1 files changed, 434 insertions, 0 deletions
diff --git a/apps/plugins/lib/sha1.c b/apps/plugins/lib/sha1.c
new file mode 100644
index 0000000000..107c50256b
--- /dev/null
+++ b/apps/plugins/lib/sha1.c
@@ -0,0 +1,434 @@
+/* sha1.c - Functions to compute SHA1 message digest of files or
+   memory blocks according to the NIST specification FIPS-180-1.
+   Copyright (C) 2000, 2001, 2003, 2004, 2005, 2006 Free Software
+   Foundation, Inc.
+   This program is free software; you can redistribute it and/or modify it
+   under the terms of the GNU General Public License as published by the
+   Free Software Foundation; either version 2, or (at your option) any
+   later version.
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software Foundation,
+   Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.  */
+/* Written by Scott G. Miller
+   Credits:
+      Robert Klep <robert@ilse.nl>  -- Expansion function fix
+*/
+#include "plugin.h"
+#include "sha1.h"
+#ifdef WORDS_BIGENDIAN
+# define SWAP(n) (n)
+#else
+# define SWAP(n) \
+    (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
+#endif
+#define BLOCKSIZE 4096
+#if BLOCKSIZE % 64 != 0
+# error "invalid BLOCKSIZE"
+#endif
+/* This array contains the bytes used to pad the buffer to the next
+   64-byte boundary.  (RFC 1321, 3.1: Step 1)  */
+static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ...  */ };
+/* Take a pointer to a 160 bit block of data (five 32 bit ints) and
+   initialize it to the start constants of the SHA1 algorithm.  This
+   must be called before using hash in the call to sha1_hash.  */
+void
+sha1_init_ctx (struct sha1_ctx *ctx)
+{
+  ctx->A = 0x67452301;
+  ctx->B = 0xefcdab89;
+  ctx->C = 0x98badcfe;
+  ctx->D = 0x10325476;
+  ctx->E = 0xc3d2e1f0;
+  ctx->total[0] = ctx->total[1] = 0;
+  ctx->buflen = 0;
+}
+/* Put result from CTX in first 20 bytes following RESBUF.  The result
+   must be in little endian byte order.
+   IMPORTANT: On some systems it is required that RESBUF is correctly
+   aligned for a 32-bit value.  */
+void *
+sha1_read_ctx (const struct sha1_ctx *ctx, void *resbuf)
+{
+  ((uint32_t *) resbuf)[0] = SWAP (ctx->A);
+  ((uint32_t *) resbuf)[1] = SWAP (ctx->B);
+  ((uint32_t *) resbuf)[2] = SWAP (ctx->C);
+  ((uint32_t *) resbuf)[3] = SWAP (ctx->D);
+  ((uint32_t *) resbuf)[4] = SWAP (ctx->E);
+  return resbuf;
+}
+/* Process the remaining bytes in the internal buffer and the usual
+   prolog according to the standard and write the result to RESBUF.
+   IMPORTANT: On some systems it is required that RESBUF is correctly
+   aligned for a 32-bit value.  */
+void *
+sha1_finish_ctx (struct sha1_ctx *ctx, void *resbuf)
+{
+  /* Take yet unprocessed bytes into account.  */
+  uint32_t bytes = ctx->buflen;
+  size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4;
+  /* Now count remaining bytes.  */
+  ctx->total[0] += bytes;
+  if (ctx->total[0] < bytes)
+    ++ctx->total[1];
+  /* Put the 64-bit file length in *bits* at the end of the buffer.  */
+  ctx->buffer[size - 2] = SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29));
+  ctx->buffer[size - 1] = SWAP (ctx->total[0] << 3);
+  memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes);
+  /* Process last bytes.  */
+  sha1_process_block (ctx->buffer, size * 4, ctx);
+  return sha1_read_ctx (ctx, resbuf);
+}
+/* Compute SHA1 message digest for LEN bytes beginning at BUFFER.  The
+   result is always in little endian byte order, so that a byte-wise
+   output yields to the wanted ASCII representation of the message
+   digest.  */
+void *sha1_buffer (const char *buffer, size_t len, void *resblock)
+{
