diff --git a/.circleci/build-wheel.sh b/.circleci/build-wheel.sh index ebe745a7..5e2ce832 100755 --- a/.circleci/build-wheel.sh +++ b/.circleci/build-wheel.sh @@ -10,7 +10,7 @@ mkdir -p /test/wheelhouse.final "${PYBIN}"/python -m venv .venv -.venv/bin/pip install -U pip wheel cffi +.venv/bin/pip install -U pip wheel setuptools-rust .venv/bin/python setup.py sdist cd dist diff --git a/.circleci/config.yml b/.circleci/config.yml index c257ace3..dc4a0434 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -87,6 +87,14 @@ workflows: filters: tags: only: /.*/ + - linux-arm64-wheel: + name: manylinux_2_28_aarch64-wheel + image: ghcr.io/pyca/cryptography-manylinux_2_28:aarch64 + python: cp36-cp36m + platform: manylinux_2_28_aarch64 + filters: + tags: + only: /.*/ - linux-arm64-wheel: name: musllinux_1_1_aarch64-wheel image: ghcr.io/pyca/cryptography-musllinux_1_1:aarch64 diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 12301490..1597d82f 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,3 +4,10 @@ updates: directory: "/" schedule: interval: "daily" + - package-ecosystem: cargo + directory: "/src/_bcrypt/" + schedule: + interval: daily + allow: + # Also update indirect dependencies + - dependency-type: all diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 490c98ce..53cfea2a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,40 +17,67 @@ jobs: - {VERSION: "3.10", TOXENV: "py310"} name: "Python ${{ matrix.PYTHON.VERSION }} on macOS" steps: - - uses: actions/checkout@v2.4.0 + - uses: actions/checkout@v3.1.0 - name: Setup python - uses: actions/setup-python@v3 + id: setup-python + uses: actions/setup-python@v4.2.0 with: python-version: ${{ matrix.PYTHON.VERSION }} - + - uses: actions/cache@v3.0.10 + timeout-minutes: 5 + with: + path: | + ~/Library/Caches/pip/ + ~/.cargo/bin/ + ~/.cargo/registry/index/ + ~/.cargo/registry/cache/ + ~/.cargo/registry/src/ + ~/.cargo/git/db/ + src/_bcrypt/target/ + key: ${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-cargo-${{ hashFiles('**/Cargo.lock') }} - run: pip install tox - run: tox env: TOXENV: ${{ matrix.PYTHON.TOXENV }} + CARGO_TARGET_DIR: ${{ format('{0}/src/_bcrypt/target/', github.workspace) }} windows: runs-on: windows-latest strategy: matrix: WINDOWS: - - {ARCH: 'x86', WINDOWS: 'win32'} - - {ARCH: 'x64', WINDOWS: 'win64'} + - {ARCH: 'x86', WINDOWS: 'win32', RUST_TRIPLE: 'i686-pc-windows-msvc'} + - {ARCH: 'x64', WINDOWS: 'win64', RUST_TRIPLE: 'x86_64-pc-windows-msvc'} PYTHON: - {VERSION: "3.6", TOXENV: "py36"} - {VERSION: "3.10", TOXENV: "py310"} name: "Python ${{ matrix.PYTHON.VERSION }} on ${{ matrix.WINDOWS.WINDOWS }}" steps: - - uses: actions/checkout@v2.4.0 + - uses: actions/checkout@v3.1.0 - name: Setup python - uses: actions/setup-python@v3 + id: setup-python + uses: actions/setup-python@v4.2.0 with: python-version: ${{ matrix.PYTHON.VERSION }} architecture: ${{ matrix.WINDOWS.ARCH }} + - uses: actions/cache@v3.0.10 + timeout-minutes: 5 + with: + path: | + ~/AppData/Local/pip/Cache/ + ~/.cargo/bin/ + ~/.cargo/registry/index/ + ~/.cargo/registry/cache/ + ~/.cargo/registry/src/ + ~/.cargo/git/db/ + src/_bcrypt/target/ + key: ${{ runner.os }}-${{ matrix.WINDOWS.ARCH }}-${{ steps.setup-python.outputs.python-version }}-cargo-${{ hashFiles('**/Cargo.lock') }} - run: pip install tox - run: tox env: TOXENV: ${{ matrix.PYTHON.TOXENV }} + CARGO_TARGET_DIR: ${{ format('{0}/src/_bcrypt/target/', github.workspace) }} linux: runs-on: ubuntu-latest strategy: @@ -66,17 +93,40 @@ jobs: - {VERSION: "pypy-3.7", TOXENV: "pypy3"} - {VERSION: "pypy-3.8", TOXENV: "pypy3"} - {VERSION: "pypy-3.9", TOXENV: "pypy3"} - name: "${{ matrix.PYTHON.TOXENV }} on linux" + + # MSRV + - {VERSION: "3.10", TOXENV: "py310", RUST_VERSION: "1.56.0"} + - {VERSION: "3.10", TOXENV: "py310", RUST_VERSION: "beta"} + - {VERSION: "3.10", TOXENV: "py310", RUST_VERSION: "nightly"} + name: "${{ matrix.PYTHON.TOXENV }} on linux, Rust ${{ matrix.PYTHON.RUST_VERSION || 'stable' }}" steps: - - uses: actions/checkout@v2.4.0 + - uses: actions/checkout@v3.1.0 - name: Setup python - uses: actions/setup-python@v3 + id: setup-python + uses: actions/setup-python@v4.2.0 with: python-version: ${{ matrix.PYTHON.VERSION }} + - uses: actions/cache@v3.0.10 + timeout-minutes: 5 + with: + path: | + ~/.cache/pip/ + ~/.cargo/bin/ + ~/.cargo/registry/index/ + ~/.cargo/registry/cache/ + ~/.cargo/registry/src/ + ~/.cargo/git/db/ + src/_bcrypt/target/ + key: ${{ runner.os }}-${{ matrix.PYTHON.VERSION }}-${{ steps.setup-python.outputs.python-version }}-cargo-${{ hashFiles('**/Cargo.lock') }} + - uses: dtolnay/rust-toolchain@1ce4a7352a1efe5dede2e52c75512b34256e4f44 + with: + toolchain: ${{ matrix.PYTHON.RUST_VERSION || 'stable' }} + - run: pip install tox - run: tox env: TOXENV: ${{ matrix.PYTHON.TOXENV }} + CARGO_TARGET_DIR: ${{ format('{0}/src/_bcrypt/target/', github.workspace) }} linux-distros: runs-on: ubuntu-latest @@ -84,12 +134,26 @@ jobs: strategy: matrix: IMAGE: - - {IMAGE: "alpine", TOXENV: "py39"} + - {IMAGE: "alpine", TOXENV: "py310"} name: "${{ matrix.IMAGE.TOXENV }} on ${{ matrix.IMAGE.IMAGE }}" steps: - - uses: actions/checkout@v3.0.1 + - uses: actions/checkout@v3.1.0 with: persist-credentials: false + - uses: actions/cache@v3.0.10 + timeout-minutes: 5 + with: + path: | + ~/.cache/pip/ + ~/.cargo/bin/ + ~/.cargo/registry/index/ + ~/.cargo/registry/cache/ + ~/.cargo/registry/src/ + ~/.cargo/git/db/ + src/_bcrypt/target/ + key: ${{ runner.os }}-${{ matrix.IMAGE.IMAGE }}-cargo-${{ hashFiles('**/Cargo.lock') }} - run: '/venv/bin/tox' env: TOXENV: ${{ matrix.IMAGE.TOXENV }} + RUSTUP_HOME: /root/.rustup + CARGO_TARGET_DIR: ${{ format('{0}/src/_bcrypt/target/', github.workspace) }} diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index dc2557c6..71902482 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -3,6 +3,9 @@ on: schedule: - cron: '0 0 * * *' +permissions: + issues: "write" + jobs: lock: runs-on: ubuntu-latest diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml index 972ab1d9..48fe03f5 100644 --- a/.github/workflows/wheel-builder.yml +++ b/.github/workflows/wheel-builder.yml @@ -7,6 +7,12 @@ on: version: description: The version to build required: false + pull_request: + paths: + - .github/workflows/wheel-builder.yml + - setup.py + - setup.cfg + - pyproject.toml jobs: @@ -15,26 +21,44 @@ jobs: strategy: matrix: PYTHON: - - {VERSION: "cp36-cp36m", ABI_VERSION: 'cp36'} - CONTAINER: - - {IMAGE: "cryptography-manylinux2010:x86_64", NAME: "manylinux2010"} - - {IMAGE: "cryptography-manylinux2014:x86_64", NAME: "manylinux2014"} - - {IMAGE: "cryptography-manylinux_2_24:x86_64", NAME: "manylinux_2_24"} - - {IMAGE: "cryptography-musllinux_1_1:x86_64", NAME: "musllinux_1_1"} - name: "${{ matrix.PYTHON.ABI_VERSION }} ${{ matrix.CONTAINER.NAME }}" - container: ghcr.io/pyca/${{ matrix.CONTAINER.IMAGE }} + - { VERSION: "cp36-cp36m", ABI_VERSION: 'cp36' } + - { VERSION: "pp37-pypy37_pp73" } + - { VERSION: "pp38-pypy38_pp73" } + - { VERSION: "pp39-pypy39_pp73" } + MANYLINUX: + - { CONTAINER: "cryptography-manylinux2014:x86_64", NAME: "manylinux2014" } + - { CONTAINER: "cryptography-manylinux_2_24:x86_64", NAME: "manylinux_2_24" } + - { CONTAINER: "cryptography-manylinux_2_28:x86_64", NAME: "manylinux_2_28" } + - { CONTAINER: "cryptography-musllinux_1_1:x86_64", NAME: "musllinux_1_1" } + exclude: + # There are no readily available musllinux PyPy distributions + - PYTHON: { VERSION: "pp37-pypy37_pp73" } + MANYLINUX: { NAME: "musllinux_1_1", CONTAINER: "cryptography-musllinux_1_1:x86_64" } + - PYTHON: { VERSION: "pp38-pypy38_pp73" } + MANYLINUX: { NAME: "musllinux_1_1", CONTAINER: "cryptography-musllinux_1_1:x86_64"} + - PYTHON: { VERSION: "pp39-pypy39_pp73" } + MANYLINUX: { NAME: "musllinux_1_1", CONTAINER: "cryptography-musllinux_1_1:x86_64"} + name: "${{ matrix.PYTHON.VERSION }} for ${{ matrix.MANYLINUX.NAME }}" + container: ghcr.io/pyca/${{ matrix.MANYLINUX.CONTAINER }} steps: - - uses: actions/checkout@v1 # Need v1 because manylinux2010 can't run node from v2 + - uses: actions/checkout@v3.1.0 with: # The tag to build or the tag received by the tag event ref: ${{ github.event.inputs.version || github.ref }} - run: /opt/python/${{ matrix.PYTHON.VERSION }}/bin/python -m venv .venv - name: Install python dependencies - run: .venv/bin/pip install -U pip wheel cffi six + run: .venv/bin/pip install -U pip wheel setuptools-rust - name: Make sdist run: .venv/bin/python setup.py sdist - run: tar zxvf dist/bcrypt*.tar.gz && mkdir tmpwheelhouse - - run: cd bcrypt* && ../.venv/bin/python setup.py bdist_wheel --py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} && mv dist/bcrypt*.whl ../tmpwheelhouse + - name: Build the wheel + run: | + if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then + PY_LIMITED_API="--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }}" + fi + cd bcrypt* && ../.venv/bin/python setup.py bdist_wheel $PY_LIMITED_API && mv dist/bcrypt*.whl ../tmpwheelhouse + env: + RUSTUP_HOME: /root/.rustup - run: auditwheel repair tmpwheelhouse/bcrypt*.whl -w wheelhouse/ - run: .venv/bin/pip install bcrypt --no-index -f wheelhouse/ - run: | @@ -42,9 +66,9 @@ jobs: - run: mkdir bcrypt-wheelhouse - run: mv wheelhouse/bcrypt*.whl bcrypt-wheelhouse/ - - uses: actions/upload-artifact@v1 + - uses: actions/upload-artifact@v3.1.0 with: - name: "bcrypt-${{ github.event.inputs.version }}-${{ matrix.CONTAINER.NAME }} -${{ matrix.PYTHON.ABI_VERSION }}" + name: "bcrypt-${{ github.event.inputs.version }}-${{ matrix.MANYLINUX.NAME }} -${{ matrix.PYTHON.ABI_VERSION }}" path: bcrypt-wheelhouse/ macos: @@ -58,7 +82,7 @@ jobs: BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.10/bin/python3' name: "Python ${{ matrix.PYTHON.VERSION }} for ABI ${{ matrix.PYTHON.ABI_VERSION }} on macOS" steps: - - uses: actions/checkout@v2.4.0 + - uses: actions/checkout@v3.1.0 with: # The tag to build or the tag received by the tag event ref: ${{ github.event.inputs.version || github.ref }} @@ -66,8 +90,14 @@ jobs: - run: | curl "${{ matrix.PYTHON.DOWNLOAD_URL }}" -o python.pkg sudo installer -pkg python.pkg -target / + - uses: dtolnay/rust-toolchain@1ce4a7352a1efe5dede2e52c75512b34256e4f44 + with: + toolchain: stable + # Add the arm64 target in addition to the native arch (x86_64) + target: aarch64-apple-darwin + - run: ${{ matrix.PYTHON.BIN_PATH }} -m venv venv - - run: venv/bin/pip install -U pip wheel cffi six + - run: venv/bin/pip install -U pip wheel setuptools-rust - name: Make sdist run: venv/bin/python setup.py sdist - run: tar zxvf dist/bcrypt*.tar.gz && mkdir wheelhouse @@ -85,7 +115,7 @@ jobs: - run: mkdir bcrypt-wheelhouse - run: mv wheelhouse/bcrypt*.whl bcrypt-wheelhouse/ - - uses: actions/upload-artifact@v1 + - uses: actions/upload-artifact@v3.1.0 with: name: "bcrypt-${{ github.event.inputs.version }}-macOS-${{ matrix.PYTHON.ABI_VERSION }}" path: bcrypt-wheelhouse/ @@ -95,23 +125,28 @@ jobs: strategy: matrix: WINDOWS: - - 'x86' - - 'x64' + - {ARCH: 'x86', RUST_TRIPLE: 'i686-pc-windows-msvc'} + - {ARCH: 'x64', RUST_TRIPLE: 'x86_64-pc-windows-msvc'} PYTHON: - {VERSION: "3.6", ABI_VERSION: "cp36"} - name: "${{ matrix.PYTHON.VERSION }} ${{ matrix.PYTHON.ABI_VERSION }} ${{ matrix.WINDOWS}}" + name: "${{ matrix.PYTHON.VERSION }} ${{ matrix.PYTHON.ABI_VERSION }} ${{ matrix.WINDOWS.ARCH }}" steps: - - uses: actions/checkout@v2.4.0 + - uses: actions/checkout@v3.1.0 with: # The tag to build or the tag received by the tag event ref: ${{ github.event.inputs.version || github.ref }} persist-credentials: false - name: Setup python - uses: actions/setup-python@v3 + uses: actions/setup-python@v4.2.0 with: python-version: ${{ matrix.PYTHON.VERSION }} - architecture: ${{ matrix.WINDOWS }} - - run: python -m pip install -U pip wheel cffi six + architecture: ${{ matrix.WINDOWS.ARCH }} + - uses: dtolnay/rust-toolchain@1ce4a7352a1efe5dede2e52c75512b34256e4f44 + with: + toolchain: stable + target: ${{ matrix.WINDOWS.RUST_TRIPLE }} + + - run: python -m pip install -U pip wheel setuptools-rust - name: Make sdist run: python setup.py sdist - run: tar zxvf dist/bcrypt*.tar.gz && mkdir wheelhouse @@ -124,7 +159,7 @@ jobs: # TODO: can we setup another python and test in the same job? this would catch bad linking problems (e.g. build and test on py36, but then install py38 and see if it works - run: mkdir bcrypt-wheelhouse - run: move wheelhouse\bcrypt*.whl bcrypt-wheelhouse\ - - uses: actions/upload-artifact@v1 + - uses: actions/upload-artifact@v3.1.0 with: - name: "bcrypt-${{ github.event.inputs.version }}-${{ matrix.WINDOWS }}-${{ matrix.PYTHON.ABI_VERSION }}" + name: "bcrypt-${{ github.event.inputs.version }}-${{ matrix.WINDOWS.ARCH }}-${{ matrix.PYTHON.ABI_VERSION }}" path: bcrypt-wheelhouse\ diff --git a/.gitignore b/.gitignore index 8e08b14b..048903d6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ __pycache__/ *.py[co] *.so +target/ # Packages *.egg diff --git a/MANIFEST.in b/MANIFEST.in index 2e680020..b9486402 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -3,13 +3,15 @@ include LICENSE README.rst include pyproject.toml include tox.ini .coveragerc -include src/build_bcrypt.py recursive-include src py.typed *.pyi -recursive-include src/_csrc * +recursive-include src/_bcrypt Cargo.toml Cargo.lock *.rs recursive-include tests *.py exclude requirements.txt release.py mypy.ini recursive-exclude .github * recursive-exclude .circleci * + +exclude src/_bcrypt/target +recursive-exclude src/_bcrypt/target * diff --git a/README.rst b/README.rst index 84f3759d..6496b71e 100644 --- a/README.rst +++ b/README.rst @@ -8,7 +8,8 @@ bcrypt .. image:: https://github.com/pyca/bcrypt/workflows/CI/badge.svg?branch=main :target: https://github.com/pyca/bcrypt/actions?query=workflow%3ACI+branch%3Amain -Good password hashing for your software and your servers +Acceptable password hashing for your software and your servers (but you should +really use argon2id or scrypt) Installation @@ -20,35 +21,60 @@ To install bcrypt, simply: $ pip install bcrypt -Note that bcrypt should build very easily on Linux provided you have a C compiler, headers for Python (if you're not using pypy), and headers for the libffi libraries available on your system. +Note that bcrypt should build very easily on Linux provided you have a C +compiler and a Rust compiler (the minimum supported Rust version is 1.56.0). For Debian and Ubuntu, the following command will ensure that the required dependencies are installed: .. code:: bash - $ sudo apt-get install build-essential libffi-dev python-dev + $ sudo apt-get install build-essential cargo For Fedora and RHEL-derivatives, the following command will ensure that the required dependencies are installed: .. code:: bash - $ sudo yum install gcc libffi-devel python-devel + $ sudo yum install gcc cargo For Alpine, the following command will ensure that the required dependencies are installed: .. code:: bash - $ apk add --update musl-dev gcc libffi-dev + $ apk add --update musl-dev gcc cargo Alternatives ============ -While bcrypt remains a good choice for password storage depending on your specific use case you may also want to consider using scrypt (either via `standard library`_ or `cryptography`_) or argon2id via `argon2_cffi`_. +While bcrypt remains an acceptable choice for password storage, depending on your specific use case you may also want to consider using scrypt (either via `standard library`_ or `cryptography`_) or argon2id via `argon2_cffi`_. Changelog ========= +4.0.1 +----- + +* We now build PyPy ``manylinux`` wheels. +* Fixed a bug where passing an invalid ``salt`` to ``checkpw`` could result in + a ``pyo3_runtime.PanicException``. It now correctly raises a ``ValueError``. + +4.0.0 +----- + +* ``bcrypt`` is now implemented in Rust. Users building from source will need + to have a Rust compiler available. Nothing will change for users downloading + wheels. +* We no longer ship ``manylinux2010`` wheels. Users should upgrade to the latest + ``pip`` to ensure this doesn’t cause issues downloading wheels on their + platform. We now ship ``manylinux_2_28`` wheels for users on new enough platforms. +* ``NUL`` bytes are now allowed in inputs. + + +3.2.2 +----- + +* Fixed packaging of ``py.typed`` files in wheels so that ``mypy`` works. + 3.2.1 ----- diff --git a/pyproject.toml b/pyproject.toml index b3f9e6bc..be91aeda 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,9 +1,9 @@ [build-system] # Must be kept in sync with `setup_requirements` in `setup.py` requires = [ - "setuptools>=40.8.0", + "setuptools>=42.0.0", "wheel", - "cffi>=1.1; python_implementation != 'PyPy'", + "setuptools-rust", ] # Point to the setuptools' PEP517 build backend explicitly to # disable Pip's fallback guessing diff --git a/release.py b/release.py index a79f7cad..a6329bc5 100644 --- a/release.py +++ b/release.py @@ -132,8 +132,8 @@ def release(version): github_token, version ) - run("twine", "upload", "-s", *packages) run("twine", "upload", *github_actions_wheel_paths) + run("twine", "upload", "-s", *packages) if __name__ == "__main__": diff --git a/setup.cfg b/setup.cfg index 1c810855..c536d04f 100644 --- a/setup.cfg +++ b/setup.cfg @@ -5,7 +5,7 @@ description = Modern password hashing for your software and your servers long_description = file: README.rst long_description_content_type = text/x-rst license = Apache License, Version 2.0 -license_file = LICENSE +license_files = LICENSE url = https://github.com/pyca/bcrypt/ author = The Python Cryptographic Authority developers author_email = cryptography-dev@python.org @@ -24,15 +24,13 @@ classifiers = [options] python_requires = >=3.6 +include_package_data = True zip_safe = False package_dir = =src packages = bcrypt ext_package = bcrypt -# `install_requires` must be kept in sync with `pyproject.toml` -install_requires = - cffi>=1.1 [options.extras_require] tests = diff --git a/setup.py b/setup.py index bb36d743..dab1d7d8 100644 --- a/setup.py +++ b/setup.py @@ -1,14 +1,27 @@ #!/usr/bin/env python import platform +import re +import shutil +import subprocess import sys from setuptools import setup +try: + from setuptools_rust import RustExtension +except ImportError: + print( + """ + =============================DEBUG ASSISTANCE========================== + If you are seeing an error here please try the following to + successfully install bcrypt: -CFFI_MODULES = [ - "src/build_bcrypt.py:ffi", -] - + Upgrade to the latest pip and try again. This will fix errors for most + users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip + =============================DEBUG ASSISTANCE========================== + """ + ) + raise if platform.python_implementation() == "PyPy": if sys.pypy_version_info < (2, 6): @@ -18,6 +31,72 @@ ) -setup( - cffi_modules=CFFI_MODULES, -) +try: + setup( + rust_extensions=[ + RustExtension( + "_bcrypt", + "src/_bcrypt/Cargo.toml", + py_limited_api=True, + # Enable abi3 mode if we're not using PyPy. + features=( + [] + if platform.python_implementation() == "PyPy" + else ["pyo3/abi3-py36"] + ), + rust_version=">=1.56.0", + ), + ], + ) +except: # noqa: E722 + # Note: This is a bare exception that re-raises so that we don't interfere + # with anything the installation machinery might want to do. Because we + # print this for any exception this msg can appear (e.g. in verbose logs) + # even if there's no failure. For example, SetupRequirementsError is raised + # during PEP517 building and prints this text. setuptools raises SystemExit + # when compilation fails right now, but it's possible this isn't stable + # or a public API commitment so we'll remain ultra conservative. + + import pkg_resources + + print( + """ + =============================DEBUG ASSISTANCE============================= + If you are seeing a compilation error please try the following steps to + successfully install bcrypt: + 1) Upgrade to the latest pip and try again. This will fix errors for most + users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip + 2) Ensure you have a recent Rust toolchain installed. bcrypt requires + rustc >= 1.56.0. + """ + ) + print(f" Python: {'.'.join(str(v) for v in sys.version_info[:3])}") + print(f" platform: {platform.platform()}") + for dist in ["pip", "setuptools", "setuptools_rust"]: + try: + version = pkg_resources.get_distribution(dist).version + except pkg_resources.DistributionNotFound: + version = "n/a" + print(f" {dist}: {version}") + version = "n/a" + if shutil.which("rustc") is not None: + try: + # If for any reason `rustc --version` fails, silently ignore it + rustc_output = subprocess.run( + ["rustc", "--version"], + capture_output=True, + timeout=0.5, + encoding="utf8", + check=True, + ).stdout + version = re.sub("^rustc ", "", rustc_output.strip()) + except subprocess.SubprocessError: + pass + print(f" rustc: {version}") + + print( + """\ + =============================DEBUG ASSISTANCE============================= + """ + ) + raise diff --git a/src/_bcrypt/Cargo.lock b/src/_bcrypt/Cargo.lock new file mode 100644 index 00000000..404be82a --- /dev/null +++ b/src/_bcrypt/Cargo.lock @@ -0,0 +1,441 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "autocfg" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" + +[[package]] +name = "base64" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd" + +[[package]] +name = "bcrypt" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7e7c93a3fb23b2fdde989b2c9ec4dd153063ec81f408507f84c090cd91c6641" +dependencies = [ + "base64", + "blowfish", + "getrandom", + "zeroize", +] + +[[package]] +name = "bcrypt-pbkdf" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f4ef233ffa9cb9c7820b2b0e9efd0821ed180e866c9120ec9f45518659742074" +dependencies = [ + "blowfish", + "pbkdf2", + "sha2", +] + +[[package]] +name = "bcrypt-rust" +version = "0.1.0" +dependencies = [ + "base64", + "bcrypt", + "bcrypt-pbkdf", + "pyo3", +] + +[[package]] +name = "bitflags" +version = "1.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" + +[[package]] +name = "block-buffer" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69cce20737498f97b993470a6e536b8523f0af7892a4f928cceb1ac5e52ebe7e" +dependencies = [ + "generic-array", +] + +[[package]] +name = "blowfish" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e412e2cd0f2b2d93e02543ceae7917b3c70331573df19ee046bcbc35e45e87d7" +dependencies = [ + "byteorder", + "cipher", +] + +[[package]] +name = "byteorder" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "cipher" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d1873270f8f7942c191139cb8a40fd228da6c3fd2fc376d7e92d47aa14aeb59e" +dependencies = [ + "crypto-common", + "inout", +] + +[[package]] +name = "cpufeatures" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28d997bd5e24a5928dd43e46dc529867e207907fe0b239c3477d924f7f2ca320" +dependencies = [ + "libc", +] + +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "typenum", +] + +[[package]] +name = "digest" +version = "0.10.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "adfbc57365a37acbd2ebf2b64d7e69bb766e2fea813521ed536f5d0520dcf86c" +dependencies = [ + "block-buffer", + "crypto-common", + "subtle", +] + +[[package]] +name = "generic-array" +version = "0.14.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9" +dependencies = [ + "typenum", + "version_check", +] + +[[package]] +name = "getrandom" +version = "0.2.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4eb1a864a501629691edf6c15a593b7a51eebaa1e8468e9ddc623de7c9b58ec6" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "indoc" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47741a8bc60fb26eb8d6e0238bbb26d8575ff623fdc97b1a2c00c050b9684ed8" +dependencies = [ + "indoc-impl", + "proc-macro-hack", +] + +[[package]] +name = "indoc-impl" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce046d161f000fffde5f432a0d034d0341dc152643b2598ed5bfce44c4f3a8f0" +dependencies = [ + "proc-macro-hack", + "proc-macro2", + "quote", + "syn", + "unindent", +] + +[[package]] +name = "inout" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5" +dependencies = [ + "generic-array", +] + +[[package]] +name = "instant" +version = "0.1.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "libc" +version = "0.2.134" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "329c933548736bc49fd575ee68c89e8be4d260064184389a5b77517cddd99ffb" + +[[package]] +name = "lock_api" +version = "0.4.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df" +dependencies = [ + "autocfg", + "scopeguard", +] + +[[package]] +name = "once_cell" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e82dad04139b71a90c080c8463fe0dc7902db5192d939bd0950f074d014339e1" + +[[package]] +name = "parking_lot" +version = "0.11.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d17b78036a60663b797adeaee46f5c9dfebb86948d1255007a1d6be0271ff99" +dependencies = [ + "instant", + "lock_api", + "parking_lot_core", +] + +[[package]] +name = "parking_lot_core" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d76e8e1493bcac0d2766c42737f34458f1c8c50c0d23bcb24ea953affb273216" +dependencies = [ + "cfg-if", + "instant", + "libc", + "redox_syscall", + "smallvec", + "winapi", +] + +[[package]] +name = "paste" +version = "0.1.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "45ca20c77d80be666aef2b45486da86238fabe33e38306bd3118fe4af33fa880" +dependencies = [ + "paste-impl", + "proc-macro-hack", +] + +[[package]] +name = "paste-impl" +version = "0.1.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d95a7db200b97ef370c8e6de0088252f7e0dfff7d047a28528e47456c0fc98b6" +dependencies = [ + "proc-macro-hack", +] + +[[package]] +name = "pbkdf2" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "271779f35b581956db91a3e55737327a03aa051e90b1c47aeb189508533adfd7" +dependencies = [ + "digest", +] + +[[package]] +name = "proc-macro-hack" +version = "0.5.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5" + +[[package]] +name = "proc-macro2" +version = "1.0.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94e2ef8dbfc347b10c094890f778ee2e36ca9bb4262e86dc99cd217e35f3470b" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "pyo3" +version = "0.15.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d41d50a7271e08c7c8a54cd24af5d62f73ee3a6f6a314215281ebdec421d5752" +dependencies = [ + "cfg-if", + "indoc", + "libc", + "parking_lot", + "paste", + "pyo3-build-config", + "pyo3-macros", + "unindent", +] + +[[package]] +name = "pyo3-build-config" +version = "0.15.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "779239fc40b8e18bc8416d3a37d280ca9b9fb04bda54b98037bb6748595c2410" +dependencies = [ + "once_cell", +] + +[[package]] +name = "pyo3-macros" +version = "0.15.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b247e8c664be87998d8628e86f282c25066165f1f8dda66100c48202fdb93a" +dependencies = [ + "pyo3-macros-backend", + "quote", + "syn", +] + +[[package]] +name = "pyo3-macros-backend" +version = "0.15.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a8c2812c412e00e641d99eeb79dd478317d981d938aa60325dfa7157b607095" +dependencies = [ + "proc-macro2", + "pyo3-build-config", + "quote", + "syn", +] + +[[package]] +name = "quote" +version = "1.0.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbe448f377a7d6961e30f5955f9b8d106c3f5e449d493ee1b125c1d43c2b5179" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "redox_syscall" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a" +dependencies = [ + "bitflags", +] + +[[package]] +name = "scopeguard" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" + +[[package]] +name = "sha2" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "82e6b795fe2e3b1e845bafcb27aa35405c4d47cdfc92af5fc8d3002f76cebdc0" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "smallvec" +version = "1.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0" + +[[package]] +name = "subtle" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" + +[[package]] +name = "syn" +version = "1.0.102" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3fcd952facd492f9be3ef0d0b7032a6e442ee9b361d4acc2b1d0c4aaa5f613a1" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "typenum" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dcf81ac59edc17cc8697ff311e8f5ef2d99fcbd9817b34cec66f90b6c3dfd987" + +[[package]] +name = "unicode-ident" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dcc811dc4066ac62f84f11307873c4850cb653bfa9b1719cee2bd2204a4bc5dd" + +[[package]] +name = "unindent" +version = "0.1.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "58ee9362deb4a96cef4d437d1ad49cffc9b9e92d202b6995674e928ce684f112" + +[[package]] +name = "version_check" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" + +[[package]] +name = "wasi" +version = "0.11.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "zeroize" +version = "1.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f" diff --git a/src/_bcrypt/Cargo.toml b/src/_bcrypt/Cargo.toml new file mode 100644 index 00000000..6c751268 --- /dev/null +++ b/src/_bcrypt/Cargo.toml @@ -0,0 +1,24 @@ +[package] +name = "bcrypt-rust" +version = "0.1.0" +authors = ["The bcrypt developers "] +edition = "2018" +publish = false + +[dependencies] +pyo3 = { version = "0.15.2" } +bcrypt = "0.13" +bcrypt-pbkdf = "0.8.1" +base64 = "0.13.0" + +[features] +extension-module = ["pyo3/extension-module"] +default = ["extension-module"] + +[lib] +name = "bcrypt_rust" +crate-type = ["cdylib"] + +[profile.release] +lto = "thin" +overflow-checks = true diff --git a/src/_bcrypt/src/lib.rs b/src/_bcrypt/src/lib.rs new file mode 100644 index 00000000..b323e326 --- /dev/null +++ b/src/_bcrypt/src/lib.rs @@ -0,0 +1,84 @@ +// This file is dual licensed under the terms of the Apache License, Version +// 2.0, and the BSD License. See the LICENSE file in the root of this repository +// for complete details. + +#![deny(rust_2018_idioms)] + +use std::convert::TryInto; + +#[pyo3::prelude::pyfunction] +fn encode_base64<'p>(py: pyo3::Python<'p>, data: &[u8]) -> &'p pyo3::types::PyBytes { + let output = base64::encode_config(data, base64::BCRYPT); + pyo3::types::PyBytes::new(py, output.as_bytes()) +} + +#[pyo3::prelude::pyfunction] +fn hashpass<'p>( + py: pyo3::Python<'p>, + password: &[u8], + salt: &[u8], +) -> pyo3::PyResult<&'p pyo3::types::PyBytes> { + // salt here is not just the salt bytes, but rather an encoded value + // containing a version number, number of rounds, and the salt. + // Should be [prefix, cost, hash]. This logic is copied from `bcrypt` + let raw_parts: Vec<_> = salt + .split(|&b| b == b'$') + .filter(|s| !s.is_empty()) + .collect(); + if raw_parts.len() != 3 { + return Err(pyo3::exceptions::PyValueError::new_err("Invalid salt")); + } + let version = match raw_parts[0] { + b"2y" => bcrypt::Version::TwoY, + b"2b" => bcrypt::Version::TwoB, + b"2a" => bcrypt::Version::TwoA, + b"2x" => bcrypt::Version::TwoX, + _ => { + return Err(pyo3::exceptions::PyValueError::new_err("Invalid salt")); + } + }; + let cost = std::str::from_utf8(raw_parts[1]) + .map_err(|_| pyo3::exceptions::PyValueError::new_err("Invalid salt"))? + .parse::() + .map_err(|_| pyo3::exceptions::PyValueError::new_err("Invalid salt"))?; + // The last component can contain either just the salt, or the salt and + // the result hash, depending on if the `salt` value come from `hashpw` or + // `gensalt`. + let raw_salt = base64::decode_config(&raw_parts[2][..22], base64::BCRYPT) + .map_err(|_| pyo3::exceptions::PyValueError::new_err("Invalid salt"))? + .try_into() + .map_err(|_| pyo3::exceptions::PyValueError::new_err("Invalid salt"))?; + + let hashed = py + .allow_threads(|| bcrypt::hash_with_salt(password, cost, raw_salt)) + .map_err(|_| pyo3::exceptions::PyValueError::new_err("Invalid salt"))?; + Ok(pyo3::types::PyBytes::new( + py, + hashed.format_for_version(version).as_bytes(), + )) +} + +#[pyo3::prelude::pyfunction] +fn pbkdf<'p>( + py: pyo3::Python<'p>, + password: &[u8], + salt: &[u8], + rounds: u32, + desired_key_bytes: usize, +) -> pyo3::PyResult<&'p pyo3::types::PyBytes> { + pyo3::types::PyBytes::new_with(py, desired_key_bytes, |output| { + py.allow_threads(|| { + bcrypt_pbkdf::bcrypt_pbkdf(password, salt, rounds, output).unwrap(); + }); + Ok(()) + }) +} + +#[pyo3::prelude::pymodule] +fn _bcrypt(_py: pyo3::Python<'_>, m: &pyo3::types::PyModule) -> pyo3::PyResult<()> { + m.add_function(pyo3::wrap_pyfunction!(encode_base64, m)?)?; + m.add_function(pyo3::wrap_pyfunction!(hashpass, m)?)?; + m.add_function(pyo3::wrap_pyfunction!(pbkdf, m)?)?; + + Ok(()) +} diff --git a/src/_csrc/bcrypt.c b/src/_csrc/bcrypt.c deleted file mode 100644 index a773602a..00000000 --- a/src/_csrc/bcrypt.c +++ /dev/null @@ -1,274 +0,0 @@ -/* $OpenBSD: bcrypt.c,v 1.55 2015/09/13 15:33:48 guenther Exp $ */ - -/* - * Copyright (c) 2014 Ted Unangst - * Copyright (c) 1997 Niels Provos - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ -/* This password hashing algorithm was designed by David Mazieres - * and works as follows: - * - * 1. state := InitState () - * 2. state := ExpandKey (state, salt, password) - * 3. REPEAT rounds: - * state := ExpandKey (state, 0, password) - * state := ExpandKey (state, 0, salt) - * 4. ctext := "OrpheanBeholderScryDoubt" - * 5. REPEAT 64: - * ctext := Encrypt_ECB (state, ctext); - * 6. RETURN Concatenate (salt, ctext); - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include "pycabcrypt.h" - -/* This implementation is adaptable to current computing power. - * You can have up to 2^31 rounds which should be enough for some - * time to come. - */ - -#define BCRYPT_VERSION '2' -#define BCRYPT_MAXSALT 16 /* Precomputation is just so nice */ -#define BCRYPT_WORDS 6 /* Ciphertext words */ -#define BCRYPT_MINLOGROUNDS 4 /* we have log2(rounds) in salt */ - -#define BCRYPT_SALTSPACE (7 + (BCRYPT_MAXSALT * 4 + 2) / 3 + 1) -#define BCRYPT_HASHSPACE 61 - -char *bcrypt_gensalt(u_int8_t); - -int encode_base64(char *, const u_int8_t *, size_t); -static int decode_base64(u_int8_t *, size_t, const char *); - -/* - * the core bcrypt function - */ -int -bcrypt_hashpass(const char *key, const char *salt, char *encrypted, - size_t encryptedlen) -{ - blf_ctx state; - u_int32_t rounds, i, k; - u_int16_t j; - size_t key_len; - u_int8_t salt_len, logr, minor; - u_int8_t ciphertext[4 * BCRYPT_WORDS] = "OrpheanBeholderScryDoubt"; - u_int8_t csalt[BCRYPT_MAXSALT]; - u_int32_t cdata[BCRYPT_WORDS]; - - if (encryptedlen < BCRYPT_HASHSPACE) - goto inval; - - /* Check and discard "$" identifier */ - if (salt[0] != '$') - goto inval; - salt += 1; - - if (salt[0] != BCRYPT_VERSION) - goto inval; - - /* Check for minor versions */ - switch ((minor = salt[1])) { - case 'a': - key_len = (u_int8_t)(strlen(key) + 1); - break; - case 'b': - /* strlen() returns a size_t, but the function calls - * below result in implicit casts to a narrower integer - * type, so cap key_len at the actual maximum supported - * length here to avoid integer wraparound */ - key_len = strlen(key); - if (key_len > 72) - key_len = 72; - key_len++; /* include the NUL */ - break; - default: - goto inval; - } - if (salt[2] != '$') - goto inval; - /* Discard version + "$" identifier */ - salt += 3; - - /* Check and parse num rounds */ - if (!isdigit((unsigned char)salt[0]) || - !isdigit((unsigned char)salt[1]) || salt[2] != '$') - goto inval; - logr = (salt[1] - '0') + ((salt[0] - '0') * 10); - if (logr < BCRYPT_MINLOGROUNDS || logr > 31) - goto inval; - /* Computer power doesn't increase linearly, 2^x should be fine */ - rounds = 1U << logr; - - /* Discard num rounds + "$" identifier */ - salt += 3; - - if (strlen(salt) * 3 / 4 < BCRYPT_MAXSALT) - goto inval; - - /* We dont want the base64 salt but the raw data */ - if (decode_base64(csalt, BCRYPT_MAXSALT, salt)) - goto inval; - salt_len = BCRYPT_MAXSALT; - - /* Setting up S-Boxes and Subkeys */ - Blowfish_initstate(&state); - Blowfish_expandstate(&state, csalt, salt_len, - (u_int8_t *) key, key_len); - for (k = 0; k < rounds; k++) { - Blowfish_expand0state(&state, (u_int8_t *) key, key_len); - Blowfish_expand0state(&state, csalt, salt_len); - } - - /* This can be precomputed later */ - j = 0; - for (i = 0; i < BCRYPT_WORDS; i++) - cdata[i] = Blowfish_stream2word(ciphertext, 4 * BCRYPT_WORDS, &j); - - /* Now do the encryption */ - for (k = 0; k < 64; k++) - blf_enc(&state, cdata, BCRYPT_WORDS / 2); - - for (i = 0; i < BCRYPT_WORDS; i++) { - ciphertext[4 * i + 3] = cdata[i] & 0xff; - cdata[i] = cdata[i] >> 8; - ciphertext[4 * i + 2] = cdata[i] & 0xff; - cdata[i] = cdata[i] >> 8; - ciphertext[4 * i + 1] = cdata[i] & 0xff; - cdata[i] = cdata[i] >> 8; - ciphertext[4 * i + 0] = cdata[i] & 0xff; - } - - - snprintf(encrypted, 8, "$2%c$%2.2u$", minor, logr); - encode_base64(encrypted + 7, csalt, BCRYPT_MAXSALT); - encode_base64(encrypted + 7 + 22, ciphertext, 4 * BCRYPT_WORDS - 1); - explicit_bzero(&state, sizeof(state)); - explicit_bzero(ciphertext, sizeof(ciphertext)); - explicit_bzero(csalt, sizeof(csalt)); - explicit_bzero(cdata, sizeof(cdata)); - return 0; - -inval: - errno = EINVAL; - return -1; -} - -/* - * internal utilities - */ -static const u_int8_t Base64Code[] = -"./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; - -static const u_int8_t index_64[128] = { - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 0, 1, 54, 55, - 56, 57, 58, 59, 60, 61, 62, 63, 255, 255, - 255, 255, 255, 255, 255, 2, 3, 4, 5, 6, - 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, - 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, - 255, 255, 255, 255, 255, 255, 28, 29, 30, - 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, - 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, - 51, 52, 53, 255, 255, 255, 255, 255 -}; -#define CHAR64(c) ( (c) > 127 ? 255 : index_64[(c)]) - -/* - * read buflen (after decoding) bytes of data from b64data - */ -static int -decode_base64(u_int8_t *buffer, size_t len, const char *b64data) -{ - u_int8_t *bp = buffer; - const u_int8_t *p = b64data; - u_int8_t c1, c2, c3, c4; - - while (bp < buffer + len) { - c1 = CHAR64(*p); - /* Invalid data */ - if (c1 == 255) - return -1; - - c2 = CHAR64(*(p + 1)); - if (c2 == 255) - return -1; - - *bp++ = (c1 << 2) | ((c2 & 0x30) >> 4); - if (bp >= buffer + len) - break; - - c3 = CHAR64(*(p + 2)); - if (c3 == 255) - return -1; - - *bp++ = ((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2); - if (bp >= buffer + len) - break; - - c4 = CHAR64(*(p + 3)); - if (c4 == 255) - return -1; - *bp++ = ((c3 & 0x03) << 6) | c4; - - p += 4; - } - return 0; -} - -/* - * Turn len bytes of data into base64 encoded data. - * This works without = padding. - */ -int -encode_base64(char *b64buffer, const u_int8_t *data, size_t len) -{ - u_int8_t *bp = b64buffer; - const u_int8_t *p = data; - u_int8_t c1, c2; - - while (p < data + len) { - c1 = *p++; - *bp++ = Base64Code[(c1 >> 2)]; - c1 = (c1 & 0x03) << 4; - if (p >= data + len) { - *bp++ = Base64Code[c1]; - break; - } - c2 = *p++; - c1 |= (c2 >> 4) & 0x0f; - *bp++ = Base64Code[c1]; - c1 = (c2 & 0x0f) << 2; - if (p >= data + len) { - *bp++ = Base64Code[c1]; - break; - } - c2 = *p++; - c1 |= (c2 >> 6) & 0x03; - *bp++ = Base64Code[c1]; - *bp++ = Base64Code[c2 & 0x3f]; - } - *bp = '\0'; - return 0; -} diff --git a/src/_csrc/bcrypt_pbkdf.c b/src/_csrc/bcrypt_pbkdf.c deleted file mode 100644 index 306d7e77..00000000 --- a/src/_csrc/bcrypt_pbkdf.c +++ /dev/null @@ -1,168 +0,0 @@ -/* $OpenBSD: bcrypt_pbkdf.c,v 1.13 2015/01/12 03:20:04 tedu Exp $ */ -/* - * Copyright (c) 2013 Ted Unangst - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include -#include - -#include "pycabcrypt.h" -#include "blf.h" -#include "sha2.h" - -#define MINIMUM(a,b) (((a) < (b)) ? (a) : (b)) - -/* - * pkcs #5 pbkdf2 implementation using the "bcrypt" hash - * - * The bcrypt hash function is derived from the bcrypt password hashing - * function with the following modifications: - * 1. The input password and salt are preprocessed with SHA512. - * 2. The output length is expanded to 256 bits. - * 3. Subsequently the magic string to be encrypted is lengthened and modifed - * to "OxychromaticBlowfishSwatDynamite" - * 4. The hash function is defined to perform 64 rounds of initial state - * expansion. (More rounds are performed by iterating the hash.) - * - * Note that this implementation pulls the SHA512 operations into the caller - * as a performance optimization. - * - * One modification from official pbkdf2. Instead of outputting key material - * linearly, we mix it. pbkdf2 has a known weakness where if one uses it to - * generate (e.g.) 512 bits of key material for use as two 256 bit keys, an - * attacker can merely run once through the outer loop, but the user - * always runs it twice. Shuffling output bytes requires computing the - * entirety of the key material to assemble any subkey. This is something a - * wise caller could do; we just do it for you. - */ - -#define BCRYPT_WORDS 8 -#define BCRYPT_HASHSIZE (BCRYPT_WORDS * 4) - -static void -bcrypt_hash(uint8_t *sha2pass, uint8_t *sha2salt, uint8_t *out) -{ - blf_ctx state; - uint8_t ciphertext[BCRYPT_HASHSIZE] = - "OxychromaticBlowfishSwatDynamite"; - uint32_t cdata[BCRYPT_WORDS]; - int i; - uint16_t j; - size_t shalen = SHA512_DIGEST_LENGTH; - - /* key expansion */ - Blowfish_initstate(&state); - Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen); - for (i = 0; i < 64; i++) { - Blowfish_expand0state(&state, sha2salt, shalen); - Blowfish_expand0state(&state, sha2pass, shalen); - } - - /* encryption */ - j = 0; - for (i = 0; i < BCRYPT_WORDS; i++) - cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext), - &j); - for (i = 0; i < 64; i++) - blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t)); - - /* copy out */ - for (i = 0; i < BCRYPT_WORDS; i++) { - out[4 * i + 3] = (cdata[i] >> 24) & 0xff; - out[4 * i + 2] = (cdata[i] >> 16) & 0xff; - out[4 * i + 1] = (cdata[i] >> 8) & 0xff; - out[4 * i + 0] = cdata[i] & 0xff; - } - - /* zap */ - explicit_bzero(ciphertext, sizeof(ciphertext)); - explicit_bzero(cdata, sizeof(cdata)); - explicit_bzero(&state, sizeof(state)); -} - -int -bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, - uint8_t *key, size_t keylen, unsigned int rounds) -{ - SHA2_CTX ctx; - uint8_t sha2pass[SHA512_DIGEST_LENGTH]; - uint8_t sha2salt[SHA512_DIGEST_LENGTH]; - uint8_t out[BCRYPT_HASHSIZE]; - uint8_t tmpout[BCRYPT_HASHSIZE]; - uint8_t countsalt[4]; - size_t i, j, amt, stride; - uint32_t count; - size_t origkeylen = keylen; - - /* nothing crazy */ - if (rounds < 1) - return -1; - if (passlen == 0 || saltlen == 0 || keylen == 0 || - keylen > sizeof(out) * sizeof(out)) - return -1; - stride = (keylen + sizeof(out) - 1) / sizeof(out); - amt = (keylen + stride - 1) / stride; - - /* collapse password */ - SHA512Init(&ctx); - SHA512Update(&ctx, pass, passlen); - SHA512Final(sha2pass, &ctx); - - - /* generate key, sizeof(out) at a time */ - for (count = 1; keylen > 0; count++) { - countsalt[0] = (count >> 24) & 0xff; - countsalt[1] = (count >> 16) & 0xff; - countsalt[2] = (count >> 8) & 0xff; - countsalt[3] = count & 0xff; - - /* first round, salt is salt */ - SHA512Init(&ctx); - SHA512Update(&ctx, salt, saltlen); - SHA512Update(&ctx, countsalt, sizeof(countsalt)); - SHA512Final(sha2salt, &ctx); - bcrypt_hash(sha2pass, sha2salt, tmpout); - memcpy(out, tmpout, sizeof(out)); - - for (i = 1; i < rounds; i++) { - /* subsequent rounds, salt is previous output */ - SHA512Init(&ctx); - SHA512Update(&ctx, tmpout, sizeof(tmpout)); - SHA512Final(sha2salt, &ctx); - bcrypt_hash(sha2pass, sha2salt, tmpout); - for (j = 0; j < sizeof(out); j++) - out[j] ^= tmpout[j]; - } - - /* - * pbkdf2 deviation: output the key material non-linearly. - */ - amt = MINIMUM(amt, keylen); - for (i = 0; i < amt; i++) { - size_t dest = i * stride + (count - 1); - if (dest >= origkeylen) - break; - key[dest] = out[i]; - } - keylen -= i; - } - - /* zap */ - explicit_bzero(&ctx, sizeof(ctx)); - explicit_bzero(out, sizeof(out)); - - return 0; -} diff --git a/src/_csrc/blf.c b/src/_csrc/blf.c deleted file mode 100644 index 5d27728d..00000000 --- a/src/_csrc/blf.c +++ /dev/null @@ -1,654 +0,0 @@ -/* $OpenBSD: blf.c,v 1.7 2007/11/26 09:28:34 martynas Exp $ */ - -/* - * Blowfish block cipher for OpenBSD - * Copyright 1997 Niels Provos - * All rights reserved. - * - * Implementation advice by David Mazieres . - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This code is derived from section 14.3 and the given source - * in section V of Applied Cryptography, second edition. - * Blowfish is an unpatented fast block cipher designed by - * Bruce Schneier. - */ - -#include - -#include "blf.h" - -#undef inline -#ifdef __GNUC__ -#define inline __inline -#else /* !__GNUC__ */ -#define inline -#endif /* !__GNUC__ */ - -/* Function for Feistel Networks */ - -#define F(s, x) ((((s)[ (((x)>>24)&0xFF)] \ - + (s)[0x100 + (((x)>>16)&0xFF)]) \ - ^ (s)[0x200 + (((x)>> 8)&0xFF)]) \ - + (s)[0x300 + ( (x) &0xFF)]) - -#define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n]) - -void -Blowfish_encipher(blf_ctx *c, u_int32_t *x) -{ - u_int32_t Xl; - u_int32_t Xr; - u_int32_t *s = c->S[0]; - u_int32_t *p = c->P; - - Xl = x[0]; - Xr = x[1]; - - Xl ^= p[0]; - BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2); - BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4); - BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6); - BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8); - BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10); - BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12); - BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14); - BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16); - - x[0] = Xr ^ p[17]; - x[1] = Xl; -} - -void -Blowfish_decipher(blf_ctx *c, u_int32_t *x) -{ - u_int32_t Xl; - u_int32_t Xr; - u_int32_t *s = c->S[0]; - u_int32_t *p = c->P; - - Xl = x[0]; - Xr = x[1]; - - Xl ^= p[17]; - BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15); - BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13); - BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11); - BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9); - BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7); - BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5); - BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3); - BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1); - - x[0] = Xr ^ p[0]; - x[1] = Xl; -} - -void -Blowfish_initstate(blf_ctx *c) -{ - /* P-box and S-box tables initialized with digits of Pi */ - - static const blf_ctx initstate = - - { { - { - 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, - 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, - 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, - 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, - 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, - 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, - 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, - 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, - 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, - 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, - 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, - 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, - 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, - 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, - 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, - 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, - 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, - 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, - 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, - 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, - 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, - 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, - 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, - 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, - 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, - 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, - 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, - 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, - 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, - 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, - 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, - 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, - 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, - 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, - 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, - 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, - 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, - 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, - 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, - 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, - 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, - 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, - 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, - 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, - 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, - 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, - 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, - 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, - 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, - 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, - 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, - 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, - 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, - 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, - 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, - 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, - 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, - 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, - 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, - 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, - 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, - 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, - 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, - 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a}, - { - 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, - 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, - 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, - 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, - 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, - 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, - 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, - 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, - 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, - 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, - 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, - 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, - 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, - 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, - 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, - 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, - 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, - 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, - 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, - 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, - 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, - 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, - 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, - 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, - 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, - 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, - 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, - 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, - 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, - 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, - 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, - 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, - 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, - 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, - 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, - 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, - 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, - 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, - 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, - 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, - 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, - 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, - 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, - 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, - 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, - 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, - 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, - 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, - 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, - 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, - 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, - 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, - 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, - 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, - 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, - 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, - 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, - 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, - 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, - 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, - 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, - 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, - 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, - 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7}, - { - 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, - 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, - 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, - 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, - 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, - 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, - 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, - 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, - 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, - 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, - 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, - 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, - 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, - 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, - 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, - 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, - 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, - 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, - 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, - 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, - 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, - 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, - 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, - 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, - 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, - 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, - 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, - 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, - 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, - 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, - 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, - 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, - 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, - 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, - 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, - 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, - 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, - 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, - 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, - 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, - 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, - 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, - 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, - 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, - 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, - 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, - 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, - 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, - 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, - 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, - 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, - 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, - 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, - 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, - 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, - 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, - 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, - 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, - 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, - 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, - 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, - 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, - 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, - 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0}, - { - 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, - 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, - 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, - 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, - 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, - 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, - 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, - 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, - 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, - 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, - 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, - 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, - 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, - 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, - 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, - 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, - 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, - 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, - 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, - 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, - 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, - 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, - 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, - 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, - 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, - 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, - 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, - 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, - 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, - 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, - 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, - 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, - 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, - 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, - 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, - 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, - 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, - 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, - 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, - 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, - 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, - 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, - 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, - 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, - 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, - 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, - 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, - 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, - 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, - 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, - 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, - 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, - 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, - 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, - 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, - 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, - 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, - 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, - 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, - 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, - 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, - 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, - 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, - 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6} - }, - { - 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, - 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89, - 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, - 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, - 0x9216d5d9, 0x8979fb1b - } }; - - *c = initstate; -} - -u_int32_t -Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes, - u_int16_t *current) -{ - u_int8_t i; - u_int16_t j; - u_int32_t temp; - - temp = 0x00000000; - j = *current; - - for (i = 0; i < 4; i++, j++) { - if (j >= databytes) - j = 0; - temp = (temp << 8) | data[j]; - } - - *current = j; - return temp; -} - -void -Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes) -{ - u_int16_t i; - u_int16_t j; - u_int16_t k; - u_int32_t temp; - u_int32_t data[2]; - - j = 0; - for (i = 0; i < BLF_N + 2; i++) { - /* Extract 4 int8 to 1 int32 from keystream */ - temp = Blowfish_stream2word(key, keybytes, &j); - c->P[i] = c->P[i] ^ temp; - } - - j = 0; - data[0] = 0x00000000; - data[1] = 0x00000000; - for (i = 0; i < BLF_N + 2; i += 2) { - Blowfish_encipher(c, data); - - c->P[i] = data[0]; - c->P[i + 1] = data[1]; - } - - for (i = 0; i < 4; i++) { - for (k = 0; k < 256; k += 2) { - Blowfish_encipher(c, data); - - c->S[i][k] = data[0]; - c->S[i][k + 1] = data[1]; - } - } -} - - -void -Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes, - const u_int8_t *key, u_int16_t keybytes) -{ - u_int16_t i; - u_int16_t j; - u_int16_t k; - u_int32_t temp; - u_int32_t d[2]; - - j = 0; - for (i = 0; i < BLF_N + 2; i++) { - /* Extract 4 int8 to 1 int32 from keystream */ - temp = Blowfish_stream2word(key, keybytes, &j); - c->P[i] = c->P[i] ^ temp; - } - - j = 0; - d[0] = 0x00000000; - d[1] = 0x00000000; - for (i = 0; i < BLF_N + 2; i += 2) { - d[0] ^= Blowfish_stream2word(data, databytes, &j); - d[1] ^= Blowfish_stream2word(data, databytes, &j); - Blowfish_encipher(c, d); - - c->P[i] = d[0]; - c->P[i + 1] = d[1]; - } - - for (i = 0; i < 4; i++) { - for (k = 0; k < 256; k += 2) { - d[0]^= Blowfish_stream2word(data, databytes, &j); - d[1] ^= Blowfish_stream2word(data, databytes, &j); - Blowfish_encipher(c, d); - - c->S[i][k] = d[0]; - c->S[i][k + 1] = d[1]; - } - } - -} - -void -blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len) -{ - /* Initialize S-boxes and subkeys with Pi */ - Blowfish_initstate(c); - - /* Transform S-boxes and subkeys with key */ - Blowfish_expand0state(c, k, len); -} - -void -blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks) -{ - u_int32_t *d; - u_int16_t i; - - d = data; - for (i = 0; i < blocks; i++) { - Blowfish_encipher(c, d); - d += 2; - } -} - -void -blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks) -{ - u_int32_t *d; - u_int16_t i; - - d = data; - for (i = 0; i < blocks; i++) { - Blowfish_decipher(c, d); - d += 2; - } -} - -void -blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) -{ - u_int32_t l, r, d[2]; - u_int32_t i; - - for (i = 0; i < len; i += 8) { - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - d[0] = l; - d[1] = r; - Blowfish_encipher(c, d); - l = d[0]; - r = d[1]; - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - data += 8; - } -} - -void -blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) -{ - u_int32_t l, r, d[2]; - u_int32_t i; - - for (i = 0; i < len; i += 8) { - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - d[0] = l; - d[1] = r; - Blowfish_decipher(c, d); - l = d[0]; - r = d[1]; - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - data += 8; - } -} - -void -blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len) -{ - u_int32_t l, r, d[2]; - u_int32_t i, j; - - for (i = 0; i < len; i += 8) { - for (j = 0; j < 8; j++) - data[j] ^= iv[j]; - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - d[0] = l; - d[1] = r; - Blowfish_encipher(c, d); - l = d[0]; - r = d[1]; - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - iv = data; - data += 8; - } -} - -void -blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len) -{ - u_int32_t l, r, d[2]; - u_int8_t *iv; - u_int32_t i, j; - - iv = data + len - 16; - data = data + len - 8; - for (i = len - 8; i >= 8; i -= 8) { - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - d[0] = l; - d[1] = r; - Blowfish_decipher(c, d); - l = d[0]; - r = d[1]; - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - for (j = 0; j < 8; j++) - data[j] ^= iv[j]; - iv -= 8; - data -= 8; - } - l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; - r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; - d[0] = l; - d[1] = r; - Blowfish_decipher(c, d); - l = d[0]; - r = d[1]; - data[0] = l >> 24 & 0xff; - data[1] = l >> 16 & 0xff; - data[2] = l >> 8 & 0xff; - data[3] = l & 0xff; - data[4] = r >> 24 & 0xff; - data[5] = r >> 16 & 0xff; - data[6] = r >> 8 & 0xff; - data[7] = r & 0xff; - for (j = 0; j < 8; j++) - data[j] ^= iva[j]; -} diff --git a/src/_csrc/blf.h b/src/_csrc/blf.h deleted file mode 100644 index c47b33b1..00000000 --- a/src/_csrc/blf.h +++ /dev/null @@ -1,81 +0,0 @@ -/* $OpenBSD: blf.h,v 1.6 2007/02/21 19:25:40 grunk Exp $ */ - -/* - * Blowfish - a fast block cipher designed by Bruce Schneier - * - * Copyright 1997 Niels Provos - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _BLF_H_ -#define _BLF_H_ - -#include "pycabcrypt.h" - -/* Schneier states the maximum key length to be 56 bytes. - * The way how the subkeys are initialized by the key up - * to (N+2)*4 i.e. 72 bytes are utilized. - * Warning: For normal blowfish encryption only 56 bytes - * of the key affect all cipherbits. - */ - -#define BLF_N 16 /* Number of Subkeys */ -#define BLF_MAXKEYLEN ((BLF_N-2)*4) /* 448 bits */ -#define BLF_MAXUTILIZED ((BLF_N+2)*4) /* 576 bits */ - -/* Blowfish context */ -typedef struct BlowfishContext { - u_int32_t S[4][256]; /* S-Boxes */ - u_int32_t P[BLF_N + 2]; /* Subkeys */ -} blf_ctx; - -/* Raw access to customized Blowfish - * blf_key is just: - * Blowfish_initstate( state ) - * Blowfish_expand0state( state, key, keylen ) - */ - -void Blowfish_encipher(blf_ctx *, u_int32_t *); -void Blowfish_decipher(blf_ctx *, u_int32_t *); -void Blowfish_initstate(blf_ctx *); -void Blowfish_expand0state(blf_ctx *, const u_int8_t *, u_int16_t); -void Blowfish_expandstate(blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t); - -/* Standard Blowfish */ - -void blf_key(blf_ctx *, const u_int8_t *, u_int16_t); -void blf_enc(blf_ctx *, u_int32_t *, u_int16_t); -void blf_dec(blf_ctx *, u_int32_t *, u_int16_t); - -/* Converts u_int8_t to u_int32_t */ -u_int32_t Blowfish_stream2word(const u_int8_t *, u_int16_t , - u_int16_t *); - -void blf_ecb_encrypt(blf_ctx *, u_int8_t *, u_int32_t); -void blf_ecb_decrypt(blf_ctx *, u_int8_t *, u_int32_t); - -void blf_cbc_encrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); -void blf_cbc_decrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); -#endif diff --git a/src/_csrc/portable_endian.h b/src/_csrc/portable_endian.h deleted file mode 100644 index d900688d..00000000 --- a/src/_csrc/portable_endian.h +++ /dev/null @@ -1,238 +0,0 @@ -// "License": Public Domain -// I, Mathias Panzenböck, place this file hereby into the public domain. Use it at your own risk for whatever you like. -// In case there are jurisdictions that don't support putting things in the public domain you can also consider it to -// be "dual licensed" under the BSD, MIT and Apache licenses, if you want to. This code is trivial anyway. Consider it -// an example on how to get the endian conversion functions on different platforms. - -#ifndef PORTABLE_ENDIAN_H__ -#define PORTABLE_ENDIAN_H__ - -#if (defined(_WIN16) || defined(_WIN32) || defined(_WIN64)) && !defined(__WINDOWS__) - -# define __WINDOWS__ - -#endif - -#if defined(__linux__) || defined(__CYGWIN__) -/* Define necessary macros for the header to expose all fields. */ -# if !defined(_BSD_SOURCE) -# define _BSD_SOURCE -# endif -# if !defined(__USE_BSD) -# define __USE_BSD -# endif -# if !defined(_DEFAULT_SOURCE) -# define _DEFAULT_SOURCE -# endif -# include -# include -/* See http://linux.die.net/man/3/endian */ -# if defined(htobe16) && defined(htole16) && defined(be16toh) && defined(le16toh) && defined(htobe32) && defined(htole32) && defined(be32toh) && defined(htole32) && defined(htobe64) && defined(htole64) && defined(be64) && defined(le64) -/* Do nothing. The macros we need already exist. */ -# elif !defined(__GLIBC__) || !defined(__GLIBC_MINOR__) || ((__GLIBC__ < 2) || ((__GLIBC__ == 2) && (__GLIBC_MINOR__ < 9))) -# include -# if defined(__BYTE_ORDER) && (__BYTE_ORDER == __LITTLE_ENDIAN) -# define htobe16(x) htons(x) -# define htole16(x) (x) -# define be16toh(x) ntohs(x) -# define le16toh(x) (x) - -# define htobe32(x) htonl(x) -# define htole32(x) (x) -# define be32toh(x) ntohl(x) -# define le32toh(x) (x) - -# define htobe64(x) (((uint64_t)htonl(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)htonl(((uint32_t)(x)))) << 32)) -# define htole64(x) (x) -# define be64toh(x) (((uint64_t)ntohl(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)ntohl(((uint32_t)(x)))) << 32)) -# define le64toh(x) (x) -# elif defined(__BYTE_ORDER) && (__BYTE_ORDER == __BIG_ENDIAN) -# define htobe16(x) (x) -# define htole16(x) (((((uint16_t)(x)) >> 8))|((((uint16_t)(x)) << 8))) -# define be16toh(x) (x) -# define le16toh(x) (((((uint16_t)(x)) >> 8))|((((uint16_t)(x)) << 8))) - -# define htobe32(x) (x) -# define htole32(x) (((uint32_t)htole16(((uint16_t)(((uint32_t)(x)) >> 16)))) | (((uint32_t)htole16(((uint16_t)(x)))) << 16)) -# define be32toh(x) (x) -# define le32toh(x) (((uint32_t)le16toh(((uint16_t)(((uint32_t)(x)) >> 16)))) | (((uint32_t)le16toh(((uint16_t)(x)))) << 16)) - -# define htobe64(x) (x) -# define htole64(x) (((uint64_t)htole32(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)htole32(((uint32_t)(x)))) << 32)) -# define be64toh(x) (x) -# define le64toh(x) (((uint64_t)le32toh(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)le32toh(((uint32_t)(x)))) << 32)) -# else -# error Byte Order not supported or not defined. -# endif -# endif - -#elif defined(__APPLE__) - -# include - -# define htobe16(x) OSSwapHostToBigInt16(x) -# define htole16(x) OSSwapHostToLittleInt16(x) -# define be16toh(x) OSSwapBigToHostInt16(x) -# define le16toh(x) OSSwapLittleToHostInt16(x) - -# define htobe32(x) OSSwapHostToBigInt32(x) -# define htole32(x) OSSwapHostToLittleInt32(x) -# define be32toh(x) OSSwapBigToHostInt32(x) -# define le32toh(x) OSSwapLittleToHostInt32(x) - -# define htobe64(x) OSSwapHostToBigInt64(x) -# define htole64(x) OSSwapHostToLittleInt64(x) -# define be64toh(x) OSSwapBigToHostInt64(x) -# define le64toh(x) OSSwapLittleToHostInt64(x) - -# define __BYTE_ORDER BYTE_ORDER -# define __BIG_ENDIAN BIG_ENDIAN -# define __LITTLE_ENDIAN LITTLE_ENDIAN -# define __PDP_ENDIAN PDP_ENDIAN - -#elif defined(__OpenBSD__) - -# include - -#elif defined(__HAIKU__) - -# include - -#elif defined(__NetBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) - -# include - -# if !defined(be16toh) - # define be16toh(x) betoh16(x) - # define le16toh(x) letoh16(x) -# endif - -# if !defined(be32toh) - # define be32toh(x) betoh32(x) - # define le32toh(x) letoh32(x) -# endif - -# if !defined(be64toh) - # define be64toh(x) betoh64(x) - # define le64toh(x) letoh64(x) -# endif - -#elif defined(__WINDOWS__) - -# if BYTE_ORDER == LITTLE_ENDIAN - -# define htobe16(x) _byteswap_ushort(x) -# define htole16(x) (x) -# define be16toh(x) _byteswap_ushort(x) -# define le16toh(x) (x) - -# define htobe32(x) _byteswap_ulong(x) -# define htole32(x) (x) -# define be32toh(x) _byteswap_ulong(x) -# define le32toh(x) (x) - -# define htobe64(x) _byteswap_uint64(x) -# define be64toh(x) _byteswap_uint64(x) -# define htole64(x) (x) -# define le64toh(x) (x) - -# elif BYTE_ORDER == BIG_ENDIAN - - /* that would be xbox 360 */ -# define htobe16(x) (x) -# define htole16(x) __builtin_bswap16(x) -# define be16toh(x) (x) -# define le16toh(x) __builtin_bswap16(x) - -# define htobe32(x) (x) -# define htole32(x) __builtin_bswap32(x) -# define be32toh(x) (x) -# define le32toh(x) __builtin_bswap32(x) - -# define htobe64(x) (x) -# define htole64(x) __builtin_bswap64(x) -# define be64toh(x) (x) -# define le64toh(x) __builtin_bswap64(x) - -# else - -# error byte order not supported - -# endif - -# define __BYTE_ORDER BYTE_ORDER -# define __BIG_ENDIAN BIG_ENDIAN -# define __LITTLE_ENDIAN LITTLE_ENDIAN -# define __PDP_ENDIAN PDP_ENDIAN - -#elif defined(__sun) - -# include - -# define htobe16(x) BE_16(x) -# define htole16(x) LE_16(x) -# define be16toh(x) BE_16(x) -# define le16toh(x) LE_16(x) - -# define htobe32(x) BE_32(x) -# define htole32(x) LE_32(x) -# define be32toh(x) BE_32(x) -# define le32toh(x) LE_32(x) - -# define htobe64(x) BE_64(x) -# define htole64(x) LE_64(x) -# define be64toh(x) BE_64(x) -# define le64toh(x) LE_64(x) - -#elif defined _AIX /* AIX is always big endian */ -# define be64toh(x) (x) -# define be32toh(x) (x) -# define be16toh(x) (x) -# define le32toh(x) \ - ((((x) & 0xff) << 24) | \ - (((x) & 0xff00) << 8) | \ - (((x) & 0xff0000) >> 8) | \ - (((x) & 0xff000000) >> 24)) -# define le64toh(x) \ - ((((x) & 0x00000000000000ffL) << 56) | \ - (((x) & 0x000000000000ff00L) << 40) | \ - (((x) & 0x0000000000ff0000L) << 24) | \ - (((x) & 0x00000000ff000000L) << 8) | \ - (((x) & 0x000000ff00000000L) >> 8) | \ - (((x) & 0x0000ff0000000000L) >> 24) | \ - (((x) & 0x00ff000000000000L) >> 40) | \ - (((x) & 0xff00000000000000L) >> 56)) -# ifndef htobe64 -# define htobe64(x) be64toh(x) -# endif -# ifndef htobe32 -# define htobe32(x) be32toh(x) -# endif -# ifndef htobe16 -# define htobe16(x) be16toh(x) -# endif - -#elif defined(__MVS__) - -# define htobe16(x) (x) -# define htole16(x) (((((uint16_t)(x)) >> 8))|((((uint16_t)(x)) << 8))) -# define be16toh(x) (x) -# define le16toh(x) (((((uint16_t)(x)) >> 8))|((((uint16_t)(x)) << 8))) - -# define htobe32(x) (x) -# define htole32(x) (((uint32_t)htole16(((uint16_t)(((uint32_t)(x)) >> 16)))) | (((uint32_t)htole16(((uint16_t)(x)))) << 16)) -# define be32toh(x) (x) -# define le32toh(x) (((uint32_t)le16toh(((uint16_t)(((uint32_t)(x)) >> 16)))) | (((uint32_t)le16toh(((uint16_t)(x)))) << 16)) - -# define htobe64(x) (x) -# define htole64(x) (((uint64_t)htole32(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)htole32(((uint32_t)(x)))) << 32)) -# define be64toh(x) (x) -# define le64toh(x) (((uint64_t)le32toh(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)le32toh(((uint32_t)(x)))) << 32)) - -#else - -# error platform not supported - -#endif - -#endif diff --git a/src/_csrc/pycabcrypt.h b/src/_csrc/pycabcrypt.h deleted file mode 100644 index 509d4fec..00000000 --- a/src/_csrc/pycabcrypt.h +++ /dev/null @@ -1,44 +0,0 @@ -#ifndef PYCABCRYPT -#define PYCABCRYPT - -#include -#include -#include -#include "portable_endian.h" - -#if defined(_WIN32) -typedef unsigned char uint8_t; -typedef uint8_t u_int8_t; -typedef unsigned short uint16_t; -typedef uint16_t u_int16_t; -typedef unsigned uint32_t; -typedef uint32_t u_int32_t; -typedef unsigned long long uint64_t; -typedef uint64_t u_int64_t; -#define snprintf _snprintf -#define __attribute__(unused) -#elif defined(__sun) -typedef uint8_t u_int8_t; -typedef uint16_t u_int16_t; -typedef uint32_t u_int32_t; -typedef uint64_t u_int64_t; -#elif defined(__MVS__) -#include -typedef uint8_t u_int8_t; -typedef uint16_t u_int16_t; -typedef uint32_t u_int32_t; -typedef uint64_t u_int64_t; -#else -#include -#endif - -#define explicit_bzero(s,n) memset(s, 0, n) -#define DEF_WEAK(f) - -int bcrypt_hashpass(const char *key, const char *salt, char *encrypted, size_t encryptedlen); -int encode_base64(char *, const u_int8_t *, size_t); -int timingsafe_bcmp(const void *b1, const void *b2, size_t n); -int bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, uint8_t *key, size_t keylen, unsigned int rounds); - -#endif - diff --git a/src/_csrc/sha2.c b/src/_csrc/sha2.c deleted file mode 100644 index 38181a5c..00000000 --- a/src/_csrc/sha2.c +++ /dev/null @@ -1,812 +0,0 @@ -/* $OpenBSD: sha2.c,v 1.18 2015/03/14 03:38:46 jsg Exp $ */ - -/* - * FILE: sha2.c - * AUTHOR: Aaron D. Gifford - * - * Copyright (c) 2000-2001, Aaron D. Gifford - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the copyright holder nor the names of contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $ - */ - -#include "pycabcrypt.h" -#include "sha2.h" - -/* - * UNROLLED TRANSFORM LOOP NOTE: - * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform - * loop version for the hash transform rounds (defined using macros - * later in this file). Either define on the command line, for example: - * - * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c - * - * or define below: - * - * #define SHA2_UNROLL_TRANSFORM - * - */ -#ifndef SMALL_KERNEL -#if defined(__amd64__) || defined(__i386__) -#define SHA2_UNROLL_TRANSFORM -#endif -#endif - - -/*** SHA-256/384/512 Various Length Definitions ***********************/ -/* NOTE: Most of these are in sha2.h */ -#define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8) -#define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16) -#define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16) - -/* - * Macro for incrementally adding the unsigned 64-bit integer n to the - * unsigned 128-bit integer (represented using a two-element array of - * 64-bit words): - */ -#define ADDINC128(w,n) { \ - (w)[0] += (u_int64_t)(n); \ - if ((w)[0] < (n)) { \ - (w)[1]++; \ - } \ -} - -/*** THE SIX LOGICAL FUNCTIONS ****************************************/ -/* - * Bit shifting and rotation (used by the six SHA-XYZ logical functions: - * - * NOTE: The naming of R and S appears backwards here (R is a SHIFT and - * S is a ROTATION) because the SHA-256/384/512 description document - * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this - * same "backwards" definition. - */ -/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ -#define R(b,x) ((x) >> (b)) -/* 32-bit Rotate-right (used in SHA-256): */ -#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) -/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ -#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) - -/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ -#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) - -/* Four of six logical functions used in SHA-256: */ -#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) -#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) -#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) -#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) - -/* Four of six logical functions used in SHA-384 and SHA-512: */ -#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) -#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) -#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) -#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) - -/*** INTERNAL FUNCTION PROTOTYPES *************************************/ -/* NOTE: These should not be accessed directly from outside this - * library -- they are intended for private internal visibility/use - * only. - */ -void SHA512Last(SHA2_CTX *); -void SHA256Transform(u_int32_t *, const u_int8_t *); -void SHA512Transform(u_int64_t *, const u_int8_t *); - - -/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ -/* Hash constant words K for SHA-256: */ -const static u_int32_t K256[64] = { - 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, - 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, - 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, - 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, - 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, - 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, - 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, - 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, - 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, - 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, - 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, - 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, - 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, - 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, - 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, - 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL -}; - -/* Initial hash value H for SHA-256: */ -const static u_int32_t sha256_initial_hash_value[8] = { - 0x6a09e667UL, - 0xbb67ae85UL, - 0x3c6ef372UL, - 0xa54ff53aUL, - 0x510e527fUL, - 0x9b05688cUL, - 0x1f83d9abUL, - 0x5be0cd19UL -}; - -/* Hash constant words K for SHA-384 and SHA-512: */ -const static u_int64_t K512[80] = { - 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, - 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, - 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, - 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, - 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, - 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, - 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, - 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, - 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, - 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, - 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, - 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, - 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, - 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, - 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, - 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, - 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, - 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, - 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, - 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, - 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, - 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, - 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, - 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, - 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, - 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, - 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, - 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, - 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, - 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, - 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, - 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, - 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, - 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, - 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, - 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, - 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, - 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, - 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, - 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL -}; - -/* Initial hash value H for SHA-384 */ -const static u_int64_t sha384_initial_hash_value[8] = { - 0xcbbb9d5dc1059ed8ULL, - 0x629a292a367cd507ULL, - 0x9159015a3070dd17ULL, - 0x152fecd8f70e5939ULL, - 0x67332667ffc00b31ULL, - 0x8eb44a8768581511ULL, - 0xdb0c2e0d64f98fa7ULL, - 0x47b5481dbefa4fa4ULL -}; - -/* Initial hash value H for SHA-512 */ -const static u_int64_t sha512_initial_hash_value[8] = { - 0x6a09e667f3bcc908ULL, - 0xbb67ae8584caa73bULL, - 0x3c6ef372fe94f82bULL, - 0xa54ff53a5f1d36f1ULL, - 0x510e527fade682d1ULL, - 0x9b05688c2b3e6c1fULL, - 0x1f83d9abfb41bd6bULL, - 0x5be0cd19137e2179ULL -}; - - -/*** SHA-256: *********************************************************/ -void -SHA256Init(SHA2_CTX *context) -{ - memcpy(context->state.st32, sha256_initial_hash_value, - SHA256_DIGEST_LENGTH); - memset(context->buffer, 0, SHA256_BLOCK_LENGTH); - context->bitcount[0] = 0; -} - -#ifdef SHA2_UNROLL_TRANSFORM - -/* Unrolled SHA-256 round macros: */ - -#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) do { \ - W256[j] = (u_int32_t)data[3] | ((u_int32_t)data[2] << 8) | \ - ((u_int32_t)data[1] << 16) | ((u_int32_t)data[0] << 24); \ - data += 4; \ - T1 = (h) + Sigma1_256((e)) + Ch((e), (f), (g)) + K256[j] + W256[j]; \ - (d) += T1; \ - (h) = T1 + Sigma0_256((a)) + Maj((a), (b), (c)); \ - j++; \ -} while(0) - -#define ROUND256(a,b,c,d,e,f,g,h) do { \ - s0 = W256[(j+1)&0x0f]; \ - s0 = sigma0_256(s0); \ - s1 = W256[(j+14)&0x0f]; \ - s1 = sigma1_256(s1); \ - T1 = (h) + Sigma1_256((e)) + Ch((e), (f), (g)) + K256[j] + \ - (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ - (d) += T1; \ - (h) = T1 + Sigma0_256((a)) + Maj((a), (b), (c)); \ - j++; \ -} while(0) - -void -SHA256Transform(u_int32_t *state, const u_int8_t *data) -{ - u_int32_t a, b, c, d, e, f, g, h, s0, s1; - u_int32_t T1, W256[16]; - int j; - - /* Initialize registers with the prev. intermediate value */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - f = state[5]; - g = state[6]; - h = state[7]; - - j = 0; - do { - /* Rounds 0 to 15 (unrolled): */ - ROUND256_0_TO_15(a,b,c,d,e,f,g,h); - ROUND256_0_TO_15(h,a,b,c,d,e,f,g); - ROUND256_0_TO_15(g,h,a,b,c,d,e,f); - ROUND256_0_TO_15(f,g,h,a,b,c,d,e); - ROUND256_0_TO_15(e,f,g,h,a,b,c,d); - ROUND256_0_TO_15(d,e,f,g,h,a,b,c); - ROUND256_0_TO_15(c,d,e,f,g,h,a,b); - ROUND256_0_TO_15(b,c,d,e,f,g,h,a); - } while (j < 16); - - /* Now for the remaining rounds to 64: */ - do { - ROUND256(a,b,c,d,e,f,g,h); - ROUND256(h,a,b,c,d,e,f,g); - ROUND256(g,h,a,b,c,d,e,f); - ROUND256(f,g,h,a,b,c,d,e); - ROUND256(e,f,g,h,a,b,c,d); - ROUND256(d,e,f,g,h,a,b,c); - ROUND256(c,d,e,f,g,h,a,b); - ROUND256(b,c,d,e,f,g,h,a); - } while (j < 64); - - /* Compute the current intermediate hash value */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - state[5] += f; - state[6] += g; - state[7] += h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = 0; -} - -#else /* SHA2_UNROLL_TRANSFORM */ - -void -SHA256Transform(u_int32_t *state, const u_int8_t *data) -{ - u_int32_t a, b, c, d, e, f, g, h, s0, s1; - u_int32_t T1, T2, W256[16]; - int j; - - /* Initialize registers with the prev. intermediate value */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - f = state[5]; - g = state[6]; - h = state[7]; - - j = 0; - do { - W256[j] = (u_int32_t)data[3] | ((u_int32_t)data[2] << 8) | - ((u_int32_t)data[1] << 16) | ((u_int32_t)data[0] << 24); - data += 4; - /* Apply the SHA-256 compression function to update a..h */ - T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j]; - T2 = Sigma0_256(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 16); - - do { - /* Part of the message block expansion: */ - s0 = W256[(j+1)&0x0f]; - s0 = sigma0_256(s0); - s1 = W256[(j+14)&0x0f]; - s1 = sigma1_256(s1); - - /* Apply the SHA-256 compression function to update a..h */ - T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + - (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); - T2 = Sigma0_256(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 64); - - /* Compute the current intermediate hash value */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - state[5] += f; - state[6] += g; - state[7] += h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = T2 = 0; -} - -#endif /* SHA2_UNROLL_TRANSFORM */ - -void -SHA256Update(SHA2_CTX *context, const void *dataptr, size_t len) -{ - const uint8_t *data = dataptr; - size_t freespace, usedspace; - - /* Calling with no data is valid (we do nothing) */ - if (len == 0) - return; - - usedspace = (context->bitcount[0] >> 3) % SHA256_BLOCK_LENGTH; - if (usedspace > 0) { - /* Calculate how much free space is available in the buffer */ - freespace = SHA256_BLOCK_LENGTH - usedspace; - - if (len >= freespace) { - /* Fill the buffer completely and process it */ - memcpy(&context->buffer[usedspace], data, freespace); - context->bitcount[0] += freespace << 3; - len -= freespace; - data += freespace; - SHA256Transform(context->state.st32, context->buffer); - } else { - /* The buffer is not yet full */ - memcpy(&context->buffer[usedspace], data, len); - context->bitcount[0] += len << 3; - /* Clean up: */ - usedspace = freespace = 0; - return; - } - } - while (len >= SHA256_BLOCK_LENGTH) { - /* Process as many complete blocks as we can */ - SHA256Transform(context->state.st32, data); - context->bitcount[0] += SHA256_BLOCK_LENGTH << 3; - len -= SHA256_BLOCK_LENGTH; - data += SHA256_BLOCK_LENGTH; - } - if (len > 0) { - /* There's left-overs, so save 'em */ - memcpy(context->buffer, data, len); - context->bitcount[0] += len << 3; - } - /* Clean up: */ - usedspace = freespace = 0; -} - -void -SHA256Final(u_int8_t digest[], SHA2_CTX *context) -{ - unsigned int usedspace; - - usedspace = (context->bitcount[0] >> 3) % SHA256_BLOCK_LENGTH; - /* Convert FROM host byte order */ - context->bitcount[0] = htobe64(context->bitcount[0]); - if (usedspace > 0) { - /* Begin padding with a 1 bit: */ - context->buffer[usedspace++] = 0x80; - - if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) { - /* Set-up for the last transform: */ - memset(&context->buffer[usedspace], 0, - SHA256_SHORT_BLOCK_LENGTH - usedspace); - } else { - if (usedspace < SHA256_BLOCK_LENGTH) { - memset(&context->buffer[usedspace], 0, - SHA256_BLOCK_LENGTH - usedspace); - } - /* Do second-to-last transform: */ - SHA256Transform(context->state.st32, context->buffer); - - /* And set-up for the last transform: */ - memset(context->buffer, 0, - SHA256_SHORT_BLOCK_LENGTH); - } - } else { - /* Set-up for the last transform: */ - memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH); - - /* Begin padding with a 1 bit: */ - *context->buffer = 0x80; - } - /* Set the bit count: */ - *(u_int64_t *)&context->buffer[SHA256_SHORT_BLOCK_LENGTH] = context->bitcount[0]; - - /* Final transform: */ - SHA256Transform(context->state.st32, context->buffer); - - { - /* Convert TO host byte order */ - int j; - for (j = 0; j < 8; j++) { - context->state.st32[j] = le32toh(context->state.st32[j]); - } - } - memcpy(digest, context->state.st32, SHA256_DIGEST_LENGTH); - /* Clean up state data: */ - explicit_bzero(context, sizeof(*context)); - usedspace = 0; -} - - -/*** SHA-512: *********************************************************/ -void -SHA512Init(SHA2_CTX *context) -{ - memcpy(context->state.st64, sha512_initial_hash_value, - SHA512_DIGEST_LENGTH); - memset(context->buffer, 0, SHA512_BLOCK_LENGTH); - context->bitcount[0] = context->bitcount[1] = 0; -} - -#ifdef SHA2_UNROLL_TRANSFORM - -/* Unrolled SHA-512 round macros: */ - -#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) do { \ - W512[j] = (u_int64_t)data[7] | ((u_int64_t)data[6] << 8) | \ - ((u_int64_t)data[5] << 16) | ((u_int64_t)data[4] << 24) | \ - ((u_int64_t)data[3] << 32) | ((u_int64_t)data[2] << 40) | \ - ((u_int64_t)data[1] << 48) | ((u_int64_t)data[0] << 56); \ - data += 8; \ - T1 = (h) + Sigma1_512((e)) + Ch((e), (f), (g)) + K512[j] + W512[j]; \ - (d) += T1; \ - (h) = T1 + Sigma0_512((a)) + Maj((a), (b), (c)); \ - j++; \ -} while(0) - - -#define ROUND512(a,b,c,d,e,f,g,h) do { \ - s0 = W512[(j+1)&0x0f]; \ - s0 = sigma0_512(s0); \ - s1 = W512[(j+14)&0x0f]; \ - s1 = sigma1_512(s1); \ - T1 = (h) + Sigma1_512((e)) + Ch((e), (f), (g)) + K512[j] + \ - (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ - (d) += T1; \ - (h) = T1 + Sigma0_512((a)) + Maj((a), (b), (c)); \ - j++; \ -} while(0) - -void -SHA512Transform(u_int64_t *state, const u_int8_t *data) -{ - u_int64_t a, b, c, d, e, f, g, h, s0, s1; - u_int64_t T1, W512[16]; - int j; - - /* Initialize registers with the prev. intermediate value */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - f = state[5]; - g = state[6]; - h = state[7]; - - j = 0; - do { - ROUND512_0_TO_15(a,b,c,d,e,f,g,h); - ROUND512_0_TO_15(h,a,b,c,d,e,f,g); - ROUND512_0_TO_15(g,h,a,b,c,d,e,f); - ROUND512_0_TO_15(f,g,h,a,b,c,d,e); - ROUND512_0_TO_15(e,f,g,h,a,b,c,d); - ROUND512_0_TO_15(d,e,f,g,h,a,b,c); - ROUND512_0_TO_15(c,d,e,f,g,h,a,b); - ROUND512_0_TO_15(b,c,d,e,f,g,h,a); - } while (j < 16); - - /* Now for the remaining rounds up to 79: */ - do { - ROUND512(a,b,c,d,e,f,g,h); - ROUND512(h,a,b,c,d,e,f,g); - ROUND512(g,h,a,b,c,d,e,f); - ROUND512(f,g,h,a,b,c,d,e); - ROUND512(e,f,g,h,a,b,c,d); - ROUND512(d,e,f,g,h,a,b,c); - ROUND512(c,d,e,f,g,h,a,b); - ROUND512(b,c,d,e,f,g,h,a); - } while (j < 80); - - /* Compute the current intermediate hash value */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - state[5] += f; - state[6] += g; - state[7] += h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = 0; -} - -#else /* SHA2_UNROLL_TRANSFORM */ - -void -SHA512Transform(u_int64_t *state, const u_int8_t *data) -{ - u_int64_t a, b, c, d, e, f, g, h, s0, s1; - u_int64_t T1, T2, W512[16]; - int j; - - /* Initialize registers with the prev. intermediate value */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - f = state[5]; - g = state[6]; - h = state[7]; - - j = 0; - do { - W512[j] = (u_int64_t)data[7] | ((u_int64_t)data[6] << 8) | - ((u_int64_t)data[5] << 16) | ((u_int64_t)data[4] << 24) | - ((u_int64_t)data[3] << 32) | ((u_int64_t)data[2] << 40) | - ((u_int64_t)data[1] << 48) | ((u_int64_t)data[0] << 56); - data += 8; - /* Apply the SHA-512 compression function to update a..h */ - T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; - T2 = Sigma0_512(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 16); - - do { - /* Part of the message block expansion: */ - s0 = W512[(j+1)&0x0f]; - s0 = sigma0_512(s0); - s1 = W512[(j+14)&0x0f]; - s1 = sigma1_512(s1); - - /* Apply the SHA-512 compression function to update a..h */ - T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + - (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); - T2 = Sigma0_512(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 80); - - /* Compute the current intermediate hash value */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - state[5] += f; - state[6] += g; - state[7] += h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = T2 = 0; -} - -#endif /* SHA2_UNROLL_TRANSFORM */ - -void -SHA512Update(SHA2_CTX *context, const void *dataptr, size_t len) -{ - const uint8_t *data = dataptr; - size_t freespace, usedspace; - - /* Calling with no data is valid (we do nothing) */ - if (len == 0) - return; - - usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; - if (usedspace > 0) { - /* Calculate how much free space is available in the buffer */ - freespace = SHA512_BLOCK_LENGTH - usedspace; - - if (len >= freespace) { - /* Fill the buffer completely and process it */ - memcpy(&context->buffer[usedspace], data, freespace); - ADDINC128(context->bitcount, freespace << 3); - len -= freespace; - data += freespace; - SHA512Transform(context->state.st64, context->buffer); - } else { - /* The buffer is not yet full */ - memcpy(&context->buffer[usedspace], data, len); - ADDINC128(context->bitcount, len << 3); - /* Clean up: */ - usedspace = freespace = 0; - return; - } - } - while (len >= SHA512_BLOCK_LENGTH) { - /* Process as many complete blocks as we can */ - SHA512Transform(context->state.st64, data); - ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3); - len -= SHA512_BLOCK_LENGTH; - data += SHA512_BLOCK_LENGTH; - } - if (len > 0) { - /* There's left-overs, so save 'em */ - memcpy(context->buffer, data, len); - ADDINC128(context->bitcount, len << 3); - } - /* Clean up: */ - usedspace = freespace = 0; -} - -void -SHA512Last(SHA2_CTX *context) -{ - unsigned int usedspace; - - usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; - /* Convert FROM host byte order */ - context->bitcount[0] = htobe64(context->bitcount[0]); - context->bitcount[1] = htobe64(context->bitcount[1]); - if (usedspace > 0) { - /* Begin padding with a 1 bit: */ - context->buffer[usedspace++] = 0x80; - - if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) { - /* Set-up for the last transform: */ - memset(&context->buffer[usedspace], 0, - SHA512_SHORT_BLOCK_LENGTH - usedspace); - } else { - if (usedspace < SHA512_BLOCK_LENGTH) { - memset(&context->buffer[usedspace], 0, - SHA512_BLOCK_LENGTH - usedspace); - } - /* Do second-to-last transform: */ - SHA512Transform(context->state.st64, context->buffer); - - /* And set-up for the last transform: */ - memset(context->buffer, 0, SHA512_BLOCK_LENGTH - 2); - } - } else { - /* Prepare for final transform: */ - memset(context->buffer, 0, SHA512_SHORT_BLOCK_LENGTH); - - /* Begin padding with a 1 bit: */ - *context->buffer = 0x80; - } - /* Store the length of input data (in bits): */ - *(u_int64_t *)&context->buffer[SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1]; - *(u_int64_t *)&context->buffer[SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0]; - - /* Final