Initial revision

author: zautrix <zautrix> 2004-10-19 20:16:14 (UTC)
committer: zautrix <zautrix> 2004-10-19 20:16:14 (UTC)
commit: eca49bb06a71980ef61d078904573f25890fc7f2 (patch) (unidiff)
tree: c5338e3b12430248979a9ac2c1c7e6646ea9ecdf /pwmanager/libcrypt/cipher/sha1.c
parent: 53cc32b6e7b1f672bf91b2baf2df6c1e8baf3e0a (diff)
download: kdepimpi-eca49bb06a71980ef61d078904573f25890fc7f2.zip
kdepimpi-eca49bb06a71980ef61d078904573f25890fc7f2.tar.gz
kdepimpi-eca49bb06a71980ef61d078904573f25890fc7f2.tar.bz2
1 files changed, 368 insertions, 0 deletions
diff --git a/pwmanager/libcrypt/cipher/sha1.c b/pwmanager/libcrypt/cipher/sha1.c
new file mode 100644
index 0000000..1f31443
--- a/dev/null
+++ b/pwmanager/libcrypt/cipher/sha1.c
@@ -0,0 +1,368 @@
+/* sha1.c - SHA1 hash function
+         *Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+/*  Test vectors:
+ *
+ *  "abc"
+ *  A999 3E36 4706 816A BA3E  2571 7850 C26C 9CD0 D89D
+ *
+ *  "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ *  8498 3E44 1C3B D26E BAAE  4AA1 F951 29E5 E546 70F1
+ */
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include "g10lib.h"
+#include "memory.h"
+#include "bithelp.h"
+#include "cipher.h"
+typedef struct {
+    u32  h0,h1,h2,h3,h4;
+    u32  nblocks;
+    byte buf[64];
+    int  count;
+} SHA1_CONTEXT;
+static void
+sha1_init (void *context)
+{
+  SHA1_CONTEXT *hd = context;
+  hd->h0 = 0x67452301;
+  hd->h1 = 0xefcdab89;
+  hd->h2 = 0x98badcfe;
+  hd->h3 = 0x10325476;
+  hd->h4 = 0xc3d2e1f0;
+  hd->nblocks = 0;
+  hd->count = 0;
+}
+/****************
+ * Transform the message X which consists of 16 32-bit-words
+ */
+static void
+transform( SHA1_CONTEXT *hd, byte *data )
+{
+  register u32 a,b,c,d,e,tm;
+  u32 x[16];
+  /* Get values from the chaining vars. */
+  a = hd->h0;
+  b = hd->h1;
+  c = hd->h2;
+  d = hd->h3;
+  e = hd->h4;
+#ifdef WORDS_BIGENDIAN
+  memcpy( x, data, 64 );
+#else
+  {
+    int i;
+    byte *p2;
+    for(i=0, p2=(byte*)x; i < 16; i++, p2 += 4 )
+      {
+        p2[3] = *data++;
+        p2[2] = *data++;
+        p2[1] = *data++;
+        p2[0] = *data++;
+      }
+  }
+#endif
+#define K1  0x5A827999L
+#define K2  0x6ED9EBA1L
+#define K3  0x8F1BBCDCL
+#define K4  0xCA62C1D6L
+#define F1(x,y,z)   ( z ^ ( x & ( y ^ z ) ) )
+#define F2(x,y,z)   ( x ^ y ^ z )
+#define F3(x,y,z)   ( ( x & y ) | ( z & ( x | y ) ) )
+#define F4(x,y,z)   ( x ^ y ^ z )
+#define M(i) ( tm =   x[i&0x0f] ^ x[(i-14)&0x0f] \
+                    ^ x[(i-8)&0x0f] ^ x[(i-3)&0x0f] \
+               , (x[i&0x0f] = rol(tm, 1)) )
+#define R(a,b,c,d,e,f,k,m)  do { e += rol( a, 5 )     \
+                                      + f( b, c, d )  \
+                                              + k      \
+                                              + m;      \
+                                 b = rol( b, 30 );    \
+                               } while(0)
+  R( a, b, c, d, e, F1, K1, x[ 0] );
+  R( e, a, b, c, d, F1, K1, x[ 1] );
+  R( d, e, a, b, c, F1, K1, x[ 2] );
+  R( c, d, e, a, b, F1, K1, x[ 3] );
+  R( b, c, d, e, a, F1, K1, x[ 4] );
