libsec.h 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496
  1. /*
  2. * This file is part of the UCB release of Plan 9. It is subject to the license
  3. * terms in the LICENSE file found in the top-level directory of this
  4. * distribution and at http://akaros.cs.berkeley.edu/files/Plan9License. No
  5. * part of the UCB release of Plan 9, including this file, may be copied,
  6. * modified, propagated, or distributed except according to the terms contained
  7. * in the LICENSE file.
  8. */
  9. /*
  10. * AES definitions
  11. */
  12. enum
  13. {
  14. AESbsize= 16,
  15. AESmaxkey= 32,
  16. AESmaxrounds= 14
  17. };
  18. typedef struct AESstate AESstate;
  19. struct AESstate
  20. {
  21. uint32_t setup;
  22. int rounds;
  23. int keybytes;
  24. uint ctrsz;
  25. uint8_t key[AESmaxkey]; /* unexpanded key */
  26. uint32_t ekey[4*(AESmaxrounds + 1)]; /* encryption key */
  27. uint32_t dkey[4*(AESmaxrounds + 1)]; /* decryption key */
  28. uint8_t ivec[AESbsize]; /* initialization vector */
  29. uint8_t mackey[3 * AESbsize]; /* 3 XCBC mac 96 keys */
  30. };
  31. /* block ciphers */
  32. void aes_encrypt(uint32_t rk[], int Nr, uint8_t pt[16],
  33. uint8_t ct[16]);
  34. void aes_decrypt(uint32_t rk[], int Nr, uint8_t ct[16],
  35. uint8_t pt[16]);
  36. void setupAESstate(AESstate *s, uint8_t key[], int keybytes,
  37. uint8_t *ivec);
  38. void aesCBCencrypt(uint8_t *p, int len, AESstate *s);
  39. void aesCBCdecrypt(uint8_t *p, int len, AESstate *s);
  40. void aesCTRdecrypt(uint8_t *p, int len, AESstate *s);
  41. void aesCTRencrypt(uint8_t *p, int len, AESstate *s);
  42. void setupAESXCBCstate(AESstate *s);
  43. uint8_t* aesXCBCmac(uint8_t *p, int len, AESstate *s);
  44. /*
  45. * Blowfish Definitions
  46. */
  47. enum
  48. {
  49. BFbsize = 8,
  50. BFrounds= 16
  51. };
  52. /* 16-round Blowfish */
  53. typedef struct BFstate BFstate;
  54. struct BFstate
  55. {
  56. uint32_t setup;
  57. uint8_t key[56];
  58. uint8_t ivec[8];
  59. uint32_t pbox[BFrounds+2];
  60. uint32_t sbox[1024];
  61. };
  62. void setupBFstate(BFstate *s, uint8_t key[], int keybytes,
  63. uint8_t *ivec);
  64. void bfCBCencrypt(uint8_t*, int, BFstate*);
  65. void bfCBCdecrypt(uint8_t*, int, BFstate*);
  66. void bfECBencrypt(uint8_t*, int, BFstate*);
  67. void bfECBdecrypt(uint8_t*, int, BFstate*);
  68. /*
  69. * DES definitions
  70. */
  71. enum
  72. {
  73. DESbsize= 8
  74. };
  75. /* single des */
  76. typedef struct DESstate DESstate;
  77. struct DESstate
  78. {
  79. uint32_t setup;
  80. uint8_t key[8]; /* unexpanded key */
  81. uint32_t expanded[32]; /* expanded key */
  82. uint8_t ivec[8]; /* initialization vector */
  83. };
  84. void setupDESstate(DESstate *s, uint8_t key[8], uint8_t *ivec);
  85. void des_key_setup(uint8_t[8], uint32_t[32]);
  86. void block_cipher(uint32_t*, uint8_t*, int);
  87. void desCBCencrypt(uint8_t*, int, DESstate*);
  88. void desCBCdecrypt(uint8_t*, int, DESstate*);
  89. void desECBencrypt(uint8_t*, int, DESstate*);
