GCC Code Coverage Report

Directory: cvmfs/
File: cvmfs/crypto/hash.h
Date: 2026-02-22 02:35:58
Exec Total Coverage
Lines: 178 193 92.2%
Branches: 100 146 68.5%
Line Branch Exec Source
1 /**
2 * This file is part of the CernVM File System.
3 *
4 * Provides a bit syntactic sugar around the hash algorithms.
5 * In particular, hashes can easily be created by constructors.
6 * Also, we have a little to-string-from-string conversion.
7 *
8 * The complexity is due to the need to avoid dynamically allocated memory
9 * for the hashes. Almost everything happens on the stack.
10 */
11
12 #ifndef CVMFS_CRYPTO_HASH_H_
13 #define CVMFS_CRYPTO_HASH_H_
14
15 #include <arpa/inet.h>
16 #include <stdint.h>
17
18 #include <cassert>
19 #include <cctype>
20 #include <cstdlib>
21 #include <cstring>
22 #include <string>
23
24 #include "util/export.h"
25 #include "util/logging.h"
26 #include "util/prng.h"
27 #include "util/smalloc.h"
28
29 #ifdef CVMFS_NAMESPACE_GUARD
30 namespace CVMFS_NAMESPACE_GUARD {
31 #endif
32
33 namespace shash {
34
35 /**
36 * Don't change order! The integer value of the enum constants is used
37 * as file catalog flags and as flags in communication with the cache manager.
38 * If algorithms are added, the protocol definition for external cache managers
39 * needs to be updated, too.
40 */
41 enum Algorithms {
42 kMd5 = 0,
43 kSha1,
44 kRmd160,
45 kShake128, // with 160 output bits
46 kAny,
47 };
48
49 /**
50 * NOTE: when adding a suffix here, one must edit `cvmfs_swissknife scrub`
51 * accordingly, that checks for invalid hash suffixes
52 */
53 const char kSuffixNone = 0;
54 const char kSuffixCatalog = 'C';
55 const char kSuffixHistory = 'H';
56 const char kSuffixMicroCatalog = 'L'; // currently unused
57 const char kSuffixPartial = 'P';
58 const char kSuffixTemporary = 'T';
59 const char kSuffixCertificate = 'X';
60 const char kSuffixMetainfo = 'M';
61
62
63 /**
64 * Corresponds to Algorithms. "Any" is the maximum of all the other
65 * digest sizes.
66 * When the maximum digest size changes, the memory layout of DirectoryEntry and
67 * PosixQuotaManager::LruCommand changes, too!
68 */
69 const unsigned kDigestSizes[] = {16, 20, 20, 20, 20};
70 // Md5 Sha1 Rmd160 Shake128 Any
71 const unsigned kMaxDigestSize = 20;
72
73 /**
74 * The maximum of GetContextSize()
75 */
76 const unsigned kMaxContextSize = 256;
77
78 /**
79 * Hex representations of hashes with the same length need a suffix
80 * to be distinguished from each other. They should all have one but
81 * for backwards compatibility MD5 and SHA-1 have none. Initialized in hash.cc
82 * like const char *kAlgorithmIds[] = {"", "", "-rmd160", ...
83 */
84 CVMFS_EXPORT extern const char *kAlgorithmIds[];
85 const unsigned kAlgorithmIdSizes[] = {0, 0, 7, 9, 0};
86 // Md5 Sha1 -rmd160 -shake128 Any
87 const unsigned kMaxAlgorithmIdentifierSize = 9;
88
89 /**
90 * Corresponds to Algorithms. There is no block size for Any.
91 * Is an HMAC for SHAKE well-defined?
92 */
93 const unsigned kBlockSizes[] = {64, 64, 64, 168};
94 // Md5 Sha1 Rmd160 Shake128
95
96 /**
97 * Distinguishes between interpreting a string as hex hash and hashing over
98 * the contents of a string.
99 */
100 struct CVMFS_EXPORT HexPtr {
101 const std::string *str;
102 686310 explicit HexPtr(const std::string &s) { str = &s; }
103 bool IsValid() const;
104 };
105
106 struct CVMFS_EXPORT AsciiPtr {
107 const std::string *str;
108 44906 explicit AsciiPtr(const std::string &s) { str = &s; }
109 };
110
111 typedef char Suffix;
112
113 /**
114 * Holds a hash digest and provides from string / to string conversion and
115 * comparison. The kAny algorithm may not be used in functions! The algorithm
116 * has to be changed beforehand.