+  R( a, b, c, d, e, F1, K1, x[ 5] );
+  R( e, a, b, c, d, F1, K1, x[ 6] );
+  R( d, e, a, b, c, F1, K1, x[ 7] );
+  R( c, d, e, a, b, F1, K1, x[ 8] );
+  R( b, c, d, e, a, F1, K1, x[ 9] );
+  R( a, b, c, d, e, F1, K1, x[10] );
+  R( e, a, b, c, d, F1, K1, x[11] );
+  R( d, e, a, b, c, F1, K1, x[12] );
+  R( c, d, e, a, b, F1, K1, x[13] );
+  R( b, c, d, e, a, F1, K1, x[14] );
+  R( a, b, c, d, e, F1, K1, x[15] );
+  R( e, a, b, c, d, F1, K1, M(16) );
+  R( d, e, a, b, c, F1, K1, M(17) );
+  R( c, d, e, a, b, F1, K1, M(18) );
+  R( b, c, d, e, a, F1, K1, M(19) );
+  R( a, b, c, d, e, F2, K2, M(20) );
+  R( e, a, b, c, d, F2, K2, M(21) );
+  R( d, e, a, b, c, F2, K2, M(22) );
+  R( c, d, e, a, b, F2, K2, M(23) );
+  R( b, c, d, e, a, F2, K2, M(24) );
+  R( a, b, c, d, e, F2, K2, M(25) );
+  R( e, a, b, c, d, F2, K2, M(26) );
+  R( d, e, a, b, c, F2, K2, M(27) );
+  R( c, d, e, a, b, F2, K2, M(28) );
+  R( b, c, d, e, a, F2, K2, M(29) );
+  R( a, b, c, d, e, F2, K2, M(30) );
+  R( e, a, b, c, d, F2, K2, M(31) );
+  R( d, e, a, b, c, F2, K2, M(32) );
+  R( c, d, e, a, b, F2, K2, M(33) );
+  R( b, c, d, e, a, F2, K2, M(34) );
+  R( a, b, c, d, e, F2, K2, M(35) );
+  R( e, a, b, c, d, F2, K2, M(36) );
+  R( d, e, a, b, c, F2, K2, M(37) );
+  R( c, d, e, a, b, F2, K2, M(38) );
+  R( b, c, d, e, a, F2, K2, M(39) );
+  R( a, b, c, d, e, F3, K3, M(40) );
+  R( e, a, b, c, d, F3, K3, M(41) );
+  R( d, e, a, b, c, F3, K3, M(42) );
+  R( c, d, e, a, b, F3, K3, M(43) );
+  R( b, c, d, e, a, F3, K3, M(44) );
+  R( a, b, c, d, e, F3, K3, M(45) );
+  R( e, a, b, c, d, F3, K3, M(46) );
+  R( d, e, a, b, c, F3, K3, M(47) );
+  R( c, d, e, a, b, F3, K3, M(48) );
+  R( b, c, d, e, a, F3, K3, M(49) );
+  R( a, b, c, d, e, F3, K3, M(50) );
+  R( e, a, b, c, d, F3, K3, M(51) );
+  R( d, e, a, b, c, F3, K3, M(52) );
+  R( c, d, e, a, b, F3, K3, M(53) );
+  R( b, c, d, e, a, F3, K3, M(54) );
+  R( a, b, c, d, e, F3, K3, M(55) );
+  R( e, a, b, c, d, F3, K3, M(56) );
+  R( d, e, a, b, c, F3, K3, M(57) );
+  R( c, d, e, a, b, F3, K3, M(58) );
+  R( b, c, d, e, a, F3, K3, M(59) );
+  R( a, b, c, d, e, F4, K4, M(60) );
+  R( e, a, b, c, d, F4, K4, M(61) );
+  R( d, e, a, b, c, F4, K4, M(62) );
+  R( c, d, e, a, b, F4, K4, M(63) );
+  R( b, c, d, e, a, F4, K4, M(64) );
+  R( a, b, c, d, e, F4, K4, M(65) );
+  R( e, a, b, c, d, F4, K4, M(66) );
+  R( d, e, a, b, c, F4, K4, M(67) );
+  R( c, d, e, a, b, F4, K4, M(68) );
+  R( b, c, d, e, a, F4, K4, M(69) );
+  R( a, b, c, d, e, F4, K4, M(70) );
+  R( e, a, b, c, d, F4, K4, M(71) );
+  R( d, e, a, b, c, F4, K4, M(72) );
+  R( c, d, e, a, b, F4, K4, M(73) );
+  R( b, c, d, e, a, F4, K4, M(74) );
+  R( a, b, c, d, e, F4, K4, M(75) );
+  R( e, a, b, c, d, F4, K4, M(76) );
+  R( d, e, a, b, c, F4, K4, M(77) );
+  R( c, d, e, a, b, F4, K4, M(78) );
+  R( b, c, d, e, a, F4, K4, M(79) );
+  /* Update chaining vars. */
+  hd->h0 += a;
+  hd->h1 += b;
+  hd->h2 += c;
+  hd->h3 += d;
+  hd->h4 += e;
+}
+/* Update the message digest with the contents
+ * of INBUF with length INLEN.
