GCC Code Coverage Report

Directory: cvmfs/
File: cvmfs/crypto/hash.h
Date: 2025-04-20 02:34:28
Exec Total Coverage
Lines: 172 175 98.3%
Branches: 93 122 76.2%
Line Branch Exec Source
1 /**
2 * This file is part of the CernVM File System.
3 *
4 * Provides a bit syntactic sugar around the hash algorithms.
5 * In particular, hashes can easily be created by constructors.
6 * Also, we have a little to-string-from-string conversion.
7 *
8 * The complexity is due to the need to avoid dynamically allocated memory
9 * for the hashes. Almost everything happens on the stack.
10 */
11
12 #ifndef CVMFS_CRYPTO_HASH_H_
13 #define CVMFS_CRYPTO_HASH_H_
14
15 #include <arpa/inet.h>
16 #include <stdint.h>
17
18 #include <cassert>
19 #include <cctype>
20 #include <cstdlib>
21 #include <cstring>
22 #include <string>
23
24 #include "util/export.h"
25 #include "util/logging.h"
26 #include "util/prng.h"
27 #include "util/smalloc.h"
28
29 #ifdef CVMFS_NAMESPACE_GUARD
30 namespace CVMFS_NAMESPACE_GUARD {
31 #endif
32
33 namespace shash {
34
35 /**
36 * Don't change order! The integer value of the enum constants is used
37 * as file catalog flags and as flags in communication with the cache manager.
38 * If algorithms are added, the protocol definition for external cache managers
39 * needs to be updated, too.
40 */
41 enum Algorithms {
42 kMd5 = 0,
43 kSha1,
44 kRmd160,
45 kShake128, // with 160 output bits
46 kAny,
47 };
48
49 /**
50 * NOTE: when adding a suffix here, one must edit `cvmfs_swissknife scrub`
51 * accordingly, that checks for invalid hash suffixes
52 */
53 const char kSuffixNone = 0;
54 const char kSuffixCatalog = 'C';
55 const char kSuffixHistory = 'H';
56 const char kSuffixMicroCatalog = 'L'; // currently unused
57 const char kSuffixPartial = 'P';
58 const char kSuffixTemporary = 'T';
59 const char kSuffixCertificate = 'X';
60 const char kSuffixMetainfo = 'M';
61
62
63 /**
64 * Corresponds to Algorithms. "Any" is the maximum of all the other
65 * digest sizes.
66 * When the maximum digest size changes, the memory layout of DirectoryEntry and
67 * PosixQuotaManager::LruCommand changes, too!
68 */
69 const unsigned kDigestSizes[] =
70 {16, 20, 20, 20, 20};
71 // Md5 Sha1 Rmd160 Shake128 Any
72 const unsigned kMaxDigestSize = 20;
73
74 /**
75 * The maximum of GetContextSize()
76 */
77 const unsigned kMaxContextSize = 256;
78
79 /**
80 * Hex representations of hashes with the same length need a suffix
81 * to be distinguished from each other. They should all have one but
82 * for backwards compatibility MD5 and SHA-1 have none. Initialized in hash.cc
83 * like const char *kAlgorithmIds[] = {"", "", "-rmd160", ...
84 */
85 CVMFS_EXPORT extern const char *kAlgorithmIds[];
86 const unsigned kAlgorithmIdSizes[] =
87 {0, 0, 7, 9, 0};
88 // Md5 Sha1 -rmd160 -shake128 Any
89 const unsigned kMaxAlgorithmIdentifierSize = 9;
90
91 /**
92 * Corresponds to Algorithms. There is no block size for Any.
93 * Is an HMAC for SHAKE well-defined?
94 */
95 const unsigned kBlockSizes[] =
96 {64, 64, 64, 168};
97 // Md5 Sha1 Rmd160 Shake128
98
99 /**
100 * Distinguishes between interpreting a string as hex hash and hashing over
101 * the contents of a string.
