op public repos

Blob

Date:: Sat Apr 1 19:24:03 2006 UTC
Message:: Use gcc -ansi -pedantic in 9c. Fix many non-C89-isms.
Actions:: History | Blame | Raw File
1 #ifndef _LIBSEC_H_
2 #define _LIBSEC_H_ 1
3 #if defined(__cplusplus)
4 extern "C" { 
5 #endif
6 /*
7 #pragma	lib	"libsec.a"
8 #pragma	src	"/sys/src/libsec"
9 */
10 
11 AUTOLIB(sec)
12 
13 #ifndef _MPINT
14 typedef struct mpint mpint;
15 #endif
16 
17 /*******************************************************/
18 /* AES definitions */
19 /*******************************************************/
20 
21 enum
22 {
23 	AESbsize=	16,
24 	AESmaxkey=	32,
25 	AESmaxrounds=	14
26 };
27 
28 typedef struct AESstate AESstate;
29 struct AESstate
30 {
31 	ulong	setup;
32 	int	rounds;
33 	int	keybytes;
34 	uchar	key[AESmaxkey];		/* unexpanded key */
35 	u32int	ekey[4*(AESmaxrounds + 1)];	/* encryption key */
36 	u32int	dkey[4*(AESmaxrounds + 1)];	/* decryption key */
37 	uchar	ivec[AESbsize];	/* initialization vector */
38 };
39 
40 void	setupAESstate(AESstate *s, uchar key[], int keybytes, uchar *ivec);
41 void	aesCBCencrypt(uchar *p, int len, AESstate *s);
42 void	aesCBCdecrypt(uchar *p, int len, AESstate *s);
43 
44 /*******************************************************/
45 /* Blowfish Definitions */
46 /*******************************************************/
47 
48 enum
49 {
50 	BFbsize	= 8,
51 	BFrounds	= 16
52 };
53 
54 /* 16-round Blowfish */
55 typedef struct BFstate BFstate;
56 struct BFstate
57 {
58 	ulong	setup;
59 
60 	uchar	key[56];
61 	uchar	ivec[8];
62 
63 	u32int 	pbox[BFrounds+2];
64 	u32int	sbox[1024];
65 };
66 
67 void	setupBFstate(BFstate *s, uchar key[], int keybytes, uchar *ivec);
68 void	bfCBCencrypt(uchar*, int, BFstate*);
69 void	bfCBCdecrypt(uchar*, int, BFstate*);
70 void	bfECBencrypt(uchar*, int, BFstate*);
71 void	bfECBdecrypt(uchar*, int, BFstate*);
72 
73 /*******************************************************/
74 /* DES definitions */
75 /*******************************************************/
76 
77 enum
78 {
79 	DESbsize=	8
80 };
81 
82 /* single des */
83 typedef struct DESstate DESstate;
84 struct DESstate
85 {
86 	ulong	setup;
87 	uchar	key[8];		/* unexpanded key */
88 	ulong	expanded[32];	/* expanded key */
89 	uchar	ivec[8];	/* initialization vector */
90 };
91 
92 void	setupDESstate(DESstate *s, uchar key[8], uchar *ivec);
93 void	des_key_setup(uchar[8], ulong[32]);
94 void	block_cipher(ulong*, uchar*, int);
95 void	desCBCencrypt(uchar*, int, DESstate*);
96 void	desCBCdecrypt(uchar*, int, DESstate*);
97 void	desECBencrypt(uchar*, int, DESstate*);
98 void	desECBdecrypt(uchar*, int, DESstate*);
99 
100 /* for backward compatibility with 7 byte DES key format */
101 void	des56to64(uchar *k56, uchar *k64);
102 void	des64to56(uchar *k64, uchar *k56);
103 void	key_setup(uchar[7], ulong[32]);
104 
105 /* triple des encrypt/decrypt orderings */
106 enum {
107 	DES3E=		0,
108 	DES3D=		1,
109 	DES3EEE=	0,
110 	DES3EDE=	2,
111 	DES3DED=	5,
112 	DES3DDD=	7
113 };
114 
115 typedef struct DES3state DES3state;
116 struct DES3state
117 {
118 	ulong	setup;
119 	uchar	key[3][8];		/* unexpanded key */
120 	ulong	expanded[3][32];	/* expanded key */
121 	uchar	ivec[8];		/* initialization vector */
122 };
123 
124 void	setupDES3state(DES3state *s, uchar key[3][8], uchar *ivec);
125 void	triple_block_cipher(ulong keys[3][32], uchar*, int);
126 void	des3CBCencrypt(uchar*, int, DES3state*);
127 void	des3CBCdecrypt(uchar*, int, DES3state*);
128 void	des3ECBencrypt(uchar*, int, DES3state*);
129 void	des3ECBdecrypt(uchar*, int, DES3state*);
130 
131 /*******************************************************/
