示例#1
0
文件: util.c 项目: mah0x211/libkahana
/* MARK: Utilities */
const char *kahanaUtilHMACSHA1( apr_pool_t *p, unsigned char *key, size_t ksize, const unsigned char *msg, size_t msize )
{
	apr_sha1_ctx_t ctx;
	const char hex[] = "0123456789abcdef";
	unsigned char digest[APR_SHA1_DIGESTSIZE];
	unsigned char ipad[65], opad[65];
	unsigned char *k = key;
	char result[APR_SHA1_DIGESTSIZE*2];
	char *hd;
	int i;
	
	/* if key is longer than 64 bytes reset it to key=SHA1(key) */
	if( ksize > 64 ){
		apr_sha1_init( &ctx );
		apr_sha1_update_binary( &ctx, k, ksize );
		apr_sha1_final( digest, &ctx );
		k = digest;
		ksize = APR_SHA1_DIGESTSIZE;
	}
	
	/* HMAC_MD5 transform */
	/* start out by string key in pads */
	memset( (void *)ipad, 0, sizeof( ipad ) );
	memset( (void *)opad, 0, sizeof( opad ) );
	memmove( ipad, k, ksize );
	memmove( opad, k, ksize );
	/* perform XOR inner and outer SHA-1 values */
	for( i = 0; i < 64; i++ ){
		ipad[i] ^= 0x36;
		opad[i] ^= 0x5c;
	}
	apr_sha1_init( &ctx );
	apr_sha1_update_binary( &ctx, ipad, 64 );
	apr_sha1_update_binary( &ctx, msg, msize );
	apr_sha1_final( digest, &ctx );
	apr_sha1_init( &ctx );
	apr_sha1_update_binary( &ctx, opad, 64 );
	apr_sha1_update_binary( &ctx, digest, sizeof( digest ) );
	apr_sha1_final( digest, &ctx );
	
	// create hexdigest
	hd = result;
	for( i = 0; i < sizeof( digest ); i++ ){
		*hd++ = hex[digest[i] >> 4];
		*hd++ = hex[digest[i] & 0xf];
	}
	*hd = '\0';
	/*
		MARK: HMAC-SHA1 digest to BASE64 
		len = apr_base64_encode_len( sizeof( digest ) );
		hex_digest = apr_pcalloc( p, len );
		len = apr_base64_encode_binary( hex_digest, digest, sizeof( digest ) );
		hex_digest[len - 2] = '\0';
	*/
	return apr_pstrdup( p, result );
}
svn_checksum_ctx_t *
svn_checksum_ctx_create(svn_checksum_kind_t kind,
                        apr_pool_t *pool)
{
  svn_checksum_ctx_t *ctx = apr_palloc(pool, sizeof(*ctx));

  ctx->kind = kind;
  switch (kind)
    {
      case svn_checksum_md5:
        ctx->apr_ctx = apr_palloc(pool, sizeof(apr_md5_ctx_t));
        apr_md5_init(ctx->apr_ctx);
        break;

      case svn_checksum_sha1:
        ctx->apr_ctx = apr_palloc(pool, sizeof(apr_sha1_ctx_t));
        apr_sha1_init(ctx->apr_ctx);
        break;

      default:
        return NULL;
    }

  return ctx;
}
svn_error_t *
svn_checksum(svn_checksum_t **checksum,
             svn_checksum_kind_t kind,
             const void *data,
             apr_size_t len,
             apr_pool_t *pool)
{
  apr_sha1_ctx_t sha1_ctx;

  SVN_ERR(validate_kind(kind));
  *checksum = svn_checksum_create(kind, pool);

  switch (kind)
    {
      case svn_checksum_md5:
        apr_md5((unsigned char *)(*checksum)->digest, data, len);
        break;

      case svn_checksum_sha1:
        apr_sha1_init(&sha1_ctx);
        apr_sha1_update(&sha1_ctx, data, len);
        apr_sha1_final((unsigned char *)(*checksum)->digest, &sha1_ctx);
        break;

      default:
        /* We really shouldn't get here, but if we do... */
        return svn_error_create(SVN_ERR_BAD_CHECKSUM_KIND, NULL, NULL);
    }

  return SVN_NO_ERROR;
}
示例#4
0
文件: ipr_file.c 项目: cookrn/openamq
char *
    ipr_file_digest (
    char * filename                     //  File to digest
)
{
FILE
    *file_stream;                   //  File stream to digest
ipr_bucket_t
    *bucket;                        //  Bucket of data from file
apr_sha1_ctx_t
    context;
apr_byte_t
    bin_digest [APR_SHA1_DIGESTSIZE];
    char *
        digest = NULL;                  //  Not documented

