~singpolyma/biboumi

99a4ddedaf903d27b781341108433ae2d9533ad1 — louiz’ 5 years ago d81c3ad
Remove the embedded sha1 code, and use one of botan or gcrypt

This adds a hard dependency on one of Botan or gcrypt. Botan is already a
recommended dependency, and gcrypt is probably packaged almost everywhere,
so this should not be a big deal.

ref #3241
M INSTALL.rst => INSTALL.rst +4 -0
@@ 45,6 45,9 @@ libbotan_ 1.11 or 2.0 (optional)
 Provides TLS support. Without it, IRC connections are all made in
 plain-text mode.

gcrypt_ (mandatory only if botan is absent)
 Provides the SHA-1 hash function, for the case where Botan is absent.

litesql_ (optional)
 Provides a way to store various options in a (sqlite3) database. Each user
 of the gateway can store their own values (for example their prefered port,


@@ 158,3 161,4 @@ to use biboumi.
.. _litesql: http://git.louiz.org/litesql
.. _systemd: https://www.freedesktop.org/wiki/Software/systemd/
.. _biboumi.1.rst: doc/biboumi.1.rst
.. _gcrypt: https://www.gnu.org/software/libgcrypt/

M louloulibs/CMakeLists.txt => louloulibs/CMakeLists.txt +11 -0
@@ 33,6 33,10 @@ elseif(NOT WITHOUT_BOTAN)
  find_package(BOTAN)
endif()

if(NOT BOTAN_FOUND)
  find_package(GCRYPT REQUIRED)
endif()

if(WITH_UDNS)
  find_package(UDNS REQUIRED)
elseif(NOT WITHOUT_UDNS)


@@ 67,6 71,11 @@ if(BOTAN_FOUND)
  set(BOTAN_FOUND ${BOTAN_FOUND} PARENT_SCOPE)
  set(BOTAN_INCLUDE_DIRS ${BOTAN_INCLUDE_DIRS} PARENT_SCOPE)
endif()
if(GCRYPT_FOUND)
  include_directories(SYSTEM ${GCRYPT_INCLUDE_DIRS})
  set(GCRYPT_FOUND ${GCRYPT_FOUND} PARENT_SCOPE)
  set(GCRYPT_INCLUDE_DIRS ${GCRYPT_INCLUDE_DIRS} PARENT_SCOPE)
endif()

if(UDNS_FOUND)
  include_directories(${UDNS_INCLUDE_DIRS})


@@ 117,6 126,8 @@ add_library(network STATIC ${source_network})
target_link_libraries(network logger)
if(BOTAN_FOUND)
  target_link_libraries(network ${BOTAN_LIBRARIES})
elseif(GCRYPT_FOUND)
  target_link_libraries(network ${GCRYPT_LIBRARIES})
endif()
if(UDNS_FOUND)
  target_link_libraries(network ${UDNS_LIBRARIES})

A louloulibs/cmake/Modules/FindGCRYPT.cmake => louloulibs/cmake/Modules/FindGCRYPT.cmake +35 -0
@@ 0,0 1,35 @@
# - Find gcrypt
# Find the gcrypt cryptographic library
#
# This module defines the following variables:
#   GCRYPT_FOUND  -  True if library and include directory are found
# If set to TRUE, the following are also defined:
#   GCRYPT_INCLUDE_DIRS  -  The directory where to find the header file
#   GCRYPT_LIBRARIES  -  Where to find the library file
#
# For conveniance, these variables are also set. They have the same values
# than the variables above.  The user can thus choose his/her prefered way
# to write them.
#   GCRYPT_LIBRARY
#   GCRYPT_INCLUDE_DIR
#
# This file is in the public domain

find_path(GCRYPT_INCLUDE_DIRS NAMES gcrypt.h
  PATH_SUFFIXES gcrypt
  DOC "The gcrypt include directory")

find_library(GCRYPT_LIBRARIES NAMES gcrypt
  DOC "The gcrypt library")

# Use some standard module to handle the QUIETLY and REQUIRED arguments, and
# set GCRYPT_FOUND to TRUE if these two variables are set.
include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(GCRYPT REQUIRED_VARS GCRYPT_LIBRARIES GCRYPT_INCLUDE_DIRS)

if(GCRYPT_FOUND)
  set(GCRYPT_LIBRARY ${GCRYPT_LIBRARIES})
  set(GCRYPT_INCLUDE_DIR ${GCRYPT_INCLUDE_DIRS})
endif()

mark_as_advanced(GCRYPT_INCLUDE_DIRS GCRYPT_LIBRARIES)

