1 /* (PD) 2001 The Bitzi Corporation |
|
2 * Please see file COPYING or http://bitzi.com/publicdomain |
|
3 * for more info. |
|
4 * |
|
5 * NIST Secure Hash Algorithm |
|
6 * heavily modified by Uwe Hollerbach <uh@alumni.caltech edu> |
|
7 * from Peter C. Gutmann's implementation as found in |
|
8 * Applied Cryptography by Bruce Schneier |
|
9 * Further modifications to include the "UNRAVEL" stuff, below |
|
10 * |
|
11 * This code is in the public domain |
|
12 * |
|
13 * $Id: sha1.c,v 1.2 2008-02-27 10:42:08 slomo Exp $ |
|
14 */ |
|
15 |
|
16 #ifdef HAVE_CONFIG_H |
|
17 #include "config.h" |
|
18 #endif |
|
19 #include <glib.h> |
|
20 #define SHA_BYTE_ORDER G_BYTE_ORDER |
|
21 |
|
22 #include <string.h> |
|
23 #include "sha1.h" |
|
24 |
|
25 /* UNRAVEL should be fastest & biggest */ |
|
26 /* UNROLL_LOOPS should be just as big, but slightly slower */ |
|
27 /* both undefined should be smallest and slowest */ |
|
28 |
|
29 #define UNRAVEL |
|
30 /* #define UNROLL_LOOPS */ |
|
31 |
|
32 /* SHA f()-functions */ |
|
33 |
|
34 #define f1(x,y,z) ((x & y) | (~x & z)) |
|
35 #define f2(x,y,z) (x ^ y ^ z) |
|
36 #define f3(x,y,z) ((x & y) | (x & z) | (y & z)) |
|
37 #define f4(x,y,z) (x ^ y ^ z) |
|
38 |
|
39 /* SHA constants */ |
|
40 |
|
41 #define CONST1 0x5a827999L |
|
42 #define CONST2 0x6ed9eba1L |
|
43 #define CONST3 0x8f1bbcdcL |
|
44 #define CONST4 0xca62c1d6L |
|
45 |
|
46 /* truncate to 32 bits -- should be a null op on 32-bit machines */ |
|
47 |
|
48 #define T32(x) ((x) & 0xffffffffL) |
|
49 |
|
50 /* 32-bit rotate */ |
|
51 |
|
52 #define R32(x,n) T32(((x << n) | (x >> (32 - n)))) |
|
53 |
|
54 /* the generic case, for when the overall rotation is not unraveled */ |
|
55 |
|
56 #define FG(n) \ |
|
57 T = T32(R32(A,5) + f##n(B,C,D) + E + *WP++ + CONST##n); \ |
|
58 E = D; D = C; C = R32(B,30); B = A; A = T |
|
59 |
|
60 /* specific cases, for when the overall rotation is unraveled */ |
|
61 |
|
62 #define FA(n) \ |
|
63 T = T32(R32(A,5) + f##n(B,C,D) + E + *WP++ + CONST##n); B = R32(B,30) |
|
64 |
|
65 #define FB(n) \ |
|
66 E = T32(R32(T,5) + f##n(A,B,C) + D + *WP++ + CONST##n); A = R32(A,30) |
|
67 |
|
68 #define FC(n) \ |
|
69 D = T32(R32(E,5) + f##n(T,A,B) + C + *WP++ + CONST##n); T = R32(T,30) |
|
70 |
|
71 #define FD(n) \ |
|
72 C = T32(R32(D,5) + f##n(E,T,A) + B + *WP++ + CONST##n); E = R32(E,30) |
|
73 |
|
74 #define FE(n) \ |
|
75 B = T32(R32(C,5) + f##n(D,E,T) + A + *WP++ + CONST##n); D = R32(D,30) |
|
76 |
|
77 #define FT(n) \ |
|
78 A = T32(R32(B,5) + f##n(C,D,E) + T + *WP++ + CONST##n); C = R32(C,30) |
|
79 |
|
80 /* do SHA transformation */ |
|
81 |
