56
|
1 |
/*
|
|
2 |
---------------------------------------------------------------------------
|
|
3 |
Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
|
|
4 |
All rights reserved.
|
|
5 |
|
|
6 |
LICENSE TERMS
|
|
7 |
|
|
8 |
The free distribution and use of this software in both source and binary
|
|
9 |
form is allowed (with or without changes) provided that:
|
|
10 |
|
|
11 |
1. distributions of this source code include the above copyright
|
|
12 |
notice, this list of conditions and the following disclaimer;
|
|
13 |
|
|
14 |
2. distributions in binary form include the above copyright
|
|
15 |
notice, this list of conditions and the following disclaimer
|
|
16 |
in the documentation and/or other associated materials;
|
|
17 |
|
|
18 |
3. the copyright holder's name is not used to endorse products
|
|
19 |
built using this software without specific written permission.
|
|
20 |
|
|
21 |
ALTERNATIVELY, provided that this notice is retained in full, this product
|
|
22 |
may be distributed under the terms of the GNU General Public License (GPL),
|
|
23 |
in which case the provisions of the GPL apply INSTEAD OF those given above.
|
|
24 |
|
|
25 |
DISCLAIMER
|
|
26 |
|
|
27 |
This software is provided 'as is' with no explicit or implied warranties
|
|
28 |
in respect of its properties, including, but not limited to, correctness
|
|
29 |
and/or fitness for purpose.
|
|
30 |
---------------------------------------------------------------------------
|
|
31 |
*/
|
|
32 |
|
|
33 |
|
|
34 |
//#include "stdafx.h"
|
|
35 |
|
|
36 |
|
|
37 |
#include <libc/string.h> /* for memcpy() etc. */
|
|
38 |
#include <libc/stdlib.h> /* for _lrotl with VC++ */
|
|
39 |
|
|
40 |
#include "sha1.h"
|
|
41 |
#include "hmac.h"
|
|
42 |
|
|
43 |
void derive_key(const unsigned char pwd[], /* the PASSWORD */
|
|
44 |
unsigned int pwd_len, /* and its length */
|
|
45 |
const unsigned char salt[], /* the SALT and its */
|
|
46 |
unsigned int salt_len, /* length */
|
|
47 |
unsigned int iter, /* the number of iterations */
|
|
48 |
unsigned char key[], /* space for the output key */
|
|
49 |
unsigned int key_len)/* and its required length */
|
|
50 |
{
|
|
51 |
unsigned int i, j, k, n_blk;
|
|
52 |
unsigned char uu[OUT_BLOCK_LENGTH], ux[OUT_BLOCK_LENGTH];
|
|
53 |
hmac_ctx c1[1], c2[1], c3[1];
|
|
54 |
|
|
55 |
/* set HMAC context (c1) for password */
|
|
56 |
hmac_sha1_begin(c1);
|
|
57 |
hmac_sha1_key(pwd, pwd_len, c1);
|
|
58 |
|
|
59 |
/* set HMAC context (c2) for password and salt */
|
|
60 |
memcpy(c2, c1, sizeof(hmac_ctx));
|
|
61 |
hmac_sha1_data(salt, salt_len, c2);
|
|
62 |
|
|
63 |
/* find the number of SHA blocks in the key */
|
|
64 |
n_blk = 1 + (key_len - 1) / OUT_BLOCK_LENGTH;
|
|
65 |
|
|
66 |
