vx32

Local 9vx git repository for patches.
git clone git://r-36.net/vx32
Log | Files | Refs

libsec.h (8739B)

      1 
      2 
      3 #ifndef _MPINT
      4 typedef struct mpint mpint;
      5 #endif
      6 
      7 /*
      8  * AES definitions
      9  */
     10 
     11 enum
     12 {
     13 	AESbsize=	16,
     14 	AESmaxkey=	32,
     15 	AESmaxrounds=	14
     16 };
     17 
     18 typedef struct AESstate AESstate;
     19 struct AESstate
     20 {
     21 	ulong	setup;
     22 	int	rounds;
     23 	int	keybytes;
     24 //	uint	ctrsz;
     25 	uchar	key[AESmaxkey];			/* unexpanded key */
     26 	ulong	ekey[4*(AESmaxrounds + 1)];	/* encryption key */
     27 	ulong	dkey[4*(AESmaxrounds + 1)];	/* decryption key */
     28 	uchar	ivec[AESbsize];			/* initialization vector */
     29 //	uchar	mackey[3 * AESbsize];		/* 3 XCBC mac 96 keys */
     30 };
     31 
     32 void	setupAESstate(AESstate *s, uchar key[], int keybytes, uchar *ivec);
     33 void	aesCBCencrypt(uchar *p, int len, AESstate *s);
     34 void	aesCBCdecrypt(uchar *p, int len, AESstate *s);
     35 
     36 /*
     37  * Blowfish Definitions
     38  */
     39 
     40 enum
     41 {
     42 	BFbsize	= 8,
     43 	BFrounds= 16
     44 };
     45 
     46 /* 16-round Blowfish */
     47 typedef struct BFstate BFstate;
     48 struct BFstate
     49 {
     50 	ulong	setup;
     51 
     52 	uchar	key[56];
     53 	uchar	ivec[8];
     54 
     55 	uint32 	pbox[BFrounds+2];
     56 	uint32	sbox[1024];
     57 };
     58 
     59 void	setupBFstate(BFstate *s, uchar key[], int keybytes, uchar *ivec);
     60 void	bfCBCencrypt(uchar*, int, BFstate*);
     61 void	bfCBCdecrypt(uchar*, int, BFstate*);
     62 void	bfECBencrypt(uchar*, int, BFstate*);
     63 void	bfECBdecrypt(uchar*, int, BFstate*);
     64 
     65 /*
     66  * DES definitions
     67  */
     68 
     69 enum
     70 {
     71 	DESbsize=	8
     72 };
     73 
     74 /* single des */
     75 typedef struct DESstate DESstate;
     76 struct DESstate
     77 {
     78 	ulong	setup;
     79 	uchar	key[8];		/* unexpanded key */
     80 	ulong	expanded[32];	/* expanded key */
     81 	uchar	ivec[8];	/* initialization vector */
     82 };
     83 
     84 void	setupDESstate(DESstate *s, uchar key[8], uchar *ivec);
     85 void	des_key_setup(uchar[8], ulong[32]);
     86 void	block_cipher(ulong*, uchar*, int);
     87 void	desCBCencrypt(uchar*, int, DESstate*);
     88 void	desCBCdecrypt(uchar*, int, DESstate*);
     89 void	desECBencrypt(uchar*, int, DESstate*);
     90 void	desECBdecrypt(uchar*, int, DESstate*);
     91 
     92 /* for backward compatibility with 7-byte DES key format */
     93 void	des56to64(uchar *k56, uchar *k64);
     94 void	des64to56(uchar *k64, uchar *k56);
     95 void	key_setup(uchar[7], ulong[32]);
     96 
     97 /* triple des encrypt/decrypt orderings */
     98 enum {
     99 	DES3E=		0,
    100 	DES3D=		1,
    101 	DES3EEE=	0,
    102 	DES3EDE=	2,
    103 	DES3DED=	5,
    104 	DES3DDD=	7
    105 };
    106 
    107 typedef struct DES3state DES3state;
    108 struct DES3state
    109 {
    110 	ulong	setup;
    111 	uchar	key[3][8];		/* unexpanded key */
    112 	ulong	expanded[3][32];	/* expanded key */
    113 	uchar	ivec[8];		/* initialization vector */
    114 };
    115 
    116 void	setupDES3state(DES3state *s, uchar key[3][8], uchar *ivec);
    117 void	triple_block_cipher(ulong keys[3][32], uchar*, int);
    118 void	des3CBCencrypt(uchar*, int, DES3state*);
    119 void	des3CBCdecrypt(uchar*, int, DES3state*);
    120 void	des3ECBencrypt(uchar*, int, DES3state*);
    121 void	des3ECBdecrypt(uchar*, int, DES3state*);
    122 
    123 /*
    124  * digests
    125  */
    126 
    127 enum
    128 {
    129 	SHA1dlen=	20,	/* SHA digest length */
    130 	MD4dlen=	16,	/* MD4 digest length */
    131 	MD5dlen=	16,	/* MD5 digest length */
    132 	AESdlen=	16,	/* TODO: see rfc */
    133 
