mirror of
https://github.com/dlang/phobos.git
synced 2025-04-28 22:21:09 +03:00
2bcc2375b6
Code compiled with -preview=in is currently supposed to link successfully against druntime/Phobos compiled without -preview=in. There were still a few places where -preview=in makes a difference for existing `in` params; convert them to `const [scope]`, analogous to PR #7593.
1214 lines
36 KiB
D
1214 lines
36 KiB
D
/**
|
|
* This module describes the digest APIs used in Phobos. All digests follow
|
|
* these APIs. Additionally, this module contains useful helper methods which
|
|
* can be used with every digest type.
|
|
*
|
|
$(SCRIPT inhibitQuickIndex = 1;)
|
|
|
|
$(DIVC quickindex,
|
|
$(BOOKTABLE ,
|
|
$(TR $(TH Category) $(TH Functions)
|
|
)
|
|
$(TR $(TDNW Template API) $(TD $(MYREF isDigest) $(MYREF DigestType) $(MYREF hasPeek)
|
|
$(MYREF hasBlockSize)
|
|
$(MYREF ExampleDigest) $(MYREF digest) $(MYREF hexDigest) $(MYREF makeDigest)
|
|
)
|
|
)
|
|
$(TR $(TDNW OOP API) $(TD $(MYREF Digest)
|
|
)
|
|
)
|
|
$(TR $(TDNW Helper functions) $(TD $(MYREF toHexString) $(MYREF secureEqual))
|
|
)
|
|
$(TR $(TDNW Implementation helpers) $(TD $(MYREF digestLength) $(MYREF WrapperDigest))
|
|
)
|
|
)
|
|
)
|
|
|
|
* APIs:
|
|
* There are two APIs for digests: The template API and the OOP API. The template API uses structs
|
|
* and template helpers like $(LREF isDigest). The OOP API implements digests as classes inheriting
|
|
* the $(LREF Digest) interface. All digests are named so that the template API struct is called "$(B x)"
|
|
* and the OOP API class is called "$(B x)Digest". For example we have `MD5` <--> `MD5Digest`,
|
|
* `CRC32` <--> `CRC32Digest`, etc.
|
|
*
|
|
* The template API is slightly more efficient. It does not have to allocate memory dynamically,
|
|
* all memory is allocated on the stack. The OOP API has to allocate in the finish method if no
|
|
* buffer was provided. If you provide a buffer to the OOP APIs finish function, it doesn't allocate,
|
|
* but the $(LREF Digest) classes still have to be created using `new` which allocates them using the GC.
|
|
*
|
|
* The OOP API is useful to change the digest function and/or digest backend at 'runtime'. The benefit here
|
|
* is that switching e.g. Phobos MD5Digest and an OpenSSLMD5Digest implementation is ABI compatible.
|
|
*
|
|
* If just one specific digest type and backend is needed, the template API is usually a good fit.
|
|
* In this simplest case, the template API can even be used without templates: Just use the "$(B x)" structs
|
|
* directly.
|
|
*
|
|
* License: $(HTTP www.boost.org/LICENSE_1_0.txt, Boost License 1.0).
|
|
* Authors:
|
|
* Johannes Pfau
|
|
*
|
|
* Source: $(PHOBOSSRC std/digest/package.d)
|
|
*
|
|
* CTFE:
|
|
* Digests do not work in CTFE
|
|
*
|
|
* TODO:
|
|
* Digesting single bits (as opposed to bytes) is not implemented. This will be done as another
|
|
* template constraint helper (hasBitDigesting!T) and an additional interface (BitDigest)
|
|
*/
|
|
/* Copyright Johannes Pfau 2012.
|
|
* Distributed under the Boost Software License, Version 1.0.
|
|
* (See accompanying file LICENSE_1_0.txt or copy at
|
|
* http://www.boost.org/LICENSE_1_0.txt)
|
|
*/
|
|
module std.digest;
|
|
|
|
public import std.ascii : LetterCase;
|
|
import std.meta : allSatisfy;
|
|
import std.range.primitives;
|
|
import std.traits;
|
|
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
import std.digest.crc;
|
|
|
|
//Simple example
|
|
char[8] hexHash = hexDigest!CRC32("The quick brown fox jumps over the lazy dog");
|
|
assert(hexHash == "39A34F41");
|
|
|
|
//Simple example, using the API manually
|
|
CRC32 context = makeDigest!CRC32();
|
|
context.put(cast(ubyte[])"The quick brown fox jumps over the lazy dog");
|
|
ubyte[4] hash = context.finish();
|
|
assert(toHexString(hash) == "39A34F41");
|
|
}
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
//Generating the hashes of a file, idiomatic D way
|
|
import std.digest.crc, std.digest.md, std.digest.sha;
|
|
import std.stdio;
|
|
|
|
// Digests a file and prints the result.
|
|
void digestFile(Hash)(string filename)
|
|
if (isDigest!Hash)
|
|
{
|
|
auto file = File(filename);
|
|
auto result = digest!Hash(file.byChunk(4096 * 1024));
|
|
writefln("%s (%s) = %s", Hash.stringof, filename, toHexString(result));
|
|
}
|
|
|
|
void main(string[] args)
|
|
{
|
|
foreach (name; args[1 .. $])
|
|
{
|
|
digestFile!MD5(name);
|
|
digestFile!SHA1(name);
|
|
digestFile!CRC32(name);
|
|
}
|
|
}
|
|
}
|
|
///
|
|
@system unittest
|
|
{
|
|
//Generating the hashes of a file using the template API
|
|
import std.digest.crc, std.digest.md, std.digest.sha;
|
|
import std.stdio;
|
|
// Digests a file and prints the result.
