[exim.git] / src / src / pdkim / sha1.c

#include "crypt_ver.h"

#ifdef SHA_POLARSSL	/* remainder of file */

/*
 *  FIPS-180-1 compliant SHA-1 implementation
 *
 *  Copyright (C) 2006-2010, Brainspark B.V.
 *
 *  This file is part of PolarSSL (http://www.polarssl.org)
 *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
 *
 *  All rights reserved.
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
/*
 *  The SHA-1 standard was published by NIST in 1993.
 *
 *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
 */

#include "polarssl/config.h"

#if defined(POLARSSL_SHA1_C)

#include "polarssl/sha1.h"

#include <string.h>
#include <stdio.h>

/*
 * 32-bit integer manipulation macros (big endian)
 */
#ifndef GET_ULONG_BE
#define GET_ULONG_BE(n,b,i)                             \
{                                                       \
    (n) = ( (unsigned long) (b)[(i)    ] << 24 )        \
        | ( (unsigned long) (b)[(i) + 1] << 16 )        \
        | ( (unsigned long) (b)[(i) + 2] <<  8 )        \
        | ( (unsigned long) (b)[(i) + 3]       );       \
}
#endif

#ifndef PUT_ULONG_BE
#define PUT_ULONG_BE(n,b,i)                             \
{                                                       \
    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
}
#endif

/*
 * SHA-1 context setup
 * Called from pdkim_parse_sig_header() pdkim_feed_finish() pdkim_init_sign()
 */
void sha1_starts( sha1_context *ctx )
{
    ctx->total[0] = 0;
    ctx->total[1] = 0;

    ctx->state[0] = 0x67452301;
    ctx->state[1] = 0xEFCDAB89;
    ctx->state[2] = 0x98BADCFE;
    ctx->state[3] = 0x10325476;
    ctx->state[4] = 0xC3D2E1F0;
}

static void sha1_process( sha1_context *ctx, const unsigned char data[64] )
{
    unsigned long temp, W[16], A, B, C, D, E;

    GET_ULONG_BE( W[ 0], data,  0 );
    GET_ULONG_BE( W[ 1], data,  4 );
    GET_ULONG_BE( W[ 2], data,  8 );
    GET_ULONG_BE( W[ 3], data, 12 );
    GET_ULONG_BE( W[ 4], data, 16 );
    GET_ULONG_BE( W[ 5], data, 20 );
    GET_ULONG_BE( W[ 6], data, 24 );
    GET_ULONG_BE( W[ 7], data, 28 );
    GET_ULONG_BE( W[ 8], data, 32 );
    GET_ULONG_BE( W[ 9], data, 36 );
    GET_ULONG_BE( W[10], data, 40 );
    GET_ULONG_BE( W[11], data, 44 );
    GET_ULONG_BE( W[12], data, 48 );
    GET_ULONG_BE( W[13], data, 52 );
    GET_ULONG_BE( W[14], data, 56 );
    GET_ULONG_BE( W[15], data, 60 );

#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))

#define R(t)                                            \
(                                                       \
    temp = W[(t -  3) & 0x0F] ^ W[(t - 8) & 0x0F] ^     \
           W[(t - 14) & 0x0F] ^ W[ t      & 0x0F],      \
    ( W[t & 0x0F] = S(temp,1) )                         \
)

#define P(a,b,c,d,e,x)                                  \
{                                                       \
    e += S(a,5) + F(b,c,d) + K + x; b = S(b,30);        \
}

    A = ctx->state[0];
    B = ctx->state[1];
    C = ctx->state[2];
    D = ctx->state[3];
    E = ctx->state[4];

#define F(x,y,z) (z ^ (x & (y ^ z)))
#define K 0x5A827999

    P( A, B, C, D, E, W[0]  );
    P( E, A, B, C, D, W[1]  );
    P( D, E, A, B, C, W[2]  );
    P( C, D, E, A, B, W[3]  );
    P( B, C, D, E, A, W[4]  );
    P( A, B, C, D, E, W[5]  );
    P( E, A, B, C, D, W[6]  );
    P( D, E, A, B, C, W[7]  );
    P( C, D, E, A, B, W[8]  );
    P( B, C, D, E, A, W[9]  );
    P( A, B, C, D, E, W[10] );
    P( E, A, B, C, D, W[11] );
    P( D, E, A, B, C, W[12] );
    P( C, D, E, A, B, W[13] );
    P( B, C, D, E, A, W[14] );
    P( A, B, C, D, E, W[15] );
    P( E, A, B, C, D, R(16) );
    P( D, E, A, B, C, R(17) );
    P( C, D, E, A, B, R(18) );
    P( B, C, D, E, A, R(19) );

