3 #if defined(__cplusplus)
8 #pragma src "/sys/src/libsec"
12 typedef struct mpint mpint;
15 /////////////////////////////////////////////////////////
17 /////////////////////////////////////////////////////////
26 typedef struct AESstate AESstate;
32 uchar key[AESmaxkey]; /* unexpanded key */
33 u32int ekey[4*(AESmaxrounds + 1)]; /* encryption key */
34 u32int dkey[4*(AESmaxrounds + 1)]; /* decryption key */
35 uchar ivec[AESbsize]; /* initialization vector */
38 void setupAESstate(AESstate *s, uchar key[], int keybytes, uchar *ivec);
39 void aesCBCencrypt(uchar *p, int len, AESstate *s);
40 void aesCBCdecrypt(uchar *p, int len, AESstate *s);
42 /////////////////////////////////////////////////////////
43 // Blowfish Definitions
44 /////////////////////////////////////////////////////////
53 typedef struct BFstate BFstate;
61 u32int pbox[BFrounds+2];
65 void setupBFstate(BFstate *s, uchar key[], int keybytes, uchar *ivec);
66 void bfCBCencrypt(uchar*, int, BFstate*);
67 void bfCBCdecrypt(uchar*, int, BFstate*);
68 void bfECBencrypt(uchar*, int, BFstate*);
69 void bfECBdecrypt(uchar*, int, BFstate*);
71 /////////////////////////////////////////////////////////
73 /////////////////////////////////////////////////////////
81 typedef struct DESstate DESstate;
85 uchar key[8]; /* unexpanded key */
86 ulong expanded[32]; /* expanded key */
87 uchar ivec[8]; /* initialization vector */
90 void setupDESstate(DESstate *s, uchar key[8], uchar *ivec);
91 void des_key_setup(uchar[8], ulong[32]);
92 void block_cipher(ulong*, uchar*, int);
93 void desCBCencrypt(uchar*, int, DESstate*);
94 void desCBCdecrypt(uchar*, int, DESstate*);
95 void desECBencrypt(uchar*, int, DESstate*);
96 void desECBdecrypt(uchar*, int, DESstate*);
98 // for backward compatibility with 7 byte DES key format
99 void des56to64(uchar *k56, uchar *k64);
100 void des64to56(uchar *k64, uchar *k56);
101 void key_setup(uchar[7], ulong[32]);
103 // triple des encrypt/decrypt orderings
113 typedef struct DES3state DES3state;
117 uchar key[3][8]; /* unexpanded key */
118 ulong expanded[3][32]; /* expanded key */
119 uchar ivec[8]; /* initialization vector */
122 void setupDES3state(DES3state *s, uchar key[3][8], uchar *ivec);
123 void triple_block_cipher(ulong keys[3][32], uchar*, int);
124 void des3CBCencrypt(uchar*, int, DES3state*);
125 void des3CBCdecrypt(uchar*, int, DES3state*);
126 void des3ECBencrypt(uchar*, int, DES3state*);
127 void des3ECBdecrypt(uchar*, int, DES3state*);
129 /////////////////////////////////////////////////////////
131 /////////////////////////////////////////////////////////
135 SHA1dlen= 20, /* SHA digest length */
136 MD4dlen= 16, /* MD4 digest length */
137 MD5dlen= 16 /* MD5 digest length */
140 typedef struct DigestState DigestState;
150 typedef struct DigestState SHAstate; /* obsolete name */
151 typedef struct DigestState SHA1state;
152 typedef struct DigestState MD5state;
153 typedef struct DigestState MD4state;
155 DigestState* md4(uchar*, ulong, uchar*, DigestState*);
156 DigestState* md5(uchar*, ulong, uchar*, DigestState*);
157 DigestState* sha1(uchar*, ulong, uchar*, DigestState*);
158 DigestState* hmac_md5(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
159 DigestState* hmac_sha1(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
160 char* sha1pickle(SHA1state*);
161 SHA1state* sha1unpickle(char*);
163 /////////////////////////////////////////////////////////
164 // random number generation
165 /////////////////////////////////////////////////////////
166 void genrandom(uchar *buf, int nbytes);
167 void prng(uchar *buf, int nbytes);
168 ulong fastrand(void);
169 ulong nfastrand(ulong);
171 /////////////////////////////////////////////////////////
173 /////////////////////////////////////////////////////////
174 void genprime(mpint *p, int n, int accuracy); // generate an n bit probable prime
175 void gensafeprime(mpint *p, mpint *alpha, int n, int accuracy); // prime and generator
176 void genstrongprime(mpint *p, int n, int accuracy); // generate an n bit strong prime
177 void DSAprimes(mpint *q, mpint *p, uchar seed[SHA1dlen]);
