int f_crypto_md5(lua_State *L) {
li_MD5_CTX Md5Ctx;
HASH HA1;
buffer b;
char hex[33];
int n = lua_gettop(L);
b.ptr = hex;
b.used = 0;
b.size = sizeof(hex);
if (n != 1) {
lua_pushstring(L, "md5: expected one argument");
lua_error(L);
}
if (!lua_isstring(L, 1)) {
lua_pushstring(L, "md5: argument has to be a string");
lua_error(L);
}
li_MD5_Init(&Md5Ctx);
li_MD5_Update(&Md5Ctx, (unsigned char *)lua_tostring(L, 1), lua_strlen(L, 1));
li_MD5_Final(HA1, &Md5Ctx);
buffer_copy_string_hex(&b, (char *)HA1, 16);
lua_pushstring(L, b.ptr);
return 1;
}
static int mod_authn_mysql_password_cmp(const char *userpw, unsigned long userpwlen, const char *reqpw) {
#if defined(HAVE_CRYPT_R) || defined(HAVE_CRYPT)
if (userpwlen >= 3 && userpw[0] == '$' && userpw[2] == '$') {
/* md5 crypt()
* request by Nicola Tiling <*****@*****.**> */
const char *saltb = userpw+3;
const char *salte = strchr(saltb, '$');
char salt[32];
size_t slen = (NULL != salte) ? (size_t)(salte - saltb) : sizeof(salt);
if (slen < sizeof(salt)) {
char *crypted;
#if defined(HAVE_CRYPT_R)
struct crypt_data crypt_tmp_data;
#ifdef _AIX
memset(&crypt_tmp_data, 0, sizeof(crypt_tmp_data));
#else
crypt_tmp_data.initialized = 0;
#endif
#endif
memcpy(salt, saltb, slen);
salt[slen] = '\0';
#if defined(HAVE_CRYPT_R)
crypted = crypt_r(reqpw, salt, &crypt_tmp_data);
#else
crypted = crypt(reqpw, salt);
#endif
if (NULL != crypted) {
return strcmp(userpw, crypted);
}
}
}
else
#endif
if (32 == userpwlen) {
/* plain md5 */
li_MD5_CTX Md5Ctx;
unsigned char HA1[16];
unsigned char md5pw[16];
li_MD5_Init(&Md5Ctx);
li_MD5_Update(&Md5Ctx, (unsigned char *)reqpw, strlen(reqpw));
li_MD5_Final(HA1, &Md5Ctx);
/*(compare 16-byte MD5 binary instead of converting to hex strings
* in order to then have to do case-insensitive hex str comparison)*/
return (0 == http_auth_md5_hex2bin(userpw, 32 /*(userpwlen)*/, md5pw))
? memcmp(HA1, md5pw, sizeof(md5pw))
: -1;
}
return -1;
}
static void apr_md5_encode(const char *pw, const char *salt, char *result, size_t nbytes) {
/*
* Minimum size is 8 bytes for salt, plus 1 for the trailing NUL,
* plus 4 for the '$' separators, plus the password hash itself.
* Let's leave a goodly amount of leeway.
*/
char passwd[120], *p;
const char *sp, *ep;
unsigned char final[APR_MD5_DIGESTSIZE];
ssize_t sl, pl, i;
li_MD5_CTX ctx, ctx1;
unsigned long l;
/*
* Refine the salt first. It's possible we were given an already-hashed
* string as the salt argument, so extract the actual salt value from it
* if so. Otherwise just use the string up to the first '$' as the salt.
*/
sp = salt;
/*
* If it starts with the magic string, then skip that.
*/
if (!strncmp(sp, APR1_ID, strlen(APR1_ID))) {
sp += strlen(APR1_ID);
}
/*
* It stops at the first '$' or 8 chars, whichever comes first
*/
for (ep = sp; (*ep != '\0') && (*ep != '$') && (ep < (sp + 8)); ep++) {
continue;
}
/*
* Get the length of the true salt
*/
sl = ep - sp;
/*
* 'Time to make the doughnuts..'
*/
li_MD5_Init(&ctx);
/*
* The password first, since that is what is most unknown
*/
li_MD5_Update(&ctx, pw, strlen(pw));
/*
* Then our magic string
*/
li_MD5_Update(&ctx, APR1_ID, strlen(APR1_ID));
/*
* Then the raw salt
*/
li_MD5_Update(&ctx, sp, sl);
/*
* Then just as many characters of the MD5(pw, salt, pw)
*/
li_MD5_Init(&ctx1);
li_MD5_Update(&ctx1, pw, strlen(pw));
li_MD5_Update(&ctx1, sp, sl);
li_MD5_Update(&ctx1, pw, strlen(pw));
li_MD5_Final(final, &ctx1);
for (pl = strlen(pw); pl > 0; pl -= APR_MD5_DIGESTSIZE) {
li_MD5_Update(
&ctx, final,
(pl > APR_MD5_DIGESTSIZE) ? APR_MD5_DIGESTSIZE : pl);
}
/*
* Don't leave anything around in vm they could use.
*/
memset(final, 0, sizeof(final));
/*
* Then something really weird...
