X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=src%2Futil%2Fcrypto_hash.c;h=925d6b94dae969d8a0789a17869073231ddac5c1;hb=a90f8587871a66a71c802c2c8823c7a44d0f6d2c;hp=0d8cdeb5cc383e91506894770b45f8d69eb8d6c4;hpb=20945e0603fd6817a87165a9b471654130cb6d67;p=oweals%2Fgnunet.git
diff --git a/src/util/crypto_hash.c b/src/util/crypto_hash.c
index 0d8cdeb5c..925d6b94d 100644
--- a/src/util/crypto_hash.c
+++ b/src/util/crypto_hash.c
@@ -1,729 +1,231 @@
/*
This file is part of GNUnet.
- (C) 2001, 2002, 2003, 2004, 2005, 2006, 2009 Christian Grothoff (and other contributing authors)
+ Copyright (C) 2001-2013 GNUnet e.V.
- GNUnet is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published
- by the Free Software Foundation; either version 2, or (at your
- option) any later version.
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
GNUnet is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see .
- You should have received a copy of the GNU General Public License
- along with GNUnet; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA.
+ SPDX-License-Identifier: AGPL3.0-or-later
- SHA-512 code by Jean-Luc Cooke
-
- Copyright (c) Jean-Luc Cooke
- Copyright (c) Andrew McDonald
- Copyright (c) 2003 Kyle McMartin
*/
-
/**
* @file util/crypto_hash.c
- * @brief SHA-512 GNUNET_CRYPTO_hash related functions
+ * @brief SHA-512 #GNUNET_CRYPTO_hash() related functions
* @author Christian Grothoff
*/
-
#include "platform.h"
-#include "gnunet_common.h"
#include "gnunet_crypto_lib.h"
-#include "gnunet_disk_lib.h"
-
-#define SHA512_DIGEST_SIZE 64
-#define SHA512_HMAC_BLOCK_SIZE 128
-
-struct sha512_ctx
-{
- unsigned long long state[8];
- unsigned int count[4];
- unsigned char buf[128];
-};
-
-static unsigned long long
-Ch (unsigned long long x, unsigned long long y, unsigned long long z)
-{
- return z ^ (x & (y ^ z));
-}
-
-static unsigned long long
-Maj (unsigned long long x, unsigned long long y, unsigned long long z)
-{
- return (x & y) | (z & (x | y));
-}
-
-static unsigned long long
-RORu64 (unsigned long long x, unsigned long long y)
-{
- return (x >> y) | (x << (64 - y));
-}
-
-const unsigned long long sha512_K[80] = {
- 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL,
- 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
- 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL,
- 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
- 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL,
- 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
- 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL,
- 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
- 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL,
- 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
- 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL,
- 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
- 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL,
- 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
- 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL,
- 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
- 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL,
- 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
- 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL,
- 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
- 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL,
- 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
- 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL,
- 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
- 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL,
- 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
- 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL,
-};
-
-#define e0(x) (RORu64(x,28) ^ RORu64(x,34) ^ RORu64(x,39))
-#define e1(x) (RORu64(x,14) ^ RORu64(x,18) ^ RORu64(x,41))
-#define s0(x) (RORu64(x, 1) ^ RORu64(x, 8) ^ (x >> 7))
-#define s1(x) (RORu64(x,19) ^ RORu64(x,61) ^ (x >> 6))
