xref: /plan9/sys/include/ape/libsec.h (revision 46d884bb2395ece4cb8d70e02a692b31d37806aa) 
1 #ifndef _PLAN9_SOURCE
2   This header file is an extension to ANSI/POSIX
3 #endif
4 
5 #ifndef __LIBSEC_H_
6 #define __LIBSEC_H_
7 #pragma	src	"/sys/src/ape/lib/sec"
8 #pragma	lib	"/$M/lib/ape/libsec.a"
9 
10 #ifndef _MPINT
11 typedef struct mpint mpint;
12 #endif
13 
14 /*
15  * AES definitions
16  */
17 
18 enum
19 {
20 	AESbsize=	16,
21 	AESmaxkey=	32,
22 	AESmaxrounds=	14
23 };
24 
25 typedef struct AESstate AESstate;
26 struct AESstate
27 {
28 	ulong	setup;
29 	int	rounds;
30 	int	keybytes;
31 	uint	ctrsz;
32 	uchar	key[AESmaxkey];			/* unexpanded key */
33 	ulong	ekey[4*(AESmaxrounds + 1)];	/* encryption key */
34 	ulong	dkey[4*(AESmaxrounds + 1)];	/* decryption key */
35 	uchar	ivec[AESbsize];			/* initialization vector */
36 	uchar	mackey[3 * AESbsize];		/* 3 XCBC mac 96 keys */
37 };
38 
39 /* block ciphers */
40 void	aes_encrypt(ulong rk[], int Nr, uchar pt[16], uchar ct[16]);
41 void	aes_decrypt(ulong rk[], int Nr, uchar ct[16], uchar pt[16]);
42 
43 void	setupAESstate(AESstate *s, uchar key[], int keybytes, uchar *ivec);
44 void	aesCBCencrypt(uchar *p, int len, AESstate *s);
45 void	aesCBCdecrypt(uchar *p, int len, AESstate *s);
46 void	aesCTRdecrypt(uchar *p, int len, AESstate *s);
47 void	aesCTRencrypt(uchar *p, int len, AESstate *s);
48 
49 void	setupAESXCBCstate(AESstate *s);
50 uchar*	aesXCBCmac(uchar *p, int len, AESstate *s);
51 
52 /*
53  * Blowfish Definitions
54  */
55 
56 enum
57 {
58 	BFbsize	= 8,
59 	BFrounds= 16
60 };
61 
62 /* 16-round Blowfish */
63 typedef struct BFstate BFstate;
64 struct BFstate
65 {
66 	ulong	setup;
67 
68 	uchar	key[56];
69 	uchar	ivec[8];
70 
71 	u32int 	pbox[BFrounds+2];
72 	u32int	sbox[1024];
73 };
74 
75 void	setupBFstate(BFstate *s, uchar key[], int keybytes, uchar *ivec);
76 void	bfCBCencrypt(uchar*, int, BFstate*);
77 void	bfCBCdecrypt(uchar*, int, BFstate*);
78 void	bfECBencrypt(uchar*, int, BFstate*);
79 void	bfECBdecrypt(uchar*, int, BFstate*);
80 
81 /*
82  * DES definitions
83  */
84 
85 enum
86 {
87 	DESbsize=	8
88 };
89 
90 /* single des */
91 typedef struct DESstate DESstate;
92 struct DESstate
93 {
94 	ulong	setup;
95 	uchar	key[8];		/* unexpanded key */
96 	ulong	expanded[32];	/* expanded key */
97 	uchar	ivec[8];	/* initialization vector */
98 };
99 
100 void	setupDESstate(DESstate *s, uchar key[8], uchar *ivec);
101 void	des_key_setup(uchar[8], ulong[32]);
102 void	block_cipher(ulong*, uchar*, int);
103 void	desCBCencrypt(uchar*, int, DESstate*);
104 void	desCBCdecrypt(uchar*, int, DESstate*);
105 void	desECBencrypt(uchar*, int, DESstate*);
106 void	desECBdecrypt(uchar*, int, DESstate*);
107 
108 /* for backward compatibility with 7-byte DES key format */
109 void	des56to64(uchar *k56, uchar *k64);
110 void	des64to56(uchar *k64, uchar *k56);
111 void	key_setup(uchar[7], ulong[32]);
112 
113 /* triple des encrypt/decrypt orderings */
114 enum {
