/bitcoin/src/crypto/sha1.cpp

Line	Count	Source
1		// Copyright (c) 2014-2019 The Bitcoin Core developers
2		// Distributed under the MIT software license, see the accompanying
3		// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5		#include <crypto/sha1.h>
6
7		#include <crypto/common.h>
8
9		#include <string.h>
10
11		// Internal implementation code.
12		namespace
13		{
14		/// Internal SHA-1 implementation.
15		namespace sha1
16		{
17		/** One round of SHA-1. */
18		void inline Round(uint32_t a, uint32_t& b, uint32_t c, uint32_t d, uint32_t& e, uint32_t f, uint32_t k, uint32_t w)
19	197k	{
20	197k	e += ((a << 5) \| (a >> 27)) + f + k + w;
21	197k	b = (b << 30) \| (b >> 2);
22	197k	}
23
24	49.4k	uint32_t inline f1(uint32_t b, uint32_t c, uint32_t d) { return d ^ (b & (c ^ d)); }
25	98.8k	uint32_t inline f2(uint32_t b, uint32_t c, uint32_t d) { return b ^ c ^ d; }
26	49.4k	uint32_t inline f3(uint32_t b, uint32_t c, uint32_t d) { return (b & c) \| (d & (b \| c)); }
27
28	158k	uint32_t inline left(uint32_t x) { return (x << 1) \| (x >> 31); }
29
30		/** Initialize SHA-1 state. */
31		void inline Initialize(uint32_t* s)
32	1.79k	{
33	1.79k	s[0] = 0x67452301ul;
34	1.79k	s[1] = 0xEFCDAB89ul;
35	1.79k	s[2] = 0x98BADCFEul;
36	1.79k	s[3] = 0x10325476ul;
37	1.79k	s[4] = 0xC3D2E1F0ul;
38	1.79k	}
39
40		const uint32_t k1 = 0x5A827999ul;
41		const uint32_t k2 = 0x6ED9EBA1ul;
42		const uint32_t k3 = 0x8F1BBCDCul;
43		const uint32_t k4 = 0xCA62C1D6ul;
44
45		/** Perform a SHA-1 transformation, processing a 64-byte chunk. */
46		void Transform(uint32_t* s, const unsigned char* chunk)
47	2.47k	{
48	2.47k	uint32_t a = s[0], b = s[1], c = s[2], d = s[3], e = s[4];
49	2.47k	uint32_t w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15;
50
51	2.47k	Round(a, b, c, d, e, f1(b, c, d), k1, w0 = ReadBE32(chunk + 0));
52	2.47k	Round(e, a, b, c, d, f1(a, b, c), k1, w1 = ReadBE32(chunk + 4));
53	2.47k	Round(d, e, a, b, c, f1(e, a, b), k1, w2 = ReadBE32(chunk + 8));
54	2.47k	Round(c, d, e, a, b, f1(d, e, a), k1, w3 = ReadBE32(chunk + 12));
55	2.47k	Round(b, c, d, e, a, f1(c, d, e), k1, w4 = ReadBE32(chunk + 16));
56	2.47k	Round(a, b, c, d, e, f1(b, c, d), k1, w5 = ReadBE32(chunk + 20));
57	2.47k	Round(e, a, b, c, d, f1(a, b, c), k1, w6 = ReadBE32(chunk + 24));
58	2.47k	Round(d, e, a, b, c, f1(e, a, b), k1, w7 = ReadBE32(chunk + 28));
59	2.47k	Round(c, d, e, a, b, f1(d, e, a), k1, w8 = ReadBE32(chunk + 32));
60	2.47k	Round(b, c, d, e, a, f1(c, d, e), k1, w9 = ReadBE32(chunk + 36));