    134 	Hmacblksz	= 64,	/* in bytes; from rfc2104 */
    135 };
    136 
    137 typedef struct DigestState DigestState;
    138 struct DigestState
    139 {
    140 	uvlong	len;
    141 	uint32	state[5];
    142 	uchar	buf[128];
    143 	int	blen;
    144 	char	malloced;
    145 	char	seeded;
    146 };
    147 typedef struct DigestState SHAstate;	/* obsolete name */
    148 typedef struct DigestState SHA1state;
    149 typedef struct DigestState MD5state;
    150 typedef struct DigestState MD4state;
    151 typedef struct DigestState AEShstate;
    152 
    153 DigestState*	md4(uchar*, ulong, uchar*, DigestState*);
    154 DigestState*	md5(uchar*, ulong, uchar*, DigestState*);
    155 DigestState*	sha1(uchar*, ulong, uchar*, DigestState*);
    156 DigestState*	aes(uchar*, ulong, uchar*, DigestState*);
    157 DigestState*	hmac_x(uchar *p, ulong len, uchar *key, ulong klen,
    158 			uchar *digest, DigestState *s,
    159 			DigestState*(*x)(uchar*, ulong, uchar*, DigestState*),
    160 			int xlen);
    161 DigestState*	hmac_md5(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
    162 DigestState*	hmac_sha1(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
    163 DigestState*	hmac_aes(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
    164 char*		md5pickle(MD5state*);
    165 MD5state*	md5unpickle(char*);
    166 char*		sha1pickle(SHA1state*);
    167 SHA1state*	sha1unpickle(char*);
    168 
    169 /*
    170  * random number generation
    171  */
    172 void	genrandom(uchar *buf, int nbytes);
    173 void	prng(uchar *buf, int nbytes);
    174 ulong	fastrand(void);
    175 ulong	nfastrand(ulong);
    176 
    177 /*
    178  * primes
    179  */
    180 void	genprime(mpint *p, int n, int accuracy); /* generate n-bit probable prime */
    181 void	gensafeprime(mpint *p, mpint *alpha, int n, int accuracy); /* prime & generator */
    182 void	genstrongprime(mpint *p, int n, int accuracy); /* generate n-bit strong prime */
    183 void	DSAprimes(mpint *q, mpint *p, uchar seed[SHA1dlen]);
    184 int	probably_prime(mpint *n, int nrep);	/* miller-rabin test */
    185 int	smallprimetest(mpint *p);  /* returns -1 if not prime, 0 otherwise */
    186 
    187 /*
    188  * rc4
    189  */
    190 typedef struct RC4state RC4state;
    191 struct RC4state
    192 {
    193 	 uchar	state[256];
    194 	 uchar	x;
    195 	 uchar	y;
    196 };
    197 
    198 void	setupRC4state(RC4state*, uchar*, int);
    199 void	rc4(RC4state*, uchar*, int);
    200 void	rc4skip(RC4state*, int);
    201 void	rc4back(RC4state*, int);
    202 
    203 /*
    204  * rsa
    205  */
    206 typedef struct RSApub RSApub;
    207 typedef struct RSApriv RSApriv;
    208 typedef struct PEMChain PEMChain;
    209 
    210 /* public/encryption key */
    211 struct RSApub
    212 {
    213 	mpint	*n;	/* modulus */
    214 	mpint	*ek;	/* exp (encryption key) */
    215 };
    216 
    217 /* private/decryption key */
    218 struct RSApriv
    219 {
    220 	RSApub	pub;
    221 
    222 	mpint	*dk;	/* exp (decryption key) */
    223 
    224 	/* precomputed values to help with chinese remainder theorem calc */
    225 	mpint	*p;
    226 	mpint	*q;
    227 	mpint	*kp;	/* dk mod p-1 */
    228 	mpint	*kq;	/* dk mod q-1 */
    229 	mpint	*c2;	/* (inv p) mod q */
    230 };
    231 
    232 struct PEMChain{
    233 	PEMChain*next;
    234 	uchar	*pem;
    235 	int	pemlen;
    236 };
    237 
    238 RSApriv*	rsagen(int nlen, int elen, int rounds);
    239 RSApriv*	rsafill(mpint *n, mpint *e, mpint *d, mpint *p, mpint *q);
    240 mpint*		rsaencrypt(RSApub *k, mpint *in, mpint *out);
    241 mpint*		rsadecrypt(RSApriv *k, mpint *in, mpint *out);
    242 RSApub*		rsapuballoc(void);
    243 void		rsapubfree(RSApub*);
    244 RSApriv*	rsaprivalloc(void);
    245 void		rsaprivfree(RSApriv*);
    246 RSApub*		rsaprivtopub(RSApriv*);
    247 RSApub*		X509toRSApub(uchar*, int, char*, int);
