1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* dbus-sha.c SHA-1 implementation
3 *
4 * Copyright (C) 2003 Red Hat Inc.
5 * Copyright (C) 1995 A. M. Kuchling
6 *
7 * Licensed under the Academic Free License version 2.1
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 *
23 */
24
25 #include <config.h>
26 #include "dbus-internals.h"
27 #include "dbus-sha.h"
28 #include "dbus-marshal-basic.h" /* for byteswap routines */
29 #include <string.h>
30
31 /* The following comments have the history of where this code
32 * comes from. I actually copied it from GNet in GNOME CVS.
33 * - hp@redhat.com
34 */
35
36 /*
37 * sha.h : Implementation of the Secure Hash Algorithm
38 *
39 * Part of the Python Cryptography Toolkit, version 1.0.0
40 *
41 * Copyright (C) 1995, A.M. Kuchling
42 *
43 * Distribute and use freely; there are no restrictions on further
44 * dissemination and usage except those imposed by the laws of your
45 * country of residence.
46 *
47 */
48
49 /* SHA: NIST's Secure Hash Algorithm */
50
51 /* Based on SHA code originally posted to sci.crypt by Peter Gutmann
52 in message <30ajo5$oe8@ccu2.auckland.ac.nz>.
53 Modified to test for endianness on creation of SHA objects by AMK.
54 Also, the original specification of SHA was found to have a weakness
55 by NSA/NIST. This code implements the fixed version of SHA.
56 */
57
58 /* Here's the first paragraph of Peter Gutmann's posting:
59
60 The following is my SHA (FIPS 180) code updated to allow use of the "fixed"
61 SHA, thanks to Jim Gillogly and an anonymous contributor for the information on
62 what's changed in the new version. The fix is a simple change which involves
63 adding a single rotate in the initial expansion function. It is unknown
64 whether this is an optimal solution to the problem which was discovered in the
65 SHA or whether it's simply a bandaid which fixes the problem with a minimum of
66 effort (for example the reengineering of a great many Capstone chips).
67 */
68
69 /**
70 * @defgroup DBusSHA SHA implementation
71 * @ingroup DBusInternals
72 * @brief SHA-1 hash
73 *
74 * Types and functions related to computing SHA-1 hash.
75 */
76
77 /**
78 * @defgroup DBusSHAInternals SHA implementation details
79 * @ingroup DBusInternals
80 * @brief Internals of SHA implementation.
81 *
82 * The implementation of SHA-1 (see http://www.itl.nist.gov/fipspubs/fip180-1.htm).
83 * This SHA implementation was written by A.M. Kuchling
84 *
85 * @{
86 */
87
88 #ifndef DOXYGEN_SHOULD_SKIP_THIS
89
90 /* The SHA block size and message digest sizes, in bytes */
91
92 #define SHA_DATASIZE 64
93 #define SHA_DIGESTSIZE 20
94
95 /* The SHA f()-functions. The f1 and f3 functions can be optimized to
96 save one boolean operation each - thanks to Rich Schroeppel,
97 rcs@cs.arizona.edu for discovering this */
98
99 /*#define f1(x,y,z) ( ( x & y ) | ( ~x & z ) ) // Rounds 0-19 */
100 #define f1(x,y,z) ( z ^ ( x & ( y ^ z ) ) ) /* Rounds 0-19 */
101 #define f2(x,y,z) ( x ^ y ^ z ) /* Rounds 20-39 */
102 /*#define f3(x,y,z) ( ( x & y ) | ( x & z ) | ( y & z ) ) // Rounds 40-59 */
103 #define f3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) ) /* Rounds 40-59 */
104 #define f4(x,y,z) ( x ^ y ^ z ) /* Rounds 60-79 */
105
106 /* The SHA Mysterious Constants */
107
108 #define K1 0x5A827999L /* Rounds 0-19 */
109 #define K2 0x6ED9EBA1L /* Rounds 20-39 */
110 #define K3 0x8F1BBCDCL /* Rounds 40-59 */
111 #define K4 0xCA62C1D6L /* Rounds 60-79 */
112
113 /* SHA initial values */
114
115 #define h0init 0x67452301L
116 #define h1init 0xEFCDAB89L
117 #define h2init 0x98BADCFEL
118 #define h3init 0x10325476L
119 #define h4init 0xC3D2E1F0L
120
121 /* Note that it may be necessary to add parentheses to these macros if they
122 are to be called with expressions as arguments */
123 /* 32-bit rotate left - kludged with shifts */
124
125 #define ROTL(n,X) ( ( ( X ) << n ) | ( ( X ) >> ( 32 - n ) ) )
126
127 /* The initial expanding function. The hash function is defined over an
128 80-word expanded input array W, where the first 16 are copies of the input
129 data, and the remaining 64 are defined by
130
131 W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
132
133 This implementation generates these values on the fly in a circular
134 buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this
135 optimization.
