libsec.h - 9base - revived minimalist port of Plan 9 userland to Unix
(HTM) git clone git://git.suckless.org/9base
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
libsec.h (9329B)
---
1 #ifndef _LIBSEC_H_
2 #define _LIBSEC_H_ 1
3 #if defined(__cplusplus)
4 extern "C" {
5 #endif
6 /*
7 #pragma lib "libsec.a"
8 #pragma src "/sys/src/libsec"
9 */
10
11 AUTOLIB(sec)
12
13 #ifndef _MPINT
14 typedef struct mpint mpint;
15 #endif
16
17 /*******************************************************/
18 /* AES definitions */
19 /*******************************************************/
20
21 enum
22 {
23 AESbsize= 16,
24 AESmaxkey= 32,
25 AESmaxrounds= 14
26 };
27
28 typedef struct AESstate AESstate;
29 struct AESstate
30 {
31 ulong setup;
32 int rounds;
33 int keybytes;
34 uchar key[AESmaxkey]; /* unexpanded key */
35 u32int ekey[4*(AESmaxrounds + 1)]; /* encryption key */
36 u32int dkey[4*(AESmaxrounds + 1)]; /* decryption key */
37 uchar ivec[AESbsize]; /* initialization vector */
38 };
39
40 void setupAESstate(AESstate *s, uchar key[], int keybytes, uchar *ivec);
41 void aesCBCencrypt(uchar *p, int len, AESstate *s);
42 void aesCBCdecrypt(uchar *p, int len, AESstate *s);
43
44 /*******************************************************/
45 /* Blowfish Definitions */
46 /*******************************************************/
47
48 enum
49 {
50 BFbsize = 8,
51 BFrounds = 16
52 };
53
54 /* 16-round Blowfish */
55 typedef struct BFstate BFstate;
56 struct BFstate
57 {
58 ulong setup;
59
60 uchar key[56];
61 uchar ivec[8];
62
63 u32int pbox[BFrounds+2];
64 u32int sbox[1024];
65 };
66
67 void setupBFstate(BFstate *s, uchar key[], int keybytes, uchar *ivec);
68 void bfCBCencrypt(uchar*, int, BFstate*);
69 void bfCBCdecrypt(uchar*, int, BFstate*);
70 void bfECBencrypt(uchar*, int, BFstate*);
71 void bfECBdecrypt(uchar*, int, BFstate*);
72
73 /*******************************************************/
74 /* DES definitions */
75 /*******************************************************/
76
77 enum
78 {
79 DESbsize= 8
80 };
81
82 /* single des */
83 typedef struct DESstate DESstate;
84 struct DESstate
85 {
86 ulong setup;
87 uchar key[8]; /* unexpanded key */
88 ulong expanded[32]; /* expanded key */
89 uchar ivec[8]; /* initialization vector */
90 };
91
92 void setupDESstate(DESstate *s, uchar key[8], uchar *ivec);
93 void des_key_setup(uchar[8], ulong[32]);
94 void block_cipher(ulong*, uchar*, int);
95 void desCBCencrypt(uchar*, int, DESstate*);
96 void desCBCdecrypt(uchar*, int, DESstate*);
97 void desECBencrypt(uchar*, int, DESstate*);
98 void desECBdecrypt(uchar*, int, DESstate*);
99
100 /* for backward compatibility with 7 byte DES key format */
101 void des56to64(uchar *k56, uchar *k64);
102 void des64to56(uchar *k64, uchar *k56);
103 void key_setup(uchar[7], ulong[32]);
104
105 /* triple des encrypt/decrypt orderings */
106 enum {
107 DES3E= 0,
108 DES3D= 1,
109 DES3EEE= 0,
110 DES3EDE= 2,
111 DES3DED= 5,
112 DES3DDD= 7
113 };
114
115 typedef struct DES3state DES3state;
116 struct DES3state
117 {
118 ulong setup;
119 uchar key[3][8]; /* unexpanded key */
120 ulong expanded[3][32]; /* expanded key */
121 uchar ivec[8]; /* initialization vector */
122 };
123
124 void setupDES3state(DES3state *s, uchar key[3][8], uchar *ivec);
125 void triple_block_cipher(ulong keys[3][32], uchar*, int);
126 void des3CBCencrypt(uchar*, int, DES3state*);
127 void des3CBCdecrypt(uchar*, int, DES3state*);
128 void des3ECBencrypt(uchar*, int, DES3state*);
129 void des3ECBdecrypt(uchar*, int, DES3state*);
130
