2
* The contents of this file are subject to the Mozilla Public
3
* License Version 1.1 (the "License"); you may not use this file
4
* except in compliance with the License. You may obtain a copy of
5
* the License at http://www.mozilla.org/MPL/
7
* Software distributed under the License is distributed on an "AS
8
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9
* implied. See the License for the specific language governing
10
* rights and limitations under the License.
12
* The Original Code is SHA 180-1 Reference Implementation (Optimized)
14
* The Initial Developer of the Original Code is Paul Kocher of
15
* Cryptography Research. Portions created by Paul Kocher are
16
* Copyright (C) 1995-9 by Cryptography Research, Inc. All
23
* Alternatively, the contents of this file may be used under the
24
* terms of the GNU General Public License Version 2 or later (the
25
* "GPL"), in which case the provisions of the GPL are applicable
26
* instead of those above. If you wish to allow use of your
27
* version of this file only under the terms of the GPL and not to
28
* allow others to use your version of this file under the MPL,
29
* indicate your decision by deleting the provisions above and
30
* replace them with the notice and other provisions required by
31
* the GPL. If you do not delete the provisions above, a recipient
32
* may use your version of this file under either the MPL or the
45
#if defined(IS_LITTLE_ENDIAN) && defined(_MSC_VER) && defined(_X86_)
49
#define FORCEINLINE __forceinline
51
#define FORCEINLINE __inline
54
#define FASTCALL __fastcall
56
static FORCEINLINE PRUint32 FASTCALL
65
#define SHA_HTONL(x) swap4b(x)
68
static void shaCompress(SHA1Context *ctx);
73
#if defined(_MSC_VER) && defined(_X86_)
74
#pragma intrinsic (_lrotr, _lrotl)
75
#define SHA_ROTL(x,n) _lrotl(x,n)
77
#define SHA_ROTL(X,n) (((X) << (n)) | ((X) >> (32-(n))))
79
#define SHA_F1(X,Y,Z) ((((Y)^(Z))&(X))^(Z))
80
#define SHA_F2(X,Y,Z) ((X)^(Y)^(Z))
81
#define SHA_F3(X,Y,Z) (((X)&(Y))|((Z)&((X)|(Y))))
82
#define SHA_F4(X,Y,Z) ((X)^(Y)^(Z))
83
#define SHA_MIX(t) ctx->W[t] = \
84
(A = ctx->W[t-3] ^ ctx->W[t-8] ^ ctx->W[t-14] ^ ctx->W[t-16], SHA_ROTL(A, 1))
88
* SHA: Zeroize and initialize context
91
SHA1_Begin(SHA1Context *ctx)
93
memset(ctx, 0, sizeof(SHA1Context));
96
* Initialize H with constants from FIPS180-1.
98
ctx->H[0] = 0x67452301L;
99
ctx->H[1] = 0xefcdab89L;
100
ctx->H[2] = 0x98badcfeL;
101
ctx->H[3] = 0x10325476L;
102
ctx->H[4] = 0xc3d2e1f0L;
107
* SHA: Add data to context.