136
137 The updated SHA changes the expanding function by adding a rotate of 1
138 bit. Thanks to Jim Gillogly, jim@rand.org, and an anonymous contributor
139 for this information */
140
141 #define expand(W,i) ( W[ i & 15 ] = ROTL( 1, ( W[ i & 15 ] ^ W[ (i - 14) & 15 ] ^ \
142 W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] ) ) )
143
144
145 /* The prototype SHA sub-round. The fundamental sub-round is:
146
147 a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
148 b' = a;
149 c' = ROTL( 30, b );
150 d' = c;
151 e' = d;
152
153 but this is implemented by unrolling the loop 5 times and renaming the
154 variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
155 This code is then replicated 20 times for each of the 4 functions, using
156 the next 20 values from the W[] array each time */
157
158 #define subRound(a, b, c, d, e, f, k, data) \
159 ( e += ROTL( 5, a ) + f( b, c, d ) + k + data, b = ROTL( 30, b ) )
160
161 #endif /* !DOXYGEN_SHOULD_SKIP_THIS */
162
163 /* Perform the SHA transformation. Note that this code, like MD5, seems to
164 break some optimizing compilers due to the complexity of the expressions
165 and the size of the basic block. It may be necessary to split it into
166 sections, e.g. based on the four subrounds
167
168 Note that this corrupts the context->data area */
169
170 static void
SHATransform(dbus_uint32_t * digest,dbus_uint32_t * data)171 SHATransform(dbus_uint32_t *digest, dbus_uint32_t *data)
172 {
173 dbus_uint32_t A, B, C, D, E; /* Local vars */
174 dbus_uint32_t eData[16]; /* Expanded data */
175
176 /* Set up first buffer and local data buffer */
177 A = digest[0];
178 B = digest[1];
179 C = digest[2];
180 D = digest[3];
181 E = digest[4];
182 memmove (eData, data, SHA_DATASIZE);
183
184 /* Heavy mangling, in 4 sub-rounds of 20 interations each. */
185 subRound (A, B, C, D, E, f1, K1, eData[0]);
186 subRound (E, A, B, C, D, f1, K1, eData[1]);
187 subRound (D, E, A, B, C, f1, K1, eData[2]);
188 subRound (C, D, E, A, B, f1, K1, eData[3]);
189 subRound (B, C, D, E, A, f1, K1, eData[4]);
190 subRound (A, B, C, D, E, f1, K1, eData[5]);
191 subRound (E, A, B, C, D, f1, K1, eData[6]);
192 subRound (D, E, A, B, C, f1, K1, eData[7]);
193 subRound (C, D, E, A, B, f1, K1, eData[8]);
194 subRound (B, C, D, E, A, f1, K1, eData[9]);
195 subRound (A, B, C, D, E, f1, K1, eData[10]);
196 subRound (E, A, B, C, D, f1, K1, eData[11]);
197 subRound (D, E, A, B, C, f1, K1, eData[12]);
198 subRound (C, D, E, A, B, f1, K1, eData[13]);
199 subRound (B, C, D, E, A, f1, K1, eData[14]);
200 subRound (A, B, C, D, E, f1, K1, eData[15]);
201 subRound (E, A, B, C, D, f1, K1, expand ( eData, 16) );
202 subRound (D, E, A, B, C, f1, K1, expand ( eData, 17) );
203 subRound (C, D, E, A, B, f1, K1, expand ( eData, 18) );
204 subRound (B, C, D, E, A, f1, K1, expand ( eData, 19) );
205
206 subRound (A, B, C, D, E, f2, K2, expand ( eData, 20) );
207 subRound (E, A, B, C, D, f2, K2, expand ( eData, 21) );
208 subRound (D, E, A, B, C, f2, K2, expand ( eData, 22) );
209 subRound (C, D, E, A, B, f2, K2, expand ( eData, 23) );
210 subRound (B, C, D, E, A, f2, K2, expand ( eData, 24) );
211 subRound (A, B, C, D, E, f2, K2, expand ( eData, 25) );
212 subRound (E, A, B, C, D, f2, K2, expand ( eData, 26) );
213 subRound (D, E, A, B, C, f2, K2, expand ( eData, 27) );
214 subRound (C, D, E, A, B, f2, K2, expand ( eData, 28) );
215 subRound (B, C, D, E, A, f2, K2, expand ( eData, 29) );
216 subRound (A, B, C, D, E, f2, K2, expand ( eData, 30) );
