| Eric Christopher | 3390a8f | 2018-03-09 00:23:35 +0000 | [diff] [blame] | 1 | //====- SHA1.cpp - Private copy of the SHA1 implementation ---*- C++ -* ======// | 
| Mehdi Amini | 4cd5702 | 2016-04-01 04:30:16 +0000 | [diff] [blame] | 2 | // | 
| Chandler Carruth | 2946cd7 | 2019-01-19 08:50:56 +0000 | [diff] [blame] | 3 | // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. | 
|  | 4 | // See https://llvm.org/LICENSE.txt for license information. | 
|  | 5 | // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception | 
| Mehdi Amini | 4cd5702 | 2016-04-01 04:30:16 +0000 | [diff] [blame] | 6 | // | 
|  | 7 | //===----------------------------------------------------------------------===// | 
| Rui Ueyama | fe33661 | 2016-11-20 01:03:22 +0000 | [diff] [blame] | 8 | // | 
| Mehdi Amini | 4cd5702 | 2016-04-01 04:30:16 +0000 | [diff] [blame] | 9 | // This code is taken from public domain | 
| Rui Ueyama | fe33661 | 2016-11-20 01:03:22 +0000 | [diff] [blame] | 10 | // (http://oauth.googlecode.com/svn/code/c/liboauth/src/sha1.c and | 
|  | 11 | // http://cvsweb.netbsd.org/bsdweb.cgi/src/common/lib/libc/hash/sha1/sha1.c?rev=1.6) | 
| Mehdi Amini | 4cd5702 | 2016-04-01 04:30:16 +0000 | [diff] [blame] | 12 | // and modified by wrapping it in a C++ interface for LLVM, | 
|  | 13 | // and removing unnecessary code. | 
|  | 14 | // | 
|  | 15 | //===----------------------------------------------------------------------===// | 
|  | 16 |  | 
|  | 17 | #include "llvm/Support/SHA1.h" | 
| Mehdi Amini | b550cb1 | 2016-04-18 09:17:29 +0000 | [diff] [blame] | 18 | #include "llvm/ADT/ArrayRef.h" | 
| Chandler Carruth | 6bda14b | 2017-06-06 11:49:48 +0000 | [diff] [blame] | 19 | #include "llvm/Support/Host.h" | 
| Eugene Zelenko | 1760dc2 | 2016-04-05 20:19:49 +0000 | [diff] [blame] | 20 | using namespace llvm; | 
| Mehdi Amini | 4cd5702 | 2016-04-01 04:30:16 +0000 | [diff] [blame] | 21 |  | 
| Duncan P. N. Exon Smith | 91d3cfe | 2016-04-05 20:45:04 +0000 | [diff] [blame] | 22 | #include <stdint.h> | 
|  | 23 | #include <string.h> | 
|  | 24 |  | 
| Mehdi Amini | 180441f | 2016-04-01 05:12:24 +0000 | [diff] [blame] | 25 | #if defined(BYTE_ORDER) && defined(BIG_ENDIAN) && BYTE_ORDER == BIG_ENDIAN | 
| Mehdi Amini | 4cd5702 | 2016-04-01 04:30:16 +0000 | [diff] [blame] | 26 | #define SHA_BIG_ENDIAN | 
|  | 27 | #endif | 
|  | 28 |  | 
| Rui Ueyama | 567d9c4 | 2016-11-20 01:15:56 +0000 | [diff] [blame] | 29 | static uint32_t rol(uint32_t Number, int Bits) { | 
|  | 30 | return (Number << Bits) | (Number >> (32 - Bits)); | 
| Rui Ueyama | 218072a9 | 2016-11-20 01:13:22 +0000 | [diff] [blame] | 31 | } | 
