/src/libzmq/external/sha1/sha1.c

Source (jump to first uncovered line)
/*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

/*
 * FIPS pub 180-1: Secure Hash Algorithm (SHA-1)
 * based on: http://www.itl.nist.gov/fipspubs/fip180-1.htm
 * implemented by Jun-ichiro itojun Itoh <itojun@itojun.org>
 */

#include "sha1.h"
#include <string.h>


/* constant table */
static uint32_t _K[] = {0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6};

#define K(t)  _K[(t) / 20]

#define F0(b, c, d) (((b) & (c)) | ((~(b)) & (d)))
#define F1(b, c, d) (((b) ^ (c)) ^ (d))
#define F2(b, c, d) (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
#define F3(b, c, d) (((b) ^ (c)) ^ (d))

#define S(n, x)   (((x) << (n)) | ((x) >> (32 - (n))))

#define H(n)  (ctxt->h.b32[(n)])
#define COUNT (ctxt->count)
#define BCOUNT  (ctxt->c.b64[0] / 8)
#define W(n)  (ctxt->m.b32[(n)])

#define PUTBYTE(x) \
do { \
  ctxt->m.b8[(COUNT % 64)] = (x);   \
  COUNT++;        \
  COUNT %= 64;        \
  ctxt->c.b64[0] += 8;      \
  if (COUNT % 64 == 0)      \
    sha1_step(ctxt);    \
} while (0)

#define PUTPAD(x) \
do { \
  ctxt->m.b8[(COUNT % 64)] = (x);    \
  COUNT++;       \
  COUNT %= 64;       \
  if (COUNT % 64 == 0)     \
    sha1_step(ctxt);   \
} while (0)

static void sha1_step(struct sha1_ctxt *);

static void
sha1_step(struct sha1_ctxt * ctxt)
{
  uint32_t    a,
        b,
        c,
        d,
        e;
  size_t    t,
        s;
  uint32_t    tmp;

#ifndef WORDS_BIGENDIAN
  struct sha1_ctxt tctxt;

