mirror of
https://github.com/lcn2/calc.git
synced 2025-08-16 01:03:29 +03:00
db77e29a23
Converted all ASCII tabs to ASCII spaces using a 8 character tab stop, for all files, except for all Makefiles (plus rpm.mk). The `git diff -w` reports no changes.
718 lines
22 KiB
C
718 lines
22 KiB
C
/*
|
|
* sha1 - implements new NIST Secure Hash Standard-1 (SHA1)
|
|
*
|
|
* Written 2 September 1992, Peter C. Gutmann.
|
|
*
|
|
* This file is not covered under version 2.1 of the GNU LGPL.
|
|
* This file is covered under "The unlicense":
|
|
*
|
|
* https://unlicense.org
|
|
*
|
|
* In particular:
|
|
*
|
|
* This is free and unencumbered software released into the public domain.
|
|
*
|
|
* Anyone is free to copy, modify, publish, use, compile, sell, or
|
|
* distribute this software, either in source code form or as a compiled
|
|
* binary, for any purpose, commercial or non-commercial, and by any
|
|
* means.
|
|
*
|
|
* In jurisdictions that recognize copyright laws, the author or authors
|
|
* of this software dedicate any and all copyright interest in the
|
|
* software to the public domain. We make this dedication for the benefit
|
|
* of the public at large and to the detriment of our heirs and
|
|
* successors. We intend this dedication to be an overt act of
|
|
* relinquishment in perpetuity of all present and future rights to this
|
|
* software under copyright law.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
|
* IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
|
|
* OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
|
|
* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
|
* OTHER DEALINGS IN THE SOFTWARE.
|
|
*
|
|
* For more information, please refer to <http://unlicense.org/>
|
|
*/
|
|
|
|
|
|
#include <stdio.h>
|
|
#include "alloc.h"
|
|
#include "longbits.h"
|
|
#include "align32.h"
|
|
#include "endian_calc.h"
|
|
#include "value.h"
|
|
#include "hash.h"
|
|
#include "sha1.h"
|
|
|
|
|
|
#include "errtbl.h"
|
|
#include "banned.h" /* include after system header <> includes */
|
|
|
|
|
|
/*
|
|
* The SHA1 f()-functions. The f1 and f3 functions can be optimized
|
|
* to save one boolean operation each - thanks to Rich Schroeppel,
|
|
* rcs@cs.arizona.edu for discovering this.
|
|
*
|
|
* f1: ((x&y) | (~x&z)) == (z ^ (x&(y^z)))
|
|
* f3: ((x&y) | (x&z) | (y&z)) == ((x&y) | (z&(x|y)))
|
|
*/
|
|
#define f1(x,y,z) (z ^ (x&(y^z))) /* Rounds 0-19 */
|
|
#define f2(x,y,z) (x^y^z) /* Rounds 20-39 */
|
|
#define f3(x,y,z) ((x&y) | (z&(x|y))) /* Rounds 40-59 */
|
|
#define f4(x,y,z) (x^y^z) /* Rounds 60-79 */
|
|
|
|
/* The SHA1 Mysterious Constants */
|
|
#define K1 0x5A827999L /* Rounds 0-19 */
|
|
#define K2 0x6ED9EBA1L /* Rounds 20-39 */
|
|
#define K3 0x8F1BBCDCL /* Rounds 40-59 */
|
|
#define K4 0xCA62C1D6L /* Rounds 60-79 */
|
|
|
|
/* SHA1 initial values */
|
|
#define h0init 0x67452301L
|
|
#define h1init 0xEFCDAB89L
|
|
#define h2init 0x98BADCFEL
|
|
#define h3init 0x10325476L
|
|
#define h4init 0xC3D2E1F0L
|
|
|
|
/* 32-bit rotate left - kludged with shifts */
|
|
#define LEFT_ROT(X,n) (((X)<<(n)) | ((X)>>(32-(n))))
|
|
|
|
/*
|
|
*
|
|
* The initial expanding function. The hash function is defined over an
|
|
* 80-word expanded input array W, where the first 16 are copies of the input
|
|
* data, and the remaining 64 are defined by
|
|
*
|
|
* W[i] = LEFT_ROT(W[i-16] ^ W[i-14] ^ W[i-8] ^ W[i-3], 1)
|
|
*
|
|
* NOTE: The expanding function used in rounds 16 to 79 was changed from the
|
|
* original SHA (in FIPS Pub 180) to one that also left circular shifted
|
|
* by one bit for Secure Hash Algorithm-1 (FIPS Pub 180-1).
