Line data Source code
1 : /* sha1.c - SHA1 hash function
2 : * Copyright (C) 1998, 2001, 2002, 2003, 2008 Free Software Foundation, Inc.
3 : *
4 : * This file is part of Libgcrypt.
5 : *
6 : * Libgcrypt is free software; you can redistribute it and/or modify
7 : * it under the terms of the GNU Lesser General Public License as
8 : * published by the Free Software Foundation; either version 2.1 of
9 : * the License, or (at your option) any later version.
10 : *
11 : * Libgcrypt is distributed in the hope that it will be useful,
12 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : * GNU Lesser General Public License for more details.
15 : *
16 : * You should have received a copy of the GNU Lesser General Public
17 : * License along with this program; if not, see <http://www.gnu.org/licenses/>.
18 : */
19 :
20 :
21 : /* Test vectors:
22 : *
23 : * "abc"
24 : * A999 3E36 4706 816A BA3E 2571 7850 C26C 9CD0 D89D
25 : *
26 : * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
27 : * 8498 3E44 1C3B D26E BAAE 4AA1 F951 29E5 E546 70F1
28 : */
29 :
30 :
31 : #include <config.h>
32 : #include <stdio.h>
33 : #include <stdlib.h>
34 : #include <string.h>
35 : #ifdef HAVE_STDINT_H
36 : # include <stdint.h>
37 : #endif
38 :
39 : #include "g10lib.h"
40 : #include "bithelp.h"
41 : #include "bufhelp.h"
42 : #include "cipher.h"
43 : #include "sha1.h"
44 :
45 :
46 : /* USE_SSSE3 indicates whether to compile with Intel SSSE3 code. */
47 : #undef USE_SSSE3
48 : #if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_SSSE3) && \
49 : (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
50 : defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS))
51 : # define USE_SSSE3 1
52 : #endif
53 :
54 : /* USE_AVX indicates whether to compile with Intel AVX code. */
55 : #undef USE_AVX
56 : #if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_AVX) && \
57 : (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
58 : defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS))
59 : # define USE_AVX 1
60 : #endif
61 :
62 : /* USE_BMI2 indicates whether to compile with Intel AVX/BMI2 code. */
63 : #undef USE_BMI2
64 : #if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_AVX) && \
65 : defined(HAVE_GCC_INLINE_ASM_BMI2) && \
66 : (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
67 : defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS))
68 : # define USE_BMI2 1
69 : #endif
70 :
71 : /* USE_NEON indicates whether to enable ARM NEON assembly code. */
72 : #undef USE_NEON
73 : #ifdef ENABLE_NEON_SUPPORT
74 : # if defined(HAVE_ARM_ARCH_V6) && defined(__ARMEL__) \
75 : && defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) \
76 : && defined(HAVE_GCC_INLINE_ASM_NEON)
77 : # define USE_NEON 1
78 : # endif
79 : #endif
80 :
81 : /* USE_ARM_CE indicates whether to enable ARMv8 Crypto Extension assembly
82 : * code. */
83 : #undef USE_ARM_CE
84 : #ifdef ENABLE_ARM_CRYPTO_SUPPORT
85 : # if defined(HAVE_ARM_ARCH_V6) && defined(__ARMEL__) \
86 : && defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) \
87 : && defined(HAVE_GCC_INLINE_ASM_AARCH32_CRYPTO)
88 : # define USE_ARM_CE 1
89 : # elif defined(__AARCH64EL__) \
90 : && defined(HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS) \
91 : && defined(HAVE_GCC_INLINE_ASM_AARCH64_CRYPTO)
92 : # define USE_ARM_CE 1
93 : # endif
94 : #endif
95 :
96 : /* A macro to test whether P is properly aligned for an u32 type.
