2 This file is part of GNUnet.
3 (C) 2001, 2002, 2003, 2004, 2005, 2006, 2009 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 2, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
20 SHA-512 code by Jean-Luc Cooke <jlcooke@certainkey.com>
22 Copyright (c) Jean-Luc Cooke <jlcooke@certainkey.com>
23 Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk>
24 Copyright (c) 2003 Kyle McMartin <kyle@debian.org>
28 * @file util/crypto_hash.c
29 * @brief SHA-512 GNUNET_CRYPTO_hash related functions
30 * @author Christian Grothoff
34 #include "gnunet_common.h"
35 #include "gnunet_crypto_lib.h"
36 #include "gnunet_disk_lib.h"
39 #define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__)
41 #define LOG_STRERROR_FILE(kind,syscall,filename) GNUNET_log_from_strerror_file (kind, "util", syscall, filename)
44 * Hash block of given size.
46 * @param block the data to GNUNET_CRYPTO_hash, length is given as a second argument
47 * @param size the length of the data to GNUNET_CRYPTO_hash
48 * @param ret pointer to where to write the hashcode
51 GNUNET_CRYPTO_hash (const void *block, size_t size, GNUNET_HashCode * ret)
53 gcry_md_hash_buffer (GCRY_MD_SHA512, ret, block, size);
58 * Context used when hashing a file.
60 struct GNUNET_CRYPTO_FileHashContext
64 * Function to call upon completion.
66 GNUNET_CRYPTO_HashCompletedCallback callback;
69 * Closure for callback.
76 unsigned char *buffer;
79 * Name of the file we are hashing.
86 struct GNUNET_DISK_FileHandle *fh;
104 * Current task for hashing.
106 GNUNET_SCHEDULER_TaskIdentifier task;
111 enum GNUNET_SCHEDULER_Priority priority;
122 * Report result of hash computation to callback
123 * and free associated resources.
126 file_hash_finish (struct GNUNET_CRYPTO_FileHashContext *fhc,
127 const GNUNET_HashCode * res)
129 fhc->callback (fhc->callback_cls, res);
130 GNUNET_free (fhc->filename);
131 if (!GNUNET_DISK_handle_invalid (fhc->fh))
132 GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fhc->fh));
133 gcry_md_close (fhc->md);
134 GNUNET_free (fhc); /* also frees fhc->buffer */
145 file_hash_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
147 struct GNUNET_CRYPTO_FileHashContext *fhc = cls;
148 GNUNET_HashCode *res;
151 fhc->task = GNUNET_SCHEDULER_NO_TASK;
152 GNUNET_assert (fhc->offset <= fhc->fsize);
154 if (fhc->fsize - fhc->offset < delta)
155 delta = fhc->fsize - fhc->offset;
156 if (delta != GNUNET_DISK_file_read (fhc->fh, fhc->buffer, delta))
158 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "read", fhc->filename);
159 file_hash_finish (fhc, NULL);
162 gcry_md_write (fhc->md, fhc->buffer, delta);
163 fhc->offset += delta;
164 if (fhc->offset == fhc->fsize)
166 res = (GNUNET_HashCode *) gcry_md_read (fhc->md, GCRY_MD_SHA512);
167 file_hash_finish (fhc, res);
170 fhc->task = GNUNET_SCHEDULER_add_with_priority (fhc->priority,
171 &file_hash_task, fhc);
176 * Compute the hash of an entire file.
