[asterisk-commits] tzafrir: branch 1.8 r340263 - in /branches/1.8: include/asterisk/ main/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Mon Oct 10 19:43:20 CDT 2011


Author: tzafrir
Date: Mon Oct 10 19:43:14 2011
New Revision: 340263

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=340263
Log:
Update SHA1 code to RFC 6234

RFC 6234 is an update to RFC 3174 from which the code was originally taken.
It has a slightly better code, and a better phrased license (simple 3-clause
BSD).

* main/sha1.c is sha1.c from RFC 6234 with formatting changes only.
* include/asterisk/sha1.h merges sha.h and sha-private.h from RFC 6234.
* Removed unused include of asterisk/sha1.h from main/channels.c

Review: https://reviewboard.asterisk.org/r/1503/

Modified:
    branches/1.8/include/asterisk/sha1.h
    branches/1.8/main/channel.c
    branches/1.8/main/sha1.c

Modified: branches/1.8/include/asterisk/sha1.h
URL: http://svnview.digium.com/svn/asterisk/branches/1.8/include/asterisk/sha1.h?view=diff&rev=340263&r1=340262&r2=340263
==============================================================================
--- branches/1.8/include/asterisk/sha1.h (original)
+++ branches/1.8/include/asterisk/sha1.h Mon Oct 10 19:43:14 2011
@@ -1,73 +1,379 @@
-/*
- *  sha1.h
- *
- *  Description:
- *      This is the header file for code which implements the Secure
- *      Hashing Algorithm 1 as defined in FIPS PUB 180-1 published
- *      April 17, 1995.
- *
- *      Many of the variable names in this code, especially the
- *      single character names, were used because those were the names
- *      used in the publication.
- *
- *      Please read the file sha1.c for more information.
- *
- */
-
-
+/**************************** sha.h ****************************/
+/***************** See RFC 6234 for details. *******************/
+/*
+   Copyright (c) 2011 IETF Trust and the persons identified as
+   authors of the code.  All rights reserved.
+
+   Redistribution and use in source and binary forms, with or
+   without modification, are permitted provided that the following
+   conditions are met:
+
+   - Redistributions of source code must retain the above
+     copyright notice, this list of conditions and
+     the following disclaimer.
+
+   - Redistributions in binary form must reproduce the above
+     copyright notice, this list of conditions and the following
+     disclaimer in the documentation and/or other materials provided
+     with the distribution.
+
+   - Neither the name of Internet Society, IETF or IETF Trust, nor
+     the names of specific contributors, may be used to endorse or
+     promote products derived from this software without specific
+     prior written permission.
+
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+   CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+   MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+   DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+   CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+   NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+   LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+   CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+   EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
 #ifndef _SHA1_H_
 #define _SHA1_H_
 
 /*
- * We assume that the standard asterisk headers have been included before this one.
+ *  Description:
+ *      This file implements the Secure Hash Algorithms
+ *      as defined in the U.S. National Institute of Standards
+ *      and Technology Federal Information Processing Standards
+ *      Publication (FIPS PUB) 180-3 published in October 2008
+ *      and formerly defined in its predecessors, FIPS PUB 180-1
+ *      and FIP PUB 180-2.
+ *
+ *      A combined document showing all algorithms is available at
+ *              http://csrc.nist.gov/publications/fips/
+ *                     fips180-3/fips180-3_final.pdf
+ *
+ *      The five hashes are defined in these sizes:
+ *              SHA-1           20 byte / 160 bit
+ *              SHA-224         28 byte / 224 bit
+ *              SHA-256         32 byte / 256 bit
+ *              SHA-384         48 byte / 384 bit
+ *              SHA-512         64 byte / 512 bit
+ *
+ *  Compilation Note:
+ *    These files may be compiled with two options:
+ *        USE_32BIT_ONLY - use 32-bit arithmetic only, for systems
+ *                         without 64-bit integers
+ *
+ *        USE_MODIFIED_MACROS - use alternate form of the SHA_Ch()
+ *                         and SHA_Maj() macros that are equivalent
+ *                         and potentially faster on many systems
+ *
+ */
+
+#include <stdint.h>
+/*
  * If you do not have the ISO standard stdint.h header file, then you
- * must typdef the following:
+ * must typedef the following:
  *    name              meaning
- *  uint32_t         unsigned 32 bit integer
- *  uint8_t          unsigned 8 bit integer (i.e., unsigned char)
- *
+ *  uint64_t         unsigned 64-bit integer
+ *  uint32_t         unsigned 32-bit integer
+ *  uint8_t          unsigned 8-bit integer (i.e., unsigned char)
+ *  int_least16_t    integer of >= 16 bits
+ *
+ * See stdint-example.h
  */
 