97 : Note that config.h provides a suitable replacement for uintptr_t if
98 : it does not exist in stdint.h. */
99 : /* #if __GNUC__ >= 2 */
100 : /* # define U32_ALIGNED_P(p) (!(((uintptr_t)p) % __alignof__ (u32))) */
101 : /* #else */
102 : /* # define U32_ALIGNED_P(p) (!(((uintptr_t)p) % sizeof (u32))) */
103 : /* #endif */
104 :
105 :
106 : static unsigned int
107 : transform (void *c, const unsigned char *data, size_t nblks);
108 :
109 :
110 : static void
111 0 : sha1_init (void *context, unsigned int flags)
112 : {
113 0 : SHA1_CONTEXT *hd = context;
114 0 : unsigned int features = _gcry_get_hw_features ();
115 :
116 : (void)flags;
117 :
118 0 : hd->h0 = 0x67452301;
119 0 : hd->h1 = 0xefcdab89;
120 0 : hd->h2 = 0x98badcfe;
121 0 : hd->h3 = 0x10325476;
122 0 : hd->h4 = 0xc3d2e1f0;
123 :
124 0 : hd->bctx.nblocks = 0;
125 0 : hd->bctx.nblocks_high = 0;
126 0 : hd->bctx.count = 0;
127 0 : hd->bctx.blocksize = 64;
128 0 : hd->bctx.bwrite = transform;
129 :
130 : #ifdef USE_SSSE3
131 0 : hd->use_ssse3 = (features & HWF_INTEL_SSSE3) != 0;
132 : #endif
133 : #ifdef USE_AVX
134 : /* AVX implementation uses SHLD which is known to be slow on non-Intel CPUs.
135 : * Therefore use this implementation on Intel CPUs only. */
136 0 : hd->use_avx = (features & HWF_INTEL_AVX) && (features & HWF_INTEL_FAST_SHLD);
137 : #endif
138 : #ifdef USE_BMI2
139 0 : hd->use_bmi2 = (features & HWF_INTEL_AVX) && (features & HWF_INTEL_BMI2);
140 : #endif
141 : #ifdef USE_NEON
142 : hd->use_neon = (features & HWF_ARM_NEON) != 0;
143 : #endif
144 : #ifdef USE_ARM_CE
145 : hd->use_arm_ce = (features & HWF_ARM_SHA1) != 0;
146 : #endif
147 : (void)features;
148 0 : }
149 :
150 : /*
151 : * Initialize the context HD. This is used to prepare the use of
152 : * _gcry_sha1_mixblock. WARNING: This is a special purpose function
153 : * for exclusive use by random-csprng.c.
154 : */
155 : void
156 0 : _gcry_sha1_mixblock_init (SHA1_CONTEXT *hd)
157 : {
158 0 : sha1_init (hd, 0);
159 0 : }
160 :
161 :
162 : /* Round function macros. */
163 : #define K1 0x5A827999L
164 : #define K2 0x6ED9EBA1L
165 : #define K3 0x8F1BBCDCL
166 : #define K4 0xCA62C1D6L
167 : #define F1(x,y,z) ( z ^ ( x & ( y ^ z ) ) )
168 : #define F2(x,y,z) ( x ^ y ^ z )
169 : #define F3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) )
170 : #define F4(x,y,z) ( x ^ y ^ z )
171 : #define M(i) ( tm = x[ i &0x0f] \
172 : ^ x[(i-14)&0x0f] \
173 : ^ x[(i-8) &0x0f] \
174 : ^ x[(i-3) &0x0f], \
175 : (x[i&0x0f] = rol(tm, 1)))
176 : #define R(a,b,c,d,e,f,k,m) do { e += rol( a, 5 ) \
177 : + f( b, c, d ) \
178 : + k \
179 : + m; \
180 : b = rol( b, 30 ); \
181 : } while(0)
182 :
183 :
184 : #ifdef USE_NEON
185 : unsigned int
186 : _gcry_sha1_transform_armv7_neon (void *state, const unsigned char *data,
187 : size_t nblks);
188 : #endif
189 :
190 : #ifdef USE_ARM_CE
191 : unsigned int
192 : _gcry_sha1_transform_armv8_ce (void *state, const unsigned char *data,
193 : size_t nblks);
194 : #endif
195 :
196 : /*
197 : * Transform NBLOCKS of each 64 bytes (16 32-bit words) at DATA.