| Rui Ueyama | fe33661 | 2016-11-20 01:03:22 +0000 | [diff] [blame] | 32 |  | 
| Rui Ueyama | fe33661 | 2016-11-20 01:03:22 +0000 | [diff] [blame] | 33 | static uint32_t blk0(uint32_t *Buf, int I) { return Buf[I]; } | 
| Rui Ueyama | fe33661 | 2016-11-20 01:03:22 +0000 | [diff] [blame] | 34 |  | 
|  | 35 | static uint32_t blk(uint32_t *Buf, int I) { | 
|  | 36 | Buf[I & 15] = rol(Buf[(I + 13) & 15] ^ Buf[(I + 8) & 15] ^ Buf[(I + 2) & 15] ^ | 
|  | 37 | Buf[I & 15], | 
|  | 38 | 1); | 
|  | 39 | return Buf[I & 15]; | 
|  | 40 | } | 
|  | 41 |  | 
|  | 42 | static void r0(uint32_t &A, uint32_t &B, uint32_t &C, uint32_t &D, uint32_t &E, | 
|  | 43 | int I, uint32_t *Buf) { | 
|  | 44 | E += ((B & (C ^ D)) ^ D) + blk0(Buf, I) + 0x5A827999 + rol(A, 5); | 
|  | 45 | B = rol(B, 30); | 
|  | 46 | } | 
|  | 47 |  | 
|  | 48 | static void r1(uint32_t &A, uint32_t &B, uint32_t &C, uint32_t &D, uint32_t &E, | 
|  | 49 | int I, uint32_t *Buf) { | 
|  | 50 | E += ((B & (C ^ D)) ^ D) + blk(Buf, I) + 0x5A827999 + rol(A, 5); | 
|  | 51 | B = rol(B, 30); | 
|  | 52 | } | 
|  | 53 |  | 
|  | 54 | static void r2(uint32_t &A, uint32_t &B, uint32_t &C, uint32_t &D, uint32_t &E, | 
|  | 55 | int I, uint32_t *Buf) { | 
|  | 56 | E += (B ^ C ^ D) + blk(Buf, I) + 0x6ED9EBA1 + rol(A, 5); | 
|  | 57 | B = rol(B, 30); | 
|  | 58 | } | 
|  | 59 |  | 
|  | 60 | static void r3(uint32_t &A, uint32_t &B, uint32_t &C, uint32_t &D, uint32_t &E, | 
|  | 61 | int I, uint32_t *Buf) { | 
|  | 62 | E += (((B | C) & D) | (B & C)) + blk(Buf, I) + 0x8F1BBCDC + rol(A, 5); | 
|  | 63 | B = rol(B, 30); | 
|  | 64 | } | 
|  | 65 |  | 
|  | 66 | static void r4(uint32_t &A, uint32_t &B, uint32_t &C, uint32_t &D, uint32_t &E, | 
|  | 67 | int I, uint32_t *Buf) { | 
|  | 68 | E += (B ^ C ^ D) + blk(Buf, I) + 0xCA62C1D6 + rol(A, 5); | 
|  | 69 | B = rol(B, 30); | 
|  | 70 | } | 
|  | 71 |  | 
| Mehdi Amini | 4cd5702 | 2016-04-01 04:30:16 +0000 | [diff] [blame] | 72 | /* code */ | 
|  | 73 | #define SHA1_K0 0x5a827999 | 
|  | 74 | #define SHA1_K20 0x6ed9eba1 | 
|  | 75 | #define SHA1_K40 0x8f1bbcdc | 
|  | 76 | #define SHA1_K60 0xca62c1d6 | 
|  | 77 |  | 
|  | 78 | #define SEED_0 0x67452301 | 
|  | 79 | #define SEED_1 0xefcdab89 | 
|  | 80 | #define SEED_2 0x98badcfe | 
|  | 81 | #define SEED_3 0x10325476 | 
|  | 82 | #define SEED_4 0xc3d2e1f0 | 
|  | 83 |  | 
|  | 84 | void SHA1::init() { | 
|  | 85 | InternalState.State[0] = SEED_0; | 
|  | 86 | InternalState.State[1] = SEED_1; | 
|  | 87 | InternalState.State[2] = SEED_2; | 
|  | 88 | InternalState.State[3] = SEED_3; | 
|  | 89 | InternalState.State[4] = SEED_4; | 
