/* nettle.cmod -*- c -*- */ |
|
#include "global.h" |
RCSID("$Id: nettle.cmod,v 1.20 2003/11/25 23:30:40 nilsson Exp $"); |
#include "interpret.h" |
#include "svalue.h" |
/* For this_object() */ |
#include "object.h" |
#include "module_support.h" |
|
#include "nettle_config.h" |
|
#ifdef HAVE_LIBNETTLE |
|
#include "nettle.h" |
|
#include <nettle/yarrow.h> |
|
#include <assert.h> |
#include <stdio.h> |
#include <stdarg.h> |
|
DECLARATIONS |
|
/*! @module Nettle |
*! Low level crypto functions used by the @[Crypto] module. Unless |
*! you are doing something very special, you would want to use the |
*! Crypto module instead. |
*/ |
|
/*! @class Yarrow |
*! |
*! Yarrow is a family of pseudo-randomness generators, designed for |
*! cryptographic use, by John Kelsey, Bruce Schneier and Niels Ferguson. |
*! Yarrow-160 is described in a paper at |
*! @url{http://www.counterpane.com/yarrow.html@}, and it uses SHA1 and |
*! triple-DES, and has a 160-bit internal state. Nettle implements |
*! Yarrow-256, which is similar, but uses SHA256 and AES to get an |
*! internal state of 256 bits. |
*/ |
PIKECLASS Yarrow |
{ |
CVAR struct yarrow256_ctx ctx; |
CVAR struct yarrow_source *sources; |
|
/*! @decl void create(void|int sources) |
*! The number of entropy sources that will feed entropy to the |
*! random number generator is given as an argument to Yarrow |
*! during instantiation. |
*! @seealso |
*! @[update] |
*/ |
PIKEFUN void create(void|int arg) { |
INT32 num = 0; |
|
if(arg) { |
if (arg->type != PIKE_T_INT) |
Pike_error("Bad argument type.\n"); |
num = arg->u.integer; |
if(num < 0) |
Pike_error("Invalid number of sources.\n"); |
free (THIS->sources); |
THIS->sources = xalloc(sizeof(struct yarrow_source)*num); |
} |
else |
{ |
free (THIS->sources); |
THIS->sources = NULL; |
} |
yarrow256_init(&THIS->ctx, num, THIS->sources); |
} |
|
/*! @decl Yarrow seed(string data) |
*! The random generator needs to be seeded before |
*! it can be used. The seed must be at least 32 |
*! characters long. The seed could be stored from |
*! a previous run by inserting the value returned |
*! from @[get_seed]. |
*! @returns |
*! Returns the called object. |
*! @seealso |
*! @[min_seed_size], @[get_seed], @[is_seeded] |
*/ |
PIKEFUN object seed(string data) |
{ |
if(data->len < YARROW256_SEED_FILE_SIZE) |
Pike_error( "Seed must be at least 32 characters.\n" ); |
|
NO_WIDE_STRING(data); |
yarrow256_seed(&THIS->ctx, data->len, data->str); |
RETURN this_object(); |
} |
|
/*! @decl int(0..) min_seed_size() |
*! Returns the minimal number of characters that the @[seed] |
*! needs to properly seed the random number generator. |
*! @seealso |
*! @[seed] |
*/ |
PIKEFUN int(0..) min_seed_size() |
{ |
RETURN YARROW256_SEED_FILE_SIZE; |
} |
|
/*! @decl string get_seed() |
*! Returns part of the internal state so that it can |
*! be saved for later seeding. |
*! @seealso |
*! @[seed] |
*/ |
PIKEFUN string get_seed() |
{ |
if( !yarrow256_is_seeded(&THIS->ctx) ) |
Pike_error("Random generator not seeded.\n"); |
RETURN make_shared_binary_string(THIS->ctx.seed_file, YARROW256_SEED_FILE_SIZE); |
} |
|
/*! @decl int(0..1) is_seeded() |
*! Returns 1 if the random generator is seeded and ready |
*! to generator output. 0 otherwise. |
*! @seealso |
*! @[seed] |
*/ |
PIKEFUN int(0..1) is_seeded() |
{ |
RETURN yarrow256_is_seeded(&THIS->ctx); |
} |
|
/*! @decl void force_reseed() |
*! By calling this function entropy is moved from the slow |
*! pool to the fast pool. Read more about Yarrow before using |
*! this. |
*/ |
PIKEFUN void force_reseed() |
{ |
yarrow256_force_reseed(&THIS->ctx); |
} |
|
