/src/dropbear/libtomcrypt/src/hashes/sha1.c

Source (jump to first uncovered line)
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
 *
 * LibTomCrypt is a library that provides various cryptographic
 * algorithms in a highly modular and flexible manner.
 *
 * The library is free for all purposes without any express
 * guarantee it works.
 */
#include "tomcrypt.h"

/**
  @file sha1.c
  LTC_SHA1 code by Tom St Denis
*/


#ifdef LTC_SHA1

const struct ltc_hash_descriptor sha1_desc =
{
    "sha1",
    2,
    20,
    64,

    /* OID */
   { 1, 3, 14, 3, 2, 26,  },
   6,

    &sha1_init,
    &sha1_process,
    &sha1_done,
    &sha1_test,
    NULL
};

#define F0(x,y,z)  (z ^ (x & (y ^ z)))
#define F1(x,y,z)  (x ^ y ^ z)
#define F2(x,y,z)  ((x & y) | (z & (x | y)))
#define F3(x,y,z)  (x ^ y ^ z)

#ifdef LTC_CLEAN_STACK
static int _sha1_compress(hash_state *md, unsigned char *buf)
#else
static int  sha1_compress(hash_state *md, unsigned char *buf)
#endif
{
    ulong32 a,b,c,d,e,W[80],i;
#ifdef LTC_SMALL_CODE
    ulong32 t;
#endif

    /* copy the state into 512-bits into W[0..15] */
    for (i = 0; i < 16; i++) {
        LOAD32H(W[i], buf + (4*i));
    }

    /* copy state */
    a = md->sha1.state[0];
    b = md->sha1.state[1];
    c = md->sha1.state[2];
    d = md->sha1.state[3];
    e = md->sha1.state[4];

    /* expand it */
    for (i = 16; i < 80; i++) {
        W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1);
    }

    /* compress */
    /* round one */
    #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30);
    #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30);
    #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30);
    #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30);

#ifdef LTC_SMALL_CODE

    for (i = 0; i < 20; ) {
       FF0(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
    }

    for (; i < 40; ) {
       FF1(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
    }

    for (; i < 60; ) {
       FF2(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
    }

    for (; i < 80; ) {
       FF3(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
    }

#else

    for (i = 0; i < 20; ) {
       FF0(a,b,c,d,e,i++);
       FF0(e,a,b,c,d,i++);
       FF0(d,e,a,b,c,i++);
       FF0(c,d,e,a,b,i++);
       FF0(b,c,d,e,a,i++);
    }

    /* round two */
    for (; i < 40; )  {
       FF1(a,b,c,d,e,i++);
       FF1(e,a,b,c,d,i++);
       FF1(d,e,a,b,c,i++);
       FF1(c,d,e,a,b,i++);
       FF1(b,c,d,e,a,i++);
    }

    /* round three */
    for (; i < 60; )  {
       FF2(a,b,c,d,e,i++);
       FF2(e,a,b,c,d,i++);
       FF2(d,e,a,b,c,i++);
       FF2(c,d,e,a,b,i++);
       FF2(b,c,d,e,a,i++);
    }

    /* round four */
    for (; i < 80; )  {
       FF3(a,b,c,d,e,i++);
       FF3(e,a,b,c,d,i++);
       FF3(d,e,a,b,c,i++);
       FF3(c,d,e,a,b,i++);
       FF3(b,c,d,e,a,i++);
    }
#endif

    #undef FF0
    #undef FF1
    #undef FF2
    #undef FF3

    /* store */
    md->sha1.state[0] = md->sha1.state[0] + a;
    md->sha1.state[1] = md->sha1.state[1] + b;
    md->sha1.state[2] = md->sha1.state[2] + c;
    md->sha1.state[3] = md->sha1.state[3] + d;
    md->sha1.state[4] = md->sha1.state[4] + e;

    return CRYPT_OK;
}

#ifdef LTC_CLEAN_STACK
static int sha1_compress(hash_state *md, unsigned char *buf)
{
   int err;
   err = _sha1_compress(md, buf);
   burn_stack(sizeof(ulong32) * 87);
   return err;
}
#endif

