1 /* gchecksum.h - data hashing functions
3 * Copyright (C) 2007 Emmanuele Bassi <ebassi@gnome.org>
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Library General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Library General Public License for more details.
15 * You should have received a copy of the GNU Library General Public
16 * License along with this library; if not, write to the
17 * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 * Boston, MA 02111-1307, USA.
25 #include "glibconfig.h"
26 #include "gchecksum.h"
32 #define IS_VALID_TYPE(type) ((type) >= G_CHECKSUM_MD5 && (type) <= G_CHECKSUM_SHA256)
34 /* The fact that these are lower case characters is part of the ABI */
35 static const gchar hex_digits[] = "0123456789abcdef";
37 #define MD5_DATASIZE 64
38 #define MD5_DIGEST_LEN 16
45 guchar data[MD5_DATASIZE];
47 guchar digest[MD5_DIGEST_LEN];
50 #define SHA1_DATASIZE 64
51 #define SHA1_DIGEST_LEN 20
58 /* we pack 64 unsigned chars into 16 32-bit unsigned integers */
61 guchar digest[SHA1_DIGEST_LEN];
64 #define SHA256_DATASIZE 64
65 #define SHA256_DIGEST_LEN 32
72 guint8 data[SHA256_DATASIZE];
74 guchar digest[SHA256_DIGEST_LEN];
90 /* we need different byte swapping functions because MD5 expects buffers
91 * to be little-endian, while SHA1 and SHA256 expect them in big-endian
95 #if G_BYTE_ORDER == G_LITTLE_ENDIAN
96 #define md5_byte_reverse(buffer,length)
98 /* assume that the passed buffer is integer aligned */
100 md5_byte_reverse (guchar *buffer,
107 bit = (guint32) ((unsigned) buffer[3] << 8 | buffer[2]) << 16 |
108 ((unsigned) buffer[1] << 8 | buffer[0]);
109 * (guint32 *) buffer = bit;
114 #endif /* G_BYTE_ORDER == G_LITTLE_ENDIAN */
116 #if G_BYTE_ORDER == G_BIG_ENDIAN
117 #define sha_byte_reverse(buffer,length)
120 sha_byte_reverse (guint32 *buffer,
123 length /= sizeof (guint32);
126 *buffer = GUINT32_SWAP_LE_BE (*buffer);
130 #endif /* G_BYTE_ORDER == G_BIG_ENDIAN */
133 digest_to_string (guint8 *digest,
136 gint len = digest_len * 2;
140 retval = g_new (gchar, len + 1);
142 for (i = 0; i < digest_len; i++)
144 guint8 byte = digest[i];
146 retval[2 * i] = hex_digits[byte >> 4];
147 retval[2 * i + 1] = hex_digits[byte & 0xf];
159 /* This MD5 digest computation is based on the equivalent code
160 * written by Colin Plumb. It came with this notice:
162 * This code implements the MD5 message-digest algorithm.
163 * The algorithm is due to Ron Rivest. This code was
164 * written by Colin Plumb in 1993, no copyright is claimed.
165 * This code is in the public domain; do with it what you wish.
167 * Equivalent code is available from RSA Data Security, Inc.
168 * This code has been tested against that, and is equivalent,
169 * except that you don't need to include two pages of legalese
174 md5_sum_init (Md5sum *md5)
176 /* arbitrary constants */
177 md5->buf[0] = 0x67452301;
178 md5->buf[1] = 0xefcdab89;
179 md5->buf[2] = 0x98badcfe;
180 md5->buf[3] = 0x10325476;
182 md5->bits[0] = md5->bits[1] = 0;
186 * The core of the MD5 algorithm, this alters an existing MD5 hash to
187 * reflect the addition of 16 longwords of new data. md5_sum_update()
188 * blocks the data and converts bytes into longwords for this routine.
191 md5_transform (guint32 buf[4],
192 guint32 const in[16])
194 register guint32 a, b, c, d;
196 /* The four core functions - F1 is optimized somewhat */
197 #define F1(x, y, z) (z ^ (x & (y ^ z)))
198 #define F2(x, y, z) F1 (z, x, y)
199 #define F3(x, y, z) (x ^ y ^ z)
200 #define F4(x, y, z) (y ^ (x | ~z))
202 /* This is the central step in the MD5 algorithm. */
203 #define md5_step(f, w, x, y, z, data, s) \
204 ( w += f (x, y, z) + data, w = w << s | w >> (32 - s), w += x )
211 md5_step (F1, a, b, c, d, in[0] + 0xd76aa478, 7);
212 md5_step (F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
213 md5_step (F1, c, d, a, b, in[2] + 0x242070db, 17);
214 md5_step (F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
215 md5_step (F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
216 md5_step (F1, d, a, b, c, in[5] + 0x4787c62a, 12);
217 md5_step (F1, c, d, a, b, in[6] + 0xa8304613, 17);
218 md5_step (F1, b, c, d, a, in[7] + 0xfd469501, 22);
219 md5_step (F1, a, b, c, d, in[8] + 0x698098d8, 7);
220 md5_step (F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
221 md5_step (F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
222 md5_step (F1, b, c, d, a, in[11] + 0x895cd7be, 22);
223 md5_step (F1, a, b, c, d, in[12] + 0x6b901122, 7);
224 md5_step (F1, d, a, b, c, in[13] + 0xfd987193, 12);
225 md5_step (F1, c, d, a, b, in[14] + 0xa679438e, 17);
226 md5_step (F1, b, c, d, a, in[15] + 0x49b40821, 22);
228 md5_step (F2, a, b, c, d, in[1] + 0xf61e2562, 5);
229 md5_step (F2, d, a, b, c, in[6] + 0xc040b340, 9);
230 md5_step (F2, c, d, a, b, in[11] + 0x265e5a51, 14);
231 md5_step (F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
232 md5_step (F2, a, b, c, d, in[5] + 0xd62f105d, 5);
233 md5_step (F2, d, a, b, c, in[10] + 0x02441453, 9);
234 md5_step (F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