+ */
+static void
+sha1_write( void *context, byte *inbuf, size_t inlen)
+{
+  SHA1_CONTEXT *hd = context;
+  if( hd->count == 64 )  /* flush the buffer */
+    {
+      transform( hd, hd->buf );
+      _gcry_burn_stack (88+4*sizeof(void*));
+      hd->count = 0;
+      hd->nblocks++;
+    }
+  if( !inbuf )
+    return;
+  if( hd->count )
+    {
+      for( ; inlen && hd->count < 64; inlen-- )
+        hd->buf[hd->count++] = *inbuf++;
+      sha1_write( hd, NULL, 0 );
+      if( !inlen )
+        return;
+    }
+  while( inlen >= 64 ) 
+    {
+      transform( hd, inbuf );
+      hd->count = 0;
+      hd->nblocks++;
+      inlen -= 64;
+      inbuf += 64;
+    }
+  _gcry_burn_stack (88+4*sizeof(void*));
+  for( ; inlen && hd->count < 64; inlen-- )
+    hd->buf[hd->count++] = *inbuf++;
+}
+/* The routine final terminates the computation and
+ * returns the digest.
+ * The handle is prepared for a new cycle, but adding bytes to the
+ * handle will the destroy the returned buffer.
+ * Returns: 20 bytes representing the digest.
+ */
+static void
+sha1_final(void *context)
+{
+  SHA1_CONTEXT *hd = context;
+  
+  u32 t, msb, lsb;
+  byte *p;
+  sha1_write(hd, NULL, 0); /* flush */;
+  t = hd->nblocks;
+  /* multiply by 64 to make a byte count */
+  lsb = t << 6;
+  msb = t >> 26;
+  /* add the count */
+  t = lsb;
+  if( (lsb += hd->count) < t )
+    msb++;
+  /* multiply by 8 to make a bit count */
+  t = lsb;
+  lsb <<= 3;
+  msb <<= 3;
+  msb |= t >> 29;
+  if( hd->count < 56 )  /* enough room */
+    {
+      hd->buf[hd->count++] = 0x80; /* pad */
+      while( hd->count < 56 )
+        hd->buf[hd->count++] = 0;  /* pad */
+    }
+  else  /* need one extra block */
+    {
+      hd->buf[hd->count++] = 0x80; /* pad character */
+      while( hd->count < 64 )
+        hd->buf[hd->count++] = 0;
+      sha1_write(hd, NULL, 0);  /* flush */;
+      memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+    }
+  /* append the 64 bit count */
+  hd->buf[56] = msb >> 24;
+  hd->buf[57] = msb >> 16;
+  hd->buf[58] = msb >>  8;
+          hd->buf[59] = msb   ;
+  hd->buf[60] = lsb >> 24;
+  hd->buf[61] = lsb >> 16;
+  hd->buf[62] = lsb >>  8;
+          hd->buf[63] = lsb   ;
+  transform( hd, hd->buf );
+  _gcry_burn_stack (88+4*sizeof(void*));
+  p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
+#else /* little endian */
+        #define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16; \
+                  *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)
+#endif
+  X(0);
+  X(1);
+  X(2);
+  X(3);
+  X(4);
+#undef X
+}
+static byte *
+sha1_read( void *context )
+{
+  SHA1_CONTEXT *hd = context;
+  return hd->buf;
+}
+/****************
+ * Shortcut functions which puts the hash value of the supplied buffer
+ * into outbuf which must have a size of 20 bytes.
