blob: bba949c4843de4cac39a0a6ac20aae5cc030c01c [file] [log] [blame]
// Copyright 2015-2016 Brian Smith.
// Copyright 2016 Simon Sapin.
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
use crate::polyfill;
use core::{self, num::Wrapping};
use libc::size_t;
pub const BLOCK_LEN: usize = 512 / 8;
pub const CHAINING_LEN: usize = 160 / 8;
pub const OUTPUT_LEN: usize = 160 / 8;
const CHAINING_WORDS: usize = CHAINING_LEN / 4;
type W32 = Wrapping<u32>;
#[inline]
fn ch(x: W32, y: W32, z: W32) -> W32 { (x & y) | (!x & z) }
#[inline]
fn parity(x: W32, y: W32, z: W32) -> W32 { x ^ y ^ z }
#[inline]
fn maj(x: W32, y: W32, z: W32) -> W32 { (x & y) | (x & z) | (y & z) }
/// The main purpose in retaining this is to support legacy protocols and OCSP,
/// none of which need a fast SHA-1 implementation.
/// This implementation therefore favors size and simplicity over speed.
/// Unlike SHA-256, SHA-384, and SHA-512,
/// there is no assembly language implementation.
pub(super) unsafe extern "C" fn block_data_order(
state: &mut super::State, data: *const u8, num: size_t,
) {
let data = data as *const [[u8; 4]; 16];
let blocks = core::slice::from_raw_parts(data, num);
block_data_order_safe(&mut state.as32, blocks)
}
#[inline(always)]
fn block_data_order_safe(state: &mut [Wrapping<u32>; 256 / 32], blocks: &[[[u8; 4]; 16]]) {
let state = &mut state[..CHAINING_WORDS];
let mut w: [W32; 80] = [Wrapping(0); 80];
for block in blocks {
for t in 0..16 {
w[t] = Wrapping(polyfill::slice::u32_from_be_u8(block[t]))
}
for t in 16..80 {
let wt = w[t - 3] ^ w[t - 8] ^ w[t - 14] ^ w[t - 16];
w[t] = polyfill::wrapping_rotate_left_u32(wt, 1);
}
let mut a = state[0];
let mut b = state[1];
let mut c = state[2];
let mut d = state[3];
let mut e = state[4];
for t in 0..80 {
let (k, f) = match t {
0..=19 => (0x5a827999, ch(b, c, d)),
20..=39 => (0x6ed9eba1, parity(b, c, d)),
40..=59 => (0x8f1bbcdc, maj(b, c, d)),
60..=79 => (0xca62c1d6, parity(b, c, d)),
_ => unreachable!(),
};
let tt = polyfill::wrapping_rotate_left_u32(a, 5) + f + e + Wrapping(k) + w[t];
e = d;
d = c;
c = polyfill::wrapping_rotate_left_u32(b, 30);
b = a;
a = tt;
}
state[0] = state[0] + a;
state[1] = state[1] + b;
state[2] = state[2] + c;
state[3] = state[3] + d;
state[4] = state[4] + e;
}
}