x20090325-1615

1 files changed, 370 insertions, 0 deletions

diff --git a/include/libsec.h b/include/libsec.h
new file mode 100644
index 00000000..99f4b786
--- /dev/null
+++ b/include/libsec.h
@@ -0,0 +1,370 @@
+#pragma	src	"/usr/inferno/libsec"
+
+#ifndef _MPINT
+typedef struct mpint mpint;
+#endif
+
+/*/////////////////////////////////////////////////////// */
+/* AES definitions */
+/*/////////////////////////////////////////////////////// */
+
+enum
+{
+	AESbsize=	16,
+	AESmaxkey=	32,
+	AESmaxrounds=	14
+};
+
+typedef struct AESstate AESstate;
+struct AESstate
+{
+	ulong	setup;
+	int	rounds;
+	int	keybytes;
+	uchar	key[AESmaxkey];		/* unexpanded key */
+	u32int	ekey[4*(AESmaxrounds + 1)];	/* encryption key */
+	u32int	dkey[4*(AESmaxrounds + 1)];	/* decryption key */
+	uchar	ivec[AESbsize];	/* initialization vector */
+};
+
+void	setupAESstate(AESstate *s, uchar key[], int keybytes, uchar *ivec);
+void	aesCBCencrypt(uchar *p, int len, AESstate *s);
+void	aesCBCdecrypt(uchar *p, int len, AESstate *s);
+
+/*/////////////////////////////////////////////////////// */
+/* Blowfish Definitions */
+/*/////////////////////////////////////////////////////// */
+
+enum
+{
+	BFbsize	= 8,
+	BFrounds	= 16
+};
+
+/* 16-round Blowfish */
+typedef struct BFstate BFstate;
+struct BFstate
+{
+	ulong	setup;
+
+	uchar	key[56];
+	uchar	ivec[8];
+
+	u32int 	pbox[BFrounds+2];
+	u32int	sbox[1024];
+};
+
+void	setupBFstate(BFstate *s, uchar key[], int keybytes, uchar *ivec);
+void	bfCBCencrypt(uchar*, int, BFstate*);
+void	bfCBCdecrypt(uchar*, int, BFstate*);
+void	bfECBencrypt(uchar*, int, BFstate*);
+void	bfECBdecrypt(uchar*, int, BFstate*);
+
+/*/////////////////////////////////////////////////////// */
+/* DES definitions */
+/*/////////////////////////////////////////////////////// */
+
+enum
+{
+	DESbsize=	8
+};
+
+/* single des */
+typedef struct DESstate DESstate;
+struct DESstate
+{
+	ulong	setup;
+	uchar	key[8];		/* unexpanded key */
+	ulong	expanded[32];	/* expanded key */
+	uchar	ivec[8];	/* initialization vector */
+};
+
+void	setupDESstate(DESstate *s, uchar key[8], uchar *ivec);
+void	des_key_setup(uchar[8], ulong[32]);
+void	block_cipher(ulong*, uchar*, int);
+void	desCBCencrypt(uchar*, int, DESstate*);
+void	desCBCdecrypt(uchar*, int, DESstate*);
+void	desECBencrypt(uchar*, int, DESstate*);
+void	desECBdecrypt(uchar*, int, DESstate*);
+
+/* for backward compatibility with 7 byte DES key format */
+void	des56to64(uchar *k56, uchar *k64);
+void	des64to56(uchar *k64, uchar *k56);
+void	key_setup(uchar[7], ulong[32]);
+
+/* triple des encrypt/decrypt orderings */
+enum {
+	DES3E=		0,
+	DES3D=		1,
+	DES3EEE=	0,
+	DES3EDE=	2,
+	DES3DED=	5,
+	DES3DDD=	7
+};
+
+typedef struct DES3state DES3state;
+struct DES3state
+{
+	ulong	setup;
+	uchar	key[3][8];		/* unexpanded key */
+	ulong	expanded[3][32];	/* expanded key */
+	uchar	ivec[8];		/* initialization vector */
+};
+
+void	setupDES3state(DES3state *s, uchar key[3][8], uchar *ivec);
+void	triple_block_cipher(ulong keys[3][32], uchar*, int);
+void	des3CBCencrypt(uchar*, int, DES3state*);
+void	des3CBCdecrypt(uchar*, int, DES3state*);
+void	des3ECBencrypt(uchar*, int, DES3state*);
+void	des3ECBdecrypt(uchar*, int, DES3state*);
+
+/* IDEA */
+typedef struct IDEAstate IDEAstate;
+struct IDEAstate
+{
+	uchar	key[16];
+	ushort	edkey[104];
+	uchar	ivec[8];
+};
+
+void	setupIDEAstate(IDEAstate*, uchar*, uchar*);
+void	idea_key_setup(uchar*, ushort*);