115 	DES3E=		0,
116 	DES3D=		1,
117 	DES3EEE=	0,
118 	DES3EDE=	2,
119 	DES3DED=	5,
120 	DES3DDD=	7
121 };
122 
123 typedef struct DES3state DES3state;
124 struct DES3state
125 {
126 	ulong	setup;
127 	uchar	key[3][8];		/* unexpanded key */
128 	ulong	expanded[3][32];	/* expanded key */
129 	uchar	ivec[8];		/* initialization vector */
130 };
131 
132 void	setupDES3state(DES3state *s, uchar key[3][8], uchar *ivec);
133 void	triple_block_cipher(ulong keys[3][32], uchar*, int);
134 void	des3CBCencrypt(uchar*, int, DES3state*);
135 void	des3CBCdecrypt(uchar*, int, DES3state*);
136 void	des3ECBencrypt(uchar*, int, DES3state*);
137 void	des3ECBdecrypt(uchar*, int, DES3state*);
138 
139 /*
140  * digests
141  */
142 
143 enum
144 {
145 	SHA1dlen=	20,	/* SHA digest length */
146 	SHA2_224dlen=	28,	/* SHA-224 digest length */
147 	SHA2_256dlen=	32,	/* SHA-256 digest length */
148 	SHA2_384dlen=	48,	/* SHA-384 digest length */
149 	SHA2_512dlen=	64,	/* SHA-512 digest length */
150 	MD4dlen=	16,	/* MD4 digest length */
151 	MD5dlen=	16,	/* MD5 digest length */
152 	AESdlen=	16,	/* TODO: see rfc */
153 
154 	Hmacblksz	= 64,	/* in bytes; from rfc2104 */
155 };
156 
157 typedef struct DigestState DigestState;
158 struct DigestState
159 {
160 	uvlong	len;
161 	union {
162 		u32int	state[8];
163 		u64int	bstate[8];
164 	};
165 	uchar	buf[256];
166 	int	blen;
167 	char	malloced;
168 	char	seeded;
169 };
170 typedef struct DigestState SHAstate;	/* obsolete name */
171 typedef struct DigestState SHA1state;
172 typedef struct DigestState SHA2_224state;
173 typedef struct DigestState SHA2_256state;
174 typedef struct DigestState SHA2_384state;
175 typedef struct DigestState SHA2_512state;
176 typedef struct DigestState MD5state;
177 typedef struct DigestState MD4state;
178 typedef struct DigestState AEShstate;
179 
180 DigestState*	md4(uchar*, ulong, uchar*, DigestState*);
181 DigestState*	md5(uchar*, ulong, uchar*, DigestState*);
182 DigestState*	sha1(uchar*, ulong, uchar*, DigestState*);
183 DigestState*	sha2_224(uchar*, ulong, uchar*, DigestState*);
184 DigestState*	sha2_256(uchar*, ulong, uchar*, DigestState*);
185 DigestState*	sha2_384(uchar*, ulong, uchar*, DigestState*);
186 DigestState*	sha2_512(uchar*, ulong, uchar*, DigestState*);
187 DigestState*	aes(uchar*, ulong, uchar*, DigestState*);
188 DigestState*	hmac_x(uchar *p, ulong len, uchar *key, ulong klen,
189 			uchar *digest, DigestState *s,
190 			DigestState*(*x)(uchar*, ulong, uchar*, DigestState*),
191 			int xlen);
192 DigestState*	hmac_md5(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
193 DigestState*	hmac_sha1(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
194 DigestState*	hmac_sha2_224(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
195 DigestState*	hmac_sha2_256(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
196 DigestState*	hmac_sha2_384(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
197 DigestState*	hmac_sha2_512(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