217 subRound (E, A, B, C, D, f2, K2, expand ( eData, 31) );
218 subRound (D, E, A, B, C, f2, K2, expand ( eData, 32) );
219 subRound (C, D, E, A, B, f2, K2, expand ( eData, 33) );
220 subRound (B, C, D, E, A, f2, K2, expand ( eData, 34) );
221 subRound (A, B, C, D, E, f2, K2, expand ( eData, 35) );
222 subRound (E, A, B, C, D, f2, K2, expand ( eData, 36) );
223 subRound (D, E, A, B, C, f2, K2, expand ( eData, 37) );
224 subRound (C, D, E, A, B, f2, K2, expand ( eData, 38) );
225 subRound (B, C, D, E, A, f2, K2, expand ( eData, 39) );
226
227 subRound (A, B, C, D, E, f3, K3, expand ( eData, 40) );
228 subRound (E, A, B, C, D, f3, K3, expand ( eData, 41) );
229 subRound (D, E, A, B, C, f3, K3, expand ( eData, 42) );
230 subRound (C, D, E, A, B, f3, K3, expand ( eData, 43) );
231 subRound (B, C, D, E, A, f3, K3, expand ( eData, 44) );
232 subRound (A, B, C, D, E, f3, K3, expand ( eData, 45) );
233 subRound (E, A, B, C, D, f3, K3, expand ( eData, 46) );
234 subRound (D, E, A, B, C, f3, K3, expand ( eData, 47) );
235 subRound (C, D, E, A, B, f3, K3, expand ( eData, 48) );
236 subRound (B, C, D, E, A, f3, K3, expand ( eData, 49) );
237 subRound (A, B, C, D, E, f3, K3, expand ( eData, 50) );
238 subRound (E, A, B, C, D, f3, K3, expand ( eData, 51) );
239 subRound (D, E, A, B, C, f3, K3, expand ( eData, 52) );
240 subRound (C, D, E, A, B, f3, K3, expand ( eData, 53) );
241 subRound (B, C, D, E, A, f3, K3, expand ( eData, 54) );
242 subRound (A, B, C, D, E, f3, K3, expand ( eData, 55) );
243 subRound (E, A, B, C, D, f3, K3, expand ( eData, 56) );
244 subRound (D, E, A, B, C, f3, K3, expand ( eData, 57) );
245 subRound (C, D, E, A, B, f3, K3, expand ( eData, 58) );
246 subRound (B, C, D, E, A, f3, K3, expand ( eData, 59) );
247
248 subRound (A, B, C, D, E, f4, K4, expand ( eData, 60) );
249 subRound (E, A, B, C, D, f4, K4, expand ( eData, 61) );
250 subRound (D, E, A, B, C, f4, K4, expand ( eData, 62) );
251 subRound (C, D, E, A, B, f4, K4, expand ( eData, 63) );
252 subRound (B, C, D, E, A, f4, K4, expand ( eData, 64) );
253 subRound (A, B, C, D, E, f4, K4, expand ( eData, 65) );
254 subRound (E, A, B, C, D, f4, K4, expand ( eData, 66) );
255 subRound (D, E, A, B, C, f4, K4, expand ( eData, 67) );
256 subRound (C, D, E, A, B, f4, K4, expand ( eData, 68) );
257 subRound (B, C, D, E, A, f4, K4, expand ( eData, 69) );
258 subRound (A, B, C, D, E, f4, K4, expand ( eData, 70) );
259 subRound (E, A, B, C, D, f4, K4, expand ( eData, 71) );
260 subRound (D, E, A, B, C, f4, K4, expand ( eData, 72) );
261 subRound (C, D, E, A, B, f4, K4, expand ( eData, 73) );
262 subRound (B, C, D, E, A, f4, K4, expand ( eData, 74) );
263 subRound (A, B, C, D, E, f4, K4, expand ( eData, 75) );
264 subRound (E, A, B, C, D, f4, K4, expand ( eData, 76) );
265 subRound (D, E, A, B, C, f4, K4, expand ( eData, 77) );
266 subRound (C, D, E, A, B, f4, K4, expand ( eData, 78) );
267 subRound (B, C, D, E, A, f4, K4, expand ( eData, 79) );
268
269 /* Build message digest */
270 digest[0] += A;
271 digest[1] += B;
272 digest[2] += C;
273 digest[3] += D;
274 digest[4] += E;
275 }
276
277 /* When run on a little-endian CPU we need to perform byte reversal on an
278 array of longwords. */
279
280 #ifdef WORDS_BIGENDIAN
281 #define swap_words(buffer, byte_count)
282 #else
283 static void
swap_words(dbus_uint32_t * buffer,int byte_count)284 swap_words (dbus_uint32_t *buffer,
285 int byte_count)
286 {
287 byte_count /= sizeof (dbus_uint32_t);
288 while (byte_count--)
289 {
290 *buffer = DBUS_UINT32_SWAP_LE_BE (*buffer);
291 ++buffer;
