1
0

libsec.h 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444
  1. #pragma lib "libsec.a"
  2. #pragma src "/sys/src/libsec"
  3. #ifndef _MPINT
  4. typedef struct mpint mpint;
  5. #endif
  6. /*
  7. * AES definitions
  8. */
  9. enum
  10. {
  11. AESbsize= 16,
  12. AESmaxkey= 32,
  13. AESmaxrounds= 14
  14. };
  15. typedef struct AESstate AESstate;
  16. struct AESstate
  17. {
  18. ulong setup;
  19. int rounds;
  20. int keybytes;
  21. uint ctrsz;
  22. uchar key[AESmaxkey]; /* unexpanded key */
  23. ulong ekey[4*(AESmaxrounds + 1)]; /* encryption key */
  24. ulong dkey[4*(AESmaxrounds + 1)]; /* decryption key */
  25. uchar ivec[AESbsize]; /* initialization vector */
  26. uchar mackey[3 * AESbsize]; /* 3 XCBC mac 96 keys */
  27. };
  28. /* block ciphers */
  29. void aes_encrypt(ulong rk[], int Nr, uchar pt[16], uchar ct[16]);
  30. void aes_decrypt(ulong rk[], int Nr, uchar ct[16], uchar pt[16]);
  31. void setupAESstate(AESstate *s, uchar key[], int keybytes, uchar *ivec);
  32. void aesCBCencrypt(uchar *p, int len, AESstate *s);
  33. void aesCBCdecrypt(uchar *p, int len, AESstate *s);
  34. void aesCTRdecrypt(uchar *p, int len, AESstate *s);
  35. void aesCTRencrypt(uchar *p, int len, AESstate *s);
  36. void setupAESXCBCstate(AESstate *s);
  37. uchar* aesXCBCmac(uchar *p, int len, AESstate *s);
  38. /*
  39. * Blowfish Definitions
  40. */
  41. enum
  42. {
  43. BFbsize = 8,
  44. BFrounds= 16
  45. };
  46. /* 16-round Blowfish */
  47. typedef struct BFstate BFstate;
  48. struct BFstate
  49. {
  50. ulong setup;
  51. uchar key[56];
  52. uchar ivec[8];
  53. u32int pbox[BFrounds+2];
  54. u32int sbox[1024];
  55. };
  56. void setupBFstate(BFstate *s, uchar key[], int keybytes, uchar *ivec);
  57. void bfCBCencrypt(uchar*, int, BFstate*);
  58. void bfCBCdecrypt(uchar*, int, BFstate*);
  59. void bfECBencrypt(uchar*, int, BFstate*);
  60. void bfECBdecrypt(uchar*, int, BFstate*);
  61. /*
  62. * Chacha definitions
  63. */
  64. enum{
  65. ChachaBsize= 64,
  66. ChachaKeylen= 256/8,
  67. ChachaIVlen= 96/8
  68. };
  69. typedef struct Chachastate Chachastate;
  70. struct Chachastate
  71. {
  72. /*
  73. * 0-3: a constant (sigma or tau)
  74. * 4-11: the key
  75. * 12: block counter
  76. * 13-15: IV
  77. */
  78. union{
  79. u32int input[16];
  80. struct{
  81. u32int constant[4];
  82. u32int key[8];
  83. u32int counter;
  84. u32int iv[3];
  85. };
  86. };
  87. int rounds;
  88. };
  89. void setupChachastate(Chachastate*, uchar*, usize, uchar*, int);
  90. void chacha_setblock(Chachastate*, u32int);
  91. void chacha_encrypt(uchar*, usize, Chachastate*);
  92. void chacha_encrypt2(uchar*, uchar*, usize, Chachastate*);
  93. /*
  94. * DES definitions
  95. */
  96. enum
  97. {
  98. DESbsize= 8
  99. };
  100. /* single des */
  101. typedef struct DESstate DESstate;
  102. struct DESstate
  103. {
  104. ulong setup;
  105. uchar key[8]; /* unexpanded key */
  106. ulong expanded[32]; /* expanded key */
  107. uchar ivec[8]; /* initialization vector */
  108. };
  109. void setupDESstate(DESstate *s, uchar key[8], uchar *ivec);
  110. void des_key_setup(uchar[8], ulong[32]);
  111. void block_cipher(ulong*, uchar*, int);
  112. void desCBCencrypt(uchar*, int, DESstate*);
  113. void desCBCdecrypt(uchar*, int, DESstate*);
