sha1.c in jcs/subtext

sha1.c

(View History)

jcs *: Move some big char buffers from the stack to the heap

Latest amendment: 209 on 2022-07-16

1	/* $OpenBSD: sha1.c,v 1.27 2019/06/07 22:56:36 dtucker Exp $ */
2
3	/*
4	* SHA-1 in C
5	* By Steve Reid <steve@edmweb.com>
6	* 100% Public Domain
7	*
8	* Test Vectors (from FIPS PUB 180-1)
9	* "abc"
10	* A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
11	* "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
12	* 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
13	* A million repetitions of "a"
14	* 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
15	*/
16
17	#include <string.h>
18	#include "sha1.h"
19
20	#define rol(value, bits) (((value) << (bits)) \| ((value) >> (32 - (bits))))
21
22	#if !defined(BYTE_ORDER) \|\| (BYTE_ORDER != BIG_ENDIAN)
23	#error little-endian support was removed
24	#endif
25
26	/*
27	* blk0() and blk() perform the initial expand.
28	* I got the idea of expanding during the round function from SSLeay
29	*/
30	#define blk0(i) block->l[i]
31	#define blk(i) (block->l[i & 15] = rol(block->l[(i + 13) & 15] ^ \
32	block->l[(i + 8) & 15] ^ block->l[(i + 2) & 15] ^ \
33	block->l[i & 15], 1))
34
35	/*
36	* (R0+R1), R2, R3, R4 are the different operations (rounds) used in SHA1
37	*/
38	#define R0(v,w,x,y,z,i) \
39	z += ((w & (x ^ y)) ^ y) + blk0(i) + 0x5A827999 + rol(v, 5); \
40	w = rol(w, 30);
41	#define R1(v,w,x,y,z,i) \
42	z += ((w & (x ^ y)) ^ y) + blk(i) + 0x5A827999 + rol(v, 5); \
43	w = rol(w, 30);
44	#define R2(v,w,x,y,z,i) \
45	z += (w ^ x ^ y) + blk(i) + 0x6ED9EBA1 + rol(v, 5); \
46	w = rol(w, 30);
47	#define R3(v,w,x,y,z,i) \
48	z += (((w \| x) & y) \| (w & x)) + blk(i) + 0x8F1BBCDC + rol(v, 5); \
49	w = rol(w, 30);
50	#define R4(v,w,x,y,z,i) \
51	z += (w ^ x ^ y) + blk(i) + 0xCA62C1D6 + rol(v, 5); \
52	w = rol(w, 30);
53
54	typedef union {
55	u_int8_t c[64];
56	u_int32_t l[16];
57	} CHAR64LONG16;
58
59	void SHA1Transform(u_int32_t state[5],
60	const u_int8_t buffer[SHA1_BLOCK_LENGTH]);
61	void SHA1Pad(SHA1_CTX *context);
62
63	/*
64	* Hash a single 512-bit block. This is the core of the algorithm.
65	*/
66	void
67	SHA1Transform(u_int32_t state[5], const u_int8_t buffer[SHA1_BLOCK_LENGTH])
68	{
69	u_int32_t a, b, c, d, e;
70	u_int8_t workspace[SHA1_BLOCK_LENGTH];
71	CHAR64LONG16 block = (CHAR64LONG16 )workspace;
72
73	(void)memcpy(block, buffer, SHA1_BLOCK_LENGTH);
74
75	/* Copy context->state[] to working vars */
76	a = state[0];
77	b = state[1];
78	c = state[2];
79	d = state[3];
80	e = state[4];
81
82	/* 4 rounds of 20 operations each. Loop unrolled. */
83	R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
84	R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
85	R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
86	R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
87	R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
88	R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
89	R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
90	R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
91	R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
92	R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
93	R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
94	R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
95	R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
96	R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
97	R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
98	R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
99	R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
100	R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
101	R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
102	R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
103
104	/* Add the working vars back into context.state[] */
105	state[0] += a;
106	state[1] += b;
107	state[2] += c;
108	state[3] += d;
109	state[4] += e;
110
111	/* Wipe variables */
112	a = b = c = d = e = 0;
113	}
114
115
116	/*
117	* SHA1Init - Initialize new context
118	*/
119	void
120	SHA1Init(SHA1_CTX *context)
121	{
122	/* SHA1 initialization constants */
123	context->count[0] = 0;
124	context->count[1] = 0;
125	context->state[0] = 0x67452301;
126	context->state[1] = 0xEFCDAB89;
127	context->state[2] = 0x98BADCFE;
128	context->state[3] = 0x10325476;
129	context->state[4] = 0xC3D2E1F0;
130	}
131
132
133	/*
134	* Run your data through this.
135	*/
136	void
137	SHA1Update(SHA1_CTX context, const u_int8_t data, size_t len)
138	{
139	size_t i, j;
140
141	j = (size_t)((context->count[0] >> 3) & 63);
142	if ((context->count[0] += len << 3) < (len << 3))
143	context->count[1]++;
144	if ((j + len) > 63) {
145	(void)memcpy(&context->buffer[j], data, (i = 64-j));
146	SHA1Transform(context->state, context->buffer);
147	for ( ; i + 63 < len; i += 64)
148	SHA1Transform(context->state, (u_int8_t *)&data[i]);
149	j = 0;
150	} else {
151	i = 0;
152	}
153	(void)memcpy(&context->buffer[j], &data[i], len - i);
154	}
155
156
157	/*
158	* Add padding and return the message digest.
159	*/
160	void
161	SHA1Pad(SHA1_CTX *context)
162	{
163	u_int8_t finalcount[8];
164	short i;
165
166	for (i = 0; i < 8; i++) {
167	finalcount[i] = (u_int8_t)((context->count[i >= 4 ? 0 : 1] >>
168	((3 - (i & 3)) * 8)) & 255); /* Endian independent */
169	}
170	SHA1Update(context, (u_int8_t *)"\200", 1);
171	while ((context->count[0] & 504) != 448)
172	SHA1Update(context, (u_int8_t *)"\0", 1);
173	SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
174	}
175
176	void
177	SHA1Final(u_int8_t digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context)
178	{
179	short i;
180
181	SHA1Pad(context);
182	for (i = 0; i < SHA1_DIGEST_LENGTH; i++) {
183	digest[i] = (u_int8_t)
184	((context->state[i >> 2] >> ((3 - (i & 3)) * 8) ) & 255);
185	}
186	memset(context, 0, sizeof(*context));
187	}
188
189	char *
190	SHA1End(SHA1_CTX ctx, char buf)
191	{
192	short i;
193	u_int8_t digest[SHA1_DIGEST_LENGTH];
194	static const char hex[] = "0123456789abcdef";
195
196	if (buf == NULL)
197	return NULL;
198
199	SHA1Final(digest, ctx);
200	for (i = 0; i < SHA1_DIGEST_LENGTH; i++) {
201	buf[i + i] = hex[digest[i] >> 4];
202	buf[i + i + 1] = hex[digest[i] & 0x0f];
203	}
204	buf[i + i] = '\0';
205	memset(digest, 0, sizeof(digest));
206	return (buf);
207	}
208
209	char *
210	SHA1Data(const u_int8_t data, size_t len, char buf)
211	{
212	SHA1_CTX ctx;
213
214	SHA1Init(&ctx);
215	SHA1Update(&ctx, data, len);
216	SHA1Final((u_int8_t *)&buf, &ctx);
217
218	return buf;
219	}

AmendHub

Download

jcs

subtext

sha1.c

(View History)