X-Git-Url: https://git.lizzy.rs/?a=blobdiff_plain;f=sys%2Finclude%2Flibsec.h;h=b19d18a762944965dbbb9ebb6901a8e35da70ca1;hb=a609c1a2f8d58d21727c13970725445ce4d2f6fa;hp=09db4f0f09606309fe545a8a9484ab054de82b9b;hpb=a291bbdeddfd41a2f0907ecbd7b819f0eedffdaf;p=plan9front.git

diff --git a/sys/include/libsec.h b/sys/include/libsec.h
index 09db4f0f0..b19d18a76 100644
--- a/sys/include/libsec.h
+++ b/sys/include/libsec.h
@@ -21,25 +21,44 @@ typedef struct AESstate AESstate;
 struct AESstate
 {
 	ulong	setup;
+	ulong	offset;
 	int	rounds;
 	int	keybytes;
+	void	*ekey;				/* expanded encryption round key */
+	void	*dkey;				/* expanded decryption round key */
 	uchar	key[AESmaxkey];			/* unexpanded key */
-	ulong	ekey[4*(AESmaxrounds + 1)];	/* encryption key */
-	ulong	dkey[4*(AESmaxrounds + 1)];	/* decryption key */
 	uchar	ivec[AESbsize];			/* initialization vector */
-	uchar	mackey[3 * AESbsize];		/* 3 XCBC mac 96 keys */
+	uchar	storage[512];			/* storage for expanded keys */
 };
 
 /* block ciphers */
-void	aes_encrypt(ulong rk[], int Nr, uchar pt[16], uchar ct[16]);
-void	aes_decrypt(ulong rk[], int Nr, uchar ct[16], uchar pt[16]);
+extern void (*aes_encrypt)(ulong rk[], int Nr, uchar pt[16], uchar ct[16]);
+extern void (*aes_decrypt)(ulong rk[], int Nr, uchar ct[16], uchar pt[16]);
+
+void	setupAESstate(AESstate *s, uchar key[], int nkey, uchar *ivec);
 
-void	setupAESstate(AESstate *s, uchar key[], int keybytes, uchar *ivec);
 void	aesCBCencrypt(uchar *p, int len, AESstate *s);
 void	aesCBCdecrypt(uchar *p, int len, AESstate *s);
+void	aesCFBencrypt(uchar *p, int len, AESstate *s);
+void	aesCFBdecrypt(uchar *p, int len, AESstate *s);
+void	aesOFBencrypt(uchar *p, int len, AESstate *s);
+
+void	aes_xts_encrypt(AESstate *tweak, AESstate *ecb, uvlong sectorNumber, uchar *input, uchar *output, ulong len);
+void	aes_xts_decrypt(AESstate *tweak, AESstate *ecb, uvlong sectorNumber, uchar *input, uchar *output, ulong len);
 
-void	setupAESXCBCstate(AESstate *s);
-uchar*	aesXCBCmac(uchar *p, int len, AESstate *s);
+typedef struct AESGCMstate AESGCMstate;
+struct AESGCMstate
+{
+	AESstate;
+
+	ulong	H[4];
+	ulong	M[16][256][4];
+};
+
+void	setupAESGCMstate(AESGCMstate *s, uchar *key, int keylen, uchar *iv, int ivlen);
+void	aesgcm_setiv(AESGCMstate *s, uchar *iv, int ivlen);
+void	aesgcm_encrypt(uchar *dat, ulong ndat, uchar *aad, ulong naad, uchar tag[16], AESGCMstate *s);
+int	aesgcm_decrypt(uchar *dat, ulong ndat, uchar *aad, ulong naad, uchar tag[16], AESGCMstate *s);
 
 /*
  * Blowfish Definitions
@@ -79,6 +98,7 @@ enum
 	ChachaBsize=	64,
 	ChachaKeylen=	256/8,
 	ChachaIVlen=	96/8,
+	XChachaIVlen=	192/8,
 };
 
 typedef struct Chachastate Chachastate;
@@ -93,6 +113,7 @@ struct Chachastate
 			u32int	iv[3];
 		};
 	};
+	u32int	xkey[8];
 	int	rounds;
 	int	ivwords;
 };
@@ -103,6 +124,8 @@ void	chacha_setblock(Chachastate*, u64int);
 void	chacha_encrypt(uchar*, ulong, Chachastate*);
 void	chacha_encrypt2(uchar*, uchar*, ulong, Chachastate*);
 
