1: /*
2: * Copyright (c) 2007, Cameron Rich
3: *
4: * All rights reserved.
5: *
6: * Redistribution and use in source and binary forms, with or without
7: * modification, are permitted provided that the following conditions are met:
8: *
9: * * Redistributions of source code must retain the above copyright notice,
10: * this list of conditions and the following disclaimer.
11: * * Redistributions in binary form must reproduce the above copyright notice,
12: * this list of conditions and the following disclaimer in the documentation
13: * and/or other materials provided with the distribution.
14: * * Neither the name of the axTLS project nor the names of its contributors
15: * may be used to endorse or promote products derived from this software
16: * without specific prior written permission.
17: *
18: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19: * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20: * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21: * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22: * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24: * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25: * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26: * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27: * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28: * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29: */
30:
31: /**
32: * SHA1 implementation - as defined in FIPS PUB 180-1 published April 17, 1995.
33: * This code was originally taken from RFC3174
34: */
35:
36: #include <string.h>
37: #include "os_port.h"
38: #include "crypto.h"
39:
40: /*
41: * Define the SHA1 circular left shift macro
42: */
43: #define SHA1CircularShift(bits,word) \
44: (((word) << (bits)) | ((word) >> (32-(bits))))
45:
46: /* ----- static functions ----- */
47: static void SHA1PadMessage(SHA1_CTX *ctx);
48: static void SHA1ProcessMessageBlock(SHA1_CTX *ctx);
49:
50: /**
51: * Initialize the SHA1 context
52: */
53: void SHA1_Init(SHA1_CTX *ctx)
54: {
55: ctx->Length_Low = 0;
56: ctx->Length_High = 0;
57: ctx->Message_Block_Index = 0;
58: ctx->Intermediate_Hash[0] = 0x67452301;
59: ctx->Intermediate_Hash[1] = 0xEFCDAB89;
60: ctx->Intermediate_Hash[2] = 0x98BADCFE;
61: ctx->Intermediate_Hash[3] = 0x10325476;
62: ctx->Intermediate_Hash[4] = 0xC3D2E1F0;
63: }
64:
65: /**
66: * Accepts an array of octets as the next portion of the message.
67: */
68: void SHA1_Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
69: {
70: while (len--)
71: {
72: ctx->Message_Block[ctx->Message_Block_Index++] = (*msg & 0xFF);
73: ctx->Length_Low += 8;
74:
75: if (ctx->Length_Low == 0)
76: ctx->Length_High++;
77:
78: if (ctx->Message_Block_Index == 64)
79: SHA1ProcessMessageBlock(ctx);
80:
81: msg++;
82: }
83: }
84:
85: /**
86: * Return the 160-bit message digest into the user's array
87: */
88: void SHA1_Final(uint8_t *digest, SHA1_CTX *ctx)
89: {
90: int i;
91:
92: SHA1PadMessage(ctx);
93: memset(ctx->Message_Block, 0, 64);
94: ctx->Length_Low = 0; /* and clear length */
95: ctx->Length_High = 0;
96:
97: for (i = 0; i < SHA1_SIZE; i++)
98: {
99: digest[i] = ctx->Intermediate_Hash[i>>2] >> 8 * ( 3 - ( i & 0x03 ) );
100: }
101: }
102:
103: /**
104: * Process the next 512 bits of the message stored in the array.
