01e1152003-03-12Niels Möller /* nettle.cmod -*- c -*- */
b63de32018-01-19Martin Nilsson #include "module.h"
01e1152003-03-12Niels Möller #include "interpret.h"
7d54f42004-01-23Martin Nilsson #include "operators.h"
01e1152003-03-12Niels Möller #include "module_support.h"
d7f88a2004-02-14Martin Nilsson #include "threads.h"
f27dae2015-11-11Martin Nilsson #include "pike_cpulib.h"
da64aa2016-03-25Martin Nilsson #include "bignum.h"
9d1f542017-01-25Henrik Grubbström (Grubba) #include "sprintf.h"
01e1152003-03-12Niels Möller 
4e1f622003-03-13Niels Möller #include "nettle_config.h"
770fee2003-03-12Henrik Grubbström (Grubba) #ifdef HAVE_LIBNETTLE
efb89c2003-08-06Henrik Grubbström (Grubba) #include "nettle.h"
01e1152003-03-12Niels Möller 
3184172003-08-06Henrik Grubbström (Grubba) #include <nettle/yarrow.h>
8195c72017-11-25Martin Nilsson #include <nettle/memxor.h>
3184172003-08-06Henrik Grubbström (Grubba) 
1ce9e92016-02-16Martin Nilsson #ifdef HAVE_NETTLE_VERSION_H #include <nettle/version.h> #endif
01e1152003-03-12Niels Möller DECLARATIONS /*! @module Nettle
d745992003-08-05Martin Nilsson  *! Low level crypto functions used by the @[Crypto] module. Unless *! you are doing something very special, you would want to use the *! Crypto module instead. */
1ce9e92016-02-16Martin Nilsson /*! @decl string version() *! Returns the version of the Nettle library, e.g. "3.1". 0 is *! returned when runtime version is unknown. */ PIKEFUN string version() { #ifdef HAVE_NETTLE_VERSION_H push_constant_text("%d.%d");
605f882016-02-23Henrik Grubbström (Grubba) #ifdef HAVE_NETTLE_VERSION_MAJOR
1ce9e92016-02-16Martin Nilsson  push_int( nettle_version_major() ); push_int( nettle_version_minor() );
605f882016-02-23Henrik Grubbström (Grubba) #else /* Probably Nettle 3.1.1. */ push_int( NETTLE_VERSION_MAJOR ); push_int( NETTLE_VERSION_MINOR ); #endif
1ce9e92016-02-16Martin Nilsson  f_sprintf(3); #else push_int(0); #endif }
d745992003-08-05Martin Nilsson /*! @class Yarrow *! *! Yarrow is a family of pseudo-randomness generators, designed for *! cryptographic use, by John Kelsey, Bruce Schneier and Niels Ferguson. *! Yarrow-160 is described in a paper at
1e4bd32013-10-05Henrik Grubbström (Grubba)  *! @url{http://www.schneier.com/paper-yarrow.html@}, and it uses SHA1 and
d745992003-08-05Martin Nilsson  *! triple-DES, and has a 160-bit internal state. Nettle implements *! Yarrow-256, which is similar, but uses SHA256 and AES to get an *! internal state of 256 bits. */ PIKECLASS Yarrow
9e336b2014-06-19Henrik Grubbström (Grubba) program_flags PROGRAM_CLEAR_STORAGE;
d745992003-08-05Martin Nilsson {
49acab2003-11-09Niels Möller  CVAR struct yarrow256_ctx ctx;
25f5432003-08-06Martin Nilsson  CVAR struct yarrow_source *sources;
d311272009-07-05Henrik Grubbström (Grubba) 
0ec1412009-07-05Henrik Grubbström (Grubba)  DECLARE_STORAGE;
d311272009-07-05Henrik Grubbström (Grubba) 
61cded2018-01-13Martin Nilsson  /*! @decl void create(void|int(0..) sources)
9109472003-08-07Martin Nilsson  *! The number of entropy sources that will feed entropy to the *! random number generator is given as an argument to Yarrow *! during instantiation. *! @seealso *! @[update] */
61cded2018-01-13Martin Nilsson  PIKEFUN void create(void|int(0..) arg)
ecc9382008-06-29Martin Nilsson  flags ID_PROTECTED;
d7f88a2004-02-14Martin Nilsson  {
25f5432003-08-06Martin Nilsson  INT32 num = 0; if(arg) { num = arg->u.integer; if(num < 0) Pike_error("Invalid number of sources.\n");
49acab2003-11-09Niels Möller  free (THIS->sources);
794efa2018-01-13Martin Nilsson  if( num > 0 ) THIS->sources = xalloc(sizeof(struct yarrow_source)*num); else THIS->sources = NULL;
3b25dd2018-01-12Martin Nilsson  pop_stack();
25f5432003-08-06Martin Nilsson  }
49acab2003-11-09Niels Möller  else { free (THIS->sources); THIS->sources = NULL; } yarrow256_init(&THIS->ctx, num, THIS->sources);
d745992003-08-05Martin Nilsson  }
f6a6ad2013-12-08Henrik Grubbström (Grubba)  /*! @decl Yarrow seed(string(0..255) data)
6580032013-08-15Martin Nilsson  *! *! The random generator needs to be seeded before it can be used. *! The seed must be at least 32 characters long. The seed could be *! stored from a previous run by inserting the value returned from
2308f22014-06-16Martin Nilsson  *! previous @[random_string] call.