117 * This class is not used directly, but used as base clase of Md5, Sha1, ...
118 */
119 template<unsigned digest_size_, Algorithms algorithm_>
120 struct CVMFS_EXPORT Digest {
121 unsigned char digest[digest_size_];
122 Algorithms algorithm;
123 Suffix suffix;
124
125 class Hex {
126 public:
127 13663270 explicit Hex(const Digest<digest_size_, algorithm_> *digest)
128 13663270 : digest_(*digest)
129 13663270 , hash_length_(2 * kDigestSizes[digest_.algorithm])
130 13663270 , algo_id_length_(kAlgorithmIdSizes[digest_.algorithm]) { }
131
132 1116934108 unsigned int length() const { return hash_length_ + algo_id_length_; }
133
134 544889231 char operator[](const unsigned int position) const {
135
1/2
✗ Branch 1 not taken.
✓ Branch 2 taken 544764516 times.
 544889231 assert(position < length());
136
2/2
✓ Branch 0 taken 544754567 times.
✓ Branch 1 taken 9949 times.
 544855940 return (position < hash_length_) ? GetHashChar(position)
137 544908770 : GetAlgorithmIdentifierChar(position);
138 }
139
140 protected:
141 544822555 char GetHashChar(const unsigned int position) const {
142
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 544731131 times.
 544822555 assert(position < hash_length_);
143
2/2
✓ Branch 0 taken 272604484 times.
✓ Branch 1 taken 272126647 times.
 544822555 const char digit = (position % 2 == 0)
144 272650196 ? digest_.digest[position / 2] / 16
145 272172359 : digest_.digest[position / 2] % 16;
146 544822555 return ToHex(digit);
147 }
148
149 9949 char GetAlgorithmIdentifierChar(const unsigned int position) const {
150
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 9949 times.
 9949 assert(position >= hash_length_);
151 9949 return kAlgorithmIds[digest_.algorithm][position - hash_length_];
152 }
153
154 544892161 static char ToHex(const char c) {
155
2/2
✓ Branch 0 taken 385115110 times.
✓ Branch 1 taken 159685627 times.
 544892161 return static_cast<char>(c + ((c <= 9) ? '0' : 'a' - 10));
156 }
157
158 private:
159 const Digest<digest_size_, algorithm_> &digest_;
160 const unsigned int hash_length_;
161 const unsigned int algo_id_length_;
162 };
163
164 87148376 unsigned GetDigestSize() const { return kDigestSizes[algorithm]; }
165 2168 unsigned GetHexSize() const {
166 2168 return 2 * kDigestSizes[algorithm] + kAlgorithmIdSizes[algorithm];
167 }
168
169 876154246 Digest() : algorithm(algorithm_), suffix(kSuffixNone) { SetNull(); }
170
171 225152 explicit Digest(const Algorithms a, const HexPtr hex, const char s = 0)
172 225152 : algorithm(a), suffix(s) {
173
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 922 times.
 922 assert((algorithm_ == kAny) || (a == algorithm_));
174 225152 const unsigned char_size = 2 * kDigestSizes[a];
175
176 225152 const std::string *str = hex.str;
177 225152 const unsigned length = str->length();
178
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 225152 times.
 225152 assert(length >= char_size); // A suffix won't hurt
179
180
2/2
✓ Branch 0 taken 4433640 times.
✓ Branch 1 taken 225152 times.
 4658792 for (unsigned i = 0; i < char_size; i += 2) {
181 8034871 this->digest[i / 2] = ((*str)[i] <= '9' ? (*str)[i] - '0'
182 832409 : (*str)[i] - 'a' + 10)
183 * 16
184
4/4
✓ Branch 0 taken 3601231 times.
✓ Branch 1 taken 832409 times.
✓ Branch 3 taken 3492901 times.
✓ Branch 4 taken 940739 times.