  90. void desECBdecrypt(uint8_t*, int, DESstate*);
  91. /* for backward compatibility with 7-byte DES key format */
  92. void des56to64(uint8_t *k56, uint8_t *k64);
  93. void des64to56(uint8_t *k64, uint8_t *k56);
  94. void key_setup(uint8_t[7], uint32_t[32]);
  95. /* triple des encrypt/decrypt orderings */
  96. enum {
  97. DES3E= 0,
  98. DES3D= 1,
  99. DES3EEE= 0,
  100. DES3EDE= 2,
  101. DES3DED= 5,
  102. DES3DDD= 7
  103. };
  104. typedef struct DES3state DES3state;
  105. struct DES3state
  106. {
  107. uint32_t setup;
  108. uint8_t key[3][8]; /* unexpanded key */
  109. uint32_t expanded[3][32]; /* expanded key */
  110. uint8_t ivec[8]; /* initialization vector */
  111. };
  112. void setupDES3state(DES3state *s, uint8_t key[3][8], uint8_t *ivec);
  113. void triple_block_cipher(uint32_t keys[3][32], uint8_t*, int);
  114. void des3CBCencrypt(uint8_t*, int, DES3state*);
  115. void des3CBCdecrypt(uint8_t*, int, DES3state*);
  116. void des3ECBencrypt(uint8_t*, int, DES3state*);
  117. void des3ECBdecrypt(uint8_t*, int, DES3state*);
  118. /*
  119. * digests
  120. */
  121. enum
  122. {
  123. SHA1dlen= 20, /* SHA digest length */
  124. SHA2_224dlen= 28, /* SHA-224 digest length */
  125. SHA2_256dlen= 32, /* SHA-256 digest length */
  126. SHA2_384dlen= 48, /* SHA-384 digest length */
  127. SHA2_512dlen= 64, /* SHA-512 digest length */
  128. MD4dlen= 16, /* MD4 digest length */
  129. MD5dlen= 16, /* MD5 digest length */
  130. AESdlen= 16, /* TODO: see rfc */
  131. Hmacblksz = 64, /* in bytes; from rfc2104 */
  132. };
  133. typedef struct DigestState DigestState;
  134. struct DigestState
  135. {
  136. uint64_t len;
  137. union {
  138. uint32_t state[8];
  139. uint64_t bstate[8];
  140. };
  141. uint8_t buf[256];
  142. int blen;
  143. char malloced;
  144. char seeded;
  145. };
  146. typedef struct DigestState SHAstate; /* obsolete name */
  147. typedef struct DigestState SHA1state;
  148. typedef struct DigestState SHA2_224state;
  149. typedef struct DigestState SHA2_256state;
  150. typedef struct DigestState SHA2_384state;
  151. typedef struct DigestState SHA2_512state;
  152. typedef struct DigestState MD5state;
  153. typedef struct DigestState MD4state;
  154. typedef struct DigestState AEShstate;
  155. DigestState* md4(uint8_t*, uint32_t, uint8_t*, DigestState*);
  156. DigestState* md5(uint8_t*, uint32_t, uint8_t*, DigestState*);
  157. DigestState* sha1(uint8_t*, uint32_t, uint8_t*, DigestState*);
  158. DigestState* sha2_224(uint8_t*, uint32_t, uint8_t*, DigestState*);
  159. DigestState* sha2_256(uint8_t*, uint32_t, uint8_t*, DigestState*);
  160. DigestState* sha2_384(uint8_t*, uint32_t, uint8_t*, DigestState*);
  161. DigestState* sha2_512(uint8_t*, uint32_t, uint8_t*, DigestState*);
  162. DigestState* aes(uint8_t*, uint32_t, uint8_t*, DigestState*);
  163. DigestState* hmac_x(uint8_t *p, uint32_t len, uint8_t *key,
  164. uint32_t klen,
  165. uint8_t *digest, DigestState *s,
  166. DigestState*(*x)(uint8_t*, uint32_t, uint8_t*, DigestState*),
  167. int xlen);
