1 |
#include "EXTERN.h" |
2 |
#include "perl.h" |
3 |
#include "XSUB.h" |
4 |
|
5 |
#include <time.h> |
6 |
#include <stdlib.h> |
7 |
#include <stdint.h> |
8 |
|
9 |
/* NIST Secure Hash Algorithm */ |
10 |
/* heavily modified by Uwe Hollerbach <uh@alumni.caltech edu> */ |
11 |
/* from Peter C. Gutmann's implementation as found in */ |
12 |
/* Applied Cryptography by Bruce Schneier */ |
13 |
/* Further modifications to include the "UNRAVEL" stuff, below */ |
14 |
|
15 |
/* This code is in the public domain */ |
16 |
|
17 |
/* pcg: I was tempted to just rip this code off, after all, if you don't |
18 |
* demand anything I am inclined not to give anything. *Sigh* something |
19 |
* kept me from doing it, so here's the truth: I took this code from the |
20 |
* SHA1 perl module, since it looked reasonably well-crafted. I modified |
21 |
* it here and there, though. |
22 |
*/ |
23 |
|
24 |
/* |
25 |
* we have lots of micro-optimizations here, this is just for toying |
26 |
* around... |
27 |
*/ |
28 |
|
29 |
/* don't expect _too_ much from compilers for now. */ |
30 |
#if __GNUC__ > 2 |
31 |
# define restrict __restrict__ |
32 |
# define inline __inline__ |
33 |
# ifdef __i386 |
34 |
# define GCCX86ASM 1 |
35 |
# endif |
36 |
#elif __STDC_VERSION__ < 199900 |
37 |
# define restrict |
38 |
# define inline |
39 |
#endif |
40 |
|
41 |
#if __GNUC__ < 2 |
42 |
# define __attribute__(x) |
43 |
#endif |
44 |
|
45 |
#ifdef __i386 |
46 |
# define a_regparm(n) __attribute__((__regparm__(n))) |
47 |
#else |
48 |
# define a_regparm(n) |
49 |
#endif |
50 |
|
51 |
#define a_const __attribute__((__const__)) |
52 |
|
53 |
/* Useful defines & typedefs */ |
54 |
|
55 |
#if defined(U64TYPE) && (defined(USE_64_BIT_INT) || ((BYTEORDER != 0x1234) && (BYTEORDER != 0x4321))) |
56 |
typedef U64TYPE ULONG; |
57 |
# if BYTEORDER == 0x1234 |
58 |
# undef BYTEORDER |
59 |
# define BYTEORDER 0x12345678 |
60 |
# elif BYTEORDER == 0x4321 |
61 |
# undef BYTEORDER |
62 |
# define BYTEORDER 0x87654321 |
63 |
# endif |
64 |
#else |
65 |
typedef uint_fast32_t ULONG; /* 32-or-more-bit quantity */ |
66 |
#endif |
67 |
|
68 |
#if GCCX86ASM |
69 |
# define zprefix(n) ({ int _r; __asm__ ("bsrl %1, %0" : "=r" (_r) : "r" (n)); 31 - _r ; }) |
70 |
#elif __GNUC__ > 2 && __GNUC_MINOR__ > 3 |
71 |
# define zprefix(n) (__extension__ ({ uint32_t n__ = (n); n ? __builtin_clz (n) : 32; })) |
72 |
#else |
73 |
static int a_const zprefix (ULONG n) |
74 |
{ |
75 |
static char zp[256] = |
76 |
{ |
77 |
8, 7, 6, 6, 5, 5, 5, 5, 4, 4, 4, 4, 4, 4, 4, 4, |
78 |
3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, |
79 |
2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
80 |
2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
81 |
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
82 |
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
83 |
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
84 |
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
85 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
86 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
87 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
88 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
89 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
90 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
91 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
92 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
93 |
}; |
94 |
|
95 |
return |
96 |
n > 0xffffff ? zp[n >> 24] |
97 |
: n > 0xffff ? 8 + zp[n >> 16] |
98 |
: n > 0xff ? 16 + zp[n >> 8] |
99 |
: 24 + zp[n]; |
100 |
} |
101 |
#endif |
102 |
|
103 |
#define SHA_BLOCKSIZE 64 |
104 |
#define SHA_DIGESTSIZE 20 |
105 |
|
106 |
typedef struct { |
107 |
ULONG digest[5]; /* message digest */ |
108 |
ULONG count; /* 32-bit bit count */ |
109 |
int local; /* unprocessed amount in data */ |
110 |
U8 data[SHA_BLOCKSIZE]; /* SHA data buffer */ |
111 |
} SHA_INFO; |
112 |
|
113 |
|
114 |
/* SHA f()-functions */ |
115 |
#define f1(x,y,z) ((x & y) | (~x & z)) |
116 |
#define f2(x,y,z) (x ^ y ^ z) |
117 |
#define f3(x,y,z) ((x & y) | (x & z) | (y & z)) |
118 |
#define f4(x,y,z) (x ^ y ^ z) |
119 |
|
120 |
/* SHA constants */ |
121 |
#define CONST1 0x5a827999L |
122 |
#define CONST2 0x6ed9eba1L |
123 |
#define CONST3 0x8f1bbcdcL |
124 |
#define CONST4 0xca62c1d6L |
125 |
|
126 |
/* truncate to 32 bits -- should be a null op on 32-bit machines */ |
127 |
#define T32(x) ((x) & 0xffffffffL) |
128 |
|
129 |
/* 32-bit rotate */ |
130 |
#define R32(x,n) T32(((x << n) | (x >> (32 - n)))) |
131 |
|
132 |
/* specific cases, for when the overall rotation is unraveled */ |
133 |
#define FA(n) \ |
134 |
T = T32(R32(A,5) + f##n(B,C,D) + E + *WP++ + CONST##n); B = R32(B,30) |
135 |
|
136 |
#define FB(n) \ |
137 |
E = T32(R32(T,5) + f##n(A,B,C) + D + *WP++ + CONST##n); A = R32(A,30) |
138 |
|
139 |
#define FC(n) \ |
140 |
D = T32(R32(E,5) + f##n(T,A,B) + C + *WP++ + CONST##n); T = R32(T,30) |
141 |
|
142 |
#define FD(n) \ |
143 |
C = T32(R32(D,5) + f##n(E,T,A) + B + *WP++ + CONST##n); E = R32(E,30) |
144 |
|
145 |
#define FE(n) \ |
146 |
B = T32(R32(C,5) + f##n(D,E,T) + A + *WP++ + CONST##n); D = R32(D,30) |
147 |
|
148 |
#define FT(n) \ |
149 |
A = T32(R32(B,5) + f##n(C,D,E) + T + *WP++ + CONST##n); C = R32(C,30) |
150 |
|
151 |
static void a_regparm(1) sha_transform(SHA_INFO *restrict sha_info) |
152 |
{ |
153 |
int i; |
154 |
U8 *restrict dp; |
155 |
ULONG T, A, B, C, D, E, W[80], *restrict WP; |
156 |
|
157 |
dp = sha_info->data; |
158 |
|
159 |
#if BYTEORDER == 0x1234 |
160 |
assert(sizeof(ULONG) == 4); |
161 |
# ifdef HAS_NTOHL |
162 |
for (i = 0; i < 16; ++i) { |
163 |
T = *((ULONG *) dp); |
164 |
dp += 4; |
165 |
W[i] = ntohl (T); |
166 |
} |
167 |
# else |
168 |
for (i = 0; i < 16; ++i) { |
169 |
T = *((ULONG *) dp); |
170 |
dp += 4; |
171 |
W[i] = ((T << 24) & 0xff000000) | ((T << 8) & 0x00ff0000) | |
172 |
((T >> 8) & 0x0000ff00) | ((T >> 24) & 0x000000ff); |
173 |
} |
174 |
# endif |
175 |
#elif BYTEORDER == 0x4321 |
176 |
assert(sizeof(ULONG) == 4); |
177 |
for (i = 0; i < 16; ++i) { |
178 |
T = *((ULONG *) dp); |
179 |
dp += 4; |
180 |
W[i] = T32(T); |
181 |
} |
182 |
#elif BYTEORDER == 0x12345678 |
183 |
assert(sizeof(ULONG) == 8); |
184 |
for (i = 0; i < 16; i += 2) { |
185 |
T = *((ULONG *) dp); |
186 |
dp += 8; |
187 |
W[i] = ((T << 24) & 0xff000000) | ((T << 8) & 0x00ff0000) | |
188 |
((T >> 8) & 0x0000ff00) | ((T >> 24) & 0x000000ff); |
189 |
T >>= 32; |
190 |
W[i+1] = ((T << 24) & 0xff000000) | ((T << 8) & 0x00ff0000) | |
191 |
((T >> 8) & 0x0000ff00) | ((T >> 24) & 0x000000ff); |
192 |
} |
193 |
#elif BYTEORDER == 0x87654321 |
194 |
assert(sizeof(ULONG) == 8); |
195 |
for (i = 0; i < 16; i += 2) { |
196 |
T = *((ULONG *) dp); |
197 |
dp += 8; |
198 |
W[i] = T32(T >> 32); |
199 |
W[i+1] = T32(T); |
200 |
} |
201 |
#else |
202 |
#error Unknown byte order -- you need to add code here |
203 |
#endif |
204 |
|
205 |
for (i = 16; i < 80; ++i) |
206 |
{ |
207 |
T = W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16]; |
208 |
W[i] = R32(T,1); |
209 |
} |
210 |
|
211 |
A = sha_info->digest[0]; |
212 |
B = sha_info->digest[1]; |
213 |
C = sha_info->digest[2]; |
214 |
D = sha_info->digest[3]; |
215 |
E = sha_info->digest[4]; |
216 |
|
217 |
WP = W; |
218 |
FA(1); FB(1); FC(1); FD(1); FE(1); FT(1); FA(1); FB(1); FC(1); FD(1); |
219 |
FE(1); FT(1); FA(1); FB(1); FC(1); FD(1); FE(1); FT(1); FA(1); FB(1); |
220 |
FC(2); FD(2); FE(2); FT(2); FA(2); FB(2); FC(2); FD(2); FE(2); FT(2); |
221 |
FA(2); FB(2); FC(2); FD(2); FE(2); FT(2); FA(2); FB(2); FC(2); FD(2); |
222 |
FE(3); FT(3); FA(3); FB(3); FC(3); FD(3); FE(3); FT(3); FA(3); FB(3); |
223 |
FC(3); FD(3); FE(3); FT(3); FA(3); FB(3); FC(3); FD(3); FE(3); FT(3); |
224 |
FA(4); FB(4); FC(4); FD(4); FE(4); FT(4); FA(4); FB(4); FC(4); FD(4); |
225 |
FE(4); FT(4); FA(4); FB(4); FC(4); FD(4); FE(4); FT(4); FA(4); FB(4); |
226 |
|
227 |
sha_info->digest[0] = T32(sha_info->digest[0] + E); |
228 |
sha_info->digest[1] = T32(sha_info->digest[1] + T); |
229 |
sha_info->digest[2] = T32(sha_info->digest[2] + A); |
230 |
sha_info->digest[3] = T32(sha_info->digest[3] + B); |
231 |
sha_info->digest[4] = T32(sha_info->digest[4] + C); |
232 |
} |
233 |
|
234 |
/* initialize the SHA digest */ |
235 |
|
236 |
static void sha_init(SHA_INFO *restrict sha_info) |
237 |
{ |
238 |
sha_info->digest[0] = 0x67452301L; |
239 |
sha_info->digest[1] = 0xefcdab89L; |
240 |
sha_info->digest[2] = 0x98badcfeL; |
241 |
sha_info->digest[3] = 0x10325476L; |
242 |
sha_info->digest[4] = 0xc3d2e1f0L; |
243 |
sha_info->count = 0L; |
244 |
sha_info->local = 0; |
245 |
} |
246 |
|
247 |
/* update the SHA digest */ |
248 |
|
249 |
static void sha_update(SHA_INFO *restrict sha_info, U8 *restrict buffer, int count) |
250 |
{ |
251 |
int i; |
252 |
|
253 |
sha_info->count += count; |
254 |
if (sha_info->local) { |
255 |
i = SHA_BLOCKSIZE - sha_info->local; |
256 |
if (i > count) { |
257 |
i = count; |
258 |
} |
259 |
memcpy(((U8 *) sha_info->data) + sha_info->local, buffer, i); |
260 |
count -= i; |
261 |
buffer += i; |
262 |
sha_info->local += i; |
263 |
if (sha_info->local == SHA_BLOCKSIZE) { |
264 |
sha_transform(sha_info); |
265 |
} else { |
266 |
return; |
267 |
} |
268 |
} |
269 |
while (count >= SHA_BLOCKSIZE) { |
270 |
memcpy(sha_info->data, buffer, SHA_BLOCKSIZE); |
271 |
buffer += SHA_BLOCKSIZE; |
272 |
count -= SHA_BLOCKSIZE; |
273 |
sha_transform(sha_info); |
274 |
} |
275 |
memcpy(sha_info->data, buffer, count); |
276 |
sha_info->local = count; |
277 |
} |
278 |
|
279 |
/* finish computing the SHA digest */ |
280 |
static int sha_final(SHA_INFO *sha_info) |
281 |
{ |
282 |
int count = sha_info->count; |
283 |
int local = sha_info->local; |
284 |
|
285 |
sha_info->data[local] = 0x80; |
286 |
|
287 |
if (sha_info->local >= SHA_BLOCKSIZE - 8) { |
288 |
memset(sha_info->data + local + 1, 0, SHA_BLOCKSIZE - 1 - local); |
289 |
sha_transform(sha_info); |
290 |
memset(sha_info->data, 0, SHA_BLOCKSIZE - 2); |
291 |
} else { |
292 |
memset(sha_info->data + local + 1, 0, SHA_BLOCKSIZE - 3 - local); |
293 |
} |
294 |
|
295 |
sha_info->data[62] = count >> 5; |
296 |
sha_info->data[63] = count << 3; |
297 |
|
298 |
sha_transform (sha_info); |
299 |
|
300 |
return sha_info->digest[0] |
301 |
? zprefix (sha_info->digest[0]) |
302 |
: zprefix (sha_info->digest[1]) + 32; |
303 |
} |
304 |
|
305 |
#define TRIALCHAR "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$%&()*+,-./;<=>?@[]{}^_|" |
306 |
|
307 |
static char nextenc[256]; |
308 |
|
309 |
static char rand_char () |
310 |
{ |
311 |
return TRIALCHAR[rand () % sizeof (TRIALCHAR)]; |
312 |
} |
313 |
|
314 |
typedef double (*NVTime)(void); |
315 |
|
316 |
static double simple_nvtime (void) |
317 |
{ |
318 |
return time (0); |
319 |
} |
320 |
|
321 |
static NVTime get_nvtime (void) |
322 |
{ |
323 |
SV **svp = hv_fetch (PL_modglobal, "Time::NVtime", 12, 0); |
324 |
|
325 |
if (svp && SvIOK(*svp)) |
326 |
return INT2PTR(NVTime, SvIV(*svp)); |
327 |
else |
328 |
return simple_nvtime; |
329 |
|
330 |
} |
331 |
|
332 |
MODULE = Digest::Hashcash PACKAGE = Digest::Hashcash |
333 |
|
334 |
BOOT: |
335 |
{ |
336 |
int i; |
337 |
|
338 |
for (i = 0; i < sizeof (TRIALCHAR); i++) |
339 |
nextenc[TRIALCHAR[i]] = TRIALCHAR[(i + 1) % sizeof (TRIALCHAR)]; |
340 |
} |
341 |
|
342 |
PROTOTYPES: ENABLE |
343 |
|
344 |
# could be improved quite a bit in accuracy |
345 |
NV |
346 |
_estimate_rounds () |
347 |
CODE: |
348 |
{ |
349 |
char data[40]; |
350 |
NVTime nvtime = get_nvtime (); |
351 |
NV t1, t2, t; |
352 |
int count = 0; |
353 |
SHA_INFO ctx; |
354 |
|
355 |
t = nvtime (); |
356 |
do { |
357 |
t1 = nvtime (); |
358 |
} while (t == t1); |
359 |
|
360 |
t = t2 = nvtime (); |
361 |
do { |
362 |
volatile int i; |
363 |
sha_init (&ctx); |
364 |
sha_update (&ctx, data, sizeof (data)); |
365 |
i = sha_final (&ctx); |
366 |
|
367 |
if (!(++count & 1023)) |
368 |
t2 = nvtime (); |
369 |
|
370 |
} while (t == t2); |
371 |
|
372 |
RETVAL = (NV)count / (t2 - t1); |
373 |
} |
374 |
OUTPUT: |
375 |
RETVAL |
376 |
|
377 |
SV * |
378 |
_gentoken (int size, IV timestamp, char *resource, char *trial = "", int extrarand = 0) |
379 |
CODE: |
380 |
{ |
381 |
SHA_INFO ctx1, ctx; |
382 |
char *token, *seq, *s; |
383 |
int toklen, i; |
384 |
time_t tstamp = timestamp ? timestamp : time (0); |
385 |
struct tm *tm = gmtime (&tstamp); |
386 |
|
387 |
New (0, token, |
388 |
1 + 1 // version |
389 |
+ 12 + 1 // time field sans century |
390 |
+ strlen (resource) + 1 // ressource |
391 |
+ strlen (trial) + extrarand + 8 + 1 // trial |
392 |
+ 1, |
393 |
char); |
394 |
|
395 |
if (!token) |
396 |
croak ("out of memory"); |
397 |
|
398 |
if (size > 64) |
399 |
croak ("size must be <= 64 in this implementation\n"); |
400 |
|
401 |
toklen = sprintf (token, "%d:%02d%02d%02d%02d%02d%02d:%s:%s", |
402 |
0, tm->tm_year % 100, tm->tm_mon + 1, tm->tm_mday, |
403 |
tm->tm_hour, tm->tm_min, tm->tm_sec, |
404 |
resource, trial); |
405 |
|
406 |
if (toklen > 8000) |
407 |
croak ("token length must be <= 8000 in this implementation\n"); |
408 |
|
409 |
i = toklen + extrarand; |
410 |
while (toklen < i) |
411 |
token[toklen++] = rand_char (); |
412 |
|
413 |
sha_init (&ctx1); |
414 |
sha_update (&ctx1, token, toklen); |
415 |
|
416 |
seq = token + toklen; |
417 |
i += 8; |
418 |
while (toklen < i) |
419 |
token[toklen++] = rand_char (); |
420 |
|
421 |
for (;;) |
422 |
{ |
423 |
ctx = ctx1; // this "optimization" can help a lot for longer resource strings |
424 |
sha_update (&ctx, seq, 8); |
425 |
i = sha_final (&ctx); |
426 |
|
427 |
if (i >= size) |
428 |
break; |
429 |
|
430 |
s = seq; |
431 |
do { |
432 |
*s = nextenc [*s]; |
433 |
} while (*s++ == 'a'); |
434 |
} |
435 |
|
436 |
RETVAL = newSVpvn (token, toklen); |
437 |
} |
438 |
OUTPUT: |
439 |
RETVAL |
440 |
|
441 |
int |
442 |
_prefixlen (SV *tok) |
443 |
CODE: |
444 |
{ |
445 |
STRLEN toklen; |
446 |
char *token = SvPV (tok, toklen); |
447 |
SHA_INFO ctx; |
448 |
|
449 |
sha_init (&ctx); |
450 |
sha_update (&ctx, token, toklen); |
451 |
RETVAL = sha_final (&ctx); |
452 |
} |
453 |
OUTPUT: |
454 |
RETVAL |
455 |
|
456 |
|