 9808019 + ((*str)[i + 1] <= '9' ? (*str)[i + 1] - '0'
185 940739 : (*str)[i + 1] - 'a' + 10);
186 }
187 225152 }
188
189 6914 Digest(const Algorithms a,
190 const unsigned char *digest_buffer,
191 const Suffix s = kSuffixNone)
192 6914 : algorithm(a), suffix(s) {
193 6914 memcpy(digest, digest_buffer, kDigestSizes[a]);
194 6914 }
195
196 /**
197 * Generates a purely random hash
198 * Only used for testing purposes
199 */
200 1492 void Randomize() {
201 1492 Prng prng;
202 1492 prng.InitLocaltime();
203
1/2
✓ Branch 1 taken 4 times.
✗ Branch 2 not taken.
 1492 Randomize(&prng);
204 1492 }
205
206 /**
207 * Generates a purely random hash
208 * Only used for testing purposes
209 *
210 * @param seed random number generator seed (for reproducibility)
211 */
212 48007652 void Randomize(const uint64_t seed) {
213 48007652 Prng prng;
214 48007652 prng.InitSeed(seed);
215
1/2
✓ Branch 1 taken 48003826 times.
✗ Branch 2 not taken.
 48007652 Randomize(&prng);
216 48007652 }
217
218 /**
219 * Generates a purely random hash
220 * Only used for testing purposes
221 *
222 * @param prng random number generator object (for external reproducibility)
223 */
224 84422198 void Randomize(Prng *prng) {
225 84422198 const unsigned bytes = GetDigestSize();
226
2/2
✓ Branch 0 taken 1452359860 times.
✓ Branch 1 taken 84422188 times.
 1536782258 for (unsigned i = 0; i < bytes; ++i) {
227 1452360060 digest[i] = prng->Next(256);
228 }
229 84422198 }
230
231 75067 bool HasSuffix() const { return suffix != kSuffixNone; }
232 3325608 void set_suffix(const Suffix s) { suffix = s; }
233
234 /**
235 * Generates a hexified representation of the digest including the identifier
236 * string for newly added hashes.
237 *
238 * @param with_suffix append the hash suffix (C,H,X, ...) to the result
239 * @return a string representation of the digest
240 */
241 13176235 std::string ToString(const bool with_suffix = false) const {
242 13176235 Hex hex(this);
243
4/4
✓ Branch 0 taken 68918 times.
✓ Branch 1 taken 13103947 times.
✓ Branch 3 taken 2079 times.
✓ Branch 4 taken 66821 times.
 13175722 const bool use_suffix = with_suffix && HasSuffix();
244 13175704 const unsigned string_length = hex.length() + use_suffix;
245
1/2
✓ Branch 2 taken 13172775 times.
✗ Branch 3 not taken.
 13175389 std::string result(string_length, 0);
246
247
2/2
✓ Branch 1 taken 525357509 times.
✓ Branch 2 taken 13066035 times.
 538598717 for (unsigned int i = 0; i < hex.length(); ++i) {
248
2/4
✓ Branch 1 taken 525369029 times.
✗ Branch 2 not taken.
✓ Branch 4 taken 525331598 times.
✗ Branch 5 not taken.
 525448933 result[i] = hex[i];
249 }
250
251
2/2
✓ Branch 0 taken 2079 times.
✓ Branch 1 taken 13063956 times.
 13068892 if (use_suffix) {
252
1/2
✓ Branch 1 taken 2079 times.
✗ Branch 2 not taken.
 2079 result[string_length - 1] = suffix;
253 }
254
255
2/2
✓ Branch 1 taken 441 times.
✓ Branch 2 taken 13171425 times.
 13068892 assert(result.length() == string_length);
256 26348564 return result;
257 }
258
259 /**
260 * Generates a hexified representation of the digest including the identifier
261 * string for newly added hashes. Output is in the form of
262 * 'openssl x509 fingerprint', e.g. 00:AA:BB:...-SHAKE128
263 *
264 * @param with_suffix append the hash suffix (C,H,X, ...) to the result
265 * @return a string representation of the digest
266 */
267 80 std::string ToFingerprint(const bool with_suffix = false) const {
268 80 Hex hex(this);
269
3/4
✓ Branch 0 taken 40 times.
✓ Branch 1 taken 40 times.
✓ Branch 3 taken 40 times.
✗ Branch 4 not taken.
