/* nettle.cmod -*- c -*- */ |
|
#include "global.h" |
RCSID("$Id: nettle.cmod,v 1.16 2003/08/24 18:28:24 nilsson Exp $"); |
#include "interpret.h" |
#include "svalue.h" |
/* For this_object() */ |
#include "object.h" |
#include "module_support.h" |
|
#include "nettle_config.h" |
|
#ifdef HAVE_LIBNETTLE |
|
#include "nettle.h" |
|
#include <nettle/yarrow.h> |
|
#include <assert.h> |
#include <stdio.h> |
#include <stdarg.h> |
|
DECLARATIONS |
|
/*! @module Nettle |
*! Low level crypto functions used by the @[Crypto] module. Unless |
*! you are doing something very special, you would want to use the |
*! Crypto module instead. |
*/ |
|
/*! @class Yarrow |
*! |
*! Yarrow is a family of pseudo-randomness generators, designed for |
*! cryptographic use, by John Kelsey, Bruce Schneier and Niels Ferguson. |
*! Yarrow-160 is described in a paper at |
*! @url{http://www.counterpane.com/yarrow.html@}, and it uses SHA1 and |
*! triple-DES, and has a 160-bit internal state. Nettle implements |
*! Yarrow-256, which is similar, but uses SHA256 and AES to get an |
*! internal state of 256 bits. |
*/ |
PIKECLASS Yarrow |
{ |
CVAR struct yarrow256_ctx *ctx; |
CVAR struct yarrow_source *sources; |
|
/*! @decl void create(void|int sources) |
*! The number of entropy sources that will feed entropy to the |
*! random number generator is given as an argument to Yarrow |
*! during instantiation. |
*! @seealso |
*! @[update] |
*/ |
PIKEFUN void create(void|int arg) { |
INT32 num = 0; |
THIS->sources = NULL; |
|
if(arg) { |
if (arg->type != PIKE_T_INT) |
Pike_error("Bad argument type.\n"); |
num = arg->u.integer; |
if(num < 0) |
Pike_error("Invalid number of sources.\n"); |
THIS->sources = xalloc(sizeof(struct yarrow_source)*num); |
} |
|
yarrow256_init(THIS->ctx, num, THIS->sources); |
} |
|
/*! @decl Yarrow seed(string data) |
*! The random generator needs to be seeded before |
*! it can be used. The seed must be at least 32 |
*! characters long. The seed could be stored from |
*! a previous run by inserting the value returned |
*! from @[get_seed]. |
*! @returns |
*! Returns the called object. |
*! @seealso |
*! @[min_seed_size], @[get_seed], @[is_seeded] |
*/ |
PIKEFUN object seed(string data) |
{ |
if(data->len < YARROW256_SEED_FILE_SIZE) |
Pike_error( "Seed must be at least 32 characters.\n" ); |
|
NO_WIDE_STRING(data); |
yarrow256_seed(THIS->ctx, data->len, data->str); |
RETURN this_object(); |
} |
|
/*! @decl int(0..) min_seed_size() |
*! Returns the minimal number of characters that the @[seed] |
*! needs to properly seed the random number generator. |
*! @seealso |
*! @[seed] |
*/ |
PIKEFUN int(0..) min_seed_size() |
{ |
RETURN YARROW256_SEED_FILE_SIZE; |
} |
|
/*! @decl string get_seed() |
*! Returns part of the internal state so that it can |
*! be saved for later seeding. |
*! @seealso |
*! @[seed] |
*/ |
PIKEFUN string get_seed() |
{ |
RETURN make_shared_string(THIS->ctx->seed_file); |
} |
|
/*! @decl int(0..1) is_seeded() |
*! Returns 1 if the random generator is seeded and ready |
*! to generator output. 0 otherwise. |
*! @seealso |
*! @[seed] |
*/ |
PIKEFUN int(0..1) is_seeded() |
{ |
RETURN yarrow256_is_seeded(THIS->ctx); |
} |
|
/*! @decl void force_reseed() |
*! By calling this function entropy is moved from the slow |
*! pool to the fast pool. Read more about Yarrow before using |
*! this. |
*/ |
PIKEFUN void force_reseed() |
{ |
yarrow256_force_reseed(THIS->ctx); |
} |
|
/*! @decl int(0..1) update(string data, int source, int entropy) |
*! Inject additional entropy into the random number generator. |
*! |
*! @seealso |
*! @[create] |
*/ |
PIKEFUN int(0..1) update(string data, int source, int entropy) |
{ |
NO_WIDE_STRING(data); |
if( !THIS->ctx->nsources ) |
Pike_error("This random generator has no sources.\n"); |
if( source<0 || source>=THIS->ctx->nsources ) |
Pike_error("Invalid random source.\n"); |
if( entropy<0 ) |
Pike_error("Entropy must be positive.\n"); |
if( entropy>(data->len*8) ) |
Pike_error("Impossibly large entropy value.\n"); |
RETURN yarrow256_update(THIS->ctx, source, entropy, data->len, data->str); |
} |
|
PIKEFUN int(0..) needed_sources() |
{ |
RETURN yarrow256_needed_sources(THIS->ctx); |
} |
|
/*! @decl string random_string(int length) |
*! Returns a pseudo-random string of the requested @[length]. |
*/ |
PIKEFUN string random_string(int length) |
{ |
struct pike_string *rnd; |
if(length < 0) |
Pike_error("Invalid length, must be positive.\n"); |
if( !yarrow256_is_seeded(THIS->ctx) ) |
Pike_error("Random generator not seeded.\n"); |
rnd = begin_shared_string(length); |
yarrow256_random(THIS->ctx, length, rnd->str); |
RETURN end_shared_string(rnd); |
} |
|
INIT |
{ |
THIS->ctx = xalloc(sizeof(struct yarrow256_ctx)); |
THIS->ctx->nsources = 0; |
} |
EXIT |
{ |
if(THIS->ctx->nsources) free(THIS->sources); |
free(THIS->ctx); |
} |
} |
|
/*! @endclass |
*/ |
|
char *crypt_md5(int pl, const char *pw, int sl, const char *salt); |
|
/*! Does the crypt_md5 abrakadabra (MD5 + snakeoil). |
*! It is assumed that @[salt] does not contain "$". |
*/ |
PIKEFUN string crypt_md5(string pw, string salt) |
{ |
NO_WIDE_STRING(pw); |
NO_WIDE_STRING(salt); |
RETURN make_shared_string(crypt_md5(pw->len, pw->str, |
salt->len, salt->str)); |
} |
|
/*! @endmodule |
*/ |
|
#endif /* HAVE_LIBNETTLE */ |
|
PIKE_MODULE_INIT |
{ |
INIT; |
#ifdef HAVE_LIBNETTLE |
hash_init(); |
cipher_init(); |
#endif /* HAVE_LIBNETTLE */ |
} |
|
PIKE_MODULE_EXIT |
{ |
#ifdef HAVE_LIBNETTLE |
cipher_exit(); |
hash_exit(); |
#endif /* HAVE_LIBNETTLE */ |
EXIT; |
} |
|