Add support for IPv6 (not tested).

[ffftp/ffftp.git] / sha.c

/* Implementation of NIST's Secure Hash Algorithm (FIPS 180)\r
 * Lightly bummed for execution efficiency.\r
 *\r
 * Jim Gillogly 3 May 1993\r
 *\r
 * 27 Aug 93: imported SHA_LITTLE_ENDIAN mods from Peter Gutmann's implementation\r
 * 5 Jul 94: Modified for NSA fix\r
 *\r
 * Compile: cc -O -o sha sha.c\r
 *\r
 * To remove the test wrapper and use just the nist_hash() routine,\r
 *      compile with -DONT_WRAP\r
 *\r
 * To reverse byte order for little-endian machines, use -DSHA_LITTLE_ENDIAN\r
 *\r
 * To get the original SHA definition before the 1994 fix, use -DVERSION_0\r
 *\r
 * Usage: sha [-vt] [filename ...]\r
 *\r
 *      -v switch: output the filename as well\r
 *      -t switch: suppress spaces between 32-bit blocks\r
 *\r
 *      If no input files are specified, process standard input.\r
 *\r
 * Output: 40-hex-digit digest of each file specified (160 bits)\r
 *\r
 * Synopsis of the function calls:\r
 *\r
 *   sha_file(char *filename, uint32 *buffer)\r
 *      Filename is a file to be opened and processed.\r
 *      buffer is a user-supplied array of 5 or more longs.\r
 *      The 5-word buffer is filled with 160 bits of non-terminated hash.\r
 *      Returns 0 if successful, non-zero if bad file.\r
 *\r
 *   void sha_stream(FILE *stream, uint32 *buffer)\r
 *      Input is from already-opened stream, not file.\r
 *\r
 *   void sha_memory(char *mem, int32 length, uint32 *buffer)\r
 *      Input is a memory block "length" bytes long.\r
 *\r
 * Caveat:\r
 *      Not tested for case that requires the high word of the length,\r
 *      which would be files larger than 1/2 gig or so.\r
 *\r
 * Limitation:\r
 *      sha_memory (the memory block function) will deal with blocks no longer\r
 *      than 4 gigabytes; for longer samples, the stream version will\r
 *      probably be most convenient (e.g. perl moby_data.pl | sha).\r
 *\r
 * Bugs:\r
 *      The standard is defined for bit strings; I assume bytes.\r
 *\r
 * Copyright 1993, Dr. James J. Gillogly\r
 * This code may be freely used in any application.\r
 */\r
\r
/* #define VERSION_0 */  /* Define this to get the original SHA definition */\r
\r
#include <stdio.h>\r
#include <memory.h>\r
#include "sha.h"\r
\r
#ifdef MSDOS\r
# define SHA_LITTLE_ENDIAN\r
#endif\r
\r
#define VERBOSE\r
\r
#define TRUE  1\r
#define FALSE 0\r
\r
#define SUCCESS 0\r
#define FAILURE -1\r
\r
int sha_file();                         /* External entries */\r
void sha_stream(), sha_memory();\r
\r
static void nist_guts();\r
\r
#ifdef SHA_TEST_WRAP        /* make a test program */\r
\r
#define HASH_SIZE 5     /* Produces 160-bit digest of the message */\r
\r
main(argc, argv)\r
int argc;\r
char **argv;\r
{\r
    uint32 hbuf[HASH_SIZE];\r
    char *s;\r
    int file_args = FALSE;  /* If no files, take it from stdin */\r
    int verbose = FALSE;\r
    int terse = FALSE;\r
\r
#ifdef MEMTEST\r
    sha_memory("abc", 3l, hbuf);         /* NIST test value from appendix A */\r
    if (verbose) printf("Memory:");\r
    if (terse) printf("%08lx%08lx%08lx%08lx%08lx\n",\r
        hbuf[0], hbuf[1], hbuf[2], hbuf[3], hbuf[4]);\r
    else printf("%08lx %08lx %08lx %08lx %08lx\n",\r
        hbuf[0], hbuf[1], hbuf[2], hbuf[3], hbuf[4]);\r
#endif\r
\r
    for (++argv; --argc; ++argv)           /* March down the arg list */\r
    {\r
        if (**argv == '-')                 /* Process one or more flags */\r
            for (s = &(*argv)[1]; *s; s++) /* Obfuscated C contest entry */\r
                switch(*s)\r
                {\r
                    case 'v': case 'V':\r
                        verbose = TRUE;\r
                        break;\r
                    case 't': case 'T':\r
                        terse = TRUE;\r
                        break;\r
                    default:\r
                        fprintf(stderr, "Unrecognized flag: %c\n", *s);\r
