root/lib/sha1.c

DEFINITIONS

1. sha1_init_ctx
2. set_uint32
3. sha1_read_ctx
4. sha1_finish_ctx
5. sha1_buffer
6. sha1_process_bytes
7. sha1_process_block

     1 /* sha1.c - Functions to compute SHA1 message digest of files or
     2    memory blocks according to the NIST specification FIPS-180-1.
     3 
     4    Copyright (C) 2000-2001, 2003-2006, 2008-2023 Free Software Foundation, Inc.
     5 
     6    This file is free software: you can redistribute it and/or modify
     7    it under the terms of the GNU Lesser General Public License as
     8    published by the Free Software Foundation; either version 2.1 of the
     9    License, or (at your option) any later version.
    10 
    11    This file is distributed in the hope that it will be useful,
    12    but WITHOUT ANY WARRANTY; without even the implied warranty of
    13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14    GNU Lesser General Public License for more details.
    15 
    16    You should have received a copy of the GNU Lesser General Public License
    17    along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
    18 
    19 /* Written by Scott G. Miller
    20    Credits:
    21       Robert Klep <robert@ilse.nl>  -- Expansion function fix
    22 */
    23 
    24 #include <config.h>
    25 
    26 /* Specification.  */
    27 #if HAVE_OPENSSL_SHA1
    28 # define GL_OPENSSL_INLINE _GL_EXTERN_INLINE
    29 #endif
    30 #include "sha1.h"
    31 
    32 #include <stdint.h>
    33 #include <string.h>
    34 
    35 #include <byteswap.h>
    36 #ifdef WORDS_BIGENDIAN
    37 # define SWAP(n) (n)
    38 #else
    39 # define SWAP(n) bswap_32 (n)
    40 #endif
    41 
    42 #if ! HAVE_OPENSSL_SHA1
    43 
    44 /* This array contains the bytes used to pad the buffer to the next
    45    64-byte boundary.  (RFC 1321, 3.1: Step 1)  */
    46 static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ...  */ };
    47 
    48 
    49 /* Take a pointer to a 160 bit block of data (five 32 bit ints) and
    50    initialize it to the start constants of the SHA1 algorithm.  This
    51    must be called before using hash in the call to sha1_hash.  */
    52 void
    53 sha1_init_ctx (struct sha1_ctx *ctx)
    54 {
    55   ctx->A = 0x67452301;
    56   ctx->B = 0xefcdab89;
    57   ctx->C = 0x98badcfe;
    58   ctx->D = 0x10325476;
    59   ctx->E = 0xc3d2e1f0;
    60 
    61   ctx->total[0] = ctx->total[1] = 0;
    62   ctx->buflen = 0;
    63 }
    64 
    65 /* Copy the 4 byte value from v into the memory location pointed to by *cp,
    66    If your architecture allows unaligned access this is equivalent to
    67    * (uint32_t *) cp = v  */
    68 static void
    69 set_uint32 (char *cp, uint32_t v)
    70 {
    71   memcpy (cp, &v, sizeof v);
    72 }
    73 
    74 /* Put result from CTX in first 20 bytes following RESBUF.  The result
    75    must be in little endian byte order.  */
    76 void *
    77 sha1_read_ctx (const struct sha1_ctx *ctx, void *resbuf)
    78 {
    79   char *r = resbuf;
    80   set_uint32 (r + 0 * sizeof ctx->A, SWAP (ctx->A));
    81   set_uint32 (r + 1 * sizeof ctx->B, SWAP (ctx->B));
    82   set_uint32 (r + 2 * sizeof ctx->C, SWAP (ctx->C));
    83   set_uint32 (r + 3 * sizeof ctx->D, SWAP (ctx->D));
    84   set_uint32 (r + 4 * sizeof ctx->E, SWAP (ctx->E));
    85 
    86   return resbuf;
    87 }
    88 
    89 /* Process the remaining bytes in the internal buffer and the usual
    90    prolog according to the standard and write the result to RESBUF.  */
    91 void *
    92 sha1_finish_ctx (struct sha1_ctx *ctx, void *resbuf)
    93 {
    94   /* Take yet unprocessed bytes into account.  */
    95   uint32_t bytes = ctx->buflen;
    96   size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4;
    97 
    98   /* Now count remaining bytes.  */
    99   ctx->total[0] += bytes;
   100   if (ctx->total[0] < bytes)
   101     ++ctx->total[1];
   102 
   103   /* Put the 64-bit file length in *bits* at the end of the buffer.  */
   104   ctx->buffer[size - 2] = SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29));
