Line data Source code
1 : // Copyright (c) 2014 The Bitcoin developers
2 : // Distributed under the MIT software license, see the accompanying
3 : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 :
5 : #include "crypto/sha1.h"
6 :
7 : #include "crypto/common.h"
8 :
9 : #include <string.h>
10 :
11 : // Internal implementation code.
12 : namespace
13 : {
14 : /// Internal SHA-1 implementation.
15 : namespace sha1
16 : {
17 : /** One round of SHA-1. */
18 1036650 : void inline Round(uint32_t a, uint32_t& b, uint32_t c, uint32_t d, uint32_t& e, uint32_t f, uint32_t k, uint32_t w)
19 : {
20 1036650 : e += ((a << 5) | (a >> 27)) + f + k + w;
21 1036650 : b = (b << 30) | (b >> 2);
22 : }
23 :
24 1036650 : uint32_t inline f1(uint32_t b, uint32_t c, uint32_t d) { return d ^ (b & (c ^ d)); }
25 1036650 : uint32_t inline f2(uint32_t b, uint32_t c, uint32_t d) { return b ^ c ^ d; }
26 1036650 : uint32_t inline f3(uint32_t b, uint32_t c, uint32_t d) { return (b & c) | (d & (b | c)); }
27 :
28 1036650 : uint32_t inline left(uint32_t x) { return (x << 1) | (x >> 31); }
29 :
30 : /** Initialize SHA-1 state. */
31 54 : void inline Initialize(uint32_t* s)
32 : {
33 54 : s[0] = 0x67452301ul;
34 54 : s[1] = 0xEFCDAB89ul;
35 54 : s[2] = 0x98BADCFEul;
36 54 : s[3] = 0x10325476ul;
37 54 : s[4] = 0xC3D2E1F0ul;
38 : }
39 :
40 : const uint32_t k1 = 0x5A827999ul;
41 : const uint32_t k2 = 0x6ED9EBA1ul;
42 : const uint32_t k3 = 0x8F1BBCDCul;
43 : const uint32_t k4 = 0xCA62C1D6ul;
44 :
45 : /** Perform a SHA-1 transformation, processing a 64-byte chunk. */
46 1036650 : void Transform(uint32_t* s, const unsigned char* chunk)
47 : {
48 1036650 : uint32_t a = s[0], b = s[1], c = s[2], d = s[3], e = s[4];
49 1036650 : uint32_t w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15;
50 :
51 1036650 : Round(a, b, c, d, e, f1(b, c, d), k1, w0 = ReadBE32(chunk + 0));
52 1036650 : Round(e, a, b, c, d, f1(a, b, c), k1, w1 = ReadBE32(chunk + 4));
53 1036650 : Round(d, e, a, b, c, f1(e, a, b), k1, w2 = ReadBE32(chunk + 8));
54 1036650 : Round(c, d, e, a, b, f1(d, e, a), k1, w3 = ReadBE32(chunk + 12));
55 1036650 : Round(b, c, d, e, a, f1(c, d, e), k1, w4 = ReadBE32(chunk + 16));
56 1036650 : Round(a, b, c, d, e, f1(b, c, d), k1, w5 = ReadBE32(chunk + 20));
57 1036650 : Round(e, a, b, c, d, f1(a, b, c), k1, w6 = ReadBE32(chunk + 24));
58 1036650 : Round(d, e, a, b, c, f1(e, a, b), k1, w7 = ReadBE32(chunk + 28));
59 1036650 : Round(c, d, e, a, b, f1(d, e, a), k1, w8 = ReadBE32(chunk + 32));
60 1036650 : Round(b, c, d, e, a, f1(c, d, e), k1, w9 = ReadBE32(chunk + 36));
