Allow MatrixSSL code to compile inside gPXE

src/crypto/cryptoLayer.h

@@ -0,0 +1,118 @@
+#ifndef _MATRIXSSL_CRYPTOLAYER_H
+#define _MATRIXSSL_CRYPTOLAYER_H
+
+/** @file
+ *
+ * Compatibility layer for MatrixSSL
+ *
+ */
+
+#include <stdint.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <byteswap.h>
+#include <gpxe/bitops.h>
+#include <gpxe/crypto.h>
+
+/* Drag in pscrypto.h */
+typedef uint64_t ulong64;
+typedef void psPool_t;
+#define SMALL_CODE
+#define USE_INT64
+#define USE_RSA
+#define USE_RSA_PUBLIC_ENCRYPT
+#define CRYPT
+#include "matrixssl/pscrypto.h"
+#define SMALL_CODE
+#undef CLEAN_STACK
+
+#define sslAssert( ... ) assert ( __VA_ARGS__ )
+
+static inline void * psMalloc ( psPool_t *pool __unused, size_t len ) {
+	return malloc ( len );
+}
+
+static inline void * psRealloc ( void *ptr, size_t len ) {
+	return realloc ( ptr, len );
+}
+
+static inline void psFree ( void *ptr ) {
+	free ( ptr );
+}
+
+#define matrixStrDebugMsg( ... ) DBG ( __VA_ARGS__ )
+#define matrixIntDebugMsg( ... ) DBG ( __VA_ARGS__ )
+
+/* Use our standard cpu_to_leXX etc. macros */
+
+#undef LOAD32L
+#define LOAD32L( cpu32, ptr ) do {				\
+		uint32_t *le32 = ( ( uint32_t * ) ptr );	\
+		cpu32 = le32_to_cpu ( *le32 );			\
+	} while ( 0 )
+
+#undef LOAD32H
+#define LOAD32H( cpu32, ptr ) do {				\
+		uint32_t *be32 = ( ( uint32_t * ) ptr );	\
+		cpu32 = be32_to_cpu ( *be32 );			\
+	} while ( 0 )
+
+#undef LOAD64L
+#define LOAD64L( cpu64, ptr ) do {				\
+		uint64_t *le64 = ( ( uint64_t * ) ptr );	\
+		cpu64 = le64_to_cpu ( *le64 );			\
+	} while ( 0 )
+
+#undef LOAD64H
+#define LOAD64H( cpu64, ptr ) do {				\
+		uint64_t *be64 = ( ( uint64_t * ) ptr );	\
+		cpu64 = be64_to_cpu ( *be64 );			\
+	} while ( 0 )
+
+#undef STORE32L
+#define STORE32L( cpu32, ptr ) do {				\
+		uint32_t *le32 = ( ( uint32_t * ) ptr );	\
+		*le32 = cpu_to_le32 ( cpu32 );			\
+	} while ( 0 )
+
+#undef STORE32H
+#define STORE32H( cpu32, ptr ) do {				\
+		uint32_t *be32 = ( ( uint32_t * ) ptr );	\
+		*be32 = cpu_to_be32 ( cpu32 );			\
+	} while ( 0 )
+
+#undef STORE64L
+#define STORE64L( cpu64, ptr ) do {				\
+		uint64_t *le64 = ( ( uint64_t * ) ptr );	\
+		*le64 = cpu_to_le64 ( cpu64 );			\
+	} while ( 0 )
+
+#undef STORE64H
+#define STORE64H( cpu64, ptr ) do {				\
+		uint64_t *be64 = ( ( uint64_t * ) ptr );	\
+		*be64 = cpu_to_be64 ( cpu64 );			\
+	} while ( 0 )
+
+/* Use rolXX etc. from bitops.h */
+
+#undef ROL
+#define ROL( data, rotation )	 rol32 ( (data), (rotation) )
+#undef ROLc
+#define ROLc( data, rotation )	 rol32 ( (data), (rotation) )
+#undef ROR
+#define ROR( data, rotation )	 ror32 ( (data), (rotation) )
+#undef RORc
+#define RORc( data, rotation )	 ror32 ( (data), (rotation) )
+#undef ROL64
+#define ROL64( data, rotation )	 rol64 ( (data), (rotation) )
+#undef ROL64c
+#define ROL64c( data, rotation ) rol64 ( (data), (rotation) )
+#undef ROR64
+#define ROR64( data, rotation )	 ror64 ( (data), (rotation) )
+#undef ROR64c
+#define ROR64c( data, rotation ) ror64 ( (data), (rotation) )
+
+#endif /* _MATRIXSSL_CRYPTOLAYER_H */

src/crypto/matrixssl/mpi.h

@@ -0,0 +1,487 @@
+/*	
+ *	mpi.h
+ *	Release $Name$
+ *
+ *	multiple-precision integer library
+ */
+/*
+ *	Copyright (c) PeerSec Networks, 2002-2006. All Rights Reserved.
