ape: add libauth, libbio, libmp and libsec as replacements for openssl

10 files changed, 420 insertions, 0 deletions

diff --git a/sys/src/ape/lib/sec/386/mkfile b/sys/src/ape/lib/sec/386/mkfile
new file mode 100644
index 000000000..3e1e3233a
--- /dev/null
+++ b/sys/src/ape/lib/sec/386/mkfile
@@ -0,0 +1,23 @@
+APE=/sys/src/ape
+<$APE/config
+
+LIB=/$objtype/lib/ape/libsec.a
+
+FILES=\
+	md5block\
+	sha1block\
+
+HFILES=/sys/include/ape/libsec.h
+
+SFILES=${FILES:%=%.s}
+
+OFILES=${SFILES:%.s=%.$O}
+
+UPDATE=mkfile\
+	$HFILES\
+	$SFILES\
+
+</sys/src/cmd/mksyslib
+
+%.$O:	/sys/src/libsec/$objtype/%.s
+	$AS $AFLAGS /sys/src/libsec/$objtype/$stem.s
diff --git a/sys/src/ape/lib/sec/alpha/mkfile b/sys/src/ape/lib/sec/alpha/mkfile
new file mode 100644
index 000000000..473538cac
--- /dev/null
+++ b/sys/src/ape/lib/sec/alpha/mkfile
@@ -0,0 +1,15 @@
+APE=/sys/src/ape
+<$APE/config
+
+LIB=/$objtype/lib/ape/libsec.a
+
+OFILES=	\
+
+HFILES=/sys/include/ape/libsec.h
+
+UPDATE=mkfile
+
+</sys/src/cmd/mksyslib
+
+%.$O:	/sys/src/libsec/$objtype/%.s
+	$AS $AFLAGS /sys/src/libsec/$objtype/$stem.s
diff --git a/sys/src/ape/lib/sec/amd64/mkfile b/sys/src/ape/lib/sec/amd64/mkfile
new file mode 100644
index 000000000..41f49d2ae
--- /dev/null
+++ b/sys/src/ape/lib/sec/amd64/mkfile
@@ -0,0 +1,22 @@
+APE=/sys/src/ape
+<$APE/config
+
+LIB=/$objtype/lib/ape/libsec.a
+FILES=\
+	md5block\
+	sha1block\
+
+HFILES=/sys/include/ape/libsec.h
+
+SFILES=${FILES:%=%.s}
+
+OFILES=${FILES:%=%.$O}
+
+UPDATE=mkfile\
+	$HFILES\
+	$SFILES\
+
+</sys/src/cmd/mksyslib
+
+%.$O:	/sys/src/libsec/$objtype/%.s
+	$AS $AFLAGS /sys/src/libsec/$objtype/$stem.s
diff --git a/sys/src/ape/lib/sec/arm/mkfile b/sys/src/ape/lib/sec/arm/mkfile
new file mode 100644
index 000000000..473538cac
--- /dev/null
+++ b/sys/src/ape/lib/sec/arm/mkfile
@@ -0,0 +1,15 @@
+APE=/sys/src/ape
+<$APE/config
+
+LIB=/$objtype/lib/ape/libsec.a
+
+OFILES=	\
+
+HFILES=/sys/include/ape/libsec.h
+
+UPDATE=mkfile
+
+</sys/src/cmd/mksyslib
+
+%.$O:	/sys/src/libsec/$objtype/%.s
+	$AS $AFLAGS /sys/src/libsec/$objtype/$stem.s
diff --git a/sys/src/ape/lib/sec/mips/mkfile b/sys/src/ape/lib/sec/mips/mkfile
new file mode 100644
index 000000000..3e1e3233a
--- /dev/null
+++ b/sys/src/ape/lib/sec/mips/mkfile
@@ -0,0 +1,23 @@
+APE=/sys/src/ape
+<$APE/config
+
+LIB=/$objtype/lib/ape/libsec.a
+
+FILES=\
+	md5block\
+	sha1block\
+
+HFILES=/sys/include/ape/libsec.h
+
+SFILES=${FILES:%=%.s}
+
+OFILES=${SFILES:%.s=%.$O}
+
+UPDATE=mkfile\
+	$HFILES\
+	$SFILES\
+
+</sys/src/cmd/mksyslib
+
+%.$O:	/sys/src/libsec/$objtype/%.s
+	$AS $AFLAGS /sys/src/libsec/$objtype/$stem.s
diff --git a/sys/src/ape/lib/sec/mkfile b/sys/src/ape/lib/sec/mkfile
new file mode 100644
index 000000000..4eabca330
--- /dev/null
+++ b/sys/src/ape/lib/sec/mkfile
@@ -0,0 +1,46 @@
+</$objtype/mkfile
+
+DIRS=port $CPUS
+
+default:V:	all
+
+install all:V:
+	for(i in port $objtype)@{
+		echo $i
+		cd $i
+		mk $MKFLAGS $target
+	}
+
+clean:V:
+	for(i in $DIRS)@{
+		echo $i
+		cd $i
+		mk $MKFLAGS $target
+	}
+
+nuke:V: clean
+	rm -f /$objtype/lib/libsec.a
+
+update:V:
+	for(i in $DIRS)@{
+		echo $i
+		cd $i
+		mk $MKFLAGS update
+	}
+	update $UPDATEFLAGS /386/lib/libsec.a
+
+installall:V:
+	for(objtype in $CPUS) mk $MKFLAGS install
+
+everything:V:
+	rm -f */*.[$OS]
+	for(objtype in $CPUS)@{
+		echo $objtype
+		mk $MKFLAGS install
+	}
+	rm -f */*.[$OS]
+
+APE=/sys/src/ape
+<$APE/config