198 : */
199 : static unsigned int
200 0 : transform_blk (void *ctx, const unsigned char *data)
201 : {
202 0 : SHA1_CONTEXT *hd = ctx;
203 0 : const u32 *idata = (const void *)data;
204 : register u32 a, b, c, d, e; /* Local copies of the chaining variables. */
205 : register u32 tm; /* Helper. */
206 : u32 x[16]; /* The array we work on. */
207 :
208 : #define I(i) (x[i] = buf_get_be32(idata + i))
209 :
210 : /* Get the values of the chaining variables. */
211 0 : a = hd->h0;
212 0 : b = hd->h1;
213 0 : c = hd->h2;
214 0 : d = hd->h3;
215 0 : e = hd->h4;
216 :
217 : /* Transform. */
218 0 : R( a, b, c, d, e, F1, K1, I( 0) );
219 0 : R( e, a, b, c, d, F1, K1, I( 1) );
220 0 : R( d, e, a, b, c, F1, K1, I( 2) );
221 0 : R( c, d, e, a, b, F1, K1, I( 3) );
222 0 : R( b, c, d, e, a, F1, K1, I( 4) );
223 0 : R( a, b, c, d, e, F1, K1, I( 5) );
224 0 : R( e, a, b, c, d, F1, K1, I( 6) );
225 0 : R( d, e, a, b, c, F1, K1, I( 7) );
226 0 : R( c, d, e, a, b, F1, K1, I( 8) );
227 0 : R( b, c, d, e, a, F1, K1, I( 9) );
228 0 : R( a, b, c, d, e, F1, K1, I(10) );
229 0 : R( e, a, b, c, d, F1, K1, I(11) );
230 0 : R( d, e, a, b, c, F1, K1, I(12) );
231 0 : R( c, d, e, a, b, F1, K1, I(13) );
232 0 : R( b, c, d, e, a, F1, K1, I(14) );
233 0 : R( a, b, c, d, e, F1, K1, I(15) );
234 0 : R( e, a, b, c, d, F1, K1, M(16) );
235 0 : R( d, e, a, b, c, F1, K1, M(17) );
236 0 : R( c, d, e, a, b, F1, K1, M(18) );
237 0 : R( b, c, d, e, a, F1, K1, M(19) );
238 0 : R( a, b, c, d, e, F2, K2, M(20) );
239 0 : R( e, a, b, c, d, F2, K2, M(21) );
240 0 : R( d, e, a, b, c, F2, K2, M(22) );
241 0 : R( c, d, e, a, b, F2, K2, M(23) );
242 0 : R( b, c, d, e, a, F2, K2, M(24) );
243 0 : R( a, b, c, d, e, F2, K2, M(25) );
244 0 : R( e, a, b, c, d, F2, K2, M(26) );
245 0 : R( d, e, a, b, c, F2, K2, M(27) );
246 0 : R( c, d, e, a, b, F2, K2, M(28) );
247 0 : R( b, c, d, e, a, F2, K2, M(29) );
248 0 : R( a, b, c, d, e, F2, K2, M(30) );
249 0 : R( e, a, b, c, d, F2, K2, M(31) );
250 0 : R( d, e, a, b, c, F2, K2, M(32) );
251 0 : R( c, d, e, a, b, F2, K2, M(33) );
252 0 : R( b, c, d, e, a, F2, K2, M(34) );
253 0 : R( a, b, c, d, e, F2, K2, M(35) );
254 0 : R( e, a, b, c, d, F2, K2, M(36) );
255 0 : R( d, e, a, b, c, F2, K2, M(37) );
256 0 : R( c, d, e, a, b, F2, K2, M(38) );
257 0 : R( b, c, d, e, a, F2, K2, M(39) );
258 0 : R( a, b, c, d, e, F3, K3, M(40) );
259 0 : R( e, a, b, c, d, F3, K3, M(41) );
260 0 : R( d, e, a, b, c, F3, K3, M(42) );
261 0 : R( c, d, e, a, b, F3, K3, M(43) );
262 0 : R( b, c, d, e, a, F3, K3, M(44) );
263 0 : R( a, b, c, d, e, F3, K3, M(45) );
