Help: SHA-1 problem, requires some expert advice.

Discussion in 'Java' started by FISH, Jun 27, 2004.

  1. FISH

    FISH Guest

    I'd be very grateful if someone could help me out with this
    problem regarding the internals of SHA-1 and Java. I maintain
    an Open Source (GPL) project which implements the Yahoo Instant
    Messenger protocol (YMSG) as a Java package...

    http://jymsg9.sourceforge.net/

    As I'm sure you know, Yahoo occasionally tweaks its login
    protocol to lock out third party code. So far I've been able
    to match them by updating my own code, based upon changes made
    to other third party projects like libyahoo2 and gaim (see
    http://libyahoo2.sf.net/ and http://gaim.sf.net/ ). But the
    most recent change has caused me some headaches. It's a small
    alteration regarding SHA-1, but I'm not sure if I can easily
    replicate it in Java.

    I'm hoping some knowledgable soul here will throw some light on
    the matter - if I cannot solve this problem, then the whole jYMSG
    project is at threat!

    Below is a fragment of C source (taken from libyahoo2, via Gaim)
    showing the two new lines apparently required to fix the login
    process. As you can see, it involves an assignment to a variable
    'sizeLo'... My problem is, how can I replicate this using the
    standard SHA-1 code which comes with java.security.MessageDigest ?

    shaUpdate(&ctx1, crypt_hash_xor1, 64);
    /* Start of additions */
    if(j>=3)
    ctx1.sizeLo = 0x1ff;
    /* End of additions */
    shaUpdate(&ctx1, magic_key_char, 4);
    shaFinal(&ctx1, digest1);

    My knowledge of message digests and the like is limited. I took
    a look at some SHA-1 C source on-line, and it appears that sizeLo
    is manipulated when updating the digest, then used when padding
    the data(?). But there is a further update following the setting
    of sizeLo, so I can't just replicate the behaviour by manually
    padding the digest with the correct bytes myself (can I?)

    So, I guess my problem amounts to....

    1) Can I reproduce the effect of setting sizeLo mid-way through
    a digest update, as in the source above, using
    java.security.MessageDigest ?
    2) If not, can anyone recommend a good, GPL-friendly, SHA-1
    implementation in Java, which would facilitate such a thing?

    Any help or suggestions gratefully received! :)

    Some links... The SHA-1 C source I studied was here...
    http://www.openaether.org/jabberd2/source/util/sha1.c
    http://www.openaether.org/jabberd2/source/util/sha1.h
    And the web CVS page for the complete source file from which
    the sample C fragement was taken is here...
    http://cvs.sourceforge.net/viewcvs.py/libyahoo2/libyahoo2/src/libyahoo2.c


    -FISH- ><>
     
    FISH, Jun 27, 2004
    #1
    1. Advertising

  2. FISH

    Roedy Green Guest

    On 27 Jun 2004 06:38:09 -0700, (FISH) wrote or
    quoted :

    >Any help or suggestions gratefully received! :)


    Is Yahoo attempting to block others from accessing its IM service
    other than with their clients?

    Surely they have the legal right to do that, even though it will
    inconvenience many.

    --
    Canadian Mind Products, Roedy Green.
    Coaching, problem solving, economical contract programming.
    See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
     
    Roedy Green, Jun 27, 2004
    #2
    1. Advertising

  3. FISH

    nobody Guest


    > 1) Can I reproduce the effect of setting sizeLo mid-way through
    > a digest update, as in the source above, using
    > java.security.MessageDigest ?


    Unlikely.

    > 2) If not, can anyone recommend a good, GPL-friendly, SHA-1
    > implementation in Java, which would facilitate such a thing?
    >


    BouncyCastle (http://www.bouncycastle.org) is good, and has a fairly
    liberal license compatible with the GPL. The GNU Crypto project
    (http://www.gnu.org/software/gnu-crypto) is also GPL-friendly.
     
    nobody, Jun 28, 2004
    #3
  4. FISH

    FISH Guest

    (FISH) wrote in message news:<>...
    > I'd be very grateful if someone could help me out with this
    > problem regarding the internals of SHA-1 and Java. I maintain
    > an Open Source (GPL) project which implements the Yahoo Instant
    > Messenger protocol (YMSG) as a Java package...
    >
    > http://jymsg9.sourceforge.net/

    [snipped...]


    A big thanks to those who posted and emailed solutions to this problem.

    As it turned out, one of the project's users had already crafted a
    SHA1 implementation which was capable of being manipulated in the way
    needed - so jYMSG is back in business once more! Even so, I'm going
    to look into the links you people provided, as I doubt this will be
    the last time Yahoo screw about with their login code.

    Thanks,

    -FISH- ><>
     
    FISH, Jun 29, 2004
    #4
  5. Re: SHA-1 problem, requires some expert advice.


    > 1) Can I reproduce the effect of setting sizeLo mid-way through
    > a digest update, as in the source above, using
    > java.security.MessageDigest ?
    > 2) If not, can anyone recommend a good, GPL-friendly, SHA-1
    > implementation in Java, which would facilitate such a thing?


    Try to find the class (I am not sure if the code is native or in java) which
    contains the implementation of :
    java.security.MessageDigest.getInstance("SHA-1"); ... and decompile it.

    Good Luck.
    Vincent
     
    Vincent Cantin, Jul 20, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tony
    Replies:
    2
    Views:
    405
    =?Utf-8?B?cmVjb2lsQGNvbW11bml0eS5ub3NwYW0=?=
    May 24, 2006
  2. Almad

    sha-2 and sha-512 bindings

    Almad, May 4, 2005, in forum: Python
    Replies:
    1
    Views:
    676
  3. sha, PyCrypto, SHA-256

    , Dec 16, 2006, in forum: Python
    Replies:
    3
    Views:
    2,304
    Tim Henderson
    Dec 19, 2006
  4. Tony

    Expert advice needed on some strange event handling

    Tony, May 24, 2006, in forum: ASP .Net Web Controls
    Replies:
    3
    Views:
    140
  5. myalo
    Replies:
    4
    Views:
    1,334
    A. Sinan Unur
    Nov 28, 2007
Loading...

Share This Page