| OLD | NEW |
|---|
| (Empty) |
| 1 /* | |
| 2 * sha1.c | |
| 3 * | |
| 4 * an implementation of the Secure Hash Algorithm v.1 (SHA-1), | |
| 5 * specified in FIPS 180-1 | |
| 6 * | |
| 7 * David A. McGrew | |
| 8 * Cisco Systems, Inc. | |
| 9 */ | |
| 10 | |
| 11 /* | |
| 12 * | |
| 13 * Copyright (c) 2001-2006, Cisco Systems, Inc. | |
| 14 * All rights reserved. | |
| 15 * | |
| 16 * Redistribution and use in source and binary forms, with or without | |
| 17 * modification, are permitted provided that the following conditions | |
| 18 * are met: | |
| 19 * | |
| 20 * Redistributions of source code must retain the above copyright | |
| 21 * notice, this list of conditions and the following disclaimer. | |
| 22 * | |
| 23 * Redistributions in binary form must reproduce the above | |
| 24 * copyright notice, this list of conditions and the following | |
| 25 * disclaimer in the documentation and/or other materials provided | |
| 26 * with the distribution. | |
| 27 * | |
| 28 * Neither the name of the Cisco Systems, Inc. nor the names of its | |
| 29 * contributors may be used to endorse or promote products derived | |
| 30 * from this software without specific prior written permission. | |
| 31 * | |
| 32 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 33 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 34 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | |
| 35 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE | |
| 36 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
| 37 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
| 38 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
| 39 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
| 40 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
| 41 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| 42 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
| 43 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 44 * | |
| 45 */ | |
| 46 | |
| 47 #ifdef HAVE_CONFIG_H | |
| 48 #include <config.h> | |
| 49 #endif | |
| 50 | |
| 51 #include "sha1.h" | |
| 52 | |
| 53 debug_module_t mod_sha1 = { | |
| 54 0, /* debugging is off by default */ | |
| 55 "sha-1" /* printable module name */ | |
| 56 }; | |
| 57 | |
| 58 /* SN == Rotate left N bits */ | |
| 59 #define S1(X) ((X << 1) | (X >> 31)) | |
| 60 #define S5(X) ((X << 5) | (X >> 27)) | |
| 61 #define S30(X) ((X << 30) | (X >> 2)) | |
| 62 | |
| 63 #define f0(B,C,D) ((B & C) | (~B & D)) | |
| 64 #define f1(B,C,D) (B ^ C ^ D) | |
| 65 #define f2(B,C,D) ((B & C) | (B & D) | (C & D)) | |
| 66 #define f3(B,C,D) (B ^ C ^ D) | |
| 67 | |
| 68 /* | |
| 69 * nota bene: the variable K0 appears in the curses library, so we | |
| 70 * give longer names to these variables to avoid spurious warnings | |
| 71 * on systems that uses curses | |
| 72 */ | |
| 73 | |
| 74 uint32_t SHA_K0 = 0x5A827999; /* Kt for 0 <= t <= 19 */ | |
| 75 uint32_t SHA_K1 = 0x6ED9EBA1; /* Kt for 20 <= t <= 39 */ | |
| 76 uint32_t SHA_K2 = 0x8F1BBCDC; /* Kt for 40 <= t <= 59 */ | |
| 77 uint32_t SHA_K3 = 0xCA62C1D6; /* Kt for 60 <= t <= 79 */ | |
| 78 | |
| 79 void | |
| 80 sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) { | |
| 81 sha1_ctx_t ctx; | |
| 82 | |
| 83 sha1_init(&ctx); | |
| 84 sha1_update(&ctx, msg, octets_in_msg); | |
| 85 sha1_final(&ctx, hash_value); | |
| 86 | |
| 87 } | |
| 88 | |
| 89 /* | |
| 90 * sha1_core(M, H) computes the core compression function, where M is | |
| 91 * the next part of the message (in network byte order) and H is the | |
| 92 * intermediate state { H0, H1, ...} (in host byte order) | |
