perl -pi -e 's/librad_SHA1/SHA1/g;s/SHA1_CTX/fr_SHA1_CTX/g;s/SHA1Transform/fr_SHA1Transform/g;s/SHA1Init/fr_SHA1Init/g;s/SHA1Update/fr_SHA1Update/g;s/SHA1Final/fr_SHA1Final/g;s/SHA1FinalNoLen/fr_SHA1FinalNoLen/g;s/lrad_hmac_sha1/fr_hmac_sha1/g;' `cat files`
/* hmacsha1.c */
-void lrad_hmac_sha1(const uint8_t *text, int text_len,
+void fr_hmac_sha1(const uint8_t *text, int text_len,
const uint8_t *key, int key_len,
uint8_t *digest);
* FreeRADIUS defines to ensure globally unique SHA1 function names,
* so that we don't pick up vendor-specific broken SHA1 libraries.
*/
-#define SHA1_CTX librad_SHA1_CTX
-#define SHA1Transform librad_SHA1Transform
-#define SHA1Init librad_SHA1Init
-#define SHA1Update librad_SHA1Update
-#define SHA1Final librad_SHA1Final
+#define fr_SHA1_CTX fr_SHA1_CTX
+#define fr_SHA1Transform fr_SHA1Transform
+#define fr_SHA1Init fr_SHA1Init
+#define fr_SHA1Update fr_SHA1Update
+#define fr_SHA1Final fr_SHA1Final
typedef struct {
uint32_t state[5];
uint32_t count[2];
uint8_t buffer[64];
-} SHA1_CTX;
+} fr_SHA1_CTX;
-void SHA1Transform(uint32_t state[5], const uint8_t buffer[64]);
-void SHA1Init(SHA1_CTX* context);
-void SHA1Update(SHA1_CTX* context, const uint8_t* data, unsigned int len);
-void SHA1Final(uint8_t digest[20], SHA1_CTX* context);
+void fr_SHA1Transform(uint32_t state[5], const uint8_t buffer[64]);
+void fr_SHA1Init(fr_SHA1_CTX* context);
+void fr_SHA1Update(fr_SHA1_CTX* context, const uint8_t* data, unsigned int len);
+void fr_SHA1Final(uint8_t digest[20], fr_SHA1_CTX* context);
/*
* this version implements a raw SHA1 transform, no length is appended,
* nor any 128s out to the block size.
*/
-void SHA1FinalNoLen(uint8_t digest[20], SHA1_CTX* context);
+void fr_fr_SHA1FinalNoLen(uint8_t digest[20], fr_SHA1_CTX* context);
/*
* FIPS 186-2 PRF based upon SHA1.
#endif
void
-lrad_hmac_sha1(const uint8_t *text, int text_len,
+fr_hmac_sha1(const uint8_t *text, int text_len,
const uint8_t *key, int key_len,
uint8_t *digest)
{
- SHA1_CTX context;
+ fr_SHA1_CTX context;
uint8_t k_ipad[65]; /* inner padding -
* key XORd with ipad
*/
/* if key is longer than 64 bytes reset it to key=SHA1(key) */
if (key_len > 64) {
- SHA1_CTX tctx;
+ fr_SHA1_CTX tctx;
- SHA1Init(&tctx);
- SHA1Update(&tctx, key, key_len);
- SHA1Final(tk, &tctx);
+ fr_SHA1Init(&tctx);
+ fr_SHA1Update(&tctx, key, key_len);
+ fr_SHA1Final(tk, &tctx);
key = tk;
key_len = 20;
/*
* perform inner SHA1
*/
- SHA1Init(&context); /* init context for 1st
+ fr_SHA1Init(&context); /* init context for 1st
* pass */
- SHA1Update(&context, k_ipad, 64); /* start with inner pad */
- SHA1Update(&context, text, text_len); /* then text of datagram */
- SHA1Final(digest, &context); /* finish up 1st pass */
+ fr_SHA1Update(&context, k_ipad, 64); /* start with inner pad */
+ fr_SHA1Update(&context, text, text_len); /* then text of datagram */
+ fr_SHA1Final(digest, &context); /* finish up 1st pass */
/*
* perform outer MD5
*/
- SHA1Init(&context); /* init context for 2nd
+ fr_SHA1Init(&context); /* init context for 2nd
* pass */
- SHA1Update(&context, k_opad, 64); /* start with outer pad */
- SHA1Update(&context, digest, 20); /* then results of 1st
