"Fossies" - the Fresh Open Source Software Archive

Member "tin-2.4.1/libcanlock/src/sha1.c" (28 Aug 2013, 12514 Bytes) of archive /linux/misc/tin-2.4.1.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "sha1.c" see the Fossies "Dox" file reference documentation.

    1 /* sha.c - Implementation of the Secure Hash Algorithm
    2  *
    3  * Copyright (C) 1995, A.M. Kuchling
    4  *
    5  * Distribute and use freely; there are no restrictions on further 
    6  * dissemination and usage except those imposed by the laws of your 
    7  * country of residence.
    8  *
    9  * Adapted to pike and some cleanup by Niels Möller.
   10  */
   11 
   12 /* $Id: sha1.c,v 1.5 2002/05/26 17:46:16 nmav Exp $ */
   13 
   14 /* SHA: NIST's Secure Hash Algorithm */
   15 
   16 /* Based on SHA code originally posted to sci.crypt by Peter Gutmann
   17    in message <30ajo5$oe8@ccu2.auckland.ac.nz>.
   18    Modified to test for endianness on creation of SHA objects by AMK.
   19    Also, the original specification of SHA was found to have a weakness
   20    by NSA/NIST.  This code implements the fixed version of SHA.
   21 */
   22 
   23 /* Here's the first paragraph of Peter Gutmann's posting:
   24    
   25 The following is my SHA (FIPS 180) code updated to allow use of the "fixed"
   26 SHA, thanks to Jim Gillogly and an anonymous contributor for the information on
   27 what's changed in the new version.  The fix is a simple change which involves
   28 adding a single rotate in the initial expansion function.  It is unknown
   29 whether this is an optimal solution to the problem which was discovered in the
   30 SHA or whether it's simply a bandaid which fixes the problem with a minimum of
   31 effort (for example the reengineering of a great many Capstone chips).
   32 */
   33 
   34 #include "sha1.h"
   35 #include <stdlib.h>
   36 #include <string.h>
   37 
   38 void sha_copy(struct sha_ctx *dest, struct sha_ctx *src)
   39 {
   40   int i;
   41 
   42   dest->count_l=src->count_l;
   43   dest->count_h=src->count_h;
   44   for(i=0; i<SHA_DIGESTLEN; i++)
   45     dest->digest[i]=src->digest[i];
   46   for(i=0; i < src->index; i++)
   47     dest->block[i] = src->block[i];
   48   dest->index = src->index;
   49 }
   50 
   51 
   52 /* The SHA f()-functions.  The f1 and f3 functions can be optimized to
   53    save one boolean operation each - thanks to Rich Schroeppel,
   54    rcs@cs.arizona.edu for discovering this */
   55 
   56 /*#define f1(x,y,z) ( ( x & y ) | ( ~x & z ) )          // Rounds  0-19 */
   57 #define f1(x,y,z)   ( z ^ ( x & ( y ^ z ) ) )           /* Rounds  0-19 */
   58 #define f2(x,y,z)   ( x ^ y ^ z )                       /* Rounds 20-39 */
   59 /*#define f3(x,y,z) ( ( x & y ) | ( x & z ) | ( y & z ) )   // Rounds 40-59 */
   60 #define f3(x,y,z)   ( ( x & y ) | ( z & ( x | y ) ) )   /* Rounds 40-59 */
   61 #define f4(x,y,z)   ( x ^ y ^ z )                       /* Rounds 60-79 */
   62 
   63 /* The SHA Mysterious Constants */
   64 
   65 #define K1  0x5A827999L                                 /* Rounds  0-19 */
   66 #define K2  0x6ED9EBA1L                                 /* Rounds 20-39 */
   67 #define K3  0x8F1BBCDCL                                 /* Rounds 40-59 */
   68 #define K4  0xCA62C1D6L                                 /* Rounds 60-79 */
   69 
   70 /* SHA initial values */
   71 
   72 #define h0init  0x67452301L
   73 #define h1init  0xEFCDAB89L
   74 #define h2init  0x98BADCFEL
   75 #define h3init  0x10325476L
   76 #define h4init  0xC3D2E1F0L
   77 
   78 /* 32-bit rotate left - kludged with shifts */
   79 
   80 #define ROTL(n,X)  ( ( (X) << (n) ) | ( (X) >> ( 32 - (n) ) ) )
   81 
   82 /* The initial expanding function.  The hash function is defined over an
   83    80-word expanded input array W, where the first 16 are copies of the input
   84    data, and the remaining 64 are defined by
   85 
   86         W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
   87 
   88    This implementation generates these values on the fly in a circular
   89    buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this
   90    optimization.
