/contrib/bind9/lib/isc/sha1.c

https://bitbucket.org/freebsd/freebsd-head/ · C · 354 lines · 241 code · 49 blank · 64 comment · 21 complexity · 7b5daf3bd7fb1c7a417e131005d54304 MD5 · raw file

  1. /*
  2. * Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
  3. * Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
  4. *
  5. * Permission to use, copy, modify, and/or distribute this software for any
  6. * purpose with or without fee is hereby granted, provided that the above
  7. * copyright notice and this permission notice appear in all copies.
  8. *
  9. * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  10. * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  11. * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  12. * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  13. * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  14. * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  15. * PERFORMANCE OF THIS SOFTWARE.
  16. */
  17. /* $Id$ */
  18. /* $NetBSD: sha1.c,v 1.5 2000/01/22 22:19:14 mycroft Exp $ */
  19. /* $OpenBSD: sha1.c,v 1.9 1997/07/23 21:12:32 kstailey Exp $ */
  20. /*! \file
  21. * SHA-1 in C
  22. * \author By Steve Reid <steve@edmweb.com>
  23. * 100% Public Domain
  24. * \verbatim
  25. * Test Vectors (from FIPS PUB 180-1)
  26. * "abc"
  27. * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
  28. * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
  29. * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
  30. * A million repetitions of "a"
  31. * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
  32. * \endverbatim
  33. */
  34. #include "config.h"
  35. #include <isc/assertions.h>
  36. #include <isc/platform.h>
  37. #include <isc/sha1.h>
  38. #include <isc/string.h>
  39. #include <isc/types.h>
  40. #include <isc/util.h>
  41. #ifdef ISC_PLATFORM_OPENSSLHASH
  42. void
  43. isc_sha1_init(isc_sha1_t *context)
  44. {
  45. INSIST(context != NULL);
  46. EVP_DigestInit(context, EVP_sha1());
  47. }
  48. void
  49. isc_sha1_invalidate(isc_sha1_t *context) {
  50. EVP_MD_CTX_cleanup(context);
  51. }
  52. void
  53. isc_sha1_update(isc_sha1_t *context, const unsigned char *data,
  54. unsigned int len)
  55. {
  56. INSIST(context != 0);
  57. INSIST(data != 0);
  58. EVP_DigestUpdate(context, (const void *) data, (size_t) len);
  59. }
  60. void
  61. isc_sha1_final(isc_sha1_t *context, unsigned char *digest) {
  62. INSIST(digest != 0);
  63. INSIST(context != 0);
  64. EVP_DigestFinal(context, digest, NULL);
  65. }
  66. #else
  67. #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
  68. /*@{*/
  69. /*!
  70. * blk0() and blk() perform the initial expand.
  71. * I got the idea of expanding during the round function from SSLeay
  72. */
  73. #if !defined(WORDS_BIGENDIAN)
  74. # define blk0(i) \
  75. (block->l[i] = (rol(block->l[i], 24) & 0xFF00FF00) \
  76. | (rol(block->l[i], 8) & 0x00FF00FF))
  77. #else
  78. # define blk0(i) block->l[i]
  79. #endif
  80. #define blk(i) \
  81. (block->l[i & 15] = rol(block->l[(i + 13) & 15] \
  82. ^ block->l[(i + 8) & 15] \
  83. ^ block->l[(i + 2) & 15] \
  84. ^ block->l[i & 15], 1))
  85. /*@}*/
  86. /*@{*/
  87. /*!
  88. * (R0+R1), R2, R3, R4 are the different operations (rounds) used in SHA1
  89. */
  90. #define R0(v,w,x,y,z,i) \
  91. z += ((w & (x ^ y)) ^ y) + blk0(i) + 0x5A827999 + rol(v, 5); \
  92. w = rol(w, 30);
  93. #define R1(v,w,x,y,z,i) \
  94. z += ((w & (x ^ y)) ^ y) + blk(i) + 0x5A827999 + rol(v, 5); \
  95. w = rol(w, 30);
  96. #define R2(v,w,x,y,z,i) \
  97. z += (w ^ x ^ y) + blk(i) + 0x6ED9EBA1 + rol(v, 5); \
