sha1.c revision 1.1.1.1.8.1
1 1.1 mrg /* sha1.c - Functions to compute SHA1 message digest of files or 2 1.1 mrg memory blocks according to the NIST specification FIPS-180-1. 3 1.1 mrg 4 1.1 mrg Copyright (C) 2000, 2001, 2003, 2004, 2005, 2006, 2008 Free Software 5 1.1 mrg Foundation, Inc. 6 1.1 mrg 7 1.1 mrg This program is free software; you can redistribute it and/or modify it 8 1.1 mrg under the terms of the GNU General Public License as published by the 9 1.1 mrg Free Software Foundation; either version 2, or (at your option) any 10 1.1 mrg later version. 11 1.1 mrg 12 1.1 mrg This program is distributed in the hope that it will be useful, 13 1.1 mrg but WITHOUT ANY WARRANTY; without even the implied warranty of 14 1.1 mrg MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 1.1 mrg GNU General Public License for more details. 16 1.1 mrg 17 1.1 mrg You should have received a copy of the GNU General Public License 18 1.1 mrg along with this program; if not, write to the Free Software Foundation, 19 1.1 mrg Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ 20 1.1 mrg 21 1.1 mrg /* Written by Scott G. Miller 22 1.1 mrg Credits: 23 1.1 mrg Robert Klep <robert (at) ilse.nl> -- Expansion function fix 24 1.1 mrg */ 25 1.1 mrg 26 1.1 mrg #include <config.h> 27 1.1 mrg 28 1.1 mrg #include "sha1.h" 29 1.1 mrg 30 1.1 mrg #include <stddef.h> 31 1.1 mrg #include <string.h> 32 1.1 mrg 33 1.1 mrg #if USE_UNLOCKED_IO 34 1.1 mrg # include "unlocked-io.h" 35 1.1 mrg #endif 36 1.1 mrg 37 1.1 mrg #ifdef WORDS_BIGENDIAN 38 1.1 mrg # define SWAP(n) (n) 39 1.1 mrg #else 40 1.1 mrg # define SWAP(n) \ 41 1.1 mrg (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24)) 42 1.1 mrg #endif 43 1.1 mrg 44 1.1 mrg #define BLOCKSIZE 4096 45 1.1 mrg #if BLOCKSIZE % 64 != 0 46 1.1 mrg # error "invalid BLOCKSIZE" 47 1.1 mrg #endif 48 1.1 mrg 49 1.1 mrg /* This array contains the bytes used to pad the buffer to the next 50 1.1 mrg 64-byte boundary. (RFC 1321, 3.1: Step 1) */ 51 1.1 mrg static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; 52 1.1 mrg 53 1.1 mrg 54 1.1 mrg /* Take a pointer to a 160 bit block of data (five 32 bit ints) and 55 1.1 mrg initialize it to the start constants of the SHA1 algorithm. This 56 1.1 mrg must be called before using hash in the call to sha1_hash. */ 57 1.1 mrg void 58 1.1 mrg sha1_init_ctx (struct sha1_ctx *ctx) 59 1.1 mrg { 60 1.1 mrg ctx->A = 0x67452301; 61 1.1 mrg ctx->B = 0xefcdab89; 62 1.1 mrg ctx->C = 0x98badcfe; 63 1.1 mrg ctx->D = 0x10325476; 64 1.1 mrg ctx->E = 0xc3d2e1f0; 65 1.1 mrg 66 1.1 mrg ctx->total[0] = ctx->total[1] = 0; 67 1.1 mrg ctx->buflen = 0; 68 1.1 mrg } 69 1.1 mrg 70 1.1 mrg /* Put result from CTX in first 20 bytes following RESBUF. The result 71 1.1 mrg must be in little endian byte order. 