/src/httpd/srclib/apr/crypto/apr_sha1.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* Licensed to the Apache Software Foundation (ASF) under one or more |
2 | | * contributor license agreements. See the NOTICE file distributed with |
3 | | * this work for additional information regarding copyright ownership. |
4 | | * The ASF licenses this file to You under the Apache License, Version 2.0 |
5 | | * (the "License"); you may not use this file except in compliance with |
6 | | * the License. You may obtain a copy of the License at |
7 | | * |
8 | | * http://www.apache.org/licenses/LICENSE-2.0 |
9 | | * |
10 | | * Unless required by applicable law or agreed to in writing, software |
11 | | * distributed under the License is distributed on an "AS IS" BASIS, |
12 | | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
13 | | * See the License for the specific language governing permissions and |
14 | | * limitations under the License. |
15 | | */ |
16 | | |
17 | | /* |
18 | | * The exported function: |
19 | | * |
20 | | * apr_sha1_base64(const char *clear, int len, char *out); |
21 | | * |
22 | | * provides a means to SHA1 crypt/encode a plaintext password in |
23 | | * a way which makes password files compatible with those commonly |
24 | | * used in netscape web and ldap installations. It was put together |
25 | | * by Clinton Wong <clintdw@netcom.com>, who also notes that: |
26 | | * |
27 | | * Note: SHA1 support is useful for migration purposes, but is less |
28 | | * secure than Apache's password format, since Apache's (MD5) |
29 | | * password format uses a random eight character salt to generate |
30 | | * one of many possible hashes for the same password. Netscape |
31 | | * uses plain SHA1 without a salt, so the same password |
32 | | * will always generate the same hash, making it easier |
33 | | * to break since the search space is smaller. |
34 | | * |
35 | | * See also the documentation in support/SHA1 as to hints on how to |
36 | | * migrate an existing netscape installation and other supplied utitlites. |
37 | | * |
38 | | * This software also makes use of the following component: |
39 | | * |
40 | | * NIST Secure Hash Algorithm |
41 | | * heavily modified by Uwe Hollerbach uh@alumni.caltech edu |
42 | | * from Peter C. Gutmann's implementation as found in |
43 | | * Applied Cryptography by Bruce Schneier |
44 | | * This code is hereby placed in the public domain |
45 | | */ |
46 | | |
47 | | #include "apr_sha1.h" |
48 | | #include "apr_base64.h" |
49 | | #include "apr_strings.h" |
50 | | #include "apr_lib.h" |
51 | | #if APR_CHARSET_EBCDIC |
52 | | #include "apr_xlate.h" |
53 | | #endif /*APR_CHARSET_EBCDIC*/ |
54 | | #include <string.h> |
55 | | |
56 | | /* a bit faster & bigger, if defined */ |
57 | | #define UNROLL_LOOPS |
58 | | |