110
SHA1_Update(SHA1Context *ctx, const unsigned char *dataIn, unsigned int len)
112
register unsigned int lenB = ctx->sizeLo & 63;
113
register unsigned int togo;
118
/* accumulate the byte count. */
120
ctx->sizeHi += (ctx->sizeLo < len);
123
* Read the data into W and process blocks as they get full
129
memcpy(ctx->B + lenB, dataIn, togo);
132
lenB = (lenB + togo) & 63;
138
memcpy(ctx->B, dataIn, 64);
144
memcpy(ctx->B, dataIn, len);
150
* SHA: Generate hash value from context
153
SHA1_End(SHA1Context *ctx, unsigned char *hashout,
154
unsigned int *pDigestLen, unsigned int maxDigestLen)
156
register PRUint32 sizeHi, sizeLo, lenB;
157
static const unsigned char bulk_pad[64] = { 0x80,0,0,0,0,0,0,0,0,0,
158
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
159
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 };
162
PORT_Assert (maxDigestLen >= SHA1_LENGTH);
165
* Pad with a binary 1 (e.g. 0x80), then zeroes, then length in bits
167
sizeHi = ctx->sizeHi;
168
sizeLo = ctx->sizeLo;
170
SHA1_Update(ctx, bulk_pad, (((55+64) - lenB) & 63) + 1);
171
PORT_Assert((ctx->sizeLo & 63) == 56);
173
/* Convert size{Hi,Lo} from bytes to bits. */
174
sizeHi = (sizeHi << 3) | (sizeLo >> 29);
177
ctx->W[14] = SHA_HTONL(sizeHi);
178
ctx->W[15] = SHA_HTONL(sizeLo);
184
#if defined(IS_LITTLE_ENDIAN)
185
SHA_BYTESWAP(ctx->H[0]);
186
SHA_BYTESWAP(ctx->H[1]);
187
SHA_BYTESWAP(ctx->H[2]);
188
SHA_BYTESWAP(ctx->H[3]);
189
SHA_BYTESWAP(ctx->H[4]);
191
memcpy(hashout, ctx->H, SHA1_LENGTH);
192
*pDigestLen = SHA1_LENGTH;
195
* Re-initialize the context (also zeroizes contents)
203
* SHA: Compression function, unrolled.
206
shaCompress(SHA1Context *ctx)
208
register PRUint32 A, B, C, D, E;
210
#if defined(IS_LITTLE_ENDIAN)
211
SHA_BYTESWAP(ctx->W[0]);
212
SHA_BYTESWAP(ctx->W[1]);
213
SHA_BYTESWAP(ctx->W[2]);
214
SHA_BYTESWAP(ctx->W[3]);
215
SHA_BYTESWAP(ctx->W[4]);
216
SHA_BYTESWAP(ctx->W[5]);
217
SHA_BYTESWAP(ctx->W[6]);
218
SHA_BYTESWAP(ctx->W[7]);
219
SHA_BYTESWAP(ctx->W[8]);
220
SHA_BYTESWAP(ctx->W[9]);
221
SHA_BYTESWAP(ctx->W[10]);
222
SHA_BYTESWAP(ctx->W[11]);
223
SHA_BYTESWAP(ctx->W[12]);
224
SHA_BYTESWAP(ctx->W[13]);
225
SHA_BYTESWAP(ctx->W[14]);
226
SHA_BYTESWAP(ctx->W[15]);
230
* This can be moved into the main code block below, but doing
231
