/* sha1.c - SHA1 hash function
* Copyright (C) 1998, 2001, 2002, 2003, 2008 Free Software Foundation, Inc.
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see .
*/
/* Test vectors:
*
* "abc"
* A999 3E36 4706 816A BA3E 2571 7850 C26C 9CD0 D89D
*
* "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
* 8498 3E44 1C3B D26E BAAE 4AA1 F951 29E5 E546 70F1
*/
#include
#include
#include
#include
#ifdef HAVE_STDINT_H
# include
#endif
#include "g10lib.h"
#include "bithelp.h"
#include "bufhelp.h"
#include "cipher.h"
#include "sha1.h"
/* USE_SSSE3 indicates whether to compile with Intel SSSE3 code. */
#undef USE_SSSE3
#if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_SSSE3) && \
(defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS))
# define USE_SSSE3 1
#endif
/* USE_AVX indicates whether to compile with Intel AVX code. */
#undef USE_AVX
#if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_AVX) && \
(defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS))
# define USE_AVX 1
#endif
/* USE_BMI2 indicates whether to compile with Intel AVX/BMI2 code. */
#undef USE_BMI2
#if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_AVX) && \
defined(HAVE_GCC_INLINE_ASM_BMI2) && \
(defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS))
# define USE_BMI2 1
#endif
/* USE_AVX2 indicates whether to compile with Intel AVX2/BMI2 code. */
#undef USE_AVX2
#if defined(USE_BMI2) && defined(HAVE_GCC_INLINE_ASM_AVX2)
# define USE_AVX2 1
#endif
/* USE_SHAEXT indicates whether to compile with Intel SHA Extension code. */
#undef USE_SHAEXT
#if defined(HAVE_GCC_INLINE_ASM_SHAEXT) && \
defined(HAVE_GCC_INLINE_ASM_SSE41) && \
defined(ENABLE_SHAEXT_SUPPORT)
# define USE_SHAEXT 1
#endif
/* USE_NEON indicates whether to enable ARM NEON assembly code. */
#undef USE_NEON
#ifdef ENABLE_NEON_SUPPORT
# if defined(HAVE_ARM_ARCH_V6) && defined(__ARMEL__) \
&& defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) \
&& defined(HAVE_GCC_INLINE_ASM_NEON)
# define USE_NEON 1
# endif
#endif
/* USE_ARM_CE indicates whether to enable ARMv8 Crypto Extension assembly
* code. */
#undef USE_ARM_CE
#ifdef ENABLE_ARM_CRYPTO_SUPPORT
# if defined(HAVE_ARM_ARCH_V6) && defined(__ARMEL__) \
&& defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) \
&& defined(HAVE_GCC_INLINE_ASM_AARCH32_CRYPTO)
# define USE_ARM_CE 1
# elif defined(__AARCH64EL__) \
&& defined(HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS) \
&& defined(HAVE_GCC_INLINE_ASM_AARCH64_CRYPTO)
# define USE_ARM_CE 1
# endif
#endif
/* A macro to test whether P is properly aligned for an u32 type.
Note that config.h provides a suitable replacement for uintptr_t if
it does not exist in stdint.h. */
/* #if __GNUC__ >= 2 */
/* # define U32_ALIGNED_P(p) (!(((uintptr_t)p) % __alignof__ (u32))) */
/* #else */
/* # define U32_ALIGNED_P(p) (!(((uintptr_t)p) % sizeof (u32))) */
/* #endif */
/* Assembly implementations use SystemV ABI, ABI conversion and additional
* stack to store XMM6-XMM15 needed on Win64. */
#undef ASM_FUNC_ABI
#undef ASM_EXTRA_STACK
#if defined(USE_SSSE3) || defined(USE_AVX) || defined(USE_BMI2) || \
defined(USE_SHAEXT)
# ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
# define ASM_FUNC_ABI __attribute__((sysv_abi))
# define ASM_EXTRA_STACK (10 * 16 + sizeof(void *) * 4)
# else
# define ASM_FUNC_ABI
# define ASM_EXTRA_STACK 0
# endif
#endif
