[glib] hmac: Implementation of HMAC in glib
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib] hmac: Implementation of HMAC in glib
- Date: Sun, 14 Aug 2011 07:28:52 +0000 (UTC)
commit acbcb8f7e37b1c0ff872fdbb74df7de690bc2c6f
Author: Stef Walter <stefw collabora co uk>
Date: Sun Aug 14 09:27:45 2011 +0200
hmac: Implementation of HMAC in glib
This implements g_hmac_xxx() functionality using the standard checksum
functions supported by glib.
HMAC is a secure way to hash a key and a password. Many other
approaches fraught with append and prepend issues.
Includes test cases defined in relevant RFCs
https://bugzilla.gnome.org/show_bug.cgi?id=652480
docs/reference/glib/glib-sections.txt | 16 ++
glib/Makefile.am | 2 +
glib/ghmac.c | 388 +++++++++++++++++++++++++++++++++
glib/ghmac.h | 71 ++++++
glib/glib.h | 1 +
glib/glib.symbols | 9 +
glib/tests/.gitignore | 1 +
glib/tests/Makefile.am | 3 +
glib/tests/hmac.c | 268 +++++++++++++++++++++++
9 files changed, 759 insertions(+), 0 deletions(-)
---
diff --git a/docs/reference/glib/glib-sections.txt b/docs/reference/glib/glib-sections.txt
index 853c793..62a3071 100644
--- a/docs/reference/glib/glib-sections.txt
+++ b/docs/reference/glib/glib-sections.txt
@@ -2829,6 +2829,22 @@ g_compute_checksum_for_string
</SECTION>
<SECTION>
+<TITLE>Data HMACs</TITLE>
+<FILE>hmac</FILE>
+GHmac
+g_hmac_new
+g_hmac_copy
+g_hmac_ref
+g_hmac_unref
+g_hmac_update
+g_hmac_get_string
+g_hmac_get_digest
+<SUBSECTION>
+g_compute_hmac_for_data
+g_compute_hmac_for_string
+</SECTION>
+
+<SECTION>
<TITLE>Testing</TITLE>
<FILE>testing</FILE>
g_test_minimized_result
diff --git a/glib/Makefile.am b/glib/Makefile.am
index 3823caf..1703277 100644
--- a/glib/Makefile.am
+++ b/glib/Makefile.am
@@ -135,6 +135,7 @@ libglib_2_0_la_SOURCES = \
gerror.c \
gfileutils.c \
ghash.c \
+ ghmac.c \
ghook.c \
ghostutils.c \
giochannel.c \
@@ -243,6 +244,7 @@ glibsubinclude_HEADERS = \
gerror.h \
gfileutils.h \
ghash.h \
+ ghmac.h \
ghook.h \
ghostutils.h \
gi18n.h \
diff --git a/glib/ghmac.c b/glib/ghmac.c
new file mode 100644
index 0000000..617a5b2
--- /dev/null
+++ b/glib/ghmac.c
@@ -0,0 +1,388 @@
+/* ghmac.h - data hashing functions
+ *
+ * Copyright (C) 2011 Collabora Ltd.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * Author: Stef Walter <stefw collabora co uk>
+ */
+
+#include "config.h"
+
+#include <string.h>
+
+#include "ghmac.h"
+
+#include "glib/galloca.h"
+#include "gatomic.h"
+#include "gmem.h"
+#include "gstrfuncs.h"
+#include "gtestutils.h"
+#include "gtypes.h"
+#include "glibintl.h"
+
+
+/**
+ * SECTION:hmac
+ * @title: Secure HMAC Digests
+ * @short_description: Computes the HMAC for data
+ *
+ * HMACs should be used when producing a cookie or hash based on data and a key.
+ * Simple mechanisms for using SHA1 and other algorithms to digest a key and
+ * data together are vulnerable to various security issues. HMAC uses algorithms
+ * like SHA1 in a secure way to produce a digest of a key and data.
+ *
+ * Both the key and data are arbitrary byte arrays of bytes or characters.
