diff options
author | David Thompson <dthompson2@worcester.edu> | 2015-12-07 08:53:58 -0500 |
---|---|---|
committer | David Thompson <dthompson2@worcester.edu> | 2015-12-09 08:42:57 -0500 |
commit | 7f59af4cdf071dc133ae3ed04b3a3c146a3d8429 (patch) | |
tree | f1d59412de994d00498d87e85eb787e1307493ed /web/socket/sha-1.scm | |
parent | 1774770170531197d906194c6de806af62b1b516 (diff) |
Move base64 and SHA-1 modules to (web socket) namespace.
Diffstat (limited to 'web/socket/sha-1.scm')
-rw-r--r-- | web/socket/sha-1.scm | 300 |
1 files changed, 300 insertions, 0 deletions
diff --git a/web/socket/sha-1.scm b/web/socket/sha-1.scm new file mode 100644 index 0000000..95a13aa --- /dev/null +++ b/web/socket/sha-1.scm @@ -0,0 +1,300 @@ +;; -*- mode: scheme; coding: utf-8 -*- +;; Copyright © 2009, 2010, 2012 Göran Weinholt <goran@weinholt.se> + +;; Permission is hereby granted, free of charge, to any person obtaining a +;; copy of this software and associated documentation files (the "Software"), +;; to deal in the Software without restriction, including without limitation +;; the rights to use, copy, modify, merge, publish, distribute, sublicense, +;; and/or sell copies of the Software, and to permit persons to whom the +;; Software is furnished to do so, subject to the following conditions: + +;; The above copyright notice and this permission notice shall be included in +;; all copies or substantial portions of the Software. + +;; THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +;; IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +;; FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +;; THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +;; LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +;; FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +;; DEALINGS IN THE SOFTWARE. +#!r6rs + +;; Byte-oriented SHA-1 from FIPS 180-3 and RFC 3174. + +;; The data being hashed will never be modified here. + +;; TODO: give an error if more than 2^64 bits are processed? +;; TODO: Optimize. Should be simple enough with the help of a profiler. + +(library (web socket sha-1) + (export make-sha-1 sha-1-update! sha-1-finish! sha-1-clear! + sha-1 sha-1-copy sha-1-finish + sha-1-transform! ;for interested parties only + sha-1-length + sha-1-copy-hash! sha-1-96-copy-hash! + sha-1->bytevector sha-1->string + sha-1-hash=? sha-1-96-hash=? + hmac-sha-1) + (import (except (rnrs) bitwise-rotate-bit-field)) + + (define (sha-1-length) 20) + + (define (vector-copy x) (vector-map (lambda (i) i) x)) + + (define (rol32 n count) + (let ((field1 (bitwise-and #xffffffff (bitwise-arithmetic-shift-left n count))) + (field2 (bitwise-arithmetic-shift-right n (- 32 count)))) + (bitwise-ior field1 field2))) + + (define-record-type sha1state + (fields (immutable H) ;Hash + (immutable W) ;temporary data + (immutable m) ;unprocessed data + (mutable pending) ;length of unprocessed data + (mutable processed))) ;length of processed data + + (define (make-sha-1) + (let ((H (list->vector initial-hash)) + (W (make-bytevector (* 4 80))) + (m (make-bytevector (* 4 16)))) + (make-sha1state H W m 0 0))) + + (define (sha-1-copy state) + (let ((H (vector-copy (sha1state-H state))) + (W (make-bytevector (* 4 80))) + (m (bytevector-copy (sha1state-m state)))) + (make-sha1state H W m + (sha1state-pending state) + (sha1state-processed state)))) + + (define (sha-1-clear! state) + (for-each (lambda (i v) + (vector-set! (sha1state-H state) i v)) + '(0 1 2 3 4) + initial-hash) + (bytevector-fill! (sha1state-W state) 0) + (bytevector-fill! (sha1state-m state) 0) + (sha1state-pending-set! state 0) + (sha1state-processed-set! state 0)) + + (define initial-hash '(#x67452301 #xefcdab89 #x98badcfe #x10325476 #xc3d2e1f0)) + + (define (Ch x y z) + (bitwise-xor (bitwise-and x y) + (bitwise-and (bitwise-not x) z))) + + (define Parity bitwise-xor) + + (define (Maj x y z) + (bitwise-xor (bitwise-and x y) + (bitwise-and x z) + (bitwise-and y z))) + + (define k1 #x5a827999) + (define k2 #x6ed9eba1) + (define k3 #x8f1bbcdc) + (define k4 #xca62c1d6) + + (define (f t B C D) + ((cond ((<= 0 t 19) Ch) + ((<= 20 t 39) Parity) + ((<= 40 t 59) Maj) + (else Parity)) + B C D)) + + (define (K t) + (cond ((<= 0 t 19) k1) + ((<= 20 t 39) k2) + ((<= 40 t 59) k3) + (else k4))) + + ;; This function transforms a whole 512 bit block. + (define (sha-1-transform! H W m offset) + ;; Copy the message block + (do ((t 0 (+ t 4))) + ((= t (* 4 16))) + (bytevector-u32-native-set! W t (bytevector-u32-ref m (+ t offset) (endianness big)))) + ;; Initialize W[16..79] + (do ((t (* 4 16) (+ t 4))) + ((= t (* 4 80))) + (bytevector-u32-native-set! W t (rol32 + (bitwise-xor (bytevector-u32-native-ref W (- t (* 4 3))) + (bytevector-u32-native-ref W (- t (* 4 8))) + (bytevector-u32-native-ref W (- t (* 4 14))) + (bytevector-u32-native-ref W (- t (* 4 16)))) + 1))) + ;; Do the hokey pokey + (let lp ((A (vector-ref H 0)) + (B (vector-ref H 1)) + (C (vector-ref H 2)) + (D (vector-ref H 3)) + (E (vector-ref H 4)) + (t 0)) + (cond ((= t 80) + (vector-set! H 0 (bitwise-and #xffffffff (+ A (vector-ref H 0)))) + (vector-set! H 1 (bitwise-and #xffffffff (+ B (vector-ref H 1)))) + (vector-set! H 2 (bitwise-and #xffffffff (+ C (vector-ref H 2)))) + (vector-set! H 3 (bitwise-and #xffffffff (+ D (vector-ref H 3)))) + (vector-set! H 4 (bitwise-and #xffffffff (+ E (vector-ref H 4))))) + (else + (lp (bitwise-and #xffffffff + (+ (rol32 A 5) + (f t B C D) + E + (bytevector-u32-native-ref W (* 4 t)) + (K t))) + A + (rol32 B 30) + C + D + (+ t 1)))))) + + ;; Add a bytevector to the state. Align your data to whole blocks if + ;; you want this to go a little faster. + (define sha-1-update! + (case-lambda + ((state data start end) + (let ((m (sha1state-m state)) ;unprocessed data + (H (sha1state-H state)) + (W (sha1state-W state))) + (let lp ((offset start)) + (cond ((= (sha1state-pending state) 64) + ;; A whole block is pending + (sha-1-transform! H W m 0) + (sha1state-pending-set! state 0) + (sha1state-processed-set! state (+ 64 (sha1state-processed state))) + (lp offset)) + ((= offset end) + (values)) + ((or (> (sha1state-pending state) 0) + (> (+ offset 64) end)) + ;; Pending data exists or less than a block remains. + ;; Add more pending data. + (let ((added (min (- 64 (sha1state-pending state)) + (- end offset)))) + (bytevector-copy! data offset + m (sha1state-pending state) + added) + (sha1state-pending-set! state (+ added (sha1state-pending state))) + (lp (+ offset added)))) + (else + ;; Consume a whole block + (sha-1-transform! H W data offset) + (sha1state-processed-set! state (+ 64 (sha1state-processed