nexmon – Blame information for rev 1

Subversion Repositories:
Rev:
Rev Author Line No. Line
1 office 1 /*
2 * FIPS-180-1 compliant SHA-1 implementation
3 *
4 * Copyright (C) 2001-2003 Christophe Devine
5 * Copyright (C) 2012 Chris Elston, Katalix Systems Ltd <celston@katalix.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20 *
21 * Changed to use guint instead of uint 2004 by Anders Broman
22 * Original code found at http://www.cr0.net:8040/code/crypto/sha1/
23 * References: http://www.ietf.org/rfc/rfc3174.txt?number=3174
24 *
25 * 2012-08-21 - C Elston - Split sha1_hmac function to allow incremental usage.
26 */
27  
28 #include <string.h>
29 #include <glib.h>
30  
31 #include "sha1.h"
32  
33 #define GET_UINT32(n,b,i) \
34 { \
35 (n) = ( (guint32) (b)[(i) ] << 24 ) \
36 | ( (guint32) (b)[(i) + 1] << 16 ) \
37 | ( (guint32) (b)[(i) + 2] << 8 ) \
38 | ( (guint32) (b)[(i) + 3] ); \
39 }
40  
41 #define PUT_UINT32(n,b,i) \
42 { \
43 (b)[(i) ] = (guint8) ( (n) >> 24 ); \
44 (b)[(i) + 1] = (guint8) ( (n) >> 16 ); \
45 (b)[(i) + 2] = (guint8) ( (n) >> 8 ); \
46 (b)[(i) + 3] = (guint8) ( (n) ); \
47 }
48  
49 void sha1_starts( sha1_context *ctx )
50 {
51 ctx->total[0] = 0;
52 ctx->total[1] = 0;
53  
54 ctx->state[0] = 0x67452301;
55 ctx->state[1] = 0xEFCDAB89;
56 ctx->state[2] = 0x98BADCFE;
57 ctx->state[3] = 0x10325476;
58 ctx->state[4] = 0xC3D2E1F0;
59 }
60  
61 static void sha1_process( sha1_context *ctx, const guint8 data[64] )
62 {
63 guint32 temp, W[16], A, B, C, D, E;
64  
65 GET_UINT32( W[0], data, 0 );
66 GET_UINT32( W[1], data, 4 );
67 GET_UINT32( W[2], data, 8 );
68 GET_UINT32( W[3], data, 12 );
69 GET_UINT32( W[4], data, 16 );
70 GET_UINT32( W[5], data, 20 );
71 GET_UINT32( W[6], data, 24 );
72 GET_UINT32( W[7], data, 28 );
73 GET_UINT32( W[8], data, 32 );
74 GET_UINT32( W[9], data, 36 );
75 GET_UINT32( W[10], data, 40 );
76 GET_UINT32( W[11], data, 44 );
77 GET_UINT32( W[12], data, 48 );
78 GET_UINT32( W[13], data, 52 );
79 GET_UINT32( W[14], data, 56 );
80 GET_UINT32( W[15], data, 60 );
81  
82 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
83  
84 #define R(t) \
85 ( \
86 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
87 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
88 ( W[t & 0x0F] = S(temp,1) ) \
89 )
90  
91 #define P(a,b,c,d,e,x) \
92 { \
93 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
94 }
95  
96 A = ctx->state[0];
97 B = ctx->state[1];
98 C = ctx->state[2];
99 D = ctx->state[3];
100 E = ctx->state[4];
101  
102 #define F(x,y,z) (z ^ (x & (y ^ z)))
103 #define K 0x5A827999
104  
105 P( A, B, C, D, E, W[0] );
106 P( E, A, B, C, D, W[1] );
107 P( D, E, A, B, C, W[2] );
108 P( C, D, E, A, B, W[3] );
109 P( B, C, D, E, A, W[4] );
110 P( A, B, C, D, E, W[5] );
111 P( E, A, B, C, D, W[6] );
112 P( D, E, A, B, C, W[7] );
113 P( C, D, E, A, B, W[8] );
114 P( B, C, D, E, A, W[9] );
115 P( A, B, C, D, E, W[10] );
116 P( E, A, B, C, D, W[11] );
117 P( D, E, A, B, C, W[12] );
118 P( C, D, E, A, B, W[13] );
119 P( B, C, D, E, A, W[14] );
120 P( A, B, C, D, E, W[15] );
121 P( E, A, B, C, D, R(16) );
122 P( D, E, A, B, C, R(17) );
123 P( C, D, E, A, B, R(18) );
124 P( B, C, D, E, A, R(19) );
125  
126 #undef K
127 #undef F
128  
129 #define F(x,y,z) (x ^ y ^ z)
130 #define K 0x6ED9EBA1
131  
132 P( A, B, C, D, E, R(20) );
133 P( E, A, B, C, D, R(21) );
134 P( D, E, A, B, C, R(22) );
135 P( C, D, E, A, B, R(23) );
136 P( B, C, D, E, A, R(24) );
137 P( A, B, C, D, E, R(25) );
138 P( E, A, B, C, D, R(26) );
139 P( D, E, A, B, C, R(27) );
140 P( C, D, E, A, B, R(28) );
141 P( B, C, D, E, A, R(29) );
142 P( A, B, C, D, E, R(30) );