+ *	The latest version of this code is available at http://www.matrixssl.org
+ *
+ *	This software is open source; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	This General Public License does NOT permit incorporating this software 
+ *	into proprietary programs.  If you are unable to comply with the GPL, a 
+ *	commercial license for this software may be purchased from PeerSec Networks
+ *	at http://www.peersec.com
+ *	
+ *	This program is distributed in WITHOUT ANY WARRANTY; without even the 
+ *	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
+ *	See the GNU General Public License for more details.
+ *	
+ *	You should have received a copy of the GNU General Public License
+ *	along with this program; if not, write to the Free Software
+ *	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *	http://www.gnu.org/copyleft/gpl.html
+ */
+/******************************************************************************/
+
+#ifndef _h_MPI
+#define _h_MPI
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <limits.h>
+
+#undef MIN
+#define MIN(x,y) ((x)<(y)?(x):(y))
+#undef MAX
+#define MAX(x,y) ((x)>(y)?(x):(y))
+
+#ifdef __cplusplus
+extern "C" {
+
+
+/*
+	C++ compilers don't like assigning void * to mp_digit *
+ */
+#define  OPT_CAST(x)  (x *)
+
+#else
+
+/*
+	C on the other hand doesn't care
+ */
+#define  OPT_CAST(x)
+
+#endif /* __cplusplus */
+
+/******************************************************************************/
+/*
+	some default configurations.
+
+	A "mp_digit" must be able to hold DIGIT_BIT + 1 bits
+	A "mp_word" must be able to hold 2*DIGIT_BIT + 1 bits
+
+	At the very least a mp_digit must be able to hold 7 bits
+	[any size beyond that is ok provided it doesn't overflow the data type]
+ */
+#ifdef MP_8BIT
+	typedef unsigned char		mp_digit;
+	typedef unsigned short		mp_word;
+#elif defined(MP_16BIT)
+	typedef unsigned short		mp_digit;
+	typedef unsigned long		mp_word;
+#elif defined(MP_64BIT)
+/*
+	for GCC only on supported platforms
+ */
+	#ifndef CRYPT
+		typedef unsigned long long	ulong64;
+		typedef signed long long	long64;
+	#endif /* CRYPT */
+
+	typedef ulong64				mp_digit;
+	typedef unsigned long		mp_word __attribute__ ((mode(TI)));
+
+	#define DIGIT_BIT			60
+#else  /* MP_8BIT */
+/*
+	this is the default case, 28-bit digits
+ */
+	#ifndef CRYPT
+		#if defined(_MSC_VER) || defined(__BORLANDC__) 
+			typedef unsigned __int64	ulong64;
+			typedef signed __int64		long64;
+		#else
+			typedef unsigned long long	ulong64;
+			typedef signed long long	long64;
+		#endif
+	#endif /* CRYPT */
+
+	typedef unsigned long		mp_digit;
+	typedef ulong64				mp_word;
+
+	#ifdef MP_31BIT
+/*
+		this is an extension that uses 31-bit digits
+ */
+		#define DIGIT_BIT		31
+	#else /* MP_31BIT */
+/*
+		default case is 28-bit digits, defines MP_28BIT as a handy macro to test
+ */
+		#define DIGIT_BIT		28
+		#define MP_28BIT
+	#endif /* MP_31BIT */
+#endif /* MP_8BIT */
+
+/*
+	otherwise the bits per digit is calculated automatically from the size of
+	a mp_digit
+ */
+#ifndef DIGIT_BIT
+	#define DIGIT_BIT	((int32)((CHAR_BIT * sizeof(mp_digit) - 1)))	/* bits per digit */
+#endif /* DIGIT_BIT */
+
+#define MP_DIGIT_BIT		DIGIT_BIT
+#define MP_MASK				((((mp_digit)1)<<((mp_digit)DIGIT_BIT))-((mp_digit)1))
+#define MP_DIGIT_MAX		MP_MASK
+
+/******************************************************************************/
+/*
+	equalities
+ */
+#define MP_LT			-1		/* less than */
+#define MP_EQ			0		/* equal to */
+#define MP_GT			1		/* greater than */
+
+#define MP_ZPOS			0		/* positive integer */
+#define MP_NEG			1		/* negative */
+
+#define MP_OKAY			0		/* ok result */
+#define MP_MEM			-2		/* out of mem */
+#define MP_VAL			-3		/* invalid input */
+#define MP_RANGE		MP_VAL
+
+#define MP_YES			1		/* yes response */
+#define MP_NO			0		/* no response */
+
+typedef int32				mp_err;
+
+/******************************************************************************/
+/*
+	various build options
+ */
+#define MP_PREC			64		/* default digits of precision */
+
+/*
+	define this to use lower memory usage routines (exptmods mostly)
+ */
+#define MP_LOW_MEM
+
+/*
+	size of comba arrays, should be at least 
+	2 * 2**(BITS_PER_WORD - BITS_PER_DIGIT*2)
+ */
+#define MP_WARRAY		(1 << (sizeof(mp_word) * CHAR_BIT - 2 * DIGIT_BIT + 1))
+
+typedef struct  {
+	int32 used, alloc, sign;
+	mp_digit *dp;
+} mp_int;
+
+#define USED(m)		((m)->used)
+#define DIGIT(m,k)	((m)->dp[(k)])
+#define SIGN(m)		((m)->sign)
+
