trunk/Gnupg/sha1.c

/* sha1.c - SHA1 hash function
 *      Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
 *
 * Please see below for more legal information!
 *
 * This file is part of GnuPG.
 *
 * GnuPG is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * GnuPG is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */


/*  Test vectors:
 *
 *  "abc"
 *  A999 3E36 4706 816A BA3E  2571 7850 C26C 9CD0 D89D
 *
 *  "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
 *  8498 3E44 1C3B D26E BAAE  4AA1 F951 29E5 E546 70F1
 */


#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>

#include "md.h"

static void
burn_stack (int bytes)
{
    char buf[128];
    
    memset(buf, 0, sizeof buf);
    bytes -= sizeof buf;
    if (bytes > 0)
        burn_stack (bytes);
}


void
sha1_init( SHA1_CONTEXT *hd )
{
    hd->h0 = 0x67452301;
    hd->h1 = 0xefcdab89;
    hd->h2 = 0x98badcfe;
    hd->h3 = 0x10325476;
    hd->h4 = 0xc3d2e1f0;
    hd->nblocks = 0;
    hd->count = 0;
}


/****************
 * Transform the message X which consists of 16 32-bit-words
 */
static void
transform( SHA1_CONTEXT *hd, unsigned char *data )
{
    unsigned long a,b,c,d,e,tm;
    unsigned long x[16];

    /* get values from the chaining vars */
    a = hd->h0;
    b = hd->h1;
    c = hd->h2;
    d = hd->h3;
    e = hd->h4;

  #ifdef BIG_ENDIAN_HOST
    memcpy( x, data, 64 );
  #else
    { int i;
      unsigned char *p2;
      for(i=0, p2=(unsigned char*)x; i < 16; i++, p2 += 4 ) {
        p2[3] = *data++;
        p2[2] = *data++;
        p2[1] = *data++;
        p2[0] = *data++;
      }
    }
  #endif


#define K1  0x5A827999L
#define K2  0x6ED9EBA1L
#define K3  0x8F1BBCDCL
#define K4  0xCA62C1D6L
#define F1(x,y,z)   ( z ^ ( x & ( y ^ z ) ) )
#define F2(x,y,z)   ( x ^ y ^ z )
#define F3(x,y,z)   ( ( x & y ) | ( z & ( x | y ) ) )
#define F4(x,y,z)   ( x ^ y ^ z )


#define M(i) ( tm =   x[i&0x0f] ^ x[(i-14)&0x0f] \
                    ^ x[(i-8)&0x0f] ^ x[(i-3)&0x0f] \
               , (x[i&0x0f] = rol(tm,1)) )

