Initial merge attempt with gnutls_with_ext_mpi

2 files changed, 182 insertions, 24 deletions

diff --git a/includes/gnutls/crypto.h b/includes/gnutls/crypto.h
index dc45165924..2faedf5a88 100644
--- a/includes/gnutls/crypto.h
+++ b/includes/gnutls/crypto.h
@@ -22,52 +22,198 @@
  *
  */
 
-#if INTERNAL_GNUTLS_CRYPTO_H_ENABLE_UNSUPPORTED_API
-
 #ifndef GNUTLS_CRYPTO_H
 # define GNUTLS_CRYPTO_H
 
-typedef struct gnutls_crypto_cipher {
+#define GNUTLS_CRYPTO_API_VERSION 0x01
+typedef struct {
   int (*init)( void** ctx);
-  int (*setkey)( void* ctx, const void * key, int keysize);
-  int (*setiv)(void* ctx, const void* iv, int ivsize);
-  int (*encrypt)(void* ctx, const void* plain, int plainsize, void* encr, int encrsize);
-  int (*decrypt)(void* ctx, const void* encr, int encrsize, void* plain, int plainsize);
+  int (*setkey)( void* ctx, const void * key, size_t keysize);
+  int (*setiv)(void* ctx, const void* iv, size_t ivsize);
+  int (*encrypt)(void* ctx, const void* plain, size_t plainsize, void* encr, size_t encrsize);
+  int (*decrypt)(void* ctx, const void* encr, size_t encrsize, void* plain, size_t plainsize);
   void (*deinit)( void* ctx);
-} gnutls_crypto_cipher_st;
+} gnutls_crypto_single_cipher_st;
 
-typedef struct gnutls_crypto_mac {
+typedef struct {
   int (*init)( void** ctx);
-  int (*setkey)( void* ctx, const void * key, int keysize);
-  int (*hash)( void* ctx, const void * text, int textsize);
+  int (*setkey)( void* ctx, const void * key, size_t keysize);
+  int (*hash)( void* ctx, const void * text, size_t textsize);
+  int (*copy)( void** dst_ctx, void* src_ctx);
+  int (*output) ( void* src_ctx, void* digest, size_t digestsize);
+  void (*deinit)( void* ctx);
+} gnutls_crypto_single_mac_st;
+
+typedef struct {
+  int (*init)( gnutls_cipher_algorithm_t, void** ctx);
+  int (*setkey)( void* ctx, const void * key, size_t keysize);
+  int (*setiv)(void* ctx, const void* iv, size_t ivsize);
+  int (*encrypt)(void* ctx, const void* plain, size_t plainsize, void* encr, size_t encrsize);
+  int (*decrypt)(void* ctx, const void* encr, size_t encrsize, void* plain, size_t plainsize);
+  void (*deinit)( void* ctx);
+} gnutls_crypto_cipher_st;
+
+typedef struct {
+  int (*init)( gnutls_mac_algorithm_t, void** ctx);
+  int (*setkey)( void* ctx, const void * key, size_t keysize);
+  int (*hash)( void* ctx, const void * text, size_t textsize);
   int (*copy)( void** dst_ctx, void* src_ctx);
-  int (*output) ( void* src_ctx, void* digest, int digestsize);
+  int (*output) ( void* src_ctx, void* digest, size_t digestsize);
   void (*deinit)( void* ctx);
 } gnutls_crypto_mac_st;
 
+/* the same... setkey should be null */
+typedef gnutls_crypto_single_mac_st gnutls_crypto_single_digest_st;
+typedef gnutls_crypto_mac_st gnutls_crypto_digest_st;
+
 typedef enum gnutls_rnd_level
 {
-  GNUTLS_RND_KEY = 0,
-  GNUTLS_RND_RANDOM = 1, /* unpredictable */
-  GNUTLS_RND_NONCE = 2,
+  GNUTLS_RND_KEY = 2, /* fatal in many sessions if broken */
+  GNUTLS_RND_RANDOM = 1, /* fatal in session if broken */
+  GNUTLS_RND_NONCE = 0, /* fatal in parts of session if broken - i.e. vulnerable to statistical analysis */
 } gnutls_rnd_level_t;
 