   91 
   92    The updated SHA changes the expanding function by adding a rotate of 1
   93    bit.  Thanks to Jim Gillogly, jim@rand.org, and an anonymous contributor
   94    for this information */
   95 
   96 #define expand(W,i) ( W[ i & 15 ] = \
   97               ROTL( 1, ( W[ i & 15 ] ^ W[ (i - 14) & 15 ] ^ \
   98                  W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] ) ) )
   99 
  100 /* The prototype SHA sub-round.  The fundamental sub-round is:
  101 
  102         a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
  103         b' = a;
  104         c' = ROTL( 30, b );
  105         d' = c;
  106         e' = d;
  107 
  108    but this is implemented by unrolling the loop 5 times and renaming the
  109    variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
  110    This code is then replicated 20 times for each of the 4 functions, using
  111    the next 20 values from the W[] array each time */
  112 
  113 #define subRound(a, b, c, d, e, f, k, data) \
  114     ( e += ROTL( 5, a ) + f( b, c, d ) + k + data, b = ROTL( 30, b ) )
  115 
  116 /* Initialize the SHA values */
  117 
  118 int sha_init(struct sha_ctx *ctx)
  119 {
  120   /* Set the h-vars to their initial values */
  121   ctx->digest[ 0 ] = h0init;
  122   ctx->digest[ 1 ] = h1init;
  123   ctx->digest[ 2 ] = h2init;
  124   ctx->digest[ 3 ] = h3init;
  125   ctx->digest[ 4 ] = h4init;
  126 
  127   /* Initialize bit count */
  128   ctx->count_l = ctx->count_h = 0;
  129   
  130   /* Initialize buffer */
  131   ctx->index = 0;
  132   ctx->finalized = 0;
  133   return 0;
  134 }
  135 
  136 /* Perform the SHA transformation.  Note that this code, like MD5, seems to
  137    break some optimizing compilers due to the complexity of the expressions
  138    and the size of the basic block.  It may be necessary to split it into
  139    sections, e.g. based on the four subrounds
  140 
  141    Note that this function destroys the data area */
  142 
  143 static void sha_transform(struct sha_ctx *ctx, uint32_t *data )
  144 {
  145   register uint32_t A, B, C, D, E;     /* Local vars */
  146 
  147   /* Set up first buffer and local data buffer */
  148   A = ctx->digest[0];
  149   B = ctx->digest[1];
  150   C = ctx->digest[2];
  151   D = ctx->digest[3];
  152   E = ctx->digest[4];
  153 
  154   /* Heavy mangling, in 4 sub-rounds of 20 interations each. */
  155   subRound( A, B, C, D, E, f1, K1, data[ 0] );
  156   subRound( E, A, B, C, D, f1, K1, data[ 1] );
  157   subRound( D, E, A, B, C, f1, K1, data[ 2] );
  158   subRound( C, D, E, A, B, f1, K1, data[ 3] );
  159   subRound( B, C, D, E, A, f1, K1, data[ 4] );
  160   subRound( A, B, C, D, E, f1, K1, data[ 5] );
  161   subRound( E, A, B, C, D, f1, K1, data[ 6] );
  162   subRound( D, E, A, B, C, f1, K1, data[ 7] );
  163   subRound( C, D, E, A, B, f1, K1, data[ 8] );
  164   subRound( B, C, D, E, A, f1, K1, data[ 9] );
  165   subRound( A, B, C, D, E, f1, K1, data[10] );
  166   subRound( E, A, B, C, D, f1, K1, data[11] );
  167   subRound( D, E, A, B, C, f1, K1, data[12] );
  168   subRound( C, D, E, A, B, f1, K1, data[13] );
  169   subRound( B, C, D, E, A, f1, K1, data[14] );
  170   subRound( A, B, C, D, E, f1, K1, data[15] );
  171   subRound( E, A, B, C, D, f1, K1, expand( data, 16 ) );
  172   subRound( D, E, A, B, C, f1, K1, expand( data, 17 ) );
  173   subRound( C, D, E, A, B, f1, K1, expand( data, 18 ) );
  174   subRound( B, C, D, E, A, f1, K1, expand( data, 19 ) );
  175 
  176   subRound( A, B, C, D, E, f2, K2, expand( data, 20 ) );