+/******************************************************************************/
+/*
+	init and deinit bignum functions
+ */
+
+/*
+	init a bignum
+ */
+extern int32 mp_init(psPool_t *pool, mp_int *a);
+
+/*
+	free a bignum
+ */
+extern void mp_clear(mp_int *a);
+
+/*
+	init a series of arguments
+ */
+extern int32 _mp_init_multi(psPool_t *pool, mp_int *mp0, mp_int *mp1, mp_int *mp2, 
+							mp_int *mp3, mp_int *mp4, mp_int *mp5, mp_int *mp6, 
+							mp_int *mp7);
+
+/*
+	clear a  series of arguments
+ */
+extern void _mp_clear_multi(mp_int *mp0, mp_int *mp1, mp_int *mp2, mp_int *mp3,
+					mp_int *mp4, mp_int *mp5, mp_int *mp6, mp_int *mp7);
+
+/*
+	exchange two ints
+ */
+extern void mp_exch(mp_int *a, mp_int *b);
+
+/*
+	shrink ram required for a bignum
+ */
+extern int32 mp_shrink(mp_int *a);
+
+/*
+	grow an int32 to a given size
+ */
+extern int32 mp_grow(mp_int *a, int32 size);
+
+/*
+	init to a given number of digits
+ */
+extern int32 mp_init_size(psPool_t *pool, mp_int *a, int32 size);
+
+/******************************************************************************/
+/*
+	Basic Manipulations
+ */
+#define mp_iszero(a) (((a)->used == 0) ? MP_YES : MP_NO)
+#define mp_iseven(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? MP_YES : MP_NO)
+#define mp_isodd(a)  (((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? MP_YES : MP_NO)
+
+extern int32 mp_add_d (mp_int * a, mp_digit b, mp_int * c);
+extern int32 mp_sub_d (mp_int * a, mp_digit b, mp_int * c);
+/*
+	set to zero
+ */
+extern void mp_zero(mp_int *a);
+
+/*
+	set to a digit
+ */
+extern void mp_set(mp_int *a, mp_digit b);
+
+/*
+	copy, b = a
+ */
+extern int32 mp_copy(mp_int *a, mp_int *b);
+
+/*
+	inits and copies, a = b
+ */
+extern int32 mp_init_copy(psPool_t *pool, mp_int *a, mp_int *b);
+
+/*
+	trim unused digits
+ */
+extern void mp_clamp(mp_int *a);
+
+/******************************************************************************/
+/*
+	digit manipulation
+*/
+
+/*
+	right shift by "b" digits
+ */
+extern void mp_rshd(mp_int *a, int32 b);
+
+/*
+	left shift by "b" digits
+ */
+extern int32 mp_lshd(mp_int *a, int32 b);
+
+/*
+	c = a / 2**b
+ */
+extern int32 mp_div_2d(psPool_t *pool, mp_int *a, int32 b, mp_int *c, mp_int *d);
+
+/*
+	b = a/2
+ */
+extern int32 mp_div_2(mp_int *a, mp_int *b);
+
+/*
+	c = a * 2**b
+ */
+extern int32 mp_mul_2d(mp_int *a, int32 b, mp_int *c);
+
+/*
+	c = a mod 2**d
+ */
+extern int32 mp_mod_2d(mp_int *a, int32 b, mp_int *c);
+
+/*
+	computes a = 2**b
+ */
+extern int32 mp_2expt(mp_int *a, int32 b);
+
+/******************************************************************************/
+/*
+	Basic arithmetic
+ */
+
+/*
+	b = |a|
+ */
+extern int32 mp_abs(mp_int *a, mp_int *b);
+
+/*
+	compare a to b
+ */
+extern int32 mp_cmp(mp_int *a, mp_int *b);
+
+/*
+	compare |a| to |b|
+ */
+extern int32 mp_cmp_mag(mp_int *a, mp_int *b);
+
+/*
+	c = a + b
+ */
+extern int32 mp_add(mp_int *a, mp_int *b, mp_int *c);
+
+/*
+	c = a - b
+ */
+extern int32 mp_sub(mp_int *a, mp_int *b, mp_int *c);
+
+/*
+	c = a * b
+	b = a*a
+ */
+/* STEVE - moved mp_mul out of SLOW case */
+extern int32 mp_mul(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c);
+#ifdef USE_SMALL_WORD
+extern int32 mp_sqr(psPool_t *pool, mp_int *a, mp_int *b);
+#endif
+
+/*
+	a/b => cb + d == a
+ */
+extern int32 mp_div(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, mp_int *d);
+
+/*
+	c = a mod b, 0 <= c < b
+ */
+extern int32 mp_mod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c);
+
+/******************************************************************************/
+/*
+	single digit functions
+ */
+
+/*
+	compare against a single digit
+ */
+extern int32 mp_cmp_d(mp_int *a, mp_digit b);
+
+/*
+	c = a * b
+ */
+extern int32 mp_mul_d(mp_int *a, mp_digit b, mp_int *c);
+
+/******************************************************************************/
+/*
+	number theory
+ */
+
+/*
+	d = a + b (mod c)
+ */
+extern int32 mp_addmod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, mp_int *d);
+
+/*
+	d = a * b (mod c)
+ */
+extern int32 mp_mulmod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, mp_int *d);
+
+/*
+	c = 1/a (mod b)
+ */
+#ifdef USE_SMALL_WORD
+extern int32 mp_invmod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c);
+#endif
+
+/*
+	setups the montgomery reduction
+ */
+extern int32 mp_montgomery_setup(mp_int *a, mp_digit *mp);
+
+/*
+	computes a = B**n mod b without division or multiplication useful for
+	normalizing numbers in a Montgomery system.
