned char *pt, - unsigned char *ct, int32 len); -MATRIXPUBLIC int32 matrix3desDecrypt(sslCipherContext_t *ctx, unsigned char *ct, - unsigned char *pt, int32 len); -MATRIXPUBLIC void generate3DESKey(unsigned char *pass, int32 passlen, - unsigned char *salt, unsigned char *key); -#endif /* USE_3DES */ - - - -/* - HMAC and message digests -*/ -MATRIXPUBLIC int32 matrixHmacMd5(unsigned char *key, int32 keyLen, - const unsigned char *buf, unsigned long len, - unsigned char *hash, unsigned char *hmacKey, - int32 *hmacKeyLen); -MATRIXPUBLIC void matrixHmacMd5Init(sslHmacContext_t *ctx, - unsigned char *key, int32 keyLen); -MATRIXPUBLIC void matrixHmacMd5Update(sslHmacContext_t *ctx, - const unsigned char *buf, unsigned long len); -MATRIXPUBLIC int32 matrixHmacMd5Final(sslHmacContext_t *ctx, - unsigned char *hash); - -MATRIXPUBLIC int32 matrixHmacSha1(unsigned char *key, int32 keyLen, - const unsigned char *buf, unsigned long len, - unsigned char *hash, unsigned char *hmacKey, - int32 *hmacKeyLen); -MATRIXPUBLIC void matrixHmacSha1Init(sslHmacContext_t *ctx, - unsigned char *key, int32 keyLen); -MATRIXPUBLIC void matrixHmacSha1Update(sslHmacContext_t *ctx, - const unsigned char *buf, unsigned long len); -MATRIXPUBLIC int32 matrixHmacSha1Final(sslHmacContext_t *ctx, - unsigned char *hash); - -MATRIXPUBLIC void matrixSha1Init(sslSha1Context_t *ctx); -MATRIXPUBLIC void matrixSha1Update(sslSha1Context_t *ctx, - const unsigned char *buf, unsigned long len); -MATRIXPUBLIC int32 matrixSha1Final(sslSha1Context_t *ctx, unsigned char *hash); - - -MATRIXPUBLIC void matrixMd5Init(sslMd5Context_t *ctx); -MATRIXPUBLIC void matrixMd5Update(sslMd5Context_t *ctx, - const unsigned char *buf, unsigned long len); -MATRIXPUBLIC int32 matrixMd5Final(sslMd5Context_t *ctx, unsigned char *hash); - - -#ifdef USE_MD2 -/* - MD2 is provided for compatibility with V2 and older X509 certificates, - it is known to have security problems and should not be used for any current - development. -*/ -MATRIXPUBLIC void matrixMd2Init(sslMd2Context_t *ctx); -MATRIXPUBLIC int32 matrixMd2Update(sslMd2Context_t *ctx, - const unsigned char *buf, unsigned long len); -MATRIXPUBLIC int32 matrixMd2Final(sslMd2Context_t *ctx, unsigned char *hash); -#endif /* USE_MD2 */ - - - - -#ifdef USE_RSA -MATRIXPUBLIC int32 matrixRsaEncryptPub(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen); -MATRIXPUBLIC int32 matrixRsaDecryptPriv(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen); -MATRIXPUBLIC int32 matrixRsaDecryptPub(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen); -#endif /* USE_RSA */ - - - - -#ifdef __cplusplus -} -#endif - -#endif /* _h_MATRIX_CRYPTO */ - -/******************************************************************************/ diff --git a/release/src/router/matrixssl/src/crypto/peersec/arc4.c b/release/src/router/matrixssl/src/crypto/peersec/arc4.c deleted file mode 100644 index 4e39553d..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/arc4.c +++ /dev/null @@ -1,109 +0,0 @@ -/* - * arc4.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * ARC4 stream cipher implementation - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "../cryptoLayer.h" - -#ifdef USE_ARC4 - -/* - Some accounts, such as O'Reilly's Secure Programming Cookbook say that no - more than 2^30 bytes should be processed without rekeying, so we - enforce that limit here. FYI, this is equal to 1GB of data transferred. -*/ -#define ARC4_MAX_BYTES 0x40000000 - -/******************************************************************************/ -/* - SSL_RSA_WITH_RC4_* cipher callbacks - */ -void matrixArc4Init(sslCipherContext_t *ctx, unsigned char *key, int32 keylen) -{ - unsigned char index1, index2, tmp, *state; - short counter; - - ctx->arc4.byteCount = 0; - state = &ctx->arc4.state[0]; - - for (counter = 0; counter < 256; counter++) { - state[counter] = (unsigned char)counter; - } - ctx->arc4.x = 0; - ctx->arc4.y = 0; - index1 = 0; - index2 = 0; - - for (counter = 0; counter < 256; counter++) { - index2 = (key[index1] + state[counter] + index2) & 0xff; - - tmp = state[counter]; - state[counter] = state[index2]; - state[index2] = tmp; - - index1 = (index1 + 1) % keylen; - } -} - -int32 matrixArc4(sslCipherContext_t *ctx, unsigned char *in, - unsigned char *out, int32 len) -{ - unsigned char x, y, *state, xorIndex, tmp; - short counter; - - ctx->arc4.byteCount += len; - if (ctx->arc4.byteCount > ARC4_MAX_BYTES) { - return -1; - } - - x = ctx->arc4.x; - y = ctx->arc4.y; - state = &ctx->arc4.state[0]; - for (counter = 0; counter < len; counter++) { - x = (x + 1) & 0xff; - y = (state[x] + y) & 0xff; - - tmp = state[x]; - state[x] = state[y]; - state[y] = tmp; - - xorIndex = (state[x] + state[y]) & 0xff; - - tmp = in[counter]; - tmp ^= state[xorIndex]; - out[counter] = tmp; - } - ctx->arc4.x = x; - ctx->arc4.y = y; - return len; -} - -#endif /* USE_ARC4 */ - -/******************************************************************************/ diff --git a/release/src/router/matrixssl/src/crypto/peersec/base64.c b/release/src/router/matrixssl/src/crypto/peersec/base64.c deleted file mode 100644 index 603b1f88..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/base64.c +++ /dev/null @@ -1,116 +0,0 @@ -/* - * base64.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Base64 operations - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "../cryptoLayer.h" - -static const unsigned char map[256] = { -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 62, 255, 255, 255, 63, - 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 255, 255, -255, 254, 255, 255, 255, 0, 1, 2, 3, 4, 5, 6, - 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, - 19, 20, 21, 22, 23, 24, 25, 255, 255, 255, 255, 255, -255, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, - 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, - 49, 50, 51, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255 }; - -int32 ps_base64_decode(const unsigned char *in, uint32 len, - unsigned char *out, uint32 *outlen) -{ - unsigned long t, x, y, z; - unsigned char c; - int32 g; - - if (in == NULL || out == NULL || outlen == NULL) { - return -1; - } - g = 3; - for (x = y = z = t = 0; x < len; x++) { - c = map[in[x]&0xFF]; - if (c == 255) { - continue; - } -/* - the final = symbols are read and used to trim the remaining bytes - */ - if (c == 254) { - c = 0; -/* - prevent g < 0 which would potentially allow an overflow later - */ - if (--g < 0) { - return CRYPT_INVALID_PACKET; - } - } else if (g != 3) { -/* - we only allow = to be at the end - */ - return CRYPT_INVALID_PACKET; - } - - t = (t<<6)|c; - - if (++y == 4) { - if (z + g > *outlen) { - return CRYPT_BUFFER_OVERFLOW; - } - out[z++] = (unsigned char)((t>>16)&255); - if (g > 1) { - out[z++] = (unsigned char)((t>>8)&255); - } - if (g > 2) { - out[z++] = (unsigned char)(t&255); - } - y = t = 0; - } - } - if (y != 0) { - return -1; - } - *outlen = z; - return 0; -} - -/******************************************************************************/ - diff --git a/release/src/router/matrixssl/src/crypto/peersec/des3.c b/release/src/router/matrixssl/src/crypto/peersec/des3.c deleted file mode 100644 index 53cb3472..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/des3.c +++ /dev/null @@ -1,795 +0,0 @@ -/* - * des3.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * 3DES block cipher implementation for low memory usage - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "../cryptoLayer.h" - -#ifdef USE_3DES - -#define EN0 0 -#define DE1 1 - -static const ulong32 bytebit[8] = -{ - 0200, 0100, 040, 020, 010, 04, 02, 01 -}; - -static const ulong32 bigbyte[24] = -{ - 0x800000UL, 0x400000UL, 0x200000UL, 0x100000UL, - 0x80000UL, 0x40000UL, 0x20000UL, 0x10000UL, - 0x8000UL, 0x4000UL, 0x2000UL, 0x1000UL, - 0x800UL, 0x400UL, 0x200UL, 0x100UL, - 0x80UL, 0x40UL, 0x20UL, 0x10UL, - 0x8UL, 0x4UL, 0x2UL, 0x1L -}; - -static const unsigned char pc1[56] = { - 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, - 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, - 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, - 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 -}; - -static const unsigned char pc2[48] = { - 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, - 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, - 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, - 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 -}; - -static const unsigned char totrot[16] = { - 1, 2, 4, 6, - 8, 10, 12, 14, - 15, 17, 19, 21, - 23, 25, 27, 28 -}; - -static const ulong32 SP1[] = -{ - 0x01010400UL, 0x00000000UL, 0x00010000UL, 0x01010404UL, - 0x01010004UL, 0x00010404UL, 0x00000004UL, 0x00010000UL, - 0x00000400UL, 0x01010400UL, 0x01010404UL, 0x00000400UL, - 0x01000404UL, 0x01010004UL, 0x01000000UL, 0x00000004UL, - 0x00000404UL, 0x01000400UL, 0x01000400UL, 0x00010400UL, - 0x00010400UL, 0x01010000UL, 0x01010000UL, 0x01000404UL, - 0x00010004UL, 0x01000004UL, 0x01000004UL, 0x00010004UL, - 0x00000000UL, 0x00000404UL, 0x00010404UL, 0x01000000UL, - 0x00010000UL, 0x01010404UL, 0x00000004UL, 0x01010000UL, - 0x01010400UL, 0x01000000UL, 0x01000000UL, 0x00000400UL, - 0x01010004UL, 0x00010000UL, 0x00010400UL, 0x01000004UL, - 0x00000400UL, 0x00000004UL, 0x01000404UL, 0x00010404UL, - 0x01010404UL, 0x00010004UL, 0x01010000UL, 0x01000404UL, - 0x01000004UL, 0x00000404UL, 0x00010404UL, 0x01010400UL, - 0x00000404UL, 0x01000400UL, 0x01000400UL, 0x00000000UL, - 0x00010004UL, 0x00010400UL, 0x00000000UL, 0x01010004UL -}; - -static const ulong32 SP2[] = -{ - 0x80108020UL, 0x80008000UL, 0x00008000UL, 0x00108020UL, - 0x00100000UL, 0x00000020UL, 0x80100020UL, 0x80008020UL, - 0x80000020UL, 0x80108020UL, 0x80108000UL, 0x80000000UL, - 0x80008000UL, 0x00100000UL, 0x00000020UL, 0x80100020UL, - 0x00108000UL, 0x00100020UL, 0x80008020UL, 0x00000000UL, - 0x80000000UL, 0x00008000UL, 0x00108020UL, 0x80100000UL, - 0x00100020UL, 0x80000020UL, 0x00000000UL, 0x00108000UL, - 0x00008020UL, 0x80108000UL, 0x80100000UL, 0x00008020UL, - 0x00000000UL, 0x00108020UL, 0x80100020UL, 0x00100000UL, - 0x80008020UL, 0x80100000UL, 0x80108000UL, 0x00008000UL, - 0x80100000UL, 0x80008000UL, 0x00000020UL, 0x80108020UL, - 0x00108020UL, 0x00000020UL, 0x00008000UL, 0x80000000UL, - 0x00008020UL, 0x80108000UL, 0x00100000UL, 0x80000020UL, - 0x00100020UL, 0x80008020UL, 0x80000020UL, 0x00100020UL, - 0x00108000UL, 0x00000000UL, 0x80008000UL, 0x00008020UL, - 0x80000000UL, 0x80100020UL, 0x80108020UL, 0x00108000UL -}; - -static const ulong32 SP3[] = -{ - 0x00000208UL, 0x08020200UL, 0x00000000UL, 0x08020008UL, - 0x08000200UL, 0x00000000UL, 0x00020208UL, 0x08000200UL, - 0x00020008UL, 0x08000008UL, 0x08000008UL, 0x00020000UL, - 0x08020208UL, 0x00020008UL, 0x08020000UL, 0x00000208UL, - 0x08000000UL, 0x00000008UL, 0x08020200UL, 0x00000200UL, - 0x00020200UL, 0x08020000UL, 0x08020008UL, 0x00020208UL, - 0x08000208UL, 0x00020200UL, 0x00020000UL, 0x08000208UL, - 0x00000008UL, 0x08020208UL, 0x00000200UL, 0x08000000UL, - 0x08020200UL, 0x08000000UL, 0x00020008UL, 0x00000208UL, - 0x00020000UL, 0x08020200UL, 0x08000200UL, 0x00000000UL, - 0x00000200UL, 0x00020008UL, 0x08020208UL, 0x08000200UL, - 0x08000008UL, 0x00000200UL, 0x00000000UL, 0x08020008UL, - 0x08000208UL, 0x00020000UL, 0x08000000UL, 0x08020208UL, - 0x00000008UL, 0x00020208UL, 0x00020200UL, 0x08000008UL, - 0x08020000UL, 0x08000208UL, 0x00000208UL, 0x08020000UL, - 0x00020208UL, 0x00000008UL, 0x08020008UL, 0x00020200UL -}; - -static const ulong32 SP4[] = -{ - 0x00802001UL, 0x00002081UL, 0x00002081UL, 0x00000080UL, - 0x00802080UL, 0x00800081UL, 0x00800001UL, 0x00002001UL, - 0x00000000UL, 0x00802000UL, 0x00802000UL, 0x00802081UL, - 0x00000081UL, 0x00000000UL, 0x00800080UL, 0x00800001UL, - 0x00000001UL, 0x00002000UL, 0x00800000UL, 0x00802001UL, - 0x00000080UL, 0x00800000UL, 0x00002001UL, 0x00002080UL, - 0x00800081UL, 0x00000001UL, 0x00002080UL, 0x00800080UL, - 0x00002000UL, 0x00802080UL, 0x00802081UL, 0x00000081UL, - 0x00800080UL, 0x00800001UL, 0x00802000UL, 0x00802081UL, - 0x00000081UL, 0x00000000UL, 0x00000000UL, 0x00802000UL, - 0x00002080UL, 0x00800080UL, 0x00800081UL, 0x00000001UL, - 0x00802001UL, 0x00002081UL, 0x00002081UL, 0x00000080UL, - 0x00802081UL, 0x00000081UL, 0x00000001UL, 0x00002000UL, - 0x00800001UL, 0x00002001UL, 0x00802080UL, 0x00800081UL, - 0x00002001UL, 0x00002080UL, 0x00800000UL, 0x00802001UL, - 0x00000080UL, 0x00800000UL, 0x00002000UL, 0x00802080UL -}; - -static const ulong32 SP5[] = -{ - 0x00000100UL, 0x02080100UL, 0x02080000UL, 0x42000100UL, - 0x00080000UL, 0x00000100UL, 0x40000000UL, 0x02080000UL, - 0x40080100UL, 0x00080000UL, 0x02000100UL, 0x40080100UL, - 0x42000100UL, 0x42080000UL, 0x00080100UL, 0x40000000UL, - 0x02000000UL, 0x40080000UL, 0x40080000UL, 0x00000000UL, - 0x40000100UL, 0x42080100UL, 0x42080100UL, 0x02000100UL, - 0x42080000UL, 0x40000100UL, 0x00000000UL, 0x42000000UL, - 0x02080100UL, 0x02000000UL, 0x42000000UL, 0x00080100UL, - 0x00080000UL, 0x42000100UL, 0x00000100UL, 0x02000000UL, - 0x40000000UL, 0x02080000UL, 0x42000100UL, 0x40080100UL, - 0x02000100UL, 0x40000000UL, 0x42080000UL, 0x02080100UL, - 0x40080100UL, 0x00000100UL, 0x02000000UL, 0x42080000UL, - 0x42080100UL, 0x00080100UL, 0x42000000UL, 0x42080100UL, - 0x02080000UL, 0x00000000UL, 0x40080000UL, 0x42000000UL, - 0x00080100UL, 0x02000100UL, 0x40000100UL, 0x00080000UL, - 0x00000000UL, 0x40080000UL, 0x02080100UL, 0x40000100UL -}; - -static const ulong32 SP6[] = -{ - 0x20000010UL, 0x20400000UL, 0x00004000UL, 0x20404010UL, - 0x20400000UL, 0x00000010UL, 0x20404010UL, 0x00400000UL, - 0x20004000UL, 0x00404010UL, 0x00400000UL, 0x20000010UL, - 0x00400010UL, 0x20004000UL, 0x20000000UL, 0x00004010UL, - 0x00000000UL, 0x00400010UL, 0x20004010UL, 0x00004000UL, - 0x00404000UL, 0x20004010UL, 0x00000010UL, 0x20400010UL, - 0x20400010UL, 0x00000000UL, 0x00404010UL, 0x20404000UL, - 0x00004010UL, 0x00404000UL, 0x20404000UL, 0x20000000UL, - 0x20004000UL, 0x00000010UL, 0x20400010UL, 0x00404000UL, - 0x20404010UL, 0x00400000UL, 0x00004010UL, 0x20000010UL, - 0x00400000UL, 0x20004000UL, 0x20000000UL, 0x00004010UL, - 0x20000010UL, 0x20404010UL, 0x00404000UL, 0x20400000UL, - 0x00404010UL, 0x20404000UL, 0x00000000UL, 0x20400010UL, - 0x00000010UL, 0x00004000UL, 0x20400000UL, 0x00404010UL, - 0x00004000UL, 0x00400010UL, 0x20004010UL, 0x00000000UL, - 0x20404000UL, 0x20000000UL, 0x00400010UL, 0x20004010UL -}; - -static const ulong32 SP7[] = -{ - 0x00200000UL, 0x04200002UL, 0x04000802UL, 0x00000000UL, - 0x00000800UL, 0x04000802UL, 0x00200802UL, 0x04200800UL, - 0x04200802UL, 0x00200000UL, 0x00000000UL, 0x04000002UL, - 0x00000002UL, 0x04000000UL, 0x04200002UL, 0x00000802UL, - 0x04000800UL, 0x00200802UL, 0x00200002UL, 0x04000800UL, - 0x04000002UL, 0x04200000UL, 0x04200800UL, 0x00200002UL, - 0x04200000UL, 0x00000800UL, 0x00000802UL, 0x04200802UL, - 0x00200800UL, 0x00000002UL, 0x04000000UL, 0x00200800UL, - 0x04000000UL, 0x00200800UL, 0x00200000UL, 0x04000802UL, - 0x04000802UL, 0x04200002UL, 0x04200002UL, 0x00000002UL, - 0x00200002UL, 0x04000000UL, 0x04000800UL, 0x00200000UL, - 0x04200800UL, 0x00000802UL, 0x00200802UL, 0x04200800UL, - 0x00000802UL, 0x04000002UL, 0x04200802UL, 0x04200000UL, - 0x00200800UL, 0x00000000UL, 0x00000002UL, 0x04200802UL, - 0x00000000UL, 0x00200802UL, 0x04200000UL, 0x00000800UL, - 0x04000002UL, 0x04000800UL, 0x00000800UL, 0x00200002UL -}; - -static const ulong32 SP8[] = -{ - 0x10001040UL, 0x00001000UL, 0x00040000UL, 0x10041040UL, - 0x10000000UL, 0x10001040UL, 0x00000040UL, 0x10000000UL, - 0x00040040UL, 0x10040000UL, 0x10041040UL, 0x00041000UL, - 0x10041000UL, 0x00041040UL, 0x00001000UL, 0x00000040UL, - 0x10040000UL, 0x10000040UL, 0x10001000UL, 0x00001040UL, - 0x00041000UL, 0x00040040UL, 0x10040040UL, 0x10041000UL, - 0x00001040UL, 0x00000000UL, 0x00000000UL, 0x10040040UL, - 0x10000040UL, 0x10001000UL, 0x00041040UL, 0x00040000UL, - 0x00041040UL, 0x00040000UL, 0x10041000UL, 0x00001000UL, - 0x00000040UL, 0x10040040UL, 0x00001000UL, 0x00041040UL, - 0x10001000UL, 0x00000040UL, 0x10000040UL, 0x10040000UL, - 0x10040040UL, 0x10000000UL, 0x00040000UL, 0x10001040UL, - 0x00000000UL, 0x10041040UL, 0x00040040UL, 0x10000040UL, - 0x10040000UL, 0x10001000UL, 0x10001040UL, 0x00000000UL, - 0x10041040UL, 0x00041000UL, 0x00041000UL, 0x00001040UL, - 0x00001040UL, 0x00040040UL, 0x10000000UL, 0x10041000UL, - 0xe1f27f3aUL, 0xf5710fb0UL, 0xada0e5c4UL, 0x98e4c919UL -}; - -static void cookey(const ulong32 *raw1, ulong32 *keyout); -static void deskey(const unsigned char *key, short edf, ulong32 *keyout); - -/******************************************************************************/ -/* - Init the 3DES block cipher context for CBC-EDE mode. - IV should point to 8 bytes of initialization vector - Key should point to 24 bytes of data -*/ -int32 matrix3desInit(sslCipherContext_t *ctx, unsigned char *IV, - unsigned char *key, int32 keylen) -{ - int32 x, err; - - if (IV == NULL || key == NULL || ctx == NULL || keylen != SSL_DES3_KEY_LEN){ - return -1; - } -/* - setup cipher - */ - if ((err = des3_setup(key, keylen, 0, &ctx->des3)) != CRYPT_OK) { - return -1; - } -/* - copy IV - */ - ctx->des3.blocklen = SSL_DES3_IV_LEN; - for (x = 0; x < ctx->des3.blocklen; x++) { - ctx->des3.IV[x] = IV[x]; - } - ctx->des3.explicitIV = 0; - return 0; -} - -/******************************************************************************/ -/* - Encrypt a buffer using 3DES-EDE-CBC - (Encrypt Decrypt Encrypt and Cipher Block Chaining) - len must be a multiple of blockLen (8 bytes) -*/ -int32 matrix3desEncrypt(sslCipherContext_t *ctx, unsigned char *pt, - unsigned char *ct, int32 len) -{ - int32 x, i; - unsigned char tmp[MAXBLOCKSIZE]; - - if (pt == NULL || ct == NULL || ctx == NULL || (len & 0x7) != 0) { - return -1; - } - - /* is blocklen valid? */ - if (ctx->des3.blocklen < 0 || ctx->des3.blocklen > - (int32)sizeof(ctx->des3.IV)) { - return -1; - } - - for (i = 0; i < len; i += ctx->des3.blocklen) { - /* xor IV against plaintext */ - for (x = 0; x < ctx->des3.blocklen; x++) { - tmp[x] = pt[x] ^ ctx->des3.IV[x]; - } - /* encrypt */ - des3_ecb_encrypt(tmp, (unsigned char*)ct, &ctx->des3); - - /* store IV [ciphertext] for a future block */ - for (x = 0; x < ctx->des3.blocklen; x++) { - ctx->des3.IV[x] = ct[x]; - } - ct += ctx->des3.blocklen; - pt += ctx->des3.blocklen; - } - -#ifdef CLEAN_STACK - psZeromem(tmp, sizeof(tmp)); -#endif /* CLEAN STACK */ - return len; -} - -/******************************************************************************/ -/* - Decrypt a buffer using 3DES-EDE-CBC - (Encrypt Decrypt Encrypt and Cipher Block Chaining) - len must be a multiple of blockLen (8 bytes) -*/ -int32 matrix3desDecrypt(sslCipherContext_t *ctx, unsigned char *ct, - unsigned char *pt, int32 len) -{ - int32 x, i; - unsigned char tmp[MAXBLOCKSIZE], tmp2[MAXBLOCKSIZE]; - - if (pt == NULL || ct == NULL || ctx == NULL || (len & 0x7) != 0) { - return -1; - } - - /* is blocklen valid? */ - if (ctx->des3.blocklen < 0 || ctx->des3.blocklen > - (int32)sizeof(ctx->des3.IV)) { - return -1; - } - for (i = 0; i < len; i += ctx->des3.blocklen) { - /* decrypt the block from ct into tmp */ - des3_ecb_decrypt(ct, tmp, &ctx->des3); - /* xor IV against the plaintext of the previous step */ - for (x = 0; x < ctx->des3.blocklen; x++) { - /* copy CT in case ct == pt */ - tmp2[x] = ct[x]; - /* actually decrypt the byte */ - pt[x] = tmp[x] ^ ctx->des3.IV[x]; - } - /* replace IV with this current ciphertext */ - for (x = 0; x < ctx->des3.blocklen; x++) { - ctx->des3.IV[x] = tmp2[x]; - } - ct += ctx->des3.blocklen; - if (ctx->des3.explicitIV) { -/* - An explict IV mode has an additional block of random data that - we dismiss here. It is not part of the MAC. The TLS 1.1 spec - isn't explicit about this, but it only makes sense since the - extra block is used to derive the IV for the remainder of the - message. In theory (DTLS for example) the actual decrypted block - could have been received out of order and the first block would - not decrypt to the plaintext it originally was anyway. - - It is easiest to simply remove the first block in this cipher - code here. If we wait until we get back into matrixSslDecode - we have to deal with a bunch of sslBuf_t manipulations which is - ugly. -*/ - if (i != 0) { - pt += ctx->des3.blocklen; - } - } else { - pt += ctx->des3.blocklen; - } - } -#ifdef CLEAN_STACK - psZeromem(tmp, sizeof(tmp)); - psZeromem(tmp2, sizeof(tmp2)); -#endif /* CLEAN_STACK */ - return len; -} - -/******************************************************************************/ -/* - 3DES implementation below -*/ -static void cookey(const ulong32 *raw1, ulong32 *keyout) -{ - ulong32 *cook; - const ulong32 *raw0; - ulong32 dough[32]; - int32 i; - - cook = dough; - for(i=0; i < 16; i++, raw1++) { - raw0 = raw1++; - *cook = (*raw0 & 0x00fc0000L) << 6; - *cook |= (*raw0 & 0x00000fc0L) << 10; - *cook |= (*raw1 & 0x00fc0000L) >> 10; - *cook++ |= (*raw1 & 0x00000fc0L) >> 6; - *cook = (*raw0 & 0x0003f000L) << 12; - *cook |= (*raw0 & 0x0000003fL) << 16; - *cook |= (*raw1 & 0x0003f000L) >> 4; - *cook++ |= (*raw1 & 0x0000003fL); - } - - psMemcpy(keyout, dough, sizeof dough); - psBurnStack(sizeof(ulong32 *) * 2 + sizeof(ulong32)*32 + sizeof(int32)); -} - - -static void deskey(const unsigned char *key, short edf, ulong32 *keyout) -{ - ulong32 i, j, l, m, n, kn[32]; - unsigned char pc1m[56], pcr[56]; - - for (j=0; j < 56; j++) { - l = (ulong32)pc1[j]; - m = l & 7; - pc1m[j] = (unsigned char)((key[l >> 3U] & bytebit[m]) == - bytebit[m] ? 1 : 0); - } - - for (i=0; i < 16; i++) { - if (edf == DE1) { - m = (15 - i) << 1; - } else { - m = i << 1; - } - n = m + 1; - kn[m] = kn[n] = 0L; - for (j=0; j < 28; j++) { - l = j + (ulong32)totrot[i]; - if (l < 28) { - pcr[j] = pc1m[l]; - } else { - pcr[j] = pc1m[l - 28]; - } - } - for (/*j = 28*/; j < 56; j++) { - l = j + (ulong32)totrot[i]; - if (l < 56) { - pcr[j] = pc1m[l]; - } else { - pcr[j] = pc1m[l - 28]; - } - } - for (j=0; j < 24; j++) { - if ((int32)pcr[(int32)pc2[j]] != 0) { - kn[m] |= bigbyte[j]; - } - if ((int32)pcr[(int32)pc2[j+24]] != 0) { - kn[n] |= bigbyte[j]; - } - } - } - cookey(kn, keyout); - psBurnStack(sizeof(int32)*5 + sizeof(ulong32)*32 + - sizeof(unsigned char)*112); -} - -static void desfunc(ulong32 *block, const ulong32 *keys) -{ - ulong32 work, right, leftt; - int32 cur_round; - - leftt = block[0]; - right = block[1]; - -#ifdef SMALL_CODE - work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL; - right ^= work; - leftt ^= (work << 4); - - work = ((leftt >> 16) ^ right) & 0x0000ffffL; - right ^= work; - leftt ^= (work << 16); - - work = ((right >> 2) ^ leftt) & 0x33333333L; - leftt ^= work; - right ^= (work << 2); - - work = ((right >> 8) ^ leftt) & 0x00ff00ffL; - leftt ^= work; - right ^= (work << 8); - - right = ROLc(right, 1); - work = (leftt ^ right) & 0xaaaaaaaaL; - - leftt ^= work; - right ^= work; - leftt = ROLc(leftt, 1); -#else /* SMALL_CODE */ -{ - ulong64 tmp; - tmp = des_ip[0][byte(leftt, 0)] ^ - des_ip[1][byte(leftt, 1)] ^ - des_ip[2][byte(leftt, 2)] ^ - des_ip[3][byte(leftt, 3)] ^ - des_ip[4][byte(right, 0)] ^ - des_ip[5][byte(right, 1)] ^ - des_ip[6][byte(right, 2)] ^ - des_ip[7][byte(right, 3)]; - leftt = (ulong32)(tmp >> 32); - right = (ulong32)(tmp & 0xFFFFFFFFUL); -} -#endif /* SMALL CODE */ - - for (cur_round = 0; cur_round < 8; cur_round++) { - work = RORc(right, 4) ^ *keys++; - leftt ^= SP7[work & 0x3fL] - ^ SP5[(work >> 8) & 0x3fL] - ^ SP3[(work >> 16) & 0x3fL] - ^ SP1[(work >> 24) & 0x3fL]; - work = right ^ *keys++; - leftt ^= SP8[ work & 0x3fL] - ^ SP6[(work >> 8) & 0x3fL] - ^ SP4[(work >> 16) & 0x3fL] - ^ SP2[(work >> 24) & 0x3fL]; - - work = RORc(leftt, 4) ^ *keys++; - right ^= SP7[ work & 0x3fL] - ^ SP5[(work >> 8) & 0x3fL] - ^ SP3[(work >> 16) & 0x3fL] - ^ SP1[(work >> 24) & 0x3fL]; - work = leftt ^ *keys++; - right ^= SP8[ work & 0x3fL] - ^ SP6[(work >> 8) & 0x3fL] - ^ SP4[(work >> 16) & 0x3fL] - ^ SP2[(work >> 24) & 0x3fL]; - } - -#ifdef SMALL_CODE - right = RORc(right, 1); - work = (leftt ^ right) & 0xaaaaaaaaL; - leftt ^= work; - right ^= work; - leftt = RORc(leftt, 1); - work = ((leftt >> 8) ^ right) & 0x00ff00ffL; - right ^= work; - leftt ^= (work << 8); - - work = ((leftt >> 2) ^ right) & 0x33333333L; - right ^= work; - leftt ^= (work << 2); - work = ((right >> 16) ^ leftt) & 0x0000ffffL; - leftt ^= work; - right ^= (work << 16); - work = ((right >> 4) ^ leftt) & 0x0f0f0f0fL; - leftt ^= work; - right ^= (work << 4); -#else /* SMALL CODE */ - { - ulong64 tmp; - tmp = des_fp[0][byte(leftt, 0)] ^ - des_fp[1][byte(leftt, 1)] ^ - des_fp[2][byte(leftt, 2)] ^ - des_fp[3][byte(leftt, 3)] ^ - des_fp[4][byte(right, 0)] ^ - des_fp[5][byte(right, 1)] ^ - des_fp[6][byte(right, 2)] ^ - des_fp[7][byte(right, 3)]; - leftt = (ulong32)(tmp >> 32); - right = (ulong32)(tmp & 0xFFFFFFFFUL); - } -#endif /* SMALL CODE */ - - block[0] = right; - block[1] = leftt; - psBurnStack(sizeof(ulong32) * 4 + sizeof(int32)); -} - -/* - We don't validate DES keys against the following known weak keys. - Astronomically small chances of randomly getting a weak key - with 3DES. http://www.rsasecurity.com/rsalabs/faq/3-2-4.html - - http://www.itl.nist.gov/fipspubs/fip74.htm - 1. E001E00lFl0lFl0l 01E001E00lFl0lFl - 2. FElFFElFFEOEFEOE 1FFElFFEOEFEOEFE - 3. E01FE01FF10EF10E 1FE01FEOOEF10EF1 - 4. 01FE01FE01FE01FE FE01FE01FE01FE01 - 5. 011F011F0l0E010E 1F011F0l0E0l0E01 - 6. E0FEE0FEFlFEFlFE FEE0FEE0FEFlFEF1 - 7. 0101010101010101 - 8. FEFEFEFEFEFEFEFE - 9. E0E0E0E0FlFlFlFl - 10. lFlFlFlF0E0E0E0E -*/ -int32 des3_setup(const unsigned char *key, int32 keylen, int32 num_rounds, - des3_CBC *skey) -{ - if (key == NULL || skey == NULL) { - return -1; - } - - if( num_rounds != 0 && num_rounds != 16) { - return CRYPT_INVALID_ROUNDS; - } - - if (keylen != 24) { - return CRYPT_INVALID_KEYSIZE; - } - - deskey(key, EN0, skey->key.ek[0]); - deskey(key+8, DE1, skey->key.ek[1]); - deskey(key+16, EN0, skey->key.ek[2]); - - deskey(key, DE1, skey->key.dk[2]); - deskey(key+8, EN0, skey->key.dk[1]); - deskey(key+16, DE1, skey->key.dk[0]); - - return CRYPT_OK; -} - -int des_setup(const unsigned char *key, int keylen, int num_rounds, - des3_CBC *skey) -{ - - if (num_rounds != 0 && num_rounds != 16) { - return CRYPT_INVALID_ROUNDS; - } - - if (keylen != 8) { - return CRYPT_INVALID_KEYSIZE; - } - - deskey(key, EN0, skey->key.ek[0]); - deskey(key, DE1, skey->key.dk[0]); - - return CRYPT_OK; -} - -void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, - des3_CBC *key) -{ - ulong32 work[2]; - - LOAD32H(work[0], pt+0); - LOAD32H(work[1], pt+4); - desfunc(work, key->key.ek[0]); - desfunc(work, key->key.ek[1]); - desfunc(work, key->key.ek[2]); - STORE32H(work[0],ct+0); - STORE32H(work[1],ct+4); -} - -void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, - des3_CBC *key) -{ - ulong32 work[2]; - - LOAD32H(work[0], pt+0); - LOAD32H(work[1], pt+4); - desfunc(work, key->key.ek[0]); - STORE32H(work[0],ct+0); - STORE32H(work[1],ct+4); -} - -void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, - des3_CBC *key) -{ - ulong32 work[2]; - - LOAD32H(work[0], ct+0); - LOAD32H(work[1], ct+4); - desfunc(work, key->key.dk[0]); - desfunc(work, key->key.dk[1]); - desfunc(work, key->key.dk[2]); - STORE32H(work[0],pt+0); - STORE32H(work[1],pt+4); -} - -void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, - des3_CBC *key) -{ - ulong32 work[2]; - LOAD32H(work[0], ct+0); - LOAD32H(work[1], ct+4); - desfunc(work, key->key.dk[0]); - STORE32H(work[0],pt+0); - STORE32H(work[1],pt+4); -} - -int32 des3_keysize(int32 *desired_keysize) -{ - if(*desired_keysize < 24) { - return CRYPT_INVALID_KEYSIZE; - } - *desired_keysize = 24; - return CRYPT_OK; -} - -/******************************************************************************/ -/* - Generate a 3DES key given a password and salt value. - We use PKCS#5 2.0 PBKDF1 key derivation format with MD5 and count == 1 per: - http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/index.html - - This key is compatible with the algorithm used by OpenSSL to encrypt keys - generated with 'openssl genrsa'. If other encryption formats are used - (for example PBKDF2), or an iteration count > 0 is used, they are not - compatible with this simple implementation. OpenSSL provides many options - for converting key formats to the one used here. - - A 3DES key is 24 bytes long, to generate it with this algorithm, - we md5 hash the password and salt for the first 16 bytes. We then - hash these first 16 bytes with the password and salt again, generating - another 16 bytes. We take the first 16 bytes and 8 of the second 16 to - form the 24 byte key. - - salt is assumed to point to 8 bytes of data - key is assumed to point to 24 bytes of data -*/ -void generate3DESKey(unsigned char *pass, int32 passlen, unsigned char *salt, - unsigned char *key) -{ - sslMd5Context_t state; - unsigned char md5[SSL_MD5_HASH_SIZE]; - - matrixMd5Init(&state); - matrixMd5Update(&state, pass, passlen); - matrixMd5Update(&state, salt, SSL_DES3_IV_LEN); - matrixMd5Final(&state, md5); - memcpy(key, md5, SSL_MD5_HASH_SIZE); - - matrixMd5Init(&state); - matrixMd5Update(&state, md5, SSL_MD5_HASH_SIZE); - matrixMd5Update(&state, pass, passlen); - matrixMd5Update(&state, salt, SSL_DES3_IV_LEN); - matrixMd5Final(&state, md5); - memcpy(key + SSL_MD5_HASH_SIZE, md5, SSL_DES3_KEY_LEN - SSL_MD5_HASH_SIZE); -} - - -#ifdef PEERSEC_TEST - -int32 matrixDes3Test() -{ - unsigned char key[24], pt[8], ct[8], tmp[8]; - des3_CBC skey; - int32 x, err; - - for (x = 0; x < 8; x++) { - pt[x] = x; - } - - for (x = 0; x < 24; x++) { - key[x] = x; - } - - if ((err = des3_setup(key, 24, 0, &skey)) != CRYPT_OK) { - return err; - } - - des3_ecb_encrypt(pt, ct, &skey); - des3_ecb_decrypt(ct, tmp, &skey); - - if (memcmp(pt, tmp, 8) != 0) { - return CRYPT_FAIL_TESTVECTOR; - } - - return CRYPT_OK; -} - -int32 matrixDesTest() -{ - unsigned char key[8], pt[8], ct[8], tmp[8]; - des3_CBC skey; - int32 x, err; - - for (x = 0; x < 8; x++) { - pt[x] = x; - } - - for (x = 0; x < 8; x++) { - key[x] = x; - } - - if ((err = des_setup(key, 8, 0, &skey)) != CRYPT_OK) { - return err; - } - - des_ecb_encrypt(pt, ct, &skey); - des_ecb_decrypt(ct, tmp, &skey); - - if (memcmp(pt, tmp, 8) != 0) { - return CRYPT_FAIL_TESTVECTOR; - } - - return CRYPT_OK; -} - -#endif /* PEERSEC_TEST */ - -#endif /* USE_3DES */ - -/******************************************************************************/ - diff --git a/release/src/router/matrixssl/src/crypto/peersec/md2.c b/release/src/router/matrixssl/src/crypto/peersec/md2.c deleted file mode 100644 index b8ffbc9e..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/md2.c +++ /dev/null @@ -1,221 +0,0 @@ -/* - * md2.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * MD2 hash implementation - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "../cryptoLayer.h" - -#ifdef USE_MD2 - -static const unsigned char PI_SUBST[256] = { - 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6, - 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188, - 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24, - 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251, - 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63, - 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50, - 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165, - 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210, - 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157, - 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27, - 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15, - 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197, - 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65, - 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123, - 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233, - 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228, - 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237, - 31, 26, 219, 153, 141, 51, 159, 17, 131, 20 -}; - -/* adds 16 bytes to the checksum */ -static void md2_update_chksum(hash_state *md) -{ - int32 j; - unsigned char L; - L = md->md2.chksum[15]; - for (j = 0; j < 16; j++) { - -/* caution, the RFC says its "C[j] = S[M[i*16+j] xor L]" but the reference source code [and test vectors] say - otherwise. -*/ - L = (md->md2.chksum[j] ^= PI_SUBST[(int32)(md->md2.buf[j] ^ L)] & 255); - } -} - -static void md2_compress(hash_state *md) -{ - int32 j, k; - unsigned char t; - - /* copy block */ - for (j = 0; j < 16; j++) { - md->md2.X[16+j] = md->md2.buf[j]; - md->md2.X[32+j] = md->md2.X[j] ^ md->md2.X[16+j]; - } - - t = (unsigned char)0; - - /* do 18 rounds */ - for (j = 0; j < 18; j++) { - for (k = 0; k < 48; k++) { - t = (md->md2.X[k] ^= PI_SUBST[(int32)(t & 255)]); - } - t = (t + (unsigned char)j) & 255; - } -} - -void matrixMd2Init(hash_state *md) -{ - sslAssert(md != NULL); - - /* MD2 uses a zero'ed state... */ - psZeromem(md->md2.X, sizeof(md->md2.X)); - psZeromem(md->md2.chksum, sizeof(md->md2.chksum)); - psZeromem(md->md2.buf, sizeof(md->md2.buf)); - md->md2.curlen = 0; -} - -int32 matrixMd2Update(hash_state *md, const unsigned char *buf, unsigned long len) -{ - unsigned long n; - sslAssert(md != NULL); - sslAssert(buf != NULL); - if (md-> md2 .curlen > sizeof(md-> md2 .buf)) { - return CRYPT_INVALID_ARG; - } - while (len > 0) { - n = MIN(len, (16 - md->md2.curlen)); - memcpy(md->md2.buf + md->md2.curlen, buf, (size_t)n); - md->md2.curlen += n; - buf += n; - len -= n; - - /* is 16 bytes full? */ - if (md->md2.curlen == 16) { - md2_compress(md); - md2_update_chksum(md); - md->md2.curlen = 0; - } - } - return CRYPT_OK; -} - -int32 matrixMd2Final(hash_state * md, unsigned char *hash) -{ - unsigned long i, k; - - sslAssert(md != NULL); - sslAssert(hash != NULL); - - if (md->md2.curlen >= sizeof(md->md2.buf)) { - return CRYPT_INVALID_ARG; - } - - - /* pad the message */ - k = 16 - md->md2.curlen; - for (i = md->md2.curlen; i < 16; i++) { - md->md2.buf[i] = (unsigned char)k; - } - - /* hash and update */ - md2_compress(md); - md2_update_chksum(md); - - /* hash checksum */ - memcpy(md->md2.buf, md->md2.chksum, 16); - md2_compress(md); - - /* output is lower 16 bytes of X */ - memcpy(hash, md->md2.X, 16); - -#ifdef CLEAN_STACK - psZeromem(md, sizeof(hash_state)); -#endif - return CRYPT_OK; -} - -#ifdef PEERSEC_TEST - -int32 matrixMd2Test(void) -{ - static const struct { - char *msg; - unsigned char md[16]; - } tests[] = { - { "", - {0x83,0x50,0xe5,0xa3,0xe2,0x4c,0x15,0x3d, - 0xf2,0x27,0x5c,0x9f,0x80,0x69,0x27,0x73 - } - }, - { "a", - {0x32,0xec,0x01,0xec,0x4a,0x6d,0xac,0x72, - 0xc0,0xab,0x96,0xfb,0x34,0xc0,0xb5,0xd1 - } - }, - { "message digest", - {0xab,0x4f,0x49,0x6b,0xfb,0x2a,0x53,0x0b, - 0x21,0x9f,0xf3,0x30,0x31,0xfe,0x06,0xb0 - } - }, - { "abcdefghijklmnopqrstuvwxyz", - {0x4e,0x8d,0xdf,0xf3,0x65,0x02,0x92,0xab, - 0x5a,0x41,0x08,0xc3,0xaa,0x47,0x94,0x0b - } - }, - { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - {0xda,0x33,0xde,0xf2,0xa4,0x2d,0xf1,0x39, - 0x75,0x35,0x28,0x46,0xc3,0x03,0x38,0xcd - } - }, - { "12345678901234567890123456789012345678901234567890123456789012345678901234567890", - {0xd5,0x97,0x6f,0x79,0xd8,0x3d,0x3a,0x0d, - 0xc9,0x80,0x6c,0x3c,0x66,0xf3,0xef,0xd8 - } - } - }; - int32 i; - hash_state md; - unsigned char buf[16]; - - for (i = 0; i < (int32)(sizeof(tests) / sizeof(tests[0])); i++) { - matrixMd2Init(&md); - matrixMd2Update(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); - matrixMd2Final(&md, buf); - if (memcmp(buf, tests[i].md, 16) != 0) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; -} - -#endif /* PEERSEC_TEST */ - -#endif /* USE_MD2 */ diff --git a/release/src/router/matrixssl/src/crypto/peersec/md5.c b/release/src/router/matrixssl/src/crypto/peersec/md5.c deleted file mode 100644 index e1161318..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/md5.c +++ /dev/null @@ -1,401 +0,0 @@ -/* - * md5.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * MD5 hash implementation - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "../cryptoLayer.h" - -#define F(x,y,z) (z ^ (x & (y ^ z))) -#define G(x,y,z) (y ^ (z & (y ^ x))) -#define H(x,y,z) (x^y^z) -#define I(x,y,z) (y^(x|(~z))) - -#ifdef SMALL_CODE - -#define FF(a,b,c,d,M,s,t) \ - a = (a + F(b,c,d) + M + t); a = ROL(a, s) + b; - -#define GG(a,b,c,d,M,s,t) \ - a = (a + G(b,c,d) + M + t); a = ROL(a, s) + b; - -#define HH(a,b,c,d,M,s,t) \ - a = (a + H(b,c,d) + M + t); a = ROL(a, s) + b; - -#define II(a,b,c,d,M,s,t) \ - a = (a + I(b,c,d) + M + t); a = ROL(a, s) + b; - -static const unsigned char Worder[64] = { - 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, - 1,6,11,0,5,10,15,4,9,14,3,8,13,2,7,12, - 5,8,11,14,1,4,7,10,13,0,3,6,9,12,15,2, - 0,7,14,5,12,3,10,1,8,15,6,13,4,11,2,9 -}; - -static const unsigned char Rorder[64] = { - 7,12,17,22,7,12,17,22,7,12,17,22,7,12,17,22, - 5,9,14,20,5,9,14,20,5,9,14,20,5,9,14,20, - 4,11,16,23,4,11,16,23,4,11,16,23,4,11,16,23, - 6,10,15,21,6,10,15,21,6,10,15,21,6,10,15,21 -}; - -static const ulong32 Korder[] = { - 0xd76aa478UL, 0xe8c7b756UL, 0x242070dbUL, 0xc1bdceeeUL, - 0xf57c0fafUL, 0x4787c62aUL, 0xa8304613UL, 0xfd469501UL, - 0x698098d8UL, 0x8b44f7afUL, 0xffff5bb1UL, 0x895cd7beUL, - 0x6b901122UL, 0xfd987193UL, 0xa679438eUL, 0x49b40821UL, - 0xf61e2562UL, 0xc040b340UL, 0x265e5a51UL, 0xe9b6c7aaUL, - 0xd62f105dUL, 0x02441453UL, 0xd8a1e681UL, 0xe7d3fbc8UL, - 0x21e1cde6UL, 0xc33707d6UL, 0xf4d50d87UL, 0x455a14edUL, - 0xa9e3e905UL, 0xfcefa3f8UL, 0x676f02d9UL, 0x8d2a4c8aUL, - 0xfffa3942UL, 0x8771f681UL, 0x6d9d6122UL, 0xfde5380cUL, - 0xa4beea44UL, 0x4bdecfa9UL, 0xf6bb4b60UL, 0xbebfbc70UL, - 0x289b7ec6UL, 0xeaa127faUL, 0xd4ef3085UL, 0x04881d05UL, - 0xd9d4d039UL, 0xe6db99e5UL, 0x1fa27cf8UL, 0xc4ac5665UL, - 0xf4292244UL, 0x432aff97UL, 0xab9423a7UL, 0xfc93a039UL, - 0x655b59c3UL, 0x8f0ccc92UL, 0xffeff47dUL, 0x85845dd1UL, - 0x6fa87e4fUL, 0xfe2ce6e0UL, 0xa3014314UL, 0x4e0811a1UL, - 0xf7537e82UL, 0xbd3af235UL, 0x2ad7d2bbUL, 0xeb86d391UL, - 0xe1f27f3aUL, 0xf5710fb0UL, 0xada0e5c4UL, 0x98e4c919UL - }; -#else /* SMALL_CODE */ - -#define FF(a,b,c,d,M,s,t) \ - a = (a + F(b,c,d) + M + t); a = ROLc(a, s) + b; - -#define GG(a,b,c,d,M,s,t) \ - a = (a + G(b,c,d) + M + t); a = ROLc(a, s) + b; - -#define HH(a,b,c,d,M,s,t) \ - a = (a + H(b,c,d) + M + t); a = ROLc(a, s) + b; - -#define II(a,b,c,d,M,s,t) \ - a = (a + I(b,c,d) + M + t); a = ROLc(a, s) + b; - -#endif /* SMALL_CODE */ - -#ifdef CLEAN_STACK -static void _md5_compress(hash_state *md) -#else -static void md5_compress(hash_state *md) -#endif /* CLEAN_STACK */ -{ - unsigned long i, W[16], a, b, c, d; -#ifdef SMALL_CODE - ulong32 t; -#endif - - sslAssert(md != NULL); - -/* - copy the state into 512-bits into W[0..15] - */ - for (i = 0; i < 16; i++) { - LOAD32L(W[i], md->md5.buf + (4*i)); - } - -/* - copy state - */ - a = md->md5.state[0]; - b = md->md5.state[1]; - c = md->md5.state[2]; - d = md->md5.state[3]; - -#ifdef SMALL_CODE - for (i = 0; i < 16; ++i) { - FF(a,b,c,d,W[Worder[i]],Rorder[i],Korder[i]); - t = d; d = c; c = b; b = a; a = t; - } - - for (; i < 32; ++i) { - GG(a,b,c,d,W[Worder[i]],Rorder[i],Korder[i]); - t = d; d = c; c = b; b = a; a = t; - } - - for (; i < 48; ++i) { - HH(a,b,c,d,W[Worder[i]],Rorder[i],Korder[i]); - t = d; d = c; c = b; b = a; a = t; - } - - for (; i < 64; ++i) { - II(a,b,c,d,W[Worder[i]],Rorder[i],Korder[i]); - t = d; d = c; c = b; b = a; a = t; - } - -#else /* SMALL_CODE */ - - FF(a,b,c,d,W[0],7,0xd76aa478UL) - FF(d,a,b,c,W[1],12,0xe8c7b756UL) - FF(c,d,a,b,W[2],17,0x242070dbUL) - FF(b,c,d,a,W[3],22,0xc1bdceeeUL) - FF(a,b,c,d,W[4],7,0xf57c0fafUL) - FF(d,a,b,c,W[5],12,0x4787c62aUL) - FF(c,d,a,b,W[6],17,0xa8304613UL) - FF(b,c,d,a,W[7],22,0xfd469501UL) - FF(a,b,c,d,W[8],7,0x698098d8UL) - FF(d,a,b,c,W[9],12,0x8b44f7afUL) - FF(c,d,a,b,W[10],17,0xffff5bb1UL) - FF(b,c,d,a,W[11],22,0x895cd7beUL) - FF(a,b,c,d,W[12],7,0x6b901122UL) - FF(d,a,b,c,W[13],12,0xfd987193UL) - FF(c,d,a,b,W[14],17,0xa679438eUL) - FF(b,c,d,a,W[15],22,0x49b40821UL) - GG(a,b,c,d,W[1],5,0xf61e2562UL) - GG(d,a,b,c,W[6],9,0xc040b340UL) - GG(c,d,a,b,W[11],14,0x265e5a51UL) - GG(b,c,d,a,W[0],20,0xe9b6c7aaUL) - GG(a,b,c,d,W[5],5,0xd62f105dUL) - GG(d,a,b,c,W[10],9,0x02441453UL) - GG(c,d,a,b,W[15],14,0xd8a1e681UL) - GG(b,c,d,a,W[4],20,0xe7d3fbc8UL) - GG(a,b,c,d,W[9],5,0x21e1cde6UL) - GG(d,a,b,c,W[14],9,0xc33707d6UL) - GG(c,d,a,b,W[3],14,0xf4d50d87UL) - GG(b,c,d,a,W[8],20,0x455a14edUL) - GG(a,b,c,d,W[13],5,0xa9e3e905UL) - GG(d,a,b,c,W[2],9,0xfcefa3f8UL) - GG(c,d,a,b,W[7],14,0x676f02d9UL) - GG(b,c,d,a,W[12],20,0x8d2a4c8aUL) - HH(a,b,c,d,W[5],4,0xfffa3942UL) - HH(d,a,b,c,W[8],11,0x8771f681UL) - HH(c,d,a,b,W[11],16,0x6d9d6122UL) - HH(b,c,d,a,W[14],23,0xfde5380cUL) - HH(a,b,c,d,W[1],4,0xa4beea44UL) - HH(d,a,b,c,W[4],11,0x4bdecfa9UL) - HH(c,d,a,b,W[7],16,0xf6bb4b60UL) - HH(b,c,d,a,W[10],23,0xbebfbc70UL) - HH(a,b,c,d,W[13],4,0x289b7ec6UL) - HH(d,a,b,c,W[0],11,0xeaa127faUL) - HH(c,d,a,b,W[3],16,0xd4ef3085UL) - HH(b,c,d,a,W[6],23,0x04881d05UL) - HH(a,b,c,d,W[9],4,0xd9d4d039UL) - HH(d,a,b,c,W[12],11,0xe6db99e5UL) - HH(c,d,a,b,W[15],16,0x1fa27cf8UL) - HH(b,c,d,a,W[2],23,0xc4ac5665UL) - II(a,b,c,d,W[0],6,0xf4292244UL) - II(d,a,b,c,W[7],10,0x432aff97UL) - II(c,d,a,b,W[14],15,0xab9423a7UL) - II(b,c,d,a,W[5],21,0xfc93a039UL) - II(a,b,c,d,W[12],6,0x655b59c3UL) - II(d,a,b,c,W[3],10,0x8f0ccc92UL) - II(c,d,a,b,W[10],15,0xffeff47dUL) - II(b,c,d,a,W[1],21,0x85845dd1UL) - II(a,b,c,d,W[8],6,0x6fa87e4fUL) - II(d,a,b,c,W[15],10,0xfe2ce6e0UL) - II(c,d,a,b,W[6],15,0xa3014314UL) - II(b,c,d,a,W[13],21,0x4e0811a1UL) - II(a,b,c,d,W[4],6,0xf7537e82UL) - II(d,a,b,c,W[11],10,0xbd3af235UL) - II(c,d,a,b,W[2],15,0x2ad7d2bbUL) - II(b,c,d,a,W[9],21,0xeb86d391UL) -#endif /* SMALL_CODE */ - - md->md5.state[0] = md->md5.state[0] + a; - md->md5.state[1] = md->md5.state[1] + b; - md->md5.state[2] = md->md5.state[2] + c; - md->md5.state[3] = md->md5.state[3] + d; -} - -#ifdef CLEAN_STACK -static void md5_compress(hash_state *md) -{ - _md5_compress(md); - psBurnStack(sizeof(unsigned long) * 21); -} -#endif /* CLEAN_STACK */ - -void matrixMd5Init(hash_state * md) -{ - sslAssert(md != NULL); - md->md5.state[0] = 0x67452301UL; - md->md5.state[1] = 0xefcdab89UL; - md->md5.state[2] = 0x98badcfeUL; - md->md5.state[3] = 0x10325476UL; - md->md5.curlen = 0; -#ifdef USE_INT64 - md->md5.length = 0; -#else - md->md5.lengthHi = 0; - md->md5.lengthLo = 0; -#endif /* USE_INT64 */ -} - -void matrixMd5Update(hash_state * md, const unsigned char *buf, unsigned long len) -{ - unsigned long n; - - sslAssert(md != NULL); - sslAssert(buf != NULL); - while (len > 0) { - n = MIN(len, (64 - md->md5.curlen)); - memcpy(md->md5.buf + md->md5.curlen, buf, (size_t)n); - md->md5.curlen += n; - buf += n; - len -= n; - -/* - is 64 bytes full? - */ - if (md->md5.curlen == 64) { - md5_compress(md); -#ifdef USE_INT64 - md->md5.length += 512; -#else - n = (md->md5.lengthLo + 512) & 0xFFFFFFFFL; - if (n < md->md5.lengthLo) { - md->md5.lengthHi++; - } - md->md5.lengthLo = n; -#endif /* USE_INT64 */ - md->md5.curlen = 0; - } - } -} - -int32 matrixMd5Final(hash_state * md, unsigned char *hash) -{ - int32 i; -#ifndef USE_INT64 - unsigned long n; -#endif - - sslAssert(md != NULL); - if (hash == NULL) { - return -1; - } - -/* - increase the length of the message - */ -#ifdef USE_INT64 - md->md5.length += md->md5.curlen << 3; -#else - n = (md->md5.lengthLo + (md->md5.curlen << 3)) & 0xFFFFFFFFL; - if (n < md->md5.lengthLo) { - md->md5.lengthHi++; - } - md->md5.lengthHi += (md->md5.curlen >> 29); - md->md5.lengthLo = n; -#endif /* USE_INT64 */ - -/* - append the '1' bit - */ - md->md5.buf[md->md5.curlen++] = (unsigned char)0x80; - -/* - if the length is currently above 56 bytes we append zeros then compress. - Then we can fall back to padding zeros and length encoding like normal. - */ - if (md->md5.curlen > 56) { - while (md->md5.curlen < 64) { - md->md5.buf[md->md5.curlen++] = (unsigned char)0; - } - md5_compress(md); - md->md5.curlen = 0; - } - -/* - pad upto 56 bytes of zeroes - */ - while (md->md5.curlen < 56) { - md->md5.buf[md->md5.curlen++] = (unsigned char)0; - } -/* - store length - */ -#ifdef USE_INT64 - STORE64L(md->md5.length, md->md5.buf+56); -#else - STORE32L(md->md5.lengthLo, md->md5.buf+56); - STORE32L(md->md5.lengthHi, md->md5.buf+60); -#endif /* USE_INT64 */ - md5_compress(md); - -/* - copy output - */ - for (i = 0; i < 4; i++) { - STORE32L(md->md5.state[i], hash+(4*i)); - } -#ifdef CLEAN_STACK - psZeromem(md, sizeof(hash_state)); -#endif /* CLEAN_STACK */ - return 16; -} - -#ifdef PEERSEC_TEST - -int32 matrixMd5Test() -{ - static const struct { - char *msg; - unsigned char hash[16]; - } tests[] = { - { "", - { 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04, - 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e } }, - { "a", - {0x0c, 0xc1, 0x75, 0xb9, 0xc0, 0xf1, 0xb6, 0xa8, - 0x31, 0xc3, 0x99, 0xe2, 0x69, 0x77, 0x26, 0x61 } }, - { "abc", - { 0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0, - 0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72 } }, - { "message digest", - { 0xf9, 0x6b, 0x69, 0x7d, 0x7c, 0xb7, 0x93, 0x8d, - 0x52, 0x5a, 0x2f, 0x31, 0xaa, 0xf1, 0x61, 0xd0 } }, - { "abcdefghijklmnopqrstuvwxyz", - { 0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00, - 0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b } }, - { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - { 0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5, - 0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f } }, - { "12345678901234567890123456789012345678901234567890123456789012345678901234567890", - { 0x57, 0xed, 0xf4, 0xa2, 0x2b, 0xe3, 0xc9, 0x55, - 0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a } }, - { NULL, { 0 } } - }; - - int32 i; - unsigned char tmp[16]; - hash_state md; - - for (i = 0; tests[i].msg != NULL; i++) { - matrixMd5Init(&md); - matrixMd5Update(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg)); - matrixMd5Final(&md, tmp); - if (memcmp(tmp, tests[i].hash, 16) != 0) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; -} -#endif /* PEERSEC_TEST */ - -/******************************************************************************/ diff --git a/release/src/router/matrixssl/src/crypto/peersec/mpi.c b/release/src/router/matrixssl/src/crypto/peersec/mpi.c deleted file mode 100644 index c37353d3..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/mpi.c +++ /dev/null @@ -1,3667 +0,0 @@ -/* - * mpi.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * multiple-precision integer library - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "../cryptoLayer.h" -#include <stdarg.h> - -#ifndef USE_MPI2 - -static int32 mp_exptmod_fast (psPool_t *pool, mp_int * G, mp_int * X, - mp_int * P, mp_int * Y, int32 redmode); - -/******************************************************************************/ -/* - FUTURE - 1. Convert the mp_init and mp_clear functions to not use malloc + free, - but to use static storage within the bignum variable instead - but - how to handle grow()? Maybe use a simple memory allocator - 2. verify stack usage of all functions and use of MP_LOW_MEM: - fast_mp_montgomery_reduce - fast_s_mp_mul_digs - fast_s_mp_sqr - fast_s_mp_mul_high_digs - 3. HAC stands for Handbook of Applied Cryptography - http://www.cacr.math.uwaterloo.ca/hac/ -*/ -/******************************************************************************/ -/* - Utility functions -*/ -void psZeromem(void *dst, size_t len) -{ - unsigned char *mem = (unsigned char *)dst; - - if (dst == NULL) { - return; - } - while (len-- > 0) { - *mem++ = 0; - } -} - -void psBurnStack(unsigned long len) -{ - unsigned char buf[32]; - - psZeromem(buf, sizeof(buf)); - if (len > (unsigned long)sizeof(buf)) { - psBurnStack(len - sizeof(buf)); - } -} - -/******************************************************************************/ -/* - Multiple precision integer functions - Note: we don't use va_args here to prevent portability issues. -*/ -int32 _mp_init_multi(psPool_t *pool, mp_int *mp0, mp_int *mp1, mp_int *mp2, - mp_int *mp3, mp_int *mp4, mp_int *mp5, - mp_int *mp6, mp_int *mp7) -{ - mp_err res = MP_OKAY; /* Assume ok until proven otherwise */ - int32 n = 0; /* Number of ok inits */ - mp_int *tempArray[9]; - - tempArray[0] = mp0; - tempArray[1] = mp1; - tempArray[2] = mp2; - tempArray[3] = mp3; - tempArray[4] = mp4; - tempArray[5] = mp5; - tempArray[6] = mp6; - tempArray[7] = mp7; - tempArray[8] = NULL; - - while (tempArray[n] != NULL) { - if (mp_init(pool, tempArray[n]) != MP_OKAY) { - res = MP_MEM; - break; - } - n++; - } - - if (res == MP_MEM) { - n = 0; - while (tempArray[n] != NULL) { - mp_clear(tempArray[n]); - n++; - } - } - return res; /* Assumed ok, if error flagged above. */ -} -/******************************************************************************/ -/* - Reads a unsigned char array, assumes the msb is stored first [big endian] - */ -int32 mp_read_unsigned_bin (mp_int * a, unsigned char *b, int32 c) -{ - int32 res; - -/* - Make sure there are at least two digits. - */ - if (a->alloc < 2) { - if ((res = mp_grow(a, 2)) != MP_OKAY) { - return res; - } - } - -/* - Zero the int32. - */ - mp_zero (a); - -/* - read the bytes in - */ - while (c-- > 0) { - if ((res = mp_mul_2d (a, 8, a)) != MP_OKAY) { - return res; - } - -#ifndef MP_8BIT - a->dp[0] |= *b++; - a->used += 1; -#else - a->dp[0] = (*b & MP_MASK); - a->dp[1] |= ((*b++ >> 7U) & 1); - a->used += 2; -#endif /* MP_8BIT */ - } - mp_clamp (a); - return MP_OKAY; -} - -/******************************************************************************/ -/* - Compare two ints (signed) - */ -int32 mp_cmp (mp_int * a, mp_int * b) -{ -/* - compare based on sign - */ - if (a->sign != b->sign) { - if (a->sign == MP_NEG) { - return MP_LT; - } else { - return MP_GT; - } - } - -/* - compare digits - */ - if (a->sign == MP_NEG) { - /* if negative compare opposite direction */ - return mp_cmp_mag(b, a); - } else { - return mp_cmp_mag(a, b); - } -} - -/******************************************************************************/ -/* - Store in unsigned [big endian] format. -*/ -int32 mp_to_unsigned_bin(psPool_t *pool, mp_int * a, unsigned char *b) -{ - int32 x, res; - mp_int t; - - if ((res = mp_init_copy(pool, &t, a)) != MP_OKAY) { - return res; - } - - x = 0; - while (mp_iszero (&t) == 0) { -#ifndef MP_8BIT - b[x++] = (unsigned char) (t.dp[0] & 255); -#else - b[x++] = (unsigned char) (t.dp[0] | ((t.dp[1] & 0x01) << 7)); -#endif /* MP_8BIT */ - if ((res = mp_div_2d (pool, &t, 8, &t, NULL)) != MP_OKAY) { - mp_clear (&t); - return res; - } - } - bn_reverse (b, x); - mp_clear (&t); - return MP_OKAY; -} - -void _mp_clear_multi(mp_int *mp0, mp_int *mp1, mp_int *mp2, mp_int *mp3, - mp_int *mp4, mp_int *mp5, mp_int *mp6, mp_int *mp7) -{ - int32 n = 0; /* Number of ok inits */ - - mp_int *tempArray[9]; - - tempArray[0] = mp0; - tempArray[1] = mp1; - tempArray[2] = mp2; - tempArray[3] = mp3; - tempArray[4] = mp4; - tempArray[5] = mp5; - tempArray[6] = mp6; - tempArray[7] = mp7; - tempArray[8] = NULL; - - for (n = 0; tempArray[n] != NULL; n++) { - mp_clear(tempArray[n]); - } -} - -/******************************************************************************/ -/* - Init a new mp_int. -*/ -int32 mp_init (psPool_t *pool, mp_int * a) -{ - int32 i; -/* - allocate memory required and clear it - */ - a->dp = OPT_CAST(mp_digit) psMalloc(pool, sizeof (mp_digit) * MP_PREC); - if (a->dp == NULL) { - return MP_MEM; - } - -/* - set the digits to zero - */ - for (i = 0; i < MP_PREC; i++) { - a->dp[i] = 0; - } -/* - set the used to zero, allocated digits to the default precision and sign - to positive - */ - a->used = 0; - a->alloc = MP_PREC; - a->sign = MP_ZPOS; - - return MP_OKAY; -} - -/******************************************************************************/ -/* - clear one (frees). - */ -void mp_clear (mp_int * a) -{ - int32 i; -/* - only do anything if a hasn't been freed previously - */ - if (a->dp != NULL) { -/* - first zero the digits - */ - for (i = 0; i < a->used; i++) { - a->dp[i] = 0; - } - - /* free ram */ - psFree (a->dp); - -/* - reset members to make debugging easier - */ - a->dp = NULL; - a->alloc = a->used = 0; - a->sign = MP_ZPOS; - } -} - -/******************************************************************************/ -/* - Get the size for an unsigned equivalent. - */ -int32 mp_unsigned_bin_size (mp_int * a) -{ - int32 size = mp_count_bits (a); - - return (size / 8 + ((size & 7) != 0 ? 