 |
libsec.h - 9base - revived minimalist port of Plan 9 userland to Unix |
 |
git clone git://git.suckless.org/9base |
 |
Log |
|
Files |
|
Refs |
|
README |
|
LICENSE |
|
--- |
|
libsec.h (9329B) |
|
--- |
|
1 #ifndef _LIBSEC_H_ |
|
2 #define _LIBSEC_H_ 1 |
|
3 #if defined(__cplusplus) |
|
4 extern "C" { |
|
5 #endif |
|
6 /* |
|
7 #pragma lib "libsec.a" |
|
8 #pragma src "/sys/src/libsec" |
|
9 */ |
|
10 |
|
11 AUTOLIB(sec) |
|
12 |
|
13 #ifndef _MPINT |
|
14 typedef struct mpint mpint; |
|
15 #endif |
|
16 |
|
17 /*******************************************************/ |
|
18 /* AES definitions */ |
|
19 /*******************************************************/ |
|
20 |
|
21 enum |
|
22 { |
|
23 AESbsize= 16, |
|
24 AESmaxkey= 32, |
|
25 AESmaxrounds= 14 |
|
26 }; |
|
27 |
|
28 typedef struct AESstate AESstate; |
|
29 struct AESstate |
|
30 { |
|
31 ulong setup; |
|
32 int rounds; |
|
33 int keybytes; |
|
34 uchar key[AESmaxkey]; /* unexpanded key */ |
|
35 u32int ekey[4*(AESmaxrounds + 1)]; /* encryption k… |
|
36 u32int dkey[4*(AESmaxrounds + 1)]; /* decryption k… |
|
37 uchar ivec[AESbsize]; /* initialization vector */ |
|
38 }; |
|
39 |
|
40 void setupAESstate(AESstate *s, uchar key[], int keybytes, uchar … |
|
41 void aesCBCencrypt(uchar *p, int len, AESstate *s); |
|
42 void aesCBCdecrypt(uchar *p, int len, AESstate *s); |
|
43 |
|
44 /*******************************************************/ |
|
45 /* Blowfish Definitions */ |
|
46 /*******************************************************/ |
|
47 |
|
48 enum |
|
49 { |
|
50 BFbsize = 8, |
|
51 BFrounds = 16 |
|
52 }; |
|
53 |
|
54 /* 16-round Blowfish */ |
|
55 typedef struct BFstate BFstate; |
|
56 struct BFstate |
|
57 { |
|
58 ulong setup; |
|
59 |
|
60 uchar key[56]; |
|
61 uchar ivec[8]; |
|
62 |
|
63 u32int pbox[BFrounds+2]; |
|
64 u32int sbox[1024]; |
|
65 }; |
|
66 |
|
67 void setupBFstate(BFstate *s, uchar key[], int keybytes, uchar *i… |
|
68 void bfCBCencrypt(uchar*, int, BFstate*); |
|
69 void bfCBCdecrypt(uchar*, int, BFstate*); |
|
70 void bfECBencrypt(uchar*, int, BFstate*); |
|
71 void bfECBdecrypt(uchar*, int, BFstate*); |
|
72 |
|
73 /*******************************************************/ |
|
74 /* DES definitions */ |
|
75 /*******************************************************/ |
|
76 |
|
77 enum |
|
78 { |
|
79 DESbsize= 8 |
|
80 }; |
|
81 |
|
82 /* single des */ |
|
83 typedef struct DESstate DESstate; |
|
84 struct DESstate |
|
85 { |
|
86 ulong setup; |
|
87 uchar key[8]; /* unexpanded key */ |
|
88 ulong expanded[32]; /* expanded key */ |
|
89 uchar ivec[8]; /* initialization vector */ |
|
90 }; |
|
91 |
|
92 void setupDESstate(DESstate *s, uchar key[8], uchar *ivec); |
|
93 void des_key_setup(uchar[8], ulong[32]); |
|
94 void block_cipher(ulong*, uchar*, int); |
|
95 void desCBCencrypt(uchar*, int, DESstate*); |
|
96 void desCBCdecrypt(uchar*, int, DESstate*); |
|
97 void desECBencrypt(uchar*, int, DESstate*); |
|
98 void desECBdecrypt(uchar*, int, DESstate*); |
|
99 |