+typedef enum 
+{
+  GNUTLS_PK_FLAG_NONE = 0,
+} gnutls_pk_flag_t;
+
 typedef struct gnutls_crypto_rnd {
   int (*init)( void** ctx);
-  int (*rnd) ( void* ctx, int /* gnutls_rnd_level_t */ level, void* data, int datasize);
+  int (*rnd) ( void* ctx, int /* gnutls_rnd_level_t */ level, void* data, size_t datasize);
   void (*deinit)( void* ctx);
 } gnutls_crypto_rnd_st;
 
-/* the same... setkey should be null */
-typedef gnutls_crypto_mac_st gnutls_crypto_digest_st;
+typedef void* bigint_t;
+
+typedef enum 
+{
+  GNUTLS_MPI_FORMAT_USG = 0, /* raw unsigned integer format */ 
+  GNUTLS_MPI_FORMAT_STD = 1, /* raw signed integer format - always a leading zero when positive */
+  GNUTLS_MPI_FORMAT_PGP = 2, /* the pgp integer format */
+} gnutls_bigint_format_t;
+
+typedef struct
+{
+  bigint_t g; /* group generator */
+  bigint_t p; /* prime */
+} gnutls_group_st;
+
+/* Multi precision integer arithmetic */
+typedef struct gnutls_crypto_bigint {
+  bigint_t (*bigint_new)( int nbits);
+  void (*bigint_release)( bigint_t n);
+  int (*bigint_cmp)(const bigint_t m1, const bigint_t m2); /* 0 for equality, > 0 for m1>m2, < 0 for m1<m2 */
+  int (*bigint_cmp_ui)(const bigint_t m1, unsigned long m2); /* as bigint_cmp */
+  bigint_t (*bigint_mod) (const bigint_t a, const bigint_t b); /* ret = a % b */
+  bigint_t (*bigint_set) (bigint_t a, const bigint_t b); /* a = b -> ret == a */
+  bigint_t (*bigint_set_ui) (bigint_t a, unsigned long b); /* a = b -> ret == a */
+  unsigned int (*bigint_get_nbits)(const bigint_t a);
+  bigint_t (*bigint_powm) (bigint_t w, const bigint_t b, const bigint_t e,const bigint_t m); /* w = b ^ e mod m */
+  bigint_t (*bigint_addm) (bigint_t w, const bigint_t a, const bigint_t b, const bigint_t m); /* w = a + b mod m */
+  bigint_t (*bigint_subm) (bigint_t w, const bigint_t a, const bigint_t b, const bigint_t m); /* w = a - b mod m */
+  bigint_t (*bigint_mulm) (bigint_t w, const bigint_t a, const bigint_t b, const bigint_t m); /* w = a * b mod m */
+  bigint_t (*bigint_add) (bigint_t w, const bigint_t a, const bigint_t b); /* w = a + b */
+  bigint_t (*bigint_sub) (bigint_t w, const bigint_t a, const bigint_t b); /* w = a - b */
+  bigint_t (*bigint_mul) (bigint_t w, const bigint_t a, const bigint_t b); /* w = a * b */
+  bigint_t (*bigint_add_ui) (bigint_t w, const bigint_t a, unsigned long b); /* w = a + b */
+  bigint_t (*bigint_sub_ui) (bigint_t w, const bigint_t a, unsigned long b); /* w = a - b */
+  bigint_t (*bigint_mul_ui) (bigint_t w, const bigint_t a, unsigned long b); /* w = a * b */
+  bigint_t (*bigint_div) (bigint_t q, const bigint_t a, const bigint_t b); /* q = a / b */