    //
    assert (filename);
#   define DIGEST_BLOCK 1000000         //  Read 1MB at a time from file
    file_stream = fopen (filename, "rb");
    if (file_stream) {
        apr_sha1_init (&context);
        bucket = ipr_bucket_new (DIGEST_BLOCK);
        while ((bucket->cur_size = fread (bucket->data, 1, DIGEST_BLOCK, file_stream)) > 0)
            apr_sha1_update (&context, (char *) bucket->data, bucket->cur_size);
        fclose (file_stream);
        ipr_bucket_destroy (&bucket);

        apr_sha1_final (bin_digest, &context);
        digest = icl_mem_alloc (ICL_SHORTSTR_MAX);
        apr_base64_encode (digest, (char *) bin_digest, APR_MD5_DIGESTSIZE);
    }

    return (digest);
}
static char *hmac_sha1(apr_pool_t *p, char *data, char *key)
{
    apr_sha1_ctx_t context;
    unsigned char digest[APR_SHA1_DIGESTSIZE];
    unsigned char k_ipad[65], k_opad[65];
    unsigned char kt[APR_SHA1_DIGESTSIZE];
    unsigned char *k = (unsigned char *)key;
    int key_len, i;
    char *out;
    int l, outlen;

    key_len = strlen(key);

    if(key_len > BLOCK_SIZE) {
        k = kt;
        key_len = APR_SHA1_DIGESTSIZE;
    }

    memset((void *)k_ipad, 0, sizeof(k_ipad));
    memset((void *)k_opad, 0, sizeof(k_opad));
    memmove(k_ipad, k, key_len);
    memmove(k_opad, k, key_len);

    for (i = 0; i < BLOCK_SIZE; i++) {
        k_ipad[i] ^= 0x36;
        k_opad[i] ^= 0x5c;
    }

    apr_sha1_init(&context);
    apr_sha1_update_binary(&context, k_ipad, 64);
    apr_sha1_update_binary(&context, (const unsigned char *)data, strlen(data));
    apr_sha1_final(digest, &context);

    apr_sha1_init(&context);
    apr_sha1_update_binary(&context, k_opad, 64);
    apr_sha1_update_binary(&context, digest, sizeof(digest));
    apr_sha1_final(digest, &context);

    outlen = apr_base64_encode_len(sizeof(digest));
    out = apr_palloc(p, outlen);
    l = apr_base64_encode_binary(out, digest, sizeof(digest));
    out[l - 2] = '\0';

    return out; 
}
示例#6
0
/**
 * Generate a SHA1 hash of the supplied data.
 */
static char *mod_sslhaf_generate_sha1(apr_pool_t *pool, char *data, int len) {
    unsigned char digest[APR_SHA1_DIGESTSIZE];
    apr_sha1_ctx_t context;

    apr_sha1_init(&context);
    apr_sha1_update(&context, (const char *)data, len);
    apr_sha1_final(digest, &context);

    return mod_sslhaf_bytes2hex(pool, digest, APR_SHA1_DIGESTSIZE);
}
示例#7
0
/* Implements an HMAC with SHA1 the correct, safe way : http://en.wikipedia.org/wiki/Hash-based_message_authentication_code
 * 
 * Basic idea is to split the key in 2 parts, then hash the data twice, with 2 separate pieces of the key appended
 *
 * HMAC (K,m) = H((K+opad) | H((K+ipad) | m))
 *
 * Tricky, but much, much safer than the trivial implementation of HMAC(K,m) = H(K|m)
 *
 */
void hmac(const void *key, apr_size_t keylen, const void *data,
          apr_size_t datalen, void *result)
{
  apr_sha1_ctx_t inner;
  apr_sha1_ctx_t outer;

  unsigned char keypad[HMAC_BLOCKSIZE];
  unsigned char inner_digest[APR_SHA1_DIGESTSIZE];