198 DigestState*	hmac_aes(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
199 char*		md5pickle(MD5state*);
200 MD5state*	md5unpickle(char*);
201 char*		sha1pickle(SHA1state*);
202 SHA1state*	sha1unpickle(char*);
203 
204 /*
205  * random number generation
206  */
207 void	genrandom(uchar *buf, int nbytes);
208 void	prng(uchar *buf, int nbytes);
209 ulong	fastrand(void);
210 ulong	nfastrand(ulong);
211 
212 /*
213  * primes
214  */
215 void	genprime(mpint *p, int n, int accuracy); /* generate n-bit probable prime */
216 void	gensafeprime(mpint *p, mpint *alpha, int n, int accuracy); /* prime & generator */
217 void	genstrongprime(mpint *p, int n, int accuracy); /* generate n-bit strong prime */
218 void	DSAprimes(mpint *q, mpint *p, uchar seed[SHA1dlen]);
219 int	probably_prime(mpint *n, int nrep);	/* miller-rabin test */
220 int	smallprimetest(mpint *p);  /* returns -1 if not prime, 0 otherwise */
221 
222 /*
223  * rc4
224  */
225 typedef struct RC4state RC4state;
226 struct RC4state
227 {
228 	 uchar	state[256];
229 	 uchar	x;
230 	 uchar	y;
231 };
232 
233 void	setupRC4state(RC4state*, uchar*, int);
234 void	rc4(RC4state*, uchar*, int);
235 void	rc4skip(RC4state*, int);
236 void	rc4back(RC4state*, int);
237 
238 /*
239  * rsa
240  */
241 typedef struct RSApub RSApub;
242 typedef struct RSApriv RSApriv;
243 typedef struct PEMChain PEMChain;
244 
245 /* public/encryption key */
246 struct RSApub
247 {
248 	mpint	*n;	/* modulus */
249 	mpint	*ek;	/* exp (encryption key) */
250 };
251 
252 /* private/decryption key */
253 struct RSApriv
254 {
255 	RSApub	pub;
256 
257 	mpint	*dk;	/* exp (decryption key) */
258 
259 	/* precomputed values to help with chinese remainder theorem calc */
260 	mpint	*p;
261 	mpint	*q;
262 	mpint	*kp;	/* dk mod p-1 */
263 	mpint	*kq;	/* dk mod q-1 */
264 	mpint	*c2;	/* (inv p) mod q */
265 };
266 
267 struct PEMChain{
268 	PEMChain*next;
269 	uchar	*pem;
270 	int	pemlen;
271 };
272 
273 RSApriv*	rsagen(int nlen, int elen, int rounds);
274 RSApriv*	rsafill(mpint *n, mpint *e, mpint *d, mpint *p, mpint *q);
275 mpint*		rsaencrypt(RSApub *k, mpint *in, mpint *out);
276 mpint*		rsadecrypt(RSApriv *k, mpint *in, mpint *out);
277 RSApub*		rsapuballoc(void);
278 void		rsapubfree(RSApub*);
279 RSApriv*	rsaprivalloc(void);
280 void		rsaprivfree(RSApriv*);
281 RSApub*		rsaprivtopub(RSApriv*);
282 RSApub*		X509toRSApub(uchar*, int, char*, int);
283 RSApriv*	asn1toRSApriv(uchar*, int);
284 void		asn1dump(uchar *der, int len);
285 uchar*		decodePEM(char *s, char *type, int *len, char **new_s);
286 PEMChain*	decodepemchain(char *s, char *type);
287 uchar*		X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
288 uchar*		X509req(RSApriv *priv, char *subj, int *certlen);
289 char*		X509verify(uchar *cert, int ncert, RSApub *pk);
290 void		X509dump(uchar *cert, int ncert);
291 
292 /*
293  * elgamal
294  */
295 typedef struct EGpub EGpub;