143 P( E, A, B, C, D, R(31) );
144 P( D, E, A, B, C, R(32) );
145 P( C, D, E, A, B, R(33) );
146 P( B, C, D, E, A, R(34) );
147 P( A, B, C, D, E, R(35) );
148 P( E, A, B, C, D, R(36) );
149 P( D, E, A, B, C, R(37) );
150 P( C, D, E, A, B, R(38) );
151 P( B, C, D, E, A, R(39) );
152  
153 #undef K
154 #undef F
155  
156 #define F(x,y,z) ((x & y) | (z & (x | y)))
157 #define K 0x8F1BBCDC
158  
159 P( A, B, C, D, E, R(40) );
160 P( E, A, B, C, D, R(41) );
161 P( D, E, A, B, C, R(42) );
162 P( C, D, E, A, B, R(43) );
163 P( B, C, D, E, A, R(44) );
164 P( A, B, C, D, E, R(45) );
165 P( E, A, B, C, D, R(46) );
166 P( D, E, A, B, C, R(47) );
167 P( C, D, E, A, B, R(48) );
168 P( B, C, D, E, A, R(49) );
169 P( A, B, C, D, E, R(50) );
170 P( E, A, B, C, D, R(51) );
171 P( D, E, A, B, C, R(52) );
172 P( C, D, E, A, B, R(53) );
173 P( B, C, D, E, A, R(54) );
174 P( A, B, C, D, E, R(55) );
175 P( E, A, B, C, D, R(56) );
176 P( D, E, A, B, C, R(57) );
177 P( C, D, E, A, B, R(58) );
178 P( B, C, D, E, A, R(59) );
179  
180 #undef K
181 #undef F
182  
183 #define F(x,y,z) (x ^ y ^ z)
184 #define K 0xCA62C1D6
185  
186 P( A, B, C, D, E, R(60) );
187 P( E, A, B, C, D, R(61) );
188 P( D, E, A, B, C, R(62) );
189 P( C, D, E, A, B, R(63) );
190 P( B, C, D, E, A, R(64) );
191 P( A, B, C, D, E, R(65) );
192 P( E, A, B, C, D, R(66) );
193 P( D, E, A, B, C, R(67) );
194 P( C, D, E, A, B, R(68) );
195 P( B, C, D, E, A, R(69) );
196 P( A, B, C, D, E, R(70) );
197 P( E, A, B, C, D, R(71) );
198 P( D, E, A, B, C, R(72) );
199 P( C, D, E, A, B, R(73) );
200 P( B, C, D, E, A, R(74) );
201 P( A, B, C, D, E, R(75) );
202 P( E, A, B, C, D, R(76) );
203 P( D, E, A, B, C, R(77) );
204 P( C, D, E, A, B, R(78) );
205 P( B, C, D, E, A, R(79) );
206  
207 #undef K
208 #undef F
209  
210 ctx->state[0] += A;
211 ctx->state[1] += B;
212 ctx->state[2] += C;
213 ctx->state[3] += D;
214 ctx->state[4] += E;
215 }
216  
217 void sha1_update( sha1_context *ctx, const guint8 *input, guint32 length )
218 {
219 guint32 left, fill;
220  
221 if( ! length ) return;
222  
223 left = ctx->total[0] & 0x3F;
224 fill = 64 - left;
225  
226 ctx->total[0] += length;
227 ctx->total[0] &= 0xFFFFFFFF;
228  
229 if( ctx->total[0] < length )
230 ctx->total[1]++;
231  
232 if( left && length >= fill )
233 {
234 memcpy( (void *) (ctx->buffer + left),
235 (const void *) input, fill );
236 sha1_process( ctx, ctx->buffer );
237 length -= fill;
238 input += fill;
239 left = 0;
240 }
241  
242 while( length >= 64 )
243 {
244 sha1_process( ctx, input );
245 length -= 64;
246 input += 64;
247 }
248  
249 if( length )
250 {
251 memcpy( (void *) (ctx->buffer + left),
252 (const void *) input, length );
253 }
254 }
255  
256 static guint8 sha1_padding[64] =
257 {
258 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
259 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
260 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
261 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
262 };
263  
264 void sha1_finish( sha1_context *ctx, guint8 digest[SHA1_DIGEST_LEN] )
265 {
266 guint32 last, padn;
267 guint32 high, low;
268 guint8 msglen[8];
269  
270 high = ( ctx->total[0] >> 29 )
271 | ( ctx->total[1] << 3 );
272 low = ( ctx->total[0] << 3 );
273  
274 PUT_UINT32( high, msglen, 0 );
275 PUT_UINT32( low, msglen, 4 );
276  
277 last = ctx->total[0] & 0x3F;
278 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
279  
280 sha1_update( ctx, sha1_padding, padn );
281 sha1_update( ctx, msglen, 8 );
282  
283 PUT_UINT32( ctx->state[0], digest, 0 );
284 PUT_UINT32( ctx->state[1], digest, 4 );
285 PUT_UINT32( ctx->state[2], digest, 8 );
