2 * Hashing function for CUPS.
4 * Copyright 2015-2017 by Apple Inc.
6 * Licensed under Apache License v2.0. See the file "LICENSE" for more information.
10 * Include necessary headers...
13 #include "cups-private.h"
15 # include <CommonCrypto/CommonDigest.h>
16 #elif defined(HAVE_GNUTLS)
17 # include <gnutls/crypto.h>
19 # include "md5-private.h"
20 #endif /* __APPLE__ */
24 * 'cupsHashData()' - Perform a hash function on the given data.
26 * The "algorithm" argument can be any of the registered, non-deprecated IPP
27 * hash algorithms for the "job-password-encryption" attribute, including
28 * "sha" for SHA-1, "sha-256" for SHA2-256, etc.
30 * The "hash" argument points to a buffer of "hashsize" bytes and should be at
31 * least 64 bytes in length for all of the supported algorithms.
33 * The returned hash is binary data.
35 * @since CUPS 2.2/macOS 10.12@
38 ssize_t
/* O - Size of hash or -1 on error */
39 cupsHashData(const char *algorithm
, /* I - Algorithm name */
40 const void *data
, /* I - Data to hash */
41 size_t datalen
, /* I - Length of data to hash */
42 unsigned char *hash
, /* I - Hash buffer */
43 size_t hashsize
) /* I - Size of hash buffer */
45 if (!algorithm
|| !data
|| datalen
== 0 || !hash
|| hashsize
== 0)
47 _cupsSetError(IPP_STATUS_ERROR_INTERNAL
, _("Bad arguments to function"), 1);
52 if (!strcmp(algorithm
, "md5"))
55 * MD5 (deprecated but widely used...)
58 CC_MD5_CTX ctx
; /* MD5 context */
60 if (hashsize
< CC_MD5_DIGEST_LENGTH
)
64 CC_MD5_Update(&ctx
, data
, (CC_LONG
)datalen
);
65 CC_MD5_Final(hash
, &ctx
);
67 return (CC_MD5_DIGEST_LENGTH
);
69 else if (!strcmp(algorithm
, "sha"))
75 CC_SHA1_CTX ctx
; /* SHA-1 context */
77 if (hashsize
< CC_SHA1_DIGEST_LENGTH
)
81 CC_SHA1_Update(&ctx
, data
, (CC_LONG
)datalen
);
82 CC_SHA1_Final(hash
, &ctx
);
84 return (CC_SHA1_DIGEST_LENGTH
);
86 else if (!strcmp(algorithm
, "sha2-224"))
88 CC_SHA256_CTX ctx
; /* SHA-224 context */
90 if (hashsize
< CC_SHA224_DIGEST_LENGTH
)
94 CC_SHA224_Update(&ctx
, data
, (CC_LONG
)datalen
);
95 CC_SHA224_Final(hash
, &ctx
);
97 return (CC_SHA224_DIGEST_LENGTH
);
99 else if (!strcmp(algorithm
, "sha2-256"))
101 CC_SHA256_CTX ctx
; /* SHA-256 context */
103 if (hashsize
< CC_SHA256_DIGEST_LENGTH
)
106 CC_SHA256_Init(&ctx
);
107 CC_SHA256_Update(&ctx
, data
, (CC_LONG
)datalen
);
108 CC_SHA256_Final(hash
, &ctx
);
110 return (CC_SHA256_DIGEST_LENGTH
);
112 else if (!strcmp(algorithm
, "sha2-384"))
114 CC_SHA512_CTX ctx
; /* SHA-384 context */
116 if (hashsize
< CC_SHA384_DIGEST_LENGTH
)
119 CC_SHA384_Init(&ctx
);
120 CC_SHA384_Update(&ctx
, data
, (CC_LONG
)datalen
);
121 CC_SHA384_Final(hash
, &ctx
);
123 return (CC_SHA384_DIGEST_LENGTH
);
125 else if (!strcmp(algorithm
, "sha2-512"))
127 CC_SHA512_CTX ctx
; /* SHA-512 context */
129 if (hashsize
< CC_SHA512_DIGEST_LENGTH
)
132 CC_SHA512_Init(&ctx
);
133 CC_SHA512_Update(&ctx
, data
, (CC_LONG
)datalen
);
134 CC_SHA512_Final(hash
, &ctx
);
136 return (CC_SHA512_DIGEST_LENGTH
);
138 else if (!strcmp(algorithm
, "sha2-512_224"))
140 CC_SHA512_CTX ctx
; /* SHA-512 context */
141 unsigned char temp
[CC_SHA512_DIGEST_LENGTH
];
145 * SHA2-512 truncated to 224 bits (28 bytes)...
