github.com/slayercat/go@v0.0.0-20170428012452-c51559813f61/src/crypto/sha1/sha1.go

github.com/slayercat/go@v0.0.0-20170428012452-c51559813f61/src/crypto/sha1/sha1.go (about)

     1  // Copyright 2009 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  // Package sha1 implements the SHA1 hash algorithm as defined in RFC 3174.
     6  package sha1
     7  
     8  import (
     9  	"crypto"
    10  	"hash"
    11  )
    12  
    13  func init() {
    14  	crypto.RegisterHash(crypto.SHA1, New)
    15  }
    16  
    17  // The size of a SHA1 checksum in bytes.
    18  const Size = 20
    19  
    20  // The blocksize of SHA1 in bytes.
    21  const BlockSize = 64
    22  
    23  const (
    24  	chunk = 64
    25  	init0 = 0x67452301
    26  	init1 = 0xEFCDAB89
    27  	init2 = 0x98BADCFE
    28  	init3 = 0x10325476
    29  	init4 = 0xC3D2E1F0
    30  )
    31  
    32  // digest represents the partial evaluation of a checksum.
    33  type digest struct {
    34  	h   [5]uint32
    35  	x   [chunk]byte
    36  	nx  int
    37  	len uint64
    38  }
    39  
    40  func (d *digest) Reset() {
    41  	d.h[0] = init0
    42  	d.h[1] = init1
    43  	d.h[2] = init2
    44  	d.h[3] = init3
    45  	d.h[4] = init4
    46  	d.nx = 0
    47  	d.len = 0
    48  }
    49  
    50  // New returns a new hash.Hash computing the SHA1 checksum.
    51  func New() hash.Hash {
    52  	d := new(digest)
    53  	d.Reset()
    54  	return d
    55  }
    56  
    57  func (d *digest) Size() int { return Size }
    58  
    59  func (d *digest) BlockSize() int { return BlockSize }
    60  
    61  func (d *digest) Write(p []byte) (nn int, err error) {
    62  	nn = len(p)
    63  	d.len += uint64(nn)
    64  	if d.nx > 0 {
    65  		n := copy(d.x[d.nx:], p)
    66  		d.nx += n
    67  		if d.nx == chunk {
    68  			block(d, d.x[:])
    69  			d.nx = 0
    70  		}
    71  		p = p[n:]
    72  	}
    73  	if len(p) >= chunk {
    74  		n := len(p) &^ (chunk - 1)
    75  		block(d, p[:n])
    76  		p = p[n:]
    77  	}
    78  	if len(p) > 0 {
    79  		d.nx = copy(d.x[:], p)
    80  	}
    81  	return
    82  }
    83  
    84  func (d0 *digest) Sum(in []byte) []byte {
    85  	// Make a copy of d0 so that caller can keep writing and summing.
    86  	d := *d0
    87  	hash := d.checkSum()
    88  	return append(in, hash[:]...)
    89  }
    90  
    91  func (d *digest) checkSum() [Size]byte {
    92  	len := d.len
    93  	// Padding.  Add a 1 bit and 0 bits until 56 bytes mod 64.
    94  	var tmp [64]byte
    95  	tmp[0] = 0x80
    96  	if len%64 < 56 {
    97  		d.Write(tmp[0 : 56-len%64])
    98  	} else {
    99  		d.Write(tmp[0 : 64+56-len%64])
   100  	}
   101  
   102  	// Length in bits.
   103  	len <<= 3
   104  	for i := uint(0); i < 8; i++ {
   105  		tmp[i] = byte(len >> (56 - 8*i))
   106  	}
   107  	d.Write(tmp[0:8])
   108  
   109  	if d.nx != 0 {
   110  		panic("d.nx != 0")
   111  	}
   112  
   113  	var digest [Size]byte
   114  	for i, s := range d.h {
   115  		digest[i*4] = byte(s >> 24)
   116  		digest[i*4+1] = byte(s >> 16)
   117  		digest[i*4+2] = byte(s >> 8)
   118  		digest[i*4+3] = byte(s)
   119  	}
   120  
   121  	return digest
   122  }
   123  
   124  // ConstantTimeSum computes the same result of Sum() but in constant time
   125  func (d0 *digest) ConstantTimeSum(in []byte) []byte {
   126  	d := *d0
   127  	hash := d.constSum()
   128  	return append(in, hash[:]...)
   129  }
   130  
   131  func (d *digest) constSum() [Size]byte {
   132  	var length [8]byte
   133  	l := d.len << 3
   134  	for i := uint(0); i < 8; i++ {
   135  		length[i] = byte(l >> (56 - 8*i))
   136  	}
   137  
   138  	nx := byte(d.nx)
   139  	t := nx - 56                 // if nx < 56 then the MSB of t is one
   140  	mask1b := byte(int8(t) >> 7) // mask1b is 0xFF iff one block is enough
   141  
   142  	separator := byte(0x80) // gets reset to 0x00 once used
   143  	for i := byte(0); i < chunk; i++ {
   144  		mask := byte(int8(i-nx) >> 7) // 0x00 after the end of data
   145  
   146  		// if we reached the end of the data, replace with 0x80 or 0x00
   147  		d.x[i] = (^mask & separator) | (mask & d.x[i])
   148  
   149  		// zero the separator once used
   150  		separator &= mask
   151  
   152  		if i >= 56 {
   153  			// we might have to write the length here if all fit in one block
   154  			d.x[i] |= mask1b & length[i-56]
   155  		}
   156  	}
   157  
   158  	// compress, and only keep the digest if all fit in one block
   159  	block(d, d.x[:])
   160  
   161  	var digest [Size]byte
   162  	for i, s := range d.h {
   163  		digest[i*4] = mask1b & byte(s>>24)
   164  		digest[i*4+1] = mask1b & byte(s>>16)
   165  		digest[i*4+2] = mask1b & byte(s>>8)
   166  		digest[i*4+3] = mask1b & byte(s)
   167  	}
   168  
   169  	for i := byte(0); i < chunk; i++ {
   170  		// second block, it's always past the end of data, might start with 0x80
   171  		if i < 56 {
   172  			d.x[i] = separator
   173  			separator = 0
   174  		} else {
   175  			d.x[i] = length[i-56]
   176  		}
   177  	}
   178  
   179  	// compress, and only keep the digest if we actually needed the second block
   180  	block(d, d.x[:])
   181  
   182  	for i, s := range d.h {
   183  		digest[i*4] |= ^mask1b & byte(s>>24)
   184  		digest[i*4+1] |= ^mask1b & byte(s>>16)
   185  		digest[i*4+2] |= ^mask1b & byte(s>>8)
   186  		digest[i*4+3] |= ^mask1b & byte(s)
   187  	}
   188  
   189  	return digest
   190  }
   191  
   192  // Sum returns the SHA1 checksum of the data.
   193  func Sum(data []byte) [Size]byte {
   194  	var d digest
   195  	d.Reset()
   196  	d.Write(data)
   197  	return d.checkSum()
   198  }