292 }
293 }
294 #endif
295
296 static void
sha_init(DBusSHAContext * context)297 sha_init (DBusSHAContext *context)
298 {
299 /* Set the h-vars to their initial values */
300 context->digest[0] = h0init;
301 context->digest[1] = h1init;
302 context->digest[2] = h2init;
303 context->digest[3] = h3init;
304 context->digest[4] = h4init;
305
306 /* Initialise bit count */
307 context->count_lo = context->count_hi = 0;
308 }
309
310 static void
sha_append(DBusSHAContext * context,const unsigned char * buffer,unsigned int count)311 sha_append (DBusSHAContext *context,
312 const unsigned char *buffer,
313 unsigned int count)
314 {
315 dbus_uint32_t tmp;
316 unsigned int dataCount;
317
318 /* Update bitcount */
319 tmp = context->count_lo;
320 if (( context->count_lo = tmp + ( ( dbus_uint32_t) count << 3) ) < tmp)
321 context->count_hi++; /* Carry from low to high */
322 context->count_hi += count >> 29;
323
324 /* Get count of bytes already in data */
325 dataCount = (int) (tmp >> 3) & 0x3F;
326
327 /* Handle any leading odd-sized chunks */
328 if (dataCount)
329 {
330 unsigned char *p = (unsigned char *) context->data + dataCount;
331
332 dataCount = SHA_DATASIZE - dataCount;
333 if (count < dataCount)
334 {
335 memmove (p, buffer, count);
336 return;
337 }
338 memmove (p, buffer, dataCount);
339 swap_words (context->data, SHA_DATASIZE);
340 SHATransform (context->digest, context->data);
341 buffer += dataCount;
342 count -= dataCount;
343 }
344
345 /* Process data in SHA_DATASIZE chunks */
346 while (count >= SHA_DATASIZE)
347 {
348 memmove (context->data, buffer, SHA_DATASIZE);
349 swap_words (context->data, SHA_DATASIZE);
350 SHATransform (context->digest, context->data);
351 buffer += SHA_DATASIZE;
352 count -= SHA_DATASIZE;
353 }
354
355 /* Handle any remaining bytes of data. */
356 memmove (context->data, buffer, count);
357 }
358
359
360 /* Final wrapup - pad to SHA_DATASIZE-byte boundary with the bit pattern
361 1 0* (64-bit count of bits processed, MSB-first) */
362
363 static void
sha_finish(DBusSHAContext * context,unsigned char digest[20])364 sha_finish (DBusSHAContext *context, unsigned char digest[20])
365 {
366 int count;
367 unsigned char *data_p;
368
369 /* Compute number of bytes mod 64 */
370 count = (int) context->count_lo;
371 count = (count >> 3) & 0x3F;
372
373 /* Set the first char of padding to 0x80. This is safe since there is
374 always at least one byte free */
375 data_p = (unsigned char *) context->data + count;
376 *data_p++ = 0x80;
377
378 /* Bytes of padding needed to make 64 bytes */
379 count = SHA_DATASIZE - 1 - count;
380
381 /* Pad out to 56 mod 64 */
382 if (count < 8)
383 {
384 /* Two lots of padding: Pad the first block to 64 bytes */
385 memset (data_p, 0, count);
386 swap_words (context->data, SHA_DATASIZE);
387 SHATransform (context->digest, context->data);
388
389 /* Now fill the next block with 56 bytes */
390 memset (context->data, 0, SHA_DATASIZE - 8);
391 }
392 else
393 /* Pad block to 56 bytes */
394 memset (data_p, 0, count - 8);
395
396 /* Append length in bits and transform */
397 context->data[14] = context->count_hi;
398 context->data[15] = context->count_lo;
399
400 swap_words (context->data, SHA_DATASIZE - 8);
401 SHATransform (context->digest, context->data);
402 swap_words (context->digest, SHA_DIGESTSIZE);
403 memmove (digest, context->digest, SHA_DIGESTSIZE);
404 }
405
406 /** @} */ /* End of internals */
407
408 /**
409 * @addtogroup DBusSHA
410 *
411 * @{
412 */
413
414 /**
415 * Initializes the SHA context.
