1
/* gchecksum.h - data hashing functions
3
* Copyright (C) 2007 Emmanuele Bassi <ebassi@gnome.org>
5
* This library is free software; you can redistribute it and/or
6
* modify it under the terms of the GNU Library General Public
7
* License as published by the Free Software Foundation; either
8
* version 2 of the License, or (at your option) any later version.
10
* This library is distributed in the hope that it will be useful,
11
* but WITHOUT ANY WARRANTY; without even the implied warranty of
12
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13
* Library General Public License for more details.
15
* You should have received a copy of the GNU Library General Public
16
* License along with this library; if not, write to the
17
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18
* Boston, MA 02111-1307, USA.
25
#include "eggchecksum.h"
28
#define IS_VALID_TYPE(type) ((type) >= G_CHECKSUM_MD5 && (type) <= G_CHECKSUM_SHA256)
30
static const gchar hex_digits[] = "0123456789abcdef";
32
#define MD5_DATASIZE 64
33
#define MD5_DIGEST_LEN 16
40
guchar data[MD5_DATASIZE];
42
guchar digest[MD5_DIGEST_LEN];
45
#define SHA1_DATASIZE 64
46
#define SHA1_DIGEST_LEN 20
53
/* we pack 64 unsigned chars into 16 32-bit unsigned integers */
56
guchar digest[SHA1_DIGEST_LEN];
59
#define SHA256_DATASIZE 64
60
#define SHA256_DIGEST_LEN 32
67
guint8 data[SHA256_DATASIZE];
69
guchar digest[SHA256_DIGEST_LEN];
85
/* we need different byte swapping functions because MD5 expects buffers
86
* to be little-endian, while SHA1 and SHA256 expect them in big-endian
90
#if G_BYTE_ORDER == G_LITTLE_ENDIAN
91
#define md5_byte_reverse(buffer,length)
94
md5_byte_reverse (guchar *buffer,
101
bit = (guint32) ((unsigned) buffer[3] << 8 | buffer[2]) << 16 |
102
((unsigned) buffer[1] << 8 | buffer[0]);
103
* (guint32 *) buffer = bit;
108
#endif /* G_BYTE_ORDER == G_LITTLE_ENDIAN */
110
#if G_BYTE_ORDER == G_BIG_ENDIAN
111
#define sha_byte_reverse(buffer,length)
114
sha_byte_reverse (guint32 *buffer,
117
length /= sizeof (guint32);
120
*buffer = ((guint32) (((*buffer & (guint32) 0x000000ffU) << 24) |
121
((*buffer & (guint32) 0x0000ff00U) << 8) |
122
((*buffer & (guint32) 0x00ff0000U) >> 8) |
123
((*buffer & (guint32) 0xff000000U) >> 24)));
127
#endif /* G_BYTE_ORDER == G_BIG_ENDIAN */
130
digest_to_string (guint8 *digest,
133
gint len = digest_len * 2;
137
retval = g_new (gchar, len + 1);
139
for (i = 0; i < digest_len; i++)
141
guint8 byte = digest[i];
143
retval[2 * i] = hex_digits[byte >> 4];
144
retval[2 * i + 1] = hex_digits[byte & 0xf];
156
/* This MD5 digest computation is based on the equivalent code
157
* written by Colin Plumb. It came with this notice:
159
* This code implements the MD5 message-digest algorithm.
160
* The algorithm is due to Ron Rivest. This code was
161
* written by Colin Plumb in 1993, no copyright is claimed.
162
* This code is in the public domain; do with it what you wish.
164
* Equivalent code is available from RSA Data Security, Inc.
165
* This code has been tested against that, and is equivalent,
166
* except that you don't need to include two pages of legalese
171
md5_sum_init (Md5sum *md5)
173
/* arbitrary constants */
174
md5->buf[0] = 0x67452301;
175
md5->buf[1] = 0xefcdab89;
176
md5->buf[2] = 0x98badcfe;
177
md5->buf[3] = 0x10325476;
179
md5->bits[0] = md5->bits[1] = 0;
183
* The core of the MD5 algorithm, this alters an existing MD5 hash to
184
* reflect the addition of 16 longwords of new data. md5_sum_update()
185
* blocks the data and converts bytes into longwords for this routine.
