Commit | Line | Data |
---|---|---|
3454dce4 SE |
1 | /* |
2 | SHA-1 in C | |
3 | By Steve Reid <sreid@sea-to-sky.net> | |
4 | 100% Public Domain | |
5 | ||
6 | Note: parts of this file have been removed or modified to work in secnet. | |
7 | Instead of using this file in new projects, I suggest you use the | |
8 | unmodified version. SDE. | |
9 | ||
10 | ----------------- | |
11 | Modified 7/98 | |
12 | By James H. Brown <jbrown@burgoyne.com> | |
13 | Still 100% Public Domain | |
14 | ||
15 | Corrected a problem which generated improper hash values on 16 bit machines | |
16 | Routine SHA1Update changed from | |
17 | void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int | |
18 | len) | |
19 | to | |
20 | void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned | |
21 | long len) | |
22 | ||
23 | The 'len' parameter was declared an int which works fine on 32 bit machines. | |
24 | However, on 16 bit machines an int is too small for the shifts being done | |
25 | against | |
26 | it. This caused the hash function to generate incorrect values if len was | |
27 | greater than 8191 (8K - 1) due to the 'len << 3' on line 3 of SHA1Update(). | |
28 | ||
29 | Since the file IO in main() reads 16K at a time, any file 8K or larger would | |
30 | be guaranteed to generate the wrong hash (e.g. Test Vector #3, a million | |
31 | "a"s). | |
32 | ||
33 | I also changed the declaration of variables i & j in SHA1Update to | |
34 | unsigned long from unsigned int for the same reason. | |
35 | ||
36 | These changes should make no difference to any 32 bit implementations since | |
37 | an | |
38 | int and a long are the same size in those environments. | |
39 | ||
40 | -- | |
41 | I also corrected a few compiler warnings generated by Borland C. | |
42 | 1. Added #include <process.h> for exit() prototype | |
43 | 2. Removed unused variable 'j' in SHA1Final | |
44 | 3. Changed exit(0) to return(0) at end of main. | |
45 | ||
46 | ALL changes I made can be located by searching for comments containing 'JHB' | |
47 | ----------------- | |
48 | Modified 8/98 | |
49 | By Steve Reid <sreid@sea-to-sky.net> | |
50 | Still 100% public domain | |
51 | ||
52 | 1- Removed #include <process.h> and used return() instead of exit() | |
53 | 2- Fixed overwriting of finalcount in SHA1Final() (discovered by Chris Hall) | |
54 | 3- Changed email address from steve@edmweb.com to sreid@sea-to-sky.net | |
55 | ||
56 | ----------------- | |
57 | Modified 4/01 | |
58 | By Saul Kravitz <Saul.Kravitz@celera.com> | |
59 | Still 100% PD | |
60 | Modified to run on Compaq Alpha hardware. | |
61 | ||
62 | ||
63 | */ | |
64 | ||
65 | /* | |
66 | Test Vectors (from FIPS PUB 180-1) | |
67 | "abc" | |
68 | A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D | |
69 | "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" | |
70 | 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 | |
71 | A million repetitions of "a" | |
72 | 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F | |
73 | */ | |
74 | ||
75 | /* #define SHA1HANDSOFF */ | |
76 | ||
77 | #include "secnet.h" | |
78 | #include <stdio.h> | |
79 | #include <string.h> | |
80 | ||
81 | #define SHA1HANDSOFF | |
82 | ||
83 | #if 0 | |
84 | #ifndef i386 /* For ALPHA (SAK) */ | |
85 | #define LITTLE_ENDIAN | |
86 | typedef long int int64; | |
87 | typedef unsigned long int uint64; | |
88 | typedef int int32; | |
89 | typedef unsigned int uint32; | |
90 | #else /*i386*/ | |
91 | #define LITTLE_ENDIAN | |
92 | typedef long long int int64; | |
93 | typedef unsigned long long int uint64; | |
94 | typedef long int int32; | |
95 | typedef unsigned long int uint32; | |
96 | #endif /*i386*/ | |
97 | #endif /* 0 */ | |
98 | ||
99 | /* Get types and defines from the secnet configuration */ | |
8dea8d37 | 100 | /* typedef int64_t int64; */ |
3454dce4 | 101 | typedef uint64_t uint64; |
8dea8d37 | 102 | /* typedef int32_t int32; */ |
3454dce4 SE |
103 | typedef uint32_t uint32; |
104 | ||
105 | /* #include <process.h> */ /* prototype for exit() - JHB */ | |
106 | /* Using return() instead of exit() - SWR */ | |
107 | ||
108 | typedef struct { | |
109 | uint32 state[5]; | |
110 | uint32 count[2]; | |
111 | unsigned char buffer[64]; | |
112 | } SHA1_CTX; | |
113 | ||
114 | void SHA1Transform(uint32 state[5], unsigned char const buffer[64]); | |
