1 /* 2 * Copyright (C) The Internet Society (2001). All Rights Reserved. 3 * 4 * This document and translations of it may be copied and furnished to 5 * others, and derivative works that comment on or otherwise explain it 6 * or assist in its implementation may be prepared, copied, published 7 * and distributed, in whole or in part, without restriction of any 8 * kind, provided that the above copyright notice and this paragraph are 9 * included on all such copies and derivative works. However, this 10 * document itself may not be modified in any way, such as by removing 11 * the copyright notice or references to the Internet Society or other 12 * Internet organizations, except as needed for the purpose of 13 * developing Internet standards in which case the procedures for 14 * copyrights defined in the Internet Standards process must be 15 * followed, or as required to translate it into languages other than 16 * English. 17 * 18 * The limited permissions granted above are perpetual and will not be 19 * revoked by the Internet Society or its successors or assigns. 20 * 21 * This document and the information contained herein is provided on an 22 * "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 23 * TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 24 * BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 25 * HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 26 * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 27 */ 28 29 /* 30 * sha1.c 31 * 32 * Description: 33 * This file implements the Secure Hashing Algorithm 1 as 34 * defined in FIPS PUB 180-1 published April 17, 1995. 35 * 36 * The SHA-1, produces a 160-bit message digest for a given 37 * data stream. It should take about 2**n steps to find a 38 * message with the same digest as a given message and 39 * 2**(n/2) to find any two messages with the same digest, 40 * when n is the digest size in bits. Therefore, this 41 * algorithm can serve as a means of providing a 42 * "fingerprint" for a message. 43 * 44 * Portability Issues: 45 * SHA-1 is defined in terms of 32-bit "words". This code 46 * uses <stdint.h> (included via "sha1.h" to define 32 and 8 47 * bit unsigned integer types. If your C compiler does not 48 * support 32 bit unsigned integers, this code is not 49 * appropriate. 50 * 51 * Caveats: 52 * SHA-1 is designed to work with messages less than 2^64 bits 53 * long. Although SHA-1 allows a message digest to be generated 54 * for messages of any number of bits less than 2^64, this 55 * implementation only works with messages with a length that is 56 * a multiple of the size of an 8-bit character. 57 * 58 */ 59 60 #include "sha1.h" 61 62 /* 63 * Define the SHA1 circular left shift macro 64 */ 65 #define SHA1CircularShift(bits,word) \ 66 (((word) << (bits)) | ((word) >> (32-(bits)))) 67 68 /* Local Function Prototyptes */ 69 void SHA1PadMessage(SHA1Context *); 70 void SHA1ProcessMessageBlock(SHA1Context *); 71 72 /* 73 * SHA1Reset 74 * 75 * Description: 76 * This function will initialize the SHA1Context in preparation 77 * for computing a new SHA1 message digest. 78 * 79 * Parameters: 80 * context: [in/out] 81 * The context to reset. 82 * 83 * Returns: 84 * sha Error Code. 85 * 86 */ 87 int SHA1Reset(SHA1Context *context) 88 { 89 if (!context) 90 { 91 return shaNull; 92 } 93 94 context->Length_Low = 0; 95 context->Length_High = 0; 96 context->Message_Block_Index = 0; 97 98 context->Intermediate_Hash[0] = 0x67452301; 99 context->Intermediate_Hash[1] = 0xEFCDAB89; 100 context->Intermediate_Hash[2] = 0x98BADCFE; 101 context->Intermediate_Hash[3] = 0x10325476; 102 context->Intermediate_Hash[4] = 0xC3D2E1F0; 103 104 context->Computed = 0; 105 context->Corrupted = 0; 106 return shaSuccess; 107 } 108 109 /* 110 * SHA1Result 111 * 112 * Description: 113 * This function will return the 160-bit message digest into the 114 * Message_Digest array provided by the caller. 