2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
27 #define F(B, C, D) ((((C) ^ (D)) & (B)) ^ (D))
28 #define G(B, C, D) ((B) ^ (C) ^ (D))
29 #define H(B, C, D) (((D) & (C)) | (((D) | (C)) & (B)))
30 #define I(B, C, D) G(B, C, D)
32 #define ROTL(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
34 #define K1 ((uint32_t)0x5A827999)
35 #define K2 ((uint32_t)0x6ED9EBA1)
36 #define K3 ((uint32_t)0x8F1BBCDC)
37 #define K4 ((uint32_t)0xCA62C1D6)
40 const uint32_t br_sha1_IV
[5] = {
41 0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0
46 br_sha1_round(const unsigned char *buf
, uint32_t *val
)
49 uint32_t a
, b
, c
, d
, e
;
57 br_range_dec32be(m
, 16, buf
);
58 for (i
= 16; i
< 80; i
++) {
59 uint32_t x
= m
[i
- 3] ^ m
[i
- 8] ^ m
[i
- 14] ^ m
[i
- 16];
63 for (i
= 0; i
< 20; i
+= 5) {
64 e
+= ROTL(a
, 5) + F(b
, c
, d
) + K1
+ m
[i
+ 0]; b
= ROTL(b
, 30);
65 d
+= ROTL(e
, 5) + F(a
, b
, c
) + K1
+ m
[i
+ 1]; a
= ROTL(a
, 30);
66 c
+= ROTL(d
, 5) + F(e
, a
, b
) + K1
+ m
[i
+ 2]; e
= ROTL(e
, 30);
67 b
+= ROTL(c
, 5) + F(d
, e
, a
) + K1
+ m
[i
+ 3]; d
= ROTL(d
, 30);
68 a
+= ROTL(b
, 5) + F(c
, d
, e
) + K1
+ m
[i
+ 4]; c
= ROTL(c
, 30);
70 for (i
= 20; i
< 40; i
+= 5) {
71 e
+= ROTL(a
, 5) + G(b
, c
, d
) + K2
+ m
[i
+ 0]; b
= ROTL(b
, 30);
72 d
+= ROTL(e
, 5) + G(a
, b
, c
) + K2
+ m
[i
+ 1]; a
= ROTL(a
, 30);
73 c
+= ROTL(d
, 5) + G(e
, a
, b
) + K2
+ m
[i
+ 2]; e
= ROTL(e
, 30);
74 b
+= ROTL(c
, 5) + G(d
, e
, a
) + K2
+ m
[i
+ 3]; d
= ROTL(d
, 30);
75 a
+= ROTL(b
, 5) + G(c
, d
, e
) + K2
+ m
[i
+ 4]; c
= ROTL(c
, 30);
77 for (i
= 40; i
< 60; i
+= 5) {
78 e
+= ROTL(a
, 5) + H(b
, c
, d
) + K3
+ m
[i
+ 0]; b
= ROTL(b
, 30);
79 d
+= ROTL(e
, 5) + H(a
, b
, c
) + K3
+ m
[i
+ 1]; a
= ROTL(a
, 30);
80 c
+= ROTL(d
, 5) + H(e
, a
, b
) + K3
+ m
[i
+ 2]; e
= ROTL(e
, 30);
81 b
+= ROTL(c
, 5) + H(d
, e
, a
) + K3
+ m
[i
+ 3]; d
= ROTL(d
, 30);
82 a
+= ROTL(b
, 5) + H(c
, d
, e
) + K3
+ m
[i
+ 4]; c
= ROTL(c
, 30);
84 for (i
= 60; i
< 80; i
+= 5) {
85 e
+= ROTL(a
, 5) + I(b
, c
, d
) + K4
+ m
[i
+ 0]; b
= ROTL(b
, 30);
86 d
+= ROTL(e
, 5) + I(a
, b
, c
) + K4
+ m
[i
+ 1]; a
= ROTL(a
, 30);
87 c
+= ROTL(d
, 5) + I(e
, a
, b
) + K4
+ m
[i
+ 2]; e
= ROTL(e
, 30);
88 b
+= ROTL(c
, 5) + I(d
, e
, a
) + K4
+ m
[i
+ 3]; d
= ROTL(d
, 30);
89 a
+= ROTL(b
, 5) + I(c
, d
, e
) + K4
+ m
[i
+ 4]; c
= ROTL(c
, 30);
101 br_sha1_init(br_sha1_context
*cc
)
103 cc
->vtable
= &br_sha1_vtable
;
104 memcpy(cc
->val
, br_sha1_IV
, sizeof cc
->val
);
110 br_sha1_update(br_sha1_context
*cc
, const void *data
, size_t len
)
112 const unsigned char *buf
;
116 ptr
= (size_t)cc
->count
& 63;
124 memcpy(cc
->buf
+ ptr
, buf
, clen
);
128 cc
->count
+= (uint64_t)clen
;
130 br_sha1_round(cc
->buf
, cc
->val
);
138 br_sha1_out(const br_sha1_context
*cc
, void *dst
)
140 unsigned char buf
[64];
144 ptr
= (size_t)cc
->count
& 63;
145 memcpy(buf
, cc
->buf
, ptr
);
146 memcpy(val
, cc
->val
, sizeof val
);
149 memset(buf
+ ptr
, 0, 64 - ptr
);
150 br_sha1_round(buf
, val
);
153 memset(buf
+ ptr
, 0, 56 - ptr
);
155 br_enc64be(buf
+ 56, cc
->count
<< 3);
156 br_sha1_round(buf
, val
);
157 br_range_enc32be(dst
, val
, 5);
162 br_sha1_state(const br_sha1_context
*cc
, void *dst
)
164 br_range_enc32be(dst
, cc
->val
, 5);
170 br_sha1_set_state(br_sha1_context
*cc
, const void *stb
, uint64_t count
)
172 br_range_dec32be(cc
->val
, 5, stb
);
177 const br_hash_class br_sha1_vtable
= {
178 sizeof(br_sha1_context
),
179 BR_HASHDESC_ID(br_sha1_ID
)
180 | BR_HASHDESC_OUT(20)
181 | BR_HASHDESC_STATE(20)
182 | BR_HASHDESC_LBLEN(6)
183 | BR_HASHDESC_MD_PADDING
184 | BR_HASHDESC_MD_PADDING_BE
,
185 (void (*)(const br_hash_class
**))&br_sha1_init
,
186 (void (*)(const br_hash_class
**, const void *, size_t))&br_sha1_update
,
187 (void (*)(const br_hash_class
*const *, void *))&br_sha1_out
,
188 (uint64_t (*)(const br_hash_class
*const *, void *))&br_sha1_state
,
189 (void (*)(const br_hash_class
**, const void *, uint64_t))