|
|
*/
|
|
#define exor(W,i,t) \
|
|
(t = (W[i&15] ^ W[(i-14)&15] ^ W[(i-8)&15] ^ W[(i-3)&15]), \
|
|
W[i&15] = LEFT_ROT(t, 1))
|
|
|
|
/*
|
|
* The prototype SHA1 sub-round. The fundamental sub-round is:
|
|
*
|
|
* a' = e + LEFT_ROT(a,5) + f(b,c,d) + k + data;
|
|
* b' = a;
|
|
* c' = LEFT_ROT(b,30);
|
|
* d' = c;
|
|
* e' = d;
|
|
*
|
|
* but this is implemented by unrolling the loop 5 times and renaming the
|
|
* variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
|
|
* This code is then replicated 20 times for each of the 4 functions, using
|
|
* the next 20 values from the W[] array each time.
|
|
*/
|
|
#define subRound(a, b, c, d, e, f, k, data) \
|
|
(e += LEFT_ROT(a,5) + f(b,c,d) + k + data, b = LEFT_ROT(b,30))
|
|
|
|
/* forward declarations */
|
|
S_FUNC void sha1Init(HASH*);
|
|
S_FUNC void sha1Transform(USB32*, USB32*);
|
|
S_FUNC void sha1Update(HASH*, USB8*, USB32);
|
|
S_FUNC void sha1Final(HASH*);
|
|
S_FUNC void sha1_chkpt(HASH*);
|
|
S_FUNC void sha1_note(int, HASH*);
|
|
S_FUNC void sha1_type(int, HASH*);
|
|
void sha1_init_state(HASH*);
|
|
S_FUNC ZVALUE sha1_final_state(HASH*);
|
|
S_FUNC int sha1_cmp(HASH*, HASH*);
|
|
S_FUNC void sha1_print(HASH*);
|
|
|
|
|
|
/*
|
|
* sha1Init - initialize the SHA1 state
|
|
*/
|
|
S_FUNC void
|
|
sha1Init(HASH *state)
|
|
{
|
|
SHA1_INFO *dig = &state->h_union.h_sha1; /* digest state */
|
|
|
|
/* Set the h-vars to their initial values */
|
|
dig->digest[0] = h0init;
|
|
dig->digest[1] = h1init;
|
|
dig->digest[2] = h2init;
|
|
dig->digest[3] = h3init;
|
|
dig->digest[4] = h4init;
|
|
|
|
/* Initialize bit count */
|
|
dig->countLo = 0;
|
|
dig->countHi = 0;
|
|
dig->datalen = 0;
|
|
}
|
|
|
|
|
|
/*
|
|
* sha1Transform - perform the SHA1 transformation
|
|
*
|
|
* Note that this code, like MD5, seems to break some optimizing compilers.
|
|
* It may be necessary to split it into sections, e.g., based on the four
|
|
* sub-rounds. One may also want to roll each sub-round into a loop.
