core: crypto - replace the sha1 impmlementation

Author: miconda

src/core/crypto/sha256.c

@@ -1059,213 +1059,137 @@ char *sr_SHA384_Data(const sha2_byte *data, size_t len,
 
 /*** SHA-1 ******************/
 
-#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
 
-/* blk0() and blk() perform the initial expand. */
-/* I got the idea of expanding during the round function from SSLeay */
+#define ROTLEFT(a, b) ((a << b) | (a >> (32 - b)))
 
-#ifdef LITTLE_ENDIAN
-#define blk0(i)                                                  \
-	(block->l[i] = (rol(block->l[i], 24) & (uint32_t)0xFF00FF00) \
-				   | (rol(block->l[i], 8) & (uint32_t)0x00FF00FF))
-#else
-#define blk0(i) block->l[i]
-#endif
 
-#define blk(i)                                                               \
-	(block->l[i & 15] = rol(block->l[(i + 13) & 15] ^ block->l[(i + 8) & 15] \
-									^ block->l[(i + 2) & 15]                 \
-									^ block->l[i & 15],                      \
-			 1))
-
-/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
-#define R0(v, w, x, y, z, i)                                     \
-	z += ((w & (x ^ y)) ^ y) + blk0(i) + 0x5A827999 + rol(v, 5); \
-	w = rol(w, 30);
-#define R1(v, w, x, y, z, i)                                    \
-	z += ((w & (x ^ y)) ^ y) + blk(i) + 0x5A827999 + rol(v, 5); \
-	w = rol(w, 30);
-#define R2(v, w, x, y, z, i)                            \
-	z += (w ^ x ^ y) + blk(i) + 0x6ED9EBA1 + rol(v, 5); \
-	w = rol(w, 30);
-#define R3(v, w, x, y, z, i)                                          \
-	z += (((w | x) & y) | (w & x)) + blk(i) + 0x8F1BBCDC + rol(v, 5); \
-	w = rol(w, 30);
-#define R4(v, w, x, y, z, i)                            \
-	z += (w ^ x ^ y) + blk(i) + 0xCA62C1D6 + rol(v, 5); \
-	w = rol(w, 30);
-
-typedef union _BYTE64QUAD16
+void sha1_transform(SHA1_CTX *ctx, const unsigned char data[])
 {
-	uint8_t c[64];
-	uint32_t l[16];
-} BYTE64QUAD16;
+	unsigned int a, b, c, d, e, i, j, t, m[80];
+
+	for(i = 0, j = 0; i < 16; ++i, j += 4)
+		m[i] = (data[j] << 24) + (data[j + 1] << 16) + (data[j + 2] << 8)
+			   + (data[j + 3]);
+	for(; i < 80; ++i) {
+		m[i] = (m[i - 3] ^ m[i - 8] ^ m[i - 14] ^ m[i - 16]);
+		m[i] = (m[i] << 1) | (m[i] >> 31);
+	}
 
