sha1.c

srtp 1.0.1 比较适用于头一次看。其他版本的有需要也可以传上来。

    TEMP = W[17]   ^ M[j+12] ^ M[j+6]  ^ M[j+4];  W[20] = S1(TEMP);
    TEMP = W[18]   ^ M[j+13] ^ M[j+7]  ^ M[j+5];  W[21] = S1(TEMP);
    TEMP = W[19]   ^ M[j+14] ^ M[j+8]  ^ M[j+6];  W[22] = S1(TEMP);
    TEMP = W[20]   ^ M[j+15] ^ M[j+9]  ^ M[j+7];  W[23] = S1(TEMP);
    TEMP = W[21]   ^ W[16]   ^ M[j+10] ^ M[j+8];  W[24] = S1(TEMP);
    TEMP = W[22]   ^ W[17]   ^ M[j+11] ^ M[j+9];  W[25] = S1(TEMP);
    TEMP = W[23]   ^ W[18]   ^ M[j+12] ^ M[j+10]; W[26] = S1(TEMP);
    TEMP = W[24]   ^ W[19]   ^ M[j+13] ^ M[j+11]; W[27] = S1(TEMP);
    TEMP = W[25]   ^ W[20]   ^ M[j+14] ^ M[j+12]; W[28] = S1(TEMP);
    TEMP = W[26]   ^ W[21]   ^ M[j+15] ^ M[j+13]; W[29] = S1(TEMP);
    TEMP = W[27]   ^ W[22]   ^ W[16]   ^ M[j+14]; W[30] = S1(TEMP);
    TEMP = W[28]   ^ W[23]   ^ W[17]   ^ M[j+15]; W[31] = S1(TEMP);

    /* process the remainder of the array */
    for (t=32; t < 80; t++) {
      TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
      W[t] = S1(TEMP);      
    }

    A = H0; B = H1; C = H2; D = H3; E = H4;

    for (t=0; t < 20; t++) {
      TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0;
      E = D; D = C; C = S30(B); B = A; A = TEMP;
    }
    for (   ; t < 40; t++) {
      TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1;
      E = D; D = C; C = S30(B); B = A; A = TEMP;
    }
    for (   ; t < 60; t++) {
      TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2;
      E = D; D = C; C = S30(B); B = A; A = TEMP;
    }
    for (   ; t < 80; t++) {
      TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3;
      E = D; D = C; C = S30(B); B = A; A = TEMP;
    }

    H0 += A;
    H1 += B;
    H2 += C;
    H3 += D;
    H4 += E;

    j += 16;  /* advance message pointer */   
  }

  /*
   * process the remaining octets_in_msg, padding and terminating as
   * necessary
   */
  {
    int tail = octets_in_msg % 4;
    
    /* copy/xor message into array */
    for (i=0; i < (octets_in_msg+3)/4; i++) 
      W[i]  = M[j+i];

#if PRINT_DEBUG
    printf("tail: %d\n", tail);
    printf("M[j+i-1]: %x\n", M[j+i-1]);
#endif    
    /* set the high bit of the octet immediately following the message */
    switch (tail) {
    case (3):
      W[i-1] = (M[j+i-1] & 0xffffff00) | 0x80;
      W[i] = 0x0;
      break;
    case (2):      
      W[i-1] = (M[j+i-1] & 0xffff0000) | 0x8000;
      W[i] = 0x0;
      break;
    case (1):
      W[i-1] = (M[j+i-1] & 0xff000000) | 0x800000;
      W[i] = 0x0;
      break;
    case (0):
      W[i] = 0x80000000;
      break;
    }
    
    /* zeroize remaining words */
    for (i++   ; i < 15; i++)
      W[i] = 0x0;

    /* 
     * if there is room at the end of the word array, then set the
     * last word to the bit-length of the message; otherwise, set that
     * word to zero and then we need to do one more run of the
     * compression algo.
     */
    if (octets_in_msg < 56) 
      W[15] = num_bits_in_msg;
    else
      W[15] = 0x0;

#if PRINT_DEBUG
    for (i=0; i < 16; i++)
      printf("@@@ W[%d]: %x\n", i, W[i]);
#endif
    /* process the word array */
    for (t=16; t < 80; t++) {
      TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
      W[t] = S1(TEMP);
    }

