1 /* $Cambridge: exim/src/src/pdkim/sha1.c,v 1.1.2.2 2009/02/24 18:43:59 tom Exp $ */
3 * FIPS-180-1 compliant SHA-1 implementation
5 * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
7 * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 * The SHA-1 standard was published by NIST in 1993.
26 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
35 * 32-bit integer manipulation macros (big endian)
38 #define GET_ULONG_BE(n,b,i) \
40 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
41 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
42 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
43 | ( (unsigned long) (b)[(i) + 3] ); \
48 #define PUT_ULONG_BE(n,b,i) \
50 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
51 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
52 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
53 (b)[(i) + 3] = (unsigned char) ( (n) ); \
60 void sha1_starts( sha1_context *ctx )
65 ctx->state[0] = 0x67452301;
66 ctx->state[1] = 0xEFCDAB89;
67 ctx->state[2] = 0x98BADCFE;
68 ctx->state[3] = 0x10325476;
69 ctx->state[4] = 0xC3D2E1F0;
72 static void sha1_process( sha1_context *ctx, unsigned char data[64] )
74 unsigned long temp, W[16], A, B, C, D, E;
76 GET_ULONG_BE( W[ 0], data, 0 );
77 GET_ULONG_BE( W[ 1], data, 4 );
78 GET_ULONG_BE( W[ 2], data, 8 );
79 GET_ULONG_BE( W[ 3], data, 12 );
80 GET_ULONG_BE( W[ 4], data, 16 );
81 GET_ULONG_BE( W[ 5], data, 20 );
82 GET_ULONG_BE( W[ 6], data, 24 );
83 GET_ULONG_BE( W[ 7], data, 28 );
84 GET_ULONG_BE( W[ 8], data, 32 );
85 GET_ULONG_BE( W[ 9], data, 36 );
86 GET_ULONG_BE( W[10], data, 40 );
87 GET_ULONG_BE( W[11], data, 44 );
88 GET_ULONG_BE( W[12], data, 48 );
89 GET_ULONG_BE( W[13], data, 52 );
90 GET_ULONG_BE( W[14], data, 56 );
91 GET_ULONG_BE( W[15], data, 60 );
93 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
97 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
98 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
99 ( W[t & 0x0F] = S(temp,1) ) \
102 #define P(a,b,c,d,e,x) \
104 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
113 #define F(x,y,z) (z ^ (x & (y ^ z)))
116 P( A, B, C, D, E, W[0] );
117 P( E, A, B, C, D, W[1] );
118 P( D, E, A, B, C, W[2] );
119 P( C, D, E, A, B, W[3] );
120 P( B, C, D, E, A, W[4] );
121 P( A, B, C, D, E, W[5] );
122 P( E, A, B, C, D, W[6] );
123 P( D, E, A, B, C, W[7] );
124 P( C, D, E, A, B, W[8] );
125 P( B, C, D, E, A, W[9] );
126 P( A, B, C, D, E, W[10] );
127 P( E, A, B, C, D, W[11] );
128 P( D, E, A, B, C, W[12] );
129 P( C, D, E, A, B, W[13] );
130 P( B, C, D, E, A, W[14] );
131 P( A, B, C, D, E, W[15] );
132 P( E, A, B, C, D, R(16) );
133 P( D, E, A, B, C, R(17) );
134 P( C, D, E, A, B, R(18) );
135 P( B, C, D, E, A, R(19) );
140 #define F(x,y,z) (x ^ y ^ z)
143 P( A, B, C, D, E, R(20) );
144 P( E, A, B, C, D, R(21) );
145 P( D, E, A, B, C, R(22) );
146 P( C, D, E, A, B, R(23) );
147 P( B, C, D, E, A, R(24) );
148 P( A, B, C, D, E, R(25) );
149 P( E, A, B, C, D, R(26) );
150 P( D, E, A, B, C, R(27) );
151 P( C, D, E, A, B, R(28) );
152 P( B, C, D, E, A, R(29) );
153 P( A, B, C, D, E, R(30) );
154 P( E, A, B, C, D, R(31) );
155 P( D, E, A, B, C, R(32) );
156 P( C, D, E, A, B, R(33) );
157 P( B, C, D, E, A, R(34) );
158 P( A, B, C, D, E, R(35) );
159 P( E, A, B, C, D, R(36) );
160 P( D, E, A, B, C, R(37) );
161 P( C, D, E, A, B, R(38) );
162 P( B, C, D, E, A, R(39) );
167 #define F(x,y,z) ((x & y) | (z & (x | y)))
170 P( A, B, C, D, E, R(40) );
171 P( E, A, B, C, D, R(41) );
172 P( D, E, A, B, C, R(42) );
173 P( C, D, E, A, B, R(43) );
174 P( B, C, D, E, A, R(44) );
175 P( A, B, C, D, E, R(45) );
176 P( E, A, B, C, D, R(46) );
177 P( D, E, A, B, C, R(47) );
178 P( C, D, E, A, B, R(48) );
179 P( B, C, D, E, A, R(49) );
180 P( A, B, C, D, E, R(50) );
181 P( E, A, B, C, D, R(51) );
182 P( D, E, A, B, C, R(52) );
183 P( C, D, E, A, B, R(53) );
184 P( B, C, D, E, A, R(54) );
185 P( A, B, C, D, E, R(55) );
186 P( E, A, B, C, D, R(56) );
187 P( D, E, A, B, C, R(57) );
188 P( C, D, E, A, B, R(58) );
189 P( B, C, D, E, A, R(59) );
