1 |
#include "EXTERN.h" |
2 |
#include "perl.h" |
3 |
#include "XSUB.h" |
4 |
|
5 |
#include <time.h> |
6 |
#include <stdlib.h> |
7 |
#include <stdint.h> |
8 |
|
9 |
#include "perlmulticore.h" |
10 |
|
11 |
/* NIST Secure Hash Algorithm */ |
12 |
/* heavily modified by Uwe Hollerbach <uh@alumni.caltech edu> */ |
13 |
/* from Peter C. Gutmann's implementation as found in */ |
14 |
/* Applied Cryptography by Bruce Schneier */ |
15 |
/* Further modifications to include the "UNRAVEL" stuff, below */ |
16 |
|
17 |
/* This code is in the public domain */ |
18 |
|
19 |
/* pcg: I was tempted to just rip this code off, after all, if you don't |
20 |
* demand anything I am inclined not to give anything. *Sigh* something |
21 |
* kept me from doing it, so here's the truth: I took this code from the |
22 |
* SHA1 perl module, since it looked reasonably well-crafted. I modified |
23 |
* it here and there, though. |
24 |
*/ |
25 |
|
26 |
/* |
27 |
* we have lots of micro-optimizations here, this is just for toying |
28 |
* around... |
29 |
*/ |
30 |
|
31 |
/* don't expect _too_ much from compilers for now. */ |
32 |
#if __GNUC__ > 2 |
33 |
# define restrict __restrict__ |
34 |
# define inline __inline__ |
35 |
# ifdef __i386 |
36 |
# define GCCX86ASM 1 |
37 |
# endif |
38 |
#elif __STDC_VERSION__ < 199900 |
39 |
# define restrict |
40 |
# define inline |
41 |
#endif |
42 |
|
43 |
#if __GNUC__ < 2 |
44 |
# define __attribute__(x) |
45 |
#endif |
46 |
|
47 |
#ifdef __i386 |
48 |
# define a_regparm(n) __attribute__((__regparm__(n))) |
49 |
#else |
50 |
# define a_regparm(n) |
51 |
#endif |
52 |
|
53 |
#define a_const __attribute__((__const__)) |
54 |
|
55 |
/* Useful defines & typedefs */ |
56 |
|
57 |
#if defined(U64TYPE) && (defined(USE_64_BIT_INT) || ((BYTEORDER != 0x1234) && (BYTEORDER != 0x4321))) |
58 |
typedef U64TYPE XULONG; |
59 |
# if BYTEORDER == 0x1234 |
60 |
# undef BYTEORDER |
61 |
# define BYTEORDER 0x12345678 |
62 |
# elif BYTEORDER == 0x4321 |
63 |
# undef BYTEORDER |
64 |
# define BYTEORDER 0x87654321 |
65 |
# endif |
66 |
#else |
67 |
typedef uint_fast32_t XULONG; /* 32-or-more-bit quantity */ |
68 |
#endif |
69 |
|
70 |
#if GCCX86ASM |
71 |
# define zprefix(n) ({ int _r; __asm__ ("bsrl %1, %0" : "=r" (_r) : "r" (n)); 31 - _r ; }) |
72 |
#elif __GNUC__ > 2 && __GNUC_MINOR__ > 3 |
73 |
# define zprefix(n) (__extension__ ({ uint32_t n__ = (n); n ? __builtin_clz (n) : 32; })) |
74 |
#else |
75 |
static int a_const zprefix (U32 n) |
76 |
{ |
77 |
static char zp[256] = |
78 |
{ |
79 |
8, 7, 6, 6, 5, 5, 5, 5, 4, 4, 4, 4, 4, 4, 4, 4, |
80 |
3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, |
81 |
2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
82 |
2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
83 |
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
84 |
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