+  struct sha1_ctx ctx;
+  /* Initialize the computation context.  */
+  sha1_init_ctx (&ctx);
+  /* Process whole buffer but last len % 64 bytes.  */
+  sha1_process_bytes (buffer, len, &ctx);
+  /* Put result in desired memory area.  */
+  return sha1_finish_ctx (&ctx, resblock);
+}
+void
+sha1_process_bytes (const void *buffer, size_t len, struct sha1_ctx *ctx)
+{
+  /* When we already have some bits in our internal buffer concatenate
+     both inputs first.  */
+  if (ctx->buflen != 0)
+    {
+      size_t left_over = ctx->buflen;
+      size_t add = 128 - left_over > len ? len : 128 - left_over;
+      memcpy (&((char *) ctx->buffer)[left_over], buffer, add);
+      ctx->buflen += add;
+      if (ctx->buflen > 64)
+        {
+          sha1_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
+          ctx->buflen &= 63;
+          /* The regions in the following copy operation cannot overlap.  */
+          memcpy (ctx->buffer,
+                  &((char *) ctx->buffer)[(left_over + add) & ~63],
+                  ctx->buflen);
+        }
+      buffer = (const char *) buffer + add;
+      len -= add;
+    }
+  /* Process available complete blocks.  */
+  if (len >= 64)
+    {
+        {
+          sha1_process_block (buffer, len & ~63, ctx);
+          buffer = (const char *) buffer + (len & ~63);
+          len &= 63;
+        }
+    }
+  /* Move remaining bytes in internal buffer.  */
+  if (len > 0)
+    {
+      size_t left_over = ctx->buflen;
+      memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
+      left_over += len;
+      if (left_over >= 64)
+        {
+          sha1_process_block (ctx->buffer, 64, ctx);
+          left_over -= 64;
+          memcpy (ctx->buffer, &ctx->buffer[16], left_over);
+        }
+      ctx->buflen = left_over;
+    }
+}
+/* --- Code below is the primary difference between md5.c and sha1.c --- */
+/* SHA1 round constants */
+#define K1 0x5a827999
+#define K2 0x6ed9eba1
+#define K3 0x8f1bbcdc
+#define K4 0xca62c1d6
+/* Round functions.  Note that F2 is the same as F4.  */
+#define F1(B,C,D) ( D ^ ( B & ( C ^ D ) ) )
+#define F2(B,C,D) (B ^ C ^ D)
+#define F3(B,C,D) ( ( B & C ) | ( D & ( B | C ) ) )
+#define F4(B,C,D) (B ^ C ^ D)
+/* Process LEN bytes of BUFFER, accumulating context into CTX.
+   It is assumed that LEN % 64 == 0.
+   Most of this code comes from GnuPG's cipher/sha1.c.  */
+void
+sha1_process_block (const void *buffer, size_t len, struct sha1_ctx *ctx)
+{
+  const uint32_t *words = buffer;
+  size_t nwords = len / sizeof (uint32_t);
+  const uint32_t *endp = words + nwords;
+  uint32_t x[16];
+  uint32_t a = ctx->A;
+  uint32_t b = ctx->B;
+  uint32_t c = ctx->C;
+  uint32_t d = ctx->D;
+  uint32_t e = ctx->E;
+  /* First increment the byte count.  RFC 1321 specifies the possible
+     length of the file up to 2^64 bits.  Here we only compute the
+     number of bytes.  Do a double word increment.  */
+  ctx->total[0] += len;
+  if (ctx->total[0] < len)
+    ++ctx->total[1];
+#define rol(x, n) (((x) << (n)) | ((uint32_t) (x) >> (32 - (n))))
+#define M(I) ( tm =   x[I&0x0f] ^ x[(I-14)&0x0f] \
+                    ^ x[(I-8)&0x0f] ^ x[(I-3)&0x0f] \
+               , (x[I&0x0f] = rol(tm, 1)) )
+#define R(A,B,C,D,E,F,K,M)  do { E += rol( A, 5 )     \
+                                      + F( B, C, D )  \
+                                      + K             \
+                                      + M;            \
+                                 B = rol( B, 30 );    \
+                               } while(0)
+  while (words < endp)
+    {
+      uint32_t tm;
+      int t;
+      for (t = 0; t < 16; t++)
