CHANGE: making CHECKSUM more compatible with Red language

* removed `/method`; now method is always used as second argument
* removed `/tcp`; now accessible as: `checksum data 'tcp`
* removed `/secure`; now accessible as: `checksum data 'sha1` (`sha1` is not considered as too secure anyway these days)
* removed `/hash`; now accessible as: `checksum/with value 'hash 256`
* renamed `/key` to `/with`; given `spec` is used as a key for HMAC and or size of hash table

Available checksum methods are now listed in: `system/catalog/checksums`

Note: checksum port does not support these methods: adler32, crc24, crc32 and tcp

Author: Oldes

src/boot/natives.reb

@@ -385,20 +385,7 @@ collect-words: native [
 	words [any-object! block! none!] "Words to ignore"
 ]
 
-checksum: native [
-	{Computes a checksum, CRC, or hash.}
-	data [binary! string!] {Bytes to checksum. String value is first converted to UTF-8!}
-	/part length {Length of data}
-	/tcp {Returns an Internet TCP 16-bit checksum}
-	/secure {Returns a cryptographically secure checksum}
-	/hash {Returns a hash value}
-	size [integer!] {Size of the hash table}
-	/method {Method to use}
-	word [word!] {Methods: SHA1 SHA256 SHA384 SHA512 MD5 CRC32 ADLER32}
-	/key {Returns keyed HMAC value}
-	key-value [any-string! binary!] {Key to use}
-]
-
+;checksum:   native [] ; defined in %n-string.c
 ;compress:   native [] ; defined in %n-string.c
 ;decompress: native [] ; defined in %n-string.c
 

src/boot/sysobj.reb

@@ -57,6 +57,7 @@ catalog: object [
 		uri:           #[bitset! #{000000005BFFFFF5FFFFFFE17FFFFFE2}] ;A-Z a-z 0-9 !#$&'()*+,-./:;=?@_~
 		uri-component: #[bitset! #{0000000041E6FFC07FFFFFE17FFFFFE2}] ;A-Z a-z 0-9 !'()*-._~
 	]
+	checksums: [adler32 crc24 crc32 tcp md4 md5 sha1 sha224 sha256 sha384 sha512 ripemd160]
 ]
 
 contexts: construct [

src/boot/words.reb

@@ -181,11 +181,18 @@ bessel
 sinc
 
 ; Checksum
-sha1
-sha256
+hash
+adler32
+crc24
+crc32
 md4
 md5
-crc32
+ripemd160
+sha1
+sha224
+sha256
+sha384
+sha512
 
 ; Codec actions
 identify

src/core/n-strings.c

@@ -116,75 +116,68 @@ static struct digest {
 **
 */	REBNATIVE(checksum)
 /*
-**		Computes checksum or hash value.
-**
-**		Note: Currently BINARY only.
-**
-**	Args:
-**
-**		data [any-string!] {Data to checksum}
-**		/part length
-**		/tcp {Returns an Internet TCP 16-bit checksum.}
-**		/secure {Returns a cryptographically secure checksum.}
-**		/hash {Returns a hash value}
-**		size [integer!] {Size of the hash table}
-**		/method {Method to use}
-**		word [word!] {Method: SHA1 MD5}
-**		/key {Returns keyed HMAC value}
-**		key-value [any-string! binary!] {Key to use}
-**
+//	checksum: native [
+//		{Computes a checksum, CRC, hash, or HMAC.}
+//		data [binary! string!] {If string, it will be UTF8 encoded}
+//		method [word!] {One of `system/catalog/checksums` and HASH}
+//		/with {Extra value for HMAC key or hash table size; not compatible with TCP/CRC24/CRC32/ADLER32 methods.}
+//		 spec [any-string! binary! integer!] {String or binary for MD5/SHA* HMAC key, integer for hash table size.}
+//		/part {Limits to a given length}
+//		 length
+//	]
 ***********************************************************************/
 {
-	REBVAL *arg = D_ARG(ARG_CHECKSUM_DATA);
+	REBVAL *arg  = D_ARG(ARG_CHECKSUM_DATA);
+	REBINT sym   = VAL_WORD_CANON(D_ARG(ARG_CHECKSUM_METHOD));
+	REBVAL *spec = D_ARG(ARG_CHECKSUM_SPEC);
 	REBINT sum;
 	REBINT i;
 	REBINT j;
-	REBSER *digest;
-	REBINT sym = SYM_SHA1;
-	REBCNT len;
+	REBSER *digest, *ser;
+	REBCNT len, keylen;
 	REBYTE *data;
+	REBYTE *keycp;
+
 
 	len = Partial1(arg, D_ARG(ARG_CHECKSUM_LENGTH));
 
 	if (IS_STRING(arg)) {
-		// using `digest` just as a temp variable here!
-		digest = Encode_UTF8_Value(arg, len, 0);
-		data = SERIES_DATA(digest);
-		len = SERIES_LEN(digest) - 1;
+		ser = Encode_UTF8_Value(arg, len, 0);
+		data = SERIES_DATA(ser);
+		len = SERIES_LEN(ser) - 1;
 	}
 	else {
 		data = VAL_BIN_DATA(arg);
 	}
 