416 *
417 * @param context an uninitialized context, typically on the stack.
418 */
419 void
_dbus_sha_init(DBusSHAContext * context)420 _dbus_sha_init (DBusSHAContext *context)
421 {
422 sha_init (context);
423 }
424
425 /**
426 * Feeds more data into an existing shasum computation.
427 *
428 * @param context the SHA context
429 * @param data the additional data to hash
430 */
431 void
_dbus_sha_update(DBusSHAContext * context,const DBusString * data)432 _dbus_sha_update (DBusSHAContext *context,
433 const DBusString *data)
434 {
435 unsigned int inputLen;
436 const unsigned char *input;
437
438 input = (const unsigned char*) _dbus_string_get_const_data (data);
439 inputLen = _dbus_string_get_length (data);
440
441 sha_append (context, input, inputLen);
442 }
443
444 /**
445 * SHA finalization. Ends an SHA message-digest operation, writing the
446 * the message digest and zeroing the context. The results are
447 * returned as a raw 20-byte digest, not as the ascii-hex-digits
448 * string form of the digest.
449 *
450 * @param context the SHA context
451 * @param results string to append the 20-byte SHA digest to
452 * @returns #FALSE if not enough memory to append the digest
453 *
454 */
455 dbus_bool_t
_dbus_sha_final(DBusSHAContext * context,DBusString * results)456 _dbus_sha_final (DBusSHAContext *context,
457 DBusString *results)
458 {
459 unsigned char digest[20];
460
461 sha_finish (context, digest);
462
463 if (!_dbus_string_append_len (results, digest, 20))
464 return FALSE;
465
466 /* some kind of security paranoia, though it seems pointless
467 * to me given the nonzeroed stuff flying around
468 */
469 _DBUS_ZERO(*context);
470
471 return TRUE;
472 }
473
474 /**
475 * Computes the ASCII hex-encoded shasum of the given data and
476 * appends it to the output string.
477 *
478 * @param data input data to be hashed
479 * @param ascii_output string to append ASCII shasum to
480 * @returns #FALSE if not enough memory
481 */
482 dbus_bool_t
_dbus_sha_compute(const DBusString * data,DBusString * ascii_output)483 _dbus_sha_compute (const DBusString *data,
484 DBusString *ascii_output)
485 {
486 DBusSHAContext context;
487 DBusString digest;
488
489 _dbus_sha_init (&context);
490
491 _dbus_sha_update (&context, data);
492
493 if (!_dbus_string_init (&digest))
494 return FALSE;
495
496 if (!_dbus_sha_final (&context, &digest))
497 goto error;
498
499 if (!_dbus_string_hex_encode (&digest, 0, ascii_output,
500 _dbus_string_get_length (ascii_output)))
501 goto error;
502
503 _dbus_string_free (&digest);
504
505 return TRUE;
506
507 error:
508 _dbus_string_free (&digest);
509 return FALSE;
510 }
511
512 /** @} */ /* end of exported functions */
513
514 #ifdef DBUS_BUILD_TESTS
515 #include "dbus-test.h"
516 #include <stdio.h>
517
518 static dbus_bool_t
check_sha_binary(const unsigned char * input,int input_len,const char * expected)519 check_sha_binary (const unsigned char *input,
520 int input_len,
521 const char *expected)
522 {
523 DBusString input_str;
524 DBusString expected_str;
525 DBusString results;
526
527 _dbus_string_init_const_len (&input_str, input, input_len);
528 _dbus_string_init_const (&expected_str, expected);
529
530 if (!_dbus_string_init (&results))
531 _dbus_assert_not_reached ("no memory for SHA-1 results");
532
533 if (!_dbus_sha_compute (&input_str, &results))
534 _dbus_assert_not_reached ("no memory for SHA-1 results");
535
536 if (!_dbus_string_equal (&expected_str, &results))
537 {
538 _dbus_warn ("Expected hash %s got %s for SHA-1 sum\n",
539 expected,
540 _dbus_string_get_const_data (&results));
541 _dbus_string_free (&results);
542 return FALSE;
543 }
544
545 _dbus_string_free (&results);