|  | 90 | InternalState.ByteCount = 0; | 
|  | 91 | InternalState.BufferOffset = 0; | 
|  | 92 | } | 
|  | 93 |  | 
| Mehdi Amini | 4cd5702 | 2016-04-01 04:30:16 +0000 | [diff] [blame] | 94 | void SHA1::hashBlock() { | 
| Rui Ueyama | fe33661 | 2016-11-20 01:03:22 +0000 | [diff] [blame] | 95 | uint32_t A = InternalState.State[0]; | 
|  | 96 | uint32_t B = InternalState.State[1]; | 
|  | 97 | uint32_t C = InternalState.State[2]; | 
|  | 98 | uint32_t D = InternalState.State[3]; | 
|  | 99 | uint32_t E = InternalState.State[4]; | 
| Mehdi Amini | 4cd5702 | 2016-04-01 04:30:16 +0000 | [diff] [blame] | 100 |  | 
| Rui Ueyama | fe33661 | 2016-11-20 01:03:22 +0000 | [diff] [blame] | 101 | // 4 rounds of 20 operations each. Loop unrolled. | 
|  | 102 | r0(A, B, C, D, E, 0, InternalState.Buffer.L); | 
|  | 103 | r0(E, A, B, C, D, 1, InternalState.Buffer.L); | 
|  | 104 | r0(D, E, A, B, C, 2, InternalState.Buffer.L); | 
|  | 105 | r0(C, D, E, A, B, 3, InternalState.Buffer.L); | 
|  | 106 | r0(B, C, D, E, A, 4, InternalState.Buffer.L); | 
|  | 107 | r0(A, B, C, D, E, 5, InternalState.Buffer.L); | 
|  | 108 | r0(E, A, B, C, D, 6, InternalState.Buffer.L); | 
|  | 109 | r0(D, E, A, B, C, 7, InternalState.Buffer.L); | 
|  | 110 | r0(C, D, E, A, B, 8, InternalState.Buffer.L); | 
|  | 111 | r0(B, C, D, E, A, 9, InternalState.Buffer.L); | 
|  | 112 | r0(A, B, C, D, E, 10, InternalState.Buffer.L); | 
|  | 113 | r0(E, A, B, C, D, 11, InternalState.Buffer.L); | 
|  | 114 | r0(D, E, A, B, C, 12, InternalState.Buffer.L); | 
|  | 115 | r0(C, D, E, A, B, 13, InternalState.Buffer.L); | 
|  | 116 | r0(B, C, D, E, A, 14, InternalState.Buffer.L); | 
|  | 117 | r0(A, B, C, D, E, 15, InternalState.Buffer.L); | 
|  | 118 | r1(E, A, B, C, D, 16, InternalState.Buffer.L); | 
|  | 119 | r1(D, E, A, B, C, 17, InternalState.Buffer.L); | 
|  | 120 | r1(C, D, E, A, B, 18, InternalState.Buffer.L); | 
|  | 121 | r1(B, C, D, E, A, 19, InternalState.Buffer.L); | 
|  | 122 |  | 
|  | 123 | r2(A, B, C, D, E, 20, InternalState.Buffer.L); | 
|  | 124 | r2(E, A, B, C, D, 21, InternalState.Buffer.L); | 
|  | 125 | r2(D, E, A, B, C, 22, InternalState.Buffer.L); | 
|  | 126 | r2(C, D, E, A, B, 23, InternalState.Buffer.L); | 
|  | 127 | r2(B, C, D, E, A, 24, InternalState.Buffer.L); | 
|  | 128 | r2(A, B, C, D, E, 25, InternalState.Buffer.L); | 
|  | 129 | r2(E, A, B, C, D, 26, InternalState.Buffer.L); | 
|  | 130 | r2(D, E, A, B, C, 27, InternalState.Buffer.L); | 
|  | 131 | r2(C, D, E, A, B, 28, InternalState.Buffer.L); | 
|  | 132 | r2(B, C, D, E, A, 29, InternalState.Buffer.L); | 
|  | 133 | r2(A, B, C, D, E, 30, InternalState.Buffer.L); | 