 80 const bool use_suffix = with_suffix && HasSuffix();
270 80 const unsigned string_length = hex.length() + kDigestSizes[algorithm] - 1
271 80 + use_suffix;
272
1/2
✓ Branch 2 taken 80 times.
✗ Branch 3 not taken.
 80 std::string result(string_length, 0);
273
274 80 unsigned l = hex.length();
275
2/2
✓ Branch 0 taken 3360 times.
✓ Branch 1 taken 80 times.
 3440 for (unsigned int hex_i = 0, result_i = 0; hex_i < l; ++hex_i, ++result_i) {
276
2/4
✓ Branch 1 taken 3360 times.
✗ Branch 2 not taken.
✓ Branch 4 taken 3360 times.
✗ Branch 5 not taken.
 3360 result[result_i] = toupper(hex[hex_i]);
277
4/4
✓ Branch 0 taken 2960 times.
✓ Branch 1 taken 400 times.
✓ Branch 2 taken 1440 times.
✓ Branch 3 taken 1520 times.
 3360 if ((hex_i < 2 * kDigestSizes[algorithm] - 1) && (hex_i % 2 == 1)) {
278
1/2
✓ Branch 1 taken 1440 times.
✗ Branch 2 not taken.
 1440 result[++result_i] = ':';
279 }
280 }
281
282
2/2
✓ Branch 0 taken 40 times.
✓ Branch 1 taken 40 times.
 80 if (use_suffix) {
283
1/2
✓ Branch 1 taken 40 times.
✗ Branch 2 not taken.
 40 result[string_length - 1] = suffix;
284 }
285
286
1/2
✗ Branch 1 not taken.
✓ Branch 2 taken 80 times.
 80 assert(result.length() == string_length);
287 160 return result;
288 }
289
290 /**
291 * Convenience method to generate a string representation of the digest.
292 * See Digest<>::ToString() for details
293 *
294 * @return a string representation including the hash suffix of the digest
295 */
296 4680 std::string ToStringWithSuffix() const { return ToString(true); }
297
298 /**
299 * Generate the standard relative path from the hexified digest to be used in
300 * CAS areas or cache directories. Throughout the entire system we use one
301 * directory level (first to hex digest characters) for namespace splitting.
302 * Note: This method appends the internal hash suffix to the path.
303 *
304 * @return a relative path representation of the digest including the suffix
305 */
306 30587 std::string MakePath() const { return MakePathExplicit(1, 2, suffix); }
307
308 /**
309 * The alternative path is used to symlink the root catalog from the webserver
310 * root to the data directory. This way, the data directory can be protected
311 * while the root catalog remains accessible.
312 */
313 134 std::string MakeAlternativePath() const {
314
1/2
✓ Branch 2 taken 134 times.
✗ Branch 3 not taken.
 134 return ".cvmfsalt-" + ToStringWithSuffix();
315 }
316
317 /**
318 * Produces a relative path representation of the digest without appending the
319 * hash suffix. See Digest<>::MakePath() for more details.
320 *
321 * @return a relative path representation of the digest without the suffix
322 */
323 456748 std::string MakePathWithoutSuffix() const {
324 456748 return MakePathExplicit(1, 2, kSuffixNone);
325 }
326
327 /**
328 * Generates an arbitrary path representation of the digest. Both number of
329 * directory levels and the hash-digits per level can be customized. Further-
330 * more an arbitrary hash suffix can be provided.
331 * Note: This method is mainly meant for internal usage but stays public for
332 * historical reasons.
333 *
334 * @param dir_levels the number of namespace splitting directory levels
335 * @param digits_per_level each directory level's number of hex-digits
336 * @param hash_suffix the hash suffix character to be appended
337 * @return a relative path representation of the digest
338 */
339 487495 std::string MakePathExplicit(const unsigned dir_levels,
340 const unsigned digits_per_level,
341 const Suffix hash_suffix = kSuffixNone) const {
342 487495 Hex hex(this);
343
344 // figure out how big the output string needs to be
345 487495 const bool use_suffix = (hash_suffix != kSuffixNone);
346 487495 const unsigned string_length = hex.length() + dir_levels + use_suffix;
347 487495 std::string result;
348
1/2
✓ Branch 1 taken 487495 times.