 #ifndef _SHA_enum_
 #define _SHA_enum_
-enum
-{
+/*
+ *  All SHA functions return one of these values.
+ */
+enum {
     shaSuccess = 0,
     shaNull,            /* Null pointer parameter */
     shaInputTooLong,    /* input data too long */
-    shaStateError       /* called Input after Result */
+    shaStateError,      /* called Input after FinalBits or Result */
+    shaBadParam         /* passed a bad parameter */
 };
-#endif
-#define SHA1HashSize 20
-
-/*!
- * \brief This structure will hold context information for the SHA-1 hashing operation
-*/
-typedef struct SHA1Context
-{
-    uint32_t Intermediate_Hash[SHA1HashSize/4]; /*! Message Digest  */
-
-    uint32_t Length_Low;            /*!< Message length in bits      */
-    uint32_t Length_High;           /*!< Message length in bits      */
-
-                               /* Index into message block array   */
-    uint32_t Message_Block_Index;	/*!< 8 bits actually suffice */
-    uint8_t Message_Block[64];      /*!< 512-bit message blocks      */
-
-    int Computed;               /*!< Is the digest computed?         */
-    int Corrupted;             /*!< Is the message digest corrupted? */
+#endif /* _SHA_enum_ */
+
+/*
+ *  These constants hold size information for each of the SHA
+ *  hashing operations
+ */
+enum {
+	SHA1_Message_Block_Size = 64, SHA224_Message_Block_Size = 64,
+	SHA256_Message_Block_Size = 64, SHA384_Message_Block_Size = 128,
+	SHA512_Message_Block_Size = 128,
+	USHA_Max_Message_Block_Size = SHA512_Message_Block_Size,
+	SHA1HashSize = 20, SHA224HashSize = 28, SHA256HashSize = 32,
+	SHA384HashSize = 48, SHA512HashSize = 64,
+	USHAMaxHashSize = SHA512HashSize,
+
+	SHA1HashSizeBits = 160, SHA224HashSizeBits = 224,
+	SHA256HashSizeBits = 256, SHA384HashSizeBits = 384,
+	SHA512HashSizeBits = 512, USHAMaxHashSizeBits = SHA512HashSizeBits
+};
+
+/*
+ *  These constants are used in the USHA (Unified SHA) functions.
+ */
+typedef enum SHAversion {
+	SHA1, SHA224, SHA256, SHA384, SHA512
+} SHAversion;
+
+/*
+ *  This structure will hold context information for the SHA-1
+ *  hashing operation.
+ */
+typedef struct SHA1Context {
+	uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */
+
+	uint32_t Length_High;               /* Message length in bits */
+	uint32_t Length_Low;                /* Message length in bits */
+
+	int_least16_t Message_Block_Index;  /* Message_Block array index */
+	/* 512-bit message blocks */
+	uint8_t Message_Block[SHA1_Message_Block_Size];
+
+	int Computed;                   /* Is the hash computed? */
+	int Corrupted;                  /* Cumulative corruption code */
 } SHA1Context;
 
 /*
+ *  This structure will hold context information for the SHA-256
+ *  hashing operation.
+ */
+typedef struct SHA256Context {
+    uint32_t Intermediate_Hash[SHA256HashSize/4]; /* Message Digest */
+
+    uint32_t Length_High;               /* Message length in bits */
+    uint32_t Length_Low;                /* Message length in bits */
+
+    int_least16_t Message_Block_Index;  /* Message_Block array index */
+                                        /* 512-bit message blocks */
+    uint8_t Message_Block[SHA256_Message_Block_Size];
+    int Computed;                   /* Is the hash computed? */
+    int Corrupted;                  /* Cumulative corruption code */
+} SHA256Context;
+
+/*
+ *  This structure will hold context information for the SHA-512
+ *  hashing operation.
+ */
+typedef struct SHA512Context {
+#ifdef USE_32BIT_ONLY
+    uint32_t Intermediate_Hash[SHA512HashSize/4]; /* Message Digest  */
+    uint32_t Length[4];                 /* Message length in bits */
+#else /* !USE_32BIT_ONLY */
+    uint64_t Intermediate_Hash[SHA512HashSize/8]; /* Message Digest */
+    uint64_t Length_High, Length_Low;   /* Message length in bits */
+#endif /* USE_32BIT_ONLY */
+
+    int_least16_t Message_Block_Index;  /* Message_Block array index */
+                                        /* 1024-bit message blocks */
+    uint8_t Message_Block[SHA512_Message_Block_Size];
+
+    int Computed;                   /* Is the hash computed?*/
+    int Corrupted;                  /* Cumulative corruption code */
+} SHA512Context;
+
+/*
+ *  This structure will hold context information for the SHA-224
+ *  hashing operation.  It uses the SHA-256 structure for computation.
+ */
+typedef struct SHA256Context SHA224Context;
+
+/*
+ *  This structure will hold context information for the SHA-384
+ *  hashing operation.  It uses the SHA-512 structure for computation.
+ */
+typedef struct SHA512Context SHA384Context;
+
+/*
+ *  This structure holds context information for all SHA
+ *  hashing operations.
+ */
+typedef struct USHAContext {
+	int whichSha;               /* which SHA is being used */
+	union {
+		SHA1Context sha1Context;
+		SHA224Context sha224Context; SHA256Context sha256Context;
+		SHA384Context sha384Context; SHA512Context sha512Context;
+	} ctx;
+} USHAContext;
+
+/*
+ *  This structure will hold context information for the HMAC
+ *  keyed-hashing operation.
+ */
+typedef struct HMACContext {
+	int whichSha;               /* which SHA is being used */
+	int hashSize;               /* hash size of SHA being used */
+	int blockSize;              /* block size of SHA being used */
+	USHAContext shaContext;     /* SHA context */
+	unsigned char k_opad[USHA_Max_Message_Block_Size];
+	/* outer padding - key XORd with opad */
+	int Computed;               /* Is the MAC computed? */
+	int Corrupted;              /* Cumulative corruption code */
+
+} HMACContext;
+
+/*
+ *  This structure will hold context information for the HKDF
+ *  extract-and-expand Key Derivation Functions.
+ */
+typedef struct HKDFContext {
+	int whichSha;               /* which SHA is being used */
+	HMACContext hmacContext;
+	int hashSize;               /* hash size of SHA being used */
+	unsigned char prk[USHAMaxHashSize];
+	/* pseudo-random key - output of hkdfInput */
+	int Computed;               /* Is the key material computed? */
+	int Corrupted;              /* Cumulative corruption code */
+} HKDFContext;
+
+/*
  *  Function Prototypes
  */
 
