From 7f59af4cdf071dc133ae3ed04b3a3c146a3d8429 Mon Sep 17 00:00:00 2001 From: David Thompson Date: Mon, 7 Dec 2015 08:53:58 -0500 Subject: Move base64 and SHA-1 modules to (web socket) namespace. --- base64.scm | 285 ----------------------------------------------- sha-1.scm | 300 -------------------------------------------------- web/socket/base64.scm | 285 +++++++++++++++++++++++++++++++++++++++++++++++ web/socket/server.scm | 4 +- web/socket/sha-1.scm | 300 ++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 587 insertions(+), 587 deletions(-) delete mode 100644 base64.scm delete mode 100644 sha-1.scm create mode 100644 web/socket/base64.scm create mode 100644 web/socket/sha-1.scm diff --git a/base64.scm b/base64.scm deleted file mode 100644 index 5720f18..0000000 --- a/base64.scm +++ /dev/null @@ -1,285 +0,0 @@ -;; -*- mode: scheme; coding: utf-8 -*- -;; Copyright © 2009, 2010, 2012, 2013 Göran Weinholt - -;; Permission is hereby granted, free of charge, to any person obtaining a -;; copy of this software and associated documentation files (the "Software"), -;; to deal in the Software without restriction, including without limitation -;; the rights to use, copy, modify, merge, publish, distribute, sublicense, -;; and/or sell copies of the Software, and to permit persons to whom the -;; Software is furnished to do so, subject to the following conditions: - -;; The above copyright notice and this permission notice shall be included in -;; all copies or substantial portions of the Software. - -;; THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -;; IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -;; FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL -;; THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -;; LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -;; FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER -;; DEALINGS IN THE SOFTWARE. -#!r6rs - -;; RFC 4648 Base-N Encodings - -(library (base64) - (export base64-encode - base64-decode - base64-alphabet - base64url-alphabet - get-delimited-base64 - put-delimited-base64) - (import (rnrs) - (only (srfi :13 strings) - string-index - string-prefix? string-suffix? - string-concatenate string-trim-both)) - - (define base64-alphabet - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/") - - (define base64url-alphabet - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_") - - (define base64-encode - (case-lambda - ;; Simple interface. Returns a string containing the canonical - ;; base64 representation of the given bytevector. - ((bv) - (base64-encode bv 0 (bytevector-length bv) #f #f base64-alphabet #f)) - ((bv start) - (base64-encode bv start (bytevector-length bv) #f #f base64-alphabet #f)) - ((bv start end) - (base64-encode bv start end #f #f base64-alphabet #f)) - ((bv start end line-length) - (base64-encode bv start end line-length #f base64-alphabet #f)) - ((bv start end line-length no-padding) - (base64-encode bv start end line-length no-padding base64-alphabet #f)) - ((bv start end line-length no-padding alphabet) - (base64-encode bv start end line-length no-padding alphabet #f)) - ;; Base64 encodes the bytes [start,end[ in the given bytevector. - ;; Lines are limited to line-length characters (unless #f), - ;; which must be a multiple of four. To omit the padding - ;; characters (#\=) set no-padding to a true value. If port is - ;; #f, returns a string. - ((bv start end line-length no-padding alphabet port) - (assert (or (not line-length) (zero? (mod line-length 4)))) - (let-values (((p extract) (if port - (values port (lambda () (values))) - (open-string-output-port)))) - (letrec ((put (if line-length - (let ((chars 0)) - (lambda (p c) - (when (fx=? chars line-length) - (set! chars 0) - (put-char p #\linefeed)) - (set! chars (fx+ chars 1)) - (put-char p c))) - put-char))) - (let lp ((i start)) - (cond ((= i end)) - ((<= (+ i 3) end) - (let ((x (bytevector-uint-ref bv i (endianness big) 3))) - (put p (string-ref alphabet (fxbit-field x 18 24))) - (put p (string-ref alphabet (fxbit-field x 12 18))) - (put p (string-ref alphabet (fxbit-field x 6 12))) - (put p (string-ref alphabet (fxbit-field x 0 6))) - (lp (+ i 3)))) - ((<= (+ i 2) end) - (let ((x (fxarithmetic-shift-left (bytevector-u16-ref bv i (endianness big)) 8))) - (put p (string-ref alphabet (fxbit-field x 18 24))) - (put p (string-ref alphabet (fxbit-field x 12 18))) - (put p (string-ref alphabet (fxbit-field x 6 12))) - (unless no-padding - (put p #\=)))) - (else - (let ((x (fxarithmetic-shift-left (bytevector-u8-ref bv i) 16))) - (put p (string-ref alphabet (fxbit-field x 18 24))) - (put p (string-ref alphabet (fxbit-field x 12 18))) - (unless no-padding - (put p #\=) - (put p #\=))))))) - (extract))))) - - ;; Create a lookup table for the alphabet and remember the latest table. - (define get-decode-table - (let ((ascii-table #f) - (extra-table '()) ;in the unlikely case of unicode chars - (table-alphabet #f)) - (lambda (alphabet) - (unless (eq? alphabet table-alphabet) - ;; Rebuild the table. - (do ((ascii (make-vector 128 #f)) - (extra '()) - (i 0 (+ i 1))) - ((= i (string-length alphabet)) - (set! ascii-table ascii) - (set! extra-table extra)) - (let ((c (char->integer (string-ref alphabet i)))) - (if (fx<=? c 127) - (vector-set! ascii c i) - (set! extra (cons (cons c i) extra))))) - (set! table-alphabet alphabet)) - (values ascii-table extra-table)))) - - ;; Decodes a correctly padded base64 string, optionally ignoring - ;; non-alphabet characters. - (define base64-decode - (case-lambda - ((str) - (base64-decode str base64-alphabet #f)) - ((str alphabet) - (base64-decode str alphabet #f)) - ((str alphabet port) - (base64-decode str alphabet port #t)) - ((str alphabet port strict?) - (define (pad? c) (eqv? c (char->integer #\=))) - (let-values (((p extract) (if port - (values port (lambda () (values))) - (open-bytevector-output-port))) - ((ascii extra) (get-decode-table alphabet))) - (define-syntax lookup - (syntax-rules () - ((_ c) (or (and (fx<=? c 127) (vector-ref ascii c)) - (cond ((assv c extra) => cdr) - (else #f)))))) - (let* ((len (if strict? - (string-length str) - (let lp ((i (fx- (string-length str) 1))) - ;; Skip trailing invalid chars. - (cond ((fxzero? i) 0) - ((let ((c (char->integer (string-ref str i)))) - (or (lookup c) (pad? c))) - (fx+ i 1)) - (else (lp (fx- i 1)))))))) - (let lp ((i 0)) - (cond - ((fx=? i len) - (extract)) - ((fx<=? i (fx- len 4)) - (let lp* ((c1 (char->integer (string-ref str i))) - (c2 (char->integer (string-ref str (fx+ i 1)))) - (c3 (char->integer (string-ref str (fx+ i 2)))) - (c4 (char->integer (string-ref str (fx+ i 3)))) - (i i)) - (let ((i1 (lookup c1)) (i2 (lookup c2)) - (i3 (lookup c3)) (i4 (lookup c4))) - (cond - ((and i1 i2 i3 i4) - ;; All characters present and accounted for. - ;; The most common case. - (let ((x (fxior (fxarithmetic-shift-left i1 18) - (fxarithmetic-shift-left i2 12) - (fxarithmetic-shift-left i3 6) - i4))) - (put-u8 p (fxbit-field x 16 24)) - (put-u8 p (fxbit-field x 8 16)) - (put-u8 p (fxbit-field x 0 8)) - (lp (fx+ i 4)))) - ((and i1 i2 i3 (pad? c4) (= i (- len 4))) - ;; One padding character at the end of the input. - (let ((x (fxior (fxarithmetic-shift-left i1 18) - (fxarithmetic-shift-left i2 12) - (fxarithmetic-shift-left i3 6)))) - (put-u8 p (fxbit-field x 16 24)) - (put-u8 p (fxbit-field x 8 16)) - (lp (fx+ i 4)))) - ((and i1 i2 (pad? c3) (pad? c4) (= i (- len 4))) - ;; Two padding characters. - (let ((x (fxior (fxarithmetic-shift-left i1 18) - (fxarithmetic-shift-left i2 12)))) - (put-u8 p (fxbit-field x 16 24)) - (lp (fx+ i 4)))) - ((not strict?) - ;; Non-alphabet characters. - (let lp ((i i) (c* '()) (n 4)) - (cond ((fxzero? n) - ;; Found four valid characters. - (lp* (cadddr c*) (caddr c*) (cadr c*) (car c*) - (fx- i 4))) - ((fx=? i len) - (error 'base64-decode - "Invalid input in non-strict mode." - i c*)) - (else - ;; Gather alphabetic (or valid - ;; padding) characters. - (let ((c (char->integer (string-ref str i)))) - (cond ((or (lookup c) - (and (pad? c) - (fx<=? n 2) - (fx=? i (fx- len n)))) - (lp (fx+ i 1) (cons c c*) (fx- n 1))) - (else - (lp (fx+ i 1) c* n)))))))) - (else - (error 'base64-decode - "Invalid input in strict mode." - c1 c2 c3 c4)))))) - (else - (error 'base64-decode - "The input is too short, it may be missing padding." - i))))))))) - - (define (get-line-comp f port) - (if (port-eof? port) - (eof-object) - (f (get-line port)))) - - ;; Reads the common -----BEGIN/END type----- delimited format from - ;; the given port. Returns two values: a string with the type and a - ;; bytevector containing the base64 decoded data. The second value - ;; is the eof object if there is an eof before the BEGIN delimiter. - (define get-delimited-base64 - (case-lambda - ((port) - (get-delimited-base64 port #t)) - ((port strict) - (define (get-first-data-line port) - ;; Some MIME data has header fields in the same format as mail - ;; or http. These are ignored. - (let ((line (get-line-comp string-trim-both port))) - (cond ((eof-object? line) line) - ((string-index line #\:) - (let lp () ;read until empty line - (let ((line (get-line-comp string-trim-both port))) - (if (string=? line "") - (get-line-comp string-trim-both port) - (lp))))) - (else line)))) - (let ((line (get-line-comp string-trim-both port))) - (cond ((eof-object? line) - (values "" (eof-object))) - ((string=? line "") - (get-delimited-base64 port)) - ((and (string-prefix? "-----BEGIN " line) - (string-suffix? "-----" line)) - (let* ((type (substring line 11 (- (string-length line) 5))) - (endline (string-append "-----END " type "-----"))) - (let-values (((outp extract) (open-bytevector-output-port))) - (let lp ((line (get-first-data-line port))) - (cond ((eof-object? line) - (error 'get-delimited-base64 - "unexpected end of file")) - ((string-prefix? "-" line) - (unless (string=? line endline) - (error 'get-delimited-base64 - "bad end delimiter" type