    248 RSApriv*	asn1toRSApriv(uchar*, int);
    249 void		asn1dump(uchar *der, int len);
    250 uchar*		decodePEM(char *s, char *type, int *len, char **new_s);
    251 PEMChain*	decodepemchain(char *s, char *type);
    252 uchar*		X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
    253 uchar*		X509req(RSApriv *priv, char *subj, int *certlen);
    254 char*		X509verify(uchar *cert, int ncert, RSApub *pk);
    255 void		X509dump(uchar *cert, int ncert);
    256 
    257 /*
    258  * elgamal
    259  */
    260 typedef struct EGpub EGpub;
    261 typedef struct EGpriv EGpriv;
    262 typedef struct EGsig EGsig;
    263 
    264 /* public/encryption key */
    265 struct EGpub
    266 {
    267 	mpint	*p;	/* modulus */
    268 	mpint	*alpha;	/* generator */
    269 	mpint	*key;	/* (encryption key) alpha**secret mod p */
    270 };
    271 
    272 /* private/decryption key */
    273 struct EGpriv
    274 {
    275 	EGpub	pub;
    276 	mpint	*secret;	/* (decryption key) */
    277 };
    278 
    279 /* signature */
    280 struct EGsig
    281 {
    282 	mpint	*r, *s;
    283 };
    284 
    285 EGpriv*		eggen(int nlen, int rounds);
    286 mpint*		egencrypt(EGpub *k, mpint *in, mpint *out);	/* deprecated */
    287 mpint*		egdecrypt(EGpriv *k, mpint *in, mpint *out);
    288 EGsig*		egsign(EGpriv *k, mpint *m);
    289 int		egverify(EGpub *k, EGsig *sig, mpint *m);
    290 EGpub*		egpuballoc(void);
    291 void		egpubfree(EGpub*);
    292 EGpriv*		egprivalloc(void);
    293 void		egprivfree(EGpriv*);
    294 EGsig*		egsigalloc(void);
    295 void		egsigfree(EGsig*);
    296 EGpub*		egprivtopub(EGpriv*);
    297 
    298 /*
    299  * dsa
    300  */
    301 typedef struct DSApub DSApub;
    302 typedef struct DSApriv DSApriv;
    303 typedef struct DSAsig DSAsig;
    304 
    305 /* public/encryption key */
    306 struct DSApub
    307 {
    308 	mpint	*p;	/* modulus */
    309 	mpint	*q;	/* group order, q divides p-1 */
    310 	mpint	*alpha;	/* group generator */
    311 	mpint	*key;	/* (encryption key) alpha**secret mod p */
    312 };
    313 
    314 /* private/decryption key */
    315 struct DSApriv
    316 {
    317 	DSApub	pub;
    318 	mpint	*secret;	/* (decryption key) */
    319 };
    320 
    321 /* signature */
    322 struct DSAsig
    323 {
    324 	mpint	*r, *s;
    325 };
    326 
    327 DSApriv*	dsagen(DSApub *opub);	/* opub not checked for consistency! */
    328 DSAsig*		dsasign(DSApriv *k, mpint *m);
    329 int		dsaverify(DSApub *k, DSAsig *sig, mpint *m);
    330 DSApub*		dsapuballoc(void);
    331 void		dsapubfree(DSApub*);
    332 DSApriv*	dsaprivalloc(void);
    333 void		dsaprivfree(DSApriv*);
    334 DSAsig*		dsasigalloc(void);
    335 void		dsasigfree(DSAsig*);
    336 DSApub*		dsaprivtopub(DSApriv*);
    337 DSApriv*	asn1toDSApriv(uchar*, int);
    338 
    339 /*
    340  * TLS
    341  */
    342 typedef struct Thumbprint{
    343 	struct Thumbprint *next;
    344 	uchar	sha1[SHA1dlen];
    345 } Thumbprint;
    346 
    347 typedef struct TLSconn{
    348 	char	dir[40];	/* connection directory */
    349 	uchar	*cert;	/* certificate (local on input, remote on output) */
    350 	uchar	*sessionID;
    351 	int	certlen;
    352 	int	sessionIDlen;
    353 	int	(*trace)(char*fmt, ...);
    354 	PEMChain*chain;	/* optional extra certificate evidence for servers to present */
    355 	char	*sessionType;
    356 	uchar	*sessionKey;
    357 	int	sessionKeylen;
    358 	char	*sessionConst;
    359 } TLSconn;
    360 
    361 /* tlshand.c */
    362 int tlsClient(int fd, TLSconn *c);
    363 int tlsServer(int fd, TLSconn *c);
    364 
    365 /* thumb.c */
    366 Thumbprint* initThumbprints(char *ok, char *crl);
    367 void	freeThumbprints(Thumbprint *ok);
    368 int	okThumbprint(uchar *sha1, Thumbprint *ok);
    369 
    370 /* readcert.c */
    371 uchar	*readcert(char *filename, int *pcertlen);
    372 PEMChain*readcertchain(char *filename);