Back to index

nagios-plugins  1.4.16
sha1.c
Go to the documentation of this file.
00001 /* sha1.c - Functions to compute SHA1 message digest of files or
00002    memory blocks according to the NIST specification FIPS-180-1.
00003 
00004    Copyright (C) 2000, 2001, 2003, 2004, 2005, 2006, 2008, 2009, 2010 Free
00005    Software Foundation, Inc.
00006 
00007    This program is free software; you can redistribute it and/or modify it
00008    under the terms of the GNU General Public License as published by the
00009    Free Software Foundation; either version 3, or (at your option) any
00010    later version.
00011 
00012    This program is distributed in the hope that it will be useful,
00013    but WITHOUT ANY WARRANTY; without even the implied warranty of
00014    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00015    GNU General Public License for more details.
00016 
00017    You should have received a copy of the GNU General Public License
00018    along with this program; if not, write to the Free Software Foundation,
00019    Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.  */
00020 
00021 /* Written by Scott G. Miller
00022    Credits:
00023       Robert Klep <robert@ilse.nl>  -- Expansion function fix
00024 */
00025 
00026 #include <config.h>
00027 
00028 #include "sha1.h"
00029 
00030 #include <stddef.h>
00031 #include <stdlib.h>
00032 #include <string.h>
00033 
00034 #if USE_UNLOCKED_IO
00035 # include "unlocked-io.h"
00036 #endif
00037 
00038 #ifdef WORDS_BIGENDIAN
00039 # define SWAP(n) (n)
00040 #else
00041 # define SWAP(n) \
00042     (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
00043 #endif
00044 
00045 #define BLOCKSIZE 32768
00046 #if BLOCKSIZE % 64 != 0
00047 # error "invalid BLOCKSIZE"
00048 #endif
00049 
00050 /* This array contains the bytes used to pad the buffer to the next
00051    64-byte boundary.  (RFC 1321, 3.1: Step 1)  */
00052 static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ...  */ };
00053 
00054 
00055 /* Take a pointer to a 160 bit block of data (five 32 bit ints) and
00056    initialize it to the start constants of the SHA1 algorithm.  This
00057    must be called before using hash in the call to sha1_hash.  */
00058 void
00059 sha1_init_ctx (struct sha1_ctx *ctx)
00060 {
00061   ctx->A = 0x67452301;
00062   ctx->B = 0xefcdab89;
00063   ctx->C = 0x98badcfe;
00064   ctx->D = 0x10325476;
00065   ctx->E = 0xc3d2e1f0;
00066 
00067   ctx->total[0] = ctx->total[1] = 0;
00068   ctx->buflen = 0;
00069 }
00070 
00071 /* Copy the 4 byte value from v into the memory location pointed to by *cp,
00072    If your architecture allows unaligned access this is equivalent to
00073    * (uint32_t *) cp = v  */
00074 static inline void
00075 set_uint32 (char *cp, uint32_t v)
00076 {
00077   memcpy (cp, &v, sizeof v);
00078 }
00079 
00080 /* Put result from CTX in first 20 bytes following RESBUF.  The result
00081    must be in little endian byte order.  */
00082 void *
00083 sha1_read_ctx (const struct sha1_ctx *ctx, void *resbuf)
00084 {
00085   char *r = resbuf;
00086   set_uint32 (r + 0 * sizeof ctx->A, SWAP (ctx->A));
00087   set_uint32 (r + 1 * sizeof ctx->B, SWAP (ctx->B));
00088   set_uint32 (r + 2 * sizeof ctx->C, SWAP (ctx->C));
00089   set_uint32 (r + 3 * sizeof ctx->D, SWAP (ctx->D));
00090   set_uint32 (r + 4 * sizeof ctx->E, SWAP (ctx->E));
00091 
00092   return resbuf;
00093 }
00094 
00095 /* Process the remaining bytes in the internal buffer and the usual
00096    prolog according to the standard and write the result to RESBUF.  */
00097 void *
00098 sha1_finish_ctx (struct sha1_ctx *ctx, void *resbuf)
00099 {
00100   /* Take yet unprocessed bytes into account.  */
00101   uint32_t bytes = ctx->buflen;
00102   size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4;
00103 
00104   /* Now count remaining bytes.  */
00105   ctx->total[0] += bytes;
00106   if (ctx->total[0] < bytes)
00107     ++ctx->total[1];
00108 
00109   /* Put the 64-bit file length in *bits* at the end of the buffer.  */
