Commit graph

111 commits

Author SHA1 Message Date
cinap_lenrek
39f18c9d88 libsec: implement TLS-PSK for tlsClient()/tlsServer() 2015-12-25 17:05:05 +01:00
cinap_lenrek
a53ae2782a libjson: added printing support (thanks spew) 2015-12-22 18:12:56 +01:00
cinap_lenrek
efd3ac8a23 libmp: add mpfield() function for fast field arithmetic
instead of testing for special field primes each time in mpmod(),
make it explicit with a mpfiled() function that tests a modulus N
to be of some special form that can be reduced more efficiently with
some precalculation, and replaces N with a Mfield* when it can. the
Mfield*'s are recognized by mpmod() as they have the MPfield flag
set and provide a function pointer that executes the fast reduction.
2015-12-16 21:18:20 +01:00
aiju
87abbc649f mp: add logic operations; mpfmt: include 0x with # 2015-12-08 18:29:22 +01:00
cinap_lenrek
254031cf70 libsec: add chacha20 poly1305 aead, allow 64 bit iv's for chacha, add tsmemcmp()
chacha20 comes in two variants: ietf rfc7539, using 96 bit iv and 32 bit counter
and draft-agl-tls-chacha20poly1305 using 64 bit iv and a 64 bit counter. so
setupChachastate() now takes a ivlen argument which sets the mode.

add ccpoly_encrypt()/ccpoly_decrypt() routines.

to implement timing safe ccpoly_decrypt(), a constant time memcmp was needed, so
adding tsmemcmp() to libsec.
2015-11-26 15:25:10 +01:00
cinap_lenrek
38e1e5272f libmp: initial attempt at constant time code, faster reductions for special primes (for ecc)
introduce MPtimesafe flag to request time invariant computation
disables normalization so significant digits are not leaked.
2015-11-21 09:39:59 +01:00
cinap_lenrek
847f3a0cf5 libsec: add chacha cipher (from charles forsyth) 2015-10-22 07:48:26 +02:00
cinap_lenrek
7effba9d98 libsec: add poly1305 2015-10-22 07:17:25 +02:00
cinap_lenrek
2f99484b9d merge 2015-10-15 13:22:48 +02:00
cinap_lenrek
a034e629f7 lib9p: do not override Srv.end in listensrv(), simplify srvclose() and recounting
listensrv() used to override Srv.end() with its own handler
to free the malloc'd Srv structure and close the fd. this
makes it impossible to register your own cleanup handler.
instead, we introduce the private Srv.free() handler that
is used by listensrv to register its cleanup code. Srv.free()
is called once all the srv procs have been exited and all
requests on that srv have been responded to while Srv.end()
is called once all the procs exited the srv loop regardless
of the requests still being in flight.
2015-10-15 13:21:30 +02:00
aiju
27d2955ccf lib9p: add reqqueuefree 2015-10-12 10:41:40 +02:00
cinap_lenrek
cde69a7822 ape: set MB_CUR_MAX to 4 in stdlib.h for 21-bit runes (thanks erik quanstro)
> fix silly bug with ape/stdlib.h which caused ape/lib/regexp/regcomp.c
> to miscompile regular expressions with runes > 0xffff.
2015-09-29 15:17:21 +02:00
cinap_lenrek
c3e1c158f6 libsec: implement dh parameter signature verification, stop lying about non-rsa ciphers, fix memory leaks in X509 code
actually verify the diffie hellman parameter signature, this
comes in two flavours. TLS1.2 uses X509 signature with a
single hash specified by the signature algorithm field in
the signature itself and pre TLS1.2 where md5+sha1 hashes
of the signed blob are pkcs1 padded and encrypted with the
rsa private key.

stop advertizing non-rsa cipher suits (DSS and ECDSA), as
we have not implmenented them.

fix some memory leaks in X509 code while we'r at it.
2015-09-22 18:10:52 +02:00
cinap_lenrek
b55315c3fd libthread: get rid of tprivalloc()/tprivfree()/tprivdata() and _workerdata() (thanks qrstuv)
these functions where undocumented and unused. especially
tprivfree() was buggy missing a unlock() call. theres not
much point in supporting these functions as theres
threaddata() and procdata().
2015-09-06 23:25:14 +02:00
cinap_lenrek
7562da90e5 libc: remove privfree(), simplify privalloc() 2015-09-06 20:43:05 +02:00
cinap_lenrek
7ed22aaeec libsec: add rfc5869 hmac-based key derivation function hkdf_x() 2015-09-02 11:30:17 +02:00
cinap_lenrek
b749f36baa libsec: generalize pbkdf2_hmac_sha1() to pbkdf2_x() passing the hmac as an argument 2015-09-02 11:28:11 +02:00
cinap_lenrek
b5737e8726 libsec: add curve25519 diffie hellman 2015-09-01 21:38:20 +02:00
cinap_lenrek
e3a64494e7 libsec: remove flawed aes() digest and hmac_aes() implementations (thanks aiju) 2015-09-01 21:35:43 +02:00
cinap_lenrek
0e51046942 libsec: add curve25519() from http://code.google.com/p/curve25519-donna/
this is a portable version of curve25519() by google.
2015-08-28 12:08:54 +02:00
glenda
2bc15fbabd mp.h: third time's a charm 2015-08-27 13:40:34 +00:00
glenda
82a922d9ed mp.h: oops 2015-08-27 13:35:13 +00:00
glenda
d8a1f1a647 mp.h: define mpnrand 2015-08-27 13:34:02 +00:00
cinap_lenrek
3bb0b9f4ea libsec: add q parameter to dh_new() for subgroup support, sanitize dh parameters 2015-08-26 05:59:42 +02:00
glenda
c4fdc6bfdb fix fuckup 2015-08-25 09:35:10 +00:00
mischief
6b402b83cf import E script from bell labs 2015-08-25 02:07:46 -07:00
cinap_lenrek
63b18e7925 introduce AES key into nvram and keyfs 2015-08-21 02:43:31 +02:00
cinap_lenrek
a40c4006d2 libsec: add pbkdf2_hmac_sha1() (from wpapsk factotum module) 2015-08-20 00:45:08 +02:00
cinap_lenrek
02cfcfeab4 libauthsrv: generalize ticket service, not hardcoding ticket format and DES encryption
this is in preparation for replacing DES ticket encryption with
something better. but first need to make the code stop making
assumptions.