|
|
*/
|
|
S_FUNC void
|
|
sha1Transform(USB32 *digest, USB32 *W)
|
|
{
|
|
USB32 A, B, C, D, E; /* Local vars */
|
|
USB32 t; /* temp storage for exor() */
|
|
|
|
/* Set up first buffer and local data buffer */
|
|
A = digest[0];
|
|
B = digest[1];
|
|
C = digest[2];
|
|
D = digest[3];
|
|
E = digest[4];
|
|
|
|
/* Heavy mangling, in 4 sub-rounds of 20 iterations each. */
|
|
subRound(A, B, C, D, E, f1, K1, W[ 0]);
|
|
subRound(E, A, B, C, D, f1, K1, W[ 1]);
|
|
subRound(D, E, A, B, C, f1, K1, W[ 2]);
|
|
subRound(C, D, E, A, B, f1, K1, W[ 3]);
|
|
subRound(B, C, D, E, A, f1, K1, W[ 4]);
|
|
subRound(A, B, C, D, E, f1, K1, W[ 5]);
|
|
subRound(E, A, B, C, D, f1, K1, W[ 6]);
|
|
subRound(D, E, A, B, C, f1, K1, W[ 7]);
|
|
subRound(C, D, E, A, B, f1, K1, W[ 8]);
|
|
subRound(B, C, D, E, A, f1, K1, W[ 9]);
|
|
subRound(A, B, C, D, E, f1, K1, W[10]);
|
|
subRound(E, A, B, C, D, f1, K1, W[11]);
|
|
subRound(D, E, A, B, C, f1, K1, W[12]);
|
|
subRound(C, D, E, A, B, f1, K1, W[13]);
|
|
subRound(B, C, D, E, A, f1, K1, W[14]);
|
|
subRound(A, B, C, D, E, f1, K1, W[15]);
|
|
subRound(E, A, B, C, D, f1, K1, exor(W,16,t));
|
|
subRound(D, E, A, B, C, f1, K1, exor(W,17,t));
|
|
subRound(C, D, E, A, B, f1, K1, exor(W,18,t));
|
|
subRound(B, C, D, E, A, f1, K1, exor(W,19,t));
|
|
|
|
subRound(A, B, C, D, E, f2, K2, exor(W,20,t));
|
|
subRound(E, A, B, C, D, f2, K2, exor(W,21,t));
|
|
subRound(D, E, A, B, C, f2, K2, exor(W,22,t));
|
|
subRound(C, D, E, A, B, f2, K2, exor(W,23,t));
|
|
subRound(B, C, D, E, A, f2, K2, exor(W,24,t));
|
|
subRound(A, B, C, D, E, f2, K2, exor(W,25,t));
|
|
subRound(E, A, B, C, D, f2, K2, exor(W,26,t));
|
|
subRound(D, E, A, B, C, f2, K2, exor(W,27,t));
|
|
subRound(C, D, E, A, B, f2, K2, exor(W,28,t));
|
|
subRound(B, C, D, E, A, f2, K2, exor(W,29,t));
|
|
subRound(A, B, C, D, E, f2, K2, exor(W,30,t));
|
|
subRound(E, A, B, C, D, f2, K2, exor(W,31,t));
|
|
subRound(D, E, A, B, C, f2, K2, exor(W,32,t));
|
|
subRound(C, D, E, A, B, f2, K2, exor(W,33,t));
|
|
subRound(B, C, D, E, A, f2, K2, exor(W,34,t));
|
|
subRound(A, B, C, D, E, f2, K2, exor(W,35,t));
|
|
subRound(E, A, B, C, D, f2, K2, exor(W,36,t));
|
|
subRound(D, E, A, B, C, f2, K2, exor(W,37,t));
|
|
subRound(C, D, E, A, B, f2, K2, exor(W,38,t));
|
|
subRound(B, C, D, E, A, f2, K2, exor(W,39,t));
|
|
|
|
subRound(A, B, C, D, E, f3, K3, exor(W,40,t));
|
|
subRound(E, A, B, C, D, f3, K3, exor(W,41,t));
|
|
subRound(D, E, A, B, C, f3, K3, exor(W,42,t));
|
|
subRound(C, D, E, A, B, f3, K3, exor(W,43,t));
|
|
subRound(B, C, D, E, A, f3, K3, exor(W,44,t));
|
|
subRound(A, B, C, D, E, f3, K3, exor(W,45,t));
|
|
subRound(E, A, B, C, D, f3, K3, exor(W,46,t));
|
|
subRound(D, E, A, B, C, f3, K3, exor(W,47,t));
|
|
