/* MARK: Utilities */ const char *kahanaUtilHMACSHA1( apr_pool_t *p, unsigned char *key, size_t ksize, const unsigned char *msg, size_t msize ) { apr_sha1_ctx_t ctx; const char hex[] = "0123456789abcdef"; unsigned char digest[APR_SHA1_DIGESTSIZE]; unsigned char ipad[65], opad[65]; unsigned char *k = key; char result[APR_SHA1_DIGESTSIZE*2]; char *hd; int i; /* if key is longer than 64 bytes reset it to key=SHA1(key) */ if( ksize > 64 ){ apr_sha1_init( &ctx ); apr_sha1_update_binary( &ctx, k, ksize ); apr_sha1_final( digest, &ctx ); k = digest; ksize = APR_SHA1_DIGESTSIZE; } /* HMAC_MD5 transform */ /* start out by string key in pads */ memset( (void *)ipad, 0, sizeof( ipad ) ); memset( (void *)opad, 0, sizeof( opad ) ); memmove( ipad, k, ksize ); memmove( opad, k, ksize ); /* perform XOR inner and outer SHA-1 values */ for( i = 0; i < 64; i++ ){ ipad[i] ^= 0x36; opad[i] ^= 0x5c; } apr_sha1_init( &ctx ); apr_sha1_update_binary( &ctx, ipad, 64 ); apr_sha1_update_binary( &ctx, msg, msize ); apr_sha1_final( digest, &ctx ); apr_sha1_init( &ctx ); apr_sha1_update_binary( &ctx, opad, 64 ); apr_sha1_update_binary( &ctx, digest, sizeof( digest ) ); apr_sha1_final( digest, &ctx ); // create hexdigest hd = result; for( i = 0; i < sizeof( digest ); i++ ){ *hd++ = hex[digest[i] >> 4]; *hd++ = hex[digest[i] & 0xf]; } *hd = '\0'; /* MARK: HMAC-SHA1 digest to BASE64 len = apr_base64_encode_len( sizeof( digest ) ); hex_digest = apr_pcalloc( p, len ); len = apr_base64_encode_binary( hex_digest, digest, sizeof( digest ) ); hex_digest[len - 2] = '\0'; */ return apr_pstrdup( p, result ); }
svn_checksum_ctx_t * svn_checksum_ctx_create(svn_checksum_kind_t kind, apr_pool_t *pool) { svn_checksum_ctx_t *ctx = apr_palloc(pool, sizeof(*ctx)); ctx->kind = kind; switch (kind) { case svn_checksum_md5: ctx->apr_ctx = apr_palloc(pool, sizeof(apr_md5_ctx_t)); apr_md5_init(ctx->apr_ctx); break; case svn_checksum_sha1: ctx->apr_ctx = apr_palloc(pool, sizeof(apr_sha1_ctx_t)); apr_sha1_init(ctx->apr_ctx); break; default: return NULL; } return ctx; }
svn_error_t * svn_checksum(svn_checksum_t **checksum, svn_checksum_kind_t kind, const void *data, apr_size_t len, apr_pool_t *pool) { apr_sha1_ctx_t sha1_ctx; SVN_ERR(validate_kind(kind)); *checksum = svn_checksum_create(kind, pool); switch (kind) { case svn_checksum_md5: apr_md5((unsigned char *)(*checksum)->digest, data, len); break; case svn_checksum_sha1: apr_sha1_init(&sha1_ctx); apr_sha1_update(&sha1_ctx, data, len); apr_sha1_final((unsigned char *)(*checksum)->digest, &sha1_ctx); break; default: /* We really shouldn't get here, but if we do... */ return svn_error_create(SVN_ERR_BAD_CHECKSUM_KIND, NULL, NULL); } return SVN_NO_ERROR; }
char * ipr_file_digest ( char * filename // File to digest ) { FILE *file_stream; // File stream to digest ipr_bucket_t *bucket; // Bucket of data from file apr_sha1_ctx_t context; apr_byte_t bin_digest [APR_SHA1_DIGESTSIZE]; char * digest = NULL; // Not documented // assert (filename); # define DIGEST_BLOCK 1000000 // Read 1MB at a time from file file_stream = fopen (filename, "rb"); if (file_stream) { apr_sha1_init (&context); bucket = ipr_bucket_new (DIGEST_BLOCK); while ((bucket->cur_size = fread (bucket->data, 1, DIGEST_BLOCK, file_stream)) > 0) apr_sha1_update (&context, (char *) bucket->data, bucket->cur_size); fclose (file_stream); ipr_bucket_destroy (&bucket); apr_sha1_final (bin_digest, &context); digest = icl_mem_alloc (ICL_SHORTSTR_MAX); apr_base64_encode (digest, (char *) bin_digest, APR_MD5_DIGESTSIZE); } return (digest); }
