--- parser3/src/classes/math.C 2009/01/25 01:58:17 1.55 +++ parser3/src/classes/math.C 2017/12/07 00:23:16 1.86 @@ -1,37 +1,29 @@ /** @file Parser: @b math parser class. - Copyright(c) 2001-2005 ArtLebedev Group(http://www.artlebedev.com) + Copyright (c) 2001-2017 Art. Lebedev Studio (http://www.artlebedev.com) Author: Alexandr Petrosian (http://paf.design.ru) portions from gen_uuid.c, Copyright (C) 1996, 1997, 1998, 1999 Theodore Ts'o. */ -static const char * const IDENT_MATH_C="$Date: 2009/01/25 01:58:17 $"; - #include "pa_vmethod_frame.h" #include "pa_common.h" #include "pa_vint.h" #include "pa_vmath.h" +#include "pa_vfile.h" #include "pa_request.h" #include "pa_md5.h" +#include "pa_sha2.h" #include "pa_random.h" -#ifdef WIN32 -# define _WIN32_WINNT 0x400 -# include -# include -#endif - #ifdef HAVE_CRYPT -# ifdef HAVE_CRYPT_H -# include -# endif -#else - extern char *crypt(const char* , const char* ); +extern "C" char *crypt(const char* , const char* ); #endif +volatile const char * IDENT_MATH_C="$Id: math.C,v 1.86 2017/12/07 00:23:16 moko Exp $"; + // defines #define MAX_SALT 8 @@ -39,27 +31,24 @@ static const char * const IDENT_MATH_C=" // class class MMath: public Methoded { -public: - MMath(); - public: // Methoded bool used_directly() { return false; } + +public: + MMath(); }; // global variables -DECLARE_CLASS_VAR(math, 0 /*fictive*/, new MMath); +DECLARE_CLASS_VAR(math, new MMath); // methods static void _random(Request& r, MethodParams& params) { double top=params.as_double(0, "range must be expression", r); - if(top<=0 || top>MAX_UINT) - throw Exception(PARSER_RUNTIME, - 0, - "top(%g) must be [1..%u]", top, MAX_UINT); - - r.write_no_lang(*new VInt(_random(uint(top)))); + if(top<1 || top>INT32_MAX) + throw Exception(PARSER_RUNTIME, 0, "top(%.15g) must be [1..%u]", top, INT32_MAX); + r.write(*new VInt(_random(uint(top)))); } @@ -71,27 +60,38 @@ static double radians(double param) { re static void math1(Request& r, MethodParams& params, math1_func_ptr func) { double param=params.as_double(0, "parameter must be expression", r); double result=func(param); - r.write_no_lang(*new VDouble(result)); + r.write(*new VDouble(result)); } #define MATH1(name) \ static void _##name(Request& r, MethodParams& params) {\ math1(r, params, &name);\ } + #define MATH1P(name_parser, name_c) \ static void _##name_parser(Request& r, MethodParams& params) {\ math1(r, params, &name_c);\ } -MATH1(round); MATH1(floor); MATH1P(ceiling, ceil); -MATH1(trunc); MATH1(frac); -MATH1P(abs, fabs); MATH1(sign); -MATH1(exp); -MATH1(log); MATH1(log10); -MATH1(sin); MATH1(asin); -MATH1(cos); MATH1(acos); -MATH1(tan); MATH1(atan); -MATH1(degrees); MATH1(radians); -MATH1(sqrt); + +MATH1(round) +MATH1(floor) +MATH1P(ceiling, ceil) +MATH1(trunc) +MATH1(frac) +MATH1P(abs, fabs) +MATH1(sign) +MATH1(exp) +MATH1(log) +MATH1(log10) +MATH1(sin) +MATH1(asin) +MATH1(cos) +MATH1(acos) +MATH1(tan) +MATH1(atan) +MATH1(degrees) +MATH1(radians) +MATH1(sqrt) typedef double (*math2_func_ptr)(double, double); @@ -99,18 +99,20 @@ static void math2(Request& r, MethodPara double a=params.as_double(0, "parameter must be expression", r); double b=params.as_double(1, "parameter must be expression", r); double result=func(a, b); - r.write_no_lang(*new VDouble(result)); + r.write(*new VDouble(result)); } #define MATH2(name) \ static void _##name(Request& r, MethodParams& params) {\ math2(r, params, &name);\ } -MATH2(pow); -inline bool is_salt_body_char(int c) { - return