|  | 134 | r2(E, A, B, C, D, 31, InternalState.Buffer.L); | 
|  | 135 | r2(D, E, A, B, C, 32, InternalState.Buffer.L); | 
|  | 136 | r2(C, D, E, A, B, 33, InternalState.Buffer.L); | 
|  | 137 | r2(B, C, D, E, A, 34, InternalState.Buffer.L); | 
|  | 138 | r2(A, B, C, D, E, 35, InternalState.Buffer.L); | 
|  | 139 | r2(E, A, B, C, D, 36, InternalState.Buffer.L); | 
|  | 140 | r2(D, E, A, B, C, 37, InternalState.Buffer.L); | 
|  | 141 | r2(C, D, E, A, B, 38, InternalState.Buffer.L); | 
|  | 142 | r2(B, C, D, E, A, 39, InternalState.Buffer.L); | 
|  | 143 |  | 
|  | 144 | r3(A, B, C, D, E, 40, InternalState.Buffer.L); | 
|  | 145 | r3(E, A, B, C, D, 41, InternalState.Buffer.L); | 
|  | 146 | r3(D, E, A, B, C, 42, InternalState.Buffer.L); | 
|  | 147 | r3(C, D, E, A, B, 43, InternalState.Buffer.L); | 
|  | 148 | r3(B, C, D, E, A, 44, InternalState.Buffer.L); | 
|  | 149 | r3(A, B, C, D, E, 45, InternalState.Buffer.L); | 
|  | 150 | r3(E, A, B, C, D, 46, InternalState.Buffer.L); | 
|  | 151 | r3(D, E, A, B, C, 47, InternalState.Buffer.L); | 
|  | 152 | r3(C, D, E, A, B, 48, InternalState.Buffer.L); | 
|  | 153 | r3(B, C, D, E, A, 49, InternalState.Buffer.L); | 
|  | 154 | r3(A, B, C, D, E, 50, InternalState.Buffer.L); | 
|  | 155 | r3(E, A, B, C, D, 51, InternalState.Buffer.L); | 
|  | 156 | r3(D, E, A, B, C, 52, InternalState.Buffer.L); | 
|  | 157 | r3(C, D, E, A, B, 53, InternalState.Buffer.L); | 
|  | 158 | r3(B, C, D, E, A, 54, InternalState.Buffer.L); | 
|  | 159 | r3(A, B, C, D, E, 55, InternalState.Buffer.L); | 
|  | 160 | r3(E, A, B, C, D, 56, InternalState.Buffer.L); | 
|  | 161 | r3(D, E, A, B, C, 57, InternalState.Buffer.L); | 
|  | 162 | r3(C, D, E, A, B, 58, InternalState.Buffer.L); | 
|  | 163 | r3(B, C, D, E, A, 59, InternalState.Buffer.L); | 
|  | 164 |  | 
|  | 165 | r4(A, B, C, D, E, 60, InternalState.Buffer.L); | 
|  | 166 | r4(E, A, B, C, D, 61, InternalState.Buffer.L); | 
|  | 167 | r4(D, E, A, B, C, 62, InternalState.Buffer.L); | 
|  | 168 | r4(C, D, E, A, B, 63, InternalState.Buffer.L); | 
|  | 169 | r4(B, C, D, E, A, 64, InternalState.Buffer.L); | 
|  | 170 | r4(A, B, C, D, E, 65, InternalState.Buffer.L); | 
|  | 171 | r4(E, A, B, C, D, 66, InternalState.Buffer.L); | 
|  | 172 | r4(D, E, A, B, C, 67, InternalState.Buffer.L); | 
|  | 173 | r4(C, D, E, A, B, 68, InternalState.Buffer.L); | 
|  | 174 | r4(B, C, D, E, A, 69, InternalState.Buffer.L); | 
|  | 175 | r4(A, B, C, D, E, 70, InternalState.Buffer.L); | 
|  | 176 | r4(E, A, B, C, D, 71, InternalState.Buffer.L); | 
|  | 177 | r4(D, E, A, B, C, 72, InternalState.Buffer.L); | 