|
82 static void |
|
83 sha_transform (SHA_INFO * sha_info) |
|
84 { |
|
85 int i; |
|
86 SHA_BYTE *dp; |
|
87 SHA_LONG T, A, B, C, D, E, W[80], *WP; |
|
88 |
|
89 dp = sha_info->data; |
|
90 |
|
91 /* |
|
92 the following makes sure that at least one code block below is |
|
93 traversed or an error is reported, without the necessity for nested |
|
94 preprocessor if/else/endif blocks, which are a great pain in the |
|
95 nether regions of the anatomy... |
|
96 */ |
|
97 #undef SWAP_DONE |
|
98 |
|
99 #if (SHA_BYTE_ORDER == 1234) |
|
100 #define SWAP_DONE |
|
101 for (i = 0; i < 16; ++i) { |
|
102 memcpy (&T, dp, sizeof (SHA_LONG)); |
|
103 dp += 4; |
|
104 W[i] = ((T << 24) & 0xff000000) | ((T << 8) & 0x00ff0000) | |
|
105 ((T >> 8) & 0x0000ff00) | ((T >> 24) & 0x000000ff); |
|
106 } |
|
107 #endif /* SHA_BYTE_ORDER == 1234 */ |
|
108 |
|
109 #if (SHA_BYTE_ORDER == 4321) |
|
110 #define SWAP_DONE |
|
111 for (i = 0; i < 16; ++i) { |
|
112 memcpy (&T, dp, sizeof (SHA_LONG)); |
|
113 dp += 4; |
|
114 W[i] = T32 (T); |
|
115 } |
|
116 #endif /* SHA_BYTE_ORDER == 4321 */ |
|
117 |
|
118 #if (SHA_BYTE_ORDER == 12345678) |
|
119 #define SWAP_DONE |
|
120 for (i = 0; i < 16; i += 2) { |
|
121 memcpy (&T, dp, sizeof (SHA_LONG)); |
|
122 dp += 8; |
|
123 W[i] = ((T << 24) & 0xff000000) | ((T << 8) & 0x00ff0000) | |
|
124 ((T >> 8) & 0x0000ff00) | ((T >> 24) & 0x000000ff); |
|
125 T >>= 32; |
|
126 W[i + 1] = ((T << 24) & 0xff000000) | ((T << 8) & 0x00ff0000) | |
|
127 ((T >> 8) & 0x0000ff00) | ((T >> 24) & 0x000000ff); |
|
128 } |
|
129 #endif /* SHA_BYTE_ORDER == 12345678 */ |
|
130 |
|
131 #if (SHA_BYTE_ORDER == 87654321) |
|
132 #define SWAP_DONE |
|
133 for (i = 0; i < 16; i += 2) { |
|
134 memcpy (&T, dp, sizeof (SHA_LONG)); |
|
135 dp += 8; |
|
136 W[i] = T32 (T >> 32); |
|
137 W[i + 1] = T32 (T); |
|
138 } |
|
139 #endif /* SHA_BYTE_ORDER == 87654321 */ |
|
140 |
|
141 #ifndef SWAP_DONE |
|
142 #error Unknown byte order -- you need to add code here |
|
143 #endif /* SWAP_DONE */ |
|
144 |
|
145 for (i = 16; i < 80; ++i) { |
|
146 W[i] = W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16]; |
|
147 #if (SHA_VERSION == 1) |
|
148 W[i] = R32 (W[i], 1); |
|
149 #endif /* SHA_VERSION */ |
|
150 } |
|
151 A = sha_info->digest[0]; |
|
152 B = sha_info->digest[1]; |
|
153 C = sha_info->digest[2]; |
|
154 D = sha_info->digest[3]; |
|
155 E = sha_info->digest[4]; |
|
156 WP = W; |
|
157 #ifdef UNRAVEL |
|
158 FA (1); |
|
159 FB (1); |
|
160 FC (1); |
|
161 FD (1); |
|
162 FE (1); |
|
163 FT (1); |
|
164 FA (1); |
|
165 FB (1); |
|
166 FC (1); |
|
167 FD (1); |
|
168 FE (1); |
