47 lines
1.6 KiB
C
47 lines
1.6 KiB
C
// Security library: Diffie-Hellman key exchange + XTEA-CTR cipher
|
|
// Targets 486-class hardware with 1024-bit DH (256-bit private exponent)
|
|
// and XTEA in CTR mode for symmetric encryption.
|
|
|
|
#ifndef SECURITY_H
|
|
#define SECURITY_H
|
|
|
|
#include <stdint.h>
|
|
#include <stdbool.h>
|
|
|
|
// Key sizes (bytes)
|
|
#define SEC_DH_KEY_SIZE 128 // 1024-bit DH public key
|
|
#define SEC_XTEA_KEY_SIZE 16 // 128-bit XTEA key
|
|
|
|
// Error codes
|
|
#define SEC_SUCCESS 0
|
|
#define SEC_ERR_PARAM -1
|
|
#define SEC_ERR_NOT_READY -2
|
|
#define SEC_ERR_ALLOC -3
|
|
|
|
// Opaque types
|
|
typedef struct SecDhS SecDhT;
|
|
typedef struct SecCipherS SecCipherT;
|
|
|
|
|
|
// RNG — seed before generating keys. Hardware entropy is weak (~20 bits);
|
|
// callers should supplement with keyboard timing, mouse jitter, etc.
|
|
int secRngGatherEntropy(uint8_t *buf, int len);
|
|
void secRngAddEntropy(const uint8_t *data, int len);
|
|
void secRngBytes(uint8_t *buf, int len);
|
|
void secRngSeed(const uint8_t *entropy, int len);
|
|
|
|
// Diffie-Hellman key exchange (1024-bit, RFC 2409 Group 2)
|
|
SecDhT *secDhCreate(void);
|
|
int secDhComputeSecret(SecDhT *dh, const uint8_t *remotePub, int len);
|
|
int secDhDeriveKey(SecDhT *dh, uint8_t *key, int keyLen);
|
|
void secDhDestroy(SecDhT *dh);
|
|
int secDhGenerateKeys(SecDhT *dh);
|
|
int secDhGetPublicKey(SecDhT *dh, uint8_t *buf, int *len);
|
|
|
|
// XTEA cipher in CTR mode (encrypt and decrypt are the same operation)
|
|
SecCipherT *secCipherCreate(const uint8_t *key);
|
|
void secCipherCrypt(SecCipherT *c, uint8_t *data, int len);
|
|
void secCipherDestroy(SecCipherT *c);
|
|
void secCipherSetNonce(SecCipherT *c, uint32_t nonceLo, uint32_t nonceHi);
|
|
|
|
#endif
|