Remove dependency on sodium to make it compile with 4.4

Author: dirkx

libraries/WebServer/examples/HttpBasicAuthSHA1orBearerToken/HttpBasicAuthSHA1orBearerToken.ino

@@ -3,7 +3,6 @@
 #include <ArduinoOTA.h>
 #include <WebServer.h>
 #include "mbedtls/sha1.h"
-#include "sodium/utils.h"
 
 
 /// We have two options - we either come in with a bearer
@@ -47,28 +46,26 @@ const char* www_password_hex = "8cb124f8c277c16ec0b2ee00569fd151a08e342b";
 const char* www_username_base64 = "base64admin";
 const char* www_password_base64 = "jLEk+MJ3wW7Asu4AVp/RUaCONCs=";
 
+static unsigned char _bearer[20];
 String * check_bearer_or_auth(HTTPAuthMethod mode, String authReq, String params[]) {
   // we expect authReq to be "bearer some-secret"
   //
   String lcAuthReq = authReq;
-  lcAuthReq.toLowerCase();
+  lcAuthReq.toLowerCase();                      
   if (mode == OTHER_AUTH && (lcAuthReq.startsWith("bearer "))) {
     String secret = authReq.substring(7);
     secret.trim();
 
     uint8_t sha1[20];
     mbedtls_sha1((const uint8_t*) secret.c_str(), secret.length(), sha1);
 
-    char sha1calc[48]; // large enough for base64 and Hex represenation
-    sodium_bin2hex(sha1calc, sizeof(sha1calc), sha1, sizeof(sha1));
-
-    if (secret_token_hex.equalsConstantTime(sha1calc))
-      return new String("anything non null");
+    if (0 == memcpy(_bearer, sha1, sizeof(_bearer)))
+        return new String("anything non null");
   };
 
-  // that failed - so do a normal auth
-  //
-  return server.authenticateBasicSHA1(www_username_hex, www_password_hex) ?
+// that failed - so do a normal auth
+//
+return server.authenticateBasicSHA1(www_username_hex, www_password_hex) ?
          new String(params[0]) : NULL;
 };
 
@@ -83,6 +80,22 @@ void setup() {
   }
   ArduinoOTA.begin();
 
+
+  // Convert token to a convenient binary representation.
+  //
+  if (secret_token_hex.length() != 2 * 20) {
+    Serial.println("Bearer token does not look like a hex string ?!");
+  }
+
+  #define _H2D(x) (((x)>='0' && ((x) <='9')) ? ((x)-'0') : (((x)>='a' && (x)<='f') ? ((x)-'a') : 0))
+  #define H2D(x) (_H2D(tolower((x))))
+  const char * _shaBase64 = secret_token_hex.c_str();
+  for (int i = 0; i < 20; i++) {
+    unsigned char c = _shaBase64[2 * i + 0];
+    unsigned char d = _shaBase64[2 * i + 1];
+    _bearer[i] = (H2D(c) << 4) | H2D(d);
+  };
+
   server.on("/", []() {
     if (!server.authenticate(&check_bearer_or_auth)) {
       Serial.println("No/failed authentication");

libraries/WebServer/src/WebServer.cpp

@@ -33,7 +33,6 @@
 #include "mbedtls/md5.h"
 #include "mbedtls/sha1.h"
 #include "mbedtls/base64.h"
-#include "sodium/utils.h"
 
 static const char AUTHORIZATION_HEADER[] = "Authorization";
 static const char qop_auth[] PROGMEM = "qop=auth";
@@ -162,9 +161,16 @@ bool WebServer::authenticateBasicSHA1(const char * _username, const char * _sha1
             // or encode the sha we calculated. We pick the latter as encoding of a 
             // fixed array of 20 bytes s safer than operating on something external.
             //
-            if (strlen(_sha1Base64orHex) == 20 * 2) 
-		sodium_bin2hex(sha1calc, sizeof(sha1calc), sha1, sizeof(sha1));
-            else
+            #define _H2D(x) (((x)>='0' && ((x) <='9')) ? ((x)-'0') : (((x)>='a' && (x)<='f') ? ((x)-'a') : 0))
+            #define H2D(x) (_H2D(tolower((x))))
+            if (strlen(_sha1Base64orHex) == 20 * 2) {
+                for(int i = 0; i < 20; i++) {
+		    unsigned char c = _sha1Base64orHex[2*i];
+		    unsigned char d = _sha1Base64orHex[2*i+1];
+                    sha1calc[i] = (H2D(c)<<4) | H2D(d);
+                };
+                ret = 0;
+            } else
                 ret = mbedtls_base64_encode((uint8_t*)sha1calc, sizeof(sha1calc), &olen, sha1, sizeof(sha1));
 
             return ((username.equalsConstantTime(_username)) &&