2 * Hashing function for CUPS.
4 * Copyright © 2015-2018 by Apple Inc.
6 * Licensed under Apache License v2.0. See the file "LICENSE" for more
11 * Include necessary headers...
14 #include "cups-private.h"
16 # include <CommonCrypto/CommonDigest.h>
17 #elif defined(HAVE_GNUTLS)
18 # include <gnutls/crypto.h>
20 # include "md5-private.h"
21 #endif /* __APPLE__ */
25 * 'cupsHashData()' - Perform a hash function on the given data.
27 * The "algorithm" argument can be any of the registered, non-deprecated IPP
28 * hash algorithms for the "job-password-encryption" attribute, including
29 * "sha" for SHA-1, "sha-256" for SHA2-256, etc.
31 * The "hash" argument points to a buffer of "hashsize" bytes and should be at
32 * least 64 bytes in length for all of the supported algorithms.
34 * The returned hash is binary data.
36 * @since CUPS 2.2/macOS 10.12@
39 ssize_t
/* O - Size of hash or -1 on error */
40 cupsHashData(const char *algorithm
, /* I - Algorithm name */
41 const void *data
, /* I - Data to hash */
42 size_t datalen
, /* I - Length of data to hash */
43 unsigned char *hash
, /* I - Hash buffer */
44 size_t hashsize
) /* I - Size of hash buffer */
46 if (!algorithm
|| !data
|| datalen
== 0 || !hash
|| hashsize
== 0)
48 _cupsSetError(IPP_STATUS_ERROR_INTERNAL
, _("Bad arguments to function"), 1);
53 if (!strcmp(algorithm
, "md5"))
56 * MD5 (deprecated but widely used...)
59 CC_MD5_CTX ctx
; /* MD5 context */
61 if (hashsize
< CC_MD5_DIGEST_LENGTH
)
65 CC_MD5_Update(&ctx
, data
, (CC_LONG
)datalen
);
66 CC_MD5_Final(hash
, &ctx
);
68 return (CC_MD5_DIGEST_LENGTH
);
70 else if (!strcmp(algorithm
, "sha"))
76 CC_SHA1_CTX ctx
; /* SHA-1 context */
78 if (hashsize
< CC_SHA1_DIGEST_LENGTH
)
82 CC_SHA1_Update(&ctx
, data
, (CC_LONG
)datalen
);
83 CC_SHA1_Final(hash
, &ctx
);
85 return (CC_SHA1_DIGEST_LENGTH
);
87 else if (!strcmp(algorithm
, "sha2-224"))
89 CC_SHA256_CTX ctx
; /* SHA-224 context */
91 if (hashsize
< CC_SHA224_DIGEST_LENGTH
)
95 CC_SHA224_Update(&ctx
, data
, (CC_LONG
)datalen
);
96 CC_SHA224_Final(hash
, &ctx
);
98 return (CC_SHA224_DIGEST_LENGTH
);
100 else if (!strcmp(algorithm
, "sha2-256"))
102 CC_SHA256_CTX ctx
; /* SHA-256 context */
104 if (hashsize
< CC_SHA256_DIGEST_LENGTH
)
107 CC_SHA256_Init(&ctx
);
108 CC_SHA256_Update(&ctx
, data
, (CC_LONG
)datalen
);
109 CC_SHA256_Final(hash
, &ctx
);
111 return (CC_SHA256_DIGEST_LENGTH
);
113 else if (!strcmp(algorithm
, "sha2-384"))
115 CC_SHA512_CTX ctx
; /* SHA-384 context */
117 if (hashsize
< CC_SHA384_DIGEST_LENGTH
)
120 CC_SHA384_Init(&ctx
);
121 CC_SHA384_Update(&ctx
, data
, (CC_LONG
)datalen
);
122 CC_SHA384_Final(hash
, &ctx
);
124 return (CC_SHA384_DIGEST_LENGTH
);
126 else if (!strcmp(algorithm
, "sha2-512"))
128 CC_SHA512_CTX ctx
; /* SHA-512 context */
130 if (hashsize
< CC_SHA512_DIGEST_LENGTH
)
133 CC_SHA512_Init(&ctx
);
134 CC_SHA512_Update(&ctx
, data
, (CC_LONG
)datalen
);
135 CC_SHA512_Final(hash
, &ctx
);
137 return (CC_SHA512_DIGEST_LENGTH
);
139 else if (!strcmp(algorithm
, "sha2-512_224"))
141 CC_SHA512_CTX ctx
; /* SHA-512 context */
142 unsigned char temp
[CC_SHA512_DIGEST_LENGTH
];
146 * SHA2-512 truncated to 224 bits (28 bytes)...
