| blob | f543d96ed35c52967ec3c73bc7073b5dd52bc29d |
1 /* gchecksum.h - data hashing functions
2 *
3 * Copyright (C) 2007 Emmanuele Bassi <ebassi@gnome.org>
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Library General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Library General Public License for more details.
14 *
15 * You should have received a copy of the GNU Library General Public
16 * License along with this library; if not, write to the
17 * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 * Boston, MA 02111-1307, USA.
19 */
23 #include <string.h>
35 /**
36 * SECTION:checksum
37 * @title: Data Checksums
38 * @short_description: computes the checksum for data
39 *
40 * GLib provides a generic API for computing checksums (or "digests")
41 * for a sequence of arbitrary bytes, using various hashing algorithms
42 * like MD5, SHA-1 and SHA-256. Checksums are commonly used in various
43 * environments and specifications.
44 *
45 * GLib supports incremental checksums using the GChecksum data
46 * structure, by calling g_checksum_update() as long as there's data
47 * available and then using g_checksum_get_string() or
48 * g_checksum_get_digest() to compute the checksum and return it either
49 * as a string in hexadecimal form, or as a raw sequence of bytes. To
50 * compute the checksum for binary blobs and NUL-terminated strings in
51 * one go, use the convenience functions g_compute_checksum_for_data()
52 * and g_compute_checksum_for_string(), respectively.
53 *
54 * Support for checksums has been added in GLib 2.16
55 **/
57 #define IS_VALID_TYPE(type) ((type) >= G_CHECKSUM_MD5 && (type) <= G_CHECKSUM_SHA256)
59 /* The fact that these are lower case characters is part of the ABI */
62 #define MD5_DATASIZE 64
63 #define MD5_DIGEST_LEN 16
66 {
78 #define SHA1_DATASIZE 64
79 #define SHA1_DIGEST_LEN 20
82 {
86 /* we pack 64 unsigned chars into 16 32-bit unsigned integers */
92 #define SHA256_DATASIZE 64
93 #define SHA256_DIGEST_LEN 32
96 {
105 struct _GChecksum
106 {
107 GChecksumType type;
112 Md5sum md5;
113 Sha1sum sha1;
114 Sha256sum sha256;
116 };
118 /* we need different byte swapping functions because MD5 expects buffers
119 * to be little-endian, while SHA1 and SHA256 expect them in big-endian
120 * form.
121 */
123 #if G_BYTE_ORDER == G_LITTLE_ENDIAN
124 #define md5_byte_reverse(buffer,length)
125 #else
126 /* assume that the passed buffer is integer aligned */
129 gulong length)
130 {
131 guint32 bit;
133 do
134 {
139 }
141 }
144 #if G_BYTE_ORDER == G_BIG_ENDIAN
145 #define sha_byte_reverse(buffer,length)
146 #else
149 gint length)
150 {
153 {
156 }
157 }
162 gsize digest_len)
163 {
165 gint i;
171 {
176 }
181 }
183 /*
184 * MD5 Checksum
185 */
187 /* This MD5 digest computation is based on the equivalent code
188 * written by Colin Plumb. It came with this notice:
189 *
190 * This code implements the MD5 message-digest algorithm.
191 * The algorithm is due to Ron Rivest. This code was
192 * written by Colin Plumb in 1993, no copyright is claimed.
193 * This code is in the public domain; do with it what you wish.
194 *
195 * Equivalent code is available from RSA Data Security, Inc.
196 * This code has been tested against that, and is equivalent,
197 * except that you don't need to include two pages of legalese
198 * with every copy.
199 */
201 static void
203 {
204 /* arbitrary constants */
211 }
213 /*
214 * The core of the MD5 algorithm, this alters an existing MD5 hash to
215 * reflect the addition of 16 longwords of new data. md5_sum_update()
216 * blocks the data and converts bytes into longwords for this routine.
217 */
218 static void
221 {
224 /* The four core functions - F1 is optimized somewhat */
225 #define F1(x, y, z) (z ^ (x & (y ^ z)))
226 #define F2(x, y, z) F1 (z, x, y)
227 #define F3(x, y, z) (x ^ y ^ z)
228 #define F4(x, y, z) (y ^ (x | ~z))
230 /* This is the central step in the MD5 algorithm. */
231 #define md5_step(f, w, x, y, z, data, s) \
232 ( w += f (x, y, z) + data, w = w << s | w >> (32 - s), w += x )
312 #undef F1
313 #undef F2
314 #undef F3
315 #undef F4
316 #undef md5_step
317 }
319 static void
322 gsize length)
323 {
324 guint32 bit;
329 /* carry from low to high */
335 /* bytes already in Md5sum->u.data */
338 /* handle any leading odd-sized chunks */
340 {
345 {
348 }
357 }
359 /* process data in 64-byte chunks */
361 {
369 }
371 /* handle any remaining bytes of data */
373 }
375 /* closes a checksum */
376 static void
378 {
379 guint count;
382 /* Compute number of bytes mod 64 */
385 /* Set the first char of padding to 0x80.
