comparison libtomcrypt/src/hashes/sha1.c @ 285:1b9e69c058d2

propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3) to branch 'au.asn.ucc.matt.dropbear' (head fdf4a7a3b97ae5046139915de7e40399cceb2c01)
author Matt Johnston <matt@ucc.asn.au>
date Wed, 08 Mar 2006 13:23:58 +0000
parents
children 0cbe8f6dbf9e
comparison
equal deleted inserted replaced
281:997e6f7dc01e 285:1b9e69c058d2
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtomcrypt.org
10 */
11 #include "tomcrypt.h"
12
13 /**
14 @file sha1.c
15 SHA1 code by Tom St Denis
16 */
17
18
19 #ifdef SHA1
20
21 const struct ltc_hash_descriptor sha1_desc =
22 {
23 "sha1",
24 2,
25 20,
26 64,
27
28 /* OID */
29 { 1, 3, 14, 3, 2, 26, },
30 6,
31
32 &sha1_init,
33 &sha1_process,
34 &sha1_done,
35 &sha1_test
36 };
37
38 #define F0(x,y,z) (z ^ (x & (y ^ z)))
39 #define F1(x,y,z) (x ^ y ^ z)
40 #define F2(x,y,z) ((x & y) | (z & (x | y)))
41 #define F3(x,y,z) (x ^ y ^ z)
42
43 #ifdef LTC_CLEAN_STACK
44 static int _sha1_compress(hash_state *md, unsigned char *buf)
45 #else
46 static int sha1_compress(hash_state *md, unsigned char *buf)
47 #endif
48 {
49 ulong32 a,b,c,d,e,W[80],i;
50 #ifdef LTC_SMALL_CODE
51 ulong32 t;
52 #endif
53
54 /* copy the state into 512-bits into W[0..15] */
55 for (i = 0; i < 16; i++) {
56 LOAD32H(W[i], buf + (4*i));
57 }
58
59 /* copy state */
60 a = md->sha1.state[0];
61 b = md->sha1.state[1];
62 c = md->sha1.state[2];
63 d = md->sha1.state[3];
64 e = md->sha1.state[4];
65
66 /* expand it */
67 for (i = 16; i < 80; i++) {
68 W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1);
69 }
70
71 /* compress */
72 /* round one */
73 #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30);
74 #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30);
75 #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30);
76 #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30);
77
78 #ifdef LTC_SMALL_CODE
79
80 for (i = 0; i < 20; ) {
81 FF0(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
82 }
83
84 for (; i < 40; ) {
85 FF1(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
86 }
87
88 for (; i < 60; ) {
89 FF2(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
90 }
91
92 for (; i < 80; ) {
93 FF3(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
94 }
95
96 #else
97
98 for (i = 0; i < 20; ) {
99 FF0(a,b,c,d,e,i++);
100 FF0(e,a,b,c,d,i++);
101 FF0(d,e,a,b,c,i++);
102 FF0(c,d,e,a,b,i++);
103 FF0(b,c,d,e,a,i++);
104 }
105
106 /* round two */
107 for (; i < 40; ) {
108 FF1(a,b,c,d,e,i++);
109 FF1(e,a,b,c,d,i++);
110 FF1(d,e,a,b,c,i++);
111 FF1(c,d,e,a,b,i++);
112 FF1(b,c,d,e,a,i++);
113 }
114
115 /* round three */
116 for (; i < 60; ) {
117 FF2(a,b,c,d,e,i++);
118 FF2(e,a,b,c,d,i++);
119 FF2(d,e,a,b,c,i++);
120 FF2(c,d,e,a,b,i++);
121 FF2(b,c,d,e,a,i++);
122 }
123
124 /* round four */
125 for (; i < 80; ) {
126 FF3(a,b,c,d,e,i++);
127 FF3(e,a,b,c,d,i++);
128 FF3(d,e,a,b,c,i++);
129 FF3(c,d,e,a,b,i++);
130 FF3(b,c,d,e,a,i++);
131 }
132 #endif
133
134 #undef FF0
135 #undef FF1
136 #undef FF2
137 #undef FF3
138
139 /* store */
140 md->sha1.state[0] = md->sha1.state[0] + a;
141 md->sha1.state[1] = md->sha1.state[1] + b;
142 md->sha1.state[2] = md->sha1.state[2] + c;
143 md->sha1.state[3] = md->sha1.state[3] + d;
144 md->sha1.state[4] = md->sha1.state[4] + e;
145
146 return CRYPT_OK;
147 }
148
149 #ifdef LTC_CLEAN_STACK
150 static int sha1_compress(hash_state *md, unsigned char *buf)
151 {
152 int err;
