1 /*
2 * Copyright (c) 1997, 1998, 1999, 2000, 2001 X-Way Rights BV
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 *
18 */
19
20 /*!\file sha1.c
21 * \brief SHA-1 hash function, as specified by NIST FIPS 180-1.
22 * \author Bob Deblier <bob.deblier@telenet.be>
23 * \ingroup HASH_m HASH_sha1_m
24 */
25
26 #define BEECRYPT_DLL_EXPORT
27
28 #if HAVE_CONFIG_H
29 # include "config.h"
30 #endif
31
32 #include "beecrypt/sha1.h"
33 #include "beecrypt/endianness.h"
34
35 /*!\addtogroup HASH_sha1_m
36 * \{
37 */
38
39 static const uint32_t k[4] = { 0x5a827999U, 0x6ed9eba1U, 0x8f1bbcdcU, 0xca62c1d6U };
40
41 static const uint32_t hinit[5] = { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U, 0xc3d2e1f0U };
42
43 const hashFunction sha1 = {
44 .name = "SHA-1",
45 .paramsize = sizeof(sha1Param),
46 .blocksize = 64,
47 .digestsize = 20,
48 .reset = (hashFunctionReset) sha1Reset,
49 .update = (hashFunctionUpdate) sha1Update,
50 .digest = (hashFunctionDigest) sha1Digest
51 };
52
sha1Reset(register sha1Param * p)53 int sha1Reset(register sha1Param* p)
54 {
55 memcpy(p->h, hinit, 5 * sizeof(uint32_t));
56 memset(p->data, 0, 80 * sizeof(uint32_t));
57 #if (MP_WBITS == 64)
58 mpzero(1, p->length);
59 #elif (MP_WBITS == 32)
60 mpzero(2, p->length);
61 #else
62 # error
63 #endif
64 p->offset = 0;
65 return 0;
66 }
67
68 #define SUBROUND1(a, b, c, d, e, w, k) \
69 e = ROTL32(a, 5) + ((b&(c^d))^d) + e + w + k; \
70 b = ROTR32(b, 2)
71 #define SUBROUND2(a, b, c, d, e, w, k) \
72 e = ROTL32(a, 5) + (b^c^d) + e + w + k; \
73 b = ROTR32(b, 2)
74 #define SUBROUND3(a, b, c, d, e, w, k) \
75 e = ROTL32(a, 5) + (((b|c)&d)|(b&c)) + e + w + k; \
76 b = ROTR32(b, 2)
77 #define SUBROUND4(a, b, c, d, e, w, k) \
78 e = ROTL32(a, 5) + (b^c^d) + e + w + k; \
79 b = ROTR32(b, 2)
80
81 #ifndef ASM_SHA1PROCESS
sha1Process(sha1Param * sp)82 void sha1Process(sha1Param* sp)
83 {
84 register uint32_t a, b, c, d, e;
85 register uint32_t *w;
86 register byte t;
87
88 #if WORDS_BIGENDIAN
89 w = sp->data + 16;
90 #else
91 w = sp->data;
92 t = 16;
93 while (t--)
94 {
95 register uint32_t temp = swapu32(*w);
96 *(w++) = temp;
97 }
98 #endif
99
100 t = 64;
101 while (t--)
102 {
103 register uint32_t temp = w[-3] ^ w[-8] ^ w[-14] ^ w[-16];
104 *(w++) = ROTL32(temp, 1);
105 }
106
107 w = sp->data;
108
109 a = sp->h[0]; b = sp->h[1]; c = sp->h[2]; d = sp->h[3]; e = sp->h[4];
110
111 SUBROUND1(a,b,c,d,e,w[ 0],k[0]);
112 SUBROUND1(e,a,b,c,d,w[ 1],k[0]);
113 SUBROUND1(d,e,a,b,c,w[ 2],k[0]);
114 SUBROUND1(c,d,e,a,b,w[ 3],k[0]);
115 SUBROUND1(b,c,d,e,a,w[ 4],k[0]);
116 SUBROUND1(a,b,c,d,e,w[ 5],k[0]);
117 SUBROUND1(e,a,b,c,d,w[ 6],k[0]);
118 SUBROUND1(d,e,a,b,c,w[ 7],k[0]);
119 SUBROUND1(c,d,e,a,b,w[ 8],k[0]);
120 SUBROUND1(b,c,d,e,a,w[ 9],k[0]);
121 SUBROUND1(a,b,c,d,e,w[10],k[0]);
122 SUBROUND1(e,a,b,c,d,w[11],k[0]);
123 SUBROUND1(d,e,a,b,c,w[12],k[0]);
124 SUBROUND1(c,d,e,a,b,w[13],k[0]);
