Blame - include/libsec.h - plan9

blob: c0c964fc46825b108107606bb9afc8d604aa6554 [file] [log] [blame]

rsc	f701258	2003-11-25 01:40:27 +0000	[diff] [blame]	1	#ifndef _LIBSEC_H_
				2	#define _LIBSEC_H_ 1
				3	#if defined(__cplusplus)
				4	extern "C" {
				5	#endif
rsc	97a5e5f	2003-11-23 18:25:35 +0000	[diff] [blame]	6	/*
				7	#pragma lib "libsec.a"
				8	#pragma src "/sys/src/libsec"
				9	*/
				10
rsc	1a0954a	2005-01-04 21:18:08 +0000	[diff] [blame]	11	AUTOLIB(sec)
				12
rsc	97a5e5f	2003-11-23 18:25:35 +0000	[diff] [blame]	13	#ifndef _MPINT
				14	typedef struct mpint mpint;
				15	#endif
				16
				17	/////////////////////////////////////////////////////////
				18	// AES definitions
				19	/////////////////////////////////////////////////////////
				20
				21	enum
				22	{
				23	AESbsize= 16,
				24	AESmaxkey= 32,
				25	AESmaxrounds= 14
				26	};
				27
				28	typedef struct AESstate AESstate;
				29	struct AESstate
				30	{
				31	ulong setup;
				32	int rounds;
				33	int keybytes;
				34	uchar key[AESmaxkey]; /* unexpanded key */
				35	u32int ekey[4(AESmaxrounds + 1)]; / encryption key */
				36	u32int dkey[4(AESmaxrounds + 1)]; / decryption key */
				37	uchar ivec[AESbsize]; /* initialization vector */
				38	};
				39
				40	void setupAESstate(AESstate s, uchar key[], int keybytes, uchar ivec);
				41	void aesCBCencrypt(uchar p, int len, AESstate s);
				42	void aesCBCdecrypt(uchar p, int len, AESstate s);
				43
				44	/////////////////////////////////////////////////////////
				45	// Blowfish Definitions
				46	/////////////////////////////////////////////////////////
				47
				48	enum
				49	{
				50	BFbsize = 8,
				51	BFrounds = 16
				52	};
				53
				54	// 16-round Blowfish
				55	typedef struct BFstate BFstate;
				56	struct BFstate
				57	{
				58	ulong setup;
				59
				60	uchar key[56];
				61	uchar ivec[8];
				62
				63	u32int pbox[BFrounds+2];
				64	u32int sbox[1024];
				65	};
				66
				67	void setupBFstate(BFstate s, uchar key[], int keybytes, uchar ivec);
				68	void bfCBCencrypt(uchar, int, BFstate);
				69	void bfCBCdecrypt(uchar, int, BFstate);
				70	void bfECBencrypt(uchar, int, BFstate);
				71	void bfECBdecrypt(uchar, int, BFstate);
				72
				73	/////////////////////////////////////////////////////////
				74	// DES definitions
				75	/////////////////////////////////////////////////////////
				76
				77	enum
				78	{
				79	DESbsize= 8
				80	};
				81
				82	// single des
				83	typedef struct DESstate DESstate;
				84	struct DESstate
				85	{
				86	ulong setup;
				87	uchar key[8]; /* unexpanded key */
				88	ulong expanded[32]; /* expanded key */
				89	uchar ivec[8]; /* initialization vector */
				90	};
				91
				92	void setupDESstate(DESstate s, uchar key[8], uchar ivec);
				93	void des_key_setup(uchar[8], ulong[32]);
				94	void block_cipher(ulong, uchar, int);
				95	void desCBCencrypt(uchar, int, DESstate);
				96	void desCBCdecrypt(uchar, int, DESstate);
				97	void desECBencrypt(uchar, int, DESstate);
				98	void desECBdecrypt(uchar, int, DESstate);
				99
				100	// for backward compatibility with 7 byte DES key format
				101	void des56to64(uchar k56, uchar k64);
				102	void des64to56(uchar k64, uchar k56);
				103	void key_setup(uchar[7], ulong[32]);
				104
				105	// triple des encrypt/decrypt orderings
				106	enum {
				107	DES3E= 0,
				108	DES3D= 1,
				109	DES3EEE= 0,
				110	DES3EDE= 2,
				111	DES3DED= 5,
				112	DES3DDD= 7
				113	};
				114
				115	typedef struct DES3state DES3state;
				116	struct DES3state
				117	{
				118	ulong setup;
				119	uchar key[3][8]; /* unexpanded key */
				120	ulong expanded[3][32]; /* expanded key */
				121	uchar ivec[8]; /* initialization vector */
				122	};
				123
				124	void setupDES3state(DES3state s, uchar key[3][8], uchar ivec);
				125	void triple_block_cipher(ulong keys[3][32], uchar*, int);
				126	void des3CBCencrypt(uchar, int, DES3state);
				127	void des3CBCdecrypt(uchar, int, DES3state);
				128	void des3ECBencrypt(uchar, int, DES3state);
				129	void des3ECBdecrypt(uchar, int, DES3state);
				130
				131	/////////////////////////////////////////////////////////
				132	// digests
				133	/////////////////////////////////////////////////////////