  memmove(&tctxt.m.b8[0], &ctxt->m.b8[0], 64);
  ctxt->m.b8[0] = tctxt.m.b8[3];
  ctxt->m.b8[1] = tctxt.m.b8[2];
  ctxt->m.b8[2] = tctxt.m.b8[1];
  ctxt->m.b8[3] = tctxt.m.b8[0];
  ctxt->m.b8[4] = tctxt.m.b8[7];
  ctxt->m.b8[5] = tctxt.m.b8[6];
  ctxt->m.b8[6] = tctxt.m.b8[5];
  ctxt->m.b8[7] = tctxt.m.b8[4];
  ctxt->m.b8[8] = tctxt.m.b8[11];
  ctxt->m.b8[9] = tctxt.m.b8[10];
  ctxt->m.b8[10] = tctxt.m.b8[9];
  ctxt->m.b8[11] = tctxt.m.b8[8];
  ctxt->m.b8[12] = tctxt.m.b8[15];
  ctxt->m.b8[13] = tctxt.m.b8[14];
  ctxt->m.b8[14] = tctxt.m.b8[13];
  ctxt->m.b8[15] = tctxt.m.b8[12];
  ctxt->m.b8[16] = tctxt.m.b8[19];
  ctxt->m.b8[17] = tctxt.m.b8[18];
  ctxt->m.b8[18] = tctxt.m.b8[17];
  ctxt->m.b8[19] = tctxt.m.b8[16];
  ctxt->m.b8[20] = tctxt.m.b8[23];
  ctxt->m.b8[21] = tctxt.m.b8[22];
  ctxt->m.b8[22] = tctxt.m.b8[21];
  ctxt->m.b8[23] = tctxt.m.b8[20];
  ctxt->m.b8[24] = tctxt.m.b8[27];
  ctxt->m.b8[25] = tctxt.m.b8[26];
  ctxt->m.b8[26] = tctxt.m.b8[25];
  ctxt->m.b8[27] = tctxt.m.b8[24];
  ctxt->m.b8[28] = tctxt.m.b8[31];
  ctxt->m.b8[29] = tctxt.m.b8[30];
  ctxt->m.b8[30] = tctxt.m.b8[29];
  ctxt->m.b8[31] = tctxt.m.b8[28];
  ctxt->m.b8[32] = tctxt.m.b8[35];
  ctxt->m.b8[33] = tctxt.m.b8[34];
  ctxt->m.b8[34] = tctxt.m.b8[33];
  ctxt->m.b8[35] = tctxt.m.b8[32];
  ctxt->m.b8[36] = tctxt.m.b8[39];
  ctxt->m.b8[37] = tctxt.m.b8[38];
  ctxt->m.b8[38] = tctxt.m.b8[37];
  ctxt->m.b8[39] = tctxt.m.b8[36];
  ctxt->m.b8[40] = tctxt.m.b8[43];
  ctxt->m.b8[41] = tctxt.m.b8[42];
  ctxt->m.b8[42] = tctxt.m.b8[41];
  ctxt->m.b8[43] = tctxt.m.b8[40];
  ctxt->m.b8[44] = tctxt.m.b8[47];
  ctxt->m.b8[45] = tctxt.m.b8[46];
  ctxt->m.b8[46] = tctxt.m.b8[45];
  ctxt->m.b8[47] = tctxt.m.b8[44];
  ctxt->m.b8[48] = tctxt.m.b8[51];
  ctxt->m.b8[49] = tctxt.m.b8[50];
  ctxt->m.b8[50] = tctxt.m.b8[49];
  ctxt->m.b8[51] = tctxt.m.b8[48];
  ctxt->m.b8[52] = tctxt.m.b8[55];
  ctxt->m.b8[53] = tctxt.m.b8[54];
  ctxt->m.b8[54] = tctxt.m.b8[53];
  ctxt->m.b8[55] = tctxt.m.b8[52];
  ctxt->m.b8[56] = tctxt.m.b8[59];
  ctxt->m.b8[57] = tctxt.m.b8[58];
  ctxt->m.b8[58] = tctxt.m.b8[57];
  ctxt->m.b8[59] = tctxt.m.b8[56];
  ctxt->m.b8[60] = tctxt.m.b8[63];
  ctxt->m.b8[61] = tctxt.m.b8[62];
  ctxt->m.b8[62] = tctxt.m.b8[61];
  ctxt->m.b8[63] = tctxt.m.b8[60];
#endif

  a = H(0);
  b = H(1);
  c = H(2);
  d = H(3);
  e = H(4);

  for (t = 0; t < 20; t++)
  {
    s = t & 0x0f;
    if (t >= 16)
      W(s) = S(1, W((s + 13) & 0x0f) ^ W((s + 8) & 0x0f) ^ W((s + 2) & 0x0f) ^ W(s));
    tmp = S(5, a) + F0(b, c, d) + e + W(s) + K(t);
    e = d;
    d = c;
    c = S(30, b);
    b = a;
    a = tmp;
  }
  for (t = 20; t < 40; t++)
  {
    s = t & 0x0f;
    W(s) = S(1, W((s + 13) & 0x0f) ^ W((s + 8) & 0x0f) ^ W((s + 2) & 0x0f) ^ W(s));
    tmp = S(5, a) + F1(b, c, d) + e + W(s) + K(t);
    e = d;
    d = c;
    c = S(30, b);
    b = a;
    a = tmp;
  }
  for (t = 40; t < 60; t++)
  {
    s = t & 0x0f;
    W(s) = S(1, W((s + 13) & 0x0f) ^ W((s + 8) & 0x0f) ^ W((s + 2) & 0x0f) ^ W(s));
    tmp = S(5, a) + F2(b, c, d) + e + W(s) + K(t);
    e = d;
    d = c;
    c = S(30, b);
    b = a;
    a = tmp;
  }
  for (t = 60; t < 80; t++)
  {
    s = t & 0x0f;
    W(s) = S(1, W((s + 13) & 0x0f) ^ W((s + 8) & 0x0f) ^ W((s + 2) & 0x0f) ^ W(s));
    tmp = S(5, a) + F3(b, c, d) + e + W(s) + K(t);
    e = d;
    d = c;
    c = S(30, b);
    b = a;
    a = tmp;
  }