for(i = 0; i < n_blk; ++i) /* for each block in key */
|
|
67 |
{
|
|
68 |
/* ux[] holds the running xor value */
|
|
69 |
memset(ux, 0, OUT_BLOCK_LENGTH);
|
|
70 |
|
|
71 |
/* set HMAC context (c3) for password and salt */
|
|
72 |
memcpy(c3, c2, sizeof(hmac_ctx));
|
|
73 |
|
|
74 |
/* enter additional data for 1st block into uu */
|
|
75 |
uu[0] = (unsigned char)((i + 1) >> 24);
|
|
76 |
uu[1] = (unsigned char)((i + 1) >> 16);
|
|
77 |
uu[2] = (unsigned char)((i + 1) >> 8);
|
|
78 |
uu[3] = (unsigned char)(i + 1);
|
|
79 |
|
|
80 |
/* this is the key mixing iteration */
|
|
81 |
for(j = 0, k = 4; j < iter; ++j)
|
|
82 |
{
|
|
83 |
/* add previous round data to HMAC */
|
|
84 |
hmac_sha1_data(uu, k, c3);
|
|
85 |
|
|
86 |
/* obtain HMAC for uu[] */
|
|
87 |
hmac_sha1_end(uu, OUT_BLOCK_LENGTH, c3);
|
|
88 |
|
|
89 |
/* xor into the running xor block */
|
|
90 |
for(k = 0; k < OUT_BLOCK_LENGTH; ++k)
|
|
91 |
ux[k] ^= uu[k];
|
|
92 |
|
|
93 |
/* set HMAC context (c3) for password */
|
|
94 |
memcpy(c3, c1, sizeof(hmac_ctx));
|
|
95 |
}
|
|
96 |
|
|
97 |
/* compile key blocks into the key output */
|
|
98 |
j = 0; k = i * OUT_BLOCK_LENGTH;
|
|
99 |
while(j < OUT_BLOCK_LENGTH && k < key_len)
|
|
100 |
key[k++] = ux[j++];
|
|
101 |
}
|
|
102 |
}
|
|
103 |
|
|
104 |
/*#ifdef TEST*/
|
|
105 |
|
|
106 |
#include <stdio.h>
|
|
107 |
|
|
108 |
#if 0
|
|
109 |
|
|
110 |
struct
|
|
111 |
{ unsigned int pwd_len;
|
|
112 |
unsigned int salt_len;
|
|
113 |
unsigned int it_count;
|
|
114 |
unsigned char *pwd;
|
|
115 |
unsigned char salt[32];
|
|
116 |
unsigned char key[32];
|
|
117 |
} tests[] =
|
|
118 |
{
|
|
119 |
{ 8, 4, 5, (unsigned char*)"password",
|
|
120 |
{ 0x12, 0x34, 0x56, 0x78 },
|
|
121 |
{ 0x5c, 0x75, 0xce, 0xf0, 0x1a, 0x96, 0x0d, 0xf7,
|
|
122 |
0x4c, 0xb6, 0xb4, 0x9b, 0x9e, 0x38, 0xe6, 0xb5 } /* ... */
|
|
123 |
},
|
|
124 |
{ 8, 8, 5, (unsigned char*)"password",
|
|
125 |
{ 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12 },
|
|
126 |
{ 0xd1, 0xda, 0xa7, 0x86, 0x15, 0xf2, 0x87, 0xe6,
|
|
127 |
0xa1, 0xc8, 0xb1, 0x20, 0xd7, 0x06, 0x2a, 0x49 } /* ... */
|
|
128 |
}
|
|
129 |
};
|
|
130 |
|
|
131 |
|
|
132 |
|
|
133 |
|
|
134 |
|
|
135 |
|
|
136 |
void get_key(unsigned char key[],
|
|
137 |
unsigned int keylength)
|
|
138 |
{
|
|
139 |
|
|
140 |
unsigned int i, j, n=0,bitykeylen = 256;
|
|
141 |
unsigned char bitykey[256];
|
|
142 |
|
|
143 |
for(i = 0; i <1; ++i)
|
|
144 |
{
|
|
145 |
derive_key(tests[i].pwd, tests[i].pwd_len, tests[i].salt,
|
|
146 |
tests[i].salt_len, tests[i].it_count, bitykey, bitykeylen);
|
|
147 |
for(j = 0; j < bitykeylen && j < 64; j += 4)
|
|
148 |
{
|
|
149 |
if(j % ( keylength / 8 ) == 0 && j!=0 )
|
|
150 |
break;
|
|
151 |
key[n++] = bitykey[j];
|
|
152 |
key[n++]= bitykey[j+1];
|
|
153 |
