[asterisk-dev] Re: [asterisk-commits] trunk r9138 - in /trunk: ./
funcs/ include/asterisk/
Jeffrey C. Ollie
jeff at ocjtech.us
Fri Feb 3 17:48:08 MST 2006
Why are we adding the SHA1 code to the Asterisk code base? Why don't we
use the SHA1 implementation from OpenSSL? The license of OpenSSL
shouldn't be a problem since we already use OpenSSL for various other
functions. For that matter, we should eliminate the internal copies of
MD5 and AES and use the implementations in OpenSSL as well.
On Fri, 2006-02-03 at 22:37 +0000, asterisk-commits at lists.digium.com
wrote:
> Author: tilghman
> Date: Fri Feb 3 16:37:29 2006
> New Revision: 9138
>
> URL: http://svn.digium.com/view/asterisk?rev=9138&view=rev
> Log:
> Bug 6322 - Implementation of SHA1 in Asterisk (plus dialplan function to use it)
>
> Added:
> trunk/funcs/func_sha1.c
> trunk/include/asterisk/sha1.h
> trunk/sha1.c
> Modified:
> trunk/Makefile
> trunk/channel.c
> trunk/funcs/Makefile
> trunk/include/asterisk/utils.h
> trunk/utils.c
>
> Modified: trunk/Makefile
> URL: http://svn.digium.com/view/asterisk/trunk/Makefile?rev=9138&r1=9137&r2=9138&view=diff
> ==============================================================================
> --- trunk/Makefile (original)
> +++ trunk/Makefile Fri Feb 3 16:37:29 2006
> @@ -349,7 +349,7 @@
> astmm.o enum.o srv.o dns.o aescrypt.o aestab.o aeskey.o \
> utils.o plc.o jitterbuf.o dnsmgr.o devicestate.o \
> netsock.o slinfactory.o ast_expr2.o ast_expr2f.o \
> - cryptostub.o
> + cryptostub.o sha1.o
>
> ifeq ($(wildcard $(CROSS_COMPILE_TARGET)/usr/include/sys/poll.h),)
> OBJS+= poll.o
>
> Modified: trunk/channel.c
> URL: http://svn.digium.com/view/asterisk/trunk/channel.c?rev=9138&r1=9137&r2=9138&view=diff
> ==============================================================================
> --- trunk/channel.c (original)
> +++ trunk/channel.c Fri Feb 3 16:37:29 2006
> @@ -72,6 +72,7 @@
> #include "asterisk/app.h"
> #include "asterisk/transcap.h"
> #include "asterisk/devicestate.h"
> +#include "asterisk/sha1.h"
>
> struct channel_spy_trans {
> int last_format;
>
> Modified: trunk/funcs/Makefile
> URL: http://svn.digium.com/view/asterisk/trunk/funcs/Makefile?rev=9138&r1=9137&r2=9138&view=diff
> ==============================================================================
> --- trunk/funcs/Makefile (original)
> +++ trunk/funcs/Makefile Fri Feb 3 16:37:29 2006
> @@ -24,7 +24,8 @@
> func_timeout.o \
> func_language.o \
> func_moh.o \
> - func_base64.o
> + func_base64.o \
> + func_sha1.o
>
> AVAILABLE_FUNCS=$(filter-out $(BUILTINS),$(patsubst %.c,%.o,$(wildcard func*.c)))
>
>
> Added: trunk/funcs/func_sha1.c
> URL: http://svn.digium.com/view/asterisk/trunk/funcs/func_sha1.c?rev=9138&view=auto
> ==============================================================================
> --- trunk/funcs/func_sha1.c (added)
> +++ trunk/funcs/func_sha1.c Fri Feb 3 16:37:29 2006
> @@ -1,0 +1,68 @@
> +/*
> + * Asterisk -- An open source telephony toolkit.
> + *
> + * Copyright (C) 2006, Digium, Inc.
> + * Copyright (C) 2006, Claude Patry
> + *
> + * See http://www.asterisk.org for more information about
> + * the Asterisk project. Please do not directly contact
> + * any of the maintainers of this project for assistance;
> + * the project provides a web site, mailing lists and IRC
> + * channels for your use.
