[deb_shairplay.git] / src / lib / crypto / sha1.c

/*
 * Copyright (c) 2007, Cameron Rich
 * 
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without 
 * modification, are permitted provided that the following conditions are met:
 *
 * * Redistributions of source code must retain the above copyright notice, 
 *   this list of conditions and the following disclaimer.
 * * Redistributions in binary form must reproduce the above copyright notice, 
 *   this list of conditions and the following disclaimer in the documentation 
 *   and/or other materials provided with the distribution.
 * * Neither the name of the axTLS project nor the names of its contributors 
 *   may be used to endorse or promote products derived from this software 
 *   without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/**
 * SHA1 implementation - as defined in FIPS PUB 180-1 published April 17, 1995.
 * This code was originally taken from RFC3174
 */

#include <string.h>
#include "os_port.h"
#include "crypto.h"

/*
 *  Define the SHA1 circular left shift macro
 */
#define SHA1CircularShift(bits,word) \
                (((word) << (bits)) | ((word) >> (32-(bits))))

/* ----- static functions ----- */
static void SHA1PadMessage(SHA1_CTX *ctx);
static void SHA1ProcessMessageBlock(SHA1_CTX *ctx);

/**
 * Initialize the SHA1 context 
 */
void SHA1_Init(SHA1_CTX *ctx)
{
    ctx->Length_Low             = 0;
    ctx->Length_High            = 0;
    ctx->Message_Block_Index    = 0;
    ctx->Intermediate_Hash[0]   = 0x67452301;
    ctx->Intermediate_Hash[1]   = 0xEFCDAB89;
    ctx->Intermediate_Hash[2]   = 0x98BADCFE;
    ctx->Intermediate_Hash[3]   = 0x10325476;
    ctx->Intermediate_Hash[4]   = 0xC3D2E1F0;
}

/**
 * Accepts an array of octets as the next portion of the message.
 */
void SHA1_Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
{
    while (len--)
    {
        ctx->Message_Block[ctx->Message_Block_Index++] = (*msg & 0xFF);
        ctx->Length_Low += 8;

        if (ctx->Length_Low == 0)
            ctx->Length_High++;

        if (ctx->Message_Block_Index == 64)
            SHA1ProcessMessageBlock(ctx);

        msg++;
    }
}

/**
 * Return the 160-bit message digest into the user's array
 */
void SHA1_Final(uint8_t *digest, SHA1_CTX *ctx)
{
    int i;

    SHA1PadMessage(ctx);
    memset(ctx->Message_Block, 0, 64);
    ctx->Length_Low = 0;    /* and clear length */
    ctx->Length_High = 0;

    for  (i = 0; i < SHA1_SIZE; i++)
    {
        digest[i] = ctx->Intermediate_Hash[i>>2] >> 8 * ( 3 - ( i & 0x03 ) );
    }
}

/**
 * Process the next 512 bits of the message stored in the array.
 */
static void SHA1ProcessMessageBlock(SHA1_CTX *ctx)
{
    const uint32_t K[] =    {       /* Constants defined in SHA-1   */
                            0x5A827999,
                            0x6ED9EBA1,
                            0x8F1BBCDC,
                            0xCA62C1D6
                            };
    int        t;                 /* Loop counter                */
    uint32_t      temp;              /* Temporary word value        */
    uint32_t      W[80];             /* Word sequence               */
    uint32_t      A, B, C, D, E;     /* Word buffers                */

    /*
     *  Initialize the first 16 words in the array W
     */
    for  (t = 0; t < 16; t++)
    {
        W[t] = ctx->Message_Block[t * 4] << 24;
        W[t] |= ctx->Message_Block[t * 4 + 1] << 16;
        W[t] |= ctx->Message_Block[t * 4 + 2] << 8;
        W[t] |= ctx->Message_Block[t * 4 + 3];
    }

    for (t = 16; t < 80; t++)
    {
       W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
    }