-	
-
-	// Method word:
-	if (D_REF(ARG_CHECKSUM_METHOD)) sym = VAL_WORD_CANON(D_ARG(ARG_CHECKSUM_WORD));
-
-	// If method, secure, or key... find matching digest:
-	if (D_REF(ARG_CHECKSUM_METHOD) || D_REF(ARG_CHECKSUM_SECURE) || D_REF(ARG_CHECKSUM_KEY)) {
-
-		if (sym == SYM_CRC32 || sym == SYM_ADLER32) {
-			if (D_REF(ARG_CHECKSUM_SECURE) || D_REF(ARG_CHECKSUM_KEY)) Trap0(RE_BAD_REFINES);
-			i = (sym == SYM_CRC32) ? CRC32(data, len) : z_adler32_z(0x00000001L, data, len);
-			DS_RET_INT(i);
-			return R_RET;
-		}
-
+	if (sym > SYM_CRC32 && sym <= SYM_SHA512) {
+		// O: could be optimized using index computed from `sym`
+		// find matching digest:
 		for (i = 0; i < sizeof(digests) / sizeof(digests[0]); i++) {
 
 			if (digests[i].index == sym) {
 
 				digest = Make_Series(digests[i].len, 1, FALSE);
 				LABEL_SERIES(digest, "checksum digest");
 
-				if (D_REF(ARG_CHECKSUM_KEY)) {
+				if (D_REF(ARG_CHECKSUM_WITH)) {	// HMAC
+					if (IS_INTEGER(spec))
+						Trap1(RE_BAD_REFINE, D_ARG(ARG_CHECKSUM_SPEC));
+
+					if (IS_BINARY(spec)) {
+						keycp = VAL_BIN_DATA(spec);
+						keylen = VAL_LEN(spec);
+					}
+					else {
+						// normalize to UTF8 first
+						ser = Encode_UTF8_Value(spec, VAL_LEN(spec), 0);
+						keycp = SERIES_DATA(ser);
+						keylen = SERIES_LEN(ser) - 1;
+					}
 					REBYTE tmpdigest[128];		// Size must be max of all digest[].len;
 					REBYTE ipad[128],opad[128];	// Size must be max of all digest[].hmacblock;
 					void *ctx = Make_Mem(digests[i].ctxsize());
-					REBVAL *key = D_ARG(ARG_CHECKSUM_KEY_VALUE);
-					REBYTE *keycp = VAL_BIN_DATA(key);
-					int keylen = VAL_LEN(key);
+
 					int blocklen = digests[i].hmacblock;
 
 					if (keylen > blocklen) {
@@ -224,23 +217,34 @@ static struct digest {
 				return 0;
 			}
 		}
-
-		Trap_Arg(D_ARG(ARG_CHECKSUM_WORD));
+		// used correct name, but diggest was not found (excluded from build)
+		Trap0(RE_FEATURE_NA);
 	}
-	else if (D_REF(ARG_CHECKSUM_TCP)) { // /tcp
-		i = Compute_IPC(data, len);
+
+	if (D_REF(ARG_CHECKSUM_WITH) && ((sym > SYM_HASH && sym <= SYM_CRC32) || sym == SYM_TCP))
+		Trap0(RE_BAD_REFINES);
+
+	if (sym == SYM_CRC32 || sym == SYM_ADLER32) {
+		i = (sym == SYM_CRC32) ? CRC32(data, len) : z_adler32_z(0x00000001L, data, len);
 	}
-	else if (D_REF(ARG_CHECKSUM_HASH)) {  // /hash
-		sum = VAL_INT32(D_ARG(ARG_CHECKSUM_SIZE)); // /size
+	else if (sym == SYM_HASH) {  // /hash
+		if(!D_REF(ARG_CHECKSUM_WITH)) Trap0(RE_MISSING_ARG);
+		if (!IS_INTEGER(spec)) Trap1(RE_BAD_REFINE, D_ARG(ARG_CHECKSUM_SPEC));
+		sum = VAL_INT32(spec); // size of the hash table
 		if (sum <= 1) sum = 1;
 		i = Hash_String(data, len) % sum;
 	}
-	else {
+	else if (sym == SYM_CRC24) {
 		i = Compute_CRC24(data, len);
 	}
+	else if (sym == SYM_TCP) {
+		i = Compute_IPC(data, len);
+	}
+	else {
+		Trap_Arg(D_ARG(ARG_CHECKSUM_METHOD));
+	}
 