  114. void desECBencrypt(uchar*, int, DESstate*);
  115. void desECBdecrypt(uchar*, int, DESstate*);
  116. /* for backward compatibility with 7-byte DES key format */
  117. void des56to64(uchar *k56, uchar *k64);
  118. void des64to56(uchar *k64, uchar *k56);
  119. void key_setup(uchar[7], ulong[32]);
  120. /* triple des encrypt/decrypt orderings */
  121. enum {
  122. DES3E= 0,
  123. DES3D= 1,
  124. DES3EEE= 0,
  125. DES3EDE= 2,
  126. DES3DED= 5,
  127. DES3DDD= 7
  128. };
  129. typedef struct DES3state DES3state;
  130. struct DES3state
  131. {
  132. ulong setup;
  133. uchar key[3][8]; /* unexpanded key */
  134. ulong expanded[3][32]; /* expanded key */
  135. uchar ivec[8]; /* initialization vector */
  136. };
  137. void setupDES3state(DES3state *s, uchar key[3][8], uchar *ivec);
  138. void triple_block_cipher(ulong keys[3][32], uchar*, int);
  139. void des3CBCencrypt(uchar*, int, DES3state*);
  140. void des3CBCdecrypt(uchar*, int, DES3state*);
  141. void des3ECBencrypt(uchar*, int, DES3state*);
  142. void des3ECBdecrypt(uchar*, int, DES3state*);
  143. /*
  144. * digests
  145. */
  146. enum
  147. {
  148. SHA1dlen= 20, /* SHA digest length */
  149. SHA2_224dlen= 28, /* SHA-224 digest length */
  150. SHA2_256dlen= 32, /* SHA-256 digest length */
  151. SHA2_384dlen= 48, /* SHA-384 digest length */
  152. SHA2_512dlen= 64, /* SHA-512 digest length */
  153. MD4dlen= 16, /* MD4 digest length */
  154. MD5dlen= 16, /* MD5 digest length */
  155. AESdlen= 16, /* TODO: see rfc */
  156. Hmacblksz = 64, /* in bytes; from rfc2104 */
  157. };
  158. typedef struct DigestState DigestState;
  159. struct DigestState
  160. {
  161. uvlong len;
  162. union {
  163. u32int state[8];
  164. u64int bstate[8];
  165. };
  166. uchar buf[256];
  167. int blen;
  168. char malloced;
  169. char seeded;
  170. };
  171. typedef struct DigestState SHAstate; /* obsolete name */
  172. typedef struct DigestState SHA1state;
  173. typedef struct DigestState SHA2_224state;
  174. typedef struct DigestState SHA2_256state;
  175. typedef struct DigestState SHA2_384state;
  176. typedef struct DigestState SHA2_512state;
  177. typedef struct DigestState MD5state;
  178. typedef struct DigestState MD4state;
  179. typedef struct DigestState AEShstate;
  180. DigestState* md4(uchar*, ulong, uchar*, DigestState*);
  181. DigestState* md5(uchar*, ulong, uchar*, DigestState*);
  182. DigestState* sha1(uchar*, ulong, uchar*, DigestState*);
  183. DigestState* sha2_224(uchar*, ulong, uchar*, DigestState*);
  184. DigestState* sha2_256(uchar*, ulong, uchar*, DigestState*);
  185. DigestState* sha2_384(uchar*, ulong, uchar*, DigestState*);
  186. DigestState* sha2_512(uchar*, ulong, uchar*, DigestState*);
  187. DigestState* aes(uchar*, ulong, uchar*, DigestState*);
  188. DigestState* hmac_x(uchar *p, ulong len, uchar *key, ulong klen,
  189. uchar *digest, DigestState *s,
  190. DigestState*(*x)(uchar*, ulong, uchar*, DigestState*),
  191. int xlen);
  192. DigestState* hmac_md5(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
  193. DigestState* hmac_sha1(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
  194. DigestState* hmac_sha2_224(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
  195. DigestState* hmac_sha2_256(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
