1 /* ghmac.h - data hashing functions
3 * Copyright (C) 2011 Collabora Ltd.
5 * SPDX-License-Identifier: LGPL-2.1-or-later
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, see <http://www.gnu.org/licenses/>.
20 * Author: Stef Walter <stefw@collabora.co.uk>
29 #include "glib/galloca.h"
33 #include "gstrfuncs.h"
34 #include "gtestutils.h"
41 * @title: Secure HMAC Digests
42 * @short_description: computes the HMAC for data
44 * HMACs should be used when producing a cookie or hash based on data
45 * and a key. Simple mechanisms for using SHA1 and other algorithms to
46 * digest a key and data together are vulnerable to various security
48 * [HMAC](http://en.wikipedia.org/wiki/HMAC)
49 * uses algorithms like SHA1 in a secure way to produce a digest of a
52 * Both the key and data are arbitrary byte arrays of bytes or characters.
54 * Support for HMAC Digests has been added in GLib 2.30, and support for SHA-512
55 * in GLib 2.42. Support for SHA-384 was added in GLib 2.52.
61 GChecksumType digest_type;
68 * @digest_type: the desired type of digest
69 * @key: (array length=key_len): the key for the HMAC
70 * @key_len: the length of the keys
72 * Creates a new #GHmac, using the digest algorithm @digest_type.
73 * If the @digest_type is not known, %NULL is returned.
74 * A #GHmac can be used to compute the HMAC of a key and an
75 * arbitrary binary blob, using different hashing algorithms.
77 * A #GHmac works by feeding a binary blob through g_hmac_update()
78 * until the data is complete; the digest can then be extracted
79 * using g_hmac_get_string(), which will return the checksum as a
80 * hexadecimal string; or g_hmac_get_digest(), which will return a
81 * array of raw bytes. Once either g_hmac_get_string() or
82 * g_hmac_get_digest() have been called on a #GHmac, the HMAC
83 * will be closed and it won't be possible to call g_hmac_update()
86 * Support for digests of type %G_CHECKSUM_SHA512 has been added in GLib 2.42.
87 * Support for %G_CHECKSUM_SHA384 was added in GLib 2.52.
89 * Returns: the newly created #GHmac, or %NULL.
90 * Use g_hmac_unref() to free the memory allocated by it.
95 g_hmac_new (GChecksumType digest_type,
105 gssize block_size_signed, key_len_signed;
107 g_return_val_if_fail (key_len <= G_MAXSSIZE, NULL);
109 checksum = g_checksum_new (digest_type);
110 g_return_val_if_fail (checksum != NULL, NULL);
115 case G_CHECKSUM_SHA1:
116 block_size = 64; /* RFC 2104 */
118 case G_CHECKSUM_SHA256:
119 block_size = 64; /* RFC 4868 */
121 case G_CHECKSUM_SHA384:
122 case G_CHECKSUM_SHA512:
123 block_size = 128; /* RFC 4868 */
126 g_return_val_if_reached (NULL);
129 hmac = g_slice_new0 (GHmac);
131 hmac->digest_type = digest_type;
132 hmac->digesti = checksum;
133 hmac->digesto = g_checksum_new (digest_type);
135 buffer = g_alloca0 (block_size);
136 pad = g_alloca (block_size);
138 /* If the key is too long, hash it */
139 if (key_len > block_size)
142 g_assert (key_len <= G_MAXSSIZE);
143 key_len_signed = key_len;
144 g_checksum_update (hmac->digesti, key, key_len_signed);
145 g_checksum_get_digest (hmac->digesti, buffer, &len);
146 g_checksum_reset (hmac->digesti);
149 /* Otherwise pad it with zeros */
152 memcpy (buffer, key, key_len);
155 /* g_checksum_update() accepts a signed length, so build and check that. */
156 g_assert (block_size <= G_MAXSSIZE);
157 block_size_signed = block_size;
160 for (i = 0; i < block_size; i++)
161 pad[i] = 0x36 ^ buffer[i]; /* ipad value */
162 g_checksum_update (hmac->digesti, pad, block_size_signed);
165 for (i = 0; i < block_size; i++)
166 pad[i] = 0x5c ^ buffer[i]; /* opad value */
167 g_checksum_update (hmac->digesto, pad, block_size_signed);
174 * @hmac: the #GHmac to copy
176 * Copies a #GHmac. If @hmac has been closed, by calling
177 * g_hmac_get_string() or g_hmac_get_digest(), the copied
178 * HMAC will be closed as well.
180 * Returns: the copy of the passed #GHmac. Use g_hmac_unref()
181 * when finished using it.
186 g_hmac_copy (const GHmac *hmac)
190 g_return_val_if_fail (hmac != NULL, NULL);
192 copy = g_slice_new (GHmac);
194 copy->digest_type = hmac->digest_type;
195 copy->digesti = g_checksum_copy (hmac->digesti);
196 copy->digesto = g_checksum_copy (hmac->digesto);
203 * @hmac: a valid #GHmac
205 * Atomically increments the reference count of @hmac by one.
207 * This function is MT-safe and may be called from any thread.
209 * Returns: the passed in #GHmac.
214 g_hmac_ref (GHmac *hmac)
216 g_return_val_if_fail (hmac != NULL, NULL);
218 g_atomic_int_inc (&hmac->ref_count);
227 * Atomically decrements the reference count of @hmac by one.
229 * If the reference count drops to 0, all keys and values will be
230 * destroyed, and all memory allocated by the hash table is released.
231 * This function is MT-safe and may be called from any thread.
232 * Frees the memory allocated for @hmac.
