CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/Common/Crypto/sha1.cpp
Views: 1401
/*1* FIPS-180-1 compliant SHA-1 implementation2*3* Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>4* All rights reserved.5*6* Joined copyright on original XySSL code with: Christophe Devine7*8* This program is free software; you can redistribute it and/or modify9* it under the terms of the GNU General Public License as published by10* the Free Software Foundation; either version 2 of the License, or11* (at your option) any later version.12*13* This program is distributed in the hope that it will be useful,14* but WITHOUT ANY WARRANTY; without even the implied warranty of15* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the16* GNU General Public License for more details.17*18* You should have received a copy of the GNU General Public License along19* with this program; if not, write to the Free Software Foundation, Inc.,20* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.21*/22/*23* The SHA-1 standard was published by NIST in 1993.24*25* http://www.itl.nist.gov/fipspubs/fip180-1.htm26*/27/*28#include "polarssl/config.h"2930#if defined(POLARSSL_SHA1_C)3132#include "polarssl/sha1.h"33*/34#include "sha1.h"35#include <string.h>36#include <stdio.h>3738/*39* 32-bit integer manipulation macros (big endian)40*/41#ifndef GET_ULONG_BE42#define GET_ULONG_BE(n,b,i) \43{ \44(n) = ( (unsigned long) (b)[(i) ] << 24 ) \45| ( (unsigned long) (b)[(i) + 1] << 16 ) \46| ( (unsigned long) (b)[(i) + 2] << 8 ) \47| ( (unsigned long) (b)[(i) + 3] ); \48}49#endif5051#ifndef PUT_ULONG_BE52#define PUT_ULONG_BE(n,b,i) \53{ \54(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \55(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \56(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \57(b)[(i) + 3] = (unsigned char) ( (n) ); \58}59#endif6061/*62* SHA-1 context setup63*/64void sha1_starts( sha1_context *ctx )65{66ctx->total[0] = 0;67ctx->total[1] = 0;6869ctx->state[0] = 0x67452301;70ctx->state[1] = 0xEFCDAB89;71ctx->state[2] = 0x98BADCFE;72ctx->state[3] = 0x10325476;73ctx->state[4] = 0xC3D2E1F0;74}7576static void sha1_process( sha1_context *ctx, const unsigned char data[64] )77{78unsigned long temp, W[16], A, B, C, D, E;7980GET_ULONG_BE( W[ 0], data, 0 );81GET_ULONG_BE( W[ 1], data, 4 );82GET_ULONG_BE( W[ 2], data, 8 );83GET_ULONG_BE( W[ 3], data, 12 );84GET_ULONG_BE( W[ 4], data, 16 );85GET_ULONG_BE( W[ 5], data, 20 );86GET_ULONG_BE( W[ 6], data, 24 );87GET_ULONG_BE( W[ 7], data, 28 );88GET_ULONG_BE( W[ 8], data, 32 );89GET_ULONG_BE( W[ 9], data, 36 );90GET_ULONG_BE( W[10], data, 40 );91GET_ULONG_BE( W[11], data, 44 );92GET_ULONG_BE( W[12], data, 48 );93GET_ULONG_BE( W[13], data, 52 );94GET_ULONG_BE( W[14], data, 56 );95GET_ULONG_BE( W[15], data, 60 );9697#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))9899#define R(t) \100( \101temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \102W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \103( W[t & 0x0F] = S(temp,1) ) \104)105106#define P(a,b,c,d,e,x) \107{ \108e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \109}110111A = ctx->state[0];112B = ctx->state[1];113C = ctx->state[2];114D = ctx->state[3];115E = ctx->state[4];116117#define F(x,y,z) (z ^ (x & (y ^ z)))118#define K 