131 /*******************************************************/
132 /* digests */
133 /*******************************************************/
134
135 enum
136 {
137 SHA1dlen= 20, /* SHA digest length */
138 MD4dlen= 16, /* MD4 digest length */
139 MD5dlen= 16 /* MD5 digest length */
140 };
141
142 typedef struct DigestState DigestState;
143 struct DigestState
144 {
145 ulong len;
146 u32int state[5];
147 uchar buf[128];
148 int blen;
149 char malloced;
150 char seeded;
151 };
152 typedef struct DigestState SHAstate; /* obsolete name */
153 typedef struct DigestState SHA1state;
154 typedef struct DigestState MD5state;
155 typedef struct DigestState MD4state;
156
157 DigestState* md4(uchar*, ulong, uchar*, DigestState*);
158 DigestState* md5(uchar*, ulong, uchar*, DigestState*);
159 DigestState* sha1(uchar*, ulong, uchar*, DigestState*);
160 DigestState* hmac_md5(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
161 DigestState* hmac_sha1(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
162 char* sha1pickle(SHA1state*);
163 SHA1state* sha1unpickle(char*);
164
165 /*******************************************************/
166 /* random number generation */
167 /*******************************************************/
168 void genrandom(uchar *buf, int nbytes);
169 void prng(uchar *buf, int nbytes);
170 ulong fastrand(void);
171 ulong nfastrand(ulong);
172
173 /*******************************************************/
174 /* primes */
175 /*******************************************************/
176 void genprime(mpint *p, int n, int accuracy); /* generate an n bit probable prime */
177 void gensafeprime(mpint *p, mpint *alpha, int n, int accuracy); /* prime and generator */
178 void genstrongprime(mpint *p, int n, int accuracy); /* generate an n bit strong prime */
179 void DSAprimes(mpint *q, mpint *p, uchar seed[SHA1dlen]);
180 int probably_prime(mpint *n, int nrep); /* miller-rabin test */
181 int smallprimetest(mpint *p); /* returns -1 if not prime, 0 otherwise */
182
183 /*******************************************************/
184 /* rc4 */
185 /*******************************************************/
186 typedef struct RC4state RC4state;
187 struct RC4state
188 {
189 uchar state[256];
190 uchar x;
191 uchar y;
192 };
193
194 void setupRC4state(RC4state*, uchar*, int);
195 void rc4(RC4state*, uchar*, int);
196 void rc4skip(RC4state*, int);
197 void rc4back(RC4state*, int);
198
199 /*******************************************************/
200 /* rsa */
201 /*******************************************************/
202 typedef struct RSApub RSApub;
203 typedef struct RSApriv RSApriv;
204 typedef struct PEMChain PEMChain;
205
206 /* public/encryption key */
207 struct RSApub
208 {
209 mpint *n; /* modulus */
210 mpint *ek; /* exp (encryption key) */
211 };
212
213 /* private/decryption key */
214 struct RSApriv
215 {
216 RSApub pub;
217
218 mpint *dk; /* exp (decryption key) */
219
220 /* precomputed values to help with chinese remainder theorem calc */
221 mpint *p;
222 mpint *q;
223 mpint *kp; /* dk mod p-1 */
224 mpint *kq; /* dk mod q-1 */
225 mpint *c2; /* (inv p) mod q */
226 };
227
228 struct PEMChain
229 {
230 PEMChain *next;
231 uchar *pem;
232 int pemlen;
233 };
234
235 RSApriv* rsagen(int nlen, int elen, int rounds);
236 mpint* rsaencrypt(RSApub *k, mpint *in, mpint *out);
237 mpint* rsadecrypt(RSApriv *k, mpint *in, mpint *out);
238 RSApub* rsapuballoc(void);
239 void rsapubfree(RSApub*);
240 RSApriv* rsaprivalloc(void);
241 void rsaprivfree(RSApriv*);
242 RSApub* rsaprivtopub(RSApriv*);
