1 /* gchecksum.h - data hashing functions
3 * Copyright (C) 2007 Emmanuele Bassi <ebassi@gnome.org>
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Library General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Library General Public License for more details.
15 * You should have received a copy of the GNU Library General Public
16 * License along with this library; if not, write to the
17 * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 * Boston, MA 02111-1307, USA.
25 #include "glibconfig.h"
26 #include "gchecksum.h"
32 #define IS_VALID_TYPE(type) ((type) >= G_CHECKSUM_MD5 && (type) <= G_CHECKSUM_SHA256)
34 static const gchar hex_digits[] = "0123456789abcdef";
36 #define MD5_DATASIZE 64
37 #define MD5_DIGEST_LEN 16
44 guchar data[MD5_DATASIZE];
46 guchar digest[MD5_DIGEST_LEN];
49 #define SHA1_DATASIZE 64
50 #define SHA1_DIGEST_LEN 20
57 /* we pack 64 unsigned chars into 16 32-bit unsigned integers */
60 guchar digest[SHA1_DIGEST_LEN];
63 #define SHA256_DATASIZE 64
64 #define SHA256_DIGEST_LEN 32
71 guint8 data[SHA256_DATASIZE];
73 guchar digest[SHA256_DIGEST_LEN];
89 /* we need different byte swapping functions because MD5 expects buffers
90 * to be little-endian, while SHA1 and SHA256 expect them in big-endian
94 #if G_BYTE_ORDER == G_LITTLE_ENDIAN
95 #define md5_byte_reverse(buffer,length)
97 /* assume that the passed buffer is integer aligned */
99 md5_byte_reverse (guchar *buffer,
106 bit = (guint32) ((unsigned) buffer[3] << 8 | buffer[2]) << 16 |
107 ((unsigned) buffer[1] << 8 | buffer[0]);
108 * (guint32 *) buffer = bit;
113 #endif /* G_BYTE_ORDER == G_LITTLE_ENDIAN */
115 #if G_BYTE_ORDER == G_BIG_ENDIAN
116 #define sha_byte_reverse(buffer,length)
119 sha_byte_reverse (guint32 *buffer,
122 length /= sizeof (guint32);
125 *buffer = GUINT32_SWAP_LE_BE (*buffer);
129 #endif /* G_BYTE_ORDER == G_BIG_ENDIAN */
132 digest_to_string (guint8 *digest,
135 gint len = digest_len * 2;
139 retval = g_new (gchar, len + 1);
141 for (i = 0; i < digest_len; i++)
143 guint8 byte = digest[i];
145 retval[2 * i] = hex_digits[byte >> 4];
146 retval[2 * i + 1] = hex_digits[byte & 0xf];
158 /* This MD5 digest computation is based on the equivalent code
159 * written by Colin Plumb. It came with this notice:
161 * This code implements the MD5 message-digest algorithm.
162 * The algorithm is due to Ron Rivest. This code was
163 * written by Colin Plumb in 1993, no copyright is claimed.
164 * This code is in the public domain; do with it what you wish.
166 * Equivalent code is available from RSA Data Security, Inc.
167 * This code has been tested against that, and is equivalent,
168 * except that you don't need to include two pages of legalese
173 md5_sum_init (Md5sum *md5)
175 /* arbitrary constants */
176 md5->buf[0] = 0x67452301;
177 md5->buf[1] = 0xefcdab89;
178 md5->buf[2] = 0x98badcfe;
179 md5->buf[3] = 0x10325476;
181 md5->bits[0] = md5->bits[1] = 0;
185 * The core of the MD5 algorithm, this alters an existing MD5 hash to
186 * reflect the addition of 16 longwords of new data. md5_sum_update()
187 * blocks the data and converts bytes into longwords for this routine.
190 md5_transform (guint32 buf[4],
191 guint32 const in[16])
193 register guint32 a, b, c, d;
195 /* The four core functions - F1 is optimized somewhat */
196 #define F1(x, y, z) (z ^ (x & (y ^ z)))
197 #define F2(x, y, z) F1 (z, x, y)
198 #define F3(x, y, z) (x ^ y ^ z)
199 #define F4(x, y, z) (y ^ (x | ~z))
201 /* This is the central step in the MD5 algorithm. */
202 #define md5_step(f, w, x, y, z, data, s) \
203 ( w += f (x, y, z) + data, w = w << s | w >> (32 - s), w += x )
210 md5_step (F1, a, b, c, d, in[0] + 0xd76aa478, 7);
211 md5_step (F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
212 md5_step (F1, c, d, a, b, in[2] + 0x242070db, 17);
213 md5_step (F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
214 md5_step (F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
215 md5_step (F1, d, a, b, c, in[5] + 0x4787c62a, 12);
216 md5_step (F1, c, d, a, b, in[6] + 0xa8304613, 17);
217 md5_step (F1, b, c, d, a, in[7] + 0xfd469501, 22);
218 md5_step (F1, a, b, c, d, in[8] + 0x698098d8, 7);
219 md5_step (F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
220 md5_step (F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
221 md5_step (F1, b, c, d, a, in[11] + 0x895cd7be, 22);
222 md5_step (F1, a, b, c, d, in[12] + 0x6b901122, 7);
223 md5_step (F1, d, a, b, c, in[13] + 0xfd987193, 12);
224 md5_step (F1, c, d, a, b, in[14] + 0xa679438e, 17);
225 md5_step (F1, b, c, d, a, in[15] + 0x49b40821, 22);
227 md5_step (F2, a, b, c, d, in[1] + 0xf61e2562, 5);
228 md5_step (F2, d, a, b, c, in[6] + 0xc040b340, 9);
229 md5_step (F2, c, d, a, b, in[11] + 0x265e5a51, 14);
230 md5_step (F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
231 md5_step (F2, a, b, c, d, in[5] + 0xd62f105d, 5);
232 md5_step (F2, d, a, b, c, in[10] + 0x02441453, 9);
233 md5_step (F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
