summaryrefslogtreecommitdiff
path: root/sys/src/9/port/devssl.c
diff options
context:
space:
mode:
authorOri Bernstein <ori@eigenstate.org>2021-12-13 02:17:02 +0000
committerOri Bernstein <ori@eigenstate.org>2021-12-13 02:17:02 +0000
commit7efbea82c63846a281db36d3854e13d3ab5498d2 (patch)
tree62d22c284ed5a788b91e4db43315ddc5913bd518 /sys/src/9/port/devssl.c
parentb4d4cf69be84b92796b5e5bd81f16999a54bff39 (diff)
devssl, cpu, import, oexportfs: delete
SSL is implemented by devssl. It's extremely obsolete by now, and is not used anywhere but cpu, import, and oexportfs. This change strips out the devssl bits, but does not (yet) remove the code from libsec.
Diffstat (limited to 'sys/src/9/port/devssl.c')
-rw-r--r--sys/src/9/port/devssl.c1462
1 files changed, 0 insertions, 1462 deletions
diff --git a/sys/src/9/port/devssl.c b/sys/src/9/port/devssl.c
index d48ba5d1e..e69de29bb 100644
--- a/sys/src/9/port/devssl.c
+++ b/sys/src/9/port/devssl.c
@@ -1,1462 +0,0 @@
-/*
- * devssl - secure sockets layer
- */
-#include "u.h"
-#include "../port/lib.h"
-#include "mem.h"
-#include "dat.h"
-#include "fns.h"
-#include "../port/error.h"
-
-#include <libsec.h>
-
-#define NOSPOOKS 1
-
-typedef struct OneWay OneWay;
-struct OneWay
-{
- QLock q;
- QLock ctlq;
-
- void *state; /* encryption state */
- int slen; /* hash data length */
- uchar *secret; /* secret */
- ulong mid; /* message id */
-};
-
-enum
-{
- /* connection states */
- Sincomplete= 0,
- Sclear= 1,
- Sencrypting= 2,
- Sdigesting= 4,
- Sdigenc= Sencrypting|Sdigesting,
-
- /* encryption algorithms */
- Noencryption= 0,
- DESCBC= 1,
- DESECB= 2,
- RC4= 3
-};
-
-typedef struct Dstate Dstate;
-struct Dstate
-{
- Chan *c; /* io channel */
- uchar state; /* state of connection */
- int ref; /* serialized by dslock for atomic destroy */
-
- uchar encryptalg; /* encryption algorithm */
- ushort blocklen; /* blocking length */
-
- ushort diglen; /* length of digest */
- DigestState *(*hf)(uchar*, ulong, uchar*, DigestState*); /* hash func */
-
- /* for SSL format */
- int max; /* maximum unpadded data per msg */
- int maxpad; /* maximum padded data per msg */
-
- /* input side */
- OneWay in;
- Block *processed;
- Block *unprocessed;
-
- /* output side */
- OneWay out;
-
- /* protections */
- char *user;
- int perm;
-};
-
-enum
-{
- Maxdmsg= 1<<16,
- Maxdstate= 512, /* max. open ssl conn's; must be a power of 2 */
-};
-
-static Lock dslock;
-static int dshiwat;
-static char *dsname[Maxdstate];
-static Dstate *dstate[Maxdstate];
-static char *encalgs;
-static char *hashalgs;
-
-enum{
- Qtopdir = 1, /* top level directory */
- Qprotodir,
- Qclonus,
- Qconvdir, /* directory for a conversation */
- Qdata,
- Qctl,
- Qsecretin,
- Qsecretout,
- Qencalgs,
- Qhashalgs,
-};
-
-#define TYPE(x) ((x).path & 0xf)
-#define CONV(x) (((x).path >> 5)&(Maxdstate-1))
-#define QID(c, y) (((c)<<5) | (y))
-
-static void ensure(Dstate*, Block**, int);
-static void consume(Block**, uchar*, int);
-static void setsecret(OneWay*, uchar*, int);
-static Block* encryptb(Dstate*, Block*, int);
-static Block* decryptb(Dstate*, Block*);
-static Block* digestb(Dstate*, Block*, int);
-static void checkdigestb(Dstate*, Block*);
-static Chan* buftochan(char*);
-static void sslhangup(Dstate*);
-static Dstate* dsclone(Chan *c);
-static void dsnew(Chan *c, Dstate **);
-static long sslput(Dstate *s, Block * volatile b);
