Home Explore Help
Sign In
alimiracle
/
LibertyBSD_kernel
Watch 3
Star 1
Fork 2
Files Issues 0 Pull Requests 0 Wiki
Tree: 6d546cb445
Branches Tags
LibertyBSD_k...
/
sys
/
lib
/
libsa
/
sha1.c

sha1.c 6.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178 
  1. /*	$OpenBSD: sha1.c,v 1.1 2012/10/09 12:36:50 jsing Exp $	*/
    2. 

  2. 

  3. /*
    4. 

  4.  * SHA-1 in C
    5. 

  5.  * By Steve Reid <steve@edmweb.com>
    6. 

  6.  * 100% Public Domain
    7. 

  7.  * 
    8. 

  8.  * Test Vectors (from FIPS PUB 180-1)
    9. 

  9.  * "abc"
    10. 

  10.  *   A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
    11. 

  11.  * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
    12. 

  12.  *   84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
    13. 

  13.  * A million repetitions of "a"
    14. 

  14.  *   34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
    15. 

  15. */
    16. 

  16. 

  17. /* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
    18. 

  18. /* #define SHA1HANDSOFF * Copies data before messing with it. */
    19. 

  19. 

  20. #define SHA1HANDSOFF
    21. 

  21. 

  22. #include <lib/libsa/stand.h>
    23. 

  23. 

  24. #include "sha1.h"
    25. 

  25. 

  26. #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
    27. 

  27. 

  28. /* blk0() and blk() perform the initial expand. */
    29. 

  29. /* I got the idea of expanding during the round function from SSLeay */
    30. 

  30. #if BYTE_ORDER == LITTLE_ENDIAN
    31. 

  31. #define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
    32. 

  32.     |(rol(block->l[i],8)&0x00FF00FF))
    33. 

  33. #else
    34. 

  34. #define blk0(i) block->l[i]
    35. 

  35. #endif
    36. 

  36. #define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
    37. 

  37.     ^block->l[(i+2)&15]^block->l[i&15],1))
    38. 

  38. 

  39. /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
    40. 

  40. #define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
    41. 

  41. #define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
    42. 

  42. #define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
    43. 

  43. #define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
    44. 

  44. #define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
    45. 

  45. 

  46. /* Hash a single 512-bit block. This is the core of the algorithm. */
    47. 

  47. 

  48. void
    49. 

  49. SHA1Transform(u_int32_t state[5], const unsigned char buffer[SHA1_BLOCK_LENGTH])
    50. 

  50. {
    51. 

  51.     u_int32_t a, b, c, d, e;
    52. 

  52.     typedef union {
    53. 

  53.         unsigned char c[64];
    54. 

  54.         unsigned int l[16];
    55. 

  55.     } CHAR64LONG16;
    56. 

  56.     CHAR64LONG16* block;
    57. 

  57. #ifdef SHA1HANDSOFF
    58. 

  58.     unsigned char workspace[SHA1_BLOCK_LENGTH];
    59. 

  59. 

  60.     block = (CHAR64LONG16 *)workspace;
    61. 

  61.     bcopy(buffer, block, SHA1_BLOCK_LENGTH);
    62. 

  62. #else
    63. 

  63.     block = (CHAR64LONG16 *)buffer;
    64. 

  64. #endif
    65. 

  65.     /* Copy context->state[] to working vars */
    66. 

  66.     a = state[0];
    67. 

  67.     b = state[1];
    68. 

  68.     c = state[2];
    69. 

  69.     d = state[3];
    70. 

  70.     e = state[4];
    71. 

  71. 

  72.     /* 4 rounds of 20 operations each. Loop unrolled. */
    73. 

  73.     R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
    74. 

  74.     R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
    75. 

  75.     R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
    76. 

  76.     R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
    77. 

  77.     R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
    78. 

  78.     R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
    79. 

  79.     R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
    80. 

  80.     R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
    81. 

  81.     R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
    82. 

  82.     R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
    83. 

  83.     R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
    84. 

  84.     R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
    85. 

  85.     R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
    86. 

  86.     R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
    87. 

  87.     R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
    88. 

  88.     R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
    89. 

  89.     R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
    90. 

  90.     R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
    91. 

  91.     R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
    92. 

  92.     R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
    93. 

  93. 

