xref: /plan9-contrib/sys/include/libsec.h (revision 59f1ab2eed2731678066f939e3f8a9647023435d) 
1 #pragma	lib	"libsec.a"
2 #pragma	src	"/sys/src/libsec"
3 
4 
5 #ifndef _MPINT
6 typedef struct mpint mpint;
7 #endif
8 
9 /*
10  * AES definitions
11  */
12 
13 enum
14 {
15 	AESbsize=	16,
16 	AESmaxkey=	32,
17 	AESmaxrounds=	14
18 };
19 
20 typedef struct AESstate AESstate;
21 struct AESstate
22 {
23 	ulong	setup;
24 	int	rounds;
25 	int	keybytes;
26 	uint	ctrsz;
27 	uchar	key[AESmaxkey];			/* unexpanded key */
28 	ulong	ekey[4*(AESmaxrounds + 1)];	/* encryption key */
29 	ulong	dkey[4*(AESmaxrounds + 1)];	/* decryption key */
30 	uchar	ivec[AESbsize];			/* initialization vector */
31 	uchar	mackey[3 * AESbsize];		/* 3 XCBC mac 96 keys */
32 };
33 
34 /* block ciphers */
35 void	aes_encrypt(ulong rk[], int Nr, uchar pt[16], uchar ct[16]);
36 void	aes_decrypt(ulong rk[], int Nr, uchar ct[16], uchar pt[16]);
37 
38 void	setupAESstate(AESstate *s, uchar key[], int keybytes, uchar *ivec);
39 void	aesCBCencrypt(uchar *p, int len, AESstate *s);
40 void	aesCBCdecrypt(uchar *p, int len, AESstate *s);
41 void	aesCTRdecrypt(uchar *p, int len, AESstate *s);
42 void	aesCTRencrypt(uchar *p, int len, AESstate *s);
43 
44 void	setupAESXCBCstate(AESstate *s);
45 uchar*	aesXCBCmac(uchar *p, int len, AESstate *s);
46 
47 /*
48  * Blowfish Definitions
49  */
50 
51 enum
52 {
53 	BFbsize	= 8,
54 	BFrounds= 16
55 };
56 
57 /* 16-round Blowfish */
58 typedef struct BFstate BFstate;
59 struct BFstate
60 {
61 	ulong	setup;
62 
63 	uchar	key[56];
64 	uchar	ivec[8];
65 
66 	u32int 	pbox[BFrounds+2];
67 	u32int	sbox[1024];
68 };
69 
70 void	setupBFstate(BFstate *s, uchar key[], int keybytes, uchar *ivec);
71 void	bfCBCencrypt(uchar*, int, BFstate*);
72 void	bfCBCdecrypt(uchar*, int, BFstate*);
73 void	bfECBencrypt(uchar*, int, BFstate*);
74 void	bfECBdecrypt(uchar*, int, BFstate*);
75 
76 /*
77  * Chacha definitions
78  */
79 
80 enum{
81 	ChachaBsize=	64,
82 	ChachaKeylen=	256/8,
83 	ChachaIVlen=	96/8
84 };
85 
86 typedef struct Chachastate Chachastate;
87 struct Chachastate
88 {
89 	/*
90 	 * 0-3:	a constant (sigma or tau)
91 	 * 4-11:	the key
92 	 * 12:	block counter
93 	 * 13-15:	IV
94 	 */
95 	union{
96 		u32int	input[16];
97 		struct{
98 			u32int	constant[4];
99 			u32int	key[8];
100 			u32int	counter;
101 			u32int	iv[3];
102 		};
103 	};
104 	int	rounds;
105 };
106 
107 void	setupChachastate(Chachastate*, uchar*, usize, uchar*, int);
108 void	chacha_setblock(Chachastate*, u32int);
109 void	chacha_encrypt(uchar*, usize, Chachastate*);
110 void	chacha_encrypt2(uchar*, uchar*, usize, Chachastate*);
111 
112 /*
113  * DES definitions
114  */
115 
116 enum
117 {
118 	DESbsize=	8
119 };
120 
121 /* single des */
122 typedef struct DESstate DESstate;
123 struct DESstate
124 {
125 	ulong	setup;
126 	uchar	key[8];		/* unexpanded key */
127 	ulong	expanded[32];	/* expanded key */
128 	uchar	ivec[8];	/* initialization vector */
129 };
130 
131 void	setupDESstate(DESstate *s, uchar key[8], uchar *ivec);
132 void	des_key_setup(uchar[8], ulong[32]);
133 void	block_cipher(ulong*, uchar*, int);
134 void	desCBCencrypt(uchar*, int, DESstate*);
135 void	desCBCdecrypt(uchar*, int, DESstate*);