                        return FALSE;\r
                }\r
        else                            /* Process a file */\r
        {\r
            if (verbose) printf("%s:", *argv);\r
            file_args = TRUE;           /* Whether or not we could read it */\r
\r
            if (sha_file(*argv, hbuf) == FAILURE)\r
                printf("Can't open file %s.\n", *argv);\r
            else\r
                if (terse) printf("%08lx%08lx%08lx%08lx%08lx\n",\r
                    hbuf[0], hbuf[1], hbuf[2], hbuf[3], hbuf[4]);\r
                else printf("%08lx %08lx %08lx %08lx %08lx\n",\r
                    hbuf[0], hbuf[1], hbuf[2], hbuf[3], hbuf[4]);\r
        }\r
    }\r
    if (! file_args)    /* No file specified */\r
    {\r
        if (verbose) printf("%s:", *argv);\r
        sha_stream(stdin, hbuf);\r
\r
        if (terse) printf("%08lx%08lx%08lx%08lx%08lx\n",\r
            hbuf[0], hbuf[1], hbuf[2], hbuf[3], hbuf[4]);\r
        else printf("%08lx %08lx %08lx %08lx %08lx\n",\r
            hbuf[0], hbuf[1], hbuf[2], hbuf[3], hbuf[4]);\r
    }\r
    return TRUE;\r
}\r
\r
#endif ONT_WRAP\r
\r
#ifdef SHA_LITTLE_ENDIAN    /* Imported from Peter Gutmann's implementation */\r
\r
/* When run on a little-endian CPU we need to perform byte reversal on an\r
   array of longwords.  It is possible to make the code endianness-\r
   independant by fiddling around with data at the byte level, but this\r
   makes for very slow code, so we rely on the user to sort out endianness\r
   at compile time */\r
\r
static void byteReverse( uint32 *buffer, int byteCount )\r
    {\r
    uint32 value;\r
    int count;\r
\r
    byteCount /= sizeof( uint32 );\r
    for( count = 0; count < byteCount; count++ )\r
        {\r
        value = ( buffer[ count ] << 16 ) | ( buffer[ count ] >> 16 );\r
        buffer[ count ] = ( ( value & 0xFF00FF00L ) >> 8 ) | ( ( value & 0x00FF00FFL ) << 8 );\r
        }\r
    }\r
#endif /* SHA_LITTLE_ENDIAN */\r
\r
\r
\r
union longbyte\r
{\r
    uint32 W[80];        /* Process 16 32-bit words at a time */\r
    char B[320];                /* But read them as bytes for counting */\r
};\r
\r
sha_file(filename, buffer)      /* Hash a file */\r
char *filename;\r
uint32 *buffer;\r
{\r
    FILE *infile;\r
\r
    if ((infile = fopen(filename, "rb")) == NULL)\r
    {\r
        int i;\r
\r
        for (i = 0; i < 5; i++)\r
            buffer[i] = 0xdeadbeef;\r
        return FAILURE;\r
    }\r
    (void) sha_stream(infile, buffer);\r
    fclose(infile);\r
    return SUCCESS;\r
}\r
\r
void sha_memory(mem, length, buffer)    /* Hash a memory block */\r
char *mem;\r
uint32 length;\r
uint32 *buffer;\r
{\r
    nist_guts(FALSE, (FILE *) NULL, mem, length, buffer);\r
}\r
\r
void sha_stream(stream, buffer)\r
FILE *stream;\r
uint32 *buffer;\r
{\r
    nist_guts(TRUE, stream, (char *) NULL, 0l, buffer);\r
}\r
\r
#define f0(x,y,z) (z ^ (x & (y ^ z)))           /* Magic functions */\r
#define f1(x,y,z) (x ^ y ^ z)\r
#define f2(x,y,z) ((x & y) | (z & (x | y)))\r
#define f3(x,y,z) (x ^ y ^ z)\r
\r
#define K0 0x5a827999                           /* Magic constants */\r
#define K1 0x6ed9eba1\r
#define K2 0x8f1bbcdc\r
#define K3 0xca62c1d6\r
\r
#define S(n, X) ((X << n) | (X >> (32 - n)))    /* Barrel roll */\r
\r
#define r0(f, K) \\r
    temp = S(5, A) + f(B, C, D) + E + *p0++ + K; \\r
    E = D;  \\r
    D = C;  \\r
    C = S(30, B); \\r
    B = A;  \\r
    A = temp\r
\r
#ifdef VERSION_0\r
#define r1(f, K) \\r
    temp = S(5, A) + f(B, C, D) + E + \\r
           (*p0++ = *p1++ ^ *p2++ ^ *p3++ ^ *p4++) + K; \\r
    E = D;  \\r
    D = C;  \\r
    C = S(30, B); \\r
    B = A;  \\r
    A = temp\r
#else                   /* Version 1: Summer '94 update */\r
#define r1(f, K) \\r
    temp = *p1++ ^ *p2++ ^ *p3++ ^ *p4++; \\r
    temp = S(5, A) + f(B, C, D) + E + (*p0++ = S(1,temp)) + K; \\r
    E = D;  \\r
    D = C;  \\r
    C = S(30, B); \\r
    B = A;  \\r
