1 /* gchecksum.h - data hashing functions
3 * Copyright (C) 2007 Emmanuele Bassi <ebassi@gnome.org>
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Library General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Library General Public License for more details.
15 * You should have received a copy of the GNU Library General Public
16 * License along with this library; if not, write to the
17 * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 * Boston, MA 02111-1307, USA.
25 #include "gchecksum.h"
29 #include "gstrfuncs.h"
30 #include "gtestutils.h"
37 * @title: Data Checksums
38 * @short_description: computes the checksum for data
40 * GLib provides a generic API for computing checksums (or "digests")
41 * for a sequence of arbitrary bytes, using various hashing algorithms
42 * like MD5, SHA-1 and SHA-256. Checksums are commonly used in various
43 * environments and specifications.
45 * GLib supports incremental checksums using the GChecksum data
46 * structure, by calling g_checksum_update() as long as there's data
47 * available and then using g_checksum_get_string() or
48 * g_checksum_get_digest() to compute the checksum and return it either
49 * as a string in hexadecimal form, or as a raw sequence of bytes. To
50 * compute the checksum for binary blobs and NUL-terminated strings in
51 * one go, use the convenience functions g_compute_checksum_for_data()
52 * and g_compute_checksum_for_string(), respectively.
54 * Support for checksums has been added in GLib 2.16
57 #define IS_VALID_TYPE(type) ((type) >= G_CHECKSUM_MD5 && (type) <= G_CHECKSUM_SHA256)
59 /* The fact that these are lower case characters is part of the ABI */
60 static const gchar hex_digits[] = "0123456789abcdef";
62 #define MD5_DATASIZE 64
63 #define MD5_DIGEST_LEN 16
71 guchar data[MD5_DATASIZE];
72 guint32 data32[MD5_DATASIZE / 4];
75 guchar digest[MD5_DIGEST_LEN];
78 #define SHA1_DATASIZE 64
79 #define SHA1_DIGEST_LEN 20
86 /* we pack 64 unsigned chars into 16 32-bit unsigned integers */
89 guchar digest[SHA1_DIGEST_LEN];
92 #define SHA256_DATASIZE 64
93 #define SHA256_DIGEST_LEN 32
100 guint8 data[SHA256_DATASIZE];
102 guchar digest[SHA256_DIGEST_LEN];
118 /* we need different byte swapping functions because MD5 expects buffers
119 * to be little-endian, while SHA1 and SHA256 expect them in big-endian
123 #if G_BYTE_ORDER == G_LITTLE_ENDIAN
124 #define md5_byte_reverse(buffer,length)
126 /* assume that the passed buffer is integer aligned */
128 md5_byte_reverse (guchar *buffer,
135 bit = (guint32) ((unsigned) buffer[3] << 8 | buffer[2]) << 16 |
136 ((unsigned) buffer[1] << 8 | buffer[0]);
137 * (guint32 *) buffer = bit;
142 #endif /* G_BYTE_ORDER == G_LITTLE_ENDIAN */
144 #if G_BYTE_ORDER == G_BIG_ENDIAN
145 #define sha_byte_reverse(buffer,length)
148 sha_byte_reverse (guint32 *buffer,
151 length /= sizeof (guint32);
154 *buffer = GUINT32_SWAP_LE_BE (*buffer);
158 #endif /* G_BYTE_ORDER == G_BIG_ENDIAN */
161 digest_to_string (guint8 *digest,
164 gint len = digest_len * 2;
168 retval = g_new (gchar, len + 1);
170 for (i = 0; i < digest_len; i++)
172 guint8 byte = digest[i];
174 retval[2 * i] = hex_digits[byte >> 4];
175 retval[2 * i + 1] = hex_digits[byte & 0xf];
187 /* This MD5 digest computation is based on the equivalent code
188 * written by Colin Plumb. It came with this notice:
190 * This code implements the MD5 message-digest algorithm.
191 * The algorithm is due to Ron Rivest. This code was
192 * written by Colin Plumb in 1993, no copyright is claimed.
193 * This code is in the public domain; do with it what you wish.
195 * Equivalent code is available from RSA Data Security, Inc.
196 * This code has been tested against that, and is equivalent,
197 * except that you don't need to include two pages of legalese
202 md5_sum_init (Md5sum *md5)
204 /* arbitrary constants */
205 md5->buf[0] = 0x67452301;
206 md5->buf[1] = 0xefcdab89;
207 md5->buf[2] = 0x98badcfe;
208 md5->buf[3] = 0x10325476;
210 md5->bits[0] = md5->bits[1] = 0;
214 * The core of the MD5 algorithm, this alters an existing MD5 hash to
215 * reflect the addition of 16 longwords of new data. md5_sum_update()
216 * blocks the data and converts bytes into longwords for this routine.