-
-int SHA1Reset(  SHA1Context *);
-int SHA1Input(  SHA1Context *,
-                const uint8_t *,
-                unsigned int);
-int SHA1Result( SHA1Context *,
-                uint8_t Message_Digest[SHA1HashSize]);
-
-#endif
+/* SHA-1 */
+extern int SHA1Reset(SHA1Context *);
+extern int SHA1Input(SHA1Context *, const uint8_t *bytes,
+                     unsigned int bytecount);
+extern int SHA1FinalBits(SHA1Context *, uint8_t bits,
+                         unsigned int bit_count);
+extern int SHA1Result(SHA1Context *,
+                      uint8_t Message_Digest[SHA1HashSize]);
+/* SHA-224 */
+extern int SHA224Reset(SHA224Context *);
+extern int SHA224Input(SHA224Context *, const uint8_t *bytes,
+                       unsigned int bytecount);
+extern int SHA224FinalBits(SHA224Context *, uint8_t bits,
+                           unsigned int bit_count);
+extern int SHA224Result(SHA224Context *,
+                        uint8_t Message_Digest[SHA224HashSize]);
+
+/* SHA-256 */
+extern int SHA256Reset(SHA256Context *);
+extern int SHA256Input(SHA256Context *, const uint8_t *bytes,
+                       unsigned int bytecount);
+extern int SHA256FinalBits(SHA256Context *, uint8_t bits,
+                           unsigned int bit_count);
+extern int SHA256Result(SHA256Context *,
+                        uint8_t Message_Digest[SHA256HashSize]);
+
+/* SHA-384 */
+extern int SHA384Reset(SHA384Context *);
+extern int SHA384Input(SHA384Context *, const uint8_t *bytes,
+                       unsigned int bytecount);
+extern int SHA384FinalBits(SHA384Context *, uint8_t bits,
+                           unsigned int bit_count);
+extern int SHA384Result(SHA384Context *,
+                        uint8_t Message_Digest[SHA384HashSize]);
+
+/* SHA-512 */
+extern int SHA512Reset(SHA512Context *);
+extern int SHA512Input(SHA512Context *, const uint8_t *bytes,
+                       unsigned int bytecount);
+extern int SHA512FinalBits(SHA512Context *, uint8_t bits,
+                           unsigned int bit_count);
+extern int SHA512Result(SHA512Context *,
+                        uint8_t Message_Digest[SHA512HashSize]);
+
+/* Unified SHA functions, chosen by whichSha */
+extern int USHAReset(USHAContext *context, SHAversion whichSha);
+extern int USHAInput(USHAContext *context,
+                     const uint8_t *bytes, unsigned int bytecount);
+extern int USHAFinalBits(USHAContext *context,
+                         uint8_t bits, unsigned int bit_count);
+extern int USHAResult(USHAContext *context,
+                      uint8_t Message_Digest[USHAMaxHashSize]);
+extern int USHABlockSize(enum SHAversion whichSha);
+extern int USHAHashSize(enum SHAversion whichSha);
+extern int USHAHashSizeBits(enum SHAversion whichSha);
+extern const char *USHAHashName(enum SHAversion whichSha);
+
+/*
+ * HMAC Keyed-Hashing for Message Authentication, RFC 2104,
+ * for all SHAs.
+ * This interface allows a fixed-length text input to be used.
+ */
+extern int hmac(SHAversion whichSha, /* which SHA algorithm to use */
+    const unsigned char *text,     /* pointer to data stream */
+    int text_len,                  /* length of data stream */
+    const unsigned char *key,      /* pointer to authentication key */
+    int key_len,                   /* length of authentication key */
+    uint8_t digest[USHAMaxHashSize]); /* caller digest to fill in */
+
+/*
+ * HMAC Keyed-Hashing for Message Authentication, RFC 2104,
+ * for all SHAs.
+ * This interface allows any length of text input to be used.
+ */
+extern int hmacReset(HMACContext *context, enum SHAversion whichSha,
+                     const unsigned char *key, int key_len);
+extern int hmacInput(HMACContext *context, const unsigned char *text,
+                     int text_len);
+extern int hmacFinalBits(HMACContext *context, uint8_t bits,
+                         unsigned int bit_count);
+extern int hmacResult(HMACContext *context,
+                      uint8_t digest[USHAMaxHashSize]);
+
+/*
+ * HKDF HMAC-based Extract-and-Expand Key Derivation Function,
+ * RFC 5869, for all SHAs.
+ */
+extern int hkdf(SHAversion whichSha, const unsigned char *salt,
+                int salt_len, const unsigned char *ikm, int ikm_len,
+                const unsigned char *info, int info_len,
+                uint8_t okm[ ], int okm_len);
+extern int hkdfExtract(SHAversion whichSha, const unsigned char *salt,
+                       int salt_len, const unsigned char *ikm,
+                       int ikm_len, uint8_t prk[USHAMaxHashSize]);
+extern int hkdfExpand(SHAversion whichSha, const uint8_t prk[ ],
+                      int prk_len, const unsigned char *info,
+                      int info_len, uint8_t okm[ ], int okm_len);
+
+/*
+ * HKDF HMAC-based Extract-and-Expand Key Derivation Function,
+ * RFC 5869, for all SHAs.
+ * This interface allows any length of text input to be used.
+ */
+extern int hkdfReset(HKDFContext *context, enum SHAversion whichSha,
+                     const unsigned char *salt, int salt_len);
+extern int hkdfInput(HKDFContext *context, const unsigned char *ikm,
+                     int ikm_len);
+extern int hkdfFinalBits(HKDFContext *context, uint8_t ikm_bits,
+                         unsigned int ikm_bit_count);
+extern int hkdfResult(HKDFContext *context,
+                      uint8_t prk[USHAMaxHashSize],
+                      const unsigned char *info, int info_len,
+                      uint8_t okm[USHAMaxHashSize], int okm_len);
+
+/************************ sha-private.h ************************/
+/***************** See RFC 6234 for details. *******************/
+/*
+ * These definitions are defined in FIPS 180-3, section 4.1.
+ * Ch() and Maj() are defined identically in sections 4.1.1,
+ * 4.1.2, and 4.1.3.
+ *
+ * The definitions used in FIPS 180-3 are as follows:
+ */
+
+#ifndef USE_MODIFIED_MACROS
+#define SHA_Ch(x,y,z)        (((x) & (y)) ^ ((~(x)) & (z)))
+#define SHA_Maj(x,y,z)       (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+#else /* USE_MODIFIED_MACROS */
+/*
+ * The following definitions are equivalent and potentially faster.
+ */
+
+#define SHA_Ch(x, y, z)      (((x) & ((y) ^ (z))) ^ (z))
+#define SHA_Maj(x, y, z)     (((x) & ((y) | (z))) | ((y) & (z)))
+
+#endif /* USE_MODIFIED_MACROS */
+
+#define SHA_Parity(x, y, z)  ((x) ^ (y) ^ (z))
+
+#endif /* _SHA1_H_ */