136 void	desECBencrypt(uchar*, int, DESstate*);
137 void	desECBdecrypt(uchar*, int, DESstate*);
138 
139 /* for backward compatibility with 7-byte DES key format */
140 void	des56to64(uchar *k56, uchar *k64);
141 void	des64to56(uchar *k64, uchar *k56);
142 void	key_setup(uchar[7], ulong[32]);
143 
144 /* triple des encrypt/decrypt orderings */
145 enum {
146 	DES3E=		0,
147 	DES3D=		1,
148 	DES3EEE=	0,
149 	DES3EDE=	2,
150 	DES3DED=	5,
151 	DES3DDD=	7
152 };
153 
154 typedef struct DES3state DES3state;
155 struct DES3state
156 {
157 	ulong	setup;
158 	uchar	key[3][8];		/* unexpanded key */
159 	ulong	expanded[3][32];	/* expanded key */
160 	uchar	ivec[8];		/* initialization vector */
161 };
162 
163 void	setupDES3state(DES3state *s, uchar key[3][8], uchar *ivec);
164 void	triple_block_cipher(ulong keys[3][32], uchar*, int);
165 void	des3CBCencrypt(uchar*, int, DES3state*);
166 void	des3CBCdecrypt(uchar*, int, DES3state*);
167 void	des3ECBencrypt(uchar*, int, DES3state*);
168 void	des3ECBdecrypt(uchar*, int, DES3state*);
169 
170 /*
171  * digests
172  */
173 
174 enum
175 {
176 	SHA1dlen=	20,	/* SHA digest length */
177 	SHA2_224dlen=	28,	/* SHA-224 digest length */
178 	SHA2_256dlen=	32,	/* SHA-256 digest length */
179 	SHA2_384dlen=	48,	/* SHA-384 digest length */
180 	SHA2_512dlen=	64,	/* SHA-512 digest length */
181 	MD4dlen=	16,	/* MD4 digest length */
182 	MD5dlen=	16,	/* MD5 digest length */
183 	AESdlen=	16,	/* TODO: see rfc */
184 
185 	Hmacblksz	= 64,	/* in bytes; from rfc2104 */
186 };
187 
188 typedef struct DigestState DigestState;
189 struct DigestState
190 {
191 	uvlong	len;
192 	union {
193 		u32int	state[8];
194 		u64int	bstate[8];
195 	};
196 	uchar	buf[256];
197 	int	blen;
198 	char	malloced;
199 	char	seeded;
200 };
201 typedef struct DigestState SHAstate;	/* obsolete name */
202 typedef struct DigestState SHA1state;
203 typedef struct DigestState SHA2_224state;
204 typedef struct DigestState SHA2_256state;
205 typedef struct DigestState SHA2_384state;
206 typedef struct DigestState SHA2_512state;
207 typedef struct DigestState MD5state;
208 typedef struct DigestState MD4state;
209 typedef struct DigestState AEShstate;
210 
211 DigestState*	md4(uchar*, ulong, uchar*, DigestState*);
212 DigestState*	md5(uchar*, ulong, uchar*, DigestState*);
213 DigestState*	sha1(uchar*, ulong, uchar*, DigestState*);
214 DigestState*	sha2_224(uchar*, ulong, uchar*, DigestState*);
215 DigestState*	sha2_256(uchar*, ulong, uchar*, DigestState*);
216 DigestState*	sha2_384(uchar*, ulong, uchar*, DigestState*);
217 DigestState*	sha2_512(uchar*, ulong, uchar*, DigestState*);
218 DigestState*	aes(uchar*, ulong, uchar*, DigestState*);
219 DigestState*	hmac_x(uchar *p, ulong len, uchar *key, ulong klen,
220 			uchar *digest, DigestState *s,
221 			DigestState*(*x)(uchar*, ulong, uchar*, DigestState*),
222 			int xlen);
223 DigestState*	hmac_md5(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
224 DigestState*	hmac_sha1(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
225 DigestState*	hmac_sha2_224(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
226 DigestState*	hmac_sha2_256(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