6580032013-08-15Martin Nilsson  *!
d745992003-08-05Martin Nilsson  *! @returns *! Returns the called object.
9109472003-08-07Martin Nilsson  *! @seealso
2308f22014-06-16Martin Nilsson  *! @[min_seed_size], @[is_seeded]
d745992003-08-05Martin Nilsson  */
f6a6ad2013-12-08Henrik Grubbström (Grubba)  PIKEFUN object seed(string(0..255) data)
d7f88a2004-02-14Martin Nilsson  optflags OPT_SIDE_EFFECT;
d745992003-08-05Martin Nilsson  { if(data->len < YARROW256_SEED_FILE_SIZE)
c9edeb2009-07-01Henrik Grubbström (Grubba)  Pike_error("Seed must be at least %d characters.\n", YARROW256_SEED_FILE_SIZE);
d745992003-08-05Martin Nilsson  NO_WIDE_STRING(data);
c9edeb2009-07-01Henrik Grubbström (Grubba)  yarrow256_seed(&THIS->ctx, data->len, STR0(data));
d745992003-08-05Martin Nilsson  RETURN this_object(); }
9109472003-08-07Martin Nilsson  /*! @decl int(0..) min_seed_size() *! Returns the minimal number of characters that the @[seed] *! needs to properly seed the random number generator. *! @seealso *! @[seed] */ PIKEFUN int(0..) min_seed_size()
d7f88a2004-02-14Martin Nilsson  optflags OPT_TRY_OPTIMIZE;
9109472003-08-07Martin Nilsson  { RETURN YARROW256_SEED_FILE_SIZE; }
d745992003-08-05Martin Nilsson  /*! @decl int(0..1) is_seeded() *! Returns 1 if the random generator is seeded and ready *! to generator output. 0 otherwise.
9109472003-08-07Martin Nilsson  *! @seealso *! @[seed]
d745992003-08-05Martin Nilsson  */ PIKEFUN int(0..1) is_seeded()
d7f88a2004-02-14Martin Nilsson  optflags OPT_EXTERNAL_DEPEND;
d745992003-08-05Martin Nilsson  {
49acab2003-11-09Niels Möller  RETURN yarrow256_is_seeded(&THIS->ctx);
d745992003-08-05Martin Nilsson  }
9109472003-08-07Martin Nilsson  /*! @decl void force_reseed() *! By calling this function entropy is moved from the slow *! pool to the fast pool. Read more about Yarrow before using *! this. */
d745992003-08-05Martin Nilsson  PIKEFUN void force_reseed()
d7f88a2004-02-14Martin Nilsson  optflags OPT_SIDE_EFFECT;
d745992003-08-05Martin Nilsson  {
c9edeb2009-07-01Henrik Grubbström (Grubba) #ifdef HAVE_NETTLE_YARROW256_SLOW_RESEED /* From change notes for Nettle 2.0: * * * Changes to the yarrow256 interface. The function * yarrow256_force_reseed has been replaced by the two * functions yarrow256_fast_reseed and yarrow256_slow_reseed, * which were previously static. */ yarrow256_slow_reseed(&THIS->ctx); #else
49acab2003-11-09Niels Möller  yarrow256_force_reseed(&THIS->ctx);
c9edeb2009-07-01Henrik Grubbström (Grubba) #endif
d745992003-08-05Martin Nilsson  }
f6a6ad2013-12-08Henrik Grubbström (Grubba)  /*! @decl int(0..1) update(string(0..255) data, int source, int entropy)
9109472003-08-07Martin Nilsson  *! Inject additional entropy into the random number generator. *! *! @seealso *! @[create] */
f6a6ad2013-12-08Henrik Grubbström (Grubba)  PIKEFUN int(0..1) update(string(0..255) data, int source, int entropy)
d7f88a2004-02-14Martin Nilsson  optflags OPT_SIDE_EFFECT;
f1d8912003-08-06Martin Nilsson  {
d311272009-07-05Henrik Grubbström (Grubba)  int ret;
49acab2003-11-09Niels Möller  /* FIXME: Wide strings could actually be supported here */
f1d8912003-08-06Martin Nilsson  NO_WIDE_STRING(data);
49acab2003-11-09Niels Möller  if( !THIS->sources )
f1d8912003-08-06Martin Nilsson  Pike_error("This random generator has no sources.\n");
61e14b2004-01-23Martin Nilsson  if( source<0 || (unsigned)source>=THIS->ctx.nsources )
f1d8912003-08-06Martin Nilsson  Pike_error("Invalid random source.\n"); if( entropy<0 ) Pike_error("Entropy must be positive.\n");
9109472003-08-07Martin Nilsson  if( entropy>(data->len*8) ) Pike_error("Impossibly large entropy value.\n");
d311272009-07-05Henrik Grubbström (Grubba)  ret = yarrow256_update(&THIS->ctx, source, entropy, data->len, (const uint8_t *)data->str); RETURN ret;
f1d8912003-08-06Martin Nilsson  }
