Check-in [fa9ae90eae]
Overview
Comment:Integrated RFC 6234 SHA1 implementation changes
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | trunk | 0.7.10
Files: files | file ages | folders
SHA1:fa9ae90eae56508d5e01877fa1afc07ce90dc536
User & Date: rkeene on 2019-11-15 15:07:55
Other Links: manifest | tags
Context
2019-11-15
15:07
Integrated RFC 6234 SHA1 implementation changes Leaf check-in: fa9ae90eae user: rkeene tags: trunk, 0.7.10
14:59
Include stdint or inttypes depending on platform Closed-Leaf check-in: 0d816bdcfc user: rkeene tags: rfc-6234
2019-11-13
14:59
Corrected license check-in: 480596d8cb user: rkeene tags: trunk
Changes

Modified LICENSE from [6315f16a70] to [71e9e37094].

    44     44   the X Consortium, and are licensed under the X11 license: install.sh
    45     45   
    46     46   The following files in this directory are the intellectual property of
    47     47   RSA Data Security, Inc., and are licensed under terms specified
    48     48   therein: md5.h, md5.c These files are "derived from the RSA Data
    49     49   Security, Inc. MD5 Message-Digest Algorithm".
    50     50   
    51         -The following files in this directory are from RFC 3174, are the
    52         -intellectual property of the Internet Society, and are licensed under
    53         -terms specified therein: sha1.c, sha1.h
           51  +The following files in this directory are from RFC 6234, are the
           52  +intellectual property of the IETF Trust, and are licensed under
           53  +the 3-clause BSD license: sha1.c, sha.h, sha-private.h
    54     54   
    55     55   The files in the "pkcs11/" directory are licensed under the terms of the
    56     56   following licenses:
    57     57   	mypkcs11.h : GNU Lesser General Public License 2.1.
    58     58   	pkcs11.h   : GNU Lesser General Public License 2.1.
    59     59   	pkcs11f.h  : GNU Lesser General Public License 2.1.
    60     60   	pkcs11n.h  : Mozilla Public License 2.0
    61     61   	pkcs11t.h  : GNU Lesser General Public License 2.1.

Modified Makefile.in from [abdaf2d437] to [1f902dbcec].

    20     20   	$(MAKE) libcackey.@SHOBJEXT@
    21     21   	-$(MAKE) libcackey_g.@SHOBJEXT@
    22     22   
    23     23   static:
    24     24   	$(MAKE) libcackey.a
    25     25   	-$(MAKE) libcackey_g.a
    26     26   
    27         -cackey.o: cackey.c cackey_builtin_certs.h sha1.c sha1.h md5.c md5.h asn1-x509.c asn1-x509.h config.h
           27  +cackey.o: cackey.c cackey_builtin_certs.h sha1.c sha.h sha-private.h md5.c md5.h asn1-x509.c asn1-x509.h config.h
    28     28   	$(CC) $(SHOBJFLAGS) $(CPPFLAGS) $(CFLAGS) -o cackey.o -c cackey.c
    29     29   
    30         -cackey_g.o: cackey.c cackey_builtin_certs.h sha1.c sha1.h md5.c md5.h asn1-x509.c asn1-x509.h config.h
           30  +cackey_g.o: cackey.c cackey_builtin_certs.h sha1.c sha.h sha-private.h md5.c md5.h asn1-x509.c asn1-x509.h config.h
    31     31   	$(CC) $(SHOBJFLAGS) $(DEBUGCPPFLAGS) $(DEBUGCFLAGS) -o cackey_g.o -c cackey.c
    32     32   
    33     33   libcackey.@SHOBJEXT@: cackey.o
    34     34   	$(CC) $(SHOBJFLAGS) $(CPPFLAGS) $(CFLAGS) $(SHOBJLDFLAGS) $(LDFLAGS) -o libcackey.@SHOBJEXT@ cackey.o $(LIBS)
    35     35   	-@WEAKENSYMS@ "libcackey.@SHOBJEXT@"
    36     36   	-@REMOVESYMS@ "libcackey.@SHOBJEXT@"
    37     37   
................................................................................
    65     65   		./test 2> $${tmpLogFile}; \
    66     66   		echo -ne "$$( \
    67     67   			grep 'Returned Value:' $${tmpLogFile} | sed 's@^.*/@@;s@ = {@ @;s@})$$@@;s@,@@g;s@ @\\x@g;s@\\@ \\@' | while IFS=' ' read -r count string; do \
    68     68   				printf '\\x%02x\\x%02x%s' $$[$${count} / 256] $$[$${count} % 256] "$${string}"; \
    69     69   			done \
    70     70   		)" > test-afl.data; rm -f $${tmpLogFile}
    71     71   
    72         -test-afl: test-afl.data test.c cackey.c cackey_builtin_certs.h sha1.c sha1.h md5.c md5.h asn1-x509.c asn1-x509.h config.h
           72  +test-afl: test-afl.data test.c cackey.c cackey_builtin_certs.h sha1.c sha.h sha-private.h md5.c md5.h asn1-x509.c asn1-x509.h config.h
    73     73   	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -DCACKEY_TEST_AFL -o test-afl test.c $(patsubst -lpcsclite,,$(LIBS))
    74     74   
    75     75   splint-cackey.txt: cackey.c cackey_builtin_certs.h asn1-x509.c asn1-x509.h config.h
    76     76   	splint $(DEBUGCPPFLAGS) -DCACKEY_PARANOID=1 -weak +posixlib -I/usr/include/PCSC -Ipkcs11 cackey.c > splint-cackey.txt
    77     77   
    78     78   install: libcackey.@SHOBJEXT@
    79     79   	-mkdir -p "$(DESTDIR)$(libdir)"

Modified cackey.c from [60cd8b85ae] to [11f5663297].

    60     60   #ifndef NULL_PTR
    61     61   #  define NULL_PTR 0
    62     62   #endif
    63     63   
    64     64   #include "pkcs11.h"
    65     65   #include "pkcs11n.h"
    66     66   #include "asn1-x509.h"
    67         -#include "sha1.h"
           67  +#include "sha.h"
    68     68   #include "md5.h"
    69     69   
    70     70   #ifndef CACKEY_CRYPTOKI_VERSION_CODE
    71     71   #  define CACKEY_CRYPTOKI_VERSION_CODE 0x021e00
    72     72   #endif
    73     73   
    74     74   /* GSC-IS v2.1 Definitions */

Added sha-private.h version [b98da73ba4].

            1  +/************************ sha-private.h ************************/
            2  +/***************** See RFC 6234 for details. *******************/
            3  +#ifndef _SHA_PRIVATE__H
            4  +#define _SHA_PRIVATE__H
            5  +/*
            6  + * These definitions are defined in FIPS 180-3, section 4.1.
            7  + * Ch() and Maj() are defined identically in sections 4.1.1,
            8  + * 4.1.2, and 4.1.3.
            9  + *
           10  + * The definitions used in FIPS 180-3 are as follows:
           11  + */
           12  +
           13  +#ifndef USE_MODIFIED_MACROS
           14  +#define SHA_Ch(x,y,z)        (((x) & (y)) ^ ((~(x)) & (z)))
           15  +#define SHA_Maj(x,y,z)       (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
           16  +#else /* USE_MODIFIED_MACROS */
           17  +/*
           18  + * The following definitions are equivalent and potentially faster.
