Remove cryptopp dependency, directly include a simple sha1 implementation

48b4f7b8 · louiz’ · fef9c819 · 48b4f7b8 · 48b4f7b8 · fef9c819
Commit 48b4f7b8 authored Jan 12, 2014 by louiz’
6 changed files
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -16,7 +16,6 @@ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -D__FILENAME__='\"$(subst ${CMAKE_SOURCE
 ## Look for external libraries
 #
 set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/Modules/")
-find_package(Cryptopp REQUIRED)
 find_package(Iconv REQUIRED)
 include(FindEXPAT)
 find_package(EXPAT REQUIRED)
@@ -25,9 +24,6 @@ find_package(Libidn)
 include_directories("src/")
 include_directories(${EXPAT_INCLUDE_DIRS})
 include_directories(${ICONV_INCLUDE_DIRS})
-# the SYSTEM flag tells the compiler that we don't care about warnings
-# coming from these headers.
-include_directories(SYSTEM ${CRYPTO++_INCLUDE_DIRS})

 if(LIBIDN_FOUND)
  include_directories(${LIBIDN_INCLUDE_DIRS})
@@ -90,7 +86,7 @@ file(GLOB source_xmpp
  src/xmpp/*.[hc]pp)
 add_library(xmpp STATIC ${source_xmpp})
 target_link_libraries(xmpp bridge network utils logger
-  ${CRYPTO++_LIBRARIES} ${EXPAT_LIBRARIES} pthread)
+  ${EXPAT_LIBRARIES} pthread)
 if(LIBIDN_FOUND)
  target_link_libraries(xmpp ${LIBIDN_LIBRARIES})
 endif()

--- a/INSTALL
+++ b/INSTALL
@@ -7,11 +7,6 @@ Build and runtime dependencies:

 Libraries:

- crypto++
- Sometimes packaged as cryptopp.  This library is used to generate MD5
- hashes.
- http://www.cryptopp.com/
-
 - expat
 Used to parse XML from the XMPP server.
 http://expat.sourceforge.net/