    A = H0; B = H1; C = H2; D = H3; E = H4;

    for (t=0; t < 20; t++) {
      TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0;
      E = D; D = C; C = S30(B); B = A; A = TEMP;
#if PRINT_DEBUG
      printf("%d: { %x%x%x%x%x } \n", t, A, B, C, D, E); 
#endif
    }
    for (   ; t < 40; t++) {
      TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1;
      E = D; D = C; C = S30(B); B = A; A = TEMP;
    }
    for (   ; t < 60; t++) {
      TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2;
      E = D; D = C; C = S30(B); B = A; A = TEMP;
    }
    for (   ; t < 80; t++) {
      TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3;
      E = D; D = C; C = S30(B); B = A; A = TEMP;
    }

    H0 += A;
    H1 += B;
    H2 += C;
    H3 += D;
    H4 += E;
  }

  if (octets_in_msg >= 56) {
    /* we need to do one final run of the compression algo */

    /* 
     * set initial part of word array to zeros, and set the 
     * final part to the number of bits in the message
     */
    for (i=0; i < 15; i++)
      W[i] = 0x0;
    W[15] = num_bits_in_msg;

#if PRINT_DEBUG
    printf("pass two ");
    for (i=0; i < 16; i++)
      printf("@@@ W[%d]: %x\n", i, W[i]);
#endif
    /* process the word array */
    for (t=16; t < 80; t++) {
      TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
      W[t] = S1(TEMP);
    }

    A = H0; B = H1; C = H2; D = H3; E = H4;

    for (t=0; t < 20; t++) {
      TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0;
      E = D; D = C; C = S30(B); B = A; A = TEMP;
#if PRINT_DEBUG
      printf("%d: { %x%x%x%x%x } \n", t, A, B, C, D, E); 
#endif
    }
    for (   ; t < 40; t++) {
      TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1;
      E = D; D = C; C = S30(B); B = A; A = TEMP;
    }
    for (   ; t < 60; t++) {
      TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2;
      E = D; D = C; C = S30(B); B = A; A = TEMP;
    }
    for (   ; t < 80; t++) {
      TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3;
      E = D; D = C; C = S30(B); B = A; A = TEMP;
    }

    H0 += A;
    H1 += B;
    H2 += C;
    H3 += D;
    H4 += E;
  }
  
  hash_value[0] = H0;
  hash_value[1] = H1;
  hash_value[2] = H2;
  hash_value[3] = H3;
  hash_value[4] = H4;

  return;
}



void
sha1_x(const uint32_t *M,  int octets_in_msg, uint32_t hash_value[5]) {
  uint32_t H[5] = { 
    0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0
  };

  sha1_compress(M, octets_in_msg, H);

  hash_value[0] = H[0];
  hash_value[1] = H[1];
  hash_value[2] = H[2];
  hash_value[3] = H[3];
  hash_value[4] = H[4];

}

void
hmac_sha1(uint32_t *key, int octets_in_key,
	  uint32_t *data, int octets_in_data, uint32_t hash_value[5]) {
  uint32_t ipad[16] = { 0x36363636, };
  uint32_t opad[16] = { 0x5c5c5c5c, };
  uint32_t H[5] = { 
    0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0
  };
  
  int i;

  /* exor key into ipad */
  for (i=0; i < (octets_in_key+3)/4; i++)
    ipad[i] ^= key[i];
  
  /* should mask last word of data ! DAM */

  /* run sha1 over that result concatenated with the data */
  /* hash ipad ^ key */
  sha1_compress(ipad, 64, H);
  
  /* hash message */
  sha1_compress(data, octets_in_data, H);

  /* exor key into opad */
  for (i=0; i < (octets_in_key+3)/4; i++)
    opad[i] ^= key[i];
 
  /* initialize hash context */
  hash_value[0] = 0x67452301;
  hash_value[1] = 0xefcdab89;
  hash_value[2] = 0x98badcfe;
  hash_value[3] = 0x10325476;
  hash_value[4] = 0xc3d2e1f0;
  
  /* hash opad ^ key  */
  sha1_compress(opad, 64, hash_value);

  /* hash the result of the inner hash */
  sha1_compress(H, 20, hash_value);