				134
				135	enum
				136	{
				137	SHA1dlen= 20, /* SHA digest length */
				138	MD4dlen= 16, /* MD4 digest length */
				139	MD5dlen= 16 /* MD5 digest length */
				140	};
				141
				142	typedef struct DigestState DigestState;
				143	struct DigestState
				144	{
				145	ulong len;
				146	u32int state[5];
				147	uchar buf[128];
				148	int blen;
				149	char malloced;
				150	char seeded;
				151	};
				152	typedef struct DigestState SHAstate; /* obsolete name */
				153	typedef struct DigestState SHA1state;
				154	typedef struct DigestState MD5state;
				155	typedef struct DigestState MD4state;
				156
				157	DigestState* md4(uchar, ulong, uchar, DigestState*);
				158	DigestState* md5(uchar, ulong, uchar, DigestState*);
				159	DigestState* sha1(uchar, ulong, uchar, DigestState*);
				160	DigestState* hmac_md5(uchar, ulong, uchar, ulong, uchar, DigestState);
				161	DigestState* hmac_sha1(uchar, ulong, uchar, ulong, uchar, DigestState);
				162	char* sha1pickle(SHA1state*);
				163	SHA1state* sha1unpickle(char*);
				164
				165	/////////////////////////////////////////////////////////
				166	// random number generation
				167	/////////////////////////////////////////////////////////
				168	void genrandom(uchar *buf, int nbytes);
				169	void prng(uchar *buf, int nbytes);
				170	ulong fastrand(void);
				171	ulong nfastrand(ulong);
				172
				173	/////////////////////////////////////////////////////////
				174	// primes
				175	/////////////////////////////////////////////////////////
				176	void genprime(mpint *p, int n, int accuracy); // generate an n bit probable prime
				177	void gensafeprime(mpint p, mpint alpha, int n, int accuracy); // prime and generator
				178	void genstrongprime(mpint *p, int n, int accuracy); // generate an n bit strong prime
				179	void DSAprimes(mpint q, mpint p, uchar seed[SHA1dlen]);
				180	int probably_prime(mpint *n, int nrep); // miller-rabin test
				181	int smallprimetest(mpint *p); // returns -1 if not prime, 0 otherwise
				182
				183	/////////////////////////////////////////////////////////
				184	// rc4
				185	/////////////////////////////////////////////////////////
				186	typedef struct RC4state RC4state;
				187	struct RC4state
				188	{
				189	uchar state[256];
				190	uchar x;
				191	uchar y;
				192	};
				193
				194	void setupRC4state(RC4state, uchar, int);
				195	void rc4(RC4state, uchar, int);
				196	void rc4skip(RC4state*, int);
				197	void rc4back(RC4state*, int);
				198
				199	/////////////////////////////////////////////////////////
				200	// rsa
				201	/////////////////////////////////////////////////////////
				202	typedef struct RSApub RSApub;
				203	typedef struct RSApriv RSApriv;
rsc	678ede7	2004-12-27 00:14:43 +0000	[diff] [blame]	204	typedef struct PEMChain PEMChain;
rsc	97a5e5f	2003-11-23 18:25:35 +0000	[diff] [blame]	205
				206	// public/encryption key
				207	struct RSApub
				208	{
				209	mpint *n; // modulus
				210	mpint *ek; // exp (encryption key)
				211	};
				212
				213	// private/decryption key
				214	struct RSApriv
				215	{
				216	RSApub pub;
				217
				218	mpint *dk; // exp (decryption key)
				219
				220	// precomputed values to help with chinese remainder theorem calc
				221	mpint *p;
				222	mpint *q;
				223	mpint *kp; // dk mod p-1
				224	mpint *kq; // dk mod q-1
				225	mpint *c2; // (inv p) mod q
				226	};
				227
rsc	678ede7	2004-12-27 00:14:43 +0000	[diff] [blame]	228	struct PEMChain
				229	{
				230	PEMChain *next;
				231	uchar *pem;
				232	int pemlen;
				233	};
				234
rsc	97a5e5f	2003-11-23 18:25:35 +0000	[diff] [blame]	235	RSApriv* rsagen(int nlen, int elen, int rounds);
				236	mpint* rsaencrypt(RSApub k, mpint in, mpint *out);
				237	mpint* rsadecrypt(RSApriv k, mpint in, mpint *out);
				238	RSApub* rsapuballoc(void);
				239	void rsapubfree(RSApub*);
				240	RSApriv* rsaprivalloc(void);
				241	void rsaprivfree(RSApriv*);
				242	RSApub* rsaprivtopub(RSApriv*);
				243	RSApub* X509toRSApub(uchar, int, char, int);
				244	RSApriv* asn1toRSApriv(uchar*, int);
rsc	678ede7	2004-12-27 00:14:43 +0000	[diff] [blame]	245	uchar* decodepem(char s, char type, int len, char*);