188
md5_transform (guint32 buf[4],
189
guint32 const in[16])
191
register guint32 a, b, c, d;
193
/* The four core functions - F1 is optimized somewhat */
194
#define F1(x, y, z) (z ^ (x & (y ^ z)))
195
#define F2(x, y, z) F1 (z, x, y)
196
#define F3(x, y, z) (x ^ y ^ z)
197
#define F4(x, y, z) (y ^ (x | ~z))
199
/* This is the central step in the MD5 algorithm. */
200
#define md5_step(f, w, x, y, z, data, s) \
201
( w += f (x, y, z) + data, w = w << s | w >> (32 - s), w += x )
208
md5_step (F1, a, b, c, d, in[0] + 0xd76aa478, 7);
209
md5_step (F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
210
md5_step (F1, c, d, a, b, in[2] + 0x242070db, 17);
211
md5_step (F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
212
md5_step (F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
213
md5_step (F1, d, a, b, c, in[5] + 0x4787c62a, 12);
214
md5_step (F1, c, d, a, b, in[6] + 0xa8304613, 17);
215
md5_step (F1, b, c, d, a, in[7] + 0xfd469501, 22);
216
md5_step (F1, a, b, c, d, in[8] + 0x698098d8, 7);
217
md5_step (F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
218
md5_step (F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
219
md5_step (F1, b, c, d, a, in[11] + 0x895cd7be, 22);
220
md5_step (F1, a, b, c, d, in[12] + 0x6b901122, 7);
221
md5_step (F1, d, a, b, c, in[13] + 0xfd987193, 12);
222
md5_step (F1, c, d, a, b, in[14] + 0xa679438e, 17);
223
md5_step (F1, b, c, d, a, in[15] + 0x49b40821, 22);
225
md5_step (F2, a, b, c, d, in[1] + 0xf61e2562, 5);
226
md5_step (F2, d, a, b, c, in[6] + 0xc040b340, 9);
227
md5_step (F2, c, d, a, b, in[11] + 0x265e5a51, 14);
228
md5_step (F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
229
md5_step (F2, a, b, c, d, in[5] + 0xd62f105d, 5);
230
md5_step (F2, d, a, b, c, in[10] + 0x02441453, 9);
231
md5_step (F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
232
md5_step (F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
233
md5_step (F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
234
md5_step (F2, d, a, b, c, in[14] + 0xc33707d6, 9);
235
md5_step (F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
236
md5_step (F2, b, c, d, a, in[8] + 0x455a14ed, 20);
237
md5_step (F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
238
md5_step (F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
239
md5_step (F2, c, d, a, b, in[7] + 0x676f02d9, 14);
240
md5_step (F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
242
md5_step (F3, a, b, c, d, in[5] + 0xfffa3942, 4);
243
md5_step (F3, d, a, b, c, in[8] + 0x8771f681, 11);
244
md5_step (F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
245
md5_step (F3, b, c, d, a, in[14] + 0xfde5380c, 23);
246
md5_step (F3, a, b, c, d, in[1] + 0xa4beea44, 4);
247
md5_step (F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
248
md5_step (F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
249
md5_step (F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
250
md5_step (F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
251
md5_step (F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
252
md5_step (F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
253
md5_step (F3, b, c, d, a, in[6] + 0x04881d05, 23);
254
md5_step (F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
255
md5_step (F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
256
md5_step (F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
257
md5_step (F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
259
md5_step (F4, a, b, c, d, in[0] + 0xf4292244, 6);
260
md5_step (F4, d, a, b, c, in[7] + 0x432aff97, 10);
261
md5_step (F4, c, d, a, b, in[14] + 0xab9423a7, 15);
262
md5_step (F4, b, c, d, a, in[5] + 0xfc93a039, 21);
263
md5_step (F4, a, b, c, d, in[12] + 0x655b59c3, 6);
264
md5_step (F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
265
md5_step (F4, c, d, a, b, in[10] + 0xffeff47d, 15);
266
md5_step (F4, b, c, d, a, in[1] + 0x85845dd1, 21);
267
md5_step (F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
268
md5_step (F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
269
md5_step (F4, c, d, a, b, in[6] + 0xa3014314, 15);
270
md5_step (F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
271
md5_step (F4, a, b, c, d, in[4] + 0xf7537e82, 6);
272
md5_step (F4, d, a, b, c, in[11] + 0xbd3af235, 10);
273
md5_step (F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
274
md5_step (F4, b, c, d, a, in[9] + 0xeb86d391, 21);
289
md5_sum_update (Md5sum *md5,
296
md5->bits[0] = bit + ((guint32) length << 3);
298
/* carry from low to high */
299
if (md5->bits[0] < bit)
302
md5->bits[1] += length >> 29;
304
/* bytes already in Md5sum->data */
305
bit = (bit >> 3) & 0x3f;
307
/* handle any leading odd-sized chunks */
310
guchar *p = (guchar *) md5->data + bit;
312
bit = MD5_DATASIZE - bit;
313
if (length < MD5_DATASIZE)
315
memcpy (p, data, bit);
319
memcpy (p, data, bit);
321
md5_byte_reverse (md5->data, 16);
322
md5_transform (md5->buf, (guint32 *) md5->data);
328
/* process data in 64-byte chunks */
329
while (length >= MD5_DATASIZE)
331
memcpy (md5->data, data, MD5_DATASIZE);
333
md5_byte_reverse (md5->data, 16);
334
md5_transform (md5->buf, (guint32 *) md5->data);
336
data += MD5_DATASIZE;
337
length -= MD5_DATASIZE;
340
/* handle any remaining bytes of data */
341
memcpy (md5->data, data, length);
344
/* closes a checksum */
346
md5_sum_close (Md5sum *md5)
351
/* Compute number of bytes mod 64 */
352
count = (md5->bits[0] >> 3) & 0x3F;
354
/* Set the first char of padding to 0x80.
355
* This is safe since there is always at least one byte free
357
p = md5->data + count;
360
/* Bytes of padding needed to make 64 bytes */
361
count = MD5_DATASIZE - 1 - count;
363
/* Pad out to 56 mod 64 */
366
/* Two lots of padding: Pad the first block to 64 bytes */
367
memset (p, 0, count);
369
md5_byte_reverse (md5->data, 16);
370
md5_transform (md5->buf, (guint32 *) md5->data);
372
/* Now fill the next block with 56 bytes */
373
memset (md5->data, 0, MD5_DATASIZE - 8);
377
/* Pad block to 56 bytes */
378
memset (p, 0, count - 8);
381
md5_byte_reverse (md5->data, 14);
383
/* Append length in bits and transform */
384
((guint32 *) md5->data)[14] = md5->bits[0];
385
((guint32 *) md5->data)[15] = md5->bits[1];
387
md5_transform (md5->buf, (guint32 *) md5->data);
388
md5_byte_reverse ((guchar *) md5->buf, 4);
390
memcpy (md5->digest, md5->buf, 16);
392
/* Reset buffers in case they contains sensitive data */
393
memset (md5->buf, 0, sizeof (md5->buf));
394
memset (md5->data, 0, sizeof (md5->data));
398
md5_sum_to_string (Md5sum *md5)
400
return digest_to_string (md5->digest, MD5_DIGEST_LEN);
404
md5_sum_digest (Md5sum *md5,
409
for (i = 0; i < MD5_DIGEST_LEN; i++)
410
digest[i] = md5->digest[i];
417
/* The following implementation comes from D-Bus dbus-sha.c. I've changed
418
* it to use GLib types and to work more like the MD5 implementation above.