219 md5_transform (guint32 buf[4],
220 guint32 const in[16])
222 register guint32 a, b, c, d;
224 /* The four core functions - F1 is optimized somewhat */
225 #define F1(x, y, z) (z ^ (x & (y ^ z)))
226 #define F2(x, y, z) F1 (z, x, y)
227 #define F3(x, y, z) (x ^ y ^ z)
228 #define F4(x, y, z) (y ^ (x | ~z))
230 /* This is the central step in the MD5 algorithm. */
231 #define md5_step(f, w, x, y, z, data, s) \
232 ( w += f (x, y, z) + data, w = w << s | w >> (32 - s), w += x )
239 md5_step (F1, a, b, c, d, in[0] + 0xd76aa478, 7);
240 md5_step (F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
241 md5_step (F1, c, d, a, b, in[2] + 0x242070db, 17);
242 md5_step (F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
243 md5_step (F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
244 md5_step (F1, d, a, b, c, in[5] + 0x4787c62a, 12);
245 md5_step (F1, c, d, a, b, in[6] + 0xa8304613, 17);
246 md5_step (F1, b, c, d, a, in[7] + 0xfd469501, 22);
247 md5_step (F1, a, b, c, d, in[8] + 0x698098d8, 7);
248 md5_step (F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
249 md5_step (F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
250 md5_step (F1, b, c, d, a, in[11] + 0x895cd7be, 22);
251 md5_step (F1, a, b, c, d, in[12] + 0x6b901122, 7);
252 md5_step (F1, d, a, b, c, in[13] + 0xfd987193, 12);
253 md5_step (F1, c, d, a, b, in[14] + 0xa679438e, 17);
254 md5_step (F1, b, c, d, a, in[15] + 0x49b40821, 22);
256 md5_step (F2, a, b, c, d, in[1] + 0xf61e2562, 5);
257 md5_step (F2, d, a, b, c, in[6] + 0xc040b340, 9);
258 md5_step (F2, c, d, a, b, in[11] + 0x265e5a51, 14);
259 md5_step (F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
260 md5_step (F2, a, b, c, d, in[5] + 0xd62f105d, 5);
261 md5_step (F2, d, a, b, c, in[10] + 0x02441453, 9);
262 md5_step (F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
263 md5_step (F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
264 md5_step (F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
265 md5_step (F2, d, a, b, c, in[14] + 0xc33707d6, 9);
266 md5_step (F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
267 md5_step (F2, b, c, d, a, in[8] + 0x455a14ed, 20);
268 md5_step (F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
269 md5_step (F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
270 md5_step (F2, c, d, a, b, in[7] + 0x676f02d9, 14);
271 md5_step (F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
273 md5_step (F3, a, b, c, d, in[5] + 0xfffa3942, 4);
274 md5_step (F3, d, a, b, c, in[8] + 0x8771f681, 11);
275 md5_step (F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
276 md5_step (F3, b, c, d, a, in[14] + 0xfde5380c, 23);
277 md5_step (F3, a, b, c, d, in[1] + 0xa4beea44, 4);
278 md5_step (F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
279 md5_step (F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
280 md5_step (F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
281 md5_step (F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
282 md5_step (F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
283 md5_step (F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
284 md5_step (F3, b, c, d, a, in[6] + 0x04881d05, 23);
285 md5_step (F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
286 md5_step (F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
287 md5_step (F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
288 md5_step (F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
290 md5_step (F4, a, b, c, d, in[0] + 0xf4292244, 6);
291 md5_step (F4, d, a, b, c, in[7] + 0x432aff97, 10);
292 md5_step (F4, c, d, a, b, in[14] + 0xab9423a7, 15);
293 md5_step (F4, b, c, d, a, in[5] + 0xfc93a039, 21);
294 md5_step (F4, a, b, c, d, in[12] + 0x655b59c3, 6);
295 md5_step (F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
296 md5_step (F4, c, d, a, b, in[10] + 0xffeff47d, 15);
297 md5_step (F4, b, c, d, a, in[1] + 0x85845dd1, 21);
298 md5_step (F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
299 md5_step (F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
300 md5_step (F4, c, d, a, b, in[6] + 0xa3014314, 15);
301 md5_step (F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
302 md5_step (F4, a, b, c, d, in[4] + 0xf7537e82, 6);
303 md5_step (F4, d, a, b, c, in[11] + 0xbd3af235, 10);
304 md5_step (F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
305 md5_step (F4, b, c, d, a, in[9] + 0xeb86d391, 21);
320 md5_sum_update (Md5sum *md5,
327 md5->bits[0] = bit + ((guint32) length << 3);
329 /* carry from low to high */
330 if (md5->bits[0] < bit)
333 md5->bits[1] += length >> 29;
335 /* bytes already in Md5sum->u.data */
336 bit = (bit >> 3) & 0x3f;
338 /* handle any leading odd-sized chunks */
341 guchar *p = md5->u.data + bit;
343 bit = MD5_DATASIZE - bit;
346 memcpy (p, data, length);
350 memcpy (p, data, bit);
352 md5_byte_reverse (md5->u.data, 16);
353 md5_transform (md5->buf, md5->u.data32);
359 /* process data in 64-byte chunks */
360 while (length >= MD5_DATASIZE)
362 memcpy (md5->u.data, data, MD5_DATASIZE);
364 md5_byte_reverse (md5->u.data, 16);
365 md5_transform (md5->buf, md5->u.data32);
367 data += MD5_DATASIZE;
368 length -= MD5_DATASIZE;
371 /* handle any remaining bytes of data */
372 memcpy (md5->u.data, data, length);
375 /* closes a checksum */
377 md5_sum_close (Md5sum *md5)
382 /* Compute number of bytes mod 64 */
383 count = (md5->bits[0] >> 3) & 0x3F;
385 /* Set the first char of padding to 0x80.