> + *
> + * This program is free software, distributed under the terms of
> + * the GNU General Public License Version 2. See the LICENSE file
> + * at the top of the source tree.
> + */
> +
> +/*! \file
> + *
> + * \brief SHA1 digest related dialplan functions
> + *
> + * \author Claude Patry <cpatry at gmail.com>
> + */
> +
> +#include <stdlib.h>
> +#include <string.h>
> +#include <sys/types.h>
> +
> +#include "asterisk.h"
> +
> +/* ASTERISK_FILE_VERSION(__FILE__, "$Revision: 8403 $") */
> +
> +#include "asterisk/channel.h"
> +#include "asterisk/pbx.h"
> +#include "asterisk/logger.h"
> +#include "asterisk/utils.h"
> +#include "asterisk/app.h"
> +
> +static char *builtin_function_sha1(struct ast_channel *chan, char *cmd, char *data, char *buf, size_t len)
> +{
> + if (ast_strlen_zero(data)) {
> + ast_log(LOG_WARNING, "Syntax: SHA1(<data>) - missing argument!\n");
> + return NULL;
> + }
> +
> + if (len >= 41)
> + ast_sha1_hash(buf, data);
> + else {
> + ast_log(LOG_ERROR, "Insufficient space to produce SHA1 hash result (%d < 41)\n", len);
> + *buf = '\0';
> + }
> + return buf;
> +}
> +
> +
> +#ifndef BUILTIN_FUNC
> +static
> +#endif
> +struct ast_custom_function sha1_function = {
> + .name = "SHA1",
> + .synopsis = "Computes a SHA1 digest",
> + .syntax = "SHA1(<data>)",
> + .read = builtin_function_sha1,
> + .desc = "Generate a SHA1 digest via the SHA1 algorythm.\n"
> + " Example: Set(sha1hash=${SHA1(junky)})\n"
> + " Sets the asterisk variable sha1hash to the string '60fa5675b9303eb62f99a9cd47f9f5837d18f9a0'\n"
> + " which is known as his hash\n",
> +};
>
> Added: trunk/include/asterisk/sha1.h
> URL: http://svn.digium.com/view/asterisk/trunk/include/asterisk/sha1.h?rev=9138&view=auto
> ==============================================================================
> --- trunk/include/asterisk/sha1.h (added)
> +++ trunk/include/asterisk/sha1.h Fri Feb 3 16:37:29 2006
> @@ -1,0 +1,82 @@
> +/*
> + * sha1.h
> + *
> + * Description:
> + * This is the header file for code which implements the Secure
> + * Hashing Algorithm 1 as defined in FIPS PUB 180-1 published
> + * April 17, 1995.
> + *
> + * Many of the variable names in this code, especially the
> + * single character names, were used because those were the names
> + * used in the publication.
> + *
> + * Please read the file sha1.c for more information.