1 : 0)); -} - -/******************************************************************************/ -/* - Trim unused digits - - This is used to ensure that leading zero digits are trimed and the - leading "used" digit will be non-zero. Typically very fast. Also fixes - the sign if there are no more leading digits -*/ -void mp_clamp (mp_int * a) -{ -/* - decrease used while the most significant digit is zero. - */ - while (a->used > 0 && a->dp[a->used - 1] == 0) { - --(a->used); - } - -/* - reset the sign flag if used == 0 - */ - if (a->used == 0) { - a->sign = MP_ZPOS; - } -} - -/******************************************************************************/ -/* - Shift left by a certain bit count. - */ -int32 mp_mul_2d (mp_int * a, int32 b, mp_int * c) -{ - mp_digit d; - int32 res; - -/* - Copy - */ - if (a != c) { - if ((res = mp_copy (a, c)) != MP_OKAY) { - return res; - } - } - - if (c->alloc < (int32)(c->used + b/DIGIT_BIT + 1)) { - if ((res = mp_grow (c, c->used + b / DIGIT_BIT + 1)) != MP_OKAY) { - return res; - } - } - -/* - Shift by as many digits in the bit count - */ - if (b >= (int32)DIGIT_BIT) { - if ((res = mp_lshd (c, b / DIGIT_BIT)) != MP_OKAY) { - return res; - } - } - -/* - shift any bit count < DIGIT_BIT - */ - d = (mp_digit) (b % DIGIT_BIT); - if (d != 0) { - register mp_digit *tmpc, shift, mask, r, rr; - register int32 x; - -/* - bitmask for carries - */ - mask = (((mp_digit)1) << d) - 1; - -/* - shift for msbs - */ - shift = DIGIT_BIT - d; - - /* alias */ - tmpc = c->dp; - - /* carry */ - r = 0; - for (x = 0; x < c->used; x++) { -/* - get the higher bits of the current word - */ - rr = (*tmpc >> shift) & mask; - -/* - shift the current word and OR in the carry - */ - *tmpc = ((*tmpc << d) | r) & MP_MASK; - ++tmpc; - -/* - set the carry to the carry bits of the current word - */ - r = rr; - } - -/* - set final carry - */ - if (r != 0) { - c->dp[(c->used)++] = r; - } - } - mp_clamp (c); - return MP_OKAY; -} - -/******************************************************************************/ -/* - Set to zero. - */ -void mp_zero (mp_int * a) -{ - int n; - mp_digit *tmp; - - a->sign = MP_ZPOS; - a->used = 0; - - tmp = a->dp; - for (n = 0; n < a->alloc; n++) { - *tmp++ = 0; - } -} - -#ifdef MP_LOW_MEM -#define TAB_SIZE 32 -#else -#define TAB_SIZE 256 -#endif /* MP_LOW_MEM */ - -/******************************************************************************/ -/* - Compare maginitude of two ints (unsigned). - */ -int32 mp_cmp_mag (mp_int * a, mp_int * b) -{ - int32 n; - mp_digit *tmpa, *tmpb; - -/* - compare based on # of non-zero digits - */ - if (a->used > b->used) { - return MP_GT; - } - - if (a->used < b->used) { - return MP_LT; - } - - /* alias for a */ - tmpa = a->dp + (a->used - 1); - - /* alias for b */ - tmpb = b->dp + (a->used - 1); - -/* - compare based on digits - */ - for (n = 0; n < a->used; ++n, --tmpa, --tmpb) { - if (*tmpa > *tmpb) { - return MP_GT; - } - - if (*tmpa < *tmpb) { - return MP_LT; - } - } - return MP_EQ; -} - -/******************************************************************************/ -/* - computes Y == G**X mod P, HAC pp.616, Algorithm 14.85 - - Uses a left-to-right k-ary sliding window to compute the modular - exponentiation. The value of k changes based on the size of the exponent. - - Uses Montgomery or Diminished Radix reduction [whichever appropriate] -*/ -int32 mp_exptmod(psPool_t *pool, mp_int * G, mp_int * X, mp_int * P, mp_int * Y) -{ - -/* - modulus P must be positive - */ - if (P->sign == MP_NEG) { - return MP_VAL; - } - -/* - if exponent X is negative we have to recurse - */ - if (X->sign == MP_NEG) { - mp_int tmpG, tmpX; - int32 err; - -/* - first compute 1/G mod P - */ - if ((err = mp_init(pool, &tmpG)) != MP_OKAY) { - return err; - } - if ((err = mp_invmod(pool, G, P, &tmpG)) != MP_OKAY) { - mp_clear(&tmpG); - return err; - } - -/* - now get |X| - */ - if ((err = mp_init(pool, &tmpX)) != MP_OKAY) { - mp_clear(&tmpG); - return err; - } - if ((err = mp_abs(X, &tmpX)) != MP_OKAY) { - mp_clear(&tmpG); - mp_clear(&tmpX); - return err; - } - -/* - and now compute (1/G)**|X| instead of G**X [X < 0] - */ - err = mp_exptmod(pool, &tmpG, &tmpX, P, Y); - mp_clear(&tmpG); - mp_clear(&tmpX); - return err; - } - -/* - if the modulus is odd or dr != 0 use the fast method - */ - if (mp_isodd (P) == 1) { - return mp_exptmod_fast (pool, G, X, P, Y, 0); - } else { -/* - no exptmod for evens - */ - return MP_VAL; - } -} - -/******************************************************************************/ -/* - Call only from mp_exptmod to make sure this fast version qualifies -*/ -static int32 mp_exptmod_fast(psPool_t *pool, mp_int * G, mp_int * X, - mp_int * P, mp_int * Y, int32 redmode) -{ - mp_int M[TAB_SIZE], res; - mp_digit buf, mp; - int32 err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize; - - -/* - use a pointer to the reduction algorithm. This allows us to use - one of many reduction algorithms without modding the guts of - the code with if statements everywhere. - */ - int32 (*redux)(mp_int*,mp_int*,mp_digit); - -/* - find window size - */ - x = mp_count_bits (X); - if (x <= 7) { - winsize = 2; - } else if (x <= 36) { - winsize = 3; - } else if (x <= 140) { - winsize = 4; - } else if (x <= 450) { - winsize = 5; - } else if (x <= 1303) { - winsize = 6; - } else if (x <= 3529) { - winsize = 7; - } else { - winsize = 8; - } - -#ifdef MP_LOW_MEM - if (winsize > 5) { - winsize = 5; - } -#endif - -/* - init M array - init first cell - */ - if ((err = mp_init(pool, &M[1])) != MP_OKAY) { - return err; - } - -/* - now init the second half of the array - */ - for (x = 1<<(winsize-1); x < (1 << winsize); x++) { - if ((err = mp_init(pool, &M[x])) != MP_OKAY) { - for (y = 1<<(winsize-1); y < x; y++) { - mp_clear(&M[y]); - } - mp_clear(&M[1]); - return err; - } - } - - -/* - now setup montgomery - */ - if ((err = mp_montgomery_setup(P, &mp)) != MP_OKAY) { - goto LBL_M; - } - -/* - automatically pick the comba one if available - */ - if (((P->used * 2 + 1) < MP_WARRAY) && - P->used < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) { - redux = fast_mp_montgomery_reduce; - } else { -/* - use slower baseline Montgomery method - */ - redux = mp_montgomery_reduce; - } - -/* - setup result - */ - if ((err = mp_init(pool, &res)) != MP_OKAY) { - goto LBL_M; - } - -/* - create M table. The first half of the table is not computed - though accept for M[0] and M[1] -*/ - -/* - now we need R mod m - */ - if ((err = mp_montgomery_calc_normalization(&res, P)) != MP_OKAY) { - goto LBL_RES; - } - -/* - now set M[1] to G * R mod m - */ - if ((err = mp_mulmod(pool, G, &res, P, &M[1])) != MP_OKAY) { - goto LBL_RES; - } - -/* - compute the value at M[1<<(winsize-1)] by squaring - M[1] (winsize-1) times -*/ - if ((err = mp_copy(&M[1], &M[1 << (winsize - 1)])) != MP_OKAY) { - goto LBL_RES; - } - - for (x = 0; x < (winsize - 1); x++) { - if ((err = mp_sqr(pool, &M[1 << (winsize - 1)], - &M[1 << (winsize - 1)])) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&M[1 << (winsize - 1)], P, mp)) != MP_OKAY) { - goto LBL_RES; - } - } - -/* - create upper table - */ - for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) { - if ((err = mp_mul(pool, &M[x - 1], &M[1], &M[x])) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&M[x], P, mp)) != MP_OKAY) { - goto LBL_RES; - } - } - -/* - set initial mode and bit cnt - */ - mode = 0; - bitcnt = 1; - buf = 0; - digidx = X->used - 1; - bitcpy = 0; - bitbuf = 0; - - for (;;) { -/* - grab next digit as required - */ - if (--bitcnt == 0) { - /* if digidx == -1 we are out of digits so break */ - if (digidx == -1) { - break; - } - /* read next digit and reset bitcnt */ - buf = X->dp[digidx--]; - bitcnt = (int)DIGIT_BIT; - } - - /* grab the next msb from the exponent */ - y = (mp_digit)(buf >> (DIGIT_BIT - 1)) & 1; - buf <<= (mp_digit)1; - -/* - if the bit is zero and mode == 0 then we ignore it - These represent the leading zero bits before the first 1 bit - in the exponent. Technically this opt is not required but it - does lower the # of trivial squaring/reductions used -*/ - if (mode == 0 && y == 0) { - continue; - } - -/* - if the bit is zero and mode == 1 then we square - */ - if (mode == 1 && y == 0) { - if ((err = mp_sqr (pool, &res, &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux (&res, P, mp)) != MP_OKAY) { - goto LBL_RES; - } - continue; - } - -/* - else we add it to the window - */ - bitbuf |= (y << (winsize - ++bitcpy)); - mode = 2; - - if (bitcpy == winsize) { -/* - ok window is filled so square as required and multiply - square first - */ - for (x = 0; x < winsize; x++) { - if ((err = mp_sqr(pool, &res, &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&res, P, mp)) != MP_OKAY) { - goto LBL_RES; - } - } - - /* then multiply */ - if ((err = mp_mul(pool, &res, &M[bitbuf], &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&res, P, mp)) != MP_OKAY) { - goto LBL_RES; - } - -/* - empty window and reset - */ - bitcpy = 0; - bitbuf = 0; - mode = 1; - } - } - -/* - if bits remain then square/multiply - */ - if (mode == 2 && bitcpy > 0) { - /* square then multiply if the bit is set */ - for (x = 0; x < bitcpy; x++) { - if ((err = mp_sqr(pool, &res, &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&res, P, mp)) != MP_OKAY) { - goto LBL_RES; - } - -/* - get next bit of the window - */ - bitbuf <<= 1; - if ((bitbuf & (1 << winsize)) != 0) { -/* - then multiply - */ - if ((err = mp_mul(pool, &res, &M[1], &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&res, P, mp)) != MP_OKAY) { - goto LBL_RES; - } - } - } - } - -/* - fixup result if Montgomery reduction is used - recall that any value in a Montgomery system is - actually multiplied by R mod n. So we have - to reduce one more time to cancel out the factor of R. -*/ - if ((err = redux(&res, P, mp)) != MP_OKAY) { - goto LBL_RES; - } - -/* - swap res with Y - */ - mp_exch(&res, Y); - err = MP_OKAY; -LBL_RES:mp_clear(&res); -LBL_M: - mp_clear(&M[1]); - for (x = 1<<(winsize-1); x < (1 << winsize); x++) { - mp_clear(&M[x]); - } - return err; -} - -/******************************************************************************/ -/* - Grow as required - */ -int32 mp_grow (mp_int * a, int32 size) -{ - int32 i; - mp_digit *tmp; - -/* - If the alloc size is smaller alloc more ram. - */ - if (a->alloc < size) { -/* - ensure there are always at least MP_PREC digits extra on top - */ - size += (MP_PREC * 2) - (size % MP_PREC); - -/* - Reallocate the array a->dp - - We store the return in a temporary variable in case the operation - failed we don't want to overwrite the dp member of a. -*/ - tmp = OPT_CAST(mp_digit) psRealloc(a->dp, sizeof (mp_digit) * size); - if (tmp == NULL) { -/* - reallocation failed but "a" is still valid [can be freed] - */ - return MP_MEM; - } - -/* - reallocation succeeded so set a->dp - */ - a->dp = tmp; - -/* - zero excess digits - */ - i = a->alloc; - a->alloc = size; - for (; i < a->alloc; i++) { - a->dp[i] = 0; - } - } - return MP_OKAY; -} - -/******************************************************************************/ -/* - b = |a| - - Simple function copies the input and fixes the sign to positive -*/ -int32 mp_abs (mp_int * a, mp_int * b) -{ - int32 res; - -/* - copy a to b - */ - if (a != b) { - if ((res = mp_copy (a, b)) != MP_OKAY) { - return res; - } - } - -/* - Force the sign of b to positive - */ - b->sign = MP_ZPOS; - - return MP_OKAY; -} - -/******************************************************************************/ -/* - Creates "a" then copies b into it - */ -int32 mp_init_copy(psPool_t *pool, mp_int * a, mp_int * b) -{ - int32 res; - - if ((res = mp_init(pool, a)) != MP_OKAY) { - return res; - } - return mp_copy (b, a); -} - -/******************************************************************************/ -/* - Reverse an array, used for radix code - */ -void bn_reverse (unsigned char *s, int32 len) -{ - int32 ix, iy; - unsigned char t; - - ix = 0; - iy = len - 1; - while (ix < iy) { - t = s[ix]; - s[ix] = s[iy]; - s[iy] = t; - ++ix; - --iy; - } -} - -/******************************************************************************/ -/* - Shift right by a certain bit count (store quotient in c, optional - remainder in d) - */ -int32 mp_div_2d(psPool_t *pool, mp_int * a, int32 b, mp_int * c, mp_int * d) -{ - mp_digit D, r, rr; - int32 x, res; - mp_int t; - -/* - If the shift count is <= 0 then we do no work - */ - if (b <= 0) { - res = mp_copy (a, c); - if (d != NULL) { - mp_zero (d); - } - return res; - } - - if ((res = mp_init(pool, &t)) != MP_OKAY) { - return res; - } - -/* - Get the remainder - */ - if (d != NULL) { - if ((res = mp_mod_2d (a, b, &t)) != MP_OKAY) { - mp_clear (&t); - return res; - } - } - - /* copy */ - if ((res = mp_copy (a, c)) != MP_OKAY) { - mp_clear (&t); - return res; - } - -/* - Shift by as many digits in the bit count - */ - if (b >= (int32)DIGIT_BIT) { - mp_rshd (c, b / DIGIT_BIT); - } - - /* shift any bit count < DIGIT_BIT */ - D = (mp_digit) (b % DIGIT_BIT); - if (D != 0) { - register mp_digit *tmpc, mask, shift; - - /* mask */ - mask = (((mp_digit)1) << D) - 1; - - /* shift for lsb */ - shift = DIGIT_BIT - D; - - /* alias */ - tmpc = c->dp + (c->used - 1); - - /* carry */ - r = 0; - for (x = c->used - 1; x >= 0; x--) { -/* - Get the lower bits of this word in a temp. - */ - rr = *tmpc & mask; - -/* - shift the current word and mix in the carry bits from the previous word - */ - *tmpc = (*tmpc >> D) | (r << shift); - --tmpc; - -/* - set the carry to the carry bits of the current word found above - */ - r = rr; - } - } - mp_clamp (c); - if (d != NULL) { - mp_exch (&t, d); - } - mp_clear (&t); - return MP_OKAY; -} - -/******************************************************************************/ -/* - copy, b = a - */ -int32 mp_copy (mp_int * a, mp_int * b) -{ - int32 res, n; - -/* - If dst == src do nothing - */ - if (a == b) { - return MP_OKAY; - } - -/* - Grow dest - */ - if (b->alloc < a->used) { - if ((res = mp_grow (b, a->used)) != MP_OKAY) { - return res; - } - } - -/* - Zero b and copy the parameters over - */ - { - register mp_digit *tmpa, *tmpb; - - /* pointer aliases */ - /* source */ - tmpa = a->dp; - - /* destination */ - tmpb = b->dp; - - /* copy all the digits */ - for (n = 0; n < a->used; n++) { - *tmpb++ = *tmpa++; - } - - /* clear high digits */ - for (; n < b->used; n++) { - *tmpb++ = 0; - } - } - -/* - copy used count and sign - */ - b->used = a->used; - b->sign = a->sign; - return MP_OKAY; -} - -/******************************************************************************/ -/* - Returns the number of bits in an int32 - */ -int32 mp_count_bits (mp_int * a) -{ - int32 r; - mp_digit q; - -/* - Shortcut - */ - if (a->used == 0) { - return 0; - } - -/* - Get number of digits and add that. - */ - r = (a->used - 1) * DIGIT_BIT; - -/* - Take the last digit and count the bits in it. - */ - q = a->dp[a->used - 1]; - while (q > ((mp_digit) 0)) { - ++r; - q >>= ((mp_digit) 1); - } - return r; -} - -/******************************************************************************/ -/* - Shift left a certain amount of digits. - */ -int32 mp_lshd (mp_int * a, int32 b) -{ - int32 x, res; - -/* - If its less than zero return. - */ - if (b <= 0) { - return MP_OKAY; - } - -/* - Grow to fit the new digits. - */ - if (a->alloc < a->used + b) { - if ((res = mp_grow (a, a->used + b)) != MP_OKAY) { - return res; - } - } - - { - register mp_digit *top, *bottom; - -/* - Increment the used by the shift amount then copy upwards. - */ - a->used += b; - - /* top */ - top = a->dp + a->used - 1; - - /* base */ - bottom = a->dp + a->used - 1 - b; - -/* - Much like mp_rshd this is implemented using a sliding window - except the window goes the otherway around. Copying from - the bottom to the top. see bn_mp_rshd.c for more info. - */ - for (x = a->used - 1; x >= b; x--) { - *top-- = *bottom--; - } - - /* zero the lower digits */ - top = a->dp; - for (x = 0; x < b; x++) { - *top++ = 0; - } - } - return MP_OKAY; -} - -/******************************************************************************/ -/* - Set to a digit. - */ -void mp_set (mp_int * a, mp_digit b) -{ - mp_zero (a); - a->dp[0] = b & MP_MASK; - a->used = (a->dp[0] != 0) ? 1 : 0; -} - -/******************************************************************************/ -/* - Swap the elements of two integers, for cases where you can't simply swap - the mp_int pointers around -*/ -void mp_exch (mp_int * a, mp_int * b) -{ - mp_int t; - - t = *a; - *a = *b; - *b = t; -} - -/******************************************************************************/ -/* - High level multiplication (handles sign) - */ -int32 mp_mul(psPool_t *pool, mp_int * a, mp_int * b, mp_int * c) -{ - int32 res, neg; - int32 digs = a->used + b->used + 1; - - neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG; - -/* Can we use the fast multiplier? - - The fast multiplier can be used if the output will have less than - MP_WARRAY digits and the number of digits won't affect carry propagation -*/ - if ((digs < MP_WARRAY) && MIN(a->used, b->used) <= - (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) { - res = fast_s_mp_mul_digs(pool, a, b, c, digs); - } else { - res = s_mp_mul(pool, a, b, c); - } - c->sign = (c->used > 0) ? neg : MP_ZPOS; - return res; -} - -/******************************************************************************/ -/* - c = a mod b, 0 <= c < b - */ -int32 mp_mod(psPool_t *pool, mp_int * a, mp_int * b, mp_int * c) -{ - mp_int t; - int32 res; - - if ((res = mp_init(pool, &t)) != MP_OKAY) { - return res; - } - - if ((res = mp_div (pool, a, b, NULL, &t)) != MP_OKAY) { - mp_clear (&t); - return res; - } - - if (t.sign != b->sign) { - res = mp_add (b, &t, c); - } else { - res = MP_OKAY; - mp_exch (&t, c); - } - - mp_clear (&t); - return res; -} - -/******************************************************************************/ -/* - shifts with subtractions when the result is greater than b. - - The method is slightly modified to shift B unconditionally upto just under - the leading bit of b. This saves alot of multiple precision shifting. -*/ -int32 mp_montgomery_calc_normalization (mp_int * a, mp_int * b) -{ - int32 x, bits, res; - -/* - How many bits of last digit does b use - */ - bits = mp_count_bits (b) % DIGIT_BIT; - - if (b->used > 1) { - if ((res = mp_2expt(a, (b->used - 1) * DIGIT_BIT + bits - 1)) != MP_OKAY) { - return res; - } - } else { - mp_set(a, 1); - bits = 1; - } - -/* - Now compute C = A * B mod b - */ - for (x = bits - 1; x < (int32)DIGIT_BIT; x++) { - if ((res = mp_mul_2(a, a)) != MP_OKAY) { - return res; - } - if (mp_cmp_mag(a, b) != MP_LT) { - if ((res = s_mp_sub(a, b, a)) != MP_OKAY) { - return res; - } - } - } - - return MP_OKAY; -} - -/******************************************************************************/ -/* - d = a * b (mod c) - */ -int32 mp_mulmod(psPool_t *pool, mp_int * a, mp_int * b, mp_int * c, mp_int * d) -{ - int32 res; - mp_int t; - - if ((res = mp_init(pool, &t)) != MP_OKAY) { - return res; - } - - if ((res = mp_mul (pool, a, b, &t)) != MP_OKAY) { - mp_clear (&t); - return res; - } - res = mp_mod (pool, &t, c, d); - mp_clear (&t); - return res; -} - -/******************************************************************************/ -/* - Computes b = a*a - */ -#ifdef USE_SMALL_WORD -int32 mp_sqr (psPool_t *pool, mp_int * a, mp_int * b) -{ - int32 res; - -/* - Can we use the fast comba multiplier? - */ - if ((a->used * 2 + 1) < MP_WARRAY && a->used < - (1 << (sizeof(mp_word) * CHAR_BIT - 2*DIGIT_BIT - 1))) { - res = fast_s_mp_sqr (pool, a, b); - } else { - res = s_mp_sqr (pool, a, b); - } - b->sign = MP_ZPOS; - return res; -} -#endif /* USE_SMALL_WORD */ - -/******************************************************************************/ -/* - Computes xR**-1 == x (mod N) via Montgomery Reduction. - - This is an optimized implementation of montgomery_reduce - which uses the comba method to quickly calculate the columns of the - reduction. - - Based on Algorithm 14.32 on pp.601 of HAC. -*/ - -int32 fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) -{ - int32 ix, res, olduse; - mp_word W[MP_WARRAY]; - -/* - Get old used count - */ - olduse = x->used; - -/* - Grow a as required - */ - if (x->alloc < n->used + 1) { - if ((res = mp_grow(x, n->used + 1)) != MP_OKAY) { - return res; - } - } - -/* - First we have to get the digits of the input into - an array of double precision words W[...] - */ - { - register mp_word *_W; - register mp_digit *tmpx; - -/* - Alias for the W[] array - */ - _W = W; - -/* - Alias for the digits of x - */ - tmpx = x->dp; - -/* - Copy the digits of a into W[0..a->used-1] - */ - for (ix = 0; ix < x->used; ix++) { - *_W++ = *tmpx++; - } - -/* - Zero the high words of W[a->used..m->used*2] - */ - for (; ix < n->used * 2 + 1; ix++) { - *_W++ = 0; - } - } - -/* - Now we proceed to zero successive digits from the least - significant upwards. - */ - for (ix = 0; ix < n->used; ix++) { -/* - mu = ai * m' mod b - - We avoid a double precision multiplication (which isn't required) by - casting the value down to a mp_digit. Note this requires that - W[ix-1] have the carry cleared (see after the inner loop) - */ - register mp_digit mu; - mu = (mp_digit) (((W[ix] & MP_MASK) * rho) & MP_MASK); - -/* - a = a + mu * m * b**i - - This is computed in place and on the fly. The multiplication by b**i - is handled by offseting which columns the results are added to. - - Note the comba method normally doesn't handle carries in the inner loop - In this case we fix the carry from the previous column since the - Montgomery reduction requires digits of the result (so far) [see above] - to work. This is handled by fixing up one carry after the inner loop. - The carry fixups are done in order so after these loops the first - m->used words of W[] have the carries fixed - */ - { - register int32 iy; - register mp_digit *tmpn; - register mp_word *_W; - -/* - Alias for the digits of the modulus - */ - tmpn = n->dp; - -/* - Alias for the columns set by an offset of ix - */ - _W = W + ix; - -/* - inner loop - */ - for (iy = 0; iy < n->used; iy++) { - *_W++ += ((mp_word)mu) * ((mp_word)*tmpn++); - } - } - -/* - Now fix carry for next digit, W[ix+1] - */ - W[ix + 1] += W[ix] >> ((mp_word) DIGIT_BIT); - } - -/* - Now we have to propagate the carries and shift the words downward [all those - least significant digits we zeroed]. - */ - { - register mp_digit *tmpx; - register mp_word *_W, *_W1; - -/* - Now fix rest of carries - */ - -/* - alias for current word - */ - _W1 = W + ix; - -/* - alias for next word, where the carry goes - */ - _W = W + ++ix; - - for (; ix <= n->used * 2 + 1; ix++) { - *_W++ += *_W1++ >> ((mp_word) DIGIT_BIT); - } - -/* - copy out, A = A/b**n - - The result is A/b**n but instead of converting from an - array of mp_word to mp_digit than calling mp_rshd - we just copy them in the right order - */ - -/* - alias for destination word - */ - tmpx = x->dp; - -/* - alias for shifted double precision result - */ - _W = W + n->used; - - for (ix = 0; ix < n->used + 1; ix++) { - *tmpx++ = (mp_digit)(*_W++ & ((mp_word) MP_MASK)); - } - -/* - zero oldused digits, if the input a was larger than - m->used+1 we'll have to clear the digits - */ - for (; ix < olduse; ix++) { - *tmpx++ = 0; - } - } - -/* - Set the max used and clamp - */ - x->used = n->used + 1; - mp_clamp(x); - -/* - if A >= m then A = A - m - */ - if (mp_cmp_mag(x, n) != MP_LT) { - return s_mp_sub(x, n, x); - } - return MP_OKAY; -} - -/******************************************************************************/ -/* - High level addition (handles signs) - */ -int32 mp_add (mp_int * a, mp_int * b, mp_int * c) -{ - int32 sa, sb, res; - -/* - Get sign of both inputs - */ - sa = a->sign; - sb = b->sign; - -/* - Handle two cases, not four. - */ - if (sa == sb) { -/* - Both positive or both negative. Add their magnitudes, copy the sign. - */ - c->sign = sa; - res = s_mp_add (a, b, c); - } else { -/* - One positive, the other negative. Subtract the one with the greater - magnitude from the one of the lesser magnitude. The result gets the sign of - the one with the greater magnitude. - */ - if (mp_cmp_mag (a, b) == MP_LT) { - c->sign = sb; - res = s_mp_sub (b, a, c); - } else { - c->sign = sa; - res = s_mp_sub (a, b, c); - } - } - return res; -} - -/******************************************************************************/ -/* - Compare a digit. - */ -int32 mp_cmp_d (mp_int * a, mp_digit b) -{ -/* - Compare based on sign - */ - if (a->sign == MP_NEG) { - return MP_LT; - } - -/* - Compare based on magnitude - */ - if (a->used > 1) { - return MP_GT; - } - -/* - Compare the only digit of a to b - */ - if (a->dp[0] > b) { - return MP_GT; - } else if (a->dp[0] < b) { - return MP_LT; - } else { - return MP_EQ; - } -} - -/******************************************************************************/ -/* - b = a/2 - */ -int32 mp_div_2 (mp_int * a, mp_int * b) -{ - int32 x, res, oldused; - -/* - Copy - */ - if (b->alloc < a->used) { - if ((res = mp_grow (b, a->used)) != MP_OKAY) { - return res; - } - } - - oldused = b->used; - b->used = a->used; - { - register mp_digit r, rr, *tmpa, *tmpb; - -/* - Source alias - */ - tmpa = a->dp + b->used - 1; - -/* - dest alias - */ - tmpb = b->dp + b->used - 1; - -/* - carry - */ - r = 0; - for (x = b->used - 1; x >= 0; x--) { -/* - Get the carry for the next iteration - */ - rr = *tmpa & 1; - -/* - Shift the current digit, add in carry and store - */ - *tmpb-- = (*tmpa-- >> 1) | (r << (DIGIT_BIT - 1)); -/* - Forward carry to next iteration - */ - r = rr; - } - -/* - Zero excess digits - */ - tmpb = b->dp + b->used; - for (x = b->used; x < oldused; x++) { - *tmpb++ = 0; - } - } - b->sign = a->sign; - mp_clamp (b); - return MP_OKAY; -} - -/******************************************************************************/ -/* - Computes xR**-1 == x (mod N) via Montgomery Reduction - */ -#ifdef USE_SMALL_WORD -int32 mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) -{ - int32 ix, res, digs; - mp_digit mu; - -/* Can the fast reduction [comba] method be used? - - Note that unlike in mul you're safely allowed *less* than the available - columns [255 per default] since carries are fixed up in the inner loop. - */ - digs = n->used * 2 + 1; - if ((digs < MP_WARRAY) && - n->used < - (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) { - return fast_mp_montgomery_reduce (x, n, rho); - } - -/* - Grow the input as required. - */ - if (x->alloc < digs) { - if ((res = mp_grow (x, digs)) != MP_OKAY) { - return res; - } - } - x->used = digs; - - for (ix = 0; ix < n->used; ix++) { -/* - mu = ai * rho mod b - - The value of rho must be precalculated via mp_montgomery_setup() - such that it equals -1/n0 mod b this allows the following inner - loop to reduce the input one digit at a time - */ - mu = (mp_digit)(((mp_word)x->dp[ix]) * ((mp_word)rho) & MP_MASK); - - /* a = a + mu * m * b**i */ - { - register int32 iy; - register mp_digit *tmpn, *tmpx, u; - register mp_word r; - -/* - alias for digits of the modulus - */ - tmpn = n->dp; - -/* - alias for the digits of x [the input] - */ - tmpx = x->dp + ix; - -/* - set the carry to zero - */ - u = 0; - -/* - Multiply and add in place - */ - for (iy = 0; iy < n->used; iy++) { - /* compute product and sum */ - r = ((mp_word)mu) * ((mp_word)*tmpn++) + - ((mp_word) u) + ((mp_word) * tmpx); - - /* get carry */ - u = (mp_digit)(r >> ((mp_word) DIGIT_BIT)); - - /* fix digit */ - *tmpx++ = (mp_digit)(r & ((mp_word) MP_MASK)); - } - /* At this point the ix'th digit of x should be zero */ - - -/* - propagate carries upwards as required - */ - while (u) { - *tmpx += u; - u = *tmpx >> DIGIT_BIT; - *tmpx++ &= MP_MASK; - } - } - } - -/* - At this point the n.used'th least significant digits of x are all zero - which means we can shift x to the right by n.used digits and the - residue is unchanged. -*/ - /* x = x/b**n.used */ - mp_clamp(x); - mp_rshd (x, n->used); - - /* if x >= n then x = x - n */ - if (mp_cmp_mag (x, n) != MP_LT) { - return s_mp_sub (x, n, x); - } - - return MP_OKAY; -} -#endif /* USE_SMALL_WORD */ - -/******************************************************************************/ -/* - Setups the montgomery reduction stuff. - */ -int32 mp_montgomery_setup (mp_int * n, mp_digit * rho) -{ - mp_digit x, b; - -/* - fast inversion mod 2**k - - Based on the fact that - - XA = 1 (mod 2**n) => (X(2-XA)) A = 1 (mod 2**2n) - => 2*X*A - X*X*A*A = 1 - => 2*(1) - (1) = 1 -*/ - b = n->dp[0]; - - if ((b & 1) == 0) { - return MP_VAL; - } - - x = (((b + 2) & 4) << 1) + b; /* here x*a==1 mod 2**4 */ - x = (x * (2 - b * x)) & MP_MASK; /* here x*a==1 mod 2**8 */ -#if !defined(MP_8BIT) - x = (x * (2 - b * x)) & MP_MASK; /* here x*a==1 mod 2**8 */ -#endif /* MP_8BIT */ -#if defined(MP_64BIT) || !(defined(MP_8BIT) || defined(MP_16BIT)) - x *= 2 - b * x; /* here x*a==1 mod 2**32 */ -#endif -#ifdef MP_64BIT - x *= 2 - b * x; /* here x*a==1 mod 2**64 */ -#endif /* MP_64BIT */ - - /* rho = -1/m mod b */ - *rho = (((mp_word) 1 << ((mp_word) DIGIT_BIT)) - x) & MP_MASK; - - return MP_OKAY; -} - -/******************************************************************************/ -/* - High level subtraction (handles signs) - */ -int32 mp_sub (mp_int * a, mp_int * b, mp_int * c) -{ - int32 sa, sb, res; - - sa = a->sign; - sb = b->sign; - - if (sa != sb) { -/* - Subtract a negative from a positive, OR subtract a positive from a - negative. In either case, ADD their magnitudes, and use the sign of - the first number. - */ - c->sign = sa; - res = s_mp_add (a, b, c); - } else { -/* - Subtract a positive from a positive, OR subtract a negative - from a negative. First, take the difference between their - magnitudes, then... - */ - if (mp_cmp_mag (a, b) != MP_LT) { -/* - Copy the sign from the first - */ - c->sign = sa; - /* The first has a larger or equal magnitude */ - res = s_mp_sub (a, b, c); - } else { -/* - The result has the *opposite* sign from the first number. - */ - c->sign = (sa == MP_ZPOS) ? MP_NEG : MP_ZPOS; -/* - The second has a larger magnitude - */ - res = s_mp_sub (b, a, c); - } - } - return res; -} - -/******************************************************************************/ -/* - calc a value mod 2**b - */ -int32 mp_mod_2d (mp_int * a, int32 b, mp_int * c) -{ - int32 x, res; - -/* - if b is <= 0 then zero the int32 - */ - if (b <= 0) { - mp_zero (c); - return MP_OKAY; - } - -/* - If the modulus is larger than the value than return - */ - if (b >=(int32) (a->used * DIGIT_BIT)) { - res = mp_copy (a, c); - return res; - } - - /* copy */ - if ((res = mp_copy (a, c)) != MP_OKAY) { - return res; - } - -/* - Zero digits above the last digit of the modulus - */ - for (x = (b / DIGIT_BIT) + ((b % DIGIT_BIT) == 0 ? 0 : 1); x < c->used; x++) { - c->dp[x] = 0; - } -/* - Clear the digit that is not completely outside/inside the modulus - */ - c->dp[b / DIGIT_BIT] &= - (mp_digit) ((((mp_digit) 1) << (((mp_digit) b) % DIGIT_BIT)) - ((mp_digit) 1)); - mp_clamp (c); - return MP_OKAY; -} - -/******************************************************************************/ -/* - Shift right a certain amount of digits. - */ -void mp_rshd (mp_int * a, int32 b) -{ - int32 x; - -/* - If b <= 0 then ignore it - */ - if (b <= 0) { - return; - } - -/* - If b > used then simply zero it and return. -*/ - if (a->used <= b) { - mp_zero (a); - return; - } - - { - register mp_digit *bottom, *top; - -/* - Shift the digits down - */ - /* bottom */ - bottom = a->dp; - - /* top [offset into digits] */ - top = a->dp + b; - -/* - This is implemented as a sliding window where the window is b-digits long - and digits from the top of the window are copied to the bottom. - - e.g. - - b-2 | b-1 | b0 | b1 | b2 | ... | bb | ----> - /\ | ----> - \-------------------/ ----> - */ - for (x = 0; x < (a->used - b); x++) { - *bottom++ = *top++; - } - -/* - Zero the top digits - */ - for (; x < a->used; x++) { - *bottom++ = 0; - } - } - -/* - Remove excess digits - */ - a->used -= b; -} - -/******************************************************************************/ -/* - Low level subtraction (assumes |a| > |b|), HAC pp.595 Algorithm 14.9 - */ -int32 s_mp_sub (mp_int * a, mp_int * b, mp_int * c) -{ - int32 olduse, res, min, max; - -/* - Find sizes - */ - min = b->used; - max = a->used; - -/* - init result - */ - if (c->alloc < max) { - if ((res = mp_grow (c, max)) != MP_OKAY) { - return res; - } - } - olduse = c->used; - c->used = max; - - { - register mp_digit u, *tmpa, *tmpb, *tmpc; - register int32 i; - -/* - alias for digit pointers - */ - tmpa = a->dp; - tmpb = b->dp; - tmpc = c->dp; - -/* - set carry to zero - */ - u = 0; - for (i = 0; i < min; i++) { - /* T[i] = A[i] - B[i] - U */ - *tmpc = *tmpa++ - *tmpb++ - u; - -/* - U = carry bit of T[i] - Note this saves performing an AND operation since if a carry does occur it - will propagate all the way to the MSB. As a result a single shift - is enough to get the carry - */ - u = *tmpc >> ((mp_digit)(CHAR_BIT * sizeof (mp_digit) - 1)); - - /* Clear carry from T[i] */ - *tmpc++ &= MP_MASK; - } - -/* - Now copy higher words if any, e.g. if A has more digits than B - */ - for (; i < max; i++) { - /* T[i] = A[i] - U */ - *tmpc = *tmpa++ - u; - - /* U = carry bit of T[i] */ - u = *tmpc >> ((mp_digit)(CHAR_BIT * sizeof (mp_digit) - 1)); - - /* Clear carry from T[i] */ - *tmpc++ &= MP_MASK; - } - -/* - Clear digits above used (since we may not have grown result above) - */ - for (i = c->used; i < olduse; i++) { - *tmpc++ = 0; - } - } - - mp_clamp (c); - return MP_OKAY; -} -/******************************************************************************/ -/* - integer signed division. - - c*b + d == a [e.g. a/b, c=quotient, d=remainder] - HAC pp.598 Algorithm 14.20 - - Note that the description in HAC is horribly incomplete. For example, - it doesn't consider the case where digits are removed from 'x' in the inner - loop. It also doesn't consider the case that y has fewer than three - digits, etc.. - - The overall algorithm is as described as 14.20 from HAC but fixed to - treat these cases. - */ -#ifdef MP_DIV_SMALL -int32 mp_div(psPool_t *pool, mp_int * a, mp_int * b, mp_int * c, mp_int * d) -{ - mp_int ta, tb, tq, q; - int32 res, n, n2; - -/* - is divisor zero ? - */ - if (mp_iszero (b) == 1) { - return MP_VAL; - } - -/* - if a < b then q=0, r = a - */ - if (mp_cmp_mag (a, b) == MP_LT) { - if (d != NULL) { - res = mp_copy (a, d); - } else { - res = MP_OKAY; - } - if (c != NULL) { - mp_zero (c); - } - return res; - } - -/* - init our temps - */ - if ((res = _mp_init_multi(pool, &ta, &tb, &tq, &q, NULL, NULL, NULL, NULL) != MP_OKAY)) { - return res; - } - -/* - tq = 2^n, tb == b*2^n - */ - mp_set(&tq, 1); - n = mp_count_bits(a) - mp_count_bits(b); - if (((res = mp_abs(a, &ta)) != MP_OKAY) || - ((res = mp_abs(b, &tb)) != MP_OKAY) || - ((res = mp_mul_2d(&tb, n, &tb)) != MP_OKAY) || - ((res = mp_mul_2d(&tq, n, &tq)) != MP_OKAY)) { - goto __ERR; - } -/* old - if (((res = mp_copy(a, &ta)) != MP_OKAY) || - ((res = mp_copy(b, &tb)) != MP_OKAY) || - ((res = mp_mul_2d(&tb, n, &tb)) != MP_OKAY) || - ((res = mp_mul_2d(&tq, n, &tq)) != MP_OKAY)) { - goto LBL_ERR; - } -*/ - while (n-- >= 0) { - if (mp_cmp(&tb, &ta) != MP_GT) { - if (((res = mp_sub(&ta, &tb, &ta)) != MP_OKAY) || - ((res = mp_add(&q, &tq, &q)) != MP_OKAY)) { - goto LBL_ERR; - } - } - if (((res = mp_div_2d(pool, &tb, 1, &tb, NULL)) != MP_OKAY) || - ((res = mp_div_2d(pool, &tq, 1, &tq, NULL)) != MP_OKAY)) { - goto LBL_ERR; - } - } - -/* - now q == quotient and ta == remainder - */ - n = a->sign; - n2 = (a->sign == b->sign ? MP_ZPOS : MP_NEG); - if (c != NULL) { - mp_exch(c, &q); - c->sign = (mp_iszero(c) == MP_YES) ? MP_ZPOS : n2; - } - if (d != NULL) { - mp_exch(d, &ta); - d->sign = (mp_iszero(d) == MP_YES) ? MP_ZPOS : n; - } -LBL_ERR: - _mp_clear_multi(&ta, &tb, &tq, &q, NULL, NULL, NULL, NULL); - return res; -} -#else /* MP_DIV_SMALL */ - -int32 mp_div(psPool_t *pool, mp_int * a, mp_int * b, mp_int * c, mp_int * d) -{ - mp_int q, x, y, t1, t2; - int32 res, n, t, i, norm, neg; - -/* - is divisor zero ? - */ - if (mp_iszero(b) == 1) { - return MP_VAL; - } - -/* - if a < b then q=0, r = a - */ - if (mp_cmp_mag(a, b) == MP_LT) { - if (d != NULL) { - res = mp_copy(a, d); - } else { - res = MP_OKAY; - } - if (c != NULL) { - mp_zero(c); - } - return res; - } - - if ((res = mp_init_size(pool, &q, a->used + 2)) != MP_OKAY) { - return res; - } - q.used = a->used + 2; - - if ((res = mp_init(pool, &t1)) != MP_OKAY) { - goto LBL_Q; - } - - if ((res = mp_init(pool, &t2)) != MP_OKAY) { - goto LBL_T1; - } - - if ((res = mp_init_copy(pool, &x, a)) != MP_OKAY) { - goto LBL_T2; - } - - if ((res = mp_init_copy(pool, &y, b)) != MP_OKAY) { - goto LBL_X; - } - -/* - fix the sign - */ - neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG; - x.sign = y.sign = MP_ZPOS; - -/* - normalize both x and y, ensure that y >= b/2, [b == 2**DIGIT_BIT] - */ - norm = mp_count_bits(&y) % DIGIT_BIT; - if (norm < (int32)(DIGIT_BIT-1)) { - norm = (DIGIT_BIT-1) - norm; - if ((res = mp_mul_2d(&x, norm, &x)) != MP_OKAY) { - goto LBL_Y; - } - if ((res = mp_mul_2d(&y, norm, &y)) != MP_OKAY) { - goto LBL_Y; - } - } else { - norm = 0; - } - -/* - note hac does 0 based, so if used==5 then its 0,1,2,3,4, e.g. use 4 - */ - n = x.used - 1; - t = y.used - 1; - -/* - while (x >= y*b**n-t) do { q[n-t] += 1; x -= y*b**{n-t} } - */ - if ((res = mp_lshd(&y, n - t)) != MP_OKAY) { /* y = y*b**{n-t} */ - goto LBL_Y; - } - - while (mp_cmp(&x, &y) != MP_LT) { - ++(q.dp[n - t]); - if ((res = mp_sub(&x, &y, &x)) != MP_OKAY) { - goto LBL_Y; - } - } - -/* - reset y by shifting it back down - */ - mp_rshd(&y, n - t); - -/* - step 3. for i from n down to (t + 1) - */ - for (i = n; i >= (t + 1); i--) { - if (i > x.used) { - continue; - } - -/* - step 3.1 if xi == yt then set q{i-t-1} to b-1, - otherwise set q{i-t-1} to (xi*b + x{i-1})/yt - */ - if (x.dp[i] == y.dp[t]) { - q.dp[i - t - 1] = ((((mp_digit)1) << DIGIT_BIT) - 1); - } else { - mp_word tmp; - tmp = ((mp_word) x.dp[i]) << ((mp_word) DIGIT_BIT); - tmp |= ((mp_word) x.dp[i - 1]); - tmp /= ((mp_word) y.dp[t]); - if (tmp > (mp_word) MP_MASK) { - tmp = MP_MASK; - } - q.dp[i - t - 1] = (mp_digit) (tmp & (mp_word) (MP_MASK)); - } - -/* - while (q{i-t-1} * (yt * b + y{t-1})) > - xi * b**2 + xi-1 * b + xi-2 - - do q{i-t-1} -= 1; - */ - q.dp[i - t - 1] = (q.dp[i - t - 1] + 1) & MP_MASK; - do { - q.dp[i - t - 1] = (q.dp[i - t - 1] - 1) & MP_MASK; - -/* - find left hand - */ - mp_zero (&t1); - t1.dp[0] = (t - 1 < 0) ? 0 : y.dp[t - 1]; - t1.dp[1] = y.dp[t]; - t1.used = 2; - if ((res = mp_mul_d (&t1, q.dp[i - t - 1], &t1)) != MP_OKAY) { - goto LBL_Y; - } - -/* - find right hand - */ - t2.dp[0] = (i - 2 < 0) ? 0 : x.dp[i - 2]; - t2.dp[1] = (i - 1 < 0) ? 0 : x.dp[i - 1]; - t2.dp[2] = x.dp[i]; - t2.used = 3; - } while (mp_cmp_mag(&t1, &t2) == MP_GT); - -/* - step 3.3 x = x - q{i-t-1} * y * b**{i-t-1} - */ - if ((res = mp_mul_d(&y, q.dp[i - t - 1], &t1)) != MP_OKAY) { - goto LBL_Y; - } - - if ((res = mp_lshd(&t1, i - t - 1)) != MP_OKAY) { - goto LBL_Y; - } - - if ((res = mp_sub(&x, &t1, &x)) != MP_OKAY) { - goto LBL_Y; - } - -/* - if x < 0 then { x = x + y*b**{i-t-1}; q{i-t-1} -= 1; } - */ - if (x.sign == MP_NEG) { - if ((res = mp_copy(&y, &t1)) != MP_OKAY) { - goto LBL_Y; - } - if ((res = mp_lshd (&t1, i - t - 1)) != MP_OKAY) { - goto LBL_Y; - } - if ((res = mp_add (&x, &t1, &x)) != MP_OKAY) { - goto LBL_Y; - } - - q.dp[i - t - 1] = (q.dp[i - t - 1] - 1UL) & MP_MASK; - } - } - -/* - now q is the quotient and x is the remainder - [which we have to normalize] - */ - -/* - get sign before writing to c - */ - x.sign = x.used == 0 ? MP_ZPOS : a->sign; - - if (c != NULL) { - mp_clamp(&q); - mp_exch(&q, c); - c->sign = neg; - } - - if (d != NULL) { - mp_div_2d(pool, &x, norm, &x, NULL); - mp_exch(&x, d); - } - - res = MP_OKAY; - -LBL_Y:mp_clear (&y); -LBL_X:mp_clear (&x); -LBL_T2:mp_clear (&t2); -LBL_T1:mp_clear (&t1); -LBL_Q:mp_clear (&q); - return res; -} -#endif /* MP_DIV_SMALL */ - -/******************************************************************************/ -/* - multiplies |a| * |b| and only computes upto digs digits of result - HAC pp. 595, Algorithm 14.12 Modified so you can control how many digits - of output are created. - */ -#ifdef USE_SMALL_WORD -int32 s_mp_mul_digs(psPool_t *pool, mp_int * a, mp_int * b, mp_int * c, int32 digs) -{ - mp_int t; - int32 res, pa, pb, ix, iy; - mp_digit u; - mp_word r; - mp_digit tmpx, *tmpt, *tmpy; - -/* - Can we use the fast multiplier? - */ - if (((digs) < MP_WARRAY) && - MIN (a->used, b->used) < - (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) { - return fast_s_mp_mul_digs (pool, a, b, c, digs); - } - - if ((res = mp_init_size(pool, &t, digs)) != MP_OKAY) { - return res; - } - t.used = digs; - -/* - Compute the digits of the product directly - */ - pa = a->used; - for (ix = 0; ix < pa; ix++) { - /* set the carry to zero */ - u = 0; - -/* - Limit ourselves to making digs digits of output. -*/ - pb = MIN (b->used, digs - ix); - -/* - Setup some aliases. Copy of the digit from a used - within the nested loop - */ - tmpx = a->dp[ix]; - -/* - An alias for the destination shifted ix places - */ - tmpt = t.dp + ix; - -/* - An alias for the digits of b - */ - tmpy = b->dp; - -/* - Compute the columns of the output and propagate the carry - */ - for (iy = 0; iy < pb; iy++) { - /* compute the column as a mp_word */ - r = ((mp_word)*tmpt) + - ((mp_word)tmpx) * ((mp_word)*tmpy++) + - ((mp_word) u); - - /* the new column is the lower part of the result */ - *tmpt++ = (mp_digit) (r & ((mp_word) MP_MASK)); - - /* get the carry word from the result */ - u = (mp_digit) (r >> ((mp_word) DIGIT_BIT)); - } -/* - Set carry if it is placed below digs - */ - if (ix + iy < digs) { - *tmpt = u; - } - } - - mp_clamp (&t); - mp_exch (&t, c); - - mp_clear (&t); - return MP_OKAY; -} -#endif /* USE_SMALL_WORD */ - -/******************************************************************************/ -/* - Fast (comba) multiplier - - This is the fast column-array [comba] multiplier. It is designed to - compute the columns of the product first then handle the carries afterwards. - This has the effect of making the nested loops that compute the columns - very simple and schedulable on super-scalar processors. - - This has been modified to produce a variable number of digits of output so - if say only a half-product is required you don't have to compute the upper - half (a feature required for fast Barrett reduction). - - Based on Algorithm 14.12 on pp.595 of HAC. -*/ - -int32 fast_s_mp_mul_digs(psPool_t *pool, mp_int * a, mp_int * b, mp_int * c, - int32 digs) -{ - int32 olduse, res, pa, ix, iz, neg; - mp_digit W[MP_WARRAY]; - register mp_word _W; - - neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG; - -/* - grow the destination as required - */ - if (c->alloc < digs) { - if ((res = mp_grow(c, digs)) != MP_OKAY) { - return res; - } - } - -/* - number of output digits to produce - */ - pa = MIN(digs, a->used + b->used); - -/* - clear the carry - */ - _W = 0; - for (ix = 0; ix < pa; ix++) { - int32 tx, ty; - int32 iy; - mp_digit *tmpx, *tmpy; - -/* - get offsets into the two bignums - */ - ty = MIN(b->used-1, ix); - tx = ix - ty; - -/* - setup temp aliases - */ - tmpx = a->dp + tx; - tmpy = b->dp + ty; - -/* - this is the number of times the loop will iterrate, essentially its - while (tx++ < a->used && ty-- >= 0) { ... } - */ - iy = MIN(a->used-tx, ty+1); - -/* - execute loop - */ - for (iz = 0; iz < iy; ++iz) { - _W += ((mp_word)*tmpx++)*((mp_word)*tmpy--); - } - -/* - store term - */ - W[ix] = (mp_digit)(_W & MP_MASK); - -/* - make next carry - */ - _W = _W >> ((mp_word)DIGIT_BIT); - } - -/* - store final carry - */ - W[ix] = (mp_digit)(_W & MP_MASK); - -/* - setup dest - */ - olduse = c->used; - c->used = pa; - - { - register mp_digit *tmpc; - tmpc = c->dp; - for (ix = 0; ix < pa+1; ix++) { -/* - now extract the previous digit [below the carry] - */ - *tmpc++ = W[ix]; - } - -/* - clear unused digits [that existed in the old copy of c] - */ - for (; ix < olduse; ix++) { - *tmpc++ = 0; - } - } - mp_clamp (c); - c->sign = (c->used > 0) ? neg : MP_ZPOS; - return MP_OKAY; -} - -/******************************************************************************/ -/* - b = a*2 - */ -int32 mp_mul_2 (mp_int * a, mp_int * b) -{ - int32 x, res, oldused; - -/* - grow to accomodate result - */ - if (b->alloc < a->used + 1) { - if ((res = mp_grow (b, a->used + 1)) != MP_OKAY) { - return res; - } - } - - oldused = b->used; - b->used = a->used; - - { - register mp_digit r, rr, *tmpa, *tmpb; - - /* alias for source */ - tmpa = a->dp; - - /* alias for dest */ - tmpb = b->dp; - - /* carry */ - r = 0; - for (x = 0; x < a->used; x++) { - -/* - get what will be the *next* carry bit from the MSB of the - current digit - */ - rr = *tmpa >> ((mp_digit)(DIGIT_BIT - 1)); - -/* - now shift up this digit, add in the carry [from the previous] - */ - *tmpb++ = ((*tmpa++ << ((mp_digit)1)) | r) & MP_MASK; - -/* copy the carry that would be from the source digit into the next - iteration - */ - r = rr; - } - -/* - new leading digit? - */ - if (r != 0) { -/* - add a MSB which is always 1 at this point - */ - *tmpb = 1; - ++(b->used); - } - -/* - now zero any excess digits on the destination that we didn't write to - */ - tmpb = b->dp + b->used; - for (x = b->used; x < oldused; x++) { - *tmpb++ = 0; - } - } - b->sign = a->sign; - return MP_OKAY; -} - -/******************************************************************************/ -/* - multiply by a digit - */ -int32 mp_mul_d(mp_int * a, mp_digit b, mp_int * c) -{ - mp_digit u, *tmpa, *tmpc; - mp_word r; - int32 ix, res, olduse; - -/* - make sure c is big enough to hold a*b - */ - if (c->alloc < a->used + 1) { - if ((res = mp_grow (c, a->used + 1)) != MP_OKAY) { - return res; - } - } - -/* - get the original destinations used count - */ - olduse = c->used; - -/* - set the sign - */ - c->sign = a->sign; - -/* - alias for a->dp [source] - */ - tmpa = a->dp; - -/* - alias for c->dp [dest] - */ - tmpc = c->dp; - - /* zero carry */ - u = 0; - - /* compute columns */ - for (ix = 0; ix < a->used; ix++) { -/* - compute product and carry sum for this term - */ - r = ((mp_word) u) + ((mp_word)*tmpa++) * ((mp_word)b); - -/* - mask off higher bits to get a single digit - */ - *tmpc++ = (mp_digit) (r & ((mp_word) MP_MASK)); - -/* - send carry into next iteration - */ - u = (mp_digit) (r >> ((mp_word) DIGIT_BIT)); - } - -/* - store final carry [if any] and increment ix offset - */ - *tmpc++ = u; - ++ix; - -/* - now zero digits above the top - */ - while (ix++ < olduse) { - *tmpc++ = 0; - } - - /* set used count */ - c->used = a->used + 1; - mp_clamp(c); - - return MP_OKAY; -} - -/******************************************************************************/ -/* - low level squaring, b = a*a, HAC pp.596-597, Algorithm 14.16 - */ -#ifdef USE_SMALL_WORD -int32 s_mp_sqr (psPool_t *pool, mp_int * a, mp_int * b) -{ - mp_int t; - int32 res, ix, iy, pa; - mp_word r; - mp_digit u, tmpx, *tmpt; - - pa = a->used; - if ((res = mp_init_size(pool, &t, 2*pa + 1)) != MP_OKAY) { - return res; - } - -/* - default used is maximum possible size - */ - t.used = 2*pa + 1; - - for (ix = 0; ix < pa; ix++) { -/* - first calculate the digit at 2*ix - calculate double precision result - */ - r = ((mp_word) t.dp[2*ix]) + - ((mp_word)a->dp[ix])*((mp_word)a->dp[ix]); - -/* - store lower part in result - */ - t.dp[ix+ix] = (mp_digit) (r & ((mp_word) MP_MASK)); - -/* - get the carry - */ - u = (mp_digit)(r >> ((mp_word) DIGIT_BIT)); - -/* - left hand side of A[ix] * A[iy] - */ - tmpx = a->dp[ix]; - -/* - alias for where to store the results - */ - tmpt = t.dp + (2*ix + 1); - - for (iy = ix + 1; iy < pa; iy++) { -/* - first calculate the product - */ - r = ((mp_word)tmpx) * ((mp_word)a->dp[iy]); - -/* - now calculate the double precision result, note we use addition - instead of *2 since it's easier to optimize - */ - r = ((mp_word) *tmpt) + r + r + ((mp_word) u); - -/* - store lower part - */ - *tmpt++ = (mp_digit) (r & ((mp_word) MP_MASK)); - - /* get carry */ - u = (mp_digit)(r >> ((mp_word) DIGIT_BIT)); - } - /* propagate upwards */ - while (u != ((mp_digit) 0)) { - r = ((mp_word) *tmpt) + ((mp_word) u); - *tmpt++ = (mp_digit) (r & ((mp_word) MP_MASK)); - u = (mp_digit)(r >> ((mp_word) DIGIT_BIT)); - } - } - - mp_clamp (&t); - mp_exch (&t, b); - mp_clear (&t); - return MP_OKAY; -} -#endif /* USE_SMALL_WORD */ - -/******************************************************************************/ -/* - fast squaring - - This is the comba method where the columns of the product are computed - first then the carries are computed. This has the effect of making a very - simple inner loop that is executed the most - - W2 represents the outer products and W the inner. - - A further optimizations is made because the inner products are of the - form "A * B * 2". The *2 part does not need to be computed until the end - which is good because 64-bit shifts are slow! - - Based on Algorithm 14.16 on pp.597 of HAC. - - This is the 1.0 version, but no SSE stuff -*/ -int32 