summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorlouiz’ <louiz@louiz.org>2017-03-06 00:51:43 +0100
committerlouiz’ <louiz@louiz.org>2017-03-06 00:57:33 +0100
commit99a4ddedaf903d27b781341108433ae2d9533ad1 (patch)
tree2662dddda921d84f6fd348e46f154261ad46c17a
parentd81c3ad5ac2c12130d90044b7597bf962a7cfe9e (diff)
downloadbiboumi-99a4ddedaf903d27b781341108433ae2d9533ad1.tar.gz
biboumi-99a4ddedaf903d27b781341108433ae2d9533ad1.tar.bz2
biboumi-99a4ddedaf903d27b781341108433ae2d9533ad1.tar.xz
biboumi-99a4ddedaf903d27b781341108433ae2d9533ad1.zip
Remove the embedded sha1 code, and use one of botan or gcrypt
This adds a hard dependency on one of Botan or gcrypt. Botan is already a recommended dependency, and gcrypt is probably packaged almost everywhere, so this should not be a big deal. ref #3241
-rw-r--r--INSTALL.rst4
-rw-r--r--louloulibs/CMakeLists.txt11
-rw-r--r--louloulibs/cmake/Modules/FindGCRYPT.cmake35
-rw-r--r--louloulibs/louloulibs.h.cmake1
-rw-r--r--louloulibs/utils/sha1.cpp151
-rw-r--r--louloulibs/utils/sha1.hpp34
-rw-r--r--louloulibs/xmpp/auth.cpp15
-rw-r--r--src/identd/identd_socket.cpp9
8 files changed, 87 insertions, 173 deletions
diff --git a/INSTALL.rst b/INSTALL.rst
index fa88ffb..9815af9 100644
--- a/INSTALL.rst
+++ b/INSTALL.rst
@@ -45,6 +45,9 @@ libbotan_ 1.11 or 2.0 (optional)
Provides TLS support. Without it, IRC connections are all made in
plain-text mode.
+gcrypt_ (mandatory only if botan is absent)
+ Provides the SHA-1 hash function, for the case where Botan is absent.
+
litesql_ (optional)
Provides a way to store various options in a (sqlite3) database. Each user
of the gateway can store their own values (for example their prefered port,
@@ -158,3 +161,4 @@ to use biboumi.
.. _litesql: http://git.louiz.org/litesql
.. _systemd: https://www.freedesktop.org/wiki/Software/systemd/
.. _biboumi.1.rst: doc/biboumi.1.rst
+.. _gcrypt: https://www.gnu.org/software/libgcrypt/
diff --git a/louloulibs/CMakeLists.txt b/louloulibs/CMakeLists.txt
index f672833..2268571 100644
--- a/louloulibs/CMakeLists.txt
+++ b/louloulibs/CMakeLists.txt
@@ -33,6 +33,10 @@ elseif(NOT WITHOUT_BOTAN)
find_package(BOTAN)
endif()
+if(NOT BOTAN_FOUND)
+ find_package(GCRYPT REQUIRED)
+endif()
+
if(WITH_UDNS)
find_package(UDNS REQUIRED)
elseif(NOT WITHOUT_UDNS)
@@ -67,6 +71,11 @@ if(BOTAN_FOUND)
set(BOTAN_FOUND ${BOTAN_FOUND} PARENT_SCOPE)
set(BOTAN_INCLUDE_DIRS ${BOTAN_INCLUDE_DIRS} PARENT_SCOPE)
endif()
+if(GCRYPT_FOUND)
+ include_directories(SYSTEM ${GCRYPT_INCLUDE_DIRS})
+ set(GCRYPT_FOUND ${GCRYPT_FOUND} PARENT_SCOPE)
+ set(GCRYPT_INCLUDE_DIRS ${GCRYPT_INCLUDE_DIRS} PARENT_SCOPE)
+endif()
if(UDNS_FOUND)
include_directories(${UDNS_INCLUDE_DIRS})
@@ -117,6 +126,8 @@ add_library(network STATIC ${source_network})
target_link_libraries(network logger)
if(BOTAN_FOUND)
target_link_libraries(network ${BOTAN_LIBRARIES})
+elseif(GCRYPT_FOUND)
+ target_link_libraries(network ${GCRYPT_LIBRARIES})
endif()
if(UDNS_FOUND)
target_link_libraries(network ${UDNS_LIBRARIES})
diff --git a/louloulibs/cmake/Modules/FindGCRYPT.cmake b/louloulibs/cmake/Modules/FindGCRYPT.cmake
new file mode 100644
index 0000000..bb1bc67
--- /dev/null
+++ b/louloulibs/cmake/Modules/FindGCRYPT.cmake
@@ -0,0 +1,35 @@
+# - Find gcrypt
+# Find the gcrypt cryptographic library
+#
+# This module defines the following variables:
+# GCRYPT_FOUND - True if library and include directory are found
+# If set to TRUE, the following are also defined:
+# GCRYPT_INCLUDE_DIRS - The directory where to find the header file
+# GCRYPT_LIBRARIES - Where to find the library file
+#
+# For conveniance, these variables are also set. They have the same values
+# than the variables above. The user can thus choose his/her prefered way
+# to write them.