115 | void SHA1Init(SHA1_CTX* context); | |
116 | void SHA1Update(SHA1_CTX* context, unsigned char const * data, uint32 len); | |
117 | /* JHB */ | |
118 | void SHA1Final(unsigned char digest[20], SHA1_CTX* context); | |
119 | ||
120 | #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) | |
121 | ||
122 | /* blk0() and blk() perform the initial expand. */ | |
123 | /* I got the idea of expanding during the round function from SSLeay */ | |
124 | #ifndef WORDS_BIGENDIAN | |
125 | #define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ | |
126 | |(rol(block->l[i],8)&0x00FF00FF)) | |
127 | #else | |
128 | #define blk0(i) block->l[i] | |
129 | #endif | |
130 | #define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ | |
131 | ^block->l[(i+2)&15]^block->l[i&15],1)) | |
132 | ||
133 | /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ | |
134 | #define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); | |
135 | #define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); | |
136 | #define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); | |
137 | #define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); | |
138 | #define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); | |
139 | ||
140 | ||
141 | #ifdef VERBOSE /* SAK */ | |
142 | void SHAPrintContext(SHA1_CTX *context, char *msg){ | |
143 | printf("%s (%d,%d) %x %x %x %x %x\n", | |
144 | msg, | |
145 | context->count[0], context->count[1], | |
146 | context->state[0], | |
147 | context->state[1], | |
148 | context->state[2], | |
149 | context->state[3], | |
150 | context->state[4]); | |
151 | } | |
152 | #endif | |
153 | ||
154 | /* Hash a single 512-bit block. This is the core of the algorithm. */ | |
155 | ||
156 | void SHA1Transform(uint32 state[5], unsigned char const buffer[64]) | |
157 | { | |
158 | uint32 a, b, c, d, e; | |
159 | typedef union { | |
160 | unsigned char c[64]; | |
161 | uint32 l[16]; | |
162 | } CHAR64LONG16; | |
163 | CHAR64LONG16* block; | |
164 | #ifdef SHA1HANDSOFF | |
165 | static unsigned char workspace[64]; | |
166 | block = (CHAR64LONG16*)workspace; | |
167 | memcpy(block, buffer, 64); | |
168 | #else | |
169 | block = (CHAR64LONG16*)buffer; | |
170 | #endif | |
171 | /* Copy context->state[] to working vars */ | |
172 | a = state[0]; | |
173 | b = state[1]; | |
174 | c = state[2]; | |
175 | d = state[3]; | |
176 | e = state[4]; | |
177 | /* 4 rounds of 20 operations each. Loop unrolled. */ | |
178 | R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); | |
179 | R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); | |
180 | R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); | |
181 | R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); | |
182 | R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); | |
183 | R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); | |
184 | R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); | |
185 | R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); | |
186 | R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); | |
187 | R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); | |
188 | R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); | |
189 | R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); | |
190 | R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); | |
191 | R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); | |
192 | R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); | |
193 | R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); | |
194 | R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); | |
195 | R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); | |
196 | R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); | |
197 | R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); | |
198 | /* Add the working vars back into context.state[] */ | |
199 | state[0] += a; | |
200 | state[1] += b; | |
201 | state[2] += c; | |
202 | state[3] += d; | |
203 | state[4] += e; | |
204 | /* Wipe variables */ | |
205 | a = b = c = d = e = 0; | |
206 | } | |
207 | ||
208 | ||
209 | /* SHA1Init - Initialize new context */ | |
210 | ||
211 | void SHA1Init(SHA1_CTX* context) | |
212 | { | |
213 | /* SHA1 initialization constants */ | |
214 | context->state[0] = 0x67452301; | |
215 | context->state[1] = 0xEFCDAB89; | |
216 | context->state[2] = 0x98BADCFE; | |