  /* Shorten the key down to the blocksize, anything more is useless */
  if (keylen > HMAC_BLOCKSIZE) {
    apr_sha1_ctx_t context;
    unsigned char digest[APR_SHA1_DIGESTSIZE];
    apr_sha1_init(&context);
    apr_sha1_update_binary(&context, key, keylen);
    apr_sha1_final(digest, &context);
    key = digest;
    keylen = APR_SHA1_DIGESTSIZE;
  }

  /* Prepare and mask the inner portion of the key */
  memset(keypad, HMAC_IPAD, HMAC_BLOCKSIZE);
  mxor(keypad, key, keylen);

  /* Compute the inner hash */
  apr_sha1_init(&inner);
  apr_sha1_update_binary(&inner, keypad, HMAC_BLOCKSIZE);
  apr_sha1_update_binary(&inner, data, datalen);
  apr_sha1_final(inner_digest, &inner);

  /* Prepare and mask the outer portion of the key */
  memset(keypad, HMAC_OPAD, HMAC_BLOCKSIZE);
  mxor(keypad, key, keylen);

  /* Compute the outer hash */
  apr_sha1_init(&outer);
  apr_sha1_update_binary(&outer, keypad, HMAC_BLOCKSIZE);
  apr_sha1_update_binary(&outer, inner_digest, APR_SHA1_DIGESTSIZE);
  apr_sha1_final(result, &outer);

  return;
}
示例#8
0
int
rasqal_digest_buffer(rasqal_digest_type type, const unsigned char *output,
                     const unsigned char *input, size_t len)
{
  unsigned int output_len = 0;
  
  if(type != RASQAL_DIGEST_SHA1 && type != RASQAL_DIGEST_MD5)
    return -1;

#ifdef HAVE_APR_SHA1_H
  if(type == RASQAL_DIGEST_SHA1)
    output_len = APR_SHA1_DIGESTSIZE;
#endif

#ifdef HAVE_APR_MD5_H
  if(type == RASQAL_DIGEST_MD5)
    output_len = APR_MD5_DIGESTSIZE;

  if(!input)
    return output_len;
#endif

#ifdef HAVE_APR_SHA1_H
  if(type == RASQAL_DIGEST_SHA1) {
    struct apr_sha1_ctx_t c;

    apr_sha1_init(&c);
    apr_sha1_update_binary(&c, input, len);
    apr_sha1_final((unsigned char*)output, &c);
  }
#endif
  
#ifdef HAVE_APR_MD5_H
  if(type == RASQAL_DIGEST_MD5) {
    if(apr_md5((unsigned char*)output, input, len))
      output_len = -1;
  }
#endif
  
  return output_len;
}
示例#9
0
int sha1_file(const std::string& filename, std::string& checksum, bool binary)
{
  apr_initialize();
  apr_pool_t* pool;
  apr_pool_create(&pool, NULL);
  
  apr_file_t* in;
  apr_int32_t flags = (binary ? APR_READ | APR_BINARY : APR_READ);
  apr_file_open(&in, filename.c_str(), flags, APR_OS_DEFAULT, pool);
  
  char buffer[512];
  memset(buffer, 0, sizeof(buffer));
  apr_size_t bytes_read = 0;
  apr_file_read_full(in, buffer, 512, &bytes_read);
  apr_file_close(in);
  
  unsigned char digest[APR_SHA1_DIGESTSIZE + 1];
  memset(digest, 0, APR_SHA1_DIGESTSIZE + 1);
  
  apr_sha1_ctx_t context;
  apr_sha1_init(&context);
  if(binary) apr_sha1_update_binary(&context, (const unsigned char*)buffer, bytes_read);
  else apr_sha1_update(&context, buffer, bytes_read);
  apr_sha1_final(digest, &context);
  
  std::ostringstream oss;
  for(int i = 0; i < APR_SHA1_DIGESTSIZE; i++)
  {
    unsigned short letter = digest[i];
    oss << std::hex << std::setw(2) << std::setfill('0') << letter;
  }
  
  checksum = oss.str();
  
  apr_pool_destroy(pool);
  apr_terminate();
  
  return 0;
}
static authn_status check_mongodb_pw(request_rec *r, const char *user,
                                 const char *password)
{
    authn_mongodb_config_rec *conf = ap_get_module_config(r->per_dir_config,
                                                      &authn_mongodb_module);
    apr_status_t rv;
    char *password_hash;
    char *colon_pw;