102 */
103 struct CVMFS_EXPORT HexPtr {
104 const std::string *str;
105 67677 explicit HexPtr(const std::string &s) { str = &s; }
106 bool IsValid() const;
107 };
108
109 struct CVMFS_EXPORT AsciiPtr {
110 const std::string *str;
111 1925 explicit AsciiPtr(const std::string &s) { str = &s; }
112 };
113
114 typedef char Suffix;
115
116 /**
117 * Holds a hash digest and provides from string / to string conversion and
118 * comparison. The kAny algorithm may not be used in functions! The algorithm
119 * has to be changed beforehand.
120 * This class is not used directly, but used as base clase of Md5, Sha1, ...
121 */
122 template<unsigned digest_size_, Algorithms algorithm_>
123 struct CVMFS_EXPORT Digest {
124 unsigned char digest[digest_size_];
125 Algorithms algorithm;
126 Suffix suffix;
127
128 class Hex {
129 public:
130 1012445 explicit Hex(const Digest<digest_size_, algorithm_> *digest) :
131 1012445 digest_(*digest),
132 1012445 hash_length_(2 * kDigestSizes[digest_.algorithm]),
133 1012445 algo_id_length_(kAlgorithmIdSizes[digest_.algorithm]) {}
134
135 82295641 unsigned int length() const { return hash_length_ + algo_id_length_; }
136
137 40139005 char operator[](const unsigned int position) const {
138
1/2
✗ Branch 1 not taken.
✓ Branch 2 taken 40137969 times.
 40139005 assert(position < length());
139 40141585 return (position < hash_length_)
140
2/2
✓ Branch 0 taken 40137162 times.
✓ Branch 1 taken 807 times.
 40141585 ? GetHashChar(position)
141 40125657 : GetAlgorithmIdentifierChar(position);
142 }
143
144 protected:
145 40139101 char GetHashChar(const unsigned int position) const {
146
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 40135485 times.
 40139101 assert(position < hash_length_);
147
2/2
✓ Branch 0 taken 20099471 times.
✓ Branch 1 taken 20036014 times.
 40139101 const char digit = (position % 2 == 0)
148 20101279 ? digest_.digest[position / 2] / 16
149 20037822 : digest_.digest[position / 2] % 16;
150 40139101 return ToHex(digit);
151 }
152
153 807 char GetAlgorithmIdentifierChar(const unsigned int position) const {
154
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 807 times.
 807 assert(position >= hash_length_);
155 807 return kAlgorithmIds[digest_.algorithm][position - hash_length_];
156 }
157
158 40125750 char ToHex(const char c) const {
159
2/2
✓ Branch 0 taken 30186318 times.
✓ Branch 1 taken 9935816 times.
 40125750 return static_cast<char>(c + ((c <= 9) ? '0' : 'a' - 10));
160 }
161
162 private:
163 const Digest<digest_size_, algorithm_> &digest_;
164 const unsigned int hash_length_;
165 const unsigned int algo_id_length_;
166 };
167
168 4680542 unsigned GetDigestSize() const { return kDigestSizes[algorithm]; }
169 68 unsigned GetHexSize() const {
170 68 return 2*kDigestSizes[algorithm] + kAlgorithmIdSizes[algorithm];
171 }
172
173 73911062 Digest() :
174 73911062 algorithm(algorithm_), suffix(kSuffixNone)
175 {
176 73911062 SetNull();
177 73914090 }
178
179 104790 explicit Digest(const Algorithms a, const HexPtr hex, const char s = 0) :
180 104790 algorithm(a), suffix(s)
181 {
182
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 37 times.
 37 assert((algorithm_ == kAny) || (a == algorithm_));
183 104790 const unsigned char_size = 2*kDigestSizes[a];
184
185 104790 const std::string *str = hex.str;
186 104790 const unsigned length = str->length();
187
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 104790 times.
 104790 assert(length >= char_size); // A suffix won't hurt
188
189
2/2
✓ Branch 0 taken 1921808 times.