isalnum(c) || c == '.' || c=='/'; +MATH2(pow) + +inline bool is_salt_body_char(unsigned char c) { + return pa_isalnum(c) || c == '.' || c=='/'; } + static size_t calc_prefix_size(const char* salt) { if(strlen(salt)) { if(!is_salt_body_char((unsigned char)salt[0])) { // $... {... @@ -151,7 +153,7 @@ static void _crypt(Request& r, MethodPar pa_MD5Encode((const unsigned char *)password, (const unsigned char *)normal_salt, sample_buf, sample_size); String sample(sample_buf); - r.write_pass_lang(sample); + r.write(sample); } else { #ifdef HAVE_CRYPT const char* static_sample_buf=crypt(password, normal_salt); @@ -162,7 +164,7 @@ static void _crypt(Request& r, MethodPar 0, "crypt on this platform does not support '%.*s' salt prefix", prefix_size, normal_salt); - r.write_pass_lang(String(pa_strdup(static_sample_buf))); + r.write(String(pa_strdup(static_sample_buf))); #else throw Exception(PARSER_RUNTIME, 0, @@ -172,7 +174,7 @@ static void _crypt(Request& r, MethodPar } static void _md5(Request& r, MethodParams& params) { - const char *string=params.as_string(0, PARAMETER_MUST_BE_STRING).cstr(); + const char *string=params.as_string(0, PARAMETER_MUST_BE_STRING).cstr_to_string_body_untaint(String::L_AS_IS, r.connection(false), &r.charsets).cstr(); PA_MD5_CTX context; unsigned char digest[16]; @@ -180,7 +182,7 @@ static void _md5(Request& r, MethodParam pa_MD5Update(&context, (const unsigned char*)string, strlen(string)); pa_MD5Final(digest, &context); - r.write_pass_lang(*new String(hex_string(digest, sizeof(digest), false))); + r.write(*new String(hex_string(digest, sizeof(digest), false))); } @@ -305,56 +307,234 @@ void SHA1PadMessage(SHA1Context *context SHA1ProcessMessageBlock(context); } +#ifdef PA_BIG_ENDIAN +#define SWAP(n) (n) +#else +#define SWAP(n) (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24)) +#endif + +void SHA1ReadDigest(void *buf, SHA1Context *c) +{ + if(!SHA1Result(c)) + throw Exception (PARSER_RUNTIME, 0, "Can not compute SHA1"); + + ((uint32_t *)buf)[0] = SWAP(c->Message_Digest[0]); + ((uint32_t *)buf)[1] = SWAP(c->Message_Digest[1]); + ((uint32_t *)buf)[2] = SWAP(c->Message_Digest[2]); + ((uint32_t *)buf)[3] = SWAP(c->Message_Digest[3]); + ((uint32_t *)buf)[4] = SWAP(c->Message_Digest[4]); +} + static void _sha1(Request& r, MethodParams& params) { - const char *string = params.as_string(0, PARAMETER_MUST_BE_STRING).cstr(); + const char *string = params.as_string(0, PARAMETER_MUST_BE_STRING).cstr_to_string_body_untaint(String::L_AS_IS, r.connection(false), &r.charsets).cstr(); SHA1Context c; + unsigned char digest[20]; SHA1Reset (&c); SHA1Input (&c, (const unsigned char*)string, strlen(string)); - if(!SHA1Result(&c)) - throw Exception (PARSER_RUNTIME, 0, "Can not compute SHA1"); - - const size_t bufsize=40+/*zero-teminator*/+1/*for faulty snprintfs*/; - char* cstr=new(PointerFreeGC) char[bufsize]; + SHA1ReadDigest(digest, &c); - snprintf(cstr, bufsize, - "%08x%08x%08x%08x%08x", - c.Message_Digest[0], - c.Message_Digest[1], - c.Message_Digest[2], - c.Message_Digest[3], - c.Message_Digest[4]); + r.write(*new String(hex_string(digest, sizeof(digest), false))); +} - r.write_pass_lang(*new String(cstr)); +void memxor(char *dest, const char *src, size_t n){ + for (;n>0;n--) *dest++ ^= *src++; } -static void _uuid(Request& r, MethodParams& /*params*/) { - uuid uuid=get_uuid(); +#define IPAD 0x36 +#define OPAD 0x5c + +#define HMAC(key,init,update,final,blocklen,digestlen){ \ + unsigned char