1/* 2 * Copyright (c) 1995 - 2001 Kungliga Tekniska H��gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#include "config.h" 35 36#include "hash.h" 37#include "sha.h" 38 39#define A m->counter[0] 40#define B m->counter[1] 41#define C m->counter[2] 42#define D m->counter[3] 43#define E m->counter[4] 44#define X data 45 46void 47SHA1_Init (struct sha *m) 48{ 49 m->sz[0] = 0; 50 m->sz[1] = 0; 51 A = 0x67452301; 52 B = 0xefcdab89; 53 C = 0x98badcfe; 54 D = 0x10325476; 55 E = 0xc3d2e1f0; 56} 57 58 59#define F0(x,y,z) CRAYFIX((x & y) | (~x & z)) 60#define F1(x,y,z) (x ^ y ^ z) 61#define F2(x,y,z) ((x & y) | (x & z) | (y & z)) 62#define F3(x,y,z) F1(x,y,z) 63 64#define K0 0x5a827999 65#define K1 0x6ed9eba1 66#define K2 0x8f1bbcdc 67#define K3 0xca62c1d6 68 69#define DO(t,f,k) \ 70do { \ 71 uint32_t temp; \ 72 \ 73 temp = cshift(AA, 5) + f(BB,CC,DD) + EE + data[t] + k; \ 74 EE = DD; \ 75 DD = CC; \ 76 CC = cshift(BB, 30); \ 77 BB = AA; \ 78 AA = temp; \ 79} while(0) 80 81static inline void 82calc (struct sha *m, uint32_t *in) 83{ 84 uint32_t AA, BB, CC, DD, EE; 85 uint32_t data[80]; 86 int i; 87 88 AA = A; 89 BB = B; 90 CC = C; 91 DD = D; 92 EE = E; 93 94 for (i = 0; i < 16; ++i) 95 data[i] = in[i]; 96 for (i = 16; i < 80; ++i) 97 data[i] = cshift(data[i-3] ^ data[i-8] ^ data[i-14] ^ data[i-16], 1); 98 99 /* t=[0,19] */ 100 101 DO(0,F0,K0); 102 DO(1,F0,K0); 103 DO(2,F0,K0); 104 DO(3,F0,K0); 105 DO(4,F0,K0); 106 DO(5,F0,K0); 107 DO(6,F0,K0); 108 DO(7,F0,K0); 109 DO(8,F0,K0); 110 DO(9,F0,K0); 111 DO(10,F0,K0); 112 DO(11,F0,K0); 113 DO(12,F0,K0); 114 DO(13,F0,K0); 115 DO(14,F0,K0); 116 DO(15,F0,K0); 117 DO(16,F0,K0); 118 DO(17,F0,K0); 119 DO(18,F0,K0); 120 DO(19,F0,K0); 121 122 /* t=[20,39] */ 123 124 DO(20,F1,K1); 125 DO(21,F1,K1); 126 DO(22,F1,K1); 127 DO(23,F1,K1); 128 DO(24,F1,K1); 129 DO(25,F1,K1); 130 DO(26,F1,K1); 131 DO(27,F1,K1); 132 DO(28,F1,K1); 133 DO(29,F1,K1); 134 DO(30,F1,K1); 135 DO(31,F1,K1); 136 DO(32,F1,K1); 137 DO(33,F1,K1); 138 DO(34,F1,K1); 139 DO(35,F1,K1); 140 DO(36,F1,K1); 141 DO(37,F1,K1); 142 DO(38,F1,K1); 143 DO(39,F1,K1); 144 145 /* t=[40,59] */ 146 147 DO(40,F2,K2); 148 DO(41,F2,K2); 149 DO(42,F2,K2); 150 DO(43,F2,K2); 151 DO(44,F2,K2); 152 DO(45,F2,K2); 153 DO(46,F2,K2); 154 DO(47,F2,K2); 155 DO(48,F2,K2); 156 DO(49,F2,K2); 157 DO(50,F2,K2); 158 DO(51,F2,K2); 159 DO(52,F2,K2); 160 DO(53,F2,K2); 161 DO(54,F2,K2); 162 DO(55,F2,K2); 163 DO(56,F2,K2); 164 DO(57,F2,K2); 165 DO(58,F2,K2); 166 DO(59,F2,K2); 167 168 /* t=[60,79] */ 169 170 DO(60,F3,K3); 171 DO(61,F3,K3); 172 DO(62,F3,K3); 173 DO(63,F3,K3); 174 DO(64,F3,K3); 175 DO(65,F3,K3); 176 DO(66,F3,K3); 177 DO(67,F3,K3); 178 DO(68,F3,K3); 179 