386 * This is safe since there is always at least one byte free
388 p = md5->u.data + count;
391 /* Bytes of padding needed to make 64 bytes */
392 count = MD5_DATASIZE - 1 - count;
394 /* Pad out to 56 mod 64 */
397 /* Two lots of padding: Pad the first block to 64 bytes */
398 memset (p, 0, count);
400 md5_byte_reverse (md5->u.data, 16);
401 md5_transform (md5->buf, md5->u.data32);
403 /* Now fill the next block with 56 bytes */
404 memset (md5->u.data, 0, MD5_DATASIZE - 8);
408 /* Pad block to 56 bytes */
409 memset (p, 0, count - 8);
412 md5_byte_reverse (md5->u.data, 14);
414 /* Append length in bits and transform */
415 md5->u.data32[14] = md5->bits[0];
416 md5->u.data32[15] = md5->bits[1];
418 md5_transform (md5->buf, md5->u.data32);
419 md5_byte_reverse ((guchar *) md5->buf, 4);
421 memcpy (md5->digest, md5->buf, 16);
423 /* Reset buffers in case they contain sensitive data */
424 memset (md5->buf, 0, sizeof (md5->buf));
425 memset (md5->u.data, 0, sizeof (md5->u.data));
429 md5_sum_to_string (Md5sum *md5)
431 return digest_to_string (md5->digest, MD5_DIGEST_LEN);
435 md5_sum_digest (Md5sum *md5,
440 for (i = 0; i < MD5_DIGEST_LEN; i++)
441 digest[i] = md5->digest[i];
448 /* The following implementation comes from D-Bus dbus-sha.c. I've changed
449 * it to use GLib types and to work more like the MD5 implementation above.
450 * I left the comments to have an history of this code.
451 * -- Emmanuele Bassi, ebassi@gnome.org
454 /* The following comments have the history of where this code
455 * comes from. I actually copied it from GNet in GNOME CVS.
460 * sha.h : Implementation of the Secure Hash Algorithm
462 * Part of the Python Cryptography Toolkit, version 1.0.0
464 * Copyright (C) 1995, A.M. Kuchling
466 * Distribute and use freely; there are no restrictions on further
467 * dissemination and usage except those imposed by the laws of your
468 * country of residence.
472 /* SHA: NIST's Secure Hash Algorithm */
474 /* Based on SHA code originally posted to sci.crypt by Peter Gutmann
475 in message <30ajo5$oe8@ccu2.auckland.ac.nz>.
476 Modified to test for endianness on creation of SHA objects by AMK.
477 Also, the original specification of SHA was found to have a weakness
478 by NSA/NIST. This code implements the fixed version of SHA.
481 /* Here's the first paragraph of Peter Gutmann's posting:
483 The following is my SHA (FIPS 180) code updated to allow use of the "fixed"
484 SHA, thanks to Jim Gillogly and an anonymous contributor for the information on
485 what's changed in the new version. The fix is a simple change which involves
486 adding a single rotate in the initial expansion function. It is unknown
487 whether this is an optimal solution to the problem which was discovered in the
488 SHA or whether it's simply a bandaid which fixes the problem with a minimum of
489 effort (for example the reengineering of a great many Capstone chips).
493 sha1_sum_init (Sha1sum *sha1)
495 /* initialize constants */
496 sha1->buf[0] = 0x67452301L;
497 sha1->buf[1] = 0xEFCDAB89L;
498 sha1->buf[2] = 0x98BADCFEL;
499 sha1->buf[3] = 0x10325476L;
500 sha1->buf[4] = 0xC3D2E1F0L;
502 /* initialize bits */
503 sha1->bits[0] = sha1->bits[1] = 0;
506 /* The SHA f()-functions. */
508 #define f1(x,y,z) (z ^ (x & (y ^ z))) /* Rounds 0-19 */
509 #define f2(x,y,z) (x ^ y ^ z) /* Rounds 20-39 */
510 #define f3(x,y,z) (( x & y) | (z & (x | y))) /* Rounds 40-59 */
511 #define f4(x,y,z) (x ^ y ^ z) /* Rounds 60-79 */
513 /* The SHA Mysterious Constants */
514 #define K1 0x5A827999L /* Rounds 0-19 */
515 #define K2 0x6ED9EBA1L /* Rounds 20-39 */
516 #define K3 0x8F1BBCDCL /* Rounds 40-59 */
517 #define K4 0xCA62C1D6L /* Rounds 60-79 */
519 /* 32-bit rotate left - kludged with shifts */
520 #define ROTL(n,X) (((X) << n ) | ((X) >> (32 - n)))
522 /* The initial expanding function. The hash function is defined over an
523 80-word expanded input array W, where the first 16 are copies of the input
524 data, and the remaining 64 are defined by
526 W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
528 This implementation generates these values on the fly in a circular
529 buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this
532 The updated SHA changes the expanding function by adding a rotate of 1
533 bit. Thanks to Jim Gillogly, jim@rand.org, and an anonymous contributor
534 for this information */
536 #define expand(W,i) (W[ i & 15 ] = ROTL (1, (W[ i & 15] ^ \
542 /* The prototype SHA sub-round. The fundamental sub-round is:
544 a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
550 but this is implemented by unrolling the loop 5 times and renaming the