59 | | /* NIST's proposed modification to SHA, 7/11/94 */ |
60 | | #define USE_MODIFIED_SHA |
61 | | |
62 | | /* SHA f()-functions */ |
63 | 0 | #define f1(x,y,z) ((x & y) | (~x & z)) |
64 | 0 | #define f2(x,y,z) (x ^ y ^ z) |
65 | 0 | #define f3(x,y,z) ((x & y) | (x & z) | (y & z)) |
66 | 0 | #define f4(x,y,z) (x ^ y ^ z) |
67 | | |
68 | | /* SHA constants */ |
69 | 0 | #define CONST1 0x5a827999L |
70 | 0 | #define CONST2 0x6ed9eba1L |
71 | 0 | #define CONST3 0x8f1bbcdcL |
72 | 0 | #define CONST4 0xca62c1d6L |
73 | | |
74 | | /* 32-bit rotate */ |
75 | | |
76 | 0 | #define ROT32(x,n) ((x << n) | (x >> (32 - n))) |
77 | | |
78 | | #define FUNC(n,i) \ |
79 | 0 | temp = ROT32(A,5) + f##n(B,C,D) + E + W[i] + CONST##n; \ |
80 | 0 | E = D; D = C; C = ROT32(B,30); B = A; A = temp |
81 | | |
82 | 0 | #define SHA_BLOCKSIZE 64 |
83 | | |
84 | | #if APR_CHARSET_EBCDIC |
85 | | static apr_xlate_t *ebcdic2ascii_xlate; |
86 | | |
87 | | APR_DECLARE(apr_status_t) apr_SHA1InitEBCDIC(apr_xlate_t *x) |
88 | | { |
89 | | apr_status_t rv; |
90 | | int onoff; |
91 | | |
92 | | /* Only single-byte conversion is supported. |
93 | | */ |
94 | | rv = apr_xlate_sb_get(x, &onoff); |
95 | | if (rv) { |
96 | | return rv; |
97 | | } |
98 | | if (!onoff) { /* If conversion is not single-byte-only */ |
99 | | return APR_EINVAL; |
100 | | } |
101 | | ebcdic2ascii_xlate = x; |
102 | | return APR_SUCCESS; |
103 | | } |
104 | | #endif |
105 | | |
106 | | /* do SHA transformation */ |
107 | | static void sha_transform(apr_sha1_ctx_t *sha_info) |
108 | 0 | { |
109 | 0 | int i; |
110 | 0 | apr_uint32_t temp, A, B, C, D, E, W[80]; |
111 | |
|
112 | 0 | for (i = 0; i < 16; ++i) { |
113 | 0 | W[i] = sha_info->data[i]; |
114 | 0 | } |
115 | 0 | for (i = 16; i < 80; ++i) { |
116 | 0 | W[i] = W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16]; |
117 | 0 | #ifdef USE_MODIFIED_SHA |
118 | 0 | W[i] = ROT32(W[i], 1); |
119 | 0 | #endif /* USE_MODIFIED_SHA */ |
120 | 0 | } |
121 | 0 | A = sha_info->digest[0]; |
122 | 0 | B = sha_info->digest[1]; |
123 | 0 | C = sha_info->digest[2]; |
124 | 0 | D = sha_info->digest[3]; |
125 | 0 | E = sha_info->digest[4]; |
126 | 0 | #ifdef UNROLL_LOOPS |
127 | 0 | FUNC(1, 0); FUNC(1, 1); FUNC(1, 2); FUNC(1, 3); FUNC(1, 4); |
128 | 0 | FUNC(1, 5); FUNC(1, 6); FUNC(1, 7); FUNC(1, 8); FUNC(1, 9); |
129 | 0 | FUNC(1,10); FUNC(1,11); FUNC(1,12); FUNC(1,13); FUNC(1,14); |
130 | 0 | FUNC(1,15); FUNC(1,16); FUNC(1,17); FUNC(1,18); FUNC(1,19); |
131 | |
|
132 | 0 | FUNC(2,20); FUNC(2,21); FUNC(2,22); FUNC(2,23); FUNC(2,24); |
133 | 0 | FUNC(2,25); FUNC(2,26); FUNC(2,27); FUNC(2,28); FUNC(2,29); |
134 | 0 | FUNC(2,30); FUNC(2,31); FUNC(2,32); FUNC(2,33); FUNC(2,34); |
135 | 0 | FUNC(2,35); FUNC(2,36); FUNC(2,37); FUNC(2,38); FUNC(2,39); |
136 | |
|
137 | 0 | FUNC(3,40); FUNC(3,41); FUNC(3,42); FUNC(3,43); FUNC(3,44); |