--- a/cmake/Modules/FindCryptopp.cmake
+++ b/cmake/Modules/FindCryptopp.cmake
-# - Find Crypto++
-# Find the Crypto++ library
-#
-# This module defines the following variables:
-#   CRYPTO++_FOUND  -  True if library and include directory are found
-# If set to TRUE, the following are also defined:
-#   CRYPTO++_LIBRARIES  -  Where to find the library file
-#   CRYPTO++_INCLUDE_DIRS  -  The directory where to find the header files
-#
-# For conveniance, these variables are also set. They have the same values
-# than the variables above.  The user can thus choose his/her prefered way
-# to way to write them.
-#
-#   CRYPTOPP_FOUND
-#
-#   CRYPTO++_LIBRARY
-#   CRYPTOPP_LIBRARY
-#   CRYPTOPP_LIBRARIES
-#
-#   CRYPTO++_INCLUDE_DIR
-#   CRYPTOPP_INCLUDE_DIRS
-#   CRYPTOPP_INCLUDE_DIR
-#
-# This file is in the public domain.
-
-find_path(CRYPTO++_INCLUDE_DIRS NAMES cryptlib.h
-  PATH_SUFFIXES "crypto++" "cryptopp"
-  DOC "The Crypto++ include directory")
-
-find_library(CRYPTO++_LIBRARIES NAMES cryptopp
-  DOC "The Crypto++ library")
-
-# Use some standard module to handle the QUIETLY and REQUIRED arguments, and
-# set CRYPTO++_FOUND to TRUE if these two variables are set.
-include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(Crypto++ REQUIRED_VARS CRYPTO++_LIBRARIES CRYPTO++_INCLUDE_DIRS)
-
-# Compatibility for all the ways of writing these variables
-if(CRYPTO++_FOUND)
-  set(CRYPTOPP_FOUND ${CRYPTO++_FOUND})
-
-  set(CRYPTO++_LIBRARY ${CRYPTO++_LIBRARIES})
-  set(CRYPTOPP_LIBRARY ${CRYPTO++_LIBRARIES})
-  set(CRYPTOPP_LIBRARIES ${CRYPTO++_LIBRARIES})
-
-  set(CRYPTO++_INCLUDE_DIR ${CRYPTO++_INCLUDE_DIRS})
-  set(CRYPTOPP_INCLUDE_DIR ${CRYPTO++_INCLUDE_DIRS})
-  set(CRYPTOPP_INCLUDE_DIRS ${CRYPTO++_INCLUDE_DIRS})
-endif()
-
-mark_as_advanced(CRYPTO++_INCLUDE_DIRS CRYPTO++_LIBRARIES)
-
-
--- a/src/utils/sha1.cpp
+++ b/src/utils/sha1.cpp
+/* This code is public-domain - it is based on libcrypt
+ * placed in the public domain by Wei Dai and other contributors.
+ */
+
+#include "sha1.hpp"
+
+#define SHA1_K0 0x5a827999
+#define SHA1_K20 0x6ed9eba1
+#define SHA1_K40 0x8f1bbcdc
+#define SHA1_K60 0xca62c1d6
+
+const uint8_t sha1InitState[] = {
+  0x01,0x23,0x45,0x67, // H0
+  0x89,0xab,0xcd,0xef, // H1
+  0xfe,0xdc,0xba,0x98, // H2
+  0x76,0x54,0x32,0x10, // H3
+  0xf0,0xe1,0xd2,0xc3  // H4
+};
+
+void sha1_init(sha1nfo *s) {
+  memcpy(s->state.b,sha1InitState,HASH_LENGTH);
+  s->byteCount = 0;
+  s->bufferOffset = 0;
+}
+
+uint32_t sha1_rol32(uint32_t number, uint8_t bits) {
+  return ((number << bits) | (number >> (32-bits)));
+}
+
+void sha1_hashBlock(sha1nfo *s) {
+  uint8_t i;
+  uint32_t a,b,c,d,e,t;
+
+  a=s->state.w[0];
+  b=s->state.w[1];
+  c=s->state.w[2];
+  d=s->state.w[3];
+  e=s->state.w[4];
+  for (i=0; i<80; i++) {
+    if (i>=16) {
+      t = s->buffer.w[(i+13)&15] ^ s->buffer.w[(i+8)&15] ^ s->buffer.w[(i+2)&15] ^ s->buffer.w[i&15];
+      s->buffer.w[i&15] = sha1_rol32(t,1);
+    }
+    if (i<20) {
+      t = (d ^ (b & (c ^ d))) + SHA1_K0;
+    } else if (i<40) {
+      t = (b ^ c ^ d) + SHA1_K20;
+    } else if (i<60) {
+      t = ((b & c) | (d & (b | c))) + SHA1_K40;
+    } else {
+      t = (b ^ c ^ d) + SHA1_K60;
+    }
+    t+=sha1_rol32(a,5) + e + s->buffer.w[i&15];
+    e=d;
+    d=c;
+    c=sha1_rol32(b,30);
+    b=a;
+    a=t;
+  }
+  s->state.w[0] += a;
+  s->state.w[1] += b;
+  s->state.w[2] += c;
+  s->state.w[3] += d;
+  s->state.w[4] += e;
+}
+
+void sha1_addUncounted(sha1nfo *s, uint8_t data) {
+  s->buffer.b[s->bufferOffset ^ 3] = data;
+  s->bufferOffset++;
+  if (s->bufferOffset == BLOCK_LENGTH) {
+    sha1_hashBlock(s);
+    s->bufferOffset = 0;
+  }
+}
+
+void sha1_writebyte(sha1nfo *s, uint8_t data) {
+  ++s->byteCount;
+  sha1_addUncounted(s, data);
+}
+
+void sha1_write(sha1nfo *s, const char *data, size_t len) {
+	for (;len--;) sha1_writebyte(s, (uint8_t) *data++);
+}
+
+void sha1_pad(sha1nfo *s) {
+  // Implement SHA-1 padding (fips180-2 Â§5.1.1)
+
+  // Pad with 0x80 followed by 0x00 until the end of the block
+  sha1_addUncounted(s, 0x80);
+  while (s->bufferOffset != 56) sha1_addUncounted(s, 0x00);
+
+  // Append length in the last 8 bytes
+  sha1_addUncounted(s, 0); // We're only using 32 bit lengths
+  sha1_addUncounted(s, 0); // But SHA-1 supports 64 bit lengths
+  sha1_addUncounted(s, 0); // So zero pad the top bits
+  sha1_addUncounted(s, s->byteCount >> 29); // Shifting to multiply by 8
+  sha1_addUncounted(s, s->byteCount >> 21); // as SHA-1 supports bitstreams as well as
+  sha1_addUncounted(s, s->byteCount >> 13); // byte.
+  sha1_addUncounted(s, s->byteCount >> 5);
+  sha1_addUncounted(s, s->byteCount << 3);
+}
+
+uint8_t* sha1_result(sha1nfo *s) {
+  int i;
+  // Pad to complete the last block
+  sha1_pad(s);
+
+  // Swap byte order back
+  for (i=0; i<5; i++) {
+    uint32_t a,b;
+    a=s->state.w[i];
+    b=a<<24;
+    b|=(a<<8) & 0x00ff0000;
+    b|=(a>>8) & 0x0000ff00;
+    b|=a>>24;
+    s->state.w[i]=b;
+  }
+
+  // Return pointer to hash (20 characters)
+  return s->state.b;
+}
+
+#define HMAC_IPAD 0x36
+#define HMAC_OPAD 0x5c
+
+void sha1_initHmac(sha1nfo *s, const uint8_t* key, int keyLength) {
+  uint8_t i;
+  memset(s->keyBuffer, 0, BLOCK_LENGTH);
+  if (keyLength > BLOCK_LENGTH) {
+    // Hash long keys
+    sha1_init(s);
+    for (;keyLength--;) sha1_writebyte(s, *key++);
+    memcpy(s->keyBuffer, sha1_result(s), HASH_LENGTH);
+  } else {
+    // Block length keys are used as is
+    memcpy(s->keyBuffer, key, keyLength);
+  }
+  // Start inner hash
+  sha1_init(s);
+  for (i=0; i<BLOCK_LENGTH; i++) {
+    sha1_writebyte(s, s->keyBuffer[i] ^ HMAC_IPAD);
+  }
+}
+
+uint8_t* sha1_resultHmac(sha1nfo *s) {
+  uint8_t i;
+  // Complete inner hash
+  memcpy(s->innerHash,sha1_result(s),HASH_LENGTH);
+  // Calculate outer hash
+  sha1_init(s);
+  for (i=0; i<BLOCK_LENGTH; i++) sha1_writebyte(s, s->keyBuffer[i] ^ HMAC_OPAD);
+  for (i=0; i<HASH_LENGTH; i++) sha1_writebyte(s, s->innerHash[i]);
+  return sha1_result(s);
+}
--- a/src/utils/sha1.hpp
+++ b/src/utils/sha1.hpp
+/* This code is public-domain - it is based on libcrypt
+ * placed in the public domain by Wei Dai and other contributors.
+ */
+
+#include <stdint.h>
+#include <string.h>
+
+#define HASH_LENGTH 20
+#define BLOCK_LENGTH 64
+
+union _buffer {
+	uint8_t b[BLOCK_LENGTH];
+	uint32_t w[BLOCK_LENGTH/4];
+};
+
+union _state {
+	uint8_t b[HASH_LENGTH];
+	uint32_t w[HASH_LENGTH/4];
+};
+
+typedef struct sha1nfo {
+	union _buffer buffer;
+	uint8_t bufferOffset;
+	union _state state;
+	uint32_t byteCount;
+	uint8_t keyBuffer[BLOCK_LENGTH];
+	uint8_t innerHash[HASH_LENGTH];
+} sha1nfo;
+
+void sha1_init(sha1nfo *s);
+void sha1_writebyte(sha1nfo *s, uint8_t data);
+void sha1_write(sha1nfo *s, const char *data, size_t len);
+uint8_t* sha1_result(sha1nfo *s);
+void sha1_initHmac(sha1nfo *s, const uint8_t* key, int keyLength);
+uint8_t* sha1_resultHmac(sha1nfo *s);
--- a/src/xmpp/xmpp_component.cpp
+++ b/src/xmpp/xmpp_component.cpp
@@ -4,12 +4,11 @@
 #include <xmpp/xmpp_component.hpp>
 #include <xmpp/jid.hpp>