115 * NOTE: The first octet of hash is stored in the 0th element, 116 * the last octet of hash in the 19th element. 117 * 118 * Parameters: 119 * context: [in/out] 120 * The context to use to calculate the SHA-1 hash. 121 * Message_Digest: [out] 122 * Where the digest is returned. 123 * 124 * Returns: 125 * sha Error Code. 126 * 127 */ 128 int SHA1Result( SHA1Context *context, 129 uint8_t Message_Digest[SHA1HashSize]) 130 { 131 int i; 132 133 if (!context || !Message_Digest) 134 { 135 return shaNull; 136 } 137 138 if (context->Corrupted) 139 { 140 return context->Corrupted; 141 } 142 143 if (!context->Computed) 144 { 145 SHA1PadMessage(context); 146 for(i=0; i<64; ++i) 147 { 148 /* message may be sensitive, clear it out */ 149 context->Message_Block[i] = 0; 150 } 151 context->Length_Low = 0; /* and clear length */ 152 context->Length_High = 0; 153 context->Computed = 1; 154 } 155 156 for(i = 0; i < SHA1HashSize; ++i) 157 { 158 Message_Digest[i] = context->Intermediate_Hash[i>>2] 159 >> 8 * ( 3 - ( i & 0x03 ) ); 160 } 161 162 return shaSuccess; 163 } 164 165 /* 166 * SHA1Input 167 * 168 * Description: 169 * This function accepts an array of octets as the next portion 170 * of the message. 171 * 172 * Parameters: 173 * context: [in/out] 174 * The SHA context to update 175 * message_array: [in] 176 * An array of characters representing the next portion of 177 * the message. 178 * length: [in] 179 * The length of the message in message_array 180 * 181 * Returns: 182 * sha Error Code. 183 * 184 */ 185 int SHA1Input( SHA1Context *context, 186 const uint8_t *message_array, 187 unsigned length) 188 { 189 if (!length) 190 { 191 return shaSuccess; 192 } 193 194 if (!context || !message_array) 195 { 196 return shaNull; 197 } 198 199 if (context->Computed) 200 { 201 context->Corrupted = shaStateError; 202 return shaStateError; 203 } 204 205 if (context->Corrupted) 206 { 207 return context->Corrupted; 208 } 209 while(length-- && !context->Corrupted) 210 { 211 context->Message_Block[context->Message_Block_Index++] = 212 (*message_array & 0xFF); 213 214 context->Length_Low += 8; 215 if (context->Length_Low == 0) 216 { 217 context->Length_High++; 218 if (context->Length_High == 0) 219 { 220 /* Message is too long */ 221 context->Corrupted = 1; 222 } 223 } 224 225 if (context->Message_Block_Index == 64) 226 { 227 SHA1ProcessMessageBlock(context); 228 } 229 230 message_array++; 231 } 232 233 return shaSuccess; 234 } 235 236 /* 237 * SHA1ProcessMessageBlock 238 * 239 * Description: 240 * This function will process the next 512 bits of the message 241 * stored in the Message_Block array. 242 * 243 * Parameters: 244 * None. 245 * 246 * Returns: 247 * Nothing. 248 * 249 * Comments: 250 * Many of the variable names in this code, especially the 251 * single character names, were used because those were the 252 * names used in the publication. 253 * 254 * 255 */ 256 void SHA1ProcessMessageBlock(SHA1Context *context) 257 { 258 const uint32_t K[] = { /* Constants defined in SHA-1 */ 259 0x5A827999, 260 0x6ED9EBA1, 261 0x8F1BBCDC, 262 0xCA62C1D6 263 }; 264 int t; /* Loop counter */ 265 uint32_t temp; /* Temporary word value */ 266 uint32_t W[80]; /* Word sequence */ 267 uint32_t A, B, C, D, E; /* Word buffers */ 268 269 /* 270 * Initialize the first 16 words in the array W 271 */ 272 for(t = 0; t < 16; t++) 273 { 274 W[t] = context->Message_Block[t * 4] << 24; 275 W[t] |= context->Message_Block[t * 4 + 1] << 16; 276 W[t] |= context->Message_Block[t * 4 + 