           19  + */
           20  +
           21  +#define SHA_Ch(x, y, z)      (((x) & ((y) ^ (z))) ^ (z))
           22  +#define SHA_Maj(x, y, z)     (((x) & ((y) | (z))) | ((y) & (z)))
           23  +
           24  +#endif /* USE_MODIFIED_MACROS */
           25  +
           26  +#define SHA_Parity(x, y, z)  ((x) ^ (y) ^ (z))
           27  +
           28  +#endif /* _SHA_PRIVATE__H */
           29  +

Added sha.h version [7ecfeff9c2].

            1  +/**************************** sha.h ****************************/
            2  +/***************** See RFC 6234 for details. *******************/
            3  +/*
            4  +   Copyright (c) 2011 IETF Trust and the persons identified as
            5  +   authors of the code.  All rights reserved.
            6  +
            7  +   Redistribution and use in source and binary forms, with or
            8  +   without modification, are permitted provided that the following
            9  +   conditions are met:
           10  +
           11  +   - Redistributions of source code must retain the above
           12  +     copyright notice, this list of conditions and
           13  +     the following disclaimer.
           14  +
           15  +   - Redistributions in binary form must reproduce the above
           16  +     copyright notice, this list of conditions and the following
           17  +     disclaimer in the documentation and/or other materials provided
           18  +     with the distribution.
           19  +
           20  +   - Neither the name of Internet Society, IETF or IETF Trust, nor
           21  +     the names of specific contributors, may be used to endorse or
           22  +     promote products derived from this software without specific
           23  +     prior written permission.
           24  +
           25  +   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
           26  +   CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
           27  +   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
           28  +   MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
           29  +   DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
           30  +   CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
           31  +   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
           32  +   NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
           33  +   LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
           34  +   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
           35  +   CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
           36  +   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
           37  +   EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
           38  +*/
           39  +#ifndef _SHA_H_
           40  +#define _SHA_H_
           41  +
           42  +/*
           43  + *  Description:
           44  + *      This file implements the Secure Hash Algorithms
           45  + *      as defined in the U.S. National Institute of Standards
           46  + *      and Technology Federal Information Processing Standards
           47  + *      Publication (FIPS PUB) 180-3 published in October 2008
           48  + *      and formerly defined in its predecessors, FIPS PUB 180-1
           49  + *      and FIP PUB 180-2.
           50  + *
           51  + *      A combined document showing all algorithms is available at
           52  + *              http://csrc.nist.gov/publications/fips/
           53  + *                     fips180-3/fips180-3_final.pdf
           54  + *
           55  + *      The five hashes are defined in these sizes:
           56  + *              SHA-1           20 byte / 160 bit
           57  + *              SHA-224         28 byte / 224 bit
           58  + *              SHA-256         32 byte / 256 bit
           59  + *              SHA-384         48 byte / 384 bit
           60  + *              SHA-512         64 byte / 512 bit
           61  + *
           62  + *  Compilation Note:
           63  + *    These files may be compiled with two options:
           64  + *        USE_32BIT_ONLY - use 32-bit arithmetic only, for systems
           65  + *                         without 64-bit integers
           66  + *
           67  + *        USE_MODIFIED_MACROS - use alternate form of the SHA_Ch()
           68  + *                         and SHA_Maj() macros that are equivalent
           69  + *                         and potentially faster on many systems
           70  + *
           71  + */
           72  +
           73  +#include "config.h"
           74  +
           75  +#ifdef HAVE_STDINT_H
           76  +#  include <stdint.h>
           77  +#elif defined(HAVE_INTTYPES_H)
           78  +#  include <inttypes.h>
           79  +#endif
           80  +/*
           81  + * If you do not have the ISO standard stdint.h header file, then you
           82  + * must typedef the following:
           83  + *    name              meaning
           84  + *  uint64_t         unsigned 64-bit integer
           85  + *  uint32_t         unsigned 32-bit integer
           86  + *  uint8_t          unsigned 8-bit integer (i.e., unsigned char)
           87  + *  int_least16_t    integer of >= 16 bits
           88  + *
           89  + * See stdint-example.h
           90  + */
           91  +
           92  +#ifndef _SHA_enum_
           93  +#define _SHA_enum_
           94  +/*
           95  + *  All SHA functions return one of these values.
           96  + */
           97  +enum {
           98  +    shaSuccess = 0,
           99  +    shaNull,            /* Null pointer parameter */
          100  +    shaInputTooLong,    /* input data too long */
          101  +    shaStateError,      /* called Input after FinalBits or Result */
          102  +    shaBadParam         /* passed a bad parameter */
          103  +};
          104  +#endif /* _SHA_enum_ */
          105  +
          106  +/*
          107  + *  These constants hold size information for each of the SHA
          108  + *  hashing operations
          109  + */
          110  +enum {
          111  +    SHA1_Message_Block_Size = 64, SHA224_Message_Block_Size = 64,
          112  +    SHA256_Message_Block_Size = 64, SHA384_Message_Block_Size = 128,
          113  +    SHA512_Message_Block_Size = 128,
          114  +    USHA_Max_Message_Block_Size = SHA512_Message_Block_Size,
          115  +
          116  +    SHA1HashSize = 20, SHA224HashSize = 28, SHA256HashSize = 32,
          117  +    SHA384HashSize = 48, SHA512HashSize = 64,
          118  +    USHAMaxHashSize = SHA512HashSize,
          119  +
          120  +    SHA1HashSizeBits = 160, SHA224HashSizeBits = 224,
          121  +    SHA256HashSizeBits = 256, SHA384HashSizeBits = 384,
          122  +    SHA512HashSizeBits = 512, USHAMaxHashSizeBits = SHA512HashSizeBits
          123  +};
          124  +
          125  +/*
          126  + *  These constants are used in the USHA (Unified SHA) functions.
          127  + */
          128  +typedef enum SHAversion {
          129  +    SHA1, SHA224, SHA256, SHA384, SHA512
          130  +} SHAversion;
          131  +
          132  +/*
          133  + *  This structure will hold context information for the SHA-1
          134  + *  hashing operation.
          135  + */
          136  +typedef struct SHA1Context {
          137  +    uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */
          138  +
          139  +    uint32_t Length_High;               /* Message length in bits */
          140  +    uint32_t Length_Low;                /* Message length in bits */
          141  +
          142  +    int_least16_t Message_Block_Index;  /* Message_Block array index */
          143  +                                        /* 512-bit message blocks */
          144  +    uint8_t Message_Block[SHA1_Message_Block_Size];
          145  +
          146  +    int Computed;                   /* Is the hash computed? */
          147  +    int Corrupted;                  /* Cumulative corruption code */
          148  +} SHA1Context;
          149  +
          150  +/*
          151  + *  This structure will hold context information for the SHA-256
          152  + *  hashing operation.
