/contrib/bind9/lib/isc/sha1.c

  1/*
  2 * Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012  Internet Systems Consortium, Inc. ("ISC")
  3 * Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
  4 *
  5 * Permission to use, copy, modify, and/or distribute this software for any
  6 * purpose with or without fee is hereby granted, provided that the above
  7 * copyright notice and this permission notice appear in all copies.
  8 *
  9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 11 * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 15 * PERFORMANCE OF THIS SOFTWARE.
 16 */
 17
 18/* $Id$ */
 19
 20/*	$NetBSD: sha1.c,v 1.5 2000/01/22 22:19:14 mycroft Exp $	*/
 21/*	$OpenBSD: sha1.c,v 1.9 1997/07/23 21:12:32 kstailey Exp $	*/
 22
 23/*! \file
 24 * SHA-1 in C
 25 * \author By Steve Reid <steve@edmweb.com>
 26 * 100% Public Domain
 27 * \verbatim
 28 * Test Vectors (from FIPS PUB 180-1)
 29 * "abc"
 30 *   A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
 31 * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
 32 *   84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
 33 * A million repetitions of "a"
 34 *   34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
 35 * \endverbatim
 36 */
 37
 38#include "config.h"
 39
 40#include <isc/assertions.h>
 41#include <isc/platform.h>
 42#include <isc/sha1.h>
 43#include <isc/string.h>
 44#include <isc/types.h>
 45#include <isc/util.h>
 46
 47#ifdef ISC_PLATFORM_OPENSSLHASH
 48
 49void
 50isc_sha1_init(isc_sha1_t *context)
 51{
 52	INSIST(context != NULL);
 53
 54	EVP_DigestInit(context, EVP_sha1());
 55}
 56
 57void
 58isc_sha1_invalidate(isc_sha1_t *context) {
 59	EVP_MD_CTX_cleanup(context);
 60}
 61
 62void
 63isc_sha1_update(isc_sha1_t *context, const unsigned char *data,
 64		unsigned int len)
 65{
 66	INSIST(context != 0);
 67	INSIST(data != 0);
 68
 69	EVP_DigestUpdate(context, (const void *) data, (size_t) len);
 70}
 71
 72void
 73isc_sha1_final(isc_sha1_t *context, unsigned char *digest) {
 74	INSIST(digest != 0);
 75	INSIST(context != 0);
 76
 77	EVP_DigestFinal(context, digest, NULL);
 78}
 79
 80#else
 81
 82#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
 83
 84/*@{*/
 85/*!
 86 * blk0() and blk() perform the initial expand.
 87 * I got the idea of expanding during the round function from SSLeay
 88 */
 89#if !defined(WORDS_BIGENDIAN)
 90# define blk0(i) \
 91	(block->l[i] = (rol(block->l[i], 24) & 0xFF00FF00) \
 92	 | (rol(block->l[i], 8) & 0x00FF00FF))
 93#else
 94# define blk0(i) block->l[i]
 95#endif
 96#define blk(i) \
 97	(block->l[i & 15] = rol(block->l[(i + 13) & 15] \
 98				^ block->l[(i + 8) & 15] \
 99				^ block->l[(i + 2) & 15] \
100				^ block->l[i & 15], 1))
101
102/*@}*/
103/*@{*/
104/*!
105 * (R0+R1), R2, R3, R4 are the different operations (rounds) used in SHA1
106 */
107#define R0(v,w,x,y,z,i) \
108	z += ((w & (x ^ y)) ^ y) + blk0(i) + 0x5A827999 + rol(v, 5); \
109	w = rol(w, 30);
110#define R1(v,w,x,y,z,i) \
111	z += ((w & (x ^ y)) ^ y) + blk(i) + 0x5A827999 + rol(v, 5); \
112	w = rol(w, 30);
113#define R2(v,w,x,y,z,i) \
114	z += (w ^ x ^ y) + blk(i) + 0x6ED9EBA1 + rol(v, 5); \
115	w = rol(w, 30);
116#define R3(v,w,x,y,z,i) \
117	z += (((w | x) & y) | (w & x)) + blk(i) + 0x8F1BBCDC + rol(v, 5); \
118	w = rol(w, 30);
