• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* gchecksum.h - data hashing functions
2  *
3  * Copyright (C) 2007  Emmanuele Bassi  <ebassi@gnome.org>
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Lesser General Public
7  * License as published by the Free Software Foundation; either
8  * version 2.1 of the License, or (at your option) any later version.
9  *
10  * This library is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13  * Lesser General Public License for more details.
14  *
15  * You should have received a copy of the GNU Lesser General Public License
16  * along with this library; if not, see <http://www.gnu.org/licenses/>.
17  */
18 
19 #include "config.h"
20 
21 #include <string.h>
22 
23 #include "gchecksum.h"
24 
25 #include "gslice.h"
26 #include "gmem.h"
27 #include "gstrfuncs.h"
28 #include "gtestutils.h"
29 #include "gtypes.h"
30 #include "glibintl.h"
31 
32 
33 /**
34  * SECTION:checksum
35  * @title: Data Checksums
36  * @short_description: computes the checksum for data
37  *
38  * GLib provides a generic API for computing checksums (or "digests")
39  * for a sequence of arbitrary bytes, using various hashing algorithms
40  * like MD5, SHA-1 and SHA-256. Checksums are commonly used in various
41  * environments and specifications.
42  *
43  * GLib supports incremental checksums using the GChecksum data
44  * structure, by calling g_checksum_update() as long as there's data
45  * available and then using g_checksum_get_string() or
46  * g_checksum_get_digest() to compute the checksum and return it either
47  * as a string in hexadecimal form, or as a raw sequence of bytes. To
48  * compute the checksum for binary blobs and NUL-terminated strings in
49  * one go, use the convenience functions g_compute_checksum_for_data()
50  * and g_compute_checksum_for_string(), respectively.
51  *
52  * Support for checksums has been added in GLib 2.16
53  **/
54 
55 #define IS_VALID_TYPE(type)     ((type) >= G_CHECKSUM_MD5 && (type) <= G_CHECKSUM_SHA384)
56 
57 /* The fact that these are lower case characters is part of the ABI */
58 static const gchar hex_digits[] = "0123456789abcdef";
59 
60 #define MD5_DATASIZE    64
61 #define MD5_DIGEST_LEN  16
62 
63 typedef struct
64 {
65   guint32 buf[4];
66   guint32 bits[2];
67 
68   union {
69     guchar data[MD5_DATASIZE];
70     guint32 data32[MD5_DATASIZE / 4];
71   } u;
72 
73   guchar digest[MD5_DIGEST_LEN];
74 } Md5sum;
75 
76 #define SHA1_DATASIZE   64
77 #define SHA1_DIGEST_LEN 20
78 
79 typedef struct
80 {
81   guint32 buf[5];
82   guint32 bits[2];
83 
84   /* we pack 64 unsigned chars into 16 32-bit unsigned integers */
85   guint32 data[16];
86 
87   guchar digest[SHA1_DIGEST_LEN];
88 } Sha1sum;
89 
90 #define SHA256_DATASIZE         64
91 #define SHA256_DIGEST_LEN       32
92 
93 typedef struct
94 {
95   guint32 buf[8];
96   guint32 bits[2];
97 
98   guint8 data[SHA256_DATASIZE];
99 
100   guchar digest[SHA256_DIGEST_LEN];
101 } Sha256sum;
102 
103 /* SHA2 is common thing for SHA-384, SHA-512, SHA-512/224 and SHA-512/256 */
104 #define SHA2_BLOCK_LEN         128 /* 1024 bits message block */
105 #define SHA384_DIGEST_LEN       48
106 #define SHA512_DIGEST_LEN       64
107 
108 typedef struct
109 {
110   guint64 H[8];
111 
112   guint8 block[SHA2_BLOCK_LEN];
113   guint8 block_len;
114 
115   guint64 data_len[2];
116 
117   guchar digest[SHA512_DIGEST_LEN];
118 } Sha512sum;
119 
120 struct _GChecksum
121 {
122   GChecksumType type;
123 
124   gchar *digest_str;
125 
126   union {
127     Md5sum md5;
128     Sha1sum sha1;
129     Sha256sum sha256;
130     Sha512sum sha512;
131   } sum;
132 };
133 
134 /* we need different byte swapping functions because MD5 expects buffers
135  * to be little-endian, while SHA1 and SHA256 expect them in big-endian
136  * form.
137  */
138 
139 #if G_BYTE_ORDER == G_LITTLE_ENDIAN
140 #define md5_byte_reverse(buffer,length)
141 #else
142 /* assume that the passed buffer is integer aligned */
143 static inline void
md5_byte_reverse(guchar * buffer,gulong length)144 md5_byte_reverse (guchar *buffer,
145                   gulong  length)
146 {
147   guint32 bit;
148 
149   do
150     {
151       bit = (guint32) ((unsigned) buffer[3] << 8 | buffer[2]) << 16 |
152                       ((unsigned) buffer[1] << 8 | buffer[0]);
153       * (guint32 *) buffer = bit;
154       buffer += 4;
155     }
156   while (--length);
157 }
158 #endif /* G_BYTE_ORDER == G_LITTLE_ENDIAN */
159 
160 #if G_BYTE_ORDER == G_BIG_ENDIAN
161 #define sha_byte_reverse(buffer,length)
162 #else
163 static inline void
sha_byte_reverse(guint32 * buffer,gint length)164 sha_byte_reverse (guint32 *buffer,
165                   gint     length)
166 {
167   length /= sizeof (guint32);
168   while (length--)
169     {
170       *buffer = GUINT32_SWAP_LE_BE (*buffer);
171       ++buffer;
172     }
173 }
174 #endif /* G_BYTE_ORDER == G_BIG_ENDIAN */
175 
176 static gchar *
digest_to_string(guint8 * digest,gsize digest_len)177 digest_to_string (guint8 *digest,
178                   gsize   digest_len)
179 {
180   gsize i, len = digest_len * 2;
181   gchar *retval;
182 
183   retval = g_new (gchar, len + 1);
184 
185   for (i = 0; i < digest_len; i++)
186     {
187       guint8 byte = digest[i];
188 
189       retval[2 * i] = hex_digits[byte >> 4];
190       retval[2 * i + 1] = hex_digits[byte & 0xf];
191     }
192 
193   retval[len] = 0;
194 
195   return retval;
196 }
197 
198 /*
199  * MD5 Checksum
200  */
201 
202 /* This MD5 digest computation is based on the equivalent code
203  * written by Colin Plumb. It came with this notice:
204  *
205  * This code implements the MD5 message-digest algorithm.
206  * The algorithm is due to Ron Rivest.  This code was
207  * written by Colin Plumb in 1993, no copyright is claimed.
208  * This code is in the public domain; do with it what you wish.
209  *
210  * Equivalent code is available from RSA Data Security, Inc.
211  * This code has been tested against that, and is equivalent,
212  * except that you don't need to include two pages of legalese
213  * with every copy.
214  */
215 
216 static void
md5_sum_init(Md5sum * md5)217 md5_sum_init (Md5sum *md5)
218 {
219   /* arbitrary constants */
220   md5->buf[0] = 0x67452301;
221   md5->buf[1] = 0xefcdab89;
222   md5->buf[2] = 0x98badcfe;
223   md5->buf[3] = 0x10325476;
224 
225   md5->bits[0] = md5->bits[1] = 0;
226 }
227 
228 /*
229  * The core of the MD5 algorithm, this alters an existing MD5 hash to
230  * reflect the addition of 16 longwords of new data.  md5_sum_update()
231  * blocks the data and converts bytes into longwords for this routine.