          153  + */
          154  +typedef struct SHA256Context {
          155  +    uint32_t Intermediate_Hash[SHA256HashSize/4]; /* Message Digest */
          156  +
          157  +    uint32_t Length_High;               /* Message length in bits */
          158  +    uint32_t Length_Low;                /* Message length in bits */
          159  +
          160  +    int_least16_t Message_Block_Index;  /* Message_Block array index */
          161  +                                        /* 512-bit message blocks */
          162  +    uint8_t Message_Block[SHA256_Message_Block_Size];
          163  +
          164  +    int Computed;                   /* Is the hash computed? */
          165  +    int Corrupted;                  /* Cumulative corruption code */
          166  +} SHA256Context;
          167  +
          168  +/*
          169  + *  This structure will hold context information for the SHA-512
          170  + *  hashing operation.
          171  + */
          172  +typedef struct SHA512Context {
          173  +#ifdef USE_32BIT_ONLY
          174  +    uint32_t Intermediate_Hash[SHA512HashSize/4]; /* Message Digest  */
          175  +    uint32_t Length[4];                 /* Message length in bits */
          176  +#else /* !USE_32BIT_ONLY */
          177  +    uint64_t Intermediate_Hash[SHA512HashSize/8]; /* Message Digest */
          178  +    uint64_t Length_High, Length_Low;   /* Message length in bits */
          179  +#endif /* USE_32BIT_ONLY */
          180  +
          181  +    int_least16_t Message_Block_Index;  /* Message_Block array index */
          182  +                                        /* 1024-bit message blocks */
          183  +    uint8_t Message_Block[SHA512_Message_Block_Size];
          184  +
          185  +    int Computed;                   /* Is the hash computed?*/
          186  +    int Corrupted;                  /* Cumulative corruption code */
          187  +} SHA512Context;
          188  +
          189  +/*
          190  + *  This structure will hold context information for the SHA-224
          191  + *  hashing operation.  It uses the SHA-256 structure for computation.
          192  + */
          193  +typedef struct SHA256Context SHA224Context;
          194  +
          195  +/*
          196  + *  This structure will hold context information for the SHA-384
          197  + *  hashing operation.  It uses the SHA-512 structure for computation.
          198  + */
          199  +typedef struct SHA512Context SHA384Context;
          200  +
          201  +/*
          202  + *  This structure holds context information for all SHA
          203  + *  hashing operations.
          204  + */
          205  +typedef struct USHAContext {
          206  +    int whichSha;               /* which SHA is being used */
          207  +    union {
          208  +      SHA1Context sha1Context;
          209  +      SHA224Context sha224Context; SHA256Context sha256Context;
          210  +      SHA384Context sha384Context; SHA512Context sha512Context;
          211  +    } ctx;
          212  +
          213  +} USHAContext;
          214  +
          215  +/*
          216  + *  This structure will hold context information for the HMAC
          217  + *  keyed-hashing operation.
          218  + */
          219  +typedef struct HMACContext {
          220  +    int whichSha;               /* which SHA is being used */
          221  +    int hashSize;               /* hash size of SHA being used */
          222  +    int blockSize;              /* block size of SHA being used */
          223  +    USHAContext shaContext;     /* SHA context */
          224  +    unsigned char k_opad[USHA_Max_Message_Block_Size];
          225  +                        /* outer padding - key XORd with opad */
          226  +    int Computed;               /* Is the MAC computed? */
          227  +    int Corrupted;              /* Cumulative corruption code */
          228  +
          229  +} HMACContext;
          230  +
          231  +/*
          232  + *  This structure will hold context information for the HKDF
          233  + *  extract-and-expand Key Derivation Functions.
          234  + */
          235  +typedef struct HKDFContext {
          236  +    int whichSha;               /* which SHA is being used */
          237  +    HMACContext hmacContext;
          238  +    int hashSize;               /* hash size of SHA being used */
          239  +    unsigned char prk[USHAMaxHashSize];
          240  +                        /* pseudo-random key - output of hkdfInput */
          241  +    int Computed;               /* Is the key material computed? */
          242  +    int Corrupted;              /* Cumulative corruption code */
          243  +} HKDFContext;
          244  +
          245  +/*
          246  + *  Function Prototypes
          247  + */
          248  +
          249  +/* SHA-1 */
          250  +extern int SHA1Reset(SHA1Context *);
          251  +extern int SHA1Input(SHA1Context *, const uint8_t *bytes,
          252  +                     unsigned int bytecount);
          253  +extern int SHA1FinalBits(SHA1Context *, uint8_t bits,
          254  +                         unsigned int bit_count);
          255  +extern int SHA1Result(SHA1Context *,
          256  +                      uint8_t Message_Digest[SHA1HashSize]);
          257  +
          258  +/* SHA-224 */
          259  +extern int SHA224Reset(SHA224Context *);
          260  +extern int SHA224Input(SHA224Context *, const uint8_t *bytes,
          261  +                       unsigned int bytecount);
          262  +extern int SHA224FinalBits(SHA224Context *, uint8_t bits,
          263  +                           unsigned int bit_count);
          264  +extern int SHA224Result(SHA224Context *,
          265  +                        uint8_t Message_Digest[SHA224HashSize]);
          266  +
          267  +/* SHA-256 */
          268  +extern int SHA256Reset(SHA256Context *);
          269  +extern int SHA256Input(SHA256Context *, const uint8_t *bytes,
          270  +                       unsigned int bytecount);
          271  +extern int SHA256FinalBits(SHA256Context *, uint8_t bits,
          272  +                           unsigned int bit_count);
          273  +extern int SHA256Result(SHA256Context *,
          274  +                        uint8_t Message_Digest[SHA256HashSize]);
          275  +
          276  +/* SHA-384 */
          277  +extern int SHA384Reset(SHA384Context *);
          278  +extern int SHA384Input(SHA384Context *, const uint8_t *bytes,
          279  +                       unsigned int bytecount);
          280  +extern int SHA384FinalBits(SHA384Context *, uint8_t bits,
          281  +                           unsigned int bit_count);
          282  +extern int SHA384Result(SHA384Context *,
          283  +                        uint8_t Message_Digest[SHA384HashSize]);
          284  +
          285  +/* SHA-512 */
          286  +extern int SHA512Reset(SHA512Context *);
          287  +extern int SHA512Input(SHA512Context *, const uint8_t *bytes,
          288  +                       unsigned int bytecount);
          289  +extern int SHA512FinalBits(SHA512Context *, uint8_t bits,
          290  +                           unsigned int bit_count);
          291  +extern int SHA512Result(SHA512Context *,
          292  +                        uint8_t Message_Digest[SHA512HashSize]);
          293  +
          294  +/* Unified SHA functions, chosen by whichSha */
          295  +extern int USHAReset(USHAContext *context, SHAversion whichSha);
          296  +extern int USHAInput(USHAContext *context,
          297  +                     const uint8_t *bytes, unsigned int bytecount);
          298  +extern int USHAFinalBits(USHAContext *context,
          299  +                         uint8_t bits, unsigned int bit_count);
          300  +extern int USHAResult(USHAContext *context,
          301  +                      uint8_t Message_Digest[USHAMaxHashSize]);
          302  +extern int USHABlockSize(enum SHAversion whichSha);
          303  +extern int USHAHashSize(enum SHAversion whichSha);
          304  +extern int USHAHashSizeBits(enum SHAversion whichSha);
          305  +extern const char *USHAHashName(enum SHAversion whichSha);
          306  +
          307  +/*
          308  + * HMAC Keyed-Hashing for Message Authentication, RFC 2104,
          309  + * for all SHAs.