   105   ctx->buffer[size - 1] = SWAP (ctx->total[0] << 3);
   106 
   107   memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes);
   108 
   109   /* Process last bytes.  */
   110   sha1_process_block (ctx->buffer, size * 4, ctx);
   111 
   112   return sha1_read_ctx (ctx, resbuf);
   113 }
   114 
   115 /* Compute SHA1 message digest for LEN bytes beginning at BUFFER.  The
   116    result is always in little endian byte order, so that a byte-wise
   117    output yields to the wanted ASCII representation of the message
   118    digest.  */
   119 void *
   120 sha1_buffer (const char *buffer, size_t len, void *resblock)
   121 {
   122   struct sha1_ctx ctx;
   123 
   124   /* Initialize the computation context.  */
   125   sha1_init_ctx (&ctx);
   126 
   127   /* Process whole buffer but last len % 64 bytes.  */
   128   sha1_process_bytes (buffer, len, &ctx);
   129 
   130   /* Put result in desired memory area.  */
   131   return sha1_finish_ctx (&ctx, resblock);
   132 }
   133 
   134 void
   135 sha1_process_bytes (const void *buffer, size_t len, struct sha1_ctx *ctx)
   136 {
   137   /* When we already have some bits in our internal buffer concatenate
   138      both inputs first.  */
   139   if (ctx->buflen != 0)
   140     {
   141       size_t left_over = ctx->buflen;
   142       size_t add = 128 - left_over > len ? len : 128 - left_over;
   143 
   144       memcpy (&((char *) ctx->buffer)[left_over], buffer, add);
   145       ctx->buflen += add;
   146 
   147       if (ctx->buflen > 64)
   148         {
   149           sha1_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
   150 
   151           ctx->buflen &= 63;
   152           /* The regions in the following copy operation cannot overlap,
   153              because ctx->buflen < 64 ≤ (left_over + add) & ~63.  */
   154           memcpy (ctx->buffer,
   155                   &((char *) ctx->buffer)[(left_over + add) & ~63],
   156                   ctx->buflen);
   157         }
   158 
   159       buffer = (const char *) buffer + add;
   160       len -= add;
   161     }
   162 
   163   /* Process available complete blocks.  */
   164   if (len >= 64)
   165     {
   166 #if !(_STRING_ARCH_unaligned || _STRING_INLINE_unaligned)
   167 # define UNALIGNED_P(p) ((uintptr_t) (p) % alignof (uint32_t) != 0)
   168       if (UNALIGNED_P (buffer))
   169         while (len > 64)
   170           {
   171             sha1_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
   172             buffer = (const char *) buffer + 64;
   173             len -= 64;
   174           }
   175       else
   176 #endif
   177         {
   178           sha1_process_block (buffer, len & ~63, ctx);
   179           buffer = (const char *) buffer + (len & ~63);
   180           len &= 63;
   181         }
   182     }
   183 
   184   /* Move remaining bytes in internal buffer.  */
   185   if (len > 0)
   186     {
   187       size_t left_over = ctx->buflen;
   188 
   189       memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
   190       left_over += len;
   191       if (left_over >= 64)
   192         {
   193           sha1_process_block (ctx->buffer, 64, ctx);
   194           left_over -= 64;
   195           /* The regions in the following copy operation cannot overlap,
   196              because left_over ≤ 64.  */
   197           memcpy (ctx->buffer, &ctx->buffer[16], left_over);
   198         }
   199       ctx->buflen = left_over;
   200     }
   201 }
   202 
   203 /* --- Code below is the primary difference between md5.c and sha1.c --- */
   204 
   205 /* SHA1 round constants */
   206 #define K1 0x5a827999
   207 #define K2 0x6ed9eba1
   208 #define K3 0x8f1bbcdc
   209 #define K4 0xca62c1d6
   210 
   211 /* Round functions.  Note that F2 is the same as F4.  */
   212 #define F1(B,C,D) ( D ^ ( B & ( C ^ D ) ) )
   213 #define F2(B,C,D) (B ^ C ^ D)
   214 #define F3(B,C,D) ( ( B & C ) | ( D & ( B | C ) ) )
   215 #define F4(B,C,D) (B ^ C ^ D)
   216 
   217 /* Process LEN bytes of BUFFER, accumulating context into CTX.
