/ray/src/lib/crypto/sha1hash.cc

Go to the documentation of this file.

/*
 * lib/crypto/sha1hash.cc
 * 
 * Implementation of class SHA1Hash, a class for computing the 
 * SHA1 message digest / hash algorithm as specified by NIST/NSA 
 * (not the original weaker SHA0 algorithm, but the one extended 
 * with a rotation in the expanding function as added lateron by 
 * the NSA).
 * 
 * Copyright (c) 2000--2004 by Wolfgang Wieser ] wwieser (a) gmx <*> de [ 
 * 
 * This file may be distributed and/or modified under the terms of the 
 * GNU General Public License version 2 as published by the Free Software 
 * Foundation. (See COPYING.GPL for details.)
 * 
 * This file is provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE
 * WARRANTY OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 * 
 */

#include "sha1hash.h"

const SecureHashBase::Parameters SHA1Hash::par=
{
    INIT_FIELD(hash_size) 20,
    INIT_FIELD(block_size) 64,
    INIT_FIELD(hash_ID) 0x1001,
    INIT_FIELD(name) "SHA1"
};


static inline uint32 sha_func0(uint32 x,uint32 y,uint32 z)
    //{  return((x & y) | ((~x) & z));  }  // slower 
    {  return(z ^ (x & (y ^ z)));  }  // faster

static inline uint32 sha_func1(uint32 x,uint32 y,uint32 z)
    {  return(x ^ y ^ z);  }

static inline uint32 sha_func2(uint32 x,uint32 y,uint32 z)
    //{  return((x & y) | (x & z) | (y & z));  }  // slower
    {  return((x & y) | (z & (x | y)));  }  // faster

static inline uint32 sha_func3(uint32 x,uint32 y,uint32 z)
    {  return(x ^ y ^ z);  }

static inline uint32 rotate(uint32 x,int n)
    {  return((x<<n) | (x>>(32-n)));  }


// All this magic stuff...
static const uint32 sha_const0 = 0x5a827999U;
static const uint32 sha_const1 = 0x6ed9eba1U;
static const uint32 sha_const2 = 0x8f1bbcdcU;
static const uint32 sha_const3 = 0xca62c1d6U;

static const uint32 sha_init_state[5]=
    { 0x67452301U, 0xefcdab89U, 0x98badcfeU, 0x10325476U, 0xc3d2e1f0U };


// NOTE: the rotation was added later by the NSA... 
#define EXPAND(pa,pb,pc,pd) \
    rotate(*(pa++) ^ *(pb++) ^ *(pc++) ^ *(pd++),1)


// msg: size 64 bytes
// w: temporary buffer where AtomicHash stores (expanded) input data (msg). 
void SHA1Hash::AtomicHash(const unsigned char *msg,uint32 *w)
{
    register uint32 *p;
    uint32 *we=&w[16];
    
    // Fill message into w-buffer. 
    for(p=w; p<we; p++)
    {
        // We want MSB first 
        // (htonl() converts LSBfirst -> MSBfirst in i386; but not used 
        // here as it would need word alignment of msg data.) 
        *p= uint32(*(msg++));   *p<<=8;
        *p|=uint32(*(msg++));   *p<<=8;
        *p|=uint32(*(msg++));   *p<<=8;
        *p|=uint32(*(msg++));
    }
    
    uint32 *p_03=p-3;
    uint32 *p_08=p-8;
    uint32 *p_14=p-14;
    uint32 *p_16=p-16;
    we=&w[20];
    while(p<we)   // 20-16=4 times
    {  *(p++) = EXPAND(p_03,p_08,p_14,p_16);  }
    
    // Now compute the loops: 
    uint32 a=state[0], b=state[1], c=state[2], d=state[3], e=state[4];
    uint32 tmp,sha_const=sha_const0;
    for(p=w; p<we; p++)
    {
        tmp = rotate(a,5) + sha_func0(b,c,d) + e + (*p) + sha_const;
        e=d;  d=c;
        c=rotate(b,30);
        b=a;  a=tmp;
    }
    sha_const=sha_const1;
    for(we+=20; p<we; p++)
    {
        *p = EXPAND(p_03,p_08,p_14,p_16);
        tmp = rotate(a,5) + sha_func1(b,c,d) + e + (*p) + sha_const;
        e=d;  d=c;
        c=rotate(b,30);
        b=a;  a=tmp;
    }
    sha_const=sha_const2;
    for(we+=20; p<we; p++)
    {
        *p = EXPAND(p_03,p_08,p_14,p_16);
        tmp = rotate(a,5) + sha_func2(b,c,d) + e + (*p) + sha_const;
        e=d;  d=c;
        c=rotate(b,30);
        b=a;  a=tmp;
    }
    sha_const=sha_const3;
    for(we+=20; p<we; p++)
    {
        *p = EXPAND(p_03,p_08,p_14,p_16);
        tmp = rotate(a,5) + sha_func3(b,c,d) + e + (*p) + sha_const;
        e=d;  d=c;
        c=rotate(b,30);
        b=a;  a=tmp;
    }
    