-
-char *sslnames[] = {
-[Qclonus] "clone",
-[Qdata] "data",
-[Qctl] "ctl",
-[Qsecretin] "secretin",
-[Qsecretout] "secretout",
-[Qencalgs] "encalgs",
-[Qhashalgs] "hashalgs",
-};
-
-static int
-sslgen(Chan *c, char*, Dirtab *d, int nd, int s, Dir *dp)
-{
- Qid q;
- Dstate *ds;
- char name[16], *p, *nm;
- int ft;
-
- USED(nd);
- USED(d);
-
- q.type = QTFILE;
- q.vers = 0;
-
- ft = TYPE(c->qid);
- switch(ft) {
- case Qtopdir:
- if(s == DEVDOTDOT){
- q.path = QID(0, Qtopdir);
- q.type = QTDIR;
- devdir(c, q, "#D", 0, eve, 0555, dp);
- return 1;
- }
- if(s > 0)
- return -1;
- q.path = QID(0, Qprotodir);
- q.type = QTDIR;
- devdir(c, q, "ssl", 0, eve, 0555, dp);
- return 1;
- case Qprotodir:
- if(s == DEVDOTDOT){
- q.path = QID(0, Qtopdir);
- q.type = QTDIR;
- devdir(c, q, ".", 0, eve, 0555, dp);
- return 1;
- }
- if(s < dshiwat) {
- q.path = QID(s, Qconvdir);
- q.type = QTDIR;
- ds = dstate[s];
- if(ds != 0)
- nm = ds->user;
- else
- nm = eve;
- if(dsname[s] == nil){
- sprint(name, "%d", s);
- kstrdup(&dsname[s], name);
- }
- devdir(c, q, dsname[s], 0, nm, 0555, dp);
- return 1;
- }
- if(s > dshiwat)
- return -1;
- q.path = QID(0, Qclonus);
- devdir(c, q, "clone", 0, eve, 0555, dp);
- return 1;
- case Qconvdir:
- if(s == DEVDOTDOT){
- q.path = QID(0, Qprotodir);
- q.type = QTDIR;
- devdir(c, q, "ssl", 0, eve, 0555, dp);
- return 1;
- }
- ds = dstate[CONV(c->qid)];
- if(ds != 0)
- nm = ds->user;
- else
- nm = eve;
- switch(s) {
- default:
- return -1;
- case 0:
- q.path = QID(CONV(c->qid), Qctl);
- p = "ctl";
- break;
- case 1:
- q.path = QID(CONV(c->qid), Qdata);
- p = "data";
- break;
- case 2:
- q.path = QID(CONV(c->qid), Qsecretin);
- p = "secretin";
- break;
- case 3:
- q.path = QID(CONV(c->qid), Qsecretout);
- p = "secretout";
- break;
- case 4:
- q.path = QID(CONV(c->qid), Qencalgs);
- p = "encalgs";
- break;
- case 5:
- q.path = QID(CONV(c->qid), Qhashalgs);
- p = "hashalgs";
- break;
- }
- devdir(c, q, p, 0, nm, 0660, dp);
- return 1;
- case Qclonus:
- devdir(c, c->qid, sslnames[TYPE(c->qid)], 0, eve, 0555, dp);
- return 1;
- default:
- ds = dstate[CONV(c->qid)];
- if(ds != 0)
- nm = ds->user;
- else
- nm = eve;
- devdir(c, c->qid, sslnames[TYPE(c->qid)], 0, nm, 0660, dp);
- return 1;
- }
-}
-
-static Chan*
-sslattach(char *spec)
-{
- Chan *c;
-
- c = devattach('D', spec);
- c->qid.path = QID(0, Qtopdir);
- c->qid.vers = 0;
- c->qid.type = QTDIR;
- return c;
-}
-
-static Walkqid*
-sslwalk(Chan *c, Chan *nc, char **name, int nname)
-{
- return devwalk(c, nc, name, nname, nil, 0, sslgen);
-}
-
-static int
-sslstat(Chan *c, uchar *db, int n)
-{
- return devstat(c, db, n, nil, 0, sslgen);
-}
-
-static Chan*
-sslopen(Chan *c, int omode)
-{
- Dstate *s, **pp;
- int ft;
-
- ft = TYPE(c->qid);
- switch(ft) {
- default:
- panic("sslopen");
- case Qtopdir:
- case Qprotodir:
- case Qconvdir:
- if(omode != OREAD)
- error(Eperm);
- break;
- case Qclonus:
- s = dsclone(c);
- if(s == 0)
- error(Enodev);
- break;
- case Qctl:
- case Qdata:
- case Qsecretin:
- case Qsecretout:
- if(waserror()) {
- unlock(&dslock);
- nexterror();
- }
- lock(&dslock);
- pp = &dstate[CONV(c->qid)];
- s = *pp;
- if(s == 0)
- dsnew(c, pp);
- else {
- devpermcheck(s->user, s->perm, omode);
- s->ref++;
- }
- unlock(&dslock);
- poperror();
- break;
- case Qencalgs:
- case Qhashalgs:
- if(omode != OREAD)
- error(Eperm);
- break;
- }