194 #define F(x,y,z) (x ^ y ^ z)
197 P( A, B, C, D, E, R(60) );
198 P( E, A, B, C, D, R(61) );
199 P( D, E, A, B, C, R(62) );
200 P( C, D, E, A, B, R(63) );
201 P( B, C, D, E, A, R(64) );
202 P( A, B, C, D, E, R(65) );
203 P( E, A, B, C, D, R(66) );
204 P( D, E, A, B, C, R(67) );
205 P( C, D, E, A, B, R(68) );
206 P( B, C, D, E, A, R(69) );
207 P( A, B, C, D, E, R(70) );
208 P( E, A, B, C, D, R(71) );
209 P( D, E, A, B, C, R(72) );
210 P( C, D, E, A, B, R(73) );
211 P( B, C, D, E, A, R(74) );
212 P( A, B, C, D, E, R(75) );
213 P( E, A, B, C, D, R(76) );
214 P( D, E, A, B, C, R(77) );
215 P( C, D, E, A, B, R(78) );
216 P( B, C, D, E, A, R(79) );
229 * SHA-1 process buffer
231 void sha1_update( sha1_context *ctx, unsigned char *input, int ilen )
239 left = ctx->total[0] & 0x3F;
242 ctx->total[0] += ilen;
243 ctx->total[0] &= 0xFFFFFFFF;
245 if( ctx->total[0] < (unsigned long) ilen )
248 if( left && ilen >= fill )
250 memcpy( (void *) (ctx->buffer + left),
251 (void *) input, fill );
252 sha1_process( ctx, ctx->buffer );
260 sha1_process( ctx, input );
267 memcpy( (void *) (ctx->buffer + left),
268 (void *) input, ilen );
272 static const unsigned char sha1_padding[64] =
274 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
275 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
276 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
277 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
283 void sha1_finish( sha1_context *ctx, unsigned char output[20] )
285 unsigned long last, padn;
286 unsigned long high, low;
287 unsigned char msglen[8];
289 high = ( ctx->total[0] >> 29 )
290 | ( ctx->total[1] << 3 );
291 low = ( ctx->total[0] << 3 );
293 PUT_ULONG_BE( high, msglen, 0 );
294 PUT_ULONG_BE( low, msglen, 4 );
296 last = ctx->total[0] & 0x3F;
297 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
299 sha1_update( ctx, (unsigned char *) sha1_padding, padn );
300 sha1_update( ctx, msglen, 8 );
302 PUT_ULONG_BE( ctx->state[0], output, 0 );
303 PUT_ULONG_BE( ctx->state[1], output, 4 );
304 PUT_ULONG_BE( ctx->state[2], output, 8 );
305 PUT_ULONG_BE( ctx->state[3], output, 12 );
306 PUT_ULONG_BE( ctx->state[4], output, 16 );
310 * output = SHA-1( input buffer )
312 void sha1_oneshot( unsigned char *input, int ilen, unsigned char output[20] )
317 sha1_update( &ctx, input, ilen );
318 sha1_finish( &ctx, output );
320 memset( &ctx, 0, sizeof( sha1_context ) );
324 * output = SHA-1( file contents )
326 int sha1_file( char *path, unsigned char output[20] )
331 unsigned char buf[1024];
333 if( ( f = fopen( path, "rb" ) ) == NULL )
338 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
339 sha1_update( &ctx, buf, (int) n );
341 sha1_finish( &ctx, output );
343 memset( &ctx, 0, sizeof( sha1_context ) );
345 if( ferror( f ) != 0 )
356 * SHA-1 HMAC context setup
358 void sha1_hmac_starts( sha1_context *ctx, unsigned char *key, int keylen )
361 unsigned char sum[20];
365 sha1_oneshot( key, keylen, sum );
370 memset( ctx->ipad, 0x36, 64 );
371 memset( ctx->opad, 0x5C, 64 );
373 for( i = 0; i < keylen; i++ )
375 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
376 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
380 sha1_update( ctx, ctx->ipad, 64 );
382 memset( sum, 0, sizeof( sum ) );
386 * SHA-1 HMAC process buffer
388 void sha1_hmac_update( sha1_context *ctx, unsigned char *input, int ilen )
390 sha1_update( ctx, input, ilen );
394 * SHA-1 HMAC final digest
396 void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
398 unsigned char tmpbuf[20];
400 sha1_finish( ctx, tmpbuf );
402 sha1_update( ctx, ctx->opad, 64 );
403 sha1_update( ctx, tmpbuf, 20 );
404 sha1_finish( ctx, output );
406 memset( tmpbuf, 0, sizeof( tmpbuf ) );
410 * output = HMAC-SHA-1( hmac key, input buffer )
412 void sha1_hmac( unsigned char *key, int keylen,
413 unsigned char *input, int ilen,
414 unsigned char output[20] )
418 sha1_hmac_starts( &ctx, key, keylen );
419 sha1_hmac_update( &ctx, input, ilen );
420 sha1_hmac_finish( &ctx, output );
422 memset( &ctx, 0, sizeof( sha1_context ) );