+ */
+extern int32 mp_montgomery_calc_normalization(mp_int *a, mp_int *b);
+
+/*
+	computes x/R == x (mod N) via Montgomery Reduction
+ */
+#ifdef USE_SMALL_WORD
+extern int32 mp_montgomery_reduce(mp_int *a, mp_int *m, mp_digit mp);
+#endif
+
+/*
+	d = a**b (mod c)
+ */
+/* TODO - we never define this */
+extern int32 mp_exptmod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c, mp_int *d);
+
+/******************************************************************************/
+/*
+	If we're using 1024 or 2048 bit keys and 28 bit digits, we only need the
+	fast_ versions of these functions, removing the others to save space.
+	Otherwise, we include the slow versions as well and which version to use
+	is done at runtime.
+*/
+#ifdef USE_SMALL_WORD
+extern int32 s_mp_mul_digs(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c,
+						   int32 digs);
+extern int32 s_mp_sqr(psPool_t *pool, mp_int *a, mp_int *b);
+#else
+#define mp_montgomery_reduce fast_mp_montgomery_reduce
+#define mp_sqr	fast_s_mp_sqr
+#if STEVE
+#define mp_mul(P, A, B, C) fast_s_mp_mul_digs(P, A, B, C, (A)->used + (B)->used + 1)
+#endif
+#define s_mp_mul_digs	fast_s_mp_mul_digs
+#define mp_invmod	fast_mp_invmod
+#endif
+
+/******************************************************************************/
+/*
+	radix conversion
+ */
+extern int32 mp_count_bits(mp_int *a);
+
+extern int32 mp_unsigned_bin_size(mp_int *a);
+extern int32 mp_read_unsigned_bin(mp_int *a, unsigned char *b, int32 c);
+extern int32 mp_to_unsigned_bin(psPool_t *pool, mp_int *a, unsigned char *b);
+
+extern int32 mp_signed_bin_size(mp_int *a);
+
+/*
+	lowlevel functions, do not call!
+ */
+#if STEVE
+#ifdef USE_SMALL_WORD
+#define s_mp_mul(P, A, B, C) s_mp_mul_digs(P, A, B, C, (A)->used + (B)->used + 1)
+#else
+#define s_mp_mul(P, A, B, C) sslAssert();
+#endif
+#endif /* STEVE */
+/* define this in all cases for now STEVE */
+#define s_mp_mul(P, A, B, C) s_mp_mul_digs(P, A, B, C, (A)->used + (B)->used + 1)
+
+
+/*
+	b = a*2
+ */
+extern int32 mp_mul_2(mp_int *a, mp_int *b);
+
+extern int32 s_mp_add(mp_int *a, mp_int *b, mp_int *c);
+extern int32 s_mp_sub(mp_int *a, mp_int *b, mp_int *c);
+
+extern int32 fast_s_mp_mul_digs(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c,
+								int32 digs);
+extern int32 fast_s_mp_sqr(psPool_t *pool, mp_int *a, mp_int *b);
+
+extern int32 fast_mp_invmod(psPool_t *pool, mp_int *a, mp_int *b, mp_int *c);
+extern int32 fast_mp_montgomery_reduce(mp_int *a, mp_int *m, mp_digit mp);
+
+extern void bn_reverse(unsigned char *s, int32 len);
+
+
+#ifdef __cplusplus
+   }
+#endif /* __cplusplus */
+
+#endif /* _h_MPI */
+

src/crypto/matrixssl/pscrypto.h

@@ -0,0 +1,661 @@
+/*
+ *	pscrypto.h
+ *	Release $Name$
+ *
+ *	Internal definitions for PeerSec Networks MatrixSSL cryptography provider
+ */
+/*
+ *	Copyright (c) PeerSec Networks, 2002-2006. All Rights Reserved.
+ *	The latest version of this code is available at http://www.matrixssl.org
+ *
+ *	This software is open source; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	This General Public License does NOT permit incorporating this software 
+ *	into proprietary programs.  If you are unable to comply with the GPL, a 
+ *	commercial license for this software may be purchased from PeerSec Networks
+ *	at http://www.peersec.com
+ *	
+ *	This program is distributed in WITHOUT ANY WARRANTY; without even the 
+ *	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
+ *	See the GNU General Public License for more details.