|
100 /* for backward compatibility with 7 byte DES key format */ |
|
101 void des56to64(uchar *k56, uchar *k64); |
|
102 void des64to56(uchar *k64, uchar *k56); |
|
103 void key_setup(uchar[7], ulong[32]); |
|
104 |
|
105 /* triple des encrypt/decrypt orderings */ |
|
106 enum { |
|
107 DES3E= 0, |
|
108 DES3D= 1, |
|
109 DES3EEE= 0, |
|
110 DES3EDE= 2, |
|
111 DES3DED= 5, |
|
112 DES3DDD= 7 |
|
113 }; |
|
114 |
|
115 typedef struct DES3state DES3state; |
|
116 struct DES3state |
|
117 { |
|
118 ulong setup; |
|
119 uchar key[3][8]; /* unexpanded key */ |
|
120 ulong expanded[3][32]; /* expanded key */ |
|
121 uchar ivec[8]; /* initialization vector */ |
|
122 }; |
|
123 |
|
124 void setupDES3state(DES3state *s, uchar key[3][8], uchar *ivec); |
|
125 void triple_block_cipher(ulong keys[3][32], uchar*, int); |
|
126 void des3CBCencrypt(uchar*, int, DES3state*); |
|
127 void des3CBCdecrypt(uchar*, int, DES3state*); |
|
128 void des3ECBencrypt(uchar*, int, DES3state*); |
|
129 void des3ECBdecrypt(uchar*, int, DES3state*); |
|
130 |
|
131 /*******************************************************/ |
|
132 /* digests */ |
|
133 /*******************************************************/ |
|
134 |
|
135 enum |
|
136 { |
|
137 SHA1dlen= 20, /* SHA digest length */ |
|
138 MD4dlen= 16, /* MD4 digest length */ |
|
139 MD5dlen= 16 /* MD5 digest length */ |
|
140 }; |
|
141 |
|
142 typedef struct DigestState DigestState; |
|
143 struct DigestState |
|
144 { |
|
145 ulong len; |
|
146 u32int state[5]; |
|
147 uchar buf[128]; |
|
148 int blen; |
|
149 char malloced; |
|
150 char seeded; |
|
151 }; |
|
152 typedef struct DigestState SHAstate; /* obsolete name */ |
|
153 typedef struct DigestState SHA1state; |
|
154 typedef struct DigestState MD5state; |
|
155 typedef struct DigestState MD4state; |
|
156 |
|
157 DigestState* md4(uchar*, ulong, uchar*, DigestState*); |
|
158 DigestState* md5(uchar*, ulong, uchar*, DigestState*); |
|
159 DigestState* sha1(uchar*, ulong, uchar*, DigestState*); |
|
160 DigestState* hmac_md5(uchar*, ulong, uchar*, ulong, uchar*, DigestState*… |
|
161 DigestState* hmac_sha1(uchar*, ulong, uchar*, ulong, uchar*, DigestState… |
|
162 char* sha1pickle(SHA1state*); |
|
163 SHA1state* sha1unpickle(char*); |
|
164 |
|
165 /*******************************************************/ |
|
166 /* random number generation */ |
|
167 /*******************************************************/ |
|
168 void genrandom(uchar *buf, int nbytes); |
|
169 void prng(uchar *buf, int nbytes); |
|
170 ulong fastrand(void); |
|
171 ulong nfastrand(ulong); |
|
172 |
|
173 /*******************************************************/ |
|
174 /* primes */ |
|
175 /*******************************************************/ |
|
176 void genprime(mpint *p, int n, int accuracy); /* generate an n bi… |
|
177 void gensafeprime(mpint *p, mpint *alpha, int n, int accuracy); … |
|
178 void genstrongprime(mpint *p, int n, int accuracy); /* gen… |
|
179 void DSAprimes(mpint *q, mpint *p, uchar seed[SHA1dlen]); |