-/* Hash a single 512-bit block. This is the core of the algorithm. */
-void SHA1_Transform(uint32_t state[5], const uint8_t buffer[64])
-{
-	uint8_t a, b, c, d, e;
-	BYTE64QUAD16 *block;
-
-	block = (BYTE64QUAD16 *)buffer;
-	/* Copy context->state[] to working vars */
-	a = state[0];
-	b = state[1];
-	c = state[2];
-	d = state[3];
-	e = state[4];
-	/* 4 rounds of 20 operations each. Loop unrolled. */
-	R0(a, b, c, d, e, 0);
-	R0(e, a, b, c, d, 1);
-	R0(d, e, a, b, c, 2);
-	R0(c, d, e, a, b, 3);
-	R0(b, c, d, e, a, 4);
-	R0(a, b, c, d, e, 5);
-	R0(e, a, b, c, d, 6);
-	R0(d, e, a, b, c, 7);
-	R0(c, d, e, a, b, 8);
-	R0(b, c, d, e, a, 9);
-	R0(a, b, c, d, e, 10);
-	R0(e, a, b, c, d, 11);
-	R0(d, e, a, b, c, 12);
-	R0(c, d, e, a, b, 13);
-	R0(b, c, d, e, a, 14);
-	R0(a, b, c, d, e, 15);
-	R1(e, a, b, c, d, 16);
-	R1(d, e, a, b, c, 17);
-	R1(c, d, e, a, b, 18);
-	R1(b, c, d, e, a, 19);
-	R2(a, b, c, d, e, 20);
-	R2(e, a, b, c, d, 21);
-	R2(d, e, a, b, c, 22);
-	R2(c, d, e, a, b, 23);
-	R2(b, c, d, e, a, 24);
-	R2(a, b, c, d, e, 25);
-	R2(e, a, b, c, d, 26);
-	R2(d, e, a, b, c, 27);
-	R2(c, d, e, a, b, 28);
-	R2(b, c, d, e, a, 29);
-	R2(a, b, c, d, e, 30);
-	R2(e, a, b, c, d, 31);
-	R2(d, e, a, b, c, 32);
-	R2(c, d, e, a, b, 33);
-	R2(b, c, d, e, a, 34);
-	R2(a, b, c, d, e, 35);
-	R2(e, a, b, c, d, 36);
-	R2(d, e, a, b, c, 37);
-	R2(c, d, e, a, b, 38);
-	R2(b, c, d, e, a, 39);
-	R3(a, b, c, d, e, 40);
-	R3(e, a, b, c, d, 41);
-	R3(d, e, a, b, c, 42);
-	R3(c, d, e, a, b, 43);
-	R3(b, c, d, e, a, 44);
-	R3(a, b, c, d, e, 45);
-	R3(e, a, b, c, d, 46);
-	R3(d, e, a, b, c, 47);
-	R3(c, d, e, a, b, 48);
-	R3(b, c, d, e, a, 49);
-	R3(a, b, c, d, e, 50);
-	R3(e, a, b, c, d, 51);
-	R3(d, e, a, b, c, 52);
-	R3(c, d, e, a, b, 53);
-	R3(b, c, d, e, a, 54);
-	R3(a, b, c, d, e, 55);
-	R3(e, a, b, c, d, 56);
-	R3(d, e, a, b, c, 57);
-	R3(c, d, e, a, b, 58);
-	R3(b, c, d, e, a, 59);
-	R4(a, b, c, d, e, 60);
-	R4(e, a, b, c, d, 61);
-	R4(d, e, a, b, c, 62);
-	R4(c, d, e, a, b, 63);
-	R4(b, c, d, e, a, 64);
-	R4(a, b, c, d, e, 65);
-	R4(e, a, b, c, d, 66);
-	R4(d, e, a, b, c, 67);
-	R4(c, d, e, a, b, 68);
-	R4(b, c, d, e, a, 69);
-	R4(a, b, c, d, e, 70);
-	R4(e, a, b, c, d, 71);
-	R4(d, e, a, b, c, 72);
-	R4(c, d, e, a, b, 73);
-	R4(b, c, d, e, a, 74);
-	R4(a, b, c, d, e, 75);
-	R4(e, a, b, c, d, 76);
-	R4(d, e, a, b, c, 77);
-	R4(c, d, e, a, b, 78);
-	R4(b, c, d, e, a, 79);
-	/* Add the working vars back into context.state[] */
-	state[0] += a;
-	state[1] += b;
-	state[2] += c;
-	state[3] += d;
-	state[4] += e;
-	/* Wipe variables */
-	a = b = c = d = e = 0;
+	a = ctx->state[0];
+	b = ctx->state[1];
+	c = ctx->state[2];
+	d = ctx->state[3];
+	e = ctx->state[4];
+
+	for(i = 0; i < 20; ++i) {
+		t = ROTLEFT(a, 5) + ((b & c) ^ (~b & d)) + e + ctx->k[0] + m[i];
+		e = d;
+		d = c;
+		c = ROTLEFT(b, 30);
+		b = a;
+		a = t;
+	}
+	for(; i < 40; ++i) {
+		t = ROTLEFT(a, 5) + (b ^ c ^ d) + e + ctx->k[1] + m[i];
+		e = d;
+		d = c;
+		c = ROTLEFT(b, 30);
+		b = a;
+		a = t;
+	}
+	for(; i < 60; ++i) {
+		t = ROTLEFT(a, 5) + ((b & c) ^ (b & d) ^ (c & d)) + e + ctx->k[2]
+			+ m[i];
+		e = d;
+		d = c;
+		c = ROTLEFT(b, 30);
+		b = a;
+		a = t;
+	}
+	for(; i < 80; ++i) {
+		t = ROTLEFT(a, 5) + (b ^ c ^ d) + e + ctx->k[3] + m[i];
+		e = d;
+		d = c;
+		c = ROTLEFT(b, 30);
+		b = a;
+		a = t;
+	}
+
+	ctx->state[0] += a;
+	ctx->state[1] += b;
+	ctx->state[2] += c;
+	ctx->state[3] += d;
+	ctx->state[4] += e;
 }
 