61 1036650 : Round(a, b, c, d, e, f1(b, c, d), k1, w10 = ReadBE32(chunk + 40));
62 1036650 : Round(e, a, b, c, d, f1(a, b, c), k1, w11 = ReadBE32(chunk + 44));
63 1036650 : Round(d, e, a, b, c, f1(e, a, b), k1, w12 = ReadBE32(chunk + 48));
64 1036650 : Round(c, d, e, a, b, f1(d, e, a), k1, w13 = ReadBE32(chunk + 52));
65 1036650 : Round(b, c, d, e, a, f1(c, d, e), k1, w14 = ReadBE32(chunk + 56));
66 1036650 : Round(a, b, c, d, e, f1(b, c, d), k1, w15 = ReadBE32(chunk + 60));
67 :
68 1036650 : Round(e, a, b, c, d, f1(a, b, c), k1, w0 = left(w0 ^ w13 ^ w8 ^ w2));
69 1036650 : Round(d, e, a, b, c, f1(e, a, b), k1, w1 = left(w1 ^ w14 ^ w9 ^ w3));
70 1036650 : Round(c, d, e, a, b, f1(d, e, a), k1, w2 = left(w2 ^ w15 ^ w10 ^ w4));
71 1036650 : Round(b, c, d, e, a, f1(c, d, e), k1, w3 = left(w3 ^ w0 ^ w11 ^ w5));
72 1036650 : Round(a, b, c, d, e, f2(b, c, d), k2, w4 = left(w4 ^ w1 ^ w12 ^ w6));
73 1036650 : Round(e, a, b, c, d, f2(a, b, c), k2, w5 = left(w5 ^ w2 ^ w13 ^ w7));
74 1036650 : Round(d, e, a, b, c, f2(e, a, b), k2, w6 = left(w6 ^ w3 ^ w14 ^ w8));
75 1036650 : Round(c, d, e, a, b, f2(d, e, a), k2, w7 = left(w7 ^ w4 ^ w15 ^ w9));
76 1036650 : Round(b, c, d, e, a, f2(c, d, e), k2, w8 = left(w8 ^ w5 ^ w0 ^ w10));
77 1036650 : Round(a, b, c, d, e, f2(b, c, d), k2, w9 = left(w9 ^ w6 ^ w1 ^ w11));
78 1036650 : Round(e, a, b, c, d, f2(a, b, c), k2, w10 = left(w10 ^ w7 ^ w2 ^ w12));
79 1036650 : Round(d, e, a, b, c, f2(e, a, b), k2, w11 = left(w11 ^ w8 ^ w3 ^ w13));
80 1036650 : Round(c, d, e, a, b, f2(d, e, a), k2, w12 = left(w12 ^ w9 ^ w4 ^ w14));
81 1036650 : Round(b, c, d, e, a, f2(c, d, e), k2, w13 = left(w13 ^ w10 ^ w5 ^ w15));
82 1036650 : Round(a, b, c, d, e, f2(b, c, d), k2, w14 = left(w14 ^ w11 ^ w6 ^ w0));
83 1036650 : Round(e, a, b, c, d, f2(a, b, c), k2, w15 = left(w15 ^ w12 ^ w7 ^ w1));
84 :
85 1036650 : Round(d, e, a, b, c, f2(e, a, b), k2, w0 = left(w0 ^ w13 ^ w8 ^ w2));
86 1036650 : Round(c, d, e, a, b, f2(d, e, a), k2, w1 = left(w1 ^ w14 ^ w9 ^ w3));
87 1036650 : Round(b, c, d, e, a, f2(c, d, e), k2, w2 = left(w2 ^ w15 ^ w10 ^ w4));
88 1036650 : Round(a, b, c, d, e, f2(b, c, d), k2, w3 = left(w3 ^ w0 ^ w11 ^ w5));
89 1036650 : Round(e, a, b, c, d, f2(a, b, c), k2, w4 = left(w4 ^ w1 ^ w12 ^ w6));
90 1036650 : Round(d, e, a, b, c, f2(e, a, b), k2, w5 = left(w5 ^ w2 ^ w13 ^ w7));
91 1036650 : Round(c, d, e, a, b, f2(d, e, a), k2, w6 = left(w6 ^ w3 ^ w14 ^ w8));
92 1036650 : Round(b, c, d, e, a, f2(c, d, e), k2, w7 = left(w7 ^ w4 ^ w15 ^ w9));
93 1036650 : Round(a, b, c, d, e, f3(b, c, d), k3, w8 = left(w8 ^ w5 ^ w0 ^ w10));