01a1ba2003-12-14Martin Nilsson  /*! @decl int(0..) needed_sources() *! The number of sources that must reach the threshold before a *! slow reseed will happen. */
d745992003-08-05Martin Nilsson  PIKEFUN int(0..) needed_sources()
d7f88a2004-02-14Martin Nilsson  optflags OPT_EXTERNAL_DEPEND;
d745992003-08-05Martin Nilsson  {
49acab2003-11-09Niels Möller  RETURN yarrow256_needed_sources(&THIS->ctx);
d745992003-08-05Martin Nilsson  }
d81a952018-01-13Martin Nilsson  /*! @decl string(0..255) random_string(int(0..) length)
d745992003-08-05Martin Nilsson  *! Returns a pseudo-random string of the requested @[length]. */
d81a952018-01-13Martin Nilsson  PIKEFUN string(0..255) random_string(int(0..) length)
d7f88a2004-02-14Martin Nilsson  optflags OPT_EXTERNAL_DEPEND|OPT_SIDE_EFFECT;
d745992003-08-05Martin Nilsson  { struct pike_string *rnd; if(length < 0) Pike_error("Invalid length, must be positive.\n");
49acab2003-11-09Niels Möller  if( !yarrow256_is_seeded(&THIS->ctx) )
d745992003-08-05Martin Nilsson  Pike_error("Random generator not seeded.\n"); rnd = begin_shared_string(length);
baac7d2006-01-07Martin Nilsson  yarrow256_random(&THIS->ctx, length, (uint8_t *)rnd->str);
6580032013-08-15Martin Nilsson  RETURN end_shared_string(rnd);
d745992003-08-05Martin Nilsson  }
e6196e2014-06-16Martin Nilsson  /*! @decl string(0..255) get_seed() *! Returns part of the internal state so that it can be saved for *! later seeding. This method is deprecated. Instead read the *! @[min_seed_size] number of bytes from the @[random_string] *! method. *! *! @seealso *! @[seed()], @[random_string()] */ PIKEFUN string(0..255) get_seed() optflags OPT_EXTERNAL_DEPEND; rawtype tDeprecated(tFunc(tNone, tStr8)); { push_int(YARROW256_SEED_FILE_SIZE); f_Nettle_Yarrow_random_string(1); }
d745992003-08-05Martin Nilsson  INIT {
49acab2003-11-09Niels Möller  THIS->sources = NULL; yarrow256_init(&THIS->ctx, 0, NULL);
d745992003-08-05Martin Nilsson  }
22038d2008-05-30Martin Nilsson 
d745992003-08-05Martin Nilsson  EXIT
d3df7c2008-05-30Martin Nilsson  gc_trivial;
d745992003-08-05Martin Nilsson  {
22038d2008-05-30Martin Nilsson  if( THIS->sources ) { free(THIS->sources); }
d745992003-08-05Martin Nilsson  } }
453a2b2014-04-05Martin Nilsson /*! @endclass */ #define INCREMENT(size, ctr) \ do { \ unsigned increment_i = (size) - 1; \ if (++(ctr)[increment_i] == 0) \ while (increment_i > 0 \ && ++(ctr)[--increment_i] == 0 ) \ ; \ } while (0) /*! @class Fortuna *! *! Implements the Fortuna PRNG generator, designed by Niels Ferguson and *! Bruce Schneier and described in Practical Cryptography. Web *! published exerpt at https://www.schneier.com:443/fortuna.pdf *! *! This implementation uses AES256 to generate output and SHA256 to *! generate keys. *! *! To use this class an entropy accumulator needs to be implemented *! and supply the @[reseed()] method with new entopy. */ PIKECLASS Fortuna
9e336b2014-06-19Henrik Grubbström (Grubba) program_flags PROGRAM_CLEAR_STORAGE;
453a2b2014-04-05Martin Nilsson { CVAR struct aes_ctx aes_ctx; CVAR struct sha256_ctx sha_ctx; CVAR uint8_t *key; CVAR uint8_t *ctr; DECLARE_STORAGE;
402cc52014-04-06Henrik Grubbström (Grubba) #ifndef AES256_KEY_SIZE #define AES256_KEY_SIZE (256>>3) #endif
70fd3d2016-01-26Martin Nilsson  static void fortuna_generate(uint8_t *data)
453a2b2014-04-05Martin Nilsson  {
70fd3d2016-01-26Martin Nilsson  aes_encrypt(&THIS->aes_ctx, 16, data, THIS->ctr);
453a2b2014-04-05Martin Nilsson  INCREMENT(16, THIS->ctr); }
c9eefb2014-08-21Martin Nilsson  static void fortuna_rekey(void)
453a2b2014-04-05Martin Nilsson  {
70fd3d2016-01-26Martin Nilsson  fortuna_generate(THIS->key); fortuna_generate(THIS->key+16);
453a2b2014-04-05Martin Nilsson  aes_set_encrypt_key(&THIS->aes_ctx, AES256_KEY_SIZE, THIS->key); } /*! @decl void reseed(string(8bit) data)
201f5e2015-02-23Martin Nilsson  *! Updated the internal key with the provided additional entropy.