61	2.47k	Round(a, b, c, d, e, f1(b, c, d), k1, w10 = ReadBE32(chunk + 40));
62	2.47k	Round(e, a, b, c, d, f1(a, b, c), k1, w11 = ReadBE32(chunk + 44));
63	2.47k	Round(d, e, a, b, c, f1(e, a, b), k1, w12 = ReadBE32(chunk + 48));
64	2.47k	Round(c, d, e, a, b, f1(d, e, a), k1, w13 = ReadBE32(chunk + 52));
65	2.47k	Round(b, c, d, e, a, f1(c, d, e), k1, w14 = ReadBE32(chunk + 56));
66	2.47k	Round(a, b, c, d, e, f1(b, c, d), k1, w15 = ReadBE32(chunk + 60));
67
68	2.47k	Round(e, a, b, c, d, f1(a, b, c), k1, w0 = left(w0 ^ w13 ^ w8 ^ w2));
69	2.47k	Round(d, e, a, b, c, f1(e, a, b), k1, w1 = left(w1 ^ w14 ^ w9 ^ w3));
70	2.47k	Round(c, d, e, a, b, f1(d, e, a), k1, w2 = left(w2 ^ w15 ^ w10 ^ w4));
71	2.47k	Round(b, c, d, e, a, f1(c, d, e), k1, w3 = left(w3 ^ w0 ^ w11 ^ w5));
72	2.47k	Round(a, b, c, d, e, f2(b, c, d), k2, w4 = left(w4 ^ w1 ^ w12 ^ w6));
73	2.47k	Round(e, a, b, c, d, f2(a, b, c), k2, w5 = left(w5 ^ w2 ^ w13 ^ w7));
74	2.47k	Round(d, e, a, b, c, f2(e, a, b), k2, w6 = left(w6 ^ w3 ^ w14 ^ w8));
75	2.47k	Round(c, d, e, a, b, f2(d, e, a), k2, w7 = left(w7 ^ w4 ^ w15 ^ w9));
76	2.47k	Round(b, c, d, e, a, f2(c, d, e), k2, w8 = left(w8 ^ w5 ^ w0 ^ w10));
77	2.47k	Round(a, b, c, d, e, f2(b, c, d), k2, w9 = left(w9 ^ w6 ^ w1 ^ w11));
78	2.47k	Round(e, a, b, c, d, f2(a, b, c), k2, w10 = left(w10 ^ w7 ^ w2 ^ w12));
79	2.47k	Round(d, e, a, b, c, f2(e, a, b), k2, w11 = left(w11 ^ w8 ^ w3 ^ w13));
80	2.47k	Round(c, d, e, a, b, f2(d, e, a), k2, w12 = left(w12 ^ w9 ^ w4 ^ w14));
81	2.47k	Round(b, c, d, e, a, f2(c, d, e), k2, w13 = left(w13 ^ w10 ^ w5 ^ w15));
82	2.47k	Round(a, b, c, d, e, f2(b, c, d), k2, w14 = left(w14 ^ w11 ^ w6 ^ w0));
83	2.47k	Round(e, a, b, c, d, f2(a, b, c), k2, w15 = left(w15 ^ w12 ^ w7 ^ w1));
84
85	2.47k	Round(d, e, a, b, c, f2(e, a, b), k2, w0 = left(w0 ^ w13 ^ w8 ^ w2));
86	2.47k	Round(c, d, e, a, b, f2(d, e, a), k2, w1 = left(w1 ^ w14 ^ w9 ^ w3));
87	2.47k	Round(b, c, d, e, a, f2(c, d, e), k2, w2 = left(w2 ^ w15 ^ w10 ^ w4));
88	2.47k	Round(a, b, c, d, e, f2(b, c, d), k2, w3 = left(w3 ^ w0 ^ w11 ^ w5));
89	2.47k	Round(e, a, b, c, d, f2(a, b, c), k2, w4 = left(w4 ^ w1 ^ w12 ^ w6));
90	2.47k	Round(d, e, a, b, c, f2(e, a, b), k2, w5 = left(w5 ^ w2 ^ w13 ^ w7));
91	2.47k	Round(c, d, e, a, b, f2(d, e, a), k2, w6 = left(w6 ^ w3 ^ w14 ^ w8));
92	2.47k	Round(b, c, d, e, a, f2(c, d, e), k2, w7 = left(w7 ^ w4 ^ w15 ^ w9));
93	2.47k	Round(a, b, c, d, e, f3(b, c, d), k3, w8 = left(w8 ^ w5 ^ w0 ^ w10));
94	2.47k	Round(e, a, b, c, d, f3(a, b, c), k3, w9 = left(w9 ^ w6 ^ w1 ^ w11));
