1 /* 2 * sha.c: routines to compute SHA-1/224/256/384/512 digests 3 * 4 * Ref: NIST FIPS PUB 180-2 Secure Hash Standard 5 * 6 * Copyright (C) 2003-2013 Mark Shelor, All Rights Reserved 7 * 8 * Version: 5.84 9 * Sat Mar 9 17:36:08 MST 2013 10 * 11 */ 12 13 #include <stdio.h> 14 #include <stdlib.h> 15 #include <stddef.h> 16 #include <string.h> 17 #include <ctype.h> 18 #include "sha.h" 19 #include "sha64bit.h" 20 21 #define W32 SHA32 /* useful abbreviations */ 22 #define C32 SHA32_CONST 23 #define SR32 SHA32_SHR 24 #define SL32 SHA32_SHL 25 #define LO32 SHA_LO32 26 #define UCHR unsigned char 27 #define UINT unsigned int 28 #define ULNG unsigned long 29 #define VP void * 30 31 #define ROTR(x, n) (SR32(x, n) | SL32(x, 32-(n))) 32 #define ROTL(x, n) (SL32(x, n) | SR32(x, 32-(n))) 33 34 #define Ch(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) 35 #define Pa(x, y, z) ((x) ^ (y) ^ (z)) 36 #define Ma(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) 37 38 #define SIGMA0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) 39 #define SIGMA1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) 40 #define sigma0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SR32(x, 3)) 41 #define sigma1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SR32(x, 10)) 42 43 #define K1 C32(0x5a827999) /* SHA-1 constants */ 44 #define K2 C32(0x6ed9eba1) 45 #define K3 C32(0x8f1bbcdc) 46 #define K4 C32(0xca62c1d6) 47 48 static W32 K256[64] = /* SHA-224/256 constants */ 49 { 50 C32(0x428a2f98), C32(0x71374491), C32(0xb5c0fbcf), C32(0xe9b5dba5), 51 C32(0x3956c25b), C32(0x59f111f1), C32(0x923f82a4), C32(0xab1c5ed5), 52 C32(0xd807aa98), C32(0x12835b01), C32(0x243185be), C32(0x550c7dc3), 53 C32(0x72be5d74), C32(0x80deb1fe), C32(0x9bdc06a7), C32(0xc19bf174), 54 C32(0xe49b69c1), C32(0xefbe4786), C32(0x0fc19dc6), C32(0x240ca1cc), 55 C32(0x2de92c6f), C32(0x4a7484aa), C32(0x5cb0a9dc), C32(0x76f988da), 56 C32(0x983e5152), C32(0xa831c66d), C32(0xb00327c8), C32(0xbf597fc7), 57 C32(0xc6e00bf3), C32(0xd5a79147), C32(0x06ca6351), C32(0x14292967), 58 C32(0x27b70a85), C32(0x2e1b2138), C32(0x4d2c6dfc), C32(0x53380d13), 59 C32(0x650a7354), C32(0x766a0abb), C32(0x81c2c92e), C32(0x92722c85), 60 C32(0xa2bfe8a1), C32(0xa81a664b), C32(0xc24b8b70), C32(0xc76c51a3), 61 C32(0xd192e819), C32(0xd6990624), C32(0xf40e3585), C32(0x106aa070), 62 C32(0x19a4c116), C32(0x1e376c08), C32(0x2748774c), C32(0x34b0bcb5), 63 C32(0x391c0cb3), C32(0x4ed8aa4a), C32(0x5b9cca4f), C32(0x682e6ff3), 64 C32(0x748f82ee), C32(0x78a5636f), C32(0x84c87814), C32(0x8cc70208), 65 C32(0x90befffa), C32(0xa4506ceb), C32(0xbef9a3f7), C32(0xc67178f2) 66 }; 67 68 static W32 H01[5] = /* SHA-1 initial hash value */ 69 { 70 C32(0x67452301), C32(0xefcdab89), C32(0x98badcfe), 71 C32(0x10325476), C32(0xc3d2e1f0) 72 }; 73 74 static W32 H0224[8] = /* SHA-224 initial hash value */ 75 { 76 