264 0 : R( e, a, b, c, d, F3, K3, M(46) );
265 0 : R( d, e, a, b, c, F3, K3, M(47) );
266 0 : R( c, d, e, a, b, F3, K3, M(48) );
267 0 : R( b, c, d, e, a, F3, K3, M(49) );
268 0 : R( a, b, c, d, e, F3, K3, M(50) );
269 0 : R( e, a, b, c, d, F3, K3, M(51) );
270 0 : R( d, e, a, b, c, F3, K3, M(52) );
271 0 : R( c, d, e, a, b, F3, K3, M(53) );
272 0 : R( b, c, d, e, a, F3, K3, M(54) );
273 0 : R( a, b, c, d, e, F3, K3, M(55) );
274 0 : R( e, a, b, c, d, F3, K3, M(56) );
275 0 : R( d, e, a, b, c, F3, K3, M(57) );
276 0 : R( c, d, e, a, b, F3, K3, M(58) );
277 0 : R( b, c, d, e, a, F3, K3, M(59) );
278 0 : R( a, b, c, d, e, F4, K4, M(60) );
279 0 : R( e, a, b, c, d, F4, K4, M(61) );
280 0 : R( d, e, a, b, c, F4, K4, M(62) );
281 0 : R( c, d, e, a, b, F4, K4, M(63) );
282 0 : R( b, c, d, e, a, F4, K4, M(64) );
283 0 : R( a, b, c, d, e, F4, K4, M(65) );
284 0 : R( e, a, b, c, d, F4, K4, M(66) );
285 0 : R( d, e, a, b, c, F4, K4, M(67) );
286 0 : R( c, d, e, a, b, F4, K4, M(68) );
287 0 : R( b, c, d, e, a, F4, K4, M(69) );
288 0 : R( a, b, c, d, e, F4, K4, M(70) );
289 0 : R( e, a, b, c, d, F4, K4, M(71) );
290 0 : R( d, e, a, b, c, F4, K4, M(72) );
291 0 : R( c, d, e, a, b, F4, K4, M(73) );
292 0 : R( b, c, d, e, a, F4, K4, M(74) );
293 0 : R( a, b, c, d, e, F4, K4, M(75) );
294 0 : R( e, a, b, c, d, F4, K4, M(76) );
295 0 : R( d, e, a, b, c, F4, K4, M(77) );
296 0 : R( c, d, e, a, b, F4, K4, M(78) );
297 0 : R( b, c, d, e, a, F4, K4, M(79) );
298 :
299 : /* Update the chaining variables. */
300 0 : hd->h0 += a;
301 0 : hd->h1 += b;
302 0 : hd->h2 += c;
303 0 : hd->h3 += d;
304 0 : hd->h4 += e;
305 :
306 0 : return /* burn_stack */ 88+4*sizeof(void*);
307 : }
308 :
309 :
310 : /* Assembly implementations use SystemV ABI, ABI conversion and additional
311 : * stack to store XMM6-XMM15 needed on Win64. */
312 : #undef ASM_FUNC_ABI
313 : #undef ASM_EXTRA_STACK
314 : #if defined(USE_SSSE3) || defined(USE_AVX) || defined(USE_BMI2)
315 : # ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
316 : # define ASM_FUNC_ABI __attribute__((sysv_abi))
317 : # define ASM_EXTRA_STACK (10 * 16)
318 : # else
319 : # define ASM_FUNC_ABI
320 : # define ASM_EXTRA_STACK 0
321 : # endif
322 : #endif
323 :
324 :
325 : #ifdef USE_SSSE3
326 : unsigned int
327 : _gcry_sha1_transform_amd64_ssse3 (void *state, const unsigned char *data,
328 : size_t nblks) ASM_FUNC_ABI;
329 : #endif
330 :
331 : #ifdef USE_AVX
332 : unsigned int
333 : _gcry_sha1_transform_amd64_avx (void *state, const unsigned char *data,
334 : size_t nblks) ASM_FUNC_ABI;
335 : #endif