subRound(C, D, E, A, B, f3, K3, exor(W,48,t));
|
|
subRound(B, C, D, E, A, f3, K3, exor(W,49,t));
|
|
subRound(A, B, C, D, E, f3, K3, exor(W,50,t));
|
|
subRound(E, A, B, C, D, f3, K3, exor(W,51,t));
|
|
subRound(D, E, A, B, C, f3, K3, exor(W,52,t));
|
|
subRound(C, D, E, A, B, f3, K3, exor(W,53,t));
|
|
subRound(B, C, D, E, A, f3, K3, exor(W,54,t));
|
|
subRound(A, B, C, D, E, f3, K3, exor(W,55,t));
|
|
subRound(E, A, B, C, D, f3, K3, exor(W,56,t));
|
|
subRound(D, E, A, B, C, f3, K3, exor(W,57,t));
|
|
subRound(C, D, E, A, B, f3, K3, exor(W,58,t));
|
|
subRound(B, C, D, E, A, f3, K3, exor(W,59,t));
|
|
|
|
subRound(A, B, C, D, E, f4, K4, exor(W,60,t));
|
|
subRound(E, A, B, C, D, f4, K4, exor(W,61,t));
|
|
subRound(D, E, A, B, C, f4, K4, exor(W,62,t));
|
|
subRound(C, D, E, A, B, f4, K4, exor(W,63,t));
|
|
subRound(B, C, D, E, A, f4, K4, exor(W,64,t));
|
|
subRound(A, B, C, D, E, f4, K4, exor(W,65,t));
|
|
subRound(E, A, B, C, D, f4, K4, exor(W,66,t));
|
|
subRound(D, E, A, B, C, f4, K4, exor(W,67,t));
|
|
subRound(C, D, E, A, B, f4, K4, exor(W,68,t));
|
|
subRound(B, C, D, E, A, f4, K4, exor(W,69,t));
|
|
subRound(A, B, C, D, E, f4, K4, exor(W,70,t));
|
|
subRound(E, A, B, C, D, f4, K4, exor(W,71,t));
|
|
subRound(D, E, A, B, C, f4, K4, exor(W,72,t));
|
|
subRound(C, D, E, A, B, f4, K4, exor(W,73,t));
|
|
subRound(B, C, D, E, A, f4, K4, exor(W,74,t));
|
|
subRound(A, B, C, D, E, f4, K4, exor(W,75,t));
|
|
subRound(E, A, B, C, D, f4, K4, exor(W,76,t));
|
|
subRound(D, E, A, B, C, f4, K4, exor(W,77,t));
|
|
subRound(C, D, E, A, B, f4, K4, exor(W,78,t));
|
|
subRound(B, C, D, E, A, f4, K4, exor(W,79,t));
|
|
|
|
/* Build message digest */
|
|
digest[0] += A;
|
|
digest[1] += B;
|
|
digest[2] += C;
|
|
digest[3] += D;
|
|
digest[4] += E;
|
|
}
|
|
|
|
|
|
/*
|
|
* sha1Update - update SHA1 with arbitrary length data
|
|
*/
|
|
void
|
|
sha1Update(HASH *state, USB8 *buffer, USB32 count)
|
|
{
|
|
SHA1_INFO *dig = &state->h_union.h_sha1; /* digest state */
|
|
USB32 datalen = dig->datalen;
|
|
USB32 cpylen;
|
|
#if CALC_BYTE_ORDER == LITTLE_ENDIAN
|
|
unsigned int i;
|
|
#endif
|
|
|
|
/*
|
|
* Update the full count, even if some of it is buffered for later
|
|
*/
|
|
SHA1COUNT(dig, count);
|
|
|
|
|
|
/* determine the size we need to copy */
|
|
cpylen = SHA1_CHUNKSIZE - datalen;
|
|
|
|
/* case: new data will not fill the buffer */
|
|
if (cpylen > count) {
|
|
memcpy((char *)dig->data+datalen,
|
|
(char *)buffer, count);
|
|
dig->datalen = datalen+count;
|
|
return;
|
|
}
|
|
|
|
/* case: buffer will be filled */
|
|
memcpy((char *)dig->data + datalen, (char *)buffer, cpylen);
|
|
|
|
/*
|
|
* Process data in SHA1_CHUNKSIZE chunks
|
|
*/
|
|
for (;;) {
|
|
#if CALC_BYTE_ORDER == LITTLE_ENDIAN
