1 /* $NetBSD: sha.c,v 1.1.1.1 2011/04/13 18:14:51 elric Exp $ */ 2 3 /* 4 * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include "config.h" 37 38 #include "hash.h" 39 #include "sha.h" 40 41 #define A m->counter[0] 42 #define B m->counter[1] 43 #define C m->counter[2] 44 #define D m->counter[3] 45 #define E m->counter[4] 46 #define X data 47 48 void 49 SHA1_Init (struct sha *m) 50 { 51 m->sz[0] = 0; 52 m->sz[1] = 0; 53 A = 0x67452301; 54 B = 0xefcdab89; 55 C = 0x98badcfe; 56 D = 0x10325476; 57 E = 0xc3d2e1f0; 58 } 59 60 61 #define F0(x,y,z) CRAYFIX((x & y) | (~x & z)) 62 #define F1(x,y,z) (x ^ y ^ z) 63 #define F2(x,y,z) ((x & y) | (x & z) | (y & z)) 64 #define F3(x,y,z) F1(x,y,z) 65 66 #define K0 0x5a827999 67 #define K1 0x6ed9eba1 68 #define K2 0x8f1bbcdc 69 #define K3 0xca62c1d6 70 71 #define DO(t,f,k) \ 72 do { \ 73 uint32_t temp; \ 74 \ 75 temp = cshift(AA, 5) + f(BB,CC,DD) + EE + data[t] + k; \ 76 EE = DD; \ 77 DD = CC; \ 78 CC = cshift(BB, 30); \ 79 BB = AA; \ 80 AA = temp; \ 81 } while(0) 82 83 static inline void 84 calc (struct sha *m, uint32_t *in) 85 { 86 uint32_t AA, BB, CC, DD, EE; 87 uint32_t data[80]; 88 int i; 89 90 AA = A; 91 BB = B; 92 CC = C; 93 DD = D; 94 EE = E; 95 96 for (i = 0; i < 16; ++i) 97 data[i] = in[i]; 98 for (i = 16; i < 80; ++i) 99 data[i] = cshift(data[i-3] ^ data[i-8] ^ data[i-14] ^ data[i-16], 1); 100 101 /* t=[0,19] */ 102 103 DO(0,F0,K0); 104 DO(1,F0,K0); 105 DO(2,F0,K0); 106 DO(3,F0,K0); 107 DO(4,F0,K0); 108 DO(5,F0,K0); 109 DO(6,F0,K0); 110 DO(7,F0,K0); 111 DO(8,F0,K0); 112 DO(9,F0,K0); 113 DO(10,F0,K0); 114 DO(11,F0,K0); 115 DO(12,F0,K0); 116 DO(13,F0,K0); 117 DO(14,F0,K0); 118 DO(15,F0,K0); 119 DO(16,F0,K0); 120 DO(17,F0,K0); 121 DO(18,F0,K0); 122 DO(19,F0,K0); 123 124 /* t=[20,39] */ 125 126 DO(20,F1,K1); 127 DO(21,F1,K1); 128 DO(22,F1,K1); 129 DO(23,F1,K1); 130 DO(24,F1,K1); 131 DO(25,F1,K1); 132 DO(26,F1,K1); 133 DO(27,F1,K1); 134 DO(28,F1,K1); 135 DO(29,F1,K1); 136 DO(30,F1,K1); 137 DO(31,F1,K1); 138 DO(32,F1,K1); 139 DO(33,F1,K1); 140 DO(34,F1,K1); 141 DO(35,F1,K1); 142 DO(36,F1,K1); 143 DO(37,F1,K1); 144 DO(38,F1,K1); 145 DO(39,F1,K1); 146 147 /* t=[40,59] */ 148 149 DO(40,F2,K2); 150 DO(41,F2,K2); 151 DO(42,F2,K2); 152 DO(43,F2,K2); 153 DO(44,F2,K2); 154 DO(45,F2,K2); 155 DO(46,F2,K2); 156 DO(47,F2,K2); 157 DO(48,F2,K2); 158 DO(49,F2,K2); 159 DO(50,F2,K2); 160 DO(51,F2,K2); 161 DO(52,F2,K2); 162 DO(53,F2,K2); 163 DO(54,F2,K2); 164 DO(55,F2,K2); 165 DO(56,F2,K2); 166 DO(57,F2,K2); 167 DO(58,F2,K2); 168 DO(59,F2,K2); 169 170 /* t=[60,79] */ 171 172 DO(60,F3,K3); 173 DO(61,F3,K3); 174 DO(62,F3,K3); 175 DO(63,F3,K3); 176 DO(64,F3,K3); 177 DO(65,F3,K3); 178 DO(66,F3,K3); 179 DO(67,F3,K3); 180 DO(68,F3,K3); 181 