[deliverable/linux.git] / lib / sha1.c

/*
 * SHA transform algorithm, originally taken from code written by
 * Peter Gutmann, and placed in the public domain.
 */

#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/cryptohash.h>

/* The SHA f()-functions.  */

#define f1(x,y,z)   (z ^ (x & (y ^ z)))		/* x ? y : z */
#define f2(x,y,z)   (x ^ y ^ z)			/* XOR */
#define f3(x,y,z)   ((x & y) + (z & (x ^ y)))	/* majority */

/* The SHA Mysterious Constants */

#define K1  0x5A827999L			/* Rounds  0-19: sqrt(2) * 2^30 */
#define K2  0x6ED9EBA1L			/* Rounds 20-39: sqrt(3) * 2^30 */
#define K3  0x8F1BBCDCL			/* Rounds 40-59: sqrt(5) * 2^30 */
#define K4  0xCA62C1D6L			/* Rounds 60-79: sqrt(10) * 2^30 */

/**
 * sha_transform - single block SHA1 transform
 *
 * @digest: 160 bit digest to update
 * @data:   512 bits of data to hash
 * @W:      80 words of workspace (see note)
 *
 * This function generates a SHA1 digest for a single 512-bit block.
 * Be warned, it does not handle padding and message digest, do not
 * confuse it with the full FIPS 180-1 digest algorithm for variable
 * length messages.
 *
 * Note: If the hash is security sensitive, the caller should be sure
 * to clear the workspace. This is left to the caller to avoid
 * unnecessary clears between chained hashing operations.
 */
void sha_transform(__u32 *digest, const char *in, __u32 *W)
{
	__u32 a, b, c, d, e, t, i;

	for (i = 0; i < 16; i++)
		W[i] = be32_to_cpu(((const __be32 *)in)[i]);

	for (i = 0; i < 64; i++)
		W[i+16] = rol32(W[i+13] ^ W[i+8] ^ W[i+2] ^ W[i], 1);

	a = digest[0];
	b = digest[1];
	c = digest[2];
	d = digest[3];
	e = digest[4];

	for (i = 0; i < 20; i++) {
		t = f1(b, c, d) + K1 + rol32(a, 5) + e + W[i];
		e = d; d = c; c = rol32(b, 30); b = a; a = t;
	}

	for (; i < 40; i ++) {
		t = f2(b, c, d) + K2 + rol32(a, 5) + e + W[i];
		e = d; d = c; c = rol32(b, 30); b = a; a = t;
	}

	for (; i < 60; i ++) {
		t = f3(b, c, d) + K3 + rol32(a, 5) + e + W[i];
		e = d; d = c; c = rol32(b, 30); b = a; a = t;
	}

	for (; i < 80; i ++) {
		t = f2(b, c, d) + K4 + rol32(a, 5) + e + W[i];
		e = d; d = c; c = rol32(b, 30); b = a; a = t;
	}

	digest[0] += a;
	digest[1] += b;
	digest[2] += c;
	digest[3] += d;
	digest[4] += e;
}
EXPORT_SYMBOL(sha_transform);

/**
 * sha_init - initialize the vectors for a SHA1 digest
 * @buf: vector to initialize
 */
void sha_init(__u32 *buf)
{
	buf[0] = 0x67452301;
	buf[1] = 0xefcdab89;
	buf[2] = 0x98badcfe;
	buf[3] = 0x10325476;
	buf[4] = 0xc3d2e1f0;
}
Commit	Line	Data
1da177e4 LT	1	/*
	2	* SHA transform algorithm, originally taken from code written by
	3	* Peter Gutmann, and placed in the public domain.
	4	*/
	5
	6	#include <linux/kernel.h>
	7	#include <linux/module.h>
	8	#include <linux/cryptohash.h>
	9
	10	/* The SHA f()-functions. */
	11
	12	#define f1(x,y,z) (z ^ (x & (y ^ z))) /* x ? y : z */
	13	#define f2(x,y,z) (x ^ y ^ z) /* XOR */
	14	#define f3(x,y,z) ((x & y) + (z & (x ^ y))) /* majority */
	15
	16	/* The SHA Mysterious Constants */
	17
	18	#define K1 0x5A827999L /* Rounds 0-19: sqrt(2) * 2^30 */
	19	#define K2 0x6ED9EBA1L /* Rounds 20-39: sqrt(3) * 2^30 */
	20	#define K3 0x8F1BBCDCL /* Rounds 40-59: sqrt(5) * 2^30 */
	21	#define K4 0xCA62C1D6L /* Rounds 60-79: sqrt(10) * 2^30 */
	22
72fd4a35 RD	23	/**
72fd4a35 RD	24	* sha_transform - single block SHA1 transform
1da177e4 LT	25	*
	26	* @digest: 160 bit digest to update
	27	* @data: 512 bits of data to hash
	28	* @W: 80 words of workspace (see note)
	29	*
	30	* This function generates a SHA1 digest for a single 512-bit block.
	31	* Be warned, it does not handle padding and message digest, do not
	32	* confuse it with the full FIPS 180-1 digest algorithm for variable
	33	* length messages.
	34	*
	35	* Note: If the hash is security sensitive, the caller should be sure
	36	* to clear the workspace. This is left to the caller to avoid
	37	* unnecessary clears between chained hashing operations.
	38	*/
	39	void sha_transform(__u32 digest, const char in, __u32 *W)
	40	{
	41	__u32 a, b, c, d, e, t, i;
	42
	43	for (i = 0; i < 16; i++)
23712b2f	44	W[i] = be32_to_cpu(((const __be32 *)in)[i]);
1da177e4 LT	45
	46	for (i = 0; i < 64; i++)
	47	W[i+16] = rol32(W[i+13] ^ W[i+8] ^ W[i+2] ^ W[i], 1);
	48
	49	a = digest[0];
	50	b = digest[1];
	51	c = digest[2];
	52	d = digest[3];
	53	e = digest[4];
	54
	55	for (i = 0; i < 20; i++) {
	56	t = f1(b, c, d) + K1 + rol32(a, 5) + e + W[i];
	57	e = d; d = c; c = rol32(b, 30); b = a; a = t;
	58	}
	59
	60	for (; i < 40; i ++) {
	61	t = f2(b, c, d) + K2 + rol32(a, 5) + e + W[i];
	62	e = d; d = c; c = rol32(b, 30); b = a; a = t;
	63	}
	64
	65	for (; i < 60; i ++) {
	66	t = f3(b, c, d) + K3 + rol32(a, 5) + e + W[i];
	67	e = d; d = c; c = rol32(b, 30); b = a; a = t;
	68	}
	69
	70	for (; i < 80; i ++) {
	71	t = f2(b, c, d) + K4 + rol32(a, 5) + e + W[i];
	72	e = d; d = c; c = rol32(b, 30); b = a; a = t;
	73	}
	74
	75	digest[0] += a;
	76	digest[1] += b;
	77	digest[2] += c;
	78	digest[3] += d;
	79	digest[4] += e;
	80	}
	81	EXPORT_SYMBOL(sha_transform);
	82
72fd4a35 RD	83	/**
72fd4a35 RD	84	* sha_init - initialize the vectors for a SHA1 digest
1da177e4 LT	85	* @buf: vector to initialize
	86	*/
	87	void sha_init(__u32 *buf)
	88	{
	89	buf[0] = 0x67452301;
	90	buf[1] = 0xefcdab89;
	91	buf[2] = 0x98badcfe;
	92	buf[3] = 0x10325476;
	93	buf[4] = 0xc3d2e1f0;
	94	}
	95