105: */
106: static void SHA1ProcessMessageBlock(SHA1_CTX *ctx)
107: {
108: const uint32_t K[] = { /* Constants defined in SHA-1 */
109: 0x5A827999,
110: 0x6ED9EBA1,
111: 0x8F1BBCDC,
112: 0xCA62C1D6
113: };
114: int t; /* Loop counter */
115: uint32_t temp; /* Temporary word value */
116: uint32_t W[80]; /* Word sequence */
117: uint32_t A, B, C, D, E; /* Word buffers */
118:
119: /*
120: * Initialize the first 16 words in the array W
121: */
122: for (t = 0; t < 16; t++)
123: {
124: W[t] = ctx->Message_Block[t * 4] << 24;
125: W[t] |= ctx->Message_Block[t * 4 + 1] << 16;
126: W[t] |= ctx->Message_Block[t * 4 + 2] << 8;
127: W[t] |= ctx->Message_Block[t * 4 + 3];
128: }
129:
130: for (t = 16; t < 80; t++)
131: {
132: W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
133: }
134:
135: A = ctx->Intermediate_Hash[0];
136: B = ctx->Intermediate_Hash[1];
137: C = ctx->Intermediate_Hash[2];
138: D = ctx->Intermediate_Hash[3];
139: E = ctx->Intermediate_Hash[4];
140:
141: for (t = 0; t < 20; t++)
142: {
143: temp = SHA1CircularShift(5,A) +
144: ((B & C) | ((~B) & D)) + E + W[t] + K[0];
145: E = D;
146: D = C;
147: C = SHA1CircularShift(30,B);
148:
149: B = A;
150: A = temp;
151: }
152:
153: for (t = 20; t < 40; t++)
154: {
155: temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
156: E = D;
157: D = C;
158: C = SHA1CircularShift(30,B);
159: B = A;
160: A = temp;
161: }
162:
163: for (t = 40; t < 60; t++)
164: {
165: temp = SHA1CircularShift(5,A) +
166: ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
167: E = D;
168: D = C;
169: C = SHA1CircularShift(30,B);
170: B = A;
171: A = temp;
172: }
173:
174: for (t = 60; t < 80; t++)
175: {
176: temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
177: E = D;
178: D = C;
179: C = SHA1CircularShift(30,B);
180: B = A;
181: A = temp;
182: }
183:
184: ctx->Intermediate_Hash[0] += A;
185: ctx->Intermediate_Hash[1] += B;
186: ctx->Intermediate_Hash[2] += C;
187: ctx->Intermediate_Hash[3] += D;
188: ctx->Intermediate_Hash[4] += E;
189: ctx->Message_Block_Index = 0;
190: }
191:
192: /*
193: * According to the standard, the message must be padded to an even
194: * 512 bits. The first padding bit must be a '1'. The last 64
195: * bits represent the length of the original message. All bits in
196: * between should be 0. This function will pad the message
197: * according to those rules by filling the Message_Block array
198: * accordingly. It will also call the ProcessMessageBlock function
199: * provided appropriately. When it returns, it can be assumed that
200: * the message digest has been computed.
201: *
202: * @param ctx [in, out] The SHA1 context
203: */
204: static void SHA1PadMessage(SHA1_CTX *ctx)
205: {
206: /*
207: * Check to see if the current message block is too small to hold
208: * the initial padding bits and length. If so, we will pad the
209: * block, process it, and then continue padding into a second
210: * block.
211: */
212: if (ctx->Message_Block_Index > 55)
213: {
214: ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
215: while(ctx->Message_Block_Index < 64)
216: {
217: ctx->Message_Block[ctx->Message_Block_Index++] = 0;
218: }
219:
220: SHA1ProcessMessageBlock(ctx);
221:
222: while (ctx->Message_Block_Index < 56)
223: {
224: ctx->Message_Block[ctx->Message_Block_Index++] = 0;
225: }
226: }
227: else
228: {
229: ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
230: while(ctx->Message_Block_Index < 56)
231: {
232:
233: ctx->Message_Block[ctx->Message_Block_Index++] = 0;
234: }
235: }
236:
237: /*
238: * Store the message length as the last 8 octets
239: */
240: ctx->Message_Block[56] = ctx->Length_High >> 24;
241: ctx->Message_Block[57] = ctx->Length_High >> 16;
242: ctx->Message_Block[58] = ctx->Length_High >> 8;
243: ctx->Message_Block[59] = ctx->Length_High;
244: ctx->Message_Block[60] = ctx->Length_Low >> 24;
245: ctx->Message_Block[61] = ctx->Length_Low >> 16;
246: ctx->Message_Block[62] = ctx->Length_Low >> 8;
247: ctx->Message_Block[63] = ctx->Length_Low;
248: SHA1ProcessMessageBlock(ctx);
249: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sha1.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / axTLS / crypto