fast_s_mp_sqr(psPool_t *pool, mp_int * a, mp_int * b) -{ - int32 olduse, res, pa, ix, iz; - mp_digit W[MP_WARRAY], *tmpx; - mp_word W1; - -/* - grow the destination as required - */ - pa = a->used + a->used; - if (b->alloc < pa) { - if ((res = mp_grow(b, pa)) != MP_OKAY) { - return res; - } - } - -/* - number of output digits to produce - */ - W1 = 0; - for (ix = 0; ix < pa; ix++) { - int32 tx, ty, iy; - mp_word _W; - mp_digit *tmpy; - -/* - clear counter - */ - _W = 0; - -/* - get offsets into the two bignums - */ - ty = MIN(a->used-1, ix); - tx = ix - ty; - -/* - setup temp aliases - */ - tmpx = a->dp + tx; - tmpy = a->dp + ty; - -/* - this is the number of times the loop will iterrate, essentially - while (tx++ < a->used && ty-- >= 0) { ... } -*/ - iy = MIN(a->used-tx, ty+1); - -/* - now for squaring tx can never equal ty - we halve the distance since they approach at a rate of 2x - and we have to round because odd cases need to be executed -*/ - iy = MIN(iy, (ty-tx+1)>>1); - -/* - execute loop - */ - for (iz = 0; iz < iy; iz++) { - _W += ((mp_word)*tmpx++)*((mp_word)*tmpy--); - } - -/* - double the inner product and add carry - */ - _W = _W + _W + W1; - -/* - even columns have the square term in them - */ - if ((ix&1) == 0) { - _W += ((mp_word)a->dp[ix>>1])*((mp_word)a->dp[ix>>1]); - } - -/* - store it - */ - W[ix] = (mp_digit)(_W & MP_MASK); - -/* - make next carry - */ - W1 = _W >> ((mp_word)DIGIT_BIT); - } - -/* - setup dest - */ - olduse = b->used; - b->used = a->used+a->used; - - { - mp_digit *tmpb; - tmpb = b->dp; - for (ix = 0; ix < pa; ix++) { - *tmpb++ = W[ix] & MP_MASK; - } - -/* - clear unused digits [that existed in the old copy of c] - */ - for (; ix < olduse; ix++) { - *tmpb++ = 0; - } - } - mp_clamp(b); - return MP_OKAY; -} - -/******************************************************************************/ -/* - computes a = 2**b - - Simple algorithm which zeroes the int32, grows it then just sets one bit - as required. - */ -int32 mp_2expt (mp_int * a, int32 b) -{ - int32 res; - -/* - zero a as per default - */ - mp_zero (a); - -/* - grow a to accomodate the single bit - */ - if ((res = mp_grow (a, b / DIGIT_BIT + 1)) != MP_OKAY) { - return res; - } - -/* - set the used count of where the bit will go - */ - a->used = b / DIGIT_BIT + 1; - -/* - put the single bit in its place - */ - a->dp[b / DIGIT_BIT] = ((mp_digit)1) << (b % DIGIT_BIT); - - return MP_OKAY; -} - -/******************************************************************************/ -/* - init an mp_init for a given size - */ -int32 mp_init_size(psPool_t *pool, mp_int * a, int32 size) -{ - int x; -/* - pad size so there are always extra digits - */ - size += (MP_PREC * 2) - (size % MP_PREC); - -/* - alloc mem - */ - a->dp = OPT_CAST(mp_digit) psMalloc(pool, sizeof (mp_digit) * size); - if (a->dp == NULL) { - return MP_MEM; - } - a->used = 0; - a->alloc = size; - a->sign = MP_ZPOS; - -/* - zero the digits - */ - for (x = 0; x < size; x++) { - a->dp[x] = 0; - } - return MP_OKAY; -} - -/******************************************************************************/ -/* - low level addition, based on HAC pp.594, Algorithm 14.7 - */ -int32 s_mp_add (mp_int * a, mp_int * b, mp_int * c) -{ - mp_int *x; - int32 olduse, res, min, max; - -/* - find sizes, we let |a| <= |b| which means we have to sort them. "x" will - point to the input with the most digits - */ - if (a->used > b->used) { - min = b->used; - max = a->used; - x = a; - } else { - min = a->used; - max = b->used; - x = b; - } - - /* init result */ - if (c->alloc < max + 1) { - if ((res = mp_grow (c, max + 1)) != MP_OKAY) { - return res; - } - } - -/* - get old used digit count and set new one - */ - olduse = c->used; - c->used = max + 1; - - { - register mp_digit u, *tmpa, *tmpb, *tmpc; - register int32 i; - - /* alias for digit pointers */ - - /* first input */ - tmpa = a->dp; - - /* second input */ - tmpb = b->dp; - - /* destination */ - tmpc = c->dp; - - /* zero the carry */ - u = 0; - for (i = 0; i < min; i++) { -/* - Compute the sum at one digit, T[i] = A[i] + B[i] + U - */ - *tmpc = *tmpa++ + *tmpb++ + u; - -/* - U = carry bit of T[i] - */ - u = *tmpc >> ((mp_digit)DIGIT_BIT); - -/* - take away carry bit from T[i] - */ - *tmpc++ &= MP_MASK; - } - -/* - now copy higher words if any, that is in A+B if A or B has more digits add - those in - */ - if (min != max) { - for (; i < max; i++) { - /* T[i] = X[i] + U */ - *tmpc = x->dp[i] + u; - - /* U = carry bit of T[i] */ - u = *tmpc >> ((mp_digit)DIGIT_BIT); - - /* take away carry bit from T[i] */ - *tmpc++ &= MP_MASK; - } - } - - /* add carry */ - *tmpc++ = u; - -/* - clear digits above oldused - */ - for (i = c->used; i < olduse; i++) { - *tmpc++ = 0; - } - } - - mp_clamp (c); - return MP_OKAY; -} - -/******************************************************************************/ -/* - FUTURE - this is only needed by the SSH code, SLOW or not, because RSA - exponents are always odd. -*/ -int32 mp_invmodSSH(psPool_t *pool, mp_int * a, mp_int * b, mp_int * c) -{ - mp_int x, y, u, v, A, B, C, D; - int32 res; - -/* - b cannot be negative - */ - if (b->sign == MP_NEG || mp_iszero(b) == 1) { - return MP_VAL; - } - -/* - if the modulus is odd we can use a faster routine instead - */ - if (mp_isodd (b) == 1) { - return fast_mp_invmod(pool, a, b, c); - } - -/* - init temps - */ - if ((res = _mp_init_multi(pool, &x, &y, &u, &v, - &A, &B, &C, &D)) != MP_OKAY) { - return res; - } - - /* x = a, y = b */ - if ((res = mp_copy(a, &x)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_copy(b, &y)) != MP_OKAY) { - goto LBL_ERR; - } - -/* - 2. [modified] if x,y are both even then return an error! - */ - if (mp_iseven(&x) == 1 && mp_iseven (&y) == 1) { - res = MP_VAL; - goto LBL_ERR; - } - -/* - 3. u=x, v=y, A=1, B=0, C=0,D=1 - */ - if ((res = mp_copy(&x, &u)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_copy(&y, &v)) != MP_OKAY) { - goto LBL_ERR; - } - mp_set (&A, 1); - mp_set (&D, 1); - -top: -/* - 4. while u is even do - */ - while (mp_iseven(&u) == 1) { - /* 4.1 u = u/2 */ - if ((res = mp_div_2(&u, &u)) != MP_OKAY) { - goto LBL_ERR; - } - /* 4.2 if A or B is odd then */ - if (mp_isodd (&A) == 1 || mp_isodd (&B) == 1) { - /* A = (A+y)/2, B = (B-x)/2 */ - if ((res = mp_add(&A, &y, &A)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_sub(&B, &x, &B)) != MP_OKAY) { - goto LBL_ERR; - } - } - /* A = A/2, B = B/2 */ - if ((res = mp_div_2(&A, &A)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_div_2(&B, &B)) != MP_OKAY) { - goto LBL_ERR; - } - } - -/* - 5. while v is even do - */ - while (mp_iseven(&v) == 1) { - /* 5.1 v = v/2 */ - if ((res = mp_div_2(&v, &v)) != MP_OKAY) { - goto LBL_ERR; - } - /* 5.2 if C or D is odd then */ - if (mp_isodd(&C) == 1 || mp_isodd (&D) == 1) { - /* C = (C+y)/2, D = (D-x)/2 */ - if ((res = mp_add(&C, &y, &C)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_sub(&D, &x, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - /* C = C/2, D = D/2 */ - if ((res = mp_div_2(&C, &C)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_div_2(&D, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - -/* - 6. if u >= v then - */ - if (mp_cmp(&u, &v) != MP_LT) { - /* u = u - v, A = A - C, B = B - D */ - if ((res = mp_sub(&u, &v, &u)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sub(&A, &C, &A)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sub(&B, &D, &B)) != MP_OKAY) { - goto LBL_ERR; - } - } else { - /* v - v - u, C = C - A, D = D - B */ - if ((res = mp_sub(&v, &u, &v)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sub(&C, &A, &C)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sub(&D, &B, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - -/* - if not zero goto step 4 - */ - if (mp_iszero(&u) == 0) - goto top; - -/* - now a = C, b = D, gcd == g*v - */ - -/* - if v != 1 then there is no inverse - */ - if (mp_cmp_d(&v, 1) != MP_EQ) { - res = MP_VAL; - goto LBL_ERR; - } - -/* - if its too low - */ - while (mp_cmp_d(&C, 0) == MP_LT) { - if ((res = mp_add(&C, b, &C)) != MP_OKAY) { - goto LBL_ERR; - } - } - -/* - too big - */ - while (mp_cmp_mag(&C, b) != MP_LT) { - if ((res = mp_sub(&C, b, &C)) != MP_OKAY) { - goto LBL_ERR; - } - } - -/* - C is now the inverse - */ - mp_exch(&C, c); - res = MP_OKAY; -LBL_ERR:_mp_clear_multi(&x, &y, &u, &v, &A, &B, &C, &D); - return res; -} - -/******************************************************************************/ - -/* - * Computes the modular inverse via binary extended euclidean algorithm, - * that is c = 1/a mod b - * - * Based on slow invmod except this is optimized for the case where b is - * odd as per HAC Note 14.64 on pp. 610 - */ -int32 fast_mp_invmod(psPool_t *pool, mp_int * a, mp_int * b, mp_int * c) -{ - mp_int x, y, u, v, B, D; - int32 res, neg; - -/* - 2. [modified] b must be odd - */ - if (mp_iseven (b) == 1) { - return MP_VAL; - } - -/* - init all our temps - */ - if ((res = _mp_init_multi(pool, &x, &y, &u, &v, &B, &D, NULL, NULL)) != MP_OKAY) { - return res; - } - -/* - x == modulus, y == value to invert - */ - if ((res = mp_copy(b, &x)) != MP_OKAY) { - goto LBL_ERR; - } - -/* - we need y = |a| - */ - if ((res = mp_mod(pool, a, b, &y)) != MP_OKAY) { - goto LBL_ERR; - } - -/* - 3. u=x, v=y, A=1, B=0, C=0,D=1 - */ - if ((res = mp_copy(&x, &u)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_copy(&y, &v)) != MP_OKAY) { - goto LBL_ERR; - } - mp_set(&D, 1); - -top: -/* - 4. while u is even do -*/ - while (mp_iseven(&u) == 1) { - /* 4.1 u = u/2 */ - if ((res = mp_div_2(&u, &u)) != MP_OKAY) { - goto LBL_ERR; - } - /* 4.2 if B is odd then */ - if (mp_isodd(&B) == 1) { - if ((res = mp_sub(&B, &x, &B)) != MP_OKAY) { - goto LBL_ERR; - } - } - /* B = B/2 */ - if ((res = mp_div_2(&B, &B)) != MP_OKAY) { - goto LBL_ERR; - } - } - -/* - 5. while v is even do - */ - while (mp_iseven(&v) == 1) { - /* 5.1 v = v/2 */ - if ((res = mp_div_2(&v, &v)) != MP_OKAY) { - goto LBL_ERR; - } - /* 5.2 if D is odd then */ - if (mp_isodd(&D) == 1) { - /* D = (D-x)/2 */ - if ((res = mp_sub(&D, &x, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - /* D = D/2 */ - if ((res = mp_div_2(&D, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - -/* - 6. if u >= v then - */ - if (mp_cmp(&u, &v) != MP_LT) { - /* u = u - v, B = B - D */ - if ((res = mp_sub(&u, &v, &u)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sub(&B, &D, &B)) != MP_OKAY) { - goto LBL_ERR; - } - } else { - /* v - v - u, D = D - B */ - if ((res = mp_sub(&v, &u, &v)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sub(&D, &B, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - -/* - if not zero goto step 4 - */ - if (mp_iszero(&u) == 0) { - goto top; - } - -/* - now a = C, b = D, gcd == g*v - */ - -/* - if v != 1 then there is no inverse - */ - if (mp_cmp_d(&v, 1) != MP_EQ) { - res = MP_VAL; - goto LBL_ERR; - } - -/* - b is now the inverse - */ - neg = a->sign; - while (D.sign == MP_NEG) { - if ((res = mp_add(&D, b, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - mp_exch(&D, c); - c->sign = neg; - res = MP_OKAY; - -LBL_ERR:_mp_clear_multi(&x, &y, &u, &v, &B, &D, NULL, NULL); - return res; -} - -/******************************************************************************/ -/* - d = a + b (mod c) - */ -int32 mp_addmod (psPool_t *pool, mp_int * a, mp_int * b, mp_int * c, mp_int * d) -{ - int32 res; - mp_int t; - - if ((res = mp_init(pool, &t)) != MP_OKAY) { - return res; - } - - if ((res = mp_add (a, b, &t)) != MP_OKAY) { - mp_clear (&t); - return res; - } - res = mp_mod (pool, &t, c, d); - mp_clear (&t); - return res; -} - -/******************************************************************************/ -/* - shrink a bignum - */ -int32 mp_shrink (mp_int * a) -{ - mp_digit *tmp; - - if (a->alloc != a->used && a->used > 0) { - if ((tmp = psRealloc(a->dp, sizeof (mp_digit) * a->used)) == NULL) { - return MP_MEM; - } - a->dp = tmp; - a->alloc = a->used; - } - return MP_OKAY; -} - -/* single digit subtraction */ -int32 mp_sub_d (mp_int * a, mp_digit b, mp_int * c) -{ - mp_digit *tmpa, *tmpc, mu; - int32 res, ix, oldused; - - /* grow c as required */ - if (c->alloc < a->used + 1) { - if ((res = mp_grow(c, a->used + 1)) != MP_OKAY) { - return res; - } - } - - /* if a is negative just do an unsigned - * addition [with fudged signs] - */ - if (a->sign == MP_NEG) { - a->sign = MP_ZPOS; - res = mp_add_d(a, b, c); - a->sign = c->sign = MP_NEG; - return res; - } - - /* setup regs */ - oldused = c->used; - tmpa = a->dp; - tmpc = c->dp; - - /* if a <= b simply fix the single digit */ - if ((a->used == 1 && a->dp[0] <= b) || a->used == 0) { - if (a->used == 1) { - *tmpc++ = b - *tmpa; - } else { - *tmpc++ = b; - } - ix = 1; - - /* negative/1digit */ - c->sign = MP_NEG; - c->used = 1; - } else { - /* positive/size */ - c->sign = MP_ZPOS; - c->used = a->used; - - /* subtract first digit */ - *tmpc = *tmpa++ - b; - mu = *tmpc >> (sizeof(mp_digit) * CHAR_BIT - 1); - *tmpc++ &= MP_MASK; - - /* handle rest of the digits */ - for (ix = 1; ix < a->used; ix++) { - *tmpc = *tmpa++ - mu; - mu = *tmpc >> (sizeof(mp_digit) * CHAR_BIT - 1); - *tmpc++ &= MP_MASK; - } - } - - /* zero excess digits */ - while (ix++ < oldused) { - *tmpc++ = 0; - } - mp_clamp(c); - return MP_OKAY; -} - -/* single digit addition */ -int32 mp_add_d (mp_int * a, mp_digit b, mp_int * c) -{ - int32 res, ix, oldused; - mp_digit *tmpa, *tmpc, mu; - - /* grow c as required */ - if (c->alloc < a->used + 1) { - if ((res = mp_grow(c, a->used + 1)) != MP_OKAY) { - return res; - } - } - - /* if a is negative and |a| >= b, call c = |a| - b */ - if (a->sign == MP_NEG && (a->used > 1 || a->dp[0] >= b)) { - /* temporarily fix sign of a */ - a->sign = MP_ZPOS; - - /* c = |a| - b */ - res = mp_sub_d(a, b, c); - - /* fix sign */ - a->sign = c->sign = MP_NEG; - return res; - } - - /* old number of used digits in c */ - oldused = c->used; - - /* sign always positive */ - c->sign = MP_ZPOS; - - /* source alias */ - tmpa = a->dp; - - /* destination alias */ - tmpc = c->dp; - - /* if a is positive */ - if (a->sign == MP_ZPOS) { - /* add digit, after this we're propagating the carry */ - *tmpc = *tmpa++ + b; - mu = *tmpc >> DIGIT_BIT; - *tmpc++ &= MP_MASK; - - /* now handle rest of the digits */ - for (ix = 1; ix < a->used; ix++) { - *tmpc = *tmpa++ + mu; - mu = *tmpc >> DIGIT_BIT; - *tmpc++ &= MP_MASK; - } - /* set final carry */ - ix++; - *tmpc++ = mu; - - /* setup size */ - c->used = a->used + 1; - } else { - /* a was negative and |a| < b */ - c->used = 1; - - /* the result is a single digit */ - if (a->used == 1) { - *tmpc++ = b - a->dp[0]; - } else { - *tmpc++ = b; - } - - /* setup count so the clearing of oldused - * can fall through correctly - */ - ix = 1; - } - - /* now zero to oldused */ - while (ix++ < oldused) { - *tmpc++ = 0; - } - mp_clamp(c); - return MP_OKAY; -} - - -/******************************************************************************/ - -#endif /* USE_MPI2 */ diff --git a/release/src/router/matrixssl/src/crypto/peersec/mpi.h b/release/src/router/matrixssl/src/crypto/peersec/mpi.h deleted file mode 100644 index 3b1f2d07..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/mpi.h +++ /dev/null @@ -1,476 +0,0 @@ -/* - * mpi.h - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * multiple-precision integer library - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - - -#ifndef _h_MPI -#define _h_MPI - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <ctype.h> -#include <limits.h> - -#undef MIN -#define MIN(x,y) ((x)<(y)?(x):(y)) -#undef MAX -#define MAX(x,y) ((x)>(y)?(x):(y)) - -#ifdef __cplusplus -extern "C" { - - -/* - C++ compilers don't like assigning void * to mp_digit * - */ -#define OPT_CAST(x) (x *) - -#else - -/* - C on the other hand doesn't care - */ -#define OPT_CAST(x) - -#endif /* __cplusplus */ - -/******************************************************************************/ -/* - some default configurations. - - A "mp_digit" must be able to hold DIGIT_BIT + 1 bits - A "mp_word" must be able to hold 2*DIGIT_BIT + 1 bits - - At the very least a mp_digit must be able to hold 7 bits - [any size beyond that is ok provided it doesn't overflow the data type] - */ -#ifdef MP_8BIT - typedef unsigned char mp_digit; - typedef unsigned short mp_word; -#elif defined(MP_16BIT) - typedef unsigned short mp_digit; - typedef unsigned long mp_word; -#elif defined(MP_64BIT) -/* - for GCC only on supported platforms - */ - #ifndef CRYPT - typedef unsigned long long ulong64; - typedef signed long long long64; - #endif /* CRYPT */ - - typedef ulong64 mp_digit; - typedef unsigned long mp_word __attribute__ ((mode(TI))); - - #define DIGIT_BIT 60 -#else /* MP_8BIT */ -/* - this is the default case, 28-bit digits - */ - #ifndef CRYPT - #if defined(_MSC_VER) || defined(__BORLANDC__) - typedef unsigned __int64 ulong64; - typedef signed __int64 long64; - #else - typedef unsigned long long ulong64; - typedef signed long long long64; - #endif - #endif /* CRYPT */ - - typedef unsigned long mp_digit; - typedef ulong64 mp_word; - - #ifdef MP_31BIT -/* - this is an extension that uses 31-bit digits - */ - #define DIGIT_BIT 31 - #else /* MP_31BIT */ -/* - default case is 28-bit digits, defines MP_28BIT as a handy macro to test - */ - #define DIGIT_BIT 28 - #define MP_28BIT - #endif /* MP_31BIT */ -#endif /* MP_8BIT */ - -/* - otherwise the bits per digit is calculated automatically from the size of - a mp_digit - */ -#ifndef DIGIT_BIT - #define DIGIT_BIT ((int32)((CHAR_BIT * sizeof(mp_digit) - 1))) /* bits per digit */ -#endif /* DIGIT_BIT */ - -#define MP_DIGIT_BIT DIGIT_BIT -#define MP_MASK ((((mp_digit)1)<<((mp_digit)DIGIT_BIT))-((mp_digit)1)) -#define MP_DIGIT_MAX MP_MASK - -/******************************************************************************/ -/* - equalities - */ -#define MP_LT -1 /* less than */ -#define MP_EQ 0 /* equal to */ -#define MP_GT 1 /* greater than */ - -#define MP_ZPOS 0 /* positive integer */ -#define MP_NEG 1 /* negative */ - -#define MP_OKAY 0 /* ok result */ -#define MP_MEM -2 /* out of mem */ -#define MP_VAL -3 /* invalid input */ -#define MP_RANGE MP_VAL - -#define MP_YES 1 /* yes response */ -#define MP_NO 0 /* no response */ - -typedef int32 mp_err; - -/******************************************************************************/ -/* - various build options - */ -#define MP_PREC 64 /* default digits of precision */ - -/* - define this to use lower memory usage routines (exptmods mostly) - */ -#define MP_LOW_MEM - -/* - size of comba arrays, should be at least - 2 * 2**(BITS_PER_WORD - BITS_PER_DIGIT*2) - */ -#define MP_WARRAY (1 << (sizeof(mp_word) * CHAR_BIT - 2 * DIGIT_BIT + 1)) - -typedef struct { - int32 used, alloc, sign; - mp_digit *dp; -} mp_int; - -#define USED(m) ((m)->used) -#define DIGIT(m,k) ((m)->dp[(k)]) -#define SIGN(m) ((m)->sign) - -/******************************************************************************/ -/* - init and deinit bignum functions - */ - -/* - init a bignum - */ -extern int32 mp_init(psPool_t *pool, mp_int *a); - -/* - free a bignum - */ -extern void mp_clear(mp_int *a); - -/* - init a series of arguments - */ -extern int32 _mp_init_multi(psPool_t *pool, mp_int *mp0, mp_int *mp1, mp_int *mp2, - mp_int *mp3, mp_int *mp4, mp_int *mp5, mp_int *mp6, - mp_int *mp7); - -/* - clear a series of arguments - */ -extern void _mp_clear_multi(mp_int *mp0, mp_int *mp1, mp_int *mp2, mp_int *mp3, - mp_int *mp4, mp_int *mp5, mp_int *mp6, mp_int *mp7); - -/* - exchange two ints - */ -extern void mp_exch(mp_int *a, mp_int *b); - -/* - shrink ram required for a bignum - */ -extern int32 mp_shrink(mp_int *a); - -/* - grow an int32 to a given size - */ -extern int32 mp_grow(mp_int *a, int32 size); - -/* - init to a given number of digits - */ -extern int32 mp_init_size(psPool_t *pool, mp_int *a, int32 size); - -/******************************************************************************/ -/* - Basic Manipulations - */ -#define mp_iszero(a) (((a)->used == 0) ? MP_YES : MP_NO) -#define mp_iseven(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? MP_YES : MP_NO) -#define mp_isodd(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? MP_YES : MP_NO) - -extern int32 mp_add_d (mp_int * a, mp_digit b, mp_int * c); -extern int32 mp_sub_d (mp_int * a, mp_digit b, mp_int * c); -/* - set to zero - */ -extern void mp_zero(mp_int *a); - -/* - set to a digit - */ -extern void mp_set(mp_int *a, mp_digit b); - -/* - copy, b = a - */ -extern int32 mp_copy(mp_int *a, mp_int *b); - -/* - inits and copies, a = b - */ -extern int32 mp_init_copy(psPool_t *pool, mp_int *a, mp_int *b); - -/* - trim unused digits - */ -extern void mp_clamp(mp_int *a); - -/******************************************************************************/ -/* - digit manipulation -*/ - -/* - right shift by "b" digits - */ -extern void mp_rshd(mp_int *a, int32 b); - -/* - left shift by "b" digits - */ -extern int32 mp_lshd(mp_int *a, int32 b); - -/* - c = a / 2**b - */ -extern int32 mp_div_2d(psPool_t *pool, mp_int *a, int32 b, mp_int *c, mp_int *d); - -/* - b = a/2 - */ -extern int32 mp_div_2(mp_int *a, mp_int *b); - -/* - c = a * 2**b - */ -extern int32 mp_mul_2d(mp_int *a, int32 b, mp_int *c); - -/* - c = a mod 2**d - */ -extern int32 mp_mod_2d(mp_int *a, int32 b, mp_int *c); - -/* - computes a = 2**b - */ -extern int32 mp_2expt(mp_int *a, int32 b); - -/******************************************************************************/ -/* - Basic arithmetic - */ - -/* - b = |a| - */ -extern int32 mp_abs(mp_int *a, mp_int *b); - -/* - compare a to b - */ -extern int32 mp_cmp(mp_int *a, mp_int *b); - -/* - compare |a| to |b| - */ -extern int32 mp_cmp_mag(mp_int *a, mp_int *b); - -/* - c = a + b - */ -extern int32 mp_add(mp_int *a, mp_int *b, mp_int *c); - -/* - c = a - b - */ -extern int32 mp_sub(mp_int *a, mp_int *b, mp_int *c); - -/* - c = a * b - b = a*a - */ -/* moved mp_mul out of SLOW case */ -extern int32 mp_mul(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c); -#ifdef USE_SMALL_WORD -extern int32 mp_sqr(psPool_t *pool, mp_int *a, mp_int *b); -#endif - -/* - a/b => cb + d == a - */ -extern int32 mp_div(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, mp_int *d); - -/* - c = a mod b, 0 <= c < b - */ -extern int32 mp_mod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c); - -/******************************************************************************/ -/* - single digit functions - */ - -/* - compare against a single digit - */ -extern int32 mp_cmp_d(mp_int *a, mp_digit b); - -/* - c = a * b - */ -extern int32 mp_mul_d(mp_int *a, mp_digit b, mp_int *c); - -/******************************************************************************/ -/* - number theory - */ - -/* - d = a + b (mod c) - */ -extern int32 mp_addmod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, mp_int *d); - -/* - d = a * b (mod c) - */ -extern int32 mp_mulmod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, mp_int *d); - -/* - c = 1/a (mod b) - */ -extern int32 mp_invmodSSH(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c); - -/* - setups the montgomery reduction - */ -extern int32 mp_montgomery_setup(mp_int *a, mp_digit *mp); - -/* - computes a = B**n mod b without division or multiplication useful for - normalizing numbers in a Montgomery system. - */ -extern int32 mp_montgomery_calc_normalization(mp_int *a, mp_int *b); - -/* - computes x/R == x (mod N) via Montgomery Reduction - */ -#ifdef USE_SMALL_WORD -extern int32 mp_montgomery_reduce(mp_int *a, mp_int *m, mp_digit mp); -#endif - -/* - d = a**b (mod c) - */ -extern int32 mp_exptmod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, mp_int *d); - -/******************************************************************************/ -/* - If we're using 1024 or 2048 bit keys and 28 bit digits, we only need the - fast_ versions of these functions, removing the others to save space. - Otherwise, we include the slow versions as well and which version to use - is done at runtime. -*/ -#ifdef USE_SMALL_WORD -extern int32 s_mp_mul_digs(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, - int32 digs); -extern int32 s_mp_sqr(psPool_t *pool, mp_int *a, mp_int *b); - -#else -#define mp_montgomery_reduce fast_mp_montgomery_reduce -#define mp_sqr fast_s_mp_sqr -#define s_mp_mul_digs fast_s_mp_mul_digs -#define mp_invmod fast_mp_invmod -#endif - -/******************************************************************************/ -/* - radix conversion - */ -extern int32 mp_count_bits(mp_int *a); - -extern int32 mp_unsigned_bin_size(mp_int *a); -extern int32 mp_read_unsigned_bin(mp_int *a, unsigned char *b, int32 c); -extern int32 mp_to_unsigned_bin(psPool_t *pool, mp_int *a, unsigned char *b); - -extern int32 mp_signed_bin_size(mp_int *a); - -/* - lowlevel functions, do not call! - */ -/* define this in all cases for now FUTURE*/ -#define s_mp_mul(P, A, B, C) s_mp_mul_digs(P, A, B, C, (A)->used + (B)->used + 1) - - -/* - b = a*2 - */ -extern int32 mp_mul_2(mp_int *a, mp_int *b); - -extern int32 s_mp_add(mp_int *a, mp_int *b, mp_int *c); -extern int32 s_mp_sub(mp_int *a, mp_int *b, mp_int *c); - -extern int32 fast_s_mp_mul_digs(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, - int32 digs); -extern int32 fast_s_mp_sqr(psPool_t *pool, mp_int *a, mp_int *b); - -extern int32 fast_mp_invmod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c); -extern int32 fast_mp_montgomery_reduce(mp_int *a, mp_int *m, mp_digit mp); - -extern void bn_reverse(unsigned char *s, int32 len); - - -#ifdef __cplusplus - } -#endif /* __cplusplus */ - -#endif /* _h_MPI */ - diff --git a/release/src/router/matrixssl/src/crypto/peersec/pscrypto.h b/release/src/router/matrixssl/src/crypto/peersec/pscrypto.h deleted file mode 100644 index 43a96666..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/pscrypto.h +++ /dev/null @@ -1,654 +0,0 @@ -/* - * pscrypto.h - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Internal definitions for PeerSec Networks MatrixSSL cryptography provider - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#ifndef _h_PSCRYPTO -#define _h_PSCRYPTO - -#ifdef __cplusplus -extern "C" { -#endif - -/* - PeerSec crypto-specific defines. - */ -#define SMALL_CODE -#define CLEAN_STACK -/* - If Native 64 bit integers are not supported, we must set the 16 bit flag - to produce 32 bit mp_words in mpi.h - We must also include the slow MPI functions because the fast ones only - work with larger (28 bit) digit sizes. -*/ -#ifndef USE_INT64 -#define MP_16BIT -#define USE_SMALL_WORD -#endif /* USE_INT64 */ - -/******************************************************************************/ - -#ifdef USE_RSA - -#include "mpi.h" - -#if LINUX - #define _stat stat -#endif - -/* this is the "32-bit at least" data type - * Re-define it to suit your platform but it must be at least 32-bits - */ -typedef unsigned long ulong32; - -/* - Primary RSA Key struct. Define here for crypto -*/ -typedef struct { - mp_int e, d, N, qP, dP, dQ, p, q; - int32 size; /* Size of the key in bytes */ - int32 optimized; /* 1 for optimized */ -} sslRsaKey_t; - -#endif /* USE_RSA */ - - - -/* - * Private - */ -extern int32 ps_base64_decode(const unsigned char *in, uint32 len, - unsigned char *out, uint32 *outlen); - -/* - * Memory routines - */ -extern void psZeromem(void *dst, size_t len); -extern void psBurnStack(unsigned long len); - - -/* max size of either a cipher/hash block or symmetric key [largest of the two] */ -#define MAXBLOCKSIZE 24 - -/* ch1-01-1 */ -/* error codes [will be expanded in future releases] */ -enum { - CRYPT_OK=0, /* Result OK */ - CRYPT_ERROR, /* Generic Error */ - CRYPT_NOP, /* Not a failure but no operation was performed */ - - CRYPT_INVALID_KEYSIZE, /* Invalid key size given */ - CRYPT_INVALID_ROUNDS, /* Invalid number of rounds */ - CRYPT_FAIL_TESTVECTOR, /* Algorithm failed test vectors */ - - CRYPT_BUFFER_OVERFLOW, /* Not enough space for output */ - CRYPT_INVALID_PACKET, /* Invalid input packet given */ - - CRYPT_INVALID_PRNGSIZE, /* Invalid number of bits for a PRNG */ - CRYPT_ERROR_READPRNG, /* Could not read enough from PRNG */ - - CRYPT_INVALID_CIPHER, /* Invalid cipher specified */ - CRYPT_INVALID_HASH, /* Invalid hash specified */ - CRYPT_INVALID_PRNG, /* Invalid PRNG specified */ - - CRYPT_MEM, /* Out of memory */ - - CRYPT_PK_TYPE_MISMATCH, /* Not equivalent types of PK keys */ - CRYPT_PK_NOT_PRIVATE, /* Requires a private PK key */ - - CRYPT_INVALID_ARG, /* Generic invalid argument */ - CRYPT_FILE_NOTFOUND, /* File Not Found */ - - CRYPT_PK_INVALID_TYPE, /* Invalid type of PK key */ - CRYPT_PK_INVALID_SYSTEM, /* Invalid PK system specified */ - CRYPT_PK_DUP, /* Duplicate key already in key ring */ - CRYPT_PK_NOT_FOUND, /* Key not found in keyring */ - CRYPT_PK_INVALID_SIZE, /* Invalid size input for PK parameters */ - - CRYPT_INVALID_PRIME_SIZE /* Invalid size of prime requested */ -}; - -/******************************************************************************/ -/* - hash defines - */ -struct sha1_state { -#ifdef USE_INT64 - ulong64 length; -#else - ulong32 lengthHi; - ulong32 lengthLo; -#endif /* USE_INT64 */ - ulong32 state[5], curlen; - unsigned char buf[64]; -}; - -struct md5_state { -#ifdef USE_INT64 - ulong64 length; -#else - ulong32 lengthHi; - ulong32 lengthLo; -#endif /* USE_INT64 */ - ulong32 state[4], curlen; - unsigned char buf[64]; -}; - -#ifdef USE_MD2 -struct md2_state { - unsigned char chksum[16], X[48], buf[16]; - unsigned long curlen; -}; -#endif /* USE_MD2 */ - - - -typedef union { - struct sha1_state sha1; - struct md5_state md5; -#ifdef USE_MD2 - struct md2_state md2; -#endif /* USE_MD2 */ -} hash_state; - -typedef hash_state sslSha1Context_t; -typedef hash_state sslMd5Context_t; -#ifdef USE_MD2 -typedef hash_state sslMd2Context_t; -#endif /* USE_MD2 */ - -typedef struct { - unsigned char pad[64]; - union { - sslMd5Context_t md5; - sslSha1Context_t sha1; - } u; -} sslHmacContext_t; - -/******************************************************************************/ -/* - RC4 - */ -#ifdef USE_ARC4 -typedef struct { - unsigned char state[256]; - uint32 byteCount; - unsigned char x; - unsigned char y; -} rc4_key; -#endif /* USE_ARC4 */ - - -#define SSL_DES3_KEY_LEN 24 -#define SSL_DES3_IV_LEN 8 -#define SSL_DES_KEY_LEN 8 - -#ifdef USE_3DES - -typedef struct { - ulong32 ek[3][32], dk[3][32]; -} des3_key; - -/* - A block cipher CBC structure - */ -typedef struct { - int32 blocklen; - unsigned char IV[8]; - des3_key key; - int32 explicitIV; /* 1 if yes */ -} des3_CBC; - -extern int32 des3_setup(const unsigned char *key, int32 keylen, int32 num_rounds, - des3_CBC *skey); -extern void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, - des3_CBC *key); -extern void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, - des3_CBC *key); -extern int32 des3_keysize(int32 *desired_keysize); - -extern int32 des_setup(const unsigned char *key, int32 keylen, int32 num_rounds, - des3_CBC *skey); -extern void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, - des3_CBC *key); -extern void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, - des3_CBC *key); - -#endif /* USE_3DES */ - - - -typedef union { -#ifdef USE_ARC4 - rc4_key arc4; -#endif -#ifdef USE_3DES - des3_CBC des3; -#endif -} sslCipherContext_t; - - -/* - Controls endianess and size of registers. Leave uncommented to get - platform neutral [slower] code detect x86-32 machines somewhat - */ -#if (defined(_MSC_VER) && defined(WIN32)) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__))) - #define ENDIAN_LITTLE - #define ENDIAN_32BITWORD -#endif - - -/* #define ENDIAN_LITTLE */ -/* #define ENDIAN_BIG */ - -/* #define ENDIAN_32BITWORD */ -/* #define ENDIAN_64BITWORD */ - -#if (defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) && !(defined(ENDIAN_32BITWORD) || defined(ENDIAN_64BITWORD)) - #error You must specify a word size as well as endianess -#endif - -#if !(defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) - #define ENDIAN_NEUTRAL -#endif - -/* - helper macros - */ -#if defined (ENDIAN_NEUTRAL) - -#define STORE32L(x, y) \ - { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } - -#define LOAD32L(x, y) \ - { x = ((unsigned long)((y)[3] & 255)<<24) | \ - ((unsigned long)((y)[2] & 255)<<16) | \ - ((unsigned long)((y)[1] & 255)<<8) | \ - ((unsigned long)((y)[0] & 255)); } - -#define STORE64L(x, y) \ - { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ - (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \ - (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } - -#define LOAD64L(x, y) \ - { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \ - (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32)| \ - (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16)| \ - (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } - -#define STORE32H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \ - (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } - -#define LOAD32H(x, y) \ - { x = ((unsigned long)((y)[0] & 255)<<24) | \ - ((unsigned long)((y)[1] & 255)<<16) | \ - ((unsigned long)((y)[2] & 255)<<8) | \ - ((unsigned long)((y)[3] & 255)); } - -#define STORE64H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ - (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ - (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \ - (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } - -#define LOAD64H(x, y) \ - { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \ - (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32) | \ - (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16) | \ - (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); } - -#endif /* ENDIAN_NEUTRAL */ - -#ifdef ENDIAN_LITTLE - -#define STORE32H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \ - (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } - -#define LOAD32H(x, y) \ - { x = ((unsigned long)((y)[0] & 255)<<24) | \ - ((unsigned long)((y)[1] & 255)<<16) | \ - ((unsigned long)((y)[2] & 255)<<8) | \ - ((unsigned long)((y)[3] & 255)); } - -#define STORE64H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ - (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ - (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \ - (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } - -#define LOAD64H(x, y) \ - { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \ - (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32) | \ - (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16) | \ - (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); } - -#ifdef ENDIAN_32BITWORD - -#define STORE32L(x, y) \ - { unsigned long __t = (x); memcpy(y, &__t, 4); } - -#define LOAD32L(x, y) \ - memcpy(&(x), y, 4); - -#define STORE64L(x, y) \ - { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ - (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \ - (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } - -#define LOAD64L(x, y) \ - { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \ - (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32)| \ - (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16)| \ - (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } - -#else /* 64-bit words then */ - -#define STORE32L(x, y) \ - { unsigned long __t = (x); memcpy(y, &__t, 4); } - -#define LOAD32L(x, y) \ - { memcpy(&(x), y, 4); x &= 0xFFFFFFFF; } - -#define STORE64L(x, y) \ - { ulong64 __t = (x); memcpy(y, &__t, 8); } - -#define LOAD64L(x, y) \ - { memcpy(&(x), y, 8); } - -#endif /* ENDIAN_64BITWORD */ -#endif /* ENDIAN_LITTLE */ - -#ifdef ENDIAN_BIG -#define STORE32L(x, y) \ - { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } - -#define LOAD32L(x, y) \ - { x = ((unsigned long)((y)[3] & 255)<<24) | \ - ((unsigned long)((y)[2] & 255)<<16) | \ - ((unsigned long)((y)[1] & 255)<<8) | \ - ((unsigned long)((y)[0] & 255)); } - -#define STORE64L(x, y) \ - { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ - (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \ - (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } - -#define LOAD64L(x, y) \ - { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48) | \ - (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32) | \ - (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16) | \ - (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } - -#ifdef ENDIAN_32BITWORD - -#define STORE32H(x, y) \ - { unsigned long __t = (x); memcpy(y, &__t, 4); } - -#define LOAD32H(x, y) \ - memcpy(&(x), y, 4); - -#define STORE64H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ - (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ - (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \ - (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } - -#define LOAD64H(x, y) \ - { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48)| \ - (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32)| \ - (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16)| \ - (((ulong64)((y)[6] & 255))<<8)| (((ulong64)((y)[7] & 255))); } - -#else /* 64-bit words then */ - -#define STORE32H(x, y) \ - { unsigned long __t = (x); memcpy(y, &__t, 4); } - -#define LOAD32H(x, y) \ - { memcpy(&(x), y, 4); x &= 0xFFFFFFFF; } - -#define STORE64H(x, y) \ - { ulong64 __t = (x); memcpy(y, &__t, 8); } - -#define LOAD64H(x, y) \ - { memcpy(&(x), y, 8); } - -#endif /* ENDIAN_64BITWORD */ -#endif /* ENDIAN_BIG */ - -/* - packet code */ -#if defined(USE_RSA) || defined(MDH) || defined(MECC) - #define PACKET - -/* - size of a packet header in bytes */ - #define PACKET_SIZE 4 - -/* - Section tags - */ - #define PACKET_SECT_RSA 0 - #define PACKET_SECT_DH 1 - #define PACKET_SECT_ECC 2 - #define PACKET_SECT_DSA 3 - -/* - Subsection Tags for the first three sections - */ - #define PACKET_SUB_KEY 0 - #define PACKET_SUB_ENCRYPTED 1 - #define PACKET_SUB_SIGNED 2 - #define PACKET_SUB_ENC_KEY 3 -#endif - -/* - fix for MSVC ...evil! - */ -#ifdef WIN32 -#ifdef _MSC_VER - #define CONST64(n) n ## ui64 - typedef unsigned __int64 ulong64; -#else - #define CONST64(n) n ## ULL - typedef unsigned long long ulong64; -#endif -#endif /* WIN32 */ - - -#define BSWAP(x) ( ((x>>24)&0x000000FFUL) | ((x<<24)&0xFF000000UL) | \ - ((x>>8)&0x0000FF00UL) | ((x<<8)&0x00FF0000UL) ) - -#ifdef _MSC_VER - -/* - instrinsic rotate - */ -#include <stdlib.h> -#pragma intrinsic(_lrotr,_lrotl) -#define ROR(x,n) _lrotr(x,n) -#define ROL(x,n) _lrotl(x,n) -#define RORc(x,n) _lrotr(x,n) -#define ROLc(x,n) _lrotl(x,n) - -/* -#elif defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && !defined(INTEL_CC) && !defined(PS_NO_ASM) - -static inline unsigned ROL(unsigned word, int32 i) -{ - asm ("roll %%cl,%0" - :"0" (word),"c" (i)); - return word; -} - -static inline unsigned ROR(unsigned word, int32 i) -{ - asm ("rorl %%cl,%0" - :"=r" (word) - :"0" (word),"c" (i)); - return word; -} -*/ -/* -#ifndef PS_NO_ROLC - -static inline unsigned ROLc(unsigned word, const int32 i) -{ - asm ("roll %2,%0" - :"=r" (word) - :"0" (word),"I" (i)); - return word; -} - -static inline unsigned RORc(unsigned word, const int32 i) -{ - asm ("rorl %2,%0" - :"=r" (word) - :"0" (word),"I" (i)); - return word; -} - -#else - -#define ROLc ROL -#define RORc ROR - -#endif -*/ - -#else /* _MSC_VER */ - -/* - rotates the hard way - */ -#define ROL(x, y) ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) -#define ROR(x, y) ( ((((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)((y)&31)) | ((unsigned long)(x)<<(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) -#define ROLc(x, y) ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) -#define RORc(x, y) ( ((((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)((y)&31)) | ((unsigned long)(x)<<(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) - -#endif /* _MSC_VER */ - -/* 64-bit Rotates */ -#if 0 - -#if defined(__GNUC__) && defined(__x86_64__) && !defined(PS_NO_ASM) - -static inline unsigned long ROL64(unsigned long word, int32 i) -{ - asm("rolq %%cl,%0" - :"=r" (word) - :"0" (word),"c" (i)); - return word; -} - -static inline unsigned long ROR64(unsigned long word, int32 i) -{ - asm("rorq %%cl,%0" - :"=r" (word) - :"0" (word),"c" (i)); - return word; -} - -#ifndef PS_NO_ROLC - -static inline unsigned long ROL64c(unsigned long word, const int32 i) -{ - asm("rolq %2,%0" - :"=r" (word) - :"0" (word),"J" (i)); - return word; -} - -static inline unsigned long ROR64c(unsigned long word, const int32 i) -{ - asm("rorq %2,%0" - :"=r" (word) - :"0" (word),"J" (i)); - return word; -} - -#else /* PS_NO_ROLC */ - -#define ROL64c ROL -#define ROR64c ROR - -#endif /* PS_NO_ROLC */ -#endif -#endif /* commented out */ - -#define ROL64(x, y) \ - ( (((x)<<((ulong64)(y)&63)) | \ - (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)64-((y)&63)))) & CONST64(0xFFFFFFFFFFFFFFFF)) - -#define ROR64(x, y) \ - ( ((((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)(y)&CONST64(63))) | \ - ((x)<<((ulong64)(64-((y)&CONST64(63)))))) & CONST64(0xFFFFFFFFFFFFFFFF)) - -#define ROL64c(x, y) \ - ( (((x)<<((ulong64)(y)&63)) | \ - (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)64-((y)&63)))) & CONST64(0xFFFFFFFFFFFFFFFF)) - -#define ROR64c(x, y) \ - ( ((((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)(y)&CONST64(63))) | \ - ((x)<<((ulong64)(64-((y)&CONST64(63)))))) & CONST64(0xFFFFFFFFFFFFFFFF)) - -#undef MAX -#undef MIN -#define MAX(x, y) ( ((x)>(y))?(x):(y) ) -#define MIN(x, y) ( ((x)<(y))?(x):(y) ) - -/* - extract a byte portably This MSC code causes runtime errors in VS.NET, - always use the other - */ -/* -#ifdef _MSC_VER - #define byte(x, n) ((unsigned char)((x) >> (8 * (n)))) -#else -*/ - #define byte(x, n) (((x) >> (8 * (n))) & 255) -/* -#endif -*/ -#ifdef __cplusplus - } -#endif /* __cplusplus */ - -#endif /* _h_PSCRYPTO */ - -/******************************************************************************/ - diff --git a/release/src/router/matrixssl/src/crypto/peersec/rsa.c b/release/src/router/matrixssl/src/crypto/peersec/rsa.c deleted file mode 100644 index 5d6fcccb..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/rsa.c +++ /dev/null @@ -1,463 +0,0 @@ -/* - * rsa.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * RSA crypto - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "../cryptoLayer.h" - -/******************************************************************************/ - -static int32 ssl_rsa_crypt(psPool_t *pool, - const unsigned char *in, uint32 inlen, - unsigned char *out, uint32 *outlen, - sslRsaKey_t *key, int32 type); - -static int32 sslUnpadRSA(unsigned char *in, int32 inlen, unsigned char *out, - int32 outlen, int32 decryptType); -static int32 sslPadRSA(unsigned char *in, int32 inlen, unsigned char *out, - int32 outlen, int32 cryptType); - -#ifdef USE_RSA_BLINDING -static int32 tim_mp_exptmod(psPool_t *pool, - mp_int *c, mp_int *e, mp_int *d, mp_int *n, mp_int *m); -#else -#define tim_mp_exptmod(p, c, e, d, n, m) mp_exptmod(p, c, d, n, m) -#endif - -/******************************************************************************/ - -#define RSA_PUBLIC 0x01 -#define RSA_PRIVATE 0x02 - -/******************************************************************************/ -/* - Public API wrapper around sslGetEntropy -*/ -int32 matrixGetRandomBytes(unsigned char *bytes, int32 size) -{ - return sslGetEntropy(bytes, size); -} - -/******************************************************************************/ -/* - Primary RSA encryption routine -*/ -static int32 ssl_rsa_crypt(psPool_t *pool, - const unsigned char *in, uint32 inlen, - unsigned char *out, uint32 *outlen, - sslRsaKey_t *key, int32 type) -{ - mp_int tmp, tmpa, tmpb; - unsigned long x; - int32 res; - - if (in == NULL || out == NULL || outlen == NULL || key == NULL) { - return -1; - } -/* - init and copy into tmp - */ - if (_mp_init_multi(pool, &tmp, &tmpa, &tmpb, NULL, NULL, NULL, NULL, NULL) - != MP_OKAY) { - matrixStrDebugMsg("ssl_rsa_crypt error: mp_init_multi\n", NULL); - goto error; - } - if (mp_read_unsigned_bin(&tmp, (unsigned char *)in, (int32)inlen) != - MP_OKAY) { - matrixStrDebugMsg("ssl_rsa_crypt error: mp_read_unsigned_bin\n", NULL); - goto error; - } -/* - sanity check on the input - */ - if (mp_cmp(&key->N, &tmp) == MP_LT) { - res = -1; - goto done; - } - if (type == RSA_PRIVATE) { - if (key->optimized) { - if (tim_mp_exptmod(pool, &tmp, &key->e, &key->dP, &key->p, &tmpa) - != MP_OKAY) { - matrixStrDebugMsg("decrypt error: mp_exptmod dP, p\n", NULL); - goto error; - } - if (tim_mp_exptmod(pool, &tmp, &key->e, &key->dQ, &key->q, &tmpb) - != MP_OKAY) { - matrixStrDebugMsg("decrypt error: mp_exptmod dQ, q\n", NULL); - goto error; - } - if (mp_sub(&tmpa, &tmpb, &tmp) != MP_OKAY) { - matrixStrDebugMsg("decrypt error: sub tmpb, tmp\n", NULL); - goto error; - } - if (mp_mulmod(pool, &tmp, &key->qP, &key->p, &tmp) != MP_OKAY) { - matrixStrDebugMsg("decrypt error: mp_mulmod qP, p\n", NULL); - goto error; - } - if (mp_mul(pool, &tmp, &key->q, &tmp) != MP_OKAY) { - matrixStrDebugMsg("decrypt error: mp_mul q \n", NULL); - goto error; - } - if (mp_add(&tmp, &tmpb, &tmp) != MP_OKAY) { - matrixStrDebugMsg("decrypt error: mp_add tmp \n", NULL); - goto error; - } - } else { - if (tim_mp_exptmod(pool, &tmp, &key->e, &key->d, &key->N, &tmp) != MP_OKAY) { - matrixStrDebugMsg("ssl_rsa_crypt error: mp_exptmod\n", NULL); - goto error; - } - } - } else if (type == RSA_PUBLIC) { - if (mp_exptmod(pool, &tmp, &key->e, &key->N, &tmp) != MP_OKAY) { - matrixStrDebugMsg("ssl_rsa_crypt error: mp_exptmod\n", NULL); - goto error; - } - } else { - matrixStrDebugMsg("ssl_rsa_crypt error: invalid type param\n", NULL); - goto error; - } -/* - read it back - */ - x = (unsigned long)mp_unsigned_bin_size(&key->N); - if (x > *outlen) { - res = -1; - matrixStrDebugMsg("ssl_rsa_crypt error: mp_unsigned_bin_size\n", NULL); - goto done; - } -/* - We want the encrypted value to always be the key size. Pad with 0x0 -*/ - while (x < (unsigned long)key->size) { - *out++ = 0x0; - x++; - } - - *outlen = x; -/* - convert it - */ - memset(out, 0x0, x); - if (mp_to_unsigned_bin(pool, &tmp, out+(x-mp_unsigned_bin_size(&tmp))) - != MP_OKAY) { - matrixStrDebugMsg("ssl_rsa_crypt error: mp_to_unsigned_bin\n", NULL); - goto error; - } -/* - clean up and return - */ - res = 0; - goto done; -error: - res = -1; -done: - _mp_clear_multi(&tmp, &tmpa, &tmpb, NULL, NULL, NULL, NULL, NULL); - return res; -} - -/******************************************************************************/ -/* - Pad a value to be encrypted by RSA, according to PKCS#1 v1.5 - http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/ - When encrypting a value with RSA, the value is first padded to be - equal to the public key size using the following method: - 00 <id> <data> 00 <value to be encrypted> - - id denotes a public or private key operation - - if id is private, data is however many non-zero bytes it takes to pad the - value to the key length (randomLen = keyLen - 3 - valueLen). - - if id is public, data is FF for the same length as described above - - There must be at least 8 bytes of data. -*/ -static int32 sslPadRSA(unsigned char *in, int32 inlen, unsigned char *out, - int32 outlen, int32 cryptType) -{ - unsigned char *c; - int32 randomLen; - - randomLen = outlen - 3 - inlen; - if (randomLen < 8) { - matrixIntDebugMsg("RSA encryption data too large: %d\n", inlen); - return -1; - } - c = out; - *c = 0x00; - c++; - *c = (unsigned char)cryptType; - c++; - if (cryptType == RSA_PUBLIC) { - while (randomLen-- > 0) { - *c++ = 0xFF; - } - } else { - if (sslGetEntropy(c, randomLen) < 0) { - matrixStrDebugMsg("Error gathering RSA pad entropy\n", NULL); - return -1; - } -/* - SECURITY: Read through the random data and change all 0x0 to 0x01. - This is per spec that no random bytes should be 0 -*/ - while (randomLen-- > 0) { - if (*c == 0x0) { - *c = 0x01; - } - c++; - } - } - *c = 0x00; - c++; - memcpy(c, in, inlen); - - return outlen; -} - - -#ifdef USE_RSA_PUBLIC_ENCRYPT -/******************************************************************************/ -/* - RSA public encryption. - Always called by SSL client for server auth in ClientKeyExchange - The outlen param must be set to the strength of the key: key->size -*/ -int32 matrixRsaEncryptPub(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen) -{ - int32 size; - - size = key->size; - if (outlen < size) { - return -1; - } - - if (sslPadRSA(in, inlen, out, size, RSA_PRIVATE) < 0) { - return -1; - } - if (ssl_rsa_crypt(pool, out, size, out, (uint32*)&outlen, key, - RSA_PUBLIC) < 0 || outlen != size) { - return -1; - } - return size; -} - -#else /* USE_RSA_PUBLIC_ENCRYPT - Keeps the cipher suite definition clean */ -int32 matrixRsaEncryptPub(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen) -{ - if (inlen > outlen) { - return -1; - } - memcpy(out, in, inlen); - return inlen; -} -#endif /* USE_RSA_PUBLIC_ENCRYPT */ - -/******************************************************************************/ -/* - Unpad a value decrypted by RSA, according to PKCS#1 v1.5 - http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/ - - When decrypted, the data will look like the pad, including the inital - byte (00). Form: - 00 <decryptType> <random data (min 8 bytes)> 00 <value to be encrypted> - - We don't worry about v2 rollback issues because we don't support v2 -*/ -static int32 sslUnpadRSA(unsigned char *in, int32 inlen, unsigned char *out, - int32 outlen, int32 decryptType) -{ - unsigned char *c, *end; - - if (inlen < outlen + 10) { - return -1; - } - c = in; - end = in + inlen; -/* - Verify the first byte (block type) is correct. -*/ - if (*c++ != 0x00 || *c != decryptType) { - return -1; - } - c++; -/* - Skip over the random, non-zero bytes used as padding -*/ - while (c < end && *c != 0x0) { - if (decryptType == RSA_PUBLIC) { - if (*c != 0xFF) { - return -1; - } - } - c++; - } - c++; -/* - The length of the remaining data should be equal to what was expected - Combined with the initial length check, there must be >= 8 bytes of pad - ftp://ftp.rsa.com/pub/pdfs/bulletn7.pdf -*/ - if (end - c != outlen) { - return -1; - } -/* - Copy the value bytes to the out buffer -*/ - while (c < end) { - *out = *c; - out++; c++; - } - return outlen; -} - -/******************************************************************************/ -/* - Always called by the server to decrypt the ClientKeyExchange -*/ -int32 matrixRsaDecryptPriv(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen) -{ - int32 ptLen; - - if (inlen != key->size) { - return -1; - } - ptLen = inlen; - if (ssl_rsa_crypt(pool, in, inlen, in, (uint32*)&ptLen, key, - RSA_PRIVATE) < 0 || ptLen != inlen) { - return -1; - } - ptLen = sslUnpadRSA(in, inlen, out, outlen, RSA_PRIVATE); - memset(in, 0x0, inlen); - return ptLen; -} - -/******************************************************************************/ -/* - Called by client as normal part of signature validation from server cert. - Called by the server if authenticating client in CertificateVerify -*/ -int32 matrixRsaDecryptPub(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen) -{ - int32 ptLen; - - if (inlen != key->size) { - return -1; - } - ptLen = inlen; - if (ssl_rsa_crypt(pool, in, inlen, in, (uint32*)&ptLen, key, - RSA_PUBLIC) < 0 || ptLen != inlen) { - return -1; - } - if ((ptLen = sslUnpadRSA(in, inlen, out, outlen, RSA_PUBLIC)) < 0) { - return ptLen; - } - return 0; -} - - -#ifdef USE_RSA_BLINDING - -static int32 tim_mp_exptmod(psPool_t *pool, - mp_int *c, mp_int *e, mp_int *d, mp_int *n, mp_int *m) -{ - int32 err; - mp_int r, tmp, tmp2; - unsigned char *rtmp; - unsigned long rlen; -/* - pick random r - */ - rlen = mp_unsigned_bin_size(n); - - rtmp = psMalloc(pool, rlen); - if (rtmp == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - sslGetEntropy(rtmp, rlen); - - if ((err = _mp_init_multi(pool, &r, &tmp, &tmp2, NULL, NULL, NULL, NULL, - NULL)) != MP_OKAY) { - psFree(rtmp); - return -1; - } -/* - read in r - */ - if ((err = mp_read_unsigned_bin(&r, rtmp, rlen)) != MP_OKAY) { - goto __ERR; - } -/* - compute tmp = r^e - */ - if ((err = mp_exptmod(pool, &r, e, n, &tmp)) != MP_OKAY) { - goto __ERR; - } -/* - multiply C into the mix - */ - if ((err = mp_mulmod(pool, c, &tmp, n, &tmp)) != MP_OKAY) { - goto __ERR; - } -/* - raise to d - */ - if ((err = mp_exptmod(pool, &tmp, d, n, &tmp)) != MP_OKAY) { - goto __ERR; - } -/* - invert r and multiply - */ - if ((err = mp_invmod(pool, &r, n, &tmp2)) != MP_OKAY) { - goto __ERR; - } -/* - multiply and we are totally set - */ - if ((err = mp_mulmod(pool, &tmp, &tmp2, n, m)) != MP_OKAY) { - goto __ERR; - } - -__ERR: _mp_clear_multi(&r, &tmp, &tmp2, NULL, NULL, NULL, NULL, NULL); - psFree(rtmp); - return err; -} -#endif /* USE_RSA_BLINDING */ - -/******************************************************************************/ - - - - - diff --git a/release/src/router/matrixssl/src/crypto/peersec/sha1.c b/release/src/router/matrixssl/src/crypto/peersec/sha1.c deleted file mode 100644 index 7a92654f..00000000 --- a/release/src/router/matrixssl/src/crypto/peersec/sha1.c +++ /dev/null @@ -1,317 +0,0 @@ -/* - * sha1.