  196. DigestState* hmac_sha2_384(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
  197. DigestState* hmac_sha2_512(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
  198. DigestState* hmac_aes(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
  199. char* md5pickle(MD5state*);
  200. MD5state* md5unpickle(char*);
  201. char* sha1pickle(SHA1state*);
  202. SHA1state* sha1unpickle(char*);
  203. /*
  204. * random number generation
  205. */
  206. void genrandom(uchar *buf, int nbytes);
  207. void prng(uchar *buf, int nbytes);
  208. ulong fastrand(void);
  209. ulong nfastrand(ulong);
  210. /*
  211. * primes
  212. */
  213. void genprime(mpint *p, int n, int accuracy); /* generate n-bit probable prime */
  214. void gensafeprime(mpint *p, mpint *alpha, int n, int accuracy); /* prime & generator */
  215. void genstrongprime(mpint *p, int n, int accuracy); /* generate n-bit strong prime */
  216. void DSAprimes(mpint *q, mpint *p, uchar seed[SHA1dlen]);
  217. int probably_prime(mpint *n, int nrep); /* miller-rabin test */
  218. int smallprimetest(mpint *p); /* returns -1 if not prime, 0 otherwise */
  219. /*
  220. * rc4
  221. */
  222. typedef struct RC4state RC4state;
  223. struct RC4state
  224. {
  225. uchar state[256];
  226. uchar x;
  227. uchar y;
  228. };
  229. void setupRC4state(RC4state*, uchar*, int);
  230. void rc4(RC4state*, uchar*, int);
  231. void rc4skip(RC4state*, int);
  232. void rc4back(RC4state*, int);
  233. /*
  234. * rsa
  235. */
  236. typedef struct RSApub RSApub;
  237. typedef struct RSApriv RSApriv;
  238. typedef struct PEMChain PEMChain;
  239. /* public/encryption key */
  240. struct RSApub
  241. {
  242. mpint *n; /* modulus */
  243. mpint *ek; /* exp (encryption key) */
  244. };
  245. /* private/decryption key */
  246. struct RSApriv
  247. {
  248. RSApub pub;
  249. mpint *dk; /* exp (decryption key) */
  250. /* precomputed values to help with chinese remainder theorem calc */
  251. mpint *p;
  252. mpint *q;
  253. mpint *kp; /* dk mod p-1 */
  254. mpint *kq; /* dk mod q-1 */
  255. mpint *c2; /* (inv p) mod q */
  256. };
  257. struct PEMChain{
  258. PEMChain*next;
  259. uchar *pem;
  260. int pemlen;
  261. };
  262. RSApriv* rsagen(int nlen, int elen, int rounds);
  263. RSApriv* rsafill(mpint *n, mpint *e, mpint *d, mpint *p, mpint *q);
  264. mpint* rsaencrypt(RSApub *k, mpint *in, mpint *out);
  265. mpint* rsadecrypt(RSApriv *k, mpint *in, mpint *out);
  266. RSApub* rsapuballoc(void);
  267. void rsapubfree(RSApub*);
  268. RSApriv* rsaprivalloc(void);
  269. void rsaprivfree(RSApriv*);
  270. RSApub* rsaprivtopub(RSApriv*);
  271. RSApub* X509toRSApub(uchar*, int, char*, int);
  272. uchar* RSApubtoasn1(RSApub*, int*);
  273. RSApub* asn1toRSApub(uchar*, int);
  274. RSApriv* asn1toRSApriv(uchar*, int);
  275. void asn1dump(uchar *der, int len);
  276. uchar* decodePEM(char *s, char *type, int *len, char **new_s);
  277. PEMChain* decodepemchain(char *s, char *type);
  278. uchar* X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
  279. uchar* X509req(RSApriv *priv, char *subj, int *certlen);
  280. char* X509verify(uchar *cert, int ncert, RSApub *pk);
  281. void X509dump(uchar *cert, int ncert);
  282. /*
  283. * elgamal
  284. */
  285. typedef struct EGpub EGpub;
  286. typedef struct EGpriv EGpriv;
