1
0

libsec.h 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431
  1. /*
  2. * This file is part of the UCB release of Plan 9. It is subject to the license
  3. * terms in the LICENSE file found in the top-level directory of this
  4. * distribution and at http://akaros.cs.berkeley.edu/files/Plan9License. No
  5. * part of the UCB release of Plan 9, including this file, may be copied,
  6. * modified, propagated, or distributed except according to the terms contained
  7. * in the LICENSE file.
  8. */
  9. #pragma lib "libsec.a"
  10. #pragma src "/sys/src/libsec"
  11. #ifndef _MPINT
  12. typedef struct mpint mpint;
  13. #endif
  14. /*
  15. * AES definitions
  16. */
  17. enum
  18. {
  19. AESbsize= 16,
  20. AESmaxkey= 32,
  21. AESmaxrounds= 14
  22. };
  23. typedef struct AESstate AESstate;
  24. struct AESstate
  25. {
  26. uint32_t setup;
  27. int rounds;
  28. int keybytes;
  29. uint ctrsz;
  30. uint8_t key[AESmaxkey]; /* unexpanded key */
  31. uint32_t ekey[4*(AESmaxrounds + 1)]; /* encryption key */
  32. uint32_t dkey[4*(AESmaxrounds + 1)]; /* decryption key */
  33. uint8_t ivec[AESbsize]; /* initialization vector */
  34. uint8_t mackey[3 * AESbsize]; /* 3 XCBC mac 96 keys */
  35. };
  36. /* block ciphers */
  37. void aes_encrypt(uint32_t rk[], int Nr, uint8_t pt[16],
  38. uint8_t ct[16]);
  39. void aes_decrypt(uint32_t rk[], int Nr, uint8_t ct[16],
  40. uint8_t pt[16]);
  41. void setupAESstate(AESstate *s, uint8_t key[], int keybytes,
  42. uint8_t *ivec);
  43. void aesCBCencrypt(uint8_t *p, int len, AESstate *s);
  44. void aesCBCdecrypt(uint8_t *p, int len, AESstate *s);
  45. void aesCTRdecrypt(uint8_t *p, int len, AESstate *s);
  46. void aesCTRencrypt(uint8_t *p, int len, AESstate *s);
  47. void setupAESXCBCstate(AESstate *s);
  48. uint8_t* aesXCBCmac(uint8_t *p, int len, AESstate *s);
  49. /*
  50. * Blowfish Definitions
  51. */
  52. enum
  53. {
  54. BFbsize = 8,
  55. BFrounds= 16
  56. };
  57. /* 16-round Blowfish */
  58. typedef struct BFstate BFstate;
  59. struct BFstate
  60. {
  61. uint32_t setup;
  62. uint8_t key[56];
  63. uint8_t ivec[8];
  64. uint32_t pbox[BFrounds+2];
  65. uint32_t sbox[1024];
  66. };
  67. void setupBFstate(BFstate *s, uint8_t key[], int keybytes,
  68. uint8_t *ivec);
  69. void bfCBCencrypt(uint8_t*, int, BFstate*);
  70. void bfCBCdecrypt(uint8_t*, int, BFstate*);
  71. void bfECBencrypt(uint8_t*, int, BFstate*);
  72. void bfECBdecrypt(uint8_t*, int, BFstate*);
  73. /*
  74. * DES definitions
  75. */
  76. enum
  77. {
  78. DESbsize= 8
  79. };
  80. /* single des */
  81. typedef struct DESstate DESstate;
  82. struct DESstate
  83. {
  84. uint32_t setup;
  85. uint8_t key[8]; /* unexpanded key */
  86. uint32_t expanded[32]; /* expanded key */
  87. uint8_t ivec[8]; /* initialization vector */
  88. };
  89. void setupDESstate(DESstate *s, uint8_t key[8], uint8_t *ivec);
  90. void des_key_setup(uint8_t[8], uint32_t[32]);
  91. void block_cipher(uint32_t*, uint8_t*, int);
  92. void desCBCencrypt(uint8_t*, int, DESstate*);
  93. void desCBCdecrypt(uint8_t*, int, DESstate*);
  94. void desECBencrypt(uint8_t*, int, DESstate*);
  95. void desECBdecrypt(uint8_t*, int, DESstate*);
  96. /* for backward compatibility with 7-byte DES key format */
  97. void des56to64(uint8_t *k56, uint8_t *k64);