-
-/* H* initial state for SHA-512 */
-#define H0 0x6a09e667f3bcc908ULL
-#define H1 0xbb67ae8584caa73bULL
-#define H2 0x3c6ef372fe94f82bULL
-#define H3 0xa54ff53a5f1d36f1ULL
-#define H4 0x510e527fade682d1ULL
-#define H5 0x9b05688c2b3e6c1fULL
-#define H6 0x1f83d9abfb41bd6bULL
-#define H7 0x5be0cd19137e2179ULL
-
-/* H'* initial state for SHA-384 */
-#define HP0 0xcbbb9d5dc1059ed8ULL
-#define HP1 0x629a292a367cd507ULL
-#define HP2 0x9159015a3070dd17ULL
-#define HP3 0x152fecd8f70e5939ULL
-#define HP4 0x67332667ffc00b31ULL
-#define HP5 0x8eb44a8768581511ULL
-#define HP6 0xdb0c2e0d64f98fa7ULL
-#define HP7 0x47b5481dbefa4fa4ULL
-
-#define LOAD_OP(t1, I, W, input) \
- t1 = input[(8*I) ] & 0xff;\
- t1 <<= 8;\
- t1 |= input[(8*I)+1] & 0xff;\
- t1 <<= 8;\
- t1 |= input[(8*I)+2] & 0xff;\
- t1 <<= 8;\
- t1 |= input[(8*I)+3] & 0xff;\
- t1 <<= 8;\
- t1 |= input[(8*I)+4] & 0xff;\
- t1 <<= 8;\
- t1 |= input[(8*I)+5] & 0xff;\
- t1 <<= 8;\
- t1 |= input[(8*I)+6] & 0xff;\
- t1 <<= 8;\
- t1 |= input[(8*I)+7] & 0xff;\
- W[I] = t1;
-
-
-#define BLEND_OP(I, W) \
- W[I] = s1(W[I-2]) + W[I-7] + s0(W[I-15]) + W[I-16];
-
-static void
-sha512_transform (unsigned long long *state, const unsigned char *input)
-{
- unsigned long long a, b, c, d, e, f, g, h, t1, t2;
- unsigned long long W[80];
- unsigned long long t0;
- int i;
-
- /* load the input */
- for (i = 0; i < 16; i++)
- {
- LOAD_OP (t0, i, W, input);
- }
-
- for (i = 16; i < 80; i++)
- {
- BLEND_OP (i, W);
- }
-
- /* load the state into our registers */
- a = state[0];
- b = state[1];
- c = state[2];
- d = state[3];
- e = state[4];
- f = state[5];
- g = state[6];
- h = state[7];
-
- /* now iterate */
- for (i = 0; i < 80; i += 8)
- {
- t1 = h + e1 (e) + Ch (e, f, g) + sha512_K[i] + W[i];
- t2 = e0 (a) + Maj (a, b, c);
- d += t1;
- h = t1 + t2;
- t1 = g + e1 (d) + Ch (d, e, f) + sha512_K[i + 1] + W[i + 1];
- t2 = e0 (h) + Maj (h, a, b);
- c += t1;
- g = t1 + t2;
- t1 = f + e1 (c) + Ch (c, d, e) + sha512_K[i + 2] + W[i + 2];
- t2 = e0 (g) + Maj (g, h, a);
- b += t1;
- f = t1 + t2;
- t1 = e + e1 (b) + Ch (b, c, d) + sha512_K[i + 3] + W[i + 3];
- t2 = e0 (f) + Maj (f, g, h);
- a += t1;
- e = t1 + t2;
- t1 = d + e1 (a) + Ch (a, b, c) + sha512_K[i + 4] + W[i + 4];
- t2 = e0 (e) + Maj (e, f, g);
- h += t1;
- d = t1 + t2;
- t1 = c + e1 (h) + Ch (h, a, b) + sha512_K[i + 5] + W[i + 5];
- t2 = e0 (d) + Maj (d, e, f);
- g += t1;
- c = t1 + t2;
- t1 = b + e1 (g) + Ch (g, h, a) + sha512_K[i + 6] + W[i + 6];
- t2 = e0 (c) + Maj (c, d, e);
- f += t1;
- b = t1 + t2;
- t1 = a + e1 (f) + Ch (f, g, h) + sha512_K[i + 7] + W[i + 7];
- t2 = e0 (b) + Maj (b, c, d);
- e += t1;
- a = t1 + t2;
- }
-
- state[0] += a;
- state[1] += b;
- state[2] += c;
- state[3] += d;
- state[4] += e;
- state[5] += f;
- state[6] += g;
- state[7] += h;
-
- /* erase our data */
- a = b = c = d = e = f = g = h = t1 = t2 = 0;
- memset (W, 0, 80 * sizeof (unsigned long long));
-}
-
-static void
-sha512_init (struct sha512_ctx *sctx)
-{
- sctx->state[0] = H0;
- sctx->state[1] = H1;
- sctx->state[2] = H2;
- sctx->state[3] = H3;
- sctx->state[4] = H4;
- sctx->state[5] = H5;
- sctx->state[6] = H6;
- sctx->state[7] = H7;
- sctx->count[0] = sctx->count[1] = sctx->count[2] = sctx->count[3] = 0;
- memset (sctx->buf, 0, sizeof (sctx->buf));
-}
-
-static void
-sha512_update (struct sha512_ctx *sctx,
- const unsigned char *data, unsigned int len)
-{
- unsigned int i, index, part_len;
+#include "gnunet_strings_lib.h"
+#include "benchmark.h"
+#include
- /* Compute number of bytes mod 128 */
- index = (unsigned int) ((sctx->count[0] >> 3) & 0x7F);
+#define LOG(kind,...) GNUNET_log_from (kind, "util-crypto-hash", __VA_ARGS__)
- /* Update number of bits */
- if ((sctx->count[0] += (len << 3)) < (len << 3))
- {
- if ((sctx->count[1] += 1) < 1)
- if ((sctx->count[2] += 1) < 1)
- sctx->count[3]++;
- sctx->count[1] += (len >> 29);
- }
-
- part_len = 128 - index;
