/* MARK: Utilities */
const char *kahanaUtilHMACSHA1( apr_pool_t *p, unsigned char *key, size_t ksize, const unsigned char *msg, size_t msize )
{
apr_sha1_ctx_t ctx;
const char hex[] = "0123456789abcdef";
unsigned char digest[APR_SHA1_DIGESTSIZE];
unsigned char ipad[65], opad[65];
unsigned char *k = key;
char result[APR_SHA1_DIGESTSIZE*2];
char *hd;
int i;
/* if key is longer than 64 bytes reset it to key=SHA1(key) */
if( ksize > 64 ){
apr_sha1_init( &ctx );
apr_sha1_update_binary( &ctx, k, ksize );
apr_sha1_final( digest, &ctx );
k = digest;
ksize = APR_SHA1_DIGESTSIZE;
}
/* HMAC_MD5 transform */
/* start out by string key in pads */
memset( (void *)ipad, 0, sizeof( ipad ) );
memset( (void *)opad, 0, sizeof( opad ) );
memmove( ipad, k, ksize );
memmove( opad, k, ksize );
/* perform XOR inner and outer SHA-1 values */
for( i = 0; i < 64; i++ ){
ipad[i] ^= 0x36;
opad[i] ^= 0x5c;
}
apr_sha1_init( &ctx );
apr_sha1_update_binary( &ctx, ipad, 64 );
apr_sha1_update_binary( &ctx, msg, msize );
apr_sha1_final( digest, &ctx );
apr_sha1_init( &ctx );
apr_sha1_update_binary( &ctx, opad, 64 );
apr_sha1_update_binary( &ctx, digest, sizeof( digest ) );
apr_sha1_final( digest, &ctx );
// create hexdigest
hd = result;
for( i = 0; i < sizeof( digest ); i++ ){
*hd++ = hex[digest[i] >> 4];
*hd++ = hex[digest[i] & 0xf];
}
*hd = '\0';
/*
MARK: HMAC-SHA1 digest to BASE64
len = apr_base64_encode_len( sizeof( digest ) );
hex_digest = apr_pcalloc( p, len );
len = apr_base64_encode_binary( hex_digest, digest, sizeof( digest ) );
hex_digest[len - 2] = '\0';
*/
return apr_pstrdup( p, result );
}
static char *hmac_sha1(apr_pool_t *p, char *data, char *key)
{
apr_sha1_ctx_t context;
unsigned char digest[APR_SHA1_DIGESTSIZE];
unsigned char k_ipad[65], k_opad[65];
unsigned char kt[APR_SHA1_DIGESTSIZE];
unsigned char *k = (unsigned char *)key;
int key_len, i;
char *out;
int l, outlen;
key_len = strlen(key);
if(key_len > BLOCK_SIZE) {
k = kt;
key_len = APR_SHA1_DIGESTSIZE;
}
memset((void *)k_ipad, 0, sizeof(k_ipad));
memset((void *)k_opad, 0, sizeof(k_opad));
memmove(k_ipad, k, key_len);
memmove(k_opad, k, key_len);
for (i = 0; i < BLOCK_SIZE; i++) {
k_ipad[i] ^= 0x36;
k_opad[i] ^= 0x5c;
}
apr_sha1_init(&context);
apr_sha1_update_binary(&context, k_ipad, 64);
apr_sha1_update_binary(&context, (const unsigned char *)data, strlen(data));
apr_sha1_final(digest, &context);
apr_sha1_init(&context);
apr_sha1_update_binary(&context, k_opad, 64);
apr_sha1_update_binary(&context, digest, sizeof(digest));
apr_sha1_final(digest, &context);
outlen = apr_base64_encode_len(sizeof(digest));
out = apr_palloc(p, outlen);
l = apr_base64_encode_binary(out, digest, sizeof(digest));
out[l - 2] = '\0';
return out;
}
/* Implements an HMAC with SHA1 the correct, safe way : http://en.wikipedia.org/wiki/Hash-based_message_authentication_code
*
* Basic idea is to split the key in 2 parts, then hash the data twice, with 2 separate pieces of the key appended
*
* HMAC (K,m) = H((K+opad) | H((K+ipad) | m))
*
* Tricky, but much, much safer than the trivial implementation of HMAC(K,m) = H(K|m)
*
*/
void hmac(const void *key, apr_size_t keylen, const void *data,
apr_size_t datalen, void *result)
{
apr_sha1_ctx_t inner;
apr_sha1_ctx_t outer;
unsigned char keypad[HMAC_BLOCKSIZE];
unsigned char inner_digest[APR_SHA1_DIGESTSIZE];
/* Shorten the key down to the blocksize, anything more is useless */
if (keylen > HMAC_BLOCKSIZE) {
apr_sha1_ctx_t context;
unsigned char digest[APR_SHA1_DIGESTSIZE];
apr_sha1_init(&context);
apr_sha1_update_binary(&context, key, keylen);
apr_sha1_final(digest, &context);
key = digest;
keylen = APR_SHA1_DIGESTSIZE;
}
/* Prepare and mask the inner portion of the key */
memset(keypad, HMAC_IPAD, HMAC_BLOCKSIZE);
mxor(keypad, key, keylen);
/* Compute the inner hash */