178 * @param priority scheduling priority to use
179 * @param filename name of file to hash
180 * @param blocksize number of bytes to process in one task
181 * @param callback function to call upon completion
182 * @param callback_cls closure for callback
183 * @return NULL on (immediate) errror
185 struct GNUNET_CRYPTO_FileHashContext *
186 GNUNET_CRYPTO_hash_file (enum GNUNET_SCHEDULER_Priority priority,
187 const char *filename, size_t blocksize,
188 GNUNET_CRYPTO_HashCompletedCallback callback,
191 struct GNUNET_CRYPTO_FileHashContext *fhc;
193 GNUNET_assert (blocksize > 0);
195 GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_FileHashContext) + blocksize);
196 fhc->callback = callback;
197 fhc->callback_cls = callback_cls;
198 fhc->buffer = (unsigned char *) &fhc[1];
199 fhc->filename = GNUNET_strdup (filename);
200 if (GPG_ERR_NO_ERROR != gcry_md_open (&fhc->md, GCRY_MD_SHA512, 0))
206 fhc->bsize = blocksize;
207 if (GNUNET_OK != GNUNET_DISK_file_size (filename, &fhc->fsize, GNUNET_NO))
209 GNUNET_free (fhc->filename);
214 GNUNET_DISK_file_open (filename, GNUNET_DISK_OPEN_READ,
215 GNUNET_DISK_PERM_NONE);
218 GNUNET_free (fhc->filename);
222 fhc->priority = priority;
224 GNUNET_SCHEDULER_add_with_priority (priority, &file_hash_task, fhc);
230 * Cancel a file hashing operation.
232 * @param fhc operation to cancel (callback must not yet have been invoked)
235 GNUNET_CRYPTO_hash_file_cancel (struct GNUNET_CRYPTO_FileHashContext *fhc)
237 GNUNET_SCHEDULER_cancel (fhc->task);
238 GNUNET_free (fhc->filename);
239 GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fhc->fh));
244 /* ***************** binary-ASCII encoding *************** */
247 * Get the numeric value corresponding to a character.
249 * @param a a character
250 * @return corresponding numeric value
253 getValue__ (unsigned char a)
255 if ((a >= '0') && (a <= '9'))
257 if ((a >= 'A') && (a <= 'V'))
258 return (a - 'A' + 10);
264 * Convert binary data to ASCII encoding. The ASCII encoding is rather
265 * GNUnet specific. It was chosen such that it only uses characters
266 * in [0-9A-V], can be produced without complex arithmetics and uses a
267 * small number of characters.
268 * Does not append 0-terminator, but returns a pointer to the place where
269 * it should be placed, if needed.
271 * @param data data to encode
272 * @param size size of data (in bytes)
273 * @param out buffer to fill
274 * @param out_size size of the buffer. Must be large enough to hold
275 * ((size*8) + (((size*8) % 5) > 0 ? 5 - ((size*8) % 5) : 0)) / 5 bytes
276 * @return pointer to the next byte in 'out' or NULL on error.
279 GNUNET_CRYPTO_data_to_string (unsigned char *data, size_t size, char *out, size_t out_size)
282 * 32 characters for encoding (GNUNET_CRYPTO_hash => 32 characters)
284 static char *encTable__ = "0123456789ABCDEFGHIJKLMNOPQRSTUV";
290 GNUNET_assert (data != NULL);
291 GNUNET_assert (out != NULL);
292 GNUNET_assert (out_size >= (((size*8) + ((size*8) % 5)) % 5));
297 while ((rpos < size) || (vbit > 0))
299 if ((rpos < size) && (vbit < 5))
301 bits = (bits << 8) | data[rpos++]; /* eat 8 more bits */
306 bits <<= (5 - vbit); /* zero-padding */
307 GNUNET_assert (vbit == ((size * 8) % 5));
310 if (wpos >= out_size)
312 out[wpos++] = encTable__[(bits >> (vbit - 5)) & 31];
315 if (wpos != out_size)
317 GNUNET_assert (vbit == 0);
323 * Convert ASCII encoding back to data
324 * out_size must match exactly the size of the data before it was encoded.