+ *
+ * Support for HMAC Digests has been added in GLib 2.30
+ **/
+
+struct _GHmac
+{
+ int ref_count;
+ GChecksumType digest_type;
+ GChecksum *digesti;
+ GChecksum *digesto;
+};
+
+/**
+ * g_hmac_new:
+ * @digest_type: the desired type of digest
+ * @key: (array length=key_len): the key for the HMAC
+ * @key_len: the length of the keys
+ *
+ * Creates a new #GHmac, using the digest algorithm @digest_type.
+ * If the @digest_type is not known, %NULL is returned.
+ * A #GHmac can be used to compute the HMAC of a key and an
+ * arbitrary binary blob, using different hashing algorithms.
+ *
+ * A #GHmac works by feeding a binary blob through g_hmac_update()
+ * until the data is complete; the digest can then be extracted
+ * using g_hmac_get_string(), which will return the checksum as a
+ * hexadecimal string; or g_hmac_get_digest(), which will return a
+ * array of raw bytes. Once either g_hmac_get_string() or
+ * g_hmac_get_digest() have been called on a #GHmac, the HMAC
+ * will be closed and it won't be possible to call g_hmac_update()
+ * on it anymore.
+ *
+ * Return value: the newly created #GHmac, or %NULL.
+ * Use g_hmac_unref() to free the memory allocated by it.
+ *
+ * Since: 2.30
+ */
+GHmac *
+g_hmac_new (GChecksumType digest_type,
+ const guchar *key,
+ gsize key_len)
+{
+ GChecksum *checksum;
+ GHmac *hmac;
+ guchar *buffer;
+ guchar *pad;
+ gsize i, len;
+ gsize block_size;
+
+ checksum = g_checksum_new (digest_type);
+ g_return_val_if_fail (checksum != NULL, NULL);
+
+ switch (digest_type)
+ {
+ case G_CHECKSUM_MD5:
+ case G_CHECKSUM_SHA1:
+ block_size = 64; /* RFC 2104 */
+ break;
+ case G_CHECKSUM_SHA256:
+ block_size = 64; /* RFC draft-kelly-ipsec-ciph-sha2-01 */
+ break;
+ default:
+ g_return_val_if_reached (NULL);
+ }
+
+ hmac = g_slice_new0 (GHmac);
+ hmac->ref_count = 1;
+ hmac->digest_type = digest_type;
+ hmac->digesti = checksum;
+ hmac->digesto = g_checksum_new (digest_type);
+
+ buffer = g_alloca (block_size);
+ pad = g_alloca (block_size);
+
+ memset (buffer, 0, block_size);
+
+ /* If the key is too long, hash it */
+ if (key_len > block_size)
+ {
+ len = block_size;
+ g_checksum_update (hmac->digesti, key, key_len);
+ g_checksum_get_digest (hmac->digesti, buffer, &len);
+ g_checksum_reset (hmac->digesti);
+ }
+
+ /* Otherwise pad it with zeros */
+ else
+ {
+ memcpy (buffer, key, key_len);
+ }
+
+ /* First pad */
+ for (i = 0; i < block_size; i++)
+ pad[i] = 0x36 ^ buffer[i]; /* ipad value */
+ g_checksum_update (hmac->digesti, pad, block_size);
+
+ /* Second pad */
+ for (i = 0; i < block_size; i++)
+ pad[i] = 0x5c ^ buffer[i]; /* opad value */
+ g_checksum_update (hmac->digesto, pad, block_size);
+
+ return hmac;
+}
+
+/**
+ * g_hmac_copy:
+ * @hmac: the #GHmac to copy
+ *
+ * Copies a #GHmac. If @hmac has been closed, by calling
+ * g_hmac_get_string() or g_hmac_get_digest(), the copied
+ * HMAC will be closed as well.
+ *
+ * Return value: the copy of the passed #GHmac. Use g_hmac_unref()
+ * when finished using it.
+ *
+ * Since: 2.30
+ */
+GHmac *
+g_hmac_copy (const GHmac *hmac)
+{
+ GHmac *copy;
+
+ g_return_val_if_fail (hmac != NULL, NULL);
+
+ copy = g_slice_new (GHmac);
+ copy->digest_type = hmac->digest_type;
+ copy->digesti = g_checksum_copy (hmac->digesti);
+ copy->digesto = g_checksum_copy (hmac->digesto);
+
+ return copy;
+}
+
+/**
+ * g_hmac_ref:
+ * @hmac: a valid #GHmac.
