1 /**
2 * @file sha1.c
3 *
4 * @brief FIPS-180-1 compliant SHA-1 implementation.
5 *
6 * This Code is a slightly modified version of the original
7 * Christophe Devine's code.
8 *
9 * 2004-10-08 Alejandro Claro <aleo@apollyon.no-ip.com>
10 * - Variables types adapted to Glib types for compatibilities reasons.
11 * - SHA1 function, compute sha1 of a memory block using just 1 function.
12 * - R, S and P macros moved outside sha1_process function.
13 * - SHA_DIGEST_LENGTH defined and sustituted where needed.
14 *
15 * Fri Oct 8 20:32:33 2004
16 * Copyright (C) 2004 Alejandro Claro
17 * aleo@apollyon.no-ip.com
18 */
19
20 /*
21 * Copyright (C) 2001-2003 Christophe Devine
22 *
23 * This program is free software; you can redistribute it and/or modify
24 * it under the terms of the GNU General Public License as published by
25 * the Free Software Foundation; either version 2 of the License, or
26 * (at your option) any later version.
27 *
28 * This program is distributed in the hope that it will be useful,
29 * but WITHOUT ANY WARRANTY; without even the implied warranty of
30 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
31 * GNU General Public License for more details.
32 *
33 * You should have received a copy of the GNU General Public License
34 * along with this program; if not, write to the Free Software
35 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
36 */
37
38 #include <glib.h>
39 #include <string.h>
40
41 #include "sha1.h"
42
43 /* MACROS *******************************************************************/
44
45 #define GET_UINT32(n,b,i) \
46 { \
47 (n) = ((guint32)(b)[(i) ] << 24) \
48 | ((guint32)(b)[(i) + 1] << 16) \
49 | ((guint32)(b)[(i) + 2] << 8) \
50 | ((guint32)(b)[(i) + 3] ); \
51 }
52
53 #define PUT_UINT32(n,b,i) \
54 { \
55 (b)[(i) ] = (guint8)((n) >> 24); \
56 (b)[(i) + 1] = (guint8)((n) >> 16); \
57 (b)[(i) + 2] = (guint8)((n) >> 8); \
58 (b)[(i) + 3] = (guint8)((n) ); \
59 }
60
61 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
62
63 #define R(t) \
64 ( \
65 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
66 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
67 (W[t & 0x0F] = S(temp,1)) \
68 )
69
70 #define P(a,b,c,d,e,x) \
71 { \
72 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
73 }
74
75 /* GLOBALS ******************************************************************/
76
77 static guint8 sha1_padding[64] =
78 {
79 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
80 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
81 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
82 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
83 };
84
85 /* FUNCTIONS ****************************************************************/
86
87 /**
88 * @brief this functions have to be call to start the sha1 calculation.
89 *
90 * @param ctx: the sha1 context structure.
91 */
92 void
sha1_starts(sha1_context * ctx)93 sha1_starts(sha1_context *ctx)
94 {
95 ctx->total[0] = 0;
96 ctx->total[1] = 0;
97
98 ctx->state[0] = 0x67452301;
99 ctx->state[1] = 0xEFCDAB89;
100 ctx->state[2] = 0x98BADCFE;
101 ctx->state[3] = 0x10325476;
102 ctx->state[4] = 0xC3D2E1F0;
103
104 return;
105 }
106
107 /**
108 * @brief this process the sha1 calculation of a chunck of data.
109 *
110 * @param ctx: the sha1 context structure.
111 * @param data: a chuck of 64 bytes of data.
