/* srp-crypto.h * * Copyright (c) 2018-2021 Apple Computer, Inc. All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * DNS SIG(0) signature generation for DNSSD SRP using mbedtls. * * Functions required for loading, saving, and generating public/private keypairs, extracting the public key * into KEY RR data, and computing signatures. */ #ifndef __SRP_CRYPTO_H #define __SRP_CRYPTO_H #include "srp.h" // Anonymous key structure, depends on the target. typedef struct srp_key srp_key_t; typedef struct hmac_key hmac_key_t; struct hmac_key { int algorithm; dns_name_t *NONNULL name; uint8_t *NONNULL secret; int length; }; #define ECDSA_KEY_SIZE 64 #define ECDSA_KEY_PART_SIZE 32 #define ECDSA_SHA256_HASH_SIZE 32 #define ECDSA_SHA256_SIG_SIZE 64 #define ECDSA_SHA256_SIG_PART_SIZE 32 #define SIG_HEADERLEN 11 #define SIG_STATIC_RDLEN 18 #define dnssec_keytype_ecdsa 13 #define SRP_SHA256_DIGEST_SIZE 32 #define SRP_SHA256_BLOCK_SIZE 64 #define SRP_HMAC_TYPE_SHA256 1 #ifdef SRP_CRYPTO_MACOS_INTERNAL #include #include // #include #include struct srp_key { SecKeyRef NONNULL public; SecKeyRef NONNULL private; }; // An ECDSASHA256 signature in ASN.1 DER format is 0x30 | x | 0x02 | y | r | 0x02 | z | s, where x is the // length of the whole sequence (minus the first byte), y is the encoded length of r, and z is // the encoded length of s. // type offset in output buffer sub-template size of output buffer // ---- ----------------------- ------------ --------------------- #define ECDSA_SIG_TEMPLATE(name) \ static const SecAsn1Template sig_template[] = { \ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(raw_signature_data_t) }, \ { SEC_ASN1_INTEGER, offsetof(raw_signature_data_t, r), NULL, 0 }, \ { SEC_ASN1_INTEGER, offsetof(raw_signature_data_t, s), NULL, 0 }, \ { 0, 0, NULL, 0 } \ }; #if !TARGET_OS_IPHONE && !TARGET_OS_TV && !TARGET_OS_WATCH #endif // MACOS only #endif // SRP_CRYPTO_MACOS_INTERNAL #ifdef SRP_CRYPTO_MBEDTLS #include #include #include #include #include #include #include #include #include // Works just fine with mbedtls. #define KEYCOPY_WORKS 1 // The SRP key includes both the ecdsa key and the pseudo-random number generator context, so that we can // use the PRNG for signing as well as generating keys. The PRNG is seeded with a high-entropy data source. // This structure assumes that we are just using this one key; if we want to support multiple keys then // the entropy source and PRNG should be shared by all keys (of course, that's not thread-safe, so...) struct srp_key { mbedtls_pk_context key; }; // Uncomment the following line to print the data being feed into the hash operation for debugging purpose. // #define DEBUG_SHA256 #ifdef DEBUG_SHA256 int srp_mbedtls_sha256_update_ret(const char *NONNULL thing_name, mbedtls_sha256_context *NONNULL sha, uint8_t *NONNULL message, size_t msglen); int srp_mbedtls_sha256_finish_ret(mbedtls_sha256_context *NONNULL sha, uint8_t *NONNULL hash); #else #define srp_mbedtls_sha256_update_ret(name, ...) mbedtls_sha256_update_ret(__VA_ARGS__) #define srp_mbedtls_sha256_finish_ret mbedtls_sha256_finish_ret #endif // DEBUG_SHA256 #ifdef THREAD_DEVKIT_ADK #define mbedtls_strerror(code, buf, bufsize) snprintf(buf, bufsize, "%d", (int)(code)) #endif // The following entry points must be provided by the host for hosts that use mbedtls signing. // The SRP host is expected to load the SRP-specific host key out of stable storage. // If no key has previously been stored, this function must return kDNSServiceErr_NoSuchKey. // If the key doesn't fit in the buffer, this function must return kDNSServiceErr_NoMemory. // Otherwise, the function is expected to copy the key into the buffer and store the key length // through the length pointer, and return kDNSServiceErr_NoError. int srp_load_key_data(void *NULLABLE host_context, const char *NONNULL key_name, uint8_t *NONNULL buffer, uint16_t *NONNULL length, uint16_t buffer_size); // The SRP host is expected to store the SRP-specific host key in stable storage. // If the key store fails, the server returns a relevant kDNSServiceErr_* error, // such as kDNSServiceErr_NoMemory. Otherwise, the function returns kDNSServiceErr_NoError. // It is generally expected that storing the key will not fail--if it does fail, SRP can't // function. int srp_store_key_data(void *NULLABLE host_context, const char *NONNULL key_name, uint8_t *NONNULL buffer, uint16_t length); int srp_remove_key_file(void *NULLABLE host_context, const char *NONNULL key_name); #endif // SRP_CRYPTO_MBEDTLS // sign_*.c: void srp_keypair_free(srp_key_t *NONNULL key); uint64_t srp_random64(void); uint32_t srp_random32(void); uint16_t srp_random16(void); bool srp_randombytes(uint8_t *NONNULL dest, size_t num); uint8_t srp_key_algorithm(srp_key_t *NONNULL key); size_t srp_pubkey_length(srp_key_t *NONNULL key); size_t srp_signature_length(srp_key_t *NONNULL key); size_t srp_pubkey_copy(uint8_t *NONNULL buf, size_t max, srp_key_t *NONNULL key); int srp_sign(uint8_t *NONNULL output, size_t max, uint8_t *NONNULL message, size_t msglen, uint8_t *NONNULL rdata, size_t rdlen, srp_key_t *NONNULL key); // verify_*.c: bool srp_sig0_verify(dns_wire_t *NONNULL message, dns_rr_t *NONNULL key, dns_rr_t *NONNULL signature); void srp_print_key(srp_key_t *NONNULL key); // hash_*.c: void srp_hmac_iov(hmac_key_t *NONNULL key, uint8_t *NONNULL output, size_t max, struct iovec *NONNULL iov, int count); int srp_base64_parse(char *NONNULL src, size_t *NONNULL len_ret, uint8_t *NONNULL buf, size_t buflen); #endif // __SRP_CRYPTO_H // Local Variables: // mode: C // tab-width: 4 // c-file-style: "bsd" // c-basic-offset: 4 // fill-column: 108 // indent-tabs-mode: nil // End: