Digest-Hashcash/Hashcash.xs

#include "EXTERN.h"
#include "perl.h"
#include "XSUB.h"

#include <time.h>
#include <stdlib.h>
#include <stdint.h>

#include "perlmulticore.h"

/* NIST Secure Hash Algorithm */
/* heavily modified by Uwe Hollerbach <uh@alumni.caltech edu> */
/* from Peter C. Gutmann's implementation as found in */
/* Applied Cryptography by Bruce Schneier */
/* Further modifications to include the "UNRAVEL" stuff, below */

/* This code is in the public domain */

/* pcg: I was tempted to just rip this code off, after all, if you don't
 * demand anything I am inclined not to give anything. *Sigh* something
 * kept me from doing it, so here's the truth: I took this code from the
 * SHA1 perl module, since it looked reasonably well-crafted. I modified
 * it here and there, though.
 */

/*
 * we have lots of micro-optimizations here, this is just for toying
 * around...
 */

/* don't expect _too_ much from compilers for now. */
#if __GNUC__ > 2
#  define restrict __restrict__
#  define inline __inline__
#  ifdef __i386
#     define GCCX86ASM 1
#  endif
#elif __STDC_VERSION__ < 199900
#  define restrict
#  define inline
#endif

#if __GNUC__ < 2
#  define __attribute__(x)
#endif

#ifdef __i386
#  define a_regparm(n) __attribute__((__regparm__(n)))
#else
#  define a_regparm(n)
#endif

#define a_const __attribute__((__const__))

/* Useful defines & typedefs */

#if defined(U64TYPE) && (defined(USE_64_BIT_INT) || ((BYTEORDER != 0x1234) && (BYTEORDER != 0x4321)))
typedef U64TYPE XULONG;
#  if BYTEORDER == 0x1234
#    undef BYTEORDER
#    define BYTEORDER 0x12345678
#  elif BYTEORDER == 0x4321
#    undef BYTEORDER
#    define BYTEORDER 0x87654321
#  endif
#else
typedef uint_fast32_t XULONG;     /* 32-or-more-bit quantity */
#endif

#if GCCX86ASM
#  define zprefix(n) ({ int _r; __asm__ ("bsrl %1, %0" : "=r" (_r) : "r" (n)); 31 - _r ; })
#elif __GNUC__ > 2 && __GNUC_MINOR__ > 3
#  define zprefix(n) (__extension__ ({ uint32_t n__ = (n); n ? __builtin_clz (n) : 32; }))
#else
static int a_const zprefix (U32 n)
{
  static char zp[256] =
    {
      8, 7, 6, 6, 5, 5, 5, 5, 4, 4, 4, 4, 4, 4, 4, 4,
      3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
      2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
      2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
      1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
      1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
      1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
      1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    };

  return
    n > 0xffffff ?      zp[n >> 24]
    : n > 0xffff ?  8 + zp[n >> 16]
    : n >   0xff ? 16 + zp[n >>  8]
    :              24 + zp[n];
}
#endif

#define SHA_BLOCKSIZE           64
#define SHA_DIGESTSIZE          20

typedef struct {
    U32 digest[5];              /* message digest */
    U32 count;          /* 32-bit bit count */
    int local;                  /* unprocessed amount in data */
    U8 data[SHA_BLOCKSIZE];     /* SHA data buffer */
} SHA_INFO;


/* SHA f()-functions */
#define f1(x,y,z)       ((x & y) | (~x & z))
#define f2(x,y,z)       (x ^ y ^ z)
#define f3(x,y,z)       ((x & y) | (x & z) | (y & z))
#define f4(x,y,z)       (x ^ y ^ z)

/* SHA constants */
#define CONST1          0x5a827999L
#define CONST2          0x6ed9eba1L
#define CONST3          0x8f1bbcdcL
#define CONST4          0xca62c1d6L

/* truncate to 32 bits -- should be a null op on 32-bit machines */
#define T32(x)  ((x) & 0xffffffffL)

/* 32-bit rotate */
#define R32(x,n)        T32(((x << n) | (x >> (32 - n))))

/* specific cases, for when the overall rotation is unraveled */
#define FA(n)   \
    T = T32(R32(A,5) + f##n(B,C,D) + E + *WP++ + CONST##n); B = R32(B,30)

#define FB(n)   \
    E = T32(R32(T,5) + f##n(A,B,C) + D + *WP++ + CONST##n); A = R32(A,30)

#define FC(n)   \
    D = T32(R32(E,5) + f##n(T,A,B) + C + *WP++ + CONST##n); T = R32(T,30)

#define FD(n)   \
    C = T32(R32(D,5) + f##n(E,T,A) + B + *WP++ + CONST##n); E = R32(E,30)

#define FE(n)   \
    B = T32(R32(C,5) + f##n(D,E,T) + A + *WP++ + CONST##n); D = R32(D,30)

#define FT(n)   \
    A = T32(R32(B,5) + f##n(C,D,E) + T + *WP++ + CONST##n); C = R32(C,30)

static void a_regparm(1) sha_transform(SHA_INFO *restrict sha_info)
{
    int i;
    U8 *restrict dp;
    U32 A, B, C, D, E, W[80], *restrict WP;
    XULONG T;

    dp = sha_info->data;

#if BYTEORDER == 0x1234
    assert(sizeof(XULONG) == 4);
#  ifdef HAS_NTOHL
    for (i = 0; i < 16; ++i) {
        T = *((XULONG *) dp);
        dp += 4;
        W[i] = ntohl (T);
    }
#  else
    for (i = 0; i < 16; ++i) {
        T = *((XULONG *) dp);
        dp += 4;
        W[i] =  ((T << 24) & 0xff000000) | ((T <<  8) & 0x00ff0000) |
                ((T >>  8) & 0x0000ff00) | ((T >> 24) & 0x000000ff);
    }
#  endif
#elif BYTEORDER == 0x4321
    assert(sizeof(XULONG) == 4);
    for (i = 0; i < 16; ++i) {
        T = *((XULONG *) dp);
        dp += 4;
        W[i] = T32(T);
    }
#elif BYTEORDER == 0x12345678
    assert(sizeof(XULONG) == 8);
    for (i = 0; i < 16; i += 2) {
        T = *((XULONG *) dp);
        dp += 8;
        W[i] =  ((T << 24) & 0xff000000) | ((T <<  8) & 0x00ff0000) |
                ((T >>  8) & 0x0000ff00) | ((T >> 24) & 0x000000ff);
        T >>= 32;
        W[i+1] = ((T << 24) & 0xff000000) | ((T <<  8) & 0x00ff0000) |
                 ((T >>  8) & 0x0000ff00) | ((T >> 24) & 0x000000ff);
    }
#elif BYTEORDER == 0x87654321
    assert(sizeof(XULONG) == 8);
    for (i = 0; i < 16; i += 2) {
        T = *((XULONG *) dp);
        dp += 8;
        W[i] = T32(T >> 32);
        W[i+1] = T32(T);
    }
#else
#error Unknown byte order -- you need to add code here
#endif

    for (i = 16; i < 80; ++i)
      {
        T = W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16];
        W[i] = R32(T,1);
      }

    A = sha_info->digest[0];
    B = sha_info->digest[1];
    C = sha_info->digest[2];
    D = sha_info->digest[3];
    E = sha_info->digest[4];

    WP = W;
    FA(1); FB(1); FC(1); FD(1); FE(1); FT(1); FA(1); FB(1); FC(1); FD(1);
    FE(1); FT(1); FA(1); FB(1); FC(1); FD(1); FE(1); FT(1); FA(1); FB(1);
    FC(2); FD(2); FE(2); FT(2); FA(2); FB(2); FC(2); FD(2); FE(2); FT(2);
    FA(2); FB(2); FC(2); FD(2); FE(2); FT(2); FA(2); FB(2); FC(2); FD(2);
    FE(3); FT(3); FA(3); FB(3); FC(3); FD(3); FE(3); FT(3); FA(3); FB(3);
    FC(3); FD(3); FE(3); FT(3); FA(3); FB(3); FC(3); FD(3); FE(3); FT(3);
    FA(4); FB(4); FC(4); FD(4); FE(4); FT(4); FA(4); FB(4); FC(4); FD(4);
    FE(4); FT(4); FA(4); FB(4); FC(4); FD(4); FE(4); FT(4); FA(4); FB(4);

    sha_info->digest[0] = T32(sha_info->digest[0] + E);
    sha_info->digest[1] = T32(sha_info->digest[1] + T);
    sha_info->digest[2] = T32(sha_info->digest[2] + A);
    sha_info->digest[3] = T32(sha_info->digest[3] + B);
    sha_info->digest[4] = T32(sha_info->digest[4] + C);
}

/* initialize the SHA digest */

static void sha_init(SHA_INFO *restrict sha_info)
{
    sha_info->digest[0] = 0x67452301L;
    sha_info->digest[1] = 0xefcdab89L;
    sha_info->digest[2] = 0x98badcfeL;
    sha_info->digest[3] = 0x10325476L;
    sha_info->digest[4] = 0xc3d2e1f0L;
    sha_info->count = 0L;
    sha_info->local = 0;
}

/* update the SHA digest */

static void sha_update(SHA_INFO *restrict sha_info, U8 *restrict buffer, int count)
{
    int i;

    sha_info->count += count;
    if (sha_info->local) {
        i = SHA_BLOCKSIZE - sha_info->local;
        if (i > count) {
            i = count;
        }
        memcpy(((U8 *) sha_info->data) + sha_info->local, buffer, i);
        count -= i;
        buffer += i;
        sha_info->local += i;
        if (sha_info->local == SHA_BLOCKSIZE) {
            sha_transform(sha_info);
        } else {
            return;
        }
    }
    while (count >= SHA_BLOCKSIZE) {
        memcpy(sha_info->data, buffer, SHA_BLOCKSIZE);
        buffer += SHA_BLOCKSIZE;
        count -= SHA_BLOCKSIZE;
        sha_transform(sha_info);
    }
    memcpy(sha_info->data, buffer, count);
    sha_info->local = count;
}

/* finish computing the SHA digest */
static int sha_final(SHA_INFO *sha_info)
{
  int count = sha_info->count;
  int local = sha_info->local;

  sha_info->data[local] = 0x80;

  if (sha_info->local >= SHA_BLOCKSIZE - 8) {
    memset(sha_info->data + local + 1, 0, SHA_BLOCKSIZE - 1 - local);
    sha_transform(sha_info);
    memset(sha_info->data, 0, SHA_BLOCKSIZE - 2);
  } else {
    memset(sha_info->data + local + 1, 0, SHA_BLOCKSIZE - 3 - local);
  }

  sha_info->data[62] = count >> 5;
  sha_info->data[63] = count << 3;

  sha_transform (sha_info);

  return sha_info->digest[0]
           ? zprefix (sha_info->digest[0])
           : zprefix (sha_info->digest[1]) + 32;
}

#define TRIALCHAR "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$%&()*+,-./;<=>?@[]{}^_|"

static char
nextenc[256];

static char
rand_char ()
{
  return TRIALCHAR[(int)(Drand01 () * sizeof (TRIALCHAR))];
}

typedef double (*NVTime)(void);

static double
simple_nvtime (void)
{
  return time (0);
}

static NVTime
get_nvtime (void)
{
  SV **svp = hv_fetch (PL_modglobal, "Time::NVtime", 12, 0);

  if (svp && SvIOK(*svp))
    return INT2PTR(NVTime, SvIV(*svp));
  else
    return simple_nvtime;

}

MODULE = Digest::Hashcash               PACKAGE = Digest::Hashcash

BOOT:
{
   int i;

   for (i = 0; i < sizeof (TRIALCHAR); i++)
     nextenc[TRIALCHAR[i]] = TRIALCHAR[(i + 1) % sizeof (TRIALCHAR)];
}

PROTOTYPES: ENABLE

# could be improved quite a bit in accuracy
NV
_estimate_rounds ()
        CODE:
{
        char data[40];
        NVTime nvtime = get_nvtime ();
        NV t1, t2, t;
        int count = 0;
        SHA_INFO ctx;

        t = nvtime ();
        do {
          t1 = nvtime ();
        } while (t == t1);

        t = t2 = nvtime ();
        do {
          volatile int i;
          sha_init (&ctx);
          sha_update (&ctx, data, sizeof (data));
          i = sha_final (&ctx);

          if (!(++count & 1023))
            t2 = nvtime ();

        } while (t == t2);

        RETVAL = (NV)count / (t2 - t1);
}
        OUTPUT:
        RETVAL

SV *
_gentoken (int size, IV timestamp, char *resource, char *trial = "", int extrarand = 0)
        CODE:
{
        SHA_INFO ctx1, ctx;
        char *token, *seq, *s;
        int toklen, i;
        time_t tstamp = timestamp ? timestamp : time (0);
        struct tm *tm = gmtime (&tstamp);

        New (0, token,
             1 + 1                    // version
             + 12 + 1                 // time field sans century
             + strlen (resource) + 1  // ressource
             + strlen (trial) + extrarand + 8 + 1 // trial
             + 1,
             char);

        if (!token)
          croak ("out of memory");

        if (size > 64)
          croak ("size must be <= 64 in this implementation\n");

        toklen = sprintf (token, "%d:%02d%02d%02d%02d%02d%02d:%s:%s",
                          0, tm->tm_year % 100, tm->tm_mon + 1, tm->tm_mday,
                          tm->tm_hour, tm->tm_min, tm->tm_sec,
                          resource, trial);

        if (toklen > 8000)
          croak ("token length must be <= 8000 in this implementation\n");

        perlinterp_release ();

        i = toklen + extrarand;
        while (toklen < i)
          token[toklen++] = rand_char ();

        sha_init (&ctx1);
        sha_update (&ctx1, token, toklen);

        seq = token + toklen;
        i +=  8;
        while (toklen < i)
          token[toklen++] = rand_char ();

        for (;;)
          {
            ctx = ctx1; // this "optimization" can help a lot for longer resource strings
            sha_update (&ctx, seq, 8);
            i = sha_final (&ctx);

            if (i >= size)
              break;

            s = seq;
            do {
              *s = nextenc [*s];
            } while (*s++ == 'a');
          }

        perlinterp_acquire ();

        RETVAL = newSVpvn (token, toklen);
}
        OUTPUT:
        RETVAL

int
_prefixlen (SV *tok)
        CODE:
{
        STRLEN toklen;
        char *token = SvPV (tok, toklen);
        SHA_INFO ctx;

        sha_init (&ctx);
        sha_update (&ctx, token, toklen);
        RETVAL = sha_final (&ctx);
}
        OUTPUT:
        RETVAL


Revision:	1.8
Committed:	Wed Jul 22 10:33:08 2015 UTC (10 years, 3 months ago) by root
Branch:	MAIN
CVS Tags:	rel-1_1, HEAD
Changes since 1.7:	+16 -15 lines
Log Message:	1.1
#	Content
1	#include "EXTERN.h"
2	#include "perl.h"
3	#include "XSUB.h"
4
5	#include <time.h>
6	#include <stdlib.h>
7	#include <stdint.h>
8
9	#include "perlmulticore.h"
10
11	/* NIST Secure Hash Algorithm */
12	/* heavily modified by Uwe Hollerbach <uh@alumni.caltech edu> */
13	/* from Peter C. Gutmann's implementation as found in */
14	/* Applied Cryptography by Bruce Schneier */
15	/* Further modifications to include the "UNRAVEL" stuff, below */
16
17	/* This code is in the public domain */
18
19	/* pcg: I was tempted to just rip this code off, after all, if you don't
20	* demand anything I am inclined not to give anything. Sigh something
21	* kept me from doing it, so here's the truth: I took this code from the
22	* SHA1 perl module, since it looked reasonably well-crafted. I modified
23	* it here and there, though.
24	*/
25
26	/*
27	* we have lots of micro-optimizations here, this is just for toying
28	* around...
29	*/
30
31	/* don't expect _too_ much from compilers for now. */
32	#if __GNUC__ > 2
33	# define restrict __restrict__
34	# define inline __inline__
35	# ifdef __i386
36	# define GCCX86ASM 1
37	# endif
38	#elif __STDC_VERSION__ < 199900
39	# define restrict
40	# define inline
41	#endif
42
43	#if __GNUC__ < 2
44	# define __attribute__(x)
45	#endif
46
47	#ifdef __i386
48	# define a_regparm(n) __attribute__((__regparm__(n)))
49	#else
50	# define a_regparm(n)
51	#endif
52
53	#define a_const __attribute__((__const__))
54
55	/* Useful defines & typedefs */
56
57	#if defined(U64TYPE) && (defined(USE_64_BIT_INT) \|\| ((BYTEORDER != 0x1234) && (BYTEORDER != 0x4321)))
58	typedef U64TYPE XULONG;
59	# if BYTEORDER == 0x1234
60	# undef BYTEORDER
61	# define BYTEORDER 0x12345678
62	# elif BYTEORDER == 0x4321
63	# undef BYTEORDER
64	# define BYTEORDER 0x87654321
65	# endif
66	#else
67	typedef uint_fast32_t XULONG; /* 32-or-more-bit quantity */
68	#endif
69
70	#if GCCX86ASM
71	# define zprefix(n) ({ int _r; __asm__ ("bsrl %1, %0" : "=r" (_r) : "r" (n)); 31 - _r ; })
72	#elif __GNUC__ > 2 && __GNUC_MINOR__ > 3
73	# define zprefix(n) (__extension__ ({ uint32_t n__ = (n); n ? __builtin_clz (n) : 32; }))
74	#else
75	static int a_const zprefix (U32 n)
76	{
77	static char zp[256] =
78	{
79	8, 7, 6, 6, 5, 5, 5, 5, 4, 4, 4, 4, 4, 4, 4, 4,
80	3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
81	2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
82	2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
83	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
84	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
85	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
86	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
87	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
88	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
89	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
90	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
91	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
92	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
93	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
94	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
95	};
96
97	return
98	n > 0xffffff ? zp[n >> 24]
99	: n > 0xffff ? 8 + zp[n >> 16]
100	: n > 0xff ? 16 + zp[n >> 8]
101	: 24 + zp[n];
102	}
103	#endif
104
105	#define SHA_BLOCKSIZE 64
106	#define SHA_DIGESTSIZE 20
107
108	typedef struct {
109	U32 digest[5]; /* message digest */
110	U32 count; /* 32-bit bit count */
111	int local; /* unprocessed amount in data */
112	U8 data[SHA_BLOCKSIZE]; /* SHA data buffer */
113	} SHA_INFO;
114
115
116	/* SHA f()-functions */
117	#define f1(x,y,z) ((x & y) \| (~x & z))
118	#define f2(x,y,z) (x ^ y ^ z)
119	#define f3(x,y,z) ((x & y) \| (x & z) \| (y & z))
120	#define f4(x,y,z) (x ^ y ^ z)
121
122	/* SHA constants */
123	#define CONST1 0x5a827999L
124	#define CONST2 0x6ed9eba1L
125	#define CONST3 0x8f1bbcdcL
126	#define CONST4 0xca62c1d6L
127
128	/* truncate to 32 bits -- should be a null op on 32-bit machines */
129	#define T32(x) ((x) & 0xffffffffL)
130
131	/* 32-bit rotate */
132	#define R32(x,n) T32(((x << n) \| (x >> (32 - n))))
133
134	/* specific cases, for when the overall rotation is unraveled */
135	#define FA(n) \
136	T = T32(R32(A,5) + f##n(B,C,D) + E + *WP++ + CONST##n); B = R32(B,30)
137
138	#define FB(n) \
139	E = T32(R32(T,5) + f##n(A,B,C) + D + *WP++ + CONST##n); A = R32(A,30)
140
141	#define FC(n) \
142	D = T32(R32(E,5) + f##n(T,A,B) + C + *WP++ + CONST##n); T = R32(T,30)
143
144	#define FD(n) \
145	C = T32(R32(D,5) + f##n(E,T,A) + B + *WP++ + CONST##n); E = R32(E,30)
146
147	#define FE(n) \
148	B = T32(R32(C,5) + f##n(D,E,T) + A + *WP++ + CONST##n); D = R32(D,30)
149
150	#define FT(n) \
151	A = T32(R32(B,5) + f##n(C,D,E) + T + *WP++ + CONST##n); C = R32(C,30)
152
153	static void a_regparm(1) sha_transform(SHA_INFO *restrict sha_info)
154	{
155	int i;
156	U8 *restrict dp;
157	U32 A, B, C, D, E, W[80], *restrict WP;
158	XULONG T;
159
160	dp = sha_info->data;
161
162	#if BYTEORDER == 0x1234
163	assert(sizeof(XULONG) == 4);
164	# ifdef HAS_NTOHL
165	for (i = 0; i < 16; ++i) {
166	T = ((XULONG ) dp);
167	dp += 4;
168	W[i] = ntohl (T);
169	}
170	# else
171	for (i = 0; i < 16; ++i) {
172	T = ((XULONG ) dp);
173	dp += 4;
174	W[i] = ((T << 24) & 0xff000000) \| ((T << 8) & 0x00ff0000) \|
175	((T >> 8) & 0x0000ff00) \| ((T >> 24) & 0x000000ff);
176	}
177	# endif
178	#elif BYTEORDER == 0x4321
179	assert(sizeof(XULONG) == 4);
180	for (i = 0; i < 16; ++i) {
181	T = ((XULONG ) dp);
182	dp += 4;
183	W[i] = T32(T);
184	}
185	#elif BYTEORDER == 0x12345678
186	assert(sizeof(XULONG) == 8);
187	for (i = 0; i < 16; i += 2) {
188	T = ((XULONG ) dp);
189	dp += 8;
190	W[i] = ((T << 24) & 0xff000000) \| ((T << 8) & 0x00ff0000) \|
191	((T >> 8) & 0x0000ff00) \| ((T >> 24) & 0x000000ff);
192	T >>= 32;
193	W[i+1] = ((T << 24) & 0xff000000) \| ((T << 8) & 0x00ff0000) \|
194	((T >> 8) & 0x0000ff00) \| ((T >> 24) & 0x000000ff);
195	}
196	#elif BYTEORDER == 0x87654321
197	assert(sizeof(XULONG) == 8);
198	for (i = 0; i < 16; i += 2) {
199	T = ((XULONG ) dp);
200	dp += 8;
201	W[i] = T32(T >> 32);
202	W[i+1] = T32(T);
203	}
204	#else
205	#error Unknown byte order -- you need to add code here
206	#endif
207
208	for (i = 16; i < 80; ++i)
209	{
210	T = W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16];
211	W[i] = R32(T,1);
212	}
213
214	A = sha_info->digest[0];
215	B = sha_info->digest[1];
216	C = sha_info->digest[2];
217	D = sha_info->digest[3];
218	E = sha_info->digest[4];
219
220	WP = W;
221	FA(1); FB(1); FC(1); FD(1); FE(1); FT(1); FA(1); FB(1); FC(1); FD(1);
222	FE(1); FT(1); FA(1); FB(1); FC(1); FD(1); FE(1); FT(1); FA(1); FB(1);
223	FC(2); FD(2); FE(2); FT(2); FA(2); FB(2); FC(2); FD(2); FE(2); FT(2);
224	FA(2); FB(2); FC(2); FD(2); FE(2); FT(2); FA(2); FB(2); FC(2); FD(2);
225	FE(3); FT(3); FA(3); FB(3); FC(3); FD(3); FE(3); FT(3); FA(3); FB(3);
226	FC(3); FD(3); FE(3); FT(3); FA(3); FB(3); FC(3); FD(3); FE(3); FT(3);
227	FA(4); FB(4); FC(4); FD(4); FE(4); FT(4); FA(4); FB(4); FC(4); FD(4);
228	FE(4); FT(4); FA(4); FB(4); FC(4); FD(4); FE(4); FT(4); FA(4); FB(4);
229
230	sha_info->digest[0] = T32(sha_info->digest[0] + E);
231	sha_info->digest[1] = T32(sha_info->digest[1] + T);
232	sha_info->digest[2] = T32(sha_info->digest[2] + A);
233	sha_info->digest[3] = T32(sha_info->digest[3] + B);
234	sha_info->digest[4] = T32(sha_info->digest[4] + C);
235	}
236
237	/* initialize the SHA digest */
238
239	static void sha_init(SHA_INFO *restrict sha_info)
240	{
241	sha_info->digest[0] = 0x67452301L;
242	sha_info->digest[1] = 0xefcdab89L;
243	sha_info->digest[2] = 0x98badcfeL;
244	sha_info->digest[3] = 0x10325476L;
245	sha_info->digest[4] = 0xc3d2e1f0L;
246	sha_info->count = 0L;
247	sha_info->local = 0;
248	}
249
250	/* update the SHA digest */
251
252	static void sha_update(SHA_INFO restrict sha_info, U8 restrict buffer, int count)
253	{
254	int i;
255
256	sha_info->count += count;
257	if (sha_info->local) {
258	i = SHA_BLOCKSIZE - sha_info->local;
259	if (i > count) {
260	i = count;
261	}
262	memcpy(((U8 *) sha_info->data) + sha_info->local, buffer, i);
263	count -= i;
264	buffer += i;
265	sha_info->local += i;
266	if (sha_info->local == SHA_BLOCKSIZE) {
267	sha_transform(sha_info);
268	} else {
269	return;
270	}
271	}
272	while (count >= SHA_BLOCKSIZE) {
273	memcpy(sha_info->data, buffer, SHA_BLOCKSIZE);
274	buffer += SHA_BLOCKSIZE;
275	count -= SHA_BLOCKSIZE;
276	sha_transform(sha_info);
277	}
278	memcpy(sha_info->data, buffer, count);
279	sha_info->local = count;
280	}
281
282	/* finish computing the SHA digest */
283	static int sha_final(SHA_INFO *sha_info)
284	{
285	int count = sha_info->count;
286	int local = sha_info->local;
287
288	sha_info->data[local] = 0x80;
289
290	if (sha_info->local >= SHA_BLOCKSIZE - 8) {
291	memset(sha_info->data + local + 1, 0, SHA_BLOCKSIZE - 1 - local);
292	sha_transform(sha_info);
293	memset(sha_info->data, 0, SHA_BLOCKSIZE - 2);
294	} else {
295	memset(sha_info->data + local + 1, 0, SHA_BLOCKSIZE - 3 - local);
296	}
297
298	sha_info->data[62] = count >> 5;
299	sha_info->data[63] = count << 3;
300
301	sha_transform (sha_info);
302
303	return sha_info->digest[0]
304	? zprefix (sha_info->digest[0])
305	: zprefix (sha_info->digest[1]) + 32;
306	}
307
308	#define TRIALCHAR "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$%&()*+,-./;<=>?@[]{}^_\|"
309
310	static char
311	nextenc[256];
312
313	static char
314	rand_char ()
315	{
316	return TRIALCHAR[(int)(Drand01 () * sizeof (TRIALCHAR))];
317	}
318
319	typedef double (*NVTime)(void);
320
321	static double
322	simple_nvtime (void)
323	{
324	return time (0);
325	}
326
327	static NVTime
328	get_nvtime (void)
329	{
330	SV **svp = hv_fetch (PL_modglobal, "Time::NVtime", 12, 0);
331
332	if (svp && SvIOK(*svp))
333	return INT2PTR(NVTime, SvIV(*svp));
334	else
335	return simple_nvtime;
336
337	}
338
339	MODULE = Digest::Hashcash PACKAGE = Digest::Hashcash
340
341	BOOT:
342	{
343	int i;
344
345	for (i = 0; i < sizeof (TRIALCHAR); i++)
346	nextenc[TRIALCHAR[i]] = TRIALCHAR[(i + 1) % sizeof (TRIALCHAR)];
347	}
348
349	PROTOTYPES: ENABLE
350
351	# could be improved quite a bit in accuracy
352	NV
353	_estimate_rounds ()
354	CODE:
355	{
356	char data[40];
357	NVTime nvtime = get_nvtime ();
358	NV t1, t2, t;
359	int count = 0;
360	SHA_INFO ctx;
361
362	t = nvtime ();
363	do {
364	t1 = nvtime ();
365	} while (t == t1);
366
367	t = t2 = nvtime ();
368	do {
369	volatile int i;
370	sha_init (&ctx);
371	sha_update (&ctx, data, sizeof (data));
372	i = sha_final (&ctx);
373
374	if (!(++count & 1023))
375	t2 = nvtime ();
376
377	} while (t == t2);
378
379	RETVAL = (NV)count / (t2 - t1);
380	}
381	OUTPUT:
382	RETVAL
383
384	SV *
385	_gentoken (int size, IV timestamp, char resource, char trial = "", int extrarand = 0)
386	CODE:
387	{
388	SHA_INFO ctx1, ctx;
389	char token, seq, *s;
390	int toklen, i;
391	time_t tstamp = timestamp ? timestamp : time (0);
392	struct tm *tm = gmtime (&tstamp);
393
394	New (0, token,
395	1 + 1 // version
396	+ 12 + 1 // time field sans century
397	+ strlen (resource) + 1 // ressource
398	+ strlen (trial) + extrarand + 8 + 1 // trial
399	+ 1,
400	char);
401
402	if (!token)
403	croak ("out of memory");
404
405	if (size > 64)
406	croak ("size must be <= 64 in this implementation\n");
407
408	toklen = sprintf (token, "%d:%02d%02d%02d%02d%02d%02d:%s:%s",
409	0, tm->tm_year % 100, tm->tm_mon + 1, tm->tm_mday,
410	tm->tm_hour, tm->tm_min, tm->tm_sec,
411	resource, trial);
412
413	if (toklen > 8000)
414	croak ("token length must be <= 8000 in this implementation\n");
415
416	perlinterp_release ();
417
418	i = toklen + extrarand;
419	while (toklen < i)
420	token[toklen++] = rand_char ();
421
422	sha_init (&ctx1);
423	sha_update (&ctx1, token, toklen);
424
425	seq = token + toklen;
426	i += 8;
427	while (toklen < i)
428	token[toklen++] = rand_char ();
429
430	for (;;)
431	{
432	ctx = ctx1; // this "optimization" can help a lot for longer resource strings
433	sha_update (&ctx, seq, 8);
434	i = sha_final (&ctx);
435
436	if (i >= size)
437	break;
438
439	s = seq;
440	do {
441	s = nextenc [s];
442	} while (*s++ == 'a');
443	}
444
445	perlinterp_acquire ();
446
447	RETVAL = newSVpvn (token, toklen);
448	}
449	OUTPUT:
450	RETVAL
451
452	int
453	_prefixlen (SV *tok)
454	CODE:
455	{
456	STRLEN toklen;
457	char *token = SvPV (tok, toklen);
458	SHA_INFO ctx;
459
460	sha_init (&ctx);
461	sha_update (&ctx, token, toklen);
462	RETVAL = sha_final (&ctx);
463	}
464	OUTPUT:
465	RETVAL
466
467