326 * @param enc the encoding
327 * @param enclen number of characters in 'enc' (without 0-terminator, which can be missing)
328 * @param out location where to store the decoded data
329 * @param out_size sizeof the output buffer
330 * @return GNUNET_OK on success, GNUNET_SYSERR if result has the wrong encoding
333 GNUNET_CRYPTO_string_to_data (const char *enc, size_t enclen,
334 unsigned char *out, size_t out_size)
342 int encoded_len = out_size * 8;
343 if (encoded_len % 5 > 0)
345 vbit = encoded_len % 5; /* padding! */
353 if ((encoded_len + shift) / 5 != enclen)
354 return GNUNET_SYSERR;
358 bits = (ret = getValue__ (enc[--rpos])) >> (5 - encoded_len % 5);
360 return GNUNET_SYSERR;
363 GNUNET_assert (rpos > 0);
364 bits = ((ret = getValue__ (enc[--rpos])) << vbit) | bits;
366 return GNUNET_SYSERR;
370 out[--wpos] = (unsigned char) bits;
375 GNUNET_assert (rpos == 0);
376 GNUNET_assert (vbit == 0);
382 * Convert GNUNET_CRYPTO_hash to ASCII encoding. The ASCII encoding is rather
383 * GNUnet specific. It was chosen such that it only uses characters
384 * in [0-9A-V], can be produced without complex arithmetics and uses a
385 * small number of characters. The GNUnet encoding uses 103
386 * characters plus a null terminator.
388 * @param block the hash code
389 * @param result where to store the encoding (struct GNUNET_CRYPTO_HashAsciiEncoded can be
390 * safely cast to char*, a '\\0' termination is set).
393 GNUNET_CRYPTO_hash_to_enc (const GNUNET_HashCode * block,
394 struct GNUNET_CRYPTO_HashAsciiEncoded *result)
397 * 32 characters for encoding (GNUNET_CRYPTO_hash => 32 characters)
399 static char *encTable__ = "0123456789ABCDEFGHIJKLMNOPQRSTUV";
405 GNUNET_assert (block != NULL);
406 GNUNET_assert (result != NULL);
411 while ((rpos < sizeof (GNUNET_HashCode)) || (vbit > 0))
413 if ((rpos < sizeof (GNUNET_HashCode)) && (vbit < 5))
415 bits = (bits << 8) | ((unsigned char *) block)[rpos++]; /* eat 8 more bits */
420 bits <<= (5 - vbit); /* zero-padding */
421 GNUNET_assert (vbit == 2); /* padding by 3: 512+3 mod 5 == 0 */
424 GNUNET_assert (wpos < sizeof (struct GNUNET_CRYPTO_HashAsciiEncoded) - 1);
425 result->encoding[wpos++] = encTable__[(bits >> (vbit - 5)) & 31];
428 GNUNET_assert (wpos == sizeof (struct GNUNET_CRYPTO_HashAsciiEncoded) - 1);
429 GNUNET_assert (vbit == 0);
430 result->encoding[wpos] = '\0';
435 * Convert ASCII encoding back to GNUNET_CRYPTO_hash
437 * @param enc the encoding
438 * @param enclen number of characters in 'enc' (without 0-terminator, which can be missing)
439 * @param result where to store the GNUNET_CRYPTO_hash code
440 * @return GNUNET_OK on success, GNUNET_SYSERR if result has the wrong encoding
443 GNUNET_CRYPTO_hash_from_string2 (const char *enc, size_t enclen,
444 GNUNET_HashCode * result)
452 if (enclen != sizeof (struct GNUNET_CRYPTO_HashAsciiEncoded) - 1)
453 return GNUNET_SYSERR;
455 vbit = 2; /* padding! */
456 wpos = sizeof (GNUNET_HashCode);
457 rpos = sizeof (struct GNUNET_CRYPTO_HashAsciiEncoded) - 1;
458 bits = (ret = getValue__ (enc[--rpos])) >> 3;
460 return GNUNET_SYSERR;
463 GNUNET_assert (rpos > 0);
464 bits = ((ret = getValue__ (enc[--rpos])) << vbit) | bits;
466 return GNUNET_SYSERR;
470 ((unsigned char *) result)[--wpos] = (unsigned char) bits;
475 GNUNET_assert (rpos == 0);
476 GNUNET_assert (vbit == 0);
482 * Compute the distance between 2 hashcodes. The computation must be
483 * fast, not involve bits[0] or bits[4] (they're used elsewhere), and be
484 * somewhat consistent. And of course, the result should be a positive
487 * @param a some hash code
488 * @param b some hash code
489 * @return a positive number which is a measure for
490 * hashcode proximity.