-
- /* Transform as many times as possible. */
- if (len >= part_len)
- {
- memcpy (&sctx->buf[index], data, part_len);
- sha512_transform (sctx->state, sctx->buf);
-
- for (i = part_len; i + 127 < len; i += 128)
- sha512_transform (sctx->state, &data[i]);
-
- index = 0;
- }
- else
- {
- i = 0;
- }
-
- /* Buffer remaining input */
- memcpy (&sctx->buf[index], &data[i], len - i);
-}
-
-static void
-sha512_final (struct sha512_ctx *sctx, unsigned char *hash)
-{
- static unsigned char padding[128] = { 0x80, };
-
- unsigned int t;
- unsigned long long t2;
- unsigned char bits[128];
- unsigned int index, pad_len;
- int i, j;
-
- index = pad_len = t = i = j = 0;
- t2 = 0;
-
- /* Save number of bits */
- t = sctx->count[0];
- bits[15] = t;
- t >>= 8;
- bits[14] = t;
- t >>= 8;
- bits[13] = t;
- t >>= 8;
- bits[12] = t;
- t = sctx->count[1];
- bits[11] = t;
- t >>= 8;
- bits[10] = t;
- t >>= 8;
- bits[9] = t;
- t >>= 8;
- bits[8] = t;
- t = sctx->count[2];
- bits[7] = t;
- t >>= 8;
- bits[6] = t;
- t >>= 8;
- bits[5] = t;
- t >>= 8;
- bits[4] = t;
- t = sctx->count[3];
- bits[3] = t;
- t >>= 8;
- bits[2] = t;
- t >>= 8;
- bits[1] = t;
- t >>= 8;
- bits[0] = t;
-
- /* Pad out to 112 mod 128. */
- index = (sctx->count[0] >> 3) & 0x7f;
- pad_len = (index < 112) ? (112 - index) : ((128 + 112) - index);
- sha512_update (sctx, padding, pad_len);
-
- /* Append length (before padding) */
- sha512_update (sctx, bits, 16);
-
- /* Store state in digest */
- for (i = j = 0; i < 8; i++, j += 8)
- {
- t2 = sctx->state[i];
- hash[j + 7] = (char) t2 & 0xff;
- t2 >>= 8;
- hash[j + 6] = (char) t2 & 0xff;
- t2 >>= 8;
- hash[j + 5] = (char) t2 & 0xff;
- t2 >>= 8;
- hash[j + 4] = (char) t2 & 0xff;
- t2 >>= 8;
- hash[j + 3] = (char) t2 & 0xff;
- t2 >>= 8;
- hash[j + 2] = (char) t2 & 0xff;
- t2 >>= 8;
- hash[j + 1] = (char) t2 & 0xff;
- t2 >>= 8;
- hash[j] = (char) t2 & 0xff;
- }
-
- /* Zeroize sensitive information. */
- memset (sctx, 0, sizeof (struct sha512_ctx));
-}
+#define LOG_STRERROR_FILE(kind,syscall,filename) GNUNET_log_from_strerror_file (kind, "util-crypto-hash", syscall, filename)
/**
* Hash block of given size.
*
- * @param block the data to GNUNET_CRYPTO_hash, length is given as a second argument
- * @param size the length of the data to GNUNET_CRYPTO_hash
+ * @param block the data to #GNUNET_CRYPTO_hash, length is given as a second argument
+ * @param size the length of the data to #GNUNET_CRYPTO_hash in @a block
* @param ret pointer to where to write the hashcode
*/
void
-GNUNET_CRYPTO_hash (const void *block, unsigned int size,
- GNUNET_HashCode * ret)
-{
- struct sha512_ctx ctx;
-
- sha512_init (&ctx);
- sha512_update (&ctx, block, size);
- sha512_final (&ctx, (unsigned char *) ret);
-}
-
-
-/**
- * Context used when hashing a file.
- */
-struct FileHashContext
-{
-
- /**
- * Function to call upon completion.
- */
- GNUNET_CRYPTO_HashCompletedCallback callback;
-
- /**
- * Closure for callback.
- */
- void *callback_cls;
-
- /**
- * IO buffer.
- */
- unsigned char *buffer;
-
- /**
- * Name of the file we are hashing.
- */
- char *filename;
-
- /**
- * Cummulated hash.
- */
- struct sha512_ctx hctx;
-
- /**
- * Blocksize.
- */
- size_t bsize;
-
- /**
- * Size of the file.
- */
- unsigned long long fsize;
-
- /**
- * Current offset.
- */
- unsigned long long offset;
-
- /**
- * Run on shutdown?
- */
- int run_on_shutdown;
-
- /**
- * File descriptor.
- */
- struct GNUNET_IO_Handle *fh;
-
-};
-
-
-/**
- * Report result of hash computation to callback
- * and free associated resources.
- */
-static void
-file_hash_finish (struct FileHashContext *fhc, const GNUNET_HashCode * res)
-{
- fhc->callback (fhc->callback_cls, res);
- GNUNET_free (fhc->filename);
- if (!GNUNET_DISK_handle_invalid (fhc->fh))
- GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (&fhc->fh));
- GNUNET_free (fhc); /* also frees fhc->buffer */
-}
-
-
-/**
- * File hashing task.
