1/* Licensed to the Apache Software Foundation (ASF) under one or more 2 * contributor license agreements. See the NOTICE file distributed with 3 * this work for additional information regarding copyright ownership. 4 * The ASF licenses this file to You under the Apache License, Version 2.0 5 * (the "License"); you may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17/* 18 * The exported function: 19 * 20 * apr_sha1_base64(const char *clear, int len, char *out); 21 * 22 * provides a means to SHA1 crypt/encode a plaintext password in 23 * a way which makes password files compatible with those commonly 24 * used in netscape web and ldap installations. It was put together 25 * by Clinton Wong <clintdw@netcom.com>, who also notes that: 26 * 27 * Note: SHA1 support is useful for migration purposes, but is less 28 * secure than Apache's password format, since Apache's (MD5) 29 * password format uses a random eight character salt to generate 30 * one of many possible hashes for the same password. Netscape 31 * uses plain SHA1 without a salt, so the same password 32 * will always generate the same hash, making it easier 33 * to break since the search space is smaller. 34 * 35 * See also the documentation in support/SHA1 as to hints on how to 36 * migrate an existing netscape installation and other supplied utitlites. 37 * 38 * This software also makes use of the following component: 39 * 40 * NIST Secure Hash Algorithm 41 * heavily modified by Uwe Hollerbach uh@alumni.caltech edu 42 * from Peter C. Gutmann's implementation as found in 43 * Applied Cryptography by Bruce Schneier 44 * This code is hereby placed in the public domain 45 */ 46 47#include "apr_sha1.h" 48#include "apr_base64.h" 49#include "apr_strings.h" 50#include "apr_lib.h" 51#if APR_CHARSET_EBCDIC 52#include "apr_xlate.h" 53#endif /*APR_CHARSET_EBCDIC*/ 54#include <string.h> 55 56/* a bit faster & bigger, if defined */ 57#define UNROLL_LOOPS 58 59/* NIST's proposed modification to SHA, 7/11/94 */ 60#define USE_MODIFIED_SHA 61 62/* SHA f()-functions */ 63#define f1(x,y,z) ((x & y) | (~x & z)) 64#define f2(x,y,z) (x ^ y ^ z) 65#define f3(x,y,z) ((x & y) | (x & z) | (y & z)) 66#define f4(x,y,z) (x ^ y ^ z) 67 68/* SHA constants */ 69#define CONST1 0x5a827999L 70#define CONST2 0x6ed9eba1L 71#define CONST3 0x8f1bbcdcL 72#define CONST4 0xca62c1d6L 73 74/* 32-bit rotate */ 75 76#define ROT32(x,n) ((x << n) | (x >> (32 - n))) 77 78#define FUNC(n,i) \ 79 temp = ROT32(A,5) + f##n(B,C,D) + E + W[i] + CONST##n; \ 80 E = D; D = C; C = ROT32(B,30); B = A; A = temp 81 82#define SHA_BLOCKSIZE 64 83 84#if APR_CHARSET_EBCDIC 85static apr_xlate_t *ebcdic2ascii_xlate; 86 87APU_DECLARE(apr_status_t) apr_SHA1InitEBCDIC(apr_xlate_t *x) 88{ 89 apr_status_t rv; 90 int onoff; 91 92 /* Only single-byte conversion is supported. 