1 /*********************************************************************** 2 * * 3 * This software is part of the ast package * 4 * Copyright (c) 1996-2008 AT&T Intellectual Property * 5 * and is licensed under the * 6 * Common Public License, Version 1.0 * 7 * by AT&T Intellectual Property * 8 * * 9 * A copy of the License is available at * 10 * http://www.opensource.org/licenses/cpl1.0.txt * 11 * (with md5 checksum 059e8cd6165cb4c31e351f2b69388fd9) * 12 * * 13 * Information and Software Systems Research * 14 * AT&T Research * 15 * Florham Park NJ * 16 * * 17 * Glenn Fowler <gsf@research.att.com> * 18 * * 19 ***********************************************************************/ 20 #pragma prototyped 21 22 /* 23 * SHA-1 in C 24 * By Steve Reid <steve@edmweb.com> 25 * 100% Public Domain 26 * 27 * Test Vectors (from FIPS PUB 180-1) 28 * "abc" 29 * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D 30 * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" 31 * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 32 * A million repetitions of "a" 33 * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F 34 */ 35 36 #define sha1_description "FIPS 180-1 SHA-1 secure hash algorithm 1." 37 #define sha1_options "[+(version)?sha1 (FIPS 180-1) 1996-09-26]\ 38 [+(author)?Steve Reid <steve@edmweb.com>]" 39 #define sha1_match "sha1|SHA1|sha-1|SHA-1" 40 #define sha1_scale 0 41 42 #define sha1_padding md5_pad 43 44 typedef struct Sha1_s 45 { 46 _SUM_PUBLIC_ 47 _SUM_PRIVATE_ 48 uint32_t count[2]; 49 uint32_t state[5]; 50 uint8_t buffer[64]; 51 uint8_t digest[20]; 52 uint8_t digest_sum[20]; 53 } Sha1_t; 54 55 #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) 56 57 /* 58 * blk0() and blk() perform the initial expand. 59 * I got the idea of expanding during the round function from SSLeay 60 */ 61 #if _ast_intswap 62 # define blk0(i) \ 63 (block->l[i] = (rol(block->l[i], 24) & 0xFF00FF00) \ 64 | (rol(block->l[i], 8) & 0x00FF00FF)) 65 #else 66 # define blk0(i) block->l[i] 67 #endif 68 #define blk(i) \ 69 (block->l[i & 15] = rol(block->l[(i + 13) & 15] \ 70 ^ block->l[(i + 8) & 15] \ 71 ^ block->l[(i + 2) & 15] \ 72 ^ block->l[i & 15], 1)) 73 74 /* 75 * (R0+R1), R2, R3, R4 are the different operations (rounds) used in SHA1 76 */ 77 #define R0(v,w,x,y,z,i) \ 78 z += ((w & (x ^ y)) ^ y) + blk0(i) + 0x5A827999 + rol(v, 5); \ 79 w = rol(w, 30); 80 #define R1(v,w,x,y,z,i) \ 81 z += ((w & (x ^ y)) ^ y) + blk(i) + 0x5A827999 + rol(v, 5); \ 82 w = rol(w, 30); 83 #define R2(v,w,x,y,z,i) \ 84 z += (w ^ x ^ y) + blk(i) + 0x6ED9EBA1 + rol(v, 5); \ 85 w = rol(w, 30); 86 #define R3(v,w,x,y,z,i) \ 87 z += (((w | x) & y) | (w & x)) + blk(i) + 0x8F1BBCDC + rol(v, 5); \ 88 w = rol(w, 30); 89 #define R4(v,w,x,y,z,i) \ 90 z += (w ^ x ^ y) + blk(i) + 0xCA62C1D6 + rol(v, 5); \ 91 w = rol(w, 30); 92 93 typedef union { 94 unsigned char c[64]; 95 unsigned int l[16]; 96 } CHAR64LONG16; 97 98 #ifdef __sparc_v9__ 99 static void do_R01(uint32_t *a, uint32_t *b, uint32_t *c, 100 uint32_t *d, uint32_t *e, CHAR64LONG16 *); 101 static void do_R2(uint32_t *a, uint32_t *b, uint32_t *c, 102 uint32_t *d, uint32_t *e, CHAR64LONG16 *); 103 static void do_R3(uint32_t *a, uint32_t *b, uint32_t *c, 104 uint32_t *d, uint32_t *e, CHAR64LONG16 *); 105 static void do_R4(uint32_t *a, uint32_t *b, uint32_t *c, 106 uint32_t *d, uint32_t *e, CHAR64LONG16 *); 107 108 #define nR0(v,w,x,y,z,i) R0(*v,*w,*x,*y,*z,i) 109 #define nR1(v,w,x,y,z,i) R1(*v,*w,*x,*y,*z,i) 110 #define nR2(v,w,x,y,z,i) R2(*v,*w,*x,*y,*z,i) 111 #define nR3(v,w,x,y,z,i) R3(*v,*w,*x,*y,*z,i) 112 #define nR4(v,w,x,y,z,i) R4(*v,*w,*x,*y,*z,i) 