          310  + * This interface allows a fixed-length text input to be used.
          311  + */
          312  +extern int hmac(SHAversion whichSha, /* which SHA algorithm to use */
          313  +    const unsigned char *text,     /* pointer to data stream */
          314  +    int text_len,                  /* length of data stream */
          315  +    const unsigned char *key,      /* pointer to authentication key */
          316  +    int key_len,                   /* length of authentication key */
          317  +    uint8_t digest[USHAMaxHashSize]); /* caller digest to fill in */
          318  +
          319  +/*
          320  + * HMAC Keyed-Hashing for Message Authentication, RFC 2104,
          321  + * for all SHAs.
          322  + * This interface allows any length of text input to be used.
          323  + */
          324  +extern int hmacReset(HMACContext *context, enum SHAversion whichSha,
          325  +                     const unsigned char *key, int key_len);
          326  +extern int hmacInput(HMACContext *context, const unsigned char *text,
          327  +                     int text_len);
          328  +extern int hmacFinalBits(HMACContext *context, uint8_t bits,
          329  +                         unsigned int bit_count);
          330  +extern int hmacResult(HMACContext *context,
          331  +                      uint8_t digest[USHAMaxHashSize]);
          332  +
          333  +/*
          334  + * HKDF HMAC-based Extract-and-Expand Key Derivation Function,
          335  + * RFC 5869, for all SHAs.
          336  + */
          337  +extern int hkdf(SHAversion whichSha, const unsigned char *salt,
          338  +                int salt_len, const unsigned char *ikm, int ikm_len,
          339  +                const unsigned char *info, int info_len,
          340  +                uint8_t okm[ ], int okm_len);
          341  +extern int hkdfExtract(SHAversion whichSha, const unsigned char *salt,
          342  +                       int salt_len, const unsigned char *ikm,
          343  +                       int ikm_len, uint8_t prk[USHAMaxHashSize]);
          344  +extern int hkdfExpand(SHAversion whichSha, const uint8_t prk[ ],
          345  +                      int prk_len, const unsigned char *info,
          346  +                      int info_len, uint8_t okm[ ], int okm_len);
          347  +
          348  +/*
          349  + * HKDF HMAC-based Extract-and-Expand Key Derivation Function,
          350  + * RFC 5869, for all SHAs.
          351  + * This interface allows any length of text input to be used.
          352  + */
          353  +extern int hkdfReset(HKDFContext *context, enum SHAversion whichSha,
          354  +                     const unsigned char *salt, int salt_len);
          355  +extern int hkdfInput(HKDFContext *context, const unsigned char *ikm,
          356  +                     int ikm_len);
          357  +extern int hkdfFinalBits(HKDFContext *context, uint8_t ikm_bits,
          358  +                         unsigned int ikm_bit_count);
          359  +extern int hkdfResult(HKDFContext *context,
          360  +                      uint8_t prk[USHAMaxHashSize],
          361  +                      const unsigned char *info, int info_len,
          362  +                      uint8_t okm[USHAMaxHashSize], int okm_len);
          363  +#endif /* _SHA_H_ */
          364  +

Modified sha1.c from [a03e9d2d38] to [e3f79ad8a1].

            1  +/**************************** sha1.c ***************************/
            2  +/***************** See RFC 6234 for details. *******************/
            3  +/* Copyright (c) 2011 IETF Trust and the persons identified as */
            4  +/* authors of the code.  All rights reserved.                  */
            5  +/* See sha.h for terms of use and redistribution.              */
            6  +
     1      7   /*
     2         - *  sha1.c
     3         - *
     4      8    *  Description:
     5         - *      This file implements the Secure Hashing Algorithm 1 as
     6         - *      defined in FIPS PUB 180-1 published April 17, 1995.
            9  + *      This file implements the Secure Hash Algorithm SHA-1
           10  + *      as defined in the U.S. National Institute of Standards
           11  + *      and Technology Federal Information Processing Standards
           12  + *      Publication (FIPS PUB) 180-3 published in October 2008
           13  + *      and formerly defined in its predecessors, FIPS PUB 180-1
           14  + *      and FIP PUB 180-2.
     7     15    *
     8         - *      The SHA-1, produces a 160-bit message digest for a given
     9         - *      data stream.  It should take about 2**n steps to find a
    10         - *      message with the same digest as a given message and
    11         - *      2**(n/2) to find any two messages with the same digest,
    12         - *      when n is the digest size in bits.  Therefore, this
    13         - *      algorithm can serve as a means of providing a
           16  + *      A combined document showing all algorithms is available at
           17  + *              http://csrc.nist.gov/publications/fips/
           18  + *                     fips180-3/fips180-3_final.pdf
           19  + *
           20  + *      The SHA-1 algorithm produces a 160-bit message digest for a
           21  + *      given data stream that can serve as a means of providing a
    14     22    *      "fingerprint" for a message.
    15     23    *
    16     24    *  Portability Issues:
    17     25    *      SHA-1 is defined in terms of 32-bit "words".  This code
    18         - *      uses <stdint.h> (included via "sha1.h" to define 32 and 8
    19         - *      bit unsigned integer types.  If your C compiler does not
    20         - *      support 32 bit unsigned integers, this code is not
           26  + *      uses <stdint.h> (included via "sha.h") to define 32- and
           27  + *      8-bit unsigned integer types.  If your C compiler does
           28  + *      not support 32-bit unsigned integers, this code is not
    21     29    *      appropriate.
    22     30    *
    23     31    *  Caveats:
    24     32    *      SHA-1 is designed to work with messages less than 2^64 bits
    25         - *      long.  Although SHA-1 allows a message digest to be generated
    26         - *      for messages of any number of bits less than 2^64, this
    27         - *      implementation only works with messages with a length that is
    28         - *      a multiple of the size of an 8-bit character.
    29         - *
           33  + *      long.  This implementation uses SHA1Input() to hash the bits
           34  + *      that are a multiple of the size of an 8-bit octet, and then
           35  + *      optionally uses SHA1FinalBits() to hash the final few bits of
           36  + *      the input.
    30     37    */
    31     38   
    32         -#include "sha1.h"
           39  +#include "sha.h"
           40  +#include "sha-private.h"
    33     41   
    34     42   /*
    35     43    *  Define the SHA1 circular left shift macro
    36     44    */
    37         -#define SHA1CircularShift(bits,word) \
           45  +#define SHA1_ROTL(bits,word) \
    38     46                   (((word) << (bits)) | ((word) >> (32-(bits))))
    39     47   
    40         -/* Local Function Prototyptes */
    41         -static void SHA1PadMessage(SHA1Context *);
    42         -static void SHA1ProcessMessageBlock(SHA1Context *);
           48  +/*
           49  + * Add "length" to the length.
           50  + * Set Corrupted when overflow has occurred.
