EMS/svc.ems
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

2G ems initial

Browse Source
This commit is contained in:
simonzhangsz
2024-03-13 09:30:40 +08:00
commit eed6460ad2
1234 changed files with 419571 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

177
include/nettle/aes.h Normal file
View File

@@ -0,0 +1,177 @@
/* aes.h
The aes/rijndael block cipher.
Copyright (C) 2001, 2013 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_AES_H_INCLUDED
#define NETTLE_AES_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define aes_set_encrypt_key nettle_aes_set_encrypt_key
#define aes_set_decrypt_key nettle_aes_set_decrypt_key
#define aes_invert_key nettle_aes_invert_key
#define aes_encrypt nettle_aes_encrypt
#define aes_decrypt nettle_aes_decrypt
#define aes128_set_encrypt_key nettle_aes128_set_encrypt_key
#define aes128_set_decrypt_key nettle_aes128_set_decrypt_key
#define aes128_invert_key nettle_aes128_invert_key
#define aes128_encrypt nettle_aes128_encrypt
#define aes128_decrypt nettle_aes128_decrypt
#define aes192_set_encrypt_key nettle_aes192_set_encrypt_key
#define aes192_set_decrypt_key nettle_aes192_set_decrypt_key
#define aes192_invert_key nettle_aes192_invert_key
#define aes192_encrypt nettle_aes192_encrypt
#define aes192_decrypt nettle_aes192_decrypt
#define aes256_set_encrypt_key nettle_aes256_set_encrypt_key
#define aes256_set_decrypt_key nettle_aes256_set_decrypt_key
#define aes256_invert_key nettle_aes256_invert_key
#define aes256_encrypt nettle_aes256_encrypt
#define aes256_decrypt nettle_aes256_decrypt
#define AES_BLOCK_SIZE 16
#define AES128_KEY_SIZE 16
#define AES192_KEY_SIZE 24
#define AES256_KEY_SIZE 32
#define _AES128_ROUNDS 10
#define _AES192_ROUNDS 12
#define _AES256_ROUNDS 14
/* Variable key size between 128 and 256 bits. But the only valid
* values are 16 (128 bits), 24 (192 bits) and 32 (256 bits). */
#define AES_MIN_KEY_SIZE AES128_KEY_SIZE
#define AES_MAX_KEY_SIZE AES256_KEY_SIZE
/* Older nettle-2.7 interface */
#define AES_KEY_SIZE 32
struct aes_ctx
{
unsigned rounds; /* number of rounds to use for our key size */
uint32_t keys[4*(_AES256_ROUNDS + 1)]; /* maximum size of key schedule */
};
void
aes_set_encrypt_key(struct aes_ctx *ctx,
size_t length, const uint8_t *key);
void
aes_set_decrypt_key(struct aes_ctx *ctx,
size_t length, const uint8_t *key);
void
aes_invert_key(struct aes_ctx *dst,
const struct aes_ctx *src);
void
aes_encrypt(const struct aes_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
void
aes_decrypt(const struct aes_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
struct aes128_ctx
{
uint32_t keys[4 * (_AES128_ROUNDS + 1)];
};
void
aes128_set_encrypt_key(struct aes128_ctx *ctx, const uint8_t *key);
void
aes128_set_decrypt_key(struct aes128_ctx *ctx, const uint8_t *key);
void
aes128_invert_key(struct aes128_ctx *dst,
const struct aes128_ctx *src);
void
aes128_encrypt(const struct aes128_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
void
aes128_decrypt(const struct aes128_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
struct aes192_ctx
{
uint32_t keys[4 * (_AES192_ROUNDS + 1)];
};
void
aes192_set_encrypt_key(struct aes192_ctx *ctx, const uint8_t *key);
void
aes192_set_decrypt_key(struct aes192_ctx *ctx, const uint8_t *key);
void
aes192_invert_key(struct aes192_ctx *dst,
const struct aes192_ctx *src);
void
aes192_encrypt(const struct aes192_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
void
aes192_decrypt(const struct aes192_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
struct aes256_ctx
{
uint32_t keys[4 * (_AES256_ROUNDS + 1)];
};
void
aes256_set_encrypt_key(struct aes256_ctx *ctx, const uint8_t *key);
void
aes256_set_decrypt_key(struct aes256_ctx *ctx, const uint8_t *key);
void
aes256_invert_key(struct aes256_ctx *dst,
const struct aes256_ctx *src);
void
aes256_encrypt(const struct aes256_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
void
aes256_decrypt(const struct aes256_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_AES_H_INCLUDED */

79
include/nettle/arcfour.h Normal file
View File

@@ -0,0 +1,79 @@
/* arcfour.h
The arcfour/rc4 stream cipher.
Copyright (C) 2001, 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_ARCFOUR_H_INCLUDED
#define NETTLE_ARCFOUR_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define arcfour128_set_key nettle_arcfour128_set_key
#define arcfour_set_key nettle_arcfour_set_key
#define arcfour_crypt nettle_arcfour_crypt
/* Minimum and maximum keysizes, and a reasonable default. In
* octets.*/
#define ARCFOUR_MIN_KEY_SIZE 1
#define ARCFOUR_MAX_KEY_SIZE 256
#define ARCFOUR_KEY_SIZE 16
#define ARCFOUR128_KEY_SIZE 16
struct arcfour_ctx
{
uint8_t S[256];
uint8_t i;
uint8_t j;
};
void
arcfour_set_key(struct arcfour_ctx *ctx,
size_t length, const uint8_t *key);
void
arcfour128_set_key(struct arcfour_ctx *ctx, const uint8_t *key);
void
arcfour_crypt(struct arcfour_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_ARCFOUR_H_INCLUDED */

103
include/nettle/arctwo.h Normal file
View File

@@ -0,0 +1,103 @@
/* arctwo.h
The arctwo/rfc2268 block cipher.
Copyright (C) 2004 Simon Josefsson
Copyright (C) 2002, 2004, 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_ARCTWO_H_INCLUDED
#define NETTLE_ARCTWO_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define arctwo_set_key nettle_arctwo_set_key
#define arctwo_set_key_ekb nettle_arctwo_set_key_ekb
#define arctwo_set_key_gutmann nettle_arctwo_set_key_gutmann
#define arctwo40_set_key nettle_arctwo40_set_key
#define arctwo64_set_key nettle_arctwo64_set_key
#define arctwo128_set_key nettle_arctwo128_set_key
#define arctwo128_set_key_gutmann nettle_arctwo128_set_key_gutmann
#define arctwo_encrypt nettle_arctwo_encrypt
#define arctwo_decrypt nettle_arctwo_decrypt
#define ARCTWO_BLOCK_SIZE 8
/* Variable key size from 1 byte to 128 bytes. */
#define ARCTWO_MIN_KEY_SIZE 1
#define ARCTWO_MAX_KEY_SIZE 128
#define ARCTWO_KEY_SIZE 8
struct arctwo_ctx
{
uint16_t S[64];
};
/* Key expansion function that takes the "effective key bits", 1-1024,
as an explicit argument. 0 means maximum key bits. */
void
arctwo_set_key_ekb (struct arctwo_ctx *ctx,
size_t length, const uint8_t * key, unsigned ekb);
/* Equvivalent to arctwo_set_key_ekb, with ekb = 8 * length */
void
arctwo_set_key (struct arctwo_ctx *ctx, size_t length, const uint8_t *key);
void
arctwo40_set_key (struct arctwo_ctx *ctx, const uint8_t *key);
void
arctwo64_set_key (struct arctwo_ctx *ctx, const uint8_t *key);
void
arctwo128_set_key (struct arctwo_ctx *ctx, const uint8_t *key);
/* Equvivalent to arctwo_set_key_ekb, with ekb = 1024 */
void
arctwo_set_key_gutmann (struct arctwo_ctx *ctx,
size_t length, const uint8_t *key);
void
arctwo128_set_key_gutmann (struct arctwo_ctx *ctx,
const uint8_t *key);
void
arctwo_encrypt (struct arctwo_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
arctwo_decrypt (struct arctwo_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_ARCTWO_H_INCLUDED */

152
include/nettle/asn1.h Normal file
View File

@@ -0,0 +1,152 @@
/* asn1.h
Limited support for ASN.1 DER decoding.
Copyright (C) 2005 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_ASN1_H_INCLUDED
#define NETTLE_ASN1_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define asn1_der_iterator_first nettle_asn1_der_iterator_first
#define asn1_der_iterator_next nettle_asn1_der_iterator_next
#define asn1_der_decode_constructed nettle_asn1_der_decode_constructed
#define asn1_der_decode_constructed_last nettle_asn1_der_decode_constructed_last
#define asn1_der_decode_bitstring nettle_asn1_der_decode_bitstring
#define asn1_der_decode_bitstring_last nettle_asn1_der_decode_bitstring_last
#define asn1_der_get_uint32 nettle_asn1_der_get_uint32
#define asn1_der_get_bignum nettle_asn1_der_get_bignum
/* enum asn1_type keeps the class number and the constructive in bits
13-14, and the constructive flag in bit 12. The remaining 14 bits
are the tag (although currently, only tags in the range 0-30 are
supported). */
enum
{
ASN1_TYPE_CONSTRUCTED = 1 << 12,
ASN1_CLASS_UNIVERSAL = 0,
ASN1_CLASS_APPLICATION = 1 << 13,
ASN1_CLASS_CONTEXT_SPECIFIC = 2 << 13,
ASN1_CLASS_PRIVATE = 3 << 13,
ASN1_CLASS_MASK = 3 << 13,
ASN1_CLASS_SHIFT = 13,
};
enum asn1_type
{
ASN1_BOOLEAN = 1,
ASN1_INTEGER = 2,
ASN1_BITSTRING = 3,
ASN1_OCTETSTRING = 4,
ASN1_NULL = 5,
ASN1_IDENTIFIER = 6,
ASN1_REAL = 9,
ASN1_ENUMERATED = 10,
ASN1_UTF8STRING = 12,
ASN1_SEQUENCE = 16 | ASN1_TYPE_CONSTRUCTED,
ASN1_SET = 17 | ASN1_TYPE_CONSTRUCTED,
ASN1_PRINTABLESTRING = 19,
ASN1_TELETEXSTRING = 20,
ASN1_IA5STRING = 22,
ASN1_UTC = 23,
ASN1_UNIVERSALSTRING = 28,
ASN1_BMPSTRING = 30,
};
enum asn1_iterator_result
{
ASN1_ITERATOR_ERROR,
ASN1_ITERATOR_PRIMITIVE,
ASN1_ITERATOR_CONSTRUCTED,
ASN1_ITERATOR_END,
};
/* Parsing DER objects. */
struct asn1_der_iterator
{
size_t buffer_length;
const uint8_t *buffer;
/* Next object to parse. */
size_t pos;
enum asn1_type type;
/* Pointer to the current object */
size_t length;
const uint8_t *data;
};
/* Initializes the iterator. */
enum asn1_iterator_result
asn1_der_iterator_first(struct asn1_der_iterator *iterator,
size_t length, const uint8_t *input);
enum asn1_iterator_result
asn1_der_iterator_next(struct asn1_der_iterator *iterator);
/* Starts parsing of a constructed object. */
enum asn1_iterator_result
asn1_der_decode_constructed(struct asn1_der_iterator *i,
struct asn1_der_iterator *contents);
/* For the common case that we have a sequence at the end of the
object. Checks that the current object is the final one, and then
reinitializes the iterator to parse its ontents. */
enum asn1_iterator_result
asn1_der_decode_constructed_last(struct asn1_der_iterator *i);
enum asn1_iterator_result
asn1_der_decode_bitstring(struct asn1_der_iterator *i,
struct asn1_der_iterator *contents);
enum asn1_iterator_result
asn1_der_decode_bitstring_last(struct asn1_der_iterator *i);
/* All these functions return 1 on success, 0 on failure */
int
asn1_der_get_uint32(struct asn1_der_iterator *i,
uint32_t *x);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_ASN1_H_INCLUDED */

110
include/nettle/base16.h Normal file
View File

@@ -0,0 +1,110 @@
/* base16.h
Hex encoding and decoding, following spki conventions (i.e.
allowing whitespace between digits).
Copyright (C) 2002 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_BASE16_H_INCLUDED
#define NETTLE_BASE16_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define base16_encode_single nettle_base16_encode_single
#define base16_encode_update nettle_base16_encode_update
#define base16_decode_init nettle_base16_decode_init
#define base16_decode_single nettle_base16_decode_single
#define base16_decode_update nettle_base16_decode_update
#define base16_decode_final nettle_base16_decode_final
/* Base16 encoding */
/* Maximum length of output for base16_encode_update. */
#define BASE16_ENCODE_LENGTH(length) ((length) * 2)
/* Encodes a single byte. Always stores two digits in dst[0] and dst[1]. */
void
base16_encode_single(char *dst,
uint8_t src);
/* Always stores BASE16_ENCODE_LENGTH(length) digits in dst. */
void
base16_encode_update(char *dst,
size_t length,
const uint8_t *src);
/* Base16 decoding */
/* Maximum length of output for base16_decode_update. */
/* We have at most 4 buffered bits, and a total of (length + 1) * 4 bits. */
#define BASE16_DECODE_LENGTH(length) (((length) + 1) / 2)
struct base16_decode_ctx
{
unsigned char word; /* Leftover bits */
unsigned char bits; /* Number buffered bits */
};
void
base16_decode_init(struct base16_decode_ctx *ctx);
/* Decodes a single byte. Returns amount of output (0 or 1), or -1 on
* errors. */
int
base16_decode_single(struct base16_decode_ctx *ctx,
uint8_t *dst,
char src);
/* Returns 1 on success, 0 on error. DST should point to an area of
* size at least BASE16_DECODE_LENGTH(length). The amount of data
* generated is returned in *DST_LENGTH. */
int
base16_decode_update(struct base16_decode_ctx *ctx,
size_t *dst_length,
uint8_t *dst,
size_t src_length,
const char *src);
/* Returns 1 on success. */
int
base16_decode_final(struct base16_decode_ctx *ctx);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_BASE16_H_INCLUDED */

172
include/nettle/base64.h Normal file
View File

@@ -0,0 +1,172 @@
/* base64.h
Base-64 encoding and decoding.
Copyright (C) 2002 Niels Möller, Dan Egnor
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_BASE64_H_INCLUDED
#define NETTLE_BASE64_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define base64_encode_init nettle_base64_encode_init
#define base64url_encode_init nettle_base64url_encode_init
#define base64_encode_single nettle_base64_encode_single
#define base64_encode_update nettle_base64_encode_update
#define base64_encode_final nettle_base64_encode_final
#define base64_encode_raw nettle_base64_encode_raw
#define base64_encode_group nettle_base64_encode_group
#define base64_decode_init nettle_base64_decode_init
#define base64url_decode_init nettle_base64url_decode_init
#define base64_decode_single nettle_base64_decode_single
#define base64_decode_update nettle_base64_decode_update
#define base64_decode_final nettle_base64_decode_final
#define BASE64_BINARY_BLOCK_SIZE 3
#define BASE64_TEXT_BLOCK_SIZE 4
/* Base64 encoding */
/* Maximum length of output for base64_encode_update. NOTE: Doesn't
* include any padding that base64_encode_final may add. */
/* We have at most 4 buffered bits, and a total of (4 + length * 8) bits. */
#define BASE64_ENCODE_LENGTH(length) (((length) * 8 + 4)/6)
/* Maximum length of output generated by base64_encode_final. */
#define BASE64_ENCODE_FINAL_LENGTH 3
/* Exact length of output generated by base64_encode_raw, including
* padding. */
#define BASE64_ENCODE_RAW_LENGTH(length) ((((length) + 2)/3)*4)
struct base64_encode_ctx
{
const char *alphabet; /* Alphabet to use for encoding */
unsigned short word; /* Leftover bits */
unsigned char bits; /* Number of bits, always 0, 2, or 4. */
};
/* Initialize encoding context for base-64 */
void
base64_encode_init(struct base64_encode_ctx *ctx);
/* Initialize encoding context for URL safe alphabet, RFC 4648. */
void
base64url_encode_init(struct base64_encode_ctx *ctx);
/* Encodes a single byte. Returns amount of output (always 1 or 2). */
size_t
base64_encode_single(struct base64_encode_ctx *ctx,
char *dst,
uint8_t src);
/* Returns the number of output characters. DST should point to an
* area of size at least BASE64_ENCODE_LENGTH(length). */
size_t
base64_encode_update(struct base64_encode_ctx *ctx,
char *dst,
size_t length,
const uint8_t *src);
/* DST should point to an area of size at least
* BASE64_ENCODE_FINAL_LENGTH */
size_t
base64_encode_final(struct base64_encode_ctx *ctx,
char *dst);
/* Lower level functions */
/* Encodes a string in one go, including any padding at the end.
* Generates exactly BASE64_ENCODE_RAW_LENGTH(length) bytes of output.
* Supports overlapped operation, if src <= dst. FIXME: Use of overlap
* is deprecated, if needed there should be a separate public fucntion
* to do that.*/
void
base64_encode_raw(char *dst, size_t length, const uint8_t *src);
void
base64_encode_group(char *dst, uint32_t group);
/* Base64 decoding */
/* Maximum length of output for base64_decode_update. */
/* We have at most 6 buffered bits, and a total of (length + 1) * 6 bits. */
#define BASE64_DECODE_LENGTH(length) ((((length) + 1) * 6) / 8)
struct base64_decode_ctx
{
const signed char *table; /* Decoding table */
unsigned short word; /* Leftover bits */
unsigned char bits; /* Number buffered bits */
/* Number of padding characters encountered */
unsigned char padding;
};
/* Initialize decoding context for base-64 */
void
base64_decode_init(struct base64_decode_ctx *ctx);
/* Initialize encoding context for URL safe alphabet, RFC 4648. */
void
base64url_decode_init(struct base64_decode_ctx *ctx);
/* Decodes a single byte. Returns amount of output (0 or 1), or -1 on
* errors. */
int
base64_decode_single(struct base64_decode_ctx *ctx,
uint8_t *dst,
char src);
/* Returns 1 on success, 0 on error. DST should point to an area of
* size at least BASE64_DECODE_LENGTH(length). The amount of data
* generated is returned in *DST_LENGTH. */
int
base64_decode_update(struct base64_decode_ctx *ctx,
size_t *dst_length,
uint8_t *dst,
size_t src_length,
const char *src);
/* Returns 1 on success. */
int
base64_decode_final(struct base64_decode_ctx *ctx);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_BASE64_H_INCLUDED */

140
include/nettle/bignum.h Normal file
View File

@@ -0,0 +1,140 @@
/* bignum.h
Bignum operations that are missing from gmp.
Copyright (C) 2001 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_BIGNUM_H_INCLUDED
#define NETTLE_BIGNUM_H_INCLUDED
#include "nettle-meta.h"
#include "nettle-types.h"
/* For NETTLE_USE_MINI_GMP */
#include "version.h"
#if NETTLE_USE_MINI_GMP
# include "mini-gmp.h"
# define GMP_NUMB_MASK (~(mp_limb_t) 0)
/* Function missing in older gmp versions, and checked for with ifdef */
# define mpz_limbs_read mpz_limbs_read
/* Side-channel silent powm not available in mini-gmp. */
# define mpz_powm_sec mpz_powm
#else
# include <gmp.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif
/* Size needed for signed encoding, including extra sign byte if
* necessary. */
size_t
nettle_mpz_sizeinbase_256_s(const mpz_t x);
/* Size needed for unsigned encoding */
size_t
nettle_mpz_sizeinbase_256_u(const mpz_t x);
/* Writes an integer as length octets, using big endian byte order,
* and two's complement for negative numbers. */
void
nettle_mpz_get_str_256(size_t length, uint8_t *s, const mpz_t x);
/* Reads a big endian, two's complement, integer. */
void
nettle_mpz_set_str_256_s(mpz_t x,
size_t length, const uint8_t *s);
void
nettle_mpz_init_set_str_256_s(mpz_t x,
size_t length, const uint8_t *s);
/* Similar, but for unsigned format. These function don't interpret
* the most significant bit as the sign. */
void
nettle_mpz_set_str_256_u(mpz_t x,
size_t length, const uint8_t *s);
void
nettle_mpz_init_set_str_256_u(mpz_t x,
size_t length, const uint8_t *s);
/* Returns a uniformly distributed random number 0 <= x < 2^n */
void
nettle_mpz_random_size(mpz_t x,
void *ctx, nettle_random_func *random,
unsigned bits);
/* Returns a number x, almost uniformly random in the range
* 0 <= x < n. */
void
nettle_mpz_random(mpz_t x,
void *ctx, nettle_random_func *random,
const mpz_t n);
void
nettle_random_prime(mpz_t p, unsigned bits, int top_bits_set,
void *ctx, nettle_random_func *random,
void *progress_ctx, nettle_progress_func *progress);
void
_nettle_generate_pocklington_prime (mpz_t p, mpz_t r,
unsigned bits, int top_bits_set,
void *ctx, nettle_random_func *random,
const mpz_t p0,
const mpz_t q,
const mpz_t p0q);
/* sexp parsing */
struct sexp_iterator;
/* If LIMIT is non-zero, the number must be at most LIMIT bits.
* Implies sexp_iterator_next. */
int
nettle_mpz_set_sexp(mpz_t x, unsigned limit, struct sexp_iterator *i);
/* der parsing */
struct asn1_der_iterator;
int
nettle_asn1_der_get_bignum(struct asn1_der_iterator *iterator,
mpz_t x, unsigned max_bits);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_BIGNUM_H_INCLUDED */

89
include/nettle/blowfish.h Normal file
View File

@@ -0,0 +1,89 @@
/* blowfish.h
Blowfish block cipher.
Copyright (C) 2014 Niels Möller
Copyright (C) 1998, 2001 FSF, Ray Dassen, Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_BLOWFISH_H_INCLUDED
#define NETTLE_BLOWFISH_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define blowfish_set_key nettle_blowfish_set_key
#define blowfish128_set_key nettle_blowfish128_set_key
#define blowfish_encrypt nettle_blowfish_encrypt
#define blowfish_decrypt nettle_blowfish_decrypt
#define BLOWFISH_BLOCK_SIZE 8
/* Variable key size between 64 and 448 bits. */
#define BLOWFISH_MIN_KEY_SIZE 8
#define BLOWFISH_MAX_KEY_SIZE 56
/* Default to 128 bits */
#define BLOWFISH_KEY_SIZE 16
#define BLOWFISH128_KEY_SIZE 16
#define _BLOWFISH_ROUNDS 16
struct blowfish_ctx
{
uint32_t s[4][256];
uint32_t p[_BLOWFISH_ROUNDS+2];
};
/* Returns 0 for weak keys, otherwise 1. */
int
blowfish_set_key(struct blowfish_ctx *ctx,
size_t length, const uint8_t *key);
int
blowfish128_set_key(struct blowfish_ctx *ctx, const uint8_t *key);
void
blowfish_encrypt(const struct blowfish_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
void
blowfish_decrypt(const struct blowfish_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_BLOWFISH_H_INCLUDED */

106
include/nettle/buffer.h Normal file
View File

@@ -0,0 +1,106 @@
/* buffer.h
A bare-bones string stream.
Copyright (C) 2002 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_BUFFER_H_INCLUDED
#define NETTLE_BUFFER_H_INCLUDED
#include "realloc.h"
#ifdef __cplusplus
extern "C" {
#endif
struct nettle_buffer
{
uint8_t *contents;
/* Allocated size */
size_t alloc;
void *realloc_ctx;
nettle_realloc_func *realloc;
/* Current size */
size_t size;
};
/* Initializes a buffer that uses plain realloc */
void
nettle_buffer_init(struct nettle_buffer *buffer);
void
nettle_buffer_init_realloc(struct nettle_buffer *buffer,
void *realloc_ctx,
nettle_realloc_func *realloc);
/* Initializes a buffer of fix size */
void
nettle_buffer_init_size(struct nettle_buffer *buffer,
size_t length, uint8_t *space);
void
nettle_buffer_clear(struct nettle_buffer *buffer);
/* Resets the buffer, without freeing the buffer space. */
void
nettle_buffer_reset(struct nettle_buffer *buffer);
int
nettle_buffer_grow(struct nettle_buffer *buffer,
size_t length);
#define NETTLE_BUFFER_PUTC(buffer, c) \
( (((buffer)->size < (buffer)->alloc) || nettle_buffer_grow((buffer), 1)) \
&& ((buffer)->contents[(buffer)->size++] = (c), 1) )
int
nettle_buffer_write(struct nettle_buffer *buffer,
size_t length, const uint8_t *data);
/* Like nettle_buffer_write, but instead of copying data to the
* buffer, it returns a pointer to the area where the caller can copy
* the data. The pointer is valid only until the next call that can
* reallocate the buffer. */
uint8_t *
nettle_buffer_space(struct nettle_buffer *buffer,
size_t length);
/* Copy the contents of SRC to the end of DST. */
int
nettle_buffer_copy(struct nettle_buffer *dst,
const struct nettle_buffer *src);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_BUFFER_H_INCLUDED */