key[n++]= bitykey[j+2];
|
|
154 |
key[n++] = bitykey[j+3];
|
|
155 |
}
|
|
156 |
}
|
|
157 |
}
|
|
158 |
|
|
159 |
#endif
|
|
160 |
/*int _tmain(int argc, _TCHAR* argv[])
|
|
161 |
{
|
|
162 |
unsigned char key[16];
|
|
163 |
unsigned int keylength = 128;
|
|
164 |
get_key( key , keylength);
|
|
165 |
return 0;
|
|
166 |
}*/
|
|
167 |
/*.............hmac...................*/
|
|
168 |
/* initialise the HMAC context to zero */
|
|
169 |
void hmac_sha1_begin(hmac_ctx cx[1])
|
|
170 |
{
|
|
171 |
memset(cx, 0, sizeof(hmac_ctx));
|
|
172 |
}
|
|
173 |
|
|
174 |
/* input the HMAC key (can be called multiple times) */
|
|
175 |
int hmac_sha1_key(const unsigned char key[], unsigned long key_len, hmac_ctx cx[1])
|
|
176 |
{
|
|
177 |
if(cx->klen == HMAC_IN_DATA) /* error if further key input */
|
|
178 |
return HMAC_BAD_MODE; /* is attempted in data mode */
|
|
179 |
|
|
180 |
if(cx->klen + key_len > IN_BLOCK_LENGTH) /* if the key has to be hashed */
|
|
181 |
{
|
|
182 |
if(cx->klen <= IN_BLOCK_LENGTH) /* if the hash has not yet been */
|
|
183 |
{ /* started, initialise it and */
|
|
184 |
sha1_begin(cx->ctx); /* hash stored key characters */
|
|
185 |
sha1_hash(cx->key, cx->klen, cx->ctx);
|
|
186 |
}
|
|
187 |
|
|
188 |
sha1_hash(key, key_len, cx->ctx); /* hash long key data into hash */
|
|
189 |
}
|
|
190 |
else /* otherwise store key data */
|
|
191 |
memcpy(cx->key + cx->klen, key, key_len);
|
|
192 |
|
|
193 |
cx->klen += key_len; /* update the key length count */
|
|
194 |
return HMAC_OK;
|
|
195 |
}
|
|
196 |
|
|
197 |
/* input the HMAC data (can be called multiple times) - */
|
|
198 |
/* note that this call terminates the key input phase */
|
|
199 |
void hmac_sha1_data(const unsigned char data[], unsigned long data_len, hmac_ctx cx[1])
|
|
200 |
{ unsigned int i;
|
|
201 |
|
|
202 |
if(cx->klen != HMAC_IN_DATA) /* if not yet in data phase */
|
|
203 |
{
|
|
204 |
if(cx->klen > IN_BLOCK_LENGTH) /* if key is being hashed */
|
|
205 |
{ /* complete the hash and */
|
|
206 |
sha1_end(cx->key, cx->ctx); /* store the result as the */
|
|
207 |
cx->klen = OUT_BLOCK_LENGTH; /* key and set new length */
|
|
208 |
}
|
|
209 |
|
|
210 |
/* pad the key if necessary */
|
|
211 |
memset(cx->key + cx->klen, 0, IN_BLOCK_LENGTH - cx->klen);
|
|
212 |
|
|
213 |
/* xor ipad into key value */
|
|
214 |
for(i = 0; i < (IN_BLOCK_LENGTH >> 2); ++i)
|
|
215 |
((unsigned long*)cx->key)[i] ^= 0x36363636;
|
|
216 |
|
|
217 |
/* and start hash operation */
|
|
218 |
sha1_begin(cx->ctx);
|
|
219 |
sha1_hash(cx->key, IN_BLOCK_LENGTH, cx->ctx);
|
|
220 |
|
|
221 |
/* mark as now in data mode */
|
|
222 |
cx->klen = HMAC_IN_DATA;
|
|
223 |
}
|
|
224 |
|
|
225 |
/* hash the data (if any) */
|
|
226 |
if(data_len)
|
|
227 |
sha1_hash(data, data_len, cx->ctx);
