|
8910
|
1 /*
|
|
6987
|
2 * The contents of this file are subject to the Mozilla Public
|
|
|
3 * License Version 1.1 (the "License"); you may not use this file
|
|
|
4 * except in compliance with the License. You may obtain a copy of
|
|
|
5 * the License at http://www.mozilla.org/MPL/
|
|
8910
|
6 *
|
|
6987
|
7 * Software distributed under the License is distributed on an "AS
|
|
|
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
|
|
|
9 * implied. See the License for the specific language governing
|
|
|
10 * rights and limitations under the License.
|
|
8910
|
11 *
|
|
6987
|
12 * The Original Code is SHA 180-1 Reference Implementation (Compact version)
|
|
8910
|
13 *
|
|
6987
|
14 * The Initial Developer of the Original Code is Paul Kocher of
|
|
8910
|
15 * Cryptography Research. Portions created by Paul Kocher are
|
|
6987
|
16 * Copyright (C) 1995-9 by Cryptography Research, Inc. All
|
|
|
17 * Rights Reserved.
|
|
8910
|
18 *
|
|
6987
|
19 * Contributor(s):
|
|
|
20 *
|
|
|
21 */
|
|
|
22
|
|
|
23 #include "sha.h"
|
|
|
24
|
|
|
25 static void shaHashBlock(SHA_CTX *ctx);
|
|
|
26
|
|
|
27 void shaInit(SHA_CTX *ctx) {
|
|
|
28 int i;
|
|
|
29
|
|
|
30 ctx->lenW = 0;
|
|
|
31 ctx->sizeHi = ctx->sizeLo = 0;
|
|
|
32
|
|
|
33 /* Initialize H with the magic constants (see FIPS180 for constants)
|
|
|
34 */
|
|
|
35 ctx->H[0] = 0x67452301L;
|
|
|
36 ctx->H[1] = 0xefcdab89L;
|
|
|
37 ctx->H[2] = 0x98badcfeL;
|
|
|
38 ctx->H[3] = 0x10325476L;
|
|
|
39 ctx->H[4] = 0xc3d2e1f0L;
|
|
|
40
|
|
|
41 for (i = 0; i < 80; i++)
|
|
|
42 ctx->W[i] = 0;
|
|
|
43 }
|
|
|
44
|
|
|
45
|
|
|
46 void shaUpdate(SHA_CTX *ctx, unsigned char *dataIn, int len) {
|
|
|
47 int i;
|
|
|
48
|
|
|
49 /* Read the data into W and process blocks as they get full
|
|
|
50 */
|
|
|
51 for (i = 0; i < len; i++) {
|
|
|
52 ctx->W[ctx->lenW / 4] <<= 8;
|
|
|
53 ctx->W[ctx->lenW / 4] |= (unsigned long)dataIn[i];
|
|
|
54 if ((++ctx->lenW) % 64 == 0) {
|
|
|
55 shaHashBlock(ctx);
|
|
|
56 ctx->lenW = 0;
|
|
|
57 }
|
|
|
58 ctx->sizeLo += 8;
|
|
|
59 ctx->sizeHi += (ctx->sizeLo < 8);
|
|
|
60 }
|
|
|
61 }
|
|
|
62
|
|
|
63
|
|
|
64 void shaFinal(SHA_CTX *ctx, unsigned char hashout[20]) {
|
|
|
65 unsigned char pad0x80 = 0x80;
|
|
|
66 unsigned char pad0x00 = 0x00;
|
|
|
67 unsigned char padlen[8];
|
|
|
68 int i;
|
|
|
69
|
|
|
70 /* Pad with a binary 1 (e.g. 0x80), then zeroes, then length
|
|
|
71 */
|
|
|
72 padlen[0] = (unsigned char)((ctx->sizeHi >> 24) & 255);
|
|
|
73 padlen[1] = (unsigned char)((ctx->sizeHi >> 16) & 255);
|
|
|