235 md5_step (F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
236 md5_step (F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
237 md5_step (F2, d, a, b, c, in[14] + 0xc33707d6, 9);
238 md5_step (F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
239 md5_step (F2, b, c, d, a, in[8] + 0x455a14ed, 20);
240 md5_step (F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
241 md5_step (F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
242 md5_step (F2, c, d, a, b, in[7] + 0x676f02d9, 14);
243 md5_step (F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
245 md5_step (F3, a, b, c, d, in[5] + 0xfffa3942, 4);
246 md5_step (F3, d, a, b, c, in[8] + 0x8771f681, 11);
247 md5_step (F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
248 md5_step (F3, b, c, d, a, in[14] + 0xfde5380c, 23);
249 md5_step (F3, a, b, c, d, in[1] + 0xa4beea44, 4);
250 md5_step (F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
251 md5_step (F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
252 md5_step (F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
253 md5_step (F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
254 md5_step (F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
255 md5_step (F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
256 md5_step (F3, b, c, d, a, in[6] + 0x04881d05, 23);
257 md5_step (F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
258 md5_step (F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
259 md5_step (F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
260 md5_step (F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
262 md5_step (F4, a, b, c, d, in[0] + 0xf4292244, 6);
263 md5_step (F4, d, a, b, c, in[7] + 0x432aff97, 10);
264 md5_step (F4, c, d, a, b, in[14] + 0xab9423a7, 15);
265 md5_step (F4, b, c, d, a, in[5] + 0xfc93a039, 21);
266 md5_step (F4, a, b, c, d, in[12] + 0x655b59c3, 6);
267 md5_step (F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
268 md5_step (F4, c, d, a, b, in[10] + 0xffeff47d, 15);
269 md5_step (F4, b, c, d, a, in[1] + 0x85845dd1, 21);
270 md5_step (F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
271 md5_step (F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
272 md5_step (F4, c, d, a, b, in[6] + 0xa3014314, 15);
273 md5_step (F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
274 md5_step (F4, a, b, c, d, in[4] + 0xf7537e82, 6);
275 md5_step (F4, d, a, b, c, in[11] + 0xbd3af235, 10);
276 md5_step (F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
277 md5_step (F4, b, c, d, a, in[9] + 0xeb86d391, 21);
292 md5_sum_update (Md5sum *md5,
299 md5->bits[0] = bit + ((guint32) length << 3);
301 /* carry from low to high */
302 if (md5->bits[0] < bit)
305 md5->bits[1] += length >> 29;
307 /* bytes already in Md5sum->data */
308 bit = (bit >> 3) & 0x3f;
310 /* handle any leading odd-sized chunks */
313 guchar *p = (guchar *) md5->data + bit;
315 bit = MD5_DATASIZE - bit;
318 memcpy (p, data, length);
322 memcpy (p, data, bit);
324 md5_byte_reverse (md5->data, 16);
325 md5_transform (md5->buf, (guint32 *) md5->data);
331 /* process data in 64-byte chunks */
332 while (length >= MD5_DATASIZE)
334 memcpy (md5->data, data, MD5_DATASIZE);
336 md5_byte_reverse (md5->data, 16);
337 md5_transform (md5->buf, (guint32 *) md5->data);
339 data += MD5_DATASIZE;
340 length -= MD5_DATASIZE;
343 /* handle any remaining bytes of data */
344 memcpy (md5->data, data, length);
347 /* closes a checksum */
349 md5_sum_close (Md5sum *md5)
354 /* Compute number of bytes mod 64 */
355 count = (md5->bits[0] >> 3) & 0x3F;
357 /* Set the first char of padding to 0x80.
358 * This is safe since there is always at least one byte free
360 p = md5->data + count;
363 /* Bytes of padding needed to make 64 bytes */
364 count = MD5_DATASIZE - 1 - count;
366 /* Pad out to 56 mod 64 */
369 /* Two lots of padding: Pad the first block to 64 bytes */
370 memset (p, 0, count);
372 md5_byte_reverse (md5->data, 16);
373 md5_transform (md5->buf, (guint32 *) md5->data);
375 /* Now fill the next block with 56 bytes */
376 memset (md5->data, 0, MD5_DATASIZE - 8);
380 /* Pad block to 56 bytes */
381 memset (p, 0, count - 8);
384 md5_byte_reverse (md5->data, 14);
386 /* Append length in bits and transform */
387 ((guint32 *) md5->data)[14] = md5->bits[0];
388 ((guint32 *) md5->data)[15] = md5->bits[1];
390 md5_transform (md5->buf, (guint32 *) md5->data);
391 md5_byte_reverse ((guchar *) md5->buf, 4);
393 memcpy (md5->digest, md5->buf, 16);
395 /* Reset buffers in case they contain sensitive data */
396 memset (md5->buf, 0, sizeof (md5->buf));
397 memset (md5->data, 0, sizeof (md5->data));
401 md5_sum_to_string (Md5sum *md5)
403 return digest_to_string (md5->digest, MD5_DIGEST_LEN);
407 md5_sum_digest (Md5sum *md5,
412 for (i = 0; i < MD5_DIGEST_LEN; i++)
413 digest[i] = md5->digest[i];
420 /* The following implementation comes from D-Bus dbus-sha.c. I've changed
421 * it to use GLib types and to work more like the MD5 implementation above.