419
* I left the comments to have an history of this code.
420
* -- Emmanuele Bassi, ebassi@gnome.org
423
/* The following comments have the history of where this code
424
* comes from. I actually copied it from GNet in GNOME CVS.
429
* sha.h : Implementation of the Secure Hash Algorithm
431
* Part of the Python Cryptography Toolkit, version 1.0.0
433
* Copyright (C) 1995, A.M. Kuchling
435
* Distribute and use freely; there are no restrictions on further
436
* dissemination and usage except those imposed by the laws of your
437
* country of residence.
441
/* SHA: NIST's Secure Hash Algorithm */
443
/* Based on SHA code originally posted to sci.crypt by Peter Gutmann
444
in message <30ajo5$oe8@ccu2.auckland.ac.nz>.
445
Modified to test for endianness on creation of SHA objects by AMK.
446
Also, the original specification of SHA was found to have a weakness
447
by NSA/NIST. This code implements the fixed version of SHA.
450
/* Here's the first paragraph of Peter Gutmann's posting:
452
The following is my SHA (FIPS 180) code updated to allow use of the "fixed"
453
SHA, thanks to Jim Gillogly and an anonymous contributor for the information on
454
what's changed in the new version. The fix is a simple change which involves
455
adding a single rotate in the initial expansion function. It is unknown
456
whether this is an optimal solution to the problem which was discovered in the
457
SHA or whether it's simply a bandaid which fixes the problem with a minimum of
458
effort (for example the reengineering of a great many Capstone chips).
462
sha1_sum_init (Sha1sum *sha1)
464
/* initialize constants */
465
sha1->buf[0] = 0x67452301L;
466
sha1->buf[1] = 0xEFCDAB89L;
467
sha1->buf[2] = 0x98BADCFEL;
468
sha1->buf[3] = 0x10325476L;
469
sha1->buf[4] = 0xC3D2E1F0L;
471
/* initialize bits */
472
sha1->bits[0] = sha1->bits[1] = 0;
475
/* The SHA f()-functions. */
477
#define f1(x,y,z) (z ^ (x & (y ^ z))) /* Rounds 0-19 */
478
#define f2(x,y,z) (x ^ y ^ z) /* Rounds 20-39 */
479
#define f3(x,y,z) (( x & y) | (z & (x | y))) /* Rounds 40-59 */
480
#define f4(x,y,z) (x ^ y ^ z) /* Rounds 60-79 */
482
/* The SHA Mysterious Constants */
483
#define K1 0x5A827999L /* Rounds 0-19 */
484
#define K2 0x6ED9EBA1L /* Rounds 20-39 */
485
#define K3 0x8F1BBCDCL /* Rounds 40-59 */
486
#define K4 0xCA62C1D6L /* Rounds 60-79 */
488
/* 32-bit rotate left - kludged with shifts */
489
#define ROTL(n,X) (((X) << n ) | ((X) >> (32 - n)))
491
/* The initial expanding function. The hash function is defined over an
492
80-word expanded input array W, where the first 16 are copies of the input
493
data, and the remaining 64 are defined by
495
W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
497
This implementation generates these values on the fly in a circular
498
buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this
501
The updated SHA changes the expanding function by adding a rotate of 1
502
bit. Thanks to Jim Gillogly, jim@rand.org, and an anonymous contributor
503
for this information */
505
#define expand(W,i) (W[ i & 15 ] = ROTL (1, (W[ i & 15] ^ \
511
/* The prototype SHA sub-round. The fundamental sub-round is:
513
a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
519
but this is implemented by unrolling the loop 5 times and renaming the
520
variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
521
This code is then replicated 20 times for each of the 4 functions, using
522
the next 20 values from the W[] array each time */
524
#define subRound(a, b, c, d, e, f, k, data) \
525
(e += ROTL (5, a) + f(b, c, d) + k + data, b = ROTL (30, b))
528
sha1_transform (guint32 buf[5],
531
guint32 A, B, C, D, E;
539
/* Heavy mangling, in 4 sub-rounds of 20 interations each. */
540
subRound (A, B, C, D, E, f1, K1, in[0]);
541
subRound (E, A, B, C, D, f1, K1, in[1]);
542
subRound (D, E, A, B, C, f1, K1, in[2]);
543
subRound (C, D, E, A, B, f1, K1, in[3]);
544
subRound (B, C, D, E, A, f1, K1, in[4]);
545
subRound (A, B, C, D, E, f1, K1, in[5]);
546
subRound (E, A, B, C, D, f1, K1, in[6]);
547
subRound (D, E, A, B, C, f1, K1, in[7]);
548
subRound (C, D, E, A, B, f1, K1, in[8]);
549
subRound (B, C, D, E, A, f1, K1, in[9]);
