sha1.c - vx32 - Local 9vx git repository for patches.
(HTM) git clone git://r-36.net/vx32
(DIR) Log
(DIR) Files
(DIR) Refs
---
sha1.c (13145B)
---
1 /* sha.c - Functions to compute SHA1 message digest of files or
2 memory blocks according to the NIST specification FIPS-180-1.
3
4 Copyright (C) 2000, 2001, 2003 Free Software Foundation, Inc.
5
6 This program is free software; you can redistribute it and/or modify it
7 under the terms of the GNU General Public License as published by the
8 Free Software Foundation; either version 2, or (at your option) any
9 later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software Foundation,
18 Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
19
20 /* Written by Scott G. Miller
21 Credits:
22 Robert Klep <robert@ilse.nl> -- Expansion function fix
23 */
24
25 #ifdef HAVE_CONFIG_H
26 # include <config.h>
27 #endif
28
29 #include "sha1.h"
30
31 #include <sys/types.h>
32
33 #include <stdlib.h>
34 #include <string.h>
35
36
37 /*
38 Not-swap is a macro that does an endian swap on architectures that are
39 big-endian, as SHA needs some data in a little-endian format
40 */
41
42 #ifdef WORDS_BIGENDIAN
43 # define NOTSWAP(n) (n)
44 # define SWAP(n) \
45 (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
46 #else
47 # define NOTSWAP(n) \
48 (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
49 # define SWAP(n) (n)
50 #endif
51
52 #define BLOCKSIZE 4096
53 /* Ensure that BLOCKSIZE is a multiple of 64. */
54 #if BLOCKSIZE % 64 != 0
55 /* FIXME-someday (soon?): use #error instead of this kludge. */
56 "invalid BLOCKSIZE"
57 #endif
58
59 /* This array contains the bytes used to pad the buffer to the next
60 64-byte boundary. (RFC 1321, 3.1: Step 1) */
61 static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
62
63
64 /*
65 Takes a pointer to a 160 bit block of data (five 32 bit ints) and
66 intializes it to the start constants of the SHA1 algorithm. This
67 must be called before using hash in the call to sha_hash
68 */
69 void
70 sha_init_ctx (struct sha_ctx *ctx)
71 {
72 ctx->A = 0x67452301;
73 ctx->B = 0xefcdab89;
74 ctx->C = 0x98badcfe;
75 ctx->D = 0x10325476;
76 ctx->E = 0xc3d2e1f0;
77
78 ctx->total[0] = ctx->total[1] = 0;
79 ctx->buflen = 0;
80 }
81
82 /* Put result from CTX in first 20 bytes following RESBUF. The result
83 must be in little endian byte order.
84
85 IMPORTANT: On some systems it is required that RESBUF is correctly
86 aligned for a 32 bits value. */
87 void *
88 sha_read_ctx (const struct sha_ctx *ctx, void *resbuf)
89 {
90 ((uint32_t *) resbuf)[0] = NOTSWAP (ctx->A);
91 ((uint32_t *) resbuf)[1] = NOTSWAP (ctx->B);
92 ((uint32_t *) resbuf)[2] = NOTSWAP (ctx->C);
93 ((uint32_t *) resbuf)[3] = NOTSWAP (ctx->D);
94 ((uint32_t *) resbuf)[4] = NOTSWAP (ctx->E);
95
96 return resbuf;
97 }
98
99 /* Process the remaining bytes in the internal buffer and the usual
100 prolog according to the standard and write the result to RESBUF.
