30
* Paul E. Jones <paulej@arid.us>
33
*****************************************************************************
34
* $Id: sha1.c,v 1.2 2004/03/27 18:00:33 paulej Exp $
35
*****************************************************************************
38
* This file implements the Secure Hashing Standard as defined
39
* in FIPS PUB 180-1 published April 17, 1995.
41
* The Secure Hashing Standard, which uses the Secure Hashing
42
* Algorithm (SHA), produces a 160-bit message digest for a
43
* given data stream. In theory, it is highly improbable that
44
* two messages will produce the same message digest. Therefore,
45
* this algorithm can serve as a means of providing a "fingerprint"
49
* SHA-1 is defined in terms of 32-bit "words". This code was
50
* written with the expectation that the processor has at least
51
* a 32-bit machine word size. If the machine word size is larger,
52
* the code should still function properly. One caveat to that
53
* is that the input functions taking characters and character
54
* arrays assume that only 8 bits of information are stored in each
58
* SHA-1 is designed to work with messages less than 2^64 bits
59
* long. Although SHA-1 allows a message digest to be generated for
60
* messages of any number of bits less than 2^64, this
61
* implementation only works with messages with a length that is a
62
* multiple of the size of an 8-bit character.
71
* Define the circular shift macro
73
#define SHA1CircularShift(bits,word) \
74
((((word) << (bits)) & 0xFFFFFFFF) | \
75
((word) >> (32-(bits))))
77
/* Function prototypes */
78
void SHA1ProcessMessageBlock(SHA1Context *);
79
void SHA1PadMessage(SHA1Context *);
85
* This function will initialize the SHA1Context in preparation
86
* for computing a new message digest.
90
* The context to reset.
98
void SHA1Reset(SHA1Context *context)
100
context->Length_Low = 0;
101
context->Length_High = 0;
102
context->Message_Block_Index = 0;
104
context->Message_Digest[0] = 0x67452301;
105
context->Message_Digest[1] = 0xEFCDAB89;
106
context->Message_Digest[2] = 0x98BADCFE;
107
context->Message_Digest[3] = 0x10325476;
108
context->Message_Digest[4] = 0xC3D2E1F0;
110
context->Computed = 0;
111
context->Corrupted = 0;
118
* This function will return the 160-bit message digest into the
119
* Message_Digest array within the SHA1Context provided
123
* The context to use to calculate the SHA-1 hash.
126
* 1 if successful, 0 if it failed.
131
int SHA1Result(SHA1Context *context)
134
if (context->Corrupted)
139
if (!context->Computed)
141
SHA1PadMessage(context);
142
context->Computed = 1;
152
* This function accepts an array of octets as the next portion of
157
* The SHA-1 context to update
158
* message_array: [in]
159
* An array of characters representing the next portion of the
162
* The length of the message in message_array
170
void SHA1Input(SHA1Context *context,
171
const unsigned char *message_array,
179
if (context->Computed || context->Corrupted)
181
context->Corrupted = 1;
185
while(length-- && !context->Corrupted)
187
context->Message_Block[context->Message_Block_Index++] =
188
(*message_array & 0xFF);
190
context->Length_Low += 8;
191
/* Force it to 32 bits */
192
context->Length_Low &= 0xFFFFFFFF;
193
if (context->Length_Low == 0)
195
context->Length_High++;
196
/* Force it to 32 bits */
197
context->Length_High &= 0xFFFFFFFF;
198
if (context->Length_High == 0)
200
/* Message is too long */
201
context->Corrupted = 1;
205
if (context->Message_Block_Index == 64)
207
SHA1ProcessMessageBlock(context);
215
* SHA1ProcessMessageBlock
218
* This function will process the next 512 bits of the message
219
* stored in the Message_Block array.
228
* Many of the variable names in the SHAContext, especially the
229
* single character names, were used because those were the names
230
* used in the publication.
