2 * FIPS-180-1 compliant SHA-1 implementation
4 * Copyright (C) 2003-2006 Christophe Devine
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License, version 2.1 as published by the Free Software Foundation.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
21 * The SHA-1 standard was published by NIST in 1993.
23 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
26 #ifndef _CRT_SECURE_NO_DEPRECATE
27 #define _CRT_SECURE_NO_DEPRECATE 1
36 * 32-bit integer manipulation macros (big endian)
39 #define GET_UINT32_BE(n,b,i) \
41 (n) = ( (ulong) (b)[(i) ] << 24 ) \
42 | ( (ulong) (b)[(i) + 1] << 16 ) \
43 | ( (ulong) (b)[(i) + 2] << 8 ) \
44 | ( (ulong) (b)[(i) + 3] ); \
48 #define PUT_UINT32_BE(n,b,i) \
50 (b)[(i) ] = (uchar) ( (n) >> 24 ); \
51 (b)[(i) + 1] = (uchar) ( (n) >> 16 ); \
52 (b)[(i) + 2] = (uchar) ( (n) >> 8 ); \
53 (b)[(i) + 3] = (uchar) ( (n) ); \
58 * Core SHA-1 functions
60 void sha1_starts( sha1_context
*ctx
)
65 ctx
->state
[0] = 0x67452301;
66 ctx
->state
[1] = 0xEFCDAB89;
67 ctx
->state
[2] = 0x98BADCFE;
68 ctx
->state
[3] = 0x10325476;
69 ctx
->state
[4] = 0xC3D2E1F0;
72 void sha1_process( sha1_context
*ctx
, uchar data
[64] )
74 ulong temp
, W
[16], A
, B
, C
, D
, E
;
76 GET_UINT32_BE( W
[0], data
, 0 );
77 GET_UINT32_BE( W
[1], data
, 4 );
78 GET_UINT32_BE( W
[2], data
, 8 );
79 GET_UINT32_BE( W
[3], data
, 12 );
80 GET_UINT32_BE( W
[4], data
, 16 );
81 GET_UINT32_BE( W
[5], data
, 20 );
82 GET_UINT32_BE( W
[6], data
, 24 );
83 GET_UINT32_BE( W
[7], data
, 28 );
84 GET_UINT32_BE( W
[8], data
, 32 );
85 GET_UINT32_BE( W
[9], data
, 36 );
86 GET_UINT32_BE( W
[10], data
, 40 );
87 GET_UINT32_BE( W
[11], data
, 44 );
88 GET_UINT32_BE( W
[12], data
, 48 );
89 GET_UINT32_BE( W
[13], data
, 52 );
90 GET_UINT32_BE( W
[14], data
, 56 );
91 GET_UINT32_BE( W
[15], data
, 60 );
93 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
97 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
98 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
99 ( W[t & 0x0F] = S(temp,1) ) \
102 #define P(a,b,c,d,e,x) \
104 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
113 #define F(x,y,z) (z ^ (x & (y ^ z)))
116 P( A
, B
, C
, D
, E
, W
[0] );
117 P( E
, A
, B
, C
, D
, W
[1] );
118 P( D
, E
, A
, B
, C
, W
[2] );
119 P( C
, D
, E
, A
, B
, W
[3] );
120 P( B
, C
, D
, E
, A
, W
[4] );
121 P( A
, B
, C
, D
, E
, W
[5] );
122 P( E
, A
, B
, C
, D
, W
[6] );
123 P( D
, E
, A
, B
, C
, W
[7] );
124 P( C
, D
, E
, A
, B
, W
[8] );
125 P( B
, C
, D
, E
, A
, W
[9] );
126 P( A
, B
, C
, D
, E
, W
[10] );
127 P( E
, A
, B
, C
, D
, W
[11] );
128 P( D
, E
, A
, B
, C
, W
[12] );
129 P( C
, D
, E
, A
, B
, W
[13] );
130 P( B
, C
, D
, E
, A
, W
[14] );
131 P( A
, B
, C
, D
, E
, W
[15] );
132 P( E
, A
, B
, C
, D
, R(16) );
133 P( D
, E
, A
, B
, C
, R(17) );
134 P( C
, D
, E
, A
, B
, R(18) );
135 P( B
, C
, D
, E
, A
, R(19) );
