[be28fe7] | 1 | /***************************************************************************\ |
---|
| 2 | * * |
---|
| 3 | * BitlBee - An IRC to IM gateway * |
---|
| 4 | * Simple OAuth client (consumer) implementation. * |
---|
| 5 | * * |
---|
| 6 | * Copyright 2010 Wilmer van der Gaast <wilmer@gaast.net> * |
---|
| 7 | * * |
---|
| 8 | * This library is free software; you can redistribute it and/or * |
---|
| 9 | * modify it under the terms of the GNU Lesser General Public * |
---|
| 10 | * License as published by the Free Software Foundation, version * |
---|
| 11 | * 2.1. * |
---|
| 12 | * * |
---|
| 13 | * This library is distributed in the hope that it will be useful, * |
---|
| 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * |
---|
| 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * |
---|
| 16 | * Lesser General Public License for more details. * |
---|
| 17 | * * |
---|
| 18 | * You should have received a copy of the GNU Lesser General Public License * |
---|
| 19 | * along with this library; if not, write to the Free Software Foundation, * |
---|
| 20 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA * |
---|
| 21 | * * |
---|
| 22 | \***************************************************************************/ |
---|
| 23 | |
---|
| 24 | #include <glib.h> |
---|
| 25 | #include <gmodule.h> |
---|
| 26 | #include <stdlib.h> |
---|
| 27 | #include <string.h> |
---|
| 28 | #include "base64.h" |
---|
| 29 | #include "misc.h" |
---|
| 30 | #include "sha1.h" |
---|
| 31 | |
---|
| 32 | #define CONSUMER_KEY "xsDNKJuNZYkZyMcu914uEA" |
---|
| 33 | #define CONSUMER_SECRET "FCxqcr0pXKzsF9ajmP57S3VQ8V6Drk4o2QYtqMcOszo" |
---|
| 34 | /* How can it be a secret if it's right here in the source code? No clue... */ |
---|
| 35 | |
---|
| 36 | #define HMAC_BLOCK_SIZE 64 |
---|
| 37 | |
---|
| 38 | struct oauth_state |
---|
| 39 | { |
---|
| 40 | }; |
---|
| 41 | |
---|
| 42 | static char *oauth_sign( const char *method, const char *url, |
---|
| 43 | const char *params, const char *token_secret ) |
---|
| 44 | { |
---|
| 45 | sha1_state_t sha1; |
---|
| 46 | uint8_t hash[sha1_hash_size]; |
---|
| 47 | uint8_t key[HMAC_BLOCK_SIZE+1]; |
---|
| 48 | char *s; |
---|
| 49 | int i; |
---|
| 50 | |
---|
| 51 | /* Create K. If our current key is >64 chars we have to hash it, |
---|
| 52 | otherwise just pad. */ |
---|
| 53 | memset( key, 0, HMAC_BLOCK_SIZE ); |
---|
| 54 | i = strlen( CONSUMER_SECRET ) + 1 + token_secret ? strlen( token_secret ) : 0; |
---|
| 55 | if( i > HMAC_BLOCK_SIZE ) |
---|
| 56 | { |
---|
| 57 | sha1_init( &sha1 ); |
---|
| 58 | sha1_append( &sha1, CONSUMER_SECRET, strlen( CONSUMER_SECRET ) ); |
---|
| 59 | sha1_append( &sha1, "&", 1 ); |
---|
| 60 | if( token_secret ) |
---|
| 61 | sha1_append( &sha1, token_secret, strlen( token_secret ) ); |
---|
| 62 | sha1_finish( &sha1, key ); |
---|
| 63 | } |
---|
| 64 | else |
---|
| 65 | { |
---|
| 66 | g_snprintf( key, HMAC_BLOCK_SIZE + 1, "%s&%s", |
---|
| 67 | CONSUMER_SECRET, token_secret ? : "" ); |
---|
| 68 | } |
---|
| 69 | |
---|
| 70 | /* Inner part: H(K XOR 0x36, text) */ |
---|
| 71 | sha1_init( &sha1 ); |
---|
| 72 | |
---|
| 73 | for( i = 0; i < HMAC_BLOCK_SIZE; i ++ ) |
---|
| 74 | key[i] ^= 0x36; |
---|
| 75 | sha1_append( &sha1, key, HMAC_BLOCK_SIZE ); |
---|
| 76 | |
---|
| 77 | /* OAuth: text = method&url¶ms, all http_encoded. */ |
---|
| 78 | sha1_append( &sha1, (const uint8_t*) method, strlen( method ) ); |
---|
| 79 | sha1_append( &sha1, (const uint8_t*) "&", 1 ); |
---|
| 80 | |
---|
| 81 | s = g_new0( char, strlen( url ) * 3 + 1 ); |
---|
| 82 | strcpy( s, url ); |
---|
| 83 | http_encode( s ); |
---|
| 84 | sha1_append( &sha1, (const uint8_t*) s, strlen( s ) ); |
---|
| 85 | sha1_append( &sha1, (const uint8_t*) "&", 1 ); |
---|
| 86 | g_free( s ); |
---|
| 87 | |
---|
| 88 | s = g_new0( char, strlen( params ) * 3 + 1 ); |
---|
| 89 | strcpy( s, params ); |
---|
| 90 | http_encode( s ); |
---|
| 91 | sha1_append( &sha1, (const uint8_t*) s, strlen( s ) ); |
---|
| 92 | g_free( s ); |
---|
| 93 | |
---|
| 94 | sha1_finish( &sha1, hash ); |
---|
| 95 | |
---|
| 96 | /* Final result: H(K XOR 0x5C, inner stuff) */ |
---|
| 97 | sha1_init( &sha1 ); |
---|
| 98 | for( i = 0; i < HMAC_BLOCK_SIZE; i ++ ) |
---|
| 99 | key[i] ^= 0x36 ^ 0x5c; |
---|
| 100 | sha1_append( &sha1, key, HMAC_BLOCK_SIZE ); |
---|
| 101 | sha1_append( &sha1, hash, sha1_hash_size ); |
---|
| 102 | sha1_finish( &sha1, hash ); |
---|
| 103 | |
---|
| 104 | /* base64_encode it and we're done. */ |
---|
| 105 | return base64_encode( hash, sha1_hash_size ); |
---|
| 106 | } |
---|