]> pd.if.org Git - zpackage/blob - crypto/forward.c
ocb mode fixup
[zpackage] / crypto / forward.c
1 #include "tlse.h"
2
3 #define mp_init(a)                           ltc_mp.init(a)
4 #define mp_init_multi                        ltc_init_multi
5 #define mp_clear(a)                          ltc_mp.deinit(a)
6 #define mp_clear_multi                       ltc_deinit_multi
7 #define mp_count_bits(a)                     ltc_mp.count_bits(a)
8 #define mp_read_radix(a, b, c)               ltc_mp.read_radix(a, b, c)
9 #define mp_unsigned_bin_size(a)              ltc_mp.unsigned_size(a)
10 #define mp_to_unsigned_bin(a, b)             ltc_mp.unsigned_write(a, b)
11 #define mp_read_unsigned_bin(a, b, c)        ltc_mp.unsigned_read(a, b, c)
12 #define mp_exptmod(a, b, c, d)               ltc_mp.exptmod(a, b, c, d)
13 #define mp_add(a, b, c)                      ltc_mp.add(a, b, c)
14 #define mp_mul(a, b, c)                      ltc_mp.mul(a, b, c)
15 #define mp_cmp(a, b)                         ltc_mp.compare(a, b)
16 #define mp_cmp_d(a, b)                       ltc_mp.compare_d(a, b)
17 #define mp_sqr(a, b)                         ltc_mp.sqr(a, b)
18 #define mp_mod(a, b, c)                      ltc_mp.mpdiv(a, b, NULL, c)
19 #define mp_sub(a, b, c)                      ltc_mp.sub(a, b, c)
20 #define mp_set(a, b)                         ltc_mp.set_int(a, b)
21
22 struct DHKey ffdhe2048 = {
23         0x0100,
24         NULL,
25         NULL,
26         (void *)
27             "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B423861285C97FFFFFFFFFFFFFFFF",
28         (void *)
29         "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"
30 };
31
32 struct DHKey ffdhe3072 = {
33         0x0101,
34         NULL,
35         NULL,
36         (void *)
37             "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF",
38         (void *)
39         "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"
40 };
41
42 struct DHKey ffdhe4096 = {
43         0x0102,
44         NULL,
45         NULL,
46         (void *)
47             "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6AFFFFFFFFFFFFFFFF",
48         (void *)
49         "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"
50 };
51
52 struct DHKey ffdhe6144 = {
53         0x0103,
54         NULL,
55         NULL,
56         (void *)
57             "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF",
58         (void *)
59         "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"
60 };
61
62 struct DHKey ffdhe8192 = {
63         0x0104,
64         NULL,
65         NULL,
66         (void *)
67             "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C8381E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665CB2C0F1CC01BD70229388839D2AF05E454504AC78B7582822846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA4571EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88CD68C8BB7C5C6424CFFFFFFFFFFFFFFFF",
68         (void *)
69         "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"
70 };
71
72 struct ECCCurveParameters secp192r1 = {
73         24,
74         19,
75         "secp192r1",
76         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",     /* P */
77         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",     /* A */
78         "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",     /* B */
79         "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",     /* Gx */
80         "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811",     /* Gy */
81         "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"      /* order (n) */
82                 , { 0 }
83 };
84
85
86 struct ECCCurveParameters secp224r1 = {
87         28,
88         21,
89         "secp224r1",
90         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",     /* P */
91         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",     /* A */
92         "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",     /* B */
93         "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",     /* Gx */
94         "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",     /* Gy */
95         "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"      /* order (n) */
96                 , { 0 }
97 };
98
99 struct ECCCurveParameters secp224k1 = {
100         28,
101         20,
102         "secp224k1",
103         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",     /* P */
104         "00000000000000000000000000000000000000000000000000000000",     /* A */
105         "00000000000000000000000000000000000000000000000000000005",     /* B */
106         "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",     /* Gx */
107         "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",     /* Gy */
108                 /* order (n) */
109         "0000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
110         { 0 }
111 };
112
113 struct ECCCurveParameters secp256r1 = {
114         32,
115         23,
116         "secp256r1",
117         "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",     /* P */
118         "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",     /* A */
119         "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",     /* B */
