1 /* 2 SHA-1 in C 3 By Steve Reid <sreid (at) sea-to-sky.net> 4 100% Public Domain 5 6 ----------------- 7 Modified 7/98 8 By James H. Brown <jbrown (at) burgoyne.com> 9 Still 100% Public Domain 10 11 Corrected a problem which generated improper hash values on 16 bit machines 12 Routine SHA1Update changed from 13 void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int 14 len) 15 to 16 void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned 17 long len) 18 19 The 'len' parameter was declared an int which works fine on 32 bit machines. 20 However, on 16 bit machines an int is too small for the shifts being done 21 against 22 it. This caused the hash function to generate incorrect values if len was 23 greater than 8191 (8K - 1) due to the 'len << 3' on line 3 of SHA1Update(). 24 25 Since the file IO in main() reads 16K at a time, any file 8K or larger would 26 be guaranteed to generate the wrong hash (e.g. Test Vector #3, a million 27 "a"s). 28 29 I also changed the declaration of variables i & j in SHA1Update to 30 unsigned long from unsigned int for the same reason. 31 32 These changes should make no difference to any 32 bit implementations since 33 an 34 int and a long are the same size in those environments. 35 36 -- 37 I also corrected a few compiler warnings generated by Borland C. 38 1. Added #include <process.h> for exit() prototype 39 2. Removed unused variable 'j' in SHA1Final 40 3. Changed exit(0) to return(0) at end of main. 41 42 ALL changes I made can be located by searching for comments containing 'JHB' 43 ----------------- 44 Modified 8/98 45 By Steve Reid <sreid (at) sea-to-sky.net> 46 Still 100% public domain 47 48 1- Removed #include <process.h> and used return() instead of exit() 49 2- Fixed overwriting of finalcount in SHA1Final() (discovered by Chris Hall) 50 3- Changed email address from steve (at) edmweb.com to sreid (at) sea-to-sky.net 51 52 ----------------- 53 Modified 4/01 54 By Saul Kravitz <Saul.Kravitz (at) celera.com> 55 Still 100% PD 56 Modified to run on Compaq Alpha hardware. 57 58 ----------------- 59 Modified 2/03 60 By H. Peter Anvin <hpa (at) zytor.com> 61 Still 100% PD 62 Modified to run on any hardware with <inttypes.h> and <netinet/in.h> 63 Changed the driver program 64 65 */ 66 67 /* 68 Test Vectors (from FIPS PUB 180-1) 69 "abc" 70 A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D 71 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" 72 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 73 A million repetitions of "a" 74 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F 75 */ 76 77 /* #define SHA1HANDSOFF */ 78 79 #include <stdio.h> 80 #include <string.h> 81 #include <inttypes.h> 82 #include <netinet/in.h> /* For htonl/ntohl/htons/ntohs */ 83 84 /* #include <process.h> */ /* prototype for exit() - JHB */ 85 /* Using return() instead of exit() - SWR */ 86 87 typedef struct { 88 uint32_t state[5]; 89 uint32_t count[2]; 90 unsigned char buffer[64]; 91 } SHA1_CTX; 92 93 void SHA1Transform(uint32_t state[5], unsigned char buffer[64]); 94 void SHA1Init(SHA1_CTX* context); 95 void SHA1Update(SHA1_CTX* context, unsigned char* data, uint32_t len); /* 96 JHB */ 97 void SHA1Final(unsigned char digest[20], SHA1_CTX* context); 98 99 #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) 100 101 /* blk0() and blk() perform the initial expand. */ 102 /* I got the idea of expanding during the round function from SSLeay */ 103 #define blk0(i) (block->l[i] = ntohl(block->l[i])) 104 #define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ 105 ^block->l[(i+2)&15]^block->l[i&15],1)) 106 107 /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ 108 #define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); 109 #define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); 110 #define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); 111 #define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); 112 #define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); 113 114 115 #ifdef VERBOSE /* SAK */ 116 void SHAPrintContext(SHA1_CTX *context, char *msg){ 117 printf("%s (%d,%d) %x %x %x %x %x\n", 118 msg, 119 context->count[0], context->count[1], 120 context->state[0], 121 context->state[1], 122 context->state[2], 123 context->state[3], 124 context->state[4]); 125 } 126 #endif 127 128 /* Hash a single 512-bit block. This is the core of the algorithm. */ 129 130 void SHA1Transform(uint32_t state[5], unsigned char buffer[64]) 131 { 132 uint32_t a, b, c, d, e; 133 typedef union { 134 unsigned char c[64]; 135 uint32_t l[16]; 136 } CHAR64LONG16; 137 CHAR64LONG16* block; 138 #ifdef SHA1HANDSOFF 139 static unsigned char workspace[64]; 140 block = (CHAR64LONG16*)workspace; 141 memcpy(block, buffer, 64); 142 #else 143 block = (CHAR64LONG16*)buffer; 144 #endif 145 /* Copy context->state[] to working vars */ 146 a = state[0]; 147 b = state[1]; 148 c = state[2]; 149 d = state[3]; 150 e = state[4]; 151 /* 4 rounds of 20 operations each. Loop unrolled. */ 152 