+  int (*bigint_prime_check) (const bigint_t pp); /* 0 if prime */
+  int (*bigint_generate_group) (gnutls_group_st* gg, unsigned int bits);
+  
+  bigint_t (*bigint_scan) ( const void* buf, size_t buf_size, gnutls_bigint_format_t format); /* reads an bigint from a buffer */
+   /* stores an bigint into the buffer.
+    * returns GNUTLS_E_SHORT_MEMORY_BUFFER if buf_size is not sufficient to store this integer,
+    * and updates the buf_size;
+    */
+  int (*bigint_print)( const bigint_t a, void* buf, size_t* buf_size, gnutls_bigint_format_t format); 
+  
+} gnutls_crypto_bigint_st;
+
+typedef struct pk_params {
+  bigint_t *params;
+  unsigned int params_nr; /* the number of parameters */
+  unsigned int flags;
+} gnutls_pk_params_st;
+
+void gnutls_pk_params_release( gnutls_pk_params_st* p);
+void gnutls_pk_params_init( gnutls_pk_params_st* p);
+
+/* params are:
+ * RSA: 
+ *  [0] is modulus
+ *  [1] is public exponent 
+ *  [2] is private exponent (private key only)
+ *  [3] is prime1 (p) (private key only)
+ *  [4] is prime2 (q) (private key only)
+ *  [5] is coefficient (u == inverse of p mod q) (private key only)
+ *   
+ *  note that other packages use inverse of q mod p,
+ *  so we need to perform conversions using fixup_params().
+ *
+ * DSA: 
+ *  [0] is p
+ *  [1] is q
+ *  [2] is g
+ *  [3] is y (public key) 
+ *  [4] is x (private key only)
+ */
+
+typedef enum 
+{
+  GNUTLS_IMPORT,
+  GNUTLS_EXPORT
+} gnutls_direction_t;
+
+/* Public key algorithms */
+typedef struct gnutls_crypto_pk {
+  /* The params structure should contain the private or public key
+   * parameters, depending on the operation */
+  int (*encrypt)( gnutls_pk_algorithm_t, gnutls_datum_t* ciphertext, 
+    const gnutls_datum_t* plaintext, const gnutls_pk_params_st* /* public */);
+  int (*decrypt)( gnutls_pk_algorithm_t, gnutls_datum_t* plaintext, 
+    const gnutls_datum_t* ciphertext, const gnutls_pk_params_st* /* private */);
+
+  int (*sign)( gnutls_pk_algorithm_t, gnutls_datum_t* signature, 
+    const gnutls_datum_t* data, const gnutls_pk_params_st* /* private */);
+  int (*verify)( gnutls_pk_algorithm_t, const gnutls_datum_t* data, 
+    const gnutls_datum_t* signature, const gnutls_pk_params_st* /* public */);
+
+  int (*generate)( gnutls_pk_algorithm_t, unsigned int level /*bits*/, gnutls_pk_params_st*);
+  /* this function should convert params to ones suitable
+   * for the above functions
+   */
+  int (*pk_fixup_private_params)( gnutls_pk_algorithm_t, gnutls_direction_t, gnutls_pk_params_st*);
+
+} gnutls_crypto_pk_st;
 
