added sha1 (secure hash function).

28 years ago · b7afb98f44
--- a/src/lib/libc/hash/Makefile.inc
+++ b/src/lib/libc/hash/Makefile.inc
@ -0,0 +1,7 @@
 #	$OpenBSD: Makefile.inc,v 1.1 1996/09/29 16:15:04 millert Exp $

 # hash functions
 .PATH: ${.CURDIR}/hash

 SRCS+=	sha1.c
 #MAN+=	sha1.3
--- a/src/lib/libc/hash/sha1.c
+++ b/src/lib/libc/hash/sha1.c
@ -0,0 +1,353 @@
 #if defined(LIBC_SCCS) && !defined(lint)
 static char rcsid[] = "$OpenBSD: sha1.c,v 1.1 1996/09/29 16:15:05 millert Exp $";
 #endif /* LIBC_SCCS and not lint */

 /*
 * sha1.c
 *
 *	signature function hook for SHA1.
 *
 * Gene Kim
 * Purdue University
 * August 10, 1993
 */

 /* --------------------------------- SHA1.C ------------------------------- */

 /* NIST proposed Secure Hash Standard.

   Written 2 September 1992, Peter C. Gutmann.
   This implementation placed in the public domain.

   Comments to pgut1@cs.aukuni.ac.nz */

 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sha1.h>
 #ifdef TEST
 #include <time.h>
 #endif


 /* The SHA1 f()-functions */

 #define f1(x,y,z)   ( ( x & y ) | ( ~x & z ) )              /* Rounds  0-19 */
 #define f2(x,y,z)   ( x ^ y ^ z )                           /* Rounds 20-39 */
 #define f3(x,y,z)   ( ( x & y ) | ( x & z ) | ( y & z ) )   /* Rounds 40-59 */
 #define f4(x,y,z)   ( x ^ y ^ z )                           /* Rounds 60-79 */

 /* The SHA1 Mysterious Constants */

 #define K1  0x5A827999L     /* Rounds  0-19 */
 #define K2  0x6ED9EBA1L     /* Rounds 20-39 */
 #define K3  0x8F1BBCDCL     /* Rounds 40-59 */
 #define K4  0xCA62C1D6L     /* Rounds 60-79 */

 /* SHA1 initial values */

 #define h0init  0x67452301L
 #define h1init  0xEFCDAB89L
 #define h2init  0x98BADCFEL
 #define h3init  0x10325476L
 #define h4init  0xC3D2E1F0L

 /* 32-bit rotate - kludged with shifts */

 #define S(n,X)  ( ( X << n ) | ( X >> ( 32 - n ) ) )

 /* The initial expanding function */

 #ifdef NEW_SHA1
 #define expand(count)   temp = W[ count - 3 ] ^ W[ count - 8 ] ^ W[ count - 14 ] ^ W[ count - 16 ];W[ count ] = S(1, temp)
 #else
 #define expand(count)   W[ count ] = W[ count - 3 ] ^ W[ count - 8 ] ^ W[ count - 14 ] ^ W[ count - 16 ]
 #endif

 /* The four SHA1 sub-rounds */

 #define subRound1(count)    \
    { \
    temp = S( 5, A ) + f1( B, C, D ) + E + W[ count ] + K1; \
    E = D; \
    D = C; \
    C = S( 30, B ); \
    B = A; \
    A = temp; \
    }

 #define subRound2(count)    \
    { \
    temp = S( 5, A ) + f2( B, C, D ) + E + W[ count ] + K2; \
    E = D; \
    D = C; \
    C = S( 30, B ); \
    B = A; \
    A = temp; \
    }

 #define subRound3(count)    \
    { \
    temp = S( 5, A ) + f3( B, C, D ) + E + W[ count ] + K3; \
    E = D; \
    D = C; \
    C = S( 30, B ); \
    B = A; \
    A = temp; \
    }

