"Fossies" - the Fresh Open Source Software Archive 
Member "tin-2.6.2/libcanlock/src/sha1.c" (23 Aug 2021, 12652 Bytes) of package /linux/misc/tin-2.6.2.tar.xz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "sha1.c" see the
Fossies "Dox" file reference documentation.
1 /**************************** sha1.c ***************************/
2 /***************** See RFC 6234 for details. *******************/
3 /* Copyright (c) 2011 IETF Trust and the persons identified as */
4 /* authors of the code. All rights reserved. */
5 /* See sha.h for terms of use and redistribution. */
6
7 /*
8 * Description:
9 * This file implements the Secure Hash Algorithm SHA-1
10 * as defined in the U.S. National Institute of Standards
11 * and Technology Federal Information Processing Standards
12 * Publication (FIPS PUB) 180-3 published in October 2008
13 * and formerly defined in its predecessors, FIPS PUB 180-1
14 * and FIP PUB 180-2.
15 *
16 * A combined document showing all algorithms is available at
17 * http://csrc.nist.gov/publications/fips/
18 * fips180-3/fips180-3_final.pdf
19 *
20 * The SHA-1 algorithm produces a 160-bit message digest for a
21 * given data stream that can serve as a means of providing a
22 * "fingerprint" for a message.
23 *
24 * Portability Issues:
25 * SHA-1 is defined in terms of 32-bit "words". This code
26 * uses <stdint.h> (included via "sha.h") to define 32- and
27 * 8-bit unsigned integer types. If your C compiler does
28 * not support 32-bit unsigned integers, this code is not
29 * appropriate.
30 *
31 * Caveats:
32 * SHA-1 is designed to work with messages less than 2^64 bits
33 * long. This implementation uses SHA1Input() to hash the bits
34 * that are a multiple of the size of an 8-bit octet, and then
35 * optionally uses SHA1FinalBits() to hash the final few bits of
36 * the input.
37 */
38
39 #include "canlock-private.h"
40 #include "sha.h"
41 #include "sha-private.h"
42
43 /*
44 * Define the SHA1 circular left shift macro
45 */
46 #define SHA1_ROTL(bits,word) \
47 (((word) << (bits)) | ((word) >> (32-(bits))))
48
49 /*
50 * Add "length" to the length.
51 * Set Corrupted when overflow has occurred.
52 */
53 static uint32_t addTemp;
54 #define SHA1AddLength(context, length) \
55 (addTemp = (context)->Length_Low, \
56 (context)->Corrupted = \
57 (((context)->Length_Low += (length)) < addTemp) && \
58 (++(context)->Length_High == 0) ? shaInputTooLong \
59 : (context)->Corrupted )
60
61 /* Local Function Prototypes */
62 static void SHA1ProcessMessageBlock(SHA1Context *context);
63 static void SHA1Finalize(SHA1Context *context, uint8_t Pad_Byte);
64 static void SHA1PadMessage(SHA1Context *context, uint8_t Pad_Byte);
65
66 /*
67 * SHA1Reset
68 *
69 * Description:
70 * This function will initialize the SHA1Context in preparation
71 * for computing a new SHA1 message digest.
72 *
73 * Parameters:
74 * context: [in/out]
75 * The context to reset.
76 *
77 * Returns:
78 * sha Error Code.
79 *
80 */
81 int SHA1Reset(SHA1Context *context)
82 {
83 if (!context) return shaNull;
84
85 context->Length_High = context->Length_Low = 0;
86 context->Message_Block_Index = 0;
87
88 /* Initial Hash Values: FIPS 180-3 section 5.3.1 */
89 context->Intermediate_Hash[0] = 0x67452301;
90 context->Intermediate_Hash[1] = 0xEFCDAB89;
91 context->Intermediate_Hash[2] = 0x98BADCFE;
92 context->Intermediate_Hash[3] = 0x10325476;
93 context->Intermediate_Hash[4] = 0xC3D2E1F0;
94
95 context->Computed = 0;
96 context->Corrupted = shaSuccess;
97
98 return shaSuccess;
99 }
100
101 /*
102 * SHA1Input
103 *
104 * Description:
105 * This function accepts an array of octets as the next portion
106 * of the message.
107 *
108 * Parameters:
109 * context: [in/out]
110 * The SHA context to update.
111 * message_array[ ]: [in]
112 * An array of octets representing the next portion of
113 * the message.
114 * length: [in]
115 * The length of the message in message_array.
116 *
117 * Returns:
118 * sha Error Code.
119 *
120 */
121 int SHA1Input(SHA1Context *context,
122 const uint8_t *message_array, unsigned length)
123 {
124 if (!context) return shaNull;
125 if (!length) return shaSuccess;
126 if (!message_array) return shaNull;
127 if (context->Computed) return context->Corrupted = shaStateError;
128 if (context->Corrupted) return context->Corrupted;
129
130 while (length--) {
131 context->Message_Block[context->Message_Block_Index++] =
132 *message_array;
133
134 if ((SHA1AddLength(context, 8) == shaSuccess) &&
135 (context->Message_Block_Index == SHA1_Message_Block_Size))
136 SHA1ProcessMessageBlock(context);
137
138 message_array++;
139 }
140
141 return context->Corrupted;
142 }
143
144 /*
145 * SHA1FinalBits
146 *
147 * Description:
148 * This function will add in any final bits of the message.