00110   ctx->buffer[size - 2] = SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29));
00111   ctx->buffer[size - 1] = SWAP (ctx->total[0] << 3);
00112 
00113   memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes);
00114 
00115   /* Process last bytes.  */
00116   sha1_process_block (ctx->buffer, size * 4, ctx);
00117 
00118   return sha1_read_ctx (ctx, resbuf);
00119 }
00120 
00121 /* Compute SHA1 message digest for bytes read from STREAM.  The
00122    resulting message digest number will be written into the 16 bytes
00123    beginning at RESBLOCK.  */
00124 int
00125 sha1_stream (FILE *stream, void *resblock)
00126 {
00127   struct sha1_ctx ctx;
00128   size_t sum;
00129 
00130   char *buffer = malloc (BLOCKSIZE + 72);
00131   if (!buffer)
00132     return 1;
00133 
00134   /* Initialize the computation context.  */
00135   sha1_init_ctx (&ctx);
00136 
00137   /* Iterate over full file contents.  */
00138   while (1)
00139     {
00140       /* We read the file in blocks of BLOCKSIZE bytes.  One call of the
00141          computation function processes the whole buffer so that with the
00142          next round of the loop another block can be read.  */
00143       size_t n;
00144       sum = 0;
00145 
00146       /* Read block.  Take care for partial reads.  */
00147       while (1)
00148         {
00149           n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
00150 
00151           sum += n;
00152 
00153           if (sum == BLOCKSIZE)
00154             break;
00155 
00156           if (n == 0)
00157             {
00158               /* Check for the error flag IFF N == 0, so that we don't
00159                  exit the loop after a partial read due to e.g., EAGAIN
00160                  or EWOULDBLOCK.  */
00161               if (ferror (stream))
00162                 {
00163                   free (buffer);
00164                   return 1;
00165                 }
00166               goto process_partial_block;
00167             }
00168 
00169           /* We've read at least one byte, so ignore errors.  But always
00170              check for EOF, since feof may be true even though N > 0.
00171              Otherwise, we could end up calling fread after EOF.  */
00172           if (feof (stream))
00173             goto process_partial_block;
00174         }
00175 
00176       /* Process buffer with BLOCKSIZE bytes.  Note that
00177                         BLOCKSIZE % 64 == 0
00178        */
00179       sha1_process_block (buffer, BLOCKSIZE, &ctx);
00180     }
00181 
00182  process_partial_block:;
00183 
00184   /* Process any remaining bytes.  */
00185   if (sum > 0)
00186     sha1_process_bytes (buffer, sum, &ctx);
00187 
00188   /* Construct result in desired memory.  */
00189   sha1_finish_ctx (&ctx, resblock);
00190   free (buffer);
00191   return 0;
00192 }
00193 
00194 /* Compute SHA1 message digest for LEN bytes beginning at BUFFER.  The
00195    result is always in little endian byte order, so that a byte-wise
00196    output yields to the wanted ASCII representation of the message
00197    digest.  */
00198 void *
00199 sha1_buffer (const char *buffer, size_t len, void *resblock)
00200 {
00201   struct sha1_ctx ctx;
00202 
00203   /* Initialize the computation context.  */
00204   sha1_init_ctx (&ctx);
00205 
00206   /* Process whole buffer but last len % 64 bytes.  */
00207   sha1_process_bytes (buffer, len, &ctx);
00208 
00209   /* Put result in desired memory area.  */
00210   return sha1_finish_ctx (&ctx, resblock);
00211 }
00212 
00213 void
00214 sha1_process_bytes (const void *buffer, size_t len, struct sha1_ctx *ctx)
00215 {
00216   /* When we already have some bits in our internal buffer concatenate
00217      both inputs first.  */
00218   if (ctx->buflen != 0)
00219     {
00220       size_t left_over = ctx->buflen;
00221       size_t add = 128 - left_over > len ? len : 128 - left_over;
00222 
00223       memcpy (&((char *) ctx->buffer)[left_over], buffer, add);
