doc update
[gnutls.git] / lib / crypto-backend.h
blob58c7530c0efb56a5668a50af872e6378c5ffe6e2
1 /*
2 * Copyright (C) 2011-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 #ifndef GNUTLS_CRYPTO_BACKEND_H
24 # define GNUTLS_CRYPTO_BACKEND_H
26 # include <gnutls/crypto.h>
28 # define gnutls_crypto_single_cipher_st gnutls_crypto_cipher_st
29 # define gnutls_crypto_single_mac_st gnutls_crypto_mac_st
30 # define gnutls_crypto_single_digest_st gnutls_crypto_digest_st
32 typedef struct
34 int (*init) (gnutls_cipher_algorithm_t, void **ctx, int enc);
35 int (*setkey) (void *ctx, const void *key, size_t keysize);
36 int (*setiv) (void *ctx, const void *iv, size_t ivsize);
37 int (*encrypt) (void *ctx, const void *plain, size_t plainsize,
38 void *encr, size_t encrsize);
39 int (*decrypt) (void *ctx, const void *encr, size_t encrsize,
40 void *plain, size_t plainsize);
41 int (*auth) (void *ctx, const void *data, size_t datasize);
42 void (*tag) (void *ctx, void *tag, size_t tagsize);
43 void (*deinit) (void *ctx);
45 /* Not needed for registered on run-time. Only included
46 * should define it. */
47 int (*exists) (gnutls_cipher_algorithm_t); /* true/false */
48 } gnutls_crypto_cipher_st;
50 typedef struct
52 int (*init) (gnutls_mac_algorithm_t, void **ctx);
53 int (*setkey) (void *ctx, const void *key, size_t keysize);
54 void (*reset) (void *ctx);
55 int (*hash) (void *ctx, const void *text, size_t textsize);
56 int (*output) (void *src_ctx, void *digest, size_t digestsize);
57 void (*deinit) (void *ctx);
58 int (*fast)(gnutls_mac_algorithm_t, const void *key, size_t keysize, const void *text, size_t textsize, void *digest);
60 /* Not needed for registered on run-time. Only included
61 * should define it. */
62 int (*exists) (gnutls_mac_algorithm_t);
63 } gnutls_crypto_mac_st;
65 typedef struct
67 int (*init) (gnutls_digest_algorithm_t, void **ctx);
68 void (*reset) (void *ctx);
69 int (*hash) (void *ctx, const void *src, size_t srcsize);
70 int (*output) (void *src_ctx, void *digest, size_t digestsize);
71 void (*deinit) (void *ctx);
72 int (*fast)(gnutls_digest_algorithm_t, const void *src, size_t srcsize, void *digest);
74 /* Not needed for registered on run-time. Only included
75 * should define it. */
76 int (*exists) (gnutls_digest_algorithm_t);
77 } gnutls_crypto_digest_st;
79 typedef struct gnutls_crypto_rnd
81 int (*init) (void **ctx);
82 int (*rnd) (void *ctx, int level, void *data, size_t datasize);
83 void (*deinit) (void *ctx);
84 } gnutls_crypto_rnd_st;
86 typedef void *bigint_t;
88 typedef struct
90 bigint_t g; /* group generator */
91 bigint_t p; /* prime */
92 int q_bits; /* the number of bits of q */
93 } gnutls_group_st;
95 /**
96 * gnutls_bigint_format_t:
97 * @GNUTLS_MPI_FORMAT_USG: Raw unsigned integer format.
98 * @GNUTLS_MPI_FORMAT_STD: Raw signed integer format, always a leading
99 * zero when positive.
100 * @GNUTLS_MPI_FORMAT_PGP: The pgp integer format.
102 * Enumeration of different bignum integer encoding formats.