apr_sha1_init(&inner);
apr_sha1_update_binary(&inner, keypad, HMAC_BLOCKSIZE);
apr_sha1_update_binary(&inner, data, datalen);
apr_sha1_final(inner_digest, &inner);
/* Prepare and mask the outer portion of the key */
memset(keypad, HMAC_OPAD, HMAC_BLOCKSIZE);
mxor(keypad, key, keylen);
/* Compute the outer hash */
apr_sha1_init(&outer);
apr_sha1_update_binary(&outer, keypad, HMAC_BLOCKSIZE);
apr_sha1_update_binary(&outer, inner_digest, APR_SHA1_DIGESTSIZE);
apr_sha1_final(result, &outer);
return;
}
int
rasqal_digest_buffer(rasqal_digest_type type, const unsigned char *output,
const unsigned char *input, size_t len)
{
unsigned int output_len = 0;
if(type != RASQAL_DIGEST_SHA1 && type != RASQAL_DIGEST_MD5)
return -1;
#ifdef HAVE_APR_SHA1_H
if(type == RASQAL_DIGEST_SHA1)
output_len = APR_SHA1_DIGESTSIZE;
#endif
#ifdef HAVE_APR_MD5_H
if(type == RASQAL_DIGEST_MD5)
output_len = APR_MD5_DIGESTSIZE;
if(!input)
return output_len;
#endif
#ifdef HAVE_APR_SHA1_H
if(type == RASQAL_DIGEST_SHA1) {
struct apr_sha1_ctx_t c;
apr_sha1_init(&c);
apr_sha1_update_binary(&c, input, len);
apr_sha1_final((unsigned char*)output, &c);
}
#endif
#ifdef HAVE_APR_MD5_H
if(type == RASQAL_DIGEST_MD5) {
if(apr_md5((unsigned char*)output, input, len))
output_len = -1;
}
#endif
return output_len;
}
int sha1_file(const std::string& filename, std::string& checksum, bool binary)
{
apr_initialize();
apr_pool_t* pool;
apr_pool_create(&pool, NULL);
apr_file_t* in;
apr_int32_t flags = (binary ? APR_READ | APR_BINARY : APR_READ);
apr_file_open(&in, filename.c_str(), flags, APR_OS_DEFAULT, pool);
char buffer[512];
memset(buffer, 0, sizeof(buffer));
apr_size_t bytes_read = 0;
apr_file_read_full(in, buffer, 512, &bytes_read);
apr_file_close(in);
unsigned char digest[APR_SHA1_DIGESTSIZE + 1];
memset(digest, 0, APR_SHA1_DIGESTSIZE + 1);
apr_sha1_ctx_t context;
apr_sha1_init(&context);
if(binary) apr_sha1_update_binary(&context, (const unsigned char*)buffer, bytes_read);
else apr_sha1_update(&context, buffer, bytes_read);
apr_sha1_final(digest, &context);
std::ostringstream oss;
for(int i = 0; i < APR_SHA1_DIGESTSIZE; i++)
{
unsigned short letter = digest[i];
oss << std::hex << std::setw(2) << std::setfill('0') << letter;
}
checksum = oss.str();
apr_pool_destroy(pool);
apr_terminate();
return 0;
}
apr_status_t sha1_file(const std::string& filename, std::string& checksum, bool binary, apr_pool_t* parentPool)
{
apr_status_t ret = APR_SUCCESS;
apr_pool_t* pool = NULL;
ret = apr_pool_create(&pool, parentPool);
if(ret == APR_SUCCESS)
{
apr_file_t* in = NULL;
apr_int32_t flags = (binary ? APR_READ | APR_BINARY : APR_READ);
ret = apr_file_open(&in, filename.c_str(), flags, APR_OS_DEFAULT, pool);
if(ret == APR_SUCCESS)
{
unsigned char digest[APR_SHA1_DIGESTSIZE + 1];
memset(digest, 0, APR_SHA1_DIGESTSIZE + 1);
apr_sha1_ctx_t context;
apr_sha1_init(&context);
unsigned char buffer[512];
memset(buffer, 0, sizeof(buffer));
apr_size_t bytes_read = 0;
ret = apr_file_read_full(in, buffer, sizeof(buffer) - 1, &bytes_read);
if(ret == APR_SUCCESS || ret == APR_EOF)
{
if(binary) apr_sha1_update_binary(&context, buffer, bytes_read);
else apr_sha1_update(&context, (const char*)buffer, bytes_read);
}
while(ret == APR_SUCCESS)
{
ret = apr_file_read_full(in, buffer, sizeof(buffer) - 1, &bytes_read);
if(ret == APR_SUCCESS || ret == APR_EOF)
{
if(binary) apr_sha1_update_binary(&context, buffer, bytes_read);
else apr_sha1_update(&context, (const char*)buffer, bytes_read);
}
}
apr_sha1_final(digest, &context);
if(ret == APR_EOF)
{
std::ostringstream oss;
for(int i = 0; i < APR_SHA1_DIGESTSIZE; i++)
{
unsigned short letter = digest[i];
oss << std::hex << std::setw(2) << std::setfill('0') << letter;
}
checksum = oss.str();
ret = APR_SUCCESS;
}
apr_file_close(in);
}
apr_pool_destroy(pool);
}
return ret;
}
