Correct PPTP server firewall rules chain.
[tomato/davidwu.git] / release / src / router / mdadm / sha1.c
blob556d9ca1a4c964dbdd2fc5c1a6f4a27cbb34340e
1 /* sha1.c - Functions to compute SHA1 message digest of files or
2 memory blocks according to the NIST specification FIPS-180-1.
4 Copyright (C) 2000, 2001, 2003, 2004, 2005 Free Software Foundation, Inc.
6 This program is free software; you can redistribute it and/or modify it
7 under the terms of the GNU General Public License as published by the
8 Free Software Foundation; either version 2, or (at your option) any
9 later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software Foundation,
18 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
20 /* Written by Scott G. Miller
21 Credits:
22 Robert Klep <robert@ilse.nl> -- Expansion function fix
25 #ifdef HAVE_CONFIG_H
26 # include <config.h>
27 #endif
29 #include "sha1.h"
31 #include <stddef.h>
32 #include <string.h>
34 #if USE_UNLOCKED_IO
35 # include "unlocked-io.h"
36 #endif
38 /* SWAP does an endian swap on architectures that are little-endian,
39 as SHA1 needs some data in a big-endian form. */
41 #ifdef WORDS_BIGENDIAN
42 # define SWAP(n) (n)
43 #else
44 # define SWAP(n) \
45 (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
46 #endif
48 #define BLOCKSIZE 4096
49 #if BLOCKSIZE % 64 != 0
50 # error "invalid BLOCKSIZE"
51 #endif
53 /* This array contains the bytes used to pad the buffer to the next
54 64-byte boundary. (RFC 1321, 3.1: Step 1) */
55 static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
59 Takes a pointer to a 160 bit block of data (five 32 bit ints) and
60 intializes it to the start constants of the SHA1 algorithm. This
61 must be called before using hash in the call to sha1_hash.
63 void
64 sha1_init_ctx (struct sha1_ctx *ctx)
66 ctx->A = 0x67452301;
67 ctx->B = 0xefcdab89;
68 ctx->C = 0x98badcfe;
69 ctx->D = 0x10325476;
70 ctx->E = 0xc3d2e1f0;
72 ctx->total[0] = ctx->total[1] = 0;
73 ctx->buflen = 0;
76 /* Put result from CTX in first 20 bytes following RESBUF. The result
77 must be in little endian byte order.
79 IMPORTANT: On some systems it is required that RESBUF is correctly
80 aligned for a 32 bits value. */
81 void *
82 sha1_read_ctx (const struct sha1_ctx *ctx, void *resbuf)
84 ((md5_uint32 *) resbuf)[0] = SWAP (ctx->A);
85 ((md5_uint32 *) resbuf)[1] = SWAP (ctx->B);
86 ((md5_uint32 *) resbuf)[2] = SWAP (ctx->C);
87 ((md5_uint32 *) resbuf)[3] = SWAP (ctx->D);
88 ((md5_uint32 *) resbuf)[4] = SWAP (ctx->E);
90 return resbuf;
93 /* Process the remaining bytes in the internal buffer and the usual
94 prolog according to the standard and write the result to RESBUF.
