* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public
- * License along with this library; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- * Boston, MA 02111-1307, USA.
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
*
* Author: Stef Walter <stefw@collabora.co.uk>
*/
#include "glib/galloca.h"
#include "gatomic.h"
+#include "gslice.h"
#include "gmem.h"
#include "gstrfuncs.h"
#include "gtestutils.h"
/**
* SECTION:hmac
* @title: Secure HMAC Digests
- * @short_description: Computes the HMAC for data
+ * @short_description: computes the HMAC for data
*
- * HMACs should be used when producing a cookie or hash based on data and a key.
- * Simple mechanisms for using SHA1 and other algorithms to digest a key and
- * data together are vulnerable to various security issues. HMAC uses algorithms
- * like SHA1 in a secure way to produce a digest of a key and data.
+ * HMACs should be used when producing a cookie or hash based on data
+ * and a key. Simple mechanisms for using SHA1 and other algorithms to
+ * digest a key and data together are vulnerable to various security
+ * issues.
+ * [HMAC](http://en.wikipedia.org/wiki/HMAC)
+ * uses algorithms like SHA1 in a secure way to produce a digest of a
+ * key and data.
*
* Both the key and data are arbitrary byte arrays of bytes or characters.
*
- * Support for HMAC Digests has been added in GLib 2.30
- **/
+ * Support for HMAC Digests has been added in GLib 2.30, and support for SHA-512
+ * in GLib 2.42.
+ */
struct _GHmac
{
* will be closed and it won't be possible to call g_hmac_update()
* on it anymore.
*
- * Return value: the newly created #GHmac, or %NULL.
+ * Support for digests of type %G_CHECKSUM_SHA512 has been added in GLib 2.42.
+ *
+ * Returns: the newly created #GHmac, or %NULL.
* Use g_hmac_unref() to free the memory allocated by it.
*
* Since: 2.30
block_size = 64; /* RFC 2104 */
break;
case G_CHECKSUM_SHA256:
- block_size = 64; /* RFC draft-kelly-ipsec-ciph-sha2-01 */
+ block_size = 64; /* RFC 4868 */
+ break;
+ case G_CHECKSUM_SHA512:
+ block_size = 128; /* RFC 4868 */
break;
default:
g_return_val_if_reached (NULL);
* g_hmac_get_string() or g_hmac_get_digest(), the copied
* HMAC will be closed as well.
*
- * Return value: the copy of the passed #GHmac. Use g_hmac_unref()
+ * Returns: the copy of the passed #GHmac. Use g_hmac_unref()
* when finished using it.
*
* Since: 2.30
g_return_val_if_fail (hmac != NULL, NULL);
copy = g_slice_new (GHmac);
+ copy->ref_count = 1;
copy->digest_type = hmac->digest_type;
copy->digesti = g_checksum_copy (hmac->digesti);
copy->digesto = g_checksum_copy (hmac->digesto);
/**
* g_hmac_ref:
- * @hmac: a valid #GHmac.
+ * @hmac: a valid #GHmac
*
* Atomically increments the reference count of @hmac by one.
+ *
* This function is MT-safe and may be called from any thread.
*
- * Return value: the passed in #GHmac.
+ * Returns: the passed in #GHmac.
*
* Since: 2.30
**/
* @hmac: a #GHmac
*
* Atomically decrements the reference count of @hmac by one.
+ *
* If the reference count drops to 0, all keys and values will be
* destroyed, and all memory allocated by the hash table is released.
* This function is MT-safe and may be called from any thread.
* g_hmac_update:
* @hmac: a #GHmac
* @data: (array length=length): buffer used to compute the checksum
- * @length: size of the buffer, or -1 if it is a null-terminated string.
+ * @length: size of the buffer, or -1 if it is a nul-terminated string
+ *
+ * Feeds @data into an existing #GHmac.
*
- * Feeds @data into an existing #GHmac. The HMAC must still be
- * open, that is g_hmac_get_string() or g_hmac_get_digest() must
- * not have been called on @hmac.
+ * The HMAC must still be open, that is g_hmac_get_string() or
+ * g_hmac_get_digest() must not have been called on @hmac.
*
* Since: 2.30
*/
*
* The hexadecimal characters will be lower case.
*
- * Return value: the hexadecimal representation of the HMAC. The
+ * Returns: the hexadecimal representation of the HMAC. The
* returned string is owned by the HMAC and should not be modified
* or freed.
*
g_return_val_if_fail (hmac != NULL, NULL);
digest_len = g_checksum_type_get_length (hmac->digest_type);
- buffer = g_malloc (digest_len);
+ buffer = g_alloca (digest_len);
+ /* This is only called for its side-effect of updating hmac->digesto... */
g_hmac_get_digest (hmac, buffer, &digest_len);
+ /* ... because we get the string from the checksum rather than
+ * stringifying buffer ourselves
+ */
return g_checksum_get_string (hmac->digesto);
}
/**
- * g_checksum_get_digest:
+ * g_hmac_get_digest:
* @hmac: a #GHmac
* @buffer: output buffer
- * @digest_len: an inout parameter. The caller initializes it to the size of @buffer.
- * After the call it contains the length of the digest.
+ * @digest_len: an inout parameter. The caller initializes it to the
+ * size of @buffer. After the call it contains the length of the digest
*
* Gets the digest from @checksum as a raw binary array and places it
* into @buffer. The size of the digest depends on the type of checksum.
* Since: 2.30
*/
void
-g_hmac_get_digest (GHmac *hmac,
- guint8 *buffer,
- gsize *digest_len)
+g_hmac_get_digest (GHmac *hmac,
+ guint8 *buffer,
+ gsize *digest_len)
{
gsize len;
*
* The hexadecimal string returned will be in lower case.
*
- * Return value: the HMAC of the binary data as a string in hexadecimal.
+ * Returns: the HMAC of the binary data as a string in hexadecimal.
* The returned string should be freed with g_free() when done using it.
*
* Since: 2.30
* @key: (array length=key_len): the key to use in the HMAC
* @key_len: the length of the key
* @str: the string to compute the HMAC for
- * @length: the length of the string, or -1 if the string is null-terminated.
+ * @length: the length of the string, or -1 if the string is nul-terminated
*
* Computes the HMAC for a string.
*
* The hexadecimal string returned will be in lower case.
*
- * Return value: the HMAC as a hexadecimal string. The returned string
- * should be freed with g_free() when done using it.
+ * Returns: the HMAC as a hexadecimal string.
+ * The returned string should be freed with g_free()
+ * when done using it.
*
* Since: 2.30
*/