C32(0xc1059ed8), C32(0x367cd507), C32(0x3070dd17), C32(0xf70e5939), 77 C32(0xffc00b31), C32(0x68581511), C32(0x64f98fa7), C32(0xbefa4fa4) 78 }; 79 80 static W32 H0256[8] = /* SHA-256 initial hash value */ 81 { 82 C32(0x6a09e667), C32(0xbb67ae85), C32(0x3c6ef372), C32(0xa54ff53a), 83 C32(0x510e527f), C32(0x9b05688c), C32(0x1f83d9ab), C32(0x5be0cd19) 84 }; 85 86 static void sha1(SHA *s, UCHR *block) /* SHA-1 transform */ 87 { 88 W32 a, b, c, d, e; 89 W32 W[16]; 90 W32 *wp = W; 91 W32 *H = (W32 *) s->H; 92 93 SHA32_SCHED(W, block); 94 95 /* 96 * Use SHA-1 alternate method from FIPS PUB 180-2 (ref. 6.1.3) 97 * 98 * To improve performance, unroll the loop and consolidate assignments 99 * by changing the roles of variables "a" through "e" at each step. 100 * Note that the variable "T" is no longer needed. 101 */ 102 103 #define M1(a, b, c, d, e, f, k, w) \ 104 e += ROTL(a, 5) + f(b, c, d) + k + w; \ 105 b = ROTL(b, 30) 106 107 #define M11(f, k, w) M1(a, b, c, d, e, f, k, w); 108 #define M12(f, k, w) M1(e, a, b, c, d, f, k, w); 109 #define M13(f, k, w) M1(d, e, a, b, c, f, k, w); 110 #define M14(f, k, w) M1(c, d, e, a, b, f, k, w); 111 #define M15(f, k, w) M1(b, c, d, e, a, f, k, w); 112 113 #define W11(s) W[(s+ 0) & 0xf] 114 #define W12(s) W[(s+13) & 0xf] 115 #define W13(s) W[(s+ 8) & 0xf] 116 #define W14(s) W[(s+ 2) & 0xf] 117 118 #define A1(s) (W11(s) = ROTL(W11(s) ^ W12(s) ^ W13(s) ^ W14(s), 1)) 119 120 a = H[0]; b = H[1]; c = H[2]; d = H[3]; e = H[4]; 121 122 M11(Ch, K1, *wp++); M12(Ch, K1, *wp++); M13(Ch, K1, *wp++); 123 M14(Ch, K1, *wp++); M15(Ch, K1, *wp++); M11(Ch, K1, *wp++); 124 M12(Ch, K1, *wp++); M13(Ch, K1, *wp++); M14(Ch, K1, *wp++); 125 M15(Ch, K1, *wp++); M11(Ch, K1, *wp++); M12(Ch, K1, *wp++); 126 M13(Ch, K1, *wp++); M14(Ch, K1, *wp++); M15(Ch, K1, *wp++); 127 M11(Ch, K1, *wp ); M12(Ch, K1, A1( 0)); M13(Ch, K1, A1( 1)); 128 M14(Ch, K1, A1( 2)); M15(Ch, K1, A1( 3)); M11(Pa, K2, A1( 4)); 129 M12(Pa, K2, A1( 5)); M13(Pa, K2, A1( 6)); M14(Pa, K2, A1( 7)); 130 M15(Pa, K2, A1( 8)); M11(Pa, K2, A1( 9)); M12(Pa, K2, A1(10)); 131 M13(Pa, K2, A1(11)); M14(Pa, K2, A1(12)); M15(Pa, K2, A1(13)); 132 M11(Pa, K2, A1(14)); M12(Pa, K2, A1(15)); M13(Pa, K2, A1( 0)); 133 M14(Pa, K2, A1( 1)); M15(Pa, K2, A1( 2)); M11(Pa, K2, A1( 3)); 134 M12(Pa, K2, A1( 4)); M13(Pa, K2, A1( 5)); M14(Pa, K2, A1( 6)); 135 M15(Pa, K2, A1( 7)); M11(Ma, K3, A1( 8)); M12(Ma, K3, A1( 9)); 136 M13(Ma, K3, A1(10)); M14(Ma, K3, A1(11)); M15(Ma, K3, A1(12)); 137 M11(Ma, K3, A1(13)); M12(Ma, K3, A1(14)); M13(Ma, K3, A1(15)); 138 M14(Ma, K3, A1( 0)); M15(Ma, K3, A1( 1)); M11(Ma, K3, A1( 2)); 139 M12(Ma, K3, A1( 3)); M13(Ma, K3, A1( 4)); M14(Ma, K3, A1( 5)); 140 M15(Ma, K3, A1( 6)); M11(Ma, K3, A1( 7)); M12(Ma, K3, A1( 8)); 141 M13(Ma, K3, A1( 9)); M14(Ma, K3, A1(10)); M15(Ma, K3, A1(11)); 142 M11(Pa, K4, A1(12)); M12(Pa, K4, A1(13)); M13(Pa, K4, A1(14)); 143 