2 * FIPS-180-1 compliant SHA-1 implementation
4 * Copyright (C) 2003-2006 Christophe Devine
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License, version 2.1 as published by the Free Software Foundation.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
21 * The SHA-1 standard was published by NIST in 1993.
23 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
26 #ifndef _CRT_SECURE_NO_DEPRECATE
27 #define _CRT_SECURE_NO_DEPRECATE 1
36 * 32-bit integer manipulation macros (big endian)
39 #define GET_UINT32_BE(n,b,i) \
41 (n) = ( (ulong) (b)[(i) ] << 24 ) \
42 | ( (ulong) (b)[(i) + 1] << 16 ) \
43 | ( (ulong) (b)[(i) + 2] << 8 ) \
44 | ( (ulong) (b)[(i) + 3] ); \
48 #define PUT_UINT32_BE(n,b,i) \
50 (b)[(i) ] = (uchar) ( (n) >> 24 ); \
51 (b)[(i) + 1] = (uchar) ( (n) >> 16 ); \
52 (b)[(i) + 2] = (uchar) ( (n) >> 8 ); \
53 (b)[(i) + 3] = (uchar) ( (n) ); \
58 * Core SHA-1 functions
60 void sha1_starts( sha1_context
*ctx
)
65 ctx
->state
[0] = 0x67452301;
66 ctx
->state
[1] = 0xEFCDAB89;
67 ctx
->state
[2] = 0x98BADCFE;
68 ctx
->state
[3] = 0x10325476;
69 ctx
->state
[4] = 0xC3D2E1F0;
72 void sha1_process( sha1_context
*ctx
, uchar data
[64] )
74 ulong temp
, W
[16], A
, B
, C
, D
, E
;
76 GET_UINT32_BE( W
[0], data
, 0 );
77 GET_UINT32_BE( W
[1], data
, 4 );
78 GET_UINT32_BE( W
[2], data
, 8 );
79 GET_UINT32_BE( W
[3], data
, 12 );
80 GET_UINT32_BE( W
[4], data
, 16 );
81 GET_UINT32_BE( W
[5], data
, 20 );
82 GET_UINT32_BE( W
[6], data
, 24 );
83 GET_UINT32_BE( W
[7], data
, 28 );
84 GET_UINT32_BE( W
[8], data
, 32 );
85 GET_UINT32_BE( W
[9], data
, 36 );
86 GET_UINT32_BE( W
[10], data
, 40 );
87 GET_UINT32_BE( W
[11], data
, 44 );
88 GET_UINT32_BE( W
[12], data
, 48 );
89 GET_UINT32_BE( W
[13], data
, 52 );
90 GET_UINT32_BE( W
[14], data
, 56 );
91 GET_UINT32_BE( W
[15], data
, 60 );
93 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
97 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
98 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
99 ( W[t & 0x0F] = S(temp,1) ) \
102 #define P(a,b,c,d,e,x) \
104 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
113 #define F(x,y,z) (z ^ (x & (y ^ z)))
116 P( A
, B
, C
, D
, E
, W
[0] );
117 P( E
, A
, B
, C
, D
, W
[1] );
118 P( D
, E
, A
, B
, C
, W
[2] );
119 P( C
, D
, E
, A
, B
, W
[3] );
120 P( B
, C
, D
, E
, A
, W
[4] );
121 P( A
, B
, C
, D
, E
, W
[5] );
122 P( E
, A
, B
, C
, D
, W
[6] );
123 P( D
, E
, A
, B
, C
, W
[7] );
124 P( C
, D
, E
, A
, B
, W
[8] );
125 P( B
, C
, D
, E
, A
, W
[9] );
126 P( A
, B
, C
, D
, E
, W
[10] );
127 P( E
, A
, B
, C
, D
, W
[11] );
128 P( D
, E
, A
, B
, C
, W
[12] );
129 P( C
, D
, E
, A
, B
, W
[13] );
130 P( B
, C
, D
, E
, A
, W
[14] );
131 P( A
, B
, C
, D
, E
, W
[15] );
132 P( E
, A
, B
, C
, D
, R(16) );
133 P( D
, E
, A
, B
, C
, R(17) );
134 P( C
, D
, E
, A
, B
, R(18) );
135 P( B
, C
, D
, E
, A
, R(19) );
140 #define F(x,y,z) (x ^ y ^ z)