    // Add the result: 
    state[0]+=a;
    state[1]+=b;
    state[2]+=c;
    state[3]+=d;
    state[4]+=e;
}


void SHA1Hash::GetHash(char *buf) const
{
    register unsigned char *hsh=(unsigned char*)buf+3;
    for(register const uint32 *i=state,*ie=&state[5]; i<ie; i++)
    {
        register uint32 j=*i;
        *(hsh--)=(unsigned char)(j & 0xffU);  j>>=8;
        *(hsh--)=(unsigned char)(j & 0xffU);  j>>=8;
        *(hsh--)=(unsigned char)(j & 0xffU);  j>>=8;
        *(hsh  )=(unsigned char)(j & 0xffU);
        hsh+=7;  // 4+3; would be 4+4 if the last *(hsh  )=... was *(hsh--)=...
    }
}


void SHA1Hash::reset()
{
    length=0LLU;
    state[0]=sha_init_state[0];
    state[1]=sha_init_state[1];
    state[2]=sha_init_state[2];
    state[3]=sha_init_state[3];
    state[4]=sha_init_state[4];
    tmp_size=0;
    for(unsigned char *d=tmpbuf,*de=d+64; d<de; d++)
    {  *d=(unsigned char)0;  }
}


void SHA1Hash::feed(const char *_buf,size_t len)
{
    if(!len)
    {  return;  }
    
    const unsigned char *buf=(const unsigned char*)_buf;
    uint32 w[80];   // Yes, this is 4*80 bytes, NOT 4*20 bytes. 
    
    if(tmp_size)  // There is some data left from last time. 
    {
        size_t needed=64-tmp_size;
        if(len>=needed)
        {
            for(unsigned char *d=&tmpbuf[tmp_size],*de=&tmpbuf[64]; d<de; d++)
            {  *d=*(buf++);  }
            AtomicHash(tmpbuf,w);
            len-=needed;
            tmp_size=0;
            length+=64LLU;
            if(!len)
            {  return;  }
        }
        else
        {
            unsigned char *d=&tmpbuf[tmp_size];
            tmp_size+=int(len);
            for(unsigned char *de=&tmpbuf[tmp_size]; d<de; d++)
            {  *d=*(buf++);  }
            return;
        }
    }
    
    size_t l=len;
    for(;;)
    {
        if(l<64)
        {  break;  }
        AtomicHash((const unsigned char*)buf,w);
        buf+=64;
        l-=64;
    }
    length+=uint64(len-l);
    if(l)  // Some bytes left; store them for later. 
    {
        for(unsigned char *d=tmpbuf,*de=d+l; d<de; d++)
        {  *d=*(buf++);  }
        tmp_size=int(l);
    }
}


void SHA1Hash::final()
{
    uint32 w[80];   // Yes, this is 4*80 bytes, NOT 4*20 bytes. 
    int pad80=0;
    
    // Now, let's see if we need padding. 
    // We must check for >=56 as we always have to add one 0x80 padding. 
    // Padding does not count for the length, of course.
    length+=uint64(tmp_size);
    if(tmp_size>=56)  // We need to pad the tmpbuf with zeros and hash it. 
    {
        unsigned char *d=&tmpbuf[tmp_size];
        *(d++)=(unsigned char)0x80;   // append binary 10000000. 
        for(unsigned char *de=&tmpbuf[64]; d<de; d++)
        {  *d=(unsigned char)0;  }
        AtomicHash(tmpbuf,w);
        tmp_size=0;
        ++pad80;
    }
    
    // The length was counted in bytes, but we need the number of bits here: 
    uint64 len=length*8LLU;
    
    // Now, we have to fill up tmpbuf with zeros and add the length in bits 
    // as the last 8 bytes. 
    unsigned char *d=&tmpbuf[tmp_size];
    if(!pad80)
    {  *(d++)=(unsigned char)0x80;  }  // append binary 10000000. 
    for(unsigned char *de=&tmpbuf[56]; d<de; d++)
    {  *d=(unsigned char)0;  }
    
    // Add more significant word: 
    uint32 word = uint32(len >> 32);
    d+=3;
    *(d--)=(unsigned char)(word & 0xffU);  word>>=8;
    *(d--)=(unsigned char)(word & 0xffU);  word>>=8;
    *(d--)=(unsigned char)(word & 0xffU);  word>>=8;
    *(d  )=(unsigned char)(word & 0xffU);
    
    // Add less significant word: 
    word = uint32(len & 0xffffffffLLU);
    d+=7;
    *(d--)=(unsigned char)(word & 0xffU);  word>>=8;
    *(d--)=(unsigned char)(word & 0xffU);  word>>=8;
    *(d--)=(unsigned char)(word & 0xffU);  word>>=8;
    *(d  )=(unsigned char)(word & 0xffU);
    
    AtomicHash(tmpbuf,w);
    tmp_size=0;
}

---