1 #pragma src "/usr/inferno/libsec" 2 3 #ifndef _MPINT 4 typedef struct mpint mpint; 5 #endif 6 7 /*/////////////////////////////////////////////////////// */ 8 /* AES definitions */ 9 /*/////////////////////////////////////////////////////// */ 10 11 enum 12 { 13 AESbsize= 16, 14 AESmaxkey= 32, 15 AESmaxrounds= 14 16 }; 17 18 typedef struct AESstate AESstate; 19 struct AESstate 20 { 21 ulong setup; 22 int rounds; 23 int keybytes; 24 uchar key[AESmaxkey]; /* unexpanded key */ 25 u32int ekey[4*(AESmaxrounds + 1)]; /* encryption key */ 26 u32int dkey[4*(AESmaxrounds + 1)]; /* decryption key */ 27 uchar ivec[AESbsize]; /* initialization vector */ 28 }; 29 30 void setupAESstate(AESstate *s, uchar key[], int keybytes, uchar *ivec); 31 void aesCBCencrypt(uchar *p, int len, AESstate *s); 32 void aesCBCdecrypt(uchar *p, int len, AESstate *s); 33 34 /*/////////////////////////////////////////////////////// */ 35 /* Blowfish Definitions */ 36 /*/////////////////////////////////////////////////////// */ 37 38 enum 39 { 40 BFbsize = 8, 41 BFrounds = 16 42 }; 43 44 /* 16-round Blowfish */ 45 typedef struct BFstate BFstate; 46 struct BFstate 47 { 48 ulong setup; 49 50 uchar key[56]; 51 uchar ivec[8]; 52 53 u32int pbox[BFrounds+2]; 54 u32int sbox[1024]; 55 }; 56 57 void setupBFstate(BFstate *s, uchar key[], int keybytes, uchar *ivec); 58 void bfCBCencrypt(uchar*, int, BFstate*); 59 void bfCBCdecrypt(uchar*, int, BFstate*); 60 void bfECBencrypt(uchar*, int, BFstate*); 61 void bfECBdecrypt(uchar*, int, BFstate*); 62 63 /*/////////////////////////////////////////////////////// */ 64 /* DES definitions */ 65 /*/////////////////////////////////////////////////////// */ 66 67 enum 68 { 69 DESbsize= 8 70 }; 71 72 /* single des */ 73 typedef struct DESstate DESstate; 74 struct DESstate 75 { 76 ulong setup; 77 uchar key[8]; /* unexpanded key */ 78 ulong expanded[32]; /* expanded key */ 79 uchar ivec[8]; /* initialization vector */ 80 }; 81 82 void setupDESstate(DESstate *s, uchar key[8], uchar *ivec); 83 void des_key_setup(uchar[8], ulong[32]); 84 void block_cipher(ulong*, uchar*, int); 85 void desCBCencrypt(uchar*, int, DESstate*); 86 void desCBCdecrypt(uchar*, int, DESstate*); 87 void desECBencrypt(uchar*, int, DESstate*); 88 void desECBdecrypt(uchar*, int, DESstate*); 89 90 /* for backward compatibility with 7 byte DES key format */ 91 void des56to64(uchar *k56, uchar *k64); 92 void des64to56(uchar *k64, uchar *k56); 93 void key_setup(uchar[7], ulong[32]); 94 95 /* triple des encrypt/decrypt orderings */ 96 enum { 97 DES3E= 0, 98 DES3D= 1, 99 DES3EEE= 0, 100 DES3EDE= 2, 101 DES3DED= 5, 102 DES3DDD= 7 103 }; 104 105 typedef struct DES3state DES3state; 106 struct DES3state 107 { 108 ulong setup; 109 uchar key[3][8]; /* unexpanded key */ 110 ulong expanded[3][32]; /* expanded key */ 111 uchar ivec[8]; /* initialization vector */ 112 }; 113 114 void setupDES3state(DES3state *s, uchar key[3][8], uchar *ivec); 115 void triple_block_cipher(ulong keys[3][32], uchar*, int); 116 void des3CBCencrypt(uchar*, int, DES3state*); 117 void des3CBCdecrypt(uchar*, int, DES3state*); 118 void des3ECBencrypt(uchar*, int, DES3state*); 119 void des3ECBdecrypt(uchar*, int, DES3state*); 120 121 /* IDEA */ 122 typedef struct IDEAstate IDEAstate; 123 struct IDEAstate 124 { 125 uchar key[16]; 126 ushort edkey[104]; 127 uchar ivec[8]; 128 }; 129 130 void setupIDEAstate(IDEAstate*, uchar*, uchar*); 131 void idea_key_setup(uchar*, ushort*); 132 void idea_cipher(ushort*, uchar*, int); 133 134 135 /*/////////////////////////////////////////////////////// */ 136 /* digests */ 137 /*/////////////////////////////////////////////////////// */ 138 139 enum 140 { 141 /* digest lengths */ 142 SHA1dlen= 20, 143 MD4dlen= 16, 144 MD5dlen= 16, 145 146 SHA224dlen= 28, 147 SHA256dlen= 32, 148 149 SHA384dlen= 48, 150 SHA512dlen= 64, 