> + *
> + */
> +
> +
> +#ifndef _SHA1_H_
> +#define _SHA1_H_
> +
> +
> +
> +#if defined(__OpenBSD__) || defined( __FreeBSD__)
> +#include <inttypes.h>
> +#else
> +#include <stdint.h>
> +#endif
> +
> +/*
> + * If you do not have the ISO standard stdint.h header file, then you
> + * must typdef the following:
> + * name meaning
> + * uint32_t unsigned 32 bit integer
> + * uint8_t unsigned 8 bit integer (i.e., unsigned char)
> + * int_least16_t integer of >= 16 bits
> + *
> + */
> +
> +#ifndef _SHA_enum_
> +#define _SHA_enum_
> +enum
> +{
> + shaSuccess = 0,
> + shaNull, /* Null pointer parameter */
> + shaInputTooLong, /* input data too long */
> + shaStateError /* called Input after Result */
> +};
> +#endif
> +#define SHA1HashSize 20
> +
> +/*
> + * This structure will hold context information for the SHA-1
> + * hashing operation
> + */
> +typedef struct SHA1Context
> +{
> + uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */
> +
> + uint32_t Length_Low; /* Message length in bits */
> + uint32_t Length_High; /* Message length in bits */
> +
> + /* Index into message block array */
> + int_least16_t Message_Block_Index;
> + uint8_t Message_Block[64]; /* 512-bit message blocks */
> +
> + int Computed; /* Is the digest computed? */
> + int Corrupted; /* Is the message digest corrupted? */
> +} SHA1Context;
> +
> +/*
> + * Function Prototypes
> + */
> +
> +
> +int SHA1Reset( SHA1Context *);
> +int SHA1Input( SHA1Context *,
> + const uint8_t *,
> + unsigned int);
> +int SHA1Result( SHA1Context *,
> + uint8_t Message_Digest[SHA1HashSize]);
> +
> +#endif
>
> Modified: trunk/include/asterisk/utils.h
> URL: http://svn.digium.com/view/asterisk/trunk/include/asterisk/utils.h?rev=9138&r1=9137&r2=9138&view=diff
> ==============================================================================
> --- trunk/include/asterisk/utils.h (original)
> +++ trunk/include/asterisk/utils.h Fri Feb 3 16:37:29 2006
> @@ -145,6 +145,9 @@
> /* ast_md5_hash
> \brief Produces MD5 hash based on input string */
> void ast_md5_hash(char *output, char *input);
> +/* ast_sha1_hash
> + \brief Produces SHA1 hash based on input string */
> +void ast_sha1_hash(char *output, char *input);
>
> int ast_base64encode(char *dst, const unsigned char *src, int srclen, int max);
> int ast_base64decode(unsigned char *dst, const char *src, int max);
>
> Added: trunk/sha1.c
> URL: http://svn.digium.com/view/asterisk/trunk/sha1.c?rev=9138&view=auto
> ==============================================================================
> --- trunk/sha1.c (added)
> +++ trunk/sha1.c Fri Feb 3 16:37:29 2006
> @@ -1,0 +1,417 @@
> +/*
> + *
> + * Based on the RFC 3174
> + *
> + * Full Copyright Statement
> + *
> + * Copyright (C) The Internet Society (2001). All Rights Reserved.
> + *
> + * This document and translations of it may be copied and furnished to
> + * others, and derivative works that comment on or otherwise explain it
> + * or assist in its implementation may be prepared, copied, published
> + * and distributed, in whole or in part, without restriction of any
> + * kind, provided that the above copyright notice and this paragraph are
> + * included on all such copies and derivative works. However, this
> + * document itself may not be modified in any way, such as by removing
> + * the copyright notice or references to the Internet Society or other
> + * Internet organizations, except as needed for the purpose of
> + * developing Internet standards in which case the procedures for
> + * copyrights defined in the Internet Standards process must be
> + * followed, or as required to translate it into languages other than
> + * English.
> + *
> + * The limited permissions granted above are perpetual and will not be
> + * revoked by the Internet Society or its successors or assigns.
> +
> + * This document and the information contained herein is provided on an
> + * "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
> + * TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
> + * BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
> + * HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
> + * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
> + *
> + *
> + *
> + * Description:
> + * This file implements the Secure Hashing Algorithm 1 as
> + * defined in FIPS PUB 180-1 published April 17, 1995.
> + *
> + * The SHA-1, produces a 160-bit message digest for a given
> + * data stream. It should take about 2**n steps to find a
> + * message with the same digest as a given message and
> + * 2**(n/2) to find any two messages with the same digest,
> + * when n is the digest size in bits. Therefore, this
> + * algorithm can serve as a means of providing a
> + * "fingerprint" for a message.
> + *
> + * Portability Issues:
> + * SHA-1 is defined in terms of 32-bit "words". This code
> + * uses <stdint.h> (included via "sha1.h" to define 32 and 8
> + * bit unsigned integer types. If your C compiler does not
> + * support 32 bit unsigned integers, this code is not
> + * appropriate.