+# GCRYPT_LIBRARY
+# GCRYPT_INCLUDE_DIR
+#
+# This file is in the public domain
+
+find_path(GCRYPT_INCLUDE_DIRS NAMES gcrypt.h
+ PATH_SUFFIXES gcrypt
+ DOC "The gcrypt include directory")
+
+find_library(GCRYPT_LIBRARIES NAMES gcrypt
+ DOC "The gcrypt library")
+
+# Use some standard module to handle the QUIETLY and REQUIRED arguments, and
+# set GCRYPT_FOUND to TRUE if these two variables are set.
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(GCRYPT REQUIRED_VARS GCRYPT_LIBRARIES GCRYPT_INCLUDE_DIRS)
+
+if(GCRYPT_FOUND)
+ set(GCRYPT_LIBRARY ${GCRYPT_LIBRARIES})
+ set(GCRYPT_INCLUDE_DIR ${GCRYPT_INCLUDE_DIRS})
+endif()
+
+mark_as_advanced(GCRYPT_INCLUDE_DIRS GCRYPT_LIBRARIES)
diff --git a/louloulibs/louloulibs.h.cmake b/louloulibs/louloulibs.h.cmake
index e2b2e25..5777d92 100644
--- a/louloulibs/louloulibs.h.cmake
+++ b/louloulibs/louloulibs.h.cmake
@@ -3,6 +3,7 @@
#cmakedefine SYSTEMD_FOUND
#cmakedefine POLLER ${POLLER}
#cmakedefine BOTAN_FOUND
+#cmakedefine GCRYPT_FOUND
#cmakedefine UDNS_FOUND
#cmakedefine SOFTWARE_VERSION "${SOFTWARE_VERSION}"
#cmakedefine PROJECT_NAME "${PROJECT_NAME}"
diff --git a/louloulibs/utils/sha1.cpp b/louloulibs/utils/sha1.cpp
index f75bc2a..71ad18d 100644
--- a/louloulibs/utils/sha1.cpp
+++ b/louloulibs/utils/sha1.cpp
@@ -1,121 +1,32 @@
-/* This code is public-domain - it is based on libcrypt
- * placed in the public domain by Wei Dai and other contributors.
