Home | History | Annotate | Download | only in sha1 
      1 // Copyright 2009 The Go Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style
      3 // license that can be found in the LICENSE file.
      4 
      5 // Package sha1 implements the SHA1 hash algorithm as defined in RFC 3174.
      6 package sha1
      7 
      8 import (
      9 	"crypto"
     10 	"hash"
     11 )
     12 
     13 func init() {
     14 	crypto.RegisterHash(crypto.SHA1, New)
     15 }
     16 
     17 // The size of a SHA1 checksum in bytes.
     18 const Size = 20
     19 
     20 // The blocksize of SHA1 in bytes.
     21 const BlockSize = 64
     22 
     23 const (
     24 	chunk = 64
     25 	init0 = 0x67452301
     26 	init1 = 0xEFCDAB89
     27 	init2 = 0x98BADCFE
     28 	init3 = 0x10325476
     29 	init4 = 0xC3D2E1F0
     30 )
     31 
     32 // digest represents the partial evaluation of a checksum.
     33 type digest struct {
     34 	h   [5]uint32
     35 	x   [chunk]byte
     36 	nx  int
     37 	len uint64
     38 }
     39 
     40 func (d *digest) Reset() {
     41 	d.h[0] = init0
     42 	d.h[1] = init1
     43 	d.h[2] = init2
     44 	d.h[3] = init3
     45 	d.h[4] = init4
     46 	d.nx = 0
     47 	d.len = 0
     48 }
     49 
     50 // New returns a new hash.Hash computing the SHA1 checksum.
     51 func New() hash.Hash {
     52 	d := new(digest)
     53 	d.Reset()
     54 	return d
     55 }
     56 
     57 func (d *digest) Size() int { return Size }
     58 
     59 func (d *digest) BlockSize() int { return BlockSize }
     60 
     61 func (d *digest) Write(p []byte) (nn int, err error) {
     62 	nn = len(p)
     63 	d.len += uint64(nn)
     64 	if d.nx > 0 {
     65 		n := copy(d.x[d.nx:], p)
     66 		d.nx += n
     67 		if d.nx == chunk {
     68 			block(d, d.x[:])
     69 			d.nx = 0
     70 		}
     71 		p = p[n:]
     72 	}
     73 	if len(p) >= chunk {
     74 		n := len(p) &^ (chunk - 1)
     75 		block(d, p[:n])
     76 		p = p[n:]
     77 	}
     78 	if len(p) > 0 {
     79 		d.nx = copy(d.x[:], p)
     80 	}
     81 	return
     82 }
     83 
     84 func (d0 *digest) Sum(in []byte) []byte {
     85 	// Make a copy of d0 so that caller can keep writing and summing.
     86 	d := *d0
     87 	hash := d.checkSum()
     88 	return append(in, hash[:]...)
     89 }
     90 
     91 func (d *digest) checkSum() [Size]byte {
     92 	len := d.len
     93 	// Padding.  Add a 1 bit and 0 bits until 56 bytes mod 64.
     94 	var tmp [64]byte
     95 	tmp[0] = 0x80
     96 	if len%64 < 56 {
     97 		d.Write(tmp[0 : 56-len%64])
     98 	} else {
     99 		d.Write(tmp[0 : 64+56-len%64])
    100 	}
    101 
    102 	// Length in bits.
    103 	len <<= 3
    104 	for i := uint(0); i < 8; i++ {
    105 		tmp[i] = byte(len >> (56 - 8*i))
    106 	}
    107 	d.Write(tmp[0:8])
    108 
    109 	if d.nx != 0 {
    110 		panic("d.nx != 0")
    111 	}
    112 
    113 	var digest [Size]byte
    114 	for i, s := range d.h {
    115 		digest[i*4] = byte(s >> 24)
    116 		digest[i*4+1] = byte(s >> 16)
    117 		digest[i*4+2] = byte(s >> 8)
    118 		digest[i*4+3] = byte(s)
    119 	}
    120 
    121 	return digest
    122 }
    123 
    124 // ConstantTimeSum computes the same result of Sum() but in constant time
    125 func (d0 *digest) ConstantTimeSum(in []byte) []byte {
    126 	d := *d0
    127 	hash := d.constSum()
    128 	return append(in, hash[:]...)
    129 }
    130 
    131 func (d *digest) constSum() [Size]byte {
    132 	var length [8]byte
    133 	l := d.len << 3
    134 	for i := uint(0); i < 8; i++ {
    135 		length[i] = byte(l >> (56 - 8*i))
    136 	}
    137 
    138 	nx := byte(d.nx)
    139 	t := nx - 56                 // if nx < 56 then the MSB of t is one
    140 	mask1b := byte(int8(t) >> 7) // mask1b is 0xFF iff one block is enough
    141 
    142 	separator := byte(0x80) // gets reset to 0x00 once used
    143 	for i := byte(0); i < chunk; i++ {
    144 		mask := byte(int8(i-nx) >> 7) // 0x00 after the end of data
    145 
    146 		// if we reached the end of the data, replace with 0x80 or 0x00
    147 		d.x[i] = (^mask & separator) | (mask & d.x[i])
    148 
    149 		// zero the separator once used
    150 		separator &= mask
    151 
    152 		if i >= 56 {
    153 			// we might have to write the length here if all fit in one block
    154 			d.x[i] |= mask1b & length[i-56]
    155 		}
    156 	}
    157 
    158 	// compress, and only keep the digest if all fit in one block
    159 	block(d, d.x[:])
    160 
    161 	var digest [Size]byte
    162 	for i, s := range d.h {
    163 		digest[i*4] = mask1b & byte(s>>24)
    164 		digest[i*4+1] = mask1b & byte(s>>16)
    165 		digest[i*4+2] = mask1b & byte(s>>8)
    166 		digest[i*4+3] = mask1b & byte(s)
    167 	}
    168 
    169 	for i := byte(0); i < chunk; i++ {
    170 		// second block, it's always past the end of data, might start with 0x80
    171 		if i < 56 {
    172 			d.x[i] = separator
    173 			separator = 0
    174 		} else {
    175 			d.x[i] = length[i-56]
    176 		}
    177 	}
    178 
    179 	// compress, and only keep the digest if we actually needed the second block
    180 	block(d, d.x[:])
    181 
    182 	for i, s := range d.h {
    183 		digest[i*4] |= ^mask1b & byte(s>>24)
    184 		digest[i*4+1] |= ^mask1b & byte(s>>16)
    185 		digest[i*4+2] |= ^mask1b & byte(s>>8)
    186 		digest[i*4+3] |= ^mask1b & byte(s)
    187 	}
    188 
    189 	return digest
    190 }
    191 
    192 // Sum returns the SHA1 checksum of the data.
    193 func Sum(data []byte) [Size]byte {
    194 	var d digest
    195 	d.Reset()
    196 	d.Write(data)
    197 	return d.checkSum()
    198 }
    199