93 */ 94 rv = apr_xlate_sb_get(x, &onoff); 95 if (rv) { 96 return rv; 97 } 98 if (!onoff) { /* If conversion is not single-byte-only */ 99 return APR_EINVAL; 100 } 101 ebcdic2ascii_xlate = x; 102 return APR_SUCCESS; 103} 104#endif 105 106/* do SHA transformation */ 107static void sha_transform(apr_sha1_ctx_t *sha_info) 108{ 109 int i; 110 apr_uint32_t temp, A, B, C, D, E, W[80]; 111 112 for (i = 0; i < 16; ++i) { 113 W[i] = sha_info->data[i]; 114 } 115 for (i = 16; i < 80; ++i) { 116 W[i] = W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16]; 117#ifdef USE_MODIFIED_SHA 118 W[i] = ROT32(W[i], 1); 119#endif /* USE_MODIFIED_SHA */ 120 } 121 A = sha_info->digest[0]; 122 B = sha_info->digest[1]; 123 C = sha_info->digest[2]; 124 D = sha_info->digest[3]; 125 E = sha_info->digest[4]; 126#ifdef UNROLL_LOOPS 127 FUNC(1, 0); FUNC(1, 1); FUNC(1, 2); FUNC(1, 3); FUNC(1, 4); 128 FUNC(1, 5); FUNC(1, 6); FUNC(1, 7); FUNC(1, 8); FUNC(1, 9); 129 FUNC(1,10); FUNC(1,11); FUNC(1,12); FUNC(1,13); FUNC(1,14); 130 FUNC(1,15); FUNC(1,16); FUNC(1,17); FUNC(1,18); FUNC(1,19); 131 132 FUNC(2,20); FUNC(2,21); FUNC(2,22); FUNC(2,23); FUNC(2,24); 133 FUNC(2,25); FUNC(2,26); FUNC(2,27); FUNC(2,28); FUNC(2,29); 134 FUNC(2,30); FUNC(2,31); FUNC(2,32); FUNC(2,33); FUNC(2,34); 135 FUNC(2,35); FUNC(2,36); FUNC(2,37); FUNC(2,38); FUNC(2,39); 136 137 FUNC(3,40); FUNC(3,41); FUNC(3,42); FUNC(3,43); FUNC(3,44); 138 FUNC(3,45); FUNC(3,46); FUNC(3,47); FUNC(3,48); FUNC(3,49); 139 FUNC(3,50); FUNC(3,51); FUNC(3,52); FUNC(3,53); FUNC(3,54); 140 FUNC(3,55); FUNC(3,56); FUNC(3,57); FUNC(3,58); FUNC(3,59); 141 142 FUNC(4,60); FUNC(4,61); FUNC(4,62); FUNC(4,63); FUNC(4,64); 143 FUNC(4,65); FUNC(4,66); FUNC(4,67); FUNC(4,68); FUNC(4,69); 144 FUNC(4,70); FUNC(4,71); FUNC(4,72); FUNC(4,73); FUNC(4,74); 145 FUNC(4,75); FUNC(4,76); FUNC(4,77); FUNC(4,78); FUNC(4,79); 146#else /* !UNROLL_LOOPS */ 147 for (i = 0; i < 20; ++i) { 148 FUNC(1,i); 149 } 150 for (i = 20; i < 40; ++i) { 151 FUNC(2,i); 152 } 153 for (i = 40; i < 60; ++i) { 154 FUNC(3,i); 155 } 156 for (i = 60; i < 80; ++i) { 157 FUNC(4,i); 158 } 159#endif /* !UNROLL_LOOPS */ 160 sha_info->digest[0] += A; 161 sha_info->digest[1] += B; 162 sha_info->digest[2] += C; 163 sha_info->digest[3] += D; 164 sha_info->digest[4] += E; 165} 166 167union endianTest { 168 long Long; 169 char Char[sizeof(long)]; 170}; 171 172static char isLittleEndian(void) 173{ 174 static union endianTest u; 175 u.Long = 1; 176 return (u.Char[0] == 1); 177} 178 179/* change endianness of data */ 180 181/* count is the number of bytes to do an endian flip */ 182static void maybe_byte_reverse(apr_uint32_t *buffer, int count) 183{ 184 int i; 185 apr_byte_t ct[4], *cp; 186 187 