✗ Branch 2 not taken.
 487495 result.resize(string_length);
349
350 // build hexified hash and path delimiters
351 487495 unsigned i = 0;
352 487495 unsigned pos = 0;
353
2/2
✓ Branch 1 taken 19444237 times.
✓ Branch 2 taken 487468 times.
 19931732 for (; i < hex.length(); ++i) {
354
4/4
✓ Branch 0 taken 18956769 times.
✓ Branch 1 taken 487468 times.
✓ Branch 2 taken 9235251 times.
✓ Branch 3 taken 9721518 times.
 19444237 if (i > 0 && (i % digits_per_level == 0)
355
2/2
✓ Branch 0 taken 487575 times.
✓ Branch 1 taken 8747676 times.
 9235251 && (i / digits_per_level <= dir_levels)) {
356
1/2
✓ Branch 1 taken 487575 times.
✗ Branch 2 not taken.
 487575 result[pos++] = '/';
357 }
358
2/4
✓ Branch 1 taken 19444237 times.
✗ Branch 2 not taken.
✓ Branch 4 taken 19444237 times.
✗ Branch 5 not taken.
 19444237 result[pos++] = hex[i];
359 }
360
361 // (optionally) add hash hint suffix
362
2/2
✓ Branch 0 taken 16552 times.
✓ Branch 1 taken 470916 times.
 487468 if (use_suffix) {
363
1/2
✓ Branch 1 taken 16552 times.
✗ Branch 2 not taken.
 16552 result[pos++] = hash_suffix;
364 }
365
366
1/2
✗ Branch 1 not taken.
✓ Branch 2 taken 487495 times.
 487468 assert(i == hex.length());
367
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 487495 times.
 487495 assert(pos == string_length);
368 974990 return result;
369 }
370
371 20170407 bool IsNull() const {
372
2/2
✓ Branch 0 taken 84394913 times.
✓ Branch 1 taken 3373021 times.
 87767934 for (unsigned i = 0; i < kDigestSizes[algorithm]; ++i) {
373
2/2
✓ Branch 0 taken 16797386 times.
✓ Branch 1 taken 67597527 times.
 84394913 if (digest[i] != 0)
374 16797386 return false;
375 }
376 3373021 return true;
377 }
378
379 /**
380 * Get a partial digest for use when only 32 bits are required
381 */
382 913 uint32_t Partial32() const {
383 913 const uint32_t *partial = (const uint32_t *)digest;
384 913 return ntohl(*partial);
385 }
386
387
388 876141246 void SetNull() { memset(digest, 0, digest_size_); }
389
390
391 928017168 bool operator==(const Digest<digest_size_, algorithm_> &other) const {
392
2/2
✓ Branch 0 taken 22742223 times.
✓ Branch 1 taken 441267342 times.
 928017168 if (this->algorithm != other.algorithm)
393 45482902 return false;
394
2/2
✓ Branch 0 taken 3576852460 times.
✓ Branch 1 taken 203108496 times.
 7559913134 for (unsigned i = 0; i < kDigestSizes[algorithm]; ++i) {
395
2/2
✓ Branch 0 taken 238158846 times.
✓ Branch 1 taken 3338693614 times.
 7153696560 if (this->digest[i] != other.digest[i])
396 476317692 return false;
397 }
398 406216574 return true;
399 }
400
401 142045595 bool operator!=(const Digest<digest_size_, algorithm_> &other) const {
402 142045595 return !(*this == other);
403 }
404
405 1623490402 bool operator<(const Digest<digest_size_, algorithm_> &other) const {
406
2/2
✓ Branch 0 taken 76572182 times.
✓ Branch 1 taken 1546918220 times.
 1623490402 if (this->algorithm != other.algorithm)
407 76572182 return (this->algorithm < other.algorithm);
408
2/2
✓ Branch 0 taken 4091810762 times.
✓ Branch 1 taken 24153473 times.
 4115964235 for (unsigned i = 0; i < kDigestSizes[algorithm]; ++i) {
409
2/2
✓ Branch 0 taken 718332024 times.
✓ Branch 1 taken 3373478738 times.
 4091810762 if (this->digest[i] > other.digest[i])
410 718332024 return false;
411
2/2
✓ Branch 0 taken 804432723 times.