138 | 0 | FUNC(3,45); FUNC(3,46); FUNC(3,47); FUNC(3,48); FUNC(3,49); |
139 | 0 | FUNC(3,50); FUNC(3,51); FUNC(3,52); FUNC(3,53); FUNC(3,54); |
140 | 0 | FUNC(3,55); FUNC(3,56); FUNC(3,57); FUNC(3,58); FUNC(3,59); |
141 | |
|
142 | 0 | FUNC(4,60); FUNC(4,61); FUNC(4,62); FUNC(4,63); FUNC(4,64); |
143 | 0 | FUNC(4,65); FUNC(4,66); FUNC(4,67); FUNC(4,68); FUNC(4,69); |
144 | 0 | FUNC(4,70); FUNC(4,71); FUNC(4,72); FUNC(4,73); FUNC(4,74); |
145 | 0 | FUNC(4,75); FUNC(4,76); FUNC(4,77); FUNC(4,78); FUNC(4,79); |
146 | | #else /* !UNROLL_LOOPS */ |
147 | | for (i = 0; i < 20; ++i) { |
148 | | FUNC(1,i); |
149 | | } |
150 | | for (i = 20; i < 40; ++i) { |
151 | | FUNC(2,i); |
152 | | } |
153 | | for (i = 40; i < 60; ++i) { |
154 | | FUNC(3,i); |
155 | | } |
156 | | for (i = 60; i < 80; ++i) { |
157 | | FUNC(4,i); |
158 | | } |
159 | | #endif /* !UNROLL_LOOPS */ |
160 | 0 | sha_info->digest[0] += A; |
161 | 0 | sha_info->digest[1] += B; |
162 | 0 | sha_info->digest[2] += C; |
163 | 0 | sha_info->digest[3] += D; |
164 | 0 | sha_info->digest[4] += E; |
165 | 0 | } |
166 | | |
167 | | union endianTest { |
168 | | long Long; |
169 | | char Char[sizeof(long)]; |
170 | | }; |
171 | | |
172 | | static char isLittleEndian(void) |
173 | 0 | { |
174 | 0 | static union endianTest u; |
175 | 0 | u.Long = 1; |
176 | 0 | return (u.Char[0] == 1); |
177 | 0 | } |
178 | | |
179 | | /* change endianness of data */ |
180 | | |
181 | | /* count is the number of bytes to do an endian flip */ |
182 | | static void maybe_byte_reverse(apr_uint32_t *buffer, int count) |
183 | 0 | { |
184 | 0 | int i; |
185 | 0 | apr_byte_t ct[4], *cp; |
186 | |
|
187 | 0 | if (isLittleEndian()) { /* do the swap only if it is little endian */ |
188 | 0 | count /= sizeof(apr_uint32_t); |
189 | 0 | cp = (apr_byte_t *) buffer; |
190 | 0 | for (i = 0; i < count; ++i) { |
191 | 0 | ct[0] = cp[0]; |
192 | 0 | ct[1] = cp[1]; |
193 | 0 | ct[2] = cp[2]; |
194 | 0 | ct[3] = cp[3]; |
195 | 0 | cp[0] = ct[3]; |
196 | 0 | cp[1] = ct[2]; |
197 | 0 | cp[2] = ct[1]; |
198 | 0 | cp[3] = ct[0]; |
199 | 0 | cp += sizeof(apr_uint32_t); |
200 | 0 | } |
201 | 0 | } |
202 | 0 | } |
203 | | |
204 | | /* initialize the SHA digest */ |
205 | | |
206 | | APR_DECLARE(void) apr_sha1_init(apr_sha1_ctx_t *sha_info) |
207 | 0 | { |
208 | 0 | sha_info->digest[0] = 0x67452301L; |
209 | 0 | sha_info->digest[1] = 0xefcdab89L; |
210 | 0 | sha_info->digest[2] = 0x98badcfeL; |
211 | 0 | sha_info->digest[3] = 0x10325476L; |
212 | 0 | sha_info->digest[4] = 0xc3d2e1f0L; |
213 | 0 | sha_info->count_lo = 0L; |
214 | 0 | sha_info->count_hi = 0L; |
215 | 0 | sha_info->local = 0; |
216 | 0 | } |
217 | | |
218 | | /* update the SHA digest */ |
219 | | |
220 | | APR_DECLARE(void) apr_sha1_update_binary(apr_sha1_ctx_t *sha_info, |
221 | | const unsigned char *buffer, |
