Skip to content

Commit

Permalink
minicrypto API
Browse files Browse the repository at this point in the history
  • Loading branch information
@doublex
doublex committed Jan 21, 2025
1 parent bbcdbe6 commit b39818a
Show file tree
Hide file tree
Showing 4 changed files with 714 additions and 429 deletions.
202 changes: 165 additions & 37 deletions include/picotls/minicrypto.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,51 +26,179 @@
extern "C" {
#endif

#include <stddef.h>
#include "picotls.h"

#define SECP256R1_PRIVATE_KEY_SIZE 32
#define SECP256R1_PUBLIC_KEY_SIZE 65 /* including the header */
#define SECP256R1_SHARED_SECRET_SIZE 32
/* defaults */
#ifndef PTLS_USE_OPENSSL
#define PTLS_USE_OPENSSL 0
#endif
#ifndef PTLS_HAVE_AEGIS
#define PTLS_HAVE_AEGIS 0
#endif

typedef struct st_ptls_minicrypto_secp256r1sha256_sign_certificate_t {
ptls_sign_certificate_t super;
uint8_t key[SECP256R1_PRIVATE_KEY_SIZE];
} ptls_minicrypto_secp256r1sha256_sign_certificate_t;
/* minicrypto */
extern ptls_hash_algorithm_t ptls_minicrypto_sha256, ptls_minicrypto_sha384, ptls_minicrypto_sha5;
extern ptls_cipher_algorithm_t ptls_minicrypto_aes128ecb, ptls_minicrypto_aes256ecb,
ptls_minicrypto_aes128ctr, ptls_minicrypto_aes256ctr,
ptls_minicrypto_chacha20;
extern ptls_aead_algorithm_t ptls_minicrypto_aes128gcm, ptls_minicrypto_aes256gcm,
ptls_minicrypto_chacha20poly1305;
extern ptls_cipher_suite_t ptls_minicrypto_aes128gcmsha256, ptls_minicrypto_aes256gcmsha384,
ptls_minicrypto_chacha20poly1305sha256;
extern ptls_key_exchange_algorithm_t ptls_minicrypto_secp256r1,
ptls_minicrypto_x25519;

void ptls_minicrypto_random_bytes(void *buf, size_t len);

int ptls_minicrypto_init_secp256r1sha256_sign_certificate(ptls_minicrypto_secp256r1sha256_sign_certificate_t *self,
ptls_iovec_t key);

extern ptls_key_exchange_algorithm_t ptls_minicrypto_secp256r1, ptls_minicrypto_x25519;
extern ptls_key_exchange_algorithm_t *ptls_minicrypto_key_exchanges[];
extern ptls_cipher_algorithm_t ptls_minicrypto_aes128ecb, ptls_minicrypto_aes256ecb, ptls_minicrypto_aes128ctr,
ptls_minicrypto_aes256ctr, ptls_minicrypto_chacha20;
extern ptls_aead_algorithm_t ptls_minicrypto_aes128gcm, ptls_minicrypto_aes256gcm, ptls_minicrypto_chacha20poly1305;
#ifdef PTLS_HAVE_AEGIS
extern ptls_aead_algorithm_t ptls_minicrypto_aegis128l;
extern ptls_aead_algorithm_t ptls_minicrypto_aegis256;
/* convenience interface */
#if PTLS_USE_OPENSSL
#include "openssl.h"

#define ptls_crypto_sha256 ptls_openssl_sha256
#define ptls_crypto_sha384 ptls_openssl_sha384
#define ptls_crypto_sha512 ptls_openssl_sha512

#define ptls_crypto_aes128ecb ptls_openssl_aes128ecb
#define ptls_crypto_aes128ctr ptls_openssl_aes128ctr
#define ptls_crypto_aes128gcm ptls_openssl_aes128gcm
#define ptls_crypto_aes128gcmsha256 ptls_openssl_aes128gcmsha256

#define ptls_crypto_aes256ecb ptls_openssl_aes256ecb
#define ptls_crypto_aes256ctr ptls_openssl_aes256ctr
#define ptls_crypto_aes256gcm ptls_openssl_aes256gcm
#define ptls_crypto_aes256gcmsha384 ptls_openssl_aes256gcmsha384

#if PTLS_OPENSSL_HAVE_CHACHA20_POLY1305
#define PTLS_CRYPTO_HAVE_CHACHA20_POLY1305 1
#define ptls_crypto_chacha20 ptls_openssl_chacha20
#define ptls_crypto_chacha20poly1305 ptls_openssl_chacha20poly1305
#define ptls_crypto_chacha20poly1305sha256 ptls_openssl_chacha20poly1305sha256
#endif