546 return TRUE;
547 }
548
549 static dbus_bool_t
check_sha_str(const char * input,const char * expected)550 check_sha_str (const char *input,
551 const char *expected)
552 {
553 return check_sha_binary (input, strlen (input), expected);
554 }
555
556 static dbus_bool_t
decode_compact_string(const DBusString * line,DBusString * decoded)557 decode_compact_string (const DBusString *line,
558 DBusString *decoded)
559 {
560 int n_bits;
561 dbus_bool_t current_b;
562 int offset;
563 int next;
564 long val;
565 int length_bytes;
566
567 offset = 0;
568 next = 0;
569
570 if (!_dbus_string_parse_int (line, offset, &val, &next))
571 {
572 fprintf (stderr, "could not parse length at start of compact string: %s\n",
573 _dbus_string_get_const_data (line));
574 return FALSE;
575 }
576
577 _dbus_string_skip_blank (line, next, &next);
578
579 offset = next;
580 if (!_dbus_string_parse_int (line, offset, &val, &next))
581 {
582 fprintf (stderr, "could not parse start bit 'b' in compact string: %s\n",
583 _dbus_string_get_const_data (line));
584 return FALSE;
585 }
586
587 if (!(val == 0 || val == 1))
588 {
589 fprintf (stderr, "the value 'b' must be 0 or 1, see sha-1/Readme.txt\n");
590 return FALSE;
591 }
592
593 _dbus_string_skip_blank (line, next, &next);
594
595 current_b = val;
596 n_bits = 0;
597
598 while (next < _dbus_string_get_length (line))
599 {
600 int total_bits;
601
602 offset = next;
603
604 if (_dbus_string_get_byte (line, offset) == '^')
605 break;
606
607 if (!_dbus_string_parse_int (line, offset, &val, &next))
608 {
609 fprintf (stderr, "could not parse bit count in compact string\n");
610 return FALSE;
611 }
612
613 /* We now append "val" copies of "current_b" bits to the string */
614 total_bits = n_bits + val;
615 while (n_bits < total_bits)
616 {
617 int byte_containing_next_bit = n_bits / 8;
618 int bit_containing_next_bit = 7 - (n_bits % 8);
619 unsigned char old_byte;
620
621 if (byte_containing_next_bit >= _dbus_string_get_length (decoded))
622 {
623 if (!_dbus_string_set_length (decoded, byte_containing_next_bit + 1))
624 _dbus_assert_not_reached ("no memory to extend to next byte");
625 }
626
627 old_byte = _dbus_string_get_byte (decoded, byte_containing_next_bit);
628 old_byte |= current_b << bit_containing_next_bit;
629
630 #if 0
631 printf ("Appending bit %d to byte %d at bit %d resulting in byte 0x%x\n",
632 current_b, byte_containing_next_bit,
633 bit_containing_next_bit, old_byte);
634 #endif
635
636 _dbus_string_set_byte (decoded, byte_containing_next_bit, old_byte);
637
638 ++n_bits;
639 }
640
641 _dbus_string_skip_blank (line, next, &next);
642
643 current_b = !current_b;
644 }
645
646 length_bytes = (n_bits / 8 + ((n_bits % 8) ? 1 : 0));
647
648 if (_dbus_string_get_length (decoded) != length_bytes)
649 {
650 fprintf (stderr, "Expected length %d bytes %d bits for compact string, got %d bytes\n",
651 length_bytes, n_bits, _dbus_string_get_length (decoded));
652 return FALSE;
653 }
654 else
655 return TRUE;
656 }
657
658 static dbus_bool_t
get_next_expected_result(DBusString * results,DBusString * result)659 get_next_expected_result (DBusString *results,
660 DBusString *result)
661 {
662 DBusString line;
663 dbus_bool_t retval;
664
665 retval = FALSE;
666
667 if (!_dbus_string_init (&line))
668 _dbus_assert_not_reached ("no memory");
669
670 next_iteration:
671 while (_dbus_string_pop_line (results, &line))
672 {
673 _dbus_string_delete_leading_blanks (&line);
674
675 if (_dbus_string_get_length (&line) == 0)
676 goto next_iteration;
677 else if (_dbus_string_starts_with_c_str (&line, "#"))
678 goto next_iteration;
679 else if (_dbus_string_starts_with_c_str (&line, "H>"))
680 {
681 /* don't print */
682 }