+ fr_SHA1Update(&context, k_opad, 64); /* start with outer pad */
+ fr_SHA1Update(&context, digest, 20); /* then results of 1st
* hash */
- SHA1Final(digest, &context); /* finish up 2nd pass */
+ fr_SHA1Final(digest, &context); /* finish up 2nd pass */
#ifdef HMAC_SHA1_DATA_PROBLEMS
if(sha1_data_problems)
text = argv[2];
text_len = strlen(text);
- lrad_hmac_sha1(text, text_len, key, key_len, digest);
+ fr_hmac_sha1(text, text_len, key, key_len, digest);
for (i = 0; i < 20; i++) {
printf("%02x", digest[i]);
/* Hash a single 512-bit block. This is the core of the algorithm. */
-void SHA1Transform(uint32_t state[5], const uint8_t buffer[64])
+void fr_SHA1Transform(uint32_t state[5], const uint8_t buffer[64])
{
uint32_t a, b, c, d, e;
typedef union {
}
-/* SHA1Init - Initialize new context */
+/* fr_SHA1Init - Initialize new context */
-void SHA1Init(SHA1_CTX* context)
+void fr_SHA1Init(fr_SHA1_CTX* context)
{
/* SHA1 initialization constants */
context->state[0] = 0x67452301;
/* Run your data through this. */
-void SHA1Update(SHA1_CTX* context, const uint8_t* data, unsigned int len)
+void fr_SHA1Update(fr_SHA1_CTX* context, const uint8_t* data, unsigned int len)
{
unsigned int i, j;
context->count[1] += (len >> 29);
if ((j + len) > 63) {
memcpy(&context->buffer[j], data, (i = 64-j));
- SHA1Transform(context->state, context->buffer);
+ fr_SHA1Transform(context->state, context->buffer);
for ( ; i + 63 < len; i += 64) {
- SHA1Transform(context->state, &data[i]);
+ fr_SHA1Transform(context->state, &data[i]);
}
j = 0;
}
/* Add padding and return the message digest. */
-void SHA1Final(uint8_t digest[20], SHA1_CTX* context)
+void fr_SHA1Final(uint8_t digest[20], fr_SHA1_CTX* context)
{
uint32_t i, j;
uint8_t finalcount[8];
finalcount[i] = (uint8_t)((context->count[(i >= 4 ? 0 : 1)]
>> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
}
- SHA1Update(context, (const unsigned char *) "\200", 1);
+ fr_SHA1Update(context, (const unsigned char *) "\200", 1);
while ((context->count[0] & 504) != 448) {
- SHA1Update(context, (const unsigned char *) "\0", 1);
+ fr_SHA1Update(context, (const unsigned char *) "\0", 1);
}
- SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
+ fr_SHA1Update(context, finalcount, 8); /* Should cause a fr_SHA1Transform() */
for (i = 0; i < 20; i++) {
digest[i] = (uint8_t)
((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
memset(context->state, 0, 20);
memset(context->count, 0, 8);
memset(&finalcount, 0, 8);
-#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */
- SHA1Transform(context->state, context->buffer);
+#ifdef SHA1HANDSOFF /* make fr_SHA1Transform overwrite it's own static vars */
+ fr_SHA1Transform(context->state, context->buffer);
#endif
}
-void SHA1FinalNoLen(uint8_t digest[20], SHA1_CTX* context)
+void fr_fr_SHA1FinalNoLen(uint8_t digest[20], fr_SHA1_CTX* context)
{
uint32_t i, j;
memset(context->state, 0, 20);
memset(context->count, 0, 8);
-#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */
- SHA1Transform(context->state, context->buffer);
+#ifdef SHA1HANDSOFF /* make fr_SHA1Transform overwrite it's own static vars */
+ fr_SHA1Transform(context->state, context->buffer);
#endif
}