95	2.47k	Round(d, e, a, b, c, f3(e, a, b), k3, w10 = left(w10 ^ w7 ^ w2 ^ w12));
96	2.47k	Round(c, d, e, a, b, f3(d, e, a), k3, w11 = left(w11 ^ w8 ^ w3 ^ w13));
97	2.47k	Round(b, c, d, e, a, f3(c, d, e), k3, w12 = left(w12 ^ w9 ^ w4 ^ w14));
98	2.47k	Round(a, b, c, d, e, f3(b, c, d), k3, w13 = left(w13 ^ w10 ^ w5 ^ w15));
99	2.47k	Round(e, a, b, c, d, f3(a, b, c), k3, w14 = left(w14 ^ w11 ^ w6 ^ w0));
100	2.47k	Round(d, e, a, b, c, f3(e, a, b), k3, w15 = left(w15 ^ w12 ^ w7 ^ w1));
101
102	2.47k	Round(c, d, e, a, b, f3(d, e, a), k3, w0 = left(w0 ^ w13 ^ w8 ^ w2));
103	2.47k	Round(b, c, d, e, a, f3(c, d, e), k3, w1 = left(w1 ^ w14 ^ w9 ^ w3));
104	2.47k	Round(a, b, c, d, e, f3(b, c, d), k3, w2 = left(w2 ^ w15 ^ w10 ^ w4));
105	2.47k	Round(e, a, b, c, d, f3(a, b, c), k3, w3 = left(w3 ^ w0 ^ w11 ^ w5));
106	2.47k	Round(d, e, a, b, c, f3(e, a, b), k3, w4 = left(w4 ^ w1 ^ w12 ^ w6));
107	2.47k	Round(c, d, e, a, b, f3(d, e, a), k3, w5 = left(w5 ^ w2 ^ w13 ^ w7));
108	2.47k	Round(b, c, d, e, a, f3(c, d, e), k3, w6 = left(w6 ^ w3 ^ w14 ^ w8));
109	2.47k	Round(a, b, c, d, e, f3(b, c, d), k3, w7 = left(w7 ^ w4 ^ w15 ^ w9));
110	2.47k	Round(e, a, b, c, d, f3(a, b, c), k3, w8 = left(w8 ^ w5 ^ w0 ^ w10));
111	2.47k	Round(d, e, a, b, c, f3(e, a, b), k3, w9 = left(w9 ^ w6 ^ w1 ^ w11));
112	2.47k	Round(c, d, e, a, b, f3(d, e, a), k3, w10 = left(w10 ^ w7 ^ w2 ^ w12));
113	2.47k	Round(b, c, d, e, a, f3(c, d, e), k3, w11 = left(w11 ^ w8 ^ w3 ^ w13));
114	2.47k	Round(a, b, c, d, e, f2(b, c, d), k4, w12 = left(w12 ^ w9 ^ w4 ^ w14));
115	2.47k	Round(e, a, b, c, d, f2(a, b, c), k4, w13 = left(w13 ^ w10 ^ w5 ^ w15));
116	2.47k	Round(d, e, a, b, c, f2(e, a, b), k4, w14 = left(w14 ^ w11 ^ w6 ^ w0));
117	2.47k	Round(c, d, e, a, b, f2(d, e, a), k4, w15 = left(w15 ^ w12 ^ w7 ^ w1));
118
119	2.47k	Round(b, c, d, e, a, f2(c, d, e), k4, w0 = left(w0 ^ w13 ^ w8 ^ w2));
120	2.47k	Round(a, b, c, d, e, f2(b, c, d), k4, w1 = left(w1 ^ w14 ^ w9 ^ w3));
121	2.47k	Round(e, a, b, c, d, f2(a, b, c), k4, w2 = left(w2 ^ w15 ^ w10 ^ w4));
122	2.47k	Round(d, e, a, b, c, f2(e, a, b), k4, w3 = left(w3 ^ w0 ^ w11 ^ w5));
123	2.47k	Round(c, d, e, a, b, f2(d, e, a), k4, w4 = left(w4 ^ w1 ^ w12 ^ w6));
124	2.47k	Round(b, c, d, e, a, f2(c, d, e), k4, w5 = left(w5 ^ w2 ^ w13 ^ w7));
125	2.47k	Round(a, b, c, d, e, f2(b, c, d), k4, w6 = left(w6 ^ w3 ^ w14 ^ w8));
126	2.47k	Round(e, a, b, c, d, f2(a, b, c), k4, w7 = left(w7 ^ w4 ^ w15 ^ w9));
127	2.47k	Round(d, e, a, b, c, f2(e, a, b), k4, w8 = left(w8 ^ w5 ^ w0 ^ w10));