550
subRound (A, B, C, D, E, f1, K1, in[10]);
551
subRound (E, A, B, C, D, f1, K1, in[11]);
552
subRound (D, E, A, B, C, f1, K1, in[12]);
553
subRound (C, D, E, A, B, f1, K1, in[13]);
554
subRound (B, C, D, E, A, f1, K1, in[14]);
555
subRound (A, B, C, D, E, f1, K1, in[15]);
556
subRound (E, A, B, C, D, f1, K1, expand (in, 16));
557
subRound (D, E, A, B, C, f1, K1, expand (in, 17));
558
subRound (C, D, E, A, B, f1, K1, expand (in, 18));
559
subRound (B, C, D, E, A, f1, K1, expand (in, 19));
561
subRound (A, B, C, D, E, f2, K2, expand (in, 20));
562
subRound (E, A, B, C, D, f2, K2, expand (in, 21));
563
subRound (D, E, A, B, C, f2, K2, expand (in, 22));
564
subRound (C, D, E, A, B, f2, K2, expand (in, 23));
565
subRound (B, C, D, E, A, f2, K2, expand (in, 24));
566
subRound (A, B, C, D, E, f2, K2, expand (in, 25));
567
subRound (E, A, B, C, D, f2, K2, expand (in, 26));
568
subRound (D, E, A, B, C, f2, K2, expand (in, 27));
569
subRound (C, D, E, A, B, f2, K2, expand (in, 28));
570
subRound (B, C, D, E, A, f2, K2, expand (in, 29));
571
subRound (A, B, C, D, E, f2, K2, expand (in, 30));
572
subRound (E, A, B, C, D, f2, K2, expand (in, 31));
573
subRound (D, E, A, B, C, f2, K2, expand (in, 32));
574
subRound (C, D, E, A, B, f2, K2, expand (in, 33));
575
subRound (B, C, D, E, A, f2, K2, expand (in, 34));
576
subRound (A, B, C, D, E, f2, K2, expand (in, 35));
577
subRound (E, A, B, C, D, f2, K2, expand (in, 36));
578
subRound (D, E, A, B, C, f2, K2, expand (in, 37));
579
subRound (C, D, E, A, B, f2, K2, expand (in, 38));
580
subRound (B, C, D, E, A, f2, K2, expand (in, 39));
582
subRound (A, B, C, D, E, f3, K3, expand (in, 40));
583
subRound (E, A, B, C, D, f3, K3, expand (in, 41));
584
subRound (D, E, A, B, C, f3, K3, expand (in, 42));
585
subRound (C, D, E, A, B, f3, K3, expand (in, 43));
586
subRound (B, C, D, E, A, f3, K3, expand (in, 44));
587
subRound (A, B, C, D, E, f3, K3, expand (in, 45));
588
subRound (E, A, B, C, D, f3, K3, expand (in, 46));
589
subRound (D, E, A, B, C, f3, K3, expand (in, 47));
590
subRound (C, D, E, A, B, f3, K3, expand (in, 48));
591
subRound (B, C, D, E, A, f3, K3, expand (in, 49));
592
subRound (A, B, C, D, E, f3, K3, expand (in, 50));
593
subRound (E, A, B, C, D, f3, K3, expand (in, 51));
594
subRound (D, E, A, B, C, f3, K3, expand (in, 52));
595
subRound (C, D, E, A, B, f3, K3, expand (in, 53));
596
subRound (B, C, D, E, A, f3, K3, expand (in, 54));
597
subRound (A, B, C, D, E, f3, K3, expand (in, 55));
598
subRound (E, A, B, C, D, f3, K3, expand (in, 56));
599
subRound (D, E, A, B, C, f3, K3, expand (in, 57));
600
subRound (C, D, E, A, B, f3, K3, expand (in, 58));
601
subRound (B, C, D, E, A, f3, K3, expand (in, 59));
603
subRound (A, B, C, D, E, f4, K4, expand (in, 60));
604
subRound (E, A, B, C, D, f4, K4, expand (in, 61));
605
subRound (D, E, A, B, C, f4, K4, expand (in, 62));
606
subRound (C, D, E, A, B, f4, K4, expand (in, 63));
607
subRound (B, C, D, E, A, f4, K4, expand (in, 64));
608
subRound (A, B, C, D, E, f4, K4, expand (in, 65));
609
subRound (E, A, B, C, D, f4, K4, expand (in, 66));
610
subRound (D, E, A, B, C, f4, K4, expand (in, 67));
611
subRound (C, D, E, A, B, f4, K4, expand (in, 68));
612
subRound (B, C, D, E, A, f4, K4, expand (in, 69));
613
subRound (A, B, C, D, E, f4, K4, expand (in, 70));
614
subRound (E, A, B, C, D, f4, K4, expand (in, 71));
615
subRound (D, E, A, B, C, f4, K4, expand (in, 72));
616
subRound (C, D, E, A, B, f4, K4, expand (in, 73));
617
subRound (B, C, D, E, A, f4, K4, expand (in, 74));
618
subRound (A, B, C, D, E, f4, K4, expand (in, 75));
619
subRound (E, A, B, C, D, f4, K4, expand (in, 76));
620
subRound (D, E, A, B, C, f4, K4, expand (in, 77));
621
subRound (C, D, E, A, B, f4, K4, expand (in, 78));
622
subRound (B, C, D, E, A, f4, K4, expand (in, 79));
624
/* Build message digest */
645
sha1_sum_update (Sha1sum *sha1,
646
const guchar *buffer,
652
/* Update bitcount */
654
if ((sha1->bits[0] = tmp + ((guint32) count << 3) ) < tmp)
655
sha1->bits[1] += 1; /* Carry from low to high */
656
sha1->bits[1] += count >> 29;
658
/* Get count of bytes already in data */
659
dataCount = (guint) (tmp >> 3) & 0x3F;