386 * This is safe since there is always at least one byte free
387 */
391 /* Bytes of padding needed to make 64 bytes */
394 /* Pad out to 56 mod 64 */
396 {
397 /* Two lots of padding: Pad the first block to 64 bytes */
403 /* Now fill the next block with 56 bytes */
405 }
406 else
407 {
408 /* Pad block to 56 bytes */
410 }
414 /* Append length in bits and transform */
423 /* Reset buffers in case they contain sensitive data */
426 }
430 {
432 }
434 static void
437 {
438 gint i;
442 }
444 /*
445 * SHA-1 Checksum
446 */
448 /* The following implementation comes from D-Bus dbus-sha.c. I've changed
449 * it to use GLib types and to work more like the MD5 implementation above.
450 * I left the comments to have an history of this code.
451 * -- Emmanuele Bassi, ebassi@gnome.org
452 */
454 /* The following comments have the history of where this code
455 * comes from. I actually copied it from GNet in GNOME CVS.
456 * - hp@redhat.com
457 */
459 /*
460 * sha.h : Implementation of the Secure Hash Algorithm
461 *
462 * Part of the Python Cryptography Toolkit, version 1.0.0
463 *
464 * Copyright (C) 1995, A.M. Kuchling
465 *
466 * Distribute and use freely; there are no restrictions on further
467 * dissemination and usage except those imposed by the laws of your
468 * country of residence.
469 *
470 */
472 /* SHA: NIST's Secure Hash Algorithm */
474 /* Based on SHA code originally posted to sci.crypt by Peter Gutmann
475 in message <30ajo5$oe8@ccu2.auckland.ac.nz>.
476 Modified to test for endianness on creation of SHA objects by AMK.
477 Also, the original specification of SHA was found to have a weakness
478 by NSA/NIST. This code implements the fixed version of SHA.
479 */
481 /* Here's the first paragraph of Peter Gutmann's posting:
483 The following is my SHA (FIPS 180) code updated to allow use of the "fixed"
484 SHA, thanks to Jim Gillogly and an anonymous contributor for the information on
485 what's changed in the new version. The fix is a simple change which involves
486 adding a single rotate in the initial expansion function. It is unknown
487 whether this is an optimal solution to the problem which was discovered in the
488 SHA or whether it's simply a bandaid which fixes the problem with a minimum of
489 effort (for example the reengineering of a great many Capstone chips).
490 */
492 static void
494 {
495 /* initialize constants */
502 /* initialize bits */
504 }
506 /* The SHA f()-functions. */
513 /* The SHA Mysterious Constants */
519 /* 32-bit rotate left - kludged with shifts */
520 #define ROTL(n,X) (((X) << n ) | ((X) >> (32 - n)))
522 /* The initial expanding function. The hash function is defined over an
523 80-word expanded input array W, where the first 16 are copies of the input
524 data, and the remaining 64 are defined by
526 W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
528 This implementation generates these values on the fly in a circular
529 buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this
530 optimization.
532 The updated SHA changes the expanding function by adding a rotate of 1
533 bit. Thanks to Jim Gillogly, jim@rand.org, and an anonymous contributor
534 for this information */
536 #define expand(W,i) (W[ i & 15 ] = ROTL (1, (W[ i & 15] ^ \
537 W[(i - 14) & 15] ^ \
538 W[(i - 8) & 15] ^ \
539 W[(i - 3) & 15])))
542 /* The prototype SHA sub-round. The fundamental sub-round is:
544 a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
545 b' = a;
546 c' = ROTL( 30, b );
547 d' = c;
548 e' = d;
550 but this is implemented by unrolling the loop 5 times and renaming the
551 variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
552 This code is then replicated 20 times for each of the 4 functions, using
553 the next 20 values from the W[] array each time */
555 #define subRound(a, b, c, d, e, f, k, data) \
556 (e += ROTL (5, a) + f(b, c, d) + k + data, b = ROTL (30, b))
558 static void
561 {
570 /* Heavy mangling, in 4 sub-rounds of 20 iterations each. */
655 /* Build message digest */
661 }
663 #undef K1
664 #undef K2
665 #undef K3
666 #undef K4
667 #undef f1
668 #undef f2
669 #undef f3
670 #undef f4
671 #undef ROTL
672 #undef expand
673 #undef subRound
675 static void
678 gsize count)
679 {
680 guint32 tmp;
681 guint dataCount;
683 /* Update bitcount */
689 /* Get count of bytes already in data */
692 /* Handle any leading odd-sized chunks */
694 {
699 {
702 }
711 }
713 /* Process data in SHA1_DATASIZE chunks */
715 {
723 }
725 /* Handle any remaining bytes of data. */
727 }
729 /* Final wrapup - pad to SHA_DATASIZE-byte boundary with the bit pattern
730 1 0* (64-bit count of bits processed, MSB-first) */
731 static void
733 {
734 gint count;
737 /* Compute number of bytes mod 64 */
740 /* Set the first char of padding to 0x80. This is safe since there is
741 always at least one byte free */
745 /* Bytes of padding needed to make 64 bytes */
748 /* Pad out to 56 mod 64 */
750 {
751 /* Two lots of padding: Pad the first block to 64 bytes */
757 /* Now fill the next block with 56 bytes */
759 }
760 else
761 {
762 /* Pad block to 56 bytes */
764 }
766 /* Append length in bits and transform */
776 /* Reset buffers in case they contain sensitive data */
779 }
783 {
785 }
787 static void
790 {
791 gint i;
795 }
797 /*
798 * SHA-256 Checksum
799 */
801 /* adapted from the SHA256 implementation in gsk/src/hash/gskhash.c.
