emu/Nt/ipif.c

6 files changed, 145 insertions, 105 deletions

diff --git a/appl/cmd/auth/dsagen.b b/appl/cmd/auth/dsagen.b
index 3e24df2f..51b50a12 100644
--- a/appl/cmd/auth/dsagen.b
+++ b/appl/cmd/auth/dsagen.b
@@ -5,9 +5,12 @@ include "sys.m";
 
 include "draw.m";
 
-include "keyring.m";
-	kr: Keyring;
-	IPint, DSAsk, DSApk, DSAsig: import kr;
+include "ipints.m";
+	ipints: IPints;
+	IPint: import ipints;
+
+include "crypt.m";
+	crypt: Crypt;
 
 include "arg.m";
 
@@ -19,7 +22,8 @@ Dsagen: module
 init(nil: ref Draw->Context, args: list of string)
 {
 	sys = load Sys Sys->PATH;
-	kr = load Keyring Keyring->PATH;
+	ipints = load IPints IPints->PATH;
+	crypt = load Crypt Crypt->PATH;
 
 	arg := load Arg Arg->PATH;
 	arg->init(args);
@@ -37,7 +41,7 @@ init(nil: ref Draw->Context, args: list of string)
 		arg->usage();
 	arg = nil;
 
-	sk := DSAsk.gen(nil);
+	sk := crypt->dsagen(nil);
 	if(tag != nil)
 		tag = " "+tag;
 	s := add("p", sk.pk.p);
diff --git a/appl/cmd/auth/factotum/proto/rsa.b b/appl/cmd/auth/factotum/proto/rsa.b
index 24dcef43..8af64578 100644
--- a/appl/cmd/auth/factotum/proto/rsa.b
+++ b/appl/cmd/auth/factotum/proto/rsa.b
@@ -1,6 +1,10 @@
 implement Authproto;
 
-# SSH RSA authentication.
+# SSH RSA authentication
+#
+# this version is compatible with Plan 9 factotum
+# Plan 9 port's factotum works differently, and eventually
+# we'll support both (the role= attribute distinguishes the cases), but not today
 #
 # Client protocol:
 #	read public key
@@ -16,35 +20,38 @@ include "sys.m";
 
 include "draw.m";
 
-include "keyring.m";
-	kr: Keyring;
-	IPint, RSAsk, RSApk: import kr;
+include "ipints.m";
+	ipints: IPints;
+	IPint: import ipints;
+include "crypt.m";
+	crypt: Crypt;
+	SK, PK: import crypt;
 
 include "../authio.m";
 	authio: Authio;
 	Aattr, Aval, Aquery: import Authio;
-	Attr, IO, Key, Authinfo: import authio;
+	Attr, IO, Key: import authio;
 	eqbytes, memrandom: import authio;
-	lookattrval: import authio;
+	findattrval: import authio;
 
 
 init(f: Authio): string
 {
 	authio = f;
 	sys = load Sys Sys->PATH;
-	kr = load Keyring Keyring->PATH;
-#	base16 = load Encoding Encoding->BASE16PATH;
+	ipints = load IPints IPints->PATH;
+	crypt = load Crypt Crypt->PATH;
 	return nil;
 }
 
 interaction(attrs: list of ref Attr, io: ref IO): string
 {
-	role := lookattrval(attrs, "role");
+	role := findattrval(attrs, "role");
 	if(role == nil)
 		return "role not specified";
 	if(role != "client")
 		return "only client role supported";
-	sk: ref RSAsk;
+	sk: ref SK.RSA;
 	keys: list of ref Key;
 	err: string;
 	for(;;){
@@ -67,7 +74,7 @@ interaction(attrs: list of ref Attr, io: ref IO): string
 					io.error("invalid challenge value");
 					continue;
 				}
-				m := sk.decrypt(chal);
+				m := crypt->rsadecrypt(sk, chal);
 				b := array of byte m.iptostr(16);
 				io.write(b, len b);
 				io.done(nil);
@@ -89,30 +96,33 @@ waitread(io: ref IO)
 
 Badkey: exception(string);
 
