xref: /inferno-os/module/keyring.m (revision f1dcfd03b4648fd6c0221d14436b391cd368beac) 
1#
2#  security routines implemented in C
3#
4Keyring: module
5{
6	PATH:	con	"$Keyring";
7
8	# infinite precision integers
9	IPint: adt
10	{
11		x:	int;	# dummy for C compiler for runt.h
12
13		# conversions
14		iptob64:	fn(i: self ref IPint): string;
15		iptob64z:	fn(i: self ref IPint): string;
16		b64toip:	fn(str: string): ref IPint;
17		iptobytes:	fn(i: self ref IPint): array of byte;
18		iptobebytes:	fn(i: self ref IPint): array of byte;
19		bytestoip:	fn(buf: array of byte): ref IPint;
20		bebytestoip:	fn(mag: array of byte): ref IPint;
21		inttoip:	fn(i: int): ref IPint;
22		iptoint:	fn(i: self ref IPint): int;
23		iptostr:	fn(i: self ref IPint, base: int): string;
24		strtoip:	fn(str: string, base: int): ref IPint;
25
26		# create a random large integer using the accelerated generator
27		random:		fn(minbits, maxbits: int): ref IPint;
28
29		# operations
30		bits:		fn(i: self ref IPint): int;
31		expmod:	fn(base: self ref IPint, exp, mod: ref IPint): ref IPint;
32		invert:	fn(base: self ref IPint, mod: ref IPint): ref IPint;
33		add:		fn(i1: self ref IPint, i2: ref IPint): ref IPint;
34		sub:		fn(i1: self ref IPint, i2: ref IPint): ref IPint;
35		neg:		fn(i: self ref IPint): ref IPint;
36		mul:		fn(i1: self ref IPint, i2: ref IPint): ref IPint;
37		div:		fn(i1: self ref IPint, i2: ref IPint): (ref IPint, ref IPint);
38		mod:	fn(i1: self ref IPint, i2: ref IPint): ref IPint;
39		eq:		fn(i1: self ref IPint, i2: ref IPint): int;
40		cmp:		fn(i1: self ref IPint, i2: ref IPint): int;
41		copy:	fn(i: self ref IPint): ref IPint;
42
43		# shifts
44		shl:	fn(i: self ref IPint, n: int): ref IPint;
45		shr:	fn(i: self ref IPint, n: int): ref IPint;
46
47		# bitwise
48		and:	fn(i1: self ref IPint, i2: ref IPint): ref IPint;
49		ori:	fn(i1: self ref IPint, i2: ref IPint): ref IPint;
50		xor:	fn(i1: self ref IPint, i2: ref IPint): ref IPint;
51		not:	fn(i1: self ref IPint): ref IPint;
52	};
53
54	# signature algorithm
55	SigAlg: adt
56	{
57		name:	string;
58		# C function pointers are hidden
59	};
60
61	# generic public key
62	PK: adt
63	{
64		sa:	ref SigAlg;	# signature algorithm
65		owner:	string;		# owner's name
66		# key and system parameters are hidden
67	};
68
69	# generic secret key
70	SK: adt
71	{
72		sa:	ref SigAlg;	# signature algorithm
73		owner:	string;		# owner's name
74		# key and system parameters are hidden
75	};
76
77	# generic certificate
78	Certificate: adt
79	{
80		sa:	ref SigAlg;	# signature algorithm
81		ha:	string;		# hash algorithm
82		signer:	string;		# name of signer
83		exp:	int;		# expiration date
84		# actual signature is hidden
85	};
86
87	# state held while creating digests
88	DigestState: adt
89	{
90		x:	int;		# dummy for C compiler for runt.h
91		# all the state is hidden
92
93		copy:	fn(d: self ref DigestState): ref DigestState;
94	};
95
96	# expanded AES key + state for chaining
97	AESstate: adt
98	{
99		x:	int;		# dummy for C compiler for runt.h
100		# all the state is hidden
101	};
102
103	# expanded DES key + state for chaining
104	DESstate: adt
105	{
106		x:	int;		# dummy for C compiler for runt.h
107		# all the state is hidden
108	};
109
110	# expanded IDEA key + state for chaining
111	IDEAstate: adt
112	{
113		x:	int;		# dummy for C compiler for runt.h
114		# all the state is hidden
115	};
116
117	# expanded RC4 key + encryption state
118	RC4state: adt
119	{
120		x:	int;		# dummy for C compiler for runt.h
121		# all the state is hidden
122	};
123
124	# expanded Blowfish key + state for chaining
125	BFstate: adt
126	{
127		x:	int;		# dummy for C compiler for runt.h
128		# all the state is hidden
129	};
130
131	# authentication info
132	Authinfo: adt
133	{
134		mysk:	ref SK;			# my private key
135		mypk:	ref PK;			# my public key
136		cert:	ref Certificate;	# signature of my public key
137		spk:	ref PK;			# signers public key
138		alpha:	ref IPint;		# diffie helman parameters
139		p:	ref IPint;
140	};
141
142	# convert types to byte strings
143	certtostr: fn (c: ref Certificate): string;
144	pktostr: fn (pk: ref PK): string;
145	sktostr: fn (sk: ref SK): string;
146