|
|
if (state->bytes) {
|
|
for (i=0; i < SHA1_CHUNKWORDS; ++i) {
|
|
SWAP_B8_IN_B32(dig->data+i, dig->data+i);
|
|
}
|
|
}
|
|
#endif
|
|
sha1Transform(dig->digest, dig->data);
|
|
buffer += cpylen;
|
|
count -= cpylen;
|
|
if (count < SHA1_CHUNKSIZE)
|
|
break;
|
|
cpylen = SHA1_CHUNKSIZE;
|
|
memcpy(dig->data, buffer, cpylen);
|
|
}
|
|
|
|
/*
|
|
* Handle any remaining bytes of data.
|
|
* This should only happen once on the final lot of data
|
|
*/
|
|
if (count > 0) {
|
|
memcpy((char *)dig->data, (char *)buffer, count);
|
|
}
|
|
dig->datalen = count;
|
|
}
|
|
|
|
|
|
/*
|
|
* sha1Final - perform final SHA1 transforms
|
|
*
|
|
* At this point we have less than a full chunk of data remaining
|
|
* (and possibly no data) in the sha1 state data buffer.
|
|
*
|
|
* First we append a final 0x80 byte.
|
|
*
|
|
* Next if we have more than 56 bytes, we will zero fill the remainder
|
|
* of the chunk, transform and then zero fill the first 56 bytes.
|
|
* If we have 56 or fewer bytes, we will zero fill out to the 56th
|
|
* chunk byte. Regardless, we wind up with 56 bytes data.
|
|
*
|
|
* Finally we append the 64 bit length on to the 56 bytes of data
|
|
* remaining. This final chunk is transformed.
|
|
*/
|
|
|
|
void
|
|
sha1Final(HASH *state)
|
|
{
|
|
SHA1_INFO *dig = &state->h_union.h_sha1; /* digest state */
|
|
long count = (long)(dig->datalen);
|
|
USB32 lowBitcount;
|
|
USB32 highBitcount;
|
|
USB8 *data = (USB8 *) dig->data;
|
|
#if CALC_BYTE_ORDER == LITTLE_ENDIAN
|
|
unsigned int i;
|
|
#endif
|
|
|
|
/* Pad to end of chunk */
|
|
|
|
memset(data + count, 0, SHA1_CHUNKSIZE - count);
|
|
|
|
/*
|
|
* If processing bytes, set the first byte of padding to 0x80.
|
|
* if processing words: on a big-endian machine set the first
|
|
* byte of padding to 0x80, on a little-endian machine set
|
|
* the first four bytes to 0x00000080
|
|
* This is safe since there is always at least one byte or word free
|
|
*/
|
|
|
|
memset(data + count, 0, SHA1_CHUNKSIZE - count);
|
|
|
|
#if CALC_BYTE_ORDER == LITTLE_ENDIAN
|
|
if (state->bytes) {
|
|
data[count] = 0x80;
|
|
for (i=0; i < SHA1_CHUNKWORDS; ++i) {
|
|
SWAP_B8_IN_B32(dig->data+i, dig->data+i);
|
|
}
|
|
} else {
|
|
if (count % 4) {
|
|
math_error("This should not happen in sha1Final");
|
|
not_reached();
|
|
}
|
|
data[count + 3] = 0x80;
|
|
}
|
|
#else
|
|
data[count] = 0x80;
|
|
#endif
|
|
|
|
if (count >= SHA1_CHUNKSIZE-8) {
|
|
sha1Transform(dig->digest, dig->data);
|
|
|
|
/* Now load another chunk with 56 bytes of padding */
|
|
memset(data, 0, SHA1_CHUNKSIZE-8);
|
|
}
|
|
|
|
/*
|
|
* Append length in bits and transform
|
|
*
|
|
* We assume that bit count is a multiple of 8 because we have
|
|
* only processed full bytes.