422 * I left the comments to have an history of this code.
423 * -- Emmanuele Bassi, ebassi@gnome.org
426 /* The following comments have the history of where this code
427 * comes from. I actually copied it from GNet in GNOME CVS.
432 * sha.h : Implementation of the Secure Hash Algorithm
434 * Part of the Python Cryptography Toolkit, version 1.0.0
436 * Copyright (C) 1995, A.M. Kuchling
438 * Distribute and use freely; there are no restrictions on further
439 * dissemination and usage except those imposed by the laws of your
440 * country of residence.
444 /* SHA: NIST's Secure Hash Algorithm */
446 /* Based on SHA code originally posted to sci.crypt by Peter Gutmann
447 in message <30ajo5$oe8@ccu2.auckland.ac.nz>.
448 Modified to test for endianness on creation of SHA objects by AMK.
449 Also, the original specification of SHA was found to have a weakness
450 by NSA/NIST. This code implements the fixed version of SHA.
453 /* Here's the first paragraph of Peter Gutmann's posting:
455 The following is my SHA (FIPS 180) code updated to allow use of the "fixed"
456 SHA, thanks to Jim Gillogly and an anonymous contributor for the information on
457 what's changed in the new version. The fix is a simple change which involves
458 adding a single rotate in the initial expansion function. It is unknown
459 whether this is an optimal solution to the problem which was discovered in the
460 SHA or whether it's simply a bandaid which fixes the problem with a minimum of
461 effort (for example the reengineering of a great many Capstone chips).
465 sha1_sum_init (Sha1sum *sha1)
467 /* initialize constants */
468 sha1->buf[0] = 0x67452301L;
469 sha1->buf[1] = 0xEFCDAB89L;
470 sha1->buf[2] = 0x98BADCFEL;
471 sha1->buf[3] = 0x10325476L;
472 sha1->buf[4] = 0xC3D2E1F0L;
474 /* initialize bits */
475 sha1->bits[0] = sha1->bits[1] = 0;
478 /* The SHA f()-functions. */
480 #define f1(x,y,z) (z ^ (x & (y ^ z))) /* Rounds 0-19 */
481 #define f2(x,y,z) (x ^ y ^ z) /* Rounds 20-39 */
482 #define f3(x,y,z) (( x & y) | (z & (x | y))) /* Rounds 40-59 */
483 #define f4(x,y,z) (x ^ y ^ z) /* Rounds 60-79 */
485 /* The SHA Mysterious Constants */
486 #define K1 0x5A827999L /* Rounds 0-19 */
487 #define K2 0x6ED9EBA1L /* Rounds 20-39 */
488 #define K3 0x8F1BBCDCL /* Rounds 40-59 */
489 #define K4 0xCA62C1D6L /* Rounds 60-79 */
491 /* 32-bit rotate left - kludged with shifts */
492 #define ROTL(n,X) (((X) << n ) | ((X) >> (32 - n)))
494 /* The initial expanding function. The hash function is defined over an
495 80-word expanded input array W, where the first 16 are copies of the input
496 data, and the remaining 64 are defined by
498 W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
500 This implementation generates these values on the fly in a circular
501 buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this
504 The updated SHA changes the expanding function by adding a rotate of 1
505 bit. Thanks to Jim Gillogly, jim@rand.org, and an anonymous contributor
506 for this information */
508 #define expand(W,i) (W[ i & 15 ] = ROTL (1, (W[ i & 15] ^ \
514 /* The prototype SHA sub-round. The fundamental sub-round is:
516 a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
522 but this is implemented by unrolling the loop 5 times and renaming the
523 variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
524 This code is then replicated 20 times for each of the 4 functions, using
525 the next 20 values from the W[] array each time */
527 #define subRound(a, b, c, d, e, f, k, data) \
528 (e += ROTL (5, a) + f(b, c, d) + k + data, b = ROTL (30, b))
531 sha1_transform (guint32 buf[5],
534 guint32 A, B, C, D, E;
542 /* Heavy mangling, in 4 sub-rounds of 20 interations each. */
543 subRound (A, B, C, D, E, f1, K1, in[0]);
544 subRound (E, A, B, C, D, f1, K1, in[1]);
545 subRound (D, E, A, B, C, f1, K1, in[2]);
546 subRound (C, D, E, A, B, f1, K1, in[3]);
547 subRound (B, C, D, E, A, f1, K1, in[4]);
548 subRound (A, B, C, D, E, f1, K1, in[5]);
549 subRound (E, A, B, C, D, f1, K1, in[6]);
550 subRound (D, E, A, B, C, f1, K1, in[7]);
551 subRound (C, D, E, A, B, f1, K1, in[8]);
552 subRound (B, C, D, E, A, f1, K1, in[9]);
553 subRound (A, B, C, D, E, f1, K1, in[10]);
554 subRound (E, A, B, C, D, f1, K1, in[11]);
555 subRound (D, E, A, B, C, f1, K1, in[12]);
556 subRound (C, D, E, A, B, f1, K1, in[13]);
