spiped 0.0.0

data/ext/spiped/spiped-source/libcperciva/crypto/crypto_dh.h

@@ -0,0 +1,43 @@
+#ifndef _CRYPTO_DH_H_
+#define _CRYPTO_DH_H_
+
+#include <stdint.h>
+
+/* Sizes of Diffie-Hellman private, public, and exchanged keys. */
+#define CRYPTO_DH_PRIVLEN	32
+#define CRYPTO_DH_PUBLEN	256
+#define CRYPTO_DH_KEYLEN	256
+
+/**
+ * crypto_dh_generate_pub(pub, priv):
+ * Compute ${pub} equal to 2^(2^258 + ${priv}) in Diffie-Hellman group #14.
+ */
+int crypto_dh_generate_pub(uint8_t[CRYPTO_DH_PUBLEN],
+    const uint8_t[CRYPTO_DH_PRIVLEN]);
+
+/**
+ * crypto_dh_generate(pub, priv):
+ * Generate a 256-bit private key ${priv}, and compute ${pub} equal to
+ * 2^(2^258 + ${priv}) mod p where p is the Diffie-Hellman group #14 modulus.
+ * Both values are stored as big-endian integers.
+ */
+int crypto_dh_generate(uint8_t[CRYPTO_DH_PUBLEN], uint8_t[CRYPTO_DH_PRIVLEN]);
+
+/**
+ * crypto_dh_compute(pub, priv, key):
+ * In the Diffie-Hellman group #14, compute ${pub}^(2^258 + ${priv}) and
+ * write the result into ${key}.  All values are big-endian.  Note that the
+ * value ${pub} is the public key produced by the call to crypto_dh_generate
+ * made by the *other* participant in the key exchange.
+ */
+int crypto_dh_compute(const uint8_t[CRYPTO_DH_PUBLEN],
+    const uint8_t[CRYPTO_DH_PRIVLEN], uint8_t[CRYPTO_DH_KEYLEN]);
+
+/**
+ * crypto_dh_sanitycheck(pub):
+ * Sanity-check the Diffie-Hellman public value ${pub} by checking that it
+ * is less than the group #14 modulus.  Return 0 if sane, -1 if insane.
+ */
+int crypto_dh_sanitycheck(const uint8_t[CRYPTO_DH_PUBLEN]);
+
+#endif /* !_CRYPTO_DH_H_ */

