libsec.h - vx32 - Local 9vx git repository for patches.
(HTM) git clone git://r-36.net/vx32
(DIR) Log
(DIR) Files
(DIR) Refs
---
libsec.h (8739B)
---
1
2
3 #ifndef _MPINT
4 typedef struct mpint mpint;
5 #endif
6
7 /*
8 * AES definitions
9 */
10
11 enum
12 {
13 AESbsize= 16,
14 AESmaxkey= 32,
15 AESmaxrounds= 14
16 };
17
18 typedef struct AESstate AESstate;
19 struct AESstate
20 {
21 ulong setup;
22 int rounds;
23 int keybytes;
24 // uint ctrsz;
25 uchar key[AESmaxkey]; /* unexpanded key */
26 ulong ekey[4*(AESmaxrounds + 1)]; /* encryption key */
27 ulong dkey[4*(AESmaxrounds + 1)]; /* decryption key */
28 uchar ivec[AESbsize]; /* initialization vector */
29 // uchar mackey[3 * AESbsize]; /* 3 XCBC mac 96 keys */
30 };
31
32 void setupAESstate(AESstate *s, uchar key[], int keybytes, uchar *ivec);
33 void aesCBCencrypt(uchar *p, int len, AESstate *s);
34 void aesCBCdecrypt(uchar *p, int len, AESstate *s);
35
36 /*
37 * Blowfish Definitions
38 */
39
40 enum
41 {
42 BFbsize = 8,
43 BFrounds= 16
44 };
45
46 /* 16-round Blowfish */
47 typedef struct BFstate BFstate;
48 struct BFstate
49 {
50 ulong setup;
51
52 uchar key[56];
53 uchar ivec[8];
54
55 uint32 pbox[BFrounds+2];
56 uint32 sbox[1024];
57 };
58
59 void setupBFstate(BFstate *s, uchar key[], int keybytes, uchar *ivec);
60 void bfCBCencrypt(uchar*, int, BFstate*);
61 void bfCBCdecrypt(uchar*, int, BFstate*);
62 void bfECBencrypt(uchar*, int, BFstate*);
63 void bfECBdecrypt(uchar*, int, BFstate*);
64
65 /*
66 * DES definitions
67 */
68
69 enum
70 {
71 DESbsize= 8
72 };
73
74 /* single des */
75 typedef struct DESstate DESstate;
76 struct DESstate
77 {
78 ulong setup;
79 uchar key[8]; /* unexpanded key */
80 ulong expanded[32]; /* expanded key */
81 uchar ivec[8]; /* initialization vector */
82 };
83
84 void setupDESstate(DESstate *s, uchar key[8], uchar *ivec);
85 void des_key_setup(uchar[8], ulong[32]);
86 void block_cipher(ulong*, uchar*, int);
87 void desCBCencrypt(uchar*, int, DESstate*);
88 void desCBCdecrypt(uchar*, int, DESstate*);
89 void desECBencrypt(uchar*, int, DESstate*);
90 void desECBdecrypt(uchar*, int, DESstate*);
91
92 /* for backward compatibility with 7-byte DES key format */
93 void des56to64(uchar *k56, uchar *k64);
94 void des64to56(uchar *k64, uchar *k56);
95 void key_setup(uchar[7], ulong[32]);
96
97 /* triple des encrypt/decrypt orderings */
98 enum {
99 DES3E= 0,
100 DES3D= 1,
101 DES3EEE= 0,
102 DES3EDE= 2,
103 DES3DED= 5,
104 DES3DDD= 7
105 };
106
107 typedef struct DES3state DES3state;
108 struct DES3state
109 {
110 ulong setup;
111 uchar key[3][8]; /* unexpanded key */
112 ulong expanded[3][32]; /* expanded key */
113 uchar ivec[8]; /* initialization vector */
114 };
115
116 void setupDES3state(DES3state *s, uchar key[3][8], uchar *ivec);
117 void triple_block_cipher(ulong keys[3][32], uchar*, int);
118 void des3CBCencrypt(uchar*, int, DES3state*);
119 void des3CBCdecrypt(uchar*, int, DES3state*);
120 void des3ECBencrypt(uchar*, int, DES3state*);
121 void des3ECBdecrypt(uchar*, int, DES3state*);
122
123 /*
124 * digests
125 */
126
127 enum
128 {
129 SHA1dlen= 20, /* SHA digest length */
130 MD4dlen= 16, /* MD4 digest length */
131 MD5dlen= 16, /* MD5 digest length */
132 AESdlen= 16, /* TODO: see rfc */
133
134 Hmacblksz = 64, /* in bytes; from rfc2104 */
135 };
136
137 typedef struct DigestState DigestState;