557 subRound (B, C, D, E, A, f1, K1, in[14]);
558 subRound (A, B, C, D, E, f1, K1, in[15]);
559 subRound (E, A, B, C, D, f1, K1, expand (in, 16));
560 subRound (D, E, A, B, C, f1, K1, expand (in, 17));
561 subRound (C, D, E, A, B, f1, K1, expand (in, 18));
562 subRound (B, C, D, E, A, f1, K1, expand (in, 19));
564 subRound (A, B, C, D, E, f2, K2, expand (in, 20));
565 subRound (E, A, B, C, D, f2, K2, expand (in, 21));
566 subRound (D, E, A, B, C, f2, K2, expand (in, 22));
567 subRound (C, D, E, A, B, f2, K2, expand (in, 23));
568 subRound (B, C, D, E, A, f2, K2, expand (in, 24));
569 subRound (A, B, C, D, E, f2, K2, expand (in, 25));
570 subRound (E, A, B, C, D, f2, K2, expand (in, 26));
571 subRound (D, E, A, B, C, f2, K2, expand (in, 27));
572 subRound (C, D, E, A, B, f2, K2, expand (in, 28));
573 subRound (B, C, D, E, A, f2, K2, expand (in, 29));
574 subRound (A, B, C, D, E, f2, K2, expand (in, 30));
575 subRound (E, A, B, C, D, f2, K2, expand (in, 31));
576 subRound (D, E, A, B, C, f2, K2, expand (in, 32));
577 subRound (C, D, E, A, B, f2, K2, expand (in, 33));
578 subRound (B, C, D, E, A, f2, K2, expand (in, 34));
579 subRound (A, B, C, D, E, f2, K2, expand (in, 35));
580 subRound (E, A, B, C, D, f2, K2, expand (in, 36));
581 subRound (D, E, A, B, C, f2, K2, expand (in, 37));
582 subRound (C, D, E, A, B, f2, K2, expand (in, 38));
583 subRound (B, C, D, E, A, f2, K2, expand (in, 39));
585 subRound (A, B, C, D, E, f3, K3, expand (in, 40));
586 subRound (E, A, B, C, D, f3, K3, expand (in, 41));
587 subRound (D, E, A, B, C, f3, K3, expand (in, 42));
588 subRound (C, D, E, A, B, f3, K3, expand (in, 43));
589 subRound (B, C, D, E, A, f3, K3, expand (in, 44));
590 subRound (A, B, C, D, E, f3, K3, expand (in, 45));
591 subRound (E, A, B, C, D, f3, K3, expand (in, 46));
592 subRound (D, E, A, B, C, f3, K3, expand (in, 47));
593 subRound (C, D, E, A, B, f3, K3, expand (in, 48));
594 subRound (B, C, D, E, A, f3, K3, expand (in, 49));
595 subRound (A, B, C, D, E, f3, K3, expand (in, 50));
596 subRound (E, A, B, C, D, f3, K3, expand (in, 51));
597 subRound (D, E, A, B, C, f3, K3, expand (in, 52));
598 subRound (C, D, E, A, B, f3, K3, expand (in, 53));
599 subRound (B, C, D, E, A, f3, K3, expand (in, 54));
600 subRound (A, B, C, D, E, f3, K3, expand (in, 55));
601 subRound (E, A, B, C, D, f3, K3, expand (in, 56));
602 subRound (D, E, A, B, C, f3, K3, expand (in, 57));
603 subRound (C, D, E, A, B, f3, K3, expand (in, 58));
604 subRound (B, C, D, E, A, f3, K3, expand (in, 59));
606 subRound (A, B, C, D, E, f4, K4, expand (in, 60));
607 subRound (E, A, B, C, D, f4, K4, expand (in, 61));
608 subRound (D, E, A, B, C, f4, K4, expand (in, 62));
609 subRound (C, D, E, A, B, f4, K4, expand (in, 63));
610 subRound (B, C, D, E, A, f4, K4, expand (in, 64));
611 subRound (A, B, C, D, E, f4, K4, expand (in, 65));
612 subRound (E, A, B, C, D, f4, K4, expand (in, 66));
613 subRound (D, E, A, B, C, f4, K4, expand (in, 67));
614 subRound (C, D, E, A, B, f4, K4, expand (in, 68));
615 subRound (B, C, D, E, A, f4, K4, expand (in, 69));
616 subRound (A, B, C, D, E, f4, K4, expand (in, 70));
617 subRound (E, A, B, C, D, f4, K4, expand (in, 71));
618 subRound (D, E, A, B, C, f4, K4, expand (in, 72));
619 subRound (C, D, E, A, B, f4, K4, expand (in, 73));
620 subRound (B, C, D, E, A, f4, K4, expand (in, 74));
621 subRound (A, B, C, D, E, f4, K4, expand (in, 75));
622 subRound (E, A, B, C, D, f4, K4, expand (in, 76));
623 subRound (D, E, A, B, C, f4, K4, expand (in, 77));
624 subRound (C, D, E, A, B, f4, K4, expand (in, 78));
625 subRound (B, C, D, E, A, f4, K4, expand (in, 79));
627 /* Build message digest */
648 sha1_sum_update (Sha1sum *sha1,
649 const guchar *buffer,
655 /* Update bitcount */
657 if ((sha1->bits[0] = tmp + ((guint32) count << 3) ) < tmp)
658 sha1->bits[1] += 1; /* Carry from low to high */
659 sha1->bits[1] += count >> 29;
661 /* Get count of bytes already in data */
662 dataCount = (guint) (tmp >> 3) & 0x3F;
664 /* Handle any leading odd-sized chunks */
667 guchar *p = (guchar *) sha1->data + dataCount;
669 dataCount = SHA1_DATASIZE - dataCount;
670 if (count < dataCount)
672 memcpy (p, buffer, count);
676 memcpy (p, buffer, dataCount);
678 sha_byte_reverse (sha1->data, SHA1_DATASIZE);
679 sha1_transform (sha1->buf, sha1->data);