0x5A827999119120P( A, B, C, D, E, W[0] );121P( E, A, B, C, D, W[1] );122P( D, E, A, B, C, W[2] );123P( C, D, E, A, B, W[3] );124P( B, C, D, E, A, W[4] );125P( A, B, C, D, E, W[5] );126P( E, A, B, C, D, W[6] );127P( D, E, A, B, C, W[7] );128P( C, D, E, A, B, W[8] );129P( B, C, D, E, A, W[9] );130P( A, B, C, D, E, W[10] );131P( E, A, B, C, D, W[11] );132P( D, E, A, B, C, W[12] );133P( C, D, E, A, B, W[13] );134P( B, C, D, E, A, W[14] );135P( A, B, C, D, E, W[15] );136P( E, A, B, C, D, R(16) );137P( D, E, A, B, C, R(17) );138P( C, D, E, A, B, R(18) );139P( B, C, D, E, A, R(19) );140141#undef K142#undef F143144#define F(x,y,z) (x ^ y ^ z)145#define K 0x6ED9EBA1146147P( A, B, C, D, E, R(20) );148P( E, A, B, C, D, R(21) );149P( D, E, A, B, C, R(22) );150P( C, D, E, A, B, R(23) );151P( B, C, D, E, A, R(24) );152P( A, B, C, D, E, R(25) );153P( E, A, B, C, D, R(26) );154P( D, E, A, B, C, R(27) );155P( C, D, E, A, B, R(28) );156P( B, C, D, E, A, R(29) );157P( A, B, C, D, E, R(30) );158P( E, A, B, C, D, R(31) );159P( D, E, A, B, C, R(32) );160P( C, D, E, A, B, R(33) );161P( B, C, D, E, A, R(34) );162P( A, B, C, D, E, R(35) );163P( E, A, B, C, D, R(36) );164P( D, E, A, B, C, R(37) );165P( C, D, E, A, B, R(38) );166P( B, C, D, E, A, R(39) );167168#undef K169#undef F170171#define F(x,y,z) ((x & y) | (z & (x | y)))172#define K 0x8F1BBCDC173174P( A, B, C, D, E, R(40) );175P( E, A, B, C, D, R(41) );176P( D, E, A, B, C, R(42) );177P( C, D, E, A, B, R(43) );178P( B, C, D, E, A, R(44) );179P( A, B, C, D, E, R(45) );180P( E, A, B, C, D, R(46) );181P( D, E, A, B, C, R(47) );182P( C, D, E, A, B, R(48) );183P( B, C, D, E, A, R(49) );184P( A, B, C, D, E, R(50) );185P( E, A, B, C, D, R(51) );186P( D, E, A, B, C, R(52) );187P( C, D, E, A, B, R(53) );188P( B, C, D, E, A, R(54) );189P( A, B, C, D, E, R(55) );190P( E, A, B, C, D, R(56) );191P( D, E, A, B, C, R(57) );192P( C, D, E, A, B, R(58) );193P( B, C, D, E, A, R(59) );194195#undef K196#undef F197198#define F(x,y,z) (x ^ y ^ z)199#define K 0xCA62C1D6200201P( A, B, C, D, E, R(60) );202P( E, A, B, C, D, R(61) );203P( D, E, A, B, C, R(62) );204P( C, D, E, A, B, R(63) );205P( B, C, D, E, A, R(64) );206P( A, B, C, D, E, R(65) );207P( E, A, B, C, D, R(66) );208P( D, E, A, B, C, R(67) );209P( C, D, E, A, B, R(68) );210P( B, C, D, E, A, R(69) );211P( A, B, C, D, E, R(70) );212P( E, A, B, C, D, R(71) );213P( D, E, A, B, C, R(72) );214P( C, D, E, A, B, R(73) );215P( B, C, D, E, A, R(74) );216P( A, B, C, D, E, R(75) );217P( E, A, B, C, D, R(76) );218P( D, E, A, B, C, R(77) );219P( C, D, E, A, B, R(78) );220P( B, C, D, E, A, R(79) );221222#undef K223#undef F224225ctx->state[0] += A;226ctx->state[1] += B;227ctx->state[2] += C;228ctx->state[3] += D;229ctx->state[4] += E;230}231232/*233* SHA-1 process buffer234*/235void sha1_update( sha1_context *ctx, unsigned char *input, int ilen )236{237int fill;238unsigned long left;239240if( ilen <= 0 )241return;242243left = ctx->total[0] & 0x3F;244fill = 64 - left;245246ctx->total[0] += ilen;247ctx->total[0] &= 0xFFFFFFFF;248249if( ctx->total[0] < (unsigned long) ilen )250ctx->total[1]++;251252if( left && ilen >= fill )253{254memcpy( (void *) (ctx->buffer + left),255(void *) input, fill );256sha1_process( ctx, ctx->buffer );257input += fill;258ilen -= fill;259left = 0;260}261262while( ilen >= 64 )263{264sha1_process( ctx, input );265input += 64;266ilen -= 64;267}268269if( ilen > 0 )270{271memcpy( (void *) (ctx->buffer + left),272(void *) input, ilen );273}274}275276static const unsigned char sha1_padding[64] =277{2780x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,2790, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,2800, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,2810, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0282};283284/*285* SHA-1 final digest286*/287void