125 SUBROUND1(b,c,d,e,a,w[14],k[0]);
126 SUBROUND1(a,b,c,d,e,w[15],k[0]);
127 SUBROUND1(e,a,b,c,d,w[16],k[0]);
128 SUBROUND1(d,e,a,b,c,w[17],k[0]);
129 SUBROUND1(c,d,e,a,b,w[18],k[0]);
130 SUBROUND1(b,c,d,e,a,w[19],k[0]);
131
132 SUBROUND2(a,b,c,d,e,w[20],k[1]);
133 SUBROUND2(e,a,b,c,d,w[21],k[1]);
134 SUBROUND2(d,e,a,b,c,w[22],k[1]);
135 SUBROUND2(c,d,e,a,b,w[23],k[1]);
136 SUBROUND2(b,c,d,e,a,w[24],k[1]);
137 SUBROUND2(a,b,c,d,e,w[25],k[1]);
138 SUBROUND2(e,a,b,c,d,w[26],k[1]);
139 SUBROUND2(d,e,a,b,c,w[27],k[1]);
140 SUBROUND2(c,d,e,a,b,w[28],k[1]);
141 SUBROUND2(b,c,d,e,a,w[29],k[1]);
142 SUBROUND2(a,b,c,d,e,w[30],k[1]);
143 SUBROUND2(e,a,b,c,d,w[31],k[1]);
144 SUBROUND2(d,e,a,b,c,w[32],k[1]);
145 SUBROUND2(c,d,e,a,b,w[33],k[1]);
146 SUBROUND2(b,c,d,e,a,w[34],k[1]);
147 SUBROUND2(a,b,c,d,e,w[35],k[1]);
148 SUBROUND2(e,a,b,c,d,w[36],k[1]);
149 SUBROUND2(d,e,a,b,c,w[37],k[1]);
150 SUBROUND2(c,d,e,a,b,w[38],k[1]);
151 SUBROUND2(b,c,d,e,a,w[39],k[1]);
152
153 SUBROUND3(a,b,c,d,e,w[40],k[2]);
154 SUBROUND3(e,a,b,c,d,w[41],k[2]);
155 SUBROUND3(d,e,a,b,c,w[42],k[2]);
156 SUBROUND3(c,d,e,a,b,w[43],k[2]);
157 SUBROUND3(b,c,d,e,a,w[44],k[2]);
158 SUBROUND3(a,b,c,d,e,w[45],k[2]);
159 SUBROUND3(e,a,b,c,d,w[46],k[2]);
160 SUBROUND3(d,e,a,b,c,w[47],k[2]);
161 SUBROUND3(c,d,e,a,b,w[48],k[2]);
162 SUBROUND3(b,c,d,e,a,w[49],k[2]);
163 SUBROUND3(a,b,c,d,e,w[50],k[2]);
164 SUBROUND3(e,a,b,c,d,w[51],k[2]);
165 SUBROUND3(d,e,a,b,c,w[52],k[2]);
166 SUBROUND3(c,d,e,a,b,w[53],k[2]);
167 SUBROUND3(b,c,d,e,a,w[54],k[2]);
168 SUBROUND3(a,b,c,d,e,w[55],k[2]);
169 SUBROUND3(e,a,b,c,d,w[56],k[2]);
170 SUBROUND3(d,e,a,b,c,w[57],k[2]);
171 SUBROUND3(c,d,e,a,b,w[58],k[2]);
172 SUBROUND3(b,c,d,e,a,w[59],k[2]);
173
174 SUBROUND4(a,b,c,d,e,w[60],k[3]);
175 SUBROUND4(e,a,b,c,d,w[61],k[3]);
176 SUBROUND4(d,e,a,b,c,w[62],k[3]);
177 SUBROUND4(c,d,e,a,b,w[63],k[3]);
178 SUBROUND4(b,c,d,e,a,w[64],k[3]);
179 SUBROUND4(a,b,c,d,e,w[65],k[3]);
180 SUBROUND4(e,a,b,c,d,w[66],k[3]);
181 SUBROUND4(d,e,a,b,c,w[67],k[3]);
182 SUBROUND4(c,d,e,a,b,w[68],k[3]);
183 SUBROUND4(b,c,d,e,a,w[69],k[3]);
184 SUBROUND4(a,b,c,d,e,w[70],k[3]);
185 SUBROUND4(e,a,b,c,d,w[71],k[3]);
186 SUBROUND4(d,e,a,b,c,w[72],k[3]);
187 SUBROUND4(c,d,e,a,b,w[73],k[3]);
188 SUBROUND4(b,c,d,e,a,w[74],k[3]);
189 SUBROUND4(a,b,c,d,e,w[75],k[3]);
190 SUBROUND4(e,a,b,c,d,w[76],k[3]);
191 SUBROUND4(d,e,a,b,c,w[77],k[3]);
192 SUBROUND4(c,d,e,a,b,w[78],k[3]);
193 SUBROUND4(b,c,d,e,a,w[79],k[3]);
194
195 sp->h[0] += a;
196 sp->h[1] += b;
197 sp->h[2] += c;
198 sp->h[3] += d;
199 sp->h[4] += e;
200 }
201 #endif
202
sha1Update(sha1Param * sp,const byte * data,size_t size)203 int sha1Update(sha1Param* sp, const byte* data, size_t size)
204 {
205 register uint32_t proclength;
206
207 #if (MP_WBITS == 64)
208 mpw add[1];
209 mpsetw(1, add, size);
210 mplshift(1, add, 3);
211 (void) mpadd(1, sp->length, add);
