pike.git / src / post_modules / Nettle / nettle.cmod

version» Context lines:

pike.git/src/post_modules/Nettle/nettle.cmod:1:   /* nettle.cmod -*- c -*- */ - /* $Id: nettle.cmod,v 1.53 2009/07/05 14:09:20 grubba Exp $ */ + /* $Id: nettle.cmod,v 1.54 2009/07/05 14:35:03 grubba Exp $ */      #include "global.h"   #include "interpret.h"   #include "svalue.h"   /* For this_object() */   #include "object.h"   #include "operators.h"   #include "module_support.h"   #include "threads.h"   
pike.git/src/post_modules/Nettle/nettle.cmod:38:    *! Yarrow-160 is described in a paper at    *! @url{http://www.counterpane.com/yarrow.html@}, and it uses SHA1 and    *! triple-DES, and has a 160-bit internal state. Nettle implements    *! Yarrow-256, which is similar, but uses SHA256 and AES to get an    *! internal state of 256 bits.    */   PIKECLASS Yarrow   {    CVAR struct yarrow256_ctx ctx;    CVAR struct yarrow_source *sources; +    #ifndef HAVE_STRUCT_YARROW256_CTX_SEED_FILE -  +  /* NOTE: Nettle 2.0 does not have the automatic seed_file maintenance +  * that Nettle 1.x had. This stuff is needed since it affected +  * the state emitted by random_string(). When Nettle 2.0 is the +  * default, consider implementing this via overloading of the +  * various seeding functions instead, since it does have a bit +  * of overhead. +  * +  * /grubba 2009-07-05 +  */    PIKEVAR string seed_file flags ID_PRIVATE|ID_STATIC; -  +  +  static void pike_generate_seed_file(void) +  { +  struct pike_string *seed_file = +  begin_shared_string(YARROW256_SEED_FILE_SIZE); +  yarrow256_random(&THIS->ctx, YARROW256_SEED_FILE_SIZE, STR0(seed_file)); +  if (THIS->seed_file) { +  free_string(THIS->seed_file); +  } +  THIS->seed_file = end_shared_string(seed_file); +  } + #else + #define pike_generate_seed_file()   #endif       /*! @decl void create(void|int sources)    *! The number of entropy sources that will feed entropy to the    *! random number generator is given as an argument to Yarrow    *! during instantiation.    *! @seealso    *! @[update]    */    PIKEFUN void create(void|int arg)
pike.git/src/post_modules/Nettle/nettle.cmod:91:    */    PIKEFUN object seed(string data)    optflags OPT_SIDE_EFFECT;    {    if(data->len < YARROW256_SEED_FILE_SIZE)    Pike_error("Seed must be at least %d characters.\n",    YARROW256_SEED_FILE_SIZE);       NO_WIDE_STRING(data);    yarrow256_seed(&THIS->ctx, data->len, STR0(data)); - #ifndef HAVE_STRUCT_YARROW256_CTX_SEED_FILE -  { -  struct pike_string *seed_file = -  begin_shared_string(YARROW256_SEED_FILE_SIZE); -  yarrow256_random(&THIS->ctx, YARROW256_SEED_FILE_SIZE, STR0(seed_file)); -  if (THIS->seed_file) { -  free_string(THIS->seed_file); -  } -  THIS->seed_file = end_shared_string(seed_file); -  } - #endif +  pike_generate_seed_file();    RETURN this_object();    }       /*! @decl int(0..) min_seed_size()    *! Returns the minimal number of characters that the @[seed]    *! needs to properly seed the random number generator.    *! @seealso    *! @[seed]    */    PIKEFUN int(0..) min_seed_size()    optflags OPT_TRY_OPTIMIZE;    {    RETURN YARROW256_SEED_FILE_SIZE;    }    -  /*! @decl __deprecated__ string(0..255) get_seed() +  /*! @decl string(0..255) get_seed()    *! Returns part of the internal state so that it can    *! be saved for later seeding.    *! -  *! @note -  *! Note that the value returned by this function is only genererated -  *! when @[seed()] is called. For a seed that takes later incremental -  *! seeding into account, consider using @expr{random_string(32)@} -  *! instead. -  *! +     *! @seealso    *! @[seed()], @[random_string()]    */    PIKEFUN string get_seed()    optflags OPT_EXTERNAL_DEPEND;    rawtype tDeprecated(tFunc(tNone, tStr8));    {    if( !yarrow256_is_seeded(&THIS->ctx) )    Pike_error("Random generator not seeded.\n");      #ifdef HAVE_STRUCT_YARROW256_CTX_SEED_FILE    RETURN make_shared_binary_string(THIS->ctx.seed_file,    YARROW256_SEED_FILE_SIZE);   #else -  +  if (THIS->seed_file) {    REF_RETURN THIS->seed_file; -  +  } else { +  struct pike_string *s = begin_shared_string(YARROW256_SEED_FILE_SIZE); +  RETURN end_shared_string(s); +  }   #endif /* HAVE_STRUCT_YARROW256_CTX_SEED_FILE */    }       /*! @decl int(0..1) is_seeded()    *! Returns 1 if the random generator is seeded and ready    *! to generator output. 0 otherwise.    *! @seealso    *! @[seed]    */    PIKEFUN int(0..1) is_seeded()
pike.git/src/post_modules/Nettle/nettle.cmod:177:    *    * * Changes to the yarrow256 interface. The function    * yarrow256_force_reseed has been replaced by the two    * functions yarrow256_fast_reseed and yarrow256_slow_reseed,    * which were previously static.    */    yarrow256_slow_reseed(&THIS->ctx);   #else    yarrow256_force_reseed(&THIS->ctx);   #endif +  pike_generate_seed_file();    }       /*! @decl int(0..1) update(string data, int source, int entropy)    *! Inject additional entropy into the random number generator.    *!    *! @seealso    *! @[create]    */    PIKEFUN int(0..1) update(string data, int source, int entropy)    optflags OPT_SIDE_EFFECT;    { -  +  int ret;    /* FIXME: Wide strings could actually be supported here */    NO_WIDE_STRING(data);    if( !THIS->sources )    Pike_error("This random generator has no sources.\n");    if( source<0 || (unsigned)source>=THIS->ctx.nsources )    Pike_error("Invalid random source.\n");    if( entropy<0 )    Pike_error("Entropy must be positive.\n");    if( entropy>(data->len*8) )    Pike_error("Impossibly large entropy value.\n"); -  RETURN yarrow256_update(&THIS->ctx, source, entropy, data->len, +  ret = yarrow256_update(&THIS->ctx, source, entropy, data->len,    (const uint8_t *)data->str); -  +  if (ret) +  pike_generate_seed_file(); +  RETURN ret;    }       /*! @decl int(0..) needed_sources()    *! The number of sources that must reach the threshold before a    *! slow reseed will happen.    */    PIKEFUN int(0..) needed_sources()    optflags OPT_EXTERNAL_DEPEND;    {    RETURN yarrow256_needed_sources(&THIS->ctx);