+$O.tlsclient: tlsclient.c
+	$CC -o $target $CFLAGS -D_POSIX_SOURCE -D_PLAN9_SOURCE -D_NET_EXTENSION tlsclient.c
diff --git a/sys/src/ape/lib/sec/port/mkfile b/sys/src/ape/lib/sec/port/mkfile
new file mode 100644
index 000000000..ef8cc3942
--- /dev/null
+++ b/sys/src/ape/lib/sec/port/mkfile
@@ -0,0 +1,72 @@
+APE=/sys/src/ape
+<$APE/config
+
+LIB=/$objtype/lib/ape/libsec.a
+
+CFILES = des.c desmodes.c desECB.c desCBC.c des3ECB.c des3CBC.c\
+	aes.c aes_gcm.c blowfish.c \
+	hmac.c md5.c md5block.c md4.c sha1.c sha1block.c\
+	sha2_64.c sha2_128.c sha2block64.c sha2block128.c\
+	sha1pickle.c md5pickle.c\
+	poly1305.c\
+	rc4.c\
+	chacha.c\
+	salsa.c\
+	genrandom.c prng.c fastrand.c nfastrand.c\
+	probably_prime.c smallprimetest.c genprime.c dsaprimes.c\
+	gensafeprime.c genstrongprime.c\
+	rsagen.c rsafill.c rsaencrypt.c rsadecrypt.c rsaalloc.c \
+	rsaprivtopub.c \
+	x509.c \
+	decodepem.c \
+	eggen.c egencrypt.c egdecrypt.c egalloc.c egprivtopub.c \
+	egsign.c egverify.c \
+	dsagen.c dsaalloc.c dsaprivtopub.c dsasign.c dsaverify.c \
+	tlshand.c \
+	thumb.c readcert.c \
+	aes_xts.c  \
+	ecc.c\
+	ripemd.c\
+	dh.c\
+	curve25519.c\
+	curve25519_dh.c\
+	pbkdf2.c\
+	hkdf.c\
+	ccpoly.c\
+	tsmemcmp.c\
+	secp256r1.c\
+	secp256k1.c\
+
+CLEANFILES=secp256r1.c secp256k1.c
+
+ALLOFILES=${CFILES:%.c=%.$O}
+
+# cull things in the per-machine directories from this list
+OFILES=	`{rfork n; \
+	bind -a ../../../../libsec/$objtype ../$objtype; \
+	rc ../../../../libsec/port/reduce $O $objtype $ALLOFILES}
+
+HFILES=/sys/include/ape/libsec.h
+
+UPDATE=mkfile\
+	$HFILES\
+	$CFILES\
+
+</sys/src/cmd/mksyslib
+
+CFLAGS=-TVwc -+ -D_POSIX_SOURCE -D_PLAN9_SOURCE -I. -I../../9 -I../../../../libmp/port
+
+../../../../libsec/port/%.c:D:	../../../../libsec/port/%.mp
+	@{cd ../../../../libsec/port && mk $stem.c}
+
+%.$O:	../../../../libsec/port/%.c
+	$CC $CFLAGS ../../../../libsec/port/$stem.c
+	
+$O.rsatest: rsatest.$O
+	$LD -o $target $prereq
+
+$O.chachatest: chachatest.$O
+	$LD -o $target $prereq
+
+$O.aesgcmtest: aesgcmtest.$O
+	$LD -o $target $prereq
diff --git a/sys/src/ape/lib/sec/power/mkfile b/sys/src/ape/lib/sec/power/mkfile
new file mode 100644
index 000000000..473538cac
--- /dev/null
+++ b/sys/src/ape/lib/sec/power/mkfile
@@ -0,0 +1,15 @@
+APE=/sys/src/ape
+<$APE/config
+
+LIB=/$objtype/lib/ape/libsec.a
+
+OFILES=	\
+
+HFILES=/sys/include/ape/libsec.h
+
+UPDATE=mkfile
+
+</sys/src/cmd/mksyslib
+
+%.$O:	/sys/src/libsec/$objtype/%.s
+	$AS $AFLAGS /sys/src/libsec/$objtype/$stem.s
diff --git a/sys/src/ape/lib/sec/spim/mkfile b/sys/src/ape/lib/sec/spim/mkfile
new file mode 100644
index 000000000..f8e4ae94f
--- /dev/null
+++ b/sys/src/ape/lib/sec/spim/mkfile
@@ -0,0 +1,12 @@
+APE=/sys/src/ape
+<$APE/config
+
+LIB=/$objtype/lib/ape/libsec.a
+
+HFILES=/sys/include/ape/libsec.h
+
+OFILES=\
+
+UPDATE=mkfile $HFILES
+
+</sys/src/cmd/mksyslib
diff --git a/sys/src/ape/lib/sec/tlsclient.c b/sys/src/ape/lib/sec/tlsclient.c
new file mode 100644
index 000000000..37095a6ab
--- /dev/null
+++ b/sys/src/ape/lib/sec/tlsclient.c
@@ -0,0 +1,177 @@
+#include <sys/types.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <signal.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <lib9.h>
+
+#include <libsec.h>
+#include <libnet.h>
+
+#include <auth.h>
+
+int debug, auth, dialfile;
+char *keyspec = "";
+char *servername, *file, *filex, *ccert;
+
+void
+sysfatal(char *fmt, ...)
