]>
Commit | Line | Data |
---|---|---|
5d0c36f1 | 1 | /* |
de2a27e2 | 2 | * BIRD Library -- SHA-1 Hash Function (FIPS 180-1, RFC 3174) |
5d0c36f1 PT |
3 | * |
4 | * (c) 2015 CZ.NIC z.s.p.o. | |
5 | * | |
6 | * Based on the code from libucw-6.4 | |
7 | * (c) 2008--2009 Martin Mares <mj@ucw.cz> | |
8 | * | |
9 | * Based on the code from libgcrypt-1.2.3, which is | |
10 | * (c) 1998, 2001, 2002, 2003 Free Software Foundation, Inc. | |
11 | * | |
12 | * Can be freely distributed and used under the terms of the GNU GPL. | |
13 | */ | |
14 | ||
15 | #include "lib/sha1.h" | |
16 | #include "lib/unaligned.h" | |
17 | ||
5126380b | 18 | |
5d0c36f1 | 19 | void |
de2a27e2 | 20 | sha1_init(struct hash_context *CTX) |
5d0c36f1 | 21 | { |
de2a27e2 OZ |
22 | struct sha1_context *ctx = (void *) CTX; |
23 | ||
5126380b OZ |
24 | ctx->h0 = 0x67452301; |
25 | ctx->h1 = 0xefcdab89; | |
26 | ctx->h2 = 0x98badcfe; | |
27 | ctx->h3 = 0x10325476; | |
28 | ctx->h4 = 0xc3d2e1f0; | |
29 | ||
30 | ctx->nblocks = 0; | |
31 | ctx->count = 0; | |
5d0c36f1 PT |
32 | } |
33 | ||
34 | /* | |
35 | * Transform the message X which consists of 16 32-bit-words | |
36 | */ | |
37 | static void | |
5126380b | 38 | sha1_transform(struct sha1_context *ctx, const byte *data) |
5d0c36f1 PT |
39 | { |
40 | u32 a,b,c,d,e,tm; | |
41 | u32 x[16]; | |
42 | ||
43 | /* Get values from the chaining vars. */ | |
5126380b OZ |
44 | a = ctx->h0; |
45 | b = ctx->h1; | |
46 | c = ctx->h2; | |
47 | d = ctx->h3; | |
48 | e = ctx->h4; | |
5d0c36f1 PT |
49 | |
50 | #ifdef CPU_BIG_ENDIAN | |
51 | memcpy(x, data, 64); | |
52 | #else | |
53 | int i; | |
54 | for (i = 0; i < 16; i++) | |
55 | x[i] = get_u32(data+4*i); | |
56 | #endif | |
57 | ||
58 | #define K1 0x5A827999L | |
59 | #define K2 0x6ED9EBA1L | |
60 | #define K3 0x8F1BBCDCL | |
61 | #define K4 0xCA62C1D6L | |
62 | #define F1(x,y,z) ( z ^ ( x & ( y ^ z ) ) ) | |
63 | #define F2(x,y,z) ( x ^ y ^ z ) | |
64 | #define F3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) ) | |
65 | #define F4(x,y,z) ( x ^ y ^ z ) | |
66 | ||
67 | #define M(i) (tm = x[i&0x0f] ^ x[(i-14)&0x0f] ^ x[(i-8)&0x0f] ^ x[(i-3)&0x0f], (x[i&0x0f] = ROL(tm, 1))) | |
68 | ||
69 | /* Bitwise rotation of an unsigned int to the left **/ | |
70 | #define ROL(x, bits) (((x) << (bits)) | ((uint)(x) >> (sizeof(uint)*8 - (bits)))) | |
71 | ||
72 | #define R(a, b, c, d, e, f, k, m) \ | |
73 | do \ | |
74 | { \ | |
75 | e += ROL(a, 5) + f(b, c, d) + k + m; \ | |
5126380b | 76 | b = ROL(b, 30); \ |
5d0c36f1 PT |
