Statistics
| Branch: | Revision:

iof-bird / bird-2.0.1 / lib / sha1.c @ 6b3f1a54

History | View | Annotate | Download (7.03 KB)

1
/*
2
 *        BIRD Library -- SHA-1 Hash Function (FIPS 180-1, RFC 3174)
3
 *
4
 *        (c) 2015 CZ.NIC z.s.p.o.
5
 *
6
 *        Based on the code from libucw-6.4
7
 *        (c) 2008--2009 Martin Mares <mj@ucw.cz>
8
 *
9
 *        Based on the code from libgcrypt-1.2.3, which is
10
 *        (c) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
11
 *
12
 *        Can be freely distributed and used under the terms of the GNU GPL.
13
 */
14

    
15
#include "lib/sha1.h"
16
#include "lib/unaligned.h"
17

    
18

    
19
void
20
sha1_init(struct hash_context *CTX)
21
{
22
  struct sha1_context *ctx = (void *) CTX;
23

    
24
  ctx->h0 = 0x67452301;
25
  ctx->h1 = 0xefcdab89;
26
  ctx->h2 = 0x98badcfe;
27
  ctx->h3 = 0x10325476;
28
  ctx->h4 = 0xc3d2e1f0;
29

    
30
  ctx->nblocks = 0;
31
  ctx->count = 0;
32
}
33

    
34
/*
35
 * Transform the message X which consists of 16 32-bit-words
36
 */
37
static void
38
sha1_transform(struct sha1_context *ctx, const byte *data)
39
{
40
  u32 a,b,c,d,e,tm;
41
  u32 x[16];
42

    
43
  /* Get values from the chaining vars. */
44
  a = ctx->h0;
45
  b = ctx->h1;
46
  c = ctx->h2;
47
  d = ctx->h3;
48
  e = ctx->h4;
49

    
50
#ifdef CPU_BIG_ENDIAN
51
  memcpy(x, data, 64);
52
#else
53
  int i;
54
  for (i = 0; i < 16; i++)
55
    x[i] = get_u32(data+4*i);
56
#endif
57

    
58
#define K1                0x5A827999L
59
#define K2                0x6ED9EBA1L
60
#define K3                0x8F1BBCDCL
61
#define K4                  0xCA62C1D6L
62
#define F1(x,y,z)        ( z ^ ( x & ( y ^ z ) ) )
63
#define F2(x,y,z)        ( x ^ y ^ z )
64
#define F3(x,y,z)        ( ( x & y ) | ( z & ( x | y ) ) )
65
#define F4(x,y,z)        ( x ^ y ^ z )
66

    
67
#define M(i) (tm = x[i&0x0f] ^ x[(i-14)&0x0f] ^ x[(i-8)&0x0f] ^ x[(i-3)&0x0f], (x[i&0x0f] = ROL(tm, 1)))
68

    
69
/* Bitwise rotation of an unsigned int to the left **/
70
#define        ROL(x, bits) (((x) << (bits)) | ((uint)(x) >> (sizeof(uint)*8 - (bits))))
71

    
72
  #define R(a, b, c, d, e, f, k, m)                \
73
    do                                                 \
74
    {                                                \
75
      e += ROL(a, 5) + f(b, c, d) + k + m;        \
76
      b = ROL(b, 30);                                \
77
    } while(0)
78