#undef K
#undef F

#define F(x,y,z) (x ^ y ^ z)
#define K 0x6ED9EBA1

    P( A, B, C, D, E, R(20) );
    P( E, A, B, C, D, R(21) );
    P( D, E, A, B, C, R(22) );
    P( C, D, E, A, B, R(23) );
    P( B, C, D, E, A, R(24) );
    P( A, B, C, D, E, R(25) );
    P( E, A, B, C, D, R(26) );
    P( D, E, A, B, C, R(27) );
    P( C, D, E, A, B, R(28) );
    P( B, C, D, E, A, R(29) );
    P( A, B, C, D, E, R(30) );
    P( E, A, B, C, D, R(31) );
    P( D, E, A, B, C, R(32) );
    P( C, D, E, A, B, R(33) );
    P( B, C, D, E, A, R(34) );
    P( A, B, C, D, E, R(35) );
    P( E, A, B, C, D, R(36) );
    P( D, E, A, B, C, R(37) );
    P( C, D, E, A, B, R(38) );
    P( B, C, D, E, A, R(39) );

#undef K
#undef F

#define F(x,y,z) ((x & y) | (z & (x | y)))
#define K 0x8F1BBCDC

    P( A, B, C, D, E, R(40) );
    P( E, A, B, C, D, R(41) );
    P( D, E, A, B, C, R(42) );
    P( C, D, E, A, B, R(43) );
    P( B, C, D, E, A, R(44) );
    P( A, B, C, D, E, R(45) );
    P( E, A, B, C, D, R(46) );
    P( D, E, A, B, C, R(47) );
    P( C, D, E, A, B, R(48) );
    P( B, C, D, E, A, R(49) );
    P( A, B, C, D, E, R(50) );
    P( E, A, B, C, D, R(51) );
    P( D, E, A, B, C, R(52) );
    P( C, D, E, A, B, R(53) );
    P( B, C, D, E, A, R(54) );
    P( A, B, C, D, E, R(55) );
    P( E, A, B, C, D, R(56) );
    P( D, E, A, B, C, R(57) );
    P( C, D, E, A, B, R(58) );
    P( B, C, D, E, A, R(59) );

#undef K
#undef F

#define F(x,y,z) (x ^ y ^ z)
#define K 0xCA62C1D6

    P( A, B, C, D, E, R(60) );
    P( E, A, B, C, D, R(61) );
    P( D, E, A, B, C, R(62) );
    P( C, D, E, A, B, R(63) );
    P( B, C, D, E, A, R(64) );
    P( A, B, C, D, E, R(65) );
    P( E, A, B, C, D, R(66) );
    P( D, E, A, B, C, R(67) );
    P( C, D, E, A, B, R(68) );
    P( B, C, D, E, A, R(69) );
    P( A, B, C, D, E, R(70) );
    P( E, A, B, C, D, R(71) );
    P( D, E, A, B, C, R(72) );
    P( C, D, E, A, B, R(73) );
    P( B, C, D, E, A, R(74) );
    P( A, B, C, D, E, R(75) );
    P( E, A, B, C, D, R(76) );
    P( D, E, A, B, C, R(77) );
    P( C, D, E, A, B, R(78) );
    P( B, C, D, E, A, R(79) );

#undef K
#undef F

    ctx->state[0] += A;
    ctx->state[1] += B;
    ctx->state[2] += C;
    ctx->state[3] += D;
    ctx->state[4] += E;
}

/*
 * SHA-1 process buffer
 * Called from pdkim_feed_finish() & pdkim_finish_bodyhash()
 */
void sha1_update( sha1_context *ctx, const unsigned char *input, int ilen )
{
    int fill;
    unsigned long left;

    if( ilen <= 0 )
        return;

    left = ctx->total[0] & 0x3F;
    fill = 64 - left;

    ctx->total[0] += ilen;
    ctx->total[0] &= 0xFFFFFFFF;

    if( ctx->total[0] < (unsigned long) ilen )
        ctx->total[1]++;

    if( left && ilen >= fill )
    {
        memcpy( (void *) (ctx->buffer + left),
                (void *) input, fill );
        sha1_process( ctx, ctx->buffer );
        input += fill;
        ilen  -= fill;
        left = 0;
    }

    while( ilen >= 64 )
    {
        sha1_process( ctx, input );
        input += 64;
        ilen  -= 64;
    }

    if( ilen > 0 )
    {
        memcpy( (void *) (ctx->buffer + left),
                (void *) input, ilen );
    }
}

static const unsigned char sha1_padding[64] =
{
 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};

