"Fossies" - the Fresh Open Source Software Archive

Member "tin-2.4.5/libcanlock/src/sha1.c" (5 Jan 2018, 12652 Bytes) of package /linux/misc/tin-2.4.5.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "sha1.c" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 2.4.2_vs_2.4.3.

    1 /**************************** sha1.c ***************************/
    2 /***************** See RFC 6234 for details. *******************/
    3 /* Copyright (c) 2011 IETF Trust and the persons identified as */
    4 /* authors of the code.  All rights reserved.                  */
    5 /* See sha.h for terms of use and redistribution.              */
    6 
    7 /*
    8  *  Description:
    9  *      This file implements the Secure Hash Algorithm SHA-1
   10  *      as defined in the U.S. National Institute of Standards
   11  *      and Technology Federal Information Processing Standards
   12  *      Publication (FIPS PUB) 180-3 published in October 2008
   13  *      and formerly defined in its predecessors, FIPS PUB 180-1
   14  *      and FIP PUB 180-2.
   15  *
   16  *      A combined document showing all algorithms is available at
   17  *              http://csrc.nist.gov/publications/fips/
   18  *                     fips180-3/fips180-3_final.pdf
   19  *
   20  *      The SHA-1 algorithm produces a 160-bit message digest for a
   21  *      given data stream that can serve as a means of providing a
   22  *      "fingerprint" for a message.
   23  *
   24  *  Portability Issues:
   25  *      SHA-1 is defined in terms of 32-bit "words".  This code
   26  *      uses <stdint.h> (included via "sha.h") to define 32- and
   27  *      8-bit unsigned integer types.  If your C compiler does
   28  *      not support 32-bit unsigned integers, this code is not
   29  *      appropriate.
   30  *
   31  *  Caveats:
   32  *      SHA-1 is designed to work with messages less than 2^64 bits
   33  *      long.  This implementation uses SHA1Input() to hash the bits
   34  *      that are a multiple of the size of an 8-bit octet, and then
   35  *      optionally uses SHA1FinalBits() to hash the final few bits of
   36  *      the input.
   37  */
   38 
   39 #include "canlock-private.h"
   40 #include "sha.h"
   41 #include "sha-private.h"
   42 
   43 /*
   44  *  Define the SHA1 circular left shift macro
   45  */
   46 #define SHA1_ROTL(bits,word) \
   47                 (((word) << (bits)) | ((word) >> (32-(bits))))
   48 
   49 /*
   50  * Add "length" to the length.
   51  * Set Corrupted when overflow has occurred.
   52  */
   53 static uint32_t addTemp;
   54 #define SHA1AddLength(context, length)                     \
   55     (addTemp = (context)->Length_Low,                      \
   56      (context)->Corrupted =                                \
   57         (((context)->Length_Low += (length)) < addTemp) && \
   58         (++(context)->Length_High == 0) ? shaInputTooLong  \
   59                                         : (context)->Corrupted )
   60 
   61 /* Local Function Prototypes */
   62 static void SHA1ProcessMessageBlock(SHA1Context *context);
   63 static void SHA1Finalize(SHA1Context *context, uint8_t Pad_Byte);
   64 static void SHA1PadMessage(SHA1Context *context, uint8_t Pad_Byte);
   65 
   66 /*
   67  *  SHA1Reset
   68  *
   69  *  Description:
   70  *      This function will initialize the SHA1Context in preparation
   71  *      for computing a new SHA1 message digest.
   72  *
   73  *  Parameters:
   74  *      context: [in/out]
   75  *          The context to reset.
   76  *
   77  *  Returns:
   78  *      sha Error Code.
   79  *
   80  */
   81 int SHA1Reset(SHA1Context *context)
   82 {
   83   if (!context) return shaNull;
   84 
   85   context->Length_High = context->Length_Low = 0;
   86   context->Message_Block_Index = 0;
   87 
   88   /* Initial Hash Values: FIPS 180-3 section 5.3.1 */
   89   context->Intermediate_Hash[0]   = 0x67452301;
   90   context->Intermediate_Hash[1]   = 0xEFCDAB89;
   91   context->Intermediate_Hash[2]   = 0x98BADCFE;
   92   context->Intermediate_Hash[3]   = 0x10325476;
   93   context->Intermediate_Hash[4]   = 0xC3D2E1F0;
   94 
   95   context->Computed   = 0;
   96   context->Corrupted  = shaSuccess;
   97 
   98   return shaSuccess;
   99 }
  100 
  101 /*
  102  *  SHA1Input
  103  *
  104  *  Description:
  105  *      This function accepts an array of octets as the next portion
  106  *      of the message.
