From 2d20a7e24bd85bd8a22262062b307a58f6d585c5 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sun, 1 May 2022 10:59:05 -0600 Subject: Switch to a Rust implementation of cryptographic primitives (#294) --- .circleci/build-wheel.sh | 2 +- .github/dependabot.yml | 7 + .github/workflows/ci.yml | 26 +- .github/workflows/wheel-builder.yml | 35 +- .gitignore | 1 + MANIFEST.in | 2 +- README.rst | 16 +- pyproject.toml | 2 +- setup.cfg | 3 - setup.py | 21 +- src/_bcrypt/Cargo.lock | 427 +++++++++++++++++++ src/_bcrypt/Cargo.toml | 24 ++ src/_bcrypt/src/lib.rs | 74 ++++ src/_csrc/bcrypt.c | 274 ------------ src/_csrc/bcrypt_pbkdf.c | 168 -------- src/_csrc/blf.c | 654 ----------------------------- src/_csrc/blf.h | 81 ---- src/_csrc/portable_endian.h | 238 ----------- src/_csrc/pycabcrypt.h | 44 -- src/_csrc/sha2.c | 812 ------------------------------------ src/_csrc/sha2.h | 87 ---- src/_csrc/timingsafe_bcmp.c | 29 -- src/bcrypt/__init__.py | 26 +- src/bcrypt/_bcrypt.pyi | 7 +- src/build_bcrypt.py | 46 -- tests/test_bcrypt.py | 5 - tox.ini | 1 + 27 files changed, 624 insertions(+), 2488 deletions(-) create mode 100644 src/_bcrypt/Cargo.lock create mode 100644 src/_bcrypt/Cargo.toml create mode 100644 src/_bcrypt/src/lib.rs delete mode 100644 src/_csrc/bcrypt.c delete mode 100644 src/_csrc/bcrypt_pbkdf.c delete mode 100644 src/_csrc/blf.c delete mode 100644 src/_csrc/blf.h delete mode 100644 src/_csrc/portable_endian.h delete mode 100644 src/_csrc/pycabcrypt.h delete mode 100644 src/_csrc/sha2.c delete mode 100644 src/_csrc/sha2.h delete mode 100644 src/_csrc/timingsafe_bcmp.c delete mode 100644 src/build_bcrypt.py diff --git a/.circleci/build-wheel.sh b/.circleci/build-wheel.sh index ebe745a..5e2ce83 100755 --- a/.circleci/build-wheel.sh +++ b/.circleci/build-wheel.sh @@ -10,7 +10,7 @@ mkdir -p /test/wheelhouse.final "${PYBIN}"/python -m venv .venv -.venv/bin/pip install -U pip wheel cffi +.venv/bin/pip install -U pip wheel setuptools-rust .venv/bin/python setup.py sdist cd dist diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1230149..1597d82 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,3 +4,10 @@ updates: directory: "/" schedule: interval: "daily" + - package-ecosystem: cargo + directory: "/src/_bcrypt/" + schedule: + interval: daily + allow: + # Also update indirect dependencies + - dependency-type: all diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 490c98c..1475ad9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,8 +33,8 @@ jobs: strategy: matrix: WINDOWS: - - {ARCH: 'x86', WINDOWS: 'win32'} - - {ARCH: 'x64', WINDOWS: 'win64'} + - {ARCH: 'x86', WINDOWS: 'win32', RUST_TRIPLE: 'i686-pc-windows-msvc'} + - {ARCH: 'x64', WINDOWS: 'win64', RUST_TRIPLE: 'x86_64-pc-windows-msvc'} PYTHON: - {VERSION: "3.6", TOXENV: "py36"} - {VERSION: "3.10", TOXENV: "py310"} @@ -46,6 +46,13 @@ jobs: with: python-version: ${{ matrix.PYTHON.VERSION }} architecture: ${{ matrix.WINDOWS.ARCH }} + - uses: actions-rs/toolchain@v1.0.7 + with: + profile: minimal + toolchain: stable + override: true + default: true + target: ${{ matrix.WINDOWS.RUST_TRIPLE }} - run: pip install tox - run: tox @@ -66,13 +73,25 @@ jobs: - {VERSION: "pypy-3.7", TOXENV: "pypy3"} - {VERSION: "pypy-3.8", TOXENV: "pypy3"} - {VERSION: "pypy-3.9", TOXENV: "pypy3"} - name: "${{ matrix.PYTHON.TOXENV }} on linux" + + # MSRV + - {VERSION: "3.10", TOXENV: "py310", RUST_VERSION: "1.56.0"} + - {VERSION: "3.10", TOXENV: "py310", RUST_VERSION: "beta"} + - {VERSION: "3.10", TOXENV: "py310", RUST_VERSION: "nightly"} + name: "${{ matrix.PYTHON.TOXENV }} on linux, Rust ${{ matrix.PYTHON.RUST_VERSION || 'stable' }}" steps: - uses: actions/checkout@v2.4.0 - name: Setup python uses: actions/setup-python@v3 with: python-version: ${{ matrix.PYTHON.VERSION }} + - uses: actions-rs/toolchain@v1.0.7 + with: + profile: minimal + toolchain: ${{ matrix.PYTHON.RUST_VERSION || 'stable' }} + override: true + default: true + - run: pip install tox - run: tox env: @@ -93,3 +112,4 @@ jobs: - run: '/venv/bin/tox' env: TOXENV: ${{ matrix.IMAGE.TOXENV }} + RUSTUP_HOME: /root/.rustup diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml index 972ab1d..fb74391 100644 --- a/.github/workflows/wheel-builder.yml +++ b/.github/workflows/wheel-builder.yml @@ -30,11 +30,13 @@ jobs: ref: ${{ github.event.inputs.version || github.ref }} - run: /opt/python/${{ matrix.PYTHON.VERSION }}/bin/python -m venv .venv - name: Install python dependencies - run: .venv/bin/pip install -U pip wheel cffi six + run: .venv/bin/pip install -U pip wheel setuptools-rust - name: Make sdist run: .venv/bin/python setup.py sdist - run: tar zxvf dist/bcrypt*.tar.gz && mkdir tmpwheelhouse - run: cd bcrypt* && ../.venv/bin/python setup.py bdist_wheel --py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} && mv dist/bcrypt*.whl ../tmpwheelhouse + env: + RUSTUP_HOME: /root/.rustup - run: auditwheel repair tmpwheelhouse/bcrypt*.whl -w wheelhouse/ - run: .venv/bin/pip install bcrypt --no-index -f wheelhouse/ - run: | @@ -66,8 +68,17 @@ jobs: - run: | curl "${{ matrix.PYTHON.DOWNLOAD_URL }}" -o python.pkg sudo installer -pkg python.pkg -target / + - uses: actions-rs/toolchain@v1.0.7 + with: + profile: minimal + toolchain: stable + override: true + default: true + # Add the arm64 target in addition to the native arch (x86_64) + target: aarch64-apple-darwin + - run: ${{ matrix.PYTHON.BIN_PATH }} -m venv venv - - run: venv/bin/pip install -U pip wheel cffi six + - run: venv/bin/pip install -U pip wheel setuptools-rust - name: Make sdist run: venv/bin/python setup.py sdist - run: tar zxvf dist/bcrypt*.tar.gz && mkdir wheelhouse @@ -95,11 +106,11 @@ jobs: strategy: matrix: WINDOWS: - - 'x86' - - 'x64' + - {ARCH: 'x86', RUST_TRIPLE: 'i686-pc-windows-msvc'} + - {ARCH: 'x64', RUST_TRIPLE: 'x86_64-pc-windows-msvc'} PYTHON: - {VERSION: "3.6", ABI_VERSION: "cp36"} - name: "${{ matrix.PYTHON.VERSION }} ${{ matrix.PYTHON.ABI_VERSION }} ${{ matrix.WINDOWS}}" + name: "${{ matrix.PYTHON.VERSION }} ${{ matrix.PYTHON.ABI_VERSION }} ${{ matrix.WINDOWS.ARCH }}" steps: - uses: actions/checkout@v2.4.0 with: @@ -110,8 +121,16 @@ jobs: uses: actions/setup-python@v3 with: python-version: ${{ matrix.PYTHON.VERSION }} - architecture: ${{ matrix.WINDOWS }} - - run: python -m pip install -U pip wheel cffi six + architecture: ${{ matrix.WINDOWS.ARCH }} + - uses: actions-rs/toolchain@v1.0.7 + with: + profile: minimal + toolchain: stable + override: true + default: true + target: ${{ matrix.WINDOWS.RUST_TRIPLE }} + + - run: python -m pip install -U pip wheel setuptools-rust - name: Make sdist run: python setup.py sdist - run: tar zxvf dist/bcrypt*.tar.gz && mkdir wheelhouse @@ -126,5 +145,5 @@ jobs: - run: move wheelhouse\bcrypt*.whl bcrypt-wheelhouse\ - uses: actions/upload-artifact@v1 with: - name: "bcrypt-${{ github.event.inputs.version }}-${{ matrix.WINDOWS }}-${{ matrix.PYTHON.ABI_VERSION }}" + name: "bcrypt-${{ github.event.inputs.version }}-${{ matrix.WINDOWS.ARCH }}-${{ matrix.PYTHON.ABI_VERSION }}" path: bcrypt-wheelhouse\ diff --git a/.gitignore b/.gitignore index 8e08b14..048903d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ __pycache__/ *.py[co] *.so +target/ # Packages *.egg diff --git a/MANIFEST.in b/MANIFEST.in index 2e68002..e39d31d 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -6,7 +6,7 @@ include tox.ini .coveragerc include src/build_bcrypt.py recursive-include src py.typed *.pyi -recursive-include src/_csrc * +recursive-include src/_bcrypt Cargo.toml Cargo.lock *.rs recursive-include tests *.py exclude requirements.txt release.py mypy.ini diff --git a/README.rst b/README.rst index 84f3759..ecd247d 100644 --- a/README.rst +++ b/README.rst @@ -20,25 +20,26 @@ To install bcrypt, simply: $ pip install bcrypt -Note that bcrypt should build very easily on Linux provided you have a C compiler, headers for Python (if you're not using pypy), and headers for the libffi libraries available on your system. +Note that bcrypt should build very easily on Linux provided you have a C +compiler and a Rust compiler (the minimum supported Rust version is 1.56.0). For Debian and Ubuntu, the following command will ensure that the required dependencies are installed: .. code:: bash - $ sudo apt-get install build-essential libffi-dev python-dev + $ sudo apt-get install build-essential cargo For Fedora and RHEL-derivatives, the following command will ensure that the required dependencies are installed: .. code:: bash - $ sudo yum install gcc libffi-devel python-devel + $ sudo yum install gcc cargo For Alpine, the following command will ensure that the required dependencies are installed: .. code:: bash - $ apk add --update musl-dev gcc libffi-dev + $ apk add --update musl-dev gcc cargo Alternatives @@ -49,6 +50,13 @@ While bcrypt remains a good choice for password storage depending on your specif Changelog ========= +UNRELEASED +---------- + +* ``bcrypt`` is now implemented in Rust. Users building from source will need + to have a Rust compiler available. Nothing will change for users downloading + wheels. + 3.2.1 ----- diff --git a/pyproject.toml b/pyproject.toml index b3f9e6b..d0f8243 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -3,7 +3,7 @@ requires = [ "setuptools>=40.8.0", "wheel", - "cffi>=1.1; python_implementation != 'PyPy'", + "setuptools-rust", ] # Point to the setuptools' PEP517 build backend explicitly to # disable Pip's fallback guessing diff --git a/setup.cfg b/setup.cfg index 1c81085..26aabe1 100644 --- a/setup.cfg +++ b/setup.cfg @@ -30,9 +30,6 @@ package_dir = packages = bcrypt ext_package = bcrypt -# `install_requires` must be kept in sync with `pyproject.toml` -install_requires = - cffi>=1.1 [options.extras_require] tests = diff --git a/setup.py b/setup.py index bb36d74..f5c6546 100644 --- a/setup.py +++ b/setup.py @@ -4,11 +4,7 @@ import sys from setuptools import setup - -CFFI_MODULES = [ - "src/build_bcrypt.py:ffi", -] - +from setuptools_rust import RustExtension if platform.python_implementation() == "PyPy": if sys.pypy_version_info < (2, 6): @@ -19,5 +15,18 @@ if platform.python_implementation() == "PyPy": setup( - cffi_modules=CFFI_MODULES, + rust_extensions=[ + RustExtension( + "_bcrypt", + "src/_bcrypt/Cargo.toml", + py_limited_api=True, + # Enable abi3 mode if we're not using PyPy. + features=( + [] + if platform.python_implementation() == "PyPy" + else ["pyo3/abi3-py36"] + ), + rust_version=">=1.56.0", + ), + ], ) diff --git a/src/_bcrypt/Cargo.lock b/src/_bcrypt/Cargo.lock new file mode 100644 index 0000000..dffc8c7 --- /dev/null +++ b/src/_bcrypt/Cargo.lock @@ -0,0 +1,427 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "base64" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd" + +[[package]] +name = "bcrypt" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8d70a6d9cd7179c1020c7f48512203ffe48cd1a442359e5f81881bf2cc165ac" +dependencies = [ + "base64", + "blowfish", + "getrandom", +] + +[[package]] +name = "bcrypt-pbkdf" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f4ef233ffa9cb9c7820b2b0e9efd0821ed180e866c9120ec9f45518659742074" +dependencies = [ + "blowfish", + "pbkdf2", + "sha2", +] + +[[package]] +name = "bcrypt-rust" +version = "0.1.0" +dependencies = [ + "base64", + "bcrypt", + "bcrypt-pbkdf", + "pyo3", +] + +[[package]] +name = "bitflags" +version = "1.