180 lines
4.9 KiB
C
180 lines
4.9 KiB
C
/*
|
|
* sha1.h
|
|
*
|
|
* interface to the Secure Hash Algorithm v.1 (SHA-1), specified in
|
|
* FIPS 180-1
|
|
*
|
|
* David A. McGrew
|
|
* Cisco Systems, Inc.
|
|
*/
|
|
|
|
/*
|
|
*
|
|
* Copyright (c) 2001-2017, Cisco Systems, Inc.
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
*
|
|
* Redistributions in binary form must reproduce the above
|
|
* copyright notice, this list of conditions and the following
|
|
* disclaimer in the documentation and/or other materials provided
|
|
* with the distribution.
|
|
*
|
|
* Neither the name of the Cisco Systems, Inc. nor the names of its
|
|
* contributors may be used to endorse or promote products derived
|
|
* from this software without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
|
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*
|
|
*/
|
|
|
|
#ifndef SHA1_H
|
|
#define SHA1_H
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include <config.h>
|
|
#endif
|
|
|
|
#include "err.h"
|
|
#ifdef OPENSSL
|
|
#include <openssl/evp.h>
|
|
#include <stdint.h>
|
|
#else
|
|
#include "datatypes.h"
|
|
#endif
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
#ifdef OPENSSL
|
|
|
|
/*
|
|
* srtp_sha1_init(&ctx) initializes the SHA1 context ctx
|
|
*
|
|
* srtp_sha1_update(&ctx, msg, len) hashes the len octets starting at msg
|
|
* into the SHA1 context
|
|
*
|
|
* srtp_sha1_final(&ctx, output) performs the final processing of the SHA1
|
|
* context and writes the result to the 20 octets at output
|
|
*
|
|
* Return values are ignored on the EVP functions since all three
|
|
* of these functions return void.
|
|
*
|
|
*/
|
|
|
|
/* OpenSSL 1.1.0 made EVP_MD_CTX an opaque structure, which must be allocated
|
|
using EVP_MD_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */
|
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
|
|
typedef EVP_MD_CTX srtp_sha1_ctx_t;
|
|
|
|
static inline void srtp_sha1_init (srtp_sha1_ctx_t *ctx)
|
|
{
|
|
EVP_MD_CTX_init(ctx);
|
|
EVP_DigestInit(ctx, EVP_sha1());
|
|
}
|
|
|
|
static inline void srtp_sha1_update (srtp_sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg)
|
|
{
|
|
EVP_DigestUpdate(ctx, M, octets_in_msg);
|
|
}
|
|
|
|
static inline void srtp_sha1_final (srtp_sha1_ctx_t *ctx, uint32_t *output)
|
|
{
|
|
unsigned int len = 0;
|
|
|
|
EVP_DigestFinal(ctx, (unsigned char*)output, &len);
|
|
EVP_MD_CTX_cleanup(ctx);
|
|
}
|
|
|
|
#else
|
|
|
|
typedef EVP_MD_CTX* srtp_sha1_ctx_t;
|
|
|
|
static inline void srtp_sha1_init (srtp_sha1_ctx_t *ctx)
|
|
{
|
|
*ctx = EVP_MD_CTX_new();
|
|
EVP_DigestInit(*ctx, EVP_sha1());
|
|
}
|
|
|
|
static inline void srtp_sha1_update (srtp_sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg)
|
|
{
|
|
EVP_DigestUpdate(*ctx, M, octets_in_msg);
|
|
}
|
|
|
|
static inline void srtp_sha1_final (srtp_sha1_ctx_t *ctx, uint32_t *output)
|
|
{
|
|
unsigned int len = 0;
|
|
|
|
EVP_DigestFinal(*ctx, (unsigned char*)output, &len);
|
|
EVP_MD_CTX_free(*ctx);
|
|
}
|
|
#endif
|
|
|
|
#else
|
|
|
|
typedef struct {
|
|
uint32_t H[5]; /* state vector */
|
|
uint32_t M[16]; /* message buffer */
|
|
int octets_in_buffer; /* octets of message in buffer */
|
|
uint32_t num_bits_in_msg; /* total number of bits in message */
|
|
} srtp_sha1_ctx_t;
|
|
|
|
|
|
/*
|
|
* srtp_sha1_init(&ctx) initializes the SHA1 context ctx
|
|
*
|
|
* srtp_sha1_update(&ctx, msg, len) hashes the len octets starting at msg
|
|
* into the SHA1 context
|
|
*
|
|
* srtp_sha1_final(&ctx, output) performs the final processing of the SHA1
|
|
* context and writes the result to the 20 octets at output
|
|
*
|
|
*/
|
|
void srtp_sha1_init(srtp_sha1_ctx_t *ctx);
|
|
|
|
void srtp_sha1_update(srtp_sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg);
|
|
|
|
void srtp_sha1_final(srtp_sha1_ctx_t * ctx, uint32_t output[5]);
|
|
|
|
/*
|
|
* The srtp_sha1_core function is INTERNAL to SHA-1, but it is declared
|
|
* here because it is also used by the cipher SEAL 3.0 in its key
|
|
* setup algorithm.
|
|
*/
|
|
|
|
/*
|
|
* srtp_sha1_core(M, H) computes the core sha1 compression function, where M is
|
|
* the next part of the message and H is the intermediate state {H0,
|
|
* H1, ...}
|
|
*
|
|
* this function does not do any of the padding required in the
|
|
* complete sha1 function
|
|
*/
|
|
void srtp_sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
|
|
|
|
#endif /* else OPENSSL */
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* SHA1_H */
|