line)) - (values type (extract))) - (else - (unless (and (= (string-length line) 5) - (string-prefix? "=" line)) ;Skip Radix-64 checksum - (base64-decode line base64-alphabet outp)) - (lp (get-line-comp string-trim-both port)))))))) - (else ;skip garbage (like in openssl x509 -in foo -text output). - (get-delimited-base64 port))))))) - - (define put-delimited-base64 - (case-lambda - ((port type bv line-length) - (display (string-append "-----BEGIN " type "-----\n") port) - (base64-encode bv 0 (bytevector-length bv) - line-length #f base64-alphabet port) - (display (string-append "\n-----END " type "-----\n") port)) - ((port type bv) - (put-delimited-base64 port type bv 76))))) diff --git a/sha-1.scm b/sha-1.scm deleted file mode 100644 index 8a49e88..0000000 --- a/sha-1.scm +++ /dev/null @@ -1,300 +0,0 @@ -;; -*- mode: scheme; coding: utf-8 -*- -;; Copyright © 2009, 2010, 2012 Göran Weinholt - -;; Permission is hereby granted, free of charge, to any person obtaining a -;; copy of this software and associated documentation files (the "Software"), -;; to deal in the Software without restriction, including without limitation -;; the rights to use, copy, modify, merge, publish, distribute, sublicense, -;; and/or sell copies of the Software, and to permit persons to whom the -;; Software is furnished to do so, subject to the following conditions: - -;; The above copyright notice and this permission notice shall be included in -;; all copies or substantial portions of the Software. - -;; THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -;; IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -;; FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL -;; THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -;; LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -;; FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER -;; DEALINGS IN THE SOFTWARE. -#!r6rs - -;; Byte-oriented SHA-1 from FIPS 180-3 and RFC 3174. - -;; The data being hashed will never be modified here. - -;; TODO: give an error if more than 2^64 bits are processed? -;; TODO: Optimize. Should be simple enough with the help of a profiler. - -(library (sha-1) - (export make-sha-1 sha-1-update! sha-1-finish! sha-1-clear! - sha-1 sha-1-copy sha-1-finish - sha-1-transform! ;for interested parties only - sha-1-length - sha-1-copy-hash! sha-1-96-copy-hash! - sha-1->bytevector sha-1->string - sha-1-hash=? sha-1-96-hash=? - hmac-sha-1) - (import (except (rnrs) bitwise-rotate-bit-field)) - - (define (sha-1-length) 20) - - (define (vector-copy x) (vector-map (lambda (i) i) x)) - - (define (rol32 n count) - (let ((field1 (bitwise-and #xffffffff (bitwise-arithmetic-shift-left n count))) - (field2 (bitwise-arithmetic-shift-right n (- 32 count)))) - (bitwise-ior field1 field2))) - - (define-record-type sha1state - (fields (immutable H) ;Hash - (immutable W) ;temporary data - (immutable m) ;unprocessed data - (mutable pending) ;length of unprocessed data - (mutable processed))) ;length of processed data - - (define (make-sha-1) - (let ((H (list->vector initial-hash)) - (W (make-bytevector (* 4 80))) - (m (make-bytevector (* 4 16)))) - (make-sha1state H W m 0 0))) - - (define (sha-1-copy state) - (let ((H (vector-copy (sha1state-H state))) - (W (make-bytevector (* 4 80))) - (m (bytevector-copy (sha1state-m state)))) - (make-sha1state H W m - (sha1state-pending state) - (sha1state-processed state)))) - - (define (sha-1-clear! state) - (for-each (lambda (i v) - (vector-set! (sha1state-H state) i v)) - '(0 1 2 3 4) - initial-hash) - (bytevector-fill! (sha1state-W state) 0) - (bytevector-fill! (sha1state-m state) 0) - (sha1state-pending-set! state 0) - (sha1state-processed-set! state 0)) - - (define initial-hash '(#x67452301 #xefcdab89 #x98badcfe #x10325476 #xc3d2e1f0)) - - (define (Ch x y z) - (bitwise-xor (bitwise-and x y) - (bitwise-and (bitwise-not x) z))) - - (define Parity bitwise-xor) - - (define (Maj x y z) - (bitwise-xor (bitwise-and x y) - (bitwise-and x z) - (bitwise-and y z))) - - (define k1 #x5a827999) - (define k2 #x6ed9eba1) - (define k3 #x8f1bbcdc) - (define k4 #xca62c1d6) - - (define (f t B C D) - ((cond ((<= 0 t 19) Ch) - ((<= 20 t 39) Parity) - ((<= 40 t 59) Maj) - (else Parity)) - B C D)) - - (define (K t) - (cond ((<= 0 t 19) k1) - ((<= 20 t 39) k2) - ((<= 40 t 59) k3) - (else k4))) - - ;; This function transforms a whole 512 bit block. - (define (sha-1-transform! H W m offset) - ;; Copy the message block - (do ((t 0 (+ t 4))) - ((= t (* 4 16))) - (bytevector-u32-native-set! W t (bytevector-u32-ref m (+ t offset) (endianness big)))) - ;; Initialize W[16..79] - (do ((t (* 4 16) (+ t 4))) - ((= t (* 4 80))) - (bytevector-u32-native-set! W t (rol32 - (bitwise-xor (bytevector-u32-native-ref W (- t (* 4 3))) - (bytevector-u32-native-ref W (- t (* 4 8))) - (bytevector-u32-native-ref W (- t (* 4 14))) - (bytevector-u32-native-ref W (- t (* 4 16)))) - 1))) - ;; Do the hokey pokey - (let lp ((A (vector-ref H 0)) - (B (vector-ref H 1)) - (C (vector-ref H 2)) - (D (vector-ref H 3)) - (E (vector-ref H 4)) - (t 0)) - (cond ((= t 80) - (vector-set! H 0 (bitwise-and #xffffffff (+ A (vector-ref H 0)))) - (vector-set! H 1 (bitwise-and #xffffffff (+ B (vector-ref H 1)))) - (vector-set! H 2 (bitwise-and #xffffffff (+ C (vector-ref H 2)))) - (vector-set! H 3 (bitwise-and #xffffffff (+ D (vector-ref H 3)))) - (vector-set! H 4 (bitwise-and #xffffffff (+ E (vector-ref H 4))))) - (else - (lp (bitwise-and #xffffffff - (+ (rol32 A 5) - (f t B C D) - E - (bytevector-u32-native-ref W (* 4 t)) - (K t))) - A - (rol32 B 30) - C - D - (+ t 1)))))) - - ;; Add a bytevector to the state. Align your data to whole blocks if - ;; you want this to go a little faster. - (define sha-1-update! - (case-lambda - ((state data start end) - (let ((m (sha1state-m state)) ;unprocessed data - (H (sha1state-H state)) - (W (sha1state-W state))) - (let lp ((offset start)) - (cond ((= (sha1state-pending state) 64) - ;; A whole block is pending - (sha-1-transform! H W m 0) - (sha1state-pending-set! state 0) - (sha1state-processed-set! state (+ 64 (sha1state-processed state))) - (lp offset)) - ((= offset end) - (values)) - ((or (> (sha1state-pending state) 0) - (> (+ offset 64) end)) - ;; Pending data exists or less than a block remains. - ;; Add more pending data. - (let ((added (min (- 64 (sha1state-pending state)) - (- end offset)))) - (bytevector-copy! data offset - m (sha1state-pending state) - added) - (sha1state-pending-set! state (+ added (sha1state-pending state))) - (lp (+ offset added)))) - (else - ;; Consume a whole block - (sha-1-transform! H W data offset) - (sha1state-processed-set! state (+ 64 (sha1state-processed state))) - (lp (+ offset 64))))))) - ((state data) - (sha-1-update! state data 0 (bytevector-length data))))) - - (define zero-block (make-bytevector 64 0)) - - ;; Finish the state by adding a 1, zeros and the counter. - (define (sha-1-finish! state) - (let ((m (sha1state-m state)) - (pending (+ (sha1state-pending state) 1))) - (bytevector-u8-set! m (sha1state-pending state) #x80) - (cond ((> pending 56) - (bytevector-copy! zero-block 0 - m pending - (- 64 pending)) - (sha-1-transform! (sha1state-H state) - (sha1state-W state) - m - 0) - (bytevector-fill! m 0)) - (else - (bytevector-copy! zero-block 0 - m pending - (- 64 pending)))) - ;; Number of bits in the data - (bytevector-u64-set! m 56 - (* (+ (sha1state-processed state) - (- pending 1)) - 8) - (endianness big)) - (sha-1-transform! (sha1state-H state) - (sha1state-W state) - m - 0))) - - (define (sha-1-finish state) - (let ((copy (sha-1-copy state))) - (sha-1-finish! copy) - copy)) - - ;; Find the SHA-1 of the concatenation of the given bytevectors. - (define (sha-1 . data) - (let ((state (make-sha-1))) - (for-each (lambda (d) (sha-1-update! state d)) - data) - (sha-1-finish! state) - state)) - - (define (copy-hash! state bv off len) - (do ((i 0 (+ i 1))) - ((= i len)) - (bytevector-u32-set! bv (+ off (* 4 i)) - (vector-ref (sha1state-H state) i) - (endianness big)))) - - (define (sha-1-copy-hash! state bv off) - (copy-hash! state bv off 5)) - - (define (sha-1-96-copy-hash! state bv off) - (copy-hash! state bv off 3)) - - (define (sha-1->bytevector state) - (let ((ret (make-bytevector (* 4 5)))) - (sha-1-copy-hash! state ret 0) - ret)) - - (define (sha-1->string state) - (apply string-append - (map (lambda (x) - (if (< x #x10) - (string-append "0" (number->string x 16)) - (number->string x 16))) - (bytevector->u8-list (sha-1->bytevector state))))) - - ;; Compare an SHA-1 state with a bytevector. It is supposed to not - ;; terminate early in order to not leak timing information. Assumes - ;; that the bytevector's length is ok. - (define (cmp state bv len) - (do ((i 0 (fx+ i 1)) - (diff 0 (+ diff - (bitwise-xor - (bytevector-u32-ref bv (* 4 i) (endianness big)) - (vector-ref (sha1state-H state) i))))) - ((fx=? i len) - (zero? diff)))) - - (define (sha-1-hash=? state bv) (cmp state bv 5)) - - (define (sha-1-96-hash=? state bv) (cmp state bv 3)) - -;;; HMAC-SHA-1. RFC 2104. - - ;; TODO: an API with make, update!, finish!, finish, clear!, copy, etc - - (define (hmac-sha-1 secret . data) - ;; RFC 2104. - (if (> (bytevector-length secret) 64) - (apply hmac-sha-1 (sha-1->bytevector (sha-1 secret)) data) - (let ((k-ipad (make-bytevector 64 0)) - (k-opad (make-bytevector 64 0))) - (bytevector-copy! secret 0 k-ipad 0 (bytevector-length secret)) - (bytevector-copy! secret 0 k-opad 0 (bytevector-length secret)) - (do ((i 0 (fx+ i 1))) - ((fx=? i 64)) - (bytevector-u8-set! k-ipad i (fxxor #x36 (bytevector-u8-ref k-ipad i))) - (bytevector-u8-set! k-opad i (fxxor #x5c (bytevector-u8-ref k-opad i)))) - (let ((state (make-sha-1))) - (sha-1-update! state k-ipad) - (for-each (lambda (d) (sha-1-update! state d)) data) - (sha-1-finish! state) - (let ((digest (sha-1->bytevector state))) - (sha-1-clear! state) - (sha-1-update! state k-opad) - (sha-1-update! state digest) - (sha-1-finish! state) - state)))))) diff --git a/web/socket/base64.scm b/web/socket/base64.scm new file mode 100644 index 0000000..69d45b7 --- /dev/null +++ b/web/socket/base64.scm @@ -0,0 +1,285 @@ +;; -*- mode: scheme; coding: utf-8 -*- +;; Copyright © 2009, 2010, 2012, 2013 Göran Weinholt + +;; Permission is hereby granted, free of charge, to any person obtaining a +;; copy of this software and associated documentation files (the "Software"), +;; to deal in the Software without restriction, including without limitation +;; the rights to use, copy, modify, merge, publish, distribute, sublicense, +;; and/or sell copies of the Software, and to permit persons to whom the +;; Software is furnished to do so, subject to the following conditions: + +;; The above copyright notice and this permission notice shall be included in +;; all copies or substantial portions of the Software. + +;; THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +;; IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +;; FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +;; THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +;; LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +;; FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +;; DEALINGS IN THE SOFTWARE. +#!r6rs + +;; RFC 4648 Base-N Encodings + +(library (web socket base64) + (export base64-encode + base64-decode + base64-alphabet + base64url-alphabet + get-delimited-base64 + put-delimited-base64) + (import (rnrs) + (only (srfi :13 strings) + string-index + string-prefix? string-suffix? + string-concatenate string-trim-both)) + + (define base64-alphabet + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/") + + (define base64url-alphabet + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_") + + (define base64-encode + (case-lambda + ;; Simple interface. Returns a string containing the canonical + ;; base64 representation of the given bytevector. + ((bv) + (base64-encode bv 0 (bytevector-length bv) #f #f base64-alphabet #f)) + ((bv start) + (base64-encode bv start (bytevector-length bv) #f #f base64-alphabet #f)) + ((bv start end) + (base64-encode bv start end #f #f base64-alphabet #f)) + ((bv start end line-length) + (base64-encode bv start end line-length #f base64-alphabet #f)) + ((bv start end line-length no-padding) + (base64-encode bv start end line-length no-padding base64-alphabet #f)) + ((bv start end line-length no-padding alphabet) + (base64-encode bv start end line-length no-padding alphabet #f)) + ;; Base64 encodes the bytes [start,end[ in the given bytevector. + ;; Lines are limited to line-length characters (unless #f), + ;; which must be a multiple of four. To omit the padding + ;; characters (#\=) set no-padding to a true value. If port is + ;; #f, returns a string. + ((bv start end line-length no-padding alphabet port) + (assert (or (not line-length) (zero? (mod line-length 4)))) + (let-values (((p extract) (if port + (values port (lambda () (values))) + (open-string-output-port)))) + (letrec ((put (if line-length + (let ((chars 0)) + (lambda (p c) + (when (fx=? chars line-length) + (set! chars 0) + (put-char p #\linefeed)) + (set! chars (fx+ chars 1)) + (put-char p c))) + put-char))) + (let lp ((i start)) + (cond ((= i end)) + ((<= (+ i 3) end) + (let ((x (bytevector-uint-ref bv i (endianness big) 3))) + (put p (string-ref alphabet (fxbit-field x 18 24))) + (put p (string-ref alphabet (fxbit-field x 12 18))) + (put p (string-ref alphabet (fxbit-field x 6 12))) + (put p (string-ref alphabet (fxbit-field x 0 6))) + (lp (+ i 3)))) + ((<= (+ i 2) end) + (let ((x (fxarithmetic-shift-left (bytevector-u16-ref bv i (endianness big)) 8))) + (put p (string-ref alphabet (fxbit-field x 18 24))) + (put p (string-ref alphabet (fxbit-field x 12 18))) + (put p (string-ref alphabet (fxbit-field x 6 12))) + (unless no-padding + (put p #\=)))) + (else + (let ((x (fxarithmetic-shift-left (bytevector-u8-ref bv i) 16))) + (put p (string-ref alphabet (fxbit-field x 18 24))) + (put p (string-ref alphabet (fxbit-field x 12 18))) + (unless no-padding + (put p #\=) + (put p #\=))))))) + (extract))))) + + ;; Create a lookup table for the alphabet and remember the latest table. + (define get-decode-table + (let ((ascii-table #f) + (extra-table '()) ;in the unlikely case of unicode chars + (table-alphabet #f)) + (lambda (alphabet) + (unless (eq? alphabet table-alphabet) + ;; Rebuild the table. + (do ((ascii (make-vector 128 #f)) + (extra '()) + (i 0 (+ i 1))) + ((= i (string-length alphabet)) + (set! ascii-table ascii) + (set! extra-table extra)) + (let ((c (char->integer (string-ref alphabet i)))) + (if (fx<=? c 127) + (vector-set! ascii c i) + (set! extra (cons (cons c i) extra))))) + (set! table-alphabet alphabet)) + (values ascii-table extra-table)))) + + ;; Decodes a correctly padded base64 string, optionally ignoring + ;; non-alphabet characters. + (define base64-decode + (case-lambda + ((str) + (base64-decode str