148 if (hashsize
< CC_SHA224_DIGEST_LENGTH
)
151 CC_SHA512_Init(&ctx
);
152 CC_SHA512_Update(&ctx
, data
, (CC_LONG
)datalen
);
153 CC_SHA512_Final(temp
, &ctx
);
155 memcpy(hash
, temp
, CC_SHA224_DIGEST_LENGTH
);
157 return (CC_SHA224_DIGEST_LENGTH
);
159 else if (!strcmp(algorithm
, "sha2-512_256"))
161 CC_SHA512_CTX ctx
; /* SHA-512 context */
162 unsigned char temp
[CC_SHA512_DIGEST_LENGTH
];
166 * SHA2-512 truncated to 256 bits (32 bytes)...
169 if (hashsize
< CC_SHA256_DIGEST_LENGTH
)
172 CC_SHA512_Init(&ctx
);
173 CC_SHA512_Update(&ctx
, data
, (CC_LONG
)datalen
);
174 CC_SHA512_Final(temp
, &ctx
);
176 memcpy(hash
, temp
, CC_SHA256_DIGEST_LENGTH
);
178 return (CC_SHA256_DIGEST_LENGTH
);
181 #elif defined(HAVE_GNUTLS)
182 gnutls_digest_algorithm_t alg
= GNUTLS_DIG_UNKNOWN
;
184 unsigned char temp
[64]; /* Temporary hash buffer */
185 size_t tempsize
= 0; /* Truncate to this size? */
187 if (!strcmp(algorithm
, "md5"))
188 alg
= GNUTLS_DIG_MD5
;
189 else if (!strcmp(algorithm
, "sha"))
190 alg
= GNUTLS_DIG_SHA1
;
191 else if (!strcmp(algorithm
, "sha2-224"))
192 alg
= GNUTLS_DIG_SHA224
;
193 else if (!strcmp(algorithm
, "sha2-256"))
194 alg
= GNUTLS_DIG_SHA256
;
195 else if (!strcmp(algorithm
, "sha2-384"))
196 alg
= GNUTLS_DIG_SHA384
;
197 else if (!strcmp(algorithm
, "sha2-512"))
198 alg
= GNUTLS_DIG_SHA512
;
199 else if (!strcmp(algorithm
, "sha2-512_224"))
201 alg
= GNUTLS_DIG_SHA512
;
204 else if (!strcmp(algorithm
, "sha2-512_256"))
206 alg
= GNUTLS_DIG_SHA512
;
210 if (alg
!= GNUTLS_DIG_UNKNOWN
)
215 * Truncate result to tempsize bytes...
218 if (hashsize
< tempsize
)
221 gnutls_hash_fast(alg
, data
, datalen
, temp
);
222 memcpy(hash
, temp
, tempsize
);
224 return ((ssize_t
)tempsize
);
227 if (hashsize
< gnutls_hash_get_len(alg
))
230 gnutls_hash_fast(alg
, data
, datalen
, hash
);
232 return (gnutls_hash_get_len(alg
));
237 * No hash support beyond MD5 without CommonCrypto or GNU TLS...
240 if (!strcmp(algorithm
, "md5"))
242 _cups_md5_state_t state
; /* MD5 state info */
244 _cupsMD5Init(&state
);
245 _cupsMD5Append(&state
, data
, datalen
);
246 _cupsMD5Finish(&state
, hash
);
250 else if (hashsize
< 64)
252 #endif /* __APPLE__ */
255 * Unknown hash algorithm...
258 _cupsSetError(IPP_STATUS_ERROR_INTERNAL
, _("Unknown hash algorithm."), 1);
263 * We get here if the buffer is too small.
268 _cupsSetError(IPP_STATUS_ERROR_INTERNAL
, _("Hash buffer too small."), 1);
274 * 'cupsHashString()' - Format a hash value as a hexadecimal string.
276 * The passed buffer must be at least 2 * hashsize + 1 characters in length.
279 const char * /* O - Formatted string */
281 const unsigned char *hash
, /* I - Hash */
282 size_t hashsize
, /* I - Size of hash */
283 char *buffer
, /* I - String buffer */
284 size_t bufsize
) /* I - Size of string buffer */
286 char *bufptr
= buffer
; /* Pointer into buffer */
287 static const char *hex
= "0123456789abcdef";
288 /* Hex characters (lowercase!) */
292 * Range check input...
295 if (!hash
|| hashsize
< 1 || !buffer
|| bufsize
< (2 * hashsize
+ 1))
303 * Loop until we've converted the whole hash...
308 *bufptr
++ = hex
[*hash
>> 4];
309 *bufptr
++ = hex
[*hash
& 15];