  H(0) = H(0) + a;
  H(1) = H(1) + b;
  H(2) = H(2) + c;
  H(3) = H(3) + d;
  H(4) = H(4) + e;

  memset(&ctxt->m.b8[0], 0, 64);
}

/*------------------------------------------------------------*/

void
sha1_init(struct sha1_ctxt * ctxt)
{
  memset(ctxt, 0, sizeof(struct sha1_ctxt));
  H(0) = 0x67452301;
  H(1) = 0xefcdab89;
  H(2) = 0x98badcfe;
  H(3) = 0x10325476;
  H(4) = 0xc3d2e1f0;
}

void
sha1_pad(struct sha1_ctxt * ctxt)
{
  size_t    padlen;     /* pad length in bytes */
  size_t    padstart;

  PUTPAD(0x80);

  padstart = COUNT % 64;
  padlen = 64 - padstart;
  if (padlen < 8)
  {
    memset(&ctxt->m.b8[padstart], 0, padlen);
    COUNT += (uint8_t) padlen;
    COUNT %= 64;
    sha1_step(ctxt);
    padstart = COUNT % 64;  /* should be 0 */
    padlen = 64 - padstart; /* should be 64 */
  }
  memset(&ctxt->m.b8[padstart], 0, padlen - 8);
    COUNT += ((uint8_t) padlen - 8);
  COUNT %= 64;
#ifdef WORDS_BIGENDIAN
  PUTPAD(ctxt->c.b8[0]);
  PUTPAD(ctxt->c.b8[1]);
  PUTPAD(ctxt->c.b8[2]);
  PUTPAD(ctxt->c.b8[3]);
  PUTPAD(ctxt->c.b8[4]);
  PUTPAD(ctxt->c.b8[5]);
  PUTPAD(ctxt->c.b8[6]);
  PUTPAD(ctxt->c.b8[7]);
#else
  PUTPAD(ctxt->c.b8[7]);
  PUTPAD(ctxt->c.b8[6]);
  PUTPAD(ctxt->c.b8[5]);
  PUTPAD(ctxt->c.b8[4]);
  PUTPAD(ctxt->c.b8[3]);
  PUTPAD(ctxt->c.b8[2]);
  PUTPAD(ctxt->c.b8[1]);
  PUTPAD(ctxt->c.b8[0]);
#endif
}

void
sha1_loop(struct sha1_ctxt * ctxt, const uint8_t *input0, size_t len)
{
  const uint8_t *input;
  size_t    gaplen;
  size_t    gapstart;
  size_t    off;
  size_t    copysiz;

  input = (const uint8_t *) input0;
  off = 0;

  while (off < len)
  {
    gapstart = COUNT % 64;
    gaplen = 64 - gapstart;

    copysiz = (gaplen < len - off) ? gaplen : len - off;
    memmove(&ctxt->m.b8[gapstart], &input[off], copysiz);
    COUNT += (uint8_t) copysiz;
    COUNT %= 64;
    ctxt->c.b64[0] += copysiz * 8;
    if (COUNT % 64 == 0)
      sha1_step(ctxt);
    off += copysiz;
  }
}

void
sha1_result(struct sha1_ctxt * ctxt, uint8_t *digest0)
{
  uint8_t    *digest;

  digest = (uint8_t *) digest0;
  sha1_pad(ctxt);
#ifdef WORDS_BIGENDIAN
  memmove(digest, &ctxt->h.b8[0], 20);
#else
  digest[0] = ctxt->h.b8[3];
  digest[1] = ctxt->h.b8[2];
  digest[2] = ctxt->h.b8[1];
  digest[3] = ctxt->h.b8[0];
  digest[4] = ctxt->h.b8[7];
  digest[5] = ctxt->h.b8[6];
  digest[6] = ctxt->h.b8[5];
  digest[7] = ctxt->h.b8[4];
  digest[8] = ctxt->h.b8[11];
  digest[9] = ctxt->h.b8[10];
  digest[10] = ctxt->h.b8[9];
  digest[11] = ctxt->h.b8[8];
  digest[12] = ctxt->h.b8[15];
  digest[13] = ctxt->h.b8[14];
  digest[14] = ctxt->h.b8[13];
  digest[15] = ctxt->h.b8[12];
  digest[16] = ctxt->h.b8[19];
  digest[17] = ctxt->h.b8[18];
  digest[18] = ctxt->h.b8[17];
  digest[19] = ctxt->h.b8[16];
#endif
}

