3
|
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis |
|
2 * |
|
3 * LibTomCrypt is a library that provides various cryptographic |
|
4 * algorithms in a highly modular and flexible manner. |
|
5 * |
|
6 * The library is free for all purposes without any express |
|
7 * guarantee it works. |
|
8 * |
|
9 * Tom St Denis, [email protected], http://libtomcrypt.org |
|
10 */ |
|
11 |
|
12 /* SHA1 code by Tom St Denis */ |
|
13 #include "mycrypt.h" |
|
14 |
|
15 #ifdef SHA1 |
|
16 |
|
17 const struct _hash_descriptor sha1_desc = |
|
18 { |
|
19 "sha1", |
|
20 2, |
|
21 20, |
|
22 64, |
|
23 &sha1_init, |
|
24 &sha1_process, |
|
25 &sha1_done, |
|
26 &sha1_test |
|
27 }; |
|
28 |
|
29 #define F0(x,y,z) (z ^ (x & (y ^ z))) |
|
30 #define F1(x,y,z) (x ^ y ^ z) |
|
31 #define F2(x,y,z) ((x & y) | (z & (x | y))) |
|
32 #define F3(x,y,z) (x ^ y ^ z) |
|
33 |
|
34 #ifdef CLEAN_STACK |
|
35 static void _sha1_compress(hash_state *md, unsigned char *buf) |
|
36 #else |
|
37 static void sha1_compress(hash_state *md, unsigned char *buf) |
|
38 #endif |
|
39 { |
|
40 ulong32 a,b,c,d,e,W[80],i; |
|
41 |
|
42 /* copy the state into 512-bits into W[0..15] */ |
|
43 for (i = 0; i < 16; i++) { |
|
44 LOAD32H(W[i], buf + (4*i)); |
|
45 } |
|
46 |
|
47 /* copy state */ |
|
48 a = md->sha1.state[0]; |
|
49 b = md->sha1.state[1]; |
|
50 c = md->sha1.state[2]; |
|
51 d = md->sha1.state[3]; |
|
52 e = md->sha1.state[4]; |
|
53 |
|
54 /* expand it */ |
|
55 for (i = 16; i < 80; i++) { |
|
56 W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1); |
|
57 } |
|
58 |
|
59 /* compress */ |
|
60 /* round one */ |
|
61 #define FF0(a,b,c,d,e,i) e = (ROL(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROL(b, 30); |
|
62 #define FF1(a,b,c,d,e,i) e = (ROL(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROL(b, 30); |
|
63 #define FF2(a,b,c,d,e,i) e = (ROL(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROL(b, 30); |
|
64 #define FF3(a,b,c,d,e,i) e = (ROL(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROL(b, 30); |
|
65 |
|
66 for (i = 0; i < 20; ) { |
|
67 FF0(a,b,c,d,e,i++); |
|
68 FF0(e,a,b,c,d,i++); |
|
69 FF0(d,e,a,b,c,i++); |
|
70 FF0(c,d,e,a,b,i++); |
|
71 FF0(b,c,d,e,a,i++); |
|
72 } |
|
73 |
|
74 /* round two */ |
|
75 for (; i < 40; ) { |
|
76 FF1(a,b,c,d,e,i++); |
|
77 FF1(e,a,b,c,d,i++); |
|
78 FF1(d,e,a,b,c,i++); |
|
79 FF1(c,d,e,a,b,i++); |
|
80 FF1(b,c,d,e,a,i++); |
|
81 } |
|
82 |
|
83 /* round three */ |
|
84 for (; i < 60; ) { |
|
85 FF2(a,b,c,d,e,i++); |
|
86 FF2(e,a,b,c,d,i++); |
|
87 FF2(d,e,a,b,c,i++); |
|
88 FF2(c,d,e,a,b,i++); |
|
89 FF2(b,c,d,e,a,i++); |
|
90 } |
|
91 |
|
92 /* round four */ |
|
93 for (; i < 80; ) { |
|
94 FF3(a,b,c,d,e,i++); |
|
95 FF3(e,a,b,c,d,i++); |
|
96 FF3(d,e,a,b,c,i++); |
|
97 FF3(c,d,e,a,b,i++); |
|
98 FF3(b,c,d,e,a,i++); |
|
99 } |
|
100 |
|
101 #undef FF0 |
|
102 #undef FF1 |
|
103 #undef FF2 |
|
104 #undef FF3 |
|
105 |
|
106 /* store */ |
|
107 md->sha1.state[0] = md->sha1.state[0] + a; |
|
108 md->sha1.state[1] = md->sha1.state[1] + b; |
|
109 md->sha1.state[2] = md->sha1.state[2] + c; |
|
110 md->sha1.state[3] = md->sha1.state[3] + d; |
|
111 md->sha1.state[4] = md->sha1.state[4] + e; |
|
112 } |
|