> + *
> + * Caveats:
> + * SHA-1 is designed to work with messages less than 2^64 bits
> + * long. Although SHA-1 allows a message digest to be generated
> + * for messages of any number of bits less than 2^64, this
> + * implementation only works with messages with a length that is
> + * a multiple of the size of an 8-bit character.
> + *
> + */
> +
> +
> +#include "asterisk/sha1.h"
> +
> +/*
> + * Define the SHA1 circular left shift macro
> + */
> +#define SHA1CircularShift(bits,word) \
> + (((word) << (bits)) | ((word) >> (32-(bits))))
> +
> +/* Local Function Prototyptes */
> +void SHA1PadMessage(SHA1Context *);
> +void SHA1ProcessMessageBlock(SHA1Context *);
> +
> +/*
> + * SHA1Reset
> + *
> + * Description:
> + * This function will initialize the SHA1Context in preparation
> + * for computing a new SHA1 message digest.
> + *
> + * Parameters:
> + * context: [in/out]
> + * The context to reset.
> + *
> + * Returns:
> + * sha Error Code.
> + *
> + */
> +int SHA1Reset(SHA1Context *context)
> +{
> + if (!context)
> + {
> + return shaNull;
> + }
> +
> + context->Length_Low = 0;
> + context->Length_High = 0;
> + context->Message_Block_Index = 0;
> +
> + context->Intermediate_Hash[0] = 0x67452301;
> + context->Intermediate_Hash[1] = 0xEFCDAB89;
> + context->Intermediate_Hash[2] = 0x98BADCFE;
> + context->Intermediate_Hash[3] = 0x10325476;
> + context->Intermediate_Hash[4] = 0xC3D2E1F0;
> +
> + context->Computed = 0;
> + context->Corrupted = 0;
> +
> + return shaSuccess;
> +}
> +
> +/*
> + * SHA1Result
> + *
> + * Description:
> + * This function will return the 160-bit message digest into the
> + * Message_Digest array provided by the caller.
> + * NOTE: The first octet of hash is stored in the 0th element,
> + * the last octet of hash in the 19th element.
> + *
> + * Parameters:
> + * context: [in/out]
> + * The context to use to calculate the SHA-1 hash.
> + * Message_Digest: [out]
> + * Where the digest is returned.
> + *
> + * Returns:
> + * sha Error Code.
> + *
> + */
> +int SHA1Result( SHA1Context *context,
> + uint8_t Message_Digest[SHA1HashSize])
> +{
> + int i;
> +
> + if (!context || !Message_Digest)
> + {
> + return shaNull;
> + }
> +
> + if (context->Corrupted)
> + {
> + return context->Corrupted;
> + }
> +
> + if (!context->Computed)
> + {
> + SHA1PadMessage(context);
> + for(i=0; i<64; ++i)
> + {
> + /* message may be sensitive, clear it out */
> + context->Message_Block[i] = 0;
> + }
> + context->Length_Low = 0; /* and clear length */
> + context->Length_High = 0;
> + context->Computed = 1;
> +
> + }
> +
> + for(i = 0; i < SHA1HashSize; ++i)
> + {
> + Message_Digest[i] = context->Intermediate_Hash[i>>2]
> + >> 8 * ( 3 - ( i & 0x03 ) );
> + }
> +
> + return shaSuccess;
> +}
> +
> +/*
> + * SHA1Input
> + *
> + * Description:
> + * This function accepts an array of octets as the next portion
> + * of the message.
> + *
> + * Parameters:
> + * context: [in/out]
> + * The SHA context to update
> + * message_array: [in]
> + * An array of characters representing the next portion of
> + * the message.
> + * length: [in]
> + * The length of the message in message_array
> + *
> + * Returns:
> + * sha Error Code.
