1 |
281 |
jeremybenn |
------------------------------------------------------------------------------
|
2 |
|
|
-- --
|
3 |
|
|
-- GNAT LIBRARY COMPONENTS --
|
4 |
|
|
-- --
|
5 |
|
|
-- G N A T . S E C U R E _ H A S H E S --
|
6 |
|
|
-- --
|
7 |
|
|
-- S p e c --
|
8 |
|
|
-- --
|
9 |
|
|
-- Copyright (C) 2009, Free Software Foundation, Inc. --
|
10 |
|
|
-- --
|
11 |
|
|
-- GNAT is free software; you can redistribute it and/or modify it under --
|
12 |
|
|
-- terms of the GNU General Public License as published by the Free Soft- --
|
13 |
|
|
-- ware Foundation; either version 3, or (at your option) any later ver- --
|
14 |
|
|
-- sion. GNAT is distributed in the hope that it will be useful, but WITH- --
|
15 |
|
|
-- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY --
|
16 |
|
|
-- or FITNESS FOR A PARTICULAR PURPOSE. --
|
17 |
|
|
-- --
|
18 |
|
|
-- As a special exception under Section 7 of GPL version 3, you are granted --
|
19 |
|
|
-- additional permissions described in the GCC Runtime Library Exception, --
|
20 |
|
|
-- version 3.1, as published by the Free Software Foundation. --
|
21 |
|
|
-- --
|
22 |
|
|
-- You should have received a copy of the GNU General Public License and --
|
23 |
|
|
-- a copy of the GCC Runtime Library Exception along with this program; --
|
24 |
|
|
-- see the files COPYING3 and COPYING.RUNTIME respectively. If not, see --
|
25 |
|
|
-- <http://www.gnu.org/licenses/>. --
|
26 |
|
|
-- --
|
27 |
|
|
-- GNAT was originally developed by the GNAT team at New York University. --
|
28 |
|
|
-- Extensive contributions were provided by Ada Core Technologies Inc. --
|
29 |
|
|
-- --
|
30 |
|
|
------------------------------------------------------------------------------
|
31 |
|
|
|
32 |
|
|
-- This package provides common suporting code for a family of secure
|
33 |
|
|
-- hash functions (including MD5 and the FIPS PUB 180-3 functions SHA-1,
|
34 |
|
|
-- SHA-224, SHA-256, SHA-384 and SHA-512).
|
35 |
|
|
|
36 |
|
|
-- This is an internal unit and should be not used directly in applications.
|
37 |
|
|
-- Use GNAT.MD5 and GNAT.SHA* instead.
|
38 |
|
|
|
39 |
|
|
with Ada.Streams;
|
40 |
|
|
with Interfaces;
|
41 |
|
|
with System;
|
42 |
|
|
|
43 |
|
|
package GNAT.Secure_Hashes is
|
44 |
|
|
|
45 |
|
|
type Buffer_Type is new String;
|
46 |
|
|
for Buffer_Type'Alignment use 8;
|
47 |
|
|
-- Secure hash functions use a string buffer that is also accessed as an
|
48 |
|
|
-- array of words, which may require up to 64 bit alignment.
|
49 |
|
|
|
50 |
|
|
-- The function-independent part of processing state: A buffer of data
|
51 |
|
|
-- being accumulated until a complete block is ready for hashing.
|
52 |
|
|
|
53 |
|
|
type Message_State (Block_Length : Natural) is record
|
54 |
|
|
Last : Natural := 0;
|
55 |
|
|
-- Index of last used element in Buffer
|
56 |
|
|
|
57 |
|
|
Length : Interfaces.Unsigned_64 := 0;
|
58 |
|
|
-- Total length of processed data
|
59 |
|
|
|
60 |
|
|
Buffer : Buffer_Type (1 .. Block_Length);
|
61 |
|
|
-- Data buffer
|
62 |
|
|
end record;
|
63 |
|
|
|
64 |
|
|
-- The function-specific part of processing state:
|
65 |
|
|
|
66 |
|
|
-- Each hash function maintains an internal state as an array of words,
|
67 |
|
|
-- which is ultimately converted to a stream representation with the
|
68 |
|
|
-- appropriate bit order.
|
69 |
|
|
|
70 |
|
|
generic
|
71 |
|
|
type Word is mod <>;
|
72 |
|
|
-- Either 32 or 64 bits
|
73 |
|
|
|
74 |
|
|
with procedure Swap (X : System.Address);
|
75 |
|
|
-- Byte swapping function for a Word at X
|
76 |
|
|
|
77 |
|
|
Hash_Bit_Order : System.Bit_Order;
|
78 |
|
|
-- Bit order of the produced hash
|
79 |
|
|
|
80 |
|
|
package Hash_Function_State is
|
81 |
|
|
|
82 |
|
|
type State is array (Natural range <>) of Word;
|
83 |
|
|
-- Used to store a hash function's internal state
|
84 |
|
|
|
85 |
|
|
procedure To_Hash
|
86 |
|
|
(H : State;
|
87 |
|
|
H_Bits : out Ada.Streams.Stream_Element_Array);
|
88 |
|
|
-- Convert H to stream representation with the given bit order.
|
89 |
|
|
-- If H_Bits is smaller than the internal hash state, then the state
|
90 |
|
|
-- is truncated.
|
91 |
|
|
|
92 |
|
|
end Hash_Function_State;
|
93 |
|
|
|
94 |
|
|
-- Generic hashing framework:
|
95 |
|
|
-- The user interface for each implemented secure hash function is an
|
96 |
|
|
-- instance of this generic package.