- *
- * @param cls closure
- * @param tc context
- */
-static void
-file_hash_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
-{
- struct FileHashContext *fhc = cls;
- GNUNET_HashCode res;
- size_t delta;
-
- GNUNET_assert (fhc->offset < fhc->fsize);
- delta = fhc->bsize;
- if (fhc->fsize - fhc->offset < delta)
- delta = fhc->fsize - fhc->offset;
- if (delta != GNUNET_DISK_file_read (fhc->fh, fhc->buffer, delta))
- {
- GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
- "read", fhc->filename);
- file_hash_finish (fhc, NULL);
- return;
- }
- sha512_update (&fhc->hctx, fhc->buffer, delta);
- fhc->offset += delta;
- if (fhc->offset == fhc->fsize)
- {
- sha512_final (&fhc->hctx, (unsigned char *) &res);
- file_hash_finish (fhc, &res);
- return;
- }
- GNUNET_SCHEDULER_add_after (tc->sched,
- fhc->run_on_shutdown,
- GNUNET_SCHEDULER_PRIORITY_KEEP,
- GNUNET_SCHEDULER_NO_PREREQUISITE_TASK,
- &file_hash_task, fhc);
-}
-
-
-/**
- * Compute the hash of an entire file.
- *
- * @param sched scheduler to use
- * @param priority scheduling priority to use
- * @param run_on_shutdown should we complete even on shutdown?
- * @param filename name of file to hash
- * @param blocksize number of bytes to process in one task
- * @param callback function to call upon completion
- * @param callback_cls closure for callback
- */
-void
-GNUNET_CRYPTO_hash_file (struct GNUNET_SCHEDULER_Handle *sched,
- enum GNUNET_SCHEDULER_Priority priority,
- int run_on_shutdown,
- const char *filename,
- size_t blocksize,
- GNUNET_CRYPTO_HashCompletedCallback callback,
- void *callback_cls)
+GNUNET_CRYPTO_hash (const void *block,
+ size_t size,
+ struct GNUNET_HashCode *ret)
{
- struct FileHashContext *fhc;
-
- GNUNET_assert (blocksize > 0);
- fhc = GNUNET_malloc (sizeof (struct FileHashContext) + blocksize);
- fhc->callback = callback;
- fhc->callback_cls = callback_cls;
- fhc->buffer = (unsigned char *) &fhc[1];
- fhc->filename = GNUNET_strdup (filename);
- fhc->fh = NULL;
- sha512_init (&fhc->hctx);
- fhc->bsize = blocksize;
- if (GNUNET_OK != GNUNET_DISK_file_size (filename, &fhc->fsize, GNUNET_NO))
- {
- file_hash_finish (fhc, NULL);
- return;
- }
- fhc->run_on_shutdown = run_on_shutdown;
- fhc->fh = GNUNET_DISK_file_open (filename,
- GNUNET_DISK_OPEN_READ);
- if (!fhc->fh)
- {
- file_hash_finish (fhc, NULL);
- return;
- }
- GNUNET_SCHEDULER_add_after (sched,
- run_on_shutdown,
- priority,
- GNUNET_SCHEDULER_NO_PREREQUISITE_TASK,
- &file_hash_task, fhc);
+ BENCHMARK_START (hash);
+ gcry_md_hash_buffer (GCRY_MD_SHA512, ret, block, size);
+ BENCHMARK_END (hash);
}
/* ***************** binary-ASCII encoding *************** */
-/**
- * 32 characters for encoding (GNUNET_CRYPTO_hash => 32 characters)
- */
-static char *encTable__ = "0123456789ABCDEFGHIJKLMNOPQRSTUV";
-
-static unsigned int
-getValue__ (unsigned char a)
-{
- if ((a >= '0') && (a <= '9'))
- return a - '0';
- if ((a >= 'A') && (a <= 'V'))
- return (a - 'A' + 10);
- return -1;
-}
/**
* Convert GNUNET_CRYPTO_hash to ASCII encoding. The ASCII encoding is rather
* GNUnet specific. It was chosen such that it only uses characters
* in [0-9A-V], can be produced without complex arithmetics and uses a
- * small number of characters. The GNUnet encoding uses 102
+ * small number of characters. The GNUnet encoding uses 103
* characters plus a null terminator.
*
- * @param block the GNUNET_CRYPTO_hash code
+ * @param block the hash code
* @param result where to store the encoding (struct GNUNET_CRYPTO_HashAsciiEncoded can be
- * safely cast to char*, a '\0' termination is set).
+ * safely cast to char*, a '\\0' termination is set).
