Google Git
Sign in
plan9port / plan9 / 63b581e320827ef84345d36d8b75d15a524cbf34 / . / include / libsec.h
blob: 73d22c75dfb7fdf8156339c300d8315462aa2f71 [file] [log] [blame]
rscf7012582003-11-25 01:40:27 +0000[diff] [blame]1#ifndef _LIBSEC_H_
2#define _LIBSEC_H_ 1
3#if defined(__cplusplus)
4extern "C" {
5#endif
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]6/*
7#pragma lib "libsec.a"
8#pragma src "/sys/src/libsec"
9*/
10
rsc1a0954a2005-01-04 21:18:08 +0000[diff] [blame]11AUTOLIB(sec)
12
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]13#ifndef _MPINT
14typedef struct mpint mpint;
15#endif
16
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]17/*******************************************************/
18/* AES definitions */
19/*******************************************************/
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]20
21enum
22{
23 AESbsize= 16,
24 AESmaxkey= 32,
25 AESmaxrounds= 14
26};
27
28typedef struct AESstate AESstate;
29struct AESstate
30{
31 ulong setup;
32 int rounds;
33 int keybytes;
34 uchar key[AESmaxkey]; /* unexpanded key */
35 u32int ekey[4*(AESmaxrounds + 1)]; /* encryption key */
36 u32int dkey[4*(AESmaxrounds + 1)]; /* decryption key */
37 uchar ivec[AESbsize]; /* initialization vector */
38};
39
40void setupAESstate(AESstate *s, uchar key[], int keybytes, uchar *ivec);
41void aesCBCencrypt(uchar *p, int len, AESstate *s);
42void aesCBCdecrypt(uchar *p, int len, AESstate *s);
43
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]44/*******************************************************/
45/* Blowfish Definitions */
46/*******************************************************/
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]47
48enum
49{
50 BFbsize = 8,
51 BFrounds = 16
52};
53
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]54/* 16-round Blowfish */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]55typedef struct BFstate BFstate;
56struct BFstate
57{
58 ulong setup;
59
60 uchar key[56];
61 uchar ivec[8];
62
63 u32int pbox[BFrounds+2];
64 u32int sbox[1024];
65};
66
67void setupBFstate(BFstate *s, uchar key[], int keybytes, uchar *ivec);
68void bfCBCencrypt(uchar*, int, BFstate*);
69void bfCBCdecrypt(uchar*, int, BFstate*);
70void bfECBencrypt(uchar*, int, BFstate*);
71void bfECBdecrypt(uchar*, int, BFstate*);
72
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]73/*******************************************************/
74/* DES definitions */
75/*******************************************************/
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]76
77enum
78{
79 DESbsize= 8
80};
81
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]82/* single des */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]83typedef struct DESstate DESstate;
84struct DESstate
85{
86 ulong setup;
87 uchar key[8]; /* unexpanded key */
88 ulong expanded[32]; /* expanded key */
89 uchar ivec[8]; /* initialization vector */
90};
91
92void setupDESstate(DESstate *s, uchar key[8], uchar *ivec);
93void des_key_setup(uchar[8], ulong[32]);
94void block_cipher(ulong*, uchar*, int);
95void desCBCencrypt(uchar*, int, DESstate*);
96void desCBCdecrypt(uchar*, int, DESstate*);
97void desECBencrypt(uchar*, int, DESstate*);
98void desECBdecrypt(uchar*, int, DESstate*);
99
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]100/* for backward compatibility with 7 byte DES key format */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]101void des56to64(uchar *k56, uchar *k64);
102void des64to56(uchar *k64, uchar *k56);
103void key_setup(uchar[7], ulong[32]);
104
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]105/* triple des encrypt/decrypt orderings */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]106enum {
107 DES3E= 0,
108 DES3D= 1,
109 DES3EEE= 0,
110 DES3EDE= 2,
111 DES3DED= 5,
112 DES3DDD= 7
113};
114
115typedef struct DES3state DES3state;
116struct DES3state
117{
118 ulong setup;
119 uchar key[3][8]; /* unexpanded key */
120 ulong expanded[3][32]; /* expanded key */
121 uchar ivec[8]; /* initialization vector */
122};
123
124void setupDES3state(DES3state *s, uchar key[3][8], uchar *ivec);
125void triple_block_cipher(ulong keys[3][32], uchar*, int);
126void des3CBCencrypt(uchar*, int, DES3state*);
127void des3CBCdecrypt(uchar*, int, DES3state*);
128void des3ECBencrypt(uchar*, int, DES3state*);
129void des3ECBdecrypt(uchar*, int, DES3state*);
130
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]131/*******************************************************/
132/* digests */
133/*******************************************************/
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]134
135enum
136{
137 SHA1dlen= 20, /* SHA digest length */
138 MD4dlen= 16, /* MD4 digest length */
139 MD5dlen= 16 /* MD5 digest length */
140};
141
142typedef struct DigestState DigestState;
143struct DigestState
144{
145 ulong len;
146 u32int state[5];
147 uchar buf[128];
148 int blen;
149 char malloced;
150 char seeded;
151};
152typedef struct DigestState SHAstate; /* obsolete name */
153typedef struct DigestState SHA1state;