 	DS_RET_INT(i);
-
 	return R_RET;
 }
 

src/mezz/codec-gzip.reb

@@ -51,7 +51,7 @@ register-codec [
 		]
 		if 2 = (2 and flg) [ ;FHCRC
 			;the two least significant bytes of the CRC32 for all bytes of the gzip header up to and not including the CRC16
-			;checksum/method/part bin/buffer-write 'CRC32 index? bin/buffer
+			;checksum/part bin/buffer-write 'CRC32 index? bin/buffer
 			crc16: binary/read bin 'UI16LE
 		]
 		if verbose > 0 [	

src/mezz/codec-ppk.reb

@@ -66,8 +66,8 @@ register-codec [
 					pass: either password [copy pass][
 						ask/hide ajoin ["Key password for " mold comm ": "]
 					]
-					key: join checksum/secure join #{00000000} pass
-					          checksum/secure join #{00000001} pass
+					key: join checksum join #{00000000} pass 'sha1
+					          checksum join #{00000001} pass 'sha1
 					key: aes/decrypt/key copy/part key 32 none
 					pri: aes/decrypt/stream key pri
 				][
@@ -87,11 +87,11 @@ register-codec [
 					UI32BYTES :pri
 				] 'buffer
 			]
-			mackey: checksum/secure join "putty-private-key-file-mac-key" any [pass ""]
+			mackey: checksum join "putty-private-key-file-mac-key" any [pass ""] 'sha1
 			if pass [forall pass [pass/1: random 255]]
 			if pmac <> form either mac? [
-				checksum/secure/key macdata mackey
-			][	checksum/secure     macdata ] [
+				checksum/with macdata 'sha1 mackey
+			][	checksum      macdata 'sha1 ] [
 				print either key ["Wrong password!"]["MAC failed!"]
 				return none
 			]

src/mezz/codec-ssh-key.reb

@@ -60,7 +60,7 @@ wrap [
 					]
 					iv: debase iv 16
 					unless p [p: ask/hide "Pasword: "]
-					p: checksum/method
+					p: checksum
 						join to binary! p copy/part iv 8
 						'md5
 					d: aes/key/decrypt p iv

src/mezz/codec-zip.reb

@@ -125,7 +125,7 @@ register-codec [
 					if all [
 						data
 						any [validate validate-crc?]
-						crc <> crc2: checksum/method data 'crc32
+						crc <> crc2: checksum data 'crc32
 					][
 						sys/log/error 'ZIP ["CRC check failed!" crc "<>" crc2]
 					]

src/mezz/mezz-save.reb

@@ -100,7 +100,7 @@ save: function [
 
 	case/all [
 		; Checksum uncompressed data, if requested
-		tmp: find header-data 'checksum [change next tmp checksum/secure data: to-binary data]
+		tmp: find header-data 'checksum [change next tmp checksum data: to-binary data 'sha1]
 		; Compress the data if necessary
 		compress [data: lib/compress data]
 		; File content is encoded as base-64:

src/mezz/prot-mysql.reb

@@ -525,9 +525,9 @@ mysql-driver: make object! [
 
 		;--- New 4.1.0+ authentication scheme ---
 		crypt-v11: func [data [binary!] seed [binary!] /local key1 key2][
-			key1: checksum/secure data
-			key2: checksum/secure key1
-			key1 xor checksum/secure rejoin [(to-binary seed) key2]
+			key1: checksum data 'sha1
+			key2: checksum key1 'sha1
+			key1 xor checksum rejoin [(to-binary seed) key2] 'sha1
 		]
 
 		scramble: func [data [string! none!] port [port!] /v10 /local seed][

src/mezz/prot-smtp.reb

@@ -174,7 +174,7 @@ sync-smtp-handler: func [ event
 								auth-key: skip response 4
 								auth-key: debase auth-key 64
 								; compute challenge response
-								auth-key: checksum/method/key auth-key 'md5 client/spec/pass
+								auth-key: checksum/with auth-key 'md5 client/spec/pass
 								write client to-binary net-log/C join 
 								enbase reform [client/spec/user lowercase enbase auth-key 16] 64 CRLF
 								client/spec/state: 'PASSWORD

src/mezz/prot-tls.reb

@@ -468,10 +468,10 @@ TLS-update-messages-hash: function [
 	log-more ["Update-messages-hash bytes:" len "hash:" all [ctx/sha-port ctx/sha-port/spec/method]]
 	if none? ctx/sha-port [
 		either ctx/legacy? [
-			ctx/sha-port: open checksum://sha1
-			ctx/md5-port: open checksum://md5
+			ctx/sha-port: open checksum:sha1
+			ctx/md5-port: open checksum:md5
 		][
-			ctx/sha-port: open either ctx/mac-size = 48 [checksum://sha384][checksum://sha256]
+			ctx/sha-port: open either ctx/mac-size = 48 [checksum:sha384][checksum:sha256]
 		]
 		log-more ["Initialized SHA method:" ctx/sha-port/spec/method]
 	]
@@ -846,7 +846,7 @@ decrypt-msg: function [
 				binary/write bin [
 					UI16BYTES :data
 				]
-				mac-check: checksum/method/key bin/buffer hash-method server-mac-key
+				mac-check: checksum/with bin/buffer hash-method server-mac-key
 
