ext/digest/sha1/sha1.c

DEFINITIONS

This source file includes following functions.
  1. blk0
  2. blk0
  3. do_R01
  4. do_R2
  5. do_R3
  6. do_R4
  7. SHA1_Transform
  8. SHA1_Init
  9. SHA1_Update
  10. SHA1_Final
  11. SHA1_Equal 

   1  /*      $NetBSD: sha1.c,v 1.2 2001/03/22 09:51:48 agc Exp $     */
   2  /*      $OpenBSD: sha1.c,v 1.9 1997/07/23 21:12:32 kstailey Exp $       */
   3  /*      $RoughId: sha1.c,v 1.2 2001/07/13 19:49:10 knu Exp $    */
   4  /*      $Id: sha1.c,v 1.1 2001/07/13 20:06:14 knu Exp $ */
   5  
   6  /*
   7   * SHA-1 in C
   8   * By Steve Reid <steve@edmweb.com>
   9   * 100% Public Domain
  10   *
  11   * Test Vectors (from FIPS PUB 180-1)
  12   * "abc"
  13   *   A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
  14   * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
  15   *   84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
  16   * A million repetitions of "a"
  17   *   34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
  18   */
  19  
  20  #include "sha1.h"
  21  
  22  #define SHA1HANDSOFF            /* Copies data before messing with it. */
  23  
  24  #if defined(_KERNEL) || defined(_STANDALONE)
  25  #include <sys/param.h>
  26  #include <sys/systm.h>
  27  #define _DIAGASSERT(x)  (void)0
  28  #else
  29  /* #include "namespace.h" */
  30  #include <assert.h>
  31  #include <string.h>
  32  #endif
  33  
  34  #ifndef _DIAGASSERT
  35  #define _DIAGASSERT(cond)       assert(cond)
  36  #endif
  37  
  38  /*
  39   * XXX Kludge until there is resolution regarding mem*() functions
  40   * XXX in the kernel.
  41   */
  42  #if defined(_KERNEL) || defined(_STANDALONE)
  43  #define memcpy(s, d, l)         bcopy((d), (s), (l))
  44  #endif
  45  
  46  #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
  47  
  48  /*
  49   * blk0() and blk() perform the initial expand.
  50   * I got the idea of expanding during the round function from SSLeay
  51   */
  52  #ifndef WORDS_BIGENDIAN
  53  # define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
  54      |(rol(block->l[i],8)&0x00FF00FF))
  55  #else
  56  # define blk0(i) block->l[i]
  57  #endif
  58  #define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
  59      ^block->l[(i+2)&15]^block->l[i&15],1))
  60  
  61  /*
  62   * (R0+R1), R2, R3, R4 are the different operations (rounds) used in SHA1
  63   */
  64  #define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
  65  #define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
  66  #define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
  67  #define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
  68  #define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
  69  
  70  
  71  typedef union {
  72      uint8_t c[64];
  73      uint32_t l[16];
  74  } CHAR64LONG16;
  75  
  76  #ifdef __sparc_v9__
  77  void do_R01(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, uint32_t *e, CHAR64LONG16 *);