113 |
|
114 #ifdef CLEAN_STACK |
|
115 static void sha1_compress(hash_state *md, unsigned char *buf) |
|
116 { |
|
117 _sha1_compress(md, buf); |
|
118 burn_stack(sizeof(ulong32) * 87); |
|
119 } |
|
120 #endif |
|
121 |
|
122 void sha1_init(hash_state * md) |
|
123 { |
|
124 _ARGCHK(md != NULL); |
|
125 md->sha1.state[0] = 0x67452301UL; |
|
126 md->sha1.state[1] = 0xefcdab89UL; |
|
127 md->sha1.state[2] = 0x98badcfeUL; |
|
128 md->sha1.state[3] = 0x10325476UL; |
|
129 md->sha1.state[4] = 0xc3d2e1f0UL; |
|
130 md->sha1.curlen = 0; |
|
131 md->sha1.length = 0; |
|
132 } |
|
133 |
|
134 HASH_PROCESS(sha1_process, sha1_compress, sha1, 64) |
|
135 |
|
136 int sha1_done(hash_state * md, unsigned char *hash) |
|
137 { |
|
138 int i; |
|
139 |
|
140 _ARGCHK(md != NULL); |
|
141 _ARGCHK(hash != NULL); |
|
142 |
|
143 if (md->sha1.curlen >= sizeof(md->sha1.buf)) { |
|
144 return CRYPT_INVALID_ARG; |
|
145 } |
|
146 |
|
147 /* increase the length of the message */ |
|
148 md->sha1.length += md->sha1.curlen * 8; |
|
149 |
|
150 /* append the '1' bit */ |
|
151 md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80; |
|
152 |
|
153 /* if the length is currently above 56 bytes we append zeros |
|
154 * then compress. Then we can fall back to padding zeros and length |
|
155 * encoding like normal. |
|
156 */ |
|
157 if (md->sha1.curlen > 56) { |
|
158 while (md->sha1.curlen < 64) { |
|
159 md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; |
|
160 } |
|
161 sha1_compress(md, md->sha1.buf); |
|
162 md->sha1.curlen = 0; |
|
163 } |
|
164 |
|
165 /* pad upto 56 bytes of zeroes */ |
|
166 while (md->sha1.curlen < 56) { |
|
167 md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; |
|
168 } |
|
169 |
|
170 /* store length */ |
|
171 STORE64H(md->sha1.length, md->sha1.buf+56); |
|
172 sha1_compress(md, md->sha1.buf); |
|
173 |
|
174 /* copy output */ |
|
175 for (i = 0; i < 5; i++) { |
|
176 STORE32H(md->sha1.state[i], hash+(4*i)); |
|
177 } |
|
178 #ifdef CLEAN_STACK |
|
179 zeromem(md, sizeof(hash_state)); |
|
180 #endif |
|
181 return CRYPT_OK; |
|
182 } |
|
183 |
|
184 int sha1_test(void) |
|
185 { |
|
186 #ifndef LTC_TEST |
|
187 return CRYPT_NOP; |
|
188 #else |
|
189 static const struct { |
|
190 char *msg; |
|
191 unsigned char hash[20]; |
|
192 } tests[] = { |
|
193 { "abc", |
|
194 { 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, |
|
195 0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, |
|
196 0x9c, 0xd0, 0xd8, 0x9d } |
|
197 }, |
|
198 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", |
|
199 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, |
|
200 0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, |
|
201 0xE5, 0x46, 0x70, 0xF1 } |
|
202 } |
|
203 }; |
|
204 |
|
205 int i; |
|
206 unsigned char tmp[20]; |
|
207 hash_state md; |
|
208 |
|
209 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { |
|
210 sha1_init(&md); |
|
211 sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); |
|
212 sha1_done(&md, tmp); |
|
213 if (memcmp(tmp, tests[i].hash, 20) != 0) { |
|
214 return CRYPT_FAIL_TESTVECTOR; |
|
215 } |
|
216 } |
|
217 return CRYPT_OK; |
|
218 #endif |
|
219 } |
|
220 |
|
221 #endif |
|
222 |
|
223 |