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * SHA1 hash implementation - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "../cryptoLayer.h" - -#define F0(x,y,z) (z ^ (x & (y ^ z))) -#define F1(x,y,z) (x ^ y ^ z) -#define F2(x,y,z) ((x & y) | (z & (x | y))) -#define F3(x,y,z) (x ^ y ^ z) - -#ifdef CLEAN_STACK -static void _sha1_compress(hash_state *md) -#else -static void sha1_compress(hash_state *md) -#endif /* CLEAN STACK */ -{ - unsigned long a,b,c,d,e,W[80],i; -#ifdef SMALL_CODE - ulong32 t; -#endif - - sslAssert(md != NULL); - -/* - copy the state into 512-bits into W[0..15] - */ - for (i = 0; i < 16; i++) { - LOAD32H(W[i], md->sha1.buf + (4*i)); - } - -/* - copy state - */ - a = md->sha1.state[0]; - b = md->sha1.state[1]; - c = md->sha1.state[2]; - d = md->sha1.state[3]; - e = md->sha1.state[4]; - -/* - expand it - */ - for (i = 16; i < 80; i++) { - W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1); - } - -/* - compress - */ - /* round one */ - #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30); - #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30); - #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30); - #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30); - -#ifdef SMALL_CODE - for (i = 0; i < 20; ) { - FF0(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; - } - - for (; i < 40; ) { - FF1(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; - } - - for (; i < 60; ) { - FF2(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; - } - - for (; i < 80; ) { - FF3(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; - } -#else /* SMALL_CODE */ - for (i = 0; i < 20; ) { - FF0(a,b,c,d,e,i++); - FF0(e,a,b,c,d,i++); - FF0(d,e,a,b,c,i++); - FF0(c,d,e,a,b,i++); - FF0(b,c,d,e,a,i++); - } - - /* round two */ - for (; i < 40; ) { - FF1(a,b,c,d,e,i++); - FF1(e,a,b,c,d,i++); - FF1(d,e,a,b,c,i++); - FF1(c,d,e,a,b,i++); - FF1(b,c,d,e,a,i++); - } - - /* round three */ - for (; i < 60; ) { - FF2(a,b,c,d,e,i++); - FF2(e,a,b,c,d,i++); - FF2(d,e,a,b,c,i++); - FF2(c,d,e,a,b,i++); - FF2(b,c,d,e,a,i++); - } - - /* round four */ - for (; i < 80; ) { - FF3(a,b,c,d,e,i++); - FF3(e,a,b,c,d,i++); - FF3(d,e,a,b,c,i++); - FF3(c,d,e,a,b,i++); - FF3(b,c,d,e,a,i++); - } -#endif /* SMALL_CODE */ - - #undef FF0 - #undef FF1 - #undef FF2 - #undef FF3 - -/* - store - */ - md->sha1.state[0] = md->sha1.state[0] + a; - md->sha1.state[1] = md->sha1.state[1] + b; - md->sha1.state[2] = md->sha1.state[2] + c; - md->sha1.state[3] = md->sha1.state[3] + d; - md->sha1.state[4] = md->sha1.state[4] + e; -} - -#ifdef CLEAN_STACK -static void sha1_compress(hash_state *md) -{ - _sha1_compress(md); - psBurnStack(sizeof(unsigned long) * 87); -} -#endif /* CLEAN_STACK */ - -void matrixSha1Init(hash_state * md) -{ - sslAssert(md != NULL); - md->sha1.state[0] = 0x67452301UL; - md->sha1.state[1] = 0xefcdab89UL; - md->sha1.state[2] = 0x98badcfeUL; - md->sha1.state[3] = 0x10325476UL; - md->sha1.state[4] = 0xc3d2e1f0UL; - md->sha1.curlen = 0; -#ifdef USE_INT64 - md->sha1.length = 0; -#else - md->sha1.lengthHi = 0; - md->sha1.lengthLo = 0; -#endif /* USE_INT64 */ -} - -void matrixSha1Update(hash_state * md, const unsigned char *buf, unsigned long len) -{ - unsigned long n; - - sslAssert(md != NULL); - sslAssert(buf != NULL); - while (len > 0) { - n = MIN(len, (64 - md->sha1.curlen)); - memcpy(md->sha1.buf + md->sha1.curlen, buf, (size_t)n); - md->sha1.curlen += n; - buf += n; - len -= n; - - /* is 64 bytes full? */ - if (md->sha1.curlen == 64) { - sha1_compress(md); -#ifdef USE_INT64 - md->sha1.length += 512; -#else - n = (md->sha1.lengthLo + 512) & 0xFFFFFFFFL; - if (n < md->sha1.lengthLo) { - md->sha1.lengthHi++; - } - md->sha1.lengthLo = n; -#endif /* USE_INT64 */ - md->sha1.curlen = 0; - } - } -} - -int32 matrixSha1Final(hash_state * md, unsigned char *hash) -{ - int32 i; -#ifndef USE_INT64 - unsigned long n; -#endif - sslAssert(md != NULL); - if (md->sha1.curlen >= sizeof(md->sha1.buf) || hash == NULL) { - return -1; - } - -/* - increase the length of the message - */ -#ifdef USE_INT64 - md->sha1.length += md->sha1.curlen << 3; -#else - n = (md->sha1.lengthLo + (md->sha1.curlen << 3)) & 0xFFFFFFFFL; - if (n < md->sha1.lengthLo) { - md->sha1.lengthHi++; - } - md->sha1.lengthHi += (md->sha1.curlen >> 29); - md->sha1.lengthLo = n; -#endif /* USE_INT64 */ - -/* - append the '1' bit - */ - md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80; - -/* - if the length is currently above 56 bytes we append zeros then compress. - Then we can fall back to padding zeros and length encoding like normal. - */ - if (md->sha1.curlen > 56) { - while (md->sha1.curlen < 64) { - md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; - } - sha1_compress(md); - md->sha1.curlen = 0; - } - -/* - pad upto 56 bytes of zeroes - */ - while (md->sha1.curlen < 56) { - md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; - } - -/* - store length - */ -#ifdef USE_INT64 - STORE64H(md->sha1.length, md->sha1.buf+56); -#else - STORE32H(md->sha1.lengthHi, md->sha1.buf+56); - STORE32H(md->sha1.lengthLo, md->sha1.buf+60); -#endif /* USE_INT64 */ - sha1_compress(md); - -/* - copy output - */ - for (i = 0; i < 5; i++) { - STORE32H(md->sha1.state[i], hash+(4*i)); - } -#ifdef CLEAN_STACK - psZeromem(md, sizeof(hash_state)); -#endif /* CLEAN_STACK */ - return 20; -} - -#ifdef PEERSEC_TEST - -int32 matrixSha1Test() -{ - static const struct { - char *msg; - unsigned char hash[20]; - } tests[] = { - { "abc", - { 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, - 0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, - 0x9c, 0xd0, 0xd8, 0x9d } - }, - { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, - 0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, - 0xE5, 0x46, 0x70, 0xF1 } - } - }; - - int32 i; - unsigned char tmp[20]; - hash_state md; - - for (i = 0; i < (int32)(sizeof(tests) / sizeof(tests[0])); i++) { - matrixSha1Init(&md); - matrixSha1Update(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); - matrixSha1Final(&md, tmp); - if (memcmp(tmp, tests[i].hash, 20) != 0) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; -} -#endif /* PEERSEC_TEST */ - - -/******************************************************************************/ - diff --git a/release/src/router/matrixssl/src/matrixConfig.h b/release/src/router/matrixssl/src/matrixConfig.h deleted file mode 100644 index e3c28b52..00000000 --- a/release/src/router/matrixssl/src/matrixConfig.h +++ /dev/null @@ -1,121 +0,0 @@ -/* - * matrixConfig.h - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Configuration settings for building the MatrixSSL library. - * These options affect the size and algorithms present in the library. - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#ifndef _h_MATRIXCONFIG -#define _h_MATRIXCONFIG - -#ifdef __cplusplus -extern "C" { -#endif - -/******************************************************************************/ -/* - Define the number of sessions to cache here. - Minimum value is 1 - Session caching provides such an increase in performance that it isn't - an option to disable. -*/ -#define SSL_SESSION_TABLE_SIZE 32 - -/******************************************************************************/ -/* - Define the following to enable various cipher suites - At least one of these must be defined. If multiple are defined, - the handshake will determine which is best for the connection. -*/ -#define USE_SSL_RSA_WITH_RC4_128_MD5 -#define USE_SSL_RSA_WITH_RC4_128_SHA -#define USE_SSL_RSA_WITH_3DES_EDE_CBC_SHA - -/******************************************************************************/ -/* - Support for encrypted private key files, using 3DES -*/ -#define USE_ENCRYPTED_PRIVATE_KEYS - -/******************************************************************************/ -/* - Support for client side SSL -*/ -#define USE_CLIENT_SIDE_SSL -#define USE_SERVER_SIDE_SSL - - -/******************************************************************************/ -/* - Use native 64 bit integers (long longs) -*/ -#define USE_INT64 - -/******************************************************************************/ -/* - Hi-res POSIX timer. Use rdtscll() for timing routines in linux.c -*/ -/* #define USE_RDTSCLL_TIME */ - -/******************************************************************************/ -/* - Support for multithreading environment. This should be enabled - if multiple SSL sessions will be active at the same time in - different threads. The library will serialize access to the session - cache and memory pools with a mutex. - By default this is off, so that on POSIX platforms, pthreads isn't req'd -*/ -#define USE_MULTITHREADING - -/******************************************************************************/ -/* - Support for file system. -*/ -#define USE_FILE_SYSTEM - - -/******************************************************************************/ -/* - Allow servers to proceed with rehandshakes. - - SECURITY: A protocol flaw has been demonstrated in which an "authentication - gap" is possible during rehandshakes that enable a man-in-the-middle to - inject plain-text HTTP traffic into an authenticated client-server session - - It is advised to leave this disabled if you are using HTTPS -*/ -/* #define ALLOW_SERVER_REHANDSHAKES */ - -#ifdef __cplusplus -} -#endif - -#endif /* _h_MATRIXCONFIG */ - -/******************************************************************************/ - diff --git a/release/src/router/matrixssl/src/matrixInternal.h b/release/src/router/matrixssl/src/matrixInternal.h deleted file mode 100644 index 8245a9e3..00000000 --- a/release/src/router/matrixssl/src/matrixInternal.h +++ /dev/null @@ -1,385 +0,0 @@ -/* - * matrixInternal.h - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Internal header file used for the MatrixSSL implementation. - * Only modifiers of the library should be intersted in this file - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#ifndef _h_MATRIXINTERNAL -#define _h_MATRIXINTERNAL -#define _h_EXPORT_SYMBOLS - -#include "../matrixCommon.h" - -/******************************************************************************/ -/* - At the highest SSL level. Must include the lower level PKI -*/ -#include "pki/pkiInternal.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/******************************************************************************/ - -#if WIN32 -#define fcntl(A, B, C) -#define MSG_NOSIGNAL 0 -#endif /* WIN32 */ - -#define SSL_FLAGS_READ_SECURE 0x2 -#define SSL_FLAGS_WRITE_SECURE 0x4 -#define SSL_FLAGS_PUBLIC_SECURE 0x8 -#define SSL_FLAGS_RESUMED 0x10 -#define SSL_FLAGS_CLOSED 0x20 -#define SSL_FLAGS_NEED_ENCODE 0x40 -#define SSL_FLAGS_ERROR 0x80 - -#define SSL2_HEADER_LEN 2 -#define SSL3_HEADER_LEN 5 -#define SSL3_HANDSHAKE_HEADER_LEN 4 - -/* - These are defines rather than enums because we want to store them as char, - not int32 (enum size) -*/ -#define SSL_RECORD_TYPE_CHANGE_CIPHER_SPEC 20 -#define SSL_RECORD_TYPE_ALERT 21 -#define SSL_RECORD_TYPE_HANDSHAKE 22 -#define SSL_RECORD_TYPE_APPLICATION_DATA 23 - -#define SSL_HS_HELLO_REQUEST 0 -#define SSL_HS_CLIENT_HELLO 1 -#define SSL_HS_SERVER_HELLO 2 -#define SSL_HS_HELLO_VERIFY_REQUEST 3 -#define SSL_HS_CERTIFICATE 11 -#define SSL_HS_SERVER_KEY_EXCHANGE 12 -#define SSL_HS_CERTIFICATE_REQUEST 13 -#define SSL_HS_SERVER_HELLO_DONE 14 -#define SSL_HS_CERTIFICATE_VERIFY 15 -#define SSL_HS_CLIENT_KEY_EXCHANGE 16 -#define SSL_HS_FINISHED 20 -#define SSL_HS_DONE 255 /* Handshake complete (internal) */ - -#define INIT_ENCRYPT_CIPHER 0 -#define INIT_DECRYPT_CIPHER 1 - -#define RSA_SIGN 1 - -/* - Additional ssl alert value, indicating no error has ocurred. -*/ -#define SSL_ALERT_NONE 255 /* No error */ - -#define SSL_HS_RANDOM_SIZE 32 -#define SSL_HS_RSA_PREMASTER_SIZE 48 - -#define SSL2_MAJ_VER 2 -#define SSL3_MAJ_VER 3 -#define SSL3_MIN_VER 0 -#define TLS_MIN_VER 1 - - - -/* - SSL cipher suite values -*/ -#define SSL_NULL_WITH_NULL_NULL 0x0000 -#define SSL_RSA_WITH_NULL_MD5 0x0001 -#define SSL_RSA_WITH_NULL_SHA 0x0002 -#define SSL_RSA_WITH_RC4_128_MD5 0x0004 -#define SSL_RSA_WITH_RC4_128_SHA 0x0005 -#define SSL_RSA_WITH_3DES_EDE_CBC_SHA 0x000A - -/* - Maximum key block size for any defined cipher - This must be validated if new ciphers are added - Value is largest total among all cipher suites for - 2*macSize + 2*keySize + 2*ivSize -*/ -#define SSL_MAX_KEY_BLOCK_SIZE 2*20 + 2*24 + 2*8 - -/* - Master secret is 48 bytes, sessionId is 32 bytes max -*/ -#define SSL_HS_MASTER_SIZE 48 -#define SSL_MAX_SESSION_ID_SIZE 32 - - -/* - Round up the given length to the correct length with SSLv3 padding -*/ -#define sslRoundup018(LEN, BLOCKSIZE) \ - BLOCKSIZE <= 1 ? BLOCKSIZE : (((LEN) + 8) & ~7) - -/******************************************************************************/ -/* - SSL record and session structures -*/ -typedef struct { - unsigned short len; - unsigned char majVer; - unsigned char minVer; - unsigned char type; - unsigned char pad[3]; /* Padding for 64 bit compat */ -} sslRec_t; - -typedef struct { - unsigned char clientRandom[SSL_HS_RANDOM_SIZE]; /* From ClientHello */ - unsigned char serverRandom[SSL_HS_RANDOM_SIZE]; /* From ServerHello */ - unsigned char masterSecret[SSL_HS_MASTER_SIZE]; - unsigned char *premaster; /* variable size */ - int32 premasterSize; - - unsigned char keyBlock[SSL_MAX_KEY_BLOCK_SIZE]; /* Storage for the next six items */ - unsigned char *wMACptr; - unsigned char *rMACptr; - unsigned char *wKeyptr; - unsigned char *rKeyptr; - unsigned char *wIVptr; - unsigned char *rIVptr; - - /* All maximum sizes for current cipher suites */ - unsigned char writeMAC[SSL_MAX_MAC_SIZE]; - unsigned char readMAC[SSL_MAX_MAC_SIZE]; - unsigned char writeKey[SSL_MAX_SYM_KEY_SIZE]; - unsigned char readKey[SSL_MAX_SYM_KEY_SIZE]; - unsigned char writeIV[SSL_MAX_IV_SIZE]; - unsigned char readIV[SSL_MAX_IV_SIZE]; - - unsigned char seq[8]; - unsigned char remSeq[8]; - -#ifdef USE_CLIENT_SIDE_SSL - sslCert_t *cert; - int32 (*validateCert)(sslCertInfo_t *certInfo, void *arg); - void *validateCertArg; - int32 certMatch; -#endif /* USE_CLIENT_SIDE_SSL */ - - sslMd5Context_t msgHashMd5; - sslSha1Context_t msgHashSha1; - - sslCipherContext_t encryptCtx; - sslCipherContext_t decryptCtx; - int32 anon; -} sslSec_t; - -typedef struct { - uint32 id; - unsigned char macSize; - unsigned char keySize; - unsigned char ivSize; - unsigned char blockSize; - /* Init function */ - int32 (*init)(sslSec_t *sec, int32 type); - /* Cipher functions */ - int32 (*encrypt)(sslCipherContext_t *ctx, unsigned char *in, - unsigned char *out, int32 len); - int32 (*decrypt)(sslCipherContext_t *ctx, unsigned char *in, - unsigned char *out, int32 len); - int32 (*encryptPriv)(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen); - int32 (*decryptPub)(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen); - int32 (*encryptPub)(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen); - int32 (*decryptPriv)(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen); - int32 (*generateMac)(void *ssl, unsigned char type, unsigned char *data, - int32 len, unsigned char *mac); - int32 (*verifyMac)(void *ssl, unsigned char type, unsigned char *data, - int32 len, unsigned char *mac); -} sslCipherSpec_t; - -typedef struct ssl { - sslRec_t rec; /* Current SSL record information*/ - - sslSec_t sec; /* Security structure */ - - sslKeys_t *keys; /* SSL public and private keys */ - - psPool_t *pool; /* SSL session pool */ - psPool_t *hsPool; /* Full session handshake pool */ - - unsigned char sessionIdLen; - char sessionId[SSL_MAX_SESSION_ID_SIZE]; - - /* Pointer to the negotiated cipher information */ - sslCipherSpec_t *cipher; - - /* Symmetric cipher callbacks - - We duplicate these here from 'cipher' because we need to set the - various callbacks at different times in the handshake protocol - Also, there are 64 bit alignment issues in using the function pointers - within 'cipher' directly - */ - int32 (*encrypt)(sslCipherContext_t *ctx, unsigned char *in, - unsigned char *out, int32 len); - int32 (*decrypt)(sslCipherContext_t *ctx, unsigned char *in, - unsigned char *out, int32 len); - /* Public key ciphers */ - int32 (*encryptPriv)(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen); - int32 (*decryptPub)(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen); - int32 (*encryptPub)(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen); - int32 (*decryptPriv)(psPool_t *pool, sslRsaKey_t *key, - unsigned char *in, int32 inlen, - unsigned char *out, int32 outlen); - /* Message Authentication Codes */ - int32 (*generateMac)(void *ssl, unsigned char type, unsigned char *data, - int32 len, unsigned char *mac); - int32 (*verifyMac)(void *ssl, unsigned char type, unsigned char *data, - int32 len, unsigned char *mac); - - /* Current encryption/decryption parameters */ - unsigned char enMacSize; - unsigned char enIvSize; - unsigned char enBlockSize; - unsigned char deMacSize; - unsigned char deIvSize; - unsigned char deBlockSize; - - int32 flags; - int32 hsState; /* Next expected handshake message type */ - int32 err; /* SSL errno of last api call */ - int32 ignoredMessageCount; - - unsigned char reqMajVer; - unsigned char reqMinVer; - unsigned char majVer; - unsigned char minVer; - int32 recordHeadLen; - int32 hshakeHeadLen; -} ssl_t; - -typedef struct { - unsigned char id[SSL_MAX_SESSION_ID_SIZE]; - unsigned char masterSecret[SSL_HS_MASTER_SIZE]; - uint32 cipherId; -} sslSessionId_t; - -typedef struct { - unsigned char id[SSL_MAX_SESSION_ID_SIZE]; - unsigned char masterSecret[SSL_HS_MASTER_SIZE]; - sslCipherSpec_t *cipher; - unsigned char majVer; - unsigned char minVer; - char flag; - sslTime_t startTime; - sslTime_t accessTime; - int32 inUse; -} sslSessionEntry_t; - -/******************************************************************************/ -/* - Have ssl_t and sslSessionId_t now for addition of the public api set -*/ -#include "../matrixSsl.h" - -/******************************************************************************/ -/* - sslEncode.c and sslDecode.c -*/ -extern int32 psWriteRecordInfo(ssl_t *ssl, unsigned char type, int32 len, - unsigned char *c); -extern int32 psWriteHandshakeHeader(ssl_t *ssl, unsigned char type, int32 len, - int32 seq, int32 fragOffset, int32 fragLen, - unsigned char *c); -extern int32 sslEncodeResponse(ssl_t *ssl, sslBuf_t *out); -extern int32 sslActivateReadCipher(ssl_t *ssl); -extern int32 sslActivateWriteCipher(ssl_t *ssl); -extern int32 sslActivatePublicCipher(ssl_t *ssl); -extern int32 sslUpdateHSHash(ssl_t *ssl, unsigned char *in, int32 len); -extern int32 sslInitHSHash(ssl_t *ssl); -extern int32 sslSnapshotHSHash(ssl_t *ssl, unsigned char *out, int32 senderFlag); -extern int32 sslWritePad(unsigned char *p, unsigned char padLen); -extern void sslResetContext(ssl_t *ssl); - -#ifdef USE_SERVER_SIDE_SSL -extern int32 matrixRegisterSession(ssl_t *ssl); -extern int32 matrixResumeSession(ssl_t *ssl); -extern int32 matrixClearSession(ssl_t *ssl, int32 remove); -extern int32 matrixUpdateSession(ssl_t *ssl); -#endif /* USE_SERVER_SIDE_SSL */ - - -/* - cipherSuite.c -*/ -extern sslCipherSpec_t *sslGetCipherSpec(int32 id); -extern int32 sslGetCipherSpecListLen(void); -extern int32 sslGetCipherSpecList(unsigned char *c, int32 len); - -/******************************************************************************/ -/* - sslv3.c -*/ -extern int32 sslGenerateFinishedHash(sslMd5Context_t *md5, sslSha1Context_t *sha1, - unsigned char *masterSecret, - unsigned char *out, int32 sender); - -extern int32 sslDeriveKeys(ssl_t *ssl); - -#ifdef USE_SHA1_MAC -extern int32 ssl3HMACSha1(unsigned char *key, unsigned char *seq, - unsigned char type, unsigned char *data, int32 len, - unsigned char *mac); -#endif /* USE_SHA1_MAC */ - -#ifdef USE_MD5_MAC -extern int32 ssl3HMACMd5(unsigned char *key, unsigned char *seq, - unsigned char type, unsigned char *data, int32 len, - unsigned char *mac); -#endif /* USE_MD5_MAC */ - - - - -/******************************************************************************/ - -#ifdef __cplusplus -} -#endif - -#endif /* _h_MATRIXINTERNAL */ - -/******************************************************************************/ - - diff --git a/release/src/router/matrixssl/src/matrixSsl.c b/release/src/router/matrixssl/src/matrixSsl.c deleted file mode 100644 index 1242728a..00000000 --- a/release/src/router/matrixssl/src/matrixSsl.c +++ /dev/null @@ -1,805 +0,0 @@ -/* - * matrixSsl.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Secure Sockets Layer session management - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "matrixInternal.h" - -#ifndef WINCE -#include <time.h> -#endif - -/******************************************************************************/ - -static char copyright[]= "Copyright PeerSec Networks Inc. All rights reserved."; - -#ifdef USE_SERVER_SIDE_SSL -/* - Static session table for session cache and lock for multithreaded env -*/ -static sslMutex_t sessionTableLock; -static sslSessionEntry_t sessionTable[SSL_SESSION_TABLE_SIZE]; -#endif /* USE_SERVER_SIDE_SSL */ - -/******************************************************************************/ -/* - Open and close the SSL module. These routines are called once in the - lifetime of the application and initialize and clean up the library - respectively. -*/ -int32 matrixSslOpen(void) -{ - if (matrixPkiOpen() < 0) { - matrixStrDebugMsg("PKI open failure\n", NULL); - return -1; - } - -#ifdef USE_SERVER_SIDE_SSL - memset(sessionTable, 0x0, - sizeof(sslSessionEntry_t) * SSL_SESSION_TABLE_SIZE); - sslCreateMutex(&sessionTableLock); -#endif /* USE_SERVER_SIDE_SSL */ - - - return 0; -} - -void matrixSslClose(void) -{ -#ifdef USE_SERVER_SIDE_SSL - int32 i; - - sslLockMutex(&sessionTableLock); - for (i = 0; i < SSL_SESSION_TABLE_SIZE; i++) { - if (sessionTable[i].inUse == 1) { - matrixStrDebugMsg("Warning: closing while session still in use\n", - NULL); - } - } - memset(sessionTable, 0x0, - sizeof(sslSessionEntry_t) * SSL_SESSION_TABLE_SIZE); - sslUnlockMutex(&sessionTableLock); - sslDestroyMutex(&sessionTableLock); -#endif /* USE_SERVER_SIDE_SSL */ - - - matrixPkiClose(); -} - -/******************************************************************************/ -/* - Wrappers around the RSA versions. Necessary to keep API backwards compat -*/ -#ifdef USE_FILE_SYSTEM -int32 matrixSslReadKeys(sslKeys_t **keys, const char *certFile, - const char *privFile, const char *privPass, - const char *trustedCAFile) -{ - return matrixX509ReadKeys(keys, certFile, privFile, privPass, trustedCAFile); -} -#endif /* USE_FILE_SYSTEM */ - -int32 matrixSslReadKeysMem(sslKeys_t **keys, unsigned char *certBuf, - int32 certLen, unsigned char *privBuf, int32 privLen, - unsigned char *trustedCABuf, int32 trustedCALen) -{ - return matrixX509ReadKeysMem(keys, certBuf, certLen, privBuf, privLen, - trustedCABuf, trustedCALen); -} - -void matrixSslFreeKeys(sslKeys_t *keys) -{ - matrixRsaFreeKeys(keys); -} - - - -/******************************************************************************/ -/* - New SSL protocol context - This structure is associated with a single SSL connection. Each socket - using SSL should be associated with a new SSL context. - - certBuf and privKey ARE NOT duplicated within the server context, in order - to minimize memory usage with multiple simultaneous requests. They must - not be deleted by caller until all server contexts using them are deleted. -*/ -int32 matrixSslNewSession(ssl_t **ssl, sslKeys_t *keys, sslSessionId_t *session, - int32 flags) -{ - psPool_t *pool = NULL; - ssl_t *lssl; - -/* - First API level chance to make sure a user is not attempting to use - client or server support that was not built into this library compile -*/ -#ifndef USE_SERVER_SIDE_SSL - if (flags & SSL_FLAGS_SERVER) { - matrixStrDebugMsg("MatrixSSL lib not compiled with server support\n", - NULL); - return -1; - } -#endif -#ifndef USE_CLIENT_SIDE_SSL - if (!(flags & SSL_FLAGS_SERVER)) { - matrixStrDebugMsg("MatrixSSL lib not compiled with client support\n", - NULL); - return -1; - } -#endif - if (flags & SSL_FLAGS_CLIENT_AUTH) { - matrixStrDebugMsg("MatrixSSL lib not compiled with client " \ - "authentication support\n", NULL); - return -1; - } - - if (flags & SSL_FLAGS_SERVER) { - if (keys == NULL) { - matrixStrDebugMsg("NULL keys in matrixSslNewSession\n", NULL); - return -1; - } - if (session != NULL) { - matrixStrDebugMsg("Server session must be NULL\n", NULL); - return -1; - } - } - - *ssl = lssl = psMalloc(pool, sizeof(ssl_t)); - if (lssl == NULL) { - return SSL_MEM_ERROR; - } - memset(lssl, 0x0, sizeof(ssl_t)); - - lssl->pool = pool; - lssl->cipher = sslGetCipherSpec(SSL_NULL_WITH_NULL_NULL); - sslActivateReadCipher(lssl); - sslActivateWriteCipher(lssl); - sslActivatePublicCipher(lssl); - - lssl->recordHeadLen = SSL3_HEADER_LEN; - lssl->hshakeHeadLen = SSL3_HANDSHAKE_HEADER_LEN; - - if (flags & SSL_FLAGS_SERVER) { - lssl->flags |= SSL_FLAGS_SERVER; -/* - Client auth can only be requested by server, not set by client -*/ - if (flags & SSL_FLAGS_CLIENT_AUTH) { - lssl->flags |= SSL_FLAGS_CLIENT_AUTH; - } - lssl->hsState = SSL_HS_CLIENT_HELLO; - } else { -/* - Client is first to set protocol version information based on - compile and/or the 'flags' parameter so header information in - the handshake messages will be correctly set. -*/ - lssl->majVer = SSL3_MAJ_VER; - lssl->minVer = SSL3_MIN_VER; - lssl->hsState = SSL_HS_SERVER_HELLO; - if (session != NULL && session->cipherId != SSL_NULL_WITH_NULL_NULL) { - lssl->cipher = sslGetCipherSpec(session->cipherId); - if (lssl->cipher == NULL) { - matrixStrDebugMsg("Invalid session id to matrixSslNewSession\n", - NULL); - } else { - memcpy(lssl->sec.masterSecret, session->masterSecret, - SSL_HS_MASTER_SIZE); - lssl->sessionIdLen = SSL_MAX_SESSION_ID_SIZE; - memcpy(lssl->sessionId, session->id, SSL_MAX_SESSION_ID_SIZE); - } - } - } - lssl->err = SSL_ALERT_NONE; - lssl->keys = keys; - - return 0; -} - -/******************************************************************************/ -/* - Delete an SSL session. Some information on the session may stay around - in the session resumption cache. - SECURITY - We memset relevant values to zero before freeing to reduce - the risk of our keys floating around in memory after we're done. -*/ -void matrixSslDeleteSession(ssl_t *ssl) -{ - - if (ssl == NULL) { - return; - } - ssl->flags |= SSL_FLAGS_CLOSED; -/* - If we have a sessionId, for servers we need to clear the inUse flag in - the session cache so the ID can be replaced if needed. In the client case - the caller should have called matrixSslGetSessionId already to copy the - master secret and sessionId, so free it now. - - In all cases except a successful updateSession call on the server, the - master secret must be freed. -*/ -#ifdef USE_SERVER_SIDE_SSL - if (ssl->sessionIdLen > 0 && (ssl->flags & SSL_FLAGS_SERVER)) { - matrixUpdateSession(ssl); - } -#endif /* USE_SERVER_SIDE_SSL */ - ssl->sessionIdLen = 0; - -#ifdef USE_CLIENT_SIDE_SSL - if (ssl->sec.cert) { - matrixX509FreeCert(ssl->sec.cert); - ssl->sec.cert = NULL; - } -#endif /* USE_CLIENT_SIDE_SSL */ - -/* - Premaster could also be allocated if this DeleteSession is the result - of a failed handshake. This test is fine since all frees will NULL pointer -*/ - if (ssl->sec.premaster) { - psFree(ssl->sec.premaster); - } - - - -/* - The cipher and mac contexts are inline in the ssl structure, so - clearing the structure clears those states as well. -*/ - memset(ssl, 0x0, sizeof(ssl_t)); - psFree(ssl); -} - -/******************************************************************************/ -/* - Generic session option control for changing already connected sessions. - (ie. rehandshake control). arg param is future for options that may - require a value. -*/ -void matrixSslSetSessionOption(ssl_t *ssl, int32 option, void *arg) -{ - if (option == SSL_OPTION_DELETE_SESSION) { -#ifdef USE_SERVER_SIDE_SSL - if (ssl->flags & SSL_FLAGS_SERVER) { - matrixClearSession(ssl, 1); - } -#endif /* USE_SERVER_SIDE_SSL */ - ssl->sessionIdLen = 0; - memset(ssl->sessionId, 0x0, SSL_MAX_SESSION_ID_SIZE); - } -} - -/******************************************************************************/ -/* - The ssl_t struct is opaque to the socket layer. Just needed an access - routine for the 'anon' status -*/ -void matrixSslGetAnonStatus(ssl_t *ssl, int32 *certArg) -{ - *certArg = ssl->sec.anon; -} - -/******************************************************************************/ -/* - Again, the ssl_t is opaque. Need to associate the new keys with - the session for mid-session rekeying -*/ -void matrixSslAssignNewKeys(ssl_t *ssl, sslKeys_t *keys) -{ - ssl->keys = keys; -} - -/******************************************************************************/ -/* - Returns 1 if we've completed the SSL handshake. 0 if we're in process. -*/ -int32 matrixSslHandshakeIsComplete(ssl_t *ssl) -{ - return (ssl->hsState == SSL_HS_DONE) ? 1 : 0; -} - -#ifdef USE_CLIENT_SIDE_SSL -/******************************************************************************/ -/* - Set a custom callback to receive the certificate being presented to the - session to perform custom authentication if needed -*/ -void matrixSslSetCertValidator(ssl_t *ssl, - int32 (*certValidator)(sslCertInfo_t *t, void *arg), void *arg) -{ - if (certValidator) { - ssl->sec.validateCert = certValidator; - ssl->sec.validateCertArg = arg; - } -} -#else /* Public API, so should always be linkable */ -void matrixSslSetCertValidator(ssl_t *ssl, - int32 (*certValidator)(sslCertInfo_t *t, void *arg), void *arg) -{ - matrixStrDebugMsg("matrixSslSetCertValidator is not available\n", NULL); - matrixStrDebugMsg("Library not built for cert validation support\n", NULL); -} -#endif /* USE_CLIENT_SIDE_SSL */ - -/******************************************************************************/ -/* - Initialize the SHA1 and MD5 hash contexts for the handshake messages -*/ -int32 sslInitHSHash(ssl_t *ssl) -{ - matrixSha1Init(&ssl->sec.msgHashSha1); - matrixMd5Init(&ssl->sec.msgHashMd5); - return 0; -} - -/******************************************************************************/ -/* - Add the given data to the running hash of the handshake messages -*/ -int32 sslUpdateHSHash(ssl_t *ssl, unsigned char *in, int32 len) -{ - matrixMd5Update(&ssl->sec.msgHashMd5, in, len); - matrixSha1Update(&ssl->sec.msgHashSha1, in, len); - return 0; -} - -/******************************************************************************/ -/* - Snapshot is called by the receiver of the finished message to produce - a hash of the preceeding handshake messages for comparison to incoming - message. -*/ -int32 sslSnapshotHSHash(ssl_t *ssl, unsigned char *out, int32 senderFlag) -{ - sslMd5Context_t md5; - sslSha1Context_t sha1; - -/* - Use a backup of the message hash-to-date because we don't want - to destroy the state of the handshaking until truly complete -*/ - md5 = ssl->sec.msgHashMd5; - sha1 = ssl->sec.msgHashSha1; - - return sslGenerateFinishedHash(&md5, &sha1, ssl->sec.masterSecret, - out, senderFlag); -} - -/******************************************************************************/ -/* - Cipher suites are chosen before they are activated with the - ChangeCipherSuite message. Additionally, the read and write cipher suites - are activated at different times in the handshake process. The following - APIs activate the selected cipher suite callback functions. -*/ -int32 sslActivateReadCipher(ssl_t *ssl) -{ - ssl->decrypt = ssl->cipher->decrypt; - ssl->verifyMac = ssl->cipher->verifyMac; - ssl->deMacSize = ssl->cipher->macSize; - ssl->deBlockSize = ssl->cipher->blockSize; - ssl->deIvSize = ssl->cipher->ivSize; -/* - Reset the expected incoming sequence number for the new suite -*/ - memset(ssl->sec.remSeq, 0x0, sizeof(ssl->sec.remSeq)); - - if (ssl->cipher->id != SSL_NULL_WITH_NULL_NULL) { - ssl->flags |= SSL_FLAGS_READ_SECURE; -/* - Copy the newly activated read keys into the live buffers -*/ - memcpy(ssl->sec.readMAC, ssl->sec.rMACptr, ssl->cipher->macSize); - memcpy(ssl->sec.readKey, ssl->sec.rKeyptr, ssl->cipher->keySize); - memcpy(ssl->sec.readIV, ssl->sec.rIVptr, ssl->cipher->ivSize); -/* - set up decrypt contexts - */ - if (ssl->cipher->init(&(ssl->sec), INIT_DECRYPT_CIPHER) < 0) { - matrixStrDebugMsg("Unable to initialize read cipher suite\n", NULL); - return -1; - } - } - return 0; -} - -int32 sslActivateWriteCipher(ssl_t *ssl) -{ - - ssl->encrypt = ssl->cipher->encrypt; - ssl->generateMac = ssl->cipher->generateMac; - ssl->enMacSize = ssl->cipher->macSize; - ssl->enBlockSize = ssl->cipher->blockSize; - ssl->enIvSize = ssl->cipher->ivSize; -/* - Reset the outgoing sequence number for the new suite -*/ - memset(ssl->sec.seq, 0x0, sizeof(ssl->sec.seq)); - if (ssl->cipher->id != SSL_NULL_WITH_NULL_NULL) { - ssl->flags |= SSL_FLAGS_WRITE_SECURE; -/* - Copy the newly activated write keys into the live buffers -*/ - memcpy(ssl->sec.writeMAC, ssl->sec.wMACptr, ssl->cipher->macSize); - memcpy(ssl->sec.writeKey, ssl->sec.wKeyptr, ssl->cipher->keySize); - memcpy(ssl->sec.writeIV, ssl->sec.wIVptr, ssl->cipher->ivSize); -/* - set up encrypt contexts - */ - if (ssl->cipher->init(&(ssl->sec), INIT_ENCRYPT_CIPHER) < 0) { - matrixStrDebugMsg("Unable to init write cipher suite\n", NULL); - return -1; - } - } - return 0; -} - -int32 sslActivatePublicCipher(ssl_t *ssl) -{ - ssl->encryptPriv = ssl->cipher->encryptPriv; - ssl->decryptPub = ssl->cipher->decryptPub; - ssl->decryptPriv = ssl->cipher->decryptPriv; - ssl->encryptPub = ssl->cipher->encryptPub; - if (ssl->cipher->id != SSL_NULL_WITH_NULL_NULL) { - ssl->flags |= SSL_FLAGS_PUBLIC_SECURE; - } - return 0; -} - -#ifdef USE_SERVER_SIDE_SSL -/******************************************************************************/ -/* - Register a session in the session resumption cache. If successful (rc >=0), - the ssl sessionId and sessionIdLength fields will be non-NULL upon - return. -*/ -int32 matrixRegisterSession(ssl_t *ssl) -{ - uint32 i, j; - sslTime_t t; - - if (!(ssl->flags & SSL_FLAGS_SERVER)) { - return -1; - } -/* - Iterate the session table, looking for an empty entry (cipher null), and - the oldest entry that is not in use -*/ - sslLockMutex(&sessionTableLock); - j = SSL_SESSION_TABLE_SIZE; - t = sessionTable[0].accessTime; - for (i = 0; i < SSL_SESSION_TABLE_SIZE; i++) { - if (sessionTable[i].cipher == NULL) { - break; - } - if (sslCompareTime(sessionTable[i].accessTime, t) && - sessionTable[i].inUse == 0) { - t = sessionTable[i].accessTime; - j = i; - } - } -/* - If there were no empty entries, get the oldest unused entry. - If all entries are in use, return -1, meaning we can't cache the - session at this time -*/ - if (i >= SSL_SESSION_TABLE_SIZE) { - if (j < SSL_SESSION_TABLE_SIZE) { - i = j; - } else { - sslUnlockMutex(&sessionTableLock); - return -1; - } - } -/* - Register the incoming masterSecret and cipher, which could still be null, - depending on when we're called. -*/ - memcpy(sessionTable[i].masterSecret, ssl->sec.masterSecret, - SSL_HS_MASTER_SIZE); - sessionTable[i].cipher = ssl->cipher; - sessionTable[i].inUse = 1; - sslUnlockMutex(&sessionTableLock); -/* - The sessionId is the current serverRandom value, with the first 4 bytes - replaced with the current cache index value for quick lookup later. - FUTURE SECURITY - Should generate more random bytes here for the session - id. We re-use the server random as the ID, which is OK, since it is - sent plaintext on the network, but an attacker listening to a resumed - connection will also be able to determine part of the original server - random used to generate the master key, even if he had not seen it - initially. -*/ - memcpy(sessionTable[i].id, ssl->sec.serverRandom, - min(SSL_HS_RANDOM_SIZE, SSL_MAX_SESSION_ID_SIZE)); - ssl->sessionIdLen = SSL_MAX_SESSION_ID_SIZE; - sessionTable[i].id[0] = (unsigned char)(i & 0xFF); - sessionTable[i].id[1] = (unsigned char)((i & 0xFF00) >> 8); - sessionTable[i].id[2] = (unsigned char)((i & 0xFF0000) >> 16); - sessionTable[i].id[3] = (unsigned char)((i & 0xFF000000) >> 24); - memcpy(ssl->sessionId, sessionTable[i].id, SSL_MAX_SESSION_ID_SIZE); -/* - startTime is used to check expiry of the entry - accessTime is used to for cache replacement logic - The versions are stored, because a cached session must be reused - with same SSL version. -*/ - sslInitMsecs(&sessionTable[i].startTime); - sessionTable[i].accessTime = sessionTable[i].startTime; - sessionTable[i].majVer = ssl->majVer; - sessionTable[i].minVer = ssl->minVer; - sessionTable[i].flag = 0; - - return i; -} - -/******************************************************************************/ -/* - Clear the inUse flag during re-handshakes so the entry may be found -*/ -int32 matrixClearSession(ssl_t *ssl, int32 remove) -{ - char *id; - uint32 i; - - if (ssl->sessionIdLen <= 0) { - return -1; - } - id = ssl->sessionId; - - i = (id[3] << 24) + (id[2] << 16) + (id[1] << 8) + id[0]; - if (i >= SSL_SESSION_TABLE_SIZE || i < 0) { - return -1; - } - sslLockMutex(&sessionTableLock); - sessionTable[i].inUse = 0; - sessionTable[i].flag = 0; -/* - If this is a full removal, actually delete the entry rather than - just setting the inUse to 0. Also need to clear any RESUME flag - on the ssl connection so a new session will be correctly registered. -*/ - if (remove) { - memset(ssl->sessionId, 0x0, SSL_MAX_SESSION_ID_SIZE); - ssl->sessionIdLen = 0; - memset(&sessionTable[i], 0x0, sizeof(sslSessionEntry_t)); - ssl->flags &= ~SSL_FLAGS_RESUMED; - } - sslUnlockMutex(&sessionTableLock); - return 0; -} - -/******************************************************************************/ -/* - Look up a session ID in the cache. If found, set the ssl masterSecret - and cipher to the pre-negotiated values -*/ -int32 matrixResumeSession(ssl_t *ssl) -{ - char *id; - uint32 i; - - if (!(ssl->flags & SSL_FLAGS_SERVER)) { - return -1; - } - if (ssl->sessionIdLen <= 0) { - return -1; - } - id = ssl->sessionId; - - i = (id[3] << 24) + (id[2] << 16) + (id[1] << 8) + id[0]; - - sslLockMutex(&sessionTableLock); - if (i >= SSL_SESSION_TABLE_SIZE || i < 0 || - sessionTable[i].cipher == NULL) { - sslUnlockMutex(&sessionTableLock); - return -1; - } -/* - Id looks valid. Update the access time for expiration check. - Expiration is done on daily basis (86400 seconds) -*/ - sslInitMsecs(&sessionTable[i].accessTime); - if (memcmp(sessionTable[i].id, id, - min(ssl->sessionIdLen, SSL_MAX_SESSION_ID_SIZE)) != 0 || - sslDiffSecs(sessionTable[i].startTime, - sessionTable[i].accessTime) > 86400 || - sessionTable[i].inUse || - sessionTable[i].majVer != ssl->majVer || - sessionTable[i].minVer != ssl->minVer) { - sslUnlockMutex(&sessionTableLock); - return -1; - } - memcpy(ssl->sec.masterSecret, sessionTable[i].masterSecret, - SSL_HS_MASTER_SIZE); - ssl->cipher = sessionTable[i].cipher; - sessionTable[i].inUse = 1; - sslUnlockMutex(&sessionTableLock); - return 0; -} - -/******************************************************************************/ -/* - Update session information in the cache. - This is called when we've determined the master secret and when we're - closing the connection to update various values in the cache. -*/ -int32 matrixUpdateSession(ssl_t *ssl) -{ - char *id; - uint32 i; - - if (!(ssl->flags & SSL_FLAGS_SERVER)) { - return -1; - } - if ((id = ssl->sessionId) == NULL) { - return -1; - } - i = (id[3] << 24) + (id[2] << 16) + (id[1] << 8) + id[0]; - if (i < 0 || i >= SSL_SESSION_TABLE_SIZE) { - return -1; - } -/* - If there is an error on the session, invalidate for any future use -*/ - sslLockMutex(&sessionTableLock); - sessionTable[i].inUse = ssl->flags & SSL_FLAGS_CLOSED ? 0 : 1; - if (ssl->flags & SSL_FLAGS_ERROR) { - memset(sessionTable[i].masterSecret, 0x0, SSL_HS_MASTER_SIZE); - sessionTable[i].cipher = NULL; - sslUnlockMutex(&sessionTableLock); - return -1; - } - memcpy(sessionTable[i].masterSecret, ssl->sec.masterSecret, - SSL_HS_MASTER_SIZE); - sessionTable[i].cipher = ssl->cipher; - sslUnlockMutex(&sessionTableLock); - return 0; -} - -int32 matrixSslSetResumptionFlag(ssl_t *ssl, char flag) -{ - char *id; - uint32 i; - - if (!(ssl->flags & SSL_FLAGS_SERVER)) { - return -1; - } - if ((id = ssl->sessionId) == NULL) { - return -1; - } - i = (id[3] << 24) + (id[2] << 16) + (id[1] << 8) + id[0]; - if (i < 0 || i >= SSL_SESSION_TABLE_SIZE) { - return -1; - } - sslLockMutex(&sessionTableLock); - sessionTable[i].inUse = ssl->flags & SSL_FLAGS_CLOSED ? 0 : 1; - if (ssl->flags & SSL_FLAGS_ERROR) { - sslUnlockMutex(&sessionTableLock); - return -1; - } - sessionTable[i].flag = flag; - sslUnlockMutex(&sessionTableLock); - return 0; -} - -int32 matrixSslGetResumptionFlag(ssl_t *ssl, char *flag) -{ - char *id; - uint32 i; - - if (!(ssl->flags & SSL_FLAGS_SERVER)) { - return -1; - } - if ((id = ssl->sessionId) == NULL) { - return -1; - } - i = (id[3] << 24) + (id[2] << 16) + (id[1] << 8) + id[0]; - if (i < 0 || i >= SSL_SESSION_TABLE_SIZE) { - return -1; - } - sslLockMutex(&sessionTableLock); - sessionTable[i].inUse = ssl->flags & SSL_FLAGS_CLOSED ? 0 : 1; - if (ssl->flags & SSL_FLAGS_ERROR) { - sslUnlockMutex(&sessionTableLock); - return -1; - } - *flag = sessionTable[i].flag; - sslUnlockMutex(&sessionTableLock); - return 0; -} -#endif /* USE_SERVER_SIDE_SSL */ - -#ifdef USE_CLIENT_SIDE_SSL -/******************************************************************************/ -/* - Get session information from the ssl structure and populate the given - session structure. Session will contain a copy of the relevant session - information, suitable for creating a new, resumed session. -*/ -int32 matrixSslGetSessionId(ssl_t *ssl, sslSessionId_t **session) -{ - sslSessionId_t *lsession; - - if (ssl == NULL || ssl->flags & SSL_FLAGS_SERVER) { - return -1; - } - - if (ssl->cipher != NULL && ssl->cipher->id != SSL_NULL_WITH_NULL_NULL && - ssl->sessionIdLen == SSL_MAX_SESSION_ID_SIZE) { - *session = lsession = psMalloc(PEERSEC_BASE_POOL, - sizeof(sslSessionId_t)); - if (lsession == NULL) { - return SSL_MEM_ERROR; - } - lsession->cipherId = ssl->cipher->id; - memcpy(lsession->id, ssl->sessionId, ssl->sessionIdLen); - memcpy(lsession->masterSecret, ssl->sec.masterSecret, - SSL_HS_MASTER_SIZE); - return 0; - } - return -1; -} - -/******************************************************************************/ -/* - Must be called on session returned from matrixSslGetSessionId -*/ -void matrixSslFreeSessionId(sslSessionId_t *sessionId) -{ - if (sessionId != NULL) { - psFree(sessionId); - } -} -#endif /* USE_CLIENT_SIDE_SSL */ - -/******************************************************************************/ -/* - Rehandshake. Free any allocated sec members that will be repopulated -*/ -void sslResetContext(ssl_t *ssl) -{ -#ifdef USE_SERVER_SIDE_SSL - if (ssl->flags & SSL_FLAGS_SERVER) { -/* - Clear the inUse flag of the current session so it may be found again - if client attempts to reuse session id -*/ - matrixClearSession(ssl, 0); - } -#endif /* USE_SERVER_SIDE_SSL */ - -} - -/******************************************************************************/ - - - diff --git a/release/src/router/matrixssl/src/matrixSsl.vcproj b/release/src/router/matrixssl/src/matrixSsl.vcproj deleted file mode 100644 index 9c95d11b..00000000 --- a/release/src/router/matrixssl/src/matrixSsl.vcproj +++ /dev/null @@ -1,353 +0,0 @@ -<?xml version="1.0" encoding="Windows-1252"?>
-<VisualStudioProject
- ProjectType="Visual C++"
- Version="9.00"
- Name="matrixSsl"
- ProjectGUID="{8DBF200C-313A-485B-97D8-892158882E16}"
- Keyword="Win32Proj"
- TargetFrameworkVersion="131072"
- >
- <Platforms>
- <Platform
- Name="Win32"
- />
- </Platforms>
- <ToolFiles>
- </ToolFiles>
- <Configurations>
- <Configuration
- Name="Debug|Win32"
- OutputDirectory="Debug"
- IntermediateDirectory="Debug"
- ConfigurationType="2"
- InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC70.vsprops"
- >
- <Tool
- Name="VCPreBuildEventTool"
- />
- <Tool
- Name="VCCustomBuildTool"
- />
- <Tool
- Name="VCXMLDataGeneratorTool"
- />
- <Tool
- Name="VCWebServiceProxyGeneratorTool"
- />
- <Tool
- Name="VCMIDLTool"
- />
- <Tool
- Name="VCCLCompilerTool"
- Optimization="0"
- PreprocessorDefinitions="WIN32;_DEBUG;DEBUG;_WIN32_WINNT=0x0500"
- MinimalRebuild="true"
- ExceptionHandling="0"
- BasicRuntimeChecks="3"
- SmallerTypeCheck="true"
- RuntimeLibrary="3"
- BufferSecurityCheck="true"
- EnableFunctionLevelLinking="true"
- WarningLevel="3"
- Detect64BitPortabilityProblems="false"
- DebugInformationFormat="4"
- CompileAs="1"
- />
- <Tool
- Name="VCManagedResourceCompilerTool"
- />
- <Tool
- Name="VCResourceCompilerTool"
- />
- <Tool
- Name="VCPreLinkEventTool"
- Description="Force dependency change for projects linking to libmatrixssl.lib"
- CommandLine="copy "$(OutDir)\arc4.obj" "$(OutDir)\libmatrixssl.lib"
del "$(OutDir)\libmatrixssl.lib"
"
- />
- <Tool
- Name="VCLinkerTool"
- OutputFile="$(OutDir)/libmatrixssl.dll"
- IgnoreAllDefaultLibraries="false"
- ModuleDefinitionFile=""
- GenerateDebugInformation="true"
- ResourceOnlyDLL="false"
- RandomizedBaseAddress="1"
- DataExecutionPrevention="0"
- />
- <Tool
- Name="VCALinkTool"
- />
- <Tool
- Name="VCManifestTool"
- />
- <Tool
- Name="VCXDCMakeTool"
- />
- <Tool
- Name="VCBscMakeTool"
- />
- <Tool
- Name="VCFxCopTool"
- />
- <Tool
- Name="VCAppVerifierTool"
- />
- <Tool
- Name="VCPostBuildEventTool"
- />
- </Configuration>
- <Configuration
- Name="Release|Win32"
- OutputDirectory="Release"
- IntermediateDirectory="Release"
- ConfigurationType="2"
- InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC70.vsprops"
- >
- <Tool
- Name="VCPreBuildEventTool"
- />
- <Tool
- Name="VCCustomBuildTool"
- />
- <Tool
- Name="VCXMLDataGeneratorTool"
- />
- <Tool
- Name="VCWebServiceProxyGeneratorTool"
- />
- <Tool
- Name="VCMIDLTool"
- />
- <Tool
- Name="VCCLCompilerTool"
- Optimization="3"
- InlineFunctionExpansion="1"
- FavorSizeOrSpeed="2"
- OmitFramePointers="true"
- PreprocessorDefinitions="WIN32;_WIN32_WINNT=0x0500"
- StringPooling="true"
- ExceptionHandling="0"
- RuntimeLibrary="2"
- CompileAs="1"
- />
- <Tool
- Name="VCManagedResourceCompilerTool"
- />
- <Tool
- Name="VCResourceCompilerTool"
- />
- <Tool
- Name="VCPreLinkEventTool"
- Description="Force dependency change for projects linking to libmatrixssl.lib"
- CommandLine="copy "$(OutDir)\arc4.obj" "$(OutDir)\libmatrixssl.lib"
del "$(OutDir)\libmatrixssl.lib"
"
- />
- <Tool
- Name="VCLinkerTool"
- AdditionalOptions="/FILEALIGN:512"
- OutputFile="$(OutDir)/libmatrixssl.dll"
- IgnoreAllDefaultLibraries="false"
- ModuleDefinitionFile=""
- GenerateDebugInformation="false"
- ResourceOnlyDLL="false"
- RandomizedBaseAddress="1"
- DataExecutionPrevention="0"
- />
- <Tool
- Name="VCALinkTool"
- />
- <Tool
- Name="VCManifestTool"
- />
- <Tool
- Name="VCXDCMakeTool"
- />
- <Tool
- Name="VCBscMakeTool"
- />
- <Tool
- Name="VCFxCopTool"
- />
- <Tool
- Name="VCAppVerifierTool"
- />
- <Tool
- Name="VCPostBuildEventTool"
- />
- </Configuration>
- </Configurations>
- <References>
- </References>
- <Files>
- <Filter
- Name="src"
- Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm"
- >
- <File
- RelativePath="cipherSuite.c"
- >
- </File>
- <File
- RelativePath="matrixConfig.h"
- >
- </File>
- <File
- RelativePath="matrixInternal.h"
- >
- </File>
- <File
- RelativePath="matrixSsl.c"
- >
- </File>
- <File
- RelativePath="sslDecode.c"
- >
- </File>
- <File
- RelativePath="sslEncode.c"
- >
- </File>
- <File
- RelativePath="sslv3.c"
- >
- </File>
- <Filter
- Name="crypto"
- >
- <File
- RelativePath="crypto\cryptoLayer.h"
- >
- </File>
- <File
- RelativePath="crypto\matrixCrypto.h"
- >
- </File>
- <Filter
- Name="peersec"
- >
- <File
- RelativePath="crypto\peersec\arc4.c"
- >
- </File>
- <File
- RelativePath="crypto\peersec\base64.c"
- >
- </File>
- <File
- RelativePath="crypto\peersec\des3.c"
- >
- </File>
- <File
- RelativePath="crypto\peersec\md2.c"
- >
- </File>
- <File
- RelativePath="crypto\peersec\md5.c"
- >
- </File>
- <File
- RelativePath="crypto\peersec\mpi.c"
- >
- </File>
- <File
- RelativePath="crypto\peersec\mpi.h"
- >
- </File>
- <File
- RelativePath="crypto\peersec\pscrypto.h"
- >
- </File>
- <File
- RelativePath="crypto\peersec\rsa.c"
- >
- </File>
- <File
- RelativePath="crypto\peersec\sha1.c"
- >
- </File>
- </Filter>
- </Filter>
- <Filter
- Name="pki"
- >
- <File
- RelativePath="pki\asn1.c"
- >
- </File>
- <File