|
|
void digestFile(Hash)(ref Hash hash, string filename)
|
|
if (isDigest!Hash)
|
|
{
|
|
File file = File(filename);
|
|
|
|
//As digests imlement OutputRange, we could use std.algorithm.copy
|
|
//Let's do it manually for now
|
|
foreach (buffer; file.byChunk(4096 * 1024))
|
|
hash.put(buffer);
|
|
|
|
auto result = hash.finish();
|
|
writefln("%s (%s) = %s", Hash.stringof, filename, toHexString(result));
|
|
}
|
|
|
|
void uMain(string[] args)
|
|
{
|
|
MD5 md5;
|
|
SHA1 sha1;
|
|
CRC32 crc32;
|
|
|
|
md5.start();
|
|
sha1.start();
|
|
crc32.start();
|
|
|
|
foreach (arg; args[1 .. $])
|
|
{
|
|
digestFile(md5, arg);
|
|
digestFile(sha1, arg);
|
|
digestFile(crc32, arg);
|
|
}
|
|
}
|
|
}
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
import std.digest.crc, std.digest.md, std.digest.sha;
|
|
import std.stdio;
|
|
|
|
// Digests a file and prints the result.
|
|
void digestFile(Digest hash, string filename)
|
|
{
|
|
File file = File(filename);
|
|
|
|
//As digests implement OutputRange, we could use std.algorithm.copy
|
|
//Let's do it manually for now
|
|
foreach (buffer; file.byChunk(4096 * 1024))
|
|
hash.put(buffer);
|
|
|
|
ubyte[] result = hash.finish();
|
|
writefln("%s (%s) = %s", typeid(hash).toString(), filename, toHexString(result));
|
|
}
|
|
|
|
void umain(string[] args)
|
|
{
|
|
auto md5 = new MD5Digest();
|
|
auto sha1 = new SHA1Digest();
|
|
auto crc32 = new CRC32Digest();
|
|
|
|
foreach (arg; args[1 .. $])
|
|
{
|
|
digestFile(md5, arg);
|
|
digestFile(sha1, arg);
|
|
digestFile(crc32, arg);
|
|
}
|
|
}
|
|
}
|
|
|
|
version (StdDdoc)
|
|
version = ExampleDigest;
|
|
|
|
version (ExampleDigest)
|
|
{
|
|
/**
|
|
* This documents the general structure of a Digest in the template API.
|
|
* All digest implementations should implement the following members and therefore pass
|
|
* the $(LREF isDigest) test.
|
|
*
|
|
* Note:
|
|
* $(UL
|
|
* $(LI A digest must be a struct (value type) to pass the $(LREF isDigest) test.)
|
|
* $(LI A digest passing the $(LREF isDigest) test is always an `OutputRange`)
|
|
* )
|
|
*/
|
|
struct ExampleDigest
|
|
{
|
|
public:
|
|
/**
|
|
* Use this to feed the digest with data.
|
|
* Also implements the $(REF isOutputRange, std,range,primitives)
|
|
* interface for `ubyte` and `const(ubyte)[]`.
|
|
* The following usages of `put` must work for any type which
|
|
* passes $(LREF isDigest):
|
|
* Example:
|
|
* ----
|
|
* ExampleDigest dig;
|
|
* dig.put(cast(ubyte) 0); //single ubyte
|
|
* dig.put(cast(ubyte) 0, cast(ubyte) 0); //variadic
|
|
* ubyte[10] buf;
|
|
* dig.put(buf); //buffer
|
|
* ----
|
|
*/
|
|
@trusted void put(scope const(ubyte)[] data...)
|
|
{
|
|
|
|
}
|
|
|
|
/**
|
|
* This function is used to (re)initialize the digest.
|
|
* It must be called before using the digest and it also works as a 'reset' function
|
|
* if the digest has already processed data.
|
|
*/
|
|
@trusted void start()
|
|
{
|
|
|
|
}
|
|
|
|
/**
|
|
* The finish function returns the final hash sum and resets the Digest.
|
|
*
|
|
* Note:
|
|
* The actual type returned by finish depends on the digest implementation.
|
|
* `ubyte[16]` is just used as an example. It is guaranteed that the type is a
|
|
* static array of ubytes.
|
|
*
|
|
* $(UL
|
|
* $(LI Use $(LREF DigestType) to obtain the actual return type.)
|
|
* $(LI Use $(LREF digestLength) to obtain the length of the ubyte array.)
|
|
* )
|
|
*/
|
|
@trusted ubyte[16] finish()
|
|
{
|
|
return (ubyte[16]).init;
|
|
}
|
|
}
|
|
}
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
//Using the OutputRange feature
|
|
import std.algorithm.mutation : copy;
|
|
import std.digest.md;
|
|
import std.range : repeat;
|
|
|
|
auto oneMillionRange = repeat!ubyte(cast(ubyte)'a', 1000000);
|
|
auto ctx = makeDigest!MD5();
|
|
copy(oneMillionRange, &ctx); //Note: You must pass a pointer to copy!
|
|
assert(ctx.finish().toHexString() == "7707D6AE4E027C70EEA2A935C2296F21");
|
|
}
|
|
|
|
/**
|
|
* Use this to check if a type is a digest. See $(LREF ExampleDigest) to see what
|
|
* a type must provide to pass this check.
|
|
*
|
|
* Note:
|
|
* This is very useful as a template constraint (see examples)
|
|
*
|
|
* BUGS:
|
|
* $(UL
|
|
* $(LI Does not yet verify that put takes scope parameters.)
