diff options
Diffstat (limited to 'src/microhttpd_ws/sha1.c')
-rw-r--r-- | src/microhttpd_ws/sha1.c | 420 |
1 files changed, 420 insertions, 0 deletions
diff --git a/src/microhttpd_ws/sha1.c b/src/microhttpd_ws/sha1.c new file mode 100644 index 00000000..910c1bdb --- /dev/null +++ b/src/microhttpd_ws/sha1.c | |||
@@ -0,0 +1,420 @@ | |||
1 | /* sha1.c - Functions to compute SHA1 message digest of files or | ||
2 | memory blocks according to the NIST specification FIPS-180-1. | ||
3 | |||
4 | Copyright (C) 2000-2021 Free Software Foundation, Inc. | ||
5 | |||
6 | This program is free software; you can redistribute it and/or modify it | ||
7 | under the terms of the GNU General Public License as published by the | ||
8 | Free Software Foundation; either version 2, or (at your option) any | ||
9 | later version. | ||
10 | |||
11 | This program is distributed in the hope that it will be useful, | ||
12 | but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | GNU General Public License for more details. | ||
15 | |||
16 | You should have received a copy of the GNU General Public License | ||
17 | along with this program; if not, write to the Free Software Foundation, | ||
18 | Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ | ||
19 | |||
20 | /* Written by Scott G. Miller | ||
21 | Credits: | ||
22 | Robert Klep <robert@ilse.nl> -- Expansion function fix | ||
23 | */ | ||
24 | |||
25 | /*#include <config.h>*/ | ||
26 | |||
27 | #include "sha1.h" | ||
28 | |||
29 | #include <stddef.h> | ||
30 | #include <string.h> | ||
31 | |||
32 | #if USE_UNLOCKED_IO | ||
33 | # include "unlocked-io.h" | ||
34 | #endif | ||
35 | |||
36 | #ifdef WORDS_BIGENDIAN | ||
37 | # define SWAP(n) (n) | ||
38 | #else | ||
39 | # define SWAP(n) \ | ||
40 | (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24)) | ||
41 | #endif | ||
42 | |||
43 | #define BLOCKSIZE 4096 | ||
44 | #if BLOCKSIZE % 64 != 0 | ||
45 | # error "invalid BLOCKSIZE" | ||
46 | #endif | ||
47 | |||
48 | /* This array contains the bytes used to pad the buffer to the next | ||
49 | 64-byte boundary. (RFC 1321, 3.1: Step 1) */ | ||
50 | static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; | ||
51 | |||
52 | |||
53 | /* Take a pointer to a 160 bit block of data (five 32 bit ints) and | ||
54 | initialize it to the start constants of the SHA1 algorithm. This | ||
55 | must be called before using hash in the call to sha1_hash. */ | ||
56 | void | ||
57 | sha1_init_ctx (struct sha1_ctx *ctx) | ||
58 | { | ||
59 | ctx->A = 0x67452301; | ||
60 | ctx->B = 0xefcdab89; | ||
61 | ctx->C = 0x98badcfe; | ||
62 | ctx->D = 0x10325476; | ||
63 | ctx->E = 0xc3d2e1f0; | ||
64 | |||
65 | ctx->total[0] = ctx->total[1] = 0; | ||
66 | ctx->buflen = 0; | ||
67 | } | ||
68 | |||
69 | |||
70 | /* Put result from CTX in first 20 bytes following RESBUF. The result | ||
71 | must be in little endian byte order. | ||
72 | |||
73 | IMPORTANT: On some systems it is required that RESBUF is correctly | ||
74 | aligned for a 32-bit value. */ | ||
75 | void * | ||
76 | sha1_read_ctx (const struct sha1_ctx *ctx, void *resbuf) | ||
77 | { | ||
78 | ((sha1_uint32 *) resbuf)[0] = SWAP (ctx->A); | ||
79 | ((sha1_uint32 *) resbuf)[1] = SWAP (ctx->B); | ||