+{
+	va_list a;
+
+	va_start(a, fmt);
+	vfprintf(stderr, fmt, a);
+	va_end(a);
+	fprintf(stderr, "\n");
+	exit(1);
+}
+
+void
+usage(void)
+{
+	fprint(2, "usage: tlsclient [-D] [-a [-k keyspec] ] [-c lib/tls/clientcert] [-t /sys/lib/tls/xxx] [-x /sys/lib/tls/xxx.exclude] [-n servername] [-o] dialstring [cmd [args...]]\n");
+	exit(1);
+}
+
+void
+xfer(int from, int to)
+{
+	char buf[12*1024];
+	int n;
+
+	while((n = read(from, buf, sizeof buf)) > 0)
+		if(write(to, buf, n) < 0)
+			break;
+}
+
+static int
+reporter(char *fmt, ...)
+{
+	va_list ap;
+	
+	va_start(ap, fmt);
+	fprint(2, "%s:  tls reports ", argv0);
+	vfprint(2, fmt, ap);
+	fprint(2, "\n");
+
+	va_end(ap);
+	return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+	int fd, pid;
+	char *addr;
+	TLSconn *conn;
+	Thumbprint *thumb;
+	AuthInfo *ai = nil;
+
+//	fmtinstall('H', encodefmt);
+
+	ARGBEGIN{
+	case 'D':
+		debug++;
+		break;
+	case 'a':
+		auth++;
+		break;
+	case 'k':
+		keyspec = EARGF(usage());
+		break;
+	case 't':
+		file = EARGF(usage());
+		break;
+	case 'x':
+		filex = EARGF(usage());
+		break;
+	case 'c':
+		ccert = EARGF(usage());
+		break;
+	case 'n':
+		servername = EARGF(usage());
+		break;
+	case 'o':
+		dialfile = 1;
+		break;
+	default:
+		usage();
+	}ARGEND
+
+	if(argc < 1)
+		usage();
+
+	if(filex && !file)	
+		sysfatal("specifying -x without -t is useless");
+
+	if(file){
+		thumb = initThumbprints(file, filex);
+		if(thumb == nil)
+			sysfatal("initThumbprints: %r");
+	} else
+		thumb = nil;
+
+	addr = *argv++;
+	if((fd = dial(addr, 0, 0, 0)) < 0)
+		sysfatal("dial %s: %r", addr);
+
+	conn = (TLSconn*)malloc(sizeof *conn);
+	memset(conn, 0, sizeof(*conn));
+	conn->serverName = servername;
+	if(ccert){
+		conn->cert = readcert(ccert, &conn->certlen);
+		if(conn->cert == nil)
+			sysfatal("readcert: %r");
+	}
+
+	if(auth){
+		ai = auth_proxy(fd, auth_getkey, "proto=p9any role=client %s", keyspec);
+		if(ai == nil)
+			sysfatal("auth_proxy: %r");
+
+		conn->pskID = "p9secret";
+		conn->psk = ai->secret;
+		conn->psklen = ai->nsecret;
+	}
+
+	if(debug)
+		conn->trace = reporter;
+
+	fd = tlsClient(fd, conn);
+	if(fd < 0)
+		sysfatal("tlsclient: %r");
+
+	if(thumb){
+		uchar digest[20];
+
+		if(conn->cert==nil || conn->certlen<=0)
+			sysfatal("server did not provide TLS certificate");
+		sha1(conn->cert, conn->certlen, digest, nil);
+		if(!okThumbprint(digest, thumb))
+			sysfatal("server certificate %.*H not recognized", SHA1dlen, digest);
+		freeThumbprints(thumb);
+	}
+
+	free(conn->cert);
+	free(conn->sessionID);
+	free(conn);
+	if(ai != nil)
+		auth_freeAI(ai);
+
+	pid = fork();
+	switch(pid){
+	case -1:
+		sysfatal("fork: %r");
+	case 0:
+		pid = getppid();
+		xfer(0, fd);
+		break;
+	default:
+		xfer(fd, 1);
+		break;
+	}
+	if(pid) kill(pid, SIGTERM);
+	return 0;
+}