|
|
228 |
}
|
|
229 |
|
|
230 |
/* compute and output the MAC value */
|
|
231 |
void hmac_sha1_end(unsigned char mac[], unsigned long mac_len, hmac_ctx cx[1])
|
|
232 |
{ unsigned char dig[OUT_BLOCK_LENGTH];
|
|
233 |
unsigned int i;
|
|
234 |
|
|
235 |
/* if no data has been entered perform a null data phase */
|
|
236 |
if(cx->klen != HMAC_IN_DATA)
|
|
237 |
hmac_sha1_data((const unsigned char*)0, 0, cx);
|
|
238 |
|
|
239 |
sha1_end(dig, cx->ctx); /* complete the inner hash */
|
|
240 |
|
|
241 |
/* set outer key value using opad and removing ipad */
|
|
242 |
for(i = 0; i < (IN_BLOCK_LENGTH >> 2); ++i)
|
|
243 |
((unsigned long*)cx->key)[i] ^= 0x36363636 ^ 0x5c5c5c5c;
|
|
244 |
|
|
245 |
/* perform the outer hash operation */
|
|
246 |
sha1_begin(cx->ctx);
|
|
247 |
sha1_hash(cx->key, IN_BLOCK_LENGTH, cx->ctx);
|
|
248 |
sha1_hash(dig, OUT_BLOCK_LENGTH, cx->ctx);
|
|
249 |
sha1_end(dig, cx->ctx);
|
|
250 |
|
|
251 |
/* output the hash value */
|
|
252 |
for(i = 0; i < mac_len; ++i)
|
|
253 |
mac[i] = dig[i];
|
|
254 |
}
|
|
255 |
|
|
256 |
/* 'do it all in one go' subroutine */
|
|
257 |
void hmac_sha1(const unsigned char key[], unsigned int key_len,
|
|
258 |
const unsigned char data[], unsigned int data_len,
|
|
259 |
unsigned char mac[], unsigned int mac_len)
|
|
260 |
{ hmac_ctx cx[1];
|
|
261 |
|
|
262 |
hmac_sha1_begin(cx);
|
|
263 |
hmac_sha1_key(key, key_len, cx);
|
|
264 |
hmac_sha1_data(data, data_len, cx);
|
|
265 |
hmac_sha1_end(mac, mac_len, cx);
|
|
266 |
}
|
|
267 |
|
|
268 |
/****************hmac*******************/
|
|
269 |
|
|
270 |
/*****************************sha1******************/
|
|
271 |
/*
|
|
272 |
To obtain the highest speed on processors with 32-bit words, this code
|
|
273 |
needs to determine the order in which bytes are packed into such words.
|
|
274 |
The following block of code is an attempt to capture the most obvious
|
|
275 |
ways in which various environemnts specify their endian definitions.
|
|
276 |
It may well fail, in which case the definitions will need to be set by
|
|
277 |
editing at the points marked **** EDIT HERE IF NECESSARY **** below.
|
|
278 |
*/
|
|
279 |
#define SHA_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */
|
|
280 |
#define SHA_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */
|
|
281 |
/*
|
|
282 |
#if !defined(PLATFORM_BYTE_ORDER)
|
|
283 |
#if defined(LITTLE_ENDIAN) || defined(BIG_ENDIAN)
|
|
284 |
# if defined(LITTLE_ENDIAN) && defined(BIG_ENDIAN)
|
|
285 |
# if defined(BYTE_ORDER)
|
|
286 |
# if (BYTE_ORDER == LITTLE_ENDIAN)
|
|
287 |
# define PLATFORM_BYTE_ORDER SHA_LITTLE_ENDIAN
|
|
288 |
# elif (BYTE_ORDER == BIG_ENDIAN)
|
|
289 |
# define PLATFORM_BYTE_ORDER SHA_BIG_ENDIAN
|
|
290 |
# endif
|
|
291 |
