diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 1996-09-29 16:15:06 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 1996-09-29 16:15:06 +0000 |
commit | 556ccbf5116c469c3cc1afacf6d6e1113f726344 (patch) | |
tree | 72c4f4bcb08a8f0fef67787fa018ce5b18ffa605 | |
parent | 8e44c9ffc2ad2113db233ba65359524821d4e366 (diff) |
added sha1 (secure hash function).
-rw-r--r-- | lib/libc/hash/Makefile.inc | 7 | ||||
-rw-r--r-- | lib/libc/hash/sha1.c | 353 |
2 files changed, 360 insertions, 0 deletions
diff --git a/lib/libc/hash/Makefile.inc b/lib/libc/hash/Makefile.inc new file mode 100644 index 00000000000..b6355d905af --- /dev/null +++ b/lib/libc/hash/Makefile.inc @@ -0,0 +1,7 @@ +# $OpenBSD: Makefile.inc,v 1.1 1996/09/29 16:15:04 millert Exp $ + +# hash functions +.PATH: ${.CURDIR}/hash + +SRCS+= sha1.c +#MAN+= sha1.3 diff --git a/lib/libc/hash/sha1.c b/lib/libc/hash/sha1.c new file mode 100644 index 00000000000..dd0bac42e3c --- /dev/null +++ b/lib/libc/hash/sha1.c @@ -0,0 +1,353 @@ +#if defined(LIBC_SCCS) && !defined(lint) +static char rcsid[] = "$OpenBSD: sha1.c,v 1.1 1996/09/29 16:15:05 millert Exp $"; +#endif /* LIBC_SCCS and not lint */ + +/* + * sha1.c + * + * signature function hook for SHA1. + * + * Gene Kim + * Purdue University + * August 10, 1993 + */ + +/* --------------------------------- SHA1.C ------------------------------- */ + +/* NIST proposed Secure Hash Standard. + + Written 2 September 1992, Peter C. Gutmann. + This implementation placed in the public domain. + + Comments to pgut1@cs.aukuni.ac.nz */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/types.h> +#include <sha1.h> +#ifdef TEST +#include <time.h> +#endif + + +/* The SHA1 f()-functions */ + +#define f1(x,y,z) ( ( x & y ) | ( ~x & z ) ) /* Rounds 0-19 */ +#define f2(x,y,z) ( x ^ y ^ z ) /* Rounds 20-39 */ +#define f3(x,y,z) ( ( x & y ) | ( x & z ) | ( y & z ) ) /* Rounds 40-59 */ +#define f4(x,y,z) ( x ^ y ^ z ) /* Rounds 60-79 */ + +/* The SHA1 Mysterious Constants */ + +#define K1 0x5A827999L /* Rounds 0-19 */ +#define K2 0x6ED9EBA1L /* Rounds 20-39 */ +#define K3 0x8F1BBCDCL /* Rounds 40-59 */ +#define K4 0xCA62C1D6L /* Rounds 60-79 */ + +/* SHA1 initial values */ + +#define h0init 0x67452301L +#define h1init 0xEFCDAB89L +#define h2init 0x98BADCFEL +#define h3init 0x10325476L +#define h4init 0xC3D2E1F0L + +/* 32-bit rotate - kludged with shifts */ + +#define S(n,X) ( ( X << n ) | ( X >> ( 32 - n ) ) ) + +/* The initial expanding function */ + +#ifdef NEW_SHA1 +#define expand(count) temp = W[ count - 3 ] ^ W[ count - 8 ] ^ W[ count - 14 ] ^ W[ count - 16 ];W[ count ] = S(1, temp) +#else +#define expand(count) W[ count ] = W[ count - 3 ] ^ W[ count - 8 ] ^ W[ count - 14 ] ^ W[ count - 16 ] +#endif + +/* The four SHA1 sub-rounds */ + +#define subRound1(count) \ + { \ + temp = S( 5, A ) + f1( B, C, D ) + E + W[ count ] + K1; \ + E = D; \ + D = C; \ + C = S( 30, B ); \ + B = A; \ + A = temp; \ + } + +#define subRound2(count) \ + { \ + temp = S( 5, A ) + f2( B, C, D ) + E + W[ count ] + K2; \ + E = D; \ + D = C; \ + C = S( 30, B ); \ + B = A; \ + A = temp; \ + } + +#define subRound3(count) \ + { \ + temp = S( 5, A ) + f3( B, C, D ) + E + W[ count ] + K3; \ + E = D; \ + D = C; \ + C = S( 30, B ); \ + B = A; \ + A = temp; \ + } + +#define subRound4(count) \ + { \ + temp = S( 5, A ) + f4( B, C, D ) + E + W[ count ] + K4; \ + E = D; \ + D = C; \ + C = S( 30, B ); \ + B = A; \ + A = temp; \ + } + +/* The two buffers of 5 32-bit words */ + +LONG h0, h1, h2, h3, h4; +LONG A, B, C, D, E; + +/* Initialize the SHA1 values */ + +void sha1Init(sha1Info) + SHA1_INFO *sha1Info; + { + /* Set the h-vars to their initial values */ + sha1Info->digest[ 0 ] = h0init; + sha1Info->digest[ 1 ] = h1init; + sha1Info->digest[ 2 ] = h2init; + sha1Info->digest[ 3 ] = h3init; + sha1Info->digest[ 4 ] = h4init; + + /* Initialise bit count */ + sha1Info->countLo = sha1Info->countHi = 0L; + } + +/* Perform the SHA1 transformation. Note that this code, like MD5, seems to + break some optimizing compilers - it may be necessary to split it into + sections, eg based on the four subrounds */ + +void sha1Transform(sha1Info) + SHA1_INFO *sha1Info; + { + LONG W[ 80 ], temp; + int i; + + /* Step A. Copy the data buffer into the local work buffer */ + for( i = 0; i < 16; i++ ) + W[ i ] = sha1Info->data[ i ]; + + /* Step B. Expand the 16 words into 64 temporary data words */ + expand( 16 ); expand( 17 ); expand( 18 ); expand( 19 ); expand( 20 ); + expand( 21 ); expand( 22 ); expand( 23 ); expand( 24 ); expand( 25 ); + expand( 26 ); expand( 27 ); expand( 28 ); expand( 29 ); expand( 30 ); + expand( 31 ); expand( 32 ); expand( 33 ); expand( 34 ); expand( 35 ); + expand( 36 ); expand( 37 ); expand( 38 ); expand( 39 ); expand( 40 ); + expand( 41 ); expand( 42 ); expand( 43 ); expand( 44 ); expand( 45 ); + expand( 46 ); expand( 47 ); expand( 48 ); expand( 49 ); expand( 50 ); + expand( 51 ); expand( 52 ); expand( 53 ); expand( 54 ); expand( 55 ); + expand( 56 ); expand( 57 ); expand( 58 ); expand( 59 ); expand( 60 ); + expand( 61 ); expand( 62 ); expand( 63 ); expand( 64 ); expand( 65 ); + expand( 66 ); expand( 67 ); expand( 68 ); expand( 69 ); expand( 70 ); + expand( 71 ); expand( 72 ); expand( 73 ); expand( 74 ); expand( 75 ); + expand( 76 ); expand( 77 ); expand( 78 ); expand( 79 ); + + /* Step C. Set up first buffer */ + A = sha1Info->digest[ 0 ]; + B = sha1Info->digest[ 1 ]; + C = sha1Info->digest[ 2 ]; + D = sha1Info->digest[ 3 ]; + E = sha1Info->digest[ 4 ]; + + /* Step D. Serious mangling, divided into four sub-rounds */ + subRound1( 0 ); subRound1( 1 ); subRound1( 2 ); subRound1( 3 ); + subRound1( 4 ); subRound1( 5 ); subRound1( 6 ); subRound1( 7 ); + subRound1( 8 ); subRound1( 9 ); subRound1( 10 ); subRound1( 11 ); + subRound1( 12 ); subRound1( 13 ); subRound1( 14 ); subRound1( 15 ); + subRound1( 16 ); subRound1( 17 ); subRound1( 18 ); subRound1( 19 ); + subRound2( 20 ); subRound2( 21 ); subRound2( 22 ); subRound2( 23 ); + subRound2( 24 ); subRound2( 25 ); subRound2( 26 ); subRound2( 27 ); + subRound2( 28 ); subRound2( 29 ); subRound2( 30 ); subRound2( 31 ); + subRound2( 32 ); subRound2( 33 ); subRound2( 34 ); subRound2( 35 ); + subRound2( 36 ); subRound2( 37 ); subRound2( 38 ); subRound2( 39 ); + subRound3( 40 ); subRound3( 41 ); subRound3( 42 ); subRound3( 43 ); + subRound3( 44 ); subRound3( 45 ); subRound3( 46 ); subRound3( 47 ); + subRound3( 48 ); subRound3( 49 ); subRound3( 50 ); subRound3( 51 ); + subRound3( 52 ); subRound3( 53 ); subRound3( 54 ); subRound3( 55 ); + subRound3( 56 ); subRound3( 57 ); subRound3( 58 ); subRound3( 59 ); + subRound4( 60 ); subRound4( 61 ); subRound4( 62 ); subRound4( 63 ); + subRound4( 64 ); subRound4( 65 ); subRound4( 66 ); subRound4( 67 ); + subRound4( 68 ); subRound4( 69 ); subRound4( 70 ); subRound4( 71 ); + subRound4( 72 ); subRound4( 73 ); subRound4( 74 ); subRound4( 75 ); + subRound4( 76 ); subRound4( 77 ); subRound4( 78 ); subRound4( 79 ); + + /* Step E. Build message digest */ + sha1Info->digest[ 0 ] += A; + sha1Info->digest[ 1 ] += B; + sha1Info->digest[ 2 ] += C; + sha1Info->digest[ 3 ] += D; + sha1Info->digest[ 4 ] += E; + } + +#if BYTE_ORDER == LITTLE_ENDIAN + +/* When run on a little-endian CPU we need to perform byte reversal on an + array of longwords. It is possible to make the code endianness- + independant by fiddling around with data at the byte level, but this + makes for very slow code, so we rely on the user to sort out endianness + at compile time */ + +static void byteReverse(buffer, byteCount) + LONG *buffer; + int byteCount; + { + LONG value; + int count; + + byteCount /= sizeof( LONG ); + for( count = 0; count < byteCount; count++ ) + { + value = ( buffer[ count ] << 16 ) | ( buffer[ count ] >> 16 ); + buffer[ count ] = ( ( value & 0xFF00FF00L ) >> 8 ) | ( ( value & 0x00FF00FFL ) << 8 ); + } + } +#endif /* LITTLE_ENDIAN */ + +/* Update SHA1 for a block of data. This code assumes that the buffer size + is a multiple of SHA1_BLOCKSIZE bytes long, which makes the code a lot + more efficient since it does away with the need to handle partial blocks + between calls to sha1Update() */ + +void sha1Update(sha1Info, buffer, count) + SHA1_INFO *sha1Info; + BYTE *buffer; + int count; + { + /* Update bitcount */ + if( ( sha1Info->countLo + ( ( LONG ) count << 3 ) ) < sha1Info->countLo ) + sha1Info->countHi++; /* Carry from low to high bitCount */ + sha1Info->countLo += ( ( LONG ) count << 3 ); + sha1Info->countHi += ( ( LONG ) count >> 29 ); + + /* Process data in SHA1_BLOCKSIZE chunks */ + while( count >= SHA1_BLOCKSIZE ) + { + memcpy( (void *) sha1Info->data, (void *) buffer, SHA1_BLOCKSIZE ); +#if BYTE_ORDER == LITTLE_ENDIAN + byteReverse( sha1Info->data, SHA1_BLOCKSIZE ); +#endif /* LITTLE_ENDIAN */ + sha1Transform( sha1Info ); + buffer += SHA1_BLOCKSIZE; + count -= SHA1_BLOCKSIZE; + } + + /* Handle any remaining bytes of data. This should only happen once + on the final lot of data */ + memcpy( (void *) sha1Info->data, (void *) buffer, count ); + } + +void sha1Final(sha1Info) + SHA1_INFO *sha1Info; + { + int count; + LONG lowBitcount = sha1Info->countLo, highBitcount = sha1Info->countHi; + + /* Compute number of bytes mod 64 */ + count = ( int ) ( ( sha1Info->countLo >> 3 ) & 0x3F ); + + /* Set the first char of padding to 0x80. This is safe since there is + always at least one byte free */ + ( ( BYTE * ) sha1Info->data )[ count++ ] = 0x80; + + /* Pad out to 56 mod 64 */ + if( count > 56 ) + { + /* Two lots of padding: Pad the first block to 64 bytes */ + memset( ( void * ) sha1Info->data + count, 0, 64 - count ); +#if BYTE_ORDER == LITTLE_ENDIAN + byteReverse( sha1Info->data, SHA1_BLOCKSIZE ); +#endif /* LITTLE_ENDIAN */ + sha1Transform( sha1Info ); + + /* Now fill the next block with 56 bytes */ + memset( (void *) sha1Info->data, 0, 56 ); + } + else + /* Pad block to 56 bytes */ + memset( ( void * ) sha1Info->data + count, 0, 56 - count ); +#if BYTE_ORDER == LITTLE_ENDIAN + byteReverse( sha1Info->data, SHA1_BLOCKSIZE ); +#endif /* LITTLE_ENDIAN */ + + /* Append length in bits and transform */ + sha1Info->data[ 14 ] = highBitcount; + sha1Info->data[ 15 ] = lowBitcount; + + sha1Transform( sha1Info ); +#if BYTE_ORDER == LITTLE_ENDIAN + byteReverse( sha1Info->data, SHA1_DIGESTSIZE ); +#endif /* LITTLE_ENDIAN */ + } + +#ifdef TEST + +/* ----------------------------- SHA1 Test code --------------------------- */ + +/* Size of buffer for SHA1 speed test data */ + +#define TEST_BLOCK_SIZE ( SHA1_DIGESTSIZE * 100 ) + +/* Number of bytes of test data to process */ + +#define TEST_BYTES 10000000L +#define TEST_BLOCKS ( TEST_BYTES / TEST_BLOCK_SIZE ) + +void main() + { + SHA1_INFO sha1Info; + time_t endTime, startTime; + BYTE data[ TEST_BLOCK_SIZE ]; + long i; + + /* Test output data (this is the only test data given in the SHA1 + document, but chances are if it works for this it'll work for + anything) */ + sha1Init( &sha1Info ); + sha1Update( &sha1Info, ( BYTE * ) "abc", 3 ); + sha1Final( &sha1Info ); + if( sha1Info.digest[ 0 ] != 0x0164B8A9L || + sha1Info.digest[ 1 ] != 0x14CD2A5EL || + sha1Info.digest[ 2 ] != 0x74C4F7FFL || + sha1Info.digest[ 3 ] != 0x082C4D97L || + sha1Info.digest[ 4 ] != 0xF1EDF880L ) + { + puts( "Error in SHA1 implementation" ); + exit( -1 ); + } + + /* Now perform time trial, generating MD for 10MB of data. First, + initialize the test data */ + memset( data, 0, TEST_BLOCK_SIZE ); + + /* Get start time */ + printf( "SHA1 time trial. Processing %ld characters...\n", TEST_BYTES ); + time( &startTime ); + + /* Calculate SHA1 message digest in TEST_BLOCK_SIZE byte blocks */ + sha1Init( &sha1Info ); + for( i = TEST_BLOCKS; i > 0; i-- ) + sha1Update( &sha1Info, data, TEST_BLOCK_SIZE ); + sha1Final( &sha1Info ); + + /* Get finish time and time difference */ + time( &endTime ); + printf( "Seconds to process test input: %ld\n", endTime - startTime ); + printf( "Characters processed per second: %ld\n", TEST_BYTES / ( endTime - startTime ) ); + } + +#endif |