- RelativePath="pki\matrixPki.h"
- >
- </File>
- <File
- RelativePath="pki\pkiInternal.h"
- >
- </File>
- <File
- RelativePath="pki\rsaPki.c"
- >
- </File>
- <File
- RelativePath="pki\x509.c"
- >
- </File>
- </Filter>
- <Filter
- Name="os"
- >
- <File
- RelativePath="os\debug.c"
- >
- </File>
- <File
- RelativePath="os\osLayer.h"
- >
- </File>
- <File
- RelativePath="os\psMalloc.h"
- >
- </File>
- <Filter
- Name="linux"
- >
- <File
- RelativePath="os\linux\linux.c"
- >
- <FileConfiguration
- Name="Debug|Win32"
- ExcludedFromBuild="true"
- >
- <Tool
- Name="VCCLCompilerTool"
- />
- </FileConfiguration>
- <FileConfiguration
- Name="Release|Win32"
- ExcludedFromBuild="true"
- >
- <Tool
- Name="VCCLCompilerTool"
- />
- </FileConfiguration>
- </File>
- </Filter>
- <Filter
- Name="win"
- >
- <File
- RelativePath="os\win\win.c"
- >
- </File>
- </Filter>
- </Filter>
- </Filter>
- <File
- RelativePath="..\matrixCommon.h"
- >
- </File>
- <File
- RelativePath="..\matrixSsl.h"
- >
- </File>
- </Files>
- <Globals>
- </Globals>
-</VisualStudioProject>
diff --git a/release/src/router/matrixssl/src/matrixSslStatic.vcproj b/release/src/router/matrixssl/src/matrixSslStatic.vcproj deleted file mode 100644 index 0474b564..00000000 --- a/release/src/router/matrixssl/src/matrixSslStatic.vcproj +++ /dev/null @@ -1,340 +0,0 @@ -<?xml version="1.0" encoding="Windows-1252"?>
-<VisualStudioProject
- ProjectType="Visual C++"
- Version="9.00"
- Name="matrixSslStatic"
- ProjectGUID="{8DBF200C-313A-485B-97D8-892158882E16}"
- Keyword="Win32Proj"
- TargetFrameworkVersion="131072"
- >
- <Platforms>
- <Platform
- Name="Win32"
- />
- </Platforms>
- <ToolFiles>
- </ToolFiles>
- <Configurations>
- <Configuration
- Name="Debug|Win32"
- OutputDirectory="Debug"
- IntermediateDirectory="Debug"
- ConfigurationType="4"
- InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC70.vsprops"
- >
- <Tool
- Name="VCPreBuildEventTool"
- />
- <Tool
- Name="VCCustomBuildTool"
- />
- <Tool
- Name="VCXMLDataGeneratorTool"
- />
- <Tool
- Name="VCWebServiceProxyGeneratorTool"
- />
- <Tool
- Name="VCMIDLTool"
- />
- <Tool
- Name="VCCLCompilerTool"
- Optimization="0"
- PreprocessorDefinitions="WIN32;_DEBUG;DEBUG;_WIN32_WINNT=0x0500"
- MinimalRebuild="true"
- ExceptionHandling="0"
- BasicRuntimeChecks="3"
- SmallerTypeCheck="true"
- RuntimeLibrary="1"
- BufferSecurityCheck="true"
- EnableFunctionLevelLinking="true"
- WarningLevel="3"
- Detect64BitPortabilityProblems="false"
- DebugInformationFormat="4"
- CompileAs="1"
- />
- <Tool
- Name="VCManagedResourceCompilerTool"
- />
- <Tool
- Name="VCResourceCompilerTool"
- />
- <Tool
- Name="VCPreLinkEventTool"
- Description="Force dependency change for projects linking to libmatrixssl.lib"
- CommandLine="copy "$(OutDir)\arc4.obj" "$(OutDir)\libmatrixssl.lib"
del "$(OutDir)\libmatrixssl.lib"
"
- />
- <Tool
- Name="VCLibrarianTool"
- OutputFile="$(OutDir)/libmatrixstatic.lib"
- />
- <Tool
- Name="VCALinkTool"
- />
- <Tool
- Name="VCXDCMakeTool"
- />
- <Tool
- Name="VCBscMakeTool"
- />
- <Tool
- Name="VCFxCopTool"
- />
- <Tool
- Name="VCPostBuildEventTool"
- />
- </Configuration>
- <Configuration
- Name="Release|Win32"
- OutputDirectory="Release"
- IntermediateDirectory="Release"
- ConfigurationType="4"
- InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC70.vsprops"
- >
- <Tool
- Name="VCPreBuildEventTool"
- />
- <Tool
- Name="VCCustomBuildTool"
- />
- <Tool
- Name="VCXMLDataGeneratorTool"
- />
- <Tool
- Name="VCWebServiceProxyGeneratorTool"
- />
- <Tool
- Name="VCMIDLTool"
- />
- <Tool
- Name="VCCLCompilerTool"
- Optimization="3"
- InlineFunctionExpansion="1"
- FavorSizeOrSpeed="2"
- OmitFramePointers="true"
- PreprocessorDefinitions="WIN32;_WIN32_WINNT=0x0500"
- StringPooling="true"
- ExceptionHandling="0"
- RuntimeLibrary="0"
- CompileAs="1"
- />
- <Tool
- Name="VCManagedResourceCompilerTool"
- />
- <Tool
- Name="VCResourceCompilerTool"
- />
- <Tool
- Name="VCPreLinkEventTool"
- Description="Force dependency change for projects linking to libmatrixssl.lib"
- CommandLine="copy "$(OutDir)\arc4.obj" "$(OutDir)\libmatrixssl.lib"
del "$(OutDir)\libmatrixssl.lib"
"
- />
- <Tool
- Name="VCLibrarianTool"
- OutputFile="$(OutDir)/libmatrixstatic.lib"
- />
- <Tool
- Name="VCALinkTool"
- />
- <Tool
- Name="VCXDCMakeTool"
- />
- <Tool
- Name="VCBscMakeTool"
- />
- <Tool
- Name="VCFxCopTool"
- />
- <Tool
- Name="VCPostBuildEventTool"
- />
- </Configuration>
- </Configurations>
- <References>
- </References>
- <Files>
- <Filter
- Name="src"
- Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm"
- >
- <File
- RelativePath="cipherSuite.c"
- >
- </File>
- <File
- RelativePath="matrixConfig.h"
- >
- </File>
- <File
- RelativePath="matrixInternal.h"
- >
- </File>
- <File
- RelativePath="matrixSsl.c"
- >
- </File>
- <File
- RelativePath="sslDecode.c"
- >
- </File>
- <File
- RelativePath="sslEncode.c"
- >
- </File>
- <File
- RelativePath="sslv3.c"
- >
- </File>
- <Filter
- Name="crypto"
- >
- <File
- RelativePath="crypto\cryptoLayer.h"
- >
- </File>
- <File
- RelativePath="crypto\matrixCrypto.h"
- >
- </File>
- <Filter
- Name="peersec"
- >
- <File
- RelativePath="crypto\peersec\arc4.c"
- >
- </File>
- <File
- RelativePath="crypto\peersec\base64.c"
- >
- </File>
- <File
- RelativePath="crypto\peersec\des3.c"
- >
- </File>
- <File
- RelativePath="crypto\peersec\md2.c"
- >
- </File>
- <File
- RelativePath="crypto\peersec\md5.c"
- >
- </File>
- <File
- RelativePath="crypto\peersec\mpi.c"
- >
- </File>
- <File
- RelativePath="crypto\peersec\mpi.h"
- >
- </File>
- <File
- RelativePath="crypto\peersec\pscrypto.h"
- >
- </File>
- <File
- RelativePath="crypto\peersec\rsa.c"
- >
- </File>
- <File
- RelativePath="crypto\peersec\sha1.c"
- >
- </File>
- </Filter>
- </Filter>
- <Filter
- Name="os"
- >
- <File
- RelativePath="os\debug.c"
- >
- </File>
- <File
- RelativePath="os\osLayer.h"
- >
- </File>
- <File
- RelativePath="os\psMalloc.h"
- >
- </File>
- <Filter
- Name="linux"
- >
- <File
- RelativePath="os\linux\linux.c"
- >
- <FileConfiguration
- Name="Debug|Win32"
- ExcludedFromBuild="true"
- >
- <Tool
- Name="VCCLCompilerTool"
- />
- </FileConfiguration>
- <FileConfiguration
- Name="Release|Win32"
- ExcludedFromBuild="true"
- >
- <Tool
- Name="VCCLCompilerTool"
- />
- </FileConfiguration>
- </File>
- </Filter>
- <Filter
- Name="win"
- >
- <File
- RelativePath="os\win\win.c"
- >
- </File>
- </Filter>
- </Filter>
- <Filter
- Name="pki"
- >
- <File
- RelativePath="pki\asn1.c"
- >
- <FileConfiguration
- Name="Debug|Win32"
- >
- <Tool
- Name="VCCLCompilerTool"
- ObjectFile="$(IntDir)/$(InputName)1.obj"
- />
- </FileConfiguration>
- <FileConfiguration
- Name="Release|Win32"
- >
- <Tool
- Name="VCCLCompilerTool"
- ObjectFile="$(IntDir)/$(InputName)1.obj"
- />
- </FileConfiguration>
- </File>
- <File
- RelativePath="pki\matrixPki.h"
- >
- </File>
- <File
- RelativePath="pki\pkiInternal.h"
- >
- </File>
- <File
- RelativePath="pki\rsaPki.c"
- >
- </File>
- <File
- RelativePath="pki\x509.c"
- >
- </File>
- </Filter>
- </Filter>
- <File
- RelativePath="..\matrixSsl.h"
- >
- </File>
- </Files>
- <Globals>
- </Globals>
-</VisualStudioProject>
diff --git a/release/src/router/matrixssl/src/os/debug.c b/release/src/router/matrixssl/src/os/debug.c deleted file mode 100644 index 4ca0f9f5..00000000 --- a/release/src/router/matrixssl/src/os/debug.c +++ /dev/null @@ -1,62 +0,0 @@ -/* - * debug.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ - -#include "osLayer.h" - -/******************************************************************************/ -/* - Debugging APIs -*/ -#ifdef DEBUG - -/* message should contain one %s, unless value is NULL */ -void matrixStrDebugMsg(char *message, char *value) -{ - if (value) { - printf(message, value); - } else { - printf(message); - } -} - -/* message should contain one %d */ -void matrixIntDebugMsg(char *message, int32 value) -{ - printf(message, value); -} - -/* message should contain one %p */ -void matrixPtrDebugMsg(char *message, void *value) -{ - printf(message, value); -} - -#endif /* DEBUG */ - -/******************************************************************************/ - diff --git a/release/src/router/matrixssl/src/os/linux/linux.c b/release/src/router/matrixssl/src/os/linux/linux.c deleted file mode 100644 index a01297d6..00000000 --- a/release/src/router/matrixssl/src/os/linux/linux.c +++ /dev/null @@ -1,381 +0,0 @@ -/* - * linux.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Linux compatibility layer - * Other UNIX like operating systems should also be able to use this - * implementation without change. - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ -#ifdef LINUX -#include <unistd.h> -#include <fcntl.h> -#include <errno.h> -#include <sys/times.h> -#include <time.h> - -#include "../osLayer.h" - -#if defined(USE_RDTSCLL_TIME) || defined(RDTSC) -#include <asm/timex.h> -/* - As defined in asm/timex.h for x386: -*/ -#ifndef rdtscll - #define rdtscll(val) __asm__ __volatile__("rdtsc" : "=A" (val)) -#endif - -static sslTime_t hiresStart; /* zero-time */ -static sslTime_t hiresFreq; /* tics per second */ -#else /* USE_RDTSCLL_TIME */ -static uint32 prevTicks; /* Check wrap */ -static sslTime_t elapsedTime; /* Last elapsed time */ -#endif - -#ifdef USE_MULTITHREADING -#include <pthread.h> -static pthread_mutexattr_t attr; -#endif - -/* max sure we don't retry reads forever */ -#define MAX_RAND_READS 1024 - -static int32 urandfd = -1; -static int32 randfd = -1; - -int32 sslOpenOsdep(void) -{ -#if defined(USE_RDTSCLL_TIME) || defined(RDTSC) - FILE *cpuInfo; - double mhz; - char line[80] = ""; - char *tmpstr; - int32 c; -#endif -/* - Open /dev/random access non-blocking. -*/ - if ((randfd = open("/dev/random", O_RDONLY | O_NONBLOCK)) < 0) { - return -1; - } - if ((urandfd = open("/dev/urandom", O_RDONLY)) < 0) { - close(randfd); - return -1; - } -/* - Initialize times -*/ -#if defined(USE_RDTSCLL_TIME) || defined(RDTSC) - if ((cpuInfo = fopen ("/proc/cpuinfo","r")) == NULL) { - matrixStrDebugMsg("Error opening /proc/cpuinfo\n", NULL); - return -2; - } - - while ((!feof(cpuInfo)) && (strncasecmp(line,"cpu MHz",7) != 0)){ - fgets(line,79,cpuInfo); - } - - if (strncasecmp(line,"cpu MHz",7) == 0){ - tmpstr = strchr(line,':'); - tmpstr++; - c = strspn(tmpstr, " \t"); - tmpstr +=c; - c = strcspn(tmpstr, " \t\n\r"); - tmpstr[c] = '\0'; - mhz = 1000000 * atof(tmpstr); - hiresFreq = (sslTime_t)mhz; - fclose (cpuInfo); - } else { - fclose (cpuInfo); - hiresStart = 0; - return -3; - } - rdtscll(hiresStart); -#endif /* USE_RDTSCLL_TIME */ -/* - FUTURE - Solaris doesn't support recursive mutexes! - We don't use them internally anyway, so this is not an issue, - but we like to set this if we can because it's silly for a thread to lock - itself, rather than error or recursive lock -*/ -#ifdef USE_MULTITHREADING - pthread_mutexattr_init(&attr); -#ifndef OSX - pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE_NP); -#endif /* !OSX */ -#endif /* USE_MULTITHREADING */ - return psOpenMalloc(MAX_MEMORY_USAGE); -} - -int32 sslCloseOsdep(void) -{ - psCloseMalloc(); -#ifdef USE_MULTITHREADING - pthread_mutexattr_destroy(&attr); -#endif - close(randfd); - close(urandfd); - return 0; -} - -/* - Read from /dev/random non-blocking first, then from urandom if it would - block. Also, handle file closure case and re-open. -*/ - -int32 sslGetEntropy(unsigned char *bytes, int32 size) -{ - int32 rc, sanity, retry, readBytes; - unsigned char *where = bytes; - - sanity = retry = rc = readBytes = 0; - - while (size) { - if ((rc = read(randfd, where, size)) < 0 || sanity > MAX_RAND_READS) { - if (errno == EINTR) { - if (sanity > MAX_RAND_READS) { - return -1; - } - sanity++; - continue; - } else if (errno == EAGAIN) { - break; - } else if (errno == EBADF && retry == 0) { - close(randfd); - if ((randfd = open("/dev/random", O_RDONLY | O_NONBLOCK)) < 0) { - break; - } - retry++; - continue; - } else { - break; - } - } - readBytes += rc; - where += rc; - size -= rc; - } - - - sanity = retry = 0; - while (size) { - if ((rc = read(urandfd, where, size)) < 0 || sanity > MAX_RAND_READS) { - if (errno == EINTR) { - if (sanity > MAX_RAND_READS) { - return -1; - } - sanity++; - continue; - } else if (errno == EBADF && retry == 0) { - close(urandfd); - if ((urandfd = - open("/dev/urandom", O_RDONLY | O_NONBLOCK)) < 0) { - return -1; - } - retry++; - continue; - } else { - return -1; - } - } - readBytes += rc; - where += rc; - size -= rc; - } - return readBytes; -} - -#ifdef DEBUG -void psBreak(void) -{ - abort(); -} -#endif - -/******************************************************************************/ - -#ifdef USE_MULTITHREADING - -int32 sslCreateMutex(sslMutex_t *mutex) -{ - - if (pthread_mutex_init(mutex, &attr) != 0) { - return -1; - } - return 0; -} - -int32 sslLockMutex(sslMutex_t *mutex) -{ - if (pthread_mutex_lock(mutex) != 0) { - return -1; - } - return 0; -} - -int32 sslUnlockMutex(sslMutex_t *mutex) -{ - if (pthread_mutex_unlock(mutex) != 0) { - return -1; - } - return 0; -} - -void sslDestroyMutex(sslMutex_t *mutex) -{ - pthread_mutex_destroy(mutex); -} -#endif /* USE_MULTITHREADING */ - -/*****************************************************************************/ -/* - Use a platform specific high resolution timer -*/ -#if defined(USE_RDTSCLL_TIME) || defined(RDTSC) - -int32 sslInitMsecs(sslTime_t *t) -{ - unsigned long long diff; - int32 d; - - rdtscll(*t); - diff = *t - hiresStart; - d = (int32)((diff * 1000) / hiresFreq); - return d; -} - -/* - Return the delta in seconds between two time values -*/ -long sslDiffMsecs(sslTime_t then, sslTime_t now) -{ - unsigned long long diff; - - diff = now - then; - return (long)((diff * 1000) / hiresFreq); -} - -/* - Return the delta in seconds between two time values -*/ -int32 sslDiffSecs(sslTime_t then, sslTime_t now) -{ - unsigned long long diff; - - diff = now - then; - return (int32)(diff / hiresFreq); -} - -/* - Time comparison. 1 if 'a' is less than or equal. 0 if 'a' is greater -*/ -int32 sslCompareTime(sslTime_t a, sslTime_t b) -{ - if (a <= b) { - return 1; - } - return 0; -} - -#else /* USE_RDTSCLL_TIME */ - -int32 sslInitMsecs(sslTime_t *timePtr) -{ - struct tms tbuff; - uint32 t, deltat, deltaticks; - -/* - * times() returns the number of clock ticks since the system - * was booted. If it is less than the last time we did this, the - * clock has wrapped around 0xFFFFFFFF, so compute the delta, otherwise - * the delta is just the difference between the new ticks and the last - * ticks. Convert the elapsed ticks to elapsed msecs using rounding. - */ - if ((t = times(&tbuff)) >= prevTicks) { - deltaticks = t - prevTicks; - } else { - deltaticks = (0xFFFFFFFF - prevTicks) + 1 + t; - } - deltat = ((deltaticks * 1000) + (CLK_TCK / 2)) / CLK_TCK; - -/* - * Add the delta to the previous elapsed time. - */ - elapsedTime.usec += ((deltat % 1000) * 1000); - if (elapsedTime.usec >= 1000000) { - elapsedTime.usec -= 1000000; - deltat += 1000; - } - elapsedTime.sec += (deltat / 1000); - prevTicks = t; - -/* - * Return the current elapsed time. - */ - timePtr->usec = elapsedTime.usec; - timePtr->sec = elapsedTime.sec; - return (timePtr->usec / 1000) + timePtr->sec * 1000; -} - -/* - Return the delta in seconds between two time values -*/ -long sslDiffMsecs(sslTime_t then, sslTime_t now) -{ - return (long)((now.sec - then.sec) * 1000); -} - -/* - Return the delta in seconds between two time values -*/ -int32 sslDiffSecs(sslTime_t then, sslTime_t now) -{ - return (int32)(now.sec - then.sec); -} - -/* - Time comparison. 1 if 'a' is less than or equal. 0 if 'a' is greater -*/ -int32 sslCompareTime(sslTime_t a, sslTime_t b) -{ - if (a.sec < b.sec) { - return 1; - } else if (a.sec == b.sec) { - if (a.usec <= b.usec) { - return 1; - } else { - return 0; - } - } - return 0; -} - -#endif /* USE_RDTSCLL_TIME */ - - -#endif /* LINUX */ - -/******************************************************************************/ diff --git a/release/src/router/matrixssl/src/os/osLayer.h b/release/src/router/matrixssl/src/os/osLayer.h deleted file mode 100644 index 00872198..00000000 --- a/release/src/router/matrixssl/src/os/osLayer.h +++ /dev/null @@ -1,200 +0,0 @@ -/* - * osLayer.h - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Layered header for OS specific functions - * Contributors adding new OS support must implement all functions - * externed below. - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#ifndef _h_OS_LAYER -#define _h_OS_LAYER -#define _h_EXPORT_SYMBOLS - -#include <stdio.h> -#include <stdlib.h> - -#ifndef WINCE -#include <time.h> -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/******************************************************************************/ - -#include "../../matrixCommon.h" -#include "psMalloc.h" - -/* - Functions defined at OS level -*/ -extern int32 sslOpenOsdep(void); -extern int32 sslCloseOsdep(void); -extern int32 sslGetEntropy(unsigned char *bytes, int32 size); - -/* - Defines to make library multithreading safe -*/ -#ifdef USE_MULTITHREADING - -#if WIN32 || WINCE -#include <windows.h> - -typedef CRITICAL_SECTION sslMutex_t; -#define sslCreateMutex(M) InitializeCriticalSection((CRITICAL_SECTION *) M); -#define sslLockMutex(M) EnterCriticalSection((CRITICAL_SECTION *) M); -#define sslUnlockMutex(M) LeaveCriticalSection((CRITICAL_SECTION *) M); -#define sslDestroyMutex(M) DeleteCriticalSection((CRITICAL_SECTION *) M); - -#elif LINUX -#include <pthread.h> -#include <string.h> - -typedef pthread_mutex_t sslMutex_t; -extern int32 sslCreateMutex(sslMutex_t *mutex); -extern int32 sslLockMutex(sslMutex_t *mutex); -extern int32 sslUnlockMutex(sslMutex_t *mutex); -extern void sslDestroyMutex(sslMutex_t *mutex); -#elif VXWORKS -#include "semLib.h" - -typedef SEM_ID sslMutex_t; -extern int32 sslCreateMutex(sslMutex_t *mutex); -extern int32 sslLockMutex(sslMutex_t *mutex); -extern int32 sslUnlockMutex(sslMutex_t *mutex); -extern void sslDestroyMutex(sslMutex_t *mutex); -#endif /* WIN32 || CE */ - -#else /* USE_MULTITHREADING */ -typedef int32 sslMutex_t; -#define sslCreateMutex(M) -#define sslLockMutex(M) -#define sslUnlockMutex(M) -#define sslDestroyMutex(M) - -#endif /* USE_MULTITHREADING */ - -/* - Make sslTime_t an opaque time value. - FUTURE - use high res time instead of time_t -*/ -#ifdef LINUX -/* - On some *NIX versions such as MAC OS X 10.4, CLK_TCK has been deprecated -*/ -#ifndef CLK_TCK -#define CLK_TCK CLOCKS_PER_SEC -#endif /* CLK_TCK */ -#endif /* LINUX */ - -#if defined(WIN32) -#include <windows.h> -typedef LARGE_INTEGER sslTime_t; -#elif VXWORKS -typedef struct { - long sec; - long usec; - } sslTime_t; -#elif (defined(USE_RDTSCLL_TIME) || defined(RDTSC)) -typedef unsigned long long LARGE_INTEGER; -typedef LARGE_INTEGER sslTime_t; -#elif WINCE -#include <windows.h> - -typedef LARGE_INTEGER sslTime_t; -#else -typedef struct { - long sec; - long usec; - } sslTime_t; -#endif - -/******************************************************************************/ -/* - We define our own stat for CE. -*/ -#if WINCE - -extern int32 stat(char *filename, struct stat *sbuf); - -struct stat { - unsigned long st_size; /* file size in bytes */ - unsigned long st_mode; - time_t st_atime; /* time of last access */ - time_t st_mtime; /* time of last data modification */ - time_t st_ctime; /* time of last file status change */ -}; - -#define S_IFREG 0100000 -#define S_IFDIR 0040000 - -extern time_t time(); - -#endif /* WINCE */ - -extern int32 sslInitMsecs(sslTime_t *t); -extern int32 sslCompareTime(sslTime_t a, sslTime_t b); -extern int32 sslDiffSecs(sslTime_t then, sslTime_t now); -extern long sslDiffMsecs(sslTime_t then, sslTime_t now); - - -/******************************************************************************/ -/* - Debugging functionality. - - If DEBUG is defined matrixStrDebugMsg and matrixIntDebugMsg messages are - output to stdout, sslAsserts go to stderror and call psBreak. - - In non-DEBUG builds matrixStrDebugMsg and matrixIntDebugMsg are - compiled out. sslAsserts still go to stderr, but psBreak is not called. - -*/ - -#if DEBUG -extern void psBreak(void); -extern void matrixStrDebugMsg(char *message, char *arg); -extern void matrixIntDebugMsg(char *message, int32 arg); -extern void matrixPtrDebugMsg(char *message, void *arg); -#define sslAssert(C) if (C) ; else \ - {fprintf(stderr, "%s:%d sslAssert(%s)\n",__FILE__, __LINE__, #C); psBreak(); } -#else -#define matrixStrDebugMsg(x, y) -#define matrixIntDebugMsg(x, y) -#define matrixPtrDebugMsg(x, y) -#define sslAssert(C) if (C) ; else \ - {fprintf(stderr, "%s:%d sslAssert(%s)\n",__FILE__, __LINE__, #C); } -#endif /* DEBUG */ - -#ifdef __cplusplus -} -#endif - -#endif /* _h_OS_LAYER */ - -/******************************************************************************/ diff --git a/release/src/router/matrixssl/src/os/psMalloc.h b/release/src/router/matrixssl/src/os/psMalloc.h deleted file mode 100644 index 3ba4bec5..00000000 --- a/release/src/router/matrixssl/src/os/psMalloc.h +++ /dev/null @@ -1,63 +0,0 @@ -/* - * psMalloc.h - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Header for psMalloc functions - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#ifndef _h_PS_MALLOC -#define _h_PS_MALLOC - -#define PEERSEC_BASE_POOL 0 -#define PEERSEC_NO_POOL (void *)0x00001 - -/******************************************************************************/ -/* - Because a set of public APIs are exposed here there is a dependence on - the package. The config layer header must be parsed to determine what - defines are configured -*/ -#include "../../matrixCommon.h" - -/* - Native memory routines -*/ -#define MAX_MEMORY_USAGE 0 -#define psOpenMalloc(A) 0 -#define psCloseMalloc() -#define psMalloc(A, B) malloc(B) -#define psCalloc(A, B, C) calloc(B, C) -#define psRealloc realloc -#define psFree free -#define psMemset memset -#define psMemcpy memcpy -typedef int32 psPool_t; - -#endif /* _h_PS_MALLOC */ - - - diff --git a/release/src/router/matrixssl/src/os/vxworks/vxworks.c b/release/src/router/matrixssl/src/os/vxworks/vxworks.c deleted file mode 100644 index 68f99e95..00000000 --- a/release/src/router/matrixssl/src/os/vxworks/vxworks.c +++ /dev/null @@ -1,219 +0,0 @@ -/* - * vxworks.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * VXWORKS compatibility layer - * Other UNIX like operating systems should also be able to use this - * implementation without change. - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#ifdef VXWORKS -#include <fcntl.h> -#include <errno.h> - -#include "../../matrixInternal.h" - -#include <sys/times.h> -#include <time.h> - -static unsigned int prevTicks; /* Check wrap */ -static int tickspersec; /* system clock rate */ -static sslTime_t elapsedTime; /* Last elapsed time */ - -/******************************************************************************/ -/* - OS dependent Open. - */ -int sslOpenOsdep(void) -{ - tickspersec = sysClkRateGet(); - - psOpenMalloc(MAX_MEMORY_USAGE); - return 0; -} - -/******************************************************************************/ -/* - sslClose - */ -int sslCloseOsdep(void) -{ - psCloseMalloc(); - return 0; -} - -/******************************************************************************/ -/* - TODO: hardware dependent entropy function. Implement - depending on platform. - */ - -int sslGetEntropy(unsigned char *bytes, int size) -{ - return 0; -} - -/******************************************************************************/ -/* - debug break. - */ -void sslBreak(void) -{ - abort(); -} - -/******************************************************************************/ -/* - Init a time structure. - */ -int sslInitMsecs(sslTime_t *timePtr) -{ - unsigned int t, deltat, deltaticks; - -/* - tickGet returns the number of clock ticks since the system - was booted. If it is less than the last time we did this, the - clock has wrapped around 0xFFFFFFFF, so compute the delta, otherwise - the delta is just the difference between the new ticks and the last - ticks. Convert the elapsed ticks to elapsed msecs using rounding. - */ - if ((t = tickGet()) >= prevTicks) { - deltaticks = t - prevTicks; - } else { - deltaticks = (0xFFFFFFFF - prevTicks) + 1 + t; - } - deltat = ((deltaticks * 1000) + (tickspersec / 2)) / tickspersec; - -/* - * Add the delta to the previous elapsed time. - */ - elapsedTime.usec += ((deltat % 1000) * 1000); - if (elapsedTime.usec >= 1000000) { - elapsedTime.usec -= 1000000; - deltat += 1000; - } - elapsedTime.sec += (deltat / 1000); - prevTicks = t; - -/* - * Return the current elapsed time. - */ - timePtr->usec = elapsedTime.usec; - timePtr->sec = elapsedTime.sec; -} - -int sslDiffSecs(sslTime_t then, sslTime_t now) -{ - return (int)(now.sec - then.sec); -} - -/******************************************************************************/ -/* - Time comparison. 1 if 'a' is less than or equal. 0 if 'a' is greater -*/ -int sslCompareTime(sslTime_t a, sslTime_t b) -{ - - if (a.sec < b.sec) { - return 1; - } else if (a.sec == b.sec) { - if (a.usec <= b.usec) { - return 1; - } else { - return 0; - } - } - return 0; -} - -/******************************************************************************/ -/* - Initialize a mutex structure. - */ - -int sslCreateMutex(sslMutex_t *mutex) -{ - memset (mutex,0x0,sizeof(sslMutex_t)); - -/* - * Create and initialize a mutual-exclusion semaphore - */ - *mutex = semMCreate(SEM_Q_PRIORITY | SEM_DELETE_SAFE | SEM_INVERSION_SAFE); - return 0; -} - -/******************************************************************************/ -/* - Lock a mutex structure. - */ - -int sslLockMutex(sslMutex_t *mutex) -{ - STATUS stat; - int err; - -/* - Currently waits forever until semaphore is released. -*/ - if ((stat = semTake((SEM_ID) mutex, WAIT_FOREVER)) == ERROR) { - return -1; - } - return stat; -} - -/******************************************************************************/ -/* - Unlock a mutex structure. - */ - -int sslUnlockMutex(sslMutex_t *mutex) -{ - if (mutex != NULL) { - if (semGive((SEM_ID) mutex) == ERROR) { - return -1; - } - } - return 0; -} - -/******************************************************************************/ -/* - Destroy mutex. - */ - -void sslDestroyMutex(sslMutex_t *mutex) -{ - if (mutex == NULL) { - return; - } - sslLockMutex(mutex); - semDelete((SEM_ID) mutex); -} - -#endif /* VXWORKS */ - -/******************************************************************************/ diff --git a/release/src/router/matrixssl/src/os/win/win.c b/release/src/router/matrixssl/src/os/win/win.c deleted file mode 100644 index b4d9afa6..00000000 --- a/release/src/router/matrixssl/src/os/win/win.c +++ /dev/null @@ -1,241 +0,0 @@ -/* - * win.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Microsoft Windows compatibility layer. - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ - /******************************************************************************/ - -#include "../osLayer.h" - -#include <windows.h> -#include <wincrypt.h> - -#ifndef WINCE -#include <process.h> -#endif - -#include <limits.h> - -#if defined(WIN32) || defined(WINCE) - -#define MAX_INT 0x7FFFFFFF - -static LARGE_INTEGER hiresStart; /* zero-time */ -static LARGE_INTEGER hiresFreq; /* tics per second */ - -/* For backwards compatibility */ -#ifndef CRYPT_SILENT -#define CRYPT_SILENT 0 -#endif - -static HCRYPTPROV hProv; /* Crypto context for random bytes */ - -int32 sslOpenOsdep() -{ - int32 rc; - - if ((rc = psOpenMalloc(MAX_MEMORY_USAGE)) < 0) { - return rc; - } -/* - Hires time init -*/ - QueryPerformanceFrequency(&hiresFreq); - QueryPerformanceCounter(&hiresStart); - - if (!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, - CRYPT_VERIFYCONTEXT)) { - return -1; - } - return 0; -} - -int32 sslCloseOsdep() -{ - CryptReleaseContext(hProv, 0); - psCloseMalloc(); - return 0; -} - -int32 sslGetEntropy(unsigned char *bytes, int32 size) -{ - if (CryptGenRandom(hProv, size, bytes)) { - return size; - } - return -1; -} - -#ifdef DEBUG -void psBreak() -{ - int32 i = 0; i++; /* Prevent the compiler optimizing this function away */ - - DebugBreak(); -} -#endif - -int32 sslInitMsecs(sslTime_t *t) -{ - __int64 diff; - int32 d; - - QueryPerformanceCounter(t); - diff = t->QuadPart - hiresStart.QuadPart; - d = (int32)((diff * 1000) / hiresFreq.QuadPart); - return d; -} - -int32 sslDiffSecs(sslTime_t then, sslTime_t now) -{ - __int64 diff; - - diff = now.QuadPart - then.QuadPart; - return (int32)(diff / hiresFreq.QuadPart); -} - -/* - Time comparison. 1 if 'a' is less than or equal. 0 if 'a' is greater -*/ -int32 sslCompareTime(sslTime_t a, sslTime_t b) -{ - if (a.QuadPart <= b.QuadPart) { - return 1; - } - return 0; -} - -#ifdef WINCE -/******************************************************************************/ -/* - Our implementation of wide character stat: get file information. - - NOTES: - only gets the file size currently - */ -int32 stat(char *filename, struct stat *sbuf) -{ - DWORD dwAttributes; - HANDLE hFile; - int32 rc, size; - - unsigned short uniFile[512]; - - rc = 0; - memset(sbuf, 0, sizeof(struct stat)); - - MultiByteToWideChar(CP_ACP, 0, filename, -1, uniFile, 256); - dwAttributes = GetFileAttributes(uniFile); - if (dwAttributes != 0xFFFFFFFF && dwAttributes & FILE_ATTRIBUTE_DIRECTORY) { - sbuf->st_mode = S_IFDIR; - return 0; - } - sbuf->st_mode = S_IFREG; - - if ((hFile = CreateFile(uniFile, GENERIC_READ, FILE_SHARE_READ && FILE_SHARE_WRITE, NULL, - OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL)) == INVALID_HANDLE_VALUE) { - return -1; - } - -/* - * Get the file size. - */ - size = GetFileSize(hFile, NULL); - sbuf->st_size = size; - - CloseHandle(hFile); - return rc; -} - -/******************************************************************************/ -/* - The following functions implement a unixlike time() function. - */ - -static FILETIME YearToFileTime(WORD wYear) -{ - SYSTEMTIME sbase; - FILETIME fbase; - - sbase.wYear = wYear; - sbase.wMonth = 1; - sbase.wDayOfWeek = 1; //assumed - sbase.wDay = 1; - sbase.wHour = 0; - sbase.wMinute = 0; - sbase.wSecond = 0; - sbase.wMilliseconds = 0; - - SystemTimeToFileTime( &sbase, &fbase ); - - return fbase; -} - -time_t time() { - - __int64 time1, time2, iTimeDiff; - FILETIME fileTime1, fileTime2; - SYSTEMTIME sysTime; - -/* - Get 1970's filetime. -*/ - fileTime1 = YearToFileTime(1970); - -/* - Get the current filetime time. -*/ - GetSystemTime(&sysTime); - SystemTimeToFileTime(&sysTime, &fileTime2); - - -/* - Stuff the 2 FILETIMEs into their own __int64s. -*/ - time1 = fileTime1.dwHighDateTime; - time1 <<= 32; - time1 |= fileTime1.dwLowDateTime; - - time2 = fileTime2.dwHighDateTime; - time2 <<= 32; - time2 |= fileTime2.dwLowDateTime; - -/* - Get the difference of the two64-bit ints. - - This is he number of 100-nanosecond intervals since Jan. 1970. So - we divide by 10000 to get seconds. - */ - iTimeDiff = (time2 - time1) / 10000000; - return (int32)iTimeDiff; -} -#endif /* WINCE */ - - - -#endif /* WIN32 */ - -/******************************************************************************/ diff --git a/release/src/router/matrixssl/src/pki/asn1.c b/release/src/router/matrixssl/src/pki/asn1.c deleted file mode 100644 index 253e910b..00000000 --- a/release/src/router/matrixssl/src/pki/asn1.c +++ /dev/null @@ -1,454 +0,0 @@ -/* - * asn1.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * DER/BER coding - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "pkiInternal.h" - -/******************************************************************************/ -/* - On success, p will be updated to point to first character of value and - valLen will contain number of bytes in value - Return: - 0 Success - < 0 Error -*/ -int32 asnParseLength(unsigned char **p, int32 size, int32 *valLen) -{ - unsigned char *c, *end; - int32 len, olen; - - c = *p; - end = c + size; - if (end - c < 1) { - return -1; - } -/* - If the length byte has high bit only set, it's an indefinite length - We don't support this! -*/ - if (*c == 0x80) { - *valLen = -1; - matrixStrDebugMsg("Unsupported: ASN indefinite length\n", NULL); - return -1; - } -/* - If the high bit is set, the lower 7 bits represent the number of - bytes that follow and represent length - If the high bit is not set, the lower 7 represent the actual length -*/ - len = *c & 0x7F; - if (*(c++) & 0x80) { -/* - Make sure there aren't more than 4 bytes of length specifier, - and that we have that many bytes left in the buffer -*/ - if (len > sizeof(int32) || len == 0x7f || (end - c) < len) { - return -1; - } - olen = 0; - while (len-- > 0) { - olen = (olen << 8) | *c; - c++; - } - if (olen < 0 || olen > INT_MAX) { - return -1; - } - len = olen; - } - *p = c; - *valLen = len; - return 0; -} - -/******************************************************************************/ -/* - Callback to extract a big int32 (stream of bytes) from the DER stream -*/ -int32 getBig(psPool_t *pool, unsigned char **pp, int32 len, mp_int *big) -{ - unsigned char *p = *pp; - int32 vlen; - - if (len < 1 || *(p++) != ASN_INTEGER || - asnParseLength(&p, len - 1, &vlen) < 0 || (len -1) < vlen) { - matrixStrDebugMsg("ASN getBig failed\n", NULL); - return -1; - } - mp_init(pool, big); - if (mp_read_unsigned_bin(big, p, vlen) != 0) { - mp_clear(big); - matrixStrDebugMsg("ASN getBig failed\n", NULL); - return -1; - } - p += vlen; - *pp = p; - return 0; -} - -/******************************************************************************/ -/* - Although a certificate serial number is encoded as an integer type, that - doesn't prevent it from being abused as containing a variable length - binary value. Get it here. -*/ -int32 getSerialNum(psPool_t *pool, unsigned char **pp, int32 len, - unsigned char **sn, int32 *snLen) -{ - unsigned char *p = *pp; - int32 vlen; - - if ((*p != (ASN_CONTEXT_SPECIFIC | ASN_PRIMITIVE | 2)) && - (*p != ASN_INTEGER)) { - matrixStrDebugMsg("ASN getSerialNumber failed\n", NULL); - return -1; - } - p++; - - if (len < 1 || asnParseLength(&p, len - 1, &vlen) < 0 || (len - 1) < vlen) { - matrixStrDebugMsg("ASN getSerialNumber failed\n", NULL); - return -1; - } - *snLen = vlen; - *sn = psMalloc(pool, vlen); - if (*sn == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - memcpy(*sn, p, vlen); - p += vlen; - *pp = p; - return 0; -} - -/******************************************************************************/ -/* - Callback to extract a sequence length from the DER stream - Verifies that 'len' bytes are >= 'seqlen' - Move pp to the first character in the sequence -*/ -int32 getSequence(unsigned char **pp, int32 len, int32 *seqlen) -{ - unsigned char *p = *pp; - - if (len < 1 || *(p++) != (ASN_SEQUENCE | ASN_CONSTRUCTED) || - asnParseLength(&p, len - 1, seqlen) < 0 || len < *seqlen) { - return -1; - } - *pp = p; - return 0; -} - -/******************************************************************************/ -/* - Extract a set length from the DER stream -*/ -int32 getSet(unsigned char **pp, int32 len, int32 *setlen) -{ - unsigned char *p = *pp; - - if (len < 1 || *(p++) != (ASN_SET | ASN_CONSTRUCTED) || - asnParseLength(&p, len - 1, setlen) < 0 || len < *setlen) { - return -1; - } - *pp = p; - return 0; -} - -/******************************************************************************/ -/* - Explicit value encoding has an additional tag layer -*/ -int32 getExplicitVersion(unsigned char **pp, int32 len, int32 expVal, int32 *val) -{ - unsigned char *p = *pp; - int32 exLen; - - if (len < 1) { - return -1; - } -/* - This is an optional value, so don't error if not present. The default - value is version 1 -*/ - if (*p != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | expVal)) { - *val = 0; - return 0; - } - p++; - if (asnParseLength(&p, len - 1, &exLen) < 0 || (len - 1) < exLen) { - return -1; - } - if (getInteger(&p, exLen, val) < 0) { - return -1; - } - *pp = p; - return 0; -} - -/******************************************************************************/ -/* - Implementation specific OID parser for suppported RSA algorithms -*/ -int32 getAlgorithmIdentifier(unsigned char **pp, int32 len, int32 *oi, - int32 isPubKey) -{ - unsigned char *p = *pp, *end; - int32 arcLen, llen; - - end = p + len; - if (len < 1 || getSequence(&p, len, &llen) < 0) { - return -1; - } - if (end - p < 1) { - return -1; - } - if (*(p++) != ASN_OID || asnParseLength(&p, (int32)(end - p), &arcLen) < 0 || - llen < arcLen) { - return -1; - } -/* - List of expected (currently supported) OIDs - RFC 3279 - algorithm summed length hex - sha1 88 05 2b0e03021a - md2 646 08 2a864886f70d0202 - md5 649 08 2a864886f70d0205 - - rsaEncryption 645 09 2a864886f70d010101 - md2WithRSAEncryption: 646 09 2a864886f70d010102 - md5WithRSAEncryption 648 09 2a864886f70d010104 - sha-1WithRSAEncryption 649 09 2a864886f70d010105 - - Yes, the summing isn't ideal (as can be seen with the duplicate 649), - but the specific implementation makes this ok. -*/ - if (end - p < 2) { - return -1; - } - if (isPubKey && (*p != 0x2a) && (*(p + 1) != 0x86)) { -/* - Expecting DSA here if not RSA, but OID doesn't always match -*/ - matrixStrDebugMsg("Unsupported algorithm identifier\n", NULL); - return -1; - } - *oi = 0; - while (arcLen-- > 0) { - *oi += (int32)*p++; - } -/* - Each of these cases might have a trailing NULL parameter. Skip it -*/ - if (*p != ASN_NULL) { - *pp = p; - return 0; - } - if (end - p < 2) { - return -1; - } - *pp = p + 2; - return 0; -} - -/******************************************************************************/ -/* - Implementation specific date parser. - Does not actually verify the date -*/ -int32 getValidity(psPool_t *pool, unsigned char **pp, int32 len, - char **notBefore, char **notAfter) -{ - unsigned char *p = *pp, *end; - int32 seqLen, timeLen; - - end = p + len; - if (len < 1 || *(p++) != (ASN_SEQUENCE | ASN_CONSTRUCTED) || - asnParseLength(&p, len - 1, &seqLen) < 0 || (end - p) < seqLen) { - return -1; - } -/* - Have notBefore and notAfter times in UTCTime or GeneralizedTime formats -*/ - if ((end - p) < 1 || ((*p != ASN_UTCTIME) && (*p != ASN_GENERALIZEDTIME))) { - return -1; - } - p++; -/* - Allocate them as null terminated strings -*/ - if (asnParseLength(&p, seqLen, &timeLen) < 0 || (end - p) < timeLen) { - return -1; - } - *notBefore = psMalloc(pool, timeLen + 1); - if (*notBefore == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - memcpy(*notBefore, p, timeLen); - (*notBefore)[timeLen] = '\0'; - p = p + timeLen; - if ((end - p) < 1 || ((*p != ASN_UTCTIME) && (*p != ASN_GENERALIZEDTIME))) { - return -1; - } - p++; - if (asnParseLength(&p, seqLen - timeLen, &timeLen) < 0 || - (end - p) < timeLen) { - return -1; - } - *notAfter = psMalloc(pool, timeLen + 1); - if (*notAfter == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - memcpy(*notAfter, p, timeLen); - (*notAfter)[timeLen] = '\0'; - p = p + timeLen; - - *pp = p; - return 0; -} - -/******************************************************************************/ -/* - Currently just returning the raw BIT STRING and size in bytes -*/ -int32 getSignature(psPool_t *pool, unsigned char **pp, int32 len, - unsigned char **sig, int32 *sigLen) -{ - unsigned char *p = *pp, *end; - int32 ignore_bits, llen; - - end = p + len; - if (len < 1 || (*(p++) != ASN_BIT_STRING) || - asnParseLength(&p, len - 1, &llen) < 0 || (end - p) < llen) { - return -1; - } - ignore_bits = *p++; -/* - We assume this is always 0. -*/ - sslAssert(ignore_bits == 0); -/* - Length included the ignore_bits byte -*/ - *sigLen = llen - 1; - *sig = psMalloc(pool, *sigLen); - if (*sig == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - memcpy(*sig, p, *sigLen); - *pp = p + *sigLen; - return 0; -} - -/******************************************************************************/ -/* - Could be optional. If the tag doesn't contain the value from the left - of the IMPLICIT keyword we don't have a match and we don't incr the pointer. -*/ -int32 getImplicitBitString(psPool_t *pool, unsigned char **pp, int32 len, - int32 impVal, unsigned char **bitString, int32 *bitLen) -{ - unsigned char *p = *pp; - int32 ignore_bits; - - if (len < 1) { - return -1; - } -/* - We don't treat this case as an error, because of the optional nature. -*/ - if (*p != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | impVal)) { - return 0; - } - - p++; - if (asnParseLength(&p, len, bitLen) < 0) { - return -1; - } - ignore_bits = *p++; - sslAssert(ignore_bits == 0); - - *bitString = psMalloc(pool, *bitLen); - if (*bitString == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - memcpy(*bitString, p, *bitLen); - *pp = p + *bitLen; - return 0; -} - -/******************************************************************************/ -/* - Get an integer -*/ -int32 getInteger(unsigned char **pp, int32 len, int32 *val) -{ - unsigned char *p = *pp, *end; - uint32 ui; - int32 vlen; - - end = p + len; - if (len < 1 || *(p++) != ASN_INTEGER || - asnParseLength(&p, len - 1, &vlen) < 0) { - matrixStrDebugMsg("ASN getInteger failed\n", NULL); - return -1; - } -/* - This check prevents us from having a big positive integer where the - high bit is set because it will be encoded as 5 bytes (with leading - blank byte). If that is required, a getUnsigned routine should be used -*/ - if (vlen > sizeof(int32) || end - p < vlen) { - matrixStrDebugMsg("ASN getInteger failed\n", NULL); - return -1; - } - ui = 0; -/* - If high bit is set, it's a negative integer, so perform the two's compliment - Otherwise do a standard big endian read (most likely case for RSA) -*/ - if (*p & 0x80) { - while (vlen-- > 0) { - ui = (ui << 8) | (*p ^ 0xFF); - p++; - } - vlen = (int32)ui; - vlen++; - vlen = -vlen; - *val = vlen; - } else { - while (vlen-- > 0) { - ui = (ui << 8) | *p; - p++; - } - *val = (int32)ui; - } - *pp = p; - return 0; -} - -/******************************************************************************/ diff --git a/release/src/router/matrixssl/src/pki/matrixPki.h b/release/src/router/matrixssl/src/pki/matrixPki.h deleted file mode 100644 index aea0f1d5..00000000 --- a/release/src/router/matrixssl/src/pki/matrixPki.h +++ /dev/null @@ -1,138 +0,0 @@ -/* - * matrixPki.h - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Public header file for MatrixPKI extension - * Implementations interacting with the PKI portion of the - * matrixssl library should only use the APIs and definitions - * used in this file. - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#ifndef _h_MATRIXPKI -#define _h_MATRIXPKI - -#ifdef __cplusplus -extern "C" { -#endif - -/* - Because the set of APIs exposed here is dependent on the package, the - crypto layer header must be parsed to determine what defines are configured - (USE_RSA, and USE_X509 specifically) -*/ -#include "../../matrixCommon.h" -#include "../crypto/matrixCrypto.h" - -#define REQ_FILE_TYPE 0 -#define KEY_FILE_TYPE 1 -#define CERT_FILE_TYPE 2 - -#define MAX_CHAIN_LENGTH 16 -typedef uint32 sslChainLen_t[MAX_CHAIN_LENGTH]; -/******************************************************************************/ -/* - * PKI documented APIs - */ -MATRIXPUBLIC int32 matrixPkiOpen(void); -MATRIXPUBLIC void matrixPkiClose(void); - -#ifdef USE_RSA -/* - Private key reading and conversions -*/ -#ifdef USE_FILE_SYSTEM -MATRIXPUBLIC int32 matrixX509ReadPrivKey(psPool_t *pool, const char *fileName, - const char *password, unsigned char **out, - int32 *outLen); -#endif /* USE_FILE_SYSTEM */ -MATRIXPUBLIC int32 matrixRsaParsePrivKey(psPool_t *pool, unsigned char *keyBuf, - int32 keyBufLen, sslRsaKey_t **key); -MATRIXPUBLIC int32 matrixRsaParsePubKey(psPool_t *pool, unsigned char *keyBuf, - int32 keyBufLen, sslRsaKey_t **key); -MATRIXPUBLIC void matrixRsaFreeKey(sslRsaKey_t *key); -MATRIXPUBLIC int32 matrixRsaConvertToPublicKey(psPool_t *pool, - sslRsaKey_t *privKey, sslRsaKey_t **pubKey); - -/* - USE_X509 adds certificate support -*/ -#ifdef USE_X509 -MATRIXPUBLIC int32 matrixX509ReadKeysMem(sslKeys_t **keys, - unsigned char *certBuf, int32 certLen, - unsigned char *privBuf, int32 privLen, - unsigned char *trustedCABuf, int32 trustedCALen); -MATRIXPUBLIC void matrixRsaFreeKeys(sslKeys_t *keys); - -#ifdef USE_FILE_SYSTEM -MATRIXPUBLIC int32 matrixX509ReadKeys(sslKeys_t **keys, const char *certFile, - const char *privFile, const char *privPass, - const char *trustedCAFile); -MATRIXPUBLIC int32 matrixX509ReadKeysEx(psPool_t *pool, sslKeys_t **keys, - const char *certFile, const char *privFile, - const char *privPass, const char *trustedCAFiles); -MATRIXPUBLIC int32 matrixX509ReadCert(psPool_t *pool, const char *fileName, - unsigned char **out, int32 *outLen, - sslChainLen_t *chain); -MATRIXPUBLIC int32 matrixX509ReadPubKey(psPool_t *pool, const char *certFile, - sslRsaKey_t **key); -#endif /* USE_FILE_SYSTEM */ - -MATRIXPUBLIC int32 matrixRsaParseKeysMem(psPool_t *pool, sslKeys_t **keys, - unsigned char *certBuf, int32 certLen, unsigned char *privBuf, - int32 privLen, unsigned char *trustedCABuf, int32 trustedCALen); -MATRIXPUBLIC int32 matrixX509ParseCert(psPool_t *pool, unsigned char *certBuf, - int32 certlen, sslCert_t **cert); -MATRIXPUBLIC void matrixX509FreeCert(sslCert_t *cert); -MATRIXPUBLIC int32 matrixX509ParsePubKey(psPool_t *pool, unsigned char *certBuf, - int32 certLen, sslRsaKey_t **key); -MATRIXPUBLIC int32 matrixX509ValidateCert(psPool_t *pool, - sslCert_t *subjectCert, sslCert_t *issuerCert, - int32 *valid); -MATRIXPUBLIC int32 matrixX509ValidateCertChain(psPool_t *pool, - sslCert_t *chain, sslCert_t **subjectCert, - int32 *valid); -MATRIXPUBLIC int32 matrixX509UserValidator(psPool_t *pool, - sslCert_t *subjectCert, - int32 (*certValidator)(sslCertInfo_t *t, void *arg), - void *arg); -#endif /* USE_X509 */ - - - -#endif /* USE_RSA */ - - -/******************************************************************************/ - -#ifdef __cplusplus -} -#endif - -#endif /* _h_MATRIXPKI */ - -/******************************************************************************/ - diff --git a/release/src/router/matrixssl/src/pki/pkiInternal.h b/release/src/router/matrixssl/src/pki/pkiInternal.h deleted file mode 100644 index ef89feb3..00000000 --- a/release/src/router/matrixssl/src/pki/pkiInternal.h +++ /dev/null @@ -1,240 +0,0 @@ -/* - * pkiInternal.h - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Public header file for MatrixSSL PKI extension - * Implementations interacting with the PKI portion of the - * matrixssl library should only use the APIs and definitions - * used in this file. - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#ifndef _h_PSPKI_INTERNAL -#define _h_PSPKI_INTERNAL -#define _h_EXPORT_SYMBOLS - -#ifdef __cplusplus -extern "C" { -#endif - -/* - Require OS for PeerSec malloc and crypto to determine what we include here -*/ -#include "../../matrixCommon.h" -#include "../os/osLayer.h" -#include "../crypto/cryptoLayer.h" - -/******************************************************************************/ -/* - ASN defines - - 8 bit bit masks for ASN.1 tag field -*/ -#define ASN_PRIMITIVE 0x0 -#define ASN_CONSTRUCTED 0x20 - -#define ASN_UNIVERSAL 0x0 -#define ASN_APPLICATION 0x40 -#define ASN_CONTEXT_SPECIFIC 0x80 -#define ASN_PRIVATE 0xC0 - -/* - ASN.1 primitive data types -*/ -enum { - ASN_BOOLEAN = 1, - ASN_INTEGER, - ASN_BIT_STRING, - ASN_OCTET_STRING, - ASN_NULL, - ASN_OID, - ASN_UTF8STRING = 12, - ASN_SEQUENCE = 16, - ASN_SET, - ASN_PRINTABLESTRING = 19, - ASN_T61STRING, - ASN_IA5STRING = 22, - ASN_UTCTIME, - ASN_GENERALIZEDTIME, - ASN_GENERAL_STRING = 27, - ASN_BMPSTRING = 30 -}; - - -extern int32 getBig(psPool_t *pool, unsigned char **pp, int32 len, mp_int *big); -extern int32 getSerialNum(psPool_t *pool, unsigned char **pp, int32 len, - unsigned char **sn, int32 *snLen); -extern int32 getInteger(unsigned char **pp, int32 len, int32 *val); -extern int32 getSequence(unsigned char **pp, int32 len, int32 *outLen); -extern int32 getSet(unsigned char **pp, int32 len, int32 *outLen); -extern int32 getExplicitVersion(unsigned char **pp, int32 len, int32 expVal, - int32 *outLen); -extern int32 getAlgorithmIdentifier(unsigned char **pp, int32 len, int32 *oi, - int32 isPubKey); -extern int32 getValidity(psPool_t *pool, unsigned char **pp, int32 len, - char **notBefore, char **notAfter); -extern int32 getSignature(psPool_t *pool, unsigned char **pp, int32 len, - unsigned char **sig, int32 *sigLen); -extern int32 getImplicitBitString(psPool_t *pool, unsigned char **pp, int32 len, - int32 impVal, unsigned char **bitString, int32 *bitLen); - -/* - Define to enable more extension parsing -*/ -#define USE_FULL_CERT_PARSE - -/******************************************************************************/ -/* - The USE_RSA define is primarily for future compat when more key exchange - protocols are added. Crypto should always define this for now. -*/ -#define OID_RSA_MD2 646 -#define OID_RSA_MD5 648 -#define OID_RSA_SHA1 649 - -/* - DN attributes are used outside the X509 area for cert requests, - which have been included in the RSA portions of the code -*/ -typedef struct { - char *country; - char *state; - char *locality; - char *organization; - char *orgUnit; - char *commonName; - char hash[SSL_SHA1_HASH_SIZE]; -} DNattributes_t; - - -#ifdef USE_X509 - -typedef struct { - int32 ca; - int32 pathLenConstraint; -} extBasicConstraints_t; - -typedef struct { - int32 len; - unsigned char *id; -} extSubjectKeyId_t; - -typedef struct { - int32 keyLen; - unsigned char *keyId; - DNattributes_t attribs; - int32 serialNumLen; - unsigned char *serialNum; -} extAuthKeyId_t; -/* - FUTURE: add support for the other extensions -*/ -typedef struct { - extBasicConstraints_t bc; - sslSubjectAltName_t *san; -#ifdef USE_FULL_CERT_PARSE - extSubjectKeyId_t sk; - extAuthKeyId_t ak; - unsigned char *keyUsage; - int32 keyUsageLen; -#endif /* USE_FULL_CERT_PARSE */ -} v3extensions_t; - -typedef struct sslCert { - int32 version; - int32 valid; - unsigned char *serialNumber; - int32 serialNumberLen; - DNattributes_t issuer; - DNattributes_t subject; - char *notBefore; - char *notAfter; - sslRsaKey_t publicKey; - int32 certAlgorithm; - int32 sigAlgorithm; - int32 pubKeyAlgorithm; - unsigned char *signature; - int32 signatureLen; - unsigned char sigHash[SSL_SHA1_HASH_SIZE]; - unsigned char *uniqueUserId; - int32 uniqueUserIdLen; - unsigned char *uniqueSubjectId; - int32 uniqueSubjectIdLen; - v3extensions_t extensions; - struct sslCert *next; -} sslCert_t; - -typedef struct sslLocalCert { - sslRsaKey_t *privKey; - unsigned char *certBin; - uint32 certLen; - struct sslLocalCert *next; -} sslLocalCert_t; - -typedef struct { - sslLocalCert_t cert; -#ifdef USE_CLIENT_SIDE_SSL - sslCert_t *caCerts; -#endif /* USE_CLIENT_SIDE_SSL */ -} sslKeys_t; - -#endif /* USE_X509 */ - - - -/* - Helpers for inter-pki communications -*/ -extern int32 asnParseLength(unsigned char **p, int32 size, int32 *valLen); -extern int32 psAsnConfirmSignature(unsigned char *sigHash, - unsigned char *sigOut, int32 sigLen); -extern int32 getDNAttributes(psPool_t *pool, unsigned char **pp, int32 len, - DNattributes_t *attribs); -extern int32 getPubKey(psPool_t *pool, unsigned char **pp, int32 len, - sslRsaKey_t *pubKey); -extern void psFreeDNStruct(DNattributes_t *dn); - -#ifdef USE_FILE_SYSTEM -extern int32 readCertChain(psPool_t *pool, const char *certFiles, - sslLocalCert_t *lkeys); -extern int32 psGetFileBin(psPool_t *pool, const char *fileName, - unsigned char **bin, int32 *binLen); -extern int32 base64encodeAndWrite(psPool_t *pool, const char *fileName, - unsigned char *bin, int32 binLen, int32 fileType, - char *hexCipherIV, int32 hexCipherIVLen); -#endif /* USE_FILE_SYSTEM */ - -/* - Finally, include the public header -*/ -#include "matrixPki.h" - -#ifdef __cplusplus -} -#endif - -#endif /* _h_PSPKI_INTERNAL */ - diff --git a/release/src/router/matrixssl/src/pki/rsaPki.c b/release/src/router/matrixssl/src/pki/rsaPki.c deleted file mode 100644 index 29a40b02..00000000 --- a/release/src/router/matrixssl/src/pki/rsaPki.c +++ /dev/null @@ -1,682 +0,0 @@ -/* - * rsaPki.