232  */
233 static void
md5_transform(guint32 buf[4],guint32 const in[16])234 md5_transform (guint32       buf[4],
235                guint32 const in[16])
236 {
237   guint32 a, b, c, d;
238 
239 /* The four core functions - F1 is optimized somewhat */
240 #define F1(x, y, z)     (z ^ (x & (y ^ z)))
241 #define F2(x, y, z)     F1 (z, x, y)
242 #define F3(x, y, z)     (x ^ y ^ z)
243 #define F4(x, y, z)     (y ^ (x | ~z))
244 
245 /* This is the central step in the MD5 algorithm. */
246 #define md5_step(f, w, x, y, z, data, s) \
247         ( w += f (x, y, z) + data,  w = w << s | w >> (32 - s),  w += x )
248 
249   a = buf[0];
250   b = buf[1];
251   c = buf[2];
252   d = buf[3];
253 
254   md5_step (F1, a, b, c, d, in[0]  + 0xd76aa478,  7);
255   md5_step (F1, d, a, b, c, in[1]  + 0xe8c7b756, 12);
256   md5_step (F1, c, d, a, b, in[2]  + 0x242070db, 17);
257   md5_step (F1, b, c, d, a, in[3]  + 0xc1bdceee, 22);
258   md5_step (F1, a, b, c, d, in[4]  + 0xf57c0faf,  7);
259   md5_step (F1, d, a, b, c, in[5]  + 0x4787c62a, 12);
260   md5_step (F1, c, d, a, b, in[6]  + 0xa8304613, 17);
261   md5_step (F1, b, c, d, a, in[7]  + 0xfd469501, 22);
262   md5_step (F1, a, b, c, d, in[8]  + 0x698098d8,  7);
263   md5_step (F1, d, a, b, c, in[9]  + 0x8b44f7af, 12);
264   md5_step (F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
265   md5_step (F1, b, c, d, a, in[11] + 0x895cd7be, 22);
266   md5_step (F1, a, b, c, d, in[12] + 0x6b901122,  7);
267   md5_step (F1, d, a, b, c, in[13] + 0xfd987193, 12);
268   md5_step (F1, c, d, a, b, in[14] + 0xa679438e, 17);
269   md5_step (F1, b, c, d, a, in[15] + 0x49b40821, 22);
270 
271   md5_step (F2, a, b, c, d, in[1]  + 0xf61e2562,  5);
272   md5_step (F2, d, a, b, c, in[6]  + 0xc040b340,  9);
273   md5_step (F2, c, d, a, b, in[11] + 0x265e5a51, 14);
274   md5_step (F2, b, c, d, a, in[0]  + 0xe9b6c7aa, 20);
275   md5_step (F2, a, b, c, d, in[5]  + 0xd62f105d,  5);
276   md5_step (F2, d, a, b, c, in[10] + 0x02441453,  9);
277   md5_step (F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
278   md5_step (F2, b, c, d, a, in[4]  + 0xe7d3fbc8, 20);
279   md5_step (F2, a, b, c, d, in[9]  + 0x21e1cde6,  5);
280   md5_step (F2, d, a, b, c, in[14] + 0xc33707d6,  9);
281   md5_step (F2, c, d, a, b, in[3]  + 0xf4d50d87, 14);
282   md5_step (F2, b, c, d, a, in[8]  + 0x455a14ed, 20);
283   md5_step (F2, a, b, c, d, in[13] + 0xa9e3e905,  5);
284   md5_step (F2, d, a, b, c, in[2]  + 0xfcefa3f8,  9);
285   md5_step (F2, c, d, a, b, in[7]  + 0x676f02d9, 14);
286   md5_step (F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
287 
288   md5_step (F3, a, b, c, d, in[5]  + 0xfffa3942,  4);
289   md5_step (F3, d, a, b, c, in[8]  + 0x8771f681, 11);
290   md5_step (F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
291   md5_step (F3, b, c, d, a, in[14] + 0xfde5380c, 23);
292   md5_step (F3, a, b, c, d, in[1]  + 0xa4beea44,  4);
293   md5_step (F3, d, a, b, c, in[4]  + 0x4bdecfa9, 11);
294   md5_step (F3, c, d, a, b, in[7]  + 0xf6bb4b60, 16);
295   md5_step (F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
296   md5_step (F3, a, b, c, d, in[13] + 0x289b7ec6,  4);
297   md5_step (F3, d, a, b, c, in[0]  + 0xeaa127fa, 11);
298   md5_step (F3, c, d, a, b, in[3]  + 0xd4ef3085, 16);
299   md5_step (F3, b, c, d, a, in[6]  + 0x04881d05, 23);
300   md5_step (F3, a, b, c, d, in[9]  + 0xd9d4d039,  4);
301   md5_step (F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
302   md5_step (F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
303   md5_step (F3, b, c, d, a, in[2]  + 0xc4ac5665, 23);
304 
305   md5_step (F4, a, b, c, d, in[0]  + 0xf4292244,  6);
306   md5_step (F4, d, a, b, c, in[7]  + 0x432aff97, 10);
307   md5_step (F4, c, d, a, b, in[14] + 0xab9423a7, 15);
308   md5_step (F4, b, c, d, a, in[5]  + 0xfc93a039, 21);
309   md5_step (F4, a, b, c, d, in[12] + 0x655b59c3,  6);
310   md5_step (F4, d, a, b, c, in[3]  + 0x8f0ccc92, 10);
311   md5_step (F4, c, d, a, b, in[10] + 0xffeff47d, 15);
312   md5_step (F4, b, c, d, a, in[1]  + 0x85845dd1, 21);
313   md5_step (F4, a, b, c, d, in[8]  + 0x6fa87e4f,  6);
314   md5_step (F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
315   md5_step (F4, c, d, a, b, in[6]  + 0xa3014314, 15);
316   md5_step (F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
317   md5_step (F4, a, b, c, d, in[4]  + 0xf7537e82,  6);
318   md5_step (F4, d, a, b, c, in[11] + 0xbd3af235, 10);
319   md5_step (F4, c, d, a, b, in[2]  + 0x2ad7d2bb, 15);
320   md5_step (F4, b, c, d, a, in[9]  + 0xeb86d391, 21);
321 
322   buf[0] += a;
323   buf[1] += b;
324   buf[2] += c;
325   buf[3] += d;
326 
327 #undef F1
328 #undef F2
329 #undef F3
330 #undef F4
331 #undef md5_step
332 }
333 
334 static void
md5_sum_update(Md5sum * md5,const guchar * data,gsize length)335 md5_sum_update (Md5sum       *md5,
336                 const guchar *data,
337                 gsize         length)
338 {
339   guint32 bit;
340 
341   bit = md5->bits[0];
342   md5->bits[0] = bit + ((guint32) length << 3);
343 
344   /* carry from low to high */
345   if (md5->bits[0] < bit)
346     md5->bits[1] += 1;
347 
348   md5->bits[1] += length >> 29;
349 
350   /* bytes already in Md5sum->u.data */
351   bit = (bit >> 3) & 0x3f;
352 
353   /* handle any leading odd-sized chunks */
354   if (bit)
355     {
356       guchar *p = md5->u.data + bit;
357 
358       bit = MD5_DATASIZE - bit;
359       if (length < bit)
360         {
361           memcpy (p, data, length);
362           return;
363         }
364 
365       memcpy (p, data, bit);
366 
367       md5_byte_reverse (md5->u.data, 16);
368       md5_transform (md5->buf, md5->u.data32);
369 
370       data += bit;
371       length -= bit;
372     }
373 
374   /* process data in 64-byte chunks */
375   while (length >= MD5_DATASIZE)
376     {
377       memcpy (md5->u.data, data, MD5_DATASIZE);
378 
379       md5_byte_reverse (md5->u.data, 16);
380       md5_transform (md5->buf, md5->u.data32);
381 
382       data += MD5_DATASIZE;
383       length -= MD5_DATASIZE;
384     }
385 
386   /* handle any remaining bytes of data */
387   memcpy (md5->u.data, data, length);
388 }
389 
390 /* closes a checksum */
391 static void
md5_sum_close(Md5sum * md5)392 md5_sum_close (Md5sum *md5)
393 {
394   guint count;
395   guchar *p;
396 
397   /* Compute number of bytes mod 64 */
398   count = (md5->bits[0] >> 3) & 0x3F;
399 
400   /* Set the first char of padding to 0x80.
401    * This is safe since there is always at least one byte free
402    */
403   p = md5->u.data + count;
404   *p++ = 0x80;
405 
406   /* Bytes of padding needed to make 64 bytes */
407   count = MD5_DATASIZE - 1 - count;
408 
409   /* Pad out to 56 mod 64 */
410   if (count < 8)
411     {
412       /* Two lots of padding:  Pad the first block to 64 bytes */
413       memset (p, 0, count);
414 
415       md5_byte_reverse (md5->u.data, 16);
416       md5_transform (md5->buf, md5->u.data32);
417 
418       /* Now fill the next block with 56 bytes */
419       memset (md5->u.data, 0, MD5_DATASIZE - 8);
420     }
421   else
422     {
423       /* Pad block to 56 bytes */
424       memset (p, 0, count - 8);
425     }
426 
427   md5_byte_reverse (md5->u.data, 14);
428 
429   /* Append length in bits and transform */
430   md5->u.data32[14] = md5->bits[0];
431   md5->u.data32[15] = md5->bits[1];
432 
433   md5_transform (md5->buf, md5->u.data32);
434   md5_byte_reverse ((guchar *) md5->buf, 4);
435 
436   memcpy (md5->digest, md5->buf, 16);
437 
438   /* Reset buffers in case they contain sensitive data */
439   memset (md5->buf, 0, sizeof (md5->buf));
440   memset (md5->u.data, 0, sizeof (md5->u.data));
441 }
442 
443 static gchar *
md5_sum_to_string(Md5sum * md5)444 md5_sum_to_string (Md5sum *md5)
445 {
446   return digest_to_string (md5->digest, MD5_DIGEST_LEN);
447 }
448 
449 static void
md5_sum_digest(Md5sum * md5,guint8 * digest)450 md5_sum_digest (Md5sum *md5,
451                 guint8 *digest)
452 {
453   gint i;
454 
455   for (i = 0; i < MD5_DIGEST_LEN; i++)
456     digest[i] = md5->digest[i];
457 }
458 
459 /*
460  * SHA-1 Checksum
461  */
462 
463 /* The following implementation comes from D-Bus dbus-sha.c. I've changed
464  * it to use GLib types and to work more like the MD5 implementation above.
465  * I left the comments to have a history of this code.
466  *      -- Emmanuele Bassi, ebassi@gnome.org
467  */
468 
469 /* The following comments have the history of where this code
470  * comes from. I actually copied it from GNet in GNOME CVS.
471  * - hp@redhat.com
472  */
473 
474 /*
475  *  sha.h : Implementation of the Secure Hash Algorithm
476  *
477  * Part of the Python Cryptography Toolkit, version 1.0.0
478  *
479  * Copyright (C) 1995, A.M. Kuchling
480  *
481  * Distribute and use freely; there are no restrictions on further
482  * dissemination and usage except those imposed by the laws of your
483  * country of residence.
484  *
485  */
486 
487 /* SHA: NIST's Secure Hash Algorithm */
488 
489 /* Based on SHA code originally posted to sci.crypt by Peter Gutmann
490    in message <30ajo5$oe8@ccu2.auckland.ac.nz>.
491    Modified to test for endianness on creation of SHA objects by AMK.
492    Also, the original specification of SHA was found to have a weakness
493    by NSA/NIST.  This code implements the fixed version of SHA.
494 */
495 
496 /* Here's the first paragraph of Peter Gutmann's posting:
497 
498 The following is my SHA (FIPS 180) code updated to allow use of the "fixed"
499 SHA, thanks to Jim Gillogly and an anonymous contributor for the information on
500 what's changed in the new version.  The fix is a simple change which involves
501 adding a single rotate in the initial expansion function.  It is unknown
502 whether this is an optimal solution to the problem which was discovered in the
503 SHA or whether it's simply a bandaid which fixes the problem with a minimum of
504 effort (for example the reengineering of a great many Capstone chips).