237 g_hmac_unref (GHmac *hmac)
239 g_return_if_fail (hmac != NULL);
241 if (g_atomic_int_dec_and_test (&hmac->ref_count))
243 g_checksum_free (hmac->digesti);
244 g_checksum_free (hmac->digesto);
245 g_slice_free (GHmac, hmac);
252 * @data: (array length=length): buffer used to compute the checksum
253 * @length: size of the buffer, or -1 if it is a nul-terminated string
255 * Feeds @data into an existing #GHmac.
257 * The HMAC must still be open, that is g_hmac_get_string() or
258 * g_hmac_get_digest() must not have been called on @hmac.
263 g_hmac_update (GHmac *hmac,
267 g_return_if_fail (hmac != NULL);
268 g_return_if_fail (length == 0 || data != NULL);
270 g_checksum_update (hmac->digesti, data, length);
277 * Gets the HMAC as a hexadecimal string.
279 * Once this function has been called the #GHmac can no longer be
280 * updated with g_hmac_update().
282 * The hexadecimal characters will be lower case.
284 * Returns: the hexadecimal representation of the HMAC. The
285 * returned string is owned by the HMAC and should not be modified
291 g_hmac_get_string (GHmac *hmac)
294 gssize digest_len_signed;
297 g_return_val_if_fail (hmac != NULL, NULL);
299 /* It shouldn’t be possible for @digest_len_signed to be negative, as
300 * `hmac->digest_type` has already been validated as being supported. */
301 digest_len_signed = g_checksum_type_get_length (hmac->digest_type);
302 g_assert (digest_len_signed >= 0);
303 digest_len = digest_len_signed;
305 buffer = g_alloca (digest_len);
307 /* This is only called for its side-effect of updating hmac->digesto... */
308 g_hmac_get_digest (hmac, buffer, &digest_len);
309 /* ... because we get the string from the checksum rather than
310 * stringifying buffer ourselves
312 return g_checksum_get_string (hmac->digesto);
318 * @buffer: (array length=digest_len): output buffer
319 * @digest_len: (inout): an inout parameter. The caller initializes it to the
320 * size of @buffer. After the call it contains the length of the digest
322 * Gets the digest from @checksum as a raw binary array and places it
323 * into @buffer. The size of the digest depends on the type of checksum.
325 * Once this function has been called, the #GHmac is closed and can
326 * no longer be updated with g_checksum_update().
331 g_hmac_get_digest (GHmac *hmac,
338 g_return_if_fail (hmac != NULL);
340 /* It shouldn’t be possible for @len_signed to be negative, as
341 * `hmac->digest_type` has already been validated as being supported. */
342 len_signed = g_checksum_type_get_length (hmac->digest_type);
343 g_assert (len_signed >= 0);
346 /* @buffer must be long enough for the digest */
347 g_return_if_fail (*digest_len >= len);
349 /* Use the same buffer, because we can :) */
350 g_checksum_get_digest (hmac->digesti, buffer, &len);
351 g_assert (len <= G_MAXSSIZE);
353 g_checksum_update (hmac->digesto, buffer, len_signed);
354 g_checksum_get_digest (hmac->digesto, buffer, digest_len);
358 * g_compute_hmac_for_data:
359 * @digest_type: a #GChecksumType to use for the HMAC
360 * @key: (array length=key_len): the key to use in the HMAC
361 * @key_len: the length of the key
362 * @data: (array length=length): binary blob to compute the HMAC of
363 * @length: length of @data
365 * Computes the HMAC for a binary @data of @length. This is a
366 * convenience wrapper for g_hmac_new(), g_hmac_get_string()
367 * and g_hmac_unref().
369 * The hexadecimal string returned will be in lower case.
371 * Returns: the HMAC of the binary data as a string in hexadecimal.
372 * The returned string should be freed with g_free() when done using it.
377 g_compute_hmac_for_data (GChecksumType digest_type,
386 g_return_val_if_fail (length == 0 || data != NULL, NULL);
388 hmac = g_hmac_new (digest_type, key, key_len);
392 g_hmac_update (hmac, data, length);
393 retval = g_strdup (g_hmac_get_string (hmac));
400 * g_compute_hmac_for_bytes:
401 * @digest_type: a #GChecksumType to use for the HMAC
402 * @key: the key to use in the HMAC
403 * @data: binary blob to compute the HMAC of
405 * Computes the HMAC for a binary @data. This is a
406 * convenience wrapper for g_hmac_new(), g_hmac_get_string()
407 * and g_hmac_unref().
409 * The hexadecimal string returned will be in lower case.
411 * Returns: the HMAC of the binary data as a string in hexadecimal.
412 * The returned string should be freed with g_free() when done using it.
417 g_compute_hmac_for_bytes (GChecksumType digest_type,
421 gconstpointer byte_data;
423 gconstpointer key_data;
426 g_return_val_if_fail (data != NULL, NULL);
427 g_return_val_if_fail (key != NULL, NULL);
429 byte_data = g_bytes_get_data (data, &length);
430 key_data = g_bytes_get_data (key, &key_len);
431 return g_compute_hmac_for_data (digest_type, key_data, key_len, byte_data, length);
436 * g_compute_hmac_for_string:
437 * @digest_type: a #GChecksumType to use for the HMAC
438 * @key: (array length=key_len): the key to use in the HMAC
439 * @key_len: the length of the key
440 * @str: the string to compute the HMAC for
441 * @length: the length of the string, or -1 if the string is nul-terminated
443 * Computes the HMAC for a string.
445 * The hexadecimal string returned will be in lower case.
447 * Returns: the HMAC as a hexadecimal string.
448 * The returned string should be freed with g_free()
449 * when done using it.
454 g_compute_hmac_for_string (GChecksumType digest_type,
460 g_return_val_if_fail (length == 0 || str != NULL, NULL);
463 length = strlen (str);
465 return g_compute_hmac_for_data (digest_type, key, key_len,
466 (const guchar *) str, length);