104 typedef enum
106 /* raw unsigned integer format */
107 GNUTLS_MPI_FORMAT_USG = 0,
108 /* raw signed integer format - always a leading zero when positive */
109 GNUTLS_MPI_FORMAT_STD = 1,
110 /* the pgp integer format */
111 GNUTLS_MPI_FORMAT_PGP = 2
112 } gnutls_bigint_format_t;
114 /* Multi precision integer arithmetic */
115 typedef struct gnutls_crypto_bigint
117 bigint_t (*bigint_new) (int nbits);
118 void (*bigint_release) (bigint_t n);
119 /* 0 for equality, > 0 for m1>m2, < 0 for m1<m2 */
120 int (*bigint_cmp) (const bigint_t m1, const bigint_t m2);
121 /* as bigint_cmp */
122 int (*bigint_cmp_ui) (const bigint_t m1, unsigned long m2);
123 /* ret = a % b */
124 bigint_t (*bigint_mod) (const bigint_t a, const bigint_t b);
125 /* a = b -> ret == a */
126 bigint_t (*bigint_set) (bigint_t a, const bigint_t b);
127 /* a = b -> ret == a */
128 bigint_t (*bigint_set_ui) (bigint_t a, unsigned long b);
129 unsigned int (*bigint_get_nbits) (const bigint_t a);
130 /* w = b ^ e mod m */
131 bigint_t (*bigint_powm) (bigint_t w, const bigint_t b,
132 const bigint_t e, const bigint_t m);
133 /* w = a + b mod m */
134 bigint_t (*bigint_addm) (bigint_t w, const bigint_t a,
135 const bigint_t b, const bigint_t m);
136 /* w = a - b mod m */
137 bigint_t (*bigint_subm) (bigint_t w, const bigint_t a, const bigint_t b,
138 const bigint_t m);
139 /* w = a * b mod m */
140 bigint_t (*bigint_mulm) (bigint_t w, const bigint_t a, const bigint_t b,
141 const bigint_t m);
142 /* w = a + b */ bigint_t (*bigint_add) (bigint_t w, const bigint_t a,
143 const bigint_t b);
144 /* w = a - b */ bigint_t (*bigint_sub) (bigint_t w, const bigint_t a,
145 const bigint_t b);
146 /* w = a * b */
147 bigint_t (*bigint_mul) (bigint_t w, const bigint_t a, const bigint_t b);
148 /* w = a + b */
149 bigint_t (*bigint_add_ui) (bigint_t w, const bigint_t a,
150 unsigned long b);
151 /* w = a - b */
152 bigint_t (*bigint_sub_ui) (bigint_t w, const bigint_t a,
153 unsigned long b);
154 /* w = a * b */
155 bigint_t (*bigint_mul_ui) (bigint_t w, const bigint_t a,
156 unsigned long b);
157 /* q = a / b */
158 bigint_t (*bigint_div) (bigint_t q, const bigint_t a, const bigint_t b);
159 /* 0 if prime */
160 int (*bigint_prime_check) (const bigint_t pp);
161 int (*bigint_generate_group) (gnutls_group_st * gg, unsigned int bits);
163 /* reads a bigint from a buffer */
164 /* stores a bigint into the buffer. returns
165 * GNUTLS_E_SHORT_MEMORY_BUFFER if buf_size is not sufficient to
166 * store this integer, and updates the buf_size;
168 bigint_t (*bigint_scan) (const void *buf, size_t buf_size,
169 gnutls_bigint_format_t format);
170 int (*bigint_print) (const bigint_t a, void *buf, size_t * buf_size,
171 gnutls_bigint_format_t format);
172 } gnutls_crypto_bigint_st;
174 #define GNUTLS_MAX_PK_PARAMS 16
176 typedef struct
178 bigint_t params[GNUTLS_MAX_PK_PARAMS];
179 unsigned int params_nr; /* the number of parameters */
180 unsigned int flags;
181 } gnutls_pk_params_st;
184 * gnutls_pk_flag_t:
185 * @GNUTLS_PK_FLAG_NONE: No flag.
187 * Enumeration of public-key flag.
189 typedef enum
191 GNUTLS_PK_FLAG_NONE = 0
192 } gnutls_pk_flag_t;
195 void gnutls_pk_params_release (gnutls_pk_params_st * p);
196 void gnutls_pk_params_init (gnutls_pk_params_st * p);
199 #define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */
201 /* parameters should not be larger than this limit */
202 #define DSA_PUBLIC_PARAMS 4
203 #define RSA_PUBLIC_PARAMS 2
204 #define ECC_PUBLIC_PARAMS 8
207 #define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS /* ok for RSA and DSA */
209 /* parameters should not be larger than this limit */
210 #define DSA_PRIVATE_PARAMS 5
211 #define RSA_PRIVATE_PARAMS 8
212 #define ECC_PRIVATE_PARAMS 9
214 #if MAX_PRIV_PARAMS_SIZE - RSA_PRIVATE_PARAMS < 0
215 #error INCREASE MAX_PRIV_PARAMS
216 #endif
218 #if MAX_PRIV_PARAMS_SIZE - ECC_PRIVATE_PARAMS < 0
219 #error INCREASE MAX_PRIV_PARAMS
220 #endif
222 #if MAX_PRIV_PARAMS_SIZE - DSA_PRIVATE_PARAMS < 0
223 #error INCREASE MAX_PRIV_PARAMS
224 #endif
227 /* params are:
228 * RSA:
229 * [0] is modulus
230 * [1] is public exponent
231 * [2] is private exponent (private key only)
232 * [3] is prime1 (p) (private key only)
233 * [4] is prime2 (q) (private key only)
234 * [5] is coefficient (u == inverse of p mod q) (private key only)
235 * [6] e1 == d mod (p-1)
236 * [7] e2 == d mod (q-1)
238 * note that for libgcrypt that does not use the inverse of q mod p,
239 * we need to perform conversions using fixup_params().
