Update German translation
[glib.git] / glib / gchecksum.c
blob18efca0ed199d9717ac2f68fcdcaabc13abf9aba
1 /* gchecksum.h - data hashing functions
3 * Copyright (C) 2007 Emmanuele Bassi <ebassi@gnome.org>
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Library General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Library General Public License for more details.
15 * You should have received a copy of the GNU Library General Public
16 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 #include "config.h"
21 #include <string.h>
23 #include "gchecksum.h"
25 #include "gslice.h"
26 #include "gmem.h"
27 #include "gstrfuncs.h"
28 #include "gtestutils.h"
29 #include "gtypes.h"
30 #include "glibintl.h"
33 /**
34 * SECTION:checksum
35 * @title: Data Checksums
36 * @short_description: computes the checksum for data
38 * GLib provides a generic API for computing checksums (or "digests")
39 * for a sequence of arbitrary bytes, using various hashing algorithms
40 * like MD5, SHA-1 and SHA-256. Checksums are commonly used in various
41 * environments and specifications.
43 * GLib supports incremental checksums using the GChecksum data
44 * structure, by calling g_checksum_update() as long as there's data
45 * available and then using g_checksum_get_string() or
46 * g_checksum_get_digest() to compute the checksum and return it either
47 * as a string in hexadecimal form, or as a raw sequence of bytes. To
48 * compute the checksum for binary blobs and NUL-terminated strings in
49 * one go, use the convenience functions g_compute_checksum_for_data()
50 * and g_compute_checksum_for_string(), respectively.
52 * Support for checksums has been added in GLib 2.16
53 **/
55 #define IS_VALID_TYPE(type) ((type) >= G_CHECKSUM_MD5 && (type) <= G_CHECKSUM_SHA384)
57 /* The fact that these are lower case characters is part of the ABI */
58 static const gchar hex_digits[] = "0123456789abcdef";
60 #define MD5_DATASIZE 64
61 #define MD5_DIGEST_LEN 16
63 typedef struct
65 guint32 buf[4];
66 guint32 bits[2];
68 union {
69 guchar data[MD5_DATASIZE];
70 guint32 data32[MD5_DATASIZE / 4];
71 } u;
73 guchar digest[MD5_DIGEST_LEN];
74 } Md5sum;
76 #define SHA1_DATASIZE 64
77 #define SHA1_DIGEST_LEN 20
79 typedef struct
81 guint32 buf[5];
82 guint32 bits[2];
84 /* we pack 64 unsigned chars into 16 32-bit unsigned integers */
85 guint32 data[16];
87 guchar digest[SHA1_DIGEST_LEN];
88 } Sha1sum;
90 #define SHA256_DATASIZE 64
91 #define SHA256_DIGEST_LEN 32
93 typedef struct
95 guint32 buf[8];
96 guint32 bits[2];
98 guint8 data[SHA256_DATASIZE];
100 guchar digest[SHA256_DIGEST_LEN];
101 } Sha256sum;
103 /* SHA2 is common thing for SHA-384, SHA-512, SHA-512/224 and SHA-512/256 */
104 #define SHA2_BLOCK_LEN 128 /* 1024 bits message block */
105 #define SHA384_DIGEST_LEN 48
106 #define SHA512_DIGEST_LEN 64
108 typedef struct
110 guint64 H[8];
112 guint8 block[SHA2_BLOCK_LEN];
113 guint8 block_len;
115 guint64 data_len[2];
117 guchar digest[SHA512_DIGEST_LEN];
118 } Sha512sum;
120 struct _GChecksum
122 GChecksumType type;
124 gchar *digest_str;
126 union {
127 Md5sum md5;
128 Sha1sum sha1;
129 Sha256sum sha256;
130 Sha512sum sha512;
131 } sum;
134 /* we need different byte swapping functions because MD5 expects buffers
135 * to be little-endian, while SHA1 and SHA256 expect them in big-endian
136 * form.
139 #if G_BYTE_ORDER == G_LITTLE_ENDIAN
140 #define md5_byte_reverse(buffer,length)
141 #else
142 /* assume that the passed buffer is integer aligned */
143 static inline void
144 md5_byte_reverse (guchar *buffer,
145 gulong length)
147 guint32 bit;
151 bit = (guint32) ((unsigned) buffer[3] << 8 | buffer[2]) << 16 |
152 ((unsigned) buffer[1] << 8 | buffer[0]);
153 * (guint32 *) buffer = bit;
154 buffer += 4;
156 while (--length);
158 #endif /* G_BYTE_ORDER == G_LITTLE_ENDIAN */
160 #if G_BYTE_ORDER == G_BIG_ENDIAN
161 #define sha_byte_reverse(buffer,length)
162 #else
163 static inline void
164 sha_byte_reverse (guint32 *buffer,
165 gint length)
167 length /= sizeof (guint32);
168 while (length--)
170 *buffer = GUINT32_SWAP_LE_BE (*buffer);
171 ++buffer;
174 #endif /* G_BYTE_ORDER == G_BIG_ENDIAN */
176 static gchar *
177 digest_to_string (guint8 *digest,
178 gsize digest_len)
180 gint len = digest_len * 2;
181 gint i;
182 gchar *retval;
184 retval = g_new (gchar, len + 1);
186 for (i = 0; i < digest_len; i++)
188 guint8 byte = digest[i];
190 retval[2 * i] = hex_digits[byte >> 4];
191 retval[2 * i + 1] = hex_digits[byte & 0xf];
194 retval[len] = 0;
196 return retval;
200 * MD5 Checksum
203 /* This MD5 digest computation is based on the equivalent code
204 * written by Colin Plumb. It came with this notice:
206 * This code implements the MD5 message-digest algorithm.
207 * The algorithm is due to Ron Rivest. This code was
208 * written by Colin Plumb in 1993, no copyright is claimed.
209 * This code is in the public domain; do with it what you wish.
211 * Equivalent code is available from RSA Data Security, Inc.
212 * This code has been tested against that, and is equivalent,
213 * except that you don't need to include two pages of legalese
214 * with every copy.
217 static void
218 md5_sum_init (Md5sum *md5)
220 /* arbitrary constants */
221 md5->buf[0] = 0x67452301;
222 md5->buf[1] = 0xefcdab89;
223 md5->buf[2] = 0x98badcfe;
224 md5->buf[3] = 0x10325476;
226 md5->bits[0] = md5->bits[1] = 0;
230 * The core of the MD5 algorithm, this alters an existing MD5 hash to
231 * reflect the addition of 16 longwords of new data. md5_sum_update()
232 * blocks the data and converts bytes into longwords for this routine.