✓ Branch 1 taken 104790 times.
 2026598 for (unsigned i = 0; i < char_size; i += 2) {
190 1921808 this->digest[i/2] =
191
2/2
✓ Branch 1 taken 1560983 times.
✓ Branch 2 taken 360825 times.
 3843616 ((*str)[i] <= '9' ? (*str)[i] -'0' : (*str)[i] - 'a' + 10)*16 +
192
2/2
✓ Branch 1 taken 1563657 times.
✓ Branch 2 taken 358151 times.
 1921808 ((*str)[i+1] <= '9' ? (*str)[i+1] - '0' : (*str)[i+1] - 'a' + 10);
193 }
194 104790 }
195
196 329 Digest(const Algorithms a,
197 const unsigned char *digest_buffer,
198 const Suffix s = kSuffixNone) :
199 329 algorithm(a), suffix(s)
200 {
201 329 memcpy(digest, digest_buffer, kDigestSizes[a]);
202 329 }
203
204 /**
205 * Generates a purely random hash
206 * Only used for testing purposes
207 */
208 138 void Randomize() {
209 138 Prng prng;
210 138 prng.InitLocaltime();
211
1/2
✓ Branch 1 taken 4 times.
✗ Branch 2 not taken.
 138 Randomize(&prng);
212 138 }
213
214 /**
215 * Generates a purely random hash
216 * Only used for testing purposes
217 *
218 * @param seed random number generator seed (for reproducibility)
219 */
220 2000442 void Randomize(const uint64_t seed) {
221 2000442 Prng prng;
222 2000442 prng.InitSeed(seed);
223
1/2
✓ Branch 1 taken 2000221 times.
✗ Branch 2 not taken.
 2000442 Randomize(&prng);
224 2000442 }
225
226 /**
227 * Generates a purely random hash
228 * Only used for testing purposes
229 *
230 * @param prng random number generator object (for external reproducibility)
231 */
232 4378219 void Randomize(Prng *prng) {
233 4378219 const unsigned bytes = GetDigestSize();
234
2/2
✓ Branch 0 taken 76892656 times.
✓ Branch 1 taken 4378218 times.
 81270895 for (unsigned i = 0; i < bytes; ++i) {
235 76892676 digest[i] = prng->Next(256);
236 }
237 4378219 }
238
239 7787 bool HasSuffix() const { return suffix != kSuffixNone; }
240 369512 void set_suffix(const Suffix s) { suffix = s; }
241
242 /**
243 * Generates a hexified representation of the digest including the identifier
244 * string for newly added hashes.
245 *
246 * @param with_suffix append the hash suffix (C,H,X, ...) to the result
247 * @return a string representation of the digest
248 */
249 960831 std::string ToString(const bool with_suffix = false) const {
250 960831 Hex hex(this);
251
4/4
✓ Branch 0 taken 7476 times.
✓ Branch 1 taken 953248 times.
✓ Branch 3 taken 99 times.
✓ Branch 4 taken 7379 times.
 960837 const bool use_suffix = with_suffix && HasSuffix();
252 960839 const unsigned string_length = hex.length() + use_suffix;
253
1/2
✓ Branch 2 taken 960700 times.
✗ Branch 3 not taken.
 960819 std::string result(string_length, 0);
254
255
2/2
✓ Branch 1 taken 38074953 times.
✓ Branch 2 taken 933216 times.
 39025654 for (unsigned int i = 0; i < hex.length(); ++i) {
256
2/4
✓ Branch 1 taken 38059778 times.
✗ Branch 2 not taken.
✓ Branch 4 taken 38061224 times.
✗ Branch 5 not taken.
 38078569 result[i] = hex[i];
257 }
258
259
2/2
✓ Branch 0 taken 99 times.
✓ Branch 1 taken 933117 times.
 933329 if (use_suffix) {
260
1/2
✓ Branch 1 taken 99 times.