661
/* Handle any leading odd-sized chunks */
664
guchar *p = (guchar *) sha1->data + dataCount;
666
dataCount = SHA1_DATASIZE - dataCount;
667
if (count < dataCount)
669
memcpy (p, buffer, count);
673
memcpy (p, buffer, dataCount);
675
sha_byte_reverse (sha1->data, SHA1_DATASIZE);
676
sha1_transform (sha1->buf, sha1->data);
682
/* Process data in SHA1_DATASIZE chunks */
683
while (count >= SHA1_DATASIZE)
685
memcpy (sha1->data, buffer, SHA1_DATASIZE);
687
sha_byte_reverse (sha1->data, SHA1_DATASIZE);
688
sha1_transform (sha1->buf, sha1->data);
690
buffer += SHA1_DATASIZE;
691
count -= SHA1_DATASIZE;
694
/* Handle any remaining bytes of data. */
695
memcpy (sha1->data, buffer, count);
698
/* Final wrapup - pad to SHA_DATASIZE-byte boundary with the bit pattern
699
1 0* (64-bit count of bits processed, MSB-first) */
701
sha1_sum_close (Sha1sum *sha1)
706
/* Compute number of bytes mod 64 */
707
count = (gint) ((sha1->bits[0] >> 3) & 0x3f);
709
/* Set the first char of padding to 0x80. This is safe since there is
710
always at least one byte free */
711
data_p = (guchar *) sha1->data + count;
714
/* Bytes of padding needed to make 64 bytes */
715
count = SHA1_DATASIZE - 1 - count;
717
/* Pad out to 56 mod 64 */
720
/* Two lots of padding: Pad the first block to 64 bytes */
721
memset (data_p, 0, count);
723
sha_byte_reverse (sha1->data, SHA1_DATASIZE);
724
sha1_transform (sha1->buf, sha1->data);
726
/* Now fill the next block with 56 bytes */
727
memset (sha1->data, 0, SHA1_DATASIZE - 8);
731
/* Pad block to 56 bytes */
732
memset (data_p, 0, count - 8);
735
/* Append length in bits and transform */
736
sha1->data[14] = sha1->bits[1];
737
sha1->data[15] = sha1->bits[0];
739
sha_byte_reverse (sha1->data, SHA1_DATASIZE - 8);
740
sha1_transform (sha1->buf, sha1->data);
741
sha_byte_reverse (sha1->buf, SHA1_DIGEST_LEN);
743
memcpy (sha1->digest, sha1->buf, SHA1_DIGEST_LEN);
745
/* Reset buffers in case they contains sensitive data */
746
memset (sha1->buf, 0, sizeof (sha1->buf));
747
memset (sha1->data, 0, sizeof (sha1->data));
751
sha1_sum_to_string (Sha1sum *sha1)
753
return digest_to_string (sha1->digest, SHA1_DIGEST_LEN);
757
sha1_sum_digest (Sha1sum *sha1,
762
for (i = 0; i < SHA1_DIGEST_LEN; i++)
763
digest[i] = sha1->digest[i];
770
/* adapted from the SHA256 implementation in gsk/src/hash/gskhash.c.
772
* Copyright (C) 2006 Dave Benson
773
* Released under the terms of the GNU Lesser General Public License
777
sha256_sum_init (Sha256sum *sha256)
779
sha256->buf[0] = 0x6a09e667;
780
sha256->buf[1] = 0xbb67ae85;
781
sha256->buf[2] = 0x3c6ef372;
782
sha256->buf[3] = 0xa54ff53a;
783
sha256->buf[4] = 0x510e527f;
784
sha256->buf[5] = 0x9b05688c;
785
sha256->buf[6] = 0x1f83d9ab;
786
sha256->buf[7] = 0x5be0cd19;
788
sha256->bits[0] = sha256->bits[1] = 0;
791
#define GET_UINT32(n,b,i) G_STMT_START{ \
792
(n) = ((guint32) (b)[(i) ] << 24) \
793
| ((guint32) (b)[(i) + 1] << 16) \
794
| ((guint32) (b)[(i) + 2] << 8) \
795
| ((guint32) (b)[(i) + 3] ); } G_STMT_END
797
#define PUT_UINT32(n,b,i) G_STMT_START{ \
798
(b)[(i) ] = (guint8) ((n) >> 24); \
799
(b)[(i) + 1] = (guint8) ((n) >> 16); \
800
(b)[(i) + 2] = (guint8) ((n) >> 8); \
801
(b)[(i) + 3] = (guint8) ((n) ); } G_STMT_END
804
sha256_transform (guint32 buf[8],
805
guint8 const data[64])
807
guint32 temp1, temp2, W[64];
808
guint32 A, B, C, D, E, F, G, H;
810
GET_UINT32 (W[0], data, 0);
811
GET_UINT32 (W[1], data, 4);
812
GET_UINT32 (W[2], data, 8);
813
GET_UINT32 (W[3], data, 12);
814
GET_UINT32 (W[4], data, 16);
815
GET_UINT32 (W[5], data, 20);
816
GET_UINT32 (W[6], data, 24);
817
GET_UINT32 (W[7], data, 28);
818
GET_UINT32 (W[8], data, 32);
819
GET_UINT32 (W[9], data, 36);
820
GET_UINT32 (W[10], data, 40);
821
GET_UINT32 (W[11], data, 44);
822
GET_UINT32 (W[12], data, 48);
823
GET_UINT32 (W[13], data, 52);
824
GET_UINT32 (W[14], data, 56);
825
GET_UINT32 (W[15], data, 60);
827
#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
828
#define ROTR(x,n) (SHR (x,n) | (x << (32 - n)))
830
#define S0(x) (ROTR (x, 7) ^ ROTR (x,18) ^ SHR (x, 3))
831
#define S1(x) (ROTR (x,17) ^ ROTR (x,19) ^ SHR (x,10))
832
#define S2(x) (ROTR (x, 2) ^ ROTR (x,13) ^ ROTR (x,22))