+ *
+ * Atomically increments the reference count of @hmac by one.
+ * This function is MT-safe and may be called from any thread.
+ *
+ * Return value: the passed in #GHmac.
+ *
+ * Since: 2.30
+ **/
+GHmac *
+g_hmac_ref (GHmac *hmac)
+{
+ g_return_val_if_fail (hmac != NULL, NULL);
+
+ g_atomic_int_inc (&hmac->ref_count);
+
+ return hmac;
+}
+
+/**
+ * g_hmac_unref:
+ * @hmac: a #GHmac
+ *
+ * Atomically decrements the reference count of @hmac by one.
+ * If the reference count drops to 0, all keys and values will be
+ * destroyed, and all memory allocated by the hash table is released.
+ * This function is MT-safe and may be called from any thread.
+ * Frees the memory allocated for @hmac.
+ *
+ * Since: 2.30
+ */
+void
+g_hmac_unref (GHmac *hmac)
+{
+ g_return_if_fail (hmac != NULL);
+
+ if (g_atomic_int_dec_and_test (&hmac->ref_count))
+ {
+ g_checksum_free (hmac->digesti);
+ g_checksum_free (hmac->digesto);
+ g_slice_free (GHmac, hmac);
+ }
+}
+
+/**
+ * g_hmac_update:
+ * @hmac: a #GHmac
+ * @data: (array length=length): buffer used to compute the checksum
+ * @length: size of the buffer, or -1 if it is a null-terminated string.
+ *
+ * Feeds @data into an existing #GHmac. The HMAC must still be
+ * open, that is g_hmac_get_string() or g_hmac_get_digest() must
+ * not have been called on @hmac.
+ *
+ * Since: 2.30
+ */
+void
+g_hmac_update (GHmac *hmac,
+ const guchar *data,
+ gssize length)
+{
+ g_return_if_fail (hmac != NULL);
+ g_return_if_fail (length == 0 || data != NULL);
+
+ g_checksum_update (hmac->digesti, data, length);
+}
+
+/**
+ * g_hmac_get_string:
+ * @hmac: a #GHmac
+ *
+ * Gets the HMAC as an hexadecimal string.
+ *
+ * Once this function has been called the #GHmac can no longer be
+ * updated with g_hmac_update().
+ *
+ * The hexadecimal characters will be lower case.
+ *
+ * Return value: the hexadecimal representation of the HMAC. The
+ * returned string is owned by the HMAC and should not be modified
+ * or freed.
+ *
+ * Since: 2.30
+ */
+const gchar *
+g_hmac_get_string (GHmac *hmac)
+{
+ guint8 *buffer;
+ gsize digest_len;
+
+ g_return_val_if_fail (hmac != NULL, NULL);
+
+ digest_len = g_checksum_type_get_length (hmac->digest_type);
+ buffer = g_malloc (digest_len);
+
+ g_hmac_get_digest (hmac, buffer, &digest_len);
+ return g_checksum_get_string (hmac->digesto);
+}
+
+/**
+ * g_checksum_get_digest:
+ * @hmac: a #GHmac
+ * @buffer: output buffer
+ * @digest_len: an inout parameter. The caller initializes it to the size of @buffer.
+ * After the call it contains the length of the digest.
+ *
+ * Gets the digest from @checksum as a raw binary array and places it
+ * into @buffer. The size of the digest depends on the type of checksum.
+ *
+ * Once this function has been called, the #GHmac is closed and can
+ * no longer be updated with g_checksum_update().
+ *
+ * Since: 2.30
+ */
+void
+g_hmac_get_digest (GHmac *hmac,
+ guint8 *buffer,
+ gsize *digest_len)
+{
+ gsize len;
+
+ g_return_if_fail (hmac != NULL);
+
+ len = g_checksum_type_get_length (hmac->digest_type);
+ g_return_if_fail (*digest_len >= len);
+
+ /* Use the same buffer, because we can :) */
+ g_checksum_get_digest (hmac->digesti, buffer, &len);
+ g_checksum_update (hmac->digesto, buffer, len);
+ g_checksum_get_digest (hmac->digesto, buffer, digest_len);
+}
+
+/**
+ * g_compute_hmac_for_data:
+ * @digest_type: a #GChecksumType to use for the HMAC
+ * @key: (array length=key_len): the key to use in the HMAC
+ * @key_len: the length of the key
+ * @data: binary blob to compute the HMAC of
+ * @length: length of @data
+ *
+ * Computes the HMAC for a binary @data of @length. This is a
+ * convenience wrapper for g_hmac_new(), g_hmac_get_string()
+ * and g_hmac_unref().