# endif
|
|
292 |
# elif defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN)
|
|
293 |
# define PLATFORM_BYTE_ORDER SHA_LITTLE_ENDIAN
|
|
294 |
# elif !defined(LITTLE_ENDIAN) && defined(BIG_ENDIAN)
|
|
295 |
# define PLATFORM_BYTE_ORDER SHA_BIG_ENDIAN
|
|
296 |
# endif
|
|
297 |
#elif defined(_LITTLE_ENDIAN) || defined(_BIG_ENDIAN)
|
|
298 |
# if defined(_LITTLE_ENDIAN) && defined(_BIG_ENDIAN)
|
|
299 |
# if defined(_BYTE_ORDER)
|
|
300 |
# if (_BYTE_ORDER == _LITTLE_ENDIAN)
|
|
301 |
# define PLATFORM_BYTE_ORDER SHA_LITTLE_ENDIAN
|
|
302 |
# elif (_BYTE_ORDER == _BIG_ENDIAN)
|
|
303 |
# define PLATFORM_BYTE_ORDER SHA_BIG_ENDIAN
|
|
304 |
# endif
|
|
305 |
# endif
|
|
306 |
# elif defined(_LITTLE_ENDIAN) && !defined(_BIG_ENDIAN)
|
|
307 |
# define PLATFORM_BYTE_ORDER SHA_LITTLE_ENDIAN
|
|
308 |
# elif !defined(_LITTLE_ENDIAN) && defined(_BIG_ENDIAN)
|
|
309 |
# define PLATFORM_BYTE_ORDER SHA_BIG_ENDIAN
|
|
310 |
# endif
|
|
311 |
#elif 0 /#* **** EDIT HERE IF NECESSARY **** */
|
|
312 |
/*#define PLATFORM_BYTE_ORDER SHA_LITTLE_ENDIAN
|
|
313 |
/#*#elif 0 /#* **** EDIT HERE IF NECESSARY ****# /
|
|
314 |
#define PLATFORM_BYTE_ORDER SHA_BIG_ENDIAN
|
|
315 |
#elif (('1234' >> 24) == '1')
|
|
316 |
# define PLATFORM_BYTE_ORDER SHA_LITTLE_ENDIAN
|
|
317 |
#elif (('4321' >> 24) == '1')
|
|
318 |
# define PLATFORM_BYTE_ORDER SHA_BIG_ENDIAN
|
|
319 |
#endif
|
|
320 |
#endif
|
|
321 |
*/
|
|
322 |
//#define PLATFORM_BYTE_ORDER SHA_BIG_ENDIAN
|
|
323 |
//# define PLATFORM_BYTE_ORDER SHA_BIG_ENDIAN
|
|
324 |
# define PLATFORM_BYTE_ORDER SHA_LITTLE_ENDIAN
|
|
325 |
#if !defined(PLATFORM_BYTE_ORDER)
|
|
326 |
# error Please set undetermined byte order (lines 87 or 89 of sha1.c).
|
|
327 |
#endif
|
|
328 |
|
|
329 |
#define rotl32(x,n) (((x) << n) | ((x) >> (32 - n)))
|
|
330 |
|
|
331 |
#if (PLATFORM_BYTE_ORDER == SHA_BIG_ENDIAN)
|
|
332 |
#define swap_b32(x) (x)
|
|
333 |
#elif defined(bswap_32)
|
|
334 |
#define swap_b32(x) bswap_32(x)
|
|
335 |
#else
|
|
336 |
#define swap_b32(x) ((rotl32((x), 8) & 0x00ff00ff) | (rotl32((x), 24) & 0xff00ff00))
|
|
337 |
#endif
|
|
338 |
|
|
339 |
#define SHA1_MASK (SHA1_BLOCK_SIZE - 1)
|
|
340 |
|
|
341 |
/* reverse byte order in 32-bit words */
|
|
342 |
|
|
343 |
#define ch(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
|
|
344 |
#define parity(x,y,z) ((x) ^ (y) ^ (z))
|
|
345 |
#define maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
|
|
346 |
|
|
347 |
/* A normal version as set out in the FIPS */
|
|
348 |
|
|
349 |
#define rnd(f,k) \
|
|
350 |
t = a; a = rotl32(a,5) + f(b,c,d) + e + k + w[i]; \
|
|
351 |
e = d; d = c; c = rotl32(b, 30); b = t
|
|
352 |
|
|
353 |
void sha1_compile(sha1_ctx ctx[1])
|
|
354 |
{ sha1_32t w[80], i, a, b, c, d, e, t;
|
|
355 |
|
|
