op public repos

Blob

Date:: Mon Dec 27 00:14:43 2004 UTC
Message:: various changes from plan 9
Actions:: History | Blame | Raw File
1 #ifndef _LIBSEC_H_
2 #define _LIBSEC_H_ 1
3 #if defined(__cplusplus)
4 extern "C" { 
5 #endif
6 /*
7 #pragma	lib	"libsec.a"
8 #pragma	src	"/sys/src/libsec"
9 */
10 
11 #ifndef _MPINT
12 typedef struct mpint mpint;
13 #endif
14 
15 /////////////////////////////////////////////////////////
16 // AES definitions
17 /////////////////////////////////////////////////////////
18 
19 enum
20 {
21 	AESbsize=	16,
22 	AESmaxkey=	32,
23 	AESmaxrounds=	14
24 };
25 
26 typedef struct AESstate AESstate;
27 struct AESstate
28 {
29 	ulong	setup;
30 	int	rounds;
31 	int	keybytes;
32 	uchar	key[AESmaxkey];		/* unexpanded key */
33 	u32int	ekey[4*(AESmaxrounds + 1)];	/* encryption key */
34 	u32int	dkey[4*(AESmaxrounds + 1)];	/* decryption key */
35 	uchar	ivec[AESbsize];	/* initialization vector */
36 };
37 
38 void	setupAESstate(AESstate *s, uchar key[], int keybytes, uchar *ivec);
39 void	aesCBCencrypt(uchar *p, int len, AESstate *s);
40 void	aesCBCdecrypt(uchar *p, int len, AESstate *s);
41 
42 /////////////////////////////////////////////////////////
43 // Blowfish Definitions
44 /////////////////////////////////////////////////////////
45 
46 enum
47 {
48 	BFbsize	= 8,
49 	BFrounds	= 16
50 };
51 
52 // 16-round Blowfish
53 typedef struct BFstate BFstate;
54 struct BFstate
55 {
56 	ulong	setup;
57 
58 	uchar	key[56];
59 	uchar	ivec[8];
60 
61 	u32int 	pbox[BFrounds+2];
62 	u32int	sbox[1024];
63 };
64 
65 void	setupBFstate(BFstate *s, uchar key[], int keybytes, uchar *ivec);
66 void	bfCBCencrypt(uchar*, int, BFstate*);
67 void	bfCBCdecrypt(uchar*, int, BFstate*);
68 void	bfECBencrypt(uchar*, int, BFstate*);
69 void	bfECBdecrypt(uchar*, int, BFstate*);
70 
71 /////////////////////////////////////////////////////////
72 // DES definitions
73 /////////////////////////////////////////////////////////
74 
75 enum
76 {
77 	DESbsize=	8
78 };
79 
80 // single des
81 typedef struct DESstate DESstate;
82 struct DESstate
83 {
84 	ulong	setup;
85 	uchar	key[8];		/* unexpanded key */
86 	ulong	expanded[32];	/* expanded key */
87 	uchar	ivec[8];	/* initialization vector */
88 };
89 
90 void	setupDESstate(DESstate *s, uchar key[8], uchar *ivec);
91 void	des_key_setup(uchar[8], ulong[32]);
92 void	block_cipher(ulong*, uchar*, int);
93 void	desCBCencrypt(uchar*, int, DESstate*);
94 void	desCBCdecrypt(uchar*, int, DESstate*);
95 void	desECBencrypt(uchar*, int, DESstate*);
96 void	desECBdecrypt(uchar*, int, DESstate*);
97 
98 // for backward compatibility with 7 byte DES key format
99 void	des56to64(uchar *k56, uchar *k64);
100 void	des64to56(uchar *k64, uchar *k56);
101 void	key_setup(uchar[7], ulong[32]);
102 
103 // triple des encrypt/decrypt orderings
104 enum {
105 	DES3E=		0,
106 	DES3D=		1,
107 	DES3EEE=	0,
108 	DES3EDE=	2,
109 	DES3DED=	5,
110 	DES3DDD=	7
111 };
112 
113 typedef struct DES3state DES3state;
114 struct DES3state
115 {
116 	ulong	setup;
117 	uchar	key[3][8];		/* unexpanded key */
118 	ulong	expanded[3][32];	/* expanded key */
119 	uchar	ivec[8];		/* initialization vector */
120 };
121 
122 void	setupDES3state(DES3state *s, uchar key[3][8], uchar *ivec);
123 void	triple_block_cipher(ulong keys[3][32], uchar*, int);
124 void	des3CBCencrypt(uchar*, int, DES3state*);
125 void	des3CBCdecrypt(uchar*, int, DES3state*);
126 void	des3ECBencrypt(uchar*, int, DES3state*);
127 void	des3ECBdecrypt(uchar*, int, DES3state*);