 #define subRound4(count)    \
    { \
    temp = S( 5, A ) + f4( B, C, D ) + E + W[ count ] + K4; \
    E = D; \
    D = C; \
    C = S( 30, B ); \
    B = A; \
    A = temp; \
    }

 /* The two buffers of 5 32-bit words */

 LONG h0, h1, h2, h3, h4;
 LONG A, B, C, D, E;

 /* Initialize the SHA1 values */

 void sha1Init(sha1Info)
    SHA1_INFO *sha1Info;
    {
    /* Set the h-vars to their initial values */
    sha1Info->digest[ 0 ] = h0init;
    sha1Info->digest[ 1 ] = h1init;
    sha1Info->digest[ 2 ] = h2init;
    sha1Info->digest[ 3 ] = h3init;
    sha1Info->digest[ 4 ] = h4init;

    /* Initialise bit count */
    sha1Info->countLo = sha1Info->countHi = 0L;
    }

 /* Perform the SHA1 transformation.  Note that this code, like MD5, seems to
   break some optimizing compilers - it may be necessary to split it into
   sections, eg based on the four subrounds */

 void sha1Transform(sha1Info)
    SHA1_INFO *sha1Info;
    {
    LONG W[ 80 ], temp;
    int i;

    /* Step A.  Copy the data buffer into the local work buffer */
    for( i = 0; i < 16; i++ )
 	W[ i ] = sha1Info->data[ i ];

    /* Step B.  Expand the 16 words into 64 temporary data words */
    expand( 16 ); expand( 17 ); expand( 18 ); expand( 19 ); expand( 20 );
    expand( 21 ); expand( 22 ); expand( 23 ); expand( 24 ); expand( 25 );
    expand( 26 ); expand( 27 ); expand( 28 ); expand( 29 ); expand( 30 );
    expand( 31 ); expand( 32 ); expand( 33 ); expand( 34 ); expand( 35 );
    expand( 36 ); expand( 37 ); expand( 38 ); expand( 39 ); expand( 40 );
    expand( 41 ); expand( 42 ); expand( 43 ); expand( 44 ); expand( 45 );
    expand( 46 ); expand( 47 ); expand( 48 ); expand( 49 ); expand( 50 );
    expand( 51 ); expand( 52 ); expand( 53 ); expand( 54 ); expand( 55 );
    expand( 56 ); expand( 57 ); expand( 58 ); expand( 59 ); expand( 60 );
    expand( 61 ); expand( 62 ); expand( 63 ); expand( 64 ); expand( 65 );
    expand( 66 ); expand( 67 ); expand( 68 ); expand( 69 ); expand( 70 );
    expand( 71 ); expand( 72 ); expand( 73 ); expand( 74 ); expand( 75 );
    expand( 76 ); expand( 77 ); expand( 78 ); expand( 79 );

    /* Step C.  Set up first buffer */
    A = sha1Info->digest[ 0 ];
    B = sha1Info->digest[ 1 ];
    C = sha1Info->digest[ 2 ];
    D = sha1Info->digest[ 3 ];
    E = sha1Info->digest[ 4 ];