*/
for (i = strlen(pw); i != 0; i >>= 1) {
if (i & 1) {
li_MD5_Update(&ctx, final, 1);
}
else {
int main(int argc, char* argv[])
{
quip_fmt_t fmt = QUIP_FMT_BAM;
int o;
while ((o = getopt(argc, argv, "hsS")) != -1) {
if (o == 's' || o == 'S') {
fmt = QUIP_FMT_SAM;
}
else if (o == 'h') {
print_usage(stdout);
return 0;
}
else {
print_usage(stderr);
return 1;
}
}
if (optind < argc) {
fprintf(stderr, "Too many arguments!\n\n");
print_usage(stderr);
return 1;
}
quip_in_t* in = quip_in_open_file(stdin, QUIP_FMT_BAM, 0, NULL);
short_read_t* r;
li_MD5_CTX md5ctx;
li_MD5_Init(&md5ctx);
uint32_t auxsize, i;
samopt_t** opts = NULL;
uint32_t opts_size = 0;
while ((r = quip_read(in))) {
li_MD5_Update(&md5ctx, r->id.s, r->id.n);
li_MD5_Update(&md5ctx, r->seq.s, r->seq.n);
li_MD5_Update(&md5ctx, r->qual.s, r->qual.n);
li_MD5_Update(&md5ctx, (void*) &r->flags, sizeof(uint32_t));
li_MD5_Update(&md5ctx, r->seqname.s, r->seqname.n);
li_MD5_Update(&md5ctx, (void*) &r->strand, sizeof(uint8_t));
li_MD5_Update(&md5ctx, (void*) &r->pos, sizeof(uint32_t));
li_MD5_Update(&md5ctx, (void*) &r->map_qual, sizeof(uint8_t));
li_MD5_Update(&md5ctx, (void*) &r->cigar.n, sizeof(uint32_t));
li_MD5_Update(&md5ctx, r->cigar.ops, r->cigar.n * sizeof(uint8_t));
li_MD5_Update(&md5ctx, r->cigar.lens, r->cigar.n * sizeof(uint32_t));
li_MD5_Update(&md5ctx, r->mate_seqname.s, r->mate_seqname.n);
li_MD5_Update(&md5ctx, &r->mate_pos, sizeof(uint32_t));
li_MD5_Update(&md5ctx, &r->tlen, sizeof(uint32_t));
// hash optional fields without regard to order.
auxsize = samopt_table_size(r->aux);
li_MD5_Update(&md5ctx, &auxsize, sizeof(uint32_t));
if (auxsize > opts_size) {
opts_size = auxsize;
opts = realloc(opts, opts_size * sizeof(samopt_t*));
}
samopt_table_dump_sorted(r->aux, opts);
for (i = 0; i < auxsize; ++i) {
li_MD5_Update(&md5ctx, &opts[i]->key, 2 * sizeof(uint8_t));
li_MD5_Update(&md5ctx, &opts[i]->type, sizeof(uint8_t));
li_MD5_Update(&md5ctx, opts[i]->data->s, opts[i]->data->n);
}
}
quip_in_close(in);
free(opts);
uint64_t md5[2];
li_MD5_Final((unsigned char*) md5, &md5ctx);
printf("%016"PRIx64"%016"PRIx64"\n", md5[0], md5[1]);
return 0;
}
static int secdl_verify_mac(server *srv, plugin_config *config, const char* protected_path, const char* mac, size_t maclen) {
UNUSED(srv);
if (0 == maclen || secdl_algorithm_mac_length(config->algorithm) != maclen) return 0;
switch (config->algorithm) {
case SECDL_INVALID:
break;
case SECDL_MD5:
{
li_MD5_CTX Md5Ctx;
HASH HA1;
char hexmd5[33];
const char *ts_str;
const char *rel_uri;
/* legacy message:
* protected_path := '/' <timestamp-hex> <rel-path>
* timestamp-hex := [0-9a-f]{8}
* rel-path := '/' any*
* (the protected path was already verified)
* message = <secret><rel-path><timestamp-hex>
*/
ts_str = protected_path + 1;
rel_uri = ts_str + 8;
li_MD5_Init(&Md5Ctx);
li_MD5_Update(&Md5Ctx, CONST_BUF_LEN(config->secret));
li_MD5_Update(&Md5Ctx, rel_uri, strlen(rel_uri));
li_MD5_Update(&Md5Ctx, ts_str, 8);
li_MD5_Final(HA1, &Md5Ctx);
li_tohex(hexmd5, sizeof(hexmd5), (const char *)HA1, 16);
return (32 == maclen) && const_time_memeq(mac, hexmd5, 32);
}
case SECDL_HMAC_SHA1:
#ifdef USE_OPENSSL_CRYPTO
{
unsigned char digest[20];
char base64_digest[27];
if (NULL == HMAC(
EVP_sha1(),
(unsigned char const*) CONST_BUF_LEN(config->secret),
(unsigned char const*) protected_path, strlen(protected_path),
digest, NULL)) {
log_error_write(srv, __FILE__, __LINE__, "s",
"hmac-sha1: HMAC() failed");
return 0;
}
li_to_base64_no_padding(base64_digest, 27, digest, 20, BASE64_URL);
return (27 == maclen) && const_time_memeq(mac, base64_digest, 27);
}
#endif
break;
case SECDL_HMAC_SHA256:
#ifdef USE_OPENSSL_CRYPTO
{
unsigned char digest[32];
char base64_digest[43];
if (NULL == HMAC(
EVP_sha256(),
(unsigned char const*) CONST_BUF_LEN(config->secret),
(unsigned char const*) protected_path, strlen(protected_path),
digest, NULL)) {
log_error_write(srv, __FILE__, __LINE__, "s",
"hmac-sha256: HMAC() failed");
return 0;
}
li_to_base64_no_padding(base64_digest, 43, digest, 32, BASE64_URL);
return (43 == maclen) && const_time_memeq(mac, base64_digest, 43);
}
#endif
break;
}
return 0;
}