685 /* Process data in SHA1_DATASIZE chunks */
686 while (count >= SHA1_DATASIZE)
688 memcpy (sha1->data, buffer, SHA1_DATASIZE);
690 sha_byte_reverse (sha1->data, SHA1_DATASIZE);
691 sha1_transform (sha1->buf, sha1->data);
693 buffer += SHA1_DATASIZE;
694 count -= SHA1_DATASIZE;
697 /* Handle any remaining bytes of data. */
698 memcpy (sha1->data, buffer, count);
701 /* Final wrapup - pad to SHA_DATASIZE-byte boundary with the bit pattern
702 1 0* (64-bit count of bits processed, MSB-first) */
704 sha1_sum_close (Sha1sum *sha1)
709 /* Compute number of bytes mod 64 */
710 count = (gint) ((sha1->bits[0] >> 3) & 0x3f);
712 /* Set the first char of padding to 0x80. This is safe since there is
713 always at least one byte free */
714 data_p = (guchar *) sha1->data + count;
717 /* Bytes of padding needed to make 64 bytes */
718 count = SHA1_DATASIZE - 1 - count;
720 /* Pad out to 56 mod 64 */
723 /* Two lots of padding: Pad the first block to 64 bytes */
724 memset (data_p, 0, count);
726 sha_byte_reverse (sha1->data, SHA1_DATASIZE);
727 sha1_transform (sha1->buf, sha1->data);
729 /* Now fill the next block with 56 bytes */
730 memset (sha1->data, 0, SHA1_DATASIZE - 8);
734 /* Pad block to 56 bytes */
735 memset (data_p, 0, count - 8);
738 /* Append length in bits and transform */
739 sha1->data[14] = sha1->bits[1];
740 sha1->data[15] = sha1->bits[0];
742 sha_byte_reverse (sha1->data, SHA1_DATASIZE - 8);
743 sha1_transform (sha1->buf, sha1->data);
744 sha_byte_reverse (sha1->buf, SHA1_DIGEST_LEN);
746 memcpy (sha1->digest, sha1->buf, SHA1_DIGEST_LEN);
748 /* Reset buffers in case they contain sensitive data */
749 memset (sha1->buf, 0, sizeof (sha1->buf));
750 memset (sha1->data, 0, sizeof (sha1->data));
754 sha1_sum_to_string (Sha1sum *sha1)
756 return digest_to_string (sha1->digest, SHA1_DIGEST_LEN);
760 sha1_sum_digest (Sha1sum *sha1,
765 for (i = 0; i < SHA1_DIGEST_LEN; i++)
766 digest[i] = sha1->digest[i];
773 /* adapted from the SHA256 implementation in gsk/src/hash/gskhash.c.
775 * Copyright (C) 2006 Dave Benson
776 * Released under the terms of the GNU Lesser General Public License
780 sha256_sum_init (Sha256sum *sha256)
782 sha256->buf[0] = 0x6a09e667;
783 sha256->buf[1] = 0xbb67ae85;
784 sha256->buf[2] = 0x3c6ef372;
785 sha256->buf[3] = 0xa54ff53a;
786 sha256->buf[4] = 0x510e527f;
787 sha256->buf[5] = 0x9b05688c;
788 sha256->buf[6] = 0x1f83d9ab;
789 sha256->buf[7] = 0x5be0cd19;
791 sha256->bits[0] = sha256->bits[1] = 0;
794 #define GET_UINT32(n,b,i) G_STMT_START{ \
795 (n) = ((guint32) (b)[(i) ] << 24) \
796 | ((guint32) (b)[(i) + 1] << 16) \
797 | ((guint32) (b)[(i) + 2] << 8) \
798 | ((guint32) (b)[(i) + 3] ); } G_STMT_END
800 #define PUT_UINT32(n,b,i) G_STMT_START{ \
801 (b)[(i) ] = (guint8) ((n) >> 24); \
802 (b)[(i) + 1] = (guint8) ((n) >> 16); \
803 (b)[(i) + 2] = (guint8) ((n) >> 8); \
804 (b)[(i) + 3] = (guint8) ((n) ); } G_STMT_END
807 sha256_transform (guint32 buf[8],
808 guint8 const data[64])
810 guint32 temp1, temp2, W[64];
811 guint32 A, B, C, D, E, F, G, H;
813 GET_UINT32 (W[0], data, 0);
814 GET_UINT32 (W[1], data, 4);
815 GET_UINT32 (W[2], data, 8);
816 GET_UINT32 (W[3], data, 12);
817 GET_UINT32 (W[4], data, 16);
818 GET_UINT32 (W[5], data, 20);
819 GET_UINT32 (W[6], data, 24);
820 GET_UINT32 (W[7], data, 28);
821 GET_UINT32 (W[8], data, 32);
822 GET_UINT32 (W[9], data, 36);
823 GET_UINT32 (W[10], data, 40);
824 GET_UINT32 (W[11], data, 44);
825 GET_UINT32 (W[12], data, 48);
826 GET_UINT32 (W[13], data, 52);
827 GET_UINT32 (W[14], data, 56);
828 GET_UINT32 (W[15], data, 60);
830 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
831 #define ROTR(x,n) (SHR (x,n) | (x << (32 - n)))
833 #define S0(x) (ROTR (x, 7) ^ ROTR (x,18) ^ SHR (x, 3))
834 #define S1(x) (ROTR (x,17) ^ ROTR (x,19) ^ SHR (x,10))
835 #define S2(x) (ROTR (x, 2) ^ ROTR (x,13) ^ ROTR (x,22))
836 #define S3(x) (ROTR (x, 6) ^ ROTR (x,11) ^ ROTR (x,25))
838 #define F0(x,y,z) ((x & y) | (z & (x | y)))
839 #define F1(x,y,z) (z ^ (x & (y ^ z)))
841 #define R(t) (W[t] = S1(W[t - 2]) + W[t - 7] + \
842 S0(W[t - 15]) + W[t - 16])
844 #define P(a,b,c,d,e,f,g,h,x,K) G_STMT_START { \
845 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
846 temp2 = S2(a) + F0(a,b,c); \
847 d += temp1; h = temp1 + temp2; } G_STMT_END
858 P (A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98);