286 PUT_UINT32( ctx->state[3], digest, 12 );
287 PUT_UINT32( ctx->state[4], digest, 16 );
288 }
289  
290 void sha1_hmac_starts( sha1_hmac_context *hctx, const guint8 *key, guint32 keylen )
291 {
292 guint32 i;
293 guint8 k_ipad[64];
294  
295 memset( k_ipad, 0x36, 64 );
296 memset( hctx->k_opad, 0x5C, 64 );
297  
298 for( i = 0; i < keylen; i++ )
299 {
300 if( i >= 64 ) break;
301  
302 k_ipad[i] ^= key[i];
303 hctx->k_opad[i] ^= key[i];
304 }
305  
306 sha1_starts( &hctx->ctx );
307 sha1_update( &hctx->ctx, k_ipad, 64 );
308 }
309  
310 void sha1_hmac_update( sha1_hmac_context *hctx, const guint8 *buf, guint32 buflen )
311 {
312 sha1_update( &hctx->ctx, buf, buflen );
313 }
314  
315 void sha1_hmac_finish( sha1_hmac_context *hctx, guint8 digest[SHA1_DIGEST_LEN] )
316 {
317 guint8 tmpbuf[SHA1_DIGEST_LEN];
318  
319 sha1_finish( &hctx->ctx, tmpbuf );
320  
321 sha1_starts( &hctx->ctx );
322 sha1_update( &hctx->ctx, hctx->k_opad, 64 );
323 sha1_update( &hctx->ctx, tmpbuf, SHA1_DIGEST_LEN );
324 sha1_finish( &hctx->ctx, digest );
325 }
326  
327 void sha1_hmac( const guint8 *key, guint32 keylen, const guint8 *buf, guint32 buflen,
328 guint8 digest[SHA1_DIGEST_LEN] )
329 {
330 sha1_hmac_context hctx;
331  
332 sha1_hmac_starts( &hctx, key, keylen );
333 sha1_hmac_update( &hctx, buf, buflen );
334 sha1_hmac_finish( &hctx, digest );
335 }
336  
337 #ifdef TEST
338  
339 #include <stdlib.h>
340 #include <stdio.h>
341 #include <errno.h>
342  
343 /*
344 * those are the standard FIPS-180-1 test vectors
345 */
346  
347 static const char *msg[] =
348 {
349 "abc",
350 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
351 NULL
352 };
353  
354 static const char *val[] =
355 {
356 "a9993e364706816aba3e25717850c26c9cd0d89d",
357 "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
358 "34aa973cd4c4daa4f61eeb2bdbad27316534016f"
359 };
360  
361 int main( int argc, char *argv[] )
362 {
363 FILE *f;
364 int i, j;
365 char output[41];
366 sha1_context ctx;
367 unsigned char buf[1000];
368 unsigned char sha1sum[SHA1_DIGEST_LEN];
369  
370 if( argc < 2 )
371 {
372 printf( "\n SHA-1 Validation Tests:\n\n" );
373  
374 for( i = 0; i < 3; i++ )
375 {
376 printf( " Test %d ", i + 1 );
377  
378 sha1_starts( &ctx );
379  
380 if( i < 2 )
381 {
382 sha1_update( &ctx, (guint8 *) msg[i],
383 strlen( msg[i] ) );
384 }
385 else
386 {
387 memset( buf, 'a', 1000 );
388  
389 for( j = 0; j < 1000; j++ )
390 {
391 sha1_update( &ctx, (guint8 *) buf, 1000 );
392 }
393 }
394  
395 sha1_finish( &ctx, sha1sum );
396  
397 for( j = 0; j < SHA1_DIGEST_LEN; j++ )
398 {
399 g_snprintf( output + j * 2, 41-j*2, "%02x", sha1sum[j] );
400 }
401  
402 if( memcmp( output, val[i], 40 ) )
403 {
404 printf( "failed!\n" );
405 return( 1 );
406 }
407  
408 printf( "passed.\n" );
409 }
410  
411 printf( "\n" );
412 }
413 else
414 {
415 if( ! ( f = ws_fopen( argv[1], "rb" ) ) )
416 {
417 printf("fopen: %s", g_strerror(errno));
418 return( 1 );
419 }
420  
421 sha1_starts( &ctx );
422  
423 while( ( i = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
424 {
425 sha1_update( &ctx, buf, i );
426 }
427  
428 sha1_finish( &ctx, sha1sum );
429  
430 for( j = 0; j < SHA1_DIGEST_LEN; j++ )
431 {
432 printf( "%02x", sha1sum[j] );
433 }
434  
435 printf( " %s\n", argv[1] );
436 }
437  
438 return( 0 );
439 }
440  
441 #endif
442  
443  
444 /*
445 * Editor modelines - http://www.wireshark.org/tools/modelines.html
446 *
447 * Local variables:
448 * c-basic-offset: 4
449 * tab-width: 8
450 * indent-tabs-mode: nil
451 * End:
452 *
453 * vi: set shiftwidth=4 tabstop=8 expandtab:
454 * :indentSize=4:tabSize=8:noTabs=true:
455 */