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" + +[[package]] +name = "block-buffer" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0bf7fe51849ea569fd452f37822f606a5cabb684dc918707a0193fd4664ff324" +dependencies = [ + "generic-array", +] + +[[package]] +name = "blowfish" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e412e2cd0f2b2d93e02543ceae7917b3c70331573df19ee046bcbc35e45e87d7" +dependencies = [ + "byteorder", + "cipher", +] + +[[package]] +name = "byteorder" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "cipher" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "035bd298db1557b73a277e9c599c5a50e0d2e6ee9dcac78f3f951cb2f7d88d8c" +dependencies = [ + "crypto-common", + "inout", +] + +[[package]] +name = "cpufeatures" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "95059428f66df56b63431fdb4e1947ed2190586af5c5a8a8b71122bdf5a7f469" +dependencies = [ + "libc", +] + +[[package]] +name = "crypto-common" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57952ca27b5e3606ff4dd79b0020231aaf9d6aa76dc05fd30137538c50bd3ce8" +dependencies = [ + "generic-array", + "typenum", +] + +[[package]] +name = "digest" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2fb860ca6fafa5552fb6d0e816a69c8e49f0908bf524e30a90d97c85892d506" +dependencies = [ + "block-buffer", + "crypto-common", + "subtle", +] + +[[package]] +name = "generic-array" +version = "0.14.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd48d33ec7f05fbfa152300fdad764757cbded343c1aa1cff2fbaf4134851803" +dependencies = [ + "typenum", + "version_check", +] + +[[package]] +name = "getrandom" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "418d37c8b1d42553c93648be529cb70f920d3baf8ef469b74b9638df426e0b4c" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "indoc" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47741a8bc60fb26eb8d6e0238bbb26d8575ff623fdc97b1a2c00c050b9684ed8" +dependencies = [ + "indoc-impl", + "proc-macro-hack", +] + +[[package]] +name = "indoc-impl" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce046d161f000fffde5f432a0d034d0341dc152643b2598ed5bfce44c4f3a8f0" +dependencies = [ + "proc-macro-hack", + "proc-macro2", + "quote", + "syn", + "unindent", +] + +[[package]] +name = "inout" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e1f03d4ab4d5dc9ec2d219f86c15d2a15fc08239d1cd3b2d6a19717c0a2f443" +dependencies = [ + "generic-array", +] + +[[package]] +name = "instant" +version = "0.1.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "libc" +version = "0.2.119" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bf2e165bb3457c8e098ea76f3e3bc9db55f87aa90d52d0e6be741470916aaa4" + +[[package]] +name = "lock_api" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88943dd7ef4a2e5a4bfa2753aaab3013e34ce2533d1996fb18ef591e315e2b3b" +dependencies = [ + "scopeguard", +] + +[[package]] +name = "once_cell" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da32515d9f6e6e489d7bc9d84c71b060db7247dc035bbe44eac88cf87486d8d5" + +[[package]] +name = "parking_lot" +version = "0.11.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d17b78036a60663b797adeaee46f5c9dfebb86948d1255007a1d6be0271ff99" +dependencies = [ + "instant", + "lock_api", + "parking_lot_core", +] + +[[package]] +name = "parking_lot_core" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d76e8e1493bcac0d2766c42737f34458f1c8c50c0d23bcb24ea953affb273216" +dependencies = [ + "cfg-if", + "instant", + "libc", + "redox_syscall", + "smallvec", + "winapi", +] + +[[package]] +name = "paste" +version = "0.1.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "45ca20c77d80be666aef2b45486da86238fabe33e38306bd3118fe4af33fa880" +dependencies = [ + "paste-impl", + "proc-macro-hack", +] + +[[package]] +name = "paste-impl" +version = "0.1.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d95a7db200b97ef370c8e6de0088252f7e0dfff7d047a28528e47456c0fc98b6" +dependencies = [ + "proc-macro-hack", +] + +[[package]] +name = "pbkdf2" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "271779f35b581956db91a3e55737327a03aa051e90b1c47aeb189508533adfd7" +dependencies = [ + "digest", +] + +[[package]] +name = "proc-macro-hack" +version = "0.5.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5" + +[[package]] +name = "proc-macro2" +version = "1.0.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c7342d5883fbccae1cc37a2353b09c87c9b0f3afd73f5fb9bba687a1f733b029" +dependencies = [ + "unicode-xid", +] + +[[package]] +name = "pyo3" +version = "0.15.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d41d50a7271e08c7c8a54cd24af5d62f73ee3a6f6a314215281ebdec421d5752" +dependencies = [ + "cfg-if", + "indoc", + "libc", + "parking_lot", + "paste", + "pyo3-build-config", + "pyo3-macros", + "unindent", +] + +[[package]] +name = "pyo3-build-config" +version = "0.15.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "779239fc40b8e18bc8416d3a37d280ca9b9fb04bda54b98037bb6748595c2410" +dependencies = [ + "once_cell", +] + +[[package]] +name = "pyo3-macros" +version = "0.15.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b247e8c664be87998d8628e86f282c25066165f1f8dda66100c48202fdb93a" +dependencies = [ + "pyo3-macros-backend", + "quote", + "syn", +] + +[[package]] +name = "pyo3-macros-backend" +version = "0.15.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a8c2812c412e00e641d99eeb79dd478317d981d938aa60325dfa7157b607095" +dependencies = [ + "proc-macro2", + "pyo3-build-config", + "quote", + "syn", +] + +[[package]] +name = "quote" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "864d3e96a899863136fc6e99f3d7cae289dafe43bf2c5ac19b70df7210c0a145" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "redox_syscall" +version = "0.2.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8383f39639269cde97d255a32bdb68c047337295414940c68bdd30c2e13203ff" +dependencies = [ + "bitflags", +] + +[[package]] +name = "scopeguard" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" + +[[package]] +name = "sha2" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "55deaec60f81eefe3cce0dc50bda92d6d8e88f2a27df7c5033b42afeb1ed2676" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "smallvec" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2dd574626839106c320a323308629dcb1acfc96e32a8cba364ddc61ac23ee83" + +[[package]] +name = "subtle" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" + +[[package]] +name = "syn" +version = "1.0.86" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a65b3f4ffa0092e9887669db0eae07941f023991ab58ea44da8fe8e2d511c6b" +dependencies = [ + "proc-macro2", + "quote", + "unicode-xid", +] + +[[package]] +name = "typenum" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dcf81ac59edc17cc8697ff311e8f5ef2d99fcbd9817b34cec66f90b6c3dfd987" + +[[package]] +name = "unicode-xid" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3" + +[[package]] +name = "unindent" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "514672a55d7380da379785a4d70ca8386c8883ff7eaae877be4d2081cebe73d8" + +[[package]] +name = "version_check" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" + +[[package]] +name = "wasi" +version = "0.10.2+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6" + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" diff --git a/src/_bcrypt/Cargo.toml b/src/_bcrypt/Cargo.toml new file mode 100644 index 0000000..5849b63 --- /dev/null +++ b/src/_bcrypt/Cargo.toml @@ -0,0 +1,24 @@ +[package] +name = "bcrypt-rust" +version = "0.1.0" +authors = ["The bcrypt developers "] +edition = "2018" +publish = false + +[dependencies] +pyo3 = { version = "0.15.2" } +bcrypt = "0.11" +bcrypt-pbkdf = "0.8.1" +base64 = "0.13.0" + +[features] +extension-module = ["pyo3/extension-module"] +default = ["extension-module"] + +[lib] +name = "bcrypt_rust" +crate-type = ["cdylib"] + +[profile.release] +lto = "thin" +overflow-checks = true diff --git a/src/_bcrypt/src/lib.rs b/src/_bcrypt/src/lib.rs new file mode 100644 index 0000000..1a72c3f --- /dev/null +++ b/src/_bcrypt/src/lib.rs @@ -0,0 +1,74 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +#![deny(rust_2018_idioms)] + +#[pyo3::prelude::pyfunction] +fn encode_base64<'p>(py: pyo3::Python<'p>, data: &[u8]) -> &'p pyo3::types::PyBytes { + let output = base64::encode_config(data, base64::BCRYPT); + pyo3::types::PyBytes::new(py, output.as_bytes()) +} + +#[pyo3::prelude::pyfunction] +fn hashpass<'p>( + py: pyo3::Python<'p>, + password: &[u8], + salt: &[u8], +) -> pyo3::PyResult<&'p pyo3::types::PyBytes> { + // salt here is not just the salt bytes, but rather an encoded value + // containing a version number, number of rounds, and the salt. + // Should be [prefix, cost, hash]. This logic is copied from `bcrypt` + let raw_parts: Vec<_> = salt + .split(|&b| b == b'$') + .filter(|s| !s.is_empty()) + .collect(); + if raw_parts.len() != 3 { + return Err(pyo3::exceptions::PyValueError::new_err("Invalid salt")); + } + if raw_parts[0] != b"2y" + && raw_parts[0] != b"2b" + && raw_parts[0] != b"2a" + && raw_parts[0] != b"2x" + { + return Err(pyo3::exceptions::PyValueError::new_err("Invalid salt")); + } + let cost = std::str::from_utf8(raw_parts[1]) + .map_err(|_| pyo3::exceptions::PyValueError::new_err("Invalid salt"))? + .parse::() + .map_err(|_| pyo3::exceptions::PyValueError::new_err("Invalid salt"))?; + // The last component can contain either just the salt, or the salt and + // the result hash, depending on if the `salt` value come from `hashpw` or + // `gensalt`. + let raw_salt = base64::decode_config(&raw_parts[2][..22], base64::BCRYPT) + .map_err(|_| pyo3::exceptions::PyValueError::new_err("Invalid salt"))?; + + let hashed = bcrypt::hash_with_salt(password, cost, &raw_salt).unwrap(); + Ok(pyo3::types::PyBytes::new( + py, + hashed.format_for_version(bcrypt::Version::TwoB).as_bytes(), + )) +} + +#[pyo3::prelude::pyfunction] +fn pbkdf<'p>( + py: pyo3::Python<'p>, + password: &[u8], + salt: &[u8], + rounds: u32, + desired_key_bytes: usize, +) -> pyo3::PyResult<&'p pyo3::types::PyBytes> { + pyo3::types::PyBytes::new_with(py, desired_key_bytes, |mut output| { + bcrypt_pbkdf::bcrypt_pbkdf(password, salt, rounds, &mut output).unwrap(); + Ok(()) + }) +} + +#[pyo3::prelude::pymodule] +fn _bcrypt(_py: pyo3::Python<'_>, m: &pyo3::types::PyModule) -> pyo3::PyResult<()> { + m.add_function(pyo3::wrap_pyfunction!(encode_base64, m)?)?; + m.add_function(pyo3::wrap_pyfunction!(hashpass, m)?)?; + m.add_function(pyo3::wrap_pyfunction!(pbkdf, m)?)?; + + Ok(()) +} diff --git a/src/_csrc/bcrypt.c b/src/_csrc/bcrypt.c deleted file mode 100644 index a773602..0000000 --- a/src/_csrc/bcrypt.c +++ /dev/null @@ -1,274 +0,0 @@ -/* $OpenBSD: bcrypt.c,v 1.55 2015/09/13 15:33:48 guenther Exp $ */ - -/* - * Copyright (c) 2014 Ted Unangst - * Copyright (c) 1997 Niels Provos - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ -/* This password hashing algorithm was designed by David Mazieres - * and works as follows: - * - * 1. state := InitState () - * 2. state := ExpandKey (state, salt, password) - * 3. REPEAT rounds: - * state := ExpandKey (state, 0, password) - * state := ExpandKey (state, 0, salt) - * 4. ctext := "OrpheanBeholderScryDoubt" - * 5. REPEAT 64: - * ctext := Encrypt_ECB (state, ctext); - * 6. RETURN Concatenate (salt, ctext); - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include "pycabcrypt.h" - -/* This implementation is adaptable to current computing power. - * You can have up to 2^31 rounds which should be enough for some - * time to come. - */ - -#define BCRYPT_VERSION '2' -#define BCRYPT_MAXSALT 16 /* Precomputation is just so nice */ -#define BCRYPT_WORDS 6 /* Ciphertext words */ -#define BCRYPT_MINLOGROUNDS 4 /* we have log2(rounds) in salt */ - -#define BCRYPT_SALTSPACE (7 + (BCRYPT_MAXSALT * 4 + 2) / 3 + 1) -#define BCRYPT_HASHSPACE 61 - -char *bcrypt_gensalt(u_int8_t); - -int encode_base64(char *, const u_int8_t *, size_t); -static int decode_base64(u_int8_t *, size_t, const char *); - -/* - * the core bcrypt function - */ -int -bcrypt_hashpass(const char *key, const char *salt, char *encrypted, - size_t encryptedlen) -{ - blf_ctx state; - u_int32_t rounds, i, k; - u_int16_t j; - size_t key_len; - u_int8_t salt_len, logr, minor; - u_int8_t ciphertext[4 * BCRYPT_WORDS] = "OrpheanBeholderScryDoubt"; - u_int8_t csalt[BCRYPT_MAXSALT]; - u_int32_t cdata[BCRYPT_WORDS]; - - if (encryptedlen < BCRYPT_HASHSPACE) - goto inval; - - /* Check and discard "$" identifier */ - if (salt[0] != '$') - goto inval; - salt += 1; - - if (salt[0] != BCRYPT_VERSION) - goto inval; - - /* Check for minor versions */ - switch ((minor = salt[1])) { - case 'a': - key_len = (u_int8_t)(strlen(key) + 1); - break; - case 'b': - /* strlen() returns a size_t, but the function calls - * below result in implicit casts to a narrower integer - * type, so cap key_len at the actual maximum supported - * length here to avoid integer wraparound */ - key_len = strlen(key); - if (key_len > 72) - key_len = 72; - key_len++; /* include the NUL */ - break; - default: - goto inval; - } - if (salt[2] != '$') - goto inval; - /* Discard version + "$" identifier */ - salt += 3; - - /* Check and parse num rounds */ - if (!isdigit((unsigned char)salt[0]) || - !isdigit((unsigned char)salt[1]) || salt[2] != '$') - goto inval; - logr = (salt[1] - '0') + ((salt[0] - '0') * 10); - if (logr < BCRYPT_MINLOGROUNDS || logr > 31) - goto inval; - /* Computer power doesn't increase linearly, 2^x should be fine */ - rounds = 1U << logr; - - /* Discard num rounds + "$" identifier */ - salt += 3; - - if (strlen(salt) * 3 / 4 < BCRYPT_MAXSALT) - goto inval; - - /* We dont want the base64 salt but the raw data */ - if (decode_base64(csalt, BCRYPT_MAXSALT, salt)) - goto inval; - salt_len = BCRYPT_MAXSALT; - - /* Setting up S-Boxes and Subkeys */ - Blowfish_initstate(&state); - Blowfish_expandstate(&state, csalt, salt_len, - (u_int8_t *) key, key_len); - for (k = 0; k < rounds; k++) { - Blowfish_expand0state(&state, (u_int8_t *) key, key_len); - Blowfish_expand0state(&state, csalt, salt_len); - } - - /* This can be precomputed later */ - j = 0; - for (i = 0; i < BCRYPT_WORDS; i++) - cdata[i] = Blowfish_stream2word(ciphertext, 4 * BCRYPT_WORDS, &j); - - /* Now do the encryption */ - for (k = 0; k < 64; k++) - blf_enc(&state, cdata, BCRYPT_WORDS / 2); - - for (i = 0; i < BCRYPT_WORDS; i++) { - ciphertext[4 * i + 3] = cdata[i] & 0xff; - cdata[i] = cdata[i] >> 8; - ciphertext[4 * i + 2] = cdata[i] & 0xff; - cdata[i] = cdata[i] >> 8; - ciphertext[4 * i + 1] = cdata[i] & 0xff; - cdata[i] = cdata[i] >> 8; - ciphertext[4 * i + 0] = cdata[i] & 0xff; - } - - - snprintf(encrypted, 8, "$2%c$%2.2u$", minor, logr); - encode_base64(encrypted + 7, csalt, BCRYPT_MAXSALT); - encode_base64(encrypted + 7 + 22, ciphertext, 4 * BCRYPT_WORDS - 1); - explicit_bzero(&state, sizeof(state)); - explicit_bzero(ciphertext, sizeof(ciphertext)); - explicit_bzero(csalt, sizeof(csalt)); - explicit_bzero(cdata, sizeof(cdata)); - return 0; - -inval: - errno = EINVAL; - return -1; -} - -/* - * internal utilities - */ -static const u_int8_t Base64Code[] = -"./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; - -static const u_int8_t index_64[128] = { - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 0, 1, 54, 55, - 56, 57, 58, 59, 60, 61, 62, 63, 255, 255, - 255, 255, 255, 255, 255, 2, 3, 4, 5, 6, - 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, - 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, - 255, 255, 255, 255, 255, 255, 28, 29, 30, - 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, - 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, - 51, 52, 53, 255, 255, 255, 255, 255 -}; -#define CHAR64(c) ( (c) > 127 ? 255 : index_64[(c)]) - -/* - * read buflen (after decoding) bytes of data from b64data - */ -static int -decode_base64(u_int8_t *buffer, size_t len, const char *b64data) -{ - u_int8_t *bp = buffer; - const u_int8_t *p = b64data; - u_int8_t c1, c2, c3, c4; - - while (bp < buffer + len) { - c1 = CHAR64(*p); - /* Invalid data */ - if (c1 == 255) - return -1; - - c2 = CHAR64(*(p + 1)); - if (c2 == 255) - return -1; - - *bp++ = (c1 << 2) | ((c2 & 0x30) >> 4); - if (bp >= buffer + len) - break; - - c3 = CHAR64(*(p + 2)); - if (c3 == 255) - return -1; - - *bp++ = ((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2); - if (bp >= buffer + len) - break; - - c4 = CHAR64(*(p + 3)); - if (c4 == 255) - return -1; - *bp++ = ((c3 & 0x03) << 6) | c4; - - p += 4; - } - return 0; -} - -/* - * Turn len bytes of data into base64 encoded data. - * This works without = padding. - */ -int -encode_base64(char *b64buffer, const u_int8_t *data, size_t len) -{ - u_int8_t *bp = b64buffer; - const u_int8_t *p = data; - u_int8_t c1, c2; - - while (p < data + len) { - c1 = *p++; - *bp++ = Base64Code[(c1 >> 2)]; - c1 = (c1 & 0x03) << 4; - if (p >= data + len) { - *bp++ = Base64Code[c1]; - break; - } - c2 = *p++; - c1 |= (c2 >> 4) & 0x0f; - *bp++ = Base64Code[c1]; - c1 = (c2 & 0x0f) << 2; - if (p >= data + len) { - *bp++ = Base64Code[c1]; - break; - } - c2 = *p++; - c1 |= (c2 >> 6) & 0x03; - *bp++ = Base64Code[c1]; - *bp++ = Base64Code[c2 & 0x3f]; - } - *bp = '\0'; - return 0; -} diff --git a/src/_csrc/bcrypt_pbkdf.c b/src/_csrc/bcrypt_pbkdf.c deleted file mode 100644 index 306d7e7..0000000 --- a/src/_csrc/bcrypt_pbkdf.c +++ /dev/null @@ -1,168 +0,0 @@ -/* $OpenBSD: bcrypt_pbkdf.c,v 1.13 2015/01/12 03:20:04 tedu Exp $ */ -/* - * Copyright (c) 2013 Ted Unangst - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include -#include - -#include "pycabcrypt.h" -#include "blf.h" -#include "sha2.h" - -#define MINIMUM(a,b) (((a) < (b)) ? (a) : (b)) - -/* - * pkcs #5 pbkdf2 implementation using the "bcrypt" hash - * - * The bcrypt hash function is derived from the bcrypt password hashing - * function with the following modifications: - * 1. The input password and salt are preprocessed with SHA512. - * 2. The output length is expanded to 256 bits. - * 3. Subsequently the magic string to be encrypted is lengthened and modifed - * to "OxychromaticBlowfishSwatDynamite" - * 4. The hash function is defined to perform 64 rounds of initial state - * expansion. (More rounds are performed by iterating the hash.) - * - * Note that this implementation pulls the SHA512 operations into the caller - * as a performance optimization. - * - * One modification from official pbkdf2. Instead of outputting key material - * linearly, we mix it. pbkdf2 has a known weakness where if one uses it to - * generate (e.g.) 512 bits of key material for use as two 256 bit keys, an - * attacker can merely run once through the outer loop, but the user - * always runs it twice. Shuffling output bytes requires computing the - * entirety of the key material to assemble any subkey. This is something a - * wise caller could do; we just do it for you. - */ - -#define BCRYPT_WORDS 8 -#define BCRYPT_HASHSIZE (BCRYPT_WORDS * 4) - -static void -bcrypt_hash(uint8_t *sha2pass, uint8_t *sha2salt, uint8_t *out) -{ - blf_ctx state; - uint8_t ciphertext[BCRYPT_HASHSIZE] = - "OxychromaticBlowfishSwatDynamite"; - uint32_t cdata[BCRYPT_WORDS]; - int i; - uint16_t j; - size_t shalen = SHA512_DIGEST_LENGTH; - - /* key expansion */ - Blowfish_initstate(&state); - Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen); - for (i = 0; i < 64; i++) { - Blowfish_expand0state(&state, sha2salt, shalen); - Blowfish_expand0state(&state, sha2pass, shalen); - } - - /* encryption */ - j = 0; - for (i = 0; i < BCRYPT_WORDS; i++) - cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext), - &j); - for (i = 0; i < 64; i++) - blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t)); - - /* copy out */ - for (i = 0; i < BCRYPT_WORDS; i++) { - out[4 * i + 3] = (cdata[i] >> 24) & 0xff; - out[4 * i + 2] = (cdata[i] >> 16) & 0xff; - out[4 * i + 1] = (cdata[i] >> 8) & 0xff; - out[4 * i + 0] = cdata[i] & 0xff; - } - - /* zap */ - explicit_bzero(ciphertext, sizeof(ciphertext)); - explicit_bzero(cdata, sizeof(cdata)); - explicit_bzero(&state, sizeof(state)); -} - -int -bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, - uint8_t *key, size_t keylen, unsigned int rounds) -{ - SHA2_CTX ctx; - uint8_t sha2pass[SHA512_DIGEST_LENGTH]; - uint8_t sha2salt[SHA512_DIGEST_LENGTH]; - uint8_t out[BCRYPT_HASHSIZE]; - uint8_t tmpout[BCRYPT_HASHSIZE]; - uint8_t countsalt[4]; - size_t i, j, amt, stride; - uint32_t count; - size_t origkeylen = keylen; - - /* nothing crazy */ - if (rounds < 1) - return -1; - if (passlen == 0 || saltlen == 0 || keylen == 0 || - keylen > sizeof(out) * sizeof(out)) - return -1; - stride = (keylen + sizeof(out) - 1) / sizeof(out); - amt = (keylen + stride - 1) / stride; - - /* collapse password */ - SHA512Init(&ctx); - SHA512Update(&ctx, pass, passlen); - SHA512Final(sha2pass, &ctx); - - - /* generate key, sizeof(out) at a time */ - for (count = 1; keylen > 0; count++) { - countsalt[0] = (count >> 24) & 0xff; - countsalt[1] = (count >> 16) & 0xff; - countsalt[2] = (count >> 8) & 0xff; - countsalt[3] = count & 0xff; - - /* first round, salt is salt */ - SHA512Init(&ctx); - SHA512Update(&ctx, salt, saltlen); - SHA512Update(&ctx, countsalt, sizeof(countsalt)); - SHA512Final(sha2salt, &ctx); - bcrypt_hash(sha2pass, sha2salt, tmpout); - memcpy(out, tmpout, sizeof(out)); - - for (i = 1; i < rounds; i++) { - /* subsequent rounds, salt is previous output */ - SHA512Init(&ctx); - SHA512Update(&ctx, tmpout, sizeof(tmpout)); - SHA512Final(sha2salt, &ctx); - bcrypt_hash(sha2pass, sha2salt, tmpout); - for (j = 0; j < sizeof(out); j++) - out[j] ^= tmpout[j]; - } - - /* - * pbkdf2 deviation: output the key material non-linearly. - */ - amt = MINIMUM(amt, keylen); - for (i = 0; i < amt; i++) { - size_t dest = i * stride + (count - 1); - if (dest >= origkeylen) - break; - key[dest] = out[i]; - } - keylen -= i; - } - - /* zap */ - explicit_bzero(&ctx, sizeof(ctx)); - explicit_bzero(out, sizeof(out)); - - return 0; -} diff --git a/src/_csrc/blf.c b/src/_csrc/blf.c deleted file mode 100644 index 5d27728..0000000 --- a/src/_csrc/blf.c +++ /dev/null @@ -1,654 +0,0 @@ -/* $OpenBSD: blf.c,v 1.7 2007/11/26 09:28:34 martynas Exp $ */ - -/* - * Blowfish block cipher for OpenBSD - * Copyright 1997 Niels Provos - * All rights reserved. - * - * Implementation advice by David Mazieres . - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This code is derived from section 14.3 and the given source - * in section V of Applied Cryptography, second edition. - * Blowfish is an unpatented fast block cipher designed by - * Bruce Schneier. - */ - -#include - -#include "blf.h" - -#undef inline -#ifdef __GNUC__ -#define inline __inline -#else /* !__GNUC__ */ -#define inline -#endif /* !__GNUC__ */ - -/* Function for Feistel Networks */ - -#define F(s, x) ((((s)[ (((x)>>24)&0xFF)] \ - + (s)[0x100 + (((x)>>16)&0xFF)]) \ - ^ (s)[0x200 + (((x)>> 8)&0xFF)]) \ - + (s)[0x300 + ( (x) &0xFF)]) - -#define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n]) - -void -Blowfish_encipher(blf_ctx *c, u_int32_t *x) -{ - u_int32_t Xl; - u_int32_t Xr; - u_int32_t *s = c->S[0]; - u_int32_t *p = c->P; - - Xl = x[0]; - Xr = x[1]; - - Xl ^= p[0]; - BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2); - BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4); - BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6); - BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8); - BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10); - BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12); - BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14); - BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16); - - x[0] = Xr ^ p[17]; - x[1] = Xl; -} - -void -Blowfish_decipher(blf_ctx *c, u_int32_t *x) -{ - u_int32_t Xl; - u_int32_t Xr; - u_int32_t *s = c->S[0]; - u_int32_t *p = c->P; - - Xl = x[0]; - Xr = x[1]; - - Xl ^= p[17]; - BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15); - BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13); - BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11); - BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9); - BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7); - BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5); - BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3); - BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1); - - x[0] = Xr ^ p[0]; - x[1] = Xl; -} - -void -Blowfish_initstate(blf_ctx *c) -{ - /* P-box and S-box tables initialized with digits of Pi */ - - static const blf_ctx initstate = - - { { - { - 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, - 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, - 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, - 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, - 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, - 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, - 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, - 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, - 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, - 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, - 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, - 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, - 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, - 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, - 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, - 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, - 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, - 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, - 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, - 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, - 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, - 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, - 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, - 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, - 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, - 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, - 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, - 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, - 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, - 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, - 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, - 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, - 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, - 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, - 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, - 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, - 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, - 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, - 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, - 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, - 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, - 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, - 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, - 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, - 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, - 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, - 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, - 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, - 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, - 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, - 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, - 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, - 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, - 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, - 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, - 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, - 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, - 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, - 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, - 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, - 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, - 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, - 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, - 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a}, - { - 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, - 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, - 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, - 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, - 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, - 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, - 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, - 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, - 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, - 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, - 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, - 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, - 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, - 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, - 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, - 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, - 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, - 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, - 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, - 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, - 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, - 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, - 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, - 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, - 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, - 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, - 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, - 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, - 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, - 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, - 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, - 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, - 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, - 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, - 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, - 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, - 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, - 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, - 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, - 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, - 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, - 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, - 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, - 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, - 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, - 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, - 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, - 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, - 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, - 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, - 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, - 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, - 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, - 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, - 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, - 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, - 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, - 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, - 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, - 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, - 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, - 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, - 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, - 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7}, - { - 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, - 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, - 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, - 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, - 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, - 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, - 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, - 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, - 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, - 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, - 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, - 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, - 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, - 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, - 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, - 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, - 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, - 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, - 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, - 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, - 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, - 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, - 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, - 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, - 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, - 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, - 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, - 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, - 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, - 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, - 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, - 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, - 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, - 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, - 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, - 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, - 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, - 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, - 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, - 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, - 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, - 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, - 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, - 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, - 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, - 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, - 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, - 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, - 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, - 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, - 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, - 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, - 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, - 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, - 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, - 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, - 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, - 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, - 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, - 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, - 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, - 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, - 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, - 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0}, - { - 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, - 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, - 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, - 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, - 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, - 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, - 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, - 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, - 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, - 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, - 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, - 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, - 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, - 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, - 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, - 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, - 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, - 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, - 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, - 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, - 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, - 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, - 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, - 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, - 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, - 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, - 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, - 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, - 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, - 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, - 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, - 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, - 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, - 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, - 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, - 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, - 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, - 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, - 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, - 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, - 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, - 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, - 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, - 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, - 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, - 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, - 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, - 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, - 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, - 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, - 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, - 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, - 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, - 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, - 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, - 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, - 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, - 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, - 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, - 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, - 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, - 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, - 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, - 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6} - }, - { - 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, - 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89, - 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, - 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, - 0x9216d5d9, 0x8979fb1b - } }; - - *c = initstate; -} - -u_int32_t -Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes, - u_int16_t *current) -{ - u_int8_t i; - u_int16_t j; - u_int32_t temp; - - temp = 0x00000000; - j = *current; - - for (i = 0; i < 4; i++, j++) { - if (j >= databytes) - j = 0; - temp = (temp << 8) | data[j]; - } - - *current = j; - return temp; -} - -void -Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes) -{ - u_int16_t i; - u_int16_t j; - u_int16_t k; - u_int32_t temp; - u_int32_t data[2]; - - j = 0; - for (i = 0; i < BLF_N + 2; i++) { - /* Extract 4 int8 to 1 int32 from keystream */ - temp = Blowfish_stream2word(key, keybytes, &j); - c->P[i] = c->P[i] ^ temp; - } - - j = 0; - data[0] = 0x00000000; - data[1] = 0x00000000; - for (i = 0; i < BLF_N + 2; i += 2) { - Blowfish_encipher(c, data); - - c->P[i] = data[0]; - c->P[i + 1] = data[1]; - } - - for (i = 0; i < 4; i++) { - for (k = 0; k < 256; k += 2) { - Blowfish_encipher(c, data); - - c->S[i][k] = data[0]; - c->S[i][k + 1] = data[1]; - } - } -} - - -void -Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes, - const u_int8_t *key, u_int16_t keybytes) -{ - u_int16_t i; - u_int16_t j; - u_int16_t k; - u_int32_t temp; - u_int32_t d[2]; - - j = 0; - for (i = 0; i < BLF_N + 2; i++) { - /* Extract 4 int8 to 1 int32 from keystream */ - temp = Blowfish_stream2word(key, keybytes, &j); - c->P[i] = c->P[i] ^ temp; - } - - j = 0; - d[0] = 0x00000000; - d[1] = 0x00000000; - for (i = 0; i < BLF_N + 2; i += 2) { - d[0] ^= Blowfish_stream2word(data, databytes, &j); - d[1] ^= Blowfish_stream2word(data, databytes, &j); - Blowfish_encipher(c, d); - - c->P[i] = d[0]; - c->P[i + 1] = d[1]; - } - - for (i = 0; i < 4; i++) { - for (k = 0; k < 256; k += 2) { - d[0]^= Blowfish_stream2word(data, databytes, &j); - d[1] ^= Blowfish_stream2word(data, databytes, &j); - Blowfish_encipher(c, d); - - c->S[i][k] = d[0]; - c->S[i][k + 1] = d[1]; - } - } - -} - -void -blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len) -{ - /* Initialize S-boxes and subkeys with Pi */ - Blowfish_initstate(c); - - /* Transform S-boxes and subkeys with key */ - Blowfish_expand0state(c, k, len); -} - -void -blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks) -{ - u_int32_t *d; - u_int16_t i; - - d = data; - for (i = 0; i < blocks; i++) { - Blowfish_encipher(c, d); - d += 2; - } -} - -void -blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks) -{ - u_int32_t *d; - u_int16_t i; - - d = data; - for (i = 0; i < blocks; i++) { - Blowfish_decipher(c, d); - d += 2; - } -} - -void -blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) -{ - u_int32_t l, r, d[2]; - u_int32_t i; - - for (i = 0; i < len; i += 8) { - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - d[0] = l; - d[1] = r; - Blowfish_encipher(c, d); - l = d[0]; - r = d[1]; - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - data += 8; - } -} - -void -blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) -{ - u_int32_t l, r, d[2]; - u_int32_t i; - - for (i = 0; i < len; i += 8) { - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - d[0] = l; - d[1] = r; - Blowfish_decipher(c, d); - l = d[0]; - r = d[1]; - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - data += 8; - } -} - -void -blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len) -{ - u_int32_t l, r, d[2]; - u_int32_t i, j; - - for (i = 0; i < len; i += 8) { - for (j = 0; j < 8; j++) - data[j] ^= iv[j]; - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - d[0] = l; - d[1] = r; - Blowfish_encipher(c, d); - l = d[0]; - r = d[1]; - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - iv = data; - data += 8; - } -} - -void -blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len) -{ - u_int32_t l, r, d[2]; - u_int8_t *iv; - u_int32_t i, j; - - iv = data + len - 16; - data = data + len - 8; - for (i = len - 8; i >= 8; i -= 8) { - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - d[0] = l; - d[1] = r; - Blowfish_decipher(c, d); - l = d[0]; - r = d[1]; - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - for (j = 0; j < 8; j++) - data[j] ^= iv[j]; - iv -= 8; - data -= 8; - } - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - d[0] = l; - d[1] = r; - Blowfish_decipher(c, d); - l = d[0]; - r = d[1]; - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - for (j = 0; j < 8; j++) - data[j] ^= iva[j]; -} diff --git a/src/_csrc/blf.h b/src/_csrc/blf.h deleted file mode 100644 index c47b33b..0000000 --- a/src/_csrc/blf.h +++ /dev/null @@ -1,81 +0,0 @@ -/* $OpenBSD: blf.h,v 1.6 2007/02/21 19:25:40 grunk Exp $ */ - -/* - * Blowfish - a fast block cipher designed by Bruce Schneier - * - * Copyright 1997 Niels Provos - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _BLF_H_ -#define _BLF_H_ - -#include "pycabcrypt.h" - -/* Schneier states the maximum key length to be 56 bytes. - * The way how the subkeys are initialized by the key up - * to (N+2)*4 i.e. 72 bytes are utilized. - * Warning: For normal blowfish encryption only 56 bytes - * of the key affect all cipherbits. - */ - -#define BLF_N 16 /* Number of Subkeys */ -#define BLF_MAXKEYLEN ((BLF_N-2)*4) /* 448 bits */ -#define BLF_MAXUTILIZED ((BLF_N+2)*4) /* 576 bits */ - -/* Blowfish context */ -typedef struct BlowfishContext { - u_int32_t S[4][256]; /* S-Boxes */ - u_int32_t P[BLF_N + 2]; /* Subkeys */ -} blf_ctx; - -/* Raw access to customized Blowfish - * blf_key is just: - * Blowfish_initstate( state ) - * Blowfish_expand0state( state, key, keylen ) - */ - -void Blowfish_encipher(blf_ctx *, u_int32_t *); -void Blowfish_decipher(blf_ctx *, u_int32_t *); -void Blowfish_initstate(blf_ctx *); -void Blowfish_expand0state(blf_ctx *, const u_int8_t *, u_int16_t); -void Blowfish_expandstate(blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t); - -/* Standard Blowfish */ - -void blf_key(blf_ctx *, const u_int8_t *, u_int16_t); -void blf_enc(blf_ctx *, u_int32_t *, u_int16_t); -void blf_dec(blf_ctx *, u_int32_t *, u_int16_t); - -/* Converts u_int8_t to u_int32_t */ -u_int32_t Blowfish_stream2word(const u_int8_t *, u_int16_t , - u_int16_t *); - -void blf_ecb_encrypt(blf_ctx *, u_int8_t *, u_int32_t); -void blf_ecb_decrypt(blf_ctx *, u_int8_t *, u_int32_t); - -void blf_cbc_encrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); -void blf_cbc_decrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); -#endif diff --git a/src/_csrc/portable_endian.h b/src/_csrc/portable_endian.h deleted file mode 100644 index d900688..0000000 --- a/src/_csrc/portable_endian.h +++ /dev/null @@ -1,238 +0,0 @@ -// "License": Public Domain -// I, Mathias Panzenböck, place this file hereby into the public domain. Use it at your own risk for whatever you like. -// In case there are jurisdictions that don't support putting things in the public domain you can also consider it to -// be "dual licensed" under the BSD, MIT and Apache licenses, if you want to. This code is trivial anyway. Consider it -// an example on how to get the endian conversion functions on different platforms. - -#ifndef PORTABLE_ENDIAN_H__ -#define PORTABLE_ENDIAN_H__ - -#if (defined(_WIN16) || defined(_WIN32) || defined(_WIN64)) && !defined(__WINDOWS__) - -# define __WINDOWS__ - -#endif - -#if defined(__linux__) || defined(__CYGWIN__) -/* Define necessary macros for the header to expose all fields. */ -# if !defined(_BSD_SOURCE) -# define _BSD_SOURCE -# endif -# if !defined(__USE_BSD) -# define __USE_BSD -# endif -# if !defined(_DEFAULT_SOURCE) -# define _DEFAULT_SOURCE -# endif -# include -# include -/* See http://linux.die.net/man/3/endian */ -# if defined(htobe16) && defined(htole16) && defined(be16toh) && defined(le16toh) && defined(htobe32) && defined(htole32) && defined(be32toh) && defined(htole32) && defined(htobe64) && defined(htole64) && defined(be64) && defined(le64) -/* Do nothing. The macros we need already exist. */ -# elif !defined(__GLIBC__) || !defined(__GLIBC_MINOR__) || ((__GLIBC__ < 2) || ((__GLIBC__ == 2) && (__GLIBC_MINOR__ < 9))) -# include -# if defined(__BYTE_ORDER) && (__BYTE_ORDER == __LITTLE_ENDIAN) -# define htobe16(x) htons(x) -# define htole16(x) (x) -# define be16toh(x) ntohs(x) -# define le16toh(x) (x) - -# define htobe32(x) htonl(x) -# define htole32(x) (x) -# define be32toh(x) ntohl(x) -# define le32toh(x) (x) - -# define htobe64(x) (((uint64_t)htonl(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)htonl(((uint32_t)(x)))) << 32)) -# define htole64(x) (x) -# define be64toh(x) (((uint64_t)ntohl(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)ntohl(((uint32_t)(x)))) << 32)) -# define le64toh(x) (x) -# elif defined(__BYTE_ORDER) && (__BYTE_ORDER == __BIG_ENDIAN) -# define htobe16(x) (x) -# define htole16(x) (((((uint16_t)(x)) >> 8))|((((uint16_t)(x)) << 8))) -# define be16toh(x) (x) -# define le16toh(x) (((((uint16_t)(x)) >> 8))|((((uint16_t)(x)) << 8))) - -# define htobe32(x) (x) -# define htole32(x) (((uint32_t)htole16(((uint16_t)(((uint32_t)(x)) >> 16)))) | (((uint32_t)htole16(((uint16_t)(x)))) << 16)) -# define be32toh(x) (x) -# define le32toh(x) (((uint32_t)le16toh(((uint16_t)(((uint32_t)(x)) >> 16)))) | (((uint32_t)le16toh(((uint16_t)(x)))) << 16)) - -# define htobe64(x) (x) -# define htole64(x) (((uint64_t)htole32(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)htole32(((uint32_t)(x)))) << 32)) -# define be64toh(x) (x) -# define le64toh(x) (((uint64_t)le32toh(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)le32toh(((uint32_t)(x)))) << 32)) -# else -# error Byte Order not supported or not defined. -# endif -# endif - -#elif defined(__APPLE__) - -# include - -# define htobe16(x) OSSwapHostToBigInt16(x) -# define htole16(x) OSSwapHostToLittleInt16(x) -# define be16toh(x) OSSwapBigToHostInt16(x) -# define le16toh(x) OSSwapLittleToHostInt16(x) - -# define htobe32(x) OSSwapHostToBigInt32(x) -# define htole32(x) OSSwapHostToLittleInt32(x) -# define be32toh(x) OSSwapBigToHostInt32(x) -# define le32toh(x) OSSwapLittleToHostInt32(x) - -# define htobe64(x) OSSwapHostToBigInt64(x) -# define htole64(x) OSSwapHostToLittleInt64(x) -# define be64toh(x) OSSwapBigToHostInt64(x) -# define le64toh(x) OSSwapLittleToHostInt64(x) - -# define __BYTE_ORDER BYTE_ORDER -# define __BIG_ENDIAN BIG_ENDIAN -# define __LITTLE_ENDIAN LITTLE_ENDIAN -# define __PDP_ENDIAN PDP_ENDIAN - -#elif defined(__OpenBSD__) - -# include - -#elif defined(__HAIKU__) - -# include - -#elif defined(__NetBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) - -# include - -# if !defined(be16toh) - # define be16toh(x) betoh16(x) - # define le16toh(x) letoh16(x) -# endif - -# if !defined(be32toh) - # define be32toh(x) betoh32(x) - # define le32toh(x) letoh32(x) -# endif - -# if !defined(be64toh) - # define be64toh(x) betoh64(x) - # define le64toh(x) letoh64(x) -# endif - -#elif defined(__WINDOWS__) - -# if BYTE_ORDER == LITTLE_ENDIAN - -# define htobe16(x) _byteswap_ushort(x) -# define htole16(x) (x) -# define be16toh(x) _byteswap_ushort(x) -# define le16toh(x) (x) - -# define htobe32(x) _byteswap_ulong(x) -# define htole32(x) (x) -# define be32toh(x) _byteswap_ulong(x) -# define le32toh(x) (x) - -# define htobe64(x) _byteswap_uint64(x) -# define be64toh(x) _byteswap_uint64(x) -# define htole64(x) (x) -# define le64toh(x) (x) - -# elif BYTE_ORDER == BIG_ENDIAN - - /* that would be xbox 360 */ -# define htobe16(x) (x) -# define htole16(x) __builtin_bswap16(x) -# define be16toh(x) (x) -# define le16toh(x) __builtin_bswap16(x) - -# define htobe32(x) (x) -# define htole32(x) __builtin_bswap32(x) -# define be32toh(x) (x) -# define le32toh(x) __builtin_bswap32(x) - -# define htobe64(x) (x) -# define htole64(x) __builtin_bswap64(x) -# define be64toh(x) (x) -# define le64toh(x) __builtin_bswap64(x) - -# else - -# error byte order not supported - -# endif - -# define __BYTE_ORDER BYTE_ORDER -# define __BIG_ENDIAN BIG_ENDIAN -# define __LITTLE_ENDIAN LITTLE_ENDIAN -# define __PDP_ENDIAN PDP_ENDIAN - -#elif defined(__sun) - -# include - -# define htobe16(x) BE_16(x) -# define htole16(x) LE_16(x) -# define be16toh(x) BE_16(x) -# define le16toh(x) LE_16(x) - -# define htobe32(x) BE_32(x) -# define htole32(x) LE_32(x) -# define be32toh(x) BE_32(x) -# define le32toh(x) LE_32(x) - -# define htobe64(x) BE_64(x) -# define htole64(x) LE_64(x) -# define be64toh(x) BE_64(x) -# define le64toh(x) LE_64(x) - -#elif defined _AIX /* AIX is always big endian */ -# define be64toh(x) (x) -# define be32toh(x) (x) -# define be16toh(x) (x) -# define le32toh(x) \ - ((((x) & 0xff) << 24) | \ - (((x) & 0xff00) << 8) | \ - (((x) & 0xff0000) >> 8) | \ - (((x) & 0xff000000) >> 24)) -# define le64toh(x) \ - ((((x) & 0x00000000000000ffL) << 56) | \ - (((x) & 0x000000000000ff00L) << 40) | \ - (((x) & 0x0000000000ff0000L) << 24) | \ - (((x) & 0x00000000ff000000L) << 8) | \ - (((x) & 0x000000ff00000000L) >> 8) | \ - (((x) & 0x0000ff0000000000L) >> 24) | \ - (((x) & 0x00ff000000000000L) >> 40) | \ - (((x) & 0xff00000000000000L) >> 56)) -# ifndef htobe64 -# define htobe64(x) be64toh(x) -# endif -# ifndef htobe32 -# define htobe32(x) be32toh(x) -# endif -# ifndef htobe16 -# define htobe16(x) be16toh(x) -# endif - -#elif defined(__MVS__) - -# define htobe16(x) (x) -# define htole16(x) (((((uint16_t)(x)) >> 8))|((((uint16_t)(x)) << 8))) -# define be16toh(x) (x) -# define le16toh(x) (((((uint16_t)(x)) >> 8))|((((uint16_t)(x)) << 8))) - -# define htobe32(x) (x) -# define htole32(x) (((uint32_t)htole16(((uint16_t)(((uint32_t)(x)) >> 16)))) | (((uint32_t)htole16(((uint16_t)(x)))) << 16)) -# define be32toh(x) (x) -# define le32toh(x) (((uint32_t)le16toh(((uint16_t)(((uint32_t)(x)) >> 16)))) | (((uint32_t)le16toh(((uint16_t)(x)))) << 16)) - -# define htobe64(x) (x) -# define htole64(x) (((uint64_t)htole32(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)htole32(((uint32_t)(x)))) << 32)) -# define be64toh(x) (x) -# define le64toh(x) (((uint64_t)le32toh(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)le32toh(((uint32_t)(x)))) << 32)) - -#else - -# error platform not supported - -#endif - -#endif diff --git a/src/_csrc/pycabcrypt.h b/src/_csrc/pycabcrypt.h deleted file mode 100644 index 509d4fe..0000000 --- a/src/_csrc/pycabcrypt.h +++ /dev/null @@ -1,44 +0,0 @@ -#ifndef PYCABCRYPT -#define PYCABCRYPT - -#include -#include -#include -#include "portable_endian.h" - -#if defined(_WIN32) -typedef unsigned char uint8_t; -typedef uint8_t u_int8_t; -typedef unsigned short uint16_t; -typedef uint16_t u_int16_t; -typedef unsigned uint32_t; -typedef uint32_t u_int32_t; -typedef unsigned long long uint64_t; -typedef uint64_t u_int64_t; -#define snprintf _snprintf -#define __attribute__(unused) -#elif defined(__sun) -typedef uint8_t u_int8_t; -typedef uint16_t u_int16_t; -typedef uint32_t u_int32_t; -typedef uint64_t u_int64_t; -#elif defined(__MVS__) -#include -typedef uint8_t u_int8_t; -typedef uint16_t u_int16_t; -typedef uint32_t u_int32_t; -typedef uint64_t u_int64_t; -#else -#include -#endif - -#define explicit_bzero(s,n) memset(s, 0, n) -#define DEF_WEAK(f) - -int bcrypt_hashpass(const char *key, const char *salt, char *encrypted, size_t encryptedlen); -int encode_base64(char *, const u_int8_t *, size_t); -int timingsafe_bcmp(const void *b1, const void *b2, size_t n); -int bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, uint8_t *key, size_t keylen, unsigned int rounds); - -#endif - diff --git a/src/_csrc/sha2.c b/src/_csrc/sha2.c deleted file mode 100644 index 38181a5..0000000 --- a/src/_csrc/sha2.c +++ /dev/null @@ -1,812 +0,0 @@ -/* $OpenBSD: sha2.c,v 1.18 2015/03/14 03:38:46 jsg Exp $ */ - -/* - * FILE: sha2.c - * AUTHOR: Aaron D. Gifford - * - * Copyright (c) 2000-2001, Aaron D. Gifford - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the copyright holder nor the names of contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $ - */ - -#include "pycabcrypt.h" -#include "sha2.h" - -/* - * UNROLLED TRANSFORM LOOP NOTE: - * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform - * loop version for the hash transform rounds (defined using macros - * later in this file). Either define on the command line, for example: - * - * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c - * - * or define below: - * - * #define SHA2_UNROLL_TRANSFORM - * - */ -#ifndef SMALL_KERNEL -#if defined(__amd64__) || defined(__i386__) -#define SHA2_UNROLL_TRANSFORM -#endif -#endif - - -/*** SHA-256/384/512 Various Length Definitions ***********************/ -/* NOTE: Most of these are in sha2.h */ -#define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8) -#define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16) -#define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16) - -/* - * Macro for incrementally adding the unsigned 64-bit integer n to the - * unsigned 128-bit integer (represented using a two-element array of - * 64-bit words): - */ -#define ADDINC128(w,n) { \ - (w)[0] += (u_int64_t)(n); \ - if ((w)[0] < (n)) { \ - (w)[1]++; \ - } \ -} - -/*** THE SIX LOGICAL FUNCTIONS ****************************************/ -/* - * Bit shifting and rotation (used by the six SHA-XYZ logical functions: - * - * NOTE: The naming of R and S appears backwards here (R is a SHIFT and - * S is a ROTATION) because the SHA-256/384/512 description document - * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this - * same "backwards" definition. - */ -/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ -#define R(b,x) ((x) >> (b)) -/* 32-bit Rotate-right (used in SHA-256): */ -#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) -/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ -#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) - -/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ -#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) - -/* Four of six logical functions used in SHA-256: */ -#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) -#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) -#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) -#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) - -/* Four of six logical functions used in SHA-384 and SHA-512: */ -#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) -#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) -#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) -#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) - -/*** INTERNAL FUNCTION PROTOTYPES *************************************/ -/* NOTE: These should not be accessed directly from outside this - * library -- they are intended for private internal visibility/use - * only. - */ -void SHA512Last(SHA2_CTX *); -void SHA256Transform(u_int32_t *, const u_int8_t *); -void SHA512Transform(u_int64_t *, const u_int8_t *); - - -/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ -/* Hash constant words K for SHA-256: */ -const static u_int32_t K256[64] = { - 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, - 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, - 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, - 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, - 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, - 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, - 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, - 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, - 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, - 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, - 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, - 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, - 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, - 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, - 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, - 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL -}; - -/* Initial hash value H for SHA-256: */ -const static u_int32_t sha256_initial_hash_value[8] = { - 0x6a09e667UL, - 0xbb67ae85UL, - 0x3c6ef372UL, - 0xa54ff53aUL, - 0x510e527fUL, - 0x9b05688cUL, - 0x1f83d9abUL, - 0x5be0cd19UL -}; - -/* Hash constant words K for SHA-384 and SHA-512: */ -const static u_int64_t K512[80] = { - 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, - 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, - 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, - 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, - 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, - 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, - 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, - 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, - 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, - 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, - 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, - 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, - 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, - 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, - 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, - 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, - 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, - 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, - 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, - 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, - 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, - 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, - 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, - 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, - 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, - 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, - 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, - 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, - 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, - 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, - 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, - 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, - 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, - 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, - 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, - 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, - 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, - 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, - 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, - 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL -}; - -/* Initial hash value H for SHA-384 */ -const static u_int64_t sha384_initial_hash_value[8] = { - 0xcbbb9d5dc1059ed8ULL, - 0x629a292a367cd507ULL, - 0x9159015a3070dd17ULL, - 0x152fecd8f70e5939ULL, - 0x67332667ffc00b31ULL, - 0x8eb44a8768581511ULL, - 0xdb0c2e0d64f98fa7ULL, - 0x47b5481dbefa4fa4ULL -}; - -/* Initial hash value H for SHA-512 */ -const static u_int64_t sha512_initial_hash_value[8] = { - 0x6a09e667f3bcc908ULL, - 0xbb67ae8584caa73bULL, - 0x3c6ef372fe94f82bULL, - 0xa54ff53a5f1d36f1ULL, - 0x510e527fade682d1ULL, - 0x9b05688c2b3e6c1fULL, - 0x1f83d9abfb41bd6bULL, - 0x5be0cd19137e2179ULL -}; - - -/*** SHA-256: *********************************************************/ -void -SHA256Init(SHA2_CTX *context) -{ - memcpy(context->state.st32, sha256_initial_hash_value, - SHA256_DIGEST_LENGTH); - memset(context->buffer, 0, SHA256_BLOCK_LENGTH); - context->bitcount[0] = 0; -} - -#ifdef SHA2_UNROLL_TRANSFORM - -/* Unrolled SHA-256 round macros: */ - -#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) do { \ - W256[j] = (u_int32_t)data[3] | ((u_int32_t)data[2] << 8) | \ - ((u_int32_t)data[1] << 16) | ((u_int32_t)data[0] << 24); \ - data += 4; \ - T1 = (h) + Sigma1_256((e)) + Ch((e), (f), (g)) + K256[j] + W256[j]; \ - (d) += T1; \ - (h) = T1 + Sigma0_256((a)) + Maj((a), (b), (c)); \ - j++; \ -} while(0) - -#define ROUND256(a,b,c,d,e,f,g,h) do { \ - s0 = W256[(j+1)&0x0f]; \ - s0 = sigma0_256(s0); \ - s1 = W256[(j+14)&0x0f]; \ - s1 = sigma1_256(s1); \ - T1 = (h) + Sigma1_256((e)) + Ch((e), (f), (g)) + K256[j] + \ - (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ - (d) += T1; \ - (h) = T1 + Sigma0_256((a)) + Maj((a), (b), (c)); \ - j++; \ -} while(0) - -void -SHA256Transform(u_int32_t *state, const u_int8_t *data) -{ - u_int32_t a, b, c, d, e, f, g, h, s0, s1; - u_int32_t T1, W256[16]; - int j; - - /* Initialize registers with the prev. intermediate value */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - f = state[5]; - g = state[6]; - h = state[7]; - - j = 0; - do { - /* Rounds 0 to 15 (unrolled): */ - ROUND256_0_TO_15(a,b,c,d,e,f,g,h); - ROUND256_0_TO_15(h,a,b,c,d,e,f,g); - ROUND256_0_TO_15(g,h,a,b,c,d,e,f); - ROUND256_0_TO_15(f,g,h,a,b,c,d,e); - ROUND256_0_TO_15(e,f,g,h,a,b,c,d); - ROUND256_0_TO_15(d,e,f,g,h,a,b,c); - ROUND256_0_TO_15(c,d,e,f,g,h,a,b); - ROUND256_0_TO_15(b,c,d,e,f,g,h,a); - } while (j < 16); - - /* Now for the remaining rounds to 64: */ - do { - ROUND256(a,b,c,d,e,f,g,h); - ROUND256(h,a,b,c,d,e,f,g); - ROUND256(g,h,a,b,c,d,e,f); - ROUND256(f,g,h,a,b,c,d,e); - ROUND256(e,f,g,h,a,b,c,d); - ROUND256(d,e,f,g,h,a,b,c); - ROUND256(c,d,e,f,g,h,a,b); - ROUND256(b,c,d,e,f,g,h,a); - } while (j < 64); - - /* Compute the current intermediate hash value */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - state[5] += f; - state[6] += g; - state[7] += h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = 0; -} - -#else /* SHA2_UNROLL_TRANSFORM */ - -void -SHA256Transform(u_int32_t *state, const u_int8_t *data) -{ - u_int32_t a, b, c, d, e, f, g, h, s0, s1; - u_int32_t T1, T2, W256[16]; - int j; - - /* Initialize registers with the prev. intermediate value */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - f = state[5]; - g = state[6]; - h = state[7]; - - j = 0; - do { - W256[j] = (u_int32_t)data[3] | ((u_int32_t)data[2] << 8) | - ((u_int32_t)data[1] << 16) | ((u_int32_t)data[0] << 24); - data += 4; - /* Apply the SHA-256 compression function to update a..h */ - T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j]; - T2 = Sigma0_256(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 16); - - do { - /* Part of the message block expansion: */ - s0 = W256[(j+1)&0x0f]; - s0 = sigma0_256(s0); - s1 = W256[(j+14)&0x0f]; - s1 = sigma1_256(s1); - - /* Apply the SHA-256 compression function to update a..h */ - T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + - (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); - T2 = Sigma0_256(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 64); - - /* Compute the current intermediate hash value */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - state[5] += f; - state[6] += g; - state[7] += h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = T2 = 0; -} - -#endif /* SHA2_UNROLL_TRANSFORM */ - -void -SHA256Update(SHA2_CTX *context, const void *dataptr, size_t len) -{ - const uint8_t *data = dataptr; - size_t freespace, usedspace; - - /* Calling with no data is valid (we do nothing) */ - if (len == 0) - return; - - usedspace = (context->bitcount[0] >> 3) % SHA256_BLOCK_LENGTH; - if (usedspace > 0) { - /* Calculate how much free space is available in the buffer */ - freespace = SHA256_BLOCK_LENGTH - usedspace; - - if (len >= freespace) { - /* Fill the buffer completely and process it */ - memcpy(&context->buffer[usedspace], data, freespace); - context->bitcount[0] += freespace << 3; - len -= freespace; - data += freespace; - SHA256Transform(context->state.st32, context->buffer); - } else { - /* The buffer is not yet full */ - memcpy(&context->buffer[usedspace], data, len); - context->bitcount[0] += len << 3; - /* Clean up: */ - usedspace = freespace = 0; - return; - } - } - while (len >= SHA256_BLOCK_LENGTH) { - /* Process as many complete blocks as we can */ - SHA256Transform(context->state.st32, data); - context->bitcount[0] += SHA256_BLOCK_LENGTH << 3; - len -= SHA256_BLOCK_LENGTH; - data += SHA256_BLOCK_LENGTH; - } - if (len > 0) { - /* There's left-overs, so save 'em */ - memcpy(context->buffer, data, len); - context->bitcount[0] += len << 3; - } - /* Clean up: */ - usedspace = freespace = 0; -} - -void -SHA256Final(u_int8_t digest[], SHA2_CTX *context) -{ - unsigned int usedspace; - - usedspace = (context->bitcount[0] >> 3) % SHA256_BLOCK_LENGTH; - /* Convert FROM host byte order */ - context->bitcount[0] = htobe64(context->bitcount[0]); - if (usedspace > 0) { - /* Begin padding with a 1 bit: */ - context->buffer[usedspace++] = 0x80; - - if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) { - /* Set-up for the last transform: */ - memset(&context->buffer[usedspace], 0, - SHA256_SHORT_BLOCK_LENGTH - usedspace); - } else { - if (usedspace < SHA256_BLOCK_LENGTH) { - memset(&context->buffer[usedspace], 0, - SHA256_BLOCK_LENGTH - usedspace); - } - /* Do second-to-last transform: */ - SHA256Transform(context->state.st32, context->buffer); - - /* And set-up for the last transform: */ - memset(context->buffer, 0, - SHA256_SHORT_BLOCK_LENGTH); - } - } else { - /* Set-up for the last transform: */ - memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH); - - /* Begin padding with a 1 bit: */ - *context->buffer = 0x80; - } - /* Set the bit count: */ - *(u_int64_t *)&context->buffer[SHA256_SHORT_BLOCK_LENGTH] = context->bitcount[0]; - - /* Final transform: */ - SHA256Transform(context->state.st32, context->buffer); - - { - /* Convert TO host byte order */ - int j; - for (j = 0; j < 8; j++) { - context->state.st32[j] = le32toh(context->state.st32[j]); - } - } - memcpy(digest, context->state.st32, SHA256_DIGEST_LENGTH); - /* Clean up state data: */ - explicit_bzero(context, sizeof(*context)); - usedspace = 0; -} - - -/*** SHA-512: *********************************************************/ -void -SHA512Init(SHA2_CTX *context) -{ - memcpy(context->state.st64, sha512_initial_hash_value, - SHA512_DIGEST_LENGTH); - memset(context->buffer, 0, SHA512_BLOCK_LENGTH); - context->bitcount[0] = context->bitcount[1] = 0; -} - -#ifdef SHA2_UNROLL_TRANSFORM - -/* Unrolled SHA-512 round macros: */ - -#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) do { \ - W512[j] = (u_int64_t)data[7] | ((u_int64_t)data[6] << 8) | \ - ((u_int64_t)data[5] << 16) | ((u_int64_t)data[4] << 24) | \ - ((u_int64_t)data[3] << 32) | ((u_int64_t)data[2] << 40) | \ - ((u_int64_t)data[1] << 48) | ((u_int64_t)data[0] << 56); \ - data += 8; \ - T1 = (h) + Sigma1_512((e)) + Ch((e), (f), (g)) + K512[j] + W512[j]; \ - (d) += T1; \ - (h) = T1 + Sigma0_512((a)) + Maj((a), (b), (c)); \ - j++; \ -} while(0) - - -#define ROUND512(a,b,c,d,e,f,g,h) do { \ - s0 = W512[(j+1)&0x0f]; \ - s0 = sigma0_512(s0); \ - s1 = W512[(j+14)&0x0f]; \ - s1 = sigma1_512(s1); \ - T1 = (h) + Sigma1_512((e)) + Ch((e), (f), (g)) + K512[j] + \ - (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ - (d) += T1; \ - (h) = T1 + Sigma0_512((a)) + Maj((a), (b), (c)); \ - j++; \ -} while(0) - -void -SHA512Transform(u_int64_t *state, const u_int8_t *data) -{ - u_int64_t a, b, c, d, e, f, g, h, s0, s1; - u_int64_t T1, W512[16]; - int j; - - /* Initialize registers with the prev. intermediate value */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - f = state[5]; - g = state[6]; - h = state[7]; - - j = 0; - do { - ROUND512_0_TO_15(a,b,c,d,e,f,g,h); - ROUND512_0_TO_15(h,a,b,c,d,e,f,g); - ROUND512_0_TO_15(g,h,a,b,c,d,e,f); - ROUND512_0_TO_15(f,g,h,a,b,c,d,e); - ROUND512_0_TO_15(e,f,g,h,a,b,c,d); - ROUND512_0_TO_15(d,e,f,g,h,a,b,c); - ROUND512_0_TO_15(c,d,e,f,g,h,a,b); - ROUND512_0_TO_15(b,c,d,e,f,g,h,a); - } while (j < 16); - - /* Now for the remaining rounds up to 79: */ - do { - ROUND512(a,b,c,d,e,f,g,h); - ROUND512(h,a,b,c,d,e,f,g); - ROUND512(g,h,a,b,c,d,e,f); - ROUND512(f,g,h,a,b,c,d,e); - ROUND512(e,f,g,h,a,b,c,d); - ROUND512(d,e,f,g,h,a,b,c); - ROUND512(c,d,e,f,g,h,a,b); - ROUND512(b,c,d,e,f,g,h,a); - } while (j < 80); - - /* Compute the current intermediate hash value */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - state[5] += f; - state[6] += g; - state[7] += h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = 0; -} - -#else /* SHA2_UNROLL_TRANSFORM */ - -void -SHA512Transform(u_int64_t *state, const u_int8_t *data) -{ - u_int64_t a, b, c, d, e, f, g, h, s0, s1; - u_int64_t T1, T2, W512[16]; - int j; - - /* Initialize registers with the prev. intermediate value */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - f = state[5]; - g = state[6]; - h = state[7]; - - j = 0; - do { - W512[j] = (u_int64_t)data[7] | ((u_int64_t)data[6] << 