Modified: branches/1.8/main/channel.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.8/main/channel.c?view=diff&rev=340263&r1=340262&r2=340263
==============================================================================
--- branches/1.8/main/channel.c (original)
+++ branches/1.8/main/channel.c Mon Oct 10 19:43:14 2011
@@ -58,7 +58,6 @@
 #include "asterisk/app.h"
 #include "asterisk/transcap.h"
 #include "asterisk/devicestate.h"
-#include "asterisk/sha1.h"
 #include "asterisk/threadstorage.h"
 #include "asterisk/slinfactory.h"
 #include "asterisk/audiohook.h"

Modified: branches/1.8/main/sha1.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.8/main/sha1.c?view=diff&rev=340263&r1=340262&r2=340263
==============================================================================
--- branches/1.8/main/sha1.c (original)
+++ branches/1.8/main/sha1.c Mon Oct 10 19:43:14 2011
@@ -1,75 +1,95 @@
 /*! \file
  *
- * \brief Based on the RFC 3174
+ * \brief Based on the RFC 6234
  * 
- * Full Copyright Statement
- *
- *  Copyright (C) The Internet Society (2001).  All Rights Reserved.
- *
- *  This document and translations of it may be copied and furnished to
- *  others, and derivative works that comment on or otherwise explain it
- *  or assist in its implementation may be prepared, copied, published
- *  and distributed, in whole or in part, without restriction of any
- *  kind, provided that the above copyright notice and this paragraph are
- *  included on all such copies and derivative works.  However, this
- *  document itself may not be modified in any way, such as by removing
- *  the copyright notice or references to the Internet Society or other
- *  Internet organizations, except as needed for the purpose of
- *  developing Internet standards in which case the procedures for
- *  copyrights defined in the Internet Standards process must be
- *  followed, or as required to translate it into languages other than
- *  English.
- *
- *  The limited permissions granted above are perpetual and will not be
- *  revoked by the Internet Society or its successors or assigns.
-
- *  This document and the information contained herein is provided on an
- *  "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
- *  TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
- *  BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
- *  HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
- *  MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
- *
- *
- * 
+ * Copyright (c) 2011 IETF Trust and the persons identified as
+ * authors of the code.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or
+ * without modification, are permitted provided that the following
+ * conditions are met:
+ *
+ * - Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and
+ *   the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ *
+ * - Neither the name of Internet Society, IETF or IETF Trust, nor
+ *   the names of specific contributors, may be used to endorse or
+ *   promote products derived from this software without specific
+ *   prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
  *  Description:
- *	  This file implements the Secure Hashing Algorithm 1 as
- *	  defined in FIPS PUB 180-1 published April 17, 1995.
- *
- *	  The SHA-1, produces a 160-bit message digest for a given
- *	  data stream.  It should take about 2**n steps to find a
- *	  message with the same digest as a given message and
- *	  2**(n/2) to find any two messages with the same digest,
- *	  when n is the digest size in bits.  Therefore, this
- *	  algorithm can serve as a means of providing a
- *	  "fingerprint" for a message.
+ *      This file implements the Secure Hash Algorithm SHA-1
+ *      as defined in the U.S. National Institute of Standards
+ *      and Technology Federal Information Processing Standards
+ *      Publication (FIPS PUB) 180-3 published in October 2008
+ *      and formerly defined in its predecessors, FIPS PUB 180-1
+ *      and FIP PUB 180-2.
+ *
+ *      A combined document showing all algorithms is available at
+ *              http://csrc.nist.gov/publications/fips/
+ *                     fips180-3/fips180-3_final.pdf
+ *
+ *      The SHA-1 algorithm produces a 160-bit message digest for a
+ *      given data stream that can serve as a means of providing a
+ *      "fingerprint" for a message.
  *
  *  Portability Issues:
- *	  SHA-1 is defined in terms of 32-bit "words".  This code
- *	  uses <stdint.h> (included via "sha1.h" to define 32 and 8
- *	  bit unsigned integer types.  If your C compiler does not
- *	  support 32 bit unsigned integers, this code is not
- *	  appropriate.
+ *      SHA-1 is defined in terms of 32-bit "words".  This code
+ *      uses <stdint.h> (included via "sha.h") to define 32- and
+ *      8-bit unsigned integer types.  If your C compiler does
+ *      not support 32-bit unsigned integers, this code is not
+ *      appropriate.
  *
  *  Caveats:
- *	  SHA-1 is designed to work with messages less than 2^64 bits
- *	  long.  Although SHA-1 allows a message digest to be generated
- *	  for messages of any number of bits less than 2^64, this
- *	  implementation only works with messages with a length that is
- *	  a multiple of the size of an 8-bit character.
- *
- */
-
-#include "asterisk.h"
-#include "asterisk/sha1.h"
+ *      SHA-1 is designed to work with messages less than 2^64 bits
+ *      long.  This implementation uses SHA1Input() to hash the bits
+ *      that are a multiple of the size of an 8-bit octet, and then
+ *      optionally uses SHA1FinalBits() to hash the final few bits of
+ *      the input.
+ */
+
+#include <asterisk/sha1.h>
 
 /*! Define the SHA1 circular left shift macro */
-#define SHA1CircularShift(bits,word) \
-		         (((word) << (bits)) | ((word) >> (32-(bits))))
-
-/* Local Function Prototyptes */
-void SHA1PadMessage(SHA1Context *);
-void SHA1ProcessMessageBlock(SHA1Context *);
+#define SHA1_ROTL(bits,word) \
+                (((word) << (bits)) | ((word) >> (32-(bits))))
+
+/*
+ * Add "length" to the length.
+ * Set Corrupted when overflow has occurred.
+ */
+static uint32_t addTemp;
+#define SHA1AddLength(context, length)                     \
+    (addTemp = (context)->Length_Low,                      \
+     (context)->Corrupted =                                \
+        (((context)->Length_Low += (length)) < addTemp) && \
+        (++(context)->Length_High == 0) ? shaInputTooLong  \
+                                        : (context)->Corrupted )
+
+/* Local Function Prototypes */
+static void SHA1ProcessMessageBlock(SHA1Context * context);
+static void SHA1Finalize(SHA1Context * context, uint8_t Pad_Byte);
+static void SHA1PadMessage(SHA1Context * context, uint8_t Pad_Byte);
 