+ *	
+ *	You should have received a copy of the GNU General Public License
+ *	along with this program; if not, write to the Free Software
+ *	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *	http://www.gnu.org/copyleft/gpl.html
+ */
+/******************************************************************************/
+
+#ifndef _h_PSCRYPTO
+#define _h_PSCRYPTO
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+	PeerSec crypto-specific defines.
+ */
+#define SMALL_CODE
+#define CLEAN_STACK
+/*
+	If Native 64 bit integers are not supported, we must set the 16 bit flag
+	to produce 32 bit mp_words in mpi.h
+	We must also include the slow MPI functions because the fast ones only
+	work with larger (28 bit) digit sizes.
+*/
+#ifndef USE_INT64
+#define MP_16BIT
+#define USE_SMALL_WORD
+#endif /* USE_INT64 */
+
+/******************************************************************************/
+
+#ifdef USE_RSA
+
+#include "mpi.h"
+
+#if LINUX
+	#define _stat stat
+#endif
+
+/* this is the "32-bit at least" data type 
+ * Re-define it to suit your platform but it must be at least 32-bits 
+ */
+typedef unsigned long ulong32;
+
+/*
+	Primary RSA Key struct.  Define here for crypto
+*/
+typedef struct {
+	mp_int		e, d, N, qP, dP, dQ, p, q;
+	int32			size;	/* Size of the key in bytes */
+	int32			optimized; /* 1 for optimized */
+} sslRsaKey_t;
+
+#endif /* USE_RSA */
+
+
+/*
+ *	Private
+ */
+extern int32 ps_base64_decode(const unsigned char *in, uint32 len, 
+							unsigned char *out, uint32 *outlen);
+
+/*
+ *	Memory routines
+ */
+extern void psZeromem(void *dst, size_t len);
+extern void psBurnStack(unsigned long len);
+
+
+/* max size of either a cipher/hash block or symmetric key [largest of the two] */
+#define MAXBLOCKSIZE			24
+
+/* ch1-01-1 */
+/* error codes [will be expanded in future releases] */
+enum {
+	CRYPT_OK=0,					/* Result OK */
+	CRYPT_ERROR,				/* Generic Error */
+	CRYPT_NOP,					/* Not a failure but no operation was performed */
+
+	CRYPT_INVALID_KEYSIZE,		/* Invalid key size given */
+	CRYPT_INVALID_ROUNDS,		/* Invalid number of rounds */
+	CRYPT_FAIL_TESTVECTOR,		/* Algorithm failed test vectors */
+
+	CRYPT_BUFFER_OVERFLOW,		/* Not enough space for output */
+	CRYPT_INVALID_PACKET,		/* Invalid input packet given */
+
+	CRYPT_INVALID_PRNGSIZE,		/* Invalid number of bits for a PRNG */
+	CRYPT_ERROR_READPRNG,		/* Could not read enough from PRNG */
+
+	CRYPT_INVALID_CIPHER,		/* Invalid cipher specified */
+	CRYPT_INVALID_HASH,			/* Invalid hash specified */
+	CRYPT_INVALID_PRNG,			/* Invalid PRNG specified */
+
+	CRYPT_MEM,					/* Out of memory */
+
+	CRYPT_PK_TYPE_MISMATCH,		/* Not equivalent types of PK keys */
+	CRYPT_PK_NOT_PRIVATE,		/* Requires a private PK key */
+
+	CRYPT_INVALID_ARG,			/* Generic invalid argument */
+	CRYPT_FILE_NOTFOUND,		/* File Not Found */
+
+	CRYPT_PK_INVALID_TYPE,		/* Invalid type of PK key */
+	CRYPT_PK_INVALID_SYSTEM,	/* Invalid PK system specified */
+	CRYPT_PK_DUP,				/* Duplicate key already in key ring */
+	CRYPT_PK_NOT_FOUND,			/* Key not found in keyring */
+	CRYPT_PK_INVALID_SIZE,		/* Invalid size input for PK parameters */
+
+	CRYPT_INVALID_PRIME_SIZE	/* Invalid size of prime requested */
+};
+
+/******************************************************************************/
+/*
+	hash defines
+ */
+struct sha1_state {
+#ifdef USE_INT64
+	ulong64		length;
+#else
+	ulong32		lengthHi;
+	ulong32		lengthLo;
+#endif /* USE_INT64 */
+	ulong32 state[5], curlen;
+	unsigned char	buf[64];
+};
+
+struct md5_state {
+#ifdef USE_INT64
+	ulong64 length;
+#else
+	ulong32	lengthHi;
+	ulong32	lengthLo;
+#endif /* USE_INT64 */
+	ulong32 state[4], curlen;
+	unsigned char buf[64];
+};
+
+#ifdef USE_MD2
+struct md2_state {
+	unsigned char chksum[16], X[48], buf[16];
+	unsigned long curlen;
+};
+#endif /* USE_MD2 */
+
+#ifdef USE_SHA256
+struct sha256_state {
+	ulong64 length;
+	ulong32 state[8], curlen;
+	unsigned char buf[64];
+};
+#endif /* USE_SHA256 */
+
+typedef union {
+	struct sha1_state	sha1;
+	struct md5_state	md5;
+#ifdef USE_MD2
+	struct md2_state	md2;
+#endif /* USE_MD2 */
+#ifdef USE_SHA256
+	struct sha256_state sha256;
+#endif
+} hash_state;
+
+typedef hash_state sslSha1Context_t;
+typedef hash_state sslMd5Context_t;
+#ifdef USE_MD2
+typedef hash_state sslMd2Context_t;
+#endif /* USE_MD2 */
+#ifdef USE_SHA256
+typedef hash_state sslSha256Context_t;
+#endif /* USE_SHA256 */
+
+typedef struct {
+	unsigned char	pad[64];
+	union {
+		sslMd5Context_t		md5;
+		sslSha1Context_t	sha1;
+	} u;
+} sslHmacContext_t;
+
+/******************************************************************************/
+/*
+	RC4
+ */
+#ifdef USE_ARC4
+typedef struct {
+	unsigned char	state[256];
+	uint32	byteCount;
+	unsigned char	x;
+	unsigned char	y;
+} rc4_key;
+#endif /* USE_ARC4 */
+
+#define SSL_DES3_KEY_LEN	24
+#define SSL_DES3_IV_LEN		8
+#ifdef USE_3DES
+
+typedef struct {
+	ulong32 ek[3][32], dk[3][32];
+} des3_key;
+
+/*
