Commit | Line | Data |
---|---|---|
3454dce4 SE |
1 | /* |
2 | SHA-1 in C | |
3 | By Steve Reid <sreid@sea-to-sky.net> | |
4 | 100% Public Domain | |
c215a4bc | 5 | [I interpet this as a blanket permision -iwj.] |
3454dce4 SE |
6 | |
7 | Note: parts of this file have been removed or modified to work in secnet. | |
8 | Instead of using this file in new projects, I suggest you use the | |
9 | unmodified version. SDE. | |
10 | ||
11 | ----------------- | |
12 | Modified 7/98 | |
13 | By James H. Brown <jbrown@burgoyne.com> | |
14 | Still 100% Public Domain | |
15 | ||
16 | Corrected a problem which generated improper hash values on 16 bit machines | |
17 | Routine SHA1Update changed from | |
18 | void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int | |
19 | len) | |
20 | to | |
21 | void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned | |
22 | long len) | |
23 | ||
24 | The 'len' parameter was declared an int which works fine on 32 bit machines. | |
25 | However, on 16 bit machines an int is too small for the shifts being done | |
26 | against | |
27 | it. This caused the hash function to generate incorrect values if len was | |
28 | greater than 8191 (8K - 1) due to the 'len << 3' on line 3 of SHA1Update(). | |
29 | ||
30 | Since the file IO in main() reads 16K at a time, any file 8K or larger would | |
31 | be guaranteed to generate the wrong hash (e.g. Test Vector #3, a million | |
32 | "a"s). | |
33 | ||
34 | I also changed the declaration of variables i & j in SHA1Update to | |
35 | unsigned long from unsigned int for the same reason. | |
36 | ||
37 | These changes should make no difference to any 32 bit implementations since | |
38 | an | |
39 | int and a long are the same size in those environments. | |
40 | ||
41 | -- | |
42 | I also corrected a few compiler warnings generated by Borland C. | |
43 | 1. Added #include <process.h> for exit() prototype | |
44 | 2. Removed unused variable 'j' in SHA1Final | |
45 | 3. Changed exit(0) to return(0) at end of main. | |
46 | ||
47 | ALL changes I made can be located by searching for comments containing 'JHB' | |
48 | ----------------- | |
49 | Modified 8/98 | |
50 | By Steve Reid <sreid@sea-to-sky.net> | |
51 | Still 100% public domain | |
52 | ||
53 | 1- Removed #include <process.h> and used return() instead of exit() | |
54 | 2- Fixed overwriting of finalcount in SHA1Final() (discovered by Chris Hall) | |
55 | 3- Changed email address from steve@edmweb.com to sreid@sea-to-sky.net | |
56 | ||
57 | ----------------- | |
58 | Modified 4/01 | |
59 | By Saul Kravitz <Saul.Kravitz@celera.com> | |
60 | Still 100% PD | |
61 | Modified to run on Compaq Alpha hardware. | |
62 | ||
c215a4bc IJ |
63 | ----------------- |
64 | (Further modifications as part of secnet. See git history for full details. | |
65 | - Ian Jackson et al) | |
3454dce4 SE |
66 | */ |
67 | ||
68 | /* | |
69 | Test Vectors (from FIPS PUB 180-1) | |
70 | "abc" | |
71 | A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D | |
72 | "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" | |
73 | 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 | |
74 | A million repetitions of "a" | |
75 | 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F | |
76 | */ | |
77 | ||
78 | /* #define SHA1HANDSOFF */ | |
79 | ||
80 | #include "secnet.h" | |
81 | #include <stdio.h> | |
82 | #include <string.h> | |
83 | ||
84 | #define SHA1HANDSOFF | |
85 | ||
86 | #if 0 | |
87 | #ifndef i386 /* For ALPHA (SAK) */ | |
88 | #define LITTLE_ENDIAN | |
89 | typedef long int int64; | |
90 | typedef unsigned long int uint64; | |
91 | typedef int int32; | |
92 | typedef unsigned int uint32; | |
93 | #else /*i386*/ | |
94 | #define LITTLE_ENDIAN | |
95 | typedef long long int int64; | |
96 | typedef unsigned long long int uint64; | |
97 | typedef long int int32; | |
98 | typedef unsigned long int uint32; | |
99 | #endif /*i386*/ | |
100 | #endif /* 0 */ | |
101 | ||
102 | /* Get types and defines from the secnet configuration */ | |
8dea8d37 | 103 | /* typedef int64_t int64; */ |
3454dce4 | 104 | typedef uint64_t uint64; |
8dea8d37 | 105 | /* typedef int32_t int32; */ |
3454dce4 SE |
106 | typedef uint32_t uint32; |
107 | ||
108 | /* #include <process.h> */ /* prototype for exit() - JHB */ | |
109 | /* Using return() instead of exit() - SWR */ | |
110 | ||
111 | typedef struct { | |
112 | uint32 state[5]; | |
113 | uint32 count[2]; | |
