/* nettle.cmod -*- c -*- */ |
|
#include "global.h" |
RCSID("$Id: nettle.cmod,v 1.27 2004/01/22 23:10:00 nilsson Exp $"); |
#include "interpret.h" |
#include "svalue.h" |
/* For this_object() */ |
#include "object.h" |
#include "operators.h" |
#include "module_support.h" |
|
#include "nettle_config.h" |
|
#ifdef HAVE_LIBNETTLE |
|
#include "nettle.h" |
|
#include <nettle/yarrow.h> |
|
#include <assert.h> |
#include <stdio.h> |
#include <stdarg.h> |
|
DECLARATIONS |
|
/*! @module Nettle |
*! Low level crypto functions used by the @[Crypto] module. Unless |
*! you are doing something very special, you would want to use the |
*! Crypto module instead. |
*/ |
|
/*! @class Yarrow |
*! |
*! Yarrow is a family of pseudo-randomness generators, designed for |
*! cryptographic use, by John Kelsey, Bruce Schneier and Niels Ferguson. |
*! Yarrow-160 is described in a paper at |
*! @url{http://www.counterpane.com/yarrow.html@}, and it uses SHA1 and |
*! triple-DES, and has a 160-bit internal state. Nettle implements |
*! Yarrow-256, which is similar, but uses SHA256 and AES to get an |
*! internal state of 256 bits. |
*/ |
PIKECLASS Yarrow |
{ |
CVAR struct yarrow256_ctx ctx; |
CVAR struct yarrow_source *sources; |
|
/*! @decl void create(void|int sources) |
*! The number of entropy sources that will feed entropy to the |
*! random number generator is given as an argument to Yarrow |
*! during instantiation. |
*! @seealso |
*! @[update] |
*/ |
PIKEFUN void create(void|int arg) { |
INT32 num = 0; |
|
if(arg) { |
if (arg->type != PIKE_T_INT) |
Pike_error("Bad argument type.\n"); |
num = arg->u.integer; |
if(num < 0) |
Pike_error("Invalid number of sources.\n"); |
free (THIS->sources); |
THIS->sources = xalloc(sizeof(struct yarrow_source)*num); |
} |
else |
{ |
free (THIS->sources); |
THIS->sources = NULL; |
} |
yarrow256_init(&THIS->ctx, num, THIS->sources); |
} |
|
/*! @decl Yarrow seed(string data) |
*! The random generator needs to be seeded before |
*! it can be used. The seed must be at least 32 |
*! characters long. The seed could be stored from |
*! a previous run by inserting the value returned |
*! from @[get_seed]. |
*! @returns |
*! Returns the called object. |
*! @seealso |
*! @[min_seed_size], @[get_seed], @[is_seeded] |
*/ |
PIKEFUN object seed(string data) |
{ |
if(data->len < YARROW256_SEED_FILE_SIZE) |
Pike_error( "Seed must be at least 32 characters.\n" ); |
|
NO_WIDE_STRING(data); |
yarrow256_seed(&THIS->ctx, data->len, data->str); |
RETURN this_object(); |
} |
|
/*! @decl int(0..) min_seed_size() |
*! Returns the minimal number of characters that the @[seed] |
*! needs to properly seed the random number generator. |
*! @seealso |
*! @[seed] |
*/ |
PIKEFUN int(0..) min_seed_size() |
{ |
RETURN YARROW256_SEED_FILE_SIZE; |
} |
|
/*! @decl string get_seed() |
*! Returns part of the internal state so that it can |
*! be saved for later seeding. |
*! @seealso |
*! @[seed] |
*/ |
PIKEFUN string get_seed() |
{ |
if( !yarrow256_is_seeded(&THIS->ctx) ) |
Pike_error("Random generator not seeded.\n"); |
RETURN make_shared_binary_string(THIS->ctx.seed_file, YARROW256_SEED_FILE_SIZE); |
} |
|
/*! @decl int(0..1) is_seeded() |
*! Returns 1 if the random generator is seeded and ready |
