1 /* gchecksum.h - data hashing functions
3 * Copyright (C) 2007 Emmanuele Bassi <ebassi@gnome.org>
5 * SPDX-License-Identifier: LGPL-2.1-or-later
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, see <http://www.gnu.org/licenses/>.
25 #include "gchecksum.h"
29 #include "gstrfuncs.h"
30 #include "gtestutils.h"
37 * @title: Data Checksums
38 * @short_description: computes the checksum for data
40 * GLib provides a generic API for computing checksums (or "digests")
41 * for a sequence of arbitrary bytes, using various hashing algorithms
42 * like MD5, SHA-1 and SHA-256. Checksums are commonly used in various
43 * environments and specifications.
45 * GLib supports incremental checksums using the GChecksum data
46 * structure, by calling g_checksum_update() as long as there's data
47 * available and then using g_checksum_get_string() or
48 * g_checksum_get_digest() to compute the checksum and return it either
49 * as a string in hexadecimal form, or as a raw sequence of bytes. To
50 * compute the checksum for binary blobs and NUL-terminated strings in
51 * one go, use the convenience functions g_compute_checksum_for_data()
52 * and g_compute_checksum_for_string(), respectively.
54 * Support for checksums has been added in GLib 2.16
57 #define IS_VALID_TYPE(type) ((type) >= G_CHECKSUM_MD5 && (type) <= G_CHECKSUM_SHA384)
59 /* The fact that these are lower case characters is part of the ABI */
60 static const gchar hex_digits[] = "0123456789abcdef";
62 #define MD5_DATASIZE 64
63 #define MD5_DIGEST_LEN 16
71 guchar data[MD5_DATASIZE];
72 guint32 data32[MD5_DATASIZE / 4];
75 guchar digest[MD5_DIGEST_LEN];
78 #define SHA1_DATASIZE 64
79 #define SHA1_DIGEST_LEN 20
86 /* we pack 64 unsigned chars into 16 32-bit unsigned integers */
89 guchar digest[SHA1_DIGEST_LEN];
92 #define SHA256_DATASIZE 64
93 #define SHA256_DIGEST_LEN 32
100 guint8 data[SHA256_DATASIZE];
102 guchar digest[SHA256_DIGEST_LEN];
105 /* SHA2 is common thing for SHA-384, SHA-512, SHA-512/224 and SHA-512/256 */
106 #define SHA2_BLOCK_LEN 128 /* 1024 bits message block */
107 #define SHA384_DIGEST_LEN 48
108 #define SHA512_DIGEST_LEN 64
114 guint8 block[SHA2_BLOCK_LEN];
119 guchar digest[SHA512_DIGEST_LEN];
136 /* we need different byte swapping functions because MD5 expects buffers
137 * to be little-endian, while SHA1 and SHA256 expect them in big-endian
141 #if G_BYTE_ORDER == G_LITTLE_ENDIAN
142 #define md5_byte_reverse(buffer,length)
144 /* assume that the passed buffer is integer aligned */
146 md5_byte_reverse (guchar *buffer,
153 bit = (guint32) ((unsigned) buffer[3] << 8 | buffer[2]) << 16 |
154 ((unsigned) buffer[1] << 8 | buffer[0]);
155 * (guint32 *) buffer = bit;
160 #endif /* G_BYTE_ORDER == G_LITTLE_ENDIAN */
162 #if G_BYTE_ORDER == G_BIG_ENDIAN
163 #define sha_byte_reverse(buffer,length)
166 sha_byte_reverse (guint32 *buffer,
169 length /= sizeof (guint32);
172 *buffer = GUINT32_SWAP_LE_BE (*buffer);
176 #endif /* G_BYTE_ORDER == G_BIG_ENDIAN */
179 digest_to_string (guint8 *digest,
182 gsize i, len = digest_len * 2;
185 retval = g_new (gchar, len + 1);
187 for (i = 0; i < digest_len; i++)
189 guint8 byte = digest[i];
191 retval[2 * i] = hex_digits[byte >> 4];
192 retval[2 * i + 1] = hex_digits[byte & 0xf];
204 /* This MD5 digest computation is based on the equivalent code
205 * written by Colin Plumb. It came with this notice:
207 * This code implements the MD5 message-digest algorithm.
208 * The algorithm is due to Ron Rivest. This code was
209 * written by Colin Plumb in 1993, no copyright is claimed.
210 * This code is in the public domain; do with it what you wish.
212 * Equivalent code is available from RSA Data Security, Inc.
213 * This code has been tested against that, and is equivalent,
214 * except that you don't need to include two pages of legalese
219 md5_sum_init (Md5sum *md5)
221 /* arbitrary constants */
222 md5->buf[0] = 0x67452301;
223 md5->buf[1] = 0xefcdab89;
224 md5->buf[2] = 0x98badcfe;
225 md5->buf[3] = 0x10325476;
227 md5->bits[0] = md5->bits[1] = 0;
231 * The core of the MD5 algorithm, this alters an existing MD5 hash to
232 * reflect the addition of 16 longwords of new data. md5_sum_update()
233 * blocks the data and converts bytes into longwords for this routine.
236 md5_transform (guint32 buf[4],
237 guint32 const in[16])
241 /* The four core functions - F1 is optimized somewhat */
242 #define F1(x, y, z) (z ^ (x & (y ^ z)))
243 #define F2(x, y, z) F1 (z, x, y)
244 #define F3(x, y, z) (x ^ y ^ z)
245 #define F4(x, y, z) (y ^ (x | ~z))
247 /* This is the central step in the MD5 algorithm. */
248 #define md5_step(f, w, x, y, z, data, s) \
249 ( w += f (x, y, z) + data, w = w << s | w >> (32 - s), w += x )
256 md5_step (F1, a, b, c, d, in[0] + 0xd76aa478, 7);
257 md5_step (F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
258 md5_step (F1, c, d, a, b, in[2] + 0x242070db, 17);
259 md5_step (F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
260 md5_step (F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
261 md5_step (F1, d, a, b, c, in[5] + 0x4787c62a, 12);
262 md5_step (F1, c, d, a, b, in[6] + 0xa8304613, 17);
263 md5_step (F1, b, c, d, a, in[7] + 0xfd469501, 22);
264 md5_step (F1, a, b, c, d, in[8] + 0x698098d8, 7);
265 md5_step (F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
266 md5_step (F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
267 md5_step (F1, b, c, d, a, in[11] + 0x895cd7be, 22);
268 md5_step (F1, a, b, c, d, in[12] + 0x6b901122, 7);
269 md5_step (F1, d, a, b, c, in[13] + 0xfd987193, 12);
270 md5_step (F1, c, d, a, b, in[14] + 0xa679438e, 17);
271 md5_step (F1, b, c, d, a, in[15] + 0x49b40821, 22);
273 md5_step (F2, a, b, c, d, in[1] + 0xf61e2562, 5);
274 md5_step (F2, d, a, b, c, in[6] + 0xc040b340, 9);
275 md5_step (F2, c, d, a, b, in[11] + 0x265e5a51, 14);
276 md5_step (F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
277 md5_step (F2, a, b, c, d, in[5] + 0xd62f105d, 5);
278 md5_step (F2, d, a, b, c, in[10] + 0x02441453, 9);
279 md5_step (F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
280 md5_step (F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
281 md5_step (F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
282 md5_step (F2, d, a, b, c, in[14] + 0xc33707d6, 9);