 /*!
  * \brief SHA1Reset
@@ -84,59 +104,18 @@
 		return shaNull;
 	}
 
-	context->Length_Low             = 0;
-	context->Length_High            = 0;
-	context->Message_Block_Index    = 0;
-
-	context->Intermediate_Hash[0]   = 0x67452301;
-	context->Intermediate_Hash[1]   = 0xEFCDAB89;
-	context->Intermediate_Hash[2]   = 0x98BADCFE;
-	context->Intermediate_Hash[3]   = 0x10325476;
-	context->Intermediate_Hash[4]   = 0xC3D2E1F0;
-
-	context->Computed               = 0;
-	context->Corrupted              = 0;
-
-	return shaSuccess;
-}
-
-/*!
- * \brief SHA1Result
- * \param context [in/out] The context to use to calculate the SHA-1 hash.
- * \param Message_Digest [out] Where the digest is returned.
- *  This function will return the 160-bit message digest into the
- *  Message_Digest array  provided by the caller.
- * \note The first octet of hash is stored in the 0th element, 
- * 	the last octet of hash in the 19th element.
- * \return sha Error Code.
- */
-int SHA1Result( SHA1Context *context,
-		         uint8_t Message_Digest[SHA1HashSize])
-{
-	int i;
-
-	if (!context || !Message_Digest) {
-		return shaNull;
-	}
-
-	if (context->Corrupted) {
-		return context->Corrupted;
-	}
-
-	if (!context->Computed) {
-		SHA1PadMessage(context);
-		for (i = 0; i < 64; ++i) {
-			/* message may be sensitive, clear it out */
-			context->Message_Block[i] = 0;
-		}
-		context->Length_Low = 0;    /* and clear length */
-		context->Length_High = 0;
-		context->Computed = 1;
-	}
-
-	for (i = 0; i < SHA1HashSize; ++i) {
-		Message_Digest[i] = context->Intermediate_Hash[i >> 2] >> 8 * ( 3 - ( i & 0x03 ) );
-	}
+	context->Length_High = context->Length_Low = 0;
+	context->Message_Block_Index = 0;
+
+	/* Initial Hash Values: FIPS 180-3 section 5.3.1 */
+	context->Intermediate_Hash[0] = 0x67452301;
+	context->Intermediate_Hash[1] = 0xEFCDAB89;
+	context->Intermediate_Hash[2] = 0x98BADCFE;
+	context->Intermediate_Hash[3] = 0x10325476;
+	context->Intermediate_Hash[4] = 0xC3D2E1F0;
+
+	context->Computed = 0;
+	context->Corrupted = shaSuccess;
 
 	return shaSuccess;
 }
@@ -151,13 +130,16 @@
  *  of the message.
  * \return sha Error Code.
  */
-int SHA1Input(SHA1Context *context, const uint8_t *message_array, unsigned length)
-{
+int SHA1Input(SHA1Context *context,
+			  const uint8_t *message_array, unsigned length)
+{
+	if (!context) {
+		return shaNull;
+	}
 	if (!length) {
 		return shaSuccess;
 	}
-
-	if (!context || !message_array) {
+	if (!message_array) {
 		return shaNull;
 	}
 
@@ -170,23 +152,98 @@
 		return context->Corrupted;
 	}
 
-	while (length-- && !context->Corrupted) {
-		context->Message_Block[context->Message_Block_Index++] = (*message_array & 0xFF);
-
-		context->Length_Low += 8;
-		if (context->Length_Low == 0) {
-			context->Length_High++;
-			if (context->Length_High == 0) {