if (isLittleEndian()) { /* do the swap only if it is little endian */ 188 count /= sizeof(apr_uint32_t); 189 cp = (apr_byte_t *) buffer; 190 for (i = 0; i < count; ++i) { 191 ct[0] = cp[0]; 192 ct[1] = cp[1]; 193 ct[2] = cp[2]; 194 ct[3] = cp[3]; 195 cp[0] = ct[3]; 196 cp[1] = ct[2]; 197 cp[2] = ct[1]; 198 cp[3] = ct[0]; 199 cp += sizeof(apr_uint32_t); 200 } 201 } 202} 203 204/* initialize the SHA digest */ 205 206APU_DECLARE(void) apr_sha1_init(apr_sha1_ctx_t *sha_info) 207{ 208 sha_info->digest[0] = 0x67452301L; 209 sha_info->digest[1] = 0xefcdab89L; 210 sha_info->digest[2] = 0x98badcfeL; 211 sha_info->digest[3] = 0x10325476L; 212 sha_info->digest[4] = 0xc3d2e1f0L; 213 sha_info->count_lo = 0L; 214 sha_info->count_hi = 0L; 215 sha_info->local = 0; 216} 217 218/* update the SHA digest */ 219 220APU_DECLARE(void) apr_sha1_update_binary(apr_sha1_ctx_t *sha_info, 221 const unsigned char *buffer, 222 unsigned int count) 223{ 224 unsigned int i; 225 226 if ((sha_info->count_lo + ((apr_uint32_t) count << 3)) < sha_info->count_lo) { 227 ++sha_info->count_hi; 228 } 229 sha_info->count_lo += (apr_uint32_t) count << 3; 230 sha_info->count_hi += (apr_uint32_t) count >> 29; 231 if (sha_info->local) { 232 i = SHA_BLOCKSIZE - sha_info->local; 233 if (i > count) { 234 i = count; 235 } 236 memcpy(((apr_byte_t *) sha_info->data) + sha_info->local, buffer, i); 237 count -= i; 238 buffer += i; 239 sha_info->local += i; 240 if (sha_info->local == SHA_BLOCKSIZE) { 241 maybe_byte_reverse(sha_info->data, SHA_BLOCKSIZE); 242 sha_transform(sha_info); 243 } 244 else { 245 return; 246 } 247 } 248 while (count >= SHA_BLOCKSIZE) { 249 memcpy(sha_info->data, buffer, SHA_BLOCKSIZE); 250 buffer += SHA_BLOCKSIZE; 251 count -= SHA_BLOCKSIZE; 252 maybe_byte_reverse(sha_info->data, SHA_BLOCKSIZE); 253 sha_transform(sha_info); 254 } 255 memcpy(sha_info->data, buffer, count); 256 sha_info->local = count; 257} 258 259APU_DECLARE(void) apr_sha1_update(apr_sha1_ctx_t *sha_info, const char *buf, 260 unsigned int count) 261{ 262#if APR_CHARSET_EBCDIC 263 int i; 264 const apr_byte_t *buffer = (const apr_byte_t *) buf; 265 apr_size_t inbytes_left, outbytes_left; 266 267 if ((sha_info->count_lo + ((apr_uint32_t) count << 3)) < sha_info->count_lo) { 268 ++sha_info->count_hi; 269 } 270 sha_info->count_lo += (apr_uint32_t) count << 3; 271 sha_info->count_hi += (apr_uint32_t) count >> 29; 272 /* Is there a remainder of the previous Update operation? */ 273 if (sha_info->local) { 274 i = SHA_BLOCKSIZE - sha_info->local; 275 if (i > count) { 276 i = count; 277 } 278 inbytes_left = outbytes_left = i; 279 apr_xlate_conv_buffer(ebcdic2ascii_xlate, buffer, &inbytes_left, 280 ((apr_byte_t *) sha_info->data) + sha_info->local, 281 &outbytes_left); 282 count -= i; 