1 /* ghmac.h - data hashing functions
3 * Copyright (C) 2011 Collabora Ltd.
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Library General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Library General Public License for more details.
15 * You should have received a copy of the GNU Library General Public
16 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 * Author: Stef Walter <stefw@collabora.co.uk>
27 #include "glib/galloca.h"
31 #include "gstrfuncs.h"
32 #include "gtestutils.h"
39 * @title: Secure HMAC Digests
40 * @short_description: computes the HMAC for data
42 * HMACs should be used when producing a cookie or hash based on data
43 * and a key. Simple mechanisms for using SHA1 and other algorithms to
44 * digest a key and data together are vulnerable to various security
45 * issues. <ulink url="http://en.wikipedia.org/wiki/HMAC">HMAC</ulink>
46 * uses algorithms like SHA1 in a secure way to produce a digest of a
49 * Both the key and data are arbitrary byte arrays of bytes or characters.
51 * Support for HMAC Digests has been added in GLib 2.30.
57 GChecksumType digest_type
;
64 * @digest_type: the desired type of digest
65 * @key: (array length=key_len): the key for the HMAC
66 * @key_len: the length of the keys
68 * Creates a new #GHmac, using the digest algorithm @digest_type.
69 * If the @digest_type is not known, %NULL is returned.
70 * A #GHmac can be used to compute the HMAC of a key and an
71 * arbitrary binary blob, using different hashing algorithms.
73 * A #GHmac works by feeding a binary blob through g_hmac_update()
74 * until the data is complete; the digest can then be extracted
75 * using g_hmac_get_string(), which will return the checksum as a
76 * hexadecimal string; or g_hmac_get_digest(), which will return a
77 * array of raw bytes. Once either g_hmac_get_string() or
78 * g_hmac_get_digest() have been called on a #GHmac, the HMAC
79 * will be closed and it won't be possible to call g_hmac_update()
82 * Return value: the newly created #GHmac, or %NULL.
83 * Use g_hmac_unref() to free the memory allocated by it.
88 g_hmac_new (GChecksumType digest_type
,
99 checksum
= g_checksum_new (digest_type
);
100 g_return_val_if_fail (checksum
!= NULL
, NULL
);
105 case G_CHECKSUM_SHA1
:
106 block_size
= 64; /* RFC 2104 */
108 case G_CHECKSUM_SHA256
:
109 block_size
= 64; /* RFC draft-kelly-ipsec-ciph-sha2-01 */
112 g_return_val_if_reached (NULL
);
115 hmac
= g_slice_new0 (GHmac
);
117 hmac
->digest_type
= digest_type
;
118 hmac
->digesti
= checksum
;
119 hmac
->digesto
= g_checksum_new (digest_type
);
121 buffer
= g_alloca (block_size
);
122 pad
= g_alloca (block_size
);
124 memset (buffer
, 0, block_size
);
126 /* If the key is too long, hash it */
127 if (key_len
> block_size
)
130 g_checksum_update (hmac
->digesti
, key
, key_len
);
131 g_checksum_get_digest (hmac
->digesti
, buffer
, &len
);
132 g_checksum_reset (hmac
->digesti
);
135 /* Otherwise pad it with zeros */
138 memcpy (buffer
, key
, key_len
);
142 for (i
= 0; i
< block_size
; i
++)
143 pad
[i
] = 0x36 ^ buffer
[i
]; /* ipad value */
144 g_checksum_update (hmac
->digesti
, pad
, block_size
);
147 for (i
= 0; i
< block_size
; i
++)
148 pad
[i
] = 0x5c ^ buffer
[i
]; /* opad value */
149 g_checksum_update (hmac
->digesto
, pad
, block_size
);
156 * @hmac: the #GHmac to copy
158 * Copies a #GHmac. If @hmac has been closed, by calling
159 * g_hmac_get_string() or g_hmac_get_digest(), the copied
160 * HMAC will be closed as well.
162 * Return value: the copy of the passed #GHmac. Use g_hmac_unref()
163 * when finished using it.
168 g_hmac_copy (const GHmac
*hmac
)
172 g_return_val_if_fail (hmac
!= NULL
, NULL
);
174 copy
= g_slice_new (GHmac
);
176 copy
->digest_type
= hmac
->digest_type
;
177 copy
->digesti
= g_checksum_copy (hmac
->digesti
);
178 copy
->digesto
= g_checksum_copy (hmac
->digesto
);
185 * @hmac: a valid #GHmac
187 * Atomically increments the reference count of @hmac by one.
189 * This function is MT-safe and may be called from any thread.
191 * Return value: the passed in #GHmac.
196 g_hmac_ref (GHmac
*hmac
)
198 g_return_val_if_fail (hmac
!= NULL
, NULL
);
200 g_atomic_int_inc (&hmac
->ref_count
);
209 * Atomically decrements the reference count of @hmac by one.