    A = temp\r
#endif\r
\r
static void nist_guts(file_flag, stream, mem, length, buf)\r
int file_flag;                  /* Input from memory, or from stream? */\r
FILE *stream;\r
char *mem;\r
uint32 length;\r
uint32 *buf;\r
{\r
    int i, nread, nbits;\r
    union longbyte d;\r
    uint32 hi_length, lo_length;\r
    int padded;\r
    char *s;\r
\r
    register uint32 *p0, *p1, *p2, *p3, *p4;\r
    uint32 A, B, C, D, E, temp;\r
\r
    uint32 h0, h1, h2, h3, h4;\r
\r
    h0 = 0x67452301;                            /* Accumulators */\r
    h1 = 0xefcdab89;\r
    h2 = 0x98badcfe;\r
    h3 = 0x10325476;\r
    h4 = 0xc3d2e1f0;\r
\r
    padded = FALSE;\r
    s = mem;\r
    for (hi_length = lo_length = 0; ;)  /* Process 16 longs at a time */\r
    {\r
        if (file_flag)\r
        {\r
                nread = fread(d.B, 1, 64, stream);  /* Read as 64 bytes */\r
        }\r
        else\r
        {\r
                if (length < 64) nread = length;\r
                else             nread = 64;\r
                length -= nread;\r
                memcpy(d.B, s, nread);\r
                s += nread;\r
        }\r
        if (nread < 64)   /* Partial block? */\r
        {\r
                nbits = nread << 3;               /* Length: bits */\r
                if ((lo_length += nbits) < (unsigned int)nbits)\r
                        hi_length++;              /* 64-bit integer */\r
\r
                if (nread < 64 && ! padded)  /* Append a single bit */\r
                {\r
                        d.B[nread++] = (char)0x80; /* Using up next byte */\r
                        padded = TRUE;       /* Single bit once */\r
                }\r
                for (i = nread; i < 64; i++) /* Pad with nulls */\r
                        d.B[i] = 0;\r
                if (nread <= 56)   /* Room for length in this block */\r
                {\r
                        d.W[14] = hi_length;\r
                        d.W[15] = lo_length;\r
#ifdef SHA_LITTLE_ENDIAN\r
              byteReverse(d.W, 56 );\r
#endif /* SHA_LITTLE_ENDIAN */\r
                }\r
#ifdef SHA_LITTLE_ENDIAN\r
           else byteReverse(d.W, 64 );\r
#endif /* SHA_LITTLE_ENDIAN */\r
        }\r
        else    /* Full block -- get efficient */\r
        {\r
                if ((lo_length += 512) < 512)\r
                        hi_length++;    /* 64-bit integer */\r
#ifdef SHA_LITTLE_ENDIAN\r
           byteReverse(d.W, 64 );\r
#endif /* SHA_LITTLE_ENDIAN */\r
        }\r
\r
        p0 = d.W;\r
        A = h0; B = h1; C = h2; D = h3; E = h4;\r
\r
        r0(f0,K0); r0(f0,K0); r0(f0,K0); r0(f0,K0); r0(f0,K0);\r
        r0(f0,K0); r0(f0,K0); r0(f0,K0); r0(f0,K0); r0(f0,K0);\r
        r0(f0,K0); r0(f0,K0); r0(f0,K0); r0(f0,K0); r0(f0,K0);\r
        r0(f0,K0);\r
\r
        p1 = &d.W[13]; p2 = &d.W[8]; p3 = &d.W[2]; p4 = &d.W[0];\r
\r
                   r1(f0,K0); r1(f0,K0); r1(f0,K0); r1(f0,K0);\r
        r1(f1,K1); r1(f1,K1); r1(f1,K1); r1(f1,K1); r1(f1,K1);\r
        r1(f1,K1); r1(f1,K1); r1(f1,K1); r1(f1,K1); r1(f1,K1);\r
        r1(f1,K1); r1(f1,K1); r1(f1,K1); r1(f1,K1); r1(f1,K1);\r
        r1(f1,K1); r1(f1,K1); r1(f1,K1); r1(f1,K1); r1(f1,K1);\r
        r1(f2,K2); r1(f2,K2); r1(f2,K2); r1(f2,K2); r1(f2,K2);\r
        r1(f2,K2); r1(f2,K2); r1(f2,K2); r1(f2,K2); r1(f2,K2);\r
        r1(f2,K2); r1(f2,K2); r1(f2,K2); r1(f2,K2); r1(f2,K2);\r
        r1(f2,K2); r1(f2,K2); r1(f2,K2); r1(f2,K2); r1(f2,K2);\r
        r1(f3,K3); r1(f3,K3); r1(f3,K3); r1(f3,K3); r1(f3,K3);\r
        r1(f3,K3); r1(f3,K3); r1(f3,K3); r1(f3,K3); r1(f3,K3);\r
        r1(f3,K3); r1(f3,K3); r1(f3,K3); r1(f3,K3); r1(f3,K3);\r
        r1(f3,K3); r1(f3,K3); r1(f3,K3); r1(f3,K3); r1(f3,K3);\r
\r
        h0 += A; h1 += B; h2 += C; h3 += D; h4 += E;\r
\r
        if (nread <= 56) break; /* If it's greater, length in next block */\r
    }\r
    buf[0] = h0; buf[1] = h1; buf[2] = h2; buf[3] = h3; buf[4] = h4;\r
}\r