/**
   Initialize the hash state
   @param md   The hash state you wish to initialize
   @return CRYPT_OK if successful
*/
int sha1_init(hash_state * md)
{
   LTC_ARGCHK(md != NULL);
   md->sha1.state[0] = 0x67452301UL;
   md->sha1.state[1] = 0xefcdab89UL;
   md->sha1.state[2] = 0x98badcfeUL;
   md->sha1.state[3] = 0x10325476UL;
   md->sha1.state[4] = 0xc3d2e1f0UL;
   md->sha1.curlen = 0;
   md->sha1.length = 0;
   return CRYPT_OK;
}

/**
   Process a block of memory though the hash
   @param md     The hash state
   @param in     The data to hash
   @param inlen  The length of the data (octets)
   @return CRYPT_OK if successful
*/
HASH_PROCESS(sha1_process, sha1_compress, sha1, 64)

/**
   Terminate the hash to get the digest
   @param md  The hash state
   @param out [out] The destination of the hash (20 bytes)
   @return CRYPT_OK if successful
*/
int sha1_done(hash_state * md, unsigned char *out)
{
    int i;

    LTC_ARGCHK(md  != NULL);
    LTC_ARGCHK(out != NULL);

    if (md->sha1.curlen >= sizeof(md->sha1.buf)) {
       return CRYPT_INVALID_ARG;
    }

    /* increase the length of the message */
    md->sha1.length += md->sha1.curlen * 8;

    /* append the '1' bit */
    md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80;

    /* if the length is currently above 56 bytes we append zeros
     * then compress.  Then we can fall back to padding zeros and length
     * encoding like normal.
     */
    if (md->sha1.curlen > 56) {
        while (md->sha1.curlen < 64) {
            md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
        }
        sha1_compress(md, md->sha1.buf);
        md->sha1.curlen = 0;
    }

    /* pad upto 56 bytes of zeroes */
    while (md->sha1.curlen < 56) {
        md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
    }

    /* store length */
    STORE64H(md->sha1.length, md->sha1.buf+56);
    sha1_compress(md, md->sha1.buf);

    /* copy output */
    for (i = 0; i < 5; i++) {
        STORE32H(md->sha1.state[i], out+(4*i));
    }
#ifdef LTC_CLEAN_STACK
    zeromem(md, sizeof(hash_state));
#endif
    return CRYPT_OK;
}

/**
  Self-test the hash
  @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
*/
int  sha1_test(void)
{
 #ifndef LTC_TEST
    return CRYPT_NOP;
 #else
  static const struct {
      const char *msg;
      unsigned char hash[20];
  } tests[] = {
    { "abc",
      { 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a,
        0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c,
        0x9c, 0xd0, 0xd8, 0x9d }
    },
    { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
      { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E,
        0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5,
        0xE5, 0x46, 0x70, 0xF1 }
    }
  };

  int i;
  unsigned char tmp[20];
  hash_state md;

  for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0]));  i++) {
      sha1_init(&md);
      sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
      sha1_done(&md, tmp);
      if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA1", i)) {
         return CRYPT_FAIL_TESTVECTOR;
      }
  }
  return CRYPT_OK;
  #endif
}

#endif



/* ref:         $Format:%D$ */
/* git commit:  $Format:%H$ */
/* commit time: $Format:%ai$ */