151 152 /* block sizes */ 153 SHA256bsize= 64, 154 SHA512bsize= 128, 155 Digestbsize= 128, /* maximum */ 156 }; 157 158 typedef struct DigestState DigestState; 159 struct DigestState 160 { 161 u64int len; 162 u32int state[5]; 163 uchar buf[Digestbsize]; 164 int blen; 165 u64int nb128[2]; 166 u64int h64[8]; 167 u32int h32[8]; 168 char malloced; 169 char seeded; 170 }; 171 typedef struct DigestState SHAstate; /* obsolete name */ 172 typedef struct DigestState SHA1state; 173 typedef struct DigestState MD5state; 174 typedef struct DigestState MD4state; 175 typedef struct DigestState SHA256state; 176 typedef struct DigestState SHA512state; 177 178 DigestState* md4(uchar*, ulong, uchar*, DigestState*); 179 DigestState* md5(uchar*, ulong, uchar*, DigestState*); 180 DigestState* sha1(uchar*, ulong, uchar*, DigestState*); 181 DigestState* sha224(uchar*, ulong, uchar*, DigestState*); 182 DigestState* sha256(uchar*, ulong, uchar*, DigestState*); 183 DigestState* sha384(uchar*, ulong, uchar*, DigestState*); 184 DigestState* sha512(uchar*, ulong, uchar*, DigestState*); 185 DigestState* hmac_md5(uchar*, ulong, uchar*, ulong, uchar*, DigestState*); 186 DigestState* hmac_sha1(uchar*, ulong, uchar*, ulong, uchar*, DigestState*); 187 char* md5pickle(MD5state*); 188 MD5state* md5unpickle(char*); 189 char* sha1pickle(SHA1state*); 190 SHA1state* sha1unpickle(char*); 191 192 /*/////////////////////////////////////////////////////// */ 193 /* random number generation */ 194 /*/////////////////////////////////////////////////////// */ 195 void genrandom(uchar *buf, int nbytes); 196 void _genrandomqlock(void); 197 void _genrandomqunlock(void); 198 void prng(uchar *buf, int nbytes); 199 ulong fastrand(void); 200 ulong nfastrand(ulong); 201 202 /*/////////////////////////////////////////////////////// */ 203 /* primes */ 204 /*/////////////////////////////////////////////////////// */ 205 void genprime(mpint *p, int n, int accuracy); /* generate an n bit probable prime */ 206 void gensafeprime(mpint *p, mpint *alpha, int n, int accuracy); /* prime and generator */ 207 void genstrongprime(mpint *p, int n, int accuracy); /* generate an n bit strong prime */ 208 void DSAprimes(mpint *q, mpint *p, uchar seed[SHA1dlen]); 209 int probably_prime(mpint *n, int nrep); /* miller-rabin test */ 210 int smallprimetest(mpint *p); /* returns -1 if not prime, 0 otherwise */ 211 212 /*/////////////////////////////////////////////////////// */ 213 /* rc4 */ 214 /*/////////////////////////////////////////////////////// */ 215 typedef struct RC4state RC4state; 216 struct RC4state 217 { 218 uchar state[256]; 219 uchar x; 220 uchar y; 221 }; 222 223 void setupRC4state(RC4state*, uchar*, int); 224 void rc4(RC4state*, uchar*, int); 225 void rc4skip(RC4state*, int); 226 void rc4back(RC4state*, int); 227 228 /*/////////////////////////////////////////////////////// */ 229 /* rsa */ 230 /*/////////////////////////////////////////////////////// */ 231 typedef struct RSApub RSApub; 232 typedef struct RSApriv RSApriv; 233 typedef struct PEMChain PEMChain; 234 235 /* public/encryption key */ 236 struct RSApub 237 { 238 mpint *n; /* modulus */ 239 mpint *ek; /* exp (encryption key) */ 240 }; 241 242 /* private/decryption key */ 243 struct RSApriv 244 { 245 RSApub pub; 246 247 mpint *dk; /* exp (decryption key) */ 248 249 /* precomputed values to help with chinese remainder theorem calc */ 250 mpint *p; 251 mpint *q; 252 mpint *kp; /* dk mod p-1 */ 253 mpint *kq; /* dk mod q-1 */ 254 mpint *c2; /* (inv p) mod q */ 255 }; 256 257 struct PEMChain{ 258 PEMChain *next; 259 uchar *pem; 260 int pemlen; 261 }; 262 263 RSApriv* rsagen(int nlen, int elen, int rounds); 264 RSApriv* rsafill(mpint *n, mpint *e, mpint *d, mpint *p, mpint *q); 265 mpint* rsaencrypt(RSApub *k, mpint *in, mpint *out); 266 mpint* rsadecrypt(RSApriv *k, mpint *in, mpint *out); 267 RSApub* rsapuballoc(void); 268 void rsapubfree(RSApub*); 269 RSApriv* rsaprivalloc(void); 270 void rsaprivfree(RSApriv*); 271 RSApub* rsaprivtopub(RSApriv*); 272 RSApub* X509toRSApub(uchar*, int, char*, int); 273 RSApriv* asn1toRSApriv(uchar*, int); 274 void asn1dump(uchar *der, int len); 275 uchar* decodePEM(char *s, char *type, int *len, char **new_s); 276 PEMChain* decodepemchain(char *s, char *type); 277 uchar* X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen); 278 uchar* X509req(RSApriv *priv, char *subj, int *certlen); 279 char* X509verify(uchar *cert, int ncert, RSApub *pk); 280 void X509dump(uchar *cert, int ncert); 281 282 /*/////////////////////////////////////////////////////// */ 283 /* elgamal */ 284 /*/////////////////////////////////////////////////////// */ 285 typedef struct EGpub EGpub; 286 typedef struct EGpriv EGpriv; 287 typedef struct EGsig EGsig; 288 289 /* public/encryption key */ 290 struct EGpub 291 { 292 mpint *p; /* modulus */ 293 mpint *alpha; /* generator */ 294 mpint *key; /* (encryption key) alpha**secret mod p */ 295 }; 296 297 /* private/decryption key */ 298 struct EGpriv 299 { 300 EGpub pub; 301 mpint *secret; /* (decryption key) */ 302 }; 303 304 /* signature */ 305 struct EGsig 306 { 307 mpint *r, *s; 308 }; 309 310 EGpriv* eggen(int nlen, int rounds); 311 mpint* egencrypt(EGpub *k, mpint *in, mpint *out); /* deprecated */ 312 mpint* egdecrypt(EGpriv *k, mpint *in, mpint *out); 313 EGsig* egsign(EGpriv *k, mpint *m); 314 int egverify(EGpub *k, EGsig *sig, mpint *m); 315 EGpub* egpuballoc(void); 316 void egpubfree(EGpub*); 317 EGpriv* egprivalloc(void); 318 void egprivfree(EGpriv*); 319 EGsig* egsigalloc(void); 320 void egsigfree(EGsig*); 321 EGpub* egprivtopub(EGpriv*); 322 323 /*/////////////////////////////////////////////////////// */ 324 /* dsa */ 325 /*/////////////////////////////////////////////////////// */ 326 typedef struct DSApub DSApub; 327 typedef struct DSApriv DSApriv; 328 typedef struct DSAsig DSAsig; 329 330 /* public/encryption key */ 331 struct DSApub 332 { 333 mpint *p; /* modulus */ 334 mpint *q; /* group order, q divides p-1 */ 335 mpint *alpha; /* group generator */ 336 mpint *key; /* (encryption key) alpha**secret mod p */ 337 }; 338 339 /* private/decryption key */ 340 struct DSApriv 341 { 342 DSApub pub; 343 mpint *secret; /* (decryption key) */ 344 }; 345 346 /* signature */ 347 struct DSAsig 348 { 349 mpint *r, *s; 350 }; 351 352 DSApriv* dsagen(DSApub *opub); /* opub not checked for consistency! */ 353 DSAsig* dsasign(DSApriv *k, mpint *m); 354 int dsaverify(DSApub *k, DSAsig *sig, mpint *m); 355 DSApub* dsapuballoc(void); 356 void dsapubfree(DSApub*); 357 DSApriv* dsaprivalloc(void); 358 void dsaprivfree(DSApriv*); 359 DSAsig* dsasigalloc(void); 360 void dsasigfree(DSAsig*); 361 DSApub* dsaprivtopub(DSApriv*); 362 363 /*/////////////////////////////////////////////////////// */ 364 /* TLS */ 365 /*/////////////////////////////////////////////////////// */ 366 typedef struct Thumbprint{ 367 struct Thumbprint *next; 368 uchar sha1[SHA1dlen]; 369 } Thumbprint; 370 371 typedef struct TLSconn{ 372 char dir[40]; /* connection directory */ 373 uchar *cert; /* certificate (local on input, remote on output) */ 374 uchar *sessionID; 375 int certlen, sessionIDlen; 376 int (*trace)(char*fmt, ...); 377 PEMChain *chain; /* optional extra certificate evidence for servers to present */ 378 } TLSconn; 379 380 /* tlshand.c */ 381 int tlsClient(int fd, TLSconn *c); 382 int tlsServer(int fd, TLSconn *c); 383 384 /* thumb.c */ 385 Thumbprint* initThumbprints(char *ok, char *crl); 386 void freeThumbprints(Thumbprint *ok); 387 int okThumbprint(uchar *sha1, Thumbprint *ok); 388 389 /* readcert.c */ 390 uchar *readcert(char *filename, int *pcertlen); 391 PEMChain *readcertchain(char *filename); 392