112 */
113 void
sha1_process(sha1_context * ctx,guint8 data[64])114 sha1_process(sha1_context *ctx, guint8 data[64])
115 {
116 guint32 temp, W[16], A, B, C, D, E;
117
118 GET_UINT32(W[0], data, 0);
119 GET_UINT32(W[1], data, 4);
120 GET_UINT32(W[2], data, 8);
121 GET_UINT32(W[3], data, 12);
122 GET_UINT32(W[4], data, 16);
123 GET_UINT32(W[5], data, 20);
124 GET_UINT32(W[6], data, 24);
125 GET_UINT32(W[7], data, 28);
126 GET_UINT32(W[8], data, 32);
127 GET_UINT32(W[9], data, 36);
128 GET_UINT32(W[10], data, 40);
129 GET_UINT32(W[11], data, 44);
130 GET_UINT32(W[12], data, 48);
131 GET_UINT32(W[13], data, 52);
132 GET_UINT32(W[14], data, 56);
133 GET_UINT32(W[15], data, 60);
134
135 A = ctx->state[0];
136 B = ctx->state[1];
137 C = ctx->state[2];
138 D = ctx->state[3];
139 E = ctx->state[4];
140
141 #define F(x,y,z) (z ^ (x & (y ^ z)))
142 #define K 0x5A827999
143
144 P(A, B, C, D, E, W[0] );
145 P(E, A, B, C, D, W[1] );
146 P(D, E, A, B, C, W[2] );
147 P(C, D, E, A, B, W[3] );
148 P(B, C, D, E, A, W[4] );
149 P(A, B, C, D, E, W[5] );
150 P(E, A, B, C, D, W[6] );
151 P(D, E, A, B, C, W[7] );
152 P(C, D, E, A, B, W[8] );
153 P(B, C, D, E, A, W[9] );
154 P(A, B, C, D, E, W[10]);
155 P(E, A, B, C, D, W[11]);
156 P(D, E, A, B, C, W[12]);
157 P(C, D, E, A, B, W[13]);
158 P(B, C, D, E, A, W[14]);
159 P(A, B, C, D, E, W[15]);
160 P(E, A, B, C, D, R(16));
161 P(D, E, A, B, C, R(17));
162 P(C, D, E, A, B, R(18));
163 P(B, C, D, E, A, R(19));
164
165 #undef K
166 #undef F
167 #define F(x,y,z) (x ^ y ^ z)
168 #define K 0x6ED9EBA1
169
170 P(A, B, C, D, E, R(20));
171 P(E, A, B, C, D, R(21));
172 P(D, E, A, B, C, R(22));
173 P(C, D, E, A, B, R(23));
174 P(B, C, D, E, A, R(24));
175 P(A, B, C, D, E, R(25));
176 P(E, A, B, C, D, R(26));
177 P(D, E, A, B, C, R(27));
178 P(C, D, E, A, B, R(28));
179 P(B, C, D, E, A, R(29));
180 P(A, B, C, D, E, R(30));
181 P(E, A, B, C, D, R(31));
182 P(D, E, A, B, C, R(32));
183 P(C, D, E, A, B, R(33));
184 P(B, C, D, E, A, R(34));
185 P(A, B, C, D, E, R(35));
186 P(E, A, B, C, D, R(36));
187 P(D, E, A, B, C, R(37));
188 P(C, D, E, A, B, R(38));
189 P(B, C, D, E, A, R(39));
190
191 #undef K
192 #undef F
193 #define F(x,y,z) ((x & y) | (z & (x | y)))
194 #define K 0x8F1BBCDC
195
196 P(A, B, C, D, E, R(40));
197 P(E, A, B, C, D, R(41));
198 P(D, E, A, B, C, R(42));
199 P(C, D, E, A, B, R(43));
200 P(B, C, D, E, A, R(44));
201 P(A, B, C, D, E, R(45));
202 P(E, A, B, C, D, R(46));
203 P(D, E, A, B, C, R(47));
204 P(C, D, E, A, B, R(48));
205 P(B, C, D, E, A, R(49));
206 P(A, B, C, D, E, R(50));
207 P(E, A, B, C, D, R(51));
208 P(D, E, A, B, C, R(52));
209 P(C, D, E, A, B, R(53));
210 P(B, C, D, E, A, R(54));
211 P(A, B, C, D, E, R(55));
212 P(E, A, B, C, D, R(56));
213 P(D, E, A, B, C, R(57));
214 P(C, D, E, A, B, R(58));
215 P(B, C, D, E, A, R(59));
216
217 #undef K
218 #undef F
219 #define F(x,y,z) (x ^ y ^ z)
220 #define K 0xCA62C1D6
221
222 P(A, B, C, D, E, R(60));
223 P(E, A, B, C, D, R(61));
224 P(D, E, A, B, C, R(62));
225 P(C, D, E, A, B, R(63));
226 P(B, C, D, E, A, R(64));
227 P(A, B, C, D, E, R(65));
228 P(E, A, B, C, D, R(66));
229 P(D, E, A, B, C, R(67));
230 P(C, D, E, A, B, R(68));
231 P(B, C, D, E, A, R(69));
232 P(A, B, C, D, E, R(70));
233 P(E, A, B, C, D, R(71));
234 P(D, E, A, B, C, R(72));
235 P(C, D, E, A, B, R(73));
236 P(B, C, D, E, A, R(74));
237 P(A, B, C, D, E, R(75));
238 P(E, A, B, C, D, R(76));
239 P(D, E, A, B, C, R(77));
240 P(C, D, E, A, B, R(78));
241 P(B, C, D, E, A, R(79));
242
243 #undef K
244 #undef F
245
246 ctx->state[0] += A;
247 ctx->state[1] += B;
248 ctx->state[2] += C;
249 ctx->state[3] += D;
250 ctx->state[4] += E;
251
252 return;
253 }
254
255 /**
256 * @brief prepare sha1 for the input data.