859 P (H, A, B, C, D, E, F, G, W[ 1], 0x71374491);
860 P (G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF);
861 P (F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5);
862 P (E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B);
863 P (D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1);
864 P (C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4);
865 P (B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5);
866 P (A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98);
867 P (H, A, B, C, D, E, F, G, W[ 9], 0x12835B01);
868 P (G, H, A, B, C, D, E, F, W[10], 0x243185BE);
869 P (F, G, H, A, B, C, D, E, W[11], 0x550C7DC3);
870 P (E, F, G, H, A, B, C, D, W[12], 0x72BE5D74);
871 P (D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE);
872 P (C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7);
873 P (B, C, D, E, F, G, H, A, W[15], 0xC19BF174);
874 P (A, B, C, D, E, F, G, H, R(16), 0xE49B69C1);
875 P (H, A, B, C, D, E, F, G, R(17), 0xEFBE4786);
876 P (G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6);
877 P (F, G, H, A, B, C, D, E, R(19), 0x240CA1CC);
878 P (E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F);
879 P (D, E, F, G, H, A, B, C, R(21), 0x4A7484AA);
880 P (C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC);
881 P (B, C, D, E, F, G, H, A, R(23), 0x76F988DA);
882 P (A, B, C, D, E, F, G, H, R(24), 0x983E5152);
883 P (H, A, B, C, D, E, F, G, R(25), 0xA831C66D);
884 P (G, H, A, B, C, D, E, F, R(26), 0xB00327C8);
885 P (F, G, H, A, B, C, D, E, R(27), 0xBF597FC7);
886 P (E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3);
887 P (D, E, F, G, H, A, B, C, R(29), 0xD5A79147);
888 P (C, D, E, F, G, H, A, B, R(30), 0x06CA6351);
889 P (B, C, D, E, F, G, H, A, R(31), 0x14292967);
890 P (A, B, C, D, E, F, G, H, R(32), 0x27B70A85);
891 P (H, A, B, C, D, E, F, G, R(33), 0x2E1B2138);
892 P (G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC);
893 P (F, G, H, A, B, C, D, E, R(35), 0x53380D13);
894 P (E, F, G, H, A, B, C, D, R(36), 0x650A7354);
895 P (D, E, F, G, H, A, B, C, R(37), 0x766A0ABB);
896 P (C, D, E, F, G, H, A, B, R(38), 0x81C2C92E);
897 P (B, C, D, E, F, G, H, A, R(39), 0x92722C85);
898 P (A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1);
899 P (H, A, B, C, D, E, F, G, R(41), 0xA81A664B);
900 P (G, H, A, B, C, D, E, F, R(42), 0xC24B8B70);
901 P (F, G, H, A, B, C, D, E, R(43), 0xC76C51A3);
902 P (E, F, G, H, A, B, C, D, R(44), 0xD192E819);
903 P (D, E, F, G, H, A, B, C, R(45), 0xD6990624);
904 P (C, D, E, F, G, H, A, B, R(46), 0xF40E3585);
905 P (B, C, D, E, F, G, H, A, R(47), 0x106AA070);
906 P (A, B, C, D, E, F, G, H, R(48), 0x19A4C116);
907 P (H, A, B, C, D, E, F, G, R(49), 0x1E376C08);
908 P (G, H, A, B, C, D, E, F, R(50), 0x2748774C);
909 P (F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5);
910 P (E, F, G, H, A, B, C, D, R(52), 0x391C0CB3);
911 P (D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A);
912 P (C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F);
913 P (B, C, D, E, F, G, H, A, R(55), 0x682E6FF3);
914 P (A, B, C, D, E, F, G, H, R(56), 0x748F82EE);
915 P (H, A, B, C, D, E, F, G, R(57), 0x78A5636F);
916 P (G, H, A, B, C, D, E, F, R(58), 0x84C87814);
917 P (F, G, H, A, B, C, D, E, R(59), 0x8CC70208);
918 P (E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA);
919 P (D, E, F, G, H, A, B, C, R(61), 0xA4506CEB);
920 P (C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7);
921 P (B, C, D, E, F, G, H, A, R(63), 0xC67178F2);
945 sha256_sum_update (Sha256sum *sha256,
946 const guchar *buffer,
950 const guint8 *input = buffer;
955 left = sha256->bits[0] & 0x3F;
958 sha256->bits[0] += length;
959 sha256->bits[0] &= 0xFFFFFFFF;
961 if (sha256->bits[0] < length)
964 if (left > 0 && length >= fill)
966 memcpy ((sha256->data + left), input, fill);
968 sha256_transform (sha256->buf, sha256->data);
975 while (length >= SHA256_DATASIZE)
977 sha256_transform (sha256->buf, input);
984 memcpy (sha256->data + left, input, length);
987 static guint8 sha256_padding[64] =
989 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
990 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
991 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
992 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
996 sha256_sum_close (Sha256sum *sha256)
1002 high = (sha256->bits[0] >> 29)