505 */
506 
507 static void
sha1_sum_init(Sha1sum * sha1)508 sha1_sum_init (Sha1sum *sha1)
509 {
510   /* initialize constants */
511   sha1->buf[0] = 0x67452301L;
512   sha1->buf[1] = 0xEFCDAB89L;
513   sha1->buf[2] = 0x98BADCFEL;
514   sha1->buf[3] = 0x10325476L;
515   sha1->buf[4] = 0xC3D2E1F0L;
516 
517   /* initialize bits */
518   sha1->bits[0] = sha1->bits[1] = 0;
519 }
520 
521 /* The SHA f()-functions. */
522 
523 #define f1(x,y,z)       (z ^ (x & (y ^ z)))             /* Rounds  0-19 */
524 #define f2(x,y,z)       (x ^ y ^ z)                     /* Rounds 20-39 */
525 #define f3(x,y,z)       (( x & y) | (z & (x | y)))      /* Rounds 40-59 */
526 #define f4(x,y,z)       (x ^ y ^ z)                     /* Rounds 60-79 */
527 
528 /* The SHA Mysterious Constants */
529 #define K1  0x5A827999L                                 /* Rounds  0-19 */
530 #define K2  0x6ED9EBA1L                                 /* Rounds 20-39 */
531 #define K3  0x8F1BBCDCL                                 /* Rounds 40-59 */
532 #define K4  0xCA62C1D6L                                 /* Rounds 60-79 */
533 
534 /* 32-bit rotate left - kludged with shifts */
535 #define ROTL(n,X) (((X) << n ) | ((X) >> (32 - n)))
536 
537 /* The initial expanding function.  The hash function is defined over an
538    80-word expanded input array W, where the first 16 are copies of the input
539    data, and the remaining 64 are defined by
540 
541         W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
542 
543    This implementation generates these values on the fly in a circular
544    buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this
545    optimization.
546 
547    The updated SHA changes the expanding function by adding a rotate of 1
548    bit.  Thanks to Jim Gillogly, jim@rand.org, and an anonymous contributor
549    for this information */
550 
551 #define expand(W,i) (W[ i & 15 ] = ROTL (1, (W[ i       & 15] ^ \
552                                              W[(i - 14) & 15] ^ \
553                                              W[(i -  8) & 15] ^ \
554                                              W[(i -  3) & 15])))
555 
556 
557 /* The prototype SHA sub-round.  The fundamental sub-round is:
558 
559         a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
560         b' = a;
561         c' = ROTL( 30, b );
562         d' = c;
563         e' = d;
564 
565    but this is implemented by unrolling the loop 5 times and renaming the
566    variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
567    This code is then replicated 20 times for each of the 4 functions, using
568    the next 20 values from the W[] array each time */
569 
570 #define subRound(a, b, c, d, e, f, k, data) \
571    (e += ROTL (5, a) + f(b, c, d) + k + data, b = ROTL (30, b))
572 
573 static void
sha1_transform(guint32 buf[5],guint32 in[16])574 sha1_transform (guint32  buf[5],
575                 guint32  in[16])
576 {
577   guint32 A, B, C, D, E;
578 
579   A = buf[0];
580   B = buf[1];
581   C = buf[2];
582   D = buf[3];
583   E = buf[4];
584 
585   /* Heavy mangling, in 4 sub-rounds of 20 iterations each. */
586   subRound (A, B, C, D, E, f1, K1, in[0]);
587   subRound (E, A, B, C, D, f1, K1, in[1]);
588   subRound (D, E, A, B, C, f1, K1, in[2]);
589   subRound (C, D, E, A, B, f1, K1, in[3]);
590   subRound (B, C, D, E, A, f1, K1, in[4]);
591   subRound (A, B, C, D, E, f1, K1, in[5]);
592   subRound (E, A, B, C, D, f1, K1, in[6]);
593   subRound (D, E, A, B, C, f1, K1, in[7]);
594   subRound (C, D, E, A, B, f1, K1, in[8]);
595   subRound (B, C, D, E, A, f1, K1, in[9]);
596   subRound (A, B, C, D, E, f1, K1, in[10]);
597   subRound (E, A, B, C, D, f1, K1, in[11]);
598   subRound (D, E, A, B, C, f1, K1, in[12]);
599   subRound (C, D, E, A, B, f1, K1, in[13]);
600   subRound (B, C, D, E, A, f1, K1, in[14]);
601   subRound (A, B, C, D, E, f1, K1, in[15]);
602   subRound (E, A, B, C, D, f1, K1, expand (in, 16));
603   subRound (D, E, A, B, C, f1, K1, expand (in, 17));
604   subRound (C, D, E, A, B, f1, K1, expand (in, 18));
605   subRound (B, C, D, E, A, f1, K1, expand (in, 19));
606 
607   subRound (A, B, C, D, E, f2, K2, expand (in, 20));
608   subRound (E, A, B, C, D, f2, K2, expand (in, 21));
609   subRound (D, E, A, B, C, f2, K2, expand (in, 22));
610   subRound (C, D, E, A, B, f2, K2, expand (in, 23));
611   subRound (B, C, D, E, A, f2, K2, expand (in, 24));
612   subRound (A, B, C, D, E, f2, K2, expand (in, 25));
613   subRound (E, A, B, C, D, f2, K2, expand (in, 26));
614   subRound (D, E, A, B, C, f2, K2, expand (in, 27));
615   subRound (C, D, E, A, B, f2, K2, expand (in, 28));
616   subRound (B, C, D, E, A, f2, K2, expand (in, 29));
617   subRound (A, B, C, D, E, f2, K2, expand (in, 30));
618   subRound (E, A, B, C, D, f2, K2, expand (in, 31));
619   subRound (D, E, A, B, C, f2, K2, expand (in, 32));
620   subRound (C, D, E, A, B, f2, K2, expand (in, 33));
621   subRound (B, C, D, E, A, f2, K2, expand (in, 34));
622   subRound (A, B, C, D, E, f2, K2, expand (in, 35));
623   subRound (E, A, B, C, D, f2, K2, expand (in, 36));
624   subRound (D, E, A, B, C, f2, K2, expand (in, 37));
625   subRound (C, D, E, A, B, f2, K2, expand (in, 38));
626   subRound (B, C, D, E, A, f2, K2, expand (in, 39));
627 
628   subRound (A, B, C, D, E, f3, K3, expand (in, 40));
629   subRound (E, A, B, C, D, f3, K3, expand (in, 41));
630   subRound (D, E, A, B, C, f3, K3, expand (in, 42));
631   subRound (C, D, E, A, B, f3, K3, expand (in, 43));
632   subRound (B, C, D, E, A, f3, K3, expand (in, 44));
633   subRound (A, B, C, D, E, f3, K3, expand (in, 45));
634   subRound (E, A, B, C, D, f3, K3, expand (in, 46));
635   subRound (D, E, A, B, C, f3, K3, expand (in, 47));
636   subRound (C, D, E, A, B, f3, K3, expand (in, 48));
637   subRound (B, C, D, E, A, f3, K3, expand (in, 49));
638   subRound (A, B, C, D, E, f3, K3, expand (in, 50));
639   subRound (E, A, B, C, D, f3, K3, expand (in, 51));
640   subRound (D, E, A, B, C, f3, K3, expand (in, 52));
641   subRound (C, D, E, A, B, f3, K3, expand (in, 53));
642   subRound (B, C, D, E, A, f3, K3, expand (in, 54));
643   subRound (A, B, C, D, E, f3, K3, expand (in, 55));
644   subRound (E, A, B, C, D, f3, K3, expand (in, 56));
645   subRound (D, E, A, B, C, f3, K3, expand (in, 57));
646   subRound (C, D, E, A, B, f3, K3, expand (in, 58));
647   subRound (B, C, D, E, A, f3, K3, expand (in, 59));
648 
649   subRound (A, B, C, D, E, f4, K4, expand (in, 60));
650   subRound (E, A, B, C, D, f4, K4, expand (in, 61));
651   subRound (D, E, A, B, C, f4, K4, expand (in, 62));
652   subRound (C, D, E, A, B, f4, K4, expand (in, 63));
653   subRound (B, C, D, E, A, f4, K4, expand (in, 64));
654   subRound (A, B, C, D, E, f4, K4, expand (in, 65));
655   subRound (E, A, B, C, D, f4, K4, expand (in, 66));
656   subRound (D, E, A, B, C, f4, K4, expand (in, 67));
657   subRound (C, D, E, A, B, f4, K4, expand (in, 68));
658   subRound (B, C, D, E, A, f4, K4, expand (in, 69));
659   subRound (A, B, C, D, E, f4, K4, expand (in, 70));
660   subRound (E, A, B, C, D, f4, K4, expand (in, 71));
661   subRound (D, E, A, B, C, f4, K4, expand (in, 72));
662   subRound (C, D, E, A, B, f4, K4, expand (in, 73));
663   subRound (B, C, D, E, A, f4, K4, expand (in, 74));
664   subRound (A, B, C, D, E, f4, K4, expand (in, 75));
665   subRound (E, A, B, C, D, f4, K4, expand (in, 76));
666   subRound (D, E, A, B, C, f4, K4, expand (in, 77));
667   subRound (C, D, E, A, B, f4, K4, expand (in, 78));
668   subRound (B, C, D, E, A, f4, K4, expand (in, 79));
669 
670   /* Build message digest */
671   buf[0] += A;
672   buf[1] += B;
673   buf[2] += C;
674   buf[3] += D;
675   buf[4] += E;
676 }
677 
678 #undef K1
679 #undef K2
680 #undef K3
681 #undef K4
682 #undef f1
683 #undef f2
684 #undef f3
685 #undef f4
686 #undef ROTL
687 #undef expand
688 #undef subRound