           51  + */
           52  +static uint32_t addTemp;
           53  +#define SHA1AddLength(context, length)                     \
           54  +    (addTemp = (context)->Length_Low,                      \
           55  +     (context)->Corrupted =                                \
           56  +        (((context)->Length_Low += (length)) < addTemp) && \
           57  +        (++(context)->Length_High == 0) ? shaInputTooLong  \
           58  +                                        : (context)->Corrupted )
           59  +
           60  +/* Local Function Prototypes */
           61  +static void SHA1ProcessMessageBlock(SHA1Context *context);
           62  +static void SHA1Finalize(SHA1Context *context, uint8_t Pad_Byte);
           63  +static void SHA1PadMessage(SHA1Context *context, uint8_t Pad_Byte);
    43     64   
    44     65   /*
    45     66    *  SHA1Reset
    46     67    *
    47     68    *  Description:
    48     69    *      This function will initialize the SHA1Context in preparation
    49     70    *      for computing a new SHA1 message digest.
................................................................................
    52     73    *      context: [in/out]
    53     74    *          The context to reset.
    54     75    *
    55     76    *  Returns:
    56     77    *      sha Error Code.
    57     78    *
    58     79    */
    59         -static int SHA1Reset(SHA1Context *context)
           80  +int SHA1Reset(SHA1Context *context)
    60     81   {
    61         -    if (!context)
    62         -    {
    63         -        return shaNull;
    64         -    }
    65         -
    66         -    context->Length_Low             = 0;
    67         -    context->Length_High            = 0;
    68         -    context->Message_Block_Index    = 0;
    69         -
    70         -    context->Intermediate_Hash[0]   = 0x67452301;
    71         -    context->Intermediate_Hash[1]   = 0xEFCDAB89;
    72         -    context->Intermediate_Hash[2]   = 0x98BADCFE;
    73         -    context->Intermediate_Hash[3]   = 0x10325476;
    74         -    context->Intermediate_Hash[4]   = 0xC3D2E1F0;
    75         -
    76         -    context->Computed   = 0;
    77         -    context->Corrupted  = 0;
    78         -
    79         -    return shaSuccess;
    80         -}
    81         -
    82         -/*
    83         - *  SHA1Result
    84         - *
    85         - *  Description:
    86         - *      This function will return the 160-bit message digest into the
    87         - *      Message_Digest array  provided by the caller.
    88         - *      NOTE: The first octet of hash is stored in the 0th element,
    89         - *            the last octet of hash in the 19th element.
    90         - *
    91         - *  Parameters:
    92         - *      context: [in/out]
    93         - *          The context to use to calculate the SHA-1 hash.
    94         - *      Message_Digest: [out]
    95         - *          Where the digest is returned.
    96         - *
    97         - *  Returns:
    98         - *      sha Error Code.
    99         - *
   100         - */
   101         -static int SHA1Result( SHA1Context *context,
   102         -                uint8_t Message_Digest[SHA1HashSize])
   103         -{
   104         -    int i;
   105         -
   106         -    if (!context || !Message_Digest)
   107         -    {
   108         -        return shaNull;
   109         -    }
   110         -
   111         -    if (context->Corrupted)
   112         -    {
   113         -        return context->Corrupted;
   114         -    }
   115         -
   116         -    if (!context->Computed)
   117         -    {
   118         -        SHA1PadMessage(context);
   119         -        for(i=0; i<64; ++i)
   120         -        {
   121         -            /* message may be sensitive, clear it out */
   122         -            context->Message_Block[i] = 0;
   123         -        }
   124         -        context->Length_Low = 0;    /* and clear length */
   125         -        context->Length_High = 0;
   126         -        context->Computed = 1;
   127         -    }
   128         -
   129         -    for(i = 0; i < SHA1HashSize; ++i)
   130         -    {
   131         -        Message_Digest[i] = context->Intermediate_Hash[i>>2]
   132         -                            >> 8 * ( 3 - ( i & 0x03 ) );
   133         -    }
   134         -
   135         -    return shaSuccess;
           82  +  if (!context) return shaNull;
           83  +
           84  +  context->Length_High = context->Length_Low = 0;
           85  +  context->Message_Block_Index = 0;
           86  +
           87  +  /* Initial Hash Values: FIPS 180-3 section 5.3.1 */
           88  +  context->Intermediate_Hash[0]   = 0x67452301;
           89  +  context->Intermediate_Hash[1]   = 0xEFCDAB89;
           90  +  context->Intermediate_Hash[2]   = 0x98BADCFE;
           91  +  context->Intermediate_Hash[3]   = 0x10325476;
           92  +  context->Intermediate_Hash[4]   = 0xC3D2E1F0;
           93  +
           94  +  context->Computed   = 0;
           95  +  context->Corrupted  = shaSuccess;
           96  +
           97  +  return shaSuccess;
   136     98   }
   137     99   
   138    100   /*
   139    101    *  SHA1Input
   140    102    *
   141    103    *  Description:
   142    104    *      This function accepts an array of octets as the next portion
   143    105    *      of the message.
   144    106    *
   145    107    *  Parameters:
   146    108    *      context: [in/out]
   147         - *          The SHA context to update
   148         - *      message_array: [in]
   149         - *          An array of characters representing the next portion of
          109  + *          The SHA context to update.
          110  + *      message_array[ ]: [in]
          111  + *          An array of octets representing the next portion of
   150    112    *          the message.
   151    113    *      length: [in]
   152         - *          The length of the message in message_array
          114  + *          The length of the message in message_array.
   153    115    *
   154    116    *  Returns:
   155    117    *      sha Error Code.
   156    118    *
   157    119    */
   158         -static int SHA1Input(    SHA1Context    *context,
   159         -                  const uint8_t  *message_array,
   160         -                  unsigned       length)
          120  +int SHA1Input(SHA1Context *context,
          121  +    const uint8_t *message_array, unsigned length)
   161    122   {
   162         -    if (!length)
   163         -    {
   164         -        return shaSuccess;
   165         -    }
          123  +  if (!context) return shaNull;
          124  +  if (!length) return shaSuccess;
          125  +  if (!message_array) return shaNull;
          126  +  if (context->Computed) return context->Corrupted = shaStateError;
          127  +  if (context->Corrupted) return context->Corrupted;
   166    128   
   167         -    if (!context || !message_array)
   168         -    {
   169         -        return shaNull;
   170         -    }
   171         -
   172         -    if (context->Computed)
   173         -    {
   174         -        context->Corrupted = shaStateError;
   175         -
   176         -        return shaStateError;
   177         -    }
   178         -
   179         -    if (context->Corrupted)
   180         -    {
   181         -         return context->Corrupted;
   182         -    }
   183         -    while(length-- && !context->Corrupted)
   184         -    {
          129  +  while (length--) {
   185    130       context->Message_Block[context->Message_Block_Index++] =
   186         -                    (*message_array & 0xFF);
          131  +      *message_array;
   187    132   
   188         -    context->Length_Low += 8;
   189         -    if (context->Length_Low == 0)
   190         -    {
   191         -        context->Length_High++;
   192         -        if (context->Length_High == 0)
   193         -        {
   194         -            /* Message is too long */
   195         -            context->Corrupted = 1;
   196         -        }
   197         -    }
   198         -
   199         -    if (context->Message_Block_Index == 64)
   200         -    {
   201         -        SHA1ProcessMessageBlock(context);
   202         -    }
          133  +    if ((SHA1AddLength(context, 8) == shaSuccess) &&
          134  +      (context->Message_Block_Index == SHA1_Message_Block_Size))
          135  +      SHA1ProcessMessageBlock(context);
   203    136   
   204    137       message_array++;
   205         -    }
          138  +  }
   206    139   
   207         -    return shaSuccess;
          140  +  return context->Corrupted;
          141  +}
          142  +
          143  +/*
          144  + * SHA1FinalBits
          145  + *
          146  + * Description:
          147  + *   This function will add in any final bits of the message.
