1 /*
2 * FIPS-180-1 compliant SHA-1 implementation,
3 * by Christophe Devine <devine@cr0.net>;
4 * this program is licensed under the GPL.
5 */
6
7 #include <string.h>
8
9 #include "sha1.h"
10
11 #define GET_UINT32(n,b,i) \
12 { \
13 (n) = ( (uint32) (b)[(i) ] << 24 ) \
14 | ( (uint32) (b)[(i) + 1] << 16 ) \
15 | ( (uint32) (b)[(i) + 2] << 8 ) \
16 | ( (uint32) (b)[(i) + 3] ); \
17 }
18
19 #define PUT_UINT32(n,b,i) \
20 { \
21 (b)[(i) ] = (uint8) ( (n) >> 24 ); \
22 (b)[(i) + 1] = (uint8) ( (n) >> 16 ); \
23 (b)[(i) + 2] = (uint8) ( (n) >> 8 ); \
24 (b)[(i) + 3] = (uint8) ( (n) ); \
25 }
26
sha1_starts(sha1_context * ctx)27 void sha1_starts( sha1_context *ctx )
28 {
29 ctx->total[0] = 0;
30 ctx->total[1] = 0;
31
32 ctx->state[0] = 0x67452301;
33 ctx->state[1] = 0xEFCDAB89;
34 ctx->state[2] = 0x98BADCFE;
35 ctx->state[3] = 0x10325476;
36 ctx->state[4] = 0xC3D2E1F0;
37 }
38
sha1_process(sha1_context * ctx,uint8 data[64])39 void sha1_process( sha1_context *ctx, uint8 data[64] )
40 {
41 uint32 temp, W[16], A, B, C, D, E;
42
43 GET_UINT32( W[0], data, 0 );
44 GET_UINT32( W[1], data, 4 );
45 GET_UINT32( W[2], data, 8 );
46 GET_UINT32( W[3], data, 12 );
47 GET_UINT32( W[4], data, 16 );
48 GET_UINT32( W[5], data, 20 );
49 GET_UINT32( W[6], data, 24 );
50 GET_UINT32( W[7], data, 28 );
51 GET_UINT32( W[8], data, 32 );
52 GET_UINT32( W[9], data, 36 );
53 GET_UINT32( W[10], data, 40 );
54 GET_UINT32( W[11], data, 44 );
55 GET_UINT32( W[12], data, 48 );
56 GET_UINT32( W[13], data, 52 );
57 GET_UINT32( W[14], data, 56 );
58 GET_UINT32( W[15], data, 60 );
59
60 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
61
62 #define R(t) \
63 ( \
64 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
65 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
66 ( W[t & 0x0F] = S(temp,1) ) \
67 )
68
69 #define P(a,b,c,d,e,x) \
70 { \
71 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
72 }
73
74 A = ctx->state[0];
75 B = ctx->state[1];
76 C = ctx->state[2];
77 D = ctx->state[3];
78 E = ctx->state[4];
79
80 #define F(x,y,z) (z ^ (x & (y ^ z)))
81 #define K 0x5A827999
82
83 P( A, B, C, D, E, W[0] );
84 P( E, A, B, C, D, W[1] );
85 P( D, E, A, B, C, W[2] );
86 P( C, D, E, A, B, W[3] );
87 P( B, C, D, E, A, W[4] );
88 P( A, B, C, D, E, W[5] );
89 P( E, A, B, C, D, W[6] );
90 P( D, E, A, B, C, W[7] );
91 P( C, D, E, A, B, W[8] );
92 P( B, C, D, E, A, W[9] );
93 P( A, B, C, D, E, W[10] );
94 P( E, A, B, C, D, W[11] );
95 P( D, E, A, B, C, W[12] );
96 P( C, D, E, A, B, W[13] );
97 P( B, C, D, E, A, W[14] );
98 P( A, B, C, D, E, W[15] );
99 P( E, A, B, C, D, R(16) );
100 P( D, E, A, B, C, R(17) );
101 P( C, D, E, A, B, R(18) );
102 P( B, C, D, E, A, R(19) );
103
104 #undef K
105 #undef F
106
107 #define F(x,y,z) (x ^ y ^ z)
108 #define K 0x6ED9EBA1
109
110 P( A, B, C, D, E, R(20) );
111 P( E, A, B, C, D, R(21) );
112 P( D, E, A, B, C, R(22) );
113 P( C, D, E, A, B, R(23) );