72 1.1 mrg 73 1.1 mrg IMPORTANT: On some systems it is required that RESBUF is correctly 74 1.1 mrg aligned for a 32-bit value. */ 75 1.1 mrg void * 76 1.1 mrg sha1_read_ctx (const struct sha1_ctx *ctx, void *resbuf) 77 1.1 mrg { 78 1.1 mrg ((sha1_uint32 *) resbuf)[0] = SWAP (ctx->A); 79 1.1 mrg ((sha1_uint32 *) resbuf)[1] = SWAP (ctx->B); 80 1.1 mrg ((sha1_uint32 *) resbuf)[2] = SWAP (ctx->C); 81 1.1 mrg ((sha1_uint32 *) resbuf)[3] = SWAP (ctx->D); 82 1.1 mrg ((sha1_uint32 *) resbuf)[4] = SWAP (ctx->E); 83 1.1 mrg 84 1.1 mrg return resbuf; 85 1.1 mrg } 86 1.1 mrg 87 1.1 mrg /* Process the remaining bytes in the internal buffer and the usual 88 1.1 mrg prolog according to the standard and write the result to RESBUF. 89 1.1 mrg 90 1.1 mrg IMPORTANT: On some systems it is required that RESBUF is correctly 91 1.1 mrg aligned for a 32-bit value. */ 92 1.1 mrg void * 93 1.1 mrg sha1_finish_ctx (struct sha1_ctx *ctx, void *resbuf) 94 1.1 mrg { 95 1.1 mrg /* Take yet unprocessed bytes into account. */ 96 1.1 mrg sha1_uint32 bytes = ctx->buflen; 97 1.1 mrg size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4; 98 1.1 mrg 99 1.1 mrg /* Now count remaining bytes. */ 100 1.1 mrg ctx->total[0] += bytes; 101 1.1 mrg if (ctx->total[0] < bytes) 102 1.1 mrg ++ctx->total[1]; 103 1.1 mrg 104 1.1 mrg /* Put the 64-bit file length in *bits* at the end of the buffer. */ 105 1.1 mrg ctx->buffer[size - 2] = SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29)); 106 1.1 mrg ctx->buffer[size - 1] = SWAP (ctx->total[0] << 3); 107 1.1 mrg 108 1.1 mrg memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes); 109 1.1 mrg 110 1.1 mrg /* Process last bytes. */ 111 1.1 mrg sha1_process_block (ctx->buffer, size * 4, ctx); 112 1.1 mrg 113 1.1 mrg return sha1_read_ctx (ctx, resbuf); 114 1.1 mrg } 115 1.1 mrg 116 1.1 mrg /* Compute SHA1 message digest for bytes read from STREAM. The 117 1.1 mrg resulting message digest number will be written into the 16 bytes 118 1.1 mrg beginning at RESBLOCK. */ 119 1.1 mrg int 120 1.1 mrg sha1_stream (FILE *stream, void *resblock) 121 1.1 mrg { 122 1.1 mrg struct sha1_ctx ctx; 123 1.1 mrg char buffer[BLOCKSIZE + 72]; 124 1.1 mrg size_t sum; 125 1.1 mrg 126 1.1 mrg /* Initialize the computation context. */ 127 1.1 mrg sha1_init_ctx (&ctx); 128 1.1 mrg 129 1.1 mrg /* Iterate over full file contents. */ 130 1.1 mrg while (1) 131 1.1 mrg { 132 1.1 mrg /* We read the file in blocks of BLOCKSIZE bytes. One call of the 133 1.1 mrg computation function processes the whole buffer so that with the 134 1.1 mrg next round of the loop another block can be read. */ 135 1.1 mrg size_t n; 136 