> + *
> + */
> +int SHA1Input( SHA1Context *context,
> + const uint8_t *message_array,
> + unsigned length)
> +{
> + if (!length)
> + {
> + return shaSuccess;
> + }
> +
> + if (!context || !message_array)
> + {
> + return shaNull;
> + }
> +
> + if (context->Computed)
> + {
> + context->Corrupted = shaStateError;
> + return shaStateError;
> + }
> +
> + if (context->Corrupted)
> + {
> + return context->Corrupted;
> + }
> + while(length-- && !context->Corrupted)
> + {
> + context->Message_Block[context->Message_Block_Index++] =
> + (*message_array & 0xFF);
> +
> + context->Length_Low += 8;
> + if (context->Length_Low == 0)
> + {
> + context->Length_High++;
> + if (context->Length_High == 0)
> + {
> + /* Message is too long */
> + context->Corrupted = 1;
> + }
> + }
> +
> + if (context->Message_Block_Index == 64)
> + {
> + SHA1ProcessMessageBlock(context);
> + }
> +
> + message_array++;
> + }
> +
> + return shaSuccess;
> +}
> +
> +/*
> + * SHA1ProcessMessageBlock
> + *
> + * Description:
> + * This function will process the next 512 bits of the message
> + * stored in the Message_Block array.
> + *
> + * Parameters:
> + * None.
> + *
> + * Returns:
> + * Nothing.
> + *
> + * Comments:
> + * Many of the variable names in this code, especially the
> + * single character names, were used because those were the
> + * names used in the publication.
> + *
> + *
> + */
> +void SHA1ProcessMessageBlock(SHA1Context *context)
> +{
> + const uint32_t K[] = { /* Constants defined in SHA-1 */
> + 0x5A827999,
> + 0x6ED9EBA1,
> + 0x8F1BBCDC,
> + 0xCA62C1D6
> + };
> + int t; /* Loop counter */
> + uint32_t temp; /* Temporary word value */
> + uint32_t W[80]; /* Word sequence */
> + uint32_t A, B, C, D, E; /* Word buffers */
> +
> + /*
> + * Initialize the first 16 words in the array W
> + */
> + for(t = 0; t < 16; t++)
> + {
> + W[t] = context->Message_Block[t * 4] << 24;
> + W[t] |= context->Message_Block[t * 4 + 1] << 16;
> + W[t] |= context->Message_Block[t * 4 + 2] << 8;
> + W[t] |= context->Message_Block[t * 4 + 3];
> + }
> +
> + for(t = 16; t < 80; t++)
> + {
> + W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
> + }
> +
> + A = context->Intermediate_Hash[0];
> + B = context->Intermediate_Hash[1];
> + C = context->Intermediate_Hash[2];
> + D = context->Intermediate_Hash[3];
> + E = context->Intermediate_Hash[4];
> +
> + for(t = 0; t < 20; t++)
> + {
> + temp = SHA1CircularShift(5,A) +
> + ((B & C) | ((~B) & D)) + E + W[t] + K[0];
> + E = D;
> + D = C;
> + C = SHA1CircularShift(30,B);
> + B = A;
> + A = temp;
> + }
> +
> + for(t = 20; t < 40; t++)
> + {
> + temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
> + E = D;
> + D = C;
> + C = SHA1CircularShift(30,B);
> + B = A;
> + A = temp;
> + }
> +
> + for(t = 40; t < 60; t++)
> + {
> + temp = SHA1CircularShift(5,A) +
> + ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
> + E = D;
> + D = C;
> + C = SHA1CircularShift(30,B);
> + B = A;
> + A = temp;
> + }
> +
> + for(t = 60; t < 80; t++)
> + {
> + temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
> + E = D;
> + D = C;
> + C = SHA1CircularShift(30,B);
> + B = A;
> + A = temp;
> + }
> +
> + context->Intermediate_Hash[0] += A;
> + context->Intermediate_Hash[1] += B;
> + context->Intermediate_Hash[2] += C;
> + context->Intermediate_Hash[3] += D;
> + context->Intermediate_Hash[4] += E;
> +
> + context->Message_Block_Index = 0;
> +}
> +
> +
> +/*
> + * SHA1PadMessage
> + *
> + * Description:
> + * According to the standard, the message must be padded to an even
> + * 512 bits. The first padding bit must be a '1'. The last 64
> + * bits represent the length of the original message. All bits in
> + * between should be 0. This function will pad the message
> + * according to those rules by filling the Message_Block array
> + * accordingly. It will also call the ProcessMessageBlock function
> + * provided appropriately. When it returns, it can be assumed that
> + * the message digest has been computed.