80 | ((sha1_uint32 *) resbuf)[2] = SWAP (ctx->C); | ||
81 | ((sha1_uint32 *) resbuf)[3] = SWAP (ctx->D); | ||
82 | ((sha1_uint32 *) resbuf)[4] = SWAP (ctx->E); | ||
83 | |||
84 | return resbuf; | ||
85 | } | ||
86 | |||
87 | |||
88 | /* Process the remaining bytes in the internal buffer and the usual | ||
89 | prolog according to the standard and write the result to RESBUF. | ||
90 | |||
91 | IMPORTANT: On some systems it is required that RESBUF is correctly | ||
92 | aligned for a 32-bit value. */ | ||
93 | void * | ||
94 | sha1_finish_ctx (struct sha1_ctx *ctx, void *resbuf) | ||
95 | { | ||
96 | /* Take yet unprocessed bytes into account. */ | ||
97 | sha1_uint32 bytes = ctx->buflen; | ||
98 | size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4; | ||
99 | |||
100 | /* Now count remaining bytes. */ | ||
101 | ctx->total[0] += bytes; | ||
102 | if (ctx->total[0] < bytes) | ||
103 | ++ctx->total[1]; | ||
104 | |||
105 | /* Put the 64-bit file length in *bits* at the end of the buffer. */ | ||
106 | ctx->buffer[size - 2] = SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29)); | ||
107 | ctx->buffer[size - 1] = SWAP (ctx->total[0] << 3); | ||
108 | |||
109 | memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes); | ||
110 | |||
111 | /* Process last bytes. */ | ||
112 | sha1_process_block (ctx->buffer, size * 4, ctx); | ||
113 | |||
114 | return sha1_read_ctx (ctx, resbuf); | ||
115 | } | ||
116 | |||
117 | |||
118 | /* Compute SHA1 message digest for bytes read from STREAM. The | ||
119 | resulting message digest number will be written into the 16 bytes | ||
120 | beginning at RESBLOCK. */ | ||
121 | int | ||
122 | sha1_stream (FILE *stream, void *resblock) | ||
123 | { | ||
124 | struct sha1_ctx ctx; | ||
125 | char buffer[BLOCKSIZE + 72]; | ||
126 | size_t sum; | ||
127 | |||
128 | /* Initialize the computation context. */ | ||
129 | sha1_init_ctx (&ctx); | ||
130 | |||
131 | /* Iterate over full file contents. */ | ||
132 | while (1) | ||
133 | { | ||
134 | /* We read the file in blocks of BLOCKSIZE bytes. One call of the | ||
135 | computation function processes the whole buffer so that with the | ||
136 | next round of the loop another block can be read. */ | ||
137 | size_t n; | ||
138 | sum = 0; | ||
139 | |||
140 | /* Read block. Take care for partial reads. */ | ||
141 | while (1) | ||
142 | { | ||
143 | n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); | ||
144 | |||
145 | sum += n; | ||
146 | |||
147 | if (sum == BLOCKSIZE) | ||
148 | break; | ||
149 | |||
150 | if (n == 0) | ||
151 | { | ||
152 | /* Check for the error flag IFF N == 0, so that we don't | ||
153 | exit the loop after a partial read due to e.g., EAGAIN | ||
154 | or EWOULDBLOCK. */ | ||
155 | if (ferror (stream)) | ||
156 | return 1; | ||
157 | goto process_partial_block; | ||
158 | } | ||
159 | |||
160 | /* We've read at least one byte, so ignore errors. But always | ||
161 | check for EOF, since feof may be true even though N > 0. | ||
162 | Otherwise, we could end up calling fread after EOF. */ | ||
163 | if (feof (stream)) | ||
164 | goto process_partial_block; | ||
165 | } | ||
166 | |||