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * RSA key and cert reading - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ - -#ifdef VXWORKS -#include <vxWorks.h> -#endif /* VXWORKS */ - -#include "pkiInternal.h" - -#ifndef WINCE -#ifdef USE_FILE_SYSTEM - #include <sys/stat.h> - #include <signal.h> -#endif /* USE_FILE_SYSTEM */ -#endif /* WINCE */ -/* - For our purposes USE_RSA is used to indicate RSA private key handling. - USE_X509 indicates certificate handling and those blocks should be - wrapped inside USE_RSA because that is the only key type currently supported -*/ -#ifdef USE_RSA - -#define ATTRIB_COUNTRY_NAME 6 -#define ATTRIB_LOCALITY 7 -#define ATTRIB_ORGANIZATION 10 -#define ATTRIB_ORG_UNIT 11 -#define ATTRIB_DN_QUALIFIER 46 -#define ATTRIB_STATE_PROVINCE 8 -#define ATTRIB_COMMON_NAME 3 - - -#ifdef USE_3DES -static const char encryptHeader[] = "DEK-Info: DES-EDE3-CBC,"; -static int32 hexToBinary(unsigned char *hex, unsigned char *bin, int32 binlen); -#endif - -static int32 psAsnParsePrivateKey(psPool_t *pool, unsigned char **pp, - int32 size, sslRsaKey_t *key); -#endif /* USE_RSA */ - - -/******************************************************************************/ -/* - Open and close the PKI module. These routines are called once in the - lifetime of the application and initialize and clean up the library - respectively. -*/ -int32 matrixPkiOpen(void) -{ - if (sslOpenOsdep() < 0) { - matrixStrDebugMsg("Osdep open failure\n", NULL); - return -1; - } - return 0; -} - -void matrixPkiClose(void) -{ - sslCloseOsdep(); -} -#ifdef USE_FILE_SYSTEM -/******************************************************************************/ -/* - Return the file contents given a file name in a single allocated buffer. - Not a good routine to use generally with the fixed mem stuff. Not - actually doing a 'binary' file read. Only using the 'r' attribute since - all the cert and key files are text. -*/ -int32 psGetFileBin(psPool_t *pool, const char *fileName, unsigned char **bin, - int32 *binLen) -{ - FILE *fp; - struct stat fstat; - size_t tmp = 0; - - *binLen = 0; - *bin = NULL; - - if (fileName == NULL) { - return -1; - } - if ((stat(fileName, &fstat) != 0) || (fp = fopen(fileName, "r")) == NULL) { - return -7; /* FILE_NOT_FOUND */ - } - - *bin = psMalloc(pool, fstat.st_size + 1); - if (*bin == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - memset(*bin, 0x0, fstat.st_size + 1); - while (((tmp = fread(*bin + *binLen, sizeof(char), 512, fp)) > 0) && - (*binLen < fstat.st_size)) { - *binLen += (int32)tmp; - } - fclose(fp); - return 0; -} - -/******************************************************************************/ -/* - * Public API to return an ASN.1 encoded key stream from a PEM private - * key file - * - * If password is provided, we only deal with 3des cbc encryption - * Function allocates key on success. User must free. - */ -int32 matrixX509ReadPrivKey(psPool_t *pool, const char *fileName, - const char *password, unsigned char **keyMem, int32 *keyMemLen) -{ - unsigned char *keyBuf, *DERout; - char *start, *end, *endTmp; - int32 keyBufLen, rc, DERlen, PEMlen = 0; -#ifdef USE_3DES - sslCipherContext_t ctx; - unsigned char passKey[SSL_DES3_KEY_LEN]; - unsigned char cipherIV[SSL_DES3_IV_LEN]; - int32 tmp, encrypted = 0; -#endif /* USE_3DES */ - - if (fileName == NULL) { - return 0; - } - *keyMem = NULL; - if ((rc = psGetFileBin(pool, fileName, &keyBuf, &keyBufLen)) < 0) { - return rc; - } - start = end = NULL; - -/* - * Check header and encryption parameters. - */ - if (((start = strstr((char*)keyBuf, "-----BEGIN")) != NULL) && - ((start = strstr((char*)keyBuf, "PRIVATE KEY-----")) != NULL) && - ((end = strstr(start, "-----END")) != NULL) && - ((endTmp = strstr(end, "PRIVATE KEY-----")) != NULL)) { - start += strlen("PRIVATE KEY-----"); - while (*start == '\r' || *start == '\n') { - start++; - } - PEMlen = (int32)(end - start); - } else { - matrixStrDebugMsg("Error parsing private key buffer\n", NULL); - psFree(keyBuf); - return -1; - } - - if (strstr((char*)keyBuf, "Proc-Type:") && - strstr((char*)keyBuf, "4,ENCRYPTED")) { -#ifdef USE_3DES - encrypted++; - if (password == NULL) { - matrixStrDebugMsg("No password given for encrypted private key\n", - NULL); - psFree(keyBuf); - return -1; - } - if ((start = strstr((char*)keyBuf, encryptHeader)) == NULL) { - matrixStrDebugMsg("Unrecognized private key file encoding\n", - NULL); - psFree(keyBuf); - return -1; - } - start += strlen(encryptHeader); - /* SECURITY - we assume here that header points to at least 16 bytes of data */ - tmp = hexToBinary((unsigned char*)start, cipherIV, SSL_DES3_IV_LEN); - if (tmp < 0) { - matrixStrDebugMsg("Invalid private key file salt\n", NULL); - psFree(keyBuf); - return -1; - } - start += tmp; - generate3DESKey((unsigned char*)password, (int32)strlen(password), - cipherIV, (unsigned char*)passKey); - PEMlen = (int32)(end - start); -#else /* !USE_3DES */ -/* - * The private key is encrypted, but 3DES support has been turned off - */ - matrixStrDebugMsg("3DES has been disabled for private key decrypt\n", NULL); - psFree(keyBuf); - return -1; -#endif /* USE_3DES */ - } - -/* - Take the raw input and do a base64 decode - */ - DERout = psMalloc(pool, PEMlen); - if (DERout == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - DERlen = PEMlen; - if (ps_base64_decode((unsigned char*)start, PEMlen, DERout, - (uint32*)&DERlen) != 0) { - psFree(DERout); - psFree(keyBuf); - matrixStrDebugMsg("Unable to base64 decode private key\n", NULL); - return -1; - } - psFree(keyBuf); -#ifdef USE_3DES -/* - * Decode - */ - if (encrypted == 1 && password) { - matrix3desInit(&ctx, cipherIV, passKey, SSL_DES3_KEY_LEN); - matrix3desDecrypt(&ctx, DERout, DERout, DERlen); - } -#endif /* USE_3DES */ -/* - Don't parse this here. Return the ASN.1 encoded buf to be - consistent with the other mem APIs. Use the ParsePrivKey - function if you want the structure format -*/ - *keyMem = DERout; - *keyMemLen = DERlen; - return rc; -} - -#ifdef USE_3DES -/******************************************************************************/ -/* - Convert an ASCII hex representation to a binary buffer. - Decode enough data out of 'hex' buffer to produce 'binlen' bytes in 'bin' - Two digits of ASCII hex map to the high and low nybbles (in that order), - so this function assumes that 'hex' points to 2x 'binlen' bytes of data. - Return the number of bytes processed from hex (2x binlen) or < 0 on error. -*/ -static int32 hexToBinary(unsigned char *hex, unsigned char *bin, int32 binlen) -{ - unsigned char *end, c, highOrder; - - highOrder = 1; - for (end = hex + binlen * 2; hex < end; hex++) { - c = *hex; - if ('0' <= c && c <='9') { - c -= '0'; - } else if ('a' <= c && c <='f') { - c -= ('a' - 10); - } else if ('A' <= c && c <='F') { - c -= ('A' - 10); - } else { - return -1; - } - if (highOrder++ & 0x1) { - *bin = c << 4; - } else { - *bin |= c; - bin++; - } - } - return binlen * 2; -} -#endif /* USE_3DES */ -#endif /* USE_FILE_SYSTEM */ - -/******************************************************************************/ -/* - * In memory version of matrixRsaReadPrivKey. The keyBuf is the raw - * ASN.1 encoded buffer. - */ -int32 matrixRsaParsePrivKey(psPool_t *pool, unsigned char *keyBuf, - int32 keyBufLen, sslRsaKey_t **key) -{ - unsigned char *asnp; - -/* - Now have the DER stream to extract from in asnp - */ - *key = psMalloc(pool, sizeof(sslRsaKey_t)); - if (*key == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - memset(*key, 0x0, sizeof(sslRsaKey_t)); - - asnp = keyBuf; - if (psAsnParsePrivateKey(pool, &asnp, keyBufLen, *key) < 0) { - matrixRsaFreeKey(*key); - *key = NULL; - matrixStrDebugMsg("Unable to ASN parse private key.\n", NULL); - return -1; - } - - return 0; -} - -/******************************************************************************/ -/* - Binary to struct helper for RSA public keys. -*/ -int32 matrixRsaParsePubKey(psPool_t *pool, unsigned char *keyBuf, - int32 keyBufLen, sslRsaKey_t **key) -{ - unsigned char *p, *end; - int32 len; - - p = keyBuf; - end = p + keyBufLen; -/* - Supporting both the PKCS#1 RSAPublicKey format and the - X.509 SubjectPublicKeyInfo format. If encoding doesn't start with - the SEQUENCE identifier for the SubjectPublicKeyInfo format, jump down - to the RSAPublicKey subset parser and try that -*/ - if (getSequence(&p, (int32)(end - p), &len) == 0) { - if (getAlgorithmIdentifier(&p, (int32)(end - p), &len, 1) < 0) { - return -1; - } - } -/* - Now have the DER stream to extract from in asnp - */ - *key = psMalloc(pool, sizeof(sslRsaKey_t)); - if (*key == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - memset(*key, 0x0, sizeof(sslRsaKey_t)); - if (getPubKey(pool, &p, (int32)(end - p), *key) < 0) { - matrixRsaFreeKey(*key); - *key = NULL; - matrixStrDebugMsg("Unable to ASN parse public key\n", NULL); - return -1; - } - return 0; -} - -/******************************************************************************/ -/* - * Free an RSA key. mp_clear will zero the memory of each element and free it. - */ -void matrixRsaFreeKey(sslRsaKey_t *key) -{ - mp_clear(&(key->N)); - mp_clear(&(key->e)); - mp_clear(&(key->d)); - mp_clear(&(key->p)); - mp_clear(&(key->q)); - mp_clear(&(key->dP)); - mp_clear(&(key->dQ)); - mp_clear(&(key->qP)); - psFree(key); -} - -/******************************************************************************/ -/* - Parse a a private key structure in DER formatted ASN.1 - Per ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf - RSAPrivateKey ::= SEQUENCE { - version Version, - modulus INTEGER, -- n - publicExponent INTEGER, -- e - privateExponent INTEGER, -- d - prime1 INTEGER, -- p - prime2 INTEGER, -- q - exponent1 INTEGER, -- d mod (p-1) - exponent2 INTEGER, -- d mod (q-1) - coefficient INTEGER, -- (inverse of q) mod p - otherPrimeInfos OtherPrimeInfos OPTIONAL - } - Version ::= INTEGER { two-prime(0), multi(1) } - (CONSTRAINED BY {-- version must be multi if otherPrimeInfos present --}) - - Which should look something like this in hex (pipe character - is used as a delimiter): - ftp://ftp.rsa.com/pub/pkcs/ascii/layman.asc - 30 Tag in binary: 00|1|10000 -> UNIVERSAL | CONSTRUCTED | SEQUENCE (16) - 82 Length in binary: 1 | 0000010 -> LONG LENGTH | LENGTH BYTES (2) - 04 A4 Length Bytes (1188) - 02 Tag in binary: 00|0|00010 -> UNIVERSAL | PRIMITIVE | INTEGER (2) - 01 Length in binary: 0|0000001 -> SHORT LENGTH | LENGTH (1) - 00 INTEGER value (0) - RSAPrivateKey.version - 02 Tag in binary: 00|0|00010 -> UNIVERSAL | PRIMITIVE | INTEGER (2) - 82 Length in binary: 1 | 0000010 -> LONG LENGTH | LENGTH BYTES (2) - 01 01 Length Bytes (257) - [] 257 Bytes of data - RSAPrivateKey.modulus (2048 bit key) - 02 Tag in binary: 00|0|00010 -> UNIVERSAL | PRIMITIVE | INTEGER (2) - 03 Length in binary: 0|0000011 -> SHORT LENGTH | LENGTH (3) - 01 00 01 INTEGER value (65537) - RSAPrivateKey.publicExponent - ... - - OtherPrimeInfos is not supported in this routine, and an error will be - returned if they are present -*/ - -static int32 psAsnParsePrivateKey(psPool_t *pool, unsigned char **pp, - int32 size, sslRsaKey_t *key) -{ - unsigned char *p, *end, *seq; - int32 version, seqlen; - - key->optimized = 0; - p = *pp; - end = p + size; - - if (getSequence(&p, size, &seqlen) < 0) { - matrixStrDebugMsg("ASN sequence parse error\n", NULL); - return -1; - } - seq = p; - if (getInteger(&p, (int32)(end - p), &version) < 0 || version != 0 || - getBig(pool, &p, (int32)(end - p), &(key->N)) < 0 || - mp_shrink(&key->N) != MP_OKAY || - getBig(pool, &p, (int32)(end - p), &(key->e)) < 0 || - mp_shrink(&key->e) != MP_OKAY || - getBig(pool, &p, (int32)(end - p), &(key->d)) < 0 || - mp_shrink(&key->d) != MP_OKAY || - getBig(pool, &p, (int32)(end - p), &(key->p)) < 0 || - mp_shrink(&key->p) != MP_OKAY || - getBig(pool, &p, (int32)(end - p), &(key->q)) < 0 || - mp_shrink(&key->q) != MP_OKAY || - getBig(pool, &p, (int32)(end - p), &(key->dP)) < 0 || - mp_shrink(&key->dP) != MP_OKAY || - getBig(pool, &p, (int32)(end - p), &(key->dQ)) < 0 || - mp_shrink(&key->dQ) != MP_OKAY || - getBig(pool, &p, (int32)(end - p), &(key->qP)) < 0 || - mp_shrink(&key->qP) != MP_OKAY || - (int32)(p - seq) != seqlen) { - matrixStrDebugMsg("ASN key extract parse error\n", NULL); - return -1; - } -/* - If we made it here, the key is ready for optimized decryption -*/ - key->optimized = 1; - - *pp = p; -/* - Set the key length of the key -*/ - key->size = mp_unsigned_bin_size(&key->N); - return 0; -} - - -/******************************************************************************/ -/* - Implementations of this specification MUST be prepared to receive - the following standard attribute types in issuer names: - country, organization, organizational-unit, distinguished name qualifier, - state or province name, and common name -*/ -int32 getDNAttributes(psPool_t *pool, unsigned char **pp, int32 len, - DNattributes_t *attribs) -{ - sslSha1Context_t hash; - unsigned char *p = *pp; - unsigned char *dnEnd, *dnStart; - int32 llen, setlen, arcLen, id, stringType; - char *stringOut; - - dnStart = p; - if (getSequence(&p, len, &llen) < 0) { - return -1; - } - dnEnd = p + llen; - - matrixSha1Init(&hash); - while (p < dnEnd) { - if (getSet(&p, (int32)(dnEnd - p), &setlen) < 0) { - return -1; - } - if (getSequence(&p, (int32)(dnEnd - p), &llen) < 0) { - return -1; - } - if (dnEnd <= p || (*(p++) != ASN_OID) || - asnParseLength(&p, (int32)(dnEnd - p), &arcLen) < 0 || - (dnEnd - p) < arcLen) { - return -1; - } -/* - id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} - id-at-commonName OBJECT IDENTIFIER ::= {id-at 3} - id-at-countryName OBJECT IDENTIFIER ::= {id-at 6} - id-at-localityName OBJECT IDENTIFIER ::= {id-at 7} - id-at-stateOrProvinceName OBJECT IDENTIFIER ::= {id-at 8} - id-at-organizationName OBJECT IDENTIFIER ::= {id-at 10} - id-at-organizationalUnitName OBJECT IDENTIFIER ::= {id-at 11} -*/ - *pp = p; -/* - FUTURE: Currently skipping OIDs not of type {joint-iso-ccitt(2) ds(5) 4} - However, we could be dealing with an OID we MUST support per RFC. - domainComponent is one such example. -*/ - if (dnEnd - p < 2) { - return -1; - } - if ((*p++ != 85) || (*p++ != 4) ) { - p = *pp; -/* - Move past the OID and string type, get data size, and skip it. - NOTE: Have had problems parsing older certs in this area. -*/ - if (dnEnd - p < arcLen + 1) { - return -1; - } - p += arcLen + 1; - if (asnParseLength(&p, (int32)(dnEnd - p), &llen) < 0 || - dnEnd - p < llen) { - return -1; - } - p = p + llen; - continue; - } -/* - Next are the id of the attribute type and the ASN string type -*/ - if (arcLen != 3 || dnEnd - p < 2) { - return -1; - } - id = (int32)*p++; -/* - Done with OID parsing -*/ - stringType = (int32)*p++; - - if (asnParseLength(&p, (int32)(dnEnd - p), &llen) < 0 || - dnEnd - p < llen) { - return -1; - } - switch (stringType) { - case ASN_PRINTABLESTRING: - case ASN_UTF8STRING: - case ASN_IA5STRING: - case ASN_T61STRING: - case ASN_BMPSTRING: - stringOut = psMalloc(pool, llen + 1); - if (stringOut == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - memcpy(stringOut, p, llen); - stringOut[llen] = '\0'; -/* - Catch any hidden \0 chars in these members to address the - issue of www.goodguy.com\0badguy.com -*/ - if (strlen(stringOut) != llen) { - psFree(stringOut); - return -1; - } - - p = p + llen; - break; - default: - matrixStrDebugMsg("Parsing untested DN attrib type\n", NULL); - return -1; - } - - switch (id) { - case ATTRIB_COUNTRY_NAME: - if (attribs->country) { - psFree(attribs->country); - } - attribs->country = stringOut; - break; - case ATTRIB_STATE_PROVINCE: - if (attribs->state) { - psFree(attribs->state); - } - attribs->state = stringOut; - break; - case ATTRIB_LOCALITY: - if (attribs->locality) { - psFree(attribs->locality); - } - attribs->locality = stringOut; - break; - case ATTRIB_ORGANIZATION: - if (attribs->organization) { - psFree(attribs->organization); - } - attribs->organization = stringOut; - break; - case ATTRIB_ORG_UNIT: - if (attribs->orgUnit) { - psFree(attribs->orgUnit); - } - attribs->orgUnit = stringOut; - break; - case ATTRIB_COMMON_NAME: - if (attribs->commonName) { - psFree(attribs->commonName); - } - attribs->commonName = stringOut; - break; -/* - Not a MUST support -*/ - default: - psFree(stringOut); - stringOut = NULL; - break; - } -/* - Hash up the DN. Nice for validation later -*/ - if (stringOut != NULL) { - matrixSha1Update(&hash, (unsigned char*)stringOut, llen); - } - } - matrixSha1Final(&hash, (unsigned char*)attribs->hash); - *pp = p; - return 0; -} - -/******************************************************************************/ -/* - Get the BIT STRING key and plug into RSA structure. Not included in - asn1.c because it deals directly with the sslRsaKey_t struct. -*/ -int32 getPubKey(psPool_t *pool, unsigned char **pp, int32 len, - sslRsaKey_t *pubKey) -{ - unsigned char *p = *pp; - int32 pubKeyLen, ignore_bits, seqLen; - - if (len < 1 || (*(p++) != ASN_BIT_STRING) || - asnParseLength(&p, len - 1, &pubKeyLen) < 0 || - (len - 1) < pubKeyLen) { - return -1; - } - - ignore_bits = *p++; -/* - We assume this is always zero -*/ - sslAssert(ignore_bits == 0); - - if (getSequence(&p, pubKeyLen, &seqLen) < 0 || - getBig(pool, &p, seqLen, &pubKey->N) < 0 || - getBig(pool, &p, seqLen, &pubKey->e) < 0) { - return -1; - } - pubKey->size = mp_unsigned_bin_size(&pubKey->N); - - *pp = p; - return 0; -} - -/******************************************************************************/ -/* - Free helper -*/ -void psFreeDNStruct(DNattributes_t *dn) -{ - if (dn->country) psFree(dn->country); - if (dn->state) psFree(dn->state); - if (dn->locality) psFree(dn->locality); - if (dn->organization) psFree(dn->organization); - if (dn->orgUnit) psFree(dn->orgUnit); - if (dn->commonName) psFree(dn->commonName); -} - - -/******************************************************************************/ diff --git a/release/src/router/matrixssl/src/pki/x509.c b/release/src/router/matrixssl/src/pki/x509.c deleted file mode 100644 index fdd3e678..00000000 --- a/release/src/router/matrixssl/src/pki/x509.c +++ /dev/null @@ -1,1699 +0,0 @@ -/* - * x509.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * DER/BER coding - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "pkiInternal.h" - -/* - X509 is wrapped in USE_RSA until more key types are added -*/ -#ifdef USE_RSA -#ifdef USE_X509 - -#define IMPLICIT_ISSUER_ID 1 -#define IMPLICIT_SUBJECT_ID 2 -#define EXPLICIT_EXTENSION 3 - -#define RSA_SIG 1 -#define DSA_SIG 2 - -#define OID_SHA1 88 -#define OID_MD2 646 -#define OID_MD5 649 - -/* - Certificate extension hash mappings -*/ -#define EXT_BASIC_CONSTRAINTS 1 -#define EXT_KEY_USAGE 2 -#define EXT_SUBJ_KEY_ID 3 -#define EXT_AUTH_KEY_ID 4 -#define EXT_ALT_SUBJECT_NAME 5 - -static const struct { - unsigned char hash[16]; - int32 id; -} extTable[] = { - { { 0xa5, 0xc4, 0x5e, 0x9a, 0xa3, 0xbb, 0x71, 0x2f, 0x07, - 0xf7, 0x4c, 0xd0, 0xcd, 0x95, 0x65, 0xda }, EXT_BASIC_CONSTRAINTS }, - { { 0xf5, 0xab, 0x88, 0x49, 0xc4, 0xfd, 0xa2, 0x64, 0x6d, - 0x06, 0xa2, 0x3e, 0x83, 0x9b, 0xef, 0xbb }, EXT_KEY_USAGE }, - { { 0x91, 0x54, 0x28, 0xcc, 0x81, 0x59, 0x8c, 0x71, 0x8c, - 0x53, 0xa8, 0x4d, 0xeb, 0xd3, 0xc2, 0x18 }, EXT_SUBJ_KEY_ID }, - { { 0x48, 0x2d, 0xff, 0x49, 0xf7, 0xab, 0x93, 0xe8, 0x1f, - 0x57, 0xb5, 0xaf, 0x7f, 0xaa, 0x31, 0xbb }, EXT_AUTH_KEY_ID }, - { { 0x5c, 0x70, 0xcb, 0xf5, 0xa4, 0x07, 0x5a, 0xcc, 0xd1, - 0x55, 0xd2, 0x44, 0xdd, 0x62, 0x2c, 0x0c }, EXT_ALT_SUBJECT_NAME }, - { { 0 }, -1 } /* Must be last for proper termination */ -}; - - -static int32 getExplicitExtensions(psPool_t *pool, unsigned char **pp, - int32 len, int32 expVal, - v3extensions_t *extensions); -static int32 matrixX509ValidateCertInternal(psPool_t *pool, - sslCert_t *subjectCert, sslCert_t *issuerCert, int32 chain); -#ifdef USE_FILE_SYSTEM -static int32 parseList(psPool_t *pool, const char *list, const char *sep, - char **item); -#endif /* USE_FILE_SYSTEM */ - -/******************************************************************************/ -/* - Read in the certificate and private keys from the given files - If privPass is non-NULL, it will be used to decode an encrypted private - key file. - - The certificate is stored internally as a pointer to DER encoded X.509 - The private key is stored in a crypto provider specific structure -*/ -#ifdef USE_FILE_SYSTEM -int32 matrixX509ReadKeys(sslKeys_t **keys, const char *certFile, - const char *privFile, const char *privPass, - const char *trustedCAFiles) -{ - return matrixX509ReadKeysEx(PEERSEC_BASE_POOL, keys, certFile, privFile, - privPass, trustedCAFiles); -} -#else /* USE_FILE_SYSTEM */ -int32 matrixX509ReadKeys(sslKeys_t **keys, char *certFile, char *privFile, - char *privPass, char *trustedCAFile) -{ - matrixStrDebugMsg("Error: Calling matrixX509ReadKeys against a library " \ - "built without USE_FILE_SYSTEM defined\n", NULL); - return -1; -} -#endif /* USE_FILE_SYSTEM */ - -/******************************************************************************/ -/* - In memory version of matrixX509ReadKeys. The buffers are the ASN.1 raw - stream (ie. not base64 PEM encoded) - - API CHANGE: 1.7 changed this protoype and buffer formats (ASN.1 now) but - this function was never properly documented. Users who may have found - this function on their own and are using it will need to convert to this - new version. -*/ -int32 matrixX509ReadKeysMem(sslKeys_t **keys, unsigned char *certBuf, - int32 certLen, unsigned char *privBuf, int32 privLen, - unsigned char *trustedCABuf, int32 trustedCALen) -{ - return matrixRsaParseKeysMem(PEERSEC_BASE_POOL, keys, certBuf, certLen, - privBuf, privLen, trustedCABuf, trustedCALen); -} - -/******************************************************************************/ -/* - Free private key and cert and zero memory allocated by matrixSslReadKeys. -*/ -void matrixRsaFreeKeys(sslKeys_t *keys) -{ - sslLocalCert_t *current, *next; - int32 i = 0; - - if (keys) { - current = &keys->cert; - while (current) { - if (current->certBin) { - memset(current->certBin, 0x0, current->certLen); - psFree(current->certBin); - } - if (current->privKey) { - matrixRsaFreeKey(current->privKey); - } - next = current->next; - if (i++ > 0) { - psFree(current); - } - current = next; - } -#ifdef USE_CLIENT_SIDE_SSL - if (keys->caCerts) { - matrixX509FreeCert(keys->caCerts); - } -#endif /* USE_CLIENT_SIDE_SSL */ - psFree(keys); - } -} - -#ifdef USE_FILE_SYSTEM -/******************************************************************************/ -/* - Preferred version for commercial users who make use of memory pools. - - This use of the sslKeys_t param implies this is for use in the MatrixSSL - product (input to matrixSslNewSession). However, we didn't want to - expose this API at the matrixSsl.h level due to the pool parameter. This - is strictly an API that commerical users will have access to -*/ -int32 matrixX509ReadKeysEx(psPool_t *pool, sslKeys_t **keys, - const char *certFile, const char *privFile, - const char *privPass, const char *trustedCAFiles) -{ - sslKeys_t *lkeys; - unsigned char *privKeyMem; - int32 rc, privKeyMemLen; -#ifdef USE_CLIENT_SIDE_SSL - sslCert_t *currCert, *prevCert = NULL; - unsigned char *caCert, *caStream; - sslChainLen_t chain; - int32 caCertLen, first, i; -#endif /* USE_CLIENT_SIDE_SSL */ - - *keys = lkeys = psMalloc(pool, sizeof(sslKeys_t)); - if (lkeys == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - memset(lkeys, 0x0, sizeof(sslKeys_t)); -/* - Load certificate files. Any additional certificate files should chain - to the root CA held on the other side. -*/ - rc = readCertChain(pool, certFile, &lkeys->cert); - if (rc < 0 ) { - matrixRsaFreeKeys(lkeys); - return rc; - } -/* - The first cert in certFile must be associated with the provided - private key. -*/ - if (privFile) { - rc = matrixX509ReadPrivKey(pool, privFile, privPass, &privKeyMem, - &privKeyMemLen); - if (rc < 0) { - matrixStrDebugMsg("Error reading private key file: %s\n", - (char*)privFile); - matrixRsaFreeKeys(lkeys); - return rc; - } - rc = matrixRsaParsePrivKey(pool, privKeyMem, privKeyMemLen, - &lkeys->cert.privKey); - if (rc < 0) { - matrixStrDebugMsg("Error parsing private key file: %s\n", - (char*)privFile); - psFree(privKeyMem); - matrixRsaFreeKeys(lkeys); - return rc; - } - psFree(privKeyMem); - } - -#ifdef USE_CLIENT_SIDE_SSL -/* - Now deal with Certificate Authorities -*/ - if (trustedCAFiles != NULL) { - if (matrixX509ReadCert(pool, trustedCAFiles, &caCert, &caCertLen, - &chain) < 0 || caCert == NULL) { - matrixStrDebugMsg("Error reading CA cert files %s\n", - (char*)trustedCAFiles); - matrixRsaFreeKeys(lkeys); - return -1; - } - - caStream = caCert; - i = first = 0; - while (chain[i] != 0) { -/* - Don't allow one bad cert to ruin the whole bunch if possible -*/ - if (matrixX509ParseCert(pool, caStream, chain[i], &currCert) < 0) { - matrixX509FreeCert(currCert); - matrixStrDebugMsg("Error parsing CA cert %s\n", - (char*)trustedCAFiles); - caStream += chain[i]; caCertLen -= chain[i]; - i++; - continue; - } - - if (first == 0) { - lkeys->caCerts = currCert; - } else { - prevCert->next = currCert; - } - first++; - prevCert = currCert; - currCert = NULL; - caStream += chain[i]; caCertLen -= chain[i]; - i++; - } - sslAssert(caCertLen == 0); - psFree(caCert); - } -/* - Check to see that if a set of CAs were passed in at least - one ended up being valid. -*/ - if (trustedCAFiles != NULL && lkeys->caCerts == NULL) { - matrixStrDebugMsg("No valid CA certs in %s\n", - (char*)trustedCAFiles); - matrixRsaFreeKeys(lkeys); - return -1; - } -#endif /* USE_CLIENT_SIDE_SSL */ - return 0; -} - -/******************************************************************************/ -/* - * Public API to return a binary buffer from a cert. Suitable to send - * over the wire. Caller must free 'out' if this function returns success (0) - * Parse .pem files according to http://www.faqs.org/rfcs/rfc1421.html - */ -int32 matrixX509ReadCert(psPool_t *pool, const char *fileName, - unsigned char **out, int32 *outLen, sslChainLen_t *chain) -{ - int32 certBufLen, rc, certChainLen, i; - unsigned char *oneCert[MAX_CHAIN_LENGTH]; - unsigned char *certPtr, *tmp; - char *certFile, *start, *end, *certBuf, *endTmp; - const char sep[] = ";"; - -/* - Init chain array and output params -*/ - for (i=0; i < MAX_CHAIN_LENGTH; i++) { - oneCert[i] = NULL; - (*chain)[i] = 0; - } - *outLen = certChainLen = i = 0; - rc = -1; - -/* - For PKI product purposes, this routine now accepts a chain of certs. -*/ - if (fileName != NULL) { - fileName += parseList(pool, fileName, sep, &certFile); - } else { - return 0; - } - - while (certFile != NULL) { - - if (i == MAX_CHAIN_LENGTH) { - matrixIntDebugMsg("Exceeded maximum cert chain length of %d\n", - MAX_CHAIN_LENGTH); - psFree(certFile); - rc = -1; - goto err; - } - if ((rc = psGetFileBin(pool, certFile, (unsigned char**)&certBuf, - &certBufLen)) < 0) { - matrixStrDebugMsg("Couldn't open file %s\n", certFile); - goto err; - } - psFree(certFile); - certPtr = (unsigned char*)certBuf; - start = end = endTmp = certBuf; - - while (certBufLen > 0) { - if (((start = strstr(certBuf, "-----BEGIN")) != NULL) && - ((start = strstr(certBuf, "CERTIFICATE-----")) != NULL) && - ((end = strstr(start, "-----END")) != NULL) && - ((endTmp = strstr(end,"CERTIFICATE-----")) != NULL)) { - start += strlen("CERTIFICATE-----"); - (*chain)[i] = (int32)(end - start); - end = endTmp + strlen("CERTIFICATE-----"); - while (*end == '\r' || *end == '\n' || *end == '\t' - || *end == ' ') { - end++; - } - } else { - psFree(certPtr); - rc = -1; - goto err; - } - oneCert[i] = psMalloc(pool, (*chain)[i]); - certBufLen -= (int32)(end - certBuf); - certBuf = end; - memset(oneCert[i], '\0', (*chain)[i]); - - if (ps_base64_decode((unsigned char*)start, (*chain)[i], oneCert[i], - &(*chain)[i]) != 0) { - psFree(certPtr); - matrixStrDebugMsg("Unable to base64 decode certificate\n", NULL); - rc = -1; - goto err; - } - certChainLen += (*chain)[i]; - i++; - if (i == MAX_CHAIN_LENGTH) { - matrixIntDebugMsg("Exceeded maximum cert chain length of %d\n", - MAX_CHAIN_LENGTH); - psFree(certPtr); - rc = -1; - goto err; - } - } - psFree(certPtr); -/* - Check for more files -*/ - fileName += parseList(pool, fileName, sep, &certFile); - } - - *outLen = certChainLen; -/* - Don't bother stringing them together if only one was passed in -*/ - if (i == 1) { - sslAssert(certChainLen == (*chain)[0]); - *out = oneCert[0]; - return 0; - } else { - *out = tmp = psMalloc(pool, certChainLen); - for (i=0; i < MAX_CHAIN_LENGTH; i++) { - if (oneCert[i]) { - memcpy(tmp, oneCert[i], (*chain)[i]); - tmp += (*chain)[i]; - } - } - rc = 0; - } - -err: - for (i=0; i < MAX_CHAIN_LENGTH; i++) { - if (oneCert[i]) psFree(oneCert[i]); - } - return rc; -} - -/******************************************************************************/ -/* - This function was written strictly for clarity in the PeerSec crypto API - product. It extracts only the public key from a certificate file for use - in the lower level encrypt/decrypt RSA routines -*/ -int32 matrixX509ReadPubKey(psPool_t *pool, const char *certFile, - sslRsaKey_t **key) -{ - unsigned char *certBuf; - sslChainLen_t chain; - int32 certBufLen; - - certBuf = NULL; - if (matrixX509ReadCert(pool, certFile, &certBuf, &certBufLen, &chain) < 0) { - matrixStrDebugMsg("Unable to read certificate file %s\n", - (char*)certFile); - if (certBuf) psFree(certBuf); - return -1; - } - if (matrixX509ParsePubKey(pool, certBuf, certBufLen, key) < 0) { - psFree(certBuf); - return -1; - } - psFree(certBuf); - return 0; -} - -/******************************************************************************/ -/* - Allows for semi-colon delimited list of certificates for cert chaining. - Also allows multiple certificiates in a single file. - - HOWERVER, in both cases the first in the list must be the identifying - cert of the application. Each subsequent cert is the parent of the previous -*/ -int32 readCertChain(psPool_t *pool, const char *certFiles, - sslLocalCert_t *lkeys) -{ - sslLocalCert_t *currCert; - unsigned char *certBin, *tmp; - sslChainLen_t chain; - int32 certLen, i; - - if (certFiles == NULL) { - return 0; - } - - if (matrixX509ReadCert(pool, certFiles, &certBin, &certLen, &chain) < 0) { - matrixStrDebugMsg("Error reading cert file %s\n", (char*)certFiles); - return -1; - } -/* - The first cert is allocated in the keys struct. All others in - linked list are allocated here. -*/ - i = 0; - tmp = certBin; - while (chain[i] != 0) { - if (i == 0) { - currCert = lkeys; - } else { - currCert->next = psMalloc(pool, sizeof(sslLocalCert_t)); - if (currCert->next == NULL) { - psFree(tmp); - return -8; /* SSL_MEM_ERROR */ - } - memset(currCert->next, 0x0, sizeof(sslLocalCert_t)); - currCert = currCert->next; - } - currCert->certBin = psMalloc(pool, chain[i]); - memcpy(currCert->certBin, certBin, chain[i]); - currCert->certLen = chain[i]; - certBin += chain[i]; certLen -= chain[i]; - i++; - } - psFree(tmp); - sslAssert(certLen == 0); - return 0; -} - -/******************************************************************************/ -/* - * Strtok substitute - */ -static int32 parseList(psPool_t *pool, const char *list, const char *sep, - char **item) -{ - int32 start, listLen; - char *tmp; - - start = listLen = (int32)strlen(list) + 1; - if (start == 1) { - *item = NULL; - return 0; - } - tmp = *item = psMalloc(pool, listLen); - if (tmp == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - memset(*item, 0, listLen); - while (listLen > 0) { - if (*list == sep[0]) { - list++; - listLen--; - break; - } - if (*list == 0) { - break; - } - *tmp++ = *list++; - listLen--; - } - return start - listLen; -} -#endif /* USE_FILE_SYSTEM */ - - -/******************************************************************************/ -/* - Preferred version for commercial users who make use of memory pools. - - This use of the sslKeys_t param implies this is for use in the MatrixSSL - product (input to matrixSslNewSession). However, we didn't want to - expose this API at the matrixSsl.h level due to the pool parameter. This - is strictly an API that commerical users will have access to. -*/ -int32 matrixRsaParseKeysMem(psPool_t *pool, sslKeys_t **keys, - unsigned char *certBuf, int32 certLen, unsigned char *privBuf, - int32 privLen, unsigned char *trustedCABuf, int32 trustedCALen) -{ - sslKeys_t *lkeys; - sslLocalCert_t *current, *next; - unsigned char *binPtr; - int32 len, lenOh, i; -#ifdef USE_CLIENT_SIDE_SSL - sslCert_t *currentCA, *nextCA; -#endif /* USE_CLIENT_SIDE_SSL */ - - *keys = lkeys = psMalloc(pool, sizeof(sslKeys_t)); - if (lkeys == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - memset(lkeys, 0x0, sizeof(sslKeys_t)); -/* - The buffers are just the ASN.1 streams so the intermediate parse - that used to be here is gone. Doing a straight memcpy for this - and passing that along to X509ParseCert -*/ - i = 0; - current = &lkeys->cert; - binPtr = certBuf; -/* - Need to check for a chain here. Only way to do this is to read off the - length id from the DER stream for each. The chain must be just a stream - of DER certs with the child-most cert always first. -*/ - while (certLen > 0) { - if (getSequence(&certBuf, certLen, &len) < 0) { - matrixStrDebugMsg("Unable to parse length of cert stream\n", NULL); - matrixRsaFreeKeys(lkeys); - return -1; - } -/* - Account for the overhead of storing the length itself -*/ - lenOh = (int32)(certBuf - binPtr); - len += lenOh; - certBuf -= lenOh; -/* - First cert is already malloced -*/ - if (i > 0) { - next = psMalloc(pool, sizeof(sslLocalCert_t)); - memset(next, 0x0, sizeof(sslLocalCert_t)); - current->next = next; - current = next; - } - current->certBin = psMalloc(pool, len); - memcpy(current->certBin, certBuf, len); - current->certLen = len; - certLen -= len; - certBuf += len; - binPtr = certBuf; - i++; - } - -/* - Parse private key -*/ - if (privLen > 0) { - if (matrixRsaParsePrivKey(pool, privBuf, privLen, - &lkeys->cert.privKey) < 0) { - matrixStrDebugMsg("Error reading private key mem\n", NULL); - matrixRsaFreeKeys(lkeys); - return -1; - } - } - - -/* - Trusted CAs -*/ -#ifdef USE_CLIENT_SIDE_SSL - if (trustedCABuf != NULL && trustedCALen > 0) { - i = 0; - binPtr = trustedCABuf; - currentCA = NULL; -/* - Need to check for list here. Only way to do this is to read off the - length id from the DER stream for each. -*/ - while (trustedCALen > 0) { - if (getSequence(&trustedCABuf, trustedCALen, &len) < 0) { - matrixStrDebugMsg("Unable to parse length of CA stream\n", - NULL); - matrixRsaFreeKeys(lkeys); - return -1; - } -/* - Account for the overhead of storing the length itself -*/ - lenOh = (int32)(trustedCABuf - binPtr); - len += lenOh; - trustedCABuf -= lenOh; - - if (matrixX509ParseCert(pool, trustedCABuf, len, ¤tCA) < 0) { - matrixX509FreeCert(currentCA); - matrixStrDebugMsg("Error parsing CA cert\n", NULL); - matrixRsaFreeKeys(lkeys); - return -1; - } -/* - First cert should be assigned to lkeys -*/ - if (i == 0) { - lkeys->caCerts = currentCA; - nextCA = lkeys->caCerts; - } else { - nextCA->next = currentCA; - nextCA = currentCA; - } - currentCA = currentCA->next; - trustedCALen -= len; - trustedCABuf += len; - binPtr = trustedCABuf; - i++; - } - } -#endif /* USE_CLIENT_SIDE_SSL */ - - return 0; -} - -/******************************************************************************/ -/* - In-memory version of matrixX509ReadPubKey. - This function was written strictly for clarity in the PeerSec crypto API - subset. It extracts only the public key from a certificate file for use - in the lower level encrypt/decrypt RSA routines. -*/ -int32 matrixX509ParsePubKey(psPool_t *pool, unsigned char *certBuf, - int32 certLen, sslRsaKey_t **key) -{ - sslRsaKey_t *lkey; - sslCert_t *certStruct; - int32 err; - - if (matrixX509ParseCert(pool, certBuf, certLen, &certStruct) < 0) { - matrixX509FreeCert(certStruct); - return -1; - } - lkey = *key = psMalloc(pool, sizeof(sslRsaKey_t)); - memset(lkey, 0x0, sizeof(sslRsaKey_t)); - - if ((err = _mp_init_multi(pool, &lkey->e, &lkey->N, NULL, - NULL, NULL, NULL, NULL, NULL)) != MP_OKAY) { - matrixX509FreeCert(certStruct); - psFree(lkey); - return err; - } - mp_copy(&certStruct->publicKey.e, &lkey->e); - mp_copy(&certStruct->publicKey.N, &lkey->N); - - mp_shrink(&lkey->e); - mp_shrink(&lkey->N); - - lkey->size = certStruct->publicKey.size; - - matrixX509FreeCert(certStruct); - - return 0; -} - - -/******************************************************************************/ -/* - Parse an X509 ASN.1 certificate stream - http://www.faqs.org/rfcs/rfc2459.html section 4.1 -*/ -int32 matrixX509ParseCert(psPool_t *pool, unsigned char *pp, int32 size, - sslCert_t **outcert) -{ - sslCert_t *cert; - sslMd5Context_t md5Ctx; - sslSha1Context_t sha1Ctx; - unsigned char *p, *end, *certStart, *certEnd; - int32 certLen, len, parsing; -#ifdef USE_MD2 - sslMd2Context_t md2Ctx; -#endif /* USE_MD2 */ - -/* - Allocate the cert structure right away. User MUST always call - matrixX509FreeCert regardless of whether this function succeeds. - memset is important because the test for NULL is what is used - to determine what to free -*/ - *outcert = cert = psMalloc(pool, sizeof(sslCert_t)); - if (cert == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - memset(cert, '\0', sizeof(sslCert_t)); - - p = pp; - end = p + size; -/* - Certificate ::= SEQUENCE { - tbsCertificate TBSCertificate, - signatureAlgorithm AlgorithmIdentifier, - signatureValue BIT STRING } -*/ - parsing = 1; - while (parsing) { - if (getSequence(&p, (int32)(end - p), &len) < 0) { - matrixStrDebugMsg("Initial cert parse error\n", NULL); - return -1; - } - certStart = p; -/* - TBSCertificate ::= SEQUENCE { - version [0] EXPLICIT Version DEFAULT v1, - serialNumber CertificateSerialNumber, - signature AlgorithmIdentifier, - issuer Name, - validity Validity, - subject Name, - subjectPublicKeyInfo SubjectPublicKeyInfo, - issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version shall be v2 or v3 - subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version shall be v2 or v3 - extensions [3] EXPLICIT Extensions OPTIONAL - -- If present, version shall be v3 } -*/ - if (getSequence(&p, (int32)(end - p), &len) < 0) { - matrixStrDebugMsg("ASN sequence parse error\n", NULL); - return -1; - } - certEnd = p + len; - certLen = (int32)(certEnd - certStart); - -/* - Version ::= INTEGER { v1(0), v2(1), v3(2) } -*/ - if (getExplicitVersion(&p, (int32)(end - p), 0, &cert->version) < 0) { - matrixStrDebugMsg("ASN version parse error\n", NULL); - return -1; - } - if (cert->version != 2) { - matrixIntDebugMsg("Warning: non-v3 certificate version: %d\n", - cert->version); - } -/* - CertificateSerialNumber ::= INTEGER -*/ - if (getSerialNum(pool, &p, (int32)(end - p), &cert->serialNumber, - &cert->serialNumberLen) < 0) { - matrixStrDebugMsg("ASN serial number parse error\n", NULL); - return -1; - } -/* - AlgorithmIdentifier ::= SEQUENCE { - algorithm OBJECT IDENTIFIER, - parameters ANY DEFINED BY algorithm OPTIONAL } -*/ - if (getAlgorithmIdentifier(&p, (int32)(end - p), - &cert->certAlgorithm, 0) < 0) { - return -1; - } -/* - Name ::= CHOICE { - RDNSequence } - - RDNSequence ::= SEQUENCE OF RelativeDistinguishedName - - RelativeDistinguishedName ::= SET OF AttributeTypeAndValue - - AttributeTypeAndValue ::= SEQUENCE { - type AttributeType, - value AttributeValue } - - AttributeType ::= OBJECT IDENTIFIER - - AttributeValue ::= ANY DEFINED BY AttributeType -*/ - if (getDNAttributes(pool, &p, (int32)(end - p), &cert->issuer) < 0) { - return -1; - } -/* - Validity ::= SEQUENCE { - notBefore Time, - notAfter Time } -*/ - if (getValidity(pool, &p, (int32)(end - p), &cert->notBefore, - &cert->notAfter) < 0) { - return -1; - } -/* - Subject DN -*/ - if (getDNAttributes(pool, &p, (int32)(end - p), &cert->subject) < 0) { - return -1; - } -/* - SubjectPublicKeyInfo ::= SEQUENCE { - algorithm AlgorithmIdentifier, - subjectPublicKey BIT STRING } -*/ - if (getSequence(&p, (int32)(end - p), &len) < 0) { - return -1; - } - if (getAlgorithmIdentifier(&p, (int32)(end - p), - &cert->pubKeyAlgorithm, 1) < 0) { - return -1; - } - - if (getPubKey(pool, &p, (int32)(end - p), &cert->publicKey) < 0) { - return -1; - } - -/* - As the next three values are optional, we can do a specific test here -*/ - if (*p != (ASN_SEQUENCE | ASN_CONSTRUCTED)) { - if (getImplicitBitString(pool, &p, (int32)(end - p), IMPLICIT_ISSUER_ID, - &cert->uniqueUserId, &cert->uniqueUserIdLen) < 0 || - getImplicitBitString(pool, &p, (int32)(end - p), IMPLICIT_SUBJECT_ID, - &cert->uniqueSubjectId, &cert->uniqueSubjectIdLen) < 0 || - getExplicitExtensions(pool, &p, (int32)(end - p), EXPLICIT_EXTENSION, - &cert->extensions) < 0) { - matrixStrDebugMsg("There was an error parsing a certificate\n", NULL); - matrixStrDebugMsg("extension. This is likely caused by an\n", NULL); - matrixStrDebugMsg("extension format that is not currently\n", NULL); - matrixStrDebugMsg("recognized. Please email support@peersec.com\n", NULL); - matrixStrDebugMsg("to add support for the extension.\n\n", NULL); - return -1; - } - } -/* - This is the end of the cert. Do a check here to be certain -*/ - if (certEnd != p) { - return -1; - } -/* - Certificate signature info -*/ - if (getAlgorithmIdentifier(&p, (int32)(end - p), - &cert->sigAlgorithm, 0) < 0) { - return -1; - } -/* - Signature algorithm must match that specified in TBS cert -*/ - if (cert->certAlgorithm != cert->sigAlgorithm) { - matrixStrDebugMsg("Parse error: mismatched signature type\n", NULL); - return -1; - } -/* - Compute the hash of the cert here for CA validation -*/ - if (cert->certAlgorithm == OID_RSA_MD5) { - matrixMd5Init(&md5Ctx); - matrixMd5Update(&md5Ctx, certStart, certLen); - matrixMd5Final(&md5Ctx, cert->sigHash); - } else if (cert->certAlgorithm == OID_RSA_SHA1) { - matrixSha1Init(&sha1Ctx); - matrixSha1Update(&sha1Ctx, certStart, certLen); - matrixSha1Final(&sha1Ctx, cert->sigHash); - } -#ifdef USE_MD2 - else if (cert->certAlgorithm == OID_RSA_MD2) { - matrixMd2Init(&md2Ctx); - matrixMd2Update(&md2Ctx, certStart, certLen); - matrixMd2Final(&md2Ctx, cert->sigHash); - } -#endif /* USE_MD2 */ - - if (getSignature(pool, &p, (int32)(end - p), &cert->signature, - &cert->signatureLen) < 0) { - return -1; - } -/* - The ability to parse additional chained certs is a PKI product - feature addition. Chaining in MatrixSSL is handled internally. -*/ - if (p != end) { - cert->next = psMalloc(pool, sizeof(sslCert_t)); - cert = cert->next; - memset(cert, '\0', sizeof(sslCert_t)); - } else { - parsing = 0; - } - } - - return (int32)(p - pp); -} - -/******************************************************************************/ -/* - User must call after all calls to matrixX509ParseCert - (we violate the coding standard a bit here for clarity) -*/ -void matrixX509FreeCert(sslCert_t *cert) -{ - sslCert_t *curr, *next; - sslSubjectAltName_t *active, *inc; - - curr = cert; - while (curr) { - psFreeDNStruct(&curr->issuer); - psFreeDNStruct(&curr->subject); - if (curr->serialNumber) psFree(curr->serialNumber); - if (curr->notBefore) psFree(curr->notBefore); - if (curr->notAfter) psFree(curr->notAfter); - if (curr->publicKey.N.dp) mp_clear(&(curr->publicKey.N)); - if (curr->publicKey.e.dp) mp_clear(&(curr->publicKey.e)); - if (curr->signature) psFree(curr->signature); - if (curr->uniqueUserId) psFree(curr->uniqueUserId); - if (curr->uniqueSubjectId) psFree(curr->uniqueSubjectId); - - if (curr->extensions.san) { - active = curr->extensions.san; - while (active != NULL) { - inc = active->next; - psFree(active->data); - psFree(active); - active = inc; - } - } - - -#ifdef USE_FULL_CERT_PARSE - if (curr->extensions.keyUsage) psFree(curr->extensions.keyUsage); - if (curr->extensions.sk.id) psFree(curr->extensions.sk.id); - if (curr->extensions.ak.keyId) psFree(curr->extensions.ak.keyId); - if (curr->extensions.ak.serialNum) - psFree(curr->extensions.ak.serialNum); - if (curr->extensions.ak.attribs.commonName) - psFree(curr->extensions.ak.attribs.commonName); - if (curr->extensions.ak.attribs.country) - psFree(curr->extensions.ak.attribs.country); - if (curr->extensions.ak.attribs.state) - psFree(curr->extensions.ak.attribs.state); - if (curr->extensions.ak.attribs.locality) - psFree(curr->extensions.ak.attribs.locality); - if (curr->extensions.ak.attribs.organization) - psFree(curr->extensions.ak.attribs.organization); - if (curr->extensions.ak.attribs.orgUnit) - psFree(curr->extensions.ak.attribs.orgUnit); -#endif /* SSL_FULL_CERT_PARSE */ - next = curr->next; - psFree(curr); - curr = next; - } -} - -/******************************************************************************/ -/* - Do the signature validation for a subject certificate against a - known CA certificate -*/ -int32 psAsnConfirmSignature(unsigned char *sigHash, unsigned char *sigOut, - int32 sigLen) -{ - unsigned char *end, *p = sigOut; - unsigned char hash[SSL_SHA1_HASH_SIZE]; - int32 len, oi; - - end = p + sigLen; -/* - DigestInfo ::= SEQUENCE { - digestAlgorithm DigestAlgorithmIdentifier, - digest Digest } - - DigestAlgorithmIdentifier ::= AlgorithmIdentifier - - Digest ::= OCTET STRING -*/ - if (getSequence(&p, (int32)(end - p), &len) < 0) { - return -1; - } - -/* - Could be MD5 or SHA1 - */ - if (getAlgorithmIdentifier(&p, (int32)(end - p), &oi, 0) < 0) { - return -1; - } - if ((*p++ != ASN_OCTET_STRING) || - asnParseLength(&p, (int32)(end - p), &len) < 0 || (end - p) < len) { - return -1; - } - memcpy(hash, p, len); - if (oi == OID_MD5 || oi == OID_MD2) { - if (len != SSL_MD5_HASH_SIZE) { - return -1; - } - } else if (oi == OID_SHA1) { - if (len != SSL_SHA1_HASH_SIZE) { - return -1; - } - } else { - return -1; - } -/* - hash should match sigHash -*/ - if (memcmp(hash, sigHash, len) != 0) { - return -1; - } - return 0; -} - -/******************************************************************************/ -/* - Extension lookup -*/ -static int32 lookupExt(unsigned char md5hash[SSL_MD5_HASH_SIZE]) -{ - int32 i, j; - const unsigned char *tmp; - - for (i = 0; ;i++) { - if (extTable[i].id == -1) { - return -1; - } - tmp = extTable[i].hash; - for (j = 0; j < SSL_MD5_HASH_SIZE; j++) { - if (md5hash[j] != tmp[j]) { - break; - } - if (j == SSL_MD5_HASH_SIZE - 1) { - return extTable[i].id; - } - } - } -} - -/******************************************************************************/ -/* - X509v3 extensions -*/ -static int32 getExplicitExtensions(psPool_t *pool, unsigned char **pp, - int32 inlen, int32 expVal, - v3extensions_t *extensions) -{ - unsigned char *p = *pp, *end; - unsigned char *extEnd, *extStart; - int32 len, noid, critical, fullExtLen; - unsigned char oid[SSL_MD5_HASH_SIZE]; - sslMd5Context_t md5ctx; - sslSubjectAltName_t *activeName, *prevName; - - end = p + inlen; - if (inlen < 1) { - return -1; - } -/* - Not treating this as an error because it is optional. -*/ - if (*p != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | expVal)) { - return 0; - } - p++; - if (asnParseLength(&p, (int32)(end - p), &len) < 0 || (end - p) < len) { - return -1; - } -/* - Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension - - Extension ::= SEQUENCE { - extnID OBJECT IDENTIFIER, - extnValue OCTET STRING } -*/ - if (getSequence(&p, (int32)(end - p), &len) < 0) { - return -1; - } - extEnd = p + len; - while ((p != extEnd) && *p == (ASN_SEQUENCE | ASN_CONSTRUCTED)) { - if (getSequence(&p, (int32)(extEnd - p), &fullExtLen) < 0) { - return -1; - } - extStart = p; -/* - Conforming CAs MUST support key identifiers, basic constraints, - key usage, and certificate policies extensions - - id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } - id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } 133 - id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } - id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } - id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } 131 -*/ - if (extEnd - p < 1 || *p++ != ASN_OID) { - return -1; - } - - if (asnParseLength(&p, (int32)(extEnd - p), &len) < 0 || - (extEnd - p) < len) { - return -1; - } -/* - Send the OID through a digest to get the unique id -*/ - matrixMd5Init(&md5ctx); - while (len-- > 0) { - matrixMd5Update(&md5ctx, p, sizeof(char)); - p++; - } - matrixMd5Final(&md5ctx, oid); - noid = lookupExt(oid); - -/* - Possible boolean value here for 'critical' id. It's a failure if a - critical extension is found that is not supported -*/ - critical = 0; - if (*p == ASN_BOOLEAN) { - p++; - if (*p++ != 1) { - matrixStrDebugMsg("Error parsing cert extension\n", NULL); - return -1; - } - if (*p++ > 0) { - critical = 1; - } - } - if (extEnd - p < 1 || (*p++ != ASN_OCTET_STRING) || - asnParseLength(&p, (int32)(extEnd - p), &len) < 0 || - extEnd - p < len) { - matrixStrDebugMsg("Expecting OCTET STRING in ext parse\n", NULL); - return -1; - } - - switch (noid) { -/* - BasicConstraints ::= SEQUENCE { - cA BOOLEAN DEFAULT FALSE, - pathLenConstraint INTEGER (0..MAX) OPTIONAL } -*/ - case EXT_BASIC_CONSTRAINTS: - if (getSequence(&p, (int32)(extEnd - p), &len) < 0) { - return -1; - } -/* - "This goes against PKIX guidelines but some CAs do it and some - software requires this to avoid interpreting an end user - certificate as a CA." - - OpenSSL certificate configuration doc - - basicConstraints=CA:FALSE -*/ - if (len == 0) { - break; - } -/* - Have seen some certs that don't include a cA bool. -*/ - if (*p == ASN_BOOLEAN) { - p++; - if (*p++ != 1) { - return -1; - } - extensions->bc.ca = *p++; - } else { - extensions->bc.ca = 0; - } -/* - Now need to check if there is a path constraint. Only makes - sense if cA is true. If it's missing, there is no limit to - the cert path -*/ - if (*p == ASN_INTEGER) { - if (getInteger(&p, (int32)(extEnd - p), - &(extensions->bc.pathLenConstraint)) < 0) { - return -1; - } - } else { - extensions->bc.pathLenConstraint = -1; - } - break; - case EXT_ALT_SUBJECT_NAME: - if (getSequence(&p, (int32)(extEnd - p), &len) < 0) { - return -1; - } -/* - Looking only for DNS, URI, and email here to support - FQDN for Web clients - - FUTURE: Support all subject alt name members - GeneralName ::= CHOICE { - otherName [0] OtherName, - rfc822Name [1] IA5String, - dNSName [2] IA5String, - x400Address [3] ORAddress, - directoryName [4] Name, - ediPartyName [5] EDIPartyName, - uniformResourceIdentifier [6] IA5String, - iPAddress [7] OCTET STRING, - registeredID [8] OBJECT IDENTIFIER } -*/ - while (len > 0) { - if (extensions->san == NULL) { - activeName = extensions->san = psMalloc(pool, - sizeof(sslSubjectAltName_t)); - } else { -/* - Find the end -*/ - prevName = extensions->san; - activeName = prevName->next; - while (activeName != NULL) { - prevName = activeName; - activeName = prevName->next; - } - prevName->next = psMalloc(pool, - sizeof(sslSubjectAltName_t)); - activeName = prevName->next; - } - activeName->next = NULL; - activeName->data = NULL; - memset(activeName->name, '\0', 16); - - activeName->id = *p & 0xF; - switch (activeName->id) { - case 0: - memcpy(activeName->name, "other", 5); - break; - case 1: - memcpy(activeName->name, "email", 5); - break; - case 2: - memcpy(activeName->name, "DNS", 3); - break; - case 3: - memcpy(activeName->name, "x400Address", 11); - break; - case 4: - memcpy(activeName->name, "directoryName", 13); - break; - case 5: - memcpy(activeName->name, "ediPartyName", 12); - break; - case 6: - memcpy(activeName->name, "URI", 3); - break; - case 7: - memcpy(activeName->name, "iPAddress", 9); - break; - case 8: - memcpy(activeName->name, "registeredID", 12); - break; - default: - memcpy(activeName->name, "unknown", 7); - break; - } - - p++; - activeName->dataLen = *p++; - if (extEnd - p < activeName->dataLen) { - return -1; - } - activeName->data = psMalloc(pool, activeName->dataLen + 1); - if (activeName->data == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - memset(activeName->data, 0x0, activeName->dataLen + 1); - memcpy(activeName->data, p, activeName->dataLen); - - p = p + activeName->dataLen; - /* the magic 2 is the type and length */ - len -= activeName->dataLen + 2; - } - break; -#ifdef USE_FULL_CERT_PARSE - case EXT_AUTH_KEY_ID: -/* - AuthorityKeyIdentifier ::= SEQUENCE { - keyIdentifier [0] KeyIdentifier OPTIONAL, - authorityCertIssuer [1] GeneralNames OPTIONAL, - authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } - - KeyIdentifier ::= OCTET STRING -*/ - if (getSequence(&p, (int32)(extEnd - p), &len) < 0) { - return -1; - } -/* - Have seen a cert that has a zero length ext here. Let it pass. -*/ - if (len == 0) { - break; - } -/* - All memebers are optional -*/ - if (*p == (ASN_CONTEXT_SPECIFIC | ASN_PRIMITIVE | 0)) { - p++; - if (asnParseLength(&p, (int32)(extEnd - p), - &extensions->ak.keyLen) < 0 || - extEnd - p < extensions->ak.keyLen) { - return -1; - } - extensions->ak.keyId = psMalloc(pool, extensions->ak.keyLen); - if (extensions->ak.keyId == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - memcpy(extensions->ak.keyId, p, extensions->ak.keyLen); - p = p + extensions->ak.keyLen; - } - if (*p == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)) { - p++; - if (asnParseLength(&p, (int32)(extEnd - p), &len) < 0 || - len < 1 || extEnd - p < len) { - return -1; - } - if ((*p ^ ASN_CONTEXT_SPECIFIC ^ ASN_CONSTRUCTED) != 4) { -/* - FUTURE: support other name types - We are just dealing with DN formats here -*/ - matrixIntDebugMsg("Error auth key-id name type: %d\n", - *p ^ ASN_CONTEXT_SPECIFIC ^ ASN_CONSTRUCTED); - return -1; - } - p++; - if (asnParseLength(&p, (int32)(extEnd - p), &len) < 0 || - extEnd - p < len) { - return -1; - } - if (getDNAttributes(pool, &p, (int32)(extEnd - p), - &(extensions->ak.attribs)) < 0) { - return -1; - } - } - if ((*p == (ASN_CONTEXT_SPECIFIC | ASN_PRIMITIVE | 2)) || - (*p == ASN_INTEGER)){ -/* - Treat as a serial number (not a native INTEGER) -*/ - if (getSerialNum(pool, &p, (int32)(extEnd - p), - &(extensions->ak.serialNum), &len) < 0) { - return -1; - } - extensions->ak.serialNumLen = len; - } - break; - - case EXT_KEY_USAGE: -/* - KeyUsage ::= BIT STRING { - digitalSignature (0), - nonRepudiation (1), - keyEncipherment (2), - dataEncipherment (3), - keyAgreement (4), - keyCertSign (5), - - cRLSign (6), - encipherOnly (7), - decipherOnly (8) } -*/ - if (*p++ != ASN_BIT_STRING) { - return -1; - } - if (asnParseLength(&p, (int32)(extEnd - p), &len) < 0 || - extEnd - p < len) { - return -1; - } -/* - We'd expect a length of 3 with the first byte being '07' to - account for the trailing ignore bits in the second byte. - But it doesn't appear all certificates adhere to the ASN.1 - encoding standard very closely. Just set it all aside for - user to interpret as necessary. -*/ - extensions->keyUsage = psMalloc(pool, len); - memcpy(extensions->keyUsage, p, len); - extensions->keyUsageLen = len; - p = p + len; - break; - case EXT_SUBJ_KEY_ID: -/* - The value of the subject key identifier MUST be the value - placed in the key identifier field of the Auth Key Identifier - extension of certificates issued by the subject of - this certificate. -*/ - if (*p++ != ASN_OCTET_STRING || asnParseLength(&p, - (int32)(extEnd - p), &(extensions->sk.len)) < 0 || - extEnd - p < extensions->sk.len) { - return -1; - } - extensions->sk.id = psMalloc(pool, extensions->sk.len); - if (extensions->sk.id == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - memcpy(extensions->sk.id, p, extensions->sk.len); - p = p + extensions->sk.len; - break; -#endif /* USE_FULL_CERT_PARSE */ -/* - Unsupported or skipping because USE_FULL_CERT_PARSE is undefined -*/ - default: - if (critical) { -/* - SPEC DIFFERENCE: Ignoring an unrecognized critical - extension. The specification dictates an error should - occur, but real-world experience has shown this is not - a realistic or desirable action. Also, no other SSL - implementations have been found to error in this case. - It is NOT a security risk in an RSA authenticaion sense. -*/ - matrixStrDebugMsg("Unknown critical ext encountered\n", - NULL); - } - p++; -/* - Skip over based on the length reported from the ASN_SEQUENCE - surrounding the entire extension. It is not a guarantee that - the value of the extension itself will contain it's own length. -*/ - p = p + (fullExtLen - (p - extStart)); - break; - } - } - *pp = p; - return 0; -} - -/******************************************************************************/ -/* - Walk through the certificate chain and validate it. Return the final - member of the chain as the subjectCert that can then be validated against - the CAs. The subjectCert points into the chain param (no need to free) -*/ -int32 matrixX509ValidateCertChain(psPool_t *pool, sslCert_t *chain, - sslCert_t **subjectCert, int32 *valid) -{ - sslCert_t *ic; - - *subjectCert = chain; - *valid = 1; - while ((*subjectCert)->next != NULL) { - ic = (*subjectCert)->next; - if (matrixX509ValidateCertInternal(pool, *subjectCert, ic, 1) < 0) { - *valid = -1; - return -1; - } -/* - If any portion is invalid, it's all invalid -*/ - if ((*subjectCert)->valid != 1) { - *valid = -1; - } - *subjectCert = (*subjectCert)->next; - } - return 0; -} - -/******************************************************************************/ -/* - A signature validation for certificates. -1 return is an error. The success - of the validation is returned in the 'valid' param of the subjectCert. - 1 if the issuerCert signed the subject cert. -1 if not -*/ -int32 matrixX509ValidateCert(psPool_t *pool, sslCert_t *subjectCert, - sslCert_t *issuerCert, int32 *valid) -{ - if (matrixX509ValidateCertInternal(pool, subjectCert, issuerCert, 0) < 0) { - *valid = -1; - return -1; - } - *valid = subjectCert->valid; - return 0; -} - -static int32 matrixX509ValidateCertInternal(psPool_t *pool, - sslCert_t *subjectCert, sslCert_t *issuerCert, int32 chain) -{ - sslCert_t *ic; - unsigned char sigOut[10 + SSL_SHA1_HASH_SIZE + 5]; /* See below */ - int32 sigLen, sigType, rc; - - subjectCert->valid = -1; -/* - Supporting a one level chain or a self-signed cert. If the issuer - is NULL, the self-signed test is done. -*/ - if (issuerCert == NULL) { - matrixStrDebugMsg("Warning: No CA to validate cert with\n", NULL); - matrixStrDebugMsg("\tPerforming self-signed CA test\n", NULL); - ic = subjectCert; - } else { - ic = issuerCert; - } -/* - Path confirmation. If this is a chain verification, do not allow - any holes in the path. Error out if issuer does not have CA permissions - or if hashes do not match anywhere along the way. -*/ - while (ic) { - if (subjectCert != ic) { -/* - Certificate authority constraint only available in version 3 certs -*/ - if ((ic->version > 1) && (ic->extensions.bc.ca <= 0)) { - if (chain) { - return -1; - } - ic = ic->next; - continue; - } -/* - Use sha1 hash of issuer fields computed at parse time to compare -*/ - if (memcmp(subjectCert->issuer.hash, ic->subject.hash, - SSL_SHA1_HASH_SIZE) != 0) { - if (chain) { - return -1; - } - ic = ic->next; - continue; - } - } -/* - Signature confirmation - The sigLen is the ASN.1 size in bytes for encoding the hash. - The magic 10 is comprised of the SEQUENCE and ALGORITHM ID overhead. - The magic 8 and 5 are the OID lengths of the corresponding algorithm. - NOTE: if sigLen is modified, above sigOut static size must be changed -*/ - if (subjectCert->sigAlgorithm == OID_RSA_MD5 || - subjectCert->sigAlgorithm == OID_RSA_MD2) { - sigType = RSA_SIG; - sigLen = 10 + SSL_MD5_HASH_SIZE + 8; /* See above */ - } else if (subjectCert->sigAlgorithm == OID_RSA_SHA1) { - sigLen = 10 + SSL_SHA1_HASH_SIZE + 5; /* See above */ - sigType = RSA_SIG; - } else { - matrixStrDebugMsg("Unsupported signature algorithm\n", NULL); - return -1; - } - - if (sigType == RSA_SIG) { - sslAssert(sigLen <= sizeof(sigOut)); - - /* note: on error & no CA, flag as invalid, but don't exit as error here (<1.8.7? behavior) -- zzz */ - if (matrixRsaDecryptPub(pool, &(ic->publicKey), - subjectCert->signature, subjectCert->signatureLen, sigOut, - sigLen) < 0) { - matrixStrDebugMsg("Unable to RSA decrypt signature\n", NULL); - if (issuerCert) return -1; - rc = -1; - } else { - rc = psAsnConfirmSignature(subjectCert->sigHash, sigOut, sigLen); - } - } -/* - If this is a chain test, fail on any gaps in the chain -*/ - if (rc < 0) { - if (chain) { - return -1; - } - ic = ic->next; - continue; - } -/* - Fall through to here only if passed signature check. -*/ - subjectCert->valid = 1; - break; - } - return 0; -} - -/******************************************************************************/ -/* - Calls a user defined callback to allow for manual validation of the - certificate. -*/ -int32 matrixX509UserValidator(psPool_t *pool, sslCert_t *subjectCert, - int32 (*certValidator)(sslCertInfo_t *t, void *arg), void *arg) -{ - sslCertInfo_t *cert, *current, *next; - int32 rc; - - if (certValidator == NULL) { - return 0; - } -/* - Pass the entire certificate chain to the user callback. -*/ - current = cert = psMalloc(pool, sizeof(sslCertInfo_t)); - if (current == NULL) { - return -8; /* SSL_MEM_ERROR */ - } - memset(cert, 0x0, sizeof(sslCertInfo_t)); - while (subjectCert) { - - current->issuer.commonName = subjectCert->issuer.commonName; - current->issuer.country = subjectCert->issuer.country; - current->issuer.locality = subjectCert->issuer.locality; - current->issuer.organization = subjectCert->issuer.organization; - current->issuer.orgUnit = subjectCert->issuer.orgUnit; - current->issuer.state = subjectCert->issuer.state; - - current->subject.commonName = subjectCert->subject.commonName; - current->subject.country = subjectCert->subject.country; - current->subject.locality = subjectCert->subject.locality; - current->subject.organization = subjectCert->subject.organization; - current->subject.orgUnit = subjectCert->subject.orgUnit; - current->subject.state = subjectCert->subject.state; - - current->serialNumber = subjectCert->serialNumber; - current->serialNumberLen = subjectCert->serialNumberLen; - current->verified = subjectCert->valid; - current->notBefore = subjectCert->notBefore; - current->notAfter = subjectCert->notAfter; - - current->subjectAltName = subjectCert->extensions.san; - - if (subjectCert->certAlgorithm == OID_RSA_MD5 || - subjectCert->certAlgorithm == OID_RSA_MD2) { - current->sigHashLen = SSL_MD5_HASH_SIZE; - } else if (subjectCert->certAlgorithm == OID_RSA_SHA1) { - current->sigHashLen = SSL_SHA1_HASH_SIZE; - } - current->sigHash = (char*)subjectCert->sigHash; - if (subjectCert->next) { - next = psMalloc(pool, sizeof(sslCertInfo_t)); - if (next == NULL) { - while (cert) { - next = cert->next; - psFree(cert); - cert = next; - } - return -8; /* SSL_MEM_ERROR */ - } - memset(next, 0x0, sizeof(sslCertInfo_t)); - current->next = next; - current = next; - } - subjectCert = subjectCert->next; - } -/* - The user callback -*/ - rc = certValidator(cert, arg); -/* - Free the chain -*/ - while (cert) { - next = cert->next; - psFree(cert); - cert = next; - } - return rc; -} -#endif /* USE_X509 */ -#endif /* USE_RSA */ - - -/******************************************************************************/ - - diff --git a/release/src/router/matrixssl/src/sslDecode.c b/release/src/router/matrixssl/src/sslDecode.c deleted file mode 100644 index ccdde5cc..00000000 --- a/release/src/router/matrixssl/src/sslDecode.c +++ /dev/null @@ -1,1392 +0,0 @@ -/* - * sslDecode.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Secure Sockets Layer message decoding - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "matrixInternal.h" - -/******************************************************************************/ - -#define SSL_MAX_IGNORED_MESSAGE_COUNT 1024 - -static int32 parseSSLHandshake(ssl_t *ssl, char *inbuf, int32 len); -static int32 parseSingleCert(ssl_t *ssl, unsigned char *c, unsigned char *end, - int32 certLen); - -/******************************************************************************/ -/* - Parse incoming data per http://wp.netscape.com/eng/ssl3 -*/ -int32 matrixSslDecode(ssl_t *ssl, sslBuf_t *in, sslBuf_t *out, - unsigned char *error, unsigned char *alertLevel, - unsigned char *alertDescription) -{ - unsigned char *c, *p, *end, *pend, *oend; - unsigned char *mac, macError; - int32 rc; - unsigned char padLen; -/* - If we've had a protocol error, don't allow further use of the session -*/ - *error = SSL_ALERT_NONE; - if (ssl->flags & SSL_FLAGS_ERROR || ssl->flags & SSL_FLAGS_CLOSED) { - return SSL_ERROR; - } -/* - This flag is set if the previous call to this routine returned an SSL_FULL - error from encodeResponse, indicating that there is data to be encoded, - but the out buffer was not big enough to handle it. If we fall in this - case, the user has increased the out buffer size and is re-calling this - routine -*/ - if (ssl->flags & SSL_FLAGS_NEED_ENCODE) { - ssl->flags &= ~SSL_FLAGS_NEED_ENCODE; - goto encodeResponse; - } - - c = in->start; - end = in->end; - oend = out->end; -/* - Processing the SSL Record header: - If the high bit of the first byte is set and this is the first - message we've seen, we parse the request as an SSLv2 request - http://wp.netscape.com/eng/security/SSL_2.html - SSLv2 also supports a 3 byte header when padding is used, but this should - not be required for the initial plaintext message, so we don't support it - v3 Header: - 1 byte type - 1 byte major version - 1 byte minor version - 2 bytes length - v2 Header - 2 bytes length (ignore high bit) -*/ -decodeMore: - sslAssert(out->end == oend); - if (end - c == 0) { -/* - This case could happen if change cipher spec was last - message in the buffer -*/ - return SSL_SUCCESS; - } - - if (end - c < SSL2_HEADER_LEN) { - return SSL_PARTIAL; - } - if (ssl->majVer != 0 || (*c & 0x80) == 0) { - if (end - c < ssl->recordHeadLen) { - return SSL_PARTIAL; - } - ssl->rec.type = *c; c++; - ssl->rec.majVer = *c; c++; - ssl->rec.minVer = *c; c++; - ssl->rec.len = *c << 8; c++; - ssl->rec.len += *c; c++; - } else { - ssl->rec.type = SSL_RECORD_TYPE_HANDSHAKE; - ssl->rec.majVer = 2; - ssl->rec.minVer = 0; - ssl->rec.len = (*c & 0x7f) << 8; c++; - ssl->rec.len += *c; c++; - } -/* - Validate the various record headers. The type must be valid, - the major and minor versions must match the negotiated versions (if we're - past ClientHello) and the length must be < 16K and > 0 -*/ - if (ssl->rec.type != SSL_RECORD_TYPE_CHANGE_CIPHER_SPEC && - ssl->rec.type != SSL_RECORD_TYPE_ALERT && - ssl->rec.type != SSL_RECORD_TYPE_HANDSHAKE && - ssl->rec.type != SSL_RECORD_TYPE_APPLICATION_DATA) { - ssl->err = SSL_ALERT_UNEXPECTED_MESSAGE; - matrixIntDebugMsg("Record header type not valid: %d\n", ssl->rec.type); - goto encodeResponse; - } - -/* - Verify the record version numbers unless this is the first record we're - reading. -*/ - if (ssl->hsState != SSL_HS_SERVER_HELLO && - ssl->hsState != SSL_HS_CLIENT_HELLO) { - if (ssl->rec.majVer != ssl->majVer || ssl->rec.minVer != ssl->minVer) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Record header version not valid\n", NULL); - goto encodeResponse; - } - } -/* - Verify max and min record lengths -*/ - if (ssl->rec.len > SSL_MAX_RECORD_LEN || ssl->rec.len == 0) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixIntDebugMsg("Record header length not valid: %d\n", ssl->rec.len); - goto encodeResponse; - } -/* - This implementation requires the entire SSL record to be in the 'in' buffer - before we parse it. This is because we need to MAC the entire record before - allowing it to be used by the caller. The only alternative would be to - copy the partial record to an internal buffer, but that would require more - memory usage, which we're trying to keep low. -*/ - if (end - c < ssl->rec.len) { - return SSL_PARTIAL; - } - -/* - Make sure we have enough room to hold the decoded record -*/ - if ((out->buf + out->size) - out->end < ssl->rec.len) { - return SSL_FULL; - } - -/* - Decrypt the entire record contents. The record length should be - a multiple of block size, or decrypt will return an error - If we're still handshaking and sending plaintext, the decryption - callback will point to a null provider that passes the data unchanged -*/ - if (ssl->decrypt(&ssl->sec.decryptCtx, c, out->end, ssl->rec.len) < 0) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - goto encodeResponse; - } - c += ssl->rec.len; -/* - If we're reading a secure message, we need to validate the MAC and - padding (if using a block cipher). Insecure messages do not have - a trailing MAC or any padding. - - SECURITY - There are several vulnerabilities in block cipher padding - that we handle in the below code. For more information see: - http://www.openssl.org/~bodo/tls-cbc.txt -*/ - if (ssl->flags & SSL_FLAGS_READ_SECURE) { -/* - Verify the record is at least as big as the MAC - Start tracking MAC errors, rather then immediately catching them to - stop timing and alert description attacks that differentiate between - a padding error and a MAC error. -*/ - if (ssl->rec.len < ssl->deMacSize) { - ssl->err = SSL_ALERT_BAD_RECORD_MAC; - matrixStrDebugMsg("Record length too short for MAC\n", NULL); - goto encodeResponse; - } - macError = 0; -/* - Decode padding only if blocksize is > 0 (we're using a block cipher), - otherwise no padding will be present, and the mac is the last - macSize bytes of the record. -*/ - if (ssl->deBlockSize <= 1) { - mac = out->end + ssl->rec.len - ssl->deMacSize; - } else { -/* - Verify the pad data for block ciphers - c points within the cipher text, p points within the plaintext - The last byte of the record is the pad length -*/ - p = out->end + ssl->rec.len; - padLen = *(p - 1); -/* - SSL3.0 requires the pad length to be less than blockSize - TLS can have a pad length up to 255 for obfuscating the data len -*/ - if (ssl->majVer == SSL3_MAJ_VER && ssl->minVer == SSL3_MIN_VER && - padLen >= ssl->deBlockSize) { - macError++; - } -/* - The minimum record length is the size of the mac, plus pad bytes - plus one length byte -*/ - if (ssl->rec.len < ssl->deMacSize + padLen + 1) { - macError++; - } -/* - The mac starts macSize bytes before the padding and length byte. - If we have a macError, just fake the mac as the last macSize bytes - of the record, so we are sure to have enough bytes to verify - against, we'll fail anyway, so the actual contents don't matter. -*/ - if (!macError) { - mac = p - padLen - 1 - ssl->deMacSize; - } else { - mac = out->end + ssl->rec.len - ssl->deMacSize; - } - } -/* - Verify the MAC of the message by calculating our own MAC of the message - and comparing it to the one in the message. We do this step regardless - of whether or not we've already set macError to stop timing attacks. - Clear the mac in the callers buffer if we're successful -*/ - if (ssl->verifyMac(ssl, ssl->rec.type, out->end, - (int32)(mac - out->end), mac) < 0 || macError) { - ssl->err = SSL_ALERT_BAD_RECORD_MAC; - matrixStrDebugMsg("Couldn't verify MAC or pad of record data\n", - NULL); - goto encodeResponse; - } - memset(mac, 0x0, ssl->deMacSize); -/* - Record data starts at out->end and ends at mac -*/ - p = out->end; - pend = mac; - } else { -/* - The record data is the entire record as there is no MAC or padding -*/ - p = out->end; - pend = mac = out->end + ssl->rec.len; - } -/* - Check now for maximum plaintext length of 16kb. No appropriate - SSL alert for this -*/ - if ((int32)(pend - p) > SSL_MAX_PLAINTEXT_LEN) { - ssl->err = SSL_ALERT_BAD_RECORD_MAC; - matrixStrDebugMsg("Record overflow\n", NULL); - goto encodeResponse; - } - -/* - Take action based on the actual record type we're dealing with - 'p' points to the start of the data, and 'pend' points to the end -*/ - switch (ssl->rec.type) { - case SSL_RECORD_TYPE_CHANGE_CIPHER_SPEC: -/* - Body is single byte with value 1 to indicate that the next message - will be encrypted using the negotiated cipher suite -*/ - if (pend - p < 1) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid length for CipherSpec\n", NULL); - goto encodeResponse; - } - if (*p == 1) { - p++; - } else { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid value for CipherSpec\n", NULL); - goto encodeResponse; - } - -/* - If we're expecting finished, then this is the right place to get - this record. It is really part of the handshake but it has its - own record type. - Activate the read cipher callbacks, so we will decrypt incoming - data from now on. -*/ - if (ssl->hsState == SSL_HS_FINISHED) { - sslActivateReadCipher(ssl); - } else { - ssl->err = SSL_ALERT_UNEXPECTED_MESSAGE; - matrixIntDebugMsg("Invalid CipherSpec order: %d\n", ssl->hsState); - goto encodeResponse; - } - in->start = c; - goto decodeMore; - - case SSL_RECORD_TYPE_ALERT: -/* - 1 byte alert level (warning or fatal) - 1 byte alert description corresponding to SSL_ALERT_* -*/ - if (pend - p < 2) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Error in length of alert record\n", NULL); - goto encodeResponse; - } - *alertLevel = *p; p++; - *alertDescription = *p; p++; -/* - If the alert is fatal, or is a close message (usually a warning), - flag the session with ERROR so it cannot be used anymore. - Caller can decide whether or not to close on other warnings. -*/ - if (*alertLevel == SSL_ALERT_LEVEL_FATAL) { - ssl->flags |= SSL_FLAGS_ERROR; - } - if (*alertDescription == SSL_ALERT_CLOSE_NOTIFY) { - ssl->flags |= SSL_FLAGS_CLOSED; - } - return SSL_ALERT; - - case SSL_RECORD_TYPE_HANDSHAKE: -/* - We've got one or more handshake messages in the record data. - The handshake parsing function will take care of all messages - and return an error if there is any problem. - If there is a response to be sent (either a return handshake - or an error alert, send it). If the message was parsed, but no - response is needed, loop up and try to parse another message -*/ - rc = parseSSLHandshake(ssl, (char*)p, (int32)(pend - p)); - switch (rc) { - case SSL_SUCCESS: - in->start = c; - return SSL_SUCCESS; - case SSL_PROCESS_DATA: - in->start = c; - goto encodeResponse; - case SSL_ERROR: - if (ssl->err == SSL_ALERT_NONE) { - ssl->err = SSL_ALERT_HANDSHAKE_FAILURE; - } - goto encodeResponse; - } - break; - - case SSL_RECORD_TYPE_APPLICATION_DATA: -/* - Data is in the out buffer, let user handle it - Don't allow application data until handshake is complete, and we are - secure. It is ok to let application data through on the client - if we are in the SERVER_HELLO state because this could mean that - the client has sent a CLIENT_HELLO message for a rehandshake - and is awaiting reply. -*/ - if ((ssl->hsState != SSL_HS_DONE && ssl->hsState != SSL_HS_SERVER_HELLO) - || !(ssl->flags & SSL_FLAGS_READ_SECURE)) { - ssl->err = SSL_ALERT_UNEXPECTED_MESSAGE; - matrixIntDebugMsg("Incomplete handshake: %d\n", ssl->hsState); - goto encodeResponse; - } -/* - SECURITY - If the mac is at the current out->end, then there is no data - in the record. These records are valid, but are usually not sent by - the application layer protocol. Rather, they are initiated within the - remote SSL protocol implementation to avoid some types of attacks when - using block ciphers. For more information see: - http://www.openssl.org/~bodo/tls-cbc.txt - - We eat these records here rather than passing them on to the caller. - The rationale behind this is that if the caller's application protocol - is depending on zero length SSL messages, it will fail anyway if some of - those messages are initiated within the SSL protocol layer. Also - this clears up any confusion where the caller might interpret a zero - length read as an end of file (EOF) or would block (EWOULDBLOCK) type - scenario. - - SECURITY - Looping back up and ignoring the message has the potential - for denial of service, because we are not changing the state of the - system in any way when processing these messages. To counteract this, - we maintain a counter that we share with other types of ignored messages -*/ - in->start = c; - if (out->end == mac) { - if (ssl->ignoredMessageCount++ < SSL_MAX_IGNORED_MESSAGE_COUNT) { - goto decodeMore; - } - ssl->err = SSL_ALERT_UNEXPECTED_MESSAGE; - matrixIntDebugMsg("Exceeded limit on ignored messages: %d\n", - SSL_MAX_IGNORED_MESSAGE_COUNT); - goto encodeResponse; - } - if (ssl->ignoredMessageCount > 0) { - ssl->ignoredMessageCount--; - } - out->end = mac; - return SSL_PROCESS_DATA; - } -/* - Should not get here -*/ - matrixIntDebugMsg("Invalid record type in matrixSslDecode: %d\n", - ssl->rec.type); - return SSL_ERROR; - -encodeResponse: -/* - We decoded a record that needs a response, either a handshake response - or an alert if we've detected an error. - - SECURITY - Clear the decoded incoming record from outbuf before encoding - the response into outbuf. rec.len could be invalid, clear the minimum - of rec.len and remaining outbuf size -*/ - rc = min (ssl->rec.len, (int32)((out->buf + out->size) - out->end)); - if (rc > 0) { - memset(out->end, 0x0, rc); - } - if (ssl->hsState == SSL_HS_HELLO_REQUEST) { -/* - Don't clear the session info. If receiving a HELLO_REQUEST from a - MatrixSSL enabled server the determination on whether to reuse the - session is made on that side, so always send the current session -*/ - rc = matrixSslEncodeClientHello(ssl, out, ssl->cipher->id); - } else { - rc = sslEncodeResponse(ssl, out); - } - if (rc == SSL_SUCCESS) { - if (ssl->err != SSL_ALERT_NONE) { - *error = (unsigned char)ssl->err; - ssl->flags |= SSL_FLAGS_ERROR; - return SSL_ERROR; - } - return SSL_SEND_RESPONSE; - } - if (rc == SSL_FULL) { - ssl->flags |= SSL_FLAGS_NEED_ENCODE; - return SSL_FULL; - } - return SSL_ERROR; -} - -/******************************************************************************/ -/* - The workhorse for parsing handshake messages. Also enforces the state - machine for proper ordering of handshake messages. - Parameters: - ssl - ssl context - inbuf - buffer to read handshake message from - len - data length for the current ssl record. The ssl record - can contain multiple handshake messages, so we may need to parse - them all here. - Return: - SSL_SUCCESS - SSL_PROCESS_DATA - SSL_ERROR - see ssl->err for details -*/ -static int32 parseSSLHandshake(ssl_t *ssl, char *inbuf, int32 len) -{ - unsigned char *c; - unsigned char *end; - unsigned char hsType; - int32 i, hsLen, rc, parseLen = 0; - uint32 cipher = 0; - unsigned char hsMsgHash[SSL_MD5_HASH_SIZE + SSL_SHA1_HASH_SIZE]; - -#ifdef USE_SERVER_SIDE_SSL - unsigned char *p; - int32 suiteLen, challengeLen, pubKeyLen, extLen; -#endif /* USE_SERVER_SIDE_SSL */ - -#ifdef USE_CLIENT_SIDE_SSL - int32 sessionIdLen, certMatch, certTypeLen; - sslCert_t *subjectCert; - int32 valid, certLen, certChainLen, anonCheck; - sslCert_t *cert, *currentCert; -#endif /* USE_CLIENT_SIDE_SSL */ - - rc = SSL_SUCCESS; - c = (unsigned char*)inbuf; - end = (unsigned char*)(inbuf + len); - - -parseHandshake: - if (end - c < 1) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid length of handshake message\n", NULL); - return SSL_ERROR; - } - hsType = *c; c++; - -#ifndef ALLOW_SERVER_REHANDSHAKES -/* - Disables server renegotiation. This is in response to the HTTPS - flaws discovered by Marsh Ray in which a man-in-the-middle may take - advantage of the "authentication gap" in the SSL renegotiation protocol -*/ - if (hsType == SSL_HS_CLIENT_HELLO && ssl->hsState == SSL_HS_DONE) { - ssl->err = SSL_ALERT_UNEXPECTED_MESSAGE; - matrixStrDebugMsg("Server rehandshaking is disabled\n", NULL); - return SSL_ERROR; - } -#endif /* ALLOW_SERVER_REHANDSHAKES */ - -/* - hsType is the received handshake type and ssl->hsState is the expected - handshake type. If it doesn't match, there are some possible cases - that are not errors. These are checked here. -*/ - if (hsType != ssl->hsState && - (hsType != SSL_HS_CLIENT_HELLO || ssl->hsState != SSL_HS_DONE)) { - -/* - A mismatch is possible in the client authentication case. - The optional CERTIFICATE_REQUEST may be appearing instead of - SERVER_HELLO_DONE. -*/ - if ((hsType == SSL_HS_CERTIFICATE_REQUEST) && - (ssl->hsState == SSL_HS_SERVER_HELLO_DONE)) { -/* - This is where the client is first aware of requested client - authentication so we set the flag here. -*/ - ssl->flags |= SSL_FLAGS_CLIENT_AUTH; - ssl->hsState = SSL_HS_CERTIFICATE_REQUEST; - goto hsStateDetermined; - } -/* - Another possible mismatch allowed is for a HELLO_REQEST message. - Indicates a rehandshake initiated from the server. -*/ - if ((hsType == SSL_HS_HELLO_REQUEST) && - (ssl->hsState == SSL_HS_DONE) && - !(ssl->flags & SSL_FLAGS_SERVER)) { - sslResetContext(ssl); - ssl->hsState = hsType; - goto hsStateDetermined; - } - - - - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixIntDebugMsg("Invalid type of handshake message: %d\n", hsType); - return SSL_ERROR; - } - -hsStateDetermined: - if (hsType == SSL_HS_CLIENT_HELLO) { - sslInitHSHash(ssl); - if (ssl->hsState == SSL_HS_DONE) { -/* - Rehandshake. Server receiving client hello on existing connection -*/ - sslResetContext(ssl); - ssl->hsState = hsType; - } - } - -/* - We need to get a copy of the message hashes to compare to those sent - in the finished message (which does not include a hash of itself) - before we update the handshake hashes -*/ - if (ssl->hsState == SSL_HS_FINISHED) { - sslSnapshotHSHash(ssl, hsMsgHash, - (ssl->flags & SSL_FLAGS_SERVER) ? 0 : SSL_FLAGS_SERVER); - } - -/* - Process the handshake header and update the ongoing handshake hash - SSLv3: - 1 byte type - 3 bytes length - SSLv2: - 1 byte type -*/ - if (ssl->rec.majVer >= SSL3_MAJ_VER) { - if (end - c < 3) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid length of handshake message\n", NULL); - return SSL_ERROR; - } - hsLen = *c << 16; c++; - hsLen += *c << 8; c++; - hsLen += *c; c++; - if (end - c < hsLen) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid handshake length\n", NULL); - return SSL_ERROR; - } - sslUpdateHSHash(ssl, c - ssl->hshakeHeadLen, - hsLen + ssl->hshakeHeadLen); - - } else if (ssl->rec.majVer == SSL2_MAJ_VER) { -/* - Assume that the handshake len is the same as the incoming ssl record - length minus 1 byte (type), this is verified in SSL_HS_CLIENT_HELLO -*/ - hsLen = len - 1; - sslUpdateHSHash(ssl, (unsigned char*)inbuf, len); - } else { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixIntDebugMsg("Invalid record version: %d\n", ssl->rec.majVer); - return SSL_ERROR; - } -/* - Finished with header. Process each type of handshake message. -*/ - switch(ssl->hsState) { - -#ifdef USE_SERVER_SIDE_SSL - case SSL_HS_CLIENT_HELLO: -/* - First two bytes are the highest supported major and minor SSL versions - We support only 3.0 (support 3.1 in commercial version) -*/ - if (end - c < 2) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid ssl header version length\n", NULL); - return SSL_ERROR; - } - ssl->reqMajVer = *c; c++; - ssl->reqMinVer = *c; c++; - if (ssl->reqMajVer >= SSL3_MAJ_VER) { - ssl->majVer = ssl->reqMajVer; - ssl->minVer = SSL3_MIN_VER; - - } else { - ssl->err = SSL_ALERT_HANDSHAKE_FAILURE; - matrixIntDebugMsg("Unsupported ssl version: %d\n", ssl->reqMajVer); - return SSL_ERROR; - } -/* - Support SSLv3 and SSLv2 ClientHello messages. Browsers usually send v2 - messages for compatibility -*/ - if (ssl->rec.majVer > SSL2_MAJ_VER) { -/* - Next is a 32 bytes of random data for key generation - and a single byte with the session ID length -*/ - if (end - c < SSL_HS_RANDOM_SIZE + 1) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid length of random data\n", NULL); - return SSL_ERROR; - } - memcpy(ssl->sec.clientRandom, c, SSL_HS_RANDOM_SIZE); - c += SSL_HS_RANDOM_SIZE; - ssl->sessionIdLen = *c; c++; -/* - If a session length was specified, the client is asking to - resume a previously established session to speed up the handshake. -*/ - if (ssl->sessionIdLen > 0) { - if (ssl->sessionIdLen > SSL_MAX_SESSION_ID_SIZE || - end - c < ssl->sessionIdLen) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - return SSL_ERROR; - } - memcpy(ssl->sessionId, c, ssl->sessionIdLen); - c += ssl->sessionIdLen; -/* - Look up the session id for ssl session resumption. If found, we - load the pre-negotiated masterSecret and cipher. - A resumed request must meet the following restrictions: - The id must be present in the lookup table - The requested version must match the original version - The cipher suite list must contain the original cipher suite -*/ - if (matrixResumeSession(ssl) >= 0) { - ssl->flags &= ~SSL_FLAGS_CLIENT_AUTH; - ssl->flags |= SSL_FLAGS_RESUMED; - } else { - memset(ssl->sessionId, 0, SSL_MAX_SESSION_ID_SIZE); - ssl->sessionIdLen = 0; - } - } else { -/* - Always clear the RESUMED flag if no client session id specified -*/ - ssl->flags &= ~SSL_FLAGS_RESUMED; - } -/* - Next is the two byte cipher suite list length, network byte order. - It must not be zero, and must be a multiple of two. -*/ - if (end - c < 2) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid cipher suite list length\n", NULL); - return SSL_ERROR; - } - suiteLen = *c << 8; c++; - suiteLen += *c; c++; - if (suiteLen == 0 || suiteLen & 1) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixIntDebugMsg("Unable to parse cipher suite list: %d\n", - suiteLen); - return SSL_ERROR; - } -/* - Now is 'suiteLen' bytes of the supported cipher suite list, - listed in order of preference. Loop through and find the - first cipher suite we support. -*/ - if (end - c < suiteLen) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - return SSL_ERROR; - } - p = c + suiteLen; - while (c < p) { - cipher = *c << 8; c++; - cipher += *c; c++; -/* - A resumed session can only match the cipher originally - negotiated. Otherwise, match the first cipher that we support -*/ - if (ssl->flags & SSL_FLAGS_RESUMED) { - sslAssert(ssl->cipher); - if (ssl->cipher->id == cipher) { - c = p; - break; - } - } else { - if ((ssl->cipher = sslGetCipherSpec(cipher)) != NULL) { - c = p; - break; - } - } - } -/* - If we fell to the default cipher suite, we didn't have - any in common with the client, or the client is being bad - and requesting the null cipher! -*/ - if (ssl->cipher == NULL || ssl->cipher->id != cipher || - cipher == SSL_NULL_WITH_NULL_NULL) { - matrixStrDebugMsg("Can't support requested cipher\n", NULL); - ssl->cipher = sslGetCipherSpec(SSL_NULL_WITH_NULL_NULL); - ssl->err = SSL_ALERT_HANDSHAKE_FAILURE; - return SSL_ERROR; - } - -/* - Bypass the compression parameters. Only supporting mandatory NULL -*/ - if (end - c < 1) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid compression header length\n", NULL); - return SSL_ERROR; - } - extLen = *c++; - if (end - c < extLen) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid compression header length\n", NULL); - return SSL_ERROR; - } - c += extLen; - } else { -/* - Parse a SSLv2 ClientHello message. The same information is - conveyed but the order and format is different. - First get the cipher suite length, session id length and challenge - (client random) length - all two byte values, network byte order. -*/ - if (end - c < 6) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Can't parse hello message\n", NULL); - return SSL_ERROR; - } - suiteLen = *c << 8; c++; - suiteLen += *c; c++; - if (suiteLen == 0 || suiteLen % 3 != 0) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Can't parse hello message\n", NULL); - return SSL_ERROR; - } - ssl->sessionIdLen = *c << 8; c++; - ssl->sessionIdLen += *c; c++; -/* - A resumed session would use a SSLv3 ClientHello, not SSLv2. -*/ - if (ssl->sessionIdLen != 0) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Bad resumption request\n", NULL); - return SSL_ERROR; - } - challengeLen = *c << 8; c++; - challengeLen += *c; c++; - if (challengeLen < 16 || challengeLen > 32) { - matrixStrDebugMsg("Bad challenge length\n", NULL); - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - return SSL_ERROR; - } -/* - Validate the three lengths that were just sent to us, don't - want any buffer overflows while parsing the remaining data -*/ - if (end - c != suiteLen + ssl->sessionIdLen + challengeLen) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - return SSL_ERROR; - } -/* - Parse the cipher suite list similar to the SSLv3 method, except - each suite is 3 bytes, instead of two bytes. We define the suite - as an integer value, so either method works for lookup. - We don't support session resumption from V2 handshakes, so don't - need to worry about matching resumed cipher suite. -*/ - p = c + suiteLen; - while (c < p) { - cipher = *c << 16; c++; - cipher += *c << 8; c++; - cipher += *c; c++; - if ((ssl->cipher = sslGetCipherSpec(cipher)) != NULL) { - c = p; - break; - } - } - if (ssl->cipher == NULL || - ssl->cipher->id == SSL_NULL_WITH_NULL_NULL) { - ssl->cipher = sslGetCipherSpec(SSL_NULL_WITH_NULL_NULL); - ssl->err = SSL_ALERT_HANDSHAKE_FAILURE; - matrixStrDebugMsg("Can't support requested cipher\n", NULL); - return SSL_ERROR; - } -/* - We don't allow session IDs for v2 ClientHellos -*/ - if (ssl->sessionIdLen > 0) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("SSLv2 sessions not allowed\n", NULL); - return SSL_ERROR; - } -/* - The client random (between 16 and 32 bytes) fills the least - significant bytes in the (always) 32 byte SSLv3 client random field. -*/ - memset(ssl->sec.clientRandom, 0x0, SSL_HS_RANDOM_SIZE); - memcpy(ssl->sec.clientRandom + (SSL_HS_RANDOM_SIZE - challengeLen), - c, challengeLen); - c += challengeLen; - } -/* - ClientHello should be the only one in the record. -*/ - if (c != end) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid final client hello length\n", NULL); - return SSL_ERROR; - } - - -/* - If we're resuming a handshake, then the next handshake message we - expect is the finished message. Otherwise we do the full handshake. -*/ - if (ssl->flags & SSL_FLAGS_RESUMED) { - ssl->hsState = SSL_HS_FINISHED; - } else { - ssl->hsState = SSL_HS_CLIENT_KEY_EXCHANGE; - } -/* - Now that we've parsed the ClientHello, we need to tell the caller that - we have a handshake response to write out. - The caller should call sslWrite upon receiving this return code. -*/ - rc = SSL_PROCESS_DATA; - break; - - case SSL_HS_CLIENT_KEY_EXCHANGE: -/* - RSA: This message contains the premaster secret encrypted with the - server's public key (from the Certificate). The premaster - secret is 48 bytes of random data, but the message may be longer - than that because the 48 bytes are padded before encryption - according to PKCS#1v1.5. After encryption, we should have the - correct length. -*/ - if (end - c < hsLen) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid ClientKeyExchange length\n", NULL); - return SSL_ERROR; - } - sslActivatePublicCipher(ssl); - - pubKeyLen = hsLen; - - -/* - Now have a handshake pool to allocate the premaster storage -*/ - ssl->sec.premasterSize = SSL_HS_RSA_PREMASTER_SIZE; - ssl->sec.premaster = psMalloc(ssl->hsPool, - SSL_HS_RSA_PREMASTER_SIZE); - - if (ssl->decryptPriv(ssl->hsPool, ssl->keys->cert.privKey, c, - pubKeyLen, ssl->sec.premaster, ssl->sec.premasterSize) - != ssl->sec.premasterSize) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Failed to decrypt premaster\n", NULL); - return SSL_ERROR; - } - -/* - The first two bytes of the decrypted message should be the - client's requested version number (which may not be the same - as the final negotiated version). The other 46 bytes - - pure random! - - SECURITY - - Some SSL clients (Including Microsoft IE 6.0) incorrectly set - the first two bytes to the negotiated version rather than the - requested version. This is known in OpenSSL as the - SSL_OP_TLS_ROLLBACK_BUG. We allow this to slide only if we - don't support TLS, TLS was requested and the negotiated - versions match. -*/ - if (*ssl->sec.premaster != ssl->reqMajVer) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Incorrect version in ClientKeyExchange\n", - NULL); - return SSL_ERROR; - } - if (*(ssl->sec.premaster + 1) != ssl->reqMinVer) { - if (ssl->reqMinVer < TLS_MIN_VER || - *(ssl->sec.premaster + 1) != ssl->minVer) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Incorrect version in ClientKeyExchange\n", - NULL); - return SSL_ERROR; - } - } - -/* - Now that we've got the premaster secret, derive the various - symmetric keys using it and the client and server random values. - Update the cached session (if found) with the masterSecret and - negotiated cipher. -*/ - sslDeriveKeys(ssl); - - matrixUpdateSession(ssl); - - c += pubKeyLen; - ssl->hsState = SSL_HS_FINISHED; - - - break; -#endif /* USE_SERVER_SIDE_SSL */ - - case SSL_HS_FINISHED: -/* - Before the finished handshake message, we should have seen the - CHANGE_CIPHER_SPEC message come through in the record layer, which - would have activated the read cipher, and set the READ_SECURE flag. - This is the first handshake message that was sent securely. -*/ - if (!(ssl->flags & SSL_FLAGS_READ_SECURE)) { - ssl->err = SSL_ALERT_UNEXPECTED_MESSAGE; - matrixStrDebugMsg("Finished before ChangeCipherSpec\n", NULL); - return SSL_ERROR; - } -/* - The contents of the finished message is a 16 byte MD5 hash followed - by a 20 byte sha1 hash of all the handshake messages so far, to verify - that nothing has been tampered with while we were still insecure. - Compare the message to the value we calculated at the beginning of - this function. -*/ - if (hsLen != SSL_MD5_HASH_SIZE + SSL_SHA1_HASH_SIZE) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid Finished length\n", NULL); - return SSL_ERROR; - } - if (end - c < hsLen) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid Finished length\n", NULL); - return SSL_ERROR; - } - if (memcmp(c, hsMsgHash, hsLen) != 0) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid handshake msg hash\n", NULL); - return SSL_ERROR; - } - c += hsLen; - ssl->hsState = SSL_HS_DONE; -/* - Now that we've parsed the Finished message, if we're a resumed - connection, we're done with handshaking, otherwise, we return - SSL_PROCESS_DATA to get our own cipher spec and finished messages - sent out by the caller. -*/ - if (ssl->flags & SSL_FLAGS_SERVER) { - if (!(ssl->flags & SSL_FLAGS_RESUMED)) { - rc = SSL_PROCESS_DATA; - } - } else { - if (ssl->flags & SSL_FLAGS_RESUMED) { - rc = SSL_PROCESS_DATA; - } - } -#ifdef USE_CLIENT_SIDE_SSL -/* - Free handshake pool, of which the cert is the primary member. - There is also an attempt to free the handshake pool during - the sending of the finished message to deal with client - and server and differing handshake types. Both cases are - attempted keep the lifespan of this pool as short as possible. - This is the default case for the server side. -*/ - if (ssl->sec.cert) { - matrixX509FreeCert(ssl->sec.cert); - ssl->sec.cert = NULL; - } -#endif /* USE_CLIENT_SIDE */ - break; - -#ifdef USE_CLIENT_SIDE_SSL - case SSL_HS_HELLO_REQUEST: -/* - No body message and the only one in record flight -*/ - if (end - c != 0) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid hello request message\n", NULL); - return SSL_ERROR; - } -/* - Intentionally not changing state here to SERVER_HELLO. The - encodeResponse case this will fall into needs to distinguish - between calling the normal sslEncodeResponse or encodeClientHello. - The HELLO_REQUEST state is used to make that determination and the - writing of CLIENT_HELLO will properly move the state along itself. -*/ - rc = SSL_PROCESS_DATA; - break; - - case SSL_HS_SERVER_HELLO: -/* - First two bytes are the negotiated SSL version - We support only 3.0 (other options are 2.0 or 3.1) -*/ - if (end - c < 2) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid ssl header version length\n", NULL); - return SSL_ERROR; - } - ssl->reqMajVer = *c; c++; - ssl->reqMinVer = *c; c++; - if (ssl->reqMajVer != ssl->majVer) { - ssl->err = SSL_ALERT_HANDSHAKE_FAILURE; - matrixIntDebugMsg("Unsupported ssl version: %d\n", ssl->reqMajVer); - return SSL_ERROR; - } - -/* - Next is a 32 bytes of random data for key generation - and a single byte with the session ID length -*/ - if (end - c < SSL_HS_RANDOM_SIZE + 1) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid length of random data\n", NULL); - return SSL_ERROR; - } - memcpy(ssl->sec.serverRandom, c, SSL_HS_RANDOM_SIZE); - c += SSL_HS_RANDOM_SIZE; - sessionIdLen = *c; c++; - if (sessionIdLen > SSL_MAX_SESSION_ID_SIZE || - end - c < sessionIdLen) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - return SSL_ERROR; - } -/* - If a session length was specified, the server has sent us a - session Id. We may have requested a specific session, and the - server may or may not agree to use that session. -*/ - if (sessionIdLen > 0) { - if (ssl->sessionIdLen > 0) { - if (memcmp(ssl->sessionId, c, sessionIdLen) == 0) { - ssl->flags |= SSL_FLAGS_RESUMED; - } else { - ssl->cipher = sslGetCipherSpec(SSL_NULL_WITH_NULL_NULL); - memset(ssl->sec.masterSecret, 0x0, SSL_HS_MASTER_SIZE); - ssl->sessionIdLen = sessionIdLen; - memcpy(ssl->sessionId, c, sessionIdLen); - ssl->flags &= ~SSL_FLAGS_RESUMED; - } - } else { - ssl->sessionIdLen = sessionIdLen; - memcpy(ssl->sessionId, c, sessionIdLen); - } - c += sessionIdLen; - } else { - if (ssl->sessionIdLen > 0) { - ssl->cipher = sslGetCipherSpec(SSL_NULL_WITH_NULL_NULL); - memset(ssl->sec.masterSecret, 0x0, SSL_HS_MASTER_SIZE); - ssl->sessionIdLen = 0; - memset(ssl->sessionId, 0x0, SSL_MAX_SESSION_ID_SIZE); - ssl->flags &= ~SSL_FLAGS_RESUMED; - } - } -/* - Next is the two byte cipher suite -*/ - if (end - c < 2) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid cipher suite length\n", NULL); - return SSL_ERROR; - } - cipher = *c << 8; c++; - cipher += *c; c++; - -/* - A resumed session can only match the cipher originally - negotiated. Otherwise, match the first cipher that we support -*/ - if (ssl->flags & SSL_FLAGS_RESUMED) { - sslAssert(ssl->cipher); - if (ssl->cipher->id != cipher) { - ssl->err = SSL_ALERT_HANDSHAKE_FAILURE; - matrixStrDebugMsg("Can't support resumed cipher\n", NULL); - return SSL_ERROR; - } - } else { - if ((ssl->cipher = sslGetCipherSpec(cipher)) == NULL) { - ssl->err = SSL_ALERT_HANDSHAKE_FAILURE; - matrixStrDebugMsg("Can't support requested cipher\n", NULL); - return SSL_ERROR; - } - } - - -/* - Decode the compression parameters. Always zero. - There are no compression schemes defined for SSLv3 -*/ - if (end - c < 1 || *c != 0) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid compression value\n", NULL); - return SSL_ERROR; - } -/* - At this point, if we're resumed, we have all the required info - to derive keys. The next handshake message we expect is - the Finished message. -*/ - c++; - - if (ssl->flags & SSL_FLAGS_RESUMED) { - sslDeriveKeys(ssl); - ssl->hsState = SSL_HS_FINISHED; - } else { - ssl->hsState = SSL_HS_CERTIFICATE; - } - break; - - case SSL_HS_CERTIFICATE: - if (end - c < 3) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid Certificate message\n", NULL); - return SSL_ERROR; - } - certChainLen = *c << 16; c++; - certChainLen |= *c << 8; c++; - certChainLen |= *c; c++; - if (certChainLen == 0) { - if (ssl->majVer == SSL3_MAJ_VER && ssl->minVer == SSL3_MIN_VER) { - ssl->err = SSL_ALERT_NO_CERTIFICATE; - } else { - ssl->err = SSL_ALERT_BAD_CERTIFICATE; - } - matrixStrDebugMsg("No certificate sent to verify\n", NULL); - return SSL_ERROR; - } - if (end - c < 3) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid Certificate message\n", NULL); - return SSL_ERROR; - } - - i = 0; - while (certChainLen > 0) { - certLen = *c << 16; c++; - certLen |= *c << 8; c++; - certLen |= *c; c++; - - if (end - c < certLen) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid certificate length\n", NULL); - return SSL_ERROR; - } -/* - Extract the binary cert message into the cert structure -*/ - if ((parseLen = matrixX509ParseCert(ssl->hsPool, c, certLen, &cert)) < 0) { - matrixX509FreeCert(cert); - ssl->err = SSL_ALERT_BAD_CERTIFICATE; - matrixStrDebugMsg("Can't parse certificate\n", NULL); - return SSL_ERROR; - } - c += parseLen; - - if (i++ == 0) { - ssl->sec.cert = cert; - currentCert = ssl->sec.cert; - } else { - currentCert->next = cert; - currentCert = currentCert->next; - } - certChainLen -= (certLen + 3); - } -/* - May have received a chain of certs in the message. Spec says they - must be in order so that each subsequent one is the parent of the - previous. Confirm this now. -*/ - if (matrixX509ValidateCertChain(ssl->hsPool, ssl->sec.cert, - &subjectCert, &valid) < 0) { - ssl->err = SSL_ALERT_BAD_CERTIFICATE; - matrixStrDebugMsg("Couldn't validate certificate chain\n", NULL); - return SSL_ERROR; - } -/* - There may not be a caCert set. The validate implemenation will just - take the subject cert and make sure it is a self signed cert. -*/ - if (matrixX509ValidateCert(ssl->hsPool, subjectCert, - ssl->keys == NULL ? NULL : ssl->keys->caCerts, - &subjectCert->valid) < 0) { - ssl->err = SSL_ALERT_BAD_CERTIFICATE; - matrixStrDebugMsg("Error validating certificate\n", NULL); - return SSL_ERROR; - } - if (subjectCert->valid < 0) { - matrixStrDebugMsg( - "Warning: Cert did not pass default validation checks\n", NULL); -/* - If there is no user callback, fail on validation check because there - will be no intervention to give it a second look. -*/ - if (ssl->sec.validateCert == NULL) { - ssl->err = SSL_ALERT_BAD_CERTIFICATE; - return SSL_ERROR; - } - } -/* - Call the user validation function with the entire cert chain. The user - will proabably want to drill down to the last cert to make sure it - has been properly validated by a CA on this side. - - Need to return from user validation space with knowledge - that this is an ANONYMOUS connection. -*/ - if ((anonCheck = matrixX509UserValidator(ssl->hsPool, ssl->sec.cert, - ssl->sec.validateCert, ssl->sec.validateCertArg)) < 0) { - ssl->err = SSL_ALERT_BAD_CERTIFICATE; - return SSL_ERROR; - } -/* - Set the flag that is checked by the matrixSslGetAnonStatus API -*/ - if (anonCheck == SSL_ALLOW_ANON_CONNECTION) { - ssl->sec.anon = 1; - } else { - ssl->sec.anon = 0; - } - -/* - Either a client or server could have been processing the cert as part of - the authentication process. If server, we move to the client key - exchange state. -*/ - if (ssl->flags & SSL_FLAGS_SERVER) { - ssl->hsState = SSL_HS_CLIENT_KEY_EXCHANGE; - } else { - ssl->hsState = SSL_HS_SERVER_HELLO_DONE; - } - break; - - case SSL_HS_SERVER_HELLO_DONE: - if (hsLen != 0) { - ssl->err = SSL_ALERT_BAD_CERTIFICATE; - matrixStrDebugMsg("Can't validate certificate\n", NULL); - return SSL_ERROR; - } - ssl->hsState = SSL_HS_FINISHED; - rc = SSL_PROCESS_DATA; - break; - - case SSL_HS_CERTIFICATE_REQUEST: - if (hsLen < 4) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid Certificate Request message\n", NULL); - return SSL_ERROR; - } -/* - We only have RSA_SIGN types. Make sure server can accept them -*/ - certMatch = 0; - certTypeLen = *c++; - if (end - c < certTypeLen) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid Certificate Request message\n", NULL); - return SSL_ERROR; - } - while (certTypeLen-- > 0) { - if (*c++ == RSA_SIGN) { - certMatch = 1; - } - } - if (certMatch == 0) { - ssl->err = SSL_ALERT_UNSUPPORTED_CERTIFICATE; - matrixStrDebugMsg("Can only support RSA_SIGN cert authentication\n", - NULL); - return SSL_ERROR; - } - certChainLen = *c << 8; c++; - certChainLen |= *c; c++; - if (end - c < certChainLen) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid Certificate Request message\n", NULL); - return SSL_ERROR; - } -/* - Check the passed in DNs against our cert issuer to see if they match. - Only supporting a single cert on the client side. -*/ - ssl->sec.certMatch = 0; - while (certChainLen > 0) { - certLen = *c << 8; c++; - certLen |= *c; c++; - if (end - c < certLen) { - ssl->err = SSL_ALERT_ILLEGAL_PARAMETER; - matrixStrDebugMsg("Invalid CertificateRequest message\n", NULL); - return SSL_ERROR; - } - c += certLen; - certChainLen -= (2 + certLen); - } - ssl->hsState = SSL_HS_SERVER_HELLO_DONE; - break; -#endif /* USE_CLIENT_SIDE_SSL */ - - case SSL_HS_SERVER_KEY_EXCHANGE: - ssl->err = SSL_ALERT_UNEXPECTED_MESSAGE; - return SSL_ERROR; - - default: - ssl->err = SSL_ALERT_UNEXPECTED_MESSAGE; - return SSL_ERROR; - } - - -/* - if we've got more data in the record, the sender has packed - multiple handshake messages in one record. Parse the next one. -*/ - if (c < end) { - goto parseHandshake; - } - return rc; -} - -/******************************************************************************/ diff --git a/release/src/router/matrixssl/src/sslEncode.c b/release/src/router/matrixssl/src/sslEncode.c deleted file mode 100644 index 605a3a49..00000000 --- a/release/src/router/matrixssl/src/sslEncode.c +++ /dev/null @@ -1,1255 +0,0 @@ -/* - * sslEncode.