1
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
3
* LibTomCrypt is a library that provides various cryptographic
4
* algorithms in a highly modular and flexible manner.
6
* The library is free for all purposes without any express
9
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
12
/* SHA1 code by Tom St Denis */
17
const struct _hash_descriptor sha1_desc =
27
{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E,
28
0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14 },
38
#define F0(x,y,z) (z ^ (x & (y ^ z)))
39
#define F1(x,y,z) (x ^ y ^ z)
40
#define F2(x,y,z) ((x & y) | (z & (x | y)))
41
#define F3(x,y,z) (x ^ y ^ z)
44
static int _sha1_compress(hash_state *md, unsigned char *buf)
46
static int sha1_compress(hash_state *md, unsigned char *buf)
49
ulong32 a,b,c,d,e,W[80],i;
54
/* copy the state into 512-bits into W[0..15] */
55
for (i = 0; i < 16; i++) {
56
LOAD32H(W[i], buf + (4*i));
60
a = md->sha1.state[0];
61
b = md->sha1.state[1];
62
c = md->sha1.state[2];
63
d = md->sha1.state[3];
64
e = md->sha1.state[4];
67
for (i = 16; i < 80; i++) {
68
W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1);
73
#define FF0(a,b,c,d,e,i) e = (ROL(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROL(b, 30);
74
#define FF1(a,b,c,d,e,i) e = (ROL(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROL(b, 30);
75
#define FF2(a,b,c,d,e,i) e = (ROL(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROL(b, 30);
76
#define FF3(a,b,c,d,e,i) e = (ROL(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROL(b, 30);
80
for (i = 0; i < 20; ) {
81
FF0(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
85
FF1(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
89
FF2(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
93
FF3(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
98
for (i = 0; i < 20; ) {
140
md->sha1.state[0] = md->sha1.state[0] + a;
141
md->sha1.state[1] = md->sha1.state[1] + b;
142
md->sha1.state[2] = md->sha1.state[2] + c;
143
md->sha1.state[3] = md->sha1.state[3] + d;
144
md->sha1.state[4] = md->sha1.state[4] + e;
150
static int sha1_compress(hash_state *md, unsigned char *buf)
153
err = _sha1_compress(md, buf);
154
burn_stack(sizeof(ulong32) * 87);
159
int sha1_init(hash_state * md)
162
md->sha1.state[0] = 0x67452301UL;
163
md->sha1.state[1] = 0xefcdab89UL;
164
md->sha1.state[2] = 0x98badcfeUL;
165
md->sha1.state[3] = 0x10325476UL;
166
md->sha1.state[4] = 0xc3d2e1f0UL;
172
HASH_PROCESS(sha1_process, sha1_compress, sha1, 64)
174
int sha1_done(hash_state * md, unsigned char *hash)
179
_ARGCHK(hash != NULL);
181
if (md->sha1.curlen >= sizeof(md->sha1.buf)) {
182
return CRYPT_INVALID_ARG;
185
/* increase the length of the message */
186
md->sha1.length += md->sha1.curlen * 8;
188
/* append the '1' bit */
189
md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80;
191
/* if the length is currently above 56 bytes we append zeros
192
* then compress. Then we can fall back to padding zeros and length
193
* encoding like normal.
195
if (md->sha1.curlen > 56) {
196
while (md->sha1.curlen < 64) {
197
md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
199
sha1_compress(md, md->sha1.buf);
203
/* pad upto 56 bytes of zeroes */
204
while (md->sha1.curlen < 56) {
205
md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
209
STORE64H(md->sha1.length, md->sha1.buf+56);
210
sha1_compress(md, md->sha1.buf);
213
for (i = 0; i < 5; i++) {
214
STORE32H(md->sha1.state[i], hash+(4*i));
217
zeromem(md, sizeof(hash_state));
227
static const struct {
229
unsigned char hash[20];
232
{ 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a,
233
0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c,
234
0x9c, 0xd0, 0xd8, 0x9d }
236
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
237
{ 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E,
238
0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5,
239
0xE5, 0x46, 0x70, 0xF1 }
244
unsigned char tmp[20];
247
for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
249
sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
251
if (memcmp(tmp, tests[i].hash, 20) != 0) {
252
return CRYPT_FAIL_TESTVECTOR;