234 md5_step (F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
235 md5_step (F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
236 md5_step (F2, d, a, b, c, in[14] + 0xc33707d6, 9);
237 md5_step (F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
238 md5_step (F2, b, c, d, a, in[8] + 0x455a14ed, 20);
239 md5_step (F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
240 md5_step (F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
241 md5_step (F2, c, d, a, b, in[7] + 0x676f02d9, 14);
242 md5_step (F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
244 md5_step (F3, a, b, c, d, in[5] + 0xfffa3942, 4);
245 md5_step (F3, d, a, b, c, in[8] + 0x8771f681, 11);
246 md5_step (F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
247 md5_step (F3, b, c, d, a, in[14] + 0xfde5380c, 23);
248 md5_step (F3, a, b, c, d, in[1] + 0xa4beea44, 4);
249 md5_step (F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
250 md5_step (F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
251 md5_step (F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
252 md5_step (F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
253 md5_step (F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
254 md5_step (F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
255 md5_step (F3, b, c, d, a, in[6] + 0x04881d05, 23);
256 md5_step (F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
257 md5_step (F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
258 md5_step (F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
259 md5_step (F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
261 md5_step (F4, a, b, c, d, in[0] + 0xf4292244, 6);
262 md5_step (F4, d, a, b, c, in[7] + 0x432aff97, 10);
263 md5_step (F4, c, d, a, b, in[14] + 0xab9423a7, 15);
264 md5_step (F4, b, c, d, a, in[5] + 0xfc93a039, 21);
265 md5_step (F4, a, b, c, d, in[12] + 0x655b59c3, 6);
266 md5_step (F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
267 md5_step (F4, c, d, a, b, in[10] + 0xffeff47d, 15);
268 md5_step (F4, b, c, d, a, in[1] + 0x85845dd1, 21);
269 md5_step (F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
270 md5_step (F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
271 md5_step (F4, c, d, a, b, in[6] + 0xa3014314, 15);
272 md5_step (F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
273 md5_step (F4, a, b, c, d, in[4] + 0xf7537e82, 6);
274 md5_step (F4, d, a, b, c, in[11] + 0xbd3af235, 10);
275 md5_step (F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
276 md5_step (F4, b, c, d, a, in[9] + 0xeb86d391, 21);
291 md5_sum_update (Md5sum *md5,
298 md5->bits[0] = bit + ((guint32) length << 3);
300 /* carry from low to high */
301 if (md5->bits[0] < bit)
304 md5->bits[1] += length >> 29;
306 /* bytes already in Md5sum->data */
307 bit = (bit >> 3) & 0x3f;
309 /* handle any leading odd-sized chunks */
312 guchar *p = (guchar *) md5->data + bit;
314 bit = MD5_DATASIZE - bit;
317 memcpy (p, data, length);
321 memcpy (p, data, bit);
323 md5_byte_reverse (md5->data, 16);
324 md5_transform (md5->buf, (guint32 *) md5->data);
330 /* process data in 64-byte chunks */
331 while (length >= MD5_DATASIZE)
333 memcpy (md5->data, data, MD5_DATASIZE);
335 md5_byte_reverse (md5->data, 16);
336 md5_transform (md5->buf, (guint32 *) md5->data);
338 data += MD5_DATASIZE;
339 length -= MD5_DATASIZE;
342 /* handle any remaining bytes of data */
343 memcpy (md5->data, data, length);
346 /* closes a checksum */
348 md5_sum_close (Md5sum *md5)
353 /* Compute number of bytes mod 64 */
354 count = (md5->bits[0] >> 3) & 0x3F;
356 /* Set the first char of padding to 0x80.
357 * This is safe since there is always at least one byte free
359 p = md5->data + count;
362 /* Bytes of padding needed to make 64 bytes */
363 count = MD5_DATASIZE - 1 - count;
365 /* Pad out to 56 mod 64 */
368 /* Two lots of padding: Pad the first block to 64 bytes */
369 memset (p, 0, count);
371 md5_byte_reverse (md5->data, 16);
372 md5_transform (md5->buf, (guint32 *) md5->data);
374 /* Now fill the next block with 56 bytes */
375 memset (md5->data, 0, MD5_DATASIZE - 8);
379 /* Pad block to 56 bytes */
380 memset (p, 0, count - 8);
383 md5_byte_reverse (md5->data, 14);
385 /* Append length in bits and transform */
386 ((guint32 *) md5->data)[14] = md5->bits[0];
387 ((guint32 *) md5->data)[15] = md5->bits[1];
389 md5_transform (md5->buf, (guint32 *) md5->data);
390 md5_byte_reverse ((guchar *) md5->buf, 4);
392 memcpy (md5->digest, md5->buf, 16);
394 /* Reset buffers in case they contain sensitive data */
395 memset (md5->buf, 0, sizeof (md5->buf));
396 memset (md5->data, 0, sizeof (md5->data));
400 md5_sum_to_string (Md5sum *md5)
402 return digest_to_string (md5->digest, MD5_DIGEST_LEN);
406 md5_sum_digest (Md5sum *md5,
411 for (i = 0; i < MD5_DIGEST_LEN; i++)
412 digest[i] = md5->digest[i];
419 /* The following implementation comes from D-Bus dbus-sha.c. I've changed
420 * it to use GLib types and to work more like the MD5 implementation above.