+ *
+ * The hexadecimal string returned will be in lower case.
+ *
+ * Return value: the HMAC of the binary data as a string in hexadecimal.
+ * The returned string should be freed with g_free() when done using it.
+ *
+ * Since: 2.30
+ */
+gchar *
+g_compute_hmac_for_data (GChecksumType digest_type,
+ const guchar *key,
+ gsize key_len,
+ const guchar *data,
+ gsize length)
+{
+ GHmac *hmac;
+ gchar *retval;
+
+ g_return_val_if_fail (length == 0 || data != NULL, NULL);
+
+ hmac = g_hmac_new (digest_type, key, key_len);
+ if (!hmac)
+ return NULL;
+
+ g_hmac_update (hmac, data, length);
+ retval = g_strdup (g_hmac_get_string (hmac));
+ g_hmac_unref (hmac);
+
+ return retval;
+}
+
+/**
+ * g_compute_hmac_for_string:
+ * @digest_type: a #GChecksumType to use for the HMAC
+ * @key: (array length=key_len): the key to use in the HMAC
+ * @key_len: the length of the key
+ * @str: the string to compute the HMAC for
+ * @length: the length of the string, or -1 if the string is null-terminated.
+ *
+ * Computes the HMAC for a string.
+ *
+ * The hexadecimal string returned will be in lower case.
+ *
+ * Return value: the HMAC as a hexadecimal string. The returned string
+ * should be freed with g_free() when done using it.
+ *
+ * Since: 2.30
+ */
+gchar *
+g_compute_hmac_for_string (GChecksumType digest_type,
+ const guchar *key,
+ gsize key_len,
+ const gchar *str,
+ gssize length)
+{
+ g_return_val_if_fail (length == 0 || str != NULL, NULL);
+
+ if (length < 0)
+ length = strlen (str);
+
+ return g_compute_hmac_for_data (digest_type, key, key_len,
+ (const guchar *) str, length);
+}
diff --git a/glib/ghmac.h b/glib/ghmac.h
new file mode 100644
index 0000000..856abbf
--- /dev/null
+++ b/glib/ghmac.h
@@ -0,0 +1,71 @@
+/* ghmac.h - secure data hashing
+ *
+ * Copyright (C) 2011 Stef Walter <stefw collabora co uk>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ */
+
+#if defined(G_DISABLE_SINGLE_INCLUDES) && !defined (__GLIB_H_INSIDE__) && !defined (GLIB_COMPILATION)
+#error "Only <glib.h> can be included directly."
+#endif
+
+#ifndef __G_HMAC_H__
+#define __G_HMAC_H__
+
+#include <glib/gtypes.h>
+#include "gchecksum.h"
+
+G_BEGIN_DECLS
+
+/**
+ * GHmac:
+ *
+ * An opaque structure representing a HMAC operation.
+ * To create a new GHmac, use g_hmac_new(). To free
+ * a GHmac, use g_hmac_unref().