  78  void do_R2(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, uint32_t *e, CHAR64LONG16 *);
  79  void do_R3(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, uint32_t *e, CHAR64LONG16 *);
  80  void do_R4(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, uint32_t *e, CHAR64LONG16 *);
  81  
  82  #define nR0(v,w,x,y,z,i) R0(*v,*w,*x,*y,*z,i)
  83  #define nR1(v,w,x,y,z,i) R1(*v,*w,*x,*y,*z,i)
  84  #define nR2(v,w,x,y,z,i) R2(*v,*w,*x,*y,*z,i)
  85  #define nR3(v,w,x,y,z,i) R3(*v,*w,*x,*y,*z,i)
  86  #define nR4(v,w,x,y,z,i) R4(*v,*w,*x,*y,*z,i)
  87  
  88  void
  89  do_R01(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, uint32_t *e, CHAR64LONG16 *block)
  90  {
  91      nR0(a,b,c,d,e, 0); nR0(e,a,b,c,d, 1); nR0(d,e,a,b,c, 2); nR0(c,d,e,a,b, 3);
  92      nR0(b,c,d,e,a, 4); nR0(a,b,c,d,e, 5); nR0(e,a,b,c,d, 6); nR0(d,e,a,b,c, 7);
  93      nR0(c,d,e,a,b, 8); nR0(b,c,d,e,a, 9); nR0(a,b,c,d,e,10); nR0(e,a,b,c,d,11);
  94      nR0(d,e,a,b,c,12); nR0(c,d,e,a,b,13); nR0(b,c,d,e,a,14); nR0(a,b,c,d,e,15);
  95      nR1(e,a,b,c,d,16); nR1(d,e,a,b,c,17); nR1(c,d,e,a,b,18); nR1(b,c,d,e,a,19);
  96  }
  97  
  98  void
  99  do_R2(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, uint32_t *e, CHAR64LONG16 *block)
 100  {
 101      nR2(a,b,c,d,e,20); nR2(e,a,b,c,d,21); nR2(d,e,a,b,c,22); nR2(c,d,e,a,b,23);
 102      nR2(b,c,d,e,a,24); nR2(a,b,c,d,e,25); nR2(e,a,b,c,d,26); nR2(d,e,a,b,c,27);
 103      nR2(c,d,e,a,b,28); nR2(b,c,d,e,a,29); nR2(a,b,c,d,e,30); nR2(e,a,b,c,d,31);
 104      nR2(d,e,a,b,c,32); nR2(c,d,e,a,b,33); nR2(b,c,d,e,a,34); nR2(a,b,c,d,e,35);
 105      nR2(e,a,b,c,d,36); nR2(d,e,a,b,c,37); nR2(c,d,e,a,b,38); nR2(b,c,d,e,a,39);
 106  }
 107  
 108  void
 109  do_R3(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, uint32_t *e, CHAR64LONG16 *block)
 110  {
 111      nR3(a,b,c,d,e,40); nR3(e,a,b,c,d,41); nR3(d,e,a,b,c,42); nR3(c,d,e,a,b,43);
 112      nR3(b,c,d,e,a,44); nR3(a,b,c,d,e,45); nR3(e,a,b,c,d,46); nR3(d,e,a,b,c,47);
 113      nR3(c,d,e,a,b,48); nR3(b,c,d,e,a,49); nR3(a,b,c,d,e,50); nR3(e,a,b,c,d,51);
 114      nR3(d,e,a,b,c,52); nR3(c,d,e,a,b,53); nR3(b,c,d,e,a,54); nR3(a,b,c,d,e,55);
 115      nR3(e,a,b,c,d,56); nR3(d,e,a,b,c,57); nR3(c,d,e,a,b,58); nR3(b,c,d,e,a,59);
 116  }
 117  
 118  void
 119  do_R4(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, uint32_t *e, CHAR64LONG16 *block)
 120  {
 121      nR4(a,b,c,d,e,60); nR4(e,a,b,c,d,61); nR4(d,e,a,b,c,62); nR4(c,d,e,a,b,63);
 122      nR4(b,c,d,e,a,64); nR4(a,b,c,d,e,65); nR4(e,a,b,c,d,66); nR4(d,e,a,b,c,67);
 123      nR4(c,d,e,a,b,68); nR4(b,c,d,e,a,69); nR4(a,b,c,d,e,70); nR4(e,a,b,c,d,71);
 124      nR4(d,e,a,b,c,72); nR4(c,d,e,a,b,73); nR4(b,c,d,e,a,74); nR4(a,b,c,d,e,75);
 125      nR4(e,a,b,c,d,76); nR4(d,e,a,b,c,77); nR4(c,d,e,a,b,78); nR4(b,c,d,e,a,79);
 126  }
 127  #endif
 128  
 129  /*
 130   * Hash a single 512-bit block. This is the core of the algorithm.