+ */
+void
+_gcry_sha1_hash_buffer (char *outbuf, const char *buffer, size_t length)
+{
+  SHA1_CONTEXT hd;
+  sha1_init (&hd);
+  sha1_write (&hd, (byte*)buffer, length);
+  sha1_final (&hd);
+  memcpy (outbuf, hd.buf, 20);
+}
+static byte asn[15] = /* Object ID is 1.3.14.3.2.26 */
+  { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
+    0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
+static gcry_md_oid_spec_t oid_spec_sha1[] =
+  {
+    /* iso.member-body.us.rsadsi.pkcs.pkcs-1.5 (sha1WithRSAEncryption) */
+    { "1.2.840.113549.1.1.5" },
+    /* iso.member-body.us.x9-57.x9cm.3 (dsaWithSha1)*/
+    { "1.2.840.10040.4.3" },
+    /* from NIST's OIW  (sha1) */
+    { "1.3.14.3.2.26" },
+    /* from NIST OIW (sha-1WithRSAEncryption) */
+    { "1.3.14.3.2.29" },
+    { NULL },
+  };
+gcry_md_spec_t _gcry_digest_spec_sha1 =
+  {
+    "SHA1", asn, DIM (asn), oid_spec_sha1, 20,
+    sha1_init, sha1_write, sha1_final, sha1_read,
+    sizeof (SHA1_CONTEXT)
+  };
author	zautrix <zautrix>	2004-10-19 20:16:14 (UTC)
committer	zautrix <zautrix>	2004-10-19 20:16:14 (UTC)
commit	eca49bb06a71980ef61d078904573f25890fc7f2 (patch) (unidiff)
tree	c5338e3b12430248979a9ac2c1c7e6646ea9ecdf /pwmanager/libcrypt/cipher/sha1.c
parent	53cc32b6e7b1f672bf91b2baf2df6c1e8baf3e0a (diff)
download	kdepimpi-eca49bb06a71980ef61d078904573f25890fc7f2.zip kdepimpi-eca49bb06a71980ef61d078904573f25890fc7f2.tar.gz kdepimpi-eca49bb06a71980ef61d078904573f25890fc7f2.tar.bz2

diff --git a/pwmanager/libcrypt/cipher/sha1.c b/pwmanager/libcrypt/cipher/sha1.c new file mode 100644 index 0000000..1f31443 --- a/dev/null +++ b/pwmanager/libcrypt/cipher/sha1.c
@@ -0,0 +1,368 @@
	1	/* sha1.c - SHA1 hash function
	2	*Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
	3	*
	4	* This file is part of Libgcrypt.
	5	*
	6	* Libgcrypt is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU Lesser General Public License as
	8	* published by the Free Software Foundation; either version 2.1 of
	9	* the License, or (at your option) any later version.
	10	*
	11	* Libgcrypt is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	* GNU Lesser General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU Lesser General Public
	17	* License along with this program; if not, write to the Free Software
	18	* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
	19	*/
	20
	21
	22	/* Test vectors:
	23	*
	24	* "abc"
	25	* A999 3E36 4706 816A BA3E 2571 7850 C26C 9CD0 D89D
	26	*
	27	* "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
	28	* 8498 3E44 1C3B D26E BAAE 4AA1 F951 29E5 E546 70F1
	29	*/
	30
	31
	32	#include <config.h>
	33	#include <stdio.h>
	34	#include <stdlib.h>
	35	#include <string.h>
	36	#include <assert.h>
	37	#include "g10lib.h"
	38	#include "memory.h"
	39	#include "bithelp.h"
	40	#include "cipher.h"
	41
	42	typedef struct {
	43	u32 h0,h1,h2,h3,h4;
	44	u32 nblocks;
	45	byte buf[64];
	46	int count;