+        {
+          x[t] = SWAP (*words);
+          words++;
+        }
+      R( a, b, c, d, e, F1, K1, x[ 0] );
+      R( e, a, b, c, d, F1, K1, x[ 1] );
+      R( d, e, a, b, c, F1, K1, x[ 2] );
+      R( c, d, e, a, b, F1, K1, x[ 3] );
+      R( b, c, d, e, a, F1, K1, x[ 4] );
+      R( a, b, c, d, e, F1, K1, x[ 5] );
+      R( e, a, b, c, d, F1, K1, x[ 6] );
+      R( d, e, a, b, c, F1, K1, x[ 7] );
+      R( c, d, e, a, b, F1, K1, x[ 8] );
+      R( b, c, d, e, a, F1, K1, x[ 9] );
+      R( a, b, c, d, e, F1, K1, x[10] );
+      R( e, a, b, c, d, F1, K1, x[11] );
+      R( d, e, a, b, c, F1, K1, x[12] );
+      R( c, d, e, a, b, F1, K1, x[13] );
+      R( b, c, d, e, a, F1, K1, x[14] );
+      R( a, b, c, d, e, F1, K1, x[15] );
+      R( e, a, b, c, d, F1, K1, M(16) );
+      R( d, e, a, b, c, F1, K1, M(17) );
+      R( c, d, e, a, b, F1, K1, M(18) );
+      R( b, c, d, e, a, F1, K1, M(19) );
+      R( a, b, c, d, e, F2, K2, M(20) );
+      R( e, a, b, c, d, F2, K2, M(21) );
+      R( d, e, a, b, c, F2, K2, M(22) );
+      R( c, d, e, a, b, F2, K2, M(23) );
+      R( b, c, d, e, a, F2, K2, M(24) );
+      R( a, b, c, d, e, F2, K2, M(25) );
+      R( e, a, b, c, d, F2, K2, M(26) );
+      R( d, e, a, b, c, F2, K2, M(27) );
+      R( c, d, e, a, b, F2, K2, M(28) );
+      R( b, c, d, e, a, F2, K2, M(29) );
+      R( a, b, c, d, e, F2, K2, M(30) );
+      R( e, a, b, c, d, F2, K2, M(31) );
+      R( d, e, a, b, c, F2, K2, M(32) );
+      R( c, d, e, a, b, F2, K2, M(33) );
+      R( b, c, d, e, a, F2, K2, M(34) );
+      R( a, b, c, d, e, F2, K2, M(35) );
+      R( e, a, b, c, d, F2, K2, M(36) );
+      R( d, e, a, b, c, F2, K2, M(37) );
+      R( c, d, e, a, b, F2, K2, M(38) );
+      R( b, c, d, e, a, F2, K2, M(39) );
+      R( a, b, c, d, e, F3, K3, M(40) );
+      R( e, a, b, c, d, F3, K3, M(41) );
+      R( d, e, a, b, c, F3, K3, M(42) );
+      R( c, d, e, a, b, F3, K3, M(43) );
+      R( b, c, d, e, a, F3, K3, M(44) );
+      R( a, b, c, d, e, F3, K3, M(45) );
+      R( e, a, b, c, d, F3, K3, M(46) );
+      R( d, e, a, b, c, F3, K3, M(47) );
+      R( c, d, e, a, b, F3, K3, M(48) );
+      R( b, c, d, e, a, F3, K3, M(49) );
+      R( a, b, c, d, e, F3, K3, M(50) );
+      R( e, a, b, c, d, F3, K3, M(51) );
+      R( d, e, a, b, c, F3, K3, M(52) );
+      R( c, d, e, a, b, F3, K3, M(53) );
+      R( b, c, d, e, a, F3, K3, M(54) );
+      R( a, b, c, d, e, F3, K3, M(55) );
+      R( e, a, b, c, d, F3, K3, M(56) );
+      R( d, e, a, b, c, F3, K3, M(57) );
+      R( c, d, e, a, b, F3, K3, M(58) );
+      R( b, c, d, e, a, F3, K3, M(59) );
+      R( a, b, c, d, e, F4, K4, M(60) );
+      R( e, a, b, c, d, F4, K4, M(61) );
+      R( d, e, a, b, c, F4, K4, M(62) );
+      R( c, d, e, a, b, F4, K4, M(63) );
+      R( b, c, d, e, a, F4, K4, M(64) );
+      R( a, b, c, d, e, F4, K4, M(65) );
+      R( e, a, b, c, d, F4, K4, M(66) );
+      R( d, e, a, b, c, F4, K4, M(67) );
+      R( c, d, e, a, b, F4, K4, M(68) );
+      R( b, c, d, e, a, F4, K4, M(69) );
+      R( a, b, c, d, e, F4, K4, M(70) );
+      R( e, a, b, c, d, F4, K4, M(71) );
+      R( d, e, a, b, c, F4, K4, M(72) );
+      R( c, d, e, a, b, F4, K4, M(73) );
+      R( b, c, d, e, a, F4, K4, M(74) );
+      R( a, b, c, d, e, F4, K4, M(75) );
+      R( e, a, b, c, d, F4, K4, M(76) );
+      R( d, e, a, b, c, F4, K4, M(77) );
+      R( c, d, e, a, b, F4, K4, M(78) );
+      R( b, c, d, e, a, F4, K4, M(79) );
+      a = ctx->A += a;
+      b = ctx->B += b;
+      c = ctx->C += c;
+      d = ctx->D += d;
+      e = ctx->E += e;
+    }
+}
+/* memxor.c -- perform binary exclusive OR operation of two memory blocks.