  98. void des64to56(uint8_t *k64, uint8_t *k56);
  99. void key_setup(uint8_t[7], uint32_t[32]);
  100. /* triple des encrypt/decrypt orderings */
  101. enum {
  102. DES3E= 0,
  103. DES3D= 1,
  104. DES3EEE= 0,
  105. DES3EDE= 2,
  106. DES3DED= 5,
  107. DES3DDD= 7
  108. };
  109. typedef struct DES3state DES3state;
  110. struct DES3state
  111. {
  112. uint32_t setup;
  113. uint8_t key[3][8]; /* unexpanded key */
  114. uint32_t expanded[3][32]; /* expanded key */
  115. uint8_t ivec[8]; /* initialization vector */
  116. };
  117. void setupDES3state(DES3state *s, uint8_t key[3][8], uint8_t *ivec);
  118. void triple_block_cipher(uint32_t keys[3][32], uint8_t*, int);
  119. void des3CBCencrypt(uint8_t*, int, DES3state*);
  120. void des3CBCdecrypt(uint8_t*, int, DES3state*);
  121. void des3ECBencrypt(uint8_t*, int, DES3state*);
  122. void des3ECBdecrypt(uint8_t*, int, DES3state*);
  123. /*
  124. * digests
  125. */
  126. enum
  127. {
  128. SHA1dlen= 20, /* SHA digest length */
  129. SHA2_224dlen= 28, /* SHA-224 digest length */
  130. SHA2_256dlen= 32, /* SHA-256 digest length */
  131. SHA2_384dlen= 48, /* SHA-384 digest length */
  132. SHA2_512dlen= 64, /* SHA-512 digest length */
  133. MD4dlen= 16, /* MD4 digest length */
  134. MD5dlen= 16, /* MD5 digest length */
  135. AESdlen= 16, /* TODO: see rfc */
  136. Hmacblksz = 64, /* in bytes; from rfc2104 */
  137. };
  138. typedef struct DigestState DigestState;
  139. struct DigestState
  140. {
  141. uint64_t len;
  142. union {
  143. uint32_t state[8];
  144. uint64_t bstate[8];
  145. };
  146. uint8_t buf[256];
  147. int blen;
  148. char malloced;
  149. char seeded;
  150. };
  151. typedef struct DigestState SHAstate; /* obsolete name */
  152. typedef struct DigestState SHA1state;
  153. typedef struct DigestState SHA2_224state;
  154. typedef struct DigestState SHA2_256state;
  155. typedef struct DigestState SHA2_384state;
  156. typedef struct DigestState SHA2_512state;
  157. typedef struct DigestState MD5state;
  158. typedef struct DigestState MD4state;
  159. typedef struct DigestState AEShstate;
  160. DigestState* md4(uint8_t*, uint32_t, uint8_t*, DigestState*);
  161. DigestState* md5(uint8_t*, uint32_t, uint8_t*, DigestState*);
  162. DigestState* sha1(uint8_t*, uint32_t, uint8_t*, DigestState*);
  163. DigestState* sha2_224(uint8_t*, uint32_t, uint8_t*, DigestState*);
  164. DigestState* sha2_256(uint8_t*, uint32_t, uint8_t*, DigestState*);
  165. DigestState* sha2_384(uint8_t*, uint32_t, uint8_t*, DigestState*);
  166. DigestState* sha2_512(uint8_t*, uint32_t, uint8_t*, DigestState*);
  167. DigestState* aes(uint8_t*, uint32_t, uint8_t*, DigestState*);
  168. DigestState* hmac_x(uint8_t *p, uint32_t len, uint8_t *key,
  169. uint32_t klen,
  170. uint8_t *digest, DigestState *s,
  171. DigestState*(*x)(uint8_t*, uint32_t, uint8_t*, DigestState*),
  172. int xlen);
  173. DigestState* hmac_md5(uint8_t*, uint32_t, uint8_t*, uint32_t,
  174. uint8_t*,
  175. DigestState*);
  176. DigestState* hmac_sha1(uint8_t*, uint32_t, uint8_t*, uint32_t,
  177. uint8_t*,
  178. DigestState*);
  179. DigestState* hmac_sha2_224(uint8_t*, uint32_t, uint8_t*, uint32_t,
  180. uint8_t*, DigestState*);
  181. DigestState* hmac_sha2_256(uint8_t*, uint32_t, uint8_t*, uint32_t,
