1
1
/* sha1.c - Functions to compute SHA1 message digest of files or
2
2
memory blocks according to the NIST specification FIPS-180-1.
4
Copyright (C) 2000, 2001, 2003, 2004, 2005 Free Software Foundation, Inc.
4
Copyright (C) 2000, 2001, 2003, 2004, 2005, 2006, 2008 Free Software
6
7
This program is free software; you can redistribute it and/or modify it
7
8
under the terms of the GNU General Public License as published by the
55
51
static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
59
Takes a pointer to a 160 bit block of data (five 32 bit ints) and
60
intializes it to the start constants of the SHA1 algorithm. This
61
must be called before using hash in the call to sha1_hash.
54
/* Take a pointer to a 160 bit block of data (five 32 bit ints) and
55
initialize it to the start constants of the SHA1 algorithm. This
56
must be called before using hash in the call to sha1_hash. */
64
58
sha1_init_ctx (struct sha1_ctx *ctx)
77
71
must be in little endian byte order.
79
73
IMPORTANT: On some systems it is required that RESBUF is correctly
80
aligned for a 32 bits value. */
74
aligned for a 32-bit value. */
82
76
sha1_read_ctx (const struct sha1_ctx *ctx, void *resbuf)
84
((md5_uint32 *) resbuf)[0] = SWAP (ctx->A);
85
((md5_uint32 *) resbuf)[1] = SWAP (ctx->B);
86
((md5_uint32 *) resbuf)[2] = SWAP (ctx->C);
87
((md5_uint32 *) resbuf)[3] = SWAP (ctx->D);
88
((md5_uint32 *) resbuf)[4] = SWAP (ctx->E);
78
((sha1_uint32 *) resbuf)[0] = SWAP (ctx->A);
79
((sha1_uint32 *) resbuf)[1] = SWAP (ctx->B);
80
((sha1_uint32 *) resbuf)[2] = SWAP (ctx->C);
81
((sha1_uint32 *) resbuf)[3] = SWAP (ctx->D);
82
((sha1_uint32 *) resbuf)[4] = SWAP (ctx->E);
94
88
prolog according to the standard and write the result to RESBUF.
96
90
IMPORTANT: On some systems it is required that RESBUF is correctly
97
aligned for a 32 bits value. */
91
aligned for a 32-bit value. */
99
93
sha1_finish_ctx (struct sha1_ctx *ctx, void *resbuf)
101
95
/* Take yet unprocessed bytes into account. */
102
md5_uint32 bytes = ctx->buflen;
96
sha1_uint32 bytes = ctx->buflen;
97
size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4;
105
99
/* Now count remaining bytes. */
106
100
ctx->total[0] += bytes;
107
101
if (ctx->total[0] < bytes)
110
pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes;
111
memcpy (&ctx->buffer[bytes], fillbuf, pad);
113
104
/* Put the 64-bit file length in *bits* at the end of the buffer. */
114
*(md5_uint32 *) &ctx->buffer[bytes + pad + 4] = SWAP (ctx->total[0] << 3);
115
*(md5_uint32 *) &ctx->buffer[bytes + pad] = SWAP ((ctx->total[1] << 3) |
116
(ctx->total[0] >> 29));
105
ctx->buffer[size - 2] = SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29));
106
ctx->buffer[size - 1] = SWAP (ctx->total[0] << 3);
108
memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes);
118
110
/* Process last bytes. */
119
sha1_process_block (ctx->buffer, bytes + pad + 8, ctx);
111
sha1_process_block (ctx->buffer, size * 4, ctx);
121
113
return sha1_read_ctx (ctx, resbuf);
190
/* Compute MD5 message digest for LEN bytes beginning at BUFFER. The
182
/* Compute SHA1 message digest for LEN bytes beginning at BUFFER. The
191
183
result is always in little endian byte order, so that a byte-wise
192
184
output yields to the wanted ASCII representation of the message
216
208
size_t left_over = ctx->buflen;
217
209
size_t add = 128 - left_over > len ? len : 128 - left_over;
219
memcpy (&ctx->buffer[left_over], buffer, add);
211
memcpy (&((char *) ctx->buffer)[left_over], buffer, add);
220
212
ctx->buflen += add;
222
214
if (ctx->buflen > 64)
226
218
ctx->buflen &= 63;
227
219
/* The regions in the following copy operation cannot overlap. */
228
memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~63],
221
&((char *) ctx->buffer)[(left_over + add) & ~63],
239
232
#if !_STRING_ARCH_unaligned
240
233
# define alignof(type) offsetof (struct { char c; type x; }, x)
241
# define UNALIGNED_P(p) (((size_t) p) % alignof (md5_uint32) != 0)
234
# define UNALIGNED_P(p) (((size_t) p) % alignof (sha1_uint32) != 0)
242
235
if (UNALIGNED_P (buffer))
261
254
size_t left_over = ctx->buflen;
263
memcpy (&ctx->buffer[left_over], buffer, len);
256
memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
264
257
left_over += len;
265
258
if (left_over >= 64)
267
260
sha1_process_block (ctx->buffer, 64, ctx);
269
memcpy (ctx->buffer, &ctx->buffer[64], left_over);
262
memcpy (ctx->buffer, &ctx->buffer[16], left_over);
271
264
ctx->buflen = left_over;
275
268
/* --- Code below is the primary difference between md5.c and sha1.c --- */
277
270
/* SHA1 round constants */
278
#define K1 0x5a827999L
279
#define K2 0x6ed9eba1L
280
#define K3 0x8f1bbcdcL
281
#define K4 0xca62c1d6L
271
#define K1 0x5a827999
272
#define K2 0x6ed9eba1
273
#define K3 0x8f1bbcdc
274
#define K4 0xca62c1d6
283
276
/* Round functions. Note that F2 is the same as F4. */
284
277
#define F1(B,C,D) ( D ^ ( B & ( C ^ D ) ) )
294
287
sha1_process_block (const void *buffer, size_t len, struct sha1_ctx *ctx)
296
const md5_uint32 *words = buffer;
297
size_t nwords = len / sizeof (md5_uint32);
298
const md5_uint32 *endp = words + nwords;
300
md5_uint32 a = ctx->A;
301
md5_uint32 b = ctx->B;
302
md5_uint32 c = ctx->C;
303
md5_uint32 d = ctx->D;
304
md5_uint32 e = ctx->E;
289
const sha1_uint32 *words = (const sha1_uint32*) buffer;
290
size_t nwords = len / sizeof (sha1_uint32);
291
const sha1_uint32 *endp = words + nwords;
293
sha1_uint32 a = ctx->A;
294
sha1_uint32 b = ctx->B;
295
sha1_uint32 c = ctx->C;
296
sha1_uint32 d = ctx->D;
297
sha1_uint32 e = ctx->E;
306
299
/* First increment the byte count. RFC 1321 specifies the possible
307
300
length of the file up to 2^64 bits. Here we only compute the
310
303
if (ctx->total[0] < len)
313
#define rol(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
306
#define rol(x, n) (((x) << (n)) | ((sha1_uint32) (x) >> (32 - (n))))
315
308
#define M(I) ( tm = x[I&0x0f] ^ x[(I-14)&0x0f] \
316
309
^ x[(I-8)&0x0f] ^ x[(I-3)&0x0f] \