/*
 * SHA-1 final digest
 * Called from pdkim_feed_finish() & pdkim_finish_bodyhash()
 */
void sha1_finish( sha1_context *ctx, unsigned char output[20] )
{
    unsigned long last, padn;
    unsigned long high, low;
    unsigned char msglen[8];

    high = ( ctx->total[0] >> 29 )
         | ( ctx->total[1] <<  3 );
    low  = ( ctx->total[0] <<  3 );

    PUT_ULONG_BE( high, msglen, 0 );
    PUT_ULONG_BE( low,  msglen, 4 );

    last = ctx->total[0] & 0x3F;
    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );

    sha1_update( ctx, (unsigned char *) sha1_padding, padn );
    sha1_update( ctx, msglen, 8 );

    PUT_ULONG_BE( ctx->state[0], output,  0 );
    PUT_ULONG_BE( ctx->state[1], output,  4 );
    PUT_ULONG_BE( ctx->state[2], output,  8 );
    PUT_ULONG_BE( ctx->state[3], output, 12 );
    PUT_ULONG_BE( ctx->state[4], output, 16 );
}

#endif
#endif
Commit	Line	Data
cb224393 JH	1	#include "crypt_ver.h"
	2
	3	#ifdef SHA_POLARSSL /* remainder of file */
	4
	5	/*
	6	* FIPS-180-1 compliant SHA-1 implementation
	7	*
	8	* Copyright (C) 2006-2010, Brainspark B.V.
	9	*
	10	* This file is part of PolarSSL (http://www.polarssl.org)
	11	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
	12	*
	13	* All rights reserved.
	14	*
	15	* This program is free software; you can redistribute it and/or modify
	16	* it under the terms of the GNU General Public License as published by
	17	* the Free Software Foundation; either version 2 of the License, or
	18	* (at your option) any later version.
	19	*
	20	* This program is distributed in the hope that it will be useful,
	21	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	22	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	23	* GNU General Public License for more details.
	24	*
	25	* You should have received a copy of the GNU General Public License along
	26	* with this program; if not, write to the Free Software Foundation, Inc.,
	27	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	28	*/
	29	/*
	30	* The SHA-1 standard was published by NIST in 1993.
	31	*
	32	* http://www.itl.nist.gov/fipspubs/fip180-1.htm
	33	*/
	34
	35	#include "polarssl/config.h"
	36
	37	#if defined(POLARSSL_SHA1_C)
	38
	39	#include "polarssl/sha1.h"
	40
	41	#include <string.h>
	42	#include <stdio.h>
	43
	44	/*
	45	* 32-bit integer manipulation macros (big endian)
	46	*/
	47	#ifndef GET_ULONG_BE
	48	#define GET_ULONG_BE(n,b,i) \
	49	{ \
	50	(n) = ( (unsigned long) (b)[(i) ] << 24 ) \
	51	\| ( (unsigned long) (b)[(i) + 1] << 16 ) \
	52	\| ( (unsigned long) (b)[(i) + 2] << 8 ) \
	53	\| ( (unsigned long) (b)[(i) + 3] ); \
	54	}
	55	#endif
	56
	57	#ifndef PUT_ULONG_BE
	58	#define PUT_ULONG_BE(n,b,i) \
	59	{ \
	60	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
	61	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
	62	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
	63	(b)[(i) + 3] = (unsigned char) ( (n) ); \
	64	}
65	#endif
66
67	/*
68	* SHA-1 context setup
69	* Called from pdkim_parse_sig_header() pdkim_feed_finish() pdkim_init_sign()
70	*/
71	void sha1_starts( sha1_context *ctx )
72	{
73	ctx->total[0] = 0;
74	ctx->total[1] = 0;
75
76	ctx->state[0] = 0x67452301;
77	ctx->state[1] = 0xEFCDAB89;