493 GNUNET_CRYPTO_hash_distance_u32 (const GNUNET_HashCode * a,
494 const GNUNET_HashCode * b)
496 unsigned int x1 = (a->bits[1] - b->bits[1]) >> 16;
497 unsigned int x2 = (b->bits[1] - a->bits[1]) >> 16;
504 * Create a random hash code.
506 * @param mode desired quality level
507 * @param result hash code that is randomized
510 GNUNET_CRYPTO_hash_create_random (enum GNUNET_CRYPTO_Quality mode,
511 GNUNET_HashCode * result)
515 for (i = (sizeof (GNUNET_HashCode) / sizeof (uint32_t)) - 1; i >= 0; i--)
516 result->bits[i] = GNUNET_CRYPTO_random_u32 (mode, UINT32_MAX);
521 * compute result(delta) = b - a
523 * @param a some hash code
524 * @param b some hash code
525 * @param result set to b - a
528 GNUNET_CRYPTO_hash_difference (const GNUNET_HashCode * a,
529 const GNUNET_HashCode * b,
530 GNUNET_HashCode * result)
534 for (i = (sizeof (GNUNET_HashCode) / sizeof (unsigned int)) - 1; i >= 0; i--)
535 result->bits[i] = b->bits[i] - a->bits[i];
540 * compute result(b) = a + delta
542 * @param a some hash code
543 * @param delta some hash code
544 * @param result set to a + delta
547 GNUNET_CRYPTO_hash_sum (const GNUNET_HashCode * a,
548 const GNUNET_HashCode * delta, GNUNET_HashCode * result)
552 for (i = (sizeof (GNUNET_HashCode) / sizeof (unsigned int)) - 1; i >= 0; i--)
553 result->bits[i] = delta->bits[i] + a->bits[i];
558 * compute result = a ^ b
560 * @param a some hash code
561 * @param b some hash code
562 * @param result set to a ^ b
565 GNUNET_CRYPTO_hash_xor (const GNUNET_HashCode * a, const GNUNET_HashCode * b,
566 GNUNET_HashCode * result)
570 for (i = (sizeof (GNUNET_HashCode) / sizeof (unsigned int)) - 1; i >= 0; i--)
571 result->bits[i] = a->bits[i] ^ b->bits[i];
576 * Convert a hashcode into a key.
578 * @param hc hash code that serves to generate the key
579 * @param skey set to a valid session key
580 * @param iv set to a valid initialization vector
583 GNUNET_CRYPTO_hash_to_aes_key (const GNUNET_HashCode * hc,
584 struct GNUNET_CRYPTO_AesSessionKey *skey,
585 struct GNUNET_CRYPTO_AesInitializationVector *iv)
587 GNUNET_assert (sizeof (GNUNET_HashCode) >=
588 GNUNET_CRYPTO_AES_KEY_LENGTH +
589 sizeof (struct GNUNET_CRYPTO_AesInitializationVector));
590 memcpy (skey, hc, GNUNET_CRYPTO_AES_KEY_LENGTH);
592 htonl (GNUNET_CRYPTO_crc32_n (skey, GNUNET_CRYPTO_AES_KEY_LENGTH));
593 memcpy (iv, &((char *) hc)[GNUNET_CRYPTO_AES_KEY_LENGTH],
594 sizeof (struct GNUNET_CRYPTO_AesInitializationVector));
599 * Obtain a bit from a hashcode.
600 * @param code the GNUNET_CRYPTO_hash to index bit-wise
601 * @param bit index into the hashcode, [0...511]
602 * @return Bit \a bit from hashcode \a code, -1 for invalid index
605 GNUNET_CRYPTO_hash_get_bit (const GNUNET_HashCode * code, unsigned int bit)
607 GNUNET_assert (bit < 8 * sizeof (GNUNET_HashCode));
608 return (((unsigned char *) code)[bit >> 3] & (1 << (bit & 7))) > 0;
613 * Determine how many low order bits match in two
614 * GNUNET_HashCodes. i.e. - 010011 and 011111 share
615 * the first two lowest order bits, and therefore the
616 * return value is two (NOT XOR distance, nor how many
617 * bits match absolutely!).