✓ Branch 1 taken 2569046015 times.
 3373478738 if (this->digest[i] < other.digest[i])
412 804432723 return true;
413 }
414 24153473 return false;
415 }
416
417 240134 bool operator>(const Digest<digest_size_, algorithm_> &other) const {
418
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 240134 times.
 240134 if (this->algorithm != other.algorithm)
419 return (this->algorithm > other.algorithm);
420
2/2
✓ Branch 0 taken 282534 times.
✓ Branch 1 taken 360 times.
 282894 for (unsigned i = 0; i < kDigestSizes[algorithm]; ++i) {
421
2/2
✓ Branch 0 taken 90752 times.
✓ Branch 1 taken 191782 times.
 282534 if (this->digest[i] < other.digest[i])
422 90752 return false;
423
2/2
✓ Branch 0 taken 149022 times.
✓ Branch 1 taken 42760 times.
 191782 if (this->digest[i] > other.digest[i])
424 149022 return true;
425 }
426 360 return false;
427 }
428 };
429
430
431 struct CVMFS_EXPORT Md5 : public Digest<16, kMd5> {
432 281633926 Md5() : Digest<16, kMd5>() { }
433 explicit Md5(const AsciiPtr ascii);
434 922 explicit Md5(const HexPtr hex) : Digest<16, kMd5>(kMd5, hex) { }
435 Md5(const char *chars, const unsigned length);
436
437 /**
438 * An MD5 hash can be seen as two 64bit integers.
439 */
440 Md5(const uint64_t lo, const uint64_t hi);
441 void ToIntPair(uint64_t *lo, uint64_t *hi) const;
442 };
443
444 struct CVMFS_EXPORT Sha1 : public Digest<20, kSha1> { };
445 struct CVMFS_EXPORT Rmd160 : public Digest<20, kRmd160> { };
446 struct CVMFS_EXPORT Shake128 : public Digest<20, kShake128> { };
447
448 /**
449 * Any as such must not be used except for digest storage.
450 * To do real work, the class has to be "blessed" to be a real hash by
451 * setting the algorithm field accordingly.
452 */
453 struct CVMFS_EXPORT Any : public Digest<kMaxDigestSize, kAny> {
454 97723237 Any() : Digest<kMaxDigestSize, kAny>() { }
455
456 55803089 explicit Any(const Algorithms a, const char s = kSuffixNone)
457 55803089 : Digest<kMaxDigestSize, kAny>() {
458 55803089 algorithm = a;
459 55803089 suffix = s;
460 55803089 }
461
462 6914 Any(const Algorithms a,
463 const unsigned char *digest_buffer,
464 const Suffix suffix = kSuffixNone)
465 6914 : Digest<kMaxDigestSize, kAny>(a, digest_buffer, suffix) { }
466
467 224230 explicit Any(const Algorithms a,
468 const HexPtr hex,
469 const char suffix = kSuffixNone)
470 224230 : Digest<kMaxDigestSize, kAny>(a, hex, suffix) { }
471
472 Md5 CastToMd5();
473 };
474
475 const size_t kShortDigestSize = kMaxDigestSize;
476 struct CVMFS_EXPORT Short : public Digest<kShortDigestSize, kAny> {
477 10 explicit Short(const Any &full) : Digest<kShortDigestSize, kAny>() {
478 10 algorithm = full.algorithm;
479 10 suffix = full.suffix;
480 10 digest_size_ = kShortDigestSize / 4;
481 10 hex_size_ = 2 * digest_size_ + kAlgorithmIdSizes[algorithm];
482 10 memcpy(digest, full.digest, kShortDigestSize);
483 10 }
484
485 bool operator==(const Short &other) const {
486 if (this->algorithm != other.algorithm) {
487 return false;
488 }
489 if (this->digest_size_ != other.digest_size_) {
490 return false;
491 }
492 for (unsigned i = 0; i < digest_size_; ++i) {
493 if (this->digest[i] != other.digest[i])
494 return false;
495 }
496 return true;
497 }
498
499 std::string ToString(const bool with_suffix = false) {
500 const Hex hex(this);
501 const bool use_suffix = with_suffix && HasSuffix();
502 const unsigned string_length = hex_size_ + use_suffix;
503 std::string result(string_length, 0);
504
505 for (unsigned int i = 0; i < hex_size_; ++i) {
506 result[i] = hex[i];
507 }
508
509 if (use_suffix) {
510 result[string_length - 1] = suffix;
511 }
512
513 assert(result.length() == string_length);
514 return result;
515 }
516
517 20 bool Collide(const Any &other) const {
518
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 20 times.