data/ext/spiped/spiped-source/libcperciva/crypto/crypto_dh_group14.c

@@ -0,0 +1,46 @@
+#include <stdint.h>
+
+#include "crypto_dh_group14.h"
+
+/**
+ * This is the big-endian representation of
+ * p = 2^2048 - 2^1984 + 2^64 * floor(2^1918 pi + 124476) - 1
+ * where the value 124476 is chosen to be the least positive integer such
+ * that both p and (p - 1)/2 are prime.  Diffie-Hellman operations are done
+ * in the group of quadratic residues modulo p, and the integer 2 is a
+ * generator of this group.
+ */
+uint8_t crypto_dh_group14[256] = {
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+	0xc9, 0x0f, 0xda, 0xa2, 0x21, 0x68, 0xc2, 0x34,
+	0xc4, 0xc6, 0x62, 0x8b, 0x80, 0xdc, 0x1c, 0xd1,
+	0x29, 0x02, 0x4e, 0x08, 0x8a, 0x67, 0xcc, 0x74,
+	0x02, 0x0b, 0xbe, 0xa6, 0x3b, 0x13, 0x9b, 0x22,
+	0x51, 0x4a, 0x08, 0x79, 0x8e, 0x34, 0x04, 0xdd,
+	0xef, 0x95, 0x19, 0xb3, 0xcd, 0x3a, 0x43, 0x1b,
+	0x30, 0x2b, 0x0a, 0x6d, 0xf2, 0x5f, 0x14, 0x37,
+	0x4f, 0xe1, 0x35, 0x6d, 0x6d, 0x51, 0xc2, 0x45,
+	0xe4, 0x85, 0xb5, 0x76, 0x62, 0x5e, 0x7e, 0xc6,
+	0xf4, 0x4c, 0x42, 0xe9, 0xa6, 0x37, 0xed, 0x6b,
+	0x0b, 0xff, 0x5c, 0xb6, 0xf4, 0x06, 0xb7, 0xed,
+	0xee, 0x38, 0x6b, 0xfb, 0x5a, 0x89, 0x9f, 0xa5,
+	0xae, 0x9f, 0x24, 0x11, 0x7c, 0x4b, 0x1f, 0xe6,
+	0x49, 0x28, 0x66, 0x51, 0xec, 0xe4, 0x5b, 0x3d,
+	0xc2, 0x00, 0x7c, 0xb8, 0xa1, 0x63, 0xbf, 0x05,
+	0x98, 0xda, 0x48, 0x36, 0x1c, 0x55, 0xd3, 0x9a,
+	0x69, 0x16, 0x3f, 0xa8, 0xfd, 0x24, 0xcf, 0x5f,
+	0x83, 0x65, 0x5d, 0x23, 0xdc, 0xa3, 0xad, 0x96,
+	0x1c, 0x62, 0xf3, 0x56, 0x20, 0x85, 0x52, 0xbb,
+	0x9e, 0xd5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6d,
+	0x67, 0x0c, 0x35, 0x4e, 0x4a, 0xbc, 0x98, 0x04,
+	0xf1, 0x74, 0x6c, 0x08, 0xca, 0x18, 0x21, 0x7c,
+	0x32, 0x90, 0x5e, 0x46, 0x2e, 0x36, 0xce, 0x3b,
+	0xe3, 0x9e, 0x77, 0x2c, 0x18, 0x0e, 0x86, 0x03,
+	0x9b, 0x27, 0x83, 0xa2, 0xec, 0x07, 0xa2, 0x8f,
+	0xb5, 0xc5, 0x5d, 0xf0, 0x6f, 0x4c, 0x52, 0xc9,
+	0xde, 0x2b, 0xcb, 0xf6, 0x95, 0x58, 0x17, 0x18,
+	0x39, 0x95, 0x49, 0x7c, 0xea, 0x95, 0x6a, 0xe5,
+	0x15, 0xd2, 0x26, 0x18, 0x98, 0xfa, 0x05, 0x10,
+	0x15, 0x72, 0x8e, 0x5a, 0x8a, 0xac, 0xaa, 0x68,
+	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
+};

data/ext/spiped/spiped-source/libcperciva/crypto/crypto_dh_group14.h

@@ -0,0 +1,9 @@
+#ifndef _CRYPTO_DH_GROUP14_H_
+#define _CRYPTO_DH_GROUP14_H_
+
+#include <stdint.h>
+
+/* Diffie-Hellman group #14, from RFC 3526. */
+extern uint8_t crypto_dh_group14[];
+
+#endif /* !_CRYPTO_DH_GROUP14_H_ */