- c->mode = openmode(omode);
- c->flag |= COPEN;
- c->offset = 0;
- return c;
-}
-
-static int
-sslwstat(Chan *c, uchar *db, int n)
-{
- Dir *dir;
- Dstate *s;
- int m;
-
- s = dstate[CONV(c->qid)];
- if(s == 0)
- error(Ebadusefd);
- if(strcmp(s->user, up->user) != 0)
- error(Eperm);
-
- dir = smalloc(sizeof(Dir)+n);
- m = convM2D(db, n, &dir[0], (char*)&dir[1]);
- if(m == 0){
- free(dir);
- error(Eshortstat);
- }
-
- if(!emptystr(dir->uid))
- kstrdup(&s->user, dir->uid);
- if(dir->mode != -1)
- s->perm = dir->mode;
-
- free(dir);
- return m;
-}
-
-static void
-sslclose(Chan *c)
-{
- Dstate *s;
- int ft;
-
- ft = TYPE(c->qid);
- switch(ft) {
- case Qctl:
- case Qdata:
- case Qsecretin:
- case Qsecretout:
- if((c->flag & COPEN) == 0)
- break;
-
- s = dstate[CONV(c->qid)];
- if(s == 0)
- break;
-
- lock(&dslock);
- if(--s->ref > 0) {
- unlock(&dslock);
- break;
- }
- dstate[CONV(c->qid)] = 0;
- unlock(&dslock);
-
- if(s->user != nil)
- free(s->user);
- sslhangup(s);
- if(s->c)
- cclose(s->c);
- secfree(s->in.secret);
- secfree(s->out.secret);
- secfree(s->in.state);
- secfree(s->out.state);
- free(s);
-
- }
-}
-
-/*
- * make sure we have at least 'n' bytes in list 'l'
- */
-static void
-ensure(Dstate *s, Block **l, int n)
-{
- int sofar, i;
- Block *b, *bl;
-
- sofar = 0;
- for(b = *l; b; b = b->next){
- sofar += BLEN(b);
- if(sofar >= n)
- return;
- l = &b->next;
- }
-
- while(sofar < n){
- bl = devtab[s->c->type]->bread(s->c, Maxdmsg, 0);
- if(bl == 0)
- nexterror();
- *l = bl;
- i = 0;
- for(b = bl; b; b = b->next){
- i += BLEN(b);
- l = &b->next;
- }
- if(i == 0)
- error(Ehungup);
- sofar += i;
- }
-}
-
-/*
- * copy 'n' bytes from 'l' into 'p' and free
- * the bytes in 'l'
- */
-static void
-consume(Block **l, uchar *p, int n)
-{
- Block *b;
- int i;
-
- for(; *l && n > 0; n -= i){
- b = *l;
- i = BLEN(b);
- if(i > n)
- i = n;
- memmove(p, b->rp, i);
- b->rp += i;
- p += i;
- if(BLEN(b) < 0)
- panic("consume");
- if(BLEN(b))
- break;
- *l = b->next;
- freeb(b);
- }
-}
-
-/*
- * give back n bytes
-static void
-regurgitate(Dstate *s, uchar *p, int n)
-{
- Block *b;
-
- if(n <= 0)
- return;
- b = s->unprocessed;
- if(s->unprocessed == nil || b->rp - b->base < n) {
- b = allocb(n);
- memmove(b->wp, p, n);
- b->wp += n;
- b->next = s->unprocessed;
- s->unprocessed = b;
- } else {
- b->rp -= n;
- memmove(b->rp, p, n);
- }
-}
- */
-
-/*
- * remove at most n bytes from the queue, if discard is set
- * dump the remainder
- */
-static Block*
-qtake(Block **l, int n, int discard)
-{
- Block *nb, *b, *first;
- int i;
-
- first = *l;
- for(b = first; b; b = b->next){
- i = BLEN(b);
- if(i == n){
- if(discard){
- freeblist(b->next);
- *l = 0;
- } else
- *l = b->next;
- b->next = 0;
- return first;
- } else if(i > n){
- i -= n;
- if(discard){
- freeblist(b->next);
- b->wp -= i;
- *l = 0;
- } else {
- nb = allocb(i);
- memmove(nb->wp, b->rp+n, i);
- nb->wp += i;
- b->wp -= i;
- nb->next = b->next;
- *l = nb;
- }
- b->next = 0;
- if(BLEN(b) < 0)
- panic("qtake");
- return first;
- } else
- n -= i;
- if(BLEN(b) < 0)
- panic("qtake");
- }
- *l = 0;
- return first;
-}
-
-/*
- * We can't let Eintr's lose data since the program
- * doing the read may be able to handle it. The only
- * places Eintr is possible is during the read's in consume.
- * Therefore, we make sure we can always put back the bytes
- * consumed before the last ensure.