-/* SHA1_Init - Initialize new context */
-void sr_SHA1_Init(SHA1_CTX *context)
+void sr_SHA1_Init(SHA1_CTX *ctx)
 {
-	/* SHA1 initialization constants */
-	context->state[0] = 0x67452301;
-	context->state[1] = 0xEFCDAB89;
-	context->state[2] = 0x98BADCFE;
-	context->state[3] = 0x10325476;
-	context->state[4] = 0xC3D2E1F0;
-	context->count[0] = context->count[1] = 0;
+	ctx->datalen = 0;
+	ctx->bitlen = 0;
+	ctx->state[0] = 0x67452301;
+	ctx->state[1] = 0xEFCDAB89;
+	ctx->state[2] = 0x98BADCFE;
+	ctx->state[3] = 0x10325476;
+	ctx->state[4] = 0xc3d2e1f0;
+	ctx->k[0] = 0x5a827999;
+	ctx->k[1] = 0x6ed9eba1;
+	ctx->k[2] = 0x8f1bbcdc;
+	ctx->k[3] = 0xca62c1d6;
 }
 
-/* Run your data through this. */
-void sr_SHA1_Update(SHA1_CTX *context, const uint8_t *data, size_t len)
+void sr_SHA1_Update(SHA1_CTX *ctx, const unsigned char data[], size_t len)
 {
-	unsigned int i, j;
-
-	j = (context->count[0] >> 3) & 63;
-	if((context->count[0] += len << 3) < (len << 3))
-		context->count[1]++;
-	context->count[1] += (len >> 29);
-	if((j + len) > 63) {
-		memcpy(&context->buffer[j], data, (i = 64 - j));
-		SHA1_Transform(context->state, context->buffer);
-		for(; i + 63 < len; i += 64) {
-			SHA1_Transform(context->state, &data[i]);
+	size_t i;
+
+	for(i = 0; i < len; ++i) {
+		ctx->data[ctx->datalen] = data[i];
+		ctx->datalen++;
+		if(ctx->datalen == 64) {
+			sha1_transform(ctx, ctx->data);
+			ctx->bitlen += 512;
+			ctx->datalen = 0;
 		}
-		j = 0;
-	} else
-		i = 0;
-	memcpy(&context->buffer[j], &data[i], len - i);
+	}
 }
 
-
-/* Add padding and return the message digest. */
-void sr_SHA1_Final(uint8_t digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context)
+void sr_SHA1_Final(unsigned char hash[SHA1_DIGEST_LENGTH], SHA1_CTX *ctx)
 {
-	uint32_t i, j;
-	uint8_t finalcount[8];
+	unsigned int i;
 