          148  + *
          149  + * Parameters:
          150  + *   context: [in/out]
          151  + *     The SHA context to update.
          152  + *   message_bits: [in]
          153  + *     The final bits of the message, in the upper portion of the
          154  + *     byte.  (Use 0b###00000 instead of 0b00000### to input the
          155  + *     three bits ###.)
          156  + *   length: [in]
          157  + *     The number of bits in message_bits, between 1 and 7.
          158  + *
          159  + * Returns:
          160  + *   sha Error Code.
          161  + */
          162  +int SHA1FinalBits(SHA1Context *context, uint8_t message_bits,
          163  +    unsigned int length)
          164  +{
          165  +  static uint8_t masks[8] = {
          166  +      /* 0 0b00000000 */ 0x00, /* 1 0b10000000 */ 0x80,
          167  +      /* 2 0b11000000 */ 0xC0, /* 3 0b11100000 */ 0xE0,
          168  +      /* 4 0b11110000 */ 0xF0, /* 5 0b11111000 */ 0xF8,
          169  +      /* 6 0b11111100 */ 0xFC, /* 7 0b11111110 */ 0xFE
          170  +  };
          171  +
          172  +  static uint8_t markbit[8] = {
          173  +      /* 0 0b10000000 */ 0x80, /* 1 0b01000000 */ 0x40,
          174  +      /* 2 0b00100000 */ 0x20, /* 3 0b00010000 */ 0x10,
          175  +      /* 4 0b00001000 */ 0x08, /* 5 0b00000100 */ 0x04,
          176  +      /* 6 0b00000010 */ 0x02, /* 7 0b00000001 */ 0x01
          177  +  };
          178  +
          179  +  if (!context) return shaNull;
          180  +  if (!length) return shaSuccess;
          181  +  if (context->Corrupted) return context->Corrupted;
          182  +  if (context->Computed) return context->Corrupted = shaStateError;
          183  +  if (length >= 8) return context->Corrupted = shaBadParam;
          184  +
          185  +  SHA1AddLength(context, length);
          186  +  SHA1Finalize(context,
          187  +    (uint8_t) ((message_bits & masks[length]) | markbit[length]));
          188  +
          189  +  return context->Corrupted;
          190  +}
          191  +
          192  +/*
          193  + * SHA1Result
          194  + *
          195  + * Description:
          196  + *   This function will return the 160-bit message digest
          197  + *   into the Message_Digest array provided by the caller.
          198  + *   NOTE:
          199  + *    The first octet of hash is stored in the element with index 0,
          200  + *      the last octet of hash in the element with index 19.
          201  + *
          202  + * Parameters:
          203  + *   context: [in/out]
          204  + *     The context to use to calculate the SHA-1 hash.
          205  + *   Message_Digest[ ]: [out]
          206  + *     Where the digest is returned.
          207  + *
          208  + * Returns:
          209  + *   sha Error Code.
          210  + *
          211  + */
          212  +int SHA1Result(SHA1Context *context,
          213  +    uint8_t Message_Digest[SHA1HashSize])
          214  +{
          215  +  int i;
          216  +
          217  +  if (!context) return shaNull;
          218  +  if (!Message_Digest) return shaNull;
          219  +  if (context->Corrupted) return context->Corrupted;
          220  +
          221  +  if (!context->Computed)
          222  +    SHA1Finalize(context, 0x80);
          223  +
          224  +  for (i = 0; i < SHA1HashSize; ++i)
          225  +    Message_Digest[i] = (uint8_t) (context->Intermediate_Hash[i>>2]
          226  +                                   >> (8 * ( 3 - ( i & 0x03 ) )));
          227  +
          228  +  return shaSuccess;
   208    229   }
   209    230   
   210    231   /*
   211         - *  SHA1ProcessMessageBlock
          232  + * SHA1ProcessMessageBlock
          233  + *
          234  + * Description:
          235  + *   This helper function will process the next 512 bits of the
          236  + *   message stored in the Message_Block array.
   212    237    *
   213         - *  Description:
   214         - *      This function will process the next 512 bits of the message
   215         - *      stored in the Message_Block array.
          238  + * Parameters:
          239  + *   context: [in/out]
          240  + *     The SHA context to update.
   216    241    *
   217         - *  Parameters:
   218         - *      None.
   219         - *
   220         - *  Returns:
   221         - *      Nothing.
          242  + * Returns:
          243  + *   Nothing.
   222    244    *
   223         - *  Comments:
   224         - *      Many of the variable names in this code, especially the
   225         - *      single character names, were used because those were the
   226         - *      names used in the publication.
   227         - *
   228         - *
          245  + * Comments:
          246  + *   Many of the variable names in this code, especially the
          247  + *   single character names, were used because those were the
          248  + *   names used in the Secure Hash Standard.