689 
690 static void
sha1_sum_update(Sha1sum * sha1,const guchar * buffer,gsize count)691 sha1_sum_update (Sha1sum      *sha1,
692                  const guchar *buffer,
693                  gsize         count)
694 {
695   guint32 tmp;
696   guint dataCount;
697 
698   /* Update bitcount */
699   tmp = sha1->bits[0];
700   if ((sha1->bits[0] = tmp + ((guint32) count << 3) ) < tmp)
701     sha1->bits[1] += 1;             /* Carry from low to high */
702   sha1->bits[1] += count >> 29;
703 
704   /* Get count of bytes already in data */
705   dataCount = (guint) (tmp >> 3) & 0x3F;
706 
707   /* Handle any leading odd-sized chunks */
708   if (dataCount)
709     {
710       guchar *p = (guchar *) sha1->data + dataCount;
711 
712       dataCount = SHA1_DATASIZE - dataCount;
713       if (count < dataCount)
714         {
715           memcpy (p, buffer, count);
716           return;
717         }
718 
719       memcpy (p, buffer, dataCount);
720 
721       sha_byte_reverse (sha1->data, SHA1_DATASIZE);
722       sha1_transform (sha1->buf, sha1->data);
723 
724       buffer += dataCount;
725       count -= dataCount;
726     }
727 
728   /* Process data in SHA1_DATASIZE chunks */
729   while (count >= SHA1_DATASIZE)
730     {
731       memcpy (sha1->data, buffer, SHA1_DATASIZE);
732 
733       sha_byte_reverse (sha1->data, SHA1_DATASIZE);
734       sha1_transform (sha1->buf, sha1->data);
735 
736       buffer += SHA1_DATASIZE;
737       count -= SHA1_DATASIZE;
738     }
739 
740   /* Handle any remaining bytes of data. */
741   memcpy (sha1->data, buffer, count);
742 }
743 
744 /* Final wrapup - pad to SHA_DATASIZE-byte boundary with the bit pattern
745    1 0* (64-bit count of bits processed, MSB-first) */
746 static void
sha1_sum_close(Sha1sum * sha1)747 sha1_sum_close (Sha1sum *sha1)
748 {
749   gint count;
750   guchar *data_p;
751 
752   /* Compute number of bytes mod 64 */
753   count = (gint) ((sha1->bits[0] >> 3) & 0x3f);
754 
755   /* Set the first char of padding to 0x80.  This is safe since there is
756      always at least one byte free */
757   data_p = (guchar *) sha1->data + count;
758   *data_p++ = 0x80;
759 
760   /* Bytes of padding needed to make 64 bytes */
761   count = SHA1_DATASIZE - 1 - count;
762 
763   /* Pad out to 56 mod 64 */
764   if (count < 8)
765     {
766       /* Two lots of padding:  Pad the first block to 64 bytes */
767       memset (data_p, 0, count);
768 
769       sha_byte_reverse (sha1->data, SHA1_DATASIZE);
770       sha1_transform (sha1->buf, sha1->data);
771 
772       /* Now fill the next block with 56 bytes */
773       memset (sha1->data, 0, SHA1_DATASIZE - 8);
774     }
775   else
776     {
777       /* Pad block to 56 bytes */
778       memset (data_p, 0, count - 8);
779     }
780 
781   /* Append length in bits and transform */
782   sha1->data[14] = sha1->bits[1];
783   sha1->data[15] = sha1->bits[0];
784 
785   sha_byte_reverse (sha1->data, SHA1_DATASIZE - 8);
786   sha1_transform (sha1->buf, sha1->data);
787   sha_byte_reverse (sha1->buf, SHA1_DIGEST_LEN);
788 
789   memcpy (sha1->digest, sha1->buf, SHA1_DIGEST_LEN);
790 
791   /* Reset buffers in case they contain sensitive data */
792   memset (sha1->buf, 0, sizeof (sha1->buf));
793   memset (sha1->data, 0, sizeof (sha1->data));
794 }
795 
796 static gchar *
sha1_sum_to_string(Sha1sum * sha1)797 sha1_sum_to_string (Sha1sum *sha1)
798 {
799   return digest_to_string (sha1->digest, SHA1_DIGEST_LEN);
800 }
801 
802 static void
sha1_sum_digest(Sha1sum * sha1,guint8 * digest)803 sha1_sum_digest (Sha1sum *sha1,
804                  guint8  *digest)
805 {
806   gint i;
807 
808   for (i = 0; i < SHA1_DIGEST_LEN; i++)
809     digest[i] = sha1->digest[i];
810 }
811 
812 /*
813  * SHA-256 Checksum
814  */
815 
816 /* adapted from the SHA256 implementation in gsk/src/hash/gskhash.c.
817  *
818  * Copyright (C) 2006 Dave Benson
819  * Released under the terms of the GNU Lesser General Public License
820  */
821 
822 static void
sha256_sum_init(Sha256sum * sha256)823 sha256_sum_init (Sha256sum *sha256)
824 {
825   sha256->buf[0] = 0x6a09e667;
826   sha256->buf[1] = 0xbb67ae85;
827   sha256->buf[2] = 0x3c6ef372;
828   sha256->buf[3] = 0xa54ff53a;
829   sha256->buf[4] = 0x510e527f;
830   sha256->buf[5] = 0x9b05688c;
831   sha256->buf[6] = 0x1f83d9ab;
832   sha256->buf[7] = 0x5be0cd19;
833 
834   sha256->bits[0] = sha256->bits[1] = 0;
835 }
836 
837 #define GET_UINT32(n,b,i)               G_STMT_START{   \
838     (n) = ((guint32) (b)[(i)    ] << 24)                \
839         | ((guint32) (b)[(i) + 1] << 16)                \
840         | ((guint32) (b)[(i) + 2] <<  8)                \
841         | ((guint32) (b)[(i) + 3]      ); } G_STMT_END
842 
843 #define PUT_UINT32(n,b,i)               G_STMT_START{   \
844     (b)[(i)    ] = (guint8) ((n) >> 24);                \
845     (b)[(i) + 1] = (guint8) ((n) >> 16);                \
846     (b)[(i) + 2] = (guint8) ((n) >>  8);                \
847     (b)[(i) + 3] = (guint8) ((n)      ); } G_STMT_END
848 
849 static void
sha256_transform(guint32 buf[8],guint8 const data[64])850 sha256_transform (guint32      buf[8],
851                   guint8 const data[64])
852 {
853   guint32 temp1, temp2, W[64];
854   guint32 A, B, C, D, E, F, G, H;
855 
856   GET_UINT32 (W[0],  data,  0);
857   GET_UINT32 (W[1],  data,  4);
858   GET_UINT32 (W[2],  data,  8);
859   GET_UINT32 (W[3],  data, 12);
860   GET_UINT32 (W[4],  data, 16);
861   GET_UINT32 (W[5],  data, 20);
862   GET_UINT32 (W[6],  data, 24);
863   GET_UINT32 (W[7],  data, 28);
864   GET_UINT32 (W[8],  data, 32);
865   GET_UINT32 (W[9],  data, 36);
866   GET_UINT32 (W[10], data, 40);
867   GET_UINT32 (W[11], data, 44);
868   GET_UINT32 (W[12], data, 48);
869   GET_UINT32 (W[13], data, 52);
870   GET_UINT32 (W[14], data, 56);
871   GET_UINT32 (W[15], data, 60);
872 
873 #define SHR(x,n)        ((x & 0xFFFFFFFF) >> n)
874 #define ROTR(x,n)       (SHR (x,n) | (x << (32 - n)))
875 
876 #define S0(x) (ROTR (x, 7) ^ ROTR (x,18) ^  SHR (x, 3))
877 #define S1(x) (ROTR (x,17) ^ ROTR (x,19) ^  SHR (x,10))
878 #define S2(x) (ROTR (x, 2) ^ ROTR (x,13) ^ ROTR (x,22))
879 #define S3(x) (ROTR (x, 6) ^ ROTR (x,11) ^ ROTR (x,25))
880 
881 #define F0(x,y,z) ((x & y) | (z & (x | y)))
882 #define F1(x,y,z) (z ^ (x & (y ^ z)))
883 
884 #define R(t)    (W[t] = S1(W[t -  2]) + W[t -  7] + \
885                         S0(W[t - 15]) + W[t - 16])
886 
887 #define P(a,b,c,d,e,f,g,h,x,K)          G_STMT_START {  \
888         temp1 = h + S3(e) + F1(e,f,g) + K + x;          \
889         temp2 = S2(a) + F0(a,b,c);                      \
890         d += temp1; h = temp1 + temp2; } G_STMT_END
891 
892   A = buf[0];
893   B = buf[1];
894   C = buf[2];
895   D = buf[3];
896   E = buf[4];
897   F = buf[5];
898   G = buf[6];
899   H = buf[7];
900 
901   P (A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98);
902   P (H, A, B, C, D, E, F, G, W[ 1], 0x71374491);
903   P (G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF);
904   P (F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5);
905   P (E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B);
906   P (D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1);
907   P (C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4);
908   P (B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5);
909   P (A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98);
910   P (H, A, B, C, D, E, F, G, W[ 9], 0x12835B01);
911   P (G, H, A, B, C, D, E, F, W[10], 0x243185BE);
912   P (F, G, H, A, B, C, D, E, W[11], 0x550C7DC3);
913   P (E, F, G, H, A, B, C, D, W[12], 0x72BE5D74);
914   P (D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE);
915   P (C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7);
916   P (B, C, D, E, F, G, H, A, W[15], 0xC19BF174);
917   P (A, B, C, D, E, F, G, H, R(16), 0xE49B69C1);