128	2.47k	Round(c, d, e, a, b, f2(d, e, a), k4, w9 = left(w9 ^ w6 ^ w1 ^ w11));
129	2.47k	Round(b, c, d, e, a, f2(c, d, e), k4, w10 = left(w10 ^ w7 ^ w2 ^ w12));
130	2.47k	Round(a, b, c, d, e, f2(b, c, d), k4, w11 = left(w11 ^ w8 ^ w3 ^ w13));
131	2.47k	Round(e, a, b, c, d, f2(a, b, c), k4, w12 = left(w12 ^ w9 ^ w4 ^ w14));
132	2.47k	Round(d, e, a, b, c, f2(e, a, b), k4, left(w13 ^ w10 ^ w5 ^ w15));
133	2.47k	Round(c, d, e, a, b, f2(d, e, a), k4, left(w14 ^ w11 ^ w6 ^ w0));
134	2.47k	Round(b, c, d, e, a, f2(c, d, e), k4, left(w15 ^ w12 ^ w7 ^ w1));
135
136	2.47k	s[0] += a;
137	2.47k	s[1] += b;
138	2.47k	s[2] += c;
139	2.47k	s[3] += d;
140	2.47k	s[4] += e;
141	2.47k	}
142
143		} // namespace sha1
144
145		} // namespace
146
147		////// SHA1
148
149		CSHA1::CSHA1()
150	1.79k	{
151	1.79k	sha1::Initialize(s);
152	1.79k	}
153
154		CSHA1& CSHA1::Write(const unsigned char* data, size_t len)
155	5.39k	{
156	5.39k	const unsigned char* end = data + len;
157	5.39k	size_t bufsize = bytes % 64;
158	5.39k	if (bufsize && bufsize + len >= 64) { Branch (158:9): [True: 3.57k, False: 1.81k] Branch (158:20): [True: 1.85k, False: 1.71k]
159		// Fill the buffer, and process it.
160	1.85k	memcpy(buf + bufsize, data, 64 - bufsize);
161	1.85k	bytes += 64 - bufsize;
162	1.85k	data += 64 - bufsize;
163	1.85k	sha1::Transform(s, buf);
164	1.85k	bufsize = 0;
165	1.85k	}
166	6.00k	while (end - data >= 64) { Branch (166:12): [True: 612, False: 5.39k]
167		// Process full chunks directly from the source.
168	612	sha1::Transform(s, data);
169	612	bytes += 64;
170	612	data += 64;
171	612	}
172	5.39k	if (end > data) { Branch (172:9): [True: 3.57k, False: 1.81k]
173		// Fill the buffer with what remains.
174	3.57k	memcpy(buf + bufsize, data, end - data);
175	3.57k	bytes += end - data;
176	3.57k	}
177	5.39k	return *this;
178	5.39k	}
179
180		void CSHA1::Finalize(unsigned char hash[OUTPUT_SIZE])
181	1.79k	{
182	1.79k	static const unsigned char pad[64] = {0x80};
183	1.79k	unsigned char sizedesc[8];
184	1.79k	WriteBE64(sizedesc, bytes << 3);
185	1.79k	Write(pad, 1 + ((119 - (bytes % 64)) % 64));
186	1.79k	Write(sizedesc, 8);
187	1.79k	WriteBE32(hash, s[0]);
188	1.79k	WriteBE32(hash + 4, s[1]);
189	1.79k	WriteBE32(hash + 8, s[2]);
190	1.79k	WriteBE32(hash + 12, s[3]);
191	1.79k	WriteBE32(hash + 16, s[4]);
192	1.79k	}
193
194		CSHA1& CSHA1::Reset()
195	0	{
196	0	bytes = 0;
197	0	sha1::Initialize(s);
198	0	return *this;
199	0	}

Coverage Report

Created: 2025-06-10 13:21