241 * DSA:
242 * [0] is p
243 * [1] is q
244 * [2] is g
245 * [3] is y (public key)
246 * [4] is x (private key only)
248 * ECC:
249 * [0] is prime
250 * [1] is order
251 * [2] is A
252 * [3] is B
253 * [4] is Gx
254 * [5] is Gy
255 * [6] is x
256 * [7] is y
257 * [8] is k (private key)
260 #define ECC_PRIME 0
261 #define ECC_ORDER 1
262 #define ECC_A 2
263 #define ECC_B 3
264 #define ECC_GX 4
265 #define ECC_GY 5
266 #define ECC_X 6
267 #define ECC_Y 7
268 #define ECC_K 8
270 #define DSA_P 0
271 #define DSA_Q 1
272 #define DSA_G 2
273 #define DSA_Y 3
274 #define DSA_X 4
276 #define RSA_MODULUS 0
277 #define RSA_PUB 1
278 #define RSA_PRIV 2
279 #define RSA_PRIME1 3
280 #define RSA_PRIME2 4
281 #define RSA_COEF 5
282 #define RSA_E1 6
283 #define RSA_E2 7
286 * gnutls_direction_t:
287 * @GNUTLS_IMPORT: Import direction.
288 * @GNUTLS_EXPORT: Export direction.
290 * Enumeration of different directions.
292 typedef enum
294 GNUTLS_IMPORT = 0,
295 GNUTLS_EXPORT = 1
296 } gnutls_direction_t;
298 /* Public key algorithms */
299 typedef struct gnutls_crypto_pk
301 /* The params structure should contain the private or public key
302 * parameters, depending on the operation */
303 int (*encrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * ciphertext,
304 const gnutls_datum_t * plaintext,
305 const gnutls_pk_params_st * pub);
306 int (*decrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * plaintext,
307 const gnutls_datum_t * ciphertext,
308 const gnutls_pk_params_st * priv);
310 int (*sign) (gnutls_pk_algorithm_t, gnutls_datum_t * signature,
311 const gnutls_datum_t * data,
312 const gnutls_pk_params_st * priv);
313 int (*verify) (gnutls_pk_algorithm_t, const gnutls_datum_t * data,
314 const gnutls_datum_t * sig,
315 const gnutls_pk_params_st * pub);
316 /* given a signature and the public parameters,
317 * suggest a hash algorithm */
318 int (*hash_algorithm) (gnutls_pk_algorithm_t,
319 const gnutls_datum_t * sig,
320 gnutls_pk_params_st * issuer_params,
321 gnutls_digest_algorithm_t*);
322 /* sanity checks the public key parameters */
323 int (*verify_params) (gnutls_pk_algorithm_t,
324 const gnutls_pk_params_st * pub);
325 int (*generate) (gnutls_pk_algorithm_t, unsigned int nbits,
326 gnutls_pk_params_st *);
327 /* this function should convert params to ones suitable
328 * for the above functions
330 int (*pk_fixup_private_params) (gnutls_pk_algorithm_t, gnutls_direction_t,
331 gnutls_pk_params_st *);
332 int (*derive) (gnutls_pk_algorithm_t, gnutls_datum_t * out,
333 const gnutls_pk_params_st * priv,
334 const gnutls_pk_params_st * pub);
337 } gnutls_crypto_pk_st;
339 /* priority: infinity for backend algorithms, 90 for kernel
340 algorithms, lowest wins
342 int gnutls_crypto_single_cipher_register (gnutls_cipher_algorithm_t
343 algorithm, int priority,
344 const
345 gnutls_crypto_single_cipher_st *
347 int gnutls_crypto_single_mac_register (gnutls_mac_algorithm_t algorithm,
348 int priority,
349 const gnutls_crypto_single_mac_st *
351 int gnutls_crypto_single_digest_register (gnutls_digest_algorithm_t
352 algorithm, int priority,
353 const
354 gnutls_crypto_single_digest_st *
357 int gnutls_crypto_cipher_register (int priority,
358 const gnutls_crypto_cipher_st * s);
359 int gnutls_crypto_mac_register (int priority,
360 const gnutls_crypto_mac_st * s);
361 int gnutls_crypto_digest_register (int priority,
362 const gnutls_crypto_digest_st * s);
364 int gnutls_crypto_rnd_register (int priority,
365 const gnutls_crypto_rnd_st * s);
366 int gnutls_crypto_pk_register (int priority,
367 const gnutls_crypto_pk_st * s);
368 int gnutls_crypto_bigint_register (int priority,
369 const gnutls_crypto_bigint_st * s);
371 #endif