Coverage Report

Created: 2025-08-27 07:03

Line	Count	Source (jump to first uncovered line)
1		/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2		*
3		* LibTomCrypt is a library that provides various cryptographic
4		* algorithms in a highly modular and flexible manner.
5		*
6		* The library is free for all purposes without any express
7		* guarantee it works.
8		*/
9		#include "tomcrypt.h"
10
11		/**
12		@file sha1.c
13		LTC_SHA1 code by Tom St Denis
14		*/
15
16
17		#ifdef LTC_SHA1
18
19		const struct ltc_hash_descriptor sha1_desc =
20		{
21		"sha1",
22		2,
23		20,
24		64,
25
26		/* OID */
27		{ 1, 3, 14, 3, 2, 26, },
28		6,
29
30		&sha1_init,
31		&sha1_process,
32		&sha1_done,
33		&sha1_test,
34		NULL
35		};
36
37	0	#define F0(x,y,z) (z ^ (x & (y ^ z)))
38	0	#define F1(x,y,z) (x ^ y ^ z)
39	0	#define F2(x,y,z) ((x & y) \| (z & (x \| y)))
40	0	#define F3(x,y,z) (x ^ y ^ z)
41
42		#ifdef LTC_CLEAN_STACK
43		static int _sha1_compress(hash_state md, unsigned char buf)
44		#else
45		static int sha1_compress(hash_state md, unsigned char buf)
46		#endif
47	0	{
48	0	ulong32 a,b,c,d,e,W[80],i;
49	0	#ifdef LTC_SMALL_CODE
50	0	ulong32 t;
51	0	#endif
52
53		/* copy the state into 512-bits into W[0..15] */
54	0	for (i = 0; i < 16; i++) {
55	0	LOAD32H(W[i], buf + (4*i));
56	0	}
57
58		/* copy state */
59	0	a = md->sha1.state[0];
60	0	b = md->sha1.state[1];
61	0	c = md->sha1.state[2];
62	0	d = md->sha1.state[3];
63	0	e = md->sha1.state[4];
64
65		/* expand it */
66	0	for (i = 16; i < 80; i++) {
67	0	W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1);
68	0	}
69
70		/* compress */
71		/* round one */
72	0	#define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30);
73	0	#define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30);
74	0	#define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30);
75	0	#define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30);
76
77	0	#ifdef LTC_SMALL_CODE
78
79	0	for (i = 0; i < 20; ) {
80	0	FF0(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
81	0	}
82
83	0	for (; i < 40; ) {
84	0	FF1(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
85	0	}
86
87	0	for (; i < 60; ) {
88	0	FF2(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
89	0	}
90
91	0	for (; i < 80; ) {
92	0	FF3(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
93	0	}
94
95		#else
96
97		for (i = 0; i < 20; ) {
98		FF0(a,b,c,d,e,i++);
99		FF0(e,a,b,c,d,i++);
100		FF0(d,e,a,b,c,i++);
101		FF0(c,d,e,a,b,i++);
102		FF0(b,c,d,e,a,i++);
103		}
104
105		/* round two */
106		for (; i < 40; ) {
107		FF1(a,b,c,d,e,i++);
108		FF1(e,a,b,c,d,i++);
109		FF1(d,e,a,b,c,i++);
110		FF1(c,d,e,a,b,i++);
111		FF1(b,c,d,e,a,i++);
112		}
113
114		/* round three */
115		for (; i < 60; ) {
116		FF2(a,b,c,d,e,i++);
117		FF2(e,a,b,c,d,i++);
118		FF2(d,e,a,b,c,i++);
119		FF2(c,d,e,a,b,i++);
120		FF2(b,c,d,e,a,i++);
121		}
122
123		/* round four */
124		for (; i < 80; ) {
125		FF3(a,b,c,d,e,i++);
126		FF3(e,a,b,c,d,i++);
127		FF3(d,e,a,b,c,i++);
128		FF3(c,d,e,a,b,i++);
129		FF3(b,c,d,e,a,i++);
130		}
131		#endif
132
133	0	#undef FF0
134	0	#undef FF1
135	0	#undef FF2
136	0	#undef FF3
137
138		/* store */
139	0	md->sha1.state[0] = md->sha1.state[0] + a;
140	0	md->sha1.state[1] = md->sha1.state[1] + b;
141	0	md->sha1.state[2] = md->sha1.state[2] + c;
142	0	md->sha1.state[3] = md->sha1.state[3] + d;
143	0	md->sha1.state[4] = md->sha1.state[4] + e;
144
145	0	return CRYPT_OK;
146	0	}
147
148		#ifdef LTC_CLEAN_STACK
149		static int sha1_compress(hash_state md, unsigned char buf)
150		{
151		int err;
152		err = _sha1_compress(md, buf);
