7
By Steve Reid <sreid@sea-to-sky.net>
10
changelog at the end of the file.
13
#include "libtorrent/pch.hpp"
18
// if you don't want boost
20
// #include <stdint.h>
22
#include <boost/cstdint.hpp>
23
using boost::uint32_t;
26
#include "libtorrent/config.hpp"
28
struct TORRENT_EXPORT SHA_CTX
35
TORRENT_EXPORT void SHA1_Init(SHA_CTX* context);
36
TORRENT_EXPORT void SHA1_Update(SHA_CTX* context, uint8_t const* data, uint32_t len);
37
TORRENT_EXPORT void SHA1_Final(uint8_t* digest, SHA_CTX* context);
47
#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
49
// blk0() and blk() perform the initial expand.
50
// I got the idea of expanding during the round function from SSLeay
51
struct little_endian_blk0
53
static uint32_t apply(CHAR64LONG16* block, int i)
55
return block->l[i] = (rol(block->l[i],24)&0xFF00FF00)
56
| (rol(block->l[i],8)&0x00FF00FF);
60
struct big_endian_blk0
62
static uint32_t apply(CHAR64LONG16* block, int i)
69
#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
70
^block->l[(i+2)&15]^block->l[i&15],1))
72
// (R0+R1), R2, R3, R4 are the different operations used in SHA1
73
#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+BlkFun::apply(block, i)+0x5A827999+rol(v,5);w=rol(w,30);
74
#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
75
#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
76
#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
77
#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
79
// Hash a single 512-bit block. This is the core of the algorithm.
80
template <class BlkFun>
81
void SHA1Transform(uint32_t state[5], uint8_t const buffer[64])
84
uint32_t a, b, c, d, e;
87
uint8_t workspace[64];
88
block = (CHAR64LONG16*)workspace;
89
memcpy(block, buffer, 64);
91
// Copy context->state[] to working vars
97
// 4 rounds of 20 operations each. Loop unrolled.
98
R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
99
R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
100
R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
101
R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
102
R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
103
R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
104
R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
105
R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
106
R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
107
R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
108
R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
109
R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
110
R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
111
R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
112
R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
113
R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
114
R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
115
R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
116
R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
117
R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
118
// Add the working vars back into context.state[]
125
a = b = c = d = e = 0;
128
void SHAPrintContext(SHA_CTX *context, char *msg)
131
printf("%s (%d,%d) %x %x %x %x %x\n"
132
, msg, context->count[0], context->count[1]
133
, context->state[0], context->state[1]
134
, context->state[2], context->state[3]
135
, context->state[4]);
138
template <class BlkFun>
139
void internal_update(SHA_CTX* context, uint8_t const* data, uint32_t len)
142
uint32_t i, j; // JHB
145
SHAPrintContext(context, "before");
147
j = (context->count[0] >> 3) & 63;
148
if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++;
149
context->count[1] += (len >> 29);
152
memcpy(&context->buffer[j], data, (i = 64-j));
153
SHA1Transform<BlkFun>(context->state, context->buffer);
154
for ( ; i + 63 < len; i += 64)
156
SHA1Transform<BlkFun>(context->state, &data[i]);
164
memcpy(&context->buffer[j], &data[i], len - i);
166
SHAPrintContext(context, "after ");
173
return *reinterpret_cast<uint8_t*>(&test) == 0;
177
// SHA1Init - Initialize new context
179
void SHA1_Init(SHA_CTX* context)
181
// SHA1 initialization constants
182
context->state[0] = 0x67452301;
183
context->state[1] = 0xEFCDAB89;
184
context->state[2] = 0x98BADCFE;
185
context->state[3] = 0x10325476;
186
context->state[4] = 0xC3D2E1F0;
187
context->count[0] = context->count[1] = 0;
191
// Run your data through this.
193
void SHA1_Update(SHA_CTX* context, uint8_t const* data, uint32_t len)
195
#if defined __BIG_ENDIAN__
196
internal_update<big_endian_blk0>(context, data, len);
197
#elif defined LITTLE_ENDIAN
198
internal_update<little_endian_blk0>(context, data, len);
200
// select different functions depending on endianess
201
// and figure out the endianess runtime
203
internal_update<big_endian_blk0>(context, data, len);
205
internal_update<little_endian_blk0>(context, data, len);
210
// Add padding and return the message digest.
212
void SHA1_Final(uint8_t* digest, SHA_CTX* context)
214
uint8_t finalcount[8];
216
for (uint32_t i = 0; i < 8; ++i)
218
// Endian independent
219
finalcount[i] = static_cast<uint8_t>(
220
(context->count[(i >= 4 ? 0 : 1)]
221
>> ((3-(i & 3)) * 8) ) & 255);
224
SHA1_Update(context, (uint8_t const*)"\200", 1);
225
while ((context->count[0] & 504) != 448)
226
SHA1_Update(context, (uint8_t const*)"\0", 1);
227
SHA1_Update(context, finalcount, 8); // Should cause a SHA1Transform()
229
for (uint32_t i = 0; i < 20; ++i)
231
digest[i] = static_cast<unsigned char>(
232
(context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
236
/************************************************************
240
By James H. Brown <jbrown@burgoyne.com>
241
Still 100% Public Domain
243
Corrected a problem which generated improper hash values on 16 bit machines
244
Routine SHA1Update changed from
245
void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int
248
void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned
251
The 'len' parameter was declared an int which works fine on 32 bit machines.
252
However, on 16 bit machines an int is too small for the shifts being done
254
it. This caused the hash function to generate incorrect values if len was
255
greater than 8191 (8K - 1) due to the 'len << 3' on line 3 of SHA1Update().
257
Since the file IO in main() reads 16K at a time, any file 8K or larger would
258
be guaranteed to generate the wrong hash (e.g. Test Vector #3, a million
261
I also changed the declaration of variables i & j in SHA1Update to
262
unsigned long from unsigned int for the same reason.
264
These changes should make no difference to any 32 bit implementations since
266
int and a long are the same size in those environments.
269
I also corrected a few compiler warnings generated by Borland C.
270
1. Added #include <process.h> for exit() prototype
271
2. Removed unused variable 'j' in SHA1Final
272
3. Changed exit(0) to return(0) at end of main.
274
ALL changes I made can be located by searching for comments containing 'JHB'
277
By Steve Reid <sreid@sea-to-sky.net>
278
Still 100% public domain
280
1- Removed #include <process.h> and used return() instead of exit()
281
2- Fixed overwriting of finalcount in SHA1Final() (discovered by Chris Hall)
282
3- Changed email address from steve@edmweb.com to sreid@sea-to-sky.net
286
By Saul Kravitz <Saul.Kravitz@celera.com>
288
Modified to run on Compaq Alpha hardware.
291
Converted to C++ 6/04
292
By Arvid Norberg <arvidn@sourceforge.net>
293
1- made the input buffer const, and made the
294
previous SHA1HANDSOFF implicit
295
2- uses C99 types with size guarantees
297
3- if none of __BIG_ENDIAN__ or LITTLE_ENDIAN
298
are defined, endianess is determined
299
at runtime. templates are used to duplicate
300
the transform function for each endianess
301
4- using anonymous namespace to avoid external
302
linkage on internal functions
303
5- using standard C++ includes
304
6- made API compatible with openssl
310
Test Vectors (from FIPS PUB 180-1)
312
A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
313
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
314
84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
315
A million repetitions of "a"
316
34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F