+ *
+ * Since: 2.30
+ */
+typedef struct _GHmac GHmac;
+
+GHmac * g_hmac_new (GChecksumType digest_type,
+ const guchar *key,
+ gsize key_len);
+GHmac * g_hmac_copy (const GHmac *hmac);
+GHmac * g_hmac_ref (GHmac *hmac);
+void g_hmac_unref (GHmac *hmac);
+void g_hmac_update (GHmac *hmac,
+ const guchar *data,
+ gssize length);
+const gchar * g_hmac_get_string (GHmac *hmac);
+void g_hmac_get_digest (GHmac *hmac,
+ guint8 *buffer,
+ gsize *digest_len);
+
+gchar *g_compute_hmac_for_data (GChecksumType digest_type,
+ const guchar *key,
+ gsize key_len,
+ const guchar *data,
+ gsize length);
+gchar *g_compute_hmac_for_string (GChecksumType digest_type,
+ const guchar *key,
+ gsize key_len,
+ const gchar *str,
+ gssize length);
+
+G_END_DECLS
+
+#endif /* __G_CHECKSUM_H__ */
diff --git a/glib/glib.h b/glib/glib.h
index 06d0190..ebbbebd 100644
--- a/glib/glib.h
+++ b/glib/glib.h
@@ -48,6 +48,7 @@
#include <glib/gerror.h>
#include <glib/gfileutils.h>
#include <glib/ghash.h>
+#include <glib/ghmac.h>
#include <glib/ghook.h>
#include <glib/ghostutils.h>
#include <glib/giochannel.h>
diff --git a/glib/glib.symbols b/glib/glib.symbols
index ba24a19..01bda12 100644
--- a/glib/glib.symbols
+++ b/glib/glib.symbols
@@ -387,6 +387,15 @@ g_hash_table_iter_get_hash_table
g_hash_table_iter_remove
g_hash_table_iter_replace
g_hash_table_iter_steal
+g_hmac_new
+g_hmac_copy
+g_hmac_ref
+g_hmac_unref
+g_hmac_update
+g_hmac_get_string
+g_hmac_get_digest
+g_compute_hmac_for_data
+g_compute_hmac_for_string
g_hook_alloc
g_hook_compare_ids
g_hook_destroy
diff --git a/glib/tests/.gitignore b/glib/tests/.gitignore
index 4a8de9b..514e02c 100644
--- a/glib/tests/.gitignore
+++ b/glib/tests/.gitignore
@@ -16,6 +16,7 @@ fileutils
gdatetime
gvariant
hash
+hmac
hostutils
keyfile
list
diff --git a/glib/tests/Makefile.am b/glib/tests/Makefile.am
index a127d58..3f4bd14 100644
--- a/glib/tests/Makefile.am
+++ b/glib/tests/Makefile.am
@@ -113,6 +113,9 @@ unicode_LDADD = $(progs_ldadd)
TEST_PROGS += checksum
checksum_LDADD = $(progs_ldadd)
+TEST_PROGS += hmac
+hmac_LDADD = $(progs_ldadd)
+
TEST_PROGS += hash
hash_LDADD = $(progs_ldadd)
diff --git a/glib/tests/hmac.c b/glib/tests/hmac.c
new file mode 100644
index 0000000..db6e271
--- /dev/null
+++ b/glib/tests/hmac.c
@@ -0,0 +1,268 @@
+#include "config.h"
+
+#include <glib.h>
+#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <stdlib.h>
+
+/* HMAC-MD5 test vectors as per RFC 2202 */
+
+/* Test 1 */
+guint8 key_md5_test1[] = {
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
+guint8 result_md5_test1[] = {
+ 0x92, 0x94, 0x72, 0x7a, 0x36, 0x38, 0xbb, 0x1c, 0x13, 0xf4,
+ 0x8e, 0xf8, 0x15, 0x8b, 0xfc, 0x9d };
+
+/* Test 2 */
+guint8 result_md5_test2[] = {
+ 0x75, 0x0c, 0x78, 0x3e, 0x6a, 0xb0, 0xb5, 0x03, 0xea, 0xa8,
+ 0x6e, 0x31, 0x0a, 0x5d, 0xb7, 0x38 };
+
+/* Test 3 */
+guint8 key_md5_test3[] = {
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
+guint8 data_md5_test3[] = {
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd };
+guint8 result_md5_test3[] = {
+ 0x56, 0xbe, 0x34, 0x52, 0x1d, 0x14, 0x4c, 0x88, 0xdb, 0xb8,