R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); 153 R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); 154 R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); 155 R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); 156 R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); 157 R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); 158 R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); 159 R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); 160 R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); 161 R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); 162 R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); 163 R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); 164 R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); 165 R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); 166 R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); 167 R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); 168 R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); 169 R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); 170 R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); 171 R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); 172 /* Add the working vars back into context.state[] */ 173 state[0] += a; 174 state[1] += b; 175 state[2] += c; 176 state[3] += d; 177 state[4] += e; 178 /* Wipe variables */ 179 a = b = c = d = e = 0; 180 } 181 182 183 /* SHA1Init - Initialize new context */ 184 185 void SHA1Init(SHA1_CTX* context) 186 { 187 /* SHA1 initialization constants */ 188 context->state[0] = 0x67452301; 189 context->state[1] = 0xEFCDAB89; 190 context->state[2] = 0x98BADCFE; 191 context->state[3] = 0x10325476; 192 context->state[4] = 0xC3D2E1F0; 193 context->count[0] = context->count[1] = 0; 194 } 195 196 197 /* Run your data through this. */ 198 199 void SHA1Update(SHA1_CTX* context, unsigned char* data, uint32_t len) /* 200 JHB */ 201 { 202 uint32_t i, j; /* JHB */ 203 204 #ifdef VERBOSE 205 SHAPrintContext(context, "before"); 206 #endif 207 j = (context->count[0] >> 3) & 63; 208 if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++; 209 context->count[1] += (len >> 29); 210 if ((j + len) > 63) { 211 memcpy(&context->buffer[j], data, (i = 64-j)); 212 SHA1Transform(context->state, context->buffer); 213 for ( ; i + 63 < len; i += 64) { 214 SHA1Transform(context->state, &data[i]); 215 } 216 j = 0; 217 } 218 else i = 0; 219 memcpy(&context->buffer[j], &data[i], len - i); 220 #ifdef VERBOSE 221 SHAPrintContext(context, "after "); 222 #endif 223 } 224 225 226 /* Add padding and return the message digest. */ 227 228 void SHA1Final(unsigned char digest[20], SHA1_CTX* context) 229 { 230 uint32_t i; /* JHB */ 231 unsigned char finalcount[8]; 232 233 for (i = 0; i < 8; i++) { 234 finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] 235 >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ 236 } 237 SHA1Update(context, (unsigned char *)"\200", 1); 238 while ((context->count[0] & 504) != 448) { 239 SHA1Update(context, (unsigned char *)"\0", 1); 240 } 241 SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ 242 for (i = 0; i < 20; i++) { 243 digest[i] = (unsigned char) 244 ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); 245 } 246 /* Wipe variables */ 247 i = 0; /* JHB */ 248 memset(context->buffer, 0, 64); 249 memset(context->state, 0, 20); 250 memset(context->count, 0, 8); 251 memset(finalcount, 0, 8); /* SWR */ 252 #ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */ 253 SHA1Transform(context->state, context->buffer); 254 #endif 255 } 256 257 /*************************************************************/ 258 259 /* This is not quite the MIME base64 algorithm: it uses _ instead of /, 260 and instead of padding the output with = characters we just make the 261 output shorter. */ 262 char *mybase64(uint8_t digest[20]) 263 { 264 static const char charz[] = 265 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; 266 uint8_t input[21]; 267 static char output[28]; 268 int i, j; 269 uint8_t *p; 270 char *q; 271 uint32_t bv; 272 273 memcpy(input, digest, 20); 274 input[20] = 0; /* Pad to multiple of 3 bytes */ 275 276 p = input; q = output; 277 for ( i = 0 ; i < 7 ; i++ ) { 278 bv = (p[0] << 16) | (p[1] << 8) | p[2]; 279 p += 3; 280 for ( j = 0 ; j < 4 ; j++ ) { 281 *q++ = charz[(bv >> 18) & 0x3f]; 282 bv <<= 6; 283 } 284 } 285 *--q = '\0'; /* The last character is not significant */ 286 return output; 287 } 288 289 int main(int argc, char** argv) 290 { 291 int i; 292 SHA1_CTX context; 293 uint8_t digest[20], buffer[16384]; 294 FILE* file; 295 296 if (argc < 2) { 297 file = stdin; 298 } 299 else { 300 if (!(file = fopen(argv[1], "rb"))) { 301 fputs("Unable to open file.", stderr); 302 return(-1); 303 } 304 } 305 SHA1Init(&context); 306 while (!feof(file)) { /* note: what if ferror(file) */ 307 i = fread(buffer, 1, 16384, file); 308 SHA1Update(&context, buffer, i); 309 } 310 SHA1Final(digest, &context); 311 fclose(file); 312 313 puts(mybase64(digest)); 314 315 return 0; 316 } 317