1 /* ghmac.h - data hashing functions
3 * Copyright (C) 2011 Collabora Ltd.
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Library General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Library General Public License for more details.
15 * You should have received a copy of the GNU Library General Public
16 * License along with this library; if not, write to the
17 * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 * Boston, MA 02111-1307, USA.
20 * Author: Stef Walter <stefw@collabora.co.uk>
29 #include "glib/galloca.h"
33 #include "gstrfuncs.h"
34 #include "gtestutils.h"
41 * @title: Secure HMAC Digests
42 * @short_description: computes the HMAC for data
44 * HMACs should be used when producing a cookie or hash based on data
45 * and a key. Simple mechanisms for using SHA1 and other algorithms to
46 * digest a key and data together are vulnerable to various security
47 * issues. <ulink url="http://en.wikipedia.org/wiki/HMAC">HMAC</ulink>
48 * uses algorithms like SHA1 in a secure way to produce a digest of a
51 * Both the key and data are arbitrary byte arrays of bytes or characters.
53 * Support for HMAC Digests has been added in GLib 2.30.
59 GChecksumType digest_type;
66 * @digest_type: the desired type of digest
67 * @key: (array length=key_len): the key for the HMAC
68 * @key_len: the length of the keys
70 * Creates a new #GHmac, using the digest algorithm @digest_type.
71 * If the @digest_type is not known, %NULL is returned.
72 * A #GHmac can be used to compute the HMAC of a key and an
73 * arbitrary binary blob, using different hashing algorithms.
75 * A #GHmac works by feeding a binary blob through g_hmac_update()
76 * until the data is complete; the digest can then be extracted
77 * using g_hmac_get_string(), which will return the checksum as a
78 * hexadecimal string; or g_hmac_get_digest(), which will return a
79 * array of raw bytes. Once either g_hmac_get_string() or
80 * g_hmac_get_digest() have been called on a #GHmac, the HMAC
81 * will be closed and it won't be possible to call g_hmac_update()
84 * Return value: the newly created #GHmac, or %NULL.
85 * Use g_hmac_unref() to free the memory allocated by it.
90 g_hmac_new (GChecksumType digest_type,
101 checksum = g_checksum_new (digest_type);
102 g_return_val_if_fail (checksum != NULL, NULL);
107 case G_CHECKSUM_SHA1:
108 block_size = 64; /* RFC 2104 */
110 case G_CHECKSUM_SHA256:
111 block_size = 64; /* RFC draft-kelly-ipsec-ciph-sha2-01 */
114 g_return_val_if_reached (NULL);
117 hmac = g_slice_new0 (GHmac);
119 hmac->digest_type = digest_type;
120 hmac->digesti = checksum;
121 hmac->digesto = g_checksum_new (digest_type);
123 buffer = g_alloca (block_size);
124 pad = g_alloca (block_size);
126 memset (buffer, 0, block_size);
128 /* If the key is too long, hash it */
129 if (key_len > block_size)
132 g_checksum_update (hmac->digesti, key, key_len);
133 g_checksum_get_digest (hmac->digesti, buffer, &len);
134 g_checksum_reset (hmac->digesti);
137 /* Otherwise pad it with zeros */
140 memcpy (buffer, key, key_len);
144 for (i = 0; i < block_size; i++)
145 pad[i] = 0x36 ^ buffer[i]; /* ipad value */
146 g_checksum_update (hmac->digesti, pad, block_size);
149 for (i = 0; i < block_size; i++)
150 pad[i] = 0x5c ^ buffer[i]; /* opad value */
151 g_checksum_update (hmac->digesto, pad, block_size);
158 * @hmac: the #GHmac to copy
160 * Copies a #GHmac. If @hmac has been closed, by calling
161 * g_hmac_get_string() or g_hmac_get_digest(), the copied
162 * HMAC will be closed as well.
164 * Return value: the copy of the passed #GHmac. Use g_hmac_unref()
165 * when finished using it.
170 g_hmac_copy (const GHmac *hmac)
174 g_return_val_if_fail (hmac != NULL, NULL);
176 copy = g_slice_new (GHmac);
178 copy->digest_type = hmac->digest_type;
179 copy->digesti = g_checksum_copy (hmac->digesti);
180 copy->digesto = g_checksum_copy (hmac->digesto);
187 * @hmac: a valid #GHmac
189 * Atomically increments the reference count of @hmac by one.
191 * This function is MT-safe and may be called from any thread.
193 * Return value: the passed in #GHmac.
