From 68e13e0aec50a12b343aec8c2009162e4dbc08de Mon Sep 17 00:00:00 2001 From: David Thompson Date: Wed, 28 Nov 2018 12:44:54 -0500 Subject: First working version. --- aws/cloudformation/utils.scm | 277 ++++++++++++++++++++++++++ aws/cloudformation/utils/base32.scm | 53 +++++ aws/cloudformation/utils/json.scm | 386 ++++++++++++++++++++++++++++++++++++ aws/cloudformation/utils/sha-1.scm | 300 ++++++++++++++++++++++++++++ 4 files changed, 1016 insertions(+) create mode 100644 aws/cloudformation/utils.scm create mode 100644 aws/cloudformation/utils/base32.scm create mode 100644 aws/cloudformation/utils/json.scm create mode 100644 aws/cloudformation/utils/sha-1.scm (limited to 'aws/cloudformation') diff --git a/aws/cloudformation/utils.scm b/aws/cloudformation/utils.scm new file mode 100644 index 0000000..e618cf8 --- /dev/null +++ b/aws/cloudformation/utils.scm @@ -0,0 +1,277 @@ +(define-module (aws cloudformation utils) + #:use-module (aws cloudformation utils base32) + #:use-module (aws cloudformation utils sha-1) + #:use-module (ice-9 match) + #:use-module (oop goops) + #:use-module (rnrs bytevectors) + #:use-module (srfi srfi-1) + #:export ( + + + + + attributes + aws-string->symbol + description + documentation-url + id + name + outputs + parameters + primitive-type + properties + required? + resource-name + resources + to-json + type-check + type-checker + update-type + valid?)) + +(define (aws-string->symbol str) + ;; Drop the "AWS::" that's at the beginning of *almost* everything. + (let ((str (if (string-prefix? "AWS::" str) + (string-drop str 5) + str))) + (list->symbol + (let loop ((i 0) + (same-word? #t) + (slash-delimiter? #f)) + (cond + ((= i (string-length str)) ; end of string + '()) + ;; "IoT" violates all the rules. grrrr + ((and (< (+ i 3) (string-length str)) + (eqv? (string-ref str i) #\I) + (eqv? (string-ref str (+ i 1)) #\o) + (eqv? (string-ref str (+ i 2)) #\T)) + (cons* #\i #\o #\t (loop (+ i 3) #f #f))) + ;; Replace "." with "/" + ((eqv? (string-ref str i) #\.) + (cons #\/ (loop (1+ i) #f #t))) + ;; Get rid of "::" + ((and (eqv? (string-ref str i) #\:) + (eqv? (string-ref str (1+ i)) #\:)) + (loop (+ i 2) #f #f)) + ((char-upper-case? (string-ref str i)) ; detect camel casing + (cond + ;; If we've had a string of uppercase characters and the + ;; next character is lowercase, we're actually at the + ;; beginning of a new word. For example, when we reach the + ;; "I" in "DBInstance" we need to treat it as the beginning + ;; of a new word. + ((and same-word? + (< (1+ i) (string-length str)) + (char-lower-case? (string-ref str (1+ i)))) + (loop i #f #f)) + ;; Consecutive uppercase characters are part of the same word. + (same-word? + (cons (char-downcase (string-ref str i)) (loop (1+ i) #t #f))) + ;; Encountering an uppercase character after a series of + ;; non-uppercase characters means that we are at the + ;; beginning of a new word. + (else + (if (or (zero? i) slash-delimiter?) + (cons (char-downcase (string-ref str i)) (loop (1+ i) #t #f)) + (cons* #\- (char-downcase (string-ref str i)) + (loop (1+ i) #t #f)))))) + (else + (cons (string-ref str i) (loop (1+ i) #f #f)))))))) + +(define-class () + (name #:getter name #:init-keyword #:name) + (type-checker #:getter type-checker #:init-keyword #:type-checker) + (required? #:getter required? #:init-keyword #:required?) + (update-type #:getter update-type #:init-keyword #:update-type) + (documentation-url #:getter documentation-url + #:init-keyword #:documentation-url)) + +(define-method (type-check (procedure ) x) + (procedure x)) + +(define-method (type-check (property ) x) + ((type-checker property) x)) + +(define-class () + (properties #:getter properties) + (cfn-name #:getter cfn-name) + (documentation-url #:getter documentation-url)) + +(define-method (initialize (cfn-class ) args) + (define* (slot-cfn-property slot-name #:key cfn-property #:allow-other-keys) + (and cfn-property (cons slot-name cfn-property))) + (define* (init #:key cfn-name documentation-url slots #:allow-other-keys) + (slot-set! cfn-class 'cfn-name cfn-name) + (slot-set! cfn-class 'documentation-url documentation-url) + (slot-set! cfn-class + 'properties + (filter-map (lambda (slot-args) + (apply slot-cfn-property slot-args)) + slots))) + (apply init args) + (next-method)) + +(define-class () + #:metaclass ) + +(define-method (initialize (obj ) args) + (next-method) + ;; Ensure that all required properties have been specified, and that + ;; all specified properties pass the type checker. + (for-each (match-lambda + ((slot-name . prop) + (cond + ((and (required? prop) (not (slot-bound? obj slot-name))) + (error "required property not specified:" slot-name)) + ((slot-bound? obj slot-name) + (let ((value (slot-ref obj slot-name))) + (unless (type-check prop value) + (error "wrong type for property:" slot-name value))))))) + (slot-ref (class-of obj) 'properties))) + +(define-method (cfn-name (obj )) + (cfn-name (class-of obj))) + +(define-method (properties (obj )) + (slot-ref (class-of obj) 'properties)) + +(define-method (to-json/refs obj) + (to-json obj)) + +(define-method (to-json (s )) s) +(define-method (to-json (b )) b) +(define-method (to-json (n )) n) +(define-method (to-json (p )) + (if (pair? (car p)) + `(@ ,@(map (match-lambda + ((k . v) + (cons k (to-json/refs v)))) + p)) + (cons (to-json/refs (car p)) (to-json (cdr p))))) +(define-method (to-json (null )) + '()) + +(define-method (to-json (obj )) + (cons '@ + (filter-map (match-lambda + ((slot-name . property) + (and (slot-bound? obj slot-name) + (cons (name property) + (to-json/refs (slot-ref obj slot-name)))))) + (properties obj)))) + +(define-method (valid? (obj )) + (every (match-lambda + ((slot-name . property) + (cond + ((and (required? property) (not (slot-bound? obj slot-name))) + #f) + ((not (or (required? property) (slot-bound? obj slot-name))) + #t) + (else + (type-check property (slot-ref obj slot-name)))))) + (slot-ref (class-of obj) 'properties))) + +(define-class () + (name #:getter name #:init-keyword #:name) + (primitive-type #:getter primitive-type #:init-keyword #:primitive-type)) + +(define-class () + (resource-name-prefix #:getter resource-name-prefix) + (attributes #:getter attributes)) + +(define-method (initialize (resource-class ) args) + (define* (init #:key attributes cfn-name #:allow-other-keys) + (when cfn-name + (slot-set! resource-class 'resource-name-prefix + (string-join (drop (delete "" (string-split cfn-name #\:)) 1) + ""))) + (slot-set! resource-class 'attributes attributes)) + (apply init args) + (next-method)) + +(define-class () + (id #:getter id #:init-keyword #:id) + (cfn-id #:getter cfn-id) + #:metaclass ) + +(define char-set:alphanumeric + (char-set-intersection char-set:ascii char-set:letter+digit)) + +(define (alphanumize s) + (string-filter char-set:alphanumeric s)) + +(define (id->cfn-id sym) + (string-append (let ((camelized + (string-concatenate + (map (lambda (s) + (string-capitalize (alphanumize s))) + (string-split (symbol->string sym) #\-))))) + (if (> (string-length camelized) 223) + (substring camelized 223) + camelized)) + (base32-encode + (sha-1->bytevector + (sha-1 + (string->utf8 + (symbol->string sym))))))) + +(define-method (initialize (resource ) args) + (next-method) + (unless (slot-bound? resource 'id) + (error "no id specified for resource:" resource)) + (slot-set! resource 'cfn-id (id->cfn-id (id resource)))) + +(define-method (type-check (proc ) + (resource )) + (type-check proc "arn:dummy")) + +(define-method (to-json/refs (resource )) + `(@ ("Ref" . ,(cfn-id resource)))) + +(define-method (to-json (resource )) + `(@ ("Type" . ,(cfn-name resource)) + ("Properties" . ,(next-method)))) + +(define-class () + (description #:getter description #:init-keyword #:description #:init-form "") + (parameters #:getter parameters #:init-keyword #:parameters) + (resources #:getter resources #:init-keyword #:resources) + (outputs #:getter outputs #:init-keyword #:outputs)) + +(define-method (transitive-resources (stack )) + (define (scan-object obj) + (cond + ((is-a? obj ) + (match obj + ((first rest ...) + (concatenate (cons (scan-object first) + (scan-object rest)))) + ((key . value) + (scan-object value)))) + ((is-a? obj ) + (list obj)) + ((is-a? obj ) + (scan-properties obj)) + (else + '()))) + (define (scan-properties obj) + (append-map (match-lambda + ((slot-name . prop) + (let ((value (and (slot-bound? obj slot-name) + (slot-ref obj slot-name)))) + (scan-object value)))) + (properties obj))) + (append-map (lambda (resource) + (cons resource (scan-properties resource))) + (resources stack))) + +(define-method (to-json (stack )) + `(@ ("AWSTemplateFormatVersion" . "2010-09-09") + ("Description" . ,(description stack)) + ("Resources" . + (@ ,@(map (lambda (resource) + (cons (cfn-id resource) + (to-json resource))) + (transitive-resources stack)))))) diff --git a/aws/cloudformation/utils/base32.scm b/aws/cloudformation/utils/base32.scm new file mode 100644 index 0000000..4a01825 --- /dev/null +++ b/aws/cloudformation/utils/base32.scm @@ -0,0 +1,53 @@ +(define-module (aws cloudformation utils base32) + #:use-module (rnrs bytevectors) + #:use-module (srfi srfi-60) + #:export (base32-encode)) + +;; Credit to Ludovic Courtes +(define bytevector-quintet-ref + (let* ((ref bytevector-u8-ref) + (ref+ (lambda (bv offset) + (let ((o (+ 1 offset))) + (if (>= o (bytevector-length bv)) + 0 + (bytevector-u8-ref bv o))))) + (ref0 (lambda (bv offset) + (bit-field (ref bv offset) 3 8))) + (ref1 (lambda (bv offset) + (logior (ash (bit-field (ref bv offset) 0 3) 2) + (bit-field (ref+ bv offset) 6 8)))) + (ref2 (lambda (bv offset) + (bit-field (ref bv offset) 1 6))) + (ref3 (lambda (bv offset) + (logior (ash (bit-field (ref bv offset) 0 1) 4) + (bit-field (ref+ bv offset) 4 8)))) + (ref4 (lambda (bv offset) + (logior (ash (bit-field (ref bv offset) 0 4) 1) + (bit-field (ref+ bv offset) 7 8)))) + (ref5 (lambda (bv offset) + (bit-field (ref bv offset) 2 7))) + (ref6 (lambda (bv offset) + (logior (ash (bit-field (ref bv offset) 0 2) 3) + (bit-field (ref+ bv offset) 5 8)))) + (ref7 (lambda (bv offset) + (bit-field (ref bv offset) 0 5))) + (refs (vector ref0 ref1 ref2 ref3 ref4 ref5 ref6 ref7))) + (lambda (bv index) + "Return the INDEXth quintet of BV." + (let ((p (vector-ref refs (modulo index 8)))) + (p bv (quotient (* index 5) 8)))))) + +(define (base32-encode bv) + ;; We are assuming that the bytevector length is divisible by 5, + ;; because that is the case for SHA-1 hashes. A general-purpose + ;; base32 encoder would need to pad the bytevector when this is not + ;; the case. + (let* ((alphabet "0123456789ABCDEFGHJKMNPQRSTVWXYZ") + (n (/ (* (bytevector-length bv) 8) 5)) + (s (make-string n))) + (let loop ((i 0)) + (when (< i n) + (let ((x (bytevector-quintet-ref bv i))) + (string-set! s i (string-ref alphabet x)) + (loop (+ i 1))))) + s)) diff --git a/aws/cloudformation/utils/json.scm b/aws/cloudformation/utils/json.scm new file mode 100644 index 0000000..11ca6bf --- /dev/null +++ b/aws/cloudformation/utils/json.scm @@ -0,0 +1,386 @@ +;;;; json.scm --- JSON reader/writer +;;;; Copyright © 2015, 2017 David Thompson +;;;; Copyright © 2017 Christopher Allan Webber +;;;; +;;;; This