00224       ctx->buflen += add;
00225 
00226       if (ctx->buflen > 64)
00227         {
00228           sha1_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
00229 
00230           ctx->buflen &= 63;
00231           /* The regions in the following copy operation cannot overlap.  */
00232           memcpy (ctx->buffer,
00233                   &((char *) ctx->buffer)[(left_over + add) & ~63],
00234                   ctx->buflen);
00235         }
00236 
00237       buffer = (const char *) buffer + add;
00238       len -= add;
00239     }
00240 
00241   /* Process available complete blocks.  */
00242   if (len >= 64)
00243     {
00244 #if !_STRING_ARCH_unaligned
00245 # define alignof(type) offsetof (struct { char c; type x; }, x)
00246 # define UNALIGNED_P(p) (((size_t) p) % alignof (uint32_t) != 0)
00247       if (UNALIGNED_P (buffer))
00248         while (len > 64)
00249           {
00250             sha1_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
00251             buffer = (const char *) buffer + 64;
00252             len -= 64;
00253           }
00254       else
00255 #endif
00256         {
00257           sha1_process_block (buffer, len & ~63, ctx);
00258           buffer = (const char *) buffer + (len & ~63);
00259           len &= 63;
00260         }
00261     }
00262 
00263   /* Move remaining bytes in internal buffer.  */
00264   if (len > 0)
00265     {
00266       size_t left_over = ctx->buflen;
00267 
00268       memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
00269       left_over += len;
00270       if (left_over >= 64)
00271         {
00272           sha1_process_block (ctx->buffer, 64, ctx);
00273           left_over -= 64;
00274           memcpy (ctx->buffer, &ctx->buffer[16], left_over);
00275         }
00276       ctx->buflen = left_over;
00277     }
00278 }
00279 
00280 /* --- Code below is the primary difference between md5.c and sha1.c --- */
00281 
00282 /* SHA1 round constants */
00283 #define K1 0x5a827999
00284 #define K2 0x6ed9eba1
00285 #define K3 0x8f1bbcdc
00286 #define K4 0xca62c1d6
00287 
00288 /* Round functions.  Note that F2 is the same as F4.  */
00289 #define F1(B,C,D) ( D ^ ( B & ( C ^ D ) ) )
00290 #define F2(B,C,D) (B ^ C ^ D)
00291 #define F3(B,C,D) ( ( B & C ) | ( D & ( B | C ) ) )
00292 #define F4(B,C,D) (B ^ C ^ D)
00293 
00294 /* Process LEN bytes of BUFFER, accumulating context into CTX.
00295    It is assumed that LEN % 64 == 0.
00296    Most of this code comes from GnuPG's cipher/sha1.c.  */
00297 
00298 void
00299 sha1_process_block (const void *buffer, size_t len, struct sha1_ctx *ctx)
00300 {
00301   const uint32_t *words = buffer;
00302   size_t nwords = len / sizeof (uint32_t);
00303   const uint32_t *endp = words + nwords;
00304   uint32_t x[16];
00305   uint32_t a = ctx->A;
00306   uint32_t b = ctx->B;
00307   uint32_t c = ctx->C;
00308   uint32_t d = ctx->D;
00309   uint32_t e = ctx->E;
00310 
00311   /* First increment the byte count.  RFC 1321 specifies the possible
00312      length of the file up to 2^64 bits.  Here we only compute the
00313      number of bytes.  Do a double word increment.  */
00314   ctx->total[0] += len;
00315   if (ctx->total[0] < len)
00316     ++ctx->total[1];
00317 
00318 #define rol(x, n) (((x) << (n)) | ((uint32_t) (x) >> (32 - (n))))
00319 
00320 #define M(I) ( tm =   x[I&0x0f] ^ x[(I-14)&0x0f] \
00321                     ^ x[(I-8)&0x0f] ^ x[(I-3)&0x0f] \
00322                , (x[I&0x0f] = rol(tm, 1)) )
00323 
00324 #define R(A,B,C,D,E,F,K,M)  do { E += rol( A, 5 )     \
00325                                       + F( B, C, D )  \
00326                                       + K             \
00327                                       + M;            \
00328                                  B = rol( B, 30 );    \
00329                                } while(0)
00330 
00331   while (words < endp)
00332     {
00333       uint32_t tm;
00334       int t;
00335       for (t = 0; t < 16; t++)
00336         {
