xref: /third_party/python/Modules/sha1module.c (revision 7db96d56) 
1/* SHA1 module */
2
3/* This module provides an interface to the SHA1 algorithm */
4
5/* See below for information about the original code this module was
6   based upon. Additional work performed by:
7
8   Andrew Kuchling (amk@amk.ca)
9   Greg Stein (gstein@lyra.org)
10   Trevor Perrin (trevp@trevp.net)
11
12   Copyright (C) 2005-2007   Gregory P. Smith (greg@krypto.org)
13   Licensed to PSF under a Contributor Agreement.
14
15*/
16
17/* SHA1 objects */
18#ifndef Py_BUILD_CORE_BUILTIN
19#  define Py_BUILD_CORE_MODULE 1
20#endif
21
22#include "Python.h"
23#include "hashlib.h"
24#include "pycore_strhex.h"        // _Py_strhex()
25
26/*[clinic input]
27module _sha1
28class SHA1Type "SHA1object *" "&PyType_Type"
29[clinic start generated code]*/
30/*[clinic end generated code: output=da39a3ee5e6b4b0d input=3dc9a20d1becb759]*/
31
32/* Some useful types */
33
34#if SIZEOF_INT == 4
35typedef unsigned int SHA1_INT32;        /* 32-bit integer */
36typedef long long SHA1_INT64;        /* 64-bit integer */
37#else
38/* not defined. compilation will die. */
39#endif
40
41/* The SHA1 block size and message digest sizes, in bytes */
42
43#define SHA1_BLOCKSIZE    64
44#define SHA1_DIGESTSIZE   20
45
46/* The structure for storing SHA1 info */
47
48struct sha1_state {
49    SHA1_INT64 length;
50    SHA1_INT32 state[5], curlen;
51    unsigned char buf[SHA1_BLOCKSIZE];
52};
53
54typedef struct {
55    PyObject_HEAD
56
57    struct sha1_state hash_state;
58} SHA1object;
59
60#include "clinic/sha1module.c.h"
61
62/* ------------------------------------------------------------------------
63 *
64 * This code for the SHA1 algorithm was noted as public domain. The
65 * original headers are pasted below.
66 *
67 * Several changes have been made to make it more compatible with the
68 * Python environment and desired interface.
69 *
70 */
71
72/* LibTomCrypt, modular cryptographic library -- Tom St Denis
73 *
74 * LibTomCrypt is a library that provides various cryptographic
75 * algorithms in a highly modular and flexible manner.
76 *
77 * The library is free for all purposes without any express
78 * guarantee it works.
79 *
80 * Tom St Denis, tomstdenis@gmail.com, https://www.libtom.net
81 */
82
83/* rotate the hard way (platform optimizations could be done) */
84#define ROL(x, y) ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
85#define ROLc(x, y) ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
86
87/* Endian Neutral macros that work on all platforms */
88
89#define STORE32H(x, y)                                                                     \
90     { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255);   \
91       (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); }
92
93#define LOAD32H(x, y)                            \
94     { x = ((unsigned long)((y)[0] & 255)<<24) | \
95           ((unsigned long)((y)[1] & 255)<<16) | \
96           ((unsigned long)((y)[2] & 255)<<8)  | \
97           ((unsigned long)((y)[3] & 255)); }
98
99#define STORE64H(x, y)                                                                     \
100   { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255);     \
101     (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255);     \
102     (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255);     \