222 | | unsigned int count) |
223 | 0 | { |
224 | 0 | unsigned int i; |
225 | |
|
226 | 0 | if ((sha_info->count_lo + ((apr_uint32_t) count << 3)) < sha_info->count_lo) { |
227 | 0 | ++sha_info->count_hi; |
228 | 0 | } |
229 | 0 | sha_info->count_lo += (apr_uint32_t) count << 3; |
230 | 0 | sha_info->count_hi += (apr_uint32_t) count >> 29; |
231 | 0 | if (sha_info->local) { |
232 | 0 | i = SHA_BLOCKSIZE - sha_info->local; |
233 | 0 | if (i > count) { |
234 | 0 | i = count; |
235 | 0 | } |
236 | 0 | memcpy(((apr_byte_t *) sha_info->data) + sha_info->local, buffer, i); |
237 | 0 | count -= i; |
238 | 0 | buffer += i; |
239 | 0 | sha_info->local += i; |
240 | 0 | if (sha_info->local == SHA_BLOCKSIZE) { |
241 | 0 | maybe_byte_reverse(sha_info->data, SHA_BLOCKSIZE); |
242 | 0 | sha_transform(sha_info); |
243 | 0 | } |
244 | 0 | else { |
245 | 0 | return; |
246 | 0 | } |
247 | 0 | } |
248 | 0 | while (count >= SHA_BLOCKSIZE) { |
249 | 0 | memcpy(sha_info->data, buffer, SHA_BLOCKSIZE); |
250 | 0 | buffer += SHA_BLOCKSIZE; |
251 | 0 | count -= SHA_BLOCKSIZE; |
252 | 0 | maybe_byte_reverse(sha_info->data, SHA_BLOCKSIZE); |
253 | 0 | sha_transform(sha_info); |
254 | 0 | } |
255 | 0 | memcpy(sha_info->data, buffer, count); |
256 | 0 | sha_info->local = count; |
257 | 0 | } |
258 | | |
259 | | APR_DECLARE(void) apr_sha1_update(apr_sha1_ctx_t *sha_info, const char *buf, |
260 | | unsigned int count) |
261 | 0 | { |
262 | | #if APR_CHARSET_EBCDIC |
263 | | int i; |
264 | | const apr_byte_t *buffer = (const apr_byte_t *) buf; |
265 | | apr_size_t inbytes_left, outbytes_left; |
266 | | |
267 | | if ((sha_info->count_lo + ((apr_uint32_t) count << 3)) < sha_info->count_lo) { |
268 | | ++sha_info->count_hi; |
269 | | } |
270 | | sha_info->count_lo += (apr_uint32_t) count << 3; |
271 | | sha_info->count_hi += (apr_uint32_t) count >> 29; |
272 | | /* Is there a remainder of the previous Update operation? */ |
273 | | if (sha_info->local) { |
274 | | i = SHA_BLOCKSIZE - sha_info->local; |
275 | | if (i > count) { |
276 | | i = count; |
277 | | } |
278 | | inbytes_left = outbytes_left = i; |
279 | | apr_xlate_conv_buffer(ebcdic2ascii_xlate, buffer, &inbytes_left, |
280 | | ((apr_byte_t *) sha_info->data) + sha_info->local, |
281 | | &outbytes_left); |
282 | | count -= i; |
283 | | buffer += i; |
284 | | sha_info->local += i; |
285 | | if (sha_info->local == SHA_BLOCKSIZE) { |
286 | | maybe_byte_reverse(sha_info->data, SHA_BLOCKSIZE); |
287 | | sha_transform(sha_info); |
288 | | } |
289 | | else { |
290 | | return; |
291 | | } |
292 | | } |
293 | | while (count >= SHA_BLOCKSIZE) { |
294 | | inbytes_left = outbytes_left = SHA_BLOCKSIZE; |
295 | | apr_xlate_conv_buffer(ebcdic2ascii_xlate, buffer, &inbytes_left, |
296 | | (apr_byte_t *) sha_info->data, &outbytes_left); |
297 | | buffer += SHA_BLOCKSIZE; |