453a2b2014-04-05Martin Nilsson  */ PIKEFUN void reseed(string(8bit) data) { sha256_update(&THIS->sha_ctx, 32, THIS->key); sha256_update(&THIS->sha_ctx, data->len, (const uint8_t *)data->str); sha256_digest(&THIS->sha_ctx, 32, THIS->key); aes_set_encrypt_key(&THIS->aes_ctx, AES256_KEY_SIZE, THIS->key); INCREMENT(16, THIS->ctr); } /*! @decl string(8bit) random_string(int(0..) len) *! *! Generates @[len] amount of pseudo random data. In contrast with *! the Fortuna PseudoRandomData function, which only allows 2^20 *! bytes of random data per call, the necessary rekey operations *! are here performed internally, so no such restrictions apply. */
d81a952018-01-13Martin Nilsson  PIKEFUN string(8bit) random_string(int(0..) len)
453a2b2014-04-05Martin Nilsson  {
0695b42014-11-05Martin Nilsson  int stored = 0;
0872832017-05-15Henrik Grubbström (Grubba)  struct pike_string *s; uint8_t *str;
b4fdca2014-05-08Martin Nilsson  if(len<0) Pike_error("Length has to be positive.\n");
0872832017-05-15Henrik Grubbström (Grubba)  s = begin_shared_string(len); str = (uint8_t *)s->str;
70fd3d2016-01-26Martin Nilsson  while( (len-stored) >= 16 )
453a2b2014-04-05Martin Nilsson  {
70fd3d2016-01-26Martin Nilsson  fortuna_generate(str);
453a2b2014-04-05Martin Nilsson  stored += 16;
70fd3d2016-01-26Martin Nilsson  str += 16;
6774292014-04-18Martin Nilsson 
453a2b2014-04-05Martin Nilsson  if( !(stored % (1<<20)) ) fortuna_rekey(); }
6774292014-04-18Martin Nilsson 
70fd3d2016-01-26Martin Nilsson  if( len>stored ) { uint8_t *buf = alloca(16); fortuna_generate(buf); memcpy(str, buf, len-stored); } fortuna_rekey();
453a2b2014-04-05Martin Nilsson 
70fd3d2016-01-26Martin Nilsson  RETURN end_shared_string(s);
453a2b2014-04-05Martin Nilsson  } INIT {
66589a2014-04-27Martin Nilsson  THIS->ctr = xcalloc(1,16); THIS->key = xcalloc(1,32);
453a2b2014-04-05Martin Nilsson  aes_set_encrypt_key(&THIS->aes_ctx, AES256_KEY_SIZE, THIS->key); sha256_init(&THIS->sha_ctx); } EXIT gc_trivial; { free(THIS->ctr); free(THIS->key); } }
8195c72017-11-25Martin Nilsson /*! @endclass */ /*! @class AES128_CTR_DRBG *! *! Minimal implementation of NIST SP800-90Ar1 pseudo random number *! generator CTR_DRBG using AES-128. No personalization, nounces or *! additional data are supported. *! *! @seealso *! @[Random.AES128_CTR_DRBG] */ PIKECLASS AES128_CTR_DRBG program_flags PROGRAM_CLEAR_STORAGE; { CVAR struct aes_ctx aes_ctx; CVAR uint8_t *key; CVAR uint8_t *ctr;
09ff892017-11-26Martin Nilsson  CVAR INT64 reseed_counter; CVAR INT64 reseed_interval;
8195c72017-11-25Martin Nilsson  DECLARE_STORAGE; /* * blocklen = 128 * ctr_len = 128 * keylen = 128 * seedlen = 256 * reseed_interval = 2**48 */ #ifndef AES128_KEY_SIZE #define AES128_KEY_SIZE (128>>3) #endif static void ctr_debug_update(char *data) { uint8_t tmp_key[16]; INCREMENT(16, THIS->ctr); aes_encrypt(&THIS->aes_ctx, 16, tmp_key, THIS->ctr); INCREMENT(16, THIS->ctr); aes_encrypt(&THIS->aes_ctx, 16, THIS->ctr, THIS->ctr); memcpy(THIS->key, tmp_key, 16); if( data ) { memxor(THIS->key, (uint8_t*)data, 16); memxor(THIS->ctr, (uint8_t*)data+16, 16); } aes_set_encrypt_key(&THIS->aes_ctx, AES128_KEY_SIZE, THIS->key); } /*! @decl void reseed(string(8bit) data) *! Updated the internal key with the provided additional entropy. */ PIKEFUN void reseed(string(8bit) data) { if( data->len!=32 ) Pike_error("Illegal entropy size.\n"); NO_WIDE_STRING(data); ctr_debug_update(data->str);
09ff892017-11-26Martin Nilsson  THIS->reseed_counter = 1; } /*! @decl int(1..281474976710656) reseed_interval *! The number of times @[random_string] can be called before a *! reseeding is forced. The number needs to be in the range of *! 1..1<<48. *! *! @seealso *! @[entropy_underflow] */ PIKEFUN void `reseed_interval=(int(1..281474976710656) interval) {