94 1036650 : Round(e, a, b, c, d, f3(a, b, c), k3, w9 = left(w9 ^ w6 ^ w1 ^ w11));
95 1036650 : Round(d, e, a, b, c, f3(e, a, b), k3, w10 = left(w10 ^ w7 ^ w2 ^ w12));
96 1036650 : Round(c, d, e, a, b, f3(d, e, a), k3, w11 = left(w11 ^ w8 ^ w3 ^ w13));
97 1036650 : Round(b, c, d, e, a, f3(c, d, e), k3, w12 = left(w12 ^ w9 ^ w4 ^ w14));
98 1036650 : Round(a, b, c, d, e, f3(b, c, d), k3, w13 = left(w13 ^ w10 ^ w5 ^ w15));
99 1036650 : Round(e, a, b, c, d, f3(a, b, c), k3, w14 = left(w14 ^ w11 ^ w6 ^ w0));
100 1036650 : Round(d, e, a, b, c, f3(e, a, b), k3, w15 = left(w15 ^ w12 ^ w7 ^ w1));
101 :
102 1036650 : Round(c, d, e, a, b, f3(d, e, a), k3, w0 = left(w0 ^ w13 ^ w8 ^ w2));
103 1036650 : Round(b, c, d, e, a, f3(c, d, e), k3, w1 = left(w1 ^ w14 ^ w9 ^ w3));
104 1036650 : Round(a, b, c, d, e, f3(b, c, d), k3, w2 = left(w2 ^ w15 ^ w10 ^ w4));
105 1036650 : Round(e, a, b, c, d, f3(a, b, c), k3, w3 = left(w3 ^ w0 ^ w11 ^ w5));
106 1036650 : Round(d, e, a, b, c, f3(e, a, b), k3, w4 = left(w4 ^ w1 ^ w12 ^ w6));
107 1036650 : Round(c, d, e, a, b, f3(d, e, a), k3, w5 = left(w5 ^ w2 ^ w13 ^ w7));
108 1036650 : Round(b, c, d, e, a, f3(c, d, e), k3, w6 = left(w6 ^ w3 ^ w14 ^ w8));
109 1036650 : Round(a, b, c, d, e, f3(b, c, d), k3, w7 = left(w7 ^ w4 ^ w15 ^ w9));
110 1036650 : Round(e, a, b, c, d, f3(a, b, c), k3, w8 = left(w8 ^ w5 ^ w0 ^ w10));
111 1036650 : Round(d, e, a, b, c, f3(e, a, b), k3, w9 = left(w9 ^ w6 ^ w1 ^ w11));
112 1036650 : Round(c, d, e, a, b, f3(d, e, a), k3, w10 = left(w10 ^ w7 ^ w2 ^ w12));
113 1036650 : Round(b, c, d, e, a, f3(c, d, e), k3, w11 = left(w11 ^ w8 ^ w3 ^ w13));
114 1036650 : Round(a, b, c, d, e, f2(b, c, d), k4, w12 = left(w12 ^ w9 ^ w4 ^ w14));
115 1036650 : Round(e, a, b, c, d, f2(a, b, c), k4, w13 = left(w13 ^ w10 ^ w5 ^ w15));
116 1036650 : Round(d, e, a, b, c, f2(e, a, b), k4, w14 = left(w14 ^ w11 ^ w6 ^ w0));
117 1036650 : Round(c, d, e, a, b, f2(d, e, a), k4, w15 = left(w15 ^ w12 ^ w7 ^ w1));
118 :
119 1036650 : Round(b, c, d, e, a, f2(c, d, e), k4, w0 = left(w0 ^ w13 ^ w8 ^ w2));
120 1036650 : Round(a, b, c, d, e, f2(b, c, d), k4, w1 = left(w1 ^ w14 ^ w9 ^ w3));
121 1036650 : Round(e, a, b, c, d, f2(a, b, c), k4, w2 = left(w2 ^ w15 ^ w10 ^ w4));
122 1036650 : Round(d, e, a, b, c, f2(e, a, b), k4, w3 = left(w3 ^ w0 ^ w11 ^ w5));
123 1036650 : Round(c, d, e, a, b, f2(d, e, a), k4, w4 = left(w4 ^ w1 ^ w12 ^ w6));
124 1036650 : Round(b, c, d, e, a, f2(c, d, e), k4, w5 = left(w5 ^ w2 ^ w13 ^ w7));
125 1036650 : Round(a, b, c, d, e, f2(b, c, d), k4, w6 = left(w6 ^ w3 ^ w14 ^ w8));