data/ext/spiped/spiped-source/libcperciva/crypto/crypto_entropy.c

@@ -0,0 +1,215 @@
+#include <assert.h>
+#include <stdint.h>
+#include <string.h>
+
+#include "entropy.h"
+#include "insecure_memzero.h"
+
+#include "sha256.h"
+
+#include "crypto_entropy.h"
+
+/**
+ * This system implements the HMAC_DRBG pseudo-random number generator as
+ * specified in section 10.1.2 of the NIST SP 800-90 standard.  In this
+ * implementation, the optional personalization_string and additional_input
+ * specified in the standard are not implemented.
+ */
+
+/* Internal HMAC_DRBG state. */
+static struct {
+	uint8_t Key[32];
+	uint8_t V[32];
+	uint32_t reseed_counter;
+} drbg;
+
+/* Set to non-zero once the PRNG has been instantiated. */
+static int instantiated = 0;
+
+/* Could be as high as 2^48 if we wanted... */
+#define RESEED_INTERVAL	256
+
+/* Limited to 2^16 by specification. */
+#define GENERATE_MAXLEN	65536
+
+static int instantiate(void);
+static void update(uint8_t *, size_t);
+static int reseed(void);
+static void generate(uint8_t *, size_t);
+
+/**
+ * instantiate(void):
+ * Initialize the DRBG state.  (Section 10.1.2.3)
+ */
+static int
+instantiate(void)
+{
+	uint8_t seed_material[48];
+
+	/* Obtain random seed_material = (entropy_input || nonce). */
+	if (entropy_read(seed_material, 48))
+		return (-1);
+
+	/* Initialize Key, V, and reseed_counter. */
+	memset(drbg.Key, 0x00, 32);
+	memset(drbg.V, 0x01, 32);
+	drbg.reseed_counter = 1;
+
+	/* Mix the random seed into the state. */
+	update(seed_material, 48);
+
+	/* Clean the stack. */
+	insecure_memzero(seed_material, 48);
+
+	/* Success! */
+	return (0);
+}
+
+/**
+ * update(data, datalen):
+ * Update the DRBG state using the provided data.  (Section 10.1.2.2)
+ */
+static void
+update(uint8_t * data, size_t datalen)
+{
+	HMAC_SHA256_CTX ctx;
+	uint8_t K[32];
+	uint8_t Vx[33];
+
+	/* Load (Key, V) into (K, Vx). */
+	memcpy(K, drbg.Key, 32);
+	memcpy(Vx, drbg.V, 32);
+
+	/* K <- HMAC(K, V || 0x00 || data). */
+	Vx[32] = 0x00;
+	HMAC_SHA256_Init(&ctx, K, 32);
+	HMAC_SHA256_Update(&ctx, Vx, 33);
+	HMAC_SHA256_Update(&ctx, data, datalen);
+	HMAC_SHA256_Final(K, &ctx);
+
+	/* V <- HMAC(K, V). */
+	HMAC_SHA256_Buf(K, 32, Vx, 32, Vx);
+
+	/* If the provided data is non-Null, perform another mixing stage. */
+	if (datalen != 0) {
+		/* K <- HMAC(K, V || 0x01 || data). */
+		Vx[32] = 0x01;
+		HMAC_SHA256_Init(&ctx, K, 32);
+		HMAC_SHA256_Update(&ctx, Vx, 33);
+		HMAC_SHA256_Update(&ctx, data, datalen);
+		HMAC_SHA256_Final(K, &ctx);
+
+		/* V <- HMAC(K, V). */
+		HMAC_SHA256_Buf(K, 32, Vx, 32, Vx);
+	}
+
+	/* Copy (K, Vx) back to (Key, V). */
+	memcpy(drbg.Key, K, 32);
+	memcpy(drbg.V, Vx, 32);
+
+	/* Clean the stack. */
+	insecure_memzero(K, 32);
+	insecure_memzero(Vx, 33);
+}
+
+/**
+ * reseed(void):
+ * Reseed the DRBG state (mix in new entropy).  (Section 10.1.2.4)
+ */
+static int
+reseed(void)
+{
+	uint8_t seed_material[32];
+
+	/* Obtain random seed_material = entropy_input. */
+	if (entropy_read(seed_material, 32))
+		return (-1);
+
+	/* Mix the random seed into the state. */
+	update(seed_material, 32);
+
+	/* Reset the reseed_counter. */
+	drbg.reseed_counter = 1;
+
+	/* Clean the stack. */
+	insecure_memzero(seed_material, 32);
+
+	/* Success! */
+	return (0);
+}
+
+/**
+ * generate(buf, buflen):
+ * Fill the provided buffer with random bits, assuming that reseed_counter
+ * is less than RESEED_INTERVAL (the caller is responsible for calling
+ * reseed() as needed) and ${buflen} is less than 2^16 (the caller is
+ * responsible for splitting up larger requests).  (Section 10.1.2.5)
+ */
+static void
+generate(uint8_t * buf, size_t buflen)
+{
+	size_t bufpos;
+
+	assert(buflen <= GENERATE_MAXLEN);
+	assert(drbg.reseed_counter <= RESEED_INTERVAL);
+
+	/* Iterate until we've filled the buffer. */
+	for (bufpos = 0; bufpos < buflen; bufpos += 32) {
+		HMAC_SHA256_Buf(drbg.Key, 32, drbg.V, 32, drbg.V);
+		if (buflen - bufpos >= 32)
+			memcpy(&buf[bufpos], drbg.V, 32);
+		else
+			memcpy(&buf[bufpos], drbg.V, buflen - bufpos);
+	}
+
+	/* Mix up state. */
+	update(NULL, 0);
+
+	/* We're one data-generation step closer to needing a reseed. */
+	drbg.reseed_counter += 1;
+}
+
+/**
+ * crypto_entropy_read(buf, buflen):
+ * Fill the buffer with unpredictable bits.
+ */
+int
+crypto_entropy_read(uint8_t * buf, size_t buflen)
+{
+	size_t bytes_to_provide;
+
+	/* Instantiate if needed. */
+	if (instantiated == 0) {
+		/* Try to instantiate the PRNG. */
+		if (instantiate())
+			return (-1);
+
+		/* We have instantiated the PRNG. */
+		instantiated = 1;
+	}
+
+	/* Loop until we've filled the buffer. */
+	while (buflen > 0) {
+		/* Do we need to reseed? */
+		if (drbg.reseed_counter > RESEED_INTERVAL) {
+			if (reseed())
+				return (-1);
+		}
+
+		/* How much data are we generating in this step? */
+		if (buflen > GENERATE_MAXLEN)
+			bytes_to_provide = GENERATE_MAXLEN;
+		else
+			bytes_to_provide = buflen;
+
+		/* Generate bytes. */
+		generate(buf, bytes_to_provide);
+
+		/* We've done part of the buffer. */
+		buf += bytes_to_provide;
+		buflen -= bytes_to_provide;
+	}
+
+	/* Success! */
+	return (0);
+}

