|
Atrinik Client 2.5
|
00001 /* 00002 * FIPS-180-1 compliant SHA-1 implementation 00003 * 00004 * Copyright (C) 2006-2010, Brainspark B.V. 00005 * 00006 * This file is part of PolarSSL (http://www.polarssl.org) 00007 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> 00008 * 00009 * All rights reserved. 00010 * 00011 * This program is free software; you can redistribute it and/or modify 00012 * it under the terms of the GNU General Public License as published by 00013 * the Free Software Foundation; either version 2 of the License, or 00014 * (at your option) any later version. 00015 * 00016 * This program is distributed in the hope that it will be useful, 00017 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00018 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00019 * GNU General Public License for more details. 00020 * 00021 * You should have received a copy of the GNU General Public License along 00022 * with this program; if not, write to the Free Software Foundation, Inc., 00023 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00024 */ 00025 /* 00026 * The SHA-1 standard was published by NIST in 1993. 00027 * 00028 * http://www.itl.nist.gov/fipspubs/fip180-1.htm 00029 */ 00030 00031 #include <sha1.h> 00032 #include <stdio.h> 00033 00034 /* 00035 * 32-bit integer manipulation macros (big endian) 00036 */ 00037 #ifndef GET_ULONG_BE 00038 #define GET_ULONG_BE(n,b,i) \ 00039 { \ 00040 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \ 00041 | ( (unsigned long) (b)[(i) + 1] << 16 ) \ 00042 | ( (unsigned long) (b)[(i) + 2] << 8 ) \ 00043 | ( (unsigned long) (b)[(i) + 3] ); \ 00044 } 00045 #endif 00046 00047 #ifndef PUT_ULONG_BE 00048 #define PUT_ULONG_BE(n,b,i) \ 00049 { \ 00050 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 00051 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 00052 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 00053 (b)[(i) + 3] = (unsigned char) ( (n) ); \ 00054 } 00055 #endif 00056 00057 /* 00058 * SHA-1 context setup 00059 */ 00060 void sha1_starts( sha1_context *ctx ) 00061 { 00062 ctx->total[0] = 0; 00063 ctx->total[1] = 0; 00064 00065 ctx->state[0] = 0x67452301; 00066 ctx->state[1] = 0xEFCDAB89; 00067 ctx->state[2] = 0x98BADCFE; 00068 ctx->state[3] = 0x10325476; 00069 ctx->state[4] = 0xC3D2E1F0; 00070 } 00071 00072 static void sha1_process( sha1_context *ctx, const unsigned char data[64] ) 00073 { 00074 unsigned long temp, W[16], A, B, C, D, E; 00075 00076 GET_ULONG_BE( W[ 0], data, 0 ); 00077 GET_ULONG_BE( W[ 1], data, 4 ); 00078 GET_ULONG_BE( W[ 2], data, 8 ); 00079 GET_ULONG_BE( W[ 3], data, 12 ); 00080 GET_ULONG_BE( W[ 4], data, 16 ); 00081 GET_ULONG_BE( W[ 5], data, 20 ); 00082 GET_ULONG_BE( W[ 6], data, 24 ); 00083 GET_ULONG_BE( W[ 7], data, 28 ); 00084 GET_ULONG_BE( W[ 8], data, 32 ); 00085 GET_ULONG_BE( W[ 9], data, 36 ); 00086 GET_ULONG_BE( W[10], data, 40 ); 00087 GET_ULONG_BE( W[11], data, 44 ); 00088 GET_ULONG_BE( W[12], data, 48 ); 00089 