167 | /* Process buffer with BLOCKSIZE bytes. Note that | ||
168 | BLOCKSIZE % 64 == 0 | ||
169 | */ | ||
170 | sha1_process_block (buffer, BLOCKSIZE, &ctx); | ||
171 | } | ||
172 | |||
173 | process_partial_block:; | ||
174 | |||
175 | /* Process any remaining bytes. */ | ||
176 | if (sum > 0) | ||
177 | sha1_process_bytes (buffer, sum, &ctx); | ||
178 | |||
179 | /* Construct result in desired memory. */ | ||
180 | sha1_finish_ctx (&ctx, resblock); | ||
181 | return 0; | ||
182 | } | ||
183 | |||
184 | |||
185 | /* Compute SHA1 message digest for LEN bytes beginning at BUFFER. The | ||
186 | result is always in little endian byte order, so that a byte-wise | ||
187 | output yields to the wanted ASCII representation of the message | ||
188 | digest. */ | ||
189 | void * | ||
190 | sha1_buffer (const char *buffer, size_t len, void *resblock) | ||
191 | { | ||
192 | struct sha1_ctx ctx; | ||
193 | |||
194 | /* Initialize the computation context. */ | ||
195 | sha1_init_ctx (&ctx); | ||
196 | |||
197 | /* Process whole buffer but last len % 64 bytes. */ | ||
198 | sha1_process_bytes (buffer, len, &ctx); | ||
199 | |||
200 | /* Put result in desired memory area. */ | ||
201 | return sha1_finish_ctx (&ctx, resblock); | ||
202 | } | ||
203 | |||
204 | |||
205 | void | ||
206 | sha1_process_bytes (const void *buffer, size_t len, struct sha1_ctx *ctx) | ||
207 | { | ||
208 | /* When we already have some bits in our internal buffer concatenate | ||
209 | both inputs first. */ | ||
210 | if (ctx->buflen != 0) | ||
211 | { | ||
212 | size_t left_over = ctx->buflen; | ||
213 | size_t add = 128 - left_over > len ? len : 128 - left_over; | ||
214 | |||
215 | memcpy (&((char *) ctx->buffer)[left_over], buffer, add); | ||
216 | ctx->buflen += add; | ||
217 | |||
218 | if (ctx->buflen > 64) | ||
219 | { | ||
220 | sha1_process_block (ctx->buffer, ctx->buflen & ~63, ctx); | ||
221 | |||
222 | ctx->buflen &= 63; | ||
223 | /* The regions in the following copy operation cannot overlap. */ | ||
224 | memcpy (ctx->buffer, | ||
225 | &((char *) ctx->buffer)[(left_over + add) & ~63], | ||
226 | ctx->buflen); | ||
227 | } | ||
228 | |||
229 | buffer = (const char *) buffer + add; | ||
230 | len -= add; | ||
231 | } | ||
232 | |||
233 | /* Process available complete blocks. */ | ||
234 | if (len >= 64) | ||
235 | { | ||
236 | #if ! _STRING_ARCH_unaligned | ||
237 | # define alignof(type) offsetof (struct { char c; type x; }, x) | ||
238 | # define UNALIGNED_P(p) (((size_t) p) % alignof (sha1_uint32) != 0) | ||
239 | if (UNALIGNED_P (buffer)) | ||
240 | while (len > 64) | ||
241 | { | ||
242 | sha1_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx); | ||
243 | buffer = (const char *) buffer + 64; | ||
244 | len -= 64; | ||
245 | } | ||
246 | else | ||
247 | #endif | ||
248 | { | ||
249 | sha1_process_block (buffer, len & ~63, ctx); | ||
250 | buffer = (const char *) buffer + (len & ~63); | ||
251 | len &= 63; | ||
252 | } | ||
253 | } | ||
254 | |||
255 | /* Move remaining bytes in internal buffer. */ | ||
256 | if (len > 0) | ||
257 | { | ||
258 | size_t left_over = ctx->buflen; | ||
259 | |||
260 | memcpy (&((char *) ctx->buffer)[left_over], buffer, len); | ||
261 | left_over += len; | ||