551 variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
552 This code is then replicated 20 times for each of the 4 functions, using
553 the next 20 values from the W[] array each time */
555 #define subRound(a, b, c, d, e, f, k, data) \
556 (e += ROTL (5, a) + f(b, c, d) + k + data, b = ROTL (30, b))
559 sha1_transform (guint32 buf[5],
562 guint32 A, B, C, D, E;
570 /* Heavy mangling, in 4 sub-rounds of 20 iterations each. */
571 subRound (A, B, C, D, E, f1, K1, in[0]);
572 subRound (E, A, B, C, D, f1, K1, in[1]);
573 subRound (D, E, A, B, C, f1, K1, in[2]);
574 subRound (C, D, E, A, B, f1, K1, in[3]);
575 subRound (B, C, D, E, A, f1, K1, in[4]);
576 subRound (A, B, C, D, E, f1, K1, in[5]);
577 subRound (E, A, B, C, D, f1, K1, in[6]);
578 subRound (D, E, A, B, C, f1, K1, in[7]);
579 subRound (C, D, E, A, B, f1, K1, in[8]);
580 subRound (B, C, D, E, A, f1, K1, in[9]);
581 subRound (A, B, C, D, E, f1, K1, in[10]);
582 subRound (E, A, B, C, D, f1, K1, in[11]);
583 subRound (D, E, A, B, C, f1, K1, in[12]);
584 subRound (C, D, E, A, B, f1, K1, in[13]);
585 subRound (B, C, D, E, A, f1, K1, in[14]);
586 subRound (A, B, C, D, E, f1, K1, in[15]);
587 subRound (E, A, B, C, D, f1, K1, expand (in, 16));
588 subRound (D, E, A, B, C, f1, K1, expand (in, 17));
589 subRound (C, D, E, A, B, f1, K1, expand (in, 18));
590 subRound (B, C, D, E, A, f1, K1, expand (in, 19));
592 subRound (A, B, C, D, E, f2, K2, expand (in, 20));
593 subRound (E, A, B, C, D, f2, K2, expand (in, 21));
594 subRound (D, E, A, B, C, f2, K2, expand (in, 22));
595 subRound (C, D, E, A, B, f2, K2, expand (in, 23));
596 subRound (B, C, D, E, A, f2, K2, expand (in, 24));
597 subRound (A, B, C, D, E, f2, K2, expand (in, 25));
598 subRound (E, A, B, C, D, f2, K2, expand (in, 26));
599 subRound (D, E, A, B, C, f2, K2, expand (in, 27));
600 subRound (C, D, E, A, B, f2, K2, expand (in, 28));
601 subRound (B, C, D, E, A, f2, K2, expand (in, 29));
602 subRound (A, B, C, D, E, f2, K2, expand (in, 30));
603 subRound (E, A, B, C, D, f2, K2, expand (in, 31));
604 subRound (D, E, A, B, C, f2, K2, expand (in, 32));
605 subRound (C, D, E, A, B, f2, K2, expand (in, 33));
606 subRound (B, C, D, E, A, f2, K2, expand (in, 34));
607 subRound (A, B, C, D, E, f2, K2, expand (in, 35));
608 subRound (E, A, B, C, D, f2, K2, expand (in, 36));
609 subRound (D, E, A, B, C, f2, K2, expand (in, 37));
610 subRound (C, D, E, A, B, f2, K2, expand (in, 38));
611 subRound (B, C, D, E, A, f2, K2, expand (in, 39));
613 subRound (A, B, C, D, E, f3, K3, expand (in, 40));
614 subRound (E, A, B, C, D, f3, K3, expand (in, 41));
615 subRound (D, E, A, B, C, f3, K3, expand (in, 42));
616 subRound (C, D, E, A, B, f3, K3, expand (in, 43));
617 subRound (B, C, D, E, A, f3, K3, expand (in, 44));
618 subRound (A, B, C, D, E, f3, K3, expand (in, 45));
619 subRound (E, A, B, C, D, f3, K3, expand (in, 46));
620 subRound (D, E, A, B, C, f3, K3, expand (in, 47));
621 subRound (C, D, E, A, B, f3, K3, expand (in, 48));
622 subRound (B, C, D, E, A, f3, K3, expand (in, 49));
623 subRound (A, B, C, D, E, f3, K3, expand (in, 50));
624 subRound (E, A, B, C, D, f3, K3, expand (in, 51));
625 subRound (D, E, A, B, C, f3, K3, expand (in, 52));
626 subRound (C, D, E, A, B, f3, K3, expand (in, 53));
627 subRound (B, C, D, E, A, f3, K3, expand (in, 54));
628 subRound (A, B, C, D, E, f3, K3, expand (in, 55));
629 subRound (E, A, B, C, D, f3, K3, expand (in, 56));
630 subRound (D, E, A, B, C, f3, K3, expand (in, 57));
631 subRound (C, D, E, A, B, f3, K3, expand (in, 58));
632 subRound (B, C, D, E, A, f3, K3, expand (in, 59));
634 subRound (A, B, C, D, E, f4, K4, expand (in, 60));
635 subRound (E, A, B, C, D, f4, K4, expand (in, 61));
636 subRound (D, E, A, B, C, f4, K4, expand (in, 62));
637 subRound (C, D, E, A, B, f4, K4, expand (in, 63));
638 subRound (B, C, D, E, A, f4, K4, expand (in, 64));
639 subRound (A, B, C, D, E, f4, K4, expand (in, 65));
640 subRound (E, A, B, C, D, f4, K4, expand (in, 66));
641 subRound (D, E, A, B, C, f4, K4, expand (in, 67));
642 subRound (C, D, E, A, B, f4, K4, expand (in, 68));
643 subRound (B, C, D, E, A, f4, K4, expand (in, 69));
644 subRound (A, B, C, D, E, f4, K4, expand (in, 70));
645 subRound (E, A, B, C, D, f4, K4, expand (in, 71));
646 subRound (D, E, A, B, C, f4, K4, expand (in, 72));
647 subRound (C, D, E, A, B, f4, K4, expand (in, 73));
648 subRound (B, C, D, E, A, f4, K4, expand (in, 74));
649 subRound (A, B, C, D, E, f4, K4, expand (in, 75));
650 subRound (E, A, B, C, D, f4, K4, expand (in, 76));
651 subRound (D, E, A, B, C, f4, K4, expand (in, 77));