	47	} SHA1_CONTEXT;
	48
	49
	50	static void
	51	sha1_init (void *context)
	52	{
	53	SHA1_CONTEXT *hd = context;
	54
	55	hd->h0 = 0x67452301;
	56	hd->h1 = 0xefcdab89;
	57	hd->h2 = 0x98badcfe;
	58	hd->h3 = 0x10325476;
	59	hd->h4 = 0xc3d2e1f0;
	60	hd->nblocks = 0;
	61	hd->count = 0;
	62	}
	63
	64
	65	/****************
	66	* Transform the message X which consists of 16 32-bit-words
	67	*/
	68	static void
	69	transform( SHA1_CONTEXT hd, byte data )
	70	{
	71	register u32 a,b,c,d,e,tm;
	72	u32 x[16];
	73
	74	/* Get values from the chaining vars. */
	75	a = hd->h0;
	76	b = hd->h1;
	77	c = hd->h2;
	78	d = hd->h3;
	79	e = hd->h4;
	80
	81	#ifdef WORDS_BIGENDIAN
	82	memcpy( x, data, 64 );
	83	#else
	84	{
	85	int i;
	86	byte *p2;
	87	for(i=0, p2=(byte*)x; i < 16; i++, p2 += 4 )
	88	{
	89	p2[3] = *data++;
	90	p2[2] = *data++;
	91	p2[1] = *data++;
	92	p2[0] = *data++;
	93	}
	94	}
	95	#endif
	96
	97
	98	#define K1 0x5A827999L
	99	#define K2 0x6ED9EBA1L
	100	#define K3 0x8F1BBCDCL
	101	#define K4 0xCA62C1D6L
	102	#define F1(x,y,z) ( z ^ ( x & ( y ^ z ) ) )
	103	#define F2(x,y,z) ( x ^ y ^ z )
	104	#define F3(x,y,z) ( ( x & y ) \| ( z & ( x \| y ) ) )
	105	#define F4(x,y,z) ( x ^ y ^ z )
	106
	107
	108	#define M(i) ( tm = x[i&0x0f] ^ x[(i-14)&0x0f] \
	109	^ x[(i-8)&0x0f] ^ x[(i-3)&0x0f] \
	110	, (x[i&0x0f] = rol(tm, 1)) )
	111
	112	#define R(a,b,c,d,e,f,k,m) do { e += rol( a, 5 ) \
	113	+ f( b, c, d ) \
	114	+ k \
	115	+ m; \
	116	b = rol( b, 30 ); \
	117	} while(0)
	118	R( a, b, c, d, e, F1, K1, x[ 0] );
	119	R( e, a, b, c, d, F1, K1, x[ 1] );
	120	R( d, e, a, b, c, F1, K1, x[ 2] );
	121	R( c, d, e, a, b, F1, K1, x[ 3] );
	122	R( b, c, d, e, a, F1, K1, x[ 4] );
	123	R( a, b, c, d, e, F1, K1, x[ 5] );
	124	R( e, a, b, c, d, F1, K1, x[ 6] );
	125	R( d, e, a, b, c, F1, K1, x[ 7] );
	126	R( c, d, e, a, b, F1, K1, x[ 8] );
	127	R( b, c, d, e, a, F1, K1, x[ 9] );
	128	R( a, b, c, d, e, F1, K1, x[10] );
	129	R( e, a, b, c, d, F1, K1, x[11] );
	130	R( d, e, a, b, c, F1, K1, x[12] );
	131	R( c, d, e, a, b, F1, K1, x[13] );
	132	R( b, c, d, e, a, F1, K1, x[14] );
	133	R( a, b, c, d, e, F1, K1, x[15] );
	134	R( e, a, b, c, d, F1, K1, M(16) );
	135	R( d, e, a, b, c, F1, K1, M(17) );
	136	R( c, d, e, a, b, F1, K1, M(18) );
	137	R( b, c, d, e, a, F1, K1, M(19) );
	138	R( a, b, c, d, e, F2, K2, M(20) );
	139	R( e, a, b, c, d, F2, K2, M(21) );
	140	R( d, e, a, b, c, F2, K2, M(22) );
	141	R( c, d, e, a, b, F2, K2, M(23) );
	142	R( b, c, d, e, a, F2, K2, M(24) );
	143	R( a, b, c, d, e, F2, K2, M(25) );
	144	R( e, a, b, c, d, F2, K2, M(26) );
	145	R( d, e, a, b, c, F2, K2, M(27) );
	146	R( c, d, e, a, b, F2, K2, M(28) );
	147	R( b, c, d, e, a, F2, K2, M(29) );
	148	R( a, b, c, d, e, F2, K2, M(30) );
	149	R( e, a, b, c, d, F2, K2, M(31) );
	150	R( d, e, a, b, c, F2, K2, M(32) );
	151	R( c, d, e, a, b, F2, K2, M(33) );
	152	R( b, c, d, e, a, F2, K2, M(34) );
	153	R( a, b, c, d, e, F2, K2, M(35) );