|
|
*/
|
|
highBitcount = dig->countHi;
|
|
lowBitcount = dig->countLo;
|
|
dig->data[SHA1_HIGH] = (highBitcount << 3) | (lowBitcount >> 29);
|
|
dig->data[SHA1_LOW] = (lowBitcount << 3);
|
|
sha1Transform(dig->digest, dig->data);
|
|
dig->datalen = 0;
|
|
}
|
|
|
|
|
|
/*
|
|
* sha1_chkpt - checkpoint a SHA1 state
|
|
*
|
|
* given:
|
|
* state the state to checkpoint
|
|
*
|
|
* This function will ensure that the hash chunk buffer is empty.
|
|
* Any partially hashed data will be padded out with 0's and hashed.
|
|
*/
|
|
S_FUNC void
|
|
sha1_chkpt(HASH *state)
|
|
{
|
|
SHA1_INFO *dig = &state->h_union.h_sha1; /* digest state */
|
|
#if CALC_BYTE_ORDER == LITTLE_ENDIAN
|
|
unsigned int i;
|
|
#endif
|
|
|
|
/*
|
|
* checkpoint if partial buffer exists
|
|
*/
|
|
if (dig->datalen > 0) {
|
|
|
|
/* pad to the end of the chunk */
|
|
memset((USB8 *)dig->data + dig->datalen, 0,
|
|
SHA1_CHUNKSIZE-dig->datalen);
|
|
#if CALC_BYTE_ORDER == LITTLE_ENDIAN
|
|
if (state->bytes) {
|
|
for (i=0; i < SHA1_CHUNKWORDS; ++i) {
|
|
SWAP_B8_IN_B32(dig->data+i, dig->data+i);
|
|
}
|
|
}
|
|
#endif
|
|
/* transform padded chunk */
|
|
sha1Transform(dig->digest, dig->data);
|
|
SHA1COUNT(dig, SHA1_CHUNKSIZE-dig->datalen);
|
|
|
|
/* empty buffer */
|
|
dig->datalen = 0;
|
|
}
|
|
return;
|
|
}
|
|
|
|
|
|
/*
|
|
* sha1_note - note a special value
|
|
*
|
|
* given:
|
|
* state the state to hash
|
|
* special a special value (SHA1_HASH_XYZ) to note
|
|
*
|
|
* This function will note that a special value is about to be hashed.
|
|
* Types include negative values, complex values, division, zero numeric
|
|
* and array of HALFs.
|
|
*/
|
|
S_FUNC void
|
|
sha1_note(int special, HASH *state)
|
|
{
|
|
SHA1_INFO *dig = &state->h_union.h_sha1; /* digest state */
|
|
unsigned int i;
|
|
|
|
/*
|
|
* change state to reflect a special value
|
|
*/
|
|
dig->digest[0] ^= special;
|
|
for (i=1; i < SHA1_DIGESTWORDS; ++i) {
|
|
dig->digest[i] ^= (special + dig->digest[i-1] + i);
|
|
}
|
|
return;
|
|
}
|
|
|
|
|
|
/*
|
|
* sha1_type - note a VALUE type
|
|
*
|
|
* given:
|
|
* state the state to hash
|
|
* type the VALUE type to note
|
|
*
|
|
* This function will note that a type of value is about to be hashed.