918   P (H, A, B, C, D, E, F, G, R(17), 0xEFBE4786);
919   P (G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6);
920   P (F, G, H, A, B, C, D, E, R(19), 0x240CA1CC);
921   P (E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F);
922   P (D, E, F, G, H, A, B, C, R(21), 0x4A7484AA);
923   P (C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC);
924   P (B, C, D, E, F, G, H, A, R(23), 0x76F988DA);
925   P (A, B, C, D, E, F, G, H, R(24), 0x983E5152);
926   P (H, A, B, C, D, E, F, G, R(25), 0xA831C66D);
927   P (G, H, A, B, C, D, E, F, R(26), 0xB00327C8);
928   P (F, G, H, A, B, C, D, E, R(27), 0xBF597FC7);
929   P (E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3);
930   P (D, E, F, G, H, A, B, C, R(29), 0xD5A79147);
931   P (C, D, E, F, G, H, A, B, R(30), 0x06CA6351);
932   P (B, C, D, E, F, G, H, A, R(31), 0x14292967);
933   P (A, B, C, D, E, F, G, H, R(32), 0x27B70A85);
934   P (H, A, B, C, D, E, F, G, R(33), 0x2E1B2138);
935   P (G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC);
936   P (F, G, H, A, B, C, D, E, R(35), 0x53380D13);
937   P (E, F, G, H, A, B, C, D, R(36), 0x650A7354);
938   P (D, E, F, G, H, A, B, C, R(37), 0x766A0ABB);
939   P (C, D, E, F, G, H, A, B, R(38), 0x81C2C92E);
940   P (B, C, D, E, F, G, H, A, R(39), 0x92722C85);
941   P (A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1);
942   P (H, A, B, C, D, E, F, G, R(41), 0xA81A664B);
943   P (G, H, A, B, C, D, E, F, R(42), 0xC24B8B70);
944   P (F, G, H, A, B, C, D, E, R(43), 0xC76C51A3);
945   P (E, F, G, H, A, B, C, D, R(44), 0xD192E819);
946   P (D, E, F, G, H, A, B, C, R(45), 0xD6990624);
947   P (C, D, E, F, G, H, A, B, R(46), 0xF40E3585);
948   P (B, C, D, E, F, G, H, A, R(47), 0x106AA070);
949   P (A, B, C, D, E, F, G, H, R(48), 0x19A4C116);
950   P (H, A, B, C, D, E, F, G, R(49), 0x1E376C08);
951   P (G, H, A, B, C, D, E, F, R(50), 0x2748774C);
952   P (F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5);
953   P (E, F, G, H, A, B, C, D, R(52), 0x391C0CB3);
954   P (D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A);
955   P (C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F);
956   P (B, C, D, E, F, G, H, A, R(55), 0x682E6FF3);
957   P (A, B, C, D, E, F, G, H, R(56), 0x748F82EE);
958   P (H, A, B, C, D, E, F, G, R(57), 0x78A5636F);
959   P (G, H, A, B, C, D, E, F, R(58), 0x84C87814);
960   P (F, G, H, A, B, C, D, E, R(59), 0x8CC70208);
961   P (E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA);
962   P (D, E, F, G, H, A, B, C, R(61), 0xA4506CEB);
963   P (C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7);
964   P (B, C, D, E, F, G, H, A, R(63), 0xC67178F2);
965 
966 #undef SHR
967 #undef ROTR
968 #undef S0
969 #undef S1
970 #undef S2
971 #undef S3
972 #undef F0
973 #undef F1
974 #undef R
975 #undef P
976 
977   buf[0] += A;
978   buf[1] += B;
979   buf[2] += C;
980   buf[3] += D;
981   buf[4] += E;
982   buf[5] += F;
983   buf[6] += G;
984   buf[7] += H;
985 }
986 
987 static void
sha256_sum_update(Sha256sum * sha256,const guchar * buffer,gsize length)988 sha256_sum_update (Sha256sum    *sha256,
989                    const guchar *buffer,
990                    gsize         length)
991 {
992   guint32 left, fill;
993   const guint8 *input = buffer;
994 
995   if (length == 0)
996     return;
997 
998   left = sha256->bits[0] & 0x3F;
999   fill = 64 - left;
1000 
1001   sha256->bits[0] += length;
1002   sha256->bits[0] &= 0xFFFFFFFF;
1003 
1004   if (sha256->bits[0] < length)
1005       sha256->bits[1]++;
1006 
1007   if (left > 0 && length >= fill)
1008     {
1009       memcpy ((sha256->data + left), input, fill);
1010 
1011       sha256_transform (sha256->buf, sha256->data);
1012       length -= fill;
1013       input += fill;
1014 
1015       left = 0;
1016     }
1017 
1018   while (length >= SHA256_DATASIZE)
1019     {
1020       sha256_transform (sha256->buf, input);
1021 
1022       length -= 64;
1023       input += 64;
1024     }
1025 
1026   if (length)
1027     memcpy (sha256->data + left, input, length);
1028 }
1029 
1030 static guint8 sha256_padding[64] =
1031 {
1032  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1033     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1034     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
1035     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
1036 };
1037 
1038 static void
sha256_sum_close(Sha256sum * sha256)1039 sha256_sum_close (Sha256sum *sha256)
1040 {
1041   guint32 last, padn;
1042   guint32 high, low;
1043   guint8 msglen[8];
1044 
1045   high = (sha256->bits[0] >> 29)
1046        | (sha256->bits[1] <<  3);
1047   low  = (sha256->bits[0] <<  3);
1048 
1049   PUT_UINT32 (high, msglen, 0);
1050   PUT_UINT32 (low, msglen, 4);
1051 
1052   last = sha256->bits[0] & 0x3F;
1053   padn = (last < 56) ? (56 - last) : (120 - last);
1054 
1055   sha256_sum_update (sha256, sha256_padding, padn);
1056   sha256_sum_update (sha256, msglen, 8);
1057 
1058   PUT_UINT32 (sha256->buf[0], sha256->digest,  0);
1059   PUT_UINT32 (sha256->buf[1], sha256->digest,  4);
1060   PUT_UINT32 (sha256->buf[2], sha256->digest,  8);
1061   PUT_UINT32 (sha256->buf[3], sha256->digest, 12);
1062   PUT_UINT32 (sha256->buf[4], sha256->digest, 16);
1063   PUT_UINT32 (sha256->buf[5], sha256->digest, 20);
1064   PUT_UINT32 (sha256->buf[6], sha256->digest, 24);
1065   PUT_UINT32 (sha256->buf[7], sha256->digest, 28);
1066 }
1067 
1068 #undef PUT_UINT32
1069 #undef GET_UINT32
1070 
1071 static gchar *
sha256_sum_to_string(Sha256sum * sha256)1072 sha256_sum_to_string (Sha256sum *sha256)
1073 {
1074   return digest_to_string (sha256->digest, SHA256_DIGEST_LEN);
1075 }
1076 
1077 static void
sha256_sum_digest(Sha256sum * sha256,guint8 * digest)1078 sha256_sum_digest (Sha256sum *sha256,
1079                    guint8    *digest)
1080 {
1081   gint i;
1082 
1083   for (i = 0; i < SHA256_DIGEST_LEN; i++)
1084     digest[i] = sha256->digest[i];
1085 }
1086 
1087 /*
1088  * SHA-384, SHA-512, SHA-512/224 and SHA-512/256 Checksums
1089  *
1090  * Implemented following FIPS-180-4 standard at
1091  * http://csrc.nist.gov/publications/fips/fips180-4/fips180-4.pdf.
1092  * References in the form [§x.y.z] map to sections in that document.
1093  *
1094  *   Author(s): Eduardo Lima Mitev <elima@igalia.com>
1095  *              Igor Gnatenko <ignatenko@src.gnome.org>
1096  */
1097 
1098 /* SHA-384, SHA-512, SHA-512/224 and SHA-512/256 functions [§4.1.3] */
1099 #define Ch(x,y,z)  ((x & y) ^ (~x & z))
1100 #define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
1101 #define SHR(n,x)   (x >> n)
1102 #define ROTR(n,x)  (SHR (n, x) | (x << (64 - n)))
1103 #define SIGMA0(x)  (ROTR (28, x) ^ ROTR (34, x) ^ ROTR (39, x))
1104 #define SIGMA1(x)  (ROTR (14, x) ^ ROTR (18, x) ^ ROTR (41, x))
1105 #define sigma0(x)  (ROTR ( 1, x) ^ ROTR ( 8, x) ^ SHR  ( 7, x))
1106 #define sigma1(x)  (ROTR (19, x) ^ ROTR (61, x) ^ SHR  ( 6, x))
1107 
1108 #define PUT_UINT64(n,b,i)                G_STMT_START{   \
1109     (b)[(i)    ] = (guint8) (n >> 56);                   \
1110     (b)[(i) + 1] = (guint8) (n >> 48);                   \
1111     (b)[(i) + 2] = (guint8) (n >> 40);                   \
1112     (b)[(i) + 3] = (guint8) (n >> 32);                   \
1113     (b)[(i) + 4] = (guint8) (n >> 24);                   \
1114     (b)[(i) + 5] = (guint8) (n >> 16);                   \
1115     (b)[(i) + 6] = (guint8) (n >>  8);                   \
1116     (b)[(i) + 7] = (guint8) (n      ); } G_STMT_END
1117 
1118 /* SHA-384 and SHA-512 constants [§4.2.3] */
1119 static const guint64 SHA2_K[80] = {
1120   G_GUINT64_CONSTANT (0x428a2f98d728ae22), G_GUINT64_CONSTANT (0x7137449123ef65cd),
1121   G_GUINT64_CONSTANT (0xb5c0fbcfec4d3b2f), G_GUINT64_CONSTANT (0xe9b5dba58189dbbc),
1122   G_GUINT64_CONSTANT (0x3956c25bf348b538), G_GUINT64_CONSTANT (0x59f111f1b605d019),
