tools/fuzzing/libfuzzer/FuzzerSHA1.cpp

   1 //===- FuzzerSHA1.h - Private copy of the SHA1 implementation ---*- C++ -* ===//
   2 //
   3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
   4 // See https://llvm.org/LICENSE.txt for license information.
   5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
   6 //
   7 //===----------------------------------------------------------------------===//
   8 // This code is taken from public domain
   9 // (http://oauth.googlecode.com/svn/code/c/liboauth/src/sha1.c)
  10 // and modified by adding anonymous namespace, adding an interface
  11 // function fuzzer::ComputeSHA1() and removing unnecessary code.
  12 //
  13 // lib/Fuzzer can not use SHA1 implementation from openssl because
  14 // openssl may not be available and because we may be fuzzing openssl itself.
  15 // For the same reason we do not want to depend on SHA1 from LLVM tree.
  16 //===----------------------------------------------------------------------===//
  17
  18 #include "FuzzerSHA1.h"
  19 #include "FuzzerDefs.h"
  20 #include "FuzzerPlatform.h"
  21
  22 /* This code is public-domain - it is based on libcrypt
  23  * placed in the public domain by Wei Dai and other contributors.
  24  */
  25
  26 #include <iomanip>
  27 #include <sstream>
  28 #include <stdint.h>
  29 #include <string.h>
  30
  31 namespace {  // Added for LibFuzzer
  32
  33 #ifdef __BIG_ENDIAN__
  34 # define SHA_BIG_ENDIAN
  35 // Windows is always little endian and MSVC doesn't have <endian.h>
  36 #elif defined __LITTLE_ENDIAN__ || LIBFUZZER_WINDOWS
  37 /* override */
  38 #elif defined __BYTE_ORDER
  39 # if __BYTE_ORDER__ ==  __ORDER_BIG_ENDIAN__
  40 # define SHA_BIG_ENDIAN
  41 # endif
  42 #else // ! defined __LITTLE_ENDIAN__
  43 # include <endian.h> // machine/endian.h
  44 # if __BYTE_ORDER__ ==  __ORDER_BIG_ENDIAN__
  45 #  define SHA_BIG_ENDIAN
  46 # endif
  47 #endif
  48
  49
  50 /* header */
  51
  52 #define HASH_LENGTH 20
  53 #define BLOCK_LENGTH 64
  54
  55 typedef struct sha1nfo {
  56         uint32_t buffer[BLOCK_LENGTH/4];
  57         uint32_t state[HASH_LENGTH/4];
  58         uint32_t byteCount;
  59         uint8_t bufferOffset;
  60         uint8_t keyBuffer[BLOCK_LENGTH];
  61         uint8_t innerHash[HASH_LENGTH];
  62 } sha1nfo;
  63
  64 /* public API - prototypes - TODO: doxygen*/
  65
  66 /**
  67  */
  68 void sha1_init(sha1nfo *s);
  69 /**
  70  */
  71 void sha1_writebyte(sha1nfo *s, uint8_t data);
  72 /**
  73  */
  74 void sha1_write(sha1nfo *s, const char *data, size_t len);
  75 /**
  76  */
  77 uint8_t* sha1_result(sha1nfo *s);
  78
  79
  80 /* code */
  81 #define SHA1_K0  0x5a827999
  82 #define SHA1_K20 0x6ed9eba1
  83 #define SHA1_K40 0x8f1bbcdc
  84 #define SHA1_K60 0xca62c1d6
  85
  86 void sha1_init(sha1nfo *s) {
  87         s->state[0] = 0x67452301;
  88         s->state[1] = 0xefcdab89;
  89         s->state[2] = 0x98badcfe;
  90         s->state[3] = 0x10325476;
  91         s->state[4] = 0xc3d2e1f0;
  92         s->byteCount = 0;
  93         s->bufferOffset = 0;
  94 }
  95
  96 uint32_t sha1_rol32(uint32_t number, uint8_t bits) {
  97         return ((number << bits) | (number >> (32-bits)));
  98 }
  99
 100 void sha1_hashBlock(sha1nfo *s) {
 101         uint8_t i;
 102         uint32_t a,b,c,d,e,t;
 103
 104         a=s->state[0];
 105         b=s->state[1];
 106         c=s->state[2];
 107         d=s->state[3];
 108         e=s->state[4];
 109         for (i=0; i<80; i++) {
 110                 if (i>=16) {
 111                         t = s->buffer[(i+13)&15] ^ s->buffer[(i+8)&15] ^ s->buffer[(i+2)&15] ^ s->buffer[i&15];
 112                         s->buffer[i&15] = sha1_rol32(t,1);
 113                 }
 114                 if (i<20) {
 115                         t = (d ^ (b & (c ^ d))) + SHA1_K0;
