3 By Steve Reid <sreid@sea-to-sky.net>
5 [I interpet this as a blanket permision -iwj.]
7 Note: parts of this file have been removed or modified to work in secnet.
8 Instead of using this file in new projects, I suggest you use the
9 unmodified version. SDE.
13 By James H. Brown <jbrown@burgoyne.com>
14 Still 100% Public Domain
16 Corrected a problem which generated improper hash values on 16 bit machines
17 Routine SHA1Update changed from
18 void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int
21 void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned
24 The 'len' parameter was declared an int which works fine on 32 bit machines.
25 However, on 16 bit machines an int is too small for the shifts being done
27 it. This caused the hash function to generate incorrect values if len was
28 greater than 8191 (8K - 1) due to the 'len << 3' on line 3 of SHA1Update().
30 Since the file IO in main() reads 16K at a time, any file 8K or larger would
31 be guaranteed to generate the wrong hash (e.g. Test Vector #3, a million
34 I also changed the declaration of variables i & j in SHA1Update to
35 unsigned long from unsigned int for the same reason.
37 These changes should make no difference to any 32 bit implementations since
39 int and a long are the same size in those environments.
42 I also corrected a few compiler warnings generated by Borland C.
43 1. Added #include <process.h> for exit() prototype
44 2. Removed unused variable 'j' in SHA1Final
45 3. Changed exit(0) to return(0) at end of main.
47 ALL changes I made can be located by searching for comments containing 'JHB'
50 By Steve Reid <sreid@sea-to-sky.net>
51 Still 100% public domain
53 1- Removed #include <process.h> and used return() instead of exit()
54 2- Fixed overwriting of finalcount in SHA1Final() (discovered by Chris Hall)
55 3- Changed email address from steve@edmweb.com to sreid@sea-to-sky.net
59 By Saul Kravitz <Saul.Kravitz@celera.com>
61 Modified to run on Compaq Alpha hardware.
64 (Further modifications as part of secnet. See git history for full details.
69 Test Vectors (from FIPS PUB 180-1)
71 A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
72 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
73 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
74 A million repetitions of "a"
75 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
78 /* #define SHA1HANDSOFF */
88 #ifndef i386 /* For ALPHA (SAK) */
90 typedef long int int64;
91 typedef unsigned long int uint64;
93 typedef unsigned int uint32;
96 typedef long long int int64;
97 typedef unsigned long long int uint64;
98 typedef long int int32;
99 typedef unsigned long int uint32;
103 /* Get types and defines from the secnet configuration */
104 /* typedef int64_t int64; */
105 typedef uint64_t uint64;
106 /* typedef int32_t int32; */
107 typedef uint32_t uint32;
109 /* #include <process.h> */ /* prototype for exit() - JHB */
110 /* Using return() instead of exit() - SWR */
115 unsigned char buffer[64];
118 void SHA1Transform(uint32 state[5], unsigned char const buffer[64]);
119 void SHA1Init(SHA1_CTX* context);
120 void SHA1Update(SHA1_CTX* context, unsigned char const * data, uint32 len);
122 void SHA1Final(unsigned char digest[20], SHA1_CTX* context);
124 #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
126 /* blk0() and blk() perform the initial expand. */
127 /* I got the idea of expanding during the round function from SSLeay */
128 #ifndef WORDS_BIGENDIAN
129 #define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
130 |(rol(block->l[i],8)&0x00FF00FF))
132 #define blk0(i) block->l[i]
134 #define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
135 ^block->l[(i+2)&15]^block->l[i&15],1))
137 /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
138 #define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
139 #define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
140 #define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
141 #define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
142 #define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
145 #ifdef VERBOSE /* SAK */
146 void SHAPrintContext(SHA1_CTX *context, char *msg){
147 printf("%s (%d,%d) %x %x %x %x %x\n",
149 context->count[0], context->count[1],
158 /* Hash a single 512-bit block. This is the core of the algorithm. */
160 void SHA1Transform(uint32 state[5], unsigned char const buffer[64])