|
|
* The type of a VALUE will be noted. For purposes of hash comparison,
|
|
* we will do nothing with V_NUM and V_COM so that the other functions
|
|
* can hash to the same value regardless of if sha1_value() is called
|
|
* or not. We also do nothing with V_STR so that a hash of a string
|
|
* will produce the same value as the standard hash function.
|
|
*/
|
|
S_FUNC void
|
|
sha1_type(int type, HASH *state)
|
|
{
|
|
SHA1_INFO *dig = &state->h_union.h_sha1; /* digest state */
|
|
unsigned int i;
|
|
|
|
/*
|
|
* ignore NUMBER and COMPLEX
|
|
*/
|
|
if (type == V_NUM || type == V_COM || type == V_STR) {
|
|
return;
|
|
}
|
|
|
|
/*
|
|
* change state to reflect a VALUE type
|
|
*/
|
|
dig->digest[0] += type;
|
|
for (i=1; i < SHA1_DIGESTWORDS; ++i) {
|
|
dig->digest[i] += ((type+i) ^ dig->digest[i-1]);
|
|
}
|
|
return;
|
|
}
|
|
|
|
|
|
/*
|
|
* sha1_init_state - initialize a hash state structure for this hash
|
|
*
|
|
* given:
|
|
* state - pointer to the function element to initialize
|
|
*/
|
|
void
|
|
sha1_init_state(HASH *state)
|
|
{
|
|
/*
|
|
* initialize state
|
|
*/
|
|
state->hashtype = SHA1_HASH_TYPE;
|
|
state->bytes = true;
|
|
state->update = sha1Update;
|
|
state->chkpt = sha1_chkpt;
|
|
state->note = sha1_note;
|
|
state->type = sha1_type;
|
|
state->final = sha1_final_state;
|
|
state->cmp = sha1_cmp;
|
|
state->print = sha1_print;
|
|
state->base = SHA1_BASE;
|
|
state->chunksize = SHA1_CHUNKSIZE;
|
|
state->unionsize = sizeof(SHA1_INFO);
|
|
|
|
/*
|
|
* perform the internal init function
|
|
*/
|
|
memset((void *)&(state->h_union.h_sha1), 0, sizeof(SHA1_INFO));
|
|
sha1Init(state);
|
|
return;
|
|
}
|
|
|
|
|
|
/*
|
|
* sha1_final_state - complete hash state and return a ZVALUE
|
|
*
|
|
* given:
|
|
* state the state to complete and convert
|
|
*
|
|
* returns:
|
|
* a ZVALUE representing the state
|
|
*/
|
|
S_FUNC ZVALUE
|
|
sha1_final_state(HASH *state)
|
|
{
|
|
SHA1_INFO *dig = &state->h_union.h_sha1; /* digest state */
|
|
ZVALUE ret; /* return ZVALUE of completed hash state */
|
|
int i;
|
|
|
|
/*
|
|
* malloc and initialize if state is NULL
|
|
*/
|
|
if (state == NULL) {
|
|
state = (HASH *)malloc(sizeof(HASH));
|
|
if (state == NULL) {
|
|
math_error("cannot malloc HASH");
|
|
not_reached();
|
|
}
|
|
sha1_init_state(state);
|
|
}
|
|
|
|
/*
|
|
* complete the hash state
|
|
*/
|
|
sha1Final(state);
|
|
|
|
/*
|
|
* allocate storage for ZVALUE
|
|
*/
|
|
ret.len = SHA1_DIGESTSIZE/sizeof(HALF);
|
|
ret.sign = 0;
|
|
ret.v = alloc(ret.len);
|
|
|
|
/*
|
|
* load ZVALUE
|
|
*/
|
|
#if BASEB == 16 && CALC_BYTE_ORDER == LITTLE_ENDIAN
|
|