Coverage Report

Created: 2025-07-18 07:01

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
3		* All rights reserved.
4		*
5		* Redistribution and use in source and binary forms, with or without
6		* modification, are permitted provided that the following conditions
7		* are met:
8		* 1. Redistributions of source code must retain the above copyright
9		* notice, this list of conditions and the following disclaimer.
10		* 2. Redistributions in binary form must reproduce the above copyright
11		* notice, this list of conditions and the following disclaimer in the
12		* documentation and/or other materials provided with the distribution.
13		* 3. Neither the name of the project nor the names of its contributors
14		* may be used to endorse or promote products derived from this software
15		* without specific prior written permission.
16		*
17		* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18		* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20		* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21		* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22		* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23		* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24		* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25		* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26		* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27		* SUCH DAMAGE.
28		*/
29
30		/*
31		* FIPS pub 180-1: Secure Hash Algorithm (SHA-1)
32		* based on: http://www.itl.nist.gov/fipspubs/fip180-1.htm
33		* implemented by Jun-ichiro itojun Itoh <itojun@itojun.org>
34		*/
35
36		#include "sha1.h"
37		#include <string.h>
38
39
40		/* constant table */
41		static uint32_t _K[] = {0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6};
42
43	0	#define K(t) _K[(t) / 20]
44
45	0	#define F0(b, c, d) (((b) & (c)) \| ((~(b)) & (d)))
46	0	#define F1(b, c, d) (((b) ^ (c)) ^ (d))
47	0	#define F2(b, c, d) (((b) & (c)) \| ((b) & (d)) \| ((c) & (d)))
48	0	#define F3(b, c, d) (((b) ^ (c)) ^ (d))
49
50	0	#define S(n, x) (((x) << (n)) \| ((x) >> (32 - (n))))
51
52	0	#define H(n) (ctxt->h.b32[(n)])
53	0	#define COUNT (ctxt->count)
54		#define BCOUNT (ctxt->c.b64[0] / 8)
55	0	#define W(n) (ctxt->m.b32[(n)])
56
57		#define PUTBYTE(x) \
58		do { \
59		ctxt->m.b8[(COUNT % 64)] = (x); \
60		COUNT++; \
61		COUNT %= 64; \
62		ctxt->c.b64[0] += 8; \
63		if (COUNT % 64 == 0) \
64		sha1_step(ctxt); \
65		} while (0)
66
67	0	#define PUTPAD(x) \