234 static void
235 md5_transform (guint32 buf[4],
236 guint32 const in[16])
238 guint32 a, b, c, d;
240 /* The four core functions - F1 is optimized somewhat */
241 #define F1(x, y, z) (z ^ (x & (y ^ z)))
242 #define F2(x, y, z) F1 (z, x, y)
243 #define F3(x, y, z) (x ^ y ^ z)
244 #define F4(x, y, z) (y ^ (x | ~z))
246 /* This is the central step in the MD5 algorithm. */
247 #define md5_step(f, w, x, y, z, data, s) \
248 ( w += f (x, y, z) + data, w = w << s | w >> (32 - s), w += x )
250 a = buf[0];
251 b = buf[1];
252 c = buf[2];
253 d = buf[3];
255 md5_step (F1, a, b, c, d, in[0] + 0xd76aa478, 7);
256 md5_step (F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
257 md5_step (F1, c, d, a, b, in[2] + 0x242070db, 17);
258 md5_step (F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
259 md5_step (F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
260 md5_step (F1, d, a, b, c, in[5] + 0x4787c62a, 12);
261 md5_step (F1, c, d, a, b, in[6] + 0xa8304613, 17);
262 md5_step (F1, b, c, d, a, in[7] + 0xfd469501, 22);
263 md5_step (F1, a, b, c, d, in[8] + 0x698098d8, 7);
264 md5_step (F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
265 md5_step (F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
266 md5_step (F1, b, c, d, a, in[11] + 0x895cd7be, 22);
267 md5_step (F1, a, b, c, d, in[12] + 0x6b901122, 7);
268 md5_step (F1, d, a, b, c, in[13] + 0xfd987193, 12);
269 md5_step (F1, c, d, a, b, in[14] + 0xa679438e, 17);
270 md5_step (F1, b, c, d, a, in[15] + 0x49b40821, 22);
272 md5_step (F2, a, b, c, d, in[1] + 0xf61e2562, 5);
273 md5_step (F2, d, a, b, c, in[6] + 0xc040b340, 9);
274 md5_step (F2, c, d, a, b, in[11] + 0x265e5a51, 14);
275 md5_step (F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
276 md5_step (F2, a, b, c, d, in[5] + 0xd62f105d, 5);
277 md5_step (F2, d, a, b, c, in[10] + 0x02441453, 9);
278 md5_step (F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
279 md5_step (F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
280 md5_step (F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
281 md5_step (F2, d, a, b, c, in[14] + 0xc33707d6, 9);
282 md5_step (F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
283 md5_step (F2, b, c, d, a, in[8] + 0x455a14ed, 20);
284 md5_step (F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
285 md5_step (F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
286 md5_step (F2, c, d, a, b, in[7] + 0x676f02d9, 14);
287 md5_step (F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
289 md5_step (F3, a, b, c, d, in[5] + 0xfffa3942, 4);
290 md5_step (F3, d, a, b, c, in[8] + 0x8771f681, 11);
291 md5_step (F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
292 md5_step (F3, b, c, d, a, in[14] + 0xfde5380c, 23);
293 md5_step (F3, a, b, c, d, in[1] + 0xa4beea44, 4);
294 md5_step (F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
295 md5_step (F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
296 md5_step (F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
297 md5_step (F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
298 md5_step (F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
299 md5_step (F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
300 md5_step (F3, b, c, d, a, in[6] + 0x04881d05, 23);
301 md5_step (F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
302 md5_step (F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
303 md5_step (F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
304 md5_step (F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
306 md5_step (F4, a, b, c, d, in[0] + 0xf4292244, 6);
307 md5_step (F4, d, a, b, c, in[7] + 0x432aff97, 10);
308 md5_step (F4, c, d, a, b, in[14] + 0xab9423a7, 15);
309 md5_step (F4, b, c, d, a, in[5] + 0xfc93a039, 21);
310 md5_step (F4, a, b, c, d, in[12] + 0x655b59c3, 6);
311 md5_step (F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
312 md5_step (F4, c, d, a, b, in[10] + 0xffeff47d, 15);
313 md5_step (F4, b, c, d, a, in[1] + 0x85845dd1, 21);
314 md5_step (F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
315 md5_step (F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
316 md5_step (F4, c, d, a, b, in[6] + 0xa3014314, 15);
317 md5_step (F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
318 md5_step (F4, a, b, c, d, in[4] + 0xf7537e82, 6);
319 md5_step (F4, d, a, b, c, in[11] + 0xbd3af235, 10);
320 md5_step (F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
321 md5_step (F4, b, c, d, a, in[9] + 0xeb86d391, 21);
323 buf[0] += a;
324 buf[1] += b;
325 buf[2] += c;
326 buf[3] += d;
328 #undef F1
329 #undef F2
330 #undef F3
331 #undef F4
332 #undef md5_step
335 static void
336 md5_sum_update (Md5sum *md5,
337 const guchar *data,
338 gsize length)
340 guint32 bit;
342 bit = md5->bits[0];
343 md5->bits[0] = bit + ((guint32) length << 3);
345 /* carry from low to high */
346 if (md5->bits[0] < bit)
347 md5->bits[1] += 1;
349 md5->bits[1] += length >> 29;
351 /* bytes already in Md5sum->u.data */
352 bit = (bit >> 3) & 0x3f;
354 /* handle any leading odd-sized chunks */
355 if (bit)
357 guchar *p = md5->u.data + bit;
359 bit = MD5_DATASIZE - bit;
360 if (length < bit)
362 memcpy (p, data, length);
363 return;
366 memcpy (p, data, bit);
368 md5_byte_reverse (md5->u.data, 16);
369 md5_transform (md5->buf, md5->u.data32);
371 data += bit;
372 length -= bit;
375 /* process data in 64-byte chunks */
376 while (length >= MD5_DATASIZE)
378 memcpy (md5->u.data, data, MD5_DATASIZE);
380 md5_byte_reverse (md5->u.data, 16);
381 md5_transform (md5->buf, md5->u.data32);
383 data += MD5_DATASIZE;
384 length -= MD5_DATASIZE;
387 /* handle any remaining bytes of data */
388 memcpy (md5->u.data, data, length);
391 /* closes a checksum */
392 static void
393 md5_sum_close (Md5sum *md5)
395 guint count;
396 guchar *p;
398 /* Compute number of bytes mod 64 */
399 count = (md5->bits[0] >> 3) & 0x3F;
401 /* Set the first char of padding to 0x80.
402 * This is safe since there is always at least one byte free
404 p = md5->u.data + count;
405 *p++ = 0x80;
407 /* Bytes of padding needed to make 64 bytes */
408 count = MD5_DATASIZE - 1 - count;
410 /* Pad out to 56 mod 64 */
411 if (count < 8)
413 /* Two lots of padding: Pad the first block to 64 bytes */
414 memset (p, 0, count);
416 md5_byte_reverse (md5->u.data, 16);
417 md5_transform (md5->buf, md5->u.data32);
419 /* Now fill the next block with 56 bytes */
420 memset (md5->u.data, 0, MD5_DATASIZE - 8);
422 else
424 /* Pad block to 56 bytes */
425 memset (p, 0, count - 8);
428 md5_byte_reverse (md5->u.data, 14);
430 /* Append length in bits and transform */
431 md5->u.data32[14] = md5->bits[0];
432 md5->u.data32[15] = md5->bits[1];
434 md5_transform (md5->buf, md5->u.data32);
435 md5_byte_reverse ((guchar *) md5->buf, 4);
437 memcpy (md5->digest, md5->buf, 16);
439 /* Reset buffers in case they contain sensitive data */
440 memset (md5->buf, 0, sizeof (md5->buf));
441 memset (md5->u.data, 0, sizeof (md5->u.data));
444 static gchar *
445 md5_sum_to_string (Md5sum *md5)
447 return digest_to_string (md5->digest, MD5_DIGEST_LEN);
450 static void
451 md5_sum_digest (Md5sum *md5,
452 guint8 *digest)
454 gint i;
456 for (i = 0; i < MD5_DIGEST_LEN; i++)
457 digest[i] = md5->digest[i];
461 * SHA-1 Checksum
464 /* The following implementation comes from D-Bus dbus-sha.c. I've changed
465 * it to use GLib types and to work more like the MD5 implementation above.
466 * I left the comments to have an history of this code.
467 * -- Emmanuele Bassi, ebassi@gnome.org
470 /* The following comments have the history of where this code
471 * comes from. I actually copied it from GNet in GNOME CVS.
472 * - hp@redhat.com
476 * sha.h : Implementation of the Secure Hash Algorithm
478 * Part of the Python Cryptography Toolkit, version 1.0.0
480 * Copyright (C) 1995, A.M. Kuchling
482 * Distribute and use freely; there are no restrictions on further
483 * dissemination and usage except those imposed by the laws of your
484 * country of residence.
488 /* SHA: NIST's Secure Hash Algorithm */
490 /* Based on SHA code originally posted to sci.crypt by Peter Gutmann
491 in message <30ajo5$oe8@ccu2.auckland.ac.nz>.
492 Modified to test for endianness on creation of SHA objects by AMK.
493 Also, the original specification of SHA was found to have a weakness
494 by NSA/NIST. This code implements the fixed version of SHA.
497 /* Here's the first paragraph of Peter Gutmann's posting:
499 The following is my SHA (FIPS 180) code updated to allow use of the "fixed"
500 SHA, thanks to Jim Gillogly and an anonymous contributor for the information on
501 what's changed in the new version. The fix is a simple change which involves
502 adding a single rotate in the initial expansion function. It is unknown
503 whether this is an optimal solution to the problem which was discovered in the
504 SHA or whether it's simply a bandaid which fixes the problem with a minimum of
505 effort (for example the reengineering of a great many Capstone chips).