103     (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); }
104
105
106/* SHA1 macros */
107
108#define F0(x,y,z)  (z ^ (x & (y ^ z)))
109#define F1(x,y,z)  (x ^ y ^ z)
110#define F2(x,y,z)  ((x & y) | (z & (x | y)))
111#define F3(x,y,z)  (x ^ y ^ z)
112
113static void sha1_compress(struct sha1_state *sha1, unsigned char *buf)
114{
115    SHA1_INT32 a,b,c,d,e,W[80],i;
116
117    /* copy the state into 512-bits into W[0..15] */
118    for (i = 0; i < 16; i++) {
119        LOAD32H(W[i], buf + (4*i));
120    }
121
122    /* copy state */
123    a = sha1->state[0];
124    b = sha1->state[1];
125    c = sha1->state[2];
126    d = sha1->state[3];
127    e = sha1->state[4];
128
129    /* expand it */
130    for (i = 16; i < 80; i++) {
131        W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1);
132    }
133
134    /* compress */
135    /* round one */
136    #define FF_0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30);
137    #define FF_1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30);
138    #define FF_2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30);
139    #define FF_3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30);
140
141    for (i = 0; i < 20; ) {
142       FF_0(a,b,c,d,e,i++);
143       FF_0(e,a,b,c,d,i++);
144       FF_0(d,e,a,b,c,i++);
145       FF_0(c,d,e,a,b,i++);
146       FF_0(b,c,d,e,a,i++);
147    }
148
149    /* round two */
150    for (; i < 40; )  {
151       FF_1(a,b,c,d,e,i++);
152       FF_1(e,a,b,c,d,i++);
153       FF_1(d,e,a,b,c,i++);
154       FF_1(c,d,e,a,b,i++);
155       FF_1(b,c,d,e,a,i++);
156    }
157
158    /* round three */
159    for (; i < 60; )  {
160       FF_2(a,b,c,d,e,i++);
161       FF_2(e,a,b,c,d,i++);
162       FF_2(d,e,a,b,c,i++);
163       FF_2(c,d,e,a,b,i++);
164       FF_2(b,c,d,e,a,i++);
165    }
166
167    /* round four */
168    for (; i < 80; )  {
169       FF_3(a,b,c,d,e,i++);
170       FF_3(e,a,b,c,d,i++);
171       FF_3(d,e,a,b,c,i++);
172       FF_3(c,d,e,a,b,i++);
173       FF_3(b,c,d,e,a,i++);
174    }
175
176    #undef FF_0
177    #undef FF_1
178    #undef FF_2
179    #undef FF_3
180
181    /* store */
182    sha1->state[0] = sha1->state[0] + a;
183    sha1->state[1] = sha1->state[1] + b;
184    sha1->state[2] = sha1->state[2] + c;
185    sha1->state[3] = sha1->state[3] + d;
186    sha1->state[4] = sha1->state[4] + e;
187}
188
189/**
190   Initialize the hash state
191   @param sha1   The hash state you wish to initialize
192*/
193static void
194sha1_init(struct sha1_state *sha1)
195{
196   assert(sha1 != NULL);
197   sha1->state[0] = 0x67452301UL;
198   sha1->state[1] = 0xefcdab89UL;
199   sha1->state[2] = 0x98badcfeUL;
200   sha1->state[3] = 0x10325476UL;
201   sha1->state[4] = 0xc3d2e1f0UL;
202   sha1->curlen = 0;
203   sha1->length = 0;
204}
205
206/**
207   Process a block of memory though the hash
208   @param sha1   The hash state
209   @param in     The data to hash
210   @param inlen  The length of the data (octets)
211*/
212static void
213sha1_process(struct sha1_state *sha1,
214                  const unsigned char *in, Py_ssize_t inlen)
215{
216    Py_ssize_t n;
217
218    assert(sha1 != NULL);
219    assert(in != NULL);
220    assert(sha1->curlen <= sizeof(sha1->buf));
221
222    while (inlen > 0) {
223        if (sha1->curlen == 0 && inlen >= SHA1_BLOCKSIZE) {