*! to generator output. 0 otherwise. |
*! @seealso |
*! @[seed] |
*/ |
PIKEFUN int(0..1) is_seeded() |
{ |
RETURN yarrow256_is_seeded(&THIS->ctx); |
} |
|
/*! @decl void force_reseed() |
*! By calling this function entropy is moved from the slow |
*! pool to the fast pool. Read more about Yarrow before using |
*! this. |
*/ |
PIKEFUN void force_reseed() |
{ |
yarrow256_force_reseed(&THIS->ctx); |
} |
|
/*! @decl int(0..1) update(string data, int source, int entropy) |
*! Inject additional entropy into the random number generator. |
*! |
*! @seealso |
*! @[create] |
*/ |
PIKEFUN int(0..1) update(string data, int source, int entropy) |
{ |
/* FIXME: Wide strings could actually be supported here */ |
NO_WIDE_STRING(data); |
if( !THIS->sources ) |
Pike_error("This random generator has no sources.\n"); |
if( source<0 || source>=THIS->ctx.nsources ) |
Pike_error("Invalid random source.\n"); |
if( entropy<0 ) |
Pike_error("Entropy must be positive.\n"); |
if( entropy>(data->len*8) ) |
Pike_error("Impossibly large entropy value.\n"); |
RETURN yarrow256_update(&THIS->ctx, source, entropy, data->len, data->str); |
} |
|
/*! @decl int(0..) needed_sources() |
*! The number of sources that must reach the threshold before a |
*! slow reseed will happen. |
*/ |
PIKEFUN int(0..) needed_sources() |
{ |
RETURN yarrow256_needed_sources(&THIS->ctx); |
} |
|
/*! @decl string random_string(int length) |
*! Returns a pseudo-random string of the requested @[length]. |
*/ |
PIKEFUN string random_string(int length) |
{ |
struct pike_string *rnd; |
if(length < 0) |
Pike_error("Invalid length, must be positive.\n"); |
if( !yarrow256_is_seeded(&THIS->ctx) ) |
Pike_error("Random generator not seeded.\n"); |
rnd = begin_shared_string(length); |
yarrow256_random(&THIS->ctx, length, rnd->str); |
RETURN end_shared_string(rnd); |
} |
|
INIT |
{ |
THIS->sources = NULL; |
yarrow256_init(&THIS->ctx, 0, NULL); |
} |
EXIT |
{ |
/* It's ok to call free(NULL); */ |
free(THIS->sources); |
} |
} |
|
/*! @endclass |
*/ |
|
char *crypt_md5(int pl, const char *pw, int sl, const char *salt); |
|
/*! @decl string crypt_md5(string password, string salt) |
*! Does the crypt_md5 abrakadabra (MD5 + snakeoil). |
*! It is assumed that @[salt] does not contain "$". |
*/ |
PIKEFUN string crypt_md5(string pw, string salt) |
{ |
NO_WIDE_STRING(pw); |
NO_WIDE_STRING(salt); |
RETURN make_shared_string(crypt_md5(pw->len, pw->str, |
salt->len, salt->str)); |
} |
|
|
static const char *crypto_functions[] = { |
"block_size", |
"key_size", |
"set_encrypt_key", |
"set_decrypt_key", |
"crypt", |
0 |
}; |
|
static char * assert_is_crypto_object(struct program *p, |
const char **required) { |
while (*required) { |
if (find_identifier( (char *) *required, p) < 0) |
return *required; |
required++; |
} |
return 0; |
} |
|
static struct object *make_cipher_object(INT32 args) { |
ptrdiff_t fun; |
char *missing; |
struct svalue *top = Pike_sp-args; |
struct object *obj; |
|
switch(top->type) |
{ |
case T_PROGRAM: |
obj = clone_object(top->u.program, args-1); |
break; |
|
case T_FUNCTION: |
apply_svalue(Pike_sp - args, args-1); |
|
/* Check return value */ |
if(Pike_sp[-1].type != T_OBJECT) |