138 struct DigestState
139 {
140 uvlong len;
141 uint32 state[5];
142 uchar buf[128];
143 int blen;
144 char malloced;
145 char seeded;
146 };
147 typedef struct DigestState SHAstate; /* obsolete name */
148 typedef struct DigestState SHA1state;
149 typedef struct DigestState MD5state;
150 typedef struct DigestState MD4state;
151 typedef struct DigestState AEShstate;
152
153 DigestState* md4(uchar*, ulong, uchar*, DigestState*);
154 DigestState* md5(uchar*, ulong, uchar*, DigestState*);
155 DigestState* sha1(uchar*, ulong, uchar*, DigestState*);
156 DigestState* aes(uchar*, ulong, uchar*, DigestState*);
157 DigestState* hmac_x(uchar *p, ulong len, uchar *key, ulong klen,
158 uchar *digest, DigestState *s,
159 DigestState*(*x)(uchar*, ulong, uchar*, DigestState*),
160 int xlen);
161 DigestState* hmac_md5(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
162 DigestState* hmac_sha1(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
163 DigestState* hmac_aes(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
164 char* md5pickle(MD5state*);
165 MD5state* md5unpickle(char*);
166 char* sha1pickle(SHA1state*);
167 SHA1state* sha1unpickle(char*);
168
169 /*
170 * random number generation
171 */
172 void genrandom(uchar *buf, int nbytes);
173 void prng(uchar *buf, int nbytes);
174 ulong fastrand(void);
175 ulong nfastrand(ulong);
176
177 /*
178 * primes
179 */
180 void genprime(mpint *p, int n, int accuracy); /* generate n-bit probable prime */
181 void gensafeprime(mpint *p, mpint *alpha, int n, int accuracy); /* prime & generator */
182 void genstrongprime(mpint *p, int n, int accuracy); /* generate n-bit strong prime */
183 void DSAprimes(mpint *q, mpint *p, uchar seed[SHA1dlen]);
184 int probably_prime(mpint *n, int nrep); /* miller-rabin test */
185 int smallprimetest(mpint *p); /* returns -1 if not prime, 0 otherwise */
186
187 /*
188 * rc4
189 */
190 typedef struct RC4state RC4state;
191 struct RC4state
192 {
193 uchar state[256];
194 uchar x;
195 uchar y;
196 };
197
198 void setupRC4state(RC4state*, uchar*, int);
199 void rc4(RC4state*, uchar*, int);
200 void rc4skip(RC4state*, int);
201 void rc4back(RC4state*, int);
202
203 /*
204 * rsa
205 */
206 typedef struct RSApub RSApub;
207 typedef struct RSApriv RSApriv;
208 typedef struct PEMChain PEMChain;
209
210 /* public/encryption key */
211 struct RSApub
212 {
213 mpint *n; /* modulus */
214 mpint *ek; /* exp (encryption key) */
215 };
216
217 /* private/decryption key */
218 struct RSApriv
219 {
220 RSApub pub;
221
222 mpint *dk; /* exp (decryption key) */
223
224 /* precomputed values to help with chinese remainder theorem calc */
225 mpint *p;
226 mpint *q;
227 mpint *kp; /* dk mod p-1 */
228 mpint *kq; /* dk mod q-1 */
229 mpint *c2; /* (inv p) mod q */
230 };
231
232 struct PEMChain{
233 PEMChain*next;
234 uchar *pem;
235 int pemlen;
236 };
237
238 RSApriv* rsagen(int nlen, int elen, int rounds);
239 RSApriv* rsafill(mpint *n, mpint *e, mpint *d, mpint *p, mpint *q);
240 mpint* rsaencrypt(RSApub *k, mpint *in, mpint *out);
241 mpint* rsadecrypt(RSApriv *k, mpint *in, mpint *out);
242 RSApub* rsapuballoc(void);
243 void rsapubfree(RSApub*);
244 RSApriv* rsaprivalloc(void);
245 void rsaprivfree(RSApriv*);
246 RSApub* rsaprivtopub(RSApriv*);
247 RSApub* X509toRSApub(uchar*, int, char*, int);
248 RSApriv* asn1toRSApriv(uchar*, int);
