diff options
| author | Ori Bernstein <ori@eigenstate.org> | 2021-12-13 02:17:02 +0000 |
|---|---|---|
| committer | Ori Bernstein <ori@eigenstate.org> | 2021-12-13 02:17:02 +0000 |
| commit | 7efbea82c63846a281db36d3854e13d3ab5498d2 (patch) | |
| tree | 62d22c284ed5a788b91e4db43315ddc5913bd518 /sys/src/9 | |
| parent | b4d4cf69be84b92796b5e5bd81f16999a54bff39 (diff) | |
devssl, cpu, import, oexportfs: delete
SSL is implemented by devssl. It's extremely
obsolete by now, and is not used anywhere but
cpu, import, and oexportfs.
This change strips out the devssl bits, but
does not (yet) remove the code from libsec.
Diffstat (limited to 'sys/src/9')
| -rw-r--r-- | sys/src/9/bcm/pi | 1 | ||||
| -rw-r--r-- | sys/src/9/bcm/pi2 | 1 | ||||
| -rw-r--r-- | sys/src/9/bcm/picpuf | 1 | ||||
| -rw-r--r-- | sys/src/9/bcm64/pi3 | 1 | ||||
| -rw-r--r-- | sys/src/9/bcm64/pi4 | 1 | ||||
| -rw-r--r-- | sys/src/9/cycv/cycv | 1 | ||||
| -rw-r--r-- | sys/src/9/kw/plug | 1 | ||||
| -rw-r--r-- | sys/src/9/mtx/mtx | 1 | ||||
| -rw-r--r-- | sys/src/9/omap/beagle | 1 | ||||
| -rw-r--r-- | sys/src/9/pc/pc | 1 | ||||
| -rw-r--r-- | sys/src/9/pc64/pc64 | 1 | ||||
| -rw-r--r-- | sys/src/9/port/devssl.c | 1462 | ||||
| -rw-r--r-- | sys/src/9/port/portmkfile | 1 |
13 files changed, 0 insertions, 1474 deletions
diff --git a/sys/src/9/bcm/pi b/sys/src/9/bcm/pi index 0ac4fdcea..600d92775 100644 --- a/sys/src/9/bcm/pi +++ b/sys/src/9/bcm/pi @@ -10,7 +10,6 @@ dev shr dup arch - ssl tls cap fs diff --git a/sys/src/9/bcm/pi2 b/sys/src/9/bcm/pi2 index ffa63f665..be1b01255 100644 --- a/sys/src/9/bcm/pi2 +++ b/sys/src/9/bcm/pi2 @@ -10,7 +10,6 @@ dev shr dup arch - ssl tls cap fs diff --git a/sys/src/9/bcm/picpuf b/sys/src/9/bcm/picpuf index 19620758c..a2966eff8 100644 --- a/sys/src/9/bcm/picpuf +++ b/sys/src/9/bcm/picpuf @@ -10,7 +10,6 @@ dev shr dup arch - ssl tls cap fs diff --git a/sys/src/9/bcm64/pi3 b/sys/src/9/bcm64/pi3 index e81794b69..8cc817106 100644 --- a/sys/src/9/bcm64/pi3 +++ b/sys/src/9/bcm64/pi3 @@ -10,7 +10,6 @@ dev shr dup arch - ssl tls cap fs diff --git a/sys/src/9/bcm64/pi4 b/sys/src/9/bcm64/pi4 index 2bd10a1ea..61c7602b8 100644 --- a/sys/src/9/bcm64/pi4 +++ b/sys/src/9/bcm64/pi4 @@ -10,7 +10,6 @@ dev shr dup arch - ssl tls cap fs diff --git a/sys/src/9/cycv/cycv b/sys/src/9/cycv/cycv index 7883a6575..d2fd41246 100644 --- a/sys/src/9/cycv/cycv +++ b/sys/src/9/cycv/cycv @@ -13,7 +13,6 @@ dev dup ether netif ip arp chandial ip ipv6 ipaux iproute netlog nullmedium pktmedium inferno - ssl tls # cap # kprof diff --git a/sys/src/9/kw/plug b/sys/src/9/kw/plug index 320941ae7..9ce9bc9bf 100644 --- a/sys/src/9/kw/plug +++ b/sys/src/9/kw/plug @@ -13,7 +13,6 @@ dev dup rtc arch - ssl tls cap kprof diff --git a/sys/src/9/mtx/mtx b/sys/src/9/mtx/mtx index ed1156209..30faf21b9 100644 --- a/sys/src/9/mtx/mtx +++ b/sys/src/9/mtx/mtx @@ -10,7 +10,6 @@ dev mnt srv dup - ssl cap kprof uart diff --git a/sys/src/9/omap/beagle b/sys/src/9/omap/beagle index 99b69005f..e52680186 100644 --- a/sys/src/9/omap/beagle +++ b/sys/src/9/omap/beagle @@ -11,7 +11,6 @@ dev shr dup arch - ssl tls bridge log sdp thwack unthwack diff --git a/sys/src/9/pc/pc b/sys/src/9/pc/pc index 9d980f903..2cacee652 100644 --- a/sys/src/9/pc/pc +++ b/sys/src/9/pc/pc @@ -13,7 +13,6 @@ dev shr dup rtc - ssl tls cap kprof diff --git a/sys/src/9/pc64/pc64 b/sys/src/9/pc64/pc64 index 1c9fbd172..bafda3d72 100644 --- a/sys/src/9/pc64/pc64 +++ b/sys/src/9/pc64/pc64 @@ -13,7 +13,6 @@ dev shr dup rtc - ssl tls cap kprof diff --git a/sys/src/9/port/devssl.c b/sys/src/9/port/devssl.c index d48ba5d1e..e69de29bb 100644 --- a/sys/src/9/port/devssl.c +++ b/sys/src/9/port/devssl.c @@ -1,1462 +0,0 @@ -/* - * devssl - secure sockets layer - */ -#include "u.h" -#include "../port/lib.h" -#include "mem.h" -#include "dat.h" -#include "fns.h" -#include "../port/error.h" - -#include <libsec.h> - -#define NOSPOOKS 1 - -typedef struct OneWay OneWay; -struct OneWay -{ - QLock q; - QLock ctlq; - - void *state; /* encryption state */ - int slen; /* hash data length */ - uchar *secret; /* secret */ - ulong mid; /* message id */ -}; - -enum -{ - /* connection states */ - Sincomplete= 0, - Sclear= 1, - Sencrypting= 2, - Sdigesting= 4, - Sdigenc= Sencrypting|Sdigesting, - - /* encryption algorithms */ - Noencryption= 0, - DESCBC= 1, - DESECB= 2, - RC4= 3 -}; - -typedef struct Dstate Dstate; -struct Dstate -{ - Chan *c; /* io channel */ - uchar state; /* state of connection */ - int ref; /* serialized by dslock for atomic destroy */ - - uchar encryptalg; /* encryption algorithm */ - ushort blocklen; /* blocking length */ - - ushort diglen; /* length of digest */ - DigestState *(*hf)(uchar*, ulong, uchar*, DigestState*); /* hash func */ - - /* for SSL format */ - int max; /* maximum unpadded data per msg */ - int maxpad; /* maximum padded data per msg */ - - /* input side */ - OneWay in; - Block *processed; - Block *unprocessed; - - /* output side */ - OneWay out; - - /* protections */ - char *user; - int perm; -}; - -enum -{ - Maxdmsg= 1<<16, - Maxdstate= 512, /* max. open ssl conn's; must be a power of 2 */ -}; - -static Lock dslock; -static int dshiwat; -static char *dsname[Maxdstate]; -static Dstate *dstate[Maxdstate]; -static char *encalgs; -static char *hashalgs; - -enum{ - Qtopdir = 1, /* top level directory */ - Qprotodir, - Qclonus, - Qconvdir, /* directory for a conversation */ - Qdata, - Qctl, - Qsecretin, - Qsecretout, - Qencalgs, - Qhashalgs, -}; - -#define TYPE(x) ((x).path & 0xf) -#define CONV(x) (((x).path >> 5)&(Maxdstate-1)) -#define QID(c, y) (((c)<<5) | (y)) - -static void ensure(Dstate*, Block**, int); -static void consume(Block**, uchar*, int); -static void setsecret(OneWay*, uchar*, int); -static Block* encryptb(Dstate*, Block*, int); -static Block* decryptb(Dstate*, Block*); -static Block* digestb(Dstate*, Block*, int); -static void checkdigestb(Dstate*, Block*); -static Chan* buftochan(char*); -static void sslhangup(Dstate*); -static Dstate* dsclone(Chan *c); -static void dsnew(Chan *c, Dstate **); -static long sslput(Dstate *s, Block * volatile b); - -char *sslnames[] = { -[Qclonus] "clone", -[Qdata] "data", -[Qctl] "ctl", -[Qsecretin] "secretin", -[Qsecretout] "secretout", -[Qencalgs] "encalgs", -[Qhashalgs] "hashalgs", -}; - -static int -sslgen(Chan *c, char*, Dirtab *d, int nd, int s, Dir *dp) -{ - Qid q; - Dstate *ds; - char name[16], *p, *nm; - int ft; - - USED(nd); - USED(d); - - q.type = QTFILE; - q.vers = 0; - - ft = TYPE(c->qid); - switch(ft) { - case Qtopdir: - if(s == DEVDOTDOT){ - q.path = QID(0, Qtopdir); - q.type = QTDIR; - devdir(c, q, "#D", 0, eve, 0555, dp); - return 1; - } - if(s > 0) - return -1; - q.path = QID(0, Qprotodir); - q.type = QTDIR; - devdir(c, q, "ssl", 0, eve, 0555, dp); - return 1; - case Qprotodir: - if(s == DEVDOTDOT){ - q.path = QID(0, Qtopdir); - q.type = QTDIR; - devdir(c, q, ".", 0, eve, 0555, dp); - return 1; - } - if(s < dshiwat) { - q.path = QID(s, Qconvdir); - q.type = QTDIR; - ds = dstate[s]; - if(ds != 0) - nm = ds->user; - else - nm = eve; - if(dsname[s] == nil){ - sprint(name, "%d", s); - kstrdup(&dsname[s], name); - } - devdir(c, q, dsname[s], 0, nm, 0555, dp); - return 1; - } - if(s > dshiwat) - return -1; - q.path = QID(0, Qclonus); - devdir(c, q, "clone", 0, eve, 0555, dp); - return 1; - case Qconvdir: - if(s == DEVDOTDOT){ - q.path = QID(0, Qprotodir); - q.type = QTDIR; - devdir(c, q, "ssl", 0, eve, 0555, dp); - return 1; - } - ds = dstate[CONV(c->qid)]; - if(ds != 0) - nm = ds->user; - else - nm = eve; - switch(s) { - default: - return -1; - case 0: - q.path = QID(CONV(c->qid), Qctl); - p = "ctl"; - break; - case 1: - q.path = QID(CONV(c->qid), Qdata); - p = "data"; - break; - case 2: - q.path = QID(CONV(c->qid), Qsecretin); - p = "secretin"; - break; - case 3: - q.path = QID(CONV(c->qid), Qsecretout); - p = "secretout"; - break; - case 4: - q.path = QID(CONV(c->qid), Qencalgs); - p = "encalgs"; - break; - case 5: - q.path = QID(CONV(c->qid), Qhashalgs); - p = "hashalgs"; - break; - } - devdir(c, q, p, 0, nm, 0660, dp); - return 1; - case Qclonus: - devdir(c, c->qid, sslnames[TYPE(c->qid)], 0, eve, 0555, dp); - return 1; - default: - ds = dstate[CONV(c->qid)]; - if(ds != 0) - nm = ds->user; - else - nm = eve; - devdir(c, c->qid, sslnames[TYPE(c->qid)], 0, nm, 0660, dp); - return 1; - } -} - -static Chan* -sslattach(char *spec) -{ - Chan *c; - - c = devattach('D', spec); - c->qid.path = QID(0, Qtopdir); - c->qid.vers = 0; - c->qid.type = QTDIR; - return c; -} - -static Walkqid* -sslwalk(Chan *c, Chan *nc, char **name, int nname) -{ - return devwalk(c, nc, name, nname, nil, 0, sslgen); -} - -static int -sslstat(Chan *c, uchar *db, int n) -{ - return devstat(c, db, n, nil, 0, sslgen); -} - -static Chan* -sslopen(Chan *c, int omode) -{ - Dstate *s, **pp; - int ft; - - ft = TYPE(c->qid); - switch(ft) { - default: - panic("sslopen"); - case Qtopdir: - case Qprotodir: - case Qconvdir: - if(omode != OREAD) - error(Eperm); - break; - case Qclonus: - s = dsclone(c); - if(s == 0) - error(Enodev); - break; - case Qctl: - case Qdata: - case Qsecretin: - case Qsecretout: - if(waserror()) { - unlock(&dslock); - nexterror(); - } - lock(&dslock); - pp = &dstate[CONV(c->qid)]; - s = *pp; - if(s == 0) - dsnew(c, pp); - else { - devpermcheck(s->user, s->perm, omode); - s->ref++; - } - unlock(&dslock); - poperror(); - break; - case Qencalgs: - case Qhashalgs: - if(omode != OREAD) - error(Eperm); - break; - } - c->mode = openmode(omode); - c->flag |= COPEN; - c->offset = 0; - return c; -} - -static int -sslwstat(Chan *c, uchar *db, int n) -{ - Dir *dir; - Dstate *s; - int m; - - s = dstate[CONV(c->qid)]; - if(s == 0) - error(Ebadusefd); - if(strcmp(s->user, up->user) != 0) - error(Eperm); - - dir = smalloc(sizeof(Dir)+n); - m = convM2D(db, n, &dir[0], (char*)&dir[1]); - if(m == 0){ - free(dir); - error(Eshortstat); - } - - if(!emptystr(dir->uid)) - kstrdup(&s->user, dir->uid); - if(dir->mode != -1) - s->perm = dir->mode; - - free(dir); - return m; -} - -static void -sslclose(Chan *c) -{ - Dstate *s; - int ft; - - ft = TYPE(c->qid); - switch(ft) { - case Qctl: - case Qdata: - case Qsecretin: - case Qsecretout: - if((c->flag & COPEN) == 0) - break; - - s = dstate[CONV(c->qid)]; - if(s == 0) - break; - - lock(&dslock); - if(--s->ref > 0) { - unlock(&dslock); - break; - } - dstate[CONV(c->qid)] = 0; - unlock(&dslock); - - if(s->user != nil) - free(s->user); - sslhangup(s); - if(s->c) - cclose(s->c); - secfree(s->in.secret); - secfree(s->out.secret); - secfree(s->in.state); - secfree(s->out.state); - free(s); - - } -} - -/* - * make sure we have at least 'n' bytes in list 'l' - */ -static void -ensure(Dstate *s, Block **l, int n) -{ - int sofar, i; - Block *b, *bl; - - sofar = 0; - for(b = *l; b; b = b->next){ - sofar += BLEN(b); - if(sofar >= n) - return; - l = &b->next; - } - - while(sofar < n){ - bl = devtab[s->c->type]->bread(s->c, Maxdmsg, 0); - if(bl == 0) - nexterror(); - *l = bl; - i = 0; - for(b = bl; b; b = b->next){ - i += BLEN(b); - l = &b->next; - } - if(i == 0) - error(Ehungup); - sofar += i; - } -} - -/* - * copy 'n' bytes from 'l' into 'p' and free - * the bytes in 'l' - */ -static void -consume(Block **l, uchar *p, int n) -{ - Block *b; - int i; - - for(; *l && n > 0; n -= i){ - b = *l; - i = BLEN(b); - if(i > n) - i = n; - memmove(p, b->rp, i); - b->rp += i; - p += i; - if(BLEN(b) < 0) - panic("consume"); - if(BLEN(b)) - break; - *l = b->next; - freeb(b); - } -} - -/* - * give back n bytes -static void -regurgitate(Dstate *s, uchar *p, int n) -{ - Block *b; - - if(n <= 0) - return; - b = s->unprocessed; - if(s->unprocessed == nil || b->rp - b->base < n) { - b = allocb(n); - memmove(b->wp, p, n); - b->wp += n; - b->next = s->unprocessed; - s->unprocessed = b; - } else { - b->rp -= n; - memmove(b->rp, p, n); - } -} - */ - -/* - * remove at most n bytes from the queue, if discard is set - * dump the remainder - */ -static Block* -qtake(Block **l, int n, int discard) -{ - Block *nb, *b, *first; - int i; - - first = *l; - for(b = first; b; b = b->next){ - i = BLEN(b); - if(i == n){ - if(discard){ - freeblist(b->next); - *l = 0; - } else - *l = b->next; - b->next = 0; - return first; - } else if(i > n){ - i -= n; - if(discard){ - freeblist(b->next); - b->wp -= i; - *l = 0; - } else { - nb = allocb(i); - memmove(nb->wp, b->rp+n, i); - nb->wp += i; - b->wp -= i; - nb->next = b->next; - *l = nb; - } - b->next = 0; - if(BLEN(b) < 0) - panic("qtake"); - return first; - } else - n -= i; - if(BLEN(b) < 0) - panic("qtake"); - } - *l = 0; - return first; -} - -/* - * We can't let Eintr's lose data since the program - * doing the read may be able to handle it. The only - * places Eintr is possible is during the read's in consume. - * Therefore, we make sure we can always put back the bytes - * consumed before the last ensure. - */ -static Block* -sslbread(Chan *c, long n, ulong) -{ - Dstate * volatile s; - Block *b; - uchar consumed[3], *p; - int toconsume; - int len, pad; - - s = dstate[CONV(c->qid)]; - if(s == 0) - panic("sslbread"); - if(s->state == Sincomplete) - error(Ebadusefd); - - qlock(&s->in.q); - if(waserror()){ - qunlock(&s->in.q); - nexterror(); - } - - if(s->processed == 0){ - /* - * Read in the whole message. Until we've got it all, - * it stays on s->unprocessed, so that if we get Eintr, - * we'll pick up where we left off. - */ - ensure(s, &s->unprocessed, 3); - s->unprocessed = pullupblock(s->unprocessed, 2); - p = s->unprocessed->rp; - if(p[0] & 0x80){ - len = ((p[0] & 0x7f)<<8) | p[1]; - ensure(s, &s->unprocessed, len); - pad = 0; - toconsume = 2; - } else { - s->unprocessed = pullupblock(s->unprocessed, 3); - len = ((p[0] & 0x3f)<<8) | p[1]; - pad = p[2]; - if(pad > len){ - print("pad %d buf len %d\n", pad, len); - error("bad pad in ssl message"); - } - toconsume = 3; - } - ensure(s, &s->unprocessed, toconsume+len); - - /* skip header */ - consume(&s->unprocessed, consumed, toconsume); - - /* grab the next message and decode/decrypt it */ - b = qtake(&s->unprocessed, len, 0); - - if(blocklen(b) != len) - print("devssl: sslbread got wrong count %d != %d", blocklen(b), len); - - if(waserror()){ - qunlock(&s->in.ctlq); - if(b != nil) - freeb(b); - nexterror(); - } - qlock(&s->in.ctlq); - switch(s->state){ - case Sencrypting: - if(b == nil) - error("ssl message too short (encrypting)"); - b = decryptb(s, b); - break; - case Sdigesting: - b = pullupblock(b, s->diglen); - if(b == nil) - error("ssl message too short (digesting)"); - checkdigestb(s, b); - pullblock(&b, s->diglen); - len -= s->diglen; - break; - case Sdigenc: - b = decryptb(s, b); - b = pullupblock(b, s->diglen); - if(b == nil) - error("ssl message too short (dig+enc)"); - checkdigestb(s, b); - pullblock(&b, s->diglen); - len -= s->diglen; - break; - } - - /* remove pad */ - if(pad) - s->processed = qtake(&b, len - pad, 1); - else - s->processed = b; - b = nil; - s->in.mid++; - qunlock(&s->in.ctlq); - poperror(); - } - - /* return at most what was asked for */ - b = qtake(&s->processed, n, 0); - - qunlock(&s->in.q); - poperror(); - - return b; -} - -static long -sslread(Chan *c, void *a, long n, vlong off) -{ - Block * volatile b; - Block *nb; - uchar *va; - int i; - char buf[128]; - ulong offset = off; - int ft; - - if(c->qid.type & QTDIR) - return devdirread(c, a, n, 0, 0, sslgen); - - ft = TYPE(c->qid); - switch(ft) { - default: - error(Ebadusefd); - case Qctl: - ft = CONV(c->qid); - sprint(buf, "%d", ft); - return readstr(offset, a, n, buf); - case Qdata: - b = sslbread(c, n, offset); - break; - case Qencalgs: - return readstr(offset, a, n, encalgs); - break; - case Qhashalgs: - return readstr(offset, a, n, hashalgs); - break; - } - - if(waserror()){ - freeblist(b); - nexterror(); - } - - n = 0; - va = a; - for(nb = b; nb; nb = nb->next){ - i = BLEN(nb); - memmove(va+n, nb->rp, i); - n += i; - } - - freeblist(b); - poperror(); - - return n; -} - -static long -sslbwrite(Chan *c, Block *b, ulong) -{ - Dstate * volatile s; - long rv; - - s = dstate[CONV(c->qid)]; - if(s == nil) - panic("sslbwrite"); - - if(s->state == Sincomplete){ - freeb(b); - error(Ebadusefd); - } - - /* lock so split writes won't interleave */ - if(waserror()){ - qunlock(&s->out.q); - nexterror(); - } - qlock(&s->out.q); - - rv = sslput(s, b); - - poperror(); - qunlock(&s->out.q); - - return rv; -} - -/* - * use SSL record format, add in count, digest and/or encrypt. - * the write is interruptable. if it is interrupted, we'll - * get out of sync with the far side. not much we can do about - * it since we don't know if any bytes have been written. - */ -static long -sslput(Dstate *s, Block * volatile b) -{ - Block *nb; - int h, n, m, pad, rv; - uchar *p; - int offset; - - if(waserror()){ - if(b != nil) - freeb(b); - nexterror(); - } - - rv = 0; - while(b != nil){ - m = n = BLEN(b); - h = s->diglen + 2; - - /* trim to maximum block size */ - pad = 0; - if(m > s->max){ - m = s->max; - } else if(s->blocklen != 1){ - pad = (m + s->diglen)%s->blocklen; - if(pad){ - if(m > s->maxpad){ - pad = 0; - m = s->maxpad; - } else { - pad = s->blocklen - pad; - h++; - } - } - } - - rv += m; - if(m != n){ - nb = allocb(m + h + pad); - memmove(nb->wp + h, b->rp, m); - nb->wp += m + h; - b->rp += m; - } else { - /* add header space */ - nb = padblock(b, h); - b = 0; - } - m += s->diglen; - - /* SSL style count */ - if(pad){ - nb = padblock(nb, -pad); - prng(nb->wp, pad); - nb->wp += pad; - m += pad; - - p = nb->rp; - p[0] = (m>>8); - p[1] = m; - p[2] = pad; - offset = 3; - } else { - p = nb->rp; - p[0] = (m>>8) | 0x80; - p[1] = m; - offset = 2; - } - - switch(s->state){ - case Sencrypting: - nb = encryptb(s, nb, offset); - break; - case Sdigesting: - nb = digestb(s, nb, offset); - break; - case Sdigenc: - nb = digestb(s, nb, offset); - nb = encryptb(s, nb, offset); - break; - } - - s->out.mid++; - - m = BLEN(nb); - devtab[s->c->type]->bwrite(s->c, nb, s->c->offset); - s->c->offset += m; - } - - poperror(); - return rv; -} - -static void -setsecret(OneWay *w, uchar *secret, int n) -{ - secfree(w->secret); - w->secret = secalloc(n); - memmove(w->secret, secret, n); - w->slen = n; -} - -static void -initDESkey(OneWay *w) -{ - secfree(w->state); - w->state = secalloc(sizeof(DESstate)); - if(w->slen >= 16) - setupDESstate(w->state, w->secret, w->secret+8); - else if(w->slen >= 8) - setupDESstate(w->state, w->secret, 0); - else - error("secret too short"); -} - -/* - * 40 bit DES is the same as 56 bit DES. However, - * 16 bits of the key are masked to zero. - */ -static void -initDESkey_40(OneWay *w) -{ - uchar key[8]; - - if(w->slen >= 8){ - memmove(key, w->secret, 8); - key[0] &= 0x0f; - key[2] &= 0x0f; - key[4] &= 0x0f; - key[6] &= 0x0f; - } - initDESkey(w); -} - -static void -initRC4key(OneWay *w) -{ - secfree(w->state); - w->state = secalloc(sizeof(RC4state)); - setupRC4state(w->state, w->secret, w->slen); -} - -/* - * 40 bit RC4 is the same as n-bit RC4. However, - * we ignore all but the first 40 bits of the key. - */ -static void -initRC4key_40(OneWay *w) -{ - if(w->slen > 5) - w->slen = 5; - initRC4key(w); -} - -/* - * 128 bit RC4 is the same as n-bit RC4. However, - * we ignore all but the first 128 bits of the key. - */ -static void -initRC4key_128(OneWay *w) -{ - if(w->slen > 16) - w->slen = 16; - initRC4key(w); -} - - -typedef struct Hashalg Hashalg; -struct Hashalg -{ - char *name; - int diglen; - DigestState *(*hf)(uchar*, ulong, uchar*, DigestState*); -}; - -Hashalg hashtab[] = -{ - { "md4", MD4dlen, md4, }, - { "md5", MD5dlen, md5, }, - { "sha1", SHA1dlen, sha1, }, - { "sha", SHA1dlen, sha1, }, - { 0 } -}; - -static int -parsehashalg(char *p, Dstate *s) -{ - Hashalg *ha; - - for(ha = hashtab; ha->name; ha++){ - if(strcmp(p, ha->name) == 0){ - s->hf = ha->hf; - s->diglen = ha->diglen; - s->state &= ~Sclear; - s->state |= Sdigesting; - return 0; - } - } - return -1; -} - -typedef struct Encalg Encalg; -struct Encalg -{ - char *name; - int blocklen; - int alg; - void (*keyinit)(OneWay*); -}; - -#ifdef NOSPOOKS -static -Encalg encrypttab[] = -{ - { "descbc", 8, DESCBC, initDESkey, }, /* DEPRECATED -- use des_56_cbc */ - { "desecb", 8, DESECB, initDESkey, }, /* DEPRECATED -- use des_56_ecb */ - { "des_56_cbc", 8, DESCBC, initDESkey, }, - { "des_56_ecb", 8, DESECB, initDESkey, }, - { "des_40_cbc", 8, DESCBC, initDESkey_40, }, - { "des_40_ecb", 8, DESECB, initDESkey_40, }, - { "rc4", 1, RC4, initRC4key_40, }, /* DEPRECATED -- use rc4_X */ - { "rc4_256", 1, RC4, initRC4key, }, - { "rc4_128", 1, RC4, initRC4key_128, }, - { "rc4_40", 1, RC4, initRC4key_40, }, - { 0 } -}; -#else -static -Encalg encrypttab[] = -{ - { "des_40_cbc", 8, DESCBC, initDESkey_40, }, - { "des_40_ecb", 8, DESECB, initDESkey_40, }, - { "rc4", 1, RC4, initRC4key_40, }, /* DEPRECATED -- use rc4_X */ - { "rc4_40", 1, RC4, initRC4key_40, }, - { 0 } -}; -#endif NOSPOOKS - -static int -parseencryptalg(char *p, Dstate *s) -{ - Encalg *ea; - - for(ea = encrypttab; ea->name; ea++){ - if(strcmp(p, ea->name) == 0){ - s->encryptalg = ea->alg; - s->blocklen = ea->blocklen; - (*ea->keyinit)(&s->in); - (*ea->keyinit)(&s->out); - s->state &= ~Sclear; - s->state |= Sencrypting; - return 0; - } - } - return -1; -} - -enum { - Cfd, - Calg, - Csin, - Csout, -}; - -static -Cmdtab sslcmds[] = { - {Cfd, "fd", 2 }, - {Calg, "alg", 0 }, - {Csin, "secretin", 2 }, - {Csout, "secretout", 2 }, -}; - -static long -sslwrite(Chan *c, void *a, long n, vlong) -{ - Dstate * volatile s; - Block * volatile b; - int m, t, i; - char *p, *e; - uchar *x; - Cmdbuf *cb; - Cmdtab *ct; - - s = dstate[CONV(c->qid)]; - if(s == 0) - panic("sslwrite"); - - t = TYPE(c->qid); - if(t == Qdata){ - if(s->state == Sincomplete) - error(Ebadusefd); - - /* lock should a write gets split over multiple records */ - if(waserror()){ - qunlock(&s->out.q); - nexterror(); - } - qlock(&s->out.q); - - p = a; - e = p + n; - do { - m = e - p; - if(m > s->max) - m = s->max; - - b = allocb(m); - if(waserror()){ - freeb(b); - nexterror(); - } - memmove(b->wp, p, m); - poperror(); - b->wp += m; - - sslput(s, b); - - p += m; - } while(p < e); - - poperror(); - qunlock(&s->out.q); - return n; - } - - /* mutex with operations using what we're about to change */ - if(waserror()){ - qunlock(&s->in.ctlq); - qunlock(&s->out.q); - nexterror(); - } - qlock(&s->in.ctlq); - qlock(&s->out.q); - - switch(t){ - default: - panic("sslwrite"); - case Qsecretin: - setsecret(&s->in, a, n); - goto out; - case Qsecretout: - setsecret(&s->out, a, n); - goto out; - case Qctl: - break; - } - - cb = parsecmd(a, n); - if(waserror()){ - free(cb); - nexterror(); - } - ct = lookupcmd(cb, sslcmds, nelem(sslcmds)); - switch(ct->index){ - case Cfd: - s->c = buftochan(cb->f[1]); - - /* default is clear (msg delimiters only) */ - s->state = Sclear; - s->blocklen = 1; - s->diglen = 0; - s->maxpad = s->max = (1<<15) - s->diglen - 1; - s->in.mid = 0; - s->out.mid = 0; - break; - case Calg: - if(cb->nf < 2) - cmderror(cb, "no algorithms"); - - s->blocklen = 1; - s->diglen = 0; - - if(s->c == 0) - error("must set fd before algorithm"); - - s->state = Sclear; - s->maxpad = s->max = (1<<15) - s->diglen - 1; - if(strcmp(cb->f[1], "clear") == 0) - break; - - if(s->in.secret && s->out.secret == 0) - setsecret(&s->out, s->in.secret, s->in.slen); - if(s->out.secret && s->in.secret == 0) - setsecret(&s->in, s->out.secret, s->out.slen); - if(s->in.secret == 0 || s->out.secret == 0) - error("algorithm but no secret"); - - s->hf = 0; - s->encryptalg = Noencryption; - s->blocklen = 1; - - for(i=1; i<cb->nf; i++){ - p = cb->f[i]; - if(parsehashalg(p, s) < 0) - if(parseencryptalg(p, s) < 0) - error("bad algorithm"); - } - - if(s->hf == 0 && s->encryptalg == Noencryption) - error("bad algorithm"); - - if(s->blocklen != 1){ - s->max = (1<<15) - s->diglen - 1; - s->max -= s->max % s->blocklen; - s->maxpad = (1<<14) - s->diglen - 1; - s->maxpad -= s->maxpad % s->blocklen; - } else - s->maxpad = s->max = (1<<15) - s->diglen - 1; - break; - case Csin: - p = cb->f[1]; - m = (strlen(p)*3)/2 + 1; - x = secalloc(m); - t = dec64(x, m, p, strlen(p)); - memset(p, 0, strlen(p)); - if(t <= 0){ - secfree(x); - error(Ebadarg); - } - setsecret(&s->in, x, t); - secfree(x); - break; - case Csout: - p = cb->f[1]; - m = (strlen(p)*3)/2 + 1; - x = secalloc(m); - t = dec64(x, m, p, strlen(p)); - memset(p, 0, strlen(p)); - if(t <= 0){ - secfree(x); - error(Ebadarg); - } - setsecret(&s->out, x, t); - secfree(x); - break; - } - poperror(); - free(cb); - -out: - qunlock(&s->in.ctlq); - qunlock(&s->out.q); - poperror(); - return n; -} - -static void -sslinit(void) -{ - struct Encalg *e; - struct Hashalg *h; - int n; - char *cp; - - n = 1; - for(e = encrypttab; e->name != nil; e++) - n += strlen(e->name) + 1; - cp = encalgs = smalloc(n); - for(e = encrypttab;;){ - strcpy(cp, e->name); - cp += strlen(e->name); - e++; - if(e->name == nil) - break; - *cp++ = ' '; - } - *cp = 0; - - n = 1; - for(h = hashtab; h->name != nil; h++) - n += strlen(h->name) + 1; - cp = hashalgs = smalloc(n); - for(h = hashtab;;){ - strcpy(cp, h->name); - cp += strlen(h->name); - h++; - if(h->name == nil) - break; - *cp++ = ' '; - } - *cp = 0; -} - -Dev ssldevtab = { - 'D', - "ssl", - - devreset, - sslinit, - devshutdown, - sslattach, - sslwalk, - sslstat, - sslopen, - devcreate, - sslclose, - sslread, - sslbread, - sslwrite, - sslbwrite, - devremove, - sslwstat, -}; - -static Block* -encryptb(Dstate *s, Block *b, int offset) -{ - uchar *p, *ep, *p2, *ip, *eip; - DESstate *ds; - - switch(s->encryptalg){ - case DESECB: - ds = s->out.state; - ep = b->rp + BLEN(b); - for(p = b->rp + offset; p < ep; p += 8) - block_cipher(ds->expanded, p, 0); - break; - case DESCBC: - ds = s->out.state; - ep = b->rp + BLEN(b); - for(p = b->rp + offset; p < ep; p += 8){ - p2 = p; - ip = ds->ivec; - for(eip = ip+8; ip < eip; ) - *p2++ ^= *ip++; - block_cipher(ds->expanded, p, 0); - memmove(ds->ivec, p, 8); - } - break; - case RC4: - rc4(s->out.state, b->rp + offset, BLEN(b) - offset); - break; - } - return b; -} - -static Block* -decryptb(Dstate *s, Block *bin) -{ - Block *b, **l; - uchar *p, *ep, *tp, *ip, *eip; - DESstate *ds; - uchar tmp[8]; - int i; - - l = &bin; - for(b = bin; b; b = b->next){ - /* make sure we have a multiple of s->blocklen */ - if(s->blocklen > 1){ - i = BLEN(b); - if(i % s->blocklen){ - *l = b = pullupblock(b, i + s->blocklen - (i%s->blocklen)); - if(b == 0) - error("ssl encrypted message too short"); - } - } - l = &b->next; - - /* decrypt */ - switch(s->encryptalg){ - case DESECB: - ds = s->in.state; - ep = b->rp + BLEN(b); - for(p = b->rp; p < ep; p += 8) - block_cipher(ds->expanded, p, 1); - break; - case DESCBC: - ds = s->in.state; - ep = b->rp + BLEN(b); - for(p = b->rp; p < ep;){ - memmove(tmp, p, 8); - block_cipher(ds->expanded, p, 1); - tp = tmp; - ip = ds->ivec; - for(eip = ip+8; ip < eip; ){ - *p++ ^= *ip; - *ip++ = *tp++; - } - } - break; - case RC4: - rc4(s->in.state, b->rp, BLEN(b)); - break; - } - } - return bin; -} - -static Block* -digestb(Dstate *s, Block *b, int offset) -{ - uchar *p; - DigestState ss; - uchar msgid[4]; - ulong n, h; - OneWay *w; - - w = &s->out; - - memset(&ss, 0, sizeof(ss)); - h = s->diglen + offset; - n = BLEN(b) - h; - - /* hash secret + message */ - (*s->hf)(w->secret, w->slen, 0, &ss); - (*s->hf)(b->rp + h, n, 0, &ss); - - /* hash message id */ - p = msgid; - n = w->mid; - *p++ = n>>24; - *p++ = n>>16; - *p++ = n>>8; - *p = n; - (*s->hf)(msgid, 4, b->rp + offset, &ss); - - return b; -} - -static void -checkdigestb(Dstate *s, Block *bin) -{ - uchar *p; - DigestState ss; - uchar msgid[4]; - int n, h; - OneWay *w; - uchar digest[128]; - Block *b; - - w = &s->in; - - memset(&ss, 0, sizeof(ss)); - - /* hash secret */ - (*s->hf)(w->secret, w->slen, 0, &ss); - - /* hash message */ - h = s->diglen; - for(b = bin; b; b = b->next){ - n = BLEN(b) - h; - if(n < 0) - panic("checkdigestb"); - (*s->hf)(b->rp + h, n, 0, &ss); - h = 0; - } - - /* hash message id */ - p = msgid; - n = w->mid; - *p++ = n>>24; - *p++ = n>>16; - *p++ = n>>8; - *p = n; - (*s->hf)(msgid, 4, digest, &ss); - - if(tsmemcmp(digest, bin->rp, s->diglen) != 0) - error("bad digest"); -} - -/* get channel associated with an fd */ -static Chan* -buftochan(char *p) -{ - Chan *c; - int fd; - - if(p == 0) - error(Ebadarg); - fd = strtoul(p, 0, 0); - if(fd < 0) - error(Ebadarg); - c = fdtochan(fd, ORDWR, 1, 1); /* error check and inc ref */ - if(devtab[c->type] == &ssldevtab){ - cclose(c); - error("cannot ssl encrypt devssl files"); - } - return c; -} - -/* hand up a digest connection */ -static void -sslhangup(Dstate *s) -{ - Block *b; - - qlock(&s->in.q); - for(b = s->processed; b; b = s->processed){ - s->processed = b->next; - freeb(b); - } - if(s->unprocessed){ - freeb(s->unprocessed); - s->unprocessed = 0; - } - s->state = Sincomplete; - qunlock(&s->in.q); -} - -static Dstate* -dsclone(Chan *ch) -{ - int i; - Dstate *ret; - - if(waserror()) { - unlock(&dslock); - nexterror(); - } - lock(&dslock); - ret = nil; - for(i=0; i<Maxdstate; i++){ - if(dstate[i] == nil){ - dsnew(ch, &dstate[i]); - ret = dstate[i]; - break; - } - } - unlock(&dslock); - poperror(); - return ret; -} - -static void -dsnew(Chan *ch, Dstate **pp) -{ - Dstate *s; - int t; - - *pp = s = malloc(sizeof(*s)); - if(!s) - error(Enomem); - if(pp - dstate >= dshiwat) - dshiwat++; - memset(s, 0, sizeof(*s)); - s->state = Sincomplete; - s->ref = 1; - kstrdup(&s->user, up->user); - s->perm = 0660; - t = TYPE(ch->qid); - if(t == Qclonus) - t = Qctl; - ch->qid.path = QID(pp - dstate, t); - ch->qid.vers = 0; -} diff --git a/sys/src/9/port/portmkfile b/sys/src/9/port/portmkfile index 977693787..119147e8e 100644 --- a/sys/src/9/port/portmkfile +++ b/sys/src/9/port/portmkfile @@ -102,7 +102,6 @@ auth.$O devcons.$O: /sys/include/authsrv.h devcap.$O: /sys/include/libsec.h devfs.$O: /sys/include/libsec.h devsdp.$O: /sys/include/libsec.h -devssl.$O: /sys/include/libsec.h devtls.$O: /sys/include/libsec.h devswap.$O: /sys/include/libsec.h random.$O: /sys/include/libsec.h |