✗ Branch 2 not taken.
 99 result[string_length - 1] = suffix;
261 }
262
263
1/2
✗ Branch 1 not taken.
✓ Branch 2 taken 960046 times.
 933329 assert(result.length() == string_length);
264 1920318 return result;
265 }
266
267 /**
268 * Generates a hexified representation of the digest including the identifier
269 * string for newly added hashes. Output is in the form of
270 * 'openssl x509 fingerprint', e.g. 00:AA:BB:...-SHAKE128
271 *
272 * @param with_suffix append the hash suffix (C,H,X, ...) to the result
273 * @return a string representation of the digest
274 */
275 8 std::string ToFingerprint(const bool with_suffix = false) const {
276 8 Hex hex(this);
277
3/4
✓ Branch 0 taken 4 times.
✓ Branch 1 taken 4 times.
✓ Branch 3 taken 4 times.
✗ Branch 4 not taken.
 8 const bool use_suffix = with_suffix && HasSuffix();
278 8 const unsigned string_length =
279 8 hex.length() + kDigestSizes[algorithm] - 1 + use_suffix;
280
1/2
✓ Branch 2 taken 8 times.
✗ Branch 3 not taken.
 8 std::string result(string_length, 0);
281
282 8 unsigned l = hex.length();
283
2/2
✓ Branch 0 taken 336 times.
✓ Branch 1 taken 8 times.
 344 for (unsigned int hex_i = 0, result_i = 0; hex_i < l; ++hex_i, ++result_i) {
284
2/4
✓ Branch 1 taken 336 times.
✗ Branch 2 not taken.
✓ Branch 4 taken 336 times.
✗ Branch 5 not taken.
 336 result[result_i] = toupper(hex[hex_i]);
285
4/4
✓ Branch 0 taken 296 times.
✓ Branch 1 taken 40 times.
✓ Branch 2 taken 144 times.
✓ Branch 3 taken 152 times.
 336 if ((hex_i < 2 * kDigestSizes[algorithm] - 1) && (hex_i % 2 == 1)) {
286
1/2
✓ Branch 1 taken 144 times.
✗ Branch 2 not taken.
 144 result[++result_i] = ':';
287 }
288 }
289
290
2/2
✓ Branch 0 taken 4 times.
✓ Branch 1 taken 4 times.
 8 if (use_suffix) {
291
1/2
✓ Branch 1 taken 4 times.
✗ Branch 2 not taken.
 4 result[string_length - 1] = suffix;
292 }
293
294
1/2
✗ Branch 1 not taken.
✓ Branch 2 taken 8 times.
 8 assert(result.length() == string_length);
295 16 return result;
296 }
297
298 /**
299 * Convenience method to generate a string representation of the digest.
300 * See Digest<>::ToString() for details
301 *
302 * @return a string representation including the hash suffix of the digest
303 */
304 195 std::string ToStringWithSuffix() const {
305 195 return ToString(true);
306 }
307
308 /**
309 * Generate the standard relative path from the hexified digest to be used in
310 * CAS areas or cache directories. Throughout the entire system we use one
311 * directory level (first to hex digest characters) for namespace splitting.
312 * Note: This method appends the internal hash suffix to the path.
313 *
314 * @return a relative path representation of the digest including the suffix
315 */
316 1257 std::string MakePath() const {
317 1257 return MakePathExplicit(1, 2, suffix);
318 }
319
320 /**
321 * The alternative path is used to symlink the root catalog from the webserver
322 * root to the data directory. This way, the data directory can be protected
323 * while the root catalog remains accessible.
324 */
325 10 std::string MakeAlternativePath() const {
326
1/2
✓ Branch 2 taken 10 times.
✗ Branch 3 not taken.
 10 return ".cvmfsalt-" + ToStringWithSuffix();
327 }
328
329 /**
330 * Produces a relative path representation of the digest without appending the
331 * hash suffix. See Digest<>::MakePath() for more details.