-ipint(attrs: list of ref Attr, name: string): ref IPint raises Badkey
+kv(key: ref Key, name: string): ref IPint raises Badkey
 {
-	s := lookattrval(attrs, name);
-	if(s == nil)
+	if(name[0] == '!')
+		a := authio->findattrval(key.secrets, name);
+	else
+		a = authio->findattrval(key.attrs, name);
+	if(a == nil)
 		raise Badkey("missing attribute "+name);
-	m := IPint.strtoip(s, 16);
+	m := IPint.strtoip(a, 16);
 	if(m == nil)
-		raise Badkey("invalid value for "+name);
+		raise Badkey("bad value for "+name);
 	return m;
 }
 
-keytorsa(k: ref Key): (ref RSAsk, string)
+keytorsa(k: ref Key): (ref SK.RSA, string)
 {
-	sk := ref RSAsk;
-	sk.pk = ref RSApk;
+	sk := ref SK.RSA;
+	sk.pk = ref PK.RSA;
 	{
-		sk.pk.ek = ipint(k.attrs, "ek");
-		sk.pk.n = ipint(k.attrs, "n");
-		sk.dk = ipint(k.secrets, "!dk");
-		sk.p = ipint(k.secrets, "!p");
-		sk.q = ipint(k.secrets, "!q");
-		sk.kp = ipint(k.secrets, "!kp");
-		sk.kq = ipint(k.secrets, "!kq");
-		sk.c2 = ipint(k.secrets, "!c2");
+		sk.pk.ek = kv(k, "ek");
+		sk.pk.n = kv(k, "n");
+		sk.dk = kv(k, "!dk");
+		sk.p = kv(k, "!p");
+		sk.q = kv(k, "!q");
+		sk.kp = kv(k, "!kp");
+		sk.kq = kv(k, "!kq");
+		sk.c2 = kv(k, "!c2");
 	}exception e{
 	Badkey =>
 		return (nil, "rsa key "+e);
diff --git a/appl/cmd/auth/getpk.b b/appl/cmd/auth/getpk.b
index 24283340..e2273d17 100644
--- a/appl/cmd/auth/getpk.b
+++ b/appl/cmd/auth/getpk.b
@@ -3,10 +3,14 @@ include "sys.m";
 	sys: Sys;
 include "draw.m";
 include "arg.m";
-include "keyring.m";
-	keyring: Keyring;
+include "ipints.m";
+include "crypt.m";
+	crypt: Crypt;
+include "oldauth.m";
+	oldauth: Oldauth;
 
-Getpk: module {
+Getpk: module
+{
 	init: fn(nil: ref Draw->Context, argv: list of string);
 };
 
@@ -19,14 +23,18 @@ badmodule(p: string)
 init(nil: ref Draw->Context, argv: list of string)
 {
 	sys = load Sys Sys->PATH;
-	keyring = load Keyring Keyring->PATH;
-	if(keyring == nil)
-		badmodule(Keyring->PATH);
+	crypt = load Crypt Crypt->PATH;
+	if(crypt == nil)
+		badmodule(Crypt->PATH);
+	oldauth = load Oldauth Oldauth->PATH;
+	if(oldauth == nil)
+		badmodule(Oldauth->PATH);
+	oldauth->init();
 	arg := load Arg Arg->PATH;
 	if(arg == nil)
 		badmodule(Arg->PATH);
 	arg->init(argv);
-	arg->setusage("usage: getpk [-asu] file...");
+	arg->setusage("getpk [-asu] file...");
 	aflag := 0;
 	sflag := 0;
 	uflag := 0;
@@ -47,7 +55,7 @@ init(nil: ref Draw->Context, argv: list of string)
 		arg->usage();
 	multi := len argv > 1;
 	for(; argv != nil; argv = tl argv){
-		info := keyring->readauthinfo(hd argv);
+		info := oldauth->readauthinfo(hd argv);
 		if(info == nil){
 			sys->fprint(sys->fildes(2), "getpk: cannot read %s: %r\n", hd argv);
 			continue;
@@ -55,13 +63,13 @@ init(nil: ref Draw->Context, argv: list of string)
 		pk := info.mypk;
 		if(sflag)
 			pk = info.spk;
-		s := keyring->pktostr(pk);
+		s := oldauth->pktostr(pk, info.owner);
 		if(!aflag)
 			s = hex(hash(s));
 		if(multi)
 			s = hd argv + ": " + s;
 		if(uflag)
-			s += " " + pk.owner;
+			s += " " + info.owner;
 		sys->print("%s\n", s);
 	}
 }
@@ -69,8 +77,8 @@ init(nil: ref Draw->Context, argv: list of string)
 hash(s: string): array of byte
 {
 	d := array of byte s;
-	digest := array[Keyring->SHA1dlen] of byte;
-	keyring->sha1(d, len d, digest, nil);
+	digest := array[Crypt->SHA1dlen] of byte;
+	crypt->sha1(d, len d, digest, nil);
 	return digest;
 }
 
