Digest-Hashcash/Hashcash.xs

#include "EXTERN.h"
#include "perl.h"
#include "XSUB.h"

#include <time.h>
#include <stdlib.h>
#include <stdint.h>

#include "perlmulticore.h"

/* NIST Secure Hash Algorithm */
/* heavily modified by Uwe Hollerbach <uh@alumni.caltech edu> */
/* from Peter C. Gutmann's implementation as found in */
/* Applied Cryptography by Bruce Schneier */
/* Further modifications to include the "UNRAVEL" stuff, below */

/* This code is in the public domain */

/* pcg: I was tempted to just rip this code off, after all, if you don't
 * demand anything I am inclined not to give anything. *Sigh* something
 * kept me from doing it, so here's the truth: I took this code from the
 * SHA1 perl module, since it looked reasonably well-crafted. I modified
 * it here and there, though.
 */

/*
 * we have lots of micro-optimizations here, this is just for toying
 * around...
 */

/* don't expect _too_ much from compilers for now. */
#if __GNUC__ > 2
#  define restrict __restrict__
#  define inline __inline__
#  ifdef __i386
#     define GCCX86ASM 1
#  endif
#elif __STDC_VERSION__ < 199900
#  define restrict
#  define inline
#endif

#if __GNUC__ < 2
#  define __attribute__(x)
#endif

#ifdef __i386
#  define a_regparm(n) __attribute__((__regparm__(n)))
#else
#  define a_regparm(n)
#endif

#define a_const __attribute__((__const__))

/* Useful defines & typedefs */

#if defined(U64TYPE) && (defined(USE_64_BIT_INT) || ((BYTEORDER != 0x1234) && (BYTEORDER != 0x4321)))
typedef U64TYPE XULONG;
#  if BYTEORDER == 0x1234
#    undef BYTEORDER
#    define BYTEORDER 0x12345678
#  elif BYTEORDER == 0x4321
#    undef BYTEORDER
#    define BYTEORDER 0x87654321
#  endif
#else
typedef uint_fast32_t XULONG;     /* 32-or-more-bit quantity */
#endif

#if GCCX86ASM
#  define zprefix(n) ({ int _r; __asm__ ("bsrl %1, %0" : "=r" (_r) : "r" (n)); 31 - _r ; })
#elif __GNUC__ > 2 && __GNUC_MINOR__ > 3
#  define zprefix(n) (__extension__ ({ uint32_t n__ = (n); n ? __builtin_clz (n) : 32; }))
#else
static int a_const zprefix (U32 n)
{
  static char zp[256] =
    {
      8, 7, 6, 6, 5, 5, 5, 5, 4, 4, 4, 4, 4, 4, 4, 4,
      3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
      2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
      2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
      1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
      1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
      1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
      1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    };

  return
    n > 0xffffff ?      zp[n >> 24]
    : n > 0xffff ?  8 + zp[n >> 16]
    : n >   0xff ? 16 + zp[n >>  8]
    :              24 + zp[n];
}
#endif

#define SHA_BLOCKSIZE           64
#define SHA_DIGESTSIZE          20

typedef struct {
    U32 digest[5];              /* message digest */
    U32 count;          /* 32-bit bit count */
    int local;                  /* unprocessed amount in data */
    U8 data[SHA_BLOCKSIZE];     /* SHA data buffer */
} SHA_INFO;


/* SHA f()-functions */
#define f1(x,y,z)       ((x & y) | (~x & z))
#define f2(x,y,z)       (x ^ y ^ z)
#define f3(x,y,z)       ((x & y) | (x & z) | (y & z))
#define f4(x,y,z)       (x ^ y ^ z)

/* SHA constants */
#define CONST1          0x5a827999L
#define CONST2          0x6ed9eba1L
#define CONST3          0x8f1bbcdcL
#define CONST4          0xca62c1d6L

/* truncate to 32 bits -- should be a null op on 32-bit machines */
#define T32(x)  ((x) & 0xffffffffL)

/* 32-bit rotate */
#define R32(x,n)        T32(((x << n) | (x >> (32 - n))))

/* specific cases, for when the overall rotation is unraveled */
#define FA(n)   \
    T = T32(R32(A,5) + f##n(B,C,D) + E + *WP++ + CONST##n); B = R32(B,30)

#define FB(n)   \
    E = T32(R32(T,5) + f##n(A,B,C) + D + *WP++ + CONST##n); A = R32(A,30)

#define FC(n)   \
    D = T32(R32(E,5) + f##n(T,A,B) + C + *WP++ + CONST##n); T = R32(T,30)

#define FD(n)   \
    C = T32(R32(D,5) + f##n(E,T,A) + B + *WP++ + CONST##n); E = R32(E,30)

#define FE(n)   \
    B = T32(R32(C,5) + f##n(D,E,T) + A + *WP++ + CONST##n); D = R32(D,30)

#define FT(n)   \
    A = T32(R32(B,5) + f##n(C,D,E) + T + *WP++ + CONST##n); C = R32(C,30)

static void a_regparm(1) sha_transform(SHA_INFO *restrict sha_info)
{
    int i;
    U8 *restrict dp;
    U32 A, B, C, D, E, W[80], *restrict WP;
    XULONG T;

    dp = sha_info->data;

#if BYTEORDER == 0x1234
    assert(sizeof(XULONG) == 4);
#  ifdef HAS_NTOHL
    for (i = 0; i < 16; ++i) {
        T = *((XULONG *) dp);
        dp += 4;
        W[i] = ntohl (T);
    }
#  else
    for (i = 0; i < 16; ++i) {
        T = *((XULONG *) dp);
        dp += 4;
        W[i] =  ((T << 24) & 0xff000000) | ((T <<  8) & 0x00ff0000) |
                ((T >>  8) & 0x0000ff00) | ((T >> 24) & 0x000000ff);
    }
#  endif
#elif BYTEORDER == 0x4321
    assert(sizeof(XULONG) == 4);
    for (i = 0; i < 16; ++i) {
        T = *((XULONG *) dp);
        dp += 4;
        W[i] = T32(T);
    }
#elif BYTEORDER == 0x12345678
    assert(sizeof(XULONG) == 8);
    for (i = 0; i < 16; i += 2) {
        T = *((XULONG *) dp);
        dp += 8;
        W[i] =  ((T << 24) & 0xff000000) | ((T <<  8) & 0x00ff0000) |
                ((T >>  8) & 0x0000ff00) | ((T >> 24) & 0x000000ff);
        T >>= 32;
        W[i+1] = ((T << 24) & 0xff000000) | ((T <<  8) & 0x00ff0000) |
                 ((T >>  8) & 0x0000ff00) | ((T >> 24) & 0x000000ff);
    }
#elif BYTEORDER == 0x87654321
    assert(sizeof(XULONG) == 8);
    for (i = 0; i < 16; i += 2) {
        T = *((XULONG *) dp);
        dp += 8;
        W[i] = T32(T >> 32);
        W[i+1] = T32(T);
    }
#else
#error Unknown byte order -- you need to add code here
#endif

    for (i = 16; i < 80; ++i)
      {
        T = W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16];
        W[i] = R32(T,1);
      }

    A = sha_info->digest[0];
    B = sha_info->digest[1];
    C = sha_info->digest[2];
    D = sha_info->digest[3];
    E = sha_info->digest[4];

    WP = W;
    FA(1); FB(1); FC(1); FD(1); FE(1); FT(1); FA(1); FB(1); FC(1); FD(1);
    FE(1); FT(1); FA(1); FB(1); FC(1); FD(1); FE(1); FT(1); FA(1); FB(1);
    FC(2); FD(2); FE(2); FT(2); FA(2); FB(2); FC(2); FD(2); FE(2); FT(2);
    FA(2); FB(2); FC(2); FD(2); FE(2); FT(2); FA(2); FB(2); FC(2); FD(2);
    FE(3); FT(3); FA(3); FB(3); FC(3); FD(3); FE(3); FT(3); FA(3); FB(3);
    FC(3); FD(3); FE(3); FT(3); FA(3); FB(3); FC(3); FD(3); FE(3); FT(3);
    FA(4); FB(4); FC(4); FD(4); FE(4); FT(4); FA(4); FB(4); FC(4); FD(4);
    FE(4); FT(4); FA(4); FB(4); FC(4); FD(4); FE(4); FT(4); FA(4); FB(4);

    sha_info->digest[0] = T32(sha_info->digest[0] + E);
    sha_info->digest[1] = T32(sha_info->digest[1] + T);
    sha_info->digest[2] = T32(sha_info->digest[2] + A);
    sha_info->digest[3] = T32(sha_info->digest[3] + B);
    sha_info->digest[4] = T32(sha_info->digest[4] + C);
}

/* initialize the SHA digest */

static void sha_init(SHA_INFO *restrict sha_info)
{
    sha_info->digest[0] = 0x67452301L;
    sha_info->digest[1] = 0xefcdab89L;
    sha_info->digest[2] = 0x98badcfeL;
    sha_info->digest[3] = 0x10325476L;
    sha_info->digest[4] = 0xc3d2e1f0L;
    sha_info->count = 0L;
    sha_info->local = 0;
}

/* update the SHA digest */

static void sha_update(SHA_INFO *restrict sha_info, U8 *restrict buffer, int count)
{
    int i;

    sha_info->count += count;
    if (sha_info->local) {
        i = SHA_BLOCKSIZE - sha_info->local;
        if (i > count) {
            i = count;
        }
        memcpy(((U8 *) sha_info->data) + sha_info->local, buffer, i);
        count -= i;
        buffer += i;
        sha_info->local += i;
        if (sha_info->local == SHA_BLOCKSIZE) {
            sha_transform(sha_info);
        } else {
            return;
        }
    }
    while (count >= SHA_BLOCKSIZE) {
        memcpy(sha_info->data, buffer, SHA_BLOCKSIZE);
        buffer += SHA_BLOCKSIZE;
        count -= SHA_BLOCKSIZE;
        sha_transform(sha_info);
    }
    memcpy(sha_info->data, buffer, count);
    sha_info->local = count;
}

/* finish computing the SHA digest */
static int sha_final(SHA_INFO *sha_info)
{
  int count = sha_info->count;
  int local = sha_info->local;

  sha_info->data[local] = 0x80;

  if (sha_info->local >= SHA_BLOCKSIZE - 8) {
    memset(sha_info->data + local + 1, 0, SHA_BLOCKSIZE - 1 - local);
    sha_transform(sha_info);
    memset(sha_info->data, 0, SHA_BLOCKSIZE - 2);
  } else {
    memset(sha_info->data + local + 1, 0, SHA_BLOCKSIZE - 3 - local);
  }

  sha_info->data[62] = count >> 5;
  sha_info->data[63] = count << 3;

  sha_transform (sha_info);

  return sha_info->digest[0]
           ? zprefix (sha_info->digest[0])
           : zprefix (sha_info->digest[1]) + 32;
}

#define TRIALCHAR "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$%&()*+,-./;<=>?@[]{}^_|"

static char
nextenc[256];

static char
rand_char ()
{
  return TRIALCHAR[(int)(Drand01 () * sizeof (TRIALCHAR))];
}

typedef double (*NVTime)(void);

static double
simple_nvtime (void)
{
  return time (0);
}

static NVTime
get_nvtime (void)
{
  SV **svp = hv_fetch (PL_modglobal, "Time::NVtime", 12, 0);

  if (svp && SvIOK(*svp))
    return INT2PTR(NVTime, SvIV(*svp));
  else
    return simple_nvtime;

}

MODULE = Digest::Hashcash               PACKAGE = Digest::Hashcash

BOOT:
{
   int i;

   for (i = 0; i < sizeof (TRIALCHAR); i++)
     nextenc[TRIALCHAR[i]] = TRIALCHAR[(i + 1) % sizeof (TRIALCHAR)];
}

PROTOTYPES: ENABLE

# could be improved quite a bit in accuracy
NV
_estimate_rounds ()
        CODE:
{
        char data[40];
        NVTime nvtime = get_nvtime ();
        NV t1, t2, t;
        int count = 0;
        SHA_INFO ctx;

        t = nvtime ();
        do {
          t1 = nvtime ();
        } while (t == t1);

        t = t2 = nvtime ();
        do {
          volatile int i;
          sha_init (&ctx);
          sha_update (&ctx, data, sizeof (data));
          i = sha_final (&ctx);

          if (!(++count & 1023))
            t2 = nvtime ();