68	0	do { \
69	0	ctxt->m.b8[(COUNT % 64)] = (x); \
70	0	COUNT++; \
71	0	COUNT %= 64; \
72	0	if (COUNT % 64 == 0) \
73	0	sha1_step(ctxt); \
74	0	} while (0)
75
76		static void sha1_step(struct sha1_ctxt *);
77
78		static void
79		sha1_step(struct sha1_ctxt * ctxt)
80	0	{
81	0	uint32_t a,
82	0	b,
83	0	c,
84	0	d,
85	0	e;
86	0	size_t t,
87	0	s;
88	0	uint32_t tmp;
89
90	0	#ifndef WORDS_BIGENDIAN
91	0	struct sha1_ctxt tctxt;
92
93	0	memmove(&tctxt.m.b8[0], &ctxt->m.b8[0], 64);
94	0	ctxt->m.b8[0] = tctxt.m.b8[3];
95	0	ctxt->m.b8[1] = tctxt.m.b8[2];
96	0	ctxt->m.b8[2] = tctxt.m.b8[1];
97	0	ctxt->m.b8[3] = tctxt.m.b8[0];
98	0	ctxt->m.b8[4] = tctxt.m.b8[7];
99	0	ctxt->m.b8[5] = tctxt.m.b8[6];
100	0	ctxt->m.b8[6] = tctxt.m.b8[5];
101	0	ctxt->m.b8[7] = tctxt.m.b8[4];
102	0	ctxt->m.b8[8] = tctxt.m.b8[11];
103	0	ctxt->m.b8[9] = tctxt.m.b8[10];
104	0	ctxt->m.b8[10] = tctxt.m.b8[9];
105	0	ctxt->m.b8[11] = tctxt.m.b8[8];
106	0	ctxt->m.b8[12] = tctxt.m.b8[15];
107	0	ctxt->m.b8[13] = tctxt.m.b8[14];
108	0	ctxt->m.b8[14] = tctxt.m.b8[13];
109	0	ctxt->m.b8[15] = tctxt.m.b8[12];
110	0	ctxt->m.b8[16] = tctxt.m.b8[19];
111	0	ctxt->m.b8[17] = tctxt.m.b8[18];
112	0	ctxt->m.b8[18] = tctxt.m.b8[17];
113	0	ctxt->m.b8[19] = tctxt.m.b8[16];
114	0	ctxt->m.b8[20] = tctxt.m.b8[23];
115	0	ctxt->m.b8[21] = tctxt.m.b8[22];
116	0	ctxt->m.b8[22] = tctxt.m.b8[21];
117	0	ctxt->m.b8[23] = tctxt.m.b8[20];
118	0	ctxt->m.b8[24] = tctxt.m.b8[27];
119	0	ctxt->m.b8[25] = tctxt.m.b8[26];
120	0	ctxt->m.b8[26] = tctxt.m.b8[25];
121	0	ctxt->m.b8[27] = tctxt.m.b8[24];
122	0	ctxt->m.b8[28] = tctxt.m.b8[31];
123	0	ctxt->m.b8[29] = tctxt.m.b8[30];
124	0	ctxt->m.b8[30] = tctxt.m.b8[29];
125	0	ctxt->m.b8[31] = tctxt.m.b8[28];
126	0	ctxt->m.b8[32] = tctxt.m.b8[35];
127	0	ctxt->m.b8[33] = tctxt.m.b8[34];
128	0	ctxt->m.b8[34] = tctxt.m.b8[33];
129	0	ctxt->m.b8[35] = tctxt.m.b8[32];
130	0	ctxt->m.b8[36] = tctxt.m.b8[39];
131	0	ctxt->m.b8[37] = tctxt.m.b8[38];
132	0	ctxt->m.b8[38] = tctxt.m.b8[37];
133	0	ctxt->m.b8[39] = tctxt.m.b8[36];
134	0	ctxt->m.b8[40] = tctxt.m.b8[43];
135	0	ctxt->m.b8[41] = tctxt.m.b8[42];
136	0	ctxt->m.b8[42] = tctxt.m.b8[41];
137	0	ctxt->m.b8[43] = tctxt.m.b8[40];
138	0	ctxt->m.b8[44] = tctxt.m.b8[47];
139	0	ctxt->m.b8[45] = tctxt.m.b8[46];
140	0	ctxt->m.b8[46] = tctxt.m.b8[45];
141	0	ctxt->m.b8[47] = tctxt.m.b8[44];
142	0	ctxt->m.b8[48] = tctxt.m.b8[51];
143	0	ctxt->m.b8[49] = tctxt.m.b8[50];
144	0	ctxt->m.b8[50] = tctxt.m.b8[49];
145	0	ctxt->m.b8[51] = tctxt.m.b8[48];