diff --git a/appl/cmd/auth/rsagen.b b/appl/cmd/auth/rsagen.b
index a1a4477c..48fcba6d 100644
--- a/appl/cmd/auth/rsagen.b
+++ b/appl/cmd/auth/rsagen.b
@@ -5,8 +5,12 @@ include "sys.m";
 
 include "draw.m";
 
-include "keyring.m";
-	kr: Keyring;
+include "ipints.m";
+	ipints: IPints;
+	IPint: import ipints;
+
+include "crypt.m";
+	crypt: Crypt;
 
 include "arg.m";
 
@@ -18,7 +22,8 @@ Rsagen: module
 init(nil: ref Draw->Context, args: list of string)
 {
 	sys = load Sys Sys->PATH;
-	kr = load Keyring Keyring->PATH;
+	ipints = load IPints IPints->PATH;
+	crypt = load Crypt Crypt->PATH;
 
 	arg := load Arg Arg->PATH;
 	arg->init(args);
@@ -43,34 +48,31 @@ init(nil: ref Draw->Context, args: list of string)
 		arg->usage();
 	arg = nil;
 
-	sk := kr->genSK("rsa", "", nbits);
+	sk := crypt->rsagen(nbits, 6, 0);
 	if(sk == nil)
 		error("unable to generate key");
-	s := kr->sktoattr(sk);
-	# need to fix the attr interface so the following isn't needed:
-	s = skip(s, "alg");
-	s = skip(s, "owner");
 	if(tag != nil)
 		tag = " "+tag;
-	a := sys->aprint("key proto=rsa%s size=%d %s\n", tag, nbits, s);
+	s := add("ek", sk.pk.ek);
+	s += add("n", sk.pk.n);
+	s += add("!dk", sk.dk);
+	s += add("!p", sk.p);
+	s += add("!q", sk.q);
+	s += add("!kp", sk.kp);
+	s += add("!kq", sk.kq);
+	s += add("!c2", sk.c2);
+	a := sys->aprint("key proto=rsa%s size=%d%s\n", tag, sk.pk.n.bits(), s);
 	if(sys->write(sys->fildes(1), a, len a) != len a)
 		error(sys->sprint("error writing key: %r"));
 }
 
-skip(s: string, attr: string): string
-{
-	for(i := 0; i < len s && s[i] != ' '; i++)
-		{}
-	if(i >= len s)
-		return s;
-	(nf, fld) := sys->tokenize(s[0:i], "=");
-	if(nf == 2 && hd fld == attr)
-		s = s[i+1:];
-	return s;
-}
-
 error(s: string)
 {
 	sys->fprint(sys->fildes(2), "rsagen: %s\n", s);
 	raise "fail:error";
 }
+
+add(name: string, b: ref IPint): string
+{
+	return " "+name+"="+b.iptostr(16);
+}
diff --git a/appl/cmd/auth/signer.b b/appl/cmd/auth/signer.b
index b3f4669d..b27a719c 100644
--- a/appl/cmd/auth/signer.b
+++ b/appl/cmd/auth/signer.b
@@ -5,10 +5,20 @@ include "sys.m";
 
 include "draw.m";
 
-include "keyring.m";
-	kr: Keyring;
-	IPint: import kr;
+include "ipints.m";
+	ipints: IPints;
+	IPint: import ipints;
+
+include "crypt.m";
+	crypt: Crypt;
+
+include "oldauth.m";
+	oldauth: Oldauth;
 
