/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * * SHA-1 implementation largely based on libmincrypt in the the Android * Open Source Project (platorm/system/core.git/libmincrypt/sha.c */ #include "sha1.h" static uint32_t ror27(uint32_t val) { return (val >> 27) | (val << 5); } static uint32_t ror2(uint32_t val) { return (val >> 2) | (val << 30); } static uint32_t ror31(uint32_t val) { return (val >> 31) | (val << 1); } static void sha1_transform(struct sha1_ctx *ctx) { uint32_t W[80]; register uint32_t A, B, C, D, E; int t; A = ctx->state[0]; B = ctx->state[1]; C = ctx->state[2]; D = ctx->state[3]; E = ctx->state[4]; #define SHA_F1(A, B, C, D, E, t) \ E += ror27(A) + \ (W[t] = __builtin_bswap32(ctx->buf.w[t])) + \ (D^(B&(C^D))) + 0x5A827999; \ B = ror2(B); for (t = 0; t < 15; t += 5) { SHA_F1(A, B, C, D, E, t + 0); SHA_F1(E, A, B, C, D, t + 1); SHA_F1(D, E, A, B, C, t + 2); SHA_F1(C, D, E, A, B, t + 3); SHA_F1(B, C, D, E, A, t + 4); } SHA_F1(A, B, C, D, E, t + 0); /* 16th one, t == 15 */ #undef SHA_F1 #define SHA_F1(A, B, C, D, E, t) \ E += ror27(A) + \ (W[t] = ror31(W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16])) + \ (D^(B&(C^D))) + 0x5A827999; \ B = ror2(B); SHA_F1(E, A, B, C, D, t + 1); SHA_F1(D, E, A, B, C, t + 2); SHA_F1(C, D, E, A, B, t + 3); SHA_F1(B, C, D, E, A, t + 4); #undef SHA_F1 #define SHA_F2(A, B, C, D, E, t) \ E += ror27(A) + \ (W[t] = ror31(W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16])) + \ (B^C^D) + 0x6ED9EBA1; \ B = ror2(B); for (t = 20; t < 40; t += 5) { SHA_F2(A, B, C, D, E, t + 0); SHA_F2(E, A, B, C, D, t + 1); SHA_F2(D, E, A, B, C, t + 2); SHA_F2(C, D, E, A, B, t + 3); SHA_F2(B, C, D, E, A, t + 4); } #undef SHA_F2 #define SHA_F3(A, B, C, D, E, t) \ E += ror27(A) + \ (W[t] = ror31(W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16])) + \ ((B&C)|(D&(B|C))) + 0x8F1BBCDC; \ B = ror2(B); for (; t < 60; t += 5) { SHA_F3(A, B, C, D, E, t + 0); SHA_F3(E, A, B, C, D, t + 1); SHA_F3(D, E, A, B, C, t + 2); SHA_F3(C, D, E, A, B, t + 3); SHA_F3(B, C, D, E, A, t + 4); } #undef SHA_F3 #define SHA_F4(A, B, C, D, E, t) \ E += ror27(A) + \ (W[t] = ror31(W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16])) + \ (B^C^D) + 0xCA62C1D6; \ B = ror2(B); for (; t < 80; t += 5) { SHA_F4(A, B, C, D, E, t + 0); SHA_F4(E, A, B, C, D, t + 1); SHA_F4(D, E, A, B, C, t + 2); SHA_F4(C, D, E, A, B, t + 3); SHA_F4(B, C, D, E, A, t + 4); } #undef SHA_F4 ctx->state[0] += A; ctx->state[1] += B; ctx->state[2] += C; ctx->state[3] += D; ctx->state[4] += E; } void sha1_update(struct sha1_ctx *ctx, const uint8_t *data, uint32_t len) { int i = ctx->count % sizeof(ctx->buf); const uint8_t *p = (const uint8_t *)data; ctx->count += len; while (len > sizeof(ctx->buf) - i) { memcpy(&ctx->buf.b[i], p, sizeof(ctx->buf) - i); len -= sizeof(ctx->buf) - i; p += sizeof(ctx->buf) - i; sha1_transform(ctx); i = 0; } while (len--) { ctx->buf.b[i++] = *p++; if (i == sizeof(ctx->buf)) { sha1_transform(ctx); i = 0; } } } uint8_t *sha1_final(struct sha1_ctx *ctx) { uint32_t cnt = ctx->count * 8; int i; sha1_update(ctx, (uint8_t *)"\x80", 1); while ((ctx->count % sizeof(ctx->buf)) != (sizeof(ctx->buf) - 8)) sha1_update(ctx, (uint8_t *)"\0", 1); for (i = 0; i < 8; ++i) { uint8_t tmp = cnt >> ((7 - i) * 8); sha1_update(ctx, &tmp, 1); } for (i = 0; i < 5; i++) ctx->buf.w[i] = __builtin_bswap32(ctx->state[i]); return ctx->buf.b; } void sha1_init(struct sha1_ctx *ctx) { ctx->state[0] = 0x67452301; ctx->state[1] = 0xEFCDAB89; ctx->state[2] = 0x98BADCFE; ctx->state[3] = 0x10325476; ctx->state[4] = 0xC3D2E1F0; ctx->count = 0; }