cc5e922017-12-22Henrik Grubbström (Grubba)  INT64 interval_int64 = interval; if( interval_int64 < 1 || interval_int64 > (((INT64)1)<<48) )
09ff892017-11-26Martin Nilsson  Pike_error("Interval out of range.\n");
cc5e922017-12-22Henrik Grubbström (Grubba)  THIS->reseed_interval = interval_int64; } /*! @decl int(1..281474976710656) reseed_interval *! The number of times @[random_string] can be called before a *! reseeding is forced. The number needs to be in the range of *! 1..1<<48. *! *! @seealso *! @[entropy_underflow] */ PIKEFUN void `reseed_interval=(object(Gmp.mpz) interval) { INT64 interval_int64 = 0; if (!low_int64_from_bignum(&interval_int64, interval)) Pike_error("Invalid interval.\n"); if( interval_int64 < 1 || interval_int64 > (((INT64)1)<<48) ) Pike_error("Interval out of range.\n"); THIS->reseed_interval = interval_int64;
09ff892017-11-26Martin Nilsson  } PIKEFUN int `reseed_interval() {
cc5e922017-12-22Henrik Grubbström (Grubba)  push_int64(THIS->reseed_interval);
09ff892017-11-26Martin Nilsson  } /*! @decl void entropy_underflow() *! Called when @[random_string] has been called more than *! @[reseed_interval] times. */ PIKEFUN void entropy_underflow() flags ID_PROTECTED; { Pike_error("Requires reseed.\n");
8195c72017-11-25Martin Nilsson  } /*! @decl string(8bit) random_string(int(0..) len) *! *! Generates @[len] amount of pseudo random data. Does not allow *! for additional input data in the call. */
d81a952018-01-13Martin Nilsson  PIKEFUN string(8bit) random_string(int(0..) len)
8195c72017-11-25Martin Nilsson  { int stored = 0; struct pike_string *s; uint8_t *str; if(len<0) Pike_error("Length has to be positive.\n");
09ff892017-11-26Martin Nilsson  if(THIS->reseed_counter>THIS->reseed_interval) apply_current(f_Nettle_AES128_CTR_DRBG_entropy_underflow_fun_num, 0);
8195c72017-11-25Martin Nilsson  s = begin_shared_string(len); str = (uint8_t *)s->str; while( (len-stored) >= 16 ) { INCREMENT(16, THIS->ctr); aes_encrypt(&THIS->aes_ctx, 16, str, THIS->ctr); stored += 16; str += 16; if( !(stored % (1<<19)) )
8ba3302017-11-26Martin Nilsson  {
8195c72017-11-25Martin Nilsson  ctr_debug_update(NULL);
8ba3302017-11-26Martin Nilsson  THIS->reseed_counter++; if(THIS->reseed_counter>THIS->reseed_interval) apply_current(f_Nettle_AES128_CTR_DRBG_entropy_underflow_fun_num, 0); }
8195c72017-11-25Martin Nilsson  } if( len>stored ) {
c4e7732017-11-25Martin Nilsson  uint8_t buf[16];
8195c72017-11-25Martin Nilsson  INCREMENT(16, THIS->ctr);
c4e7732017-11-25Martin Nilsson  aes_encrypt(&THIS->aes_ctx, 16, buf, THIS->ctr); memcpy(str, buf, len-stored);
8195c72017-11-25Martin Nilsson  } ctr_debug_update(NULL);
09ff892017-11-26Martin Nilsson  THIS->reseed_counter++;
8195c72017-11-25Martin Nilsson  RETURN end_shared_string(s); } INIT { THIS->ctr = xcalloc(1,16); THIS->key = xcalloc(1,16);
09ff892017-11-26Martin Nilsson  THIS->reseed_counter = 1;
cc5e922017-12-22Henrik Grubbström (Grubba)  THIS->reseed_interval = ((INT64)1)<<48;
8195c72017-11-25Martin Nilsson  aes_set_encrypt_key(&THIS->aes_ctx, AES128_KEY_SIZE, THIS->key); } EXIT gc_trivial; { free(THIS->ctr); free(THIS->key); } }
453a2b2014-04-05Martin Nilsson 
d745992003-08-05Martin Nilsson /*! @endclass
01e1152003-03-12Niels Möller  */
5b11f92014-10-13Martin Nilsson /*! @decl int(0..) rsa_unpad(string(0..255) data, int(1..2) type)
85fe152014-09-12Arne Goedeke  *! *! Unpads a message that has been padded according to
5b11f92014-10-13Martin Nilsson  *! RSAES-PKCS1-V1_5-ENCODE(message) in PKCS#1 v2.2, but without the *! null byte prefix. The padding method used on the original message *! must be provided in the @[type] parameter. All content dependent *! processing is done in constant time for the same padding type and *! @[data] length.