- */
-static Block*
-sslbread(Chan *c, long n, ulong)
-{
- Dstate * volatile s;
- Block *b;
- uchar consumed[3], *p;
- int toconsume;
- int len, pad;
-
- s = dstate[CONV(c->qid)];
- if(s == 0)
- panic("sslbread");
- if(s->state == Sincomplete)
- error(Ebadusefd);
-
- qlock(&s->in.q);
- if(waserror()){
- qunlock(&s->in.q);
- nexterror();
- }
-
- if(s->processed == 0){
- /*
- * Read in the whole message. Until we've got it all,
- * it stays on s->unprocessed, so that if we get Eintr,
- * we'll pick up where we left off.
- */
- ensure(s, &s->unprocessed, 3);
- s->unprocessed = pullupblock(s->unprocessed, 2);
- p = s->unprocessed->rp;
- if(p[0] & 0x80){
- len = ((p[0] & 0x7f)<<8) | p[1];
- ensure(s, &s->unprocessed, len);
- pad = 0;
- toconsume = 2;
- } else {
- s->unprocessed = pullupblock(s->unprocessed, 3);
- len = ((p[0] & 0x3f)<<8) | p[1];
- pad = p[2];
- if(pad > len){
- print("pad %d buf len %d\n", pad, len);
- error("bad pad in ssl message");
- }
- toconsume = 3;
- }
- ensure(s, &s->unprocessed, toconsume+len);
-
- /* skip header */
- consume(&s->unprocessed, consumed, toconsume);
-
- /* grab the next message and decode/decrypt it */
- b = qtake(&s->unprocessed, len, 0);
-
- if(blocklen(b) != len)
- print("devssl: sslbread got wrong count %d != %d", blocklen(b), len);
-
- if(waserror()){
- qunlock(&s->in.ctlq);
- if(b != nil)
- freeb(b);
- nexterror();
- }
- qlock(&s->in.ctlq);
- switch(s->state){
- case Sencrypting:
- if(b == nil)
- error("ssl message too short (encrypting)");
- b = decryptb(s, b);
- break;
- case Sdigesting:
- b = pullupblock(b, s->diglen);
- if(b == nil)
- error("ssl message too short (digesting)");
- checkdigestb(s, b);
- pullblock(&b, s->diglen);
- len -= s->diglen;
- break;
- case Sdigenc:
- b = decryptb(s, b);
- b = pullupblock(b, s->diglen);
- if(b == nil)
- error("ssl message too short (dig+enc)");
- checkdigestb(s, b);
- pullblock(&b, s->diglen);
- len -= s->diglen;
- break;
- }
-
- /* remove pad */
- if(pad)
- s->processed = qtake(&b, len - pad, 1);
- else
- s->processed = b;
- b = nil;
- s->in.mid++;
- qunlock(&s->in.ctlq);
- poperror();
- }
-
- /* return at most what was asked for */
- b = qtake(&s->processed, n, 0);
-
- qunlock(&s->in.q);
- poperror();
-
- return b;
-}
-
-static long
-sslread(Chan *c, void *a, long n, vlong off)
-{
- Block * volatile b;
- Block *nb;
- uchar *va;
- int i;
- char buf[128];
- ulong offset = off;
- int ft;
-
- if(c->qid.type & QTDIR)
- return devdirread(c, a, n, 0, 0, sslgen);
-
- ft = TYPE(c->qid);
- switch(ft) {
- default:
- error(Ebadusefd);
- case Qctl:
- ft = CONV(c->qid);
- sprint(buf, "%d", ft);
- return readstr(offset, a, n, buf);
- case Qdata:
- b = sslbread(c, n, offset);
- break;
- case Qencalgs:
- return readstr(offset, a, n, encalgs);
- break;
- case Qhashalgs:
- return readstr(offset, a, n, hashalgs);
- break;
- }
-
- if(waserror()){
- freeblist(b);
- nexterror();
- }
-
- n = 0;
- va = a;
- for(nb = b; nb; nb = nb->next){
- i = BLEN(nb);
- memmove(va+n, nb->rp, i);
- n += i;
- }
-
- freeblist(b);
- poperror();
-
- return n;
-}
-
-static long
-sslbwrite(Chan *c, Block *b, ulong)
-{
- Dstate * volatile s;
- long rv;
-
- s = dstate[CONV(c->qid)];
- if(s == nil)
- panic("sslbwrite");
-
- if(s->state == Sincomplete){
- freeb(b);
- error(Ebadusefd);
- }
-
- /* lock so split writes won't interleave */
- if(waserror()){
- qunlock(&s->out.q);
- nexterror();
- }
- qlock(&s->out.q);
-
- rv = sslput(s, b);
-
- poperror();
- qunlock(&s->out.q);
-
- return rv;
-}
-
-/*
- * use SSL record format, add in count, digest and/or encrypt.
- * the write is interruptable. if it is interrupted, we'll
- * get out of sync with the far side. not much we can do about
- * it since we don't know if any bytes have been written.