/*! @decl int(0..1) update(string data, int source, int entropy) |
*! Inject additional entropy into the random number generator. |
*! |
*! @seealso |
*! @[create] |
*/ |
PIKEFUN int(0..1) update(string data, int source, int entropy) |
{ |
/* FIXME: Wide strings could actually be supported here */ |
NO_WIDE_STRING(data); |
if( !THIS->sources ) |
Pike_error("This random generator has no sources.\n"); |
if( source<0 || source>=THIS->ctx.nsources ) |
Pike_error("Invalid random source.\n"); |
if( entropy<0 ) |
Pike_error("Entropy must be positive.\n"); |
if( entropy>(data->len*8) ) |
Pike_error("Impossibly large entropy value.\n"); |
RETURN yarrow256_update(&THIS->ctx, source, entropy, data->len, data->str); |
} |
|
PIKEFUN int(0..) needed_sources() |
{ |
RETURN yarrow256_needed_sources(&THIS->ctx); |
} |
|
/*! @decl string random_string(int length) |
*! Returns a pseudo-random string of the requested @[length]. |
*/ |
PIKEFUN string random_string(int length) |
{ |
struct pike_string *rnd; |
if(length < 0) |
Pike_error("Invalid length, must be positive.\n"); |
if( !yarrow256_is_seeded(&THIS->ctx) ) |
Pike_error("Random generator not seeded.\n"); |
rnd = begin_shared_string(length); |
yarrow256_random(&THIS->ctx, length, rnd->str); |
RETURN end_shared_string(rnd); |
} |
|
INIT |
{ |
THIS->sources = NULL; |
yarrow256_init(&THIS->ctx, 0, NULL); |
} |
EXIT |
{ |
/* It's ok to call free(NULL); */ |
free(THIS->sources); |
} |
} |
|
/*! @endclass |
*/ |
|
char *crypt_md5(int pl, const char *pw, int sl, const char *salt); |
|
/*! @decl string crypt_md5(string password, string salt) |
*! Does the crypt_md5 abrakadabra (MD5 + snakeoil). |
*! It is assumed that @[salt] does not contain "$". |
*/ |
PIKEFUN string crypt_md5(string pw, string salt) |
{ |
NO_WIDE_STRING(pw); |
NO_WIDE_STRING(salt); |
RETURN make_shared_string(crypt_md5(pw->len, pw->str, |
salt->len, salt->str)); |
} |
|
/*! @class CBC |
*! Implementation of the cipher block chaining mode (CBC). |
*/ |
PIKECLASS CBC |
{ |
CVAR struct object *object; |
CVAR unsigned INT8 *iv; |
CVAR INT32 block_size; |
CVAR INT32 mode; |
|
static const char *crypto_functions[] = { |
"block_size", |
"key_size", |
"set_encrypt_key", |
"set_decrypt_key", |
"crypt", |
NULL |
}; |
|
|
INIT |
{ |
THIS->object = 0; |
THIS->iv = 0; |
THIS->block_size = 0; |
THIS->mode = 0; |
} |
|
EXIT |
{ |
if(THIS->object) free_object(THIS->object); |
if(THIS->iv) { |
memset(THIS->iv, 0, THIS->block_size); |
free(THIS->iv); |
} |
THIS->iv = 0; |
} |
|
INLINE static void assert_is_crypto_object(struct program *p, |
const char **required) { |
while (*required) { |
if (find_identifier( (char *) *required, p) < 0) { |
Pike_error("Object is missing identifier \"%s\"\n", |
*required); |
} |
required++; |
} |
} |
|
INLINE static void cbc_encrypt_step(const unsigned INT8 *source, |
unsigned INT8 *dest) |
{ |
INT32 block_size = THIS->block_size; |
INT32 i; |
|
for(i=0; i < block_size; i++) |
THIS->iv[i] ^= source[i]; |
|
push_string(make_shared_binary_string((INT8 *)THIS->iv, block_size)); |
safe_apply(THIS->object, "crypt", 1); |
|
if(Pike_sp[-1].type != T_STRING) |
Pike_error("Expected string from crypt()\n"); |
|
if(Pike_sp[-1].u.string->len != block_size) { |
Pike_error("Bad string length %ld returned from crypt()\n", |
DO_NOT_WARN((long)Pike_sp[-1].u.string->len)); |
} |
MEMCPY(THIS->iv, Pike_sp[-1].u.string->str, block_size); |
MEMCPY(dest, Pike_sp[-1].u.string->str, block_size); |
pop_stack(); |
} |
|
INLINE static void cbc_decrypt_step(const unsigned INT8 *source, |
unsigned INT8 *dest) |
{ |
INT32 block_size = THIS->block_size; |
INT32 i; |
|
push_string(make_shared_binary_string((const INT8 *)source, block_size)); |
