update libsec.h with tls improvements Reference: /n/atom/patch/applied/apelibsecinc Date: Sun Jan 3 04:27:17 CET 2016 Signed-off-by: quanstro@quanstro.net --- /sys/include/ape/libsec.h Sun Jan 3 04:26:54 2016 +++ /sys/include/ape/libsec.h Sun Jan 3 04:26:55 2016 @@ -46,6 +46,9 @@ void aesCTRdecrypt(uchar *p, int len, AESstate *s); void aesCTRencrypt(uchar *p, int len, AESstate *s); +void aesCCMencrypt(int, int, uchar*, uchar *, int, uchar*, int, AESstate*); +int aesCCMdecrypt(int, int, uchar*, uchar *, int, uchar*, int, AESstate*); + void setupAESXCBCstate(AESstate *s); uchar* aesXCBCmac(uchar *p, int len, AESstate *s); @@ -280,12 +283,16 @@ void rsaprivfree(RSApriv*); RSApub* rsaprivtopub(RSApriv*); RSApub* X509toRSApub(uchar*, int, char*, int); +uchar* RSApubtoasn1(RSApub*, int*); +RSApub* asn1toRSApub(uchar*, int); RSApriv* asn1toRSApriv(uchar*, int); void asn1dump(uchar *der, int len); uchar* decodePEM(char *s, char *type, int *len, char **new_s); PEMChain* decodepemchain(char *s, char *type); uchar* X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen); uchar* X509req(RSApriv *priv, char *subj, int *certlen); +char* X509verifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, RSApub *pk); +char* X509verifydata(uchar *sig, int siglen, uchar *data, int datalen, RSApub *pk); char* X509verify(uchar *cert, int ncert, RSApub *pk); void X509dump(uchar *cert, int ncert); @@ -391,6 +398,7 @@ uchar *sessionKey; int sessionKeylen; char *sessionConst; + char *serverName; } TLSconn; /* tlshand.c */ @@ -405,5 +413,77 @@ /* readcert.c */ uchar *readcert(char *filename, int *pcertlen); PEMChain*readcertchain(char *filename); + +/* aes_xts.c */ +int aes_xts_encrypt(u32int tweak[], u32int ecb[], vlong sectorNumber, uchar *input, uchar *output, size_t len) ; +int aes_xts_decrypt(u32int tweak[], u32int ecb[], vlong sectorNumber, uchar *input, uchar *output, size_t len); + +typedef struct ECpoint{ + int inf; + mpint *x; + mpint *y; +} ECpoint; + +typedef ECpoint ECpub; +typedef struct ECpriv{ + ECpoint; + mpint *d; +} ECpriv; + +typedef struct ECdomain{ + mpint *p; + mpint *a; + mpint *b; + ECpoint *G; + mpint *n; + mpint *h; +} ECdomain; + +void ecassign(ECdomain *, ECpoint *old, ECpoint *new); +void ecadd(ECdomain *, ECpoint *a, ECpoint *b, ECpoint *s); +void ecmul(ECdomain *, ECpoint *a, mpint *k, ECpoint *s); +ECpoint* strtoec(ECdomain *, char *, char **, ECpoint *); +ECpriv* ecgen(ECdomain *, ECpriv*); +int ecverify(ECdomain *, ECpoint *); +int ecpubverify(ECdomain *, ECpub *); +void ecdsasign(ECdomain *, ECpriv *, uchar *, int, mpint *, mpint *); +int ecdsaverify(ECdomain *, ECpub *, uchar *, int, mpint *, mpint *); +void base58enc(uchar *, char *, int); +int base58dec(char *, uchar *, int); + +/* + * Diffie-Hellman key exchange + */ + +typedef struct DHstate DHstate; +struct DHstate +{ + mpint *g; /* base g */ + mpint *p; /* large prime */ + mpint *q; /* subgroup prime */ + mpint *x; /* random secret */ + mpint *y; /* public key y = g**x % p */ +}; + +/* generate new public key: y = g**x % p */ +mpint* dh_new(DHstate *dh, mpint *p, mpint *q, mpint *g); + +/* calculate shared key: k = y**x % p */ +mpint* dh_finish(DHstate *dh, mpint *y); + +/* Curve25519 elliptic curve, public key function */ +void curve25519(uchar mypublic[32], uchar secret[32], uchar basepoint[32]); + +/* Curve25519 diffie hellman */ +void curve25519_dh_new(uchar x[32], uchar y[32]); +void curve25519_dh_finish(uchar x[32], uchar y[32], uchar z[32]); + +/* password-based key derivation function 2 (rfc2898) */ +void pbkdf2_x(uchar *p, ulong plen, uchar *s, ulong slen, ulong rounds, uchar *d, ulong dlen, + DigestState* (*x)(uchar*, ulong, uchar*, ulong, uchar*, DigestState*), int xlen); + +/* hmac-based key derivation function (rfc5869) */ +void hkdf_x(uchar *salt, ulong nsalt, uchar *info, ulong ninfo, uchar *key, ulong nkey, uchar *d, ulong dlen, + DigestState* (*x)(uchar*, ulong, uchar*, ulong, uchar*, DigestState*), int xlen); #endif