249 void asn1dump(uchar *der, int len);
250 uchar* decodePEM(char *s, char *type, int *len, char **new_s);
251 PEMChain* decodepemchain(char *s, char *type);
252 uchar* X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
253 uchar* X509req(RSApriv *priv, char *subj, int *certlen);
254 char* X509verify(uchar *cert, int ncert, RSApub *pk);
255 void X509dump(uchar *cert, int ncert);
256
257 /*
258 * elgamal
259 */
260 typedef struct EGpub EGpub;
261 typedef struct EGpriv EGpriv;
262 typedef struct EGsig EGsig;
263
264 /* public/encryption key */
265 struct EGpub
266 {
267 mpint *p; /* modulus */
268 mpint *alpha; /* generator */
269 mpint *key; /* (encryption key) alpha**secret mod p */
270 };
271
272 /* private/decryption key */
273 struct EGpriv
274 {
275 EGpub pub;
276 mpint *secret; /* (decryption key) */
277 };
278
279 /* signature */
280 struct EGsig
281 {
282 mpint *r, *s;
283 };
284
285 EGpriv* eggen(int nlen, int rounds);
286 mpint* egencrypt(EGpub *k, mpint *in, mpint *out); /* deprecated */
287 mpint* egdecrypt(EGpriv *k, mpint *in, mpint *out);
288 EGsig* egsign(EGpriv *k, mpint *m);
289 int egverify(EGpub *k, EGsig *sig, mpint *m);
290 EGpub* egpuballoc(void);
291 void egpubfree(EGpub*);
292 EGpriv* egprivalloc(void);
293 void egprivfree(EGpriv*);
294 EGsig* egsigalloc(void);
295 void egsigfree(EGsig*);
296 EGpub* egprivtopub(EGpriv*);
297
298 /*
299 * dsa
300 */
301 typedef struct DSApub DSApub;
302 typedef struct DSApriv DSApriv;
303 typedef struct DSAsig DSAsig;
304
305 /* public/encryption key */
306 struct DSApub
307 {
308 mpint *p; /* modulus */
309 mpint *q; /* group order, q divides p-1 */
310 mpint *alpha; /* group generator */
311 mpint *key; /* (encryption key) alpha**secret mod p */
312 };
313
314 /* private/decryption key */
315 struct DSApriv
316 {
317 DSApub pub;
318 mpint *secret; /* (decryption key) */
319 };
320
321 /* signature */
322 struct DSAsig
323 {
324 mpint *r, *s;
325 };
326
327 DSApriv* dsagen(DSApub *opub); /* opub not checked for consistency! */
328 DSAsig* dsasign(DSApriv *k, mpint *m);
329 int dsaverify(DSApub *k, DSAsig *sig, mpint *m);
330 DSApub* dsapuballoc(void);
331 void dsapubfree(DSApub*);
332 DSApriv* dsaprivalloc(void);
333 void dsaprivfree(DSApriv*);
334 DSAsig* dsasigalloc(void);
335 void dsasigfree(DSAsig*);
336 DSApub* dsaprivtopub(DSApriv*);
337 DSApriv* asn1toDSApriv(uchar*, int);
338
339 /*
340 * TLS
341 */
342 typedef struct Thumbprint{
343 struct Thumbprint *next;
344 uchar sha1[SHA1dlen];
345 } Thumbprint;
346
347 typedef struct TLSconn{
348 char dir[40]; /* connection directory */
349 uchar *cert; /* certificate (local on input, remote on output) */
350 uchar *sessionID;
351 int certlen;
352 int sessionIDlen;
353 int (*trace)(char*fmt, ...);
354 PEMChain*chain; /* optional extra certificate evidence for servers to present */
355 char *sessionType;
356 uchar *sessionKey;
357 int sessionKeylen;
358 char *sessionConst;
359 } TLSconn;
360
361 /* tlshand.c */
362 int tlsClient(int fd, TLSconn *c);
363 int tlsServer(int fd, TLSconn *c);
364
365 /* thumb.c */
366 Thumbprint* initThumbprints(char *ok, char *crl);
367 void freeThumbprints(Thumbprint *ok);
368 int okThumbprint(uchar *sha1, Thumbprint *ok);
369
370 /* readcert.c */
371 uchar *readcert(char *filename, int *pcertlen);
372 PEMChain*readcertchain(char *filename);