projects / project / luci.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add axTLS sourcecode
[project/luci.git] / libs / nixio / axTLS / crypto / sha1.c
1 /*
2 * Copyright (c) 2007, Cameron Rich
3 *
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
8 *
9 * * Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 * * Neither the name of the axTLS project nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 /**
32 * SHA1 implementation - as defined in FIPS PUB 180-1 published April 17, 1995.
33 * This code was originally taken from RFC3174
34 */
35
36 #include <string.h>
37 #include "crypto.h"
38
39 /*
40 * Define the SHA1 circular left shift macro
41 */
42 #define SHA1CircularShift(bits,word) \
43 (((word) << (bits)) | ((word) >> (32-(bits))))
44
45 /* ----- static functions ----- */
46 static void SHA1PadMessage(SHA1_CTX *ctx);
47 static void SHA1ProcessMessageBlock(SHA1_CTX *ctx);
48
49 /**
50 * Initialize the SHA1 context
51 */
52 void SHA1_Init(SHA1_CTX *ctx)
53 {
54 ctx->Length_Low = 0;
55 ctx->Length_High = 0;
56 ctx->Message_Block_Index = 0;
57 ctx->Intermediate_Hash[0] = 0x67452301;
58 ctx->Intermediate_Hash[1] = 0xEFCDAB89;
59 ctx->Intermediate_Hash[2] = 0x98BADCFE;
60 ctx->Intermediate_Hash[3] = 0x10325476;
61 ctx->Intermediate_Hash[4] = 0xC3D2E1F0;
62 }
63
64 /**
65 * Accepts an array of octets as the next portion of the message.
66 */
67 void SHA1_Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
68 {
69 while (len--)
70 {
71 ctx->Message_Block[ctx->Message_Block_Index++] = (*msg & 0xFF);
72 ctx->Length_Low += 8;
73
74 if (ctx->Length_Low == 0)
75 ctx->Length_High++;
76
77 if (ctx->Message_Block_Index == 64)
78 SHA1ProcessMessageBlock(ctx);
79
80 msg++;
81 }
82 }
83
84 /**
85 * Return the 160-bit message digest into the user's array
86 */
87 void SHA1_Final(uint8_t *digest, SHA1_CTX *ctx)
88 {
89 int i;
90
91 SHA1PadMessage(ctx);
92 memset(ctx->Message_Block, 0, 64);
93 ctx->Length_Low = 0; /* and clear length */
94 ctx->Length_High = 0;
95
96 for (i = 0; i < SHA1_SIZE; i++)
97 {
98 digest[i] = ctx->Intermediate_Hash[i>>2] >> 8 * ( 3 - ( i & 0x03 ) );
99 }
100 }
101
102 /**
103 * Process the next 512 bits of the message stored in the array.
104 */
105 static void SHA1ProcessMessageBlock(SHA1_CTX *ctx)
106 {
107 const uint32_t K[] = { /* Constants defined in SHA-1 */
108 0x5A827999,
109 0x6ED9EBA1,
110 0x8F1BBCDC,
111 0xCA62C1D6
112 };
113 int t; /* Loop counter */
114 uint32_t temp; /* Temporary word value */
115 uint32_t W[80]; /* Word sequence */
116 uint32_t A, B, C, D, E; /* Word buffers */
117
118 /*
119 * Initialize the first 16 words in the array W
120 */
121 for (t = 0; t < 16; t++)
122 {
123 W[t] = ctx->Message_Block[t * 4] << 24;
124 W[t] |= ctx->Message_Block[t * 4 + 1] << 16;
125 W[t] |= ctx->Message_Block[t * 4 + 2] << 8;
126 W[t] |= ctx->Message_Block[t * 4 + 3];
127 }
128
129 for (t = 16; t < 80; t++)
130 {
131 W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
132 }
133
134 A = ctx->Intermediate_Hash[0];
135 B = ctx->Intermediate_Hash[1];
136 C = ctx->Intermediate_Hash[2];
137 D = ctx->Intermediate_Hash[3];
138 E = ctx->Intermediate_Hash[4];
139
140 for (t = 0; t < 20; t++)
141 {
142 temp = SHA1CircularShift(5,A) +
143 ((B & C) | ((~B) & D)) + E + W[t] + K[0];
144 E = D;
145 D = C;
146 C = SHA1CircularShift(30,B);
147
148 B = A;
149 A = temp;
150 }
151
152 for (t = 20; t < 40; t++)
153 {
154 temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
155 E = D;
156 D = C;
157 C = SHA1CircularShift(30,B);
158 B = A;
159 A = temp;
160 }
161
162 for (t = 40; t < 60; t++)
163 {
164 temp = SHA1CircularShift(5,A) +
165 ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
166 E = D;
167 D = C;
168 C = SHA1CircularShift(30,B);
169 B = A;
170 A = temp;
171 }
172
173 for (t = 60; t < 80; t++)
174 {
175 temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
176 E = D;
177 D = C;
178 C = SHA1CircularShift(30,B);
179 B = A;
180 A = temp;
181 }
182
183 ctx->Intermediate_Hash[0] += A;
184 ctx->Intermediate_Hash[1] += B;
185 ctx->Intermediate_Hash[2] += C;
186 ctx->Intermediate_Hash[3] += D;
187 ctx->Intermediate_Hash[4] += E;
188 ctx->Message_Block_Index = 0;
189 }
190
191 /*
192 * According to the standard, the message must be padded to an even
193 * 512 bits. The first padding bit must be a '1'. The last 64
194 * bits represent the length of the original message. All bits in
195 * between should be 0. This function will pad the message
196 * according to those rules by filling the Message_Block array
197 * accordingly. It will also call the ProcessMessageBlock function
198 * provided appropriately. When it returns, it can be assumed that
199 * the message digest has been computed.
200 *
201 * @param ctx [in, out] The SHA1 context
202 */
203 static void SHA1PadMessage(SHA1_CTX *ctx)
204 {
205 /*
206 * Check to see if the current message block is too small to hold
207 * the initial padding bits and length. If so, we will pad the
208 * block, process it, and then continue padding into a second
209 * block.
210 */
211 if (ctx->Message_Block_Index > 55)
212 {
213 ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
214 while(ctx->Message_Block_Index < 64)
215 {
216 ctx->Message_Block[ctx->Message_Block_Index++] = 0;
217 }
218
219 SHA1ProcessMessageBlock(ctx);
220
221 while (ctx->Message_Block_Index < 56)
222 {
223 ctx->Message_Block[ctx->Message_Block_Index++] = 0;
224 }
225 }
226 else
227 {
228 ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
229 while(ctx->Message_Block_Index < 56)
230 {
231
232 ctx->Message_Block[ctx->Message_Block_Index++] = 0;
233 }
234 }
235
236 /*
237 * Store the message length as the last 8 octets
238 */
239 ctx->Message_Block[56] = ctx->Length_High >> 24;
240 ctx->Message_Block[57] = ctx->Length_High >> 16;
241 ctx->Message_Block[58] = ctx->Length_High >> 8;
242 ctx->Message_Block[59] = ctx->Length_High;
243 ctx->Message_Block[60] = ctx->Length_Low >> 24;
244 ctx->Message_Block[61] = ctx->Length_Low >> 16;
245 ctx->Message_Block[62] = ctx->Length_Low >> 8;
246 ctx->Message_Block[63] = ctx->Length_Low;
247 SHA1ProcessMessageBlock(ctx);
248 }
Lua Configuration Interface (mirror)