140 #define F(x,y,z) (x ^ y ^ z)
143 P( A
, B
, C
, D
, E
, R(20) );
144 P( E
, A
, B
, C
, D
, R(21) );
145 P( D
, E
, A
, B
, C
, R(22) );
146 P( C
, D
, E
, A
, B
, R(23) );
147 P( B
, C
, D
, E
, A
, R(24) );
148 P( A
, B
, C
, D
, E
, R(25) );
149 P( E
, A
, B
, C
, D
, R(26) );
150 P( D
, E
, A
, B
, C
, R(27) );
151 P( C
, D
, E
, A
, B
, R(28) );
152 P( B
, C
, D
, E
, A
, R(29) );
153 P( A
, B
, C
, D
, E
, R(30) );
154 P( E
, A
, B
, C
, D
, R(31) );
155 P( D
, E
, A
, B
, C
, R(32) );
156 P( C
, D
, E
, A
, B
, R(33) );
157 P( B
, C
, D
, E
, A
, R(34) );
158 P( A
, B
, C
, D
, E
, R(35) );
159 P( E
, A
, B
, C
, D
, R(36) );
160 P( D
, E
, A
, B
, C
, R(37) );
161 P( C
, D
, E
, A
, B
, R(38) );
162 P( B
, C
, D
, E
, A
, R(39) );
167 #define F(x,y,z) ((x & y) | (z & (x | y)))
170 P( A
, B
, C
, D
, E
, R(40) );
171 P( E
, A
, B
, C
, D
, R(41) );
172 P( D
, E
, A
, B
, C
, R(42) );
173 P( C
, D
, E
, A
, B
, R(43) );
174 P( B
, C
, D
, E
, A
, R(44) );
175 P( A
, B
, C
, D
, E
, R(45) );
176 P( E
, A
, B
, C
, D
, R(46) );
177 P( D
, E
, A
, B
, C
, R(47) );
178 P( C
, D
, E
, A
, B
, R(48) );
179 P( B
, C
, D
, E
, A
, R(49) );
180 P( A
, B
, C
, D
, E
, R(50) );
181 P( E
, A
, B
, C
, D
, R(51) );
182 P( D
, E
, A
, B
, C
, R(52) );
183 P( C
, D
, E
, A
, B
, R(53) );
184 P( B
, C
, D
, E
, A
, R(54) );
185 P( A
, B
, C
, D
, E
, R(55) );
186 P( E
, A
, B
, C
, D
, R(56) );
187 P( D
, E
, A
, B
, C
, R(57) );
188 P( C
, D
, E
, A
, B
, R(58) );
189 P( B
, C
, D
, E
, A
, R(59) );
194 #define F(x,y,z) (x ^ y ^ z)
197 P( A
, B
, C
, D
, E
, R(60) );
198 P( E
, A
, B
, C
, D
, R(61) );
199 P( D
, E
, A
, B
, C
, R(62) );
200 P( C
, D
, E
, A
, B
, R(63) );
201 P( B
, C
, D
, E
, A
, R(64) );
202 P( A
, B
, C
, D
, E
, R(65) );
203 P( E
, A
, B
, C
, D
, R(66) );
204 P( D
, E
, A
, B
, C
, R(67) );
205 P( C
, D
, E
, A
, B
, R(68) );
206 P( B
, C
, D
, E
, A
, R(69) );
207 P( A
, B
, C
, D
, E
, R(70) );
208 P( E
, A
, B
, C
, D
, R(71) );
209 P( D
, E
, A
, B
, C
, R(72) );
210 P( C
, D
, E
, A
, B
, R(73) );
211 P( B
, C
, D
, E
, A
, R(74) );
212 P( A
, B
, C
, D
, E
, R(75) );
213 P( E
, A
, B
, C
, D
, R(76) );
214 P( D
, E
, A
, B
, C
, R(77) );
215 P( C
, D
, E
, A
, B
, R(78) );
216 P( B
, C
, D
, E
, A
, R(79) );
228 void sha1_update( sha1_context
*ctx
, void *data
, uint length
)
233 if( ! length
) return;
235 left
= ctx
->total
[0] & 0x3F;
238 ctx
->total
[0] += length
;
239 ctx
->total
[0] &= 0xFFFFFFFF;
241 if( ctx
->total
[0] < length
)
244 if( left
&& length
>= fill
)
246 memcpy( (void *) (ctx
->buffer
+ left
),
247 (void *) input
, fill
);
248 sha1_process( ctx
, ctx
->buffer
);
254 while( length
>= 64 )
256 sha1_process( ctx
, input
);
263 memcpy( (void *) (ctx
->buffer
+ left
),
264 (void *) input
, length
);
268 static uchar sha1_padding
[64] =
270 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