        } while (t == t2);

        RETVAL = (NV)count / (t2 - t1);
}
        OUTPUT:
        RETVAL

SV *
_gentoken (int size, IV timestamp, char *resource, char *trial = "", int extrarand = 0)
        CODE:
{
        SHA_INFO ctx1, ctx;
        char *token, *seq, *s;
        int toklen, i;
        time_t tstamp = timestamp ? timestamp : time (0);
        struct tm *tm = gmtime (&tstamp);

        New (0, token,
             1 + 1                    // version
             + 12 + 1                 // time field sans century
             + strlen (resource) + 1  // ressource
             + strlen (trial) + extrarand + 8 + 1 // trial
             + 1,
             char);

        if (!token)
          croak ("out of memory");

        if (size > 64)
          croak ("size must be <= 64 in this implementation\n");

        toklen = sprintf (token, "%d:%02d%02d%02d%02d%02d%02d:%s:%s",
                          0, tm->tm_year % 100, tm->tm_mon + 1, tm->tm_mday,
                          tm->tm_hour, tm->tm_min, tm->tm_sec,
                          resource, trial);

        if (toklen > 8000)
          croak ("token length must be <= 8000 in this implementation\n");

        perlinterp_release ();

        i = toklen + extrarand;
        while (toklen < i)
          token[toklen++] = rand_char ();

        sha_init (&ctx1);
        sha_update (&ctx1, token, toklen);

        seq = token + toklen;
        i +=  8;
        while (toklen < i)
          token[toklen++] = rand_char ();

        for (;;)
          {
            ctx = ctx1; // this "optimization" can help a lot for longer resource strings
            sha_update (&ctx, seq, 8);
            i = sha_final (&ctx);

            if (i >= size)
              break;

            s = seq;
            do {
              *s = nextenc [*s];
            } while (*s++ == 'a');
          }

        perlinterp_acquire ();

        RETVAL = newSVpvn (token, toklen);
}
        OUTPUT:
        RETVAL

int
_prefixlen (SV *tok)
        CODE:
{
        STRLEN toklen;
        char *token = SvPV (tok, toklen);
        SHA_INFO ctx;

        sha_init (&ctx);
        sha_update (&ctx, token, toklen);
        RETVAL = sha_final (&ctx);
}
        OUTPUT:
        RETVAL


