1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // Package sha1 implements the SHA-1 hash algorithm as defined in RFC 3174.
7 // SHA-1 is cryptographically broken and should not be used for secure
17 crypto.RegisterHash(crypto.SHA1, New)
20 // The size of a SHA-1 checksum in bytes.
23 // The blocksize of SHA-1 in bytes.
35 // digest represents the partial evaluation of a checksum.
43 func (d *digest) Reset() {
53 // New returns a new hash.Hash computing the SHA1 checksum.
54 func New() hash.Hash {
56 return boringNewSHA1()
63 func (d *digest) Size() int { return Size }
65 func (d *digest) BlockSize() int { return BlockSize }
67 func (d *digest) Write(p []byte) (nn int, err error) {
72 n := copy(d.x[d.nx:], p)
81 n := len(p) &^ (chunk - 1)
86 d.nx = copy(d.x[:], p)
91 func (d0 *digest) Sum(in []byte) []byte {
93 // Make a copy of d0 so that caller can keep writing and summing.
96 return append(in, hash[:]...)
99 func (d *digest) checkSum() [Size]byte {
101 // Padding. Add a 1 bit and 0 bits until 56 bytes mod 64.
105 d.Write(tmp[0 : 56-len%64])
107 d.Write(tmp[0 : 64+56-len%64])
112 for i := uint(0); i < 8; i++ {
113 tmp[i] = byte(len >> (56 - 8*i))
121 var digest [Size]byte
122 for i, s := range d.h {
123 digest[i*4] = byte(s >> 24)
124 digest[i*4+1] = byte(s >> 16)
125 digest[i*4+2] = byte(s >> 8)
126 digest[i*4+3] = byte(s)
132 // ConstantTimeSum computes the same result of Sum() but in constant time
133 func (d0 *digest) ConstantTimeSum(in []byte) []byte {
136 return append(in, hash[:]...)
139 func (d *digest) constSum() [Size]byte {
142 for i := uint(0); i < 8; i++ {
143 length[i] = byte(l >> (56 - 8*i))
147 t := nx - 56 // if nx < 56 then the MSB of t is one
148 mask1b := byte(int8(t) >> 7) // mask1b is 0xFF iff one block is enough
150 separator := byte(0x80) // gets reset to 0x00 once used
151 for i := byte(0); i < chunk; i++ {
152 mask := byte(int8(i-nx) >> 7) // 0x00 after the end of data
154 // if we reached the end of the data, replace with 0x80 or 0x00
155 d.x[i] = (^mask & separator) | (mask & d.x[i])
157 // zero the separator once used
161 // we might have to write the length here if all fit in one block
162 d.x[i] |= mask1b & length[i-56]
166 // compress, and only keep the digest if all fit in one block
169 var digest [Size]byte
170 for i, s := range d.h {
171 digest[i*4] = mask1b & byte(s>>24)
172 digest[i*4+1] = mask1b & byte(s>>16)
173 digest[i*4+2] = mask1b & byte(s>>8)
174 digest[i*4+3] = mask1b & byte(s)
177 for i := byte(0); i < chunk; i++ {
178 // second block, it's always past the end of data, might start with 0x80
183 d.x[i] = length[i-56]
187 // compress, and only keep the digest if we actually needed the second block
190 for i, s := range d.h {
191 digest[i*4] |= ^mask1b & byte(s>>24)
192 digest[i*4+1] |= ^mask1b & byte(s>>16)
193 digest[i*4+2] |= ^mask1b & byte(s>>8)
194 digest[i*4+3] |= ^mask1b & byte(s)
200 // Sum returns the SHA-1 checksum of the data.
201 func Sum(data []byte) [Size]byte {