508 static void
509 sha1_sum_init (Sha1sum *sha1)
511 /* initialize constants */
512 sha1->buf[0] = 0x67452301L;
513 sha1->buf[1] = 0xEFCDAB89L;
514 sha1->buf[2] = 0x98BADCFEL;
515 sha1->buf[3] = 0x10325476L;
516 sha1->buf[4] = 0xC3D2E1F0L;
518 /* initialize bits */
519 sha1->bits[0] = sha1->bits[1] = 0;
522 /* The SHA f()-functions. */
524 #define f1(x,y,z) (z ^ (x & (y ^ z))) /* Rounds 0-19 */
525 #define f2(x,y,z) (x ^ y ^ z) /* Rounds 20-39 */
526 #define f3(x,y,z) (( x & y) | (z & (x | y))) /* Rounds 40-59 */
527 #define f4(x,y,z) (x ^ y ^ z) /* Rounds 60-79 */
529 /* The SHA Mysterious Constants */
530 #define K1 0x5A827999L /* Rounds 0-19 */
531 #define K2 0x6ED9EBA1L /* Rounds 20-39 */
532 #define K3 0x8F1BBCDCL /* Rounds 40-59 */
533 #define K4 0xCA62C1D6L /* Rounds 60-79 */
535 /* 32-bit rotate left - kludged with shifts */
536 #define ROTL(n,X) (((X) << n ) | ((X) >> (32 - n)))
538 /* The initial expanding function. The hash function is defined over an
539 80-word expanded input array W, where the first 16 are copies of the input
540 data, and the remaining 64 are defined by
542 W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
544 This implementation generates these values on the fly in a circular
545 buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this
546 optimization.
548 The updated SHA changes the expanding function by adding a rotate of 1
549 bit. Thanks to Jim Gillogly, jim@rand.org, and an anonymous contributor
550 for this information */
552 #define expand(W,i) (W[ i & 15 ] = ROTL (1, (W[ i & 15] ^ \
553 W[(i - 14) & 15] ^ \
554 W[(i - 8) & 15] ^ \
555 W[(i - 3) & 15])))
558 /* The prototype SHA sub-round. The fundamental sub-round is:
560 a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
561 b' = a;
562 c' = ROTL( 30, b );
563 d' = c;
564 e' = d;
566 but this is implemented by unrolling the loop 5 times and renaming the
567 variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
568 This code is then replicated 20 times for each of the 4 functions, using
569 the next 20 values from the W[] array each time */
571 #define subRound(a, b, c, d, e, f, k, data) \
572 (e += ROTL (5, a) + f(b, c, d) + k + data, b = ROTL (30, b))
574 static void
575 sha1_transform (guint32 buf[5],
576 guint32 in[16])
578 guint32 A, B, C, D, E;
580 A = buf[0];
581 B = buf[1];
582 C = buf[2];
583 D = buf[3];
584 E = buf[4];
586 /* Heavy mangling, in 4 sub-rounds of 20 iterations each. */
587 subRound (A, B, C, D, E, f1, K1, in[0]);
588 subRound (E, A, B, C, D, f1, K1, in[1]);
589 subRound (D, E, A, B, C, f1, K1, in[2]);
590 subRound (C, D, E, A, B, f1, K1, in[3]);
591 subRound (B, C, D, E, A, f1, K1, in[4]);
592 subRound (A, B, C, D, E, f1, K1, in[5]);
593 subRound (E, A, B, C, D, f1, K1, in[6]);
594 subRound (D, E, A, B, C, f1, K1, in[7]);
595 subRound (C, D, E, A, B, f1, K1, in[8]);
596 subRound (B, C, D, E, A, f1, K1, in[9]);
597 subRound (A, B, C, D, E, f1, K1, in[10]);
598 subRound (E, A, B, C, D, f1, K1, in[11]);
599 subRound (D, E, A, B, C, f1, K1, in[12]);
600 subRound (C, D, E, A, B, f1, K1, in[13]);
601 subRound (B, C, D, E, A, f1, K1, in[14]);
602 subRound (A, B, C, D, E, f1, K1, in[15]);
603 subRound (E, A, B, C, D, f1, K1, expand (in, 16));
604 subRound (D, E, A, B, C, f1, K1, expand (in, 17));
605 subRound (C, D, E, A, B, f1, K1, expand (in, 18));
606 subRound (B, C, D, E, A, f1, K1, expand (in, 19));
608 subRound (A, B, C, D, E, f2, K2, expand (in, 20));
609 subRound (E, A, B, C, D, f2, K2, expand (in, 21));
610 subRound (D, E, A, B, C, f2, K2, expand (in, 22));
611 subRound (C, D, E, A, B, f2, K2, expand (in, 23));
612 subRound (B, C, D, E, A, f2, K2, expand (in, 24));
613 subRound (A, B, C, D, E, f2, K2, expand (in, 25));
614 subRound (E, A, B, C, D, f2, K2, expand (in, 26));
615 subRound (D, E, A, B, C, f2, K2, expand (in, 27));
616 subRound (C, D, E, A, B, f2, K2, expand (in, 28));
617 subRound (B, C, D, E, A, f2, K2, expand (in, 29));
618 subRound (A, B, C, D, E, f2, K2, expand (in, 30));
619 subRound (E, A, B, C, D, f2, K2, expand (in, 31));
620 subRound (D, E, A, B, C, f2, K2, expand (in, 32));
621 subRound (C, D, E, A, B, f2, K2, expand (in, 33));
622 subRound (B, C, D, E, A, f2, K2, expand (in, 34));
623 subRound (A, B, C, D, E, f2, K2, expand (in, 35));
624 subRound (E, A, B, C, D, f2, K2, expand (in, 36));
625 subRound (D, E, A, B, C, f2, K2, expand (in, 37));
626 subRound (C, D, E, A, B, f2, K2, expand (in, 38));
627 subRound (B, C, D, E, A, f2, K2, expand (in, 39));
629 subRound (A, B, C, D, E, f3, K3, expand (in, 40));
630 subRound (E, A, B, C, D, f3, K3, expand (in, 41));
631 subRound (D, E, A, B, C, f3, K3, expand (in, 42));
632 subRound (C, D, E, A, B, f3, K3, expand (in, 43));
633 subRound (B, C, D, E, A, f3, K3, expand (in, 44));
634 subRound (A, B, C, D, E, f3, K3, expand (in, 45));
635 subRound (E, A, B, C, D, f3, K3, expand (in, 46));
636 subRound (D, E, A, B, C, f3, K3, expand (in, 47));
637 subRound (C, D, E, A, B, f3, K3, expand (in, 48));
638 subRound (B, C, D, E, A, f3, K3, expand (in, 49));
639 subRound (A, B, C, D, E, f3, K3, expand (in, 50));
640 subRound (E, A, B, C, D, f3, K3, expand (in, 51));
641 subRound (D, E, A, B, C, f3, K3, expand (in, 52));
642 subRound (C, D, E, A, B, f3, K3, expand (in, 53));
643 subRound (B, C, D, E, A, f3, K3, expand (in, 54));
644 subRound (A, B, C, D, E, f3, K3, expand (in, 55));
645 subRound (E, A, B, C, D, f3, K3, expand (in, 56));
646 subRound (D, E, A, B, C, f3, K3, expand (in, 57));
647 subRound (C, D, E, A, B, f3, K3, expand (in, 58));
648 subRound (B, C, D, E, A, f3, K3, expand (in, 59));
650 subRound (A, B, C, D, E, f4, K4, expand (in, 60));
651 subRound (E, A, B, C, D, f4, K4, expand (in, 61));
652 subRound (D, E, A, B, C, f4, K4, expand (in, 62));
653 subRound (C, D, E, A, B, f4, K4, expand (in, 63));
654 subRound (B, C, D, E, A, f4, K4, expand (in, 64));
655 subRound (A, B, C, D, E, f4, K4, expand (in, 65));
656 subRound (E, A, B, C, D, f4, K4, expand (in, 66));
657 subRound (D, E, A, B, C, f4, K4, expand (in, 67));
658 subRound (C, D, E, A, B, f4, K4, expand (in, 68));
659 subRound (B, C, D, E, A, f4, K4, expand (in, 69));
660 subRound (A, B, C, D, E, f4, K4, expand (in, 70));
661 subRound (E, A, B, C, D, f4, K4, expand (in, 71));