#define R(a,b,c,d,e,f,k,m)  do { e += rol( a, 5 )     \
                                      + f( b, c, d )  \
                                      + k             \
                                      + m;            \
                                 b = rol( b, 30 );    \
                               } while(0)
    R( a, b, c, d, e, F1, K1, x[ 0] );
    R( e, a, b, c, d, F1, K1, x[ 1] );
    R( d, e, a, b, c, F1, K1, x[ 2] );
    R( c, d, e, a, b, F1, K1, x[ 3] );
    R( b, c, d, e, a, F1, K1, x[ 4] );
    R( a, b, c, d, e, F1, K1, x[ 5] );
    R( e, a, b, c, d, F1, K1, x[ 6] );
    R( d, e, a, b, c, F1, K1, x[ 7] );
    R( c, d, e, a, b, F1, K1, x[ 8] );
    R( b, c, d, e, a, F1, K1, x[ 9] );
    R( a, b, c, d, e, F1, K1, x[10] );
    R( e, a, b, c, d, F1, K1, x[11] );
    R( d, e, a, b, c, F1, K1, x[12] );
    R( c, d, e, a, b, F1, K1, x[13] );
    R( b, c, d, e, a, F1, K1, x[14] );
    R( a, b, c, d, e, F1, K1, x[15] );
    R( e, a, b, c, d, F1, K1, M(16) );
    R( d, e, a, b, c, F1, K1, M(17) );
    R( c, d, e, a, b, F1, K1, M(18) );
    R( b, c, d, e, a, F1, K1, M(19) );
    R( a, b, c, d, e, F2, K2, M(20) );
    R( e, a, b, c, d, F2, K2, M(21) );
    R( d, e, a, b, c, F2, K2, M(22) );
    R( c, d, e, a, b, F2, K2, M(23) );
    R( b, c, d, e, a, F2, K2, M(24) );
    R( a, b, c, d, e, F2, K2, M(25) );
    R( e, a, b, c, d, F2, K2, M(26) );
    R( d, e, a, b, c, F2, K2, M(27) );
    R( c, d, e, a, b, F2, K2, M(28) );
    R( b, c, d, e, a, F2, K2, M(29) );
    R( a, b, c, d, e, F2, K2, M(30) );
    R( e, a, b, c, d, F2, K2, M(31) );
    R( d, e, a, b, c, F2, K2, M(32) );
    R( c, d, e, a, b, F2, K2, M(33) );
    R( b, c, d, e, a, F2, K2, M(34) );
    R( a, b, c, d, e, F2, K2, M(35) );
    R( e, a, b, c, d, F2, K2, M(36) );
    R( d, e, a, b, c, F2, K2, M(37) );
    R( c, d, e, a, b, F2, K2, M(38) );
    R( b, c, d, e, a, F2, K2, M(39) );
    R( a, b, c, d, e, F3, K3, M(40) );
    R( e, a, b, c, d, F3, K3, M(41) );
    R( d, e, a, b, c, F3, K3, M(42) );
    R( c, d, e, a, b, F3, K3, M(43) );
    R( b, c, d, e, a, F3, K3, M(44) );
    R( a, b, c, d, e, F3, K3, M(45) );
    R( e, a, b, c, d, F3, K3, M(46) );
    R( d, e, a, b, c, F3, K3, M(47) );
    R( c, d, e, a, b, F3, K3, M(48) );
    R( b, c, d, e, a, F3, K3, M(49) );
    R( a, b, c, d, e, F3, K3, M(50) );
    R( e, a, b, c, d, F3, K3, M(51) );
    R( d, e, a, b, c, F3, K3, M(52) );
    R( c, d, e, a, b, F3, K3, M(53) );
    R( b, c, d, e, a, F3, K3, M(54) );
    R( a, b, c, d, e, F3, K3, M(55) );
    R( e, a, b, c, d, F3, K3, M(56) );
    R( d, e, a, b, c, F3, K3, M(57) );
    R( c, d, e, a, b, F3, K3, M(58) );
    R( b, c, d, e, a, F3, K3, M(59) );
    R( a, b, c, d, e, F4, K4, M(60) );
    R( e, a, b, c, d, F4, K4, M(61) );
    R( d, e, a, b, c, F4, K4, M(62) );
    R( c, d, e, a, b, F4, K4, M(63) );
    R( b, c, d, e, a, F4, K4, M(64) );
    R( a, b, c, d, e, F4, K4, M(65) );
    R( e, a, b, c, d, F4, K4, M(66) );
    R( d, e, a, b, c, F4, K4, M(67) );
    R( c, d, e, a, b, F4, K4, M(68) );
    R( b, c, d, e, a, F4, K4, M(69) );
    R( a, b, c, d, e, F4, K4, M(70) );
    R( e, a, b, c, d, F4, K4, M(71) );
    R( d, e, a, b, c, F4, K4, M(72) );
    R( c, d, e, a, b, F4, K4, M(73) );
    R( b, c, d, e, a, F4, K4, M(74) );
    R( a, b, c, d, e, F4, K4, M(75) );
    R( e, a, b, c, d, F4, K4, M(76) );
    R( d, e, a, b, c, F4, K4, M(77) );
    R( c, d, e, a, b, F4, K4, M(78) );
    R( b, c, d, e, a, F4, K4, M(79) );

    /* update chainig vars */
    hd->h0 += a;
    hd->h1 += b;
    hd->h2 += c;
    hd->h3 += d;
    hd->h4 += e;
}