243 RSApub* X509toRSApub(uchar*, int, char*, int);
244 RSApriv* asn1toRSApriv(uchar*, int);
245 uchar* decodepem(char *s, char *type, int *len, char**);
246 PEMChain* decodepemchain(char *s, char *type);
247 uchar* X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
248 RSApriv* rsafill(mpint *n, mpint *ek, mpint *dk, mpint *p, mpint *q);
249 uchar* X509req(RSApriv *priv, char *subj, int *certlen);
250
251 /*******************************************************/
252 /* elgamal */
253 /*******************************************************/
254 typedef struct EGpub EGpub;
255 typedef struct EGpriv EGpriv;
256 typedef struct EGsig EGsig;
257
258 /* public/encryption key */
259 struct EGpub
260 {
261 mpint *p; /* modulus */
262 mpint *alpha; /* generator */
263 mpint *key; /* (encryption key) alpha**secret mod p */
264 };
265
266 /* private/decryption key */
267 struct EGpriv
268 {
269 EGpub pub;
270 mpint *secret; /* (decryption key) */
271 };
272
273 /* signature */
274 struct EGsig
275 {
276 mpint *r, *s;
277 };
278
279 EGpriv* eggen(int nlen, int rounds);
280 mpint* egencrypt(EGpub *k, mpint *in, mpint *out);
281 mpint* egdecrypt(EGpriv *k, mpint *in, mpint *out);
282 EGsig* egsign(EGpriv *k, mpint *m);
283 int egverify(EGpub *k, EGsig *sig, mpint *m);
284 EGpub* egpuballoc(void);
285 void egpubfree(EGpub*);
286 EGpriv* egprivalloc(void);
287 void egprivfree(EGpriv*);
288 EGsig* egsigalloc(void);
289 void egsigfree(EGsig*);
290 EGpub* egprivtopub(EGpriv*);
291
292 /*******************************************************/
293 /* dsa */
294 /*******************************************************/
295 typedef struct DSApub DSApub;
296 typedef struct DSApriv DSApriv;
297 typedef struct DSAsig DSAsig;
298
299 /* public/encryption key */
300 struct DSApub
301 {
302 mpint *p; /* modulus */
303 mpint *q; /* group order, q divides p-1 */
304 mpint *alpha; /* group generator */
305 mpint *key; /* (encryption key) alpha**secret mod p */
306 };
307
308 /* private/decryption key */
309 struct DSApriv
310 {
311 DSApub pub;
312 mpint *secret; /* (decryption key) */
313 };
314
315 /* signature */
316 struct DSAsig
317 {
318 mpint *r, *s;
319 };
320
321 DSApriv* dsagen(DSApub *opub);
322 DSAsig* dsasign(DSApriv *k, mpint *m);
323 int dsaverify(DSApub *k, DSAsig *sig, mpint *m);
324 DSApub* dsapuballoc(void);
325 void dsapubfree(DSApub*);
326 DSApriv* dsaprivalloc(void);
327 void dsaprivfree(DSApriv*);
328 DSAsig* dsasigalloc(void);
329 void dsasigfree(DSAsig*);
330 DSApub* dsaprivtopub(DSApriv*);
331 DSApriv* asn1toDSApriv(uchar*, int);
332
333 /*******************************************************/
334 /* TLS */
335 /*******************************************************/
336 typedef struct Thumbprint{
337 struct Thumbprint *next;
338 uchar sha1[SHA1dlen];
339 } Thumbprint;
340
341 typedef struct TLSconn{
342 char dir[40]; /* connection directory */
343 uchar *cert; /* certificate (local on input, remote on output) */
344 uchar *sessionID;
345 int certlen, sessionIDlen;
346 int (*trace)(char*fmt, ...);
347 PEMChain *chain;
348 } TLSconn;
349
350 /* tlshand.c */
351 extern int tlsClient(int fd, TLSconn *c);
352 extern int tlsServer(int fd, TLSconn *c);
353
354 /* thumb.c */
355 extern Thumbprint* initThumbprints(char *ok, char *crl);
356 extern void freeThumbprints(Thumbprint *ok);
357 extern int okThumbprint(uchar *sha1, Thumbprint *ok);
358
359 /* readcert.c */
360 extern uchar *readcert(char *filename, int *pcertlen);
361 PEMChain *readcertchain(char *filename);
362
363 #if defined(__cplusplus)
364 }
365 #endif
366 #endif