 116                 } else if (i<40) {
 117                         t = (b ^ c ^ d) + SHA1_K20;
 118                 } else if (i<60) {
 119                         t = ((b & c) | (d & (b | c))) + SHA1_K40;
 120                 } else {
 121                         t = (b ^ c ^ d) + SHA1_K60;
 122                 }
 123                 t+=sha1_rol32(a,5) + e + s->buffer[i&15];
 124                 e=d;
 125                 d=c;
 126                 c=sha1_rol32(b,30);
 127                 b=a;
 128                 a=t;
 129         }
 130         s->state[0] += a;
 131         s->state[1] += b;
 132         s->state[2] += c;
 133         s->state[3] += d;
 134         s->state[4] += e;
 135 }
 136
 137 void sha1_addUncounted(sha1nfo *s, uint8_t data) {
 138         uint8_t * const b = (uint8_t*) s->buffer;
 139 #ifdef SHA_BIG_ENDIAN
 140         b[s->bufferOffset] = data;
 141 #else
 142         b[s->bufferOffset ^ 3] = data;
 143 #endif
 144         s->bufferOffset++;
 145         if (s->bufferOffset == BLOCK_LENGTH) {
 146                 sha1_hashBlock(s);
 147                 s->bufferOffset = 0;
 148         }
 149 }
 150
 151 void sha1_writebyte(sha1nfo *s, uint8_t data) {
 152         ++s->byteCount;
 153         sha1_addUncounted(s, data);
 154 }
 155
 156 void sha1_write(sha1nfo *s, const char *data, size_t len) {
 157         for (;len--;) sha1_writebyte(s, (uint8_t) *data++);
 158 }
 159
 160 void sha1_pad(sha1nfo *s) {
 161         // Implement SHA-1 padding (fips180-2 §5.1.1)
 162
 163         // Pad with 0x80 followed by 0x00 until the end of the block
 164         sha1_addUncounted(s, 0x80);
 165         while (s->bufferOffset != 56) sha1_addUncounted(s, 0x00);
 166
 167         // Append length in the last 8 bytes
 168         sha1_addUncounted(s, 0); // We're only using 32 bit lengths
 169         sha1_addUncounted(s, 0); // But SHA-1 supports 64 bit lengths
 170         sha1_addUncounted(s, 0); // So zero pad the top bits
 171         sha1_addUncounted(s, s->byteCount >> 29); // Shifting to multiply by 8
 172         sha1_addUncounted(s, s->byteCount >> 21); // as SHA-1 supports bitstreams as well as
 173         sha1_addUncounted(s, s->byteCount >> 13); // byte.
 174         sha1_addUncounted(s, s->byteCount >> 5);
 175         sha1_addUncounted(s, s->byteCount << 3);
 176 }
 177
 178 uint8_t* sha1_result(sha1nfo *s) {
 179         // Pad to complete the last block
 180         sha1_pad(s);
 181
 182 #ifndef SHA_BIG_ENDIAN
 183         // Swap byte order back
 184         int i;
 185         for (i=0; i<5; i++) {
 186                 s->state[i]=
 187                           (((s->state[i])<<24)& 0xff000000)
 188                         | (((s->state[i])<<8) & 0x00ff0000)
 189                         | (((s->state[i])>>8) & 0x0000ff00)
 190                         | (((s->state[i])>>24)& 0x000000ff);
 191         }
 192 #endif
 193
 194         // Return pointer to hash (20 characters)
 195         return (uint8_t*) s->state;
 196 }
 197
 198 }  // namespace; Added for LibFuzzer
 199
 200 namespace fuzzer {
 201
 202 // The rest is added for LibFuzzer
 203 void ComputeSHA1(const uint8_t *Data, size_t Len, uint8_t *Out) {
 204   sha1nfo s;
 205   sha1_init(&s);
 206   sha1_write(&s, (const char*)Data, Len);
 207   memcpy(Out, sha1_result(&s), HASH_LENGTH);
 208 }
 209
 210 std::string Sha1ToString(const uint8_t Sha1[kSHA1NumBytes]) {
 211   std::stringstream SS;
 212   for (int i = 0; i < kSHA1NumBytes; i++)
 213     SS << std::hex << std::setfill('0') << std::setw(2) << (unsigned)Sha1[i];
 214   return SS.str();
 215 }
 216
 217 std::string Hash(const Unit &U) {
 218   uint8_t Hash[kSHA1NumBytes];
 219   ComputeSHA1(U.data(), U.size(), Hash);
 220   return Sha1ToString(Hash);
 221 }
 222
 223 }