421 * I left the comments to have an history of this code.
422 * -- Emmanuele Bassi, ebassi@gnome.org
425 /* The following comments have the history of where this code
426 * comes from. I actually copied it from GNet in GNOME CVS.
431 * sha.h : Implementation of the Secure Hash Algorithm
433 * Part of the Python Cryptography Toolkit, version 1.0.0
435 * Copyright (C) 1995, A.M. Kuchling
437 * Distribute and use freely; there are no restrictions on further
438 * dissemination and usage except those imposed by the laws of your
439 * country of residence.
443 /* SHA: NIST's Secure Hash Algorithm */
445 /* Based on SHA code originally posted to sci.crypt by Peter Gutmann
446 in message <30ajo5$oe8@ccu2.auckland.ac.nz>.
447 Modified to test for endianness on creation of SHA objects by AMK.
448 Also, the original specification of SHA was found to have a weakness
449 by NSA/NIST. This code implements the fixed version of SHA.
452 /* Here's the first paragraph of Peter Gutmann's posting:
454 The following is my SHA (FIPS 180) code updated to allow use of the "fixed"
455 SHA, thanks to Jim Gillogly and an anonymous contributor for the information on
456 what's changed in the new version. The fix is a simple change which involves
457 adding a single rotate in the initial expansion function. It is unknown
458 whether this is an optimal solution to the problem which was discovered in the
459 SHA or whether it's simply a bandaid which fixes the problem with a minimum of
460 effort (for example the reengineering of a great many Capstone chips).
464 sha1_sum_init (Sha1sum *sha1)
466 /* initialize constants */
467 sha1->buf[0] = 0x67452301L;
468 sha1->buf[1] = 0xEFCDAB89L;
469 sha1->buf[2] = 0x98BADCFEL;
470 sha1->buf[3] = 0x10325476L;
471 sha1->buf[4] = 0xC3D2E1F0L;
473 /* initialize bits */
474 sha1->bits[0] = sha1->bits[1] = 0;
477 /* The SHA f()-functions. */
479 #define f1(x,y,z) (z ^ (x & (y ^ z))) /* Rounds 0-19 */
480 #define f2(x,y,z) (x ^ y ^ z) /* Rounds 20-39 */
481 #define f3(x,y,z) (( x & y) | (z & (x | y))) /* Rounds 40-59 */
482 #define f4(x,y,z) (x ^ y ^ z) /* Rounds 60-79 */
484 /* The SHA Mysterious Constants */
485 #define K1 0x5A827999L /* Rounds 0-19 */
486 #define K2 0x6ED9EBA1L /* Rounds 20-39 */
487 #define K3 0x8F1BBCDCL /* Rounds 40-59 */
488 #define K4 0xCA62C1D6L /* Rounds 60-79 */
490 /* 32-bit rotate left - kludged with shifts */
491 #define ROTL(n,X) (((X) << n ) | ((X) >> (32 - n)))
493 /* The initial expanding function. The hash function is defined over an
494 80-word expanded input array W, where the first 16 are copies of the input
495 data, and the remaining 64 are defined by
497 W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
499 This implementation generates these values on the fly in a circular
500 buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this
503 The updated SHA changes the expanding function by adding a rotate of 1
504 bit. Thanks to Jim Gillogly, jim@rand.org, and an anonymous contributor
505 for this information */
507 #define expand(W,i) (W[ i & 15 ] = ROTL (1, (W[ i & 15] ^ \
513 /* The prototype SHA sub-round. The fundamental sub-round is:
515 a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
521 but this is implemented by unrolling the loop 5 times and renaming the
522 variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
523 This code is then replicated 20 times for each of the 4 functions, using
524 the next 20 values from the W[] array each time */
526 #define subRound(a, b, c, d, e, f, k, data) \
527 (e += ROTL (5, a) + f(b, c, d) + k + data, b = ROTL (30, b))
530 sha1_transform (guint32 buf[5],
533 guint32 A, B, C, D, E;
541 /* Heavy mangling, in 4 sub-rounds of 20 interations each. */
542 subRound (A, B, C, D, E, f1, K1, in[0]);
543 subRound (E, A, B, C, D, f1, K1, in[1]);
544 subRound (D, E, A, B, C, f1, K1, in[2]);
545 subRound (C, D, E, A, B, f1, K1, in[3]);
546 subRound (B, C, D, E, A, f1, K1, in[4]);
547 subRound (A, B, C, D, E, f1, K1, in[5]);
548 subRound (E, A, B, C, D, f1, K1, in[6]);
549 subRound (D, E, A, B, C, f1, K1, in[7]);
550 subRound (C, D, E, A, B, f1, K1, in[8]);
551 subRound (B, C, D, E, A, f1, K1, in[9]);
552 subRound (A, B, C, D, E, f1, K1, in[10]);
553 subRound (E, A, B, C, D, f1, K1, in[11]);
554 subRound (D, E, A, B, C, f1, K1, in[12]);
555 subRound (C, D, E, A, B, f1, K1, in[13]);