  168. DigestState* hmac_md5(uint8_t*, uint32_t, uint8_t*, uint32_t,
  169. uint8_t*,
  170. DigestState*);
  171. DigestState* hmac_sha1(uint8_t*, uint32_t, uint8_t*, uint32_t,
  172. uint8_t*,
  173. DigestState*);
  174. DigestState* hmac_sha2_224(uint8_t*, uint32_t, uint8_t*, uint32_t,
  175. uint8_t*, DigestState*);
  176. DigestState* hmac_sha2_256(uint8_t*, uint32_t, uint8_t*, uint32_t,
  177. uint8_t*, DigestState*);
  178. DigestState* hmac_sha2_384(uint8_t*, uint32_t, uint8_t*, uint32_t,
  179. uint8_t*, DigestState*);
  180. DigestState* hmac_sha2_512(uint8_t*, uint32_t, uint8_t*, uint32_t,
  181. uint8_t*, DigestState*);
  182. DigestState* hmac_aes(uint8_t*, uint32_t, uint8_t*, uint32_t,
  183. uint8_t*,
  184. DigestState*);
  185. char* md5pickle(MD5state*);
  186. MD5state* md5unpickle(char*);
  187. char* sha1pickle(SHA1state*);
  188. SHA1state* sha1unpickle(char*);
  189. /*
  190. * random number generation
  191. */
  192. void genrandom(uint8_t *buf, int nbytes);
  193. void prng(uint8_t *buf, int nbytes);
  194. uint32_t fastrand(void);
  195. uint32_t nfastrand(uint32_t);
  196. /*
  197. * primes
  198. */
  199. void genprime(mpint *p, int n, int accuracy); /* generate n-bit probable prime */
  200. void gensafeprime(mpint *p, mpint *alpha, int n, int accuracy); /* prime & generator */
  201. void genstrongprime(mpint *p, int n, int accuracy); /* generate n-bit strong prime */
  202. void DSAprimes(mpint *q, mpint *p, uint8_t seed[SHA1dlen]);
  203. int probably_prime(mpint *n, int nrep); /* miller-rabin test */
  204. int smallprimetest(mpint *p); /* returns -1 if not prime, 0 otherwise */
  205. /*
  206. * rc4
  207. */
  208. typedef struct RC4state RC4state;
  209. struct RC4state
  210. {
  211. uint8_t state[256];
  212. uint8_t x;
  213. uint8_t y;
  214. };
  215. void setupRC4state(RC4state*, uint8_t*, int);
  216. void rc4(RC4state*, uint8_t*, int);
  217. void rc4skip(RC4state*, int);
  218. void rc4back(RC4state*, int);
  219. /*
  220. * rsa
  221. */
  222. typedef struct RSApub RSApub;
  223. typedef struct RSApriv RSApriv;
  224. typedef struct PEMChain PEMChain;
  225. /* public/encryption key */
  226. struct RSApub
  227. {
  228. mpint *n; /* modulus */
  229. mpint *ek; /* exp (encryption key) */
  230. };
  231. /* private/decryption key */
  232. struct RSApriv
  233. {
  234. RSApub pub;
  235. mpint *dk; /* exp (decryption key) */
  236. /* precomputed values to help with chinese remainder theorem calc */
  237. mpint *p;
  238. mpint *q;
  239. mpint *kp; /* dk mod p-1 */
  240. mpint *kq; /* dk mod q-1 */
  241. mpint *c2; /* (inv p) mod q */
  242. };
  243. struct PEMChain{
  244. PEMChain*next;
  245. uint8_t *pem;
  246. int pemlen;
  247. };
  248. RSApriv* rsagen(int nlen, int elen, int rounds);
  249. RSApriv* rsafill(mpint *n, mpint *e, mpint *d, mpint *p, mpint *q);
  250. mpint* rsaencrypt(RSApub *k, mpint *in, mpint *out);
  251. mpint* rsadecrypt(RSApriv *k, mpint *in, mpint *out);
  252. RSApub* rsapuballoc(void);
  253. void rsapubfree(RSApub*);