|  | 178 | r4(C, D, E, A, B, 73, InternalState.Buffer.L); | 
|  | 179 | r4(B, C, D, E, A, 74, InternalState.Buffer.L); | 
|  | 180 | r4(A, B, C, D, E, 75, InternalState.Buffer.L); | 
|  | 181 | r4(E, A, B, C, D, 76, InternalState.Buffer.L); | 
|  | 182 | r4(D, E, A, B, C, 77, InternalState.Buffer.L); | 
|  | 183 | r4(C, D, E, A, B, 78, InternalState.Buffer.L); | 
|  | 184 | r4(B, C, D, E, A, 79, InternalState.Buffer.L); | 
|  | 185 |  | 
|  | 186 | InternalState.State[0] += A; | 
|  | 187 | InternalState.State[1] += B; | 
|  | 188 | InternalState.State[2] += C; | 
|  | 189 | InternalState.State[3] += D; | 
|  | 190 | InternalState.State[4] += E; | 
| Mehdi Amini | 4cd5702 | 2016-04-01 04:30:16 +0000 | [diff] [blame] | 191 | } | 
|  | 192 |  | 
| Rui Ueyama | 567d9c4 | 2016-11-20 01:15:56 +0000 | [diff] [blame] | 193 | void SHA1::addUncounted(uint8_t Data) { | 
| Mehdi Amini | 4cd5702 | 2016-04-01 04:30:16 +0000 | [diff] [blame] | 194 | #ifdef SHA_BIG_ENDIAN | 
| Rui Ueyama | 567d9c4 | 2016-11-20 01:15:56 +0000 | [diff] [blame] | 195 | InternalState.Buffer.C[InternalState.BufferOffset] = Data; | 
| Mehdi Amini | 4cd5702 | 2016-04-01 04:30:16 +0000 | [diff] [blame] | 196 | #else | 
| Rui Ueyama | 567d9c4 | 2016-11-20 01:15:56 +0000 | [diff] [blame] | 197 | InternalState.Buffer.C[InternalState.BufferOffset ^ 3] = Data; | 
| Mehdi Amini | 4cd5702 | 2016-04-01 04:30:16 +0000 | [diff] [blame] | 198 | #endif | 
| Rui Ueyama | fe33661 | 2016-11-20 01:03:22 +0000 | [diff] [blame] | 199 |  | 
| Mehdi Amini | 4cd5702 | 2016-04-01 04:30:16 +0000 | [diff] [blame] | 200 | InternalState.BufferOffset++; | 
|  | 201 | if (InternalState.BufferOffset == BLOCK_LENGTH) { | 
|  | 202 | hashBlock(); | 
|  | 203 | InternalState.BufferOffset = 0; | 
|  | 204 | } | 
|  | 205 | } | 
|  | 206 |  | 
| Rui Ueyama | 567d9c4 | 2016-11-20 01:15:56 +0000 | [diff] [blame] | 207 | void SHA1::writebyte(uint8_t Data) { | 
| Mehdi Amini | 4cd5702 | 2016-04-01 04:30:16 +0000 | [diff] [blame] | 208 | ++InternalState.ByteCount; | 
| Rui Ueyama | 567d9c4 | 2016-11-20 01:15:56 +0000 | [diff] [blame] | 209 | addUncounted(Data); | 
| Mehdi Amini | 4cd5702 | 2016-04-01 04:30:16 +0000 | [diff] [blame] | 210 | } | 
|  | 211 |  | 
|  | 212 | void SHA1::update(ArrayRef<uint8_t> Data) { | 
|  | 213 | for (auto &C : Data) | 
|  | 214 | writebyte(C); | 
|  | 215 | } | 
|  | 216 |  | 
|  | 217 | void SHA1::pad() { | 
| Mehdi Amini | 180441f | 2016-04-01 05:12:24 +0000 | [diff] [blame] | 218 | // Implement SHA-1 padding (fips180-2 5.1.1) | 
| Mehdi Amini | 4cd5702 | 2016-04-01 04:30:16 +0000 | [diff] [blame] | 219 |  | 