78	ctx->state[2] = 0x98BADCFE;
79	ctx->state[3] = 0x10325476;
80	ctx->state[4] = 0xC3D2E1F0;
81	}
82
83	static void sha1_process( sha1_context *ctx, const unsigned char data[64] )
84	{
85	unsigned long temp, W[16], A, B, C, D, E;
86
87	GET_ULONG_BE( W[ 0], data, 0 );
88	GET_ULONG_BE( W[ 1], data, 4 );
89	GET_ULONG_BE( W[ 2], data, 8 );
90	GET_ULONG_BE( W[ 3], data, 12 );
91	GET_ULONG_BE( W[ 4], data, 16 );
92	GET_ULONG_BE( W[ 5], data, 20 );
93	GET_ULONG_BE( W[ 6], data, 24 );
94	GET_ULONG_BE( W[ 7], data, 28 );
95	GET_ULONG_BE( W[ 8], data, 32 );
96	GET_ULONG_BE( W[ 9], data, 36 );
97	GET_ULONG_BE( W[10], data, 40 );
98	GET_ULONG_BE( W[11], data, 44 );
99	GET_ULONG_BE( W[12], data, 48 );
100	GET_ULONG_BE( W[13], data, 52 );
101	GET_ULONG_BE( W[14], data, 56 );
102	GET_ULONG_BE( W[15], data, 60 );
103
104	#define S(x,n) ((x << n) \| ((x & 0xFFFFFFFF) >> (32 - n)))
105
106	#define R(t) \
107	( \
108	temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
109	W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
110	( W[t & 0x0F] = S(temp,1) ) \
111	)
112
113	#define P(a,b,c,d,e,x) \
114	{ \
115	e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
116	}
117
118	A = ctx->state[0];
119	B = ctx->state[1];
120	C = ctx->state[2];
121	D = ctx->state[3];
122	E = ctx->state[4];
123
124	#define F(x,y,z) (z ^ (x & (y ^ z)))
125	#define K 0x5A827999
126
127	P( A, B, C, D, E, W[0] );
128	P( E, A, B, C, D, W[1] );
129	P( D, E, A, B, C, W[2] );
130	P( C, D, E, A, B, W[3] );
131	P( B, C, D, E, A, W[4] );
132	P( A, B, C, D, E, W[5] );
133	P( E, A, B, C, D, W[6] );
134	P( D, E, A, B, C, W[7] );
135	P( C, D, E, A, B, W[8] );
136	P( B, C, D, E, A, W[9] );
137	P( A, B, C, D, E, W[10] );
138	P( E, A, B, C, D, W[11] );
139	P( D, E, A, B, C, W[12] );
140	P( C, D, E, A, B, W[13] );
141	P( B, C, D, E, A, W[14] );
142	P( A, B, C, D, E, W[15] );
143	P( E, A, B, C, D, R(16) );
144	P( D, E, A, B, C, R(17) );
145	P( C, D, E, A, B, R(18) );
146	P( B, C, D, E, A, R(19) );
147
148	#undef K
149	#undef F
150
151	#define F(x,y,z) (x ^ y ^ z)
152	#define K 0x6ED9EBA1
153
154	P( A, B, C, D, E, R(20) );
155	P( E, A, B, C, D, R(21) );
156	P( D, E, A, B, C, R(22) );
157	P( C, D, E, A, B, R(23) );
158	P( B, C, D, E, A, R(24) );
159	P( A, B, C, D, E, R(25) );
160	P( E, A, B, C, D, R(26) );
161	P( D, E, A, B, C, R(27) );
162	P( C, D, E, A, B, R(28) );
163	P( B, C, D, E, A, R(29) );
164	P( A, B, C, D, E, R(30) );
165	P( E, A, B, C, D, R(31) );
166	P( D, E, A, B, C, R(32) );
167	P( C, D, E, A, B, R(33) );
168	P( B, C, D, E, A, R(34) );
169	P( A, B, C, D, E, R(35) );
170	P( E, A, B, C, D, R(36) );
171	P( D, E, A, B, C, R(37) );
172	P( C, D, E, A, B, R(38) );
173	P( B, C, D, E, A, R(39) );
174
175	#undef K
176	#undef F
177
178	#define F(x,y,z) ((x & y) \| (z & (x \| y)))
179	#define K 0x8F1BBCDC
180
181	P( A, B, C, D, E, R(40) );
182	P( E, A, B, C, D, R(41) );
183	P( D, E, A, B, C, R(42) );
184	P( C, D, E, A, B, R(43) );
185	P( B, C, D, E, A, R(44) );
186	P( A, B, C, D, E, R(45) );
187	P( E, A, B, C, D, R(46) );
188	P( D, E, A, B, C, R(47) );
189	P( C, D, E, A, B, R(48) );
190	P( B, C, D, E, A, R(49) );
191	P( A, B, C, D, E, R(50) );
192	P( E, A, B, C, D, R(51) );
193	P( D, E, A, B, C, R(52) );