library is free software; you can redistribute it and/or +;;;; modify it under the terms of the GNU Lesser General Public +;;;; License as published by the Free Software Foundation; either +;;;; version 3 of the License, or (at your option) any later version. +;;;; +;;;; This library is distributed in the hope that it will be useful, +;;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +;;;; Lesser General Public License for more details. +;;;; +;;;; You should have received a copy of the GNU Lesser General Public +;;;; License along with this library; if not, write to the Free Software +;;;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +;;;; 02110-1301 USA + +(define-module (aws cloudformation utils json) + #:use-module (ice-9 match) + #:export (read-json json-assoc-ref write-json)) + +(define (json-assoc-ref json key) + (match (assoc-ref json key) + (('@ . alist) alist) + (x x))) + +(define (json-error port) + (throw 'json-error port)) + +(define (assert-char port char) + "Read a character from PORT and throw an invalid JSON error if the +character is not CHAR." + (unless (eqv? (read-char port) char) + (json-error port))) + +(define (whitespace? char) + "Return #t if CHAR is a whitespace character." + (char-set-contains? char-set:whitespace char)) + +(define (consume-whitespace port) + "Discard characters from PORT until a non-whitespace character is +encountered.." + (match (peek-char port) + ((? eof-object?) *unspecified*) + ((? whitespace?) + (read-char port) + (consume-whitespace port)) + (_ *unspecified*))) + +(define (make-keyword-reader keyword value) + "Parse the keyword symbol KEYWORD as VALUE." + (let ((str (symbol->string keyword))) + (lambda (port) + (let loop ((i 0)) + (cond + ((= i (string-length str)) value) + ((eqv? (string-ref str i) (read-char port)) + (loop (1+ i))) + (else (json-error port))))))) + +(define read-true (make-keyword-reader 'true #t)) +(define read-false (make-keyword-reader 'false #f)) +(define read-null (make-keyword-reader 'null 'null)) + +(define (read-hex-digit port) + "Read a hexadecimal digit from PORT." + (match (read-char port) + (#\0 0) + (#\1 1) + (#\2 2) + (#\3 3) + (#\4 4) + (#\5 5) + (#\6 6) + (#\7 7) + (#\8 8) + (#\9 9) + ((or #\A #\a) 10) + ((or #\B #\b) 11) + ((or #\C #\c) 12) + ((or #\D #\d) 13) + ((or #\E #\e) 14) + ((or #\F #\f) 15) + (_ (json-error port)))) + +(define (read-utf16-character port) + "Read a hexadecimal encoded UTF-16 character from PORT." + (integer->char + (+ (* (read-hex-digit port) (expt 16 3)) + (* (read-hex-digit port) (expt 16 2)) + (* (read-hex-digit port) 16) + (read-hex-digit port)))) + +(define (read-escape-character port) + "Read escape character from PORT." + (match (read-char port) + (#\" #\") + (#\\ #\\) + (#\/ #\/) + (#\b #\backspace) + (#\f #\page) + (#\n #\newline) + (#\r #\return) + (#\t #\tab) + (#\u (read-utf16-character port)) + (_ (json-error port)))) + +(define (read-string port) + "Read a JSON encoded string from PORT." + (assert-char port #\") + (let loop ((result '())) + (match (read-char port) + ((? eof-object?) (json-error port)) + (#\" (list->string (reverse result))) + (#\\ (loop (cons (read-escape-character port) result))) + (char (loop (cons char result)))))) + +(define char-set:json-digit + (char-set #\0 #\1 #\2 #\3 #\4 #\5 #\6 #\7 #\8 #\9)) + +(define (digit? char) + (char-set-contains? char-set:json-digit char)) + +(define (read-digit port) + "Read a digit 0-9 from PORT." + (match (read-char port) + (#\0 0) + (#\1 1) + (#\2 2) + (#\3 3) + (#\4 4) + (#\5 5) + (#\6 6) + (#\7 7) + (#\8 8) + (#\9 9) + (else (json-error port)))) + +(define (read-digits port) + "Read a sequence of digits from PORT." + (let loop ((result '())) + (match (peek-char port) + ((? eof-object?) + (reverse