> + *
> + * Parameters:
> + * context: [in/out]
> + * The context to pad
> + * ProcessMessageBlock: [in]
> + * The appropriate SHA*ProcessMessageBlock function
> + * Returns:
> + * Nothing.
> + *
> + */
> +
> +void SHA1PadMessage(SHA1Context *context)
> +{
> + /*
> + * Check to see if the current message block is too small to hold
> + * the initial padding bits and length. If so, we will pad the
> + * block, process it, and then continue padding into a second
> + * block.
> + */
> + if (context->Message_Block_Index > 55)
> + {
> + context->Message_Block[context->Message_Block_Index++] = 0x80;
> + while(context->Message_Block_Index < 64)
> + {
> + context->Message_Block[context->Message_Block_Index++] = 0;
> + }
> +
> + SHA1ProcessMessageBlock(context);
> +
> + while(context->Message_Block_Index < 56)
> + {
> + context->Message_Block[context->Message_Block_Index++] = 0;
> + }
> + }
> + else
> + {
> + context->Message_Block[context->Message_Block_Index++] = 0x80;
> + while(context->Message_Block_Index < 56)
> + {
> + context->Message_Block[context->Message_Block_Index++] = 0;
> + }
> + }
> +
> + /*
> + * Store the message length as the last 8 octets
> + */
> + context->Message_Block[56] = context->Length_High >> 24;
> + context->Message_Block[57] = context->Length_High >> 16;
> + context->Message_Block[58] = context->Length_High >> 8;
> + context->Message_Block[59] = context->Length_High;
> + context->Message_Block[60] = context->Length_Low >> 24;
> + context->Message_Block[61] = context->Length_Low >> 16;
> + context->Message_Block[62] = context->Length_Low >> 8;
> + context->Message_Block[63] = context->Length_Low;
> +
> + SHA1ProcessMessageBlock(context);
> +}
>
> Modified: trunk/utils.c
> URL: http://svn.digium.com/view/asterisk/trunk/utils.c?rev=9138&r1=9137&r2=9138&view=diff
> ==============================================================================
> --- trunk/utils.c (original)
> +++ trunk/utils.c Fri Feb 3 16:37:29 2006
> @@ -43,6 +43,7 @@
> #include "asterisk/io.h"
> #include "asterisk/logger.h"
> #include "asterisk/md5.h"
> +#include "asterisk/sha1.h"
> #include "asterisk/options.h"
> #include "asterisk/compat.h"
>
> @@ -281,7 +282,7 @@
> return(test_errors); /* return 0 on success. */
> }
>
> -/*! \brief ast_md5_hash: Produce 16 char MD5 hash of value. ---*/
> +/*! \brief ast_md5_hash: Produce 32 char MD5 hash of value. ---*/
> void ast_md5_hash(char *output, char *input)
> {
> struct MD5Context md5;
> @@ -295,6 +296,24 @@
> ptr = output;
> for (x=0; x<16; x++)
> ptr += sprintf(ptr, "%2.2x", digest[x]);
> +}
> +
> +/*! \brief ast_sha1_hash: Produce 40 char SHA1 hash of value. ---*/
> +void ast_sha1_hash(char *output, char *input)
> +{
> + struct SHA1Context sha;
> + char *ptr;
> + int x;
> + uint8_t Message_Digest[20];
> +
> + SHA1Reset(&sha);
> +
> + SHA1Input(&sha, (const unsigned char *) input, strlen(input));
> +
> + SHA1Result(&sha, Message_Digest);
> + ptr = output;
> + for (x = 0; x < 20; x++)
> + ptr += sprintf(ptr, "%2.2x", Message_Digest[x]);
> }
>
> int ast_base64decode(unsigned char *dst, const char *src, int max)
>
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> asterisk-commits mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-commits
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.digium.com/pipermail/asterisk-dev/attachments/20060203/49709756/attachment.pgp
More information about the asterisk-dev
mailing list