|  | 220 | // Pad with 0x80 followed by 0x00 until the end of the block | 
|  | 221 | addUncounted(0x80); | 
|  | 222 | while (InternalState.BufferOffset != 56) | 
|  | 223 | addUncounted(0x00); | 
|  | 224 |  | 
|  | 225 | // Append length in the last 8 bytes | 
|  | 226 | addUncounted(0); // We're only using 32 bit lengths | 
|  | 227 | addUncounted(0); // But SHA-1 supports 64 bit lengths | 
|  | 228 | addUncounted(0); // So zero pad the top bits | 
|  | 229 | addUncounted(InternalState.ByteCount >> 29); // Shifting to multiply by 8 | 
|  | 230 | addUncounted(InternalState.ByteCount >> | 
|  | 231 | 21); // as SHA-1 supports bitstreams as well as | 
|  | 232 | addUncounted(InternalState.ByteCount >> 13); // byte. | 
|  | 233 | addUncounted(InternalState.ByteCount >> 5); | 
|  | 234 | addUncounted(InternalState.ByteCount << 3); | 
|  | 235 | } | 
|  | 236 |  | 
|  | 237 | StringRef SHA1::final() { | 
|  | 238 | // Pad to complete the last block | 
|  | 239 | pad(); | 
|  | 240 |  | 
|  | 241 | #ifdef SHA_BIG_ENDIAN | 
|  | 242 | // Just copy the current state | 
|  | 243 | for (int i = 0; i < 5; i++) { | 
|  | 244 | HashResult[i] = InternalState.State[i]; | 
|  | 245 | } | 
|  | 246 | #else | 
|  | 247 | // Swap byte order back | 
|  | 248 | for (int i = 0; i < 5; i++) { | 
|  | 249 | HashResult[i] = (((InternalState.State[i]) << 24) & 0xff000000) | | 
|  | 250 | (((InternalState.State[i]) << 8) & 0x00ff0000) | | 
|  | 251 | (((InternalState.State[i]) >> 8) & 0x0000ff00) | | 
|  | 252 | (((InternalState.State[i]) >> 24) & 0x000000ff); | 
|  | 253 | } | 
|  | 254 | #endif | 
|  | 255 |  | 
|  | 256 | // Return pointer to hash (20 characters) | 
|  | 257 | return StringRef((char *)HashResult, HASH_LENGTH); | 
|  | 258 | } | 
|  | 259 |  | 
|  | 260 | StringRef SHA1::result() { | 
|  | 261 | auto StateToRestore = InternalState; | 
|  | 262 |  | 
|  | 263 | auto Hash = final(); | 
|  | 264 |  | 
|  | 265 | // Restore the state | 
|  | 266 | InternalState = StateToRestore; | 
|  | 267 |  | 
|  | 268 | // Return pointer to hash (20 characters) | 
|  | 269 | return Hash; | 
|  | 270 | } | 
| Rui Ueyama | 877c26c | 2016-11-23 00:46:09 +0000 | [diff] [blame] | 271 |  | 
|  | 272 | std::array<uint8_t, 20> SHA1::hash(ArrayRef<uint8_t> Data) { | 
|  | 273 | SHA1 Hash; | 
|  | 274 | Hash.update(Data); | 
| Rui Ueyama | c464fad | 2016-11-23 03:58:12 +0000 | [diff] [blame] | 275 | StringRef S = Hash.final(); | 
| Rui Ueyama | 877c26c | 2016-11-23 00:46:09 +0000 | [diff] [blame] | 276 |  | 
|  | 277 | std::array<uint8_t, 20> Arr; | 
|  | 278 | memcpy(Arr.data(), S.data(), S.size()); | 
|  | 279 | return Arr; | 
|  | 280 | } |