mirror of
https://github.com/jart/cosmopolitan.git
synced 2025-01-31 11:37:35 +00:00
cc1920749e
Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
319 lines
10 KiB
C
319 lines
10 KiB
C
#ifndef MBEDTLS_DES_H
|
|
#define MBEDTLS_DES_H
|
|
#include "third_party/mbedtls/config.h"
|
|
/* clang-format off */
|
|
|
|
#define MBEDTLS_DES_ENCRYPT 1
|
|
#define MBEDTLS_DES_DECRYPT 0
|
|
|
|
#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< The data input has an invalid length. */
|
|
|
|
/* MBEDTLS_ERR_DES_HW_ACCEL_FAILED is deprecated and should not be used. */
|
|
#define MBEDTLS_ERR_DES_HW_ACCEL_FAILED -0x0033 /**< DES hardware accelerator failed. */
|
|
|
|
#define MBEDTLS_DES_KEY_SIZE 8
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
#if !defined(MBEDTLS_DES_ALT)
|
|
// Regular implementation
|
|
//
|
|
|
|
/**
|
|
* \brief DES context structure
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
typedef struct mbedtls_des_context
|
|
{
|
|
uint32_t sk[32]; /*!< DES subkeys */
|
|
}
|
|
mbedtls_des_context;
|
|
|
|
/**
|
|
* \brief Triple-DES context structure
|
|
*/
|
|
typedef struct mbedtls_des3_context
|
|
{
|
|
uint32_t sk[96]; /*!< 3DES subkeys */
|
|
}
|
|
mbedtls_des3_context;
|
|
|
|
#endif /* MBEDTLS_DES_ALT */
|
|
|
|
/**
|
|
* \brief Initialize DES context
|
|
*
|
|
* \param ctx DES context to be initialized
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
void mbedtls_des_init( mbedtls_des_context *ctx );
|
|
|
|
/**
|
|
* \brief Clear DES context
|
|
*
|
|
* \param ctx DES context to be cleared
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
void mbedtls_des_free( mbedtls_des_context *ctx );
|
|
|
|
/**
|
|
* \brief Initialize Triple-DES context
|
|
*
|
|
* \param ctx DES3 context to be initialized
|
|
*/
|
|
void mbedtls_des3_init( mbedtls_des3_context *ctx );
|
|
|
|
/**
|
|
* \brief Clear Triple-DES context
|
|
*
|
|
* \param ctx DES3 context to be cleared
|
|
*/
|
|
void mbedtls_des3_free( mbedtls_des3_context *ctx );
|
|
|
|
/**
|
|
* \brief Set key parity on the given key to odd.
|
|
*
|
|
* DES keys are 56 bits long, but each byte is padded with
|
|
* a parity bit to allow verification.
|
|
*
|
|
* \param key 8-byte secret key
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
|
|
|
/**
|
|
* \brief Check that key parity on the given key is odd.
|
|
*
|
|
* DES keys are 56 bits long, but each byte is padded with
|
|
* a parity bit to allow verification.
|
|
*
|
|
* \param key 8-byte secret key
|
|
*
|
|
* \return 0 is parity was ok, 1 if parity was not correct.
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
|
|
|
/**
|
|
* \brief Check that key is not a weak or semi-weak DES key
|
|
*
|
|
* \param key 8-byte secret key
|
|
*
|
|
* \return 0 if no weak key was found, 1 if a weak key was identified.