    A = ctx->Intermediate_Hash[0];
    B = ctx->Intermediate_Hash[1];
    C = ctx->Intermediate_Hash[2];
    D = ctx->Intermediate_Hash[3];
    E = ctx->Intermediate_Hash[4];

    for (t = 0; t < 20; t++)
    {
        temp =  SHA1CircularShift(5,A) +
                ((B & C) | ((~B) & D)) + E + W[t] + K[0];
        E = D;
        D = C;
        C = SHA1CircularShift(30,B);

        B = A;
        A = temp;
    }

    for (t = 20; t < 40; t++)
    {
        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
        E = D;
        D = C;
        C = SHA1CircularShift(30,B);
        B = A;
        A = temp;
    }

    for (t = 40; t < 60; t++)
    {
        temp = SHA1CircularShift(5,A) +
               ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
        E = D;
        D = C;
        C = SHA1CircularShift(30,B);
        B = A;
        A = temp;
    }

    for (t = 60; t < 80; t++)
    {
        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
        E = D;
        D = C;
        C = SHA1CircularShift(30,B);
        B = A;
        A = temp;
    }

    ctx->Intermediate_Hash[0] += A;
    ctx->Intermediate_Hash[1] += B;
    ctx->Intermediate_Hash[2] += C;
    ctx->Intermediate_Hash[3] += D;
    ctx->Intermediate_Hash[4] += E;
    ctx->Message_Block_Index = 0;
}

/*
 * According to the standard, the message must be padded to an even
 * 512 bits.  The first padding bit must be a '1'.  The last 64
 * bits represent the length of the original message.  All bits in
 * between should be 0.  This function will pad the message
 * according to those rules by filling the Message_Block array
 * accordingly.  It will also call the ProcessMessageBlock function
 * provided appropriately.  When it returns, it can be assumed that
 * the message digest has been computed.
 *
 * @param ctx [in, out] The SHA1 context
 */
static void SHA1PadMessage(SHA1_CTX *ctx)
{
    /*
     *  Check to see if the current message block is too small to hold
     *  the initial padding bits and length.  If so, we will pad the
     *  block, process it, and then continue padding into a second
     *  block.
     */
    if (ctx->Message_Block_Index > 55)
    {
        ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
        while(ctx->Message_Block_Index < 64)
        {
            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
        }

        SHA1ProcessMessageBlock(ctx);

        while (ctx->Message_Block_Index < 56)
        {
            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
        }
    }
    else
    {
        ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
        while(ctx->Message_Block_Index < 56)
        {