* so can cause some compilers to run out of registers and resort
232
* to storing intermediates in RAM.
235
SHA_MIX(16); SHA_MIX(17); SHA_MIX(18); SHA_MIX(19);
236
SHA_MIX(20); SHA_MIX(21); SHA_MIX(22); SHA_MIX(23); SHA_MIX(24);
237
SHA_MIX(25); SHA_MIX(26); SHA_MIX(27); SHA_MIX(28); SHA_MIX(29);
238
SHA_MIX(30); SHA_MIX(31); SHA_MIX(32); SHA_MIX(33); SHA_MIX(34);
239
SHA_MIX(35); SHA_MIX(36); SHA_MIX(37); SHA_MIX(38); SHA_MIX(39);
240
SHA_MIX(40); SHA_MIX(41); SHA_MIX(42); SHA_MIX(43); SHA_MIX(44);
241
SHA_MIX(45); SHA_MIX(46); SHA_MIX(47); SHA_MIX(48); SHA_MIX(49);
242
SHA_MIX(50); SHA_MIX(51); SHA_MIX(52); SHA_MIX(53); SHA_MIX(54);
243
SHA_MIX(55); SHA_MIX(56); SHA_MIX(57); SHA_MIX(58); SHA_MIX(59);
244
SHA_MIX(60); SHA_MIX(61); SHA_MIX(62); SHA_MIX(63); SHA_MIX(64);
245
SHA_MIX(65); SHA_MIX(66); SHA_MIX(67); SHA_MIX(68); SHA_MIX(69);
246
SHA_MIX(70); SHA_MIX(71); SHA_MIX(72); SHA_MIX(73); SHA_MIX(74);
247
SHA_MIX(75); SHA_MIX(76); SHA_MIX(77); SHA_MIX(78); SHA_MIX(79);
255
E = SHA_ROTL(A,5)+SHA_F1(B,C,D)+E+ctx->W[ 0]+0x5a827999L; B=SHA_ROTL(B,30);
256
D = SHA_ROTL(E,5)+SHA_F1(A,B,C)+D+ctx->W[ 1]+0x5a827999L; A=SHA_ROTL(A,30);
257
C = SHA_ROTL(D,5)+SHA_F1(E,A,B)+C+ctx->W[ 2]+0x5a827999L; E=SHA_ROTL(E,30);
258
B = SHA_ROTL(C,5)+SHA_F1(D,E,A)+B+ctx->W[ 3]+0x5a827999L; D=SHA_ROTL(D,30);
259
A = SHA_ROTL(B,5)+SHA_F1(C,D,E)+A+ctx->W[ 4]+0x5a827999L; C=SHA_ROTL(C,30);
260
E = SHA_ROTL(A,5)+SHA_F1(B,C,D)+E+ctx->W[ 5]+0x5a827999L; B=SHA_ROTL(B,30);
261
D = SHA_ROTL(E,5)+SHA_F1(A,B,C)+D+ctx->W[ 6]+0x5a827999L; A=SHA_ROTL(A,30);
262
C = SHA_ROTL(D,5)+SHA_F1(E,A,B)+C+ctx->W[ 7]+0x5a827999L; E=SHA_ROTL(E,30);
263
B = SHA_ROTL(C,5)+SHA_F1(D,E,A)+B+ctx->W[ 8]+0x5a827999L; D=SHA_ROTL(D,30);
264
A = SHA_ROTL(B,5)+SHA_F1(C,D,E)+A+ctx->W[ 9]+0x5a827999L; C=SHA_ROTL(C,30);
265
E = SHA_ROTL(A,5)+SHA_F1(B,C,D)+E+ctx->W[10]+0x5a827999L; B=SHA_ROTL(B,30);
266
D = SHA_ROTL(E,5)+SHA_F1(A,B,C)+D+ctx->W[11]+0x5a827999L; A=SHA_ROTL(A,30);
267
C = SHA_ROTL(D,5)+SHA_F1(E,A,B)+C+ctx->W[12]+0x5a827999L; E=SHA_ROTL(E,30);
268
B = SHA_ROTL(C,5)+SHA_F1(D,E,A)+B+ctx->W[13]+0x5a827999L; D=SHA_ROTL(D,30);
269
A = SHA_ROTL(B,5)+SHA_F1(C,D,E)+A+ctx->W[14]+0x5a827999L; C=SHA_ROTL(C,30);
270
E = SHA_ROTL(A,5)+SHA_F1(B,C,D)+E+ctx->W[15]+0x5a827999L; B=SHA_ROTL(B,30);
271