|
|
* $(LI Should check that finish() returns a ubyte[num] array)
|
|
* )
|
|
*/
|
|
template isDigest(T)
|
|
{
|
|
import std.range : isOutputRange;
|
|
enum bool isDigest = isOutputRange!(T, const(ubyte)[]) && isOutputRange!(T, ubyte) &&
|
|
is(T == struct) &&
|
|
is(typeof(
|
|
{
|
|
T dig = void; //Can define
|
|
dig.put(cast(ubyte) 0, cast(ubyte) 0); //varags
|
|
dig.start(); //has start
|
|
auto value = dig.finish(); //has finish
|
|
}));
|
|
}
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
import std.digest.crc;
|
|
static assert(isDigest!CRC32);
|
|
}
|
|
///
|
|
@system unittest
|
|
{
|
|
import std.digest.crc;
|
|
void myFunction(T)()
|
|
if (isDigest!T)
|
|
{
|
|
T dig;
|
|
dig.start();
|
|
auto result = dig.finish();
|
|
}
|
|
myFunction!CRC32();
|
|
}
|
|
|
|
/**
|
|
* Use this template to get the type which is returned by a digest's $(LREF finish) method.
|
|
*/
|
|
template DigestType(T)
|
|
{
|
|
static if (isDigest!T)
|
|
{
|
|
alias DigestType =
|
|
ReturnType!(typeof(
|
|
{
|
|
T dig = void;
|
|
return dig.finish();
|
|
}));
|
|
}
|
|
else
|
|
static assert(false, T.stringof ~ " is not a digest! (fails isDigest!T)");
|
|
}
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
import std.digest.crc;
|
|
assert(is(DigestType!(CRC32) == ubyte[4]));
|
|
}
|
|
///
|
|
@system unittest
|
|
{
|
|
import std.digest.crc;
|
|
CRC32 dig;
|
|
dig.start();
|
|
DigestType!CRC32 result = dig.finish();
|
|
}
|
|
|
|
/**
|
|
* Used to check if a digest supports the `peek` method.
|
|
* Peek has exactly the same function signatures as finish, but it doesn't reset
|
|
* the digest's internal state.
|
|
*
|
|
* Note:
|
|
* $(UL
|
|
* $(LI This is very useful as a template constraint (see examples))
|
|
* $(LI This also checks if T passes $(LREF isDigest))
|
|
* )
|
|
*/
|
|
template hasPeek(T)
|
|
{
|
|
enum bool hasPeek = isDigest!T &&
|
|
is(typeof(
|
|
{
|
|
T dig = void; //Can define
|
|
DigestType!T val = dig.peek();
|
|
}));
|
|
}
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
import std.digest.crc, std.digest.md;
|
|
assert(!hasPeek!(MD5));
|
|
assert(hasPeek!CRC32);
|
|
}
|
|
///
|
|
@system unittest
|
|
{
|
|
import std.digest.crc;
|
|
void myFunction(T)()
|
|
if (hasPeek!T)
|
|
{
|
|
T dig;
|
|
dig.start();
|
|
auto result = dig.peek();
|
|
}
|
|
myFunction!CRC32();
|
|
}
|
|
|
|
/**
|
|
* Checks whether the digest has a `blockSize` member, which contains the
|
|
* digest's internal block size in bits. It is primarily used by $(REF HMAC, std,digest,hmac).
|
|
*/
|
|
|
|
template hasBlockSize(T)
|
|
if (isDigest!T)
|
|
{
|
|
enum bool hasBlockSize = __traits(compiles, { size_t blockSize = T.blockSize; });
|
|
}
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
import std.digest.hmac, std.digest.md;
|
|
static assert(hasBlockSize!MD5 && MD5.blockSize == 512);
|
|
static assert(hasBlockSize!(HMAC!MD5) && HMAC!MD5.blockSize == 512);
|
|
}
|
|
|
|
package template isDigestibleRange(Range)
|
|
{
|
|
import std.digest.md;
|
|
import std.range : isInputRange, ElementType;
|
|
enum bool isDigestibleRange = isInputRange!Range && is(typeof(
|
|
{
|
|
MD5 ha; //Could use any conformant hash
|
|
ElementType!Range val;
|
|
ha.put(val);
|
|
}));
|
|
}
|
|
|
|
/**
|
|
* This is a convenience function to calculate a hash using the template API.
|
|
* Every digest passing the $(LREF isDigest) test can be used with this function.
|
|
*
|
|
* Params:
|
|
* range= an `InputRange` with `ElementType` `ubyte`, `ubyte[]` or `ubyte[num]`
|
|
*/
|
|
DigestType!Hash digest(Hash, Range)(auto ref Range range)
|
|
if (!isArray!Range
|
|
&& isDigestibleRange!Range)
|
|
{
|
|
Hash hash;
|
|
hash.start();
|
|
alias E = ElementType!Range; // Not necessarily ubyte. Could be ubyte[N] or ubyte[] or something w/alias this.
|
|
static if (!(__traits(isScalar, E) && E.sizeof == 1))
|
|
{
|
|
foreach (e; range)
|
|
hash.put(e);
|
|
return hash.finish();
|
|
}
|
|
else
|
|
{
|
|
static if (hasBlockSize!Hash)
|
|
enum bufferBytes = Hash.blockSize >= (8192 * 8) ? 8192 : Hash.blockSize <= 64 ? 8 : (Hash.blockSize / 8);
|
|
else
|
|
enum bufferBytes = 8;
|
|
ubyte[bufferBytes] buffer = void;
|
|
static if (isRandomAccessRange!Range && hasLength!Range)
|
|
{
|
|
const end = range.length;
|
|
size_t i = 0;
|
|
while (end - i >= buffer.length)
|
|
{
|
|
foreach (ref e; buffer)
|
|
e = range[i++];
|
|
hash.put(buffer);
|
|
}
|
|
if (const remaining = end - i)
|
|
{
|
|
foreach (ref e; buffer[0 .. remaining])
|
|
e = range[i++];
|
|
hash.put(buffer[0 .. remaining]);
|
|
}
|
|
return hash.finish();
|
|
}
|
|
else
|
|
{
|
|
for (;;)
|
|
{
|
|
size_t n = buffer.length;
|
|
foreach (i, ref e; buffer)
|
|
{
|
|
if (range.empty)
|
|
{
|
|
n = i;
|
|
break;
|
|
}
|
|
e = range.front;
|
|
range.popFront();
|
|
}
|
|
if (n)
|
|
hash.put(buffer[0 .. n]);
|
|
if (n != buffer.length)
|
|
return hash.finish();
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
import std.digest.md;
|
|
import std.range : repeat;
|
|
auto testRange = repeat!ubyte(cast(ubyte)'a', 100);
|
|
auto md5 = digest!MD5(testRange);
|
|
}
|
|
|
|
/**
|
|
* This overload of the digest function handles arrays.
