1 /*
2 SHA-1 in C
3 By Steve Reid <sreid@sea-to-sky.net>
4 100% Public Domain
5
6 -----------------
7 Modified 7/98
8 By James H. Brown <jbrown@burgoyne.com>
9 Still 100% Public Domain
10
11 Corrected a problem which generated improper hash values on 16 bit machines
12 Routine SHA1Update changed from
13 void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int
14 len)
15 to
16 void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned
17 long len)
18
19 The 'len' parameter was declared an int which works fine on 32 bit machines.
20 However, on 16 bit machines an int is too small for the shifts being done
21 against
22 it. This caused the hash function to generate incorrect values if len was
23 greater than 8191 (8K - 1) due to the 'len << 3' on line 3 of SHA1Update().
24
25 Since the file IO in main() reads 16K at a time, any file 8K or larger would
26 be guaranteed to generate the wrong hash (e.g. Test Vector #3, a million
27 "a"s).
28
29 I also changed the declaration of variables i & j in SHA1Update to
30 unsigned long from unsigned int for the same reason.
31
32 These changes should make no difference to any 32 bit implementations since
33 an
34 int and a long are the same size in those environments.
35
36 --
37 I also corrected a few compiler warnings generated by Borland C.
38 1. Added #include <process.h> for exit() prototype
39 2. Removed unused variable 'j' in SHA1Final
40 3. Changed exit(0) to return(0) at end of main.
41
42 ALL changes I made can be located by searching for comments containing 'JHB'
43 -----------------
44 Modified 8/98
45 By Steve Reid <sreid@sea-to-sky.net>
46 Still 100% public domain
47
48 1- Removed #include <process.h> and used return() instead of exit()
49 2- Fixed overwriting of finalcount in SHA1Final() (discovered by Chris Hall)
50 3- Changed email address from steve@edmweb.com to sreid@sea-to-sky.net
51
52 -----------------
53 Modified 4/01
54 By Saul Kravitz <Saul.Kravitz@celera.com>
55 Still 100% PD
56 Modified to run on Compaq Alpha hardware.
57
58
59 */
60
61 /*
62 Test Vectors (from FIPS PUB 180-1)
63 "abc"
64 A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
65 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
66 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
67 A million repetitions of "a"
68 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
69 */
70
71 #include "config.h"
72
73 /* #define SHA1HANDSOFF * Copies data before messing with it. */
74 #define SHA1HANDSOFF
75
76 #ifdef VERBOSE
77 #include <stdio.h>
78 #endif
79 #include <string.h>
80
81 #include "sha1.h"
82
83 /* Use result of AC_C_BIGENDIAN autoconf test. */
84 #ifndef WORDS_BIGENDIAN
85 #define SHA1_LITTLE_ENDIAN 1
86 #endif
87
88
89 #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
90
91 /* blk0() and blk() perform the initial expand. */
92 /* I got the idea of expanding during the round function from SSLeay */
93 #ifdef SHA1_LITTLE_ENDIAN
94 #define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
95 |(rol(block->l[i],8)&0x00FF00FF))
96 #else
97 #define blk0(i) block->l[i]
98 #endif
99 #define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
100 ^block->l[(i+2)&15]^block->l[i&15],1))
101
102 /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
103 #define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
104 #define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
105 #define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
106 #define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
107 #define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
108
109
110 #ifdef VERBOSE /* SAK */
SHAPrintContext(SHA1_CTX * context,char * msg)111 void SHAPrintContext(SHA1_CTX *context, char *msg){
112 printf("%s (%d,%d) %x %x %x %x %x\n",
113 msg,
114 context->count[0], context->count[1],
115 context->state[0],
116 context->state[1],
117 context->state[2],
118 context->state[3],
119 context->state[4]);
120 }
121 #endif
122
123 /* Hash a single 512-bit block. This is the core of the algorithm. */
124
SHA1Transform(uint32_t state[5],unsigned char buffer[64])125 void SHA1Transform(uint32_t state[5], unsigned char buffer[64])
126 {
127 uint32_t a, b, c, d, e;