147	# parse byte strings into types
148	strtocert: fn (s: string): ref Certificate;
149	strtopk: fn (s: string): ref PK;
150	strtosk: fn (s: string): ref SK;
151
152	# convert types to attr/value pairs
153	certtoattr: fn (c: ref Certificate): string;
154	pktoattr: fn (pk: ref PK): string;
155	sktoattr: fn (sk: ref SK): string;
156
157	# parse a/v pairs into types
158#	attrtocert: fn (s: string): ref Certificate;
159#	attrtopk: fn (s: string): ref PK;
160#	attrtosk: fn (s: string): ref SK;
161
162	# create and verify signatures
163	sign: fn (sk: ref SK, exp: int, state: ref DigestState, ha: string):
164		ref Certificate;
165	verify: fn (pk: ref PK, cert: ref Certificate, state: ref DigestState):
166		int;
167	signm: fn (sk: ref SK, m: ref IPint, ha: string):
168		ref Certificate;
169	verifym: fn (pk: ref PK, cert: ref Certificate, m: ref IPint):
170		int;
171
172	# generate keys
173	genSK: fn (algname, owner: string, length: int): ref SK;
174	genSKfromPK: fn (pk: ref PK, owner: string): ref SK;
175	sktopk: fn (sk: ref SK): ref PK;
176
177	# digests
178	md4: fn(buf: array of byte, n: int, digest: array of byte, state: ref DigestState):
179		ref DigestState;
180	md5: fn(buf: array of byte, n: int, digest: array of byte, state: ref DigestState):
181		ref DigestState;
182	sha1: fn(buf: array of byte, n: int, digest: array of byte, state: ref DigestState):
183		ref DigestState;
184	sha224: fn(buf: array of byte, n: int, digest: array of byte, state: ref DigestState):
185		ref DigestState;
186	sha256: fn(buf: array of byte, n: int, digest: array of byte, state: ref DigestState):
187		ref DigestState;
188	sha384: fn(buf: array of byte, n: int, digest: array of byte, state: ref DigestState):
189		ref DigestState;
190	sha512: fn(buf: array of byte, n: int, digest: array of byte, state: ref DigestState):
191		ref DigestState;
192
193	hmac_sha1: fn(data: array of byte, n: int, key: array of byte, digest: array of byte, state: ref DigestState):
194		ref DigestState;
195	hmac_md5: fn(data: array of byte, n: int, key: array of byte, digest: array of byte, state: ref DigestState):
196		ref DigestState;
197
198	SHA1dlen:	con 20;
199	SHA224dlen:	con 28;
200	SHA256dlen:	con 32;
201	SHA384dlen:	con 48;
202	SHA512dlen:	con 64;
203	MD5dlen:	con 16;
204	MD4dlen:	con 16;
205
206	# encryption interfaces
207	Encrypt:	con 0;
208	Decrypt:	con 1;
209
210	AESbsize:	con 16;
211
212	aessetup: fn(key: array of byte, ivec: array of byte): ref AESstate;
213	aescbc: fn(state: ref AESstate, buf: array of byte, n: int, direction: int);
214
215	DESbsize: con 8;
216
217	dessetup: fn(key: array of byte, ivec: array of byte): ref DESstate;
218	desecb: fn(state: ref DESstate, buf: array of byte, n: int, direction: int);
219	descbc: fn(state: ref DESstate, buf: array of byte, n: int, direction: int);
220
221	IDEAbsize: con 8;
222
223	ideasetup: fn(key: array of byte, ivec: array of byte): ref IDEAstate;
224	ideaecb: fn(state: ref IDEAstate, buf: array of byte, n: int, direction: int);
225	ideacbc: fn(state: ref IDEAstate, buf: array of byte, n: int, direction: int);
226
227	BFbsize: con 8;
228
229	blowfishsetup: fn(key: array of byte, ivec: array of byte): ref BFstate;
230#	blowfishecb: fn(state: ref BFstate, buf: array of byte, n: int, direction: int);
231	blowfishcbc: fn(state: ref BFstate, buf: array of byte, n: int, direction: int);
232
233	rc4setup:	fn(seed: array of byte): ref RC4state;
234	rc4:	fn(state: ref RC4state, buf: array of byte, n: int);
235	rc4skip:	fn(state: ref RC4state, n: int);
236	rc4back:	fn(state: ref RC4state, n: int);
237
238	# create an alpha and p for diffie helman exchanges
239	dhparams: fn(nbits: int): (ref IPint, ref IPint);
240
241	# comm link authentication is symmetric
242	auth: fn(fd: ref Sys->FD, info: ref Authinfo, setid: int): (string, array of byte);
243
244	# auth io
245	readauthinfo: fn(filename: string): ref Authinfo;
246	writeauthinfo: fn(filename: string, info: ref Authinfo): int;
247
248	# message io on a delimited connection (ssl for example)
249	#  messages > 4096 bytes are truncated
250	#  errors > 64 bytes are truncated
251	# getstring and getbytearray return (result, error).