  98. w = rol(w, 30);
  99. #define R3(v,w,x,y,z,i) \
  100. z += (((w | x) & y) | (w & x)) + blk(i) + 0x8F1BBCDC + rol(v, 5); \
  101. w = rol(w, 30);
  102. #define R4(v,w,x,y,z,i) \
  103. z += (w ^ x ^ y) + blk(i) + 0xCA62C1D6 + rol(v, 5); \
  104. w = rol(w, 30);
  105. /*@}*/
  106. typedef union {
  107. unsigned char c[64];
  108. unsigned int l[16];
  109. } CHAR64LONG16;
  110. #ifdef __sparc_v9__
  111. static void do_R01(isc_uint32_t *a, isc_uint32_t *b, isc_uint32_t *c,
  112. isc_uint32_t *d, isc_uint32_t *e, CHAR64LONG16 *);
  113. static void do_R2(isc_uint32_t *a, isc_uint32_t *b, isc_uint32_t *c,
  114. isc_uint32_t *d, isc_uint32_t *e, CHAR64LONG16 *);
  115. static void do_R3(isc_uint32_t *a, isc_uint32_t *b, isc_uint32_t *c,
  116. isc_uint32_t *d, isc_uint32_t *e, CHAR64LONG16 *);
  117. static void do_R4(isc_uint32_t *a, isc_uint32_t *b, isc_uint32_t *c,
  118. isc_uint32_t *d, isc_uint32_t *e, CHAR64LONG16 *);
  119. #define nR0(v,w,x,y,z,i) R0(*v,*w,*x,*y,*z,i)
  120. #define nR1(v,w,x,y,z,i) R1(*v,*w,*x,*y,*z,i)
  121. #define nR2(v,w,x,y,z,i) R2(*v,*w,*x,*y,*z,i)
  122. #define nR3(v,w,x,y,z,i) R3(*v,*w,*x,*y,*z,i)
  123. #define nR4(v,w,x,y,z,i) R4(*v,*w,*x,*y,*z,i)
  124. static void
  125. do_R01(isc_uint32_t *a, isc_uint32_t *b, isc_uint32_t *c, isc_uint32_t *d,
  126. isc_uint32_t *e, CHAR64LONG16 *block)
  127. {
  128. nR0(a,b,c,d,e, 0); nR0(e,a,b,c,d, 1); nR0(d,e,a,b,c, 2);
  129. nR0(c,d,e,a,b, 3); nR0(b,c,d,e,a, 4); nR0(a,b,c,d,e, 5);
  130. nR0(e,a,b,c,d, 6); nR0(d,e,a,b,c, 7); nR0(c,d,e,a,b, 8);
  131. nR0(b,c,d,e,a, 9); nR0(a,b,c,d,e,10); nR0(e,a,b,c,d,11);
  132. nR0(d,e,a,b,c,12); nR0(c,d,e,a,b,13); nR0(b,c,d,e,a,14);
  133. nR0(a,b,c,d,e,15); nR1(e,a,b,c,d,16); nR1(d,e,a,b,c,17);
  134. nR1(c,d,e,a,b,18); nR1(b,c,d,e,a,19);
  135. }
  136. static void
  137. do_R2(isc_uint32_t *a, isc_uint32_t *b, isc_uint32_t *c, isc_uint32_t *d,
  138. isc_uint32_t *e, CHAR64LONG16 *block)
  139. {
  140. nR2(a,b,c,d,e,20); nR2(e,a,b,c,d,21); nR2(d,e,a,b,c,22);
  141. nR2(c,d,e,a,b,23); nR2(b,c,d,e,a,24); nR2(a,b,c,d,e,25);
  142. nR2(e,a,b,c,d,26); nR2(d,e,a,b,c,27); nR2(c,d,e,a,b,28);
  143. nR2(b,c,d,e,a,29); nR2(a,b,c,d,e,30); nR2(e,a,b,c,d,31);
  144. nR2(d,e,a,b,c,32); nR2(c,d,e,a,b,33); nR2(b,c,d,e,a,34);
  145. nR2(a,b,c,d,e,35); nR2(e,a,b,c,d,36); nR2(d,e,a,b,c,37);
  146. nR2(c,d,e,a,b,38); nR2(b,c,d,e,a,39);
  147. }
  148. static void
  149. do_R3(isc_uint32_t *a, isc_uint32_t *b, isc_uint32_t *c, isc_uint32_t *d,
  150. isc_uint32_t *e, CHAR64LONG16 *block)
  151. {
  152. nR3(a,b,c,d,e,40); nR3(e,a,b,c,d,41); nR3(d,e,a,b,c,42);
  153. nR3(c,d,e,a,b,43); nR3(b,c,d,e,a,44); nR3(a,b,c,d,e,45);
  154. nR3(e,a,b,c,d,46); nR3(d,e,a,b,c,47); nR3(c,d,e,a,b,48);
  155. nR3(b,c,d,e,a,49); nR3(a,b,c,d,e,50); nR3(e,a,b,c,d,51);
  156. nR3(d,e,a,b,c,52); nR3(c,d,e,a,b,53); nR3(b,c,d,e,a,54);
  157. nR3(a,b,c,d,e,55); nR3(e,a,b,c,d,56); nR3(d,e,a,b,c,57);
  158. nR3(c,d,e,a,b,58); nR3(b,c,d,e,a,59);
  159. }
  160. static void
  161. do_R4(isc_uint32_t *a, isc_uint32_t *b, isc_uint32_t *c, isc_uint32_t *d,
  162. isc_uint32_t *e, CHAR64LONG16 *block)
  163. {
  164. nR4(a,b,c,d,e,60); nR4(e,a,b,c,d,61); nR4(d,e,a,b,c,62);
  165. nR4(c,d,e,a,b,63); nR4(b,c,d,e,a,64); nR4(a,b,c,d,e,65);
  166. nR4(e,a,b,c,d,66); nR4(d,e,a,b,c,67); nR4(c,d,e,a,b,68);
  167. nR4(b,c,d,e,a,69); nR4(a,b,c,d,e,70); nR4(e,a,b,c,d,71);
  168. nR4(d,e,a,b,c,72); nR4(c,d,e,a,b,73); nR4(b,c,d,e,a,74);
  169. nR4(a,b,c,d,e,75); nR4(e,a,b,c,d,76); nR4(d,e,a,b,c,77);
  170. nR4(c,d,e,a,b,78); nR4(b,c,d,e,a,79);
  171. }
  172. #endif
  173. /*!