149 *
150 * Parameters:
151 * context: [in/out]
152 * The SHA context to update.
153 * message_bits: [in]
154 * The final bits of the message, in the upper portion of the
155 * byte. (Use 0b###00000 instead of 0b00000### to input the
156 * three bits ###.)
157 * length: [in]
158 * The number of bits in message_bits, between 1 and 7.
159 *
160 * Returns:
161 * sha Error Code.
162 */
163 int SHA1FinalBits(SHA1Context *context, uint8_t message_bits,
164 unsigned int length)
165 {
166 static uint8_t masks[8] = {
167 /* 0 0b00000000 */ 0x00, /* 1 0b10000000 */ 0x80,
168 /* 2 0b11000000 */ 0xC0, /* 3 0b11100000 */ 0xE0,
169 /* 4 0b11110000 */ 0xF0, /* 5 0b11111000 */ 0xF8,
170 /* 6 0b11111100 */ 0xFC, /* 7 0b11111110 */ 0xFE
171 };
172
173 static uint8_t markbit[8] = {
174 /* 0 0b10000000 */ 0x80, /* 1 0b01000000 */ 0x40,
175 /* 2 0b00100000 */ 0x20, /* 3 0b00010000 */ 0x10,
176 /* 4 0b00001000 */ 0x08, /* 5 0b00000100 */ 0x04,
177 /* 6 0b00000010 */ 0x02, /* 7 0b00000001 */ 0x01
178 };
179
180 if (!context) return shaNull;
181 if (!length) return shaSuccess;
182 if (context->Corrupted) return context->Corrupted;
183 if (context->Computed) return context->Corrupted = shaStateError;
184 if (length >= 8) return context->Corrupted = shaBadParam;
185
186 SHA1AddLength(context, length);
187 SHA1Finalize(context,
188 (uint8_t) ((message_bits & masks[length]) | markbit[length]));
189
190 return context->Corrupted;
191 }
192
193 /*
194 * SHA1Result
195 *
196 * Description:
197 * This function will return the 160-bit message digest
198 * into the Message_Digest array provided by the caller.
199 * NOTE:
200 * The first octet of hash is stored in the element with index 0,
201 * the last octet of hash in the element with index 19.
202 *
203 * Parameters:
204 * context: [in/out]
205 * The context to use to calculate the SHA-1 hash.
206 * Message_Digest[ ]: [out]
207 * Where the digest is returned.
208 *
209 * Returns:
210 * sha Error Code.
211 *
212 */
213 int SHA1Result(SHA1Context *context,
214 uint8_t Message_Digest[SHA1HashSize])
215 {
216 int i;
217
218 if (!context) return shaNull;
219 if (!Message_Digest) return shaNull;
220 if (context->Corrupted) return context->Corrupted;
221
222 if (!context->Computed)
223 SHA1Finalize(context, 0x80);
224
225 for (i = 0; i < SHA1HashSize; ++i)
226 Message_Digest[i] = (uint8_t) (context->Intermediate_Hash[i>>2]
227 >> (8 * ( 3 - ( i & 0x03 ) )));
228
229 return shaSuccess;
230 }
231
232 /*
233 * SHA1ProcessMessageBlock
234 *
235 * Description:
236 * This helper function will process the next 512 bits of the
237 * message stored in the Message_Block array.
238 *
239 * Parameters:
240 * context: [in/out]
241 * The SHA context to update.
242 *
243 * Returns:
244 * Nothing.
245 *
246 * Comments:
247 * Many of the variable names in this code, especially the
248 * single character names, were used because those were the
249 * names used in the Secure Hash Standard.