652 subRound (C, D, E, A, B, f4, K4, expand (in, 78));
653 subRound (B, C, D, E, A, f4, K4, expand (in, 79));
655 /* Build message digest */
676 sha1_sum_update (Sha1sum *sha1,
677 const guchar *buffer,
683 /* Update bitcount */
685 if ((sha1->bits[0] = tmp + ((guint32) count << 3) ) < tmp)
686 sha1->bits[1] += 1; /* Carry from low to high */
687 sha1->bits[1] += count >> 29;
689 /* Get count of bytes already in data */
690 dataCount = (guint) (tmp >> 3) & 0x3F;
692 /* Handle any leading odd-sized chunks */
695 guchar *p = (guchar *) sha1->data + dataCount;
697 dataCount = SHA1_DATASIZE - dataCount;
698 if (count < dataCount)
700 memcpy (p, buffer, count);
704 memcpy (p, buffer, dataCount);
706 sha_byte_reverse (sha1->data, SHA1_DATASIZE);
707 sha1_transform (sha1->buf, sha1->data);
713 /* Process data in SHA1_DATASIZE chunks */
714 while (count >= SHA1_DATASIZE)
716 memcpy (sha1->data, buffer, SHA1_DATASIZE);
718 sha_byte_reverse (sha1->data, SHA1_DATASIZE);
719 sha1_transform (sha1->buf, sha1->data);
721 buffer += SHA1_DATASIZE;
722 count -= SHA1_DATASIZE;
725 /* Handle any remaining bytes of data. */
726 memcpy (sha1->data, buffer, count);
729 /* Final wrapup - pad to SHA_DATASIZE-byte boundary with the bit pattern
730 1 0* (64-bit count of bits processed, MSB-first) */
732 sha1_sum_close (Sha1sum *sha1)
737 /* Compute number of bytes mod 64 */
738 count = (gint) ((sha1->bits[0] >> 3) & 0x3f);
740 /* Set the first char of padding to 0x80. This is safe since there is
741 always at least one byte free */
742 data_p = (guchar *) sha1->data + count;
745 /* Bytes of padding needed to make 64 bytes */
746 count = SHA1_DATASIZE - 1 - count;
748 /* Pad out to 56 mod 64 */
751 /* Two lots of padding: Pad the first block to 64 bytes */
752 memset (data_p, 0, count);
754 sha_byte_reverse (sha1->data, SHA1_DATASIZE);
755 sha1_transform (sha1->buf, sha1->data);
757 /* Now fill the next block with 56 bytes */
758 memset (sha1->data, 0, SHA1_DATASIZE - 8);
762 /* Pad block to 56 bytes */
763 memset (data_p, 0, count - 8);
766 /* Append length in bits and transform */
767 sha1->data[14] = sha1->bits[1];
768 sha1->data[15] = sha1->bits[0];
770 sha_byte_reverse (sha1->data, SHA1_DATASIZE - 8);
771 sha1_transform (sha1->buf, sha1->data);
772 sha_byte_reverse (sha1->buf, SHA1_DIGEST_LEN);
774 memcpy (sha1->digest, sha1->buf, SHA1_DIGEST_LEN);
776 /* Reset buffers in case they contain sensitive data */
777 memset (sha1->buf, 0, sizeof (sha1->buf));
778 memset (sha1->data, 0, sizeof (sha1->data));
782 sha1_sum_to_string (Sha1sum *sha1)
784 return digest_to_string (sha1->digest, SHA1_DIGEST_LEN);
788 sha1_sum_digest (Sha1sum *sha1,
793 for (i = 0; i < SHA1_DIGEST_LEN; i++)
794 digest[i] = sha1->digest[i];
801 /* adapted from the SHA256 implementation in gsk/src/hash/gskhash.c.
803 * Copyright (C) 2006 Dave Benson
804 * Released under the terms of the GNU Lesser General Public License
808 sha256_sum_init (Sha256sum *sha256)
810 sha256->buf[0] = 0x6a09e667;
811 sha256->buf[1] = 0xbb67ae85;
812 sha256->buf[2] = 0x3c6ef372;
813 sha256->buf[3] = 0xa54ff53a;
814 sha256->buf[4] = 0x510e527f;
815 sha256->buf[5] = 0x9b05688c;
816 sha256->buf[6] = 0x1f83d9ab;
817 sha256->buf[7] = 0x5be0cd19;
819 sha256->bits[0] = sha256->bits[1] = 0;
822 #define GET_UINT32(n,b,i) G_STMT_START{ \
823 (n) = ((guint32) (b)[(i) ] << 24) \
824 | ((guint32) (b)[(i) + 1] << 16) \
825 | ((guint32) (b)[(i) + 2] << 8) \
826 | ((guint32) (b)[(i) + 3] ); } G_STMT_END
828 #define PUT_UINT32(n,b,i) G_STMT_START{ \
829 (b)[(i) ] = (guint8) ((n) >> 24); \
830 (b)[(i) + 1] = (guint8) ((n) >> 16); \
831 (b)[(i) + 2] = (guint8) ((n) >> 8); \
832 (b)[(i) + 3] = (guint8) ((n) ); } G_STMT_END
835 sha256_transform (guint32 buf[8],
836 guint8 const data[64])
838 guint32 temp1, temp2, W[64];
839 guint32 A, B, C, D, E, F, G, H;
841 GET_UINT32 (W[0], data, 0);
842 GET_UINT32 (W[1], data, 4);
843 GET_UINT32 (W[2], data, 8);
844 GET_UINT32 (W[3], data, 12);
845 GET_UINT32 (W[4], data, 16);
846 GET_UINT32 (W[5], data, 20);
847 GET_UINT32 (W[6], data, 24);
848 GET_UINT32 (W[7], data, 28);
849 GET_UINT32 (W[8], data, 32);
850 GET_UINT32 (W[9], data, 36);
851 GET_UINT32 (W[10], data, 40);
852 GET_UINT32 (W[11], data, 44);
853 GET_UINT32 (W[12], data, 48);
854 GET_UINT32 (W[13], data, 52);
855 GET_UINT32 (W[14], data, 56);
856 GET_UINT32 (W[15], data, 60);
858 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
859 #define ROTR(x,n) (SHR (x,n) | (x << (32 - n)))
861 #define S0(x) (ROTR (x, 7) ^ ROTR (x,18) ^ SHR (x, 3))
862 #define S1(x) (ROTR (x,17) ^ ROTR (x,19) ^ SHR (x,10))