619 * @param first the first hashcode
620 * @param second the hashcode to compare first to
622 * @return the number of bits that match
625 GNUNET_CRYPTO_hash_matching_bits (const GNUNET_HashCode * first,
626 const GNUNET_HashCode * second)
630 for (i = 0; i < sizeof (GNUNET_HashCode) * 8; i++)
631 if (GNUNET_CRYPTO_hash_get_bit (first, i) !=
632 GNUNET_CRYPTO_hash_get_bit (second, i))
634 return sizeof (GNUNET_HashCode) * 8;
639 * Compare function for HashCodes, producing a total ordering
642 * @param h1 some hash code
643 * @param h2 some hash code
644 * @return 1 if h1 > h2, -1 if h1 < h2 and 0 if h1 == h2.
647 GNUNET_CRYPTO_hash_cmp (const GNUNET_HashCode * h1, const GNUNET_HashCode * h2)
653 i1 = (unsigned int *) h1;
654 i2 = (unsigned int *) h2;
655 for (i = (sizeof (GNUNET_HashCode) / sizeof (unsigned int)) - 1; i >= 0; i--)
667 * Find out which of the two GNUNET_CRYPTO_hash codes is closer to target
668 * in the XOR metric (Kademlia).
670 * @param h1 some hash code
671 * @param h2 some hash code
672 * @param target some hash code
673 * @return -1 if h1 is closer, 1 if h2 is closer and 0 if h1==h2.
676 GNUNET_CRYPTO_hash_xorcmp (const GNUNET_HashCode * h1,
677 const GNUNET_HashCode * h2,
678 const GNUNET_HashCode * target)
684 for (i = sizeof (GNUNET_HashCode) / sizeof (unsigned int) - 1; i >= 0; i--)
686 d1 = ((unsigned int *) h1)[i] ^ ((unsigned int *) target)[i];
687 d2 = ((unsigned int *) h2)[i] ^ ((unsigned int *) target)[i];
698 * @brief Derive an authentication key
699 * @param key authentication key
700 * @param rkey root key
702 * @param salt_len size of the salt
703 * @param ... pair of void * & size_t for context chunks, terminated by NULL
706 GNUNET_CRYPTO_hmac_derive_key (struct GNUNET_CRYPTO_AuthKey *key,
707 const struct GNUNET_CRYPTO_AesSessionKey *rkey,
708 const void *salt, size_t salt_len, ...)
712 va_start (argp, salt_len);
713 GNUNET_CRYPTO_hmac_derive_key_v (key, rkey, salt, salt_len, argp);
719 * @brief Derive an authentication key
720 * @param key authentication key
721 * @param rkey root key
723 * @param salt_len size of the salt
724 * @param argp pair of void * & size_t for context chunks, terminated by NULL
727 GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key,
728 const struct GNUNET_CRYPTO_AesSessionKey *rkey,
729 const void *salt, size_t salt_len,
732 GNUNET_CRYPTO_kdf_v (key->key, sizeof (key->key), salt, salt_len, rkey->key,
733 sizeof (rkey->key), argp);
738 * Calculate HMAC of a message (RFC 2104)
740 * @param key secret key
741 * @param plaintext input plaintext
742 * @param plaintext_len length of plaintext
743 * @param hmac where to store the hmac
746 GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
747 const void *plaintext, size_t plaintext_len,
748 GNUNET_HashCode * hmac)
751 const unsigned char *mc;
753 GNUNET_assert (GPG_ERR_NO_ERROR ==
754 gcry_md_open (&md, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC));
755 gcry_md_setkey (md, key->key, sizeof (key->key));
756 gcry_md_write (md, plaintext, plaintext_len);
757 mc = gcry_md_read (md, GCRY_MD_SHA512);
759 memcpy (hmac->bits, mc, sizeof (hmac->bits));
764 /* end of crypto_hash.c */