|
|
*
|
|
* Params:
|
|
* data= one or more arrays of any type
|
|
*/
|
|
DigestType!Hash digest(Hash, T...)(scope const T data)
|
|
if (allSatisfy!(isArray, typeof(data)))
|
|
{
|
|
Hash hash;
|
|
hash.start();
|
|
foreach (datum; data)
|
|
hash.put(cast(const(ubyte[]))datum);
|
|
return hash.finish();
|
|
}
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
import std.digest.crc, std.digest.md, std.digest.sha;
|
|
auto md5 = digest!MD5( "The quick brown fox jumps over the lazy dog");
|
|
auto sha1 = digest!SHA1( "The quick brown fox jumps over the lazy dog");
|
|
auto crc32 = digest!CRC32("The quick brown fox jumps over the lazy dog");
|
|
assert(toHexString(crc32) == "39A34F41");
|
|
}
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
import std.digest.crc;
|
|
auto crc32 = digest!CRC32("The quick ", "brown ", "fox jumps over the lazy dog");
|
|
assert(toHexString(crc32) == "39A34F41");
|
|
}
|
|
|
|
/**
|
|
* This is a convenience function similar to $(LREF digest), but it returns the string
|
|
* representation of the hash. Every digest passing the $(LREF isDigest) test can be used with this
|
|
* function.
|
|
*
|
|
* Params:
|
|
* order= the order in which the bytes are processed (see $(LREF toHexString))
|
|
* range= an `InputRange` with `ElementType` `ubyte`, `ubyte[]` or `ubyte[num]`
|
|
*/
|
|
char[digestLength!(Hash)*2] hexDigest(Hash, Order order = Order.increasing, Range)(ref Range range)
|
|
if (!isArray!Range && isDigestibleRange!Range)
|
|
{
|
|
return toHexString!order(digest!Hash(range));
|
|
}
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
import std.digest.md;
|
|
import std.range : repeat;
|
|
auto testRange = repeat!ubyte(cast(ubyte)'a', 100);
|
|
assert(hexDigest!MD5(testRange) == "36A92CC94A9E0FA21F625F8BFB007ADF");
|
|
}
|
|
|
|
/**
|
|
* This overload of the hexDigest function handles arrays.
|
|
*
|
|
* Params:
|
|
* order= the order in which the bytes are processed (see $(LREF toHexString))
|
|
* data= one or more arrays of any type
|
|
*/
|
|
char[digestLength!(Hash)*2] hexDigest(Hash, Order order = Order.increasing, T...)(scope const T data)
|
|
if (allSatisfy!(isArray, typeof(data)))
|
|
{
|
|
return toHexString!order(digest!Hash(data));
|
|
}
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
import std.digest.crc;
|
|
assert(hexDigest!(CRC32, Order.decreasing)("The quick brown fox jumps over the lazy dog") == "414FA339");
|
|
}
|
|
///
|
|
@system unittest
|
|
{
|
|
import std.digest.crc;
|
|
assert(hexDigest!(CRC32, Order.decreasing)("The quick ", "brown ", "fox jumps over the lazy dog") == "414FA339");
|
|
}
|
|
|
|
/**
|
|
* This is a convenience function which returns an initialized digest, so it's not necessary to call
|
|
* start manually.
|
|
*/
|
|
Hash makeDigest(Hash)()
|
|
{
|
|
Hash hash;
|
|
hash.start();
|
|
return hash;
|
|
}
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
import std.digest.md;
|
|
auto md5 = makeDigest!MD5();
|
|
md5.put(0);
|
|
assert(toHexString(md5.finish()) == "93B885ADFE0DA089CDF634904FD59F71");
|
|
}
|
|
|
|
/*+*************************** End of template part, welcome to OOP land **************************/
|
|
|
|
/**
|
|
* This describes the OOP API. To understand when to use the template API and when to use the OOP API,
|
|
* see the module documentation at the top of this page.
|
|
*
|
|
* The Digest interface is the base interface which is implemented by all digests.
|
|
*
|
|
* Note:
|
|
* A Digest implementation is always an `OutputRange`
|
|
*/
|
|
interface Digest
|
|
{
|
|
public:
|
|
/**
|
|
* Use this to feed the digest with data.
|
|
* Also implements the $(REF isOutputRange, std,range,primitives)
|
|
* interface for `ubyte` and `const(ubyte)[]`.
|
|
*
|
|
* Example:
|
|
* ----
|
|
* void test(Digest dig)
|
|
* {
|
|
* dig.put(cast(ubyte) 0); //single ubyte
|
|
* dig.put(cast(ubyte) 0, cast(ubyte) 0); //variadic
|
|
* ubyte[10] buf;
|
|
* dig.put(buf); //buffer
|
|
* }
|
|
* ----
|
|
*/
|
|
@trusted nothrow void put(scope const(ubyte)[] data...);
|
|
|
|
/**
|
|
* Resets the internal state of the digest.
|
|
* Note:
|
|
* $(LREF finish) calls this internally, so it's not necessary to call
|
|
* `reset` manually after a call to $(LREF finish).
|
|
*/
|
|
@trusted nothrow void reset();
|
|
|
|
/**
|
|
* This is the length in bytes of the hash value which is returned by $(LREF finish).
