Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
opencurve
Curve
提交
b0e813d7
Curve
项目概览
opencurve
/
Curve
9 个月 前同步成功
通知
7
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
Curve
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
b0e813d7
编写于
6月 19, 2020
作者:
Y
yangyaokai
提交者:
charisu
8月 12, 2020
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
replace HMacSha256 impl
Change-Id: Ib4842dd3569d706ccc504b2f7714f6ab684b6103
上级
df1b21fa
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
113 addition
and
68 deletion
+113
-68
LICENSE
LICENSE
+5
-0
src/common/authenticator.cpp
src/common/authenticator.cpp
+64
-62
src/common/authenticator.h
src/common/authenticator.h
+3
-6
test/common/BUILD
test/common/BUILD
+1
-0
test/common/authenticator_test.cpp
test/common/authenticator_test.cpp
+40
-0
未找到文件。
LICENSE
浏览文件 @
b0e813d7
...
...
@@ -91,6 +91,11 @@ Copyright: Copyright (c) 2020, NetEase Inc.
Copyright (c) 2015 Baidu.com, Inc.
License: Apache 2.0 (see LICENSE_APACHE)
Files: src/common/authenticator.cpp
Copyright: Copyright (c) 2020, NetEase Inc.
Copyright (c) 2016 Baidu, Inc.
License: Apache 2.0 (see LICENSE_APACHE)
Files: src/common/hash.h
Copyright: Copyright (c) 2020, NetEase Inc.
Copyright (c) 2015, Baidu.com
...
...
src/common/authenticator.cpp
浏览文件 @
b0e813d7
...
...
@@ -19,27 +19,59 @@
* File Created: Monday, 1st April 2019 5:15:34 pm
* Author: tongguangxun
*/
// function HMacSha256() is copy from brpc project:
//
// Copyright (c) 2016 Baidu, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Authors: Ge,Jun (gejun@baidu.com)
// Jiashun Zhu (zhujiashun@baidu.com)
#ifdef OPENSSL_NO_SHA256
#undef OPENSSL_NO_SHA256
#endif
#include <glog/logging.h>
#include <openssl/sha.h>
#include <openssl/hmac.h>
#include <string.h>
#include "src/common/authenticator.h"
// Older openssl does not have EVP_sha256. To make the code always compile,
// we mark the symbol as weak. If the runtime does not have the function,
// handshaking will fallback to the simple one.
extern
"C"
{
const
EVP_MD
*
__attribute__
((
weak
))
EVP_sha256
(
void
);
}
namespace
curve
{
namespace
common
{
std
::
string
Authenticator
::
CalcString2Signature
(
const
std
::
string
&
in
,
const
std
::
string
&
secretKey
)
{
std
::
string
signature
;
unsigned
char
digest
[
BUFSIZ
];
memset
(
digest
,
0x00
,
BUFSIZ
);
HMacSha256
((
unsigned
char
*
)
in
.
c_str
(),
in
.
size
(),
(
unsigned
char
*
)
secretKey
.
c_str
(),
secretKey
.
size
(),
digest
);
signature
=
Base64
(
digest
,
SHA256_DIGEST_LENGTH
);
int
ret
=
HMacSha256
((
unsigned
char
*
)
secretKey
.
c_str
(),
secretKey
.
size
(),
(
unsigned
char
*
)
in
.
c_str
(),
in
.
size
(),
digest
);
if
(
ret
==
0
)
{
signature
=
Base64
(
digest
,
SHA256_DIGEST_LENGTH
);
}
return
signature
;
}
...
...
@@ -52,67 +84,37 @@ std::string Authenticator::GetString2Signature(uint64_t date,
.
append
(
owner
);
}
void
Authenticator
::
HMacSha256
(
const
unsigned
char
*
text
,
/* pointer to data stream */
int
text_len
,
/* length of data stream */
const
unsigned
char
*
key
,
/* pointer to authentication key */
int
key_len
,
/* length of authentication key */
void
*
digest
)
{
unsigned
char
k_ipad
[
65
];
/* inner padding key XORd with ipad */
unsigned
char
k_opad
[
65
];
/* outer padding key XORd with opad */
unsigned
char
tk
[
SHA256_DIGEST_LENGTH
];
unsigned
char
tk2
[
SHA256_DIGEST_LENGTH
];
unsigned
char
bufferIn
[
1024
];
unsigned
char
bufferOut
[
1024
];
int
i
;
/* if key is longer than 64 bytes reset it to key=sha256(key) */
if
(
key_len
>
64
)
{
SHA256
(
key
,
key_len
,
tk
);
key
=
tk
;
key_len
=
SHA256_DIGEST_LENGTH
;
int
Authenticator
::
HMacSha256
(
const
void
*
key
,
int
key_size
,
const
void
*
data
,
int
data_size
,
void
*
digest
)
{
if
(
NULL
==
EVP_sha256
)
{
LOG
(
ERROR
)
<<
"Fail to find EVP_sha256."