132 /* digests */
133 /*******************************************************/
134 
135 enum
136 {
137 	SHA1dlen=	20,	/* SHA digest length */
138 	MD4dlen=	16,	/* MD4 digest length */
139 	MD5dlen=	16	/* MD5 digest length */
140 };
141 
142 typedef struct DigestState DigestState;
143 struct DigestState
144 {
145 	ulong len;
146 	u32int state[5];
147 	uchar buf[128];
148 	int blen;
149 	char malloced;
150 	char seeded;
151 };
152 typedef struct DigestState SHAstate;	/* obsolete name */
153 typedef struct DigestState SHA1state;
154 typedef struct DigestState MD5state;
155 typedef struct DigestState MD4state;
156 
157 DigestState* md4(uchar*, ulong, uchar*, DigestState*);
158 DigestState* md5(uchar*, ulong, uchar*, DigestState*);
159 DigestState* sha1(uchar*, ulong, uchar*, DigestState*);
160 DigestState* hmac_md5(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
161 DigestState* hmac_sha1(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
162 char* sha1pickle(SHA1state*);
163 SHA1state* sha1unpickle(char*);
164 
165 /*******************************************************/
166 /* random number generation */
167 /*******************************************************/
168 void	genrandom(uchar *buf, int nbytes);
169 void	prng(uchar *buf, int nbytes);
170 ulong	fastrand(void);
171 ulong	nfastrand(ulong);
172 
173 /*******************************************************/
174 /* primes */
175 /*******************************************************/
176 void	genprime(mpint *p, int n, int accuracy); /* generate an n bit probable prime */
177 void	gensafeprime(mpint *p, mpint *alpha, int n, int accuracy);	/* prime and generator */
178 void	genstrongprime(mpint *p, int n, int accuracy);	/* generate an n bit strong prime */
179 void	DSAprimes(mpint *q, mpint *p, uchar seed[SHA1dlen]);
180 int	probably_prime(mpint *n, int nrep);	/* miller-rabin test */
181 int	smallprimetest(mpint *p);		/* returns -1 if not prime, 0 otherwise */
182 
183 /*******************************************************/
184 /* rc4 */
185 /*******************************************************/
186 typedef struct RC4state RC4state;
187 struct RC4state
188 {
189 	 uchar state[256];
190 	 uchar x;
191 	 uchar y;
192 };
193 
194 void	setupRC4state(RC4state*, uchar*, int);
195 void	rc4(RC4state*, uchar*, int);
196 void	rc4skip(RC4state*, int);
197 void	rc4back(RC4state*, int);
198 
199 /*******************************************************/
200 /* rsa */
201 /*******************************************************/
202 typedef struct RSApub RSApub;
203 typedef struct RSApriv RSApriv;
204 typedef struct PEMChain PEMChain;
205 
206 /* public/encryption key */
207 struct RSApub
208 {
209 	mpint	*n;	/* modulus */
210 	mpint	*ek;	/* exp (encryption key) */
211 };
212 
213 /* private/decryption key */
214 struct RSApriv
215 {
216 	RSApub	pub;
217 
218 	mpint	*dk;	/* exp (decryption key) */
219 
220 	/* precomputed values to help with chinese remainder theorem calc */
221 	mpint	*p;
222 	mpint	*q;
223 	mpint	*kp;	/* dk mod p-1 */
224 	mpint	*kq;	/* dk mod q-1 */
225 	mpint	*c2;	/* (inv p) mod q */
226 };
227 
228 struct PEMChain
229 {
230 	PEMChain *next;
231 	uchar *pem;
232 	int pemlen;
233 };
234 
235 RSApriv*	rsagen(int nlen, int elen, int rounds);
236 mpint*		rsaencrypt(RSApub *k, mpint *in, mpint *out);
237 mpint*		rsadecrypt(RSApriv *k, mpint *in, mpint *out);
238 RSApub*		rsapuballoc(void);
239 void		rsapubfree(RSApub*);
240 RSApriv*	rsaprivalloc(void);
241 void		rsaprivfree(RSApriv*);
242 RSApub*		rsaprivtopub(RSApriv*);
243 RSApub*		X509toRSApub(uchar*, int, char*, int);