96 IMPORTANT: On some systems it is required that RESBUF is correctly
97 aligned for a 32 bits value. */
98 void *
99 sha1_finish_ctx (struct sha1_ctx *ctx, void *resbuf)
101 /* Take yet unprocessed bytes into account. */
102 md5_uint32 bytes = ctx->buflen;
103 size_t pad;
105 /* Now count remaining bytes. */
106 ctx->total[0] += bytes;
107 if (ctx->total[0] < bytes)
108 ++ctx->total[1];
110 pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes;
111 memcpy (&ctx->buffer[bytes], fillbuf, pad);
113 /* Put the 64-bit file length in *bits* at the end of the buffer. */
114 *(md5_uint32 *) &ctx->buffer[bytes + pad + 4] = SWAP (ctx->total[0] << 3);
115 *(md5_uint32 *) &ctx->buffer[bytes + pad] = SWAP ((ctx->total[1] << 3) |
116 (ctx->total[0] >> 29));
118 /* Process last bytes. */
119 sha1_process_block (ctx->buffer, bytes + pad + 8, ctx);
121 return sha1_read_ctx (ctx, resbuf);
124 /* Compute SHA1 message digest for bytes read from STREAM. The
125 resulting message digest number will be written into the 16 bytes
126 beginning at RESBLOCK. */
128 sha1_stream (FILE *stream, void *resblock)
130 struct sha1_ctx ctx;
131 char buffer[BLOCKSIZE + 72];
132 size_t sum;
134 /* Initialize the computation context. */
135 sha1_init_ctx (&ctx);
137 /* Iterate over full file contents. */
138 while (1)
140 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
141 computation function processes the whole buffer so that with the
142 next round of the loop another block can be read. */
143 size_t n;
144 sum = 0;
146 /* Read block. Take care for partial reads. */
147 while (1)
149 n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
151 sum += n;
153 if (sum == BLOCKSIZE)
154 break;
156 if (n == 0)
158 /* Check for the error flag IFF N == 0, so that we don't
159 exit the loop after a partial read due to e.g., EAGAIN
160 or EWOULDBLOCK. */
161 if (ferror (stream))
162 return 1;
163 goto process_partial_block;
166 /* We've read at least one byte, so ignore errors. But always
167 check for EOF, since feof may be true even though N > 0.
168 Otherwise, we could end up calling fread after EOF. */
169 if (feof (stream))
170 goto process_partial_block;
173 /* Process buffer with BLOCKSIZE bytes. Note that
174 BLOCKSIZE % 64 == 0
176 sha1_process_block (buffer, BLOCKSIZE, &ctx);
179 process_partial_block:;
181 /* Process any remaining bytes. */
182 if (sum > 0)
183 sha1_process_bytes (buffer, sum, &ctx);
185 /* Construct result in desired memory. */
186 sha1_finish_ctx (&ctx, resblock);
187 return 0;
190 /* Compute MD5 message digest for LEN bytes beginning at BUFFER. The
191 result is always in little endian byte order, so that a byte-wise
192 output yields to the wanted ASCII representation of the message
193 digest. */
194 void *
195 sha1_buffer (const char *buffer, size_t len, void *resblock)
197 struct sha1_ctx ctx;
199 /* Initialize the computation context. */
200 sha1_init_ctx (&ctx);
202 /* Process whole buffer but last len % 64 bytes. */
203 sha1_process_bytes (buffer, len, &ctx);
205 /* Put result in desired memory area. */
206 return sha1_finish_ctx (&ctx, resblock);
209 void
210 sha1_process_bytes (const void *buffer, size_t len, struct sha1_ctx *ctx)
212 /* When we already have some bits in our internal buffer concatenate
213 both inputs first. */
214 if (ctx->buflen != 0)
216 size_t left_over = ctx->buflen;
217 size_t add = 128 - left_over > len ? len : 128 - left_over;
219 memcpy (&ctx->buffer[left_over], buffer, add);
220 ctx->buflen += add;
222 if (ctx->buflen > 64)
224 sha1_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
226 ctx->buflen &= 63;
227 /* The regions in the following copy operation cannot overlap. */
228 memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~63],
229 ctx->buflen);
232 buffer = (const char *) buffer + add;
233 len -= add;
236 /* Process available complete blocks. */
237 if (len >= 64)
239 #if !_STRING_ARCH_unaligned
240 # define alignof(type) offsetof (struct { char c; type x; }, x)
241 # define UNALIGNED_P(p) (((size_t) p) % alignof (md5_uint32) != 0)
242 if (UNALIGNED_P (buffer))
243 while (len > 64)
245 sha1_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
246 buffer = (const char *) buffer + 64;
247 len -= 64;
249 else
250 #endif
252 sha1_process_block (buffer, len & ~63, ctx);
253 buffer = (const char *) buffer + (len & ~63);
254 len &= 63;
258 /* Move remaining bytes in internal buffer. */
259 if (len > 0)
261 size_t left_over = ctx->buflen;
263 memcpy (&ctx->buffer[left_over], buffer, len);
264 left_over += len;
265 if (left_over >= 64)
267 sha1_process_block (ctx->buffer, 64, ctx);
268 left_over -= 64;
269 memcpy (ctx->buffer, &ctx->buffer[64], left_over);
271 ctx->buflen = left_over;
275 /* --- Code below is the primary difference between md5.c and sha1.c --- */
277 /* SHA1 round constants */
278 #define K1 0x5a827999L
279 #define K2 0x6ed9eba1L
280 #define K3 0x8f1bbcdcL
281 #define K4 0xca62c1d6L
283 /* Round functions. Note that F2 is the same as F4. */
284 #define F1(B,C,D) ( D ^ ( B & ( C ^ D ) ) )
285 #define F2(B,C,D) (B ^ C ^ D)
286 #define F3(B,C,D) ( ( B & C ) | ( D & ( B | C ) ) )
287 #define F4(B,C,D) (B ^ C ^ D)
289 /* Process LEN bytes of BUFFER, accumulating context into CTX.