#if PTLS_HAVE_AEGIS
#define PTLS_CRYPTO_HAVE_AEGIS 1
#define ptls_crypto_aegis128l ptls_openssl_aegis128l
#define ptls_crypto_aegis256 ptls_openssl_aegis256
#define ptls_crypto_aegis128lsha256 ptls_openssl_aegis128lsha256
#define ptls_crypto_aegis256sha512 ptls_openssl_aegis256sha512
#endif

#define ptls_crypto_secp256r1 ptls_openssl_secp256r1
#if PTLS_OPENSSL_HAVE_SECP384R1
#define PTLS_CRYPTO_HAVE_SECP384R1 1
#define ptls_crypto_secp384r1 ptls_openssl_secp384r1
#endif

#if PTLS_OPENSSL_HAVE_SECP521R1
#define PTLS_CRYPTO_HAVE_SECP521R1 1
#define ptls_crypto_secp521r1 ptls_openssl_secp521r1
#endif

#if PTLS_OPENSSL_HAVE_X25519
#define PTLS_CRYPTO_HAVE_X25519 1
#define ptls_crypto_x25519 ptls_openssl_x25519
#endif
extern ptls_hash_algorithm_t ptls_minicrypto_sha256, ptls_minicrypto_sha384, ptls_minicrypto_sha512;
extern ptls_cipher_suite_t ptls_minicrypto_aes128gcmsha256, ptls_minicrypto_aes256gcmsha384, ptls_minicrypto_chacha20poly1305sha256;
#ifdef PTLS_HAVE_AEGIS
extern ptls_cipher_suite_t ptls_minicrypto_aegis128lsha256;
extern ptls_cipher_suite_t ptls_minicrypto_aegis256sha512;

#if PTLS_OPENSSL_HAVE_X25519MLKEM768
#define PTLS_CRYPTO_HAVE_X25519MLKEM768 1
extern ptls_key_exchange_algorithm_t ptls_openssl_x25519mlkem768;
#define ptls_openssl_x25519mlkem768 ptls_crypto_x25519mlkem768
#endif

#define ptls_crypto_random_bytes ptls_openssl_random_bytes

/* crypto available */
void ptls_openssl_init_cipher_suites(ptls_context_t *ptls_ctx);
void ptls_openssl_init_key_exchanges(ptls_context_t *ptls_ctx);
#define ptls_crypto_init_cipher_suites ptls_openssl_init_cipher_suites
#define ptls_crypto_init_key_exchanges ptls_openssl_init_key_exchanges

/* init sign */
int ptls_openssl_init_sign_file(ptls_context_t *ptls_ctx, const char *privatekey_file, const char *certificate_file);
int ptls_openssl_init_sign_der(ptls_context_t *ptls_ctx, const ptls_iovec_t *privatekey, const ptls_iovec_t certificate[], size_t certificate_length);
void ptls_openssl_dispose_sign(ptls_context_t *ptls_ctx);
#define ptls_crypto_init_sign_file ptls_openssl_init_sign_file
#define ptls_crypto_init_sign_der ptls_openssl_init_sign_der
#define ptls_crypto_dispose_sign ptls_openssl_dispose_sign

/* init verify */
int ptls_openssl_init_verify_file(ptls_context_t *ptls_ctx, const char *truststore_file);
int ptls_openssl_init_verify_der(ptls_context_t *ptls_ctx, const ptls_iovec_t truststore[], size_t truststore_length);
void ptls_openssl_dispose_verify(ptls_context_t *ptls_ctx);
#define ptls_crypto_init_verify_file ptls_openssl_init_verify_file
#define ptls_crypto_init_verify_der ptls_openssl_init_verify_der
#define ptls_crypto_dispose_verify ptls_openssl_dispose_verify

#else

#define ptls_crypto_sha256 ptls_minicrypto_sha256
#define ptls_crypto_sha384 ptls_minicrypto_sha384
#define ptls_crypto_sha512 ptls_minicrypto_sha512

#define ptls_crypto_aes128ecb ptls_minicrypto_aes128ecb
#define ptls_crypto_aes128ctr ptls_minicrypto_aes128ctr
#define ptls_crypto_aes128gcm ptls_minicrypto_aes128gcm
#define ptls_crypto_aes128gcmsha256 ptls_minicrypto_aes128gcmsha256