Pike_error("Returned value is not an object.\n"); |
|
add_ref(obj = Pike_sp[-1].u.object); |
break; |
|
case T_OBJECT: |
fun = -1; |
missing = assert_is_crypto_object(top->u.object->prog, |
crypto_functions); |
if(missing) |
fun = FIND_LFUN(top->u.object->prog, LFUN_CALL); |
if(fun!=-1) { |
apply_low(top->u.object, fun, args-1); |
stack_swap(); |
pop_stack(); |
} |
else |
if(args!=1) Pike_error("Too many arguments.\n"); |
|
add_ref(obj = top->u.object); |
break; |
default: |
SIMPLE_BAD_ARG_ERROR("create", 1, "program|object|function"); |
} |
|
pop_stack(); |
|
missing = assert_is_crypto_object(obj->prog, crypto_functions); |
if(missing) { |
free_object(obj); |
Pike_error("Object is missing identifier \"%s\"\n", missing); |
} |
|
return obj; |
} |
|
|
/*! @class CBC |
*! Implementation of the cipher block chaining mode (CBC). Works as |
*! a wrapper for the cipher algorithm put in create. |
*/ |
PIKECLASS CBC |
{ |
CVAR struct object *object; |
CVAR unsigned INT8 *iv; |
CVAR INT32 block_size; |
CVAR INT32 mode; |
|
INIT |
{ |
THIS->object = 0; |
THIS->iv = 0; |
THIS->block_size = 0; |
THIS->mode = 0; |
} |
|
EXIT |
{ |
if(THIS->object) free_object(THIS->object); |
if(THIS->iv) { |
MEMSET(THIS->iv, 0, THIS->block_size); |
free(THIS->iv); |
} |
THIS->iv = 0; |
} |
|
INLINE static void cbc_encrypt_step(const unsigned INT8 *source, |
unsigned INT8 *dest) |
{ |
INT32 block_size = THIS->block_size; |
INT32 i; |
|
for(i=0; i < block_size; i++) |
THIS->iv[i] ^= source[i]; |
|
push_string(make_shared_binary_string((INT8 *)THIS->iv, block_size)); |
safe_apply(THIS->object, "crypt", 1); |
|
if(Pike_sp[-1].type != T_STRING) |
Pike_error("Expected string from crypt()\n"); |
|
if(Pike_sp[-1].u.string->len != block_size) { |
Pike_error("Bad string length %ld returned from crypt()\n", |
DO_NOT_WARN((long)Pike_sp[-1].u.string->len)); |
} |
MEMCPY(THIS->iv, Pike_sp[-1].u.string->str, block_size); |
MEMCPY(dest, Pike_sp[-1].u.string->str, block_size); |
pop_stack(); |
} |
|
INLINE static void cbc_decrypt_step(const unsigned INT8 *source, |
unsigned INT8 *dest) |
{ |
INT32 block_size = THIS->block_size; |
INT32 i; |
|
push_string(make_shared_binary_string((const INT8 *)source, block_size)); |
safe_apply(THIS->object, "crypt", 1); |
|
if(Pike_sp[-1].type != T_STRING) |
Pike_error("Expected string from crypt()\n"); |
|
if(Pike_sp[-1].u.string->len != block_size) { |
Pike_error("Bad string length %ld returned from crypt()\n", |
DO_NOT_WARN((long)Pike_sp[-1].u.string->len)); |
} |
|
for(i=0; i < block_size; i++) |
dest[i] = THIS->iv[i] ^ Pike_sp[-1].u.string->str[i]; |
|
pop_stack(); |
MEMCPY(THIS->iv, source, block_size); |
} |
|
static void cbc_free_this_object() { |
if(THIS->object) free_object(THIS->object); |
} |
|
/*! @decl void create(program|object|function cipher, mixed ... args) |
*! Initialize the CBC wrapper with a cipher algorithm. If it is a |
*! program, an object will be instantiated with @[args] as arguments. |
*! If it is an object that doesn't conform to the cipher API, but has |
*! an @[LFUN::`()], that LFUN will be called. If it is a function, |
*! that function will be called with @[args] as arguments. |
*/ |
PIKEFUN void create(program|object|function cipher, mixed ... more) { |