1003 | (sha256->bits[1] << 3);
1004 low = (sha256->bits[0] << 3);
1006 PUT_UINT32 (high, msglen, 0);
1007 PUT_UINT32 (low, msglen, 4);
1009 last = sha256->bits[0] & 0x3F;
1010 padn = (last < 56) ? (56 - last) : (120 - last);
1012 sha256_sum_update (sha256, sha256_padding, padn);
1013 sha256_sum_update (sha256, msglen, 8);
1015 PUT_UINT32 (sha256->buf[0], sha256->digest, 0);
1016 PUT_UINT32 (sha256->buf[1], sha256->digest, 4);
1017 PUT_UINT32 (sha256->buf[2], sha256->digest, 8);
1018 PUT_UINT32 (sha256->buf[3], sha256->digest, 12);
1019 PUT_UINT32 (sha256->buf[4], sha256->digest, 16);
1020 PUT_UINT32 (sha256->buf[5], sha256->digest, 20);
1021 PUT_UINT32 (sha256->buf[6], sha256->digest, 24);
1022 PUT_UINT32 (sha256->buf[7], sha256->digest, 28);
1029 sha256_sum_to_string (Sha256sum *sha256)
1031 return digest_to_string (sha256->digest, SHA256_DIGEST_LEN);
1035 sha256_sum_digest (Sha256sum *sha256,
1040 for (i = 0; i < SHA256_DIGEST_LEN; i++)
1041 digest[i] = sha256->digest[i];
1050 * g_checksum_type_get_length:
1051 * @checksum_type: a #GChecksumType
1053 * Gets the length in bytes of digests of type @checksum_type
1055 * Return value: the checksum length, or -1 if @checksum_type is
1061 g_checksum_type_get_length (GChecksumType checksum_type)
1065 switch (checksum_type)
1067 case G_CHECKSUM_MD5:
1068 len = MD5_DIGEST_LEN;
1070 case G_CHECKSUM_SHA1:
1071 len = SHA1_DIGEST_LEN;
1073 case G_CHECKSUM_SHA256:
1074 len = SHA256_DIGEST_LEN;
1086 * @checksum_type: the desired type of checksum
1088 * Creates a new #GChecksum, using the checksum algorithm @checksum_type.
1089 * If the @checksum_type is not known, %NULL is returned.
1090 * A #GChecksum can be used to compute the checksum, or digest, of an
1091 * arbitrary binary blob, using different hashing algorithms.
1093 * A #GChecksum works by feeding a binary blob through g_checksum_update()
1094 * until there is data to be checked; the digest can then be extracted
1095 * using g_checksum_get_string(), which will return the checksum as a
1096 * hexadecimal string; or g_checksum_get_digest(), which will return a
1097 * vector of raw bytes. Once either g_checksum_get_string() or
1098 * g_checksum_get_digest() have been called on a #GChecksum, the checksum
1099 * will be closed and it won't be possible to call g_checksum_update()
1102 * Return value: the newly created #GChecksum, or %NULL.
1103 * Use g_checksum_free() to free the memory allocated by it.
1108 g_checksum_new (GChecksumType checksum_type)
1110 GChecksum *checksum;
1112 if (! IS_VALID_TYPE (checksum_type))
1115 checksum = g_slice_new0 (GChecksum);
1116 checksum->type = checksum_type;
1118 g_checksum_reset (checksum);
1125 * @checksum: the #GChecksum to reset
1127 * Resets the state of the @checksum back to its initial state.
1132 g_checksum_reset (GChecksum *checksum)
1134 g_return_if_fail (checksum != NULL);
1136 g_free (checksum->digest_str);
1137 checksum->digest_str = NULL;
1139 switch (checksum->type)
1141 case G_CHECKSUM_MD5:
1142 md5_sum_init (&(checksum->sum.md5));
1144 case G_CHECKSUM_SHA1:
1145 sha1_sum_init (&(checksum->sum.sha1));
1147 case G_CHECKSUM_SHA256:
1148 sha256_sum_init (&(checksum->sum.sha256));
1151 g_assert_not_reached ();
1158 * @checksum: the #GChecksum to copy
1160 * Copies a #GChecksum. If @checksum has been closed, by calling
1161 * g_checksum_get_string() or g_checksum_get_digest(), the copied
1162 * checksum will be closed as well.
1164 * Return value: the copy of the passed #GChecksum. Use g_checksum_free()
1165 * when finished using it.
1170 g_checksum_copy (const GChecksum *checksum)
1174 g_return_val_if_fail (checksum != NULL, NULL);
1176 copy = g_slice_new (GChecksum);
1179 copy->digest_str = g_strdup (checksum->digest_str);
1186 * @checksum: a #GChecksum
1188 * Frees the memory allocated for @checksum.
1193 g_checksum_free (GChecksum *checksum)
1195 if (G_LIKELY (checksum))
1197 g_free (checksum->digest_str);
1199 g_slice_free (GChecksum, checksum);
1204 * g_checksum_update:
1205 * @checksum: a #GChecksum
1206 * @data: buffer used to compute the checksum
1207 * @length: size of the buffer, or -1 if it is a null-terminated string.
1209 * Feeds @data into an existing #GChecksum. The checksum must still be
1210 * open, that is g_checksum_get_string() or g_checksum_get_digest() must
1211 * not have been called on @checksum.