2] << 8; 277 W[t] |= context->Message_Block[t * 4 + 3]; 278 } 279 280 for(t = 16; t < 80; t++) 281 { 282 W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]); 283 } 284 285 A = context->Intermediate_Hash[0]; 286 B = context->Intermediate_Hash[1]; 287 C = context->Intermediate_Hash[2]; 288 D = context->Intermediate_Hash[3]; 289 E = context->Intermediate_Hash[4]; 290 291 for(t = 0; t < 20; t++) 292 { 293 temp = SHA1CircularShift(5,A) + 294 ((B & C) | ((~B) & D)) + E + W[t] + K[0]; 295 E = D; 296 D = C; 297 C = SHA1CircularShift(30,B); 298 B = A; 299 A = temp; 300 } 301 302 for(t = 20; t < 40; t++) 303 { 304 temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1]; 305 E = D; 306 D = C; 307 C = SHA1CircularShift(30,B); 308 B = A; 309 A = temp; 310 } 311 312 for(t = 40; t < 60; t++) 313 { 314 temp = SHA1CircularShift(5,A) + 315 ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2]; 316 E = D; 317 D = C; 318 C = SHA1CircularShift(30,B); 319 B = A; 320 A = temp; 321 } 322 323 for(t = 60; t < 80; t++) 324 { 325 temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3]; 326 E = D; 327 D = C; 328 C = SHA1CircularShift(30,B); 329 B = A; 330 A = temp; 331 } 332 333 context->Intermediate_Hash[0] += A; 334 context->Intermediate_Hash[1] += B; 335 context->Intermediate_Hash[2] += C; 336 context->Intermediate_Hash[3] += D; 337 context->Intermediate_Hash[4] += E; 338 339 context->Message_Block_Index = 0; 340 } 341 342 343 /* 344 * SHA1PadMessage 345 * 346 * Description: 347 * According to the standard, the message must be padded to an even 348 * 512 bits. The first padding bit must be a '1'. The last 64 349 * bits represent the length of the original message. All bits in 350 * between should be 0. This function will pad the message 351 * according to those rules by filling the Message_Block array 352 * accordingly. It will also call the ProcessMessageBlock function 353 * provided appropriately. When it returns, it can be assumed that 354 * the message digest has been computed. 355 * 356 * Parameters: 357 * context: [in/out] 358 * The context to pad 359 * ProcessMessageBlock: [in] 360 * The appropriate SHA*ProcessMessageBlock function 361 * Returns: 362 * Nothing. 363 * 364 */ 365 366 void SHA1PadMessage(SHA1Context *context) 367 { 368 /* 369 * Check to see if the current message block is too small to hold 370 * the initial padding bits and length. If so, we will pad the 371 * block, process it, and then continue padding into a second 372 * block. 373 */ 374 if (context->Message_Block_Index > 55) 375 { 376 context->Message_Block[context->Message_Block_Index++] = 0x80; 377 while(context->Message_Block_Index < 64) 378 { 379 context->Message_Block[context->Message_Block_Index++] = 0; 380 } 381 382 SHA1ProcessMessageBlock(context); 383 384 while(context->Message_Block_Index < 56) 385 { 386 context->Message_Block[context->Message_Block_Index++] = 0; 387 } 388 } 389 else 390 { 391 context->Message_Block[context->Message_Block_Index++] = 0x80; 392 while(context->Message_Block_Index < 56) 393 { 394 context->Message_Block[context->Message_Block_Index++] = 0; 395 } 396 } 397 398 /* 399 * Store the message length as the last 8 octets 400 */ 401 context->Message_Block[56] = context->Length_High >> 24; 402 context->Message_Block[57] = context->Length_High >> 16; 403 context->Message_Block[58] = context->Length_High >> 8; 404 context->Message_Block[59] = context->Length_High; 405 context->Message_Block[60] = context->Length_Low >> 24; 406 context->Message_Block[61] = context->Length_Low >> 16; 407 context->Message_Block[62] = context->Length_Low >> 8; 408 context->Message_Block[63] = context->Length_Low; 409 410 SHA1ProcessMessageBlock(context); 411 } 412