tempdigest[digestlen], keydigest[digestlen]; \ + size_t keylen=strlen(key); \ + /* Reduce the key's size, so that it becomes <= blocklen bytes. */ \ + if (keylen > blocklen){ \ + init(&c); \ + update(&c,(const unsigned char*)hmac, keylen); \ + final(keydigest, &c); \ + key = (char *)keydigest; \ + keylen = digestlen; \ + } \ + /* Compute TEMP from KEY and STRING. */ \ + char block[blocklen]; \ + memset (block, IPAD, blocklen); \ + memxor (block, key, keylen); \ + init(&c); \ + update(&c, (const unsigned char*)block, blocklen); \ + update(&c, (const unsigned char*)data.str, data.length); \ + final(tempdigest, &c); \ + /* Compute result from KEY and TEMP. */ \ + memset (block, OPAD, blocklen); \ + memxor (block, key, keylen); \ + init(&c); \ + update(&c, (const unsigned char*)block, blocklen); \ + update(&c, (const unsigned char*)tempdigest, digestlen); \ +} + +static void _digest(Request& r, MethodParams& params) { + const String &smethod = params.as_string(0, PARAMETER_MUST_BE_STRING); + + Value& vdata=params.as_no_junction(1, "parameter must be string or file"); + + String::C data; + if(const String* sdata=vdata.get_string()){ + String::Body body=sdata->cstr_to_string_body_untaint(String::L_AS_IS, r.connection(false), &r.charsets); // explode content, honor tainting changes + data=String::C(body.cstr(), body.length()); + } else { + VFile *file=vdata.as_vfile(String::L_AS_IS); + data=String::C(file->value_ptr(),file->value_size()); + } - const size_t bufsize=36+1/*zero-teminator*/+1/*for faulty snprintfs*/; - char* cstr=new(PointerFreeGC) char[bufsize]; + enum Method { M_MD5, M_SHA1, M_SHA256, M_SHA512 } method; - snprintf(cstr, bufsize, - "%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X", - uuid.time_low, uuid.time_mid, uuid.time_hi_and_version, - uuid.clock_seq >> 8, uuid.clock_seq & 0xFF, - uuid.node[0], uuid.node[1], uuid.node[2], - uuid.node[3], uuid.node[4], uuid.node[5]); + if (smethod == "md5") method = M_MD5; + else if (smethod == "sha1" ) method = M_SHA1; + else if (smethod == "sha256" ) method = M_SHA256; + else if (smethod == "sha512" ) method = M_SHA512; + else throw Exception(PARSER_RUNTIME, &smethod, "must be 'md5' or 'sha1' or 'sha256' or 'sha512'"); + + const char *hmac=0; + enum Format { F_HEX, F_BASE64 } format = F_HEX; + + if(params.count() == 3) + if(HashStringValue* options=params.as_hash(2)) { + int valid_options=0; + if(Value* value=options->get("hmac")) { + hmac=value->as_string().cstr(); + valid_options++; + } + if(Value* value=options->get("format")) { + const String& sformat=value->as_string(); + if (sformat == "hex") format = F_HEX; + else if (sformat == "base64" ) format = F_BASE64; + else throw Exception(PARSER_RUNTIME, &sformat, "must be 'hex' or 'base64'"); + valid_options++; + } + if(valid_options!=options->count()) + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); + } + + String::C digest; + + if(method == M_MD5){ + PA_MD5_CTX c; + if(hmac){ + HMAC(hmac, pa_MD5Init, pa_MD5Update, pa_MD5Final, 64, 16); + } else { + pa_MD5Init(&c); + pa_MD5Update(&c, (const unsigned char*)data.str, data.length); + } + char *str=(char *)pa_malloc(16); + pa_MD5Final((unsigned char *)str, &c); + digest = String::C(str, 16); + } + + if(method == M_SHA1){ + SHA1Context c; + if(hmac){ + HMAC(hmac, SHA1Reset, SHA1Input, SHA1ReadDigest, 64, 20); + } else { + SHA1Reset(&c); + SHA1Input(&c, (const unsigned char*)data.str, data.length); + } + char *str=(char *)pa_malloc(20); + SHA1ReadDigest(str, &c); + digest = String::C(str, 20); + } + + if(method == M_SHA256){ + SHA256_CTX c; + if(hmac){ + HMAC(hmac, pa_SHA256_Init, pa_SHA256_Update, pa_SHA256_Final, 64, SHA256_DIGEST_LENGTH); + } else { + pa_SHA256_Init(&c); + pa_SHA256_Update(&c, (const unsigned char*)data.str, data.length); + } + char *str=(char *)pa_malloc(SHA256_DIGEST_LENGTH); + pa_SHA256_Final((unsigned char *)str, &c); + digest = String::C(str, SHA256_DIGEST_LENGTH); + } + + if(method == M_SHA512){ + SHA512_CTX c; + if(hmac){ + HMAC(hmac, pa_SHA512_Init, pa_SHA512_Update, pa_SHA512_Final, 128, SHA512_DIGEST_LENGTH); + } else { + pa_SHA512_Init(&c); + pa_SHA512_Update(&c, (const unsigned char*)data.str, data.length); + } + char *str=(char *)pa_malloc(SHA512_DIGEST_LENGTH); + pa_SHA512_Final((unsigned char *)str, &c); + digest = String::C(str, SHA512_DIGEST_LENGTH); + } - r.write_pass_lang(*new String(cstr)); + if(format == F_HEX){ + r.write(*new String(hex_string((unsigned char *)digest.str, digest.length, false))); + } + if(format == F_BASE64){ + r.write(*new String(pa_base64_encode(digest.str, digest.length))); + } } -static void _uid64(Request& r, MethodParams& /*params*/) { +static void _uuid(Request& r, MethodParams& /*params*/) { + r.write(*new String(get_uuid_cstr())); +} +static void _uid64(Request& r, MethodParams& /*params*/) { unsigned char id[64/8]; random(&id, sizeof(id)); - r.write_pass_lang(*new String(hex_string(id, sizeof(id), true))); + r.write(*new String(hex_string(id, sizeof(id), true))); } static void _crc32(Request& r, MethodParams& params) { const char *string=params.as_string(0, PARAMETER_MUST_BE_STRING).cstr(); - r.write_no_lang(*new VInt(pa_crc32(string, strlen(string)))); + r.write(*new VInt(pa_crc32(string, strlen(string)))); +} + +static void toBase(unsigned long long int value, unsigned int base, char*& ptr){ + static const char* hex="0123456789ABCDEF"; + unsigned int rest = (unsigned int)(value % base); + if(value >= base) + toBase( (value-rest)/base, base, ptr); + *ptr++=(char)hex[rest]; +} + +static void _convert(Request& r, MethodParams& params) { + const char *str=params.as_string(0, PARAMETER_MUST_BE_STRING).cstr(); + + int base_from=params.as_int(1, "base from must be integer", r); + if(base_from < 2 || base_from > 16) + throw Exception(PARSER_RUNTIME, 0, "base from must be an integer from 2 to 16"); + + int base_to=params.as_int(2, "base to must be integer", r); + if(base_to < 2 || base_to > 16) + throw Exception(PARSER_RUNTIME, 0, "base to must be an integer from 2 to 16"); + + while(isspace(*str)) + str++; + + if(!*str) + return; + + bool negative=false; + if(str[0]=='-') { + negative=true; + str++; + } else if(str[0]=='+') { + str++; + } + + unsigned long long int value=pa_atoul(str, base_from); + + char result_cstr[sizeof(unsigned long long int)*8+1/*minus for negative number*/+1/*terminator*/]; + char* ptr=result_cstr; + if(negative) + *ptr++='-'; + + toBase(value, base_to, ptr); + *ptr=0; + r.write(*new String(pa_strdup(result_cstr))); } // constructor @@ -391,6 +571,9 @@ MMath::MMath(): Methoded("math") { // ^math:sha1[string] ADD1(sha1); + // ^math:digest[method;string|file;options] + add_native_method("digest", Method::CT_STATIC, _digest, 2, 3); + // ^math:crc32[string] ADD1(crc32); @@ -399,4 +582,7 @@ MMath::MMath(): Methoded("math") { // ^math:uid64[] ADD0(uid64); + + // ^math:convert[number](base-from;base-to) + add_native_method("convert", Method::CT_STATIC, _convert, 3, 3); }