227 DigestState*	hmac_sha2_384(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
228 DigestState*	hmac_sha2_512(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
229 DigestState*	hmac_aes(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
230 char*		md5pickle(MD5state*);
231 MD5state*	md5unpickle(char*);
232 char*		sha1pickle(SHA1state*);
233 SHA1state*	sha1unpickle(char*);
234 
235 /*
236  * random number generation
237  */
238 void	genrandom(uchar *buf, int nbytes);
239 void	prng(uchar *buf, int nbytes);
240 ulong	fastrand(void);
241 ulong	nfastrand(ulong);
242 
243 /*
244  * primes
245  */
246 void	genprime(mpint *p, int n, int accuracy); /* generate n-bit probable prime */
247 void	gensafeprime(mpint *p, mpint *alpha, int n, int accuracy); /* prime & generator */
248 void	genstrongprime(mpint *p, int n, int accuracy); /* generate n-bit strong prime */
249 void	DSAprimes(mpint *q, mpint *p, uchar seed[SHA1dlen]);
250 int	probably_prime(mpint *n, int nrep);	/* miller-rabin test */
251 int	smallprimetest(mpint *p);  /* returns -1 if not prime, 0 otherwise */
252 
253 /*
254  * rc4
255  */
256 typedef struct RC4state RC4state;
257 struct RC4state
258 {
259 	 uchar	state[256];
260 	 uchar	x;
261 	 uchar	y;
262 };
263 
264 void	setupRC4state(RC4state*, uchar*, int);
265 void	rc4(RC4state*, uchar*, int);
266 void	rc4skip(RC4state*, int);
267 void	rc4back(RC4state*, int);
268 
269 /*
270  * rsa
271  */
272 typedef struct RSApub RSApub;
273 typedef struct RSApriv RSApriv;
274 typedef struct PEMChain PEMChain;
275 
276 /* public/encryption key */
277 struct RSApub
278 {
279 	mpint	*n;	/* modulus */
280 	mpint	*ek;	/* exp (encryption key) */
281 };
282 
283 /* private/decryption key */
284 struct RSApriv
285 {
286 	RSApub	pub;
287 
288 	mpint	*dk;	/* exp (decryption key) */
289 
290 	/* precomputed values to help with chinese remainder theorem calc */
291 	mpint	*p;
292 	mpint	*q;
293 	mpint	*kp;	/* dk mod p-1 */
294 	mpint	*kq;	/* dk mod q-1 */
295 	mpint	*c2;	/* (inv p) mod q */
296 };
297 
298 struct PEMChain{
299 	PEMChain*next;
300 	uchar	*pem;
301 	int	pemlen;
302 };
303 
304 RSApriv*	rsagen(int nlen, int elen, int rounds);
305 RSApriv*	rsafill(mpint *n, mpint *e, mpint *d, mpint *p, mpint *q);
306 mpint*		rsaencrypt(RSApub *k, mpint *in, mpint *out);
307 mpint*		rsadecrypt(RSApriv *k, mpint *in, mpint *out);
308 RSApub*		rsapuballoc(void);
309 void		rsapubfree(RSApub*);
310 RSApriv*	rsaprivalloc(void);
311 void		rsaprivfree(RSApriv*);
312 RSApub*		rsaprivtopub(RSApriv*);
313 RSApub*		X509toRSApub(uchar*, int, char*, int);
314 uchar*		RSApubtoasn1(RSApub*, int*);
315 RSApub*		asn1toRSApub(uchar*, int);
316 RSApriv*	asn1toRSApriv(uchar*, int);
317 void		asn1dump(uchar *der, int len);
318 uchar*		decodePEM(char *s, char *type, int *len, char **new_s);
319 PEMChain*	decodepemchain(char *s, char *type);
320 uchar*		X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
321 uchar*		X509req(RSApriv *priv, char *subj, int *certlen);
322 char*		X509verify(uchar *cert, int ncert, RSApub *pk);
323 void		X509dump(uchar *cert, int ncert);
324 
325 /*
326  * elgamal
327  */
328 typedef struct EGpub EGpub;