283 md5_step (F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
284 md5_step (F2, b, c, d, a, in[8] + 0x455a14ed, 20);
285 md5_step (F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
286 md5_step (F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
287 md5_step (F2, c, d, a, b, in[7] + 0x676f02d9, 14);
288 md5_step (F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
290 md5_step (F3, a, b, c, d, in[5] + 0xfffa3942, 4);
291 md5_step (F3, d, a, b, c, in[8] + 0x8771f681, 11);
292 md5_step (F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
293 md5_step (F3, b, c, d, a, in[14] + 0xfde5380c, 23);
294 md5_step (F3, a, b, c, d, in[1] + 0xa4beea44, 4);
295 md5_step (F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
296 md5_step (F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
297 md5_step (F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
298 md5_step (F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
299 md5_step (F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
300 md5_step (F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
301 md5_step (F3, b, c, d, a, in[6] + 0x04881d05, 23);
302 md5_step (F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
303 md5_step (F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
304 md5_step (F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
305 md5_step (F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
307 md5_step (F4, a, b, c, d, in[0] + 0xf4292244, 6);
308 md5_step (F4, d, a, b, c, in[7] + 0x432aff97, 10);
309 md5_step (F4, c, d, a, b, in[14] + 0xab9423a7, 15);
310 md5_step (F4, b, c, d, a, in[5] + 0xfc93a039, 21);
311 md5_step (F4, a, b, c, d, in[12] + 0x655b59c3, 6);
312 md5_step (F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
313 md5_step (F4, c, d, a, b, in[10] + 0xffeff47d, 15);
314 md5_step (F4, b, c, d, a, in[1] + 0x85845dd1, 21);
315 md5_step (F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
316 md5_step (F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
317 md5_step (F4, c, d, a, b, in[6] + 0xa3014314, 15);
318 md5_step (F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
319 md5_step (F4, a, b, c, d, in[4] + 0xf7537e82, 6);
320 md5_step (F4, d, a, b, c, in[11] + 0xbd3af235, 10);
321 md5_step (F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
322 md5_step (F4, b, c, d, a, in[9] + 0xeb86d391, 21);
337 md5_sum_update (Md5sum *md5,
344 md5->bits[0] = bit + ((guint32) length << 3);
346 /* carry from low to high */
347 if (md5->bits[0] < bit)
350 md5->bits[1] += length >> 29;
352 /* bytes already in Md5sum->u.data */
353 bit = (bit >> 3) & 0x3f;
355 /* handle any leading odd-sized chunks */
358 guchar *p = md5->u.data + bit;
360 bit = MD5_DATASIZE - bit;
363 memcpy (p, data, length);
367 memcpy (p, data, bit);
369 md5_byte_reverse (md5->u.data, 16);
370 md5_transform (md5->buf, md5->u.data32);
376 /* process data in 64-byte chunks */
377 while (length >= MD5_DATASIZE)
379 memcpy (md5->u.data, data, MD5_DATASIZE);
381 md5_byte_reverse (md5->u.data, 16);
382 md5_transform (md5->buf, md5->u.data32);
384 data += MD5_DATASIZE;
385 length -= MD5_DATASIZE;
388 /* handle any remaining bytes of data */
389 memcpy (md5->u.data, data, length);
392 /* closes a checksum */
394 md5_sum_close (Md5sum *md5)
399 /* Compute number of bytes mod 64 */
400 count = (md5->bits[0] >> 3) & 0x3F;
402 /* Set the first char of padding to 0x80.
403 * This is safe since there is always at least one byte free
405 p = md5->u.data + count;
408 /* Bytes of padding needed to make 64 bytes */
409 count = MD5_DATASIZE - 1 - count;
411 /* Pad out to 56 mod 64 */
414 /* Two lots of padding: Pad the first block to 64 bytes */
415 memset (p, 0, count);
417 md5_byte_reverse (md5->u.data, 16);
418 md5_transform (md5->buf, md5->u.data32);
420 /* Now fill the next block with 56 bytes */
421 memset (md5->u.data, 0, MD5_DATASIZE - 8);
425 /* Pad block to 56 bytes */
426 memset (p, 0, count - 8);
429 md5_byte_reverse (md5->u.data, 14);
431 /* Append length in bits and transform */
432 md5->u.data32[14] = md5->bits[0];
433 md5->u.data32[15] = md5->bits[1];
435 md5_transform (md5->buf, md5->u.data32);
436 md5_byte_reverse ((guchar *) md5->buf, 4);
438 memcpy (md5->digest, md5->buf, 16);
440 /* Reset buffers in case they contain sensitive data */
441 memset (md5->buf, 0, sizeof (md5->buf));
442 memset (md5->u.data, 0, sizeof (md5->u.data));
446 md5_sum_to_string (Md5sum *md5)
448 return digest_to_string (md5->digest, MD5_DIGEST_LEN);
452 md5_sum_digest (Md5sum *md5,
457 for (i = 0; i < MD5_DIGEST_LEN; i++)
458 digest[i] = md5->digest[i];
465 /* The following implementation comes from D-Bus dbus-sha.c. I've changed
466 * it to use GLib types and to work more like the MD5 implementation above.
467 * I left the comments to have a history of this code.
468 * -- Emmanuele Bassi, ebassi@gnome.org
471 /* The following comments have the history of where this code
472 * comes from. I actually copied it from GNet in GNOME CVS.
477 * sha.h : Implementation of the Secure Hash Algorithm
479 * Part of the Python Cryptography Toolkit, version 1.0.0
481 * Copyright (C) 1995, A.M. Kuchling
483 * Distribute and use freely; there are no restrictions on further
484 * dissemination and usage except those imposed by the laws of your
485 * country of residence.
489 /* SHA: NIST's Secure Hash Algorithm */
491 /* Based on SHA code originally posted to sci.crypt by Peter Gutmann
492 in message <30ajo5$oe8@ccu2.auckland.ac.nz>.
493 Modified to test for endianness on creation of SHA objects by AMK.
494 Also, the original specification of SHA was found to have a weakness
495 by NSA/NIST. This code implements the fixed version of SHA.
498 /* Here's the first paragraph of Peter Gutmann's posting:
500 The following is my SHA (FIPS 180) code updated to allow use of the "fixed"
501 SHA, thanks to Jim Gillogly and an anonymous contributor for the information on
502 what's changed in the new version. The fix is a simple change which involves
503 adding a single rotate in the initial expansion function. It is unknown
504 whether this is an optimal solution to the problem which was discovered in the
505 SHA or whether it's simply a bandaid which fixes the problem with a minimum of
506 effort (for example the reengineering of a great many Capstone chips).