119#define R4(v,w,x,y,z,i) \
120	z += (w ^ x ^ y) + blk(i) + 0xCA62C1D6 + rol(v, 5); \
121	w = rol(w, 30);
122
123/*@}*/
124
125typedef union {
126	unsigned char c[64];
127	unsigned int l[16];
128} CHAR64LONG16;
129
130#ifdef __sparc_v9__
131static void do_R01(isc_uint32_t *a, isc_uint32_t *b, isc_uint32_t *c,
132		   isc_uint32_t *d, isc_uint32_t *e, CHAR64LONG16 *);
133static void do_R2(isc_uint32_t *a, isc_uint32_t *b, isc_uint32_t *c,
134		  isc_uint32_t *d, isc_uint32_t *e, CHAR64LONG16 *);
135static void do_R3(isc_uint32_t *a, isc_uint32_t *b, isc_uint32_t *c,
136		  isc_uint32_t *d, isc_uint32_t *e, CHAR64LONG16 *);
137static void do_R4(isc_uint32_t *a, isc_uint32_t *b, isc_uint32_t *c,
138		  isc_uint32_t *d, isc_uint32_t *e, CHAR64LONG16 *);
139
140#define nR0(v,w,x,y,z,i) R0(*v,*w,*x,*y,*z,i)
141#define nR1(v,w,x,y,z,i) R1(*v,*w,*x,*y,*z,i)
142#define nR2(v,w,x,y,z,i) R2(*v,*w,*x,*y,*z,i)
143#define nR3(v,w,x,y,z,i) R3(*v,*w,*x,*y,*z,i)
144#define nR4(v,w,x,y,z,i) R4(*v,*w,*x,*y,*z,i)
145
146static void
147do_R01(isc_uint32_t *a, isc_uint32_t *b, isc_uint32_t *c, isc_uint32_t *d,
148       isc_uint32_t *e, CHAR64LONG16 *block)
149{
150	nR0(a,b,c,d,e, 0); nR0(e,a,b,c,d, 1); nR0(d,e,a,b,c, 2);
151	nR0(c,d,e,a,b, 3); nR0(b,c,d,e,a, 4); nR0(a,b,c,d,e, 5);
152	nR0(e,a,b,c,d, 6); nR0(d,e,a,b,c, 7); nR0(c,d,e,a,b, 8);
153	nR0(b,c,d,e,a, 9); nR0(a,b,c,d,e,10); nR0(e,a,b,c,d,11);
154	nR0(d,e,a,b,c,12); nR0(c,d,e,a,b,13); nR0(b,c,d,e,a,14);
155	nR0(a,b,c,d,e,15); nR1(e,a,b,c,d,16); nR1(d,e,a,b,c,17);
156	nR1(c,d,e,a,b,18); nR1(b,c,d,e,a,19);
157}
158
159static void
160do_R2(isc_uint32_t *a, isc_uint32_t *b, isc_uint32_t *c, isc_uint32_t *d,
161      isc_uint32_t *e, CHAR64LONG16 *block)
162{
163	nR2(a,b,c,d,e,20); nR2(e,a,b,c,d,21); nR2(d,e,a,b,c,22);
164	nR2(c,d,e,a,b,23); nR2(b,c,d,e,a,24); nR2(a,b,c,d,e,25);
165	nR2(e,a,b,c,d,26); nR2(d,e,a,b,c,27); nR2(c,d,e,a,b,28);
166	nR2(b,c,d,e,a,29); nR2(a,b,c,d,e,30); nR2(e,a,b,c,d,31);
167	nR2(d,e,a,b,c,32); nR2(c,d,e,a,b,33); nR2(b,c,d,e,a,34);
168	nR2(a,b,c,d,e,35); nR2(e,a,b,c,d,36); nR2(d,e,a,b,c,37);
169	nR2(c,d,e,a,b,38); nR2(b,c,d,e,a,39);
170}
171
172static void
173do_R3(isc_uint32_t *a, isc_uint32_t *b, isc_uint32_t *c, isc_uint32_t *d,
174      isc_uint32_t *e, CHAR64LONG16 *block)
175{
176	nR3(a,b,c,d,e,40); nR3(e,a,b,c,d,41); nR3(d,e,a,b,c,42);
177	nR3(c,d,e,a,b,43); nR3(b,c,d,e,a,44); nR3(a,b,c,d,e,45);
178	nR3(e,a,b,c,d,46); nR3(d,e,a,b,c,47); nR3(c,d,e,a,b,48);
179	nR3(b,c,d,e,a,49); nR3(a,b,c,d,e,50); nR3(e,a,b,c,d,51);
180	nR3(d,e,a,b,c,52); nR3(c,d,e,a,b,53); nR3(b,c,d,e,a,54);
181	nR3(a,b,c,d,e,55); nR3(e,a,b,c,d,56); nR3(d,e,a,b,c,57);
182	nR3(c,d,e,a,b,58); nR3(b,c,d,e,a,59);
183}
184
185static void
186do_R4(isc_uint32_t *a, isc_uint32_t *b, isc_uint32_t *c, isc_uint32_t *d,
187      isc_uint32_t *e, CHAR64LONG16 *block)
188{
189	nR4(a,b,c,d,e,60); nR4(e,a,b,c,d,61); nR4(d,e,a,b,c,62);
190	nR4(c,d,e,a,b,63); nR4(b,c,d,e,a,64); nR4(a,b,c,d,e,65);
191	nR4(e,a,b,c,d,66); nR4(d,e,a,b,c,67); nR4(c,d,e,a,b,68);
192	nR4(b,c,d,e,a,69); nR4(a,b,c,d,e,70); nR4(e,a,b,c,d,71);
193	nR4(d,e,a,b,c,72); nR4(c,d,e,a,b,73); nR4(b,c,d,e,a,74);
194	nR4(a,b,c,d,e,75); nR4(e,a,b,c,d,76); nR4(d,e,a,b,c,77);
195	nR4(c,d,e,a,b,78); nR4(b,c,d,e,a,79);
196}
197#endif
198
199/*!