- */
-static long
-sslput(Dstate *s, Block * volatile b)
-{
- Block *nb;
- int h, n, m, pad, rv;
- uchar *p;
- int offset;
-
- if(waserror()){
- if(b != nil)
- freeb(b);
- nexterror();
- }
-
- rv = 0;
- while(b != nil){
- m = n = BLEN(b);
- h = s->diglen + 2;
-
- /* trim to maximum block size */
- pad = 0;
- if(m > s->max){
- m = s->max;
- } else if(s->blocklen != 1){
- pad = (m + s->diglen)%s->blocklen;
- if(pad){
- if(m > s->maxpad){
- pad = 0;
- m = s->maxpad;
- } else {
- pad = s->blocklen - pad;
- h++;
- }
- }
- }
-
- rv += m;
- if(m != n){
- nb = allocb(m + h + pad);
- memmove(nb->wp + h, b->rp, m);
- nb->wp += m + h;
- b->rp += m;
- } else {
- /* add header space */
- nb = padblock(b, h);
- b = 0;
- }
- m += s->diglen;
-
- /* SSL style count */
- if(pad){
- nb = padblock(nb, -pad);
- prng(nb->wp, pad);
- nb->wp += pad;
- m += pad;
-
- p = nb->rp;
- p[0] = (m>>8);
- p[1] = m;
- p[2] = pad;
- offset = 3;
- } else {
- p = nb->rp;
- p[0] = (m>>8) | 0x80;
- p[1] = m;
- offset = 2;
- }
-
- switch(s->state){
- case Sencrypting:
- nb = encryptb(s, nb, offset);
- break;
- case Sdigesting:
- nb = digestb(s, nb, offset);
- break;
- case Sdigenc:
- nb = digestb(s, nb, offset);
- nb = encryptb(s, nb, offset);
- break;
- }
-
- s->out.mid++;
-
- m = BLEN(nb);
- devtab[s->c->type]->bwrite(s->c, nb, s->c->offset);
- s->c->offset += m;
- }
-
- poperror();
- return rv;
-}
-
-static void
-setsecret(OneWay *w, uchar *secret, int n)
-{
- secfree(w->secret);
- w->secret = secalloc(n);
- memmove(w->secret, secret, n);
- w->slen = n;
-}
-
-static void
-initDESkey(OneWay *w)
-{
- secfree(w->state);
- w->state = secalloc(sizeof(DESstate));
- if(w->slen >= 16)
- setupDESstate(w->state, w->secret, w->secret+8);
- else if(w->slen >= 8)
- setupDESstate(w->state, w->secret, 0);
- else
- error("secret too short");
-}
-
-/*
- * 40 bit DES is the same as 56 bit DES. However,
- * 16 bits of the key are masked to zero.
- */
-static void
-initDESkey_40(OneWay *w)
-{
- uchar key[8];
-
- if(w->slen >= 8){
- memmove(key, w->secret, 8);
- key[0] &= 0x0f;
- key[2] &= 0x0f;
- key[4] &= 0x0f;
- key[6] &= 0x0f;
- }
- initDESkey(w);
-}
-
-static void
-initRC4key(OneWay *w)
-{
- secfree(w->state);
- w->state = secalloc(sizeof(RC4state));
- setupRC4state(w->state, w->secret, w->slen);
-}
-
-/*
- * 40 bit RC4 is the same as n-bit RC4. However,
- * we ignore all but the first 40 bits of the key.
- */
-static void
-initRC4key_40(OneWay *w)
-{
- if(w->slen > 5)
- w->slen = 5;
- initRC4key(w);
-}
-
-/*
- * 128 bit RC4 is the same as n-bit RC4. However,
- * we ignore all but the first 128 bits of the key.