153		burn_stack(sizeof(ulong32) * 87);
154		return err;
155		}
156		#endif
157
158		/**
159		Initialize the hash state
160		@param md The hash state you wish to initialize
161		@return CRYPT_OK if successful
162		*/
163		int sha1_init(hash_state * md)
164	0	{
165	0	LTC_ARGCHK(md != NULL);
166	0	md->sha1.state[0] = 0x67452301UL;
167	0	md->sha1.state[1] = 0xefcdab89UL;
168	0	md->sha1.state[2] = 0x98badcfeUL;
169	0	md->sha1.state[3] = 0x10325476UL;
170	0	md->sha1.state[4] = 0xc3d2e1f0UL;
171	0	md->sha1.curlen = 0;
172	0	md->sha1.length = 0;
173	0	return CRYPT_OK;
174	0	}
175
176		/**
177		Process a block of memory though the hash
178		@param md The hash state
179		@param in The data to hash
180		@param inlen The length of the data (octets)
181		@return CRYPT_OK if successful
182		*/
183		HASH_PROCESS(sha1_process, sha1_compress, sha1, 64)
184
185		/**
186		Terminate the hash to get the digest
187		@param md The hash state
188		@param out [out] The destination of the hash (20 bytes)
189		@return CRYPT_OK if successful
190		*/
191		int sha1_done(hash_state * md, unsigned char *out)
192	0	{
193	0	int i;
194
195	0	LTC_ARGCHK(md != NULL);
196	0	LTC_ARGCHK(out != NULL);
197
198	0	if (md->sha1.curlen >= sizeof(md->sha1.buf)) {
199	0	return CRYPT_INVALID_ARG;
200	0	}
201
202		/* increase the length of the message */
203	0	md->sha1.length += md->sha1.curlen * 8;
204
205		/* append the '1' bit */
206	0	md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80;
207
208		/* if the length is currently above 56 bytes we append zeros
209		* then compress. Then we can fall back to padding zeros and length
210		* encoding like normal.
211		*/
212	0	if (md->sha1.curlen > 56) {
213	0	while (md->sha1.curlen < 64) {
214	0	md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
215	0	}
216	0	sha1_compress(md, md->sha1.buf);
217	0	md->sha1.curlen = 0;
218	0	}
219
220		/* pad upto 56 bytes of zeroes */
221	0	while (md->sha1.curlen < 56) {
222	0	md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
223	0	}
224
225		/* store length */
226	0	STORE64H(md->sha1.length, md->sha1.buf+56);
227	0	sha1_compress(md, md->sha1.buf);
228
229		/* copy output */
230	0	for (i = 0; i < 5; i++) {
231	0	STORE32H(md->sha1.state[i], out+(4*i));
232	0	}
233		#ifdef LTC_CLEAN_STACK
234		zeromem(md, sizeof(hash_state));
235		#endif
236	0	return CRYPT_OK;
237	0	}
238
239		/**
240		Self-test the hash
241		@return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
242		*/
243		int sha1_test(void)
244	0	{
245	0	#ifndef LTC_TEST
246	0	return CRYPT_NOP;
247		#else
248		static const struct {
249		const char *msg;
250		unsigned char hash[20];
251		} tests[] = {
252		{ "abc",
253		{ 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a,
254		0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c,
255		0x9c, 0xd0, 0xd8, 0x9d }
256		},
257		{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
258		{ 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E,
259		0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5,
260		0xE5, 0x46, 0x70, 0xF1 }
261		}
262		};
263
264		int i;
265		unsigned char tmp[20];
266		hash_state md;
267
268		for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
269		sha1_init(&md);
270		sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
271		sha1_done(&md, tmp);
272		if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA1", i)) {
273		return CRYPT_FAIL_TESTVECTOR;
274		}
275		}
276		return CRYPT_OK;
277		#endif
278	0	}
279
280		#endif
281
282
283
284		/* ref: $Format:%D$ */
285		/* git commit: $Format:%H$ */
286		/* commit time: $Format:%ai$ */