+   Copyright (C) 2005, 2006 Free Software Foundation, Inc.
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2, or (at your option)
+   any later version.
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software Foundation,
+   Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.  */
+/* Written by Simon Josefsson.  The interface was inspired by memxor
+   in Niels Möller's Nettle. */
+void *
+memxor (void * dest, const void * src, size_t n)
+{
+  char const *s = src;
+  char *d = dest;
+  for (; n > 0; n--)
+    *d++ ^= *s++;
+  return dest;
+}
+/* hmac-sha1.c -- hashed message authentication codes
+   Copyright (C) 2005, 2006 Free Software Foundation, Inc.
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2, or (at your option)
+   any later version.
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software Foundation,
+   Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.  */
+/* Written by Simon Josefsson.  */
+#define IPAD 0x36
+#define OPAD 0x5c
+int
+hmac_sha1 (const void *key, size_t keylen,
+           const void *in, size_t inlen, void *resbuf)
+{
+  struct sha1_ctx inner;
+  struct sha1_ctx outer;
+  char optkeybuf[20];
+  char block[64];
+  char innerhash[20];
+  /* Reduce the key's size, so that it becomes <= 64 bytes large.  */
+  if (keylen > 64)
+    {
+      struct sha1_ctx keyhash;
+      sha1_init_ctx (&keyhash);
+      sha1_process_bytes (key, keylen, &keyhash);
+      sha1_finish_ctx (&keyhash, optkeybuf);
+      key = optkeybuf;
+      keylen = 20;
+    }
+  /* Compute INNERHASH from KEY and IN.  */
+  sha1_init_ctx (&inner);
+  memset (block, IPAD, sizeof (block));
+  memxor (block, key, keylen);
+  sha1_process_block (block, 64, &inner);
+  sha1_process_bytes (in, inlen, &inner);
+  sha1_finish_ctx (&inner, innerhash);
+  /* Compute result from KEY and INNERHASH.  */
+  sha1_init_ctx (&outer);
+  memset (block, OPAD, sizeof (block));
+  memxor (block, key, keylen);
+  sha1_process_block (block, 64, &outer);
+  sha1_process_bytes (innerhash, 20, &outer);
+  sha1_finish_ctx (&outer, resbuf);
+  return 0;
+}

diff --git a/apps/plugins/lib/sha1.c b/apps/plugins/lib/sha1.c new file mode 100644 index 0000000000..107c50256b --- /dev/null +++ b/apps/plugins/lib/sha1.c
@@ -0,0 +1,434 @@
	1	/* sha1.c - Functions to compute SHA1 message digest of files or
	2	memory blocks according to the NIST specification FIPS-180-1.
	3
	4	Copyright (C) 2000, 2001, 2003, 2004, 2005, 2006 Free Software
	5	Foundation, Inc.
	6
	7	This program is free software; you can redistribute it and/or modify it
	8	under the terms of the GNU General Public License as published by the
	9	Free Software Foundation; either version 2, or (at your option) any
	10	later version.
	11
	12	This program is distributed in the hope that it will be useful,
	13	but WITHOUT ANY WARRANTY; without even the implied warranty of
	14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	GNU General Public License for more details.