+void	hchacha(uchar h[32], uchar *key, ulong keylen, uchar nonce[16], int rounds);
+
 void	ccpoly_encrypt(uchar *dat, ulong ndat, uchar *aad, ulong naad, uchar tag[16], Chachastate *cs);
 int	ccpoly_decrypt(uchar *dat, ulong ndat, uchar *aad, ulong naad, uchar tag[16], Chachastate *cs);
 
@@ -121,7 +144,7 @@ typedef struct Salsastate Salsastate;
 struct Salsastate
 {
 	u32int	input[16];
-	u32int	key[8];
+	u32int	xkey[8];
 	int	rounds;
 	int	ivwords;
 };
@@ -132,6 +155,8 @@ void	salsa_setblock(Salsastate*, u64int);
 void	salsa_encrypt(uchar*, ulong, Salsastate*);
 void	salsa_encrypt2(uchar*, uchar*, ulong, Salsastate*);
 
+void	salsa_core(u32int in[16], u32int out[16], int rounds);
+
 void	hsalsa(uchar h[32], uchar *key, ulong keylen, uchar nonce[16], int rounds);
 
 /*
@@ -205,6 +230,7 @@ enum
 	SHA2_512dlen=	64,	/* SHA-512 digest length */
 	MD4dlen=	16,	/* MD4 digest length */
 	MD5dlen=	16,	/* MD5 digest length */
+	RIPEMD160dlen=	20,	/* RIPEMD-160 digest length */
 	Poly1305dlen=	16,	/* Poly1305 digest length */
 
 	Hmacblksz	= 64,	/* in bytes; from rfc2104 */
@@ -215,7 +241,7 @@ struct DigestState
 {
 	uvlong	len;
 	union {
-		u32int	state[8];
+		u32int	state[16];
 		u64int	bstate[8];
 	};
 	uchar	buf[256];
@@ -234,6 +260,7 @@ typedef struct DigestState MD4state;
 
 DigestState*	md4(uchar*, ulong, uchar*, DigestState*);
 DigestState*	md5(uchar*, ulong, uchar*, DigestState*);
+DigestState*	ripemd160(uchar *, ulong, uchar *, DigestState *);
 DigestState*	sha1(uchar*, ulong, uchar*, DigestState*);
 DigestState*	sha2_224(uchar*, ulong, uchar*, DigestState*);
 DigestState*	sha2_256(uchar*, ulong, uchar*, DigestState*);
@@ -249,11 +276,6 @@ DigestState*	hmac_sha2_224(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
 DigestState*	hmac_sha2_256(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
 DigestState*	hmac_sha2_384(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
 DigestState*	hmac_sha2_512(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
-char*		md5pickle(MD5state*);
-MD5state*	md5unpickle(char*);
-char*		sha1pickle(SHA1state*);
-SHA1state*	sha1unpickle(char*);
-
 DigestState*	poly1305(uchar*, ulong, uchar*, ulong, uchar*, DigestState*);
 
 /*
@@ -335,17 +357,27 @@ RSApriv*	rsaprivalloc(void);
 void		rsaprivfree(RSApriv*);
 RSApub*		rsaprivtopub(RSApriv*);
 RSApub*		X509toRSApub(uchar*, int, char*, int);
+RSApub*		asn1toRSApub(uchar*, int);
 RSApriv*	asn1toRSApriv(uchar*, int);
 void		asn1dump(uchar *der, int len);
 uchar*		decodePEM(char *s, char *type, int *len, char **new_s);
 PEMChain*	decodepemchain(char *s, char *type);
 uchar*		X509rsagen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
 uchar*		X509rsareq(RSApriv *priv, char *subj, int *certlen);
-char*		X509rsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, RSApub *pk);
 char*		X509rsaverify(uchar *cert, int ncert, RSApub *pk);
+char*		X509rsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, RSApub *pk);
 
 void		X509dump(uchar *cert, int ncert);
 