|
|
* It's also the required size of a buffer passed to $(LREF finish).
|
|
*/
|
|
@trusted nothrow @property size_t length() const;
|
|
|
|
/**
|
|
* The finish function returns the hash value. It takes an optional buffer to copy the data
|
|
* into. If a buffer is passed, it must be at least $(LREF length) bytes big.
|
|
*/
|
|
@trusted nothrow ubyte[] finish();
|
|
///ditto
|
|
nothrow ubyte[] finish(ubyte[] buf);
|
|
// https://issues.dlang.org/show_bug.cgi?id=6549
|
|
/*in
|
|
{
|
|
assert(buf.length >= this.length);
|
|
}*/
|
|
|
|
/**
|
|
* This is a convenience function to calculate the hash of a value using the OOP API.
|
|
*/
|
|
final @trusted nothrow ubyte[] digest(scope const(void[])[] data...)
|
|
{
|
|
this.reset();
|
|
foreach (datum; data)
|
|
this.put(cast(ubyte[]) datum);
|
|
return this.finish();
|
|
}
|
|
}
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
//Using the OutputRange feature
|
|
import std.algorithm.mutation : copy;
|
|
import std.digest.md;
|
|
import std.range : repeat;
|
|
|
|
auto oneMillionRange = repeat!ubyte(cast(ubyte)'a', 1000000);
|
|
auto ctx = new MD5Digest();
|
|
copy(oneMillionRange, ctx);
|
|
assert(ctx.finish().toHexString() == "7707D6AE4E027C70EEA2A935C2296F21");
|
|
}
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
import std.digest.crc, std.digest.md, std.digest.sha;
|
|
ubyte[] md5 = (new MD5Digest()).digest("The quick brown fox jumps over the lazy dog");
|
|
ubyte[] sha1 = (new SHA1Digest()).digest("The quick brown fox jumps over the lazy dog");
|
|
ubyte[] crc32 = (new CRC32Digest()).digest("The quick brown fox jumps over the lazy dog");
|
|
assert(crcHexString(crc32) == "414FA339");
|
|
}
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
import std.digest.crc;
|
|
ubyte[] crc32 = (new CRC32Digest()).digest("The quick ", "brown ", "fox jumps over the lazy dog");
|
|
assert(crcHexString(crc32) == "414FA339");
|
|
}
|
|
|
|
@system unittest
|
|
{
|
|
import std.range : isOutputRange;
|
|
assert(!isDigest!(Digest));
|
|
assert(isOutputRange!(Digest, ubyte));
|
|
}
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
void test(Digest dig)
|
|
{
|
|
dig.put(cast(ubyte) 0); //single ubyte
|
|
dig.put(cast(ubyte) 0, cast(ubyte) 0); //variadic
|
|
ubyte[10] buf;
|
|
dig.put(buf); //buffer
|
|
}
|
|
}
|
|
|
|
/*+*************************** End of OOP part, helper functions follow ***************************/
|
|
|
|
/**
|
|
* See $(LREF toHexString)
|
|
*/
|
|
enum Order : bool
|
|
{
|
|
increasing, ///
|
|
decreasing ///
|
|
}
|
|
|
|
///
|
|
@safe unittest
|
|
{
|
|
import std.digest.crc : CRC32;
|
|
|
|
auto crc32 = digest!CRC32("The quick ", "brown ", "fox jumps over the lazy dog");
|
|
assert(crc32.toHexString!(Order.decreasing) == "414FA339");
|
|
assert(crc32.toHexString!(LetterCase.lower, Order.decreasing) == "414fa339");
|
|
}
|
|
|
|
|
|
/**
|
|
* Used to convert a hash value (a static or dynamic array of ubytes) to a string.
|
|
* Can be used with the OOP and with the template API.
|
|
*
|
|
* The additional order parameter can be used to specify the order of the input data.
|
|
* By default the data is processed in increasing order, starting at index 0. To process it in the
|
|
* opposite order, pass Order.decreasing as a parameter.
|
|
*
|
|
* The additional letterCase parameter can be used to specify the case of the output data.
|
|
* By default the output is in upper case. To change it to the lower case
|
|
* pass LetterCase.lower as a parameter.
|
|
*
|
|
* Note:
|
|
* The function overloads returning a string allocate their return values
|
|
* using the GC. The versions returning static arrays use pass-by-value for
|
|
* the return value, effectively avoiding dynamic allocation.