114 P( B, C, D, E, A, R(24) );
115 P( A, B, C, D, E, R(25) );
116 P( E, A, B, C, D, R(26) );
117 P( D, E, A, B, C, R(27) );
118 P( C, D, E, A, B, R(28) );
119 P( B, C, D, E, A, R(29) );
120 P( A, B, C, D, E, R(30) );
121 P( E, A, B, C, D, R(31) );
122 P( D, E, A, B, C, R(32) );
123 P( C, D, E, A, B, R(33) );
124 P( B, C, D, E, A, R(34) );
125 P( A, B, C, D, E, R(35) );
126 P( E, A, B, C, D, R(36) );
127 P( D, E, A, B, C, R(37) );
128 P( C, D, E, A, B, R(38) );
129 P( B, C, D, E, A, R(39) );
130
131 #undef K
132 #undef F
133
134 #define F(x,y,z) ((x & y) | (z & (x | y)))
135 #define K 0x8F1BBCDC
136
137 P( A, B, C, D, E, R(40) );
138 P( E, A, B, C, D, R(41) );
139 P( D, E, A, B, C, R(42) );
140 P( C, D, E, A, B, R(43) );
141 P( B, C, D, E, A, R(44) );
142 P( A, B, C, D, E, R(45) );
143 P( E, A, B, C, D, R(46) );
144 P( D, E, A, B, C, R(47) );
145 P( C, D, E, A, B, R(48) );
146 P( B, C, D, E, A, R(49) );
147 P( A, B, C, D, E, R(50) );
148 P( E, A, B, C, D, R(51) );
149 P( D, E, A, B, C, R(52) );
150 P( C, D, E, A, B, R(53) );
151 P( B, C, D, E, A, R(54) );
152 P( A, B, C, D, E, R(55) );
153 P( E, A, B, C, D, R(56) );
154 P( D, E, A, B, C, R(57) );
155 P( C, D, E, A, B, R(58) );
156 P( B, C, D, E, A, R(59) );
157
158 #undef K
159 #undef F
160
161 #define F(x,y,z) (x ^ y ^ z)
162 #define K 0xCA62C1D6
163
164 P( A, B, C, D, E, R(60) );
165 P( E, A, B, C, D, R(61) );
166 P( D, E, A, B, C, R(62) );
167 P( C, D, E, A, B, R(63) );
168 P( B, C, D, E, A, R(64) );
169 P( A, B, C, D, E, R(65) );
170 P( E, A, B, C, D, R(66) );
171 P( D, E, A, B, C, R(67) );
172 P( C, D, E, A, B, R(68) );
173 P( B, C, D, E, A, R(69) );
174 P( A, B, C, D, E, R(70) );
175 P( E, A, B, C, D, R(71) );
176 P( D, E, A, B, C, R(72) );
177 P( C, D, E, A, B, R(73) );
178 P( B, C, D, E, A, R(74) );
179 P( A, B, C, D, E, R(75) );
180 P( E, A, B, C, D, R(76) );
181 P( D, E, A, B, C, R(77) );
182 P( C, D, E, A, B, R(78) );
183 P( B, C, D, E, A, R(79) );
184
185 #undef K
186 #undef F
187
188 ctx->state[0] += A;
189 ctx->state[1] += B;
190 ctx->state[2] += C;
191 ctx->state[3] += D;
192 ctx->state[4] += E;
193 }
194
sha1_update(sha1_context * ctx,uint8 * input,uint32 length)195 void sha1_update( sha1_context *ctx, uint8 *input, uint32 length )
196 {
197 uint32 left, fill;
198
199 if( ! length ) return;
200
201 left = ctx->total[0] & 0x3F;
202 fill = 64 - left;
203
204 ctx->total[0] += length;
205 ctx->total[0] &= 0xFFFFFFFF;
206
207 if( ctx->total[0] < length )
208 ctx->total[1]++; /* #nocov */
209
210 if( left && length >= fill )
211 {
212 memcpy( (void *) (ctx->buffer + left),
213 (void *) input, fill );
214 sha1_process( ctx, ctx->buffer );
215 length -= fill;
216 input += fill;
217 left = 0;
218 }
219
220 while( length >= 64 )
221 {
222 sha1_process( ctx, input );
223 length -= 64;
224 input += 64;
225 }
226
227 if( length )
228 {
229 memcpy( (void *) (ctx->buffer + left),
230 (void *) input, length );
231 }
