diff options
Diffstat (limited to 'module/keyring.m')
| -rw-r--r-- | module/keyring.m | 238 |
1 files changed, 238 insertions, 0 deletions
diff --git a/module/keyring.m b/module/keyring.m new file mode 100644 index 00000000..753aea12 --- /dev/null +++ b/module/keyring.m @@ -0,0 +1,238 @@ +# +# security routines implemented in C +# +Keyring: module +{ + PATH: con "$Keyring"; + + # infinite precision integers + IPint: adt + { + x: int; # dummy for C compiler for runt.h + + # conversions + iptob64: fn(i: self ref IPint): string; + b64toip: fn(str: string): ref IPint; + iptobytes: fn(i: self ref IPint): array of byte; + iptobebytes: fn(i: self ref IPint): array of byte; + bytestoip: fn(buf: array of byte): ref IPint; + bebytestoip: fn(mag: array of byte): ref IPint; + inttoip: fn(i: int): ref IPint; + iptoint: fn(i: self ref IPint): int; + iptostr: fn(i: self ref IPint, base: int): string; + strtoip: fn(str: string, base: int): ref IPint; + + # create a random large integer using the accelerated generator + random: fn(minbits, maxbits: int): ref IPint; + + # operations + bits: fn(i: self ref IPint): int; + expmod: fn(base: self ref IPint, exp, mod: ref IPint): ref IPint; + invert: fn(base: self ref IPint, mod: ref IPint): ref IPint; + add: fn(i1: self ref IPint, i2: ref IPint): ref IPint; + sub: fn(i1: self ref IPint, i2: ref IPint): ref IPint; + neg: fn(i: self ref IPint): ref IPint; + mul: fn(i1: self ref IPint, i2: ref IPint): ref IPint; + div: fn(i1: self ref IPint, i2: ref IPint): (ref IPint, ref IPint); + eq: fn(i1: self ref IPint, i2: ref IPint): int; + cmp: fn(i1: self ref IPint, i2: ref IPint): int; + copy: fn(i: self ref IPint): ref IPint; + + # shifts + shl: fn(i: self ref IPint, n: int): ref IPint; + shr: fn(i: self ref IPint, n: int): ref IPint; + }; + + # signature algorithm + SigAlg: adt + { + name: string; + # C function pointers are hidden + }; + + # generic public key + PK: adt + { + sa: ref SigAlg; # signature algorithm + owner: string; # owner's name + # key and system parameters are hidden + }; + + # generic secret key + SK: adt + { + sa: ref SigAlg; # signature algorithm + owner: string; # owner's name + # key and system parameters are hidden + }; + + # generic certificate + Certificate: adt + { + sa: ref SigAlg; # signature algorithm + ha: string; # hash algorithm + signer: string; # name of signer + exp: int; # expiration date + # actual signature is hidden + }; + + # state held while creating digests + DigestState: adt + { + x: int; # dummy for C compiler for runt.h + # all the state is hidden + + copy: fn(d: self ref DigestState): ref DigestState; + }; + + # expanded AES key + state for chaining + AESstate: adt + { + x: int; # dummy for C compiler for runt.h + # all the state is hidden + }; + + # expanded DES key + state for chaining + DESstate: adt + { + x: int; # dummy for C compiler for runt.h + # all the state is hidden + }; + + # expanded IDEA key + state for chaining + IDEAstate: adt + { + x: int; # dummy for C compiler for runt.h + # all the state is hidden + }; + + # expanded RC4 key + encryption state + RC4state: adt + { + x: int; # dummy for C compiler for runt.h + # all the state is hidden + }; + + # authentication info + Authinfo: adt + { + mysk: ref SK; # my private key + mypk: ref PK; # my public key + cert: ref Certificate; # signature of my public key + spk: ref PK; # signers public key + alpha: ref IPint; # diffie helman parameters + p: ref IPint; + }; + + # convert types to byte strings + certtostr: fn (c: ref Certificate): string; + pktostr: fn (pk: ref PK): string; + sktostr: fn (sk: ref SK): string; + + # parse byte strings into types + strtocert: fn (s: string): ref Certificate; + strtopk: fn (s: string): ref PK; + strtosk: fn (s: string): ref SK; + + # convert types to attr/value pairs + certtoattr: fn (c: ref Certificate): string; + pktoattr: fn (pk: ref PK): string; + sktoattr: fn (sk: ref SK): string; + + # parse a/v pairs into types +# attrtocert: fn (s: string): ref Certificate; +# attrtopk: fn (s: string): ref PK; +# attrtosk: fn (s: string): ref SK; + + # create and verify signatures + sign: fn (sk: ref SK, exp: int, state: ref DigestState, ha: string): + ref Certificate; + verify: fn (pk: ref PK, cert: ref Certificate, state: ref DigestState): + int; + signm: fn (sk: ref SK, m: ref IPint, ha: string): + ref Certificate; + verifym: fn (pk: ref PK, cert: ref Certificate, m: ref IPint): + int; + + # generate keys + genSK: fn (algname, owner: string, length: int): ref SK; + genSKfromPK: fn (pk: ref PK, owner: string): ref SK; + sktopk: fn (sk: ref SK): ref PK; + + # digests + sha1: fn(buf: array of byte, n: int, digest: array of byte, state: ref DigestState): + ref DigestState; + md4: fn(buf: array of byte, n: int, digest: array of byte, state: ref DigestState): + ref DigestState; + md5: fn(buf: array of byte, n: int, digest: array of byte, state: ref DigestState): + ref DigestState; + + hmac_sha1: fn(data: array of byte, n: int, key: array of byte, digest: array of byte, state: ref DigestState): + ref DigestState; + hmac_md5: fn(data: array of byte, n: int, key: array of byte, digest: array of byte, state: ref DigestState): + ref DigestState; + + # encryption interfaces + Encrypt: con 0; + Decrypt: con 1; + + AESbsize: con 16; + + aessetup: fn(key: array of byte, ivec: array of byte): ref AESstate; + aescbc: fn(state: ref AESstate, buf: array of byte, n: int, direction: int); + + DESbsize: con 8; + + dessetup: fn(key: array of byte, ivec: array of byte): ref DESstate; + desecb: fn(state: ref DESstate, buf: array of byte, n: int, direction: int); + descbc: fn(state: ref DESstate, buf: array of byte, n: int, direction: int); + + IDEAbsize: con 8; + + ideasetup: fn(key: array of byte, ivec: array of byte): ref IDEAstate; + ideaecb: fn(state: ref IDEAstate, buf: array of byte, n: int, direction: int); + ideacbc: fn(state: ref IDEAstate, buf: array of byte, n: int, direction: int); + + rc4setup: fn(seed: array of byte): ref RC4state; + rc4: fn(state: ref RC4state, buf: array of byte, n: int); + rc4skip: fn(state: ref RC4state, n: int); + rc4back: fn(state: ref RC4state, n: int); + + # create an alpha and p for diffie helman exchanges + dhparams: fn(nbits: int): (ref IPint, ref IPint); + + # comm link authentication is symmetric + auth: fn(fd: ref Sys->FD, info: ref Authinfo, setid: int): (string, array of byte); + + # auth io + readauthinfo: fn(filename: string): ref Authinfo; + writeauthinfo: fn(filename: string, info: ref Authinfo): int; + + # message io on a delimited connection (ssl for example) + # messages > 4096 bytes are truncated + # errors > 64 bytes are truncated + # getstring and getbytearray return (result, error). + getstring: fn(fd: ref Sys->FD): (string, string); + putstring: fn(fd: ref Sys->FD, s: string): int; + getbytearray: fn(fd: ref Sys->FD): (array of byte, string); + putbytearray: fn(fd: ref Sys->FD, a: array of byte, n: int): int; + puterror: fn(fd: ref Sys->FD, s: string): int; + + # to send and receive messages when ssl isn't pushed + getmsg: fn(fd: ref Sys->FD): array of byte; + sendmsg: fn(fd: ref Sys->FD, buf: array of byte, n: int): int; + senderrmsg: fn(fd: ref Sys->FD, s: string): int; + + # algorithms + DEScbc: con 0; + DESecb: con 1; + SHA1: con 2; + MD5: con 3; + MD4: con 4; + IDEAcbc: con 5; + IDEAecb: con 6; + + SHA1dlen: con 20; + MD5dlen: con 16; + MD4dlen: con 16; +}; |