154typedef struct DigestState MD5state;
155typedef struct DigestState MD4state;
156
157DigestState* md4(uchar*, ulong, uchar*, DigestState*);
158DigestState* md5(uchar*, ulong, uchar*, DigestState*);
159DigestState* sha1(uchar*, ulong, uchar*, DigestState*);
160DigestState* hmac_md5(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
161DigestState* hmac_sha1(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
162char* sha1pickle(SHA1state*);
163SHA1state* sha1unpickle(char*);
164
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]165/*******************************************************/
166/* random number generation */
167/*******************************************************/
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]168void genrandom(uchar *buf, int nbytes);
169void prng(uchar *buf, int nbytes);
170ulong fastrand(void);
171ulong nfastrand(ulong);
172
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]173/*******************************************************/
174/* primes */
175/*******************************************************/
176void genprime(mpint *p, int n, int accuracy); /* generate an n bit probable prime */
177void gensafeprime(mpint *p, mpint *alpha, int n, int accuracy); /* prime and generator */
178void genstrongprime(mpint *p, int n, int accuracy); /* generate an n bit strong prime */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]179void DSAprimes(mpint *q, mpint *p, uchar seed[SHA1dlen]);
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]180int probably_prime(mpint *n, int nrep); /* miller-rabin test */
181int smallprimetest(mpint *p); /* returns -1 if not prime, 0 otherwise */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]182
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]183/*******************************************************/
184/* rc4 */
185/*******************************************************/
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]186typedef struct RC4state RC4state;
187struct RC4state
188{
189 uchar state[256];
190 uchar x;
191 uchar y;
192};
193
194void setupRC4state(RC4state*, uchar*, int);
195void rc4(RC4state*, uchar*, int);
196void rc4skip(RC4state*, int);
197void rc4back(RC4state*, int);
198
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]199/*******************************************************/
200/* rsa */
201/*******************************************************/
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]202typedef struct RSApub RSApub;
203typedef struct RSApriv RSApriv;
rsc678ede72004-12-27 00:14:43 +0000[diff] [blame]204typedef struct PEMChain PEMChain;
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]205
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]206/* public/encryption key */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]207struct RSApub
208{
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]209 mpint *n; /* modulus */
210 mpint *ek; /* exp (encryption key) */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]211};
212
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]213/* private/decryption key */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]214struct RSApriv
215{
216 RSApub pub;
217
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]218 mpint *dk; /* exp (decryption key) */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]219
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]220 /* precomputed values to help with chinese remainder theorem calc */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]221 mpint *p;
222 mpint *q;
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]223 mpint *kp; /* dk mod p-1 */
224 mpint *kq; /* dk mod q-1 */
225 mpint *c2; /* (inv p) mod q */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]226};
227
rsc678ede72004-12-27 00:14:43 +0000[diff] [blame]228struct PEMChain
229{
230 PEMChain *next;
231 uchar *pem;
232 int pemlen;
233};
234
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]235RSApriv* rsagen(int nlen, int elen, int rounds);
236mpint* rsaencrypt(RSApub *k, mpint *in, mpint *out);
237mpint* rsadecrypt(RSApriv *k, mpint *in, mpint *out);
238RSApub* rsapuballoc(void);
239void rsapubfree(RSApub*);
240RSApriv* rsaprivalloc(void);
241void rsaprivfree(RSApriv*);
242RSApub* rsaprivtopub(RSApriv*);
243RSApub* X509toRSApub(uchar*, int, char*, int);
244RSApriv* asn1toRSApriv(uchar*, int);
rsc678ede72004-12-27 00:14:43 +0000[diff] [blame]245uchar* decodepem(char *s, char *type, int *len, char**);
246PEMChain* decodepemchain(char *s, char *type);
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]247uchar* X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
rsc42e8d852005-02-13 18:31:57 +0000[diff] [blame]248RSApriv* rsafill(mpint *n, mpint *ek, mpint *dk, mpint *p, mpint *q);
249uchar* X509req(RSApriv *priv, char *subj, int *certlen);
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]250
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]251/*******************************************************/
252/* elgamal */