+include "msgio.m";
+	msgio: Msgio;
+
+include "keyring.m";
 include "security.m";
 	random: Random;
 
@@ -29,7 +39,12 @@ init(nil: ref Draw->Context, nil: list of string)
 {
 	sys = load Sys Sys->PATH;
 	random = load Random Random->PATH;
-	kr = load Keyring Keyring->PATH;
+	ipints = load IPints IPints->PATH;
+	crypt = load Crypt Crypt->PATH;
+	oldauth = load Oldauth Oldauth->PATH;
+	oldauth->init();
+	msgio = load Msgio Msgio->PATH;
+	msgio->init();
 
 	stdin = sys->fildes(0);
 	stdout = sys->fildes(1);
@@ -55,75 +70,75 @@ sign(): string
 		return "can't read key";
 
 	# send public part to client
-	mypkbuf := array of byte kr->pktostr(kr->sktopk(info.mysk));
-	kr->sendmsg(stdout, mypkbuf, len mypkbuf);
+	mypkbuf := array of byte oldauth->pktostr(crypt->sktopk(info.mysk), info.owner);
+	msgio->sendmsg(stdout, mypkbuf, len mypkbuf);
 	alphabuf := array of byte info.alpha.iptob64();
-	kr->sendmsg(stdout, alphabuf, len alphabuf);
+	msgio->sendmsg(stdout, alphabuf, len alphabuf);
 	pbuf := array of byte info.p.iptob64();
-	kr->sendmsg(stdout, pbuf, len pbuf);
+	msgio->sendmsg(stdout, pbuf, len pbuf);
 
 	# get client's public key
-	hisPKbuf := kr->getmsg(stdin);
+	hisPKbuf := msgio->getmsg(stdin);
 	if(hisPKbuf == nil)
 		return "caller hung up";
-	hisPK := kr->strtopk(string hisPKbuf);
+	(hisPK, hisname) := oldauth->strtopk(string hisPKbuf);
 	if(hisPK == nil)
 		return "illegal caller PK";
 
 	# hash, sign, and blind
-	state := kr->sha1(hisPKbuf, len hisPKbuf, nil, nil);
-	cert := kr->sign(info.mysk, 0, state, "sha1");
+	state := crypt->sha1(hisPKbuf, len hisPKbuf, nil, nil);
+	cert := oldauth->sign(info.mysk, info.owner, 0, state, "sha1");
 
 	# sanity clause
-	state = kr->sha1(hisPKbuf, len hisPKbuf, nil, nil);
-	if(kr->verify(info.mypk, cert, state) == 0)
+	state = crypt->sha1(hisPKbuf, len hisPKbuf, nil, nil);
+	if(oldauth->verify(info.mypk, cert, state) == 0)
 		return "bad signer certificate";
 
-	certbuf := array of byte kr->certtostr(cert);
+	certbuf := array of byte oldauth->certtostr(cert);
 	blind := random->randombuf(random->ReallyRandom, len certbuf);
 	for(i := 0; i < len blind; i++)
 		certbuf[i] = certbuf[i] ^ blind[i];
 
 	# sum PKs and blinded certificate
-	state = kr->md5(mypkbuf, len mypkbuf, nil, nil);
-	kr->md5(hisPKbuf, len hisPKbuf, nil, state);
+	state = crypt->md5(mypkbuf, len mypkbuf, nil, nil);
+	crypt->md5(hisPKbuf, len hisPKbuf, nil, state);
 	digest := array[Keyring->MD5dlen] of byte;
-	kr->md5(certbuf, len certbuf, digest, state);
+	crypt->md5(certbuf, len certbuf, digest, state);
 
 	# save sum and blinded cert in a file
-	file := "signed/"+hisPK.owner;
+	file := "signed/"+hisname;
 	fd := sys->create(file, Sys->OWRITE, 8r600);
 	if(fd == nil)
 		return "can't create "+file+sys->sprint(": %r");
-	if(kr->sendmsg(fd, blind, len blind) < 0 ||
-	   kr->sendmsg(fd, digest, len digest) < 0){
+	if(msgio->sendmsg(fd, blind, len blind) < 0 ||
+	   msgio->sendmsg(fd, digest, len digest) < 0){
 		sys->remove(file);
 		return "can't write "+file+sys->sprint(": %r");
 	}
 