|
169 FT (1); |
|
170 FA (1); |
|
171 FB (1); |
|
172 FC (1); |
|
173 FD (1); |
|
174 FE (1); |
|
175 FT (1); |
|
176 FA (1); |
|
177 FB (1); |
|
178 FC (2); |
|
179 FD (2); |
|
180 FE (2); |
|
181 FT (2); |
|
182 FA (2); |
|
183 FB (2); |
|
184 FC (2); |
|
185 FD (2); |
|
186 FE (2); |
|
187 FT (2); |
|
188 FA (2); |
|
189 FB (2); |
|
190 FC (2); |
|
191 FD (2); |
|
192 FE (2); |
|
193 FT (2); |
|
194 FA (2); |
|
195 FB (2); |
|
196 FC (2); |
|
197 FD (2); |
|
198 FE (3); |
|
199 FT (3); |
|
200 FA (3); |
|
201 FB (3); |
|
202 FC (3); |
|
203 FD (3); |
|
204 FE (3); |
|
205 FT (3); |
|
206 FA (3); |
|
207 FB (3); |
|
208 FC (3); |
|
209 FD (3); |
|
210 FE (3); |
|
211 FT (3); |
|
212 FA (3); |
|
213 FB (3); |
|
214 FC (3); |
|
215 FD (3); |
|
216 FE (3); |
|
217 FT (3); |
|
218 FA (4); |
|
219 FB (4); |
|
220 FC (4); |
|
221 FD (4); |
|
222 FE (4); |
|
223 FT (4); |
|
224 FA (4); |
|
225 FB (4); |
|
226 FC (4); |
|
227 FD (4); |
|
228 FE (4); |
|
229 FT (4); |
|
230 FA (4); |
|
231 FB (4); |
|
232 FC (4); |
|
233 FD (4); |
|
234 FE (4); |
|
235 FT (4); |
|
236 FA (4); |
|
237 FB (4); |
|
238 sha_info->digest[0] = T32 (sha_info->digest[0] + E); |
|
239 sha_info->digest[1] = T32 (sha_info->digest[1] + T); |
|
240 sha_info->digest[2] = T32 (sha_info->digest[2] + A); |
|
241 sha_info->digest[3] = T32 (sha_info->digest[3] + B); |
|
242 sha_info->digest[4] = T32 (sha_info->digest[4] + C); |
|
243 #else /* !UNRAVEL */ |
|
244 #ifdef UNROLL_LOOPS |
|
245 FG (1); |
|
246 FG (1); |
|
247 FG (1); |
|
248 FG (1); |
|
249 FG (1); |
|
250 FG (1); |
|
251 FG (1); |
|
252 FG (1); |
|
253 FG (1); |
|
254 FG (1); |
|
255 FG (1); |
|
256 FG (1); |
|
257 FG (1); |
|
258 FG (1); |
|
259 FG (1); |
|
260 FG (1); |
|
261 FG (1); |
|
262 FG (1); |
|
263 FG (1); |
|
264 FG (1); |
|
265 FG (2); |
|
266 FG (2); |
|
267 FG (2); |
|
268 FG (2); |
|
269 FG (2); |
|
270 FG (2); |
|
271 FG (2); |
|
272 FG (2); |
|
273 FG (2); |
|
274 FG (2); |
|
275 FG (2); |
|
276 FG (2); |
|
277 FG (2); |
|
278 FG (2); |
|
279 FG (2); |
|
280 FG (2); |
|
281 FG (2); |
|
282 FG (2); |
|
283 FG (2); |
|
284 FG (2); |
|
285 FG (3); |
|
286 FG (3); |
|
287 FG (3); |
|
288 FG (3); |
|
289 FG (3); |
|
290 FG (3); |
|
291 FG (3); |
|
292 FG (3); |
|
293 FG (3); |
|
294 FG (3); |
|
295 FG (3); |
|
296 FG (3); |
|
297 FG (3); |
|
298 FG (3); |
|
299 FG (3); |
|
300 FG (3); |
|
301 FG (3); |
|
302 FG (3); |
|
303 FG (3); |
|
304 FG (3); |
|
305 FG (4); |
|
306 FG (4); |
|
307 FG (4); |
|
308 FG (4); |
|
309 FG (4); |
|
310 FG (4); |
|
311 FG (4); |
|
312 FG (4); |
|
313 FG (4); |
|
314 FG (4); |
|
315 FG (4); |
|
316 FG (4); |