1123   G_GUINT64_CONSTANT (0x923f82a4af194f9b), G_GUINT64_CONSTANT (0xab1c5ed5da6d8118),
1124   G_GUINT64_CONSTANT (0xd807aa98a3030242), G_GUINT64_CONSTANT (0x12835b0145706fbe),
1125   G_GUINT64_CONSTANT (0x243185be4ee4b28c), G_GUINT64_CONSTANT (0x550c7dc3d5ffb4e2),
1126   G_GUINT64_CONSTANT (0x72be5d74f27b896f), G_GUINT64_CONSTANT (0x80deb1fe3b1696b1),
1127   G_GUINT64_CONSTANT (0x9bdc06a725c71235), G_GUINT64_CONSTANT (0xc19bf174cf692694),
1128   G_GUINT64_CONSTANT (0xe49b69c19ef14ad2), G_GUINT64_CONSTANT (0xefbe4786384f25e3),
1129   G_GUINT64_CONSTANT (0x0fc19dc68b8cd5b5), G_GUINT64_CONSTANT (0x240ca1cc77ac9c65),
1130   G_GUINT64_CONSTANT (0x2de92c6f592b0275), G_GUINT64_CONSTANT (0x4a7484aa6ea6e483),
1131   G_GUINT64_CONSTANT (0x5cb0a9dcbd41fbd4), G_GUINT64_CONSTANT (0x76f988da831153b5),
1132   G_GUINT64_CONSTANT (0x983e5152ee66dfab), G_GUINT64_CONSTANT (0xa831c66d2db43210),
1133   G_GUINT64_CONSTANT (0xb00327c898fb213f), G_GUINT64_CONSTANT (0xbf597fc7beef0ee4),
1134   G_GUINT64_CONSTANT (0xc6e00bf33da88fc2), G_GUINT64_CONSTANT (0xd5a79147930aa725),
1135   G_GUINT64_CONSTANT (0x06ca6351e003826f), G_GUINT64_CONSTANT (0x142929670a0e6e70),
1136   G_GUINT64_CONSTANT (0x27b70a8546d22ffc), G_GUINT64_CONSTANT (0x2e1b21385c26c926),
1137   G_GUINT64_CONSTANT (0x4d2c6dfc5ac42aed), G_GUINT64_CONSTANT (0x53380d139d95b3df),
1138   G_GUINT64_CONSTANT (0x650a73548baf63de), G_GUINT64_CONSTANT (0x766a0abb3c77b2a8),
1139   G_GUINT64_CONSTANT (0x81c2c92e47edaee6), G_GUINT64_CONSTANT (0x92722c851482353b),
1140   G_GUINT64_CONSTANT (0xa2bfe8a14cf10364), G_GUINT64_CONSTANT (0xa81a664bbc423001),
1141   G_GUINT64_CONSTANT (0xc24b8b70d0f89791), G_GUINT64_CONSTANT (0xc76c51a30654be30),
1142   G_GUINT64_CONSTANT (0xd192e819d6ef5218), G_GUINT64_CONSTANT (0xd69906245565a910),
1143   G_GUINT64_CONSTANT (0xf40e35855771202a), G_GUINT64_CONSTANT (0x106aa07032bbd1b8),
1144   G_GUINT64_CONSTANT (0x19a4c116b8d2d0c8), G_GUINT64_CONSTANT (0x1e376c085141ab53),
1145   G_GUINT64_CONSTANT (0x2748774cdf8eeb99), G_GUINT64_CONSTANT (0x34b0bcb5e19b48a8),
1146   G_GUINT64_CONSTANT (0x391c0cb3c5c95a63), G_GUINT64_CONSTANT (0x4ed8aa4ae3418acb),
1147   G_GUINT64_CONSTANT (0x5b9cca4f7763e373), G_GUINT64_CONSTANT (0x682e6ff3d6b2b8a3),
1148   G_GUINT64_CONSTANT (0x748f82ee5defb2fc), G_GUINT64_CONSTANT (0x78a5636f43172f60),
1149   G_GUINT64_CONSTANT (0x84c87814a1f0ab72), G_GUINT64_CONSTANT (0x8cc702081a6439ec),
1150   G_GUINT64_CONSTANT (0x90befffa23631e28), G_GUINT64_CONSTANT (0xa4506cebde82bde9),
1151   G_GUINT64_CONSTANT (0xbef9a3f7b2c67915), G_GUINT64_CONSTANT (0xc67178f2e372532b),
1152   G_GUINT64_CONSTANT (0xca273eceea26619c), G_GUINT64_CONSTANT (0xd186b8c721c0c207),
1153   G_GUINT64_CONSTANT (0xeada7dd6cde0eb1e), G_GUINT64_CONSTANT (0xf57d4f7fee6ed178),
1154   G_GUINT64_CONSTANT (0x06f067aa72176fba), G_GUINT64_CONSTANT (0x0a637dc5a2c898a6),
1155   G_GUINT64_CONSTANT (0x113f9804bef90dae), G_GUINT64_CONSTANT (0x1b710b35131c471b),
1156   G_GUINT64_CONSTANT (0x28db77f523047d84), G_GUINT64_CONSTANT (0x32caab7b40c72493),
1157   G_GUINT64_CONSTANT (0x3c9ebe0a15c9bebc), G_GUINT64_CONSTANT (0x431d67c49c100d4c),
1158   G_GUINT64_CONSTANT (0x4cc5d4becb3e42b6), G_GUINT64_CONSTANT (0x597f299cfc657e2a),
1159   G_GUINT64_CONSTANT (0x5fcb6fab3ad6faec), G_GUINT64_CONSTANT (0x6c44198c4a475817)
1160 };
1161 
1162 
1163 static void
sha384_sum_init(Sha512sum * sha512)1164 sha384_sum_init (Sha512sum *sha512)
1165 {
1166   /* Initial Hash Value [§5.3.4] */
1167   sha512->H[0] = G_GUINT64_CONSTANT (0xcbbb9d5dc1059ed8);
1168   sha512->H[1] = G_GUINT64_CONSTANT (0x629a292a367cd507);
1169   sha512->H[2] = G_GUINT64_CONSTANT (0x9159015a3070dd17);
1170   sha512->H[3] = G_GUINT64_CONSTANT (0x152fecd8f70e5939);
1171   sha512->H[4] = G_GUINT64_CONSTANT (0x67332667ffc00b31);
1172   sha512->H[5] = G_GUINT64_CONSTANT (0x8eb44a8768581511);
1173   sha512->H[6] = G_GUINT64_CONSTANT (0xdb0c2e0d64f98fa7);
1174   sha512->H[7] = G_GUINT64_CONSTANT (0x47b5481dbefa4fa4);
1175 
1176   sha512->block_len = 0;
1177 
1178   sha512->data_len[0] = 0;
1179   sha512->data_len[1] = 0;
1180 }
1181 
1182 static void
sha512_sum_init(Sha512sum * sha512)1183 sha512_sum_init (Sha512sum *sha512)
1184 {
1185   /* Initial Hash Value [§5.3.5] */
1186   sha512->H[0] = G_GUINT64_CONSTANT (0x6a09e667f3bcc908);
1187   sha512->H[1] = G_GUINT64_CONSTANT (0xbb67ae8584caa73b);
1188   sha512->H[2] = G_GUINT64_CONSTANT (0x3c6ef372fe94f82b);
1189   sha512->H[3] = G_GUINT64_CONSTANT (0xa54ff53a5f1d36f1);
1190   sha512->H[4] = G_GUINT64_CONSTANT (0x510e527fade682d1);
1191   sha512->H[5] = G_GUINT64_CONSTANT (0x9b05688c2b3e6c1f);
1192   sha512->H[6] = G_GUINT64_CONSTANT (0x1f83d9abfb41bd6b);
1193   sha512->H[7] = G_GUINT64_CONSTANT (0x5be0cd19137e2179);
1194 
1195   sha512->block_len = 0;
1196 
1197   sha512->data_len[0] = 0;
1198   sha512->data_len[1] = 0;
1199 }
1200 
1201 static void
sha512_transform(guint64 H[8],guint8 const data[SHA2_BLOCK_LEN])1202 sha512_transform (guint64      H[8],
1203                   guint8 const data[SHA2_BLOCK_LEN])
1204 {
1205   gint i;
1206   gint t;
1207   guint64 a, b, c, d, e, f, g, h;
1208   guint64 M[16];
1209   guint64 W[80];
1210 
1211   /* SHA-512 hash computation [§6.4.2] */
1212 
1213   /* prepare the message schedule */
1214   for (i = 0; i < 16; i++)
1215     {
1216       gint p = i * 8;
1217 
1218       M[i] =
1219         ((guint64) data[p + 0] << 56) |
1220         ((guint64) data[p + 1] << 48) |
1221         ((guint64) data[p + 2] << 40) |
1222         ((guint64) data[p + 3] << 32) |
1223         ((guint64) data[p + 4] << 24) |
1224         ((guint64) data[p + 5] << 16) |
1225         ((guint64) data[p + 6] <<  8) |
1226         ((guint64) data[p + 7]      );
1227     }
1228 
1229   for (t = 0; t < 80; t++)
1230     if (t < 16)
1231       W[t] = M[t];
1232     else
1233       W[t] = sigma1 (W[t - 2]) + W[t - 7] + sigma0 (W[t - 15]) + W[t - 16];
1234 
1235   /* initialize the eight working variables */
1236   a = H[0];
1237   b = H[1];
1238   c = H[2];
1239   d = H[3];
1240   e = H[4];
1241   f = H[5];
1242   g = H[6];
1243   h = H[7];
1244 
1245   for (t = 0; t < 80; t++)
1246     {
1247       guint64 T1, T2;
1248 
1249       T1 = h + SIGMA1 (e) + Ch (e, f, g) + SHA2_K[t] + W[t];
1250       T2 = SIGMA0 (a) + Maj (a, b, c);
1251       h = g;
1252       g = f;
1253       f = e;
1254       e = d + T1;
1255       d = c;
1256       c = b;
1257       b = a;
1258       a = T1 + T2;
1259     }
1260 
1261   /* Compute the intermediate hash value H */
1262   H[0] += a;
1263   H[1] += b;
1264   H[2] += c;
1265   H[3] += d;
1266   H[4] += e;
1267   H[5] += f;
1268   H[6] += g;
1269   H[7] += h;
1270 }
1271 
1272 static void
sha512_sum_update(Sha512sum * sha512,const guchar * buffer,gsize length)1273 sha512_sum_update (Sha512sum    *sha512,
1274                    const guchar *buffer,
1275                    gsize         length)
1276 {
1277   gsize block_left, offset = 0;
1278 
1279   if (length == 0)
1280     return;
1281 
1282   sha512->data_len[0] += length * 8;
1283   if (sha512->data_len[0] < length)
1284     sha512->data_len[1]++;
1285 
1286   /* try to fill current block */
1287   block_left = SHA2_BLOCK_LEN - sha512->block_len;
1288   if (block_left > 0)
1289     {
1290       gsize fill_len;
1291 
1292       fill_len = MIN (block_left, length);
1293       memcpy (sha512->block + sha512->block_len, buffer, fill_len);
1294       sha512->block_len += fill_len;
1295       length -= fill_len;
1296       offset += fill_len;
1297 
1298       if (sha512->block_len == SHA2_BLOCK_LEN)
1299         {
1300           sha512_transform (sha512->H, sha512->block);
1301           sha512->block_len = 0;
1302         }
1303     }
1304 
1305   /* process complete blocks */
1306   while (length >= SHA2_BLOCK_LEN)
1307     {
1308       memcpy (sha512->block, buffer + offset, SHA2_BLOCK_LEN);
1309 