/* Update the message digest with the contents
 * of INBUF with length INLEN.
 */
 void
sha1_write( SHA1_CONTEXT *hd, unsigned char *inbuf, size_t inlen)
{
    if( hd->count == 64 ) { /* flush the buffer */
        transform( hd, hd->buf );
        burn_stack (88+4*sizeof(void*));
        hd->count = 0;
        hd->nblocks++;
    }
    if( !inbuf )
        return;
    if( hd->count ) {
        for( ; inlen && hd->count < 64; inlen-- )
            hd->buf[hd->count++] = *inbuf++;
        sha1_write( hd, NULL, 0 );
        if( !inlen )
            return;
    }

    while( inlen >= 64 ) {
        transform( hd, inbuf );
        hd->count = 0;
        hd->nblocks++;
        inlen -= 64;
        inbuf += 64;
    }
    burn_stack (88+4*sizeof(void*));
    for( ; inlen && hd->count < 64; inlen-- )
        hd->buf[hd->count++] = *inbuf++;
}


/* The routine final terminates the computation and
 * returns the digest.
 * The handle is prepared for a new cycle, but adding bytes to the
 * handle will the destroy the returned buffer.
 * Returns: 20 bytes representing the digest.
 */

 void
sha1_final(SHA1_CONTEXT *hd)
{
    unsigned long t, msb, lsb;
    unsigned char *p;

    sha1_write(hd, NULL, 0); /* flush */;

    t = hd->nblocks;
    /* multiply by 64 to make a byte count */
    lsb = t << 6;
    msb = t >> 26;
    /* add the count */
    t = lsb;
    if( (lsb += hd->count) < t )
        msb++;
    /* multiply by 8 to make a bit count */
    t = lsb;
    lsb <<= 3;
    msb <<= 3;
    msb |= t >> 29;

    if( hd->count < 56 ) { /* enough room */
        hd->buf[hd->count++] = 0x80; /* pad */
        while( hd->count < 56 )
            hd->buf[hd->count++] = 0;  /* pad */
    }
    else { /* need one extra block */
        hd->buf[hd->count++] = 0x80; /* pad character */
        while( hd->count < 64 )
            hd->buf[hd->count++] = 0;
        sha1_write(hd, NULL, 0);  /* flush */;
        memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
    }
    /* append the 64 bit count */
    hd->buf[56] = msb >> 24;
    hd->buf[57] = msb >> 16;
    hd->buf[58] = msb >>  8;
    hd->buf[59] = msb      ;
    hd->buf[60] = lsb >> 24;
    hd->buf[61] = lsb >> 16;
    hd->buf[62] = lsb >>  8;
    hd->buf[63] = lsb      ;
    transform( hd, hd->buf );
    burn_stack (88+4*sizeof(void*));

    p = hd->buf;
  #ifdef BIG_ENDIAN_HOST
    #define X(a) do { *(unsigned long*)p = hd->h##a ; p += 4; } while(0)
  #else /* little endian */
    #define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16;      \
                      *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)
  #endif
    X(0);
    X(1);
    X(2);
    X(3);
    X(4);
  #undef X