Revision:	1.8
Committed:	Wed Jul 22 10:33:08 2015 UTC (8 years, 10 months ago) by root
Branch:	MAIN
CVS Tags:	rel-1_1, HEAD
Changes since 1.7:	+16 -15 lines
Log Message:	1.1
#	User	Rev	Content
1	root	1.1	#include "EXTERN.h"
2			#include "perl.h"
3			#include "XSUB.h"
4
5			#include <time.h>
6			#include <stdlib.h>
7			#include <stdint.h>
8
9	root	1.7	#include "perlmulticore.h"
10
11	root	1.1	/* NIST Secure Hash Algorithm */
12			/* heavily modified by Uwe Hollerbach <uh@alumni.caltech edu> */
13			/* from Peter C. Gutmann's implementation as found in */
14			/* Applied Cryptography by Bruce Schneier */
15			/* Further modifications to include the "UNRAVEL" stuff, below */
16
17			/* This code is in the public domain */
18
19			/* pcg: I was tempted to just rip this code off, after all, if you don't
20			* demand anything I am inclined not to give anything. Sigh something
21			* kept me from doing it, so here's the truth: I took this code from the
22			* SHA1 perl module, since it looked reasonably well-crafted. I modified
23			* it here and there, though.
24			*/
25
26	root	1.5	/*
27			* we have lots of micro-optimizations here, this is just for toying
28			* around...
29			*/
30
31	root	1.1	/* don't expect _too_ much from compilers for now. */
32	root	1.2	#if __GNUC__ > 2
33	root	1.1	# define restrict __restrict__
34	root	1.2	# define inline __inline__
35			# ifdef __i386
36			# define GCCX86ASM 1
37			# endif
38	root	1.1	#elif __STDC_VERSION__ < 199900
39			# define restrict
40	root	1.2	# define inline
41	root	1.1	#endif
42
43	root	1.5	#if __GNUC__ < 2
44			# define __attribute__(x)
45			#endif
46
47			#ifdef __i386
48			# define a_regparm(n) __attribute__((__regparm__(n)))
49			#else
50			# define a_regparm(n)
51			#endif
52
53			#define a_const __attribute__((__const__))
54
55	root	1.1	/* Useful defines & typedefs */
56
57			#if defined(U64TYPE) && (defined(USE_64_BIT_INT) \|\| ((BYTEORDER != 0x1234) && (BYTEORDER != 0x4321)))
58	root	1.8	typedef U64TYPE XULONG;
59	root	1.4	# if BYTEORDER == 0x1234
60			# undef BYTEORDER
61			# define BYTEORDER 0x12345678
62			# elif BYTEORDER == 0x4321
63			# undef BYTEORDER
64	root	1.7	# define BYTEORDER 0x87654321
65	root	1.4	# endif
66	root	1.1	#else
67	root	1.8	typedef uint_fast32_t XULONG; /* 32-or-more-bit quantity */
68	root	1.1	#endif
69
70	root	1.2	#if GCCX86ASM
71			# define zprefix(n) ({ int _r; __asm__ ("bsrl %1, %0" : "=r" (_r) : "r" (n)); 31 - _r ; })
72	root	1.4	#elif __GNUC__ > 2 && __GNUC_MINOR__ > 3
73			# define zprefix(n) (__extension__ ({ uint32_t n__ = (n); n ? __builtin_clz (n) : 32; }))
74	root	1.2	#else
75	root	1.8	static int a_const zprefix (U32 n)
76	root	1.2	{
77			static char zp[256] =
78			{
79			8, 7, 6, 6, 5, 5, 5, 5, 4, 4, 4, 4, 4, 4, 4, 4,
80			3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
81			2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
82			2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
83			1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
84			1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
85			1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
86			1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
87			0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
88			0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
89			0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
90			0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
91			0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
92			0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
93			0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
