tlibsec.h - plan9port - [fork] Plan 9 from user space | |
git clone git://src.adamsgaard.dk/plan9port | |
Log | |
Files | |
Refs | |
README | |
LICENSE | |
--- | |
tlibsec.h (9329B) | |
--- | |
1 #ifndef _LIBSEC_H_ | |
2 #define _LIBSEC_H_ 1 | |
3 #if defined(__cplusplus) | |
4 extern "C" { | |
5 #endif | |
6 /* | |
7 #pragma lib "libsec.a" | |
8 #pragma src "/sys/src/libsec" | |
9 */ | |
10 | |
11 AUTOLIB(sec) | |
12 | |
13 #ifndef _MPINT | |
14 typedef struct mpint mpint; | |
15 #endif | |
16 | |
17 /*******************************************************/ | |
18 /* AES definitions */ | |
19 /*******************************************************/ | |
20 | |
21 enum | |
22 { | |
23 AESbsize= 16, | |
24 AESmaxkey= 32, | |
25 AESmaxrounds= 14 | |
26 }; | |
27 | |
28 typedef struct AESstate AESstate; | |
29 struct AESstate | |
30 { | |
31 ulong setup; | |
32 int rounds; | |
33 int keybytes; | |
34 uchar key[AESmaxkey]; /* unexpanded key */ | |
35 u32int ekey[4*(AESmaxrounds + 1)]; /* encryption k… | |
36 u32int dkey[4*(AESmaxrounds + 1)]; /* decryption k… | |
37 uchar ivec[AESbsize]; /* initialization vector */ | |
38 }; | |
39 | |
40 void setupAESstate(AESstate *s, uchar key[], int keybytes, uchar … | |
41 void aesCBCencrypt(uchar *p, int len, AESstate *s); | |
42 void aesCBCdecrypt(uchar *p, int len, AESstate *s); | |
43 | |
44 /*******************************************************/ | |
45 /* Blowfish Definitions */ | |
46 /*******************************************************/ | |
47 | |
48 enum | |
49 { | |
50 BFbsize = 8, | |
51 BFrounds = 16 | |
52 }; | |
53 | |
54 /* 16-round Blowfish */ | |
55 typedef struct BFstate BFstate; | |
56 struct BFstate | |
57 { | |
58 ulong setup; | |
59 | |
60 uchar key[56]; | |
61 uchar ivec[8]; | |
62 | |
63 u32int pbox[BFrounds+2]; | |
64 u32int sbox[1024]; | |
65 }; | |
66 | |
67 void setupBFstate(BFstate *s, uchar key[], int keybytes, uchar *i… | |
68 void bfCBCencrypt(uchar*, int, BFstate*); | |
69 void bfCBCdecrypt(uchar*, int, BFstate*); | |
70 void bfECBencrypt(uchar*, int, BFstate*); | |
71 void bfECBdecrypt(uchar*, int, BFstate*); | |
72 | |
73 /*******************************************************/ | |
74 /* DES definitions */ | |
75 /*******************************************************/ | |
76 | |
77 enum | |
78 { | |
79 DESbsize= 8 | |
80 }; | |
81 | |
82 /* single des */ | |
83 typedef struct DESstate DESstate; | |
84 struct DESstate | |
85 { | |
86 ulong setup; | |
87 uchar key[8]; /* unexpanded key */ | |
88 ulong expanded[32]; /* expanded key */ | |
89 uchar ivec[8]; /* initialization vector */ | |
90 }; | |
91 | |
92 void setupDESstate(DESstate *s, uchar key[8], uchar *ivec); | |
93 void des_key_setup(uchar[8], ulong[32]); | |
94 void block_cipher(ulong*, uchar*, int); | |
95 void desCBCencrypt(uchar*, int, DESstate*); | |
96 void desCBCdecrypt(uchar*, int, DESstate*); | |
97 void desECBencrypt(uchar*, int, DESstate*); | |
98 void desECBdecrypt(uchar*, int, DESstate*); | |
99 | |
100 /* for backward compatibility with 7 byte DES key format */ | |
101 void des56to64(uchar *k56, uchar *k64); | |
102 void des64to56(uchar *k64, uchar *k56); | |
103 void key_setup(uchar[7], ulong[32]); | |
104 | |
105 /* triple des encrypt/decrypt orderings */ | |
106 enum { | |
107 DES3E= 0, | |
108 DES3D= 1, | |
109 DES3EEE= 0, | |
110 DES3EDE= 2, | |
111 DES3DED= 5, | |
112 DES3DDD= 7 | |
113 }; | |
114 | |
115 typedef struct DES3state DES3state; | |
116 struct DES3state | |
117 { | |
118 ulong setup; | |
119 uchar key[3][8]; /* unexpanded key */ | |
120 ulong expanded[3][32]; /* expanded key */ | |
121 uchar ivec[8]; /* initialization vector */ | |
122 }; | |
123 | |
124 void setupDES3state(DES3state *s, uchar key[3][8], uchar *ivec); | |
125 void triple_block_cipher(ulong keys[3][32], uchar*, int); | |
126 void des3CBCencrypt(uchar*, int, DES3state*); | |
127 void des3CBCdecrypt(uchar*, int, DES3state*); | |
128 void des3ECBencrypt(uchar*, int, DES3state*); | |