74 padlen[2] = (unsigned char)((ctx->sizeHi >> 8) & 255);
|
|
|
75 padlen[3] = (unsigned char)((ctx->sizeHi >> 0) & 255);
|
|
|
76 padlen[4] = (unsigned char)((ctx->sizeLo >> 24) & 255);
|
|
|
77 padlen[5] = (unsigned char)((ctx->sizeLo >> 16) & 255);
|
|
|
78 padlen[6] = (unsigned char)((ctx->sizeLo >> 8) & 255);
|
|
|
79 padlen[7] = (unsigned char)((ctx->sizeLo >> 0) & 255);
|
|
|
80 shaUpdate(ctx, &pad0x80, 1);
|
|
|
81 while (ctx->lenW != 56)
|
|
|
82 shaUpdate(ctx, &pad0x00, 1);
|
|
|
83 shaUpdate(ctx, padlen, 8);
|
|
|
84
|
|
|
85 /* Output hash
|
|
|
86 */
|
|
|
87 for (i = 0; i < 20; i++) {
|
|
|
88 hashout[i] = (unsigned char)(ctx->H[i / 4] >> 24);
|
|
|
89 ctx->H[i / 4] <<= 8;
|
|
|
90 }
|
|
|
91
|
|
|
92 /*
|
|
|
93 * Re-initialize the context (also zeroizes contents)
|
|
|
94 */
|
|
|
95 shaInit(ctx);
|
|
|
96 }
|
|
|
97
|
|
|
98
|
|
|
99 void shaBlock(unsigned char *dataIn, int len, unsigned char hashout[20]) {
|
|
|
100 SHA_CTX ctx;
|
|
|
101
|
|
|
102 shaInit(&ctx);
|
|
|
103 shaUpdate(&ctx, dataIn, len);
|
|
|
104 shaFinal(&ctx, hashout);
|
|
|
105 }
|
|
|
106
|
|
|
107
|
|
|
108 #define SHA_ROTL(X,n) ((((X) << (n)) | ((X) >> (32-(n)))) & 0xffffffffL)
|
|
|
109
|
|
|
110 static void shaHashBlock(SHA_CTX *ctx) {
|
|
|
111 int t;
|
|
|
112 unsigned long A,B,C,D,E,TEMP;
|
|
|
113
|
|
|
114 for (t = 16; t <= 79; t++)
|
|
|
115 ctx->W[t] =
|
|
|
116 SHA_ROTL(ctx->W[t-3] ^ ctx->W[t-8] ^ ctx->W[t-14] ^ ctx->W[t-16], 1);
|
|
|
117
|
|
|
118 A = ctx->H[0];
|
|
|
119 B = ctx->H[1];
|
|
|
120 C = ctx->H[2];
|
|
|
121 D = ctx->H[3];
|
|
|
122 E = ctx->H[4];
|
|
|
123
|
|
|
124 for (t = 0; t <= 19; t++) {
|
|
|
125 TEMP = (SHA_ROTL(A,5) + (((C^D)&B)^D) + E + ctx->W[t] + 0x5a827999L) & 0xffffffffL;
|
|
|
126 E = D; D = C; C = SHA_ROTL(B, 30); B = A; A = TEMP;
|
|
|
127 }
|
|
|
128 for (t = 20; t <= 39; t++) {
|
|
|
129 TEMP = (SHA_ROTL(A,5) + (B^C^D) + E + ctx->W[t] + 0x6ed9eba1L) & 0xffffffffL;
|
|
|
130 E = D; D = C; C = SHA_ROTL(B, 30); B = A; A = TEMP;
|
|
|
131 }
|
|
|
132 for (t = 40; t <= 59; t++) {
|
|
|
133 TEMP = (SHA_ROTL(A,5) + ((B&C)|(D&(B|C))) + E + ctx->W[t] + 0x8f1bbcdcL) & 0xffffffffL;
|
|
|
134 E = D; D = C; C = SHA_ROTL(B, 30); B = A; A = TEMP;
|
|
|
135 }
|
|
|
136 for (t = 60; t <= 79; t++) {
|
|
|
137 TEMP = (SHA_ROTL(A,5) + (B^C^D) + E + ctx->W[t] + 0xca62c1d6L) & 0xffffffffL;
|
|
|
138 E = D; D = C; C = SHA_ROTL(B, 30); B = A; A = TEMP;
|
|
|
139 }
|
|
|
140
|
|
|
141 ctx->H[0] += A;
|
|
|
142 ctx->H[1] += B;
|
|
|
143 ctx->H[2] += C;
|
|
|
144 ctx->H[3] += D;
|
|
|
145 ctx->H[4] += E;
|
|
|
146 }
|