#ifdef USE_SSSE3
unsigned int
_gcry_sha1_transform_amd64_ssse3 (void *state, const unsigned char *data,
size_t nblks) ASM_FUNC_ABI;
static unsigned int
do_sha1_transform_amd64_ssse3 (void *ctx, const unsigned char *data,
size_t nblks)
{
SHA1_CONTEXT *hd = ctx;
return _gcry_sha1_transform_amd64_ssse3 (&hd->h0, data, nblks)
+ ASM_EXTRA_STACK;
}
#endif
#ifdef USE_AVX
unsigned int
_gcry_sha1_transform_amd64_avx (void *state, const unsigned char *data,
size_t nblks) ASM_FUNC_ABI;
static unsigned int
do_sha1_transform_amd64_avx (void *ctx, const unsigned char *data,
size_t nblks)
{
SHA1_CONTEXT *hd = ctx;
return _gcry_sha1_transform_amd64_avx (&hd->h0, data, nblks)
+ ASM_EXTRA_STACK;
}
#endif
#ifdef USE_BMI2
unsigned int
_gcry_sha1_transform_amd64_avx_bmi2 (void *state, const unsigned char *data,
size_t nblks) ASM_FUNC_ABI;
static unsigned int
do_sha1_transform_amd64_avx_bmi2 (void *ctx, const unsigned char *data,
size_t nblks)
{
SHA1_CONTEXT *hd = ctx;
return _gcry_sha1_transform_amd64_avx_bmi2 (&hd->h0, data, nblks)
+ ASM_EXTRA_STACK;
}
#ifdef USE_AVX2
unsigned int
_gcry_sha1_transform_amd64_avx2_bmi2 (void *state, const unsigned char *data,
size_t nblks) ASM_FUNC_ABI;
static unsigned int
do_sha1_transform_amd64_avx2_bmi2 (void *ctx, const unsigned char *data,
size_t nblks)
{
SHA1_CONTEXT *hd = ctx;
/* AVX2/BMI2 function only handles pair of blocks so nblks needs to be
* multiple of 2 and function does not handle zero nblks. Use AVX/BMI2
* code to handle these cases. */
if (nblks <= 1)
return do_sha1_transform_amd64_avx_bmi2 (ctx, data, nblks);
if (nblks & 1)
{
(void)_gcry_sha1_transform_amd64_avx_bmi2 (&hd->h0, data, 1);
nblks--;
data += 64;
}
return _gcry_sha1_transform_amd64_avx2_bmi2 (&hd->h0, data, nblks)
+ ASM_EXTRA_STACK;
}
#endif /* USE_AVX2 */
#endif /* USE_BMI2 */
#ifdef USE_SHAEXT
/* Does not need ASM_FUNC_ABI */
unsigned int
_gcry_sha1_transform_intel_shaext (void *state, const unsigned char *data,
size_t nblks);
static unsigned int
do_sha1_transform_intel_shaext (void *ctx, const unsigned char *data,
size_t nblks)
{
SHA1_CONTEXT *hd = ctx;
return _gcry_sha1_transform_intel_shaext (&hd->h0, data, nblks);
}
#endif
#ifdef USE_NEON
unsigned int
_gcry_sha1_transform_armv7_neon (void *state, const unsigned char *data,
size_t nblks);
static unsigned int
do_sha1_transform_armv7_neon (void *ctx, const unsigned char *data,
size_t nblks)
{
SHA1_CONTEXT *hd = ctx;
return _gcry_sha1_transform_armv7_neon (&hd->h0, data, nblks);
}
#endif
#ifdef USE_ARM_CE
unsigned int
_gcry_sha1_transform_armv8_ce (void *state, const unsigned char *data,
size_t nblks);
static unsigned int
do_sha1_transform_armv8_ce (void *ctx, const unsigned char *data,
size_t nblks)
{
SHA1_CONTEXT *hd = ctx;
return _gcry_sha1_transform_armv8_ce (&hd->h0, data, nblks);
}
#endif
#ifdef SHA1_USE_S390X_CRYPTO
#include "asm-inline-s390x.h"
static unsigned int
do_sha1_transform_s390x (void *ctx, const unsigned char *data, size_t nblks)
{
SHA1_CONTEXT *hd = ctx;
kimd_execute (KMID_FUNCTION_SHA1, &hd->h0, data, nblks * 64);
return 0;
}
static unsigned int
do_sha1_final_s390x (void *ctx, const unsigned char *data, size_t datalen,
u32 len_msb, u32 len_lsb)
{
SHA1_CONTEXT *hd = ctx;
/* Make sure that 'final_len' is positioned at correct offset relative
