Blame cbits/cryptonite_sha1.c

Packit 141393
/*
Packit 141393
 * Copyright (C) 2006-2009 Vincent Hanquez <vincent@snarc.org>
Packit 141393
 *
Packit 141393
 * Redistribution and use in source and binary forms, with or without
Packit 141393
 * modification, are permitted provided that the following conditions
Packit 141393
 * are met:
Packit 141393
 * 1. Redistributions of source code must retain the above copyright
Packit 141393
 *    notice, this list of conditions and the following disclaimer.
Packit 141393
 * 2. Redistributions in binary form must reproduce the above copyright
Packit 141393
 *    notice, this list of conditions and the following disclaimer in the
Packit 141393
 *    documentation and/or other materials provided with the distribution.
Packit 141393
 *
Packit 141393
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
Packit 141393
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
Packit 141393
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
Packit 141393
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
Packit 141393
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
Packit 141393
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
Packit 141393
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
Packit 141393
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
Packit 141393
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
Packit 141393
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Packit 141393
 */
Packit 141393
Packit 141393
#include <string.h>
Packit 141393
#include "cryptonite_sha1.h"
Packit 141393
#include "cryptonite_bitfn.h"
Packit 141393
#include "cryptonite_align.h"
Packit 141393
Packit 141393
void cryptonite_sha1_init(struct sha1_ctx *ctx)
Packit 141393
{
Packit 141393
	memset(ctx, 0, sizeof(*ctx));
Packit 141393
Packit 141393
	ctx->h[0] = 0x67452301;
Packit 141393
	ctx->h[1] = 0xefcdab89;
Packit 141393
	ctx->h[2] = 0x98badcfe;
Packit 141393
	ctx->h[3] = 0x10325476;
Packit 141393
	ctx->h[4] = 0xc3d2e1f0;
Packit 141393
}
Packit 141393
Packit 141393
#define f1(x, y, z)   (z ^ (x & (y ^ z)))
Packit 141393
#define f2(x, y, z)   (x ^ y ^ z)
Packit 141393
#define f3(x, y, z)   ((x & y) + (z & (x ^ y)))
Packit 141393
#define f4(x, y, z)   f2(x, y, z)
Packit 141393
Packit 141393
#define K1  0x5a827999
Packit 141393
#define K2  0x6ed9eba1
Packit 141393
#define K3  0x8f1bbcdc
Packit 141393
#define K4  0xca62c1d6
Packit 141393
Packit 141393
#define R(a, b, c, d, e, f, k, w)  \
Packit 141393
	e += rol32(a, 5) + f(b, c, d) + k + w; b = rol32(b, 30)
Packit 141393
Packit 141393
#define M(i)  (w[i & 0x0f] = rol32(w[i & 0x0f] ^ w[(i - 14) & 0x0f] \
Packit 141393
              ^ w[(i - 8) & 0x0f] ^ w[(i - 3) & 0x0f], 1))
Packit 141393
Packit 141393
static inline void sha1_do_chunk(struct sha1_ctx *ctx, uint32_t *buf)
Packit 141393
{
Packit 141393
	uint32_t a, b, c, d, e;
Packit 141393
	uint32_t w[16];
Packit 141393
#define CPY(i)	w[i] = be32_to_cpu(buf[i])
Packit 141393
	CPY(0); CPY(1); CPY(2); CPY(3); CPY(4); CPY(5); CPY(6); CPY(7);
Packit 141393
	CPY(8); CPY(9); CPY(10); CPY(11); CPY(12); CPY(13); CPY(14); CPY(15);
Packit 141393
#undef CPY
Packit 141393
Packit 141393
	a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; e = ctx->h[4];