5d3b772014-10-14Martin Nilsson  *! *! @returns *! Returns the position in the string where the first non-padding *! character is, or 0.
85fe152014-09-12Arne Goedeke  */
d81a952018-01-13Martin Nilsson PIKEFUN int(0..) rsa_unpad(string(0..255) data, int(1..2) type)
85fe152014-09-12Arne Goedeke { int i, pad=0, nonpad=0, pos=0; unsigned char *str; NO_WIDE_STRING(data); /* Indata is smaller than minimum size, so we can exit immediately without timing issue. 1 type + 8 padding + 1 delimiter + 1 value = 11 bytes. */ if(data->len < 11 ) RETURN 0; str = (unsigned char*)data->str + data->len - 1; for(i=data->len-1; i>0; i--,str--) { switch(*str) { case 0: pos=i; break; case 0xff: pad=i; break; default: nonpad=i; break; } } if( type==2 ) { nonpad=pos+1; pad=1; } if( (pad==1) + (nonpad>pos) + (*str==type) + (pos>8) == 4 ) RETURN pos+1; RETURN 0; }
f6a6ad2013-12-08Henrik Grubbström (Grubba) /*! @decl string(0..127) crypt_md5(string(0..255) password, @ *! string(0..255) salt,@ *! void|string(0..255) magic)
6580032013-08-15Martin Nilsson  *! Does the crypt_md5 abrakadabra (MD5 + snakeoil). It is assumed *! that @[salt] does not contain "$". *! *! The @[password] memory will be cleared before released.
3955a92003-08-24Martin Nilsson  */
f6a6ad2013-12-08Henrik Grubbström (Grubba) PIKEFUN string(0..127) crypt_md5(string(0..255) pw, string(0..255) salt, void|string(0..255) magic)
d7f88a2004-02-14Martin Nilsson  optflags OPT_TRY_OPTIMIZE;
3955a92003-08-24Martin Nilsson {
329a6f2004-02-21Martin Nilsson  char *hash;
3955a92003-08-24Martin Nilsson  NO_WIDE_STRING(pw); NO_WIDE_STRING(salt);
bb64932013-08-09Arne Goedeke  pw->flags |= STRING_CLEAR_ON_EXIT;
395c4a2012-07-25Martin Nilsson  if(!magic) { hash = pike_crypt_md5(pw->len, pw->str, salt->len, salt->str, 3, "$1$"); } else {
f6a6ad2013-12-08Henrik Grubbström (Grubba)  NO_WIDE_STRING(magic);
395c4a2012-07-25Martin Nilsson  hash = pike_crypt_md5(pw->len, pw->str, salt->len, salt->str, magic->len, magic->str); }
329a6f2004-02-21Martin Nilsson  push_text(hash);
3955a92003-08-24Martin Nilsson }
f27dae2015-11-11Martin Nilsson #ifdef HAVE_CRC32_INTRINSICS static int supports_sse42 = 0;
2bc49a2016-02-02Martin Nilsson static ATTRIBUTE((target("sse4")))
6b77172017-10-30Stephen R. van den Berg  unsigned int intel_crc32c(const unsigned int *p, size_t len, unsigned int h)
f27dae2015-11-11Martin Nilsson { const unsigned int *e = p + (len>>2); const unsigned char *c = (const unsigned char*)e;
6b77172017-10-30Stephen R. van den Berg  h = ~h;
f27dae2015-11-11Martin Nilsson  /* .. all full integers .. */ while( p<e ) h = __builtin_ia32_crc32si(h, *(p++)); len &= 3; /* any remaining bytes. */ while( len-- ) h = __builtin_ia32_crc32qi(h, *(c++));
6b77172017-10-30Stephen R. van den Berg  return ~h;