DO(69,F3,K3); 182 DO(70,F3,K3); 183 DO(71,F3,K3); 184 DO(72,F3,K3); 185 DO(73,F3,K3); 186 DO(74,F3,K3); 187 DO(75,F3,K3); 188 DO(76,F3,K3); 189 DO(77,F3,K3); 190 DO(78,F3,K3); 191 DO(79,F3,K3); 192 193 A += AA; 194 B += BB; 195 C += CC; 196 D += DD; 197 E += EE; 198 } 199 200 /* 201 * From `Performance analysis of MD5' by Joseph D. Touch <touch@isi.edu> 202 */ 203 204 #if !defined(WORDS_BIGENDIAN) || defined(_CRAY) 205 static inline uint32_t 206 swap_uint32_t (uint32_t t) 207 { 208 #define ROL(x,n) ((x)<<(n))|((x)>>(32-(n))) 209 uint32_t temp1, temp2; 210 211 temp1 = cshift(t, 16); 212 temp2 = temp1 >> 8; 213 temp1 &= 0x00ff00ff; 214 temp2 &= 0x00ff00ff; 215 temp1 <<= 8; 216 return temp1 | temp2; 217 } 218 #endif 219 220 struct x32{ 221 unsigned int a:32; 222 unsigned int b:32; 223 }; 224 225 void 226 SHA1_Update (struct sha *m, const void *v, size_t len) 227 { 228 const unsigned char *p = v; 229 size_t old_sz = m->sz[0]; 230 size_t offset; 231 232 m->sz[0] += len * 8; 233 if (m->sz[0] < old_sz) 234 ++m->sz[1]; 235 offset = (old_sz / 8) % 64; 236 while(len > 0){ 237 size_t l = min(len, 64 - offset); 238 memcpy(m->save + offset, p, l); 239 offset += l; 240 p += l; 241 len -= l; 242 if(offset == 64){ 243 #if !defined(WORDS_BIGENDIAN) || defined(_CRAY) 244 int i; 245 uint32_t SHA1current[16]; 246 struct x32 *us = (struct x32*)m->save; 247 for(i = 0; i < 8; i++){ 248 SHA1current[2*i+0] = swap_uint32_t(us[i].a); 249 SHA1current[2*i+1] = swap_uint32_t(us[i].b); 250 } 251 calc(m, SHA1current); 252 #else 253 calc(m, (uint32_t*)m->save); 254 #endif 255 offset = 0; 256 } 257 } 258 } 259 260 void 261 SHA1_Final (void *res, struct sha *m) 262 { 263 unsigned char zeros[72]; 264 unsigned offset = (m->sz[0] / 8) % 64; 265 unsigned int dstart = (120 - offset - 1) % 64 + 1; 266 267 *zeros = 0x80; 268 memset (zeros + 1, 0, sizeof(zeros) - 1); 269 zeros[dstart+7] = (m->sz[0] >> 0) & 0xff; 270 zeros[dstart+6] = (m->sz[0] >> 8) & 0xff; 271 zeros[dstart+5] = (m->sz[0] >> 16) & 0xff; 272 zeros[dstart+4] = (m->sz[0] >> 24) & 0xff; 273 zeros[dstart+3] = (m->sz[1] >> 0) & 0xff; 274 zeros[dstart+2] = (m->sz[1] >> 8) & 0xff; 275 zeros[dstart+1] = (m->sz[1] >> 16) & 0xff; 276 zeros[dstart+0] = (m->sz[1] >> 24) & 0xff; 277 SHA1_Update (m, zeros, dstart + 8); 278 { 279 int i; 280 unsigned char *r = (unsigned char*)res; 281 282 for (i = 0; i < 5; ++i) { 283 r[4*i+3] = m->counter[i] & 0xFF; 284 r[4*i+2] = (m->counter[i] >> 8) & 0xFF; 285 r[4*i+1] = (m->counter[i] >> 16) & 0xFF; 286 r[4*i] = (m->counter[i] >> 24) & 0xFF; 287 } 288 } 289 #if 0 290 { 291 int i; 292 uint32_t *r = (uint32_t *)res; 293 294 for (i = 0; i < 5; ++i) 295 r[i] = swap_uint32_t (m->counter[i]); 296 } 297 #endif 298 } 299