129 void des3ECBdecrypt(uchar*, int, DES3state*); | |
130 | |
131 /*******************************************************/ | |
132 /* digests */ | |
133 /*******************************************************/ | |
134 | |
135 enum | |
136 { | |
137 SHA1dlen= 20, /* SHA digest length */ | |
138 MD4dlen= 16, /* MD4 digest length */ | |
139 MD5dlen= 16 /* MD5 digest length */ | |
140 }; | |
141 | |
142 typedef struct DigestState DigestState; | |
143 struct DigestState | |
144 { | |
145 ulong len; | |
146 u32int state[5]; | |
147 uchar buf[128]; | |
148 int blen; | |
149 char malloced; | |
150 char seeded; | |
151 }; | |
152 typedef struct DigestState SHAstate; /* obsolete name */ | |
153 typedef struct DigestState SHA1state; | |
154 typedef struct DigestState MD5state; | |
155 typedef struct DigestState MD4state; | |
156 | |
157 DigestState* md4(uchar*, ulong, uchar*, DigestState*); | |
158 DigestState* md5(uchar*, ulong, uchar*, DigestState*); | |
159 DigestState* sha1(uchar*, ulong, uchar*, DigestState*); | |
160 DigestState* hmac_md5(uchar*, ulong, uchar*, ulong, uchar*, DigestState*… | |
161 DigestState* hmac_sha1(uchar*, ulong, uchar*, ulong, uchar*, DigestState… | |
162 char* sha1pickle(SHA1state*); | |
163 SHA1state* sha1unpickle(char*); | |
164 | |
165 /*******************************************************/ | |
166 /* random number generation */ | |
167 /*******************************************************/ | |
168 void genrandom(uchar *buf, int nbytes); | |
169 void prng(uchar *buf, int nbytes); | |
170 ulong fastrand(void); | |
171 ulong nfastrand(ulong); | |
172 | |
173 /*******************************************************/ | |
174 /* primes */ | |
175 /*******************************************************/ | |
176 void genprime(mpint *p, int n, int accuracy); /* generate an n bi… | |
177 void gensafeprime(mpint *p, mpint *alpha, int n, int accuracy); … | |
178 void genstrongprime(mpint *p, int n, int accuracy); /* gen… | |
179 void DSAprimes(mpint *q, mpint *p, uchar seed[SHA1dlen]); | |
180 int probably_prime(mpint *n, int nrep); /* miller-rabin te… | |
181 int smallprimetest(mpint *p); /* returns -1 if not… | |
182 | |
183 /*******************************************************/ | |
184 /* rc4 */ | |
185 /*******************************************************/ | |
186 typedef struct RC4state RC4state; | |
187 struct RC4state | |
188 { | |
189 uchar state[256]; | |
190 uchar x; | |
191 uchar y; | |
192 }; | |
193 | |
194 void setupRC4state(RC4state*, uchar*, int); | |
195 void rc4(RC4state*, uchar*, int); | |
196 void rc4skip(RC4state*, int); | |
197 void rc4back(RC4state*, int); | |
198 | |
199 /*******************************************************/ | |
200 /* rsa */ | |
201 /*******************************************************/ | |
202 typedef struct RSApub RSApub; | |
203 typedef struct RSApriv RSApriv; | |
204 typedef struct PEMChain PEMChain; | |
205 | |
206 /* public/encryption key */ | |
207 struct RSApub | |
208 { | |
209 mpint *n; /* modulus */ | |
210 mpint *ek; /* exp (encryption key) */ | |
211 }; | |
212 | |
213 /* private/decryption key */ | |
214 struct RSApriv | |
215 { | |
216 RSApub pub; | |
217 | |
218 mpint *dk; /* exp (decryption key) */ | |
219 | |
220 /* precomputed values to help with chinese remainder theorem cal… | |
221 mpint *p; | |
222 mpint *q; | |
223 mpint *kp; /* dk mod p-1 */ | |
224 mpint *kq; /* dk mod q-1 */ | |
225 mpint *c2; /* (inv p) mod q */ | |
226 }; | |
227 | |
228 struct PEMChain | |
229 { | |
230 PEMChain *next; | |
231 uchar *pem; | |
232 int pemlen; | |
233 }; | |
234 | |
235 RSApriv* rsagen(int nlen, int elen, int rounds); | |
236 mpint* rsaencrypt(RSApub *k, mpint *in, mpint *out); | |
237 mpint* rsadecrypt(RSApriv *k, mpint *in, mpint *out); | |
238 RSApub* rsapuballoc(void); | |
239 void rsapubfree(RSApub*); | |
240 RSApriv* rsaprivalloc(void); | |
241 void rsaprivfree(RSApriv*); | |
242 RSApub* rsaprivtopub(RSApriv*); | |
243 RSApub* X509toRSApub(uchar*, int, char*, int); | |