*/
void
-GNUNET_CRYPTO_hash_to_enc (const GNUNET_HashCode * block,
+GNUNET_CRYPTO_hash_to_enc (const struct GNUNET_HashCode *block,
struct GNUNET_CRYPTO_HashAsciiEncoded *result)
{
- unsigned int wpos;
- unsigned int rpos;
- unsigned int bits;
- unsigned int vbit;
-
- GNUNET_assert (block != NULL);
- GNUNET_assert (result != NULL);
- vbit = 0;
- wpos = 0;
- rpos = 0;
- bits = 0;
- while ((rpos < sizeof (GNUNET_HashCode)) || (vbit > 0))
- {
- if ((rpos < sizeof (GNUNET_HashCode)) && (vbit < 5))
- {
- bits = (bits << 8) | ((unsigned char *) block)[rpos++]; /* eat 8 more bits */
- vbit += 8;
- }
- if (vbit < 5)
- {
- bits <<= (5 - vbit); /* zero-padding */
- GNUNET_assert (vbit == 2); /* padding by 3: 512+3 mod 5 == 0 */
- vbit = 5;
- }
- GNUNET_assert (wpos <
- sizeof (struct GNUNET_CRYPTO_HashAsciiEncoded) - 1);
- result->encoding[wpos++] = encTable__[(bits >> (vbit - 5)) & 31];
- vbit -= 5;
- }
- GNUNET_assert (wpos == sizeof (struct GNUNET_CRYPTO_HashAsciiEncoded) - 1);
- GNUNET_assert (vbit == 0);
- result->encoding[wpos] = '\0';
+ char *np;
+
+ np = GNUNET_STRINGS_data_to_string ((const unsigned char *) block,
+ sizeof (struct GNUNET_HashCode),
+ (char *) result,
+ sizeof (struct GNUNET_CRYPTO_HashAsciiEncoded) - 1);
+ GNUNET_assert (NULL != np);
+ *np = '\0';
}
+
/**
- * Convert ASCII encoding back to GNUNET_CRYPTO_hash
+ * Convert ASCII encoding back to hash code.
*
* @param enc the encoding
- * @param result where to store the GNUNET_CRYPTO_hash code
- * @return GNUNET_OK on success, GNUNET_SYSERR if result has the wrong encoding
+ * @param enclen number of characters in @a enc (without 0-terminator, which can be missing)
+ * @param result where to store the hash code
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong encoding
*/
int
-GNUNET_CRYPTO_hash_from_string (const char *enc, GNUNET_HashCode * result)
+GNUNET_CRYPTO_hash_from_string2 (const char *enc,
+ size_t enclen,
+ struct GNUNET_HashCode *result)
{
- unsigned int rpos;
- unsigned int wpos;
- unsigned int bits;
- unsigned int vbit;
-
- if (strlen (enc) != sizeof (struct GNUNET_CRYPTO_HashAsciiEncoded) - 1)
- return GNUNET_SYSERR;
-
- vbit = 2; /* padding! */
- wpos = sizeof (GNUNET_HashCode);
- rpos = sizeof (struct GNUNET_CRYPTO_HashAsciiEncoded) - 1;
- bits = getValue__ (enc[--rpos]) >> 3;
- while (wpos > 0)
- {
- GNUNET_assert (rpos > 0);
- bits = (getValue__ (enc[--rpos]) << vbit) | bits;
- vbit += 5;
- if (vbit >= 8)
- {
- ((unsigned char *) result)[--wpos] = (unsigned char) bits;
- bits >>= 8;
- vbit -= 8;
- }
- }
- GNUNET_assert (rpos == 0);
- GNUNET_assert (vbit == 0);
- return GNUNET_OK;
+ char upper_enc[enclen];
+ char *up_ptr = upper_enc;
+
+ GNUNET_STRINGS_utf8_toupper (enc, up_ptr);
+
+ return GNUNET_STRINGS_string_to_data (upper_enc, enclen,
+ (unsigned char*) result,
+ sizeof (struct GNUNET_HashCode));
}
+
/**
+ * @ingroup hash
+ *
* Compute the distance between 2 hashcodes. The computation must be
* fast, not involve bits[0] or bits[4] (they're used elsewhere), and be
* somewhat consistent. And of course, the result should be a positive
* number.
*
- * @returns a positive number which is a measure for
+ * @param a some hash code
+ * @param b some hash code
+ * @return a positive number which is a measure for
* hashcode proximity.
*/
unsigned int
-GNUNET_CRYPTO_hash_distance_u32 (const GNUNET_HashCode * a,
- const GNUNET_HashCode * b)
+GNUNET_CRYPTO_hash_distance_u32 (const struct GNUNET_HashCode *a,
+ const struct GNUNET_HashCode *b)
{
unsigned int x1 = (a->bits[1] - b->bits[1]) >> 16;
unsigned int x2 = (b->bits[1] - a->bits[1]) >> 16;
+
return (x1 * x2);
}
+
+/**
+ * Create a random hash code.
