commit
bffd9ee33b
@ -0,0 +1,452 @@
|
||||
/* Functions to compute MD5 message digest of files or memory blocks.
|
||||
according to the definition of MD5 in RFC 1321 from April 1992.
|
||||
Copyright (C) 1995,1996,1997,1999,2000,2001,2005
|
||||
Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
The GNU C Library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with the GNU C Library; if not, write to the Free
|
||||
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
||||
02111-1307 USA. */
|
||||
|
||||
/* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995. */
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
# include <stdlib.h>
|
||||
# include <string.h>
|
||||
|
||||
#include "md5.h"
|
||||
|
||||
/* #ifdef _LIBC */
|
||||
# include <endian.h>
|
||||
# if __BYTE_ORDER == __BIG_ENDIAN
|
||||
# define WORDS_BIGENDIAN 1
|
||||
# endif
|
||||
/* We need to keep the namespace clean so define the MD5 function
|
||||
protected using leading __ . */
|
||||
# define md5_init_ctx __md5_init_ctx
|
||||
# define md5_process_block __md5_process_block
|
||||
# define md5_process_bytes __md5_process_bytes
|
||||
# define md5_finish_ctx __md5_finish_ctx
|
||||
# define md5_read_ctx __md5_read_ctx
|
||||
# define md5_stream __md5_stream
|
||||
# define md5_buffer __md5_buffer
|
||||
/* #endif */
|
||||
|
||||
#ifdef WORDS_BIGENDIAN
|
||||
# define SWAP(n) \
|
||||
(((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
|
||||
#else
|
||||
# define SWAP(n) (n)
|
||||
#endif
|
||||
|
||||
void
|
||||
md5_process_bytes (const void *buffer, size_t len, struct md5_ctx *ctx);
|
||||
void
|
||||
md5_process_block (const void *buffer, size_t len, struct md5_ctx *ctx);
|
||||
|
||||
/* This array contains the bytes used to pad the buffer to the next
|
||||
64-byte boundary. (RFC 1321, 3.1: Step 1) */
|
||||
static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
|
||||
|
||||
|
||||
/* Initialize structure containing state of computation.
|
||||
(RFC 1321, 3.3: Step 3) */
|
||||
void
|
||||
md5_init_ctx (ctx)
|
||||
struct md5_ctx *ctx;
|
||||
{
|
||||
ctx->A = 0x67452301;
|
||||
ctx->B = 0xefcdab89;
|
||||
ctx->C = 0x98badcfe;
|
||||
ctx->D = 0x10325476;
|
||||
|
||||
ctx->total[0] = ctx->total[1] = 0;
|
||||
ctx->buflen = 0;
|
||||
}
|
||||
|
||||
/* Put result from CTX in first 16 bytes following RESBUF. The result
|
||||
must be in little endian byte order.
|
||||
|
||||
IMPORTANT: On some systems it is required that RESBUF is correctly
|
||||
aligned for a 32 bits value. */
|
||||
void *
|
||||
md5_read_ctx (ctx, resbuf)
|
||||
const struct md5_ctx *ctx;
|
||||
void *resbuf;
|
||||
{
|
||||
((md5_uint32 *) resbuf)[0] = SWAP (ctx->A);
|
||||
((md5_uint32 *) resbuf)[1] = SWAP (ctx->B);
|
||||
((md5_uint32 *) resbuf)[2] = SWAP (ctx->C);
|
||||
((md5_uint32 *) resbuf)[3] = SWAP (ctx->D);
|
||||
|
||||
return resbuf;
|
||||
}
|
||||
|
||||
/* Process the remaining bytes in the internal buffer and the usual
|
||||
prolog according to the standard and write the result to RESBUF.
|
||||
|
||||
IMPORTANT: On some systems it is required that RESBUF is correctly
|
||||
aligned for a 32 bits value. */
|
||||
void *
|
||||
md5_finish_ctx (ctx, resbuf)
|
||||
struct md5_ctx *ctx;
|
||||
void *resbuf;
|
||||
{
|
||||
/* Take yet unprocessed bytes into account. */
|
||||
md5_uint32 bytes = ctx->buflen;
|
||||
size_t pad;
|
||||
|
||||
/* Now count remaining bytes. */
|
||||
ctx->total[0] += bytes;
|
||||
if (ctx->total[0] < bytes)
|
||||
++ctx->total[1];
|
||||
|
||||
pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes;
|
||||
memcpy (&ctx->buffer[bytes], fillbuf, pad);
|
||||
|
||||
/* Put the 64-bit file length in *bits* at the end of the buffer. */
|
||||
*(md5_uint32 *) &ctx->buffer[bytes + pad] = SWAP (ctx->total[0] << 3);
|
||||
*(md5_uint32 *) &ctx->buffer[bytes + pad + 4] = SWAP ((ctx->total[1] << 3) |
|
||||
(ctx->total[0] >> 29));
|
||||
|
||||
/* Process last bytes. */
|
||||
md5_process_block (ctx->buffer, bytes + pad + 8, ctx);
|
||||
|
||||
return md5_read_ctx (ctx, resbuf);
|
||||
}
|
||||
|
||||
/* Compute MD5 message digest for bytes read from STREAM. The
|
||||
resulting message digest number will be written into the 16 bytes
|
||||
beginning at RESBLOCK. */
|
||||
int
|
||||
md5_stream (stream, resblock)
|
||||
FILE *stream;
|
||||
void *resblock;
|
||||
{
|
||||
/* Important: BLOCKSIZE must be a multiple of 64. */
|
||||
#define BLOCKSIZE 4096
|
||||
struct md5_ctx ctx;
|
||||
char buffer[BLOCKSIZE + 72];
|
||||
size_t sum;
|
||||
|
||||
/* Initialize the computation context. */
|
||||
md5_init_ctx (&ctx);
|
||||
|
||||
/* Iterate over full file contents. */
|
||||
while (1)
|
||||
{
|
||||
/* We read the file in blocks of BLOCKSIZE bytes. One call of the
|
||||
computation function processes the whole buffer so that with the
|
||||
next round of the loop another block can be read. */
|
||||
size_t n;
|
||||
sum = 0;
|
||||
|
||||
/* Read block. Take care for partial reads. */
|
||||
do
|
||||
{
|
||||
n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
|
||||
|
||||
sum += n;
|
||||
}
|
||||
while (sum < BLOCKSIZE && n != 0);
|
||||
if (n == 0 && ferror (stream))
|
||||
return 1;
|
||||
|
||||
/* If end of file is reached, end the loop. */
|
||||
if (n == 0)
|
||||
break;
|
||||
|
||||
/* Process buffer with BLOCKSIZE bytes. Note that
|
||||
BLOCKSIZE % 64 == 0
|
||||
*/
|
||||
md5_process_block (buffer, BLOCKSIZE, &ctx);
|
||||
}
|
||||
|
||||
/* Add the last bytes if necessary. */
|
||||
if (sum > 0)
|
||||
md5_process_bytes (buffer, sum, &ctx);
|
||||
|
||||
/* Construct result in desired memory. */
|
||||
md5_finish_ctx (&ctx, resblock);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Compute MD5 message digest for LEN bytes beginning at BUFFER. The
|
||||
result is always in little endian byte order, so that a byte-wise
|
||||
output yields to the wanted ASCII representation of the message
|
||||
digest. */
|
||||
void *
|
||||
md5_buffer (buffer, len, resblock)
|
||||
const char *buffer;
|
||||
size_t len;
|
||||
void *resblock;
|
||||
{
|
||||
struct md5_ctx ctx;
|
||||
|
||||
/* Initialize the computation context. */
|
||||
md5_init_ctx (&ctx);
|
||||
|
||||
/* Process whole buffer but last len % 64 bytes. */
|
||||
md5_process_bytes (buffer, len, &ctx);
|
||||
|
||||
/* Put result in desired memory area. */
|
||||
return md5_finish_ctx (&ctx, resblock);
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
md5_process_bytes (buffer, len, ctx)
|
||||
const void *buffer;
|
||||
size_t len;
|
||||
struct md5_ctx *ctx;
|
||||
{
|
||||
/* When we already have some bits in our internal buffer concatenate
|
||||
both inputs first. */
|
||||
if (ctx->buflen != 0)
|
||||
{
|
||||
size_t left_over = ctx->buflen;
|
||||
size_t add = 128 - left_over > len ? len : 128 - left_over;
|
||||
|
||||
memcpy (&ctx->buffer[left_over], buffer, add);
|
||||
ctx->buflen += add;
|
||||
|
||||
if (ctx->buflen > 64)
|
||||
{
|
||||
md5_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
|
||||
|
||||
ctx->buflen &= 63;
|
||||
/* The regions in the following copy operation cannot overlap. */
|
||||
memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~63],
|
||||
ctx->buflen);
|
||||
}
|
||||
|
||||
buffer = (const char *) buffer + add;
|
||||
len -= add;
|
||||
}
|
||||
|
||||
/* Process available complete blocks. */
|
||||
if (len >= 64)
|
||||
{
|
||||
#if !_STRING_ARCH_unaligned
|
||||
/* To check alignment gcc has an appropriate operator. Other
|
||||
compilers don't. */
|
||||
# if __GNUC__ >= 2
|
||||
# define UNALIGNED_P(p) (((md5_uintptr) p) % __alignof__ (md5_uint32) != 0)
|
||||
# else
|
||||
# define UNALIGNED_P(p) (((md5_uintptr) p) % sizeof (md5_uint32) != 0)
|
||||
# endif
|
||||
if (UNALIGNED_P (buffer))
|
||||
while (len > 64)
|
||||
{
|
||||
md5_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
|
||||
buffer = (const char *) buffer + 64;
|
||||
len -= 64;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
md5_process_block (buffer, len & ~63, ctx);
|
||||
buffer = (const char *) buffer + (len & ~63);
|
||||
len &= 63;
|
||||
}
|
||||
}
|
||||
|
||||
/* Move remaining bytes in internal buffer. */
|
||||
if (len > 0)
|
||||
{
|
||||
size_t left_over = ctx->buflen;
|
||||
|
||||
memcpy (&ctx->buffer[left_over], buffer, len);
|
||||
left_over += len;
|
||||
if (left_over >= 64)
|
||||
{
|
||||
md5_process_block (ctx->buffer, 64, ctx);
|
||||
left_over -= 64;
|
||||
memcpy (ctx->buffer, &ctx->buffer[64], left_over);
|
||||
}
|
||||
ctx->buflen = left_over;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* These are the four functions used in the four steps of the MD5 algorithm
|
||||
and defined in the RFC 1321. The first function is a little bit optimized
|
||||
(as found in Colin Plumbs public domain implementation). */
|
||||
/* #define FF(b, c, d) ((b & c) | (~b & d)) */
|
||||
#define FF(b, c, d) (d ^ (b & (c ^ d)))
|
||||
#define FG(b, c, d) FF (d, b, c)
|
||||
#define FH(b, c, d) (b ^ c ^ d)
|
||||
#define FI(b, c, d) (c ^ (b | ~d))
|
||||
|
||||
/* Process LEN bytes of BUFFER, accumulating context into CTX.
|
||||
It is assumed that LEN % 64 == 0. */
|
||||
|
||||
void
|
||||
md5_process_block (buffer, len, ctx)
|
||||
const void *buffer;
|
||||
size_t len;
|
||||
struct md5_ctx *ctx;
|
||||
{
|
||||
md5_uint32 correct_words[16];
|
||||
const md5_uint32 *words = buffer;
|
||||
size_t nwords = len / sizeof (md5_uint32);
|
||||
const md5_uint32 *endp = words + nwords;
|
||||
md5_uint32 A = ctx->A;
|
||||
md5_uint32 B = ctx->B;
|
||||
md5_uint32 C = ctx->C;
|
||||
md5_uint32 D = ctx->D;
|
||||
|
||||
/* First increment the byte count. RFC 1321 specifies the possible
|
||||
length of the file up to 2^64 bits. Here we only compute the
|
||||
number of bytes. Do a double word increment. */
|
||||
ctx->total[0] += len;
|
||||
if (ctx->total[0] < len)
|
||||
++ctx->total[1];
|
||||
|
||||
/* Process all bytes in the buffer with 64 bytes in each round of
|
||||
the loop. */
|
||||
while (words < endp)
|
||||
{
|
||||
md5_uint32 *cwp = correct_words;
|
||||
md5_uint32 A_save = A;
|
||||
md5_uint32 B_save = B;
|
||||
md5_uint32 C_save = C;
|
||||
md5_uint32 D_save = D;
|
||||
|
||||
/* First round: using the given function, the context and a constant
|
||||
the next context is computed. Because the algorithms processing
|
||||
unit is a 32-bit word and it is determined to work on words in
|
||||
little endian byte order we perhaps have to change the byte order
|
||||
before the computation. To reduce the work for the next steps
|
||||
we store the swapped words in the array CORRECT_WORDS. */
|
||||
|
||||
#define OP(a, b, c, d, s, T) \
|
||||
do \
|
||||
{ \
|
||||
a += FF (b, c, d) + (*cwp++ = SWAP (*words)) + T; \
|
||||
++words; \
|
||||
CYCLIC (a, s); \
|
||||
a += b; \
|
||||
} \
|
||||
while (0)
|
||||
|
||||
/* It is unfortunate that C does not provide an operator for
|
||||
cyclic rotation. Hope the C compiler is smart enough. */
|
||||
#define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s)))
|
||||
|
||||
/* Before we start, one word to the strange constants.