  107  *
  108  *  Parameters:
  109  *      context: [in/out]
  110  *          The SHA context to update.
  111  *      message_array[ ]: [in]
  112  *          An array of octets representing the next portion of
  113  *          the message.
  114  *      length: [in]
  115  *          The length of the message in message_array.
  116  *
  117  *  Returns:
  118  *      sha Error Code.
  119  *
  120  */
  121 int SHA1Input(SHA1Context *context,
  122     const uint8_t *message_array, unsigned length)
  123 {
  124   if (!context) return shaNull;
  125   if (!length) return shaSuccess;
  126   if (!message_array) return shaNull;
  127   if (context->Computed) return context->Corrupted = shaStateError;
  128   if (context->Corrupted) return context->Corrupted;
  129 
  130   while (length--) {
  131     context->Message_Block[context->Message_Block_Index++] =
  132       *message_array;
  133 
  134     if ((SHA1AddLength(context, 8) == shaSuccess) &&
  135       (context->Message_Block_Index == SHA1_Message_Block_Size))
  136       SHA1ProcessMessageBlock(context);
  137 
  138     message_array++;
  139   }
  140 
  141   return context->Corrupted;
  142 }
  143 
  144 /*
  145  * SHA1FinalBits
  146  *
  147  * Description:
  148  *   This function will add in any final bits of the message.
  149  *
  150  * Parameters:
  151  *   context: [in/out]
  152  *     The SHA context to update.
  153  *   message_bits: [in]
  154  *     The final bits of the message, in the upper portion of the
  155  *     byte.  (Use 0b###00000 instead of 0b00000### to input the
  156  *     three bits ###.)
  157  *   length: [in]
  158  *     The number of bits in message_bits, between 1 and 7.
  159  *
  160  * Returns:
  161  *   sha Error Code.
  162  */
  163 int SHA1FinalBits(SHA1Context *context, uint8_t message_bits,
  164     unsigned int length)
  165 {
  166   static uint8_t masks[8] = {
  167       /* 0 0b00000000 */ 0x00, /* 1 0b10000000 */ 0x80,
  168       /* 2 0b11000000 */ 0xC0, /* 3 0b11100000 */ 0xE0,
  169       /* 4 0b11110000 */ 0xF0, /* 5 0b11111000 */ 0xF8,
  170       /* 6 0b11111100 */ 0xFC, /* 7 0b11111110 */ 0xFE
  171   };
  172 
  173   static uint8_t markbit[8] = {
  174       /* 0 0b10000000 */ 0x80, /* 1 0b01000000 */ 0x40,
  175       /* 2 0b00100000 */ 0x20, /* 3 0b00010000 */ 0x10,
  176       /* 4 0b00001000 */ 0x08, /* 5 0b00000100 */ 0x04,
  177       /* 6 0b00000010 */ 0x02, /* 7 0b00000001 */ 0x01
  178   };
  179 
  180   if (!context) return shaNull;
  181   if (!length) return shaSuccess;
  182   if (context->Corrupted) return context->Corrupted;
  183   if (context->Computed) return context->Corrupted = shaStateError;
  184   if (length >= 8) return context->Corrupted = shaBadParam;
  185 
  186   SHA1AddLength(context, length);
  187   SHA1Finalize(context,
  188     (uint8_t) ((message_bits & masks[length]) | markbit[length]));
  189 
  190   return context->Corrupted;
  191 }
  192 
  193 /*
  194  * SHA1Result
  195  *
  196  * Description:
  197  *   This function will return the 160-bit message digest
  198  *   into the Message_Digest array provided by the caller.
  199  *   NOTE:
  200  *    The first octet of hash is stored in the element with index 0,
  201  *      the last octet of hash in the element with index 19.