- */
-
-#include "sha1.hpp"
-
-#define SHA1_K0 0x5a827999
-#define SHA1_K20 0x6ed9eba1
-#define SHA1_K40 0x8f1bbcdc
-#define SHA1_K60 0xca62c1d6
-
-const uint8_t sha1InitState[] = {
- 0x01,0x23,0x45,0x67, // H0
- 0x89,0xab,0xcd,0xef, // H1
- 0xfe,0xdc,0xba,0x98, // H2
- 0x76,0x54,0x32,0x10, // H3
- 0xf0,0xe1,0xd2,0xc3 // H4
-};
-
-void sha1_init(sha1nfo *s) {
- memcpy(s->state.b,sha1InitState,HASH_LENGTH);
- s->byteCount = 0;
- s->bufferOffset = 0;
-}
-
-uint32_t sha1_rol32(uint32_t number, uint8_t bits) {
- return ((number << bits) | (number >> (32-bits)));
-}
-
-void sha1_hashBlock(sha1nfo *s) {
- uint8_t i;
- uint32_t a,b,c,d,e,t;
-
- a=s->state.w[0];
- b=s->state.w[1];
- c=s->state.w[2];
- d=s->state.w[3];
- e=s->state.w[4];
- for (i=0; i<80; i++) {
- if (i>=16) {
- t = s->buffer.w[(i+13)&15] ^ s->buffer.w[(i+8)&15] ^ s->buffer.w[(i+2)&15] ^ s->buffer.w[i&15];
- s->buffer.w[i&15] = sha1_rol32(t,1);
- }
- if (i<20) {
- t = (d ^ (b & (c ^ d))) + SHA1_K0;
- } else if (i<40) {
- t = (b ^ c ^ d) + SHA1_K20;
- } else if (i<60) {
- t = ((b & c) | (d & (b | c))) + SHA1_K40;
- } else {
- t = (b ^ c ^ d) + SHA1_K60;
- }
- t+=sha1_rol32(a,5) + e + s->buffer.w[i&15];
- e=d;
- d=c;
- c=sha1_rol32(b,30);
- b=a;
- a=t;
- }
- s->state.w[0] += a;
- s->state.w[1] += b;
- s->state.w[2] += c;
- s->state.w[3] += d;
- s->state.w[4] += e;
-}
-
-void sha1_addUncounted(sha1nfo *s, uint8_t data) {
- s->buffer.b[s->bufferOffset ^ 3] = data;
- s->bufferOffset++;
- if (s->bufferOffset == BLOCK_LENGTH) {
- sha1_hashBlock(s);
- s->bufferOffset = 0;
- }
-}
-
-void sha1_writebyte(sha1nfo *s, uint8_t data) {
- ++s->byteCount;
- sha1_addUncounted(s, data);
-}
-
-void sha1_write(sha1nfo *s, const char *data, size_t len) {
- for (;len--;) sha1_writebyte(s, (uint8_t) *data++);
-}
-
-void sha1_pad(sha1nfo *s) {
- // Implement SHA-1 padding (fips180-2 §5.1.1)
-
- // Pad with 0x80 followed by 0x00 until the end of the block
- sha1_addUncounted(s, 0x80);
- while (s->bufferOffset != 56) sha1_addUncounted(s, 0x00);
-
- // Append length in the last 8 bytes
- sha1_addUncounted(s, 0); // We're only using 32 bit lengths
- sha1_addUncounted(s, 0); // But SHA-1 supports 64 bit lengths
- sha1_addUncounted(s, 0); // So zero pad the top bits
- sha1_addUncounted(s, s->byteCount >> 29); // Shifting to multiply by 8
- sha1_addUncounted(s, s->byteCount >> 21); // as SHA-1 supports bitstreams as well as
- sha1_addUncounted(s, s->byteCount >> 13); // byte.