-	for(i = 0; i < 8; i++) {
-		finalcount[i] = (uint8_t)((context->count[(i >= 4 ? 0 : 1)]
-										  >> ((3 - (i & 3)) * 8))
-								  & 255); /* Endian independent */
-	}
-	sr_SHA1_Update(context, (uint8_t *)"\200", 1);
-	while((context->count[0] & 504) != 448) {
-		sr_SHA1_Update(context, (uint8_t *)"\0", 1);
+	i = ctx->datalen;
+
+	if(ctx->datalen < 56) {
+		ctx->data[i++] = 0x80;
+		while(i < 56)
+			ctx->data[i++] = 0x00;
+	} else {
+		ctx->data[i++] = 0x80;
+		while(i < 64)
+			ctx->data[i++] = 0x00;
+		sha1_transform(ctx, ctx->data);
+		memset(ctx->data, 0, 56);
 	}
-	/* Should cause a SHA1_Transform() */
-	sr_SHA1_Update(context, finalcount, 8);
-	for(i = 0; i < SHA1_DIGEST_LENGTH; i++) {
-		digest[i] = (uint8_t)((context->state[i >> 2] >> ((3 - (i & 3)) * 8))
-							  & 255);
+
+	ctx->bitlen += ctx->datalen * 8;
+	ctx->data[63] = ctx->bitlen;
+	ctx->data[62] = ctx->bitlen >> 8;
+	ctx->data[61] = ctx->bitlen >> 16;
+	ctx->data[60] = ctx->bitlen >> 24;
+	ctx->data[59] = ctx->bitlen >> 32;
+	ctx->data[58] = ctx->bitlen >> 40;
+	ctx->data[57] = ctx->bitlen >> 48;
+	ctx->data[56] = ctx->bitlen >> 56;
+	sha1_transform(ctx, ctx->data);
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+	for(i = 0; i < 4; ++i) {
+		hash[i] = (ctx->state[0] >> (24 - i * 8)) & 0x000000ff;
+		hash[i + 4] = (ctx->state[1] >> (24 - i * 8)) & 0x000000ff;
+		hash[i + 8] = (ctx->state[2] >> (24 - i * 8)) & 0x000000ff;
+		hash[i + 12] = (ctx->state[3] >> (24 - i * 8)) & 0x000000ff;
+		hash[i + 16] = (ctx->state[4] >> (24 - i * 8)) & 0x000000ff;
 	}
-	/* Wipe variables */
-	i = j = 0;
-	memset(context->buffer, 0, SHA1_BLOCK_LENGTH);
-	memset(context->state, 0, SHA1_DIGEST_LENGTH);
-	memset(context->count, 0, 8);
-	memset(&finalcount, 0, 8);
+#endif
 }
 
 char *sr_SHA1_End(SHA1_CTX *context, char buffer[SHA1_DIGEST_STRING_LENGTH])

src/core/crypto/sha256.h

@@ -70,9 +70,11 @@ typedef unsigned long long u_int64_t;	/* 8-bytes (64-bits) */
 
 	typedef struct _SHA1_CTX
 	{
-		uint32_t state[5];
-		uint32_t count[2];
-		uint8_t buffer[SHA1_BLOCK_LENGTH];
+		unsigned char data[SHA1_BLOCK_LENGTH];
+		unsigned int datalen;
+		unsigned long long bitlen;
+		unsigned int state[5];
+		unsigned int k[4];
 	} SHA1_CTX;
 
 	typedef struct _SHA256_CTX
@@ -99,7 +101,7 @@ typedef unsigned long long u_int64_t;	/* 8-bytes (64-bits) */
 
 	void sr_SHA1_Init(SHA1_CTX *);
 	void sr_SHA1_Update(SHA1_CTX *, const uint8_t *, size_t);
-	void sr_SHA1_Final(sha2_byte[SHA1_DIGEST_LENGTH], SHA1_CTX *);
+	void sr_SHA1_Final(unsigned char hash[SHA1_DIGEST_LENGTH], SHA1_CTX *ctx);
 	char *sr_SHA1_End(SHA1_CTX *, char[SHA1_DIGEST_STRING_LENGTH]);
 	char *sr_SHA1_Data(
 			const uint8_t *, size_t, char[SHA1_DIGEST_STRING_LENGTH]);