This uses GPL sha1 code (taken from open-iscsi) instead of OpenSSL to avoid OpenSSL and GPL license incompatibility issue.
Signed-off-by: MORITA Kazutaka <[email protected]> --- configure.ac | 4 - include/sha1.h | 27 ++++++++ lib/Makefile.am | 2 +- lib/sha1.c | 168 ++++++++++++++++++++++++++++++++++++++++++++++++ sheep/farm/farm.h | 2 +- sheep/farm/sha1_file.c | 16 ++-- 6 files changed, 205 insertions(+), 14 deletions(-) create mode 100644 include/sha1.h create mode 100644 lib/sha1.c diff --git a/configure.ac b/configure.ac index 7a3e3ab..cef63ea 100644 --- a/configure.ac +++ b/configure.ac @@ -280,10 +280,6 @@ if test "x${enable_accord}" = xyes; then fi if test "x${enable_farm}" = xyes; then - AC_CHECK_LIB([crypto], [SHA1_Init],, - AC_MSG_ERROR(libcrypto not found)) - AC_CHECK_HEADERS([openssl/sha.h],, - AC_MSG_ERROR(sha.h header missing)) AC_DEFINE_UNQUOTED([HAVE_FARM], 1, [have farm]) PACKAGE_FEATURES="$PACKAGE_FEATURES farm" fi diff --git a/include/sha1.h b/include/sha1.h new file mode 100644 index 0000000..cc60dc1 --- /dev/null +++ b/include/sha1.h @@ -0,0 +1,27 @@ +/* + * sha1.h - SHA1 Secure Hash Algorithm used for CHAP authentication. + * copied from the Linux kernel's Cryptographic API and slightly adjusted to + * fit IET's needs + * + * This file is (c) 2004 Xiranet Communications GmbH <[email protected]> + * and licensed under the GPL. + */ + +#ifndef SHA1_H +#define SHA1_H + +#include <sys/types.h> +#include <string.h> +#include <inttypes.h> + +struct sha1_ctx { + uint64_t count; + uint32_t state[5]; + uint8_t buffer[64]; +}; + +void sha1_init(void *ctx); +void sha1_update(void *ctx, const uint8_t *data, unsigned int len); +void sha1_final(void* ctx, uint8_t *out); + +#endif diff --git a/lib/Makefile.am b/lib/Makefile.am index f6ac984..0e11ec8 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -5,4 +5,4 @@ INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include noinst_LIBRARIES = libsheepdog.a libsheepdog_a_SOURCES = event.c logger.c net.c util.c rbtree.c ring_buffer.c \ - strbuf.c + strbuf.c sha1.c diff --git a/lib/sha1.c b/lib/sha1.c new file mode 100644 index 0000000..5cf444a --- /dev/null +++ b/lib/sha1.c @@ -0,0 +1,168 @@ +/* + * Cryptographic API. + * + * SHA1 Secure Hash Algorithm. + * + * Derived from cryptoapi implementation, adapted for in-place + * scatterlist interface. Originally based on the public domain + * implementation written by Steve Reid. + * + * Copyright (c) Alan Smithee. + * Copyright (c) Andrew McDonald <[email protected]> + * Copyright (c) Jean-Francois Dive <[email protected]> + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + */ +#include <arpa/inet.h> +#include "sha1.h" + +#define SHA1_DIGEST_SIZE 20 +#define SHA1_HMAC_BLOCK_SIZE 64 + +static inline uint32_t rol(uint32_t value, uint32_t bits) +{ + return (((value) << (bits)) | ((value) >> (32 - (bits)))); +} + +/* blk0() and blk() perform the initial expand. */ +/* I got the idea of expanding during the round function from SSLeay */ +# define blk0(i) block32[i] + +#define blk(i) (block32[i&15] = rol(block32[(i+13)&15]^block32[(i+8)&15] \ + ^block32[(i+2)&15]^block32[i&15],1)) + +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5); \ + w=rol(w,30); +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5); \ + w=rol(w,30); +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5); \ + w=rol(w,30); +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); + +/* Hash a single 512-bit block. This is the core of the algorithm. */ +static void sha1_transform(uint32_t *state, const uint8_t *in) +{ + uint32_t a, b, c, d, e; + uint32_t block32[16]; + + /* convert/copy data to workspace */ + for (a = 0; a < sizeof(block32)/sizeof(uint32_t); a++) + block32[a] = ntohl (((const uint32_t *)in)[a]); + + /* Copy context->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + /* Wipe variables */ + a = b = c = d = e = 0; + memset (block32, 0x00, sizeof block32); +} + +void sha1_init(void *ctx) +{ + struct sha1_ctx *sctx = ctx; + static const struct sha1_ctx initstate = { + 0, + { 0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0 }, + { 0, } + }; + + *sctx = initstate; +} + +void sha1_update(void *ctx, const uint8_t *data, unsigned int len) +{ + struct sha1_ctx *sctx = ctx; + unsigned int i, j; + + j = (sctx->count >> 3) & 0x3f; + sctx->count += len << 3; + + if ((j + len) > 63) { + memcpy(&sctx->buffer[j], data, (i = 64-j)); + sha1_transform(sctx->state, sctx->buffer); + for ( ; i + 63 < len; i += 64) { + sha1_transform(sctx->state, &data[i]); + } + j = 0; + } + else i = 0; + memcpy(&sctx->buffer[j], &data[i], len - i); +} + + +/* Add padding and return the message digest. */ +void sha1_final(void* ctx, uint8_t *out) +{ + struct sha1_ctx *sctx = ctx; + uint32_t i, j, idx, padlen; + uint64_t t; + uint8_t bits[8] = { 0, }; + static const uint8_t padding[64] = { 0x80, }; + + t = sctx->count; + bits[7] = 0xff & t; t>>=8; + bits[6] = 0xff & t; t>>=8; + bits[5] = 0xff & t; t>>=8; + bits[4] = 0xff & t; t>>=8; + bits[3] = 0xff & t; t>>=8; + bits[2] = 0xff & t; t>>=8; + bits[1] = 0xff & t; t>>=8; + bits[0] = 0xff & t; + + /* Pad out to 56 mod 64 */ + idx = (sctx->count >> 3) & 0x3f; + padlen = (idx < 56) ? (56 - idx) : ((64+56) - idx); + sha1_update(sctx, padding, padlen); + + /* Append length */ + sha1_update(sctx, bits, sizeof bits); + + /* Store state in digest */ + for (i = j = 0; i < 5; i++, j += 4) { + uint32_t t2 = sctx->state[i]; + out[j+3] = t2 & 0xff; t2>>=8; + out[j+2] = t2 & 0xff; t2>>=8; + out[j+1] = t2 & 0xff; t2>>=8; + out[j ] = t2 & 0xff; + } + + /* Wipe context */ + memset(sctx, 0, sizeof *sctx); +} diff --git a/sheep/farm/farm.h b/sheep/farm/farm.h index 72b8b5d..b5f5d61 100644 --- a/sheep/farm/farm.h +++ b/sheep/farm/farm.h @@ -12,13 +12,13 @@ #include <errno.h> #include <sys/mman.h> #include <linux/limits.h> -#include <openssl/sha.h> #include <zlib.h> #include "sheepdog_proto.h" #include "sheep.h" #include "logger.h" #include "strbuf.h" +#include "sha1.h" #define HEX_LEN 40 #define NAME_LEN HEX_LEN diff --git a/sheep/farm/sha1_file.c b/sheep/farm/sha1_file.c index ead1a00..b0abc16 100644 --- a/sheep/farm/sha1_file.c +++ b/sheep/farm/sha1_file.c @@ -138,11 +138,11 @@ err_open: int sha1_file_write(unsigned char *buf, unsigned len, unsigned char *outsha1) { unsigned char sha1[SHA1_LEN]; - SHA_CTX c; + struct sha1_ctx c; - SHA1_Init(&c); - SHA1_Update(&c, buf, len); - SHA1_Final(sha1, &c); + sha1_init(&c); + sha1_update(&c, buf, len); + sha1_final(&c, sha1); if (sha1_buffer_write(sha1, buf, len) < 0) return -1; @@ -197,11 +197,11 @@ static void *unpack_sha1_file(void *map, unsigned long mapsize, struct sha1_file static int verify_sha1_file(const unsigned char *sha1, void *buf, unsigned long len) { unsigned char tmp[SHA1_LEN]; - SHA_CTX c; + struct sha1_ctx c; - SHA1_Init(&c); - SHA1_Update(&c, buf, len); - SHA1_Final(tmp, &c); + sha1_init(&c); + sha1_update(&c, buf, len); + sha1_final(&c, tmp); if (memcmp((char *)tmp, (char *)sha1, SHA1_LEN) != 0) { dprintf("failed, %s != %s\n", sha1_to_hex(sha1), -- 1.7.2.5 -- sheepdog mailing list [email protected] http://lists.wpkg.org/mailman/listinfo/sheepdog