94			0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
95			};
96
97			return
98			n > 0xffffff ? zp[n >> 24]
99			: n > 0xffff ? 8 + zp[n >> 16]
100			: n > 0xff ? 16 + zp[n >> 8]
101			: 24 + zp[n];
102			}
103			#endif
104
105	root	1.1	#define SHA_BLOCKSIZE 64
106			#define SHA_DIGESTSIZE 20
107
108			typedef struct {
109	root	1.8	U32 digest[5]; /* message digest */
110			U32 count; /* 32-bit bit count */
111	root	1.2	int local; /* unprocessed amount in data */
112	root	1.1	U8 data[SHA_BLOCKSIZE]; /* SHA data buffer */
113			} SHA_INFO;
114
115
116			/* SHA f()-functions */
117			#define f1(x,y,z) ((x & y) \| (~x & z))
118			#define f2(x,y,z) (x ^ y ^ z)
119			#define f3(x,y,z) ((x & y) \| (x & z) \| (y & z))
120			#define f4(x,y,z) (x ^ y ^ z)
121
122			/* SHA constants */
123			#define CONST1 0x5a827999L
124			#define CONST2 0x6ed9eba1L
125			#define CONST3 0x8f1bbcdcL
126			#define CONST4 0xca62c1d6L
127
128			/* truncate to 32 bits -- should be a null op on 32-bit machines */
129			#define T32(x) ((x) & 0xffffffffL)
130
131			/* 32-bit rotate */
132			#define R32(x,n) T32(((x << n) \| (x >> (32 - n))))
133
134			/* specific cases, for when the overall rotation is unraveled */
135			#define FA(n) \
136			T = T32(R32(A,5) + f##n(B,C,D) + E + *WP++ + CONST##n); B = R32(B,30)
137
138			#define FB(n) \
139			E = T32(R32(T,5) + f##n(A,B,C) + D + *WP++ + CONST##n); A = R32(A,30)
140
141			#define FC(n) \
142			D = T32(R32(E,5) + f##n(T,A,B) + C + *WP++ + CONST##n); T = R32(T,30)
143
144			#define FD(n) \
145			C = T32(R32(D,5) + f##n(E,T,A) + B + *WP++ + CONST##n); E = R32(E,30)
146
147			#define FE(n) \
148			B = T32(R32(C,5) + f##n(D,E,T) + A + *WP++ + CONST##n); D = R32(D,30)
149
150			#define FT(n) \
151			A = T32(R32(B,5) + f##n(C,D,E) + T + *WP++ + CONST##n); C = R32(C,30)
152
153	root	1.5	static void a_regparm(1) sha_transform(SHA_INFO *restrict sha_info)
154	root	1.1	{
155			int i;
156	root	1.5	U8 *restrict dp;
157	root	1.8	U32 A, B, C, D, E, W[80], *restrict WP;
158			XULONG T;
159	root	1.1
160			dp = sha_info->data;
161
162			#if BYTEORDER == 0x1234
163	root	1.8	assert(sizeof(XULONG) == 4);
164	root	1.2	# ifdef HAS_NTOHL
165			for (i = 0; i < 16; ++i) {
166	root	1.8	T = ((XULONG ) dp);
167	root	1.2	dp += 4;
168			W[i] = ntohl (T);
169			}
170			# else
171	root	1.1	for (i = 0; i < 16; ++i) {
172	root	1.8	T = ((XULONG ) dp);
173	root	1.1	dp += 4;
174			W[i] = ((T << 24) & 0xff000000) \| ((T << 8) & 0x00ff0000) \|
175			((T >> 8) & 0x0000ff00) \| ((T >> 24) & 0x000000ff);
176			}
177	root	1.2	# endif
178			#elif BYTEORDER == 0x4321
179	root	1.8	assert(sizeof(XULONG) == 4);
180	root	1.1	for (i = 0; i < 16; ++i) {
181	root	1.8	T = ((XULONG ) dp);
182	root	1.1	dp += 4;
183			W[i] = T32(T);
184			}
185	root	1.2	#elif BYTEORDER == 0x12345678
186	root	1.8	assert(sizeof(XULONG) == 8);
187	root	1.1	for (i = 0; i < 16; i += 2) {
188	root	1.8	T = ((XULONG ) dp);
189	root	1.1	dp += 8;
190			W[i] = ((T << 24) & 0xff000000) \| ((T << 8) & 0x00ff0000) \|
191			((T >> 8) & 0x0000ff00) \| ((T >> 24) & 0x000000ff);
192			T >>= 32;
193			W[i+1] = ((T << 24) & 0xff000000) \| ((T << 8) & 0x00ff0000) \|
194			((T >> 8) & 0x0000ff00) \| ((T >> 24) & 0x000000ff);
195			}
196	root	1.2	#elif BYTEORDER == 0x87654321
197	root	1.8	assert(sizeof(XULONG) == 8);
198	root	1.1	for (i = 0; i < 16; i += 2) {
199	root	1.8	T = ((XULONG ) dp);
200	root	1.1	dp += 8;
201			W[i] = T32(T >> 32);
202			W[i+1] = T32(T);
203			}
204	root	1.2	#else
205			#error Unknown byte order -- you need to add code here
206	root	1.1	#endif