THIS->object = make_cipher_object(args); |
|
safe_apply(THIS->object, "block_size", 0); |
|
if(Pike_sp[-1].type != T_INT) |
Pike_error("block_size() didn't return an int.\n"); |
THIS->block_size = Pike_sp[-1].u.integer; |
|
pop_stack(); |
|
if ((!THIS->block_size) || |
(THIS->block_size > 4096)) |
Pike_error("Bad block size %d.\n", THIS->block_size); |
|
THIS->iv = (unsigned INT8 *)xalloc(THIS->block_size); |
MEMSET(THIS->iv, 0, THIS->block_size); |
} |
|
/*! @decl string name() |
*! Returns the string @expr{"CBC(x)"@} where x is the |
*! encapsulated algorithm. |
*/ |
PIKEFUN string name() { |
push_constant_text("CBC("); |
safe_apply(THIS->object, "name", 0); |
push_constant_text(")"); |
f_add(3); |
} |
|
/*! @decl int block_size() |
*! Reurns the block size of the encapsulated cipher. |
*/ |
PIKEFUN int block_size() { |
RETURN THIS->block_size; |
} |
|
/*! @decl int key_size() |
*! Returns the key size of the encapsulated cipher. |
*/ |
PIKEFUN int key_size() { |
safe_apply(THIS->object, "key_size", args); |
} |
|
/*! @decl this_program set_encrypt_key(string key) |
*! Prepare the cipher and the wrapper for encrypting |
*! with the given @[key]. |
*/ |
PIKEFUN object set_encrypt_key(string key) { |
assert(THIS->block_size); |
THIS->mode = 0; |
safe_apply(THIS->object, "set_encrypt_key", args); |
pop_stack(); |
RETURN this_object(); |
} |
|
/*! @decl this_program set_decrypt_key(string key) |
*! Prepare the cipher and the wrapper for decrypting |
*! with the given @[key]. |
*/ |
PIKEFUN object set_decrypt_key(string key) { |
f_CBC_set_encrypt_key(args); |
THIS->mode = 1; |
} |
|
/*! @decl this_program set_iv(string iv) |
*! Set the initialization vector to @[iv]. |
*/ |
PIKEFUN object set_iv(string iv) { |
assert(THIS->iv); |
NO_WIDE_STRING(iv); |
if(iv->len != THIS->block_size) |
Pike_error("Argument incompatible with cipher block size.\n"); |
MEMCPY(THIS->iv, iv->str, THIS->block_size); |
RETURN this_object(); |
} |
|
/*! @decl string crypt(string data) |
*! Encrypt/decrypt @[data] and return the result. @[data] must |
*! be an integral number of blocks. |
*/ |
PIKEFUN string crypt(string data) { |
unsigned INT8 *result; |
INT32 offset = 0; |
|
NO_WIDE_STRING(data); |
|
if(data->len % THIS->block_size) |
Pike_error("Data length not multiple of block size.\n"); |
if(!(result = alloca(data->len))) |
Pike_error("Out of memory.\n"); |
|
if(THIS->mode == 0) { |
while (offset < data->len) { |
cbc_encrypt_step((const unsigned INT8 *)data->str + offset, |
result + offset); |
offset += THIS->block_size; |
} |
} |
else { |
while (offset < data->len) { |
cbc_encrypt_step((const unsigned INT8 *)data->str + offset, |
result + offset); |
offset += THIS->block_size; |
} |
} |
|
pop_n_elems(args); |
push_string(make_shared_binary_string((INT8 *)result, offset)); |
MEMSET(result, 0, offset); |
} |
} |
|
/*! @endclass |
*/ |
|
/*! @class Proxy |
*! Acts as a buffer so that data can be fed to a cipher in blocks |
*! that doesn't correspond to cipher block sizes. |
*/ |
PIKECLASS Proxy { |
CVAR struct object *object; |
CVAR int block_size; |
CVAR unsigned char *backlog; |
CVAR int backlog_len; |
|
INIT { |
THIS->object = 0; |
THIS->block_size = 0; |
THIS->backlog = 0; |