296 typedef struct EGpriv EGpriv;
297 typedef struct EGsig EGsig;
298 
299 /* public/encryption key */
300 struct EGpub
301 {
302 	mpint	*p;	/* modulus */
303 	mpint	*alpha;	/* generator */
304 	mpint	*key;	/* (encryption key) alpha**secret mod p */
305 };
306 
307 /* private/decryption key */
308 struct EGpriv
309 {
310 	EGpub	pub;
311 	mpint	*secret;	/* (decryption key) */
312 };
313 
314 /* signature */
315 struct EGsig
316 {
317 	mpint	*r, *s;
318 };
319 
320 EGpriv*		eggen(int nlen, int rounds);
321 mpint*		egencrypt(EGpub *k, mpint *in, mpint *out);	/* deprecated */
322 mpint*		egdecrypt(EGpriv *k, mpint *in, mpint *out);
323 EGsig*		egsign(EGpriv *k, mpint *m);
324 int		egverify(EGpub *k, EGsig *sig, mpint *m);
325 EGpub*		egpuballoc(void);
326 void		egpubfree(EGpub*);
327 EGpriv*		egprivalloc(void);
328 void		egprivfree(EGpriv*);
329 EGsig*		egsigalloc(void);
330 void		egsigfree(EGsig*);
331 EGpub*		egprivtopub(EGpriv*);
332 
333 /*
334  * dsa
335  */
336 typedef struct DSApub DSApub;
337 typedef struct DSApriv DSApriv;
338 typedef struct DSAsig DSAsig;
339 
340 /* public/encryption key */
341 struct DSApub
342 {
343 	mpint	*p;	/* modulus */
344 	mpint	*q;	/* group order, q divides p-1 */
345 	mpint	*alpha;	/* group generator */
346 	mpint	*key;	/* (encryption key) alpha**secret mod p */
347 };
348 
349 /* private/decryption key */
350 struct DSApriv
351 {
352 	DSApub	pub;
353 	mpint	*secret;	/* (decryption key) */
354 };
355 
356 /* signature */
357 struct DSAsig
358 {
359 	mpint	*r, *s;
360 };
361 
362 DSApriv*	dsagen(DSApub *opub);	/* opub not checked for consistency! */
363 DSAsig*		dsasign(DSApriv *k, mpint *m);
364 int		dsaverify(DSApub *k, DSAsig *sig, mpint *m);
365 DSApub*		dsapuballoc(void);
366 void		dsapubfree(DSApub*);
367 DSApriv*	dsaprivalloc(void);
368 void		dsaprivfree(DSApriv*);
369 DSAsig*		dsasigalloc(void);
370 void		dsasigfree(DSAsig*);
371 DSApub*		dsaprivtopub(DSApriv*);
372 DSApriv*	asn1toDSApriv(uchar*, int);
373 
374 /*
375  * TLS
376  */
377 typedef struct Thumbprint{
378 	struct Thumbprint *next;
379 	uchar	sha1[SHA1dlen];
380 } Thumbprint;
381 
382 typedef struct TLSconn{
383 	char	dir[40];	/* connection directory */
384 	uchar	*cert;	/* certificate (local on input, remote on output) */
385 	uchar	*sessionID;
386 	int	certlen;
387 	int	sessionIDlen;
388 	int	(*trace)(char*fmt, ...);
389 	PEMChain*chain;	/* optional extra certificate evidence for servers to present */
390 	char	*sessionType;
391 	uchar	*sessionKey;
392 	int	sessionKeylen;
393 	char	*sessionConst;
394 } TLSconn;
395 
396 /* tlshand.c */
397 int tlsClient(int fd, TLSconn *c);
398 int tlsServer(int fd, TLSconn *c);
399 
400 /* thumb.c */
401 Thumbprint* initThumbprints(char *ok, char *crl);
402 void	freeThumbprints(Thumbprint *ok);
403 int	okThumbprint(uchar *sha1, Thumbprint *ok);
404 
405 /* readcert.c */
406 uchar	*readcert(char *filename, int *pcertlen);
407 PEMChain*readcertchain(char *filename);
408 
409 #endif
410