863 #define S2(x) (ROTR (x, 2) ^ ROTR (x,13) ^ ROTR (x,22))
864 #define S3(x) (ROTR (x, 6) ^ ROTR (x,11) ^ ROTR (x,25))
866 #define F0(x,y,z) ((x & y) | (z & (x | y)))
867 #define F1(x,y,z) (z ^ (x & (y ^ z)))
869 #define R(t) (W[t] = S1(W[t - 2]) + W[t - 7] + \
870 S0(W[t - 15]) + W[t - 16])
872 #define P(a,b,c,d,e,f,g,h,x,K) G_STMT_START { \
873 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
874 temp2 = S2(a) + F0(a,b,c); \
875 d += temp1; h = temp1 + temp2; } G_STMT_END
886 P (A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98);
887 P (H, A, B, C, D, E, F, G, W[ 1], 0x71374491);
888 P (G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF);
889 P (F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5);
890 P (E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B);
891 P (D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1);
892 P (C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4);
893 P (B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5);
894 P (A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98);
895 P (H, A, B, C, D, E, F, G, W[ 9], 0x12835B01);
896 P (G, H, A, B, C, D, E, F, W[10], 0x243185BE);
897 P (F, G, H, A, B, C, D, E, W[11], 0x550C7DC3);
898 P (E, F, G, H, A, B, C, D, W[12], 0x72BE5D74);
899 P (D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE);
900 P (C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7);
901 P (B, C, D, E, F, G, H, A, W[15], 0xC19BF174);
902 P (A, B, C, D, E, F, G, H, R(16), 0xE49B69C1);
903 P (H, A, B, C, D, E, F, G, R(17), 0xEFBE4786);
904 P (G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6);
905 P (F, G, H, A, B, C, D, E, R(19), 0x240CA1CC);
906 P (E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F);
907 P (D, E, F, G, H, A, B, C, R(21), 0x4A7484AA);
908 P (C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC);
909 P (B, C, D, E, F, G, H, A, R(23), 0x76F988DA);
910 P (A, B, C, D, E, F, G, H, R(24), 0x983E5152);
911 P (H, A, B, C, D, E, F, G, R(25), 0xA831C66D);
912 P (G, H, A, B, C, D, E, F, R(26), 0xB00327C8);
913 P (F, G, H, A, B, C, D, E, R(27), 0xBF597FC7);
914 P (E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3);
915 P (D, E, F, G, H, A, B, C, R(29), 0xD5A79147);
916 P (C, D, E, F, G, H, A, B, R(30), 0x06CA6351);
917 P (B, C, D, E, F, G, H, A, R(31), 0x14292967);
918 P (A, B, C, D, E, F, G, H, R(32), 0x27B70A85);
919 P (H, A, B, C, D, E, F, G, R(33), 0x2E1B2138);
920 P (G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC);
921 P (F, G, H, A, B, C, D, E, R(35), 0x53380D13);
922 P (E, F, G, H, A, B, C, D, R(36), 0x650A7354);
923 P (D, E, F, G, H, A, B, C, R(37), 0x766A0ABB);
924 P (C, D, E, F, G, H, A, B, R(38), 0x81C2C92E);
925 P (B, C, D, E, F, G, H, A, R(39), 0x92722C85);
926 P (A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1);
927 P (H, A, B, C, D, E, F, G, R(41), 0xA81A664B);
928 P (G, H, A, B, C, D, E, F, R(42), 0xC24B8B70);
929 P (F, G, H, A, B, C, D, E, R(43), 0xC76C51A3);
930 P (E, F, G, H, A, B, C, D, R(44), 0xD192E819);
931 P (D, E, F, G, H, A, B, C, R(45), 0xD6990624);
932 P (C, D, E, F, G, H, A, B, R(46), 0xF40E3585);
933 P (B, C, D, E, F, G, H, A, R(47), 0x106AA070);
934 P (A, B, C, D, E, F, G, H, R(48), 0x19A4C116);
935 P (H, A, B, C, D, E, F, G, R(49), 0x1E376C08);
936 P (G, H, A, B, C, D, E, F, R(50), 0x2748774C);
937 P (F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5);
938 P (E, F, G, H, A, B, C, D, R(52), 0x391C0CB3);
939 P (D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A);
940 P (C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F);
941 P (B, C, D, E, F, G, H, A, R(55), 0x682E6FF3);
942 P (A, B, C, D, E, F, G, H, R(56), 0x748F82EE);
943 P (H, A, B, C, D, E, F, G, R(57), 0x78A5636F);
944 P (G, H, A, B, C, D, E, F, R(58), 0x84C87814);
945 P (F, G, H, A, B, C, D, E, R(59), 0x8CC70208);
946 P (E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA);
947 P (D, E, F, G, H, A, B, C, R(61), 0xA4506CEB);
948 P (C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7);
949 P (B, C, D, E, F, G, H, A, R(63), 0xC67178F2);
973 sha256_sum_update (Sha256sum *sha256,
974 const guchar *buffer,
978 const guint8 *input = buffer;
983 left = sha256->bits[0] & 0x3F;
986 sha256->bits[0] += length;
987 sha256->bits[0] &= 0xFFFFFFFF;
989 if (sha256->bits[0] < length)
992 if (left > 0 && length >= fill)
994 memcpy ((sha256->data + left), input, fill);
996 sha256_transform (sha256->buf, sha256->data);
1003 while (length >= SHA256_DATASIZE)
1005 sha256_transform (sha256->buf, input);
1012 memcpy (sha256->data + left, input, length);
1015 static guint8 sha256_padding[64] =