77 | } while(0) |
78 | ||
79 | R( a, b, c, d, e, F1, K1, x[ 0] ); | |
80 | R( e, a, b, c, d, F1, K1, x[ 1] ); | |
81 | R( d, e, a, b, c, F1, K1, x[ 2] ); | |
82 | R( c, d, e, a, b, F1, K1, x[ 3] ); | |
83 | R( b, c, d, e, a, F1, K1, x[ 4] ); | |
84 | R( a, b, c, d, e, F1, K1, x[ 5] ); | |
85 | R( e, a, b, c, d, F1, K1, x[ 6] ); | |
86 | R( d, e, a, b, c, F1, K1, x[ 7] ); | |
87 | R( c, d, e, a, b, F1, K1, x[ 8] ); | |
88 | R( b, c, d, e, a, F1, K1, x[ 9] ); | |
89 | R( a, b, c, d, e, F1, K1, x[10] ); | |
90 | R( e, a, b, c, d, F1, K1, x[11] ); | |
91 | R( d, e, a, b, c, F1, K1, x[12] ); | |
92 | R( c, d, e, a, b, F1, K1, x[13] ); | |
93 | R( b, c, d, e, a, F1, K1, x[14] ); | |
94 | R( a, b, c, d, e, F1, K1, x[15] ); | |
95 | R( e, a, b, c, d, F1, K1, M(16) ); | |
96 | R( d, e, a, b, c, F1, K1, M(17) ); | |
97 | R( c, d, e, a, b, F1, K1, M(18) ); | |
98 | R( b, c, d, e, a, F1, K1, M(19) ); | |
99 | R( a, b, c, d, e, F2, K2, M(20) ); | |
100 | R( e, a, b, c, d, F2, K2, M(21) ); | |
101 | R( d, e, a, b, c, F2, K2, M(22) ); | |
102 | R( c, d, e, a, b, F2, K2, M(23) ); | |
103 | R( b, c, d, e, a, F2, K2, M(24) ); | |
104 | R( a, b, c, d, e, F2, K2, M(25) ); | |
105 | R( e, a, b, c, d, F2, K2, M(26) ); | |
106 | R( d, e, a, b, c, F2, K2, M(27) ); | |
107 | R( c, d, e, a, b, F2, K2, M(28) ); | |
108 | R( b, c, d, e, a, F2, K2, M(29) ); | |
109 | R( a, b, c, d, e, F2, K2, M(30) ); | |
110 | R( e, a, b, c, d, F2, K2, M(31) ); | |
111 | R( d, e, a, b, c, F2, K2, M(32) ); | |
112 | R( c, d, e, a, b, F2, K2, M(33) ); | |
113 | R( b, c, d, e, a, F2, K2, M(34) ); | |
114 | R( a, b, c, d, e, F2, K2, M(35) ); | |
115 | R( e, a, b, c, d, F2, K2, M(36) ); | |
116 | R( d, e, a, b, c, F2, K2, M(37) ); | |
117 | R( c, d, e, a, b, F2, K2, M(38) ); | |
118 | R( b, c, d, e, a, F2, K2, M(39) ); | |
119 | R( a, b, c, d, e, F3, K3, M(40) ); | |
120 | R( e, a, b, c, d, F3, K3, M(41) ); | |
121 | R( d, e, a, b, c, F3, K3, M(42) ); | |
122 | R( c, d, e, a, b, F3, K3, M(43) ); | |
123 | R( b, c, d, e, a, F3, K3, M(44) ); | |
124 | R( a, b, c, d, e, F3, K3, M(45) ); | |
125 | R( e, a, b, c, d, F3, K3, M(46) ); | |
126 | R( d, e, a, b, c, F3, K3, M(47) ); | |
127 | R( c, d, e, a, b, F3, K3, M(48) ); | |
128 | R( b, c, d, e, a, F3, K3, M(49) ); | |
129 | R( a, b, c, d, e, F3, K3, M(50) ); | |
130 | R( e, a, b, c, d, F3, K3, M(51) ); | |
131 | R( d, e, a, b, c, F3, K3, M(52) ); | |
132 | R( c, d, e, a, b, F3, K3, M(53) ); | |
133 | R( b, c, d, e, a, F3, K3, M(54) ); | |
