OpenWrt – Blame information for rev 4

Subversion Repositories:
Rev:
Rev Author Line No. Line
4 office 1 /*
2 * FIPS-180-1 compliant SHA-1 implementation
3 *
4 * Copyright (C) 2003-2006 Christophe Devine
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License, version 2.1 as published by the Free Software Foundation.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
18 * MA 02110-1301 USA
19 */
20 /*
21 * The SHA-1 standard was published by NIST in 1993.
22 *
23 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
24 */
25  
26 #ifndef _CRT_SECURE_NO_DEPRECATE
27 #define _CRT_SECURE_NO_DEPRECATE 1
28 #endif
29  
30 #include <string.h>
31 #include <stdio.h>
32  
33 #include "sha1.h"
34  
35 /*
36 * 32-bit integer manipulation macros (big endian)
37 */
38 #ifndef GET_UINT32_BE
39 #define GET_UINT32_BE(n,b,i) \
40 { \
41 (n) = ( (ulong) (b)[(i) ] << 24 ) \
42 | ( (ulong) (b)[(i) + 1] << 16 ) \
43 | ( (ulong) (b)[(i) + 2] << 8 ) \
44 | ( (ulong) (b)[(i) + 3] ); \
45 }
46 #endif
47 #ifndef PUT_UINT32_BE
48 #define PUT_UINT32_BE(n,b,i) \
49 { \
50 (b)[(i) ] = (uchar) ( (n) >> 24 ); \
51 (b)[(i) + 1] = (uchar) ( (n) >> 16 ); \
52 (b)[(i) + 2] = (uchar) ( (n) >> 8 ); \
53 (b)[(i) + 3] = (uchar) ( (n) ); \
54 }
55 #endif
56  
57 /*
58 * Core SHA-1 functions
59 */
60 void sha1_starts( sha1_context *ctx )
61 {
62 ctx->total[0] = 0;
63 ctx->total[1] = 0;
64  
65 ctx->state[0] = 0x67452301;
66 ctx->state[1] = 0xEFCDAB89;
67 ctx->state[2] = 0x98BADCFE;
68 ctx->state[3] = 0x10325476;
69 ctx->state[4] = 0xC3D2E1F0;
70 }
71  
72 void sha1_process( sha1_context *ctx, uchar data[64] )
73 {
74 ulong temp, W[16], A, B, C, D, E;
75  
76 GET_UINT32_BE( W[0], data, 0 );
77 GET_UINT32_BE( W[1], data, 4 );
78 GET_UINT32_BE( W[2], data, 8 );
79 GET_UINT32_BE( W[3], data, 12 );
80 GET_UINT32_BE( W[4], data, 16 );
81 GET_UINT32_BE( W[5], data, 20 );
82 GET_UINT32_BE( W[6], data, 24 );
83 GET_UINT32_BE( W[7], data, 28 );
84 GET_UINT32_BE( W[8], data, 32 );
85 GET_UINT32_BE( W[9], data, 36 );
86 GET_UINT32_BE( W[10], data, 40 );
87 GET_UINT32_BE( W[11], data, 44 );
88 GET_UINT32_BE( W[12], data, 48 );
89 GET_UINT32_BE( W[13], data, 52 );
90 GET_UINT32_BE( W[14], data, 56 );
91 GET_UINT32_BE( W[15], data, 60 );
92  
93 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
94  
95 #define R(t) \
96 ( \
97 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
98 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
99 ( W[t & 0x0F] = S(temp,1) ) \
100 )
101  
102 #define P(a,b,c,d,e,x) \
103 { \
104 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
105 }
106  
107 A = ctx->state[0];
108 B = ctx->state[1];
109 C = ctx->state[2];
110 D = ctx->state[3];
111 E = ctx->state[4];
112  
113 #define F(x,y,z) (z ^ (x & (y ^ z)))
114 #define K 0x5A827999
115  
116 P( A, B, C, D, E, W[0] );
117 P( E, A, B, C, D, W[1] );
118 P( D, E, A, B, C, W[2] );
119 P( C, D, E, A, B, W[3] );
120 P( B, C, D, E, A, W[4] );
121 P( A, B, C, D, E, W[5] );
122 P( E, A, B, C, D, W[6] );
123 P( D, E, A, B, C, W[7] );
124 P( C, D, E, A, B, W[8] );
125 P( B, C, D, E, A, W[9] );
126 P( A, B, C, D, E, W[10] );
127 P( E, A, B, C, D, W[11] );
128 P( D, E, A, B, C, W[12] );
129 P( C, D, E, A, B, W[13] );
130 P( B, C, D, E, A, W[14] );
131 P( A, B, C, D, E, W[15] );
132 P( E, A, B, C, D, R(16) );
133 P( D, E, A, B, C, R(17) );
134 P( C, D, E, A, B, R(18) );
135 P( B, C, D, E, A, R(19) );
136  
137 #undef K
138 #undef F
139  
140 #define F(x,y,z) (x ^ y ^ z)
141 #define K 0x6ED9EBA1
142  
143 P( A, B, C, D, E, R(20) );
144 P( E, A, B, C, D, R(21) );
145 P( D, E, A, B, C, R(22) );
146 P( C, D, E, A, B, R(23) );
147 P( B, C, D, E, A, R(24) );
148 P( A, B, C, D, E, R(25) );
149 P( E, A, B, C, D, R(26) );
150 P( D, E, A, B, C, R(27) );
151 P( C, D, E, A, B, R(28) );
152 P( B, C, D, E, A, R(29) );