- sha1_addUncounted(s, s->byteCount >> 5);
- sha1_addUncounted(s, s->byteCount << 3);
-}
-
-uint8_t* sha1_result(sha1nfo *s) {
- int i;
- // Pad to complete the last block
- sha1_pad(s);
-
- // Swap byte order back
- for (i=0; i<5; i++) {
- uint32_t a,b;
- a=s->state.w[i];
- b=a<<24;
- b|=(a<<8) & 0x00ff0000;
- b|=(a>>8) & 0x0000ff00;
- b|=a>>24;
- s->state.w[i]=b;
- }
-
- // Return pointer to hash (20 characters)
- return s->state.b;
+#include <utils/sha1.hpp>
+
+#include <louloulibs.h>
+
+#ifdef BOTAN_FOUND
+# include <botan/hash.h>
+# include <botan/hex.h>
+#endif
+#ifdef GCRYPT_FOUND
+# include <gcrypt.h>
+# include <vector>
+# include <iomanip>
+# include <sstream>
+#endif
+
+std::string sha1(const std::string& input)
+{
+#ifdef BOTAN_FOUND
+ auto sha1 = Botan::HashFunction::create_or_throw("SHA-1");
+ sha1->update(input);
+ return Botan::hex_encode(sha1->final(), false);
+#endif
+#ifdef GCRYPT_FOUND
+ const auto hash_length = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
+ std::vector<uint8_t> output(hash_length, {});
+ gcry_md_hash_buffer(GCRY_MD_SHA1, output.data(), input.data(), input.size());
+ std::ostringstream digest;
+ for (std::size_t i = 0; i < hash_length; i++)
+ digest << std::hex << std::setfill('0') << std::setw(2) << static_cast<int>(output[i]);
+ return digest.str();
+#endif
}
diff --git a/louloulibs/utils/sha1.hpp b/louloulibs/utils/sha1.hpp
index d436782..6c551ac 100644
--- a/louloulibs/utils/sha1.hpp
+++ b/louloulibs/utils/sha1.hpp
@@ -1,33 +1,5 @@
-/* This code is public-domain - it is based on libcrypt
- * placed in the public domain by Wei Dai and other contributors.
- */
+#pragma once
-#include <stdint.h>
-#include <string.h>
+#include <string>
-#define HASH_LENGTH 20
-#define BLOCK_LENGTH 64
-
-union _buffer {
- uint8_t b[BLOCK_LENGTH];
- uint32_t w[BLOCK_LENGTH/4];
-};
-
-union _state {
- uint8_t b[HASH_LENGTH];
- uint32_t w[HASH_LENGTH/4];
-};
-
-typedef struct sha1nfo {
- union _buffer buffer;
- uint8_t bufferOffset;
- union _state state;
- uint32_t byteCount;
- uint8_t keyBuffer[BLOCK_LENGTH];
- uint8_t innerHash[HASH_LENGTH];
-} sha1nfo;
-
-void sha1_init(sha1nfo *s);
-void sha1_writebyte(sha1nfo *s, uint8_t data);
-void sha1_write(sha1nfo *s, const char *data, size_t len);
-uint8_t* sha1_result(sha1nfo *s);
+std::string sha1(const std::string& input);
diff --git a/louloulibs/xmpp/auth.cpp b/louloulibs/xmpp/auth.cpp
index c20f95d..8a34a4e 100644
--- a/louloulibs/xmpp/auth.cpp
+++ b/louloulibs/xmpp/auth.cpp
@@ -2,20 +2,7 @@
#include <utils/sha1.hpp>
-#include <iomanip>
-#include <sstream>
-
std::string get_handshake_digest(const std::string& stream_id, const std::string& secret)
{
- sha1nfo sha1;
- sha1_init(&sha1);
- sha1_write(&sha1, stream_id.data(), stream_id.size());
- sha1_write(&sha1, secret.data(), secret.size());
- const uint8_t* result = sha1_result(&sha1);
-
- std::ostringstream digest;
- for (int i = 0; i < HASH_LENGTH; i++)
- digest << std::hex << std::setfill('0') << std::setw(2) << static_cast<int>(result[i]);
-
- return digest.str();
+ return sha1(stream_id + secret);
}
diff --git a/src/identd/identd_socket.cpp b/src/identd/identd_socket.cpp
index 46553ca..a94f172 100644
--- a/src/identd/identd_socket.cpp
+++ b/src/identd/identd_socket.cpp
@@ -38,14 +38,7 @@ void IdentdSocket::parse_in_buffer(const std::size_t)
static std::string hash_jid(const std::string& jid)
{
- sha1nfo sha1;
- sha1_init(&sha1);
- sha1_write(&sha1, jid.data(), jid.size());
- const uint8_t* res = sha1_result(&sha1);
- std::ostringstream result;
- for (int i = 0; i < HASH_LENGTH; i++)
- result << std::hex << std::setfill('0') << std::setw(2) << static_cast<int>(res[i]);
- return result.str();
+ return sha1(jid);
}
std::string IdentdSocket::generate_answer(const BiboumiComponent& biboumi, uint16_t local, uint16_t remote)