120         "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",     /* Gx */
121         "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",     /* Gy */
122         "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
123         { 0 }
124 };
125
126 struct ECCCurveParameters secp256k1 = {
127         32,
128         22,
129         "secp256k1",
130         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",     /* P */
131         "0000000000000000000000000000000000000000000000000000000000000000",     /* A */
132         "0000000000000000000000000000000000000000000000000000000000000007",     /* B */
133         "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",     /* Gx */
134         "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",     /* Gy */
135         /* order (n) */
136         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
137         { 0 }
138 };
139
140 struct ECCCurveParameters secp384r1 = {
141         48,
142         24,
143         "secp384r1",
144         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
145         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
146         "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
147         "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
148         "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
149         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", 
150         { 0 }
151 };
152
153 struct ECCCurveParameters secp521r1 = {
154         66,
155         25,
156         "secp521r1",
157         "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
158         "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
159         "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
160         "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
161         "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
162         "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
163         { 0 }
164
165 };
166
167 /* dummy */
168 struct ECCCurveParameters curve25519 = {
169         32,
170         29,
171         "x25519",
172         "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
173         "0000000000000000000000000000000000000000000000000000000000076D06",
174         "0000000000000000000000000000000000000000000000000000000000000000",
175         "0000000000000000000000000000000000000000000000000000000000000009",
176         "20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9",
177         "1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED",
178         { 0 }
179 };
180
181 struct ECCCurveParameters *const tls_ecc_default_curve = &secp256r1;
182
183 static void init_curve(struct ECCCurveParameters *curve) {
184         curve->dp.size = curve->size;
185         curve->dp.name = (char *) curve->name;
186         curve->dp.B = (char *) curve->B;
187         curve->dp.prime = (char *) curve->P;
188         curve->dp.Gx = (char *) curve->Gx;
189         curve->dp.Gy = (char *) curve->Gy;
190         curve->dp.order = (char *) curve->order;
191 }
192
193 void tls_ecc_init_curves() {
194         init_curve(&secp192r1);
195         init_curve(&secp224r1);
196         init_curve(&secp224k1);
197         init_curve(&secp256r1);
198         init_curve(&secp256k1);
199         init_curve(&secp384r1);
200         init_curve(&secp521r1);
201 }
202
203 #if 1
204 static int l_dh_shared_secret(struct DHKey *private_key, struct DHKey *public_key,
205                                   unsigned char *out,
206                                   unsigned long *outlen) {
207         void *tmp;
208         unsigned long x;
209         int err;
210
211         if ((!private_key) || (!public_key) || (!out) || (!outlen))
212                 return TLS_GENERIC_ERROR;
213
214         /* compute y^x mod p */
215         if ((err = mp_init(&tmp)) != CRYPT_OK)
216                 return err;
217
218         if ((err =
219              mp_exptmod(public_key->y, private_key->x, private_key->p,
220                         tmp)) != CRYPT_OK) {
221                 mp_clear(tmp);
222                 return err;
223         }
224
225         x = (unsigned long) mp_unsigned_bin_size(tmp);
226         if (*outlen < x) {
227                 err = CRYPT_BUFFER_OVERFLOW;
228                 mp_clear(tmp);
229                 return err;
230         }
231
232         if ((err = mp_to_unsigned_bin(tmp, out)) != CRYPT_OK) {
233                 mp_clear(tmp);
234                 return err;
235         }
236         *outlen = x;
237         mp_clear(tmp);
238         return 0;
239 }
240 #endif
241
242 unsigned char *tls_decrypt_dhe(struct TLSContext *context, const unsigned char
243                 *buffer, unsigned int len, unsigned int *size, int clear_key) {
244         *size = 0;
245         if ((!len) || (!context) || (!context->dhe)) {
246                 DEBUG_PRINT("No private DHE key set\n");
247                 return NULL;
248         }
249
250         unsigned long out_size = len;
251         void *Yc = NULL;
252
253         if (mp_init(&Yc)) {
254                 DEBUG_PRINT("ERROR CREATING Yc\n");
255                 return NULL;
256         }
257         if (mp_read_unsigned_bin(Yc, (unsigned char *) buffer, len)) {