178 int probably_prime(mpint *n, int nrep); // miller-rabin test
179 int smallprimetest(mpint *p); // returns -1 if not prime, 0 otherwise
181 /////////////////////////////////////////////////////////
183 /////////////////////////////////////////////////////////
184 typedef struct RC4state RC4state;
192 void setupRC4state(RC4state*, uchar*, int);
193 void rc4(RC4state*, uchar*, int);
194 void rc4skip(RC4state*, int);
195 void rc4back(RC4state*, int);
197 /////////////////////////////////////////////////////////
199 /////////////////////////////////////////////////////////
200 typedef struct RSApub RSApub;
201 typedef struct RSApriv RSApriv;
202 typedef struct PEMChain PEMChain;
204 // public/encryption key
208 mpint *ek; // exp (encryption key)
211 // private/decryption key
216 mpint *dk; // exp (decryption key)
218 // precomputed values to help with chinese remainder theorem calc
221 mpint *kp; // dk mod p-1
222 mpint *kq; // dk mod q-1
223 mpint *c2; // (inv p) mod q
233 RSApriv* rsagen(int nlen, int elen, int rounds);
234 mpint* rsaencrypt(RSApub *k, mpint *in, mpint *out);
235 mpint* rsadecrypt(RSApriv *k, mpint *in, mpint *out);
236 RSApub* rsapuballoc(void);
237 void rsapubfree(RSApub*);
238 RSApriv* rsaprivalloc(void);
239 void rsaprivfree(RSApriv*);
240 RSApub* rsaprivtopub(RSApriv*);
241 RSApub* X509toRSApub(uchar*, int, char*, int);
242 RSApriv* asn1toRSApriv(uchar*, int);
243 uchar* decodepem(char *s, char *type, int *len, char**);
244 PEMChain* decodepemchain(char *s, char *type);
245 uchar* X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
247 /////////////////////////////////////////////////////////
249 /////////////////////////////////////////////////////////
250 typedef struct EGpub EGpub;
251 typedef struct EGpriv EGpriv;
252 typedef struct EGsig EGsig;
254 // public/encryption key
258 mpint *alpha; // generator
259 mpint *key; // (encryption key) alpha**secret mod p
262 // private/decryption key
266 mpint *secret; // (decryption key)
275 EGpriv* eggen(int nlen, int rounds);
276 mpint* egencrypt(EGpub *k, mpint *in, mpint *out);
277 mpint* egdecrypt(EGpriv *k, mpint *in, mpint *out);
278 EGsig* egsign(EGpriv *k, mpint *m);
279 int egverify(EGpub *k, EGsig *sig, mpint *m);
280 EGpub* egpuballoc(void);
281 void egpubfree(EGpub*);
282 EGpriv* egprivalloc(void);
283 void egprivfree(EGpriv*);
284 EGsig* egsigalloc(void);
285 void egsigfree(EGsig*);
286 EGpub* egprivtopub(EGpriv*);
288 /////////////////////////////////////////////////////////
290 /////////////////////////////////////////////////////////
291 typedef struct DSApub DSApub;
292 typedef struct DSApriv DSApriv;
293 typedef struct DSAsig DSAsig;
295 // public/encryption key
299 mpint *q; // group order, q divides p-1
300 mpint *alpha; // group generator
301 mpint *key; // (encryption key) alpha**secret mod p
304 // private/decryption key
308 mpint *secret; // (decryption key)
317 DSApriv* dsagen(DSApub *opub);
318 DSAsig* dsasign(DSApriv *k, mpint *m);
319 int dsaverify(DSApub *k, DSAsig *sig, mpint *m);
320 DSApub* dsapuballoc(void);
321 void dsapubfree(DSApub*);
322 DSApriv* dsaprivalloc(void);
323 void dsaprivfree(DSApriv*);
324 DSAsig* dsasigalloc(void);
325 void dsasigfree(DSAsig*);
326 DSApub* dsaprivtopub(DSApriv*);
328 /////////////////////////////////////////////////////////
330 /////////////////////////////////////////////////////////
331 typedef struct Thumbprint{
332 struct Thumbprint *next;
333 uchar sha1[SHA1dlen];
336 typedef struct TLSconn{
337 char dir[40]; // connection directory
338 uchar *cert; // certificate (local on input, remote on output)
340 int certlen, sessionIDlen;
341 int (*trace)(char*fmt, ...);
346 extern int tlsClient(int fd, TLSconn *c);
347 extern int tlsServer(int fd, TLSconn *c);
350 extern Thumbprint* initThumbprints(char *ok, char *crl);
351 extern void freeThumbprints(Thumbprint *ok);
352 extern int okThumbprint(uchar *sha1, Thumbprint *ok);
355 extern uchar *readcert(char *filename, int *pcertlen);
356 PEMChain *readcertchain(char *filename);
358 #if defined(__cplusplus)