244 RSApriv* asn1toRSApriv(uchar*, int); | |
245 uchar* decodepem(char *s, char *type, int *len, char**); | |
246 PEMChain* decodepemchain(char *s, char *type); | |
247 uchar* X509gen(RSApriv *priv, char *subj, ulong valid[2],… | |
248 RSApriv* rsafill(mpint *n, mpint *ek, mpint *dk, mpint *p, mpint … | |
249 uchar* X509req(RSApriv *priv, char *subj, int *certlen); | |
250 | |
251 /*******************************************************/ | |
252 /* elgamal */ | |
253 /*******************************************************/ | |
254 typedef struct EGpub EGpub; | |
255 typedef struct EGpriv EGpriv; | |
256 typedef struct EGsig EGsig; | |
257 | |
258 /* public/encryption key */ | |
259 struct EGpub | |
260 { | |
261 mpint *p; /* modulus */ | |
262 mpint *alpha; /* generator */ | |
263 mpint *key; /* (encryption key) alpha**secret mod … | |
264 }; | |
265 | |
266 /* private/decryption key */ | |
267 struct EGpriv | |
268 { | |
269 EGpub pub; | |
270 mpint *secret; /* (decryption key) */ | |
271 }; | |
272 | |
273 /* signature */ | |
274 struct EGsig | |
275 { | |
276 mpint *r, *s; | |
277 }; | |
278 | |
279 EGpriv* eggen(int nlen, int rounds); | |
280 mpint* egencrypt(EGpub *k, mpint *in, mpint *out); | |
281 mpint* egdecrypt(EGpriv *k, mpint *in, mpint *out); | |
282 EGsig* egsign(EGpriv *k, mpint *m); | |
283 int egverify(EGpub *k, EGsig *sig, mpint *m); | |
284 EGpub* egpuballoc(void); | |
285 void egpubfree(EGpub*); | |
286 EGpriv* egprivalloc(void); | |
287 void egprivfree(EGpriv*); | |
288 EGsig* egsigalloc(void); | |
289 void egsigfree(EGsig*); | |
290 EGpub* egprivtopub(EGpriv*); | |
291 | |
292 /*******************************************************/ | |
293 /* dsa */ | |
294 /*******************************************************/ | |
295 typedef struct DSApub DSApub; | |
296 typedef struct DSApriv DSApriv; | |
297 typedef struct DSAsig DSAsig; | |
298 | |
299 /* public/encryption key */ | |
300 struct DSApub | |
301 { | |
302 mpint *p; /* modulus */ | |
303 mpint *q; /* group order, q divides p-1 */ | |
304 mpint *alpha; /* group generator */ | |
305 mpint *key; /* (encryption key) alpha**secret mod … | |
306 }; | |
307 | |
308 /* private/decryption key */ | |
309 struct DSApriv | |
310 { | |
311 DSApub pub; | |
312 mpint *secret; /* (decryption key) */ | |
313 }; | |
314 | |
315 /* signature */ | |
316 struct DSAsig | |
317 { | |
318 mpint *r, *s; | |
319 }; | |
320 | |
321 DSApriv* dsagen(DSApub *opub); | |
322 DSAsig* dsasign(DSApriv *k, mpint *m); | |
323 int dsaverify(DSApub *k, DSAsig *sig, mpint *m); | |
324 DSApub* dsapuballoc(void); | |
325 void dsapubfree(DSApub*); | |
326 DSApriv* dsaprivalloc(void); | |
327 void dsaprivfree(DSApriv*); | |
328 DSAsig* dsasigalloc(void); | |
329 void dsasigfree(DSAsig*); | |
330 DSApub* dsaprivtopub(DSApriv*); | |
331 DSApriv* asn1toDSApriv(uchar*, int); | |
332 | |
333 /*******************************************************/ | |
334 /* TLS */ | |
335 /*******************************************************/ | |
336 typedef struct Thumbprint{ | |
337 struct Thumbprint *next; | |
338 uchar sha1[SHA1dlen]; | |
339 } Thumbprint; | |
340 | |
341 typedef struct TLSconn{ | |
342 char dir[40]; /* connection directory */ | |
343 uchar *cert; /* certificate (local on input, remote on output)… | |
344 uchar *sessionID; | |
345 int certlen, sessionIDlen; | |
346 int (*trace)(char*fmt, ...); | |
347 PEMChain *chain; | |
348 } TLSconn; | |
349 | |
350 /* tlshand.c */ | |
351 extern int tlsClient(int fd, TLSconn *c); | |
352 extern int tlsServer(int fd, TLSconn *c); | |
353 | |
354 /* thumb.c */ | |
355 extern Thumbprint* initThumbprints(char *ok, char *crl); | |
356 extern void freeThumbprints(Thumbprint *ok); | |
357 extern int okThumbprint(uchar *sha1, Thumbprint *ok); | |
358 | |
359 /* readcert.c */ | |
360 extern uchar *readcert(char *filename, int *pcertlen); | |
361 PEMChain *readcertchain(char *filename); | |
362 | |
363 #if defined(__cplusplus) | |
364 } | |
365 #endif | |
366 #endif |