9base

revived minimalist port of Plan 9 userland to Unix
git clone git://git.suckless.org/9base
Log | Files | Refs | README | LICENSE

libsec.h (9329B)

      1 #ifndef _LIBSEC_H_
      2 #define _LIBSEC_H_ 1
      3 #if defined(__cplusplus)
      4 extern "C" { 
      5 #endif
      6 /*
      7 #pragma	lib	"libsec.a"
      8 #pragma	src	"/sys/src/libsec"
      9 */
     10 
     11 AUTOLIB(sec)
     12 
     13 #ifndef _MPINT
     14 typedef struct mpint mpint;
     15 #endif
     16 
     17 /*******************************************************/
     18 /* AES definitions */
     19 /*******************************************************/
     20 
     21 enum
     22 {
     23 	AESbsize=	16,
     24 	AESmaxkey=	32,
     25 	AESmaxrounds=	14
     26 };
     27 
     28 typedef struct AESstate AESstate;
     29 struct AESstate
     30 {
     31 	ulong	setup;
     32 	int	rounds;
     33 	int	keybytes;
     34 	uchar	key[AESmaxkey];		/* unexpanded key */
     35 	u32int	ekey[4*(AESmaxrounds + 1)];	/* encryption key */
     36 	u32int	dkey[4*(AESmaxrounds + 1)];	/* decryption key */
     37 	uchar	ivec[AESbsize];	/* initialization vector */
     38 };
     39 
     40 void	setupAESstate(AESstate *s, uchar key[], int keybytes, uchar *ivec);
     41 void	aesCBCencrypt(uchar *p, int len, AESstate *s);
     42 void	aesCBCdecrypt(uchar *p, int len, AESstate *s);
     43 
     44 /*******************************************************/
     45 /* Blowfish Definitions */
     46 /*******************************************************/
     47 
     48 enum
     49 {
     50 	BFbsize	= 8,
     51 	BFrounds	= 16
     52 };
     53 
     54 /* 16-round Blowfish */
     55 typedef struct BFstate BFstate;
     56 struct BFstate
     57 {
     58 	ulong	setup;
     59 
     60 	uchar	key[56];
     61 	uchar	ivec[8];
     62 
     63 	u32int 	pbox[BFrounds+2];
     64 	u32int	sbox[1024];
     65 };
     66 
     67 void	setupBFstate(BFstate *s, uchar key[], int keybytes, uchar *ivec);
     68 void	bfCBCencrypt(uchar*, int, BFstate*);
     69 void	bfCBCdecrypt(uchar*, int, BFstate*);
     70 void	bfECBencrypt(uchar*, int, BFstate*);
     71 void	bfECBdecrypt(uchar*, int, BFstate*);
     72 
     73 /*******************************************************/
     74 /* DES definitions */
     75 /*******************************************************/
     76 
     77 enum
     78 {
     79 	DESbsize=	8
     80 };
     81 
     82 /* single des */
     83 typedef struct DESstate DESstate;
     84 struct DESstate
     85 {
     86 	ulong	setup;
     87 	uchar	key[8];		/* unexpanded key */
     88 	ulong	expanded[32];	/* expanded key */
     89 	uchar	ivec[8];	/* initialization vector */
     90 };
     91 
     92 void	setupDESstate(DESstate *s, uchar key[8], uchar *ivec);
     93 void	des_key_setup(uchar[8], ulong[32]);
     94 void	block_cipher(ulong*, uchar*, int);
     95 void	desCBCencrypt(uchar*, int, DESstate*);
     96 void	desCBCdecrypt(uchar*, int, DESstate*);
     97 void	desECBencrypt(uchar*, int, DESstate*);
     98 void	desECBdecrypt(uchar*, int, DESstate*);
     99 
    100 /* for backward compatibility with 7 byte DES key format */
    101 void	des56to64(uchar *k56, uchar *k64);
    102 void	des64to56(uchar *k64, uchar *k56);
    103 void	key_setup(uchar[7], ulong[32]);
    104 
    105 /* triple des encrypt/decrypt orderings */
    106 enum {
    107 	DES3E=		0,
    108 	DES3D=		1,
    109 	DES3EEE=	0,
    110 	DES3EDE=	2,
    111 	DES3DED=	5,
    112 	DES3DDD=	7
    113 };
    114 
    115 typedef struct DES3state DES3state;
    116 struct DES3state
    117 {
    118 	ulong	setup;
    119 	uchar	key[3][8];		/* unexpanded key */
    120 	ulong	expanded[3][32];	/* expanded key */
    121 	uchar	ivec[8];		/* initialization vector */
    122 };
    123 
    124 void	setupDES3state(DES3state *s, uchar key[3][8], uchar *ivec);
    125 void	triple_block_cipher(ulong keys[3][32], uchar*, int);
    126 void	des3CBCencrypt(uchar*, int, DES3state*);
    127 void	des3CBCdecrypt(uchar*, int, DES3state*);
    128 void	des3ECBencrypt(uchar*, int, DES3state*);