1.1 mrg sum = 0; 137 1.1 mrg 138 1.1 mrg /* Read block. Take care for partial reads. */ 139 1.1 mrg while (1) 140 1.1 mrg { 141 1.1 mrg n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); 142 1.1 mrg 143 1.1 mrg sum += n; 144 1.1 mrg 145 1.1 mrg if (sum == BLOCKSIZE) 146 1.1 mrg break; 147 1.1 mrg 148 1.1 mrg if (n == 0) 149 1.1 mrg { 150 1.1 mrg /* Check for the error flag IFF N == 0, so that we don't 151 1.1 mrg exit the loop after a partial read due to e.g., EAGAIN 152 1.1 mrg or EWOULDBLOCK. */ 153 1.1 mrg if (ferror (stream)) 154 1.1 mrg return 1; 155 1.1 mrg goto process_partial_block; 156 1.1 mrg } 157 1.1 mrg 158 1.1 mrg /* We've read at least one byte, so ignore errors. But always 159 1.1 mrg check for EOF, since feof may be true even though N > 0. 160 1.1 mrg Otherwise, we could end up calling fread after EOF. */ 161 1.1 mrg if (feof (stream)) 162 1.1 mrg goto process_partial_block; 163 1.1 mrg } 164 1.1 mrg 165 1.1 mrg /* Process buffer with BLOCKSIZE bytes. Note that 166 1.1 mrg BLOCKSIZE % 64 == 0 167 1.1 mrg */ 168 1.1 mrg sha1_process_block (buffer, BLOCKSIZE, &ctx); 169 1.1 mrg } 170 1.1 mrg 171 1.1 mrg process_partial_block:; 172 1.1 mrg 173 1.1 mrg /* Process any remaining bytes. */ 174 1.1 mrg if (sum > 0) 175 1.1 mrg sha1_process_bytes (buffer, sum, &ctx); 176 1.1 mrg 177 1.1 mrg /* Construct result in desired memory. */ 178 1.1 mrg sha1_finish_ctx (&ctx, resblock); 179 1.1 mrg return 0; 180 1.1 mrg } 181 1.1 mrg 182 1.1 mrg /* Compute SHA1 message digest for LEN bytes beginning at BUFFER. The 183 1.1 mrg result is always in little endian byte order, so that a byte-wise 184 1.1 mrg output yields to the wanted ASCII representation of the message 185 1.1 mrg digest. */ 186 1.1 mrg void * 187 1.1 mrg sha1_buffer (const char *buffer, size_t len, void *resblock) 188 1.1 mrg { 189 1.1 mrg struct sha1_ctx ctx; 190 1.1 mrg 191 1.1 mrg /* Initialize the computation context. */ 192 1.1 mrg sha1_init_ctx (&ctx); 193 1.1 mrg 194 1.1 mrg /* Process whole buffer but last len % 64 bytes. */ 195 1.1 mrg sha1_process_bytes (buffer, len, &ctx); 196 1.1 mrg 197 1.1 mrg /* Put result in desired memory area. */ 198 1.1 mrg return sha1_finish_ctx (&ctx, resblock); 199 1.1 mrg } 200 1.1 mrg 201 1.1 mrg void 202 1.1 mrg sha1_process_bytes (const void *buffer, size_t len, struct sha1_ctx *ctx) 203 1.1 mrg { 204 1.1 mrg /* When we already have some bits in our internal buffer concatenate 205 1.1 mrg both inputs first. */ 206 1.1 mrg if (ctx->buflen != 0) 207 1.1 mrg { 208 1.1 mrg size_t left_over = ctx->buflen; 209 1.1 mrg size_t add = 128 - left_over > len ? len : 128 - left_over; 210 1.1 mrg 211 1.1 mrg memcpy (&((char *) ctx->buffer)[left_over], buffer, add); 