258                 DEBUG_PRINT("ERROR LOADING DHE Yc\n");
259                 mp_clear(Yc);
260                 return NULL;
261         }
262
263         unsigned char *out = malloc(len);
264         struct DHKey client_key;
265         memset(&client_key, 0, sizeof client_key);
266
267         client_key.p = context->dhe->p;
268         client_key.g = context->dhe->g;
269         client_key.y = Yc;
270         
271         /* TODO use dh_shared_secret from tomcrypt */
272         int err = l_dh_shared_secret(context->dhe, &client_key, out, &out_size);
273         /* don't delete p and g */
274         client_key.p = NULL;
275         client_key.g = NULL;
276         tls_dh_clear_key(&client_key);
277         /* not needing the dhe key anymore */
278
279         if (clear_key) {
280                 tls_dhe_free(context);
281         }
282
283         if (err) {
284                 DEBUG_PRINT("DHE DECRYPT ERROR %i\n", err);
285                 free(out);
286                 return NULL;
287         }
288         DEBUG_PRINT("OUT_SIZE: %lu\n", out_size);
289         DEBUG_DUMP_HEX_LABEL("DHE", out, out_size);
290         *size = (unsigned int) out_size;
291         return out;
292 }
293
294 unsigned char *tls_decrypt_ecc_dhe(struct TLSContext *context, const unsigned
295                 char *buffer, unsigned int len, unsigned int *size, int
296                 clear_key) {
297         *size = 0;
298         if (!len || !context || !context->ecc_dhe) {
299                 DEBUG_PRINT("No private ECC DHE key set\n");
300                 return NULL;
301         }
302
303         const struct ECCCurveParameters *curve;
304         if (context->curve) {
305                 curve = context->curve;
306         } else {
307                 curve = tls_ecc_default_curve;
308         }
309
310         ltc_ecc_set_type *dp = (ltc_ecc_set_type *) & curve->dp;
311
312         ecc_key client_key;
313         memset(&client_key, 0, sizeof(client_key));
314         if (ecc_ansi_x963_import_ex(buffer, len, &client_key, dp)) {
315                 DEBUG_PRINT("Error importing ECC DHE key\n");
316                 return NULL;
317         }
318         unsigned char *out = malloc(len);
319         unsigned long out_size = len;
320
321         int err = ecc_shared_secret(context->ecc_dhe, &client_key, out,
322                                     &out_size);
323         ecc_free(&client_key);
324         if (clear_key) {
325                 tls_ecc_dhe_free(context);
326         }
327         if (err) {
328                 DEBUG_PRINT("ECC DHE DECRYPT ERROR %i\n", err);
329                 free(out);
330                 return NULL;
331         }
332         DEBUG_PRINT("OUT_SIZE: %lu\n", out_size);
333         DEBUG_DUMP_HEX_LABEL("ECC DHE", out, out_size);
334         *size = (unsigned int) out_size;
335         return out;
336 }
337
338 const struct ECCCurveParameters *tls_set_curve(struct TLSContext *context, const struct
339                                                ECCCurveParameters *curve) {
340         if (!context->is_server)
341                 return NULL;
342         const struct ECCCurveParameters *old_curve = context->curve;
343         context->curve = curve;
344         return old_curve;
345 }
346
347 void tls_dhe_free(struct TLSContext *context) {
348         if (context->dhe) {
349                 tls_dh_clear_key(context->dhe);
350                 free(context->dhe);
351                 context->dhe = NULL;
352         }
353 }
354
355 void tls_dhe_create(struct TLSContext *context) {
356         tls_dhe_free(context);
357         context->dhe = malloc(sizeof(struct DHKey));
358         if (context->dhe)
359                 memset(context->dhe, 0, sizeof(struct DHKey));
360 }
361
362 void tls_ecc_dhe_free(struct TLSContext *context) {
363         if (context->ecc_dhe) {
364                 ecc_free(context->ecc_dhe);
365                 free(context->ecc_dhe);
366                 context->ecc_dhe = NULL;
367         }
368 }
369
370 void tls_ecc_dhe_create(struct TLSContext *context) {
371         tls_ecc_dhe_free(context);
372         context->ecc_dhe = malloc(sizeof(ecc_key));
373         memset(context->ecc_dhe, 0, sizeof(ecc_key));
374 }
375
376 int tls_set_default_dhe_pg(struct TLSContext *context,
377                            const char *p_hex_str, const char *g_hex_str) {
378         if (!context || context->is_child || !context->is_server || !p_hex_str
379                         || !g_hex_str)
380                 return 0;
381
382         free(context->default_dhe_p);
383         free(context->default_dhe_g);
384
385         context->default_dhe_p = NULL;
386         context->default_dhe_g = NULL;
387
388         int p_len = strlen(p_hex_str);
389         int g_len = strlen(g_hex_str);
390         if (p_len <= 0 || g_len <= 0) {
391                 return 0;
392         }
393         context->default_dhe_p = malloc(p_len + 1);
394         if (!context->default_dhe_p) {
395                 return 0;
396         }
397         context->default_dhe_g = malloc(g_len + 1);
398         if (!context->default_dhe_g) {
399                 return 0;
400         }
401
402         memcpy(context->default_dhe_p, p_hex_str, p_len);
403         context->default_dhe_p[p_len] = 0;
404