|
||||
They are defined in RFC 1321 as
|
||||
|
||||
T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64
|
||||
*/
|
||||
|
||||
/* Round 1. */
|
||||
OP (A, B, C, D, 7, 0xd76aa478);
|
||||
OP (D, A, B, C, 12, 0xe8c7b756);
|
||||
OP (C, D, A, B, 17, 0x242070db);
|
||||
OP (B, C, D, A, 22, 0xc1bdceee);
|
||||
OP (A, B, C, D, 7, 0xf57c0faf);
|
||||
OP (D, A, B, C, 12, 0x4787c62a);
|
||||
OP (C, D, A, B, 17, 0xa8304613);
|
||||
OP (B, C, D, A, 22, 0xfd469501);
|
||||
OP (A, B, C, D, 7, 0x698098d8);
|
||||
OP (D, A, B, C, 12, 0x8b44f7af);
|
||||
OP (C, D, A, B, 17, 0xffff5bb1);
|
||||
OP (B, C, D, A, 22, 0x895cd7be);
|
||||
OP (A, B, C, D, 7, 0x6b901122);
|
||||
OP (D, A, B, C, 12, 0xfd987193);
|
||||
OP (C, D, A, B, 17, 0xa679438e);
|
||||
OP (B, C, D, A, 22, 0x49b40821);
|
||||
|
||||
/* For the second to fourth round we have the possibly swapped words
|
||||
in CORRECT_WORDS. Redefine the macro to take an additional first
|
||||
argument specifying the function to use. */
|
||||
#undef OP
|
||||
#define OP(f, a, b, c, d, k, s, T) \
|
||||
do \
|
||||
{ \
|
||||
a += f (b, c, d) + correct_words[k] + T; \
|
||||
CYCLIC (a, s); \
|
||||
a += b; \
|
||||
} \
|
||||
while (0)
|
||||
|
||||
/* Round 2. */
|
||||
OP (FG, A, B, C, D, 1, 5, 0xf61e2562);
|
||||
OP (FG, D, A, B, C, 6, 9, 0xc040b340);
|
||||
OP (FG, C, D, A, B, 11, 14, 0x265e5a51);
|
||||
OP (FG, B, C, D, A, 0, 20, 0xe9b6c7aa);
|
||||
OP (FG, A, B, C, D, 5, 5, 0xd62f105d);
|
||||
OP (FG, D, A, B, C, 10, 9, 0x02441453);
|
||||
OP (FG, C, D, A, B, 15, 14, 0xd8a1e681);
|
||||
OP (FG, B, C, D, A, 4, 20, 0xe7d3fbc8);
|
||||
OP (FG, A, B, C, D, 9, 5, 0x21e1cde6);
|
||||
OP (FG, D, A, B, C, 14, 9, 0xc33707d6);
|
||||
OP (FG, C, D, A, B, 3, 14, 0xf4d50d87);
|
||||
OP (FG, B, C, D, A, 8, 20, 0x455a14ed);
|
||||
OP (FG, A, B, C, D, 13, 5, 0xa9e3e905);
|
||||
OP (FG, D, A, B, C, 2, 9, 0xfcefa3f8);
|
||||
OP (FG, C, D, A, B, 7, 14, 0x676f02d9);
|
||||
OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a);
|
||||
|
||||
/* Round 3. */
|
||||
OP (FH, A, B, C, D, 5, 4, 0xfffa3942);
|
||||
OP (FH, D, A, B, C, 8, 11, 0x8771f681);
|
||||
OP (FH, C, D, A, B, 11, 16, 0x6d9d6122);
|
||||
OP (FH, B, C, D, A, 14, 23, 0xfde5380c);
|
||||
OP (FH, A, B, C, D, 1, 4, 0xa4beea44);
|
||||
OP (FH, D, A, B, C, 4, 11, 0x4bdecfa9);
|
||||
OP (FH, C, D, A, B, 7, 16, 0xf6bb4b60);
|
||||
OP (FH, B, C, D, A, 10, 23, 0xbebfbc70);
|
||||
OP (FH, A, B, C, D, 13, 4, 0x289b7ec6);
|
||||
OP (FH, D, A, B, C, 0, 11, 0xeaa127fa);
|
||||
OP (FH, C, D, A, B, 3, 16, 0xd4ef3085);
|
||||
OP (FH, B, C, D, A, 6, 23, 0x04881d05);
|
||||
OP (FH, A, B, C, D, 9, 4, 0xd9d4d039);
|
||||
OP (FH, D, A, B, C, 12, 11, 0xe6db99e5);
|
||||
OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8);
|
||||
OP (FH, B, C, D, A, 2, 23, 0xc4ac5665);
|
||||
|
||||
/* Round 4. */
|
||||
OP (FI, A, B, C, D, 0, 6, 0xf4292244);
|
||||
OP (FI, D, A, B, C, 7, 10, 0x432aff97);
|
||||
OP (FI, C, D, A, B, 14, 15, 0xab9423a7);
|
||||
OP (FI, B, C, D, A, 5, 21, 0xfc93a039);
|
||||
OP (FI, A, B, C, D, 12, 6, 0x655b59c3);
|
||||
OP (FI, D, A, B, C, 3, 10, 0x8f0ccc92);
|
||||
OP (FI, C, D, A, B, 10, 15, 0xffeff47d);
|
||||
OP (FI, B, C, D, A, 1, 21, 0x85845dd1);
|
||||
OP (FI, A, B, C, D, 8, 6, 0x6fa87e4f);
|
||||
OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0);
|
||||
OP (FI, C, D, A, B, 6, 15, 0xa3014314);
|
||||
OP (FI, B, C, D, A, 13, 21, 0x4e0811a1);
|
||||
OP (FI, A, B, C, D, 4, 6, 0xf7537e82);
|
||||
OP (FI, D, A, B, C, 11, 10, 0xbd3af235);
|
||||
OP (FI, C, D, A, B, 2, 15, 0x2ad7d2bb);
|
||||
OP (FI, B, C, D, A, 9, 21, 0xeb86d391);
|
||||
|
||||
/* Add the starting values of the context. */
|
||||
A += A_save;
|
||||
B += B_save;
|
||||
C += C_save;
|
||||
D += D_save;
|
||||
}
|
||||
|
||||
/* Put checksum in context given as argument. */
|
||||
ctx->A = A;
|
||||
ctx->B = B;
|
||||
ctx->C = C;
|
||||
ctx->D = D;
|
||||
}
|
@ -0,0 +1,148 @@
|
||||
/* Declaration of functions and data types used for MD5 sum computing
|
||||
library functions.
|
||||
Copyright (C) 1995-1997,1999,2000,2001,2004,2005
|
||||
Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
The GNU C Library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with the GNU C Library; if not, write to the Free
|
||||
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
||||
02111-1307 USA. */
|
||||
|
||||
#ifndef _MD5_H
|
||||
#define _MD5_H 1
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
#if defined HAVE_LIMITS_H || _LIBC
|
||||
# include <limits.h>
|
||||
#endif
|
||||
|
||||
#define MD5_DIGEST_SIZE 16
|
||||
#define MD5_BLOCK_SIZE 64
|
||||
|
||||
/* The following contortions are an attempt to use the C preprocessor
|
||||
to determine an unsigned integral type that is 32 bits wide. An
|
||||
alternative approach is to use autoconf's AC_CHECK_SIZEOF macro, but
|
||||
doing that would require that the configure script compile and *run*
|
||||
the resulting executable. Locally running cross-compiled executables
|
||||
is usually not possible. */
|
||||
|
||||
#ifdef _LIBC
|
||||
# include <stdint.h>
|
||||
typedef uint32_t md5_uint32;
|
||||
typedef uintptr_t md5_uintptr;
|
||||
#else
|
||||
# if defined __STDC__ && __STDC__
|
||||
# define UINT_MAX_32_BITS 4294967295U
|
||||
# else
|
||||
# define UINT_MAX_32_BITS 0xFFFFFFFF
|
||||
# endif
|
||||
|
||||
/* If UINT_MAX isn't defined, assume it's a 32-bit type.
|
||||
This should be valid for all systems GNU cares about because
|
||||
that doesn't include 16-bit systems, and only modern systems
|
||||
(that certainly have <limits.h>) have 64+-bit integral types. */
|
||||
|
||||
# ifndef UINT_MAX
|
||||
# define UINT_MAX UINT_MAX_32_BITS
|
||||
# endif
|
||||
|
||||
# if UINT_MAX == UINT_MAX_32_BITS
|
||||
typedef unsigned int md5_uint32;
|
||||
# else
|
||||
# if USHRT_MAX == UINT_MAX_32_BITS
|
||||
typedef unsigned short md5_uint32;
|
||||
# else
|
||||
# if ULONG_MAX == UINT_MAX_32_BITS
|
||||
typedef unsigned long md5_uint32;
|
||||
# else
|
||||
/* The following line is intended to evoke an error.
|
||||
Using #error is not portable enough. */
|
||||
"Cannot determine unsigned 32-bit data type."
|
||||
# endif
|
||||
# endif
|
||||
# endif
|
||||
/* We have to make a guess about the integer type equivalent in size
|
||||
to pointers which should always be correct. */
|
||||
typedef unsigned long int md5_uintptr;
|
||||
#endif
|
||||
|
||||
/* Structure to save state of computation between the single steps. */
|
||||
struct md5_ctx
|
||||
{
|
||||
md5_uint32 A;
|
||||
md5_uint32 B;
|
||||
md5_uint32 C;
|
||||
md5_uint32 D;
|
||||
|
||||
md5_uint32 total[2];
|
||||
md5_uint32 buflen;
|
||||
char buffer[128] __attribute__ ((__aligned__ (__alignof__ (md5_uint32))));
|
||||
};
|
||||
|
||||
/*
|
||||
* The following three functions are build up the low level used in
|
||||
* the functions `md5_stream' and `md5_buffer'.
|
||||
*/
|
||||
|
||||
/* Initialize structure containing state of computation.
|
||||
(RFC 1321, 3.3: Step 3) */
|
||||
extern void __md5_init_ctx (struct md5_ctx *ctx) __THROW;
|
||||
|
||||
/* Starting with the result of former calls of this function (or the
|
||||
initialization function update the context for the next LEN bytes
|
||||
starting at BUFFER.
|
||||
It is necessary that LEN is a multiple of 64!!! */
|
||||
extern void __md5_process_block (const void *buffer, size_t len,
|
||||
struct md5_ctx *ctx) __THROW;
|
||||
|
||||
/* Starting with the result of former calls of this function (or the
|
||||
initialization function update the context for the next LEN bytes
|
||||
starting at BUFFER.
|
||||
It is NOT required that LEN is a multiple of 64. */
|
||||
extern void __md5_process_bytes (const void *buffer, size_t len,
|
||||
struct md5_ctx *ctx) __THROW;
|
||||
|
||||
/* Process the remaining bytes in the buffer and put result from CTX
|
||||
in first 16 bytes following RESBUF. The result is always in little
|
||||
endian byte order, so that a byte-wise output yields to the wanted
|
||||
ASCII representation of the message digest.
|
||||
|
||||
IMPORTANT: On some systems it is required that RESBUF is correctly
|
||||
aligned for a 32 bits value. */
|
||||
extern void *__md5_finish_ctx (struct md5_ctx *ctx, void *resbuf) __THROW;
|
||||
|
||||
|
||||
/* Put result from CTX in first 16 bytes following RESBUF. The result is
|
||||
always in little endian byte order, so that a byte-wise output yields
|
||||
to the wanted ASCII representation of the message digest.
|
||||
|
||||
IMPORTANT: On some systems it is required that RESBUF is correctly
|
||||
aligned for a 32 bits value. */
|
||||
extern void *__md5_read_ctx (const struct md5_ctx *ctx, void *resbuf) __THROW;
|
||||
|
||||
|
||||
/* Compute MD5 message digest for bytes read from STREAM. The
|
||||
resulting message digest number will be written into the 16 bytes
|
||||
beginning at RESBLOCK. */
|
||||
extern int __md5_stream (FILE *stream, void *resblock) __THROW;
|
||||
|
||||
/* Compute MD5 message digest for LEN bytes beginning at BUFFER. The
|
||||
result is always in little endian byte order, so that a byte-wise
|
||||
output yields to the wanted ASCII representation of the message
|
||||
digest. */
|
||||
extern void *__md5_buffer (const char *buffer, size_t len,
|
||||
void *resblock) __THROW;
|
||||
|
||||
#endif /* md5.h */
|
@ -0,0 +1,411 @@
|
||||
/*
|
||||
* Copyright (C) The Internet Society (2001). All Rights Reserved.