356 |
/* note that words are compiled from the buffer into 32-bit */
|
|
357 |
/* words in big-endian order so an order reversal is needed */
|
|
358 |
/* here on little endian machines */
|
|
359 |
for(i = 0; i < SHA1_BLOCK_SIZE / 4; ++i)
|
|
360 |
w[i] = swap_b32(ctx->wbuf[i]);
|
|
361 |
|
|
362 |
for(i = SHA1_BLOCK_SIZE / 4; i < 80; ++i)
|
|
363 |
w[i] = rotl32(w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16], 1);
|
|
364 |
|
|
365 |
a = ctx->hash[0];
|
|
366 |
b = ctx->hash[1];
|
|
367 |
c = ctx->hash[2];
|
|
368 |
d = ctx->hash[3];
|
|
369 |
e = ctx->hash[4];
|
|
370 |
|
|
371 |
for(i = 0; i < 20; ++i)
|
|
372 |
{
|
|
373 |
rnd(ch, 0x5a827999);
|
|
374 |
}
|
|
375 |
|
|
376 |
for(i = 20; i < 40; ++i)
|
|
377 |
{
|
|
378 |
rnd(parity, 0x6ed9eba1);
|
|
379 |
}
|
|
380 |
|
|
381 |
for(i = 40; i < 60; ++i)
|
|
382 |
{
|
|
383 |
rnd(maj, 0x8f1bbcdc);
|
|
384 |
}
|
|
385 |
|
|
386 |
for(i = 60; i < 80; ++i)
|
|
387 |
{
|
|
388 |
rnd(parity, 0xca62c1d6);
|
|
389 |
}
|
|
390 |
|
|
391 |
ctx->hash[0] += a;
|
|
392 |
ctx->hash[1] += b;
|
|
393 |
ctx->hash[2] += c;
|
|
394 |
ctx->hash[3] += d;
|
|
395 |
ctx->hash[4] += e;
|
|
396 |
}
|
|
397 |
|
|
398 |
void sha1_begin(sha1_ctx ctx[1])
|
|
399 |
{
|
|
400 |
ctx->count[0] = ctx->count[1] = 0;
|
|
401 |
ctx->hash[0] = 0x67452301;
|
|
402 |
ctx->hash[1] = 0xefcdab89;
|
|
403 |
ctx->hash[2] = 0x98badcfe;
|
|
404 |
ctx->hash[3] = 0x10325476;
|
|
405 |
ctx->hash[4] = 0xc3d2e1f0;
|
|
406 |
}
|
|
407 |
|
|
408 |
/* SHA1 hash data in an array of bytes into hash buffer and */
|
|
409 |
/* call the hash_compile function as required. */
|
|
410 |
|
|
411 |
void sha1_hash(const unsigned char data[], unsigned int len, sha1_ctx ctx[1])
|
|
412 |
{ sha1_32t pos = (sha1_32t)(ctx->count[0] & SHA1_MASK),
|
|
413 |
space = SHA1_BLOCK_SIZE - pos;
|
|
414 |
const unsigned char *sp = data;
|
|
415 |
|
|
416 |
if((ctx->count[0] += len) < len)
|
|
417 |
++(ctx->count[1]);
|
|
418 |
|
|
419 |
while(len >= space) /* tranfer whole blocks if possible */
|
|
420 |
{
|
|
421 |
memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space);
|
|
422 |
sp += space; len -= space; space = SHA1_BLOCK_SIZE; pos = 0;
|
|
423 |
sha1_compile(ctx);
|
|
424 |
}
|
|
425 |
|
|
426 |
/*lint -e{803} conceivable data overrun */
|
|
427 |
/* there are two cases: the above while loop entered or not */
|
|
428 |
/* entered. If not entered, 'space = SHA1_BLOCK_SIZE - pos' */
|
|
429 |
/* and 'len < space' so that 'len + pos < SHA1_BLOCK_SIZE'. */
|
|
430 |
/* If entered, 'pos = 0', 'space = SHA1_BLOCK_SIZE' and */
|
|
431 |
/* 'len < space' so that 'pos + len < SHA1_BLOCK_SIZE'. In */
|
|
432 |
/* both cases, therefore, the memory copy is in the buffer */
|
|
433 |
|
|
434 |
memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len);