            ctx->Message_Block[ctx->Message_Block_Index++] = 0;
        }
    }

    /*
     *  Store the message length as the last 8 octets
     */
    ctx->Message_Block[56] = ctx->Length_High >> 24;
    ctx->Message_Block[57] = ctx->Length_High >> 16;
    ctx->Message_Block[58] = ctx->Length_High >> 8;
    ctx->Message_Block[59] = ctx->Length_High;
    ctx->Message_Block[60] = ctx->Length_Low >> 24;
    ctx->Message_Block[61] = ctx->Length_Low >> 16;
    ctx->Message_Block[62] = ctx->Length_Low >> 8;
    ctx->Message_Block[63] = ctx->Length_Low;
    SHA1ProcessMessageBlock(ctx);
}
Commit	Line	Data
15c988f7 JB	1	/*
	2	* Copyright (c) 2007, Cameron Rich
	3	*
	4	* All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions are met:
	8	*
	9	* * Redistributions of source code must retain the above copyright notice,
	10	* this list of conditions and the following disclaimer.
	11	* * Redistributions in binary form must reproduce the above copyright notice,
	12	* this list of conditions and the following disclaimer in the documentation
	13	* and/or other materials provided with the distribution.
	14	* * Neither the name of the axTLS project nor the names of its contributors
	15	* may be used to endorse or promote products derived from this software
	16	* without specific prior written permission.
	17	*
	18	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	19	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	20	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
	21	* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
	22	* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
	23	* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
	24	* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
	25	* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
	26	* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	27	* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
	28	* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
	31	/**
	32	* SHA1 implementation - as defined in FIPS PUB 180-1 published April 17, 1995.
	33	* This code was originally taken from RFC3174
	34	*/
	35
	36	#include <string.h>
	37	#include "os_port.h"
	38	#include "crypto.h"
	39
	40	/*
	41	* Define the SHA1 circular left shift macro
	42	*/
	43	#define SHA1CircularShift(bits,word) \
	44	(((word) << (bits)) \| ((word) >> (32-(bits))))
	45
	46	/* ----- static functions ----- */
	47	static void SHA1PadMessage(SHA1_CTX *ctx);
	48	static void SHA1ProcessMessageBlock(SHA1_CTX *ctx);
	49
	50	/**
	51	* Initialize the SHA1 context
	52	*/
	53	void SHA1_Init(SHA1_CTX *ctx)
	54	{
	55	ctx->Length_Low = 0;
	56	ctx->Length_High = 0;
	57	ctx->Message_Block_Index = 0;
	58	ctx->Intermediate_Hash[0] = 0x67452301;
	59	ctx->Intermediate_Hash[1] = 0xEFCDAB89;
	60	ctx->Intermediate_Hash[2] = 0x98BADCFE;
	61	ctx->Intermediate_Hash[3] = 0x10325476;
	62	ctx->Intermediate_Hash[4] = 0xC3D2E1F0;
	63	}
	64
65	/**
66	* Accepts an array of octets as the next portion of the message.
67	*/
68	void SHA1_Update(SHA1_CTX ctx, const uint8_t msg, int len)
69	{
70	while (len--)
71	{
72	ctx->Message_Block[ctx->Message_Block_Index++] = (*msg & 0xFF);
73	ctx->Length_Low += 8;
74
75	if (ctx->Length_Low == 0)
76	ctx->Length_High++;
77
78	if (ctx->Message_Block_Index == 64)
79	SHA1ProcessMessageBlock(ctx);
80
81	msg++;
82	}
83	}
84
85	/**
86	* Return the 160-bit message digest into the user's array
87	*/
88	void SHA1_Final(uint8_t digest, SHA1_CTX ctx)
89	{
90	int i;
91
92	SHA1PadMessage(ctx);
93	memset(ctx->Message_Block, 0, 64);
94	ctx->Length_Low = 0; /* and clear length */
95	ctx->Length_High = 0;
96
97	for (i = 0; i < SHA1_SIZE; i++)
98	{
99	digest[i] = ctx->Intermediate_Hash[i>>2] >> 8 * ( 3 - ( i & 0x03 ) );
100	}
101	}
102
103	/**
104	* Process the next 512 bits of the message stored in the array.
105	*/
106	static void SHA1ProcessMessageBlock(SHA1_CTX *ctx)