556 subRound (B, C, D, E, A, f1, K1, in[14]);
557 subRound (A, B, C, D, E, f1, K1, in[15]);
558 subRound (E, A, B, C, D, f1, K1, expand (in, 16));
559 subRound (D, E, A, B, C, f1, K1, expand (in, 17));
560 subRound (C, D, E, A, B, f1, K1, expand (in, 18));
561 subRound (B, C, D, E, A, f1, K1, expand (in, 19));
563 subRound (A, B, C, D, E, f2, K2, expand (in, 20));
564 subRound (E, A, B, C, D, f2, K2, expand (in, 21));
565 subRound (D, E, A, B, C, f2, K2, expand (in, 22));
566 subRound (C, D, E, A, B, f2, K2, expand (in, 23));
567 subRound (B, C, D, E, A, f2, K2, expand (in, 24));
568 subRound (A, B, C, D, E, f2, K2, expand (in, 25));
569 subRound (E, A, B, C, D, f2, K2, expand (in, 26));
570 subRound (D, E, A, B, C, f2, K2, expand (in, 27));
571 subRound (C, D, E, A, B, f2, K2, expand (in, 28));
572 subRound (B, C, D, E, A, f2, K2, expand (in, 29));
573 subRound (A, B, C, D, E, f2, K2, expand (in, 30));
574 subRound (E, A, B, C, D, f2, K2, expand (in, 31));
575 subRound (D, E, A, B, C, f2, K2, expand (in, 32));
576 subRound (C, D, E, A, B, f2, K2, expand (in, 33));
577 subRound (B, C, D, E, A, f2, K2, expand (in, 34));
578 subRound (A, B, C, D, E, f2, K2, expand (in, 35));
579 subRound (E, A, B, C, D, f2, K2, expand (in, 36));
580 subRound (D, E, A, B, C, f2, K2, expand (in, 37));
581 subRound (C, D, E, A, B, f2, K2, expand (in, 38));
582 subRound (B, C, D, E, A, f2, K2, expand (in, 39));
584 subRound (A, B, C, D, E, f3, K3, expand (in, 40));
585 subRound (E, A, B, C, D, f3, K3, expand (in, 41));
586 subRound (D, E, A, B, C, f3, K3, expand (in, 42));
587 subRound (C, D, E, A, B, f3, K3, expand (in, 43));
588 subRound (B, C, D, E, A, f3, K3, expand (in, 44));
589 subRound (A, B, C, D, E, f3, K3, expand (in, 45));
590 subRound (E, A, B, C, D, f3, K3, expand (in, 46));
591 subRound (D, E, A, B, C, f3, K3, expand (in, 47));
592 subRound (C, D, E, A, B, f3, K3, expand (in, 48));
593 subRound (B, C, D, E, A, f3, K3, expand (in, 49));
594 subRound (A, B, C, D, E, f3, K3, expand (in, 50));
595 subRound (E, A, B, C, D, f3, K3, expand (in, 51));
596 subRound (D, E, A, B, C, f3, K3, expand (in, 52));
597 subRound (C, D, E, A, B, f3, K3, expand (in, 53));
598 subRound (B, C, D, E, A, f3, K3, expand (in, 54));
599 subRound (A, B, C, D, E, f3, K3, expand (in, 55));
600 subRound (E, A, B, C, D, f3, K3, expand (in, 56));
601 subRound (D, E, A, B, C, f3, K3, expand (in, 57));
602 subRound (C, D, E, A, B, f3, K3, expand (in, 58));
603 subRound (B, C, D, E, A, f3, K3, expand (in, 59));
605 subRound (A, B, C, D, E, f4, K4, expand (in, 60));
606 subRound (E, A, B, C, D, f4, K4, expand (in, 61));
607 subRound (D, E, A, B, C, f4, K4, expand (in, 62));
608 subRound (C, D, E, A, B, f4, K4, expand (in, 63));
609 subRound (B, C, D, E, A, f4, K4, expand (in, 64));
610 subRound (A, B, C, D, E, f4, K4, expand (in, 65));
611 subRound (E, A, B, C, D, f4, K4, expand (in, 66));
612 subRound (D, E, A, B, C, f4, K4, expand (in, 67));
613 subRound (C, D, E, A, B, f4, K4, expand (in, 68));
614 subRound (B, C, D, E, A, f4, K4, expand (in, 69));
615 subRound (A, B, C, D, E, f4, K4, expand (in, 70));
616 subRound (E, A, B, C, D, f4, K4, expand (in, 71));
617 subRound (D, E, A, B, C, f4, K4, expand (in, 72));
618 subRound (C, D, E, A, B, f4, K4, expand (in, 73));
619 subRound (B, C, D, E, A, f4, K4, expand (in, 74));
620 subRound (A, B, C, D, E, f4, K4, expand (in, 75));
621 subRound (E, A, B, C, D, f4, K4, expand (in, 76));
622 subRound (D, E, A, B, C, f4, K4, expand (in, 77));
623 subRound (C, D, E, A, B, f4, K4, expand (in, 78));
624 subRound (B, C, D, E, A, f4, K4, expand (in, 79));
626 /* Build message digest */
647 sha1_sum_update (Sha1sum *sha1,
648 const guchar *buffer,
654 /* Update bitcount */
656 if ((sha1->bits[0] = tmp + ((guint32) count << 3) ) < tmp)
657 sha1->bits[1] += 1; /* Carry from low to high */
658 sha1->bits[1] += count >> 29;
660 /* Get count of bytes already in data */
661 dataCount = (guint) (tmp >> 3) & 0x3F;
663 /* Handle any leading odd-sized chunks */
666 guchar *p = (guchar *) sha1->data + dataCount;
668 dataCount = SHA1_DATASIZE - dataCount;
669 if (count < dataCount)
671 memcpy (p, buffer, count);
675 memcpy (p, buffer, dataCount);
677 sha_byte_reverse (sha1->data, SHA1_DATASIZE);
678 sha1_transform (sha1->buf, sha1->data);
