diff options
-rw-r--r-- | CMakeLists.txt | 6 | ||||
-rw-r--r-- | INSTALL | 5 | ||||
-rw-r--r-- | cmake/Modules/FindCryptopp.cmake | 53 | ||||
-rw-r--r-- | src/utils/sha1.cpp | 154 | ||||
-rw-r--r-- | src/utils/sha1.hpp | 35 | ||||
-rw-r--r-- | src/xmpp/xmpp_component.cpp | 25 |
6 files changed, 204 insertions, 74 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index ac93ff1..433b965 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -16,7 +16,6 @@ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -D__FILENAME__='\"$(subst ${CMAKE_SOURCE ## Look for external libraries # set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/Modules/") -find_package(Cryptopp REQUIRED) find_package(Iconv REQUIRED) include(FindEXPAT) find_package(EXPAT REQUIRED) @@ -25,9 +24,6 @@ find_package(Libidn) include_directories("src/") include_directories(${EXPAT_INCLUDE_DIRS}) include_directories(${ICONV_INCLUDE_DIRS}) -# the SYSTEM flag tells the compiler that we don't care about warnings -# coming from these headers. -include_directories(SYSTEM ${CRYPTO++_INCLUDE_DIRS}) if(LIBIDN_FOUND) include_directories(${LIBIDN_INCLUDE_DIRS}) @@ -90,7 +86,7 @@ file(GLOB source_xmpp src/xmpp/*.[hc]pp) add_library(xmpp STATIC ${source_xmpp}) target_link_libraries(xmpp bridge network utils logger - ${CRYPTO++_LIBRARIES} ${EXPAT_LIBRARIES} pthread) + ${EXPAT_LIBRARIES} pthread) if(LIBIDN_FOUND) target_link_libraries(xmpp ${LIBIDN_LIBRARIES}) endif() @@ -7,11 +7,6 @@ Build and runtime dependencies: Libraries: -- crypto++ - Sometimes packaged as cryptopp. This library is used to generate MD5 - hashes. - http://www.cryptopp.com/ - - expat Used to parse XML from the XMPP server. http://expat.sourceforge.net/ diff --git a/cmake/Modules/FindCryptopp.cmake b/cmake/Modules/FindCryptopp.cmake deleted file mode 100644 index 9835b6f..0000000 --- a/cmake/Modules/FindCryptopp.cmake +++ /dev/null @@ -1,53 +0,0 @@ -# - Find Crypto++ -# Find the Crypto++ library -# -# This module defines the following variables: -# CRYPTO++_FOUND - True if library and include directory are found -# If set to TRUE, the following are also defined: -# CRYPTO++_LIBRARIES - Where to find the library file -# CRYPTO++_INCLUDE_DIRS - The directory where to find the header files -# -# For conveniance, these variables are also set. They have the same values -# than the variables above. The user can thus choose his/her prefered way -# to way to write them. -# -# CRYPTOPP_FOUND -# -# CRYPTO++_LIBRARY -# CRYPTOPP_LIBRARY -# CRYPTOPP_LIBRARIES -# -# CRYPTO++_INCLUDE_DIR -# CRYPTOPP_INCLUDE_DIRS -# CRYPTOPP_INCLUDE_DIR -# -# This file is in the public domain. - -find_path(CRYPTO++_INCLUDE_DIRS NAMES cryptlib.h - PATH_SUFFIXES "crypto++" "cryptopp" - DOC "The Crypto++ include directory") - -find_library(CRYPTO++_LIBRARIES NAMES cryptopp - DOC "The Crypto++ library") - -# Use some standard module to handle the QUIETLY and REQUIRED arguments, and -# set CRYPTO++_FOUND to TRUE if these two variables are set. -include(FindPackageHandleStandardArgs) -find_package_handle_standard_args(Crypto++ REQUIRED_VARS CRYPTO++_LIBRARIES CRYPTO++_INCLUDE_DIRS) - -# Compatibility for all the ways of writing these variables -if(CRYPTO++_FOUND) - set(CRYPTOPP_FOUND ${CRYPTO++_FOUND}) - - set(CRYPTO++_LIBRARY ${CRYPTO++_LIBRARIES}) - set(CRYPTOPP_LIBRARY ${CRYPTO++_LIBRARIES}) - set(CRYPTOPP_LIBRARIES ${CRYPTO++_LIBRARIES}) - - set(CRYPTO++_INCLUDE_DIR ${CRYPTO++_INCLUDE_DIRS}) - set(CRYPTOPP_INCLUDE_DIR ${CRYPTO++_INCLUDE_DIRS}) - set(CRYPTOPP_INCLUDE_DIRS ${CRYPTO++_INCLUDE_DIRS}) -endif() - -mark_as_advanced(CRYPTO++_INCLUDE_DIRS CRYPTO++_LIBRARIES) - - diff --git a/src/utils/sha1.cpp b/src/utils/sha1.cpp new file mode 100644 index 0000000..76476df --- /dev/null +++ b/src/utils/sha1.cpp @@ -0,0 +1,154 @@ +/* This code is public-domain - it is based on libcrypt + * placed in the public domain by Wei Dai and other contributors. + */ + +#include "sha1.hpp" + +#define SHA1_K0 0x5a827999 +#define SHA1_K20 0x6ed9eba1 +#define SHA1_K40 0x8f1bbcdc +#define SHA1_K60 0xca62c1d6 + +const uint8_t sha1InitState[] = { + 0x01,0x23,0x45,0x67, // H0 + 0x89,0xab,0xcd,0xef, // H1 + 0xfe,0xdc,0xba,0x98, // H2 + 0x76,0x54,0x32,0x10, // H3 + 0xf0,0xe1,0xd2,0xc3 // H4 +}; + +void sha1_init(sha1nfo *s) { + memcpy(s->state.b,sha1InitState,HASH_LENGTH); + s->byteCount = 0; + s->bufferOffset = 0; +} + +uint32_t sha1_rol32(uint32_t number, uint8_t bits) { + return ((number << bits) | (number >> (32-bits))); +} + +void sha1_hashBlock(sha1nfo *s) { + uint8_t i; + uint32_t a,b,c,d,e,t; + + a=s->state.w[0]; + b=s->state.w[1]; + c=s->state.w[2]; + d=s->state.w[3]; + e=s->state.w[4]; + for (i=0; i<80; i++) { + if (i>=16) { + t = s->buffer.w[(i+13)&15] ^ s->buffer.w[(i+8)&15] ^ s->buffer.w[(i+2)&15] ^ s->buffer.w[i&15]; + s->buffer.w[i&15] = sha1_rol32(t,1); + } + if (i<20) { + t = (d ^ (b & (c ^ d))) + SHA1_K0; + } else if (i<40) { + t = (b ^ c ^ d) + SHA1_K20; + } else if (i<60) { + t = ((b & c) | (d & (b | c))) + SHA1_K40; + } else { + t = (b ^ c ^ d) + SHA1_K60; + } + t+=sha1_rol32(a,5) + e + s->buffer.w[i&15]; + e=d; + d=c; + c=sha1_rol32(b,30); + b=a; + a=t; + } + s->state.w[0] += a; + s->state.w[1] += b; + s->state.w[2] += c; + s->state.w[3] += d; + s->state.w[4] += e; +} + +void sha1_addUncounted(sha1nfo *s, uint8_t data) { + s->buffer.b[s->bufferOffset ^ 3] = data; + s->bufferOffset++; + if (s->bufferOffset == BLOCK_LENGTH) { + sha1_hashBlock(s); + s->bufferOffset = 0; + } +} + +void sha1_writebyte(sha1nfo *s, uint8_t data) { + ++s->byteCount; + sha1_addUncounted(s, data); +} + +void sha1_write(sha1nfo *s, const char *data, size_t len) { + for (;len--;) sha1_writebyte(s, (uint8_t) *data++); +} + +void sha1_pad(sha1nfo *s) { + // Implement SHA-1 padding (fips180-2 §5.1.1) + + // Pad with 0x80 followed by 0x00 until the end of the block + sha1_addUncounted(s, 0x80); + while (s->bufferOffset != 56) sha1_addUncounted(s, 0x00); + + // Append length in the last 8 bytes + sha1_addUncounted(s, 0); // We're only using 32 bit lengths + sha1_addUncounted(s, 0); // But SHA-1 supports 64 bit lengths + sha1_addUncounted(s, 0); // So zero pad the top bits + sha1_addUncounted(s, s->byteCount >> 29); // Shifting to multiply by 8 + sha1_addUncounted(s, s->byteCount >> 21); // as SHA-1 supports bitstreams as well as + sha1_addUncounted(s, s->byteCount >> 13); // byte. + sha1_addUncounted(s, s->byteCount >> 5); + sha1_addUncounted(s, s->byteCount << 3); +} + +uint8_t* sha1_result(sha1nfo *s) { + int i; + // Pad to complete the last block + sha1_pad(s); + + // Swap byte order back + for (i=0; i<5; i++) { + uint32_t a,b; + a=s->state.w[i]; + b=a<<24; + b|=(a<<8) & 0x00ff0000; + b|=(a>>8) & 0x0000ff00; + b|=a>>24; + s->state.w[i]=b; + } + + // Return