1017 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1018 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1019 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1020 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
1024 sha256_sum_close (Sha256sum *sha256)
1030 high = (sha256->bits[0] >> 29)
1031 | (sha256->bits[1] << 3);
1032 low = (sha256->bits[0] << 3);
1034 PUT_UINT32 (high, msglen, 0);
1035 PUT_UINT32 (low, msglen, 4);
1037 last = sha256->bits[0] & 0x3F;
1038 padn = (last < 56) ? (56 - last) : (120 - last);
1040 sha256_sum_update (sha256, sha256_padding, padn);
1041 sha256_sum_update (sha256, msglen, 8);
1043 PUT_UINT32 (sha256->buf[0], sha256->digest, 0);
1044 PUT_UINT32 (sha256->buf[1], sha256->digest, 4);
1045 PUT_UINT32 (sha256->buf[2], sha256->digest, 8);
1046 PUT_UINT32 (sha256->buf[3], sha256->digest, 12);
1047 PUT_UINT32 (sha256->buf[4], sha256->digest, 16);
1048 PUT_UINT32 (sha256->buf[5], sha256->digest, 20);
1049 PUT_UINT32 (sha256->buf[6], sha256->digest, 24);
1050 PUT_UINT32 (sha256->buf[7], sha256->digest, 28);
1057 sha256_sum_to_string (Sha256sum *sha256)
1059 return digest_to_string (sha256->digest, SHA256_DIGEST_LEN);
1063 sha256_sum_digest (Sha256sum *sha256,
1068 for (i = 0; i < SHA256_DIGEST_LEN; i++)
1069 digest[i] = sha256->digest[i];
1078 * g_checksum_type_get_length:
1079 * @checksum_type: a #GChecksumType
1081 * Gets the length in bytes of digests of type @checksum_type
1083 * Return value: the checksum length, or -1 if @checksum_type is
1089 g_checksum_type_get_length (GChecksumType checksum_type)
1093 switch (checksum_type)
1095 case G_CHECKSUM_MD5:
1096 len = MD5_DIGEST_LEN;
1098 case G_CHECKSUM_SHA1:
1099 len = SHA1_DIGEST_LEN;
1101 case G_CHECKSUM_SHA256:
1102 len = SHA256_DIGEST_LEN;
1114 * @checksum_type: the desired type of checksum
1116 * Creates a new #GChecksum, using the checksum algorithm @checksum_type.
1117 * If the @checksum_type is not known, %NULL is returned.
1118 * A #GChecksum can be used to compute the checksum, or digest, of an
1119 * arbitrary binary blob, using different hashing algorithms.
1121 * A #GChecksum works by feeding a binary blob through g_checksum_update()
1122 * until there is data to be checked; the digest can then be extracted
1123 * using g_checksum_get_string(), which will return the checksum as a
1124 * hexadecimal string; or g_checksum_get_digest(), which will return a
1125 * vector of raw bytes. Once either g_checksum_get_string() or
1126 * g_checksum_get_digest() have been called on a #GChecksum, the checksum
1127 * will be closed and it won't be possible to call g_checksum_update()
1130 * Return value: the newly created #GChecksum, or %NULL.
1131 * Use g_checksum_free() to free the memory allocated by it.
1136 g_checksum_new (GChecksumType checksum_type)
1138 GChecksum *checksum;
1140 if (! IS_VALID_TYPE (checksum_type))
1143 checksum = g_slice_new0 (GChecksum);
1144 checksum->type = checksum_type;
1146 g_checksum_reset (checksum);
1153 * @checksum: the #GChecksum to reset
1155 * Resets the state of the @checksum back to its initial state.
1160 g_checksum_reset (GChecksum *checksum)
1162 g_return_if_fail (checksum != NULL);
1164 g_free (checksum->digest_str);
1165 checksum->digest_str = NULL;
1167 switch (checksum->type)
1169 case G_CHECKSUM_MD5:
1170 md5_sum_init (&(checksum->sum.md5));
1172 case G_CHECKSUM_SHA1:
1173 sha1_sum_init (&(checksum->sum.sha1));
1175 case G_CHECKSUM_SHA256:
1176 sha256_sum_init (&(checksum->sum.sha256));
1179 g_assert_not_reached ();
1186 * @checksum: the #GChecksum to copy
1188 * Copies a #GChecksum. If @checksum has been closed, by calling
1189 * g_checksum_get_string() or g_checksum_get_digest(), the copied
1190 * checksum will be closed as well.
1192 * Return value: the copy of the passed #GChecksum. Use g_checksum_free()
1193 * when finished using it.
1198 g_checksum_copy (const GChecksum *checksum)
1202 g_return_val_if_fail (checksum != NULL, NULL);
1204 copy = g_slice_new (GChecksum);
1207 copy->digest_str = g_strdup (checksum->digest_str);
1214 * @checksum: a #GChecksum
1216 * Frees the memory allocated for @checksum.
1221 g_checksum_free (GChecksum *checksum)
1223 if (G_LIKELY (checksum))
1225 g_free (checksum->digest_str);
1227 g_slice_free (GChecksum, checksum);
1232 * g_checksum_update:
1233 * @checksum: a #GChecksum
1234 * @data: buffer used to compute the checksum
1235 * @length: size of the buffer, or -1 if it is a null-terminated string.
1237 * Feeds @data into an existing #GChecksum. The checksum must still be
1238 * open, that is g_checksum_get_string() or g_checksum_get_digest() must
1239 * not have been called on @checksum.