257 *
258 * put input data how many time as you need. use sha1_finish to get
259 * the sha1 of the all inputs.
260 *
261 * @param ctx: sha1 context structure.
262 * @param input: pointer to the input data.
263 * @param length: the byte length of the input data.
264 */
265 void
sha1_update(sha1_context * ctx,guint8 * input,guint32 length)266 sha1_update(sha1_context *ctx, guint8 *input, guint32 length)
267 {
268 guint32 left, fill;
269
270 if(!length)
271 return;
272
273 left = ctx->total[0] & 0x3F;
274 fill = 64 - left;
275
276 ctx->total[0] += length;
277 ctx->total[0] &= 0xFFFFFFFF;
278
279 if(ctx->total[0] < length)
280 ctx->total[1]++;
281
282 if(left && length >= fill)
283 {
284 memcpy((void*)(ctx->buffer + left), (void*)input, fill);
285 sha1_process(ctx, ctx->buffer);
286 length -= fill;
287 input += fill;
288 left = 0;
289 }
290
291 while(length >= 64)
292 {
293 sha1_process(ctx, input);
294 length -= 64;
295 input += 64;
296 }
297
298 if(length)
299 memcpy((void*)(ctx->buffer + left), (void*)input, length);
300
301 return;
302 }
303
304 /**
305 * @brief digest the sha1 of all previous introduced data.
306 *
307 * @param ctx: sha1 context structure.
308 * @param digest: the SHA_DIGEST_LENGTH bytes sha1 of all previous introduced data.
309 */
310 void
sha1_finish(sha1_context * ctx,guint8 digest[SHA_DIGEST_LENGTH])311 sha1_finish(sha1_context *ctx, guint8 digest[SHA_DIGEST_LENGTH])
312 {
313 guint32 last, padn;
314 guint32 high, low;
315 guint8 msglen[8];
316
317 high = (ctx->total[0] >> 29)
318 | (ctx->total[1] << 3);
319 low = (ctx->total[0] << 3);
320
321 PUT_UINT32(high, msglen, 0);
322 PUT_UINT32(low, msglen, 4);
323
324 last = ctx->total[0] & 0x3F;
325 padn = (last < 56)?(56 - last):(120 - last);
326
327 sha1_update(ctx, sha1_padding, padn);
328 sha1_update(ctx, msglen, 8);
329
330 PUT_UINT32(ctx->state[0], digest, 0);
331 PUT_UINT32(ctx->state[1], digest, 4);
332 PUT_UINT32(ctx->state[2], digest, 8);
333 PUT_UINT32(ctx->state[3], digest, 12);
334 PUT_UINT32(ctx->state[4], digest, 16);
335
336 return;
337 }
338
339 /**
340 * @brief compute SHA-1 of a memory data block.
341 *
342 * @param input: the memory data.
343 * @param length: the bytes data length
344 * @param digest: the SHA_DIGEST_LENGTH bytes sha1.
345 * @return a pointer to the hash value. If digest is NULL, the digest
346 * is placed in a static SHA_DIGEST_LENGTH bytes array.
347 */
348 guint8 *
SHA1(guint8 * input,guint32 length,guint8 * digest)349 SHA1(guint8 *input, guint32 length, guint8 *digest)
350 {
351 sha1_context ctx;
352 static guint8 sha1sum[SHA_DIGEST_LENGTH];
353
354 if(digest == NULL)
355 digest = sha1sum;
356
357 sha1_starts(&ctx);
358 sha1_update(&ctx, input, length);
359 sha1_finish(&ctx, digest);
360
361 return digest;
362 }
363