D = SHA_ROTL(E,5)+SHA_F1(A,B,C)+D+ctx->W[16]+0x5a827999L; A=SHA_ROTL(A,30);
272
C = SHA_ROTL(D,5)+SHA_F1(E,A,B)+C+ctx->W[17]+0x5a827999L; E=SHA_ROTL(E,30);
273
B = SHA_ROTL(C,5)+SHA_F1(D,E,A)+B+ctx->W[18]+0x5a827999L; D=SHA_ROTL(D,30);
274
A = SHA_ROTL(B,5)+SHA_F1(C,D,E)+A+ctx->W[19]+0x5a827999L; C=SHA_ROTL(C,30);
276
E = SHA_ROTL(A,5)+SHA_F2(B,C,D)+E+ctx->W[20]+0x6ed9eba1L; B=SHA_ROTL(B,30);
277
D = SHA_ROTL(E,5)+SHA_F2(A,B,C)+D+ctx->W[21]+0x6ed9eba1L; A=SHA_ROTL(A,30);
278
C = SHA_ROTL(D,5)+SHA_F2(E,A,B)+C+ctx->W[22]+0x6ed9eba1L; E=SHA_ROTL(E,30);
279
B = SHA_ROTL(C,5)+SHA_F2(D,E,A)+B+ctx->W[23]+0x6ed9eba1L; D=SHA_ROTL(D,30);
280
A = SHA_ROTL(B,5)+SHA_F2(C,D,E)+A+ctx->W[24]+0x6ed9eba1L; C=SHA_ROTL(C,30);
281
E = SHA_ROTL(A,5)+SHA_F2(B,C,D)+E+ctx->W[25]+0x6ed9eba1L; B=SHA_ROTL(B,30);
282
D = SHA_ROTL(E,5)+SHA_F2(A,B,C)+D+ctx->W[26]+0x6ed9eba1L; A=SHA_ROTL(A,30);
283
C = SHA_ROTL(D,5)+SHA_F2(E,A,B)+C+ctx->W[27]+0x6ed9eba1L; E=SHA_ROTL(E,30);
284
B = SHA_ROTL(C,5)+SHA_F2(D,E,A)+B+ctx->W[28]+0x6ed9eba1L; D=SHA_ROTL(D,30);
285
A = SHA_ROTL(B,5)+SHA_F2(C,D,E)+A+ctx->W[29]+0x6ed9eba1L; C=SHA_ROTL(C,30);
286
E = SHA_ROTL(A,5)+SHA_F2(B,C,D)+E+ctx->W[30]+0x6ed9eba1L; B=SHA_ROTL(B,30);
287
D = SHA_ROTL(E,5)+SHA_F2(A,B,C)+D+ctx->W[31]+0x6ed9eba1L; A=SHA_ROTL(A,30);
288
C = SHA_ROTL(D,5)+SHA_F2(E,A,B)+C+ctx->W[32]+0x6ed9eba1L; E=SHA_ROTL(E,30);
289
B = SHA_ROTL(C,5)+SHA_F2(D,E,A)+B+ctx->W[33]+0x6ed9eba1L; D=SHA_ROTL(D,30);
290
A = SHA_ROTL(B,5)+SHA_F2(C,D,E)+A+ctx->W[34]+0x6ed9eba1L; C=SHA_ROTL(C,30);
291
E = SHA_ROTL(A,5)+SHA_F2(B,C,D)+E+ctx->W[35]+0x6ed9eba1L; B=SHA_ROTL(B,30);
292
D = SHA_ROTL(E,5)+SHA_F2(A,B,C)+D+ctx->W[36]+0x6ed9eba1L; A=SHA_ROTL(A,30);
293
C = SHA_ROTL(D,5)+SHA_F2(E,A,B)+C+ctx->W[37]+0x6ed9eba1L; E=SHA_ROTL(E,30);
294
B = SHA_ROTL(C,5)+SHA_F2(D,E,A)+B+ctx->W[38]+0x6ed9eba1L; D=SHA_ROTL(D,30);
295
A = SHA_ROTL(B,5)+SHA_F2(C,D,E)+A+ctx->W[39]+0x6ed9eba1L; C=SHA_ROTL(C,30);
297
E = SHA_ROTL(A,5)+SHA_F3(B,C,D)+E+ctx->W[40]+0x8f1bbcdcL; B=SHA_ROTL(B,30);
298
D = SHA_ROTL(E,5)+SHA_F3(A,B,C)+D+ctx->W[41]+0x8f1bbcdcL; A=SHA_ROTL(A,30);
299
C = SHA_ROTL(D,5)+SHA_F3(E,A,B)+C+ctx->W[42]+0x8f1bbcdcL; E=SHA_ROTL(E,30);
300
B = SHA_ROTL(C,5)+SHA_F3(D,E,A)+B+ctx->W[43]+0x8f1bbcdcL; D=SHA_ROTL(D,30);
301
A = SHA_ROTL(B,5)+SHA_F3(C,D,E)+A+ctx->W[44]+0x8f1bbcdcL; C=SHA_ROTL(C,30);