    129 void	des3ECBdecrypt(uchar*, int, DES3state*);
    130 
    131 /*******************************************************/
    132 /* digests */
    133 /*******************************************************/
    134 
    135 enum
    136 {
    137 	SHA1dlen=	20,	/* SHA digest length */
    138 	MD4dlen=	16,	/* MD4 digest length */
    139 	MD5dlen=	16	/* MD5 digest length */
    140 };
    141 
    142 typedef struct DigestState DigestState;
    143 struct DigestState
    144 {
    145 	ulong len;
    146 	u32int state[5];
    147 	uchar buf[128];
    148 	int blen;
    149 	char malloced;
    150 	char seeded;
    151 };
    152 typedef struct DigestState SHAstate;	/* obsolete name */
    153 typedef struct DigestState SHA1state;
    154 typedef struct DigestState MD5state;
    155 typedef struct DigestState MD4state;
    156 
    157 DigestState* md4(uchar*, ulong, uchar*, DigestState*);
    158 DigestState* md5(uchar*, ulong, uchar*, DigestState*);
    159 DigestState* sha1(uchar*, ulong, uchar*, DigestState*);
    160 DigestState* hmac_md5(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
    161 DigestState* hmac_sha1(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
    162 char* sha1pickle(SHA1state*);
    163 SHA1state* sha1unpickle(char*);
    164 
    165 /*******************************************************/
    166 /* random number generation */
    167 /*******************************************************/
    168 void	genrandom(uchar *buf, int nbytes);
    169 void	prng(uchar *buf, int nbytes);
    170 ulong	fastrand(void);
    171 ulong	nfastrand(ulong);
    172 
    173 /*******************************************************/
    174 /* primes */
    175 /*******************************************************/
    176 void	genprime(mpint *p, int n, int accuracy); /* generate an n bit probable prime */
    177 void	gensafeprime(mpint *p, mpint *alpha, int n, int accuracy);	/* prime and generator */
    178 void	genstrongprime(mpint *p, int n, int accuracy);	/* generate an n bit strong prime */
    179 void	DSAprimes(mpint *q, mpint *p, uchar seed[SHA1dlen]);
    180 int	probably_prime(mpint *n, int nrep);	/* miller-rabin test */
    181 int	smallprimetest(mpint *p);		/* returns -1 if not prime, 0 otherwise */
    182 
    183 /*******************************************************/
    184 /* rc4 */
    185 /*******************************************************/
    186 typedef struct RC4state RC4state;
    187 struct RC4state
    188 {
    189 	 uchar state[256];
    190 	 uchar x;
    191 	 uchar y;
    192 };
    193 
    194 void	setupRC4state(RC4state*, uchar*, int);
    195 void	rc4(RC4state*, uchar*, int);
    196 void	rc4skip(RC4state*, int);
    197 void	rc4back(RC4state*, int);
    198 
    199 /*******************************************************/
    200 /* rsa */
    201 /*******************************************************/
    202 typedef struct RSApub RSApub;
    203 typedef struct RSApriv RSApriv;
    204 typedef struct PEMChain PEMChain;
    205 
    206 /* public/encryption key */
    207 struct RSApub
    208 {
    209 	mpint	*n;	/* modulus */
    210 	mpint	*ek;	/* exp (encryption key) */
    211 };
    212 
    213 /* private/decryption key */
    214 struct RSApriv
    215 {
    216 	RSApub	pub;
    217 
    218 	mpint	*dk;	/* exp (decryption key) */
    219 
    220 	/* precomputed values to help with chinese remainder theorem calc */
    221 	mpint	*p;
    222 	mpint	*q;
    223 	mpint	*kp;	/* dk mod p-1 */
    224 	mpint	*kq;	/* dk mod q-1 */
    225 	mpint	*c2;	/* (inv p) mod q */
    226 };
    227 
    228 struct PEMChain
    229 {
    230 	PEMChain *next;
    231 	uchar *pem;
    232 	int pemlen;
    233 };
    234 
    235 RSApriv*	rsagen(int nlen, int elen, int rounds);
    236 mpint*		rsaencrypt(RSApub *k, mpint *in, mpint *out);
    237 mpint*		rsadecrypt(RSApriv *k, mpint *in, mpint *out);
    238 RSApub*		rsapuballoc(void);
    239 void		rsapubfree(RSApub*);
    240 RSApriv*	rsaprivalloc(void);
    241 void		rsaprivfree(RSApriv*);
    242 RSApub*		rsaprivtopub(RSApriv*);
