1/* sha.c
2**
3** Copyright 2013, The Android Open Source Project
4**
5** Redistribution and use in source and binary forms, with or without
6** modification, are permitted provided that the following conditions are met:
7**     * Redistributions of source code must retain the above copyright
8**       notice, this list of conditions and the following disclaimer.
9**     * Redistributions in binary form must reproduce the above copyright
10**       notice, this list of conditions and the following disclaimer in the
11**       documentation and/or other materials provided with the distribution.
12**     * Neither the name of Google Inc. nor the names of its contributors may
13**       be used to endorse or promote products derived from this software
14**       without specific prior written permission.
15**
16** THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
17** IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18** MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19** EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20** SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22** OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23** WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24** OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25** ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26*/
27
28// Optimized for minimal code size.
29
30#include "mincrypt/sha.h"
31
32#include <stdio.h>
33#include <string.h>
34#include <stdint.h>
35
36#define rol(bits, value) (((value) << (bits)) | ((value) >> (32 - (bits))))
37
38static void SHA1_Transform(SHA_CTX* ctx) {
39    uint32_t W[80];
40    uint32_t A, B, C, D, E;
41    uint8_t* p = ctx->buf;
42    int t;
43
44    for(t = 0; t < 16; ++t) {
45        uint32_t tmp =  *p++ << 24;
46        tmp |= *p++ << 16;
47        tmp |= *p++ << 8;
48        tmp |= *p++;
49        W[t] = tmp;
50    }
51
52    for(; t < 80; t++) {
53        W[t] = rol(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
54    }
55
56    A = ctx->state[0];
57    B = ctx->state[1];
58    C = ctx->state[2];
59    D = ctx->state[3];
60    E = ctx->state[4];
61
62    for(t = 0; t < 80; t++) {
63        uint32_t tmp = rol(5,A) + E + W[t];
64
65        if (t < 20)
66            tmp += (D^(B&(C^D))) + 0x5A827999;
67        else if ( t < 40)
68            tmp += (B^C^D) + 0x6ED9EBA1;
69        else if ( t < 60)
70            tmp += ((B&C)|(D&(B|C))) + 0x8F1BBCDC;
71        else
72            tmp += (B^C^D) + 0xCA62C1D6;
73
74        E = D;
75        D = C;
76        C = rol(30,B);
77        B = A;
78        A = tmp;
79    }
80
81    ctx->state[0] += A;
82    ctx->state[1] += B;
83    ctx->state[2] += C;
84    ctx->state[3] += D;
85    ctx->state[4] += E;
86}
87
88static const HASH_VTAB SHA_VTAB = {
89    SHA_init,
90    SHA_update,
91    SHA_final,
92    SHA_hash,
93    SHA_DIGEST_SIZE
94};
95
96void SHA_init(SHA_CTX* ctx) {
97    ctx->f = &SHA_VTAB;
98    ctx->state[0] = 0x67452301;
99    ctx->state[1] = 0xEFCDAB89;
100    ctx->state[2] = 0x98BADCFE;
101    ctx->state[3] = 0x10325476;
102    ctx->state[4] = 0xC3D2E1F0;
103    ctx->count = 0;
104}
105
106
107void SHA_update(SHA_CTX* ctx, const void* data, int len) {
108    int i = (int) (ctx->count & 63);
109    const uint8_t* p = (const uint8_t*)data;
110
111    ctx->count += len;
112
113    while (len--) {
114        ctx->buf[i++] = *p++;
115        if (i == 64) {
116            SHA1_Transform(ctx);
117            i = 0;
118        }
119    }
120}
121
122
123const uint8_t* SHA_final(SHA_CTX* ctx) {
124    uint8_t *p = ctx->buf;
125    uint64_t cnt = ctx->count * 8;
126    int i;
127
128    SHA_update(ctx, (uint8_t*)"\x80", 1);
129    while ((ctx->count & 63) != 56) {
130        SHA_update(ctx, (uint8_t*)"\0", 1);
131    }
132    for (i = 0; i < 8; ++i) {
133        uint8_t tmp = (uint8_t) (cnt >> ((7 - i) * 8));
134        SHA_update(ctx, &tmp, 1);
135    }
136
137    for (i = 0; i < 5; i++) {
138        uint32_t tmp = ctx->state[i];
139        *p++ = tmp >> 24;
140        *p++ = tmp >> 16;
141        *p++ = tmp >> 8;
142        *p++ = tmp >> 0;
143    }
144
145    return ctx->buf;
146}
147
148/* Convenience function */
149const uint8_t* SHA_hash(const void* data, int len, uint8_t* digest) {
150    SHA_CTX ctx;
151    SHA_init(&ctx);
152    SHA_update(&ctx, data, len);
153    memcpy(digest, SHA_final(&ctx), SHA_DIGEST_SIZE);
154    return digest;
155}
156