212 1.1 mrg ctx->buflen += add; 213 1.1 mrg 214 1.1 mrg if (ctx->buflen > 64) 215 1.1 mrg { 216 1.1 mrg sha1_process_block (ctx->buffer, ctx->buflen & ~63, ctx); 217 1.1 mrg 218 1.1 mrg ctx->buflen &= 63; 219 1.1 mrg /* The regions in the following copy operation cannot overlap. */ 220 1.1 mrg memcpy (ctx->buffer, 221 1.1 mrg &((char *) ctx->buffer)[(left_over + add) & ~63], 222 1.1 mrg ctx->buflen); 223 1.1 mrg } 224 1.1 mrg 225 1.1 mrg buffer = (const char *) buffer + add; 226 1.1 mrg len -= add; 227 1.1 mrg } 228 1.1 mrg 229 1.1 mrg /* Process available complete blocks. */ 230 1.1 mrg if (len >= 64) 231 1.1 mrg { 232 1.1 mrg #if !_STRING_ARCH_unaligned 233 1.1 mrg # define alignof(type) offsetof (struct { char c; type x; }, x) 234 1.1 mrg # define UNALIGNED_P(p) (((size_t) p) % alignof (sha1_uint32) != 0) 235 1.1 mrg if (UNALIGNED_P (buffer)) 236 1.1 mrg while (len > 64) 237 1.1 mrg { 238 1.1 mrg sha1_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx); 239 1.1 mrg buffer = (const char *) buffer + 64; 240 1.1 mrg len -= 64; 241 1.1 mrg } 242 1.1 mrg else 243 1.1 mrg #endif 244 1.1 mrg { 245 1.1 mrg sha1_process_block (buffer, len & ~63, ctx); 246 1.1 mrg buffer = (const char *) buffer + (len & ~63); 247 1.1 mrg len &= 63; 248 1.1 mrg } 249 1.1 mrg } 250 1.1 mrg 251 1.1 mrg /* Move remaining bytes in internal buffer. */ 252 1.1 mrg if (len > 0) 253 1.1 mrg { 254 1.1 mrg size_t left_over = ctx->buflen; 255 1.1 mrg 256 1.1 mrg memcpy (&((char *) ctx->buffer)[left_over], buffer, len); 257 1.1 mrg left_over += len; 258 1.1 mrg if (left_over >= 64) 259 1.1 mrg { 260 1.1 mrg sha1_process_block (ctx->buffer, 64, ctx); 261 1.1 mrg left_over -= 64; 262 1.1 mrg memcpy (ctx->buffer, &ctx->buffer[16], left_over); 263 1.1 mrg } 264 1.1 mrg ctx->buflen = left_over; 265 1.1 mrg } 266 1.1 mrg } 267 1.1 mrg 268 1.1 mrg /* --- Code below is the primary difference between md5.c and sha1.c --- */ 269 1.1 mrg 270 1.1 mrg /* SHA1 round constants */ 271 1.1 mrg #define K1 0x5a827999 272 1.1 mrg #define K2 0x6ed9eba1 273 1.1 mrg #define K3 0x8f1bbcdc 274 1.1 mrg #define K4 0xca62c1d6 275 1.1 mrg 276 1.1 mrg /* Round functions. Note that F2 is the same as F4. */ 277 1.1 mrg #define F1(B,C,D) ( D ^ ( B & ( C ^ D ) ) ) 278 1.1 mrg #define F2(B,C,D) (B ^ C ^ D) 279 1.1 mrg #define F3(B,C,D) ( ( B & C ) | ( D & ( B | C ) ) ) 280 1.1 mrg #define F4(B,C,D) (B ^ C ^ D) 281 1.1 mrg 282 1.1 mrg /* Process LEN bytes of BUFFER, accumulating context into CTX. 283 1.1 mrg It is assumed that LEN % 64 == 0. 