332 *
333 * @return a relative path representation of the digest without the suffix
334 */
335 50335 std::string MakePathWithoutSuffix() const {
336 50335 return MakePathExplicit(1, 2, kSuffixNone);
337 }
338
339 /**
340 * Generates an arbitrary path representation of the digest. Both number of
341 * directory levels and the hash-digits per level can be customized. Further-
342 * more an arbitrary hash suffix can be provided.
343 * Note: This method is mainly meant for internal usage but stays public for
344 * historical reasons.
345 *
346 * @param dir_levels the number of namespace splitting directory levels
347 * @param digits_per_level each directory level's number of hex-digits
348 * @param hash_suffix the hash suffix character to be appended
349 * @return a relative path representation of the digest
350 */
351 51608 std::string MakePathExplicit(const unsigned dir_levels,
352 const unsigned digits_per_level,
353 const Suffix hash_suffix = kSuffixNone) const {
354 51608 Hex hex(this);
355
356 // figure out how big the output string needs to be
357 51608 const bool use_suffix = (hash_suffix != kSuffixNone);
358 51608 const unsigned string_length = hex.length() + dir_levels + use_suffix;
359 51608 std::string result;
360
1/2
✓ Branch 1 taken 51608 times.
✗ Branch 2 not taken.
 51608 result.resize(string_length);
361
362 // build hexified hash and path delimiters
363 51608 unsigned i = 0;
364 51608 unsigned pos = 0;
365
2/2
✓ Branch 1 taken 2061247 times.
✓ Branch 2 taken 51608 times.
 2112855 for (; i < hex.length(); ++i) {
366
4/4
✓ Branch 0 taken 2009639 times.
✓ Branch 1 taken 51608 times.
✓ Branch 2 taken 979058 times.
✓ Branch 3 taken 1030581 times.
 2061247 if (i > 0 && (i % digits_per_level == 0)
367
2/2
✓ Branch 0 taken 51616 times.
✓ Branch 1 taken 927442 times.
 979058 && (i / digits_per_level <= dir_levels)) {
368
1/2
✓ Branch 1 taken 51616 times.
✗ Branch 2 not taken.
 51616 result[pos++] = '/';
369 }
370
2/4
✓ Branch 1 taken 2061247 times.
✗ Branch 2 not taken.
✓ Branch 4 taken 2061247 times.
✗ Branch 5 not taken.
 2061247 result[pos++] = hex[i];
371 }
372
373 // (optionally) add hash hint suffix
374
2/2
✓ Branch 0 taken 593 times.
✓ Branch 1 taken 51015 times.
 51608 if (use_suffix) {
375
1/2
✓ Branch 1 taken 593 times.
✗ Branch 2 not taken.
 593 result[pos++] = hash_suffix;
376 }
377
378
1/2
✗ Branch 1 not taken.
✓ Branch 2 taken 51608 times.
 51608 assert(i == hex.length());
379
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 51608 times.
 51608 assert(pos == string_length);
380 103216 return result;
381 }
382
383 1732056 bool IsNull() const {
384
2/2
✓ Branch 0 taken 8793864 times.
✓ Branch 1 taken 371231 times.
 9165095 for (unsigned i = 0; i < kDigestSizes[algorithm]; ++i) {
385
2/2
✓ Branch 0 taken 1360825 times.
✓ Branch 1 taken 7433039 times.
 8793864 if (digest[i] != 0)
386 1360825 return false;
387 }
388 371231 return true;
389 }
390
391 /**
392 * Get a partial digest for use when only 32 bits are required
393 */
394 41 uint32_t Partial32() const {
395 41 const uint32_t *partial = (const uint32_t *)digest;
396 41 return ntohl(*partial);
397 }
398
399
400 73910150 void SetNull() {
401 73910150 memset(digest, 0, digest_size_);
402 73910150 }
403
404
405 62242688 bool operator ==(const Digest<digest_size_, algorithm_> &other) const {
406
2/2
✓ Branch 0 taken 6260105 times.