				246	PEMChain* decodepemchain(char s, char type);
rsc	97a5e5f	2003-11-23 18:25:35 +0000	[diff] [blame]	247	uchar* X509gen(RSApriv priv, char subj, ulong valid[2], int *certlen);
rsc	42e8d85	2005-02-13 18:31:57 +0000	[diff] [blame]	248	RSApriv* rsafill(mpint n, mpint ek, mpint dk, mpint p, mpint *q);
				249	uchar* X509req(RSApriv priv, char subj, int *certlen);
rsc	97a5e5f	2003-11-23 18:25:35 +0000	[diff] [blame]	250
				251	/////////////////////////////////////////////////////////
				252	// elgamal
				253	/////////////////////////////////////////////////////////
				254	typedef struct EGpub EGpub;
				255	typedef struct EGpriv EGpriv;
				256	typedef struct EGsig EGsig;
				257
				258	// public/encryption key
				259	struct EGpub
				260	{
				261	mpint *p; // modulus
				262	mpint *alpha; // generator
				263	mpint key; // (encryption key) alpha*secret mod p
				264	};
				265
				266	// private/decryption key
				267	struct EGpriv
				268	{
				269	EGpub pub;
				270	mpint *secret; // (decryption key)
				271	};
				272
				273	// signature
				274	struct EGsig
				275	{
				276	mpint r, s;
				277	};
				278
				279	EGpriv* eggen(int nlen, int rounds);
				280	mpint* egencrypt(EGpub k, mpint in, mpint *out);
				281	mpint* egdecrypt(EGpriv k, mpint in, mpint *out);
				282	EGsig* egsign(EGpriv k, mpint m);
				283	int egverify(EGpub k, EGsig sig, mpint *m);
				284	EGpub* egpuballoc(void);
				285	void egpubfree(EGpub*);
				286	EGpriv* egprivalloc(void);
				287	void egprivfree(EGpriv*);
				288	EGsig* egsigalloc(void);
				289	void egsigfree(EGsig*);
				290	EGpub* egprivtopub(EGpriv*);
				291
				292	/////////////////////////////////////////////////////////
				293	// dsa
				294	/////////////////////////////////////////////////////////
				295	typedef struct DSApub DSApub;
				296	typedef struct DSApriv DSApriv;
				297	typedef struct DSAsig DSAsig;
				298
				299	// public/encryption key
				300	struct DSApub
				301	{
				302	mpint *p; // modulus
				303	mpint *q; // group order, q divides p-1
				304	mpint *alpha; // group generator
				305	mpint key; // (encryption key) alpha*secret mod p
				306	};
				307
				308	// private/decryption key
				309	struct DSApriv
				310	{
				311	DSApub pub;
				312	mpint *secret; // (decryption key)
				313	};
				314
				315	// signature
				316	struct DSAsig
				317	{
				318	mpint r, s;
				319	};
				320
				321	DSApriv* dsagen(DSApub *opub);
				322	DSAsig* dsasign(DSApriv k, mpint m);
				323	int dsaverify(DSApub k, DSAsig sig, mpint *m);
				324	DSApub* dsapuballoc(void);
				325	void dsapubfree(DSApub*);
				326	DSApriv* dsaprivalloc(void);
				327	void dsaprivfree(DSApriv*);
				328	DSAsig* dsasigalloc(void);
				329	void dsasigfree(DSAsig*);
				330	DSApub* dsaprivtopub(DSApriv*);
rsc	42e8d85	2005-02-13 18:31:57 +0000	[diff] [blame]	331	DSApriv* asn1toDSApriv(uchar*, int);
rsc	97a5e5f	2003-11-23 18:25:35 +0000	[diff] [blame]	332
				333	/////////////////////////////////////////////////////////
				334	// TLS
				335	/////////////////////////////////////////////////////////
				336	typedef struct Thumbprint{
				337	struct Thumbprint *next;
				338	uchar sha1[SHA1dlen];
				339	} Thumbprint;
				340
				341	typedef struct TLSconn{
				342	char dir[40]; // connection directory
				343	uchar *cert; // certificate (local on input, remote on output)
				344	uchar *sessionID;
				345	int certlen, sessionIDlen;
				346	int (trace)(charfmt, ...);
rsc	678ede7	2004-12-27 00:14:43 +0000	[diff] [blame]	347	PEMChain *chain;
rsc	97a5e5f	2003-11-23 18:25:35 +0000	[diff] [blame]	348	} TLSconn;
				349
				350	// tlshand.c
				351	extern int tlsClient(int fd, TLSconn *c);
				352	extern int tlsServer(int fd, TLSconn *c);
				353
				354	// thumb.c
				355	extern Thumbprint* initThumbprints(char ok, char crl);
				356	extern void freeThumbprints(Thumbprint *ok);
				357	extern int okThumbprint(uchar sha1, Thumbprint ok);
				358
				359	// readcert.c
				360	extern uchar readcert(char filename, int *pcertlen);
rsc	678ede7	2004-12-27 00:14:43 +0000	[diff] [blame]	361	PEMChain readcertchain(char filename);
rsc	f701258	2003-11-25 01:40:27 +0000	[diff] [blame]	362
				363	#if defined(__cplusplus)
				364	}
				365	#endif
				366	#endif