284 1.1 mrg Most of this code comes from GnuPG's cipher/sha1.c. */ 285 1.1 mrg 286 1.1 mrg void 287 1.1 mrg sha1_process_block (const void *buffer, size_t len, struct sha1_ctx *ctx) 288 1.1 mrg { 289 1.1 mrg const sha1_uint32 *words = (const sha1_uint32*) buffer; 290 1.1 mrg size_t nwords = len / sizeof (sha1_uint32); 291 1.1 mrg const sha1_uint32 *endp = words + nwords; 292 1.1 mrg sha1_uint32 x[16]; 293 1.1 mrg sha1_uint32 a = ctx->A; 294 1.1 mrg sha1_uint32 b = ctx->B; 295 1.1 mrg sha1_uint32 c = ctx->C; 296 1.1 mrg sha1_uint32 d = ctx->D; 297 1.1 mrg sha1_uint32 e = ctx->E; 298 1.1 mrg 299 1.1 mrg /* First increment the byte count. RFC 1321 specifies the possible 300 1.1 mrg length of the file up to 2^64 bits. Here we only compute the 301 1.1 mrg number of bytes. Do a double word increment. */ 302 1.1 mrg ctx->total[0] += len; 303 1.1.1.1.8.1 tls ctx->total[1] += ((len >> 31) >> 1) + (ctx->total[0] < len); 304 1.1 mrg 305 1.1 mrg #define rol(x, n) (((x) << (n)) | ((sha1_uint32) (x) >> (32 - (n)))) 306 1.1 mrg 307 1.1 mrg #define M(I) ( tm = x[I&0x0f] ^ x[(I-14)&0x0f] \ 308 1.1 mrg ^ x[(I-8)&0x0f] ^ x[(I-3)&0x0f] \ 309 1.1 mrg , (x[I&0x0f] = rol(tm, 1)) ) 310 1.1 mrg 311 1.1 mrg #define R(A,B,C,D,E,F,K,M) do { E += rol( A, 5 ) \ 312 1.1 mrg + F( B, C, D ) \ 313 1.1 mrg + K \ 314 1.1 mrg + M; \ 315 1.1 mrg B = rol( B, 30 ); \ 316 1.1 mrg } while(0) 317 1.1 mrg 318 1.1 mrg while (words < endp) 319 1.1 mrg { 320 1.1 mrg sha1_uint32 tm; 321 1.1 mrg int t; 322 1.1 mrg for (t = 0; t < 16; t++) 323 1.1 mrg { 324 1.1 mrg x[t] = SWAP (*words); 325 1.1 mrg words++; 326 1.1 mrg } 327 1.1 mrg 328 1.1 mrg R( a, b, c, d, e, F1, K1, x[ 0] ); 329 1.1 mrg R( e, a, b, c, d, F1, K1, x[ 1] ); 330 1.1 mrg R( d, e, a, b, c, F1, K1, x[ 2] ); 331 1.1 mrg R( c, d, e, a, b, F1, K1, x[ 3] ); 332 1.1 mrg R( b, c, d, e, a, F1, K1, x[ 4] ); 333 1.1 mrg R( a, b, c, d, e, F1, K1, x[ 5] ); 334 1.1 mrg R( e, a, b, c, d, F1, K1, x[ 6] ); 335 1.1 mrg R( d, e, a, b, c, F1, K1, x[ 7] ); 336 1.1 mrg R( c, d, e, a, b, F1, K1, x[ 8] ); 337 1.1 mrg R( b, c, d, e, a, F1, K1, x[ 9] ); 338 1.1 mrg R( a, b, c, d, e, F1, K1, x[10] ); 339 1.1 mrg R( e, a, b, c, d, F1, K1, x[11] ); 340 1.1 mrg R( d, e, a, b, c, F1, K1, x[12] ); 341 1.1 mrg R( c, d, e, a, b, F1, K1, x[13] ); 342 1.1 mrg R( b, c, d, e, a, F1, K1, x[14] ); 343 1.1 mrg R( a, b, c, d, e, F1, K1, x[15] ); 344 1.1 mrg R( e, a, b, c, d, F1, K1, M(16) ); 345 1.1 mrg R( d, e, a, b, c, F1, K1, M(17) ); 346 1.1 mrg R( c, d, e, a, b, F1, K1, M(18) ); 347 1.1 mrg R( b, c, d, e, a, F1, K1, M(19) ); 348 1.1 mrg R( a, b, c, d, e, F2, K2, M(20) ); 349 1.1 mrg R( e, a, b, c, d, F2, K2, M(21) ); 350 1.1 mrg R( d, e, a, b, c, F2, K2, M(22) ); 351 1.1 mrg R( c, d, e, a, b, F2, K2, M(23) ); 352 1.1 mrg R( b, c, d, e, a, F2, K2, M(24) ); 353 1.1 mrg R( a, b, c, d, e, F2, K2, M(25) ); 354 1.1 mrg R( e, a, b, c, d, F2, K2, M(26) ); 355 1.1 mrg