224           sha1_compress(sha1, (unsigned char *)in);
225           sha1->length   += SHA1_BLOCKSIZE * 8;
226           in             += SHA1_BLOCKSIZE;
227           inlen          -= SHA1_BLOCKSIZE;
228        } else {
229           n = Py_MIN(inlen, (Py_ssize_t)(SHA1_BLOCKSIZE - sha1->curlen));
230           memcpy(sha1->buf + sha1->curlen, in, (size_t)n);
231           sha1->curlen   += (SHA1_INT32)n;
232           in             += n;
233           inlen          -= n;
234           if (sha1->curlen == SHA1_BLOCKSIZE) {
235              sha1_compress(sha1, sha1->buf);
236              sha1->length += 8*SHA1_BLOCKSIZE;
237              sha1->curlen = 0;
238           }
239       }
240    }
241}
242
243/**
244   Terminate the hash to get the digest
245   @param sha1  The hash state
246   @param out [out] The destination of the hash (20 bytes)
247*/
248static void
249sha1_done(struct sha1_state *sha1, unsigned char *out)
250{
251    int i;
252
253    assert(sha1 != NULL);
254    assert(out != NULL);
255    assert(sha1->curlen < sizeof(sha1->buf));
256
257    /* increase the length of the message */
258    sha1->length += sha1->curlen * 8;
259
260    /* append the '1' bit */
261    sha1->buf[sha1->curlen++] = (unsigned char)0x80;
262
263    /* if the length is currently above 56 bytes we append zeros
264     * then compress.  Then we can fall back to padding zeros and length
265     * encoding like normal.
266     */
267    if (sha1->curlen > 56) {
268        while (sha1->curlen < 64) {
269            sha1->buf[sha1->curlen++] = (unsigned char)0;
270        }
271        sha1_compress(sha1, sha1->buf);
272        sha1->curlen = 0;
273    }
274
275    /* pad up to 56 bytes of zeroes */
276    while (sha1->curlen < 56) {
277        sha1->buf[sha1->curlen++] = (unsigned char)0;
278    }
279
280    /* store length */
281    STORE64H(sha1->length, sha1->buf+56);
282    sha1_compress(sha1, sha1->buf);
283
284    /* copy output */
285    for (i = 0; i < 5; i++) {
286        STORE32H(sha1->state[i], out+(4*i));
287    }
288}
289
290
291/* .Source: /cvs/libtom/libtomcrypt/src/hashes/sha1.c,v $ */
292/* .Revision: 1.10 $ */
293/* .Date: 2007/05/12 14:25:28 $ */
294
295/*
296 * End of copied SHA1 code.
297 *
298 * ------------------------------------------------------------------------
299 */
300
301typedef struct {
302    PyTypeObject* sha1_type;
303} SHA1State;
304
305static inline SHA1State*
306sha1_get_state(PyObject *module)
307{
308    void *state = PyModule_GetState(module);
309    assert(state != NULL);
310    return (SHA1State *)state;
311}
312
313static SHA1object *
314newSHA1object(SHA1State *st)
315{
316    SHA1object *sha = (SHA1object *)PyObject_GC_New(SHA1object, st->sha1_type);
317    PyObject_GC_Track(sha);
318    return sha;
319}
320
321
322/* Internal methods for a hash object */
323static int
324SHA1_traverse(PyObject *ptr, visitproc visit, void *arg)
325{
326    Py_VISIT(Py_TYPE(ptr));
327    return 0;
328}
329
330static void
331SHA1_dealloc(PyObject *ptr)
332{
333    PyTypeObject *tp = Py_TYPE(ptr);
334    PyObject_GC_UnTrack(ptr);
335    PyObject_GC_Del(ptr);
336    Py_DECREF(tp);
337}
338
339
340/* External methods for a hash object */
341
342/*[clinic input]
343SHA1Type.copy
344
345    cls: defining_class
346
347Return a copy of the hash object.