|
|
*/
|
|
char[num*2] toHexString(Order order = Order.increasing, size_t num, LetterCase letterCase = LetterCase.upper)
|
|
(const ubyte[num] digest)
|
|
{
|
|
|
|
char[num*2] result;
|
|
size_t i;
|
|
toHexStringImpl!(order, letterCase)(digest, result);
|
|
return result;
|
|
}
|
|
|
|
///ditto
|
|
char[num*2] toHexString(LetterCase letterCase, Order order = Order.increasing, size_t num)(in ubyte[num] digest)
|
|
{
|
|
return toHexString!(order, num, letterCase)(digest);
|
|
}
|
|
|
|
///ditto
|
|
string toHexString(Order order = Order.increasing, LetterCase letterCase = LetterCase.upper)
|
|
(in ubyte[] digest)
|
|
{
|
|
auto result = new char[digest.length*2];
|
|
toHexStringImpl!(order, letterCase)(digest, result);
|
|
import std.exception : assumeUnique;
|
|
// memory was just created, so casting to immutable is safe
|
|
return () @trusted { return assumeUnique(result); }();
|
|
}
|
|
|
|
///ditto
|
|
string toHexString(LetterCase letterCase, Order order = Order.increasing)(in ubyte[] digest)
|
|
{
|
|
return toHexString!(order, letterCase)(digest);
|
|
}
|
|
|
|
//For more example unittests, see Digest.digest, digest
|
|
|
|
///
|
|
@safe unittest
|
|
{
|
|
import std.digest.crc;
|
|
//Test with template API:
|
|
auto crc32 = digest!CRC32("The quick ", "brown ", "fox jumps over the lazy dog");
|
|
//Lower case variant:
|
|
assert(toHexString!(LetterCase.lower)(crc32) == "39a34f41");
|
|
//Usually CRCs are printed in this order, though:
|
|
assert(toHexString!(Order.decreasing)(crc32) == "414FA339");
|
|
assert(toHexString!(LetterCase.lower, Order.decreasing)(crc32) == "414fa339");
|
|
}
|
|
|
|
///
|
|
@safe unittest
|
|
{
|
|
import std.digest.crc;
|
|
// With OOP API
|
|
auto crc32 = (new CRC32Digest()).digest("The quick ", "brown ", "fox jumps over the lazy dog");
|
|
//Usually CRCs are printed in this order, though:
|
|
assert(toHexString!(Order.decreasing)(crc32) == "414FA339");
|
|
}
|
|
|
|
@safe unittest
|
|
{
|
|
ubyte[16] data;
|
|
assert(toHexString(data) == "00000000000000000000000000000000");
|
|
|
|
assert(toHexString(cast(ubyte[4])[42, 43, 44, 45]) == "2A2B2C2D");
|
|
assert(toHexString(cast(ubyte[])[42, 43, 44, 45]) == "2A2B2C2D");
|
|
assert(toHexString!(Order.decreasing)(cast(ubyte[4])[42, 43, 44, 45]) == "2D2C2B2A");
|
|
assert(toHexString!(Order.decreasing, LetterCase.lower)(cast(ubyte[4])[42, 43, 44, 45]) == "2d2c2b2a");
|
|
assert(toHexString!(Order.decreasing)(cast(ubyte[])[42, 43, 44, 45]) == "2D2C2B2A");
|
|
}
|
|
|
|
/*+*********************** End of public helper part, private helpers follow ***********************/
|
|
|
|
/*
|
|
* Used to convert from a ubyte[] slice to a ref ubyte[N].
|
|
* This helper is used internally in the WrapperDigest template to wrap the template API's
|
|
* finish function.
|
|
*/
|
|
ref T[N] asArray(size_t N, T)(ref T[] source, string errorMsg = "")
|
|
{
|
|
assert(source.length >= N, errorMsg);
|
|
return *cast(T[N]*) source.ptr;
|
|
}
|
|
|
|
/*
|
|
* Fill in a preallocated buffer with the ASCII hex representation from a byte buffer
|
|
*/
|
|
private void toHexStringImpl(Order order, LetterCase letterCase, BB, HB)
|
|
(scope const ref BB byteBuffer, ref HB hexBuffer){
|
|
static if (letterCase == LetterCase.upper)
|
|
{
|
|
import std.ascii : hexDigits = hexDigits;
|
|
}
|
|
else
|
|
{
|
|
import std.ascii : hexDigits = lowerHexDigits;
|
|
}
|
|
|
|
size_t i;
|
|
static if (order == Order.increasing)
|
|
{
|
|
foreach (u; byteBuffer)
|
|
{
|
|
hexBuffer[i++] = hexDigits[u >> 4];
|
|
hexBuffer[i++] = hexDigits[u & 15];
|
|
}
|
|
}
|
|
else
|
|
{
|
|
size_t j = byteBuffer.length -1;
|
|
while (i < byteBuffer.length*2)
|
|
{
|
|
hexBuffer[i++] = hexDigits[byteBuffer[j] >> 4];
|
|
hexBuffer[i++] = hexDigits[byteBuffer[j] & 15];
|
|
j--;
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
/*
|
|
* Returns the length (in bytes) of the hash value produced by T.
|
|
*/
|
|
template digestLength(T)
|
|
if (isDigest!T)
|
|
{
|
|
enum size_t digestLength = (ReturnType!(T.finish)).length;
|
|
}
|
|
|
|
@safe pure nothrow @nogc
|
|
unittest
|
|
{
|
|
import std.digest.md : MD5;
|
|
import std.digest.sha : SHA1, SHA256, SHA512;
|
|
assert(digestLength!MD5 == 16);
|
|
assert(digestLength!SHA1 == 20);
|
|
assert(digestLength!SHA256 == 32);
|
|
assert(digestLength!SHA512 == 64);
|
|
}
|
|
|
|
/**
|
|
* Wraps a template API hash struct into a Digest interface.
|
|
* Modules providing digest implementations will usually provide
|
|
* an alias for this template (e.g. MD5Digest, SHA1Digest, ...).
|
|
*/
|
|
class WrapperDigest(T)
|
|
if (isDigest!T) : Digest
|
|
{
|
|
protected:
|
|
T _digest;
|
|
|
|
public final:
|
|
/**
|
|
* Initializes the digest.
|
|
*/
|
|
this()
|
|
{
|
|
_digest.start();
|
|
}
|
|
|
|
/**
|
|
* Use this to feed the digest with data.
|
|
* Also implements the $(REF isOutputRange, std,range,primitives)
|
|
* interface for `ubyte` and `const(ubyte)[]`.
|
|
*/
|
|
@trusted nothrow void put(scope const(ubyte)[] data...)
|
|
{
|
|
_digest.put(data);
|
|
}
|
|
|
|
/**
|
|
* Resets the internal state of the digest.
|
|
* Note:
|
|
* $(LREF finish) calls this internally, so it's not necessary to call
|
|
* `reset` manually after a call to $(LREF finish).
|
|
*/
|
|
@trusted nothrow void reset()
|
|
{
|
|
_digest.start();
|
|
}
|
|
|
|
/**
|
|
* This is the length in bytes of the hash value which is returned by $(LREF finish).
|
|
* It's also the required size of a buffer passed to $(LREF finish).