684 /* Process data in SHA1_DATASIZE chunks */
685 while (count >= SHA1_DATASIZE)
687 memcpy (sha1->data, buffer, SHA1_DATASIZE);
689 sha_byte_reverse (sha1->data, SHA1_DATASIZE);
690 sha1_transform (sha1->buf, sha1->data);
692 buffer += SHA1_DATASIZE;
693 count -= SHA1_DATASIZE;
696 /* Handle any remaining bytes of data. */
697 memcpy (sha1->data, buffer, count);
700 /* Final wrapup - pad to SHA_DATASIZE-byte boundary with the bit pattern
701 1 0* (64-bit count of bits processed, MSB-first) */
703 sha1_sum_close (Sha1sum *sha1)
708 /* Compute number of bytes mod 64 */
709 count = (gint) ((sha1->bits[0] >> 3) & 0x3f);
711 /* Set the first char of padding to 0x80. This is safe since there is
712 always at least one byte free */
713 data_p = (guchar *) sha1->data + count;
716 /* Bytes of padding needed to make 64 bytes */
717 count = SHA1_DATASIZE - 1 - count;
719 /* Pad out to 56 mod 64 */
722 /* Two lots of padding: Pad the first block to 64 bytes */
723 memset (data_p, 0, count);
725 sha_byte_reverse (sha1->data, SHA1_DATASIZE);
726 sha1_transform (sha1->buf, sha1->data);
728 /* Now fill the next block with 56 bytes */
729 memset (sha1->data, 0, SHA1_DATASIZE - 8);
733 /* Pad block to 56 bytes */
734 memset (data_p, 0, count - 8);
737 /* Append length in bits and transform */
738 sha1->data[14] = sha1->bits[1];
739 sha1->data[15] = sha1->bits[0];
741 sha_byte_reverse (sha1->data, SHA1_DATASIZE - 8);
742 sha1_transform (sha1->buf, sha1->data);
743 sha_byte_reverse (sha1->buf, SHA1_DIGEST_LEN);
745 memcpy (sha1->digest, sha1->buf, SHA1_DIGEST_LEN);
747 /* Reset buffers in case they contain sensitive data */
748 memset (sha1->buf, 0, sizeof (sha1->buf));
749 memset (sha1->data, 0, sizeof (sha1->data));
753 sha1_sum_to_string (Sha1sum *sha1)
755 return digest_to_string (sha1->digest, SHA1_DIGEST_LEN);
759 sha1_sum_digest (Sha1sum *sha1,
764 for (i = 0; i < SHA1_DIGEST_LEN; i++)
765 digest[i] = sha1->digest[i];
772 /* adapted from the SHA256 implementation in gsk/src/hash/gskhash.c.
774 * Copyright (C) 2006 Dave Benson
775 * Released under the terms of the GNU Lesser General Public License
779 sha256_sum_init (Sha256sum *sha256)
781 sha256->buf[0] = 0x6a09e667;
782 sha256->buf[1] = 0xbb67ae85;
783 sha256->buf[2] = 0x3c6ef372;
784 sha256->buf[3] = 0xa54ff53a;
785 sha256->buf[4] = 0x510e527f;
786 sha256->buf[5] = 0x9b05688c;
787 sha256->buf[6] = 0x1f83d9ab;
788 sha256->buf[7] = 0x5be0cd19;
790 sha256->bits[0] = sha256->bits[1] = 0;
793 #define GET_UINT32(n,b,i) G_STMT_START{ \
794 (n) = ((guint32) (b)[(i) ] << 24) \
795 | ((guint32) (b)[(i) + 1] << 16) \
796 | ((guint32) (b)[(i) + 2] << 8) \
797 | ((guint32) (b)[(i) + 3] ); } G_STMT_END
799 #define PUT_UINT32(n,b,i) G_STMT_START{ \
800 (b)[(i) ] = (guint8) ((n) >> 24); \
801 (b)[(i) + 1] = (guint8) ((n) >> 16); \
802 (b)[(i) + 2] = (guint8) ((n) >> 8); \
803 (b)[(i) + 3] = (guint8) ((n) ); } G_STMT_END
806 sha256_transform (guint32 buf[8],
807 guint8 const data[64])
809 guint32 temp1, temp2, W[64];
810 guint32 A, B, C, D, E, F, G, H;
812 GET_UINT32 (W[0], data, 0);
813 GET_UINT32 (W[1], data, 4);
814 GET_UINT32 (W[2], data, 8);
815 GET_UINT32 (W[3], data, 12);
816 GET_UINT32 (W[4], data, 16);
817 GET_UINT32 (W[5], data, 20);
818 GET_UINT32 (W[6], data, 24);
819 GET_UINT32 (W[7], data, 28);
820 GET_UINT32 (W[8], data, 32);
821 GET_UINT32 (W[9], data, 36);
822 GET_UINT32 (W[10], data, 40);
823 GET_UINT32 (W[11], data, 44);
824 GET_UINT32 (W[12], data, 48);
825 GET_UINT32 (W[13], data, 52);
826 GET_UINT32 (W[14], data, 56);
827 GET_UINT32 (W[15], data, 60);
829 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
830 #define ROTR(x,n) (SHR (x,n) | (x << (32 - n)))
832 #define S0(x) (ROTR (x, 7) ^ ROTR (x,18) ^ SHR (x, 3))
833 #define S1(x) (ROTR (x,17) ^ ROTR (x,19) ^ SHR (x,10))
834 #define S2(x) (ROTR (x, 2) ^ ROTR (x,13) ^ ROTR (x,22))
835 #define S3(x) (ROTR (x, 6) ^ ROTR (x,11) ^ ROTR (x,25))
837 #define F0(x,y,z) ((x & y) | (z & (x | y)))
838 #define F1(x,y,z) (z ^ (x & (y ^ z)))
840 #define R(t) (W[t] = S1(W[t - 2]) + W[t - 7] + \
841 S0(W[t - 15]) + W[t - 16])
843 #define P(a,b,c,d,e,f,g,h,x,K) G_STMT_START { \
844 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
845 temp2 = S2(a) + F0(a,b,c); \
846 d += temp1; h = temp1 + temp2; } G_STMT_END
857 P (A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98);