683 else if (_dbus_string_starts_with_c_str (&line, "D>") ||
684 _dbus_string_starts_with_c_str (&line, "<D"))
685 goto next_iteration;
686 else
687 {
688 int i;
689
690 if (!_dbus_string_move (&line, 0, result, 0))
691 _dbus_assert_not_reached ("no memory");
692
693 i = 0;
694 while (i < _dbus_string_get_length (result))
695 {
696 switch (_dbus_string_get_byte (result, i))
697 {
698 case 'A':
699 _dbus_string_set_byte (result, i, 'a');
700 break;
701 case 'B':
702 _dbus_string_set_byte (result, i, 'b');
703 break;
704 case 'C':
705 _dbus_string_set_byte (result, i, 'c');
706 break;
707 case 'D':
708 _dbus_string_set_byte (result, i, 'd');
709 break;
710 case 'E':
711 _dbus_string_set_byte (result, i, 'e');
712 break;
713 case 'F':
714 _dbus_string_set_byte (result, i, 'f');
715 break;
716 case '^':
717 case ' ':
718 _dbus_string_delete (result, i, 1);
719 --i; /* to offset ++i below */
720 break;
721 }
722
723 ++i;
724 }
725
726 break;
727 }
728 }
729
730 retval = TRUE;
731
732 /* out: */
733 _dbus_string_free (&line);
734 return retval;
735 }
736
737 static dbus_bool_t
process_test_data(const char * test_data_dir)738 process_test_data (const char *test_data_dir)
739 {
740 DBusString tests_file;
741 DBusString results_file;
742 DBusString tests;
743 DBusString results;
744 DBusString line;
745 DBusString tmp;
746 int line_no;
747 dbus_bool_t retval;
748 int success_count;
749 DBusError error = DBUS_ERROR_INIT;
750
751 retval = FALSE;
752
753 if (!_dbus_string_init (&tests_file))
754 _dbus_assert_not_reached ("no memory");
755
756 if (!_dbus_string_init (&results_file))
757 _dbus_assert_not_reached ("no memory");
758
759 if (!_dbus_string_init (&tests))
760 _dbus_assert_not_reached ("no memory");
761
762 if (!_dbus_string_init (&results))
763 _dbus_assert_not_reached ("no memory");
764
765 if (!_dbus_string_init (&line))
766 _dbus_assert_not_reached ("no memory");
767
768 if (!_dbus_string_append (&tests_file, test_data_dir))
769 _dbus_assert_not_reached ("no memory");
770
771 if (!_dbus_string_append (&results_file, test_data_dir))
772 _dbus_assert_not_reached ("no memory");
773
774 _dbus_string_init_const (&tmp, "sha-1/byte-messages.sha1");
775 if (!_dbus_concat_dir_and_file (&tests_file, &tmp))
776 _dbus_assert_not_reached ("no memory");
777
778 _dbus_string_init_const (&tmp, "sha-1/byte-hashes.sha1");
779 if (!_dbus_concat_dir_and_file (&results_file, &tmp))
780 _dbus_assert_not_reached ("no memory");
781
782 if (!_dbus_file_get_contents (&tests, &tests_file, &error))
783 {
784 fprintf (stderr, "could not load test data file %s: %s\n",
785 _dbus_string_get_const_data (&tests_file),
786 error.message);
787 dbus_error_free (&error);
788 goto out;
789 }
790
791 if (!_dbus_file_get_contents (&results, &results_file, &error))
792 {
793 fprintf (stderr, "could not load results data file %s: %s\n",
794 _dbus_string_get_const_data (&results_file), error.message);
795 dbus_error_free (&error);
796 goto out;
797 }
798
799 success_count = 0;
800 line_no = 0;
801 next_iteration:
802 while (_dbus_string_pop_line (&tests, &line))
803 {
804 line_no += 1;
805
806 _dbus_string_delete_leading_blanks (&line);
807
808 if (_dbus_string_get_length (&line) == 0)
809 goto next_iteration;
810 else if (_dbus_string_starts_with_c_str (&line, "#"))
811 goto next_iteration;
812 else if (_dbus_string_starts_with_c_str (&line, "H>"))
813 {
814 printf ("SHA-1: %s\n", _dbus_string_get_const_data (&line));
815
816 if (_dbus_string_find (&line, 0, "Type 3", NULL))
817 {
818 /* See sha-1/Readme.txt - the "Type 3" tests are
819 * random seeds, rather than data to be hashed.
820 * we'd have to do a little bit more implementation
821 * to use those tests.