|
||||
*
|
||||
* This document and translations of it may be copied and furnished to
|
||||
* others, and derivative works that comment on or otherwise explain it
|
||||
* or assist in its implementation may be prepared, copied, published
|
||||
* and distributed, in whole or in part, without restriction of any
|
||||
* kind, provided that the above copyright notice and this paragraph are
|
||||
* included on all such copies and derivative works. However, this
|
||||
* document itself may not be modified in any way, such as by removing
|
||||
* the copyright notice or references to the Internet Society or other
|
||||
* Internet organizations, except as needed for the purpose of
|
||||
* developing Internet standards in which case the procedures for
|
||||
* copyrights defined in the Internet Standards process must be
|
||||
* followed, or as required to translate it into languages other than
|
||||
* English.
|
||||
*
|
||||
* The limited permissions granted above are perpetual and will not be
|
||||
* revoked by the Internet Society or its successors or assigns.
|
||||
*
|
||||
* This document and the information contained herein is provided on an
|
||||
* "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
* TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
* BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
* HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*/
|
||||
|
||||
/*
|
||||
* sha1.c
|
||||
*
|
||||
* Description:
|
||||
* This file implements the Secure Hashing Algorithm 1 as
|
||||
* defined in FIPS PUB 180-1 published April 17, 1995.
|
||||
*
|
||||
* The SHA-1, produces a 160-bit message digest for a given
|
||||
* data stream. It should take about 2**n steps to find a
|
||||
* message with the same digest as a given message and
|
||||
* 2**(n/2) to find any two messages with the same digest,
|
||||
* when n is the digest size in bits. Therefore, this
|
||||
* algorithm can serve as a means of providing a
|
||||
* "fingerprint" for a message.
|
||||
*
|
||||
* Portability Issues:
|
||||
* SHA-1 is defined in terms of 32-bit "words". This code
|
||||
* uses <stdint.h> (included via "sha1.h" to define 32 and 8
|
||||
* bit unsigned integer types. If your C compiler does not
|
||||
* support 32 bit unsigned integers, this code is not
|
||||
* appropriate.
|
||||
*
|
||||
* Caveats:
|
||||
* SHA-1 is designed to work with messages less than 2^64 bits
|
||||
* long. Although SHA-1 allows a message digest to be generated
|
||||
* for messages of any number of bits less than 2^64, this
|
||||
* implementation only works with messages with a length that is
|
||||
* a multiple of the size of an 8-bit character.
|
||||
*
|
||||
*/
|
||||
|
||||
#include "sha1.h"
|
||||
|
||||
/*
|
||||
* Define the SHA1 circular left shift macro
|
||||
*/
|
||||
#define SHA1CircularShift(bits,word) \
|
||||
(((word) << (bits)) | ((word) >> (32-(bits))))
|
||||
|
||||
/* Local Function Prototyptes */
|
||||
void SHA1PadMessage(SHA1Context *);
|
||||
void SHA1ProcessMessageBlock(SHA1Context *);
|
||||
|
||||
/*
|
||||
* SHA1Reset
|
||||
*
|
||||
* Description:
|
||||
* This function will initialize the SHA1Context in preparation
|
||||
* for computing a new SHA1 message digest.
|
||||
*
|
||||
* Parameters:
|
||||
* context: [in/out]
|
||||
* The context to reset.
|
||||
*
|
||||
* Returns:
|
||||
* sha Error Code.
|
||||
*
|
||||
*/
|
||||
int SHA1Reset(SHA1Context *context)
|
||||
{
|
||||
if (!context)
|
||||
{
|
||||
return shaNull;
|
||||
}
|
||||
|
||||
context->Length_Low = 0;
|
||||
context->Length_High = 0;
|
||||
context->Message_Block_Index = 0;
|
||||
|
||||
context->Intermediate_Hash[0] = 0x67452301;
|
||||
context->Intermediate_Hash[1] = 0xEFCDAB89;
|
||||
context->Intermediate_Hash[2] = 0x98BADCFE;
|
||||
context->Intermediate_Hash[3] = 0x10325476;
|
||||
context->Intermediate_Hash[4] = 0xC3D2E1F0;
|
||||
|
||||
context->Computed = 0;
|
||||
context->Corrupted = 0;
|
||||
return shaSuccess;
|
||||
}
|
||||
|
||||
/*
|
||||
* SHA1Result
|
||||
*
|
||||
* Description:
|
||||
* This function will return the 160-bit message digest into the
|
||||
* Message_Digest array provided by the caller.
|
||||
* NOTE: The first octet of hash is stored in the 0th element,
|
||||
* the last octet of hash in the 19th element.
|
||||
*
|
||||
* Parameters:
|
||||
* context: [in/out]
|
||||
* The context to use to calculate the SHA-1 hash.
|
||||
* Message_Digest: [out]
|
||||
* Where the digest is returned.
|
||||
*
|
||||
* Returns:
|
||||
* sha Error Code.
|
||||
*
|
||||
*/
|
||||
int SHA1Result( SHA1Context *context,
|
||||
uint8_t Message_Digest[SHA1HashSize])
|
||||
{
|
||||
int i;
|
||||
|
||||
if (!context || !Message_Digest)
|
||||
{
|
||||
return shaNull;
|
||||
}
|
||||
|
||||
if (context->Corrupted)
|
||||
{
|
||||
return context->Corrupted;
|
||||
}
|
||||
|
||||
if (!context->Computed)
|
||||
{
|
||||
SHA1PadMessage(context);
|
||||
for(i=0; i<64; ++i)
|
||||
{
|
||||
/* message may be sensitive, clear it out */
|
||||
context->Message_Block[i] = 0;
|
||||
}
|
||||
context->Length_Low = 0; /* and clear length */
|
||||
context->Length_High = 0;
|
||||
context->Computed = 1;
|
||||
}
|
||||
|
||||
for(i = 0; i < SHA1HashSize; ++i)
|
||||
{
|
||||
Message_Digest[i] = context->Intermediate_Hash[i>>2]
|
||||
>> 8 * ( 3 - ( i & 0x03 ) );
|
||||
}
|
||||
|
||||
return shaSuccess;
|
||||
}
|
||||
|
||||
/*
|
||||
* SHA1Input
|
||||
*
|
||||
* Description:
|
||||
* This function accepts an array of octets as the next portion
|
||||
* of the message.
|
||||
*
|
||||
* Parameters:
|
||||
* context: [in/out]
|
||||
* The SHA context to update
|
||||
* message_array: [in]
|
||||
* An array of characters representing the next portion of
|
||||
* the message.
|
||||
* length: [in]
|
||||
* The length of the message in message_array
|
||||
*
|
||||
* Returns:
|
||||
* sha Error Code.
|
||||
*
|
||||
*/
|
||||
int SHA1Input( SHA1Context *context,
|
||||
const uint8_t *message_array,
|
||||
unsigned length)
|
||||
{
|
||||
if (!length)
|
||||
{
|
||||
return shaSuccess;
|
||||
}
|
||||
|
||||
if (!context || !message_array)
|
||||
{
|
||||
return shaNull;
|
||||
}
|
||||
|
||||
if (context->Computed)
|
||||
{
|
||||
context->Corrupted = shaStateError;
|
||||
return shaStateError;
|
||||
}
|
||||
|
||||
if (context->Corrupted)
|
||||
{
|
||||
return context->Corrupted;
|
||||
}
|
||||
while(length-- && !context->Corrupted)
|
||||
{
|
||||
context->Message_Block[context->Message_Block_Index++] =
|
||||
(*message_array & 0xFF);
|
||||
|
||||
context->Length_Low += 8;
|
||||
if (context->Length_Low == 0)
|
||||
{
|
||||
context->Length_High++;
|
||||
if (context->Length_High == 0)
|
||||
{
|
||||
/* Message is too long */
|
||||
context->Corrupted = 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (context->Message_Block_Index == 64)
|
||||
{
|
||||
SHA1ProcessMessageBlock(context);
|
||||
}
|
||||
|
||||
message_array++;
|
||||
}
|
||||
|
||||
return shaSuccess;
|
||||
}
|
||||
|
||||
/*
|
||||
* SHA1ProcessMessageBlock
|
||||
*
|
||||
* Description:
|
||||
* This function will process the next 512 bits of the message
|
||||
* stored in the Message_Block array.
|
||||
*
|
||||
* Parameters:
|
||||
* None.
|
||||
*
|
||||
* Returns:
|
||||
* Nothing.
|
||||
*
|
||||
* Comments:
|
||||
* Many of the variable names in this code, especially the
|
||||
* single character names, were used because those were the
|
||||
* names used in the publication.
|
||||
*
|
||||
*
|
||||
*/
|
||||
void SHA1ProcessMessageBlock(SHA1Context *context)
|
||||
{
|
||||
const uint32_t K[] = { /* Constants defined in SHA-1 */
|
||||
0x5A827999,
|
||||
0x6ED9EBA1,
|
||||
0x8F1BBCDC,
|
||||
0xCA62C1D6
|
||||
};
|
||||
int t; /* Loop counter */
|
||||
uint32_t temp; /* Temporary word value */
|
||||
uint32_t W[80]; /* Word sequence */
|
||||
uint32_t A, B, C, D, E; /* Word buffers */
|
||||
|
||||
/*
|
||||
* Initialize the first 16 words in the array W
|
||||
*/
|
||||
for(t = 0; t < 16; t++)
|
||||
{
|
||||
W[t] = context->Message_Block[t * 4] << 24;
|
||||
W[t] |= context->Message_Block[t * 4 + 1] << 16;
|
||||
W[t] |= context->Message_Block[t * 4 + 2] << 8;
|
||||
W[t] |= context->Message_Block[t * 4 + 3];
|
||||
}
|
||||
|
||||
for(t = 16; t < 80; t++)
|
||||
{
|
||||
W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
|
||||
}
|
||||
|
||||
A = context->Intermediate_Hash[0];
|
||||
B = context->Intermediate_Hash[1];
|
||||
C = context->Intermediate_Hash[2];
|
||||
D = context->Intermediate_Hash[3];
|
||||
E = context->Intermediate_Hash[4];
|
||||
|
||||
for(t = 0; t < 20; t++)
|
||||
{
|
||||
temp = SHA1CircularShift(5,A) +
|
||||
((B & C) | ((~B) & D)) + E + W[t] + K[0];
|
||||
E = D;
|
||||
D = C;
|
||||
C = SHA1CircularShift(30,B);
|
||||
B = A;
|
||||
A = temp;
|
||||
}
|
||||
|
||||
for(t = 20; t < 40; t++)
|
||||
{
|
||||
temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
|
||||
E = D;
|
||||
D = C;
|
||||
C = SHA1CircularShift(30,B);
|
||||
B = A;
|
||||
A = temp;
|
||||
}
|
||||
|
||||
for(t = 40; t < 60; t++)
|
||||
{
|
||||
temp = SHA1CircularShift(5,A) +
|
||||
((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
|
||||
E = D;
|
||||
D = C;
|
||||
C = SHA1CircularShift(30,B);
|
||||
B = A;
|
||||
A = temp;
|
||||
}
|
||||
|
||||
for(t = 60; t < 80; t++)
|
||||
{
|
||||
temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
|
||||
E = D;
|
||||
D = C;
|
||||
C = SHA1CircularShift(30,B);
|
||||
B = A;
|
||||
A = temp;
|
||||
}
|
||||
|
||||
context->Intermediate_Hash[0] += A;
|
||||
context->Intermediate_Hash[1] += B;
|
||||
context->Intermediate_Hash[2] += C;
|
||||
context->Intermediate_Hash[3] += D;
|
||||
context->Intermediate_Hash[4] += E;
|
||||
|
||||
context->Message_Block_Index = 0;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* SHA1PadMessage
|
||||
*
|
||||
* Description:
|
||||
* According to the standard, the message must be padded to an even
|
||||
* 512 bits. The first padding bit must be a '1'. The last 64
|
||||
* bits represent the length of the original message. All bits in
|
||||
* between should be 0. This function will pad the message
|
||||
* according to those rules by filling the Message_Block array
|
||||
* accordingly. It will also call the ProcessMessageBlock function
|
||||
* provided appropriately. When it returns, it can be assumed that
|
||||
* the message digest has been computed.
|
||||
*
|
||||
* Parameters:
|
||||
* context: [in/out]
|
||||
* The context to pad
|
||||
* ProcessMessageBlock: [in]
|
||||
* The appropriate SHA*ProcessMessageBlock function
|
||||
* Returns:
|
||||
* Nothing.
|
||||
*
|
||||
*/
|
||||
|
||||
void SHA1PadMessage(SHA1Context *context)
|
||||
{
|
||||
/*
|
||||
* Check to see if the current message block is too small to hold
|
||||
* the initial padding bits and length. If so, we will pad the
|
||||
* block, process it, and then continue padding into a second
|
||||
* block.
|
||||
*/
|
||||
if (context->Message_Block_Index > 55)
|
||||
{
|
||||
context->Message_Block[context->Message_Block_Index++] = 0x80;
|
||||
while(context->Message_Block_Index < 64)
|
||||
{
|
||||
context->Message_Block[context->Message_Block_Index++] = 0;
|
||||
}
|
||||
|
||||
SHA1ProcessMessageBlock(context);
|
||||
|
||||
while(context->Message_Block_Index < 56)
|
||||
{
|
||||
context->Message_Block[context->Message_Block_Index++] = 0;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
context->Message_Block[context->Message_Block_Index++] = 0x80;
|
||||
while(context->Message_Block_Index < 56)
|
||||
{
|
||||
context->Message_Block[context->Message_Block_Index++] = 0;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Store the message length as the last 8 octets
|
||||
*/
|
||||
context->Message_Block[56] = context->Length_High >> 24;
|
||||
context->Message_Block[57] = context->Length_High >> 16;
|
||||
context->Message_Block[58] = context->Length_High >> 8;
|
||||
context->Message_Block[59] = context->Length_High;
|
||||
context->Message_Block[60] = context->Length_Low >> 24;
|
||||
context->Message_Block[61] = context->Length_Low >> 16;
|
||||
context->Message_Block[62] = context->Length_Low >> 8;
|
||||
context->Message_Block[63] = context->Length_Low;
|
||||
|
||||
SHA1ProcessMessageBlock(context);
|
||||
}
|
@ -0,0 +1,101 @@
|
||||
/*
|
||||
* Copyright (C) The Internet Society (2001). All Rights Reserved.
|
||||
*
|
||||
* This document and translations of it may be copied and furnished to
|
||||
* others, and derivative works that comment on or otherwise explain it
|
||||
* or assist in its implementation may be prepared, copied, published
|
||||
* and distributed, in whole or in part, without restriction of any
|
||||
* kind, provided that the above copyright notice and this paragraph are
|
||||
* included on all such copies and derivative works. However, this
|
||||
* document itself may not be modified in any way, such as by removing
|
||||
* the copyright notice or references to the Internet Society or other
|
||||
* Internet organizations, except as needed for the purpose of
|
||||
* developing Internet standards in which case the procedures for
|
||||
* copyrights defined in the Internet Standards process must be
|
||||
* followed, or as required to translate it into languages other than
|
||||
* English.
|
||||
*
|
||||
* The limited permissions granted above are perpetual and will not be
|
||||
* revoked by the Internet Society or its successors or assigns.
|
||||
*
|
||||
* This document and the information contained herein is provided on an
|
||||
* "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
* TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
* BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
* HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*/
|
||||
|
||||
/*
|
||||
* sha1.h
|
||||
*
|
||||
* Description:
|
||||
* This is the header file for code which implements the Secure
|
||||
* Hashing Algorithm 1 as defined in FIPS PUB 180-1 published
|
||||
* April 17, 1995.
|
||||
*
|
||||
* Many of the variable names in this code, especially the
|
||||
* single character names, were used because those were the names
|
||||
* used in the publication.
|
||||
*
|
||||
* Please read the file sha1.c for more information.
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _SHA1_H_
|
||||
#define _SHA1_H_
|
||||
|
||||
#include <stdint.h>
|
||||
/*
|
||||
* If you do not have the ISO standard stdint.h header file, then you
|
||||
* must typdef the following:
|
||||
* name meaning
|
||||
* uint32_t unsigned 32 bit integer
|
||||
* uint8_t unsigned 8 bit integer (i.e., unsigned char)
|
||||
* int_least16_t integer of >= 16 bits
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef _SHA_enum_
|
||||
#define _SHA_enum_
|
||||
enum
|
||||
{
|
||||
shaSuccess = 0,
|
||||
shaNull, /* Null pointer parameter */
|
||||
shaInputTooLong, /* input data too long */
|
||||
shaStateError /* called Input after Result */
|
||||
};
|
||||
#endif
|
||||
#define SHA1HashSize 20
|
||||
|
||||
/*
|
||||
* This structure will hold context information for the SHA-1
|
||||
* hashing operation
|
||||
*/
|
||||
typedef struct SHA1Context
|
||||
{
|
||||
uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */
|
||||
|
||||
uint32_t Length_Low; /* Message length in bits */
|
||||
uint32_t Length_High; /* Message length in bits */
|
||||
|
||||
/* Index into message block array */
|
||||
int_least16_t Message_Block_Index;
|
||||
uint8_t Message_Block[64]; /* 512-bit message blocks */
|
||||
|
||||
int Computed; /* Is the digest computed? */
|
||||
int Corrupted; /* Is the message digest corrupted? */
|
||||
} SHA1Context;
|
||||
|
||||
/*
|
||||
* Function Prototypes
|
||||
*/
|
||||
int SHA1Reset( SHA1Context *);
|
||||
int SHA1Input( SHA1Context *,
|
||||
const uint8_t *,
|
||||
unsigned int);
|
||||
int SHA1Result( SHA1Context *,
|
||||
uint8_t Message_Digest[SHA1HashSize]);
|
||||
|
||||
#endif
|
@ -0,0 +1,12 @@
|
||||
#ifndef _RFB_CRYPTO_H
|
||||
#define _RFB_CRYPTO_H 1
|
||||
|
||||
#include <sys/uio.h>
|
||||
|
||||
#define SHA1_HASH_SIZE 20
|
||||
#define MD5_HASH_SIZE 16
|
||||
|
||||
void digestmd5(const struct iovec *iov, int iovcnt, void *dest);
|
||||
void digestsha1(const struct iovec *iov, int iovcnt, void *dest);
|
||||
|
||||
#endif
|
@ -0,0 +1,50 @@
|
||||
/*
|
||||
* rfbcrypto_gnutls.c - Crypto wrapper (gnutls version)
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2011 Gernot Tenchio
|
||||
*
|
||||
* This is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This software is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this software; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
||||
* USA.
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
#include <gcrypt.h>
|
||||
#include "rfbcrypto.h"
|
||||
|
||||
void digestmd5(const struct iovec *iov, int iovcnt, void *dest)
|
||||
{
|
||||
gcry_md_hd_t c;
|
||||
int i;
|
||||
|
||||
gcry_md_open(&c, GCRY_MD_MD5, 0);
|
||||
for (i = 0; i < iovcnt; i++)
|
||||
gcry_md_write(c, iov[i].iov_base, iov[i].iov_len);
|
||||
gcry_md_final(c);
|
||||
memcpy(dest, gcry_md_read(c, 0), gcry_md_get_algo_dlen(GCRY_MD_MD5));
|
||||
}
|
||||
|
||||
void digestsha1(const struct iovec *iov, int iovcnt, void *dest)
|
||||
{
|
||||
gcry_md_hd_t c;
|
||||
int i;
|
||||
|
||||
gcry_md_open(&c, GCRY_MD_SHA1, 0);
|
||||
for (i = 0; i < iovcnt; i++)
|
||||
gcry_md_write(c, iov[i].iov_base, iov[i].iov_len);
|
||||
gcry_md_final(c);
|
||||
memcpy(dest, gcry_md_read(c, 0), gcry_md_get_algo_dlen(GCRY_MD_SHA1));
|
||||
}
|
@ -0,0 +1,49 @@
|
||||
/*
|
||||
* rfbcrypto_included.c - Crypto wrapper (included version)
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2011 Gernot Tenchio
|
||||
*
|
||||
* This is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This software is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this software; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
||||
* USA.
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
#include "md5.h"
|
||||
#include "sha1.h"
|
||||
#include "rfbcrypto.h"
|
||||
|
||||
void digestmd5(const struct iovec *iov, int iovcnt, void *dest)
|
||||
{
|
||||
struct md5_ctx c;
|
||||
int i;
|
||||
|
||||
__md5_init_ctx(&c);
|
||||
for (i = 0; i < iovcnt; i++)
|
||||
__md5_process_bytes(iov[i].iov_base, iov[i].iov_len, &c);
|
||||
__md5_finish_ctx(&c, dest);
|
||||
}
|
||||
|
||||
void digestsha1(const struct iovec *iov, int iovcnt, void *dest)
|
||||
{
|
||||
SHA1Context c;
|
||||
int i;
|
||||
|
||||
SHA1Reset(&c);
|
||||
for (i = 0; i < iovcnt; i++)
|
||||
SHA1Input(&c, iov[i].iov_base, iov[i].iov_len);
|
||||
SHA1Result(&c, dest);
|
||||
}
|
@ -0,0 +1,49 @@
|
||||
/*
|
||||
* rfbcrypto_openssl.c - Crypto wrapper (openssl version)
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2011 Gernot Tenchio
|
||||
*
|
||||
* This is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This software is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this software; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
||||
* USA.
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
#include <openssl/sha.h>
|
||||
#include <openssl/md5.h>
|
||||
#include "rfbcrypto.h"
|
||||
|
||||
void digestmd5(const struct iovec *iov, int iovcnt, void *dest)
|
||||
{
|
||||
MD5_CTX c;
|
||||
int i;
|
||||
|
||||
MD5_Init(&c);
|
||||
for (i = 0; i < iovcnt; i++)
|
||||
MD5_Update(&c, iov[i].iov_base, iov[i].iov_len);
|
||||
MD5_Final(dest, &c);
|
||||
}
|
||||
|
||||
void digestsha1(const struct iovec *iov, int iovcnt, void *dest)
|
||||
{
|
||||
SHA_CTX c;
|
||||
int i;
|
||||
|
||||
SHA1_Init(&c);
|
||||
for (i = 0; i < iovcnt; i++)
|
||||
SHA1_Update(&c, iov[i].iov_base, iov[i].iov_len);
|
||||
SHA1_Final(dest, &c);
|
||||
}
|
@ -0,0 +1,26 @@
|
||||
#include <string.h>
|
||||
#include <polarssl/md5.h>
|
||||
#include <polarssl/sha1.h>
|
||||
#include "rfbcrypto.h"
|
||||
|
||||
void digestmd5(const struct iovec *iov, int iovcnt, void *dest)
|
||||
{
|
||||
md5_context c;
|
||||
int i;
|
||||
|
||||
md5_starts(&c);
|
||||
for (i = 0; i < iovcnt; i++)
|
||||
md5_update(&c, iov[i].iov_base, iov[i].iov_len);
|
||||
md5_finish(&c, dest);
|
||||
}
|
||||
|
||||
void digestsha1(const struct iovec *iov, int iovcnt, void *dest)
|
||||
{
|
||||
sha1_context c;
|
||||
int i;
|
||||
|
||||
sha1_starts(&c);
|
||||
for (i = 0; i < iovcnt; i++)
|
||||
sha1_update(&c, iov[i].iov_base, iov[i].iov_len);
|
||||
sha1_finish(&c, dest);
|
||||
}
|
@ -0,0 +1,15 @@
|
||||
#ifndef _VNCSSL_H
|
||||
#define _VNCSSL_H 1
|
||||
|
||||
#include "rfb/rfb.h"
|
||||
#include "rfb/rfbconfig.h"
|
||||
|
||||
int rfbssl_init(rfbClientPtr cl);
|
||||
int rfbssl_pending(rfbClientPtr cl);
|
||||
int rfbssl_peek(rfbClientPtr cl, char *buf, int bufsize);
|
||||
int rfbssl_read(rfbClientPtr cl, char *buf, int bufsize);
|
||||
int rfbssl_write(rfbClientPtr cl, const char *buf, int bufsize);
|
||||
void rfbssl_destroy(rfbClientPtr cl);
|
||||
|
||||
|
||||
#endif /* _VNCSSL_H */
|
@ -0,0 +1,268 @@
|
||||
/*
|
||||
* rfbssl_gnutls.c - Secure socket funtions (gnutls version)
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2011 Gernot Tenchio
|
||||
*
|
||||
* This is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This software is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this software; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
||||
* USA.
|
||||
*/
|
||||
|
||||
#include "rfbssl.h"
|
||||
#include <gnutls/gnutls.h>
|
||||
#include <errno.h>
|
||||
|
||||
struct rfbssl_ctx {
|
||||
char peekbuf[2048];
|
||||
int peeklen;
|
||||
int peekstart;
|
||||
gnutls_session_t session;
|
||||
gnutls_certificate_credentials_t x509_cred;
|
||||
gnutls_dh_params_t dh_params;
|
||||
#ifdef I_LIKE_RSA_PARAMS_THAT_MUCH
|
||||
gnutls_rsa_params_t rsa_params;
|
||||
#endif
|
||||
};
|
||||
|
||||
void rfbssl_log_func(int level, const char *msg)
|
||||
{
|
||||
rfbErr("SSL: %s", msg);
|
||||
}
|
||||
|
||||
static void rfbssl_error(const char *msg, int e)
|
||||
{
|
||||
rfbErr("%s: %s (%ld)\n", msg, gnutls_strerror(e), e);
|
||||
}
|
||||
|
||||
static int rfbssl_init_session(struct rfbssl_ctx *ctx, int fd)
|
||||
{
|
||||
gnutls_session_t session;
|
||||
int ret;
|
||||
|
||||
if (!GNUTLS_E_SUCCESS == (ret = gnutls_init(&session, GNUTLS_SERVER))) {
|
||||
/* */
|
||||
} else if (!GNUTLS_E_SUCCESS == (ret = gnutls_priority_set_direct(session, "EXPORT", NULL))) {
|
||||
/* */
|
||||
} else if (!GNUTLS_E_SUCCESS == (ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, ctx->x509_cred))) {
|
||||
/* */
|
||||
} else {
|
||||
gnutls_session_enable_compatibility_mode(session);
|
||||
gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t)(uintptr_t)fd);
|
||||
ctx->session = session;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int generate_dh_params(struct rfbssl_ctx *ctx)
|
||||
{
|
||||
int ret;
|
||||
if (GNUTLS_E_SUCCESS == (ret = gnutls_dh_params_init(&ctx->dh_params)))
|
||||
ret = gnutls_dh_params_generate2(ctx->dh_params, 1024);
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef I_LIKE_RSA_PARAMS_THAT_MUCH
|
||||
static int generate_rsa_params(struct rfbssl_ctx *ctx)
|
||||
{
|
||||
int ret;
|
||||
if (GNUTLS_E_SUCCESS == (ret = gnutls_rsa_params_init(&ctx->rsa_params)))
|
||||
ret = gnutls_rsa_params_generate2(ctx->rsa_params, 512);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
struct rfbssl_ctx *rfbssl_init_global(char *key, char *cert)
|
||||
{
|
||||
int ret = GNUTLS_E_SUCCESS;
|
||||
struct rfbssl_ctx *ctx = NULL;
|
||||
|
||||
if (NULL == (ctx = malloc(sizeof(struct rfbssl_ctx)))) {
|
||||
ret = GNUTLS_E_MEMORY_ERROR;
|
||||
} else if (!GNUTLS_E_SUCCESS == (ret = gnutls_global_init())) {
|
||||
/* */
|
||||
} else if (!GNUTLS_E_SUCCESS == (ret = gnutls_certificate_allocate_credentials(&ctx->x509_cred))) {
|
||||
/* */
|
||||
} else if ((ret = gnutls_certificate_set_x509_trust_file(ctx->x509_cred, cert, GNUTLS_X509_FMT_PEM)) < 0) {
|
||||
/* */
|
||||
} else if (!GNUTLS_E_SUCCESS == (ret = gnutls_certificate_set_x509_key_file(ctx->x509_cred, cert, key, GNUTLS_X509_FMT_PEM))) {
|
||||
/* */
|
||||
} else if (!GNUTLS_E_SUCCESS == (ret = generate_dh_params(ctx))) {
|
||||
/* */
|
||||
#ifdef I_LIKE_RSA_PARAMS_THAT_MUCH
|
||||
} else if (!GNUTLS_E_SUCCESS == (ret = generate_rsa_params(ctx))) {
|
||||
/* */
|
||||
#endif
|
||||
} else {
|
||||
gnutls_global_set_log_function(rfbssl_log_func);
|
||||
gnutls_global_set_log_level(1);
|
||||
gnutls_certificate_set_dh_params(ctx->x509_cred, ctx->dh_params);
|
||||
return ctx;
|
||||
}
|
||||
|
||||
free(ctx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int rfbssl_init(rfbClientPtr cl)
|
||||
{
|
||||
int ret = -1;
|
||||
struct rfbssl_ctx *ctx;
|
||||
char *keyfile;
|
||||
if (!(keyfile = cl->screen->sslkeyfile))
|
||||
keyfile = cl->screen->sslcertfile;
|
||||
|
||||
if (NULL == (ctx = rfbssl_init_global(keyfile, cl->screen->sslcertfile))) {
|
||||
/* */
|
||||
} else if (GNUTLS_E_SUCCESS != (ret = rfbssl_init_session(ctx, cl->sock))) {
|
||||
/* */
|
||||
} else {
|
||||
while (GNUTLS_E_SUCCESS != (ret = gnutls_handshake(ctx->session))) {
|
||||
if (ret == GNUTLS_E_AGAIN)
|
||||
continue;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (ret != GNUTLS_E_SUCCESS) {
|
||||
rfbssl_error(__func__, ret);
|
||||
} else {
|
||||
cl->sslctx = (rfbSslCtx *)ctx;
|
||||
rfbLog("%s protocol initialized\n", gnutls_protocol_get_name(gnutls_protocol_get_version(ctx->session)));
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int rfbssl_do_read(rfbClientPtr cl, char *buf, int bufsize)
|
||||
{
|
||||
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
|
||||
int ret;
|
||||
|
||||
while ((ret = gnutls_record_recv(ctx->session, buf, bufsize)) < 0) {
|
||||
if (ret == GNUTLS_E_AGAIN) {
|
||||
/* continue */
|
||||
} else if (ret == GNUTLS_E_INTERRUPTED) {
|
||||
/* continue */
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (ret < 0) {
|
||||
rfbssl_error(__func__, ret);
|
||||
errno = EIO;
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
return ret < 0 ? -1 : ret;
|
||||
}
|
||||
|
||||
int rfbssl_write(rfbClientPtr cl, const char *buf, int bufsize)
|
||||
{
|
||||
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
|
||||
int ret;
|
||||
|
||||
while ((ret = gnutls_record_send(ctx->session, buf, bufsize)) < 0) {
|
||||
if (ret == GNUTLS_E_AGAIN) {
|
||||
/* continue */
|
||||
} else if (ret == GNUTLS_E_INTERRUPTED) {
|
||||
/* continue */
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (ret < 0)
|
||||
rfbssl_error(__func__, ret);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void rfbssl_gc_peekbuf(struct rfbssl_ctx *ctx, int bufsize)
|
||||
{
|
||||
if (ctx->peekstart) {
|
||||
int spaceleft = sizeof(ctx->peekbuf) - ctx->peeklen - ctx->peekstart;
|
||||
if (spaceleft < bufsize) {
|
||||
memmove(ctx->peekbuf, ctx->peekbuf + ctx->peekstart, ctx->peeklen);
|
||||
ctx->peekstart = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static int __rfbssl_read(rfbClientPtr cl, char *buf, int bufsize, int peek)
|
||||
{
|
||||
int ret = 0;
|
||||
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
|
||||
|
||||
rfbssl_gc_peekbuf(ctx, bufsize);
|
||||
|
||||
if (ctx->peeklen) {
|
||||
/* If we have any peek data, simply return that. */
|
||||
ret = bufsize < ctx->peeklen ? bufsize : ctx->peeklen;
|
||||
memcpy (buf, ctx->peekbuf + ctx->peekstart, ret);
|
||||
if (!peek) {
|
||||
ctx->peeklen -= ret;
|
||||
if (ctx->peeklen != 0)
|
||||
ctx->peekstart += ret;
|
||||
else
|
||||
ctx->peekstart = 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (ret < bufsize) {
|
||||
int n;
|
||||
/* read the remaining data */
|
||||
if ((n = rfbssl_do_read(cl, buf + ret, bufsize - ret)) <= 0) {
|
||||
rfbErr("rfbssl_%s: %s error\n", __func__, peek ? "peek" : "read");
|
||||
return n;
|
||||
}
|
||||
if (peek) {
|
||||
memcpy(ctx->peekbuf + ctx->peekstart + ctx->peeklen, buf + ret, n);
|
||||
ctx->peeklen += n;
|
||||
}
|
||||
ret += n;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int rfbssl_read(rfbClientPtr cl, char *buf, int bufsize)
|
||||
{
|
||||
return __rfbssl_read(cl, buf, bufsize, 0);
|
||||
}
|
||||
|
||||
int rfbssl_peek(rfbClientPtr cl, char *buf, int bufsize)
|
||||
{
|
||||
return __rfbssl_read(cl, buf, bufsize, 1);
|
||||
}
|
||||
|
||||
int rfbssl_pending(rfbClientPtr cl)
|
||||
{
|
||||
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
|
||||
int ret = ctx->peeklen;
|
||||
|
||||
if (ret <= 0)
|
||||
ret = gnutls_record_check_pending(ctx->session);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
void rfbssl_destroy(rfbClientPtr cl)
|
||||
{
|
||||
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
|
||||
gnutls_bye(ctx->session, GNUTLS_SHUT_WR);
|
||||
gnutls_deinit(ctx->session);
|
||||
gnutls_certificate_free_credentials(ctx->x509_cred);
|
||||
}
|
@ -0,0 +1,58 @@
|
||||
/*
|
||||
* rfbssl_none.c - Secure socket functions (fallback to failing)
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2011 Johannes Schindelin
|
||||
*
|
||||
* This is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This software is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this software; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
||||
* USA.
|
||||
*/
|
||||
|
||||
#include "rfbssl.h"
|
||||
|
||||
struct rfbssl_ctx *rfbssl_init_global(char *key, char *cert)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int rfbssl_init(rfbClientPtr cl)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
int rfbssl_write(rfbClientPtr cl, const char *buf, int bufsize)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
int rfbssl_peek(rfbClientPtr cl, char *buf, int bufsize)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
int rfbssl_read(rfbClientPtr cl, char *buf, int bufsize)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
int rfbssl_pending(rfbClientPtr cl)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
void rfbssl_destroy(rfbClientPtr cl)
|
||||
{
|
||||
}
|
@ -0,0 +1,135 @@
|
||||
/*
|
||||
* rfbssl_openssl.c - Secure socket funtions (openssl version)
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2011 Gernot Tenchio
|
||||
*
|
||||
* This is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This software is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this software; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
||||
* USA.
|
||||
*/
|
||||
|
||||
#include "rfbssl.h"
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
struct rfbssl_ctx {
|
||||
SSL_CTX *ssl_ctx;
|
||||
SSL *ssl;
|
||||
};
|
||||
|
||||
static void rfbssl_error(void)
|
||||
{
|
||||
char buf[1024];
|
||||
unsigned long e = ERR_get_error();
|
||||
rfbErr("%s (%ld)\n", ERR_error_string(e, buf), e);
|
||||
}
|
||||
|
||||
int rfbssl_init(rfbClientPtr cl)
|
||||
{
|
||||
char *keyfile;
|
||||
int r, ret = -1;
|
||||
struct rfbssl_ctx *ctx;
|
||||
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
|
||||
if (cl->screen->sslkeyfile && *cl->screen->sslkeyfile) {
|
||||
keyfile = cl->screen->sslkeyfile;
|
||||
} else {
|
||||
keyfile = cl->screen->sslcertfile;
|
||||
}
|
||||
|
||||
if (NULL == (ctx = malloc(sizeof(struct rfbssl_ctx)))) {
|
||||
rfbErr("OOM\n");
|
||||
} else if (!cl->screen->sslcertfile || !cl->screen->sslcertfile[0]) {
|
||||
rfbErr("SSL connection but no cert specified\n");
|
||||
} else if (NULL == (ctx->ssl_ctx = SSL_CTX_new(TLSv1_server_method()))) {
|
||||
rfbssl_error();
|
||||
} else if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, keyfile, SSL_FILETYPE_PEM) <= 0) {
|
||||
rfbErr("Unable to load private key file %s\n", keyfile);
|
||||
} else if (SSL_CTX_use_certificate_file(ctx->ssl_ctx, cl->screen->sslcertfile, SSL_FILETYPE_PEM) <= 0) {
|
||||
rfbErr("Unable to load certificate file %s\n", cl->screen->sslcertfile);
|
||||
} else if (NULL == (ctx->ssl = SSL_new(ctx->ssl_ctx))) {
|
||||
rfbErr("SSL_new failed\n");
|
||||
rfbssl_error();
|
||||
} else if (!(SSL_set_fd(ctx->ssl, cl->sock))) {
|
||||
rfbErr("SSL_set_fd failed\n");
|
||||
rfbssl_error();
|
||||
} else {
|
||||
while ((r = SSL_accept(ctx->ssl)) < 0) {
|
||||
if (SSL_get_error(ctx->ssl, r) != SSL_ERROR_WANT_READ)
|
||||
break;
|
||||
}
|
||||
if (r < 0) {
|
||||
rfbErr("SSL_accept failed %d\n", SSL_get_error(ctx->ssl, r));
|
||||
} else {
|
||||
cl->sslctx = (rfbSslCtx *)ctx;
|
||||
ret = 0;
|
||||
}
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
int rfbssl_write(rfbClientPtr cl, const char *buf, int bufsize)
|
||||
{
|
||||
int ret;
|
||||
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
|
||||
|
||||
while ((ret = SSL_write(ctx->ssl, buf, bufsize)) <= 0) {
|
||||
if (SSL_get_error(ctx->ssl, ret) != SSL_ERROR_WANT_WRITE)
|
||||
break;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
int rfbssl_peek(rfbClientPtr cl, char *buf, int bufsize)
|
||||
{
|
||||
int ret;
|
||||
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
|
||||
|
||||
while ((ret = SSL_peek(ctx->ssl, buf, bufsize)) <= 0) {
|
||||
if (SSL_get_error(ctx->ssl, ret) != SSL_ERROR_WANT_READ)
|
||||
break;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
int rfbssl_read(rfbClientPtr cl, char *buf, int bufsize)
|
||||
{
|
||||
int ret;
|
||||
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
|
||||
|
||||
while ((ret = SSL_read(ctx->ssl, buf, bufsize)) <= 0) {
|
||||
if (SSL_get_error(ctx->ssl, ret) != SSL_ERROR_WANT_READ)
|
||||
break;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
int rfbssl_pending(rfbClientPtr cl)
|
||||
{
|
||||
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
|
||||
return SSL_pending(ctx->ssl);
|
||||
}
|
||||
|
||||
void rfbssl_destroy(rfbClientPtr cl)
|
||||
{
|
||||
struct rfbssl_ctx *ctx = (struct rfbssl_ctx *)cl->sslctx;
|
||||
if (ctx->ssl)
|
||||
SSL_free(ctx->ssl);
|
||||
if (ctx->ssl_ctx)
|
||||
SSL_CTX_free(ctx->ssl_ctx);
|
||||
}
|
@ -0,0 +1,880 @@
|
||||
/*
|
||||
* websockets.c - deal with WebSockets clients.
|
||||
*
|
||||
* This code should be independent of any changes in the RFB protocol. It is
|
||||
* an additional handshake and framing of normal sockets:
|
||||
* http://www.whatwg.org/specs/web-socket-protocol/
|
||||
*
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2010 Joel Martin
|
||||
*
|
||||
* This is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This software is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this software; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
||||
* USA.
|
||||
*/
|
||||
|
||||
#include <rfb/rfb.h>
|
||||
#include <resolv.h> /* __b64_ntop */
|
||||
/* errno */
|
||||
#include <errno.h>
|
||||
|
||||
#include <byteswap.h>
|
||||
#include <string.h>
|
||||
#include "rfbconfig.h"
|
||||
#include "rfbssl.h"
|
||||
#include "rfbcrypto.h"
|
||||
|
||||
#if defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && __BYTE_ORDER == __BIG_ENDIAN
|
||||
#define WS_NTOH64(n) (n)
|
||||
#define WS_NTOH32(n) (n)
|
||||
#define WS_NTOH16(n) (n)
|
||||
#define WS_HTON64(n) (n)
|
||||
#define WS_HTON16(n) (n)
|
||||
#else
|
||||
#define WS_NTOH64(n) bswap_64(n)
|
||||
#define WS_NTOH32(n) bswap_32(n)
|
||||
#define WS_NTOH16(n) bswap_16(n)
|
||||
#define WS_HTON64(n) bswap_64(n)
|
||||
#define WS_HTON16(n) bswap_16(n)
|
||||
#endif
|
||||
|
||||
#define B64LEN(__x) (((__x + 2) / 3) * 12 / 3)
|
||||
#define WSHLENMAX 14 /* 2 + sizeof(uint64_t) + sizeof(uint32_t) */
|
||||
|
||||
enum {
|
||||
WEBSOCKETS_VERSION_HIXIE,
|
||||
WEBSOCKETS_VERSION_HYBI
|
||||
};
|
||||
|
||||
#if 0
|
||||
#include <sys/syscall.h>
|
||||
static int gettid() {
|
||||
return (int)syscall(SYS_gettid);
|
||||
}
|
||||
#endif
|
||||
|
||||
typedef int (*wsEncodeFunc)(rfbClientPtr cl, const char *src, int len, char **dst);
|
||||
typedef int (*wsDecodeFunc)(rfbClientPtr cl, char *dst, int len);
|
||||
|
||||
typedef struct ws_ctx_s {
|
||||
char codeBuf[B64LEN(UPDATE_BUF_SIZE) + WSHLENMAX]; /* base64 + maximum frame header length */
|
||||
char readbuf[8192];
|
||||
int readbufstart;
|
||||
int readbuflen;
|
||||
int dblen;
|
||||
char carryBuf[3]; /* For base64 carry-over */
|
||||
int carrylen;
|
||||
int version;
|
||||
int base64;
|
||||
wsEncodeFunc encode;
|
||||
wsDecodeFunc decode;
|
||||
} ws_ctx_t;
|
||||
|
||||
typedef union ws_mask_s {
|
||||
char c[4];
|
||||
uint32_t u;
|
||||
} ws_mask_t;
|
||||
|
||||
typedef struct __attribute__ ((__packed__)) ws_header_s {
|
||||
unsigned char b0;
|
||||
unsigned char b1;
|
||||
union {
|
||||
struct __attribute__ ((__packed__)) {
|
||||
uint16_t l16;
|
||||
ws_mask_t m16;
|
||||
};
|
||||
struct __attribute__ ((__packed__)) {
|
||||
uint64_t l64;
|
||||
ws_mask_t m64;
|
||||
};
|
||||
ws_mask_t m;
|
||||
};
|
||||
} ws_header_t;
|
||||
|
||||
enum
|
||||
{
|
||||
WS_OPCODE_CONTINUATION = 0x0,
|
||||
WS_OPCODE_TEXT_FRAME,
|
||||
WS_OPCODE_BINARY_FRAME,
|
||||
WS_OPCODE_CLOSE = 0x8,
|
||||
WS_OPCODE_PING,
|
||||
WS_OPCODE_PONG
|
||||
};
|
||||
|
||||
#define FLASH_POLICY_RESPONSE "<cross-domain-policy><allow-access-from domain=\"*\" to-ports=\"*\" /></cross-domain-policy>\n"
|
||||
#define SZ_FLASH_POLICY_RESPONSE 93
|
||||
|
||||
/*
|
||||
* draft-ietf-hybi-thewebsocketprotocol-10
|
||||
* 5.2.2. Sending the Server's Opening Handshake
|
||||
*/
|
||||
#define GUID "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"
|
||||
|
||||
#define SERVER_HANDSHAKE_HIXIE "HTTP/1.1 101 Web Socket Protocol Handshake\r\n\
|
||||
Upgrade: WebSocket\r\n\
|
||||
Connection: Upgrade\r\n\
|
||||
%sWebSocket-Origin: %s\r\n\
|
||||
%sWebSocket-Location: %s://%s%s\r\n\
|
||||
%sWebSocket-Protocol: %s\r\n\
|
||||
\r\n%s"
|
||||
|
||||
#define SERVER_HANDSHAKE_HYBI "HTTP/1.1 101 Switching Protocols\r\n\
|
||||
Upgrade: websocket\r\n\
|
||||
Connection: Upgrade\r\n\
|
||||
Sec-WebSocket-Accept: %s\r\n\
|
||||
Sec-WebSocket-Protocol: %s\r\n\
|
||||
\r\n"
|
||||
|
||||
|
||||
#define WEBSOCKETS_CLIENT_CONNECT_WAIT_MS 100
|
||||
#define WEBSOCKETS_CLIENT_SEND_WAIT_MS 100
|
||||
#define WEBSOCKETS_MAX_HANDSHAKE_LEN 4096
|
||||
|
||||
#if defined(__linux__) && defined(NEED_TIMEVAL)
|
||||
struct timeval
|
||||
{
|
||||
long int tv_sec,tv_usec;
|
||||
}
|
||||
;
|
||||
#endif
|
||||
|
||||
static rfbBool webSocketsHandshake(rfbClientPtr cl, char *scheme);
|
||||
void webSocketsGenMd5(char * target, char *key1, char *key2, char *key3);
|
||||
|
||||
static int webSocketsEncodeHybi(rfbClientPtr cl, const char *src, int len, char **dst);
|
||||
static int webSocketsEncodeHixie(rfbClientPtr cl, const char *src, int len, char **dst);
|
||||
static int webSocketsDecodeHybi(rfbClientPtr cl, char *dst, int len);
|
||||
static int webSocketsDecodeHixie(rfbClientPtr cl, char *dst, int len);
|
||||
|
||||
static int
|
||||
min (int a, int b) {
|
||||
return a < b ? a : b;
|
||||
}
|
||||
|
||||
static void webSocketsGenSha1Key(char *target, int size, char *key)
|
||||
{
|
||||
struct iovec iov[2];
|
||||
unsigned char hash[20];
|
||||
|
||||
iov[0].iov_base = key;
|
||||
iov[0].iov_len = strlen(key);
|
||||
iov[1].iov_base = GUID;
|
||||
iov[1].iov_len = sizeof(GUID) - 1;
|
||||
digestsha1(iov, 2, hash);
|
||||
if (-1 == __b64_ntop(hash, sizeof(hash), target, size))
|
||||
rfbErr("b64_ntop failed\n");
|
||||
}
|
||||
|
||||
/*
|
||||
* rfbWebSocketsHandshake is called to handle new WebSockets connections
|
||||
*/
|
||||
|
||||
rfbBool
|
||||
webSocketsCheck (rfbClientPtr cl)
|
||||
{
|
||||
char bbuf[4], *scheme;
|
||||
int ret;
|
||||
|
||||
ret = rfbPeekExactTimeout(cl, bbuf, 4,
|
||||
WEBSOCKETS_CLIENT_CONNECT_WAIT_MS);
|
||||
if ((ret < 0) && (errno == ETIMEDOUT)) {
|
||||
rfbLog("Normal socket connection\n");
|
||||
return TRUE;
|
||||
} else if (ret <= 0) {
|
||||
rfbErr("webSocketsHandshake: unknown connection error\n");
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (strncmp(bbuf, "<", 1) == 0) {
|
||||
rfbLog("Got Flash policy request, sending response\n");
|
||||
if (rfbWriteExact(cl, FLASH_POLICY_RESPONSE,
|
||||
SZ_FLASH_POLICY_RESPONSE) < 0) {
|
||||
rfbErr("webSocketsHandshake: failed sending Flash policy response");
|
||||
}
|
||||
return FALSE;
|
||||
} else if (strncmp(bbuf, "\x16", 1) == 0 || strncmp(bbuf, "\x80", 1) == 0) {
|
||||
rfbLog("Got TLS/SSL WebSockets connection\n");
|
||||
if (-1 == rfbssl_init(cl)) {
|
||||
rfbErr("webSocketsHandshake: rfbssl_init failed\n");
|
||||
return FALSE;
|
||||
}
|
||||
ret = rfbPeekExactTimeout(cl, bbuf, 4, WEBSOCKETS_CLIENT_CONNECT_WAIT_MS);
|
||||
scheme = "wss";
|
||||
} else {
|
||||
scheme = "ws";
|
||||
}
|
||||
|
||||
if (strncmp(bbuf, "GET ", 4) != 0) {
|
||||
rfbErr("webSocketsHandshake: invalid client header\n");
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
rfbLog("Got '%s' WebSockets handshake\n", scheme);
|
||||
|
||||
if (!webSocketsHandshake(cl, scheme)) {
|
||||
return FALSE;
|
||||
}
|
||||
/* Start WebSockets framing */
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
static rfbBool
|
||||
webSocketsHandshake(rfbClientPtr cl, char *scheme)
|
||||
{
|
||||
char *buf, *response, *line;
|
||||
int n, linestart = 0, len = 0, llen, base64 = TRUE;
|
||||
char prefix[5], trailer[17];
|
||||
char *path = NULL, *host = NULL, *origin = NULL, *protocol = NULL;
|
||||
char *key1 = NULL, *key2 = NULL, *key3 = NULL;
|
||||
char *sec_ws_origin = NULL;
|
||||
char *sec_ws_key = NULL;
|
||||
char sec_ws_version = 0;
|
||||
ws_ctx_t *wsctx = NULL;
|
||||
|
||||
buf = (char *) malloc(WEBSOCKETS_MAX_HANDSHAKE_LEN);
|
||||
if (!buf) {
|
||||
rfbLogPerror("webSocketsHandshake: malloc");
|
||||
return FALSE;
|
||||
}
|
||||
response = (char *) malloc(WEBSOCKETS_MAX_HANDSHAKE_LEN);
|
||||
if (!response) {
|
||||
free(buf);
|
||||
rfbLogPerror("webSocketsHandshake: malloc");
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
while (len < WEBSOCKETS_MAX_HANDSHAKE_LEN-1) {
|
||||
if ((n = rfbReadExactTimeout(cl, buf+len, 1,
|
||||
WEBSOCKETS_CLIENT_SEND_WAIT_MS)) <= 0) {
|
||||
if ((n < 0) && (errno == ETIMEDOUT)) {
|
||||
break;
|
||||
}
|
||||
if (n == 0)
|
||||
rfbLog("webSocketsHandshake: client gone\n");
|
||||
else
|
||||
rfbLogPerror("webSocketsHandshake: read");
|
||||
free(response);
|
||||
free(buf);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
len += 1;
|
||||
llen = len - linestart;
|
||||
if (((llen >= 2)) && (buf[len-1] == '\n')) {
|
||||
line = buf+linestart;
|
||||
if ((llen == 2) && (strncmp("\r\n", line, 2) == 0)) {
|
||||
if (key1 && key2) {
|
||||
if ((n = rfbReadExact(cl, buf+len, 8)) <= 0) {
|
||||
if ((n < 0) && (errno == ETIMEDOUT)) {
|
||||
break;
|
||||
}
|
||||
if (n == 0)
|
||||
rfbLog("webSocketsHandshake: client gone\n");
|
||||
else
|
||||
rfbLogPerror("webSocketsHandshake: read");
|
||||
free(response);
|
||||
free(buf);
|
||||
return FALSE;
|
||||
}
|
||||
rfbLog("Got key3\n");
|
||||
key3 = buf+len;
|
||||
len += 8;
|
||||
} else {
|
||||
buf[len] = '\0';
|
||||
}
|
||||
break;
|
||||
} else if ((llen >= 16) && ((strncmp("GET ", line, min(llen,4))) == 0)) {
|
||||
/* 16 = 4 ("GET ") + 1 ("/.*") + 11 (" HTTP/1.1\r\n") */
|
||||
path = line+4;
|
||||
buf[len-11] = '\0'; /* Trim trailing " HTTP/1.1\r\n" */
|
||||
cl->wspath = strdup(path);
|
||||
/* rfbLog("Got path: %s\n", path); */
|
||||
} else if ((strncasecmp("host: ", line, min(llen,6))) == 0) {
|
||||
host = line+6;
|
||||
buf[len-2] = '\0';
|
||||
/* rfbLog("Got host: %s\n", host); */
|
||||
} else if ((strncasecmp("origin: ", line, min(llen,8))) == 0) {
|
||||
origin = line+8;
|
||||
buf[len-2] = '\0';
|
||||
/* rfbLog("Got origin: %s\n", origin); */
|
||||
} else if ((strncasecmp("sec-websocket-key1: ", line, min(llen,20))) == 0) {
|
||||
key1 = line+20;
|
||||
buf[len-2] = '\0';
|
||||
/* rfbLog("Got key1: %s\n", key1); */
|
||||
} else if ((strncasecmp("sec-websocket-key2: ", line, min(llen,20))) == 0) {
|
||||
key2 = line+20;
|
||||
buf[len-2] = '\0';
|
||||
/* rfbLog("Got key2: %s\n", key2); */
|
||||
/* HyBI */
|
||||
|
||||
} else if ((strncasecmp("sec-websocket-protocol: ", line, min(llen,24))) == 0) {
|
||||
protocol = line+24;
|
||||
buf[len-2] = '\0';
|
||||
rfbLog("Got protocol: %s\n", protocol);
|
||||
} else if ((strncasecmp("sec-websocket-origin: ", line, min(llen,22))) == 0) {
|
||||
sec_ws_origin = line+22;
|
||||
buf[len-2] = '\0';
|
||||
} else if ((strncasecmp("sec-websocket-key: ", line, min(llen,19))) == 0) {
|
||||
sec_ws_key = line+19;
|
||||
buf[len-2] = '\0';
|
||||
} else if ((strncasecmp("sec-websocket-version: ", line, min(llen,23))) == 0) {
|
||||
sec_ws_version = strtol(line+23, NULL, 10);
|
||||
buf[len-2] = '\0';
|
||||
}
|
||||
|
||||
linestart = len;
|
||||
}
|
||||
}
|
||||
|
||||
if (!(path && host && (origin || sec_ws_origin))) {
|
||||
rfbErr("webSocketsHandshake: incomplete client handshake\n");
|
||||
free(response);
|
||||
free(buf);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if ((protocol) && (strstr(protocol, "binary"))) {
|
||||
if (! sec_ws_version) {
|
||||
rfbErr("webSocketsHandshake: 'binary' protocol not supported with Hixie\n");
|
||||
free(response);
|
||||
free(buf);
|
||||
return FALSE;
|
||||
}
|
||||
rfbLog(" - webSocketsHandshake: using binary/raw encoding\n");
|
||||
base64 = FALSE;
|
||||
protocol = "binary";
|
||||
} else {
|
||||
rfbLog(" - webSocketsHandshake: using base64 encoding\n");
|
||||
base64 = TRUE;
|
||||
if ((protocol) && (strstr(protocol, "base64"))) {
|
||||
protocol = "base64";
|
||||
} else {
|
||||
protocol = "";
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Generate the WebSockets server response based on the the headers sent
|
||||
* by the client.
|
||||
*/
|
||||
|
||||
if (sec_ws_version) {
|
||||
char accept[B64LEN(SHA1_HASH_SIZE) + 1];
|
||||
rfbLog(" - WebSockets client version hybi-%02d\n", sec_ws_version);
|
||||
webSocketsGenSha1Key(accept, sizeof(accept), sec_ws_key);
|
||||
len = snprintf(response, WEBSOCKETS_MAX_HANDSHAKE_LEN,
|
||||
SERVER_HANDSHAKE_HYBI, accept, protocol);
|
||||
} else {
|
||||
/* older hixie handshake, this could be removed if
|
||||
* a final standard is established */
|
||||
if (!(key1 && key2 && key3)) {
|
||||
rfbLog(" - WebSockets client version hixie-75\n");
|
||||
prefix[0] = '\0';
|
||||
trailer[0] = '\0';
|
||||
} else {
|
||||
rfbLog(" - WebSockets client version hixie-76\n");
|
||||
snprintf(prefix, 5, "Sec-");
|
||||
webSocketsGenMd5(trailer, key1, key2, key3);
|
||||
}
|
||||
len = snprintf(response, WEBSOCKETS_MAX_HANDSHAKE_LEN,
|
||||
SERVER_HANDSHAKE_HIXIE, prefix, origin, prefix, scheme,
|
||||
host, path, prefix, protocol, trailer);
|
||||
}
|
||||
|
||||
if (rfbWriteExact(cl, response, len) < 0) {
|
||||
rfbErr("webSocketsHandshake: failed sending WebSockets response\n");
|
||||
free(response);
|
||||
free(buf);
|
||||
return FALSE;
|
||||
}
|
||||
/* rfbLog("webSocketsHandshake: %s\n", response); */
|
||||
free(response);
|
||||
free(buf);
|
||||
|
||||
|
||||
wsctx = calloc(1, sizeof(ws_ctx_t));
|
||||
if (sec_ws_version) {
|
||||
wsctx->version = WEBSOCKETS_VERSION_HYBI;
|
||||
wsctx->encode = webSocketsEncodeHybi;
|
||||
wsctx->decode = webSocketsDecodeHybi;
|
||||
} else {
|
||||
wsctx->version = WEBSOCKETS_VERSION_HIXIE;
|
||||
wsctx->encode = webSocketsEncodeHixie;
|
||||
wsctx->decode = webSocketsDecodeHixie;
|
||||
}
|
||||
wsctx->base64 = base64;
|
||||
cl->wsctx = (wsCtx *)wsctx;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
void
|
||||
webSocketsGenMd5(char * target, char *key1, char *key2, char *key3)
|
||||
{
|
||||
unsigned int i, spaces1 = 0, spaces2 = 0;
|
||||
unsigned long num1 = 0, num2 = 0;
|
||||
unsigned char buf[17];
|
||||
struct iovec iov[1];
|
||||
|
||||
for (i=0; i < strlen(key1); i++) {
|
||||
if (key1[i] == ' ') {
|
||||
spaces1 += 1;
|
||||
}
|
||||
if ((key1[i] >= 48) && (key1[i] <= 57)) {
|
||||
num1 = num1 * 10 + (key1[i] - 48);
|
||||
}
|
||||
}
|
||||
num1 = num1 / spaces1;
|
||||
|
||||
for (i=0; i < strlen(key2); i++) {
|
||||
if (key2[i] == ' ') {
|
||||
spaces2 += 1;
|
||||
}
|
||||
if ((key2[i] >= 48) && (key2[i] <= 57)) {
|
||||
num2 = num2 * 10 + (key2[i] - 48);
|
||||
}
|
||||
}
|
||||
num2 = num2 / spaces2;
|
||||
|
||||
/* Pack it big-endian */
|
||||
buf[0] = (num1 & 0xff000000) >> 24;
|
||||
buf[1] = (num1 & 0xff0000) >> 16;
|
||||
buf[2] = (num1 & 0xff00) >> 8;
|
||||
buf[3] = num1 & 0xff;
|
||||
|
||||
buf[4] = (num2 & 0xff000000) >> 24;
|
||||
buf[5] = (num2 & 0xff0000) >> 16;
|
||||
buf[6] = (num2 & 0xff00) >> 8;
|
||||
buf[7] = num2 & 0xff;
|
||||
|
||||
strncpy((char *)buf+8, key3, 8);
|
||||
buf[16] = '\0';
|
||||
|
||||
iov[0].iov_base = buf;
|
||||
iov[0].iov_len = 16;
|
||||
digestmd5(iov, 1, target);
|
||||
target[16] = '\0';
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
static int
|
||||
webSocketsEncodeHixie(rfbClientPtr cl, const char *src, int len, char **dst)
|
||||
{
|
||||
int sz = 0;
|
||||
ws_ctx_t *wsctx = (ws_ctx_t *)cl->wsctx;
|
||||
|
||||
wsctx->codeBuf[sz++] = '\x00';
|
||||
len = __b64_ntop((unsigned char *)src, len, wsctx->codeBuf+sz, sizeof(wsctx->codeBuf) - (sz + 1));
|
||||
if (len < 0) {
|
||||
return len;
|
||||
}
|
||||
sz += len;
|
||||
|
||||
wsctx->codeBuf[sz++] = '\xff';
|
||||
*dst = wsctx->codeBuf;
|
||||
return sz;
|
||||
}
|
||||
|
||||
static int
|
||||
ws_read(rfbClientPtr cl, char *buf, int len)
|
||||
{
|
||||
int n;
|
||||
if (cl->sslctx) {
|
||||
n = rfbssl_read(cl, buf, len);
|
||||
} else {
|
||||
n = read(cl->sock, buf, len);
|
||||
}
|
||||
return n;
|
||||
}
|
||||
|
||||
static int
|
||||
ws_peek(rfbClientPtr cl, char *buf, int len)
|
||||
{
|
||||
int n;
|
||||
if (cl->sslctx) {
|
||||
n = rfbssl_peek(cl, buf, len);
|
||||
} else {
|
||||
while (-1 == (n = recv(cl->sock, buf, len, MSG_PEEK))) {
|
||||
if (errno != EAGAIN)
|
||||
break;
|
||||
}
|
||||
}
|
||||
return n;
|
||||
}
|
||||
|
||||
static int
|
||||
webSocketsDecodeHixie(rfbClientPtr cl, char *dst, int len)
|
||||
{
|
||||
int retlen = 0, n, i, avail, modlen, needlen;
|
||||
char *buf, *end = NULL;
|
||||
ws_ctx_t *wsctx = (ws_ctx_t *)cl->wsctx;
|
||||
|
||||
buf = wsctx->codeBuf;
|
||||
|
||||
n = ws_peek(cl, buf, len*2+2);
|
||||
|
||||
if (n <= 0) {
|
||||
rfbErr("%s: peek (%d) %m\n", __func__, errno);
|
||||
return n;
|
||||
}
|
||||
|
||||
|
||||
/* Base64 encoded WebSockets stream */
|
||||
|
||||
if (buf[0] == '\xff') {
|
||||
i = ws_read(cl, buf, 1); /* Consume marker */
|
||||
buf++;
|
||||
n--;
|
||||
}
|
||||
if (n == 0) {
|
||||
errno = EAGAIN;
|
||||
return -1;
|
||||
}
|
||||
if (buf[0] == '\x00') {
|
||||
i = ws_read(cl, buf, 1); /* Consume marker */
|
||||
buf++;
|
||||
n--;
|
||||
}
|
||||
if (n == 0) {
|
||||
errno = EAGAIN;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* end = memchr(buf, '\xff', len*2+2); */
|
||||
end = memchr(buf, '\xff', n);
|
||||
if (!end) {
|
||||
end = buf + n;
|
||||
}
|
||||
avail = end - buf;
|
||||
|
||||
len -= wsctx->carrylen;
|
||||
|
||||
/* Determine how much base64 data we need */
|
||||
modlen = len + (len+2)/3;
|
||||
needlen = modlen;
|
||||
if (needlen % 4) {
|
||||
needlen += 4 - (needlen % 4);
|
||||
}
|
||||
|
||||
if (needlen > avail) {
|
||||
/* rfbLog("Waiting for more base64 data\n"); */
|
||||
errno = EAGAIN;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Any carryover from previous decode */
|
||||
for (i=0; i < wsctx->carrylen; i++) {
|
||||
/* rfbLog("Adding carryover %d\n", wsctx->carryBuf[i]); */
|
||||
dst[i] = wsctx->carryBuf[i];
|
||||
retlen += 1;
|
||||
}
|
||||
|
||||