8) | - ((u_int64_t)data[5] << 16) | ((u_int64_t)data[4] << 24) | - ((u_int64_t)data[3] << 32) | ((u_int64_t)data[2] << 40) | - ((u_int64_t)data[1] << 48) | ((u_int64_t)data[0] << 56); - data += 8; - /* Apply the SHA-512 compression function to update a..h */ - T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; - T2 = Sigma0_512(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 16); - - do { - /* Part of the message block expansion: */ - s0 = W512[(j+1)&0x0f]; - s0 = sigma0_512(s0); - s1 = W512[(j+14)&0x0f]; - s1 = sigma1_512(s1); - - /* Apply the SHA-512 compression function to update a..h */ - T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + - (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); - T2 = Sigma0_512(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 80); - - /* Compute the current intermediate hash value */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - state[5] += f; - state[6] += g; - state[7] += h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = T2 = 0; -} - -#endif /* SHA2_UNROLL_TRANSFORM */ - -void -SHA512Update(SHA2_CTX *context, const void *dataptr, size_t len) -{ - const uint8_t *data = dataptr; - size_t freespace, usedspace; - - /* Calling with no data is valid (we do nothing) */ - if (len == 0) - return; - - usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; - if (usedspace > 0) { - /* Calculate how much free space is available in the buffer */ - freespace = SHA512_BLOCK_LENGTH - usedspace; - - if (len >= freespace) { - /* Fill the buffer completely and process it */ - memcpy(&context->buffer[usedspace], data, freespace); - ADDINC128(context->bitcount, freespace << 3); - len -= freespace; - data += freespace; - SHA512Transform(context->state.st64, context->buffer); - } else { - /* The buffer is not yet full */ - memcpy(&context->buffer[usedspace], data, len); - ADDINC128(context->bitcount, len << 3); - /* Clean up: */ - usedspace = freespace = 0; - return; - } - } - while (len >= SHA512_BLOCK_LENGTH) { - /* Process as many complete blocks as we can */ - SHA512Transform(context->state.st64, data); - ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3); - len -= SHA512_BLOCK_LENGTH; - data += SHA512_BLOCK_LENGTH; - } - if (len > 0) { - /* There's left-overs, so save 'em */ - memcpy(context->buffer, data, len); - ADDINC128(context->bitcount, len << 3); - } - /* Clean up: */ - usedspace = freespace = 0; -} - -void -SHA512Last(SHA2_CTX *context) -{ - unsigned int usedspace; - - usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; - /* Convert FROM host byte order */ - context->bitcount[0] = htobe64(context->bitcount[0]); - context->bitcount[1] = htobe64(context->bitcount[1]); - if (usedspace > 0) { - /* Begin padding with a 1 bit: */ - context->buffer[usedspace++] = 0x80; - - if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) { - /* Set-up for the last transform: */ - memset(&context->buffer[usedspace], 0, - SHA512_SHORT_BLOCK_LENGTH - usedspace); - } else { - if (usedspace < SHA512_BLOCK_LENGTH) { - memset(&context->buffer[usedspace], 0, - SHA512_BLOCK_LENGTH - usedspace); - } - /* Do second-to-last transform: */ - SHA512Transform(context->state.st64, context->buffer); - - /* And set-up for the last transform: */ - memset(context->buffer, 0, SHA512_BLOCK_LENGTH - 2); - } - } else { - /* Prepare for final transform: */ - memset(context->buffer, 0, SHA512_SHORT_BLOCK_LENGTH); - - /* Begin padding with a 1 bit: */ - *context->buffer = 0x80; - } - /* Store the length of input data (in bits): */ - *(u_int64_t *)&context->buffer[SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1]; - *(u_int64_t *)&context->buffer[SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0]; - - /* Final transform: */ - SHA512Transform(context->state.st64, context->buffer); -} - -void -SHA512Final(u_int8_t digest[], SHA2_CTX *context) -{ - - SHA512Last(context); - - /* Save the hash data for output: */ - { - /* Convert TO host byte order */ - int j; - for (j = 0; j < 8; j++) { - context->state.st64[j] = be64toh(context->state.st64[j]); - } - } - memcpy(digest, context->state.st64, SHA512_DIGEST_LENGTH); - - /* Zero out state data */ - explicit_bzero(context, sizeof(*context)); -} - - -/*** SHA-384: *********************************************************/ -void -SHA384Init(SHA2_CTX *context) -{ - memcpy(context->state.st64, sha384_initial_hash_value, - SHA512_DIGEST_LENGTH); - memset(context->buffer, 0, SHA384_BLOCK_LENGTH); - context->bitcount[0] = context->bitcount[1] = 0; -} - -void -SHA384Update(SHA2_CTX *context, const void *data, size_t len) -{ - SHA512Update(context, data, len); -} - -void -SHA384Final(u_int8_t digest[], SHA2_CTX *context) -{ - - SHA512Last(context); - - /* Save the hash data for output: */ - { - /* Convert TO host byte order */ - int j; - for (j = 0; j < 6; j++) { - context->state.st64[j] = be64toh(context->state.st64[j]); - } - } - memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH); - /* Zero out state data */ - explicit_bzero(context, sizeof(*context)); -} diff --git a/src/_csrc/sha2.h b/src/_csrc/sha2.h deleted file mode 100644 index 31b3830..0000000 --- a/src/_csrc/sha2.h +++ /dev/null @@ -1,87 +0,0 @@ -/* $OpenBSD: sha2.h,v 1.5 2014/11/16 17:39:09 tedu Exp $ */ - -/* - * FILE: sha2.h - * AUTHOR: Aaron D. Gifford - * - * Copyright (c) 2000-2001, Aaron D. Gifford - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the copyright holder nor the names of contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $From: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $ - */ - -#ifndef _SHA2_H -#define _SHA2_H - - -/*** SHA-256/384/512 Various Length Definitions ***********************/ -#define SHA256_BLOCK_LENGTH 64 -#define SHA256_DIGEST_LENGTH 32 -#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) -#define SHA384_BLOCK_LENGTH 128 -#define SHA384_DIGEST_LENGTH 48 -#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1) -#define SHA512_BLOCK_LENGTH 128 -#define SHA512_DIGEST_LENGTH 64 -#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) - - -/*** SHA-256/384/512 Context Structure *******************************/ -typedef struct _SHA2_CTX { - union { - u_int32_t st32[8]; - u_int64_t st64[8]; - } state; - u_int64_t bitcount[2]; - u_int8_t buffer[SHA512_BLOCK_LENGTH]; -} SHA2_CTX; - -#ifdef __cplusplus -extern "C" { -#endif -void SHA256Init(SHA2_CTX *); -void SHA256Update(SHA2_CTX *, const void *, size_t) - __attribute__((__bounded__(__string__,2,3))); -void SHA256Final(u_int8_t[SHA256_DIGEST_LENGTH], SHA2_CTX *) - __attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH))); - -void SHA384Init(SHA2_CTX *); -void SHA384Update(SHA2_CTX *, const void *, size_t) - __attribute__((__bounded__(__string__,2,3))); -void SHA384Final(u_int8_t[SHA384_DIGEST_LENGTH], SHA2_CTX *) - __attribute__((__bounded__(__minbytes__,1,SHA384_DIGEST_LENGTH))); - -void SHA512Init(SHA2_CTX *); -void SHA512Update(SHA2_CTX *, const void *, size_t) - __attribute__((__bounded__(__string__,2,3))); -void SHA512Final(u_int8_t[SHA512_DIGEST_LENGTH], SHA2_CTX *) - __attribute__((__bounded__(__minbytes__,1,SHA512_DIGEST_LENGTH))); -#ifdef __cplusplus -} -#endif - -#endif /* _SHA2_H */ diff --git a/src/_csrc/timingsafe_bcmp.c b/src/_csrc/timingsafe_bcmp.c deleted file mode 100644 index c7b2c39..0000000 --- a/src/_csrc/timingsafe_bcmp.c +++ /dev/null @@ -1,29 +0,0 @@ -/* $OpenBSD: timingsafe_bcmp.c,v 1.1 2010/09/24 13:33:00 matthew Exp $ */ -/* - * Copyright (c) 2010 Damien Miller. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "pycabcrypt.h" - -int -timingsafe_bcmp(const void *b1, const void *b2, size_t n) -{ - const unsigned char *p1 = b1, *p2 = b2; - int ret = 0; - - for (; n > 0; n--) - ret |= *p1++ ^ *p2++; - return (ret != 0); -} diff --git a/src/bcrypt/__init__.py b/src/bcrypt/__init__.py index a9aae84..5b2fd42 100644 --- a/src/bcrypt/__init__.py +++ b/src/bcrypt/__init__.py @@ -61,8 +61,7 @@ def gensalt(rounds: int = 12, prefix: bytes = b"2b") -> bytes: raise ValueError("Invalid rounds") salt = os.urandom(16) - output = _bcrypt.ffi.new("char[]", 30) - _bcrypt.lib.encode_base64(output, salt, len(salt)) + output = _bcrypt.encode_base64(salt) return ( b"$" @@ -70,7 +69,7 @@ def gensalt(rounds: int = 12, prefix: bytes = b"2b") -> bytes: + b"$" + ("%2.2u" % rounds).encode("ascii") + b"$" - + _bcrypt.ffi.string(output) + + output ) @@ -97,11 +96,7 @@ def hashpw(password: bytes, salt: bytes) -> bytes: # passing it into the C library. original_salt, salt = salt, _normalize_re.sub(b"$2b$", salt) - hashed = _bcrypt.ffi.new("char[]", 128) - retval = _bcrypt.lib.bcrypt_hashpass(password, salt, hashed, len(hashed)) - - if retval != 0: - raise ValueError("Invalid salt") + hashed = _bcrypt.hashpass(password, salt) # Now that we've gotten our hashed password, we want to ensure that the # prefix we return is the one that was passed in, so we'll use the prefix @@ -109,7 +104,7 @@ def hashpw(password: bytes, salt: bytes) -> bytes: # the return value's prefix). This will ensure that if someone passed in a # salt with a $2y$ prefix, that they get back a hash with a $2y$ prefix # even though we munged it to $2b$. - return original_salt[:4] + _bcrypt.ffi.string(hashed)[4:] + return original_salt[:4] + hashed[4:] def checkpw(password: bytes, hashed_password: bytes) -> bool: @@ -157,15 +152,4 @@ def kdf( stacklevel=2, ) - key = _bcrypt.ffi.new("uint8_t[]", desired_key_bytes) - res = _bcrypt.lib.bcrypt_pbkdf( - password, len(password), salt, len(salt), key, len(key), rounds - ) - _bcrypt_assert(res == 0) - - return _bcrypt.ffi.buffer(key, desired_key_bytes)[:] - - -def _bcrypt_assert(ok: bool) -> None: - if not ok: - raise SystemError("bcrypt assertion failed") + return _bcrypt.pbkdf(password, salt, rounds, desired_key_bytes) diff --git a/src/bcrypt/_bcrypt.pyi b/src/bcrypt/_bcrypt.pyi index 329382a..640e913 100644 --- a/src/bcrypt/_bcrypt.pyi +++ b/src/bcrypt/_bcrypt.pyi @@ -1,4 +1,7 @@ import typing -ffi: typing.Any -lib: typing.Any +def encode_base64(data: bytes) -> bytes: ... +def hashpass(password: bytes, salt: bytes) -> bytes: ... +def pbkdf( + password: bytes, salt: bytes, rounds: int, desired_key_bytes: int +) -> bytes: ... diff --git a/src/build_bcrypt.py b/src/build_bcrypt.py deleted file mode 100644 index f401706..0000000 --- a/src/build_bcrypt.py +++ /dev/null @@ -1,46 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import os.path - -from cffi import FFI - - -BLOWFISH_DIR = os.path.join(os.path.dirname(__file__), "_csrc") - - -ffi = FFI() - -ffi.cdef( - """ -int bcrypt_hashpass(const char *, const char *, char *, size_t); -int encode_base64(char *, const uint8_t *, size_t); -int bcrypt_pbkdf(const char *, size_t, const uint8_t *, size_t, - uint8_t *, size_t, unsigned int); -int timingsafe_bcmp(const void *, const void *, size_t); -""" -) - -ffi.set_source( - "_bcrypt", - """ - #include "pycabcrypt.h" - """, - sources=[ - os.path.join(BLOWFISH_DIR, "blf.c"), - os.path.join(BLOWFISH_DIR, "bcrypt.c"), - os.path.join(BLOWFISH_DIR, "bcrypt_pbkdf.c"), - os.path.join(BLOWFISH_DIR, "sha2.c"), - os.path.join(BLOWFISH_DIR, "timingsafe_bcmp.c"), - ], - include_dirs=[BLOWFISH_DIR], -) diff --git a/tests/test_bcrypt.py b/tests/test_bcrypt.py index 0c4ac47..d3bf6a1 100644 --- a/tests/test_bcrypt.py +++ b/tests/test_bcrypt.py @@ -465,11 +465,6 @@ def test_invalid_params(password, salt, desired_key_bytes, rounds, error): bcrypt.kdf(password, salt, desired_key_bytes, rounds) -def test_bcrypt_assert(): - with pytest.raises(SystemError): - bcrypt._bcrypt_assert(False) - - def test_2a_wraparound_bug(): assert ( bcrypt.hashpw( diff --git a/tox.ini b/tox.ini index 36e4851..36ac09f 100644 --- a/tox.ini +++ b/tox.ini @@ -29,6 +29,7 @@ commands = [testenv:packaging] deps = + setuptools-rust check-manifest readme_renderer commands = -- cgit v1.2.1