* to 'h0'. This is because we are passing 'h0' pointer as start of
* parameter block to 'klmd' instruction. */
gcry_assert (offsetof (SHA1_CONTEXT, final_len_msb)
- offsetof (SHA1_CONTEXT, h0) == 5 * sizeof(u32));
gcry_assert (offsetof (SHA1_CONTEXT, final_len_lsb)
- offsetof (SHA1_CONTEXT, final_len_msb) == 1 * sizeof(u32));
hd->final_len_msb = len_msb;
hd->final_len_lsb = len_lsb;
klmd_execute (KMID_FUNCTION_SHA1, &hd->h0, data, datalen);
return 0;
}
#endif
static unsigned int
do_transform_generic (void *c, const unsigned char *data, size_t nblks);
static void
sha1_init (void *context, unsigned int flags)
{
SHA1_CONTEXT *hd = context;
unsigned int features = _gcry_get_hw_features ();
(void)flags;
hd->h0 = 0x67452301;
hd->h1 = 0xefcdab89;
hd->h2 = 0x98badcfe;
hd->h3 = 0x10325476;
hd->h4 = 0xc3d2e1f0;
hd->bctx.nblocks = 0;
hd->bctx.nblocks_high = 0;
hd->bctx.count = 0;
hd->bctx.blocksize_shift = _gcry_ctz(64);
/* Order of feature checks is important here; last match will be
* selected. Keep slower implementations at the top and faster at
* the bottom. */
hd->bctx.bwrite = do_transform_generic;
#ifdef USE_SSSE3
if ((features & HWF_INTEL_SSSE3) != 0)
hd->bctx.bwrite = do_sha1_transform_amd64_ssse3;
#endif
#ifdef USE_AVX
/* AVX implementation uses SHLD which is known to be slow on non-Intel CPUs.
* Therefore use this implementation on Intel CPUs only. */
if ((features & HWF_INTEL_AVX) && (features & HWF_INTEL_FAST_SHLD))
hd->bctx.bwrite = do_sha1_transform_amd64_avx;
#endif
#ifdef USE_BMI2
if ((features & HWF_INTEL_AVX) && (features & HWF_INTEL_BMI2))
hd->bctx.bwrite = do_sha1_transform_amd64_avx_bmi2;
#endif
#ifdef USE_AVX2
if ((features & HWF_INTEL_AVX2) && (features & HWF_INTEL_AVX) &&
(features & HWF_INTEL_BMI2))
hd->bctx.bwrite = do_sha1_transform_amd64_avx2_bmi2;
#endif
#ifdef USE_SHAEXT
if ((features & HWF_INTEL_SHAEXT) && (features & HWF_INTEL_SSE4_1))
hd->bctx.bwrite = do_sha1_transform_intel_shaext;
#endif
#ifdef USE_NEON
if ((features & HWF_ARM_NEON) != 0)
hd->bctx.bwrite = do_sha1_transform_armv7_neon;
#endif
#ifdef USE_ARM_CE
if ((features & HWF_ARM_SHA1) != 0)
hd->bctx.bwrite = do_sha1_transform_armv8_ce;
#endif
#ifdef SHA1_USE_S390X_CRYPTO
hd->use_s390x_crypto = 0;
if ((features & HWF_S390X_MSA) != 0)
{
if ((kimd_query () & km_function_to_mask (KMID_FUNCTION_SHA1)) &&
(klmd_query () & km_function_to_mask (KMID_FUNCTION_SHA1)))
{
hd->bctx.bwrite = do_sha1_transform_s390x;
hd->use_s390x_crypto = 1;
}
}
#endif
(void)features;
}
/*
* Initialize the context HD. This is used to prepare the use of
* _gcry_sha1_mixblock. WARNING: This is a special purpose function
* for exclusive use by random-csprng.c.
*/
void
_gcry_sha1_mixblock_init (SHA1_CONTEXT *hd)
{
sha1_init (hd, 0);
}
/* Round function macros. */
#define K1 0x5A827999L
#define K2 0x6ED9EBA1L
#define K3 0x8F1BBCDCL
#define K4 0xCA62C1D6L
#define F1(x,y,z) ( z ^ ( x & ( y ^ z ) ) )
#define F2(x,y,z) ( x ^ y ^ z )
#define F3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) )
#define F4(x,y,z) ( x ^ y ^ z )
#define M(i) ( tm = x[ i &0x0f] \
^ x[(i-14)&0x0f] \
^ x[(i-8) &0x0f] \
^ x[(i-3) &0x0f], \
(x[i&0x0f] = rol(tm, 1)))
#define R(a,b,c,d,e,f,k,m) do { e += rol( a, 5 ) \
+ f( b, c, d ) \
+ k \
+ m; \
b = rol( b, 30 ); \
} while(0)
/*
* Transform NBLOCKS of each 64 bytes (16 32-bit words) at DATA.
