| 1 | /* |
| 2 | * SHA core transform algorithm, used here solely as a `stirring' |
| 3 | * function for the PuTTY random number pool. Implemented directly |
| 4 | * from the specification by Simon Tatham. |
| 5 | */ |
| 6 | |
| 7 | #include "ssh.h" |
| 8 | |
| 9 | #define rol(x,y) ( ((x) << (y)) | (((word32)x) >> (32-y)) ) |
| 10 | |
| 11 | void SHATransform(word32 *digest, word32 *block) { |
| 12 | word32 w[80]; |
| 13 | word32 a,b,c,d,e; |
| 14 | int t; |
| 15 | |
| 16 | for (t = 0; t < 16; t++) |
| 17 | w[t] = block[t]; |
| 18 | |
| 19 | for (t = 16; t < 80; t++) { |
| 20 | word32 tmp = w[t-3] ^ w[t-8] ^ w[t-14] ^ w[t-16]; |
| 21 | w[t] = rol(tmp, 1); |
| 22 | } |
| 23 | |
| 24 | a = digest[0]; |
| 25 | b = digest[1]; |
| 26 | c = digest[2]; |
| 27 | d = digest[3]; |
| 28 | e = digest[4]; |
| 29 | |
| 30 | for (t = 0; t < 20; t++) { |
| 31 | word32 tmp = rol(a, 5) + ( (b&c) | (d&~b) ) + e + w[t] + 0x5a827999; |
| 32 | e = d; d = c; c = rol(b, 30); b = a; a = tmp; |
| 33 | } |
| 34 | for (t = 20; t < 40; t++) { |
| 35 | word32 tmp = rol(a, 5) + (b^c^d) + e + w[t] + 0x6ed9eba1; |
| 36 | e = d; d = c; c = rol(b, 30); b = a; a = tmp; |
| 37 | } |
| 38 | for (t = 40; t < 60; t++) { |
| 39 | word32 tmp = rol(a, 5) + ( (b&c) | (b&d) | (c&d) ) + e + w[t] + 0x8f1bbcdc; |
| 40 | e = d; d = c; c = rol(b, 30); b = a; a = tmp; |
| 41 | } |
| 42 | for (t = 60; t < 80; t++) { |
| 43 | word32 tmp = rol(a, 5) + (b^c^d) + e + w[t] + 0xca62c1d6; |
| 44 | e = d; d = c; c = rol(b, 30); b = a; a = tmp; |
| 45 | } |
| 46 | |
| 47 | digest[0] += a; |
| 48 | digest[1] += b; |
| 49 | digest[2] += c; |
| 50 | digest[3] += d; |
| 51 | digest[4] += e; |
| 52 | } |