Retro68/gcc/libgo/go/crypto/sha1/sha1.go

// Copyright 2009 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

// Package sha1 implements the SHA1 hash algorithm as defined in RFC 3174.
package sha1

import (
	"crypto"
	"hash"
)

func init() {
	crypto.RegisterHash(crypto.SHA1, New)
}

// The size of a SHA1 checksum in bytes.
const Size = 20

// The blocksize of SHA1 in bytes.
const BlockSize = 64

const (
	chunk = 64
	init0 = 0x67452301
	init1 = 0xEFCDAB89
	init2 = 0x98BADCFE
	init3 = 0x10325476
	init4 = 0xC3D2E1F0
)

// digest represents the partial evaluation of a checksum.
type digest struct {
	h   [5]uint32
	x   [chunk]byte
	nx  int
	len uint64
}

func (d *digest) Reset() {
	d.h[0] = init0
	d.h[1] = init1
	d.h[2] = init2
	d.h[3] = init3
	d.h[4] = init4
	d.nx = 0
	d.len = 0
}

// New returns a new hash.Hash computing the SHA1 checksum.
func New() hash.Hash {
	d := new(digest)
	d.Reset()
	return d
}

func (d *digest) Size() int { return Size }

func (d *digest) BlockSize() int { return BlockSize }

func (d *digest) Write(p []byte) (nn int, err error) {
	nn = len(p)
	d.len += uint64(nn)
	if d.nx > 0 {
		n := copy(d.x[d.nx:], p)
		d.nx += n
		if d.nx == chunk {
			block(d, d.x[:])
			d.nx = 0
		}
		p = p[n:]
	}
	if len(p) >= chunk {
		n := len(p) &^ (chunk - 1)
		block(d, p[:n])
		p = p[n:]
	}
	if len(p) > 0 {
		d.nx = copy(d.x[:], p)
	}
	return
}

func (d0 *digest) Sum(in []byte) []byte {
	// Make a copy of d0 so that caller can keep writing and summing.
	d := *d0
	hash := d.checkSum()
	return append(in, hash[:]...)
}

func (d *digest) checkSum() [Size]byte {
	len := d.len
	// Padding.  Add a 1 bit and 0 bits until 56 bytes mod 64.
	var tmp [64]byte
	tmp[0] = 0x80
	if len%64 < 56 {
		d.Write(tmp[0 : 56-len%64])
	} else {
		d.Write(tmp[0 : 64+56-len%64])
	}

	// Length in bits.
	len <<= 3
	for i := uint(0); i < 8; i++ {
		tmp[i] = byte(len >> (56 - 8*i))
	}
	d.Write(tmp[0:8])

	if d.nx != 0 {
		panic("d.nx != 0")
	}

	var digest [Size]byte
	for i, s := range d.h {
		digest[i*4] = byte(s >> 24)
		digest[i*4+1] = byte(s >> 16)
		digest[i*4+2] = byte(s >> 8)
		digest[i*4+3] = byte(s)
	}

	return digest
}

// ConstantTimeSum computes the same result of Sum() but in constant time
func (d0 *digest) ConstantTimeSum(in []byte) []byte {
	d := *d0
	hash := d.constSum()
	return append(in, hash[:]...)
}

func (d *digest) constSum() [Size]byte {
	var length [8]byte
	l := d.len << 3
	for i := uint(0); i < 8; i++ {
		length[i] = byte(l >> (56 - 8*i))
	}

	nx := byte(d.nx)
	t := nx - 56                 // if nx < 56 then the MSB of t is one
	mask1b := byte(int8(t) >> 7) // mask1b is 0xFF iff one block is enough

	separator := byte(0x80) // gets reset to 0x00 once used
	for i := byte(0); i < chunk; i++ {
		mask := byte(int8(i-nx) >> 7) // 0x00 after the end of data

		// if we reached the end of the data, replace with 0x80 or 0x00
		d.x[i] = (^mask & separator) | (mask & d.x[i])

		// zero the separator once used
		separator &= mask

		if i >= 56 {
			// we might have to write the length here if all fit in one block
			d.x[i] |= mask1b & length[i-56]
		}
	}

	// compress, and only keep the digest if all fit in one block
	block(d, d.x[:])

	var digest [Size]byte
	for i, s := range d.h {
		digest[i*4] = mask1b & byte(s>>24)
		digest[i*4+1] = mask1b & byte(s>>16)
		digest[i*4+2] = mask1b & byte(s>>8)
		digest[i*4+3] = mask1b & byte(s)
	}

	for i := byte(0); i < chunk; i++ {
		// second block, it's always past the end of data, might start with 0x80
		if i < 56 {
			d.x[i] = separator
			separator = 0
		} else {
			d.x[i] = length[i-56]
		}
	}