662 subRound (D, E, A, B, C, f4, K4, expand (in, 72));
663 subRound (C, D, E, A, B, f4, K4, expand (in, 73));
664 subRound (B, C, D, E, A, f4, K4, expand (in, 74));
665 subRound (A, B, C, D, E, f4, K4, expand (in, 75));
666 subRound (E, A, B, C, D, f4, K4, expand (in, 76));
667 subRound (D, E, A, B, C, f4, K4, expand (in, 77));
668 subRound (C, D, E, A, B, f4, K4, expand (in, 78));
669 subRound (B, C, D, E, A, f4, K4, expand (in, 79));
671 /* Build message digest */
672 buf[0] += A;
673 buf[1] += B;
674 buf[2] += C;
675 buf[3] += D;
676 buf[4] += E;
679 #undef K1
680 #undef K2
681 #undef K3
682 #undef K4
683 #undef f1
684 #undef f2
685 #undef f3
686 #undef f4
687 #undef ROTL
688 #undef expand
689 #undef subRound
691 static void
692 sha1_sum_update (Sha1sum *sha1,
693 const guchar *buffer,
694 gsize count)
696 guint32 tmp;
697 guint dataCount;
699 /* Update bitcount */
700 tmp = sha1->bits[0];
701 if ((sha1->bits[0] = tmp + ((guint32) count << 3) ) < tmp)
702 sha1->bits[1] += 1; /* Carry from low to high */
703 sha1->bits[1] += count >> 29;
705 /* Get count of bytes already in data */
706 dataCount = (guint) (tmp >> 3) & 0x3F;
708 /* Handle any leading odd-sized chunks */
709 if (dataCount)
711 guchar *p = (guchar *) sha1->data + dataCount;
713 dataCount = SHA1_DATASIZE - dataCount;
714 if (count < dataCount)
716 memcpy (p, buffer, count);
717 return;
720 memcpy (p, buffer, dataCount);
722 sha_byte_reverse (sha1->data, SHA1_DATASIZE);
723 sha1_transform (sha1->buf, sha1->data);
725 buffer += dataCount;
726 count -= dataCount;
729 /* Process data in SHA1_DATASIZE chunks */
730 while (count >= SHA1_DATASIZE)
732 memcpy (sha1->data, buffer, SHA1_DATASIZE);
734 sha_byte_reverse (sha1->data, SHA1_DATASIZE);
735 sha1_transform (sha1->buf, sha1->data);
737 buffer += SHA1_DATASIZE;
738 count -= SHA1_DATASIZE;
741 /* Handle any remaining bytes of data. */
742 memcpy (sha1->data, buffer, count);
745 /* Final wrapup - pad to SHA_DATASIZE-byte boundary with the bit pattern
746 1 0* (64-bit count of bits processed, MSB-first) */
747 static void
748 sha1_sum_close (Sha1sum *sha1)
750 gint count;
751 guchar *data_p;
753 /* Compute number of bytes mod 64 */
754 count = (gint) ((sha1->bits[0] >> 3) & 0x3f);
756 /* Set the first char of padding to 0x80. This is safe since there is
757 always at least one byte free */
758 data_p = (guchar *) sha1->data + count;
759 *data_p++ = 0x80;
761 /* Bytes of padding needed to make 64 bytes */
762 count = SHA1_DATASIZE - 1 - count;
764 /* Pad out to 56 mod 64 */
765 if (count < 8)
767 /* Two lots of padding: Pad the first block to 64 bytes */
768 memset (data_p, 0, count);
770 sha_byte_reverse (sha1->data, SHA1_DATASIZE);
771 sha1_transform (sha1->buf, sha1->data);
773 /* Now fill the next block with 56 bytes */
774 memset (sha1->data, 0, SHA1_DATASIZE - 8);
776 else
778 /* Pad block to 56 bytes */
779 memset (data_p, 0, count - 8);
782 /* Append length in bits and transform */
783 sha1->data[14] = sha1->bits[1];
784 sha1->data[15] = sha1->bits[0];
786 sha_byte_reverse (sha1->data, SHA1_DATASIZE - 8);
787 sha1_transform (sha1->buf, sha1->data);
788 sha_byte_reverse (sha1->buf, SHA1_DIGEST_LEN);
790 memcpy (sha1->digest, sha1->buf, SHA1_DIGEST_LEN);
792 /* Reset buffers in case they contain sensitive data */
793 memset (sha1->buf, 0, sizeof (sha1->buf));
794 memset (sha1->data, 0, sizeof (sha1->data));
797 static gchar *
798 sha1_sum_to_string (Sha1sum *sha1)
800 return digest_to_string (sha1->digest, SHA1_DIGEST_LEN);
803 static void
804 sha1_sum_digest (Sha1sum *sha1,
805 guint8 *digest)
807 gint i;
809 for (i = 0; i < SHA1_DIGEST_LEN; i++)
810 digest[i] = sha1->digest[i];
814 * SHA-256 Checksum
817 /* adapted from the SHA256 implementation in gsk/src/hash/gskhash.c.
819 * Copyright (C) 2006 Dave Benson
820 * Released under the terms of the GNU Lesser General Public License
823 static void
824 sha256_sum_init (Sha256sum *sha256)
826 sha256->buf[0] = 0x6a09e667;
827 sha256->buf[1] = 0xbb67ae85;
828 sha256->buf[2] = 0x3c6ef372;
829 sha256->buf[3] = 0xa54ff53a;
830 sha256->buf[4] = 0x510e527f;
831 sha256->buf[5] = 0x9b05688c;
832 sha256->buf[6] = 0x1f83d9ab;
833 sha256->buf[7] = 0x5be0cd19;
835 sha256->bits[0] = sha256->bits[1] = 0;
838 #define GET_UINT32(n,b,i) G_STMT_START{ \
839 (n) = ((guint32) (b)[(i) ] << 24) \
840 | ((guint32) (b)[(i) + 1] << 16) \
841 | ((guint32) (b)[(i) + 2] << 8) \
842 | ((guint32) (b)[(i) + 3] ); } G_STMT_END
844 #define PUT_UINT32(n,b,i) G_STMT_START{ \
845 (b)[(i) ] = (guint8) ((n) >> 24); \
846 (b)[(i) + 1] = (guint8) ((n) >> 16); \
847 (b)[(i) + 2] = (guint8) ((n) >> 8); \
848 (b)[(i) + 3] = (guint8) ((n) ); } G_STMT_END
850 static void
851 sha256_transform (guint32 buf[8],
852 guint8 const data[64])
854 guint32 temp1, temp2, W[64];
855 guint32 A, B, C, D, E, F, G, H;
857 GET_UINT32 (W[0], data, 0);
858 GET_UINT32 (W[1], data, 4);
859 GET_UINT32 (W[2], data, 8);
860 GET_UINT32 (W[3], data, 12);
861 GET_UINT32 (W[4], data, 16);
862 GET_UINT32 (W[5], data, 20);
863 GET_UINT32 (W[6], data, 24);
864 GET_UINT32 (W[7], data, 28);
865 GET_UINT32 (W[8], data, 32);
866 GET_UINT32 (W[9], data, 36);
867 GET_UINT32 (W[10], data, 40);
868 GET_UINT32 (W[11], data, 44);
869 GET_UINT32 (W[12], data, 48);
870 GET_UINT32 (W[13], data, 52);
871 GET_UINT32 (W[14], data, 56);
872 GET_UINT32 (W[15], data, 60);
874 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
875 #define ROTR(x,n) (SHR (x,n) | (x << (32 - n)))
877 #define S0(x) (ROTR (x, 7) ^ ROTR (x,18) ^ SHR (x, 3))
878 #define S1(x) (ROTR (x,17) ^ ROTR (x,19) ^ SHR (x,10))
879 #define S2(x) (ROTR (x, 2) ^ ROTR (x,13) ^ ROTR (x,22))
880 #define S3(x) (ROTR (x, 6) ^ ROTR (x,11) ^ ROTR (x,25))
882 #define F0(x,y,z) ((x & y) | (z & (x | y)))
883 #define F1(x,y,z) (z ^ (x & (y ^ z)))
885 #define R(t) (W[t] = S1(W[t - 2]) + W[t - 7] + \
886 S0(W[t - 15]) + W[t - 16])
888 #define P(a,b,c,d,e,f,g,h,x,K) G_STMT_START { \
889 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
890 temp2 = S2(a) + F0(a,b,c); \
891 d += temp1; h = temp1 + temp2; } G_STMT_END
893 A = buf[0];
894 B = buf[1];
895 C = buf[2];
896 D = buf[3];
897 E = buf[4];
898 F = buf[5];
899 G = buf[6];
900 H = buf[7];
902 P (A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98);
903 P (H, A, B, C, D, E, F, G, W[ 1], 0x71374491);