234
void SHA1ProcessMessageBlock(SHA1Context *context)
236
const unsigned K[] = /* Constants defined in SHA-1 */
243
int t; /* Loop counter */
244
unsigned temp; /* Temporary word value */
245
unsigned W[80]; /* Word sequence */
246
unsigned A, B, C, D, E; /* Word buffers */
249
* Initialize the first 16 words in the array W
251
for(t = 0; t < 16; t++)
253
W[t] = ((unsigned) context->Message_Block[t * 4]) << 24;
254
W[t] |= ((unsigned) context->Message_Block[t * 4 + 1]) << 16;
255
W[t] |= ((unsigned) context->Message_Block[t * 4 + 2]) << 8;
256
W[t] |= ((unsigned) context->Message_Block[t * 4 + 3]);
259
for(t = 16; t < 80; t++)
261
W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
264
A = context->Message_Digest[0];
265
B = context->Message_Digest[1];
266
C = context->Message_Digest[2];
267
D = context->Message_Digest[3];
268
E = context->Message_Digest[4];
270
for(t = 0; t < 20; t++)
272
temp = SHA1CircularShift(5,A) +
273
((B & C) | ((~B) & D)) + E + W[t] + K[0];
277
C = SHA1CircularShift(30,B);
282
for(t = 20; t < 40; t++)
284
temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
288
C = SHA1CircularShift(30,B);
293
for(t = 40; t < 60; t++)
295
temp = SHA1CircularShift(5,A) +
296
((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
300
C = SHA1CircularShift(30,B);
305
for(t = 60; t < 80; t++)
307
temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
311
C = SHA1CircularShift(30,B);
316
context->Message_Digest[0] =
317
(context->Message_Digest[0] + A) & 0xFFFFFFFF;
318
context->Message_Digest[1] =
319
(context->Message_Digest[1] + B) & 0xFFFFFFFF;
320
context->Message_Digest[2] =
321
(context->Message_Digest[2] + C) & 0xFFFFFFFF;
322
context->Message_Digest[3] =
323
(context->Message_Digest[3] + D) & 0xFFFFFFFF;
324
context->Message_Digest[4] =
325
(context->Message_Digest[4] + E) & 0xFFFFFFFF;
327
context->Message_Block_Index = 0;
334
* According to the standard, the message must be padded to an even
335
* 512 bits. The first padding bit must be a '1'. The last 64
336
* bits represent the length of the original message. All bits in
337
* between should be 0. This function will pad the message
338
* according to those rules by filling the Message_Block array
339
* accordingly. It will also call SHA1ProcessMessageBlock()
340
* appropriately. When it returns, it can be assumed that the
341
* message digest has been computed.
353
void SHA1PadMessage(SHA1Context *context)
356
* Check to see if the current message block is too small to hold
357
* the initial padding bits and length. If so, we will pad the
358
* block, process it, and then continue padding into a second
361
if (context->Message_Block_Index > 55)
363
context->Message_Block[context->Message_Block_Index++] = 0x80;
364
while(context->Message_Block_Index < 64)
366
context->Message_Block[context->Message_Block_Index++] = 0;
369
SHA1ProcessMessageBlock(context);
371
while(context->Message_Block_Index < 56)
373
context->Message_Block[context->Message_Block_Index++] = 0;
378
context->Message_Block[context->Message_Block_Index++] = 0x80;
379
while(context->Message_Block_Index < 56)
381
context->Message_Block[context->Message_Block_Index++] = 0;
386
* Store the message length as the last 8 octets
388
context->Message_Block[56] = (context->Length_High >> 24) & 0xFF;
389
context->Message_Block[57] = (context->Length_High >> 16) & 0xFF;
390
context->Message_Block[58] = (context->Length_High >> 8) & 0xFF;
391
context->Message_Block[59] = (context->Length_High) & 0xFF;
392
context->Message_Block[60] = (context->Length_Low >> 24) & 0xFF;
393
context->Message_Block[61] = (context->Length_Low >> 16) & 0xFF;
394
context->Message_Block[62] = (context->Length_Low >> 8) & 0xFF;
395
context->Message_Block[63] = (context->Length_Low) & 0xFF;
397
SHA1ProcessMessageBlock(context);
30
* Paul E. Jones <paulej@arid.us>
33
*****************************************************************************
34
* $Id: sha1.c,v 1.2 2004/03/27 18:00:33 paulej Exp $
35
*****************************************************************************
38
* This file implements the Secure Hashing Standard as defined
39
* in FIPS PUB 180-1 published April 17, 1995.