THIS->backlog_len = 0; |
} |
|
EXIT { |
if(THIS->backlog) { |
MEMSET(THIS->backlog, 0, THIS->block_size); |
free(THIS->backlog); |
} |
if(THIS->object) |
free_object(THIS->object); |
} |
|
/*! @decl void create(program|object|function cipher, mixed ... args) |
*! Initialize the Proxy wrapper with a cipher algorithm. If it is a |
*! program, an object will be instantiated with @[args] as arguments. |
*! If it is an object that doesn't conform to the cipher API, but has |
*! an @[LFUN::`()], that LFUN will be called. If it is a function, |
*! that function will be called with @[args] as arguments. |
*/ |
PIKEFUN void create(program|object|function cipher, mixed ... more) { |
THIS->object = make_cipher_object(args); |
|
safe_apply(THIS->object, "block_size", 0); |
if (Pike_sp[-1].type != T_INT) |
Pike_error("block_size() didn't return an int\n"); |
THIS->block_size = Pike_sp[-1].u.integer; |
|
pop_stack(); |
|
if ((!THIS->block_size) || |
(THIS->block_size > 4096)) |
Pike_error("Bad block size %ld\n", DO_NOT_WARN((long)THIS->block_size)); |
|
THIS->backlog = (unsigned char *)xalloc(THIS->block_size); |
THIS->backlog_len = 0; |
MEMSET(THIS->backlog, 0, THIS->block_size); |
} |
|
/*! @decl string name() |
*! Returns the string @expr{"CBC(x)"@} where x is the |
*! encapsulated algorithm. |
*/ |
PIKEFUN string name() { |
push_constant_text("Proxy("); |
safe_apply(THIS->object, "name", 0); |
push_constant_text(")"); |
f_add(3); |
} |
|
/*! @decl int block_size() |
*! |
*! Get the block size of the contained block crypto. |
*/ |
PIKEFUN int block_size() { |
RETURN THIS->block_size; |
} |
|
/*! @decl int key_size() |
*! |
*! Get the key size of the contained block crypto. |
*/ |
PIKEFUN int key_size() { |
safe_apply(THIS->object, "key_size", args); |
} |
|
/*! @decl this_program set_encrypt_key(string key) |
*! |
*! Set the encryption key. |
*! |
*! @note |
*! As a side-effect any buffered data will be cleared. |
*/ |
PIKEFUN object set_encrypt_key(string key) { |
MEMSET(THIS->backlog, 0, THIS->block_size); |
THIS->backlog_len = 0; |
safe_apply(THIS->object, "set_encrypt_key", args); |
pop_stack(); |
RETURN this_object(); |
} |
|
/*! @decl this_program set_decrypt_key(string key) |
*! |
*! Set the decryption key. |
*! |
*! @note |
*! As a side-effect any buffered data will be cleared. |
*/ |
PIKEFUN object set_decrypt_key(string key) { |
MEMSET(THIS->backlog, 0, THIS->block_size); |
THIS->backlog_len = 0; |
safe_apply(THIS->object, "set_decrypt_key", args); |
pop_stack(); |
RETURN this_object(); |
} |
|
/*! @decl string crypt(string data) |
*! |
*! Encrypt some data. |
*! |
*! Adds data to be encrypted to the buffer. If there's enough |
*! data to en/decrypt a block, that will be done, and the result |
*! returned. Any uncrypted data will be left in the buffer. |
*/ |
PIKEFUN string crypt(string data) { |
unsigned char *result; |
ptrdiff_t roffset = 0; |
ptrdiff_t soffset = 0; |
ptrdiff_t len; |
|
if (!(result = alloca(data->len + THIS->block_size))) |
Pike_error("Out of memory\n"); |
|
if (THIS->backlog_len) { |
if (data->len >= (THIS->block_size - THIS->backlog_len)) { |
MEMCPY(THIS->backlog + THIS->backlog_len, data->str, |
(THIS->block_size - THIS->backlog_len)); |