safe_apply(THIS->object, "crypt", 1); |
|
if(Pike_sp[-1].type != T_STRING) |
Pike_error("Expected string from crypt()\n"); |
|
if(Pike_sp[-1].u.string->len != block_size) { |
Pike_error("Bad string length %ld returned from crypt()\n", |
DO_NOT_WARN((long)Pike_sp[-1].u.string->len)); |
} |
|
for(i=0; i < block_size; i++) |
dest[i] = THIS->iv[i] ^ Pike_sp[-1].u.string->str[i]; |
|
pop_stack(); |
MEMCPY(THIS->iv, source, block_size); |
} |
|
/*! @decl void create(program|object algorithm, mixed ... args) |
*/ |
PIKEFUN void create(program|object algorithm, mixed ... more) { |
|
switch(algorithm->type) |
{ |
case T_PROGRAM: |
THIS->object = clone_object(algorithm->u.program, args-1); |
break; |
case T_FUNCTION: |
apply_svalue(Pike_sp - args, args-1); |
|
/* Check return value */ |
if(Pike_sp[-1].type != T_OBJECT) |
Pike_error("Returned value is not an object.\n"); |
|
add_ref(THIS->object = Pike_sp[-1].u.object); |
break; |
case T_OBJECT: |
if(args!=1) Pike_error("Too many arguments.\n"); |
add_ref(THIS->object = algorithm->u.object); |
break; |
default: |
SIMPLE_BAD_ARG_ERROR("CBC->create", 1, "program|object"); |
} |
|
pop_stack(); /* Just one element left on the stack in all cases */ |
|
assert_is_crypto_object(THIS->object->prog, crypto_functions); |
|
safe_apply(THIS->object, "block_size", 0); |
|
if(Pike_sp[-1].type != T_INT) |
Pike_error("block_size() didn't return an int.\n"); |
THIS->block_size = Pike_sp[-1].u.integer; |
|
pop_stack(); |
|
if ((!THIS->block_size) || |
(THIS->block_size > 4096)) |
Pike_error("Bad block size %d.\n", THIS->block_size); |
|
THIS->iv = (unsigned INT8 *)xalloc(THIS->block_size); |
MEMSET(THIS->iv, 0, THIS->block_size); |
} |
|
/*! @decl int block_size() |
*/ |
PIKEFUN int block_size() { |
RETURN THIS->block_size; |
} |
|
/*! @decl int key_size() |
*/ |
PIKEFUN int key_size() { |
safe_apply(THIS->object, "key_size", args); |
} |
|
/*! @decl void set_encrypt_key(string key) |
*/ |
PIKEFUN object set_encrypt_key(string key) { |
assert(THIS->block_size); |
NO_WIDE_STRING(key); |
THIS->mode = 0; |
safe_apply(THIS->object, "set_encrypt_key", args); |
pop_stack(); |
RETURN this_object(); |
} |
|
/*! @decl void set_decrypt_key(string key) |
*/ |
PIKEFUN object set_decrypt_key(string key) { |
f_CBC_set_encrypt_key(args); |
THIS->mode = 1; |
} |
|
PIKEFUN object set_iv(string iv) { |
assert(THIS->iv); |
NO_WIDE_STRING(iv); |
if(iv->len != THIS->block_size) |
Pike_error("Argument incompatible with cipher block size.\n"); |
MEMCPY(THIS->iv, iv->str, THIS->block_size); |
RETURN this_object(); |
} |
|
PIKEFUN string crypt(string data) { |
unsigned INT8 *result; |
INT32 offset = 0; |
|
NO_WIDE_STRING(data); |
|
if(data->len % THIS->block_size) |
Pike_error("Data length not multiple of block size.\n"); |
if(!(result = alloca(data->len))) |
Pike_error("Out of memory.\n"); |
|
if(THIS->mode == 0) { |
while (offset < data->len) { |
cbc_encrypt_step((const unsigned INT8 *)data->str + offset, |
result + offset); |
offset += THIS->block_size; |
} |
} |
else { |
while (offset < data->len) { |
cbc_encrypt_step((const unsigned INT8 *)data->str + offset, |
result + offset); |
offset += THIS->block_size; |
} |
} |
|
pop_n_elems(args); |
push_string(make_shared_binary_string((INT8 *)result, offset)); |
MEMSET(result, 0, offset); |
} |
} |
|
/*! @endclass |
*/ |
|
/*! @endmodule |
*/ |
|
#endif /* HAVE_LIBNETTLE */ |
|
PIKE_MODULE_INIT |
{ |
INIT; |
#ifdef HAVE_LIBNETTLE |
hash_init(); |
cipher_init(); |
#endif /* HAVE_LIBNETTLE */ |
} |
|
PIKE_MODULE_EXIT |
{ |
#ifdef HAVE_LIBNETTLE |
cipher_exit(); |
hash_exit(); |
#endif /* HAVE_LIBNETTLE */ |
EXIT; |
} |
|