Make "random" cloaking deterministic

This uses SipHash and adds a prf_key config option.
auxiliary/siphash.c is the unmodified SipHash reference implementation,
taken from https://github.com/veorq/SipHash

Set syn::prf_key to a string of 32 random hex digits in the
configuration to use this feature.

Author: ilbelkyr

Makefile

@@ -20,6 +20,9 @@ endif
 %.so: %.c syn.h
 	gcc -std=c99 -Wall $(CFLAGS_WERROR) -O1 -ggdb3 -fPIC $(ATHEME_CFLAGS) -shared -o$@ $<
 
+util.so: util.c auxiliary/siphash.c
+	gcc -std=c99 -Wall $(CFLAGS_WERROR) -O1 -ggdb3 -fPIC $(ATHEME_CFLAGS) -shared -o$@ $^
+
 .PHONY: install
 
 install: $(MODULES)

auxiliary/siphash.c

@@ -0,0 +1,165 @@
+/*
+   SipHash reference C implementation
+
+   Copyright (c) 2012-2016 Jean-Philippe Aumasson
+   <[email protected]>
+   Copyright (c) 2012-2014 Daniel J. Bernstein <[email protected]>
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along
+   with
+   this software. If not, see
+   <http://creativecommons.org/publicdomain/zero/1.0/>.
+ */
+#include <assert.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+
+/* default: SipHash-2-4 */
+#define cROUNDS 2
+#define dROUNDS 4
+
+#define ROTL(x, b) (uint64_t)(((x) << (b)) | ((x) >> (64 - (b))))
+
+#define U32TO8_LE(p, v)                                                        \
+    (p)[0] = (uint8_t)((v));                                                   \
+    (p)[1] = (uint8_t)((v) >> 8);                                              \
+    (p)[2] = (uint8_t)((v) >> 16);                                             \
+    (p)[3] = (uint8_t)((v) >> 24);
+
+#define U64TO8_LE(p, v)                                                        \
+    U32TO8_LE((p), (uint32_t)((v)));                                           \
+    U32TO8_LE((p) + 4, (uint32_t)((v) >> 32));
+
+#define U8TO64_LE(p)                                                           \
+    (((uint64_t)((p)[0])) | ((uint64_t)((p)[1]) << 8) |                        \
+     ((uint64_t)((p)[2]) << 16) | ((uint64_t)((p)[3]) << 24) |                 \
+     ((uint64_t)((p)[4]) << 32) | ((uint64_t)((p)[5]) << 40) |                 \
+     ((uint64_t)((p)[6]) << 48) | ((uint64_t)((p)[7]) << 56))
+
+#define SIPROUND                                                               \
+    do {                                                                       \
+        v0 += v1;                                                              \
+        v1 = ROTL(v1, 13);                                                     \
+        v1 ^= v0;                                                              \
+        v0 = ROTL(v0, 32);                                                     \
+        v2 += v3;                                                              \
+        v3 = ROTL(v3, 16);                                                     \
+        v3 ^= v2;                                                              \
+        v0 += v3;                                                              \
+        v3 = ROTL(v3, 21);                                                     \
+        v3 ^= v0;                                                              \
+        v2 += v1;                                                              \
+        v1 = ROTL(v1, 17);                                                     \
+        v1 ^= v2;                                                              \
+        v2 = ROTL(v2, 32);                                                     \
+    } while (0)
+
+#ifdef DEBUG
+#define TRACE                                                                  \
+    do {                                                                       \
+        printf("(%3d) v0 %08x %08x\n", (int)inlen, (uint32_t)(v0 >> 32),       \
+               (uint32_t)v0);                                                  \
+        printf("(%3d) v1 %08x %08x\n", (int)inlen, (uint32_t)(v1 >> 32),       \
+               (uint32_t)v1);                                                  \
+        printf("(%3d) v2 %08x %08x\n", (int)inlen, (uint32_t)(v2 >> 32),       \
+               (uint32_t)v2);                                                  \
+        printf("(%3d) v3 %08x %08x\n", (int)inlen, (uint32_t)(v3 >> 32),       \
+               (uint32_t)v3);                                                  \
+    } while (0)
+#else
+#define TRACE
+#endif
+
+int siphash(const uint8_t *in, const size_t inlen, const uint8_t *k,
+            uint8_t *out, const size_t outlen) {
+
+    assert((outlen == 8) || (outlen == 16));
+    uint64_t v0 = 0x736f6d6570736575ULL;
+    uint64_t v1 = 0x646f72616e646f6dULL;
+    uint64_t v2 = 0x6c7967656e657261ULL;
+    uint64_t v3 = 0x7465646279746573ULL;
+    uint64_t k0 = U8TO64_LE(k);
+    uint64_t k1 = U8TO64_LE(k + 8);
+    uint64_t m;
+    int i;
+    const uint8_t *end = in + inlen - (inlen % sizeof(uint64_t));
+    const int left = inlen & 7;
+    uint64_t b = ((uint64_t)inlen) << 56;
+    v3 ^= k1;
+    v2 ^= k0;
+    v1 ^= k1;
+    v0 ^= k0;
+
+    if (outlen == 16)
+        v1 ^= 0xee;
+
+    for (; in != end; in += 8) {
+        m = U8TO64_LE(in);
+        v3 ^= m;
+
+        TRACE;
+        for (i = 0; i < cROUNDS; ++i)
+            SIPROUND;
+
+        v0 ^= m;
+    }
+
+    switch (left) {
+    case 7:
+        b |= ((uint64_t)in[6]) << 48;
+    case 6:
+        b |= ((uint64_t)in[5]) << 40;
+    case 5:
+        b |= ((uint64_t)in[4]) << 32;
+    case 4:
+        b |= ((uint64_t)in[3]) << 24;
+    case 3:
+        b |= ((uint64_t)in[2]) << 16;
+    case 2:
+        b |= ((uint64_t)in[1]) << 8;
+    case 1:
+        b |= ((uint64_t)in[0]);
+        break;
+    case 0:
+        break;
+    }
+
+    v3 ^= b;
+
+    TRACE;
+    for (i = 0; i < cROUNDS; ++i)
+        SIPROUND;
+
+    v0 ^= b;
+
+    if (outlen == 16)
+        v2 ^= 0xee;
+    else
+        v2 ^= 0xff;
+
+    TRACE;
+    for (i = 0; i < dROUNDS; ++i)
+        SIPROUND;
+
+    b = v0 ^ v1 ^ v2 ^ v3;
+    U64TO8_LE(out, b);
+
+    if (outlen == 8)
+        return 0;
+
+    v1 ^= 0xdd;
+
+    TRACE;
+    for (i = 0; i < dROUNDS; ++i)
+        SIPROUND;
+
+    b = v0 ^ v1 ^ v2 ^ v3;
+    U64TO8_LE(out + 8, b);
+
+    return 0;
+}