107	{
108	const uint32_t K[] = { /* Constants defined in SHA-1 */
109	0x5A827999,
110	0x6ED9EBA1,
111	0x8F1BBCDC,
112	0xCA62C1D6
113	};
114	int t; /* Loop counter */
115	uint32_t temp; /* Temporary word value */
116	uint32_t W[80]; /* Word sequence */
117	uint32_t A, B, C, D, E; /* Word buffers */
118
119	/*
120	* Initialize the first 16 words in the array W
121	*/
122	for (t = 0; t < 16; t++)
123	{
124	W[t] = ctx->Message_Block[t * 4] << 24;
125	W[t] \|= ctx->Message_Block[t * 4 + 1] << 16;
126	W[t] \|= ctx->Message_Block[t * 4 + 2] << 8;
127	W[t] \|= ctx->Message_Block[t * 4 + 3];
128	}
129
130	for (t = 16; t < 80; t++)
131	{
132	W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
133	}
134
135	A = ctx->Intermediate_Hash[0];
136	B = ctx->Intermediate_Hash[1];
137	C = ctx->Intermediate_Hash[2];
138	D = ctx->Intermediate_Hash[3];
139	E = ctx->Intermediate_Hash[4];
140
141	for (t = 0; t < 20; t++)
142	{
143	temp = SHA1CircularShift(5,A) +
144	((B & C) \| ((~B) & D)) + E + W[t] + K[0];
145	E = D;
146	D = C;
147	C = SHA1CircularShift(30,B);
148
149	B = A;
150	A = temp;
151	}
152
153	for (t = 20; t < 40; t++)
154	{
155	temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
156	E = D;
157	D = C;
158	C = SHA1CircularShift(30,B);
159	B = A;
160	A = temp;
161	}
162
163	for (t = 40; t < 60; t++)
164	{
165	temp = SHA1CircularShift(5,A) +
166	((B & C) \| (B & D) \| (C & D)) + E + W[t] + K[2];
167	E = D;
168	D = C;
169	C = SHA1CircularShift(30,B);
170	B = A;
171	A = temp;
172	}
173
174	for (t = 60; t < 80; t++)
175	{
176	temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
177	E = D;
178	D = C;
179	C = SHA1CircularShift(30,B);
180	B = A;
181	A = temp;
182	}
183
184	ctx->Intermediate_Hash[0] += A;
185	ctx->Intermediate_Hash[1] += B;
186	ctx->Intermediate_Hash[2] += C;
187	ctx->Intermediate_Hash[3] += D;
188	ctx->Intermediate_Hash[4] += E;
189	ctx->Message_Block_Index = 0;
190	}
191
192	/*
193	* According to the standard, the message must be padded to an even
194	* 512 bits. The first padding bit must be a '1'. The last 64
195	* bits represent the length of the original message. All bits in
196	* between should be 0. This function will pad the message
197	* according to those rules by filling the Message_Block array
198	* accordingly. It will also call the ProcessMessageBlock function
199	* provided appropriately. When it returns, it can be assumed that
200	* the message digest has been computed.
201	*
202	* @param ctx [in, out] The SHA1 context
203	*/
204	static void SHA1PadMessage(SHA1_CTX *ctx)
205	{
206	/*
207	* Check to see if the current message block is too small to hold
208	* the initial padding bits and length. If so, we will pad the
209	* block, process it, and then continue padding into a second
210	* block.
211	*/
212	if (ctx->Message_Block_Index > 55)
213	{
214	ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
215	while(ctx->Message_Block_Index < 64)
216	{
217	ctx->Message_Block[ctx->Message_Block_Index++] = 0;
218	}
219
220	SHA1ProcessMessageBlock(ctx);
221
222	while (ctx->Message_Block_Index < 56)
223	{
224	ctx->Message_Block[ctx->Message_Block_Index++] = 0;
225	}
226	}
227	else
228	{
229	ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
230	while(ctx->Message_Block_Index < 56)
231	{
232
233	ctx->Message_Block[ctx->Message_Block_Index++] = 0;
234	}
235	}
236
237	/*
238	* Store the message length as the last 8 octets
239	*/
240	ctx->Message_Block[56] = ctx->Length_High >> 24;
241	ctx->Message_Block[57] = ctx->Length_High >> 16;
242	ctx->Message_Block[58] = ctx->Length_High >> 8;
243	ctx->Message_Block[59] = ctx->Length_High;
244	ctx->Message_Block[60] = ctx->Length_Low >> 24;
245	ctx->Message_Block[61] = ctx->Length_Low >> 16;
246	ctx->Message_Block[62] = ctx->Length_Low >> 8;
247	ctx->Message_Block[63] = ctx->Length_Low;
248	SHA1ProcessMessageBlock(ctx);
249	}