#define ptls_crypto_aes256ecb ptls_minicrypto_aes256ecb
#define ptls_crypto_aes256ctr ptls_minicrypto_aes256ctr
#define ptls_crypto_aes256gcm ptls_minicrypto_aes256gcm
#define ptls_crypto_aes256gcmsha384 ptls_minicrypto_aes256gcmsha384

#define PTLS_CRYPTO_HAVE_CHACHA20_POLY1305 1
#define ptls_crypto_chacha20 ptls_minicrypto_chacha20
#define ptls_crypto_chacha20poly1305 ptls_minicrypto_chacha20poly1305
#define ptls_crypto_chacha20poly1305sha256 ptls_minicrypto_chacha20poly1305sha256

#if PTLS_HAVE_AEGIS
extern ptls_aead_algorithm_t ptls_minicrypto_aegis128l,
ptls_minicrypto_aegis256;
extern ptls_cipher_suite_t ptls_minicrypto_aegis128lsha256,
ptls_minicrypto_aegis256sha512;
#define PTLS_CRYPTO_HAVE_AEGIS 1
#define ptls_crypto_aegis128l ptls_minicrypto_aegis128l
#define ptls_crypto_aegis256 ptls_minicrypto_aegis256
#define ptls_crypto_aegis128lsha256 ptls_minicrypto_aegis128lsha256
#define ptls_crypto_aegis256sha512 ptls_minicrypto_aegis256sha512
#endif

#define ptls_crypto_secp256r1 ptls_minicrypto_secp256r1
/*
#define PTLS_CRYPTO_HAVE_SECP384R1 1
#define ptls_crypto_secp384r1 ptls_minicrypto_secp384r1
#define PTLS_CRYPTO_HAVE_SECP521R1 1
#define ptls_crypto_secp521r1 ptls_minicrypto_secp521r1
*/

#define PTLS_CRYPTO_HAVE_X25519 1
#define ptls_crypto_x25519 ptls_minicrypto_x25519

#define ptls_crypto_random_bytes ptls_minicrypto_random_bytes

/* crypto available */
void ptls_minicrypto_init_cipher_suites(ptls_context_t *ptls_ctx);
void ptls_minicrypto_init_key_exchanges(ptls_context_t *ptls_ctx);
#define ptls_crypto_init_cipher_suites ptls_minicrypto_init_cipher_suites
#define ptls_crypto_init_key_exchanges ptls_minicrypto_init_key_exchanges

/* init sign */
int ptls_minicrypto_init_sign_file(ptls_context_t *ptls_ctx, const char *privatekey_file, const char *certificate_file);
int ptls_minicrypto_init_sign_der(ptls_context_t *ptls_ctx, const ptls_iovec_t *privatekey, const ptls_iovec_t certificate[], size_t certificate_length);
void ptls_minicrypto_dispose_sign(ptls_context_t *ptls_ctx);
#define ptls_crypto_init_sign_file ptls_minicrypto_init_sign_file
#define ptls_crypto_init_sign_der ptls_minicrypto_init_sign_der
#define ptls_crypto_dispose_sign ptls_minicrypto_dispose_sign

/* init verify */
int ptls_minicrypto_init_verify_file(ptls_context_t *ptls_ctx, const char *truststore_file);
int ptls_minicrypto_init_verify_der(ptls_context_t *ptls_ctx, const ptls_iovec_t truststore[], size_t truststore_length);
void ptls_minicrypto_dispose_verify(ptls_context_t *ptls_ctx);
#define ptls_crypto_init_verify_file ptls_minicrypto_init_verify_file
#define ptls_crypto_init_verify_der ptls_minicrypto_init_verify_der
#define ptls_crypto_dispose_verify ptls_minicrypto_dispose_verify

#endif
extern ptls_cipher_suite_t *ptls_minicrypto_cipher_suites[];
extern ptls_cipher_suite_t *ptls_minicrypto_cipher_suites_all[];

typedef struct st_ptls_asn1_pkcs8_private_key_t {
ptls_iovec_t vec;
size_t algorithm_index;
uint32_t algorithm_length;
size_t parameters_index;
uint32_t parameters_length;
size_t key_data_index;
uint32_t key_data_length;
} ptls_asn1_pkcs8_private_key_t;

int ptls_minicrypto_load_private_key(ptls_context_t *ctx, char const *pem_fname);

#ifdef __cplusplus
}
Expand Down
42 changes: 0 additions & 42 deletions lib/cifra.c
View file

This file was deleted.

Loading

0 comments on commit b39818a

Please sign in to comment.