pike.git / src / post_modules / Nettle / nettle.cmod

version» Context lines:

pike.git/src/post_modules/Nettle/nettle.cmod:253:    *! To use this class an entropy accumulator needs to be implemented    *! and supply the @[reseed()] method with new entopy.    */   PIKECLASS Fortuna   program_flags PROGRAM_CLEAR_STORAGE;   {    CVAR struct aes_ctx aes_ctx;    CVAR struct sha256_ctx sha_ctx;    CVAR uint8_t *key;    CVAR uint8_t *ctr; -  CVAR uint8_t *data; +        DECLARE_STORAGE;      #ifndef AES256_KEY_SIZE   #define AES256_KEY_SIZE (256>>3)   #endif    -  static void fortuna_generate(void) +  static void fortuna_generate(uint8_t *data)    { -  aes_encrypt(&THIS->aes_ctx, 16, THIS->data, THIS->ctr); +  aes_encrypt(&THIS->aes_ctx, 16, data, THIS->ctr);    INCREMENT(16, THIS->ctr);    }       static void fortuna_rekey(void)    { -  fortuna_generate(); -  memcpy(THIS->key, THIS->data, 16); -  fortuna_generate(); -  memcpy(THIS->key+16, THIS->data, 16); +  fortuna_generate(THIS->key); +  fortuna_generate(THIS->key+16);    aes_set_encrypt_key(&THIS->aes_ctx, AES256_KEY_SIZE, THIS->key);    }       /*! @decl void reseed(string(8bit) data)    *! Updated the internal key with the provided additional entropy.    */    PIKEFUN void reseed(string(8bit) data)    {    sha256_update(&THIS->sha_ctx, 32, THIS->key);    sha256_update(&THIS->sha_ctx, data->len, (const uint8_t *)data->str);
pike.git/src/post_modules/Nettle/nettle.cmod:298:    /*! @decl string(8bit) random_string(int(0..) len)    *!    *! Generates @[len] amount of pseudo random data. In contrast with    *! the Fortuna PseudoRandomData function, which only allows 2^20    *! bytes of random data per call, the necessary rekey operations    *! are here performed internally, so no such restrictions apply.    */    PIKEFUN string(8bit) random_string(int len)    {    int stored = 0; -  struct string_builder s; +        if(len<0) Pike_error("Length has to be positive.\n"); -  init_string_builder_alloc(&s, len, 0); -  -  while( stored < len ) +  struct pike_string *s = begin_shared_string(len); +  uint8_t *str = (uint8_t *)s->str; +  while( (len-stored) >= 16 )    { -  fortuna_generate(); -  string_builder_binary_strcat(&s, (const char *)THIS->data, -  MINIMUM(16, (len-stored))); -  -  /* This should really be MINIMUM(16, (len-stored)) instead of -  16, but it is only less than 16 in the last round, so it -  doesn't matter if we rekey here or not. */ +  fortuna_generate(str);    stored += 16; -  +  str += 16;       if( !(stored % (1<<20)) )    fortuna_rekey();    }    -  /* Inverse of the above conditional, to avoid having fortuna_rekey -  applied twice in the rare condition that the string length is a -  multiple of 1<<20. */ -  if( (stored % (1<<20)) ) +  if( len>stored ) +  { +  uint8_t *buf = alloca(16); +  fortuna_generate(buf); +  memcpy(str, buf, len-stored); +  } +     fortuna_rekey();    -  RETURN finish_string_builder(&s); +  RETURN end_shared_string(s);    }       INIT    {    THIS->ctr = xcalloc(1,16);    THIS->key = xcalloc(1,32);    aes_set_encrypt_key(&THIS->aes_ctx, AES256_KEY_SIZE, THIS->key);    sha256_init(&THIS->sha_ctx); -  THIS->data = xalloc(16); +     }       EXIT    gc_trivial;    {    free(THIS->ctr);    free(THIS->key); -  free(THIS->data); +     }   }      /*! @endclass    */      /*! @decl int(0..) rsa_unpad(string(0..255) data, int(1..2) type)    *!    *! Unpads a message that has been padded according to    *! RSAES-PKCS1-V1_5-ENCODE(message) in PKCS#1 v2.2, but without the