*/
static unsigned int
do_transform_generic (void *ctx, const unsigned char *data, size_t nblks)
{
SHA1_CONTEXT *hd = ctx;
do
{
const u32 *idata = (const void *)data;
u32 a, b, c, d, e; /* Local copies of the chaining variables. */
u32 tm; /* Helper. */
u32 x[16]; /* The array we work on. */
#define I(i) (x[i] = buf_get_be32(idata + i))
/* Get the values of the chaining variables. */
a = hd->h0;
b = hd->h1;
c = hd->h2;
d = hd->h3;
e = hd->h4;
/* Transform. */
R( a, b, c, d, e, F1, K1, I( 0) );
R( e, a, b, c, d, F1, K1, I( 1) );
R( d, e, a, b, c, F1, K1, I( 2) );
R( c, d, e, a, b, F1, K1, I( 3) );
R( b, c, d, e, a, F1, K1, I( 4) );
R( a, b, c, d, e, F1, K1, I( 5) );
R( e, a, b, c, d, F1, K1, I( 6) );
R( d, e, a, b, c, F1, K1, I( 7) );
R( c, d, e, a, b, F1, K1, I( 8) );
R( b, c, d, e, a, F1, K1, I( 9) );
R( a, b, c, d, e, F1, K1, I(10) );
R( e, a, b, c, d, F1, K1, I(11) );
R( d, e, a, b, c, F1, K1, I(12) );
R( c, d, e, a, b, F1, K1, I(13) );
R( b, c, d, e, a, F1, K1, I(14) );
R( a, b, c, d, e, F1, K1, I(15) );
R( e, a, b, c, d, F1, K1, M(16) );
R( d, e, a, b, c, F1, K1, M(17) );
R( c, d, e, a, b, F1, K1, M(18) );
R( b, c, d, e, a, F1, K1, M(19) );
R( a, b, c, d, e, F2, K2, M(20) );
R( e, a, b, c, d, F2, K2, M(21) );
R( d, e, a, b, c, F2, K2, M(22) );
R( c, d, e, a, b, F2, K2, M(23) );
R( b, c, d, e, a, F2, K2, M(24) );
R( a, b, c, d, e, F2, K2, M(25) );
R( e, a, b, c, d, F2, K2, M(26) );
R( d, e, a, b, c, F2, K2, M(27) );
R( c, d, e, a, b, F2, K2, M(28) );
R( b, c, d, e, a, F2, K2, M(29) );
R( a, b, c, d, e, F2, K2, M(30) );
R( e, a, b, c, d, F2, K2, M(31) );
R( d, e, a, b, c, F2, K2, M(32) );
R( c, d, e, a, b, F2, K2, M(33) );
R( b, c, d, e, a, F2, K2, M(34) );
R( a, b, c, d, e, F2, K2, M(35) );
R( e, a, b, c, d, F2, K2, M(36) );
R( d, e, a, b, c, F2, K2, M(37) );
R( c, d, e, a, b, F2, K2, M(38) );
R( b, c, d, e, a, F2, K2, M(39) );
R( a, b, c, d, e, F3, K3, M(40) );
R( e, a, b, c, d, F3, K3, M(41) );
R( d, e, a, b, c, F3, K3, M(42) );
R( c, d, e, a, b, F3, K3, M(43) );
R( b, c, d, e, a, F3, K3, M(44) );
R( a, b, c, d, e, F3, K3, M(45) );
R( e, a, b, c, d, F3, K3, M(46) );
R( d, e, a, b, c, F3, K3, M(47) );
R( c, d, e, a, b, F3, K3, M(48) );
R( b, c, d, e, a, F3, K3, M(49) );
R( a, b, c, d, e, F3, K3, M(50) );
R( e, a, b, c, d, F3, K3, M(51) );
R( d, e, a, b, c, F3, K3, M(52) );
R( c, d, e, a, b, F3, K3, M(53) );
R( b, c, d, e, a, F3, K3, M(54) );
R( a, b, c, d, e, F3, K3, M(55) );
R( e, a, b, c, d, F3, K3, M(56) );
R( d, e, a, b, c, F3, K3, M(57) );
R( c, d, e, a, b, F3, K3, M(58) );
R( b, c, d, e, a, F3, K3, M(59) );
R( a, b, c, d, e, F4, K4, M(60) );
R( e, a, b, c, d, F4, K4, M(61) );
R( d, e, a, b, c, F4, K4, M(62) );
R( c, d, e, a, b, F4, K4, M(63) );
R( b, c, d, e, a, F4, K4, M(64) );
R( a, b, c, d, e, F4, K4, M(65) );
R( e, a, b, c, d, F4, K4, M(66) );
R( d, e, a, b, c, F4, K4, M(67) );
R( c, d, e, a, b, F4, K4, M(68) );
R( b, c, d, e, a, F4, K4, M(69) );
R( a, b, c, d, e, F4, K4, M(70) );
R( e, a, b, c, d, F4, K4, M(71) );
R( d, e, a, b, c, F4, K4, M(72) );
R( c, d, e, a, b, F4, K4, M(73) );
R( b, c, d, e, a, F4, K4, M(74) );