336 :
337 : #ifdef USE_BMI2
338 : unsigned int
339 : _gcry_sha1_transform_amd64_avx_bmi2 (void *state, const unsigned char *data,
340 : size_t nblks) ASM_FUNC_ABI;
341 : #endif
342 :
343 :
344 : static unsigned int
345 0 : transform (void *ctx, const unsigned char *data, size_t nblks)
346 : {
347 0 : SHA1_CONTEXT *hd = ctx;
348 : unsigned int burn;
349 :
350 : #ifdef USE_BMI2
351 0 : if (hd->use_bmi2)
352 0 : return _gcry_sha1_transform_amd64_avx_bmi2 (&hd->h0, data, nblks)
353 0 : + 4 * sizeof(void*) + ASM_EXTRA_STACK;
354 : #endif
355 : #ifdef USE_AVX
356 0 : if (hd->use_avx)
357 0 : return _gcry_sha1_transform_amd64_avx (&hd->h0, data, nblks)
358 0 : + 4 * sizeof(void*) + ASM_EXTRA_STACK;
359 : #endif
360 : #ifdef USE_SSSE3
361 0 : if (hd->use_ssse3)
362 0 : return _gcry_sha1_transform_amd64_ssse3 (&hd->h0, data, nblks)
363 0 : + 4 * sizeof(void*) + ASM_EXTRA_STACK;
364 : #endif
365 : #ifdef USE_ARM_CE
366 : if (hd->use_arm_ce)
367 : return _gcry_sha1_transform_armv8_ce (&hd->h0, data, nblks);
368 : #endif
369 : #ifdef USE_NEON
370 : if (hd->use_neon)
371 : return _gcry_sha1_transform_armv7_neon (&hd->h0, data, nblks)
372 : + 4 * sizeof(void*);
373 : #endif
374 :
375 : do
376 : {
377 0 : burn = transform_blk (hd, data);
378 0 : data += 64;
379 : }
380 0 : while (--nblks);
381 :
382 : #ifdef ASM_EXTRA_STACK
383 : /* 'transform_blk' is typically inlined and XMM6-XMM15 are stored at
384 : * the prologue of this function. Therefore need to add ASM_EXTRA_STACK to
385 : * here too.
386 : */
387 0 : burn += ASM_EXTRA_STACK;
388 : #endif
389 :
390 0 : return burn;
391 : }
392 :
393 :
394 : /*
395 : * Apply the SHA-1 transform function on the buffer BLOCKOF64BYTE
396 : * which must have a length 64 bytes. BLOCKOF64BYTE must be 32-bit
397 : * aligned. Updates the 20 bytes in BLOCKOF64BYTE with its mixed
398 : * content. Returns the number of bytes which should be burned on the
399 : * stack. You need to use _gcry_sha1_mixblock_init to initialize the
400 : * context.
401 : * WARNING: This is a special purpose function for exclusive use by
402 : * random-csprng.c.
403 : */
404 : unsigned int
405 0 : _gcry_sha1_mixblock (SHA1_CONTEXT *hd, void *blockof64byte)
406 : {
407 0 : u32 *p = blockof64byte;
408 : unsigned int nburn;
409 :
410 0 : nburn = transform (hd, blockof64byte, 1);
411 0 : p[0] = hd->h0;
412 0 : p[1] = hd->h1;
413 0 : p[2] = hd->h2;
414 0 : p[3] = hd->h3;
415 0 : p[4] = hd->h4;
416 :
417 0 : return nburn;
418 : }
419 :
420 :
421 : /* The routine final terminates the computation and
422 : * returns the digest.