146	0	ctxt->m.b8[52] = tctxt.m.b8[55];
147	0	ctxt->m.b8[53] = tctxt.m.b8[54];
148	0	ctxt->m.b8[54] = tctxt.m.b8[53];
149	0	ctxt->m.b8[55] = tctxt.m.b8[52];
150	0	ctxt->m.b8[56] = tctxt.m.b8[59];
151	0	ctxt->m.b8[57] = tctxt.m.b8[58];
152	0	ctxt->m.b8[58] = tctxt.m.b8[57];
153	0	ctxt->m.b8[59] = tctxt.m.b8[56];
154	0	ctxt->m.b8[60] = tctxt.m.b8[63];
155	0	ctxt->m.b8[61] = tctxt.m.b8[62];
156	0	ctxt->m.b8[62] = tctxt.m.b8[61];
157	0	ctxt->m.b8[63] = tctxt.m.b8[60];
158	0	#endif
159
160	0	a = H(0);
161	0	b = H(1);
162	0	c = H(2);
163	0	d = H(3);
164	0	e = H(4);
165
166	0	for (t = 0; t < 20; t++)
167	0	{
168	0	s = t & 0x0f;
169	0	if (t >= 16)
170	0	W(s) = S(1, W((s + 13) & 0x0f) ^ W((s + 8) & 0x0f) ^ W((s + 2) & 0x0f) ^ W(s));
171	0	tmp = S(5, a) + F0(b, c, d) + e + W(s) + K(t);
172	0	e = d;
173	0	d = c;
174	0	c = S(30, b);
175	0	b = a;
176	0	a = tmp;
177	0	}
178	0	for (t = 20; t < 40; t++)
179	0	{
180	0	s = t & 0x0f;
181	0	W(s) = S(1, W((s + 13) & 0x0f) ^ W((s + 8) & 0x0f) ^ W((s + 2) & 0x0f) ^ W(s));
182	0	tmp = S(5, a) + F1(b, c, d) + e + W(s) + K(t);
183	0	e = d;
184	0	d = c;
185	0	c = S(30, b);
186	0	b = a;
187	0	a = tmp;
188	0	}
189	0	for (t = 40; t < 60; t++)
190	0	{
191	0	s = t & 0x0f;
192	0	W(s) = S(1, W((s + 13) & 0x0f) ^ W((s + 8) & 0x0f) ^ W((s + 2) & 0x0f) ^ W(s));
193	0	tmp = S(5, a) + F2(b, c, d) + e + W(s) + K(t);
194	0	e = d;
195	0	d = c;
196	0	c = S(30, b);
197	0	b = a;
198	0	a = tmp;
199	0	}
200	0	for (t = 60; t < 80; t++)
201	0	{
202	0	s = t & 0x0f;
203	0	W(s) = S(1, W((s + 13) & 0x0f) ^ W((s + 8) & 0x0f) ^ W((s + 2) & 0x0f) ^ W(s));
204	0	tmp = S(5, a) + F3(b, c, d) + e + W(s) + K(t);
205	0	e = d;
206	0	d = c;
207	0	c = S(30, b);
208	0	b = a;
209	0	a = tmp;
210	0	}
211
212	0	H(0) = H(0) + a;
213	0	H(1) = H(1) + b;
214	0	H(2) = H(2) + c;
215	0	H(3) = H(3) + d;
216	0	H(4) = H(4) + e;
217
218	0	memset(&ctxt->m.b8[0], 0, 64);
219	0	}
220
221		/------------------------------------------------------------/
222
223		void
224		sha1_init(struct sha1_ctxt * ctxt)
225	0	{
226	0	memset(ctxt, 0, sizeof(struct sha1_ctxt));
227	0	H(0) = 0x67452301;
228	0	H(1) = 0xefcdab89;
229	0	H(2) = 0x98badcfe;
230	0	H(3) = 0x10325476;
231	0	H(4) = 0xc3d2e1f0;
232	0	}
233
234		void
235		sha1_pad(struct sha1_ctxt * ctxt)
236	0	{
237	0	size_t padlen; /* pad length in bytes */
238	0	size_t padstart;
239
240	0	PUTPAD(0x80);
241
242	0	padstart = COUNT % 64;
243	0	padlen = 64 - padstart;
244	0	if (padlen < 8)
245	0	{