114 | unsigned char buffer[64]; | |
115 | } SHA1_CTX; | |
116 | ||
117 | void SHA1Transform(uint32 state[5], unsigned char const buffer[64]); | |
118 | void SHA1Init(SHA1_CTX* context); | |
119 | void SHA1Update(SHA1_CTX* context, unsigned char const * data, uint32 len); | |
120 | /* JHB */ | |
121 | void SHA1Final(unsigned char digest[20], SHA1_CTX* context); | |
122 | ||
123 | #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) | |
124 | ||
125 | /* blk0() and blk() perform the initial expand. */ | |
126 | /* I got the idea of expanding during the round function from SSLeay */ | |
127 | #ifndef WORDS_BIGENDIAN | |
128 | #define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ | |
129 | |(rol(block->l[i],8)&0x00FF00FF)) | |
130 | #else | |
131 | #define blk0(i) block->l[i] | |
132 | #endif | |
133 | #define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ | |
134 | ^block->l[(i+2)&15]^block->l[i&15],1)) | |
135 | ||
136 | /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ | |
137 | #define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); | |
138 | #define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); | |
139 | #define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); | |
140 | #define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); | |
141 | #define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); | |
142 | ||
143 | ||
144 | #ifdef VERBOSE /* SAK */ | |
145 | void SHAPrintContext(SHA1_CTX *context, char *msg){ | |
146 | printf("%s (%d,%d) %x %x %x %x %x\n", | |
147 | msg, | |
148 | context->count[0], context->count[1], | |
149 | context->state[0], | |
150 | context->state[1], | |
151 | context->state[2], | |
152 | context->state[3], | |
153 | context->state[4]); | |
154 | } | |
155 | #endif | |
156 | ||
157 | /* Hash a single 512-bit block. This is the core of the algorithm. */ | |
158 | ||
159 | void SHA1Transform(uint32 state[5], unsigned char const buffer[64]) | |
160 | { | |
161 | uint32 a, b, c, d, e; | |
162 | typedef union { | |
163 | unsigned char c[64]; | |
164 | uint32 l[16]; | |
165 | } CHAR64LONG16; | |
166 | CHAR64LONG16* block; | |
167 | #ifdef SHA1HANDSOFF | |
168 | static unsigned char workspace[64]; | |
169 | block = (CHAR64LONG16*)workspace; | |
170 | memcpy(block, buffer, 64); | |
171 | #else | |
172 | block = (CHAR64LONG16*)buffer; | |
173 | #endif | |
174 | /* Copy context->state[] to working vars */ | |
175 | a = state[0]; | |
176 | b = state[1]; | |
177 | c = state[2]; | |
178 | d = state[3]; | |
179 | e = state[4]; | |
180 | /* 4 rounds of 20 operations each. Loop unrolled. */ | |
181 | R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); | |
182 | R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); | |
183 | R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); | |
184 | R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); | |
185 | R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); | |
186 | R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); | |
187 | R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); | |
188 | R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); | |
189 | R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); | |
190 | R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); | |
191 | R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); | |
192 | R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); | |
193 | R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); | |
194 | R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); | |
195 | R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); | |
196 | R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); | |
197 | R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); | |
198 | R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); | |
199 | R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); | |
200 | R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); | |
201 | /* Add the working vars back into context.state[] */ | |
202 | state[0] += a; | |
203 | state[1] += b; | |
204 | state[2] += c; | |
205 | state[3] += d; | |
206 | state[4] += e; | |
207 | /* Wipe variables */ | |
208 | a = b = c = d = e = 0; | |
209 | } | |
210 | ||
211 | ||
212 | /* SHA1Init - Initialize new context */ | |
213 | ||
214 | void SHA1Init(SHA1_CTX* context) | |
215 | { | |
216 | /* SHA1 initialization constants */ | |
217 | context->state[0] = 0x67452301; | |