143
include/nettle/camellia.h Normal file
View File

@@ -0,0 +1,143 @@
/* camellia.h
Copyright (C) 2006,2007 NTT
(Nippon Telegraph and Telephone Corporation).
Copyright (C) 2010, 2013 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_CAMELLIA_H_INCLUDED
#define NETTLE_CAMELLIA_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define camellia128_set_encrypt_key nettle_camellia128_set_encrypt_key
#define camellia128_set_decrypt_key nettle_camellia_set_decrypt_key
#define camellia128_invert_key nettle_camellia128_invert_key
#define camellia128_crypt nettle_camellia128_crypt
#define camellia192_set_encrypt_key nettle_camellia192_set_encrypt_key
#define camellia192_set_decrypt_key nettle_camellia192_set_decrypt_key
#define camellia256_set_encrypt_key nettle_camellia256_set_encrypt_key
#define camellia256_set_decrypt_key nettle_camellia256_set_decrypt_key
#define camellia256_invert_key nettle_camellia256_invert_key
#define camellia256_crypt nettle_camellia256_crypt
#define CAMELLIA_BLOCK_SIZE 16
/* Valid key sizes are 128, 192 or 256 bits (16, 24 or 32 bytes) */
#define CAMELLIA128_KEY_SIZE 16
#define CAMELLIA192_KEY_SIZE 24
#define CAMELLIA256_KEY_SIZE 32
/* For 128-bit keys, there are 18 regular rounds, pre- and
post-whitening, and two FL and FLINV rounds, using a total of 26
subkeys, each of 64 bit. For 192- and 256-bit keys, there are 6
additional regular rounds and one additional FL and FLINV, using a
total of 34 subkeys. */
/* The clever combination of subkeys imply one of the pre- and
post-whitening keys is folded with the round keys, so that subkey
#1 and the last one (#25 or #33) is not used. The result is that we
have only 24 or 32 subkeys at the end of key setup. */
#define _CAMELLIA128_NKEYS 24
#define _CAMELLIA256_NKEYS 32
struct camellia128_ctx
{
uint64_t keys[_CAMELLIA128_NKEYS];
};
void
camellia128_set_encrypt_key(struct camellia128_ctx *ctx,
const uint8_t *key);
void
camellia128_set_decrypt_key(struct camellia128_ctx *ctx,
const uint8_t *key);
void
camellia128_invert_key(struct camellia128_ctx *dst,
const struct camellia128_ctx *src);
void
camellia128_crypt(const struct camellia128_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
struct camellia256_ctx
{
uint64_t keys[_CAMELLIA256_NKEYS];
};
void
camellia256_set_encrypt_key(struct camellia256_ctx *ctx,
const uint8_t *key);
void
camellia256_set_decrypt_key(struct camellia256_ctx *ctx,
const uint8_t *key);
void
camellia256_invert_key(struct camellia256_ctx *dst,
const struct camellia256_ctx *src);
void
camellia256_crypt(const struct camellia256_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
/* camellia192 is the same as camellia256, except for the key
schedule. */
/* Slightly ugly with a #define on a struct tag, since it might cause
surprises if also used as a name of a variable. */
#define camellia192_ctx camellia256_ctx
void
camellia192_set_encrypt_key(struct camellia256_ctx *ctx,
const uint8_t *key);
void
camellia192_set_decrypt_key(struct camellia256_ctx *ctx,
const uint8_t *key);
#define camellia192_invert_key camellia256_invert_key
#define camellia192_crypt camellia256_crypt
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_CAMELLIA_H_INCLUDED */

86
include/nettle/cast128.h Normal file
View File

@@ -0,0 +1,86 @@
/* cast128.h
The CAST-128 block cipher.
Copyright (C) 2001, 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_CAST128_H_INCLUDED
#define NETTLE_CAST128_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define cast5_set_key nettle_cast5_set_key
#define cast128_set_key nettle_cast128_set_key
#define cast128_encrypt nettle_cast128_encrypt
#define cast128_decrypt nettle_cast128_decrypt
#define CAST128_BLOCK_SIZE 8
/* Variable key size between 40 and 128. */
#define CAST5_MIN_KEY_SIZE 5
#define CAST5_MAX_KEY_SIZE 16
#define CAST128_KEY_SIZE 16
struct cast128_ctx
{
unsigned rounds; /* Number of rounds to use, 12 or 16 */
/* Expanded key, rotations (5 bits only) and 32-bit masks. */
unsigned char Kr[16];
uint32_t Km[16];
};
/* Using variable key size. */
void
cast5_set_key(struct cast128_ctx *ctx,
size_t length, const uint8_t *key);
void
cast128_set_key(struct cast128_ctx *ctx, const uint8_t *key);
void
cast128_encrypt(const struct cast128_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
void
cast128_decrypt(const struct cast128_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_CAST128_H_INCLUDED */

86
include/nettle/cbc.h Normal file
View File

@@ -0,0 +1,86 @@
/* cbc.h
Cipher block chaining mode.
Copyright (C) 2001 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_CBC_H_INCLUDED
#define NETTLE_CBC_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define cbc_encrypt nettle_cbc_encrypt
#define cbc_decrypt nettle_cbc_decrypt
void
cbc_encrypt(const void *ctx, nettle_cipher_func *f,
size_t block_size, uint8_t *iv,
size_t length, uint8_t *dst,
const uint8_t *src);
void
cbc_decrypt(const void *ctx, nettle_cipher_func *f,
size_t block_size, uint8_t *iv,
size_t length, uint8_t *dst,
const uint8_t *src);
#define CBC_CTX(type, size) \
{ type ctx; uint8_t iv[size]; }
#define CBC_SET_IV(ctx, data) \
memcpy((ctx)->iv, (data), sizeof((ctx)->iv))
/* NOTE: Avoid using NULL, as we don't include anything defining it. */
#define CBC_ENCRYPT(self, f, length, dst, src) \
(0 ? ((f)(&(self)->ctx, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0)) \
: cbc_encrypt((void *) &(self)->ctx, \
(nettle_cipher_func *) (f), \
sizeof((self)->iv), (self)->iv, \
(length), (dst), (src)))
#define CBC_DECRYPT(self, f, length, dst, src) \
(0 ? ((f)(&(self)->ctx, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0)) \
: cbc_decrypt((void *) &(self)->ctx, \
(nettle_cipher_func *) (f), \
sizeof((self)->iv), (self)->iv, \
(length), (dst), (src)))
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_CBC_H_INCLUDED */

302
include/nettle/ccm.h Normal file
View File

@@ -0,0 +1,302 @@
/* ccm.h
Counter with CBC-MAC mode, specified by NIST,
http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
Copyright (C) 2014 Exegin Technologies Limited
Copyright (C) 2014 Owen Kirby
Contributed to GNU Nettle by Owen Kirby
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
/* NIST SP800-38C doesn't specify the particular formatting and
* counter generation algorithm for CCM, but it does include an
* example algorithm. This example has become the de-factor standard,
* and has been adopted by both the IETF and IEEE across a wide
* variety of protocols.
*/
#ifndef NETTLE_CCM_H_INCLUDED
#define NETTLE_CCM_H_INCLUDED
#include "aes.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define ccm_set_nonce nettle_ccm_set_nonce
#define ccm_update nettle_ccm_update
#define ccm_encrypt nettle_ccm_encrypt
#define ccm_decrypt nettle_ccm_decrypt
#define ccm_digest nettle_ccm_digest
#define ccm_encrypt_message nettle_ccm_encrypt_message
#define ccm_decrypt_message nettle_ccm_decrypt_message
#define ccm_aes128_set_key nettle_ccm_aes128_set_key
#define ccm_aes128_set_nonce nettle_ccm_aes128_set_nonce
#define ccm_aes128_update nettle_ccm_aes128_update
#define ccm_aes128_encrypt nettle_ccm_aes128_encrypt
#define ccm_aes128_decrypt nettle_ccm_aes128_decrypt
#define ccm_aes128_digest nettle_ccm_aes128_digest
#define ccm_aes128_encrypt_message nettle_ccm_aes128_encrypt_message
#define ccm_aes128_decrypt_message nettle_ccm_aes128_decrypt_message
#define ccm_aes192_set_key nettle_ccm_aes192_set_key
#define ccm_aes192_set_nonce nettle_ccm_aes192_set_nonce
#define ccm_aes192_update nettle_ccm_aes192_update
#define ccm_aes192_encrypt nettle_ccm_aes192_encrypt
#define ccm_aes192_decrypt nettle_ccm_aes192_decrypt
#define ccm_aes192_digest nettle_ccm_aes192_digest
#define ccm_aes192_encrypt_message nettle_ccm_aes192_encrypt_message
#define ccm_aes192_decrypt_message nettle_ccm_aes192_decrypt_message
#define ccm_aes256_set_key nettle_ccm_aes256_set_key
#define ccm_aes256_set_nonce nettle_ccm_aes256_set_nonce
#define ccm_aes256_update nettle_ccm_aes256_update
#define ccm_aes256_encrypt nettle_ccm_aes256_encrypt
#define ccm_aes256_decrypt nettle_ccm_aes256_decrypt
#define ccm_aes256_digest nettle_ccm_aes256_digest
#define ccm_aes256_encrypt_message nettle_ccm_aes256_encrypt_message
#define ccm_aes256_decrypt_message nettle_ccm_aes256_decrypt_message
/* For CCM, the block size of the block cipher shall be 128 bits. */
#define CCM_BLOCK_SIZE 16
#define CCM_DIGEST_SIZE 16
#define CCM_MIN_NONCE_SIZE 7
#define CCM_MAX_NONCE_SIZE 14
/* Maximum cleartext message size, as a function of the nonce size N.
The length field is L octets, with L = 15 - N, and then the maximum
size M = 2^{8L} - 1. */
#define CCM_MAX_MSG_SIZE(N) \
((sizeof(size_t) + (N) <= 15) \
? ~(size_t) 0 \
: ((size_t) 1 << (8*(15 - N))) - 1)
/* Per-message state */
struct ccm_ctx {
union nettle_block16 ctr; /* Counter for CTR encryption. */
union nettle_block16 tag; /* CBC-MAC message tag. */
/* Length of data processed by the CBC-MAC modulus the block size */
unsigned int blength;
};
/*
* CCM mode requires the adata and message lengths when building the IV, which
* prevents streaming processing and it incompatible with the AEAD API.
*/
void
ccm_set_nonce(struct ccm_ctx *ctx, const void *cipher, nettle_cipher_func *f,
size_t noncelen, const uint8_t *nonce,
size_t authlen, size_t msglen, size_t taglen);
void
ccm_update(struct ccm_ctx *ctx, const void *cipher, nettle_cipher_func *f,
size_t length, const uint8_t *data);
void
ccm_encrypt(struct ccm_ctx *ctx, const void *cipher, nettle_cipher_func *f,
size_t length, uint8_t *dst, const uint8_t *src);
void
ccm_decrypt(struct ccm_ctx *ctx, const void *cipher, nettle_cipher_func *f,
size_t length, uint8_t *dst, const uint8_t *src);
void
ccm_digest(struct ccm_ctx *ctx, const void *cipher, nettle_cipher_func *f,
size_t length, uint8_t *digest);
/*
* All-in-one encryption and decryption API:
* tlength = sizeof(digest)
* mlength = sizeof(cleartext)
* clength = sizeof(ciphertext) = mlength + tlength
*
* The ciphertext will contain the encrypted payload with the message digest
* appended to the end.
*/
void
ccm_encrypt_message(const void *cipher, nettle_cipher_func *f,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
size_t clength, uint8_t *dst, const uint8_t *src);
/*
* The decryption function will write the plaintext to dst and parse the digest
* from the final tlength bytes of the ciphertext. If the digest matched the
* value computed during decryption then this will return 1, or it will return
* 0 if the digest was invalid.
*/
int
ccm_decrypt_message(const void *cipher, nettle_cipher_func *f,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
size_t mlength, uint8_t *dst, const uint8_t *src);
/* CCM Mode with AES-128 */
struct ccm_aes128_ctx {
struct ccm_ctx ccm;
struct aes128_ctx cipher;
};
void
ccm_aes128_set_key(struct ccm_aes128_ctx *ctx, const uint8_t *key);
void
ccm_aes128_set_nonce(struct ccm_aes128_ctx *ctx,
size_t length, const uint8_t *nonce,
size_t authlen, size_t msglen, size_t taglen);
void
ccm_aes128_update (struct ccm_aes128_ctx *ctx,
size_t length, const uint8_t *data);
void
ccm_aes128_encrypt(struct ccm_aes128_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
ccm_aes128_decrypt(struct ccm_aes128_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
ccm_aes128_digest(struct ccm_aes128_ctx *ctx,
size_t length, uint8_t *digest);
void
ccm_aes128_encrypt_message(struct ccm_aes128_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
size_t clength, uint8_t *dst, const uint8_t *src);
int
ccm_aes128_decrypt_message(struct ccm_aes128_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
size_t mlength, uint8_t *dst, const uint8_t *src);
struct ccm_aes192_ctx {
struct ccm_ctx ccm;
struct aes192_ctx cipher;
};
/* CCM Mode with AES-192 */
void
ccm_aes192_set_key(struct ccm_aes192_ctx *ctx, const uint8_t *key);
void
ccm_aes192_set_nonce(struct ccm_aes192_ctx *ctx,
size_t length, const uint8_t *nonce,
size_t authlen, size_t msglen, size_t taglen);
void
ccm_aes192_update(struct ccm_aes192_ctx *ctx,
size_t length, const uint8_t *data);
void
ccm_aes192_encrypt(struct ccm_aes192_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
ccm_aes192_decrypt(struct ccm_aes192_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
ccm_aes192_digest(struct ccm_aes192_ctx *ctx,
size_t length, uint8_t *digest);
void
ccm_aes192_encrypt_message(struct ccm_aes192_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
size_t clength, uint8_t *dst, const uint8_t *src);
int
ccm_aes192_decrypt_message(struct ccm_aes192_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
size_t mlength, uint8_t *dst, const uint8_t *src);
/* CCM Mode with AES-256 */
struct ccm_aes256_ctx {
struct ccm_ctx ccm;
struct aes256_ctx cipher;
};
void
ccm_aes256_set_key(struct ccm_aes256_ctx *ctx, const uint8_t *key);
void
ccm_aes256_set_nonce(struct ccm_aes256_ctx *ctx,
size_t length, const uint8_t *nonce,
size_t authlen, size_t msglen, size_t taglen);
void
ccm_aes256_update(struct ccm_aes256_ctx *ctx,
size_t length, const uint8_t *data);
void
ccm_aes256_encrypt(struct ccm_aes256_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
ccm_aes256_decrypt(struct ccm_aes256_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
ccm_aes256_digest(struct ccm_aes256_ctx *ctx,
size_t length, uint8_t *digest);
void
ccm_aes256_encrypt_message(struct ccm_aes256_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
size_t clength, uint8_t *dst, const uint8_t *src);
int
ccm_aes256_decrypt_message(struct ccm_aes256_ctx *ctx,
size_t nlength, const uint8_t *nonce,
size_t alength, const uint8_t *adata,
size_t tlength,
size_t mlength, uint8_t *dst, const uint8_t *src);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_CCM_H_INCLUDED */

87
include/nettle/cfb.h Normal file
View File

@@ -0,0 +1,87 @@
/* cfb.h
Cipher feedback mode.
Copyright (C) 2015, 2017 Dmitry Eremin-Solenikov
Copyright (C) 2001 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_CFB_H_INCLUDED
#define NETTLE_CFB_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define cfb_encrypt nettle_cfb_encrypt
#define cfb_decrypt nettle_cfb_decrypt
void
cfb_encrypt(const void *ctx, nettle_cipher_func *f,
size_t block_size, uint8_t *iv,
size_t length, uint8_t *dst,
const uint8_t *src);
void
cfb_decrypt(const void *ctx, nettle_cipher_func *f,
size_t block_size, uint8_t *iv,
size_t length, uint8_t *dst,
const uint8_t *src);
#define CFB_CTX(type, size) \
{ type ctx; uint8_t iv[size]; }
#define CFB_SET_IV(ctx, data) \
memcpy((ctx)->iv, (data), sizeof((ctx)->iv))
/* NOTE: Avoid using NULL, as we don't include anything defining it. */
#define CFB_ENCRYPT(self, f, length, dst, src) \
(0 ? ((f)(&(self)->ctx, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0)) \
: cfb_encrypt((void *) &(self)->ctx, \
(nettle_cipher_func *) (f), \
sizeof((self)->iv), (self)->iv, \
(length), (dst), (src)))
#define CFB_DECRYPT(self, f, length, dst, src) \
(0 ? ((f)(&(self)->ctx, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0)) \
: cfb_decrypt((void *) &(self)->ctx, \
(nettle_cipher_func *) (f), \
sizeof((self)->iv), (self)->iv, \
(length), (dst), (src)))
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_CFB_H_INCLUDED */

98
include/nettle/chacha-poly1305.h Normal file
View File

@@ -0,0 +1,98 @@
/* chacha-poly1305.h
AEAD mechanism based on chacha and poly1305.
See draft-agl-tls-chacha20poly1305-04.
Copyright (C) 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_CHACHA_POLY1305_H_INCLUDED
#define NETTLE_CHACHA_POLY1305_H_INCLUDED
#include "chacha.h"
#include "poly1305.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define chacha_poly1305_set_key nettle_chacha_poly1305_set_key
#define chacha_poly1305_set_nonce nettle_chacha_poly1305_set_nonce
#define chacha_poly1305_update nettle_chacha_poly1305_update
#define chacha_poly1305_decrypt nettle_chacha_poly1305_decrypt
#define chacha_poly1305_encrypt nettle_chacha_poly1305_encrypt
#define chacha_poly1305_digest nettle_chacha_poly1305_digest
#define CHACHA_POLY1305_BLOCK_SIZE 64
/* FIXME: Any need for 128-bit variant? */
#define CHACHA_POLY1305_KEY_SIZE 32
#define CHACHA_POLY1305_NONCE_SIZE CHACHA_NONCE96_SIZE
#define CHACHA_POLY1305_DIGEST_SIZE 16
struct chacha_poly1305_ctx
{
struct chacha_ctx chacha;
struct poly1305_ctx poly1305;
union nettle_block16 s;
uint64_t auth_size;
uint64_t data_size;
/* poly1305 block */
uint8_t block[POLY1305_BLOCK_SIZE];
unsigned index;
};
void
chacha_poly1305_set_key (struct chacha_poly1305_ctx *ctx,
const uint8_t *key);
void
chacha_poly1305_set_nonce (struct chacha_poly1305_ctx *ctx,
const uint8_t *nonce);
void
chacha_poly1305_update (struct chacha_poly1305_ctx *ctx,
size_t length, const uint8_t *data);
void
chacha_poly1305_encrypt (struct chacha_poly1305_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
chacha_poly1305_decrypt (struct chacha_poly1305_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
chacha_poly1305_digest (struct chacha_poly1305_ctx *ctx,
size_t length, uint8_t *digest);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_CHACHA_POLY1305_H_INCLUDED */

96
include/nettle/chacha.h Normal file
View File

@@ -0,0 +1,96 @@
/* chacha.h
The ChaCha stream cipher.
Copyright (C) 2013 Joachim Strömbergson
Copyright (C) 2012 Simon Josefsson
Copyright (C) 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_CHACHA_H_INCLUDED
#define NETTLE_CHACHA_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define chacha_set_key nettle_chacha_set_key
#define chacha_set_nonce nettle_chacha_set_nonce
#define chacha_set_nonce96 nettle_chacha_set_nonce96
#define chacha_crypt nettle_chacha_crypt
#define _chacha_core _nettle_chacha_core
/* Currently, only 256-bit keys are supported. */
#define CHACHA_KEY_SIZE 32
#define CHACHA_BLOCK_SIZE 64
#define CHACHA_NONCE_SIZE 8
#define CHACHA_NONCE96_SIZE 12
#define _CHACHA_STATE_LENGTH 16
struct chacha_ctx
{
/* Indices 0-3 holds a constant (SIGMA or TAU).
Indices 4-11 holds the key.
Indices 12-13 holds the block counter.
Indices 14-15 holds the IV:
This creates the state matrix:
C C C C
K K K K
K K K K
B B I I
*/
uint32_t state[_CHACHA_STATE_LENGTH];
};
void
chacha_set_key(struct chacha_ctx *ctx, const uint8_t *key);
void
chacha_set_nonce(struct chacha_ctx *ctx, const uint8_t *nonce);
void
chacha_set_nonce96(struct chacha_ctx *ctx, const uint8_t *nonce);
void
chacha_crypt(struct chacha_ctx *ctx, size_t length,
uint8_t *dst, const uint8_t *src);
void
_chacha_core(uint32_t *dst, const uint32_t *src, unsigned rounds);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_CHACHA_H_INCLUDED */

71
include/nettle/ctr.h Normal file
View File

@@ -0,0 +1,71 @@
/* ctr.h
Counter mode, using an network byte order incremented counter,
matching the testcases of NIST 800-38A.
Copyright (C) 2005 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_CTR_H_INCLUDED
#define NETTLE_CTR_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define ctr_crypt nettle_ctr_crypt
void
ctr_crypt(const void *ctx, nettle_cipher_func *f,
size_t block_size, uint8_t *ctr,
size_t length, uint8_t *dst,
const uint8_t *src);
#define CTR_CTX(type, size) \
{ type ctx; uint8_t ctr[size]; }
#define CTR_SET_COUNTER(ctx, data) \
memcpy((ctx)->ctr, (data), sizeof((ctx)->ctr))
#define CTR_CRYPT(self, f, length, dst, src) \
(0 ? ((f)(&(self)->ctx, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0)) \
: ctr_crypt((void *) &(self)->ctx, \
(nettle_cipher_func *) (f), \
sizeof((self)->ctr), (self)->ctr, \
(length), (dst), (src)))
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_CTR_H_INCLUDED */

60
include/nettle/curve25519.h Normal file
View File

@@ -0,0 +1,60 @@
/* curve25519.h
Copyright (C) 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_CURVE25519_H
#define NETTLE_CURVE25519_H
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define curve25519_mul_g nettle_curve25519_mul_g
#define curve25519_mul nettle_curve25519_mul
#define CURVE25519_SIZE 32
/* Indicates that curve25519_mul conforms to RFC 7748. */
#define NETTLE_CURVE25519_RFC7748 1
void
curve25519_mul_g (uint8_t *q, const uint8_t *n);
void
curve25519_mul (uint8_t *q, const uint8_t *n, const uint8_t *p);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_CURVE25519_H */

162
include/nettle/des-compat.h Normal file
View File

@@ -0,0 +1,162 @@
/* des-compat.h
The des block cipher, old libdes/openssl-style interface.
Copyright (C) 2001 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_DES_COMPAT_H_INCLUDED
#define NETTLE_DES_COMPAT_H_INCLUDED
/* According to Assar, des_set_key, des_set_key_odd_parity,
* des_is_weak_key, plus the encryption functions (des_*_encrypt and
* des_cbc_cksum) would be a pretty useful subset. */
/* NOTE: This is quite experimental, and not all functions are
* implemented. Contributions, in particular test cases are welcome. */
#include "des.h"
#ifdef __cplusplus
extern "C" {
#endif
/* We use some name mangling, to avoid collisions with either other
* nettle functions or with libcrypto. */
#define des_ecb3_encrypt nettle_openssl_des_ecb3_encrypt
#define des_cbc_cksum nettle_openssl_des_cbc_cksum
#define des_ncbc_encrypt nettle_openssl_des_ncbc_encrypt
#define des_cbc_encrypt nettle_openssl_des_cbc_encrypt
#define des_ecb_encrypt nettle_openssl_des_ecb_encrypt
#define des_ede3_cbc_encrypt nettle_openssl_des_ede3_cbc_encrypt
#define des_set_odd_parity nettle_openssl_des_set_odd_parity
#define des_check_key nettle_openssl_des_check_key
#define des_key_sched nettle_openssl_des_key_sched
#define des_is_weak_key nettle_openssl_des_is_weak_key
/* An extra alias */
#undef des_set_key
#define des_set_key nettle_openssl_des_key_sched
enum { DES_DECRYPT = 0, DES_ENCRYPT = 1 };
/* Types */
typedef uint32_t DES_LONG;
/* Note: Typedef:ed arrays should be avoided, but they're used here
* for compatibility. */
typedef struct des_ctx des_key_schedule[1];
typedef uint8_t des_cblock[DES_BLOCK_SIZE];
/* Note: The proper definition,
typedef const uint8_t const_des_cblock[DES_BLOCK_SIZE];
would have worked, *if* all the prototypes had used arguments like
foo(const_des_cblock src, des_cblock dst), letting argument arrays
"decay" into pointers of type uint8_t * and const uint8_t *.
But since openssl's prototypes use *pointers* const_des_cblock *src,
des_cblock *dst, this ends up in type conflicts, and the workaround
is to not use const at all.
*/
#define const_des_cblock des_cblock
/* Aliases */
#define des_ecb2_encrypt(i,o,k1,k2,e) \
des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
/* Global flag */
extern int des_check_key;
/* Prototypes */
/* Typing is a little confusing. Since both des_cblock and
des_key_schedule are typedef:ed arrays, it automatically decay to
a pointers.
But the functions are declared taking pointers to des_cblock, i.e.
pointers to arrays. And on the other hand, they take plain
des_key_schedule arguments, which is equivalent to pointers to
struct des_ctx. */
void
des_ecb3_encrypt(const_des_cblock *src, des_cblock *dst,
des_key_schedule k1,
des_key_schedule k2,
des_key_schedule k3, int enc);
/* des_cbc_cksum in libdes returns a 32 bit integer, representing the
* latter half of the output block, using little endian byte order. */
uint32_t
des_cbc_cksum(const uint8_t *src, des_cblock *dst,
long length, des_key_schedule ctx,
const_des_cblock *iv);
/* NOTE: Doesn't update iv. */
void
des_cbc_encrypt(const_des_cblock *src, des_cblock *dst, long length,
des_key_schedule ctx, const_des_cblock *iv,
int enc);
/* Similar, but updates iv. */
void
des_ncbc_encrypt(const_des_cblock *src, des_cblock *dst, long length,
des_key_schedule ctx, des_cblock *iv,
int enc);
void
des_ecb_encrypt(const_des_cblock *src, des_cblock *dst,
des_key_schedule ctx, int enc);
void
des_ede3_cbc_encrypt(const_des_cblock *src, des_cblock *dst, long length,
des_key_schedule k1,
des_key_schedule k2,
des_key_schedule k3,
des_cblock *iv,
int enc);
int
des_set_odd_parity(des_cblock *key);
int
des_key_sched(const_des_cblock *key, des_key_schedule ctx);
int
des_is_weak_key(const_des_cblock *key);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_DES_COMPAT_H_INCLUDED */