262 | if (left_over >= 64) | ||
263 | { | ||
264 | sha1_process_block (ctx->buffer, 64, ctx); | ||
265 | left_over -= 64; | ||
266 | memmove (ctx->buffer, &ctx->buffer[16], left_over); | ||
267 | } | ||
268 | ctx->buflen = left_over; | ||
269 | } | ||
270 | } | ||
271 | |||
272 | |||
273 | /* --- Code below is the primary difference between md5.c and sha1.c --- */ | ||
274 | |||
275 | /* SHA1 round constants */ | ||
276 | #define K1 0x5a827999 | ||
277 | #define K2 0x6ed9eba1 | ||
278 | #define K3 0x8f1bbcdc | ||
279 | #define K4 0xca62c1d6 | ||
280 | |||
281 | /* Round functions. Note that F2 is the same as F4. */ | ||
282 | #define F1(B,C,D) ( D ^ ( B & ( C ^ D ) ) ) | ||
283 | #define F2(B,C,D) (B ^ C ^ D) | ||
284 | #define F3(B,C,D) ( ( B & C ) | ( D & ( B | C ) ) ) | ||
285 | #define F4(B,C,D) (B ^ C ^ D) | ||
286 | |||
287 | /* Process LEN bytes of BUFFER, accumulating context into CTX. | ||
288 | It is assumed that LEN % 64 == 0. | ||
289 | Most of this code comes from GnuPG's cipher/sha1.c. */ | ||
290 | |||
291 | void | ||
292 | sha1_process_block (const void *buffer, size_t len, struct sha1_ctx *ctx) | ||
293 | { | ||
294 | const sha1_uint32 *words = (const sha1_uint32*) buffer; | ||
295 | size_t nwords = len / sizeof (sha1_uint32); | ||
296 | const sha1_uint32 *endp = words + nwords; | ||
297 | sha1_uint32 x[16]; | ||
298 | sha1_uint32 a = ctx->A; | ||
299 | sha1_uint32 b = ctx->B; | ||
300 | sha1_uint32 c = ctx->C; | ||
301 | sha1_uint32 d = ctx->D; | ||
302 | sha1_uint32 e = ctx->E; | ||
303 | |||
304 | /* First increment the byte count. RFC 1321 specifies the possible | ||
305 | length of the file up to 2^64 bits. Here we only compute the | ||
306 | number of bytes. Do a double word increment. */ | ||
307 | ctx->total[0] += len; | ||
308 | ctx->total[1] += ((len >> 31) >> 1) + (ctx->total[0] < len); | ||
309 | |||
310 | #define rol(x, n) (((x) << (n)) | ((sha1_uint32) (x) >> (32 - (n)))) | ||
311 | |||
312 | #define M(I) ( tm = x[I&0x0f] ^ x[(I-14)&0x0f] \ | ||
313 | ^ x[(I-8)&0x0f] ^ x[(I-3)&0x0f] \ | ||
314 | , (x[I&0x0f] = rol(tm, 1)) ) | ||
315 | |||
316 | #define R(A,B,C,D,E,F,K,M) do { E += rol( A, 5 ) \ | ||
317 | + F( B, C, D ) \ | ||
318 | + K \ | ||
319 | + M; \ | ||
320 | B = rol( B, 30 ); \ | ||
321 | } while(0) | ||
322 | |||
323 | while (words < endp) | ||
324 | { | ||
325 | sha1_uint32 tm; | ||
326 | int t; | ||
327 | for (t = 0; t < 16; t++) | ||
328 | { | ||
329 | x[t] = SWAP (*words); | ||
330 | words++; | ||
331 | } | ||
332 | |||
333 | R (a, b, c, d, e, F1, K1, x[ 0]); | ||
334 | R (e, a, b, c, d, F1, K1, x[ 1]); | ||
335 | R (d, e, a, b, c, F1, K1, x[ 2]); | ||
336 | R (c, d, e, a, b, F1, K1, x[ 3]); | ||
337 | R (b, c, d, e, a, F1, K1, x[ 4]); | ||
338 | R (a, b, c, d, e, F1, K1, x[ 5]); | ||
339 | R (e, a, b, c, d, F1, K1, x[ 6]); | ||
340 | R (d, e, a, b, c, F1, K1, x[ 7]); | ||
341 | R (c, d, e, a, b, F1, K1, x[ 8]); | ||
342 | R (b, c, d, e, a, F1, K1, x[ 9]); | ||
343 | R (a, b, c, d, e, F1, K1, x[10]); | ||
344 | R (e, a, b, c, d, F1, K1, x[11]); | ||
345 | R (d, e, a, b, c, F1, K1, x[12]); | ||
346 | R (c, d, e, a, b, F1, K1, x[13]); | ||
347 | R (b, c, d, e, a, F1, K1, x[14]); | ||
348 | R (a, b, c, d, e, F1, K1, x[15]); | ||