+ *
+ * @param mode desired quality level
+ * @param result hash code that is randomized
+ */
void
-GNUNET_CRYPTO_hash_create_random (GNUNET_HashCode * result)
+GNUNET_CRYPTO_hash_create_random (enum GNUNET_CRYPTO_Quality mode,
+ struct GNUNET_HashCode *result)
{
int i;
- for (i = (sizeof (GNUNET_HashCode) / sizeof (unsigned int)) - 1; i >= 0;
- i--)
- result->bits[i] = rand ();
+
+ for (i = (sizeof (struct GNUNET_HashCode) / sizeof (uint32_t)) - 1; i >= 0; i--)
+ result->bits[i] = GNUNET_CRYPTO_random_u32 (mode, UINT32_MAX);
}
+
+/**
+ * compute result(delta) = b - a
+ *
+ * @param a some hash code
+ * @param b some hash code
+ * @param result set to b - a
+ */
void
-GNUNET_CRYPTO_hash_difference (const GNUNET_HashCode * a,
- const GNUNET_HashCode * b,
- GNUNET_HashCode * result)
+GNUNET_CRYPTO_hash_difference (const struct GNUNET_HashCode *a,
+ const struct GNUNET_HashCode *b,
+ struct GNUNET_HashCode *result)
{
int i;
- for (i = (sizeof (GNUNET_HashCode) / sizeof (unsigned int)) - 1; i >= 0;
- i--)
+
+ for (i = (sizeof (struct GNUNET_HashCode) / sizeof (unsigned int)) - 1; i >= 0; i--)
result->bits[i] = b->bits[i] - a->bits[i];
}
+
+/**
+ * compute result(b) = a + delta
+ *
+ * @param a some hash code
+ * @param delta some hash code
+ * @param result set to a + delta
+ */
void
-GNUNET_CRYPTO_hash_sum (const GNUNET_HashCode * a,
- const GNUNET_HashCode * delta,
- GNUNET_HashCode * result)
+GNUNET_CRYPTO_hash_sum (const struct GNUNET_HashCode * a,
+ const struct GNUNET_HashCode * delta, struct GNUNET_HashCode * result)
{
int i;
- for (i = (sizeof (GNUNET_HashCode) / sizeof (unsigned int)) - 1; i >= 0;
- i--)
+
+ for (i = (sizeof (struct GNUNET_HashCode) / sizeof (unsigned int)) - 1; i >= 0; i--)
result->bits[i] = delta->bits[i] + a->bits[i];
}
+
+/**
+ * compute result = a ^ b
+ *
+ * @param a some hash code
+ * @param b some hash code
+ * @param result set to a ^ b
+ */
void
-GNUNET_CRYPTO_hash_xor (const GNUNET_HashCode * a,
- const GNUNET_HashCode * b, GNUNET_HashCode * result)
+GNUNET_CRYPTO_hash_xor (const struct GNUNET_HashCode *a,
+ const struct GNUNET_HashCode *b,
+ struct GNUNET_HashCode *result)
{
int i;
- for (i = (sizeof (GNUNET_HashCode) / sizeof (unsigned int)) - 1; i >= 0;
- i--)
+
+ for (i = (sizeof (struct GNUNET_HashCode) / sizeof (unsigned int)) - 1; i >= 0; i--)
result->bits[i] = a->bits[i] ^ b->bits[i];
}
+
/**
* Convert a hashcode into a key.
+ *
+ * @param hc hash code that serves to generate the key
+ * @param skey set to a valid session key
+ * @param iv set to a valid initialization vector
*/
void
-GNUNET_CRYPTO_hash_to_AES_key (const GNUNET_HashCode * hc,
- struct GNUNET_CRYPTO_AesSessionKey *skey,
- struct GNUNET_CRYPTO_AesInitializationVector
- *iv)
+GNUNET_CRYPTO_hash_to_aes_key (const struct GNUNET_HashCode *hc,
+ struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
+ struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
{
- GNUNET_assert (sizeof (GNUNET_HashCode) >=
- GNUNET_CRYPTO_AES_KEY_LENGTH +
- sizeof (struct GNUNET_CRYPTO_AesInitializationVector));
- memcpy (skey, hc, GNUNET_CRYPTO_AES_KEY_LENGTH);
- skey->crc32 =
- htonl (GNUNET_CRYPTO_crc32_n (skey, GNUNET_CRYPTO_AES_KEY_LENGTH));
- memcpy (iv, &((char *) hc)[GNUNET_CRYPTO_AES_KEY_LENGTH],
- sizeof (struct GNUNET_CRYPTO_AesInitializationVector));
+ GNUNET_assert (GNUNET_YES ==
+ GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
+ "Hash key derivation", strlen ("Hash key derivation"),
+ hc, sizeof (struct GNUNET_HashCode),
+ NULL, 0));
+ GNUNET_assert (GNUNET_YES ==
+ GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector),
+ "Initialization vector derivation", strlen ("Initialization vector derivation"),
+ hc, sizeof (struct GNUNET_HashCode),
+ NULL, 0));
}
+
/**
* Obtain a bit from a hashcode.
