mirror of
https://github.com/jart/cosmopolitan.git
synced 2025-02-07 15:03:34 +00:00
398f0c16fb
This change makes SSL virtual hosting possible. You can now load
multiple certificates for multiple domains and redbean will just
figure out which one to use, even if you only have 1 ip address.
You can also use a jumbo certificate that lists all your domains
in the the subject alternative names.
This change also makes performance improvements to MbedTLS. Here
are some benchmarks vs. cc1920749e
BEFORE AFTER (microsecs)
suite_ssl.com 2512881 191738 13.11x faster
suite_pkparse.com 36291 3295 11.01x faster
suite_x509parse.com 854669 120293 7.10x faster
suite_pkwrite.com 6549 1265 5.18x faster
suite_ecdsa.com 53347 18778 2.84x faster
suite_pk.com 49051 18717 2.62x faster
suite_ecdh.com 19535 9502 2.06x faster
suite_shax.com 15848 7965 1.99x faster
suite_rsa.com 353257 184828 1.91x faster
suite_x509write.com 162646 85733 1.90x faster
suite_ecp.com 20503 11050 1.86x faster
suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster
suite_hmac_drbg.nopr.com 12460 8010 1.56x faster
suite_mpi.com 687124 442661 1.55x faster
suite_hmac_drbg.pr.com 11890 7752 1.53x faster
There aren't any special tricks to the performance imporvements.
It's mostly due to code cleanup, assembly and intel instructions
like mulx, adox, and adcx.
319 lines
10 KiB
C
319 lines
10 KiB
C
#ifndef MBEDTLS_DES_H
|
|
#define MBEDTLS_DES_H
|
|
#include "third_party/mbedtls/config.h"
|
|
/* clang-format off */
|
|
|
|
#define MBEDTLS_DES_ENCRYPT 1
|
|
#define MBEDTLS_DES_DECRYPT 0
|
|
|
|
#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032 /**< The data input has an invalid length. */
|
|
|
|
/* MBEDTLS_ERR_DES_HW_ACCEL_FAILED is deprecated and should not be used. */
|
|
#define MBEDTLS_ERR_DES_HW_ACCEL_FAILED -0x0033 /**< DES hardware accelerator failed. */
|
|
|
|
#define MBEDTLS_DES_KEY_SIZE 8
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
#if !defined(MBEDTLS_DES_ALT)
|
|
// Regular implementation
|
|
//
|
|
|
|
/**
|
|
* \brief DES context structure
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
typedef struct mbedtls_des_context
|
|
{
|
|
uint32_t sk[32]; /*!< DES subkeys */
|
|
}
|
|
mbedtls_des_context;
|
|
|
|
/**
|
|
* \brief Triple-DES context structure
|
|
*/
|
|
typedef struct mbedtls_des3_context
|
|
{
|
|
uint32_t sk[96]; /*!< 3DES subkeys */
|
|
}
|
|
mbedtls_des3_context;
|
|
|
|
#endif /* MBEDTLS_DES_ALT */
|
|
|
|
/**
|
|
* \brief Initialize DES context
|
|
*
|
|
* \param ctx DES context to be initialized
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
void mbedtls_des_init( mbedtls_des_context *ctx );
|
|
|
|
/**
|
|
* \brief Clear DES context
|
|
*
|
|
* \param ctx DES context to be cleared
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
void mbedtls_des_free( mbedtls_des_context *ctx );
|
|
|
|
/**
|
|
* \brief Initialize Triple-DES context
|
|
*
|
|
* \param ctx DES3 context to be initialized
|
|
*/
|
|
void mbedtls_des3_init( mbedtls_des3_context *ctx );
|
|
|
|
/**
|
|
* \brief Clear Triple-DES context
|
|
*
|
|
* \param ctx DES3 context to be cleared
|
|
*/
|
|
void mbedtls_des3_free( mbedtls_des3_context *ctx );
|
|
|
|
/**
|
|
* \brief Set key parity on the given key to odd.
|
|
*
|
|
* DES keys are 56 bits long, but each byte is padded with
|
|
* a parity bit to allow verification.
|
|
*
|
|
* \param key 8-byte secret key
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
|
|
|
/**
|
|
* \brief Check that key parity on the given key is odd.
|
|
*
|
|
* DES keys are 56 bits long, but each byte is padded with
|
|
* a parity bit to allow verification.
|
|
*
|
|
* \param key 8-byte secret key
|
|
*
|
|
* \return 0 is parity was ok, 1 if parity was not correct.
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
|
|
|
/**
|
|
* \brief Check that key is not a weak or semi-weak DES key
|
|
*
|
|
* \param key 8-byte secret key
|
|
*
|
|
* \return 0 if no weak key was found, 1 if a weak key was identified.