211 * If the reference count drops to 0, all keys and values will be
212 * destroyed, and all memory allocated by the hash table is released.
213 * This function is MT-safe and may be called from any thread.
214 * Frees the memory allocated for @hmac.
219 g_hmac_unref (GHmac
*hmac
)
221 g_return_if_fail (hmac
!= NULL
);
223 if (g_atomic_int_dec_and_test (&hmac
->ref_count
))
225 g_checksum_free (hmac
->digesti
);
226 g_checksum_free (hmac
->digesto
);
227 g_slice_free (GHmac
, hmac
);
234 * @data: (array length=length): buffer used to compute the checksum
235 * @length: size of the buffer, or -1 if it is a nul-terminated string
237 * Feeds @data into an existing #GHmac.
239 * The HMAC must still be open, that is g_hmac_get_string() or
240 * g_hmac_get_digest() must not have been called on @hmac.
245 g_hmac_update (GHmac
*hmac
,
249 g_return_if_fail (hmac
!= NULL
);
250 g_return_if_fail (length
== 0 || data
!= NULL
);
252 g_checksum_update (hmac
->digesti
, data
, length
);
259 * Gets the HMAC as an hexadecimal string.
261 * Once this function has been called the #GHmac can no longer be
262 * updated with g_hmac_update().
264 * The hexadecimal characters will be lower case.
266 * Return value: the hexadecimal representation of the HMAC. The
267 * returned string is owned by the HMAC and should not be modified
273 g_hmac_get_string (GHmac
*hmac
)
278 g_return_val_if_fail (hmac
!= NULL
, NULL
);
280 digest_len
= g_checksum_type_get_length (hmac
->digest_type
);
281 buffer
= g_alloca (digest_len
);
283 /* This is only called for its side-effect of updating hmac->digesto... */
284 g_hmac_get_digest (hmac
, buffer
, &digest_len
);
285 /* ... because we get the string from the checksum rather than
286 * stringifying buffer ourselves
288 return g_checksum_get_string (hmac
->digesto
);
294 * @buffer: output buffer
295 * @digest_len: an inout parameter. The caller initializes it to the
296 * size of @buffer. After the call it contains the length of the digest
298 * Gets the digest from @checksum as a raw binary array and places it
299 * into @buffer. The size of the digest depends on the type of checksum.
301 * Once this function has been called, the #GHmac is closed and can
302 * no longer be updated with g_checksum_update().
307 g_hmac_get_digest (GHmac
*hmac
,
313 g_return_if_fail (hmac
!= NULL
);
315 len
= g_checksum_type_get_length (hmac
->digest_type
);
316 g_return_if_fail (*digest_len
>= len
);
318 /* Use the same buffer, because we can :) */
319 g_checksum_get_digest (hmac
->digesti
, buffer
, &len
);
320 g_checksum_update (hmac
->digesto
, buffer
, len
);
321 g_checksum_get_digest (hmac
->digesto
, buffer
, digest_len
);
325 * g_compute_hmac_for_data:
326 * @digest_type: a #GChecksumType to use for the HMAC
327 * @key: (array length=key_len): the key to use in the HMAC
328 * @key_len: the length of the key
329 * @data: binary blob to compute the HMAC of
330 * @length: length of @data
332 * Computes the HMAC for a binary @data of @length. This is a
333 * convenience wrapper for g_hmac_new(), g_hmac_get_string()
334 * and g_hmac_unref().
336 * The hexadecimal string returned will be in lower case.
338 * Return value: the HMAC of the binary data as a string in hexadecimal.
339 * The returned string should be freed with g_free() when done using it.
344 g_compute_hmac_for_data (GChecksumType digest_type
,
353 g_return_val_if_fail (length
== 0 || data
!= NULL
, NULL
);
355 hmac
= g_hmac_new (digest_type
, key
, key_len
);
359 g_hmac_update (hmac
, data
, length
);
360 retval
= g_strdup (g_hmac_get_string (hmac
));
367 * g_compute_hmac_for_string:
368 * @digest_type: a #GChecksumType to use for the HMAC
369 * @key: (array length=key_len): the key to use in the HMAC
370 * @key_len: the length of the key
371 * @str: the string to compute the HMAC for
372 * @length: the length of the string, or -1 if the string is nul-terminated
374 * Computes the HMAC for a string.
376 * The hexadecimal string returned will be in lower case.
378 * Return value: the HMAC as a hexadecimal string.
379 * The returned string should be freed with g_free()
380 * when done using it.
385 g_compute_hmac_for_string (GChecksumType digest_type
,
391 g_return_val_if_fail (length
== 0 || str
!= NULL
, NULL
);
394 length
= strlen (str
);
396 return g_compute_hmac_for_data (digest_type
, key
, key_len
,
397 (const guchar
*) str
, length
);