   218    It is assumed that LEN % 64 == 0.
   219    Most of this code comes from GnuPG's cipher/sha1.c.  */
   220 
   221 void
   222 sha1_process_block (const void *buffer, size_t len, struct sha1_ctx *ctx)
   223 {
   224   const uint32_t *words = buffer;
   225   size_t nwords = len / sizeof (uint32_t);
   226   const uint32_t *endp = words + nwords;
   227   uint32_t x[16];
   228   uint32_t a = ctx->A;
   229   uint32_t b = ctx->B;
   230   uint32_t c = ctx->C;
   231   uint32_t d = ctx->D;
   232   uint32_t e = ctx->E;
   233   uint32_t lolen = len;
   234 
   235   /* First increment the byte count.  RFC 1321 specifies the possible
   236      length of the file up to 2^64 bits.  Here we only compute the
   237      number of bytes.  Do a double word increment.  */
   238   ctx->total[0] += lolen;
   239   ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen);
   240 
   241 #define rol(x, n) (((x) << (n)) | ((uint32_t) (x) >> (32 - (n))))
   242 
   243 #define M(I) ( tm =   x[I&0x0f] ^ x[(I-14)&0x0f] \
   244                     ^ x[(I-8)&0x0f] ^ x[(I-3)&0x0f] \
   245                , (x[I&0x0f] = rol(tm, 1)) )
   246 
   247 #define R(A,B,C,D,E,F,K,M)  do { E += rol( A, 5 )     \
   248                                       + F( B, C, D )  \
   249                                       + K             \
   250                                       + M;            \
   251                                  B = rol( B, 30 );    \
   252                                } while(0)
   253 
   254   while (words < endp)
   255     {
   256       uint32_t tm;
   257       int t;
   258       for (t = 0; t < 16; t++)
   259         {
   260           x[t] = SWAP (*words);
   261           words++;
   262         }
   263 
   264       R( a, b, c, d, e, F1, K1, x[ 0] );
   265       R( e, a, b, c, d, F1, K1, x[ 1] );
   266       R( d, e, a, b, c, F1, K1, x[ 2] );
   267       R( c, d, e, a, b, F1, K1, x[ 3] );
   268       R( b, c, d, e, a, F1, K1, x[ 4] );
   269       R( a, b, c, d, e, F1, K1, x[ 5] );
   270       R( e, a, b, c, d, F1, K1, x[ 6] );
   271       R( d, e, a, b, c, F1, K1, x[ 7] );
   272       R( c, d, e, a, b, F1, K1, x[ 8] );
   273       R( b, c, d, e, a, F1, K1, x[ 9] );
   274       R( a, b, c, d, e, F1, K1, x[10] );
   275       R( e, a, b, c, d, F1, K1, x[11] );
   276       R( d, e, a, b, c, F1, K1, x[12] );
   277       R( c, d, e, a, b, F1, K1, x[13] );
   278       R( b, c, d, e, a, F1, K1, x[14] );
   279       R( a, b, c, d, e, F1, K1, x[15] );
   280       R( e, a, b, c, d, F1, K1, M(16) );
   281       R( d, e, a, b, c, F1, K1, M(17) );
   282       R( c, d, e, a, b, F1, K1, M(18) );
   283       R( b, c, d, e, a, F1, K1, M(19) );
   284       R( a, b, c, d, e, F2, K2, M(20) );
   285       R( e, a, b, c, d, F2, K2, M(21) );
   286       R( d, e, a, b, c, F2, K2, M(22) );
   287       R( c, d, e, a, b, F2, K2, M(23) );
   288       R( b, c, d, e, a, F2, K2, M(24) );