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
|
|
|
/**
|
|
* \brief DES key schedule (56-bit, encryption)
|
|
*
|
|
* \param ctx DES context to be initialized
|
|
* \param key 8-byte secret key
|
|
*
|
|
* \return 0
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
|
|
|
/**
|
|
* \brief DES key schedule (56-bit, decryption)
|
|
*
|
|
* \param ctx DES context to be initialized
|
|
* \param key 8-byte secret key
|
|
*
|
|
* \return 0
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
|
|
|
/**
|
|
* \brief Triple-DES key schedule (112-bit, encryption)
|
|
*
|
|
* \param ctx 3DES context to be initialized
|
|
* \param key 16-byte secret key
|
|
*
|
|
* \return 0
|
|
*/
|
|
int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
|
|
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
|
|
|
|
/**
|
|
* \brief Triple-DES key schedule (112-bit, decryption)
|
|
*
|
|
* \param ctx 3DES context to be initialized
|
|
* \param key 16-byte secret key
|
|
*
|
|
* \return 0
|
|
*/
|
|
int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
|
|
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
|
|
|
|
/**
|
|
* \brief Triple-DES key schedule (168-bit, encryption)
|
|
*
|
|
* \param ctx 3DES context to be initialized
|
|
* \param key 24-byte secret key
|
|
*
|
|
* \return 0
|
|
*/
|
|
int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
|
|
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
|
|
|
|
/**
|
|
* \brief Triple-DES key schedule (168-bit, decryption)
|
|
*
|
|
* \param ctx 3DES context to be initialized
|
|
* \param key 24-byte secret key
|
|
*
|
|
* \return 0
|
|
*/
|
|
int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
|
|
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
|
|
|
|
/**
|
|
* \brief DES-ECB block encryption/decryption
|
|
*
|
|
* \param ctx DES context
|
|
* \param input 64-bit input block
|
|
* \param output 64-bit output block
|
|
*
|
|
* \return 0 if successful
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
|
|
const unsigned char input[8],
|
|
unsigned char output[8] );
|
|
|
|
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
|
/**
|
|
* \brief DES-CBC buffer encryption/decryption
|
|
*
|
|
* \note Upon exit, the content of the IV is updated so that you can
|
|
* call the function same function again on the following
|
|
* block(s) of data and get the same result as if it was
|
|
* encrypted in one call. This allows a "streaming" usage.
|
|
* If on the other hand you need to retain the contents of the
|
|
* IV, you should either save it manually or use the cipher
|
|
* module instead.
|
|
*
|
|
* \param ctx DES context
|
|
* \param mode MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
|
|
* \param length length of the input data
|
|
* \param iv initialization vector (updated after use)
|
|
* \param input buffer holding the input data
|
|
* \param output buffer holding the output data
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
|
|
int mode,
|
|
size_t length,
|
|
unsigned char iv[8],
|
|
const unsigned char *input,
|
|
unsigned char *output );
|
|
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
|
|
|
/**
|
|
* \brief 3DES-ECB block encryption/decryption
|
|
*
|
|
* \param ctx 3DES context
|
|
* \param input 64-bit input block
|
|
* \param output 64-bit output block
|
|
*
|
|
* \return 0 if successful
|
|
*/
|
|
int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
|
|
const unsigned char input[8],
|
|
unsigned char output[8] );
|
|
|
|
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
|
/**
|
|
* \brief 3DES-CBC buffer encryption/decryption
|
|
*
|
|
* \note Upon exit, the content of the IV is updated so that you can
|
|
* call the function same function again on the following
|
|
* block(s) of data and get the same result as if it was
|
|
* encrypted in one call. This allows a "streaming" usage.
|
|
* If on the other hand you need to retain the contents of the
|
|
* IV, you should either save it manually or use the cipher
|
|
* module instead.
|
|
*
|
|
* \param ctx 3DES context
|
|
* \param mode MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
|
|
* \param length length of the input data
|
|
* \param iv initialization vector (updated after use)
|
|
* \param input buffer holding the input data
|
|
* \param output buffer holding the output data
|
|
*
|
|
* \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
|
|
*/
|
|
int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
|
|
int mode,
|
|
size_t length,
|
|
unsigned char iv[8],
|
|
const unsigned char *input,
|
|
unsigned char *output );
|
|
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
|
|
|
/**
|
|
* \brief Internal function for key expansion.
|
|
* (Only exposed to allow overriding it,
|
|
* see MBEDTLS_DES_SETKEY_ALT)
|
|
*
|
|
* \param SK Round keys
|
|
* \param key Base key
|
|
*
|
|
* \warning DES is considered a weak cipher and its use constitutes a
|
|
* security risk. We recommend considering stronger ciphers
|
|
* instead.
|
|
*/
|
|
void mbedtls_des_setkey( uint32_t SK[32],
|
|
const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
|
|
|
|
#if defined(MBEDTLS_SELF_TEST)
|
|
|
|
/**
|
|
* \brief Checkup routine
|
|
*
|
|
* \return 0 if successful, or 1 if the test failed
|
|
*/
|
|
int mbedtls_des_self_test( int verbose );
|
|
|
|
#endif /* MBEDTLS_SELF_TEST */
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* des.h */
|