120
include/nettle/des.h Normal file
View File

@@ -0,0 +1,120 @@
/* des.h
The des block cipher. And triple des.
Copyright (C) 1992 Dana L. How
Copyright (C) 2001 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
/*
* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
* Please see the file `../lib/descore.README' for the complete copyright
* notice.
*
* Slightly edited by Niels Möller, 1997
*/
#ifndef NETTLE_DES_H_INCLUDED
#define NETTLE_DES_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Namespace mangling */
#define des_set_key nettle_des_set_key
#define des_encrypt nettle_des_encrypt
#define des_decrypt nettle_des_decrypt
#define des_check_parity nettle_des_check_parity
#define des_fix_parity nettle_des_fix_parity
#define des3_set_key nettle_des3_set_key
#define des3_encrypt nettle_des3_encrypt
#define des3_decrypt nettle_des3_decrypt
#define DES_KEY_SIZE 8
#define DES_BLOCK_SIZE 8
/* Expanded key length */
#define _DES_KEY_LENGTH 32
struct des_ctx
{
uint32_t key[_DES_KEY_LENGTH];
};
/* Returns 1 for good keys and 0 for weak keys. */
int
des_set_key(struct des_ctx *ctx, const uint8_t *key);
void
des_encrypt(const struct des_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
void
des_decrypt(const struct des_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
int
des_check_parity(size_t length, const uint8_t *key);
void
des_fix_parity(size_t length, uint8_t *dst,
const uint8_t *src);
#define DES3_KEY_SIZE 24
#define DES3_BLOCK_SIZE DES_BLOCK_SIZE
struct des3_ctx
{
struct des_ctx des[3];
};
/* Returns 1 for good keys and 0 for weak keys. */
int
des3_set_key(struct des3_ctx *ctx, const uint8_t *key);
void
des3_encrypt(const struct des3_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
void
des3_decrypt(const struct des3_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_DES_H_INCLUDED */

183
include/nettle/dsa-compat.h Normal file
View File

@@ -0,0 +1,183 @@
/* dsa-compat.h
Old DSA publickey interface.
Copyright (C) 2002, 2013, 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_DSA_COMPAT_H_INCLUDED
#define NETTLE_DSA_COMPAT_H_INCLUDED
#include "dsa.h"
#include "sha1.h"
#include "sha2.h"
/* Name mangling */
#define dsa_public_key_init nettle_dsa_public_key_init
#define dsa_public_key_clear nettle_dsa_public_key_clear
#define dsa_private_key_init nettle_dsa_private_key_init
#define dsa_private_key_clear nettle_dsa_private_key_clear
#define dsa_sha1_sign nettle_dsa_sha1_sign
#define dsa_sha1_verify nettle_dsa_sha1_verify
#define dsa_sha256_sign nettle_dsa_sha256_sign
#define dsa_sha256_verify nettle_dsa_sha256_verify
#define dsa_sha1_sign_digest nettle_dsa_sha1_sign_digest
#define dsa_sha1_verify_digest nettle_dsa_sha1_verify_digest
#define dsa_sha256_sign_digest nettle_dsa_sha256_sign_digest
#define dsa_sha256_verify_digest nettle_dsa_sha256_verify_digest
#define dsa_compat_generate_keypair nettle_dsa_compat_generate_keypair
/* Switch meaning of dsa_generate_keypair */
#undef dsa_generate_keypair
#define dsa_generate_keypair nettle_dsa_compat_generate_keypair
#ifdef __cplusplus
extern "C" {
#endif
struct dsa_public_key
{
/* Same as struct dsa_params, but can't use that struct here without
breaking backwards compatibility. Layout must be identical, since
this is cast to a struct dsa_param pointer for calling _dsa_sign
and _dsa_verify */
mpz_t p;
mpz_t q;
mpz_t g;
/* Public value */
mpz_t y;
};
struct dsa_private_key
{
/* Unlike an rsa public key, private key operations will need both
* the private and the public information. */
mpz_t x;
};
/* Signing a message works as follows:
*
* Store the private key in a dsa_private_key struct.
*
* Initialize a hashing context, by callling
* sha1_init
*
* Hash the message by calling
* sha1_update
*
* Create the signature by calling
* dsa_sha1_sign
*
* The signature is represented as a struct dsa_signature. This call also
* resets the hashing context.
*
* When done with the key and signature, don't forget to call
* dsa_signature_clear.
*/
/* Calls mpz_init to initialize bignum storage. */
void
dsa_public_key_init(struct dsa_public_key *key);
/* Calls mpz_clear to deallocate bignum storage. */
void
dsa_public_key_clear(struct dsa_public_key *key);
/* Calls mpz_init to initialize bignum storage. */
void
dsa_private_key_init(struct dsa_private_key *key);
/* Calls mpz_clear to deallocate bignum storage. */
void
dsa_private_key_clear(struct dsa_private_key *key);
int
dsa_sha1_sign(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
void *random_ctx, nettle_random_func *random,
struct sha1_ctx *hash,
struct dsa_signature *signature);
int
dsa_sha256_sign(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
void *random_ctx, nettle_random_func *random,
struct sha256_ctx *hash,
struct dsa_signature *signature);
int
dsa_sha1_verify(const struct dsa_public_key *key,
struct sha1_ctx *hash,
const struct dsa_signature *signature);
int
dsa_sha256_verify(const struct dsa_public_key *key,
struct sha256_ctx *hash,
const struct dsa_signature *signature);
int
dsa_sha1_sign_digest(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
void *random_ctx, nettle_random_func *random,
const uint8_t *digest,
struct dsa_signature *signature);
int
dsa_sha256_sign_digest(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
void *random_ctx, nettle_random_func *random,
const uint8_t *digest,
struct dsa_signature *signature);
int
dsa_sha1_verify_digest(const struct dsa_public_key *key,
const uint8_t *digest,
const struct dsa_signature *signature);
int
dsa_sha256_verify_digest(const struct dsa_public_key *key,
const uint8_t *digest,
const struct dsa_signature *signature);
/* Key generation */
int
dsa_generate_keypair(struct dsa_public_key *pub,
struct dsa_private_key *key,
void *random_ctx, nettle_random_func *random,
void *progress_ctx, nettle_progress_func *progress,
unsigned p_bits, unsigned q_bits);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_DSA_COMPAT_H_INCLUDED */

216
include/nettle/dsa.h Normal file
View File

@@ -0,0 +1,216 @@
/* dsa.h
The DSA publickey algorithm.
Copyright (C) 2002, 2013, 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_DSA_H_INCLUDED
#define NETTLE_DSA_H_INCLUDED
#include "nettle-types.h"
#include "bignum.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define dsa_params_init nettle_dsa_params_init
#define dsa_params_clear nettle_dsa_params_clear
#define dsa_signature_init nettle_dsa_signature_init
#define dsa_signature_clear nettle_dsa_signature_clear
#define dsa_sign nettle_dsa_sign
#define dsa_verify nettle_dsa_verify
#define dsa_generate_params nettle_dsa_generate_params
#define dsa_generate_keypair nettle_dsa_generate_keypair
#define dsa_signature_from_sexp nettle_dsa_signature_from_sexp
#define dsa_keypair_to_sexp nettle_dsa_keypair_to_sexp
#define dsa_keypair_from_sexp_alist nettle_dsa_keypair_from_sexp_alist
#define dsa_sha1_keypair_from_sexp nettle_dsa_sha1_keypair_from_sexp
#define dsa_sha256_keypair_from_sexp nettle_dsa_sha256_keypair_from_sexp
#define dsa_params_from_der_iterator nettle_dsa_params_from_der_iterator
#define dsa_public_key_from_der_iterator nettle_dsa_public_key_from_der_iterator
#define dsa_openssl_private_key_from_der_iterator nettle_dsa_openssl_private_key_from_der_iterator
#define dsa_openssl_private_key_from_der nettle_openssl_provate_key_from_der
#define _dsa_hash _nettle_dsa_hash
/* For FIPS approved parameters */
#define DSA_SHA1_MIN_P_BITS 512
#define DSA_SHA1_Q_OCTETS 20
#define DSA_SHA1_Q_BITS 160
#define DSA_SHA256_MIN_P_BITS 1024
#define DSA_SHA256_Q_OCTETS 32
#define DSA_SHA256_Q_BITS 256
struct dsa_params
{
/* Modulo */
mpz_t p;
/* Group order */
mpz_t q;
/* Generator */
mpz_t g;
};
void
dsa_params_init (struct dsa_params *params);
void
dsa_params_clear (struct dsa_params *params);
struct dsa_signature
{
mpz_t r;
mpz_t s;
};
/* Calls mpz_init to initialize bignum storage. */
void
dsa_signature_init(struct dsa_signature *signature);
/* Calls mpz_clear to deallocate bignum storage. */
void
dsa_signature_clear(struct dsa_signature *signature);
int
dsa_sign(const struct dsa_params *params,
const mpz_t x,
void *random_ctx, nettle_random_func *random,
size_t digest_size,
const uint8_t *digest,
struct dsa_signature *signature);
int
dsa_verify(const struct dsa_params *params,
const mpz_t y,
size_t digest_size,
const uint8_t *digest,
const struct dsa_signature *signature);
/* Key generation */
int
dsa_generate_params(struct dsa_params *params,
void *random_ctx, nettle_random_func *random,
void *progress_ctx, nettle_progress_func *progress,
unsigned p_bits, unsigned q_bits);
void
dsa_generate_keypair (const struct dsa_params *params,
mpz_t pub, mpz_t key,
void *random_ctx, nettle_random_func *random);
/* Keys in sexp form. */
struct nettle_buffer;
/* Generates a public-key expression if PRIV is NULL .*/
int
dsa_keypair_to_sexp(struct nettle_buffer *buffer,
const char *algorithm_name, /* NULL means "dsa" */
const struct dsa_params *params,
const mpz_t pub,
const mpz_t priv);
struct sexp_iterator;
int
dsa_signature_from_sexp(struct dsa_signature *rs,
struct sexp_iterator *i,
unsigned q_bits);
int
dsa_keypair_from_sexp_alist(struct dsa_params *params,
mpz_t pub,
mpz_t priv,
unsigned p_max_bits,
unsigned q_bits,
struct sexp_iterator *i);
/* If PRIV is NULL, expect a public-key expression. If PUB is NULL,
* expect a private key expression and ignore the parts not needed for
* the public key. */
/* Keys must be initialized before calling this function, as usual. */
int
dsa_sha1_keypair_from_sexp(struct dsa_params *params,
mpz_t pub,
mpz_t priv,
unsigned p_max_bits,
size_t length, const uint8_t *expr);
int
dsa_sha256_keypair_from_sexp(struct dsa_params *params,
mpz_t pub,
mpz_t priv,
unsigned p_max_bits,
size_t length, const uint8_t *expr);
/* Keys in X.509 andd OpenSSL format. */
struct asn1_der_iterator;
int
dsa_params_from_der_iterator(struct dsa_params *params,
unsigned max_bits, unsigned q_bits,
struct asn1_der_iterator *i);
int
dsa_public_key_from_der_iterator(const struct dsa_params *params,
mpz_t pub,
struct asn1_der_iterator *i);
int
dsa_openssl_private_key_from_der_iterator(struct dsa_params *params,
mpz_t pub,
mpz_t priv,
unsigned p_max_bits,
struct asn1_der_iterator *i);
int
dsa_openssl_private_key_from_der(struct dsa_params *params,
mpz_t pub,
mpz_t priv,
unsigned p_max_bits,
size_t length, const uint8_t *data);
/* Internal functions. */
void
_dsa_hash (mpz_t h, unsigned bit_size,
size_t length, const uint8_t *digest);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_DSA_H_INCLUDED */

185
include/nettle/eax.h Normal file
View File

@@ -0,0 +1,185 @@
/* eax.h
EAX mode, see http://www.cs.ucdavis.edu/~rogaway/papers/eax.pdf
Copyright (C) 2013 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_EAX_H_INCLUDED
#define NETTLE_EAX_H_INCLUDED
#include "aes.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define eax_set_key nettle_eax_set_key
#define eax_set_nonce nettle_eax_set_nonce
#define eax_update nettle_eax_update
#define eax_encrypt nettle_eax_encrypt
#define eax_decrypt nettle_eax_decrypt
#define eax_digest nettle_eax_digest
#define eax_aes128_set_key nettle_eax_aes128_set_key
#define eax_aes128_set_nonce nettle_eax_aes128_set_nonce
#define eax_aes128_update nettle_eax_aes128_update
#define eax_aes128_encrypt nettle_eax_aes128_encrypt
#define eax_aes128_decrypt nettle_eax_aes128_decrypt
#define eax_aes128_digest nettle_eax_aes128_digest
/* Restricted to block ciphers with 128 bit block size. FIXME: Reflect
this in naming? */
#define EAX_BLOCK_SIZE 16
#define EAX_DIGEST_SIZE 16
/* FIXME: Reasonable default? */
#define EAX_IV_SIZE 16
/* Values independent of message and nonce */
struct eax_key
{
union nettle_block16 pad_block;
union nettle_block16 pad_partial;
};
struct eax_ctx
{
union nettle_block16 omac_nonce;
union nettle_block16 omac_data;
union nettle_block16 omac_message;
union nettle_block16 ctr;
};
void
eax_set_key (struct eax_key *key, const void *cipher, nettle_cipher_func *f);
void
eax_set_nonce (struct eax_ctx *eax, const struct eax_key *key,
const void *cipher, nettle_cipher_func *f,
size_t nonce_length, const uint8_t *nonce);
void
eax_update (struct eax_ctx *eax, const struct eax_key *key,
const void *cipher, nettle_cipher_func *f,
size_t data_length, const uint8_t *data);
void
eax_encrypt (struct eax_ctx *eax, const struct eax_key *key,
const void *cipher, nettle_cipher_func *f,
size_t length, uint8_t *dst, const uint8_t *src);
void
eax_decrypt (struct eax_ctx *eax, const struct eax_key *key,
const void *cipher, nettle_cipher_func *f,
size_t length, uint8_t *dst, const uint8_t *src);
void
eax_digest (struct eax_ctx *eax, const struct eax_key *key,
const void *cipher, nettle_cipher_func *f,
size_t length, uint8_t *digest);
/* Put the cipher last, to get cipher-independent offsets for the EAX
* state. */
#define EAX_CTX(type) \
{ struct eax_key key; struct eax_ctx eax; type cipher; }
#define EAX_SET_KEY(ctx, set_key, encrypt, data) \
do { \
(set_key)(&(ctx)->cipher, (data)); \
if (0) (encrypt) (&(ctx)->cipher, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0); \
eax_set_key (&(ctx)->key, &(ctx)->cipher, (nettle_cipher_func *) encrypt); \
} while (0)
#define EAX_SET_NONCE(ctx, encrypt, length, nonce) \
(0 ? (encrypt) (&(ctx)->cipher, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0) \
: eax_set_nonce (&(ctx)->eax, &(ctx)->key, \
&(ctx)->cipher, (nettle_cipher_func *) (encrypt), \
(length), (nonce)))
#define EAX_UPDATE(ctx, encrypt, length, data) \
(0 ? (encrypt) (&(ctx)->cipher, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0) \
: eax_update (&(ctx)->eax, &(ctx)->key, \
&(ctx)->cipher, (nettle_cipher_func *) (encrypt), \
(length), (data)))
#define EAX_ENCRYPT(ctx, encrypt, length, dst, src) \
(0 ? (encrypt) (&(ctx)->cipher, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0) \
: eax_encrypt (&(ctx)->eax, &(ctx)->key, \
&(ctx)->cipher, (nettle_cipher_func *) (encrypt), \
(length), (dst), (src)))
#define EAX_DECRYPT(ctx, encrypt, length, dst, src) \
(0 ? (encrypt) (&(ctx)->cipher, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0) \
: eax_decrypt (&(ctx)->eax, &(ctx)->key, \
&(ctx)->cipher, (nettle_cipher_func *) (encrypt), \
(length), (dst), (src)))
#define EAX_DIGEST(ctx, encrypt, length, digest) \
(0 ? (encrypt) (&(ctx)->cipher, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0) \
: eax_digest (&(ctx)->eax, &(ctx)->key, \
&(ctx)->cipher, (nettle_cipher_func *) (encrypt), \
(length), (digest)))
struct eax_aes128_ctx EAX_CTX(struct aes128_ctx);
void
eax_aes128_set_key(struct eax_aes128_ctx *ctx, const uint8_t *key);
void
eax_aes128_set_nonce(struct eax_aes128_ctx *ctx,
size_t length, const uint8_t *iv);
void
eax_aes128_update(struct eax_aes128_ctx *ctx,
size_t length, const uint8_t *data);
void
eax_aes128_encrypt(struct eax_aes128_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
eax_aes128_decrypt(struct eax_aes128_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
eax_aes128_digest(struct eax_aes128_ctx *ctx, size_t length, uint8_t *digest);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_EAX_H_INCLUDED */

71
include/nettle/ecc-curve.h Normal file
View File

@@ -0,0 +1,71 @@
/* ecc-curve.h
Copyright (C) 2013 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
#ifndef NETTLE_ECC_CURVE_H_INCLUDED
#define NETTLE_ECC_CURVE_H_INCLUDED
#ifdef __cplusplus
extern "C" {
#endif
/* The contents of this struct is internal. */
struct ecc_curve;
/* FIXME: Rename with leading underscore. Due to ABI subtleties,
applications should not refer to these directly, but use the below
accessor functions. */
extern const struct ecc_curve nettle_secp_192r1;
extern const struct ecc_curve nettle_secp_224r1;
extern const struct ecc_curve nettle_secp_256r1;
extern const struct ecc_curve nettle_secp_384r1;
extern const struct ecc_curve nettle_secp_521r1;
#ifdef __GNUC__
#define NETTLE_PURE __attribute__((pure))
#else
#define NETTLE_PURE
#endif
const struct ecc_curve * NETTLE_PURE nettle_get_secp_192r1(void);
const struct ecc_curve * NETTLE_PURE nettle_get_secp_224r1(void);
const struct ecc_curve * NETTLE_PURE nettle_get_secp_256r1(void);
const struct ecc_curve * NETTLE_PURE nettle_get_secp_384r1(void);
const struct ecc_curve * NETTLE_PURE nettle_get_secp_521r1(void);
#undef NETTLE_PURE
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_ECC_CURVE_H_INCLUDED */

159
include/nettle/ecc.h Normal file
View File

@@ -0,0 +1,159 @@
/* ecc.h
Copyright (C) 2013 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
#ifndef NETTLE_ECC_H_INCLUDED
#define NETTLE_ECC_H_INCLUDED
#include "nettle-types.h"
#include "bignum.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define ecc_point_init nettle_ecc_point_init
#define ecc_point_clear nettle_ecc_point_clear
#define ecc_point_set nettle_ecc_point_set
#define ecc_point_get nettle_ecc_point_get
#define ecc_point_mul nettle_ecc_point_mul
#define ecc_point_mul_g nettle_ecc_point_mul_g
#define ecc_scalar_init nettle_ecc_scalar_init
#define ecc_scalar_clear nettle_ecc_scalar_clear
#define ecc_scalar_set nettle_ecc_scalar_set
#define ecc_scalar_get nettle_ecc_scalar_get
#define ecc_scalar_random nettle_ecc_scalar_random
#define ecc_point_mul nettle_ecc_point_mul
#define ecc_bit_size nettle_ecc_bit_size
#define ecc_size nettle_ecc_size
#define ecc_size_a nettle_ecc_size_a
#define ecc_size_j nettle_ecc_size_j
struct ecc_curve;
/* High level interface, for ECDSA, DH, etc */
/* Represents a point on the ECC curve */
struct ecc_point
{
const struct ecc_curve *ecc;
/* Allocated using the same allocation function as GMP. */
mp_limb_t *p;
};
/* Represents a non-zero scalar, an element of Z_q^*, where q is the
group order of the curve. */
struct ecc_scalar
{
const struct ecc_curve *ecc;
/* Allocated using the same allocation function as GMP. */
mp_limb_t *p;
};
void
ecc_point_init (struct ecc_point *p, const struct ecc_curve *ecc);
void
ecc_point_clear (struct ecc_point *p);
/* Fails and returns zero if the point is not on the curve. */
int
ecc_point_set (struct ecc_point *p, const mpz_t x, const mpz_t y);
void
ecc_point_get (const struct ecc_point *p, mpz_t x, mpz_t y);
void
ecc_scalar_init (struct ecc_scalar *s, const struct ecc_curve *ecc);
void
ecc_scalar_clear (struct ecc_scalar *s);
/* Fails and returns zero if the scalar is not in the proper range. */
int
ecc_scalar_set (struct ecc_scalar *s, const mpz_t z);
void
ecc_scalar_get (const struct ecc_scalar *s, mpz_t z);
/* Generates a random scalar, suitable as an ECDSA private key or a
ECDH exponent. */
void
ecc_scalar_random (struct ecc_scalar *s,
void *random_ctx, nettle_random_func *random);
/* Computes r = n p */
void
ecc_point_mul (struct ecc_point *r, const struct ecc_scalar *n,
const struct ecc_point *p);
/* Computes r = n g */
void
ecc_point_mul_g (struct ecc_point *r, const struct ecc_scalar *n);
/* Low-level interface */
/* Points on a curve are represented as arrays of mp_limb_t, with
curve-specific representation. For the secp curves, we use Jacobian
coordinates (possibly in Montgomery form for mod multiplication).
For curve25519 we use homogeneous coordinates on an equivalent
Edwards curve. The suffix "_h" denotes this internal
representation.
Since we use additive notation for the groups, the infinity point
on the curve is denoted 0. The infinity point can be represented
with x = y = 0 in affine coordinates, and Z = 0 in Jacobian
coordinates. However, note that most of the ECC functions do *not*
support infinity as an input or output.
*/
/* Returns the bit size of a single coordinate (and of the prime p). */
unsigned
ecc_bit_size (const struct ecc_curve *ecc);
/* Returns the size of a single coordinate. */
mp_size_t
ecc_size (const struct ecc_curve *ecc);
/* Size of a point, using affine coordinates x, y. */
mp_size_t
ecc_size_a (const struct ecc_curve *ecc);
/* Size of a point, using jacobian coordinates X, Y and Z. */
mp_size_t
ecc_size_j (const struct ecc_curve *ecc);
/* FIXME: Define a generic ecc_dup, ecc_add, for any type of curve. Do
they need to handle infinity points? */
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_ECC_H_INCLUDED */

103
include/nettle/ecdsa.h Normal file
View File

@@ -0,0 +1,103 @@
/* ecdsa.h
Copyright (C) 2013 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
#ifndef NETTLE_ECDSA_H_INCLUDED
#define NETTLE_ECDSA_H_INCLUDED
#include "ecc.h"
#include "dsa.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define ecdsa_sign nettle_ecdsa_sign
#define ecdsa_verify nettle_ecdsa_verify
#define ecdsa_generate_keypair nettle_ecdsa_generate_keypair
#define ecc_ecdsa_sign nettle_ecc_ecdsa_sign
#define ecc_ecdsa_sign_itch nettle_ecc_ecdsa_sign_itch
#define ecc_ecdsa_verify nettle_ecc_ecdsa_verify
#define ecc_ecdsa_verify_itch nettle_ecc_ecdsa_verify_itch
/* High level ECDSA functions.
*
* A public key is represented as a struct ecc_point, and a private
* key as a struct ecc_scalar. FIXME: Introduce some aliases? */
void
ecdsa_sign (const struct ecc_scalar *key,
void *random_ctx, nettle_random_func *random,
size_t digest_length,
const uint8_t *digest,
struct dsa_signature *signature);
int
ecdsa_verify (const struct ecc_point *pub,
size_t length, const uint8_t *digest,
const struct dsa_signature *signature);
void
ecdsa_generate_keypair (struct ecc_point *pub,
struct ecc_scalar *key,
void *random_ctx, nettle_random_func *random);
/* Low-level ECDSA functions. */
mp_size_t
ecc_ecdsa_sign_itch (const struct ecc_curve *ecc);
void
ecc_ecdsa_sign (const struct ecc_curve *ecc,
const mp_limb_t *zp,
/* Random nonce, must be invertible mod ecc group
order. */
const mp_limb_t *kp,
size_t length, const uint8_t *digest,
mp_limb_t *rp, mp_limb_t *sp,
mp_limb_t *scratch);
mp_size_t
ecc_ecdsa_verify_itch (const struct ecc_curve *ecc);
int
ecc_ecdsa_verify (const struct ecc_curve *ecc,
const mp_limb_t *pp, /* Public key */
size_t length, const uint8_t *digest,
const mp_limb_t *rp, const mp_limb_t *sp,
mp_limb_t *scratch);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_ECDSA_H_INCLUDED */

