| //===- FuzzerSHA1.h - Private copy of the SHA1 implementation ---*- C++ -* ===// |
| // |
| // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. |
| // See https://llvm.org/LICENSE.txt for license information. |
| // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception |
| // |
| //===----------------------------------------------------------------------===// |
| // This code is taken from public domain |
| // (http://oauth.googlecode.com/svn/code/c/liboauth/src/sha1.c) |
| // and modified by adding anonymous namespace, adding an interface |
| // function fuzzer::ComputeSHA1() and removing unnecessary code. |
| // |
| // lib/Fuzzer can not use SHA1 implementation from openssl because |
| // openssl may not be available and because we may be fuzzing openssl itself. |
| // For the same reason we do not want to depend on SHA1 from LLVM tree. |
| //===----------------------------------------------------------------------===// |
| |
| #include "FuzzerSHA1.h" |
| #include "FuzzerDefs.h" |
| #include "FuzzerPlatform.h" |
| |
| /* This code is public-domain - it is based on libcrypt |
| * placed in the public domain by Wei Dai and other contributors. |
| */ |
| |
| #include <iomanip> |
| #include <sstream> |
| #include <stdint.h> |
| #include <string.h> |
| |
| namespace { // Added for LibFuzzer |
| |
| #ifdef __BIG_ENDIAN__ |
| # define SHA_BIG_ENDIAN |
| // Windows is always little endian and MSVC doesn't have <endian.h> |
| #elif defined __LITTLE_ENDIAN__ || LIBFUZZER_WINDOWS |
| /* override */ |
| #elif defined __BYTE_ORDER |
| # if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ |
| # define SHA_BIG_ENDIAN |
| # endif |
| #else // ! defined __LITTLE_ENDIAN__ |
| # include <endian.h> // machine/endian.h |
| # if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ |
| # define SHA_BIG_ENDIAN |
| # endif |
| #endif |
| |
| |
| /* header */ |
| |
| #define HASH_LENGTH 20 |
| #define BLOCK_LENGTH 64 |
| |
| typedef struct sha1nfo { |
| uint32_t buffer[BLOCK_LENGTH/4]; |
| uint32_t state[HASH_LENGTH/4]; |
| uint32_t byteCount; |
| uint8_t bufferOffset; |
| uint8_t keyBuffer[BLOCK_LENGTH]; |
| uint8_t innerHash[HASH_LENGTH]; |
| } sha1nfo; |
| |
| /* public API - prototypes - TODO: doxygen*/ |
| |
| /** |
| */ |
| void sha1_init(sha1nfo *s); |
| /** |
| */ |
| void sha1_writebyte(sha1nfo *s, uint8_t data); |
| /** |
| */ |
| void sha1_write(sha1nfo *s, const char *data, size_t len); |
| /** |
| */ |
| uint8_t* sha1_result(sha1nfo *s); |
| |
| |
| /* code */ |
| #define SHA1_K0 0x5a827999 |
| #define SHA1_K20 0x6ed9eba1 |
| #define SHA1_K40 0x8f1bbcdc |
| #define SHA1_K60 0xca62c1d6 |
| |
| void sha1_init(sha1nfo *s) { |
| s->state[0] = 0x67452301; |
| s->state[1] = 0xefcdab89; |
| s->state[2] = 0x98badcfe; |
| s->state[3] = 0x10325476; |
| s->state[4] = 0xc3d2e1f0; |
| s->byteCount = 0; |
| s->bufferOffset = 0; |
| } |
| |
| uint32_t sha1_rol32(uint32_t number, uint8_t bits) { |
| return ((number << bits) | (number >> (32-bits))); |
| } |
| |
| void sha1_hashBlock(sha1nfo *s) { |
| uint8_t i; |
| uint32_t a,b,c,d,e,t; |
| |
| a=s->state[0]; |
| b=s->state[1]; |
| c=s->state[2]; |
| d=s->state[3]; |
| e=s->state[4]; |
| for (i=0; i<80; i++) { |
| if (i>=16) { |
