Summary:ASTERISK-06162: [patch] implementation of SHA-1 in *
Reporter:Clod Patry (junky)Labels:
Date Opened:2006-01-22 10:56:56.000-0600Date Closed:2006-02-03 15:37:46.000-0600
Versions:Frequency of
Environment:Attachments:( 0) func_sha1.c
( 1) sha1.c
( 2) sha1.diff
( 3) sha1.h
Description:I wrote a first draft to implement SHA-1 in *.
So far, it has just 2 asterisk functions:
SHA1() and CHECK_SHA1() , the same way we have MD5.

sha1.h and sha1.c is provided from the RFC 3174.
Don't know for the license, but for my part, i've disclaimer on file.

exten => 90,1,Set(aa=${SHA1(junky)});

will result with:
   -- Executing Set("SIP/10-5bb9", "aa=60fa5675b9303eb62f99a9cd47f9f5837d18f9a0") in new stack

Maybe if that goes on, we could add that type of auth for IAX2.


You need to put sha1.h and sha.c before applying the diff.
Comments:By: Tilghman Lesher (tilghman) 2006-01-22 11:13:04.000-0600

I was thinking about this the other day.  Why do we have a *_CHECK function at all?  Isn't it always clearer to do $[${MD5(<string>)} = ${stored_md5}] ?

By: Clod Patry (junky) 2006-01-22 11:16:52.000-0600

I think the same thing, maybe we could deprecated these CHECK_* functions.

By: Belaid Arezqui (areski) 2006-01-22 12:15:54.000-0600

It works like a charm for me :D

   -- Executing Set("SIP/kphone-499c", "aa=dcbb6cb152ac486a07bd3dcd5de2db7d8d7aa4b3") in new stack
   -- Executing NoOp("SIP/kphone-499c", ""thanks_junky - sha1=".dcbb6cb152ac486a07bd3dcd5de2db7d8d7aa4b3") in new stack

By: Russell Bryant (russell) 2006-01-22 13:27:42.000-0600

I agree.  I think we should mark MD5_CHECK deprecated for 1.4, to be removed before 1.6.

By: Clod Patry (junky) 2006-01-29 16:53:46.000-0600

Removed my CHECK_SHA1() from func_sha1.c

By: Tilghman Lesher (tilghman) 2006-01-29 23:15:54.000-0600

1.  func_sha1.c is double-spaced.  That needs to be fixed.
2.  The SHA() code in sha1.c appears to be something you've obtained from elsewhere, but I don't see a copyright/license notification for it.  We need that clarified before it can go in.  Is it BSD, public domain, disclaimed, etc.?
3.  stdint.h is not defined on certain platforms (such as FreeBSD) and therefore needs to be conditionally included.

By: Clod Patry (junky) 2006-01-30 10:22:44.000-0600

1. fixed

2. like said when creating this bug ID
"sha1.h and sha1.c is provided from the RFC 3174.
Don't know for the license, but for my part, i've disclaimer on file."
Since it's in RFC, i guess it's public domain no?

3. will do soon.

By: Clod Patry (junky) 2006-01-30 11:11:16.000-0600

point 3 fixed to use the inttypes.h for OpenBSD and FreeBSD.

By: Tilghman Lesher (tilghman) 2006-01-30 19:45:53.000-0600

Okay, at the very bottom of RFC 3174 is the copyright and license on the code in question.  Please add that to sha1.c, in a comment, so it's fully clarified.

By: Clod Patry (junky) 2006-01-30 20:01:57.000-0600

Copyright from RFC added at the beginning of sha1.c.