  177   subRound( E, A, B, C, D, f2, K2, expand( data, 21 ) );
  178   subRound( D, E, A, B, C, f2, K2, expand( data, 22 ) );
  179   subRound( C, D, E, A, B, f2, K2, expand( data, 23 ) );
  180   subRound( B, C, D, E, A, f2, K2, expand( data, 24 ) );
  181   subRound( A, B, C, D, E, f2, K2, expand( data, 25 ) );
  182   subRound( E, A, B, C, D, f2, K2, expand( data, 26 ) );
  183   subRound( D, E, A, B, C, f2, K2, expand( data, 27 ) );
  184   subRound( C, D, E, A, B, f2, K2, expand( data, 28 ) );
  185   subRound( B, C, D, E, A, f2, K2, expand( data, 29 ) );
  186   subRound( A, B, C, D, E, f2, K2, expand( data, 30 ) );
  187   subRound( E, A, B, C, D, f2, K2, expand( data, 31 ) );
  188   subRound( D, E, A, B, C, f2, K2, expand( data, 32 ) );
  189   subRound( C, D, E, A, B, f2, K2, expand( data, 33 ) );
  190   subRound( B, C, D, E, A, f2, K2, expand( data, 34 ) );
  191   subRound( A, B, C, D, E, f2, K2, expand( data, 35 ) );
  192   subRound( E, A, B, C, D, f2, K2, expand( data, 36 ) );
  193   subRound( D, E, A, B, C, f2, K2, expand( data, 37 ) );
  194   subRound( C, D, E, A, B, f2, K2, expand( data, 38 ) );
  195   subRound( B, C, D, E, A, f2, K2, expand( data, 39 ) );
  196 
  197   subRound( A, B, C, D, E, f3, K3, expand( data, 40 ) );
  198   subRound( E, A, B, C, D, f3, K3, expand( data, 41 ) );
  199   subRound( D, E, A, B, C, f3, K3, expand( data, 42 ) );
  200   subRound( C, D, E, A, B, f3, K3, expand( data, 43 ) );
  201   subRound( B, C, D, E, A, f3, K3, expand( data, 44 ) );
  202   subRound( A, B, C, D, E, f3, K3, expand( data, 45 ) );
  203   subRound( E, A, B, C, D, f3, K3, expand( data, 46 ) );
  204   subRound( D, E, A, B, C, f3, K3, expand( data, 47 ) );
  205   subRound( C, D, E, A, B, f3, K3, expand( data, 48 ) );
  206   subRound( B, C, D, E, A, f3, K3, expand( data, 49 ) );
  207   subRound( A, B, C, D, E, f3, K3, expand( data, 50 ) );
  208   subRound( E, A, B, C, D, f3, K3, expand( data, 51 ) );
  209   subRound( D, E, A, B, C, f3, K3, expand( data, 52 ) );
  210   subRound( C, D, E, A, B, f3, K3, expand( data, 53 ) );
  211   subRound( B, C, D, E, A, f3, K3, expand( data, 54 ) );
  212   subRound( A, B, C, D, E, f3, K3, expand( data, 55 ) );
  213   subRound( E, A, B, C, D, f3, K3, expand( data, 56 ) );
  214   subRound( D, E, A, B, C, f3, K3, expand( data, 57 ) );
  215   subRound( C, D, E, A, B, f3, K3, expand( data, 58 ) );
  216   subRound( B, C, D, E, A, f3, K3, expand( data, 59 ) );
  217 
  218   subRound( A, B, C, D, E, f4, K4, expand( data, 60 ) );
  219   subRound( E, A, B, C, D, f4, K4, expand( data, 61 ) );
  220   subRound( D, E, A, B, C, f4, K4, expand( data, 62 ) );
  221   subRound( C, D, E, A, B, f4, K4, expand( data, 63 ) );
  222   subRound( B, C, D, E, A, f4, K4, expand( data, 64 ) );
  223   subRound( A, B, C, D, E, f4, K4, expand( data, 65 ) );
  224   subRound( E, A, B, C, D, f4, K4, expand( data, 66 ) );
  225   subRound( D, E, A, B, C, f4, K4, expand( data, 67 ) );
  226   subRound( C, D, E, A, B, f4, K4, expand( data, 68 ) );
  227   subRound( B, C, D, E, A, f4, K4, expand( data, 69 ) );
  228   subRound( A, B, C, D, E, f4, K4, expand( data, 70 ) );
  229   subRound( E, A, B, C, D, f4, K4, expand( data, 71 ) );
  230   subRound( D, E, A, B, C, f4, K4, expand( data, 72 ) );
  231   subRound( C, D, E, A, B, f4, K4, expand( data, 73 ) );
  232   subRound( B, C, D, E, A, f4, K4, expand( data, 74 ) );
  233   subRound( A, B, C, D, E, f4, K4, expand( data, 75 ) );
  234   subRound( E, A, B, C, D, f4, K4, expand( data, 76 ) );
  235   subRound( D, E, A, B, C, f4, K4, expand( data, 77 ) );
