ServiceRegistration/srp-crypto.h

   1 /* srp-key.h
   2  *
   3  * Copyright (c) 2018 Apple Computer, Inc. All rights reserved.
   4  *
   5  * Licensed under the Apache License, Version 2.0 (the "License");
   6  * you may not use this file except in compliance with the License.
   7  * You may obtain a copy of the License at
   8  *
   9  *     http://www.apache.org/licenses/LICENSE-2.0
  10  *
  11  * Unless required by applicable law or agreed to in writing, software
  12  * distributed under the License is distributed on an "AS IS" BASIS,
  13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14  * See the License for the specific language governing permissions and
  15  * limitations under the License.
  16  *
  17  * DNS SIG(0) signature generation for DNSSD SRP using mbedtls.
  18  *
  19  * Functions required for loading, saving, and generating public/private keypairs, extracting the public key
  20  * into KEY RR data, and computing signatures.
  21  */
  22
  23 #ifndef __SRP_CRYPTO_H
  24 #define __SRP_CRYPTO_H
  25 // Anonymous key structure, depends on the target.
  26 typedef struct srp_key srp_key_t;
  27
  28 #ifdef SRP_CRYPTO_MBEDTLS_INTERNAL
  29 #include <mbedtls/error.h>
  30 #include <mbedtls/pk.h>
  31 #include <mbedtls/ecp.h>
  32 #include <mbedtls/ecdsa.h>
  33 #include <mbedtls/entropy.h>
  34 #include <mbedtls/ctr_drbg.h>
  35 #include <mbedtls/sha256.h>
  36 #include <mbedtls/base64.h>
  37
  38 // The SRP key includes both the ecdsa key and the pseudo-random number generator context, so that we can
  39 // use the PRNG for signing as well as generating keys.   The PRNG is seeded with a high-entropy data source.
  40 // This structure assumes that we are just using this one key; if we want to support multiple keys then
  41 // the entropy source and PRNG should be shared by all keys (of course, that's not thread-safe, so...)
  42 struct srp_key {
  43     mbedtls_pk_context key;
  44     mbedtls_entropy_context entropy;
  45     mbedtls_ctr_drbg_context ctr;
  46 };
  47
  48 #ifdef DEBUG_SHA256
  49 int srp_mbedtls_sha256_update_ret(mbedtls_sha256_context *NONNULL sha, uint8_t *NONNULL message, size_t msglen);
  50 int srp_mbedtls_sha256_finish_ret(mbedtls_sha256_context *NONNULL sha, uint8_t *NONNULL hash);
  51 #else
  52 #define srp_mbedtls_sha256_update_ret mbedtls_sha256_update_ret
  53 #define srp_mbedtls_sha256_finish_ret mbedtls_sha256_finish_ret
  54 #endif // DEBUG_SHA256
  55 #endif // SRP_CRYPTO_MBEDTLS_INTERNAL
  56
  57 #define ECDSA_KEY_SIZE 64
  58 #define ECDSA_KEY_PART_SIZE 32
  59 #define ECDSA_SHA256_HASH_SIZE 32
  60 #define ECDSA_SHA256_SIG_SIZE 64
  61 #define ECDSA_SHA256_SIG_PART_SIZE 32
  62
  63 #define SIG_HEADERLEN 11
  64 #define SIG_STATIC_RDLEN 18
  65
  66
  67 #define dnssec_keytype_ecdsa  13
  68
  69 // sign_*.c:
  70 void srp_keypair_free(srp_key_t *NONNULL key);
  71 srp_key_t *NULLABLE srp_load_keypair(const char *NONNULL file);
  72 srp_key_t *NULLABLE srp_generate_key(void);
  73 int srp_write_key_to_file(const char *NONNULL file, srp_key_t *NONNULL key);
  74 int srp_key_algorithm(srp_key_t *NONNULL key);
  75 size_t srp_pubkey_length(srp_key_t *NONNULL key);
  76 size_t srp_signature_length(srp_key_t *NONNULL key);
  77 int srp_pubkey_copy(uint8_t *NONNULL buf, size_t max, srp_key_t *NONNULL key);
  78 int srp_sign(uint8_t *NONNULL output, size_t max,
  79              uint8_t *NONNULL message, size_t msglen, uint8_t *NONNULL rdata, size_t rdlen, srp_key_t *NONNULL key);
  80
  81 // verify_*.c:
  82 bool srp_sig0_verify(dns_wire_t *NONNULL message, dns_rr_t *NONNULL key, dns_rr_t *NONNULL signature);
  83 void srp_print_key(srp_key_t *NONNULL key);
  84
  85 #endif // __SRP_CRYPTO_H
  86
  87 // Local Variables:
  88 // mode: C
  89 // tab-width: 4
  90 // c-file-style: "bsd"
  91 // c-basic-offset: 4
  92 // fill-column: 108
  93 // indent-tabs-mode: nil
  94 // End: