Refactor Sha API to return raw bytes, added Sha1() function.

2023-06-17 17:36:11 +00:00 · 2023-06-17 17:36:11 +00:00 · 8bda70b1fb
commit 8bda70b1fb
parent 8f0d197480
5 changed files with 117 additions and 41 deletions
--- a/Cytoplasm/src/include/Sha2.h
+++ b/Cytoplasm/src/include/Sha2.h
@ -21,30 +21,28 @@
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */
+#include <Sha.h>
+#include <Memory.h>

-#ifndef CYTOPLASM_SHA2_H
-#define CYTOPLASM_SHA2_H
+#include <stdio.h>
+#include <string.h>

-/***
- * @Nm Sha2
- * @Nd A simple implementation of the SHA2 hashing functions.
- * @Dd December 19 2022
- * @Xr Memory Base64
- *
- * This API defines simple functions for computing SHA2 hashes.
- * At the moment, it only defines
- * .Fn Sha256 ,
- * which computes the SHA-256 hash of the given C string. It is
- * not trivial to implement SHA-512 in ANSI C due to the lack of
- * a 64-bit integer type, so that hash function has been omitted.
- */
+char *
+ShaToHex(unsigned char *bytes)
+{
+	size_t i = 0;
+	char *str = Malloc(((strlen((char *) bytes) * 2) + 1) * sizeof(char));

-/**
- * This function takes a pointer to a NULL-terminated C string, and
- * returns a string allocated on the heap using the Memory API, or
- * NULL if there was an error allocating memory. The returned string
- * should be freed when it is no longer needed.
- */
-extern char * Sha256(char *);
+	if (!str)
+	{
+		return NULL;
+	}

-#endif                             /* CYTOPLASM_SHA2_H */
+	while (bytes[i] != '\0')
+	{
+		snprintf(str + (2 * i), 3, "%02x",  bytes[i]);
+		i++;
+	}
+
+	return str;
+}
--- a/Cytoplasm/src/Sha/Sha256.c
+++ b/Cytoplasm/src/Sha/Sha256.c
@ -21,7 +21,7 @@
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */
-#include <Sha2.h>
+#include <Sha.h>
 #include <Memory.h>
 #include <Int.h>

@ -170,13 +170,12 @@ Sha256Process(Sha256Context * context, unsigned char *data, size_t length)
    }
 }

-char *
+unsigned char *
 Sha256(char *str)
 {
    Sha256Context context;
    size_t i;
-    unsigned char out[32];
-    char *outStr;
+    unsigned char *out;

    unsigned char fill[64];
    UInt32 fillLen;
@ -189,8 +188,8 @@ Sha256(char *str)
        return NULL;
    }

-    outStr = Malloc(65);
-    if (!outStr)
+    out = Malloc(33 * sizeof(unsigned char));
+    if (!out)
    {
        return NULL;
    }
@ -228,11 +227,7 @@ Sha256(char *str)
        PUT_UINT32(&out[4 * i], context.state[i]);
    }

-    /* Convert to string */
-    for (i = 0; i < 32; i++)
-    {
-        snprintf(outStr + (2 * i), 3, "%02x", out[i]);
-    }
+	out[32] = '\0';