510 sha1_sum_init (Sha1sum *sha1)
512 /* initialize constants */
513 sha1->buf[0] = 0x67452301L;
514 sha1->buf[1] = 0xEFCDAB89L;
515 sha1->buf[2] = 0x98BADCFEL;
516 sha1->buf[3] = 0x10325476L;
517 sha1->buf[4] = 0xC3D2E1F0L;
519 /* initialize bits */
520 sha1->bits[0] = sha1->bits[1] = 0;
523 /* The SHA f()-functions. */
525 #define f1(x,y,z) (z ^ (x & (y ^ z))) /* Rounds 0-19 */
526 #define f2(x,y,z) (x ^ y ^ z) /* Rounds 20-39 */
527 #define f3(x,y,z) (( x & y) | (z & (x | y))) /* Rounds 40-59 */
528 #define f4(x,y,z) (x ^ y ^ z) /* Rounds 60-79 */
530 /* The SHA Mysterious Constants */
531 #define K1 0x5A827999L /* Rounds 0-19 */
532 #define K2 0x6ED9EBA1L /* Rounds 20-39 */
533 #define K3 0x8F1BBCDCL /* Rounds 40-59 */
534 #define K4 0xCA62C1D6L /* Rounds 60-79 */
536 /* 32-bit rotate left - kludged with shifts */
537 #define ROTL(n,X) (((X) << n ) | ((X) >> (32 - n)))
539 /* The initial expanding function. The hash function is defined over an
540 80-word expanded input array W, where the first 16 are copies of the input
541 data, and the remaining 64 are defined by
543 W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
545 This implementation generates these values on the fly in a circular
546 buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this
549 The updated SHA changes the expanding function by adding a rotate of 1
550 bit. Thanks to Jim Gillogly, jim@rand.org, and an anonymous contributor
551 for this information */
553 #define expand(W,i) (W[ i & 15 ] = ROTL (1, (W[ i & 15] ^ \
559 /* The prototype SHA sub-round. The fundamental sub-round is:
561 a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
567 but this is implemented by unrolling the loop 5 times and renaming the
568 variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
569 This code is then replicated 20 times for each of the 4 functions, using
570 the next 20 values from the W[] array each time */
572 #define subRound(a, b, c, d, e, f, k, data) \
573 (e += ROTL (5, a) + f(b, c, d) + k + data, b = ROTL (30, b))
576 sha1_transform (guint32 buf[5],
579 guint32 A, B, C, D, E;
587 /* Heavy mangling, in 4 sub-rounds of 20 iterations each. */
588 subRound (A, B, C, D, E, f1, K1, in[0]);
589 subRound (E, A, B, C, D, f1, K1, in[1]);
590 subRound (D, E, A, B, C, f1, K1, in[2]);
591 subRound (C, D, E, A, B, f1, K1, in[3]);
592 subRound (B, C, D, E, A, f1, K1, in[4]);
593 subRound (A, B, C, D, E, f1, K1, in[5]);
594 subRound (E, A, B, C, D, f1, K1, in[6]);
595 subRound (D, E, A, B, C, f1, K1, in[7]);
596 subRound (C, D, E, A, B, f1, K1, in[8]);
597 subRound (B, C, D, E, A, f1, K1, in[9]);
598 subRound (A, B, C, D, E, f1, K1, in[10]);
599 subRound (E, A, B, C, D, f1, K1, in[11]);
600 subRound (D, E, A, B, C, f1, K1, in[12]);
601 subRound (C, D, E, A, B, f1, K1, in[13]);
602 subRound (B, C, D, E, A, f1, K1, in[14]);
603 subRound (A, B, C, D, E, f1, K1, in[15]);
604 subRound (E, A, B, C, D, f1, K1, expand (in, 16));
605 subRound (D, E, A, B, C, f1, K1, expand (in, 17));
606 subRound (C, D, E, A, B, f1, K1, expand (in, 18));
607 subRound (B, C, D, E, A, f1, K1, expand (in, 19));
609 subRound (A, B, C, D, E, f2, K2, expand (in, 20));
610 subRound (E, A, B, C, D, f2, K2, expand (in, 21));
611 subRound (D, E, A, B, C, f2, K2, expand (in, 22));
612 subRound (C, D, E, A, B, f2, K2, expand (in, 23));
613 subRound (B, C, D, E, A, f2, K2, expand (in, 24));
614 subRound (A, B, C, D, E, f2, K2, expand (in, 25));
615 subRound (E, A, B, C, D, f2, K2, expand (in, 26));
616 subRound (D, E, A, B, C, f2, K2, expand (in, 27));
617 subRound (C, D, E, A, B, f2, K2, expand (in, 28));
618 subRound (B, C, D, E, A, f2, K2, expand (in, 29));
619 subRound (A, B, C, D, E, f2, K2, expand (in, 30));
620 subRound (E, A, B, C, D, f2, K2, expand (in, 31));
621 subRound (D, E, A, B, C, f2, K2, expand (in, 32));
622 subRound (C, D, E, A, B, f2, K2, expand (in, 33));
623 subRound (B, C, D, E, A, f2, K2, expand (in, 34));
624 subRound (A, B, C, D, E, f2, K2, expand (in, 35));
625 subRound (E, A, B, C, D, f2, K2, expand (in, 36));
626 subRound (D, E, A, B, C, f2, K2, expand (in, 37));
627 subRound (C, D, E, A, B, f2, K2, expand (in, 38));
628 subRound (B, C, D, E, A, f2, K2, expand (in, 39));
630 subRound (A, B, C, D, E, f3, K3, expand (in, 40));
631 subRound (E, A, B, C, D, f3, K3, expand (in, 41));
632 subRound (D, E, A, B, C, f3, K3, expand (in, 42));
633 subRound (C, D, E, A, B, f3, K3, expand (in, 43));
634 subRound (B, C, D, E, A, f3, K3, expand (in, 44));
635 subRound (A, B, C, D, E, f3, K3, expand (in, 45));
636 subRound (E, A, B, C, D, f3, K3, expand (in, 46));
637 subRound (D, E, A, B, C, f3, K3, expand (in, 47));
638 subRound (C, D, E, A, B, f3, K3, expand (in, 48));
639 subRound (B, C, D, E, A, f3, K3, expand (in, 49));
640 subRound (A, B, C, D, E, f3, K3, expand (in, 50));
641 subRound (E, A, B, C, D, f3, K3, expand (in, 51));
642 subRound (D, E, A, B, C, f3, K3, expand (in, 52));
643 subRound (C, D, E, A, B, f3, K3, expand (in, 53));
644 subRound (B, C, D, E, A, f3, K3, expand (in, 54));
645 subRound (A, B, C, D, E, f3, K3, expand (in, 55));
646 subRound (E, A, B, C, D, f3, K3, expand (in, 56));
647 subRound (D, E, A, B, C, f3, K3, expand (in, 57));
648 subRound (C, D, E, A, B, f3, K3, expand (in, 58));
649 subRound (B, C, D, E, A, f3, K3, expand (in, 59));
651 subRound (A, B, C, D, E, f4, K4, expand (in, 60));
652 subRound (E, A, B, C, D, f4, K4, expand (in, 61));
653 subRound (D, E, A, B, C, f4, K4, expand (in, 62));
654 subRound (C, D, E, A, B, f4, K4, expand (in, 63));
655 subRound (B, C, D, E, A, f4, K4, expand (in, 64));
656 subRound (A, B, C, D, E, f4, K4, expand (in, 65));
657 subRound (E, A, B, C, D, f4, K4, expand (in, 66));
658 subRound (D, E, A, B, C, f4, K4, expand (in, 67));
659 subRound (C, D, E, A, B, f4, K4, expand (in, 68));
660 subRound (B, C, D, E, A, f4, K4, expand (in, 69));