|
|
*/
|
|
@trusted nothrow @property size_t length() const pure
|
|
{
|
|
return digestLength!T;
|
|
}
|
|
|
|
/**
|
|
* The finish function returns the hash value. It takes an optional buffer to copy the data
|
|
* into. If a buffer is passed, it must have a length at least $(LREF length) bytes.
|
|
*
|
|
* Example:
|
|
* --------
|
|
*
|
|
* import std.digest.md;
|
|
* ubyte[16] buf;
|
|
* auto hash = new WrapperDigest!MD5();
|
|
* hash.put(cast(ubyte) 0);
|
|
* auto result = hash.finish(buf[]);
|
|
* //The result is now in result (and in buf). If you pass a buffer which is bigger than
|
|
* //necessary, result will have the correct length, but buf will still have it's original
|
|
* //length
|
|
* --------
|
|
*/
|
|
nothrow ubyte[] finish(ubyte[] buf)
|
|
in
|
|
{
|
|
assert(buf.length >= this.length, "Given buffer is smaller than the local buffer.");
|
|
}
|
|
do
|
|
{
|
|
enum string msg = "Buffer needs to be at least " ~ digestLength!(T).stringof ~ " bytes " ~
|
|
"big, check " ~ typeof(this).stringof ~ ".length!";
|
|
asArray!(digestLength!T)(buf, msg) = _digest.finish();
|
|
return buf[0 .. digestLength!T];
|
|
}
|
|
|
|
///ditto
|
|
@trusted nothrow ubyte[] finish()
|
|
{
|
|
enum len = digestLength!T;
|
|
auto buf = new ubyte[len];
|
|
asArray!(digestLength!T)(buf) = _digest.finish();
|
|
return buf;
|
|
}
|
|
|
|
version (StdDdoc)
|
|
{
|
|
/**
|
|
* Works like `finish` but does not reset the internal state, so it's possible
|
|
* to continue putting data into this WrapperDigest after a call to peek.
|
|
*
|
|
* These functions are only available if `hasPeek!T` is true.
|
|
*/
|
|
@trusted ubyte[] peek(ubyte[] buf) const;
|
|
///ditto
|
|
@trusted ubyte[] peek() const;
|
|
}
|
|
else static if (hasPeek!T)
|
|
{
|
|
@trusted ubyte[] peek(ubyte[] buf) const
|
|
in
|
|
{
|
|
assert(buf.length >= this.length, "Given buffer is smaller than the local buffer.");
|
|
}
|
|
do
|
|
{
|
|
enum string msg = "Buffer needs to be at least " ~ digestLength!(T).stringof ~ " bytes " ~
|
|
"big, check " ~ typeof(this).stringof ~ ".length!";
|
|
asArray!(digestLength!T)(buf, msg) = _digest.peek();
|
|
return buf[0 .. digestLength!T];
|
|
}
|
|
|
|
@trusted ubyte[] peek() const
|
|
{
|
|
enum len = digestLength!T;
|
|
auto buf = new ubyte[len];
|
|
asArray!(digestLength!T)(buf) = _digest.peek();
|
|
return buf;
|
|
}
|
|
}
|
|
}
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
import std.digest.md;
|
|
//Simple example
|
|
auto hash = new WrapperDigest!MD5();
|
|
hash.put(cast(ubyte) 0);
|
|
auto result = hash.finish();
|
|
}
|
|
|
|
///
|
|
@system unittest
|
|
{
|
|
//using a supplied buffer
|
|
import std.digest.md;
|
|
ubyte[16] buf;
|
|
auto hash = new WrapperDigest!MD5();
|
|
hash.put(cast(ubyte) 0);
|
|
auto result = hash.finish(buf[]);
|
|
//The result is now in result (and in buf). If you pass a buffer which is bigger than
|
|
//necessary, result will have the correct length, but buf will still have it's original
|
|
//length
|
|
}
|
|
|
|
@safe unittest
|
|
{
|
|
// Test peek & length
|
|
import std.digest.crc;
|
|
auto hash = new WrapperDigest!CRC32();
|
|
assert(hash.length == 4);
|
|
hash.put(cast(const(ubyte[]))"The quick brown fox jumps over the lazy dog");
|
|
assert(hash.peek().toHexString() == "39A34F41");
|
|
ubyte[5] buf;
|
|
assert(hash.peek(buf).toHexString() == "39A34F41");
|
|
}
|
|
|
|
/**
|
|
* Securely compares two digest representations while protecting against timing
|
|
* attacks. Do not use `==` to compare digest representations.
|
|
*
|
|
* The attack happens as follows:
|
|
*
|
|
* $(OL
|
|
* $(LI An attacker wants to send harmful data to your server, which
|
|
* requires a integrity HMAC SHA1 token signed with a secret.)
|
|
* $(LI The length of the token is known to be 40 characters long due to its format,
|
|
* so the attacker first sends `"0000000000000000000000000000000000000000"`,
|
|
* then `"1000000000000000000000000000000000000000"`, and so on.)
|
|
* $(LI The given HMAC token is compared with the expected token using the
|
|
* `==` string comparison, which returns `false` as soon as the first wrong
|
|
* element is found. If a wrong element is found, then a rejection is sent
|
|
* back to the sender.)
|
|
* $(LI Eventually, the attacker is able to determine the first character in
|
|
* the correct token because the sever takes slightly longer to return a
|
|
* rejection. This is due to the comparison moving on to second item in
|
|
* the two arrays, seeing they are different, and then sending the rejection.)
|
|
* $(LI It may seem like too small of a difference in time for the attacker
|
|
* to notice, but security researchers have shown that differences as
|
|
* small as $(LINK2 http://www.cs.rice.edu/~dwallach/pub/crosby-timing2009.pdf,
|
|
* 20µs can be reliably distinguished) even with network inconsistencies.)
