------------------------------------------------------------------------------ -- -- -- GNAT LIBRARY COMPONENTS -- -- -- -- G N A T . S E C U R E _ H A S H E S -- -- -- -- S p e c -- -- -- -- Copyright (C) 2009-2024, Free Software Foundation, Inc. -- -- -- -- GNAT is free software; you can redistribute it and/or modify it under -- -- terms of the GNU General Public License as published by the Free Soft- -- -- ware Foundation; either version 3, or (at your option) any later ver- -- -- sion. GNAT is distributed in the hope that it will be useful, but WITH- -- -- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -- -- or FITNESS FOR A PARTICULAR PURPOSE. -- -- -- -- As a special exception under Section 7 of GPL version 3, you are granted -- -- additional permissions described in the GCC Runtime Library Exception, -- -- version 3.1, as published by the Free Software Foundation. -- -- -- -- You should have received a copy of the GNU General Public License and -- -- a copy of the GCC Runtime Library Exception along with this program; -- -- see the files COPYING3 and COPYING.RUNTIME respectively. If not, see -- -- <http://www.gnu.org/licenses/>. -- -- -- -- GNAT was originally developed by the GNAT team at New York University. -- -- Extensive contributions were provided by Ada Core Technologies Inc. -- -- -- ------------------------------------------------------------------------------ -- This package provides common supporting code for a family of secure -- hash functions (including MD5 and the FIPS PUB 180-3 functions SHA-1, -- SHA-224, SHA-256, SHA-384 and SHA-512). -- This is an internal unit and should be not used directly in applications. -- Use GNAT.MD5 and GNAT.SHA* instead. with Ada.Streams; use Ada.Streams; with Interfaces; with System; package GNAT.Secure_Hashes is type Buffer_Type is new Stream_Element_Array; for Buffer_Type'Alignment use 8; -- Secure hash functions use a string buffer that is also accessed as an -- array of words, which may require up to 64 bit alignment. -- The function-independent part of processing state: A buffer of data -- being accumulated until a complete block is ready for hashing. type Message_State (Block_Length : Stream_Element_Count) is record Last : Stream_Element_Offset := 0; -- Index of last used element in Buffer Length : Interfaces.Unsigned_64 := 0; -- Total length of processed data Buffer : Buffer_Type (1 .. Block_Length); -- Data buffer end record; -- The function-specific part of processing state: -- Each hash function maintains an internal state as an array of words, -- which is ultimately converted to a stream representation with the -- appropriate bit order. generic type Word is mod <>; -- Either 32 or 64 bits with procedure Swap (X : System.Address); -- Byte swapping function for a Word at X Hash_Bit_Order : System.Bit_Order; -- Bit order of the produced hash package Hash_Function_State is type State is array (Stream_Element_Offset range <>) of Word; -- Used to store a hash function's internal state procedure To_Hash (H : State; H_Bits : out Stream_Element_Array); -- Convert H to stream representation with the given bit order. If -- H_Bits is smaller than the internal hash state, then the state -- is truncated. end Hash_Function_State; -- Generic hashing framework: The user interface for each implemented -- secure hash function is an instance of this generic package. generic Block_Words : Stream_Element_Count; -- Number of words in each block State_Words : Stream_Element_Count; -- Number of words in internal state Hash_Words : Stream_Element_Count; -- Number of words in the final hash (must be no greater than -- State_Words). Hash_Bit_Order : System.Bit_Order; -- Bit order used for conversion between bit representation and word -- representation. with package Hash_State is new Hash_Function_State (<>); -- Hash function state package Initial_State : Hash_State.State; -- Initial value of the hash function state with procedure Transform (H : in out Hash_State.State; M : in out Message_State); -- Transformation function updating H by processing a complete data -- block from M. package H is -- The visible part of H is the interface to secure hashing functions -- that is exposed to user applications, and is intended to remain -- a stable interface. pragma Assert (Hash_Words <= State_Words); type Context is private; -- The internal processing state of the hashing function function "=" (L, R : Context) return Boolean is abstract; -- Context is the internal, implementation defined intermediate state -- in a hash computation, and no specific semantics can be expected on -- equality of context values. Only equality of final hash values (as -- returned by the [Wide_]Digest functions below) is meaningful. Initial_Context : constant Context; -- Initial value of a Context object. May be used to reinitialize -- a Context value by simple assignment of this value to the object. function HMAC_Initial_Context (Key : String) return Context; -- Initial Context for HMAC computation with the given Key procedure Update (C : in out Context; Input : String); procedure Wide_Update (C : in out Context; Input : Wide_String); procedure Update (C : in out Context; Input : Stream_Element_Array); -- Update C to process the given input. Successive calls to Update are -- equivalent to a single call with the concatenation of the inputs. For -- the Wide_String version, each Wide_Character is processed low order -- byte first. Word_Length : constant Stream_Element_Offset := Hash_State.Word'Size / 8; Hash_Length : constant Stream_Element_Offset := Hash_Words * Word_Length; subtype Binary_Message_Digest is Stream_Element_Array (1 .. Hash_Length); -- The fixed-length byte array returned by Digest, providing -- the hash in binary representation. function Digest (C : Context) return Binary_Message_Digest; -- Return hash or HMAC for the data accumulated with C function Digest (S : String) return Binary_Message_Digest; function Wide_Digest (W : Wide_String) return Binary_Message_Digest; function Digest (A : Stream_Element_Array) return Binary_Message_Digest; -- These functions are equivalent to the corresponding Update (or -- Wide_Update) on a default initialized Context, followed by Digest -- on the resulting Context. subtype Message_Digest is String (1 .. 2 * Integer (Hash_Length)); -- The fixed-length string returned by Digest, providing the hash in -- hexadecimal representation. function Digest (C : Context) return Message_Digest; -- Return hash or HMAC for the data accumulated with C in hexadecimal -- representation. function Digest (S : String) return Message_Digest; function Wide_Digest (W : Wide_String) return Message_Digest; function Digest (A : Stream_Element_Array) return Message_Digest; -- These functions are equivalent to the corresponding Update (or -- Wide_Update) on a default initialized Context, followed by Digest -- on the resulting Context. type Hash_Stream (C : access Context) is new Root_Stream_Type with private; -- Stream wrapper converting Write calls to Update calls on C. -- Arbitrary data structures can thus be conveniently hashed using -- their stream attributes. private Block_Length : constant Stream_Element_Count := Block_Words * Word_Length; -- Length in bytes of a data block subtype Key_Length is Stream_Element_Offset range 0 .. Block_Length; -- KL is 0 for a normal hash context, > 0 for HMAC type Context (KL : Key_Length := 0) is record H_State : Hash_State.State (0 .. State_Words - 1) := Initial_State; -- Function-specific state M_State : Message_State (Block_Length); -- Function-independent state (block buffer) Key : Stream_Element_Array (1 .. KL); -- HMAC key end record; pragma Warnings (Off, "aggregate not fully initialized"); Initial_Context : constant Context (KL => 0) := (others => <>); pragma Warnings (On, "aggregate not fully initialized"); -- Initial values are provided by default initialization of Context type Hash_Stream (C : access Context) is new Root_Stream_Type with null record; procedure Read (Stream : in out Hash_Stream; Item : out Stream_Element_Array; Last : out Stream_Element_Offset); -- Raise Program_Error: hash streams are write-only procedure Write (Stream : in out Hash_Stream; Item : Stream_Element_Array); -- Call Update end H; end GNAT.Secure_Hashes;