207
208	root	1.2	for (i = 16; i < 80; ++i)
209			{
210			T = W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16];
211			W[i] = R32(T,1);
212			}
213	root	1.1
214			A = sha_info->digest[0];
215			B = sha_info->digest[1];
216			C = sha_info->digest[2];
217			D = sha_info->digest[3];
218			E = sha_info->digest[4];
219	root	1.2
220	root	1.1	WP = W;
221			FA(1); FB(1); FC(1); FD(1); FE(1); FT(1); FA(1); FB(1); FC(1); FD(1);
222			FE(1); FT(1); FA(1); FB(1); FC(1); FD(1); FE(1); FT(1); FA(1); FB(1);
223			FC(2); FD(2); FE(2); FT(2); FA(2); FB(2); FC(2); FD(2); FE(2); FT(2);
224			FA(2); FB(2); FC(2); FD(2); FE(2); FT(2); FA(2); FB(2); FC(2); FD(2);
225			FE(3); FT(3); FA(3); FB(3); FC(3); FD(3); FE(3); FT(3); FA(3); FB(3);
226			FC(3); FD(3); FE(3); FT(3); FA(3); FB(3); FC(3); FD(3); FE(3); FT(3);
227			FA(4); FB(4); FC(4); FD(4); FE(4); FT(4); FA(4); FB(4); FC(4); FD(4);
228			FE(4); FT(4); FA(4); FB(4); FC(4); FD(4); FE(4); FT(4); FA(4); FB(4);
229	root	1.2
230	root	1.1	sha_info->digest[0] = T32(sha_info->digest[0] + E);
231			sha_info->digest[1] = T32(sha_info->digest[1] + T);
232			sha_info->digest[2] = T32(sha_info->digest[2] + A);
233			sha_info->digest[3] = T32(sha_info->digest[3] + B);
234			sha_info->digest[4] = T32(sha_info->digest[4] + C);
235			}
236
237			/* initialize the SHA digest */
238
239	root	1.2	static void sha_init(SHA_INFO *restrict sha_info)
240	root	1.1	{
241			sha_info->digest[0] = 0x67452301L;
242			sha_info->digest[1] = 0xefcdab89L;
243			sha_info->digest[2] = 0x98badcfeL;
244			sha_info->digest[3] = 0x10325476L;
245			sha_info->digest[4] = 0xc3d2e1f0L;
246			sha_info->count = 0L;
247			sha_info->local = 0;
248			}
249
250			/* update the SHA digest */
251
252	root	1.2	static void sha_update(SHA_INFO restrict sha_info, U8 restrict buffer, int count)
253	root	1.1	{
254			int i;
255
256	root	1.2	sha_info->count += count;
257	root	1.1	if (sha_info->local) {
258			i = SHA_BLOCKSIZE - sha_info->local;
259			if (i > count) {
260			i = count;
261			}
262			memcpy(((U8 *) sha_info->data) + sha_info->local, buffer, i);
263			count -= i;
264			buffer += i;
265			sha_info->local += i;
266			if (sha_info->local == SHA_BLOCKSIZE) {
267			sha_transform(sha_info);
268			} else {
269			return;
270			}
271			}
272			while (count >= SHA_BLOCKSIZE) {
273			memcpy(sha_info->data, buffer, SHA_BLOCKSIZE);
274			buffer += SHA_BLOCKSIZE;
275			count -= SHA_BLOCKSIZE;
276			sha_transform(sha_info);
277			}
278			memcpy(sha_info->data, buffer, count);
279			sha_info->local = count;
280			}
281
282			/* finish computing the SHA digest */
283	root	1.2	static int sha_final(SHA_INFO *sha_info)
284	root	1.1	{
285	root	1.2	int count = sha_info->count;
286			int local = sha_info->local;
287	root	1.1
288	root	1.2	sha_info->data[local] = 0x80;
289	root	1.1
290	root	1.2	if (sha_info->local >= SHA_BLOCKSIZE - 8) {
291			memset(sha_info->data + local + 1, 0, SHA_BLOCKSIZE - 1 - local);
292			sha_transform(sha_info);
293			memset(sha_info->data, 0, SHA_BLOCKSIZE - 2);
294			} else {
295			memset(sha_info->data + local + 1, 0, SHA_BLOCKSIZE - 3 - local);
296			}
297
298			sha_info->data[62] = count >> 5;
299			sha_info->data[63] = count << 3;
300
301			sha_transform (sha_info);
302
303			return sha_info->digest[0]
304			? zprefix (sha_info->digest[0])
305			: zprefix (sha_info->digest[1]) + 32;
306	root	1.1	}
307
308			#define TRIALCHAR "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$%&()*+,-./;<=>?@[]{}^_\|"
309
310	root	1.7	static char
311			nextenc[256];
312	root	1.1
313	root	1.7	static char
314			rand_char ()