  182. uint8_t*, DigestState*);
  183. DigestState* hmac_sha2_384(uint8_t*, uint32_t, uint8_t*, uint32_t,
  184. uint8_t*, DigestState*);
  185. DigestState* hmac_sha2_512(uint8_t*, uint32_t, uint8_t*, uint32_t,
  186. uint8_t*, DigestState*);
  187. DigestState* hmac_aes(uint8_t*, uint32_t, uint8_t*, uint32_t,
  188. uint8_t*,
  189. DigestState*);
  190. char* md5pickle(MD5state*);
  191. MD5state* md5unpickle(char*);
  192. char* sha1pickle(SHA1state*);
  193. SHA1state* sha1unpickle(char*);
  194. /*
  195. * random number generation
  196. */
  197. void genrandom(uint8_t *buf, int nbytes);
  198. void prng(uint8_t *buf, int nbytes);
  199. uint32_t fastrand(void);
  200. uint32_t nfastrand(uint32_t);
  201. /*
  202. * primes
  203. */
  204. void genprime(mpint *p, int n, int accuracy); /* generate n-bit probable prime */
  205. void gensafeprime(mpint *p, mpint *alpha, int n, int accuracy); /* prime & generator */
  206. void genstrongprime(mpint *p, int n, int accuracy); /* generate n-bit strong prime */
  207. void DSAprimes(mpint *q, mpint *p, uint8_t seed[SHA1dlen]);
  208. int probably_prime(mpint *n, int nrep); /* miller-rabin test */
  209. int smallprimetest(mpint *p); /* returns -1 if not prime, 0 otherwise */
  210. /*
  211. * rc4
  212. */
  213. typedef struct RC4state RC4state;
  214. struct RC4state
  215. {
  216. uint8_t state[256];
  217. uint8_t x;
  218. uint8_t y;
  219. };
  220. void setupRC4state(RC4state*, uint8_t*, int);
  221. void rc4(RC4state*, uint8_t*, int);
  222. void rc4skip(RC4state*, int);
  223. void rc4back(RC4state*, int);
  224. /*
  225. * rsa
  226. */
  227. typedef struct RSApub RSApub;
  228. typedef struct RSApriv RSApriv;
  229. typedef struct PEMChain PEMChain;
  230. /* public/encryption key */
  231. struct RSApub
  232. {
  233. mpint *n; /* modulus */
  234. mpint *ek; /* exp (encryption key) */
  235. };
  236. /* private/decryption key */
  237. struct RSApriv
  238. {
  239. RSApub pub;
  240. mpint *dk; /* exp (decryption key) */
  241. /* precomputed values to help with chinese remainder theorem calc */
  242. mpint *p;
  243. mpint *q;
  244. mpint *kp; /* dk mod p-1 */
  245. mpint *kq; /* dk mod q-1 */
  246. mpint *c2; /* (inv p) mod q */
  247. };
  248. struct PEMChain{
  249. PEMChain*next;
  250. uint8_t *pem;
  251. int pemlen;
  252. };
  253. RSApriv* rsagen(int nlen, int elen, int rounds);
  254. RSApriv* rsafill(mpint *n, mpint *e, mpint *d, mpint *p, mpint *q);
  255. mpint* rsaencrypt(RSApub *k, mpint *in, mpint *out);
  256. mpint* rsadecrypt(RSApriv *k, mpint *in, mpint *out);
  257. RSApub* rsapuballoc(void);
  258. void rsapubfree(RSApub*);
  259. RSApriv* rsaprivalloc(void);
  260. void rsaprivfree(RSApriv*);
  261. RSApub* rsaprivtopub(RSApriv*);
  262. RSApub* X509toRSApub(uint8_t*, int, char*, int);
  263. uint8_t* RSApubtoasn1(RSApub*, int*);
  264. RSApub* asn1toRSApub(uint8_t*, int);
  265. RSApriv* asn1toRSApriv(uint8_t*, int);
  266. void asn1dump(uint8_t *der, int len);
  267. uint8_t* decodePEM(char *s, char *type, int *len,
  268. char **new_s);
  269. PEMChain* decodepemchain(char *s, char *type);
  270. uint8_t* X509gen(RSApriv *priv, char *subj,
  271. uint32_t valid[2],
  272. int *certlen);
  273. uint8_t* X509req(RSApriv *priv, char *subj, int *certlen);
