source: branches/2.2.2/mindi-busybox/libbb/sha1.c @ 1247

Last change on this file since 1247 was 821, checked in by Bruno Cornec, 14 years ago

Addition of busybox 1.2.1 as a mindi-busybox new package
This should avoid delivering binary files in mindi not built there (Fedora and Debian are quite serious about that)

File size: 6.1 KB
Line 
1/*
2 *  Based on shasum from http://www.netsw.org/crypto/hash/
3 *  Majorly hacked up to use Dr Brian Gladman's sha1 code
4 *
5 *  Copyright (C) 2002 Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
6 *  Copyright (C) 2003 Glenn L. McGrath
7 *  Copyright (C) 2003 Erik Andersen
8 * 
9 *  LICENSE TERMS
10 *
11 *  The free distribution and use of this software in both source and binary
12 *  form is allowed (with or without changes) provided that:
13 *
14 *    1. distributions of this source code include the above copyright
15 *       notice, this list of conditions and the following disclaimer;
16 *
17 *    2. distributions in binary form include the above copyright
18 *       notice, this list of conditions and the following disclaimer
19 *       in the documentation and/or other associated materials;
20 *
21 *    3. the copyright holder's name is not used to endorse products
22 *       built using this software without specific written permission.
23 *
24 *  ALTERNATIVELY, provided that this notice is retained in full, this product
25 *  may be distributed under the terms of the GNU General Public License (GPL),
26 *  in which case the provisions of the GPL apply INSTEAD OF those given above.
27 *
28 *  DISCLAIMER
29 *
30 *  This software is provided 'as is' with no explicit or implied warranties
31 *  in respect of its properties, including, but not limited to, correctness
32 *  and/or fitness for purpose.
33 *  ---------------------------------------------------------------------------
34 *  Issue Date: 10/11/2002
35 *
36 *  This is a byte oriented version of SHA1 that operates on arrays of bytes
37 *  stored in memory. It runs at 22 cycles per byte on a Pentium P4 processor
38 */
39
40#include <fcntl.h>
41#include <limits.h>
42#include <stdio.h>
43#include <stdint.h>
44#include <stdlib.h>
45#include <string.h>
46#include <unistd.h>
47
48#include "libbb.h"
49
50# define SHA1_BLOCK_SIZE  64
51# define SHA1_DIGEST_SIZE 20
52# define SHA1_HASH_SIZE   SHA1_DIGEST_SIZE
53# define SHA2_GOOD        0
54# define SHA2_BAD         1
55
56# define rotl32(x,n) (((x) << n) | ((x) >> (32 - n)))
57
58# define SHA1_MASK   (SHA1_BLOCK_SIZE - 1)
59
60/* reverse byte order in 32-bit words   */
61#define ch(x,y,z)       ((z) ^ ((x) & ((y) ^ (z))))
62#define parity(x,y,z)   ((x) ^ (y) ^ (z))
63#define maj(x,y,z)      (((x) & (y)) | ((z) & ((x) | (y))))
64
65/* A normal version as set out in the FIPS. This version uses   */
66/* partial loop unrolling and is optimised for the Pentium 4    */
67# define rnd(f,k)    \
68    t = a; a = rotl32(a,5) + f(b,c,d) + e + k + w[i]; \
69    e = d; d = c; c = rotl32(b, 30); b = t
70
71
72static void sha1_compile(sha1_ctx_t *ctx)
73{
74    uint32_t w[80], i, a, b, c, d, e, t;
75
76    /* note that words are compiled from the buffer into 32-bit */
77    /* words in big-endian order so an order reversal is needed */
78    /* here on little endian machines                           */
79    for (i = 0; i < SHA1_BLOCK_SIZE / 4; ++i)
80        w[i] = htonl(ctx->wbuf[i]);
81
82    for (i = SHA1_BLOCK_SIZE / 4; i < 80; ++i)
83        w[i] = rotl32(w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16], 1);
84
85    a = ctx->hash[0];
86    b = ctx->hash[1];
87    c = ctx->hash[2];
88    d = ctx->hash[3];
89    e = ctx->hash[4];
90
91    for (i = 0; i < 20; ++i) {
92        rnd(ch, 0x5a827999);
93    }
94
95    for (i = 20; i < 40; ++i) {