661 subRound (A, B, C, D, E, f4, K4, expand (in, 70));
662 subRound (E, A, B, C, D, f4, K4, expand (in, 71));
663 subRound (D, E, A, B, C, f4, K4, expand (in, 72));
664 subRound (C, D, E, A, B, f4, K4, expand (in, 73));
665 subRound (B, C, D, E, A, f4, K4, expand (in, 74));
666 subRound (A, B, C, D, E, f4, K4, expand (in, 75));
667 subRound (E, A, B, C, D, f4, K4, expand (in, 76));
668 subRound (D, E, A, B, C, f4, K4, expand (in, 77));
669 subRound (C, D, E, A, B, f4, K4, expand (in, 78));
670 subRound (B, C, D, E, A, f4, K4, expand (in, 79));
672 /* Build message digest */
693 sha1_sum_update (Sha1sum *sha1,
694 const guchar *buffer,
700 /* Update bitcount */
702 if ((sha1->bits[0] = tmp + ((guint32) count << 3) ) < tmp)
703 sha1->bits[1] += 1; /* Carry from low to high */
704 sha1->bits[1] += count >> 29;
706 /* Get count of bytes already in data */
707 dataCount = (guint) (tmp >> 3) & 0x3F;
709 /* Handle any leading odd-sized chunks */
712 guchar *p = (guchar *) sha1->data + dataCount;
714 dataCount = SHA1_DATASIZE - dataCount;
715 if (count < dataCount)
717 memcpy (p, buffer, count);
721 memcpy (p, buffer, dataCount);
723 sha_byte_reverse (sha1->data, SHA1_DATASIZE);
724 sha1_transform (sha1->buf, sha1->data);
730 /* Process data in SHA1_DATASIZE chunks */
731 while (count >= SHA1_DATASIZE)
733 memcpy (sha1->data, buffer, SHA1_DATASIZE);
735 sha_byte_reverse (sha1->data, SHA1_DATASIZE);
736 sha1_transform (sha1->buf, sha1->data);
738 buffer += SHA1_DATASIZE;
739 count -= SHA1_DATASIZE;
742 /* Handle any remaining bytes of data. */
743 memcpy (sha1->data, buffer, count);
746 /* Final wrapup - pad to SHA_DATASIZE-byte boundary with the bit pattern
747 1 0* (64-bit count of bits processed, MSB-first) */
749 sha1_sum_close (Sha1sum *sha1)
754 /* Compute number of bytes mod 64 */
755 count = (gint) ((sha1->bits[0] >> 3) & 0x3f);
757 /* Set the first char of padding to 0x80. This is safe since there is
758 always at least one byte free */
759 data_p = (guchar *) sha1->data + count;
762 /* Bytes of padding needed to make 64 bytes */
763 count = SHA1_DATASIZE - 1 - count;
765 /* Pad out to 56 mod 64 */
768 /* Two lots of padding: Pad the first block to 64 bytes */
769 memset (data_p, 0, count);
771 sha_byte_reverse (sha1->data, SHA1_DATASIZE);
772 sha1_transform (sha1->buf, sha1->data);
774 /* Now fill the next block with 56 bytes */
775 memset (sha1->data, 0, SHA1_DATASIZE - 8);
779 /* Pad block to 56 bytes */
780 memset (data_p, 0, count - 8);
783 /* Append length in bits and transform */
784 sha1->data[14] = sha1->bits[1];
785 sha1->data[15] = sha1->bits[0];
787 sha_byte_reverse (sha1->data, SHA1_DATASIZE - 8);
788 sha1_transform (sha1->buf, sha1->data);
789 sha_byte_reverse (sha1->buf, SHA1_DIGEST_LEN);
791 memcpy (sha1->digest, sha1->buf, SHA1_DIGEST_LEN);
793 /* Reset buffers in case they contain sensitive data */
794 memset (sha1->buf, 0, sizeof (sha1->buf));
795 memset (sha1->data, 0, sizeof (sha1->data));
799 sha1_sum_to_string (Sha1sum *sha1)
801 return digest_to_string (sha1->digest, SHA1_DIGEST_LEN);
805 sha1_sum_digest (Sha1sum *sha1,
810 for (i = 0; i < SHA1_DIGEST_LEN; i++)
811 digest[i] = sha1->digest[i];
818 /* adapted from the SHA256 implementation in gsk/src/hash/gskhash.c.
820 * Copyright (C) 2006 Dave Benson
821 * Released under the terms of the GNU Lesser General Public License
825 sha256_sum_init (Sha256sum *sha256)
827 sha256->buf[0] = 0x6a09e667;
828 sha256->buf[1] = 0xbb67ae85;
829 sha256->buf[2] = 0x3c6ef372;
830 sha256->buf[3] = 0xa54ff53a;
831 sha256->buf[4] = 0x510e527f;
832 sha256->buf[5] = 0x9b05688c;
833 sha256->buf[6] = 0x1f83d9ab;
834 sha256->buf[7] = 0x5be0cd19;
836 sha256->bits[0] = sha256->bits[1] = 0;
839 #define GET_UINT32(n,b,i) G_STMT_START{ \
840 (n) = ((guint32) (b)[(i) ] << 24) \
841 | ((guint32) (b)[(i) + 1] << 16) \
842 | ((guint32) (b)[(i) + 2] << 8) \
843 | ((guint32) (b)[(i) + 3] ); } G_STMT_END
845 #define PUT_UINT32(n,b,i) G_STMT_START{ \
846 (b)[(i) ] = (guint8) ((n) >> 24); \
847 (b)[(i) + 1] = (guint8) ((n) >> 16); \
848 (b)[(i) + 2] = (guint8) ((n) >> 8); \
849 (b)[(i) + 3] = (guint8) ((n) ); } G_STMT_END
852 sha256_transform (guint32 buf[8],
853 guint8 const data[64])
855 guint32 temp1, temp2, W[64];
856 guint32 A, B, C, D, E, F, G, H;
858 GET_UINT32 (W[0], data, 0);
859 GET_UINT32 (W[1], data, 4);
860 GET_UINT32 (W[2], data, 8);
861 GET_UINT32 (W[3], data, 12);
862 GET_UINT32 (W[4], data, 16);
863 GET_UINT32 (W[5], data, 20);
864 GET_UINT32 (W[6], data, 24);
865 GET_UINT32 (W[7], data, 28);
866 GET_UINT32 (W[8], data, 32);
867 GET_UINT32 (W[9], data, 36);
868 GET_UINT32 (W[10], data, 40);
869 GET_UINT32 (W[11], data, 44);
870 GET_UINT32 (W[12], data, 48);
871 GET_UINT32 (W[13], data, 52);
872 GET_UINT32 (W[14], data, 56);
873 GET_UINT32 (W[15], data, 60);
875 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
876 #define ROTR(x,n) (SHR (x,n) | (x << (32 - n)))
878 #define S0(x) (ROTR (x, 7) ^ ROTR (x,18) ^ SHR (x, 3))
879 #define S1(x) (ROTR (x,17) ^ ROTR (x,19) ^ SHR (x,10))
880 #define S2(x) (ROTR (x, 2) ^ ROTR (x,13) ^ ROTR (x,22))
881 #define S3(x) (ROTR (x, 6) ^ ROTR (x,11) ^ ROTR (x,25))
883 #define F0(x,y,z) ((x & y) | (z & (x | y)))
884 #define F1(x,y,z) (z ^ (x & (y ^ z)))
886 #define R(t) (W[t] = S1(W[t - 2]) + W[t - 7] + \
887 S0(W[t - 15]) + W[t - 16])
889 #define P(a,b,c,d,e,f,g,h,x,K) G_STMT_START { \
890 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
891 temp2 = S2(a) + F0(a,b,c); \
892 d += temp1; h = temp1 + temp2; } G_STMT_END
903 P (A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98);
904 P (H, A, B, C, D, E, F, G, W[ 1], 0x71374491);
905 P (G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF);
906 P (F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5);
907 P (E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B);
908 P (D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1);