802 *
803 * Copyright (C) 2006 Dave Benson
804 * Released under the terms of the GNU Lesser General Public License
805 */
807 static void
809 {
820 }
822 #define GET_UINT32(n,b,i) G_STMT_START{ \
823 (n) = ((guint32) (b)[(i) ] << 24) \
824 | ((guint32) (b)[(i) + 1] << 16) \
825 | ((guint32) (b)[(i) + 2] << 8) \
826 | ((guint32) (b)[(i) + 3] ); } G_STMT_END
828 #define PUT_UINT32(n,b,i) G_STMT_START{ \
829 (b)[(i) ] = (guint8) ((n) >> 24); \
830 (b)[(i) + 1] = (guint8) ((n) >> 16); \
831 (b)[(i) + 2] = (guint8) ((n) >> 8); \
832 (b)[(i) + 3] = (guint8) ((n) ); } G_STMT_END
834 static void
837 {
858 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
859 #define ROTR(x,n) (SHR (x,n) | (x << (32 - n)))
861 #define S0(x) (ROTR (x, 7) ^ ROTR (x,18) ^ SHR (x, 3))
862 #define S1(x) (ROTR (x,17) ^ ROTR (x,19) ^ SHR (x,10))
863 #define S2(x) (ROTR (x, 2) ^ ROTR (x,13) ^ ROTR (x,22))
864 #define S3(x) (ROTR (x, 6) ^ ROTR (x,11) ^ ROTR (x,25))
866 #define F0(x,y,z) ((x & y) | (z & (x | y)))
867 #define F1(x,y,z) (z ^ (x & (y ^ z)))
869 #define R(t) (W[t] = S1(W[t - 2]) + W[t - 7] + \
870 S0(W[t - 15]) + W[t - 16])
872 #define P(a,b,c,d,e,f,g,h,x,K) G_STMT_START { \
873 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
874 temp2 = S2(a) + F0(a,b,c); \
875 d += temp1; h = temp1 + temp2; } G_STMT_END
951 #undef SHR
952 #undef ROTR
953 #undef S0
954 #undef S1
955 #undef S2
956 #undef S3
957 #undef F0
958 #undef F1
959 #undef R
960 #undef P
970 }
972 static void
975 gsize length)
976 {
993 {
1001 }
1004 {
1009 }
1013 }
1016 {
1021 };
1023 static void
1025 {
1051 }
1053 #undef PUT_UINT32
1054 #undef GET_UINT32
1058 {
1060 }
1062 static void
1065 {
1066 gint i;
1070 }
1073 /*
1074 * Public API
1075 */
1077 /**
1078 * g_checksum_type_get_length:
1079 * @checksum_type: a #GChecksumType
1080 *
1081 * Gets the length in bytes of digests of type @checksum_type
1082 *
1083 * Return value: the checksum length, or -1 if @checksum_type is
1084 * not supported.
1085 *
1086 * Since: 2.16
1087 */
1088 gssize
1090 {
1094 {
1107 }
1110 }
1112 /**
1113 * g_checksum_new:
1114 * @checksum_type: the desired type of checksum
1115 *
1116 * Creates a new #GChecksum, using the checksum algorithm @checksum_type.
1117 * If the @checksum_type is not known, %NULL is returned.
1118 * A #GChecksum can be used to compute the checksum, or digest, of an
1119 * arbitrary binary blob, using different hashing algorithms.
1120 *
1121 * A #GChecksum works by feeding a binary blob through g_checksum_update()
1122 * until there is data to be checked; the digest can then be extracted
1123 * using g_checksum_get_string(), which will return the checksum as a
1124 * hexadecimal string; or g_checksum_get_digest(), which will return a
1125 * vector of raw bytes. Once either g_checksum_get_string() or
1126 * g_checksum_get_digest() have been called on a #GChecksum, the checksum
1127 * will be closed and it won't be possible to call g_checksum_update()
1128 * on it anymore.