+mpint*		pkcs1padbuf(uchar *buf, int len, mpint *modulus, int blocktype);
+int		pkcs1unpadbuf(uchar *buf, int len, mpint *modulus, int blocktype);
+int		asn1encodeRSApub(RSApub *pk, uchar *buf, int len);
+int		asn1encodeRSApriv(RSApriv *k, uchar *buf, int len);
+int		asn1encodedigest(DigestState* (*fun)(uchar*, ulong, uchar*, DigestState*),
+			uchar *digest, uchar *buf, int len);
+
+int		X509digestSPKI(uchar *, int, DigestState* (*)(uchar*, ulong, uchar*, DigestState*), uchar *);
+
 /*
  * elgamal
  */
@@ -426,14 +458,14 @@ void		dsaprivfree(DSApriv*);
 DSAsig*		dsasigalloc(void);
 void		dsasigfree(DSAsig*);
 DSApub*		dsaprivtopub(DSApriv*);
-DSApriv*	asn1toDSApriv(uchar*, int);
 
 /*
  * TLS
  */
 typedef struct Thumbprint{
 	struct Thumbprint *next;
-	uchar	sha1[SHA1dlen];
+	uchar	hash[SHA2_256dlen];
+	uchar	len;
 } Thumbprint;
 
 typedef struct TLSconn{
@@ -459,22 +491,20 @@ int tlsClient(int fd, TLSconn *c);
 int tlsServer(int fd, TLSconn *c);
 
 /* thumb.c */
-Thumbprint* initThumbprints(char *ok, char *crl);
+Thumbprint* initThumbprints(char *ok, char *crl, char *tag);
 void	freeThumbprints(Thumbprint *ok);
-int	okThumbprint(uchar *sha1, Thumbprint *ok);
+int	okThumbprint(uchar *hash, int len, Thumbprint *ok);
+int	okCertificate(uchar *cert, int len, Thumbprint *ok);
 
 /* readcert.c */
 uchar	*readcert(char *filename, int *pcertlen);
 PEMChain*readcertchain(char *filename);
 
-/* aes_xts.c */
-int aes_xts_encrypt(ulong tweak[], ulong ecb[],  vlong sectorNumber, uchar *input, uchar *output, ulong len) ;
-int aes_xts_decrypt(ulong tweak[], ulong ecb[], vlong sectorNumber, uchar *input, uchar *output, ulong len);
-
 typedef struct ECpoint{
 	int inf;
 	mpint *x;
 	mpint *y;
+	mpint *z;	/* nil when using affine coordinates */
 } ECpoint;
 
 typedef ECpoint ECpub;
@@ -511,15 +541,14 @@ ECpub*	ecdecodepub(ECdomain *dom, uchar *, int);
 int	ecencodepub(ECdomain *dom, ECpub *, uchar *, int);
 void	ecpubfree(ECpub *);
 
-ECpub*	X509toECpub(uchar *cert, int ncert, ECdomain *dom);
+ECpub*	X509toECpub(uchar *cert, int ncert, char *name, int nname, ECdomain *dom);
+char*	X509ecdsaverify(uchar *cert, int ncert, ECdomain *dom, ECpub *pub);
 char*	X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub);
-char*	X509ecdsaverify(uchar *sig, int siglen, ECdomain *dom, ECpub *pub);
 
 /* curves */
 void	secp256r1(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h);
 void	secp256k1(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h);
-
-DigestState*	ripemd160(uchar *, ulong, uchar *, DigestState *);
+void	secp384r1(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h);
 
 /*
  * Diffie-Hellman key exchange
@@ -552,6 +581,11 @@ void curve25519_dh_finish(uchar x[32], uchar y[32], uchar z[32]);
 void pbkdf2_x(uchar *p, ulong plen, uchar *s, ulong slen, ulong rounds, uchar *d, ulong dlen,
 	DigestState* (*x)(uchar*, ulong, uchar*, ulong, uchar*, DigestState*), int xlen);
 
+/* scrypt password-based key derivation function */
+char* scrypt(uchar *p, ulong plen, uchar *s, ulong slen,
+	ulong N, ulong R, ulong P,
+	uchar *d, ulong dlen);
+
 /* hmac-based key derivation function (rfc5869) */
 void hkdf_x(uchar *salt, ulong nsalt, uchar *info, ulong ninfo, uchar *key, ulong nkey, uchar *d, ulong dlen,
 	DigestState* (*x)(uchar*, ulong, uchar*, ulong, uchar*, DigestState*), int xlen);