 20 if (this->algorithm != other.algorithm) {
519 return false;
520 }
521
2/2
✓ Branch 0 taken 60 times.
✓ Branch 1 taken 10 times.
 70 for (unsigned i = 0; i < digest_size_; ++i) {
522
2/2
✓ Branch 0 taken 10 times.
✓ Branch 1 taken 50 times.
 60 if (this->digest[i] != other.digest[i])
523 10 return false;
524 }
525 10 return true;
526 }
527
528 private:
529 size_t digest_size_;
530 size_t hex_size_;
531 };
532 /**
533 * Actual operations on digests, like "hash a file", "hash a buffer", or
534 * iterative operations.
535 */
536 CVMFS_EXPORT unsigned GetContextSize(const Algorithms algorithm);
537
538 /**
539 * Holds an OpenSSL context, only required for hash operations. Allows to
540 * deferr the storage allocation for the context to alloca.
541 */
542 class CVMFS_EXPORT ContextPtr {
543 public:
544 Algorithms algorithm;
545 void *buffer;
546 unsigned size;
547
548 6907356 ContextPtr() : algorithm(kAny), buffer(NULL), size(0) { }
549
550 1226919 explicit ContextPtr(const Algorithms a)
551 1226919 : algorithm(a), buffer(NULL), size(GetContextSize(a)) { }
552 ContextPtr(const Algorithms a, void *b)
553 : algorithm(a), buffer(b), size(GetContextSize(a)) { }
554 };
555
556 CVMFS_EXPORT void Init(ContextPtr context);
557 CVMFS_EXPORT void Update(const unsigned char *buffer,
558 const unsigned buffer_size,
559 ContextPtr context);
560 CVMFS_EXPORT void Final(ContextPtr context, Any *any_digest);
561 CVMFS_EXPORT bool HashFile(const std::string &filename, Any *any_digest);
562 CVMFS_EXPORT bool HashFd(int fd, Any *any_digest);
563 CVMFS_EXPORT void HashMem(const unsigned char *buffer,
564 const unsigned buffer_size,
565 Any *any_digest);
566 CVMFS_EXPORT void HashString(const std::string &content, Any *any_digest);
567 CVMFS_EXPORT void Hmac(const std::string &key,
568 const unsigned char *buffer,
569 const unsigned buffer_size,
570 Any *any_digest);
571 10 inline void HmacString(const std::string &key, const std::string &content,
572 Any *any_digest) {
573 10 Hmac(key,
574 10 reinterpret_cast<const unsigned char *>(content.data()),
575 10 content.size(),
576 any_digest);
577 10 }
578
579 /**
580 * Only used for AWS4 signature.
581 *
582 * Adding SHA-256 to the standard hash infrastructure would generally bloat the
583 * digets size to 32 bytes and require client data structure transformation
584 * during hotpatch.
585 */
586 CVMFS_EXPORT std::string Hmac256(const std::string &key,
587 const std::string &content,
588 bool raw_output = false);
589 CVMFS_EXPORT std::string Sha256File(const std::string &filename);
590 CVMFS_EXPORT std::string Sha256Mem(const unsigned char *buffer,
591 const unsigned buffer_size);
592 CVMFS_EXPORT std::string Sha256String(const std::string &content);
593
594 CVMFS_EXPORT
595 Algorithms ParseHashAlgorithm(const std::string &algorithm_option);
596 CVMFS_EXPORT
597 Any MkFromHexPtr(const HexPtr hex, const Suffix suffix = kSuffixNone);
598 CVMFS_EXPORT Any MkFromSuffixedHexPtr(const HexPtr hex);
599
600 } // namespace shash
601
602 #ifdef CVMFS_NAMESPACE_GUARD
603 } // namespace CVMFS_NAMESPACE_GUARD
604 #endif
605
606 #endif // CVMFS_CRYPTO_HASH_H_
607
608