for (i=0; i < ret.len; i+=2) {
|
|
ret.v[ret.len-i-1] = ((HALF*)dig->digest)[i+1];
|
|
ret.v[ret.len-i-2] = ((HALF*)dig->digest)[i];
|
|
}
|
|
#else
|
|
for (i=0; i < ret.len; ++i) {
|
|
ret.v[ret.len-i-1] = ((HALF*)dig->digest)[i];
|
|
}
|
|
#endif
|
|
ztrim(&ret);
|
|
|
|
/*
|
|
* return ZVALUE
|
|
*/
|
|
return ret;
|
|
}
|
|
|
|
|
|
/*
|
|
* sha1_cmp - compare two hash states
|
|
*
|
|
* given:
|
|
* a first hash state
|
|
* b second hash state
|
|
*
|
|
* returns:
|
|
* true => hash states are different
|
|
* false => hash states are the same
|
|
*/
|
|
S_FUNC int
|
|
sha1_cmp(HASH *a, HASH *b)
|
|
{
|
|
/*
|
|
* firewall and quick check
|
|
*/
|
|
if (a == b) {
|
|
/* pointers to the same object */
|
|
return false;
|
|
}
|
|
if (a == NULL || b == NULL) {
|
|
/* one is NULL, so they differ */
|
|
return true;
|
|
}
|
|
|
|
/*
|
|
* compare data-reading modes
|
|
*/
|
|
if (a->bytes != b->bytes)
|
|
return true;
|
|
|
|
/*
|
|
* compare bit counts
|
|
*/
|
|
if (a->h_union.h_sha1.countLo != b->h_union.h_sha1.countLo ||
|
|
a->h_union.h_sha1.countHi != b->h_union.h_sha1.countHi) {
|
|
/* counts differ */
|
|
return true;
|
|
}
|
|
|
|
/*
|
|
* compare pending buffers
|
|
*/
|
|
if (a->h_union.h_sha1.datalen != b->h_union.h_sha1.datalen) {
|
|
/* buffer lengths differ */
|
|
return true;
|
|
}
|
|
if (memcmp((USB8*)a->h_union.h_sha1.data,
|
|
(USB8*)b->h_union.h_sha1.data,
|
|
a->h_union.h_sha1.datalen) != 0) {
|
|
/* buffer contents differ */
|
|
return true;
|
|
}
|
|
|
|
/*
|
|
* compare digest
|
|
*/
|
|
return (memcmp((USB8*)(a->h_union.h_sha1.digest),
|
|
(USB8*)(b->h_union.h_sha1.digest),
|
|
SHA1_DIGESTSIZE) != 0);
|
|
}
|
|
|
|
|
|
/*
|
|
* sha1_print - print a hash state
|
|
*
|
|
* given:
|
|
* state the hash state to print
|
|
*/
|
|
S_FUNC void
|
|
sha1_print(HASH *state)
|
|
{
|
|
/*
|
|
* form the hash value
|
|
*/
|
|
if (conf->calc_debug & CALCDBG_HASH_STATE) {
|
|
char buf[DEBUG_SIZE+1]; /* hash value buffer */
|
|
|
|
/*
|
|
* print numeric debug value
|
|
*
|
|
* NOTE: This value represents only the hash value as of
|
|
* the last full update or finalization. Thus it
|
|
* may NOT be the actual hash value.
|
|
*/
|
|
snprintf(buf, DEBUG_SIZE,
|
|
"sha1: 0x%08x%08x%08x%08x%08x data: %d octets",
|
|
(int)state->h_union.h_sha1.digest[0],
|
|
(int)state->h_union.h_sha1.digest[1],
|
|
(int)state->h_union.h_sha1.digest[2],
|
|
(int)state->h_union.h_sha1.digest[3],
|
|
(int)state->h_union.h_sha1.digest[4],
|
|
(int)state->h_union.h_sha1.datalen);
|
|
buf[DEBUG_SIZE] = '\0'; /* paranoia */
|
|
math_str(buf);
|
|
} else {
|
|
math_str("sha1 hash state");
|
|
}
|
|
return;
|
|
}
|