static void calc_sha1_digest(char * buffer, const char * challenge, int challen, const char * password){
char buf[1024];
int i;
- SHA1_CTX Context;
+ fr_SHA1_CTX Context;
memset(buf, 0, 1024);
memset(buf, 0x36, 64);
for(i=0; i<64 && password[i]; i++) buf[i]^=password[i];
memcpy(buf+64, challenge, challen);
- SHA1Init(&Context);
- SHA1Update(&Context,buf,64+challen);
+ fr_SHA1Init(&Context);
+ fr_SHA1Update(&Context,buf,64+challen);
memset(buf, 0x5c, 64);
for(i=0; i<64 && password[i]; i++) buf[i]^=password[i];
- SHA1Final(buf+64,&Context);
- SHA1Init(&Context);
- SHA1Update(&Context,buf,64+20);
- SHA1Final(buffer,&Context);
+ fr_SHA1Final(buf+64,&Context);
+ fr_SHA1Init(&Context);
+ fr_SHA1Update(&Context,buf,64+20);
+ fr_SHA1Final(buffer,&Context);
}
void eapsim_calculate_keys(struct eapsim_keys *ek)
{
- SHA1_CTX context;
+ fr_SHA1_CTX context;
uint8_t fk[160];
unsigned char buf[256];
unsigned char *p;
/* do the master key first */
- SHA1Init(&context);
- SHA1Update(&context, buf, blen);
- SHA1Final(ek->master_key, &context);
+ fr_SHA1Init(&context);
+ fr_SHA1Update(&context, buf, blen);
+ fr_SHA1Final(ek->master_key, &context);
/*
* now use the PRF to expand it, generated K_aut, K_encr,
memcpy(&hdr->data[encoded_size+1], append, appendlen);
/* HMAC it! */
- lrad_hmac_sha1(buffer, hmaclen,
+ fr_hmac_sha1(buffer, hmaclen,
vp->vp_octets, vp->length,
sha1digest);
}
/* now, HMAC-SHA1 it with the key. */
- lrad_hmac_sha1(buffer, len,
+ fr_hmac_sha1(buffer, len,
key, 16,
calcmac);
*/
void fips186_2prf(uint8_t mk[20], uint8_t finalkey[160])
{
- SHA1_CTX context;
+ fr_SHA1_CTX context;
int j;
onesixty xval, xkey, w_0, w_1, sum, one;
uint8_t *f;
xval = xkey;
/* b. w_0 = SHA1(XVAL) */
- SHA1Init(&context);
+ fr_SHA1Init(&context);
memset(zeros, 0, sizeof(zeros));
memcpy(zeros, xval.p, 20);
- SHA1Transform(context.state, zeros);
- SHA1FinalNoLen(w_0.p, &context);
+ fr_SHA1Transform(context.state, zeros);
+ fr_fr_SHA1FinalNoLen(w_0.p, &context);
/* c. XKEY = (1 + XKEY + w_0) mod 2^160 */
onesixty_add_mod(&sum, &xkey, &w_0);
xval = xkey;
/* e. w_1 = SHA1(XVAL) */
- SHA1Init(&context);
+ fr_SHA1Init(&context);
memset(zeros, 0, sizeof(zeros));
memcpy(zeros, xval.p, 20);
- SHA1Transform(context.state, zeros);
- SHA1FinalNoLen(w_1.p, &context);
+ fr_SHA1Transform(context.state, zeros);
+ fr_fr_SHA1FinalNoLen(w_1.p, &context);
/* f. XKEY = (1 + XKEY + w_1) mod 2^160 */
onesixty_add_mod(&sum, &xkey, &w_1);
const uint8_t *auth_challenge,
const char *user_name, uint8_t *challenge )
{
- SHA1_CTX Context;
+ fr_SHA1_CTX Context;
uint8_t hash[20];
- SHA1Init(&Context);
- SHA1Update(&Context, peer_challenge, 16);
- SHA1Update(&Context, auth_challenge, 16);
- SHA1Update(&Context, user_name, strlen(user_name));
- SHA1Final(hash, &Context);
+ fr_SHA1Init(&Context);
+ fr_SHA1Update(&Context, peer_challenge, 16);
+ fr_SHA1Update(&Context, auth_challenge, 16);
+ fr_SHA1Update(&Context, user_name, strlen(user_name));
+ fr_SHA1Final(hash, &Context);
memcpy(challenge, hash, 8);
}
char *peer_challenge, char *auth_challenge,
char *response)
{
- SHA1_CTX Context;
+ fr_SHA1_CTX Context;
static const uint8_t magic1[39] =
{0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,