858 P (H, A, B, C, D, E, F, G, W[ 1], 0x71374491);
859 P (G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF);
860 P (F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5);
861 P (E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B);
862 P (D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1);
863 P (C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4);
864 P (B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5);
865 P (A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98);
866 P (H, A, B, C, D, E, F, G, W[ 9], 0x12835B01);
867 P (G, H, A, B, C, D, E, F, W[10], 0x243185BE);
868 P (F, G, H, A, B, C, D, E, W[11], 0x550C7DC3);
869 P (E, F, G, H, A, B, C, D, W[12], 0x72BE5D74);
870 P (D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE);
871 P (C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7);
872 P (B, C, D, E, F, G, H, A, W[15], 0xC19BF174);
873 P (A, B, C, D, E, F, G, H, R(16), 0xE49B69C1);
874 P (H, A, B, C, D, E, F, G, R(17), 0xEFBE4786);
875 P (G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6);
876 P (F, G, H, A, B, C, D, E, R(19), 0x240CA1CC);
877 P (E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F);
878 P (D, E, F, G, H, A, B, C, R(21), 0x4A7484AA);
879 P (C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC);
880 P (B, C, D, E, F, G, H, A, R(23), 0x76F988DA);
881 P (A, B, C, D, E, F, G, H, R(24), 0x983E5152);
882 P (H, A, B, C, D, E, F, G, R(25), 0xA831C66D);
883 P (G, H, A, B, C, D, E, F, R(26), 0xB00327C8);
884 P (F, G, H, A, B, C, D, E, R(27), 0xBF597FC7);
885 P (E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3);
886 P (D, E, F, G, H, A, B, C, R(29), 0xD5A79147);
887 P (C, D, E, F, G, H, A, B, R(30), 0x06CA6351);
888 P (B, C, D, E, F, G, H, A, R(31), 0x14292967);
889 P (A, B, C, D, E, F, G, H, R(32), 0x27B70A85);
890 P (H, A, B, C, D, E, F, G, R(33), 0x2E1B2138);
891 P (G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC);
892 P (F, G, H, A, B, C, D, E, R(35), 0x53380D13);
893 P (E, F, G, H, A, B, C, D, R(36), 0x650A7354);
894 P (D, E, F, G, H, A, B, C, R(37), 0x766A0ABB);
895 P (C, D, E, F, G, H, A, B, R(38), 0x81C2C92E);
896 P (B, C, D, E, F, G, H, A, R(39), 0x92722C85);
897 P (A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1);
898 P (H, A, B, C, D, E, F, G, R(41), 0xA81A664B);
899 P (G, H, A, B, C, D, E, F, R(42), 0xC24B8B70);
900 P (F, G, H, A, B, C, D, E, R(43), 0xC76C51A3);
901 P (E, F, G, H, A, B, C, D, R(44), 0xD192E819);
902 P (D, E, F, G, H, A, B, C, R(45), 0xD6990624);
903 P (C, D, E, F, G, H, A, B, R(46), 0xF40E3585);
904 P (B, C, D, E, F, G, H, A, R(47), 0x106AA070);
905 P (A, B, C, D, E, F, G, H, R(48), 0x19A4C116);
906 P (H, A, B, C, D, E, F, G, R(49), 0x1E376C08);
907 P (G, H, A, B, C, D, E, F, R(50), 0x2748774C);
908 P (F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5);
909 P (E, F, G, H, A, B, C, D, R(52), 0x391C0CB3);
910 P (D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A);
911 P (C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F);
912 P (B, C, D, E, F, G, H, A, R(55), 0x682E6FF3);
913 P (A, B, C, D, E, F, G, H, R(56), 0x748F82EE);
914 P (H, A, B, C, D, E, F, G, R(57), 0x78A5636F);
915 P (G, H, A, B, C, D, E, F, R(58), 0x84C87814);
916 P (F, G, H, A, B, C, D, E, R(59), 0x8CC70208);
917 P (E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA);
918 P (D, E, F, G, H, A, B, C, R(61), 0xA4506CEB);
919 P (C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7);
920 P (B, C, D, E, F, G, H, A, R(63), 0xC67178F2);
944 sha256_sum_update (Sha256sum *sha256,
945 const guchar *buffer,
949 const guint8 *input = buffer;
954 left = sha256->bits[0] & 0x3F;
957 sha256->bits[0] += length;
958 sha256->bits[0] &= 0xFFFFFFFF;
960 if (sha256->bits[0] < length)
963 if (left > 0 && length >= fill)
965 memcpy ((sha256->data + left), input, fill);
967 sha256_transform (sha256->buf, sha256->data);
974 while (length >= SHA256_DATASIZE)
976 sha256_transform (sha256->buf, input);
983 memcpy (sha256->data + left, input, length);
986 static guint8 sha256_padding[64] =
988 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
989 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
990 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
991 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
995 sha256_sum_close (Sha256sum *sha256)
1001 high = (sha256->bits[0] >> 29)