1244 g_checksum_update (GChecksum *checksum,
1248 g_return_if_fail (checksum != NULL);
1249 g_return_if_fail (length == 0 || data != NULL);
1252 length = strlen ((const gchar *) data);
1254 if (checksum->digest_str)
1256 g_warning ("The checksum `%s' has been closed and cannot be updated "
1258 checksum->digest_str);
1262 switch (checksum->type)
1264 case G_CHECKSUM_MD5:
1265 md5_sum_update (&(checksum->sum.md5), data, length);
1267 case G_CHECKSUM_SHA1:
1268 sha1_sum_update (&(checksum->sum.sha1), data, length);
1270 case G_CHECKSUM_SHA256:
1271 sha256_sum_update (&(checksum->sum.sha256), data, length);
1274 g_assert_not_reached ();
1280 * g_checksum_get_string:
1281 * @checksum: a #GChecksum
1283 * Gets the digest as an hexadecimal string.
1285 * Once this function has been called the #GChecksum can no longer be
1286 * updated with g_checksum_update().
1288 * The hexadecimal characters will be lower case.
1290 * Return value: the hexadecimal representation of the checksum. The
1291 * returned string is owned by the checksum and should not be modified
1297 g_checksum_get_string (GChecksum *checksum)
1301 g_return_val_if_fail (checksum != NULL, NULL);
1303 if (checksum->digest_str)
1304 return checksum->digest_str;
1306 switch (checksum->type)
1308 case G_CHECKSUM_MD5:
1309 md5_sum_close (&(checksum->sum.md5));
1310 str = md5_sum_to_string (&(checksum->sum.md5));
1312 case G_CHECKSUM_SHA1:
1313 sha1_sum_close (&(checksum->sum.sha1));
1314 str = sha1_sum_to_string (&(checksum->sum.sha1));
1316 case G_CHECKSUM_SHA256:
1317 sha256_sum_close (&(checksum->sum.sha256));
1318 str = sha256_sum_to_string (&(checksum->sum.sha256));
1321 g_assert_not_reached ();
1325 checksum->digest_str = str;
1327 return checksum->digest_str;
1331 * g_checksum_get_digest:
1332 * @checksum: a #GChecksum
1333 * @buffer: output buffer
1334 * @digest_len: an inout parameter. The caller initializes it to the size of @buffer.
1335 * After the call it contains the length of the digest.
1337 * Gets the digest from @checksum as a raw binary vector and places it
1338 * into @buffer. The size of the digest depends on the type of checksum.
1340 * Once this function has been called, the #GChecksum is closed and can
1341 * no longer be updated with g_checksum_update().
1346 g_checksum_get_digest (GChecksum *checksum,
1350 gboolean checksum_open = FALSE;
1354 g_return_if_fail (checksum != NULL);
1356 len = g_checksum_type_get_length (checksum->type);
1357 g_return_if_fail (*digest_len >= len);
1359 checksum_open = !!(checksum->digest_str == NULL);
1361 switch (checksum->type)
1363 case G_CHECKSUM_MD5:
1366 md5_sum_close (&(checksum->sum.md5));
1367 str = md5_sum_to_string (&(checksum->sum.md5));
1369 md5_sum_digest (&(checksum->sum.md5), buffer);
1371 case G_CHECKSUM_SHA1:
1374 sha1_sum_close (&(checksum->sum.sha1));
1375 str = sha1_sum_to_string (&(checksum->sum.sha1));
1377 sha1_sum_digest (&(checksum->sum.sha1), buffer);
1379 case G_CHECKSUM_SHA256:
1382 sha256_sum_close (&(checksum->sum.sha256));
1383 str = sha256_sum_to_string (&(checksum->sum.sha256));
1385 sha256_sum_digest (&(checksum->sum.sha256), buffer);
1388 g_assert_not_reached ();
1393 checksum->digest_str = str;
1399 * g_compute_checksum_for_data:
1400 * @checksum_type: a #GChecksumType
1401 * @data: binary blob to compute the digest of
1402 * @length: length of @data
1404 * Computes the checksum for a binary @data of @length. This is a
1405 * convenience wrapper for g_checksum_new(), g_checksum_get_string()
1406 * and g_checksum_free().
1408 * The hexadecimal string returned will be in lower case.
1410 * Return value: the digest of the binary data as a string in hexadecimal.
1411 * The returned string should be freed with g_free() when done using it.
1416 g_compute_checksum_for_data (GChecksumType checksum_type,
1420 GChecksum *checksum;
1423 g_return_val_if_fail (IS_VALID_TYPE (checksum_type), NULL);
1424 g_return_val_if_fail (length == 0 || data != NULL, NULL);
1426 checksum = g_checksum_new (checksum_type);
1430 g_checksum_update (checksum, data, length);
1431 retval = g_strdup (g_checksum_get_string (checksum));
1432 g_checksum_free (checksum);
1438 * g_compute_checksum_for_string:
1439 * @checksum_type: a #GChecksumType
1440 * @str: the string to compute the checksum of
1441 * @length: the length of the string, or -1 if the string is null-terminated.
1443 * Computes the checksum of a string.
1445 * The hexadecimal string returned will be in lower case.
1447 * Return value: the checksum as a hexadecimal string. The returned string
1448 * should be freed with g_free() when done using it.
1453 g_compute_checksum_for_string (GChecksumType checksum_type,
1457 g_return_val_if_fail (IS_VALID_TYPE (checksum_type), NULL);
1458 g_return_val_if_fail (length == 0 || str != NULL, NULL);
1461 length = strlen (str);
1463 return g_compute_checksum_for_data (checksum_type, (const guchar *) str, length);
projects / platform / upstream / glib.git / blob