0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,
char challenge[8];
uint8_t digest[20];
- SHA1Init(&Context);
- SHA1Update(&Context, nt_hash_hash, 16);
- SHA1Update(&Context, ntresponse, 24);
- SHA1Update(&Context, magic1, 39);
- SHA1Final(digest, &Context);
+ fr_SHA1Init(&Context);
+ fr_SHA1Update(&Context, nt_hash_hash, 16);
+ fr_SHA1Update(&Context, ntresponse, 24);
+ fr_SHA1Update(&Context, magic1, 39);
+ fr_SHA1Final(digest, &Context);
challenge_hash(peer_challenge, auth_challenge, username, challenge);
- SHA1Init(&Context);
- SHA1Update(&Context, digest, 20);
- SHA1Update(&Context, challenge, 8);
- SHA1Update(&Context, magic2, 41);
- SHA1Final(digest, &Context);
+ fr_SHA1Init(&Context);
+ fr_SHA1Update(&Context, digest, 20);
+ fr_SHA1Update(&Context, challenge, 8);
+ fr_SHA1Update(&Context, magic2, 41);
+ fr_SHA1Final(digest, &Context);
/*
* Encode the value of 'Digest' as "S=" followed by
uint8_t *masterkey)
{
uint8_t digest[20];
- SHA1_CTX Context;
+ fr_SHA1_CTX Context;
- SHA1Init(&Context);
- SHA1Update(&Context,nt_hashhash,16);
- SHA1Update(&Context,nt_response,24);
- SHA1Update(&Context,magic1,27);
- SHA1Final(digest,&Context);
+ fr_SHA1Init(&Context);
+ fr_SHA1Update(&Context,nt_hashhash,16);
+ fr_SHA1Update(&Context,nt_response,24);
+ fr_SHA1Update(&Context,magic1,27);
+ fr_SHA1Final(digest,&Context);
memcpy(masterkey,digest,16);
}
{
uint8_t digest[20];
const uint8_t *s;
- SHA1_CTX Context;
+ fr_SHA1_CTX Context;
memset(digest,0,20);
s = magic2;
}
- SHA1Init(&Context);
- SHA1Update(&Context,masterkey,16);
- SHA1Update(&Context,SHSpad1,40);
- SHA1Update(&Context,s,84);
- SHA1Update(&Context,SHSpad2,40);
- SHA1Final(digest,&Context);
+ fr_SHA1Init(&Context);
+ fr_SHA1Update(&Context,masterkey,16);
+ fr_SHA1Update(&Context,SHSpad1,40);
+ fr_SHA1Update(&Context,s,84);
+ fr_SHA1Update(&Context,SHSpad2,40);
+ fr_SHA1Final(digest,&Context);
memcpy(sesskey,digest,keylen);
}
VALUE_PAIR *module_fmsg_vp;
char module_fmsg[MAX_STRING_LEN];
FR_MD5_CTX md5_context;
- SHA1_CTX sha1_context;
+ fr_SHA1_CTX sha1_context;
uint8_t digest[40];
char buff[MAX_STRING_LEN];
char buff2[MAX_STRING_LEN + 50];
goto make_msg;
}
- SHA1Init(&sha1_context);
- SHA1Update(&sha1_context, request->password->vp_strvalue,
+ fr_SHA1Init(&sha1_context);
+ fr_SHA1Update(&sha1_context, request->password->vp_strvalue,
request->password->length);
- SHA1Final(digest,&sha1_context);
+ fr_SHA1Final(digest,&sha1_context);
if (memcmp(digest, vp->vp_octets, vp->length) != 0) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SHA1 password check failed");
goto make_msg;
}
- SHA1Init(&sha1_context);
- SHA1Update(&sha1_context, request->password->vp_strvalue,
+ fr_SHA1Init(&sha1_context);
+ fr_SHA1Update(&sha1_context, request->password->vp_strvalue,
request->password->length);
- SHA1Update(&sha1_context, &vp->vp_octets[20], vp->length - 20);
- SHA1Final(digest,&sha1_context);
+ fr_SHA1Update(&sha1_context, &vp->vp_octets[20], vp->length - 20);
+ fr_SHA1Final(digest,&sha1_context);
if (memcmp(digest, vp->vp_octets, 20) != 0) {
snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SSHA password check failed");
goto make_msg;