LXR linux/lib/sha1.c

   1/*
   2 * SHA transform algorithm, originally taken from code written by
   3 * Peter Gutmann, and placed in the public domain.
   4 */
   5
   6#include <linux/kernel.h>
   7#include <linux/module.h>
   8#include <linux/cryptohash.h>
   9
  10/* The SHA f()-functions.  */
  11
  12#define f1(x,y,z)   (z ^ (x & (y ^ z)))         /* x ? y : z */
  13#define f2(x,y,z)   (x ^ y ^ z)                 /* XOR */
  14#define f3(x,y,z)   ((x & y) + (z & (x ^ y)))   /* majority */
  15
  16/* The SHA Mysterious Constants */
  17
  18#define K1  0x5A827999L                 /* Rounds  0-19: sqrt(2) * 2^30 */
  19#define K2  0x6ED9EBA1L                 /* Rounds 20-39: sqrt(3) * 2^30 */
  20#define K3  0x8F1BBCDCL                 /* Rounds 40-59: sqrt(5) * 2^30 */
  21#define K4  0xCA62C1D6L                 /* Rounds 60-79: sqrt(10) * 2^30 */
  22
  23/**
  24 * sha_transform - single block SHA1 transform
  25 *
  26 * @digest: 160 bit digest to update
  27 * @data:   512 bits of data to hash
  28 * @W:      80 words of workspace (see note)
  29 *
  30 * This function generates a SHA1 digest for a single 512-bit block.
  31 * Be warned, it does not handle padding and message digest, do not
  32 * confuse it with the full FIPS 180-1 digest algorithm for variable
  33 * length messages.
  34 *
  35 * Note: If the hash is security sensitive, the caller should be sure
  36 * to clear the workspace. This is left to the caller to avoid
  37 * unnecessary clears between chained hashing operations.
  38 */
  39void sha_transform(__u32 *digest, const char *in, __u32 *W)
  40{
  41        __u32 a, b, c, d, e, t, i;
  42
  43        for (i = 0; i < 16; i++)
  44                W[i] = be32_to_cpu(((const __be32 *)in)[i]);
  45
  46        for (i = 0; i < 64; i++)
  47                W[i+16] = rol32(W[i+13] ^ W[i+8] ^ W[i+2] ^ W[i], 1);
  48
  49        a = digest[0];
  50        b = digest[1];
  51        c = digest[2];
  52        d = digest[3];
  53        e = digest[4];
  54
  55        for (i = 0; i < 20; i++) {
  56                t = f1(b, c, d) + K1 + rol32(a, 5) + e + W[i];
  57                e = d; d = c; c = rol32(b, 30); b = a; a = t;
  58        }
  59
  60        for (; i < 40; i ++) {
  61                t = f2(b, c, d) + K2 + rol32(a, 5) + e + W[i];
  62                e = d; d = c; c = rol32(b, 30); b = a; a = t;
  63        }
  64
  65        for (; i < 60; i ++) {
  66                t = f3(b, c, d) + K3 + rol32(a, 5) + e + W[i];
  67                e = d; d = c; c = rol32(b, 30); b = a; a = t;
  68        }
  69
  70        for (; i < 80; i ++) {
  71                t = f2(b, c, d) + K4 + rol32(a, 5) + e + W[i];
  72                e = d; d = c; c = rol32(b, 30); b = a; a = t;
  73        }
  74
  75        digest[0] += a;
  76        digest[1] += b;
  77        digest[2] += c;
  78        digest[3] += d;
  79        digest[4] += e;
  80}
  81EXPORT_SYMBOL(sha_transform);
  82
  83/**
  84 * sha_init - initialize the vectors for a SHA1 digest
  85 * @buf: vector to initialize
  86 */
  87void sha_init(__u32 *buf)
  88{
  89        buf[0] = 0x67452301;
  90        buf[1] = 0xefcdab89;
  91        buf[2] = 0x98badcfe;
  92        buf[3] = 0x10325476;
  93        buf[4] = 0xc3d2e1f0;
  94}
  95
  96