200 * Hash a single 512-bit block. This is the core of the algorithm.
201 */
202static void
203transform(isc_uint32_t state[5], const unsigned char buffer[64]) {
204	isc_uint32_t a, b, c, d, e;
205	CHAR64LONG16 *block;
206	CHAR64LONG16 workspace;
207
208	INSIST(buffer != NULL);
209	INSIST(state != NULL);
210
211	block = &workspace;
212	(void)memcpy(block, buffer, 64);
213
214	/* Copy context->state[] to working vars */
215	a = state[0];
216	b = state[1];
217	c = state[2];
218	d = state[3];
219	e = state[4];
220
221#ifdef __sparc_v9__
222	do_R01(&a, &b, &c, &d, &e, block);
223	do_R2(&a, &b, &c, &d, &e, block);
224	do_R3(&a, &b, &c, &d, &e, block);
225	do_R4(&a, &b, &c, &d, &e, block);
226#else
227	/* 4 rounds of 20 operations each. Loop unrolled. */
228	R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
229	R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
230	R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
231	R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
232	R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
233	R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
234	R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
235	R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
236	R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
237	R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
238	R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
239	R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
240	R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
241	R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
242	R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
243	R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
244	R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
245	R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
246	R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
247	R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
248#endif
249
250	/* Add the working vars back into context.state[] */
251	state[0] += a;
252	state[1] += b;
253	state[2] += c;
254	state[3] += d;
255	state[4] += e;
256
257	/* Wipe variables */
258	a = b = c = d = e = 0;
259	/* Avoid compiler warnings */
260	POST(a); POST(b); POST(c); POST(d); POST(e);
261}
262
263
264/*!
265 * isc_sha1_init - Initialize new context
266 */
267void
268isc_sha1_init(isc_sha1_t *context)
269{
270	INSIST(context != NULL);
271
272	/* SHA1 initialization constants */
273	context->state[0] = 0x67452301;
274	context->state[1] = 0xEFCDAB89;
275	context->state[2] = 0x98BADCFE;
276	context->state[3] = 0x10325476;
277	context->state[4] = 0xC3D2E1F0;
278	context->count[0] = 0;
279	context->count[1] = 0;
280}
281
282void
283isc_sha1_invalidate(isc_sha1_t *context) {
284	memset(context, 0, sizeof(isc_sha1_t));
285}
286
287/*!
288 * Run your data through this.
289 */
290void
291isc_sha1_update(isc_sha1_t *context, const unsigned char *data,
292		unsigned int len)
293{
294	unsigned int i, j;
295
296	INSIST(context != 0);
297	INSIST(data != 0);
298
299	j = context->count[0];
300	if ((context->count[0] += len << 3) < j)
301		context->count[1] += (len >> 29) + 1;
302	j = (j >> 3) & 63;
303	if ((j + len) > 63) {
304		(void)memcpy(&context->buffer[j], data, (i = 64 - j));
305		transform(context->state, context->buffer);
306		for (; i + 63 < len; i += 64)
307			transform(context->state, &data[i]);
308		j = 0;
309	} else {
310		i = 0;
311	}
312
313	(void)memcpy(&context->buffer[j], &data[i], len - i);
314}
315
316
317/*!
318 * Add padding and return the message digest.
319 */
320
321static const unsigned char final_200 = 128;
322static const unsigned char final_0 = 0;
323
324void
325isc_sha1_final(isc_sha1_t *context, unsigned char *digest) {
326	unsigned int i;
327	unsigned char finalcount[8];
328
329	INSIST(digest != 0);
330	INSIST(context != 0);
331
332	for (i = 0; i < 8; i++) {
333		/* Endian independent */
334		finalcount[i] = (unsigned char)
335			((context->count[(i >= 4 ? 0 : 1)]
336			  >> ((3 - (i & 3)) * 8)) & 255);
337	}
338
339	isc_sha1_update(context, &final_200, 1);
340	while ((context->count[0] & 504) != 448)
341		isc_sha1_update(context, &final_0, 1);
342	/* The next Update should cause a transform() */
343	isc_sha1_update(context, finalcount, 8);
344
345	if (digest) {
346		for (i = 0; i < 20; i++)
347			digest[i] = (unsigned char)
348				((context->state[i >> 2]
349				  >> ((3 - (i & 3)) * 8)) & 255);
350	}
351
352	memset(context, 0, sizeof(isc_sha1_t));
353}
354#endif