  287. typedef struct EGsig EGsig;
  288. /* public/encryption key */
  289. struct EGpub
  290. {
  291. mpint *p; /* modulus */
  292. mpint *alpha; /* generator */
  293. mpint *key; /* (encryption key) alpha**secret mod p */
  294. };
  295. /* private/decryption key */
  296. struct EGpriv
  297. {
  298. EGpub pub;
  299. mpint *secret; /* (decryption key) */
  300. };
  301. /* signature */
  302. struct EGsig
  303. {
  304. mpint *r, *s;
  305. };
  306. EGpriv* eggen(int nlen, int rounds);
  307. mpint* egencrypt(EGpub *k, mpint *in, mpint *out); /* deprecated */
  308. mpint* egdecrypt(EGpriv *k, mpint *in, mpint *out);
  309. EGsig* egsign(EGpriv *k, mpint *m);
  310. int egverify(EGpub *k, EGsig *sig, mpint *m);
  311. EGpub* egpuballoc(void);
  312. void egpubfree(EGpub*);
  313. EGpriv* egprivalloc(void);
  314. void egprivfree(EGpriv*);
  315. EGsig* egsigalloc(void);
  316. void egsigfree(EGsig*);
  317. EGpub* egprivtopub(EGpriv*);
  318. /*
  319. * dsa
  320. */
  321. typedef struct DSApub DSApub;
  322. typedef struct DSApriv DSApriv;
  323. typedef struct DSAsig DSAsig;
  324. /* public/encryption key */
  325. struct DSApub
  326. {
  327. mpint *p; /* modulus */
  328. mpint *q; /* group order, q divides p-1 */
  329. mpint *alpha; /* group generator */
  330. mpint *key; /* (encryption key) alpha**secret mod p */
  331. };
  332. /* private/decryption key */
  333. struct DSApriv
  334. {
  335. DSApub pub;
  336. mpint *secret; /* (decryption key) */
  337. };
  338. /* signature */
  339. struct DSAsig
  340. {
  341. mpint *r, *s;
  342. };
  343. DSApriv* dsagen(DSApub *opub); /* opub not checked for consistency! */
  344. DSAsig* dsasign(DSApriv *k, mpint *m);
  345. int dsaverify(DSApub *k, DSAsig *sig, mpint *m);
  346. DSApub* dsapuballoc(void);
  347. void dsapubfree(DSApub*);
  348. DSApriv* dsaprivalloc(void);
  349. void dsaprivfree(DSApriv*);
  350. DSAsig* dsasigalloc(void);
  351. void dsasigfree(DSAsig*);
  352. DSApub* dsaprivtopub(DSApriv*);
  353. DSApriv* asn1toDSApriv(uchar*, int);
  354. /*
  355. * TLS
  356. */
  357. typedef struct Thumbprint{
  358. struct Thumbprint *next;
  359. uchar sha1[SHA1dlen];
  360. } Thumbprint;
  361. typedef struct TLSconn{
  362. char dir[40]; /* connection directory */
  363. uchar *cert; /* certificate (local on input, remote on output) */
  364. uchar *sessionID;
  365. int certlen;
  366. int sessionIDlen;
  367. int (*trace)(char*fmt, ...);
  368. PEMChain*chain; /* optional extra certificate evidence for servers to present */
  369. char *sessionType;
  370. uchar *sessionKey;
  371. int sessionKeylen;
  372. char *sessionConst;
  373. } TLSconn;
  374. /* tlshand.c */
  375. int tlsClient(int fd, TLSconn *c);
  376. int tlsServer(int fd, TLSconn *c);
  377. /* thumb.c */
  378. Thumbprint* initThumbprints(char *ok, char *crl);
  379. void freeThumbprints(Thumbprint *ok);
  380. int okThumbprint(uchar *sha1, Thumbprint *ok);
  381. /* readcert.c */
  382. uchar *readcert(char *filename, int *pcertlen);
  383. PEMChain*readcertchain(char *filename);
  384. /* password-based key derivation function 2 (rfc2898) */
  385. void pbkdf2_x(uchar *p, ulong plen, uchar *s, ulong slen, ulong rounds, uchar *d, ulong dlen,
  386. DigestState* (*x)(uchar*, ulong, uchar*, ulong, uchar*, DigestState*), int xlen);