- */
-static void
-initRC4key_128(OneWay *w)
-{
- if(w->slen > 16)
- w->slen = 16;
- initRC4key(w);
-}
-
-
-typedef struct Hashalg Hashalg;
-struct Hashalg
-{
- char *name;
- int diglen;
- DigestState *(*hf)(uchar*, ulong, uchar*, DigestState*);
-};
-
-Hashalg hashtab[] =
-{
- { "md4", MD4dlen, md4, },
- { "md5", MD5dlen, md5, },
- { "sha1", SHA1dlen, sha1, },
- { "sha", SHA1dlen, sha1, },
- { 0 }
-};
-
-static int
-parsehashalg(char *p, Dstate *s)
-{
- Hashalg *ha;
-
- for(ha = hashtab; ha->name; ha++){
- if(strcmp(p, ha->name) == 0){
- s->hf = ha->hf;
- s->diglen = ha->diglen;
- s->state &= ~Sclear;
- s->state |= Sdigesting;
- return 0;
- }
- }
- return -1;
-}
-
-typedef struct Encalg Encalg;
-struct Encalg
-{
- char *name;
- int blocklen;
- int alg;
- void (*keyinit)(OneWay*);
-};
-
-#ifdef NOSPOOKS
-static
-Encalg encrypttab[] =
-{
- { "descbc", 8, DESCBC, initDESkey, }, /* DEPRECATED -- use des_56_cbc */
- { "desecb", 8, DESECB, initDESkey, }, /* DEPRECATED -- use des_56_ecb */
- { "des_56_cbc", 8, DESCBC, initDESkey, },
- { "des_56_ecb", 8, DESECB, initDESkey, },
- { "des_40_cbc", 8, DESCBC, initDESkey_40, },
- { "des_40_ecb", 8, DESECB, initDESkey_40, },
- { "rc4", 1, RC4, initRC4key_40, }, /* DEPRECATED -- use rc4_X */
- { "rc4_256", 1, RC4, initRC4key, },
- { "rc4_128", 1, RC4, initRC4key_128, },
- { "rc4_40", 1, RC4, initRC4key_40, },
- { 0 }
-};
-#else
-static
-Encalg encrypttab[] =
-{
- { "des_40_cbc", 8, DESCBC, initDESkey_40, },
- { "des_40_ecb", 8, DESECB, initDESkey_40, },
- { "rc4", 1, RC4, initRC4key_40, }, /* DEPRECATED -- use rc4_X */
- { "rc4_40", 1, RC4, initRC4key_40, },
- { 0 }
-};
-#endif NOSPOOKS
-
-static int
-parseencryptalg(char *p, Dstate *s)
-{
- Encalg *ea;
-
- for(ea = encrypttab; ea->name; ea++){
- if(strcmp(p, ea->name) == 0){
- s->encryptalg = ea->alg;
- s->blocklen = ea->blocklen;
- (*ea->keyinit)(&s->in);
- (*ea->keyinit)(&s->out);
- s->state &= ~Sclear;
- s->state |= Sencrypting;
- return 0;
- }
- }
- return -1;
-}
-
-enum {
- Cfd,
- Calg,
- Csin,
- Csout,
-};
-
-static
-Cmdtab sslcmds[] = {
- {Cfd, "fd", 2 },
- {Calg, "alg", 0 },
- {Csin, "secretin", 2 },
- {Csout, "secretout", 2 },
-};
-
-static long
-sslwrite(Chan *c, void *a, long n, vlong)
-{
- Dstate * volatile s;
- Block * volatile b;
- int m, t, i;
- char *p, *e;
- uchar *x;
- Cmdbuf *cb;
- Cmdtab *ct;
-
- s = dstate[CONV(c->qid)];
- if(s == 0)
- panic("sslwrite");
-
- t = TYPE(c->qid);
- if(t == Qdata){
- if(s->state == Sincomplete)
- error(Ebadusefd);
-
- /* lock should a write gets split over multiple records */
- if(waserror()){
- qunlock(&s->out.q);
- nexterror();
- }
- qlock(&s->out.q);
-
- p = a;
- e = p + n;
- do {
- m = e - p;
- if(m > s->max)
- m = s->max;
-
- b = allocb(m);
- if(waserror()){
- freeb(b);
- nexterror();
- }
- memmove(b->wp, p, m);
- poperror();
- b->wp += m;
-
- sslput(s, b);
-
- p += m;
- } while(p < e);
-
- poperror();
- qunlock(&s->out.q);
- return n;
- }
-
- /* mutex with operations using what we're about to change */
- if(waserror()){
- qunlock(&s->in.ctlq);
- qunlock(&s->out.q);
- nexterror();
- }
- qlock(&s->in.ctlq);
- qlock(&s->out.q);
-
- switch(t){
- default:
- panic("sslwrite");
- case Qsecretin:
- setsecret(&s->in, a, n);
- goto out;
- case Qsecretout:
- setsecret(&s->out, a, n);
- goto out;
- case Qctl:
- break;
- }
-
- cb = parsecmd(a, n);
- if(waserror()){
- free(cb);
- nexterror();
- }
- ct = lookupcmd(cb, sslcmds, nelem(sslcmds));
- switch(ct->index){
- case Cfd:
- s->c = buftochan(cb->f[1]);
-
- /* default is clear (msg delimiters only) */
- s->state = Sclear;
- s->blocklen = 1;
- s->diglen = 0;
- s->maxpad = s->max = (1<<15) - s->diglen - 1;
- s->in.mid = 0;
- s->out.mid = 0;
- break;
- case Calg:
- if(cb->nf < 2)
- cmderror(cb, "no algorithms");
-
- s->blocklen = 1;
- s->diglen = 0;
-
- if(s->c == 0)
- error("must set fd before algorithm");
-
- s->state = Sclear;
- s->maxpad = s->max = (1<<15) - s->diglen - 1;
- if(strcmp(cb->f[1], "clear") == 0)
- break;
-
- if(s->in.secret && s->out.secret == 0)
- setsecret(&s->out, s->in.secret, s->in.slen);
- if(s->out.secret && s->in.secret == 0)
- setsecret(&s->in, s->out.secret, s->out.slen);
- if(s->in.secret == 0 || s->out.secret == 0)
- error("algorithm but no secret");
-
- s->hf = 0;
- s->encryptalg = Noencryption;
- s->blocklen = 1;
-
- for(i=1; i<cb->nf; i++){
- p = cb->f[i];
- if(parsehashalg(p, s) < 0)
- if(parseencryptalg(p, s) < 0)
- error("bad algorithm");
- }
-
- if(s->hf == 0 && s->encryptalg == Noencryption)
- error("bad algorithm");
-
- if(s->blocklen != 1){
- s->max = (1<<15) - s->diglen - 1;
- s->max -= s->max % s->blocklen;
- s->maxpad = (1<<14) - s->diglen - 1;
- s->maxpad -= s->maxpad % s->blocklen;
- } else
- s->maxpad = s->max = (1<<15) - s->diglen - 1;
- break;
- case Csin:
- p = cb->f[1];
- m = (strlen(p)*3)/2 + 1;
- x = secalloc(m);
- t = dec64(x, m, p, strlen(p));
- memset(p, 0, strlen(p));
- if(t <= 0){
- secfree(x);
- error(Ebadarg);
- }
- setsecret(&s->in, x, t);
- secfree(x);
- break;
- case Csout:
- p = cb->f[1];
- m = (strlen(p)*3)/2 + 1;
- x = secalloc(m);
- t = dec64(x, m, p, strlen(p));
- memset(p, 0, strlen(p));
- if(t <= 0){
- secfree(x);
- error(Ebadarg);
- }
- setsecret(&s->out, x, t);
- secfree(x);
- break;
- }
- poperror();
- free(cb);
-
-out:
- qunlock(&s->in.ctlq);
- qunlock(&s->out.q);
- poperror();
- return n;
-}
-
-static void
-sslinit(void)
-{
- struct Encalg *e;
- struct Hashalg *h;
- int n;
- char *cp;
-
- n = 1;
- for(e = encrypttab; e->name != nil; e++)
- n += strlen(e->name) + 1;
- cp = encalgs = smalloc(n);
- for(e = encrypttab;;){
- strcpy(cp, e->name);
- cp += strlen(e->name);
- e++;
- if(e->name == nil)
- break;
- *cp++ = ' ';
- }
- *cp = 0;
-
- n = 1;
- for(h = hashtab; h->name != nil; h++)
- n += strlen(h->name) + 1;
- cp = hashalgs = smalloc(n);
- for(h = hashtab;;){
- strcpy(cp, h->name);
- cp += strlen(h->name);
- h++;
- if(h->name == nil)
- break;
- *cp++ = ' ';
- }
- *cp = 0;
-}
-
-Dev ssldevtab = {
- 'D',
- "ssl",
-
- devreset,
- sslinit,
- devshutdown,
- sslattach,
- sslwalk,
- sslstat,
- sslopen,
- devcreate,
- sslclose,
- sslread,
- sslbread,
- sslwrite,
- sslbwrite,
- devremove,
- sslwstat,
-};
-
-static Block*
-encryptb(Dstate *s, Block *b, int offset)
-{
- uchar *p, *ep, *p2, *ip, *eip;
- DESstate *ds;
-
- switch(s->encryptalg){
- case DESECB:
- ds = s->out.state;
- ep = b->rp + BLEN(b);
- for(p = b->rp + offset; p < ep; p += 8)
- block_cipher(ds->expanded, p, 0);
- break;
- case DESCBC:
- ds = s->out.state;
- ep = b->rp + BLEN(b);
- for(p = b->rp + offset; p < ep; p += 8){
- p2 = p;
- ip = ds->ivec;
- for(eip = ip+8; ip < eip; )
- *p2++ ^= *ip++;
- block_cipher(ds->expanded, p, 0);
- memmove(ds->ivec, p, 8);
- }
- break;
- case RC4:
- rc4(s->out.state, b->rp + offset, BLEN(b) - offset);
- break;
- }
- return b;
-}
-
-static Block*
-decryptb(Dstate *s, Block *bin)
-{
- Block *b, **l;
- uchar *p, *ep, *tp, *ip, *eip;
- DESstate *ds;
- uchar tmp[8];
- int i;