sha1_finish( sha1_context *ctx, unsigned char output[20] )288{289unsigned long last, padn;290unsigned long high, low;291unsigned char msglen[8];292293high = ( ctx->total[0] >> 29 )294| ( ctx->total[1] << 3 );295low = ( ctx->total[0] << 3 );296297PUT_ULONG_BE( high, msglen, 0 );298PUT_ULONG_BE( low, msglen, 4 );299300last = ctx->total[0] & 0x3F;301padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );302303sha1_update( ctx, (unsigned char *) sha1_padding, padn );304sha1_update( ctx, msglen, 8 );305306PUT_ULONG_BE( ctx->state[0], output, 0 );307PUT_ULONG_BE( ctx->state[1], output, 4 );308PUT_ULONG_BE( ctx->state[2], output, 8 );309PUT_ULONG_BE( ctx->state[3], output, 12 );310PUT_ULONG_BE( ctx->state[4], output, 16 );311}312313/*314* output = SHA-1( input buffer )315*/316void sha1( unsigned char *input, int ilen, unsigned char output[20] )317{318sha1_context ctx;319320sha1_starts( &ctx );321sha1_update( &ctx, input, ilen );322sha1_finish( &ctx, output );323324memset( &ctx, 0, sizeof( sha1_context ) );325}326327/*328* SHA-1 HMAC context setup329*/330void sha1_hmac_starts( sha1_context *ctx, unsigned char *key, int keylen )331{332int i;333unsigned char sum[20];334335if( keylen > 64 )336{337sha1( key, keylen, sum );338keylen = 20;339key = sum;340}341342memset( ctx->ipad, 0x36, 64 );343memset( ctx->opad, 0x5C, 64 );344345for( i = 0; i < keylen; i++ )346{347ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );348ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );349}350351sha1_starts( ctx );352sha1_update( ctx, ctx->ipad, 64 );353354memset( sum, 0, sizeof( sum ) );355}356357/*358* SHA-1 HMAC process buffer359*/360void sha1_hmac_update( sha1_context *ctx, unsigned char *input, int ilen )361{362sha1_update( ctx, input, ilen );363}364365/*366* SHA-1 HMAC final digest367*/368void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )369{370unsigned char tmpbuf[20];371372sha1_finish( ctx, tmpbuf );373sha1_starts( ctx );374sha1_update( ctx, ctx->opad, 64 );375sha1_update( ctx, tmpbuf, 20 );376sha1_finish( ctx, output );377378memset( tmpbuf, 0, sizeof( tmpbuf ) );379}380381/*382* output = HMAC-SHA-1( hmac key, input buffer )383*/384void sha1_hmac( unsigned char *key, int keylen,385unsigned char *input, int ilen,386unsigned char output[20] )387{388sha1_context ctx;389390sha1_hmac_starts( &ctx, key, keylen );391sha1_hmac_update( &ctx, input, ilen );392sha1_hmac_finish( &ctx, output );393394memset( &ctx, 0, sizeof( sha1_context ) );395}396397#if defined(POLARSSL_SELF_TEST)398/*399* FIPS-180-1 test vectors400*/401static unsigned char sha1_test_buf[3][57] =402{403{ "abc" },404{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },405{ "" }406};407408static const int sha1_test_buflen[3] =409{4103, 56, 1000411};412413static const unsigned char sha1_test_sum[3][20] =414{415{ 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,4160x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },417{ 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,4180x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },419{ 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,4200xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }421};422423/*424* RFC 2202 test vectors425*/426static unsigned char sha1_hmac_test_key[7][26] =427{428{ "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"429"\x0B\x0B\x0B\x0B" },430{ "Jefe" },431{ "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"432"\xAA\xAA\xAA\xAA" },433{ "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"434"\x11\x12\x13\x14\x15\x16\x17\x18\x19" },435{ "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"436"\x0C\x0C\x0C\x0C" },437{ "" }, /* 0xAA 80 times */438{ "" }439};440441static const int sha1_hmac_test_keylen[7] =442{44320, 4, 20, 25, 20, 80, 80444};445446static unsigned char sha1_hmac_test_buf[7][74] =447{448{ "Hi There" },449{ "what do ya want for nothing?" },450{ "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"451"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"452"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"453"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"454"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },455{ "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"456"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"457"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"458"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"459"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },460{ "Test With Truncation" },461{ "Test Using Larger Than Block-Size Key - Hash Key First" },462{ "Test Using Larger Than Block-Size Key and Larger"463" Than One Block-Size Data" }464};465466static const int sha1_hmac_test_buflen[7] =467{4688, 28, 50, 50, 20, 54, 73469};470471static const unsigned char sha1_hmac_test_sum[7][20] =472{473{ 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,4740xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },475{ 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,4760x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },477{ 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,4780x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },479{ 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,4800x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },481{ 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,4820x7B, 0xE1 },483{ 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,4840x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },485{ 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,4860xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }487};488489/*490* Checkup routine491*/492int sha1_self_test( int verbose )493{494int i, j, buflen;495unsigned char buf[1024];496unsigned char sha1sum[20];497sha1_context ctx;498499/*500* SHA-1501*/502for( i = 0; i < 3; i++ )503{504if( verbose != 0 )505printf( " SHA-1 test #%d: ", i + 1 );506507sha1_starts( &ctx );508509if( i == 2 )510{511memset( buf, 'a', buflen = 1000 );512513for( j = 0; j < 1000; j++ )514sha1_update( &ctx, buf, buflen );515}516else517sha1_update( &ctx, sha1_test_buf[i],518sha1_test_buflen[i] );519520sha1_finish( &ctx, sha1sum );521522if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )523{524if( verbose != 0 )525printf( "failed\n" );526527return( 1 );528}529530if( verbose != 0 )531printf( "passed\n" );532}533534if( verbose != 0 )535printf( "\n" );536537for( i = 0; i < 7; i++ )538{539if( verbose != 0 )540printf( " HMAC-SHA-1 test #%d: ", i + 1 );541542if( i == 5 || i == 6 )543{544memset( buf, '\xAA', buflen = 80 );545sha1_hmac_starts( &ctx, buf, buflen );546}547else548sha1_hmac_starts( &ctx, sha1_hmac_test_key[i],549sha1_hmac_test_keylen[i] );550551sha1_hmac_update( &ctx, sha1_hmac_test_buf[i],552sha1_hmac_test_buflen[i] );553554sha1_hmac_finish( &ctx, sha1sum );555556buflen = ( i == 4 ) ? 12 : 20;557558if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )559{560if( verbose != 0 )561printf( "failed\n" );562563return( 1 );564}565566if( verbose != 0 )567printf( "passed\n" );568}569570if( verbose != 0 )571printf( "\n" );572573return( 0 );574}575576#endif577578//#endif579580581