  254. RSApriv* rsaprivalloc(void);
  255. void rsaprivfree(RSApriv*);
  256. RSApub* rsaprivtopub(RSApriv*);
  257. RSApub* X509toRSApub(uint8_t*, int, char*, int);
  258. uint8_t* RSApubtoasn1(RSApub*, int*);
  259. RSApub* asn1toRSApub(uint8_t*, int);
  260. RSApriv* asn1toRSApriv(uint8_t*, int);
  261. void asn1dump(uint8_t *der, int len);
  262. uint8_t* decodePEM(char *s, char *type, int *len,
  263. char **new_s);
  264. PEMChain* decodepemchain(char *s, char *type);
  265. uint8_t* X509gen(RSApriv *priv, char *subj,
  266. uint32_t valid[2],
  267. int *certlen);
  268. uint8_t* X509req(RSApriv *priv, char *subj, int *certlen);
  269. char* X509verify(uint8_t *cert, int ncert, RSApub *pk);
  270. void X509dump(uint8_t *cert, int ncert);
  271. /*
  272. * elgamal
  273. */
  274. typedef struct EGpub EGpub;
  275. typedef struct EGpriv EGpriv;
  276. typedef struct EGsig EGsig;
  277. /* public/encryption key */
  278. struct EGpub
  279. {
  280. mpint *p; /* modulus */
  281. mpint *alpha; /* generator */
  282. mpint *key; /* (encryption key) alpha**secret mod p */
  283. };
  284. /* private/decryption key */
  285. struct EGpriv
  286. {
  287. EGpub pub;
  288. mpint *secret; /* (decryption key) */
  289. };
  290. /* signature */
  291. struct EGsig
  292. {
  293. mpint *r, *s;
  294. };
  295. EGpriv* eggen(int nlen, int rounds);
  296. mpint* egencrypt(EGpub *k, mpint *in, mpint *out); /* deprecated */
  297. mpint* egdecrypt(EGpriv *k, mpint *in, mpint *out);
  298. EGsig* egsign(EGpriv *k, mpint *m);
  299. int egverify(EGpub *k, EGsig *sig, mpint *m);
  300. EGpub* egpuballoc(void);
  301. void egpubfree(EGpub*);
  302. EGpriv* egprivalloc(void);
  303. void egprivfree(EGpriv*);
  304. EGsig* egsigalloc(void);
  305. void egsigfree(EGsig*);
  306. EGpub* egprivtopub(EGpriv*);
  307. /*
  308. * dsa
  309. */
  310. typedef struct DSApub DSApub;
  311. typedef struct DSApriv DSApriv;
  312. typedef struct DSAsig DSAsig;
  313. /* public/encryption key */
  314. struct DSApub
  315. {
  316. mpint *p; /* modulus */
  317. mpint *q; /* group order, q divides p-1 */
  318. mpint *alpha; /* group generator */
  319. mpint *key; /* (encryption key) alpha**secret mod p */
  320. };
  321. /* private/decryption key */
  322. struct DSApriv
  323. {
  324. DSApub pub;
  325. mpint *secret; /* (decryption key) */
  326. };
  327. /* signature */
  328. struct DSAsig
  329. {
  330. mpint *r, *s;
  331. };
  332. DSApriv* dsagen(DSApub *opub); /* opub not checked for consistency! */
  333. DSAsig* dsasign(DSApriv *k, mpint *m);
  334. int dsaverify(DSApub *k, DSAsig *sig, mpint *m);
  335. DSApub* dsapuballoc(void);
  336. void dsapubfree(DSApub*);
  337. DSApriv* dsaprivalloc(void);
  338. void dsaprivfree(DSApriv*);
  339. DSAsig* dsasigalloc(void);
  340. void dsasigfree(DSAsig*);
  341. DSApub* dsaprivtopub(DSApriv*);
  342. DSApriv* asn1toDSApriv(uint8_t*, int);
  343. /*
  344. * TLS
  345. */
  346. typedef struct Thumbprint{
  347. struct Thumbprint *next;
  348. uint8_t sha1[SHA1dlen];