data/ext/spiped/spiped-source/libcperciva/crypto/crypto_entropy.h

@@ -0,0 +1,14 @@
+#ifndef _CRYPTO_ENTROPY_H_
+#define _CRYPTO_ENTROPY_H_
+
+#include <stddef.h>
+#include <stdint.h>
+
+/**
+ * crypto_entropy_read(buf, buflen):
+ * Fill the buffer with unpredictable bits.  The value ${buflen} must be
+ * less than 2^16.
+ */
+int crypto_entropy_read(uint8_t *, size_t);
+
+#endif /* !_CRYPTO_ENTROPY_H_ */

data/ext/spiped/spiped-source/libcperciva/crypto/crypto_verify_bytes.c

@@ -0,0 +1,21 @@
+#include <stddef.h>
+#include <stdint.h>
+
+#include "crypto_verify_bytes.h"
+
+/**
+ * crypto_verify_bytes(buf0, buf1, len):
+ * Return zero if and only if buf0[0 .. len - 1] and buf1[0 .. len - 1] are
+ * identical.  Do not leak any information via timing side channels.
+ */
+uint8_t
+crypto_verify_bytes(const uint8_t * buf0, const uint8_t * buf1, size_t len)
+{
+	uint8_t rc = 0;
+	size_t i;
+
+	for (i = 0; i < len; i++)
+		rc = rc | (buf0[i] ^ buf1[i]);
+
+	return (rc);
+}

data/ext/spiped/spiped-source/libcperciva/crypto/crypto_verify_bytes.h

@@ -0,0 +1,14 @@
+#ifndef _CRYPTO_VERIFY_BYTES_H_
+#define _CRYPTO_VERIFY_BYTES_H_
+
+#include <stddef.h>
+#include <stdint.h>
+
+/**
+ * crypto_verify_bytes(buf0, buf1, len):
+ * Return zero if and only if buf0[0 .. len - 1] and buf1[0 .. len - 1] are
+ * identical.  Do not leak any information via timing side channels.
+ */
+uint8_t crypto_verify_bytes(const uint8_t *, const uint8_t *, size_t);
+
+#endif /* !_CRYPTO_VERIFY_BYTES_H_ */

data/ext/spiped/spiped-source/libcperciva/datastruct/elasticarray.c

@@ -0,0 +1,276 @@
+#include <errno.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "elasticarray.h"
+
+struct elasticarray {
+	size_t size;
+	size_t alloc;
+	void * buf;
+};
+
+/**
+ * resize(EA, nsize):
+ * Resize the virtual buffer for ${EA} to length ${nsize} bytes.  The actual
+ * buffer may or may not need to be resized.  On failure, the buffer will be
+ * unmodified.
+ */
+static int
+resize(struct elasticarray * EA, size_t nsize)
+{
+	size_t nalloc;
+	void * nbuf;
+
+	/* Figure out how large an allocation we want. */
+	if (EA->alloc < nsize) {
+		/* We need to enlarge the buffer. */
+		nalloc = EA->alloc * 2;
+		if (nalloc < nsize)
+			nalloc = nsize;
+	} else if (EA->alloc > nsize * 4) {
+		/* We need to shrink the buffer. */
+		nalloc = nsize * 2;
+	} else {
+		nalloc = EA->alloc;
+	}
+
+	/* Reallocate if necessary. */
+	if (nalloc != EA->alloc) {
+		nbuf = realloc(EA->buf, nalloc);
+		if ((nbuf == NULL) && (nalloc > 0))
+			goto err0;
+		EA->buf = nbuf;
+		EA->alloc = nalloc;
+	}
+
+	/* Record the new array size. */
+	EA->size = nsize;
+
+	/* Success! */
+	return (0);
+
+err0:
+	/* Failure! */
+	return (-1);
+}
+
+/**
+ * elasticarray_init(nrec, reclen):
+ * Create and return an elastic array holding ${nrec} (uninitialized) records
+ * of length ${reclen}.  Takes O(nrec * reclen) time.
+ */
+struct elasticarray *
+elasticarray_init(size_t nrec, size_t reclen)
+{
+	struct elasticarray * EA;
+
+	/* Allocate structure. */
+	if ((EA = malloc(sizeof(struct elasticarray))) == NULL)
+		goto err0;
+
+	/* The array is empty for now. */
+	EA->size = EA->alloc = 0;
+	EA->buf = NULL;
+
+	/* Reallocate to the requested length. */
+	if (elasticarray_resize(EA, nrec, reclen))
+		goto err1;
+
+	/* Success! */
+	return (EA);
+
+err1:
+	elasticarray_free(EA);
+err0:
+	/* Failure! */
+	return (NULL);
+}
+
+/**
+ * elasticarray_resize(EA, nrec, reclen):
+ * Resize the elastic array pointed to by ${EA} to hold ${nrec} records of
+ * length ${reclen}.  If ${nrec} exceeds the number of records previously
+ * held by the array, the additional records will be uninitialized.  Takes
+ * O(nrec * reclen) time.
+ */
+int
+elasticarray_resize(struct elasticarray * EA, size_t nrec, size_t reclen)
+{
+
+	/* Check for overflow. */
+	if (nrec > SIZE_MAX / reclen) {
+		errno = ENOMEM;
+		goto err0;
+	}
+
+	/* Resize the buffer. */
+	if (resize(EA, nrec * reclen))
+		goto err0;
+
+	/* Success! */
+	return (0);
+
+err0:
+	/* Failure! */
+	return (-1);
+}
+
+/**
+ * elasticarray_getsize(EA, reclen):
+ * Return the number of length-${reclen} records in the array, rounding down
+ * if there is a partial record (which can only occur if elasticarray_*
+ * functions have been called with different values of reclen).
+ */
+size_t
+elasticarray_getsize(struct elasticarray * EA, size_t reclen)
+{
+
+	return (EA->size / reclen);
+}
+
+/**
+ * elasticarray_append(EA, buf, nrec, reclen):
+ * Append to the elastic array ${EA} the ${nrec} records of length ${reclen}
+ * stored in ${buf}.  Takes O(nrec * reclen) amortized time.