| 93 * | |
| 94 * this function does not do any of the padding required in the | |
| 95 * complete SHA1 function | |
| 96 * | |
| 97 * this function is used in the SEAL 3.0 key setup routines | |
| 98 * (crypto/cipher/seal.c) | |
| 99 */ | |
| 100 | |
| 101 void | |
| 102 sha1_core(const uint32_t M[16], uint32_t hash_value[5]) { | |
| 103 uint32_t H0; | |
| 104 uint32_t H1; | |
| 105 uint32_t H2; | |
| 106 uint32_t H3; | |
| 107 uint32_t H4; | |
| 108 uint32_t W[80]; | |
| 109 uint32_t A, B, C, D, E, TEMP; | |
| 110 int t; | |
| 111 | |
| 112 /* copy hash_value into H0, H1, H2, H3, H4 */ | |
| 113 H0 = hash_value[0]; | |
| 114 H1 = hash_value[1]; | |
| 115 H2 = hash_value[2]; | |
| 116 H3 = hash_value[3]; | |
| 117 H4 = hash_value[4]; | |
| 118 | |
| 119 /* copy/xor message into array */ | |
| 120 | |
| 121 W[0] = be32_to_cpu(M[0]); | |
| 122 W[1] = be32_to_cpu(M[1]); | |
| 123 W[2] = be32_to_cpu(M[2]); | |
| 124 W[3] = be32_to_cpu(M[3]); | |
| 125 W[4] = be32_to_cpu(M[4]); | |
| 126 W[5] = be32_to_cpu(M[5]); | |
| 127 W[6] = be32_to_cpu(M[6]); | |
| 128 W[7] = be32_to_cpu(M[7]); | |
| 129 W[8] = be32_to_cpu(M[8]); | |
| 130 W[9] = be32_to_cpu(M[9]); | |
| 131 W[10] = be32_to_cpu(M[10]); | |
| 132 W[11] = be32_to_cpu(M[11]); | |
| 133 W[12] = be32_to_cpu(M[12]); | |
| 134 W[13] = be32_to_cpu(M[13]); | |
| 135 W[14] = be32_to_cpu(M[14]); | |
| 136 W[15] = be32_to_cpu(M[15]); | |
| 137 TEMP = W[13] ^ W[8] ^ W[2] ^ W[0]; W[16] = S1(TEMP); | |
| 138 TEMP = W[14] ^ W[9] ^ W[3] ^ W[1]; W[17] = S1(TEMP); | |
| 139 TEMP = W[15] ^ W[10] ^ W[4] ^ W[2]; W[18] = S1(TEMP); | |
| 140 TEMP = W[16] ^ W[11] ^ W[5] ^ W[3]; W[19] = S1(TEMP); | |
| 141 TEMP = W[17] ^ W[12] ^ W[6] ^ W[4]; W[20] = S1(TEMP); | |
| 142 TEMP = W[18] ^ W[13] ^ W[7] ^ W[5]; W[21] = S1(TEMP); | |
| 143 TEMP = W[19] ^ W[14] ^ W[8] ^ W[6]; W[22] = S1(TEMP); | |
| 144 TEMP = W[20] ^ W[15] ^ W[9] ^ W[7]; W[23] = S1(TEMP); | |
| 145 TEMP = W[21] ^ W[16] ^ W[10] ^ W[8]; W[24] = S1(TEMP); | |
| 146 TEMP = W[22] ^ W[17] ^ W[11] ^ W[9]; W[25] = S1(TEMP); | |
| 147 TEMP = W[23] ^ W[18] ^ W[12] ^ W[10]; W[26] = S1(TEMP); | |
| 148 TEMP = W[24] ^ W[19] ^ W[13] ^ W[11]; W[27] = S1(TEMP); | |
| 149 TEMP = W[25] ^ W[20] ^ W[14] ^ W[12]; W[28] = S1(TEMP); | |
| 150 TEMP = W[26] ^ W[21] ^ W[15] ^ W[13]; W[29] = S1(TEMP); | |
| 151 TEMP = W[27] ^ W[22] ^ W[16] ^ W[14]; W[30] = S1(TEMP); | |
| 152 TEMP = W[28] ^ W[23] ^ W[17] ^ W[15]; W[31] = S1(TEMP); | |
| 153 | |
| 154 /* process the remainder of the array */ | |
| 155 for (t=32; t < 80; t++) { | |
| 156 TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]; | |
| 157 W[t] = S1(TEMP); | |
| 158 } | |
| 159 | |
| 160 A = H0; B = H1; C = H2; D = H3; E = H4; | |
| 161 | |
| 162 for (t=0; t < 20; t++) { | |
| 163 TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0; | |
| 164 E = D; D = C; C = S30(B); B = A; A = TEMP; | |
| 165 } | |
| 166 for ( ; t < 40; t++) { | |
| 167 TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1; | |
| 168 E = D; D = C; C = S30(B); B = A; A = TEMP; | |
| 169 } | |
| 170 for ( ; t < 60; t++) { | |
| 171 TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2; | |
| 172 E = D; D = C; C = S30(B); B = A; A = TEMP; | |
| 173 } | |
| 174 for ( ; t < 80; t++) { | |
| 175 TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3; | |
| 176 E = D; D = C; C = S30(B); B = A; A = TEMP; | |
| 177 } | |
| 178 | |
| 179 hash_value[0] = H0 + A; | |
| 180 hash_value[1] = H1 + B; | |
| 181 hash_value[2] = H2 + C; | |
| 182 hash_value[3] = H3 + D; | |