909 P (C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4);
910 P (B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5);
911 P (A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98);
912 P (H, A, B, C, D, E, F, G, W[ 9], 0x12835B01);
913 P (G, H, A, B, C, D, E, F, W[10], 0x243185BE);
914 P (F, G, H, A, B, C, D, E, W[11], 0x550C7DC3);
915 P (E, F, G, H, A, B, C, D, W[12], 0x72BE5D74);
916 P (D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE);
917 P (C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7);
918 P (B, C, D, E, F, G, H, A, W[15], 0xC19BF174);
919 P (A, B, C, D, E, F, G, H, R(16), 0xE49B69C1);
920 P (H, A, B, C, D, E, F, G, R(17), 0xEFBE4786);
921 P (G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6);
922 P (F, G, H, A, B, C, D, E, R(19), 0x240CA1CC);
923 P (E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F);
924 P (D, E, F, G, H, A, B, C, R(21), 0x4A7484AA);
925 P (C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC);
926 P (B, C, D, E, F, G, H, A, R(23), 0x76F988DA);
927 P (A, B, C, D, E, F, G, H, R(24), 0x983E5152);
928 P (H, A, B, C, D, E, F, G, R(25), 0xA831C66D);
929 P (G, H, A, B, C, D, E, F, R(26), 0xB00327C8);
930 P (F, G, H, A, B, C, D, E, R(27), 0xBF597FC7);
931 P (E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3);
932 P (D, E, F, G, H, A, B, C, R(29), 0xD5A79147);
933 P (C, D, E, F, G, H, A, B, R(30), 0x06CA6351);
934 P (B, C, D, E, F, G, H, A, R(31), 0x14292967);
935 P (A, B, C, D, E, F, G, H, R(32), 0x27B70A85);
936 P (H, A, B, C, D, E, F, G, R(33), 0x2E1B2138);
937 P (G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC);
938 P (F, G, H, A, B, C, D, E, R(35), 0x53380D13);
939 P (E, F, G, H, A, B, C, D, R(36), 0x650A7354);
940 P (D, E, F, G, H, A, B, C, R(37), 0x766A0ABB);
941 P (C, D, E, F, G, H, A, B, R(38), 0x81C2C92E);
942 P (B, C, D, E, F, G, H, A, R(39), 0x92722C85);
943 P (A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1);
944 P (H, A, B, C, D, E, F, G, R(41), 0xA81A664B);
945 P (G, H, A, B, C, D, E, F, R(42), 0xC24B8B70);
946 P (F, G, H, A, B, C, D, E, R(43), 0xC76C51A3);
947 P (E, F, G, H, A, B, C, D, R(44), 0xD192E819);
948 P (D, E, F, G, H, A, B, C, R(45), 0xD6990624);
949 P (C, D, E, F, G, H, A, B, R(46), 0xF40E3585);
950 P (B, C, D, E, F, G, H, A, R(47), 0x106AA070);
951 P (A, B, C, D, E, F, G, H, R(48), 0x19A4C116);
952 P (H, A, B, C, D, E, F, G, R(49), 0x1E376C08);
953 P (G, H, A, B, C, D, E, F, R(50), 0x2748774C);
954 P (F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5);
955 P (E, F, G, H, A, B, C, D, R(52), 0x391C0CB3);
956 P (D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A);
957 P (C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F);
958 P (B, C, D, E, F, G, H, A, R(55), 0x682E6FF3);
959 P (A, B, C, D, E, F, G, H, R(56), 0x748F82EE);
960 P (H, A, B, C, D, E, F, G, R(57), 0x78A5636F);
961 P (G, H, A, B, C, D, E, F, R(58), 0x84C87814);
962 P (F, G, H, A, B, C, D, E, R(59), 0x8CC70208);
963 P (E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA);
964 P (D, E, F, G, H, A, B, C, R(61), 0xA4506CEB);
965 P (C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7);
966 P (B, C, D, E, F, G, H, A, R(63), 0xC67178F2);
990 sha256_sum_update (Sha256sum *sha256,
991 const guchar *buffer,
995 const guint8 *input = buffer;
1000 left = sha256->bits[0] & 0x3F;
1003 sha256->bits[0] += length;
1004 sha256->bits[0] &= 0xFFFFFFFF;
1006 if (sha256->bits[0] < length)
1009 if (left > 0 && length >= fill)
1011 memcpy ((sha256->data + left), input, fill);
1013 sha256_transform (sha256->buf, sha256->data);
1020 while (length >= SHA256_DATASIZE)
1022 sha256_transform (sha256->buf, input);
1029 memcpy (sha256->data + left, input, length);
1032 static guint8 sha256_padding[64] =
1034 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1035 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1036 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1037 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
1041 sha256_sum_close (Sha256sum *sha256)
1047 high = (sha256->bits[0] >> 29)
1048 | (sha256->bits[1] << 3);
1049 low = (sha256->bits[0] << 3);
1051 PUT_UINT32 (high, msglen, 0);
1052 PUT_UINT32 (low, msglen, 4);
1054 last = sha256->bits[0] & 0x3F;
1055 padn = (last < 56) ? (56 - last) : (120 - last);
1057 sha256_sum_update (sha256, sha256_padding, padn);
1058 sha256_sum_update (sha256, msglen, 8);
1060 PUT_UINT32 (sha256->buf[0], sha256->digest, 0);
1061 PUT_UINT32 (sha256->buf[1], sha256->digest, 4);
1062 PUT_UINT32 (sha256->buf[2], sha256->digest, 8);
1063 PUT_UINT32 (sha256->buf[3], sha256->digest, 12);
1064 PUT_UINT32 (sha256->buf[4], sha256->digest, 16);
1065 PUT_UINT32 (sha256->buf[5], sha256->digest, 20);
1066 PUT_UINT32 (sha256->buf[6], sha256->digest, 24);
1067 PUT_UINT32 (sha256->buf[7], sha256->digest, 28);
1074 sha256_sum_to_string (Sha256sum *sha256)
1076 return digest_to_string (sha256->digest, SHA256_DIGEST_LEN);
1080 sha256_sum_digest (Sha256sum *sha256,
1085 for (i = 0; i < SHA256_DIGEST_LEN; i++)
1086 digest[i] = sha256->digest[i];
1090 * SHA-384, SHA-512, SHA-512/224 and SHA-512/256 Checksums
1092 * Implemented following FIPS-180-4 standard at
1093 * http://csrc.nist.gov/publications/fips/fips180-4/fips180-4.pdf.
1094 * References in the form [§x.y.z] map to sections in that document.
1096 * Author(s): Eduardo Lima Mitev <elima@igalia.com>
1097 * Igor Gnatenko <ignatenko@src.gnome.org>
1100 /* SHA-384, SHA-512, SHA-512/224 and SHA-512/256 functions [§4.1.3] */
1101 #define Ch(x,y,z) ((x & y) ^ (~x & z))
1102 #define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
1103 #define SHR(n,x) (x >> n)
1104 #define ROTR(n,x) (SHR (n, x) | (x << (64 - n)))
1105 #define SIGMA0(x) (ROTR (28, x) ^ ROTR (34, x) ^ ROTR (39, x))
1106 #define SIGMA1(x) (ROTR (14, x) ^ ROTR (18, x) ^ ROTR (41, x))
1107 #define sigma0(x) (ROTR ( 1, x) ^ ROTR ( 8, x) ^ SHR ( 7, x))
1108 #define sigma1(x) (ROTR (19, x) ^ ROTR (61, x) ^ SHR ( 6, x))
