X-Git-Url: http://erislabs.net/gitweb/?a=blobdiff_plain;f=lib%2Fsha.c;h=fe3708c1adbc0ffe63a04d98ff51706967cd307d;hb=468e57cb4025983239ff40bb1c05b7d8e4328185;hp=d80edf94d63dae42d07b8bb516c69a87a6be3962;hpb=7b536cbc572c47d0c81694965f9e9c5198974863;p=gnulib.git diff --git a/lib/sha.c b/lib/sha.c index d80edf94d..fe3708c1a 100644 --- a/lib/sha.c +++ b/lib/sha.c @@ -234,13 +234,15 @@ sha_process_bytes (const void *buffer, size_t len, struct sha_ctx *ctx) #define K3 0x8f1bbcdcL #define K4 0xca62c1d6L -/* Round functions. Note that F2() is used in both rounds 2 and 4 */ +/* Round functions. Note that F2 is the same as F4. */ #define F1(B,C,D) ( D ^ ( B & ( C ^ D ) ) ) #define F2(B,C,D) (B ^ C ^ D) #define F3(B,C,D) ( ( B & C ) | ( D & ( B | C ) ) ) +#define F4(B,C,D) (B ^ C ^ D) /* Process LEN bytes of BUFFER, accumulating context into CTX. - It is assumed that LEN % 64 == 0. */ + It is assumed that LEN % 64 == 0. + Most of this code comes from GnuPG's cipher/sha1.c. */ void sha_process_block (const void *buffer, size_t len, struct sha_ctx *ctx) @@ -248,7 +250,7 @@ sha_process_block (const void *buffer, size_t len, struct sha_ctx *ctx) const md5_uint32 *words = buffer; size_t nwords = len / sizeof (md5_uint32); const md5_uint32 *endp = words + nwords; - md5_uint32 x[80]; + md5_uint32 x[16]; md5_uint32 a = ctx->A; md5_uint32 b = ctx->B; md5_uint32 c = ctx->C; @@ -262,76 +264,109 @@ sha_process_block (const void *buffer, size_t len, struct sha_ctx *ctx) if (ctx->total[0] < len) ++ctx->total[1]; -#define M(i) ( tm = x[i&0x0f] ^ x[(i-14)&0x0f] \ - ^ x[(i-8)&0x0f] ^ x[(i-3)&0x0f] \ - , (x[i&0x0f] = (tm << 1) | (tm >> 31)) ) +#define M(I) ( tm = x[I&0x0f] ^ x[(I-14)&0x0f] \ + ^ x[(I-8)&0x0f] ^ x[(I-3)&0x0f] \ + , (x[I&0x0f] = rol(tm, 1)) ) -#define R(a,b,c,d,e,f,k,m) do { e += rol( a, 5 ) \ - + f( b, c, d ) \ - + k \ - + m; \ - b = rol( b, 30 ); \ +#define R(A,B,C,D,E,F,K,M) do { E += rol( A, 5 ) \ + + F( B, C, D ) \ + + K \ + + M; \ + B = rol( B, 30 ); \ } while(0) while (words < endp) { + md5_uint32 tm; int t; + /* FIXME: see sha1.c for a better implementation. */ for (t = 0; t < 16; t++) { x[t] = NOTSWAP (*words); words++; } - /* SHA1 Data expansion */ - for (t = 16; t < 80; t++) - { - md5_uint32 tmp = x[t - 3] ^ x[t - 8] ^ x[t - 14] ^ x[t - 16]; - x[t] = rol (tmp, 1); - } + R( a, b, c, d, e, F1, K1, x[ 0] ); + R( e, a, b, c, d, F1, K1, x[ 1] ); + R( d, e, a, b, c, F1, K1, x[ 2] ); + R( c, d, e, a, b, F1, K1, x[ 3] ); + R( b, c, d, e, a, F1, K1, x[ 4] ); + R( a, b, c, d, e, F1, K1, x[ 5] ); + R( e, a, b, c, d, F1, K1, x[ 6] ); + R( d, e, a, b, c, F1, K1, x[ 7] ); + R( c, d, e, a, b, F1, K1, x[ 8] ); + R( b, c, d, e, a, F1, K1, x[ 