+	A block cipher CBC structure
+ */
+typedef struct {
+	int32					blocklen;
+	unsigned char		IV[8];
+	des3_key			key;
+	int32					explicitIV; /* 1 if yes */
+} des3_CBC;
+
+extern int32 des3_setup(const unsigned char *key, int32 keylen, int32 num_rounds,
+		 des3_CBC *skey);
+extern void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct,
+		 des3_CBC *key);
+extern void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt,
+		 des3_CBC *key);
+extern int32 des3_keysize(int32 *desired_keysize);
+
+extern int32 des_setup(const unsigned char *key, int32 keylen, int32 num_rounds,
+		 des3_CBC *skey);
+extern void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct,
+		 des3_CBC *key);
+extern void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt,
+		 des3_CBC *key);
+
+#endif /* USE_3DES */
+
+
+typedef union {
+#ifdef USE_ARC4
+	rc4_key		arc4;
+#endif
+#ifdef USE_3DES
+	des3_CBC	des3;
+#endif
+} sslCipherContext_t;
+
+
+/*
+	Controls endianess and size of registers.  Leave uncommented to get
+	platform neutral [slower] code detect x86-32 machines somewhat
+ */
+#if (defined(_MSC_VER) && defined(WIN32)) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__)))
+	#define ENDIAN_LITTLE
+	#define ENDIAN_32BITWORD
+#endif
+
+
+/* #define ENDIAN_LITTLE */
+/* #define ENDIAN_BIG */
+
+/* #define ENDIAN_32BITWORD */
+/* #define ENDIAN_64BITWORD */
+
+#if (defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) && !(defined(ENDIAN_32BITWORD) || defined(ENDIAN_64BITWORD))
+		#error You must specify a word size as well as endianess
+#endif
+
+#if !(defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE))
+	#define ENDIAN_NEUTRAL
+#endif
+
+/*
+	helper macros
+ */
+#if defined (ENDIAN_NEUTRAL)
+
+#define STORE32L(x, y)                                                                     \
+     { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255);   \
+       (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); }
+
+#define LOAD32L(x, y)                            \
+     { x = ((unsigned long)((y)[3] & 255)<<24) | \
+           ((unsigned long)((y)[2] & 255)<<16) | \
+           ((unsigned long)((y)[1] & 255)<<8)  | \
+           ((unsigned long)((y)[0] & 255)); }
+
+#define STORE64L(x, y)                                                                     \
+     { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255);   \
+       (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255);   \
+       (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255);   \
+       (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); }
+
+#define LOAD64L(x, y)                                                       \
+     { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \
+           (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32)| \
+           (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16)| \
+           (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); }
+
+#define STORE32H(x, y)                                                                     \
+     { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255);   \
+       (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); }
+
+#define LOAD32H(x, y)                            \
+     { x = ((unsigned long)((y)[0] & 255)<<24) | \
+           ((unsigned long)((y)[1] & 255)<<16) | \
+           ((unsigned long)((y)[2] & 255)<<8)  | \
+           ((unsigned long)((y)[3] & 255)); }
+
+#define STORE64H(x, y)                                                                     \
+   { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255);     \
+     (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255);     \
+     (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255);     \
+     (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); }
+
+#define LOAD64H(x, y)                                                      \
+   { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \
+         (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32) | \
+         (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16) | \
+         (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); }
+
+#endif /* ENDIAN_NEUTRAL */
+
+#ifdef ENDIAN_LITTLE
+
+#define STORE32H(x, y)                                                                     \
+     { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255);   \
+       (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); }
+
+#define LOAD32H(x, y)                            \
+     { x = ((unsigned long)((y)[0] & 255)<<24) | \
+           ((unsigned long)((y)[1] & 255)<<16) | \
+           ((unsigned long)((y)[2] & 255)<<8)  | \
+           ((unsigned long)((y)[3] & 255)); }
+
+#define STORE64H(x, y)                                                                     \
+   { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255);     \
+     (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255);     \