1110 #define PUT_UINT64(n,b,i) G_STMT_START{ \
1111 (b)[(i) ] = (guint8) (n >> 56); \
1112 (b)[(i) + 1] = (guint8) (n >> 48); \
1113 (b)[(i) + 2] = (guint8) (n >> 40); \
1114 (b)[(i) + 3] = (guint8) (n >> 32); \
1115 (b)[(i) + 4] = (guint8) (n >> 24); \
1116 (b)[(i) + 5] = (guint8) (n >> 16); \
1117 (b)[(i) + 6] = (guint8) (n >> 8); \
1118 (b)[(i) + 7] = (guint8) (n ); } G_STMT_END
1120 /* SHA-384 and SHA-512 constants [§4.2.3] */
1121 static const guint64 SHA2_K[80] = {
1122 G_GUINT64_CONSTANT (0x428a2f98d728ae22), G_GUINT64_CONSTANT (0x7137449123ef65cd),
1123 G_GUINT64_CONSTANT (0xb5c0fbcfec4d3b2f), G_GUINT64_CONSTANT (0xe9b5dba58189dbbc),
1124 G_GUINT64_CONSTANT (0x3956c25bf348b538), G_GUINT64_CONSTANT (0x59f111f1b605d019),
1125 G_GUINT64_CONSTANT (0x923f82a4af194f9b), G_GUINT64_CONSTANT (0xab1c5ed5da6d8118),
1126 G_GUINT64_CONSTANT (0xd807aa98a3030242), G_GUINT64_CONSTANT (0x12835b0145706fbe),
1127 G_GUINT64_CONSTANT (0x243185be4ee4b28c), G_GUINT64_CONSTANT (0x550c7dc3d5ffb4e2),
1128 G_GUINT64_CONSTANT (0x72be5d74f27b896f), G_GUINT64_CONSTANT (0x80deb1fe3b1696b1),
1129 G_GUINT64_CONSTANT (0x9bdc06a725c71235), G_GUINT64_CONSTANT (0xc19bf174cf692694),
1130 G_GUINT64_CONSTANT (0xe49b69c19ef14ad2), G_GUINT64_CONSTANT (0xefbe4786384f25e3),
1131 G_GUINT64_CONSTANT (0x0fc19dc68b8cd5b5), G_GUINT64_CONSTANT (0x240ca1cc77ac9c65),
1132 G_GUINT64_CONSTANT (0x2de92c6f592b0275), G_GUINT64_CONSTANT (0x4a7484aa6ea6e483),
1133 G_GUINT64_CONSTANT (0x5cb0a9dcbd41fbd4), G_GUINT64_CONSTANT (0x76f988da831153b5),
1134 G_GUINT64_CONSTANT (0x983e5152ee66dfab), G_GUINT64_CONSTANT (0xa831c66d2db43210),
1135 G_GUINT64_CONSTANT (0xb00327c898fb213f), G_GUINT64_CONSTANT (0xbf597fc7beef0ee4),
1136 G_GUINT64_CONSTANT (0xc6e00bf33da88fc2), G_GUINT64_CONSTANT (0xd5a79147930aa725),
1137 G_GUINT64_CONSTANT (0x06ca6351e003826f), G_GUINT64_CONSTANT (0x142929670a0e6e70),
1138 G_GUINT64_CONSTANT (0x27b70a8546d22ffc), G_GUINT64_CONSTANT (0x2e1b21385c26c926),
1139 G_GUINT64_CONSTANT (0x4d2c6dfc5ac42aed), G_GUINT64_CONSTANT (0x53380d139d95b3df),
1140 G_GUINT64_CONSTANT (0x650a73548baf63de), G_GUINT64_CONSTANT (0x766a0abb3c77b2a8),
1141 G_GUINT64_CONSTANT (0x81c2c92e47edaee6), G_GUINT64_CONSTANT (0x92722c851482353b),
1142 G_GUINT64_CONSTANT (0xa2bfe8a14cf10364), G_GUINT64_CONSTANT (0xa81a664bbc423001),
1143 G_GUINT64_CONSTANT (0xc24b8b70d0f89791), G_GUINT64_CONSTANT (0xc76c51a30654be30),
1144 G_GUINT64_CONSTANT (0xd192e819d6ef5218), G_GUINT64_CONSTANT (0xd69906245565a910),
1145 G_GUINT64_CONSTANT (0xf40e35855771202a), G_GUINT64_CONSTANT (0x106aa07032bbd1b8),
1146 G_GUINT64_CONSTANT (0x19a4c116b8d2d0c8), G_GUINT64_CONSTANT (0x1e376c085141ab53),
1147 G_GUINT64_CONSTANT (0x2748774cdf8eeb99), G_GUINT64_CONSTANT (0x34b0bcb5e19b48a8),
1148 G_GUINT64_CONSTANT (0x391c0cb3c5c95a63), G_GUINT64_CONSTANT (0x4ed8aa4ae3418acb),
1149 G_GUINT64_CONSTANT (0x5b9cca4f7763e373), G_GUINT64_CONSTANT (0x682e6ff3d6b2b8a3),
1150 G_GUINT64_CONSTANT (0x748f82ee5defb2fc), G_GUINT64_CONSTANT (0x78a5636f43172f60),
1151 G_GUINT64_CONSTANT (0x84c87814a1f0ab72), G_GUINT64_CONSTANT (0x8cc702081a6439ec),
1152 G_GUINT64_CONSTANT (0x90befffa23631e28), G_GUINT64_CONSTANT (0xa4506cebde82bde9),
1153 G_GUINT64_CONSTANT (0xbef9a3f7b2c67915), G_GUINT64_CONSTANT (0xc67178f2e372532b),
1154 G_GUINT64_CONSTANT (0xca273eceea26619c), G_GUINT64_CONSTANT (0xd186b8c721c0c207),
1155 G_GUINT64_CONSTANT (0xeada7dd6cde0eb1e), G_GUINT64_CONSTANT (0xf57d4f7fee6ed178),
1156 G_GUINT64_CONSTANT (0x06f067aa72176fba), G_GUINT64_CONSTANT (0x0a637dc5a2c898a6),
1157 G_GUINT64_CONSTANT (0x113f9804bef90dae), G_GUINT64_CONSTANT (0x1b710b35131c471b),
1158 G_GUINT64_CONSTANT (0x28db77f523047d84), G_GUINT64_CONSTANT (0x32caab7b40c72493),
1159 G_GUINT64_CONSTANT (0x3c9ebe0a15c9bebc), G_GUINT64_CONSTANT (0x431d67c49c100d4c),
1160 G_GUINT64_CONSTANT (0x4cc5d4becb3e42b6), G_GUINT64_CONSTANT (0x597f299cfc657e2a),
1161 G_GUINT64_CONSTANT (0x5fcb6fab3ad6faec), G_GUINT64_CONSTANT (0x6c44198c4a475817)
1166 sha384_sum_init (Sha512sum *sha512)
1168 /* Initial Hash Value [§5.3.4] */
1169 sha512->H[0] = G_GUINT64_CONSTANT (0xcbbb9d5dc1059ed8);
1170 sha512->H[1] = G_GUINT64_CONSTANT (0x629a292a367cd507);
1171 sha512->H[2] = G_GUINT64_CONSTANT (0x9159015a3070dd17);
1172 sha512->H[3] = G_GUINT64_CONSTANT (0x152fecd8f70e5939);
1173 sha512->H[4] = G_GUINT64_CONSTANT (0x67332667ffc00b31);
1174 sha512->H[5] = G_GUINT64_CONSTANT (0x8eb44a8768581511);
1175 sha512->H[6] = G_GUINT64_CONSTANT (0xdb0c2e0d64f98fa7);
1176 sha512->H[7] = G_GUINT64_CONSTANT (0x47b5481dbefa4fa4);
1178 sha512->block_len = 0;
1180 sha512->data_len[0] = 0;
1181 sha512->data_len[1] = 0;
1185 sha512_sum_init (Sha512sum *sha512)
1187 /* Initial Hash Value [§5.3.5] */
1188 sha512->H[0] = G_GUINT64_CONSTANT (0x6a09e667f3bcc908);
1189 sha512->H[1] = G_GUINT64_CONSTANT (0xbb67ae8584caa73b);
1190 sha512->H[2] = G_GUINT64_CONSTANT (0x3c6ef372fe94f82b);
1191 sha512->H[3] = G_GUINT64_CONSTANT (0xa54ff53a5f1d36f1);
1192 sha512->H[4] = G_GUINT64_CONSTANT (0x510e527fade682d1);
1193 sha512->H[5] = G_GUINT64_CONSTANT (0x9b05688c2b3e6c1f);
1194 sha512->H[6] = G_GUINT64_CONSTANT (0x1f83d9abfb41bd6b);
1195 sha512->H[7] = G_GUINT64_CONSTANT (0x5be0cd19137e2179);
1197 sha512->block_len = 0;
1199 sha512->data_len[0] = 0;
1200 sha512->data_len[1] = 0;
1204 sha512_transform (guint64 H[8],
1205 guint8 const data[SHA2_BLOCK_LEN])
1209 guint64 a, b, c, d, e, f, g, h;
1213 /* SHA-512 hash computation [§6.4.2] */
1215 /* prepare the message schedule */
1216 for (i = 0; i < 16; i++)
1221 ((guint64) data[p + 0] << 56) |
1222 ((guint64) data[p + 1] << 48) |
1223 ((guint64) data[p + 2] << 40) |
1224 ((guint64) data[p + 3] << 32) |
1225 ((guint64) data[p + 4] << 24) |
1226 ((guint64) data[p + 5] << 16) |
1227 ((guint64) data[p + 6] << 8) |
1228 ((guint64) data[p + 7] );
1231 for (t = 0; t < 80; t++)
1235 W[t] = sigma1 (W[t - 2]) + W[t - 7] + sigma0 (W[t - 15]) + W[t - 16];