149
include/nettle/eddsa.h Normal file
View File

@@ -0,0 +1,149 @@
/* eddsa.h
Copyright (C) 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_EDDSA_H
#define NETTLE_EDDSA_H
#include "nettle-types.h"
#include "bignum.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define ed25519_sha512_set_private_key nettle_ed25519_sha512_set_private_key
#define ed25519_sha512_public_key nettle_ed25519_sha512_public_key
#define ed25519_sha512_sign nettle_ed25519_sha512_sign
#define ed25519_sha512_verify nettle_ed25519_sha512_verify
#define _eddsa_compress _nettle_eddsa_compress
#define _eddsa_compress_itch _nettle_eddsa_compress_itch
#define _eddsa_decompress _nettle_eddsa_decompress
#define _eddsa_decompress_itch _nettle_eddsa_decompress_itch
#define _eddsa_hash _nettle_eddsa_hash
#define _eddsa_expand_key _nettle_eddsa_expand_key
#define _eddsa_sign _nettle_eddsa_sign
#define _eddsa_sign_itch _nettle_eddsa_sign_itch
#define _eddsa_verify _nettle_eddsa_verify
#define _eddsa_verify_itch _nettle_eddsa_verify_itch
#define _eddsa_public_key_itch _nettle_eddsa_public_key_itch
#define _eddsa_public_key _nettle_eddsa_public_key
#define ED25519_KEY_SIZE 32
#define ED25519_SIGNATURE_SIZE 64
void
ed25519_sha512_public_key (uint8_t *pub, const uint8_t *priv);
void
ed25519_sha512_sign (const uint8_t *pub,
const uint8_t *priv,
size_t length, const uint8_t *msg,
uint8_t *signature);
int
ed25519_sha512_verify (const uint8_t *pub,
size_t length, const uint8_t *msg,
const uint8_t *signature);
/* Low-level internal functions */
struct ecc_curve;
struct ecc_modulo;
mp_size_t
_eddsa_compress_itch (const struct ecc_curve *ecc);
void
_eddsa_compress (const struct ecc_curve *ecc, uint8_t *r, mp_limb_t *p,
mp_limb_t *scratch);
mp_size_t
_eddsa_decompress_itch (const struct ecc_curve *ecc);
int
_eddsa_decompress (const struct ecc_curve *ecc, mp_limb_t *p,
const uint8_t *cp,
mp_limb_t *scratch);
void
_eddsa_hash (const struct ecc_modulo *m,
mp_limb_t *rp, const uint8_t *digest);
mp_size_t
_eddsa_sign_itch (const struct ecc_curve *ecc);
void
_eddsa_sign (const struct ecc_curve *ecc,
const struct nettle_hash *H,
const uint8_t *pub,
void *ctx,
const mp_limb_t *k2,
size_t length,
const uint8_t *msg,
uint8_t *signature,
mp_limb_t *scratch);
mp_size_t
_eddsa_verify_itch (const struct ecc_curve *ecc);
int
_eddsa_verify (const struct ecc_curve *ecc,
const struct nettle_hash *H,
const uint8_t *pub,
const mp_limb_t *A,
void *ctx,
size_t length,
const uint8_t *msg,
const uint8_t *signature,
mp_limb_t *scratch);
void
_eddsa_expand_key (const struct ecc_curve *ecc,
const struct nettle_hash *H,
void *ctx,
const uint8_t *key,
uint8_t *digest,
mp_limb_t *k2);
mp_size_t
_eddsa_public_key_itch (const struct ecc_curve *ecc);
void
_eddsa_public_key (const struct ecc_curve *ecc,
const mp_limb_t *k, uint8_t *pub, mp_limb_t *scratch);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_EDDSA_H */

327
include/nettle/gcm.h Normal file
View File

@@ -0,0 +1,327 @@
/* gcm.h
Galois counter mode, specified by NIST,
http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Copyright (C) 2011 Katholieke Universiteit Leuven
Copyright (C) 2011, 2014 Niels Möller
Contributed by Nikos Mavrogiannopoulos
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_GCM_H_INCLUDED
#define NETTLE_GCM_H_INCLUDED
#include "aes.h"
#include "camellia.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define gcm_set_key nettle_gcm_set_key
#define gcm_set_iv nettle_gcm_set_iv
#define gcm_update nettle_gcm_update
#define gcm_encrypt nettle_gcm_encrypt
#define gcm_decrypt nettle_gcm_decrypt
#define gcm_digest nettle_gcm_digest
#define gcm_aes128_set_key nettle_gcm_aes128_set_key
#define gcm_aes128_set_iv nettle_gcm_aes128_set_iv
#define gcm_aes128_update nettle_gcm_aes128_update
#define gcm_aes128_encrypt nettle_gcm_aes128_encrypt
#define gcm_aes128_decrypt nettle_gcm_aes128_decrypt
#define gcm_aes128_digest nettle_gcm_aes128_digest
#define gcm_aes192_set_key nettle_gcm_aes192_set_key
#define gcm_aes192_set_iv nettle_gcm_aes192_set_iv
#define gcm_aes192_update nettle_gcm_aes192_update
#define gcm_aes192_encrypt nettle_gcm_aes192_encrypt
#define gcm_aes192_decrypt nettle_gcm_aes192_decrypt
#define gcm_aes192_digest nettle_gcm_aes192_digest
#define gcm_aes256_set_key nettle_gcm_aes256_set_key
#define gcm_aes256_set_iv nettle_gcm_aes256_set_iv
#define gcm_aes256_update nettle_gcm_aes256_update
#define gcm_aes256_encrypt nettle_gcm_aes256_encrypt
#define gcm_aes256_decrypt nettle_gcm_aes256_decrypt
#define gcm_aes256_digest nettle_gcm_aes256_digest
#define gcm_aes_set_key nettle_gcm_aes_set_key
#define gcm_aes_set_iv nettle_gcm_aes_set_iv
#define gcm_aes_update nettle_gcm_aes_update
#define gcm_aes_encrypt nettle_gcm_aes_encrypt
#define gcm_aes_decrypt nettle_gcm_aes_decrypt
#define gcm_aes_digest nettle_gcm_aes_digest
#define gcm_camellia128_set_key nettle_gcm_camellia128_set_key
#define gcm_camellia128_set_iv nettle_gcm_camellia128_set_iv
#define gcm_camellia128_update nettle_gcm_camellia128_update
#define gcm_camellia128_encrypt nettle_gcm_camellia128_encrypt
#define gcm_camellia128_decrypt nettle_gcm_camellia128_decrypt
#define gcm_camellia128_digest nettle_gcm_camellia128_digest
#define gcm_camellia256_set_key nettle_gcm_camellia256_set_key
#define gcm_camellia256_set_iv nettle_gcm_camellia256_set_iv
#define gcm_camellia256_update nettle_gcm_camellia256_update
#define gcm_camellia256_encrypt nettle_gcm_camellia256_encrypt
#define gcm_camellia256_decrypt nettle_gcm_camellia256_decrypt
#define gcm_camellia256_digest nettle_gcm_camellia256_digest
#define GCM_BLOCK_SIZE 16
#define GCM_IV_SIZE (GCM_BLOCK_SIZE - 4)
#define GCM_DIGEST_SIZE 16
#define GCM_TABLE_BITS 8
/* Hashing subkey */
struct gcm_key
{
union nettle_block16 h[1 << GCM_TABLE_BITS];
};
/* Per-message state, depending on the iv */
struct gcm_ctx {
/* Original counter block */
union nettle_block16 iv;
/* Updated for each block. */
union nettle_block16 ctr;
/* Hashing state */
union nettle_block16 x;
uint64_t auth_size;
uint64_t data_size;
};
void
gcm_set_key(struct gcm_key *key,
const void *cipher, nettle_cipher_func *f);
void
gcm_set_iv(struct gcm_ctx *ctx, const struct gcm_key *key,
size_t length, const uint8_t *iv);
void
gcm_update(struct gcm_ctx *ctx, const struct gcm_key *key,
size_t length, const uint8_t *data);
void
gcm_encrypt(struct gcm_ctx *ctx, const struct gcm_key *key,
const void *cipher, nettle_cipher_func *f,
size_t length, uint8_t *dst, const uint8_t *src);
void
gcm_decrypt(struct gcm_ctx *ctx, const struct gcm_key *key,
const void *cipher, nettle_cipher_func *f,
size_t length, uint8_t *dst, const uint8_t *src);
void
gcm_digest(struct gcm_ctx *ctx, const struct gcm_key *key,
const void *cipher, nettle_cipher_func *f,
size_t length, uint8_t *digest);
/* Convenience macrology (not sure how useful it is) */
/* All-in-one context, with hash subkey, message state, and cipher. */
#define GCM_CTX(type) \
{ struct gcm_key key; struct gcm_ctx gcm; type cipher; }
/* NOTE: Avoid using NULL, as we don't include anything defining it. */
#define GCM_SET_KEY(ctx, set_key, encrypt, gcm_key) \
do { \
(set_key)(&(ctx)->cipher, (gcm_key)); \
if (0) (encrypt)(&(ctx)->cipher, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0); \
gcm_set_key(&(ctx)->key, &(ctx)->cipher, \
(nettle_cipher_func *) (encrypt)); \
} while (0)
#define GCM_SET_IV(ctx, length, data) \
gcm_set_iv(&(ctx)->gcm, &(ctx)->key, (length), (data))
#define GCM_UPDATE(ctx, length, data) \
gcm_update(&(ctx)->gcm, &(ctx)->key, (length), (data))
#define GCM_ENCRYPT(ctx, encrypt, length, dst, src) \
(0 ? (encrypt)(&(ctx)->cipher, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0) \
: gcm_encrypt(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher, \
(nettle_cipher_func *) (encrypt), \
(length), (dst), (src)))
#define GCM_DECRYPT(ctx, encrypt, length, dst, src) \
(0 ? (encrypt)(&(ctx)->cipher, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0) \
: gcm_decrypt(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher, \
(nettle_cipher_func *) (encrypt), \
(length), (dst), (src)))
#define GCM_DIGEST(ctx, encrypt, length, digest) \
(0 ? (encrypt)(&(ctx)->cipher, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0) \
: gcm_digest(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher, \
(nettle_cipher_func *) (encrypt), \
(length), (digest)))
struct gcm_aes128_ctx GCM_CTX(struct aes128_ctx);
void
gcm_aes128_set_key(struct gcm_aes128_ctx *ctx, const uint8_t *key);
/* FIXME: Define _update and _set_iv as some kind of aliaes,
there's nothing aes-specific. */
void
gcm_aes128_update (struct gcm_aes128_ctx *ctx,
size_t length, const uint8_t *data);
void
gcm_aes128_set_iv (struct gcm_aes128_ctx *ctx,
size_t length, const uint8_t *iv);
void
gcm_aes128_encrypt(struct gcm_aes128_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
gcm_aes128_decrypt(struct gcm_aes128_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
gcm_aes128_digest(struct gcm_aes128_ctx *ctx,
size_t length, uint8_t *digest);
struct gcm_aes192_ctx GCM_CTX(struct aes192_ctx);
void
gcm_aes192_set_key(struct gcm_aes192_ctx *ctx, const uint8_t *key);
void
gcm_aes192_update (struct gcm_aes192_ctx *ctx,
size_t length, const uint8_t *data);
void
gcm_aes192_set_iv (struct gcm_aes192_ctx *ctx,
size_t length, const uint8_t *iv);
void
gcm_aes192_encrypt(struct gcm_aes192_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
gcm_aes192_decrypt(struct gcm_aes192_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
gcm_aes192_digest(struct gcm_aes192_ctx *ctx,
size_t length, uint8_t *digest);
struct gcm_aes256_ctx GCM_CTX(struct aes256_ctx);
void
gcm_aes256_set_key(struct gcm_aes256_ctx *ctx, const uint8_t *key);
void
gcm_aes256_update (struct gcm_aes256_ctx *ctx,
size_t length, const uint8_t *data);
void
gcm_aes256_set_iv (struct gcm_aes256_ctx *ctx,
size_t length, const uint8_t *iv);
void
gcm_aes256_encrypt(struct gcm_aes256_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
gcm_aes256_decrypt(struct gcm_aes256_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
gcm_aes256_digest(struct gcm_aes256_ctx *ctx,
size_t length, uint8_t *digest);
/* Old aes interface, for backwards compatibility */
struct gcm_aes_ctx GCM_CTX(struct aes_ctx);
void
gcm_aes_set_key(struct gcm_aes_ctx *ctx,
size_t length, const uint8_t *key);
void
gcm_aes_set_iv(struct gcm_aes_ctx *ctx,
size_t length, const uint8_t *iv);
void
gcm_aes_update(struct gcm_aes_ctx *ctx,
size_t length, const uint8_t *data);
void
gcm_aes_encrypt(struct gcm_aes_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
gcm_aes_decrypt(struct gcm_aes_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void
gcm_aes_digest(struct gcm_aes_ctx *ctx, size_t length, uint8_t *digest);
struct gcm_camellia128_ctx GCM_CTX(struct camellia128_ctx);
void gcm_camellia128_set_key(struct gcm_camellia128_ctx *ctx,
const uint8_t *key);
void gcm_camellia128_set_iv(struct gcm_camellia128_ctx *ctx,
size_t length, const uint8_t *iv);
void gcm_camellia128_update(struct gcm_camellia128_ctx *ctx,
size_t length, const uint8_t *data);
void gcm_camellia128_encrypt(struct gcm_camellia128_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void gcm_camellia128_decrypt(struct gcm_camellia128_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void gcm_camellia128_digest(struct gcm_camellia128_ctx *ctx,
size_t length, uint8_t *digest);
struct gcm_camellia256_ctx GCM_CTX(struct camellia256_ctx);
void gcm_camellia256_set_key(struct gcm_camellia256_ctx *ctx,
const uint8_t *key);
void gcm_camellia256_set_iv(struct gcm_camellia256_ctx *ctx,
size_t length, const uint8_t *iv);
void gcm_camellia256_update(struct gcm_camellia256_ctx *ctx,
size_t length, const uint8_t *data);
void gcm_camellia256_encrypt(struct gcm_camellia256_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void gcm_camellia256_decrypt(struct gcm_camellia256_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void gcm_camellia256_digest(struct gcm_camellia256_ctx *ctx,
size_t length, uint8_t *digest);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_GCM_H_INCLUDED */

98
include/nettle/gosthash94.h Normal file
View File

@@ -0,0 +1,98 @@
/* gosthash94.h
The GOST R 34.11-94 hash function, described in RFC 5831.
Copyright (C) 2012 Nikos Mavrogiannopoulos, Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
/* Based on rhash gost.h. */
/* Copyright: 2009-2012 Aleksey Kravchenko <rhash.admin@gmail.com>
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
/*
* Ported to nettle by Nikos Mavrogiannopoulos.
*/
#ifndef NETTLE_GOSTHASH94_H_INCLUDED
#define NETTLE_GOSTHASH94_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
#define gosthash94_init nettle_gosthash94_init
#define gosthash94_update nettle_gosthash94_update
#define gosthash94_digest nettle_gosthash94_digest
#define GOSTHASH94_BLOCK_SIZE 32
#define GOSTHASH94_DIGEST_SIZE 32
/* For backwards compatibility */
#define GOSTHASH94_DATA_SIZE GOSTHASH94_BLOCK_SIZE
struct gosthash94_ctx
{
uint32_t hash[8]; /* algorithm 256-bit state */
uint32_t sum[8]; /* sum of processed message blocks */
uint8_t message[GOSTHASH94_BLOCK_SIZE]; /* 256-bit buffer for leftovers */
uint64_t length; /* number of processed bytes */
};
void gosthash94_init(struct gosthash94_ctx *ctx);
void gosthash94_update(struct gosthash94_ctx *ctx,
size_t length, const uint8_t *msg);
void gosthash94_digest(struct gosthash94_ctx *ctx,
size_t length, uint8_t *result);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_GOSTHASH94_H_INCLUDED */

67
include/nettle/hkdf.h Normal file
View File

@@ -0,0 +1,67 @@
/* hkdf.h
TLS PRF code (RFC-5246, RFC-2246).
Copyright (C) 2017 Red Hat, Inc.
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_HKDF_H_INCLUDED
#define NETTLE_HKDF_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Namespace mangling */
#define hkdf_extract nettle_hkdf_extract
#define hkdf_expand nettle_hkdf_expand
void
hkdf_extract(void *mac_ctx,
nettle_hash_update_func *update,
nettle_hash_digest_func *digest,
size_t digest_size,
size_t secret_size, const uint8_t *secret,
uint8_t *dst);
void
hkdf_expand(void *mac_ctx,
nettle_hash_update_func *update,
nettle_hash_digest_func *digest,
size_t digest_size,
size_t info_size, const uint8_t *info,
size_t length, uint8_t *dst);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_HKDF_H_INCLUDED */

210
include/nettle/hmac.h Normal file
View File

@@ -0,0 +1,210 @@
/* hmac.h
HMAC message authentication code (RFC-2104).
Copyright (C) 2001, 2002 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_HMAC_H_INCLUDED
#define NETTLE_HMAC_H_INCLUDED
#include "nettle-meta.h"
#include "md5.h"
#include "ripemd160.h"
#include "sha1.h"
#include "sha2.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Namespace mangling */
#define hmac_set_key nettle_hmac_set_key
#define hmac_update nettle_hmac_update
#define hmac_digest nettle_hmac_digest
#define hmac_md5_set_key nettle_hmac_md5_set_key
#define hmac_md5_update nettle_hmac_md5_update
#define hmac_md5_digest nettle_hmac_md5_digest
#define hmac_ripemd160_set_key nettle_hmac_ripemd160_set_key
#define hmac_ripemd160_update nettle_hmac_ripemd160_update
#define hmac_ripemd160_digest nettle_hmac_ripemd160_digest
#define hmac_sha1_set_key nettle_hmac_sha1_set_key
#define hmac_sha1_update nettle_hmac_sha1_update
#define hmac_sha1_digest nettle_hmac_sha1_digest
#define hmac_sha224_set_key nettle_hmac_sha224_set_key
#define hmac_sha224_digest nettle_hmac_sha224_digest
#define hmac_sha256_set_key nettle_hmac_sha256_set_key
#define hmac_sha256_update nettle_hmac_sha256_update
#define hmac_sha256_digest nettle_hmac_sha256_digest
#define hmac_sha384_set_key nettle_hmac_sha384_set_key
#define hmac_sha384_digest nettle_hmac_sha384_digest
#define hmac_sha512_set_key nettle_hmac_sha512_set_key
#define hmac_sha512_update nettle_hmac_sha512_update
#define hmac_sha512_digest nettle_hmac_sha512_digest
void
hmac_set_key(void *outer, void *inner, void *state,
const struct nettle_hash *hash,
size_t length, const uint8_t *key);
/* This function is not strictly needed, it's s just the same as the
* hash update function. */
void
hmac_update(void *state,
const struct nettle_hash *hash,
size_t length, const uint8_t *data);
void
hmac_digest(const void *outer, const void *inner, void *state,
const struct nettle_hash *hash,
size_t length, uint8_t *digest);
#define HMAC_CTX(type) \
{ type outer; type inner; type state; }
#define HMAC_SET_KEY(ctx, hash, length, key) \
hmac_set_key( &(ctx)->outer, &(ctx)->inner, &(ctx)->state, \
(hash), (length), (key) )
#define HMAC_DIGEST(ctx, hash, length, digest) \
hmac_digest( &(ctx)->outer, &(ctx)->inner, &(ctx)->state, \
(hash), (length), (digest) )
/* HMAC using specific hash functions */
/* hmac-md5 */
struct hmac_md5_ctx HMAC_CTX(struct md5_ctx);
void
hmac_md5_set_key(struct hmac_md5_ctx *ctx,
size_t key_length, const uint8_t *key);
void
hmac_md5_update(struct hmac_md5_ctx *ctx,
size_t length, const uint8_t *data);
void
hmac_md5_digest(struct hmac_md5_ctx *ctx,
size_t length, uint8_t *digest);
/* hmac-ripemd160 */
struct hmac_ripemd160_ctx HMAC_CTX(struct ripemd160_ctx);
void
hmac_ripemd160_set_key(struct hmac_ripemd160_ctx *ctx,
size_t key_length, const uint8_t *key);
void
hmac_ripemd160_update(struct hmac_ripemd160_ctx *ctx,
size_t length, const uint8_t *data);
void
hmac_ripemd160_digest(struct hmac_ripemd160_ctx *ctx,
size_t length, uint8_t *digest);
/* hmac-sha1 */
struct hmac_sha1_ctx HMAC_CTX(struct sha1_ctx);
void
hmac_sha1_set_key(struct hmac_sha1_ctx *ctx,
size_t key_length, const uint8_t *key);
void
hmac_sha1_update(struct hmac_sha1_ctx *ctx,
size_t length, const uint8_t *data);
void
hmac_sha1_digest(struct hmac_sha1_ctx *ctx,
size_t length, uint8_t *digest);
/* hmac-sha256 */
struct hmac_sha256_ctx HMAC_CTX(struct sha256_ctx);
void
hmac_sha256_set_key(struct hmac_sha256_ctx *ctx,
size_t key_length, const uint8_t *key);
void
hmac_sha256_update(struct hmac_sha256_ctx *ctx,
size_t length, const uint8_t *data);
void
hmac_sha256_digest(struct hmac_sha256_ctx *ctx,
size_t length, uint8_t *digest);
/* hmac-sha224 */
#define hmac_sha224_ctx hmac_sha256_ctx
void
hmac_sha224_set_key(struct hmac_sha224_ctx *ctx,
size_t key_length, const uint8_t *key);
#define hmac_sha224_update nettle_hmac_sha256_update
void
hmac_sha224_digest(struct hmac_sha224_ctx *ctx,
size_t length, uint8_t *digest);
/* hmac-sha512 */
struct hmac_sha512_ctx HMAC_CTX(struct sha512_ctx);
void
hmac_sha512_set_key(struct hmac_sha512_ctx *ctx,
size_t key_length, const uint8_t *key);
void
hmac_sha512_update(struct hmac_sha512_ctx *ctx,
size_t length, const uint8_t *data);
void
hmac_sha512_digest(struct hmac_sha512_ctx *ctx,
size_t length, uint8_t *digest);
/* hmac-sha384 */
#define hmac_sha384_ctx hmac_sha512_ctx
void
hmac_sha384_set_key(struct hmac_sha512_ctx *ctx,
size_t key_length, const uint8_t *key);
#define hmac_sha384_update nettle_hmac_sha512_update
void
hmac_sha384_digest(struct hmac_sha512_ctx *ctx,
size_t length, uint8_t *digest);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_HMAC_H_INCLUDED */

80
include/nettle/knuth-lfib.h Normal file
View File

@@ -0,0 +1,80 @@
/* knuth-lfib.h
The "lagged fibonacci" pseudorandomness generator, described in
Knuth, TAoCP, 3.6
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
/* NOTE: This generator is totally inappropriate for cryptographic
* applications. It is useful for generating deterministic but
* random-looking test data, and is used by the Nettle testsuite. */
#ifndef NETTLE_KNUTH_LFIB_H_INCLUDED
#define NETTLE_KNUTH_LFIB_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Namespace mangling */
#define knuth_lfib_init nettle_knuth_lfib_init
#define knuth_lfib_get nettle_knuth_lfib_get
#define knuth_lfib_get_array nettle_knuth_lfib_get_array
#define knuth_lfib_random nettle_knuth_lfib_random
#define _KNUTH_LFIB_KK 100
struct knuth_lfib_ctx
{
uint32_t x[_KNUTH_LFIB_KK];
unsigned index;
};
void
knuth_lfib_init(struct knuth_lfib_ctx *ctx, uint32_t seed);
/* Get's a single number in the range 0 ... 2^30-1 */
uint32_t
knuth_lfib_get(struct knuth_lfib_ctx *ctx);
/* Get an array of numbers */
void
knuth_lfib_get_array(struct knuth_lfib_ctx *ctx,
size_t n, uint32_t *a);
/* Get an array of octets. */
void
knuth_lfib_random(struct knuth_lfib_ctx *ctx,
size_t n, uint8_t *dst);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_KNUTH_LFIB_H_INCLUDED */