329 typedef struct EGpriv EGpriv;
330 typedef struct EGsig EGsig;
331 
332 /* public/encryption key */
333 struct EGpub
334 {
335 	mpint	*p;	/* modulus */
336 	mpint	*alpha;	/* generator */
337 	mpint	*key;	/* (encryption key) alpha**secret mod p */
338 };
339 
340 /* private/decryption key */
341 struct EGpriv
342 {
343 	EGpub	pub;
344 	mpint	*secret;	/* (decryption key) */
345 };
346 
347 /* signature */
348 struct EGsig
349 {
350 	mpint	*r, *s;
351 };
352 
353 EGpriv*		eggen(int nlen, int rounds);
354 mpint*		egencrypt(EGpub *k, mpint *in, mpint *out);	/* deprecated */
355 mpint*		egdecrypt(EGpriv *k, mpint *in, mpint *out);
356 EGsig*		egsign(EGpriv *k, mpint *m);
357 int		egverify(EGpub *k, EGsig *sig, mpint *m);
358 EGpub*		egpuballoc(void);
359 void		egpubfree(EGpub*);
360 EGpriv*		egprivalloc(void);
361 void		egprivfree(EGpriv*);
362 EGsig*		egsigalloc(void);
363 void		egsigfree(EGsig*);
364 EGpub*		egprivtopub(EGpriv*);
365 
366 /*
367  * dsa
368  */
369 typedef struct DSApub DSApub;
370 typedef struct DSApriv DSApriv;
371 typedef struct DSAsig DSAsig;
372 
373 /* public/encryption key */
374 struct DSApub
375 {
376 	mpint	*p;	/* modulus */
377 	mpint	*q;	/* group order, q divides p-1 */
378 	mpint	*alpha;	/* group generator */
379 	mpint	*key;	/* (encryption key) alpha**secret mod p */
380 };
381 
382 /* private/decryption key */
383 struct DSApriv
384 {
385 	DSApub	pub;
386 	mpint	*secret;	/* (decryption key) */
387 };
388 
389 /* signature */
390 struct DSAsig
391 {
392 	mpint	*r, *s;
393 };
394 
395 DSApriv*	dsagen(DSApub *opub);	/* opub not checked for consistency! */
396 DSAsig*		dsasign(DSApriv *k, mpint *m);
397 int		dsaverify(DSApub *k, DSAsig *sig, mpint *m);
398 DSApub*		dsapuballoc(void);
399 void		dsapubfree(DSApub*);
400 DSApriv*	dsaprivalloc(void);
401 void		dsaprivfree(DSApriv*);
402 DSAsig*		dsasigalloc(void);
403 void		dsasigfree(DSAsig*);
404 DSApub*		dsaprivtopub(DSApriv*);
405 DSApriv*	asn1toDSApriv(uchar*, int);
406 
407 /*
408  * TLS
409  */
410 typedef struct Thumbprint{
411 	struct Thumbprint *next;
412 	uchar	sha1[SHA1dlen];
413 } Thumbprint;
414 
415 typedef struct TLSconn{
416 	char	dir[40];	/* connection directory */
417 	uchar	*cert;	/* certificate (local on input, remote on output) */
418 	uchar	*sessionID;
419 	int	certlen;
420 	int	sessionIDlen;
421 	int	(*trace)(char*fmt, ...);
422 	PEMChain*chain;	/* optional extra certificate evidence for servers to present */
423 	char	*sessionType;
424 	uchar	*sessionKey;
425 	int	sessionKeylen;
426 	char	*sessionConst;
427 } TLSconn;
428 
429 /* tlshand.c */
430 int tlsClient(int fd, TLSconn *c);
431 int tlsServer(int fd, TLSconn *c);
432 
433 /* thumb.c */
434 Thumbprint* initThumbprints(char *ok, char *crl);
435 void	freeThumbprints(Thumbprint *ok);
436 int	okThumbprint(uchar *sha1, Thumbprint *ok);
437 
438 /* readcert.c */
439 uchar	*readcert(char *filename, int *pcertlen);
440 PEMChain*readcertchain(char *filename);
441 
442 /* password-based key derivation function 2 (rfc2898) */
443 void pbkdf2_x(uchar *p, ulong plen, uchar *s, ulong slen, ulong rounds, uchar *d, ulong dlen,
444 	DigestState* (*x)(uchar*, ulong, uchar*, ulong, uchar*, DigestState*), int xlen);
445