  274. char* X509verify(uint8_t *cert, int ncert, RSApub *pk);
  275. void X509dump(uint8_t *cert, int ncert);
  276. /*
  277. * elgamal
  278. */
  279. typedef struct EGpub EGpub;
  280. typedef struct EGpriv EGpriv;
  281. typedef struct EGsig EGsig;
  282. /* public/encryption key */
  283. struct EGpub
  284. {
  285. mpint *p; /* modulus */
  286. mpint *alpha; /* generator */
  287. mpint *key; /* (encryption key) alpha**secret mod p */
  288. };
  289. /* private/decryption key */
  290. struct EGpriv
  291. {
  292. EGpub pub;
  293. mpint *secret; /* (decryption key) */
  294. };
  295. /* signature */
  296. struct EGsig
  297. {
  298. mpint *r, *s;
  299. };
  300. EGpriv* eggen(int nlen, int rounds);
  301. mpint* egencrypt(EGpub *k, mpint *in, mpint *out); /* deprecated */
  302. mpint* egdecrypt(EGpriv *k, mpint *in, mpint *out);
  303. EGsig* egsign(EGpriv *k, mpint *m);
  304. int egverify(EGpub *k, EGsig *sig, mpint *m);
  305. EGpub* egpuballoc(void);
  306. void egpubfree(EGpub*);
  307. EGpriv* egprivalloc(void);
  308. void egprivfree(EGpriv*);
  309. EGsig* egsigalloc(void);
  310. void egsigfree(EGsig*);
  311. EGpub* egprivtopub(EGpriv*);
  312. /*
  313. * dsa
  314. */
  315. typedef struct DSApub DSApub;
  316. typedef struct DSApriv DSApriv;
  317. typedef struct DSAsig DSAsig;
  318. /* public/encryption key */
  319. struct DSApub
  320. {
  321. mpint *p; /* modulus */
  322. mpint *q; /* group order, q divides p-1 */
  323. mpint *alpha; /* group generator */
  324. mpint *key; /* (encryption key) alpha**secret mod p */
  325. };
  326. /* private/decryption key */
  327. struct DSApriv
  328. {
  329. DSApub pub;
  330. mpint *secret; /* (decryption key) */
  331. };
  332. /* signature */
  333. struct DSAsig
  334. {
  335. mpint *r, *s;
  336. };
  337. DSApriv* dsagen(DSApub *opub); /* opub not checked for consistency! */
  338. DSAsig* dsasign(DSApriv *k, mpint *m);
  339. int dsaverify(DSApub *k, DSAsig *sig, mpint *m);
  340. DSApub* dsapuballoc(void);
  341. void dsapubfree(DSApub*);
  342. DSApriv* dsaprivalloc(void);
  343. void dsaprivfree(DSApriv*);
  344. DSAsig* dsasigalloc(void);
  345. void dsasigfree(DSAsig*);
  346. DSApub* dsaprivtopub(DSApriv*);
  347. DSApriv* asn1toDSApriv(uint8_t*, int);
  348. /*
  349. * TLS
  350. */
  351. typedef struct Thumbprint{
  352. struct Thumbprint *next;
  353. uint8_t sha1[SHA1dlen];
  354. } Thumbprint;
  355. typedef struct TLSconn{
  356. char dir[40]; /* connection directory */
  357. uint8_t *cert; /* certificate (local on input, remote on output) */
  358. uint8_t *sessionID;
  359. int certlen;
  360. int sessionIDlen;
  361. int (*trace)(char*fmt, ...);
  362. PEMChain*chain; /* optional extra certificate evidence for servers to present */
  363. char *sessionType;
  364. uint8_t *sessionKey;
  365. int sessionKeylen;
  366. char *sessionConst;
  367. } TLSconn;
  368. /* tlshand.c */
  369. int tlsClient(int fd, TLSconn *c);
  370. int tlsServer(int fd, TLSconn *c);
  371. /* thumb.c */
  372. Thumbprint* initThumbprints(char *ok, char *crl);
  373. void freeThumbprints(Thumbprint *ok);
  374. int okThumbprint(uint8_t *sha1, Thumbprint *ok);
  375. /* readcert.c */
  376. uint8_t *readcert(char *filename, int *pcertlen);
  377. PEMChain*readcertchain(char *filename);