M14(Pa, K4, A1(15)); M15(Pa, K4, A1( 0)); M11(Pa, K4, A1( 1)); 144 M12(Pa, K4, A1( 2)); M13(Pa, K4, A1( 3)); M14(Pa, K4, A1( 4)); 145 M15(Pa, K4, A1( 5)); M11(Pa, K4, A1( 6)); M12(Pa, K4, A1( 7)); 146 M13(Pa, K4, A1( 8)); M14(Pa, K4, A1( 9)); M15(Pa, K4, A1(10)); 147 M11(Pa, K4, A1(11)); M12(Pa, K4, A1(12)); M13(Pa, K4, A1(13)); 148 M14(Pa, K4, A1(14)); M15(Pa, K4, A1(15)); 149 150 H[0] += a; H[1] += b; H[2] += c; H[3] += d; H[4] += e; 151 } 152 153 static void sha256(SHA *s, UCHR *block) /* SHA-224/256 transform */ 154 { 155 W32 a, b, c, d, e, f, g, h, T1; 156 W32 W[16]; 157 W32 *kp = K256; 158 W32 *wp = W; 159 W32 *H = (W32 *) s->H; 160 161 SHA32_SCHED(W, block); 162 163 /* 164 * Use same technique as in sha1() 165 * 166 * To improve performance, unroll the loop and consolidate assignments 167 * by changing the roles of variables "a" through "h" at each step. 168 * Note that the variable "T2" is no longer needed. 169 */ 170 171 #define M2(a, b, c, d, e, f, g, h, w) \ 172 T1 = h + SIGMA1(e) + Ch(e, f, g) + (*kp++) + w; \ 173 h = T1 + SIGMA0(a) + Ma(a, b, c); d += T1; 174 175 #define W21(s) W[(s+ 0) & 0xf] 176 #define W22(s) W[(s+14) & 0xf] 177 #define W23(s) W[(s+ 9) & 0xf] 178 #define W24(s) W[(s+ 1) & 0xf] 179 180 #define A2(s) (W21(s) += sigma1(W22(s)) + W23(s) + sigma0(W24(s))) 181 182 #define M21(w) M2(a, b, c, d, e, f, g, h, w) 183 #define M22(w) M2(h, a, b, c, d, e, f, g, w) 184 #define M23(w) M2(g, h, a, b, c, d, e, f, w) 185 #define M24(w) M2(f, g, h, a, b, c, d, e, w) 186 #define M25(w) M2(e, f, g, h, a, b, c, d, w) 187 #define M26(w) M2(d, e, f, g, h, a, b, c, w) 188 #define M27(w) M2(c, d, e, f, g, h, a, b, w) 189 #define M28(w) M2(b, c, d, e, f, g, h, a, w) 190 191 a = H[0]; b = H[1]; c = H[2]; d = H[3]; 192 e = H[4]; f = H[5]; g = H[6]; h = H[7]; 193 194 M21( *wp++); M22( *wp++); M23( *wp++); M24( *wp++); 195 M25( *wp++); M26( *wp++); M27( *wp++); M28( *wp++); 196 M21( *wp++); M22( *wp++); M23( *wp++); M24( *wp++); 197 M25( *wp++); M26( *wp++); M27( *wp++); M28( *wp ); 198 M21(A2( 0)); M22(A2( 1)); M23(A2( 2)); M24(A2( 3)); 199 M25(A2( 4)); M26(A2( 5)); M27(A2( 6)); M28(A2( 7)); 200 M21(A2( 8)); M22(A2( 9)); M23(A2(10)); M24(A2(11)); 201 M25(A2(12)); M26(A2(13)); M27(A2(14)); M28(A2(15)); 202 M21(A2( 0)); M22(A2( 1)); M23(A2( 2)); M24(A2( 3)); 203 M25(A2( 4)); M26(A2( 5)); M27(A2( 6)); M28(A2( 7)); 204 M21(A2( 8)); M22(A2( 9)); M23(A2(10)); M24(A2(11)); 205 M25(A2(12)); M26(A2(13)); M27(A2(14)); M28(A2(15)); 206 M21(A2( 0)); M22(A2( 1)); M23(A2( 2)); M24(A2( 3)); 207 M25(A2( 4)); M26(A2( 5)); M27(A2( 6)); M28(A2( 7)); 208 M21(A2( 8)); M22(A2( 9)); M23(A2(10)); M24(A2(11)); 209 M25(A2(12)); M26(A2(13)); M27(A2(14)); M28(A2(15)); 210 211 H[0] += a; H[1] += b; H[2] += c; H[3] += d; 212 H[4] += e; H[5] += f; H[6] += g; H[7] += h; 213 } 214 215 #include "sha64bit.c" 216 217 #define SETBIT(s, pos) s[(pos) >> 3] |= (0x01 << (7 - (pos) % 8)) 218 #define CLRBIT(s, pos) s[(pos) >> 3] &= ~(0x01 << (7 - (pos) % 8)) 219 #define NBYTES(nbits) (((nbits) + 7) >> 3) 220 #define HEXLEN(nbytes) ((nbytes) << 1) 221 #define B64LEN(nbytes) (((nbytes) % 3 == 0) ? ((nbytes) / 3) * 4 \ 222 : ((nbytes) / 3) * 4 + ((nbytes) % 3) + 1) 223 224 /* w32mem: writes 32-bit word to memory in big-endian order */ 225 static void w32mem(UCHR *mem, W32 w32) 226 { 227 int i; 228 229 for (i = 0; i < 4; i++) 230 *mem++ = (UCHR) (SR32(w32, 24-i*8) & 0xff); 231 } 232 233 /* digcpy: writes current state to digest buffer */ 234 static void digcpy(SHA *s) 235 { 236 UINT i; 237 UCHR *d = s->digest; 238 W32 *p32 = (W32 *) s->H; 239 W64 *p64 = (W64 *) s->H; 240 241 if (s->alg <= SHA256) 242 for (i = 0; i < 8; i++, d += 4) 243 w32mem(d, *p32++); 244 else 245 for (i = 0; i < 8; i++, d += 8) { 246 w32mem(d, (W32) ((*p64 >> 16) >> 16)); 247 w32mem(d+4, (W32) (*p64++ & SHA32_MAX)); 248 } 249 } 250 251 #define SHA_INIT(algo, transform) \ 252 do { \ 253 memset(s, 0, sizeof(SHA)); \ 254 s->alg = algo; s->sha = sha ## transform; \ 255 memcpy(s->H, H0 ## algo, sizeof(H0 ## algo)); \ 256 s->blocksize = SHA ## algo ## _BLOCK_BITS; \ 257 s->digestlen = SHA ## algo ## _DIGEST_BITS >> 3; \ 258 } while (0) 259 260 /* sharewind: re-initializes the digest object */ 261 static void sharewind(SHA *s) 262 { 263 if (s->alg == SHA1) SHA_INIT(1, 1); 264 else if (s->alg == SHA224) SHA_INIT(224, 256); 265 else if (s->alg == SHA256) SHA_INIT(256, 256); 266 else if (s->alg == SHA384) SHA_INIT(384, 512); 267 else if (s->alg == SHA512) SHA_INIT(512, 512); 268 else if (s->alg == SHA512224) SHA_INIT(512224, 512); 269 else if (s->alg == SHA512256) SHA_INIT(512256, 512); 270 } 271 272 /* shaopen: creates a new digest object */ 273 static SHA *shaopen(int alg) 274 { 275 SHA *s = NULL; 276 277 if (alg != SHA1 && alg != SHA224 && alg != SHA256 && 278 alg != SHA384 && alg != SHA512 && 279 alg != SHA512224 && alg != SHA512256) 280 return(NULL); 281 if (alg >= SHA384 && !sha_384_512) 282 return(NULL); 283 SHA_newz(0, s, 1, SHA); 284 if (s == NULL) 285 return(NULL); 286 s->alg = alg; 287 sharewind(s); 288 return(s); 289 } 290 291 /* shaclose: de-allocates digest object */ 292 static int shaclose(SHA *s) 293 { 294 if (s != NULL) { 295 memset(s, 0, sizeof(SHA)); 296 SHA_free(s); 297 } 298 return(0); 299 } 300 301 /* shadirect: updates state directly (w/o going through s->block) */ 302 static ULNG shadirect(UCHR *bitstr, ULNG bitcnt, SHA *s) 303 { 304 ULNG savecnt = bitcnt; 305 306 while (bitcnt >= s->blocksize) { 307 s->sha(s, bitstr); 308 bitstr += (s->blocksize >> 3); 309 bitcnt -= s->blocksize; 310 } 311 if (bitcnt > 0) { 312 memcpy(s->block, bitstr, NBYTES(bitcnt)); 313 s->blockcnt = bitcnt; 314 } 315 return(savecnt); 316 } 317 318 /* shabytes: updates state for byte-aligned input data */ 319 static ULNG shabytes(UCHR *bitstr, ULNG bitcnt, SHA *s) 320 { 321 UINT offset; 322 UINT nbits; 323 ULNG savecnt = bitcnt; 324 325 offset = s->blockcnt >> 3; 326 if (s->blockcnt + bitcnt >= s->blocksize) { 327 nbits = s->blocksize - s->blockcnt; 328 memcpy(s->block+offset, bitstr, nbits>>3); 329 bitcnt -= nbits; 330 bitstr += (nbits >> 3); 331 s->sha(s, s->block), s->blockcnt = 0; 332 shadirect(bitstr, bitcnt, s); 333 } 334 else { 335 memcpy(s->block+offset, bitstr, NBYTES(bitcnt)); 336 s->blockcnt += bitcnt; 337 } 338 return(savecnt); 339 } 340 341 /* shabits: updates state for bit-aligned input data */ 342 static ULNG shabits(UCHR *bitstr, ULNG bitcnt, SHA *s) 343 { 344 UINT i; 345 UINT gap; 346 ULNG nbits; 347 UCHR buf[1<<9]; 348 UINT bufsize = sizeof(buf); 349 ULNG bufbits = (ULNG) bufsize << 3; 350 UINT nbytes = NBYTES(bitcnt); 351 ULNG savecnt = bitcnt; 352 353 gap = 8 - s->blockcnt % 8; 354 s->block[s->blockcnt>>3] &= ~0 << gap; 355 s->block[s->blockcnt>>3] |= *bitstr >> (8 - gap); 356 s->blockcnt += bitcnt < gap ? bitcnt : gap; 357 if (bitcnt < gap) 358 return(savecnt); 359 if (s->blockcnt == s->blocksize) 360 s->sha(s, s->block), s->blockcnt = 0; 361 if ((bitcnt -= gap) == 0) 362 return(savecnt); 363 while (nbytes > bufsize) { 364 for (i = 0; i < bufsize; i++) 365 buf[i] = bitstr[i] << gap | bitstr[i+1] >> (8-gap); 366 nbits = bitcnt < bufbits ? bitcnt : bufbits; 367 shabytes(buf, nbits, s); 368 bitcnt -= nbits, bitstr += bufsize, nbytes -= bufsize; 369 } 370 for (i = 0; i < nbytes - 1; i++) 371 buf[i] = bitstr[i] << gap | bitstr[i+1] >> (8-gap); 372 buf[nbytes-1] = bitstr[nbytes-1] << gap; 373 shabytes(buf, bitcnt, s); 374 return(savecnt); 375 } 376 377 /* shawrite: triggers a state update using data in bitstr/bitcnt */ 378 static ULNG shawrite(UCHR *bitstr, ULNG bitcnt, SHA *s) 379 { 380 if (bitcnt < 1) 381 return(0); 382 if (SHA_LO32(s->lenll += bitcnt) < bitcnt) 383 if (SHA_LO32(++s->lenlh) == 0) 384 if (SHA_LO32(++s->lenhl) == 0) 385 s->lenhh++; 386 if (s->blockcnt == 0) 387 return(shadirect(bitstr, bitcnt, s)); 388 else if (s->blockcnt % 8 == 0) 389 return(shabytes(bitstr, bitcnt, s)); 390 else 391 return(shabits(bitstr, bitcnt, s)); 392 } 393 394 /* shafinish: pads remaining block(s) and computes final digest state */ 395 static void shafinish(SHA *s) 396 { 397 UINT lenpos, lhpos, llpos; 398 399 lenpos = s->blocksize == SHA1_BLOCK_BITS ? 448 : 896; 400 lhpos = s->blocksize == SHA1_BLOCK_BITS ? 56 : 120; 401 llpos = s->blocksize == SHA1_BLOCK_BITS ? 