2 * Copyright (C) 2012,2015 Robin Gareus <robin@gareus.org>
4 * This code is inspired by libcrypt, which was placed
5 * in the public domain by Wei Dai and other contributors.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 #define EXPORT_SHA static
31 #if defined(PLATFORM_WINDOWS) && !defined(__LITTLE_ENDIAN__)
32 #define __LITTLE_ENDIAN__
36 # define SHA_BIG_ENDIAN
37 #elif defined _BIG_ENDIAN
38 # define SHA_BIG_ENDIAN
39 #elif defined __BYTE_ORDER__
40 # if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
41 # define SHA_BIG_ENDIAN
43 #elif !defined __LITTLE_ENDIAN__
44 # include <endian.h> // machine/endian.h
45 # if (defined __BYTE_ORDER__ && defined __ORDER_BIG_ENDIAN__ && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)
46 # define SHA_BIG_ENDIAN
58 static inline uint32_t sha1_rol32 (uint32_t number, uint8_t bits) {
59 return ((number << bits) | (number >> (32 - bits)));
62 static void sha1_hashBlock (Sha1Digest *s) {
64 uint32_t a, b, c, d, e, t;
72 for (i = 0; i < 80; ++i) {
74 t = s->buffer[(i + 13) & 15] ^ s->buffer[(i + 8) & 15] ^ s->buffer[(i + 2) & 15] ^ s->buffer[i & 15];
75 s->buffer[i & 15] = sha1_rol32 (t, 1);
78 t = (d ^ (b & (c ^ d))) + 0x5a827999;
80 t = (b ^ c ^ d) + 0x6ed9eba1;
82 t = ((b & c) | (d & (b | c))) + 0x8f1bbcdc;
84 t = (b ^ c ^ d) + 0xca62c1d6;
86 t += sha1_rol32 (a, 5) + e + s->buffer[i & 15];
89 c = sha1_rol32 (b, 30);
101 static void sha1_addUncounted (Sha1Digest *s, const uint8_t data) {
102 uint8_t * const b = (uint8_t*) s->buffer;
103 #ifdef SHA_BIG_ENDIAN
104 b[s->bufferOffset] = data;
106 b[s->bufferOffset ^ 3] = data;
109 if (s->bufferOffset == 64) {
115 static void sha1_pad (Sha1Digest *s) {
116 // Implement SHA-1 padding (fips180-2 5.1.1)
117 // Pad with 0x80 followed by 0x00 until the end of the block
118 sha1_addUncounted (s, 0x80);
119 while (s->bufferOffset != 56) sha1_addUncounted (s, 0x00);
121 // Append length in the last 8 bytes
122 sha1_addUncounted (s, 0); // We're only using 32 bit lengths
123 sha1_addUncounted (s, 0); // But SHA-1 supports 64 bit lengths
124 sha1_addUncounted (s, 0); // So zero pad the top bits
125 sha1_addUncounted (s, s->byteCount >> 29); // Shifting to multiply by 8
126 sha1_addUncounted (s, s->byteCount >> 21); // as SHA-1 supports bitstreams as well as
127 sha1_addUncounted (s, s->byteCount >> 13); // byte.
128 sha1_addUncounted (s, s->byteCount >> 5);
129 sha1_addUncounted (s, s->byteCount << 3);
133 /*** public functions ***/
135 EXPORT_SHA void sha1_init (Sha1Digest *s) {
136 s->state[0] = 0x67452301;
137 s->state[1] = 0xefcdab89;
138 s->state[2] = 0x98badcfe;
139 s->state[3] = 0x10325476;
140 s->state[4] = 0xc3d2e1f0;
145 EXPORT_SHA void sha1_writebyte (Sha1Digest *s, const uint8_t data) {
147 sha1_addUncounted (s, data);
150 EXPORT_SHA void sha1_write (Sha1Digest *s, const uint8_t *data, size_t len) {
151 for (;len--;) sha1_writebyte (s, (uint8_t) *data++);
154 EXPORT_SHA uint8_t* sha1_result (Sha1Digest *s) {
155 // Pad to complete the last block
158 #ifndef SHA_BIG_ENDIAN
159 // Swap byte order back
161 for (i = 0; i < 5; ++i) {
163 (((s->state[i])<<24)& 0xff000000)
164 | (((s->state[i])<<8) & 0x00ff0000)
165 | (((s->state[i])>>8) & 0x0000ff00)
166 | (((s->state[i])>>24)& 0x000000ff);
169 // Return pointer to hash (20 characters)
170 return (uint8_t*) s->state;
173 EXPORT_SHA void sha1_result_hash (Sha1Digest *s, char *rv) {
175 uint8_t* hash = sha1_result (s);
176 for (i = 0; i < 20; ++i) {
177 sprintf (&rv[2*i], "%02x", hash[i]);