Commit graph

246 commits

Author SHA1 Message Date
cinap_lenrek
4f0bfe0fb8 dtracy: avoid dmachlock() race
between being commited to a machno and having acquired the lock, the
scheduler could come in an schedule us on a different processor. the
solution is to have dtmachlock() take a special -1 argument to mean
"current mach" and return the actual mach number after the lock has
been acquired and interrupts being disabled.
2019-03-30 09:17:46 +01:00
cinap_lenrek
0af11f97b5 libip: replace v4parsecidr() with new parseipandmask()
we want to accept V4 subnets in CIDR notation consistently which
means we need to interpret the mask in context of the IP address.
so parseipmask() now has an additional v4 flag argument which
offsets the prefixlength by 96 so a /24 will be interpreted
as a /120.

parseipandmask() is the new function which handles this automatically
depending on the ip address type.

v4parsecidr() is now obsolete.
2019-02-11 23:26:57 +01:00
aiju
c7304ea03c dtracy: get rid of DTName struct, support more than three parts in a probe name, wildcard matching 2018-12-13 10:42:49 +00:00
aiju
40d6302b5f forgotten files 2018-12-11 09:20:34 +00:00
aiju
ca851bbb5e dtracy: call dtptrigger with a struct pointer rather than a list of arguments; put return value in arg9 2018-12-09 21:43:22 +00:00
aiju
58fa29447b dtracy: add support for aggregations 2018-12-08 15:07:53 +00:00
mischief
cb7375dcbc ape: declare gethostname 2018-12-02 03:30:22 -08:00
aiju
e15b1b8930 add dtracy.h 2018-11-10 20:01:19 +00:00
mischief
6df3f7bf38 libmp: declare mpfactorial 2018-11-04 11:37:02 -08:00
cinap_lenrek
19166f2cf3 libc: add procsetname() 2018-09-26 14:56:23 +02:00
cinap_lenrek
311e3b51c6 libc: return number of bytes produced for idn2utf() and utf2idn() 2018-09-26 14:32:17 +02:00
cinap_lenrek
dfec09c436 libc: add utf2idn() and idn2utf() functions to deal with internationalized domain names 2018-09-25 20:14:25 +02:00
cinap_lenrek
a4e444f430 libndb: make ndbipinfo() walk ipnet for all matching entries, concatenate and dedup result 2018-09-16 12:39:47 +02:00
spew
91d0343627 ape: an implemenation of getitimer setitimer 2018-07-01 18:48:12 -04:00
spew
55c122d59f ape: add strnlen 2018-06-21 11:56:37 -04:00
spew
3b376b43af ape: provide bogus chroot implementation 2018-06-20 22:19:37 -04:00
spew
583c6d269b ape: add some common fields for stat, grp and pwd 2018-06-17 17:38:00 -04:00
aiju
db71e19005 add libttf 2018-06-09 14:33:19 +00:00
cinap_lenrek
930efe67e8 ape: fix auth.h 2018-05-20 23:22:41 +02:00
cinap_lenrek
6e19d19285 separate MSCHAP(v2) and NTLM(v2) authentication
due to linux omiting the final Z(4) in the NTLMv2 reply, and
the need for the windom for LMv2 authentication, here is a new
AuthNTLM ticket request now with length and dom fields.
2018-05-20 22:49:24 +02:00
qwx
19d6a98038 ape: add signed fixed size integer typedefs to u.h 2018-05-13 07:13:00 +02:00
cinap_lenrek
8f91d94d19 merge 2018-05-01 23:40:00 +02:00
cinap_lenrek
190c40c9ff ip/ipconfig: populate /net/ndb from v6 router advertisements, configure multiple addresses in ndbconfig()
we now update /net/ndb with the following information gathered
from router advertisements (rfc6106 and plan9 specific options):

- recursive dns servers (option 25, ndb: dns=)
- dns search list (option 31, ndb: dnsdomain=)
- plan9 fileserver (option 250, ndb: fs=)
- plan9 authserver (option 251, ndb: auth=)

note the plan9 specific options can be disabled with the -G flag.

for ndbconfig (-N flag), we now collect all ip addresses in ndb
belonging to the devices mac address and configue them all. v6
addresses are getting added when a link local address exists
or the -6 flag has been specified to automatically configure one.