| 183 hash_value[4] = H4 + E; | |
| 184 | |
| 185 return; | |
| 186 } | |
| 187 | |
| 188 void | |
| 189 sha1_init(sha1_ctx_t *ctx) { | |
| 190 | |
| 191 /* initialize state vector */ | |
| 192 ctx->H[0] = 0x67452301; | |
| 193 ctx->H[1] = 0xefcdab89; | |
| 194 ctx->H[2] = 0x98badcfe; | |
| 195 ctx->H[3] = 0x10325476; | |
| 196 ctx->H[4] = 0xc3d2e1f0; | |
| 197 | |
| 198 /* indicate that message buffer is empty */ | |
| 199 ctx->octets_in_buffer = 0; | |
| 200 | |
| 201 /* reset message bit-count to zero */ | |
| 202 ctx->num_bits_in_msg = 0; | |
| 203 | |
| 204 } | |
| 205 | |
| 206 void | |
| 207 sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) { | |
| 208 int i; | |
| 209 uint8_t *buf = (uint8_t *)ctx->M; | |
| 210 | |
| 211 /* update message bit-count */ | |
| 212 ctx->num_bits_in_msg += octets_in_msg * 8; | |
| 213 | |
| 214 /* loop over 16-word blocks of M */ | |
| 215 while (octets_in_msg > 0) { | |
| 216 | |
| 217 if (octets_in_msg + ctx->octets_in_buffer >= 64) { | |
| 218 | |
| 219 /* | |
| 220 * copy words of M into msg buffer until that buffer is full, | |
| 221 * converting them into host byte order as needed | |
| 222 */ | |
| 223 octets_in_msg -= (64 - ctx->octets_in_buffer); | |
| 224 for (i=ctx->octets_in_buffer; i < 64; i++) | |
| 225 buf[i] = *msg++; | |
| 226 ctx->octets_in_buffer = 0; | |
| 227 | |
| 228 /* process a whole block */ | |
| 229 | |
| 230 debug_print(mod_sha1, "(update) running sha1_core()", NULL); | |
| 231 | |
| 232 sha1_core(ctx->M, ctx->H); | |
| 233 | |
| 234 } else { | |
| 235 | |
| 236 debug_print(mod_sha1, "(update) not running sha1_core()", NULL); | |
| 237 | |
| 238 for (i=ctx->octets_in_buffer; | |
| 239 i < (ctx->octets_in_buffer + octets_in_msg); i++) | |
| 240 buf[i] = *msg++; | |
| 241 ctx->octets_in_buffer += octets_in_msg; | |
| 242 octets_in_msg = 0; | |
| 243 } | |
| 244 | |
| 245 } | |
| 246 | |
| 247 } | |
| 248 | |
| 249 /* | |
| 250 * sha1_final(ctx, output) computes the result for ctx and copies it | |
| 251 * into the twenty octets located at *output | |
| 252 */ | |
| 253 | |
| 254 void | |
| 255 sha1_final(sha1_ctx_t *ctx, uint32_t *output) { | |
| 256 uint32_t A, B, C, D, E, TEMP; | |
| 257 uint32_t W[80]; | |
| 258 int i, t; | |
| 259 | |
| 260 /* | |
| 261 * process the remaining octets_in_buffer, padding and terminating as | |
| 262 * necessary | |
| 263 */ | |
| 264 { | |
| 265 int tail = ctx->octets_in_buffer % 4; | |
| 266 | |
| 267 /* copy/xor message into array */ | |
| 268 for (i=0; i < (ctx->octets_in_buffer+3)/4; i++) | |
| 269 W[i] = be32_to_cpu(ctx->M[i]); | |
| 270 | |
| 271 /* set the high bit of the octet immediately following the message */ | |
| 272 switch (tail) { | |
| 273 case (3): | |
| 274 W[i-1] = (be32_to_cpu(ctx->M[i-1]) & 0xffffff00) | 0x80; | |
| 275 W[i] = 0x0; | |
| 276 break; | |
| 277 case (2): | |
| 278 W[i-1] = (be32_to_cpu(ctx->M[i-1]) & 0xffff0000) | 0x8000; | |
| 279 W[i] = 0x0; | |
| 280 break; | |
| 281 case (1): | |
| 282 W[i-1] = (be32_to_cpu(ctx->M[i-1]) & 0xff000000) | 0x800000; | |
| 283 W[i] = 0x0; | |
| 284 break; | |
| 285 case (0): | |
| 286 W[i] = 0x80000000; | |
| 287 break; | |
| 288 } | |
| 289 | |
| 290 /* zeroize remaining words */ | |
| 291 for (i++ ; i < 15; i++) | |
| 292 W[i] = 0x0; | |
| 293 | |
| 294 /* | |
| 295 * if there is room at the end of the word array, then set the | |
| 296 * last word to the bit-length of the message; otherwise, set that | |
| 297 * word to zero and then we need to do one more run of the | |
| 298 * compression algo. | |
| 299 */ | |
| 300 if (ctx->octets_in_buffer < 56) | |