245
include/nettle/macros.h Normal file
View File

@@ -0,0 +1,245 @@
/* macros.h
Copyright (C) 2001, 2010 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_MACROS_H_INCLUDED
#define NETTLE_MACROS_H_INCLUDED
/* Reads a 64-bit integer, in network, big-endian, byte order */
#define READ_UINT64(p) \
( (((uint64_t) (p)[0]) << 56) \
| (((uint64_t) (p)[1]) << 48) \
| (((uint64_t) (p)[2]) << 40) \
| (((uint64_t) (p)[3]) << 32) \
| (((uint64_t) (p)[4]) << 24) \
| (((uint64_t) (p)[5]) << 16) \
| (((uint64_t) (p)[6]) << 8) \
| ((uint64_t) (p)[7]))
#define WRITE_UINT64(p, i) \
do { \
(p)[0] = ((i) >> 56) & 0xff; \
(p)[1] = ((i) >> 48) & 0xff; \
(p)[2] = ((i) >> 40) & 0xff; \
(p)[3] = ((i) >> 32) & 0xff; \
(p)[4] = ((i) >> 24) & 0xff; \
(p)[5] = ((i) >> 16) & 0xff; \
(p)[6] = ((i) >> 8) & 0xff; \
(p)[7] = (i) & 0xff; \
} while(0)
/* Reads a 32-bit integer, in network, big-endian, byte order */
#define READ_UINT32(p) \
( (((uint32_t) (p)[0]) << 24) \
| (((uint32_t) (p)[1]) << 16) \
| (((uint32_t) (p)[2]) << 8) \
| ((uint32_t) (p)[3]))
#define WRITE_UINT32(p, i) \
do { \
(p)[0] = ((i) >> 24) & 0xff; \
(p)[1] = ((i) >> 16) & 0xff; \
(p)[2] = ((i) >> 8) & 0xff; \
(p)[3] = (i) & 0xff; \
} while(0)
/* Analogous macros, for 24 and 16 bit numbers */
#define READ_UINT24(p) \
( (((uint32_t) (p)[0]) << 16) \
| (((uint32_t) (p)[1]) << 8) \
| ((uint32_t) (p)[2]))
#define WRITE_UINT24(p, i) \
do { \
(p)[0] = ((i) >> 16) & 0xff; \
(p)[1] = ((i) >> 8) & 0xff; \
(p)[2] = (i) & 0xff; \
} while(0)
#define READ_UINT16(p) \
( (((uint32_t) (p)[0]) << 8) \
| ((uint32_t) (p)[1]))
#define WRITE_UINT16(p, i) \
do { \
(p)[0] = ((i) >> 8) & 0xff; \
(p)[1] = (i) & 0xff; \
} while(0)
/* And the other, little-endian, byteorder */
#define LE_READ_UINT64(p) \
( (((uint64_t) (p)[7]) << 56) \
| (((uint64_t) (p)[6]) << 48) \
| (((uint64_t) (p)[5]) << 40) \
| (((uint64_t) (p)[4]) << 32) \
| (((uint64_t) (p)[3]) << 24) \
| (((uint64_t) (p)[2]) << 16) \
| (((uint64_t) (p)[1]) << 8) \
| ((uint64_t) (p)[0]))
#define LE_WRITE_UINT64(p, i) \
do { \
(p)[7] = ((i) >> 56) & 0xff; \
(p)[6] = ((i) >> 48) & 0xff; \
(p)[5] = ((i) >> 40) & 0xff; \
(p)[4] = ((i) >> 32) & 0xff; \
(p)[3] = ((i) >> 24) & 0xff; \
(p)[2] = ((i) >> 16) & 0xff; \
(p)[1] = ((i) >> 8) & 0xff; \
(p)[0] = (i) & 0xff; \
} while (0)
#define LE_READ_UINT32(p) \
( (((uint32_t) (p)[3]) << 24) \
| (((uint32_t) (p)[2]) << 16) \
| (((uint32_t) (p)[1]) << 8) \
| ((uint32_t) (p)[0]))
#define LE_WRITE_UINT32(p, i) \
do { \
(p)[3] = ((i) >> 24) & 0xff; \
(p)[2] = ((i) >> 16) & 0xff; \
(p)[1] = ((i) >> 8) & 0xff; \
(p)[0] = (i) & 0xff; \
} while(0)
/* Analogous macros, for 16 bit numbers */
#define LE_READ_UINT16(p) \
( (((uint32_t) (p)[1]) << 8) \
| ((uint32_t) (p)[0]))
#define LE_WRITE_UINT16(p, i) \
do { \
(p)[1] = ((i) >> 8) & 0xff; \
(p)[0] = (i) & 0xff; \
} while(0)
/* Macro to make it easier to loop over several blocks. */
#define FOR_BLOCKS(length, dst, src, blocksize) \
assert( !((length) % (blocksize))); \
for (; (length); ((length) -= (blocksize), \
(dst) += (blocksize), \
(src) += (blocksize)) )
/* The masking of the right shift is needed to allow n == 0 (using
just 32 - n and 64 - n results in undefined behaviour). Most uses
of these macros use a constant and non-zero rotation count. */
#define ROTL32(n,x) (((x)<<(n)) | ((x)>>((-(n)&31))))
#define ROTL64(n,x) (((x)<<(n)) | ((x)>>((-(n))&63)))
/* Requires that size > 0 */
#define INCREMENT(size, ctr) \
do { \
unsigned increment_i = (size) - 1; \
if (++(ctr)[increment_i] == 0) \
while (increment_i > 0 \
&& ++(ctr)[--increment_i] == 0 ) \
; \
} while (0)
/* Helper macro for Merkle-Damgård hash functions. Assumes the context
structs includes the following fields:
uint8_t block[...]; // Buffer holding one block
unsigned int index; // Index into block
*/
/* Currently used by sha512 (and sha384) only. */
#define MD_INCR(ctx) ((ctx)->count_high += !++(ctx)->count_low)
/* Takes the compression function f as argument. NOTE: also clobbers
length and data. */
#define MD_UPDATE(ctx, length, data, f, incr) \
do { \
if ((ctx)->index) \
{ \
/* Try to fill partial block */ \
unsigned __md_left = sizeof((ctx)->block) - (ctx)->index; \
if ((length) < __md_left) \
{ \
memcpy((ctx)->block + (ctx)->index, (data), (length)); \
(ctx)->index += (length); \
goto __md_done; /* Finished */ \
} \
else \
{ \
memcpy((ctx)->block + (ctx)->index, (data), __md_left); \
\
f((ctx), (ctx)->block); \
(incr); \
\
(data) += __md_left; \
(length) -= __md_left; \
} \
} \
while ((length) >= sizeof((ctx)->block)) \
{ \
f((ctx), (data)); \
(incr); \
\
(data) += sizeof((ctx)->block); \
(length) -= sizeof((ctx)->block); \
} \
memcpy ((ctx)->block, (data), (length)); \
(ctx)->index = (length); \
__md_done: \
; \
} while (0)
/* Pads the block to a block boundary with the bit pattern 1 0*,
leaving size octets for the length field at the end. If needed,
compresses the block and starts a new one. */
#define MD_PAD(ctx, size, f) \
do { \
unsigned __md_i; \
__md_i = (ctx)->index; \
\
/* Set the first char of padding to 0x80. This is safe since there \
is always at least one byte free */ \
\
assert(__md_i < sizeof((ctx)->block)); \
(ctx)->block[__md_i++] = 0x80; \
\
if (__md_i > (sizeof((ctx)->block) - (size))) \
{ /* No room for length in this block. Process it and \
pad with another one */ \
memset((ctx)->block + __md_i, 0, sizeof((ctx)->block) - __md_i); \
\
f((ctx), (ctx)->block); \
__md_i = 0; \
} \
memset((ctx)->block + __md_i, 0, \
sizeof((ctx)->block) - (size) - __md_i); \
\
} while (0)
#endif /* NETTLE_MACROS_H_INCLUDED */

79
include/nettle/md2.h Normal file
View File

@@ -0,0 +1,79 @@
/* md2.h
The MD2 hash function, described in RFC 1319.
Copyright (C) 2003 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_MD2_H_INCLUDED
#define NETTLE_MD2_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define md2_init nettle_md2_init
#define md2_update nettle_md2_update
#define md2_digest nettle_md2_digest
#define MD2_DIGEST_SIZE 16
#define MD2_BLOCK_SIZE 16
/* For backwards compatibility */
#define MD2_DATA_SIZE MD2_BLOCK_SIZE
struct md2_ctx
{
uint8_t C[MD2_BLOCK_SIZE];
uint8_t X[3 * MD2_BLOCK_SIZE];
uint8_t block[MD2_BLOCK_SIZE]; /* Block buffer */
unsigned index; /* Into buffer */
};
void
md2_init(struct md2_ctx *ctx);
void
md2_update(struct md2_ctx *ctx,
size_t length,
const uint8_t *data);
void
md2_digest(struct md2_ctx *ctx,
size_t length,
uint8_t *digest);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_MD2_H_INCLUDED */

83
include/nettle/md4.h Normal file
View File

@@ -0,0 +1,83 @@
/* md4.h
The MD4 hash function, described in RFC 1320.
Copyright (C) 2003 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_MD4_H_INCLUDED
#define NETTLE_MD4_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define md4_init nettle_md4_init
#define md4_update nettle_md4_update
#define md4_digest nettle_md4_digest
#define MD4_DIGEST_SIZE 16
#define MD4_BLOCK_SIZE 64
/* For backwards compatibility */
#define MD4_DATA_SIZE MD4_BLOCK_SIZE
/* Digest is kept internally as 4 32-bit words. */
#define _MD4_DIGEST_LENGTH 4
/* FIXME: Identical to md5_ctx */
struct md4_ctx
{
uint32_t state[_MD4_DIGEST_LENGTH];
uint64_t count; /* Block count */
uint8_t block[MD4_BLOCK_SIZE]; /* Block buffer */
unsigned index; /* Into buffer */
};
void
md4_init(struct md4_ctx *ctx);
void
md4_update(struct md4_ctx *ctx,
size_t length,
const uint8_t *data);
void
md4_digest(struct md4_ctx *ctx,
size_t length,
uint8_t *digest);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_MD4_H_INCLUDED */

58
include/nettle/md5-compat.h Normal file
View File

@@ -0,0 +1,58 @@
/* md5-compat.h
The md5 hash function, RFC 1321-style interface.
Copyright (C) 2001 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_MD5_COMPAT_H_INCLUDED
#define NETTLE_MD5_COMPAT_H_INCLUDED
#include "md5.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define MD5Init nettle_MD5Init
#define MD5Update nettle_MD5Update
#define MD5Final nettle_MD5Final
typedef struct md5_ctx MD5_CTX;
void MD5Init(MD5_CTX *ctx);
void MD5Update(MD5_CTX *ctx, const unsigned char *data, unsigned int length);
void MD5Final(unsigned char *out, MD5_CTX *ctx);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_MD5_COMPAT_H_INCLUDED */

86
include/nettle/md5.h Normal file
View File

@@ -0,0 +1,86 @@
/* md5.h
The MD5 hash function, described in RFC 1321.
Copyright (C) 2001 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_MD5_H_INCLUDED
#define NETTLE_MD5_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define md5_init nettle_md5_init
#define md5_update nettle_md5_update
#define md5_digest nettle_md5_digest
#define MD5_DIGEST_SIZE 16
#define MD5_BLOCK_SIZE 64
/* For backwards compatibility */
#define MD5_DATA_SIZE MD5_BLOCK_SIZE
/* Digest is kept internally as 4 32-bit words. */
#define _MD5_DIGEST_LENGTH 4
struct md5_ctx
{
uint32_t state[_MD5_DIGEST_LENGTH];
uint64_t count; /* Block count */
uint8_t block[MD5_BLOCK_SIZE]; /* Block buffer */
unsigned index; /* Into buffer */
};
void
md5_init(struct md5_ctx *ctx);
void
md5_update(struct md5_ctx *ctx,
size_t length,
const uint8_t *data);
void
md5_digest(struct md5_ctx *ctx,
size_t length,
uint8_t *digest);
/* Internal compression function. STATE points to 4 uint32_t words,
and DATA points to 64 bytes of input data, possibly unaligned. */
void
_nettle_md5_compress(uint32_t *state, const uint8_t *data);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_MD5_H_INCLUDED */

57
include/nettle/memops.h Normal file
View File

@@ -0,0 +1,57 @@
/* memops.h
Copyright (C) 2016 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_MEMOPS_H_INCLUDED
#define NETTLE_MEMOPS_H_INCLUDED
#include "memxor.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define cnd_memcpy nettle_cnd_memcpy
#define memeql_sec nettle_memeql_sec
int
memeql_sec (const void *a, const void *b, size_t n);
/* Side-channel silent conditional memcpy. cnd must be 0 (nop) or 1
(copy). */
void
cnd_memcpy(int cnd, volatile void *dst, const volatile void *src, size_t n);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_MEMOPS_H_INCLUDED */

25
include/nettle/memxor.h Normal file
View File

@@ -0,0 +1,25 @@
/* memxor.h
*
*/
#ifndef NETTLE_MEMXOR_H_INCLUDED
#define NETTLE_MEMXOR_H_INCLUDED
#include <stdlib.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define memxor nettle_memxor
#define memxor3 nettle_memxor3
void *memxor(void *dst, const void *src, size_t n);
void *memxor3(void *dst, const void *a, const void *b, size_t n);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_MEMXOR_H_INCLUDED */

277
include/nettle/nettle-meta.h Normal file
View File

@@ -0,0 +1,277 @@
/* nettle-meta.h
Information about algorithms.
Copyright (C) 2002, 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_META_H_INCLUDED
#define NETTLE_META_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
struct nettle_cipher
{
const char *name;
unsigned context_size;
/* Zero for stream ciphers */
unsigned block_size;
/* Suggested key size; other sizes are sometimes possible. */
unsigned key_size;
nettle_set_key_func *set_encrypt_key;
nettle_set_key_func *set_decrypt_key;
nettle_cipher_func *encrypt;
nettle_cipher_func *decrypt;
};
/* FIXME: Rename with leading underscore, but keep current name (and
size!) for now, for ABI compatibility with nettle-3.1, soname
libnettle.so.6. */
/* null-terminated list of ciphers implemented by this version of nettle */
extern const struct nettle_cipher * const nettle_ciphers[];
const struct nettle_cipher * const *
#ifdef __GNUC__
__attribute__((pure))
#endif
nettle_get_ciphers (void);
#define nettle_ciphers (nettle_get_ciphers())
extern const struct nettle_cipher nettle_aes128;
extern const struct nettle_cipher nettle_aes192;
extern const struct nettle_cipher nettle_aes256;
extern const struct nettle_cipher nettle_camellia128;
extern const struct nettle_cipher nettle_camellia192;
extern const struct nettle_cipher nettle_camellia256;
extern const struct nettle_cipher nettle_cast128;
extern const struct nettle_cipher nettle_serpent128;
extern const struct nettle_cipher nettle_serpent192;
extern const struct nettle_cipher nettle_serpent256;
extern const struct nettle_cipher nettle_twofish128;
extern const struct nettle_cipher nettle_twofish192;
extern const struct nettle_cipher nettle_twofish256;
extern const struct nettle_cipher nettle_arctwo40;
extern const struct nettle_cipher nettle_arctwo64;
extern const struct nettle_cipher nettle_arctwo128;
extern const struct nettle_cipher nettle_arctwo_gutmann128;
struct nettle_hash
{
const char *name;
/* Size of the context struct */
unsigned context_size;
/* Size of digests */
unsigned digest_size;
/* Internal block size */
unsigned block_size;
nettle_hash_init_func *init;
nettle_hash_update_func *update;
nettle_hash_digest_func *digest;
};
#define _NETTLE_HASH(name, NAME) { \
#name, \
sizeof(struct name##_ctx), \
NAME##_DIGEST_SIZE, \
NAME##_BLOCK_SIZE, \
(nettle_hash_init_func *) name##_init, \
(nettle_hash_update_func *) name##_update, \
(nettle_hash_digest_func *) name##_digest \
}
/* FIXME: Rename with leading underscore, but keep current name (and
size!) for now, for ABI compatibility with nettle-3.1, soname
libnettle.so.6. */
/* null-terminated list of digests implemented by this version of nettle */
extern const struct nettle_hash * const nettle_hashes[];
const struct nettle_hash * const *
#ifdef __GNUC__
__attribute__((pure))
#endif
nettle_get_hashes (void);
#define nettle_hashes (nettle_get_hashes())
const struct nettle_hash *
nettle_lookup_hash (const char *name);
extern const struct nettle_hash nettle_md2;
extern const struct nettle_hash nettle_md4;
extern const struct nettle_hash nettle_md5;
extern const struct nettle_hash nettle_gosthash94;
extern const struct nettle_hash nettle_ripemd160;
extern const struct nettle_hash nettle_sha1;
extern const struct nettle_hash nettle_sha224;
extern const struct nettle_hash nettle_sha256;
extern const struct nettle_hash nettle_sha384;
extern const struct nettle_hash nettle_sha512;
extern const struct nettle_hash nettle_sha512_224;
extern const struct nettle_hash nettle_sha512_256;
extern const struct nettle_hash nettle_sha3_224;
extern const struct nettle_hash nettle_sha3_256;
extern const struct nettle_hash nettle_sha3_384;
extern const struct nettle_hash nettle_sha3_512;
struct nettle_aead
{
const char *name;
unsigned context_size;
/* Block size for encrypt and decrypt. */
unsigned block_size;
unsigned key_size;
unsigned nonce_size;
unsigned digest_size;
nettle_set_key_func *set_encrypt_key;
nettle_set_key_func *set_decrypt_key;
nettle_set_key_func *set_nonce;
nettle_hash_update_func *update;
nettle_crypt_func *encrypt;
nettle_crypt_func *decrypt;
/* FIXME: Drop length argument? */
nettle_hash_digest_func *digest;
};
/* FIXME: Rename with leading underscore, but keep current name (and
size!) for now, for ABI compatibility with nettle-3.1, soname
libnettle.so.6. */
/* null-terminated list of aead constructions implemented by this
version of nettle */
extern const struct nettle_aead * const nettle_aeads[];
const struct nettle_aead * const *
#ifdef __GNUC__
__attribute__((pure))
#endif
nettle_get_aeads (void);
#define nettle_aeads (nettle_get_aeads())
extern const struct nettle_aead nettle_gcm_aes128;
extern const struct nettle_aead nettle_gcm_aes192;
extern const struct nettle_aead nettle_gcm_aes256;
extern const struct nettle_aead nettle_gcm_camellia128;
extern const struct nettle_aead nettle_gcm_camellia256;
extern const struct nettle_aead nettle_eax_aes128;
extern const struct nettle_aead nettle_chacha_poly1305;
struct nettle_armor
{
const char *name;
unsigned encode_context_size;
unsigned decode_context_size;
unsigned encode_final_length;
nettle_armor_init_func *encode_init;
nettle_armor_length_func *encode_length;
nettle_armor_encode_update_func *encode_update;
nettle_armor_encode_final_func *encode_final;
nettle_armor_init_func *decode_init;
nettle_armor_length_func *decode_length;
nettle_armor_decode_update_func *decode_update;
nettle_armor_decode_final_func *decode_final;
};
#define _NETTLE_ARMOR(name, NAME) { \
#name, \
sizeof(struct name##_encode_ctx), \
sizeof(struct name##_decode_ctx), \
NAME##_ENCODE_FINAL_LENGTH, \
(nettle_armor_init_func *) name##_encode_init, \
(nettle_armor_length_func *) name##_encode_length, \
(nettle_armor_encode_update_func *) name##_encode_update, \
(nettle_armor_encode_final_func *) name##_encode_final, \
(nettle_armor_init_func *) name##_decode_init, \
(nettle_armor_length_func *) name##_decode_length, \
(nettle_armor_decode_update_func *) name##_decode_update, \
(nettle_armor_decode_final_func *) name##_decode_final, \
}
#define _NETTLE_ARMOR_0(name, NAME) { \
#name, \
0, \
sizeof(struct name##_decode_ctx), \
NAME##_ENCODE_FINAL_LENGTH, \
(nettle_armor_init_func *) name##_encode_init, \
(nettle_armor_length_func *) name##_encode_length, \
(nettle_armor_encode_update_func *) name##_encode_update, \
(nettle_armor_encode_final_func *) name##_encode_final, \
(nettle_armor_init_func *) name##_decode_init, \
(nettle_armor_length_func *) name##_decode_length, \
(nettle_armor_decode_update_func *) name##_decode_update, \
(nettle_armor_decode_final_func *) name##_decode_final, \
}
/* FIXME: Rename with leading underscore, but keep current name (and
size!) for now, for ABI compatibility with nettle-3.1, soname
libnettle.so.6. */
/* null-terminated list of armor schemes implemented by this version of nettle */
extern const struct nettle_armor * const nettle_armors[];
const struct nettle_armor * const *
#ifdef __GNUC__
__attribute__((pure))
#endif
nettle_get_armors (void);
#define nettle_armors (nettle_get_armors())
extern const struct nettle_armor nettle_base64;
extern const struct nettle_armor nettle_base64url;
extern const struct nettle_armor nettle_base16;
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_META_H_INCLUDED */

286
include/nettle/nettle-stdint.h Normal file
View File

@@ -0,0 +1,286 @@
#ifndef __NETTLE_STDINT_H
#define __NETTLE_STDINT_H 1
#ifndef _GENERATED_STDINT_H
#define _GENERATED_STDINT_H " "
/* generated using gnu compiler gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0 */
#define _STDINT_HAVE_STDINT_H 1
/* ................... shortcircuit part ........................... */
#if defined HAVE_STDINT_H || defined _STDINT_HAVE_STDINT_H
#include <stdint.h>
#else
#include <stddef.h>
/* .................... configured part ............................ */
/* whether we have a C99 compatible stdint header file */
/* #undef _STDINT_HEADER_INTPTR */
/* whether we have a C96 compatible inttypes header file */
/* #undef _STDINT_HEADER_UINT32 */
/* whether we have a BSD compatible inet types header */
/* #undef _STDINT_HEADER_U_INT32 */
/* which 64bit typedef has been found */
/* #undef _STDINT_HAVE_UINT64_T */
/* #undef _STDINT_HAVE_U_INT64_T */
/* which type model has been detected */
/* #undef _STDINT_CHAR_MODEL // skipped */
/* #undef _STDINT_LONG_MODEL // skipped */
/* whether int_least types were detected */
/* #undef _STDINT_HAVE_INT_LEAST32_T */
/* whether int_fast types were detected */
/* #undef _STDINT_HAVE_INT_FAST32_T */
/* whether intmax_t type was detected */
/* #undef _STDINT_HAVE_INTMAX_T */
/* .................... detections part ............................ */
/* whether we need to define bitspecific types from compiler base types */
#ifndef _STDINT_HEADER_INTPTR
#ifndef _STDINT_HEADER_UINT32
#ifndef _STDINT_HEADER_U_INT32
#define _STDINT_NEED_INT_MODEL_T
#else
#define _STDINT_HAVE_U_INT_TYPES
#endif
#endif
#endif
#ifdef _STDINT_HAVE_U_INT_TYPES
#undef _STDINT_NEED_INT_MODEL_T
#endif
#ifdef _STDINT_CHAR_MODEL
#if _STDINT_CHAR_MODEL+0 == 122 || _STDINT_CHAR_MODEL+0 == 124
#ifndef _STDINT_BYTE_MODEL
#define _STDINT_BYTE_MODEL 12
#endif
#endif
#endif
#ifndef _STDINT_HAVE_INT_LEAST32_T
#define _STDINT_NEED_INT_LEAST_T
#endif
#ifndef _STDINT_HAVE_INT_FAST32_T
#define _STDINT_NEED_INT_FAST_T
#endif
#ifndef _STDINT_HEADER_INTPTR
#define _STDINT_NEED_INTPTR_T
#ifndef _STDINT_HAVE_INTMAX_T
#define _STDINT_NEED_INTMAX_T
#endif
#endif
/* .................... definition part ............................ */
/* some system headers have good uint64_t */
#ifndef _HAVE_UINT64_T
#if defined _STDINT_HAVE_UINT64_T || defined HAVE_UINT64_T
#define _HAVE_UINT64_T
#elif defined _STDINT_HAVE_U_INT64_T || defined HAVE_U_INT64_T
#define _HAVE_UINT64_T
typedef u_int64_t uint64_t;
#endif
#endif
#ifndef _HAVE_UINT64_T
/* .. here are some common heuristics using compiler runtime specifics */
#if defined __STDC_VERSION__ && defined __STDC_VERSION__ >= 199901L
#define _HAVE_UINT64_T
typedef long long int64_t;
typedef unsigned long long uint64_t;
#elif !defined __STRICT_ANSI__
#if defined _MSC_VER || defined __WATCOMC__ || defined __BORLANDC__
#define _HAVE_UINT64_T
typedef __int64 int64_t;
typedef unsigned __int64 uint64_t;
#elif defined __GNUC__ || defined __MWERKS__ || defined __ELF__
/* note: all ELF-systems seem to have loff-support which needs 64-bit */
#if !defined _NO_LONGLONG
#define _HAVE_UINT64_T
typedef long long int64_t;
typedef unsigned long long uint64_t;
#endif
#elif defined __alpha || (defined __mips && defined _ABIN32)
#if !defined _NO_LONGLONG
typedef long int64_t;
typedef unsigned long uint64_t;
#endif
/* compiler/cpu type to define int64_t */
#endif
#endif
#endif
#if defined _STDINT_HAVE_U_INT_TYPES
/* int8_t int16_t int32_t defined by inet code, redeclare the u_intXX types */
typedef u_int8_t uint8_t;
typedef u_int16_t uint16_t;
typedef u_int32_t uint32_t;
/* glibc compatibility */
#ifndef __int8_t_defined
#define __int8_t_defined
#endif
#endif
#ifdef _STDINT_NEED_INT_MODEL_T
/* we must guess all the basic types. Apart from byte-adressable system, */
/* there a few 32-bit-only dsp-systems that we guard with BYTE_MODEL 8-} */
/* (btw, those nibble-addressable systems are way off, or so we assume) */
#if defined _STDINT_BYTE_MODEL
#if _STDINT_LONG_MODEL+0 == 242
/* 2:4:2 = IP16 = a normal 16-bit system */
typedef unsigned char uint8_t;
typedef unsigned short uint16_t;
typedef unsigned long uint32_t;
#ifndef __int8_t_defined
#define __int8_t_defined
typedef char int8_t;
typedef short int16_t;
typedef long int32_t;
#endif
#elif _STDINT_LONG_MODEL+0 == 244 || _STDINT_LONG_MODEL == 444
/* 2:4:4 = LP32 = a 32-bit system derived from a 16-bit */
/* 4:4:4 = ILP32 = a normal 32-bit system */
typedef unsigned char uint8_t;
typedef unsigned short uint16_t;
typedef unsigned int uint32_t;
#ifndef __int8_t_defined
#define __int8_t_defined
typedef char int8_t;
typedef short int16_t;
typedef int int32_t;
#endif
#elif _STDINT_LONG_MODEL+0 == 484 || _STDINT_LONG_MODEL+0 == 488
/* 4:8:4 = IP32 = a 32-bit system prepared for 64-bit */
/* 4:8:8 = LP64 = a normal 64-bit system */
typedef unsigned char uint8_t;
typedef unsigned short uint16_t;
typedef unsigned int uint32_t;
#ifndef __int8_t_defined
#define __int8_t_defined
typedef char int8_t;
typedef short int16_t;
typedef int int32_t;
#endif
/* this system has a "long" of 64bit */
#ifndef _HAVE_UINT64_T
#define _HAVE_UINT64_T
typedef unsigned long uint64_t;
typedef long int64_t;
#endif
#elif _STDINT_LONG_MODEL+0 == 448
/* LLP64 a 64-bit system derived from a 32-bit system */
typedef unsigned char uint8_t;
typedef unsigned short uint16_t;
typedef unsigned int uint32_t;
#ifndef __int8_t_defined
#define __int8_t_defined
typedef char int8_t;
typedef short int16_t;
typedef int int32_t;
#endif
/* assuming the system has a "long long" */
#ifndef _HAVE_UINT64_T
#define _HAVE_UINT64_T
typedef unsigned long long uint64_t;
typedef long long int64_t;
#endif
#else
#define _STDINT_NO_INT32_T
#endif
#else
#define _STDINT_NO_INT8_T
#define _STDINT_NO_INT32_T
#endif
#endif
/*
* quote from SunOS-5.8 sys/inttypes.h:
* Use at your own risk. As of February 1996, the committee is squarely
* behind the fixed sized types; the "least" and "fast" types are still being
* discussed. The probability that the "fast" types may be removed before
* the standard is finalized is high enough that they are not currently
* implemented.
*/
#if defined _STDINT_NEED_INT_LEAST_T
typedef int8_t int_least8_t;
typedef int16_t int_least16_t;
typedef int32_t int_least32_t;
#ifdef _HAVE_UINT64_T
typedef int64_t int_least64_t;
#endif
typedef uint8_t uint_least8_t;
typedef uint16_t uint_least16_t;
typedef uint32_t uint_least32_t;
#ifdef _HAVE_UINT64_T
typedef uint64_t uint_least64_t;
#endif
/* least types */
#endif
#if defined _STDINT_NEED_INT_FAST_T
typedef int8_t int_fast8_t;
typedef int int_fast16_t;
typedef int32_t int_fast32_t;
#ifdef _HAVE_UINT64_T
typedef int64_t int_fast64_t;
#endif
typedef uint8_t uint_fast8_t;
typedef unsigned uint_fast16_t;
typedef uint32_t uint_fast32_t;
#ifdef _HAVE_UINT64_T
typedef uint64_t uint_fast64_t;
#endif
/* fast types */
#endif
#ifdef _STDINT_NEED_INTMAX_T
#ifdef _HAVE_UINT64_T
typedef int64_t intmax_t;
typedef uint64_t uintmax_t;
#else
typedef long intmax_t;
typedef unsigned long uintmax_t;
#endif
#endif
#ifdef _STDINT_NEED_INTPTR_T
#ifndef __intptr_t_defined
#define __intptr_t_defined
/* we encourage using "long" to store pointer values, never use "int" ! */
#if _STDINT_LONG_MODEL+0 == 242 || _STDINT_LONG_MODEL+0 == 484
typedef unsigned int uintptr_t;
typedef int intptr_t;
#elif _STDINT_LONG_MODEL+0 == 244 || _STDINT_LONG_MODEL+0 == 444
typedef unsigned long uintptr_t;
typedef long intptr_t;
#elif _STDINT_LONG_MODEL+0 == 448 && defined _HAVE_UINT64_T
typedef uint64_t uintptr_t;
typedef int64_t intptr_t;
#else /* matches typical system types ILP32 and LP64 - but not IP16 or LLP64 */
typedef unsigned long uintptr_t;
typedef long intptr_t;
#endif
#endif
#endif
/* shortcircuit*/
#endif
/* once */
#endif
#endif