result)) + ((? digit?) + (loop (cons (read-digit port) result))) + (else (reverse result))))) + +(define (list->integer digits) + "Convert the list DIGITS to an integer." + (let loop ((i (1- (length digits))) + (result 0) + (digits digits)) + (match digits + (() result) + ((n . tail) + (loop (1- i) + (+ result (* n (expt 10 i))) + tail))))) + +(define (read-positive-integer port) + "Read a positive integer with no leading zeroes from PORT." + (match (read-digits port) + ((0 . _) + (json-error port)) ; no leading zeroes allowed + ((digits ...) + (list->integer digits)))) + +(define (read-exponent port) + "Read exponent from PORT." + (define (read-expt) + (list->integer (read-digits port))) + + (unless (memv (read-char port) '(#\e #\E)) + (json-error port)) + + (match (peek-char port) + ((? eof-object?) + (json-error port)) + (#\- + (read-char port) + (- (read-expt))) + (#\+ + (read-char port) + (read-expt)) + ((? digit?) + (read-expt)) + (_ (json-error port)))) + +(define (read-fraction port) + "Read fractional number part from PORT as an inexact number." + (let* ((digits (read-digits port)) + (numerator (list->integer digits)) + (denomenator (expt 10 (length digits)))) + (/ numerator denomenator))) + +(define (read-positive-number port) + "Read a positive number from PORT." + (let* ((integer (match (peek-char port) + ((? eof-object?) + (json-error port)) + (#\0 + (read-char port) + 0) + ((? digit?) + (read-positive-integer port)) + (_ (json-error port)))) + (fraction (match (peek-char port) + (#\. + (read-char port) + (read-fraction port)) + (_ 0))) + (exponent (match (peek-char port) + ((or #\e #\E) + (read-exponent port)) + (_ 0))) + (n (* (+ integer fraction) (expt 10 exponent)))) + + ;; Keep integers as exact numbers, but convert numbers encoded as + ;; floating point numbers to an inexact representation. + (if (zero? fraction) + n + (exact->inexact n)))) + +(define (read-number port) + "Read a number from PORT" + (match (peek-char port) + ((? eof-object?) + (json-error port)) + (#\- + (read-char port) + (- (read-positive-number port))) + ((? digit?) + (read-positive-number port)) + (_ (json-error port)))) + +(define (read-object port) + "Read key/value map from PORT." + (define (read-key+value-pair) + (let ((key (read-string port))) + (consume-whitespace port) + (assert-char port #\:) + (consume-whitespace port) + (let ((value (read-value port))) + (cons key value)))) + + (assert-char port #\{) + (consume-whitespace port) + + (if (eqv? #\} (peek-char port)) + (begin + (read-char port) + '()) ; empty object + (cons (read-key+value-pair) + (let loop () + (consume-whitespace port) + (match (peek-char port) + (#\, ; read another value + (read-char port) + (consume-whitespace port) + (cons (read-key+value-pair) (loop))) + (#\} ; end of object + (read-char port) + '()) + (_ (json-error port))))))) + +(define (read-array port) + "Read array from PORT." + (assert-char port #\[) + (consume-whitespace port) + + (list->vector + (if (eqv? #\] (peek-char port)) + (begin + (read-char port) + '() ); empty array + (cons (read-value port) + (let loop () + (consume-whitespace port) + (match (peek-char port) + (#\, ; read another value + (read-char port) + (consume-whitespace port) + (cons (read-value port) (loop))) + (#\] ; end of array + (read-char port) + '()) + (_ (json-error port)))))))) + +(define (read-value port) + "Read a JSON value from PORT." + (consume-whitespace port) + (match (peek-char port) + ((? eof-object?) (json-error port)) + (#\" (read-string port)) + (#\{ (read-object port)) + (#\[ (read-array port)) + (#\t (read-true port)) + (#\f (read-false port)) + (#\n (read-null port)) + ((or #\- (? digit?)) + (read-number port)) + (_ (json-error port)))) + +(define (read-json port) + "Read JSON text from port and return an s-expression representation." + (let ((result (read-value port))) + (consume-whitespace port) + (unless (eof-object? (peek-char port)) + (json-error port)) + result)) + + +;;; +;;; Writer +;;; + +(define (write-string str port) + "Write STR to PORT in JSON string format." + (define (escape-char char) + (display (match char + (#\" "\\\"") + (#\\ "\\\\") + (#\/ "\\/") + (#\backspace "\\b") + (#\page "\\f") + (#\newline "\\n") + (#\return "\\r") + (#\tab "\\t") + (_ char)) + port)) + + (display "\"" port) + (string-for-each escape-char str) + (display "\"" port)) + +(define (write-object object port) + "Write ALIST to PORT in JSON object format." + ;; Keys may be strings or symbols. + (define key->string + (match-lambda + ((? string? key) key) + ((? symbol? key) (symbol->string key)))) + + (define (write-kv-pair key value) + (write-string (key->string key) port) + (display ":" port) + (write-json value port)) + + (display "{" port) + (match object + (() #f) + ((front ... (end-key . end-val)) + (for-each (match-lambda + ((key . value) + (write-kv-pair key value) + (display "," port))) + front) + (write-kv-pair end-key end-val))) + (display "}" port)) + +(define (write-array lst port) + "Write LST to PORT in JSON array format." + (display "[" port) + (match lst + (() #f) + ((front ... end) + (for-each (lambda (val) + (write-json val port) + (display "," port)) + front) + (write-json end port))) + (display "]" port)) + +(define (write-json exp port) + "Write EXP to PORT in JSON format." + (match exp + (#t (display "true" port)) + (#f (display "false" port)) + ('null (display "null" port)) + ((? string? s) (write-string s port)) + ((? real? n) (display n port)) + (('@ . alist) (write-object alist port)) + ((vals ...) (write-array vals port)))) diff --git a/aws/cloudformation/utils/sha-1.scm b/aws/cloudformation/utils/sha-1.scm new file mode 100644 index 0000000..a34f09e --- /dev/null +++ b/aws/cloudformation/utils/sha-1.scm @@ -0,0 +1,300 @@ +;; -*- mode: scheme; coding: utf-8 -*- +;; Copyright © 2009, 2010, 2012 Göran Weinholt + +;; Permission is hereby granted, free of charge, to any person obtaining a +;; copy of this software and associated documentation files (the "Software"), +;; to deal in the Software without restriction, including without limitation +;; the rights to use, copy, modify, merge, publish, distribute, sublicense, +;; and/or sell copies of the Software, and to permit persons to whom the +;; Software is furnished to do so, subject to the following conditions: + +;; The above copyright notice and this permission notice shall be included in +;; all copies or substantial portions of the Software. + +;; THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +;; IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +;; FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +;; THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +;; LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +;; FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +;; DEALINGS IN THE SOFTWARE. +#!r6rs + +;; Byte-oriented SHA-1 from FIPS 180-3 and RFC 3174. + +;; The data being hashed will never be modified here. + +;; TODO: give an error if more than 2^64 bits are processed? +;; TODO: Optimize. Should be simple enough with the help of a profiler. + +(library (aws cloudformation utils sha-1) + (export make-sha-1 sha-1-update! sha-1-finish! sha-1-clear! + sha-1 sha-1-copy sha-1-finish + sha-1-transform! ;for interested parties only + sha-1-length + sha-1-copy-hash! sha-1-96-copy-hash! + sha-1->bytevector sha-1->string + sha-1-hash=? sha-1-96-hash=? + hmac-sha-1) + (import (except (rnrs) bitwise-rotate-bit-field)) + + (define (sha-1-length) 20) + + (define (vector-copy x) (vector-map (lambda (i) i) x)) + + (define (rol32 n count) + (let ((field1 (bitwise-and #xffffffff (bitwise-arithmetic-shift-left n count))) + (field2 (bitwise-arithmetic-shift-right n (- 32 count)))) + (bitwise-ior field1 field2))) + + (define-record-type sha1state + (fields (immutable H) ;Hash + (immutable W) ;temporary data + (immutable m) ;unprocessed data + (mutable pending) ;length of unprocessed data + (mutable processed))) ;length of processed data + + (define (make-sha-1) + (let ((H (list->vector initial-hash)) + (W (make-bytevector (* 4 80))) + (m (make-bytevector (* 4 16)))) + (make-sha1state H W m 0 0))) + + (define (sha-1-copy state) + (let ((H (vector-copy (sha1state-H state))) + (W (make-bytevector (* 4 80))) + (m (bytevector-copy (sha1state-m state)))) + (make-sha1state H W m + (sha1state-pending state) + (sha1state-processed state)))) + + (define (sha-1-clear! state) + (for-each (lambda (i v) + (vector-set! (sha1state-H state) i v)) + '(0 1 2 3 4) + initial-hash) + (bytevector-fill! (sha1state-W state) 0) + (bytevector-fill! (sha1state-m state) 0) + (sha1state-pending-set! state 0) + (sha1state-processed-set! state 0)) + + (define initial-hash '(#x67452301 #xefcdab89 #x98badcfe #x10325476 #xc3d2e1f0)) + + (define (Ch x y z) + (bitwise-xor (bitwise-and x y) + (bitwise-and (bitwise-not x) z))) + + (define Parity bitwise-xor) + + (define (Maj x y z) + (bitwise-xor (bitwise-and x y) + (bitwise-and x z) + (bitwise-and y z))) + + (define k1 #x5a827999) + (define k2 #x6ed9eba1) + (define k3 #x8f1bbcdc) + (define k4 #xca62c1d6) + + (define (f t B C D) + ((cond ((<= 0 t 19) Ch) + ((<= 20 t 39) Parity) + ((<= 40 t 59) Maj) + (else Parity)) + B C D)) + + (define (K t) + (cond ((<= 0 t 19) k1) + ((<= 20 t 39) k2) + ((<= 40 t 59) k3) + (else k4))) + + ;; This function transforms a whole 512 bit block. + (define (sha-1-transform! H W m offset) + ;; Copy the message block + (do ((t 0 (+ t 4))) + ((= t (* 4 16))) + (bytevector-u32-native-set! W t (bytevector-u32-ref m (+ t offset) (endianness big)))) + ;; Initialize W[16..79] + (do ((t (* 4 16) (+ t 4))) + ((= t (* 4 80))) + (bytevector-u32-native-set! W t (rol32 + (bitwise-xor (bytevector-u32-native-ref W (- t (* 4 3))) + (bytevector-u32-native-ref W (- t (* 4 8))) + (bytevector-u32-native-ref W (- t (* 4 14))) + (bytevector-u32-native-ref W (- t (* 4 16)))) + 1))) + ;; Do the hokey pokey + (let lp ((A (vector-ref H 0)) + (B (vector-ref H 1)) + (C (vector-ref H 2)) + (D (vector-ref H 3)) + (E (vector-ref H 4)) + (t 0)) + (cond ((= t 80) + (vector-set! H 0 (bitwise-and #xffffffff (+ A (vector-ref H 0)))) + (vector-set! H 1 (bitwise-and #xffffffff (+ B (vector-ref H 1)))) + (vector-set! H 2 (bitwise-and #xffffffff (+ C (vector-ref H 2)))) + (vector-set! H 3 (bitwise-and #xffffffff (+ D (vector-ref H 3)))) + (vector-set! H 4 (bitwise-and #xffffffff (+ E (vector-ref H 4))))) + (else + (lp (bitwise-and #xffffffff + (+ (rol32 A 5) + (f t B C D) + E + (bytevector-u32-native-ref W (* 4 t)) + (K t))) + A + (rol32 B 30) + C + D + (+ t 1)))))) + + ;; Add a bytevector to the state. Align your data to whole blocks if + ;; you want this to go a little faster. + (define sha-1-update! + (case-lambda + ((state data start end) + (let ((m (sha1state-m state)) ;unprocessed data + (H (sha1state-H state)) + (W (sha1state-W state))) + (let lp ((offset start)) + (cond ((= (sha1state-pending state) 64) + ;; A whole block is pending + (sha-1-transform! H W m 0) + (sha1state-pending-set! state 0) + (sha1state-processed-set! state (+ 64 (sha1state-processed state))) + (lp offset)) + ((= offset end) + (values)) + ((or (> (sha1state-pending state) 0) + (> (+ offset 64) end)) + ;; Pending data exists or