00337           x[t] = SWAP (*words);
00338           words++;
00339         }
00340 
00341       R( a, b, c, d, e, F1, K1, x[ 0] );
00342       R( e, a, b, c, d, F1, K1, x[ 1] );
00343       R( d, e, a, b, c, F1, K1, x[ 2] );
00344       R( c, d, e, a, b, F1, K1, x[ 3] );
00345       R( b, c, d, e, a, F1, K1, x[ 4] );
00346       R( a, b, c, d, e, F1, K1, x[ 5] );
00347       R( e, a, b, c, d, F1, K1, x[ 6] );
00348       R( d, e, a, b, c, F1, K1, x[ 7] );
00349       R( c, d, e, a, b, F1, K1, x[ 8] );
00350       R( b, c, d, e, a, F1, K1, x[ 9] );
00351       R( a, b, c, d, e, F1, K1, x[10] );
00352       R( e, a, b, c, d, F1, K1, x[11] );
00353       R( d, e, a, b, c, F1, K1, x[12] );
00354       R( c, d, e, a, b, F1, K1, x[13] );
00355       R( b, c, d, e, a, F1, K1, x[14] );
00356       R( a, b, c, d, e, F1, K1, x[15] );
00357       R( e, a, b, c, d, F1, K1, M(16) );
00358       R( d, e, a, b, c, F1, K1, M(17) );
00359       R( c, d, e, a, b, F1, K1, M(18) );
00360       R( b, c, d, e, a, F1, K1, M(19) );
00361       R( a, b, c, d, e, F2, K2, M(20) );
00362       R( e, a, b, c, d, F2, K2, M(21) );
00363       R( d, e, a, b, c, F2, K2, M(22) );
00364       R( c, d, e, a, b, F2, K2, M(23) );
00365       R( b, c, d, e, a, F2, K2, M(24) );
00366       R( a, b, c, d, e, F2, K2, M(25) );
00367       R( e, a, b, c, d, F2, K2, M(26) );
00368       R( d, e, a, b, c, F2, K2, M(27) );
00369       R( c, d, e, a, b, F2, K2, M(28) );
00370       R( b, c, d, e, a, F2, K2, M(29) );
00371       R( a, b, c, d, e, F2, K2, M(30) );
00372       R( e, a, b, c, d, F2, K2, M(31) );
00373       R( d, e, a, b, c, F2, K2, M(32) );
00374       R( c, d, e, a, b, F2, K2, M(33) );
00375       R( b, c, d, e, a, F2, K2, M(34) );
00376       R( a, b, c, d, e, F2, K2, M(35) );
00377       R( e, a, b, c, d, F2, K2, M(36) );
00378       R( d, e, a, b, c, F2, K2, M(37) );
00379       R( c, d, e, a, b, F2, K2, M(38) );
00380       R( b, c, d, e, a, F2, K2, M(39) );
00381       R( a, b, c, d, e, F3, K3, M(40) );
00382       R( e, a, b, c, d, F3, K3, M(41) );
00383       R( d, e, a, b, c, F3, K3, M(42) );
00384       R( c, d, e, a, b, F3, K3, M(43) );
00385       R( b, c, d, e, a, F3, K3, M(44) );
00386       R( a, b, c, d, e, F3, K3, M(45) );
00387       R( e, a, b, c, d, F3, K3, M(46) );
00388       R( d, e, a, b, c, F3, K3, M(47) );
00389       R( c, d, e, a, b, F3, K3, M(48) );
00390       R( b, c, d, e, a, F3, K3, M(49) );
00391       R( a, b, c, d, e, F3, K3, M(50) );
00392       R( e, a, b, c, d, F3, K3, M(51) );
00393       R( d, e, a, b, c, F3, K3, M(52) );
00394       R( c, d, e, a, b, F3, K3, M(53) );
00395       R( b, c, d, e, a, F3, K3, M(54) );
00396       R( a, b, c, d, e, F3, K3, M(55) );
00397       R( e, a, b, c, d, F3, K3, M(56) );
00398       R( d, e, a, b, c, F3, K3, M(57) );
00399       R( c, d, e, a, b, F3, K3, M(58) );
00400       R( b, c, d, e, a, F3, K3, M(59) );
00401       R( a, b, c, d, e, F4, K4, M(60) );
00402       R( e, a, b, c, d, F4, K4, M(61) );
00403       R( d, e, a, b, c, F4, K4, M(62) );
00404       R( c, d, e, a, b, F4, K4, M(63) );
00405       R( b, c, d, e, a, F4, K4, M(64) );
00406       R( a, b, c, d, e, F4, K4, M(65) );
00407       R( e, a, b, c, d, F4, K4, M(66) );
00408       R( d, e, a, b, c, F4, K4, M(67) );
00409       R( c, d, e, a, b, F4, K4, M(68) );
00410       R( b, c, d, e, a, F4, K4, M(69) );
00411       R( a, b, c, d, e, F4, K4, M(70) );
00412       R( e, a, b, c, d, F4, K4, M(71) );
00413       R( d, e, a, b, c, F4, K4, M(72) );
00414       R( c, d, e, a, b, F4, K4, M(73) );
00415       R( b, c, d, e, a, F4, K4, M(74) );
00416       R( a, b, c, d, e, F4, K4, M(75) );
00417       R( e, a, b, c, d, F4, K4, M(76) );
00418       R( d, e, a, b, c, F4, K4, M(77) );
00419       R( c, d, e, a, b, F4, K4, M(78) );
00420       R( b, c, d, e, a, F4, K4, M(79) );
00421 
00422       a = ctx->A += a;
00423       b = ctx->B += b;
00424       c = ctx->C += c;
00425       d = ctx->D += d;
00426       e = ctx->E += e;
00427     }
00428 }