 /* priority: infinity for backend algorithms, 90 for kernel algorithms - lowest wins 
  */
-int gnutls_crypto_cipher_register( gnutls_cipher_algorithm_t algorithm, int priority, gnutls_crypto_cipher_st* s);
-int gnutls_crypto_mac_register( gnutls_mac_algorithm_t algorithm, int priority, gnutls_crypto_mac_st* s);
-int gnutls_crypto_digest_register( gnutls_digest_algorithm_t algorithm, int priority, gnutls_crypto_digest_st* s);
-int gnutls_crypto_rnd_register( int priority, gnutls_crypto_rnd_st* s);
+#define gnutls_crypto_single_cipher_register( algo, prio, st) gnutls_crypto_single_cipher_register2( algo, prio, GNUTLS_CRYPTO_API_VERSION, st)
+#define gnutls_crypto_single_mac_register( algo, prio, st) gnutls_crypto_single_mac_register2( algo, prio, GNUTLS_CRYPTO_API_VERSION, st)
+#define gnutls_crypto_single_digest_register( algo, prio, st) gnutls_crypto_single_digest_register2( algo, prio, GNUTLS_CRYPTO_API_VERSION, st)
 
-#endif
+int gnutls_crypto_single_cipher_register2( gnutls_cipher_algorithm_t algorithm, int priority, int version, gnutls_crypto_single_cipher_st* s);
+int gnutls_crypto_single_mac_register2( gnutls_mac_algorithm_t algorithm, int priority, int version, gnutls_crypto_single_mac_st* s);
+int gnutls_crypto_single_digest_register2( gnutls_digest_algorithm_t algorithm, int priority, int version, gnutls_crypto_single_digest_st* s);
+
+#define gnutls_crypto_cipher_register( prio, st) gnutls_crypto_cipher_register2( prio, GNUTLS_CRYPTO_API_VERSION, st)
+#define gnutls_crypto_mac_register( prio, st) gnutls_crypto_mac_register2( prio, GNUTLS_CRYPTO_API_VERSION, st)
+#define gnutls_crypto_digest_register( prio, st) gnutls_crypto_digest_register2( prio, GNUTLS_CRYPTO_API_VERSION, st)
+
+int gnutls_crypto_cipher_register2( int priority, int version, gnutls_crypto_cipher_st* s);
+int gnutls_crypto_mac_register2( int priority, int version, gnutls_crypto_mac_st* s);
+int gnutls_crypto_digest_register2( int priority, int version, gnutls_crypto_digest_st* s);
+
+#define gnutls_crypto_rnd_register( prio, st) gnutls_crypto_rnd_register2( prio, GNUTLS_CRYPTO_API_VERSION, st)
+#define gnutls_crypto_pk_register( prio, st) gnutls_crypto_pk_register2( prio, GNUTLS_CRYPTO_API_VERSION, st)
+#define gnutls_crypto_bigint_register( prio, st) gnutls_crypto_bigint_register2( prio, GNUTLS_CRYPTO_API_VERSION, st)
+
+int gnutls_crypto_rnd_register2( int priority, int version, gnutls_crypto_rnd_st* s);
+int gnutls_crypto_pk_register2( int priority, int version, gnutls_crypto_pk_st* s);
+int gnutls_crypto_bigint_register2( int priority, int version, gnutls_crypto_bigint_st* s);
 
 #endif
+
diff --git a/includes/gnutls/gnutls.h.in b/includes/gnutls/gnutls.h.in
index 6f4854091d..1bd5d03876 100644
--- a/includes/gnutls/gnutls.h.in
+++ b/includes/gnutls/gnutls.h.in
@@ -79,7 +79,19 @@ extern "C"
     GNUTLS_CIPHER_CAMELLIA_128_CBC,
     GNUTLS_CIPHER_CAMELLIA_256_CBC,
     GNUTLS_CIPHER_RC2_40_CBC = 90,
-    GNUTLS_CIPHER_DES_CBC
+    GNUTLS_CIPHER_DES_CBC,
+
+    /* used only for PGP internals. Ignored in TLS/SSL 
+     */
+    GNUTLS_CIPHER_IDEA_PGP_CFB=200,
+    GNUTLS_CIPHER_3DES_PGP_CFB,
+    GNUTLS_CIPHER_CAST5_PGP_CFB,
+    GNUTLS_CIPHER_BLOWFISH_PGP_CFB,
+    GNUTLS_CIPHER_SAFER_SK128_PGP_CFB,
+    GNUTLS_CIPHER_AES128_PGP_CFB,
+    GNUTLS_CIPHER_AES192_PGP_CFB,
+    GNUTLS_CIPHER_AES256_PGP_CFB,
+    GNUTLS_CIPHER_TWOFISH_PGP_CFB,
   } gnutls_cipher_algorithm_t;
 
   typedef enum