60 : 124; 402 SETBIT(s->block, s->blockcnt), s->blockcnt++; 403 while (s->blockcnt > lenpos) 404 if (s->blockcnt < s->blocksize) 405 CLRBIT(s->block, s->blockcnt), s->blockcnt++; 406 else 407 s->sha(s, s->block), s->blockcnt = 0; 408 while (s->blockcnt < lenpos) 409 CLRBIT(s->block, s->blockcnt), s->blockcnt++; 410 if (s->blocksize > SHA1_BLOCK_BITS) { 411 w32mem(s->block + 112, s->lenhh); 412 w32mem(s->block + 116, s->lenhl); 413 } 414 w32mem(s->block + lhpos, s->lenlh); 415 w32mem(s->block + llpos, s->lenll); 416 s->sha(s, s->block); 417 } 418 419 /* shadigest: returns pointer to current digest (binary) */ 420 static UCHR *shadigest(SHA *s) 421 { 422 digcpy(s); 423 return(s->digest); 424 } 425 426 /* shahex: returns pointer to current digest (hexadecimal) */ 427 static char *shahex(SHA *s) 428 { 429 int i; 430 431 digcpy(s); 432 s->hex[0] = '\0'; 433 if (HEXLEN((size_t) s->digestlen) >= sizeof(s->hex)) 434 return(s->hex); 435 for (i = 0; i < s->digestlen; i++) 436 sprintf(s->hex+i*2, "%02x", s->digest[i]); 437 return(s->hex); 438 } 439 440 /* map: translation map for Base 64 encoding */ 441 static char map[] = 442 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; 443 444 /* encbase64: encodes input (0 to 3 bytes) into Base 64 */ 445 static void encbase64(UCHR *in, int n, char *out) 446 { 447 UCHR byte[3] = {0, 0, 0}; 448 449 out[0] = '\0'; 450 if (n < 1 || n > 3) 451 return; 452 memcpy(byte, in, n); 453 out[0] = map[byte[0] >> 2]; 454 out[1] = map[((byte[0] & 0x03) << 4) | (byte[1] >> 4)]; 455 out[2] = map[((byte[1] & 0x0f) << 2) | (byte[2] >> 6)]; 456 out[3] = map[byte[2] & 0x3f]; 457 out[n+1] = '\0'; 458 } 459 460 /* shabase64: returns pointer to current digest (Base 64) */ 461 static char *shabase64(SHA *s) 462 { 463 int n; 464 UCHR *q; 465 char out[5]; 466 467 digcpy(s); 468 s->base64[0] = '\0'; 469 if (B64LEN((size_t) s->digestlen) >= sizeof(s->base64)) 470 return(s->base64); 471 for (n = s->digestlen, q = s->digest; n > 3; n -= 3, q += 3) { 472 encbase64(q, 3, out); 473 strcat(s->base64, out); 474 } 475 encbase64(q, n, out); 476 strcat(s->base64, out); 477 return(s->base64); 478 } 479 480 /* shadsize: returns length of digest in bytes */ 481 static int shadsize(SHA *s) 482 { 483 return(s->digestlen); 484 } 485 486 /* shaalg: returns which SHA algorithm is being used */ 487 static int shaalg(SHA *s) 488 { 489 return(s->alg); 490 } 491 492 /* shadup: duplicates current digest object */ 493 static SHA *shadup(SHA *s) 494 { 495 SHA *p; 496 497 SHA_new(0, p, 1, SHA); 498 if (p == NULL) 499 return(NULL); 500 memcpy(p, s, sizeof(SHA)); 501 return(p); 502 } 503 504 /* shadump: dumps digest object to a human-readable ASCII file */ 505 static int shadump(char *file, SHA *s) 506 { 507 int i, j; 508 SHA_FILE *f; 509 UCHR *p = shadigest(s); 510 511 if (file == NULL || strlen(file) == 0) 512 f = SHA_stdout(); 513 else if ((f = SHA_open(file, "w")) == NULL) 514 return(0); 515 SHA_fprintf(f, "alg:%d\nH", s->alg); 516 for (i = 0; i < 8; i++) 517 for (j = 0; j < (s->alg <= 256 ? 