212 #elif (MP_WBITS == 32)
213 mpw add[2];
214 mpsetw(2, add, size);
215 mplshift(2, add, 3);
216 (void) mpadd(2, sp->length, add);
217 #else
218 # error
219 #endif
220
221 while (size > 0)
222 {
223 proclength = ((sp->offset + size) > 64U) ? (64U - sp->offset) : size;
224 memcpy(((byte *) sp->data) + sp->offset, data, proclength);
225 size -= proclength;
226 data += proclength;
227 sp->offset += proclength;
228
229 if (sp->offset == 64U)
230 {
231 sha1Process(sp);
232 sp->offset = 0;
233 }
234 }
235 return 0;
236 }
237
sha1Finish(sha1Param * sp)238 static void sha1Finish(sha1Param* sp)
239 {
240 register byte *ptr = ((byte *) sp->data) + sp->offset++;
241
242 *(ptr++) = 0x80;
243
244 if (sp->offset > 56)
245 {
246 while (sp->offset++ < 64)
247 *(ptr++) = 0;
248
249 sha1Process(sp);
250 sp->offset = 0;
251 }
252
253 ptr = ((byte*) sp->data) + sp->offset;
254 while (sp->offset++ < 56)
255 *(ptr++) = 0;
256
257 #if WORDS_BIGENDIAN
258 memcpy(ptr, sp->length, 8);
259 #else
260 # if (MP_WBITS == 64)
261 ptr[0] = (byte)(sp->length[0] >> 56);
262 ptr[1] = (byte)(sp->length[0] >> 48);
263 ptr[2] = (byte)(sp->length[0] >> 40);
264 ptr[3] = (byte)(sp->length[0] >> 32);
265 ptr[4] = (byte)(sp->length[0] >> 24);
266 ptr[5] = (byte)(sp->length[0] >> 16);
267 ptr[6] = (byte)(sp->length[0] >> 8);
268 ptr[7] = (byte)(sp->length[0] );
269 #elif (MP_WBITS == 32)
270 ptr[0] = (byte)(sp->length[0] >> 24);
271 ptr[1] = (byte)(sp->length[0] >> 16);
272 ptr[2] = (byte)(sp->length[0] >> 8);
273 ptr[3] = (byte)(sp->length[0] );
274 ptr[4] = (byte)(sp->length[1] >> 24);
275 ptr[5] = (byte)(sp->length[1] >> 16);
276 ptr[6] = (byte)(sp->length[1] >> 8);
277 ptr[7] = (byte)(sp->length[1] );
278 # else
279 # error
280 # endif
281 #endif
282
283 sha1Process(sp);
284
285 sp->offset = 0;
286 }
287
sha1Digest(sha1Param * sp,byte * data)288 int sha1Digest(sha1Param* sp, byte* data)
289 {
290 sha1Finish(sp);
291
292 #if WORDS_BIGENDIAN
293 memcpy(data, sp->h, 20);
294 #else
295 /* encode 5 integers big-endian style */
296 data[ 0] = (byte)(sp->h[0] >> 24);
297 data[ 1] = (byte)(sp->h[0] >> 16);
298 data[ 2] = (byte)(sp->h[0] >> 8);
299 data[ 3] = (byte)(sp->h[0] >> 0);
300 data[ 4] = (byte)(sp->h[1] >> 24);
301 data[ 5] = (byte)(sp->h[1] >> 16);
302 data[ 6] = (byte)(sp->h[1] >> 8);
303 data[ 7] = (byte)(sp->h[1] >> 0);
304 data[ 8] = (byte)(sp->h[2] >> 24);
305 data[ 9] = (byte)(sp->h[2] >> 16);
306 data[10] = (byte)(sp->h[2] >> 8);
307 data[11] = (byte)(sp->h[2] >> 0);
308 data[12] = (byte)(sp->h[3] >> 24);
309 data[13] = (byte)(sp->h[3] >> 16);
310 data[14] = (byte)(sp->h[3] >> 8);
311 data[15] = (byte)(sp->h[3] >> 0);
312 data[16] = (byte)(sp->h[4] >> 24);
313 data[17] = (byte)(sp->h[4] >> 16);
314 data[18] = (byte)(sp->h[4] >> 8);
315 data[19] = (byte)(sp->h[4] >> 0);
316 #endif
317
318 sha1Reset(sp);
319
320 return 0;
321 }
322
323 /*!\}
324 */
325