;
return
-
1
;
}
/*
* the HMAC_SHA256 transform looks like:
*
* SHA256(K XOR opad, SHA256(K XOR ipad, text))
*
* where K is an n byte key
* ipad is the byte 0x36 repeated 64 times
* opad is the byte 0x5c repeated 64 times
* and text is the data being protected
*/
/* start out by storing key in pads */
memset
(
k_ipad
,
0
,
sizeof
k_ipad
);
memset
(
k_opad
,
0
,
sizeof
k_opad
);
memcpy
(
k_ipad
,
key
,
key_len
);
memcpy
(
k_opad
,
key
,
key_len
);
/* XOR key with ipad and opad values */
for
(
i
=
0
;
i
<
64
;
i
++
)
{
k_ipad
[
i
]
^=
0x36
;
k_opad
[
i
]
^=
0x5c
;
unsigned
int
digest_size
=
0
;
unsigned
char
*
temp_digest
=
(
unsigned
char
*
)
digest
;
if
(
key
==
NULL
)
{
// NOTE: first parameter of EVP_Digest in older openssl is void*.
if
(
EVP_Digest
(
const_cast
<
void
*>
(
data
),
data_size
,
temp_digest
,
&
digest_size
,
EVP_sha256
(),
NULL
)
<
0
)
{
LOG
(
ERROR
)
<<
"Fail to EVP_Digest"
;
return
-
1
;
}
}
else
{
// Note: following code uses HMAC_CTX previously which is ABI
// inconsistent in different version of openssl.
if
(
HMAC
(
EVP_sha256
(),
key
,
key_size
,
(
const
unsigned
char
*
)
data
,
data_size
,
temp_digest
,
&
digest_size
)
==
NULL
)
{
LOG
(
ERROR
)
<<
"Fail to HMAC"
;
return
-
1
;
}
}
/*
* perform inner SHA256
*/
memset
(
bufferIn
,
0x00
,
1024
);
memcpy
(
bufferIn
,
k_ipad
,
64
);
memcpy
(
bufferIn
+
64
,
text
,
text_len
);
SHA256
(
bufferIn
,
64
+
text_len
,
tk2
);
/*
* perform outer SHA256
*/
memset
(
bufferOut
,
0x00
,
1024
);
memcpy
(
bufferOut
,
k_opad
,
64
);
memcpy
(
bufferOut
+
64
,
tk2
,
SHA256_DIGEST_LENGTH
);
SHA256
(
bufferOut
,
64
+
SHA256_DIGEST_LENGTH
,
(
unsigned
char
*
)
digest
);
if
(
digest_size
!=
32
)
{
LOG
(
ERROR
)
<<
"digest_size="
<<
digest_size
<<
" of sha256 is not 32"
;
return
-
1
;
}
return
0
;
}
std
::
string
Authenticator
::
Base64
(
const
unsigned
char
*
src
,
size_t
sz
)
{
...
...
src/common/authenticator.h
浏览文件 @
b0e813d7
...
...
@@ -56,12 +56,9 @@ class Authenticator {
const
std
::
string
&
secretKey
);
private:
static
void
HMacSha256
(
const
unsigned
char
*
text
,
/* pointer to data stream */
int
text_len
,
/* length of data stream */
const
unsigned
char
*
key
,
/* pointer to authentication key */
int
key_len
,
/* length of authentication key */
void
*
digest
);
static
int
HMacSha256
(
const
void
*
key
,
int
key_size
,
const
void
*
data
,
int
data_size
,
void
*
digest
);
static
std
::
string
Base64
(
const
unsigned
char
*
src
,
size_t
sz
);
};
...
...
test/common/BUILD
浏览文件 @
b0e813d7
...
...
@@ -24,6 +24,7 @@ cc_test(
],
deps
=
[
"//src/common:curve_common"
,
"//src/common:curve_auth"
,
"//src/common:curve_s3_adapter"
,
"//src/common/concurrent:curve_concurrent"
,
"@com_google_googletest//:gtest_main"
,
...
...
test/common/authenticator_test.cpp
0 → 100644
浏览文件 @
b0e813d7
/*
* Copyright (c) 2020 NetEase Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* Project: curve
* Created Date: Thursday November 29th 2018
* Author: yangyaokai
*/
#include <gtest/gtest.h>
#include <string>
#include "src/common/authenticator.h"
namespace
curve
{
namespace
common
{
TEST
(
AuthenticatorTEST
,
basic_test
)
{
std
::
string
key
=
"123456"
;
std
::
string
data
=
"/data/123"
;
std
::
string
sig
=
Authenticator
::
CalcString2Signature
(
data
,
key
);
std
::
string
expect
=
"ZKNsnF9DXRxeb0+xTgFD2zLYkQnE6Sy/g2ebqWEAdlc="
;
ASSERT_STREQ
(
sig
.
c_str
(),
expect
.
c_str
());
}
}
// namespace common
}
// namespace curve
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录