101
102 IMPORTANT: On some systems it is required that RESBUF is correctly
103 aligned for a 32 bits value. */
104 void *
105 sha_finish_ctx (struct sha_ctx *ctx, void *resbuf)
106 {
107 /* Take yet unprocessed bytes into account. */
108 uint32_t bytes = ctx->buflen;
109 size_t pad;
110
111 /* Now count remaining bytes. */
112 ctx->total[0] += bytes;
113 if (ctx->total[0] < bytes)
114 ++ctx->total[1];
115
116 pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes;
117 memcpy (&ctx->buffer[bytes], fillbuf, pad);
118
119 /* Put the 64-bit file length in *bits* at the end of the buffer. */
120 *(uint32_t *) &ctx->buffer[bytes + pad + 4] = NOTSWAP (ctx->total[0] << 3);
121 *(uint32_t *) &ctx->buffer[bytes + pad] = NOTSWAP ((ctx->total[1] << 3) |
122 (ctx->total[0] >> 29));
123
124 /* Process last bytes. */
125 sha_process_block (ctx->buffer, bytes + pad + 8, ctx);
126
127 return sha_read_ctx (ctx, resbuf);
128 }
129
130 /* Compute SHA1 message digest for bytes read from STREAM. The
131 resulting message digest number will be written into the 16 bytes
132 beginning at RESBLOCK. */
133 int
134 sha_stream (FILE *stream, void *resblock)
135 {
136 struct sha_ctx ctx;
137 char buffer[BLOCKSIZE + 72];
138 size_t sum;
139
140 /* Initialize the computation context. */
141 sha_init_ctx (&ctx);
142
143 /* Iterate over full file contents. */
144 while (1)
145 {
146 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
147 computation function processes the whole buffer so that with the
148 next round of the loop another block can be read. */
149 size_t n;
150 sum = 0;
151
152 /* Read block. Take care for partial reads. */
153 while (1)
154 {
155 n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
156
157 sum += n;
158
159 if (sum == BLOCKSIZE)
160 break;
161
162 if (n == 0)
163 {
164 /* Check for the error flag IFF N == 0, so that we don't
165 exit the loop after a partial read due to e.g., EAGAIN
166 or EWOULDBLOCK. */
167 if (ferror (stream))
168 return 1;
169 goto process_partial_block;
170 }
171
172 /* We've read at least one byte, so ignore errors. But always
173 check for EOF, since feof may be true even though N > 0.
174 Otherwise, we could end up calling fread after EOF. */
175 if (feof (stream))
176 goto process_partial_block;
177 }
178
179 /* Process buffer with BLOCKSIZE bytes. Note that
180 BLOCKSIZE % 64 == 0
181 */
182 sha_process_block (buffer, BLOCKSIZE, &ctx);
183 }
184
185 process_partial_block:;
186
187 /* Process any remaining bytes. */
188 if (sum > 0)
189 sha_process_bytes (buffer, sum, &ctx);
190
191 /* Construct result in desired memory. */
192 sha_finish_ctx (&ctx, resblock);
193 return 0;
194 }
195
196 /* Compute MD5 message digest for LEN bytes beginning at BUFFER. The
197 result is always in little endian byte order, so that a byte-wise
198 output yields to the wanted ASCII representation of the message
199 digest. */
200 void *
201 sha_buffer (const char *buffer, size_t len, void *resblock)
202 {
203 struct sha_ctx ctx;
204
205 /* Initialize the computation context. */
206 sha_init_ctx (&ctx);
207
208 /* Process whole buffer but last len % 64 bytes. */
209 sha_process_bytes (buffer, len, &ctx);
210
211 /* Put result in desired memory area. */
212 return sha_finish_ctx (&ctx, resblock);
213 }
214
215 void
216 sha_process_bytes (const void *buffer, size_t len, struct sha_ctx *ctx)
217 {