+ */
+int
+elasticarray_append(struct elasticarray * EA,
+    const void * buf, size_t nrec, size_t reclen)
+{
+	size_t bufpos = EA->size;
+
+	/* Check for overflow. */
+	if ((nrec > SIZE_MAX / reclen) ||
+	    (nrec * reclen > SIZE_MAX - EA->size)) {
+		errno = ENOMEM;
+		goto err0;
+	}
+
+	/* Resize the buffer. */
+	if (resize(EA, EA->size + nrec * reclen))
+		goto err0;
+
+	/* Copy bytes in. */
+	memcpy((uint8_t *)(EA->buf) + bufpos, buf, nrec * reclen);
+
+	/* Success! */
+	return (0);
+
+err0:
+	/* Failure! */
+	return (-1);
+}
+
+/**
+ * elasticarray_shrink(EA, nrec, reclen):
+ * Delete the final ${nrec} records of length ${reclen} from the elastic
+ * array ${EA}.  If there are fewer than ${nrec} records, all records
+ * present will be deleted.
+ *
+ * As an exception to the normal rule, an elastic array may occupy more than
+ * 4 times the optimal storage immediately following an elasticarray_shrink
+ * call; but only if realloc(3) failed to shrink a memory allocation.
+ */
+void
+elasticarray_shrink(struct elasticarray * EA, size_t nrec, size_t reclen)
+{
+	size_t nsize;
+
+	/* Figure out how much to keep. */
+	if ((nrec > SIZE_MAX / reclen) ||
+	    (nrec * reclen > EA->size))
+		nsize = 0;
+	else
+		nsize = EA->size - nrec * reclen;
+
+	/* Resize the buffer... */
+	if (resize(EA, nsize)) {
+		/*
+		 * ... and if we fail to reallocate, just record the new
+		 * length and continue using the old buffer.
+		 */
+		EA->size = nsize;
+	}
+}
+
+/**
+ * elasticarray_truncate(EA):
+ * Release any spare space in the elastic array ${EA}.
+ */
+int
+elasticarray_truncate(struct elasticarray * EA)
+{
+	void * nbuf;
+
+	/* If there is spare space, reallocate. */
+	if (EA->alloc > EA->size) {
+		nbuf = realloc(EA->buf, EA->size);
+		if ((nbuf == NULL) && (EA->size > 0))
+			goto err0;
+		EA->buf = nbuf;
+		EA->alloc = EA->size;
+	}
+
+	/* Success! */
+	return (0);
+
+err0:
+	/* Failure! */
+	return (-1);
+}
+
+/**
+ * elasticarray_get(EA, pos, reclen):
+ * Return a pointer to record number ${pos} of length ${reclen} in the
+ * elastic array ${EA}.  Takes O(1) time.
+ */
+void *
+elasticarray_get(struct elasticarray * EA, size_t pos, size_t reclen)
+{
+
+	return ((uint8_t *)(EA->buf) + pos * reclen);
+}
+
+/**
+ * elasticarray_free(EA):
+ * Free the elastic array ${EA}.  Takes O(1) time.
+ */
+void
+elasticarray_free(struct elasticarray * EA)
+{
+
+	/* Be compatible with free(NULL). */
+	if (EA == NULL)
+		return;
+
+	free(EA->buf);
+	free(EA);
+}
+
+/**
+ * elasticarray_export(EA, buf, nrec, reclen):
+ * Return the data in the elastic array ${EA} as a buffer ${buf} containing
+ * ${nrec} records of length ${reclen}.  Free the elastic array ${EA}.
+ */
+int
+elasticarray_export(struct elasticarray * EA, void ** buf, size_t * nrec,
+    size_t reclen)
+{
+
+	/* Remove any spare space. */
+	if (elasticarray_truncate(EA))
+		goto err0;
+
+	/* Return the buffer and number of records. */
+	*buf = EA->buf;
+	*nrec = elasticarray_getsize(EA, reclen);
+
+	/* Success! */
+	return (0);
+
+err0:
+	/* Failure! */
+	return (-1);
+}