	// compress, and only keep the digest if we actually needed the second block
	block(d, d.x[:])

	for i, s := range d.h {
		digest[i*4] |= ^mask1b & byte(s>>24)
		digest[i*4+1] |= ^mask1b & byte(s>>16)
		digest[i*4+2] |= ^mask1b & byte(s>>8)
		digest[i*4+3] |= ^mask1b & byte(s)
	}

	return digest
}

// Sum returns the SHA1 checksum of the data.
func Sum(data []byte) [Size]byte {
	var d digest
	d.Reset()
	d.Write(data)
	return d.checkSum()
}
add gcc 4.70 2012-03-27 23:13:14 +00:00			`// Copyright 2009 The Go Authors. All rights reserved.`
			`// Use of this source code is governed by a BSD-style`
			`// license that can be found in the LICENSE file.`

			`// Package sha1 implements the SHA1 hash algorithm as defined in RFC 3174.`
			`package sha1`

			`import (`
			`"crypto"`
			`"hash"`
			`)`

			`func init() {`
			`crypto.RegisterHash(crypto.SHA1, New)`
			`}`

			`// The size of a SHA1 checksum in bytes.`
			`const Size = 20`

			`// The blocksize of SHA1 in bytes.`
			`const BlockSize = 64`

			`const (`
upgrade to gcc 4.9.1 2014-09-21 17:33:12 +00:00			`chunk = 64`
			`init0 = 0x67452301`
			`init1 = 0xEFCDAB89`
			`init2 = 0x98BADCFE`
			`init3 = 0x10325476`
			`init4 = 0xC3D2E1F0`
add gcc 4.70 2012-03-27 23:13:14 +00:00			`)`

			`// digest represents the partial evaluation of a checksum.`
			`type digest struct {`
			`h [5]uint32`
upgrade to gcc 4.9.1 2014-09-21 17:33:12 +00:00			`x [chunk]byte`
add gcc 4.70 2012-03-27 23:13:14 +00:00			`nx int`
			`len uint64`
			`}`

			`func (d *digest) Reset() {`
upgrade to gcc 4.9.1 2014-09-21 17:33:12 +00:00			`d.h[0] = init0`
			`d.h[1] = init1`
			`d.h[2] = init2`
			`d.h[3] = init3`
			`d.h[4] = init4`
add gcc 4.70 2012-03-27 23:13:14 +00:00			`d.nx = 0`
			`d.len = 0`
			`}`

			`// New returns a new hash.Hash computing the SHA1 checksum.`
			`func New() hash.Hash {`
			`d := new(digest)`
			`d.Reset()`
			`return d`
			`}`

			`func (d *digest) Size() int { return Size }`

			`func (d *digest) BlockSize() int { return BlockSize }`

			`func (d *digest) Write(p []byte) (nn int, err error) {`
			`nn = len(p)`
			`d.len += uint64(nn)`
			`if d.nx > 0 {`
Update gcc to 5.2.0 2015-08-28 15:33:40 +00:00			`n := copy(d.x[d.nx:], p)`
add gcc 4.70 2012-03-27 23:13:14 +00:00			`d.nx += n`
upgrade to gcc 4.9.1 2014-09-21 17:33:12 +00:00			`if d.nx == chunk {`
Update gcc to 5.2.0 2015-08-28 15:33:40 +00:00			`block(d, d.x[:])`
add gcc 4.70 2012-03-27 23:13:14 +00:00			`d.nx = 0`
			`}`
			`p = p[n:]`
			`}`
upgrade to gcc 4.9.1 2014-09-21 17:33:12 +00:00			`if len(p) >= chunk {`
			`n := len(p) &^ (chunk - 1)`
			`block(d, p[:n])`
			`p = p[n:]`
			`}`
add gcc 4.70 2012-03-27 23:13:14 +00:00			`if len(p) > 0 {`
			`d.nx = copy(d.x[:], p)`
			`}`
			`return`
			`}`