    /* Step D.  Serious mangling, divided into four sub-rounds */
    subRound1( 0 ); subRound1( 1 ); subRound1( 2 ); subRound1( 3 );
    subRound1( 4 ); subRound1( 5 ); subRound1( 6 ); subRound1( 7 );
    subRound1( 8 ); subRound1( 9 ); subRound1( 10 ); subRound1( 11 );
    subRound1( 12 ); subRound1( 13 ); subRound1( 14 ); subRound1( 15 );
    subRound1( 16 ); subRound1( 17 ); subRound1( 18 ); subRound1( 19 );
    subRound2( 20 ); subRound2( 21 ); subRound2( 22 ); subRound2( 23 );
    subRound2( 24 ); subRound2( 25 ); subRound2( 26 ); subRound2( 27 );
    subRound2( 28 ); subRound2( 29 ); subRound2( 30 ); subRound2( 31 );
    subRound2( 32 ); subRound2( 33 ); subRound2( 34 ); subRound2( 35 );
    subRound2( 36 ); subRound2( 37 ); subRound2( 38 ); subRound2( 39 );
    subRound3( 40 ); subRound3( 41 ); subRound3( 42 ); subRound3( 43 );
    subRound3( 44 ); subRound3( 45 ); subRound3( 46 ); subRound3( 47 );
    subRound3( 48 ); subRound3( 49 ); subRound3( 50 ); subRound3( 51 );
    subRound3( 52 ); subRound3( 53 ); subRound3( 54 ); subRound3( 55 );
    subRound3( 56 ); subRound3( 57 ); subRound3( 58 ); subRound3( 59 );
    subRound4( 60 ); subRound4( 61 ); subRound4( 62 ); subRound4( 63 );
    subRound4( 64 ); subRound4( 65 ); subRound4( 66 ); subRound4( 67 );
    subRound4( 68 ); subRound4( 69 ); subRound4( 70 ); subRound4( 71 );
    subRound4( 72 ); subRound4( 73 ); subRound4( 74 ); subRound4( 75 );
    subRound4( 76 ); subRound4( 77 ); subRound4( 78 ); subRound4( 79 );

    /* Step E.  Build message digest */
    sha1Info->digest[ 0 ] += A;
    sha1Info->digest[ 1 ] += B;
    sha1Info->digest[ 2 ] += C;
    sha1Info->digest[ 3 ] += D;
    sha1Info->digest[ 4 ] += E;
    }

 #if BYTE_ORDER == LITTLE_ENDIAN

 /* When run on a little-endian CPU we need to perform byte reversal on an
   array of longwords.  It is possible to make the code endianness-
   independant by fiddling around with data at the byte level, but this
   makes for very slow code, so we rely on the user to sort out endianness
   at compile time */

 static void byteReverse(buffer, byteCount)
    LONG *buffer;
    int byteCount;
    {
    LONG value;
    int count;

    byteCount /= sizeof( LONG );
    for( count = 0; count < byteCount; count++ )
 	{
 	value = ( buffer[ count ] << 16 ) | ( buffer[ count ] >> 16 );
 	buffer[ count ] = ( ( value & 0xFF00FF00L ) >> 8 ) | ( ( value & 0x00FF00FFL ) << 8 );
 	}
    }
 #endif /* LITTLE_ENDIAN */

 /* Update SHA1 for a block of data.  This code assumes that the buffer size
   is a multiple of SHA1_BLOCKSIZE bytes long, which makes the code a lot
   more efficient since it does away with the need to handle partial blocks
   between calls to sha1Update() */

 void sha1Update(sha1Info, buffer, count)
    SHA1_INFO *sha1Info;
    BYTE *buffer; 
    int count;
    {
    /* Update bitcount */
    if( ( sha1Info->countLo + ( ( LONG ) count << 3 ) ) < sha1Info->countLo )
 	sha1Info->countHi++; /* Carry from low to high bitCount */
    sha1Info->countLo += ( ( LONG ) count << 3 );
    sha1Info->countHi += ( ( LONG ) count >> 29 );

    /* Process data in SHA1_BLOCKSIZE chunks */
    while( count >= SHA1_BLOCKSIZE )
 	{
 	memcpy( (void *) sha1Info->data, (void *) buffer, SHA1_BLOCKSIZE );
 #if BYTE_ORDER == LITTLE_ENDIAN
 	byteReverse( sha1Info->data, SHA1_BLOCKSIZE );
 #endif /* LITTLE_ENDIAN */
 	sha1Transform( sha1Info );
 	buffer += SHA1_BLOCKSIZE;
 	count -= SHA1_BLOCKSIZE;
 	}

    /* Handle any remaining bytes of data.  This should only happen once
       on the final lot of data */
    memcpy( (void *) sha1Info->data, (void *) buffer, count );
    }

 void sha1Final(sha1Info)
    SHA1_INFO *sha1Info;
    {
    int count;
    LONG lowBitcount = sha1Info->countLo, highBitcount = sha1Info->countHi;