* @param code the GNUNET_CRYPTO_hash to index bit-wise
@@ -731,20 +233,50 @@ GNUNET_CRYPTO_hash_to_AES_key (const GNUNET_HashCode * hc,
* @return Bit \a bit from hashcode \a code, -1 for invalid index
*/
int
-GNUNET_CRYPTO_hash_get_bit (const GNUNET_HashCode * code, unsigned int bit)
+GNUNET_CRYPTO_hash_get_bit (const struct GNUNET_HashCode * code, unsigned int bit)
{
- GNUNET_assert (bit < 8 * sizeof (GNUNET_HashCode));
+ GNUNET_assert (bit < 8 * sizeof (struct GNUNET_HashCode));
return (((unsigned char *) code)[bit >> 3] & (1 << (bit & 7))) > 0;
}
+
+/**
+ * Determine how many low order bits match in two
+ * `struct GNUNET_HashCode`s. i.e. - 010011 and 011111 share
+ * the first two lowest order bits, and therefore the
+ * return value is two (NOT XOR distance, nor how many
+ * bits match absolutely!).
+ *
+ * @param first the first hashcode
+ * @param second the hashcode to compare first to
+ *
+ * @return the number of bits that match
+ */
+unsigned int
+GNUNET_CRYPTO_hash_matching_bits (const struct GNUNET_HashCode * first,
+ const struct GNUNET_HashCode * second)
+{
+ unsigned int i;
+
+ for (i = 0; i < sizeof (struct GNUNET_HashCode) * 8; i++)
+ if (GNUNET_CRYPTO_hash_get_bit (first, i) !=
+ GNUNET_CRYPTO_hash_get_bit (second, i))
+ return i;
+ return sizeof (struct GNUNET_HashCode) * 8;
+}
+
+
/**
* Compare function for HashCodes, producing a total ordering
* of all hashcodes.
+ *
+ * @param h1 some hash code
+ * @param h2 some hash code
* @return 1 if h1 > h2, -1 if h1 < h2 and 0 if h1 == h2.
*/
int
-GNUNET_CRYPTO_hash_cmp (const GNUNET_HashCode * h1,
- const GNUNET_HashCode * h2)
+GNUNET_CRYPTO_hash_cmp (const struct GNUNET_HashCode *h1,
+ const struct GNUNET_HashCode *h2)
{
unsigned int *i1;
unsigned int *i2;
@@ -752,41 +284,236 @@ GNUNET_CRYPTO_hash_cmp (const GNUNET_HashCode * h1,
i1 = (unsigned int *) h1;
i2 = (unsigned int *) h2;
- for (i = (sizeof (GNUNET_HashCode) / sizeof (unsigned int)) - 1; i >= 0;
- i--)
- {
- if (i1[i] > i2[i])
- return 1;
- if (i1[i] < i2[i])
- return -1;
- }
+ for (i = (sizeof (struct GNUNET_HashCode) / sizeof (unsigned int)) - 1; i >= 0; i--)
+ {
+ if (i1[i] > i2[i])
+ return 1;
+ if (i1[i] < i2[i])
+ return -1;
+ }
return 0;
}
+
/**
- * Find out which of the two GNUNET_CRYPTO_hash codes is closer to target
+ * Find out which of the two `struct GNUNET_HashCode`s is closer to target
* in the XOR metric (Kademlia).
+ *
+ * @param h1 some hash code
+ * @param h2 some hash code
+ * @param target some hash code
* @return -1 if h1 is closer, 1 if h2 is closer and 0 if h1==h2.
*/
int
-GNUNET_CRYPTO_hash_xorcmp (const GNUNET_HashCode * h1,
- const GNUNET_HashCode * h2,
- const GNUNET_HashCode * target)
+GNUNET_CRYPTO_hash_xorcmp (const struct GNUNET_HashCode *h1,
+ const struct GNUNET_HashCode *h2,
+ const struct GNUNET_HashCode *target)
{
int i;
unsigned int d1;
unsigned int d2;
- for (i = sizeof (GNUNET_HashCode) / sizeof (unsigned int) - 1; i >= 0; i--)
- {
- d1 = ((unsigned int *) h1)[i] ^ ((unsigned int *) target)[i];
- d2 = ((unsigned int *) h2)[i] ^ ((unsigned int *) target)[i];
- if (d1 > d2)
- return 1;
- else if (d1 < d2)
- return -1;
- }
+ for (i = sizeof (struct GNUNET_HashCode) / sizeof (unsigned int) - 1; i >= 0; i--)
+ {
+ d1 = ((unsigned int *) h1)[i] ^ ((unsigned int *) target)[i];
+ d2 = ((unsigned int *) h2)[i] ^ ((unsigned int *) target)[i];
+ if (d1 > d2)
+ return 1;
+ else if (d1 < d2)
+ return -1;
+ }
return 0;
}
-/* end of hashing.c */
+
+/**
+ * @brief Derive an authentication key
+ * @param key authentication key
+ * @param rkey root key
+ * @param salt salt
+ * @param salt_len size of the @a salt
+ * @param ... pair of void * & size_t for context chunks, terminated by NULL
+ */
+void
+GNUNET_CRYPTO_hmac_derive_key (struct GNUNET_CRYPTO_AuthKey *key,
+ const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey,
+ const void *salt, size_t salt_len, ...)