transform: */ - SHA512Transform(context->state.st64, context->buffer); -} - -void -SHA512Final(u_int8_t digest[], SHA2_CTX *context) -{ - - SHA512Last(context); - - /* Save the hash data for output: */ - { - /* Convert TO host byte order */ - int j; - for (j = 0; j < 8; j++) { - context->state.st64[j] = be64toh(context->state.st64[j]); - } - } - memcpy(digest, context->state.st64, SHA512_DIGEST_LENGTH); - - /* Zero out state data */ - explicit_bzero(context, sizeof(*context)); -} - - -/*** SHA-384: *********************************************************/ -void -SHA384Init(SHA2_CTX *context) -{ - memcpy(context->state.st64, sha384_initial_hash_value, - SHA512_DIGEST_LENGTH); - memset(context->buffer, 0, SHA384_BLOCK_LENGTH); - context->bitcount[0] = context->bitcount[1] = 0; -} - -void -SHA384Update(SHA2_CTX *context, const void *data, size_t len) -{ - SHA512Update(context, data, len); -} - -void -SHA384Final(u_int8_t digest[], SHA2_CTX *context) -{ - - SHA512Last(context); - - /* Save the hash data for output: */ - { - /* Convert TO host byte order */ - int j; - for (j = 0; j < 6; j++) { - context->state.st64[j] = be64toh(context->state.st64[j]); - } - } - memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH); - /* Zero out state data */ - explicit_bzero(context, sizeof(*context)); -} diff --git a/src/_csrc/sha2.h b/src/_csrc/sha2.h deleted file mode 100644 index 31b38303..00000000 --- a/src/_csrc/sha2.h +++ /dev/null @@ -1,87 +0,0 @@ -/* $OpenBSD: sha2.h,v 1.5 2014/11/16 17:39:09 tedu Exp $ */ - -/* - * FILE: sha2.h - * AUTHOR: Aaron D. Gifford - * - * Copyright (c) 2000-2001, Aaron D. Gifford - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the copyright holder nor the names of contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $From: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $ - */ - -#ifndef _SHA2_H -#define _SHA2_H - - -/*** SHA-256/384/512 Various Length Definitions ***********************/ -#define SHA256_BLOCK_LENGTH 64 -#define SHA256_DIGEST_LENGTH 32 -#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) -#define SHA384_BLOCK_LENGTH 128 -#define SHA384_DIGEST_LENGTH 48 -#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1) -#define SHA512_BLOCK_LENGTH 128 -#define SHA512_DIGEST_LENGTH 64 -#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) - - -/*** SHA-256/384/512 Context Structure *******************************/ -typedef struct _SHA2_CTX { - union { - u_int32_t st32[8]; - u_int64_t st64[8]; - } state; - u_int64_t bitcount[2]; - u_int8_t buffer[SHA512_BLOCK_LENGTH]; -} SHA2_CTX; - -#ifdef __cplusplus -extern "C" { -#endif -void SHA256Init(SHA2_CTX *); -void SHA256Update(SHA2_CTX *, const void *, size_t) - __attribute__((__bounded__(__string__,2,3))); -void SHA256Final(u_int8_t[SHA256_DIGEST_LENGTH], SHA2_CTX *) - __attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH))); - -void SHA384Init(SHA2_CTX *); -void SHA384Update(SHA2_CTX *, const void *, size_t) - __attribute__((__bounded__(__string__,2,3))); -void SHA384Final(u_int8_t[SHA384_DIGEST_LENGTH], SHA2_CTX *) - __attribute__((__bounded__(__minbytes__,1,SHA384_DIGEST_LENGTH))); - -void SHA512Init(SHA2_CTX *); -void SHA512Update(SHA2_CTX *, const void *, size_t) - __attribute__((__bounded__(__string__,2,3))); -void SHA512Final(u_int8_t[SHA512_DIGEST_LENGTH], SHA2_CTX *) - __attribute__((__bounded__(__minbytes__,1,SHA512_DIGEST_LENGTH))); -#ifdef __cplusplus -} -#endif - -#endif /* _SHA2_H */ diff --git a/src/_csrc/timingsafe_bcmp.c b/src/_csrc/timingsafe_bcmp.c deleted file mode 100644 index c7b2c39e..00000000 --- a/src/_csrc/timingsafe_bcmp.c +++ /dev/null @@ -1,29 +0,0 @@ -/* $OpenBSD: timingsafe_bcmp.c,v 1.1 2010/09/24 13:33:00 matthew Exp $ */ -/* - * Copyright (c) 2010 Damien Miller. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "pycabcrypt.h" - -int -timingsafe_bcmp(const void *b1, const void *b2, size_t n) -{ - const unsigned char *p1 = b1, *p2 = b2; - int ret = 0; - - for (; n > 0; n--) - ret |= *p1++ ^ *p2++; - return (ret != 0); -} diff --git a/src/bcrypt/__about__.py b/src/bcrypt/__about__.py index 8c16aced..020b748e 100644 --- a/src/bcrypt/__about__.py +++ b/src/bcrypt/__about__.py @@ -32,7 +32,7 @@ __summary__ = "Modern password hashing for your software and your servers" __uri__ = "https://github.com/pyca/bcrypt/" -__version__ = "3.2.1" +__version__ = "4.0.1" __author__ = "The Python Cryptographic Authority developers" __email__ = "cryptography-dev@python.org" diff --git a/src/bcrypt/__init__.py b/src/bcrypt/__init__.py index a9aae84c..1f2886f3 100644 --- a/src/bcrypt/__init__.py +++ b/src/bcrypt/__init__.py @@ -18,7 +18,6 @@ import hmac import os -import re import warnings from .__about__ import ( @@ -50,9 +49,6 @@ ] -_normalize_re = re.compile(rb"^\$2y\$") - - def gensalt(rounds: int = 12, prefix: bytes = b"2b") -> bytes: if prefix not in (b"2a", b"2b"): raise ValueError("Supported prefixes are b'2a' or b'2b'") @@ -61,8 +57,7 @@ def gensalt(rounds: int = 12, prefix: bytes = b"2b") -> bytes: raise ValueError("Invalid rounds") salt = os.urandom(16) - output = _bcrypt.ffi.new("char[]", 30) - _bcrypt.lib.encode_base64(output, salt, len(salt)) + output = _bcrypt.encode_base64(salt) return ( b"$" @@ -70,7 +65,7 @@ def gensalt(rounds: int = 12, prefix: bytes = b"2b") -> bytes: + b"$" + ("%2.2u" % rounds).encode("ascii") + b"$" - + _bcrypt.ffi.string(output) + + output ) @@ -78,9 +73,6 @@ def hashpw(password: bytes, salt: bytes) -> bytes: if isinstance(password, str) or isinstance(salt, str): raise TypeError("Strings must be encoded before hashing") - if b"\x00" in password: - raise ValueError("password may not contain NUL bytes") - # bcrypt originally suffered from a wraparound bug: # http://www.openwall.com/lists/oss-security/2012/01/02/4 # This bug was corrected in the OpenBSD source by truncating inputs to 72 @@ -89,38 +81,13 @@ def hashpw(password: bytes, salt: bytes) -> bytes: # on $2a$, so we do it here to preserve compatibility with 2.0.0 password = password[:72] - # When the original 8bit bug was found the original library we supported - # added a new prefix, $2y$, that fixes it. This prefix is exactly the same - # as the $2b$ prefix added by OpenBSD other than the name. Since the - # OpenBSD library does not support the $2y$ prefix, if the salt given to us - # is for the $2y$ prefix, we'll just mugne it so that it's a $2b$ prior to - # passing it into the C library. - original_salt, salt = salt, _normalize_re.sub(b"$2b$", salt) - - hashed = _bcrypt.ffi.new("char[]", 128) - retval = _bcrypt.lib.bcrypt_hashpass(password, salt, hashed, len(hashed)) - - if retval != 0: - raise ValueError("Invalid salt") - - # Now that we've gotten our hashed password, we want to ensure that the - # prefix we return is the one that was passed in, so we'll use the prefix - # from the original salt and concatenate that with the return value (minus - # the return value's prefix). This will ensure that if someone passed in a - # salt with a $2y$ prefix, that they get back a hash with a $2y$ prefix - # even though we munged it to $2b$. - return original_salt[:4] + _bcrypt.ffi.string(hashed)[4:] + return _bcrypt.hashpass(password, salt) def checkpw(password: bytes, hashed_password: bytes) -> bool: if isinstance(password, str) or isinstance(hashed_password, str): raise TypeError("Strings must be encoded before checking") - if b"\x00" in password or b"\x00" in hashed_password: - raise ValueError( - "password and hashed_password may not contain NUL bytes" - ) - ret = hashpw(password, hashed_password) return hmac.compare_digest(ret, hashed_password) @@ -157,15 +124,4 @@ def kdf( stacklevel=2, ) - key = _bcrypt.ffi.new("uint8_t[]", desired_key_bytes) - res = _bcrypt.lib.bcrypt_pbkdf( - password, len(password), salt, len(salt), key, len(key), rounds - ) - _bcrypt_assert(res == 0) - - return _bcrypt.ffi.buffer(key, desired_key_bytes)[:] - - -def _bcrypt_assert(ok: bool) -> None: - if not ok: - raise SystemError("bcrypt assertion failed") + return _bcrypt.pbkdf(password, salt, rounds, desired_key_bytes) diff --git a/src/bcrypt/_bcrypt.pyi b/src/bcrypt/_bcrypt.pyi index 329382a5..640e9135 100644 --- a/src/bcrypt/_bcrypt.pyi +++ b/src/bcrypt/_bcrypt.pyi @@ -1,4 +1,7 @@ import typing -ffi: typing.Any -lib: typing.Any +def encode_base64(data: bytes) -> bytes: ... +def hashpass(password: bytes, salt: bytes) -> bytes: ... +def pbkdf( + password: bytes, salt: bytes, rounds: int, desired_key_bytes: int +) -> bytes: ... diff --git a/src/build_bcrypt.py b/src/build_bcrypt.py deleted file mode 100644 index f4017067..00000000 --- a/src/build_bcrypt.py +++ /dev/null @@ -1,46 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import os.path - -from cffi import FFI - - -BLOWFISH_DIR = os.path.join(os.path.dirname(__file__), "_csrc") - - -ffi = FFI() - -ffi.cdef( - """ -int bcrypt_hashpass(const char *, const char *, char *, size_t); -int encode_base64(char *, const uint8_t *, size_t); -int bcrypt_pbkdf(const char *, size_t, const uint8_t *, size_t, - uint8_t *, size_t, unsigned int); -int timingsafe_bcmp(const void *, const void *, size_t); -""" -) - -ffi.set_source( - "_bcrypt", - """ - #include "pycabcrypt.h" - """, - sources=[ - os.path.join(BLOWFISH_DIR, "blf.c"), - os.path.join(BLOWFISH_DIR, "bcrypt.c"), - os.path.join(BLOWFISH_DIR, "bcrypt_pbkdf.c"), - os.path.join(BLOWFISH_DIR, "sha2.c"), - os.path.join(BLOWFISH_DIR, "timingsafe_bcmp.c"), - ], - include_dirs=[BLOWFISH_DIR], -) diff --git a/tests/reference/Makefile b/tests/reference/Makefile new file mode 100644 index 00000000..faf967fc --- /dev/null +++ b/tests/reference/Makefile @@ -0,0 +1,4 @@ +.PHONY: all + +all: + go build -v ./bcrypt_reference.go diff --git a/tests/reference/bcrypt_reference.go b/tests/reference/bcrypt_reference.go new file mode 100644 index 00000000..81417c88 --- /dev/null +++ b/tests/reference/bcrypt_reference.go @@ -0,0 +1,35 @@ +package main + +import ( + "io" + "os" + "strconv" + + "golang.org/x/crypto/bcrypt" +) + +// provides access to the golang implementation of bcrypt, for reference: +// "password" to hash is provided on stdin, cost parameter is an optional +// command-line parameter + +func main() { + cost := bcrypt.MinCost + if len(os.Args) > 1 { + if parsed, err := strconv.Atoi(os.Args[1]); err == nil { + cost = parsed + } + } + + buf, err := io.ReadAll(os.Stdin) + if err != nil { + panic(err) + } + + out, err := bcrypt.GenerateFromPassword(buf, cost) + if err != nil { + panic(err) + } + + os.Stdout.Write(out) + os.Stdout.Write([]byte("\n")) +} diff --git a/tests/reference/go.mod b/tests/reference/go.mod new file mode 100644 index 00000000..40d8c885 --- /dev/null +++ b/tests/reference/go.mod @@ -0,0 +1,5 @@ +module github.com/pyca/bcrypt + +go 1.17 + +require golang.org/x/crypto v0.0.0-20220214200702-86341886e292 // indirect diff --git a/tests/reference/go.sum b/tests/reference/go.sum new file mode 100644 index 00000000..8c260b88 --- /dev/null +++ b/tests/reference/go.sum @@ -0,0 +1,2 @@ +golang.org/x/crypto v0.0.0-20220214200702-86341886e292 h1:f+lwQ+GtmgoY+A2YaQxlSOnDjXcQ7ZRLWOHbC6HtRqE= +golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= diff --git a/tests/test_bcrypt.py b/tests/test_bcrypt.py index 0c4ac476..f0df6bfc 100644 --- a/tests/test_bcrypt.py +++ b/tests/test_bcrypt.py @@ -144,6 +144,20 @@ b"$2a$05$/OK.fbVrR/bpIqNJ5ianF.", b"$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq", ), + ( + b"}>\xb3\xfe\xf1\x8b\xa0\xe6(\xa2Lzq\xc3P\x7f\xcc\xc8b{\xf9\x14\xf6" + b"\xf6`\x81G5\xec\x1d\x87\x10\xbf\xa7\xe1}I7 \x96\xdfc\xf2\xbf\xb3Vh" + b"\xdfM\x88q\xf7\xff\x1b\x82~z\x13\xdd\xe9\x84\x00\xdd4", + b"$2b$10$keO.ZZs22YtygVF6BLfhGO", + b"$2b$10$keO.ZZs22YtygVF6BLfhGOI/JjshJYPp8DZsUtym6mJV2Eha2Hdd.", + ), + ( + b"g7\r\x01\xf3\xd4\xd0\xa9JB^\x18\x007P\xb2N\xc7\x1c\xee\x87&\x83C" + b"\x8b\xe8\x18\xc5>\x86\x14/\xd6\xcc\x1cJ\xde\xd7ix\xeb\xdeO\xef" + b"\xe1i\xac\xcb\x03\x96v1' \xd6@.m\xa5!\xa0\xef\xc0(", + b"$2a$04$tecY.9ylRInW/rAAzXCXPO", + b"$2a$04$tecY.9ylRInW/rAAzXCXPOOlyYeCNzmNTzPDNSIFztFMKbvs/s5XG", + ), ] _2y_test_vectors = [ @@ -258,6 +272,11 @@ def test_checkpw_bad_salt(): b"badpass", b"$2b$04$?Siw3Nv3Q/gTOIPetAyPr.GNj3aO0lb1E5E9UumYGKjP9BYqlNWJe", ) + with pytest.raises(ValueError): + bcrypt.checkpw( + b"password", + b"$2b$3$mdEQPMOtfPX.WGZNXgF66OhmBlOGKEd66SQ7DyJPGucYYmvTJYviy", + ) def test_checkpw_str_password(): @@ -281,11 +300,10 @@ def test_hashpw_str_salt(): def test_checkpw_nul_byte(): - with pytest.raises(ValueError): - bcrypt.checkpw( - b"abc\0def", - b"$2b$04$2Siw3Nv3Q/gTOIPetAyPr.GNj3aO0lb1E5E9UumYGKjP9BYqlNWJe", - ) + bcrypt.checkpw( + b"abc\0def", + b"$2b$04$2Siw3Nv3Q/gTOIPetAyPr.GNj3aO0lb1E5E9UumYGKjP9BYqlNWJe", + ) with pytest.raises(ValueError): bcrypt.checkpw( @@ -296,8 +314,13 @@ def test_checkpw_nul_byte(): def test_hashpw_nul_byte(): salt = bcrypt.gensalt(4) - with pytest.raises(ValueError): - bcrypt.hashpw(b"abc\0def", salt) + hashed = bcrypt.hashpw(b"abc\0def", salt) + assert bcrypt.checkpw(b"abc\0def", hashed) + # assert that we are sensitive to changes in the password after the first + # null byte: + assert not bcrypt.checkpw(b"abc\0deg", hashed) + assert not bcrypt.checkpw(b"abc\0def\0", hashed) + assert not bcrypt.checkpw(b"abc\0def\0\0", hashed) def test_checkpw_extra_data(): @@ -465,11 +488,6 @@ def test_invalid_params(password, salt, desired_key_bytes, rounds, error): bcrypt.kdf(password, salt, desired_key_bytes, rounds) -def test_bcrypt_assert(): - with pytest.raises(SystemError): - bcrypt._bcrypt_assert(False) - - def test_2a_wraparound_bug(): assert ( bcrypt.hashpw( diff --git a/tox.ini b/tox.ini index 36e48517..1980668a 100644 --- a/tox.ini +++ b/tox.ini @@ -29,6 +29,7 @@ commands = [testenv:packaging] deps = + setuptools-rust check-manifest readme_renderer commands = @@ -41,3 +42,7 @@ ignore = E203,E211,E501,W503,W504 exclude = .tox,*.egg select = E,W,F,N,I application-import-names = bcrypt,tests + +[check-manifest] +ignore = + tests/reference/*