  174. * Hash a single 512-bit block. This is the core of the algorithm.
  175. */
  176. static void
  177. transform(isc_uint32_t state[5], const unsigned char buffer[64]) {
  178. isc_uint32_t a, b, c, d, e;
  179. CHAR64LONG16 *block;
  180. CHAR64LONG16 workspace;
  181. INSIST(buffer != NULL);
  182. INSIST(state != NULL);
  183. block = &workspace;
  184. (void)memcpy(block, buffer, 64);
  185. /* Copy context->state[] to working vars */
  186. a = state[0];
  187. b = state[1];
  188. c = state[2];
  189. d = state[3];
  190. e = state[4];
  191. #ifdef __sparc_v9__
  192. do_R01(&a, &b, &c, &d, &e, block);
  193. do_R2(&a, &b, &c, &d, &e, block);
  194. do_R3(&a, &b, &c, &d, &e, block);
  195. do_R4(&a, &b, &c, &d, &e, block);
  196. #else
  197. /* 4 rounds of 20 operations each. Loop unrolled. */
  198. R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
  199. R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
  200. R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
  201. R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
  202. R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
  203. R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
  204. R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
  205. R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
  206. R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
  207. R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
  208. R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
  209. R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
  210. R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
  211. R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
  212. R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
  213. R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
  214. R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
  215. R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
  216. R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
  217. R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
  218. #endif
  219. /* Add the working vars back into context.state[] */
  220. state[0] += a;
  221. state[1] += b;
  222. state[2] += c;
  223. state[3] += d;
  224. state[4] += e;
  225. /* Wipe variables */
  226. a = b = c = d = e = 0;
  227. /* Avoid compiler warnings */
  228. POST(a); POST(b); POST(c); POST(d); POST(e);
  229. }
  230. /*!
  231. * isc_sha1_init - Initialize new context
  232. */
  233. void
  234. isc_sha1_init(isc_sha1_t *context)
  235. {
  236. INSIST(context != NULL);
  237. /* SHA1 initialization constants */
  238. context->state[0] = 0x67452301;
  239. context->state[1] = 0xEFCDAB89;
  240. context->state[2] = 0x98BADCFE;
  241. context->state[3] = 0x10325476;
  242. context->state[4] = 0xC3D2E1F0;
  243. context->count[0] = 0;
  244. context->count[1] = 0;
  245. }
  246. void
  247. isc_sha1_invalidate(isc_sha1_t *context) {
  248. memset(context, 0, sizeof(isc_sha1_t));
  249. }
  250. /*!
  251. * Run your data through this.
  252. */
  253. void
  254. isc_sha1_update(isc_sha1_t *context, const unsigned char *data,
  255. unsigned int len)
  256. {
  257. unsigned int i, j;
  258. INSIST(context != 0);
  259. INSIST(data != 0);
  260. j = context->count[0];
  261. if ((context->count[0] += len << 3) < j)
  262. context->count[1] += (len >> 29) + 1;
  263. j = (j >> 3) & 63;
  264. if ((j + len) > 63) {
  265. (void)memcpy(&context->buffer[j], data, (i = 64 - j));
  266. transform(context->state, context->buffer);
  267. for (; i + 63 < len; i += 64)
  268. transform(context->state, &data[i]);
  269. j = 0;
  270. } else {
  271. i = 0;
  272. }
  273. (void)memcpy(&context->buffer[j], &data[i], len - i);
  274. }
  275. /*!
  276. * Add padding and return the message digest.
  277. */
  278. static const unsigned char final_200 = 128;
  279. static const unsigned char final_0 = 0;
  280. void
  281. isc_sha1_final(isc_sha1_t *context, unsigned char *digest) {
  282. unsigned int i;
  283. unsigned char finalcount[8];
  284. INSIST(digest != 0);
  285. INSIST(context != 0);
  286. for (i = 0; i < 8; i++) {
  287. /* Endian independent */
  288. finalcount[i] = (unsigned char)
  289. ((context->count[(i >= 4 ? 0 : 1)]
  290. >> ((3 - (i & 3)) * 8)) & 255);
  291. }
  292. isc_sha1_update(context, &final_200, 1);
  293. while ((context->count[0] & 504) != 448)
  294. isc_sha1_update(context, &final_0, 1);
  295. /* The next Update should cause a transform() */
  296. isc_sha1_update(context, finalcount, 8);
  297. if (digest) {
  298. for (i = 0; i < 20; i++)
  299. digest[i] = (unsigned char)
  300. ((context->state[i >> 2]
  301. >> ((3 - (i & 3)) * 8)) & 255);
  302. }
  303. memset(context, 0, sizeof(isc_sha1_t));
  304. }
  305. #endif