128 typedef union {
129 unsigned char c[64];
130 uint32_t l[16];
131 } CHAR64LONG16;
132 CHAR64LONG16* block;
133 #ifdef SHA1HANDSOFF
134 static unsigned char workspace[64];
135 block = (CHAR64LONG16*)workspace;
136 memcpy(block, buffer, 64);
137 #else
138 block = (CHAR64LONG16*)buffer;
139 #endif
140 /* Copy context->state[] to working vars */
141 a = state[0];
142 b = state[1];
143 c = state[2];
144 d = state[3];
145 e = state[4];
146 /* 4 rounds of 20 operations each. Loop unrolled. */
147 R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
148 R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
149 R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
150 R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
151 R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
152 R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
153 R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
154 R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
155 R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
156 R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
157 R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
158 R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
159 R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
160 R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
161 R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
162 R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
163 R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
164 R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
165 R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
166 R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
167 /* Add the working vars back into context.state[] */
168 state[0] += a;
169 state[1] += b;
170 state[2] += c;
171 state[3] += d;
172 state[4] += e;
173 /* Wipe variables */
174 a = b = c = d = e = 0;
175 }
176
177
178 /* SHA1Init - Initialize new context */
179
SHA1Init(SHA1_CTX * context)180 void SHA1Init(SHA1_CTX* context)
181 {
182 /* SHA1 initialization constants */
183 context->state[0] = 0x67452301;
184 context->state[1] = 0xEFCDAB89;
185 context->state[2] = 0x98BADCFE;
186 context->state[3] = 0x10325476;
187 context->state[4] = 0xC3D2E1F0;
188 context->count[0] = context->count[1] = 0;
189 }
190
191
192 /* Run your data through this. */
193
SHA1Update(SHA1_CTX * context,unsigned char * data,uint32_t len)194 void SHA1Update(SHA1_CTX* context, unsigned char* data, uint32_t len) /*
195 JHB */
196 {
197 uint32_t i, j; /* JHB */
198
199 #ifdef VERBOSE
200 SHAPrintContext(context, "before");
201 #endif
202 j = (context->count[0] >> 3) & 63;
203 if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++;
204 context->count[1] += (len >> 29);
205 if ((j + len) > 63) {
206 memcpy(&context->buffer[j], data, (i = 64-j));
207 SHA1Transform(context->state, context->buffer);
208 for ( ; i + 63 < len; i += 64) {
209 SHA1Transform(context->state, &data[i]);
210 }
211 j = 0;
212 }
213 else i = 0;
214 memcpy(&context->buffer[j], &data[i], len - i);
215 #ifdef VERBOSE
216 SHAPrintContext(context, "after ");
217 #endif
218 }
219
220
221 /* Add padding and return the message digest. */
222
SHA1Final(unsigned char digest[20],SHA1_CTX * context)223 void SHA1Final(unsigned char digest[20], SHA1_CTX* context)
224 {
225 uint32_t i; /* JHB */
226 unsigned char finalcount[8];
227
228 for (i = 0; i < 8; i++) {
229 finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
230 >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
231 }
232 SHA1Update(context, (unsigned char *)"\200", 1);
233 while ((context->count[0] & 504) != 448) {
234 SHA1Update(context, (unsigned char *)"\0", 1);
235 }
236 SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
237 for (i = 0; i < 20; i++) {
238 digest[i] = (unsigned char)
239 ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
240 }
241 /* Wipe variables */
242 i = 0; /* JHB */
243 memset(context->buffer, 0, 64);
244 memset(context->state, 0, 20);
245 memset(context->count, 0, 8);
246 memset(finalcount, 0, 8); /* SWR */
247 #ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */
248 SHA1Transform(context->state, context->buffer);
249 #endif
250 }
251
252