96        rnd(parity, 0x6ed9eba1);
97    }
98
99    for (i = 40; i < 60; ++i) {
100        rnd(maj, 0x8f1bbcdc);
101    }
102
103    for (i = 60; i < 80; ++i) {
104        rnd(parity, 0xca62c1d6);
105    }
106
107    ctx->hash[0] += a;
108    ctx->hash[1] += b;
109    ctx->hash[2] += c;
110    ctx->hash[3] += d;
111    ctx->hash[4] += e;
112}
113
114void sha1_begin(sha1_ctx_t *ctx)
115{
116    ctx->count[0] = ctx->count[1] = 0;
117    ctx->hash[0] = 0x67452301;
118    ctx->hash[1] = 0xefcdab89;
119    ctx->hash[2] = 0x98badcfe;
120    ctx->hash[3] = 0x10325476;
121    ctx->hash[4] = 0xc3d2e1f0;
122}
123
124/* SHA1 hash data in an array of bytes into hash buffer and call the        */
125/* hash_compile function as required.                                       */
126void sha1_hash(const void *data, size_t length, sha1_ctx_t *ctx)
127{
128    uint32_t pos = (uint32_t) (ctx->count[0] & SHA1_MASK);
129    uint32_t freeb = SHA1_BLOCK_SIZE - pos;
130    const unsigned char *sp = data;
131
132    if ((ctx->count[0] += length) < length)
133        ++(ctx->count[1]);
134
135    while (length >= freeb) {   /* tranfer whole blocks while possible  */
136        memcpy(((unsigned char *) ctx->wbuf) + pos, sp, freeb);
137        sp += freeb;
138        length -= freeb;
139        freeb = SHA1_BLOCK_SIZE;
140        pos = 0;
141        sha1_compile(ctx);
142    }
143
144    memcpy(((unsigned char *) ctx->wbuf) + pos, sp, length);
145}
146
147void *sha1_end(void *resbuf, sha1_ctx_t *ctx)
148{
149    /* SHA1 Final padding and digest calculation  */
150#if BB_BIG_ENDIAN
151    static uint32_t mask[4] = { 0x00000000, 0xff000000, 0xffff0000, 0xffffff00 };
152    static uint32_t bits[4] = { 0x80000000, 0x00800000, 0x00008000, 0x00000080 };
153#else
154    static uint32_t mask[4] = { 0x00000000, 0x000000ff, 0x0000ffff, 0x00ffffff };
155    static uint32_t bits[4] = { 0x00000080, 0x00008000, 0x00800000, 0x80000000 };
156#endif
157
158    uint8_t *hval = resbuf;
159    uint32_t i, cnt = (uint32_t) (ctx->count[0] & SHA1_MASK);
160
161    /* mask out the rest of any partial 32-bit word and then set    */
162    /* the next byte to 0x80. On big-endian machines any bytes in   */
163    /* the buffer will be at the top end of 32 bit words, on little */
164    /* endian machines they will be at the bottom. Hence the AND    */
165    /* and OR masks above are reversed for little endian systems    */
166    ctx->wbuf[cnt >> 2] =
167        (ctx->wbuf[cnt >> 2] & mask[cnt & 3]) | bits[cnt & 3];
168
169    /* we need 9 or more empty positions, one for the padding byte  */
170    /* (above) and eight for the length count.  If there is not     */
171    /* enough space pad and empty the buffer                        */
172    if (cnt > SHA1_BLOCK_SIZE - 9) {
173        if (cnt < 60)
174            ctx->wbuf[15] = 0;
175        sha1_compile(ctx);
176        cnt = 0;
177    } else              /* compute a word index for the empty buffer positions  */
178        cnt = (cnt >> 2) + 1;
179
180    while (cnt < 14)    /* and zero pad all but last two positions      */
181        ctx->wbuf[cnt++] = 0;
182
183    /* assemble the eight byte counter in the buffer in big-endian  */
184    /* format                                  */
185
186    ctx->wbuf[14] = htonl((ctx->count[1] << 3) | (ctx->count[0] >> 29));
187    ctx->wbuf[15] = htonl(ctx->count[0] << 3);
188
189    sha1_compile(ctx);
190
191    /* extract the hash value as bytes in case the hash buffer is   */
192    /* misaligned for 32-bit words                                  */
193
194    for (i = 0; i < SHA1_DIGEST_SIZE; ++i)
195        hval[i] = (unsigned char) (ctx->hash[i >> 2] >> 8 * (~i & 3));
196   
197    return resbuf;
198}
199
200
Note: See TracBrowser for help on using the repository browser.