904 P (G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF);
905 P (F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5);
906 P (E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B);
907 P (D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1);
908 P (C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4);
909 P (B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5);
910 P (A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98);
911 P (H, A, B, C, D, E, F, G, W[ 9], 0x12835B01);
912 P (G, H, A, B, C, D, E, F, W[10], 0x243185BE);
913 P (F, G, H, A, B, C, D, E, W[11], 0x550C7DC3);
914 P (E, F, G, H, A, B, C, D, W[12], 0x72BE5D74);
915 P (D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE);
916 P (C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7);
917 P (B, C, D, E, F, G, H, A, W[15], 0xC19BF174);
918 P (A, B, C, D, E, F, G, H, R(16), 0xE49B69C1);
919 P (H, A, B, C, D, E, F, G, R(17), 0xEFBE4786);
920 P (G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6);
921 P (F, G, H, A, B, C, D, E, R(19), 0x240CA1CC);
922 P (E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F);
923 P (D, E, F, G, H, A, B, C, R(21), 0x4A7484AA);
924 P (C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC);
925 P (B, C, D, E, F, G, H, A, R(23), 0x76F988DA);
926 P (A, B, C, D, E, F, G, H, R(24), 0x983E5152);
927 P (H, A, B, C, D, E, F, G, R(25), 0xA831C66D);
928 P (G, H, A, B, C, D, E, F, R(26), 0xB00327C8);
929 P (F, G, H, A, B, C, D, E, R(27), 0xBF597FC7);
930 P (E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3);
931 P (D, E, F, G, H, A, B, C, R(29), 0xD5A79147);
932 P (C, D, E, F, G, H, A, B, R(30), 0x06CA6351);
933 P (B, C, D, E, F, G, H, A, R(31), 0x14292967);
934 P (A, B, C, D, E, F, G, H, R(32), 0x27B70A85);
935 P (H, A, B, C, D, E, F, G, R(33), 0x2E1B2138);
936 P (G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC);
937 P (F, G, H, A, B, C, D, E, R(35), 0x53380D13);
938 P (E, F, G, H, A, B, C, D, R(36), 0x650A7354);
939 P (D, E, F, G, H, A, B, C, R(37), 0x766A0ABB);
940 P (C, D, E, F, G, H, A, B, R(38), 0x81C2C92E);
941 P (B, C, D, E, F, G, H, A, R(39), 0x92722C85);
942 P (A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1);
943 P (H, A, B, C, D, E, F, G, R(41), 0xA81A664B);
944 P (G, H, A, B, C, D, E, F, R(42), 0xC24B8B70);
945 P (F, G, H, A, B, C, D, E, R(43), 0xC76C51A3);
946 P (E, F, G, H, A, B, C, D, R(44), 0xD192E819);
947 P (D, E, F, G, H, A, B, C, R(45), 0xD6990624);
948 P (C, D, E, F, G, H, A, B, R(46), 0xF40E3585);
949 P (B, C, D, E, F, G, H, A, R(47), 0x106AA070);
950 P (A, B, C, D, E, F, G, H, R(48), 0x19A4C116);
951 P (H, A, B, C, D, E, F, G, R(49), 0x1E376C08);
952 P (G, H, A, B, C, D, E, F, R(50), 0x2748774C);
953 P (F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5);
954 P (E, F, G, H, A, B, C, D, R(52), 0x391C0CB3);
955 P (D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A);
956 P (C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F);
957 P (B, C, D, E, F, G, H, A, R(55), 0x682E6FF3);
958 P (A, B, C, D, E, F, G, H, R(56), 0x748F82EE);
959 P (H, A, B, C, D, E, F, G, R(57), 0x78A5636F);
960 P (G, H, A, B, C, D, E, F, R(58), 0x84C87814);
961 P (F, G, H, A, B, C, D, E, R(59), 0x8CC70208);
962 P (E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA);
963 P (D, E, F, G, H, A, B, C, R(61), 0xA4506CEB);
964 P (C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7);
965 P (B, C, D, E, F, G, H, A, R(63), 0xC67178F2);
967 #undef SHR
968 #undef ROTR
969 #undef S0
970 #undef S1
971 #undef S2
972 #undef S3
973 #undef F0
974 #undef F1
975 #undef R
976 #undef P
978 buf[0] += A;
979 buf[1] += B;
980 buf[2] += C;
981 buf[3] += D;
982 buf[4] += E;
983 buf[5] += F;
984 buf[6] += G;
985 buf[7] += H;
988 static void
989 sha256_sum_update (Sha256sum *sha256,
990 const guchar *buffer,
991 gsize length)
993 guint32 left, fill;
994 const guint8 *input = buffer;
996 if (length == 0)
997 return;
999 left = sha256->bits[0] & 0x3F;
1000 fill = 64 - left;
1002 sha256->bits[0] += length;
1003 sha256->bits[0] &= 0xFFFFFFFF;
1005 if (sha256->bits[0] < length)
1006 sha256->bits[1]++;
1008 if (left > 0 && length >= fill)
1010 memcpy ((sha256->data + left), input, fill);
1012 sha256_transform (sha256->buf, sha256->data);
1013 length -= fill;
1014 input += fill;
1016 left = 0;
1019 while (length >= SHA256_DATASIZE)
1021 sha256_transform (sha256->buf, input);
1023 length -= 64;
1024 input += 64;
1027 if (length)
1028 memcpy (sha256->data + left, input, length);
1031 static guint8 sha256_padding[64] =
1033 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1034 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1035 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1036 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
1039 static void
1040 sha256_sum_close (Sha256sum *sha256)
1042 guint32 last, padn;
1043 guint32 high, low;
1044 guint8 msglen[8];
1046 high = (sha256->bits[0] >> 29)
1047 | (sha256->bits[1] << 3);
1048 low = (sha256->bits[0] << 3);
1050 PUT_UINT32 (high, msglen, 0);
1051 PUT_UINT32 (low, msglen, 4);
1053 last = sha256->bits[0] & 0x3F;
1054 padn = (last < 56) ? (56 - last) : (120 - last);
1056 sha256_sum_update (sha256, sha256_padding, padn);
1057 sha256_sum_update (sha256, msglen, 8);
1059 PUT_UINT32 (sha256->buf[0], sha256->digest, 0);
1060 PUT_UINT32 (sha256->buf[1], sha256->digest, 4);
1061 PUT_UINT32 (sha256->buf[2], sha256->digest, 8);
1062 PUT_UINT32 (sha256->buf[3], sha256->digest, 12);
1063 PUT_UINT32 (sha256->buf[4], sha256->digest, 16);
1064 PUT_UINT32 (sha256->buf[5], sha256->digest, 20);
1065 PUT_UINT32 (sha256->buf[6], sha256->digest, 24);
1066 PUT_UINT32 (sha256->buf[7], sha256->digest, 28);
1069 #undef PUT_UINT32
1070 #undef GET_UINT32
1072 static gchar *
1073 sha256_sum_to_string (Sha256sum *sha256)
1075 return digest_to_string (sha256->digest, SHA256_DIGEST_LEN);
1078 static void
1079 sha256_sum_digest (Sha256sum *sha256,
1080 guint8 *digest)
1082 gint i;
1084 for (i = 0; i < SHA256_DIGEST_LEN; i++)
1085 digest[i] = sha256->digest[i];
1089 * SHA-384, SHA-512, SHA-512/224 and SHA-512/256 Checksums
1091 * Implemented following FIPS-180-4 standard at
1092 * http://csrc.nist.gov/publications/fips/fips180-4/fips180-4.pdf.
1093 * References in the form [§x.y.z] map to sections in that document.