soffset += (THIS->block_size - THIS->backlog_len); |
THIS->backlog_len = 0; |
push_string(make_shared_binary_string((char *)THIS->backlog, |
THIS->block_size)); |
safe_apply(THIS->object, "crypt", 1); |
if (Pike_sp[-1].type != T_STRING) |
Pike_error("crypt() did not return string\n"); |
if (Pike_sp[-1].u.string->len != THIS->block_size) |
Pike_error("Unexpected string length %ld\n", |
DO_NOT_WARN((long)Pike_sp[-1].u.string->len)); |
|
MEMCPY(result, Pike_sp[-1].u.string->str, THIS->block_size); |
roffset = THIS->block_size; |
pop_stack(); |
MEMSET(THIS->backlog, 0, THIS->block_size); |
} else { |
MEMCPY(THIS->backlog + THIS->backlog_len, |
data->str, data->len); |
THIS->backlog_len += data->len; |
pop_n_elems(args); |
push_constant_text(""); |
return; |
} |
} |
|
len = (Pike_sp[-1].u.string->len - soffset); |
len -= len % THIS->block_size; |
|
if (len) { |
push_string(make_shared_binary_string(Pike_sp[-1].u.string->str + |
soffset, len)); |
soffset += len; |
|
safe_apply(THIS->object, "crypt", 1); |
|
if (Pike_sp[-1].type != T_STRING) |
Pike_error("crypt() did not return string\n"); |
if (Pike_sp[-1].u.string->len != len) |
Pike_error("crypt() Unexpected string length %ld\n", |
DO_NOT_WARN((long)Pike_sp[-1].u.string->len)); |
|
MEMCPY(result + roffset, Pike_sp[-1].u.string->str, len); |
|
pop_stack(); |
} |
|
if (soffset < Pike_sp[-1].u.string->len) { |
MEMCPY(THIS->backlog, Pike_sp[-1].u.string->str + soffset, |
Pike_sp[-1].u.string->len - soffset); |
THIS->backlog_len = Pike_sp[-1].u.string->len - soffset; |
} |
|
pop_n_elems(args); |
|
push_string(make_shared_binary_string((char *)result, roffset + len)); |
MEMSET(result, 0, roffset + len); |
} |
|
/*! @decl string pad() |
*! |
*! Pad and de/encrypt any data left in the buffer. |
*! |
*! @seealso |
*! @[unpad()] |
*/ |
PIKEFUN string pad() { |
ptrdiff_t i; |
|
for (i = THIS->backlog_len; i < THIS->block_size - 1; i++) |
THIS->backlog[i] = DO_NOT_WARN((unsigned char)(my_rand() & 0xff)); |
|
THIS->backlog[THIS->block_size - 1] = |
DO_NOT_WARN((unsigned char)(7 - THIS->backlog_len)); |
|
push_string(make_shared_binary_string((const char *)THIS->backlog, |
THIS->block_size)); |
|
MEMSET(THIS->backlog, 0, THIS->block_size); |
THIS->backlog_len = 0; |
|
safe_apply(THIS->object, "crypt", 1); |
} |
|
/*! @decl string unpad(string data) |
*! |
*! De/encrypt and unpad a block of data. |
*! |
*! This performs the reverse operation of @[pad()]. |
*! |
*! @seealso |
*! @[pad()] |
*/ |
PIKEFUN string unpad(string data) { |
ptrdiff_t len; |
struct pike_string *str; |
|
str = Pike_sp[-1].u.string; |
len = str->len; |
|
if (str->str[len - 1] > (THIS->block_size - 1)) |
Pike_error("Invalid padding\n"); |
|
len -= (str->str[len - 1] + 1); |
|
if (len < 0) |
Pike_error("String to short to unpad\n"); |
|
add_ref(str); |
pop_stack(); |
push_string(make_shared_binary_string(str->str, len)); |
free_string(str); |
} |
} |
|
/*! @endclass |
*/ |
|
/*! @endmodule |
*/ |
|
#endif /* HAVE_LIBNETTLE */ |
|
PIKE_MODULE_INIT |
{ |
INIT; |
#ifdef HAVE_LIBNETTLE |
hash_init(); |
cipher_init(); |
#endif /* HAVE_LIBNETTLE */ |
} |
|
PIKE_MODULE_EXIT |
{ |
#ifdef HAVE_LIBNETTLE |
cipher_exit(); |
hash_exit(); |
#endif /* HAVE_LIBNETTLE */ |
EXIT; |
} |
|