49
49
#include "macros.h"
50
50
#include "nettle-write.h"
52
/* A block, treated as a sequence of 32-bit words. */
53
#define SHA1_DATA_LENGTH 16
55
/* SHA initial values */
57
#define h0init 0x67452301L
58
#define h1init 0xEFCDAB89L
59
#define h2init 0x98BADCFEL
60
#define h3init 0x10325476L
61
#define h4init 0xC3D2E1F0L
63
52
/* Initialize the SHA values */
66
54
sha1_init(struct sha1_ctx *ctx)
68
/* Set the h-vars to their initial values */
69
ctx->digest[ 0 ] = h0init;
70
ctx->digest[ 1 ] = h1init;
71
ctx->digest[ 2 ] = h2init;
72
ctx->digest[ 3 ] = h3init;
73
ctx->digest[ 4 ] = h4init;
56
/* FIXME: Put the buffer last in the struct, and arrange so that we
57
can initialize with a single memcpy. */
58
static const uint32_t iv[_SHA1_DIGEST_LENGTH] =
60
/* SHA initial values */
75
/* Initialize bit count */
68
memcpy(ctx->state, iv, sizeof(ctx->state));
76
69
ctx->count_low = ctx->count_high = 0;
78
71
/* Initialize buffer */
82
#define SHA1_INCR(ctx) ((ctx)->count_high += !++(ctx)->count_low)
75
#define COMPRESS(ctx, data) (_nettle_sha1_compress((ctx)->state, data))
85
78
sha1_update(struct sha1_ctx *ctx,
86
unsigned length, const uint8_t *buffer)
79
unsigned length, const uint8_t *data)
89
{ /* Try to fill partial block */
90
unsigned left = SHA1_DATA_SIZE - ctx->index;
93
memcpy(ctx->block + ctx->index, buffer, length);
95
return; /* Finished */
99
memcpy(ctx->block + ctx->index, buffer, left);
101
_nettle_sha1_compress(ctx->digest, ctx->block);
108
while (length >= SHA1_DATA_SIZE)
110
_nettle_sha1_compress(ctx->digest, buffer);
113
buffer += SHA1_DATA_SIZE;
114
length -= SHA1_DATA_SIZE;
116
if ((ctx->index = length)) /* This assignment is intended */
117
/* Buffer leftovers */
118
memcpy(ctx->block, buffer, length);
81
MD_UPDATE (ctx, length, data, COMPRESS, MD_INCR(ctx));
121
/* Final wrapup - pad to SHA1_DATA_SIZE-byte boundary with the bit pattern
122
1 0* (64-bit count of bits processed, MSB-first) */
125
sha1_final(struct sha1_ctx *ctx)
127
uint32_t bitcount_high;
128
uint32_t bitcount_low;
133
/* Set the first char of padding to 0x80. This is safe since there is
134
always at least one byte free */
136
assert(i < SHA1_DATA_SIZE);
137
ctx->block[i++] = 0x80;
139
if (i > (SHA1_DATA_SIZE - 8))
140
{ /* No room for length in this block. Process it and
141
pad with another one */
142
memset(ctx->block + i, 0, SHA1_DATA_SIZE - i);
144
_nettle_sha1_compress(ctx->digest, ctx->block);
147
if (i < (SHA1_DATA_SIZE - 8))
148
memset(ctx->block + i, 0, (SHA1_DATA_SIZE - 8) - i);
150
/* There are 512 = 2^9 bits in one block */
151
bitcount_high = (ctx->count_high << 9) | (ctx->count_low >> 23);
152
bitcount_low = (ctx->count_low << 9) | (ctx->index << 3);
154
/* This is slightly inefficient, as the numbers are converted to
155
big-endian format, and will be converted back by the compression
156
function. It's probably not worth the effort to fix this. */
157
WRITE_UINT32(ctx->block + (SHA1_DATA_SIZE - 8), bitcount_high);
158
WRITE_UINT32(ctx->block + (SHA1_DATA_SIZE - 4), bitcount_low);
160
_nettle_sha1_compress(ctx->digest, ctx->block);
164
85
sha1_digest(struct sha1_ctx *ctx,
168
91
assert(length <= SHA1_DIGEST_SIZE);
171
_nettle_write_be32(length, digest, ctx->digest);
93
MD_PAD(ctx, 8, COMPRESS);
95
/* There are 512 = 2^9 bits in one block */
96
high = (ctx->count_high << 9) | (ctx->count_low >> 23);
97
low = (ctx->count_low << 9) | (ctx->index << 3);
99
/* append the 64 bit count */
100
WRITE_UINT32(ctx->block + (SHA1_DATA_SIZE - 8), high);
101
WRITE_UINT32(ctx->block + (SHA1_DATA_SIZE - 4), low);
102
_nettle_sha1_compress(ctx->state, ctx->block);
104
_nettle_write_be32(length, digest, ctx->state);