423 : * The handle is prepared for a new cycle, but adding bytes to the
424 : * handle will the destroy the returned buffer.
425 : * Returns: 20 bytes representing the digest.
426 : */
427 :
428 : static void
429 0 : sha1_final(void *context)
430 : {
431 0 : SHA1_CONTEXT *hd = context;
432 : u32 t, th, msb, lsb;
433 : unsigned char *p;
434 : unsigned int burn;
435 :
436 0 : _gcry_md_block_write (hd, NULL, 0); /* flush */;
437 :
438 0 : t = hd->bctx.nblocks;
439 : if (sizeof t == sizeof hd->bctx.nblocks)
440 : th = hd->bctx.nblocks_high;
441 : else
442 0 : th = hd->bctx.nblocks >> 32;
443 :
444 : /* multiply by 64 to make a byte count */
445 0 : lsb = t << 6;
446 0 : msb = (th << 6) | (t >> 26);
447 : /* add the count */
448 0 : t = lsb;
449 0 : if( (lsb += hd->bctx.count) < t )
450 0 : msb++;
451 : /* multiply by 8 to make a bit count */
452 0 : t = lsb;
453 0 : lsb <<= 3;
454 0 : msb <<= 3;
455 0 : msb |= t >> 29;
456 :
457 0 : if( hd->bctx.count < 56 ) /* enough room */
458 : {
459 0 : hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */
460 0 : while( hd->bctx.count < 56 )
461 0 : hd->bctx.buf[hd->bctx.count++] = 0; /* pad */
462 : }
463 : else /* need one extra block */
464 : {
465 0 : hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */
466 0 : while( hd->bctx.count < 64 )
467 0 : hd->bctx.buf[hd->bctx.count++] = 0;
468 0 : _gcry_md_block_write(hd, NULL, 0); /* flush */;
469 0 : memset(hd->bctx.buf, 0, 56 ); /* fill next block with zeroes */
470 : }
471 : /* append the 64 bit count */
472 0 : buf_put_be32(hd->bctx.buf + 56, msb);
473 0 : buf_put_be32(hd->bctx.buf + 60, lsb);
474 0 : burn = transform( hd, hd->bctx.buf, 1 );
475 0 : _gcry_burn_stack (burn);
476 :
477 0 : p = hd->bctx.buf;
478 : #define X(a) do { buf_put_be32(p, hd->h##a); p += 4; } while(0)
479 0 : X(0);
480 0 : X(1);
481 0 : X(2);
482 0 : X(3);
483 0 : X(4);
484 : #undef X
485 :
486 0 : }
487 :
488 : static unsigned char *
489 0 : sha1_read( void *context )
490 : {
491 0 : SHA1_CONTEXT *hd = context;
492 :
493 0 : return hd->bctx.buf;
494 : }
495 :
496 : /****************
497 : * Shortcut functions which puts the hash value of the supplied buffer
498 : * into outbuf which must have a size of 20 bytes.
499 : */
500 : void
501 0 : _gcry_sha1_hash_buffer (void *outbuf, const void *buffer, size_t length)
502 : {
503 : SHA1_CONTEXT hd;
504 :
505 0 : sha1_init (&hd, 0);
506 0 : _gcry_md_block_write (&hd, buffer, length);
507 0 : sha1_final (&hd);
508 0 : memcpy (outbuf, hd.bctx.buf, 20);
509 0 : }
510 :
511 :
512 : /* Variant of the above shortcut function using a multiple buffers. */
513 : void
514 0 : _gcry_sha1_hash_buffers (void *outbuf, const gcry_buffer_t *iov, int iovcnt)
515 : {
516 : SHA1_CONTEXT hd;
517 :
518 0 : sha1_init (&hd, 0);
519 0 : for (;iovcnt > 0; iov++, iovcnt--)
520 0 : _gcry_md_block_write (&hd,
521 0 : (const char*)iov[0].data + iov[0].off, iov[0].len);
522 0 : sha1_final (&hd);
523 0 : memcpy (outbuf, hd.bctx.buf, 20);
524 0 : }
525 :
526 :
527 : �
528 : /*
529 : Self-test section.