R( d, e, a, b, c, F2, K2, M(27) ); 356 1.1 mrg R( c, d, e, a, b, F2, K2, M(28) ); 357 1.1 mrg R( b, c, d, e, a, F2, K2, M(29) ); 358 1.1 mrg R( a, b, c, d, e, F2, K2, M(30) ); 359 1.1 mrg R( e, a, b, c, d, F2, K2, M(31) ); 360 1.1 mrg R( d, e, a, b, c, F2, K2, M(32) ); 361 1.1 mrg R( c, d, e, a, b, F2, K2, M(33) ); 362 1.1 mrg R( b, c, d, e, a, F2, K2, M(34) ); 363 1.1 mrg R( a, b, c, d, e, F2, K2, M(35) ); 364 1.1 mrg R( e, a, b, c, d, F2, K2, M(36) ); 365 1.1 mrg R( d, e, a, b, c, F2, K2, M(37) ); 366 1.1 mrg R( c, d, e, a, b, F2, K2, M(38) ); 367 1.1 mrg R( b, c, d, e, a, F2, K2, M(39) ); 368 1.1 mrg R( a, b, c, d, e, F3, K3, M(40) ); 369 1.1 mrg R( e, a, b, c, d, F3, K3, M(41) ); 370 1.1 mrg R( d, e, a, b, c, F3, K3, M(42) ); 371 1.1 mrg R( c, d, e, a, b, F3, K3, M(43) ); 372 1.1 mrg R( b, c, d, e, a, F3, K3, M(44) ); 373 1.1 mrg R( a, b, c, d, e, F3, K3, M(45) ); 374 1.1 mrg R( e, a, b, c, d, F3, K3, M(46) ); 375 1.1 mrg R( d, e, a, b, c, F3, K3, M(47) ); 376 1.1 mrg R( c, d, e, a, b, F3, K3, M(48) ); 377 1.1 mrg R( b, c, d, e, a, F3, K3, M(49) ); 378 1.1 mrg R( a, b, c, d, e, F3, K3, M(50) ); 379 1.1 mrg R( e, a, b, c, d, F3, K3, M(51) ); 380 1.1 mrg R( d, e, a, b, c, F3, K3, M(52) ); 381 1.1 mrg R( c, d, e, a, b, F3, K3, M(53) ); 382 1.1 mrg R( b, c, d, e, a, F3, K3, M(54) ); 383 1.1 mrg R( a, b, c, d, e, F3, K3, M(55) ); 384 1.1 mrg R( e, a, b, c, d, F3, K3, M(56) ); 385 1.1 mrg R( d, e, a, b, c, F3, K3, M(57) ); 386 1.1 mrg R( c, d, e, a, b, F3, K3, M(58) ); 387 1.1 mrg R( b, c, d, e, a, F3, K3, M(59) ); 388 1.1 mrg R( a, b, c, d, e, F4, K4, M(60) ); 389 1.1 mrg R( e, a, b, c, d, F4, K4, M(61) ); 390 1.1 mrg R( d, e, a, b, c, F4, K4, M(62) ); 391 1.1 mrg R( c, d, e, a, b, F4, K4, M(63) ); 392 1.1 mrg R( b, c, d, e, a, F4, K4, M(64) ); 393 1.1 mrg R( a, b, c, d, e, F4, K4, M(65) ); 394 1.1 mrg R( e, a, b, c, d, F4, K4, M(66) ); 395 1.1 mrg R( d, e, a, b, c, F4, K4, M(67) ); 396 1.1 mrg R( c, d, e, a, b, F4, K4, M(68) ); 397 1.1 mrg R( b, c, d, e, a, F4, K4, M(69) ); 398 1.1 mrg R( a, b, c, d, e, F4, K4, M(70) ); 399 1.1 mrg R( e, a, b, c, d, F4, K4, M(71) ); 400 1.1 mrg R( d, e, a, b, c, F4, K4, M(72) ); 401 1.1 mrg R( c, d, e, a, b, F4, K4, M(73) ); 402 1.1 mrg R( b, c, d, e, a, F4, K4, M(74) ); 403 1.1 mrg R( a, b, c, d, e, F4, K4, M(75) ); 404 1.1 mrg R( e, a, b, c, d, F4, K4, M(76) ); 405 1.1 mrg R( d, e, a, b, c, F4, K4, M(77) ); 406 1.1 mrg R( c, d, e, a, b, F4, K4, M(78) ); 407 1.1 mrg R( b, c, d, e, a, F4, K4, M(79) ); 408 1.1 mrg 409 1.1 mrg a = ctx->A += a; 410 1.1 mrg b = ctx->B += b; 411 1.1 mrg c = ctx->C += c; 412 1.1 mrg d = ctx->D += d; 413 1.1 mrg e = ctx->E += e; 414 1.1 mrg } 415 1.1 mrg } 416
Indexes created Sat Feb 28 05:31:39 UTC 2026