1002 | (sha256->bits[1] << 3);
1003 low = (sha256->bits[0] << 3);
1005 PUT_UINT32 (high, msglen, 0);
1006 PUT_UINT32 (low, msglen, 4);
1008 last = sha256->bits[0] & 0x3F;
1009 padn = (last < 56) ? (56 - last) : (120 - last);
1011 sha256_sum_update (sha256, sha256_padding, padn);
1012 sha256_sum_update (sha256, msglen, 8);
1014 PUT_UINT32 (sha256->buf[0], sha256->digest, 0);
1015 PUT_UINT32 (sha256->buf[1], sha256->digest, 4);
1016 PUT_UINT32 (sha256->buf[2], sha256->digest, 8);
1017 PUT_UINT32 (sha256->buf[3], sha256->digest, 12);
1018 PUT_UINT32 (sha256->buf[4], sha256->digest, 16);
1019 PUT_UINT32 (sha256->buf[5], sha256->digest, 20);
1020 PUT_UINT32 (sha256->buf[6], sha256->digest, 24);
1021 PUT_UINT32 (sha256->buf[7], sha256->digest, 28);
1028 sha256_sum_to_string (Sha256sum *sha256)
1030 return digest_to_string (sha256->digest, SHA256_DIGEST_LEN);
1034 sha256_sum_digest (Sha256sum *sha256,
1039 for (i = 0; i < SHA256_DIGEST_LEN; i++)
1040 digest[i] = sha256->digest[i];
1049 * g_checksum_type_get_length:
1050 * @checksum_type: a #GChecksumType
1052 * Gets the length in bytes of digests of type @checksum_type
1054 * Return value: the checksum length, or -1 if @checksum_type is
1060 g_checksum_type_get_length (GChecksumType checksum_type)
1064 switch (checksum_type)
1066 case G_CHECKSUM_MD5:
1067 len = MD5_DIGEST_LEN;
1069 case G_CHECKSUM_SHA1:
1070 len = SHA1_DIGEST_LEN;
1072 case G_CHECKSUM_SHA256:
1073 len = SHA256_DIGEST_LEN;
1085 * @checksum_type: the desired type of checksum
1087 * Creates a new #GChecksum, using the checksum algorithm @checksum_type.
1088 * If the @checksum_type is not known, %NULL is returned.
1089 * A #GChecksum can be used to compute the checksum, or digest, of an
1090 * arbitrary binary blob, using different hashing algorithms.
1092 * A #GChecksum works by feeding a binary blob through g_checksum_update()
1093 * until there is data to be checked; the digest can then be extracted
1094 * using g_checksum_get_string(), which will return the checksum as a
1095 * hexadecimal string; or g_checksum_get_digest(), which will return a
1096 * vector of raw bytes. Once either g_checksum_get_string() or
1097 * g_checksum_get_digest() have been called on a #GChecksum, the checksum
1098 * will be closed and it won't be possible to call g_checksum_update()
1101 * Return value: the newly created #GChecksum, or %NULL.
1102 * Use g_checksum_free() to free the memory allocated by it.
1107 g_checksum_new (GChecksumType checksum_type)
1109 GChecksum *checksum;
1111 if (! IS_VALID_TYPE (checksum_type))
1114 checksum = g_slice_new0 (GChecksum);
1115 checksum->type = checksum_type;
1117 g_checksum_reset (checksum);
1124 * @checksum: the #GChecksum to reset
1126 * Resets the state of the @checksum back to its initial state.
1131 g_checksum_reset (GChecksum *checksum)
1133 g_return_if_fail (checksum != NULL);
1135 g_free (checksum->digest_str);
1136 checksum->digest_str = NULL;
1138 switch (checksum->type)
1140 case G_CHECKSUM_MD5:
1141 md5_sum_init (&(checksum->sum.md5));
1143 case G_CHECKSUM_SHA1:
1144 sha1_sum_init (&(checksum->sum.sha1));
1146 case G_CHECKSUM_SHA256:
1147 sha256_sum_init (&(checksum->sum.sha256));
1150 g_assert_not_reached ();
1157 * @checksum: the #GChecksum to copy
1159 * Copies a #GChecksum. If @checksum has been closed, by calling
1160 * g_checksum_get_string() or g_checksum_get_digest(), the copied
1161 * checksum will be closed as well.
1163 * Return value: the copy of the passed #GChecksum. Use g_checksum_free()
1164 * when finished using it.
1169 g_checksum_copy (const GChecksum *checksum)
1173 g_return_val_if_fail (checksum != NULL, NULL);
1175 copy = g_slice_new (GChecksum);
1178 copy->digest_str = g_strdup (checksum->digest_str);
1185 * @checksum: a #GChecksum
1187 * Frees the memory allocated for @checksum.
1192 g_checksum_free (GChecksum *checksum)
1194 if (G_LIKELY (checksum))
1196 g_free (checksum->digest_str);
1198 g_slice_free (GChecksum, checksum);
1203 * g_checksum_update:
1204 * @checksum: a #GChecksum
1205 * @data: buffer used to compute the checksum
1206 * @length: size of the buffer, or -1 if it is a null-terminated string.
1208 * Feeds @data into an existing #GChecksum. The checksum must still be
1209 * open, that is g_checksum_get_string() or g_checksum_get_digest() must
1210 * not have been called on @checksum.