833
#define S3(x) (ROTR (x, 6) ^ ROTR (x,11) ^ ROTR (x,25))
835
#define F0(x,y,z) ((x & y) | (z & (x | y)))
836
#define F1(x,y,z) (z ^ (x & (y ^ z)))
838
#define R(t) (W[t] = S1(W[t - 2]) + W[t - 7] + \
839
S0(W[t - 15]) + W[t - 16])
841
#define P(a,b,c,d,e,f,g,h,x,K) G_STMT_START { \
842
temp1 = h + S3(e) + F1(e,f,g) + K + x; \
843
temp2 = S2(a) + F0(a,b,c); \
844
d += temp1; h = temp1 + temp2; } G_STMT_END
855
P (A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98);
856
P (H, A, B, C, D, E, F, G, W[ 1], 0x71374491);
857
P (G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF);
858
P (F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5);
859
P (E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B);
860
P (D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1);
861
P (C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4);
862
P (B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5);
863
P (A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98);
864
P (H, A, B, C, D, E, F, G, W[ 9], 0x12835B01);
865
P (G, H, A, B, C, D, E, F, W[10], 0x243185BE);
866
P (F, G, H, A, B, C, D, E, W[11], 0x550C7DC3);
867
P (E, F, G, H, A, B, C, D, W[12], 0x72BE5D74);
868
P (D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE);
869
P (C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7);
870
P (B, C, D, E, F, G, H, A, W[15], 0xC19BF174);
871
P (A, B, C, D, E, F, G, H, R(16), 0xE49B69C1);
872
P (H, A, B, C, D, E, F, G, R(17), 0xEFBE4786);
873
P (G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6);
874
P (F, G, H, A, B, C, D, E, R(19), 0x240CA1CC);
875
P (E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F);
876
P (D, E, F, G, H, A, B, C, R(21), 0x4A7484AA);
877
P (C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC);
878
P (B, C, D, E, F, G, H, A, R(23), 0x76F988DA);
879
P (A, B, C, D, E, F, G, H, R(24), 0x983E5152);
880
P (H, A, B, C, D, E, F, G, R(25), 0xA831C66D);
881
P (G, H, A, B, C, D, E, F, R(26), 0xB00327C8);
882
P (F, G, H, A, B, C, D, E, R(27), 0xBF597FC7);
883
P (E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3);
884
P (D, E, F, G, H, A, B, C, R(29), 0xD5A79147);
885
P (C, D, E, F, G, H, A, B, R(30), 0x06CA6351);
886
P (B, C, D, E, F, G, H, A, R(31), 0x14292967);
887
P (A, B, C, D, E, F, G, H, R(32), 0x27B70A85);
888
P (H, A, B, C, D, E, F, G, R(33), 0x2E1B2138);
889
P (G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC);
890
P (F, G, H, A, B, C, D, E, R(35), 0x53380D13);
891
P (E, F, G, H, A, B, C, D, R(36), 0x650A7354);
892
P (D, E, F, G, H, A, B, C, R(37), 0x766A0ABB);
893
P (C, D, E, F, G, H, A, B, R(38), 0x81C2C92E);
894
P (B, C, D, E, F, G, H, A, R(39), 0x92722C85);
895
P (A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1);
896
P (H, A, B, C, D, E, F, G, R(41), 0xA81A664B);
897
P (G, H, A, B, C, D, E, F, R(42), 0xC24B8B70);
898
P (F, G, H, A, B, C, D, E, R(43), 0xC76C51A3);
899
P (E, F, G, H, A, B, C, D, R(44), 0xD192E819);
900
P (D, E, F, G, H, A, B, C, R(45), 0xD6990624);
901
P (C, D, E, F, G, H, A, B, R(46), 0xF40E3585);
902
P (B, C, D, E, F, G, H, A, R(47), 0x106AA070);
903
P (A, B, C, D, E, F, G, H, R(48), 0x19A4C116);
904
P (H, A, B, C, D, E, F, G, R(49), 0x1E376C08);
905
P (G, H, A, B, C, D, E, F, R(50), 0x2748774C);
906
P (F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5);
907
P (E, F, G, H, A, B, C, D, R(52), 0x391C0CB3);
908
P (D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A);
909
P (C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F);
910
P (B, C, D, E, F, G, H, A, R(55), 0x682E6FF3);
911
P (A, B, C, D, E, F, G, H, R(56), 0x748F82EE);
912
P (H, A, B, C, D, E, F, G, R(57), 0x78A5636F);
913
P (G, H, A, B, C, D, E, F, R(58), 0x84C87814);
914
P (F, G, H, A, B, C, D, E, R(59), 0x8CC70208);
915
P (E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA);
916
P (D, E, F, G, H, A, B, C, R(61), 0xA4506CEB);
917
P (C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7);
918
P (B, C, D, E, F, G, H, A, R(63), 0xC67178F2);
942
sha256_sum_update (Sha256sum *sha256,
943
const guchar *buffer,
947
const guint8 *input = buffer;
952
left = sha256->bits[0] & 0x3F;
955
sha256->bits[0] += length;