static char *hmac_sha1(apr_pool_t *p, char *data, char *key) { apr_sha1_ctx_t context; unsigned char digest[APR_SHA1_DIGESTSIZE]; unsigned char k_ipad[65], k_opad[65]; unsigned char kt[APR_SHA1_DIGESTSIZE]; unsigned char *k = (unsigned char *)key; int key_len, i; char *out; int l, outlen; key_len = strlen(key); if(key_len > BLOCK_SIZE) { k = kt; key_len = APR_SHA1_DIGESTSIZE; } memset((void *)k_ipad, 0, sizeof(k_ipad)); memset((void *)k_opad, 0, sizeof(k_opad)); memmove(k_ipad, k, key_len); memmove(k_opad, k, key_len); for (i = 0; i < BLOCK_SIZE; i++) { k_ipad[i] ^= 0x36; k_opad[i] ^= 0x5c; } apr_sha1_init(&context); apr_sha1_update_binary(&context, k_ipad, 64); apr_sha1_update_binary(&context, (const unsigned char *)data, strlen(data)); apr_sha1_final(digest, &context); apr_sha1_init(&context); apr_sha1_update_binary(&context, k_opad, 64); apr_sha1_update_binary(&context, digest, sizeof(digest)); apr_sha1_final(digest, &context); outlen = apr_base64_encode_len(sizeof(digest)); out = apr_palloc(p, outlen); l = apr_base64_encode_binary(out, digest, sizeof(digest)); out[l - 2] = '\0'; return out; }
/** * Generate a SHA1 hash of the supplied data. */ static char *mod_sslhaf_generate_sha1(apr_pool_t *pool, char *data, int len) { unsigned char digest[APR_SHA1_DIGESTSIZE]; apr_sha1_ctx_t context; apr_sha1_init(&context); apr_sha1_update(&context, (const char *)data, len); apr_sha1_final(digest, &context); return mod_sslhaf_bytes2hex(pool, digest, APR_SHA1_DIGESTSIZE); }
/* Implements an HMAC with SHA1 the correct, safe way : http://en.wikipedia.org/wiki/Hash-based_message_authentication_code * * Basic idea is to split the key in 2 parts, then hash the data twice, with 2 separate pieces of the key appended * * HMAC (K,m) = H((K+opad) | H((K+ipad) | m)) * * Tricky, but much, much safer than the trivial implementation of HMAC(K,m) = H(K|m) * */ void hmac(const void *key, apr_size_t keylen, const void *data, apr_size_t datalen, void *result) { apr_sha1_ctx_t inner; apr_sha1_ctx_t outer; unsigned char keypad[HMAC_BLOCKSIZE]; unsigned char inner_digest[APR_SHA1_DIGESTSIZE]; /* Shorten the key down to the blocksize, anything more is useless */ if (keylen > HMAC_BLOCKSIZE) { apr_sha1_ctx_t context; unsigned char digest[APR_SHA1_DIGESTSIZE]; apr_sha1_init(&context); apr_sha1_update_binary(&context, key, keylen); apr_sha1_final(digest, &context); key = digest; keylen = APR_SHA1_DIGESTSIZE; } /* Prepare and mask the inner portion of the key */ memset(keypad, HMAC_IPAD, HMAC_BLOCKSIZE); mxor(keypad, key, keylen); /* Compute the inner hash */ apr_sha1_init(&inner); apr_sha1_update_binary(&inner, keypad, HMAC_BLOCKSIZE); apr_sha1_update_binary(&inner, data, datalen); apr_sha1_final(inner_digest, &inner); /* Prepare and mask the outer portion of the key */ memset(keypad, HMAC_OPAD, HMAC_BLOCKSIZE); mxor(keypad, key, keylen); /* Compute the outer hash */ apr_sha1_init(&outer); apr_sha1_update_binary(&outer, keypad, HMAC_BLOCKSIZE); apr_sha1_update_binary(&outer, inner_digest, APR_SHA1_DIGESTSIZE); apr_sha1_final(result, &outer); return; }
int rasqal_digest_buffer(rasqal_digest_type type, const unsigned char *output, const unsigned char *input, size_t len) { unsigned int output_len = 0; if(type != RASQAL_DIGEST_SHA1 && type != RASQAL_DIGEST_MD5) return -1; #ifdef HAVE_APR_SHA1_H if(type == RASQAL_DIGEST_SHA1) output_len = APR_SHA1_DIGESTSIZE; #endif #ifdef HAVE_APR_MD5_H if(type == RASQAL_DIGEST_MD5) output_len = APR_MD5_DIGESTSIZE; if(!input) return output_len; #endif #ifdef HAVE_APR_SHA1_H if(type == RASQAL_DIGEST_SHA1) { struct apr_sha1_ctx_t c; apr_sha1_init(&c); apr_sha1_update_binary(&c, input, len); apr_sha1_final((unsigned char*)output, &c); } #endif #ifdef HAVE_APR_MD5_H if(type == RASQAL_DIGEST_MD5) { if(apr_md5((unsigned char*)output, input, len)) output_len = -1; } #endif return output_len; }