162 uint32 a, b, c, d, e;
169 static unsigned char workspace[64];
170 block = (CHAR64LONG16*)workspace;
171 memcpy(block, buffer, 64);
173 block = (CHAR64LONG16*)buffer;
175 /* Copy context->state[] to working vars */
181 /* 4 rounds of 20 operations each. Loop unrolled. */
182 R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
183 R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
184 R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
185 R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
186 R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
187 R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
188 R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
189 R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
190 R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
191 R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
192 R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
193 R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
194 R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
195 R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
196 R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
197 R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
198 R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
199 R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
200 R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
201 R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
202 /* Add the working vars back into context.state[] */
209 a = b = c = d = e = 0;
213 /* SHA1Init - Initialize new context */
215 void SHA1Init(SHA1_CTX* context)
217 /* SHA1 initialization constants */
218 context->state[0] = 0x67452301;
219 context->state[1] = 0xEFCDAB89;
220 context->state[2] = 0x98BADCFE;
221 context->state[3] = 0x10325476;
222 context->state[4] = 0xC3D2E1F0;
223 context->count[0] = context->count[1] = 0;
227 /* Run your data through this. */
229 void SHA1Update(SHA1_CTX* context, unsigned char const* data, uint32 len) /*
232 uint32 i, j; /* JHB */
235 SHAPrintContext(context, "before");
237 j = (context->count[0] >> 3) & 63;
238 if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++;
239 context->count[1] += (len >> 29);
240 if ((j + len) > 63) {
241 memcpy(&context->buffer[j], data, (i = 64-j));
242 SHA1Transform(context->state, context->buffer);
243 for ( ; i + 63 < len; i += 64) {
244 SHA1Transform(context->state, &data[i]);
249 memcpy(&context->buffer[j], &data[i], len - i);
251 SHAPrintContext(context, "after ");
256 /* Add padding and return the message digest. */
258 void SHA1Final(unsigned char digest[20], SHA1_CTX* context)
261 unsigned char finalcount[8];
263 for (i = 0; i < 8; i++) {
264 finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
265 >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
267 SHA1Update(context, (unsigned char *)"\200", 1);
268 while ((context->count[0] & 504) != 448) {
269 SHA1Update(context, (unsigned char *)"\0", 1);
271 SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform()
273 for (i = 0; i < 20; i++) {
274 digest[i] = (unsigned char)
275 ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
279 memset(context->buffer, 0, 64);
280 memset(context->state, 0, 20);
281 memset(context->count, 0, 8);
282 memset(finalcount, 0, 8); /* SWR */
283 #ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */
284 SHA1Transform(context->state, context->buffer);
288 /*************************************************************/
290 /* Everything below here is the interface to secnet */
291 static void sha1_init(void *sst)
298 static void sha1_update(void *sst, const void *buf, int32_t len)
302 SHA1Update(ctx,buf,len);
305 static void sha1_final(void *sst, uint8_t *digest)
309 SHA1Final(digest,ctx);
317 void sha1_module(dict_t *dict)
320 cstring_t testinput="abcdbcdecdefdefgefghfghigh"
321 "ijhijkijkljklmklmnlmnomnopnopq";
322 uint8_t expected[20]=
323 { 0x84,0x98,0x3e,0x44,
327 0xe5,0x46,0x70,0xf1};
332 st->cl.description="sha1";
335 st->cl.interface=&st->ops;
337 st->ops.slen=sizeof(SHA1_CTX);
338 st->ops.init=sha1_init;
339 st->ops.update=sha1_update;
340 st->ops.final=sha1_final;
342 dict_add(dict,"sha1",new_closure(&st->cl));
344 hash_hash(&st->ops,testinput,strlen(testinput),digest);
345 for (i=0; i<20; i++) {
346 if (digest[i]!=expected[i]) {
347 fatal("sha1 module failed self-test");