1 /* sha.c - Functions to compute the SHA1 hash (message-digest) of files
2 or blocks of memory. Complies to the NIST specification FIPS-180-1.
4 Copyright (C) 2000, 2001 Scott G. Miller
7 Robert Klep <robert@ilse.nl> -- Expansion function fix
14 #include <sys/types.h>
16 #if STDC_HEADERS || defined _LIBC
21 # define memcpy(d, s, n) bcopy ((s), (d), (n))
27 #include "unlocked-io.h"
30 Not-swap is a macro that does an endian swap on architectures that are
31 big-endian, as SHA needs some data in a little-endian format
34 #ifdef WORDS_BIGENDIAN
35 # define NOTSWAP(n) (n)
37 (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
40 (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
44 /* This array contains the bytes used to pad the buffer to the next
45 64-byte boundary. (RFC 1321, 3.1: Step 1) */
46 static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
50 Takes a pointer to a 160 bit block of data (five 32 bit ints) and
51 intializes it to the start constants of the SHA1 algorithm. This
52 must be called before using hash in the call to sha_hash
55 sha_init_ctx (struct sha_ctx *ctx)
63 ctx->total[0] = ctx->total[1] = 0;
67 /* Put result from CTX in first 20 bytes following RESBUF. The result
68 must be in little endian byte order.
70 IMPORTANT: On some systems it is required that RESBUF is correctly
71 aligned for a 32 bits value. */
73 sha_read_ctx (const struct sha_ctx *ctx, void *resbuf)
75 ((md5_uint32 *) resbuf)[0] = NOTSWAP (ctx->A);
76 ((md5_uint32 *) resbuf)[1] = NOTSWAP (ctx->B);
77 ((md5_uint32 *) resbuf)[2] = NOTSWAP (ctx->C);
78 ((md5_uint32 *) resbuf)[3] = NOTSWAP (ctx->D);
79 ((md5_uint32 *) resbuf)[4] = NOTSWAP (ctx->E);
84 /* Process the remaining bytes in the internal buffer and the usual
85 prolog according to the standard and write the result to RESBUF.
87 IMPORTANT: On some systems it is required that RESBUF is correctly
88 aligned for a 32 bits value. */
90 sha_finish_ctx (struct sha_ctx *ctx, void *resbuf)
92 /* Take yet unprocessed bytes into account. */
93 md5_uint32 bytes = ctx->buflen;
96 /* Now count remaining bytes. */
97 ctx->total[0] += bytes;
98 if (ctx->total[0] < bytes)
101 pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes;
102 memcpy (&ctx->buffer[bytes], fillbuf, pad);
104 /* Put the 64-bit file length in *bits* at the end of the buffer. */
105 *(md5_uint32 *) &ctx->buffer[bytes + pad + 4] = NOTSWAP (ctx->total[0] << 3);
106 *(md5_uint32 *) &ctx->buffer[bytes + pad] = NOTSWAP ((ctx->total[1] << 3) |
107 (ctx->total[0] >> 29));
109 /* Process last bytes. */
110 sha_process_block (ctx->buffer, bytes + pad + 8, ctx);
112 return sha_read_ctx (ctx, resbuf);
115 /* Compute SHA1 message digest for bytes read from STREAM. The
116 resulting message digest number will be written into the 16 bytes
117 beginning at RESBLOCK. */
119 sha_stream (FILE *stream, void *resblock)
121 /* Important: BLOCKSIZE must be a multiple of 64. */
122 #define BLOCKSIZE 4096
124 char buffer[BLOCKSIZE + 72];
127 /* Initialize the computation context. */
130 /* Iterate over full file contents. */
133 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
134 computation function processes the whole buffer so that with the
135 next round of the loop another block can be read. */
139 /* Read block. Take care for partial reads. */