|
|
435 |
}
|
|
436 |
|
|
437 |
/* SHA1 final padding and digest calculation */
|
|
438 |
|
|
439 |
#if (PLATFORM_BYTE_ORDER == SHA_LITTLE_ENDIAN)
|
|
440 |
static sha1_32t mask[4] =
|
|
441 |
{ 0x00000000, 0x000000ff, 0x0000ffff, 0x00ffffff };
|
|
442 |
static sha1_32t bits[4] =
|
|
443 |
{ 0x00000080, 0x00008000, 0x00800000, 0x80000000 };
|
|
444 |
#else
|
|
445 |
static sha1_32t mask[4] =
|
|
446 |
{ 0x00000000, 0xff000000, 0xffff0000, 0xffffff00 };
|
|
447 |
static sha1_32t bits[4] =
|
|
448 |
{ 0x80000000, 0x00800000, 0x00008000, 0x00000080 };
|
|
449 |
#endif
|
|
450 |
|
|
451 |
void sha1_end(unsigned char hval[], sha1_ctx ctx[1])
|
|
452 |
{ sha1_32t i = (sha1_32t)(ctx->count[0] & SHA1_MASK);
|
|
453 |
|
|
454 |
|
|
455 |
/* mask out the rest of any partial 32-bit word and then set */
|
|
456 |
/* the next byte to 0x80. On big-endian machines any bytes in */
|
|
457 |
/* the buffer will be at the top end of 32 bit words, on little */
|
|
458 |
/* endian machines they will be at the bottom. Hence the AND */
|
|
459 |
/* and OR masks above are reversed for little endian systems */
|
|
460 |
/* Note that we can always add the first padding byte at this */
|
|
461 |
/* point because the buffer always has at least one empty slot */
|
|
462 |
ctx->wbuf[i >> 2] = (ctx->wbuf[i >> 2] & mask[i & 3]) | bits[i & 3];
|
|
463 |
|
|
464 |
/* we need 9 or more empty positions, one for the padding byte */
|
|
465 |
/* (above) and eight for the length count. If there is not */
|
|
466 |
/* enough space pad and empty the buffer */
|
|
467 |
if(i > SHA1_BLOCK_SIZE - 9)
|
|
468 |
{
|
|
469 |
if(i < 60) ctx->wbuf[15] = 0;
|
|
470 |
sha1_compile(ctx);
|
|
471 |
i = 0;
|
|
472 |
}
|
|
473 |
else /* compute a word index for the empty buffer positions */
|
|
474 |
i = (i >> 2) + 1;
|
|
475 |
|
|
476 |
while(i < 14) /* and zero pad all but last two positions */
|
|
477 |
ctx->wbuf[i++] = 0;
|
|
478 |
|
|
479 |
/* assemble the eight byte counter in in big-endian format */
|
|
480 |
ctx->wbuf[14] = swap_b32((ctx->count[1] << 3) | (ctx->count[0] >> 29));
|
|
481 |
ctx->wbuf[15] = swap_b32(ctx->count[0] << 3);
|
|
482 |
|
|
483 |
sha1_compile(ctx);
|
|
484 |
|
|
485 |
/* extract the hash value as bytes in case the hash buffer is */
|
|
486 |
/* misaligned for 32-bit words */
|
|
487 |
/*lint -e{504} unusual shift operation (unusually formed right argument) */
|
|
488 |
for(i = 0; i < SHA1_DIGEST_SIZE; ++i)
|
|
489 |
hval[i] = (unsigned char)(ctx->hash[i >> 2] >> (8 * (~i & 3)));
|
|
490 |
}
|
|
491 |
|
|
492 |
void sha1(unsigned char hval[], const unsigned char data[], unsigned int len)
|
|
493 |
{ sha1_ctx cx[1];
|
|
494 |
|
|
495 |
sha1_begin(cx); sha1_hash(data, len, cx); sha1_end(hval, cx);
|
|
496 |
}
|