int sha1_file(const std::string& filename, std::string& checksum, bool binary) { apr_initialize(); apr_pool_t* pool; apr_pool_create(&pool, NULL); apr_file_t* in; apr_int32_t flags = (binary ? APR_READ | APR_BINARY : APR_READ); apr_file_open(&in, filename.c_str(), flags, APR_OS_DEFAULT, pool); char buffer[512]; memset(buffer, 0, sizeof(buffer)); apr_size_t bytes_read = 0; apr_file_read_full(in, buffer, 512, &bytes_read); apr_file_close(in); unsigned char digest[APR_SHA1_DIGESTSIZE + 1]; memset(digest, 0, APR_SHA1_DIGESTSIZE + 1); apr_sha1_ctx_t context; apr_sha1_init(&context); if(binary) apr_sha1_update_binary(&context, (const unsigned char*)buffer, bytes_read); else apr_sha1_update(&context, buffer, bytes_read); apr_sha1_final(digest, &context); std::ostringstream oss; for(int i = 0; i < APR_SHA1_DIGESTSIZE; i++) { unsigned short letter = digest[i]; oss << std::hex << std::setw(2) << std::setfill('0') << letter; } checksum = oss.str(); apr_pool_destroy(pool); apr_terminate(); return 0; }
static authn_status check_mongodb_pw(request_rec *r, const char *user, const char *password) { authn_mongodb_config_rec *conf = ap_get_module_config(r->per_dir_config, &authn_mongodb_module); apr_status_t rv; char *password_hash; char *colon_pw; rv = fetch_mongodb_value(conf->host, conf->port, conf->userfield, conf->passwdfield, conf->collection, user, &password_hash, r->pool); if (rv != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, "could not open mongoDB (host %s) port: %d", conf->host, conf->port); return AUTH_GENERAL_ERROR; } if (!password_hash) { return AUTH_USER_NOT_FOUND; } if ( conf->password_format != NULL) { if ( strcasecmp( conf->password_format,"django")==0) { char *token; char *alg; char *salt; char *hsh; char *saltpass; alg= apr_strtok( password_hash, "$",&token); salt = apr_strtok( NULL, "$",&token); hsh = apr_strtok( NULL, "$",&token); //ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,"password_hash=%s ALG=%s salt=%s hsh=%s", password_hash,alg,salt,hsh ); saltpass= apr_pstrcat(r->pool, salt, password, NULL); //char hash[APR_SHA1_DIGESTSIZE+APR_SHA1PW_IDLEN]; apr_byte_t hash[APR_SHA1_DIGESTSIZE+1]; apr_sha1_ctx_t context; apr_sha1_init(&context); apr_sha1_update(&context, saltpass, strlen(saltpass)); apr_sha1_final(hash, &context); hash[APR_SHA1_DIGESTSIZE]='\0'; int i=0; int j=0; for (i=0,j=0; i < APR_SHA1_DIGESTSIZE ;i+=1, j+=2 ) { if ( hash[i] != parse_hexpair(&(hsh[j]))) { return AUTH_DENIED; } } return AUTH_GRANTED; } else { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,"unrecognized password format %s", conf->password_format); return AUTH_DENIED; } } else { colon_pw = ap_strchr(password_hash, ':'); if (colon_pw) { *colon_pw = '\0'; } rv = apr_password_validate(password, password_hash); } if (rv != APR_SUCCESS) { return AUTH_DENIED; } return AUTH_GRANTED; }
apr_status_t sha1_file(const std::string& filename, std::string& checksum, bool binary, apr_pool_t* parentPool) { apr_status_t ret = APR_SUCCESS; apr_pool_t* pool = NULL; ret = apr_pool_create(&pool, parentPool); if(ret == APR_SUCCESS) { apr_file_t* in = NULL; apr_int32_t flags = (binary ? APR_READ | APR_BINARY : APR_READ); ret = apr_file_open(&in, filename.c_str(), flags, APR_OS_DEFAULT, pool); if(ret == APR_SUCCESS) { unsigned char digest[APR_SHA1_DIGESTSIZE + 1]; memset(digest, 0, APR_SHA1_DIGESTSIZE + 1); apr_sha1_ctx_t context; apr_sha1_init(&context); unsigned char buffer[512]; memset(buffer, 0, sizeof(buffer)); apr_size_t bytes_read = 0; ret = apr_file_read_full(in, buffer, sizeof(buffer) - 1, &bytes_read); if(ret == APR_SUCCESS || ret == APR_EOF) { if(binary) apr_sha1_update_binary(&context, buffer, bytes_read); else apr_sha1_update(&context, (const char*)buffer, bytes_read); } while(ret == APR_SUCCESS) { ret = apr_file_read_full(in, buffer, sizeof(buffer) - 1, &bytes_read); if(ret == APR_SUCCESS || ret == APR_EOF) { if(binary) apr_sha1_update_binary(&context, buffer, bytes_read); else apr_sha1_update(&context, (const char*)buffer, bytes_read); } } apr_sha1_final(digest, &context); if(ret == APR_EOF) { std::ostringstream oss; for(int i = 0; i < APR_SHA1_DIGESTSIZE; i++) { unsigned short letter = digest[i]; oss << std::hex << std::setw(2) << std::setfill('0') << letter; } checksum = oss.str(); ret = APR_SUCCESS; } apr_file_close(in); } apr_pool_destroy(pool); } return ret; }