956
sha256->bits[0] &= 0xFFFFFFFF;
958
if (sha256->bits[0] < length)
961
if (left > 0 && length >= fill)
963
memcpy ((sha256->data + left), input, fill);
965
sha256_transform (sha256->buf, sha256->data);
972
while (length >= SHA256_DATASIZE)
974
sha256_transform (sha256->buf, input);
981
memcpy (sha256->data + left, input, length);
984
static guint8 sha256_padding[64] =
986
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
987
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
988
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
989
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
993
sha256_sum_close (Sha256sum *sha256)
999
high = (sha256->bits[0] >> 29)
1000
| (sha256->bits[1] << 3);
1001
low = (sha256->bits[0] << 3);
1003
PUT_UINT32 (high, msglen, 0);
1004
PUT_UINT32 (low, msglen, 4);
1006
last = sha256->bits[0] & 0x3F;
1007
padn = (last < 56) ? (56 - last) : (120 - last);
1009
sha256_sum_update (sha256, sha256_padding, padn);
1010
sha256_sum_update (sha256, msglen, 8);
1012
PUT_UINT32 (sha256->buf[0], sha256->digest, 0);
1013
PUT_UINT32 (sha256->buf[1], sha256->digest, 4);
1014
PUT_UINT32 (sha256->buf[2], sha256->digest, 8);
1015
PUT_UINT32 (sha256->buf[3], sha256->digest, 12);
1016
PUT_UINT32 (sha256->buf[4], sha256->digest, 16);
1017
PUT_UINT32 (sha256->buf[5], sha256->digest, 20);
1018
PUT_UINT32 (sha256->buf[6], sha256->digest, 24);
1019
PUT_UINT32 (sha256->buf[7], sha256->digest, 28);
1026
sha256_sum_to_string (Sha256sum *sha256)
1028
return digest_to_string (sha256->digest, SHA256_DIGEST_LEN);
1032
sha256_sum_digest (Sha256sum *sha256,
1037
for (i = 0; i < SHA256_DIGEST_LEN; i++)
1038
digest[i] = sha256->digest[i];
1048
* @checksum_type: the desired type of checksum
1050
* Creates a new #GChecksum, using the checksum algorithm @type. A
1051
* #GChecksum can be used to compute the checksum, or digest, of an
1052
* arbitrary binary blob, using different hashing algorithms.
1054
* A #GChecksum works by feeding a binary blob through g_checksum_update()
1055
* until there is data to be checked; the digest can then be extracted
1056
* using g_checksum_get_string(), which will return the checksum as a
1057
* hexadecimal string; or g_checksum_get_digest(), which will return a
1058
* vector of raw bytes. Once either g_checksum_get_string() or
1059
* g_checksum_get_digest() have been called on a #GChecksum, the checksum
1060
* will be closed and it won't be possible to call g_checksum_update()
1063
* Return value: the newly created #GChecksum. Use g_checksum_free() to
1064
* free the memory allocated by it.
1069
g_checksum_new (GChecksumType checksum_type)
1071
GChecksum *checksum;
1073
g_return_val_if_fail (IS_VALID_TYPE (checksum_type), NULL);
1075
checksum = g_slice_new (GChecksum);
1076
checksum->type = checksum_type;
1078
switch (checksum_type)
1080
case G_CHECKSUM_MD5:
1081
md5_sum_init (&(checksum->sum.md5));
1083
case G_CHECKSUM_SHA1:
1084
sha1_sum_init (&(checksum->sum.sha1));
1086
case G_CHECKSUM_SHA256:
1087
sha256_sum_init (&(checksum->sum.sha256));
1090
g_assert_not_reached ();
1099
* @checksum: the #GChecksum to copy
1101
* Copies a #GChecksum. If @checksum has been closed, by calling
1102
* g_checksum_get_string() or g_checksum_get_digest(), the copied
1103
* checksum will be closed as well.
1105
* Return value: the copy of the passed #GChecksum. Use g_checksum_free()
1106
* when finished using it.
1111
g_checksum_copy (const GChecksum *checksum)
1115
g_return_val_if_fail (checksum != NULL, NULL);
1117
copy = g_slice_new (GChecksum);
1120
copy->digest_str = g_strdup (checksum->digest_str);
1127
* @checksum: a #GChecksum
1129
* Frees the memory allocated for @checksum.
1134
g_checksum_free (GChecksum *checksum)
1136
if (G_LIKELY (checksum))
1138
g_free (checksum->digest_str);
1140
g_slice_free (GChecksum, checksum);
1145
* g_checksum_update:
1146
* @checksum: a #GChecksum
1147
* @data: buffer used to compute the checksum
1148
* @length: size of the buffer
1150
* Feeds @data into an existing #GChecksum. The checksum must still be
1151
* open, that is g_checksum_get_string() or g_checksum_get_digest() must
1152
* not have been called on @checksum.
