1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 /* NIST Secure Hash Algorithm
17 * heavily modified by Uwe Hollerbach uh@alumni.caltech edu
18 * from Peter C. Gutmann's implementation as found in
19 * Applied Cryptography by Bruce Schneier
20 * This code is hereby placed in the public domain
27 #include "apr_general.h"
35 * @brief APR-UTIL SHA1 library
38 /** size of the SHA1 DIGEST */
39 #define APR_SHA1_DIGESTSIZE 20
42 * Define the Magic String prefix that identifies a password as being
43 * hashed using our algorithm.
45 #define APR_SHA1PW_ID "{SHA}"
47 /** length of the SHA Password */
48 #define APR_SHA1PW_IDLEN 5
50 /** @see apr_sha1_ctx_t */
51 typedef struct apr_sha1_ctx_t apr_sha1_ctx_t
;
54 * SHA1 context structure
56 struct apr_sha1_ctx_t
{
58 apr_uint32_t digest
[5];
59 /** 64-bit bit counts */
60 apr_uint32_t count_lo
, count_hi
;
61 /** SHA data buffer */
62 apr_uint32_t data
[16];
63 /** unprocessed amount in data */
68 * Provide a means to SHA1 crypt/encode a plaintext password in a way which
69 * makes password file compatible with those commonly use in netscape web
70 * and ldap installations.
71 * @param clear The plaintext password
72 * @param len The length of the plaintext password
73 * @param out The encrypted/encoded password
74 * @note SHA1 support is useful for migration purposes, but is less
75 * secure than Apache's password format, since Apache's (MD5)
76 * password format uses a random eight character salt to generate
77 * one of many possible hashes for the same password. Netscape
78 * uses plain SHA1 without a salt, so the same password
79 * will always generate the same hash, making it easier
80 * to break since the search space is smaller.
82 APU_DECLARE(void) apr_sha1_base64(const char *clear
, int len
, char *out
);
85 * Initialize the SHA digest
86 * @param context The SHA context to initialize
88 APU_DECLARE(void) apr_sha1_init(apr_sha1_ctx_t
*context
);
91 * Update the SHA digest
92 * @param context The SHA1 context to update
93 * @param input The buffer to add to the SHA digest
94 * @param inputLen The length of the input buffer
96 APU_DECLARE(void) apr_sha1_update(apr_sha1_ctx_t
*context
, const char *input
,
97 unsigned int inputLen
);
100 * Update the SHA digest with binary data
101 * @param context The SHA1 context to update
102 * @param input The buffer to add to the SHA digest
103 * @param inputLen The length of the input buffer
105 APU_DECLARE(void) apr_sha1_update_binary(apr_sha1_ctx_t
*context
,
106 const unsigned char *input
,
107 unsigned int inputLen
);
110 * Finish computing the SHA digest
111 * @param digest the output buffer in which to store the digest
112 * @param context The context to finalize
114 APU_DECLARE(void) apr_sha1_final(unsigned char digest
[APR_SHA1_DIGESTSIZE
],
115 apr_sha1_ctx_t
*context
);
121 #endif /* APR_SHA1_H */