From 44a79fd73de5862d2106f5ad9192b566502a7052 Mon Sep 17 00:00:00 2001 From: Christophe Fergeau Date: Thu, 28 Jun 2012 12:33:07 +0200 Subject: Revert "Use HMAC glib implementation instead of rolling our own" This reverts commit 2a8dac4cc7aeca25b182bb9806ddb1881f2f4994. Pushed by mistake... --- configure.ac | 2 +- rest-extras/flickr-proxy-call.c | 1 + rest-extras/lastfm-proxy-call.c | 1 + rest/Makefile.am | 4 +- rest/oauth-proxy-call.c | 6 +-- rest/oauth2-proxy-call.c | 1 + rest/sha1.c | 108 ++++++++++++++++++++++++++++++++++++++++ rest/sha1.h | 22 ++++++++ 8 files changed, 140 insertions(+), 5 deletions(-) create mode 100644 rest/sha1.c create mode 100644 rest/sha1.h diff --git a/configure.ac b/configure.ac index 680ade1..f1105ae 100644 --- a/configure.ac +++ b/configure.ac @@ -40,7 +40,7 @@ AM_PROG_CC_C_O LT_PREREQ([2.2.6]) LT_INIT([disable-static]) -PKG_CHECK_MODULES(GLIB, glib-2.0 >= 2.30) +PKG_CHECK_MODULES(GLIB, glib-2.0 >= 2.24) PKG_CHECK_MODULES(SOUP, libsoup-2.4) PKG_CHECK_MODULES(XML, libxml-2.0) PKG_CHECK_MODULES(GTHREAD, gthread-2.0) diff --git a/rest-extras/flickr-proxy-call.c b/rest-extras/flickr-proxy-call.c index 51881dd..a9bc6f7 100644 --- a/rest-extras/flickr-proxy-call.c +++ b/rest-extras/flickr-proxy-call.c @@ -26,6 +26,7 @@ #include "flickr-proxy-call.h" #include "flickr-proxy-private.h" #include "rest/rest-proxy-call-private.h" +#include "rest/sha1.h" G_DEFINE_TYPE (FlickrProxyCall, flickr_proxy_call, REST_TYPE_PROXY_CALL) diff --git a/rest-extras/lastfm-proxy-call.c b/rest-extras/lastfm-proxy-call.c index afc7288..5e04038 100644 --- a/rest-extras/lastfm-proxy-call.c +++ b/rest-extras/lastfm-proxy-call.c @@ -27,6 +27,7 @@ #include "lastfm-proxy-call.h" #include "lastfm-proxy-private.h" #include "rest/rest-proxy-call-private.h" +#include "rest/sha1.h" G_DEFINE_TYPE (LastfmProxyCall, lastfm_proxy_call, REST_TYPE_PROXY_CALL) diff --git a/rest/Makefile.am b/rest/Makefile.am index 35067c5..e8a313f 100644 --- a/rest/Makefile.am +++ b/rest/Makefile.am @@ -18,7 +18,9 @@ lib_sources = \ oauth-proxy-private.h \ oauth2-proxy.c \ oauth2-proxy-call.c \ - oauth2-proxy-private.h + oauth2-proxy-private.h \ + sha1.c \ + sha1.h lib_headers = \ rest-param.h \ rest-params.h \ diff --git a/rest/oauth-proxy-call.c b/rest/oauth-proxy-call.c index c9d1ecd..d8cff95 100644 --- a/rest/oauth-proxy-call.c +++ b/rest/oauth-proxy-call.c @@ -26,6 +26,7 @@ #include "oauth-proxy-call.h" #include "oauth-proxy-private.h" #include "rest-proxy-call-private.h" +#include "sha1.h" G_DEFINE_TYPE (OAuthProxyCall, oauth_proxy_call, REST_TYPE_PROXY_CALL) @@ -162,9 +163,8 @@ sign_hmac (OAuthProxy *proxy, RestProxyCall *call, GHashTable *oauth_params) /* PLAINTEXT signature value is the HMAC-SHA1 key value */ key = sign_plaintext (priv); - signature = g_compute_hmac_for_string (G_CHECKSUM_SHA1, - (guchar *)key, strlen (key), - text->str, -1); + signature = hmac_sha1 (key, text->str); + g_free (key); g_string_free (text, TRUE); diff --git a/rest/oauth2-proxy-call.c b/rest/oauth2-proxy-call.c index 87ad8f7..f0d441c 100644 --- a/rest/oauth2-proxy-call.c +++ b/rest/oauth2-proxy-call.c @@ -27,6 +27,7 @@ #include "oauth2-proxy-call.h" #include "oauth2-proxy-private.h" #include "rest-proxy-call-private.h" +#include "sha1.h" G_DEFINE_TYPE (OAuth2ProxyCall, oauth2_proxy_call, REST_TYPE_PROXY_CALL) diff --git a/rest/sha1.c b/rest/sha1.c new file mode 100644 index 0000000..b2f4f0b --- /dev/null +++ b/rest/sha1.c @@ -0,0 +1,108 @@ +/* + * librest - RESTful web