| t = s->buffer[(i+13)&15] ^ s->buffer[(i+8)&15] ^ s->buffer[(i+2)&15] ^ s->buffer[i&15]; |
| s->buffer[i&15] = sha1_rol32(t,1); |
| } |
| if (i<20) { |
| t = (d ^ (b & (c ^ d))) + SHA1_K0; |
| } else if (i<40) { |
| t = (b ^ c ^ d) + SHA1_K20; |
| } else if (i<60) { |
| t = ((b & c) | (d & (b | c))) + SHA1_K40; |
| } else { |
| t = (b ^ c ^ d) + SHA1_K60; |
| } |
| t+=sha1_rol32(a,5) + e + s->buffer[i&15]; |
| e=d; |
| d=c; |
| c=sha1_rol32(b,30); |
| b=a; |
| a=t; |
| } |
| s->state[0] += a; |
| s->state[1] += b; |
| s->state[2] += c; |
| s->state[3] += d; |
| s->state[4] += e; |
| } |
| |
| // Adds the least significant byte of |data|. |
| void sha1_addUncounted(sha1nfo *s, uint32_t data) { |
| uint8_t *const b = (uint8_t *)s->buffer; |
| #ifdef SHA_BIG_ENDIAN |
| b[s->bufferOffset] = static_cast<uint8_t>(data); |
| #else |
| b[s->bufferOffset ^ 3] = static_cast<uint8_t>(data); |
| #endif |
| s->bufferOffset++; |
| if (s->bufferOffset == BLOCK_LENGTH) { |
| sha1_hashBlock(s); |
| s->bufferOffset = 0; |
| } |
| } |
| |
| void sha1_writebyte(sha1nfo *s, uint8_t data) { |
| ++s->byteCount; |
| sha1_addUncounted(s, data); |
| } |
| |
| void sha1_write(sha1nfo *s, const char *data, size_t len) { |
| for (;len--;) sha1_writebyte(s, (uint8_t) *data++); |
| } |
| |
| void sha1_pad(sha1nfo *s) { |
| // Implement SHA-1 padding (fips180-2 ยง5.1.1) |
| |
| // Pad with 0x80 followed by 0x00 until the end of the block |
| sha1_addUncounted(s, 0x80); |
| while (s->bufferOffset != 56) sha1_addUncounted(s, 0x00); |
| |
| // Append length in the last 8 bytes |
| sha1_addUncounted(s, 0); // We're only using 32 bit lengths |
| sha1_addUncounted(s, 0); // But SHA-1 supports 64 bit lengths |
| sha1_addUncounted(s, 0); // So zero pad the top bits |
| sha1_addUncounted(s, s->byteCount >> 29); // Shifting to multiply by 8 |
| sha1_addUncounted(s, s->byteCount >> 21); // as SHA-1 supports bitstreams as well as |
| sha1_addUncounted(s, s->byteCount >> 13); // byte. |
| sha1_addUncounted(s, s->byteCount >> 5); |
| sha1_addUncounted(s, s->byteCount << 3); |
| } |
| |
| uint8_t* sha1_result(sha1nfo *s) { |
| // Pad to complete the last block |
| sha1_pad(s); |
| |
| #ifndef SHA_BIG_ENDIAN |
| // Swap byte order back |
| int i; |
| for (i=0; i<5; i++) { |
| s->state[i]= |
| (((s->state[i])<<24)& 0xff000000) |
| | (((s->state[i])<<8) & 0x00ff0000) |
| | (((s->state[i])>>8) & 0x0000ff00) |
| | (((s->state[i])>>24)& 0x000000ff); |
| } |
| #endif |
| |
| // Return pointer to hash (20 characters) |
| return (uint8_t*) s->state; |
| } |
| |
| } // namespace; Added for LibFuzzer |
| |
| namespace fuzzer { |
| |
| // The rest is added for LibFuzzer |
| void ComputeSHA1(const uint8_t *Data, size_t Len, uint8_t *Out) { |
| sha1nfo s; |
| sha1_init(&s); |
| sha1_write(&s, (const char*)Data, Len); |
| memcpy(Out, sha1_result(&s), HASH_LENGTH); |
| } |
| |
| std::string Sha1ToString(const uint8_t Sha1[kSHA1NumBytes]) { |
| std::stringstream SS; |
| for (int i = 0; i < kSHA1NumBytes; i++) |
| SS << std::hex << std::setfill('0') << std::setw(2) << (unsigned)Sha1[i]; |
| return SS.str(); |
| } |
| |
| std::string Hash(const Unit &U) { |
| uint8_t Hash[kSHA1NumBytes]; |
| ComputeSHA1(U.data(), U.size(), Hash); |
| return Sha1ToString(Hash); |
| } |
| |
| } |