1216 g_checksum_update (GChecksum *checksum,
1220 g_return_if_fail (checksum != NULL);
1221 g_return_if_fail (data != NULL);
1224 length = strlen ((const gchar *) data);
1226 if (checksum->digest_str)
1228 g_warning ("The checksum `%s' has been closed and cannot be updated "
1230 checksum->digest_str);
1234 switch (checksum->type)
1236 case G_CHECKSUM_MD5:
1237 md5_sum_update (&(checksum->sum.md5), data, length);
1239 case G_CHECKSUM_SHA1:
1240 sha1_sum_update (&(checksum->sum.sha1), data, length);
1242 case G_CHECKSUM_SHA256:
1243 sha256_sum_update (&(checksum->sum.sha256), data, length);
1246 g_assert_not_reached ();
1252 * g_checksum_get_string:
1253 * @checksum: a #GChecksum
1255 * Gets the digest as an hexadecimal string.
1257 * Once this function has been called the #GChecksum can no longer be
1258 * updated with g_checksum_update().
1260 * The hexadecimal characters will be lower case.
1262 * Return value: the hexadecimal representation of the checksum. The
1263 * returned string is owned by the checksum and should not be modified
1268 G_CONST_RETURN gchar *
1269 g_checksum_get_string (GChecksum *checksum)
1273 g_return_val_if_fail (checksum != NULL, NULL);
1275 if (checksum->digest_str)
1276 return checksum->digest_str;
1278 switch (checksum->type)
1280 case G_CHECKSUM_MD5:
1281 md5_sum_close (&(checksum->sum.md5));
1282 str = md5_sum_to_string (&(checksum->sum.md5));
1284 case G_CHECKSUM_SHA1:
1285 sha1_sum_close (&(checksum->sum.sha1));
1286 str = sha1_sum_to_string (&(checksum->sum.sha1));
1288 case G_CHECKSUM_SHA256:
1289 sha256_sum_close (&(checksum->sum.sha256));
1290 str = sha256_sum_to_string (&(checksum->sum.sha256));
1293 g_assert_not_reached ();
1297 checksum->digest_str = str;
1299 return checksum->digest_str;
1303 * g_checksum_get_digest:
1304 * @checksum: a #GChecksum
1305 * @buffer: output buffer
1306 * @digest_len: an inout parameter. The caller initializes it to the size of @buffer.
1307 * After the call it contains the length of the digest.
1309 * Gets the digest from @checksum as a raw binary vector and places it
1310 * into @buffer. The size of the digest depends on the type of checksum.
1312 * Once this function has been called, the #GChecksum is closed and can
1313 * no longer be updated with g_checksum_update().
1318 g_checksum_get_digest (GChecksum *checksum,
1322 gboolean checksum_open = FALSE;
1326 g_return_if_fail (checksum != NULL);
1328 len = g_checksum_type_get_length (checksum->type);
1329 g_return_if_fail (*digest_len >= len);
1331 checksum_open = !!(checksum->digest_str == NULL);
1333 switch (checksum->type)
1335 case G_CHECKSUM_MD5:
1338 md5_sum_close (&(checksum->sum.md5));
1339 str = md5_sum_to_string (&(checksum->sum.md5));
1341 md5_sum_digest (&(checksum->sum.md5), buffer);
1343 case G_CHECKSUM_SHA1:
1346 sha1_sum_close (&(checksum->sum.sha1));
1347 str = sha1_sum_to_string (&(checksum->sum.sha1));
1349 sha1_sum_digest (&(checksum->sum.sha1), buffer);
1351 case G_CHECKSUM_SHA256:
1354 sha256_sum_close (&(checksum->sum.sha256));
1355 str = sha256_sum_to_string (&(checksum->sum.sha256));
1357 sha256_sum_digest (&(checksum->sum.sha256), buffer);
1360 g_assert_not_reached ();
1365 checksum->digest_str = str;
1371 * g_compute_checksum_for_data:
1372 * @checksum_type: a #GChecksumType
1373 * @data: binary blob to compute the digest of
1374 * @length: length of @data
1376 * Computes the checksum for a binary @data of @length. This is a
1377 * convenience wrapper for g_checksum_new(), g_checksum_get_string()
1378 * and g_checksum_free().
1380 * The hexadecimal string returned will be in lower case.
1382 * Return value: the digest of the binary data as a string in hexadecimal.
1383 * The returned string should be freed with g_free() when done using it.
1388 g_compute_checksum_for_data (GChecksumType checksum_type,
1392 GChecksum *checksum;
1395 g_return_val_if_fail (IS_VALID_TYPE (checksum_type), NULL);
1396 g_return_val_if_fail (data != NULL, NULL);
1398 checksum = g_checksum_new (checksum_type);
1402 g_checksum_update (checksum, data, length);
1403 retval = g_strdup (g_checksum_get_string (checksum));
1404 g_checksum_free (checksum);
1410 * g_compute_checksum_for_string:
1411 * @checksum_type: a #GChecksumType
1412 * @str: the string to compute the checksum of
1413 * @length: the length of the string, or -1 if the string is null-terminated.
1415 * Computes the checksum of a string.
1417 * The hexadecimal string returned will be in lower case.
1419 * Return value: the checksum as a hexadecimal string. The returned string
1420 * should be freed with g_free() when done using it.
1425 g_compute_checksum_for_string (GChecksumType checksum_type,
1429 g_return_val_if_fail (IS_VALID_TYPE (checksum_type), NULL);
1430 g_return_val_if_fail (str != NULL, NULL);
1433 length = strlen (str);
1435 return g_compute_checksum_for_data (checksum_type, (const guchar *) str, length);
1438 #define __G_CHECKSUM_C__
1439 #include "galiasdef.c"