	154	R( e, a, b, c, d, F2, K2, M(36) );
	155	R( d, e, a, b, c, F2, K2, M(37) );
	156	R( c, d, e, a, b, F2, K2, M(38) );
	157	R( b, c, d, e, a, F2, K2, M(39) );
	158	R( a, b, c, d, e, F3, K3, M(40) );
	159	R( e, a, b, c, d, F3, K3, M(41) );
	160	R( d, e, a, b, c, F3, K3, M(42) );
	161	R( c, d, e, a, b, F3, K3, M(43) );
	162	R( b, c, d, e, a, F3, K3, M(44) );
	163	R( a, b, c, d, e, F3, K3, M(45) );
	164	R( e, a, b, c, d, F3, K3, M(46) );
	165	R( d, e, a, b, c, F3, K3, M(47) );
	166	R( c, d, e, a, b, F3, K3, M(48) );
	167	R( b, c, d, e, a, F3, K3, M(49) );
	168	R( a, b, c, d, e, F3, K3, M(50) );
	169	R( e, a, b, c, d, F3, K3, M(51) );
	170	R( d, e, a, b, c, F3, K3, M(52) );
	171	R( c, d, e, a, b, F3, K3, M(53) );
	172	R( b, c, d, e, a, F3, K3, M(54) );
	173	R( a, b, c, d, e, F3, K3, M(55) );
	174	R( e, a, b, c, d, F3, K3, M(56) );
	175	R( d, e, a, b, c, F3, K3, M(57) );
	176	R( c, d, e, a, b, F3, K3, M(58) );
	177	R( b, c, d, e, a, F3, K3, M(59) );
	178	R( a, b, c, d, e, F4, K4, M(60) );
	179	R( e, a, b, c, d, F4, K4, M(61) );
	180	R( d, e, a, b, c, F4, K4, M(62) );
	181	R( c, d, e, a, b, F4, K4, M(63) );
	182	R( b, c, d, e, a, F4, K4, M(64) );
	183	R( a, b, c, d, e, F4, K4, M(65) );
	184	R( e, a, b, c, d, F4, K4, M(66) );
	185	R( d, e, a, b, c, F4, K4, M(67) );
	186	R( c, d, e, a, b, F4, K4, M(68) );
	187	R( b, c, d, e, a, F4, K4, M(69) );
	188	R( a, b, c, d, e, F4, K4, M(70) );
	189	R( e, a, b, c, d, F4, K4, M(71) );
	190	R( d, e, a, b, c, F4, K4, M(72) );
	191	R( c, d, e, a, b, F4, K4, M(73) );
	192	R( b, c, d, e, a, F4, K4, M(74) );
	193	R( a, b, c, d, e, F4, K4, M(75) );
	194	R( e, a, b, c, d, F4, K4, M(76) );
	195	R( d, e, a, b, c, F4, K4, M(77) );
	196	R( c, d, e, a, b, F4, K4, M(78) );
	197	R( b, c, d, e, a, F4, K4, M(79) );
	198
	199	/* Update chaining vars. */
	200	hd->h0 += a;
	201	hd->h1 += b;
	202	hd->h2 += c;
	203	hd->h3 += d;
	204	hd->h4 += e;
	205	}
	206
	207
	208	/* Update the message digest with the contents
	209	* of INBUF with length INLEN.
	210	*/
	211	static void
	212	sha1_write( void context, byte inbuf, size_t inlen)
	213	{
	214	SHA1_CONTEXT *hd = context;
	215
	216	if( hd->count == 64 ) /* flush the buffer */
	217	{
	218	transform( hd, hd->buf );
	219	_gcry_burn_stack (88+4sizeof(void));
	220	hd->count = 0;
	221	hd->nblocks++;
	222	}
	223	if( !inbuf )
	224	return;
	225
	226	if( hd->count )
	227	{
	228	for( ; inlen && hd->count < 64; inlen-- )
	229	hd->buf[hd->count++] = *inbuf++;
	230	sha1_write( hd, NULL, 0 );
	231	if( !inlen )
	232	return;
	233	}
	234
	235	while( inlen >= 64 )
	236	{
	237	transform( hd, inbuf );
	238	hd->count = 0;
	239	hd->nblocks++;
	240	inlen -= 64;
	241	inbuf += 64;
	242	}
	243	_gcry_burn_stack (88+4sizeof(void));
	244	for( ; inlen && hd->count < 64; inlen-- )
	245	hd->buf[hd->count++] = *inbuf++;
	246	}
	247
	248
	249	/* The routine final terminates the computation and
	250	* returns the digest.