1095 * Author(s): Eduardo Lima Mitev <elima@igalia.com>
1096 * Igor Gnatenko <ignatenko@src.gnome.org>
1099 /* SHA-384, SHA-512, SHA-512/224 and SHA-512/256 functions [§4.1.3] */
1100 #define Ch(x,y,z) ((x & y) ^ (~x & z))
1101 #define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
1102 #define SHR(n,x) (x >> n)
1103 #define ROTR(n,x) (SHR (n, x) | (x << (64 - n)))
1104 #define SIGMA0(x) (ROTR (28, x) ^ ROTR (34, x) ^ ROTR (39, x))
1105 #define SIGMA1(x) (ROTR (14, x) ^ ROTR (18, x) ^ ROTR (41, x))
1106 #define sigma0(x) (ROTR ( 1, x) ^ ROTR ( 8, x) ^ SHR ( 7, x))
1107 #define sigma1(x) (ROTR (19, x) ^ ROTR (61, x) ^ SHR ( 6, x))
1109 #define PUT_UINT64(n,b,i) G_STMT_START{ \
1110 (b)[(i) ] = (guint8) (n >> 56); \
1111 (b)[(i) + 1] = (guint8) (n >> 48); \
1112 (b)[(i) + 2] = (guint8) (n >> 40); \
1113 (b)[(i) + 3] = (guint8) (n >> 32); \
1114 (b)[(i) + 4] = (guint8) (n >> 24); \
1115 (b)[(i) + 5] = (guint8) (n >> 16); \
1116 (b)[(i) + 6] = (guint8) (n >> 8); \
1117 (b)[(i) + 7] = (guint8) (n ); } G_STMT_END
1119 /* SHA-384 and SHA-512 constants [§4.2.3] */
1120 static const guint64 SHA2_K[80] = {
1121 0x428a2f98d728ae22, 0x7137449123ef65cd,
1122 0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc,
1123 0x3956c25bf348b538, 0x59f111f1b605d019,
1124 0x923f82a4af194f9b, 0xab1c5ed5da6d8118,
1125 0xd807aa98a3030242, 0x12835b0145706fbe,
1126 0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2,
1127 0x72be5d74f27b896f, 0x80deb1fe3b1696b1,
1128 0x9bdc06a725c71235, 0xc19bf174cf692694,
1129 0xe49b69c19ef14ad2, 0xefbe4786384f25e3,
1130 0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65,
1131 0x2de92c6f592b0275, 0x4a7484aa6ea6e483,
1132 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5,
1133 0x983e5152ee66dfab, 0xa831c66d2db43210,
1134 0xb00327c898fb213f, 0xbf597fc7beef0ee4,
1135 0xc6e00bf33da88fc2, 0xd5a79147930aa725,
1136 0x06ca6351e003826f, 0x142929670a0e6e70,
1137 0x27b70a8546d22ffc, 0x2e1b21385c26c926,
1138 0x4d2c6dfc5ac42aed, 0x53380d139d95b3df,
1139 0x650a73548baf63de, 0x766a0abb3c77b2a8,
1140 0x81c2c92e47edaee6, 0x92722c851482353b,
1141 0xa2bfe8a14cf10364, 0xa81a664bbc423001,
1142 0xc24b8b70d0f89791, 0xc76c51a30654be30,
1143 0xd192e819d6ef5218, 0xd69906245565a910,
1144 0xf40e35855771202a, 0x106aa07032bbd1b8,
1145 0x19a4c116b8d2d0c8, 0x1e376c085141ab53,
1146 0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8,
1147 0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb,
1148 0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3,
1149 0x748f82ee5defb2fc, 0x78a5636f43172f60,
1150 0x84c87814a1f0ab72, 0x8cc702081a6439ec,
1151 0x90befffa23631e28, 0xa4506cebde82bde9,
1152 0xbef9a3f7b2c67915, 0xc67178f2e372532b,
1153 0xca273eceea26619c, 0xd186b8c721c0c207,
1154 0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178,
1155 0x06f067aa72176fba, 0x0a637dc5a2c898a6,
1156 0x113f9804bef90dae, 0x1b710b35131c471b,
1157 0x28db77f523047d84, 0x32caab7b40c72493,
1158 0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c,
1159 0x4cc5d4becb3e42b6, 0x597f299cfc657e2a,
1160 0x5fcb6fab3ad6faec, 0x6c44198c4a475817
1164 static void
1165 sha384_sum_init (Sha512sum *sha512)
1167 /* Initial Hash Value [§5.3.4] */
1168 sha512->H[0] = 0xcbbb9d5dc1059ed8;
1169 sha512->H[1] = 0x629a292a367cd507;
1170 sha512->H[2] = 0x9159015a3070dd17;
1171 sha512->H[3] = 0x152fecd8f70e5939;
1172 sha512->H[4] = 0x67332667ffc00b31;
1173 sha512->H[5] = 0x8eb44a8768581511;
1174 sha512->H[6] = 0xdb0c2e0d64f98fa7;
1175 sha512->H[7] = 0x47b5481dbefa4fa4;
1177 sha512->block_len = 0;
1179 sha512->data_len[0] = 0;
1180 sha512->data_len[1] = 0;
1183 static void
1184 sha512_sum_init (Sha512sum *sha512)
1186 /* Initial Hash Value [§5.3.5] */
1187 sha512->H[0] = 0x6a09e667f3bcc908;
1188 sha512->H[1] = 0xbb67ae8584caa73b;
1189 sha512->H[2] = 0x3c6ef372fe94f82b;
1190 sha512->H[3] = 0xa54ff53a5f1d36f1;
1191 sha512->H[4] = 0x510e527fade682d1;
1192 sha512->H[5] = 0x9b05688c2b3e6c1f;
1193 sha512->H[6] = 0x1f83d9abfb41bd6b;
1194 sha512->H[7] = 0x5be0cd19137e2179;
1196 sha512->block_len = 0;
1198 sha512->data_len[0] = 0;
1199 sha512->data_len[1] = 0;
1202 static void
1203 sha512_transform (guint64 H[8],
1204 guint8 const data[SHA2_BLOCK_LEN])
1206 gint i;
1207 gint t;
1208 guint64 a, b, c, d, e, f, g, h;
1209 guint64 M[16];
1210 guint64 W[80];
1212 /* SHA-512 hash computation [§6.4.2] */
1214 /* prepare the message schedule */
1215 for (i = 0; i < 16; i++)
1217 gint p = i * 8;
1219 M[i] =
1220 ((guint64) data[p + 0] << 56) |
1221 ((guint64) data[p + 1] << 48) |
1222 ((guint64) data[p + 2] << 40) |
1223 ((guint64) data[p + 3] << 32) |
1224 ((guint64) data[p + 4] << 24) |
1225 ((guint64) data[p + 5] << 16) |
1226 ((guint64) data[p + 6] << 8) |
1227 ((guint64) data[p + 7] );
1230 for (t = 0; t < 80; t++)
1231 if (t < 16)
1232 W[t] = M[t];
1233 else
1234 W[t] = sigma1 (W[t - 2]) + W[t - 7] + sigma0 (W[t - 15]) + W[t - 16];
1236 /* initialize the eight working variables */
1237 a = H[0];
1238 b = H[1];
1239 c = H[2];
1240 d = H[3];
1241 e = H[4];
1242 f = H[5];
1243 g = H[6];
1244 h = H[7];
1246 for (t = 0; t < 80; t++)
1248 guint64 T1, T2;
1250 T1 = h + SIGMA1 (e) + Ch (e, f, g) + SHA2_K[t] + W[t];
1251 T2 = SIGMA0 (a) + Maj (a, b, c);
1252 h = g;
1253 g = f;
1254 f = e;
1255 e = d + T1;
1256 d = c;
1257 c = b;
1258 b = a;
1259 a = T1 + T2;
1262 /* Compute the intermediate hash value H */
1263 H[0] += a;
1264 H[1] += b;
1265 H[2] += c;
1266 H[3] += d;
1267 H[4] += e;
1268 H[5] += f;
1269 H[6] += g;
1270 H[7] += h;
1273 static void
1274 sha512_sum_update (Sha512sum *sha512,
1275 const guchar *buffer,
1276 gsize length)
1278 gsize block_left, offset = 0;
1280 if (length == 0)
1281 return;
1283 sha512->data_len[0] += length * 8;
1284 if (sha512->data_len[0] < length)
1285 sha512->data_len[1]++;
1287 /* try to fill current block */
1288 block_left = SHA2_BLOCK_LEN - sha512->block_len;
1289 if (block_left > 0)
1291 gsize fill_len;
1293 fill_len = MIN (block_left, length);
1294 memcpy (sha512->block + sha512->block_len, buffer, fill_len);
1295 sha512->block_len += fill_len;
1296 length -= fill_len;
1297 offset += fill_len;
1299 if (sha512->block_len == SHA2_BLOCK_LEN)
1301 sha512_transform (sha512->H, sha512->block);
1302 sha512->block_len = 0;
1306 /* process complete blocks */
1307 while (length >= SHA2_BLOCK_LEN)