1129 *
1130 * Return value: the newly created #GChecksum, or %NULL.
1131 * Use g_checksum_free() to free the memory allocated by it.
1132 *
1133 * Since: 2.16
1134 */
1135 GChecksum *
1137 {
1149 }
1151 /**
1152 * g_checksum_reset:
1153 * @checksum: the #GChecksum to reset
1154 *
1155 * Resets the state of the @checksum back to its initial state.
1156 *
1157 * Since: 2.18
1158 **/
1159 void
1161 {
1168 {
1181 }
1182 }
1184 /**
1185 * g_checksum_copy:
1186 * @checksum: the #GChecksum to copy
1187 *
1188 * Copies a #GChecksum. If @checksum has been closed, by calling
1189 * g_checksum_get_string() or g_checksum_get_digest(), the copied
1190 * checksum will be closed as well.
1191 *
1192 * Return value: the copy of the passed #GChecksum. Use g_checksum_free()
1193 * when finished using it.
1194 *
1195 * Since: 2.16
1196 */
1197 GChecksum *
1199 {
1210 }
1212 /**
1213 * g_checksum_free:
1214 * @checksum: a #GChecksum
1215 *
1216 * Frees the memory allocated for @checksum.
1217 *
1218 * Since: 2.16
1219 */
1220 void
1222 {
1224 {
1228 }
1229 }
1231 /**
1232 * g_checksum_update:
1233 * @checksum: a #GChecksum
1234 * @data: buffer used to compute the checksum
1235 * @length: size of the buffer, or -1 if it is a null-terminated string.
1236 *
1237 * Feeds @data into an existing #GChecksum. The checksum must still be
1238 * open, that is g_checksum_get_string() or g_checksum_get_digest() must
1239 * not have been called on @checksum.
1240 *
1241 * Since: 2.16
1242 */
1243 void
1246 gssize length)
1247 {
1255 {
1260 }
1263 {
1276 }
1277 }
1279 /**
1280 * g_checksum_get_string:
1281 * @checksum: a #GChecksum
1282 *
1283 * Gets the digest as an hexadecimal string.
1284 *
1285 * Once this function has been called the #GChecksum can no longer be
1286 * updated with g_checksum_update().
1287 *
1288 * The hexadecimal characters will be lower case.
1289 *
1290 * Return value: the hexadecimal representation of the checksum. The
1291 * returned string is owned by the checksum and should not be modified
1292 * or freed.
1293 *
1294 * Since: 2.16
1295 */
1298 {
1307 {
1323 }
1328 }
1330 /**
1331 * g_checksum_get_digest:
1332 * @checksum: a #GChecksum
1333 * @buffer: output buffer
1334 * @digest_len: an inout parameter. The caller initializes it to the size of @buffer.
1335 * After the call it contains the length of the digest.
1336 *
1337 * Gets the digest from @checksum as a raw binary vector and places it
1338 * into @buffer. The size of the digest depends on the type of checksum.
1339 *
1340 * Once this function has been called, the #GChecksum is closed and can
1341 * no longer be updated with g_checksum_update().
1342 *
1343 * Since: 2.16
1344 */
1345 void
1349 {
1352 gsize len;
1362 {
1365 {
1368 }
1373 {
1376 }
1381 {
1384 }
1390 }
1396 }
1398 /**
1399 * g_compute_checksum_for_data:
1400 * @checksum_type: a #GChecksumType
1401 * @data: binary blob to compute the digest of
1402 * @length: length of @data
1403 *
1404 * Computes the checksum for a binary @data of @length. This is a
1405 * convenience wrapper for g_checksum_new(), g_checksum_get_string()
1406 * and g_checksum_free().
1407 *
1408 * The hexadecimal string returned will be in lower case.
1409 *
1410 * Return value: the digest of the binary data as a string in hexadecimal.
1411 * The returned string should be freed with g_free() when done using it.
1412 *
1413 * Since: 2.16
1414 */
1415 gchar *
1418 gsize length)
1419 {
1435 }
1437 /**
1438 * g_compute_checksum_for_string:
1439 * @checksum_type: a #GChecksumType
1440 * @str: the string to compute the checksum of
1441 * @length: the length of the string, or -1 if the string is null-terminated.
1442 *
1443 * Computes the checksum of a string.
1444 *
1445 * The hexadecimal string returned will be in lower case.
1446 *
1447 * Return value: the checksum as a hexadecimal string. The returned string
1448 * should be freed with g_free() when done using it.
1449 *
1450 * Since: 2.16
1451 */
1452 gchar *
1455 gssize length)
1456 {
1464 }