+void	idea_cipher(ushort*, uchar*, int);
+
+
+/*/////////////////////////////////////////////////////// */
+/* digests */
+/*/////////////////////////////////////////////////////// */
+
+enum
+{
+	SHA1dlen=	20,	/* SHA digest length */
+	MD4dlen=	16,	/* MD4 digest length */
+	MD5dlen=	16	/* MD5 digest length */
+};
+
+typedef struct DigestState DigestState;
+struct DigestState
+{
+	uvlong len;
+	u32int state[5];
+	uchar buf[128];
+	int blen;
+	char malloced;
+	char seeded;
+};
+typedef struct DigestState SHAstate;	/* obsolete name */
+typedef struct DigestState SHA1state;
+typedef struct DigestState MD5state;
+typedef struct DigestState MD4state;
+
+DigestState* md4(uchar*, ulong, uchar*, DigestState*);
+DigestState* md5(uchar*, ulong, uchar*, DigestState*);
+DigestState* sha1(uchar*, ulong, uchar*, DigestState*);
+DigestState* hmac_md5(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
+DigestState* hmac_sha1(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
+char* md5pickle(MD5state*);
+MD5state* md5unpickle(char*);
+char* sha1pickle(SHA1state*);
+SHA1state* sha1unpickle(char*);
+
+/*/////////////////////////////////////////////////////// */
+/* random number generation */
+/*/////////////////////////////////////////////////////// */
+void	genrandom(uchar *buf, int nbytes);
+void	_genrandomqlock(void);
+void	_genrandomqunlock(void);
+void	prng(uchar *buf, int nbytes);
+ulong	fastrand(void);
+ulong	nfastrand(ulong);
+
+/*/////////////////////////////////////////////////////// */
+/* primes */
+/*/////////////////////////////////////////////////////// */
+void	genprime(mpint *p, int n, int accuracy); /* generate an n bit probable prime */
+void	gensafeprime(mpint *p, mpint *alpha, int n, int accuracy);	/* prime and generator */
+void	genstrongprime(mpint *p, int n, int accuracy);	/* generate an n bit strong prime */
+void	DSAprimes(mpint *q, mpint *p, uchar seed[SHA1dlen]);
+int	probably_prime(mpint *n, int nrep);	/* miller-rabin test */
+int	smallprimetest(mpint *p);		/* returns -1 if not prime, 0 otherwise */
+
+/*/////////////////////////////////////////////////////// */
+/* rc4 */
+/*/////////////////////////////////////////////////////// */
+typedef struct RC4state RC4state;
+struct RC4state
+{
+	 uchar state[256];
+	 uchar x;
+	 uchar y;
+};
+
+void	setupRC4state(RC4state*, uchar*, int);
+void	rc4(RC4state*, uchar*, int);
+void	rc4skip(RC4state*, int);
+void	rc4back(RC4state*, int);
+
+/*/////////////////////////////////////////////////////// */
+/* rsa */
+/*/////////////////////////////////////////////////////// */
+typedef struct RSApub RSApub;
+typedef struct RSApriv RSApriv;
+typedef struct PEMChain PEMChain;
+
+/* public/encryption key */
+struct RSApub
+{
+	mpint	*n;	/* modulus */
+	mpint	*ek;	/* exp (encryption key) */
+};
+
+/* private/decryption key */
+struct RSApriv
+{
+	RSApub	pub;
+
+	mpint	*dk;	/* exp (decryption key) */
+
+	/* precomputed values to help with chinese remainder theorem calc */
+	mpint	*p;
+	mpint	*q;
+	mpint	*kp;	/* dk mod p-1 */
+	mpint	*kq;	/* dk mod q-1 */
+	mpint	*c2;	/* (inv p) mod q */
+};
+
+struct PEMChain{
+	PEMChain *next;
+	uchar *pem;
+	int pemlen;
+};
+
+RSApriv*	rsagen(int nlen, int elen, int rounds);
+RSApriv*	rsafill(mpint *n, mpint *e, mpint *d, mpint *p, mpint *q);
+mpint*		rsaencrypt(RSApub *k, mpint *in, mpint *out);
+mpint*		rsadecrypt(RSApriv *k, mpint *in, mpint *out);
+RSApub*		rsapuballoc(void);
+void		rsapubfree(RSApub*);