|
180 int probably_prime(mpint *n, int nrep); /* miller-rabin te… |
|
181 int smallprimetest(mpint *p); /* returns -1 if not… |
|
182 |
|
183 /*******************************************************/ |
|
184 /* rc4 */ |
|
185 /*******************************************************/ |
|
186 typedef struct RC4state RC4state; |
|
187 struct RC4state |
|
188 { |
|
189 uchar state[256]; |
|
190 uchar x; |
|
191 uchar y; |
|
192 }; |
|
193 |
|
194 void setupRC4state(RC4state*, uchar*, int); |
|
195 void rc4(RC4state*, uchar*, int); |
|
196 void rc4skip(RC4state*, int); |
|
197 void rc4back(RC4state*, int); |
|
198 |
|
199 /*******************************************************/ |
|
200 /* rsa */ |
|
201 /*******************************************************/ |
|
202 typedef struct RSApub RSApub; |
|
203 typedef struct RSApriv RSApriv; |
|
204 typedef struct PEMChain PEMChain; |
|
205 |
|
206 /* public/encryption key */ |
|
207 struct RSApub |
|
208 { |
|
209 mpint *n; /* modulus */ |
|
210 mpint *ek; /* exp (encryption key) */ |
|
211 }; |
|
212 |
|
213 /* private/decryption key */ |
|
214 struct RSApriv |
|
215 { |
|
216 RSApub pub; |
|
217 |
|
218 mpint *dk; /* exp (decryption key) */ |
|
219 |
|
220 /* precomputed values to help with chinese remainder theorem cal… |
|
221 mpint *p; |
|
222 mpint *q; |
|
223 mpint *kp; /* dk mod p-1 */ |
|
224 mpint *kq; /* dk mod q-1 */ |
|
225 mpint *c2; /* (inv p) mod q */ |
|
226 }; |
|
227 |
|
228 struct PEMChain |
|
229 { |
|
230 PEMChain *next; |
|
231 uchar *pem; |
|
232 int pemlen; |
|
233 }; |
|
234 |
|
235 RSApriv* rsagen(int nlen, int elen, int rounds); |
|
236 mpint* rsaencrypt(RSApub *k, mpint *in, mpint *out); |
|
237 mpint* rsadecrypt(RSApriv *k, mpint *in, mpint *out); |
|
238 RSApub* rsapuballoc(void); |
|
239 void rsapubfree(RSApub*); |
|
240 RSApriv* rsaprivalloc(void); |
|
241 void rsaprivfree(RSApriv*); |
|
242 RSApub* rsaprivtopub(RSApriv*); |
|
243 RSApub* X509toRSApub(uchar*, int, char*, int); |
|
244 RSApriv* asn1toRSApriv(uchar*, int); |
|
245 uchar* decodepem(char *s, char *type, int *len, char**); |
|
246 PEMChain* decodepemchain(char *s, char *type); |
|
247 uchar* X509gen(RSApriv *priv, char *subj, ulong valid[2],… |
|
248 RSApriv* rsafill(mpint *n, mpint *ek, mpint *dk, mpint *p, mpint … |
|
249 uchar* X509req(RSApriv *priv, char *subj, int *certlen); |
|
250 |
|
251 /*******************************************************/ |
|
252 /* elgamal */ |
|
253 /*******************************************************/ |
|
254 typedef struct EGpub EGpub; |
|
255 typedef struct EGpriv EGpriv; |
|
256 typedef struct EGsig EGsig; |
|
257 |
|
258 /* public/encryption key */ |
|
259 struct EGpub |
|
260 { |
|
261 mpint *p; /* modulus */ |
|
262 mpint *alpha; /* generator */ |
|
263 mpint *key; /* (encryption key) alpha**secret mod … |
|
264 }; |
|
265 |
|
266 /* private/decryption key */ |
|
267 struct EGpriv |
|
268 { |
|
269 EGpub pub; |
|
270 mpint *secret; /* (decryption key) */ |