1215 g_checksum_update (GChecksum *checksum,
1219 g_return_if_fail (checksum != NULL);
1220 g_return_if_fail (data != NULL);
1223 length = strlen ((const gchar *) data);
1225 if (checksum->digest_str)
1227 g_warning ("The checksum `%s' has been closed and cannot be updated "
1229 checksum->digest_str);
1233 switch (checksum->type)
1235 case G_CHECKSUM_MD5:
1236 md5_sum_update (&(checksum->sum.md5), data, length);
1238 case G_CHECKSUM_SHA1:
1239 sha1_sum_update (&(checksum->sum.sha1), data, length);
1241 case G_CHECKSUM_SHA256:
1242 sha256_sum_update (&(checksum->sum.sha256), data, length);
1245 g_assert_not_reached ();
1251 * g_checksum_get_string:
1252 * @checksum: a #GChecksum
1254 * Gets the digest as an hexadecimal string.
1256 * Once this function has been called the #GChecksum can no longer be
1257 * updated with g_checksum_update().
1259 * Return value: the hexadecimal representation of the checksum. The
1260 * returned string is owned by the checksum and should not be modified
1265 G_CONST_RETURN gchar *
1266 g_checksum_get_string (GChecksum *checksum)
1270 g_return_val_if_fail (checksum != NULL, NULL);
1272 if (checksum->digest_str)
1273 return checksum->digest_str;
1275 switch (checksum->type)
1277 case G_CHECKSUM_MD5:
1278 md5_sum_close (&(checksum->sum.md5));
1279 str = md5_sum_to_string (&(checksum->sum.md5));
1281 case G_CHECKSUM_SHA1:
1282 sha1_sum_close (&(checksum->sum.sha1));
1283 str = sha1_sum_to_string (&(checksum->sum.sha1));
1285 case G_CHECKSUM_SHA256:
1286 sha256_sum_close (&(checksum->sum.sha256));
1287 str = sha256_sum_to_string (&(checksum->sum.sha256));
1290 g_assert_not_reached ();
1294 checksum->digest_str = str;
1296 return checksum->digest_str;
1300 * g_checksum_get_digest:
1301 * @checksum: a #GChecksum
1302 * @buffer: output buffer
1303 * @digest_len: an inout parameter. The caller initializes it to the size of @buffer.
1304 * After the call it contains the length of the digest.
1306 * Gets the digest from @checksum as a raw binary vector and places it
1307 * into @buffer. The size of the digest depends on the type of checksum.
1309 * Once this function has been called, the #GChecksum is closed and can
1310 * no longer be updated with g_checksum_update().
1315 g_checksum_get_digest (GChecksum *checksum,
1319 gboolean checksum_open = FALSE;
1323 g_return_if_fail (checksum != NULL);
1325 len = g_checksum_type_get_length (checksum->type);
1326 g_return_if_fail (*digest_len >= len);
1328 checksum_open = !!(checksum->digest_str == NULL);
1330 switch (checksum->type)
1332 case G_CHECKSUM_MD5:
1335 md5_sum_close (&(checksum->sum.md5));
1336 str = md5_sum_to_string (&(checksum->sum.md5));
1338 md5_sum_digest (&(checksum->sum.md5), buffer);
1340 case G_CHECKSUM_SHA1:
1343 sha1_sum_close (&(checksum->sum.sha1));
1344 str = sha1_sum_to_string (&(checksum->sum.sha1));
1346 sha1_sum_digest (&(checksum->sum.sha1), buffer);
1348 case G_CHECKSUM_SHA256:
1351 sha256_sum_close (&(checksum->sum.sha256));
1352 str = sha256_sum_to_string (&(checksum->sum.sha256));
1354 sha256_sum_digest (&(checksum->sum.sha256), buffer);
1357 g_assert_not_reached ();
1362 checksum->digest_str = str;
1368 * g_compute_checksum_for_data:
1369 * @checksum_type: a #GChecksumType
1370 * @data: binary blob to compute the digest of
1371 * @length: length of @data
1373 * Computes the checksum for a binary @data of @length. This is a
1374 * convenience wrapper for g_checksum_new(), g_checksum_get_string()
1375 * and g_checksum_free().
1377 * Return value: the digest of the binary data as a string in hexadecimal.
1378 * The returned string should be freed with g_free() when done using it.
1383 g_compute_checksum_for_data (GChecksumType checksum_type,
1387 GChecksum *checksum;
1390 g_return_val_if_fail (IS_VALID_TYPE (checksum_type), NULL);
1391 g_return_val_if_fail (data != NULL, NULL);
1393 checksum = g_checksum_new (checksum_type);
1397 g_checksum_update (checksum, data, length);
1398 retval = g_strdup (g_checksum_get_string (checksum));
1399 g_checksum_free (checksum);
1405 * g_compute_checksum_for_string:
1406 * @checksum_type: a #GChecksumType
1407 * @str: the string to compute the checksum of
1408 * @length: the length of the string, or -1 if the string is null-terminated.
1410 * Computes the checksum of a string.
1412 * Return value: the checksum as a hexadecimal string. The returned string
1413 * should be freed with g_free() when done using it.
1418 g_compute_checksum_for_string (GChecksumType checksum_type,
1422 g_return_val_if_fail (IS_VALID_TYPE (checksum_type), NULL);
1423 g_return_val_if_fail (str != NULL, NULL);
1426 length = strlen (str);
1428 return g_compute_checksum_for_data (checksum_type, (const guchar *) str, length);
1431 #define __G_CHECKSUM_C__
1432 #include "galiasdef.c"