}

unsigned char *
sha1_read( SHA1_CONTEXT *hd )
{
    return hd->buf;
}

1	/* sha1.c - SHA1 hash function
2	* Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
3	*
4	* Please see below for more legal information!
5	*
6	* This file is part of GnuPG.
7	*
8	* GnuPG is free software; you can redistribute it and/or modify
9	* it under the terms of the GNU General Public License as published by
10	* the Free Software Foundation; either version 2 of the License, or
11	* (at your option) any later version.
12	*
13	* GnuPG is distributed in the hope that it will be useful,
14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16	* GNU General Public License for more details.
17	*
18	* You should have received a copy of the GNU General Public License
19	* along with this program; if not, write to the Free Software
20	* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
21	*/
22
23
24	/* Test vectors:
25	*
26	* "abc"
27	* A999 3E36 4706 816A BA3E 2571 7850 C26C 9CD0 D89D
28	*
29	* "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
30	* 8498 3E44 1C3B D26E BAAE 4AA1 F951 29E5 E546 70F1
31	*/
32
33
34	#include <stdio.h>
35	#include <stdlib.h>
36	#include <string.h>
37	#include <assert.h>
38
39	#include "md.h"
40
41	static void
42	burn_stack (int bytes)
43	{
44	char buf[128];
45
46	memset(buf, 0, sizeof buf);
47	bytes -= sizeof buf;
48	if (bytes > 0)
49	burn_stack (bytes);
50	}
51
52
53	void
54	sha1_init( SHA1_CONTEXT *hd )
55	{
56	hd->h0 = 0x67452301;
57	hd->h1 = 0xefcdab89;
58	hd->h2 = 0x98badcfe;
59	hd->h3 = 0x10325476;
60	hd->h4 = 0xc3d2e1f0;
61	hd->nblocks = 0;
62	hd->count = 0;
63	}
64
65
66	/****************
67	* Transform the message X which consists of 16 32-bit-words
68	*/
69	static void
70	transform( SHA1_CONTEXT hd, unsigned char data )
71	{
72	unsigned long a,b,c,d,e,tm;
73	unsigned long x[16];
74
75	/* get values from the chaining vars */
76	a = hd->h0;
77	b = hd->h1;
78	c = hd->h2;
79	d = hd->h3;
80	e = hd->h4;
81
82	#ifdef BIG_ENDIAN_HOST
83	memcpy( x, data, 64 );
84	#else
85	{ int i;
86	unsigned char *p2;
87	for(i=0, p2=(unsigned char*)x; i < 16; i++, p2 += 4 ) {
88	p2[3] = *data++;
89	p2[2] = *data++;
90	p2[1] = *data++;
91	p2[0] = *data++;
92	}
93	}
94	#endif
95
96
97	#define K1 0x5A827999L
98	#define K2 0x6ED9EBA1L
99	#define K3 0x8F1BBCDCL
100	#define K4 0xCA62C1D6L
101	#define F1(x,y,z) ( z ^ ( x & ( y ^ z ) ) )
102	#define F2(x,y,z) ( x ^ y ^ z )
103	#define F3(x,y,z) ( ( x & y ) \| ( z & ( x \| y ) ) )
104	#define F4(x,y,z) ( x ^ y ^ z )
105
106
107	#define M(i) ( tm = x[i&0x0f] ^ x[(i-14)&0x0f] \
108	^ x[(i-8)&0x0f] ^ x[(i-3)&0x0f] \
109	, (x[i&0x0f] = rol(tm,1)) )
110
111	#define R(a,b,c,d,e,f,k,m) do { e += rol( a, 5 ) \
112	+ f( b, c, d ) \
113	+ k \
114	+ m; \
115	b = rol( b, 30 ); \
116	} while(0)
117	R( a, b, c, d, e, F1, K1, x[ 0] );
118	R( e, a, b, c, d, F1, K1, x[ 1] );
119	R( d, e, a, b, c, F1, K1, x[ 2] );