	16
	17	You should have received a copy of the GNU General Public License
	18	along with this program; if not, write to the Free Software Foundation,
	19	Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
	20
	21	/* Written by Scott G. Miller
	22	Credits:
	23	Robert Klep <robert@ilse.nl> -- Expansion function fix
	24	*/
	25
	26	#include "plugin.h"
	27	#include "sha1.h"
	28
	29	#ifdef WORDS_BIGENDIAN
	30	# define SWAP(n) (n)
	31	#else
	32	# define SWAP(n) \
	33	(((n) << 24) \| (((n) & 0xff00) << 8) \| (((n) >> 8) & 0xff00) \| ((n) >> 24))
	34	#endif
	35
	36	#define BLOCKSIZE 4096
	37	#if BLOCKSIZE % 64 != 0
	38	# error "invalid BLOCKSIZE"
	39	#endif
	40
	41	/* This array contains the bytes used to pad the buffer to the next
	42	64-byte boundary. (RFC 1321, 3.1: Step 1) */
	43	static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
	44
	45
	46	/* Take a pointer to a 160 bit block of data (five 32 bit ints) and
	47	initialize it to the start constants of the SHA1 algorithm. This
	48	must be called before using hash in the call to sha1_hash. */
	49	void
	50	sha1_init_ctx (struct sha1_ctx *ctx)
	51	{
	52	ctx->A = 0x67452301;
	53	ctx->B = 0xefcdab89;
	54	ctx->C = 0x98badcfe;
	55	ctx->D = 0x10325476;
	56	ctx->E = 0xc3d2e1f0;
	57
	58	ctx->total[0] = ctx->total[1] = 0;
	59	ctx->buflen = 0;
	60	}
	61
	62	/* Put result from CTX in first 20 bytes following RESBUF. The result
	63	must be in little endian byte order.
	64
	65	IMPORTANT: On some systems it is required that RESBUF is correctly
	66	aligned for a 32-bit value. */
	67	void *
	68	sha1_read_ctx (const struct sha1_ctx ctx, void resbuf)
	69	{
	70	((uint32_t *) resbuf)[0] = SWAP (ctx->A);
	71	((uint32_t *) resbuf)[1] = SWAP (ctx->B);
	72	((uint32_t *) resbuf)[2] = SWAP (ctx->C);
	73	((uint32_t *) resbuf)[3] = SWAP (ctx->D);
	74	((uint32_t *) resbuf)[4] = SWAP (ctx->E);
	75
	76	return resbuf;
	77	}
	78
	79	/* Process the remaining bytes in the internal buffer and the usual
	80	prolog according to the standard and write the result to RESBUF.
	81
	82	IMPORTANT: On some systems it is required that RESBUF is correctly
	83	aligned for a 32-bit value. */
	84	void *
	85	sha1_finish_ctx (struct sha1_ctx ctx, void resbuf)
	86	{
	87	/* Take yet unprocessed bytes into account. */
	88	uint32_t bytes = ctx->buflen;
	89	size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4;
	90
	91	/* Now count remaining bytes. */
	92	ctx->total[0] += bytes;
	93	if (ctx->total[0] < bytes)
	94	++ctx->total[1];
	95
	96	/* Put the 64-bit file length in bits at the end of the buffer. */
	97	ctx->buffer[size - 2] = SWAP ((ctx->total[1] << 3) \| (ctx->total[0] >> 29));
	98	ctx->buffer[size - 1] = SWAP (ctx->total[0] << 3);
	99
	100	memcpy (&((char ) ctx->buffer)[bytes], fillbuf, (size - 2) 4 - bytes);
	101
	102	/* Process last bytes. */
	103	sha1_process_block (ctx->buffer, size * 4, ctx);
	104
	105	return sha1_read_ctx (ctx, resbuf);
	106	}
	107
	108	/* Compute SHA1 message digest for LEN bytes beginning at BUFFER. The
	109	result is always in little endian byte order, so that a byte-wise
	110	output yields to the wanted ASCII representation of the message
	111	digest. */
	112	void sha1_buffer (const char buffer, size_t len, void *resblock)
	113	{
	114	struct sha1_ctx ctx;
	115
	116	/* Initialize the computation context. */
	117	sha1_init_ctx (&ctx);
	118
	119	/* Process whole buffer but last len % 64 bytes. */