 	# send blinded cert to client
-	kr->sendmsg(stdout, certbuf, len certbuf);
+	msgio->sendmsg(stdout, certbuf, len certbuf);
 
 	return nil;
 }
 
-signerkey(filename: string): ref Keyring->Authinfo
+signerkey(filename: string): ref Oldauth->Authinfo
 {
-	info := kr->readauthinfo(filename);
+	info := oldauth->readauthinfo(filename);
 	if(info != nil)
 		return info;
 
 	# generate a local key
-	info = ref Keyring->Authinfo;
-	info.mysk = kr->genSK("elgamal", "*", PKmodlen);
-	info.mypk = kr->sktopk(info.mysk);
-	info.spk = kr->sktopk(info.mysk);
-	myPKbuf := array of byte kr->pktostr(info.mypk);
-	state := kr->sha1(myPKbuf, len myPKbuf, nil, nil);
-	info.cert = kr->sign(info.mysk, 0, state, "sha1");
-	(info.alpha, info.p) = kr->dhparams(DHmodlen);
-
-	if(kr->writeauthinfo(filename, info) < 0){
+	info = ref Oldauth->Authinfo;
+	info.mysk = crypt->genSK("elgamal", PKmodlen);
+	info.mypk = crypt->sktopk(info.mysk);
+	info.spk = crypt->sktopk(info.mysk);
+	myPKbuf := array of byte oldauth->pktostr(info.mypk, "*");
+	state := crypt->sha1(myPKbuf, len myPKbuf, nil, nil);
+	info.cert = oldauth->sign(info.mysk, "*", 0, state, "sha1");
+	(info.alpha, info.p) = crypt->dhparams(DHmodlen);
+
+	if(oldauth->writeauthinfo(filename, info) < 0){
 		sys->fprint(stderr, "can't write signerkey file: %r\n");
 		return nil;
 	}
diff --git a/appl/cmd/auth/verify.b b/appl/cmd/auth/verify.b
index d829a76c..91fe1a86 100644
--- a/appl/cmd/auth/verify.b
+++ b/appl/cmd/auth/verify.b
@@ -3,8 +3,8 @@ implement Verify;
 include "sys.m";
 	sys: Sys;
 
-include "keyring.m";
-	kr: Keyring;
+include "msgio.m";
+	msgio: Msgio;
 
 include "draw.m";
 
@@ -25,7 +25,8 @@ pro := array[] of {
 init(nil: ref Draw->Context, args: list of string)
 {
 	sys = load Sys Sys->PATH;
-	kr = load Keyring Keyring->PATH;
+	msgio = load Msgio Msgio->PATH;
+	msgio->init();
 
 	stdin = sys->fildes(0);
 	stderr = sys->fildes(2);
@@ -50,8 +51,8 @@ init(nil: ref Draw->Context, args: list of string)
 		sys->fprint(stderr, "signer: can't open %s: %r\n", file);
 		raise "fail:no certificate";
 	}
-	certbuf := kr->getmsg(fd);
-	digest := kr->getmsg(fd);
+	certbuf := msgio->getmsg(fd);
+	digest := msgio->getmsg(fd);
 	if(digest == nil || certbuf == nil){
 		sys->fprint(stderr, "signer: can't read %s: %r\n", file);
 		raise "fail:bad certificate";
@@ -78,7 +79,7 @@ init(nil: ref Draw->Context, args: list of string)
 		sys->fprint(stderr, "signer: can't create %s: %r\n", nfile);
 		raise "fail:create";
 	}
-	if(kr->sendmsg(fd, certbuf, len certbuf) < 0){
+	if(msgio->sendmsg(fd, certbuf, len certbuf) < 0){
 		sys->fprint(stderr, "signer: can't write %s: %r\n", nfile);
 		raise "fail:write";
 	}