X-Git-Url: https://git.lizzy.rs/?a=blobdiff_plain;f=sys%2Finclude%2Flibsec.h;h=b19d18a762944965dbbb9ebb6901a8e35da70ca1;hb=a609c1a2f8d58d21727c13970725445ce4d2f6fa;hp=348f4f96703694420eb9ac1ec50b3c11d23615fb;hpb=ef8cbbba03de2e3785a6170e9e7c4f6ca5f4aa78;p=plan9front.git diff --git a/sys/include/libsec.h b/sys/include/libsec.h index 348f4f967..b19d18a76 100644 --- a/sys/include/libsec.h +++ b/sys/include/libsec.h @@ -21,25 +21,30 @@ typedef struct AESstate AESstate; struct AESstate { ulong setup; + ulong offset; int rounds; int keybytes; + void *ekey; /* expanded encryption round key */ + void *dkey; /* expanded decryption round key */ uchar key[AESmaxkey]; /* unexpanded key */ - ulong ekey[4*(AESmaxrounds + 1)]; /* encryption key */ - ulong dkey[4*(AESmaxrounds + 1)]; /* decryption key */ uchar ivec[AESbsize]; /* initialization vector */ - uchar mackey[3 * AESbsize]; /* 3 XCBC mac 96 keys */ + uchar storage[512]; /* storage for expanded keys */ }; /* block ciphers */ -void aes_encrypt(ulong rk[], int Nr, uchar pt[16], uchar ct[16]); -void aes_decrypt(ulong rk[], int Nr, uchar ct[16], uchar pt[16]); +extern void (*aes_encrypt)(ulong rk[], int Nr, uchar pt[16], uchar ct[16]); +extern void (*aes_decrypt)(ulong rk[], int Nr, uchar ct[16], uchar pt[16]); + +void setupAESstate(AESstate *s, uchar key[], int nkey, uchar *ivec); -void setupAESstate(AESstate *s, uchar key[], int keybytes, uchar *ivec); void aesCBCencrypt(uchar *p, int len, AESstate *s); void aesCBCdecrypt(uchar *p, int len, AESstate *s); +void aesCFBencrypt(uchar *p, int len, AESstate *s); +void aesCFBdecrypt(uchar *p, int len, AESstate *s); +void aesOFBencrypt(uchar *p, int len, AESstate *s); -void setupAESXCBCstate(AESstate *s); -uchar* aesXCBCmac(uchar *p, int len, AESstate *s); +void aes_xts_encrypt(AESstate *tweak, AESstate *ecb, uvlong sectorNumber, uchar *input, uchar *output, ulong len); +void aes_xts_decrypt(AESstate *tweak, AESstate *ecb, uvlong sectorNumber, uchar *input, uchar *output, ulong len); typedef struct AESGCMstate AESGCMstate; struct AESGCMstate @@ -93,6 +98,7 @@ enum ChachaBsize= 64, ChachaKeylen= 256/8, ChachaIVlen= 96/8, + XChachaIVlen= 192/8, }; typedef struct Chachastate Chachastate; @@ -107,6 +113,7 @@ struct Chachastate u32int iv[3]; }; }; + u32int xkey[8]; int rounds; int ivwords; }; @@ -117,6 +124,8 @@ void chacha_setblock(Chachastate*, u64int); void chacha_encrypt(uchar*, ulong, Chachastate*); void chacha_encrypt2(uchar*, uchar*, ulong, Chachastate*); +void hchacha(uchar h[32], uchar *key, ulong keylen, uchar nonce[16], int rounds); + void ccpoly_encrypt(uchar *dat, ulong ndat, uchar *aad, ulong naad, uchar tag[16], Chachastate *cs); int ccpoly_decrypt(uchar *dat, ulong ndat, uchar *aad, ulong naad, uchar tag[16], Chachastate *cs); @@ -135,7 +144,7 @@ typedef struct Salsastate Salsastate; struct Salsastate { u32int input[16]; - u32int key[8]; + u32int xkey[8]; int rounds; int ivwords; }; @@ -221,6 +230,7 @@ enum SHA2_512dlen= 64, /* SHA-512 digest length */ MD4dlen= 16, /* MD4 digest length */ MD5dlen= 16, /* MD5 digest length */ + RIPEMD160dlen= 20, /* RIPEMD-160 digest length */ Poly1305dlen= 16, /* Poly1305 digest length */ Hmacblksz = 64, /* in bytes; from rfc2104 */ @@ -250,6 +260,7 @@ typedef struct DigestState MD4state; DigestState* md4(uchar*, ulong, uchar*, DigestState*); DigestState* md5(uchar*, ulong, uchar*, DigestState*); +DigestState* ripemd160(uchar *, ulong, uchar *, DigestState *); DigestState* sha1(uchar*, ulong, uchar*, DigestState*); DigestState* sha2_224(uchar*, ulong, uchar*, DigestState*); DigestState* sha2_256(uchar*, ulong, uchar*, DigestState*); @@ -265,11 +276,6 @@ DigestState* hmac_sha2_224(uchar*, ulong, uchar*, ulong, uchar*, DigestState*); DigestState* hmac_sha2_256(uchar*, ulong, uchar*, ulong, uchar*, DigestState*); DigestState* hmac_sha2_384(uchar*, ulong, uchar*, ulong, uchar*, DigestState*); DigestState* hmac_sha2_512(uchar*, ulong, uchar*, ulong, uchar*, DigestState*); -char* md5pickle(MD5state*); -MD5state* md5unpickle(char*); -char* sha1pickle(SHA1state*); -SHA1state* sha1unpickle(char*); - DigestState* poly1305(uchar*, ulong, uchar*, ulong, uchar*, DigestState*); /* @@ -351,17 +357,27 @@ RSApriv* rsaprivalloc(void); void rsaprivfree(RSApriv*); RSApub* rsaprivtopub(RSApriv*); RSApub* X509toRSApub(uchar*, int, char*, int); +RSApub* asn1toRSApub(uchar*, int); RSApriv* asn1toRSApriv(uchar*, int); void asn1dump(uchar *der, int len); uchar* decodePEM(char *s, char *type, int *len, char **new_s); PEMChain* decodepemchain(char *s, char *type); uchar* X509rsagen(RSApriv *priv, char *subj, ulong valid[2], int *certlen); uchar* X509rsareq(RSApriv *priv, char *subj, int *certlen); -char* X509rsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, RSApub *pk); char* X509rsaverify(uchar *cert, int ncert, RSApub *pk); +char* X509rsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, RSApub *pk); void X509dump(uchar *cert, int ncert); +mpint* pkcs1padbuf(uchar *buf, int len, mpint *modulus, int blocktype); +int pkcs1unpadbuf(uchar *buf, int len, mpint *modulus, int blocktype); +int asn1encodeRSApub(RSApub *pk, uchar *buf, int len); +int asn1encodeRSApriv(RSApriv *k, uchar *buf, int len); +int asn1encodedigest(DigestState* (*fun)(uchar*, ulong, uchar*, DigestState*), + uchar *digest, uchar *buf, int len); + +int X509digestSPKI(uchar *, int, DigestState* (*)(uchar*, ulong, uchar*, DigestState*), uchar *); + /* * elgamal */ @@ -442,14 +458,14 @@ void dsaprivfree(DSApriv*); DSAsig* dsasigalloc(void); void dsasigfree(DSAsig*); DSApub* dsaprivtopub(DSApriv*); -DSApriv* asn1toDSApriv(uchar*, int); /* * TLS */ typedef struct Thumbprint{ struct Thumbprint *next; - uchar sha1[SHA1dlen]; + uchar hash[SHA2_256dlen]; + uchar len; } Thumbprint; typedef struct TLSconn{ @@ -475,18 +491,15 @@ int tlsClient(int fd, TLSconn *c); int tlsServer(int fd, TLSconn *c); /* thumb.c */ -Thumbprint* initThumbprints(char *ok, char *crl); +Thumbprint* initThumbprints(char *ok, char *crl, char *tag); void freeThumbprints(Thumbprint *ok); -int okThumbprint(uchar *sha1, Thumbprint *ok); +int okThumbprint(uchar *hash, int len, Thumbprint *ok); +int okCertificate(uchar *cert, int len, Thumbprint *ok); /* readcert.c */ uchar *readcert(char *filename, int *pcertlen); PEMChain*readcertchain(char *filename); -/* aes_xts.c */ -int aes_xts_encrypt(ulong tweak[], ulong ecb[], vlong sectorNumber, uchar *input, uchar *output, ulong len) ; -int aes_xts_decrypt(ulong tweak[], ulong ecb[], vlong sectorNumber, uchar *input, uchar *output, ulong len); - typedef struct ECpoint{ int inf; mpint *x; @@ -528,17 +541,15 @@ ECpub* ecdecodepub(ECdomain *dom, uchar *, int); int ecencodepub(ECdomain *dom, ECpub *, uchar *, int); void ecpubfree(ECpub *); -ECpub* X509toECpub(uchar *cert, int ncert, ECdomain *dom); +ECpub* X509toECpub(uchar *cert, int ncert, char *name, int nname, ECdomain *dom); +char* X509ecdsaverify(uchar *cert, int ncert, ECdomain *dom, ECpub *pub); char* X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub); -char* X509ecdsaverify(uchar *sig, int siglen, ECdomain *dom, ECpub *pub); /* curves */ void secp256r1(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h); void secp256k1(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h); void secp384r1(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h); -DigestState* ripemd160(uchar *, ulong, uchar *, DigestState *); - /* * Diffie-Hellman key exchange */