    
79
  R( a, b, c, d, e, F1, K1, x[ 0] );
80
  R( e, a, b, c, d, F1, K1, x[ 1] );
81
  R( d, e, a, b, c, F1, K1, x[ 2] );
82
  R( c, d, e, a, b, F1, K1, x[ 3] );
83
  R( b, c, d, e, a, F1, K1, x[ 4] );
84
  R( a, b, c, d, e, F1, K1, x[ 5] );
85
  R( e, a, b, c, d, F1, K1, x[ 6] );
86
  R( d, e, a, b, c, F1, K1, x[ 7] );
87
  R( c, d, e, a, b, F1, K1, x[ 8] );
88
  R( b, c, d, e, a, F1, K1, x[ 9] );
89
  R( a, b, c, d, e, F1, K1, x[10] );
90
  R( e, a, b, c, d, F1, K1, x[11] );
91
  R( d, e, a, b, c, F1, K1, x[12] );
92
  R( c, d, e, a, b, F1, K1, x[13] );
93
  R( b, c, d, e, a, F1, K1, x[14] );
94
  R( a, b, c, d, e, F1, K1, x[15] );
95
  R( e, a, b, c, d, F1, K1, M(16) );
96
  R( d, e, a, b, c, F1, K1, M(17) );
97
  R( c, d, e, a, b, F1, K1, M(18) );
98
  R( b, c, d, e, a, F1, K1, M(19) );
99
  R( a, b, c, d, e, F2, K2, M(20) );
100
  R( e, a, b, c, d, F2, K2, M(21) );
101
  R( d, e, a, b, c, F2, K2, M(22) );
102
  R( c, d, e, a, b, F2, K2, M(23) );
103
  R( b, c, d, e, a, F2, K2, M(24) );
104
  R( a, b, c, d, e, F2, K2, M(25) );
105
  R( e, a, b, c, d, F2, K2, M(26) );
106
  R( d, e, a, b, c, F2, K2, M(27) );
107
  R( c, d, e, a, b, F2, K2, M(28) );
108
  R( b, c, d, e, a, F2, K2, M(29) );
109
  R( a, b, c, d, e, F2, K2, M(30) );
110
  R( e, a, b, c, d, F2, K2, M(31) );
111
  R( d, e, a, b, c, F2, K2, M(32) );
112
  R( c, d, e, a, b, F2, K2, M(33) );
113
  R( b, c, d, e, a, F2, K2, M(34) );
114
  R( a, b, c, d, e, F2, K2, M(35) );
115
  R( e, a, b, c, d, F2, K2, M(36) );
116
  R( d, e, a, b, c, F2, K2, M(37) );
117
  R( c, d, e, a, b, F2, K2, M(38) );
118
  R( b, c, d, e, a, F2, K2, M(39) );
119
  R( a, b, c, d, e, F3, K3, M(40) );
120
  R( e, a, b, c, d, F3, K3, M(41) );
121
  R( d, e, a, b, c, F3, K3, M(42) );
122
  R( c, d, e, a, b, F3, K3, M(43) );
123
  R( b, c, d, e, a, F3, K3, M(44) );
124
  R( a, b, c, d, e, F3, K3, M(45) );
125
  R( e, a, b, c, d, F3, K3, M(46) );
126
  R( d, e, a, b, c, F3, K3, M(47) );
127
  R( c, d, e, a, b, F3, K3, M(48) );
128
  R( b, c, d, e, a, F3, K3, M(49) );
129
  R( a, b, c, d, e, F3, K3, M(50) );
130
  R( e, a, b, c, d, F3, K3, M(51) );
131
  R( d, e, a, b, c, F3, K3, M(52) );
132
  R( c, d, e, a, b, F3, K3, M(53) );
133
  R( b, c, d, e, a, F3, K3, M(54) );
134
  R( a, b, c, d, e, F3, K3, M(55) );
135
  R( e, a, b, c, d, F3, K3, M(56) );
136
  R( d, e, a, b, c, F3, K3, M(57) );
137
  R( c, d, e, a, b, F3, K3, M(58) );
138
  R( b, c, d, e, a, F3, K3, M(59) );
139
  R( a, b, c, d, e, F4, K4, M(60) );
140
  R( e, a, b, c, d, F4, K4, M(61) );
141
  R( d, e, a, b, c, F4, K4, M(62) );
142
  R( c, d, e, a, b, F4, K4, M(63) );
143
  R( b, c, d, e, a, F4, K4, M(64) );
144
  R( a, b, c, d, e, F4, K4, M(65) );
145
  R( e, a, b, c, d, F4, K4, M(66) );
146
  R( d, e, a, b, c, F4, K4, M(67) );
147
  R( c, d, e, a, b, F4, K4, M(68) );
148
  R( b, c, d, e, a, F4, K4, M(69) );
149
  R( a, b, c, d, e, F4, K4, M(70) );
150
  R( e, a, b, c, d, F4, K4, M(71) );
151
  R( d, e, a, b, c, F4, K4, M(72) );
152
  R( c, d, e, a, b, F4, K4, M(73) );
153
  R( b, c, d, e, a, F4, K4, M(74) );
154
  R( a, b, c, d, e, F4, K4, M(75) );
155
  R( e, a, b, c, d, F4, K4, M(76) );
156
  R( d, e, a, b, c, F4, K4, M(77) );
157
  R( c, d, e, a, b, F4, K4, M(78) );
158
  R( b, c, d, e, a, F4, K4, M(79) );
159

