Ruby  1.9.3p484(2013-11-22revision43786)
sha1.c
Go to the documentation of this file.
1 /* $NetBSD: sha1.c,v 1.2 2001/03/22 09:51:48 agc Exp $ */
2 /* $OpenBSD: sha1.c,v 1.9 1997/07/23 21:12:32 kstailey Exp $ */
3 /* $RoughId: sha1.c,v 1.2 2001/07/13 19:49:10 knu Exp $ */
4 /* $Id: sha1.c 25189 2009-10-02 12:04:37Z akr $ */
5 
6 /*
7  * SHA-1 in C
8  * By Steve Reid <steve@edmweb.com>
9  * 100% Public Domain
10  *
11  * Test Vectors (from FIPS PUB 180-1)
12  * "abc"
13  * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
14  * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
15  * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
16  * A million repetitions of "a"
17  * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
18  */
19 
20 #include "sha1.h"
21 
22 #define SHA1HANDSOFF /* Copies data before messing with it. */
23 
24 #if defined(_KERNEL) || defined(_STANDALONE)
25 #include <sys/param.h>
26 #include <sys/systm.h>
27 #define _DIAGASSERT(x) (void)0
28 #else
29 /* #include "namespace.h" */
30 #include <assert.h>
31 #include <string.h>
32 #endif
33 
34 #ifndef _DIAGASSERT
35 #define _DIAGASSERT(cond) assert(cond)
36 #endif
37 
38 /*
39  * XXX Kludge until there is resolution regarding mem*() functions
40  * XXX in the kernel.
41  */
42 #if defined(_KERNEL) || defined(_STANDALONE)
43 #define memcpy(s, d, l) bcopy((d), (s), (l))
44 #endif
45 
46 #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
47 
48 /*
49  * blk0() and blk() perform the initial expand.
50  * I got the idea of expanding during the round function from SSLeay
51  */
52 #ifndef WORDS_BIGENDIAN
53 # define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
54  |(rol(block->l[i],8)&0x00FF00FF))
55 #else
56 # define blk0(i) block->l[i]
57 #endif
58 #define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
59  ^block->l[(i+2)&15]^block->l[i&15],1))
60 
61 /*
62  * (R0+R1), R2, R3, R4 are the different operations (rounds) used in SHA1
63  */
64 #define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
65 #define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
66 #define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
67 #define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
68 #define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
69 
70 
71 typedef union {
72  uint8_t c[64];
73  uint32_t l[16];
74 } CHAR64LONG16;
75 
76 #ifdef __sparc_v9__
77 void do_R01(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, uint32_t *e, CHAR64LONG16 *);
78 void do_R2(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, uint32_t *e, CHAR64LONG16 *);
79 void do_R3(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, uint32_t *e, CHAR64LONG16 *);
80 void do_R4(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, uint32_t *e, CHAR64LONG16 *);
81 
82 #define nR0(v,w,x,y,z,i) R0(*v,*w,*x,*y,*z,i)
83 #define nR1(v,w,x,y,z,i) R1(*v,*w,*x,*y,*z,i)
84 #define nR2(v,w,x,y,z,i) R2(*v,*w,*x,*y,*z,i)
85 #define nR3(v,w,x,y,z,i) R3(*v,*w,*x,*y,*z,i)
86 #define nR4(v,w,x,y,z,i) R4(*v,*w,*x,*y,*z,i)
87 
88 void
89 do_R01(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, uint32_t *e, CHAR64LONG16 *block)
90 {
91  nR0(a,b,c,d,e, 0); nR0(e,a,b,c,d, 1); nR0(d,e,a,b,c, 2); nR0(c,d,e,a,b, 3);
92  nR0(b,c,d,e,a, 4); nR0(a,b,c,d,e, 5); nR0(e,a,b,c,d, 6); nR0(d,e,a,b,c, 7);
93  nR0(c,d,e,a,b, 8); nR0(b,c,d,e,a, 9); nR0(a,b,c,d,e,10); nR0(e,a,b,c,d,11);
94  nR0(d,e,a,b,c,12); nR0(c,d,e,a,b,13); nR0(b,c,d,e,a,14); nR0(a,b,c,d,e,15);
95  nR1(e,a,b,c,d,16); nR1(d,e,a,b,c,17); nR1(c,d,e,a,b,18); nR1(b,c,d,e,a,19);
96 }
97 
98 void
99 do_R2(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, uint32_t *e, CHAR64LONG16 *block)
100 {
101  nR2(a,b,c,d,e,20); nR2(e,a,b,c,d,21); nR2(d,e,a,b,c,22); nR2(c,d,e,a,b,23);
102  nR2(b,c,d,e,a,24); nR2(a,b,c,d,e,25); nR2(e,a,b,c,d,26); nR2(d,e,a,b,c,27);
103  nR2(c,d,e,a,b,28); nR2(b,c,d,e,a,29); nR2(a,b,c,d,e,30); nR2(e,a,b,c,d,31);
104  nR2(d,e,a,b,c,32); nR2(c,d,e,a,b,33); nR2(b,c,d,e,a,34); nR2(a,b,c,d,e,35);
105  nR2(e,a,b,c,d,36); nR2(d,e,a,b,c,37); nR2(c,d,e,a,b,38); nR2(b,c,d,e,a,39);
106 }
107 
108 void
109 do_R3(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, uint32_t *e, CHAR64LONG16 *block)
110 {
111  nR3(a,b,c,d,e,40); nR3(e,a,b,c,d,41); nR3(d,e,a,b,c,42); nR3(c,d,e,a,b,43);
112  nR3(b,c,d,e,a,44); nR3(a,b,c,d,e,45); nR3(e,a,b,c,d,46); nR3(d,e,a,b,c,47);
113  nR3(c,d,e,a,b,48); nR3(b,c,d,e,a,49); nR3(a,b,c,d,e,50); nR3(e,a,b,c,d,51);
114  nR3(d,e,a,b,c,52); nR3(c,d,e,a,b,53); nR3(b,c,d,e,a,54); nR3(a,b,c,d,e,55);
115  nR3(e,a,b,c,d,56); nR3(d,e,a,b,c,57); nR3(c,d,e,a,b,58); nR3(b,c,d,e,a,59);
116 }
117 
118 void
119 do_R4(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, uint32_t *e, CHAR64LONG16 *block)
120 {
121  nR4(a,b,c,d,e,60); nR4(e,a,b,c,d,61); nR4(d,e,a,b,c,62); nR4(c,d,e,a,b,63);
122  nR4(b,c,d,e,a,64); nR4(a,b,c,d,e,65); nR4(e,a,b,c,d,66); nR4(d,e,a,b,c,67);
123  nR4(c,d,e,a,b,68); nR4(b,c,d,e,a,69); nR4(a,b,c,d,e,70); nR4(e,a,b,c,d,71);
124  nR4(d,e,a,b,c,72); nR4(c,d,e,a,b,73); nR4(b,c,d,e,a,74); nR4(a,b,c,d,e,75);
125  nR4(e,a,b,c,d,76); nR4(d,e,a,b,c,77); nR4(c,d,e,a,b,78); nR4(b,c,d,e,a,79);
126 }
127 #endif
128 
129 /*
130  * Hash a single 512-bit block. This is the core of the algorithm.
