0

1 
/* $OpenBSD: sha1.c,v 1.9 2011/01/11 15:50:40 deraadt Exp $ */


2 


3 
/*


4 
* SHA1 in C


5 
* By Steve Reid <steve@edmweb.com>


6 
* 100% Public Domain


7 
*


8 
* Test Vectors (from FIPS PUB 1801)


9 
* "abc"


10 
* A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D


11 
* "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"


12 
* 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1


13 
* A million repetitions of "a"


14 
* 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F


15 
*/


16 


17 
/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */


18 
/* #define SHA1HANDSOFF * Copies data before messing with it. */


19 


20 
#define SHA1HANDSOFF


21 


22 
#include <string.h>


23 
#include <sys/param.h>


24 
//#include <sys/systm.h>


25 


26 
#include "sha1.h"


27 


28 
#define rol(value, bits) (((value) << (bits))  ((value) >> (32  (bits))))


29 


30 
/* blk0() and blk() perform the initial expand. */


31 
/* I got the idea of expanding during the round function from SSLeay */


32 
#if PLATFORM_LITTLEENDIAN


33 
#define blk0(i) (block>l[i] = (rol(block>l[i],24)&0xFF00FF00) \


34 
(rol(block>l[i],8)&0x00FF00FF))


35 
#else


36 
#define blk0(i) block>l[i]


37 
#endif


38 
#define blk(i) (block>l[i&15] = rol(block>l[(i+13)&15]^block>l[(i+8)&15] \


39 
^block>l[(i+2)&15]^block>l[i&15],1))


40 


41 
/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */


42 
#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);


43 
#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);


44 
#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);


45 
#define R3(v,w,x,y,z,i) z+=(((wx)&y)(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);


46 
#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);


47 


48 
/* Hash a single 512bit block. This is the core of the algorithm. */


49 


50 
void


51 
SHA1Transform(u_int32_t state[5], const unsigned char buffer[SHA1_BLOCK_LENGTH])


52 
{


53 
u_int32_t a, b, c, d, e;


54 
typedef union {


55 
unsigned char c[64];


56 
unsigned int l[16];


57 
} CHAR64LONG16;


58 
CHAR64LONG16* block;


59 
#ifdef SHA1HANDSOFF


60 
unsigned char workspace[SHA1_BLOCK_LENGTH];


61 


62 
block = (CHAR64LONG16 *)workspace;


63 
memcpy(block, buffer, SHA1_BLOCK_LENGTH);


64 
#else


65 
block = (CHAR64LONG16 *)buffer;


66 
#endif


67 
/* Copy context>state[] to working vars */


68 
a = state[0];


69 
b = state[1];


70 
c = state[2];


71 
d = state[3];


72 
e = state[4];


73 


74 
/* 4 rounds of 20 operations each. Loop unrolled. */


75 
R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);


76 
R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);


77 
R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);


78 
R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);


79 
R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);


80 
R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);


81 
R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);


82 
R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);


83 
R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);


84 
R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);


85 
R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);


86 
R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);


87 
R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);


88 
R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);


89 
R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);


90 
R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);


91 
R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);


92 
R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);


93 
R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);


94 
R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);


95 


96 
/* Add the working vars back into context.state[] */


97 
state[0] += a;


98 
state[1] += b;


99 
state[2] += c;


100 
state[3] += d;


101 
state[4] += e;


102 
/* Wipe variables */


103 
a = b = c = d = e = 0;


104 
}


105 


106 


107 
/* SHA1Init  Initialize new context */


108 


109 
void


110 
SHA1Init(SHA1_CTX *context)


111 
{


112 
/* SHA1 initialization constants */


113 
context>count = 0;


114 
context>state[0] = 0x67452301;


115 
context>state[1] = 0xEFCDAB89;


116 
context>state[2] = 0x98BADCFE;


117 
context>state[3] = 0x10325476;


118 
context>state[4] = 0xC3D2E1F0;


119 
}


120 


121 


122 
/* Run your data through this. */


123 


124 
void


125 
SHA1Update(SHA1_CTX *context, const unsigned char *data, unsigned int len)


126 
{


127 
unsigned int i;


128 
unsigned int j;


129 


130 
j = (u_int32_t)((context>count >> 3) & 63);


131 
context>count += (len << 3);


132 
if ((j + len) > 63) {


133 
memcpy(&context>buffer[j], data, (i = 64  j));


134 
SHA1Transform(context>state, context>buffer);


135 
for ( ; i + 63 < len; i += 64) {


136 
SHA1Transform(context>state, &data[i]);


137 
}


138 
j = 0;


139 
}


140 
else i = 0;


141 
memcpy(&context>buffer[j], &data[i], len  i);


142 
}


143 


144 


145 
/* Add padding and return the message digest. */


146 


147 
void


148 
SHA1Final(unsigned char digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context)


149 
{


150 
unsigned int i;


151 
unsigned char finalcount[8];


152 


153 
for (i = 0; i < 8; i++) {


154 
finalcount[i] = (unsigned char)((context>count >>


155 
((7  (i & 7)) * 8)) & 255); /* Endian independent */


156 
}


157 
SHA1Update(context, (unsigned char *)"\200", 1);


158 
while ((context>count & 504) != 448) {


159 
SHA1Update(context, (unsigned char *)"\0", 1);


160 
}


161 
SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */


162 


163 
if (digest)


164 
for (i = 0; i < SHA1_DIGEST_LENGTH; i++) {


165 
digest[i] = (unsigned char)((context>state[i >> 2] >>


166 
((3  (i & 3)) * 8)) & 255);


167 
}


168 
memset(finalcount, '\0', 8);


169 
#if 0 /* We want to use this for "keyfill" */


170 
/* Wipe variables */


171 
i = 0;


172 
bzero(context>buffer, 64);


173 
bzero(context>state, 20);


174 
bzero(context>count, 8);


175 
#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite its own static vars */


176 
SHA1Transform(context>state, context>buffer);


177 
#endif


178 
#endif


179 
}