-				/* Message is too long */
-				context->Corrupted = 1;
-			}
-		}
-
-		if (context->Message_Block_Index == 64) {
+	while (length--) {
+		context->Message_Block[context->Message_Block_Index++] =
+			*message_array;
+
+		if ((SHA1AddLength(context, 8) == shaSuccess) &&
+			(context->Message_Block_Index == SHA1_Message_Block_Size))
 			SHA1ProcessMessageBlock(context);
-		}
 
 		message_array++;
+	}
+
+	return context->Corrupted;
+}
+
+/*!
+ * \brief SHA1FinalBits Add in any final bits of the message.
+ *
+ * \param context [in/out] The SHA context to update.
+ * \param message_bits [in] The final bits of the message, in the upper portion of the
+ *     byte.  (Use 0b###00000 instead of 0b00000### to input the
+ *     three bits ###.)
+ * \param length [in] *     The number of bits in message_bits, between 1 and 7.
+ * \returns sha Error Code.
+ */
+int SHA1FinalBits(SHA1Context * context, uint8_t message_bits,
+				  unsigned int length)
+{
+	static uint8_t masks[8] = {
+		/* 0 0b00000000 */ 0x00, /* 1 0b10000000 */ 0x80,
+		/* 2 0b11000000 */ 0xC0, /* 3 0b11100000 */ 0xE0,
+		/* 4 0b11110000 */ 0xF0, /* 5 0b11111000 */ 0xF8,
+		/* 6 0b11111100 */ 0xFC, /* 7 0b11111110 */ 0xFE
+	};
+
+	static uint8_t markbit[8] = {
+		/* 0 0b10000000 */ 0x80, /* 1 0b01000000 */ 0x40,
+		/* 2 0b00100000 */ 0x20, /* 3 0b00010000 */ 0x10,
+		/* 4 0b00001000 */ 0x08, /* 5 0b00000100 */ 0x04,
+		/* 6 0b00000010 */ 0x02, /* 7 0b00000001 */ 0x01
+	};
+
+	if (!context)
+		return shaNull;
+	if (!length)
+		return shaSuccess;
+	if (context->Corrupted)
+		return context->Corrupted;
+	if (context->Computed)
+		return context->Corrupted = shaStateError;
+	if (length >= 8)
+		return context->Corrupted = shaBadParam;
+
+	SHA1AddLength(context, length);
+	SHA1Finalize(context,
+				 (uint8_t) ((message_bits & masks[length]) |
+							markbit[length]));
+
+	return context->Corrupted;
+}
+
+/*
+ * \brief SHA1Result Returns the resulting 160-bit digest
+ * \param context [in/out] The SHA context to update.
+ * \param Message_Digest [out] Where the digest is returned.
+ *
+ *   This function will return the 160-bit message digest
+ *   into the Message_Digest array provided by the caller.
+ * \note The first octet of hash is stored in the element with index 0,
+ *       the last octet of hash in the element with index 19.
+ * \returns sha Error Code.
+ */
+int SHA1Result(SHA1Context * context, uint8_t Message_Digest[SHA1HashSize])
+{
+	int i;
+
+	if (!context) {
+		return shaNull;
+	}
+	if (!Message_Digest) {
+		return shaNull;
+	}
+	if (context->Corrupted) {
+		return context->Corrupted;
+	}
+
+	if (!context->Computed) {
+		SHA1Finalize(context, 0x80);
+	}
+
+	for (i = 0; i < SHA1HashSize; ++i) {
+		Message_Digest[i] = (uint8_t) (context->Intermediate_Hash[i >> 2]
+				>> (8 * (3 - (i & 0x03))));
 	}
 