less than a block remains. + ;; Add more pending data. + (let ((added (min (- 64 (sha1state-pending state)) + (- end offset)))) + (bytevector-copy! data offset + m (sha1state-pending state) + added) + (sha1state-pending-set! state (+ added (sha1state-pending state))) + (lp (+ offset added)))) + (else + ;; Consume a whole block + (sha-1-transform! H W data offset) + (sha1state-processed-set! state (+ 64 (sha1state-processed state))) + (lp (+ offset 64))))))) + ((state data) + (sha-1-update! state data 0 (bytevector-length data))))) + + (define zero-block (make-bytevector 64 0)) + + ;; Finish the state by adding a 1, zeros and the counter. + (define (sha-1-finish! state) + (let ((m (sha1state-m state)) + (pending (+ (sha1state-pending state) 1))) + (bytevector-u8-set! m (sha1state-pending state) #x80) + (cond ((> pending 56) + (bytevector-copy! zero-block 0 + m pending + (- 64 pending)) + (sha-1-transform! (sha1state-H state) + (sha1state-W state) + m + 0) + (bytevector-fill! m 0)) + (else + (bytevector-copy! zero-block 0 + m pending + (- 64 pending)))) + ;; Number of bits in the data + (bytevector-u64-set! m 56 + (* (+ (sha1state-processed state) + (- pending 1)) + 8) + (endianness big)) + (sha-1-transform! (sha1state-H state) + (sha1state-W state) + m + 0))) + + (define (sha-1-finish state) + (let ((copy (sha-1-copy state))) + (sha-1-finish! copy) + copy)) + + ;; Find the SHA-1 of the concatenation of the given bytevectors. + (define (sha-1 . data) + (let ((state (make-sha-1))) + (for-each (lambda (d) (sha-1-update! state d)) + data) + (sha-1-finish! state) + state)) + + (define (copy-hash! state bv off len) + (do ((i 0 (+ i 1))) + ((= i len)) + (bytevector-u32-set! bv (+ off (* 4 i)) + (vector-ref (sha1state-H state) i) + (endianness big)))) + + (define (sha-1-copy-hash! state bv off) + (copy-hash! state bv off 5)) + + (define (sha-1-96-copy-hash! state bv off) + (copy-hash! state bv off 3)) + + (define (sha-1->bytevector state) + (let ((ret (make-bytevector (* 4 5)))) + (sha-1-copy-hash! state ret 0) + ret)) + + (define (sha-1->string state) + (apply string-append + (map (lambda (x) + (if (< x #x10) + (string-append "0" (number->string x 16)) + (number->string x 16))) + (bytevector->u8-list (sha-1->bytevector state))))) + + ;; Compare an SHA-1 state with a bytevector. It is supposed to not + ;; terminate early in order to not leak timing information. Assumes + ;; that the bytevector's length is ok. + (define (cmp state bv len) + (do ((i 0 (fx+ i 1)) + (diff 0 (+ diff + (bitwise-xor + (bytevector-u32-ref bv (* 4 i) (endianness big)) + (vector-ref (sha1state-H state) i))))) + ((fx=? i len) + (zero? diff)))) + + (define (sha-1-hash=? state bv) (cmp state bv 5)) + + (define (sha-1-96-hash=? state bv) (cmp state bv 3)) + +;;; HMAC-SHA-1. RFC 2104. + + ;; TODO: an API with make, update!, finish!, finish, clear!, copy, etc + + (define (hmac-sha-1 secret . data) + ;; RFC 2104. + (if (> (bytevector-length secret) 64) + (apply hmac-sha-1 (sha-1->bytevector (sha-1 secret)) data) + (let ((k-ipad (make-bytevector 64 0)) + (k-opad (make-bytevector 64 0))) + (bytevector-copy! secret 0 k-ipad 0 (bytevector-length secret)) + (bytevector-copy! secret 0 k-opad 0 (bytevector-length secret)) + (do ((i 0 (fx+ i 1))) + ((fx=? i 64)) + (bytevector-u8-set! k-ipad i (fxxor #x36 (bytevector-u8-ref k-ipad i))) + (bytevector-u8-set! k-opad i (fxxor #x5c (bytevector-u8-ref k-opad i)))) + (let ((state (make-sha-1))) + (sha-1-update! state k-ipad) + (for-each (lambda (d) (sha-1-update! state d)) data) + (sha-1-finish! state) + (let ((digest (sha-1->bytevector state))) + (sha-1-clear! state) + (sha-1-update! state k-opad) + (sha-1-update! state digest) + (sha-1-finish! state) + state)))))) -- cgit v1.2.3