+     (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255);     \
+     (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); }
+
+#define LOAD64H(x, y)                                                      \
+   { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \
+         (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32) | \
+         (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16) | \
+         (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); }
+
+#ifdef ENDIAN_32BITWORD 
+
+#define STORE32L(x, y)        \
+     { unsigned long __t = (x); memcpy(y, &__t, 4); }
+
+#define LOAD32L(x, y)         \
+     memcpy(&(x), y, 4);
+
+#define STORE64L(x, y)                                                                     \
+     { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255);   \
+       (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255);   \
+       (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255);   \
+       (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); }
+
+#define LOAD64L(x, y)                                                       \
+     { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \
+           (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32)| \
+           (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16)| \
+           (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); }
+
+#else /* 64-bit words then  */
+
+#define STORE32L(x, y)        \
+     { unsigned long __t = (x); memcpy(y, &__t, 4); }
+
+#define LOAD32L(x, y)         \
+     { memcpy(&(x), y, 4); x &= 0xFFFFFFFF; }
+
+#define STORE64L(x, y)        \
+     { ulong64 __t = (x); memcpy(y, &__t, 8); }
+
+#define LOAD64L(x, y)         \
+    { memcpy(&(x), y, 8); }
+
+#endif /* ENDIAN_64BITWORD */
+#endif /* ENDIAN_LITTLE */
+
+#ifdef ENDIAN_BIG
+#define STORE32L(x, y)                                                                     \
+     { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255);   \
+       (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); }
+
+#define LOAD32L(x, y)                            \
+     { x = ((unsigned long)((y)[3] & 255)<<24) | \
+           ((unsigned long)((y)[2] & 255)<<16) | \
+           ((unsigned long)((y)[1] & 255)<<8)  | \
+           ((unsigned long)((y)[0] & 255)); }
+
+#define STORE64L(x, y)                                                                     \
+   { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255);     \
+     (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255);     \
+     (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255);     \
+     (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); }
+
+#define LOAD64L(x, y)                                                      \
+   { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48) | \
+         (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32) | \
+         (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16) | \
+         (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); }
+
+#ifdef ENDIAN_32BITWORD 
+
+#define STORE32H(x, y)        \
+     { unsigned long __t = (x); memcpy(y, &__t, 4); }
+
+#define LOAD32H(x, y)         \
+     memcpy(&(x), y, 4);
+
+#define STORE64H(x, y)                                                                     \
+     { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255);   \
+       (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255);   \
+       (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255);   \
+       (y)[6] = (unsigned char)(((x)>>8)&255);  (y)[7] = (unsigned char)((x)&255); }
+
+#define LOAD64H(x, y)                                                       \
+     { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48)| \
+           (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32)| \
+           (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16)| \
+           (((ulong64)((y)[6] & 255))<<8)| (((ulong64)((y)[7] & 255))); }
+
+#else /* 64-bit words then  */
+
+#define STORE32H(x, y)        \
+     { unsigned long __t = (x); memcpy(y, &__t, 4); }
+
+#define LOAD32H(x, y)         \
+     { memcpy(&(x), y, 4); x &= 0xFFFFFFFF; }
+
+#define STORE64H(x, y)        \
+     { ulong64 __t = (x); memcpy(y, &__t, 8); }
+
+#define LOAD64H(x, y)         \
+    { memcpy(&(x), y, 8); }
+
+#endif /* ENDIAN_64BITWORD */
+#endif /* ENDIAN_BIG */
+
+/*
+	packet code */
+#if defined(USE_RSA) || defined(MDH) || defined(MECC)
+	#define PACKET
+
+/*
+	size of a packet header in bytes */
+	#define PACKET_SIZE				4
+
+/*
+	Section tags
+ */
+	#define PACKET_SECT_RSA			0
+	#define PACKET_SECT_DH			1
+	#define PACKET_SECT_ECC			2
+	#define PACKET_SECT_DSA			3
+
+/*
+	Subsection Tags for the first three sections
+ */
+	#define PACKET_SUB_KEY			0
+	#define PACKET_SUB_ENCRYPTED	1
+	#define PACKET_SUB_SIGNED		2
+	#define PACKET_SUB_ENC_KEY		3
+#endif
+
+/*
+	fix for MSVC ...evil!