 				;?? mac
 				;?? mac-check
@@ -925,7 +925,7 @@ encrypt-data: function [
 
 			binary/write bin content
 
-			MAC: checksum/method/key bin/buffer ctx/hash-method ctx/client-mac-key
+			MAC: checksum/with bin/buffer ctx/hash-method ctx/client-mac-key
 
 			;?? MAC
 			data: rejoin [content MAC]
@@ -1032,15 +1032,15 @@ prf: function [
 		p-md5: copy #{}
 		a: seed ; A(0)
 		while [output-length > length? p-md5][
-			a: checksum/method/key a 'md5 s-1 ; A(n)
-			append p-md5 checksum/method/key rejoin [a seed] 'md5 s-1
+			a: checksum/with a 'md5 s-1 ; A(n)
+			append p-md5 checksum/with rejoin [a seed] 'md5 s-1
 		]
 
 		p-sha1: copy #{}
 		a: seed ; A(0)
 		while [output-length > length? p-sha1][
-			a: checksum/method/key a 'sha1 s-2 ; A(n)
-			append p-sha1 checksum/method/key rejoin [a seed] 'sha1 s-2
+			a: checksum/with a 'sha1 s-2 ; A(n)
+			append p-sha1 checksum/with rejoin [a seed] 'sha1 s-2
 		]
 		return (
 			(copy/part p-md5 output-length)
@@ -1057,8 +1057,8 @@ prf: function [
 	p-sha256: make binary! output-length
 	a: seed ; A(0)
 	while [output-length >= length? p-sha256][
-		a: checksum/method/key a 'sha256 secret
-		append p-sha256 checksum/method/key rejoin [a seed] 'sha256 secret
+		a: checksum/with a 'sha256 secret
+		append p-sha256 checksum/with rejoin [a seed] 'sha256 secret
 		;?? p-sha256
 	]
 	;trim the result to required output length
@@ -1579,7 +1579,7 @@ TLS-parse-handshake-message: function [
 					log-error "legacy __private_rsa_verify_hash_md5sha1 not implemented yet!"
 					return *Alert/Decode_error
 				]
-				message-hash: checksum/method message hash-algorithm
+				message-hash: checksum message hash-algorithm
 				;? message-hash
 				if any [
 					error? valid?: try [

src/mezz/sys-load.reb

@@ -149,9 +149,9 @@ load-header: function/with [
 						attempt [decompress/part rest end] ; binary compression
 						attempt [decompress first transcode/next rest] ; script encoded
 					] [return 'bad-compress]
-					if all [sum sum != checksum/secure rest] [return 'bad-checksum]
+					if all [sum sum != checksum rest 'sha1] [return 'bad-checksum]
 				] ; else assumed not compressed
-				all [sum sum != checksum/secure/part rest end] [return 'bad-checksum]
+				all [sum sum != checksum/part rest 'sha1 end] [return 'bad-checksum]
 			]
 		]
 		;assert/type [rest [binary!]] none
@@ -161,9 +161,9 @@ load-header: function/with [
 			case [
 				find hdr/options 'compress [ ; script encoded only
 					unless rest: attempt [decompress first rest] [return 'bad-compress]
-					if all [sum sum != checksum/secure rest] [return 'bad-checksum]
+					if all [sum sum != checksum rest 'sha1] [return 'bad-checksum]
 				]
-				all [sum sum != checksum/secure/part tmp back end] [return 'bad-checksum]
+				all [sum sum != checksum/part tmp 'sha1 back end] [return 'bad-checksum]
 			]
 		]
 		;assert/type [rest [block! binary!]] none
@@ -427,7 +427,7 @@ load-module: function [
 	{Loads a module (from a file, URL, binary, etc.) and inserts it into the system module list.}
 	source [word! file! url! string! binary! module! block!] {Source or block of sources}
 	/version ver [tuple!] "Module must be this version or greater"
-	/check sum [binary!] "Match checksum (must be set in header)"
+	/check sum [binary!] "Match SHA1 checksum (must be set in header)"
 	/no-share "Force module to use its own non-shared global namespace"
 	/no-lib "Don't export to the runtime library (lib)"
 	/import "Do module import now, overriding /delay and 'delay option"