143 P( A
, B
, C
, D
, E
, R(20) );
144 P( E
, A
, B
, C
, D
, R(21) );
145 P( D
, E
, A
, B
, C
, R(22) );
146 P( C
, D
, E
, A
, B
, R(23) );
147 P( B
, C
, D
, E
, A
, R(24) );
148 P( A
, B
, C
, D
, E
, R(25) );
149 P( E
, A
, B
, C
, D
, R(26) );
150 P( D
, E
, A
, B
, C
, R(27) );
151 P( C
, D
, E
, A
, B
, R(28) );
152 P( B
, C
, D
, E
, A
, R(29) );
153 P( A
, B
, C
, D
, E
, R(30) );
154 P( E
, A
, B
, C
, D
, R(31) );
155 P( D
, E
, A
, B
, C
, R(32) );
156 P( C
, D
, E
, A
, B
, R(33) );
157 P( B
, C
, D
, E
, A
, R(34) );
158 P( A
, B
, C
, D
, E
, R(35) );
159 P( E
, A
, B
, C
, D
, R(36) );
160 P( D
, E
, A
, B
, C
, R(37) );
161 P( C
, D
, E
, A
, B
, R(38) );
162 P( B
, C
, D
, E
, A
, R(39) );
167 #define F(x,y,z) ((x & y) | (z & (x | y)))
170 P( A
, B
, C
, D
, E
, R(40) );
171 P( E
, A
, B
, C
, D
, R(41) );
172 P( D
, E
, A
, B
, C
, R(42) );
173 P( C
, D
, E
, A
, B
, R(43) );
174 P( B
, C
, D
, E
, A
, R(44) );
175 P( A
, B
, C
, D
, E
, R(45) );
176 P( E
, A
, B
, C
, D
, R(46) );
177 P( D
, E
, A
, B
, C
, R(47) );
178 P( C
, D
, E
, A
, B
, R(48) );
179 P( B
, C
, D
, E
, A
, R(49) );
180 P( A
, B
, C
, D
, E
, R(50) );
181 P( E
, A
, B
, C
, D
, R(51) );
182 P( D
, E
, A
, B
, C
, R(52) );
183 P( C
, D
, E
, A
, B
, R(53) );
184 P( B
, C
, D
, E
, A
, R(54) );
185 P( A
, B
, C
, D
, E
, R(55) );
186 P( E
, A
, B
, C
, D
, R(56) );
187 P( D
, E
, A
, B
, C
, R(57) );
188 P( C
, D
, E
, A
, B
, R(58) );
189 P( B
, C
, D
, E
, A
, R(59) );
194 #define F(x,y,z) (x ^ y ^ z)
197 P( A
, B
, C
, D
, E
, R(60) );
198 P( E
, A
, B
, C
, D
, R(61) );
199 P( D
, E
, A
, B
, C
, R(62) );
200 P( C
, D
, E
, A
, B
, R(63) );
201 P( B
, C
, D
, E
, A
, R(64) );
202 P( A
, B
, C
, D
, E
, R(65) );
203 P( E
, A
, B
, C
, D
, R(66) );
204 P( D
, E
, A
, B
, C
, R(67) );
205 P( C
, D
, E
, A
, B
, R(68) );
206 P( B
, C
, D
, E
, A
, R(69) );
207 P( A
, B
, C
, D
, E
, R(70) );
208 P( E
, A
, B
, C
, D
, R(71) );
209 P( D
, E
, A
, B
, C
, R(72) );
210 P( C
, D
, E
, A
, B
, R(73) );
211 P( B
, C
, D
, E
, A
, R(74) );
212 P( A
, B
, C
, D
, E
, R(75) );
213 P( E
, A
, B
, C
, D
, R(76) );
214 P( D
, E
, A
, B
, C
, R(77) );
215 P( C
, D
, E
, A
, B
, R(78) );
216 P( B
, C
, D
, E
, A
, R(79) );
228 void sha1_update( sha1_context
*ctx
, uchar
*input
, uint length
)
232 if( ! length
) return;
234 left
= ctx
->total
[0] & 0x3F;
237 ctx
->total
[0] += length
;
238 ctx
->total
[0] &= 0xFFFFFFFF;
240 if( ctx
->total
[0] < length
)
243 if( left
&& length
>= fill
)
245 memcpy( (void *) (ctx
->buffer
+ left
),
246 (void *) input
, fill
);
247 sha1_process( ctx
, ctx
->buffer
);
253 while( length
>= 64 )
255 sha1_process( ctx
, input
);
262 memcpy( (void *) (ctx
->buffer
+ left
),
263 (void *) input
, length
);
267 static uchar sha1_padding
[64] =
269 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
270 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