4 : 8); j++) 518 SHA_fprintf(f, "%s%02x", j==0 ? ":" : "", *p++); 519 SHA_fprintf(f, "\nblock"); 520 for (i = 0; i < (int) (s->blocksize >> 3); i++) 521 SHA_fprintf(f, ":%02x", s->block[i]); 522 SHA_fprintf(f, "\nblockcnt:%u\n", s->blockcnt); 523 SHA_fprintf(f, "lenhh:%lu\nlenhl:%lu\nlenlh:%lu\nlenll:%lu\n", 524 (ULNG) LO32(s->lenhh), (ULNG) LO32(s->lenhl), 525 (ULNG) LO32(s->lenlh), (ULNG) LO32(s->lenll)); 526 if (f != SHA_stdout()) 527 SHA_close(f); 528 return(1); 529 } 530 531 /* fgetstr: reads (and returns pointer to) next line of file */ 532 static char *fgetstr(char *line, UINT maxsize, SHA_FILE *f) 533 { 534 char *p; 535 536 if (SHA_feof(f) || maxsize == 0) 537 return(NULL); 538 for (p = line; !SHA_feof(f) && maxsize > 1; maxsize--) 539 if ((*p++ = SHA_getc(f)) == '\n') 540 break; 541 *p = '\0'; 542 return(line); 543 } 544 545 /* empty: returns true if line contains only whitespace characters */ 546 static int empty(char *line) 547 { 548 char *p; 549 550 for (p = line; *p; p++) 551 if (!isspace(*p)) 552 return(0); 553 return(1); 554 } 555 556 /* getval: null-terminates field value, and sets pointer to rest of line */ 557 static char *getval(char *line, char **pprest) 558 { 559 char *p, *v; 560 561 for (v = line; *v == ':' || isspace(*v); v++) 562 ; 563 for (p = v; *p; p++) { 564 if (*p == ':' || isspace(*p)) { 565 *p++ = '\0'; 566 break; 567 } 568 } 569 *pprest = p; 570 return(p == v ? NULL : v); 571 } 572 573 /* types of values present in dump file */ 574 #define T_C 1 /* character */ 575 #define T_I 2 /* normal integer */ 576 #define T_L 3 /* 32-bit value */ 577 #define T_Q 4 /* 64-bit value */ 578 579 /* ldvals: checks next line in dump file against tag, and loads values */ 580 static int ldvals( 581 SHA_FILE *f, 582 const char *tag, 583 int type, 584 void *pval, 585 int reps, 586 int base) 587 { 588 char *p, *pr, line[512]; 589 UCHR *pc = (UCHR *) pval; UINT *pi = (UINT *) pval; 590 W32 *pl = (W32 *) pval; W64 *pq = (W64 *) pval; 591 592 while ((p = fgetstr(line, sizeof(line), f)) != NULL) 593 if (line[0] != '#' && !empty(line)) 594 break; 595 if (p == NULL || strcmp(getval(line, &pr), tag) != 0) 596 return(0); 597 while (reps-- > 0) { 598 if ((p = getval(pr, &pr)) == NULL) 599 return(1); 600 switch (type) { 601 case T_C: *pc++ = (UCHR) strtoul(p, NULL, base); break; 602 case T_I: *pi++ = (UINT) strtoul(p, NULL, base); break; 603 case T_L: *pl++ = (W32 ) strtoul(p, NULL, base); break; 604 case T_Q: *pq++ = (W64 ) strto64(p ); break; 605 } 606 } 607 return(1); 608 } 609 610 /* closeall: closes dump file and de-allocates digest object */ 611 static SHA *closeall(SHA_FILE *f, SHA *s) 612 { 613 if (f != NULL && f != SHA_stdin()) 614 SHA_close(f); 615 if (s != NULL) 616 shaclose(s); 617 return(NULL); 618 } 619 620 /* shaload: creates digest object corresponding to contents of dump file */ 621 static SHA *shaload(char *file) 622 { 623 int alg; 624 SHA *s = NULL; 625 SHA_FILE *f; 626 627 if (file == NULL || strlen(file) == 0) 628 f = SHA_stdin(); 629 else if ((f = SHA_open(file, "r")) == NULL) 630 return(NULL); 631 if ( 632 /* avoid parens by