271 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
272 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
273 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
276 void sha1_finish( sha1_context
*ctx
, uchar digest
[20] )
282 high
= ( ctx
->total
[0] >> 29 )
283 | ( ctx
->total
[1] << 3 );
284 low
= ( ctx
->total
[0] << 3 );
286 PUT_UINT32_BE( high
, msglen
, 0 );
287 PUT_UINT32_BE( low
, msglen
, 4 );
289 last
= ctx
->total
[0] & 0x3F;
290 padn
= ( last
< 56 ) ? ( 56 - last
) : ( 120 - last
);
292 sha1_update( ctx
, sha1_padding
, padn
);
293 sha1_update( ctx
, msglen
, 8 );
295 PUT_UINT32_BE( ctx
->state
[0], digest
, 0 );
296 PUT_UINT32_BE( ctx
->state
[1], digest
, 4 );
297 PUT_UINT32_BE( ctx
->state
[2], digest
, 8 );
298 PUT_UINT32_BE( ctx
->state
[3], digest
, 12 );
299 PUT_UINT32_BE( ctx
->state
[4], digest
, 16 );
303 * Output SHA-1(file contents), returns 0 if successful.
305 int sha1_file( char *filename
, uchar digest
[20] )
312 if( ( f
= fopen( filename
, "rb" ) ) == NULL
)
317 while( ( n
= fread( buf
, 1, sizeof( buf
), f
) ) > 0 )
318 sha1_update( &ctx
, buf
, (uint
) n
);
320 sha1_finish( &ctx
, digest
);
329 void sha1_csum( uchar
*buf
, uint buflen
, uchar digest
[20] )
334 sha1_update( &ctx
, buf
, buflen
);
335 sha1_finish( &ctx
, digest
);
339 * Output HMAC-SHA-1(key,buf)
341 void sha1_hmac( uchar
*key
, uint keylen
, uchar
*buf
, uint buflen
,
350 memset( k_ipad
, 0x36, 64 );
351 memset( k_opad
, 0x5C, 64 );
353 for( i
= 0; i
< keylen
; i
++ )
362 sha1_update( &ctx
, k_ipad
, 64 );
363 sha1_update( &ctx
, buf
, buflen
);
364 sha1_finish( &ctx
, tmpbuf
);
367 sha1_update( &ctx
, k_opad
, 64 );
368 sha1_update( &ctx
, tmpbuf
, 20 );
369 sha1_finish( &ctx
, digest
);
371 memset( k_ipad
, 0, 64 );
372 memset( k_opad
, 0, 64 );
373 memset( tmpbuf
, 0, 20 );
374 memset( &ctx
, 0, sizeof( sha1_context
) );
379 * FIPS-180-1 test vectors
381 static char *sha1_test_str
[3] =
384 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
388 static uchar sha1_test_sum
[3][20] =
390 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
391 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
392 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
393 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
394 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
395 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
401 int sha1_self_test( void )
408 for( i
= 0; i
< 3; i
++ )
410 printf( " SHA-1 test #%d: ", i
+ 1 );
415 sha1_update( &ctx
, (uchar
*) sha1_test_str
[i
],
416 strlen( sha1_test_str
[i
] ) );
419 memset( buf
, 'a', 1000 );
420 for( j
= 0; j
< 1000; j
++ )
421 sha1_update( &ctx
, (uchar
*) buf
, 1000 );
424 sha1_finish( &ctx
, sha1sum
);
426 if( memcmp( sha1sum
, sha1_test_sum
[i
], 20 ) != 0 )
428 printf( "failed\n" );
432 printf( "passed\n" );
439 int sha1_self_test( void )
441 printf( "SHA-1 self-test not available\n\n" );