f27dae2015-11-11Martin Nilsson } #endif /* HAVE_CRC32_INTRINSICS */ /* Copyright 2001, D. Otis. Use this program, code or tables */ /* extracted from it, as desired without restriction. */ static const INT32 crc[256] = { 0x00000000, 0xF26B8303, 0xE13B70F7, 0x1350F3F4, 0xC79A971F, 0x35F1141C, 0x26A1E7E8, 0xD4CA64EB, 0x8AD958CF, 0x78B2DBCC, 0x6BE22838, 0x9989AB3B, 0x4D43CFD0, 0xBF284CD3, 0xAC78BF27, 0x5E133C24, 0x105EC76F, 0xE235446C, 0xF165B798, 0x030E349B, 0xD7C45070, 0x25AFD373, 0x36FF2087, 0xC494A384, 0x9A879FA0, 0x68EC1CA3, 0x7BBCEF57, 0x89D76C54, 0x5D1D08BF, 0xAF768BBC, 0xBC267848, 0x4E4DFB4B, 0x20BD8EDE, 0xD2D60DDD, 0xC186FE29, 0x33ED7D2A, 0xE72719C1, 0x154C9AC2, 0x061C6936, 0xF477EA35, 0xAA64D611, 0x580F5512, 0x4B5FA6E6, 0xB93425E5, 0x6DFE410E, 0x9F95C20D, 0x8CC531F9, 0x7EAEB2FA, 0x30E349B1, 0xC288CAB2, 0xD1D83946, 0x23B3BA45, 0xF779DEAE, 0x05125DAD, 0x1642AE59, 0xE4292D5A, 0xBA3A117E, 0x4851927D, 0x5B016189, 0xA96AE28A, 0x7DA08661, 0x8FCB0562, 0x9C9BF696, 0x6EF07595, 0x417B1DBC, 0xB3109EBF, 0xA0406D4B, 0x522BEE48, 0x86E18AA3, 0x748A09A0, 0x67DAFA54, 0x95B17957, 0xCBA24573, 0x39C9C670, 0x2A993584, 0xD8F2B687, 0x0C38D26C, 0xFE53516F, 0xED03A29B, 0x1F682198, 0x5125DAD3, 0xA34E59D0, 0xB01EAA24, 0x42752927, 0x96BF4DCC, 0x64D4CECF, 0x77843D3B, 0x85EFBE38, 0xDBFC821C, 0x2997011F, 0x3AC7F2EB, 0xC8AC71E8, 0x1C661503, 0xEE0D9600, 0xFD5D65F4, 0x0F36E6F7, 0x61C69362, 0x93AD1061, 0x80FDE395, 0x72966096, 0xA65C047D, 0x5437877E, 0x4767748A, 0xB50CF789, 0xEB1FCBAD, 0x197448AE, 0x0A24BB5A, 0xF84F3859, 0x2C855CB2, 0xDEEEDFB1, 0xCDBE2C45, 0x3FD5AF46, 0x7198540D, 0x83F3D70E, 0x90A324FA, 0x62C8A7F9, 0xB602C312, 0x44694011, 0x5739B3E5, 0xA55230E6, 0xFB410CC2, 0x092A8FC1, 0x1A7A7C35, 0xE811FF36, 0x3CDB9BDD, 0xCEB018DE, 0xDDE0EB2A, 0x2F8B6829, 0x82F63B78, 0x709DB87B, 0x63CD4B8F, 0x91A6C88C, 0x456CAC67, 0xB7072F64, 0xA457DC90, 0x563C5F93, 0x082F63B7, 0xFA44E0B4, 0xE9141340, 0x1B7F9043, 0xCFB5F4A8, 0x3DDE77AB, 0x2E8E845F, 0xDCE5075C, 0x92A8FC17, 0x60C37F14, 0x73938CE0, 0x81F80FE3, 0x55326B08, 0xA759E80B, 0xB4091BFF, 0x466298FC, 0x1871A4D8, 0xEA1A27DB, 0xF94AD42F, 0x0B21572C, 0xDFEB33C7, 0x2D80B0C4, 0x3ED04330, 0xCCBBC033, 0xA24BB5A6, 0x502036A5, 0x4370C551, 0xB11B4652, 0x65D122B9, 0x97BAA1BA, 0x84EA524E, 0x7681D14D, 0x2892ED69, 0xDAF96E6A, 0xC9A99D9E, 0x3BC21E9D, 0xEF087A76, 0x1D63F975, 0x0E330A81, 0xFC588982, 0xB21572C9, 0x407EF1CA, 0x532E023E, 0xA145813D, 0x758FE5D6, 0x87E466D5, 0x94B49521, 0x66DF1622, 0x38CC2A06, 0xCAA7A905, 0xD9F75AF1, 0x2B9CD9F2, 0xFF56BD19, 0x0D3D3E1A, 0x1E6DCDEE, 0xEC064EED, 0xC38D26C4, 0x31E6A5C7, 0x22B65633, 0xD0DDD530, 0x0417B1DB, 0xF67C32D8, 0xE52CC12C, 0x1747422F, 0x49547E0B, 0xBB3FFD08, 0xA86F0EFC, 0x5A048DFF, 0x8ECEE914, 0x7CA56A17, 0x6FF599E3, 0x9D9E1AE0, 0xD3D3E1AB, 0x21B862A8, 0x32E8915C, 0xC083125F, 0x144976B4, 0xE622F5B7, 0xF5720643, 0x07198540, 0x590AB964, 0xAB613A67, 0xB831C993, 0x4A5A4A90, 0x9E902E7B, 0x6CFBAD78, 0x7FAB5E8C, 0x8DC0DD8F, 0xE330A81A, 0x115B2B19, 0x020BD8ED, 0xF0605BEE, 0x24AA3F05, 0xD6C1BC06, 0xC5914FF2, 0x37FACCF1, 0x69E9F0D5, 0x9B8273D6, 0x88D28022, 0x7AB90321, 0xAE7367CA, 0x5C18E4C9, 0x4F48173D, 0xBD23943E, 0xF36E6F75, 0x0105EC76, 0x12551F82, 0xE03E9C81, 0x34F4F86A, 0xC69F7B69, 0xD5CF889D, 0x27A40B9E, 0x79B737BA, 0x8BDCB4B9, 0x988C474D, 0x6AE7C44E, 0xBE2DA0A5, 0x4C4623A6, 0x5F16D052, 0xAD7D5351, };
75fd3e2017-10-31Stephen R. van den Berg /*! @decl int(0..) crc32c(string(8bit) data, void|int(0..) seed)
f27dae2015-11-11Martin Nilsson  *! Implements the Castagnoli CRC, CRC32C. Hardware optimized on Intel *! CPUs with SSE 4.2.