1237 /* initialize the eight working variables */
1247 for (t = 0; t < 80; t++)
1251 T1 = h + SIGMA1 (e) + Ch (e, f, g) + SHA2_K[t] + W[t];
1252 T2 = SIGMA0 (a) + Maj (a, b, c);
1263 /* Compute the intermediate hash value H */
1275 sha512_sum_update (Sha512sum *sha512,
1276 const guchar *buffer,
1279 gsize block_left, offset = 0;
1284 sha512->data_len[0] += length * 8;
1285 if (sha512->data_len[0] < length)
1286 sha512->data_len[1]++;
1288 /* try to fill current block */
1289 block_left = SHA2_BLOCK_LEN - sha512->block_len;
1294 fill_len = MIN (block_left, length);
1295 memcpy (sha512->block + sha512->block_len, buffer, fill_len);
1296 sha512->block_len += fill_len;
1300 if (sha512->block_len == SHA2_BLOCK_LEN)
1302 sha512_transform (sha512->H, sha512->block);
1303 sha512->block_len = 0;
1307 /* process complete blocks */
1308 while (length >= SHA2_BLOCK_LEN)
1310 memcpy (sha512->block, buffer + offset, SHA2_BLOCK_LEN);
1312 sha512_transform (sha512->H, sha512->block);
1314 length -= SHA2_BLOCK_LEN;
1315 offset += SHA2_BLOCK_LEN;
1318 /* keep remaining data for next block */
1321 memcpy (sha512->block, buffer + offset, length);
1322 sha512->block_len = length;
1327 sha512_sum_close (Sha512sum *sha512)
1331 guint8 pad[SHA2_BLOCK_LEN * 2] = { 0, };
1335 /* apply padding [§5.1.2] */
1336 l = sha512->block_len * 8;
1337 zeros = 896 - (l + 1);
1342 pad[0] = 0x80; /* 1000 0000 */
1346 memset (pad + pad_len, 0x00, zeros / 8);
1347 pad_len += zeros / 8;
1349 (void) zeros; /* don’t care about the dead store */
1351 /* put message bit length at the end of padding */
1352 PUT_UINT64 (sha512->data_len[1], pad, pad_len);
1355 PUT_UINT64 (sha512->data_len[0], pad, pad_len);
1358 /* update checksum with the padded block */
1359 sha512_sum_update (sha512, pad, pad_len);
1361 /* copy resulting 64-bit words into digest */
1362 for (i = 0; i < 8; i++)
1363 PUT_UINT64 (sha512->H[i], sha512->digest, i * 8);
1367 sha384_sum_to_string (Sha512sum *sha512)
1369 return digest_to_string (sha512->digest, SHA384_DIGEST_LEN);
1373 sha512_sum_to_string (Sha512sum *sha512)
1375 return digest_to_string (sha512->digest, SHA512_DIGEST_LEN);
1379 sha384_sum_digest (Sha512sum *sha512,
1382 memcpy (digest, sha512->digest, SHA384_DIGEST_LEN);
1386 sha512_sum_digest (Sha512sum *sha512,
1389 memcpy (digest, sha512->digest, SHA512_DIGEST_LEN);
1408 * g_checksum_type_get_length:
1409 * @checksum_type: a #GChecksumType
1411 * Gets the length in bytes of digests of type @checksum_type
1413 * Returns: the checksum length, or -1 if @checksum_type is
1419 g_checksum_type_get_length (GChecksumType checksum_type)
1423 switch (checksum_type)
1425 case G_CHECKSUM_MD5:
1426 len = MD5_DIGEST_LEN;
1428 case G_CHECKSUM_SHA1:
1429 len = SHA1_DIGEST_LEN;
1431 case G_CHECKSUM_SHA256:
1432 len = SHA256_DIGEST_LEN;
1434 case G_CHECKSUM_SHA384:
1435 len = SHA384_DIGEST_LEN;
1437 case G_CHECKSUM_SHA512:
1438 len = SHA512_DIGEST_LEN;
1450 * @checksum_type: the desired type of checksum
1452 * Creates a new #GChecksum, using the checksum algorithm @checksum_type.
1453 * If the @checksum_type is not known, %NULL is returned.
1454 * A #GChecksum can be used to compute the checksum, or digest, of an
1455 * arbitrary binary blob, using different hashing algorithms.
1457 * A #GChecksum works by feeding a binary blob through g_checksum_update()
1458 * until there is data to be checked; the digest can then be extracted
1459 * using g_checksum_get_string(), which will return the checksum as a
1460 * hexadecimal string; or g_checksum_get_digest(), which will return a
1461 * vector of raw bytes. Once either g_checksum_get_string() or
1462 * g_checksum_get_digest() have been called on a #GChecksum, the checksum
1463 * will be closed and it won't be possible to call g_checksum_update()
1466 * Returns: (transfer full) (nullable): the newly created #GChecksum, or %NULL.
1467 * Use g_checksum_free() to free the memory allocated by it.
1472 g_checksum_new (GChecksumType checksum_type)
1474 GChecksum *checksum;
1476 if (! IS_VALID_TYPE (checksum_type))
1479 checksum = g_slice_new0 (GChecksum);
1480 checksum->type = checksum_type;
1482 g_checksum_reset (checksum);
1489 * @checksum: the #GChecksum to reset
1491 * Resets the state of the @checksum back to its initial state.
1496 g_checksum_reset (GChecksum *checksum)
1498 g_return_if_fail (checksum != NULL);
1500 g_free (checksum->digest_str);
1501 checksum->digest_str = NULL;
1503 switch (checksum->type)
1505 case G_CHECKSUM_MD5:
1506 md5_sum_init (&(checksum->sum.md5));
1508 case G_CHECKSUM_SHA1:
1509 sha1_sum_init (&(checksum->sum.sha1));
1511 case G_CHECKSUM_SHA256:
1512 sha256_sum_init (&(checksum->sum.sha256));
1514 case G_CHECKSUM_SHA384:
1515 sha384_sum_init (&(checksum->sum.sha512));
1517 case G_CHECKSUM_SHA512:
1518 sha512_sum_init (&(checksum->sum.sha512));
1521 g_assert_not_reached ();
1528 * @checksum: the #GChecksum to copy
1530 * Copies a #GChecksum. If @checksum has been closed, by calling
1531 * g_checksum_get_string() or g_checksum_get_digest(), the copied
1532 * checksum will be closed as well.
1534 * Returns: (transfer full): the copy of the passed #GChecksum. Use
1535 * g_checksum_free() when finished using it.
1540 g_checksum_copy (const GChecksum *checksum)
1544 g_return_val_if_fail (checksum != NULL, NULL);
1546 copy = g_slice_new (GChecksum);
1549 copy->digest_str = g_strdup (checksum->digest_str);
1556 * @checksum: a #GChecksum
1558 * Frees the memory allocated for @checksum.
1563 g_checksum_free (GChecksum *checksum)
1565 if (G_LIKELY (checksum))
1567 g_free (checksum->digest_str);
1569 g_slice_free (GChecksum, checksum);
1574 * g_checksum_update:
1575 * @checksum: a #GChecksum
1576 * @data: (array length=length) (element-type guint8): buffer used to compute the checksum
1577 * @length: size of the buffer, or -1 if it is a null-terminated string.