|
97 |
|
|
|
98 |
|
|
generic
|
99 |
|
|
Block_Words : Natural;
|
100 |
|
|
-- Number of words in each block
|
101 |
|
|
|
102 |
|
|
State_Words : Natural;
|
103 |
|
|
-- Number of words in internal state
|
104 |
|
|
|
105 |
|
|
Hash_Words : Natural;
|
106 |
|
|
-- Number of words in the final hash (must be no greater than
|
107 |
|
|
-- State_Words).
|
108 |
|
|
|
109 |
|
|
Hash_Bit_Order : System.Bit_Order;
|
110 |
|
|
-- Bit order used for conversion between bit representation and word
|
111 |
|
|
-- representation.
|
112 |
|
|
|
113 |
|
|
with package Hash_State is new Hash_Function_State (<>);
|
114 |
|
|
-- Hash function state package
|
115 |
|
|
|
116 |
|
|
Initial_State : Hash_State.State;
|
117 |
|
|
-- Initial value of the hash function state
|
118 |
|
|
|
119 |
|
|
with procedure Transform
|
120 |
|
|
(H : in out Hash_State.State;
|
121 |
|
|
M : in out Message_State);
|
122 |
|
|
-- Transformation function updating H by processing a complete data
|
123 |
|
|
-- block from M.
|
124 |
|
|
|
125 |
|
|
package H is
|
126 |
|
|
|
127 |
|
|
-- The visible part of H is the interface to secure hashing functions
|
128 |
|
|
-- that is exposed to user applications, and is intended to remain
|
129 |
|
|
-- a stable interface.
|
130 |
|
|
|
131 |
|
|
pragma Assert (Hash_Words <= State_Words);
|
132 |
|
|
|
133 |
|
|
type Context is private;
|
134 |
|
|
-- The internal processing state of the hashing function
|
135 |
|
|
|
136 |
|
|
function "=" (L, R : Context) return Boolean is abstract;
|
137 |
|
|
-- Context is the internal, implementation defined intermediate state
|
138 |
|
|
-- in a hash computation, and no specific semantics can be expected on
|
139 |
|
|
-- equality of context values. Only equality of final hash values (as
|
140 |
|
|
-- returned by the [Wide_]Digest functions below) is meaningful.
|
141 |
|
|
|
142 |
|
|
Initial_Context : constant Context;
|
143 |
|
|
-- Initial value of a Context object. May be used to reinitialize
|
144 |
|
|
-- a Context value by simple assignment of this value to the object.
|
145 |
|
|
|
146 |
|
|
procedure Update (C : in out Context; Input : String);
|
147 |
|
|
procedure Wide_Update (C : in out Context; Input : Wide_String);
|
148 |
|
|
procedure Update
|
149 |
|
|
(C : in out Context;
|
150 |
|
|
Input : Ada.Streams.Stream_Element_Array);
|
151 |
|
|
-- Update C to process the given input. Successive calls to Update are
|
152 |
|
|
-- equivalent to a single call with the concatenation of the inputs. For
|
153 |
|
|
-- the Wide_String version, each Wide_Character is processed low order
|
154 |
|
|
-- byte first.
|
155 |
|
|
|
156 |
|
|
Word_Length : constant Natural := Hash_State.Word'Size / 8;
|
157 |
|
|
Hash_Length : constant Natural := Hash_Words * Word_Length;
|
158 |
|
|
|
159 |
|
|
subtype Message_Digest is String (1 .. 2 * Hash_Length);
|
160 |
|
|
-- The fixed-length string returned by Digest, providing the hash in
|
161 |
|
|
-- hexadecimal representation.
|
162 |
|
|
|
163 |
|
|
function Digest (C : Context) return Message_Digest;
|
164 |
|
|
-- Return hash for the data accumulated with C in hexadecimal
|
165 |
|
|
-- representation.
|
166 |
|
|
|
167 |
|
|
function Digest (S : String) return Message_Digest;
|
168 |
|
|
function Wide_Digest (W : Wide_String) return Message_Digest;
|
169 |
|
|
function Digest
|
170 |
|
|
(A : Ada.Streams.Stream_Element_Array) return Message_Digest;
|
171 |
|
|
-- These functions are equivalent to the corresponding Update (or
|
172 |
|
|
-- Wide_Update) on a default initialized Context, followed by Digest
|
173 |
|
|
-- on the resulting Context.
|
174 |
|
|
|
175 |
|
|
private
|
176 |
|
|
|
177 |
|
|
Block_Length : constant Natural := Block_Words * Word_Length;
|
178 |
|
|
-- Length in bytes of a data block
|
179 |
|
|
|
180 |
|
|
type Context is record
|
181 |
|
|
H_State : Hash_State.State (0 .. State_Words - 1) := Initial_State;
|
182 |
|
|
-- Function-specific state
|
183 |
|
|
|
184 |
|
|
M_State : Message_State (Block_Length);
|
185 |
|
|
-- Function-independent state (block buffer)
|
186 |
|
|
end record;
|
187 |
|
|
|
188 |
|
|
Initial_Context : constant Context := (others => <>);
|
189 |
|
|
-- Initial values are provided by default initialization of Context
|
190 |
|
|
|
191 |
|
|
end H;
|
192 |
|
|
|
193 |
|
|
end GNAT.Secure_Hashes;
|