85 |
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
86 |
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
87 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
88 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
89 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
90 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
91 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
92 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
93 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
94 |
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
95 |
}; |
96 |
|
97 |
return |
98 |
n > 0xffffff ? zp[n >> 24] |
99 |
: n > 0xffff ? 8 + zp[n >> 16] |
100 |
: n > 0xff ? 16 + zp[n >> 8] |
101 |
: 24 + zp[n]; |
102 |
} |
103 |
#endif |
104 |
|
105 |
#define SHA_BLOCKSIZE 64 |
106 |
#define SHA_DIGESTSIZE 20 |
107 |
|
108 |
typedef struct { |
109 |
U32 digest[5]; /* message digest */ |
110 |
U32 count; /* 32-bit bit count */ |
111 |
int local; /* unprocessed amount in data */ |
112 |
U8 data[SHA_BLOCKSIZE]; /* SHA data buffer */ |
113 |
} SHA_INFO; |
114 |
|
115 |
|
116 |
/* SHA f()-functions */ |
117 |
#define f1(x,y,z) ((x & y) | (~x & z)) |
118 |
#define f2(x,y,z) (x ^ y ^ z) |
119 |
#define f3(x,y,z) ((x & y) | (x & z) | (y & z)) |
120 |
#define f4(x,y,z) (x ^ y ^ z) |
121 |
|
122 |
/* SHA constants */ |
123 |
#define CONST1 0x5a827999L |
124 |
#define CONST2 0x6ed9eba1L |
125 |
#define CONST3 0x8f1bbcdcL |
126 |
#define CONST4 0xca62c1d6L |
127 |
|
128 |
/* truncate to 32 bits -- should be a null op on 32-bit machines */ |
129 |
#define T32(x) ((x) & 0xffffffffL) |
130 |
|
131 |
/* 32-bit rotate */ |
132 |
#define R32(x,n) T32(((x << n) | (x >> (32 - n)))) |
133 |
|
134 |
/* specific cases, for when the overall rotation is unraveled */ |
135 |
#define FA(n) \ |
136 |
T = T32(R32(A,5) + f##n(B,C,D) + E + *WP++ + CONST##n); B = R32(B,30) |
137 |
|
138 |
#define FB(n) \ |
139 |
E = T32(R32(T,5) + f##n(A,B,C) + D + *WP++ + CONST##n); A = R32(A,30) |
140 |
|
141 |
#define FC(n) \ |
142 |
D = T32(R32(E,5) + f##n(T,A,B) + C + *WP++ + CONST##n); T = R32(T,30) |
143 |
|
144 |
#define FD(n) \ |
145 |
C = T32(R32(D,5) + f##n(E,T,A) + B + *WP++ + CONST##n); E = R32(E,30) |
146 |
|
147 |
#define FE(n) \ |
148 |
B = T32(R32(C,5) + f##n(D,E,T) + A + *WP++ + CONST##n); D = R32(D,30) |
149 |
|
150 |
#define FT(n) \ |
151 |
A = T32(R32(B,5) + f##n(C,D,E) + T + *WP++ + CONST##n); C = R32(C,30) |
152 |
|
153 |
static void a_regparm(1) sha_transform(SHA_INFO *restrict sha_info) |
154 |
{ |
155 |
int i; |
156 |
U8 *restrict dp; |
157 |
U32 A, B, C, D, E, W[80], *restrict WP; |
158 |
XULONG T; |
159 |
|
160 |
dp = sha_info->data; |
161 |
|
162 |
#if BYTEORDER == 0x1234 |
163 |
assert(sizeof(XULONG) == 4); |
164 |
# ifdef HAS_NTOHL |
165 |
for (i = 0; i < 16; ++i) { |
166 |
T = *((XULONG *) dp); |