    243 RSApub*		X509toRSApub(uchar*, int, char*, int);
    244 RSApriv*	asn1toRSApriv(uchar*, int);
    245 uchar*		decodepem(char *s, char *type, int *len, char**);
    246 PEMChain*	decodepemchain(char *s, char *type);
    247 uchar*		X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
    248 RSApriv*	rsafill(mpint *n, mpint *ek, mpint *dk, mpint *p, mpint *q);
    249 uchar*	X509req(RSApriv *priv, char *subj, int *certlen);
    250 
    251 /*******************************************************/
    252 /* elgamal */
    253 /*******************************************************/
    254 typedef struct EGpub EGpub;
    255 typedef struct EGpriv EGpriv;
    256 typedef struct EGsig EGsig;
    257 
    258 /* public/encryption key */
    259 struct EGpub
    260 {
    261 	mpint	*p;	/* modulus */
    262 	mpint	*alpha;	/* generator */
    263 	mpint	*key;	/* (encryption key) alpha**secret mod p */
    264 };
    265 
    266 /* private/decryption key */
    267 struct EGpriv
    268 {
    269 	EGpub	pub;
    270 	mpint	*secret; /* (decryption key) */
    271 };
    272 
    273 /* signature */
    274 struct EGsig
    275 {
    276 	mpint	*r, *s;
    277 };
    278 
    279 EGpriv*		eggen(int nlen, int rounds);
    280 mpint*		egencrypt(EGpub *k, mpint *in, mpint *out);
    281 mpint*		egdecrypt(EGpriv *k, mpint *in, mpint *out);
    282 EGsig*		egsign(EGpriv *k, mpint *m);
    283 int		egverify(EGpub *k, EGsig *sig, mpint *m);
    284 EGpub*		egpuballoc(void);
    285 void		egpubfree(EGpub*);
    286 EGpriv*		egprivalloc(void);
    287 void		egprivfree(EGpriv*);
    288 EGsig*		egsigalloc(void);
    289 void		egsigfree(EGsig*);
    290 EGpub*		egprivtopub(EGpriv*);
    291 
    292 /*******************************************************/
    293 /* dsa */
    294 /*******************************************************/
    295 typedef struct DSApub DSApub;
    296 typedef struct DSApriv DSApriv;
    297 typedef struct DSAsig DSAsig;
    298 
    299 /* public/encryption key */
    300 struct DSApub
    301 {
    302 	mpint	*p;	/* modulus */
    303 	mpint	*q;	/* group order, q divides p-1 */
    304 	mpint	*alpha;	/* group generator */
    305 	mpint	*key;	/* (encryption key) alpha**secret mod p */
    306 };
    307 
    308 /* private/decryption key */
    309 struct DSApriv
    310 {
    311 	DSApub	pub;
    312 	mpint	*secret; /* (decryption key) */
    313 };
    314 
    315 /* signature */
    316 struct DSAsig
    317 {
    318 	mpint	*r, *s;
    319 };
    320 
    321 DSApriv*	dsagen(DSApub *opub);
    322 DSAsig*		dsasign(DSApriv *k, mpint *m);
    323 int		dsaverify(DSApub *k, DSAsig *sig, mpint *m);
    324 DSApub*		dsapuballoc(void);
    325 void		dsapubfree(DSApub*);
    326 DSApriv*	dsaprivalloc(void);
    327 void		dsaprivfree(DSApriv*);
    328 DSAsig*		dsasigalloc(void);
    329 void		dsasigfree(DSAsig*);
    330 DSApub*		dsaprivtopub(DSApriv*);
    331 DSApriv*	asn1toDSApriv(uchar*, int);
    332 
    333 /*******************************************************/
    334 /* TLS */
    335 /*******************************************************/
    336 typedef struct Thumbprint{
    337 	struct Thumbprint *next;
    338 	uchar sha1[SHA1dlen];
    339 } Thumbprint;
    340 
    341 typedef struct TLSconn{
    342 	char dir[40];  /* connection directory */
    343 	uchar *cert;   /* certificate (local on input, remote on output) */
    344 	uchar *sessionID;
    345 	int certlen, sessionIDlen;
    346 	int (*trace)(char*fmt, ...);
    347 	PEMChain *chain;
    348 } TLSconn;
    349 
    350 /* tlshand.c */
    351 extern int tlsClient(int fd, TLSconn *c);
    352 extern int tlsServer(int fd, TLSconn *c);
    353 
    354 /* thumb.c */
    355 extern Thumbprint* initThumbprints(char *ok, char *crl);
    356 extern void freeThumbprints(Thumbprint *ok);
    357 extern int okThumbprint(uchar *sha1, Thumbprint *ok);
    358 
    359 /* readcert.c */
    360 extern uchar *readcert(char *filename, int *pcertlen);
    361 PEMChain *readcertchain(char *filename);
    362 
    363 #if defined(__cplusplus)
    364 }
    365 #endif
    366 #endif