 131   */
 132  void SHA1_Transform(state, buffer)
 133      uint32_t state[5];
 134      const uint8_t buffer[64];
 135  {
 136      uint32_t a, b, c, d, e;
 137      CHAR64LONG16 *block;
 138  
 139  #ifdef SHA1HANDSOFF
 140      CHAR64LONG16 workspace;
 141  #endif
 142  
 143      _DIAGASSERT(buffer != 0);
 144      _DIAGASSERT(state != 0);
 145  
 146  #ifdef SHA1HANDSOFF
 147      block = &workspace;
 148      (void)memcpy(block, buffer, 64);
 149  #else
 150      block = (CHAR64LONG16 *)(void *)buffer;
 151  #endif
 152  
 153      /* Copy context->state[] to working vars */
 154      a = state[0];
 155      b = state[1];
 156      c = state[2];
 157      d = state[3];
 158      e = state[4];
 159  
 160  #ifdef __sparc_v9__
 161      do_R01(&a, &b, &c, &d, &e, block);
 162      do_R2(&a, &b, &c, &d, &e, block);
 163      do_R3(&a, &b, &c, &d, &e, block);
 164      do_R4(&a, &b, &c, &d, &e, block);
 165  #else
 166      /* 4 rounds of 20 operations each. Loop unrolled. */
 167      R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
 168      R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
 169      R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
 170      R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
 171      R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
 172      R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
 173      R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
 174      R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
 175      R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
 176      R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
 177      R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
 178      R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
 179      R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
 180      R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
 181      R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
 182      R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
 183      R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
 184      R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
 185      R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
 186      R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
 187  #endif
 188  
 189      /* Add the working vars back into context.state[] */
 190      state[0] += a;
 191      state[1] += b;
 192      state[2] += c;
 193      state[3] += d;
 194      state[4] += e;
 195  
 196      /* Wipe variables */
 197      a = b = c = d = e = 0;
 198  }
 199  
 200  
 201  /*
 202   * SHA1_Init - Initialize new context
 203   */
 204  void SHA1_Init(context)
 205      SHA1_CTX *context;
 206  {
 207  
 208      _DIAGASSERT(context != 0);
 209  
 210      /* SHA1 initialization constants */
 211      context->state[0] = 0x67452301;
 212      context->state[1] = 0xEFCDAB89;
 213      context->state[2] = 0x98BADCFE;
 214      context->state[3] = 0x10325476;
 215      context->state[4] = 0xC3D2E1F0;
 216      context->count[0] = context->count[1] = 0;
 217  }
 218  
 219  
 220  /*
 221   * Run your data through this.
 222   */
 223  void SHA1_Update(context, data, len)
 224      SHA1_CTX *context;
 225      const uint8_t *data;
 226      size_t len;
 227  {
 228      uint32_t i, j;
 229  
 230      _DIAGASSERT(context != 0);
 231      _DIAGASSERT(data != 0);
 232  
 233      j = context->count[0];
 234      if ((context->count[0] += len << 3) < j)
 235          context->count[1] += (len>>29)+1;
 236      j = (j >> 3) & 63;
 237      if ((j + len) > 63) {
 238          (void)memcpy(&context->buffer[j], data, (i = 64-j));
 239          SHA1_Transform(context->state, context->buffer);
 240          for ( ; i + 63 < len; i += 64)
 241              SHA1_Transform(context->state, &data[i]);
 242          j = 0;
 243      } else {
 244          i = 0;
 245      }
 246      (void)memcpy(&context->buffer[j], &data[i], len - i);
 247  }
 248  
 249  
 250  /*
 251   * Add padding and return the message digest.
 252   */
 253  void SHA1_Final(digest, context)
 254      uint8_t digest[20];
 255      SHA1_CTX* context;
 256  {
 257      size_t i;
 258      uint8_t finalcount[8];
 259  
 260      _DIAGASSERT(digest != 0);
 261      _DIAGASSERT(context != 0);
 262  
 263      for (i = 0; i < 8; i++) {
 264          finalcount[i] = (uint8_t)((context->count[(i >= 4 ? 0 : 1)]
 265           >> ((3-(i & 3)) * 8) ) & 255);  /* Endian independent */
 266      }
 267      SHA1_Update(context, (const uint8_t *)"\200", 1);
 268      while ((context->count[0] & 504) != 448)
 269          SHA1_Update(context, (const uint8_t *)"\0", 1);
 270      SHA1_Update(context, finalcount, 8);  /* Should cause a SHA1_Transform() */
 271  
 272      if (digest) {
 273          for (i = 0; i < 20; i++)
 274              digest[i] = (uint8_t)
 275                  ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
 276      }
 277  }
 278  
 279  int SHA1_Equal(SHA1_CTX* pctx1, SHA1_CTX* pctx2) {
 280          return memcmp(pctx1->count, pctx2->count, sizeof(pctx1->count)) == 0
 281                  && memcmp(pctx1->state, pctx2->state, sizeof(pctx1->state)) == 0
 282                  && memcmp(pctx1->buffer, pctx2->buffer, sizeof(pctx1->buffer)) == 0;
 283  }