167 |
dp += 4; |
168 |
W[i] = ntohl (T); |
169 |
} |
170 |
# else |
171 |
for (i = 0; i < 16; ++i) { |
172 |
T = *((XULONG *) dp); |
173 |
dp += 4; |
174 |
W[i] = ((T << 24) & 0xff000000) | ((T << 8) & 0x00ff0000) | |
175 |
((T >> 8) & 0x0000ff00) | ((T >> 24) & 0x000000ff); |
176 |
} |
177 |
# endif |
178 |
#elif BYTEORDER == 0x4321 |
179 |
assert(sizeof(XULONG) == 4); |
180 |
for (i = 0; i < 16; ++i) { |
181 |
T = *((XULONG *) dp); |
182 |
dp += 4; |
183 |
W[i] = T32(T); |
184 |
} |
185 |
#elif BYTEORDER == 0x12345678 |
186 |
assert(sizeof(XULONG) == 8); |
187 |
for (i = 0; i < 16; i += 2) { |
188 |
T = *((XULONG *) dp); |
189 |
dp += 8; |
190 |
W[i] = ((T << 24) & 0xff000000) | ((T << 8) & 0x00ff0000) | |
191 |
((T >> 8) & 0x0000ff00) | ((T >> 24) & 0x000000ff); |
192 |
T >>= 32; |
193 |
W[i+1] = ((T << 24) & 0xff000000) | ((T << 8) & 0x00ff0000) | |
194 |
((T >> 8) & 0x0000ff00) | ((T >> 24) & 0x000000ff); |
195 |
} |
196 |
#elif BYTEORDER == 0x87654321 |
197 |
assert(sizeof(XULONG) == 8); |
198 |
for (i = 0; i < 16; i += 2) { |
199 |
T = *((XULONG *) dp); |
200 |
dp += 8; |
201 |
W[i] = T32(T >> 32); |
202 |
W[i+1] = T32(T); |
203 |
} |
204 |
#else |
205 |
#error Unknown byte order -- you need to add code here |
206 |
#endif |
207 |
|
208 |
for (i = 16; i < 80; ++i) |
209 |
{ |
210 |
T = W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16]; |
211 |
W[i] = R32(T,1); |
212 |
} |
213 |
|
214 |
A = sha_info->digest[0]; |
215 |
B = sha_info->digest[1]; |
216 |
C = sha_info->digest[2]; |
217 |
D = sha_info->digest[3]; |
218 |
E = sha_info->digest[4]; |
219 |
|
220 |
WP = W; |
221 |
FA(1); FB(1); FC(1); FD(1); FE(1); FT(1); FA(1); FB(1); FC(1); FD(1); |
222 |
FE(1); FT(1); FA(1); FB(1); FC(1); FD(1); FE(1); FT(1); FA(1); FB(1); |
223 |
FC(2); FD(2); FE(2); FT(2); FA(2); FB(2); FC(2); FD(2); FE(2); FT(2); |
224 |
FA(2); FB(2); FC(2); FD(2); FE(2); FT(2); FA(2); FB(2); FC(2); FD(2); |
225 |
FE(3); FT(3); FA(3); FB(3); FC(3); FD(3); FE(3); FT(3); FA(3); FB(3); |
226 |
FC(3); FD(3); FE(3); FT(3); FA(3); FB(3); FC(3); FD(3); FE(3); FT(3); |
227 |
FA(4); FB(4); FC(4); FD(4); FE(4); FT(4); FA(4); FB(4); FC(4); FD(4); |
228 |
FE(4); FT(4); FA(4); FB(4); FC(4); FD(4); FE(4); FT(4); FA(4); FB(4); |
229 |
|
230 |
sha_info->digest[0] = T32(sha_info->digest[0] + E); |
231 |
sha_info->digest[1] = T32(sha_info->digest[1] + T); |
232 |
sha_info->digest[2] = T32(sha_info->digest[2] + A); |
233 |
sha_info->digest[3] = T32(sha_info->digest[3] + B); |
234 |
sha_info->digest[4] = T32(sha_info->digest[4] + C); |
235 |
} |
236 |
|
237 |
/* initialize the SHA digest */ |
238 |
|
239 |
static void sha_init(SHA_INFO *restrict sha_info) |
240 |
{ |
241 |
sha_info->digest[0] = 0x67452301L; |
242 |
sha_info->digest[1] = 0xefcdab89L; |
243 |
sha_info->digest[2] = 0x98badcfeL; |
244 |
sha_info->digest[3] = 0x10325476L; |
245 |
sha_info->digest[4] = 0xc3d2e1f0L; |
246 |
sha_info->count = 0L; |
247 |
sha_info->local = 0; |
248 |
} |
249 |
|
250 |
/* update the SHA digest */ |
251 |
|
252 |
static void sha_update(SHA_INFO *restrict sha_info, U8 *restrict buffer, int count) |
253 |
{ |
254 |
int i; |
255 |
|
256 |
sha_info->count += count; |
257 |
if (sha_info->local) { |
258 |
i = SHA_BLOCKSIZE - sha_info->local; |
259 |
if (i > count) { |
260 |
i = count; |
261 |
} |
262 |
memcpy(((U8 *) sha_info->data) + sha_info->local, buffer, i); |
263 |
count -= i; |
264 |
buffer += i; |
265 |
sha_info->local += i; |
266 |
if (sha_info->local == SHA_BLOCKSIZE) { |
267 |
sha_transform(sha_info); |
268 |
} else { |
269 |
return; |
270 |
} |
271 |
} |
272 |
while (count >= SHA_BLOCKSIZE) { |
273 |
memcpy(sha_info->data, buffer, SHA_BLOCKSIZE); |
274 |
buffer += SHA_BLOCKSIZE; |
275 |
count -= SHA_BLOCKSIZE; |
276 |
sha_transform(sha_info); |
277 |
} |
278 |
memcpy(sha_info->data, buffer, count); |
279 |
sha_info->local = count; |
280 |
} |
281 |
|
282 |
/* finish computing the SHA digest */ |
283 |
static int sha_final(SHA_INFO *sha_info) |
284 |
{ |
285 |
int count = sha_info->count; |
286 |
int local = sha_info->local; |
287 |
|
288 |
sha_info->data[local] = 0x80; |
289 |
|
290 |
if (sha_info->local >= SHA_BLOCKSIZE - 8) { |
291 |
memset(sha_info->data + local + 1, 0, SHA_BLOCKSIZE - 1 - local); |
292 |
sha_transform(sha_info); |
293 |
memset(sha_info->data, 0, SHA_BLOCKSIZE - 2); |
294 |
} else { |
295 |
memset(sha_info->data + local + 1, 0, SHA_BLOCKSIZE - 3 - local); |
296 |
} |
297 |
|
298 |
sha_info->data[62] = count >> 5; |
299 |
sha_info->data[63] = count << 3; |
300 |
|
301 |
sha_transform (sha_info); |
302 |
|
303 |
return sha_info->digest[0] |
304 |
? zprefix (sha_info->digest[0]) |
305 |
: zprefix (sha_info->digest[1]) + 32; |
306 |
} |
307 |
|
308 |
#define TRIALCHAR "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$%&()*+,-./;<=>?@[]{}^_|" |
309 |
|
310 |
static char |
311 |
nextenc[256]; |
312 |
|
313 |
static char |
314 |
rand_char () |
315 |
{ |
316 |
return TRIALCHAR[(int)(Drand01 () * sizeof (TRIALCHAR))]; |
317 |
} |
318 |
|
319 |
typedef double (*NVTime)(void); |
320 |
|
321 |
static double |
322 |
simple_nvtime (void) |
323 |
{ |
324 |
return time (0); |
325 |
} |
326 |
|
327 |
static NVTime |
328 |
get_nvtime (void) |
329 |
{ |
330 |
SV **svp = hv_fetch (PL_modglobal, "Time::NVtime", 12, 0); |
331 |
|
332 |
if (svp && SvIOK(*svp)) |
333 |
return INT2PTR(NVTime, SvIV(*svp)); |
334 |
else |
335 |
return simple_nvtime; |
336 |
|
337 |
} |
338 |
|
339 |
MODULE = Digest::Hashcash PACKAGE = Digest::Hashcash |
340 |
|
341 |
BOOT: |
342 |
{ |
343 |
int i; |
344 |
|
345 |
for (i = 0; i < sizeof (TRIALCHAR); i++) |
346 |
nextenc[TRIALCHAR[i]] = TRIALCHAR[(i + 1) % sizeof (TRIALCHAR)]; |
347 |
} |
348 |
|
349 |
PROTOTYPES: ENABLE |
350 |
|