290 It is assumed that LEN % 64 == 0.
291 Most of this code comes from GnuPG's cipher/sha1.c. */
293 void
294 sha1_process_block (const void *buffer, size_t len, struct sha1_ctx *ctx)
296 const md5_uint32 *words = buffer;
297 size_t nwords = len / sizeof (md5_uint32);
298 const md5_uint32 *endp = words + nwords;
299 md5_uint32 x[16];
300 md5_uint32 a = ctx->A;
301 md5_uint32 b = ctx->B;
302 md5_uint32 c = ctx->C;
303 md5_uint32 d = ctx->D;
304 md5_uint32 e = ctx->E;
306 /* First increment the byte count. RFC 1321 specifies the possible
307 length of the file up to 2^64 bits. Here we only compute the
308 number of bytes. Do a double word increment. */
309 ctx->total[0] += len;
310 if (ctx->total[0] < len)
311 ++ctx->total[1];
313 #define rol(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
315 #define M(I) ( tm = x[I&0x0f] ^ x[(I-14)&0x0f] \
316 ^ x[(I-8)&0x0f] ^ x[(I-3)&0x0f] \
317 , (x[I&0x0f] = rol(tm, 1)) )
319 #define R(A,B,C,D,E,F,K,M) do { E += rol( A, 5 ) \
320 + F( B, C, D ) \
321 + K \
322 + M; \
323 B = rol( B, 30 ); \
324 } while(0)
326 while (words < endp)
328 md5_uint32 tm;
329 int t;
330 for (t = 0; t < 16; t++)
332 x[t] = SWAP (*words);
333 words++;
336 R( a, b, c, d, e, F1, K1, x[ 0] );
337 R( e, a, b, c, d, F1, K1, x[ 1] );
338 R( d, e, a, b, c, F1, K1, x[ 2] );
339 R( c, d, e, a, b, F1, K1, x[ 3] );
340 R( b, c, d, e, a, F1, K1, x[ 4] );
341 R( a, b, c, d, e, F1, K1, x[ 5] );
342 R( e, a, b, c, d, F1, K1, x[ 6] );
343 R( d, e, a, b, c, F1, K1, x[ 7] );
344 R( c, d, e, a, b, F1, K1, x[ 8] );
345 R( b, c, d, e, a, F1, K1, x[ 9] );
346 R( a, b, c, d, e, F1, K1, x[10] );
347 R( e, a, b, c, d, F1, K1, x[11] );
348 R( d, e, a, b, c, F1, K1, x[12] );
349 R( c, d, e, a, b, F1, K1, x[13] );
350 R( b, c, d, e, a, F1, K1, x[14] );
351 R( a, b, c, d, e, F1, K1, x[15] );
352 R( e, a, b, c, d, F1, K1, M(16) );
353 R( d, e, a, b, c, F1, K1, M(17) );
354 R( c, d, e, a, b, F1, K1, M(18) );
355 R( b, c, d, e, a, F1, K1, M(19) );
356 R( a, b, c, d, e, F2, K2, M(20) );
357 R( e, a, b, c, d, F2, K2, M(21) );
358 R( d, e, a, b, c, F2, K2, M(22) );
359 R( c, d, e, a, b, F2, K2, M(23) );
360 R( b, c, d, e, a, F2, K2, M(24) );
361 R( a, b, c, d, e, F2, K2, M(25) );