198 g_hmac_ref (GHmac *hmac)
200 g_return_val_if_fail (hmac != NULL, NULL);
202 g_atomic_int_inc (&hmac->ref_count);
211 * Atomically decrements the reference count of @hmac by one.
213 * If the reference count drops to 0, all keys and values will be
214 * destroyed, and all memory allocated by the hash table is released.
215 * This function is MT-safe and may be called from any thread.
216 * Frees the memory allocated for @hmac.
221 g_hmac_unref (GHmac *hmac)
223 g_return_if_fail (hmac != NULL);
225 if (g_atomic_int_dec_and_test (&hmac->ref_count))
227 g_checksum_free (hmac->digesti);
228 g_checksum_free (hmac->digesto);
229 g_slice_free (GHmac, hmac);
236 * @data: (array length=length): buffer used to compute the checksum
237 * @length: size of the buffer, or -1 if it is a nul-terminated string
239 * Feeds @data into an existing #GHmac.
241 * The HMAC must still be open, that is g_hmac_get_string() or
242 * g_hmac_get_digest() must not have been called on @hmac.
247 g_hmac_update (GHmac *hmac,
251 g_return_if_fail (hmac != NULL);
252 g_return_if_fail (length == 0 || data != NULL);
254 g_checksum_update (hmac->digesti, data, length);
261 * Gets the HMAC as an hexadecimal string.
263 * Once this function has been called the #GHmac can no longer be
264 * updated with g_hmac_update().
266 * The hexadecimal characters will be lower case.
268 * Return value: the hexadecimal representation of the HMAC. The
269 * returned string is owned by the HMAC and should not be modified
275 g_hmac_get_string (GHmac *hmac)
280 g_return_val_if_fail (hmac != NULL, NULL);
282 digest_len = g_checksum_type_get_length (hmac->digest_type);
283 buffer = g_malloc (digest_len);
285 g_hmac_get_digest (hmac, buffer, &digest_len);
286 return g_checksum_get_string (hmac->digesto);
292 * @buffer: output buffer
293 * @digest_len: an inout parameter. The caller initializes it to the
294 * size of @buffer. After the call it contains the length of the digest
296 * Gets the digest from @checksum as a raw binary array and places it
297 * into @buffer. The size of the digest depends on the type of checksum.
299 * Once this function has been called, the #GHmac is closed and can
300 * no longer be updated with g_checksum_update().
305 g_hmac_get_digest (GHmac *hmac,
311 g_return_if_fail (hmac != NULL);
313 len = g_checksum_type_get_length (hmac->digest_type);
314 g_return_if_fail (*digest_len >= len);
316 /* Use the same buffer, because we can :) */
317 g_checksum_get_digest (hmac->digesti, buffer, &len);
318 g_checksum_update (hmac->digesto, buffer, len);
319 g_checksum_get_digest (hmac->digesto, buffer, digest_len);
323 * g_compute_hmac_for_data:
324 * @digest_type: a #GChecksumType to use for the HMAC
325 * @key: (array length=key_len): the key to use in the HMAC
326 * @key_len: the length of the key
327 * @data: binary blob to compute the HMAC of
328 * @length: length of @data
330 * Computes the HMAC for a binary @data of @length. This is a
331 * convenience wrapper for g_hmac_new(), g_hmac_get_string()
332 * and g_hmac_unref().
334 * The hexadecimal string returned will be in lower case.
336 * Return value: the HMAC of the binary data as a string in hexadecimal.
337 * The returned string should be freed with g_free() when done using it.
342 g_compute_hmac_for_data (GChecksumType digest_type,
351 g_return_val_if_fail (length == 0 || data != NULL, NULL);
353 hmac = g_hmac_new (digest_type, key, key_len);
357 g_hmac_update (hmac, data, length);
358 retval = g_strdup (g_hmac_get_string (hmac));
365 * g_compute_hmac_for_string:
366 * @digest_type: a #GChecksumType to use for the HMAC
367 * @key: (array length=key_len): the key to use in the HMAC
368 * @key_len: the length of the key
369 * @str: the string to compute the HMAC for
370 * @length: the length of the string, or -1 if the string is nul-terminated
372 * Computes the HMAC for a string.
374 * The hexadecimal string returned will be in lower case.
376 * Return value: the HMAC as a hexadecimal string.
377 * The returned string should be freed with g_free()
378 * when done using it.
383 g_compute_hmac_for_string (GChecksumType digest_type,
389 g_return_val_if_fail (length == 0 || str != NULL, NULL);
392 length = strlen (str);
394 return g_compute_hmac_for_data (digest_type, key, key_len,
395 (const guchar *) str, length);