351 |
# could be improved quite a bit in accuracy |
352 |
NV |
353 |
_estimate_rounds () |
354 |
CODE: |
355 |
{ |
356 |
char data[40]; |
357 |
NVTime nvtime = get_nvtime (); |
358 |
NV t1, t2, t; |
359 |
int count = 0; |
360 |
SHA_INFO ctx; |
361 |
|
362 |
t = nvtime (); |
363 |
do { |
364 |
t1 = nvtime (); |
365 |
} while (t == t1); |
366 |
|
367 |
t = t2 = nvtime (); |
368 |
do { |
369 |
volatile int i; |
370 |
sha_init (&ctx); |
371 |
sha_update (&ctx, data, sizeof (data)); |
372 |
i = sha_final (&ctx); |
373 |
|
374 |
if (!(++count & 1023)) |
375 |
t2 = nvtime (); |
376 |
|
377 |
} while (t == t2); |
378 |
|
379 |
RETVAL = (NV)count / (t2 - t1); |
380 |
} |
381 |
OUTPUT: |
382 |
RETVAL |
383 |
|
384 |
SV * |
385 |
_gentoken (int size, IV timestamp, char *resource, char *trial = "", int extrarand = 0) |
386 |
CODE: |
387 |
{ |
388 |
SHA_INFO ctx1, ctx; |
389 |
char *token, *seq, *s; |
390 |
int toklen, i; |
391 |
time_t tstamp = timestamp ? timestamp : time (0); |
392 |
struct tm *tm = gmtime (&tstamp); |
393 |
|
394 |
New (0, token, |
395 |
1 + 1 // version |
396 |
+ 12 + 1 // time field sans century |
397 |
+ strlen (resource) + 1 // ressource |
398 |
+ strlen (trial) + extrarand + 8 + 1 // trial |
399 |
+ 1, |
400 |
char); |
401 |
|
402 |
if (!token) |
403 |
croak ("out of memory"); |
404 |
|
405 |
if (size > 64) |
406 |
croak ("size must be <= 64 in this implementation\n"); |
407 |
|
408 |
toklen = sprintf (token, "%d:%02d%02d%02d%02d%02d%02d:%s:%s", |
409 |
0, tm->tm_year % 100, tm->tm_mon + 1, tm->tm_mday, |
410 |
tm->tm_hour, tm->tm_min, tm->tm_sec, |
411 |
resource, trial); |
412 |
|
413 |
if (toklen > 8000) |
414 |
croak ("token length must be <= 8000 in this implementation\n"); |
415 |
|
416 |
perlinterp_release (); |
417 |
|
418 |
i = toklen + extrarand; |
419 |
while (toklen < i) |
420 |
token[toklen++] = rand_char (); |
421 |
|
422 |
sha_init (&ctx1); |
423 |
sha_update (&ctx1, token, toklen); |
424 |
|
425 |
seq = token + toklen; |
426 |
i += 8; |
427 |
while (toklen < i) |
428 |
token[toklen++] = rand_char (); |
429 |
|
430 |
for (;;) |
431 |
{ |
432 |
ctx = ctx1; // this "optimization" can help a lot for longer resource strings |
433 |
sha_update (&ctx, seq, 8); |
434 |
i = sha_final (&ctx); |
435 |
|
436 |
if (i >= size) |
437 |
break; |
438 |
|
439 |
s = seq; |
440 |
do { |
441 |
*s = nextenc [*s]; |
442 |
} while (*s++ == 'a'); |
443 |
} |
444 |
|
445 |
perlinterp_acquire (); |
446 |
|
447 |
RETVAL = newSVpvn (token, toklen); |
448 |
} |
449 |
OUTPUT: |
450 |
RETVAL |
451 |
|
452 |
int |
453 |
_prefixlen (SV *tok) |
454 |
CODE: |
455 |
{ |
456 |
STRLEN toklen; |
457 |
char *token = SvPV (tok, toklen); |
458 |
SHA_INFO ctx; |
459 |
|
460 |
sha_init (&ctx); |
461 |
sha_update (&ctx, token, toklen); |
462 |
RETVAL = sha_final (&ctx); |
463 |
} |
464 |
OUTPUT: |
465 |
RETVAL |
466 |
|
467 |
|