120	R( c, d, e, a, b, F1, K1, x[ 3] );
121	R( b, c, d, e, a, F1, K1, x[ 4] );
122	R( a, b, c, d, e, F1, K1, x[ 5] );
123	R( e, a, b, c, d, F1, K1, x[ 6] );
124	R( d, e, a, b, c, F1, K1, x[ 7] );
125	R( c, d, e, a, b, F1, K1, x[ 8] );
126	R( b, c, d, e, a, F1, K1, x[ 9] );
127	R( a, b, c, d, e, F1, K1, x[10] );
128	R( e, a, b, c, d, F1, K1, x[11] );
129	R( d, e, a, b, c, F1, K1, x[12] );
130	R( c, d, e, a, b, F1, K1, x[13] );
131	R( b, c, d, e, a, F1, K1, x[14] );
132	R( a, b, c, d, e, F1, K1, x[15] );
133	R( e, a, b, c, d, F1, K1, M(16) );
134	R( d, e, a, b, c, F1, K1, M(17) );
135	R( c, d, e, a, b, F1, K1, M(18) );
136	R( b, c, d, e, a, F1, K1, M(19) );
137	R( a, b, c, d, e, F2, K2, M(20) );
138	R( e, a, b, c, d, F2, K2, M(21) );
139	R( d, e, a, b, c, F2, K2, M(22) );
140	R( c, d, e, a, b, F2, K2, M(23) );
141	R( b, c, d, e, a, F2, K2, M(24) );
142	R( a, b, c, d, e, F2, K2, M(25) );
143	R( e, a, b, c, d, F2, K2, M(26) );
144	R( d, e, a, b, c, F2, K2, M(27) );
145	R( c, d, e, a, b, F2, K2, M(28) );
146	R( b, c, d, e, a, F2, K2, M(29) );
147	R( a, b, c, d, e, F2, K2, M(30) );
148	R( e, a, b, c, d, F2, K2, M(31) );
149	R( d, e, a, b, c, F2, K2, M(32) );
150	R( c, d, e, a, b, F2, K2, M(33) );
151	R( b, c, d, e, a, F2, K2, M(34) );
152	R( a, b, c, d, e, F2, K2, M(35) );
153	R( e, a, b, c, d, F2, K2, M(36) );
154	R( d, e, a, b, c, F2, K2, M(37) );
155	R( c, d, e, a, b, F2, K2, M(38) );
156	R( b, c, d, e, a, F2, K2, M(39) );
157	R( a, b, c, d, e, F3, K3, M(40) );
158	R( e, a, b, c, d, F3, K3, M(41) );
159	R( d, e, a, b, c, F3, K3, M(42) );
160	R( c, d, e, a, b, F3, K3, M(43) );
161	R( b, c, d, e, a, F3, K3, M(44) );
162	R( a, b, c, d, e, F3, K3, M(45) );
163	R( e, a, b, c, d, F3, K3, M(46) );
164	R( d, e, a, b, c, F3, K3, M(47) );
165	R( c, d, e, a, b, F3, K3, M(48) );
166	R( b, c, d, e, a, F3, K3, M(49) );
167	R( a, b, c, d, e, F3, K3, M(50) );
168	R( e, a, b, c, d, F3, K3, M(51) );
169	R( d, e, a, b, c, F3, K3, M(52) );
170	R( c, d, e, a, b, F3, K3, M(53) );
171	R( b, c, d, e, a, F3, K3, M(54) );
172	R( a, b, c, d, e, F3, K3, M(55) );
173	R( e, a, b, c, d, F3, K3, M(56) );
174	R( d, e, a, b, c, F3, K3, M(57) );
175	R( c, d, e, a, b, F3, K3, M(58) );
176	R( b, c, d, e, a, F3, K3, M(59) );
177	R( a, b, c, d, e, F4, K4, M(60) );
178	R( e, a, b, c, d, F4, K4, M(61) );
179	R( d, e, a, b, c, F4, K4, M(62) );
180	R( c, d, e, a, b, F4, K4, M(63) );
181	R( b, c, d, e, a, F4, K4, M(64) );
182	R( a, b, c, d, e, F4, K4, M(65) );
183	R( e, a, b, c, d, F4, K4, M(66) );
184	R( d, e, a, b, c, F4, K4, M(67) );
185	R( c, d, e, a, b, F4, K4, M(68) );
186	R( b, c, d, e, a, F4, K4, M(69) );
187	R( a, b, c, d, e, F4, K4, M(70) );
188	R( e, a, b, c, d, F4, K4, M(71) );
189	R( d, e, a, b, c, F4, K4, M(72) );
190	R( c, d, e, a, b, F4, K4, M(73) );
191	R( b, c, d, e, a, F4, K4, M(74) );
192	R( a, b, c, d, e, F4, K4, M(75) );
193	R( e, a, b, c, d, F4, K4, M(76) );
194	R( d, e, a, b, c, F4, K4, M(77) );