R( a, b, c, d, e, F4, K4, M(75) );
R( e, a, b, c, d, F4, K4, M(76) );
R( d, e, a, b, c, F4, K4, M(77) );
R( c, d, e, a, b, F4, K4, M(78) );
R( b, c, d, e, a, F4, K4, M(79) );
/* Update the chaining variables. */
hd->h0 += a;
hd->h1 += b;
hd->h2 += c;
hd->h3 += d;
hd->h4 += e;
data += 64;
}
while (--nblks);
return 88+4*sizeof(void*);
}
/*
* Apply the SHA-1 transform function on the buffer BLOCKOF64BYTE
* which must have a length 64 bytes. BLOCKOF64BYTE must be 32-bit
* aligned. Updates the 20 bytes in BLOCKOF64BYTE with its mixed
* content. Returns the number of bytes which should be burned on the
* stack. You need to use _gcry_sha1_mixblock_init to initialize the
* context.
* WARNING: This is a special purpose function for exclusive use by
* random-csprng.c.
*/
unsigned int
_gcry_sha1_mixblock (SHA1_CONTEXT *hd, void *blockof64byte)
{
u32 *p = blockof64byte;
unsigned int nburn;
nburn = (*hd->bctx.bwrite) (hd, blockof64byte, 1);
p[0] = hd->h0;
p[1] = hd->h1;
p[2] = hd->h2;
p[3] = hd->h3;
p[4] = hd->h4;
return nburn;
}
/* The routine final terminates the computation and
* returns the digest.
* The handle is prepared for a new cycle, but adding bytes to the
* handle will the destroy the returned buffer.
* Returns: 20 bytes representing the digest.
*/
static void
sha1_final(void *context)
{
SHA1_CONTEXT *hd = context;
u32 t, th, msb, lsb;
unsigned char *p;
unsigned int burn;
t = hd->bctx.nblocks;
if (sizeof t == sizeof hd->bctx.nblocks)
th = hd->bctx.nblocks_high;
else
th = hd->bctx.nblocks >> 32;
/* multiply by 64 to make a byte count */
lsb = t << 6;
msb = (th << 6) | (t >> 26);
/* add the count */
t = lsb;
if( (lsb += hd->bctx.count) < t )
msb++;
/* multiply by 8 to make a bit count */
t = lsb;
lsb <<= 3;
msb <<= 3;
msb |= t >> 29;
if (0)
{ }
#ifdef SHA1_USE_S390X_CRYPTO
else if (hd->use_s390x_crypto)
{
burn = do_sha1_final_s390x (hd, hd->bctx.buf, hd->bctx.count, msb, lsb);
}
#endif
else if (hd->bctx.count < 56) /* enough room */
{
hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad */
if (hd->bctx.count < 56)
memset (&hd->bctx.buf[hd->bctx.count], 0, 56 - hd->bctx.count);
/* append the 64 bit count */
buf_put_be32(hd->bctx.buf + 56, msb);
buf_put_be32(hd->bctx.buf + 60, lsb);
burn = (*hd->bctx.bwrite) ( hd, hd->bctx.buf, 1 );
}
else /* need one extra block */
{
hd->bctx.buf[hd->bctx.count++] = 0x80; /* pad character */
/* fill pad and next block with zeroes */
memset (&hd->bctx.buf[hd->bctx.count], 0, 64 - hd->bctx.count + 56);
/* append the 64 bit count */
buf_put_be32(hd->bctx.buf + 64 + 56, msb);
buf_put_be32(hd->bctx.buf + 64 + 60, lsb);
burn = (*hd->bctx.bwrite) ( hd, hd->bctx.buf, 2 );
}
p = hd->bctx.buf;
#define X(a) do { buf_put_be32(p, hd->h##a); p += 4; } while(0)
X(0);
X(1);
X(2);
X(3);
X(4);
#undef X
hd->bctx.count = 0;
_gcry_burn_stack (burn);
}
static unsigned char *
sha1_read( void *context )
{
SHA1_CONTEXT *hd = context;
return hd->bctx.buf;
}
/****************
* Shortcut functions which puts the hash value of the supplied buffer iov
* into outbuf which must have a size of 20 bytes.