   289       R( a, b, c, d, e, F2, K2, M(25) );
   290       R( e, a, b, c, d, F2, K2, M(26) );
   291       R( d, e, a, b, c, F2, K2, M(27) );
   292       R( c, d, e, a, b, F2, K2, M(28) );
   293       R( b, c, d, e, a, F2, K2, M(29) );
   294       R( a, b, c, d, e, F2, K2, M(30) );
   295       R( e, a, b, c, d, F2, K2, M(31) );
   296       R( d, e, a, b, c, F2, K2, M(32) );
   297       R( c, d, e, a, b, F2, K2, M(33) );
   298       R( b, c, d, e, a, F2, K2, M(34) );
   299       R( a, b, c, d, e, F2, K2, M(35) );
   300       R( e, a, b, c, d, F2, K2, M(36) );
   301       R( d, e, a, b, c, F2, K2, M(37) );
   302       R( c, d, e, a, b, F2, K2, M(38) );
   303       R( b, c, d, e, a, F2, K2, M(39) );
   304       R( a, b, c, d, e, F3, K3, M(40) );
   305       R( e, a, b, c, d, F3, K3, M(41) );
   306       R( d, e, a, b, c, F3, K3, M(42) );
   307       R( c, d, e, a, b, F3, K3, M(43) );
   308       R( b, c, d, e, a, F3, K3, M(44) );
   309       R( a, b, c, d, e, F3, K3, M(45) );
   310       R( e, a, b, c, d, F3, K3, M(46) );
   311       R( d, e, a, b, c, F3, K3, M(47) );
   312       R( c, d, e, a, b, F3, K3, M(48) );
   313       R( b, c, d, e, a, F3, K3, M(49) );
   314       R( a, b, c, d, e, F3, K3, M(50) );
   315       R( e, a, b, c, d, F3, K3, M(51) );
   316       R( d, e, a, b, c, F3, K3, M(52) );
   317       R( c, d, e, a, b, F3, K3, M(53) );
   318       R( b, c, d, e, a, F3, K3, M(54) );
   319       R( a, b, c, d, e, F3, K3, M(55) );
   320       R( e, a, b, c, d, F3, K3, M(56) );
   321       R( d, e, a, b, c, F3, K3, M(57) );
   322       R( c, d, e, a, b, F3, K3, M(58) );
   323       R( b, c, d, e, a, F3, K3, M(59) );
   324       R( a, b, c, d, e, F4, K4, M(60) );
   325       R( e, a, b, c, d, F4, K4, M(61) );
   326       R( d, e, a, b, c, F4, K4, M(62) );
   327       R( c, d, e, a, b, F4, K4, M(63) );
   328       R( b, c, d, e, a, F4, K4, M(64) );
   329       R( a, b, c, d, e, F4, K4, M(65) );
   330       R( e, a, b, c, d, F4, K4, M(66) );
   331       R( d, e, a, b, c, F4, K4, M(67) );
   332       R( c, d, e, a, b, F4, K4, M(68) );
   333       R( b, c, d, e, a, F4, K4, M(69) );
   334       R( a, b, c, d, e, F4, K4, M(70) );
   335       R( e, a, b, c, d, F4, K4, M(71) );
   336       R( d, e, a, b, c, F4, K4, M(72) );
   337       R( c, d, e, a, b, F4, K4, M(73) );
   338       R( b, c, d, e, a, F4, K4, M(74) );
   339       R( a, b, c, d, e, F4, K4, M(75) );
   340       R( e, a, b, c, d, F4, K4, M(76) );
   341       R( d, e, a, b, c, F4, K4, M(77) );
   342       R( c, d, e, a, b, F4, K4, M(78) );
   343       R( b, c, d, e, a, F4, K4, M(79) );
   344 
   345       a = ctx->A += a;
   346       b = ctx->B += b;
   347       c = ctx->C += c;
   348       d = ctx->D += d;
   349       e = ctx->E += e;
   350     }
   351 }
   352 
   353 #endif
   354 
   355 /*
   356  * Hey Emacs!
   357  * Local Variables:
   358  * coding: utf-8
   359  * End:
   360  */