  349. } Thumbprint;
  350. typedef struct TLSconn{
  351. char dir[40]; /* connection directory */
  352. uint8_t *cert; /* certificate (local on input, remote on output) */
  353. uint8_t *sessionID;
  354. uint8_t *psk;
  355. int certlen;
  356. int sessionIDlen;
  357. int psklen;
  358. int (*trace)(char*fmt, ...);
  359. PEMChain*chain; /* optional extra certificate evidence for servers to present */
  360. char *sessionType;
  361. uint8_t *sessionKey;
  362. int sessionKeylen;
  363. char *sessionConst;
  364. char *serverName;
  365. char *pskID;
  366. } TLSconn;
  367. /* tlshand.c */
  368. int tlsClient(int fd, TLSconn *c);
  369. int tlsServer(int fd, TLSconn *c);
  370. /* thumb.c */
  371. Thumbprint* initThumbprints(char *ok, char *crl);
  372. void freeThumbprints(Thumbprint *ok);
  373. int okThumbprint(uint8_t *sha1, Thumbprint *ok);
  374. /* readcert.c */
  375. uint8_t *readcert(char *filename, int *pcertlen);
  376. PEMChain*readcertchain(char *filename);
  377. /*
  378. * Diffie-Hellman key exchange
  379. */
  380. typedef struct DHstate DHstate;
  381. struct DHstate
  382. {
  383. mpint *g; /* base g */
  384. mpint *p; /* large prime */
  385. mpint *q; /* subgroup prime */
  386. mpint *x; /* random secret */
  387. mpint *y; /* public key y = g**x % p */
  388. };
  389. /* generate new public key: y = g**x % p */
  390. mpint* dh_new(DHstate *dh, mpint *p, mpint *q, mpint *g);
  391. /* calculate shared key: k = y**x % p */
  392. mpint* dh_finish(DHstate *dh, mpint *y);
  393. typedef struct ECpoint ECpoint;
  394. struct ECpoint{
  395. int inf;
  396. mpint *x;
  397. mpint *y;
  398. mpint *z; /* nil when using affine coordinates */
  399. };
  400. typedef ECpoint ECpub;
  401. typedef struct ECdomain ECdomain;
  402. struct ECdomain{
  403. mpint *p;
  404. mpint *a;
  405. mpint *b;
  406. ECpoint G;
  407. mpint *n;
  408. mpint *h;
  409. };
  410. typedef struct ECpriv ECpriv;
  411. struct ECpriv{
  412. ECpoint ecpoint;
  413. mpint *d;
  414. };
  415. void ecdominit(ECdomain *, void (*init)(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h));
  416. void ecdomfree(ECdomain *);
  417. ECpub* ecdecodepub(ECdomain *dom, uint8_t *, int);
  418. int ecencodepub(ECdomain *dom, ECpub *, uint8_t *, int);
  419. int ecdsaverify(ECdomain *, ECpub *, uint8_t *, int, mpint *, mpint *);
  420. ECpriv* ecgen(ECdomain *, ECpriv*);
  421. void ecmul(ECdomain *, ECpoint *a, mpint *k, ECpoint *s);
  422. void ecpubfree(ECpub *);
  423. char* X509ecdsaverifydigest(uint8_t *sig, int siglen, uint8_t *edigest, int edigestlen, ECdomain *dom, ECpub *pub);
  424. ECpub* X509toECpub(uint8_t *cert, int ncert, char *name, int nname, ECdomain *dom);
  425. char* X509rsaverifydigest(uint8_t *sig, int siglen, uint8_t *edigest, int edigestlen, RSApub *pk);
  426. int tsmemcmp(void *a1, void *a2, uint32_t n);
  427. //curves
  428. void secp256r1(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h);
  429. void secp384r1(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h);