*/
static void
_gcry_sha1_hash_buffers (void *outbuf, size_t nbytes,
const gcry_buffer_t *iov, int iovcnt)
{
SHA1_CONTEXT hd;
(void)nbytes;
sha1_init (&hd, 0);
for (;iovcnt > 0; iov++, iovcnt--)
_gcry_md_block_write (&hd,
(const char*)iov[0].data + iov[0].off, iov[0].len);
sha1_final (&hd);
memcpy (outbuf, hd.bctx.buf, 20);
}
/* Variant of the above shortcut function using a single buffer. */
void
_gcry_sha1_hash_buffer (void *outbuf, const void *buffer, size_t length)
{
gcry_buffer_t iov = { 0 };
iov.data = (void *)buffer;
iov.len = length;
_gcry_sha1_hash_buffers (outbuf, 20, &iov, 1);
}
�
/*
Self-test section.
*/
static gpg_err_code_t
selftests_sha1 (int extended, selftest_report_func_t report)
{
const char *what;
const char *errtxt;
what = "short string";
errtxt = _gcry_hash_selftest_check_one
(GCRY_MD_SHA1, 0,
"abc", 3,
"\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
"\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D", 20);
if (errtxt)
goto failed;
if (extended)
{
what = "long string";
errtxt = _gcry_hash_selftest_check_one
(GCRY_MD_SHA1, 0,
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
"\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE"
"\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1", 20);
if (errtxt)
goto failed;
what = "one million \"a\"";
errtxt = _gcry_hash_selftest_check_one
(GCRY_MD_SHA1, 1,
NULL, 0,
"\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E"
"\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F", 20);
if (errtxt)
goto failed;
}
return 0; /* Succeeded. */
failed:
if (report)
report ("digest", GCRY_MD_SHA1, what, errtxt);
return GPG_ERR_SELFTEST_FAILED;
}
/* Run a full self-test for ALGO and return 0 on success. */
static gpg_err_code_t
run_selftests (int algo, int extended, selftest_report_func_t report)
{
gpg_err_code_t ec;
switch (algo)
{
case GCRY_MD_SHA1:
ec = selftests_sha1 (extended, report);
break;
default:
ec = GPG_ERR_DIGEST_ALGO;
break;
}
return ec;
}
�
static const unsigned char asn[15] = /* Object ID is 1.3.14.3.2.26 */
{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
static const gcry_md_oid_spec_t oid_spec_sha1[] =
{
/* iso.member-body.us.rsadsi.pkcs.pkcs-1.5 (sha1WithRSAEncryption) */
{ "1.2.840.113549.1.1.5" },
/* iso.member-body.us.x9-57.x9cm.3 (dsaWithSha1)*/
{ "1.2.840.10040.4.3" },
/* from NIST's OIW (sha1) */
{ "1.3.14.3.2.26" },
/* from NIST OIW (sha-1WithRSAEncryption) */
{ "1.3.14.3.2.29" },
/* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha1 */
{ "1.2.840.10045.4.1" },
{ NULL },
};
const gcry_md_spec_t _gcry_digest_spec_sha1 =
{
GCRY_MD_SHA1, {0, 1},
"SHA1", asn, DIM (asn), oid_spec_sha1, 20,
sha1_init, _gcry_md_block_write, sha1_final, sha1_read, NULL,
_gcry_sha1_hash_buffers,
sizeof (SHA1_CONTEXT),
run_selftests
};