405         memcpy(context->default_dhe_g, g_hex_str, g_len);
406         context->default_dhe_g[g_len] = 0;
407         return 1;
408 }
409
410 int tls_dh_export_Y(unsigned char *Ybuf, unsigned long *Ylen,
411                              struct DHKey *key) {
412         unsigned long len;
413
414         if (Ybuf == NULL || Ylen == NULL || key == NULL) {
415                 return TLS_GENERIC_ERROR;
416         }
417
418         len = mp_unsigned_bin_size(key->y);
419         if (len > *Ylen) {
420                 return TLS_GENERIC_ERROR;
421         }
422
423         *Ylen = len;
424         return 0;
425 }
426
427 int tls_dh_export_pqY(unsigned char *pbuf, unsigned long *plen,
428                                unsigned char *gbuf, unsigned long *glen,
429                                unsigned char *Ybuf, unsigned long *Ylen,
430                                struct DHKey *key) {
431         unsigned long len;
432         int err;
433
434         if (pbuf == NULL || plen == NULL || gbuf == NULL || glen == NULL ||
435                         Ybuf == NULL || Ylen == NULL || key == NULL) {
436                 return TLS_GENERIC_ERROR;
437         }
438
439         len = mp_unsigned_bin_size(key->y);
440         if (len > *Ylen) {
441                 return TLS_GENERIC_ERROR;
442         }
443
444         if ((err = mp_to_unsigned_bin(key->y, Ybuf)) != CRYPT_OK) {
445                 return err;
446         }
447
448         *Ylen = len;
449
450         len = mp_unsigned_bin_size(key->p);
451         if (len > *plen) {
452                 return TLS_GENERIC_ERROR;
453         }
454
455         if ((err = mp_to_unsigned_bin(key->p, pbuf)) != CRYPT_OK) {
456                 return err;
457         }
458
459         *plen = len;
460
461         len = mp_unsigned_bin_size(key->g);
462         if (len > *glen) {
463                 return TLS_GENERIC_ERROR;
464         }
465
466         if ((err = mp_to_unsigned_bin(key->g, gbuf)) != CRYPT_OK)
467                 return err;
468
469         *glen = len;
470
471         return 0;
472 }
473
474 void tls_dh_clear_key(struct DHKey *key) {
475         mp_clear_multi(key->g, key->p, key->x, key->y, NULL);
476         key->g = NULL;
477         key->p = NULL;
478         key->x = NULL;
479         key->y = NULL;
480 }
481
482 int tls_dh_make_key(int keysize, struct DHKey *key, const char *pbuf,
483                              const char *gbuf, int pbuf_len, int gbuf_len) 
484 {
485         unsigned char *buf;
486         int err;
487         if (!key) {
488                 return TLS_GENERIC_ERROR;
489         }
490
491         static prng_state prng;
492         int wprng = find_prng("sprng");
493         if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
494                 return err;
495         }
496
497         buf = malloc(keysize);
498         if (!buf) {
499                 return TLS_NO_MEMORY;
500         }
501
502         if (rng_make_prng(keysize, wprng, &prng, NULL) != CRYPT_OK) {
503                 free(buf);
504                 return TLS_GENERIC_ERROR;
505         }
506
507         if (prng_descriptor[wprng].read(buf, keysize, &prng) != (unsigned long)
508                         keysize) {
509                 free(buf);
510                 return TLS_GENERIC_ERROR;
511         }
512
513         if ((err = mp_init_multi(&key->g, &key->p, &key->x, &key->y, NULL)) !=
514                         CRYPT_OK) {
515                 free(buf);
516
517                 return TLS_GENERIC_ERROR;
518         }
519
520         if (gbuf_len <= 0) {
521                 if ((err = mp_read_radix(key->g, gbuf, 16)) != CRYPT_OK) {
522                         free(buf);
523                         tls_dh_clear_key(key);
524                         return TLS_GENERIC_ERROR;
525                 }
526         } else {
527                 if ((err = mp_read_unsigned_bin(key->g, (unsigned char *) gbuf,
528                                                 gbuf_len)) != CRYPT_OK) {
529                         free(buf);
530                         tls_dh_clear_key(key);
531                         return TLS_GENERIC_ERROR;
532                 }
533         }
534
535         if (pbuf_len <= 0) {
536                 if ((err = mp_read_radix(key->p, pbuf, 16)) != CRYPT_OK) {
537                         free(buf);
538                         tls_dh_clear_key(key);
539                         return TLS_GENERIC_ERROR;
540                 }
541         } else {
542                 if ((err = mp_read_unsigned_bin(key->p, (unsigned char *) pbuf,
543                                           pbuf_len)) != CRYPT_OK) {
544                         free(buf);
545                         tls_dh_clear_key(key);
546                         return TLS_GENERIC_ERROR;
547                 }
548         }
549
550         if ((err = mp_read_unsigned_bin(key->x, buf, keysize)) != CRYPT_OK) {
551                 free(buf);
552                 tls_dh_clear_key(key);
553                 return TLS_GENERIC_ERROR;
554         }
555
556         if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) {
557                 free(buf);
558                 tls_dh_clear_key(key);
559                 return TLS_GENERIC_ERROR;
560         }
561
562         free(buf);
563         return 0;
564 }