services access + * Copyright (c) 2008, 2009, Intel Corporation. + * + * Authors: Ross Burton + * + * This program is free software; you can redistribute it and/or modify it + * under the terms and conditions of the GNU Lesser General Public License, + * version 2.1, as published by the Free Software Foundation. + * + * This program is distributed in the hope it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for + * more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#include +#include +#include "sha1.h" + +#define SHA1_BLOCK_SIZE 64 +#define SHA1_LENGTH 20 + +/* + * hmac_sha1: + * @key: The key + * @message: The message + * + * Given the key and message, compute the HMAC-SHA1 hash and return the base-64 + * encoding of it. This is very geared towards OAuth, and as such both key and + * message must be NULL-terminated strings, and the result is base-64 encoded. + */ +char * +hmac_sha1 (const char *key, const char *message) +{ + GChecksum *checksum; + char *real_key; + guchar ipad[SHA1_BLOCK_SIZE]; + guchar opad[SHA1_BLOCK_SIZE]; + guchar inner[SHA1_LENGTH]; + guchar digest[SHA1_LENGTH]; + gsize key_length, inner_length, digest_length; + int i; + + g_return_val_if_fail (key, NULL); + g_return_val_if_fail (message, NULL); + + checksum = g_checksum_new (G_CHECKSUM_SHA1); + + /* If the key is longer than the block size, hash it first */ + if (strlen (key) > SHA1_BLOCK_SIZE) { + guchar new_key[SHA1_LENGTH]; + + key_length = sizeof (new_key); + + g_checksum_update (checksum, (guchar*)key, strlen (key)); + g_checksum_get_digest (checksum, new_key, &key_length); + g_checksum_reset (checksum); + + real_key = g_memdup (new_key, key_length); + } else { + real_key = g_strdup (key); + key_length = strlen (key); + } + + /* Sanity check the length */ + g_assert (key_length <= SHA1_BLOCK_SIZE); + + /* Protect against use of the provided key by NULLing it */ + key = NULL; + + /* Stage 1 */ + memset (ipad, 0, sizeof (ipad)); + memset (opad, 0, sizeof (opad)); + + memcpy (ipad, real_key, key_length); + memcpy (opad, real_key, key_length); + + /* Stage 2 and 5 */ + for (i = 0; i < sizeof (ipad); i++) { + ipad[i] ^= 0x36; + opad[i] ^= 0x5C; + } + + /* Stage 3 and 4 */ + g_checksum_update (checksum, ipad, sizeof (ipad)); + g_checksum_update (checksum, (guchar*)message, strlen (message)); + inner_length = sizeof (inner); + g_checksum_get_digest (checksum, inner, &inner_length); + g_checksum_reset (checksum); + + /* Stage 6 and 7 */ + g_checksum_update (checksum, opad, sizeof (opad)); + g_checksum_update (checksum, inner, inner_length); + + digest_length = sizeof (digest); + g_checksum_get_digest (checksum, digest, &digest_length); + + g_checksum_free (checksum); + g_free (real_key); + + return g_base64_encode (digest, digest_length); +} diff --git a/rest/sha1.h b/rest/sha1.h new file mode 100644 index 0000000..3538e21 --- /dev/null +++ b/rest/sha1.h @@ -0,0 +1,22 @@ +/* + * librest - RESTful web services access + * Copyright (c) 2008, 2009, Intel Corporation. + * + * Authors: Ross Burton + * + * This program is free software; you can redistribute it and/or modify it + * under the terms and conditions of the GNU Lesser General Public License, + * version 2.1, as published by the Free Software Foundation. + * + * This program is distributed in the hope it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for + * more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +char * hmac_sha1 (const char *key, const char *message); -- cgit v1.2.3