217 | context->state[3] = 0x10325476; | |
218 | context->state[4] = 0xC3D2E1F0; | |
219 | context->count[0] = context->count[1] = 0; | |
220 | } | |
221 | ||
222 | ||
223 | /* Run your data through this. */ | |
224 | ||
225 | void SHA1Update(SHA1_CTX* context, unsigned char const* data, uint32 len) /* | |
226 | JHB */ | |
227 | { | |
228 | uint32 i, j; /* JHB */ | |
229 | ||
230 | #ifdef VERBOSE | |
231 | SHAPrintContext(context, "before"); | |
232 | #endif | |
233 | j = (context->count[0] >> 3) & 63; | |
234 | if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++; | |
235 | context->count[1] += (len >> 29); | |
236 | if ((j + len) > 63) { | |
237 | memcpy(&context->buffer[j], data, (i = 64-j)); | |
238 | SHA1Transform(context->state, context->buffer); | |
239 | for ( ; i + 63 < len; i += 64) { | |
240 | SHA1Transform(context->state, &data[i]); | |
241 | } | |
242 | j = 0; | |
243 | } | |
244 | else i = 0; | |
245 | memcpy(&context->buffer[j], &data[i], len - i); | |
246 | #ifdef VERBOSE | |
247 | SHAPrintContext(context, "after "); | |
248 | #endif | |
249 | } | |
250 | ||
251 | ||
252 | /* Add padding and return the message digest. */ | |
253 | ||
254 | void SHA1Final(unsigned char digest[20], SHA1_CTX* context) | |
255 | { | |
256 | uint32 i; /* JHB */ | |
257 | unsigned char finalcount[8]; | |
258 | ||
259 | for (i = 0; i < 8; i++) { | |
260 | finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] | |
261 | >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ | |
262 | } | |
263 | SHA1Update(context, (unsigned char *)"\200", 1); | |
264 | while ((context->count[0] & 504) != 448) { | |
265 | SHA1Update(context, (unsigned char *)"\0", 1); | |
266 | } | |
267 | SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() | |
268 | */ | |
269 | for (i = 0; i < 20; i++) { | |
270 | digest[i] = (unsigned char) | |
271 | ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); | |
272 | } | |
273 | /* Wipe variables */ | |
274 | i = 0; /* JHB */ | |
275 | memset(context->buffer, 0, 64); | |
276 | memset(context->state, 0, 20); | |
277 | memset(context->count, 0, 8); | |
278 | memset(finalcount, 0, 8); /* SWR */ | |
279 | #ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */ | |
280 | SHA1Transform(context->state, context->buffer); | |
281 | #endif | |
282 | } | |
283 | ||
284 | /*************************************************************/ | |
285 | ||
286 | /* Everything below here is the interface to secnet */ | |
287 | static void *sha1_init(void) | |
288 | { | |
289 | SHA1_CTX *ctx; | |
290 | ||
291 | ctx=safe_malloc(sizeof(*ctx),"sha1_init"); | |
292 | SHA1Init(ctx); | |
293 | ||
294 | return ctx; | |
295 | } | |
296 | ||
babd74ec | 297 | static void sha1_update(void *sst, const void *buf, int32_t len) |
3454dce4 SE |
298 | { |
299 | SHA1_CTX *ctx=sst; | |
300 | ||
301 | SHA1Update(ctx,buf,len); | |
302 | } | |
303 | ||
304 | static void sha1_final(void *sst, uint8_t *digest) | |
305 | { | |
306 | SHA1_CTX *ctx=sst; | |
307 | ||
308 | SHA1Final(digest,ctx); | |
309 | free(ctx); | |
310 | } | |
311 | ||
312 | struct sha1 { | |
313 | closure_t cl; | |
314 | struct hash_if ops; | |
315 | }; | |
316 | ||
3454dce4 SE |
317 | void sha1_module(dict_t *dict) |
318 | { | |
319 | struct sha1 *st; | |
320 | void *ctx; | |
fe5e9cc4 | 321 | cstring_t testinput="abcdbcdecdefdefgefghfghigh" |
3454dce4 SE |
322 | "ijhijkijkljklmklmnlmnomnopnopq"; |
323 | uint8_t expected[20]= | |
324 | { 0x84,0x98,0x3e,0x44, | |
325 | 0x1c,0x3b,0xd2,0x6e, | |
326 | 0xba,0xae,0x4a,0xa1, | |
327 | 0xf9,0x51,0x29,0xe5, | |
328 | 0xe5,0x46,0x70,0xf1}; | |
329 | uint8_t digest[20]; | |
330 | int i; | |
331 | ||
332 | st=safe_malloc(sizeof(*st),"sha1_module"); | |
333 | st->cl.description="sha1"; | |
334 | st->cl.type=CL_HASH; | |
335 | st->cl.apply=NULL; | |
336 | st->cl.interface=&st->ops; | |
337 | st->ops.len=20; | |
338 | st->ops.init=sha1_init; | |
339 | st->ops.update=sha1_update; | |
340 | st->ops.final=sha1_final; | |
341 | ||
342 | dict_add(dict,"sha1",new_closure(&st->cl)); | |
343 | ||
344 | ctx=sha1_init(); | |
345 | sha1_update(ctx,testinput,strlen(testinput)); | |
346 | sha1_final(ctx,digest); | |
347 | for (i=0; i<20; i++) { | |
348 | if (digest[i]!=expected[i]) { | |
4f5e39ec | 349 | fatal("sha1 module failed self-test"); |
3454dce4 SE |
350 | } |
351 | } | |
352 | } |