|
317 FG (4); |
|
318 FG (4); |
|
319 FG (4); |
|
320 FG (4); |
|
321 FG (4); |
|
322 FG (4); |
|
323 FG (4); |
|
324 FG (4); |
|
325 #else /* !UNROLL_LOOPS */ |
|
326 for (i = 0; i < 20; ++i) { |
|
327 FG (1); |
|
328 } |
|
329 for (i = 20; i < 40; ++i) { |
|
330 FG (2); |
|
331 } |
|
332 for (i = 40; i < 60; ++i) { |
|
333 FG (3); |
|
334 } |
|
335 for (i = 60; i < 80; ++i) { |
|
336 FG (4); |
|
337 } |
|
338 #endif /* !UNROLL_LOOPS */ |
|
339 sha_info->digest[0] = T32 (sha_info->digest[0] + A); |
|
340 sha_info->digest[1] = T32 (sha_info->digest[1] + B); |
|
341 sha_info->digest[2] = T32 (sha_info->digest[2] + C); |
|
342 sha_info->digest[3] = T32 (sha_info->digest[3] + D); |
|
343 sha_info->digest[4] = T32 (sha_info->digest[4] + E); |
|
344 #endif /* !UNRAVEL */ |
|
345 } |
|
346 |
|
347 /* initialize the SHA digest */ |
|
348 |
|
349 void |
|
350 sha_init (SHA_INFO * sha_info) |
|
351 { |
|
352 sha_info->digest[0] = 0x67452301L; |
|
353 sha_info->digest[1] = 0xefcdab89L; |
|
354 sha_info->digest[2] = 0x98badcfeL; |
|
355 sha_info->digest[3] = 0x10325476L; |
|
356 sha_info->digest[4] = 0xc3d2e1f0L; |
|
357 sha_info->count_lo = 0L; |
|
358 sha_info->count_hi = 0L; |
|
359 sha_info->local = 0; |
|
360 } |
|
361 |
|
362 /* update the SHA digest */ |
|
363 |
|
364 void |
|
365 sha_update (SHA_INFO * sha_info, SHA_BYTE * buffer, int count) |
|
366 { |
|
367 int i; |
|
368 SHA_LONG clo; |
|
369 |
|
370 clo = T32 (sha_info->count_lo + ((SHA_LONG) count << 3)); |
|
371 if (clo < sha_info->count_lo) { |
|
372 ++sha_info->count_hi; |
|
373 } |
|
374 sha_info->count_lo = clo; |
|
375 sha_info->count_hi += (SHA_LONG) count >> 29; |
|
376 if (sha_info->local) { |
|
377 i = SHA_BLOCKSIZE - sha_info->local; |
|
378 if (i > count) { |
|
379 i = count; |
|
380 } |
|
381 memcpy (((SHA_BYTE *) sha_info->data) + sha_info->local, buffer, i); |
|
382 count -= i; |
|
383 buffer += i; |
|
384 sha_info->local += i; |
|
385 if (sha_info->local == SHA_BLOCKSIZE) { |
|
386 sha_transform (sha_info); |
|
387 } else { |
|
388 return; |
|
389 } |
|
390 } |
|
391 while (count >= SHA_BLOCKSIZE) { |
|
392 memcpy (sha_info->data, buffer, SHA_BLOCKSIZE); |
|
393 buffer += SHA_BLOCKSIZE; |
|
394 count -= SHA_BLOCKSIZE; |
|
395 sha_transform (sha_info); |
|
396 } |
|
397 memcpy (sha_info->data, buffer, count); |
|
398 sha_info->local = count; |
|
399 } |
|
400 |
|
401 /* finish computing the SHA digest */ |
|
402 |
|
403 void |
|
404 sha_final (unsigned char digest[20], SHA_INFO * sha_info) |
|
405 { |
|
406 int count; |
|
407 SHA_LONG lo_bit_count, hi_bit_count; |
|
408 |
|
409 lo_bit_count = sha_info->count_lo; |