/* Decode the rest of what we need */
|
||||
buf[needlen] = '\x00'; /* Replace end marker with end of string */
|
||||
/* rfbLog("buf: %s\n", buf); */
|
||||
n = __b64_pton(buf, (unsigned char *)dst+retlen, 2+len);
|
||||
if (n < len) {
|
||||
rfbErr("Base64 decode error\n");
|
||||
errno = EIO;
|
||||
return -1;
|
||||
}
|
||||
retlen += n;
|
||||
|
||||
/* Consume the data from socket */
|
||||
i = ws_read(cl, buf, needlen);
|
||||
|
||||
wsctx->carrylen = n - len;
|
||||
retlen -= wsctx->carrylen;
|
||||
for (i=0; i < wsctx->carrylen; i++) {
|
||||
/* rfbLog("Saving carryover %d\n", dst[retlen + i]); */
|
||||
wsctx->carryBuf[i] = dst[retlen + i];
|
||||
}
|
||||
|
||||
/* rfbLog("<< webSocketsDecode, retlen: %d\n", retlen); */
|
||||
return retlen;
|
||||
}
|
||||
|
||||
static int
|
||||
webSocketsDecodeHybi(rfbClientPtr cl, char *dst, int len)
|
||||
{
|
||||
char *buf, *payload;
|
||||
uint32_t *payload32;
|
||||
int ret = -1, result = -1;
|
||||
int total = 0;
|
||||
ws_mask_t mask;
|
||||
ws_header_t *header;
|
||||
int i;
|
||||
unsigned char opcode;
|
||||
ws_ctx_t *wsctx = (ws_ctx_t *)cl->wsctx;
|
||||
int flength, fin, fhlen;
|
||||
|
||||
// rfbLog(" <== %s[%d]: %d cl: %p, wsctx: %p-%p (%d)\n", __func__, gettid(), len, cl, wsctx, (char *)wsctx + sizeof(ws_ctx_t), sizeof(ws_ctx_t));
|
||||
|
||||
if (wsctx->readbuflen) {
|
||||
/* simply return what we have */
|
||||
if (wsctx->readbuflen > len) {
|
||||
memcpy(dst, wsctx->readbuf + wsctx->readbufstart, len);
|
||||
result = len;
|
||||
wsctx->readbuflen -= len;
|
||||
wsctx->readbufstart += len;
|
||||
} else {
|
||||
memcpy(dst, wsctx->readbuf + wsctx->readbufstart, wsctx->readbuflen);
|
||||
result = wsctx->readbuflen;
|
||||
wsctx->readbuflen = 0;
|
||||
wsctx->readbufstart = 0;
|
||||
}
|
||||
goto spor;
|
||||
}
|
||||
|
||||
buf = wsctx->codeBuf;
|
||||
header = (ws_header_t *)wsctx->codeBuf;
|
||||
|
||||
if (-1 == (ret = ws_peek(cl, buf, B64LEN(len) + WSHLENMAX))) {
|
||||
rfbErr("%s: peek; %m\n", __func__);
|
||||
goto spor;
|
||||
}
|
||||
|
||||
if (ret < 2) {
|
||||
rfbErr("%s: peek; got %d bytes\n", __func__, ret);
|
||||
goto spor; /* Incomplete frame header */
|
||||
}
|
||||
|
||||
opcode = header->b0 & 0x0f;
|
||||
fin = (header->b0 & 0x80) >> 7;
|
||||
flength = header->b1 & 0x7f;
|
||||
|
||||
/*
|
||||
* 4.3. Client-to-Server Masking
|
||||
*
|
||||
* The client MUST mask all frames sent to the server. A server MUST
|
||||
* close the connection upon receiving a frame with the MASK bit set to 0.
|
||||
**/
|
||||
if (!(header->b1 & 0x80)) {
|
||||
rfbErr("%s: got frame without mask\n", __func__, ret);
|
||||
errno = EIO;
|
||||
goto spor;
|
||||
}
|
||||
|
||||
if (flength < 126) {
|
||||
fhlen = 2;
|
||||
mask = header->m;
|
||||
} else if (flength == 126 && 4 <= ret) {
|
||||
flength = WS_NTOH16(header->l16);
|
||||
fhlen = 4;
|
||||
mask = header->m16;
|
||||
} else if (flength == 127 && 10 <= ret) {
|
||||
flength = WS_NTOH64(header->l64);
|
||||
fhlen = 10;
|
||||
mask = header->m64;
|
||||
} else {
|
||||
/* Incomplete frame header */
|
||||
rfbErr("%s: incomplete frame header\n", __func__, ret);
|
||||
errno = EIO;
|
||||
goto spor;
|
||||
}
|
||||
|
||||
/* absolute length of frame */
|
||||
total = fhlen + flength + 4;
|
||||
payload = buf + fhlen + 4; /* header length + mask */
|
||||
|
||||
if (-1 == (ret = ws_read(cl, buf, total))) {
|
||||
rfbErr("%s: read; %m", __func__);
|
||||
return ret;
|
||||
} else if (ret < total) {
|
||||
/* GT TODO: hmm? */
|
||||
rfbLog("%s: read; got partial data\n", __func__);
|
||||
} else {
|
||||
buf[ret] = '\0';
|
||||
}
|
||||
|
||||
/* process 1 frame (32 bit op) */
|
||||
payload32 = (uint32_t *)payload;
|
||||
for (i = 0; i < flength / 4; i++) {
|
||||
payload32[i] ^= mask.u;
|
||||
}
|
||||
/* process the remaining bytes (if any) */
|
||||
for (i*=4; i < flength; i++) {
|
||||
payload[i] ^= mask.c[i % 4];
|
||||
}
|
||||
|
||||
switch (opcode) {
|
||||
case WS_OPCODE_CLOSE:
|
||||
rfbLog("got closure, reason %d\n", WS_NTOH16(((uint16_t *)payload)[0]));
|
||||
errno = ECONNRESET;
|
||||
break;
|
||||
case WS_OPCODE_TEXT_FRAME:
|
||||
if (-1 == (flength = __b64_pton(payload, (unsigned char *)wsctx->codeBuf, sizeof(wsctx->codeBuf)))) {
|
||||
rfbErr("%s: Base64 decode error; %m\n", __func__);
|
||||
break;
|
||||
}
|
||||
payload = wsctx->codeBuf;
|
||||
/* fall through */
|
||||
case WS_OPCODE_BINARY_FRAME:
|
||||
if (flength > len) {
|
||||
memcpy(wsctx->readbuf, payload + len, flength - len);
|
||||
wsctx->readbufstart = 0;
|
||||
wsctx->readbuflen = flength - len;
|
||||
flength = len;
|
||||
}
|
||||
memcpy(dst, payload, flength);
|
||||
result = flength;
|
||||
break;
|
||||
default:
|
||||
rfbErr("%s: unhandled opcode %d, b0: %02x, b1: %02x\n", __func__, (int)opcode, header->b0, header->b1);
|
||||
}
|
||||
|
||||
/* single point of return, if someone has questions :-) */
|
||||
spor:
|
||||
/* rfbLog("%s: ret: %d/%d\n", __func__, result, len); */
|
||||
return result;
|
||||
}
|
||||
|
||||
static int
|
||||
webSocketsEncodeHybi(rfbClientPtr cl, const char *src, int len, char **dst)
|
||||
{
|
||||
int blen, ret = -1, sz = 0;
|
||||
unsigned char opcode = '\0'; /* TODO: option! */
|
||||
ws_header_t *header;
|
||||
ws_ctx_t *wsctx = (ws_ctx_t *)cl->wsctx;
|
||||
|
||||
|
||||
/* Optional opcode:
|
||||
* 0x0 - continuation
|
||||
* 0x1 - text frame (base64 encode buf)
|
||||
* 0x2 - binary frame (use raw buf)
|
||||
* 0x8 - connection close
|
||||
* 0x9 - ping
|
||||
* 0xA - pong
|
||||
**/
|
||||
if (!len) {
|
||||
rfbLog("%s: nothing to encode\n", __func__);
|
||||
return 0;
|
||||
}
|
||||
|
||||
header = (ws_header_t *)wsctx->codeBuf;
|
||||
|
||||
if (wsctx->base64) {
|
||||
opcode = WS_OPCODE_TEXT_FRAME;
|
||||
/* calculate the resulting size */
|
||||
blen = B64LEN(len);
|
||||
} else {
|
||||
blen = len;
|
||||
}
|
||||
|
||||
header->b0 = 0x80 | (opcode & 0x0f);
|
||||
if (blen <= 125) {
|
||||
header->b1 = (uint8_t)blen;
|
||||
sz = 2;
|
||||
} else if (blen <= 65536) {
|
||||
header->b1 = 0x7e;
|
||||
header->l16 = WS_HTON16((uint16_t)blen);
|
||||
sz = 4;
|
||||
} else {
|
||||
header->b1 = 0x7f;
|
||||
header->l64 = WS_HTON64(blen);
|
||||
sz = 10;
|
||||
}
|
||||
|
||||
if (wsctx->base64) {
|
||||
if (-1 == (ret = __b64_ntop((unsigned char *)src, len, wsctx->codeBuf + sz, sizeof(wsctx->codeBuf) - sz))) {
|
||||
rfbErr("%s: Base 64 encode failed\n", __func__);
|
||||
} else {
|
||||
if (ret != blen)
|
||||
rfbErr("%s: Base 64 encode; something weird happened\n", __func__);
|
||||
ret += sz;
|
||||
}
|
||||
} else {
|
||||
memcpy(wsctx->codeBuf + sz, src, len);
|
||||
ret = sz + len;
|
||||
}
|
||||
|
||||
*dst = wsctx->codeBuf;
|
||||
return ret;
|
||||
}
|
||||
|
||||
int
|
||||
webSocketsEncode(rfbClientPtr cl, const char *src, int len, char **dst)
|
||||
{
|
||||
return ((ws_ctx_t *)cl->wsctx)->encode(cl, src, len, dst);
|
||||
}
|
||||
|
||||
int
|
||||
webSocketsDecode(rfbClientPtr cl, char *dst, int len)
|
||||
{
|
||||
return ((ws_ctx_t *)cl->wsctx)->decode(cl, dst, len);
|
||||
}
|
||||
|
||||
|
||||
/* returns TRUE if client sent a close frame or a single 'end of frame'
|
||||
* marker was received, FALSE otherwise
|
||||
*
|
||||
* Note: This is a Hixie-only hack!
|
||||
**/
|
||||
rfbBool
|
||||
webSocketCheckDisconnect(rfbClientPtr cl)
|
||||
{
|
||||
ws_ctx_t *wsctx = (ws_ctx_t *)cl->wsctx;
|
||||
/* With Base64 encoding we need at least 4 bytes */
|
||||
char peekbuf[4];
|
||||
int n;
|
||||
|
||||
if (wsctx->version == WEBSOCKETS_VERSION_HYBI)
|
||||
return FALSE;
|
||||
|
||||
if (cl->sslctx)
|
||||
n = rfbssl_peek(cl, peekbuf, 4);
|
||||
else
|
||||
n = recv(cl->sock, peekbuf, 4, MSG_PEEK);
|
||||
|
||||
if (n <= 0) {
|
||||
if (n != 0)
|
||||
rfbErr("%s: peek; %m", __func__);
|
||||
rfbCloseClient(cl);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
if (peekbuf[0] == '\xff') {
|
||||
int doclose = 0;
|
||||
/* Make sure we don't miss a client disconnect on an end frame
|
||||
* marker. Because we use a peek buffer in some cases it is not
|
||||
* applicable to wait for more data per select(). */
|
||||
switch (n) {
|
||||
case 3:
|
||||
if (peekbuf[1] == '\xff' && peekbuf[2] == '\x00')
|
||||
doclose = 1;
|
||||
break;
|
||||
case 2:
|
||||
if (peekbuf[1] == '\x00')
|
||||
doclose = 1;
|
||||
break;
|
||||
default:
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (cl->sslctx)
|
||||
n = rfbssl_read(cl, peekbuf, n);
|
||||
else
|
||||
n = read(cl->sock, peekbuf, n);
|
||||
|
||||
if (doclose) {
|
||||
rfbErr("%s: websocket close frame received\n", __func__);
|
||||
rfbCloseClient(cl);
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
Loading…
Reference in new issue