Home | History | Annotate | Download | only in wtf 
      1 /*
      2  * Copyright (C) 2011 Google Inc. All rights reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions are
      6  * met:
      7  *
      8  *     * Redistributions of source code must retain the above copyright
      9  * notice, this list of conditions and the following disclaimer.
     10  *     * Redistributions in binary form must reproduce the above
     11  * copyright notice, this list of conditions and the following disclaimer
     12  * in the documentation and/or other materials provided with the
     13  * distribution.
     14  *     * Neither the name of Google Inc. nor the names of its
     15  * contributors may be used to endorse or promote products derived from
     16  * this software without specific prior written permission.
     17  *
     18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
     21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
     22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
     24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     29  */
     30 
     31 // A straightforward SHA-1 implementation based on RFC 3174.
     32 // http://www.ietf.org/rfc/rfc3174.txt
     33 // The names of functions and variables (such as "a", "b", and "f") follow notations in RFC 3174.
     34 
     35 #include "config.h"
     36 #include "SHA1.h"
     37 
     38 #include "Assertions.h"
     39 #ifndef NDEBUG
     40 #include "StringExtras.h"
     41 #include "text/CString.h"
     42 #endif
     43 
     44 namespace WTF {
     45 
     46 #ifdef NDEBUG
     47 static inline void testSHA1() { }
     48 #else
     49 static bool isTestSHA1Done;
     50 
     51 static void expectSHA1(CString input, int repeat, CString expected)
     52 {
     53     SHA1 sha1;
     54     for (int i = 0; i < repeat; ++i)
     55         sha1.addBytes(reinterpret_cast<const uint8_t*>(input.data()), input.length());
     56     Vector<uint8_t, 20> digest;
     57     sha1.computeHash(digest);
     58     char* buffer = 0;
     59     CString actual = CString::newUninitialized(40, buffer);
     60     for (size_t i = 0; i < 20; ++i) {
     61         snprintf(buffer, 3, "%02X", digest.at(i));
     62         buffer += 2;
     63     }
     64     ASSERT_WITH_MESSAGE(actual == expected, "input: %s, repeat: %d, actual: %s, expected: %s", input.data(), repeat, actual.data(), expected.data());
     65 }
     66 
     67 static void testSHA1()
     68 {
     69     if (isTestSHA1Done)
     70         return;
     71     isTestSHA1Done = true;
     72 
     73     // Examples taken from sample code in RFC 3174.
     74     expectSHA1("abc", 1, "A9993E364706816ABA3E25717850C26C9CD0D89D");
     75     expectSHA1("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 1, "84983E441C3BD26EBAAE4AA1F95129E5E54670F1");
     76     expectSHA1("a", 1000000, "34AA973CD4C4DAA4F61EEB2BDBAD27316534016F");
     77     expectSHA1("0123456701234567012345670123456701234567012345670123456701234567", 10, "DEA356A2CDDD90C7A7ECEDC5EBB563934F460452");
     78 }
     79 #endif
     80 
     81 static inline uint32_t f(int t, uint32_t b, uint32_t c, uint32_t d)
     82 {
     83     ASSERT(t >= 0 && t < 80);
     84     if (t < 20)
     85         return (b & c) | ((~b) & d);
     86     if (t < 40)
     87         return b ^ c ^ d;
     88     if (t < 60)
     89         return (b & c) | (b & d) | (c & d);
     90     return b ^ c ^ d;
     91 }
     92 
     93 static inline uint32_t k(int t)
     94 {
     95     ASSERT(t >= 0 && t < 80);
     96     if (t < 20)
     97         return 0x5a827999;
     98     if (t < 40)
     99         return 0x6ed9eba1;
    100     if (t < 60)
    101         return 0x8f1bbcdc;
    102     return 0xca62c1d6;
    103 }
    104 
    105 static inline uint32_t rotateLeft(int n, uint32_t x)
    106 {
    107     ASSERT(n >= 0 && n < 32);
    108     return (x << n) | (x >> (32 - n));
    109 }
    110 
    111 SHA1::SHA1()
    112 {
    113     // FIXME: Move unit tests somewhere outside the constructor. See bug 55853.