110
include/nettle/nettle-types.h Normal file
View File

@@ -0,0 +1,110 @@
/* nettle-types.h
Copyright (C) 2005, 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_TYPES_H
#define NETTLE_TYPES_H
/* For size_t */
#include <stddef.h>
/* Pretend these types always exists. Nettle doesn't use them. */
#define _STDINT_HAVE_INT_FAST32_T 1
#include "nettle-stdint.h"
#ifdef __cplusplus
extern "C" {
#endif
/* An aligned 16-byte block. */
union nettle_block16
{
uint8_t b[16];
unsigned long w[16 / sizeof(unsigned long)];
};
/* Randomness. Used by key generation and dsa signature creation. */
typedef void nettle_random_func(void *ctx,
size_t length, uint8_t *dst);
/* Progress report function, mainly for key generation. */
typedef void nettle_progress_func(void *ctx, int c);
/* Realloc function, used by struct nettle_buffer. */
typedef void *nettle_realloc_func(void *ctx, void *p, size_t length);
/* Ciphers */
typedef void nettle_set_key_func(void *ctx, const uint8_t *key);
/* For block ciphers, const context. */
typedef void nettle_cipher_func(const void *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
/* Uses a void * for cipher contexts. Used for crypt operations where
the internal state changes during the encryption. */
typedef void nettle_crypt_func(void *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
/* Hash algorithms */
typedef void nettle_hash_init_func(void *ctx);
typedef void nettle_hash_update_func(void *ctx,
size_t length,
const uint8_t *src);
typedef void nettle_hash_digest_func(void *ctx,
size_t length, uint8_t *dst);
/* ASCII armor codecs. NOTE: Experimental and subject to change. */
typedef size_t nettle_armor_length_func(size_t length);
typedef void nettle_armor_init_func(void *ctx);
typedef size_t nettle_armor_encode_update_func(void *ctx,
char *dst,
size_t src_length,
const uint8_t *src);
typedef size_t nettle_armor_encode_final_func(void *ctx, char *dst);
typedef int nettle_armor_decode_update_func(void *ctx,
size_t *dst_length,
uint8_t *dst,
size_t src_length,
const char *src);
typedef int nettle_armor_decode_final_func(void *ctx);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_TYPES_H */

85
include/nettle/pbkdf2.h Normal file
View File

@@ -0,0 +1,85 @@
/* pbkdf2.h
PKCS #5 password-based key derivation function PBKDF2, see RFC 2898.
Copyright (C) 2012 Simon Josefsson
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_PBKDF2_H_INCLUDED
#define NETTLE_PBKDF2_H_INCLUDED
#include "nettle-meta.h"
#ifdef __cplusplus
extern "C"
{
#endif
/* Namespace mangling */
#define pbkdf2 nettle_pbkdf2
#define pbkdf2_hmac_sha1 nettle_pbkdf2_hmac_sha1
#define pbkdf2_hmac_sha256 nettle_pbkdf2_hmac_sha256
void
pbkdf2 (void *mac_ctx,
nettle_hash_update_func *update,
nettle_hash_digest_func *digest,
size_t digest_size, unsigned iterations,
size_t salt_length, const uint8_t *salt,
size_t length, uint8_t *dst);
#define PBKDF2(ctx, update, digest, digest_size, \
iterations, salt_length, salt, length, dst) \
(0 ? ((update)((ctx), 0, (uint8_t *) 0), \
(digest)((ctx), 0, (uint8_t *) 0)) \
: pbkdf2 ((ctx), \
(nettle_hash_update_func *)(update), \
(nettle_hash_digest_func *)(digest), \
(digest_size), (iterations), \
(salt_length), (salt), (length), (dst)))
/* PBKDF2 with specific PRFs. */
void
pbkdf2_hmac_sha1 (size_t key_length, const uint8_t *key,
unsigned iterations,
size_t salt_length, const uint8_t *salt,
size_t length, uint8_t *dst);
void
pbkdf2_hmac_sha256 (size_t key_length, const uint8_t *key,
unsigned iterations,
size_t salt_length, const uint8_t *salt,
size_t length, uint8_t *dst);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_PBKDF2_H_INCLUDED */

248
include/nettle/pgp.h Normal file
View File

@@ -0,0 +1,248 @@
/* pgp.h
PGP related functions.
Copyright (C) 2001, 2002 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_PGP_H_INCLUDED
#define NETTLE_PGP_H_INCLUDED
#include <time.h>
#include "nettle-types.h"
#include "bignum.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define pgp_put_uint32 nettle_pgp_put_uint32
#define pgp_put_uint16 nettle_pgp_put_uint16
#define pgp_put_mpi nettle_pgp_put_mpi
#define pgp_put_string nettle_pgp_put_string
#define pgp_put_length nettle_pgp_put_length
#define pgp_put_header nettle_pgp_put_header
#define pgp_put_header_length nettle_pgp_put_header_length
#define pgp_sub_packet_start nettle_pgp_sub_packet_start
#define pgp_put_sub_packet nettle_pgp_put_sub_packet
#define pgp_sub_packet_end nettle_pgp_sub_packet_end
#define pgp_put_public_rsa_key nettle_pgp_put_public_rsa_key
#define pgp_put_rsa_sha1_signature nettle_pgp_put_rsa_sha1_signature
#define pgp_put_userid nettle_pgp_put_userid
#define pgp_crc24 nettle_pgp_crc24
#define pgp_armor nettle_pgp_armor
struct nettle_buffer;
struct rsa_public_key;
struct rsa_private_key;
struct sha1_ctx;
int
pgp_put_uint32(struct nettle_buffer *buffer, uint32_t i);
int
pgp_put_uint16(struct nettle_buffer *buffer, unsigned i);
int
pgp_put_mpi(struct nettle_buffer *buffer, const mpz_t x);
int
pgp_put_string(struct nettle_buffer *buffer,
unsigned length,
const uint8_t *s);
int
pgp_put_length(struct nettle_buffer *buffer,
unsigned length);
int
pgp_put_header(struct nettle_buffer *buffer,
unsigned tag, unsigned length);
void
pgp_put_header_length(struct nettle_buffer *buffer,
/* start of the header */
unsigned start,
unsigned field_size);
unsigned
pgp_sub_packet_start(struct nettle_buffer *buffer);
int
pgp_put_sub_packet(struct nettle_buffer *buffer,
unsigned type,
unsigned length,
const uint8_t *data);
void
pgp_sub_packet_end(struct nettle_buffer *buffer, unsigned start);
int
pgp_put_public_rsa_key(struct nettle_buffer *,
const struct rsa_public_key *key,
time_t timestamp);
int
pgp_put_rsa_sha1_signature(struct nettle_buffer *buffer,
const struct rsa_private_key *key,
const uint8_t *keyid,
unsigned type,
struct sha1_ctx *hash);
int
pgp_put_userid(struct nettle_buffer *buffer,
unsigned length,
const uint8_t *name);
uint32_t
pgp_crc24(unsigned length, const uint8_t *data);
int
pgp_armor(struct nettle_buffer *buffer,
const char *tag,
unsigned length,
const uint8_t *data);
/* Values that can be passed to pgp_put_header when the size of the
* length field, but not the length itself, is known. Also the minimum length
* for the given field size. */
enum pgp_lengths
{
PGP_LENGTH_ONE_OCTET = 0,
PGP_LENGTH_TWO_OCTETS = 192,
PGP_LENGTH_FOUR_OCTETS = 8384,
};
enum pgp_public_key_algorithm
{
PGP_RSA = 1,
PGP_RSA_ENCRYPT = 2,
PGP_RSA_SIGN = 3,
PGP_EL_GAMAL_ENCRYPT = 16,
PGP_DSA = 17,
PGP_EL_GAMAL = 20,
};
enum pgp_symmetric_algorithm
{
PGP_PLAINTEXT = 0,
PGP_IDEA = 1,
PGP_3DES = 2,
PGP_CAST5 = 3,
PGP_BLOWFISH = 4,
PGP_SAFER_SK = 5,
PGP_AES128 = 7,
PGP_AES192 = 8,
PGP_AES256 = 9,
};
enum pgp_compression_algorithm
{
PGP_UNCOMPRESSED = 0,
PGP_ZIP = 1,
PGP_ZLIB = 2,
};
enum pgp_hash_algorithm
{
PGP_MD5 = 1,
PGP_SHA1 = 2,
PGP_RIPEMD = 3,
PGP_MD2 = 5,
PGP_TIGER192 = 6,
PGP_HAVAL = 7,
};
enum pgp_tag
{
PGP_TAG_PUBLIC_SESSION_KEY = 1,
PGP_TAG_SIGNATURE = 2,
PGP_TAG_SYMMETRIC_SESSION_KEY = 3,
PGP_TAG_ONE_PASS_SIGNATURE = 4,
PGP_TAG_SECRET_KEY = 5,
PGP_TAG_PUBLIC_KEY = 6,
PGP_TAG_SECRET_SUBKEY = 7,
PGP_TAG_COMPRESSED = 8,
PGP_TAG_ENCRYPTED = 9,
PGP_TAG_MARKER = 10,
PGP_TAG_LITERAL = 11,
PGP_TAG_TRUST = 12,
PGP_TAG_USERID = 13,
PGP_TAG_PUBLIC_SUBKEY = 14,
};
enum pgp_signature_type
{
PGP_SIGN_BINARY = 0,
PGP_SIGN_TEXT = 1,
PGP_SIGN_STANDALONE = 2,
PGP_SIGN_CERTIFICATION = 0x10,
PGP_SIGN_CERTIFICATION_PERSONA = 0x11,
PGP_SIGN_CERTIFICATION_CASUAL = 0x12,
PGP_SIGN_CERTIFICATION_POSITIVE = 0x13,
PGP_SIGN_SUBKEY = 0x18,
PGP_SIGN_KEY = 0x1f,
PGP_SIGN_REVOCATION = 0x20,
PGP_SIGN_REVOCATION_SUBKEY = 0x28,
PGP_SIGN_REVOCATION_CERTIFICATE = 0x30,
PGP_SIGN_TIMESTAMP = 0x40,
};
enum pgp_subpacket_tag
{
PGP_SUBPACKET_CREATION_TIME = 2,
PGP_SUBPACKET_SIGNATURE_EXPIRATION_TIME = 3,
PGP_SUBPACKET_EXPORTABLE_CERTIFICATION = 4,
PGP_SUBPACKET_TRUST_SIGNATURE = 5,
PGP_SUBPACKET_REGULAR_EXPRESSION = 6,
PGP_SUBPACKET_REVOCABLE = 7,
PGP_SUBPACKET_KEY_EXPIRATION_TIME = 9,
PGP_SUBPACKET_PLACEHOLDER = 10 ,
PGP_SUBPACKET_PREFERRED_SYMMETRIC_ALGORITHMS = 11,
PGP_SUBPACKET_REVOCATION_KEY = 12,
PGP_SUBPACKET_ISSUER_KEY_ID = 16,
PGP_SUBPACKET_NOTATION_DATA = 20,
PGP_SUBPACKET_PREFERRED_HASH_ALGORITHMS = 21,
PGP_SUBPACKET_PREFERRED_COMPRESSION_ALGORITHMS = 22,
PGP_SUBPACKET_KEY_SERVER_PREFERENCES = 23,
PGP_SUBPACKET_PREFERRED_KEY_SERVER = 24,
PGP_SUBPACKET_PRIMARY_USER_ID = 25,
PGP_SUBPACKET_POLICY_URL = 26,
PGP_SUBPACKET_KEY_FLAGS = 27,
PGP_SUBPACKET_SIGNERS_USER_ID = 28,
PGP_SUBPACKET_REASON_FOR_REVOCATION = 29,
};
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_PGP_H_INCLUDED */

114
include/nettle/pkcs1.h Normal file
View File

@@ -0,0 +1,114 @@
/* pkcs1.h
PKCS1 embedding.
Copyright (C) 2003 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_PKCS1_H_INCLUDED
#define NETTLE_PKCS1_H_INCLUDED
#include "nettle-types.h"
#include "bignum.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define _pkcs1_signature_prefix _nettle_pkcs1_signature_prefix
#define pkcs1_rsa_digest_encode nettle_pkcs1_rsa_digest_encode
#define pkcs1_rsa_md5_encode nettle_pkcs1_rsa_md5_encode
#define pkcs1_rsa_md5_encode_digest nettle_pkcs1_rsa_md5_encode_digest
#define pkcs1_rsa_sha1_encode nettle_pkcs1_rsa_sha1_encode
#define pkcs1_rsa_sha1_encode_digest nettle_pkcs1_rsa_sha1_encode_digest
#define pkcs1_rsa_sha256_encode nettle_pkcs1_rsa_sha256_encode
#define pkcs1_rsa_sha256_encode_digest nettle_pkcs1_rsa_sha256_encode_digest
#define pkcs1_rsa_sha512_encode nettle_pkcs1_rsa_sha512_encode
#define pkcs1_rsa_sha512_encode_digest nettle_pkcs1_rsa_sha512_encode_digest
#define pkcs1_encrypt nettle_pkcs1_encrypt
#define pkcs1_decrypt nettle_pkcs1_decrypt
struct md5_ctx;
struct sha1_ctx;
struct sha256_ctx;
struct sha512_ctx;
uint8_t *
_pkcs1_signature_prefix(unsigned key_size,
uint8_t *buffer,
unsigned id_size,
const uint8_t *id,
unsigned digest_size);
int
pkcs1_encrypt (size_t key_size,
/* For padding */
void *random_ctx, nettle_random_func *random,
size_t length, const uint8_t *message,
mpz_t m);
int
pkcs1_decrypt (size_t key_size,
const mpz_t m,
size_t *length, uint8_t *message);
int
pkcs1_rsa_digest_encode(mpz_t m, size_t key_size,
size_t di_length, const uint8_t *digest_info);
int
pkcs1_rsa_md5_encode(mpz_t m, size_t length, struct md5_ctx *hash);
int
pkcs1_rsa_md5_encode_digest(mpz_t m, size_t length, const uint8_t *digest);
int
pkcs1_rsa_sha1_encode(mpz_t m, size_t length, struct sha1_ctx *hash);
int
pkcs1_rsa_sha1_encode_digest(mpz_t m, size_t length, const uint8_t *digest);
int
pkcs1_rsa_sha256_encode(mpz_t m, size_t length, struct sha256_ctx *hash);
int
pkcs1_rsa_sha256_encode_digest(mpz_t m, size_t length, const uint8_t *digest);
int
pkcs1_rsa_sha512_encode(mpz_t m, size_t length, struct sha512_ctx *hash);
int
pkcs1_rsa_sha512_encode_digest(mpz_t m, size_t length, const uint8_t *digest);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_PKCS1_H_INCLUDED */

128
include/nettle/poly1305.h Normal file
View File

@@ -0,0 +1,128 @@
/* poly1305.h
Poly1305 message authentication code.
Copyright (C) 2013 Nikos Mavrogiannopoulos
Copyright (C) 2013, 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_POLY1305_H_INCLUDED
#define NETTLE_POLY1305_H_INCLUDED
#include "aes.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define poly1305_set_key nettle_poly1305_set_key
#define poly1305_digest nettle_poly1305_digest
#define _poly1305_block _nettle_poly1305_block
#define poly1305_aes_set_key nettle_poly1305_aes_set_key
#define poly1305_aes_set_nonce nettle_poly1305_aes_set_nonce
#define poly1305_aes_update nettle_poly1305_aes_update
#define poly1305_aes_digest nettle_poly1305_aes_digest
/* Low level functions/macros for the poly1305 construction. */
#define POLY1305_DIGEST_SIZE 16
#define POLY1305_BLOCK_SIZE 16
#define POLY1305_KEY_SIZE 16
struct poly1305_ctx {
/* Key, 128-bit value and some cached multiples. */
union
{
uint32_t r32[6];
uint64_t r64[3];
} r;
uint32_t s32[3];
/* State, represented as words of 26, 32 or 64 bits, depending on
implementation. */
/* High bits first, to maintain alignment. */
uint32_t hh;
union
{
uint32_t h32[4];
uint64_t h64[2];
} h;
};
/* Low-level internal interface. */
void poly1305_set_key(struct poly1305_ctx *ctx, const uint8_t key[POLY1305_KEY_SIZE]);
/* Extracts digest, and adds it to s, the encrypted nonce. */
void poly1305_digest (struct poly1305_ctx *ctx, union nettle_block16 *s);
/* Internal function. Process one block. */
void _poly1305_block (struct poly1305_ctx *ctx, const uint8_t *m,
unsigned high);
/* poly1305-aes */
#define POLY1305_AES_KEY_SIZE 32
#define POLY1305_AES_DIGEST_SIZE 16
#define POLY1305_AES_NONCE_SIZE 16
struct poly1305_aes_ctx
{
/* Keep aes context last, to make it possible to use a general
poly1305_update if other variants are added. */
struct poly1305_ctx pctx;
uint8_t block[POLY1305_BLOCK_SIZE];
unsigned index;
uint8_t nonce[POLY1305_BLOCK_SIZE];
struct aes128_ctx aes;
};
/* Also initialize the nonce to zero. */
void
poly1305_aes_set_key (struct poly1305_aes_ctx *ctx, const uint8_t *key);
/* Optional, if not used, messages get incrementing nonces starting
from zero. */
void
poly1305_aes_set_nonce (struct poly1305_aes_ctx *ctx,
const uint8_t *nonce);
/* Update is not aes-specific, but since this is the only implemented
variant, we need no more general poly1305_update. */
void
poly1305_aes_update (struct poly1305_aes_ctx *ctx, size_t length, const uint8_t *data);
/* Also increments the nonce */
void
poly1305_aes_digest (struct poly1305_aes_ctx *ctx,
size_t length, uint8_t *digest);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_POLY1305_H_INCLUDED */

58
include/nettle/pss-mgf1.h Normal file
View File

@@ -0,0 +1,58 @@
/* pss-mgf1.h
PKCS#1 mask generation function 1, used in RSA-PSS (RFC-3447).
Copyright (C) 2017 Daiki Ueno
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_PSS_MGF1_H_INCLUDED
#define NETTLE_PSS_MGF1_H_INCLUDED
#include "nettle-meta.h"
#include "sha1.h"
#include "sha2.h"
#ifdef __cplusplus
extern "C"
{
#endif
/* Namespace mangling */
#define pss_mgf1 nettle_pss_mgf1
void
pss_mgf1(const void *seed, const struct nettle_hash *hash,
size_t length, uint8_t *mask);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_PSS_MGF1_H_INCLUDED */

65
include/nettle/pss.h Normal file
View File

@@ -0,0 +1,65 @@
/* pss.h
PKCS#1 RSA-PSS (RFC-3447).
Copyright (C) 2017 Daiki Ueno
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_PSS_H_INCLUDED
#define NETTLE_PSS_H_INCLUDED
#include "nettle-types.h"
#include "bignum.h"
#ifdef __cplusplus
extern "C"
{
#endif
/* Namespace mangling */
#define pss_encode_mgf1 nettle_pss_encode_mgf1
#define pss_verify_mgf1 nettle_pss_verify_mgf1
int
pss_encode_mgf1(mpz_t m, size_t bits,
const struct nettle_hash *hash,
size_t salt_length, const uint8_t *salt,
const uint8_t *digest);
int
pss_verify_mgf1(const mpz_t m, size_t bits,
const struct nettle_hash *hash,
size_t salt_length,
const uint8_t *digest);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_PSS_H_INCLUDED */

48
include/nettle/realloc.h Normal file
View File

@@ -0,0 +1,48 @@
/* realloc.h
Copyright (C) 2002 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_REALLOC_H_INCLUDED
#define NETTLE_REALLOC_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
nettle_realloc_func nettle_realloc;
nettle_realloc_func nettle_xrealloc;
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_REALLOC_H_INCLUDED */

88
include/nettle/ripemd160.h Normal file
View File

@@ -0,0 +1,88 @@
/* ripemd160.h
RIPEMD-160 hash function.
Copyright (C) 2011 Andres Mejia
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_RIPEMD160_H_INCLUDED
#define NETTLE_RIPEMD160_H_INCLUDED
#ifdef __cplusplus
extern "C" {
#endif
#include "nettle-types.h"
/* Name mangling */
#define ripemd160_init nettle_ripemd160_init
#define ripemd160_update nettle_ripemd160_update
#define ripemd160_digest nettle_ripemd160_digest
/* RIPEMD160 */
#define RIPEMD160_DIGEST_SIZE 20
#define RIPEMD160_BLOCK_SIZE 64
/* For backwards compatibility */
#define RIPEMD160_DATA_SIZE RIPEMD160_BLOCK_SIZE
/* Digest is kept internally as 5 32-bit words. */
#define _RIPEMD160_DIGEST_LENGTH 5
struct ripemd160_ctx
{
uint32_t state[_RIPEMD160_DIGEST_LENGTH];
uint64_t count; /* 64-bit block count */
uint8_t block[RIPEMD160_BLOCK_SIZE];
unsigned int index;
};
void
ripemd160_init(struct ripemd160_ctx *ctx);
void
ripemd160_update(struct ripemd160_ctx *ctx,
size_t length,
const uint8_t *data);
void
ripemd160_digest(struct ripemd160_ctx *ctx,
size_t length,
uint8_t *digest);
/* Internal compression function. STATE points to 5 uint32_t words,
and DATA points to 64 bytes of input data, possibly unaligned. */
void
_nettle_ripemd160_compress(uint32_t *state, const uint8_t *data);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_RIPEMD160_H_INCLUDED */