|
410 hi_bit_count = sha_info->count_hi; |
|
411 count = (int) ((lo_bit_count >> 3) & 0x3f); |
|
412 ((SHA_BYTE *) sha_info->data)[count++] = 0x80; |
|
413 if (count > SHA_BLOCKSIZE - 8) { |
|
414 memset (((SHA_BYTE *) sha_info->data) + count, 0, SHA_BLOCKSIZE - count); |
|
415 sha_transform (sha_info); |
|
416 memset ((SHA_BYTE *) sha_info->data, 0, SHA_BLOCKSIZE - 8); |
|
417 } else { |
|
418 memset (((SHA_BYTE *) sha_info->data) + count, 0, |
|
419 SHA_BLOCKSIZE - 8 - count); |
|
420 } |
|
421 sha_info->data[56] = (unsigned char) ((hi_bit_count >> 24) & 0xff); |
|
422 sha_info->data[57] = (unsigned char) ((hi_bit_count >> 16) & 0xff); |
|
423 sha_info->data[58] = (unsigned char) ((hi_bit_count >> 8) & 0xff); |
|
424 sha_info->data[59] = (unsigned char) ((hi_bit_count >> 0) & 0xff); |
|
425 sha_info->data[60] = (unsigned char) ((lo_bit_count >> 24) & 0xff); |
|
426 sha_info->data[61] = (unsigned char) ((lo_bit_count >> 16) & 0xff); |
|
427 sha_info->data[62] = (unsigned char) ((lo_bit_count >> 8) & 0xff); |
|
428 sha_info->data[63] = (unsigned char) ((lo_bit_count >> 0) & 0xff); |
|
429 sha_transform (sha_info); |
|
430 digest[0] = (unsigned char) ((sha_info->digest[0] >> 24) & 0xff); |
|
431 digest[1] = (unsigned char) ((sha_info->digest[0] >> 16) & 0xff); |
|
432 digest[2] = (unsigned char) ((sha_info->digest[0] >> 8) & 0xff); |
|
433 digest[3] = (unsigned char) ((sha_info->digest[0]) & 0xff); |
|
434 digest[4] = (unsigned char) ((sha_info->digest[1] >> 24) & 0xff); |
|
435 digest[5] = (unsigned char) ((sha_info->digest[1] >> 16) & 0xff); |
|
436 digest[6] = (unsigned char) ((sha_info->digest[1] >> 8) & 0xff); |
|
437 digest[7] = (unsigned char) ((sha_info->digest[1]) & 0xff); |
|
438 digest[8] = (unsigned char) ((sha_info->digest[2] >> 24) & 0xff); |
|
439 digest[9] = (unsigned char) ((sha_info->digest[2] >> 16) & 0xff); |
|
440 digest[10] = (unsigned char) ((sha_info->digest[2] >> 8) & 0xff); |
|
441 digest[11] = (unsigned char) ((sha_info->digest[2]) & 0xff); |
|
442 digest[12] = (unsigned char) ((sha_info->digest[3] >> 24) & 0xff); |
|
443 digest[13] = (unsigned char) ((sha_info->digest[3] >> 16) & 0xff); |
|
444 digest[14] = (unsigned char) ((sha_info->digest[3] >> 8) & 0xff); |
|
445 digest[15] = (unsigned char) ((sha_info->digest[3]) & 0xff); |
|
446 digest[16] = (unsigned char) ((sha_info->digest[4] >> 24) & 0xff); |
|
447 digest[17] = (unsigned char) ((sha_info->digest[4] >> 16) & 0xff); |
|
448 digest[18] = (unsigned char) ((sha_info->digest[4] >> 8) & 0xff); |
|
449 digest[19] = (unsigned char) ((sha_info->digest[4]) & 0xff); |
|
450 } |
|