153 err = _sha1_compress(md, buf);
154 burn_stack(sizeof(ulong32) * 87);
155 return err;
156 }
157 #endif
158
159 /**
160 Initialize the hash state
161 @param md The hash state you wish to initialize
162 @return CRYPT_OK if successful
163 */
164 int sha1_init(hash_state * md)
165 {
166 LTC_ARGCHK(md != NULL);
167 md->sha1.state[0] = 0x67452301UL;
168 md->sha1.state[1] = 0xefcdab89UL;
169 md->sha1.state[2] = 0x98badcfeUL;
170 md->sha1.state[3] = 0x10325476UL;
171 md->sha1.state[4] = 0xc3d2e1f0UL;
172 md->sha1.curlen = 0;
173 md->sha1.length = 0;
174 return CRYPT_OK;
175 }
176
177 /**
178 Process a block of memory though the hash
179 @param md The hash state
180 @param in The data to hash
181 @param inlen The length of the data (octets)
182 @return CRYPT_OK if successful
183 */
184 HASH_PROCESS(sha1_process, sha1_compress, sha1, 64)
185
186 /**
187 Terminate the hash to get the digest
188 @param md The hash state
189 @param out [out] The destination of the hash (20 bytes)
190 @return CRYPT_OK if successful
191 */
192 int sha1_done(hash_state * md, unsigned char *out)
193 {
194 int i;
195
196 LTC_ARGCHK(md != NULL);
197 LTC_ARGCHK(out != NULL);
198
199 if (md->sha1.curlen >= sizeof(md->sha1.buf)) {
200 return CRYPT_INVALID_ARG;
201 }
202
203 /* increase the length of the message */
204 md->sha1.length += md->sha1.curlen * 8;
205
206 /* append the '1' bit */
207 md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80;
208
209 /* if the length is currently above 56 bytes we append zeros
210 * then compress. Then we can fall back to padding zeros and length
211 * encoding like normal.
212 */
213 if (md->sha1.curlen > 56) {
214 while (md->sha1.curlen < 64) {
215 md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
216 }
217 sha1_compress(md, md->sha1.buf);
218 md->sha1.curlen = 0;
219 }
220
221 /* pad upto 56 bytes of zeroes */
222 while (md->sha1.curlen < 56) {
223 md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
224 }
225
226 /* store length */
227 STORE64H(md->sha1.length, md->sha1.buf+56);
228 sha1_compress(md, md->sha1.buf);
229
230 /* copy output */
231 for (i = 0; i < 5; i++) {
232 STORE32H(md->sha1.state[i], out+(4*i));
233 }
234 #ifdef LTC_CLEAN_STACK
235 zeromem(md, sizeof(hash_state));
236 #endif
237 return CRYPT_OK;
238 }
239
240 /**
241 Self-test the hash
242 @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
243 */
244 int sha1_test(void)
245 {
246 #ifndef LTC_TEST
247 return CRYPT_NOP;
248 #else
249 static const struct {
250 char *msg;
251 unsigned char hash[20];
252 } tests[] = {
253 { "abc",
254 { 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a,
255 0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c,
256 0x9c, 0xd0, 0xd8, 0x9d }
257 },
258 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
259 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E,
260 0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5,
261 0xE5, 0x46, 0x70, 0xF1 }
262 }
263 };
264
265 int i;
266 unsigned char tmp[20];
267 hash_state md;
268
269 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
270 sha1_init(&md);
271 sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
272 sha1_done(&md, tmp);
273 if (memcmp(tmp, tests[i].hash, 20) != 0) {
274 return CRYPT_FAIL_TESTVECTOR;
275 }
276 }
277 return CRYPT_OK;
278 #endif
279 }
280
281 #endif
282
283
284
285 /* $Source: /cvs/libtom/libtomcrypt/src/hashes/sha1.c,v $ */
286 /* $Revision: 1.5 $ */
287 /* $Date: 2005/05/23 02:42:07 $ */