298 | | count -= SHA_BLOCKSIZE; |
299 | | maybe_byte_reverse(sha_info->data, SHA_BLOCKSIZE); |
300 | | sha_transform(sha_info); |
301 | | } |
302 | | inbytes_left = outbytes_left = count; |
303 | | apr_xlate_conv_buffer(ebcdic2ascii_xlate, buffer, &inbytes_left, |
304 | | (apr_byte_t *) sha_info->data, &outbytes_left); |
305 | | sha_info->local = count; |
306 | | #else |
307 | 0 | apr_sha1_update_binary(sha_info, (const unsigned char *) buf, count); |
308 | 0 | #endif |
309 | 0 | } |
310 | | |
311 | | /* finish computing the SHA digest */ |
312 | | |
313 | | APR_DECLARE(void) apr_sha1_final(unsigned char digest[APR_SHA1_DIGESTSIZE], |
314 | | apr_sha1_ctx_t *sha_info) |
315 | 0 | { |
316 | 0 | int count, i, j; |
317 | 0 | apr_uint32_t lo_bit_count, hi_bit_count, k; |
318 | |
|
319 | 0 | lo_bit_count = sha_info->count_lo; |
320 | 0 | hi_bit_count = sha_info->count_hi; |
321 | 0 | count = (int) ((lo_bit_count >> 3) & 0x3f); |
322 | 0 | ((apr_byte_t *) sha_info->data)[count++] = 0x80; |
323 | 0 | if (count > SHA_BLOCKSIZE - 8) { |
324 | 0 | memset(((apr_byte_t *) sha_info->data) + count, 0, SHA_BLOCKSIZE - count); |
325 | 0 | maybe_byte_reverse(sha_info->data, SHA_BLOCKSIZE); |
326 | 0 | sha_transform(sha_info); |
327 | 0 | memset((apr_byte_t *) sha_info->data, 0, SHA_BLOCKSIZE - 8); |
328 | 0 | } |
329 | 0 | else { |
330 | 0 | memset(((apr_byte_t *) sha_info->data) + count, 0, |
331 | 0 | SHA_BLOCKSIZE - 8 - count); |
332 | 0 | } |
333 | 0 | maybe_byte_reverse(sha_info->data, SHA_BLOCKSIZE); |
334 | 0 | sha_info->data[14] = hi_bit_count; |
335 | 0 | sha_info->data[15] = lo_bit_count; |
336 | 0 | sha_transform(sha_info); |
337 | |
|
338 | 0 | for (i = 0, j = 0; j < APR_SHA1_DIGESTSIZE; i++) { |
339 | 0 | k = sha_info->digest[i]; |
340 | 0 | digest[j++] = (unsigned char) ((k >> 24) & 0xff); |
341 | 0 | digest[j++] = (unsigned char) ((k >> 16) & 0xff); |
342 | 0 | digest[j++] = (unsigned char) ((k >> 8) & 0xff); |
343 | 0 | digest[j++] = (unsigned char) (k & 0xff); |
344 | 0 | } |
345 | 0 | } |
346 | | |
347 | | |
348 | | APR_DECLARE(void) apr_sha1_base64(const char *clear, int len, char *out) |
349 | 0 | { |
350 | 0 | int l; |
351 | 0 | apr_sha1_ctx_t context; |
352 | 0 | apr_byte_t digest[APR_SHA1_DIGESTSIZE]; |
353 | |
|
354 | 0 | apr_sha1_init(&context); |
355 | 0 | apr_sha1_update(&context, clear, len); |
356 | 0 | apr_sha1_final(digest, &context); |
357 | | |
358 | | /* private marker. */ |
359 | 0 | apr_cpystrn(out, APR_SHA1PW_ID, APR_SHA1PW_IDLEN + 1); |
360 | | |
361 | | /* SHA1 hash is always 20 chars */ |
362 | 0 | l = apr_base64_encode_binary(out + APR_SHA1PW_IDLEN, digest, sizeof(digest)); |
363 | 0 | out[l + APR_SHA1PW_IDLEN] = '\0'; |
364 | | |
365 | | /* |
366 | | * output of base64 encoded SHA1 is always 28 chars + APR_SHA1PW_IDLEN |
367 | | */ |
368 | 0 | } |