142 n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
146 while (sum < BLOCKSIZE && n != 0);
147 if (n == 0 && ferror (stream))
150 /* If end of file is reached, end the loop. */
154 /* Process buffer with BLOCKSIZE bytes. Note that
157 sha_process_block (buffer, BLOCKSIZE, &ctx);
160 /* Add the last bytes if necessary. */
162 sha_process_bytes (buffer, sum, &ctx);
164 /* Construct result in desired memory. */
165 sha_finish_ctx (&ctx, resblock);
169 /* Compute MD5 message digest for LEN bytes beginning at BUFFER. The
170 result is always in little endian byte order, so that a byte-wise
171 output yields to the wanted ASCII representation of the message
174 sha_buffer (const char *buffer, size_t len, void *resblock)
178 /* Initialize the computation context. */
181 /* Process whole buffer but last len % 64 bytes. */
182 sha_process_bytes (buffer, len, &ctx);
184 /* Put result in desired memory area. */
185 return sha_finish_ctx (&ctx, resblock);
189 sha_process_bytes (const void *buffer, size_t len, struct sha_ctx *ctx)
191 /* When we already have some bits in our internal buffer concatenate
192 both inputs first. */
193 if (ctx->buflen != 0)
195 size_t left_over = ctx->buflen;
196 size_t add = 128 - left_over > len ? len : 128 - left_over;
198 memcpy (&ctx->buffer[left_over], buffer, add);
201 if (left_over + add > 64)
203 sha_process_block (ctx->buffer, (left_over + add) & ~63, ctx);
204 /* The regions in the following copy operation cannot overlap. */
205 memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~63],
206 (left_over + add) & 63);
207 ctx->buflen = (left_over + add) & 63;
210 buffer = (const char *) buffer + add;
214 /* Process available complete blocks. */
217 sha_process_block (buffer, len & ~63, ctx);
218 buffer = (const char *) buffer + (len & ~63);
222 /* Move remaining bytes in internal buffer. */
225 memcpy (ctx->buffer, buffer, len);
230 /* --- Code below is the primary difference between md5.c and sha.c --- */
232 /* SHA1 round constants */
233 #define K1 0x5a827999L
234 #define K2 0x6ed9eba1L
235 #define K3 0x8f1bbcdcL
236 #define K4 0xca62c1d6L
238 /* Round functions. Note that F2 is the same as F4. */
239 #define F1(B,C,D) ( D ^ ( B & ( C ^ D ) ) )
240 #define F2(B,C,D) (B ^ C ^ D)
241 #define F3(B,C,D) ( ( B & C ) | ( D & ( B | C ) ) )
242 #define F4(B,C,D) (B ^ C ^ D)
244 /* Process LEN bytes of BUFFER, accumulating context into CTX.
245 It is assumed that LEN % 64 == 0.
246 Most of this code comes from GnuPG's cipher/sha1.c. */
249 sha_process_block (const void *buffer, size_t len, struct sha_ctx *ctx)
251 const md5_uint32 *words = buffer;
252 size_t nwords = len / sizeof (md5_uint32);
253 const md5_uint32 *endp = words + nwords;
255 md5_uint32 a = ctx->A;
256 md5_uint32 b = ctx->B;
257 md5_uint32 c = ctx->C;
258 md5_uint32 d = ctx->D;
259 md5_uint32 e = ctx->E;
261 /* First increment the byte count. RFC 1321 specifies the possible
262 length of the file up to 2^64 bits. Here we only compute the
263 number of bytes. Do a double word increment. */
264 ctx->total[0] += len;
265 if (ctx->total[0] < len)
268 #define M(I) ( tm = x[I&0x0f] ^ x[(I-14)&0x0f] \
269 ^ x[(I-8)&0x0f] ^ x[(I-3)&0x0f] \
270 , (x[I&0x0f] = rol(tm, 1)) )
272 #define R(A,B,C,D,E,F,K,M) do { E += rol( A, 5 ) \