349 | R (e, a, b, c, d, F1, K1, M (16) ); | ||
350 | R (d, e, a, b, c, F1, K1, M (17) ); | ||
351 | R (c, d, e, a, b, F1, K1, M (18) ); | ||
352 | R (b, c, d, e, a, F1, K1, M (19) ); | ||
353 | R (a, b, c, d, e, F2, K2, M (20) ); | ||
354 | R (e, a, b, c, d, F2, K2, M (21) ); | ||
355 | R (d, e, a, b, c, F2, K2, M (22) ); | ||
356 | R (c, d, e, a, b, F2, K2, M (23) ); | ||
357 | R (b, c, d, e, a, F2, K2, M (24) ); | ||
358 | R (a, b, c, d, e, F2, K2, M (25) ); | ||
359 | R (e, a, b, c, d, F2, K2, M (26) ); | ||
360 | R (d, e, a, b, c, F2, K2, M (27) ); | ||
361 | R (c, d, e, a, b, F2, K2, M (28) ); | ||
362 | R (b, c, d, e, a, F2, K2, M (29) ); | ||
363 | R (a, b, c, d, e, F2, K2, M (30) ); | ||
364 | R (e, a, b, c, d, F2, K2, M (31) ); | ||
365 | R (d, e, a, b, c, F2, K2, M (32) ); | ||
366 | R (c, d, e, a, b, F2, K2, M (33) ); | ||
367 | R (b, c, d, e, a, F2, K2, M (34) ); | ||
368 | R (a, b, c, d, e, F2, K2, M (35) ); | ||
369 | R (e, a, b, c, d, F2, K2, M (36) ); | ||
370 | R (d, e, a, b, c, F2, K2, M (37) ); | ||
371 | R (c, d, e, a, b, F2, K2, M (38) ); | ||
372 | R (b, c, d, e, a, F2, K2, M (39) ); | ||
373 | R (a, b, c, d, e, F3, K3, M (40) ); | ||
374 | R (e, a, b, c, d, F3, K3, M (41) ); | ||
375 | R (d, e, a, b, c, F3, K3, M (42) ); | ||
376 | R (c, d, e, a, b, F3, K3, M (43) ); | ||
377 | R (b, c, d, e, a, F3, K3, M (44) ); | ||
378 | R (a, b, c, d, e, F3, K3, M (45) ); | ||
379 | R (e, a, b, c, d, F3, K3, M (46) ); | ||
380 | R (d, e, a, b, c, F3, K3, M (47) ); | ||
381 | R (c, d, e, a, b, F3, K3, M (48) ); | ||
382 | R (b, c, d, e, a, F3, K3, M (49) ); | ||
383 | R (a, b, c, d, e, F3, K3, M (50) ); | ||
384 | R (e, a, b, c, d, F3, K3, M (51) ); | ||
385 | R (d, e, a, b, c, F3, K3, M (52) ); | ||
386 | R (c, d, e, a, b, F3, K3, M (53) ); | ||
387 | R (b, c, d, e, a, F3, K3, M (54) ); | ||
388 | R (a, b, c, d, e, F3, K3, M (55) ); | ||
389 | R (e, a, b, c, d, F3, K3, M (56) ); | ||
390 | R (d, e, a, b, c, F3, K3, M (57) ); | ||
391 | R (c, d, e, a, b, F3, K3, M (58) ); | ||
392 | R (b, c, d, e, a, F3, K3, M (59) ); | ||
393 | R (a, b, c, d, e, F4, K4, M (60) ); | ||
394 | R (e, a, b, c, d, F4, K4, M (61) ); | ||
395 | R (d, e, a, b, c, F4, K4, M (62) ); | ||
396 | R (c, d, e, a, b, F4, K4, M (63) ); | ||
397 | R (b, c, d, e, a, F4, K4, M (64) ); | ||
398 | R (a, b, c, d, e, F4, K4, M (65) ); | ||
399 | R (e, a, b, c, d, F4, K4, M (66) ); | ||
400 | R (d, e, a, b, c, F4, K4, M (67) ); | ||
401 | R (c, d, e, a, b, F4, K4, M (68) ); | ||
402 | R (b, c, d, e, a, F4, K4, M (69) ); | ||
403 | R (a, b, c, d, e, F4, K4, M (70) ); | ||
404 | R (e, a, b, c, d, F4, K4, M (71) ); | ||
405 | R (d, e, a, b, c, F4, K4, M (72) ); | ||
406 | R (c, d, e, a, b, F4, K4, M (73) ); | ||
407 | R (b, c, d, e, a, F4, K4, M (74) ); | ||
408 | R (a, b, c, d, e, F4, K4, M (75) ); | ||
409 | R (e, a, b, c, d, F4, K4, M (76) ); | ||
410 | R (d, e, a, b, c, F4, K4, M (77) ); | ||
411 | R (c, d, e, a, b, F4, K4, M (78) ); | ||
412 | R (b, c, d, e, a, F4, K4, M (79) ); | ||
413 | |||
414 | a = ctx->A += a; | ||
415 | b = ctx->B += b; | ||
416 | c = ctx->C += c; | ||
417 | d = ctx->D += d; | ||
418 | e = ctx->E += e; | ||
419 | } | ||
420 | } | ||