Packit 141393
Packit 141393
	R(a, b, c, d, e, f1, K1, w[0]);
Packit 141393
	R(e, a, b, c, d, f1, K1, w[1]);
Packit 141393
	R(d, e, a, b, c, f1, K1, w[2]);
Packit 141393
	R(c, d, e, a, b, f1, K1, w[3]);
Packit 141393
	R(b, c, d, e, a, f1, K1, w[4]);
Packit 141393
	R(a, b, c, d, e, f1, K1, w[5]);
Packit 141393
	R(e, a, b, c, d, f1, K1, w[6]);
Packit 141393
	R(d, e, a, b, c, f1, K1, w[7]);
Packit 141393
	R(c, d, e, a, b, f1, K1, w[8]);
Packit 141393
	R(b, c, d, e, a, f1, K1, w[9]);
Packit 141393
	R(a, b, c, d, e, f1, K1, w[10]);
Packit 141393
	R(e, a, b, c, d, f1, K1, w[11]);
Packit 141393
	R(d, e, a, b, c, f1, K1, w[12]);
Packit 141393
	R(c, d, e, a, b, f1, K1, w[13]);
Packit 141393
	R(b, c, d, e, a, f1, K1, w[14]);
Packit 141393
	R(a, b, c, d, e, f1, K1, w[15]);
Packit 141393
	R(e, a, b, c, d, f1, K1, M(16));
Packit 141393
	R(d, e, a, b, c, f1, K1, M(17));
Packit 141393
	R(c, d, e, a, b, f1, K1, M(18));
Packit 141393
	R(b, c, d, e, a, f1, K1, M(19));
Packit 141393
Packit 141393
	R(a, b, c, d, e, f2, K2, M(20));
Packit 141393
	R(e, a, b, c, d, f2, K2, M(21));
Packit 141393
	R(d, e, a, b, c, f2, K2, M(22));
Packit 141393
	R(c, d, e, a, b, f2, K2, M(23));
Packit 141393
	R(b, c, d, e, a, f2, K2, M(24));
Packit 141393
	R(a, b, c, d, e, f2, K2, M(25));
Packit 141393
	R(e, a, b, c, d, f2, K2, M(26));
Packit 141393
	R(d, e, a, b, c, f2, K2, M(27));
Packit 141393
	R(c, d, e, a, b, f2, K2, M(28));
Packit 141393
	R(b, c, d, e, a, f2, K2, M(29));
Packit 141393
	R(a, b, c, d, e, f2, K2, M(30));
Packit 141393
	R(e, a, b, c, d, f2, K2, M(31));
Packit 141393
	R(d, e, a, b, c, f2, K2, M(32));
Packit 141393
	R(c, d, e, a, b, f2, K2, M(33));
Packit 141393
	R(b, c, d, e, a, f2, K2, M(34));
Packit 141393
	R(a, b, c, d, e, f2, K2, M(35));
Packit 141393
	R(e, a, b, c, d, f2, K2, M(36));
Packit 141393
	R(d, e, a, b, c, f2, K2, M(37));
Packit 141393
	R(c, d, e, a, b, f2, K2, M(38));
Packit 141393
	R(b, c, d, e, a, f2, K2, M(39));
Packit 141393
Packit 141393
	R(a, b, c, d, e, f3, K3, M(40));
Packit 141393
	R(e, a, b, c, d, f3, K3, M(41));
Packit 141393
	R(d, e, a, b, c, f3, K3, M(42));
Packit 141393
	R(c, d, e, a, b, f3, K3, M(43));
Packit 141393
	R(b, c, d, e, a, f3, K3, M(44));
Packit 141393
	R(a, b, c, d, e, f3, K3, M(45));
Packit 141393
	R(e, a, b, c, d, f3, K3, M(46));
Packit 141393
	R(d, e, a, b, c, f3, K3, M(47));
Packit 141393
	R(c, d, e, a, b, f3, K3, M(48));
Packit 141393
	R(b, c, d, e, a, f3, K3, M(49));
Packit 141393
	R(a, b, c, d, e, f3, K3, M(50));
Packit 141393
	R(e, a, b, c, d, f3, K3, M(51));
Packit 141393
	R(d, e, a, b, c, f3, K3, M(52));
Packit 141393
	R(c, d, e, a, b, f3, K3, M(53));
Packit 141393
	R(b, c, d, e, a, f3, K3, M(54));
Packit 141393
	R(a, b, c, d, e, f3, K3, M(55));
Packit 141393
	R(e, a, b, c, d, f3, K3, M(56));
Packit 141393
	R(d, e, a, b, c, f3, K3, M(57));
Packit 141393
	R(c, d, e, a, b, f3, K3, M(58));
Packit 141393
	R(b, c, d, e, a, f3, K3, M(59));
Packit 141393
Packit 141393
	R(a, b, c, d, e, f4, K4, M(60));
Packit 141393
	R(e, a, b, c, d, f4, K4, M(61));
Packit 141393
	R(d, e, a, b, c, f4, K4, M(62));
Packit 141393
	R(c, d, e, a, b, f4, K4, M(63));
Packit 141393
	R(b, c, d, e, a, f4, K4, M(64));
Packit 141393
	R(a, b, c, d, e, f4, K4, M(65));