128 
129 /////////////////////////////////////////////////////////
130 // digests
131 /////////////////////////////////////////////////////////
132 
133 enum
134 {
135 	SHA1dlen=	20,	/* SHA digest length */
136 	MD4dlen=	16,	/* MD4 digest length */
137 	MD5dlen=	16	/* MD5 digest length */
138 };
139 
140 typedef struct DigestState DigestState;
141 struct DigestState
142 {
143 	ulong len;
144 	u32int state[5];
145 	uchar buf[128];
146 	int blen;
147 	char malloced;
148 	char seeded;
149 };
150 typedef struct DigestState SHAstate;	/* obsolete name */
151 typedef struct DigestState SHA1state;
152 typedef struct DigestState MD5state;
153 typedef struct DigestState MD4state;
154 
155 DigestState* md4(uchar*, ulong, uchar*, DigestState*);
156 DigestState* md5(uchar*, ulong, uchar*, DigestState*);
157 DigestState* sha1(uchar*, ulong, uchar*, DigestState*);
158 DigestState* hmac_md5(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
159 DigestState* hmac_sha1(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
160 char* sha1pickle(SHA1state*);
161 SHA1state* sha1unpickle(char*);
162 
163 /////////////////////////////////////////////////////////
164 // random number generation
165 /////////////////////////////////////////////////////////
166 void	genrandom(uchar *buf, int nbytes);
167 void	prng(uchar *buf, int nbytes);
168 ulong	fastrand(void);
169 ulong	nfastrand(ulong);
170 
171 /////////////////////////////////////////////////////////
172 // primes
173 /////////////////////////////////////////////////////////
174 void	genprime(mpint *p, int n, int accuracy); // generate an n bit probable prime
175 void	gensafeprime(mpint *p, mpint *alpha, int n, int accuracy);	// prime and generator
176 void	genstrongprime(mpint *p, int n, int accuracy);	// generate an n bit strong prime
177 void	DSAprimes(mpint *q, mpint *p, uchar seed[SHA1dlen]);
178 int	probably_prime(mpint *n, int nrep);	// miller-rabin test
179 int	smallprimetest(mpint *p);		// returns -1 if not prime, 0 otherwise
180 
181 /////////////////////////////////////////////////////////
182 // rc4
183 /////////////////////////////////////////////////////////
184 typedef struct RC4state RC4state;
185 struct RC4state
186 {
187 	 uchar state[256];
188 	 uchar x;
189 	 uchar y;
190 };
191 
192 void	setupRC4state(RC4state*, uchar*, int);
193 void	rc4(RC4state*, uchar*, int);
194 void	rc4skip(RC4state*, int);
195 void	rc4back(RC4state*, int);
196 
197 /////////////////////////////////////////////////////////
198 // rsa
199 /////////////////////////////////////////////////////////
200 typedef struct RSApub RSApub;
201 typedef struct RSApriv RSApriv;
202 typedef struct PEMChain PEMChain;
203 
204 // public/encryption key
205 struct RSApub
206 {
207 	mpint	*n;	// modulus
208 	mpint	*ek;	// exp (encryption key)
209 };
210 
211 // private/decryption key
212 struct RSApriv
213 {
214 	RSApub	pub;
215 
216 	mpint	*dk;	// exp (decryption key)
217 
218 	// precomputed values to help with chinese remainder theorem calc
219 	mpint	*p;
220 	mpint	*q;
221 	mpint	*kp;	// dk mod p-1
222 	mpint	*kq;	// dk mod q-1
223 	mpint	*c2;	// (inv p) mod q
224 };
225 
226 struct PEMChain
227 {
228 	PEMChain *next;
229 	uchar *pem;
230 	int pemlen;
231 };
232 
233 RSApriv*	rsagen(int nlen, int elen, int rounds);
234 mpint*		rsaencrypt(RSApub *k, mpint *in, mpint *out);
235 mpint*		rsadecrypt(RSApriv *k, mpint *in, mpint *out);
236 RSApub*		rsapuballoc(void);
237 void		rsapubfree(RSApub*);