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
|
|
|
/**
|
|
* \brief DES key schedule (56-bit, encryption)
|
|
*
|
|
* \param ctx DES context to be initialized
|
|
* \param key 8-byte secret key
|
|
*
|
|
* \return 0
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
|
|
|
/**
|
|
* \brief DES key schedule (56-bit, decryption)
|
|
*
|
|
* \param ctx DES context to be initialized
|
|
* \param key 8-byte secret key
|
|
*
|
|
* \return 0
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
|
|
|
/**
|
|
* \brief Triple-DES key schedule (112-bit, encryption)
|
|
*
|
|
* \param ctx 3DES context to be initialized
|
|
* \param key 16-byte secret key
|
|
*
|
|
* \return 0
|
|
*/
|
|
int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
|
|
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
|
|
|
|
/**
|
|
* \brief Triple-DES key schedule (112-bit, decryption)
|
|
*
|
|
* \param ctx 3DES context to be initialized
|
|
* \param key 16-byte secret key
|
|
*
|
|
* \return 0
|
|
*/
|
|
int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
|
|
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
|
|
|
|
/**
|
|
* \brief Triple-DES key schedule (168-bit, encryption)
|
|
*
|
|
* \param ctx 3DES context to be initialized
|
|
* \param key 24-byte secret key
|
|
*
|
|
* \return 0
|
|
*/
|
|
int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
|
|
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
|
|
|
|
/**
|
|
* \brief Triple-DES key schedule (168-bit, decryption)
|
|
*
|
|
* \param ctx 3DES context to be initialized
|
|
* \param key 24-byte secret key
|
|
*
|
|
* \return 0
|
|
*/
|
|
int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
|
|
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
|
|
|
|
/**
|
|
* \brief DES-ECB block encryption/decryption
|
|
*
|
|
* \param ctx DES context
|
|
* \param input 64-bit input block
|
|
* \param output 64-bit output block
|
|
*
|
|
* \return 0 if successful
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
|
|
const unsigned char input[8],
|
|
unsigned char output[8] );
|
|
|
|
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
|
/**
|
|
* \brief DES-CBC buffer encryption/decryption
|
|
*
|
|
* \note Upon exit, the content of the IV is updated so that you can
|
|
* call the function same function again on the following
|
|
* block(s) of data and get the same result as if it was
|
|
* encrypted in one call. This allows a "streaming" usage.
|
|
* If on the other hand you need to retain the contents of the
|
|
* IV, you should either save it manually or use the cipher
|
|
* module instead.
|
|
*
|
|
* \param ctx DES context
|
|
* \param mode MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
|
|
* \param length length of the input data
|
|
* \param iv initialization vector (updated after use)
|
|
* \param input buffer holding the input data
|
|
* \param output buffer holding the output data
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
|
|
int mode,
|
|
size_t length,
|
|
unsigned char iv[8],
|
|
const unsigned char *input,
|
|
unsigned char *output );
|
|
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
|
|
|
/**
|
|
* \brief 3DES-ECB block encryption/decryption
|
|
*
|
|
* \param ctx 3DES context
|
|
* \param input 64-bit input block
|
|
* \param output 64-bit output block
|
|
*
|
|
* \return 0 if successful
|
|
*/
|
|
int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
|
|
const unsigned char input[8],
|
|
unsigned char output[8] );
|
|
|
|
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
|
/**
|
|
* \brief 3DES-CBC buffer encryption/decryption
|
|
*
|
|
* \note Upon exit, the content of the IV is updated so that you can
|
|
* call the function same function again on the following
|
|
* block(s) of data and get the same result as if it was
|
|
* encrypted in one call. This allows a "streaming" usage.
|
|
* If on the other hand you need to retain the contents of the
|
|
* IV, you should either save it manually or use the cipher
|
|
* module instead.
|
|
*
|
|
* \param ctx 3DES context
|
|
* \param mode MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
|
|
* \param length length of the input data
|
|
* \param iv initialization vector (updated after use)
|
|
* \param input buffer holding the input data
|
|
* \param output buffer holding the output data
|
|
*
|
|
* \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
|
|
*/
|
|
int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
|
|
int mode,
|
|
size_t length,
|
|
unsigned char iv[8],
|
|
const unsigned char *input,
|
|
unsigned char *output );
|
|
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
|
|
|
/**
|
|
* \brief Internal function for key expansion.
|
|
* (Only exposed to allow overriding it,
|
|
* see MBEDTLS_DES_SETKEY_ALT)
|
|
*
|
|
* \param SK Round keys
|
|
* \param key Base key
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
void mbedtls_des_setkey( uint32_t SK[32],
|
|
const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
|
|
|
#if defined(MBEDTLS_SELF_TEST)
|
|
|
|
/**
|
|
* \brief Checkup routine
|
|
*
|
|
* \return 0 if successful, or 1 if the test failed
|
|
*/
|
|
int mbedtls_des_self_test( int verbose );
|
|
|
|
#endif /* MBEDTLS_SELF_TEST */
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* des.h */
|