194	P( C, D, E, A, B, R(53) );
195	P( B, C, D, E, A, R(54) );
196	P( A, B, C, D, E, R(55) );
197	P( E, A, B, C, D, R(56) );
198	P( D, E, A, B, C, R(57) );
199	P( C, D, E, A, B, R(58) );
200	P( B, C, D, E, A, R(59) );
201
202	#undef K
203	#undef F
204
205	#define F(x,y,z) (x ^ y ^ z)
206	#define K 0xCA62C1D6
207
208	P( A, B, C, D, E, R(60) );
209	P( E, A, B, C, D, R(61) );
210	P( D, E, A, B, C, R(62) );
211	P( C, D, E, A, B, R(63) );
212	P( B, C, D, E, A, R(64) );
213	P( A, B, C, D, E, R(65) );
214	P( E, A, B, C, D, R(66) );
215	P( D, E, A, B, C, R(67) );
216	P( C, D, E, A, B, R(68) );
217	P( B, C, D, E, A, R(69) );
218	P( A, B, C, D, E, R(70) );
219	P( E, A, B, C, D, R(71) );
220	P( D, E, A, B, C, R(72) );
221	P( C, D, E, A, B, R(73) );
222	P( B, C, D, E, A, R(74) );
223	P( A, B, C, D, E, R(75) );
224	P( E, A, B, C, D, R(76) );
225	P( D, E, A, B, C, R(77) );
226	P( C, D, E, A, B, R(78) );
227	P( B, C, D, E, A, R(79) );
228
229	#undef K
230	#undef F
231
232	ctx->state[0] += A;
233	ctx->state[1] += B;
234	ctx->state[2] += C;
235	ctx->state[3] += D;
236	ctx->state[4] += E;
237	}
238
239	/*
240	* SHA-1 process buffer
241	* Called from pdkim_feed_finish() & pdkim_finish_bodyhash()
242	*/
243	void sha1_update( sha1_context ctx, const unsigned char input, int ilen )
244	{
245	int fill;
246	unsigned long left;
247
248	if( ilen <= 0 )
249	return;
250
251	left = ctx->total[0] & 0x3F;
252	fill = 64 - left;
253
254	ctx->total[0] += ilen;
255	ctx->total[0] &= 0xFFFFFFFF;
256
257	if( ctx->total[0] < (unsigned long) ilen )
258	ctx->total[1]++;
259
260	if( left && ilen >= fill )
261	{
262	memcpy( (void *) (ctx->buffer + left),
263	(void *) input, fill );
264	sha1_process( ctx, ctx->buffer );
265	input += fill;
266	ilen -= fill;
267	left = 0;
268	}
269
270	while( ilen >= 64 )
271	{
272	sha1_process( ctx, input );
273	input += 64;
274	ilen -= 64;
275	}
276
277	if( ilen > 0 )
278	{
279	memcpy( (void *) (ctx->buffer + left),
280	(void *) input, ilen );
281	}
282	}
283
284	static const unsigned char sha1_padding[64] =
285	{
286	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
287	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
288	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
289	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
290	};
291
292	/*
293	* SHA-1 final digest
294	* Called from pdkim_feed_finish() & pdkim_finish_bodyhash()
295	*/
296	void sha1_finish( sha1_context *ctx, unsigned char output[20] )
297	{
298	unsigned long last, padn;
299	unsigned long high, low;
300	unsigned char msglen[8];
301
302	high = ( ctx->total[0] >> 29 )
303	\| ( ctx->total[1] << 3 );
304	low = ( ctx->total[0] << 3 );
305
306	PUT_ULONG_BE( high, msglen, 0 );
307	PUT_ULONG_BE( low, msglen, 4 );
308
309	last = ctx->total[0] & 0x3F;
310	padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
311
312	sha1_update( ctx, (unsigned char *) sha1_padding, padn );
313	sha1_update( ctx, msglen, 8 );
314
315	PUT_ULONG_BE( ctx->state[0], output, 0 );
316	PUT_ULONG_BE( ctx->state[1], output, 4 );
317	PUT_ULONG_BE( ctx->state[2], output, 8 );
318	PUT_ULONG_BE( ctx->state[3], output, 12 );
319	PUT_ULONG_BE( ctx->state[4], output, 16 );
320	}
321
322	#endif
323	#endif