134 | R( a, b, c, d, e, F3, K3, M(55) ); | |
135 | R( e, a, b, c, d, F3, K3, M(56) ); | |
136 | R( d, e, a, b, c, F3, K3, M(57) ); | |
137 | R( c, d, e, a, b, F3, K3, M(58) ); | |
138 | R( b, c, d, e, a, F3, K3, M(59) ); | |
139 | R( a, b, c, d, e, F4, K4, M(60) ); | |
140 | R( e, a, b, c, d, F4, K4, M(61) ); | |
141 | R( d, e, a, b, c, F4, K4, M(62) ); | |
142 | R( c, d, e, a, b, F4, K4, M(63) ); | |
143 | R( b, c, d, e, a, F4, K4, M(64) ); | |
144 | R( a, b, c, d, e, F4, K4, M(65) ); | |
145 | R( e, a, b, c, d, F4, K4, M(66) ); | |
146 | R( d, e, a, b, c, F4, K4, M(67) ); | |
147 | R( c, d, e, a, b, F4, K4, M(68) ); | |
148 | R( b, c, d, e, a, F4, K4, M(69) ); | |
149 | R( a, b, c, d, e, F4, K4, M(70) ); | |
150 | R( e, a, b, c, d, F4, K4, M(71) ); | |
151 | R( d, e, a, b, c, F4, K4, M(72) ); | |
152 | R( c, d, e, a, b, F4, K4, M(73) ); | |
153 | R( b, c, d, e, a, F4, K4, M(74) ); | |
154 | R( a, b, c, d, e, F4, K4, M(75) ); | |
155 | R( e, a, b, c, d, F4, K4, M(76) ); | |
156 | R( d, e, a, b, c, F4, K4, M(77) ); | |
157 | R( c, d, e, a, b, F4, K4, M(78) ); | |
158 | R( b, c, d, e, a, F4, K4, M(79) ); | |
159 | ||
160 | /* Update chaining vars. */ | |
5126380b OZ |
161 | ctx->h0 += a; |
162 | ctx->h1 += b; | |
163 | ctx->h2 += c; | |
164 | ctx->h3 += d; | |
165 | ctx->h4 += e; | |
5d0c36f1 PT |
166 | } |
167 | ||
168 | /* | |
5126380b | 169 | * Update the message digest with the contents of BUF with length LEN. |
5d0c36f1 PT |
170 | */ |
171 | void | |
de2a27e2 | 172 | sha1_update(struct hash_context *CTX, const byte *buf, uint len) |
5d0c36f1 | 173 | { |
de2a27e2 OZ |
174 | struct sha1_context *ctx = (void *) CTX; |
175 | ||
5126380b | 176 | if (ctx->count) |
5d0c36f1 | 177 | { |
5126380b OZ |
178 | /* Fill rest of internal buffer */ |
179 | for (; len && ctx->count < SHA1_BLOCK_SIZE; len--) | |
180 | ctx->buf[ctx->count++] = *buf++; | |
5d0c36f1 | 181 | |
5126380b | 182 | if (ctx->count < SHA1_BLOCK_SIZE) |
5d0c36f1 | 183 | return; |
5126380b OZ |
184 | |
185 | /* Process data from internal buffer */ | |
186 | sha1_transform(ctx, ctx->buf); | |
187 | ctx->nblocks++; | |
188 | ctx->count = 0; | |
5d0c36f1 PT |
189 | } |
190 | ||
5126380b OZ |
191 | if (!len) |
192 | return; | |
193 | ||
194 | /* Process data from input buffer */ | |
195 | while (len >= SHA1_BLOCK_SIZE) | |
5d0c36f1 | 196 | { |
5126380b OZ |
197 | sha1_transform(ctx, buf); |
198 | ctx->nblocks++; | |
199 | buf += SHA1_BLOCK_SIZE; | |
200 | len -= SHA1_BLOCK_SIZE; | |
5d0c36f1 | 201 | } |
5126380b OZ |
202 | |