302
E = SHA_ROTL(A,5)+SHA_F3(B,C,D)+E+ctx->W[45]+0x8f1bbcdcL; B=SHA_ROTL(B,30);
303
D = SHA_ROTL(E,5)+SHA_F3(A,B,C)+D+ctx->W[46]+0x8f1bbcdcL; A=SHA_ROTL(A,30);
304
C = SHA_ROTL(D,5)+SHA_F3(E,A,B)+C+ctx->W[47]+0x8f1bbcdcL; E=SHA_ROTL(E,30);
305
B = SHA_ROTL(C,5)+SHA_F3(D,E,A)+B+ctx->W[48]+0x8f1bbcdcL; D=SHA_ROTL(D,30);
306
A = SHA_ROTL(B,5)+SHA_F3(C,D,E)+A+ctx->W[49]+0x8f1bbcdcL; C=SHA_ROTL(C,30);
307
E = SHA_ROTL(A,5)+SHA_F3(B,C,D)+E+ctx->W[50]+0x8f1bbcdcL; B=SHA_ROTL(B,30);
308
D = SHA_ROTL(E,5)+SHA_F3(A,B,C)+D+ctx->W[51]+0x8f1bbcdcL; A=SHA_ROTL(A,30);
309
C = SHA_ROTL(D,5)+SHA_F3(E,A,B)+C+ctx->W[52]+0x8f1bbcdcL; E=SHA_ROTL(E,30);
310
B = SHA_ROTL(C,5)+SHA_F3(D,E,A)+B+ctx->W[53]+0x8f1bbcdcL; D=SHA_ROTL(D,30);
311
A = SHA_ROTL(B,5)+SHA_F3(C,D,E)+A+ctx->W[54]+0x8f1bbcdcL; C=SHA_ROTL(C,30);
312
E = SHA_ROTL(A,5)+SHA_F3(B,C,D)+E+ctx->W[55]+0x8f1bbcdcL; B=SHA_ROTL(B,30);
313
D = SHA_ROTL(E,5)+SHA_F3(A,B,C)+D+ctx->W[56]+0x8f1bbcdcL; A=SHA_ROTL(A,30);
314
C = SHA_ROTL(D,5)+SHA_F3(E,A,B)+C+ctx->W[57]+0x8f1bbcdcL; E=SHA_ROTL(E,30);
315
B = SHA_ROTL(C,5)+SHA_F3(D,E,A)+B+ctx->W[58]+0x8f1bbcdcL; D=SHA_ROTL(D,30);
316
A = SHA_ROTL(B,5)+SHA_F3(C,D,E)+A+ctx->W[59]+0x8f1bbcdcL; C=SHA_ROTL(C,30);
318
E = SHA_ROTL(A,5)+SHA_F4(B,C,D)+E+ctx->W[60]+0xca62c1d6L; B=SHA_ROTL(B,30);
319
D = SHA_ROTL(E,5)+SHA_F4(A,B,C)+D+ctx->W[61]+0xca62c1d6L; A=SHA_ROTL(A,30);
320
C = SHA_ROTL(D,5)+SHA_F4(E,A,B)+C+ctx->W[62]+0xca62c1d6L; E=SHA_ROTL(E,30);
321
B = SHA_ROTL(C,5)+SHA_F4(D,E,A)+B+ctx->W[63]+0xca62c1d6L; D=SHA_ROTL(D,30);
322
A = SHA_ROTL(B,5)+SHA_F4(C,D,E)+A+ctx->W[64]+0xca62c1d6L; C=SHA_ROTL(C,30);
323
E = SHA_ROTL(A,5)+SHA_F4(B,C,D)+E+ctx->W[65]+0xca62c1d6L; B=SHA_ROTL(B,30);
324
D = SHA_ROTL(E,5)+SHA_F4(A,B,C)+D+ctx->W[66]+0xca62c1d6L; A=SHA_ROTL(A,30);
325
C = SHA_ROTL(D,5)+SHA_F4(E,A,B)+C+ctx->W[67]+0xca62c1d6L; E=SHA_ROTL(E,30);
326
B = SHA_ROTL(C,5)+SHA_F4(D,E,A)+B+ctx->W[68]+0xca62c1d6L; D=SHA_ROTL(D,30);
327
A = SHA_ROTL(B,5)+SHA_F4(C,D,E)+A+ctx->W[69]+0xca62c1d6L; C=SHA_ROTL(C,30);
328
E = SHA_ROTL(A,5)+SHA_F4(B,C,D)+E+ctx->W[70]+0xca62c1d6L; B=SHA_ROTL(B,30);
329
D = SHA_ROTL(E,5)+SHA_F4(A,B,C)+D+ctx->W[71]+0xca62c1d6L; A=SHA_ROTL(A,30);
330
C = SHA_ROTL(D,5)+SHA_F4(E,A,B)+C+ctx->W[72]+0xca62c1d6L; E=SHA_ROTL(E,30);
331