-
- l = &bin;
- for(b = bin; b; b = b->next){
- /* make sure we have a multiple of s->blocklen */
- if(s->blocklen > 1){
- i = BLEN(b);
- if(i % s->blocklen){
- *l = b = pullupblock(b, i + s->blocklen - (i%s->blocklen));
- if(b == 0)
- error("ssl encrypted message too short");
- }
- }
- l = &b->next;
-
- /* decrypt */
- switch(s->encryptalg){
- case DESECB:
- ds = s->in.state;
- ep = b->rp + BLEN(b);
- for(p = b->rp; p < ep; p += 8)
- block_cipher(ds->expanded, p, 1);
- break;
- case DESCBC:
- ds = s->in.state;
- ep = b->rp + BLEN(b);
- for(p = b->rp; p < ep;){
- memmove(tmp, p, 8);
- block_cipher(ds->expanded, p, 1);
- tp = tmp;
- ip = ds->ivec;
- for(eip = ip+8; ip < eip; ){
- *p++ ^= *ip;
- *ip++ = *tp++;
- }
- }
- break;
- case RC4:
- rc4(s->in.state, b->rp, BLEN(b));
- break;
- }
- }
- return bin;
-}
-
-static Block*
-digestb(Dstate *s, Block *b, int offset)
-{
- uchar *p;
- DigestState ss;
- uchar msgid[4];
- ulong n, h;
- OneWay *w;
-
- w = &s->out;
-
- memset(&ss, 0, sizeof(ss));
- h = s->diglen + offset;
- n = BLEN(b) - h;
-
- /* hash secret + message */
- (*s->hf)(w->secret, w->slen, 0, &ss);
- (*s->hf)(b->rp + h, n, 0, &ss);
-
- /* hash message id */
- p = msgid;
- n = w->mid;
- *p++ = n>>24;
- *p++ = n>>16;
- *p++ = n>>8;
- *p = n;
- (*s->hf)(msgid, 4, b->rp + offset, &ss);
-
- return b;
-}
-
-static void
-checkdigestb(Dstate *s, Block *bin)
-{
- uchar *p;
- DigestState ss;
- uchar msgid[4];
- int n, h;
- OneWay *w;
- uchar digest[128];
- Block *b;
-
- w = &s->in;
-
- memset(&ss, 0, sizeof(ss));
-
- /* hash secret */
- (*s->hf)(w->secret, w->slen, 0, &ss);
-
- /* hash message */
- h = s->diglen;
- for(b = bin; b; b = b->next){
- n = BLEN(b) - h;
- if(n < 0)
- panic("checkdigestb");
- (*s->hf)(b->rp + h, n, 0, &ss);
- h = 0;
- }
-
- /* hash message id */
- p = msgid;
- n = w->mid;
- *p++ = n>>24;
- *p++ = n>>16;
- *p++ = n>>8;
- *p = n;
- (*s->hf)(msgid, 4, digest, &ss);
-
- if(tsmemcmp(digest, bin->rp, s->diglen) != 0)
- error("bad digest");
-}
-
-/* get channel associated with an fd */
-static Chan*
-buftochan(char *p)
-{
- Chan *c;
- int fd;
-
- if(p == 0)
- error(Ebadarg);
- fd = strtoul(p, 0, 0);
- if(fd < 0)
- error(Ebadarg);
- c = fdtochan(fd, ORDWR, 1, 1); /* error check and inc ref */
- if(devtab[c->type] == &ssldevtab){
- cclose(c);
- error("cannot ssl encrypt devssl files");
- }
- return c;
-}
-
-/* hand up a digest connection */
-static void
-sslhangup(Dstate *s)
-{
- Block *b;
-
- qlock(&s->in.q);
- for(b = s->processed; b; b = s->processed){
- s->processed = b->next;
- freeb(b);
- }
- if(s->unprocessed){
- freeb(s->unprocessed);
- s->unprocessed = 0;
- }
- s->state = Sincomplete;
- qunlock(&s->in.q);
-}
-
-static Dstate*
-dsclone(Chan *ch)
-{
- int i;
- Dstate *ret;
-
- if(waserror()) {
- unlock(&dslock);
- nexterror();
- }
- lock(&dslock);
- ret = nil;
- for(i=0; i<Maxdstate; i++){
- if(dstate[i] == nil){
- dsnew(ch, &dstate[i]);
- ret = dstate[i];
- break;
- }
- }
- unlock(&dslock);
- poperror();
- return ret;
-}
-
-static void
-dsnew(Chan *ch, Dstate **pp)
-{
- Dstate *s;
- int t;
-
- *pp = s = malloc(sizeof(*s));
- if(!s)
- error(Enomem);
- if(pp - dstate >= dshiwat)
- dshiwat++;
- memset(s, 0, sizeof(*s));
- s->state = Sincomplete;
- s->ref = 1;
- kstrdup(&s->user, up->user);
- s->perm = 0660;
- t = TYPE(ch->qid);
- if(t == Qclonus)
- t = Qctl;
- ch->qid.path = QID(pp - dstate, t);
- ch->qid.vers = 0;
-}
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-07 06:03:11 +0000