1579 * Feeds @data into an existing #GChecksum. The checksum must still be
1580 * open, that is g_checksum_get_string() or g_checksum_get_digest() must
1581 * not have been called on @checksum.
1586 g_checksum_update (GChecksum *checksum,
1590 g_return_if_fail (checksum != NULL);
1591 g_return_if_fail (length == 0 || data != NULL);
1594 length = strlen ((const gchar *) data);
1596 if (checksum->digest_str)
1598 g_warning ("The checksum '%s' has been closed and cannot be updated "
1600 checksum->digest_str);
1604 switch (checksum->type)
1606 case G_CHECKSUM_MD5:
1607 md5_sum_update (&(checksum->sum.md5), data, length);
1609 case G_CHECKSUM_SHA1:
1610 sha1_sum_update (&(checksum->sum.sha1), data, length);
1612 case G_CHECKSUM_SHA256:
1613 sha256_sum_update (&(checksum->sum.sha256), data, length);
1615 case G_CHECKSUM_SHA384:
1616 case G_CHECKSUM_SHA512:
1617 sha512_sum_update (&(checksum->sum.sha512), data, length);
1620 g_assert_not_reached ();
1626 * g_checksum_get_string:
1627 * @checksum: a #GChecksum
1629 * Gets the digest as a hexadecimal string.
1631 * Once this function has been called the #GChecksum can no longer be
1632 * updated with g_checksum_update().
1634 * The hexadecimal characters will be lower case.
1636 * Returns: the hexadecimal representation of the checksum. The
1637 * returned string is owned by the checksum and should not be modified
1643 g_checksum_get_string (GChecksum *checksum)
1647 g_return_val_if_fail (checksum != NULL, NULL);
1649 if (checksum->digest_str)
1650 return checksum->digest_str;
1652 switch (checksum->type)
1654 case G_CHECKSUM_MD5:
1655 md5_sum_close (&(checksum->sum.md5));
1656 str = md5_sum_to_string (&(checksum->sum.md5));
1658 case G_CHECKSUM_SHA1:
1659 sha1_sum_close (&(checksum->sum.sha1));
1660 str = sha1_sum_to_string (&(checksum->sum.sha1));
1662 case G_CHECKSUM_SHA256:
1663 sha256_sum_close (&(checksum->sum.sha256));
1664 str = sha256_sum_to_string (&(checksum->sum.sha256));
1666 case G_CHECKSUM_SHA384:
1667 sha512_sum_close (&(checksum->sum.sha512));
1668 str = sha384_sum_to_string (&(checksum->sum.sha512));
1670 case G_CHECKSUM_SHA512:
1671 sha512_sum_close (&(checksum->sum.sha512));
1672 str = sha512_sum_to_string (&(checksum->sum.sha512));
1675 g_assert_not_reached ();
1679 checksum->digest_str = str;
1681 return checksum->digest_str;
1685 * g_checksum_get_digest: (skip)
1686 * @checksum: a #GChecksum
1687 * @buffer: (array length=digest_len): output buffer
1688 * @digest_len: (inout): an inout parameter. The caller initializes it to the size of @buffer.
1689 * After the call it contains the length of the digest.
1691 * Gets the digest from @checksum as a raw binary vector and places it
1692 * into @buffer. The size of the digest depends on the type of checksum.
1694 * Once this function has been called, the #GChecksum is closed and can
1695 * no longer be updated with g_checksum_update().
1700 g_checksum_get_digest (GChecksum *checksum,
1704 gboolean checksum_open = FALSE;
1708 g_return_if_fail (checksum != NULL);
1710 len = g_checksum_type_get_length (checksum->type);
1711 g_return_if_fail (*digest_len >= len);
1713 checksum_open = !!(checksum->digest_str == NULL);
1715 switch (checksum->type)
1717 case G_CHECKSUM_MD5:
1720 md5_sum_close (&(checksum->sum.md5));
1721 str = md5_sum_to_string (&(checksum->sum.md5));
1723 md5_sum_digest (&(checksum->sum.md5), buffer);
1725 case G_CHECKSUM_SHA1:
1728 sha1_sum_close (&(checksum->sum.sha1));
1729 str = sha1_sum_to_string (&(checksum->sum.sha1));
1731 sha1_sum_digest (&(checksum->sum.sha1), buffer);
1733 case G_CHECKSUM_SHA256:
1736 sha256_sum_close (&(checksum->sum.sha256));
1737 str = sha256_sum_to_string (&(checksum->sum.sha256));
1739 sha256_sum_digest (&(checksum->sum.sha256), buffer);
1741 case G_CHECKSUM_SHA384:
1744 sha512_sum_close (&(checksum->sum.sha512));
1745 str = sha384_sum_to_string (&(checksum->sum.sha512));
1747 sha384_sum_digest (&(checksum->sum.sha512), buffer);
1749 case G_CHECKSUM_SHA512:
1752 sha512_sum_close (&(checksum->sum.sha512));
1753 str = sha512_sum_to_string (&(checksum->sum.sha512));
1755 sha512_sum_digest (&(checksum->sum.sha512), buffer);
1758 g_assert_not_reached ();
1763 checksum->digest_str = str;
1769 * g_compute_checksum_for_data:
1770 * @checksum_type: a #GChecksumType
1771 * @data: (array length=length) (element-type guint8): binary blob to compute the digest of
1772 * @length: length of @data
1774 * Computes the checksum for a binary @data of @length. This is a
1775 * convenience wrapper for g_checksum_new(), g_checksum_get_string()
1776 * and g_checksum_free().
1778 * The hexadecimal string returned will be in lower case.
1780 * Returns: (transfer full) (nullable): the digest of the binary data as a
1781 * string in hexadecimal, or %NULL if g_checksum_new() fails for
1782 * @checksum_type. The returned string should be freed with g_free() when
1788 g_compute_checksum_for_data (GChecksumType checksum_type,
1792 GChecksum *checksum;
1795 g_return_val_if_fail (length == 0 || data != NULL, NULL);
1797 checksum = g_checksum_new (checksum_type);
1801 g_checksum_update (checksum, data, length);
1802 retval = g_strdup (g_checksum_get_string (checksum));
1803 g_checksum_free (checksum);
1809 * g_compute_checksum_for_string:
1810 * @checksum_type: a #GChecksumType
1811 * @str: the string to compute the checksum of
1812 * @length: the length of the string, or -1 if the string is null-terminated.
1814 * Computes the checksum of a string.
1816 * The hexadecimal string returned will be in lower case.
1818 * Returns: (transfer full) (nullable): the checksum as a hexadecimal string,
1819 * or %NULL if g_checksum_new() fails for @checksum_type. The returned string
1820 * should be freed with g_free() when done using it.
1825 g_compute_checksum_for_string (GChecksumType checksum_type,
1829 g_return_val_if_fail (length == 0 || str != NULL, NULL);
1832 length = strlen (str);
1834 return g_compute_checksum_for_data (checksum_type, (const guchar *) str, length);
1838 * g_compute_checksum_for_bytes:
1839 * @checksum_type: a #GChecksumType
1840 * @data: binary blob to compute the digest of
1842 * Computes the checksum for a binary @data. This is a
1843 * convenience wrapper for g_checksum_new(), g_checksum_get_string()
1844 * and g_checksum_free().
1846 * The hexadecimal string returned will be in lower case.
1848 * Returns: (transfer full) (nullable): the digest of the binary data as a
1849 * string in hexadecimal, or %NULL if g_checksum_new() fails for
1850 * @checksum_type. The returned string should be freed with g_free() when
1856 g_compute_checksum_for_bytes (GChecksumType checksum_type,
1859 gconstpointer byte_data;
1862 g_return_val_if_fail (data != NULL, NULL);
1864 byte_data = g_bytes_get_data (data, &length);
1865 return g_compute_checksum_for_data (checksum_type, byte_data, length);