252	getstring: fn(fd: ref Sys->FD): (string, string);
253	putstring: fn(fd: ref Sys->FD, s: string): int;
254	getbytearray: fn(fd: ref Sys->FD): (array of byte, string);
255	putbytearray: fn(fd: ref Sys->FD, a: array of byte, n: int): int;
256	puterror: fn(fd: ref Sys->FD, s: string): int;
257
258	# to send and receive messages when ssl isn't pushed
259	getmsg: fn(fd: ref Sys->FD): array of byte;
260	sendmsg: fn(fd: ref Sys->FD, buf: array of byte, n: int): int;
261	senderrmsg: fn(fd: ref Sys->FD, s: string): int;
262
263	RSApk: adt {
264		n:	ref IPint;		# modulus
265		ek:	ref IPint;		# exp (encryption key)
266
267		encrypt:	fn(k: self ref RSApk, m: ref IPint): ref IPint;
268		verify:	fn(k: self ref RSApk, sig: ref RSAsig, m: ref IPint): int;
269	};
270
271	RSAsk: adt {
272		pk:	ref RSApk;
273		dk:	ref IPint;		# exp (decryption key)
274		p:	ref IPint;		# q in pkcs
275		q:	ref IPint;		# p in pkcs
276
277		# precomputed crt values
278		kp:	ref IPint;		# k mod p-1
279		kq:	ref IPint;		# k mod q-1
280		c2:	ref IPint;		# for converting residues to number
281
282		gen:	fn(nlen: int, elen: int, nrep: int): ref RSAsk;
283		fill:	fn(n: ref IPint, e: ref IPint, d: ref IPint, p: ref IPint, q: ref IPint): ref RSAsk;
284		decrypt:	fn(k: self ref RSAsk, m: ref IPint): ref IPint;
285		sign:	fn(k: self ref RSAsk, m: ref IPint): ref RSAsig;
286	};
287
288	RSAsig: adt {
289		n:	ref IPint;
290	};
291
292	DSApk: adt {
293		p:	ref IPint;	# modulus
294		q:	ref IPint;	# group order, q divides p-1
295		alpha: ref IPint;	# group generator
296		key:	ref IPint;	# encryption key (alpha**secret mod p)
297
298		verify:	fn(k: self ref DSApk, sig: ref DSAsig, m: ref IPint): int;
299	};
300
301	DSAsk: adt {
302		pk:	ref DSApk;
303		secret:	ref IPint;	# decryption key
304
305		gen:	fn(oldpk: ref DSApk): ref DSAsk;
306		sign:	fn(k: self ref DSAsk, m: ref IPint): ref DSAsig;
307	};
308
309	DSAsig: adt {
310		r:	ref IPint;
311		s:	ref IPint;
312	};
313
314	EGpk: adt {
315		p:	ref IPint;		# modulus
316		alpha: ref IPint;		# generator
317		key:	ref IPint;		# encryption key (alpha**secret mod p)
318
319		verify:	fn(k: self ref EGpk, sig: ref EGsig, m: ref IPint): int;
320	};
321
322	EGsk: adt {
323		pk:	ref EGpk;
324		secret:	ref IPint;	# decryption key
325
326		gen:	fn(nlen: int, nrep: int): ref EGsk;
327		sign:	fn(k: self ref EGsk, m: ref IPint): ref EGsig;
328	};
329
330	EGsig: adt {
331		r:	ref IPint;
332		s:	ref IPint;
333	};
334
335};
336