+ 0xc7, 0x33, 0xf0, 0xe8, 0xb3, 0xf6 };
+
+/* Test 4 */
+guint8 key_md5_test4[] = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+ 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19 };
+guint8 data_md5_test4[] = {
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd };
+guint8 result_md5_test4[] = {
+ 0x69, 0x7e, 0xaf, 0x0a, 0xca, 0x3a, 0x3a, 0xea, 0x3a, 0x75,
+ 0x16, 0x47, 0x46, 0xff, 0xaa, 0x79 };
+
+/* Test 5 */
+guint8 key_md5_test5[] = {
+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c};
+guint8 result_md5_test5[] = {
+ 0x56, 0x46, 0x1e, 0xf2, 0x34, 0x2e, 0xdc, 0x00, 0xf9, 0xba,
+ 0xb9, 0x95, 0x69, 0x0e, 0xfd, 0x4c };
+
+/* Test 6 */
+guint8 key_md5_test6[] = {
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
+guint8 result_md5_test6[] = {
+ 0x6b, 0x1a, 0xb7, 0xfe, 0x4b, 0xd7, 0xbf, 0x8f, 0x0b, 0x62,
+ 0xe6, 0xce, 0x61, 0xb9, 0xd0, 0xcd };
+
+/* Test 6 */
+guint8 key_md5_test7[] = {
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
+guint8 result_md5_test7[] = {
+ 0x6f, 0x63, 0x0f, 0xad, 0x67, 0xcd, 0xa0, 0xee, 0x1f, 0xb1,
+ 0xf5, 0x62, 0xdb, 0x3a, 0xa5, 0x3e };
+
+/* HMAC-SHA1 test vectors as per RFC 2202 */
+
+/* Test 1 */
+guint8 key_sha1_test1[] = {
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
+guint8 result_sha1_test1[] = {
+ 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xe2, 0x8b,
+ 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, 0xf1, 0x46, 0xbe, 0x00 };
+
+/* Test 2 */
+guint8 result_sha1_test2[] = {
+ 0xef, 0xfc, 0xdf, 0x6a, 0xe5, 0xeb, 0x2f, 0xa2, 0xd2, 0x74,
+ 0x16, 0xd5, 0xf1, 0x84, 0xdf, 0x9c, 0x25, 0x9a, 0x7c, 0x79 };
+
+/* Test 3 */
+guint8 key_sha1_test3[] = {
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
+guint8 data_sha1_test3[] = {
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd };
+guint8 result_sha1_test3[] = {
+ 0x12, 0x5d, 0x73, 0x42, 0xb9, 0xac, 0x11, 0xcd, 0x91, 0xa3,
+ 0x9a, 0xf4, 0x8a, 0xa1, 0x7b, 0x4f, 0x63, 0xf1, 0x75, 0xd3 };
+
+/* Test 4 */
+guint8 key_sha1_test4[] = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+ 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15, 0x16, 0x17, 0x18, 0x19 };
+guint8 data_sha1_test4[] = {
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd };
+guint8 result_sha1_test4[] = {
+ 0x4c, 0x90, 0x07, 0xf4, 0x02, 0x62, 0x50, 0xc6, 0xbc, 0x84,
+ 0x14, 0xf9, 0xbf, 0x50, 0xc8, 0x6c, 0x2d, 0x72, 0x35, 0xda };
+
+/* Test 5 */
+guint8 key_sha1_test5[] = {
+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
+ 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c };
+guint8 result_sha1_test5[] = {
+ 0x4c, 0x1a, 0x03, 0x42, 0x4b, 0x55, 0xe0, 0x7f, 0xe7, 0xf2,
+ 0x7b, 0xe1, 0xd5, 0x8b, 0xb9, 0x32, 0x4a, 0x9a, 0x5a, 0x04 };
+
+/* Test 6 & 7*/
+guint8 key_sha1_test6_7[] = {
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa };
+
+guint8 result_sha1_test6[] = {
+ 0xaa, 0x4a, 0xe5, 0xe1, 0x52, 0x72, 0xd0, 0x0e, 0x95, 0x70,
+ 0x56, 0x37, 0xce, 0x8a, 0x3b, 0x55, 0xed, 0x40, 0x21, 0x12 };
+
+guint8 result_sha1_test7[] = {
+ 0xe8, 0xe9, 0x9d, 0xf, 0x45, 0x23, 0x7d, 0x78, 0x6d, 0x6b,
+ 0xba, 0xa7, 0x96, 0x5c, 0x78, 0x8, 0xbb, 0xff, 0x1a, 0x91 };