✓ Branch 1 taken 24862213 times.
 62242688 if (this->algorithm != other.algorithm)
407 12518666 return false;
408
2/2
✓ Branch 0 taken 214879252 times.
✓ Branch 1 taken 11845446 times.
 453440912 for (unsigned i = 0; i < kDigestSizes[algorithm]; ++i) {
409
2/2
✓ Branch 0 taken 13016767 times.
✓ Branch 1 taken 201862485 times.
 429750424 if (this->digest[i] != other.digest[i])
410 26033534 return false;
411 }
412 23690488 return true;
413 }
414
415 6353078 bool operator !=(const Digest<digest_size_, algorithm_> &other) const {
416 6353078 return !(*this == other);
417 }
418
419 64774083 bool operator <(const Digest<digest_size_, algorithm_> &other) const {
420
2/2
✓ Branch 0 taken 2393125 times.
✓ Branch 1 taken 62380958 times.
 64774083 if (this->algorithm != other.algorithm)
421 2393125 return (this->algorithm < other.algorithm);
422
1/2
✓ Branch 0 taken 164104584 times.
✗ Branch 1 not taken.
 161424378 for (unsigned i = 0; i < kDigestSizes[algorithm]; ++i) {
423
2/2
✓ Branch 0 taken 30760200 times.
✓ Branch 1 taken 133344384 times.
 164104584 if (this->digest[i] > other.digest[i])
424 30760200 return false;
425
2/2
✓ Branch 0 taken 34300964 times.
✓ Branch 1 taken 99043420 times.
 133344384 if (this->digest[i] < other.digest[i])
426 34300964 return true;
427 }
428 6 return false;
429 }
430
431 23872 bool operator >(const Digest<digest_size_, algorithm_> &other) const {
432
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 23872 times.
 23872 if (this->algorithm != other.algorithm)
433 return (this->algorithm > other.algorithm);
434
2/2
✓ Branch 0 taken 28112 times.
✓ Branch 1 taken 36 times.
 28148 for (unsigned i = 0; i < kDigestSizes[algorithm]; ++i) {
435
2/2
✓ Branch 0 taken 9015 times.
✓ Branch 1 taken 19097 times.
 28112 if (this->digest[i] < other.digest[i])
436 9015 return false;
437
2/2
✓ Branch 0 taken 14821 times.
✓ Branch 1 taken 4276 times.
 19097 if (this->digest[i] > other.digest[i])
438 14821 return true;
439 }
440 36 return false;
441 }
442 };
443
444
445 struct CVMFS_EXPORT Md5 : public Digest<16, kMd5> {
446 12763797 Md5() : Digest<16, kMd5>() { }
447 explicit Md5(const AsciiPtr ascii);
448 37 explicit Md5(const HexPtr hex) : Digest<16, kMd5>(kMd5, hex) { }
449 Md5(const char *chars, const unsigned length);
450
451 /**
452 * An MD5 hash can be seen as two 64bit integers.
453 */
454 Md5(const uint64_t lo, const uint64_t hi);
455 void ToIntPair(uint64_t *lo, uint64_t *hi) const;
456 };
457
458 struct CVMFS_EXPORT Sha1 : public Digest<20, kSha1> { };
459 struct CVMFS_EXPORT Rmd160 : public Digest<20, kRmd160> { };
460 struct CVMFS_EXPORT Shake128 : public Digest<20, kShake128> { };
461
462 /**
463 * Any as such must not be used except for digest storage.
464 * To do real work, the class has to be "blessed" to be a real hash by
465 * setting the algorithm field accordingly.