41
* The Secure Hashing Standard, which uses the Secure Hashing
42
* Algorithm (SHA), produces a 160-bit message digest for a
43
* given data stream. In theory, it is highly improbable that
44
* two messages will produce the same message digest. Therefore,
45
* this algorithm can serve as a means of providing a "fingerprint"
49
* SHA-1 is defined in terms of 32-bit "words". This code was
50
* written with the expectation that the processor has at least
51
* a 32-bit machine word size. If the machine word size is larger,
52
* the code should still function properly. One caveat to that
53
* is that the input functions taking characters and character
54
* arrays assume that only 8 bits of information are stored in each
58
* SHA-1 is designed to work with messages less than 2^64 bits
59
* long. Although SHA-1 allows a message digest to be generated for
60
* messages of any number of bits less than 2^64, this
61
* implementation only works with messages with a length that is a
62
* multiple of the size of an 8-bit character.
71
* Define the circular shift macro
73
#define SHA1CircularShift(bits,word) \
74
((((word) << (bits)) & 0xFFFFFFFF) | \
75
((word) >> (32-(bits))))
77
/* Function prototypes */
78
void SHA1ProcessMessageBlock(SHA1Context *);
79
void SHA1PadMessage(SHA1Context *);
85
* This function will initialize the SHA1Context in preparation
86
* for computing a new message digest.
90
* The context to reset.
98
void SHA1Reset(SHA1Context *context)
100
context->Length_Low = 0;
101
context->Length_High = 0;
102
context->Message_Block_Index = 0;
104
context->Message_Digest[0] = 0x67452301;
105
context->Message_Digest[1] = 0xEFCDAB89;
106
context->Message_Digest[2] = 0x98BADCFE;
107
context->Message_Digest[3] = 0x10325476;
108
context->Message_Digest[4] = 0xC3D2E1F0;
110
context->Computed = 0;
111
context->Corrupted = 0;
118
* This function will return the 160-bit message digest into the
119
* Message_Digest array within the SHA1Context provided
123
* The context to use to calculate the SHA-1 hash.
126
* 1 if successful, 0 if it failed.
131
int SHA1Result(SHA1Context *context)
134
if (context->Corrupted)
139
if (!context->Computed)
141
SHA1PadMessage(context);
142
context->Computed = 1;
152
* This function accepts an array of octets as the next portion of
157
* The SHA-1 context to update
158
* message_array: [in]
159
* An array of characters representing the next portion of the
162
* The length of the message in message_array
170
void SHA1Input(SHA1Context *context,
171
const unsigned char *message_array,
179
if (context->Computed || context->Corrupted)
181
context->Corrupted = 1;
185
while(length-- && !context->Corrupted)
187
context->Message_Block[context->Message_Block_Index++] =
188
(*message_array & 0xFF);
190
context->Length_Low += 8;
191
/* Force it to 32 bits */
192
context->Length_Low &= 0xFFFFFFFF;
193
if (context->Length_Low == 0)
195
context->Length_High++;
196
/* Force it to 32 bits */
197
context->Length_High &= 0xFFFFFFFF;
198
if (context->Length_High == 0)
200
/* Message is too long */
201
context->Corrupted = 1;
205
if (context->Message_Block_Index == 64)
207
SHA1ProcessMessageBlock(context);
215
* SHA1ProcessMessageBlock
218
* This function will process the next 512 bits of the message
219
* stored in the Message_Block array.
228
* Many of the variable names in the SHAContext, especially the
229
* single character names, were used because those were the names
230
* used in the publication.