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * Secure Sockets Layer message encoding - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "matrixInternal.h" - -/******************************************************************************/ - -static int32 writeCertificate(ssl_t *ssl, sslBuf_t *out, int32 notEmpty); -static int32 writeChangeCipherSpec(ssl_t *ssl, sslBuf_t *out); -static int32 writeFinished(ssl_t *ssl, sslBuf_t *out); -static int32 writeAlert(ssl_t *ssl, unsigned char level, - unsigned char description, sslBuf_t *out); -static int32 writeRecordHeader(ssl_t *ssl, int32 type, int32 hsType, int32 *messageSize, - char *padLen, unsigned char **encryptStart, - unsigned char **end, unsigned char **c); - -static int32 encryptRecord(ssl_t *ssl, int32 type, int32 messageSize, int32 padLen, - unsigned char *encryptStart, sslBuf_t *out, - unsigned char **c); - -#ifdef USE_CLIENT_SIDE_SSL -static int32 writeClientKeyExchange(ssl_t *ssl, sslBuf_t *out); -#endif /* USE_CLIENT_SIDE_SSL */ - -#ifdef USE_SERVER_SIDE_SSL -static int32 writeServerHello(ssl_t *ssl, sslBuf_t *out); -static int32 writeServerHelloDone(ssl_t *ssl, sslBuf_t *out); -#endif /* USE_SERVER_SIDE_SSL */ - - -static int32 secureWriteAdditions(ssl_t *ssl, int32 numRecs); - -/******************************************************************************/ -/* - Encode the incoming data into the out buffer for sending to remote peer. - - FUTURE SECURITY - If sending the first application data record, we could - prepend it with a blank SSL record to avoid a timing attack. We're fine - for now, because this is an impractical attack and the solution is - incompatible with some SSL implementations (including some versions of IE). - http://www.openssl.org/~bodo/tls-cbc.txt -*/ -int32 matrixSslEncode(ssl_t *ssl, unsigned char *in, int32 inlen, sslBuf_t *out) -{ - unsigned char *c, *end, *encryptStart; - char padLen; - int32 messageSize, rc; -/* - If we've had a protocol error, don't allow further use of the session - Also, don't allow a application data record to be encoded unless the - handshake is complete. -*/ - if (ssl->flags & SSL_FLAGS_ERROR || ssl->hsState != SSL_HS_DONE || - ssl->flags & SSL_FLAGS_CLOSED) { - return SSL_ERROR; - } - c = out->end; - end = out->buf + out->size; - messageSize = ssl->recordHeadLen + inlen; - -/* - Validate size constraint -*/ - if (messageSize > SSL_MAX_BUF_SIZE) { - return SSL_ERROR; - } - - if ((rc = writeRecordHeader(ssl, SSL_RECORD_TYPE_APPLICATION_DATA, 0, - &messageSize, &padLen, &encryptStart, &end, &c)) < 0) { - return rc; - } - - memcpy(c, in, inlen); - c += inlen; - - if ((rc = encryptRecord(ssl, SSL_RECORD_TYPE_APPLICATION_DATA, - messageSize, padLen, encryptStart, out, &c)) < 0) { - return rc; - } - out->end = c; - - return (int32)(out->end - out->start); -} - -/******************************************************************************/ -/* - We indicate to the caller through return codes in sslDecode when we need - to write internal data to the remote host. The caller will call this - function to generate a message appropriate to our state. -*/ -int32 sslEncodeResponse(ssl_t *ssl, sslBuf_t *out) -{ - int32 messageSize; - int32 rc = SSL_ERROR; -#ifdef USE_SERVER_SIDE_SSL - int32 totalCertLen, i; - sslLocalCert_t *cert; -#endif /* USE_SERVER_SIDE_SSL */ -#ifdef USE_CLIENT_SIDE_SSL - int32 ckeSize; -#endif /* USE_CLIENT_SIDE_SSL */ - -/* - We may be trying to encode an alert response if there is an error marked - on the connection. -*/ - if (ssl->err != SSL_ALERT_NONE) { - rc = writeAlert(ssl, SSL_ALERT_LEVEL_FATAL, ssl->err, out); - if (rc == SSL_ERROR) { - ssl->flags |= SSL_FLAGS_ERROR; - } - return rc; - } - - -/* - We encode a set of response messages based on our current state - We have to pre-verify the size of the outgoing buffer against - all the messages to make the routine transactional. If the first - write succeeds and the second fails because of size, we cannot - rollback the state of the cipher and MAC. -*/ - switch (ssl->hsState) { -/* - If we're waiting for the ClientKeyExchange message, then we need to - send the messages that would prompt that result on the client -*/ -#ifdef USE_SERVER_SIDE_SSL - case SSL_HS_CLIENT_KEY_EXCHANGE: - -/* - This is the entry point for a server encoding the first flight - of a non-DH, non-client-auth handshake. -*/ - totalCertLen = 0; - cert = &ssl->keys->cert; - for (i = 0; cert != NULL; i++) { - totalCertLen += cert->certLen; - cert = cert->next; - } - messageSize = - 3 * ssl->recordHeadLen + - 3 * ssl->hshakeHeadLen + - 38 + SSL_MAX_SESSION_ID_SIZE + /* server hello */ - 3 + (i * 3) + totalCertLen; /* certificate */ - - - messageSize += secureWriteAdditions(ssl, 3); - - if ((out->buf + out->size) - out->end < messageSize) { - return SSL_FULL; - } -/* - Message size complete. Begin the flight write -*/ - rc = writeServerHello(ssl, out); - - if (rc == SSL_SUCCESS) { - rc = writeCertificate(ssl, out, 1); - } - - if (rc == SSL_SUCCESS) { - rc = writeServerHelloDone(ssl, out); - } - break; - -#endif /* USE_SERVER_SIDE_SSL */ - -/* - If we're not waiting for any message from client, then we need to - send our finished message -*/ - case SSL_HS_DONE: - messageSize = 2 * ssl->recordHeadLen + - ssl->hshakeHeadLen + - 1 + /* change cipher spec */ - SSL_MD5_HASH_SIZE + SSL_SHA1_HASH_SIZE; /* finished */ -/* - Account for possible overhead in CCS message with secureWriteAdditions - then always account for the encrypted FINISHED message -*/ - messageSize += secureWriteAdditions(ssl, 1); - messageSize += ssl->enMacSize + /* handshake msg hash */ - (ssl->cipher->blockSize - 1); /* max padding */ - - if ((out->buf + out->size) - out->end < messageSize) { - return SSL_FULL; - } - rc = writeChangeCipherSpec(ssl, out); - if (rc == SSL_SUCCESS) { - rc = writeFinished(ssl, out); - } - break; -/* - If we're expecting a Finished message, as a server we're doing - session resumption. As a client, we're completing a normal - handshake -*/ - case SSL_HS_FINISHED: -#ifdef USE_SERVER_SIDE_SSL - if (ssl->flags & SSL_FLAGS_SERVER) { - messageSize = - 3 * ssl->recordHeadLen + - 2 * ssl->hshakeHeadLen + - 38 + SSL_MAX_SESSION_ID_SIZE + /* server hello */ - 1 + /* change cipher spec */ - SSL_MD5_HASH_SIZE + SSL_SHA1_HASH_SIZE; /* finished */ -/* - Account for possible overhead with secureWriteAdditions - then always account for the encrypted FINISHED message -*/ - messageSize += secureWriteAdditions(ssl, 2); - messageSize += ssl->enMacSize + /* handshake msg hash */ - (ssl->cipher->blockSize - 1); /* max padding */ - if ((out->buf + out->size) - out->end < messageSize) { - return SSL_FULL; - } - rc = writeServerHello(ssl, out); - if (rc == SSL_SUCCESS) { - rc = writeChangeCipherSpec(ssl, out); - } - if (rc == SSL_SUCCESS) { - rc = writeFinished(ssl, out); - } - } -#endif /* USE_SERVER_SIDE_SSL */ -#ifdef USE_CLIENT_SIDE_SSL -/* - Encode entry point for client side final flight encodes. - First task here is to find out size of ClientKeyExchange message -*/ - if (!(ssl->flags & SSL_FLAGS_SERVER)) { - ckeSize = 0; -/* - Normal RSA auth cipher suite case -*/ - if (ssl->sec.cert == NULL) { - ssl->flags |= SSL_FLAGS_ERROR; - return SSL_ERROR; - } - ckeSize = ssl->sec.cert->publicKey.size; - - messageSize = 0; -/* - Client authentication requires the client to send a CERTIFICATE - and CERTIFICATE_VERIFY message. Account for the length. It - is possible the client didn't have a match for the requested cert. - Send an empty certificate message in that case (or alert for SSLv3) -*/ - if (ssl->flags & SSL_FLAGS_CLIENT_AUTH) { - if (ssl->sec.certMatch > 0) { -/* - Account for the certificate and certificateVerify messages -*/ - messageSize += 6 + (2 * ssl->recordHeadLen) + - (2 * ssl->hshakeHeadLen) + ssl->keys->cert.certLen + - 2 + ssl->keys->cert.privKey->size; - } else { -/* - SSLv3 sends a no_certificate warning alert for no match -*/ - if (ssl->majVer == SSL3_MAJ_VER - && ssl->minVer == SSL3_MIN_VER) { - messageSize += 2 + ssl->recordHeadLen; - } else { -/* - TLS just sends an empty certificate message -*/ - messageSize += 3 + ssl->recordHeadLen + - ssl->hshakeHeadLen; - } - } - } -/* - Account for the header and message size for all records. The - finished message will always be encrypted, so account for one - largest possible MAC size and block size. Minus one - for padding. The finished message is not accounted for in the - writeSecureAddition calls below since it is accounted for here. -*/ - messageSize += - 3 * ssl->recordHeadLen + - 2 * ssl->hshakeHeadLen + /* change cipher has no hsHead */ - ckeSize + /* client key exchange */ - 1 + /* change cipher spec */ - SSL_MD5_HASH_SIZE + SSL_SHA1_HASH_SIZE + /* SSLv3 finished */ - SSL_MAX_MAC_SIZE + SSL_MAX_BLOCK_SIZE - 1; - if (ssl->flags & SSL_FLAGS_CLIENT_AUTH) { -/* - Secure write for ClientKeyExchange, ChangeCipherSpec, - Certificate, and CertificateVerify. Don't account for - Certificate and/or CertificateVerify message if no auth cert. - This will also cover the NO_CERTIFICATE alert sent in - replacement of the NULL certificate message in SSLv3. -*/ - if (ssl->sec.certMatch > 0) { - messageSize += secureWriteAdditions(ssl, 4); - } else { - messageSize += secureWriteAdditions(ssl, 3); - } - } else { - messageSize += secureWriteAdditions(ssl, 2); - } - - -/* - The actual buffer size test to hold this flight -*/ - if ((out->buf + out->size) - out->end < messageSize) { - return SSL_FULL; - } - rc = SSL_SUCCESS; - - if (ssl->flags & SSL_FLAGS_CLIENT_AUTH) { - if (ssl->sec.certMatch == 0 && ssl->majVer == SSL3_MAJ_VER - && ssl->minVer == SSL3_MIN_VER) { - rc = writeAlert(ssl, SSL_ALERT_LEVEL_WARNING, - SSL_ALERT_NO_CERTIFICATE, out); - } else { - rc = writeCertificate(ssl, out, ssl->sec.certMatch); - } - } - - if (rc == SSL_SUCCESS) { - rc = writeClientKeyExchange(ssl, out); - } - if (rc == SSL_SUCCESS) { - rc = writeChangeCipherSpec(ssl, out); - } - if (rc == SSL_SUCCESS) { - rc = writeFinished(ssl, out); - } - } -#endif /* USE_CLIENT_SIDE_SSL */ - break; - } - if (rc == SSL_ERROR) { - ssl->flags |= SSL_FLAGS_ERROR; - } - return rc; -} - -/******************************************************************************/ -/* - Message size must account for any additional length a secure-write - would add to the message. It would be too late to check length in - the writeRecordHeader call since some of the handshake hashing could - have already taken place and we can't rewind those hashes. -*/ -static int32 secureWriteAdditions(ssl_t *ssl, int32 numRecs) -{ - int32 add = 0; -/* - There is a slim chance for a false FULL message due to the fact that - the maximum padding is being calculated rather than the actual number. - Caller must simply grow buffer and try again. -*/ - if (ssl->flags & SSL_FLAGS_WRITE_SECURE) { - add += (numRecs * ssl->enMacSize) + /* handshake msg hash */ - (numRecs * (ssl->enBlockSize - 1)); /* max padding */ - } - return add; -} - -/******************************************************************************/ -/* - Write out a closure alert message (the only user initiated alert) - The user would call this when about to initate a socket close -*/ -int32 matrixSslEncodeClosureAlert(ssl_t *ssl, sslBuf_t *out) -{ -/* - If we've had a protocol error, don't allow further use of the session -*/ - if (ssl->flags & SSL_FLAGS_ERROR) { - return SSL_ERROR; - } - return writeAlert(ssl, SSL_ALERT_LEVEL_WARNING, SSL_ALERT_CLOSE_NOTIFY, - out); -} - -/******************************************************************************/ -/* - Generic record header construction for alerts, handshake messages, and - change cipher spec. Determines message length for encryption and - writes out to buffer up to the real message data. -*/ -static int32 writeRecordHeader(ssl_t *ssl, int32 type, int32 hsType, - int32 *messageSize, char *padLen, unsigned char **encryptStart, - unsigned char **end, unsigned char **c) -{ - int32 messageData, msn; - - messageData = *messageSize - ssl->recordHeadLen; - if (type == SSL_RECORD_TYPE_HANDSHAKE) { - messageData -= ssl->hshakeHeadLen; - } - - -/* - If this session is already in a secure-write state, determine padding -*/ - *padLen = 0; - if (ssl->flags & SSL_FLAGS_WRITE_SECURE) { - *messageSize += ssl->enMacSize; - *padLen = sslPadLenPwr2(*messageSize - ssl->recordHeadLen, - ssl->enBlockSize); - *messageSize += *padLen; - } - - if (*end - *c < *messageSize) { -/* - Callers other than sslEncodeResponse do not necessarily check for - FULL before calling. We do it here for them. -*/ - return SSL_FULL; - } - - - *c += psWriteRecordInfo(ssl, type, *messageSize - ssl->recordHeadLen, *c); - -/* - All data written after this point is to be encrypted (if secure-write) -*/ - *encryptStart = *c; - msn = 0; - - -/* - Handshake records have another header layer to write here -*/ - if (type == SSL_RECORD_TYPE_HANDSHAKE) { - *c += psWriteHandshakeHeader(ssl, hsType, messageData, msn, 0, - messageData, *c); - } - return 0; -} - -/******************************************************************************/ -/* - Encrypt the message using the current cipher. This call is used in - conjunction with the writeRecordHeader function above to finish writing - an SSL record. Updates handshake hash if necessary, generates message - MAC, writes the padding, and does the encrytion. -*/ -static int32 encryptRecord(ssl_t *ssl, int32 type, int32 messageSize, - int32 padLen, unsigned char *encryptStart, - sslBuf_t *out, unsigned char **c) -{ - if (type == SSL_RECORD_TYPE_HANDSHAKE) { - sslUpdateHSHash(ssl, encryptStart, (int32)(*c - encryptStart)); - } - *c += ssl->generateMac(ssl, type, encryptStart, - (int32)(*c - encryptStart), *c); - - *c += sslWritePad(*c, padLen); - - if (ssl->encrypt(&ssl->sec.encryptCtx, encryptStart, encryptStart, - (int32)(*c - encryptStart)) < 0 || *c - out->end != messageSize) { - matrixStrDebugMsg("Error encrypting message for write\n", NULL); - return SSL_ERROR; - } - - return 0; -} - -#ifdef USE_SERVER_SIDE_SSL -/******************************************************************************/ -/* - Write out the ServerHello message -*/ -static int32 writeServerHello(ssl_t *ssl, sslBuf_t *out) -{ - unsigned char *c, *end, *encryptStart; - char padLen; - int32 messageSize, rc; - time_t t; - - c = out->end; - end = out->buf + out->size; -/* - Calculate the size of the message up front, and verify we have room - We assume there will be a sessionId in the message, and make adjustments - below if there is no sessionId. -*/ - messageSize = - ssl->recordHeadLen + - ssl->hshakeHeadLen + - 38 + SSL_MAX_SESSION_ID_SIZE; - -/* - First 4 bytes of the serverRandom are the unix time to prevent replay - attacks, the rest are random -*/ - t = time(0); - ssl->sec.serverRandom[0] = (unsigned char)((t & 0xFF000000) >> 24); - ssl->sec.serverRandom[1] = (unsigned char)((t & 0xFF0000) >> 16); - ssl->sec.serverRandom[2] = (unsigned char)((t & 0xFF00) >> 8); - ssl->sec.serverRandom[3] = (unsigned char)(t & 0xFF); - if (sslGetEntropy(ssl->sec.serverRandom + 4, SSL_HS_RANDOM_SIZE - 4) < 0) { - matrixStrDebugMsg("Error gathering serverRandom entropy\n", NULL); - return SSL_ERROR; - } -/* - We register session here because at this point the serverRandom value is - populated. If we are able to register the session, the sessionID and - sessionIdLen fields will be non-NULL, otherwise the session couldn't - be registered. -*/ - if (!(ssl->flags & SSL_FLAGS_RESUMED)) { - matrixRegisterSession(ssl); - } - messageSize -= (SSL_MAX_SESSION_ID_SIZE - ssl->sessionIdLen); - - if ((rc = writeRecordHeader(ssl, SSL_RECORD_TYPE_HANDSHAKE, - SSL_HS_SERVER_HELLO, &messageSize, &padLen, &encryptStart, - &end, &c)) < 0) { - return rc; - } -/* - First two fields in the ServerHello message are the major and minor - SSL protocol versions we agree to talk with -*/ - *c = ssl->majVer; c++; - *c = ssl->minVer; c++; -/* - The next 32 bytes are the server's random value, to be combined with - the client random and premaster for key generation later -*/ - memcpy(c, ssl->sec.serverRandom, SSL_HS_RANDOM_SIZE); - c += SSL_HS_RANDOM_SIZE; -/* - The next data is a single byte containing the session ID length, - and up to 32 bytes containing the session id. - First register the session, which will give us a session id and length - if not all session slots in the table are used -*/ - *c = ssl->sessionIdLen; c++; - if (ssl->sessionIdLen > 0) { - memcpy(c, ssl->sessionId, ssl->sessionIdLen); - c += ssl->sessionIdLen; - } -/* - Two byte cipher suite we've chosen based on the list sent by the client - and what we support. - One byte compression method (always zero) -*/ - *c = (ssl->cipher->id & 0xFF00) >> 8; c++; - *c = ssl->cipher->id & 0xFF; c++; - *c = 0; c++; - - if ((rc = encryptRecord(ssl, SSL_RECORD_TYPE_HANDSHAKE, messageSize, - padLen, encryptStart, out, &c)) < 0) { - return rc; - } -/* - If we're resuming a session, we now have the clientRandom, master and - serverRandom, so we can derive keys which we'll be using shortly. -*/ - if (ssl->flags & SSL_FLAGS_RESUMED) { - sslDeriveKeys(ssl); - } -/* - Verify that we've calculated the messageSize correctly, really this - should never fail; it's more of an implementation verification -*/ - if (c - out->end != messageSize) { - return SSL_ERROR; - } - out->end = c; - return SSL_SUCCESS; -} - -/******************************************************************************/ -/* - ServerHelloDone message is a blank handshake message -*/ -static int32 writeServerHelloDone(ssl_t *ssl, sslBuf_t *out) -{ - unsigned char *c, *end, *encryptStart; - char padLen; - int32 messageSize, rc; - - c = out->end; - end = out->buf + out->size; - messageSize = - ssl->recordHeadLen + - ssl->hshakeHeadLen; - - if ((rc = writeRecordHeader(ssl, SSL_RECORD_TYPE_HANDSHAKE, - SSL_HS_SERVER_HELLO_DONE, &messageSize, &padLen, - &encryptStart, &end, &c)) < 0) { - return rc; - } - - if ((rc = encryptRecord(ssl, SSL_RECORD_TYPE_HANDSHAKE, messageSize, - padLen, encryptStart, out, &c)) < 0) { - return rc; - } - - if (c - out->end != messageSize) { - matrixStrDebugMsg("Error generating hello done for write\n", NULL); - return SSL_ERROR; - } - out->end = c; - return SSL_SUCCESS; -} - - -/******************************************************************************/ -/* - Server initiated rehandshake public API call. -*/ -int32 matrixSslEncodeHelloRequest(ssl_t *ssl, sslBuf_t *out) -{ - unsigned char *c, *end, *encryptStart; - char padLen; - int32 messageSize, rc; - - if (ssl->flags & SSL_FLAGS_ERROR || ssl->flags & SSL_FLAGS_CLOSED) { - return SSL_ERROR; - } - if (!(ssl->flags & SSL_FLAGS_SERVER) || (ssl->hsState != SSL_HS_DONE)) { - return SSL_ERROR; - } - - c = out->end; - end = out->buf + out->size; - messageSize = - ssl->recordHeadLen + - ssl->hshakeHeadLen; - if ((rc = writeRecordHeader(ssl, SSL_RECORD_TYPE_HANDSHAKE, - SSL_HS_HELLO_REQUEST, &messageSize, &padLen, - &encryptStart, &end, &c)) < 0) { - return rc; - } - - if ((rc = encryptRecord(ssl, SSL_RECORD_TYPE_HANDSHAKE, messageSize, - padLen, encryptStart, out, &c)) < 0) { - return rc; - } - - if (c - out->end != messageSize) { - matrixStrDebugMsg("Error generating hello request for write\n", NULL); - return SSL_ERROR; - } - out->end = c; - - return SSL_SUCCESS; -} -#else /* USE_SERVER_SIDE_SSL */ -int32 matrixSslEncodeHelloRequest(ssl_t *ssl, sslBuf_t *out) -{ - matrixStrDebugMsg("Library not built with USE_SERVER_SIDE_SSL\n", NULL); - return -1; -} -#endif /* USE_SERVER_SIDE_SSL */ - -/******************************************************************************/ -/* - Write a Certificate message. - The encoding of the message is as follows: - 3 byte length of certificate data (network byte order) - If there is no certificate, - 3 bytes of 0 - If there is one certificate, - 3 byte length of certificate + 3 - 3 byte length of certificate - certificate data - For more than one certificate: - 3 byte length of all certificate data - 3 byte length of first certificate - first certificate data - 3 byte length of second certificate - second certificate data - Certificate data is the base64 section of an X.509 certificate file - in PEM format decoded to binary. No additional interpretation is required. -*/ -static int32 writeCertificate(ssl_t *ssl, sslBuf_t *out, int32 notEmpty) -{ - sslLocalCert_t *cert; - unsigned char *c, *end, *encryptStart; - char padLen; - int32 totalCertLen, certLen, lsize, messageSize, i, rc; - - - c = out->end; - end = out->buf + out->size; - -/* - Determine total length of certs -*/ - totalCertLen = i = 0; - if (notEmpty) { - cert = &ssl->keys->cert; - for (; cert != NULL; i++) { - totalCertLen += cert->certLen; - cert = cert->next; - } - } -/* - Account for the 3 bytes of certChain len for each cert and get messageSize -*/ - lsize = 3 + (i * 3); - messageSize = - ssl->recordHeadLen + - ssl->hshakeHeadLen + - lsize + totalCertLen; - - if ((rc = writeRecordHeader(ssl, SSL_RECORD_TYPE_HANDSHAKE, - SSL_HS_CERTIFICATE, &messageSize, &padLen, &encryptStart, - &end, &c)) < 0) { - return rc; - } - -/* - Write out the certs -*/ - *c = ((totalCertLen + (lsize - 3)) & 0xFF0000) >> 16; c++; - *c = ((totalCertLen + (lsize - 3)) & 0xFF00) >> 8; c++; - *c = ((totalCertLen + (lsize - 3)) & 0xFF); c++; - - if (notEmpty) { - cert = &ssl->keys->cert; - while (cert) { - certLen = cert->certLen; - if (certLen > 0) { - *c = (certLen & 0xFF0000) >> 16; c++; - *c = (certLen & 0xFF00) >> 8; c++; - *c = (certLen & 0xFF); c++; - memcpy(c, cert->certBin, certLen); - c += certLen; - } - cert = cert->next; - } - } - if ((rc = encryptRecord(ssl, SSL_RECORD_TYPE_HANDSHAKE, messageSize, - padLen, encryptStart, out, &c)) < 0) { - return rc; - } - - if (c - out->end != messageSize) { - matrixStrDebugMsg("Error parsing certificate for write\n", NULL); - return SSL_ERROR; - } - out->end = c; - return SSL_SUCCESS; -} - -/******************************************************************************/ -/* - Write the ChangeCipherSpec message. It has its own message type - and contains just one byte of value one. It is not a handshake - message, so it isn't included in the handshake hash. -*/ -static int32 writeChangeCipherSpec(ssl_t *ssl, sslBuf_t *out) -{ - unsigned char *c, *end, *encryptStart; - char padLen; - int32 messageSize, rc; - - c = out->end; - end = out->buf + out->size; - messageSize = ssl->recordHeadLen + 1; - - if ((rc = writeRecordHeader(ssl, SSL_RECORD_TYPE_CHANGE_CIPHER_SPEC, 0, - &messageSize, &padLen, &encryptStart, &end, &c)) < 0) { - return rc; - } - *c = 1; c++; - - if ((rc = encryptRecord(ssl, SSL_RECORD_TYPE_CHANGE_CIPHER_SPEC, - messageSize, padLen, encryptStart, out, &c)) < 0) { - return rc; - } - - if (c - out->end != messageSize) { - matrixStrDebugMsg("Error generating change cipher for write\n", NULL); - return SSL_ERROR; - } - out->end = c; -/* - After the peer parses the ChangeCipherSpec message, it will expect - the next message to be encrypted, so activate encryption on outgoing - data now -*/ - sslActivateWriteCipher(ssl); - - - return SSL_SUCCESS; -} - -/******************************************************************************/ -/* - Write the Finished message - The message contains the 36 bytes, the 16 byte MD5 and 20 byte SHA1 hash - of all the handshake messages so far (excluding this one!) -*/ -static int32 writeFinished(ssl_t *ssl, sslBuf_t *out) -{ - unsigned char *c, *end, *encryptStart; - char padLen; - int32 messageSize, verifyLen, rc; - - c = out->end; - end = out->buf + out->size; - verifyLen = SSL_MD5_HASH_SIZE + SSL_SHA1_HASH_SIZE; - messageSize = ssl->recordHeadLen + ssl->hshakeHeadLen + verifyLen; - - if ((rc = writeRecordHeader(ssl, SSL_RECORD_TYPE_HANDSHAKE, SSL_HS_FINISHED, - &messageSize, &padLen, &encryptStart, &end, &c)) < 0) { - return rc; - } -/* - Output the hash of messages we've been collecting so far into the buffer -*/ - c += sslSnapshotHSHash(ssl, c, ssl->flags & SSL_FLAGS_SERVER); - - if ((rc = encryptRecord(ssl, SSL_RECORD_TYPE_HANDSHAKE, messageSize, - padLen, encryptStart, out, &c)) < 0) { - return rc; - } - - if (c - out->end != messageSize) { - matrixStrDebugMsg("Error generating finished for write\n", NULL); - return SSL_ERROR; - } - out->end = c; - - -#ifdef USE_CLIENT_SIDE_SSL -/* - Free handshake pool, of which the cert is the primary member. - There is also an attempt to free the handshake pool during - the reciept of the finished message. Both cases are attempted - to keep the lifespan of this pool as short as possible. This - is the default case for the client side. -*/ - if (ssl->sec.cert) { - matrixX509FreeCert(ssl->sec.cert); - ssl->sec.cert = NULL; - } -#endif /* USE_CLIENT_SIDE */ - - - return SSL_SUCCESS; -} - -/******************************************************************************/ -/* - Write an Alert message - The message contains two bytes: AlertLevel and AlertDescription -*/ -static int32 writeAlert(ssl_t *ssl, unsigned char level, - unsigned char description, sslBuf_t *out) -{ - unsigned char *c, *end, *encryptStart; - char padLen; - int32 messageSize, rc; - - c = out->end; - end = out->buf + out->size; - messageSize = 2 + ssl->recordHeadLen; - - if ((rc = writeRecordHeader(ssl, SSL_RECORD_TYPE_ALERT, 0, &messageSize, - &padLen, &encryptStart, &end, &c)) < 0) { - return rc; - } - *c = level; c++; - *c = description; c++; - - if ((rc = encryptRecord(ssl, SSL_RECORD_TYPE_ALERT, messageSize, - padLen, encryptStart, out, &c)) < 0) { - return rc; - } - - out->end = c; - return SSL_SUCCESS; -} - -#ifdef USE_CLIENT_SIDE_SSL -/******************************************************************************/ -/* - Write out the ClientHello message to a buffer -*/ -int32 matrixSslEncodeClientHello(ssl_t *ssl, sslBuf_t *out, - unsigned short cipherSpec) -{ - unsigned char *c, *end, *encryptStart; - char padLen; - int32 messageSize, rc, cipherLen, cookieLen; - time_t t; - - if (ssl->flags & SSL_FLAGS_ERROR || ssl->flags & SSL_FLAGS_CLOSED) { - return SSL_ERROR; - } - if (ssl->flags & SSL_FLAGS_SERVER || (ssl->hsState != SSL_HS_SERVER_HELLO && - ssl->hsState != SSL_HS_DONE && - ssl->hsState != SSL_HS_HELLO_REQUEST )) { - return SSL_ERROR; - } - - sslInitHSHash(ssl); - - cookieLen = 0; -/* - If session resumption is being done on a rehandshake, make sure we are - sending the same cipher spec as the currently negotiated one. If no - resumption, clear the RESUMED flag in case the caller forgot to clear - it with matrixSslSetSessionOption. -*/ - if (ssl->sessionIdLen > 0) { - cipherSpec = ssl->cipher->id; - } else { - ssl->flags &= ~SSL_FLAGS_RESUMED; - } - -/* - If a cipher is specified it is two bytes length and two bytes data. -*/ - if (cipherSpec == 0) { - cipherLen = sslGetCipherSpecListLen(); - } else { - if (sslGetCipherSpec(cipherSpec) == NULL) { - matrixIntDebugMsg("Cipher suite not supported: %d\n", cipherSpec); - return SSL_ERROR; - } - cipherLen = 4; - } - - c = out->end; - end = out->buf + out->size; -/* - Calculate the size of the message up front, and write header -*/ - messageSize = ssl->recordHeadLen + ssl->hshakeHeadLen + - 5 + SSL_HS_RANDOM_SIZE + ssl->sessionIdLen + cipherLen + cookieLen; - - - if ((rc = writeRecordHeader(ssl, SSL_RECORD_TYPE_HANDSHAKE, - SSL_HS_CLIENT_HELLO, &messageSize, &padLen, &encryptStart, - &end, &c)) < 0) { - return rc; - } - -/* - First 4 bytes of the serverRandom are the unix time to prevent replay - attacks, the rest are random -*/ - - t = time(0); - ssl->sec.clientRandom[0] = (unsigned char)((t & 0xFF000000) >> 24); - ssl->sec.clientRandom[1] = (unsigned char)((t & 0xFF0000) >> 16); - ssl->sec.clientRandom[2] = (unsigned char)((t & 0xFF00) >> 8); - ssl->sec.clientRandom[3] = (unsigned char)(t & 0xFF); - if (sslGetEntropy(ssl->sec.clientRandom + 4, SSL_HS_RANDOM_SIZE - 4) < 0) { - matrixStrDebugMsg("Error gathering clientRandom entropy\n", NULL); - return SSL_ERROR; - } -/* - First two fields in the ClientHello message are the maximum major - and minor SSL protocol versions we support -*/ - *c = ssl->majVer; c++; - *c = ssl->minVer; c++; -/* - The next 32 bytes are the server's random value, to be combined with - the client random and premaster for key generation later -*/ - memcpy(c, ssl->sec.clientRandom, SSL_HS_RANDOM_SIZE); - c += SSL_HS_RANDOM_SIZE; -/* - The next data is a single byte containing the session ID length, - and up to 32 bytes containing the session id. - If we are asking to resume a session, then the sessionId would have - been set at session creation time. -*/ - *c = ssl->sessionIdLen; c++; - if (ssl->sessionIdLen > 0) { - memcpy(c, ssl->sessionId, ssl->sessionIdLen); - c += ssl->sessionIdLen; - } -/* - Write out the length and ciphers we support - Client can request a single specific cipher in the cipherSpec param -*/ - if (cipherSpec == 0) { - if ((rc = sslGetCipherSpecList(c, (int32)(end - c))) < 0) { - return SSL_FULL; - } - c += rc; - } else { - if ((int32)(end - c) < 4) { - return SSL_FULL; - } - *c = 0; c++; - *c = 2; c++; - *c = (cipherSpec & 0xFF00) >> 8; c++; - *c = cipherSpec & 0xFF; c++; - } -/* - Followed by two bytes (len and compression method (always zero)) -*/ - *c = 1; c++; - *c = 0; c++; - - - if ((rc = encryptRecord(ssl, SSL_RECORD_TYPE_HANDSHAKE, messageSize, - padLen, encryptStart, out, &c)) < 0) { - return rc; - } -/* - Verify that we've calculated the messageSize correctly, really this - should never fail; it's more of an implementation verification -*/ - if (c - out->end != messageSize) { - return SSL_ERROR; - } - out->end = c; - -/* - Could be a rehandshake so clean up old context if necessary. - Always explicitly set state to beginning. -*/ - if (ssl->hsState == SSL_HS_DONE) { - sslResetContext(ssl); - } - -/* - Could be a rehandshake on a previous connection that used client auth. - Reset our local client auth state as the server is always the one - responsible for initiating it. -*/ - ssl->flags &= ~SSL_FLAGS_CLIENT_AUTH; - ssl->hsState = SSL_HS_SERVER_HELLO; - return SSL_SUCCESS; -} - -/******************************************************************************/ -/* - Write a ClientKeyExchange message. -*/ -static int32 writeClientKeyExchange(ssl_t *ssl, sslBuf_t *out) -{ - unsigned char *c, *end, *encryptStart; - char padLen; - int32 messageSize, keyLen, explicitLen, rc; - - c = out->end; - end = out->buf + out->size; - messageSize = keyLen = 0; - - - -/* - Determine messageSize for the record header -*/ - /* Standard RSA auth suites */ - keyLen = ssl->sec.cert->publicKey.size; - - messageSize += ssl->recordHeadLen + ssl->hshakeHeadLen + keyLen; - explicitLen = 0; - - if ((rc = writeRecordHeader(ssl, SSL_RECORD_TYPE_HANDSHAKE, - SSL_HS_CLIENT_KEY_EXCHANGE, &messageSize, &padLen, - &encryptStart, &end, &c)) < 0) { - return rc; - } - -/* - ClientKeyExchange message contains the encrypted premaster secret. - The base premaster is the original SSL protocol version we asked for - followed by 46 bytes of random data. - These 48 bytes are padded to the current RSA key length and encrypted - with the RSA key. -*/ - if (explicitLen == 1) { - -/* - Add the two bytes of key length -*/ - if (keyLen > 0) { - *c = (keyLen & 0xFF00) >> 8; c++; - *c = (keyLen & 0xFF); c++; - } - } - - -/* - Standard RSA suite -*/ - ssl->sec.premasterSize = SSL_HS_RSA_PREMASTER_SIZE; - ssl->sec.premaster = psMalloc(ssl->hsPool, - SSL_HS_RSA_PREMASTER_SIZE); - - ssl->sec.premaster[0] = ssl->reqMajVer; - ssl->sec.premaster[1] = ssl->reqMinVer; - if (sslGetEntropy(ssl->sec.premaster + 2, - SSL_HS_RSA_PREMASTER_SIZE - 2) < 0) { - matrixStrDebugMsg("Error gathering premaster entropy\n", NULL); - return SSL_ERROR; - } - - sslActivatePublicCipher(ssl); - - if (ssl->encryptPub(ssl->hsPool, &(ssl->sec.cert->publicKey), - ssl->sec.premaster, ssl->sec.premasterSize, c, - (int32)(end - c)) != keyLen) { - matrixStrDebugMsg("Error encrypting premaster\n", NULL); - return SSL_FULL; - } - - c += keyLen; - - if ((rc = encryptRecord(ssl, SSL_RECORD_TYPE_HANDSHAKE, messageSize, - padLen, encryptStart, out, &c)) < 0) { - return rc; - } - - if (c - out->end != messageSize) { - matrixStrDebugMsg("Invalid ClientKeyExchange length\n", NULL); - return SSL_ERROR; - } - -/* - Now that we've got the premaster secret, derive the various symmetric - keys using it and the client and server random values -*/ - sslDeriveKeys(ssl); - - out->end = c; - return SSL_SUCCESS; -} - - -#else /* USE_CLIENT_SIDE_SSL */ -/******************************************************************************/ -/* - Stub out this function rather than ifdef it out in the public header -*/ -int32 matrixSslEncodeClientHello(ssl_t *ssl, sslBuf_t *out, - unsigned short cipherSpec) -{ - matrixStrDebugMsg("Library not built with USE_CLIENT_SIDE_SSL\n", NULL); - return -1; -} -#endif /* USE_CLIENT_SIDE_SSL */ - - -/******************************************************************************/ -/* - Write out a SSLv3 record header. - Assumes 'c' points to a buffer of at least SSL3_HEADER_LEN bytes - 1 byte type (SSL_RECORD_TYPE_*) - 1 byte major version - 1 byte minor version - 2 bytes length (network byte order) - Returns the number of bytes written -*/ -int32 psWriteRecordInfo(ssl_t *ssl, unsigned char type, int32 len, unsigned char *c) -{ - *c = type; c++; - *c = ssl->majVer; c++; - *c = ssl->minVer; c++; - *c = (len & 0xFF00) >> 8; c++; - *c = (len & 0xFF); - - return ssl->recordHeadLen; -} - -/******************************************************************************/ -/* - Write out an ssl handshake message header. - Assumes 'c' points to a buffer of at least ssl->hshakeHeadLen bytes - 1 byte type (SSL_HS_*) - 3 bytes length (network byte order) - Returns the number of bytes written -*/ -int32 psWriteHandshakeHeader(ssl_t *ssl, unsigned char type, int32 len, - int32 seq, int32 fragOffset, int32 fragLen, - unsigned char *c) -{ - *c = type; c++; - *c = (len & 0xFF0000) >> 16; c++; - *c = (len & 0xFF00) >> 8; c++; - *c = (len & 0xFF); - - return ssl->hshakeHeadLen; -} - -/******************************************************************************/ -/* - Write pad bytes and pad length per the TLS spec. Most block cipher - padding fills each byte with the number of padding bytes, but SSL/TLS - pretends one of these bytes is a pad length, and the remaining bytes are - filled with that length. The end result is that the padding is identical - to standard padding except the values are one less. For SSLv3 we are not - required to have any specific pad values, but they don't hurt. - - PadLen Result - 0 - 1 00 - 2 01 01 - 3 02 02 02 - 4 03 03 03 03 - 5 04 04 04 04 04 - 6 05 05 05 05 05 05 - 7 06 06 06 06 06 06 06 - 8 07 07 07 07 07 07 07 07 - - We calculate the length of padding required for a record using - sslPadLenPwr2() -*/ -int32 sslWritePad(unsigned char *p, unsigned char padLen) -{ - unsigned char c = padLen; - - while (c-- > 0) { - *p++ = padLen - 1; - } - return padLen; -} - -/******************************************************************************/ - - - diff --git a/release/src/router/matrixssl/src/sslv3.c b/release/src/router/matrixssl/src/sslv3.c deleted file mode 100644 index d53b7413..00000000 --- a/release/src/router/matrixssl/src/sslv3.c +++ /dev/null @@ -1,375 +0,0 @@ -/* - * sslv3.c - * Release $Name: MATRIXSSL_1_8_8_OPEN $ - * - * SSLv3.0 specific code per http://wp.netscape.com/eng/ssl3. - * Primarily dealing with secret generation, message authentication codes - * and handshake hashing. - */ -/* - * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. - * The latest version of this code is available at http://www.matrixssl.org - * - * This software is open source; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This General Public License does NOT permit incorporating this software - * into proprietary programs. If you are unable to comply with the GPL, a - * commercial license for this software may be purchased from PeerSec Networks - * at http://www.peersec.com - * - * This program is distributed in WITHOUT ANY WARRANTY; without even the - * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * http://www.gnu.org/copyleft/gpl.html - */ -/******************************************************************************/ - -#include "matrixInternal.h" - -/******************************************************************************/ -/* - Constants used for key generation -*/ -static const unsigned char SENDER_CLIENT[5] = "CLNT"; /* 0x434C4E54 */ -static const unsigned char SENDER_SERVER[5] = "SRVR"; /* 0x53525652 */ - -static const unsigned char pad1[48]={ - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 -}; - -static const unsigned char pad2[48]={ - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c -}; - -static const unsigned char *salt[10]={ - (const unsigned char *)"A", - (const unsigned char *)"BB", - (const unsigned char *)"CCC", - (const unsigned char *)"DDDD", - (const unsigned char *)"EEEEE", - (const unsigned char *)"FFFFFF", - (const unsigned char *)"GGGGGGG", - (const unsigned char *)"HHHHHHHH", - (const unsigned char *)"IIIIIIIII", - (const unsigned char *)"JJJJJJJJJJ" -}; - -/******************************************************************************/ - -static int32 createKeyBlock(ssl_t *ssl, unsigned char *clientRandom, - unsigned char *serverRandom, - unsigned char *masterSecret, int32 secretLen); - -/******************************************************************************/ -/* - * Generates all key material. - */ -int32 sslDeriveKeys(ssl_t *ssl) -{ - sslMd5Context_t md5Ctx; - sslSha1Context_t sha1Ctx; - unsigned char buf[SSL_MD5_HASH_SIZE + SSL_SHA1_HASH_SIZE]; - unsigned char *tmp; - int32 i; - -/* - If this session is resumed, we want to reuse the master secret to - regenerate the key block with the new random values. -*/ - if (ssl->flags & SSL_FLAGS_RESUMED) { - goto skipPremaster; - } -/* - master_secret = - MD5(pre_master_secret + SHA('A' + pre_master_secret + - ClientHello.random + ServerHello.random)) + - MD5(pre_master_secret + SHA('BB' + pre_master_secret + - ClientHello.random + ServerHello.random)) + - MD5(pre_master_secret + SHA('CCC' + pre_master_secret + - ClientHello.random + ServerHello.random)); -*/ - tmp = ssl->sec.masterSecret; - for (i = 0; i < 3; i++) { - matrixSha1Init(&sha1Ctx); - matrixSha1Update(&sha1Ctx, salt[i], i + 1); - matrixSha1Update(&sha1Ctx, ssl->sec.premaster, ssl->sec.premasterSize); - matrixSha1Update(&sha1Ctx, ssl->sec.clientRandom, SSL_HS_RANDOM_SIZE); - matrixSha1Update(&sha1Ctx, ssl->sec.serverRandom, SSL_HS_RANDOM_SIZE); - matrixSha1Final(&sha1Ctx, buf); - - matrixMd5Init(&md5Ctx); - matrixMd5Update(&md5Ctx, ssl->sec.premaster, ssl->sec.premasterSize); - matrixMd5Update(&md5Ctx, buf, SSL_SHA1_HASH_SIZE); - matrixMd5Final(&md5Ctx, tmp); - tmp += SSL_MD5_HASH_SIZE; - } - memset(buf, 0x0, SSL_MD5_HASH_SIZE + SSL_SHA1_HASH_SIZE); -/* - premaster is now allocated for DH reasons. Can free here -*/ - psFree(ssl->sec.premaster); - ssl->sec.premaster = NULL; - ssl->sec.premasterSize = 0; - -skipPremaster: - if (createKeyBlock(ssl, ssl->sec.clientRandom, ssl->sec.serverRandom, - ssl->sec.masterSecret, SSL_HS_MASTER_SIZE) < 0) { - matrixStrDebugMsg("Unable to create key block\n", NULL); - return -1; - } - - return SSL_HS_MASTER_SIZE; -} - -/******************************************************************************/ -/* - Generate the key block as follows. '+' indicates concatination. - key_block = - MD5(master_secret + SHA(`A' + master_secret + - ServerHello.random + ClientHello.random)) + - MD5(master_secret + SHA(`BB' + master_secret + - ServerHello.random + ClientHello.random)) + - MD5(master_secret + SHA(`CCC' + master_secret + - ServerHello.random + ClientHello.random)) + - [...]; -*/ -static int32 createKeyBlock(ssl_t *ssl, unsigned char *clientRandom, - unsigned char *serverRandom, - unsigned char *masterSecret, int32 secretLen) -{ - sslMd5Context_t md5Ctx; - sslSha1Context_t sha1Ctx; - unsigned char buf[SSL_MD5_HASH_SIZE + SSL_SHA1_HASH_SIZE]; - unsigned char *tmp; - int32 keyIter, i, ret = 0; - int32 reqKeyLen; - -/* - We must generate enough key material to fill the various keys -*/ - reqKeyLen = 2 * ssl->cipher->macSize + - 2 * ssl->cipher->keySize + - 2 * ssl->cipher->ivSize; -/* - Find the right number of iterations to make the requested length key block -*/ - keyIter = 1; - while (SSL_MD5_HASH_SIZE * keyIter < reqKeyLen) { - keyIter++; - } - if (keyIter > sizeof(salt)/sizeof(char*)) { - matrixIntDebugMsg("Error: Not enough salt for key length of %d\n", - reqKeyLen); - return -1; - } - - tmp = ssl->sec.keyBlock; - for (i = 0; i < keyIter; i++) { - matrixSha1Init(&sha1Ctx); - matrixSha1Update(&sha1Ctx, salt[i], i + 1); - matrixSha1Update(&sha1Ctx, masterSecret, secretLen); - matrixSha1Update(&sha1Ctx, serverRandom, SSL_HS_RANDOM_SIZE); - matrixSha1Update(&sha1Ctx, clientRandom, SSL_HS_RANDOM_SIZE); - matrixSha1Final(&sha1Ctx, buf); - - matrixMd5Init(&md5Ctx); - matrixMd5Update(&md5Ctx, masterSecret, secretLen); - matrixMd5Update(&md5Ctx, buf, SSL_SHA1_HASH_SIZE); - matrixMd5Final(&md5Ctx, tmp); - tmp += SSL_MD5_HASH_SIZE; - ret += SSL_MD5_HASH_SIZE; - } - memset(buf, 0x0, SSL_MD5_HASH_SIZE + SSL_SHA1_HASH_SIZE); -/* - Client and server use different read/write values, with the Client - write value being the server read value. -*/ - if (ssl->flags & SSL_FLAGS_SERVER) { - ssl->sec.rMACptr = ssl->sec.keyBlock; - ssl->sec.wMACptr = ssl->sec.rMACptr + ssl->cipher->macSize; - ssl->sec.rKeyptr = ssl->sec.wMACptr + ssl->cipher->macSize; - ssl->sec.wKeyptr = ssl->sec.rKeyptr + ssl->cipher->keySize; - ssl->sec.rIVptr = ssl->sec.wKeyptr + ssl->cipher->keySize; - ssl->sec.wIVptr = ssl->sec.rIVptr + ssl->cipher->ivSize; - } else { - ssl->sec.wMACptr = ssl->sec.keyBlock; - ssl->sec.rMACptr = ssl->sec.wMACptr + ssl->cipher->macSize; - ssl->sec.wKeyptr = ssl->sec.rMACptr + ssl->cipher->macSize; - ssl->sec.rKeyptr = ssl->sec.wKeyptr + ssl->cipher->keySize; - ssl->sec.wIVptr = ssl->sec.rKeyptr + ssl->cipher->keySize; - ssl->sec.rIVptr = ssl->sec.wIVptr + ssl->cipher->ivSize; - } - - return ret; -} - -/******************************************************************************/ -/* - Combine the running hash of the handshake mesages with some constants - and mix them up a bit more. Output the result to the given buffer. - This data will be part of the Finished handshake message. -*/ -int32 sslGenerateFinishedHash(sslMd5Context_t *md5, sslSha1Context_t *sha1, - unsigned char *masterSecret, - unsigned char *out, int32 sender) -{ - sslMd5Context_t omd5; - sslSha1Context_t osha1; - - unsigned char ihash[SSL_SHA1_HASH_SIZE]; - -/* - md5Hash = MD5(master_secret + pad2 + - MD5(handshake_messages + sender + master_secret + pad1)); -*/ - if (sender >= 0) { - matrixMd5Update(md5, - (sender & SSL_FLAGS_SERVER) ? SENDER_SERVER : SENDER_CLIENT, 4); - } - matrixMd5Update(md5, masterSecret, SSL_HS_MASTER_SIZE); - matrixMd5Update(md5, pad1, sizeof(pad1)); - matrixMd5Final(md5, ihash); - - matrixMd5Init(&omd5); - matrixMd5Update(&omd5, masterSecret, SSL_HS_MASTER_SIZE); - matrixMd5Update(&omd5, pad2, sizeof(pad2)); - matrixMd5Update(&omd5, ihash, SSL_MD5_HASH_SIZE); - matrixMd5Final(&omd5, out); -/* - The SHA1 hash is generated in the same way, except only 40 bytes - of pad1 and pad2 are used. - sha1Hash = SHA1(master_secret + pad2 + - SHA1(handshake_messages + sender + master_secret + pad1)); -*/ - if (sender >= 0) { - matrixSha1Update(sha1, - (sender & SSL_FLAGS_SERVER) ? SENDER_SERVER : SENDER_CLIENT, 4); - } - matrixSha1Update(sha1, masterSecret, SSL_HS_MASTER_SIZE); - matrixSha1Update(sha1, pad1, 40); - matrixSha1Final(sha1, ihash); - - matrixSha1Init(&osha1); - matrixSha1Update(&osha1, masterSecret, SSL_HS_MASTER_SIZE); - matrixSha1Update(&osha1, pad2, 40); - matrixSha1Update(&osha1, ihash, SSL_SHA1_HASH_SIZE); - matrixSha1Final(&osha1, out + SSL_MD5_HASH_SIZE); - - return SSL_MD5_HASH_SIZE + SSL_SHA1_HASH_SIZE; -} - -#ifdef USE_SHA1_MAC -/******************************************************************************/ -/* - SSLv3 uses a method similar to HMAC to generate the SHA1 message MAC. - For SHA1, 40 bytes of the pad are used. - - SHA1(MAC_write_secret + pad2 + - SHA1(MAC_write_secret + pad1 + seq_num + length + content)); -*/ -int32 ssl3HMACSha1(unsigned char *key, unsigned char *seq, - unsigned char type, unsigned char *data, int32 len, - unsigned char *mac) -{ - sslSha1Context_t sha1; - unsigned char ihash[SSL_SHA1_HASH_SIZE]; - int32 i; - - matrixSha1Init(&sha1); - matrixSha1Update(&sha1, key, SSL_SHA1_HASH_SIZE); - matrixSha1Update(&sha1, pad1, 40); - matrixSha1Update(&sha1, seq, 8); - ihash[0] = type; - ihash[1] = (len & 0xFF00) >> 8; - ihash[2] = len & 0xFF; - matrixSha1Update(&sha1, ihash, 3); - matrixSha1Update(&sha1, data, len); - matrixSha1Final(&sha1, ihash); - - matrixSha1Init(&sha1); - matrixSha1Update(&sha1, key, SSL_SHA1_HASH_SIZE); - matrixSha1Update(&sha1, pad2, 40); - matrixSha1Update(&sha1, ihash, SSL_SHA1_HASH_SIZE); - matrixSha1Final(&sha1, mac); - -/* - Increment sequence number -*/ - for (i = 7; i >= 0; i--) { - seq[i]++; - if (seq[i] != 0) { - break; - } - } - return SSL_SHA1_HASH_SIZE; -} -#endif /* USE_SHA1_MAC */ - -#ifdef USE_MD5_MAC -/******************************************************************************/ -/* - SSLv3 uses a method similar to HMAC to generate the MD5 message MAC. - For MD5, 48 bytes of the pad are used. - - MD5(MAC_write_secret + pad2 + - MD5(MAC_write_secret + pad1 + seq_num + length + content)); -*/ -int32 ssl3HMACMd5(unsigned char *key, unsigned char *seq, - unsigned char type, unsigned char *data, int32 len, - unsigned char *mac) -{ - sslMd5Context_t md5; - unsigned char ihash[SSL_MD5_HASH_SIZE]; - int32 i; - - matrixMd5Init(&md5); - matrixMd5Update(&md5, key, SSL_MD5_HASH_SIZE); - matrixMd5Update(&md5, pad1, 48); - matrixMd5Update(&md5, seq, 8); - ihash[0] = type; - ihash[1] = (len & 0xFF00) >> 8; - ihash[2] = len & 0xFF; - matrixMd5Update(&md5, ihash, 3); - matrixMd5Update(&md5, data, len); - matrixMd5Final(&md5, ihash); - - matrixMd5Init(&md5); - matrixMd5Update(&md5, key, SSL_MD5_HASH_SIZE); - matrixMd5Update(&md5, pad2, 48); - matrixMd5Update(&md5, ihash, SSL_MD5_HASH_SIZE); - matrixMd5Final(&md5, mac); - -/* - Increment sequence number -*/ - for (i = 7; i >= 0; i--) { - seq[i]++; - if (seq[i] != 0) { - break; - } - } - return SSL_MD5_HASH_SIZE; -} - -#endif /* USE_MD5_MAC */ - -/******************************************************************************/ - - |