530 : */
531 :
532 :
533 : static gpg_err_code_t
534 0 : selftests_sha1 (int extended, selftest_report_func_t report)
535 : {
536 : const char *what;
537 : const char *errtxt;
538 :
539 0 : what = "short string";
540 0 : errtxt = _gcry_hash_selftest_check_one
541 : (GCRY_MD_SHA1, 0,
542 : "abc", 3,
543 : "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
544 : "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D", 20);
545 0 : if (errtxt)
546 0 : goto failed;
547 :
548 0 : if (extended)
549 : {
550 0 : what = "long string";
551 0 : errtxt = _gcry_hash_selftest_check_one
552 : (GCRY_MD_SHA1, 0,
553 : "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
554 : "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE"
555 : "\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1", 20);
556 0 : if (errtxt)
557 0 : goto failed;
558 :
559 0 : what = "one million \"a\"";
560 0 : errtxt = _gcry_hash_selftest_check_one
561 : (GCRY_MD_SHA1, 1,
562 : NULL, 0,
563 : "\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E"
564 : "\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F", 20);
565 0 : if (errtxt)
566 0 : goto failed;
567 : }
568 :
569 0 : return 0; /* Succeeded. */
570 :
571 : failed:
572 0 : if (report)
573 0 : report ("digest", GCRY_MD_SHA1, what, errtxt);
574 0 : return GPG_ERR_SELFTEST_FAILED;
575 : }
576 :
577 :
578 : /* Run a full self-test for ALGO and return 0 on success. */
579 : static gpg_err_code_t
580 0 : run_selftests (int algo, int extended, selftest_report_func_t report)
581 : {
582 : gpg_err_code_t ec;
583 :
584 0 : switch (algo)
585 : {
586 : case GCRY_MD_SHA1:
587 0 : ec = selftests_sha1 (extended, report);
588 0 : break;
589 : default:
590 0 : ec = GPG_ERR_DIGEST_ALGO;
591 0 : break;
592 :
593 : }
594 0 : return ec;
595 : }
596 :
597 :
598 :
599 : �
600 : static unsigned char asn[15] = /* Object ID is 1.3.14.3.2.26 */
601 : { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
602 : 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
603 :
604 : static gcry_md_oid_spec_t oid_spec_sha1[] =
605 : {
606 : /* iso.member-body.us.rsadsi.pkcs.pkcs-1.5 (sha1WithRSAEncryption) */
607 : { "1.2.840.113549.1.1.5" },
608 : /* iso.member-body.us.x9-57.x9cm.3 (dsaWithSha1)*/
609 : { "1.2.840.10040.4.3" },
610 : /* from NIST's OIW (sha1) */
611 : { "1.3.14.3.2.26" },
612 : /* from NIST OIW (sha-1WithRSAEncryption) */
613 : { "1.3.14.3.2.29" },
614 : /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha1 */
615 : { "1.2.840.10045.4.1" },
616 : { NULL },
617 : };
618 :
619 : gcry_md_spec_t _gcry_digest_spec_sha1 =
620 : {
621 : GCRY_MD_SHA1, {0, 1},
622 : "SHA1", asn, DIM (asn), oid_spec_sha1, 20,
623 : sha1_init, _gcry_md_block_write, sha1_final, sha1_read, NULL,
624 : sizeof (SHA1_CONTEXT),
625 : run_selftests
626 : };
|