+#include <utils/sha1.hpp>
+
 #include <iostream>

-// CryptoPP
-#include <filters.h>
-#include <hex.h>
-#include <sha.h>
+#include <stdio.h>

 #define STREAM_NS        "http://etherx.jabber.org/streams"
 #define COMPONENT_NS     "jabber:component:accept"
@@ -119,13 +118,17 @@ void XmppComponent::on_remote_stream_open(const XmlNode& node)
    }

  // Try to authenticate
-  CryptoPP::SHA1 sha1;
-  std::string digest;
-  CryptoPP::StringSource foo(this->stream_id + this->secret, true,
-                      new CryptoPP::HashFilter(sha1,
-                          new CryptoPP::HexEncoder(
-                              new CryptoPP::StringSink(digest), false)));
-  Stanza handshake("handshake", nullptr);
+  char digest[HASH_LENGTH * 2 + 1];
+  sha1nfo sha1;
+  sha1_init(&sha1);
+  sha1_write(&sha1, this->stream_id.data(), this->stream_id.size());
+  sha1_write(&sha1, this->secret.data(),  this->secret.size());
+  const uint8_t* result = sha1_result(&sha1);
+  for (int i=0; i < HASH_LENGTH; i++)
+    sprintf(digest + (i*2), "%02x", result[i]);
+  digest[HASH_LENGTH * 2] = '\0';
+
+  Stanza handshake("handshake");
  handshake.set_inner(digest);
  handshake.close();
  this->send_stanza(handshake);