153 P( A, B, C, D, E, R(30) );
154 P( E, A, B, C, D, R(31) );
155 P( D, E, A, B, C, R(32) );
156 P( C, D, E, A, B, R(33) );
157 P( B, C, D, E, A, R(34) );
158 P( A, B, C, D, E, R(35) );
159 P( E, A, B, C, D, R(36) );
160 P( D, E, A, B, C, R(37) );
161 P( C, D, E, A, B, R(38) );
162 P( B, C, D, E, A, R(39) );
163  
164 #undef K
165 #undef F
166  
167 #define F(x,y,z) ((x & y) | (z & (x | y)))
168 #define K 0x8F1BBCDC
169  
170 P( A, B, C, D, E, R(40) );
171 P( E, A, B, C, D, R(41) );
172 P( D, E, A, B, C, R(42) );
173 P( C, D, E, A, B, R(43) );
174 P( B, C, D, E, A, R(44) );
175 P( A, B, C, D, E, R(45) );
176 P( E, A, B, C, D, R(46) );
177 P( D, E, A, B, C, R(47) );
178 P( C, D, E, A, B, R(48) );
179 P( B, C, D, E, A, R(49) );
180 P( A, B, C, D, E, R(50) );
181 P( E, A, B, C, D, R(51) );
182 P( D, E, A, B, C, R(52) );
183 P( C, D, E, A, B, R(53) );
184 P( B, C, D, E, A, R(54) );
185 P( A, B, C, D, E, R(55) );
186 P( E, A, B, C, D, R(56) );
187 P( D, E, A, B, C, R(57) );
188 P( C, D, E, A, B, R(58) );
189 P( B, C, D, E, A, R(59) );
190  
191 #undef K
192 #undef F
193  
194 #define F(x,y,z) (x ^ y ^ z)
195 #define K 0xCA62C1D6
196  
197 P( A, B, C, D, E, R(60) );
198 P( E, A, B, C, D, R(61) );
199 P( D, E, A, B, C, R(62) );
200 P( C, D, E, A, B, R(63) );
201 P( B, C, D, E, A, R(64) );
202 P( A, B, C, D, E, R(65) );
203 P( E, A, B, C, D, R(66) );
204 P( D, E, A, B, C, R(67) );
205 P( C, D, E, A, B, R(68) );
206 P( B, C, D, E, A, R(69) );
207 P( A, B, C, D, E, R(70) );
208 P( E, A, B, C, D, R(71) );
209 P( D, E, A, B, C, R(72) );
210 P( C, D, E, A, B, R(73) );
211 P( B, C, D, E, A, R(74) );
212 P( A, B, C, D, E, R(75) );
213 P( E, A, B, C, D, R(76) );
214 P( D, E, A, B, C, R(77) );
215 P( C, D, E, A, B, R(78) );
216 P( B, C, D, E, A, R(79) );
217  
218 #undef K
219 #undef F
220  
221 ctx->state[0] += A;
222 ctx->state[1] += B;
223 ctx->state[2] += C;
224 ctx->state[3] += D;
225 ctx->state[4] += E;
226 }
227  
228 void sha1_update( sha1_context *ctx, uchar *input, uint length )
229 {
230 ulong left, fill;
231  
232 if( ! length ) return;
233  
234 left = ctx->total[0] & 0x3F;
235 fill = 64 - left;
236  
237 ctx->total[0] += length;
238 ctx->total[0] &= 0xFFFFFFFF;
239  
240 if( ctx->total[0] < length )
241 ctx->total[1]++;
242  
243 if( left && length >= fill )
244 {
245 memcpy( (void *) (ctx->buffer + left),
246 (void *) input, fill );
247 sha1_process( ctx, ctx->buffer );
248 length -= fill;
249 input += fill;
250 left = 0;
251 }
252  
253 while( length >= 64 )
254 {
255 sha1_process( ctx, input );
256 length -= 64;
257 input += 64;
258 }
259  
260 if( length )
261 {
262 memcpy( (void *) (ctx->buffer + left),
263 (void *) input, length );
264 }
265 }
266  
267 static uchar sha1_padding[64] =
268 {
269 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
270 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
271 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
272 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
273 };
274  
275 void sha1_finish( sha1_context *ctx, uchar digest[20] )
276 {
277 ulong last, padn;
278 ulong high, low;
279 uchar msglen[8];
280  
281 high = ( ctx->total[0] >> 29 )
282 | ( ctx->total[1] << 3 );
283 low = ( ctx->total[0] << 3 );
284  
285 PUT_UINT32_BE( high, msglen, 0 );
286 PUT_UINT32_BE( low, msglen, 4 );
287  
288 last = ctx->total[0] & 0x3F;
289 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
290  
291 sha1_update( ctx, sha1_padding, padn );
292 sha1_update( ctx, msglen, 8 );
293  
294 PUT_UINT32_BE( ctx->state[0], digest, 0 );
295 PUT_UINT32_BE( ctx->state[1], digest, 4 );
296 PUT_UINT32_BE( ctx->state[2], digest, 8 );
297 PUT_UINT32_BE( ctx->state[3], digest, 12 );
298 PUT_UINT32_BE( ctx->state[4], digest, 16 );
299 }
300  
301 /*
302 * Output SHA-1(file contents), returns 0 if successful.