126 1036650 : Round(e, a, b, c, d, f2(a, b, c), k4, w7 = left(w7 ^ w4 ^ w15 ^ w9));
127 1036650 : Round(d, e, a, b, c, f2(e, a, b), k4, w8 = left(w8 ^ w5 ^ w0 ^ w10));
128 1036650 : Round(c, d, e, a, b, f2(d, e, a), k4, w9 = left(w9 ^ w6 ^ w1 ^ w11));
129 1036650 : Round(b, c, d, e, a, f2(c, d, e), k4, w10 = left(w10 ^ w7 ^ w2 ^ w12));
130 1036650 : Round(a, b, c, d, e, f2(b, c, d), k4, w11 = left(w11 ^ w8 ^ w3 ^ w13));
131 1036650 : Round(e, a, b, c, d, f2(a, b, c), k4, w12 = left(w12 ^ w9 ^ w4 ^ w14));
132 1036650 : Round(d, e, a, b, c, f2(e, a, b), k4, left(w13 ^ w10 ^ w5 ^ w15));
133 1036650 : Round(c, d, e, a, b, f2(d, e, a), k4, left(w14 ^ w11 ^ w6 ^ w0));
134 1036650 : Round(b, c, d, e, a, f2(c, d, e), k4, left(w15 ^ w12 ^ w7 ^ w1));
135 :
136 1036650 : s[0] += a;
137 1036650 : s[1] += b;
138 1036650 : s[2] += c;
139 1036650 : s[3] += d;
140 1036650 : s[4] += e;
141 1036650 : }
142 :
143 : } // namespace sha1
144 :
145 : } // namespace
146 :
147 : ////// SHA1
148 :
149 54 : CSHA1::CSHA1() : bytes(0)
150 : {
151 54 : sha1::Initialize(s);
152 54 : }
153 :
154 15115 : CSHA1& CSHA1::Write(const unsigned char* data, size_t len)
155 : {
156 15115 : const unsigned char* end = data + len;
157 15115 : size_t bufsize = bytes % 64;
158 15115 : if (bufsize && bufsize + len >= 64) {
159 : // Fill the buffer, and process it.
160 7271 : memcpy(buf + bufsize, data, 64 - bufsize);
161 7271 : bytes += 64 - bufsize;
162 7271 : data += 64 - bufsize;
163 7271 : sha1::Transform(s, buf);
164 7271 : bufsize = 0;
165 : }
166 1044490 : while (end >= data + 64) {
167 : // Process full chunks directly from the source.
168 1029380 : sha1::Transform(s, data);
169 1029380 : bytes += 64;
170 1029380 : data += 64;
171 : }
172 15115 : if (end > data) {
173 : // Fill the buffer with what remains.
174 9566 : memcpy(buf + bufsize, data, end - data);
175 9566 : bytes += end - data;
176 : }
177 15115 : return *this;
178 : }
179 :
180 3321 : void CSHA1::Finalize(unsigned char hash[OUTPUT_SIZE])
181 : {
182 3321 : static const unsigned char pad[64] = {0x80};
183 3321 : unsigned char sizedesc[8];
184 3321 : WriteBE64(sizedesc, bytes << 3);
185 3321 : Write(pad, 1 + ((119 - (bytes % 64)) % 64));
186 3321 : Write(sizedesc, 8);
187 3321 : WriteBE32(hash, s[0]);
188 3321 : WriteBE32(hash + 4, s[1]);
189 3321 : WriteBE32(hash + 8, s[2]);
190 3321 : WriteBE32(hash + 12, s[3]);
191 3321 : WriteBE32(hash + 16, s[4]);
192 3321 : }
193 :
194 0 : CSHA1& CSHA1::Reset()
195 : {
196 0 : bytes = 0;
197 0 : sha1::Initialize(s);
198 0 : return *this;
199 : }
|