315	root	1.1	{
316	root	1.7	return TRIALCHAR[(int)(Drand01 () * sizeof (TRIALCHAR))];
317	root	1.1	}
318
319	root	1.2	typedef double (*NVTime)(void);
320
321	root	1.7	static double
322			simple_nvtime (void)
323	root	1.2	{
324			return time (0);
325			}
326
327	root	1.7	static NVTime
328			get_nvtime (void)
329	root	1.1	{
330	root	1.2	SV **svp = hv_fetch (PL_modglobal, "Time::NVtime", 12, 0);
331
332			if (svp && SvIOK(*svp))
333			return INT2PTR(NVTime, SvIV(*svp));
334			else
335			return simple_nvtime;
336	root	1.1
337			}
338
339			MODULE = Digest::Hashcash PACKAGE = Digest::Hashcash
340
341			BOOT:
342			{
343			int i;
344
345			for (i = 0; i < sizeof (TRIALCHAR); i++)
346			nextenc[TRIALCHAR[i]] = TRIALCHAR[(i + 1) % sizeof (TRIALCHAR)];
347			}
348
349			PROTOTYPES: ENABLE
350
351	root	1.2	# could be improved quite a bit in accuracy
352			NV
353			_estimate_rounds ()
354	root	1.1	CODE:
355	root	1.3	{
356	root	1.2	char data[40];
357			NVTime nvtime = get_nvtime ();
358			NV t1, t2, t;
359			int count = 0;
360			SHA_INFO ctx;
361
362			t = nvtime ();
363			do {
364			t1 = nvtime ();
365			} while (t == t1);
366
367			t = t2 = nvtime ();
368			do {
369			volatile int i;
370			sha_init (&ctx);
371			sha_update (&ctx, data, sizeof (data));
372			i = sha_final (&ctx);
373
374			if (!(++count & 1023))
375			t2 = nvtime ();
376
377			} while (t == t2);
378
379			RETVAL = (NV)count / (t2 - t1);
380	root	1.3	}
381	root	1.1	OUTPUT:
382			RETVAL
383
384			SV *
385	root	1.2	_gentoken (int size, IV timestamp, char resource, char trial = "", int extrarand = 0)
386	root	1.1	CODE:
387	root	1.3	{
388	root	1.1	SHA_INFO ctx1, ctx;
389			char token, seq, *s;
390			int toklen, i;
391			time_t tstamp = timestamp ? timestamp : time (0);
392			struct tm *tm = gmtime (&tstamp);
393
394			New (0, token,
395	root	1.6	1 + 1 // version
396			+ 12 + 1 // time field sans century
397			+ strlen (resource) + 1 // ressource
398			+ strlen (trial) + extrarand + 8 + 1 // trial
399			+ 1,
400			char);
401	root	1.1
402			if (!token)
403			croak ("out of memory");
404
405	root	1.2	if (size > 64)
406			croak ("size must be <= 64 in this implementation\n");
407	root	1.1
408			toklen = sprintf (token, "%d:%02d%02d%02d%02d%02d%02d:%s:%s",
409			0, tm->tm_year % 100, tm->tm_mon + 1, tm->tm_mday,
410			tm->tm_hour, tm->tm_min, tm->tm_sec,
411			resource, trial);
412
413	root	1.2	if (toklen > 8000)
414			croak ("token length must be <= 8000 in this implementation\n");
415
416	root	1.7	perlinterp_release ();
417
418	root	1.1	i = toklen + extrarand;
419			while (toklen < i)
420			token[toklen++] = rand_char ();
421
422			sha_init (&ctx1);
423			sha_update (&ctx1, token, toklen);
424
425			seq = token + toklen;
426			i += 8;
427			while (toklen < i)
428			token[toklen++] = rand_char ();
429
430			for (;;)
431			{
432			ctx = ctx1; // this "optimization" can help a lot for longer resource strings
433			sha_update (&ctx, seq, 8);
434	root	1.2	i = sha_final (&ctx);
435	root	1.1
436	root	1.2	if (i >= size)
437	root	1.1	break;
438
439			s = seq;
440			do {
441			s = nextenc [s];
442			} while (*s++ == 'a');
443			}
444
445	root	1.7	perlinterp_acquire ();
446
447	root	1.1	RETVAL = newSVpvn (token, toklen);
448	root	1.3	}
449	root	1.1	OUTPUT:
450			RETVAL
451
452			int
453			_prefixlen (SV *tok)
454			CODE:
455	root	1.3	{
456	root	1.1	STRLEN toklen;
457			char *token = SvPV (tok, toklen);
458			SHA_INFO ctx;
459
460			sha_init (&ctx);
461			sha_update (&ctx, token, toklen);
462	root	1.2	RETVAL = sha_final (&ctx);
463	root	1.3	}
464	root	1.1	OUTPUT:
465			RETVAL
466
467