6b77172017-10-30Stephen R. van den Berg  *! *! @param seed *! Can be fed with the result of the previous invocation to chain on new data. *! Defaults to zero on virgin runs.
f27dae2015-11-11Martin Nilsson  */
75fd3e2017-10-31Stephen R. van den Berg PIKEFUN int(0..) crc32c(string(8bit) data, void|int(0..) seed)
f27dae2015-11-11Martin Nilsson {
6b77172017-10-30Stephen R. van den Berg  unsigned int h = 0;
d81a952018-01-13Martin Nilsson  if(seed)
6b77172017-10-30Stephen R. van den Berg  h = seed->u.integer;
d81a952018-01-13Martin Nilsson 
f27dae2015-11-11Martin Nilsson #ifdef HAVE_CRC32_INTRINSICS if(supports_sse42) {
6b77172017-10-30Stephen R. van den Berg  push_int64(intel_crc32c((const unsigned int *)data->str, data->len, h));
f27dae2015-11-11Martin Nilsson  } else #endif /* HAVE_CRC32_INTRISINCS */ {
6b77172017-10-30Stephen R. van den Berg  unsigned int i=0, len = data->len; for(h = ~h; i<len; i++)
f27dae2015-11-11Martin Nilsson  h = (h>>8)^crc[(h^data->str[i])&0xFF];
6b77172017-10-30Stephen R. van den Berg  push_int64(~h);
f27dae2015-11-11Martin Nilsson  } }
1ab4b12003-03-18Niels Möller /*! @endmodule */
770fee2003-03-12Henrik Grubbström (Grubba) 
654f152003-03-14Marcus Comstedt #endif /* HAVE_LIBNETTLE */
4e1f622003-03-13Niels Möller PIKE_MODULE_INIT {
099d682004-01-30Martin Nilsson #ifdef __NT__ struct program *nt_program = NULL; struct object *nt_object = NULL; #endif /* __NT__ */
4e1f622003-03-13Niels Möller  INIT;
654f152003-03-14Marcus Comstedt #ifdef HAVE_LIBNETTLE
4e1f622003-03-13Niels Möller  hash_init();
024d802014-04-21Henrik Grubbström (Grubba)  mac_init();
636c422003-03-18Niels Möller  cipher_init();
89dce22014-04-23Henrik Grubbström (Grubba)  aead_init();
654f152003-03-14Marcus Comstedt #endif /* HAVE_LIBNETTLE */
099d682004-01-30Martin Nilsson #ifdef __NT__ start_new_program(); nt_init(); nt_program = end_program(); add_object_constant("NT", nt_object=clone_object(nt_program,0), 0); free_object(nt_object); free_program(nt_program); #endif /* __NT__ */
d5f6892013-11-24Martin Nilsson #ifdef HAVE_LIBHOGWEED hogweed_init(); #endif
f27dae2015-11-11Martin Nilsson  #ifdef HAVE_CRC32_INTRINSICS { INT32 cpuid[4]; x86_get_cpuid (1, cpuid); supports_sse42 = cpuid[3] & bit_SSE4_2; } #endif /* HAVE_CRC32_INTRISINCS */
4e1f622003-03-13Niels Möller } PIKE_MODULE_EXIT {
654f152003-03-14Marcus Comstedt #ifdef HAVE_LIBNETTLE
89dce22014-04-23Henrik Grubbström (Grubba)  aead_exit();
636c422003-03-18Niels Möller  cipher_exit();
024d802014-04-21Henrik Grubbström (Grubba)  mac_exit();
4e1f622003-03-13Niels Möller  hash_exit();
654f152003-03-14Marcus Comstedt #endif /* HAVE_LIBNETTLE */
099d682004-01-30Martin Nilsson #ifdef __NT__ nt_exit(); #endif /* __NT__ */
d5f6892013-11-24Martin Nilsson #ifdef HAVE_LIBHOGWEED hogweed_exit(); #endif
4e1f622003-03-13Niels Möller  EXIT; }