1310       sha512_transform (sha512->H, sha512->block);
1311 
1312       length -= SHA2_BLOCK_LEN;
1313       offset += SHA2_BLOCK_LEN;
1314     }
1315 
1316   /* keep remaining data for next block */
1317   if (length > 0)
1318     {
1319       memcpy (sha512->block, buffer + offset, length);
1320       sha512->block_len = length;
1321     }
1322 }
1323 
1324 static void
sha512_sum_close(Sha512sum * sha512)1325 sha512_sum_close (Sha512sum *sha512)
1326 {
1327   guint l;
1328   gint zeros;
1329   guint8 pad[SHA2_BLOCK_LEN * 2] = { 0, };
1330   guint pad_len = 0;
1331   gint i;
1332 
1333   /* apply padding [§5.1.2] */
1334   l = sha512->block_len * 8;
1335   zeros = 896 - (l + 1);
1336 
1337   if (zeros < 0)
1338     zeros += 128 * 8;
1339 
1340   pad[0] = 0x80; /* 1000 0000 */
1341   zeros -= 7;
1342   pad_len++;
1343 
1344   memset (pad + pad_len, 0x00, zeros / 8);
1345   pad_len += zeros / 8;
1346   zeros = zeros % 8;
1347   (void) zeros;  /* don’t care about the dead store */
1348 
1349   /* put message bit length at the end of padding */
1350   PUT_UINT64 (sha512->data_len[1], pad, pad_len);
1351   pad_len += 8;
1352 
1353   PUT_UINT64 (sha512->data_len[0], pad, pad_len);
1354   pad_len += 8;
1355 
1356   /* update checksum with the padded block */
1357   sha512_sum_update (sha512, pad, pad_len);
1358 
1359   /* copy resulting 64-bit words into digest */
1360   for (i = 0; i < 8; i++)
1361     PUT_UINT64 (sha512->H[i], sha512->digest, i * 8);
1362 }
1363 
1364 static gchar *
sha384_sum_to_string(Sha512sum * sha512)1365 sha384_sum_to_string (Sha512sum *sha512)
1366 {
1367   return digest_to_string (sha512->digest, SHA384_DIGEST_LEN);
1368 }
1369 
1370 static gchar *
sha512_sum_to_string(Sha512sum * sha512)1371 sha512_sum_to_string (Sha512sum *sha512)
1372 {
1373   return digest_to_string (sha512->digest, SHA512_DIGEST_LEN);
1374 }
1375 
1376 static void
sha384_sum_digest(Sha512sum * sha512,guint8 * digest)1377 sha384_sum_digest (Sha512sum *sha512,
1378                    guint8    *digest)
1379 {
1380   memcpy (digest, sha512->digest, SHA384_DIGEST_LEN);
1381 }
1382 
1383 static void
sha512_sum_digest(Sha512sum * sha512,guint8 * digest)1384 sha512_sum_digest (Sha512sum *sha512,
1385                    guint8    *digest)
1386 {
1387   memcpy (digest, sha512->digest, SHA512_DIGEST_LEN);
1388 }
1389 
1390 #undef Ch
1391 #undef Maj
1392 #undef SHR
1393 #undef ROTR
1394 #undef SIGMA0
1395 #undef SIGMA1
1396 #undef sigma0
1397 #undef sigma1
1398 
1399 #undef PUT_UINT64
1400 
1401 /*
1402  * Public API
1403  */
1404 
1405 /**
1406  * g_checksum_type_get_length:
1407  * @checksum_type: a #GChecksumType
1408  *
1409  * Gets the length in bytes of digests of type @checksum_type
1410  *
1411  * Returns: the checksum length, or -1 if @checksum_type is
1412  * not supported.
1413  *
1414  * Since: 2.16
1415  */
1416 gssize
g_checksum_type_get_length(GChecksumType checksum_type)1417 g_checksum_type_get_length (GChecksumType checksum_type)
1418 {
1419   gssize len = -1;
1420 
1421   switch (checksum_type)
1422     {
1423     case G_CHECKSUM_MD5:
1424       len = MD5_DIGEST_LEN;
1425       break;
1426     case G_CHECKSUM_SHA1:
1427       len = SHA1_DIGEST_LEN;
1428       break;
1429     case G_CHECKSUM_SHA256:
1430       len = SHA256_DIGEST_LEN;
1431       break;
1432     case G_CHECKSUM_SHA384:
1433       len = SHA384_DIGEST_LEN;
1434       break;
1435     case G_CHECKSUM_SHA512:
1436       len = SHA512_DIGEST_LEN;
1437       break;
1438     default:
1439       len = -1;
1440       break;
1441     }
1442 
1443   return len;
1444 }
1445 
1446 /**
1447  * g_checksum_new:
1448  * @checksum_type: the desired type of checksum
1449  *
1450  * Creates a new #GChecksum, using the checksum algorithm @checksum_type.
1451  * If the @checksum_type is not known, %NULL is returned.
1452  * A #GChecksum can be used to compute the checksum, or digest, of an
1453  * arbitrary binary blob, using different hashing algorithms.
1454  *
1455  * A #GChecksum works by feeding a binary blob through g_checksum_update()
1456  * until there is data to be checked; the digest can then be extracted
1457  * using g_checksum_get_string(), which will return the checksum as a
1458  * hexadecimal string; or g_checksum_get_digest(), which will return a
1459  * vector of raw bytes. Once either g_checksum_get_string() or
1460  * g_checksum_get_digest() have been called on a #GChecksum, the checksum
1461  * will be closed and it won't be possible to call g_checksum_update()
1462  * on it anymore.
1463  *
1464  * Returns: (transfer full) (nullable): the newly created #GChecksum, or %NULL.
1465  *   Use g_checksum_free() to free the memory allocated by it.
1466  *
1467  * Since: 2.16
1468  */
1469 GChecksum *
g_checksum_new(GChecksumType checksum_type)1470 g_checksum_new (GChecksumType checksum_type)
1471 {
1472   GChecksum *checksum;
1473 
1474   if (! IS_VALID_TYPE (checksum_type))
1475     return NULL;
1476 
1477   checksum = g_slice_new0 (GChecksum);
1478   checksum->type = checksum_type;
1479 
1480   g_checksum_reset (checksum);
1481 
1482   return checksum;
1483 }
1484 
1485 /**
1486  * g_checksum_reset:
1487  * @checksum: the #GChecksum to reset
1488  *
1489  * Resets the state of the @checksum back to its initial state.
1490  *
1491  * Since: 2.18
1492  **/
1493 void
g_checksum_reset(GChecksum * checksum)1494 g_checksum_reset (GChecksum *checksum)
1495 {
1496   g_return_if_fail (checksum != NULL);
1497 
1498   g_free (checksum->digest_str);
1499   checksum->digest_str = NULL;
1500 
1501   switch (checksum->type)
1502     {
1503     case G_CHECKSUM_MD5:
1504       md5_sum_init (&(checksum->sum.md5));
1505       break;
1506     case G_CHECKSUM_SHA1:
1507       sha1_sum_init (&(checksum->sum.sha1));
1508       break;
1509     case G_CHECKSUM_SHA256:
1510       sha256_sum_init (&(checksum->sum.sha256));
1511       break;
1512     case G_CHECKSUM_SHA384:
1513       sha384_sum_init (&(checksum->sum.sha512));
1514       break;
1515     case G_CHECKSUM_SHA512:
1516       sha512_sum_init (&(checksum->sum.sha512));
1517       break;
1518     default:
1519       g_assert_not_reached ();
1520       break;
1521     }
1522 }
1523 
1524 /**
1525  * g_checksum_copy:
1526  * @checksum: the #GChecksum to copy
1527  *
1528  * Copies a #GChecksum. If @checksum has been closed, by calling
1529  * g_checksum_get_string() or g_checksum_get_digest(), the copied
1530  * checksum will be closed as well.
1531  *
1532  * Returns: (transfer full): the copy of the passed #GChecksum. Use
1533  *   g_checksum_free() when finished using it.
1534  *
1535  * Since: 2.16
1536  */
1537 GChecksum *
g_checksum_copy(const GChecksum * checksum)1538 g_checksum_copy (const GChecksum *checksum)
1539 {
1540   GChecksum *copy;
1541 
1542   g_return_val_if_fail (checksum != NULL, NULL);
1543 
1544   copy = g_slice_new (GChecksum);
1545   *copy = *checksum;
1546 
1547   copy->digest_str = g_strdup (checksum->digest_str);
1548 
1549   return copy;
1550 }
1551 
1552 /**
1553  * g_checksum_free:
1554  * @checksum: a #GChecksum
1555  *
1556  * Frees the memory allocated for @checksum.
1557  *
1558  * Since: 2.16
1559  */
1560 void
g_checksum_free(GChecksum * checksum)1561 g_checksum_free (GChecksum *checksum)
1562 {
1563   if (G_LIKELY (checksum))
1564     {
1565       g_free (checksum->digest_str);
1566 
1567       g_slice_free (GChecksum, checksum);
1568     }
1569 }
1570 
1571 /**
1572  * g_checksum_update:
1573  * @checksum: a #GChecksum
1574  * @data: (array length=length) (element-type guint8): buffer used to compute the checksum
1575  * @length: size of the buffer, or -1 if it is a null-terminated string.
1576  *
1577  * Feeds @data into an existing #GChecksum. The checksum must still be
1578  * open, that is g_checksum_get_string() or g_checksum_get_digest() must
1579  * not have been called on @checksum.