DO(69,F3,K3); 180 DO(70,F3,K3); 181 DO(71,F3,K3); 182 DO(72,F3,K3); 183 DO(73,F3,K3); 184 DO(74,F3,K3); 185 DO(75,F3,K3); 186 DO(76,F3,K3); 187 DO(77,F3,K3); 188 DO(78,F3,K3); 189 DO(79,F3,K3); 190 191 A += AA; 192 B += BB; 193 C += CC; 194 D += DD; 195 E += EE; 196} 197 198/* 199 * From `Performance analysis of MD5' by Joseph D. Touch <touch@isi.edu> 200 */ 201 202#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) 203static inline uint32_t 204swap_uint32_t (uint32_t t) 205{ 206#define ROL(x,n) ((x)<<(n))|((x)>>(32-(n))) 207 uint32_t temp1, temp2; 208 209 temp1 = cshift(t, 16); 210 temp2 = temp1 >> 8; 211 temp1 &= 0x00ff00ff; 212 temp2 &= 0x00ff00ff; 213 temp1 <<= 8; 214 return temp1 | temp2; 215} 216#endif 217 218struct x32{ 219 unsigned int a:32; 220 unsigned int b:32; 221}; 222 223void 224SHA1_Update (struct sha *m, const void *v, size_t len) 225{ 226 const unsigned char *p = v; 227 size_t old_sz = m->sz[0]; 228 size_t offset; 229 230 m->sz[0] += len * 8; 231 if (m->sz[0] < old_sz) 232 ++m->sz[1]; 233 offset = (old_sz / 8) % 64; 234 while(len > 0){ 235 size_t l = min(len, 64 - offset); 236 memcpy(m->save + offset, p, l); 237 offset += l; 238 p += l; 239 len -= l; 240 if(offset == 64){ 241#if !defined(WORDS_BIGENDIAN) || defined(_CRAY) 242 int i; 243 uint32_t current[16]; 244 struct x32 *u = (struct x32*)m->save; 245 for(i = 0; i < 8; i++){ 246 current[2*i+0] = swap_uint32_t(u[i].a); 247 current[2*i+1] = swap_uint32_t(u[i].b); 248 } 249 calc(m, current); 250#else 251 calc(m, (uint32_t*)m->save); 252#endif 253 offset = 0; 254 } 255 } 256} 257 258void 259SHA1_Final (void *res, struct sha *m) 260{ 261 unsigned char zeros[72]; 262 unsigned offset = (m->sz[0] / 8) % 64; 263 unsigned int dstart = (120 - offset - 1) % 64 + 1; 264 265 *zeros = 0x80; 266 memset (zeros + 1, 0, sizeof(zeros) - 1); 267 zeros[dstart+7] = (m->sz[0] >> 0) & 0xff; 268 zeros[dstart+6] = (m->sz[0] >> 8) & 0xff; 269 zeros[dstart+5] = (m->sz[0] >> 16) & 0xff; 270 zeros[dstart+4] = (m->sz[0] >> 24) & 0xff; 271 zeros[dstart+3] = (m->sz[1] >> 0) & 0xff; 272 zeros[dstart+2] = (m->sz[1] >> 8) & 0xff; 273 zeros[dstart+1] = (m->sz[1] >> 16) & 0xff; 274 zeros[dstart+0] = (m->sz[1] >> 24) & 0xff; 275 SHA1_Update (m, zeros, dstart + 8); 276 { 277 int i; 278 unsigned char *r = (unsigned char*)res; 279 280 for (i = 0; i < 5; ++i) { 281 r[4*i+3] = m->counter[i] & 0xFF; 282 r[4*i+2] = (m->counter[i] >> 8) & 0xFF; 283 r[4*i+1] = (m->counter[i] >> 16) & 0xFF; 284 r[4*i] = (m->counter[i] >> 24) & 0xFF; 285 } 286 } 287#if 0 288 { 289 int i; 290 uint32_t *r = (uint32_t *)res; 291 292 for (i = 0; i < 5; ++i) 293 r[i] = swap_uint32_t (m->counter[i]); 294 } 295#endif 296} 297