218 | context->state[1] = 0xEFCDAB89; | |
219 | context->state[2] = 0x98BADCFE; | |
220 | context->state[3] = 0x10325476; | |
221 | context->state[4] = 0xC3D2E1F0; | |
222 | context->count[0] = context->count[1] = 0; | |
223 | } | |
224 | ||
225 | ||
226 | /* Run your data through this. */ | |
227 | ||
228 | void SHA1Update(SHA1_CTX* context, unsigned char const* data, uint32 len) /* | |
229 | JHB */ | |
230 | { | |
231 | uint32 i, j; /* JHB */ | |
232 | ||
233 | #ifdef VERBOSE | |
234 | SHAPrintContext(context, "before"); | |
235 | #endif | |
236 | j = (context->count[0] >> 3) & 63; | |
237 | if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++; | |
238 | context->count[1] += (len >> 29); | |
239 | if ((j + len) > 63) { | |
240 | memcpy(&context->buffer[j], data, (i = 64-j)); | |
241 | SHA1Transform(context->state, context->buffer); | |
242 | for ( ; i + 63 < len; i += 64) { | |
243 | SHA1Transform(context->state, &data[i]); | |
244 | } | |
245 | j = 0; | |
246 | } | |
247 | else i = 0; | |
248 | memcpy(&context->buffer[j], &data[i], len - i); | |
249 | #ifdef VERBOSE | |
250 | SHAPrintContext(context, "after "); | |
251 | #endif | |
252 | } | |
253 | ||
254 | ||
255 | /* Add padding and return the message digest. */ | |
256 | ||
257 | void SHA1Final(unsigned char digest[20], SHA1_CTX* context) | |
258 | { | |
259 | uint32 i; /* JHB */ | |
260 | unsigned char finalcount[8]; | |
261 | ||
262 | for (i = 0; i < 8; i++) { | |
263 | finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] | |
264 | >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ | |
265 | } | |
266 | SHA1Update(context, (unsigned char *)"\200", 1); | |
267 | while ((context->count[0] & 504) != 448) { | |
268 | SHA1Update(context, (unsigned char *)"\0", 1); | |
269 | } | |
270 | SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() | |
271 | */ | |
272 | for (i = 0; i < 20; i++) { | |
273 | digest[i] = (unsigned char) | |
274 | ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); | |
275 | } | |
276 | /* Wipe variables */ | |
277 | i = 0; /* JHB */ | |
278 | memset(context->buffer, 0, 64); | |
279 | memset(context->state, 0, 20); | |
280 | memset(context->count, 0, 8); | |
281 | memset(finalcount, 0, 8); /* SWR */ | |
282 | #ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */ | |
283 | SHA1Transform(context->state, context->buffer); | |
284 | #endif | |
285 | } | |
286 | ||
287 | /*************************************************************/ | |
288 | ||
289 | /* Everything below here is the interface to secnet */ | |
290 | static void *sha1_init(void) | |
291 | { | |
292 | SHA1_CTX *ctx; | |
293 | ||
b7886fd4 | 294 | NEW(ctx); |
3454dce4 SE |
295 | SHA1Init(ctx); |
296 | ||
297 | return ctx; | |
298 | } | |
299 | ||
babd74ec | 300 | static void sha1_update(void *sst, const void *buf, int32_t len) |
3454dce4 SE |
301 | { |
302 | SHA1_CTX *ctx=sst; | |
303 | ||
304 | SHA1Update(ctx,buf,len); | |
305 | } | |
306 | ||
307 | static void sha1_final(void *sst, uint8_t *digest) | |
308 | { | |
309 | SHA1_CTX *ctx=sst; | |
310 | ||
311 | SHA1Final(digest,ctx); | |
312 | free(ctx); | |
313 | } | |
314 | ||
315 | struct sha1 { | |
316 | closure_t cl; | |
317 | struct hash_if ops; | |
318 | }; | |
319 | ||
3454dce4 SE |
320 | void sha1_module(dict_t *dict) |
321 | { | |
322 | struct sha1 *st; | |
323 | void *ctx; | |
fe5e9cc4 | 324 | cstring_t testinput="abcdbcdecdefdefgefghfghigh" |
3454dce4 SE |
325 | "ijhijkijkljklmklmnlmnomnopnopq"; |
326 | uint8_t expected[20]= | |
327 | { 0x84,0x98,0x3e,0x44, | |
328 | 0x1c,0x3b,0xd2,0x6e, | |
329 | 0xba,0xae,0x4a,0xa1, | |
330 | 0xf9,0x51,0x29,0xe5, | |
331 | 0xe5,0x46,0x70,0xf1}; | |
332 | uint8_t digest[20]; | |
333 | int i; | |
334 | ||
b7886fd4 | 335 | NEW(st); |
3454dce4 SE |
336 | st->cl.description="sha1"; |
337 | st->cl.type=CL_HASH; | |
338 | st->cl.apply=NULL; | |
339 | st->cl.interface=&st->ops; | |
340 | st->ops.len=20; | |
341 | st->ops.init=sha1_init; | |
342 | st->ops.update=sha1_update; | |
343 | st->ops.final=sha1_final; | |
344 | ||
345 | dict_add(dict,"sha1",new_closure(&st->cl)); | |
346 | ||
347 | ctx=sha1_init(); | |
348 | sha1_update(ctx,testinput,strlen(testinput)); | |
349 | sha1_final(ctx,digest); | |
350 | for (i=0; i<20; i++) { | |
351 | if (digest[i]!=expected[i]) { | |
4f5e39ec | 352 | fatal("sha1 module failed self-test"); |
3454dce4 SE |
353 | } |
354 | } | |
355 | } |