466 */
467 struct CVMFS_EXPORT Any : public Digest<kMaxDigestSize, kAny> {
468 17595318 Any() : Digest<kMaxDigestSize, kAny>() { }
469
470 5103680 explicit Any(const Algorithms a,
471 5103680 const char s = kSuffixNone) :
472 5103680 Digest<kMaxDigestSize, kAny>() { algorithm = a; suffix = s; }
473
474 329 Any(const Algorithms a,
475 const unsigned char *digest_buffer,
476 329 const Suffix suffix = kSuffixNone) :
477 329 Digest<kMaxDigestSize, kAny>(a, digest_buffer, suffix) { }
478
479 104753 explicit Any(const Algorithms a,
480 const HexPtr hex,
481 104753 const char suffix = kSuffixNone) :
482 104753 Digest<kMaxDigestSize, kAny>(a, hex, suffix) { }
483
484 Md5 CastToMd5();
485 };
486
487
488 /**
489 * Actual operations on digests, like "hash a file", "hash a buffer", or
490 * iterative operations.
491 */
492 CVMFS_EXPORT unsigned GetContextSize(const Algorithms algorithm);
493
494 /**
495 * Holds an OpenSSL context, only required for hash operations. Allows to
496 * deferr the storage allocation for the context to alloca.
497 */
498 class CVMFS_EXPORT ContextPtr {
499 public:
500 Algorithms algorithm;
501 void *buffer;
502 unsigned size;
503
504 255125 ContextPtr() : algorithm(kAny), buffer(NULL), size(0) {}
505
506 1243603 explicit ContextPtr(const Algorithms a) :
507 1243603 algorithm(a), buffer(NULL), size(GetContextSize(a)) {}
508 ContextPtr(const Algorithms a, void *b) :
509 algorithm(a), buffer(b), size(GetContextSize(a)) {}
510 };
511
512 CVMFS_EXPORT void Init(ContextPtr context);
513 CVMFS_EXPORT void Update(const unsigned char *buffer,
514 const unsigned buffer_size,
515 ContextPtr context);
516 CVMFS_EXPORT void Final(ContextPtr context, Any *any_digest);
517 CVMFS_EXPORT bool HashFile(const std::string &filename, Any *any_digest);
518 CVMFS_EXPORT bool HashFd(int fd, Any *any_digest);
519 CVMFS_EXPORT void HashMem(const unsigned char *buffer,
520 const unsigned buffer_size,
521 Any *any_digest);
522 CVMFS_EXPORT void HashString(const std::string &content, Any *any_digest);
523 CVMFS_EXPORT void Hmac(const std::string &key,
524 const unsigned char *buffer,
525 const unsigned buffer_size,
526 Any *any_digest);
527 1 inline void HmacString(const std::string &key, const std::string &content,
528 Any *any_digest)
529 {
530 1 Hmac(key,
531 1 reinterpret_cast<const unsigned char *>(content.data()),
532 1 content.size(),
533 any_digest);
534 1 }
535
536 /**
537 * Only used for AWS4 signature.
538 *
539 * Adding SHA-256 to the standard hash infrastructure would generally bloat the
540 * digets size to 32 bytes and require client data structure transformation
541 * during hotpatch.
542 */
543 CVMFS_EXPORT std::string Hmac256(const std::string &key,
544 const std::string &content,
545 bool raw_output = false);
546 CVMFS_EXPORT std::string Sha256File(const std::string &filename);
547 CVMFS_EXPORT std::string Sha256Mem(const unsigned char *buffer,
548 const unsigned buffer_size);
549 CVMFS_EXPORT std::string Sha256String(const std::string &content);
550
551 CVMFS_EXPORT
552 Algorithms ParseHashAlgorithm(const std::string &algorithm_option);
553 CVMFS_EXPORT
554 Any MkFromHexPtr(const HexPtr hex, const Suffix suffix = kSuffixNone);
555 CVMFS_EXPORT Any MkFromSuffixedHexPtr(const HexPtr hex);
556
557 } // namespace shash
558
559 #ifdef CVMFS_NAMESPACE_GUARD
560 } // namespace CVMFS_NAMESPACE_GUARD
561 #endif
562
563 #endif // CVMFS_CRYPTO_HASH_H_
564