131  */
132 void SHA1_Transform(uint32_t state[5], const uint8_t buffer[64])
133 {
134  uint32_t a, b, c, d, e;
135  CHAR64LONG16 *block;
136 
137 #ifdef SHA1HANDSOFF
138  CHAR64LONG16 workspace;
139 #endif
140 
141  _DIAGASSERT(buffer != 0);
142  _DIAGASSERT(state != 0);
143 
144 #ifdef SHA1HANDSOFF
145  block = &workspace;
146  (void)memcpy(block, buffer, 64);
147 #else
148  block = (CHAR64LONG16 *)(void *)buffer;
149 #endif
150 
151  /* Copy context->state[] to working vars */
152  a = state[0];
153  b = state[1];
154  c = state[2];
155  d = state[3];
156  e = state[4];
157 
158 #ifdef __sparc_v9__
159  do_R01(&a, &b, &c, &d, &e, block);
160  do_R2(&a, &b, &c, &d, &e, block);
161  do_R3(&a, &b, &c, &d, &e, block);
162  do_R4(&a, &b, &c, &d, &e, block);
163 #else
164  /* 4 rounds of 20 operations each. Loop unrolled. */
165  R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
166  R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
167  R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
168  R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
169  R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
170  R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
171  R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
172  R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
173  R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
174  R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
175  R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
176  R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
177  R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
178  R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
179  R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
180  R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
181  R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
182  R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
183  R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
184  R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
185 #endif
186 
187  /* Add the working vars back into context.state[] */
188  state[0] += a;
189  state[1] += b;
190  state[2] += c;
191  state[3] += d;
192  state[4] += e;
193 
194  /* Wipe variables */
195  a = b = c = d = e = 0;
196 }
197 
198 
199 /*
200  * SHA1_Init - Initialize new context
201  */
202 void SHA1_Init(SHA1_CTX *context)
203 {
204 
205  _DIAGASSERT(context != 0);
206 
207  /* SHA1 initialization constants */
208  context->state[0] = 0x67452301;
209  context->state[1] = 0xEFCDAB89;
210  context->state[2] = 0x98BADCFE;
211  context->state[3] = 0x10325476;
212  context->state[4] = 0xC3D2E1F0;
213  context->count[0] = context->count[1] = 0;
214 }
215 
216 
217 /*
218  * Run your data through this.
219  */
220 void SHA1_Update(SHA1_CTX *context, const uint8_t *data, size_t len)
221 {
222  uint32_t i, j;
223 
224  _DIAGASSERT(context != 0);
225  _DIAGASSERT(data != 0);
226 
227  j = context->count[0];
228  if ((context->count[0] += len << 3) < j)
229  context->count[1] += (len>>29)+1;
230  j = (j >> 3) & 63;
231  if ((j + len) > 63) {
232  (void)memcpy(&context->buffer[j], data, (i = 64-j));
233  SHA1_Transform(context->state, context->buffer);
234  for ( ; i + 63 < len; i += 64)
235  SHA1_Transform(context->state, &data[i]);
236  j = 0;
237  } else {
238  i = 0;
239  }
240  (void)memcpy(&context->buffer[j], &data[i], len - i);
241 }
242 
243 
244 /*
245  * Add padding and return the message digest.
246  */
247 void SHA1_Finish(SHA1_CTX* context, uint8_t digest[20])
248 {
249  size_t i;
250  uint8_t finalcount[8];
251 
252  _DIAGASSERT(digest != 0);
253  _DIAGASSERT(context != 0);
254 
255  for (i = 0; i < 8; i++) {
256  finalcount[i] = (uint8_t)((context->count[(i >= 4 ? 0 : 1)]
257  >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
258  }
259  SHA1_Update(context, (const uint8_t *)"\200", 1);
260  while ((context->count[0] & 504) != 448)
261  SHA1_Update(context, (const uint8_t *)"\0", 1);
262  SHA1_Update(context, finalcount, 8); /* Should cause a SHA1_Transform() */
263 
264  if (digest) {
265  for (i = 0; i < 20; i++)
266  digest[i] = (uint8_t)
267  ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
268  }
269 }
270