  202  *
  203  * Parameters:
  204  *   context: [in/out]
  205  *     The context to use to calculate the SHA-1 hash.
  206  *   Message_Digest[ ]: [out]
  207  *     Where the digest is returned.
  208  *
  209  * Returns:
  210  *   sha Error Code.
  211  *
  212  */
  213 int SHA1Result(SHA1Context *context,
  214     uint8_t Message_Digest[SHA1HashSize])
  215 {
  216   int i;
  217 
  218   if (!context) return shaNull;
  219   if (!Message_Digest) return shaNull;
  220   if (context->Corrupted) return context->Corrupted;
  221 
  222   if (!context->Computed)
  223     SHA1Finalize(context, 0x80);
  224 
  225   for (i = 0; i < SHA1HashSize; ++i)
  226     Message_Digest[i] = (uint8_t) (context->Intermediate_Hash[i>>2]
  227                                    >> (8 * ( 3 - ( i & 0x03 ) )));
  228 
  229   return shaSuccess;
  230 }
  231 
  232 /*
  233  * SHA1ProcessMessageBlock
  234  *
  235  * Description:
  236  *   This helper function will process the next 512 bits of the
  237  *   message stored in the Message_Block array.
  238  *
  239  * Parameters:
  240  *   context: [in/out]
  241  *     The SHA context to update.
  242  *
  243  * Returns:
  244  *   Nothing.
  245  *
  246  * Comments:
  247  *   Many of the variable names in this code, especially the
  248  *   single character names, were used because those were the
  249  *   names used in the Secure Hash Standard.
  250  */
  251 static void SHA1ProcessMessageBlock(SHA1Context *context)
  252 {
  253   /* Constants defined in FIPS 180-3, section 4.2.1 */
  254   const uint32_t K[4] = {
  255       0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xCA62C1D6
  256   };
  257   int        t;               /* Loop counter */
  258   uint32_t   temp;            /* Temporary word value */
  259   uint32_t   W[80];           /* Word sequence. Security review: Location L4 */
  260   uint32_t   A, B, C, D, E;   /* Word buffers */
  261 
  262   /*
  263    * Initialize the first 16 words in the array W
  264    */
  265   for (t = 0; t < 16; t++) {
  266     W[t]  = ((uint32_t)context->Message_Block[t * 4]) << 24;
  267     W[t] |= ((uint32_t)context->Message_Block[t * 4 + 1]) << 16;
  268     W[t] |= ((uint32_t)context->Message_Block[t * 4 + 2]) << 8;
  269     W[t] |= ((uint32_t)context->Message_Block[t * 4 + 3]);
  270   }
  271 
  272   for (t = 16; t < 80; t++)
  273     W[t] = SHA1_ROTL(1, W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
  274 
  275   A = context->Intermediate_Hash[0];
  276   B = context->Intermediate_Hash[1];
  277   C = context->Intermediate_Hash[2];
  278   D = context->Intermediate_Hash[3];
  279   E = context->Intermediate_Hash[4];
  280 
  281   for (t = 0; t < 20; t++) {
  282     temp = SHA1_ROTL(5,A) + SHA_Ch(B, C, D) + E + W[t] + K[0];
  283     E = D;
  284     D = C;
  285     C = SHA1_ROTL(30,B);
  286     B = A;
  287     A = temp;
  288   }
  289 
  290   for (t = 20; t < 40; t++) {
  291     temp = SHA1_ROTL(5,A) + SHA_Parity(B, C, D) + E + W[t] + K[1];
  292     E = D;
  293     D = C;
  294     C = SHA1_ROTL(30,B);
  295     B = A;
  296     A = temp;
  297   }
  298 
  299   for (t = 40; t < 60; t++) {
  300     temp = SHA1_ROTL(5,A) + SHA_Maj(B, C, D) + E + W[t] + K[2];
  301     E = D;
  302     D = C;
  303     C = SHA1_ROTL(30,B);
  304     B = A;
  305     A = temp;
  306   }
  307 
  308   for (t = 60; t < 80; t++) {
  309     temp = SHA1_ROTL(5,A) + SHA_Parity(B, C, D) + E + W[t] + K[3];
  310     E = D;
  311     D = C;
  312     C = SHA1_ROTL(30,B);
  313     B = A;
  314     A = temp;
  315   }
  316 
  317   cl_clear_secret((void *) W, sizeof(W), sizeof(W));
  318 
  319   context->Intermediate_Hash[0] += A;
  320   context->Intermediate_Hash[1] += B;
  321   context->Intermediate_Hash[2] += C;
  322   context->Intermediate_Hash[3] += D;
  323   context->Intermediate_Hash[4] += E;
  324   context->Message_Block_Index = 0;
  325 }
  326 
  327 /*
  328  * SHA1Finalize
  329  *
  330  * Description:
  331  *   This helper function finishes off the digest calculations.
