[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVS gsasl/lib/gl
From: |
gsasl-commit |
Subject: |
CVS gsasl/lib/gl |
Date: |
Wed, 12 Oct 2005 02:36:50 +0200 |
Update of /home/cvs/gsasl/lib/gl
In directory dopio:/tmp/cvs-serv15510/gl
Modified Files:
gc-gnulib.c gc-libgcrypt.c gc.h md5.c md5.h
Log Message:
Update.
--- /home/cvs/gsasl/lib/gl/gc-gnulib.c 2005/10/06 15:57:48 1.3
+++ /home/cvs/gsasl/lib/gl/gc-gnulib.c 2005/10/12 00:36:50 1.4
@@ -24,11 +24,12 @@
# include <config.h>
#endif
-#include <stdlib.h>
-
/* Get prototype. */
#include <gc.h>
+#include <stdlib.h>
+#include <string.h>
+
/* For randomize. */
#include <unistd.h>
#include <sys/types.h>
@@ -36,7 +37,8 @@
#include <fcntl.h>
#include <errno.h>
-#include <string.h>
+#include "md5.h"
+#include "hmac.h"
int
gc_init (void)
@@ -133,7 +135,23 @@
return;
}
-#include "md5.h"
+/* Hashes. */
+
+int
+gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, char *resbuf)
+{
+ switch (hash)
+ {
+ case GC_MD5:
+ md5_buffer (in, inlen, resbuf);
+ break;
+
+ default:
+ return GC_INVALID_HASH;
+ }
+
+ return GC_OK;
+}
int
gc_md5 (const void *in, size_t inlen, void *resbuf)
@@ -142,8 +160,6 @@
return 0;
}
-#include "hmac.h"
-
int
gc_hmac_md5 (const void *key, size_t keylen,
const void *in, size_t inlen, char *resbuf)
--- /home/cvs/gsasl/lib/gl/gc-libgcrypt.c 2005/10/06 15:57:48 1.2
+++ /home/cvs/gsasl/lib/gl/gc-libgcrypt.c 2005/10/12 00:36:50 1.3
@@ -94,6 +94,28 @@
func_realloc, func_free);
}
+/* Hashes. */
+
+int
+gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, char *resbuf)
+{
+ int gcryalg;
+
+ switch (hash)
+ {
+ case GC_MD5:
+ gcryalg = GCRY_MD_MD5;
+ break;
+
+ default:
+ return GC_INVALID_HASH;
+ }
+
+ gcry_md_hash_buffer (gcryalg, resbuf, in, inlen);
+
+ return GC_OK;
+}
+
/* One-call interface. */
int
@@ -104,7 +126,7 @@
gpg_error_t err;
unsigned char *p;
- assert (outlen == 16);
+ assert (outlen == GC_MD5_DIGEST_SIZE);
err = gcry_md_open (&hd, GCRY_MD_MD5, 0);
if (err != GPG_ERR_NO_ERROR)
@@ -115,7 +137,7 @@
p = gcry_md_read (hd, GCRY_MD_MD5);
if (p == NULL)
{
- gcry_md_close (mdh);
+ gcry_md_close (hd);
return GC_INVALID_HASH;
}
--- /home/cvs/gsasl/lib/gl/gc.h 2005/10/05 14:40:41 1.2
+++ /home/cvs/gsasl/lib/gl/gc.h 2005/10/12 00:36:50 1.3
@@ -24,8 +24,6 @@
/* Get size_t. */
# include <stddef.h>
-#define GC_MD5_DIGEST_SIZE 16
-
enum Gc_rc
{
GC_OK = 0,
@@ -40,6 +38,16 @@
};
typedef enum Gc_rc Gc_rc;
+/* Hash types. */
+enum Gc_hash
+ {
+ GC_MD5
+ };
+typedef enum Gc_hash Gc_hash;
+
+#define GC_MD5_DIGEST_SIZE 16
+
+/* Call before respectively after any other functions. */
extern int gc_init (void);
extern void gc_done (void);
@@ -54,10 +62,161 @@
gc_realloc_t func_realloc,
gc_free_t func_free);
+/* Hashes. */
+
+/* Compute a hash value over buffer IN of INLEN bytes size using the
+ algorithm HASH, placing the result in the pre-allocated buffer OUT.
+ The required size of OUT depends on HASH, and is generally
+ GC_<HASH>_DIGEST_SIZE. For example, for GC_MD5 the output buffer
+ must be 16 bytes. The return value is 0 (GC_OK) on success, or
+ another Gc_rc error code. */
+extern int
+gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, char *out);
+
/* One-call interface. */
extern int gc_md5 (const void *in, size_t inlen, void *resbuf);
extern int gc_hmac_md5 (const void *key, size_t keylen,
const void *in, size_t inlen,
char *resbuf);
+/*
+ TODO:
+
+ From: Simon Josefsson <address@hidden>
+ Subject: Re: generic crypto
+ Newsgroups: gmane.comp.lib.gnulib.bugs
+ Cc: address@hidden
+ Date: Fri, 07 Oct 2005 12:50:57 +0200
+ Mail-Copies-To: nobody
+
+ Paul Eggert <address@hidden> writes:
+
+ > Simon Josefsson <address@hidden> writes:
+ >
+ >> * Perhaps the /dev/*random reading should be separated into a separate
+ >> module? It might be useful outside of the gc layer too.
+ >
+ > Absolutely. I've been meaning to do that for months (for a "shuffle"
+ > program I want to add to coreutils), but hadn't gotten around to it.
+ > It would have to be generalized a bit. I'd like to have the file
+ > descriptor cached, for example.
+
+ I'll write a separate module for that part.
+
+ I think we should even add a good PRNG that is re-seeded from
+ /dev/*random frequently. GnuTLS can need a lot of random data on a
+ big server, more than /dev/random can supply. And /dev/urandom might
+ not be strong enough. Further, the security of /dev/*random can also
+ be questionable.
+
+ >> I'm also not sure about the names of those functions, they suggest
+ >> a more higher-level API than what is really offered (i.e., the
+ >> names "nonce" and "pseudo_random" and "random" imply certain
+ >> cryptographic properties).
+ >
+ > Could you expand a bit more on that? What is the relationship between
+ > nonce/pseudorandom/random and the /dev/ values you are using?
+
+ There is none, that is the problem.
+
+ Applications generally need different kind of "random" numbers.
+ Sometimes they just need some random data and doesn't care whether it
+ is possible for an attacker to compute the string (aka a "nonce").
+ Sometimes they need data that is very difficult to compute (i.e.,
+ computing it require inverting SHA1 or similar). Sometimes they need
+ data that is not possible to compute, i.e., it wants real entropy
+ collected over time on the system. Collecting the last kind of random
+ data is very expensive, so it must not be used too often. The second
+ kind of random data ("pseudo random") is typically generated by
+ seeding a good PRNG with a couple of hundred bytes of real entropy
+ from the "real random" data pool. The "nonce" is usually computed
+ using the PRNG as well, because PRNGs are usually fast.
+
+ Pseudo-random data is typically used for session keys. Strong random
+ data is often used to generate long-term keys (e.g., private RSA
+ keys).
+
+ Of course, there are many subtleties. There are several different
+ kind of nonce:s. Sometimes a nonce is just an ever-increasing
+ integer, starting from 0. Sometimes it is assumed to be unlikely to
+ be the same as previous nonces, but without a requirement that the
+ nonce is possible to guess. MD5(system clock) would thus suffice, if
+ it isn't called too often. You can guess what the next value will be,
+ but it will always be different.
+
+ The problem is that /dev/*random doesn't offer any kind of semantic
+ guarantees. But applications need an API that make that promise.
+
+ I think we should do this in several steps:
+
+ 1) Write a module that can read from /dev/*random.
+
+ 2) Add a module for a known-good PRNG suitable for random number
+ generation, that can be continuously re-seeded.
+
+ 3) Add a high-level module that provide various different randomness
+ functions. One for nonces, perhaps even different kind of nonces,
+ one for pseudo random data, and one for strong random data. It is
+ not clear whether we can hope to achieve the last one in a portable
+ way.
+
+ Further, it would be useful to allow users to provide their own
+ entropy source as a file, used to seed the PRNG or initialize the
+ strong randomness pool. This is used on embedded platforms that
+ doesn't have enough interrupts to hope to generate good random data.
+
+ > For example, why not use OpenBSD's /dev/arandom?
+
+ I don't trust ARC4. For example, recent cryptographic efforts
+ indicate that you must throw away the first 512 bytes generated from
+ the PRNG for it to be secure. I don't know whether OpenBSD do this.
+ Further, I recall some eprint paper on RC4 security that didn't
+ inspire confidence.
+
+ While I trust the random devices in OpenBSD more than
+ Solaris/AIX/HPUX/etc, I think that since we need something better on
+ Solaris/AIX/HPUX we'd might as well use it on OpenBSD or even Linux
+ too.
+
+ > Here is one thought. The user could specify a desired quality level
+ > range, and the implementation then would supply random data that is at
+ > least as good as the lower bound of the range. I.e., ihe
+ > implementation refuses to produce any random data if it can't generate
+ > data that is at least as good as the lower end of the range. The
+ > upper bound of the range is advice from the user not to be any more
+ > expensive than that, but the implementation can ignore the advice if
+ > it doesn't have anything cheaper.
+
+ I'm not sure this is a good idea. Users can't really be expected to
+ understand this. Further, applications need many different kind of
+ random data. Selecting the randomness level for each by the user will
+ be too complicated.
+
+ I think it is better if the application decide, from its cryptographic
+ requirement, what entropy quality it require, and call the proper API.
+ Meeting the implied semantic properties should be the job for gnulib.
+
+ >> Perhaps gc_dev_random and gc_dev_urandom?
+ >
+ > To some extent. I'd rather insulate the user from the details of
+ > where the random numbers come from. On the other hand we need to
+ > provide a way for applications to specify a file that contains
+ > random bits, so that people can override the defaults.
+
+ Agreed.
+
+ This may require some thinking before it is finalized. Is it ok to
+ install the GC module as-is meanwhile? Then I can continue to add the
+ stuff that GnuTLS need, and then come back to re-working the
+ randomness module. That way, we have two different projects that use
+ the code. GnuTLS includes the same randomness code that was in GNU
+ SASL and that is in the current gc module. I feel much more
+ comfortable working in small steps at a time, rather then working on
+ this for a long time in gnulib and only later integrate the stuff in
+ GnuTLS.
+
+ Thanks,
+ Simon
+ */
+
#endif /* GC_H */
--- /home/cvs/gsasl/lib/gl/md5.c 2005/10/05 14:30:08 1.1
+++ /home/cvs/gsasl/lib/gl/md5.c 2005/10/12 00:36:50 1.2
@@ -1,8 +1,8 @@
-/* md5.c - Functions to compute MD5 message digest of files or memory blocks
+/* Functions to compute MD5 message digest of files or memory blocks.
according to the definition of MD5 in RFC 1321 from April 1992.
- Copyright (C) 1995, 1996, 2001, 2003, 2004, 2005 Free Software Foundation,
Inc.
- NOTE: The canonical source of this file is maintained with the GNU C
- Library. Bugs can be reported to address@hidden
+ Copyright (C) 1995,1996,1997,1999,2000,2001,2005
+ Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by the
@@ -27,7 +27,9 @@
#include "md5.h"
#include <stddef.h>
+#include <stdlib.h>
#include <string.h>
+#include <sys/types.h>
#if USE_UNLOCKED_IO
# include "unlocked-io.h"
@@ -88,10 +90,10 @@
void *
md5_read_ctx (const struct md5_ctx *ctx, void *resbuf)
{
- ((md5_uint32 *) resbuf)[0] = SWAP (ctx->A);
- ((md5_uint32 *) resbuf)[1] = SWAP (ctx->B);
- ((md5_uint32 *) resbuf)[2] = SWAP (ctx->C);
- ((md5_uint32 *) resbuf)[3] = SWAP (ctx->D);
+ ((uint32_t *) resbuf)[0] = SWAP (ctx->A);
+ ((uint32_t *) resbuf)[1] = SWAP (ctx->B);
+ ((uint32_t *) resbuf)[2] = SWAP (ctx->C);
+ ((uint32_t *) resbuf)[3] = SWAP (ctx->D);
return resbuf;
}
@@ -105,7 +107,7 @@
md5_finish_ctx (struct md5_ctx *ctx, void *resbuf)
{
/* Take yet unprocessed bytes into account. */
- md5_uint32 bytes = ctx->buflen;
+ uint32_t bytes = ctx->buflen;
size_t pad;
/* Now count remaining bytes. */
@@ -117,8 +119,8 @@
memcpy (&ctx->buffer[bytes], fillbuf, pad);
/* Put the 64-bit file length in *bits* at the end of the buffer. */
- *(md5_uint32 *) &ctx->buffer[bytes + pad] = SWAP (ctx->total[0] << 3);
- *(md5_uint32 *) &ctx->buffer[bytes + pad + 4] = SWAP ((ctx->total[1] << 3) |
+ *(uint32_t *) &ctx->buffer[bytes + pad] = SWAP (ctx->total[0] << 3);
+ *(uint32_t *) &ctx->buffer[bytes + pad + 4] = SWAP ((ctx->total[1] << 3) |
(ctx->total[0] >> 29));
/* Process last bytes. */
@@ -244,8 +246,14 @@
if (len >= 64)
{
#if !_STRING_ARCH_unaligned
-# define alignof(type) offsetof (struct { char c; type x; }, x)
-# define UNALIGNED_P(p) (((size_t) p) % alignof (md5_uint32) != 0)
+/* To check alignment gcc has an appropriate operator. Other
+ compilers don't. */
+# if __GNUC__ >= 2
+# define UNALIGNED_P(p) (((uintptr_t) p) % __alignof__ (uint32_t) != 0)
+# else
+# define alignof(type) offsetof (struct { char c; type x; }, x)
+# define UNALIGNED_P(p) (((size_t) p) % alignof (uint32_t) != 0)
+# endif
if (UNALIGNED_P (buffer))
while (len > 64)
{
@@ -295,14 +303,14 @@
void
md5_process_block (const void *buffer, size_t len, struct md5_ctx *ctx)
{
- md5_uint32 correct_words[16];
- const md5_uint32 *words = buffer;
- size_t nwords = len / sizeof (md5_uint32);
- const md5_uint32 *endp = words + nwords;
- md5_uint32 A = ctx->A;
- md5_uint32 B = ctx->B;
- md5_uint32 C = ctx->C;
- md5_uint32 D = ctx->D;
+ uint32_t correct_words[16];
+ const uint32_t *words = buffer;
+ size_t nwords = len / sizeof (uint32_t);
+ const uint32_t *endp = words + nwords;
+ uint32_t A = ctx->A;
+ uint32_t B = ctx->B;
+ uint32_t C = ctx->C;
+ uint32_t D = ctx->D;
/* First increment the byte count. RFC 1321 specifies the possible
length of the file up to 2^64 bits. Here we only compute the
@@ -315,11 +323,11 @@
the loop. */
while (words < endp)
{
- md5_uint32 *cwp = correct_words;
- md5_uint32 A_save = A;
- md5_uint32 B_save = B;
- md5_uint32 C_save = C;
- md5_uint32 D_save = D;
+ uint32_t *cwp = correct_words;
+ uint32_t A_save = A;
+ uint32_t B_save = B;
+ uint32_t C_save = C;
+ uint32_t D_save = D;
/* First round: using the given function, the context and a constant
the next context is computed. Because the algorithms processing
@@ -375,7 +383,7 @@
argument specifying the function to use. */
#undef OP
#define OP(f, a, b, c, d, k, s, T) \
- do \
+ do \
{ \
a += f (b, c, d) + correct_words[k] + T; \
CYCLIC (a, s); \
--- /home/cvs/gsasl/lib/gl/md5.h 2005/10/05 14:30:08 1.1
+++ /home/cvs/gsasl/lib/gl/md5.h 2005/10/12 00:36:50 1.2
@@ -1,9 +1,8 @@
/* Declaration of functions and data types used for MD5 sum computing
library functions.
- Copyright (C) 1995-1997,1999-2005 Free Software Foundation, Inc.
-
- NOTE: The canonical source of this file is maintained with the GNU C
- Library. Bugs can be reported to address@hidden
+ Copyright (C) 1995-1997,1999,2000,2001,2004,2005
+ Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by the
@@ -23,18 +22,15 @@
#define _MD5_H 1
#include <stdio.h>
+#include <stdint.h>
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#endif
-#if HAVE_STDINT_H || _LIBC
-# include <stdint.h>
-#endif
+#define MD5_DIGEST_SIZE 16
+#define MD5_BLOCK_SIZE 64
#ifndef __GNUC_PREREQ
# if defined __GNUC__ && defined __GNUC_MINOR__
-# define __GNUC_PREREQ(maj, min) \
- ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
+# define __GNUC_PREREQ(maj, min) \
+ ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
# else
# define __GNUC_PREREQ(maj, min) 0
# endif
@@ -64,22 +60,17 @@
# define __md5_stream md5_stream
#endif
-#define MD5_DIGEST_SIZE 16
-#define MD5_BLOCK_SIZE 64
-
-typedef uint32_t md5_uint32;
-
/* Structure to save state of computation between the single steps. */
struct md5_ctx
{
- md5_uint32 A;
- md5_uint32 B;
- md5_uint32 C;
- md5_uint32 D;
-
- md5_uint32 total[2];
- md5_uint32 buflen;
- char buffer[128] __attribute__ ((__aligned__ (__alignof__ (md5_uint32))));
+ uint32_t A;
+ uint32_t B;
+ uint32_t C;
+ uint32_t D;
+
+ uint32_t total[2];
+ uint32_t buflen;
+ char buffer[128] __attribute__ ((__aligned__ (__alignof__ (uint32_t))));
};
/*
@@ -110,8 +101,8 @@
endian byte order, so that a byte-wise output yields to the wanted
ASCII representation of the message digest.
- IMPORTANT: On some systems it is required that RESBUF be correctly
- aligned for a 32 bits value. */
+ IMPORTANT: On some systems, RESBUF must be aligned to a 32-bit
+ boundary. */
extern void *__md5_finish_ctx (struct md5_ctx *ctx, void *resbuf) __THROW;
@@ -119,8 +110,8 @@
always in little endian byte order, so that a byte-wise output yields
to the wanted ASCII representation of the message digest.
- IMPORTANT: On some systems it is required that RESBUF is correctly
- aligned for a 32 bits value. */
+ IMPORTANT: On some systems, RESBUF must be aligned to a 32-bit
+ boundary. */
extern void *__md5_read_ctx (const struct md5_ctx *ctx, void *resbuf) __THROW;
- CVS gsasl/lib/gl, gsasl-commit, 2005/10/05
- CVS gsasl/lib/gl, gsasl-commit, 2005/10/06
- CVS gsasl/lib/gl, gsasl-commit, 2005/10/07
- CVS gsasl/lib/gl,
gsasl-commit <=
- CVS gsasl/lib/gl, gsasl-commit, 2005/10/11
- CVS gsasl/lib/gl, gsasl-commit, 2005/10/17
- CVS gsasl/lib/gl, gsasl-commit, 2005/10/17
- CVS gsasl/lib/gl, gsasl-commit, 2005/10/23
- CVS gsasl/lib/gl, gsasl-commit, 2005/10/23
- CVS gsasl/lib/gl, gsasl-commit, 2005/10/23