  236   subRound( C, D, E, A, B, f4, K4, expand( data, 78 ) );
  237   subRound( B, C, D, E, A, f4, K4, expand( data, 79 ) );
  238 
  239   /* Build message digest */
  240   ctx->digest[0] += A;
  241   ctx->digest[1] += B;
  242   ctx->digest[2] += C;
  243   ctx->digest[3] += D;
  244   ctx->digest[4] += E;
  245 }
  246 
  247 
  248 static void sha_block(struct sha_ctx *ctx, const uint8_t *block)
  249 {
  250   uint32_t data[SHA_DATALEN];
  251   int i;
  252   
  253   /* Update block count */
  254   if (!++ctx->count_l)
  255     ++ctx->count_h;
  256 
  257   /* Endian independent conversion */
  258   for (i = 0; i<SHA_DATALEN; i++, block += 4)
  259     data[i] = STRING2INT(block);
  260 
  261   sha_transform(ctx, data);
  262 }
  263 
  264 int sha_update(struct sha_ctx *ctx, const uint8_t *buffer, uint32_t len)
  265 {
  266   if (ctx->index)
  267     { /* Try to fill partial block */
  268       unsigned left = SHA_DATASIZE - ctx->index;
  269       if (len < left)
  270     {
  271       memcpy(ctx->block + ctx->index, buffer, len);
  272       ctx->index += len;
  273       return 0; /* Finished */
  274     }
  275       else
  276     {
  277       memcpy(ctx->block + ctx->index, buffer, left);
  278       sha_block(ctx, ctx->block);
  279       buffer += left;
  280       len -= left;
  281     }
  282     }
  283   while (len >= SHA_DATASIZE)
  284     {
  285       sha_block(ctx, buffer);
  286       buffer += SHA_DATASIZE;
  287       len -= SHA_DATASIZE;
  288     }
  289   if ((ctx->index = len))     /* This assignment is intended */
  290     /* Buffer leftovers */
  291     memcpy(ctx->block, buffer, len);
  292   return 0;
  293 }
  294       
  295 /* Final wrapup - pad to SHA_DATASIZE-byte boundary with the bit pattern
  296    1 0* (64-bit count of bits processed, MSB-first) */
  297 
  298 void sha_final(struct sha_ctx *ctx)
  299 {
  300   uint32_t data[SHA_DATALEN];
  301   int i;
  302   int words;
  303   
  304   i = ctx->index;
  305   /* Set the first char of padding to 0x80.  This is safe since there is
  306      always at least one byte free */
  307   ctx->block[i++] = 0x80;
  308 
  309   /* Fill rest of word */
  310   for( ; i & 3; i++)
  311     ctx->block[i] = 0;
  312 
  313   /* i is now a multiple of the word size 4 */
  314   words = i >> 2;
  315   for (i = 0; i < words; i++)
  316     data[i] = STRING2INT(ctx->block + 4*i);
  317   
  318   if (words > (SHA_DATALEN-2))
  319     { /* No room for length in this block. Process it and
  320        * pad with another one */
  321       for (i = words ; i < SHA_DATALEN; i++)
  322     data[i] = 0;
  323       sha_transform(ctx, data);
  324       for (i = 0; i < (SHA_DATALEN-2); i++)
  325     data[i] = 0;
  326     }
  327   else
  328     for (i = words ; i < SHA_DATALEN - 2; i++)
  329       data[i] = 0;
  330   /* Theres 512 = 2^9 bits in one block */
  331   data[SHA_DATALEN-2] = (ctx->count_h << 9) | (ctx->count_l >> 23);
  332   data[SHA_DATALEN-1] = (ctx->count_l << 9) | (ctx->index << 3);
  333   sha_transform(ctx, data);
  334   ctx->finalized = 1;
  335 }
  336 
  337 int sha_digest(struct sha_ctx *ctx, uint8_t *s)
  338 {
  339   int i;
  340   if (ctx->finalized == 0)
  341     sha_final (ctx);
  342 
  343   if (s!=NULL)
  344       for (i = 0; i < SHA_DIGESTLEN; i++)
  345         {
  346           *s++ =         ctx->digest[i] >> 24;
  347           *s++ = 0xff & (ctx->digest[i] >> 16);
  348           *s++ = 0xff & (ctx->digest[i] >> 8);
  349           *s++ = 0xff &  ctx->digest[i];
  350         }
  351   return 0;
  352 }
  353