+ */
+#ifdef WIN32
+#ifdef _MSC_VER
+	#define CONST64(n) n ## ui64
+	typedef unsigned __int64 ulong64;
+#else
+	#define CONST64(n) n ## ULL
+	typedef unsigned long long ulong64;
+#endif
+#endif /* WIN32 */
+
+
+#define BSWAP(x)  ( ((x>>24)&0x000000FFUL) | ((x<<24)&0xFF000000UL)  | \
+                    ((x>>8)&0x0000FF00UL)  | ((x<<8)&0x00FF0000UL) )
+
+#ifdef _MSC_VER
+
+/*
+	instrinsic rotate
+ */
+#include <stdlib.h>
+#pragma intrinsic(_lrotr,_lrotl)
+#define ROR(x,n) _lrotr(x,n)
+#define ROL(x,n) _lrotl(x,n)
+#define RORc(x,n) _lrotr(x,n)
+#define ROLc(x,n) _lrotl(x,n)
+
+/*
+#elif defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && !defined(INTEL_CC) && !defined(PS_NO_ASM)
+
+static inline unsigned ROL(unsigned word, int32 i)
+{
+	asm ("roll %%cl,%0"
+		:"0" (word),"c" (i));
+	return word;
+}
+
+static inline unsigned ROR(unsigned word, int32 i)
+{
+	asm ("rorl %%cl,%0"
+		:"=r" (word)
+		:"0" (word),"c" (i));
+	return word;
+}
+*/
+/*
+#ifndef PS_NO_ROLC
+
+static inline unsigned ROLc(unsigned word, const int32 i)
+{
+   asm ("roll %2,%0"
+      :"=r" (word)
+      :"0" (word),"I" (i));
+   return word;
+}
+
+static inline unsigned RORc(unsigned word, const int32 i)
+{
+   asm ("rorl %2,%0"
+      :"=r" (word)
+      :"0" (word),"I" (i));
+   return word;
+}
+
+#else
+
+#define ROLc ROL
+#define RORc ROR
+
+#endif
+*/
+
+#else /* _MSC_VER */
+
+/*
+	rotates the hard way
+ */
+#define ROL(x, y) ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
+#define ROR(x, y) ( ((((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)((y)&31)) | ((unsigned long)(x)<<(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
+#define ROLc(x, y) ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
+#define RORc(x, y) ( ((((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)((y)&31)) | ((unsigned long)(x)<<(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
+
+#endif /* _MSC_VER */
+
+/* 64-bit Rotates */
+#if 0
+
+#if defined(__GNUC__) && defined(__x86_64__) && !defined(PS_NO_ASM)
+
+static inline unsigned long ROL64(unsigned long word, int32 i)
+{
+   asm("rolq %%cl,%0"
+      :"=r" (word)
+      :"0" (word),"c" (i));
+   return word;
+}
+
+static inline unsigned long ROR64(unsigned long word, int32 i)
+{
+   asm("rorq %%cl,%0"
+      :"=r" (word)
+      :"0" (word),"c" (i));
+   return word;
+}
+
+#ifndef PS_NO_ROLC
+
+static inline unsigned long ROL64c(unsigned long word, const int32 i)
+{
+   asm("rolq %2,%0"
+      :"=r" (word)
+      :"0" (word),"J" (i));
+   return word;
+}
+
+static inline unsigned long ROR64c(unsigned long word, const int32 i)
+{
+   asm("rorq %2,%0"
+      :"=r" (word)
+      :"0" (word),"J" (i));
+   return word;
+}
+
+#else /* PS_NO_ROLC */
+
+#define ROL64c ROL
+#define ROR64c ROR
+
+#endif /* PS_NO_ROLC */
+#endif
+#endif /* commented out */
+
+#define ROL64(x, y) \
+    ( (((x)<<((ulong64)(y)&63)) | \
+      (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)64-((y)&63)))) & CONST64(0xFFFFFFFFFFFFFFFF))
+
+#define ROR64(x, y) \
+    ( ((((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)(y)&CONST64(63))) | \
+      ((x)<<((ulong64)(64-((y)&CONST64(63)))))) & CONST64(0xFFFFFFFFFFFFFFFF))
+
+#define ROL64c(x, y) \
+    ( (((x)<<((ulong64)(y)&63)) | \
+      (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)64-((y)&63)))) & CONST64(0xFFFFFFFFFFFFFFFF))
+
+#define ROR64c(x, y) \
+    ( ((((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)(y)&CONST64(63))) | \
+      ((x)<<((ulong64)(64-((y)&CONST64(63)))))) & CONST64(0xFFFFFFFFFFFFFFFF))
+
+#undef MAX
+#undef MIN
+#define MAX(x, y) ( ((x)>(y))?(x):(y) )
+#define MIN(x, y) ( ((x)<(y))?(x):(y) )
+
+/*
+	extract a byte portably This MSC code causes runtime errors in VS.NET,
+	always use the other
+ */
+/*
+#ifdef _MSC_VER
+   #define byte(x, n) ((unsigned char)((x) >> (8 * (n))))
+#else
+*/
+   #define byte(x, n) (((x) >> (8 * (n))) & 255)
+/*
+#endif
+*/
+#ifdef __cplusplus
+   }
+#endif /* __cplusplus */
+
+#endif /* _h_PSCRYPTO */
+
+/******************************************************************************/
+