move the dhcp code in its own dhcp.c file and make symbols static
that are not used across modules.
2018-05-01 23:32:28 +02:00
aiju
29f03ba4e7 libsat, forp: fix va_list hack on amd64 2018-04-24 12:20:07 +01:00
mischief
034d0b08e9 ape: improve assert macro
in a statement such as:

if(expr)
	assert(a);
else
	assert(b);

the previous definition of assert would fail to compile, as the else
would be dangling.  with a ternary expression, this construct works
fine.
2018-04-02 21:44:21 -07:00
aiju
57edb0b2d4 sat.h: update to include satget 2018-03-28 20:36:04 +00:00
aiju
9f18b0f388 add #pragma incomplete to sat.h 2018-03-18 01:15:07 +00:00
aiju
c2c9562e3c add libsat 2018-03-17 19:26:26 +00:00
aiju
b7d31909f6 mptod/dtomp: add to mp.h 2018-03-09 21:30:06 +00:00
cinap_lenrek
34f19570b9 libndb: retire deprecated csgetval(), ndbgetval() and ndblookval() functions 2018-01-27 23:46:48 +01:00
cinap_lenrek
3004f058f6 libauth: add auth_respondAI() function to get AuthInfo for mschap/mschapv2 2018-01-21 22:37:45 +01:00
cinap_lenrek
fd1e50d653 authsrv: implement mschapv2 authentication, include MPPE secret in the ticket
this adds new rpc for mschapv2 authentication (21)

deliver the MPPE secret not after the ticket/authenticator
response as cheartext, but include it in the first 128 bit
of the ticket key. and the authenticator in the first 160 bit
of the authenticator random field.
2018-01-21 22:32:34 +01:00
cinap_lenrek
8ff72ce20d libsec: remove asn1toDSApriv() 2018-01-06 08:34:25 +01:00
cinap_lenrek
e8b46f6972 ape: update auth.h header for APE 2018-01-02 04:59:44 +01:00
cinap_lenrek
e1ca49d625 libauth: remove auth_wep() function, and non-existing httpauth() declaration 2018-01-02 04:31:21 +01:00
cinap_lenrek
c039b52fc3 libc: constant time implementation for encode(2) routines, fix base32
the string encoding functions touch secret key material
in a bunch of places (devtls, devcap), so make sure we do
not leak information by cache timing side channels, making
the encoding and decoding routines constant time.

we also expose the alphabets through encXchr()/decXchr()
functions so caller can find the end of a encoded string
before calling decode function (for libmp).

the base32 encoding was broken in several ways. inputs
lengths of len%5 == [2,3,4] had output truncated and
it was using non-standard alphabet. documenting the alphabet
change in the manpage.
2017-12-31 09:06:42 +01:00
cinap_lenrek
57f8b6ec75 libsec: implement SPKI fingerprinting for okCertificate()
Instead of only using a hash over the whole certificate for
white/black-listing, now we can also use a hash over the
Subject Public Key Info (SPKI) field of the certificate which
contians the public key algorithm and the public key itself.

This allows certificates to be renewed independendtly of the
public key.

X509dump() now prints the public key thumbprint in addition
to the certificate thumbprint.

tlsclient will print the certificate when run with -D flag.

okCertificate() will print the public key thumbprint in its
error string when no match has been found.
2017-12-30 03:07:47 +01:00
cinap_lenrek
3356e0e731 libsec: AES-NI support for amd64
Add assembler versions for aes_encrypt/aes_decrypt and the key
setup using AES-NI instruction set. This makes aes_encrypt and
aes_decrypt into function pointers which get initialized by
the first call to setupAESstate().

Note that the expanded round key words are *NOT* stored in big
endian order as with the portable implementation. For that reason
the AESstate.ekey and AESstate.dkey fields have been changed to
void* forcing an error when someone is accessing the roundkey
words. One offender was aesXCBmac, which doesnt appear to be
used and the code looks horrible so it has been deleted.