  332  *
  333  * Parameters:
  334  *   context: [in/out]
  335  *     The SHA context to update.
  336  *   Pad_Byte: [in]
  337  *     The last byte to add to the message block before the 0-padding
  338  *     and length.  This will contain the last bits of the message
  339  *     followed by another single bit.  If the message was an
  340  *     exact multiple of 8-bits long, Pad_Byte will be 0x80.
  341  *
  342  * Returns:
  343  *   sha Error Code.
  344  *
  345  */
  346 static void SHA1Finalize(SHA1Context *context, uint8_t Pad_Byte)
  347 {
  348   int i;
  349   SHA1PadMessage(context, Pad_Byte);
  350   /* message may be sensitive, clear it out */
  351   for (i = 0; i < SHA1_Message_Block_Size; ++i)
  352     context->Message_Block[i] = 0;
  353   context->Length_High = 0;     /* and clear length */
  354   context->Length_Low = 0;
  355   context->Computed = 1;
  356 }
  357 
  358 /*
  359  * SHA1PadMessage
  360  *
  361  * Description:
  362  *   According to the standard, the message must be padded to the next
  363  *   even multiple of 512 bits.  The first padding bit must be a '1'.
  364  *   The last 64 bits represent the length of the original message.
  365  *   All bits in between should be 0.  This helper function will pad
  366  *   the message according to those rules by filling the Message_Block
  367  *   array accordingly.  When it returns, it can be assumed that the
  368  *   message digest has been computed.
  369  *
  370  * Parameters:
  371  *   context: [in/out]
  372  *     The context to pad.
  373  *   Pad_Byte: [in]
  374  *     The last byte to add to the message block before the 0-padding
  375  *     and length.  This will contain the last bits of the message
  376  *     followed by another single bit.  If the message was an
  377  *     exact multiple of 8-bits long, Pad_Byte will be 0x80.
  378  *
  379  * Returns:
  380  *   Nothing.
  381  */
  382 static void SHA1PadMessage(SHA1Context *context, uint8_t Pad_Byte)
  383 {
  384   /*
  385    * Check to see if the current message block is too small to hold
  386    * the initial padding bits and length.  If so, we will pad the
  387    * block, process it, and then continue padding into a second
  388    * block.
  389    */
  390   if (context->Message_Block_Index >= (SHA1_Message_Block_Size - 8)) {
  391     context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
  392     while (context->Message_Block_Index < SHA1_Message_Block_Size)
  393       context->Message_Block[context->Message_Block_Index++] = 0;
  394 
  395     SHA1ProcessMessageBlock(context);
  396   } else
  397     context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
  398 
  399   while (context->Message_Block_Index < (SHA1_Message_Block_Size - 8))
  400     context->Message_Block[context->Message_Block_Index++] = 0;
  401 
  402   /*
  403    * Store the message length as the last 8 octets
  404    */
  405   context->Message_Block[56] = (uint8_t) (context->Length_High >> 24);
  406   context->Message_Block[57] = (uint8_t) (context->Length_High >> 16);
  407   context->Message_Block[58] = (uint8_t) (context->Length_High >> 8);
  408   context->Message_Block[59] = (uint8_t) (context->Length_High);
  409   context->Message_Block[60] = (uint8_t) (context->Length_Low >> 24);
  410   context->Message_Block[61] = (uint8_t) (context->Length_Low >> 16);
  411   context->Message_Block[62] = (uint8_t) (context->Length_Low >> 8);
  412   context->Message_Block[63] = (uint8_t) (context->Length_Low);
  413 
  414   SHA1ProcessMessageBlock(context);
  415 }