  /* the result is returned in the array hash_value[] */

  return;
}


/*
 * the function sha1_core(...), defined below, is used in SEAL 3.0
 *
 * the functions above should be re-written to use this function,
 * in order to save some code space
 */

/*
 *  sha1_core(M, H) computes the core compression function, where M is
 *  the next part of the message and H is the intermediate state {H0,
 *  H1, ...}
 *
 *  this function does not do any of the padding required in the
 *  complete SHA1 function
 */

void
sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
  uint32_t H0;
  uint32_t H1;
  uint32_t H2;
  uint32_t H3;
  uint32_t H4;
  uint32_t W[80];
  uint32_t A, B, C, D, E, TEMP;
  int t;

  /* copy hash_value into H0, H1, H2, H3, H4 */
  H0 = hash_value[0];
  H1 = hash_value[1];
  H2 = hash_value[2];
  H3 = hash_value[3];
  H4 = hash_value[4];

  /* copy/xor message into array */
  /* the first sixteen copies could be avoided, but I'm in a hurry */
    
  W[0]  = M[0];
  W[1]  = M[1];
  W[2]  = M[2];
  W[3]  = M[3];
  W[4]  = M[4];
  W[5]  = M[5];
  W[6]  = M[6];
  W[7]  = M[7];
  W[8]  = M[8];
  W[9]  = M[9];
  W[10] = M[10];
  W[11] = M[11];
  W[12] = M[12];
  W[13] = M[13];
  W[14] = M[14];
  W[15] = M[15];
  TEMP = M[13] ^ M[8]  ^ M[2]  ^ M[0];  W[16] = S1(TEMP);
  TEMP = M[14] ^ M[9]  ^ M[3]  ^ M[1];  W[17] = S1(TEMP);
  TEMP = M[15] ^ M[10] ^ M[4]  ^ M[2];  W[18] = S1(TEMP);
  TEMP = W[16] ^ M[11] ^ M[5]  ^ M[3];  W[19] = S1(TEMP);
  TEMP = W[17] ^ M[12] ^ M[6]  ^ M[4];  W[20] = S1(TEMP);
  TEMP = W[18] ^ M[13] ^ M[7]  ^ M[5];  W[21] = S1(TEMP);
  TEMP = W[19] ^ M[14] ^ M[8]  ^ M[6];  W[22] = S1(TEMP);
  TEMP = W[20] ^ M[15] ^ M[9]  ^ M[7];  W[23] = S1(TEMP);
  TEMP = W[21] ^ W[16] ^ M[10] ^ M[8];  W[24] = S1(TEMP);
  TEMP = W[22] ^ W[17] ^ M[11] ^ M[9];  W[25] = S1(TEMP);
  TEMP = W[23] ^ W[18] ^ M[12] ^ M[10]; W[26] = S1(TEMP);
  TEMP = W[24] ^ W[19] ^ M[13] ^ M[11]; W[27] = S1(TEMP);
  TEMP = W[25] ^ W[20] ^ M[14] ^ M[12]; W[28] = S1(TEMP);
  TEMP = W[26] ^ W[21] ^ M[15] ^ M[13]; W[29] = S1(TEMP);
  TEMP = W[27] ^ W[22] ^ W[16] ^ M[14]; W[30] = S1(TEMP);
  TEMP = W[28] ^ W[23] ^ W[17] ^ M[15]; W[31] = S1(TEMP);

  /* process the remainder of the array */
  for (t=32; t < 80; t++) {
    TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
    W[t] = S1(TEMP);      
  }

  A = H0; B = H1; C = H2; D = H3; E = H4;

  for (t=0; t < 20; t++) {
    TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0;
    E = D; D = C; C = S30(B); B = A; A = TEMP;
  }
  for (   ; t < 40; t++) {
    TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1;
    E = D; D = C; C = S30(B); B = A; A = TEMP;
  }
  for (   ; t < 60; t++) {
    TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2;
    E = D; D = C; C = S30(B); B = A; A = TEMP;
  }
  for (   ; t < 80; t++) {
    TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3;
    E = D; D = C; C = S30(B); B = A; A = TEMP;
  }

  hash_value[0] = H0 + A;
  hash_value[1] = H1 + B;
  hash_value[2] = H2 + C;
  hash_value[3] = H3 + D;
  hash_value[4] = H4 + E;

  return;
}