362 R( e, a, b, c, d, F2, K2, M(26) );
363 R( d, e, a, b, c, F2, K2, M(27) );
364 R( c, d, e, a, b, F2, K2, M(28) );
365 R( b, c, d, e, a, F2, K2, M(29) );
366 R( a, b, c, d, e, F2, K2, M(30) );
367 R( e, a, b, c, d, F2, K2, M(31) );
368 R( d, e, a, b, c, F2, K2, M(32) );
369 R( c, d, e, a, b, F2, K2, M(33) );
370 R( b, c, d, e, a, F2, K2, M(34) );
371 R( a, b, c, d, e, F2, K2, M(35) );
372 R( e, a, b, c, d, F2, K2, M(36) );
373 R( d, e, a, b, c, F2, K2, M(37) );
374 R( c, d, e, a, b, F2, K2, M(38) );
375 R( b, c, d, e, a, F2, K2, M(39) );
376 R( a, b, c, d, e, F3, K3, M(40) );
377 R( e, a, b, c, d, F3, K3, M(41) );
378 R( d, e, a, b, c, F3, K3, M(42) );
379 R( c, d, e, a, b, F3, K3, M(43) );
380 R( b, c, d, e, a, F3, K3, M(44) );
381 R( a, b, c, d, e, F3, K3, M(45) );
382 R( e, a, b, c, d, F3, K3, M(46) );
383 R( d, e, a, b, c, F3, K3, M(47) );
384 R( c, d, e, a, b, F3, K3, M(48) );
385 R( b, c, d, e, a, F3, K3, M(49) );
386 R( a, b, c, d, e, F3, K3, M(50) );
387 R( e, a, b, c, d, F3, K3, M(51) );
388 R( d, e, a, b, c, F3, K3, M(52) );
389 R( c, d, e, a, b, F3, K3, M(53) );
390 R( b, c, d, e, a, F3, K3, M(54) );
391 R( a, b, c, d, e, F3, K3, M(55) );
392 R( e, a, b, c, d, F3, K3, M(56) );
393 R( d, e, a, b, c, F3, K3, M(57) );
394 R( c, d, e, a, b, F3, K3, M(58) );
395 R( b, c, d, e, a, F3, K3, M(59) );
396 R( a, b, c, d, e, F4, K4, M(60) );
397 R( e, a, b, c, d, F4, K4, M(61) );
398 R( d, e, a, b, c, F4, K4, M(62) );
399 R( c, d, e, a, b, F4, K4, M(63) );
400 R( b, c, d, e, a, F4, K4, M(64) );
401 R( a, b, c, d, e, F4, K4, M(65) );
402 R( e, a, b, c, d, F4, K4, M(66) );
403 R( d, e, a, b, c, F4, K4, M(67) );
404 R( c, d, e, a, b, F4, K4, M(68) );
405 R( b, c, d, e, a, F4, K4, M(69) );
406 R( a, b, c, d, e, F4, K4, M(70) );
407 R( e, a, b, c, d, F4, K4, M(71) );
408 R( d, e, a, b, c, F4, K4, M(72) );
409 R( c, d, e, a, b, F4, K4, M(73) );
410 R( b, c, d, e, a, F4, K4, M(74) );
411 R( a, b, c, d, e, F4, K4, M(75) );
412 R( e, a, b, c, d, F4, K4, M(76) );
413 R( d, e, a, b, c, F4, K4, M(77) );
414 R( c, d, e, a, b, F4, K4, M(78) );
415 R( b, c, d, e, a, F4, K4, M(79) );
417 a = ctx->A += a;
418 b = ctx->B += b;
419 c = ctx->C += c;
420 d = ctx->D += d;
421 e = ctx->E += e;