244 RSApriv*	asn1toRSApriv(uchar*, int);
245 uchar*		decodepem(char *s, char *type, int *len, char**);
246 PEMChain*	decodepemchain(char *s, char *type);
247 uchar*		X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
248 RSApriv*	rsafill(mpint *n, mpint *ek, mpint *dk, mpint *p, mpint *q);
249 uchar*	X509req(RSApriv *priv, char *subj, int *certlen);
250 
251 /*******************************************************/
252 /* elgamal */
253 /*******************************************************/
254 typedef struct EGpub EGpub;
255 typedef struct EGpriv EGpriv;
256 typedef struct EGsig EGsig;
257 
258 /* public/encryption key */
259 struct EGpub
260 {
261 	mpint	*p;	/* modulus */
262 	mpint	*alpha;	/* generator */
263 	mpint	*key;	/* (encryption key) alpha**secret mod p */
264 };
265 
266 /* private/decryption key */
267 struct EGpriv
268 {
269 	EGpub	pub;
270 	mpint	*secret; /* (decryption key) */
271 };
272 
273 /* signature */
274 struct EGsig
275 {
276 	mpint	*r, *s;
277 };
278 
279 EGpriv*		eggen(int nlen, int rounds);
280 mpint*		egencrypt(EGpub *k, mpint *in, mpint *out);
281 mpint*		egdecrypt(EGpriv *k, mpint *in, mpint *out);
282 EGsig*		egsign(EGpriv *k, mpint *m);
283 int		egverify(EGpub *k, EGsig *sig, mpint *m);
284 EGpub*		egpuballoc(void);
285 void		egpubfree(EGpub*);
286 EGpriv*		egprivalloc(void);
287 void		egprivfree(EGpriv*);
288 EGsig*		egsigalloc(void);
289 void		egsigfree(EGsig*);
290 EGpub*		egprivtopub(EGpriv*);
291 
292 /*******************************************************/
293 /* dsa */
294 /*******************************************************/
295 typedef struct DSApub DSApub;
296 typedef struct DSApriv DSApriv;
297 typedef struct DSAsig DSAsig;
298 
299 /* public/encryption key */
300 struct DSApub
301 {
302 	mpint	*p;	/* modulus */
303 	mpint	*q;	/* group order, q divides p-1 */
304 	mpint	*alpha;	/* group generator */
305 	mpint	*key;	/* (encryption key) alpha**secret mod p */
306 };
307 
308 /* private/decryption key */
309 struct DSApriv
310 {
311 	DSApub	pub;
312 	mpint	*secret; /* (decryption key) */
313 };
314 
315 /* signature */
316 struct DSAsig
317 {
318 	mpint	*r, *s;
319 };
320 
321 DSApriv*	dsagen(DSApub *opub);
322 DSAsig*		dsasign(DSApriv *k, mpint *m);
323 int		dsaverify(DSApub *k, DSAsig *sig, mpint *m);
324 DSApub*		dsapuballoc(void);
325 void		dsapubfree(DSApub*);
326 DSApriv*	dsaprivalloc(void);
327 void		dsaprivfree(DSApriv*);
328 DSAsig*		dsasigalloc(void);
329 void		dsasigfree(DSAsig*);
330 DSApub*		dsaprivtopub(DSApriv*);
331 DSApriv*	asn1toDSApriv(uchar*, int);
332 
333 /*******************************************************/
334 /* TLS */
335 /*******************************************************/
336 typedef struct Thumbprint{
337 	struct Thumbprint *next;
338 	uchar sha1[SHA1dlen];
339 } Thumbprint;
340 
341 typedef struct TLSconn{
342 	char dir[40];  /* connection directory */
343 	uchar *cert;   /* certificate (local on input, remote on output) */
344 	uchar *sessionID;
345 	int certlen, sessionIDlen;
346 	int (*trace)(char*fmt, ...);
347 	PEMChain *chain;
348 } TLSconn;
349 
350 /* tlshand.c */
351 extern int tlsClient(int fd, TLSconn *c);
352 extern int tlsServer(int fd, TLSconn *c);
353 
354 /* thumb.c */
355 extern Thumbprint* initThumbprints(char *ok, char *crl);
356 extern void freeThumbprints(Thumbprint *ok);
357 extern int okThumbprint(uchar *sha1, Thumbprint *ok);
358 
359 /* readcert.c */
360 extern uchar *readcert(char *filename, int *pcertlen);
361 PEMChain *readcertchain(char *filename);
362 
363 #if defined(__cplusplus)
364 }
365 #endif
366 #endif