GET_ULONG_BE( W[13], data, 52 ); 00090 GET_ULONG_BE( W[14], data, 56 ); 00091 GET_ULONG_BE( W[15], data, 60 ); 00092 00093 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n))) 00094 00095 #define R(t) \ 00096 ( \ 00097 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \ 00098 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \ 00099 ( W[t & 0x0F] = S(temp,1) ) \ 00100 ) 00101 00102 #define P(a,b,c,d,e,x) \ 00103 { \ 00104 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \ 00105 } 00106 00107 A = ctx->state[0]; 00108 B = ctx->state[1]; 00109 C = ctx->state[2]; 00110 D = ctx->state[3]; 00111 E = ctx->state[4]; 00112 00113 #define F(x,y,z) (z ^ (x & (y ^ z))) 00114 #define K 0x5A827999 00115 00116 P( A, B, C, D, E, W[0] ); 00117 P( E, A, B, C, D, W[1] ); 00118 P( D, E, A, B, C, W[2] ); 00119 P( C, D, E, A, B, W[3] ); 00120 P( B, C, D, E, A, W[4] ); 00121 P( A, B, C, D, E, W[5] ); 00122 P( E, A, B, C, D, W[6] ); 00123 P( D, E, A, B, C, W[7] ); 00124 P( C, D, E, A, B, W[8] ); 00125 P( B, C, D, E, A, W[9] ); 00126 P( A, B, C, D, E, W[10] ); 00127 P( E, A, B, C, D, W[11] ); 00128 P( D, E, A, B, C, W[12] ); 00129 P( C, D, E, A, B, W[13] ); 00130 P( B, C, D, E, A, W[14] ); 00131 P( A, B, C, D, E, W[15] ); 00132 P( E, A, B, C, D, R(16) ); 00133 P( D, E, A, B, C, R(17) ); 00134 P( C, D, E, A, B, R(18) ); 00135 P( B, C, D, E, A, R(19) ); 00136 00137 #undef K 00138 #undef F 00139 00140 #define F(x,y,z) (x ^ y ^ z) 00141 #define K 0x6ED9EBA1 00142 00143 P( A, B, C, D, E, R(20) ); 00144 P( E, A, B, C, D, R(21) ); 00145 P( D, E, A, B, C, R(22) ); 00146 P( C, D, E, A, B, R(23) ); 00147 P( B, C, D, E, A, R(24) ); 00148 P( A, B, C, D, E, R(25) ); 00149 P( E, A, B, C, D, R(26) ); 00150 P( D, E, A, B, C, R(27) ); 00151 P( C, D, E, A, B, R(28) ); 00152 P( B, C, D, E, A, R(29) ); 00153 P( A, B, C, D, E, R(30) ); 00154 P( E, A, B, C, D, R(31) ); 00155 P( D, E, A, B, C, R(32) ); 00156 P( C, D, E, A, B, R(33) ); 00157 P( B, C, D, E, A, R(34) ); 00158 P( A, B, C, D, E, R(35) ); 00159 P( E, A, B, C, D, R(36) ); 00160 P( D, E, A, B, C, R(37) ); 00161 P( C, D, E, A, B, R(38) ); 00162 P( B, C, D, E, A, R(39) ); 00163 00164 #undef K 00165 #undef F 00166 00167 #define F(x,y,z) ((x & y) | (z & (x | y))) 00168 #define K 0x8F1BBCDC 00169 00170 P( A, B, C, D, E, R(40) ); 00171 P( E, A, B, C, D, R(41) ); 00172 P( D, E, A, B, C, R(42) ); 00173 P( C, D, E, A, B, R(43) ); 00174 P( B, C, D, E, A, R(44) ); 00175 P( A, B, C, D, E, R(45) ); 00176 P( E, A, B, C, D, R(46) ); 00177 P( D, E, A, B, C, R(47) ); 00178 P( C, D, E, A, B, R(48) ); 00179 P( B, C, D, E, A, R(49) ); 00180 P( A, B, C, D, E, R(50) ); 00181 P( E, A, B, C, D, R(51) ); 00182 P( D, E, A, B, C, R(52) ); 00183 P( C, D, E, A, B, R(53) ); 00184 P( B, C, D, E, A, R(54) ); 00185 P( A, B, C, D, E, R(55) ); 00186 P( E, A, B, C, D, R(56) ); 00187 P( D, E, A, B, C, R(57) ); 00188 P( C, D, E, A, B, R(58) ); 00189 P( B, C, D, E, A, R(59) ); 00190 00191 #undef K 00192 #undef F 00193 00194 #define F(x,y,z) (x ^ y ^ z) 00195 #define K 0xCA62C1D6 00196 00197 P( A, B, C, D, E, R(60) ); 00198 P( E, A, B, C, D, R(61) ); 00199 P( D, E, A, B, C, R(62) ); 00200 P( C, D, E, A, B, R(63) ); 00201 P( B, C, D, E, A, R(64) ); 00202 P( A, B, C, D, E, R(65) ); 00203 P( E, A, B, C, D, R(66) ); 00204 P( D, E, A, B, C, R(67) ); 00205 P( C, D, E, A, B, R(68) ); 00206 P( B, C, D, E, A, R(69) ); 00207 P( A, B, C, D, E, R(70) ); 00208 P( E, A, B, C, D, R(71) ); 00209 P( D, E, A, B, C, R(72) ); 00210 P( C, D, E, A, B, R(73) ); 00211 P( B, C, D, E, A, R(74) ); 00212 P( A, B, C, D, E, R(75) ); 00213 P( E, A, B, C, D, R(76) ); 00214 P( D, E, A, B, C, R(77) ); 00215 P( C, D, E, A, B, R(78) ); 00216 P( B, C, D, E, A, R(79) ); 00217 00218 #undef K 00219 #undef F 00220 00221 ctx->state[0] += A; 00222 ctx->state[1] += B; 00223 ctx->state[2] += C; 00224 ctx->state[3] += D; 00225 ctx->state[4] += E; 00226 } 00227 00228 /* 00229 * SHA-1 process buffer 00230 */ 00231 void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen ) 00232 { 00233 size_t fill; 00234 unsigned long left; 00235 00236 if( ilen <= 0 ) 00237 return; 00238 00239 left = ctx->total[0] & 0x3F; 00240 fill = 64 - left; 00241 00242 ctx->total[0] += (unsigned long) ilen; 00243 ctx->total[0] &= 0xFFFFFFFF; 00244 00245 if( ctx->total[0] < (unsigned long) ilen ) 00246 ctx->total[1]++; 00247 00248 if( left && ilen >= fill ) 00249 { 00250 memcpy( (void *) (ctx->buffer + left), 00251 (void *) input, fill ); 00252 sha1_process( ctx, ctx->buffer ); 00253 input += fill; 00254 ilen -= fill; 00255 left = 0; 00256 } 00257 00258 while( ilen >= 64 ) 00259 { 00260 sha1_process( ctx, input ); 00261 input += 64; 00262 ilen -= 64; 00263 } 00264 00265 if( ilen > 0 ) 00266 { 00267 memcpy( (void *) (ctx->buffer + left), 00268 (void *) input, ilen ); 00269 } 00270 } 00271 00272 static const unsigned char sha1_padding[64] = 00273 { 00274 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 00275 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 00276 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 00277 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 00278 }; 00279 00280 /* 00281 * SHA-1 final digest 00282 */ 00283 void sha1_finish( sha1_context *ctx, unsigned char output[20] ) 00284 { 00285 unsigned long last, padn; 00286 unsigned long high, low; 00287 unsigned char msglen[8]; 00288 00289 high = ( ctx->total[0] >> 29 ) 00290 | ( ctx->total[1] << 3 ); 00291 low = ( ctx->total[0] << 3 ); 00292 00293 PUT_ULONG_BE( high, msglen, 0 ); 00294 PUT_ULONG_BE( low, msglen, 4 ); 00295 00296 last = ctx->total[0] & 0x3F; 00297 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); 00298 00299 sha1_update( ctx, (unsigned char *) sha1_padding, padn ); 00300 sha1_update( ctx, msglen, 8 ); 00301 00302 PUT_ULONG_BE( ctx->state[0], output, 0 ); 00303 PUT_ULONG_BE( ctx->state[1], output, 4 ); 00304 PUT_ULONG_BE( ctx->state[2], output, 8 ); 00305 PUT_ULONG_BE( ctx->state[3], output, 12 ); 00306 