246	0	memset(&ctxt->m.b8[padstart], 0, padlen);
247	0	COUNT += (uint8_t) padlen;
248	0	COUNT %= 64;
249	0	sha1_step(ctxt);
250	0	padstart = COUNT % 64; /* should be 0 */
251	0	padlen = 64 - padstart; /* should be 64 */
252	0	}
253	0	memset(&ctxt->m.b8[padstart], 0, padlen - 8);
254	0	COUNT += ((uint8_t) padlen - 8);
255	0	COUNT %= 64;
256		#ifdef WORDS_BIGENDIAN
257		PUTPAD(ctxt->c.b8[0]);
258		PUTPAD(ctxt->c.b8[1]);
259		PUTPAD(ctxt->c.b8[2]);
260		PUTPAD(ctxt->c.b8[3]);
261		PUTPAD(ctxt->c.b8[4]);
262		PUTPAD(ctxt->c.b8[5]);
263		PUTPAD(ctxt->c.b8[6]);
264		PUTPAD(ctxt->c.b8[7]);
265		#else
266	0	PUTPAD(ctxt->c.b8[7]);
267	0	PUTPAD(ctxt->c.b8[6]);
268	0	PUTPAD(ctxt->c.b8[5]);
269	0	PUTPAD(ctxt->c.b8[4]);
270	0	PUTPAD(ctxt->c.b8[3]);
271	0	PUTPAD(ctxt->c.b8[2]);
272	0	PUTPAD(ctxt->c.b8[1]);
273	0	PUTPAD(ctxt->c.b8[0]);
274	0	#endif
275	0	}
276
277		void
278		sha1_loop(struct sha1_ctxt * ctxt, const uint8_t *input0, size_t len)
279	0	{
280	0	const uint8_t *input;
281	0	size_t gaplen;
282	0	size_t gapstart;
283	0	size_t off;
284	0	size_t copysiz;
285
286	0	input = (const uint8_t *) input0;
287	0	off = 0;
288
289	0	while (off < len)
290	0	{
291	0	gapstart = COUNT % 64;
292	0	gaplen = 64 - gapstart;
293
294	0	copysiz = (gaplen < len - off) ? gaplen : len - off;
295	0	memmove(&ctxt->m.b8[gapstart], &input[off], copysiz);
296	0	COUNT += (uint8_t) copysiz;
297	0	COUNT %= 64;
298	0	ctxt->c.b64[0] += copysiz * 8;
299	0	if (COUNT % 64 == 0)
300	0	sha1_step(ctxt);
301	0	off += copysiz;
302	0	}
303	0	}
304
305		void
306		sha1_result(struct sha1_ctxt * ctxt, uint8_t *digest0)
307	0	{
308	0	uint8_t *digest;
309
310	0	digest = (uint8_t *) digest0;
311	0	sha1_pad(ctxt);
312		#ifdef WORDS_BIGENDIAN
313		memmove(digest, &ctxt->h.b8[0], 20);
314		#else
315	0	digest[0] = ctxt->h.b8[3];
316	0	digest[1] = ctxt->h.b8[2];
317	0	digest[2] = ctxt->h.b8[1];
318	0	digest[3] = ctxt->h.b8[0];
319	0	digest[4] = ctxt->h.b8[7];
320	0	digest[5] = ctxt->h.b8[6];
321	0	digest[6] = ctxt->h.b8[5];
322	0	digest[7] = ctxt->h.b8[4];
323	0	digest[8] = ctxt->h.b8[11];
324	0	digest[9] = ctxt->h.b8[10];
325	0	digest[10] = ctxt->h.b8[9];
326	0	digest[11] = ctxt->h.b8[8];
327	0	digest[12] = ctxt->h.b8[15];
328	0	digest[13] = ctxt->h.b8[14];
329	0	digest[14] = ctxt->h.b8[13];
330	0	digest[15] = ctxt->h.b8[12];
331	0	digest[16] = ctxt->h.b8[19];
332	0	digest[17] = ctxt->h.b8[18];
333	0	digest[18] = ctxt->h.b8[17];
334	0	digest[19] = ctxt->h.b8[16];
335	0	#endif
336	0	}