+{
+ va_list argp;
+
+ va_start (argp, salt_len);
+ GNUNET_CRYPTO_hmac_derive_key_v (key, rkey, salt, salt_len, argp);
+ va_end (argp);
+}
+
+
+/**
+ * @brief Derive an authentication key
+ * @param key authentication key
+ * @param rkey root key
+ * @param salt salt
+ * @param salt_len size of the @a salt
+ * @param argp pair of void * & size_t for context chunks, terminated by NULL
+ */
+void
+GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key,
+ const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey,
+ const void *salt, size_t salt_len,
+ va_list argp)
+{
+ GNUNET_CRYPTO_kdf_v (key->key, sizeof (key->key),
+ salt, salt_len,
+ rkey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
+ argp);
+}
+
+
+/**
+ * Calculate HMAC of a message (RFC 2104)
+ * TODO: Shouldn' this be the standard hmac function and
+ * the above be renamed?
+ *
+ * @param key secret key
+ * @param key_len secret key length
+ * @param plaintext input plaintext
+ * @param plaintext_len length of @a plaintext
+ * @param hmac where to store the hmac
+ */
+void
+GNUNET_CRYPTO_hmac_raw (const void *key, size_t key_len,
+ const void *plaintext, size_t plaintext_len,
+ struct GNUNET_HashCode *hmac)
+{
+ static int once;
+ static gcry_md_hd_t md;
+ const unsigned char *mc;
+
+ if (! once)
+ {
+ once = 1;
+ GNUNET_assert (GPG_ERR_NO_ERROR ==
+ gcry_md_open (&md, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC));
+ }
+ else
+ {
+ gcry_md_reset (md);
+ }
+ gcry_md_setkey (md, key, key_len);
+ gcry_md_write (md, plaintext, plaintext_len);
+ mc = gcry_md_read (md, GCRY_MD_SHA512);
+ GNUNET_assert (NULL != mc);
+ GNUNET_memcpy (hmac->bits, mc, sizeof (hmac->bits));
+}
+
+
+/**
+ * Calculate HMAC of a message (RFC 2104)
+ *
+ * @param key secret key
+ * @param plaintext input plaintext
+ * @param plaintext_len length of @a plaintext
+ * @param hmac where to store the hmac
+ */
+void
+GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
+ const void *plaintext, size_t plaintext_len,
+ struct GNUNET_HashCode *hmac)
+{
+ GNUNET_CRYPTO_hmac_raw ((void*) key->key, sizeof (key->key),
+ plaintext, plaintext_len,
+ hmac);
+}
+
+
+/**
+ * Context for cummulative hashing.
+ */
+struct GNUNET_HashContext
+{
+ /**
+ * Internal state of the hash function.
+ */
+ gcry_md_hd_t hd;
+};
+
+
+/**
+ * Start incremental hashing operation.
+ *
+ * @return context for incremental hash computation
+ */
+struct GNUNET_HashContext *
+GNUNET_CRYPTO_hash_context_start ()
+{
+ struct GNUNET_HashContext *hc;
+
+ BENCHMARK_START (hash_context_start);
+
+ hc = GNUNET_new (struct GNUNET_HashContext);
+ GNUNET_assert (0 ==
+ gcry_md_open (&hc->hd,
+ GCRY_MD_SHA512,
+ 0));
+
+ BENCHMARK_END (hash_context_start);
+
+ return hc;
+}
+
+
+/**
+ * Add data to be hashed.
+ *
+ * @param hc cummulative hash context
+ * @param buf data to add
+ * @param size number of bytes in @a buf
+ */
+void
+GNUNET_CRYPTO_hash_context_read (struct GNUNET_HashContext *hc,
+ const void *buf,
+ size_t size)
+{
+ BENCHMARK_START (hash_context_read);
+ gcry_md_write (hc->hd, buf, size);
+ BENCHMARK_END (hash_context_read);
+}
+
+
+/**
+ * Finish the hash computation.
+ *
+ * @param hc hash context to use
+ * @param r_hash where to write the latest / final hash code
+ */
+void
+GNUNET_CRYPTO_hash_context_finish (struct GNUNET_HashContext *hc,
+ struct GNUNET_HashCode *r_hash)
+{
+ const void *res = gcry_md_read (hc->hd, 0);
+
+ BENCHMARK_START (hash_context_finish);
+
+ GNUNET_assert (NULL != res);
+ if (NULL != r_hash)
+ GNUNET_memcpy (r_hash,
+ res,
+ sizeof (struct GNUNET_HashCode));
+ GNUNET_CRYPTO_hash_context_abort (hc);
+ BENCHMARK_END (hash_context_finish);
+}
+
+
+/**
+ * Abort hashing, do not bother calculating final result.
+ *
+ * @param hc hash context to destroy
+ */
+void
+GNUNET_CRYPTO_hash_context_abort (struct GNUNET_HashContext *hc)
+{
+ gcry_md_close (hc->hd);
+ GNUNET_free (hc);
+}
+
+
+/* end of crypto_hash.c */