   229    249    */
   230    250   static void SHA1ProcessMessageBlock(SHA1Context *context)
   231    251   {
   232         -    const uint32_t K[] =    {       /* Constants defined in SHA-1   */
   233         -                            0x5A827999,
   234         -                            0x6ED9EBA1,
   235         -                            0x8F1BBCDC,
   236         -                            0xCA62C1D6
   237         -                            };
   238         -    int           t;                 /* Loop counter                */
   239         -    uint32_t      temp;              /* Temporary word value        */
   240         -    uint32_t      W[80];             /* Word sequence               */
   241         -    uint32_t      A, B, C, D, E;     /* Word buffers                */
          252  +  /* Constants defined in FIPS 180-3, section 4.2.1 */
          253  +  const uint32_t K[4] = {
          254  +      0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xCA62C1D6
          255  +  };
          256  +
          257  +  int        t;               /* Loop counter */
          258  +  uint32_t   temp;            /* Temporary word value */
          259  +  uint32_t   W[80];           /* Word sequence */
          260  +  uint32_t   A, B, C, D, E;   /* Word buffers */
          261  +
          262  +  /*
          263  +   * Initialize the first 16 words in the array W
          264  +   */
          265  +  for (t = 0; t < 16; t++) {
          266  +    W[t]  = ((uint32_t)context->Message_Block[t * 4]) << 24;
          267  +    W[t] |= ((uint32_t)context->Message_Block[t * 4 + 1]) << 16;
          268  +    W[t] |= ((uint32_t)context->Message_Block[t * 4 + 2]) << 8;
          269  +    W[t] |= ((uint32_t)context->Message_Block[t * 4 + 3]);
          270  +  }
          271  +
          272  +  for (t = 16; t < 80; t++)
          273  +    W[t] = SHA1_ROTL(1, W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
          274  +
          275  +  A = context->Intermediate_Hash[0];
          276  +  B = context->Intermediate_Hash[1];
          277  +  C = context->Intermediate_Hash[2];
          278  +  D = context->Intermediate_Hash[3];
          279  +  E = context->Intermediate_Hash[4];
          280  +
          281  +  for (t = 0; t < 20; t++) {
          282  +    temp = SHA1_ROTL(5,A) + SHA_Ch(B, C, D) + E + W[t] + K[0];
          283  +    E = D;
          284  +    D = C;
          285  +    C = SHA1_ROTL(30,B);
          286  +    B = A;
          287  +    A = temp;
          288  +  }
          289  +
          290  +  for (t = 20; t < 40; t++) {
          291  +    temp = SHA1_ROTL(5,A) + SHA_Parity(B, C, D) + E + W[t] + K[1];
          292  +    E = D;
          293  +    D = C;
          294  +    C = SHA1_ROTL(30,B);
          295  +    B = A;
          296  +    A = temp;
          297  +  }
   242    298   
   243         -    /*
   244         -     *  Initialize the first 16 words in the array W
   245         -     */
   246         -    for(t = 0; t < 16; t++)
   247         -    {
   248         -        W[t] = context->Message_Block[t * 4] << 24;
   249         -        W[t] |= context->Message_Block[t * 4 + 1] << 16;
   250         -        W[t] |= context->Message_Block[t * 4 + 2] << 8;
   251         -        W[t] |= context->Message_Block[t * 4 + 3];
   252         -    }
          299  +  for (t = 40; t < 60; t++) {
          300  +    temp = SHA1_ROTL(5,A) + SHA_Maj(B, C, D) + E + W[t] + K[2];
          301  +    E = D;
          302  +    D = C;
          303  +    C = SHA1_ROTL(30,B);
          304  +    B = A;
          305  +    A = temp;
          306  +  }
   253    307   
   254         -    for(t = 16; t < 80; t++)
   255         -    {
   256         -       W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
   257         -    }
   258         -
   259         -    A = context->Intermediate_Hash[0];
   260         -    B = context->Intermediate_Hash[1];
   261         -    C = context->Intermediate_Hash[2];
   262         -    D = context->Intermediate_Hash[3];
   263         -    E = context->Intermediate_Hash[4];
   264         -
   265         -    for(t = 0; t < 20; t++)
   266         -    {
   267         -        temp =  SHA1CircularShift(5,A) +
   268         -                ((B & C) | ((~B) & D)) + E + W[t] + K[0];
   269         -        E = D;
   270         -        D = C;
   271         -        C = SHA1CircularShift(30,B);
   272         -        B = A;
   273         -        A = temp;
   274         -    }
          308  +  for (t = 60; t < 80; t++) {
          309  +    temp = SHA1_ROTL(5,A) + SHA_Parity(B, C, D) + E + W[t] + K[3];
          310  +    E = D;
          311  +    D = C;
          312  +    C = SHA1_ROTL(30,B);
          313  +    B = A;
          314  +    A = temp;
          315  +  }
   275    316   
   276         -    for(t = 20; t < 40; t++)
   277         -    {
   278         -        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
   279         -        E = D;
   280         -        D = C;
   281         -        C = SHA1CircularShift(30,B);
   282         -        B = A;
   283         -        A = temp;
   284         -    }
   285         -
   286         -    for(t = 40; t < 60; t++)
   287         -    {
   288         -        temp = SHA1CircularShift(5,A) +
   289         -               ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
   290         -        E = D;
   291         -        D = C;
   292         -        C = SHA1CircularShift(30,B);
   293         -        B = A;
   294         -        A = temp;
   295         -    }
   296         -
   297         -    for(t = 60; t < 80; t++)
   298         -    {
   299         -        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
   300         -        E = D;
   301         -        D = C;
   302         -        C = SHA1CircularShift(30,B);
   303         -        B = A;
   304         -        A = temp;
   305         -    }
   306         -
   307         -    context->Intermediate_Hash[0] += A;
   308         -    context->Intermediate_Hash[1] += B;
   309         -    context->Intermediate_Hash[2] += C;
   310         -    context->Intermediate_Hash[3] += D;
   311         -    context->Intermediate_Hash[4] += E;
   312         -
   313         -    context->Message_Block_Index = 0;
          317  +  context->Intermediate_Hash[0] += A;
          318  +  context->Intermediate_Hash[1] += B;
          319  +  context->Intermediate_Hash[2] += C;
          320  +  context->Intermediate_Hash[3] += D;
          321  +  context->Intermediate_Hash[4] += E;
          322  +  context->Message_Block_Index = 0;
   314    323   }
   315    324   
          325  +/*
          326  + * SHA1Finalize
          327  + *
          328  + * Description:
          329  + *   This helper function finishes off the digest calculations.
          330  + *
          331  + * Parameters:
          332  + *   context: [in/out]
          333  + *     The SHA context to update.
          334  + *   Pad_Byte: [in]
          335  + *     The last byte to add to the message block before the 0-padding
          336  + *     and length.  This will contain the last bits of the message
          337  + *     followed by another single bit.  If the message was an
          338  + *     exact multiple of 8-bits long, Pad_Byte will be 0x80.
          339  + *
          340  + * Returns:
          341  + *   sha Error Code.
          342  + *
          343  + */
          344  +static void SHA1Finalize(SHA1Context *context, uint8_t Pad_Byte)
          345  +{
          346  +  int i;
          347  +  SHA1PadMessage(context, Pad_Byte);
          348  +  /* message may be sensitive, clear it out */
          349  +  for (i = 0; i < SHA1_Message_Block_Size; ++i)
          350  +    context->Message_Block[i] = 0;
          351  +  context->Length_High = 0;     /* and clear length */
          352  +  context->Length_Low = 0;
          353  +  context->Computed = 1;
          354  +}
   316    355   
   317    356   /*
   318         - *  SHA1PadMessage
          357  + * SHA1PadMessage
          358  + *
          359  + * Description:
          360  + *   According to the standard, the message must be padded to the next
          361  + *   even multiple of 512 bits.  The first padding bit must be a '1'.
          362  + *   The last 64 bits represent the length of the original message.
          363  + *   All bits in between should be 0.  This helper function will pad
          364  + *   the message according to those rules by filling the Message_Block
          365  + *   array accordingly.  When it returns, it can be assumed that the
          366  + *   message digest has been computed.
   319    367    *
   320         - *  Description:
   321         - *      According to the standard, the message must be padded to an even
   322         - *      512 bits.  The first padding bit must be a '1'.  The last 64
   323         - *      bits represent the length of the original message.  All bits in
   324         - *      between should be 0.  This function will pad the message
   325         - *      according to those rules by filling the Message_Block array
   326         - *      accordingly.  It will also call the ProcessMessageBlock function
   327         - *      provided appropriately.  When it returns, it can be assumed that
   328         - *      the message digest has been computed.
          368  + * Parameters:
          369  + *   context: [in/out]
          370  + *     The context to pad.