state))) + (lp (+ offset 64))))))) + ((state data) + (sha-1-update! state data 0 (bytevector-length data))))) + + (define zero-block (make-bytevector 64 0)) + + ;; Finish the state by adding a 1, zeros and the counter. + (define (sha-1-finish! state) + (let ((m (sha1state-m state)) + (pending (+ (sha1state-pending state) 1))) + (bytevector-u8-set! m (sha1state-pending state) #x80) + (cond ((> pending 56) + (bytevector-copy! zero-block 0 + m pending + (- 64 pending)) + (sha-1-transform! (sha1state-H state) + (sha1state-W state) + m + 0) + (bytevector-fill! m 0)) + (else + (bytevector-copy! zero-block 0 + m pending + (- 64 pending)))) + ;; Number of bits in the data + (bytevector-u64-set! m 56 + (* (+ (sha1state-processed state) + (- pending 1)) + 8) + (endianness big)) + (sha-1-transform! (sha1state-H state) + (sha1state-W state) + m + 0))) + + (define (sha-1-finish state) + (let ((copy (sha-1-copy state))) + (sha-1-finish! copy) + copy)) + + ;; Find the SHA-1 of the concatenation of the given bytevectors. + (define (sha-1 . data) + (let ((state (make-sha-1))) + (for-each (lambda (d) (sha-1-update! state d)) + data) + (sha-1-finish! state) + state)) + + (define (copy-hash! state bv off len) + (do ((i 0 (+ i 1))) + ((= i len)) + (bytevector-u32-set! bv (+ off (* 4 i)) + (vector-ref (sha1state-H state) i) + (endianness big)))) + + (define (sha-1-copy-hash! state bv off) + (copy-hash! state bv off 5)) + + (define (sha-1-96-copy-hash! state bv off) + (copy-hash! state bv off 3)) + + (define (sha-1->bytevector state) + (let ((ret (make-bytevector (* 4 5)))) + (sha-1-copy-hash! state ret 0) + ret)) + + (define (sha-1->string state) + (apply string-append + (map (lambda (x) + (if (< x #x10) + (string-append "0" (number->string x 16)) + (number->string x 16))) + (bytevector->u8-list (sha-1->bytevector state))))) + + ;; Compare an SHA-1 state with a bytevector. It is supposed to not + ;; terminate early in order to not leak timing information. Assumes + ;; that the bytevector's length is ok. + (define (cmp state bv len) + (do ((i 0 (fx+ i 1)) + (diff 0 (+ diff + (bitwise-xor + (bytevector-u32-ref bv (* 4 i) (endianness big)) + (vector-ref (sha1state-H state) i))))) + ((fx=? i len) + (zero? diff)))) + + (define (sha-1-hash=? state bv) (cmp state bv 5)) + + (define (sha-1-96-hash=? state bv) (cmp state bv 3)) + +;;; HMAC-SHA-1. RFC 2104. + + ;; TODO: an API with make, update!, finish!, finish, clear!, copy, etc + + (define (hmac-sha-1 secret . data) + ;; RFC 2104. + (if (> (bytevector-length secret) 64) + (apply hmac-sha-1 (sha-1->bytevector (sha-1 secret)) data) + (let ((k-ipad (make-bytevector 64 0)) + (k-opad (make-bytevector 64 0))) + (bytevector-copy! secret 0 k-ipad 0 (bytevector-length secret)) + (bytevector-copy! secret 0 k-opad 0 (bytevector-length secret)) + (do ((i 0 (fx+ i 1))) + ((fx=? i 64)) + (bytevector-u8-set! k-ipad i (fxxor #x36 (bytevector-u8-ref k-ipad i))) + (bytevector-u8-set! k-opad i (fxxor #x5c (bytevector-u8-ref k-opad i)))) + (let ((state (make-sha-1))) + (sha-1-update! state k-ipad) + (for-each (lambda (d) (sha-1-update! state d)) data) + (sha-1-finish! state) + (let ((digest (sha-1->bytevector state))) + (sha-1-clear! state) + (sha-1-update! state k-opad) + (sha-1-update! state digest) + (sha-1-finish! state) + state)))))) |