9] ); + R( a, b, c, d, e, F1, K1, x[10] ); + R( e, a, b, c, d, F1, K1, x[11] ); + R( d, e, a, b, c, F1, K1, x[12] ); + R( c, d, e, a, b, F1, K1, x[13] ); + R( b, c, d, e, a, F1, K1, x[14] ); + R( a, b, c, d, e, F1, K1, x[15] ); + R( e, a, b, c, d, F1, K1, M(16) ); + R( d, e, a, b, c, F1, K1, M(17) ); + R( c, d, e, a, b, F1, K1, M(18) ); + R( b, c, d, e, a, F1, K1, M(19) ); + R( a, b, c, d, e, F2, K2, M(20) ); + R( e, a, b, c, d, F2, K2, M(21) ); + R( d, e, a, b, c, F2, K2, M(22) ); + R( c, d, e, a, b, F2, K2, M(23) ); + R( b, c, d, e, a, F2, K2, M(24) ); + R( a, b, c, d, e, F2, K2, M(25) ); + R( e, a, b, c, d, F2, K2, M(26) ); + R( d, e, a, b, c, F2, K2, M(27) ); + R( c, d, e, a, b, F2, K2, M(28) ); + R( b, c, d, e, a, F2, K2, M(29) ); + R( a, b, c, d, e, F2, K2, M(30) ); + R( e, a, b, c, d, F2, K2, M(31) ); + R( d, e, a, b, c, F2, K2, M(32) ); + R( c, d, e, a, b, F2, K2, M(33) ); + R( b, c, d, e, a, F2, K2, M(34) ); + R( a, b, c, d, e, F2, K2, M(35) ); + R( e, a, b, c, d, F2, K2, M(36) ); + R( d, e, a, b, c, F2, K2, M(37) ); + R( c, d, e, a, b, F2, K2, M(38) ); + R( b, c, d, e, a, F2, K2, M(39) ); + R( a, b, c, d, e, F3, K3, M(40) ); + R( e, a, b, c, d, F3, K3, M(41) ); + R( d, e, a, b, c, F3, K3, M(42) ); + R( c, d, e, a, b, F3, K3, M(43) ); + R( b, c, d, e, a, F3, K3, M(44) ); + R( a, b, c, d, e, F3, K3, M(45) ); + R( e, a, b, c, d, F3, K3, M(46) ); + R( d, e, a, b, c, F3, K3, M(47) ); + R( c, d, e, a, b, F3, K3, M(48) ); + R( b, c, d, e, a, F3, K3, M(49) ); + R( a, b, c, d, e, F3, K3, M(50) ); + R( e, a, b, c, d, F3, K3, M(51) ); + R( d, e, a, b, c, F3, K3, M(52) ); + R( c, d, e, a, b, F3, K3, M(53) ); + R( b, c, d, e, a, F3, K3, M(54) ); + R( a, b, c, d, e, F3, K3, M(55) ); + R( e, a, b, c, d, F3, K3, M(56) ); + R( d, e, a, b, c, F3, K3, M(57) ); + R( c, d, e, a, b, F3, K3, M(58) ); + R( b, c, d, e, a, F3, K3, M(59) ); + R( a, b, c, d, e, F4, K4, M(60) ); + R( e, a, b, c, d, F4, K4, M(61) ); + R( d, e, a, b, c, F4, K4, M(62) ); + R( c, d, e, a, b, F4, K4, M(63) ); + R( b, c, d, e, a, F4, K4, M(64) ); + R( a, b, c, d, e, F4, K4, M(65) ); + R( e, a, b, c, d, F4, K4, M(66) ); + R( d, e, a, b, c, F4, K4, M(67) ); + R( c, d, e, a, b, F4, K4, M(68) ); + R( b, c, d, e, a, F4, K4, M(69) ); + R( a, b, c, d, e, F4, K4, M(70) ); + R( e, a, b, c, d, F4, K4, M(71) ); + R( d, e, a, b, c, F4, K4, M(72) ); + R( c, d, e, a, b, F4, K4, M(73) ); + R( b, c, d, e, a, F4, K4, M(74) ); + R( a, b, c, d, e, F4, K4, M(75) ); + R( e, a, b, c, d, F4, K4, M(76) ); + R( d, e, a, b, c, F4, K4, M(77) ); + R( c, d, e, a, b, F4, K4, M(78) ); + R( b, c, d, e, a, F4, K4, M(79) ); - /* SHA1 main loop (t=0 to 79) - This is broken down into four subloops in order to use - the correct round function and constant */ -#if 1 - for (t = 0; t < 20; t++) - { - md5_uint32 tmp = rol (a, 5) + F1 (b, c, d) + e + x[t] + K1; - e = d; - d = c; - c = rol (b, 30); - b = a; - a = tmp; - } -#else - -#endif - for (; t < 40; t++) - { - md5_uint32 tmp = rol (a, 5) + F2 (b, c, d) + e + x[t] + K2; - e = d; - d = c; - c = rol (b, 30); - b = a; - a = tmp; - } - for (; t < 60; t++) - { - md5_uint32 tmp = rol (a, 5) + F3 (b, c, d) + e + x[t] + K3; - e = d; - d = c; - c = rol (b, 30); - b = a; - a = tmp; - } - for (; t < 80; t++) - { - md5_uint32 tmp = rol (a, 5) + F2 (b, c, d) + e + x[t] + K4; - e = d; - d = c; - c = rol (b, 30); - b = a; - a = tmp; - } a = ctx->A += a; b = ctx->B += b; c = ctx->C += c;