|
271 }; |
|
272 |
|
273 /* signature */ |
|
274 struct EGsig |
|
275 { |
|
276 mpint *r, *s; |
|
277 }; |
|
278 |
|
279 EGpriv* eggen(int nlen, int rounds); |
|
280 mpint* egencrypt(EGpub *k, mpint *in, mpint *out); |
|
281 mpint* egdecrypt(EGpriv *k, mpint *in, mpint *out); |
|
282 EGsig* egsign(EGpriv *k, mpint *m); |
|
283 int egverify(EGpub *k, EGsig *sig, mpint *m); |
|
284 EGpub* egpuballoc(void); |
|
285 void egpubfree(EGpub*); |
|
286 EGpriv* egprivalloc(void); |
|
287 void egprivfree(EGpriv*); |
|
288 EGsig* egsigalloc(void); |
|
289 void egsigfree(EGsig*); |
|
290 EGpub* egprivtopub(EGpriv*); |
|
291 |
|
292 /*******************************************************/ |
|
293 /* dsa */ |
|
294 /*******************************************************/ |
|
295 typedef struct DSApub DSApub; |
|
296 typedef struct DSApriv DSApriv; |
|
297 typedef struct DSAsig DSAsig; |
|
298 |
|
299 /* public/encryption key */ |
|
300 struct DSApub |
|
301 { |
|
302 mpint *p; /* modulus */ |
|
303 mpint *q; /* group order, q divides p-1 */ |
|
304 mpint *alpha; /* group generator */ |
|
305 mpint *key; /* (encryption key) alpha**secret mod … |
|
306 }; |
|
307 |
|
308 /* private/decryption key */ |
|
309 struct DSApriv |
|
310 { |
|
311 DSApub pub; |
|
312 mpint *secret; /* (decryption key) */ |
|
313 }; |
|
314 |
|
315 /* signature */ |
|
316 struct DSAsig |
|
317 { |
|
318 mpint *r, *s; |
|
319 }; |
|
320 |
|
321 DSApriv* dsagen(DSApub *opub); |
|
322 DSAsig* dsasign(DSApriv *k, mpint *m); |
|
323 int dsaverify(DSApub *k, DSAsig *sig, mpint *m); |
|
324 DSApub* dsapuballoc(void); |
|
325 void dsapubfree(DSApub*); |
|
326 DSApriv* dsaprivalloc(void); |
|
327 void dsaprivfree(DSApriv*); |
|
328 DSAsig* dsasigalloc(void); |
|
329 void dsasigfree(DSAsig*); |
|
330 DSApub* dsaprivtopub(DSApriv*); |
|
331 DSApriv* asn1toDSApriv(uchar*, int); |
|
332 |
|
333 /*******************************************************/ |
|
334 /* TLS */ |
|
335 /*******************************************************/ |
|
336 typedef struct Thumbprint{ |
|
337 struct Thumbprint *next; |
|
338 uchar sha1[SHA1dlen]; |
|
339 } Thumbprint; |
|
340 |
|
341 typedef struct TLSconn{ |
|
342 char dir[40]; /* connection directory */ |
|
343 uchar *cert; /* certificate (local on input, remote on output)… |
|
344 uchar *sessionID; |
|
345 int certlen, sessionIDlen; |
|
346 int (*trace)(char*fmt, ...); |
|
347 PEMChain *chain; |
|
348 } TLSconn; |
|
349 |
|
350 /* tlshand.c */ |
|
351 extern int tlsClient(int fd, TLSconn *c); |
|
352 extern int tlsServer(int fd, TLSconn *c); |
|
353 |
|
354 /* thumb.c */ |
|
355 extern Thumbprint* initThumbprints(char *ok, char *crl); |
|
356 extern void freeThumbprints(Thumbprint *ok); |
|
357 extern int okThumbprint(uchar *sha1, Thumbprint *ok); |
|
358 |
|
359 /* readcert.c */ |
|
360 extern uchar *readcert(char *filename, int *pcertlen); |
|
361 PEMChain *readcertchain(char *filename); |
|
362 |
|
363 #if defined(__cplusplus) |
|
364 } |
|
365 #endif |
|
366 #endif |