 	return shaSuccess;
@@ -200,31 +257,29 @@
  *	  names used in the publication.
  * \returns nothing.
  */
-void SHA1ProcessMessageBlock(SHA1Context *context)
-{
-	const uint32_t K[] =     {     /* Constants defined in SHA-1  */
-	                         0x5A827999,
-	                         0x6ED9EBA1,
-	                         0x8F1BBCDC,
-	                         0xCA62C1D6
-	                         };
-	int	        t;                 /* Loop counter                */
-	uint32_t    temp;              /* Temporary word value        */
-	uint32_t    W[80];             /* Word sequence               */
-	uint32_t    A, B, C, D, E;     /* Word buffers                */
+static void SHA1ProcessMessageBlock(SHA1Context *context)
+{
+	/* Constants defined in FIPS 180-3, section 4.2.1 */
+	const uint32_t K[4] = {
+		0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xCA62C1D6
+	};
+	int t;						/* Loop counter */
+	uint32_t temp;				/* Temporary word value */
+	uint32_t W[80];				/* Word sequence */
+	uint32_t A, B, C, D, E;		/* Word buffers */
 
 	/*
-	 *  Initialize the first 16 words in the array W
+	 * Initialize the first 16 words in the array W
 	 */
 	for (t = 0; t < 16; t++) {
-		W[t] = context->Message_Block[t * 4] << 24;
-		W[t] |= context->Message_Block[t * 4 + 1] << 16;
-		W[t] |= context->Message_Block[t * 4 + 2] << 8;
-		W[t] |= context->Message_Block[t * 4 + 3];
+		W[t] = ((uint32_t) context->Message_Block[t * 4]) << 24;
+		W[t] |= ((uint32_t) context->Message_Block[t * 4 + 1]) << 16;
+		W[t] |= ((uint32_t) context->Message_Block[t * 4 + 2]) << 8;
+		W[t] |= ((uint32_t) context->Message_Block[t * 4 + 3]);
 	}
 
 	for (t = 16; t < 80; t++) {
-		W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
+		W[t] = SHA1_ROTL(1, W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16]);
 	}
 
 	A = context->Intermediate_Hash[0];
@@ -234,37 +289,37 @@
 	E = context->Intermediate_Hash[4];
 
 	for (t = 0; t < 20; t++) {
-		temp = SHA1CircularShift(5,A) + ((B & C) | ((~B) & D)) + E + W[t] + K[0];
+		temp = SHA1_ROTL(5, A) + SHA_Ch(B, C, D) + E + W[t] + K[0];
 		E = D;
 		D = C;
-		C = SHA1CircularShift(30,B);
+		C = SHA1_ROTL(30, B);
 		B = A;
 		A = temp;
 	}
 
 	for (t = 20; t < 40; t++) {
-		temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
+		temp = SHA1_ROTL(5, A) + SHA_Parity(B, C, D) + E + W[t] + K[1];
 		E = D;
 		D = C;
-		C = SHA1CircularShift(30,B);
+		C = SHA1_ROTL(30, B);
 		B = A;
 		A = temp;
 	}
 
 	for (t = 40; t < 60; t++) {
-		temp = SHA1CircularShift(5,A) + ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
+		temp = SHA1_ROTL(5, A) + SHA_Maj(B, C, D) + E + W[t] + K[2];
 		E = D;
 		D = C;
-		C = SHA1CircularShift(30,B);
+		C = SHA1_ROTL(30, B);
 		B = A;
 		A = temp;
 	}
 
 	for (t = 60; t < 80; t++) {
-		temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
+		temp = SHA1_ROTL(5, A) + SHA_Parity(B, C, D) + E + W[t] + K[3];
 		E = D;
 		D = C;
-		C = SHA1CircularShift(30,B);
+		C = SHA1_ROTL(30, B);
 		B = A;
 		A = temp;
 	}
@@ -278,24 +333,45 @@
 	context->Message_Block_Index = 0;
 }
 