113 114 static void 115 do_R01(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, 116 uint32_t *e, CHAR64LONG16 *block) 117 { 118 nR0(a,b,c,d,e, 0); nR0(e,a,b,c,d, 1); nR0(d,e,a,b,c, 2); 119 nR0(c,d,e,a,b, 3); nR0(b,c,d,e,a, 4); nR0(a,b,c,d,e, 5); 120 nR0(e,a,b,c,d, 6); nR0(d,e,a,b,c, 7); nR0(c,d,e,a,b, 8); 121 nR0(b,c,d,e,a, 9); nR0(a,b,c,d,e,10); nR0(e,a,b,c,d,11); 122 nR0(d,e,a,b,c,12); nR0(c,d,e,a,b,13); nR0(b,c,d,e,a,14); 123 nR0(a,b,c,d,e,15); nR1(e,a,b,c,d,16); nR1(d,e,a,b,c,17); 124 nR1(c,d,e,a,b,18); nR1(b,c,d,e,a,19); 125 } 126 127 static void 128 do_R2(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, 129 uint32_t *e, CHAR64LONG16 *block) 130 { 131 nR2(a,b,c,d,e,20); nR2(e,a,b,c,d,21); nR2(d,e,a,b,c,22); 132 nR2(c,d,e,a,b,23); nR2(b,c,d,e,a,24); nR2(a,b,c,d,e,25); 133 nR2(e,a,b,c,d,26); nR2(d,e,a,b,c,27); nR2(c,d,e,a,b,28); 134 nR2(b,c,d,e,a,29); nR2(a,b,c,d,e,30); nR2(e,a,b,c,d,31); 135 nR2(d,e,a,b,c,32); nR2(c,d,e,a,b,33); nR2(b,c,d,e,a,34); 136 nR2(a,b,c,d,e,35); nR2(e,a,b,c,d,36); nR2(d,e,a,b,c,37); 137 nR2(c,d,e,a,b,38); nR2(b,c,d,e,a,39); 138 } 139 140 static void 141 do_R3(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, 142 uint32_t *e, CHAR64LONG16 *block) 143 { 144 nR3(a,b,c,d,e,40); nR3(e,a,b,c,d,41); nR3(d,e,a,b,c,42); 145 nR3(c,d,e,a,b,43); nR3(b,c,d,e,a,44); nR3(a,b,c,d,e,45); 146 nR3(e,a,b,c,d,46); nR3(d,e,a,b,c,47); nR3(c,d,e,a,b,48); 147 nR3(b,c,d,e,a,49); nR3(a,b,c,d,e,50); nR3(e,a,b,c,d,51); 148 nR3(d,e,a,b,c,52); nR3(c,d,e,a,b,53); nR3(b,c,d,e,a,54); 149 nR3(a,b,c,d,e,55); nR3(e,a,b,c,d,56); nR3(d,e,a,b,c,57); 150 nR3(c,d,e,a,b,58); nR3(b,c,d,e,a,59); 151 } 152 153 static void 154 do_R4(uint32_t *a, uint32_t *b, uint32_t *c, uint32_t *d, 155 uint32_t *e, CHAR64LONG16 *block) 156 { 157 nR4(a,b,c,d,e,60); nR4(e,a,b,c,d,61); nR4(d,e,a,b,c,62); 158 nR4(c,d,e,a,b,63); nR4(b,c,d,e,a,64); nR4(a,b,c,d,e,65); 159 nR4(e,a,b,c,d,66); nR4(d,e,a,b,c,67); nR4(c,d,e,a,b,68); 160 nR4(b,c,d,e,a,69); nR4(a,b,c,d,e,70); nR4(e,a,b,c,d,71); 161 nR4(d,e,a,b,c,72); nR4(c,d,e,a,b,73); nR4(b,c,d,e,a,74); 162 nR4(a,b,c,d,e,75); nR4(e,a,b,c,d,76); nR4(d,e,a,b,c,77); 163 nR4(c,d,e,a,b,78); nR4(b,c,d,e,a,79); 164 } 165 #endif 166 167 /* 168 * Hash a single 512-bit block. This is the core of the algorithm. 169 */ 170 static void 171 sha1_transform(uint32_t state[5], const unsigned char buffer[64]) { 172 uint32_t a, b, c, d, e; 173 CHAR64LONG16 *block; 174 CHAR64LONG16 workspace; 175 176 block = &workspace; 177 (void)memcpy(block, buffer, 64); 178 179 /* Copy sha->state[] to working vars */ 180 a = state[0]; 181 b = state[1]; 182 c = state[2]; 183 d = state[3]; 184 e = state[4]; 185 186 #ifdef __sparc_v9__ 187 do_R01(&a, &b, &c, &d, &e, block); 188 do_R2(&a, &b, &c, &d, &e, block); 189 do_R3(&a, &b, &c, &d, &e, block); 190 do_R4(&a, &b, &c, &d, &e, block); 191 #else 192 /* 4 rounds of 20 operations each. Loop unrolled. */ 193 R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); 194 R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); 195 R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); 196 R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); 197 R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); 198 R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); 199 R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); 200 R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); 201 R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); 202 R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); 203 R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); 204 