234
void SHA1ProcessMessageBlock(SHA1Context *context)
236
const unsigned K[] = /* Constants defined in SHA-1 */
243
int t; /* Loop counter */
244
unsigned temp; /* Temporary word value */
245
unsigned W[80]; /* Word sequence */
246
unsigned A, B, C, D, E; /* Word buffers */
249
* Initialize the first 16 words in the array W
251
for(t = 0; t < 16; t++)
253
W[t] = ((unsigned) context->Message_Block[t * 4]) << 24;
254
W[t] |= ((unsigned) context->Message_Block[t * 4 + 1]) << 16;
255
W[t] |= ((unsigned) context->Message_Block[t * 4 + 2]) << 8;
256
W[t] |= ((unsigned) context->Message_Block[t * 4 + 3]);
259
for(t = 16; t < 80; t++)
261
W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
264
A = context->Message_Digest[0];
265
B = context->Message_Digest[1];
266
C = context->Message_Digest[2];
267
D = context->Message_Digest[3];
268
E = context->Message_Digest[4];
270
for(t = 0; t < 20; t++)
272
temp = SHA1CircularShift(5,A) +
273
((B & C) | ((~B) & D)) + E + W[t] + K[0];
277
C = SHA1CircularShift(30,B);
282
for(t = 20; t < 40; t++)
284
temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
288
C = SHA1CircularShift(30,B);
293
for(t = 40; t < 60; t++)
295
temp = SHA1CircularShift(5,A) +
296
((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
300
C = SHA1CircularShift(30,B);
305
for(t = 60; t < 80; t++)
307
temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
311
C = SHA1CircularShift(30,B);
316
context->Message_Digest[0] =
317
(context->Message_Digest[0] + A) & 0xFFFFFFFF;
318
context->Message_Digest[1] =
319
(context->Message_Digest[1] + B) & 0xFFFFFFFF;
320
context->Message_Digest[2] =
321
(context->Message_Digest[2] + C) & 0xFFFFFFFF;
322
context->Message_Digest[3] =
323
(context->Message_Digest[3] + D) & 0xFFFFFFFF;
324
context->Message_Digest[4] =
325
(context->Message_Digest[4] + E) & 0xFFFFFFFF;
327
context->Message_Block_Index = 0;
334
* According to the standard, the message must be padded to an even
335
* 512 bits. The first padding bit must be a '1'. The last 64
336
* bits represent the length of the original message. All bits in
337
* between should be 0. This function will pad the message
338
* according to those rules by filling the Message_Block array
339
* accordingly. It will also call SHA1ProcessMessageBlock()
340
* appropriately. When it returns, it can be assumed that the
341
* message digest has been computed.
353
void SHA1PadMessage(SHA1Context *context)
356
* Check to see if the current message block is too small to hold
357
* the initial padding bits and length. If so, we will pad the
358
* block, process it, and then continue padding into a second
361
if (context->Message_Block_Index > 55)
363
context->Message_Block[context->Message_Block_Index++] = 0x80;
364
while(context->Message_Block_Index < 64)
366
context->Message_Block[context->Message_Block_Index++] = 0;
369
SHA1ProcessMessageBlock(context);
371
while(context->Message_Block_Index < 56)
373
context->Message_Block[context->Message_Block_Index++] = 0;
378
context->Message_Block[context->Message_Block_Index++] = 0x80;
379
while(context->Message_Block_Index < 56)
381
context->Message_Block[context->Message_Block_Index++] = 0;
386
* Store the message length as the last 8 octets
388
context->Message_Block[56] = (context->Length_High >> 24) & 0xFF;
389
context->Message_Block[57] = (context->Length_High >> 16) & 0xFF;
390
context->Message_Block[58] = (context->Length_High >> 8) & 0xFF;
391
context->Message_Block[59] = (context->Length_High) & 0xFF;
392
context->Message_Block[60] = (context->Length_Low >> 24) & 0xFF;
393
context->Message_Block[61] = (context->Length_Low >> 16) & 0xFF;
394
context->Message_Block[62] = (context->Length_Low >> 8) & 0xFF;
395
context->Message_Block[63] = (context->Length_Low) & 0xFF;
397
SHA1ProcessMessageBlock(context);