facilities.c

@@ -501,7 +501,7 @@ void facility_newuser(hook_user_nick_t *data)
                     syn_debug(2, "Random cloaking used for %s, but I couldn't find a session marker in %s", u->nick, new_vhost);
                     break;
                 }
-                strncpy(randstart, get_random_host_part(), new_vhost + HOSTLEN - randstart);
+                strncpy(randstart, get_random_host_part(u), new_vhost + HOSTLEN - randstart);
                 facility_set_cloak(u, new_vhost);
                 break;
             }

syn.h

@@ -18,7 +18,7 @@ static inline void use_syn_main_symbols(module_t *m)
 }
 
 const char* (*decode_hex_ip)(const char *);
-const char* (*get_random_host_part)();
+const char* (*get_random_host_part)(user_t *);
 const char* (*encode_ident_for_host)(const char *);
 time_t (*syn_parse_duration)(const char *);
 const char* (*syn_format_expiry)(time_t);

util.c

@@ -1,6 +1,14 @@
 #include "atheme.h"
 #include "syn.h"
 
+#define PRF_KEY_LEN 16
+#define PRF_KEY_HEX_LEN (PRF_KEY_LEN * 2)
+#define PRF_OUT_LEN 16
+
+char *prf_key_hex = NULL;
+uint8_t prf_key[PRF_KEY_LEN];
+bool prf_ready = false;
+
 const char *_decode_hex_ip(const char *hex)
 {
     static char buf[16];
@@ -20,17 +28,35 @@ const char *_decode_hex_ip(const char *hex)
     return buf;
 }
 
-const char *_get_random_host_part()
+const char *_get_random_host_part(user_t *u)
 {
-    static char buf[19];
+    static char buf[PRF_OUT_LEN + 3];
 
     strcpy(buf, "x-");
 
-    for (int i=2; i < 18; ++i)
+    if (!prf_ready)
     {
-        buf[i] = 'a' + rand() % 26;
+        syn_debug(2, "PRF key not configured, falling back to random cloaking");
+        for (size_t i = 0; i < PRF_OUT_LEN; ++i)
+        {
+            buf[i + 2] = 'a' + rand() % 26;
+        }
     }
-    buf[18] = 0;
+    else
+    {
+        int siphash(const uint8_t *in, const size_t inlen, const uint8_t *k,
+                uint8_t *out, const size_t outlen);
+
+        uint8_t out[PRF_OUT_LEN];
+        siphash((unsigned char*)u->uid, strlen(u->uid), prf_key, out, PRF_OUT_LEN);
+
+        for (size_t i=0; i < PRF_OUT_LEN; ++i)
+        {
+            buf[i + 2] = 'a' + out[i] % 26;
+        }
+    }
+
+    buf[PRF_OUT_LEN + 2] = 0;
     return buf;
 }
 
@@ -128,9 +154,53 @@ const char *_syn_format_expiry(time_t t)
     return expirybuf;
 }
 
+static void syn_util_config_ready(void *unused)
+{
+    if (prf_key_hex == NULL)
+    {
+        slog(LG_ERROR, "syn/util: could not find 'prf_key' configuration entry");
+        prf_ready = false;
+        return;
+    }
+
+    if (strlen(prf_key_hex) != PRF_KEY_HEX_LEN)
+    {
+        slog(LG_ERROR, "syn/util: prf_key must be exactly %d hex digits", PRF_KEY_HEX_LEN);
+        prf_ready = false;
+        return;
+    }
+
+    // This could be done in a single big sscanf, but let's not do that
+    for (size_t i = 0; i < PRF_KEY_LEN; i++)
+    {
+        if (sscanf(prf_key_hex + (i * 2), "%2" SCNx8, &prf_key[i]) != 1)
+        {
+            slog(LG_ERROR, "syn/util: failed to parse prf_key - must be string of hex digits");
+            prf_ready = false;
+            return;
+        }
+    }
+
+    prf_ready = true;
+}
+
+static void mod_init(struct module *m)
+{
+    use_syn_main_symbols(m);
+
+    add_dupstr_conf_item("PRF_KEY", &syn->conf_table, 0, &prf_key_hex, NULL);
+    hook_add_config_ready(syn_util_config_ready);
+}
+
+static void mod_deinit(enum module_unload_intent unused)
+{
+    del_conf_item("PRF_KEY", &syn->conf_table);
+    hook_del_config_ready(syn_util_config_ready);
+}
+
 DECLARE_MODULE_V1
 (
-        "syn/util", false, NULL, NULL,
+        "syn/util", false, mod_init, mod_deinit,
         "$Revision$",
         "Stephen Bennett <stephen -at- freenode.net>"
 );