    114     testSHA1();
    115     reset();
    116 }
    117 
    118 void SHA1::addBytes(const uint8_t* input, size_t length)
    119 {
    120     while (length--) {
    121         ASSERT(m_cursor < 64);
    122         m_buffer[m_cursor++] = *input++;
    123         ++m_totalBytes;
    124         if (m_cursor == 64)
    125             processBlock();
    126     }
    127 }
    128 
    129 void SHA1::computeHash(Vector<uint8_t, 20>& digest)
    130 {
    131     finalize();
    132 
    133     digest.clear();
    134     digest.resize(20);
    135     for (size_t i = 0; i < 5; ++i) {
    136         // Treat hashValue as a big-endian value.
    137         uint32_t hashValue = m_hash[i];
    138         for (int j = 0; j < 4; ++j) {
    139             digest[4 * i + (3 - j)] = hashValue & 0xFF;
    140             hashValue >>= 8;
    141         }
    142     }
    143 
    144     reset();
    145 }
    146 
    147 void SHA1::finalize()
    148 {
    149     ASSERT(m_cursor < 64);
    150     m_buffer[m_cursor++] = 0x80;
    151     if (m_cursor > 56) {
    152         // Pad out to next block.
    153         while (m_cursor < 64)
    154             m_buffer[m_cursor++] = 0x00;
    155         processBlock();
    156     }
    157 
    158     for (size_t i = m_cursor; i < 56; ++i)
    159         m_buffer[i] = 0x00;
    160 
    161     // Write the length as a big-endian 64-bit value.
    162     uint64_t bits = m_totalBytes * 8;
    163     for (int i = 0; i < 8; ++i) {
    164         m_buffer[56 + (7 - i)] = bits & 0xFF;
    165         bits >>= 8;
    166     }
    167     m_cursor = 64;
    168     processBlock();
    169 }
    170 
    171 void SHA1::processBlock()
    172 {
    173     ASSERT(m_cursor == 64);
    174 
    175     uint32_t w[80] = { 0 };
    176     for (int t = 0; t < 16; ++t)
    177         w[t] = (m_buffer[t * 4] << 24) | (m_buffer[t * 4 + 1] << 16) | (m_buffer[t * 4 + 2] << 8) | m_buffer[t * 4 + 3];
    178     for (int t = 16; t < 80; ++t)
    179         w[t] = rotateLeft(1, w[t - 3] ^ w[t - 8] ^ w[t - 14] ^ w[t - 16]);
    180 
    181     uint32_t a = m_hash[0];
    182     uint32_t b = m_hash[1];
    183     uint32_t c = m_hash[2];
    184     uint32_t d = m_hash[3];
    185     uint32_t e = m_hash[4];
    186 
    187     for (int t = 0; t < 80; ++t) {
    188         uint32_t temp = rotateLeft(5, a) + f(t, b, c, d) + e + w[t] + k(t);
    189         e = d;
    190         d = c;
    191         c = rotateLeft(30, b);
    192         b = a;
    193         a = temp;
    194     }
    195 
    196     m_hash[0] += a;
    197     m_hash[1] += b;
    198     m_hash[2] += c;
    199     m_hash[3] += d;
    200     m_hash[4] += e;
    201 
    202     m_cursor = 0;
    203 }
    204 
    205 void SHA1::reset()
    206 {
    207     m_cursor = 0;
    208     m_totalBytes = 0;
    209     m_hash[0] = 0x67452301;
    210     m_hash[1] = 0xefcdab89;
    211     m_hash[2] = 0x98badcfe;
    212     m_hash[3] = 0x10325476;
    213     m_hash[4] = 0xc3d2e1f0;
    214 
    215     // Clear the buffer after use in case it's sensitive.
    216     memset(m_buffer, 0, sizeof(m_buffer));
    217 }
    218 
    219 } // namespace WTF
    220