R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); 205 R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); 206 R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); 207 R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); 208 R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); 209 R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); 210 R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); 211 R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); 212 R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); 213 #endif 214 215 /* Add the working vars back into context.state[] */ 216 state[0] += a; 217 state[1] += b; 218 state[2] += c; 219 state[3] += d; 220 state[4] += e; 221 222 /* Wipe variables */ 223 a = b = c = d = e = 0; 224 } 225 226 static int 227 sha1_block(register Sum_t* p, const void* s, size_t len) 228 { 229 Sha1_t* sha = (Sha1_t*)p; 230 uint8_t* data = (uint8_t*)s; 231 unsigned int i, j; 232 233 if (len) { 234 j = sha->count[0]; 235 if ((sha->count[0] += len << 3) < j) 236 sha->count[1] += (len >> 29) + 1; 237 j = (j >> 3) & 63; 238 if ((j + len) > 63) { 239 (void)memcpy(&sha->buffer[j], data, (i = 64 - j)); 240 sha1_transform(sha->state, sha->buffer); 241 for ( ; i + 63 < len; i += 64) 242 sha1_transform(sha->state, &data[i]); 243 j = 0; 244 } else { 245 i = 0; 246 } 247 248 (void)memcpy(&sha->buffer[j], &data[i], len - i); 249 } 250 return 0; 251 } 252 253 static int 254 sha1_init(Sum_t* p) 255 { 256 register Sha1_t* sha = (Sha1_t*)p; 257 258 sha->count[0] = sha->count[1] = 0; 259 sha->state[0] = 0x67452301; 260 sha->state[1] = 0xEFCDAB89; 261 sha->state[2] = 0x98BADCFE; 262 sha->state[3] = 0x10325476; 263 sha->state[4] = 0xC3D2E1F0; 264 265 return 0; 266 } 267 268 static Sum_t* 269 sha1_open(const Method_t* method, const char* name) 270 { 271 Sha1_t* sha; 272 273 if (sha = newof(0, Sha1_t, 1, 0)) 274 { 275 sha->method = (Method_t*)method; 276 sha->name = name; 277 sha1_init((Sum_t*)sha); 278 } 279 return (Sum_t*)sha; 280 } 281 282 /* 283 * Add padding and return the message digest. 284 */ 285 286 static const unsigned char final_200 = 128; 287 static const unsigned char final_0 = 0; 288 289 static int 290 sha1_done(Sum_t* p) 291 { 292 Sha1_t* sha = (Sha1_t*)p; 293 unsigned int i; 294 unsigned char finalcount[8]; 295 296 for (i = 0; i < 8; i++) { 297 /* Endian independent */ 298 finalcount[i] = (unsigned char) 299 ((sha->count[(i >= 4 ? 0 : 1)] 300 >> ((3 - (i & 3)) * 8)) & 255); 301 } 302 303 sha1_block(p, &final_200, 1); 304 while ((sha->count[0] & 504) != 448) 305 sha1_block(p, &final_0, 1); 306 /* The next Update should cause a sha1_transform() */ 307 sha1_block(p, finalcount, 8); 308 309 for (i = 0; i < elementsof(sha->digest); i++) 310 { 311 sha->digest[i] = (unsigned char)((sha->state[i >> 2] >> ((3 - (i & 3)) * 8)) & 255); 312 sha->digest_sum[i] ^= sha->digest[i]; 313 } 314 memset(sha->count, 0, sizeof(sha->count)); 315 memset(sha->state, 0, sizeof(sha->state)); 316 memset(sha->buffer, 0, sizeof(sha->buffer)); 317 return 0; 318 } 319 320 static int 321 sha1_print(Sum_t* p, Sfio_t* sp, register int flags, size_t scale) 322 { 323 register Sha1_t* sha = (Sha1_t*)p; 324 register unsigned char* d; 325 register int n; 326 327 d = (flags & SUM_TOTAL) ? sha->digest_sum : sha->digest; 328 for (n = 0; n < elementsof(sha->digest); n++) 329 sfprintf(sp, "%02x", d[n]); 330 return 0; 331 } 332 333 static int 334 sha1_data(Sum_t* p, Sumdata_t* data) 335 { 336 register Sha1_t* sha = (Sha1_t*)p; 337 338 data->size = elementsof(sha->digest); 339 data->num = 0; 340 data->buf = sha->digest; 341 return 0; 342 } 343