149 if (hashsize
< CC_SHA224_DIGEST_LENGTH
)
152 CC_SHA512_Init(&ctx
);
153 CC_SHA512_Update(&ctx
, data
, (CC_LONG
)datalen
);
154 CC_SHA512_Final(temp
, &ctx
);
156 memcpy(hash
, temp
, CC_SHA224_DIGEST_LENGTH
);
158 return (CC_SHA224_DIGEST_LENGTH
);
160 else if (!strcmp(algorithm
, "sha2-512_256"))
162 CC_SHA512_CTX ctx
; /* SHA-512 context */
163 unsigned char temp
[CC_SHA512_DIGEST_LENGTH
];
167 * SHA2-512 truncated to 256 bits (32 bytes)...
170 if (hashsize
< CC_SHA256_DIGEST_LENGTH
)
173 CC_SHA512_Init(&ctx
);
174 CC_SHA512_Update(&ctx
, data
, (CC_LONG
)datalen
);
175 CC_SHA512_Final(temp
, &ctx
);
177 memcpy(hash
, temp
, CC_SHA256_DIGEST_LENGTH
);
179 return (CC_SHA256_DIGEST_LENGTH
);
182 #elif defined(HAVE_GNUTLS)
183 gnutls_digest_algorithm_t alg
= GNUTLS_DIG_UNKNOWN
;
185 unsigned char temp
[64]; /* Temporary hash buffer */
186 size_t tempsize
= 0; /* Truncate to this size? */
188 if (!strcmp(algorithm
, "md5"))
189 alg
= GNUTLS_DIG_MD5
;
190 else if (!strcmp(algorithm
, "sha"))
191 alg
= GNUTLS_DIG_SHA1
;
192 else if (!strcmp(algorithm
, "sha2-224"))
193 alg
= GNUTLS_DIG_SHA224
;
194 else if (!strcmp(algorithm
, "sha2-256"))
195 alg
= GNUTLS_DIG_SHA256
;
196 else if (!strcmp(algorithm
, "sha2-384"))
197 alg
= GNUTLS_DIG_SHA384
;
198 else if (!strcmp(algorithm
, "sha2-512"))
199 alg
= GNUTLS_DIG_SHA512
;
200 else if (!strcmp(algorithm
, "sha2-512_224"))
202 alg
= GNUTLS_DIG_SHA512
;
205 else if (!strcmp(algorithm
, "sha2-512_256"))
207 alg
= GNUTLS_DIG_SHA512
;
211 if (alg
!= GNUTLS_DIG_UNKNOWN
)
216 * Truncate result to tempsize bytes...
219 if (hashsize
< tempsize
)
222 gnutls_hash_fast(alg
, data
, datalen
, temp
);
223 memcpy(hash
, temp
, tempsize
);
225 return ((ssize_t
)tempsize
);
228 if (hashsize
< gnutls_hash_get_len(alg
))
231 gnutls_hash_fast(alg
, data
, datalen
, hash
);
233 return (gnutls_hash_get_len(alg
));
238 * No hash support beyond MD5 without CommonCrypto or GNU TLS...
241 if (!strcmp(algorithm
, "md5"))
243 _cups_md5_state_t state
; /* MD5 state info */
245 _cupsMD5Init(&state
);
246 _cupsMD5Append(&state
, data
, datalen
);
247 _cupsMD5Finish(&state
, hash
);
251 else if (hashsize
< 64)
253 #endif /* __APPLE__ */
256 * Unknown hash algorithm...
259 _cupsSetError(IPP_STATUS_ERROR_INTERNAL
, _("Unknown hash algorithm."), 1);
264 * We get here if the buffer is too small.
269 _cupsSetError(IPP_STATUS_ERROR_INTERNAL
, _("Hash buffer too small."), 1);
275 * 'cupsHashString()' - Format a hash value as a hexadecimal string.
277 * The passed buffer must be at least 2 * hashsize + 1 characters in length.
282 const char * /* O - Formatted string */
284 const unsigned char *hash
, /* I - Hash */
285 size_t hashsize
, /* I - Size of hash */
286 char *buffer
, /* I - String buffer */
287 size_t bufsize
) /* I - Size of string buffer */
289 char *bufptr
= buffer
; /* Pointer into buffer */
290 static const char *hex
= "0123456789abcdef";
291 /* Hex characters (lowercase!) */
295 * Range check input...
298 if (!hash
|| hashsize
< 1 || !buffer
|| bufsize
< (2 * hashsize
+ 1))
306 * Loop until we've converted the whole hash...
311 *bufptr
++ = hex
[*hash
>> 4];
312 *bufptr
++ = hex
[*hash
& 15];