195	R( c, d, e, a, b, F4, K4, M(78) );
196	R( b, c, d, e, a, F4, K4, M(79) );
197
198	/* update chainig vars */
199	hd->h0 += a;
200	hd->h1 += b;
201	hd->h2 += c;
202	hd->h3 += d;
203	hd->h4 += e;
204	}
205
206
207	/* Update the message digest with the contents
208	* of INBUF with length INLEN.
209	*/
210	void
211	sha1_write( SHA1_CONTEXT hd, unsigned char inbuf, size_t inlen)
212	{
213	if( hd->count == 64 ) { /* flush the buffer */
214	transform( hd, hd->buf );
215	burn_stack (88+4sizeof(void));
216	hd->count = 0;
217	hd->nblocks++;
218	}
219	if( !inbuf )
220	return;
221	if( hd->count ) {
222	for( ; inlen && hd->count < 64; inlen-- )
223	hd->buf[hd->count++] = *inbuf++;
224	sha1_write( hd, NULL, 0 );
225	if( !inlen )
226	return;
227	}
228
229	while( inlen >= 64 ) {
230	transform( hd, inbuf );
231	hd->count = 0;
232	hd->nblocks++;
233	inlen -= 64;
234	inbuf += 64;
235	}
236	burn_stack (88+4sizeof(void));
237	for( ; inlen && hd->count < 64; inlen-- )
238	hd->buf[hd->count++] = *inbuf++;
239	}
240
241
242	/* The routine final terminates the computation and
243	* returns the digest.
244	* The handle is prepared for a new cycle, but adding bytes to the
245	* handle will the destroy the returned buffer.
246	* Returns: 20 bytes representing the digest.
247	*/
248
249	void
250	sha1_final(SHA1_CONTEXT *hd)
251	{
252	unsigned long t, msb, lsb;
253	unsigned char *p;
254
255	sha1_write(hd, NULL, 0); /* flush */;
256
257	t = hd->nblocks;
258	/* multiply by 64 to make a byte count */
259	lsb = t << 6;
260	msb = t >> 26;
261	/* add the count */
262	t = lsb;
263	if( (lsb += hd->count) < t )
264	msb++;
265	/* multiply by 8 to make a bit count */
266	t = lsb;
267	lsb <<= 3;
268	msb <<= 3;
269	msb \|= t >> 29;
270
271	if( hd->count < 56 ) { /* enough room */
272	hd->buf[hd->count++] = 0x80; /* pad */
273	while( hd->count < 56 )
274	hd->buf[hd->count++] = 0; /* pad */
275	}
276	else { /* need one extra block */
277	hd->buf[hd->count++] = 0x80; /* pad character */
278	while( hd->count < 64 )
279	hd->buf[hd->count++] = 0;
280	sha1_write(hd, NULL, 0); /* flush */;
281	memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
282	}
283	/* append the 64 bit count */
284	hd->buf[56] = msb >> 24;
285	hd->buf[57] = msb >> 16;
286	hd->buf[58] = msb >> 8;
287	hd->buf[59] = msb ;
288	hd->buf[60] = lsb >> 24;
289	hd->buf[61] = lsb >> 16;
290	hd->buf[62] = lsb >> 8;
291	hd->buf[63] = lsb ;
292	transform( hd, hd->buf );
293	burn_stack (88+4sizeof(void));
294
295	p = hd->buf;
296	#ifdef BIG_ENDIAN_HOST
297	#define X(a) do { (unsigned long)p = hd->h##a ; p += 4; } while(0)
298	#else /* little endian */
299	#define X(a) do { p++ = hd->h##a >> 24; p++ = hd->h##a >> 16; \
300	p++ = hd->h##a >> 8; p++ = hd->h##a; } while(0)
301	#endif
302	X(0);
303	X(1);
304	X(2);
305	X(3);
306	X(4);
307	#undef X
308
309	}
310
311	unsigned char *
312	sha1_read( SHA1_CONTEXT *hd )
313	{
314	return hd->buf;
315	}
316