+/*!
+ * \brief This helper function finishes off the digest calculations.
+ * \param context [in/out]  The context to pad.
+ * \param Pad_byte [in]  The last byte to add to the message block
+ *     before the 0-padding and length.  This will contain the last
+ *     bits of the message followed by another single bit.  If the
+ *     message was an exact multiple of 8-bits long, Pad_Byte will
+ *     be 0x80.
+ * \returns sha Error Code.
+ */
+static void SHA1Finalize(SHA1Context * context, uint8_t Pad_Byte)
+{
+	int i;
+	SHA1PadMessage(context, Pad_Byte);
+	/* message may be sensitive, clear it out */
+	for (i = 0; i < SHA1_Message_Block_Size; ++i) {
+		context->Message_Block[i] = 0;
+	}
+	context->Length_High = 0;	/* and clear length */
+	context->Length_Low = 0;
+	context->Computed = 1;
+}
 
 /*!
  * \brief Pad message to be 512 bits.
  * \param context [in/out]  The context to pad.
- * 
- * According to the standard, the message must be padded to an even
- *  512 bits.  The first padding bit must be a '1'.  The last 64
- *  bits represent the length of the original message.  All bits in
- *  between should be 0.  This function will pad the message
- *  according to those rules by filling the Message_Block array
- *  accordingly.  It will also call the ProcessMessageBlock function
- *  provided appropriately.  When it returns, it can be assumed that
- *  the message digest has been computed.
+ * \param Pad_byte [in]  Last padding byte.
+ *
+ *  According to the standard, the message must be padded to the next
+ *  even multiple of 512 bits.  The first padding bit must be a '1'.
+ *  The last 64 bits represent the length of the original message.
+ *  All bits in between should be 0.  This helper function will pad
+ *  the message according to those rules by filling the Message_Block
+ *  array accordingly.  When it returns, it can be assumed that the
+ *  message digest has been computed.
  *
  * \returns nothing.
  */
-
-void SHA1PadMessage(SHA1Context *context)
+static void SHA1PadMessage(SHA1Context * context, uint8_t Pad_Byte)
 {
 	/*
 	 *  Check to see if the current message block is too small to hold
@@ -303,35 +379,31 @@
 	 *  block, process it, and then continue padding into a second
 	 *  block.
 	 */
-	if (context->Message_Block_Index > 55) {
-		context->Message_Block[context->Message_Block_Index++] = 0x80;
-		while (context->Message_Block_Index < 64) {
+	if (context->Message_Block_Index >= (SHA1_Message_Block_Size - 8)) {
+		context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
+		while (context->Message_Block_Index < SHA1_Message_Block_Size) {
 			context->Message_Block[context->Message_Block_Index++] = 0;
 		}
 
 		SHA1ProcessMessageBlock(context);
-
-		while (context->Message_Block_Index < 56) {
-			context->Message_Block[context->Message_Block_Index++] = 0;
-		}
-	} else {
-		context->Message_Block[context->Message_Block_Index++] = 0x80;
-		while (context->Message_Block_Index < 56) {
-			context->Message_Block[context->Message_Block_Index++] = 0;
-		}
+	} else
+		context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
+
+	while (context->Message_Block_Index < (SHA1_Message_Block_Size - 8)) {
+		context->Message_Block[context->Message_Block_Index++] = 0;
 	}
 
 	/*
 	 *  Store the message length as the last 8 octets
 	 */
-	context->Message_Block[56] = context->Length_High >> 24;
-	context->Message_Block[57] = context->Length_High >> 16;
-	context->Message_Block[58] = context->Length_High >> 8;
-	context->Message_Block[59] = context->Length_High;
-	context->Message_Block[60] = context->Length_Low >> 24;
-	context->Message_Block[61] = context->Length_Low >> 16;
-	context->Message_Block[62] = context->Length_Low >> 8;
-	context->Message_Block[63] = context->Length_Low;
+	context->Message_Block[56] = (uint8_t) (context->Length_High >> 24);
+	context->Message_Block[57] = (uint8_t) (context->Length_High >> 16);
+	context->Message_Block[58] = (uint8_t) (context->Length_High >> 8);
+	context->Message_Block[59] = (uint8_t) (context->Length_High);
+	context->Message_Block[60] = (uint8_t) (context->Length_Low >> 24);
+	context->Message_Block[61] = (uint8_t) (context->Length_Low >> 16);
+	context->Message_Block[62] = (uint8_t) (context->Length_Low >> 8);
+	context->Message_Block[63] = (uint8_t) (context->Length_Low);
 
 	SHA1ProcessMessageBlock(context);
 }




More information about the asterisk-commits mailing list