1309 memcpy (sha512->block, buffer + offset, SHA2_BLOCK_LEN);
1311 sha512_transform (sha512->H, sha512->block);
1313 length -= SHA2_BLOCK_LEN;
1314 offset += SHA2_BLOCK_LEN;
1317 /* keep remaining data for next block */
1318 if (length > 0)
1320 memcpy (sha512->block, buffer + offset, length);
1321 sha512->block_len = length;
1325 static void
1326 sha512_sum_close (Sha512sum *sha512)
1328 guint l;
1329 gint zeros;
1330 guint8 pad[SHA2_BLOCK_LEN * 2] = { 0, };
1331 guint pad_len = 0;
1332 gint i;
1334 /* apply padding [§5.1.2] */
1335 l = sha512->block_len * 8;
1336 zeros = 896 - (l + 1);
1338 if (zeros < 0)
1339 zeros += 128 * 8;
1341 pad[0] = 0x80; /* 1000 0000 */
1342 zeros -= 7;
1343 pad_len++;
1345 memset (pad + pad_len, 0x00, zeros / 8);
1346 pad_len += zeros / 8;
1347 zeros = zeros % 8;
1349 /* put message bit length at the end of padding */
1350 PUT_UINT64 (sha512->data_len[1], pad, pad_len);
1351 pad_len += 8;
1353 PUT_UINT64 (sha512->data_len[0], pad, pad_len);
1354 pad_len += 8;
1356 /* update checksum with the padded block */
1357 sha512_sum_update (sha512, pad, pad_len);
1359 /* copy resulting 64-bit words into digest */
1360 for (i = 0; i < 8; i++)
1361 PUT_UINT64 (sha512->H[i], sha512->digest, i * 8);
1364 static gchar *
1365 sha384_sum_to_string (Sha512sum *sha512)
1367 return digest_to_string (sha512->digest, SHA384_DIGEST_LEN);
1370 static gchar *
1371 sha512_sum_to_string (Sha512sum *sha512)
1373 return digest_to_string (sha512->digest, SHA512_DIGEST_LEN);
1376 static void
1377 sha384_sum_digest (Sha512sum *sha512,
1378 guint8 *digest)
1380 memcpy (digest, sha512->digest, SHA384_DIGEST_LEN);
1383 static void
1384 sha512_sum_digest (Sha512sum *sha512,
1385 guint8 *digest)
1387 memcpy (digest, sha512->digest, SHA512_DIGEST_LEN);
1390 #undef Ch
1391 #undef Maj
1392 #undef SHR
1393 #undef ROTR
1394 #undef SIGMA0
1395 #undef SIGMA1
1396 #undef sigma0
1397 #undef sigma1
1399 #undef PUT_UINT64
1402 * Public API
1406 * g_checksum_type_get_length:
1407 * @checksum_type: a #GChecksumType
1409 * Gets the length in bytes of digests of type @checksum_type
1411 * Returns: the checksum length, or -1 if @checksum_type is
1412 * not supported.
1414 * Since: 2.16
1416 gssize
1417 g_checksum_type_get_length (GChecksumType checksum_type)
1419 gssize len = -1;
1421 switch (checksum_type)
1423 case G_CHECKSUM_MD5:
1424 len = MD5_DIGEST_LEN;
1425 break;
1426 case G_CHECKSUM_SHA1:
1427 len = SHA1_DIGEST_LEN;
1428 break;
1429 case G_CHECKSUM_SHA256:
1430 len = SHA256_DIGEST_LEN;
1431 break;
1432 case G_CHECKSUM_SHA384:
1433 len = SHA384_DIGEST_LEN;
1434 break;
1435 case G_CHECKSUM_SHA512:
1436 len = SHA512_DIGEST_LEN;
1437 break;
1438 default:
1439 len = -1;
1440 break;
1443 return len;
1447 * g_checksum_new:
1448 * @checksum_type: the desired type of checksum
1450 * Creates a new #GChecksum, using the checksum algorithm @checksum_type.
1451 * If the @checksum_type is not known, %NULL is returned.
1452 * A #GChecksum can be used to compute the checksum, or digest, of an
1453 * arbitrary binary blob, using different hashing algorithms.
1455 * A #GChecksum works by feeding a binary blob through g_checksum_update()
1456 * until there is data to be checked; the digest can then be extracted
1457 * using g_checksum_get_string(), which will return the checksum as a
1458 * hexadecimal string; or g_checksum_get_digest(), which will return a
1459 * vector of raw bytes. Once either g_checksum_get_string() or
1460 * g_checksum_get_digest() have been called on a #GChecksum, the checksum
1461 * will be closed and it won't be possible to call g_checksum_update()
1462 * on it anymore.
1464 * Returns: (transfer full): the newly created #GChecksum, or %NULL.
1465 * Use g_checksum_free() to free the memory allocated by it.
1467 * Since: 2.16
1469 GChecksum *
1470 g_checksum_new (GChecksumType checksum_type)
1472 GChecksum *checksum;
1474 if (! IS_VALID_TYPE (checksum_type))
1475 return NULL;
1477 checksum = g_slice_new0 (GChecksum);
1478 checksum->type = checksum_type;
1480 g_checksum_reset (checksum);
1482 return checksum;
1486 * g_checksum_reset:
1487 * @checksum: the #GChecksum to reset
1489 * Resets the state of the @checksum back to its initial state.
1491 * Since: 2.18
1493 void
1494 g_checksum_reset (GChecksum *checksum)
1496 g_return_if_fail (checksum != NULL);
1498 g_free (checksum->digest_str);
1499 checksum->digest_str = NULL;
1501 switch (checksum->type)
1503 case G_CHECKSUM_MD5:
1504 md5_sum_init (&(checksum->sum.md5));
1505 break;
1506 case G_CHECKSUM_SHA1:
1507 sha1_sum_init (&(checksum->sum.sha1));
1508 break;
1509 case G_CHECKSUM_SHA256:
1510 sha256_sum_init (&(checksum->sum.sha256));
1511 break;
1512 case G_CHECKSUM_SHA384:
1513 sha384_sum_init (&(checksum->sum.sha512));
1514 break;
1515 case G_CHECKSUM_SHA512:
1516 sha512_sum_init (&(checksum->sum.sha512));
1517 break;
1518 default:
1519 g_assert_not_reached ();
1520 break;
1525 * g_checksum_copy:
1526 * @checksum: the #GChecksum to copy
1528 * Copies a #GChecksum. If @checksum has been closed, by calling
1529 * g_checksum_get_string() or g_checksum_get_digest(), the copied
1530 * checksum will be closed as well.
1532 * Returns: the copy of the passed #GChecksum. Use g_checksum_free()
1533 * when finished using it.
1535 * Since: 2.16
1537 GChecksum *
1538 g_checksum_copy (const GChecksum *checksum)
1540 GChecksum *copy;
1542 g_return_val_if_fail (checksum != NULL, NULL);
1544 copy = g_slice_new (GChecksum);
1545 *copy = *checksum;
1547 copy->digest_str = g_strdup (checksum->digest_str);
1549 return copy;
1553 * g_checksum_free:
1554 * @checksum: a #GChecksum
1556 * Frees the memory allocated for @checksum.
1558 * Since: 2.16
1560 void
1561 g_checksum_free (GChecksum *checksum)
1563 if (G_LIKELY (checksum))
1565 g_free (checksum->digest_str);
1567 g_slice_free (GChecksum, checksum);
1572 * g_checksum_update:
1573 * @checksum: a #GChecksum
1574 * @data: (array length=length) (element-type guint8): buffer used to compute the checksum
1575 * @length: size of the buffer, or -1 if it is a null-terminated string.
1577 * Feeds @data into an existing #GChecksum. The checksum must still be
1578 * open, that is g_checksum_get_string() or g_checksum_get_digest() must
1579 * not have been called on @checksum.