    /* Compute number of bytes mod 64 */
    count = ( int ) ( ( sha1Info->countLo >> 3 ) & 0x3F );

    /* Set the first char of padding to 0x80.  This is safe since there is
       always at least one byte free */
    ( ( BYTE * ) sha1Info->data )[ count++ ] = 0x80;

    /* Pad out to 56 mod 64 */
    if( count > 56 )
 	{
 	/* Two lots of padding:  Pad the first block to 64 bytes */
 	memset( ( void * ) sha1Info->data + count, 0, 64 - count );
 #if BYTE_ORDER == LITTLE_ENDIAN
 	byteReverse( sha1Info->data, SHA1_BLOCKSIZE );
 #endif /* LITTLE_ENDIAN */
 	sha1Transform( sha1Info );

 	/* Now fill the next block with 56 bytes */
 	memset( (void *) sha1Info->data, 0, 56 );
 	}
    else
 	/* Pad block to 56 bytes */
 	memset( ( void * ) sha1Info->data + count, 0, 56 - count );
 #if BYTE_ORDER == LITTLE_ENDIAN
    byteReverse( sha1Info->data, SHA1_BLOCKSIZE );
 #endif /* LITTLE_ENDIAN */

    /* Append length in bits and transform */
    sha1Info->data[ 14 ] = highBitcount;
    sha1Info->data[ 15 ] = lowBitcount;

    sha1Transform( sha1Info );
 #if BYTE_ORDER == LITTLE_ENDIAN
    byteReverse( sha1Info->data, SHA1_DIGESTSIZE );
 #endif /* LITTLE_ENDIAN */
    }

 #ifdef TEST

 /* ----------------------------- SHA1 Test code --------------------------- */

 /* Size of buffer for SHA1 speed test data */

 #define TEST_BLOCK_SIZE     ( SHA1_DIGESTSIZE * 100 )

 /* Number of bytes of test data to process */

 #define TEST_BYTES          10000000L
 #define TEST_BLOCKS         ( TEST_BYTES / TEST_BLOCK_SIZE )

 void main()
    {
    SHA1_INFO sha1Info;
    time_t endTime, startTime;
    BYTE data[ TEST_BLOCK_SIZE ];
    long i;

    /* Test output data (this is the only test data given in the SHA1
       document, but chances are if it works for this it'll work for
       anything) */
    sha1Init( &sha1Info );
    sha1Update( &sha1Info, ( BYTE * ) "abc", 3 );
    sha1Final( &sha1Info );
    if( sha1Info.digest[ 0 ] != 0x0164B8A9L ||
 	sha1Info.digest[ 1 ] != 0x14CD2A5EL ||
 	sha1Info.digest[ 2 ] != 0x74C4F7FFL ||
 	sha1Info.digest[ 3 ] != 0x082C4D97L ||
 	sha1Info.digest[ 4 ] != 0xF1EDF880L )
 	{
 	puts( "Error in SHA1 implementation" );
 	exit( -1 );
 	}

    /* Now perform time trial, generating MD for 10MB of data.  First,
       initialize the test data */
    memset( data, 0, TEST_BLOCK_SIZE );

    /* Get start time */
    printf( "SHA1 time trial.  Processing %ld characters...\n", TEST_BYTES );
    time( &startTime );

    /* Calculate SHA1 message digest in TEST_BLOCK_SIZE byte blocks */
    sha1Init( &sha1Info );
    for( i = TEST_BLOCKS; i > 0; i-- )
 	sha1Update( &sha1Info, data, TEST_BLOCK_SIZE );
    sha1Final( &sha1Info );

    /* Get finish time and time difference */
    time( &endTime );
    printf( "Seconds to process test input: %ld\n", endTime - startTime );
    printf( "Characters processed per second: %ld\n", TEST_BYTES / ( endTime - startTime ) );
    }

 #endif