564
include/nettle/rsa.h Normal file
View File

@@ -0,0 +1,564 @@
/* rsa.h
The RSA publickey algorithm.
Copyright (C) 2001, 2002 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_RSA_H_INCLUDED
#define NETTLE_RSA_H_INCLUDED
#include "nettle-types.h"
#include "bignum.h"
#include "md5.h"
#include "sha1.h"
#include "sha2.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define rsa_public_key_init nettle_rsa_public_key_init
#define rsa_public_key_clear nettle_rsa_public_key_clear
#define rsa_public_key_prepare nettle_rsa_public_key_prepare
#define rsa_private_key_init nettle_rsa_private_key_init
#define rsa_private_key_clear nettle_rsa_private_key_clear
#define rsa_private_key_prepare nettle_rsa_private_key_prepare
#define rsa_pkcs1_verify nettle_rsa_pkcs1_verify
#define rsa_pkcs1_sign nettle_rsa_pkcs1_sign
#define rsa_pkcs1_sign_tr nettle_rsa_pkcs1_sign_tr
#define rsa_md5_sign nettle_rsa_md5_sign
#define rsa_md5_sign_tr nettle_rsa_md5_sign_tr
#define rsa_md5_verify nettle_rsa_md5_verify
#define rsa_sha1_sign nettle_rsa_sha1_sign
#define rsa_sha1_sign_tr nettle_rsa_sha1_sign_tr
#define rsa_sha1_verify nettle_rsa_sha1_verify
#define rsa_sha256_sign nettle_rsa_sha256_sign
#define rsa_sha256_sign_tr nettle_rsa_sha256_sign_tr
#define rsa_sha256_verify nettle_rsa_sha256_verify
#define rsa_sha512_sign nettle_rsa_sha512_sign
#define rsa_sha512_sign_tr nettle_rsa_sha512_sign_tr
#define rsa_sha512_verify nettle_rsa_sha512_verify
#define rsa_md5_sign_digest nettle_rsa_md5_sign_digest
#define rsa_md5_sign_digest_tr nettle_rsa_md5_sign_digest_tr
#define rsa_md5_verify_digest nettle_rsa_md5_verify_digest
#define rsa_sha1_sign_digest nettle_rsa_sha1_sign_digest
#define rsa_sha1_sign_digest_tr nettle_rsa_sha1_sign_digest_tr
#define rsa_sha1_verify_digest nettle_rsa_sha1_verify_digest
#define rsa_sha256_sign_digest nettle_rsa_sha256_sign_digest
#define rsa_sha256_sign_digest_tr nettle_rsa_sha256_sign_digest_tr
#define rsa_sha256_verify_digest nettle_rsa_sha256_verify_digest
#define rsa_sha512_sign_digest nettle_rsa_sha512_sign_digest
#define rsa_sha512_sign_digest_tr nettle_rsa_sha512_sign_digest_tr
#define rsa_sha512_verify_digest nettle_rsa_sha512_verify_digest
#define rsa_pss_sha256_sign_digest_tr nettle_rsa_pss_sha256_sign_digest_tr
#define rsa_pss_sha256_verify_digest nettle_rsa_pss_sha256_verify_digest
#define rsa_pss_sha384_sign_digest_tr nettle_rsa_pss_sha384_sign_digest_tr
#define rsa_pss_sha384_verify_digest nettle_rsa_pss_sha384_verify_digest
#define rsa_pss_sha512_sign_digest_tr nettle_rsa_pss_sha512_sign_digest_tr
#define rsa_pss_sha512_verify_digest nettle_rsa_pss_sha512_verify_digest
#define rsa_encrypt nettle_rsa_encrypt
#define rsa_decrypt nettle_rsa_decrypt
#define rsa_decrypt_tr nettle_rsa_decrypt_tr
#define rsa_sec_decrypt nettle_rsa_sec_decrypt
#define rsa_compute_root nettle_rsa_compute_root
#define rsa_compute_root_tr nettle_rsa_compute_root_tr
#define rsa_generate_keypair nettle_rsa_generate_keypair
#define rsa_keypair_to_sexp nettle_rsa_keypair_to_sexp
#define rsa_keypair_from_sexp_alist nettle_rsa_keypair_from_sexp_alist
#define rsa_keypair_from_sexp nettle_rsa_keypair_from_sexp
#define rsa_public_key_from_der_iterator nettle_rsa_public_key_from_der_iterator
#define rsa_private_key_from_der_iterator nettle_rsa_private_key_from_der_iterator
#define rsa_keypair_from_der nettle_rsa_keypair_from_der
#define rsa_keypair_to_openpgp nettle_rsa_keypair_to_openpgp
#define _rsa_verify _nettle_rsa_verify
#define _rsa_verify_recover _nettle_rsa_verify_recover
#define _rsa_check_size _nettle_rsa_check_size
#define _rsa_blind _nettle_rsa_blind
#define _rsa_unblind _nettle_rsa_unblind
/* This limit is somewhat arbitrary. Technically, the smallest modulo
which makes sense at all is 15 = 3*5, phi(15) = 8, size 4 bits. But
for ridiculously small keys, not all odd e are possible (e.g., for
5 bits, the only possible modulo is 3*7 = 21, phi(21) = 12, and e =
3 don't work). The smallest size that makes sense with pkcs#1, and
which allows RSA encryption of one byte messages, is 12 octets, 89
bits. */
#define RSA_MINIMUM_N_OCTETS 12
#define RSA_MINIMUM_N_BITS (8*RSA_MINIMUM_N_OCTETS - 7)
struct rsa_public_key
{
/* Size of the modulo, in octets. This is also the size of all
* signatures that are created or verified with this key. */
size_t size;
/* Modulo */
mpz_t n;
/* Public exponent */
mpz_t e;
};
struct rsa_private_key
{
size_t size;
/* d is filled in by the key generation function; otherwise it's
* completely unused. */
mpz_t d;
/* The two factors */
mpz_t p; mpz_t q;
/* d % (p-1), i.e. a e = 1 (mod (p-1)) */
mpz_t a;
/* d % (q-1), i.e. b e = 1 (mod (q-1)) */
mpz_t b;
/* modular inverse of q , i.e. c q = 1 (mod p) */
mpz_t c;
};
/* Signing a message works as follows:
*
* Store the private key in a rsa_private_key struct.
*
* Call rsa_private_key_prepare. This initializes the size attribute
* to the length of a signature.
*
* Initialize a hashing context, by callling
* md5_init
*
* Hash the message by calling
* md5_update
*
* Create the signature by calling
* rsa_md5_sign
*
* The signature is represented as a mpz_t bignum. This call also
* resets the hashing context.
*
* When done with the key and signature, don't forget to call
* mpz_clear.
*/
/* Calls mpz_init to initialize bignum storage. */
void
rsa_public_key_init(struct rsa_public_key *key);
/* Calls mpz_clear to deallocate bignum storage. */
void
rsa_public_key_clear(struct rsa_public_key *key);
int
rsa_public_key_prepare(struct rsa_public_key *key);
/* Calls mpz_init to initialize bignum storage. */
void
rsa_private_key_init(struct rsa_private_key *key);
/* Calls mpz_clear to deallocate bignum storage. */
void
rsa_private_key_clear(struct rsa_private_key *key);
int
rsa_private_key_prepare(struct rsa_private_key *key);
/* PKCS#1 style signatures */
int
rsa_pkcs1_sign(const struct rsa_private_key *key,
size_t length, const uint8_t *digest_info,
mpz_t s);
int
rsa_pkcs1_sign_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
size_t length, const uint8_t *digest_info,
mpz_t s);
int
rsa_pkcs1_verify(const struct rsa_public_key *key,
size_t length, const uint8_t *digest_info,
const mpz_t signature);
int
rsa_md5_sign(const struct rsa_private_key *key,
struct md5_ctx *hash,
mpz_t signature);
int
rsa_md5_sign_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
struct md5_ctx *hash, mpz_t s);
int
rsa_md5_verify(const struct rsa_public_key *key,
struct md5_ctx *hash,
const mpz_t signature);
int
rsa_sha1_sign(const struct rsa_private_key *key,
struct sha1_ctx *hash,
mpz_t signature);
int
rsa_sha1_sign_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
struct sha1_ctx *hash,
mpz_t s);
int
rsa_sha1_verify(const struct rsa_public_key *key,
struct sha1_ctx *hash,
const mpz_t signature);
int
rsa_sha256_sign(const struct rsa_private_key *key,
struct sha256_ctx *hash,
mpz_t signature);
int
rsa_sha256_sign_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
struct sha256_ctx *hash,
mpz_t s);
int
rsa_sha256_verify(const struct rsa_public_key *key,
struct sha256_ctx *hash,
const mpz_t signature);
int
rsa_sha512_sign(const struct rsa_private_key *key,
struct sha512_ctx *hash,
mpz_t signature);
int
rsa_sha512_sign_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
struct sha512_ctx *hash,
mpz_t s);
int
rsa_sha512_verify(const struct rsa_public_key *key,
struct sha512_ctx *hash,
const mpz_t signature);
/* Variants taking the digest as argument. */
int
rsa_md5_sign_digest(const struct rsa_private_key *key,
const uint8_t *digest,
mpz_t s);
int
rsa_md5_sign_digest_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
const uint8_t *digest, mpz_t s);
int
rsa_md5_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,
const mpz_t signature);
int
rsa_sha1_sign_digest(const struct rsa_private_key *key,
const uint8_t *digest,
mpz_t s);
int
rsa_sha1_sign_digest_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
const uint8_t *digest,
mpz_t s);
int
rsa_sha1_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,
const mpz_t signature);
int
rsa_sha256_sign_digest(const struct rsa_private_key *key,
const uint8_t *digest,
mpz_t s);
int
rsa_sha256_sign_digest_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
const uint8_t *digest,
mpz_t s);
int
rsa_sha256_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,
const mpz_t signature);
int
rsa_sha512_sign_digest(const struct rsa_private_key *key,
const uint8_t *digest,
mpz_t s);
int
rsa_sha512_sign_digest_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
const uint8_t *digest,
mpz_t s);
int
rsa_sha512_verify_digest(const struct rsa_public_key *key,
const uint8_t *digest,
const mpz_t signature);
/* PSS style signatures */
int
rsa_pss_sha256_sign_digest_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
size_t salt_length, const uint8_t *salt,
const uint8_t *digest,
mpz_t s);
int
rsa_pss_sha256_verify_digest(const struct rsa_public_key *key,
size_t salt_length,
const uint8_t *digest,
const mpz_t signature);
int
rsa_pss_sha384_sign_digest_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
size_t salt_length, const uint8_t *salt,
const uint8_t *digest,
mpz_t s);
int
rsa_pss_sha384_verify_digest(const struct rsa_public_key *key,
size_t salt_length,
const uint8_t *digest,
const mpz_t signature);
int
rsa_pss_sha512_sign_digest_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
size_t salt_length, const uint8_t *salt,
const uint8_t *digest,
mpz_t s);
int
rsa_pss_sha512_verify_digest(const struct rsa_public_key *key,
size_t salt_length,
const uint8_t *digest,
const mpz_t signature);
/* RSA encryption, using PKCS#1 */
/* These functions uses the v1.5 padding. What should the v2 (OAEP)
* functions be called? */
/* Returns 1 on success, 0 on failure, which happens if the
* message is too long for the key. */
int
rsa_encrypt(const struct rsa_public_key *key,
/* For padding */
void *random_ctx, nettle_random_func *random,
size_t length, const uint8_t *cleartext,
mpz_t cipher);
/* Message must point to a buffer of size *LENGTH. KEY->size is enough
* for all valid messages. On success, *LENGTH is updated to reflect
* the actual length of the message. Returns 1 on success, 0 on
* failure, which happens if decryption failed or if the message
* didn't fit. */
int
rsa_decrypt(const struct rsa_private_key *key,
size_t *length, uint8_t *cleartext,
const mpz_t ciphertext);
/* Timing-resistant version, using randomized RSA blinding. */
int
rsa_decrypt_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
size_t *length, uint8_t *message,
const mpz_t gibberish);
/* like rsa_decrypt_tr but with additional side-channel resistance.
* NOTE: the length of the final message must be known in advance. */
int
rsa_sec_decrypt(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
size_t length, uint8_t *message,
const mpz_t gibberish);
/* Compute x, the e:th root of m. Calling it with x == m is allowed. */
void
rsa_compute_root(const struct rsa_private_key *key,
mpz_t x, const mpz_t m);
/* Safer variant, using RSA blinding, and checking the result after
CRT. */
int
rsa_compute_root_tr(const struct rsa_public_key *pub,
const struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
mpz_t x, const mpz_t m);
/* Key generation */
/* Note that the key structs must be initialized first. */
int
rsa_generate_keypair(struct rsa_public_key *pub,
struct rsa_private_key *key,
void *random_ctx, nettle_random_func *random,
void *progress_ctx, nettle_progress_func *progress,
/* Desired size of modulo, in bits */
unsigned n_size,
/* Desired size of public exponent, in bits. If
* zero, the passed in value pub->e is used. */
unsigned e_size);
#define RSA_SIGN(key, algorithm, ctx, length, data, signature) ( \
algorithm##_update(ctx, length, data), \
rsa_##algorithm##_sign(key, ctx, signature) \
)
#define RSA_VERIFY(key, algorithm, ctx, length, data, signature) ( \
algorithm##_update(ctx, length, data), \
rsa_##algorithm##_verify(key, ctx, signature) \
)
/* Keys in sexp form. */
struct nettle_buffer;
/* Generates a public-key expression if PRIV is NULL .*/
int
rsa_keypair_to_sexp(struct nettle_buffer *buffer,
const char *algorithm_name, /* NULL means "rsa" */
const struct rsa_public_key *pub,
const struct rsa_private_key *priv);
struct sexp_iterator;
int
rsa_keypair_from_sexp_alist(struct rsa_public_key *pub,
struct rsa_private_key *priv,
unsigned limit,
struct sexp_iterator *i);
/* If PRIV is NULL, expect a public-key expression. If PUB is NULL,
* expect a private key expression and ignore the parts not needed for
* the public key. */
/* Keys must be initialized before calling this function, as usual. */
int
rsa_keypair_from_sexp(struct rsa_public_key *pub,
struct rsa_private_key *priv,
unsigned limit,
size_t length, const uint8_t *expr);
/* Keys in PKCS#1 format. */
struct asn1_der_iterator;
int
rsa_public_key_from_der_iterator(struct rsa_public_key *pub,
unsigned limit,
struct asn1_der_iterator *i);
int
rsa_private_key_from_der_iterator(struct rsa_public_key *pub,
struct rsa_private_key *priv,
unsigned limit,
struct asn1_der_iterator *i);
/* For public keys, use PRIV == NULL */
int
rsa_keypair_from_der(struct rsa_public_key *pub,
struct rsa_private_key *priv,
unsigned limit,
size_t length, const uint8_t *data);
/* OpenPGP format. Experimental interface, subject to change. */
int
rsa_keypair_to_openpgp(struct nettle_buffer *buffer,
const struct rsa_public_key *pub,
const struct rsa_private_key *priv,
/* A single user id. NUL-terminated utf8. */
const char *userid);
/* Internal functions. */
int
_rsa_verify(const struct rsa_public_key *key,
const mpz_t m,
const mpz_t s);
int
_rsa_verify_recover(const struct rsa_public_key *key,
mpz_t m,
const mpz_t s);
size_t
_rsa_check_size(mpz_t n);
/* _rsa_blind and _rsa_unblind are deprecated, unused in the library,
and will likely be removed with the next ABI break. */
void
_rsa_blind (const struct rsa_public_key *pub,
void *random_ctx, nettle_random_func *random,
mpz_t c, mpz_t ri);
void
_rsa_unblind (const struct rsa_public_key *pub, mpz_t c, const mpz_t ri);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_RSA_H_INCLUDED */

114
include/nettle/salsa20.h Normal file
View File

@@ -0,0 +1,114 @@
/* salsa20.h
The Salsa20 stream cipher.
Copyright (C) 2012 Simon Josefsson
Copyright (C) 2001 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_SALSA20_H_INCLUDED
#define NETTLE_SALSA20_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define salsa20_set_key nettle_salsa20_set_key
#define salsa20_128_set_key nettle_salsa20_128_set_key
#define salsa20_256_set_key nettle_salsa20_256_set_key
#define salsa20_set_nonce nettle_salsa20_set_nonce
#define salsa20_crypt nettle_salsa20_crypt
#define _salsa20_core _nettle_salsa20_core
#define salsa20r12_crypt nettle_salsa20r12_crypt
/* Alias for backwards compatibility */
#define salsa20_set_iv nettle_salsa20_set_nonce
/* In octets.*/
#define SALSA20_128_KEY_SIZE 16
#define SALSA20_256_KEY_SIZE 32
#define SALSA20_BLOCK_SIZE 64
#define SALSA20_NONCE_SIZE 8
#define SALSA20_IV_SIZE SALSA20_NONCE_SIZE
/* Aliases */
#define SALSA20_MIN_KEY_SIZE 16
#define SALSA20_MAX_KEY_SIZE 32
#define SALSA20_KEY_SIZE 32
#define _SALSA20_INPUT_LENGTH 16
struct salsa20_ctx
{
/* Indices 1-4 and 11-14 holds the key (two identical copies for the
shorter key size), indices 0, 5, 10, 15 are constant, indices 6, 7
are the IV, and indices 8, 9 are the block counter:
C K K K
K C I I
B B C K
K K K C
*/
uint32_t input[_SALSA20_INPUT_LENGTH];
};
void
salsa20_128_set_key(struct salsa20_ctx *ctx, const uint8_t *key);
void
salsa20_256_set_key(struct salsa20_ctx *ctx, const uint8_t *key);
void
salsa20_set_key(struct salsa20_ctx *ctx,
size_t length, const uint8_t *key);
void
salsa20_set_nonce(struct salsa20_ctx *ctx, const uint8_t *nonce);
void
salsa20_crypt(struct salsa20_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
void
salsa20r12_crypt(struct salsa20_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
void
_salsa20_core(uint32_t *dst, const uint32_t *src, unsigned rounds);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_SALSA20_H_INCLUDED */

102
include/nettle/serpent.h Normal file
View File

@@ -0,0 +1,102 @@
/* serpent.h
The serpent block cipher.
Copyright (C) 2001 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
/* Serpent is a 128-bit block cipher that accepts a key size of 256
* bits, designed by Ross Anderson, Eli Biham, and Lars Knudsen. See
* http://www.cl.cam.ac.uk/~rja14/serpent.html for details.
*/
#ifndef NETTLE_SERPENT_H_INCLUDED
#define NETTLE_SERPENT_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define serpent_set_key nettle_serpent_set_key
#define serpent128_set_key nettle_serpent128_set_key
#define serpent192_set_key nettle_serpent192_set_key
#define serpent256_set_key nettle_serpent256_set_key
#define serpent_encrypt nettle_serpent_encrypt
#define serpent_decrypt nettle_serpent_decrypt
#define SERPENT_BLOCK_SIZE 16
/* Other key lengths are possible, but the design of Serpent makes
* smaller key lengths quite pointless; they cheated with the AES
* requirements, using a 256-bit key length exclusively and just
* padding it out if the desired key length was less, so there really
* is no advantage to using key lengths less than 256 bits. */
#define SERPENT_KEY_SIZE 32
/* Allow keys of size 128 <= bits <= 256 */
#define SERPENT_MIN_KEY_SIZE 16
#define SERPENT_MAX_KEY_SIZE 32
#define SERPENT128_KEY_SIZE 16
#define SERPENT192_KEY_SIZE 24
#define SERPENT256_KEY_SIZE 32
struct serpent_ctx
{
uint32_t keys[33][4]; /* key schedule */
};
void
serpent_set_key(struct serpent_ctx *ctx,
size_t length, const uint8_t *key);
void
serpent128_set_key(struct serpent_ctx *ctx, const uint8_t *key);
void
serpent192_set_key(struct serpent_ctx *ctx, const uint8_t *key);
void
serpent256_set_key(struct serpent_ctx *ctx, const uint8_t *key);
void
serpent_encrypt(const struct serpent_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
void
serpent_decrypt(const struct serpent_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_SERPENT_H_INCLUDED */

213
include/nettle/sexp.h Normal file
View File

@@ -0,0 +1,213 @@
/* sexp.h
Parsing s-expressions.
Copyright (C) 2002 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_SEXP_H_INCLUDED
#define NETTLE_SEXP_H_INCLUDED
#include <stdarg.h>
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define sexp_iterator_first nettle_sexp_iterator_first
#define sexp_transport_iterator_first nettle_sexp_transport_iterator_first
#define sexp_iterator_next nettle_sexp_iterator_next
#define sexp_iterator_enter_list nettle_sexp_iterator_enter_list
#define sexp_iterator_exit_list nettle_sexp_iterator_exit_list
#define sexp_iterator_subexpr nettle_sexp_iterator_subexpr
#define sexp_iterator_get_uint32 nettle_sexp_iterator_get_uint32
#define sexp_iterator_check_type nettle_sexp_iterator_check_type
#define sexp_iterator_check_types nettle_sexp_iterator_check_types
#define sexp_iterator_assoc nettle_sexp_iterator_assoc
#define sexp_format nettle_sexp_format
#define sexp_vformat nettle_sexp_vformat
#define sexp_transport_format nettle_sexp_transport_format
#define sexp_transport_vformat nettle_sexp_transport_vformat
#define sexp_token_chars nettle_sexp_token_chars
enum sexp_type
{ SEXP_ATOM, SEXP_LIST, SEXP_END };
struct sexp_iterator
{
size_t length;
const uint8_t *buffer;
/* Points at the start of the current sub expression. */
size_t start;
/* If type is SEXP_LIST, pos points at the start of the current
* element. Otherwise, it points at the end. */
size_t pos;
unsigned level;
enum sexp_type type;
size_t display_length;
const uint8_t *display;
size_t atom_length;
const uint8_t *atom;
};
/* All these functions return 1 on success, 0 on failure */
/* Initializes the iterator. */
int
sexp_iterator_first(struct sexp_iterator *iterator,
size_t length, const uint8_t *input);
/* NOTE: Decodes the input string in place */
int
sexp_transport_iterator_first(struct sexp_iterator *iterator,
size_t length, uint8_t *input);
int
sexp_iterator_next(struct sexp_iterator *iterator);
/* Current element must be a list. */
int
sexp_iterator_enter_list(struct sexp_iterator *iterator);
/* Skips the rest of the current list */
int
sexp_iterator_exit_list(struct sexp_iterator *iterator);
#if 0
/* Skips out of as many lists as necessary to get back to the given
* level. */
int
sexp_iterator_exit_lists(struct sexp_iterator *iterator,
unsigned level);
#endif
/* Gets start and length of the current subexpression. Implies
* sexp_iterator_next. */
const uint8_t *
sexp_iterator_subexpr(struct sexp_iterator *iterator,
size_t *length);
int
sexp_iterator_get_uint32(struct sexp_iterator *iterator,
uint32_t *x);
/* Checks the type of the current expression, which should be a list
*
* (<type> ...)
*/
int
sexp_iterator_check_type(struct sexp_iterator *iterator,
const char *type);
const char *
sexp_iterator_check_types(struct sexp_iterator *iterator,
unsigned ntypes,
const char * const *types);
/* Current element must be a list. Looks up element of type
*
* (key rest...)
*
* For a matching key, the corresponding iterator is initialized
* pointing at the start of REST.
*
* On success, exits the current list.
*/
int
sexp_iterator_assoc(struct sexp_iterator *iterator,
unsigned nkeys,
const char * const *keys,
struct sexp_iterator *values);
/* Output functions. What is a reasonable API for this? It seems
* ugly to have to reimplement string streams. */
/* Declared for real in buffer.h */
struct nettle_buffer;
/* Returns the number of output characters, or 0 on out of memory. If
* buffer == NULL, just compute length.
*
* Format strings can contained matched parentheses, tokens ("foo" in
* the format string is formatted as "3:foo"), whitespace (which
* separates tokens but is otherwise ignored) and the following
* formatting specifiers:
*
* %s String represented as size_t length, const uint8_t *data.
*
* %t Optional display type, represented as
* size_t display_length, const uint8_t *display,
* display == NULL means no display type.
*
* %i Non-negative small integer, uint32_t.
*
* %b Non-negative bignum, mpz_t.
*
* %l Literal string (no length added), typically a balanced
* subexpression. Represented as size_t length, const uint8_t
* *data.
*
* %(, %) Allows insertion of unbalanced parenthesis.
*
* Modifiers:
*
* %0 For %s, %t and %l, says that there's no length argument,
* instead the string is NUL-terminated, and there's only one
* const uint8_t * argument.
*/
size_t
sexp_format(struct nettle_buffer *buffer,
const char *format, ...);
size_t
sexp_vformat(struct nettle_buffer *buffer,
const char *format, va_list args);
size_t
sexp_transport_format(struct nettle_buffer *buffer,
const char *format, ...);
size_t
sexp_transport_vformat(struct nettle_buffer *buffer,
const char *format, va_list args);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_SEXP_H_INCLUDED */