  94.     /* Add the working vars back into context.state[] */
    95. 

  95.     state[0] += a;
    96. 

  96.     state[1] += b;
    97. 

  97.     state[2] += c;
    98. 

  98.     state[3] += d;
    99. 

  99.     state[4] += e;
    100. 

  100.     /* Wipe variables */
    101. 

  101.     a = b = c = d = e = 0;
    102. 

  102. }
    103. 

  103. 

  104. 

  105. /* SHA1Init - Initialize new context */
    106. 

  106. 

  107. void
    108. 

  108. SHA1Init(SHA1_CTX *context)
    109. 

  109. {
    110. 

  110.     /* SHA1 initialization constants */
    111. 

  111.     context->count = 0;
    112. 

  112.     context->state[0] = 0x67452301;
    113. 

  113.     context->state[1] = 0xEFCDAB89;
    114. 

  114.     context->state[2] = 0x98BADCFE;
    115. 

  115.     context->state[3] = 0x10325476;
    116. 

  116.     context->state[4] = 0xC3D2E1F0;
    117. 

  117. }
    118. 

  118. 

  119. 

  120. /* Run your data through this. */
    121. 

  121. 

  122. void
    123. 

  123. SHA1Update(SHA1_CTX *context, const unsigned char *data, unsigned int len)
    124. 

  124. {
    125. 

  125.     unsigned int i;
    126. 

  126.     unsigned int j;
    127. 

  127. 

  128.     j = (u_int32_t)((context->count >> 3) & 63);
    129. 

  129.     context->count += (len << 3);
    130. 

  130.     if ((j + len) > 63) {
    131. 

  131.         bcopy(data, &context->buffer[j], (i = 64 - j));
    132. 

  132.         SHA1Transform(context->state, context->buffer);
    133. 

  133.         for ( ; i + 63 < len; i += 64) {
    134. 

  134.             SHA1Transform(context->state, &data[i]);
    135. 

  135.         }
    136. 

  136.         j = 0;
    137. 

  137.     }
    138. 

  138.     else i = 0;
    139. 

  139.     bcopy(&data[i], &context->buffer[j], len - i);
    140. 

  140. }
    141. 

  141. 

  142. 

  143. /* Add padding and return the message digest. */
    144. 

  144. 

  145. void
    146. 

  146. SHA1Final(unsigned char digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context)
    147. 

  147. {
    148. 

  148.     unsigned int i;
    149. 

  149.     unsigned char finalcount[8];
    150. 

  150. 

  151.     for (i = 0; i < 8; i++) {
    152. 

  152.         finalcount[i] = (unsigned char)((context->count >>
    153. 

  153.             ((7 - (i & 7)) * 8)) & 255);  /* Endian independent */
    154. 

  154.     }
    155. 

  155.     SHA1Update(context, (unsigned char *)"\200", 1);
    156. 

  156.     while ((context->count & 504) != 448) {
    157. 

  157.         SHA1Update(context, (unsigned char *)"\0", 1);
    158. 

  158.     }
    159. 

  159.     SHA1Update(context, finalcount, 8);  /* Should cause a SHA1Transform() */
    160. 

  160. 

  161.     if (digest)
    162. 

  162.         for (i = 0; i < SHA1_DIGEST_LENGTH; i++) {
    163. 

  163.             digest[i] = (unsigned char)((context->state[i >> 2] >>
    164. 

  164.                 ((3 - (i & 3)) * 8)) & 255);
    165. 

  165.       }
    166. 

  166.     explicit_bzero(&finalcount, 8);
    167. 

  167. #if 0	/* We want to use this for "keyfill" */
    168. 

  168.     /* Wipe variables */
    169. 

  169.     i = 0;
    170. 

  170.     explicit_bzero(context->buffer, 64);
    171. 

  171.     explicit_bzero(context->state, 20);
    172. 

  172.     explicit_bzero(context->count, 8);
    173. 

  173. #ifdef SHA1HANDSOFF  /* make SHA1Transform overwrite its own static vars */
    174. 

  174.     SHA1Transform(context->state, context->buffer);
    175. 

  175. #endif
    176. 

  176. #endif
    177. 

  177. }
    178. 

  178.