1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
6 * The library is free for all purposes without any express
9 * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
15 SHA1 code by Tom St Denis
21 const struct ltc_hash_descriptor sha1_desc =
29 { 1, 3, 14, 3, 2, 26, },
39 #define F0(x,y,z) (z ^ (x & (y ^ z)))
40 #define F1(x,y,z) (x ^ y ^ z)
41 #define F2(x,y,z) ((x & y) | (z & (x | y)))
42 #define F3(x,y,z) (x ^ y ^ z)
44 #ifdef LTC_CLEAN_STACK
45 static int _sha1_compress(hash_state *md, unsigned char *buf)
47 static int sha1_compress(hash_state *md, unsigned char *buf)
50 ulong32 a,b,c,d,e,W[80],i;
55 /* copy the state into 512-bits into W[0..15] */
56 for (i = 0; i < 16; i++) {
57 LOAD32H(W[i], buf + (4*i));
61 a = md->sha1.state[0];
62 b = md->sha1.state[1];
63 c = md->sha1.state[2];
64 d = md->sha1.state[3];
65 e = md->sha1.state[4];
68 for (i = 16; i < 80; i++) {
69 W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1);
74 #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30);
75 #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30);
76 #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30);
77 #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30);
81 for (i = 0; i < 20; ) {
82 FF0(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
86 FF1(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
90 FF2(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
94 FF3(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
99 for (i = 0; i < 20; ) {
141 md->sha1.state[0] = md->sha1.state[0] + a;
142 md->sha1.state[1] = md->sha1.state[1] + b;
143 md->sha1.state[2] = md->sha1.state[2] + c;
144 md->sha1.state[3] = md->sha1.state[3] + d;
145 md->sha1.state[4] = md->sha1.state[4] + e;
150 #ifdef LTC_CLEAN_STACK
151 static int sha1_compress(hash_state *md, unsigned char *buf)
154 err = _sha1_compress(md, buf);
155 burn_stack(sizeof(ulong32) * 87);
161 Initialize the hash state
162 @param md The hash state you wish to initialize
163 @return CRYPT_OK if successful
165 int sha1_init(hash_state * md)
167 LTC_ARGCHK(md != NULL);
168 md->sha1.state[0] = 0x67452301UL;
169 md->sha1.state[1] = 0xefcdab89UL;
170 md->sha1.state[2] = 0x98badcfeUL;
171 md->sha1.state[3] = 0x10325476UL;
172 md->sha1.state[4] = 0xc3d2e1f0UL;
179 Process a block of memory though the hash
180 @param md The hash state
181 @param in The data to hash
182 @param inlen The length of the data (octets)
183 @return CRYPT_OK if successful
185 HASH_PROCESS(sha1_process, sha1_compress, sha1, 64)
188 Terminate the hash to get the digest
189 @param md The hash state
190 @param out [out] The destination of the hash (20 bytes)
191 @return CRYPT_OK if successful
193 int sha1_done(hash_state * md, unsigned char *out)
197 LTC_ARGCHK(md != NULL);
198 LTC_ARGCHK(out != NULL);
200 if (md->sha1.curlen >= sizeof(md->sha1.buf)) {
201 return CRYPT_INVALID_ARG;
204 /* increase the length of the message */
205 md->sha1.length += md->sha1.curlen * 8;
207 /* append the '1' bit */
208 md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80;
210 /* if the length is currently above 56 bytes we append zeros
211 * then compress. Then we can fall back to padding zeros and length
212 * encoding like normal.
214 if (md->sha1.curlen > 56) {
215 while (md->sha1.curlen < 64) {
216 md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
218 sha1_compress(md, md->sha1.buf);
222 /* pad upto 56 bytes of zeroes */
223 while (md->sha1.curlen < 56) {
224 md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
228 STORE64H(md->sha1.length, md->sha1.buf+56);
229 sha1_compress(md, md->sha1.buf);
232 for (i = 0; i < 5; i++) {
233 STORE32H(md->sha1.state[i], out+(4*i));
235 #ifdef LTC_CLEAN_STACK
236 zeromem(md, sizeof(hash_state));
243 @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
250 static const struct {
252 unsigned char hash[20];
255 { 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a,
256 0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c,
257 0x9c, 0xd0, 0xd8, 0x9d }
259 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
260 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E,
261 0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5,
262 0xE5, 0x46, 0x70, 0xF1 }
267 unsigned char tmp[20];
270 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
272 sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
274 if (XMEMCMP(tmp, tests[i].hash, 20) != 0) {
275 return CRYPT_FAIL_TESTVECTOR;
286 /* $Source: /cvs/libtom/libtomcrypt/src/hashes/sha1.c,v $ */
287 /* $Revision: 1.8 $ */
288 /* $Date: 2006/11/01 09:28:17 $ */