348[clinic start generated code]*/
349
350static PyObject *
351SHA1Type_copy_impl(SHA1object *self, PyTypeObject *cls)
352/*[clinic end generated code: output=b32d4461ce8bc7a7 input=6c22e66fcc34c58e]*/
353{
354    SHA1State *st = PyType_GetModuleState(cls);
355
356    SHA1object *newobj;
357    if ((newobj = newSHA1object(st)) == NULL)
358        return NULL;
359
360    newobj->hash_state = self->hash_state;
361    return (PyObject *)newobj;
362}
363
364/*[clinic input]
365SHA1Type.digest
366
367Return the digest value as a bytes object.
368[clinic start generated code]*/
369
370static PyObject *
371SHA1Type_digest_impl(SHA1object *self)
372/*[clinic end generated code: output=2f05302a7aa2b5cb input=13824b35407444bd]*/
373{
374    unsigned char digest[SHA1_DIGESTSIZE];
375    struct sha1_state temp;
376
377    temp = self->hash_state;
378    sha1_done(&temp, digest);
379    return PyBytes_FromStringAndSize((const char *)digest, SHA1_DIGESTSIZE);
380}
381
382/*[clinic input]
383SHA1Type.hexdigest
384
385Return the digest value as a string of hexadecimal digits.
386[clinic start generated code]*/
387
388static PyObject *
389SHA1Type_hexdigest_impl(SHA1object *self)
390/*[clinic end generated code: output=4161fd71e68c6659 input=97691055c0c74ab0]*/
391{
392    unsigned char digest[SHA1_DIGESTSIZE];
393    struct sha1_state temp;
394
395    /* Get the raw (binary) digest value */
396    temp = self->hash_state;
397    sha1_done(&temp, digest);
398
399    return _Py_strhex((const char *)digest, SHA1_DIGESTSIZE);
400}
401
402/*[clinic input]
403SHA1Type.update
404
405    obj: object
406    /
407
408Update this hash object's state with the provided string.
409[clinic start generated code]*/
410
411static PyObject *
412SHA1Type_update(SHA1object *self, PyObject *obj)
413/*[clinic end generated code: output=d9902f0e5015e9ae input=aad8e07812edbba3]*/
414{
415    Py_buffer buf;
416
417    GET_BUFFER_VIEW_OR_ERROUT(obj, &buf);
418
419    sha1_process(&self->hash_state, buf.buf, buf.len);
420
421    PyBuffer_Release(&buf);
422    Py_RETURN_NONE;
423}
424
425static PyMethodDef SHA1_methods[] = {
426    SHA1TYPE_COPY_METHODDEF
427    SHA1TYPE_DIGEST_METHODDEF
428    SHA1TYPE_HEXDIGEST_METHODDEF
429    SHA1TYPE_UPDATE_METHODDEF
430    {NULL,        NULL}         /* sentinel */
431};
432
433static PyObject *
434SHA1_get_block_size(PyObject *self, void *closure)
435{
436    return PyLong_FromLong(SHA1_BLOCKSIZE);
437}
438
439static PyObject *
440SHA1_get_name(PyObject *self, void *closure)
441{
442    return PyUnicode_FromStringAndSize("sha1", 4);
443}
444
445static PyObject *
446sha1_get_digest_size(PyObject *self, void *closure)
447{
448    return PyLong_FromLong(SHA1_DIGESTSIZE);
449}
450
451static PyGetSetDef SHA1_getseters[] = {
452    {"block_size",
453     (getter)SHA1_get_block_size, NULL,
454     NULL,
455     NULL},
456    {"name",
457     (getter)SHA1_get_name, NULL,
458     NULL,
459     NULL},
460    {"digest_size",
461     (getter)sha1_get_digest_size, NULL,
462     NULL,
463     NULL},
464    {NULL}  /* Sentinel */
465};
466
467static PyType_Slot sha1_type_slots[] = {
468    {Py_tp_dealloc, SHA1_dealloc},
469    {Py_tp_methods, SHA1_methods},
470    {Py_tp_getset, SHA1_getseters},
471    {Py_tp_traverse, SHA1_traverse},
472    {0,0}
473};
474
475static PyType_Spec sha1_type_spec = {
476    .name = "_sha1.sha1",
477    .basicsize =  sizeof(SHA1object),
478    .flags = (Py_TPFLAGS_DEFAULT | Py_TPFLAGS_DISALLOW_INSTANTIATION |
479              Py_TPFLAGS_IMMUTABLETYPE | Py_TPFLAGS_HAVE_GC),
480    .slots = sha1_type_slots
481};
482
483/* The single module-level function: new() */
484
485/*[clinic input]
486_sha1.sha1
487
488    string: object(c_default="NULL") = b''
489    *
490    usedforsecurity: bool = True
491
492Return a new SHA1 hash object; optionally initialized with a string.