base64-alphabet #f)) + ((str alphabet) + (base64-decode str alphabet #f)) + ((str alphabet port) + (base64-decode str alphabet port #t)) + ((str alphabet port strict?) + (define (pad? c) (eqv? c (char->integer #\=))) + (let-values (((p extract) (if port + (values port (lambda () (values))) + (open-bytevector-output-port))) + ((ascii extra) (get-decode-table alphabet))) + (define-syntax lookup + (syntax-rules () + ((_ c) (or (and (fx<=? c 127) (vector-ref ascii c)) + (cond ((assv c extra) => cdr) + (else #f)))))) + (let* ((len (if strict? + (string-length str) + (let lp ((i (fx- (string-length str) 1))) + ;; Skip trailing invalid chars. + (cond ((fxzero? i) 0) + ((let ((c (char->integer (string-ref str i)))) + (or (lookup c) (pad? c))) + (fx+ i 1)) + (else (lp (fx- i 1)))))))) + (let lp ((i 0)) + (cond + ((fx=? i len) + (extract)) + ((fx<=? i (fx- len 4)) + (let lp* ((c1 (char->integer (string-ref str i))) + (c2 (char->integer (string-ref str (fx+ i 1)))) + (c3 (char->integer (string-ref str (fx+ i 2)))) + (c4 (char->integer (string-ref str (fx+ i 3)))) + (i i)) + (let ((i1 (lookup c1)) (i2 (lookup c2)) + (i3 (lookup c3)) (i4 (lookup c4))) + (cond + ((and i1 i2 i3 i4) + ;; All characters present and accounted for. + ;; The most common case. + (let ((x (fxior (fxarithmetic-shift-left i1 18) + (fxarithmetic-shift-left i2 12) + (fxarithmetic-shift-left i3 6) + i4))) + (put-u8 p (fxbit-field x 16 24)) + (put-u8 p (fxbit-field x 8 16)) + (put-u8 p (fxbit-field x 0 8)) + (lp (fx+ i 4)))) + ((and i1 i2 i3 (pad? c4) (= i (- len 4))) + ;; One padding character at the end of the input. + (let ((x (fxior (fxarithmetic-shift-left i1 18) + (fxarithmetic-shift-left i2 12) + (fxarithmetic-shift-left i3 6)))) + (put-u8 p (fxbit-field x 16 24)) + (put-u8 p (fxbit-field x 8 16)) + (lp (fx+ i 4)))) + ((and i1 i2 (pad? c3) (pad? c4) (= i (- len 4))) + ;; Two padding characters. + (let ((x (fxior (fxarithmetic-shift-left i1 18) + (fxarithmetic-shift-left i2 12)))) + (put-u8 p (fxbit-field x 16 24)) + (lp (fx+ i 4)))) + ((not strict?) + ;; Non-alphabet characters. + (let lp ((i i) (c* '()) (n 4)) + (cond ((fxzero? n) + ;; Found four valid characters. + (lp* (cadddr c*) (caddr c*) (cadr c*) (car c*) + (fx- i 4))) + ((fx=? i len) + (error 'base64-decode + "Invalid input in non-strict mode." + i c*)) + (else + ;; Gather alphabetic (or valid + ;; padding) characters. + (let ((c (char->integer (string-ref str i)))) + (cond ((or (lookup c) + (and (pad? c) + (fx<=? n 2) + (fx=? i (fx- len n)))) + (lp (fx+ i 1) (cons c c*) (fx- n 1))) + (else + (lp (fx+ i 1) c* n)))))))) + (else + (error 'base64-decode + "Invalid input in strict mode." + c1 c2 c3 c4)))))) + (else + (error 'base64-decode + "The input is too short, it may be missing padding." + i))))))))) + + (define (get-line-comp f port) + (if (port-eof? port) + (eof-object) + (f (get-line port)))) + + ;; Reads the common -----BEGIN/END type----- delimited format from + ;; the given port. Returns two values: a string with the type and a + ;; bytevector containing the base64 decoded data. The second value + ;; is the eof object if there is an eof before the BEGIN delimiter. + (define get-delimited-base64 + (case-lambda + ((port) + (get-delimited-base64 port #t)) + ((port strict) + (define (get-first-data-line port) + ;; Some MIME data has header fields in the same format as mail + ;; or http. These are ignored. + (let ((line (get-line-comp string-trim-both port))) + (cond ((eof-object? line) line) + ((string-index line #\:) + (let lp () ;read until empty line + (let ((line (get-line-comp string-trim-both port))) + (if (string=? line "") + (get-line-comp string-trim-both port) + (lp))))) + (else line)))) + (let ((line (get-line-comp string-trim-both port))) + (cond ((eof-object? line) + (values "" (eof-object))) + ((string=? line "") + (get-delimited-base64 port)) + ((and (string-prefix? "-----BEGIN " line) + (string-suffix? "-----" line)) + (let* ((type (substring line 11 (- (string-length line) 5))) + (endline (string-append "-----END " type "-----"))) + (let-values (((outp extract) (open-bytevector-output-port))) + (let lp ((line (get-first-data-line port))) + (cond ((eof-object? line) + (error 'get-delimited-base64 + "unexpected end of file")) + ((string-prefix? "-" line) + (unless (string=? line endline) + (error 'get-delimited-base64 + "bad end delimiter" type line)) + (values type (extract))) + (else + (unless (and (= (string-length line) 5) + (string-prefix? "=" line)) ;Skip Radix-64 checksum + (base64-decode line base64-alphabet outp)) + (lp (get-line-comp string-trim-both port)))))))) + (else ;skip garbage (like in openssl x509 -in foo -text output). + (get-delimited-base64 port))))))) + + (define put-delimited-base64 + (case-lambda + ((port type bv line-length) + (display (string-append "-----BEGIN " type "-----\n") port) + (base64-encode bv 0 (bytevector-length bv) + line-length #f base64-alphabet port) + (display (string-append "\n-----END " type "-----\n") port)) + ((port type bv) + (put-delimited-base64 port type bv 76))))) diff --git a/web/socket/server.scm b/web/socket/server.scm index 85395a3..7b6463e 100644 --- a/web/socket/server.scm +++ b/web/socket/server.scm @@ -26,12 +26,12 @@ (define-module (web socket server) #:use-module (ice-9 match) #:use-module (rnrs bytevectors) - #:use-module (base64) - #:use-module (sha-1) #:use-module (web request) #:use-module (web response) #:use-module (web uri) + #:use-module (web socket base64) #:use-module (web socket frame) + #:use-module (web socket sha-1) #:export (make-server-socket run-server)) diff --git a/web/socket/sha-1.scm b/web/socket/sha-1.scm new file mode 100644 index 0000000..95a13aa --- /dev/null +++ b/web/socket/sha-1.scm @@ -0,0 +1,300 @@ +;; -*- mode: scheme; coding: utf-8 -*- +;; Copyright © 2009, 2010, 2012 Göran Weinholt + +;; Permission is hereby granted, free of charge, to any person obtaining a +;; copy of this software and associated documentation files (the "Software"), +;; to deal in the Software without restriction, including without limitation +;; the rights to use, copy, modify, merge, publish, distribute, sublicense, +;; and/or sell copies of the Software, and to permit persons to whom the +;; Software is furnished to do so, subject to the following conditions: + +;; The above copyright notice and this permission notice shall be included in +;; all copies or substantial portions of the Software. + +;; THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +;; IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +;; FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +;; THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +;; LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +;; FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +;; DEALINGS IN THE SOFTWARE. +#!r6rs + +;; Byte-oriented SHA-1 from FIPS 180-3 and RFC 3174. + +;; The data being hashed will never be modified here. + +;; TODO: give an error if more than 2^64 bits are processed? +;; TODO: Optimize. Should be simple enough with the help of a profiler. + +(library (web socket sha-1) + (export make-sha-1 sha-1-update! sha-1-finish! sha-1-clear! + sha-1 sha-1-copy sha-1-finish + sha-1-transform! ;for interested parties only + sha-1-length + sha-1-copy-hash! sha-1-96-copy-hash! + sha-1->bytevector sha-1->string + sha-1-hash=? sha-1-96-hash=? + hmac-sha-1) + (import (except (rnrs) bitwise-rotate-bit-field)) + + (define (sha-1-length) 20) + + (define (vector-copy x) (vector-map (lambda (i) i) x)) + + (define (rol32 n count) + (let ((field1 (bitwise-and #xffffffff (bitwise-arithmetic-shift-left n count))) + (field2 (bitwise-arithmetic-shift-right n (- 32 count)))) + (bitwise-ior field1 field2))) + + (define-record-type sha1state + (fields (immutable H) ;Hash + (immutable W) ;temporary data + (immutable m) ;unprocessed data + (mutable pending) ;length of unprocessed data + (mutable processed))) ;length of processed data + + (define (make-sha-1) + (let ((H (list->vector initial-hash)) + (W (make-bytevector (* 4 80))) + (m (make-bytevector (* 4 16)))) + (make-sha1state H W m 0 0))) + + (define (sha-1-copy state) + (let ((H (vector-copy (sha1state-H state))) + (W (make-bytevector (* 4 80))) + (m (bytevector-copy (sha1state-m state)))) + (make-sha1state H W m + (sha1state-pending state) + (sha1state-processed state)))) + + (define (sha-1-clear! state) + (for-each (lambda (i v) + (vector-set! (sha1state-H state) i v)) + '(0 1 2 3 4) + initial-hash) + (bytevector-fill! (sha1state-W state) 0) + (bytevector-fill! (sha1state-m state) 0) + (sha1state-pending-set! state 0) + (sha1state-processed-set! state 0)) + + (define initial-hash '(#x67452301 #xefcdab89 #x98badcfe #x10325476 #xc3d2e1f0)) + + (define (Ch x y z) + (bitwise-xor (bitwise-and x y) + (bitwise-and (bitwise-not x) z))) + + (define Parity bitwise-xor) + + (define (Maj x y z) + (bitwise-xor (bitwise-and x y) + (bitwise-and x z) + (bitwise-and y z))) + + (define k1 #x5a827999) + (define k2 #x6ed9eba1) + (define k3 #x8f1bbcdc) + (define k4 #xca62c1d6) + + (define (f t B C D) + ((cond ((<= 0 t 19) Ch) + ((<= 20 t 39) Parity) + ((<= 40 t 59) Maj) + (else Parity)) + B C D)) + + (define (K t) + (cond ((<= 0 t 19) k1) + ((<= 20 t 39) k2) + ((<= 40 t 59) k3) + (else k4))) + + ;; This function transforms a whole 512 bit block. + (define (sha-1-transform! H W m offset) + ;; Copy the message block + (do ((t 0 (+ t 4))) + ((= t (* 4 16))) + (bytevector-u32-native-set! W t (bytevector-u32-ref m (+ t offset) (endianness big)))) + ;; Initialize W[16..79] + (do ((t (* 4 16) (+ t 4))) + ((= t (* 4 80))) + (bytevector-u32-native-set! W t (rol32 + (bitwise-xor (bytevector-u32-native-ref W (- t (* 4 3))) + (bytevector-u32-native-ref W (- t (* 4 8))) + (bytevector-u32-native-ref W (- t (* 4 14))) + (bytevector-u32-native-ref W (- t (* 4 16)))) + 1))) + ;; Do the hokey pokey + (let lp ((A (vector-ref H 0)) + (B (vector-ref H 1)) + (C (vector-ref H 2)) + (D (vector-ref H 3)) + (E (vector-ref H 4)) + (t 0)) + (cond ((= t 80) + (vector-set! H 0 (bitwise-and #xffffffff (+ A (vector-ref H 0)))) + (vector-set! H 1 (bitwise-and #xffffffff (+ B (vector-ref H 1)))) + (vector-set! H 2 (bitwise-and #xffffffff (+ C (vector-ref H 2)))) + (vector-set! H 3 (bitwise-and #xffffffff (+ D (vector-ref H 3)))) + (vector-set! H 4 (bitwise-and #xffffffff (+ E (vector-ref H 4))))) + (else + (lp (bitwise-and #xffffffff + (+ (rol32 A 5) + (f t B C D) + E + (bytevector-u32-native-ref W (* 4 t)) + (K t))) + A + (rol32 B 30) + C + D + (+ t 1)))))) + + ;; Add a bytevector to the state. Align your data to whole blocks if + ;; you want this to go a little faster. + (define sha-1-update! + (case-lambda + ((state data start end) + (let ((m (sha1state-m state)) ;unprocessed data + (H (sha1state-H state)) + (W (sha1state-W state))) + (let lp ((offset start)) + (cond ((= (sha1state-pending state) 64) + ;; A whole block is pending + (sha-1-transform! H W m 0) + (sha1state-pending-set! state 0) + (sha1state-processed-set! state (+ 64 (sha1state-processed state))) + (lp offset)) + ((= offset end) + (values)) + ((or (> (sha1state-pending state) 0) + (> (+ offset 64) end)) + ;; Pending data exists or less than a block remains. + ;; Add more pending data. + (let ((added (min (- 64 (sha1state-pending state)) + (- end offset)))) + (bytevector-copy! data offset + m (sha1state-pending state) + added) + (sha1state-pending-set! state (+ added (sha1state-pending state))) + (lp (+ offset added)))) + (else + ;; Consume a whole block + (sha-1-transform! H W data offset) + (sha1state-processed-set! state (+ 64 (sha1state-processed state))) + (lp (+ offset 64))))))) + ((state data) + (sha-1-update! state data 0 (bytevector-length data))))) + + (define zero-block (make-bytevector 64 0)) + + ;; Finish the state by adding a 1, zeros and the counter. + (define (sha-1-finish! state) + (let ((m (sha1state-m state)) + (pending (+ (sha1state-pending state) 1))) + (bytevector-u8-set! m (sha1state-pending state) #x80) + (cond ((> pending 56) + (bytevector-copy! zero-block 0 + m pending + (- 64 pending)) + (sha-1-transform! (sha1state-H state) + (sha1state-W state) + m + 0) + (bytevector-fill! m 0)) + (else + (bytevector-copy! zero-block 0 + m pending + (- 64 pending)))) + ;; Number of bits in the data + (bytevector-u64-set! m 56 + (* (+ (sha1state-processed state) + (- pending 1)) + 8) + (endianness big)) + (sha-1-transform! (sha1state-H state) + (sha1state-W state) + m + 0))) + + (define (sha-1-finish state) + (let ((copy (sha-1-copy state))) + (sha-1-finish! copy) + copy)) + + ;; Find the SHA-1 of the concatenation of the given bytevectors. + (define (sha-1 . data) + (let ((state (make-sha-1))) + (for-each (lambda (d) (sha-1-update! state d)) + data) + (sha-1-finish! state) + state)) + + (define (copy-hash! state bv off len) + (do ((i 0 (+ i 1))) + ((= i len)) + (bytevector-u32-set! bv (+ off (* 4 i)) + (vector-ref (sha1state-H state) i) + (endianness big)))) + + (define (sha-1-copy-hash! state bv off) + (copy-hash! state bv off 5)) + + (define (sha-1-96-copy-hash! state bv off) + (copy-hash! state bv off 3)) + + (define (sha-1->bytevector state) + (let ((ret (make-bytevector (* 4 5)))) + (sha-1-copy-hash! state ret 0) + ret)) + + (define (sha-1->string state) + (apply string-append + (map (lambda (x) + (if (< x #x10) + (string-append "0" (number->string x 16)) + (number->string x 16))) + (bytevector->u8-list (sha-1->bytevector state))))) + + ;; Compare an SHA-1 state with a bytevector. It is supposed to not + ;; terminate early in order to not leak timing information. Assumes + ;; that the bytevector's length is ok. + (define (cmp state bv len) + (do ((i 0 (fx+ i 1)) + (diff 0 (+ diff + (bitwise-xor + (bytevector-u32-ref bv (* 4 i) (endianness big)) + (vector-ref (sha1state-H state) i))))) + ((fx=? i len) + (zero? diff)))) + + (define (sha-1-hash=? state bv) (cmp state bv 5)) + + (define (sha-1-96-hash=? state bv) (cmp state bv 3)) + +;;; HMAC-SHA-1. RFC 2104. + + ;; TODO: an API with make, update!, finish!, finish, clear!, copy, etc + + (define (hmac-sha-1 secret . data) + ;; RFC 2104. + (if (> (bytevector-length secret) 64) + (apply hmac-sha-1 (sha-1->bytevector (sha-1 secret)) data) + (let ((k-ipad (make-bytevector 64 0)) + (k-opad (make-bytevector 64 0))) + (bytevector-copy! secret 0 k-ipad 0 (bytevector-length secret)) + (bytevector-copy! secret 0 k-opad 0 (bytevector-length secret)) + (do ((i 0 (fx+ i 1))) + ((fx=? i 64)) + (bytevector-u8-set! k-ipad i (fxxor #x36 (bytevector-u8-ref k-ipad i))) + (bytevector-u8-set! k-opad i (fxxor #x5c (bytevector-u8-ref k-opad i)))) + (let ((state (make-sha-1))) + (sha-1-update! state k-ipad) + (for-each (lambda (d) (sha-1-update! state d)) data) + (sha-1-finish! state) + (let ((digest (sha-1->bytevector state))) + (sha-1-clear! state) + (sha-1-update! state k-opad) + (sha-1-update! state digest) + (sha-1-finish! state) + state)))))) -- cgit v1.2.3