    rv = fetch_mongodb_value(conf->host, conf->port, 
            conf->userfield, conf->passwdfield, conf->collection, 
            user, &password_hash,
            r->pool);

    if (rv != APR_SUCCESS) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
                      "could not open mongoDB (host %s) port: %d",
                      conf->host, conf->port);
        return AUTH_GENERAL_ERROR;
    }

    if (!password_hash) {
        return AUTH_USER_NOT_FOUND;
    }

    if ( conf->password_format != NULL) {
       if ( strcasecmp( conf->password_format,"django")==0) {
            char *token;
            char *alg;
            char *salt;
            char *hsh;
            char *saltpass;
            alg= apr_strtok( password_hash, "$",&token);
            salt = apr_strtok( NULL, "$",&token);
            hsh = apr_strtok( NULL, "$",&token);
            //ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,"password_hash=%s ALG=%s salt=%s hsh=%s", password_hash,alg,salt,hsh );
            saltpass= apr_pstrcat(r->pool, salt, password, NULL);
            //char hash[APR_SHA1_DIGESTSIZE+APR_SHA1PW_IDLEN];
            apr_byte_t hash[APR_SHA1_DIGESTSIZE+1];
            apr_sha1_ctx_t context;
            apr_sha1_init(&context);
            apr_sha1_update(&context, saltpass, strlen(saltpass));
            apr_sha1_final(hash, &context);
            hash[APR_SHA1_DIGESTSIZE]='\0';
            int i=0;
            int j=0;
            for (i=0,j=0; i < APR_SHA1_DIGESTSIZE ;i+=1, j+=2 ) {
                if ( hash[i] != parse_hexpair(&(hsh[j]))) {
                    return AUTH_DENIED;
                }
            }
            return AUTH_GRANTED;
            
       } else {
            ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,"unrecognized password format %s", conf->password_format);
            return AUTH_DENIED;
       }
    } else {
        colon_pw = ap_strchr(password_hash, ':');
        if (colon_pw) {
            *colon_pw = '\0';
        }
        rv = apr_password_validate(password, password_hash);
    }

    if (rv != APR_SUCCESS) {
        return AUTH_DENIED;
    }

    return AUTH_GRANTED;
}
示例#11
0
apr_status_t sha1_file(const std::string& filename, std::string& checksum, bool binary, apr_pool_t* parentPool)
{
  apr_status_t ret = APR_SUCCESS;

  apr_pool_t* pool = NULL;
  ret = apr_pool_create(&pool, parentPool);
  if(ret == APR_SUCCESS)
  {
    apr_file_t* in = NULL;
    apr_int32_t flags = (binary ? APR_READ | APR_BINARY : APR_READ);

    ret = apr_file_open(&in, filename.c_str(), flags, APR_OS_DEFAULT, pool);
    if(ret == APR_SUCCESS)
    {
      unsigned char digest[APR_SHA1_DIGESTSIZE + 1];
      memset(digest, 0, APR_SHA1_DIGESTSIZE + 1);

      apr_sha1_ctx_t context;
      apr_sha1_init(&context);

      unsigned char buffer[512];
      memset(buffer, 0, sizeof(buffer));

      apr_size_t bytes_read = 0;
      ret = apr_file_read_full(in, buffer, sizeof(buffer) - 1, &bytes_read);

      if(ret == APR_SUCCESS || ret == APR_EOF)
      {
        if(binary) apr_sha1_update_binary(&context, buffer, bytes_read);
        else apr_sha1_update(&context, (const char*)buffer, bytes_read);
      }

      while(ret == APR_SUCCESS)
      {
        ret = apr_file_read_full(in, buffer, sizeof(buffer) - 1, &bytes_read);
        if(ret == APR_SUCCESS || ret == APR_EOF)
        {
          if(binary) apr_sha1_update_binary(&context, buffer, bytes_read);
          else apr_sha1_update(&context, (const char*)buffer, bytes_read);
        }
      }

      apr_sha1_final(digest, &context);

      if(ret == APR_EOF)
      {
        std::ostringstream oss;
        for(int i = 0; i < APR_SHA1_DIGESTSIZE; i++)
        {
          unsigned short letter = digest[i];
          oss << std::hex << std::setw(2) << std::setfill('0') << letter;
        }
        checksum = oss.str();
        ret = APR_SUCCESS;
      }
      apr_file_close(in);
    }
    apr_pool_destroy(pool);
  }
  
  return ret;
}