493[clinic start generated code]*/
494
495static PyObject *
496_sha1_sha1_impl(PyObject *module, PyObject *string, int usedforsecurity)
497/*[clinic end generated code: output=6f8b3af05126e18e input=bd54b68e2bf36a8a]*/
498{
499    SHA1object *new;
500    Py_buffer buf;
501
502    if (string)
503        GET_BUFFER_VIEW_OR_ERROUT(string, &buf);
504
505    SHA1State *st = sha1_get_state(module);
506    if ((new = newSHA1object(st)) == NULL) {
507        if (string)
508            PyBuffer_Release(&buf);
509        return NULL;
510    }
511
512    sha1_init(&new->hash_state);
513
514    if (PyErr_Occurred()) {
515        Py_DECREF(new);
516        if (string)
517            PyBuffer_Release(&buf);
518        return NULL;
519    }
520    if (string) {
521        sha1_process(&new->hash_state, buf.buf, buf.len);
522        PyBuffer_Release(&buf);
523    }
524
525    return (PyObject *)new;
526}
527
528
529/* List of functions exported by this module */
530
531static struct PyMethodDef SHA1_functions[] = {
532    _SHA1_SHA1_METHODDEF
533    {NULL,      NULL}            /* Sentinel */
534};
535
536static int
537_sha1_traverse(PyObject *module, visitproc visit, void *arg)
538{
539    SHA1State *state = sha1_get_state(module);
540    Py_VISIT(state->sha1_type);
541    return 0;
542}
543
544static int
545_sha1_clear(PyObject *module)
546{
547    SHA1State *state = sha1_get_state(module);
548    Py_CLEAR(state->sha1_type);
549    return 0;
550}
551
552static void
553_sha1_free(void *module)
554{
555    _sha1_clear((PyObject *)module);
556}
557
558static int
559_sha1_exec(PyObject *module)
560{
561    SHA1State* st = sha1_get_state(module);
562
563    st->sha1_type = (PyTypeObject *)PyType_FromModuleAndSpec(
564        module, &sha1_type_spec, NULL);
565
566    if (st->sha1_type == NULL) {
567        return -1;
568    }
569
570    Py_INCREF(st->sha1_type);
571    if (PyModule_AddObject(module,
572                           "SHA1Type",
573                           (PyObject *)st->sha1_type) < 0) {
574        Py_DECREF(st->sha1_type);
575        return -1;
576    }
577
578    return 0;
579}
580
581
582/* Initialize this module. */
583
584static PyModuleDef_Slot _sha1_slots[] = {
585    {Py_mod_exec, _sha1_exec},
586    {0, NULL}
587};
588
589static struct PyModuleDef _sha1module = {
590        PyModuleDef_HEAD_INIT,
591        .m_name = "_sha1",
592        .m_size = sizeof(SHA1State),
593        .m_methods = SHA1_functions,
594        .m_slots = _sha1_slots,
595        .m_traverse = _sha1_traverse,
596        .m_clear = _sha1_clear,
597        .m_free = _sha1_free
598};
599
600PyMODINIT_FUNC
601PyInit__sha1(void)
602{
603    return PyModuleDef_Init(&_sha1module);
604}
605