	120	sha1_process_bytes (buffer, len, &ctx);
	121
	122	/* Put result in desired memory area. */
	123	return sha1_finish_ctx (&ctx, resblock);
	124	}
	125
	126	void
	127	sha1_process_bytes (const void buffer, size_t len, struct sha1_ctx ctx)
	128	{
	129	/* When we already have some bits in our internal buffer concatenate
	130	both inputs first. */
	131	if (ctx->buflen != 0)
	132	{
	133	size_t left_over = ctx->buflen;
	134	size_t add = 128 - left_over > len ? len : 128 - left_over;
	135
	136	memcpy (&((char *) ctx->buffer)[left_over], buffer, add);
	137	ctx->buflen += add;
	138
	139	if (ctx->buflen > 64)
	140	{
	141	sha1_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
	142
	143	ctx->buflen &= 63;
	144	/* The regions in the following copy operation cannot overlap. */
	145	memcpy (ctx->buffer,
	146	&((char *) ctx->buffer)[(left_over + add) & ~63],
	147	ctx->buflen);
	148	}
	149
	150	buffer = (const char *) buffer + add;
	151	len -= add;
	152	}
	153
	154	/* Process available complete blocks. */
	155	if (len >= 64)
	156	{
	157	{
	158	sha1_process_block (buffer, len & ~63, ctx);
	159	buffer = (const char *) buffer + (len & ~63);
	160	len &= 63;
	161	}
	162	}
	163
	164	/* Move remaining bytes in internal buffer. */
	165	if (len > 0)
	166	{
	167	size_t left_over = ctx->buflen;
	168
	169	memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
	170	left_over += len;
	171	if (left_over >= 64)
	172	{
	173	sha1_process_block (ctx->buffer, 64, ctx);
	174	left_over -= 64;
	175	memcpy (ctx->buffer, &ctx->buffer[16], left_over);
	176	}
	177	ctx->buflen = left_over;
	178	}
	179	}
	180
	181	/* --- Code below is the primary difference between md5.c and sha1.c --- */
	182
	183	/* SHA1 round constants */
	184	#define K1 0x5a827999
	185	#define K2 0x6ed9eba1
	186	#define K3 0x8f1bbcdc
	187	#define K4 0xca62c1d6
	188
	189	/* Round functions. Note that F2 is the same as F4. */
	190	#define F1(B,C,D) ( D ^ ( B & ( C ^ D ) ) )
	191	#define F2(B,C,D) (B ^ C ^ D)
	192	#define F3(B,C,D) ( ( B & C ) \| ( D & ( B \| C ) ) )
	193	#define F4(B,C,D) (B ^ C ^ D)
	194
	195	/* Process LEN bytes of BUFFER, accumulating context into CTX.
	196	It is assumed that LEN % 64 == 0.
	197	Most of this code comes from GnuPG's cipher/sha1.c. */
	198
	199	void
	200	sha1_process_block (const void buffer, size_t len, struct sha1_ctx ctx)
	201	{
	202	const uint32_t *words = buffer;
	203	size_t nwords = len / sizeof (uint32_t);
	204	const uint32_t *endp = words + nwords;
	205	uint32_t x[16];
	206	uint32_t a = ctx->A;
	207	uint32_t b = ctx->B;
	208	uint32_t c = ctx->C;
	209	uint32_t d = ctx->D;
	210	uint32_t e = ctx->E;
	211
	212	/* First increment the byte count. RFC 1321 specifies the possible
	213	length of the file up to 2^64 bits. Here we only compute the
	214	number of bytes. Do a double word increment. */
	215	ctx->total[0] += len;
	216	if (ctx->total[0] < len)
	217	++ctx->total[1];
	218
	219	#define rol(x, n) (((x) << (n)) \| ((uint32_t) (x) >> (32 - (n))))
	220
	221	#define M(I) ( tm = x[I&0x0f] ^ x[(I-14)&0x0f] \
	222	^ x[(I-8)&0x0f] ^ x[(I-3)&0x0f] \
	223	, (x[I&0x0f] = rol(tm, 1)) )
	224
	225	#define R(A,B,C,D,E,F,K,M) do { E += rol( A, 5 ) \
	226	+ F( B, C, D ) \
	227	+ K \
	228	+ M; \
	229	B = rol( B, 30 ); \
	230	} while(0)
	231
	232	while (words < endp)
	233	{
	234	uint32_t tm;
	235	int t;
	236	for (t = 0; t < 16; t++)
	237	{
	238	x[t] = SWAP (*words);
	239	words++;
	240	}
	241