232 }
233
234 static uint8 sha1_padding[64] =
235 {
236 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
237 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
238 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
239 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
240 };
241
sha1_finish(sha1_context * ctx,uint8 digest[20])242 void sha1_finish( sha1_context *ctx, uint8 digest[20] )
243 {
244 uint32 last, padn;
245 uint32 high, low;
246 uint8 msglen[8];
247
248 high = ( ctx->total[0] >> 29 )
249 | ( ctx->total[1] << 3 );
250 low = ( ctx->total[0] << 3 );
251
252 PUT_UINT32( high, msglen, 0 );
253 PUT_UINT32( low, msglen, 4 );
254
255 last = ctx->total[0] & 0x3F;
256 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
257
258 sha1_update( ctx, sha1_padding, padn );
259 sha1_update( ctx, msglen, 8 );
260
261 PUT_UINT32( ctx->state[0], digest, 0 );
262 PUT_UINT32( ctx->state[1], digest, 4 );
263 PUT_UINT32( ctx->state[2], digest, 8 );
264 PUT_UINT32( ctx->state[3], digest, 12 );
265 PUT_UINT32( ctx->state[4], digest, 16 );
266 }
267
268 #ifdef TEST
269
270 #include <stdlib.h>
271 #include <stdio.h>
272
273 /*
274 * those are the standard FIPS-180-1 test vectors
275 */
276
277 static char *msg[] =
278 {
279 "abc",
280 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
281 NULL
282 };
283
284 static char *val[] =
285 {
286 "a9993e364706816aba3e25717850c26c9cd0d89d",
287 "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
288 "34aa973cd4c4daa4f61eeb2bdbad27316534016f"
289 };
290
main(int argc,char * argv[])291 int main( int argc, char *argv[] )
292 {
293 FILE *f;
294 int i, j;
295 char output[41];
296 sha1_context ctx;
297 unsigned char buf[1000];
298 unsigned char sha1sum[20];
299
300 if( argc < 2 )
301 {
302 printf( "\n SHA-1 Validation Tests:\n\n" );
303
304 for( i = 0; i < 3; i++ )
305 {
306 printf( " Test %d ", i + 1 );
307
308 sha1_starts( &ctx );
309
310 if( i < 2 )
311 {
312 sha1_update( &ctx, (uint8 *) msg[i],
313 strlen( msg[i] ) );
314 }
315 else
316 {
317 memset( buf, 'a', 1000 );
318
319 for( j = 0; j < 1000; j++ )
320 {
321 sha1_update( &ctx, (uint8 *) buf, 1000 );
322 }
323 }
324
325 sha1_finish( &ctx, sha1sum );
326
327 for( j = 0; j < 20; j++ )
328 {
329 sprintf( output + j * 2, "%02x", sha1sum[j] );
330 }
331
332 if( memcmp( output, val[i], 40 ) )
333 {
334 printf( "failed!\n" );
335 return( 1 );
336 }
337
338 printf( "passed.\n" );
339 }
340
341 printf( "\n" );
342 }
343 else
344 {
345 if( ! ( f = fopen( argv[1], "rb" ) ) )
346 {
347 perror( "fopen" );
348 return( 1 );
349 }
350
351 sha1_starts( &ctx );
352
353 while( ( i = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
354 {
355 sha1_update( &ctx, buf, i );
356 }
357
358 sha1_finish( &ctx, sha1sum );
359
360 for( j = 0; j < 20; j++ )
361 {
362 printf( "%02x", sha1sum[j] );
363 }
364
365 printf( " %s\n", argv[1] );
366 }
367
368 return( 0 );
369 }
370
371 #endif
372