253/*******************************************************/
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]254typedef struct EGpub EGpub;
255typedef struct EGpriv EGpriv;
256typedef struct EGsig EGsig;
257
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]258/* public/encryption key */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]259struct EGpub
260{
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]261 mpint *p; /* modulus */
262 mpint *alpha; /* generator */
263 mpint *key; /* (encryption key) alpha**secret mod p */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]264};
265
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]266/* private/decryption key */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]267struct EGpriv
268{
269 EGpub pub;
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]270 mpint *secret; /* (decryption key) */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]271};
272
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]273/* signature */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]274struct EGsig
275{
276 mpint *r, *s;
277};
278
279EGpriv* eggen(int nlen, int rounds);
280mpint* egencrypt(EGpub *k, mpint *in, mpint *out);
281mpint* egdecrypt(EGpriv *k, mpint *in, mpint *out);
282EGsig* egsign(EGpriv *k, mpint *m);
283int egverify(EGpub *k, EGsig *sig, mpint *m);
284EGpub* egpuballoc(void);
285void egpubfree(EGpub*);
286EGpriv* egprivalloc(void);
287void egprivfree(EGpriv*);
288EGsig* egsigalloc(void);
289void egsigfree(EGsig*);
290EGpub* egprivtopub(EGpriv*);
291
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]292/*******************************************************/
293/* dsa */
294/*******************************************************/
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]295typedef struct DSApub DSApub;
296typedef struct DSApriv DSApriv;
297typedef struct DSAsig DSAsig;
298
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]299/* public/encryption key */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]300struct DSApub
301{
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]302 mpint *p; /* modulus */
303 mpint *q; /* group order, q divides p-1 */
304 mpint *alpha; /* group generator */
305 mpint *key; /* (encryption key) alpha**secret mod p */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]306};
307
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]308/* private/decryption key */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]309struct DSApriv
310{
311 DSApub pub;
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]312 mpint *secret; /* (decryption key) */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]313};
314
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]315/* signature */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]316struct DSAsig
317{
318 mpint *r, *s;
319};
320
321DSApriv* dsagen(DSApub *opub);
322DSAsig* dsasign(DSApriv *k, mpint *m);
323int dsaverify(DSApub *k, DSAsig *sig, mpint *m);
324DSApub* dsapuballoc(void);
325void dsapubfree(DSApub*);
326DSApriv* dsaprivalloc(void);
327void dsaprivfree(DSApriv*);
328DSAsig* dsasigalloc(void);
329void dsasigfree(DSAsig*);
330DSApub* dsaprivtopub(DSApriv*);
rsc42e8d852005-02-13 18:31:57 +0000[diff] [blame]331DSApriv* asn1toDSApriv(uchar*, int);
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]332
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]333/*******************************************************/
334/* TLS */
335/*******************************************************/
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]336typedef struct Thumbprint{
337 struct Thumbprint *next;
338 uchar sha1[SHA1dlen];
339} Thumbprint;
340
341typedef struct TLSconn{
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]342 char dir[40]; /* connection directory */
343 uchar *cert; /* certificate (local on input, remote on output) */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]344 uchar *sessionID;
345 int certlen, sessionIDlen;
346 int (*trace)(char*fmt, ...);
rsc678ede72004-12-27 00:14:43 +0000[diff] [blame]347 PEMChain *chain;
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]348} TLSconn;
349
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]350/* tlshand.c */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]351extern int tlsClient(int fd, TLSconn *c);
352extern int tlsServer(int fd, TLSconn *c);
353
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]354/* thumb.c */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]355extern Thumbprint* initThumbprints(char *ok, char *crl);
356extern void freeThumbprints(Thumbprint *ok);
357extern int okThumbprint(uchar *sha1, Thumbprint *ok);
358
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]359/* readcert.c */
rsc97a5e5f2003-11-23 18:25:35 +0000[diff] [blame]360extern uchar *readcert(char *filename, int *pcertlen);
rsc678ede72004-12-27 00:14:43 +0000[diff] [blame]361PEMChain *readcertchain(char *filename);
rscf7012582003-11-25 01:40:27 +0000[diff] [blame]362
363#if defined(__cplusplus)
364}
365#endif
366#endif