+
+
+typedef struct {
+ GChecksumType digest_type;
+ gpointer key;
+ gsize key_len;
+ gpointer data;
+ gsize data_len;
+ gpointer result;
+} HmacCase;
+
+HmacCase hmac_md5_tests[] = {
+ { G_CHECKSUM_MD5, key_md5_test1, 16, "Hi There", 8, result_md5_test1 },
+ { G_CHECKSUM_MD5, "Jefe", 4, "what do ya want for nothing?", 28,
+ result_md5_test2 },
+ { G_CHECKSUM_MD5, key_md5_test3, 16, data_md5_test3, 50,
+ result_md5_test3 },
+ { G_CHECKSUM_MD5, key_md5_test4, 25, data_md5_test4, 50,
+ result_md5_test4 },
+ { G_CHECKSUM_MD5, key_md5_test5, 16, "Test With Truncation", 20,
+ result_md5_test5 },
+ { G_CHECKSUM_MD5, key_md5_test6, 80,
+ "Test Using Larger Than Block-Size Key - Hash Key First", 54,
+ result_md5_test6 },
+ { G_CHECKSUM_MD5, key_md5_test7, 80,
+ "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
+ 73, result_md5_test7 },
+ { -1, NULL, 0, NULL, 0, NULL },
+};
+
+HmacCase hmac_sha1_tests[] = {
+ { G_CHECKSUM_SHA1, key_sha1_test1, 20, "Hi There", 8, result_sha1_test1 },
+ { G_CHECKSUM_SHA1, "Jefe", 4, "what do ya want for nothing?", 28,
+ result_sha1_test2 },
+ { G_CHECKSUM_SHA1, key_sha1_test3, 20, data_sha1_test3, 50,
+ result_sha1_test3 },
+ { G_CHECKSUM_SHA1, key_sha1_test4, 25, data_sha1_test4, 50,
+ result_sha1_test4 },
+ { G_CHECKSUM_SHA1, key_sha1_test5, 20, "Test With Truncation", 20,
+ result_sha1_test5 },
+ { G_CHECKSUM_SHA1, key_sha1_test6_7, 80,
+ "Test Using Larger Than Block-Size Key - Hash Key First", 54,
+ result_sha1_test6 },
+ { G_CHECKSUM_SHA1, key_sha1_test6_7, 80,
+ "Test Using Larger Than Block-Size Key and Larger" \
+ " Than One Block-Size Data", 73, result_sha1_test7, },
+ { -1, NULL, 0, NULL, 0, NULL },
+};
+
+static void
+test_hmac (HmacCase *t)
+{
+ GHmac *hmac;
+ gsize digest_len, hmac_len;
+ gpointer digest;
+
+ hmac_len = digest_len = g_checksum_type_get_length (t->digest_type);
+ digest = g_malloc (hmac_len);
+
+ hmac = g_hmac_new (t->digest_type, t->key, t->key_len);
+ g_hmac_update (hmac, t->data, t->data_len);
+ g_hmac_get_digest (hmac, digest, &digest_len);
+
+ g_assert_cmpuint (digest_len, ==, hmac_len);
+ g_assert (memcmp (digest, t->result, digest_len) == 0);
+
+ g_free (digest);
+ g_hmac_unref (hmac);
+}
+
+static void
+test_hmac_ref_unref (void)
+{
+ GHmac *hmac, *check;
+
+ hmac = g_hmac_new (G_CHECKSUM_SHA1, (guchar*)"aaa", 3);
+ check = g_hmac_ref (hmac);
+ g_assert (check == hmac);
+ g_hmac_unref (check);
+ g_hmac_unref (hmac);
+}
+
+int
+main (int argc,
+ char **argv)
+{
+ int i;
+ g_test_init (&argc, &argv, NULL);
+
+ for (i = 0 ; hmac_sha1_tests[i].key_len > 0 ; i++)
+ {
+ gchar *name = g_strdup_printf ("/hmac/sha1-%d", i + 1);
+ g_test_add_data_func (name, hmac_sha1_tests + i,
+ (void (*)(const void *)) test_hmac);
+ g_free (name);
+ }
+
+ for (i = 0 ; hmac_md5_tests[i].key_len > 0 ; i++)
+ {
+ gchar *name = g_strdup_printf ("/hmac/md5-%d", i + 1);
+ g_test_add_data_func (name, hmac_md5_tests + i,
+ (void (*)(const void *)) test_hmac);
+ g_free (name);
+ }
+
+ g_test_add_func ("/hmac/ref-unref", test_hmac_ref_unref);
+
+ return g_test_run ();
+}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