The AES-NI implementation is for amd64 only as it requires the
kernel to save/restore the FPU state across syscalls and
pagefaults.
2017-11-12 23:15:15 +01:00
cinap_lenrek
c021390e21 libsec: rewrite aex_xts_encrypt()/aes_xts_decrypt()
the previous implementation was not portable at all, assuming
little endian in gf_mulx() and that one can cast unaligned
pointers to ulong in xor128(). also the error code is likely
to be ignored, so better abort() when the length is not a
multiple of the AES block size.

we also pass in full AESstate structures now instead of
the expanded key longs, so that we do not need to hardcode
the number of rounds. this allows each indiviaul keys to
be bigger than 128 bit.
2017-10-29 21:49:24 +01:00
cinap_lenrek
3794b1c14f libc: improve alignment of QLp structure on amd64, cosmetics
the QLp structure used to occupy 24 bytes on amd64.
with some rearranging the fields we can get it to 16 bytes,
saving 8K in the data section for the 1024 preallocated
structs in the ql arena.

the rest of the changes are of cosmetic nature:

- getqlp() zeros the next pointer, so there is no need to set
  it when queueing the entry.

- always explicitely compare pointers to nil.

- delete unused code from ape's qlock.c
2017-10-28 18:53:27 +02:00
cinap_lenrek
29411f58cf libsec: make sectorNumber argument for aes_xts routines uvlong 2017-10-17 21:36:45 +02:00
cinap_lenrek
45b7d60bf3 libsec: add AES CFB and AES OFB stream ciphers 2017-10-17 21:34:01 +02:00
cinap_lenrek
1d34a855fe ape/libsec: fix the build, bring ape libsec.h in sync with plan9 version 2017-10-16 04:06:17 +02:00
cinap_lenrek
8a67560183 libsec: export asn1encodedigest(), asn1encodeRSApub(), asn1toRSApub(), pkcs1padbuf() and pkcs1unpadbuf() 2017-10-06 20:52:18 +02:00
aiju
6104ebc9b6 libmach: support disassembling from memory 2017-08-24 13:02:27 +00:00
aiju
37567f07d1 update ape/bio.h (thanks jpm) 2017-05-06 14:33:52 +00:00
aiju
f681cf835a bio: add support for custom I/O handler via Biofn 2017-05-04 17:42:12 +00:00
cinap_lenrek
f8478eb4c4 lib9p: allow rewinding in 9pfile directories 2017-04-30 01:49:21 +02:00
cinap_lenrek
9a5e55782d libmemdraw/libmemlayer: get rid of drawdebug prints 2017-04-29 21:10:28 +02:00
cinap_lenrek
d4a6dc8910 libdraw: get rid of _drawdebug variable 2017-04-29 21:03:52 +02:00
cinap_lenrek
346f5828e0 libsec: sha256 support for thumbprint files, use it in ssh as well
initThumbprints() now takes an application tag argument
so x509 and ssh can coexist.

the thumbprint entries can now hold both sha1 and sha256
hashes. okThumbprint() now takes a len argument for the
hash length used.

the new function okCertificate() hashes the certificate
with both and checks for any matches.

on failure, okCertificate() returns 0 and sets error string.

we also check for include loops now in thumbfiles, limiting
the number of includes to 8.
2017-04-23 19:00:08 +02:00
spew
6261dcb06b replica: use libavl for avl tree implementation 2017-04-22 14:28:02 -05:00
spew
9cf5198145 libavl: lookup can return the closest match 2017-04-22 13:59:37 -05:00
cinap_lenrek
7d4a1e3643 ec(2), rsa(2): document X509toECpub(), X509ecdsaverify(), X509ecdsaverifydigest(), X509rsaverifydigest() 2017-02-10 22:39:47 +01:00
cinap_lenrek
fb2abc2a04 libsec: make X509toECpub() return CN name like X509toRSApub() 2017-02-10 21:36:19 +01:00
cinap_lenrek
2e23780d2f libsec: implement extended 192-bit nonce xchacha variant and hchacha function 2017-01-12 20:16:38 +01:00
spew
0885ed1e80 alv(2): new avl implementation 2016-12-22 16:47:41 -06:00
cinap_lenrek
62d3108646 ape/libsec: add secp384r1 curve parameters for tls 2016-10-30 20:32:03 +01:00
cinap_lenrek
c9d55cadb3 libsec: add secp384r1 curve parameters for tls 2016-10-30 02:15:40 +01:00
cinap_lenrek
b728f50a79 lib9p: limit the number of srv processes kept arround 8 2016-10-23 17:16:22 +02:00
aiju
b65f409d54 mp.h: add mpasr 2016-08-28 16:05:22 +02:00
cinap_lenrek
5debddf8af ape: add d_stat struct in dirent struct allowing the avoidance of stats 2016-08-28 03:39:49 +02:00
cinap_lenrek
8a73650874 libc: add poolisoverlap() and definitions for Pool *secrmem 2016-08-27 20:23:55 +02:00
cinap_lenrek
b21fe017d1 libauthsrv: ANAMELEN -> PASSWDLEN 2016-08-05 19:09:42 +02:00
cinap_lenrek
cf37a1010f libauthsrv: export common readcons() routine and introduce PASSWDLEN constant
drawterm, factotum, secstore and the auth commands
all had ther own implementation of readcons. we
want to have one common function for this to avoid
the duplication, so putting that in libauthsrv.

introduce PASSWDLEN which makes the use more explicit
than ANAMELEN.
2016-07-31 20:04:02 +02:00
cinap_lenrek
1492f46f87 libsec: add scrypt password based key derivation function 2016-07-10 21:41:57 +02:00
cinap_lenrek
bc2a5d9b1e aml: define amlintmask and set it according to DSDT revision (64bit / 32bit) 2016-06-05 14:57:38 +02:00
cinap_lenrek
986886f2b8 retire the dec alpha port 2016-05-04 16:11:48 +02:00
cinap_lenrek
cb3049652d remove ape/regexp.h, remove leftover #pragma lib oldlibregexp.$O from upas/bayes/regexp.h 2016-04-28 21:22:26 +02:00
ben
3bf6ef0196 better memory management of threads (thanks knuth) 2016-04-27 17:36:43 -05:00
ben
0a460e1722 New libregexp and APE ported to native 2016-04-26 22:23:44 -05:00
cinap_lenrek
2fa4c8ef66 libsec: implement elliptic curve group operations in jacobian coordinate system 2016-04-20 20:09:59 +02:00
cinap_lenrek
a5268a5413 remove unused liboventi 2016-04-13 01:09:45 +02:00
cinap_lenrek
1787584ad8 libdraw: avoid BPSHORT()/BPLONG() expansion, cleanup loadchar(),cachechars()
assigning the expression value to a temporary variable in
BPSHORT() and BPLONG() saves arround 2K of text in rio on
arm and arround 1K on amd64.

loadchar(): use the passed in "h" as the char index instead
of recomputing it from c-f->cache. dont recompute wid.

cachechars(): do cache lookup and find oldest entry in a
single loop pass.
2016-04-13 00:34:48 +02:00
cinap_lenrek
45f3c56a53 ape: removing openssl 2016-04-11 20:39:12 +02:00
cinap_lenrek
464763202b ape: add libauth, libbio, libmp and libsec as replacements for openssl 2016-04-11 20:23:34 +02:00
cinap_lenrek
aa6673fcfb add portable AES-GCM (Galois/Counter Mode) implementation to libsec and devtls 2016-03-23 02:45:35 +01:00
cinap_lenrek
4a92397236 libsec: have 16 32-bit words in DigestState to avoid out of bounds warnings for poly1305 2016-02-28 09:09:41 +01:00
cinap_lenrek
75186be2c2 libdraw: remove unused static log2[] array 2016-02-28 01:38:29 +01:00
cinap_lenrek
2ca8e31066 removing libgio, this is not golang mveery >:-( 2016-02-10 05:11:11 +01:00
Matthew Veety
a54782d69b Imported ngfs libgio. This is a library to create virtual file descriptors, similar to common lisp grey-streams or golang's io.Reader/io.Writer. Now 95% bug-free. 2016-02-09 16:24:41 -05:00
cinap_lenrek
a291bbdedd libsec: ecdsa client support for tlshand, cleanups 2016-02-01 21:34:49 +01:00
cinap_lenrek
7cf11db685 libsec: add salsa20 stream cipher 2016-01-19 12:50:33 +01:00
cinap_lenrek
3e38194d72 introduce signed intptr and %z format modifier for formating uintptr and intptr 2016-01-07 04:39:09 +01:00
cinap_lenrek
2dae1ed53a auth: release dp9ik implementation and reentrant factotum 2016-01-06 03:09:00 +01:00
cinap_lenrek
39f18c9d88 libsec: implement TLS-PSK for tlsClient()/tlsServer() 2015-12-25 17:05:05 +01:00
cinap_lenrek
a53ae2782a libjson: added printing support (thanks spew) 2015-12-22 18:12:56 +01:00
cinap_lenrek
efd3ac8a23 libmp: add mpfield() function for fast field arithmetic
instead of testing for special field primes each time in mpmod(),
make it explicit with a mpfiled() function that tests a modulus N
to be of some special form that can be reduced more efficiently with
some precalculation, and replaces N with a Mfield* when it can. the
Mfield*'s are recognized by mpmod() as they have the MPfield flag
set and provide a function pointer that executes the fast reduction.
2015-12-16 21:18:20 +01:00
aiju
87abbc649f mp: add logic operations; mpfmt: include 0x with # 2015-12-08 18:29:22 +01:00
cinap_lenrek
254031cf70 libsec: add chacha20 poly1305 aead, allow 64 bit iv's for chacha, add tsmemcmp()
chacha20 comes in two variants: ietf rfc7539, using 96 bit iv and 32 bit counter
and draft-agl-tls-chacha20poly1305 using 64 bit iv and a 64 bit counter. so
setupChachastate() now takes a ivlen argument which sets the mode.