1157
g_checksum_update (GChecksum *checksum,
1161
g_return_if_fail (checksum != NULL);
1162
g_return_if_fail (data != NULL);
1163
g_return_if_fail (length > 1);
1165
if (checksum->digest_str)
1167
g_warning ("The checksum `%s' has been closed and cannot be updated "
1169
checksum->digest_str);
1173
switch (checksum->type)
1175
case G_CHECKSUM_MD5:
1176
md5_sum_update (&(checksum->sum.md5), data, length);
1178
case G_CHECKSUM_SHA1:
1179
sha1_sum_update (&(checksum->sum.sha1), data, length);
1181
case G_CHECKSUM_SHA256:
1182
sha256_sum_update (&(checksum->sum.sha256), data, length);
1185
g_assert_not_reached ();
1191
* g_checksum_get_string:
1192
* @checksum: a #GChecksum
1194
* Gets the digest as an hexadecimal string.
1196
* Once this function has been called the #GChecksum can no longer be
1197
* updated with g_checksum_update().
1199
* Return value: the hexadecimal representation of the checksum. The
1200
* returned string is owned by the checksum and should not be modified
1205
G_CONST_RETURN gchar *
1206
g_checksum_get_string (GChecksum *checksum)
1210
g_return_val_if_fail (checksum != NULL, NULL);
1212
if (checksum->digest_str)
1213
return checksum->digest_str;
1215
switch (checksum->type)
1217
case G_CHECKSUM_MD5:
1218
md5_sum_close (&(checksum->sum.md5));
1219
str = md5_sum_to_string (&(checksum->sum.md5));
1221
case G_CHECKSUM_SHA1:
1222
sha1_sum_close (&(checksum->sum.sha1));
1223
str = sha1_sum_to_string (&(checksum->sum.sha1));
1225
case G_CHECKSUM_SHA256:
1226
sha256_sum_close (&(checksum->sum.sha256));
1227
str = sha256_sum_to_string (&(checksum->sum.sha256));
1230
g_assert_not_reached ();
1234
checksum->digest_str = str;
1236
return checksum->digest_str;
1240
* g_checksum_get_digest:
1241
* @checksum: a #GChecksum
1242
* @digest: return location for the digest
1243
* @digest_len: return location for the length of the digest, or %NULL
1245
* Gets the digest from @checksum as a raw binary vector and places it
1246
* into @digest. The size of the digest depends on the type of checksum.
1248
* Once this function has been called, the #GChecksum is closed and can
1249
* no longer be updated with g_checksum_update().
1254
g_checksum_get_digest (GChecksum *checksum,
1258
gboolean checksum_open = FALSE;
1263
g_return_if_fail (checksum != NULL);
1264
g_return_if_fail (digest == NULL || *digest == NULL);
1266
checksum_open = !!(checksum->digest_str == NULL);
1268
switch (checksum->type)
1270
case G_CHECKSUM_MD5:
1273
md5_sum_close (&(checksum->sum.md5));
1274
str = md5_sum_to_string (&(checksum->sum.md5));
1276
new = g_new (guint8, MD5_DIGEST_LEN);
1277
md5_sum_digest (&(checksum->sum.md5), new);
1278
len = MD5_DIGEST_LEN;
1280
case G_CHECKSUM_SHA1:
1283
sha1_sum_close (&(checksum->sum.sha1));
1284
str = sha1_sum_to_string (&(checksum->sum.sha1));
1286
new = g_new (guint8, SHA1_DIGEST_LEN);
1287
sha1_sum_digest (&(checksum->sum.sha1), new);
1288
len = SHA1_DIGEST_LEN;
1290
case G_CHECKSUM_SHA256:
1293
sha256_sum_close (&(checksum->sum.sha256));
1294
str = sha256_sum_to_string (&(checksum->sum.sha256));
1296
new = g_new (guint8, SHA256_DIGEST_LEN);
1297
sha256_sum_digest (&(checksum->sum.sha256), new);
1298
len = SHA256_DIGEST_LEN;
1303
g_assert_not_reached ();
1308
checksum->digest_str = str;
1314
if (*digest == NULL)
1317
g_warning ("Digest set on top of a previous digest or uninitialized "
1319
"This indicates a bug in someone's code. You must ensure "
1320
"a digest is NULL before it's set.");
1328
* g_compute_checksum_for_data:
1329
* @checksum_type: a #GChecksumType
1330
* @data: binary blob to compute the digest of
1331
* @length: length of @data
1333
* Computes the checksum for a binary @data of @length. This is a
1334
* convenience wrapper for g_checksum_new(), g_checksum_get_string()
1335
* and g_checksum_free().
1337
* Return value: the digest of the binary data as a string in hexadecimal.
1338
* The returned string should be freed with g_free() when done using it.
1343
g_compute_checksum_for_data (GChecksumType checksum_type,
1347
GChecksum *checksum;
1350
g_return_val_if_fail (IS_VALID_TYPE (checksum_type), NULL);
1351
g_return_val_if_fail (data != NULL, NULL);
1352
g_return_val_if_fail (length > 1, NULL);
1354
checksum = g_checksum_new (checksum_type);
1358
g_checksum_update (checksum, data, length);
1359
retval = g_strdup (g_checksum_get_string (checksum));
1360
g_checksum_free (checksum);
1366
* g_compute_checksum_for_string:
1367
* @checksum_type: a #GChecksumType
1368
* @str: the string to compute the checksum of
1369
* @length: the length of the string, or -1
1371
* Computes the checksum of a string.
1373
* Return value: the checksum as a hexadecimal string. The returned string
1374
* should be freed with g_free() when done using it.
1379
g_compute_checksum_for_string (GChecksumType checksum_type,
1383
g_return_val_if_fail (IS_VALID_TYPE (checksum_type), NULL);
1384
g_return_val_if_fail (str != NULL, NULL);
1387
length = strlen (str);
1389
return g_compute_checksum_for_data (checksum_type, (const guchar *) str, length);