283 buffer += i; 284 sha_info->local += i; 285 if (sha_info->local == SHA_BLOCKSIZE) { 286 maybe_byte_reverse(sha_info->data, SHA_BLOCKSIZE); 287 sha_transform(sha_info); 288 } 289 else { 290 return; 291 } 292 } 293 while (count >= SHA_BLOCKSIZE) { 294 inbytes_left = outbytes_left = SHA_BLOCKSIZE; 295 apr_xlate_conv_buffer(ebcdic2ascii_xlate, buffer, &inbytes_left, 296 (apr_byte_t *) sha_info->data, &outbytes_left); 297 buffer += SHA_BLOCKSIZE; 298 count -= SHA_BLOCKSIZE; 299 maybe_byte_reverse(sha_info->data, SHA_BLOCKSIZE); 300 sha_transform(sha_info); 301 } 302 inbytes_left = outbytes_left = count; 303 apr_xlate_conv_buffer(ebcdic2ascii_xlate, buffer, &inbytes_left, 304 (apr_byte_t *) sha_info->data, &outbytes_left); 305 sha_info->local = count; 306#else 307 apr_sha1_update_binary(sha_info, (const unsigned char *) buf, count); 308#endif 309} 310 311/* finish computing the SHA digest */ 312 313APU_DECLARE(void) apr_sha1_final(unsigned char digest[APR_SHA1_DIGESTSIZE], 314 apr_sha1_ctx_t *sha_info) 315{ 316 int count, i, j; 317 apr_uint32_t lo_bit_count, hi_bit_count, k; 318 319 lo_bit_count = sha_info->count_lo; 320 hi_bit_count = sha_info->count_hi; 321 count = (int) ((lo_bit_count >> 3) & 0x3f); 322 ((apr_byte_t *) sha_info->data)[count++] = 0x80; 323 if (count > SHA_BLOCKSIZE - 8) { 324 memset(((apr_byte_t *) sha_info->data) + count, 0, SHA_BLOCKSIZE - count); 325 maybe_byte_reverse(sha_info->data, SHA_BLOCKSIZE); 326 sha_transform(sha_info); 327 memset((apr_byte_t *) sha_info->data, 0, SHA_BLOCKSIZE - 8); 328 } 329 else { 330 memset(((apr_byte_t *) sha_info->data) + count, 0, 331 SHA_BLOCKSIZE - 8 - count); 332 } 333 maybe_byte_reverse(sha_info->data, SHA_BLOCKSIZE); 334 sha_info->data[14] = hi_bit_count; 335 sha_info->data[15] = lo_bit_count; 336 sha_transform(sha_info); 337 338 for (i = 0, j = 0; j < APR_SHA1_DIGESTSIZE; i++) { 339 k = sha_info->digest[i]; 340 digest[j++] = (unsigned char) ((k >> 24) & 0xff); 341 digest[j++] = (unsigned char) ((k >> 16) & 0xff); 342 digest[j++] = (unsigned char) ((k >> 8) & 0xff); 343 digest[j++] = (unsigned char) (k & 0xff); 344 } 345} 346 347 348APU_DECLARE(void) apr_sha1_base64(const char *clear, int len, char *out) 349{ 350 int l; 351 apr_sha1_ctx_t context; 352 apr_byte_t digest[APR_SHA1_DIGESTSIZE]; 353 354 apr_sha1_init(&context); 355 apr_sha1_update(&context, clear, len); 356 apr_sha1_final(digest, &context); 357 358 /* private marker. */ 359 apr_cpystrn(out, APR_SHA1PW_ID, APR_SHA1PW_IDLEN + 1); 360 361 /* SHA1 hash is always 20 chars */ 362 l = apr_base64_encode_binary(out + APR_SHA1PW_IDLEN, digest, sizeof(digest)); 363 out[l + APR_SHA1PW_IDLEN] = '\0'; 364 365 /* 366 * output of base64 encoded SHA1 is always 28 chars + APR_SHA1PW_IDLEN 367 */ 368} 369