M louloulibs/louloulibs.h.cmake => louloulibs/louloulibs.h.cmake +1 -0
@@ 3,6 3,7 @@
#cmakedefine SYSTEMD_FOUND
#cmakedefine POLLER ${POLLER}
#cmakedefine BOTAN_FOUND
#cmakedefine GCRYPT_FOUND
#cmakedefine UDNS_FOUND
#cmakedefine SOFTWARE_VERSION "${SOFTWARE_VERSION}"
#cmakedefine PROJECT_NAME "${PROJECT_NAME}"

M louloulibs/utils/sha1.cpp => louloulibs/utils/sha1.cpp +31 -120
@@ 1,121 1,32 @@
/* This code is public-domain - it is based on libcrypt
 * placed in the public domain by Wei Dai and other contributors.
 */

#include "sha1.hpp"

#define SHA1_K0 0x5a827999
#define SHA1_K20 0x6ed9eba1
#define SHA1_K40 0x8f1bbcdc
#define SHA1_K60 0xca62c1d6

const uint8_t sha1InitState[] = {
  0x01,0x23,0x45,0x67, // H0
  0x89,0xab,0xcd,0xef, // H1
  0xfe,0xdc,0xba,0x98, // H2
  0x76,0x54,0x32,0x10, // H3
  0xf0,0xe1,0xd2,0xc3  // H4
};

void sha1_init(sha1nfo *s) {
  memcpy(s->state.b,sha1InitState,HASH_LENGTH);
  s->byteCount = 0;
  s->bufferOffset = 0;
}

uint32_t sha1_rol32(uint32_t number, uint8_t bits) {
  return ((number << bits) | (number >> (32-bits)));
}

void sha1_hashBlock(sha1nfo *s) {
  uint8_t i;
  uint32_t a,b,c,d,e,t;

  a=s->state.w[0];
  b=s->state.w[1];
  c=s->state.w[2];
  d=s->state.w[3];
  e=s->state.w[4];
  for (i=0; i<80; i++) {
    if (i>=16) {
      t = s->buffer.w[(i+13)&15] ^ s->buffer.w[(i+8)&15] ^ s->buffer.w[(i+2)&15] ^ s->buffer.w[i&15];
      s->buffer.w[i&15] = sha1_rol32(t,1);
    }
    if (i<20) {
      t = (d ^ (b & (c ^ d))) + SHA1_K0;
    } else if (i<40) {
      t = (b ^ c ^ d) + SHA1_K20;
    } else if (i<60) {
      t = ((b & c) | (d & (b | c))) + SHA1_K40;
    } else {
      t = (b ^ c ^ d) + SHA1_K60;
    }
    t+=sha1_rol32(a,5) + e + s->buffer.w[i&15];
    e=d;
    d=c;
    c=sha1_rol32(b,30);
    b=a;
    a=t;
  }
  s->state.w[0] += a;
  s->state.w[1] += b;
  s->state.w[2] += c;
  s->state.w[3] += d;
  s->state.w[4] += e;
}

void sha1_addUncounted(sha1nfo *s, uint8_t data) {
  s->buffer.b[s->bufferOffset ^ 3] = data;
  s->bufferOffset++;
  if (s->bufferOffset == BLOCK_LENGTH) {
    sha1_hashBlock(s);
    s->bufferOffset = 0;
  }
}

void sha1_writebyte(sha1nfo *s, uint8_t data) {
  ++s->byteCount;
  sha1_addUncounted(s, data);
}

void sha1_write(sha1nfo *s, const char *data, size_t len) {
	for (;len--;) sha1_writebyte(s, (uint8_t) *data++);
}

void sha1_pad(sha1nfo *s) {
  // Implement SHA-1 padding (fips180-2 §5.1.1)

  // Pad with 0x80 followed by 0x00 until the end of the block
  sha1_addUncounted(s, 0x80);
  while (s->bufferOffset != 56) sha1_addUncounted(s, 0x00);

  // Append length in the last 8 bytes
  sha1_addUncounted(s, 0); // We're only using 32 bit lengths
  sha1_addUncounted(s, 0); // But SHA-1 supports 64 bit lengths
  sha1_addUncounted(s, 0); // So zero pad the top bits
  sha1_addUncounted(s, s->byteCount >> 29); // Shifting to multiply by 8
  sha1_addUncounted(s, s->byteCount >> 21); // as SHA-1 supports bitstreams as well as
  sha1_addUncounted(s, s->byteCount >> 13); // byte.
  sha1_addUncounted(s, s->byteCount >> 5);
  sha1_addUncounted(s, s->byteCount << 3);
}

uint8_t* sha1_result(sha1nfo *s) {
  int i;
  // Pad to complete the last block
  sha1_pad(s);