add ccpoly_encrypt()/ccpoly_decrypt() routines.

to implement timing safe ccpoly_decrypt(), a constant time memcmp was needed, so
adding tsmemcmp() to libsec.
2015-11-26 15:25:10 +01:00
cinap_lenrek
38e1e5272f libmp: initial attempt at constant time code, faster reductions for special primes (for ecc)
introduce MPtimesafe flag to request time invariant computation
disables normalization so significant digits are not leaked.
2015-11-21 09:39:59 +01:00
cinap_lenrek
847f3a0cf5 libsec: add chacha cipher (from charles forsyth) 2015-10-22 07:48:26 +02:00
cinap_lenrek
7effba9d98 libsec: add poly1305 2015-10-22 07:17:25 +02:00
cinap_lenrek
2f99484b9d merge 2015-10-15 13:22:48 +02:00
cinap_lenrek
a034e629f7 lib9p: do not override Srv.end in listensrv(), simplify srvclose() and recounting
listensrv() used to override Srv.end() with its own handler
to free the malloc'd Srv structure and close the fd. this
makes it impossible to register your own cleanup handler.
instead, we introduce the private Srv.free() handler that
is used by listensrv to register its cleanup code. Srv.free()
is called once all the srv procs have been exited and all
requests on that srv have been responded to while Srv.end()
is called once all the procs exited the srv loop regardless
of the requests still being in flight.
2015-10-15 13:21:30 +02:00
aiju
27d2955ccf lib9p: add reqqueuefree 2015-10-12 10:41:40 +02:00
cinap_lenrek
cde69a7822 ape: set MB_CUR_MAX to 4 in stdlib.h for 21-bit runes (thanks erik quanstro)
> fix silly bug with ape/stdlib.h which caused ape/lib/regexp/regcomp.c
> to miscompile regular expressions with runes > 0xffff.
2015-09-29 15:17:21 +02:00
cinap_lenrek
c3e1c158f6 libsec: implement dh parameter signature verification, stop lying about non-rsa ciphers, fix memory leaks in X509 code
actually verify the diffie hellman parameter signature, this
comes in two flavours. TLS1.2 uses X509 signature with a
single hash specified by the signature algorithm field in
the signature itself and pre TLS1.2 where md5+sha1 hashes
of the signed blob are pkcs1 padded and encrypted with the
rsa private key.

stop advertizing non-rsa cipher suits (DSS and ECDSA), as
we have not implmenented them.

fix some memory leaks in X509 code while we'r at it.
2015-09-22 18:10:52 +02:00
cinap_lenrek
b55315c3fd libthread: get rid of tprivalloc()/tprivfree()/tprivdata() and _workerdata() (thanks qrstuv)
these functions where undocumented and unused. especially
tprivfree() was buggy missing a unlock() call. theres not
much point in supporting these functions as theres
threaddata() and procdata().
2015-09-06 23:25:14 +02:00
cinap_lenrek
7562da90e5 libc: remove privfree(), simplify privalloc() 2015-09-06 20:43:05 +02:00