	242	R( a, b, c, d, e, F1, K1, x[ 0] );
	243	R( e, a, b, c, d, F1, K1, x[ 1] );
	244	R( d, e, a, b, c, F1, K1, x[ 2] );
	245	R( c, d, e, a, b, F1, K1, x[ 3] );
	246	R( b, c, d, e, a, F1, K1, x[ 4] );
	247	R( a, b, c, d, e, F1, K1, x[ 5] );
	248	R( e, a, b, c, d, F1, K1, x[ 6] );
	249	R( d, e, a, b, c, F1, K1, x[ 7] );
	250	R( c, d, e, a, b, F1, K1, x[ 8] );
	251	R( b, c, d, e, a, F1, K1, x[ 9] );
	252	R( a, b, c, d, e, F1, K1, x[10] );
	253	R( e, a, b, c, d, F1, K1, x[11] );
	254	R( d, e, a, b, c, F1, K1, x[12] );
	255	R( c, d, e, a, b, F1, K1, x[13] );
	256	R( b, c, d, e, a, F1, K1, x[14] );
	257	R( a, b, c, d, e, F1, K1, x[15] );
	258	R( e, a, b, c, d, F1, K1, M(16) );
	259	R( d, e, a, b, c, F1, K1, M(17) );
	260	R( c, d, e, a, b, F1, K1, M(18) );
	261	R( b, c, d, e, a, F1, K1, M(19) );
	262	R( a, b, c, d, e, F2, K2, M(20) );
	263	R( e, a, b, c, d, F2, K2, M(21) );
	264	R( d, e, a, b, c, F2, K2, M(22) );
	265	R( c, d, e, a, b, F2, K2, M(23) );
	266	R( b, c, d, e, a, F2, K2, M(24) );
	267	R( a, b, c, d, e, F2, K2, M(25) );
	268	R( e, a, b, c, d, F2, K2, M(26) );
	269	R( d, e, a, b, c, F2, K2, M(27) );
	270	R( c, d, e, a, b, F2, K2, M(28) );
	271	R( b, c, d, e, a, F2, K2, M(29) );
	272	R( a, b, c, d, e, F2, K2, M(30) );
	273	R( e, a, b, c, d, F2, K2, M(31) );
	274	R( d, e, a, b, c, F2, K2, M(32) );
	275	R( c, d, e, a, b, F2, K2, M(33) );
	276	R( b, c, d, e, a, F2, K2, M(34) );
	277	R( a, b, c, d, e, F2, K2, M(35) );
	278	R( e, a, b, c, d, F2, K2, M(36) );
	279	R( d, e, a, b, c, F2, K2, M(37) );
	280	R( c, d, e, a, b, F2, K2, M(38) );
	281	R( b, c, d, e, a, F2, K2, M(39) );
	282	R( a, b, c, d, e, F3, K3, M(40) );
	283	R( e, a, b, c, d, F3, K3, M(41) );
	284	R( d, e, a, b, c, F3, K3, M(42) );
	285	R( c, d, e, a, b, F3, K3, M(43) );
	286	R( b, c, d, e, a, F3, K3, M(44) );
	287	R( a, b, c, d, e, F3, K3, M(45) );
	288	R( e, a, b, c, d, F3, K3, M(46) );
	289	R( d, e, a, b, c, F3, K3, M(47) );
	290	R( c, d, e, a, b, F3, K3, M(48) );
	291	R( b, c, d, e, a, F3, K3, M(49) );
	292	R( a, b, c, d, e, F3, K3, M(50) );
	293	R( e, a, b, c, d, F3, K3, M(51) );
	294	R( d, e, a, b, c, F3, K3, M(52) );
	295	R( c, d, e, a, b, F3, K3, M(53) );
	296	R( b, c, d, e, a, F3, K3, M(54) );
	297	R( a, b, c, d, e, F3, K3, M(55) );
	298	R( e, a, b, c, d, F3, K3, M(56) );
	299	R( d, e, a, b, c, F3, K3, M(57) );
	300	R( c, d, e, a, b, F3, K3, M(58) );
	301	R( b, c, d, e, a, F3, K3, M(59) );
	302	R( a, b, c, d, e, F4, K4, M(60) );
	303	R( e, a, b, c, d, F4, K4, M(61) );
	304	R( d, e, a, b, c, F4, K4, M(62) );
	305	R( c, d, e, a, b, F4, K4, M(63) );
	306	R( b, c, d, e, a, F4, K4, M(64) );
	307	R( a, b, c, d, e, F4, K4, M(65) );
	308	R( e, a, b, c, d, F4, K4, M(66) );
	309	R( d, e, a, b, c, F4, K4, M(67) );
	310	R( c, d, e, a, b, F4, K4, M(68) );
	311	R( b, c, d, e, a, F4, K4, M(69) );
	312	R( a, b, c, d, e, F4, K4, M(70) );
	313	R( e, a, b, c, d, F4, K4, M(71) );
	314	R( d, e, a, b, c, F4, K4, M(72) );
	315	R( c, d, e, a, b, F4, K4, M(73) );
	316	R( b, c, d, e, a, F4, K4, M(74) );
	317	R( a, b, c, d, e, F4, K4, M(75) );
	318	R( e, a, b, c, d, F4, K4, M(76) );
	319	R( d, e, a, b, c, F4, K4, M(77) );
	320	R( c, d, e, a, b, F4, K4, M(78) );
	321	R( b, c, d, e, a, F4, K4, M(79) );
	322
	323	a = ctx->A += a;
	324	b = ctx->B += b;
	325	c = ctx->C += c;
	326	d = ctx->D += d;
	327	e = ctx->E += e;
	328	}
	329	}
	330
	331	/* memxor.c -- perform binary exclusive OR operation of two memory blocks.