822 */
823
824 printf (" (ending tests due to Type 3 tests seen - this is normal)\n");
825 break;
826 }
827 }
828 else if (_dbus_string_starts_with_c_str (&line, "D>") ||
829 _dbus_string_starts_with_c_str (&line, "<D"))
830 goto next_iteration;
831 else
832 {
833 DBusString test;
834 DBusString result;
835 DBusString next_line;
836 DBusString expected;
837 dbus_bool_t success;
838
839 success = FALSE;
840
841 if (!_dbus_string_init (&next_line))
842 _dbus_assert_not_reached ("no memory");
843
844 if (!_dbus_string_init (&expected))
845 _dbus_assert_not_reached ("no memory");
846
847 if (!_dbus_string_init (&test))
848 _dbus_assert_not_reached ("no memory");
849
850 if (!_dbus_string_init (&result))
851 _dbus_assert_not_reached ("no memory");
852
853 /* the "compact strings" are "^"-terminated not
854 * newline-terminated so readahead to find the
855 * "^"
856 */
857 while (!_dbus_string_find (&line, 0, "^", NULL) &&
858 _dbus_string_pop_line (&tests, &next_line))
859 {
860 if (!_dbus_string_append_byte (&line, ' ') ||
861 !_dbus_string_move (&next_line, 0, &line,
862 _dbus_string_get_length (&line)))
863 _dbus_assert_not_reached ("no memory");
864 }
865
866 if (!decode_compact_string (&line, &test))
867 {
868 fprintf (stderr, "Failed to decode line %d as a compact string\n",
869 line_no);
870 goto failure;
871 }
872
873 if (!_dbus_sha_compute (&test, &result))
874 _dbus_assert_not_reached ("no memory for SHA-1 result");
875
876 if (!get_next_expected_result (&results, &expected))
877 {
878 fprintf (stderr, "Failed to read an expected result\n");
879 goto failure;
880 }
881
882 if (!_dbus_string_equal (&result, &expected))
883 {
884 fprintf (stderr, " for line %d got hash %s expected %s\n",
885 line_no,
886 _dbus_string_get_const_data (&result),
887 _dbus_string_get_const_data (&expected));
888 goto failure;
889 }
890 else
891 {
892 success_count += 1;
893 }
894
895 success = TRUE;
896
897 failure:
898 _dbus_string_free (&test);
899 _dbus_string_free (&result);
900 _dbus_string_free (&next_line);
901 _dbus_string_free (&expected);
902
903 if (!success)
904 goto out;
905 }
906 }
907
908 retval = TRUE;
909
910 printf ("Passed the %d SHA-1 tests in the test file\n",
911 success_count);
912
913 out:
914 _dbus_string_free (&tests_file);
915 _dbus_string_free (&results_file);
916 _dbus_string_free (&tests);
917 _dbus_string_free (&results);
918 _dbus_string_free (&line);
919
920 return retval;
921 }
922
923 /**
924 * @ingroup DBusSHAInternals
925 * Unit test for SHA computation.
926 *
927 * @returns #TRUE on success.
928 */
929 dbus_bool_t
_dbus_sha_test(const char * test_data_dir)930 _dbus_sha_test (const char *test_data_dir)
931 {
932 unsigned char all_bytes[256];
933 int i;
934
935 if (test_data_dir != NULL)
936 {
937 if (!process_test_data (test_data_dir))
938 return FALSE;
939 }
940 else
941 printf ("No test data dir\n");
942
943 i = 0;
944 while (i < 256)
945 {
946 all_bytes[i] = i;
947 ++i;
948 }
949
950 if (!check_sha_binary (all_bytes, 256,
951 "4916d6bdb7f78e6803698cab32d1586ea457dfc8"))
952 return FALSE;
953
954 #define CHECK(input,expected) if (!check_sha_str (input, expected)) return FALSE
955
956 CHECK ("", "da39a3ee5e6b4b0d3255bfef95601890afd80709");
957 CHECK ("a", "86f7e437faa5a7fce15d1ddcb9eaeaea377667b8");
958 CHECK ("abc", "a9993e364706816aba3e25717850c26c9cd0d89d");
959 CHECK ("message digest", "c12252ceda8be8994d5fa0290a47231c1d16aae3");
960 CHECK ("abcdefghijklmnopqrstuvwxyz", "32d10c7b8cf96570ca04ce37f2a19d84240d3a89");
961 CHECK ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
962 "761c457bf73b14d27e9e9265c46f4b4dda11f940");
963 CHECK ("12345678901234567890123456789012345678901234567890123456789012345678901234567890",
964 "50abf5706a150990a08b2c5ea40fa0e585554732");
965
966 return TRUE;
967 }
968
969 #endif /* DBUS_BUILD_TESTS */
970