203 | /* Copy remaining data to internal buffer */ | |
204 | memcpy(ctx->buf, buf, len); | |
205 | ctx->count = len; | |
5d0c36f1 PT |
206 | } |
207 | ||
208 | /* | |
5126380b OZ |
209 | * The routine final terminates the computation and returns the digest. The |
210 | * handle is prepared for a new cycle, but adding bytes to the handle will the | |
211 | * destroy the returned buffer. | |
212 | * | |
5d0c36f1 PT |
213 | * Returns: 20 bytes representing the digest. |
214 | */ | |
215 | byte * | |
de2a27e2 | 216 | sha1_final(struct hash_context *CTX) |
5d0c36f1 | 217 | { |
de2a27e2 | 218 | struct sha1_context *ctx = (void *) CTX; |
5d0c36f1 | 219 | u32 t, msb, lsb; |
5d0c36f1 | 220 | |
de2a27e2 | 221 | sha1_update(CTX, NULL, 0); /* flush */ |
5d0c36f1 | 222 | |
5126380b | 223 | t = ctx->nblocks; |
5d0c36f1 PT |
224 | /* multiply by 64 to make a byte count */ |
225 | lsb = t << 6; | |
226 | msb = t >> 26; | |
227 | /* add the count */ | |
228 | t = lsb; | |
5126380b | 229 | if ((lsb += ctx->count) < t) |
5d0c36f1 PT |
230 | msb++; |
231 | /* multiply by 8 to make a bit count */ | |
232 | t = lsb; | |
233 | lsb <<= 3; | |
234 | msb <<= 3; | |
235 | msb |= t >> 29; | |
236 | ||
5126380b | 237 | if (ctx->count < 56) |
5d0c36f1 | 238 | { |
5126380b OZ |
239 | /* enough room */ |
240 | ctx->buf[ctx->count++] = 0x80; /* pad */ | |
241 | while (ctx->count < 56) | |
242 | ctx->buf[ctx->count++] = 0; /* pad */ | |
5d0c36f1 | 243 | } |
5126380b | 244 | else |
5d0c36f1 | 245 | { |
5126380b OZ |
246 | /* need one extra block */ |
247 | ctx->buf[ctx->count++] = 0x80; /* pad character */ | |
248 | while (ctx->count < 64) | |
249 | ctx->buf[ctx->count++] = 0; | |
de2a27e2 | 250 | sha1_update(CTX, NULL, 0); /* flush */ |
5126380b | 251 | memset(ctx->buf, 0, 56); /* fill next block with zeroes */ |
5d0c36f1 | 252 | } |
5126380b | 253 | |
5d0c36f1 | 254 | /* append the 64 bit count */ |
5126380b OZ |
255 | ctx->buf[56] = msb >> 24; |
256 | ctx->buf[57] = msb >> 16; | |
257 | ctx->buf[58] = msb >> 8; | |
258 | ctx->buf[59] = msb; | |
259 | ctx->buf[60] = lsb >> 24; | |
260 | ctx->buf[61] = lsb >> 16; | |
261 | ctx->buf[62] = lsb >> 8; | |
262 | ctx->buf[63] = lsb; | |
263 | sha1_transform(ctx, ctx->buf); | |
264 | ||
265 | byte *p = ctx->buf; | |
266 | #define X(a) do { put_u32(p, ctx->h##a); p += 4; } while(0) | |
5d0c36f1 PT |
267 | X(0); |
268 | X(1); | |
269 | X(2); | |
270 | X(3); | |
271 | X(4); | |
272 | #undef X | |
273 | ||
5126380b | 274 | return ctx->buf; |
5d0c36f1 | 275 | } |