283 /* FIXME: see sha1.c for a better implementation. */
284 for (t = 0; t < 16; t++)
286 x[t] = NOTSWAP (*words);
290 R( a, b, c, d, e, F1, K1, x[ 0] );
291 R( e, a, b, c, d, F1, K1, x[ 1] );
292 R( d, e, a, b, c, F1, K1, x[ 2] );
293 R( c, d, e, a, b, F1, K1, x[ 3] );
294 R( b, c, d, e, a, F1, K1, x[ 4] );
295 R( a, b, c, d, e, F1, K1, x[ 5] );
296 R( e, a, b, c, d, F1, K1, x[ 6] );
297 R( d, e, a, b, c, F1, K1, x[ 7] );
298 R( c, d, e, a, b, F1, K1, x[ 8] );
299 R( b, c, d, e, a, F1, K1, x[ 9] );
300 R( a, b, c, d, e, F1, K1, x[10] );
301 R( e, a, b, c, d, F1, K1, x[11] );
302 R( d, e, a, b, c, F1, K1, x[12] );
303 R( c, d, e, a, b, F1, K1, x[13] );
304 R( b, c, d, e, a, F1, K1, x[14] );
305 R( a, b, c, d, e, F1, K1, x[15] );
306 R( e, a, b, c, d, F1, K1, M(16) );
307 R( d, e, a, b, c, F1, K1, M(17) );
308 R( c, d, e, a, b, F1, K1, M(18) );
309 R( b, c, d, e, a, F1, K1, M(19) );
310 R( a, b, c, d, e, F2, K2, M(20) );
311 R( e, a, b, c, d, F2, K2, M(21) );
312 R( d, e, a, b, c, F2, K2, M(22) );
313 R( c, d, e, a, b, F2, K2, M(23) );
314 R( b, c, d, e, a, F2, K2, M(24) );
315 R( a, b, c, d, e, F2, K2, M(25) );
316 R( e, a, b, c, d, F2, K2, M(26) );
317 R( d, e, a, b, c, F2, K2, M(27) );
318 R( c, d, e, a, b, F2, K2, M(28) );
319 R( b, c, d, e, a, F2, K2, M(29) );
320 R( a, b, c, d, e, F2, K2, M(30) );
321 R( e, a, b, c, d, F2, K2, M(31) );
322 R( d, e, a, b, c, F2, K2, M(32) );
323 R( c, d, e, a, b, F2, K2, M(33) );
324 R( b, c, d, e, a, F2, K2, M(34) );
325 R( a, b, c, d, e, F2, K2, M(35) );
326 R( e, a, b, c, d, F2, K2, M(36) );
327 R( d, e, a, b, c, F2, K2, M(37) );
328 R( c, d, e, a, b, F2, K2, M(38) );
329 R( b, c, d, e, a, F2, K2, M(39) );
330 R( a, b, c, d, e, F3, K3, M(40) );
331 R( e, a, b, c, d, F3, K3, M(41) );
332 R( d, e, a, b, c, F3, K3, M(42) );
333 R( c, d, e, a, b, F3, K3, M(43) );
334 R( b, c, d, e, a, F3, K3, M(44) );
335 R( a, b, c, d, e, F3, K3, M(45) );
336 R( e, a, b, c, d, F3, K3, M(46) );
337 R( d, e, a, b, c, F3, K3, M(47) );
338 R( c, d, e, a, b, F3, K3, M(48) );
339 R( b, c, d, e, a, F3, K3, M(49) );
340 R( a, b, c, d, e, F3, K3, M(50) );
341 R( e, a, b, c, d, F3, K3, M(51) );
342 R( d, e, a, b, c, F3, K3, M(52) );
343 R( c, d, e, a, b, F3, K3, M(53) );
344 R( b, c, d, e, a, F3, K3, M(54) );
345 R( a, b, c, d, e, F3, K3, M(55) );
346 R( e, a, b, c, d, F3, K3, M(56) );
347 R( d, e, a, b, c, F3, K3, M(57) );
348 R( c, d, e, a, b, F3, K3, M(58) );
349 R( b, c, d, e, a, F3, K3, M(59) );
350 R( a, b, c, d, e, F4, K4, M(60) );
351 R( e, a, b, c, d, F4, K4, M(61) );
352 R( d, e, a, b, c, F4, K4, M(62) );
353 R( c, d, e, a, b, F4, K4, M(63) );
354 R( b, c, d, e, a, F4, K4, M(64) );
355 R( a, b, c, d, e, F4, K4, M(65) );
356 R( e, a, b, c, d, F4, K4, M(66) );
357 R( d, e, a, b, c, F4, K4, M(67) );
358 R( c, d, e, a, b, F4, K4, M(68) );
359 R( b, c, d, e, a, F4, K4, M(69) );
360 R( a, b, c, d, e, F4, K4, M(70) );
361 R( e, a, b, c, d, F4, K4, M(71) );
362 R( d, e, a, b, c, F4, K4, M(72) );
363 R( c, d, e, a, b, F4, K4, M(73) );
364 R( b, c, d, e, a, F4, K4, M(74) );
365 R( a, b, c, d, e, F4, K4, M(75) );
366 R( e, a, b, c, d, F4, K4, M(76) );
367 R( d, e, a, b, c, F4, K4, M(77) );
368 R( c, d, e, a, b, F4, K4, M(78) );
369 R( b, c, d, e, a, F4, K4, M(79) );
projects / gnulib.git / blob