	332	Copyright (C) 2005, 2006 Free Software Foundation, Inc.
	333
	334	This program is free software; you can redistribute it and/or modify
	335	it under the terms of the GNU General Public License as published by
	336	the Free Software Foundation; either version 2, or (at your option)
	337	any later version.
	338
	339	This program is distributed in the hope that it will be useful,
	340	but WITHOUT ANY WARRANTY; without even the implied warranty of
	341	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	342	GNU General Public License for more details.
	343
	344	You should have received a copy of the GNU General Public License
	345	along with this program; if not, write to the Free Software Foundation,
	346	Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
	347
	348	/* Written by Simon Josefsson. The interface was inspired by memxor
	349	in Niels Möller's Nettle. */
	350
	351	void *
	352	memxor (void * dest, const void * src, size_t n)
	353	{
	354	char const *s = src;
	355	char *d = dest;
	356
	357	for (; n > 0; n--)
	358	d++ ^= s++;
	359
	360	return dest;
	361	}
	362
	363	/* hmac-sha1.c -- hashed message authentication codes
	364	Copyright (C) 2005, 2006 Free Software Foundation, Inc.
	365
	366	This program is free software; you can redistribute it and/or modify
	367	it under the terms of the GNU General Public License as published by
	368	the Free Software Foundation; either version 2, or (at your option)
	369	any later version.
	370
	371	This program is distributed in the hope that it will be useful,
	372	but WITHOUT ANY WARRANTY; without even the implied warranty of
	373	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	374	GNU General Public License for more details.
	375
	376	You should have received a copy of the GNU General Public License
	377	along with this program; if not, write to the Free Software Foundation,
	378	Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
	379
	380	/* Written by Simon Josefsson. */
	381
	382	#define IPAD 0x36
	383	#define OPAD 0x5c
	384
	385	int
	386	hmac_sha1 (const void *key, size_t keylen,
	387	const void in, size_t inlen, void resbuf)
	388	{
	389	struct sha1_ctx inner;
	390	struct sha1_ctx outer;
	391	char optkeybuf[20];
	392	char block[64];
	393	char innerhash[20];
	394
	395	/* Reduce the key's size, so that it becomes <= 64 bytes large. */
	396
	397	if (keylen > 64)
	398	{
	399	struct sha1_ctx keyhash;
	400
	401	sha1_init_ctx (&keyhash);
	402	sha1_process_bytes (key, keylen, &keyhash);
	403	sha1_finish_ctx (&keyhash, optkeybuf);
	404
	405	key = optkeybuf;
	406	keylen = 20;
	407	}
	408
	409	/* Compute INNERHASH from KEY and IN. */
	410
	411	sha1_init_ctx (&inner);
	412
	413	memset (block, IPAD, sizeof (block));
	414	memxor (block, key, keylen);
	415
	416	sha1_process_block (block, 64, &inner);
	417	sha1_process_bytes (in, inlen, &inner);
	418
	419	sha1_finish_ctx (&inner, innerhash);
	420
	421	/* Compute result from KEY and INNERHASH. */
	422
	423	sha1_init_ctx (&outer);
	424
	425	memset (block, OPAD, sizeof (block));
	426	memxor (block, key, keylen);
	427
	428	sha1_process_block (block, 64, &outer);
	429	sha1_process_bytes (innerhash, 20, &outer);
	430
	431	sha1_finish_ctx (&outer, resbuf);
	432
	433	return 0;
	434	}