250 */
251 static void SHA1ProcessMessageBlock(SHA1Context *context)
252 {
253 /* Constants defined in FIPS 180-3, section 4.2.1 */
254 const uint32_t K[4] = {
255 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xCA62C1D6
256 };
257 int t; /* Loop counter */
258 uint32_t temp; /* Temporary word value */
259 uint32_t W[80]; /* Word sequence. Security review: Location L4 */
260 uint32_t A, B, C, D, E; /* Word buffers */
261
262 /*
263 * Initialize the first 16 words in the array W
264 */
265 for (t = 0; t < 16; t++) {
266 W[t] = ((uint32_t)context->Message_Block[t * 4]) << 24;
267 W[t] |= ((uint32_t)context->Message_Block[t * 4 + 1]) << 16;
268 W[t] |= ((uint32_t)context->Message_Block[t * 4 + 2]) << 8;
269 W[t] |= ((uint32_t)context->Message_Block[t * 4 + 3]);
270 }
271
272 for (t = 16; t < 80; t++)
273 W[t] = SHA1_ROTL(1, W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
274
275 A = context->Intermediate_Hash[0];
276 B = context->Intermediate_Hash[1];
277 C = context->Intermediate_Hash[2];
278 D = context->Intermediate_Hash[3];
279 E = context->Intermediate_Hash[4];
280
281 for (t = 0; t < 20; t++) {
282 temp = SHA1_ROTL(5,A) + SHA_Ch(B, C, D) + E + W[t] + K[0];
283 E = D;
284 D = C;
285 C = SHA1_ROTL(30,B);
286 B = A;
287 A = temp;
288 }
289
290 for (t = 20; t < 40; t++) {
291 temp = SHA1_ROTL(5,A) + SHA_Parity(B, C, D) + E + W[t] + K[1];
292 E = D;
293 D = C;
294 C = SHA1_ROTL(30,B);
295 B = A;
296 A = temp;
297 }
298
299 for (t = 40; t < 60; t++) {
300 temp = SHA1_ROTL(5,A) + SHA_Maj(B, C, D) + E + W[t] + K[2];
301 E = D;
302 D = C;
303 C = SHA1_ROTL(30,B);
304 B = A;
305 A = temp;
306 }
307
308 for (t = 60; t < 80; t++) {
309 temp = SHA1_ROTL(5,A) + SHA_Parity(B, C, D) + E + W[t] + K[3];
310 E = D;
311 D = C;
312 C = SHA1_ROTL(30,B);
313 B = A;
314 A = temp;
315 }
316
317 cl_clear_secret((void *) W, sizeof(W), sizeof(W));
318
319 context->Intermediate_Hash[0] += A;
320 context->Intermediate_Hash[1] += B;
321 context->Intermediate_Hash[2] += C;
322 context->Intermediate_Hash[3] += D;
323 context->Intermediate_Hash[4] += E;
324 context->Message_Block_Index = 0;
325 }
326
327 /*
328 * SHA1Finalize
329 *
330 * Description:
331 * This helper function finishes off the digest calculations.
332 *
333 * Parameters:
334 * context: [in/out]
335 * The SHA context to update.
336 * Pad_Byte: [in]
337 * The last byte to add to the message block before the 0-padding
338 * and length. This will contain the last bits of the message
339 * followed by another single bit. If the message was an
340 * exact multiple of 8-bits long, Pad_Byte will be 0x80.
341 *
342 * Returns:
343 * sha Error Code.
344 *
345 */
346 static void SHA1Finalize(SHA1Context *context, uint8_t Pad_Byte)
347 {
348 int i;
349 SHA1PadMessage(context, Pad_Byte);
350 /* message may be sensitive, clear it out */
351 for (i = 0; i < SHA1_Message_Block_Size; ++i)
352 context->Message_Block[i] = 0;
353 context->Length_High = 0; /* and clear length */
354 context->Length_Low = 0;
355 context->Computed = 1;
356 }
357
358 /*
359 * SHA1PadMessage
360 *
361 * Description:
362 * According to the standard, the message must be padded to the next
363 * even multiple of 512 bits. The first padding bit must be a '1'.
364 * The last 64 bits represent the length of the original message.
365 * All bits in between should be 0. This helper function will pad
366 * the message according to those rules by filling the Message_Block
367 * array accordingly. When it returns, it can be assumed that the
368 * message digest has been computed.
369 *
370 * Parameters:
371 * context: [in/out]
372 * The context to pad.
373 * Pad_Byte: [in]
374 * The last byte to add to the message block before the 0-padding
375 * and length. This will contain the last bits of the message
376 * followed by another single bit. If the message was an
377 * exact multiple of 8-bits long, Pad_Byte will be 0x80.
378 *
379 * Returns:
380 * Nothing.
381 */
382 static void SHA1PadMessage(SHA1Context *context, uint8_t Pad_Byte)
383 {
384 /*
385 * Check to see if the current message block is too small to hold
386 * the initial padding bits and length. If so, we will pad the
387 * block, process it, and then continue padding into a second
388 * block.
389 */
390 if (context->Message_Block_Index >= (SHA1_Message_Block_Size - 8)) {
391 context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
392 while (context->Message_Block_Index < SHA1_Message_Block_Size)
393 context->Message_Block[context->Message_Block_Index++] = 0;
394
395 SHA1ProcessMessageBlock(context);
396 } else
397 context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
398
399 while (context->Message_Block_Index < (SHA1_Message_Block_Size - 8))
400 context->Message_Block[context->Message_Block_Index++] = 0;
401
402 /*
403 * Store the message length as the last 8 octets
404 */
405 context->Message_Block[56] = (uint8_t) (context->Length_High >> 24);
406 context->Message_Block[57] = (uint8_t) (context->Length_High >> 16);
407 context->Message_Block[58] = (uint8_t) (context->Length_High >> 8);
408 context->Message_Block[59] = (uint8_t) (context->Length_High);
409 context->Message_Block[60] = (uint8_t) (context->Length_Low >> 24);
410 context->Message_Block[61] = (uint8_t) (context->Length_Low >> 16);
411 context->Message_Block[62] = (uint8_t) (context->Length_Low >> 8);
412 context->Message_Block[63] = (uint8_t) (context->Length_Low);
413
414 SHA1ProcessMessageBlock(context);
415 }