218 /* When we already have some bits in our internal buffer concatenate
219 both inputs first. */
220 if (ctx->buflen != 0)
221 {
222 size_t left_over = ctx->buflen;
223 size_t add = 128 - left_over > len ? len : 128 - left_over;
224
225 memcpy (&ctx->buffer[left_over], buffer, add);
226 ctx->buflen += add;
227
228 if (ctx->buflen > 64)
229 {
230 sha_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
231
232 ctx->buflen &= 63;
233 /* The regions in the following copy operation cannot overlap. */
234 memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~63],
235 ctx->buflen);
236 }
237
238 buffer = (const char *) buffer + add;
239 len -= add;
240 }
241
242 /* Process available complete blocks. */
243 if (len >= 64)
244 {
245 #if !_STRING_ARCH_unaligned
246 /* To check alignment gcc has an appropriate operator. Other
247 compilers don't. */
248 # if __GNUC__ >= 2
249 # define UNALIGNED_P(p) (((uintptr_t) p) % __alignof__ (uint32_t) != 0)
250 # else
251 # define UNALIGNED_P(p) (((uintptr_t) p) % sizeof (uint32_t) != 0)
252 # endif
253 if (UNALIGNED_P (buffer))
254 while (len > 64)
255 {
256 sha_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
257 buffer = (const char *) buffer + 64;
258 len -= 64;
259 }
260 else
261 #endif
262 {
263 sha_process_block (buffer, len & ~63, ctx);
264 buffer = (const char *) buffer + (len & ~63);
265 len &= 63;
266 }
267 }
268
269 /* Move remaining bytes in internal buffer. */
270 if (len > 0)
271 {
272 size_t left_over = ctx->buflen;
273
274 memcpy (&ctx->buffer[left_over], buffer, len);
275 left_over += len;
276 if (left_over >= 64)
277 {
278 sha_process_block (ctx->buffer, 64, ctx);
279 left_over -= 64;
280 memcpy (ctx->buffer, &ctx->buffer[64], left_over);
281 }
282 ctx->buflen = left_over;
283 }
284 }
285
286 /* --- Code below is the primary difference between md5.c and sha.c --- */
287
288 /* SHA1 round constants */
289 #define K1 0x5a827999L
290 #define K2 0x6ed9eba1L
291 #define K3 0x8f1bbcdcL
292 #define K4 0xca62c1d6L
293
294 /* Round functions. Note that F2 is the same as F4. */
295 #define F1(B,C,D) ( D ^ ( B & ( C ^ D ) ) )
296 #define F2(B,C,D) (B ^ C ^ D)
297 #define F3(B,C,D) ( ( B & C ) | ( D & ( B | C ) ) )
298 #define F4(B,C,D) (B ^ C ^ D)
299
300 /* Process LEN bytes of BUFFER, accumulating context into CTX.
301 It is assumed that LEN % 64 == 0.
302 Most of this code comes from GnuPG's cipher/sha1.c. */
303
304 void
305 sha_process_block (const void *buffer, size_t len, struct sha_ctx *ctx)
306 {
307 const uint32_t *words = buffer;
308 size_t nwords = len / sizeof (uint32_t);
309 const uint32_t *endp = words + nwords;
310 uint32_t x[16];
311 uint32_t a = ctx->A;
312 uint32_t b = ctx->B;
313 uint32_t c = ctx->C;
314 uint32_t d = ctx->D;
315 uint32_t e = ctx->E;
316
317 /* First increment the byte count. RFC 1321 specifies the possible
318 length of the file up to 2^64 bits. Here we only compute the
319 number of bytes. Do a double word increment. */
320 ctx->total[0] += len;
321 if (ctx->total[0] < len)
322 ++ctx->total[1];
323
324 #define M(I) ( tm = x[I&0x0f] ^ x[(I-14)&0x0f] \
325 ^ x[(I-8)&0x0f] ^ x[(I-3)&0x0f] \
326 , (x[I&0x0f] = rol(tm, 1)) )
327
328 #define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) )
329
330 #define R(A,B,C,D,E,F,K,M) do { E += rol( A, 5 ) \
331 + F( B, C, D ) \
332 + K \
333 + M; \
334 B = rol( B, 30 ); \
335 } while(0)
336
337 while (words < endp)
338 {
339 uint32_t tm;