	251	* The handle is prepared for a new cycle, but adding bytes to the
	252	* handle will the destroy the returned buffer.
	253	* Returns: 20 bytes representing the digest.
	254	*/
	255
	256	static void
	257	sha1_final(void *context)
	258	{
	259	SHA1_CONTEXT *hd = context;
	260
	261	u32 t, msb, lsb;
	262	byte *p;
	263
	264	sha1_write(hd, NULL, 0); /* flush */;
	265
	266	t = hd->nblocks;
	267	/* multiply by 64 to make a byte count */
	268	lsb = t << 6;
	269	msb = t >> 26;
	270	/* add the count */
	271	t = lsb;
	272	if( (lsb += hd->count) < t )
	273	msb++;
	274	/* multiply by 8 to make a bit count */
	275	t = lsb;
	276	lsb <<= 3;
	277	msb <<= 3;
	278	msb \|= t >> 29;
	279
	280	if( hd->count < 56 ) /* enough room */
	281	{
	282	hd->buf[hd->count++] = 0x80; /* pad */
	283	while( hd->count < 56 )
	284	hd->buf[hd->count++] = 0; /* pad */
	285	}
	286	else /* need one extra block */
	287	{
	288	hd->buf[hd->count++] = 0x80; /* pad character */
	289	while( hd->count < 64 )
	290	hd->buf[hd->count++] = 0;
	291	sha1_write(hd, NULL, 0); /* flush */;
	292	memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
	293	}
	294	/* append the 64 bit count */
	295	hd->buf[56] = msb >> 24;
	296	hd->buf[57] = msb >> 16;
	297	hd->buf[58] = msb >> 8;
	298	hd->buf[59] = msb ;
	299	hd->buf[60] = lsb >> 24;
	300	hd->buf[61] = lsb >> 16;
	301	hd->buf[62] = lsb >> 8;
	302	hd->buf[63] = lsb ;
	303	transform( hd, hd->buf );
	304	_gcry_burn_stack (88+4sizeof(void));
	305
	306	p = hd->buf;
	307	#ifdef WORDS_BIGENDIAN
	308	#define X(a) do { (u32)p = hd->h##a ; p += 4; } while(0)
	309	#else /* little endian */
	310	#define X(a) do { p++ = hd->h##a >> 24; p++ = hd->h##a >> 16; \
	311	p++ = hd->h##a >> 8; p++ = hd->h##a; } while(0)
	312	#endif
	313	X(0);
	314	X(1);
	315	X(2);
	316	X(3);
	317	X(4);
	318	#undef X
	319
	320	}
	321
	322	static byte *
	323	sha1_read( void *context )
	324	{
	325	SHA1_CONTEXT *hd = context;
	326
	327	return hd->buf;
	328	}
	329
	330	/****************
	331	* Shortcut functions which puts the hash value of the supplied buffer
	332	* into outbuf which must have a size of 20 bytes.
	333	*/
	334	void
	335	_gcry_sha1_hash_buffer (char outbuf, const char buffer, size_t length)
	336	{
	337	SHA1_CONTEXT hd;
	338
	339	sha1_init (&hd);
	340	sha1_write (&hd, (byte*)buffer, length);
	341	sha1_final (&hd);
	342	memcpy (outbuf, hd.buf, 20);
	343	}
	344
	345
	346	static byte asn[15] = /* Object ID is 1.3.14.3.2.26 */
	347	{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
	348	0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
	349
	350	static gcry_md_oid_spec_t oid_spec_sha1[] =
	351	{
	352	/* iso.member-body.us.rsadsi.pkcs.pkcs-1.5 (sha1WithRSAEncryption) */
	353	{ "1.2.840.113549.1.1.5" },
	354	/* iso.member-body.us.x9-57.x9cm.3 (dsaWithSha1)*/
	355	{ "1.2.840.10040.4.3" },
	356	/* from NIST's OIW (sha1) */
	357	{ "1.3.14.3.2.26" },
	358	/* from NIST OIW (sha-1WithRSAEncryption) */
	359	{ "1.3.14.3.2.29" },
	360	{ NULL },
	361	};
	362
	363	gcry_md_spec_t _gcry_digest_spec_sha1 =
	364	{
	365	"SHA1", asn, DIM (asn), oid_spec_sha1, 20,
	366	sha1_init, sha1_write, sha1_final, sha1_read,
	367	sizeof (SHA1_CONTEXT)
	368	};