1581 * Since: 2.16
1583 void
1584 g_checksum_update (GChecksum *checksum,
1585 const guchar *data,
1586 gssize length)
1588 g_return_if_fail (checksum != NULL);
1589 g_return_if_fail (length == 0 || data != NULL);
1591 if (length < 0)
1592 length = strlen ((const gchar *) data);
1594 if (checksum->digest_str)
1596 g_warning ("The checksum '%s' has been closed and cannot be updated "
1597 "anymore.",
1598 checksum->digest_str);
1599 return;
1602 switch (checksum->type)
1604 case G_CHECKSUM_MD5:
1605 md5_sum_update (&(checksum->sum.md5), data, length);
1606 break;
1607 case G_CHECKSUM_SHA1:
1608 sha1_sum_update (&(checksum->sum.sha1), data, length);
1609 break;
1610 case G_CHECKSUM_SHA256:
1611 sha256_sum_update (&(checksum->sum.sha256), data, length);
1612 break;
1613 case G_CHECKSUM_SHA384:
1614 case G_CHECKSUM_SHA512:
1615 sha512_sum_update (&(checksum->sum.sha512), data, length);
1616 break;
1617 default:
1618 g_assert_not_reached ();
1619 break;
1624 * g_checksum_get_string:
1625 * @checksum: a #GChecksum
1627 * Gets the digest as an hexadecimal string.
1629 * Once this function has been called the #GChecksum can no longer be
1630 * updated with g_checksum_update().
1632 * The hexadecimal characters will be lower case.
1634 * Returns: the hexadecimal representation of the checksum. The
1635 * returned string is owned by the checksum and should not be modified
1636 * or freed.
1638 * Since: 2.16
1640 const gchar *
1641 g_checksum_get_string (GChecksum *checksum)
1643 gchar *str = NULL;
1645 g_return_val_if_fail (checksum != NULL, NULL);
1647 if (checksum->digest_str)
1648 return checksum->digest_str;
1650 switch (checksum->type)
1652 case G_CHECKSUM_MD5:
1653 md5_sum_close (&(checksum->sum.md5));
1654 str = md5_sum_to_string (&(checksum->sum.md5));
1655 break;
1656 case G_CHECKSUM_SHA1:
1657 sha1_sum_close (&(checksum->sum.sha1));
1658 str = sha1_sum_to_string (&(checksum->sum.sha1));
1659 break;
1660 case G_CHECKSUM_SHA256:
1661 sha256_sum_close (&(checksum->sum.sha256));
1662 str = sha256_sum_to_string (&(checksum->sum.sha256));
1663 break;
1664 case G_CHECKSUM_SHA384:
1665 sha512_sum_close (&(checksum->sum.sha512));
1666 str = sha384_sum_to_string (&(checksum->sum.sha512));
1667 break;
1668 case G_CHECKSUM_SHA512:
1669 sha512_sum_close (&(checksum->sum.sha512));
1670 str = sha512_sum_to_string (&(checksum->sum.sha512));
1671 break;
1672 default:
1673 g_assert_not_reached ();
1674 break;
1677 checksum->digest_str = str;
1679 return checksum->digest_str;
1683 * g_checksum_get_digest: (skip)
1684 * @checksum: a #GChecksum
1685 * @buffer: output buffer
1686 * @digest_len: an inout parameter. The caller initializes it to the size of @buffer.
1687 * After the call it contains the length of the digest.
1689 * Gets the digest from @checksum as a raw binary vector and places it
1690 * into @buffer. The size of the digest depends on the type of checksum.
1692 * Once this function has been called, the #GChecksum is closed and can
1693 * no longer be updated with g_checksum_update().
1695 * Since: 2.16
1697 void
1698 g_checksum_get_digest (GChecksum *checksum,
1699 guint8 *buffer,
1700 gsize *digest_len)
1702 gboolean checksum_open = FALSE;
1703 gchar *str = NULL;
1704 gsize len;
1706 g_return_if_fail (checksum != NULL);
1708 len = g_checksum_type_get_length (checksum->type);
1709 g_return_if_fail (*digest_len >= len);
1711 checksum_open = !!(checksum->digest_str == NULL);
1713 switch (checksum->type)
1715 case G_CHECKSUM_MD5:
1716 if (checksum_open)
1718 md5_sum_close (&(checksum->sum.md5));
1719 str = md5_sum_to_string (&(checksum->sum.md5));
1721 md5_sum_digest (&(checksum->sum.md5), buffer);
1722 break;
1723 case G_CHECKSUM_SHA1:
1724 if (checksum_open)
1726 sha1_sum_close (&(checksum->sum.sha1));
1727 str = sha1_sum_to_string (&(checksum->sum.sha1));
1729 sha1_sum_digest (&(checksum->sum.sha1), buffer);
1730 break;
1731 case G_CHECKSUM_SHA256:
1732 if (checksum_open)
1734 sha256_sum_close (&(checksum->sum.sha256));
1735 str = sha256_sum_to_string (&(checksum->sum.sha256));
1737 sha256_sum_digest (&(checksum->sum.sha256), buffer);
1738 break;
1739 case G_CHECKSUM_SHA384:
1740 if (checksum_open)
1742 sha512_sum_close (&(checksum->sum.sha512));
1743 str = sha384_sum_to_string (&(checksum->sum.sha512));
1745 sha384_sum_digest (&(checksum->sum.sha512), buffer);
1746 break;
1747 case G_CHECKSUM_SHA512:
1748 if (checksum_open)
1750 sha512_sum_close (&(checksum->sum.sha512));
1751 str = sha512_sum_to_string (&(checksum->sum.sha512));
1753 sha512_sum_digest (&(checksum->sum.sha512), buffer);
1754 break;
1755 default:
1756 g_assert_not_reached ();
1757 break;
1760 if (str)
1761 checksum->digest_str = str;
1763 *digest_len = len;
1767 * g_compute_checksum_for_data:
1768 * @checksum_type: a #GChecksumType
1769 * @data: (array length=length) (element-type guint8): binary blob to compute the digest of
1770 * @length: length of @data
1772 * Computes the checksum for a binary @data of @length. This is a
1773 * convenience wrapper for g_checksum_new(), g_checksum_get_string()
1774 * and g_checksum_free().
1776 * The hexadecimal string returned will be in lower case.
1778 * Returns: the digest of the binary data as a string in hexadecimal.
1779 * The returned string should be freed with g_free() when done using it.
1781 * Since: 2.16
1783 gchar *
1784 g_compute_checksum_for_data (GChecksumType checksum_type,
1785 const guchar *data,
1786 gsize length)
1788 GChecksum *checksum;
1789 gchar *retval;
1791 g_return_val_if_fail (IS_VALID_TYPE (checksum_type), NULL);
1792 g_return_val_if_fail (length == 0 || data != NULL, NULL);
1794 checksum = g_checksum_new (checksum_type);
1795 if (!checksum)
1796 return NULL;
1798 g_checksum_update (checksum, data, length);
1799 retval = g_strdup (g_checksum_get_string (checksum));
1800 g_checksum_free (checksum);
1802 return retval;
1806 * g_compute_checksum_for_string:
1807 * @checksum_type: a #GChecksumType
1808 * @str: the string to compute the checksum of
1809 * @length: the length of the string, or -1 if the string is null-terminated.
1811 * Computes the checksum of a string.
1813 * The hexadecimal string returned will be in lower case.
1815 * Returns: the checksum as a hexadecimal string. The returned string
1816 * should be freed with g_free() when done using it.
1818 * Since: 2.16
1820 gchar *
1821 g_compute_checksum_for_string (GChecksumType checksum_type,
1822 const gchar *str,
1823 gssize length)
1825 g_return_val_if_fail (IS_VALID_TYPE (checksum_type), NULL);
1826 g_return_val_if_fail (length == 0 || str != NULL, NULL);
1828 if (length < 0)
1829 length = strlen (str);
1831 return g_compute_checksum_for_data (checksum_type, (const guchar *) str, length);
1835 * g_compute_checksum_for_bytes:
1836 * @checksum_type: a #GChecksumType
1837 * @data: binary blob to compute the digest of
1839 * Computes the checksum for a binary @data. This is a
1840 * convenience wrapper for g_checksum_new(), g_checksum_get_string()
1841 * and g_checksum_free().
1843 * The hexadecimal string returned will be in lower case.
1845 * Returns: the digest of the binary data as a string in hexadecimal.
1846 * The returned string should be freed with g_free() when done using it.
1848 * Since: 2.34
1850 gchar *
1851 g_compute_checksum_for_bytes (GChecksumType checksum_type,
1852 GBytes *data)
1854 gconstpointer byte_data;
1855 gsize length;
1857 g_return_val_if_fail (IS_VALID_TYPE (checksum_type), NULL);
1858 g_return_val_if_fail (data != NULL, NULL);
1860 byte_data = g_bytes_get_data (data, &length);
1861 return g_compute_checksum_for_data (checksum_type, byte_data, length);