1580  *
1581  * Since: 2.16
1582  */
1583 void
g_checksum_update(GChecksum * checksum,const guchar * data,gssize length)1584 g_checksum_update (GChecksum    *checksum,
1585                    const guchar *data,
1586                    gssize        length)
1587 {
1588   g_return_if_fail (checksum != NULL);
1589   g_return_if_fail (length == 0 || data != NULL);
1590 
1591   if (length < 0)
1592     length = strlen ((const gchar *) data);
1593 
1594   if (checksum->digest_str)
1595     {
1596       g_warning ("The checksum '%s' has been closed and cannot be updated "
1597                  "anymore.",
1598                  checksum->digest_str);
1599       return;
1600     }
1601 
1602   switch (checksum->type)
1603     {
1604     case G_CHECKSUM_MD5:
1605       md5_sum_update (&(checksum->sum.md5), data, length);
1606       break;
1607     case G_CHECKSUM_SHA1:
1608       sha1_sum_update (&(checksum->sum.sha1), data, length);
1609       break;
1610     case G_CHECKSUM_SHA256:
1611       sha256_sum_update (&(checksum->sum.sha256), data, length);
1612       break;
1613     case G_CHECKSUM_SHA384:
1614     case G_CHECKSUM_SHA512:
1615       sha512_sum_update (&(checksum->sum.sha512), data, length);
1616       break;
1617     default:
1618       g_assert_not_reached ();
1619       break;
1620     }
1621 }
1622 
1623 /**
1624  * g_checksum_get_string:
1625  * @checksum: a #GChecksum
1626  *
1627  * Gets the digest as a hexadecimal string.
1628  *
1629  * Once this function has been called the #GChecksum can no longer be
1630  * updated with g_checksum_update().
1631  *
1632  * The hexadecimal characters will be lower case.
1633  *
1634  * Returns: the hexadecimal representation of the checksum. The
1635  *   returned string is owned by the checksum and should not be modified
1636  *   or freed.
1637  *
1638  * Since: 2.16
1639  */
1640 const gchar *
g_checksum_get_string(GChecksum * checksum)1641 g_checksum_get_string (GChecksum *checksum)
1642 {
1643   gchar *str = NULL;
1644 
1645   g_return_val_if_fail (checksum != NULL, NULL);
1646 
1647   if (checksum->digest_str)
1648     return checksum->digest_str;
1649 
1650   switch (checksum->type)
1651     {
1652     case G_CHECKSUM_MD5:
1653       md5_sum_close (&(checksum->sum.md5));
1654       str = md5_sum_to_string (&(checksum->sum.md5));
1655       break;
1656     case G_CHECKSUM_SHA1:
1657       sha1_sum_close (&(checksum->sum.sha1));
1658       str = sha1_sum_to_string (&(checksum->sum.sha1));
1659       break;
1660     case G_CHECKSUM_SHA256:
1661       sha256_sum_close (&(checksum->sum.sha256));
1662       str = sha256_sum_to_string (&(checksum->sum.sha256));
1663       break;
1664     case G_CHECKSUM_SHA384:
1665       sha512_sum_close (&(checksum->sum.sha512));
1666       str = sha384_sum_to_string (&(checksum->sum.sha512));
1667       break;
1668     case G_CHECKSUM_SHA512:
1669       sha512_sum_close (&(checksum->sum.sha512));
1670       str = sha512_sum_to_string (&(checksum->sum.sha512));
1671       break;
1672     default:
1673       g_assert_not_reached ();
1674       break;
1675     }
1676 
1677   checksum->digest_str = str;
1678 
1679   return checksum->digest_str;
1680 }
1681 
1682 /**
1683  * g_checksum_get_digest: (skip)
1684  * @checksum: a #GChecksum
1685  * @buffer: (array length=digest_len): output buffer
1686  * @digest_len: (inout): an inout parameter. The caller initializes it to the size of @buffer.
1687  *   After the call it contains the length of the digest.
1688  *
1689  * Gets the digest from @checksum as a raw binary vector and places it
1690  * into @buffer. The size of the digest depends on the type of checksum.
1691  *
1692  * Once this function has been called, the #GChecksum is closed and can
1693  * no longer be updated with g_checksum_update().
1694  *
1695  * Since: 2.16
1696  */
1697 void
g_checksum_get_digest(GChecksum * checksum,guint8 * buffer,gsize * digest_len)1698 g_checksum_get_digest (GChecksum  *checksum,
1699                        guint8     *buffer,
1700                        gsize      *digest_len)
1701 {
1702   gboolean checksum_open = FALSE;
1703   gchar *str = NULL;
1704   gsize len;
1705 
1706   g_return_if_fail (checksum != NULL);
1707 
1708   len = g_checksum_type_get_length (checksum->type);
1709   g_return_if_fail (*digest_len >= len);
1710 
1711   checksum_open = !!(checksum->digest_str == NULL);
1712 
1713   switch (checksum->type)
1714     {
1715     case G_CHECKSUM_MD5:
1716       if (checksum_open)
1717         {
1718           md5_sum_close (&(checksum->sum.md5));
1719           str = md5_sum_to_string (&(checksum->sum.md5));
1720         }
1721       md5_sum_digest (&(checksum->sum.md5), buffer);
1722       break;
1723     case G_CHECKSUM_SHA1:
1724       if (checksum_open)
1725         {
1726           sha1_sum_close (&(checksum->sum.sha1));
1727           str = sha1_sum_to_string (&(checksum->sum.sha1));
1728         }
1729       sha1_sum_digest (&(checksum->sum.sha1), buffer);
1730       break;
1731     case G_CHECKSUM_SHA256:
1732       if (checksum_open)
1733         {
1734           sha256_sum_close (&(checksum->sum.sha256));
1735           str = sha256_sum_to_string (&(checksum->sum.sha256));
1736         }
1737       sha256_sum_digest (&(checksum->sum.sha256), buffer);
1738       break;
1739     case G_CHECKSUM_SHA384:
1740       if (checksum_open)
1741         {
1742           sha512_sum_close (&(checksum->sum.sha512));
1743           str = sha384_sum_to_string (&(checksum->sum.sha512));
1744         }
1745       sha384_sum_digest (&(checksum->sum.sha512), buffer);
1746       break;
1747     case G_CHECKSUM_SHA512:
1748       if (checksum_open)
1749         {
1750           sha512_sum_close (&(checksum->sum.sha512));
1751           str = sha512_sum_to_string (&(checksum->sum.sha512));
1752         }
1753       sha512_sum_digest (&(checksum->sum.sha512), buffer);
1754       break;
1755     default:
1756       g_assert_not_reached ();
1757       break;
1758     }
1759 
1760   if (str)
1761     checksum->digest_str = str;
1762 
1763   *digest_len = len;
1764 }
1765 
1766 /**
1767  * g_compute_checksum_for_data:
1768  * @checksum_type: a #GChecksumType
1769  * @data: (array length=length) (element-type guint8): binary blob to compute the digest of
1770  * @length: length of @data
1771  *
1772  * Computes the checksum for a binary @data of @length. This is a
1773  * convenience wrapper for g_checksum_new(), g_checksum_get_string()
1774  * and g_checksum_free().
1775  *
1776  * The hexadecimal string returned will be in lower case.
1777  *
1778  * Returns: (transfer full) (nullable): the digest of the binary data as a
1779  *   string in hexadecimal, or %NULL if g_checksum_new() fails for
1780  *   @checksum_type. The returned string should be freed with g_free() when
1781  *   done using it.
1782  *
1783  * Since: 2.16
1784  */
1785 gchar *
g_compute_checksum_for_data(GChecksumType checksum_type,const guchar * data,gsize length)1786 g_compute_checksum_for_data (GChecksumType  checksum_type,
1787                              const guchar  *data,
1788                              gsize          length)
1789 {
1790   GChecksum *checksum;
1791   gchar *retval;
1792 
1793   g_return_val_if_fail (length == 0 || data != NULL, NULL);
1794 
1795   checksum = g_checksum_new (checksum_type);
1796   if (!checksum)
1797     return NULL;
1798 
1799   g_checksum_update (checksum, data, length);
1800   retval = g_strdup (g_checksum_get_string (checksum));
1801   g_checksum_free (checksum);
1802 
1803   return retval;
1804 }
1805 
1806 /**
1807  * g_compute_checksum_for_string:
1808  * @checksum_type: a #GChecksumType
1809  * @str: the string to compute the checksum of
1810  * @length: the length of the string, or -1 if the string is null-terminated.
1811  *
1812  * Computes the checksum of a string.
1813  *
1814  * The hexadecimal string returned will be in lower case.
1815  *
1816  * Returns: (transfer full) (nullable): the checksum as a hexadecimal string,
1817  *   or %NULL if g_checksum_new() fails for @checksum_type. The returned string
1818  *   should be freed with g_free() when done using it.
1819  *
1820  * Since: 2.16
1821  */
1822 gchar *
g_compute_checksum_for_string(GChecksumType checksum_type,const gchar * str,gssize length)1823 g_compute_checksum_for_string (GChecksumType  checksum_type,
1824                                const gchar   *str,
1825                                gssize         length)
1826 {
1827   g_return_val_if_fail (length == 0 || str != NULL, NULL);
1828 
1829   if (length < 0)
1830     length = strlen (str);
1831 
1832   return g_compute_checksum_for_data (checksum_type, (const guchar *) str, length);
1833 }
1834 
1835 /**
1836  * g_compute_checksum_for_bytes:
1837  * @checksum_type: a #GChecksumType
1838  * @data: binary blob to compute the digest of
1839  *
1840  * Computes the checksum for a binary @data. This is a
1841  * convenience wrapper for g_checksum_new(), g_checksum_get_string()
1842  * and g_checksum_free().
1843  *
1844  * The hexadecimal string returned will be in lower case.
1845  *
1846  * Returns: (transfer full) (nullable): the digest of the binary data as a
1847  *   string in hexadecimal, or %NULL if g_checksum_new() fails for
1848  *   @checksum_type. The returned string should be freed with g_free() when
1849  *   done using it.
1850  *
1851  * Since: 2.34
1852  */
1853 gchar *
g_compute_checksum_for_bytes(GChecksumType checksum_type,GBytes * data)1854 g_compute_checksum_for_bytes (GChecksumType  checksum_type,
1855                               GBytes        *data)
1856 {
1857   gconstpointer byte_data;
1858   gsize length;
1859 
1860   g_return_val_if_fail (data != NULL, NULL);
1861 
1862   byte_data = g_bytes_get_data (data, &length);
1863   return g_compute_checksum_for_data (checksum_type, byte_data, length);
1864 }
1865