303 */
304 int sha1_file( char *filename, uchar digest[20] )
305 {
306 FILE *f;
307 size_t n;
308 sha1_context ctx;
309 uchar buf[1024];
310  
311 if( ( f = fopen( filename, "rb" ) ) == NULL )
312 return( 1 );
313  
314 sha1_starts( &ctx );
315  
316 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
317 sha1_update( &ctx, buf, (uint) n );
318  
319 sha1_finish( &ctx, digest );
320  
321 fclose( f );
322 return( 0 );
323 }
324  
325 /*
326 * Output SHA-1(buf)
327 */
328 void sha1_csum( uchar *buf, uint buflen, uchar digest[20] )
329 {
330 sha1_context ctx;
331  
332 sha1_starts( &ctx );
333 sha1_update( &ctx, buf, buflen );
334 sha1_finish( &ctx, digest );
335 }
336  
337 /*
338 * Output HMAC-SHA-1(key,buf)
339 */
340 void sha1_hmac( uchar *key, uint keylen, uchar *buf, uint buflen,
341 uchar digest[20] )
342 {
343 uint i;
344 sha1_context ctx;
345 uchar k_ipad[64];
346 uchar k_opad[64];
347 uchar tmpbuf[20];
348  
349 memset( k_ipad, 0x36, 64 );
350 memset( k_opad, 0x5C, 64 );
351  
352 for( i = 0; i < keylen; i++ )
353 {
354 if( i >= 64 ) break;
355  
356 k_ipad[i] ^= key[i];
357 k_opad[i] ^= key[i];
358 }
359  
360 sha1_starts( &ctx );
361 sha1_update( &ctx, k_ipad, 64 );
362 sha1_update( &ctx, buf, buflen );
363 sha1_finish( &ctx, tmpbuf );
364  
365 sha1_starts( &ctx );
366 sha1_update( &ctx, k_opad, 64 );
367 sha1_update( &ctx, tmpbuf, 20 );
368 sha1_finish( &ctx, digest );
369  
370 memset( k_ipad, 0, 64 );
371 memset( k_opad, 0, 64 );
372 memset( tmpbuf, 0, 20 );
373 memset( &ctx, 0, sizeof( sha1_context ) );
374 }
375  
376 #ifdef SELF_TEST
377 /*
378 * FIPS-180-1 test vectors
379 */
380 static char *sha1_test_str[3] =
381 {
382 "abc",
383 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
384 NULL
385 };
386  
387 static uchar sha1_test_sum[3][20] =
388 {
389 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
390 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
391 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
392 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
393 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
394 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
395 };
396  
397 /*
398 * Checkup routine
399 */
400 int sha1_self_test( void )
401 {
402 int i, j;
403 uchar buf[1000];
404 uchar sha1sum[20];
405 sha1_context ctx;
406  
407 for( i = 0; i < 3; i++ )
408 {
409 printf( " SHA-1 test #%d: ", i + 1 );
410  
411 sha1_starts( &ctx );
412  
413 if( i < 2 )
414 sha1_update( &ctx, (uchar *) sha1_test_str[i],
415 strlen( sha1_test_str[i] ) );
416 else
417 {
418 memset( buf, 'a', 1000 );
419 for( j = 0; j < 1000; j++ )
420 sha1_update( &ctx, (uchar *) buf, 1000 );
421 }
422  
423 sha1_finish( &ctx, sha1sum );
424  
425 if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
426 {
427 printf( "failed\n" );
428 return( 1 );
429 }
430  
431 printf( "passed\n" );
432 }
433  
434 printf( "\n" );
435 return( 0 );
436 }
437 #else
438 int sha1_self_test( void )
439 {
440 printf( "SHA-1 self-test not available\n\n" );
441 return( 1 );
442 }
443 #endif