Packit 141393
	R(e, a, b, c, d, f4, K4, M(66));
Packit 141393
	R(d, e, a, b, c, f4, K4, M(67));
Packit 141393
	R(c, d, e, a, b, f4, K4, M(68));
Packit 141393
	R(b, c, d, e, a, f4, K4, M(69));
Packit 141393
	R(a, b, c, d, e, f4, K4, M(70));
Packit 141393
	R(e, a, b, c, d, f4, K4, M(71));
Packit 141393
	R(d, e, a, b, c, f4, K4, M(72));
Packit 141393
	R(c, d, e, a, b, f4, K4, M(73));
Packit 141393
	R(b, c, d, e, a, f4, K4, M(74));
Packit 141393
	R(a, b, c, d, e, f4, K4, M(75));
Packit 141393
	R(e, a, b, c, d, f4, K4, M(76));
Packit 141393
	R(d, e, a, b, c, f4, K4, M(77));
Packit 141393
	R(c, d, e, a, b, f4, K4, M(78));
Packit 141393
	R(b, c, d, e, a, f4, K4, M(79));
Packit 141393
Packit 141393
	ctx->h[0] += a;
Packit 141393
	ctx->h[1] += b;
Packit 141393
	ctx->h[2] += c;
Packit 141393
	ctx->h[3] += d;
Packit 141393
	ctx->h[4] += e;
Packit 141393
}
Packit 141393
Packit 141393
void cryptonite_sha1_update(struct sha1_ctx *ctx, const uint8_t *data, uint32_t len)
Packit 141393
{
Packit 141393
	uint32_t index, to_fill;
Packit 141393
Packit 141393
	index = (uint32_t) (ctx->sz & 0x3f);
Packit 141393
	to_fill = 64 - index;
Packit 141393
Packit 141393
	ctx->sz += len;
Packit 141393
Packit 141393
	/* process partial buffer if there's enough data to make a block */
Packit 141393
	if (index && len >= to_fill) {
Packit 141393
		memcpy(ctx->buf + index, data, to_fill);
Packit 141393
		sha1_do_chunk(ctx, (uint32_t *) ctx->buf);
Packit 141393
		len -= to_fill;
Packit 141393
		data += to_fill;
Packit 141393
		index = 0;
Packit 141393
	}
Packit 141393
Packit 141393
	if (need_alignment(data, 4)) {
Packit 141393
		uint32_t tramp[16];
Packit 141393
		ASSERT_ALIGNMENT(tramp, 4);
Packit 141393
		for (; len >= 64; len -= 64, data += 64) {
Packit 141393
			memcpy(tramp, data, 64);
Packit 141393
			sha1_do_chunk(ctx, tramp);
Packit 141393
		}
Packit 141393
	} else {
Packit 141393
		/* process as much 64-block as possible */
Packit 141393
		for (; len >= 64; len -= 64, data += 64)
Packit 141393
			sha1_do_chunk(ctx, (uint32_t *) data);
Packit 141393
	}
Packit 141393
Packit 141393
	/* append data into buf */
Packit 141393
	if (len)
Packit 141393
		memcpy(ctx->buf + index, data, len);
Packit 141393
}
Packit 141393
Packit 141393
void cryptonite_sha1_finalize(struct sha1_ctx *ctx, uint8_t *out)
Packit 141393
{
Packit 141393
	static uint8_t padding[64] = { 0x80, };
Packit 141393
	uint64_t bits;
Packit 141393
	uint32_t index, padlen;
Packit 141393
Packit 141393
	/* add padding and update data with it */
Packit 141393
	bits = cpu_to_be64(ctx->sz << 3);
Packit 141393
Packit 141393
	/* pad out to 56 */
Packit 141393
	index = (uint32_t) (ctx->sz & 0x3f);
Packit 141393
	padlen = (index < 56) ? (56 - index) : ((64 + 56) - index);
Packit 141393
	cryptonite_sha1_update(ctx, padding, padlen);
Packit 141393
Packit 141393
	/* append length */
Packit 141393
	cryptonite_sha1_update(ctx, (uint8_t *) &bits, sizeof(bits));
Packit 141393
Packit 141393
	/* output hash */
Packit 141393
	store_be32(out   , ctx->h[0]);
Packit 141393
	store_be32(out+ 4, ctx->h[1]);
Packit 141393
	store_be32(out+ 8, ctx->h[2]);
Packit 141393
	store_be32(out+12, ctx->h[3]);
Packit 141393
	store_be32(out+16, ctx->h[4]);
Packit 141393
}