pointer to hash (20 characters) + return s->state.b; +} + +#define HMAC_IPAD 0x36 +#define HMAC_OPAD 0x5c + +void sha1_initHmac(sha1nfo *s, const uint8_t* key, int keyLength) { + uint8_t i; + memset(s->keyBuffer, 0, BLOCK_LENGTH); + if (keyLength > BLOCK_LENGTH) { + // Hash long keys + sha1_init(s); + for (;keyLength--;) sha1_writebyte(s, *key++); + memcpy(s->keyBuffer, sha1_result(s), HASH_LENGTH); + } else { + // Block length keys are used as is + memcpy(s->keyBuffer, key, keyLength); + } + // Start inner hash + sha1_init(s); + for (i=0; i<BLOCK_LENGTH; i++) { + sha1_writebyte(s, s->keyBuffer[i] ^ HMAC_IPAD); + } +} + +uint8_t* sha1_resultHmac(sha1nfo *s) { + uint8_t i; + // Complete inner hash + memcpy(s->innerHash,sha1_result(s),HASH_LENGTH); + // Calculate outer hash + sha1_init(s); + for (i=0; i<BLOCK_LENGTH; i++) sha1_writebyte(s, s->keyBuffer[i] ^ HMAC_OPAD); + for (i=0; i<HASH_LENGTH; i++) sha1_writebyte(s, s->innerHash[i]); + return sha1_result(s); +} diff --git a/src/utils/sha1.hpp b/src/utils/sha1.hpp new file mode 100644 index 0000000..d02de75 --- /dev/null +++ b/src/utils/sha1.hpp @@ -0,0 +1,35 @@ +/* This code is public-domain - it is based on libcrypt + * placed in the public domain by Wei Dai and other contributors. + */ + +#include <stdint.h> +#include <string.h> + +#define HASH_LENGTH 20 +#define BLOCK_LENGTH 64 + +union _buffer { + uint8_t b[BLOCK_LENGTH]; + uint32_t w[BLOCK_LENGTH/4]; +}; + +union _state { + uint8_t b[HASH_LENGTH]; + uint32_t w[HASH_LENGTH/4]; +}; + +typedef struct sha1nfo { + union _buffer buffer; + uint8_t bufferOffset; + union _state state; + uint32_t byteCount; + uint8_t keyBuffer[BLOCK_LENGTH]; + uint8_t innerHash[HASH_LENGTH]; +} sha1nfo; + +void sha1_init(sha1nfo *s); +void sha1_writebyte(sha1nfo *s, uint8_t data); +void sha1_write(sha1nfo *s, const char *data, size_t len); +uint8_t* sha1_result(sha1nfo *s); +void sha1_initHmac(sha1nfo *s, const uint8_t* key, int keyLength); +uint8_t* sha1_resultHmac(sha1nfo *s); diff --git a/src/xmpp/xmpp_component.cpp b/src/xmpp/xmpp_component.cpp index b370daa..1ef2f37 100644 --- a/src/xmpp/xmpp_component.cpp +++ b/src/xmpp/xmpp_component.cpp @@ -4,12 +4,11 @@ #include <xmpp/xmpp_component.hpp> #include <xmpp/jid.hpp> +#include <utils/sha1.hpp> + #include <iostream> -// CryptoPP -#include <filters.h> -#include <hex.h> -#include <sha.h> +#include <stdio.h> #define STREAM_NS "http://etherx.jabber.org/streams" #define COMPONENT_NS "jabber:component:accept" @@ -119,13 +118,17 @@ void XmppComponent::on_remote_stream_open(const XmlNode& node) } // Try to authenticate - CryptoPP::SHA1 sha1; - std::string digest; - CryptoPP::StringSource foo(this->stream_id + this->secret, true, - new CryptoPP::HashFilter(sha1, - new CryptoPP::HexEncoder( - new CryptoPP::StringSink(digest), false))); - Stanza handshake("handshake", nullptr); + char digest[HASH_LENGTH * 2 + 1]; + sha1nfo sha1; + sha1_init(&sha1); + sha1_write(&sha1, this->stream_id.data(), this->stream_id.size()); + sha1_write(&sha1, this->secret.data(), this->secret.size()); + const uint8_t* result = sha1_result(&sha1); + for (int i=0; i < HASH_LENGTH; i++) + sprintf(digest + (i*2), "%02x", result[i]); + digest[HASH_LENGTH * 2] = '\0'; + + Stanza handshake("handshake"); handshake.set_inner(digest); handshake.close(); this->send_stanza(handshake); |