2 * Copyright (c) 2007, Cameron Rich
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
9 * * Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 * * Neither the name of the axTLS project nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 * SHA1 implementation - as defined in FIPS PUB 180-1 published April 17, 1995.
33 * This code was originally taken from RFC3174
40 * Define the SHA1 circular left shift macro
42 #define SHA1CircularShift(bits,word) \
43 (((word) << (bits)) | ((word) >> (32-(bits))))
45 /* ----- static functions ----- */
46 static void SHA1PadMessage(SHA1_CTX
*ctx
);
47 static void SHA1ProcessMessageBlock(SHA1_CTX
*ctx
);
50 * Initialize the SHA1 context
52 void SHA1_Init(SHA1_CTX
*ctx
)
56 ctx
->Message_Block_Index
= 0;
57 ctx
->Intermediate_Hash
[0] = 0x67452301;
58 ctx
->Intermediate_Hash
[1] = 0xEFCDAB89;
59 ctx
->Intermediate_Hash
[2] = 0x98BADCFE;
60 ctx
->Intermediate_Hash
[3] = 0x10325476;
61 ctx
->Intermediate_Hash
[4] = 0xC3D2E1F0;
65 * Accepts an array of octets as the next portion of the message.
67 void SHA1_Update(SHA1_CTX
*ctx
, const uint8_t *msg
, int len
)
71 ctx
->Message_Block
[ctx
->Message_Block_Index
++] = (*msg
& 0xFF);
74 if (ctx
->Length_Low
== 0)
77 if (ctx
->Message_Block_Index
== 64)
78 SHA1ProcessMessageBlock(ctx
);
85 * Return the 160-bit message digest into the user's array
87 void SHA1_Final(uint8_t *digest
, SHA1_CTX
*ctx
)
92 memset(ctx
->Message_Block
, 0, 64);
93 ctx
->Length_Low
= 0; /* and clear length */
96 for (i
= 0; i
< SHA1_SIZE
; i
++)
98 digest
[i
] = ctx
->Intermediate_Hash
[i
>>2] >> 8 * ( 3 - ( i
& 0x03 ) );
103 * Process the next 512 bits of the message stored in the array.
105 static void SHA1ProcessMessageBlock(SHA1_CTX
*ctx
)
107 const uint32_t K
[] = { /* Constants defined in SHA-1 */
113 int t
; /* Loop counter */
114 uint32_t temp
; /* Temporary word value */
115 uint32_t W
[80]; /* Word sequence */
116 uint32_t A
, B
, C
, D
, E
; /* Word buffers */
119 * Initialize the first 16 words in the array W
121 for (t
= 0; t
< 16; t
++)
123 W
[t
] = ctx
->Message_Block
[t
* 4] << 24;
124 W
[t
] |= ctx
->Message_Block
[t
* 4 + 1] << 16;
125 W
[t
] |= ctx
->Message_Block
[t
* 4 + 2] << 8;
126 W
[t
] |= ctx
->Message_Block
[t
* 4 + 3];
129 for (t
= 16; t
< 80; t
++)
131 W
[t
] = SHA1CircularShift(1,W
[t
-3] ^ W
[t
-8] ^ W
[t
-14] ^ W
[t
-16]);
134 A
= ctx
->Intermediate_Hash
[0];
135 B
= ctx
->Intermediate_Hash
[1];
136 C
= ctx
->Intermediate_Hash
[2];
137 D
= ctx
->Intermediate_Hash
[3];
138 E
= ctx
->Intermediate_Hash
[4];
140 for (t
= 0; t
< 20; t
++)
142 temp
= SHA1CircularShift(5,A
) +
143 ((B
& C
) | ((~B
) & D
)) + E
+ W
[t
] + K
[0];
146 C
= SHA1CircularShift(30,B
);
152 for (t
= 20; t
< 40; t
++)
154 temp
= SHA1CircularShift(5,A
) + (B
^ C
^ D
) + E
+ W
[t
] + K
[1];
157 C
= SHA1CircularShift(30,B
);
162 for (t
= 40; t
< 60; t
++)
164 temp
= SHA1CircularShift(5,A
) +
165 ((B
& C
) | (B
& D
) | (C
& D
)) + E
+ W
[t
] + K
[2];
168 C
= SHA1CircularShift(30,B
);
173 for (t
= 60; t
< 80; t
++)
175 temp
= SHA1CircularShift(5,A
) + (B
^ C
^ D
) + E
+ W
[t
] + K
[3];
178 C
= SHA1CircularShift(30,B
);
183 ctx
->Intermediate_Hash
[0] += A
;
184 ctx
->Intermediate_Hash
[1] += B
;
185 ctx
->Intermediate_Hash
[2] += C
;
186 ctx
->Intermediate_Hash
[3] += D
;
187 ctx
->Intermediate_Hash
[4] += E
;
188 ctx
->Message_Block_Index
= 0;
192 * According to the standard, the message must be padded to an even
193 * 512 bits. The first padding bit must be a '1'. The last 64
194 * bits represent the length of the original message. All bits in
195 * between should be 0. This function will pad the message
196 * according to those rules by filling the Message_Block array
197 * accordingly. It will also call the ProcessMessageBlock function
198 * provided appropriately. When it returns, it can be assumed that
199 * the message digest has been computed.
201 * @param ctx [in, out] The SHA1 context
203 static void SHA1PadMessage(SHA1_CTX
*ctx
)
206 * Check to see if the current message block is too small to hold
207 * the initial padding bits and length. If so, we will pad the
208 * block, process it, and then continue padding into a second
211 if (ctx
->Message_Block_Index
> 55)
213 ctx
->Message_Block
[ctx
->Message_Block_Index
++] = 0x80;
214 while(ctx
->Message_Block_Index
< 64)
216 ctx
->Message_Block
[ctx
->Message_Block_Index
++] = 0;
219 SHA1ProcessMessageBlock(ctx
);
221 while (ctx
->Message_Block_Index
< 56)
223 ctx
->Message_Block
[ctx
->Message_Block_Index
++] = 0;
228 ctx
->Message_Block
[ctx
->Message_Block_Index
++] = 0x80;
229 while(ctx
->Message_Block_Index
< 56)
232 ctx
->Message_Block
[ctx
->Message_Block_Index
++] = 0;
237 * Store the message length as the last 8 octets
239 ctx
->Message_Block
[56] = ctx
->Length_High
>> 24;
240 ctx
->Message_Block
[57] = ctx
->Length_High
>> 16;
241 ctx
->Message_Block
[58] = ctx
->Length_High
>> 8;
242 ctx
->Message_Block
[59] = ctx
->Length_High
;
243 ctx
->Message_Block
[60] = ctx
->Length_Low
>> 24;
244 ctx
->Message_Block
[61] = ctx
->Length_Low
>> 16;
245 ctx
->Message_Block
[62] = ctx
->Length_Low
>> 8;
246 ctx
->Message_Block
[63] = ctx
->Length_Low
;
247 SHA1ProcessMessageBlock(ctx
);