271 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
272 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
275 void sha1_finish( sha1_context
*ctx
, uchar digest
[20] )
281 high
= ( ctx
->total
[0] >> 29 )
282 | ( ctx
->total
[1] << 3 );
283 low
= ( ctx
->total
[0] << 3 );
285 PUT_UINT32_BE( high
, msglen
, 0 );
286 PUT_UINT32_BE( low
, msglen
, 4 );
288 last
= ctx
->total
[0] & 0x3F;
289 padn
= ( last
< 56 ) ? ( 56 - last
) : ( 120 - last
);
291 sha1_update( ctx
, sha1_padding
, padn
);
292 sha1_update( ctx
, msglen
, 8 );
294 PUT_UINT32_BE( ctx
->state
[0], digest
, 0 );
295 PUT_UINT32_BE( ctx
->state
[1], digest
, 4 );
296 PUT_UINT32_BE( ctx
->state
[2], digest
, 8 );
297 PUT_UINT32_BE( ctx
->state
[3], digest
, 12 );
298 PUT_UINT32_BE( ctx
->state
[4], digest
, 16 );
302 * Output SHA-1(file contents), returns 0 if successful.
304 int sha1_file( char *filename
, uchar digest
[20] )
311 if( ( f
= fopen( filename
, "rb" ) ) == NULL
)
316 while( ( n
= fread( buf
, 1, sizeof( buf
), f
) ) > 0 )
317 sha1_update( &ctx
, buf
, (uint
) n
);
319 sha1_finish( &ctx
, digest
);
328 void sha1_csum( uchar
*buf
, uint buflen
, uchar digest
[20] )
333 sha1_update( &ctx
, buf
, buflen
);
334 sha1_finish( &ctx
, digest
);
338 * Output HMAC-SHA-1(key,buf)
340 void sha1_hmac( uchar
*key
, uint keylen
, uchar
*buf
, uint buflen
,
349 memset( k_ipad
, 0x36, 64 );
350 memset( k_opad
, 0x5C, 64 );
352 for( i
= 0; i
< keylen
; i
++ )
361 sha1_update( &ctx
, k_ipad
, 64 );
362 sha1_update( &ctx
, buf
, buflen
);
363 sha1_finish( &ctx
, tmpbuf
);
366 sha1_update( &ctx
, k_opad
, 64 );
367 sha1_update( &ctx
, tmpbuf
, 20 );
368 sha1_finish( &ctx
, digest
);
370 memset( k_ipad
, 0, 64 );
371 memset( k_opad
, 0, 64 );
372 memset( tmpbuf
, 0, 20 );
373 memset( &ctx
, 0, sizeof( sha1_context
) );
378 * FIPS-180-1 test vectors
380 static char *sha1_test_str
[3] =
383 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
387 static uchar sha1_test_sum
[3][20] =
389 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
390 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
391 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
392 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
393 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
394 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
400 int sha1_self_test( void )
407 for( i
= 0; i
< 3; i
++ )
409 printf( " SHA-1 test #%d: ", i
+ 1 );
414 sha1_update( &ctx
, (uchar
*) sha1_test_str
[i
],
415 strlen( sha1_test_str
[i
] ) );
418 memset( buf
, 'a', 1000 );
419 for( j
= 0; j
< 1000; j
++ )
420 sha1_update( &ctx
, (uchar
*) buf
, 1000 );
423 sha1_finish( &ctx
, sha1sum
);
425 if( memcmp( sha1sum
, sha1_test_sum
[i
], 20 ) != 0 )
427 printf( "failed\n" );
431 printf( "passed\n" );
438 int sha1_self_test( void )
440 printf( "SHA-1 self-test not available\n\n" );
This page took 0.066244 seconds and 5 git commands to generate.