diff --git a/CMakeLists.txt b/CMakeLists.txt index bea37cd35..ecdd3a50b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -18,6 +18,8 @@ INCLUDE_DIRECTORIES(.) INCLUDE_DIRECTORIES(./src) INCLUDE_DIRECTORIES(./third_party/libev) ADD_LIBRARY(ev STATIC third_party/libev/ev.c) +ADD_LIBRARY(scrmbl STATIC third_party/scramble/scramble.c) +ADD_LIBRARY(sha STATIC third_party/sha1/sha1.c) TARGET_COMPILE_DEFINITIONS(ev PRIVATE EV_STANDALONE=1) TARGET_COMPILE_OPTIONS(ev PRIVATE -w) ADD_EXECUTABLE(MempoolUnitTest.test src/Utils/Mempool.hpp test/MempoolUnitTest.cpp) @@ -32,7 +34,7 @@ ADD_EXECUTABLE(Client.test src/Client/Connector.hpp test/ClientTest.cpp) ADD_EXECUTABLE(ClientPerfTest.test src/Client/Connector.hpp test/ClientPerfTest.cpp) ADD_EXECUTABLE(SimpleExample examples/Simple.cpp) TARGET_LINK_LIBRARIES(ClientPerfTest.test ev) -TARGET_LINK_LIBRARIES(Client.test ev) +TARGET_LINK_LIBRARIES(Client.test ev scrmbl sha) IF (benchmark_FOUND) ADD_EXECUTABLE(BufferGPerf.test src/Buffer/Buffer.hpp test/BufferGPerfTest.cpp) diff --git a/src/Client/Connection.hpp b/src/Client/Connection.hpp index 39fcc8757..ec0cb9b4f 100644 --- a/src/Client/Connection.hpp +++ b/src/Client/Connection.hpp @@ -175,6 +175,15 @@ class Connection { rid_t call(const std::string &func, const T &args); rid_t ping(); + /** + * Authorizate user with user_name and password + * @param user_name name of user + * @param password user's password + * @retval request id + */ + rid_t auth(const std::string& user_name, const std::string& password); + + void setError(const std::string &msg); std::string& getError(); void reset(); @@ -406,6 +415,15 @@ Connection::select(const T &key, uint32_t space_id, return RequestEncoder::getSync(); } +template +rid_t +Connection::auth(const std::string& user_name, const std::string& password) +{ + m_EndEncoded += m_Encoder.encodeAuth(user_name, password, m_Greeting); + m_Connector.readyToSend(*this); + return RequestEncoder::getSync(); +} + template void Connection::setError(const std::string &msg) diff --git a/src/Client/Connector.hpp b/src/Client/Connector.hpp index 3e9f0d6e9..5a9681bbd 100644 --- a/src/Client/Connector.hpp +++ b/src/Client/Connector.hpp @@ -33,6 +33,16 @@ #include "DefaultNetProvider.hpp" #include "../Utils/Timer.hpp" +struct Config { + const std::string addr; + unsigned port; + const std::string user_name = std::string(); + const std::string password = std::string(); + constexpr static size_t DEFAULT_CONNECT_TIMEOUT = 2; + size_t timeout = DEFAULT_CONNECT_TIMEOUT; +}; + + template> class Connector { @@ -44,7 +54,11 @@ class Connector int connect(Connection &conn, const std::string_view& addr, unsigned port, - size_t timeout = DEFAULT_CONNECT_TIMEOUT); + size_t timeout = Config::DEFAULT_CONNECT_TIMEOUT); + + + int connect(Connection &conn, const Config& config); + void close(Connection &conn); int wait(Connection &conn, rid_t future, @@ -60,7 +74,7 @@ class Connector void readyToDecode(Connection &conn); void readyToSend(Connection &conn); - constexpr static size_t DEFAULT_CONNECT_TIMEOUT = 2; + private: NetProvider m_NetProvider; /** @@ -102,6 +116,40 @@ Connector::connect(Connection &conn, return 0; } +template +int +Connector::connect(Connection &conn, const Config& config) +{ + if (conn.socket >= 0 && m_NetProvider.check(conn)) { + LOG_ERROR("Current connection to ", conn.socket, " is alive! " + "Please close it before connecting to the new address"); + return -1; + } + if (m_NetProvider.connect(conn, config.addr, config.port, config.timeout) != 0) { + LOG_ERROR("Failed to connect to ", config.addr, ':', config.port); + LOG_ERROR("Reason: ", conn.getError()); + return -1; + } + LOG_DEBUG("Connected to ", config.addr, ':', config.port, " has been established"); + if (config.user_name != std::string() && config.password != std::string()) { + rid_t auth_f = conn.auth(config.user_name, config.password); + wait(conn, auth_f, 1000); + std::optional> response = conn.getResponse(auth_f); + + + if (response->body.error_stack != std::nullopt) { + Error err = (*response->body.error_stack).error; + std::cout << "RESPONSE ERROR: msg=" << err.msg << + " line=" << err.file << " file=" << err.file << + " errno=" << err.saved_errno << + " type=" << err.type_name << + " code=" << err.errcode << std::endl; + return -1; + } + } + return 0; +} + template void Connector::close(Connection &conn) diff --git a/src/Client/RequestEncoder.hpp b/src/Client/RequestEncoder.hpp index 21025cba2..f98e95134 100644 --- a/src/Client/RequestEncoder.hpp +++ b/src/Client/RequestEncoder.hpp @@ -34,8 +34,10 @@ #include #include "IprotoConstants.hpp" +#include "ResponseReader.hpp" #include "../mpp/mpp.hpp" #include "../Utils/Logger.hpp" +#include "../../third_party/scramble/scramble.h" enum IteratorType { EQ = 0, @@ -82,6 +84,7 @@ class RequestEncoder { uint32_t index_id = 0, uint32_t limit = UINT32_MAX, uint32_t offset = 0, IteratorType iterator = EQ); + size_t encodeAuth(const std::string& user_name, const std::string& password, const Greeting& greeting); template size_t encodeCall(const std::string &func, const T &args); @@ -236,6 +239,25 @@ RequestEncoder::encodeSelect(const T &key, return request_size + PREHEADER_SIZE; } +template +size_t +RequestEncoder::encodeAuth(const std::string& user_name, const std::string& password, const Greeting& greeting) +{ + char scrambled[2 * SCRAMBLE_SIZE] = {}; + scramble_prepare(scrambled, greeting.salt, password.c_str(), password.size()); + iterator_t request_start = m_Buf.end(); + m_Buf.addBack('\xce'); + m_Buf.addBack(uint32_t{0}); + encodeHeader(Iproto::AUTH); + m_Enc.add(mpp::as_map(std::forward_as_tuple( + MPP_AS_CONST(Iproto::USER_NAME), user_name, + MPP_AS_CONST(Iproto::TUPLE), std::make_tuple("chap-sha1", scrambled)))); + uint32_t request_size = (m_Buf.end() - request_start) - PREHEADER_SIZE; + m_Buf.set(request_start + 1, __builtin_bswap32(request_size)); + return request_size + PREHEADER_SIZE; +} + + template template size_t diff --git a/test/ClientTest.cpp b/test/ClientTest.cpp index 9ef5d070e..f91a6e8c5 100644 --- a/test/ClientTest.cpp +++ b/test/ClientTest.cpp @@ -36,7 +36,7 @@ #include "../src/Client/Connector.hpp" const char *localhost = "127.0.0.1"; -int port = 3301; +unsigned port = 3301; int WAIT_TIMEOUT = 1000; //milliseconds using Net_t = DefaultNetProvider; @@ -62,28 +62,29 @@ printResponse(Connection &conn, Response &response, " code=" << err.errcode << std::endl; return; } - assert(response.body.data != std::nullopt); - Data& data = *response.body.data; - if (data.tuples.empty()) { - std::cout << "Empty result" << std::endl; - return; - } - std::vector tuples; - switch (format) { - case TUPLES: - tuples = decodeUserTuple(conn.getInBuf(), data); - break; - case MULTI_RETURN: - tuples = decodeMultiReturn(conn.getInBuf(), data); - break; - case SELECT_RETURN: - tuples = decodeSelectReturn(conn.getInBuf(), data); - break; - default: - assert(0); - } - for (auto const& t : tuples) { - std::cout << t << std::endl; + if (response.body.data != std::nullopt) { + Data& data = *response.body.data; + if (data.tuples.empty()) { + std::cout << "Empty result" << std::endl; + return; + } + std::vector tuples; + switch (format) { + case TUPLES: + tuples = decodeUserTuple(conn.getInBuf(), data); + break; + case MULTI_RETURN: + tuples = decodeMultiReturn(conn.getInBuf(), data); + break; + case SELECT_RETURN: + tuples = decodeSelectReturn(conn.getInBuf(), data); + break; + default: + assert(0); + } + for (auto const& t : tuples) { + std::cout << t << std::endl; + } } } @@ -557,6 +558,82 @@ single_conn_call(Connector &client) client.close(conn); } +/* Authentication */ +template +void +authentication_test(Connector &client) +{ + TEST_INIT(0); + TEST_CASE("Authentication within user_name and password"); + { + Connection conn(client); + Config config = {localhost, port}; + int rc = client.connect(conn, config); + fail_unless(rc == 0); + client.close(conn); + } + + TEST_CASE("Authentication with user_name and password good"); + { + Connection conn(client); + Config config = {localhost, port, "Anastas", "123456"}; + int rc = client.connect(conn, config); + fail_unless(rc == 0); + client.close(conn); + } + + TEST_CASE("Authentication with user_name and wrong password"); + { + Connection conn(client); + Config config = {localhost, port, "Anastas", "1234567"}; + int rc = client.connect(conn, config); + fail_unless(rc == -1); + client.close(conn); + } + + + TEST_CASE("Authentication with wrong user_name"); + { + Connection conn(client); + Config config = {localhost, port, "Anastasius", "123456"}; + int rc = client.connect(conn, config); + fail_unless(rc == -1); + client.close(conn); + } + + TEST_CASE("Authentication with some privileges without errors"); + { + Connection conn(client); + Config config = {localhost, port, "Anastas", "123456"}; + int rc = client.connect(conn, config); + fail_unless(rc == 0); + uint32_t space_id = 512; + std::tuple data = std::make_tuple(666, "111", 1.01); + rid_t f1 = conn.space[space_id].replace(data); + data = std::make_tuple(777, "asd", 2.02); + rid_t f2 = conn.space[space_id].replace(data); + + client.wait(conn, f1, WAIT_TIMEOUT); + fail_unless(conn.futureIsReady(f1)); + std::optional> response = conn.getResponse(f1); + printResponse(conn, *response); + fail_unless(response != std::nullopt); + fail_unless(response->body.data != std::nullopt); + fail_unless(response->body.error_stack == std::nullopt); + + client.wait(conn, f2, WAIT_TIMEOUT); + fail_unless(conn.futureIsReady(f2)); + response = conn.getResponse(f2); + fail_unless(response != std::nullopt); + fail_unless(response->body.data != std::nullopt); + fail_unless(response->body.error_stack == std::nullopt); + + client.close(conn); + } +} + + + int main() { if (cleanDir() != 0) @@ -591,5 +668,7 @@ int main() single_conn_upsert(another_client); single_conn_select(another_client); single_conn_call(another_client); + + authentication_test(client); return 0; } diff --git a/test/cfg.lua b/test/cfg.lua index 3899431fa..0cfd83f96 100644 --- a/test/cfg.lua +++ b/test/cfg.lua @@ -1,5 +1,6 @@ box.cfg{listen = 3301, net_msg_max=10000, readahead=163200, log_level = 7, log='tarantool.txt'} box.schema.user.grant('guest', 'super', nil, nil, {if_not_exists=true}) +box.schema.user.create('Anastas', {password='123456'}) if box.space.t then box.space.t:drop() end s = box.schema.space.create('T') @@ -7,6 +8,8 @@ s:format{{name='id',type='integer'},{name='a',type='string'},{name='b',type='num s:create_index('primary') s:replace{1, 'asd', 1.123} +box.schema.user.grant('Anastas','read,write', 'space', 'T') + function remote_replace(arg1, arg2, arg3) return box.space.T:replace({arg1, arg2, arg3}) end diff --git a/third_party/scramble/scramble.c b/third_party/scramble/scramble.c new file mode 100644 index 000000000..8a8e3df24 --- /dev/null +++ b/third_party/scramble/scramble.c @@ -0,0 +1,67 @@ +/* + * Copyright 2010-2016, Tarantool AUTHORS, please see AUTHORS file. + * + * Redistribution and use in source and binary forms, with or + * without modification, are permitted provided that the following + * conditions are met: + * + * 1. Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +#include "scramble.h" +#include "../sha1/sha1.h" +#include +#include + +static void +xor(unsigned char *to, unsigned const char *left, + unsigned const char *right, uint32_t len) +{ + const uint8_t *end = to + len; + while (to < end) + *to++= *left++ ^ *right++; +} + +void +scramble_prepare(void *out, const void *salt, const void *password, + int password_len) +{ + unsigned char hash1[SCRAMBLE_SIZE]; + unsigned char hash2[SCRAMBLE_SIZE]; + SHA1_CTX ctx; + + SHA1Init(&ctx); + SHA1Update(&ctx, password, password_len); + SHA1Final(hash1, &ctx); + + SHA1Init(&ctx); + SHA1Update(&ctx, hash1, SCRAMBLE_SIZE); + SHA1Final(hash2, &ctx); + + SHA1Init(&ctx); + SHA1Update(&ctx, salt, SCRAMBLE_SIZE); + SHA1Update(&ctx, hash2, SCRAMBLE_SIZE); + SHA1Final(out, &ctx); + + xor(out, hash1, out, SCRAMBLE_SIZE); +} diff --git a/third_party/scramble/scramble.h b/third_party/scramble/scramble.h new file mode 100644 index 000000000..717ad4c08 --- /dev/null +++ b/third_party/scramble/scramble.h @@ -0,0 +1,76 @@ +#ifndef INCLUDES_TARANTOOL_SCRAMBLE_H +#define INCLUDES_TARANTOOL_SCRAMBLE_H +/* + * Copyright 2010-2016, Tarantool AUTHORS, please see AUTHORS file. + * + * Redistribution and use in source and binary forms, with or + * without modification, are permitted provided that the following + * conditions are met: + * + * 1. Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +#if defined(__cplusplus) +extern "C" { +#endif +/** + * These are the core bits of the built-in Tarantool + * authentication. They implement the same algorithm as + * in MySQL 4.1 authentication: + * + * SERVER: seed = create_random_string() + * send(seed) + * + * CLIENT: recv(seed) + * hash1 = sha1("password") + * hash2 = sha1(hash1) + * reply = xor(hash1, sha1(seed, hash2)) + * + * ^^ these steps are done in scramble_prepare() + * + * send(reply) + * + * + * SERVER: recv(reply) + * + * hash1 = xor(reply, sha1(seed, hash2)) + * candidate_hash2 = sha1(hash1) + * check(candidate_hash2 == hash2) + * + * ^^ these steps are done in scramble_check() + */ + +enum { SCRAMBLE_SIZE = 20, SCRAMBLE_BASE64_SIZE = 28 }; + +/** + * Prepare a scramble (cipher) to send over the wire + * to the server for authentication. + */ +void +scramble_prepare(void *out, const void *salt, const void *password, + int password_len); + +#if defined(__cplusplus) +} /* extern "C" */ +#endif +#endif /* INCLUDES_TARANTOOL_SCRAMBLE_H */ \ No newline at end of file diff --git a/third_party/sha1/sha1.c b/third_party/sha1/sha1.c new file mode 100644 index 000000000..ff395dfbc --- /dev/null +++ b/third_party/sha1/sha1.c @@ -0,0 +1,219 @@ + +/* from valgrind tests */ + +/* ================ sha1.c ================ */ +/* +SHA-1 in C +By Steve Reid +100% Public Domain + +Test Vectors (from FIPS PUB 180-1) +"abc" + A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D +"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 +A million repetitions of "a" + 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F +*/ + +/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */ +/* #define SHA1HANDSOFF * Copies data before messing with it. */ + +#define SHA1HANDSOFF + +#include +#include +#include /* for u_int*_t */ +#include "sha1.h" + +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) + +/* blk0() and blk() perform the initial expand. */ +/* I got the idea of expanding during the round function from SSLeay */ +#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ + |(rol(block->l[i],8)&0x00FF00FF)) + +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ + ^block->l[(i+2)&15]^block->l[i&15],1)) + +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); + + +/* Hash a single 512-bit block. This is the core of the algorithm. */ + +void SHA1Transform(uint32_t state[5], const unsigned char buffer[64]) +{ + uint32_t a, b, c, d, e; + typedef union { + unsigned char c[64]; + uint32_t l[16]; + } CHAR64LONG16; +#ifdef SHA1HANDSOFF + CHAR64LONG16 block[1]; /* use array to appear as a pointer */ + memcpy(block, buffer, 64); +#else + /* The following had better never be used because it causes the + * pointer-to-const buffer to be cast into a pointer to non-const. + * And the result is written through. I threw a "const" in, hoping + * this will cause a diagnostic. + */ + CHAR64LONG16* block = (const CHAR64LONG16*)buffer; +#endif + /* Copy context->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + /* Wipe variables */ + a = b = c = d = e = 0; +#ifdef SHA1HANDSOFF + memset(block, '\0', sizeof(block)); +#endif +} + + +/* SHA1Init - Initialize new context */ + +void SHA1Init(SHA1_CTX* context) +{ + /* SHA1 initialization constants */ + context->state[0] = 0x67452301; + context->state[1] = 0xEFCDAB89; + context->state[2] = 0x98BADCFE; + context->state[3] = 0x10325476; + context->state[4] = 0xC3D2E1F0; + context->count[0] = context->count[1] = 0; +} + + +/* Run your data through this. */ + +void SHA1Update(SHA1_CTX* context, const unsigned char* data, uint32_t len) +{ + uint32_t i, j; + + j = context->count[0]; + if ((context->count[0] += len << 3) < j) + context->count[1]++; + context->count[1] += (len>>29); + j = (j >> 3) & 63; + if ((j + len) > 63) { + memcpy(&context->buffer[j], data, (i = 64-j)); + SHA1Transform(context->state, context->buffer); + for ( ; i + 63 < len; i += 64) { + SHA1Transform(context->state, &data[i]); + } + j = 0; + } + else i = 0; + memcpy(&context->buffer[j], &data[i], len - i); +} + + +/* Add padding and return the message digest. */ + +void SHA1Final(unsigned char digest[20], SHA1_CTX* context) +{ + unsigned i; + unsigned char finalcount[8]; + unsigned char c; + +#if 0 /* untested "improvement" by DHR */ + /* Convert context->count to a sequence of bytes + * in finalcount. Second element first, but + * big-endian order within element. + * But we do it all backwards. + */ + unsigned char *fcp = &finalcount[8]; + + for (i = 0; i < 2; i++) + { + uint32_t t = context->count[i]; + int j; + + for (j = 0; j < 4; t >>= 8, j++) + *--fcp = (unsigned char) t; + } +#else + for (i = 0; i < 8; i++) { + finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] + >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ + } +#endif + c = 0200; + SHA1Update(context, &c, 1); + while ((context->count[0] & 504) != 448) { + c = 0000; + SHA1Update(context, &c, 1); + } + SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ + for (i = 0; i < 20; i++) { + digest[i] = (unsigned char) + ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); + } + /* Wipe variables */ + memset(context, '\0', sizeof(*context)); + memset(&finalcount, '\0', sizeof(finalcount)); +} +/* ================ end of sha1.c ================ */ + +#if 0 +#define BUFSIZE 4096 + +int +main(int argc, char **argv) +{ + SHA1_CTX ctx; + unsigned char hash[20], buf[BUFSIZE]; + int i; + + for(i=0;i + +/* ================ sha1.h ================ */ +/* +SHA-1 in C +By Steve Reid +100% Public Domain +*/ + +typedef struct { + uint32_t state[5]; + uint32_t count[2]; + unsigned char buffer[64]; +} SHA1_CTX; + +void SHA1Transform(uint32_t state[5], const unsigned char buffer[64]); +void SHA1Init(SHA1_CTX* context); +void SHA1Update(SHA1_CTX* context, const unsigned char* data, uint32_t len); +void SHA1Final(unsigned char digest[20], SHA1_CTX* context); + +#endif