Changeset 31db8165 for lib

Timestamp:

2011-12-21T19:03:56Z (12 years ago)

Author:

Wilmer van der Gaast <wilmer@…>

Branches:

master

Children:

e306fbf

Parents:

0dd6570

Message:

Use sha1_hmac() instead of reimplementing the algorithm in oauth_sign().

File:

• lib/oauth.c (modified) (2 diffs)

lib/oauth.c

@@ -38 +38 @@
                          const char *params, struct oauth_info *oi )
 {
-        sha1_state_t sha1;
         uint8_t hash[sha1_hash_size];
-        uint8_t key[HMAC_BLOCK_SIZE+1];
+        GString *payload = g_string_new( "" );
+        char *key;
         char *s;
-        int i;
-        
-        /* Create K. If our current key is >64 chars we have to hash it,
-           otherwise just pad. */
-        memset( key, 0, HMAC_BLOCK_SIZE );
-        i = strlen( oi->sp->consumer_secret ) + 1 + ( oi->token_secret ? strlen( oi->token_secret ) : 0 );
-        if( i > HMAC_BLOCK_SIZE )
-        {
-                sha1_init( &sha1 );
-                sha1_append( &sha1, (uint8_t*) oi->sp->consumer_secret, strlen( oi->sp->consumer_secret ) );
-                sha1_append( &sha1, (uint8_t*) "&", 1 );
-                if( oi->token_secret )
-                        sha1_append( &sha1, (uint8_t*) oi->token_secret, strlen( oi->token_secret ) );
-                sha1_finish( &sha1, key );
-        }
-        else
-        {
-                g_snprintf( (gchar*) key, HMAC_BLOCK_SIZE + 1, "%s&%s",
-                            oi->sp->consumer_secret, oi->token_secret ? oi->token_secret : "" );
-        }
-        
-        /* Inner part: H(K XOR 0x36, text) */
-        sha1_init( &sha1 );
-        
-        for( i = 0; i < HMAC_BLOCK_SIZE; i ++ )
-                key[i] ^= 0x36;
-        sha1_append( &sha1, key, HMAC_BLOCK_SIZE );
-        
-        /* OAuth: text = method&url&params, all http_encoded. */
-        sha1_append( &sha1, (const uint8_t*) method, strlen( method ) );
-        sha1_append( &sha1, (const uint8_t*) "&", 1 );
+        
+        key = g_strdup_printf( "%s&%s", oi->sp->consumer_secret, oi->token_secret ? oi->token_secret : "" );
+        
+        g_string_append_printf( payload, "%s&", method );
         
         s = g_new0( char, strlen( url ) * 3 + 1 );
         strcpy( s, url );
         http_encode( s );
-        sha1_append( &sha1, (const uint8_t*) s, strlen( s ) );
-        sha1_append( &sha1, (const uint8_t*) "&", 1 );
+        g_string_append_printf( payload, "%s&", s );
         g_free( s );
         
@@ -84 +56 @@
         strcpy( s, params );
         http_encode( s );
-        sha1_append( &sha1, (const uint8_t*) s, strlen( s ) );
-        g_free( s );
-        
-        sha1_finish( &sha1, hash );
-        
-        /* Final result: H(K XOR 0x5C, inner stuff) */
-        sha1_init( &sha1 );
-        for( i = 0; i < HMAC_BLOCK_SIZE; i ++ )
-                key[i] ^= 0x36 ^ 0x5c;
-        sha1_append( &sha1, key, HMAC_BLOCK_SIZE );
-        sha1_append( &sha1, hash, sha1_hash_size );
-        sha1_finish( &sha1, hash );
+        g_string_append( payload, s );
+        g_free( s );
+        
+        sha1_hmac( key, 0, payload->str, 0, hash );
+        
+        g_free( key );
+        g_string_free( payload, TRUE );
         
         /* base64_encode + HTTP escape it (both consumers