B = SHA_ROTL(C,5)+SHA_F4(D,E,A)+B+ctx->W[73]+0xca62c1d6L; D=SHA_ROTL(D,30);
332
A = SHA_ROTL(B,5)+SHA_F4(C,D,E)+A+ctx->W[74]+0xca62c1d6L; C=SHA_ROTL(C,30);
333
E = SHA_ROTL(A,5)+SHA_F4(B,C,D)+E+ctx->W[75]+0xca62c1d6L; B=SHA_ROTL(B,30);
334
D = SHA_ROTL(E,5)+SHA_F4(A,B,C)+D+ctx->W[76]+0xca62c1d6L; A=SHA_ROTL(A,30);
335
C = SHA_ROTL(D,5)+SHA_F4(E,A,B)+C+ctx->W[77]+0xca62c1d6L; E=SHA_ROTL(E,30);
336
B = SHA_ROTL(C,5)+SHA_F4(D,E,A)+B+ctx->W[78]+0xca62c1d6L; D=SHA_ROTL(D,30);
337
A = SHA_ROTL(B,5)+SHA_F4(C,D,E)+A+ctx->W[79]+0xca62c1d6L; C=SHA_ROTL(C,30);
346
/*************************************************************************
347
** Code below this line added to make SHA code support BLAPI interface
351
SHA1_NewContext(void)
355
/* no need to ZNew, SHA1_Begin will init the context */
356
cx = PORT_New(SHA1Context);
361
SHA1_DestroyContext(SHA1Context *cx, PRBool freeit)
364
PORT_ZFree(cx, sizeof(SHA1Context));
369
SHA1_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
375
SHA1_Update(&ctx, src, src_length);
376
SHA1_End(&ctx, dest, &outLen, SHA1_LENGTH);
381
/* Hash a null-terminated character string. */
383
SHA1_Hash(unsigned char *dest, const char *src)
385
return SHA1_HashBuf(dest, (const unsigned char *)src, PORT_Strlen (src));
389
* need to support save/restore state in pkcs11. Stores all the info necessary
390
* for a structure into just a stream of bytes.
393
SHA1_FlattenSize(SHA1Context *cx)
395
return sizeof(SHA1Context);
399
SHA1_Flatten(SHA1Context *cx,unsigned char *space)
401
PORT_Memcpy(space,cx, sizeof(SHA1Context));
406
SHA1_Resurrect(unsigned char *space,void *arg)
408
SHA1Context *cx = SHA1_NewContext();
409
if (cx == NULL) return NULL;
411
PORT_Memcpy(cx,space, sizeof(SHA1Context));
416
SHA1_TraceState(SHA1Context *ctx)
423
int remainder; /* bytes in last word */
424
unsigned char buf[64 * 4];
426
SSL_TRC(99, ("%d: SSL: SHA1 state: %08x %08x %08x %08x %08x", SSL_GETPID(),
427
ctx->H[0], ctx->H[1], ctx->H[2], ctx->H[3], ctx->H[4]));
429
len = (int)(ctx->sizeLo & 63);
432
fixWord = len - remainder;
433
for (i = 0; i < len; i++) {
437
W <<= 8 * (4 - remainder);
440
buf[i] = (unsigned char)(W >> 24);
444
PRINT_BUF(99, (0, "SHA1_TraceState: buffered input", buf, len));
447
PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);