| 301 W[15] = ctx->num_bits_in_msg; | |
| 302 else if (ctx->octets_in_buffer < 60) | |
| 303 W[15] = 0x0; | |
| 304 | |
| 305 /* process the word array */ | |
| 306 for (t=16; t < 80; t++) { | |
| 307 TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]; | |
| 308 W[t] = S1(TEMP); | |
| 309 } | |
| 310 | |
| 311 A = ctx->H[0]; | |
| 312 B = ctx->H[1]; | |
| 313 C = ctx->H[2]; | |
| 314 D = ctx->H[3]; | |
| 315 E = ctx->H[4]; | |
| 316 | |
| 317 for (t=0; t < 20; t++) { | |
| 318 TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0; | |
| 319 E = D; D = C; C = S30(B); B = A; A = TEMP; | |
| 320 } | |
| 321 for ( ; t < 40; t++) { | |
| 322 TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1; | |
| 323 E = D; D = C; C = S30(B); B = A; A = TEMP; | |
| 324 } | |
| 325 for ( ; t < 60; t++) { | |
| 326 TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2; | |
| 327 E = D; D = C; C = S30(B); B = A; A = TEMP; | |
| 328 } | |
| 329 for ( ; t < 80; t++) { | |
| 330 TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3; | |
| 331 E = D; D = C; C = S30(B); B = A; A = TEMP; | |
| 332 } | |
| 333 | |
| 334 ctx->H[0] += A; | |
| 335 ctx->H[1] += B; | |
| 336 ctx->H[2] += C; | |
| 337 ctx->H[3] += D; | |
| 338 ctx->H[4] += E; | |
| 339 | |
| 340 } | |
| 341 | |
| 342 debug_print(mod_sha1, "(final) running sha1_core()", NULL); | |
| 343 | |
| 344 if (ctx->octets_in_buffer >= 56) { | |
| 345 | |
| 346 debug_print(mod_sha1, "(final) running sha1_core() again", NULL); | |
| 347 | |
| 348 /* we need to do one final run of the compression algo */ | |
| 349 | |
| 350 /* | |
| 351 * set initial part of word array to zeros, and set the | |
| 352 * final part to the number of bits in the message | |
| 353 */ | |
| 354 for (i=0; i < 15; i++) | |
| 355 W[i] = 0x0; | |
| 356 W[15] = ctx->num_bits_in_msg; | |
| 357 | |
| 358 /* process the word array */ | |
| 359 for (t=16; t < 80; t++) { | |
| 360 TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]; | |
| 361 W[t] = S1(TEMP); | |
| 362 } | |
| 363 | |
| 364 A = ctx->H[0]; | |
| 365 B = ctx->H[1]; | |
| 366 C = ctx->H[2]; | |
| 367 D = ctx->H[3]; | |
| 368 E = ctx->H[4]; | |
| 369 | |
| 370 for (t=0; t < 20; t++) { | |
| 371 TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0; | |
| 372 E = D; D = C; C = S30(B); B = A; A = TEMP; | |
| 373 } | |
| 374 for ( ; t < 40; t++) { | |
| 375 TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1; | |
| 376 E = D; D = C; C = S30(B); B = A; A = TEMP; | |
| 377 } | |
| 378 for ( ; t < 60; t++) { | |
| 379 TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2; | |
| 380 E = D; D = C; C = S30(B); B = A; A = TEMP; | |
| 381 } | |
| 382 for ( ; t < 80; t++) { | |
| 383 TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3; | |
| 384 E = D; D = C; C = S30(B); B = A; A = TEMP; | |
| 385 } | |
| 386 | |
| 387 ctx->H[0] += A; | |
| 388 ctx->H[1] += B; | |
| 389 ctx->H[2] += C; | |
| 390 ctx->H[3] += D; | |
| 391 ctx->H[4] += E; | |
| 392 } | |
| 393 | |
| 394 /* copy result into output buffer */ | |
| 395 output[0] = be32_to_cpu(ctx->H[0]); | |
| 396 output[1] = be32_to_cpu(ctx->H[1]); | |
| 397 output[2] = be32_to_cpu(ctx->H[2]); | |
| 398 output[3] = be32_to_cpu(ctx->H[3]); | |
| 399 output[4] = be32_to_cpu(ctx->H[4]); | |
| 400 | |
| 401 /* indicate that message buffer in context is empty */ | |
| 402 ctx->octets_in_buffer = 0; | |
| 403 | |
| 404 return; | |
| 405 } | |
| 406 | |
| 407 | |
| 408 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2344973002:
Update libsrtp to version 2.0 (Closed)