+RSApriv*	rsaprivalloc(void);
+void		rsaprivfree(RSApriv*);
+RSApub*		rsaprivtopub(RSApriv*);
+RSApub*		X509toRSApub(uchar*, int, char*, int);
+RSApriv*	asn1toRSApriv(uchar*, int);
+void		asn1dump(uchar *der, int len);
+uchar*		decodePEM(char *s, char *type, int *len, char **new_s);
+PEMChain*	decodepemchain(char *s, char *type);
+uchar*		X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
+uchar*		X509req(RSApriv *priv, char *subj, int *certlen);
+char*		X509verify(uchar *cert, int ncert, RSApub *pk);
+void		X509dump(uchar *cert, int ncert);
+
+/*/////////////////////////////////////////////////////// */
+/* elgamal */
+/*/////////////////////////////////////////////////////// */
+typedef struct EGpub EGpub;
+typedef struct EGpriv EGpriv;
+typedef struct EGsig EGsig;
+
+/* public/encryption key */
+struct EGpub
+{
+	mpint	*p;	/* modulus */
+	mpint	*alpha;	/* generator */
+	mpint	*key;	/* (encryption key) alpha**secret mod p */
+};
+
+/* private/decryption key */
+struct EGpriv
+{
+	EGpub	pub;
+	mpint	*secret; /* (decryption key) */
+};
+
+/* signature */
+struct EGsig
+{
+	mpint	*r, *s;
+};
+
+EGpriv*		eggen(int nlen, int rounds);
+mpint*		egencrypt(EGpub *k, mpint *in, mpint *out);	/* deprecated */
+mpint*		egdecrypt(EGpriv *k, mpint *in, mpint *out);
+EGsig*		egsign(EGpriv *k, mpint *m);
+int		egverify(EGpub *k, EGsig *sig, mpint *m);
+EGpub*		egpuballoc(void);
+void		egpubfree(EGpub*);
+EGpriv*		egprivalloc(void);
+void		egprivfree(EGpriv*);
+EGsig*		egsigalloc(void);
+void		egsigfree(EGsig*);
+EGpub*		egprivtopub(EGpriv*);
+
+/*/////////////////////////////////////////////////////// */
+/* dsa */
+/*/////////////////////////////////////////////////////// */
+typedef struct DSApub DSApub;
+typedef struct DSApriv DSApriv;
+typedef struct DSAsig DSAsig;
+
+/* public/encryption key */
+struct DSApub
+{
+	mpint	*p;	/* modulus */
+	mpint	*q;	/* group order, q divides p-1 */
+	mpint	*alpha;	/* group generator */
+	mpint	*key;	/* (encryption key) alpha**secret mod p */
+};
+
+/* private/decryption key */
+struct DSApriv
+{
+	DSApub	pub;
+	mpint	*secret; /* (decryption key) */
+};
+
+/* signature */
+struct DSAsig
+{
+	mpint	*r, *s;
+};
+
+DSApriv*	dsagen(DSApub *opub);	/* opub not checked for consistency! */
+DSAsig*		dsasign(DSApriv *k, mpint *m);
+int		dsaverify(DSApub *k, DSAsig *sig, mpint *m);
+DSApub*		dsapuballoc(void);
+void		dsapubfree(DSApub*);
+DSApriv*	dsaprivalloc(void);
+void		dsaprivfree(DSApriv*);
+DSAsig*		dsasigalloc(void);
+void		dsasigfree(DSAsig*);
+DSApub*		dsaprivtopub(DSApriv*);
+
+/*/////////////////////////////////////////////////////// */
+/* TLS */
+/*/////////////////////////////////////////////////////// */
+typedef struct Thumbprint{
+	struct Thumbprint *next;
+	uchar sha1[SHA1dlen];
+} Thumbprint;
+
+typedef struct TLSconn{
+	char dir[40];  /* connection directory */
+	uchar *cert;   /* certificate (local on input, remote on output) */
+	uchar *sessionID;
+	int certlen, sessionIDlen;
+	int (*trace)(char*fmt, ...);
+	PEMChain *chain; /* optional extra certificate evidence for servers to present */
+} TLSconn;
+
+/* tlshand.c */
+int tlsClient(int fd, TLSconn *c);
+int tlsServer(int fd, TLSconn *c);
+
+/* thumb.c */
+Thumbprint* initThumbprints(char *ok, char *crl);
+void	freeThumbprints(Thumbprint *ok);
+int		okThumbprint(uchar *sha1, Thumbprint *ok);
+
+/* readcert.c */
+uchar	*readcert(char *filename, int *pcertlen);
+PEMChain *readcertchain(char *filename);