PUT_ULONG_BE( ctx->state[4], output, 16 ); 00307 } 00308 00309 /* 00310 * output = SHA-1( input buffer ) 00311 */ 00312 void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ) 00313 { 00314 sha1_context ctx; 00315 00316 sha1_starts( &ctx ); 00317 sha1_update( &ctx, input, ilen ); 00318 sha1_finish( &ctx, output ); 00319 00320 memset( &ctx, 0, sizeof( sha1_context ) ); 00321 } 00322 00323 /* 00324 * output = SHA-1( file contents ) 00325 */ 00326 int sha1_file( const char *path, unsigned char output[20] ) 00327 { 00328 FILE *f; 00329 size_t n; 00330 sha1_context ctx; 00331 unsigned char buf[1024]; 00332 00333 if( ( f = fopen( path, "rb" ) ) == NULL ) 00334 return( 1 ); 00335 00336 sha1_starts( &ctx ); 00337 00338 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) 00339 sha1_update( &ctx, buf, n ); 00340 00341 sha1_finish( &ctx, output ); 00342 00343 memset( &ctx, 0, sizeof( sha1_context ) ); 00344 00345 if( ferror( f ) != 0 ) 00346 { 00347 fclose( f ); 00348 return( 2 ); 00349 } 00350 00351 fclose( f ); 00352 return( 0 ); 00353 } 00354 00355 /* 00356 * SHA-1 HMAC context setup 00357 */ 00358 void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keylen ) 00359 { 00360 size_t i; 00361 unsigned char sum[20]; 00362 00363 if( keylen > 64 ) 00364 { 00365 sha1( key, keylen, sum ); 00366 keylen = 20; 00367 key = sum; 00368 } 00369 00370 memset( ctx->ipad, 0x36, 64 ); 00371 memset( ctx->opad, 0x5C, 64 ); 00372 00373 for( i = 0; i < keylen; i++ ) 00374 { 00375 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] ); 00376 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] ); 00377 } 00378 00379 sha1_starts( ctx ); 00380 sha1_update( ctx, ctx->ipad, 64 ); 00381 00382 memset( sum, 0, sizeof( sum ) ); 00383 } 00384 00385 /* 00386 * SHA-1 HMAC process buffer 00387 */ 00388 void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, size_t ilen ) 00389 { 00390 sha1_update( ctx, input, ilen ); 00391 } 00392 00393 /* 00394 * SHA-1 HMAC final digest 00395 */ 00396 void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] ) 00397 { 00398 unsigned char tmpbuf[20]; 00399 00400 sha1_finish( ctx, tmpbuf ); 00401 sha1_starts( ctx ); 00402 sha1_update( ctx, ctx->opad, 64 ); 00403 sha1_update( ctx, tmpbuf, 20 ); 00404 sha1_finish( ctx, output ); 00405 00406 memset( tmpbuf, 0, sizeof( tmpbuf ) ); 00407 } 00408 00409 /* 00410 * SHA1 HMAC context reset 00411 */ 00412 void sha1_hmac_reset( sha1_context *ctx ) 00413 { 00414 sha1_starts( ctx ); 00415 sha1_update( ctx, ctx->ipad, 64 ); 00416 } 00417 00418 /* 00419 * output = HMAC-SHA-1( hmac key, input buffer ) 00420 */ 00421 void sha1_hmac( const unsigned char *key, size_t keylen, 00422 const unsigned char *input, size_t ilen, 00423 unsigned char output[20] ) 00424 { 00425 sha1_context ctx; 00426 00427 sha1_hmac_starts( &ctx, key, keylen ); 00428 sha1_hmac_update( &ctx, input, ilen ); 00429 sha1_hmac_finish( &ctx, output ); 00430 00431 memset( &ctx, 0, sizeof( sha1_context ) ); 00432 }
1.7.4