238 RSApriv*	rsaprivalloc(void);
239 void		rsaprivfree(RSApriv*);
240 RSApub*		rsaprivtopub(RSApriv*);
241 RSApub*		X509toRSApub(uchar*, int, char*, int);
242 RSApriv*	asn1toRSApriv(uchar*, int);
243 uchar*		decodepem(char *s, char *type, int *len, char**);
244 PEMChain*	decodepemchain(char *s, char *type);
245 uchar*		X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
246 
247 /////////////////////////////////////////////////////////
248 // elgamal
249 /////////////////////////////////////////////////////////
250 typedef struct EGpub EGpub;
251 typedef struct EGpriv EGpriv;
252 typedef struct EGsig EGsig;
253 
254 // public/encryption key
255 struct EGpub
256 {
257 	mpint	*p;	// modulus
258 	mpint	*alpha;	// generator
259 	mpint	*key;	// (encryption key) alpha**secret mod p
260 };
261 
262 // private/decryption key
263 struct EGpriv
264 {
265 	EGpub	pub;
266 	mpint	*secret; // (decryption key)
267 };
268 
269 // signature
270 struct EGsig
271 {
272 	mpint	*r, *s;
273 };
274 
275 EGpriv*		eggen(int nlen, int rounds);
276 mpint*		egencrypt(EGpub *k, mpint *in, mpint *out);
277 mpint*		egdecrypt(EGpriv *k, mpint *in, mpint *out);
278 EGsig*		egsign(EGpriv *k, mpint *m);
279 int		egverify(EGpub *k, EGsig *sig, mpint *m);
280 EGpub*		egpuballoc(void);
281 void		egpubfree(EGpub*);
282 EGpriv*		egprivalloc(void);
283 void		egprivfree(EGpriv*);
284 EGsig*		egsigalloc(void);
285 void		egsigfree(EGsig*);
286 EGpub*		egprivtopub(EGpriv*);
287 
288 /////////////////////////////////////////////////////////
289 // dsa
290 /////////////////////////////////////////////////////////
291 typedef struct DSApub DSApub;
292 typedef struct DSApriv DSApriv;
293 typedef struct DSAsig DSAsig;
294 
295 // public/encryption key
296 struct DSApub
297 {
298 	mpint	*p;	// modulus
299 	mpint	*q;	// group order, q divides p-1
300 	mpint	*alpha;	// group generator
301 	mpint	*key;	// (encryption key) alpha**secret mod p
302 };
303 
304 // private/decryption key
305 struct DSApriv
306 {
307 	DSApub	pub;
308 	mpint	*secret; // (decryption key)
309 };
310 
311 // signature
312 struct DSAsig
313 {
314 	mpint	*r, *s;
315 };
316 
317 DSApriv*	dsagen(DSApub *opub);
318 DSAsig*		dsasign(DSApriv *k, mpint *m);
319 int		dsaverify(DSApub *k, DSAsig *sig, mpint *m);
320 DSApub*		dsapuballoc(void);
321 void		dsapubfree(DSApub*);
322 DSApriv*	dsaprivalloc(void);
323 void		dsaprivfree(DSApriv*);
324 DSAsig*		dsasigalloc(void);
325 void		dsasigfree(DSAsig*);
326 DSApub*		dsaprivtopub(DSApriv*);
327 
328 /////////////////////////////////////////////////////////
329 // TLS
330 /////////////////////////////////////////////////////////
331 typedef struct Thumbprint{
332 	struct Thumbprint *next;
333 	uchar sha1[SHA1dlen];
334 } Thumbprint;
335 
336 typedef struct TLSconn{
337 	char dir[40];  // connection directory
338 	uchar *cert;   // certificate (local on input, remote on output)
339 	uchar *sessionID;
340 	int certlen, sessionIDlen;
341 	int (*trace)(char*fmt, ...);
342 	PEMChain *chain;
343 } TLSconn;
344 
345 // tlshand.c
346 extern int tlsClient(int fd, TLSconn *c);
347 extern int tlsServer(int fd, TLSconn *c);
348 
349 // thumb.c
350 extern Thumbprint* initThumbprints(char *ok, char *crl);
351 extern void freeThumbprints(Thumbprint *ok);
352 extern int okThumbprint(uchar *sha1, Thumbprint *ok);
353 
354 // readcert.c
355 extern uchar *readcert(char *filename, int *pcertlen);
356 PEMChain *readcertchain(char *filename);
357 
358 #if defined(__cplusplus)
359 }
360 #endif
361 #endif