-    return outStr;
+    return out;
 }
--- a/Cytoplasm/src/include/Sha.h
+++ b/Cytoplasm/src/include/Sha.h
@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2022-2023 Jordan Bancino <@jordan:bancino.net>
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation files
+ * (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#ifndef CYTOPLASM_SHA_H
+#define CYTOPLASM_SHA_H
+
+/***
+ * @Nm Sha
+ * @Nd A simple implementation of a few SHA hashing functions.
+ * @Dd December 19 2022
+ * @Xr Memory Base64
+ *
+ * This API defines simple functions for computing SHA hashes.
+ * At the moment, it only defines
+ * .Fn Sha256
+ * and
+ * .Fn Sha1 ,
+ * which compute the SHA-256 and SHA-1 hashes of the given C string,
+ * respectively. It is not trivial to implement SHA-512 in ANSI C
+ * due to the lack of a 64-bit integer type, so that hash
+ * function has been omitted.
+ */
+
+/**
+ * This function takes a pointer to a NULL-terminated C string, and
+ * returns a NULL-terminated byte buffer allocated on the heap using
+ * the Memory API, or NULL if there was an error allocating memory.
+ * The returned byte buffer should be freed when it is no longer
+ * needed. It is important to note that the returned buffer is not
+ * a printable string; to get a printable string, use 
+ * .Fn ShaToHex .
+ */
+extern unsigned char * Sha256(char *);
+
+/**
+ * This function takes a pointer to a NULL-terminated C string, and
+ * returns a NULL-terminated byte buffer allocated on the heap using
+ * the Memory API, or NULL if there was an error allocating memory.
+ * The returned byte buffer should be freed when it is no longer
+ * needed. It is important to note that the returned buffer is not
+ * a printable string; to get a printable string, use 
+ * .Fn ShaToHex .
+ */
+extern unsigned char * Sha1(char *);
+
+/**
+ * Convert a SHA byte buffer into a hex string. These hex strings
+ * are typically what is transmitted, stored, and compared, however
+ * there may be times when it is necessary to work with the raw
+ * bytes directly, which is why the conversion to a hex string is
+ * a separate step.
+ */
+extern char * ShaToHex(unsigned char *);
+
+#endif                             /* CYTOPLASM_SHA_H */
--- a/TODO.txt
+++ b/TODO.txt
@ -16,10 +16,11 @@ Milestone: v0.4.0

 [ ] Client-Server API
    [ ] 6: Filtering
-    [ ] 7: Events
+    [~] 7: Events
        [ ] Compute size of JSON object in Canonical JSON
-        [ ] Rename Sha2.h to just Sha; add Sha1() function
-        [ ] Make Sha256() return raw bytes; add function to convert to string
+        [x] Rename Sha2.h to just Sha; add Sha1() function
+        [x] Make Sha256() return raw bytes; add function to
+            convert to hex string.
    [ ] 8: Rooms
    [~] 9: User Data
        [x] Profiles
--- a/src/User.c
+++ b/src/User.c
@ -25,7 +25,7 @@
 #include <Util.h>
 #include <Memory.h>
 #include <Str.h>
-#include <Sha2.h>
+#include <Sha.h>
 #include <Json.h>

 #include <string.h>
@ -358,6 +358,7 @@ UserCheckPassword(User * user, char *password)
    char *storedHash;
    char *salt;

+    unsigned char *hashBytes;
    char *hashedPwd;
    char *tmp;

@ -379,8 +380,10 @@ UserCheckPassword(User * user, char *password)
    }

    tmp = StrConcat(2, password, salt);
-    hashedPwd = Sha256(tmp);
+    hashBytes = Sha256(tmp);
+    hashedPwd = ShaToHex(hashBytes);
    Free(tmp);
+    Free(hashBytes);

    result = StrEquals(hashedPwd, storedHash);

@ -394,6 +397,7 @@ UserSetPassword(User * user, char *password)
 {
    HashMap *json;

+    unsigned char *hashBytes;
    char *hash = NULL;
    char *salt = NULL;
    char *tmpstr = NULL;
@ -407,13 +411,15 @@ UserSetPassword(User * user, char *password)

    salt = StrRandom(16);
    tmpstr = StrConcat(2, password, salt);
-    hash = Sha256(tmpstr);
+    hashBytes = Sha256(tmpstr);
+    hash = ShaToHex(hashBytes);

    JsonValueFree(HashMapSet(json, "salt", JsonValueString(salt)));
    JsonValueFree(HashMapSet(json, "password", JsonValueString(hash)));

    Free(salt);
    Free(hash);
+    Free(hashBytes);
    Free(tmpstr);

    return 1;