340 int t;
341 /* FIXME: see sha1.c for a better implementation. */
342 for (t = 0; t < 16; t++)
343 {
344 x[t] = NOTSWAP (*words);
345 words++;
346 }
347
348 R( a, b, c, d, e, F1, K1, x[ 0] );
349 R( e, a, b, c, d, F1, K1, x[ 1] );
350 R( d, e, a, b, c, F1, K1, x[ 2] );
351 R( c, d, e, a, b, F1, K1, x[ 3] );
352 R( b, c, d, e, a, F1, K1, x[ 4] );
353 R( a, b, c, d, e, F1, K1, x[ 5] );
354 R( e, a, b, c, d, F1, K1, x[ 6] );
355 R( d, e, a, b, c, F1, K1, x[ 7] );
356 R( c, d, e, a, b, F1, K1, x[ 8] );
357 R( b, c, d, e, a, F1, K1, x[ 9] );
358 R( a, b, c, d, e, F1, K1, x[10] );
359 R( e, a, b, c, d, F1, K1, x[11] );
360 R( d, e, a, b, c, F1, K1, x[12] );
361 R( c, d, e, a, b, F1, K1, x[13] );
362 R( b, c, d, e, a, F1, K1, x[14] );
363 R( a, b, c, d, e, F1, K1, x[15] );
364 R( e, a, b, c, d, F1, K1, M(16) );
365 R( d, e, a, b, c, F1, K1, M(17) );
366 R( c, d, e, a, b, F1, K1, M(18) );
367 R( b, c, d, e, a, F1, K1, M(19) );
368 R( a, b, c, d, e, F2, K2, M(20) );
369 R( e, a, b, c, d, F2, K2, M(21) );
370 R( d, e, a, b, c, F2, K2, M(22) );
371 R( c, d, e, a, b, F2, K2, M(23) );
372 R( b, c, d, e, a, F2, K2, M(24) );
373 R( a, b, c, d, e, F2, K2, M(25) );
374 R( e, a, b, c, d, F2, K2, M(26) );
375 R( d, e, a, b, c, F2, K2, M(27) );
376 R( c, d, e, a, b, F2, K2, M(28) );
377 R( b, c, d, e, a, F2, K2, M(29) );
378 R( a, b, c, d, e, F2, K2, M(30) );
379 R( e, a, b, c, d, F2, K2, M(31) );
380 R( d, e, a, b, c, F2, K2, M(32) );
381 R( c, d, e, a, b, F2, K2, M(33) );
382 R( b, c, d, e, a, F2, K2, M(34) );
383 R( a, b, c, d, e, F2, K2, M(35) );
384 R( e, a, b, c, d, F2, K2, M(36) );
385 R( d, e, a, b, c, F2, K2, M(37) );
386 R( c, d, e, a, b, F2, K2, M(38) );
387 R( b, c, d, e, a, F2, K2, M(39) );
388 R( a, b, c, d, e, F3, K3, M(40) );
389 R( e, a, b, c, d, F3, K3, M(41) );
390 R( d, e, a, b, c, F3, K3, M(42) );
391 R( c, d, e, a, b, F3, K3, M(43) );
392 R( b, c, d, e, a, F3, K3, M(44) );
393 R( a, b, c, d, e, F3, K3, M(45) );
394 R( e, a, b, c, d, F3, K3, M(46) );
395 R( d, e, a, b, c, F3, K3, M(47) );
396 R( c, d, e, a, b, F3, K3, M(48) );
397 R( b, c, d, e, a, F3, K3, M(49) );
398 R( a, b, c, d, e, F3, K3, M(50) );
399 R( e, a, b, c, d, F3, K3, M(51) );
400 R( d, e, a, b, c, F3, K3, M(52) );
401 R( c, d, e, a, b, F3, K3, M(53) );
402 R( b, c, d, e, a, F3, K3, M(54) );
403 R( a, b, c, d, e, F3, K3, M(55) );
404 R( e, a, b, c, d, F3, K3, M(56) );
405 R( d, e, a, b, c, F3, K3, M(57) );
406 R( c, d, e, a, b, F3, K3, M(58) );
407 R( b, c, d, e, a, F3, K3, M(59) );
408 R( a, b, c, d, e, F4, K4, M(60) );
409 R( e, a, b, c, d, F4, K4, M(61) );
410 R( d, e, a, b, c, F4, K4, M(62) );
411 R( c, d, e, a, b, F4, K4, M(63) );
412 R( b, c, d, e, a, F4, K4, M(64) );
413 R( a, b, c, d, e, F4, K4, M(65) );
414 R( e, a, b, c, d, F4, K4, M(66) );
415 R( d, e, a, b, c, F4, K4, M(67) );
416 R( c, d, e, a, b, F4, K4, M(68) );
417 R( b, c, d, e, a, F4, K4, M(69) );
418 R( a, b, c, d, e, F4, K4, M(70) );
419 R( e, a, b, c, d, F4, K4, M(71) );
420 R( d, e, a, b, c, F4, K4, M(72) );
421 R( c, d, e, a, b, F4, K4, M(73) );
422 R( b, c, d, e, a, F4, K4, M(74) );
423 R( a, b, c, d, e, F4, K4, M(75) );
424 R( e, a, b, c, d, F4, K4, M(76) );
425 R( d, e, a, b, c, F4, K4, M(77) );
426 R( c, d, e, a, b, F4, K4, M(78) );
427 R( b, c, d, e, a, F4, K4, M(79) );
428
429 a = ctx->A += a;
430 b = ctx->B += b;
431 c = ctx->C += c;
432 d = ctx->D += d;
433 e = ctx->E += e;
434 }
435 }