42
include/nettle/sha.h Normal file
View File

@@ -0,0 +1,42 @@
/* sha.h
This file is deprecated, and provided only for backwards
compatibility with earlier versions of Nettle. Please use sha1.h
and/or sha2.h instead.
Copyright (C) 2001 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_SHA_H_INCLUDED
#define NETTLE_SHA_H_INCLUDED
#include "sha1.h"
#include "sha2.h"
#endif /* NETTLE_SHA_H_INCLUDED */

88
include/nettle/sha1.h Normal file
View File

@@ -0,0 +1,88 @@
/* sha1.h
The sha1 hash function.
Copyright (C) 2001, 2012 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_SHA1_H_INCLUDED
#define NETTLE_SHA1_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define sha1_init nettle_sha1_init
#define sha1_update nettle_sha1_update
#define sha1_digest nettle_sha1_digest
/* SHA1 */
#define SHA1_DIGEST_SIZE 20
#define SHA1_BLOCK_SIZE 64
/* For backwards compatibility */
#define SHA1_DATA_SIZE SHA1_BLOCK_SIZE
/* Digest is kept internally as 5 32-bit words. */
#define _SHA1_DIGEST_LENGTH 5
struct sha1_ctx
{
uint32_t state[_SHA1_DIGEST_LENGTH]; /* State variables */
uint64_t count; /* 64-bit block count */
uint8_t block[SHA1_BLOCK_SIZE]; /* SHA1 data buffer */
unsigned int index; /* index into buffer */
};
void
sha1_init(struct sha1_ctx *ctx);
void
sha1_update(struct sha1_ctx *ctx,
size_t length,
const uint8_t *data);
void
sha1_digest(struct sha1_ctx *ctx,
size_t length,
uint8_t *digest);
/* Internal compression function. STATE points to 5 uint32_t words,
and DATA points to 64 bytes of input data, possibly unaligned. */
void
_nettle_sha1_compress(uint32_t *state, const uint8_t *data);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_SHA1_H_INCLUDED */

206
include/nettle/sha2.h Normal file
View File

@@ -0,0 +1,206 @@
/* sha2.h
The sha2 family of hash functions.
Copyright (C) 2001, 2012 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_SHA2_H_INCLUDED
#define NETTLE_SHA2_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define sha224_init nettle_sha224_init
#define sha224_digest nettle_sha224_digest
#define sha256_init nettle_sha256_init
#define sha256_update nettle_sha256_update
#define sha256_digest nettle_sha256_digest
#define sha384_init nettle_sha384_init
#define sha384_digest nettle_sha384_digest
#define sha512_init nettle_sha512_init
#define sha512_update nettle_sha512_update
#define sha512_digest nettle_sha512_digest
#define sha512_224_init nettle_sha512_224_init
#define sha512_224_digest nettle_sha512_224_digest
#define sha512_256_init nettle_sha512_256_init
#define sha512_256_digest nettle_sha512_256_digest
/* For backwards compatibility */
#define SHA224_DATA_SIZE SHA256_BLOCK_SIZE
#define SHA256_DATA_SIZE SHA256_BLOCK_SIZE
#define SHA512_DATA_SIZE SHA512_BLOCK_SIZE
#define SHA384_DATA_SIZE SHA512_BLOCK_SIZE
/* SHA256 */
#define SHA256_DIGEST_SIZE 32
#define SHA256_BLOCK_SIZE 64
/* Digest is kept internally as 8 32-bit words. */
#define _SHA256_DIGEST_LENGTH 8
struct sha256_ctx
{
uint32_t state[_SHA256_DIGEST_LENGTH]; /* State variables */
uint64_t count; /* 64-bit block count */
uint8_t block[SHA256_BLOCK_SIZE]; /* SHA256 data buffer */
unsigned int index; /* index into buffer */
};
void
sha256_init(struct sha256_ctx *ctx);
void
sha256_update(struct sha256_ctx *ctx,
size_t length,
const uint8_t *data);
void
sha256_digest(struct sha256_ctx *ctx,
size_t length,
uint8_t *digest);
/* Internal compression function. STATE points to 8 uint32_t words,
DATA points to 64 bytes of input data, possibly unaligned, and K
points to the table of constants. */
void
_nettle_sha256_compress(uint32_t *state, const uint8_t *data, const uint32_t *k);
/* SHA224, a truncated SHA256 with different initial state. */
#define SHA224_DIGEST_SIZE 28
#define SHA224_BLOCK_SIZE SHA256_BLOCK_SIZE
#define sha224_ctx sha256_ctx
void
sha224_init(struct sha256_ctx *ctx);
#define sha224_update nettle_sha256_update
void
sha224_digest(struct sha256_ctx *ctx,
size_t length,
uint8_t *digest);
/* SHA512 */
#define SHA512_DIGEST_SIZE 64
#define SHA512_BLOCK_SIZE 128
/* Digest is kept internally as 8 64-bit words. */
#define _SHA512_DIGEST_LENGTH 8
struct sha512_ctx
{
uint64_t state[_SHA512_DIGEST_LENGTH]; /* State variables */
uint64_t count_low, count_high; /* 128-bit block count */
uint8_t block[SHA512_BLOCK_SIZE]; /* SHA512 data buffer */
unsigned int index; /* index into buffer */
};
void
sha512_init(struct sha512_ctx *ctx);
void
sha512_update(struct sha512_ctx *ctx,
size_t length,
const uint8_t *data);
void
sha512_digest(struct sha512_ctx *ctx,
size_t length,
uint8_t *digest);
/* Internal compression function. STATE points to 8 uint64_t words,
DATA points to 128 bytes of input data, possibly unaligned, and K
points to the table of constants. */
void
_nettle_sha512_compress(uint64_t *state, const uint8_t *data, const uint64_t *k);
/* SHA384, a truncated SHA512 with different initial state. */
#define SHA384_DIGEST_SIZE 48
#define SHA384_BLOCK_SIZE SHA512_BLOCK_SIZE
#define sha384_ctx sha512_ctx
void
sha384_init(struct sha512_ctx *ctx);
#define sha384_update nettle_sha512_update
void
sha384_digest(struct sha512_ctx *ctx,
size_t length,
uint8_t *digest);
/* SHA512_224 and SHA512_256, two truncated versions of SHA512
with different initial states. */
#define SHA512_224_DIGEST_SIZE 28
#define SHA512_224_BLOCK_SIZE SHA512_BLOCK_SIZE
#define sha512_224_ctx sha512_ctx
void
sha512_224_init(struct sha512_224_ctx *ctx);
#define sha512_224_update nettle_sha512_update
void
sha512_224_digest(struct sha512_224_ctx *ctx,
size_t length,
uint8_t *digest);
#define SHA512_256_DIGEST_SIZE 32
#define SHA512_256_BLOCK_SIZE SHA512_BLOCK_SIZE
#define sha512_256_ctx sha512_ctx
void
sha512_256_init(struct sha512_256_ctx *ctx);
#define sha512_256_update nettle_sha512_update
void
sha512_256_digest(struct sha512_256_ctx *ctx,
size_t length,
uint8_t *digest);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_SHA2_H_INCLUDED */

193
include/nettle/sha3.h Normal file
View File

@@ -0,0 +1,193 @@
/* sha3.h
The sha3 hash function (aka Keccak).
Copyright (C) 2012 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_SHA3_H_INCLUDED
#define NETTLE_SHA3_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define sha3_permute nettle_sha3_permute
#define _sha3_update _nettle_sha3_update
#define _sha3_pad _nettle_sha3_pad
#define sha3_224_init nettle_sha3_224_init
#define sha3_224_update nettle_sha3_224_update
#define sha3_224_digest nettle_sha3_224_digest
#define sha3_256_init nettle_sha3_256_init
#define sha3_256_update nettle_sha3_256_update
#define sha3_256_digest nettle_sha3_256_digest
#define sha3_384_init nettle_sha3_384_init
#define sha3_384_update nettle_sha3_384_update
#define sha3_384_digest nettle_sha3_384_digest
#define sha3_512_init nettle_sha3_512_init
#define sha3_512_update nettle_sha3_512_update
#define sha3_512_digest nettle_sha3_512_digest
/* Indicates that SHA3 is the NIST FIPS 202 version. */
#define NETTLE_SHA3_FIPS202 1
/* The sha3 state is a 5x5 matrix of 64-bit words. In the notation of
Keccak description, S[x,y] is element x + 5*y, so if x is
interpreted as the row index and y the column index, it is stored
in column-major order. */
#define SHA3_STATE_LENGTH 25
/* The "width" is 1600 bits or 200 octets */
struct sha3_state
{
uint64_t a[SHA3_STATE_LENGTH];
};
void
sha3_permute (struct sha3_state *state);
unsigned
_sha3_update (struct sha3_state *state,
unsigned block_size, uint8_t *block,
unsigned pos,
size_t length, const uint8_t *data);
void
_sha3_pad (struct sha3_state *state,
unsigned block_size, uint8_t *block, unsigned pos);
/* The "capacity" is set to 2*(digest size), 512 bits or 64 octets.
The "rate" is the width - capacity, or width - 2 * (digest
size). */
#define SHA3_224_DIGEST_SIZE 28
#define SHA3_224_BLOCK_SIZE 144
#define SHA3_256_DIGEST_SIZE 32
#define SHA3_256_BLOCK_SIZE 136
#define SHA3_384_DIGEST_SIZE 48
#define SHA3_384_BLOCK_SIZE 104
#define SHA3_512_DIGEST_SIZE 64
#define SHA3_512_BLOCK_SIZE 72
/* For backwards compatibility */
#define SHA3_224_DATA_SIZE SHA3_224_BLOCK_SIZE
#define SHA3_256_DATA_SIZE SHA3_256_BLOCK_SIZE
#define SHA3_384_DATA_SIZE SHA3_384_BLOCK_SIZE
#define SHA3_512_DATA_SIZE SHA3_512_BLOCK_SIZE
struct sha3_224_ctx
{
struct sha3_state state;
unsigned index;
uint8_t block[SHA3_224_BLOCK_SIZE];
};
void
sha3_224_init (struct sha3_224_ctx *ctx);
void
sha3_224_update (struct sha3_224_ctx *ctx,
size_t length,
const uint8_t *data);
void
sha3_224_digest(struct sha3_224_ctx *ctx,
size_t length,
uint8_t *digest);
struct sha3_256_ctx
{
struct sha3_state state;
unsigned index;
uint8_t block[SHA3_256_BLOCK_SIZE];
};
void
sha3_256_init (struct sha3_256_ctx *ctx);
void
sha3_256_update (struct sha3_256_ctx *ctx,
size_t length,
const uint8_t *data);
void
sha3_256_digest(struct sha3_256_ctx *ctx,
size_t length,
uint8_t *digest);
struct sha3_384_ctx
{
struct sha3_state state;
unsigned index;
uint8_t block[SHA3_384_BLOCK_SIZE];
};
void
sha3_384_init (struct sha3_384_ctx *ctx);
void
sha3_384_update (struct sha3_384_ctx *ctx,
size_t length,
const uint8_t *data);
void
sha3_384_digest(struct sha3_384_ctx *ctx,
size_t length,
uint8_t *digest);
struct sha3_512_ctx
{
struct sha3_state state;
unsigned index;
uint8_t block[SHA3_512_BLOCK_SIZE];
};
void
sha3_512_init (struct sha3_512_ctx *ctx);
void
sha3_512_update (struct sha3_512_ctx *ctx,
size_t length,
const uint8_t *data);
void
sha3_512_digest(struct sha3_512_ctx *ctx,
size_t length,
uint8_t *digest);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_SHA3_H_INCLUDED */

98
include/nettle/twofish.h Normal file
View File

@@ -0,0 +1,98 @@
/* twofish.h
The twofish block cipher.
Copyright (C) 2001, 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
/*
* Twofish is a 128-bit block cipher that accepts a variable-length
* key up to 256 bits, designed by Bruce Schneier and others. See
* http://www.counterpane.com/twofish.html for details.
*/
#ifndef NETTLE_TWOFISH_H_INCLUDED
#define NETTLE_TWOFISH_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define twofish_set_key nettle_twofish_set_key
#define twofish128_set_key nettle_twofish128_set_key
#define twofish192_set_key nettle_twofish192_set_key
#define twofish256_set_key nettle_twofish256_set_key
#define twofish_encrypt nettle_twofish_encrypt
#define twofish_decrypt nettle_twofish_decrypt
#define TWOFISH_BLOCK_SIZE 16
/* Variable key size between 128 and 256 bits. But the only valid
* values are 16 (128 bits), 24 (192 bits) and 32 (256 bits). */
#define TWOFISH_MIN_KEY_SIZE 16
#define TWOFISH_MAX_KEY_SIZE 32
#define TWOFISH_KEY_SIZE 32
#define TWOFISH128_KEY_SIZE 16
#define TWOFISH192_KEY_SIZE 24
#define TWOFISH256_KEY_SIZE 32
struct twofish_ctx
{
uint32_t keys[40];
uint32_t s_box[4][256];
};
void
twofish_set_key(struct twofish_ctx *ctx,
size_t length, const uint8_t *key);
void
twofish128_set_key(struct twofish_ctx *context, const uint8_t *key);
void
twofish192_set_key(struct twofish_ctx *context, const uint8_t *key);
void
twofish256_set_key(struct twofish_ctx *context, const uint8_t *key);
void
twofish_encrypt(const struct twofish_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
void
twofish_decrypt(const struct twofish_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_TWOFISH_H_INCLUDED */

253
include/nettle/umac.h Normal file
View File

@@ -0,0 +1,253 @@
/* umac.h
UMAC message authentication code (RFC-4418).
Copyright (C) 2013 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_UMAC_H_INCLUDED
#define NETTLE_UMAC_H_INCLUDED
#ifdef __cplusplus
extern "C" {
#endif
/* Namespace mangling */
#define umac32_set_key nettle_umac32_set_key
#define umac64_set_key nettle_umac64_set_key
#define umac96_set_key nettle_umac96_set_key
#define umac128_set_key nettle_umac128_set_key
#define umac32_set_nonce nettle_umac32_set_nonce
#define umac64_set_nonce nettle_umac64_set_nonce
#define umac96_set_nonce nettle_umac96_set_nonce
#define umac128_set_nonce nettle_umac128_set_nonce
#define umac32_update nettle_umac32_update
#define umac64_update nettle_umac64_update
#define umac96_update nettle_umac96_update
#define umac128_update nettle_umac128_update
#define umac32_digest nettle_umac32_digest
#define umac64_digest nettle_umac64_digest
#define umac96_digest nettle_umac96_digest
#define umac128_digest nettle_umac128_digest
#define _umac_set_key _nettle_umac_set_key
#define _umac_nh _nettle_umac_nh
#define _umac_nh_n _nettle_umac_nh_n
#define _umac_poly64 _nettle_umac_poly64
#define _umac_poly128 _nettle_umac_poly128
#define _umac_l2_init _nettle_umac_l2_init
#define _umac_l2 _nettle_umac_l2
#define _umac_l2_final _nettle_umac_l2_final
#define _umac_l3_init _nettle_umac_l3_init
#define _umac_l3 _nettle_umac_l3
#include "nettle-types.h"
#include "aes.h"
#define UMAC_KEY_SIZE AES128_KEY_SIZE
#define UMAC32_DIGEST_SIZE 4
#define UMAC64_DIGEST_SIZE 8
#define UMAC96_DIGEST_SIZE 12
#define UMAC128_DIGEST_SIZE 16
#define UMAC_BLOCK_SIZE 1024
#define UMAC_MIN_NONCE_SIZE 1
#define UMAC_MAX_NONCE_SIZE AES_BLOCK_SIZE
/* For backwards compatibility */
#define UMAC_DATA_SIZE UMAC_BLOCK_SIZE
/* Subkeys and state for UMAC with tag size 32*n bits. */
#define _UMAC_STATE(n) \
uint32_t l1_key[UMAC_BLOCK_SIZE/4 + 4*((n)-1)]; \
/* Keys in 32-bit pieces, high first */ \
uint32_t l2_key[6*(n)]; \
uint64_t l3_key1[8*(n)]; \
uint32_t l3_key2[(n)]; \
/* AES cipher for encrypting the nonce */ \
struct aes128_ctx pdf_key; \
/* The l2_state consists of 2*n uint64_t, for poly64 \
and poly128 hashing, followed by n additional \
uint64_t used as an input buffer. */ \
uint64_t l2_state[3*(n)]; \
/* Input to the pdf_key, zero-padded and low bits \
cleared if appropriate. */ \
uint8_t nonce[AES_BLOCK_SIZE]; \
unsigned short nonce_length /* For incrementing */
/* Buffering */
#define _UMAC_BUFFER \
unsigned index; \
/* Complete blocks processed */ \
uint64_t count; \
uint8_t block[UMAC_BLOCK_SIZE]
#define _UMAC_NONCE_CACHED 0x80
struct umac32_ctx
{
_UMAC_STATE(1);
/* Low bits and cache flag. */
unsigned short nonce_low;
/* Previous padding block */
uint32_t pad_cache[AES_BLOCK_SIZE / 4];
_UMAC_BUFFER;
};
struct umac64_ctx
{
_UMAC_STATE(2);
/* Low bit and cache flag. */
unsigned short nonce_low;
/* Previous padding block */
uint32_t pad_cache[AES_BLOCK_SIZE/4];
_UMAC_BUFFER;
};
struct umac96_ctx
{
_UMAC_STATE(3);
_UMAC_BUFFER;
};
struct umac128_ctx
{
_UMAC_STATE(4);
_UMAC_BUFFER;
};
/* The _set_key function initialize the nonce to zero. */
void
umac32_set_key (struct umac32_ctx *ctx, const uint8_t *key);
void
umac64_set_key (struct umac64_ctx *ctx, const uint8_t *key);
void
umac96_set_key (struct umac96_ctx *ctx, const uint8_t *key);
void
umac128_set_key (struct umac128_ctx *ctx, const uint8_t *key);
/* Optional, if not used, messages get incrementing nonces starting from zero. */
void
umac32_set_nonce (struct umac32_ctx *ctx,
size_t nonce_length, const uint8_t *nonce);
void
umac64_set_nonce (struct umac64_ctx *ctx,
size_t nonce_length, const uint8_t *nonce);
void
umac96_set_nonce (struct umac96_ctx *ctx,
size_t nonce_length, const uint8_t *nonce);
void
umac128_set_nonce (struct umac128_ctx *ctx,
size_t nonce_length, const uint8_t *nonce);
void
umac32_update (struct umac32_ctx *ctx,
size_t length, const uint8_t *data);
void
umac64_update (struct umac64_ctx *ctx,
size_t length, const uint8_t *data);
void
umac96_update (struct umac96_ctx *ctx,
size_t length, const uint8_t *data);
void
umac128_update (struct umac128_ctx *ctx,
size_t length, const uint8_t *data);
/* The _digest functions increment the nonce */
void
umac32_digest (struct umac32_ctx *ctx,
size_t length, uint8_t *digest);
void
umac64_digest (struct umac64_ctx *ctx,
size_t length, uint8_t *digest);
void
umac96_digest (struct umac96_ctx *ctx,
size_t length, uint8_t *digest);
void
umac128_digest (struct umac128_ctx *ctx,
size_t length, uint8_t *digest);
/* Internal functions */
#define UMAC_POLY64_BLOCKS 16384
#define UMAC_P64_OFFSET 59
#define UMAC_P64 (- (uint64_t) UMAC_P64_OFFSET)
#define UMAC_P128_OFFSET 159
#define UMAC_P128_HI (~(uint64_t) 0)
#define UMAC_P128_LO (-(uint64_t) UMAC_P128_OFFSET)
void
_umac_set_key (uint32_t *l1_key, uint32_t *l2_key,
uint64_t *l3_key1, uint32_t *l3_key2,
struct aes128_ctx *pad, const uint8_t *key, unsigned n);
uint64_t
_umac_nh (const uint32_t *key, unsigned length, const uint8_t *msg);
/* Equivalent to
for (i = 0; i < n; i++)
out[i] = _umac_nh (key + 4*i, length, msg);
but processing input only once.
*/
void
_umac_nh_n (uint64_t *out, unsigned n, const uint32_t *key,
unsigned length, const uint8_t *msg);
/* Returns y*k + m (mod p), including "marker" processing. Return
value is *not* in canonical representation, and must be normalized
before the output is used. */
uint64_t
_umac_poly64 (uint32_t kh, uint32_t kl, uint64_t y, uint64_t m);
void
_umac_poly128 (const uint32_t *k, uint64_t *y, uint64_t mh, uint64_t ml);
void
_umac_l2_init (unsigned size, uint32_t *k);
void
_umac_l2(const uint32_t *key, uint64_t *state, unsigned n,
uint64_t count, const uint64_t *m);
void
_umac_l2_final(const uint32_t *key, uint64_t *state, unsigned n,
uint64_t count);
void
_umac_l3_init (unsigned size, uint64_t *k);
uint32_t
_umac_l3 (const uint64_t *key, const uint64_t *m);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_UMAC_H_INCLUDED */

64
include/nettle/version.h Normal file
View File

@@ -0,0 +1,64 @@
/* version.h
Information about library version.
Copyright (C) 2015 Red Hat, Inc.
Copyright (C) 2015 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_VERSION_H_INCLUDED
#define NETTLE_VERSION_H_INCLUDED
#ifdef __cplusplus
extern "C" {
#endif
/* Individual version numbers in decimal */
#define NETTLE_VERSION_MAJOR 3
#define NETTLE_VERSION_MINOR 4
#define NETTLE_USE_MINI_GMP 0
/* We need a preprocessor constant for GMP_NUMB_BITS, simply using
sizeof(mp_limb_t) * CHAR_BIT is not good enough. */
#if NETTLE_USE_MINI_GMP
# define GMP_NUMB_BITS n/a
#endif
int
nettle_version_major (void);
int
nettle_version_minor (void);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_VERSION_H_INCLUDED */

145
include/nettle/yarrow.h Normal file
View File

@@ -0,0 +1,145 @@
/* yarrow.h
The yarrow pseudo-randomness generator.
Copyright (C) 2001 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_YARROW_H_INCLUDED
#define NETTLE_YARROW_H_INCLUDED
#include "aes.h"
#include "sha2.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define yarrow256_init nettle_yarrow256_init
#define yarrow256_seed nettle_yarrow256_seed
#define yarrow256_update nettle_yarrow256_update
#define yarrow256_random nettle_yarrow256_random
#define yarrow256_is_seeded nettle_yarrow256_is_seeded
#define yarrow256_needed_sources nettle_yarrow256_needed_sources
#define yarrow256_fast_reseed nettle_yarrow256_fast_reseed
#define yarrow256_slow_reseed nettle_yarrow256_slow_reseed
#define yarrow_key_event_init nettle_yarrow_key_event_init
#define yarrow_key_event_estimate nettle_yarrow_key_event_estimate
/* Obsolete alias for backwards compatibility. Will be deleted in some
later version. */
#define yarrow256_force_reseed yarrow256_slow_reseed
enum yarrow_pool_id { YARROW_FAST = 0, YARROW_SLOW = 1 };
struct yarrow_source
{
/* Indexed by yarrow_pool_id */
uint32_t estimate[2];
/* The pool next sample should go to. */
enum yarrow_pool_id next;
};
#define YARROW256_SEED_FILE_SIZE (2 * AES_BLOCK_SIZE)
/* Yarrow-256, based on SHA-256 and AES-256 */
struct yarrow256_ctx
{
/* Indexed by yarrow_pool_id */
struct sha256_ctx pools[2];
int seeded;
/* The current key and counter block */
struct aes256_ctx key;
uint8_t counter[AES_BLOCK_SIZE];
/* The entropy sources */
unsigned nsources;
struct yarrow_source *sources;
};
void
yarrow256_init(struct yarrow256_ctx *ctx,
unsigned nsources,
struct yarrow_source *sources);
void
yarrow256_seed(struct yarrow256_ctx *ctx,
size_t length,
const uint8_t *seed_file);
/* Returns 1 on reseed */
int
yarrow256_update(struct yarrow256_ctx *ctx,
unsigned source, unsigned entropy,
size_t length, const uint8_t *data);
void
yarrow256_random(struct yarrow256_ctx *ctx, size_t length, uint8_t *dst);
int
yarrow256_is_seeded(struct yarrow256_ctx *ctx);
unsigned
yarrow256_needed_sources(struct yarrow256_ctx *ctx);
void
yarrow256_fast_reseed(struct yarrow256_ctx *ctx);
void
yarrow256_slow_reseed(struct yarrow256_ctx *ctx);
/* Key event estimator */
#define YARROW_KEY_EVENT_BUFFER 16
struct yarrow_key_event_ctx
{
/* Counter for initial priming of the state */
unsigned index;
unsigned chars[YARROW_KEY_EVENT_BUFFER];
unsigned previous;
};
void
yarrow_key_event_init(struct yarrow_key_event_ctx *ctx);
unsigned
yarrow_key_event_estimate(struct yarrow_key_event_ctx *ctx,
unsigned key, unsigned time);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_YARROW_H_INCLUDED */