wsutil/wsgcrypt.h

   1 /** @file
   2  *
   3  * Wrapper around libgcrypt's include file gcrypt.h.
   4  * For libgcrypt 1.5.0, including gcrypt.h directly brings up lots of
   5  * compiler warnings about deprecated definitions.
   6  * Try to work around these warnings to ensure a clean build with -Werror.
   7  *
   8  * Wireshark - Network traffic analyzer
   9  * By Gerald Combs <gerald@wireshark.org>
  10  * Copyright 2007 Gerald Combs
  11  *
  12  * SPDX-License-Identifier: GPL-2.0-or-later
  13  */
  14
  15 #ifndef __WSGCRYPT_H__
  16 #define __WSGCRYPT_H__
  17
  18 #include <wireshark.h>
  19 #include <gcrypt.h>
  20
  21 #define HASH_MD5_LENGTH                    16
  22 #define HASH_SHA1_LENGTH                   20
  23 #define HASH_SHA2_224_LENGTH               28
  24 #define HASH_SHA2_256_LENGTH               32
  25 #define HASH_SHA2_384_LENGTH               48
  26 #define HASH_SHA2_512_LENGTH               64
  27 #define AEAD_AES_128_GCM_KEY_LENGTH        16
  28 #define AEAD_AES_256_GCM_KEY_LENGTH        32
  29 #define AEAD_CHACHA20POLY1305_KEY_LENGTH   32
  30 #define AEAD_MAX_KEY_LENGTH                32
  31 #define HPKE_AEAD_NONCE_LENGTH             12
  32 #define HPKE_HKDF_SHA256                    1
  33 #define HPKE_HKDF_SHA384                    2
  34 #define HPKE_HKDF_SHA512                    3
  35 #define HPKE_AEAD_AES_128_GCM               1
  36 #define HPKE_AEAD_AES_256_GCM               2
  37 #define HPKE_AEAD_CHACHA20POLY1305          3
  38 #define HPKE_SUIT_ID_LEN                   10
  39 #define HPKE_SUIT_PREFIX               "HPKE"
  40 #define HPKE_VERSION_ID             "HPKE-v1"
  41 #define HPKE_MAX_KDF_LEN HASH_SHA2_512_LENGTH
  42 #define HPKE_MODE_BASE                      0
  43 #define HPKE_MODE_PSK                       1
  44 #define HPKE_MODE_AUTH                      2
  45 #define HPKE_MODE_AUTH_PSK                  3
  46
  47 /* Convenience function to calculate the HMAC from the data in BUFFER
  48    of size LENGTH with key KEY of size KEYLEN using the algorithm ALGO avoiding the creating of a
  49    hash object. The hash is returned in the caller provided buffer
  50    DIGEST which must be large enough to hold the digest of the given
  51    algorithm. */
  52 WS_DLL_PUBLIC gcry_error_t ws_hmac_buffer(int algo, void *digest, const void *buffer, size_t length, const void *key, size_t keylen);
  53
  54 WS_DLL_PUBLIC gcry_error_t ws_cmac_buffer(int algo, void *digest, const void *buffer, size_t length, const void *key, size_t keylen);
  55
  56 /* Convenience function to encrypt 8 bytes in BUFFER with DES using the 56 bits KEY expanded to
  57    64 bits as key, encrypted data is returned in OUTPUT which must be at least 8 bytes large */
  58 WS_DLL_PUBLIC void crypt_des_ecb(uint8_t *output, const uint8_t *buffer, const uint8_t *key56);
  59 WS_DLL_PUBLIC void decrypt_des_ecb(uint8_t *output, const uint8_t *buffer, const uint8_t *key56);
  60
  61 /* Convenience function for RSA decryption. Returns decrypted length on success, 0 on failure */
  62 WS_DLL_PUBLIC size_t rsa_decrypt_inplace(const unsigned len, unsigned char* data, gcry_sexp_t pk, bool pkcs1_padding, char **err);
  63
  64 /**
  65  * RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF):
  66  * HKDF-Expand(PRK, info, L) -> OKM
  67  *
  68  * @param hashalgo  [in] Libgcrypt hash algorithm identifier.
  69  * @param prk       [in] Pseudo-random key.
  70  * @param prk_len   [in] Length of prk.
  71  * @param info      [in] Optional context (can be NULL if info_len is zero).
  72  * @param info_len  [in] Length of info.
  73  * @param out       [out] Output keying material.
  74  * @param out_len   [in] Size of output keying material.
  75  * @return 0 on success and an error code otherwise.
  76  */
  77 WS_DLL_PUBLIC gcry_error_t
  78 hkdf_expand(int hashalgo, const uint8_t *prk, unsigned prk_len, const uint8_t *info, unsigned info_len,
  79             uint8_t *out, unsigned out_len);
  80
  81 /*
  82  * Calculate HKDF-Extract(salt, IKM) -> PRK according to RFC 5869.
  83  * Caller MUST ensure that 'prk' is large enough to store the digest from hash
  84  * algorithm 'hashalgo' (e.g. 32 bytes for SHA-256).
  85  */
  86 static inline gcry_error_t
  87 hkdf_extract(int hashalgo, const uint8_t *salt, size_t salt_len, const uint8_t *ikm, size_t ikm_len, uint8_t *prk)
  88 {
  89     /* PRK = HMAC-Hash(salt, IKM) where salt is key, and IKM is input. */
  90     return ws_hmac_buffer(hashalgo, prk, ikm, ikm_len, salt, salt_len);
  91 }
  92
  93 /*
  94  * Convenience functions for Hybrid Public Key Encryption (HPKE) according
  95  * to RFC 9180. Note these lengths must fit into a 16-bit integer so
  96  * that the I2OSP(L, 2) call in ExpandedLabel returns without error.
  97 */
  98 WS_DLL_PUBLIC uint16_t
  99 hpke_hkdf_len(uint16_t kdf_id);
 100
 101 WS_DLL_PUBLIC uint16_t
 102 hpke_aead_key_len(uint16_t aead_id);
 103
 104 WS_DLL_PUBLIC uint16_t
 105 hpke_aead_nonce_len(uint16_t aead_id);
 106
 107 WS_DLL_PUBLIC void
 108 hpke_suite_id(uint16_t kem_id, uint16_t kdf_id, uint16_t aead_id, uint8_t *suite_id);
 109
 110 WS_DLL_PUBLIC gcry_error_t
 111 hpke_key_schedule(uint16_t kdf_id, uint16_t aead_id, const uint8_t *salt, unsigned salt_len, const uint8_t *suite_id,
 112                   const uint8_t *ikm, unsigned ikm_len, uint8_t mode, uint8_t *key, uint8_t *base_nonce);
 113
 114 WS_DLL_PUBLIC gcry_error_t
 115 hpke_setup_aead(gcry_cipher_hd_t* cipher, uint16_t aead_id, uint8_t *key);
 116
 117 WS_DLL_PUBLIC gcry_error_t
 118 hpke_set_nonce(gcry_cipher_hd_t cipher, uint64_t seq, uint8_t *base_nonce, size_t nonce_len);
 119
 120 #endif /* __WSGCRYPT_H__ */