|
|
* $(LI Repeat the process for each character until the attacker has the whole
|
|
* correct token and the server accepts the harmful data. This can be done
|
|
* in a week with the attacker pacing the attack to 10 requests per second
|
|
* with only one client.)
|
|
* )
|
|
*
|
|
* This function defends against this attack by always comparing every single
|
|
* item in the array if the two arrays are the same length. Therefore, this
|
|
* function is always $(BIGOH n) for ranges of the same length.
|
|
*
|
|
* This attack can also be mitigated via rate limiting and banning IPs which have too
|
|
* many rejected requests. However, this does not completely solve the problem,
|
|
* as the attacker could be in control of a bot net. To fully defend against
|
|
* the timing attack, rate limiting, banning IPs, and using this function
|
|
* should be used together.
|
|
*
|
|
* Params:
|
|
* r1 = A digest representation
|
|
* r2 = A digest representation
|
|
* Returns:
|
|
* `true` if both representations are equal, `false` otherwise
|
|
* See_Also:
|
|
* $(LINK2 https://en.wikipedia.org/wiki/Timing_attack, The Wikipedia article
|
|
* on timing attacks).
|
|
*/
|
|
bool secureEqual(R1, R2)(R1 r1, R2 r2)
|
|
if (isInputRange!R1 && isInputRange!R2 && !isInfinite!R1 && !isInfinite!R2 &&
|
|
(isIntegral!(ElementEncodingType!R1) || isSomeChar!(ElementEncodingType!R1)) &&
|
|
!is(CommonType!(ElementEncodingType!R1, ElementEncodingType!R2) == void))
|
|
{
|
|
static if (hasLength!R1 && hasLength!R2)
|
|
if (r1.length != r2.length)
|
|
return false;
|
|
|
|
int result;
|
|
|
|
static if (isRandomAccessRange!R1 && isRandomAccessRange!R2 &&
|
|
hasLength!R1 && hasLength!R2)
|
|
{
|
|
foreach (i; 0 .. r1.length)
|
|
result |= r1[i] ^ r2[i];
|
|
}
|
|
else static if (hasLength!R1 && hasLength!R2)
|
|
{
|
|
// Lengths are the same so we can squeeze out a bit of performance
|
|
// by not checking if r2 is empty
|
|
for (; !r1.empty; r1.popFront(), r2.popFront())
|
|
{
|
|
result |= r1.front ^ r2.front;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// Generic case, walk both ranges
|
|
for (; !r1.empty; r1.popFront(), r2.popFront())
|
|
{
|
|
if (r2.empty) return false;
|
|
result |= r1.front ^ r2.front;
|
|
}
|
|
if (!r2.empty) return false;
|
|
}
|
|
|
|
return result == 0;
|
|
}
|
|
|
|
///
|
|
@system pure unittest
|
|
{
|
|
import std.digest.hmac : hmac;
|
|
import std.digest.sha : SHA1;
|
|
import std.string : representation;
|
|
|
|
// a typical HMAC data integrity verification
|
|
auto secret = "A7GZIP6TAQA6OHM7KZ42KB9303CEY0MOV5DD6NTV".representation;
|
|
auto data = "data".representation;
|
|
|
|
auto hex1 = data.hmac!SHA1(secret).toHexString;
|
|
auto hex2 = data.hmac!SHA1(secret).toHexString;
|
|
auto hex3 = "data1".representation.hmac!SHA1(secret).toHexString;
|
|
|
|
assert( secureEqual(hex1[], hex2[]));
|
|
assert(!secureEqual(hex1[], hex3[]));
|
|
}
|
|
|
|
@system pure unittest
|
|
{
|
|
import std.internal.test.dummyrange : ReferenceInputRange;
|
|
import std.range : takeExactly;
|
|
import std.string : representation;
|
|
import std.utf : byWchar, byDchar;
|
|
|
|
{
|
|
auto hex1 = "02CA3484C375EDD3C0F08D3F50D119E61077".representation;
|
|
auto hex2 = "02CA3484C375EDD3C0F08D3F50D119E610779018".representation;
|
|
assert(!secureEqual(hex1, hex2));
|
|
}
|
|
{
|
|
auto hex1 = "02CA3484C375EDD3C0F08D3F50D119E610779018"w.representation;
|
|
auto hex2 = "02CA3484C375EDD3C0F08D3F50D119E610779018"d.representation;
|
|
assert(secureEqual(hex1, hex2));
|
|
}
|
|
{
|
|
auto hex1 = "02CA3484C375EDD3C0F08D3F50D119E610779018".byWchar;
|
|
auto hex2 = "02CA3484C375EDD3C0F08D3F50D119E610779018".byDchar;
|
|
assert(secureEqual(hex1, hex2));
|
|
}
|
|
{
|
|
auto hex1 = "02CA3484C375EDD3C0F08D3F50D119E61077".byWchar;
|
|
auto hex2 = "02CA3484C375EDD3C0F08D3F50D119E610779018".byDchar;
|
|
assert(!secureEqual(hex1, hex2));
|
|
}
|
|
{
|
|
auto hex1 = new ReferenceInputRange!int([0, 1, 2, 3, 4, 5, 6, 7, 8]).takeExactly(9);
|
|
auto hex2 = new ReferenceInputRange!int([0, 1, 2, 3, 4, 5, 6, 7, 8]).takeExactly(9);
|
|
assert(secureEqual(hex1, hex2));
|
|
}
|
|
{
|
|
auto hex1 = new ReferenceInputRange!int([0, 1, 2, 3, 4, 5, 6, 7, 8]).takeExactly(9);
|
|
auto hex2 = new ReferenceInputRange!int([0, 1, 2, 3, 4, 5, 6, 7, 9]).takeExactly(9);
|
|
assert(!secureEqual(hex1, hex2));
|
|
}
|
|
}
|