          371  + *   Pad_Byte: [in]
          372  + *     The last byte to add to the message block before the 0-padding
          373  + *     and length.  This will contain the last bits of the message
          374  + *     followed by another single bit.  If the message was an
          375  + *     exact multiple of 8-bits long, Pad_Byte will be 0x80.
   329    376    *
   330         - *  Parameters:
   331         - *      context: [in/out]
   332         - *          The context to pad
   333         - *      ProcessMessageBlock: [in]
   334         - *          The appropriate SHA*ProcessMessageBlock function
   335         - *  Returns:
   336         - *      Nothing.
   337         - *
          377  + * Returns:
          378  + *   Nothing.
   338    379    */
   339         -
   340         -static void SHA1PadMessage(SHA1Context *context)
          380  +static void SHA1PadMessage(SHA1Context *context, uint8_t Pad_Byte)
   341    381   {
   342         -    /*
   343         -     *  Check to see if the current message block is too small to hold
   344         -     *  the initial padding bits and length.  If so, we will pad the
   345         -     *  block, process it, and then continue padding into a second
   346         -     *  block.
   347         -     */
   348         -    if (context->Message_Block_Index > 55)
   349         -    {
   350         -        context->Message_Block[context->Message_Block_Index++] = 0x80;
   351         -        while(context->Message_Block_Index < 64)
   352         -        {
   353         -            context->Message_Block[context->Message_Block_Index++] = 0;
   354         -        }
   355         -
   356         -        SHA1ProcessMessageBlock(context);
   357         -
   358         -        while(context->Message_Block_Index < 56)
   359         -        {
   360         -            context->Message_Block[context->Message_Block_Index++] = 0;
   361         -        }
   362         -    }
   363         -    else
   364         -    {
   365         -        context->Message_Block[context->Message_Block_Index++] = 0x80;
   366         -        while(context->Message_Block_Index < 56)
   367         -        {
   368         -            context->Message_Block[context->Message_Block_Index++] = 0;
   369         -        }
   370         -    }
   371         -
   372         -    /*
   373         -     *  Store the message length as the last 8 octets
   374         -     */
   375         -    context->Message_Block[56] = context->Length_High >> 24;
   376         -    context->Message_Block[57] = context->Length_High >> 16;
   377         -    context->Message_Block[58] = context->Length_High >> 8;
   378         -    context->Message_Block[59] = context->Length_High;
   379         -    context->Message_Block[60] = context->Length_Low >> 24;
   380         -    context->Message_Block[61] = context->Length_Low >> 16;
   381         -    context->Message_Block[62] = context->Length_Low >> 8;
   382         -    context->Message_Block[63] = context->Length_Low;
          382  +  /*
          383  +   * Check to see if the current message block is too small to hold
          384  +   * the initial padding bits and length.  If so, we will pad the
          385  +   * block, process it, and then continue padding into a second
          386  +   * block.
          387  +   */
          388  +  if (context->Message_Block_Index >= (SHA1_Message_Block_Size - 8)) {
          389  +    context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
          390  +    while (context->Message_Block_Index < SHA1_Message_Block_Size)
          391  +      context->Message_Block[context->Message_Block_Index++] = 0;
   383    392   
   384    393       SHA1ProcessMessageBlock(context);
          394  +  } else
          395  +    context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
          396  +
          397  +  while (context->Message_Block_Index < (SHA1_Message_Block_Size - 8))
          398  +    context->Message_Block[context->Message_Block_Index++] = 0;
          399  +
          400  +  /*
          401  +   * Store the message length as the last 8 octets
          402  +   */
          403  +  context->Message_Block[56] = (uint8_t) (context->Length_High >> 24);
          404  +  context->Message_Block[57] = (uint8_t) (context->Length_High >> 16);
          405  +  context->Message_Block[58] = (uint8_t) (context->Length_High >> 8);
          406  +  context->Message_Block[59] = (uint8_t) (context->Length_High);
          407  +  context->Message_Block[60] = (uint8_t) (context->Length_Low >> 24);
          408  +  context->Message_Block[61] = (uint8_t) (context->Length_Low >> 16);
          409  +  context->Message_Block[62] = (uint8_t) (context->Length_Low >> 8);
          410  +  context->Message_Block[63] = (uint8_t) (context->Length_Low);
          411  +
          412  +  SHA1ProcessMessageBlock(context);
   385    413   }
          414  +

Deleted sha1.h version [cf44cc0e4d].

     1         -/*
     2         - *  sha1.h
     3         - *
     4         - *  Description:
     5         - *      This is the header file for code which implements the Secure
     6         - *      Hashing Algorithm 1 as defined in FIPS PUB 180-1 published
     7         - *      April 17, 1995.
     8         - *
     9         - *      Many of the variable names in this code, especially the
    10         - *      single character names, were used because those were the names
    11         - *      used in the publication.
    12         - *
    13         - *      Please read the file sha1.c for more information.
    14         - *
    15         - */
    16         -
    17         -#ifndef _SHA1_H_
    18         -#define _SHA1_H_
    19         -
    20         -#include "config.h"
    21         -
    22         -#ifdef HAVE_STDINT_H
    23         -#  include <stdint.h>
    24         -#endif
    25         -#ifdef HAVE_INTTYPES_H
    26         -#  include <inttypes.h>
    27         -#endif
    28         -
    29         -/*
    30         - * If you do not have the ISO standard stdint.h header file, then you
    31         - * must typdef the following:
    32         - *    name              meaning
    33         - *  uint32_t         unsigned 32 bit integer
    34         - *  uint8_t          unsigned 8 bit integer (i.e., unsigned char)
    35         - *  int_least16_t    integer of >= 16 bits
    36         - *
    37         - */
    38         -
    39         -#ifndef _SHA_enum_
    40         -#define _SHA_enum_
    41         -enum
    42         -{
    43         -    shaSuccess = 0,
    44         -    shaNull,            /* Null pointer parameter */
    45         -    shaInputTooLong,    /* input data too long */
    46         -    shaStateError       /* called Input after Result */
    47         -};
    48         -#endif
    49         -#define SHA1HashSize 20
    50         -
    51         -/*
    52         - *  This structure will hold context information for the SHA-1
    53         - *  hashing operation
    54         - */
    55         -typedef struct SHA1Context
    56         -{
    57         -    uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest  */
    58         -
    59         -    uint32_t Length_Low;            /* Message length in bits      */
    60         -    uint32_t Length_High;           /* Message length in bits      */
    61         -
    62         -                               /* Index into message block array   */
    63         -    int_least16_t Message_Block_Index;
    64         -    uint8_t Message_Block[64];      /* 512-bit message blocks      */
    65         -
    66         -    int Computed;               /* Is the digest computed?         */
    67         -    int Corrupted;             /* Is the message digest corrupted? */
    68         -} SHA1Context;
    69         -
    70         -/*
    71         - *  Function Prototypes
    72         - */
    73         -static int SHA1Reset(  SHA1Context *);
    74         -static int SHA1Input(  SHA1Context *,
    75         -                const uint8_t *,
    76         -                unsigned int);
    77         -static int SHA1Result( SHA1Context *,
    78         -                uint8_t Message_Digest[SHA1HashSize]);
    79         -
    80         -#endif