			`func (d0 *digest) Sum(in []byte) []byte {`
			`// Make a copy of d0 so that caller can keep writing and summing.`
			`d := *d0`
upgrade to gcc 4.9.1 2014-09-21 17:33:12 +00:00			`hash := d.checkSum()`
			`return append(in, hash[:]...)`
			`}`
add gcc 4.70 2012-03-27 23:13:14 +00:00
upgrade to gcc 4.9.1 2014-09-21 17:33:12 +00:00			`func (d *digest) checkSum() [Size]byte {`
add gcc 4.70 2012-03-27 23:13:14 +00:00			`len := d.len`
upgrade to gcc 4.9.1 2014-09-21 17:33:12 +00:00			`// Padding. Add a 1 bit and 0 bits until 56 bytes mod 64.`
add gcc 4.70 2012-03-27 23:13:14 +00:00			`var tmp [64]byte`
			`tmp[0] = 0x80`
			`if len%64 < 56 {`
			`d.Write(tmp[0 : 56-len%64])`
			`} else {`
			`d.Write(tmp[0 : 64+56-len%64])`
			`}`

			`// Length in bits.`
			`len <<= 3`
			`for i := uint(0); i < 8; i++ {`
			`tmp[i] = byte(len >> (56 - 8*i))`
			`}`
			`d.Write(tmp[0:8])`

			`if d.nx != 0 {`
			`panic("d.nx != 0")`
			`}`

			`var digest [Size]byte`
			`for i, s := range d.h {`
			`digest[i*4] = byte(s >> 24)`
			`digest[i*4+1] = byte(s >> 16)`
			`digest[i*4+2] = byte(s >> 8)`
			`digest[i*4+3] = byte(s)`
			`}`

upgrade to gcc 4.9.1 2014-09-21 17:33:12 +00:00			`return digest`
			`}`

Update gcc to 7.2.0, binutils to 2.29, newlib to 2.5.0 2017-10-07 00:16:47 +00:00			`// ConstantTimeSum computes the same result of Sum() but in constant time`
			`func (d0 *digest) ConstantTimeSum(in []byte) []byte {`
			`d := *d0`
			`hash := d.constSum()`
			`return append(in, hash[:]...)`
			`}`

			`func (d *digest) constSum() [Size]byte {`
			`var length [8]byte`
			`l := d.len << 3`
			`for i := uint(0); i < 8; i++ {`
			`length[i] = byte(l >> (56 - 8*i))`
			`}`

			`nx := byte(d.nx)`
			`t := nx - 56 // if nx < 56 then the MSB of t is one`
			`mask1b := byte(int8(t) >> 7) // mask1b is 0xFF iff one block is enough`

			`separator := byte(0x80) // gets reset to 0x00 once used`
			`for i := byte(0); i < chunk; i++ {`
			`mask := byte(int8(i-nx) >> 7) // 0x00 after the end of data`

			`// if we reached the end of the data, replace with 0x80 or 0x00`
			`d.x[i] = (^mask & separator) \| (mask & d.x[i])`

			`// zero the separator once used`
			`separator &= mask`

			`if i >= 56 {`
			`// we might have to write the length here if all fit in one block`
			`d.x[i] \|= mask1b & length[i-56]`
			`}`
			`}`

			`// compress, and only keep the digest if all fit in one block`
			`block(d, d.x[:])`

			`var digest [Size]byte`
			`for i, s := range d.h {`
			`digest[i*4] = mask1b & byte(s>>24)`
			`digest[i*4+1] = mask1b & byte(s>>16)`
			`digest[i*4+2] = mask1b & byte(s>>8)`
			`digest[i*4+3] = mask1b & byte(s)`
			`}`

			`for i := byte(0); i < chunk; i++ {`
			`// second block, it's always past the end of data, might start with 0x80`
			`if i < 56 {`
			`d.x[i] = separator`
			`separator = 0`
			`} else {`
			`d.x[i] = length[i-56]`
			`}`
			`}`

			`// compress, and only keep the digest if we actually needed the second block`
			`block(d, d.x[:])`

			`for i, s := range d.h {`
			`digest[i*4] \|= ^mask1b & byte(s>>24)`
			`digest[i*4+1] \|= ^mask1b & byte(s>>16)`
			`digest[i*4+2] \|= ^mask1b & byte(s>>8)`
			`digest[i*4+3] \|= ^mask1b & byte(s)`
			`}`

			`return digest`
			`}`

upgrade to gcc 4.9.1 2014-09-21 17:33:12 +00:00			`// Sum returns the SHA1 checksum of the data.`
			`func Sum(data []byte) [Size]byte {`
			`var d digest`
			`d.Reset()`
			`d.Write(data)`
			`return d.checkSum()`
add gcc 4.70 2012-03-27 23:13:14 +00:00			`}`