the wire encoding of the Ticket might be variable length
with TICKETLEN just giving an upper bound. the details will be
handled by libauthsrv _asgetticket() and _asgetresp() funciotns.

the Authenticator and Passwordreq structures are encrypted
with the random ticket key. The encryption schmeme will depend
on the Ticket format used, so we pass the Ticket* structure
instead of the DES key.

introduce Authkey structure that will hold all the required
cryptographic keys instead of passing DES key.
2015-08-19 21:06:17 +02:00
cinap_lenrek
63759d2efb ape: implement altzone for tzset() 2015-08-04 02:01:41 +02:00
cinap_lenrek
737c3edeba ape: add stdint.h, fix SSIZE_MAX and add SIZE_MAX to limits.h 2015-07-13 02:36:48 +02:00
ftrvxmtrx
be36fab405 remove drawlsetrefresh and convM2Tnoenc: undefined functions 2015-06-09 18:25:09 +02:00
ftrvxmtrx
3bd0d66686 authsrv.h: remove nonexistent prototypes 2015-06-09 11:46:37 +02:00
ftrvxmtrx
7a95bef00e authsrv: remove unused opasstokey 2015-06-09 23:53:07 +02:00
mischief
045530aed2 ape: define long long limits 2015-06-04 17:16:23 -07:00
cinap_lenrek
16bbaa2014 ape: include <sys/types.h> in <sys/wait.h> for pid_t (thanks jens staal) 2015-05-27 21:48:42 +02:00
cinap_lenrek
40360a992d libsec: implement tlsClient support for RFC6066 server name identification (SNI)
tlsClient() now can optionally send the server_name in the ClientHello
message by setting the TLSconn.serverName. This is required for some
https sites.
2015-05-21 02:26:57 +02:00
mischief
5d2253af99 libhttpd: declare hvprint 2015-05-20 15:09:34 -07:00
cinap_lenrek
12bb7bcfff libsec: remove aesCTRencrypt()/aesCTRdecrypt() (thanks mischief and qrstuv)
as mischief and qrstuv point out, these functions are not very usefull
and are even implemented wrong (incrementCTR()), so deleting the code.
2015-04-29 02:58:10 +02:00
cinap_lenrek
dbbe430ec7 libmach: use #pragma pack to force 4 byte alignment of bootexec.h structures for amd64 2015-03-18 19:31:51 +01:00
cinap_lenrek
07c7fa6716 libthread: get rid of chaninit() (thanks qrstuv)
chaninit() does not initialize Chan.qentry and Chan.nentry
and there is no way to get rid of such a channel. nobody is
using it, so removing the function to avoid confusion.
2015-03-04 10:20:31 +01:00
cinap_lenrek
035aacf6f5 bio: add Bfdopen() from plan9port 2014-12-14 20:21:42 +01:00
cinap_lenrek
6c68876db6 libsec: add diffie-hellman functions 2014-09-14 02:29:18 +02:00
mischief
4afbc988ca pool: declare pooldump in pool.h. the manual says it is public. 2014-06-09 12:17:45 -07:00
ftrvxmtrx
6f58f7fed4 thread.h: varargck argpos for threadsetname 2014-05-03 12:09:53 +02:00
ftrvxmtrx
462f1d0688 bio.h: add varargck argpos pragma for Berror 2014-05-03 11:46:01 +02:00
cinap_lenrek
e42981dfcf factotum/authsrv: fix padding for mschap on amd64, use constants for structure sizes 2014-02-15 19:57:13 +01:00
cinap_lenrek
e836796365 pool: use uintptr for pool size
note, arenas and blocks still use ulong for sizes. so
we have to check for overflow when attempting to merge
arenas.
2014-02-06 22:47:05 +01:00
cinap_lenrek
b99ecee6cd malloc: change malloc and realloc tag types to uintptr 2014-01-20 00:09:53 +01:00
cinap_lenrek
7143b286b7 ape: move strdup() from libbsd to libap (from sources)
including <string.h> should be enougth to make strdup()
available.
2013-12-28 05:14:10 +01:00