exploiting precedence of (type)&-> */ 633 !ldvals(f,"alg",T_I,(VP)&alg,1,10) || 634 ((s = shaopen(alg)) == NULL) || 635 !ldvals(f,"H",alg<=SHA256?T_L:T_Q,(VP)s->H,8,16) || 636 !ldvals(f,"block",T_C,(VP)s->block,s->blocksize/8,16) || 637 !ldvals(f,"blockcnt",T_I,(VP)&s->blockcnt,1,10) || 638 (alg <= SHA256 && s->blockcnt >= SHA1_BLOCK_BITS) || 639 (alg >= SHA384 && s->blockcnt >= SHA384_BLOCK_BITS) || 640 !ldvals(f,"lenhh",T_L,(VP)&s->lenhh,1,10) || 641 !ldvals(f,"lenhl",T_L,(VP)&s->lenhl,1,10) || 642 !ldvals(f,"lenlh",T_L,(VP)&s->lenlh,1,10) || 643 !ldvals(f,"lenll",T_L,(VP)&s->lenll,1,10) 644 ) 645 return(closeall(f, s)); 646 if (f != SHA_stdin()) 647 SHA_close(f); 648 return(s); 649 } 650 651 /* hmacopen: creates a new HMAC-SHA digest object */ 652 static HMAC *hmacopen(int alg, UCHR *key, UINT keylen) 653 { 654 UINT i; 655 HMAC *h; 656 657 SHA_newz(0, h, 1, HMAC); 658 if (h == NULL) 659 return(NULL); 660 if ((h->isha = shaopen(alg)) == NULL) { 661 SHA_free(h); 662 return(NULL); 663 } 664 if ((h->osha = shaopen(alg)) == NULL) { 665 shaclose(h->isha); 666 SHA_free(h); 667 return(NULL); 668 } 669 if (keylen <= h->osha->blocksize / 8) 670 memcpy(h->key, key, keylen); 671 else { 672 if ((h->ksha = shaopen(alg)) == NULL) { 673 shaclose(h->isha); 674 shaclose(h->osha); 675 SHA_free(h); 676 return(NULL); 677 } 678 shawrite(key, keylen * 8, h->ksha); 679 shafinish(h->ksha); 680 memcpy(h->key, shadigest(h->ksha), h->ksha->digestlen); 681 shaclose(h->ksha); 682 } 683 for (i = 0; i < h->osha->blocksize / 8; i++) 684 h->key[i] ^= 0x5c; 685 shawrite(h->key, h->osha->blocksize, h->osha); 686 for (i = 0; i < h->isha->blocksize / 8; i++) 687 h->key[i] ^= (0x5c ^ 0x36); 688 shawrite(h->key, h->isha->blocksize, h->isha); 689 memset(h->key, 0, sizeof(h->key)); 690 return(h); 691 } 692 693 /* hmacwrite: triggers a state update using data in bitstr/bitcnt */ 694 static ULNG hmacwrite(UCHR *bitstr, ULNG bitcnt, HMAC *h) 695 { 696 return(shawrite(bitstr, bitcnt, h->isha)); 697 } 698 699 /* hmacfinish: computes final digest state */ 700 static void hmacfinish(HMAC *h) 701 { 702 shafinish(h->isha); 703 shawrite(shadigest(h->isha), h->isha->digestlen * 8, h->osha); 704 shaclose(h->isha); 705 shafinish(h->osha); 706 } 707 708 /* hmacdigest: returns pointer to digest (binary) */ 709 static UCHR *hmacdigest(HMAC *h) 710 { 711 return(shadigest(h->osha)); 712 } 713 714 /* hmachex: returns pointer to digest (hexadecimal) */ 715 static char *hmachex(HMAC *h) 716 { 717 return(shahex(h->osha)); 718 } 719 720 /* hmacbase64: returns pointer to digest (Base 64) */ 721 static char *hmacbase64(HMAC *h) 722 { 723 return(shabase64(h->osha)); 724 } 725 726 /* hmacclose: de-allocates digest object */ 727 static int hmacclose(HMAC *h) 728 { 729 if (h != NULL) { 730 shaclose(h->osha); 731 memset(h, 0, sizeof(HMAC)); 732 SHA_free(h); 733 } 734 return(0); 735 } 736