    
160
  /* Update chaining vars. */
161
  ctx->h0 += a;
162
  ctx->h1 += b;
163
  ctx->h2 += c;
164
  ctx->h3 += d;
165
  ctx->h4 += e;
166
}
167

    
168
/*
169
 * Update the message digest with the contents of BUF with length LEN.
170
 */
171
void
172
sha1_update(struct hash_context *CTX, const byte *buf, uint len)
173
{
174
  struct sha1_context *ctx = (void *) CTX;
175

    
176
  if (ctx->count)
177
  {
178
    /* Fill rest of internal buffer */
179
    for (; len && ctx->count < SHA1_BLOCK_SIZE; len--)
180
      ctx->buf[ctx->count++] = *buf++;
181

    
182
    if (ctx->count < SHA1_BLOCK_SIZE)
183
      return;
184

    
185
    /* Process data from internal buffer */
186
    sha1_transform(ctx, ctx->buf);
187
    ctx->nblocks++;
188
    ctx->count = 0;
189
  }
190

    
191
  if (!len)
192
    return;
193

    
194
  /* Process data from input buffer */
195
  while (len >= SHA1_BLOCK_SIZE)
196
  {
197
    sha1_transform(ctx, buf);
198
    ctx->nblocks++;
199
    buf += SHA1_BLOCK_SIZE;
200
    len -= SHA1_BLOCK_SIZE;
201
  }
202

    
203
  /* Copy remaining data to internal buffer */
204
  memcpy(ctx->buf, buf, len);
205
  ctx->count = len;
206
}
207

    
208
/*
209
 * The routine final terminates the computation and returns the digest. The
210
 * handle is prepared for a new cycle, but adding bytes to the handle will the
211
 * destroy the returned buffer.
212
 *
213
 * Returns: 20 bytes representing the digest.
214
 */
215
byte *
216
sha1_final(struct hash_context *CTX)
217
{
218
  struct sha1_context *ctx = (void *) CTX;
219
  u32 t, msb, lsb;
220

    
221
  sha1_update(CTX, NULL, 0);        /* flush */
222

    
223
  t = ctx->nblocks;
224
  /* multiply by 64 to make a byte count */
225
  lsb = t << 6;
226
  msb = t >> 26;
227
  /* add the count */
228
  t = lsb;
229
  if ((lsb += ctx->count) < t)
230
    msb++;
231
  /* multiply by 8 to make a bit count */
232
  t = lsb;
233
  lsb <<= 3;
234
  msb <<= 3;
235
  msb |= t >> 29;
236

    
237
  if (ctx->count < 56)
238
  {
239
    /* enough room */
240
    ctx->buf[ctx->count++] = 0x80; /* pad */
241
    while (ctx->count < 56)
242
      ctx->buf[ctx->count++] = 0;  /* pad */
243
  }
244
  else
245
  {
246
    /* need one extra block */
247
    ctx->buf[ctx->count++] = 0x80; /* pad character */
248
    while (ctx->count < 64)
249
      ctx->buf[ctx->count++] = 0;
250
    sha1_update(CTX, NULL, 0);        /* flush */
251
    memset(ctx->buf, 0, 56); /* fill next block with zeroes */
252
  }
253

    
254
  /* append the 64 bit count */
255
  ctx->buf[56] = msb >> 24;
256
  ctx->buf[57] = msb >> 16;
257
  ctx->buf[58] = msb >>  8;
258
  ctx->buf[59] = msb;
259
  ctx->buf[60] = lsb >> 24;
260
  ctx->buf[61] = lsb >> 16;
261
  ctx->buf[62] = lsb >>  8;
262
  ctx->buf[63] = lsb;
263
  sha1_transform(ctx, ctx->buf);
264

    
265
  byte *p = ctx->buf;
266
#define X(a) do { put_u32(p, ctx->h##a); p += 4; } while(0)
267
  X(0);
268
  X(1);
269
  X(2);
270
  X(3);
271
  X(4);
272
#undef X
273

    
274
  return ctx->buf;
275
}