  // Swap byte order back
  for (i=0; i<5; i++) {
    uint32_t a,b;
    a=s->state.w[i];
    b=a<<24;
    b|=(a<<8) & 0x00ff0000;
    b|=(a>>8) & 0x0000ff00;
    b|=a>>24;
    s->state.w[i]=b;
  }

  // Return pointer to hash (20 characters)
  return s->state.b;
#include <utils/sha1.hpp>

#include <louloulibs.h>

#ifdef BOTAN_FOUND
# include <botan/hash.h>
# include <botan/hex.h>
#endif
#ifdef GCRYPT_FOUND
# include <gcrypt.h>
# include <vector>
# include <iomanip>
# include <sstream>
#endif

std::string sha1(const std::string& input)
{
#ifdef BOTAN_FOUND
  auto sha1 = Botan::HashFunction::create_or_throw("SHA-1");
  sha1->update(input);
  return Botan::hex_encode(sha1->final(), false);
#endif
#ifdef GCRYPT_FOUND
  const auto hash_length = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
  std::vector<uint8_t> output(hash_length, {});
  gcry_md_hash_buffer(GCRY_MD_SHA1, output.data(), input.data(), input.size());
  std::ostringstream digest;
  for (std::size_t i = 0; i < hash_length; i++)
    digest << std::hex << std::setfill('0') << std::setw(2) << static_cast<int>(output[i]);
  return digest.str();
#endif
}

M louloulibs/utils/sha1.hpp => louloulibs/utils/sha1.hpp +3 -31
@@ 1,33 1,5 @@
/* This code is public-domain - it is based on libcrypt
 * placed in the public domain by Wei Dai and other contributors.
 */
#pragma once

#include <stdint.h>
#include <string.h>
#include <string>

#define HASH_LENGTH 20
#define BLOCK_LENGTH 64

union _buffer {
	uint8_t b[BLOCK_LENGTH];
	uint32_t w[BLOCK_LENGTH/4];
};

union _state {
	uint8_t b[HASH_LENGTH];
	uint32_t w[HASH_LENGTH/4];
};

typedef struct sha1nfo {
	union _buffer buffer;
	uint8_t bufferOffset;
	union _state state;
	uint32_t byteCount;
	uint8_t keyBuffer[BLOCK_LENGTH];
	uint8_t innerHash[HASH_LENGTH];
} sha1nfo;

void sha1_init(sha1nfo *s);
void sha1_writebyte(sha1nfo *s, uint8_t data);
void sha1_write(sha1nfo *s, const char *data, size_t len);
uint8_t* sha1_result(sha1nfo *s);
std::string sha1(const std::string& input);

M louloulibs/xmpp/auth.cpp => louloulibs/xmpp/auth.cpp +1 -14
@@ 2,20 2,7 @@

#include <utils/sha1.hpp>

#include <iomanip>
#include <sstream>

std::string get_handshake_digest(const std::string& stream_id, const std::string& secret)
{
  sha1nfo sha1;
  sha1_init(&sha1);
  sha1_write(&sha1, stream_id.data(), stream_id.size());
  sha1_write(&sha1, secret.data(), secret.size());
  const uint8_t* result = sha1_result(&sha1);

  std::ostringstream digest;
  for (int i = 0; i < HASH_LENGTH; i++)
    digest << std::hex << std::setfill('0') << std::setw(2) << static_cast<int>(result[i]);

  return digest.str();
  return sha1(stream_id + secret);
}

M src/identd/identd_socket.cpp => src/identd/identd_socket.cpp +1 -8
@@ 38,14 38,7 @@ void IdentdSocket::parse_in_buffer(const std::size_t)

static std::string hash_jid(const std::string& jid)
{
  sha1nfo sha1;
  sha1_init(&sha1);
  sha1_write(&sha1, jid.data(), jid.size());
  const uint8_t* res = sha1_result(&sha1);
  std::ostringstream result;
  for (int i = 0; i < HASH_LENGTH; i++)
    result << std::hex << std::setfill('0') << std::setw(2) << static_cast<int>(res[i]);
  return result.str();
  return sha1(jid);
}

std::string IdentdSocket::generate_answer(const BiboumiComponent& biboumi, uint16_t local, uint16_t remote)