3 By Steve Reid <sreid@sea-to-sky.net>
8 By James H. Brown <jbrown@burgoyne.com>
9 Still 100% Public Domain
11 Corrected a problem which generated improper hash values on 16 bit machines
12 Routine SHA1Update changed from
13 void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int
16 void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned
19 The 'len' parameter was declared an int which works fine on 32 bit machines.
20 However, on 16 bit machines an int is too small for the shifts being done
22 it. This caused the hash function to generate incorrect values if len was
23 greater than 8191 (8K - 1) due to the 'len << 3' on line 3 of SHA1Update().
25 Since the file IO in main() reads 16K at a time, any file 8K or larger would
26 be guaranteed to generate the wrong hash (e.g. Test Vector #3, a million
29 I also changed the declaration of variables i & j in SHA1Update to
30 unsigned long from unsigned int for the same reason.
32 These changes should make no difference to any 32 bit implementations since
34 int and a long are the same size in those environments.
37 I also corrected a few compiler warnings generated by Borland C.
38 1. Added #include <process.h> for exit() prototype
39 2. Removed unused variable 'j' in SHA1Final
40 3. Changed exit(0) to return(0) at end of main.
42 ALL changes I made can be located by searching for comments containing 'JHB'
45 By Steve Reid <sreid@sea-to-sky.net>
46 Still 100% public domain
48 1- Removed #include <process.h> and used return() instead of exit()
49 2- Fixed overwriting of finalcount in SHA1Final() (discovered by Chris Hall)
50 3- Changed email address from steve@edmweb.com to sreid@sea-to-sky.net
54 By Saul Kravitz <Saul.Kravitz@celera.com>
56 Modified to run on Compaq Alpha hardware.
60 By Ralph Giles <giles@ghostscript.com>
61 Still 100% public domain
62 modified for use with stdint types, autoconf
63 code cleanup, removed attribution comments
64 switched SHA1Final() argument order for consistency
65 use SHA1_ prefix for public api
66 move public api to sha1.h
70 Test Vectors (from FIPS PUB 180-1)
72 A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
73 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
74 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
75 A million repetitions of "a"
76 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
85 static void SHA1_Transform(uint32_t state[5], const uint8_t buffer[64]);
87 #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
89 /* blk0() and blk() perform the initial expand. */
90 /* I got the idea of expanding during the round function from SSLeay */
91 /* FIXME: can we do this in an endian-proof way? */
92 #if __BYTE_ORDER == __BIG_ENDIAN
93 #define blk0(i) block->l[i]
95 #define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
96 |(rol(block->l[i],8)&0x00FF00FF))
98 #define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
99 ^block->l[(i+2)&15]^block->l[i&15],1))
101 /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
102 #define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
103 #define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
104 #define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
105 #define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
106 #define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
109 /* Hash a single 512-bit block. This is the core of the algorithm. */
110 static void SHA1_Transform(uint32_t state[5], const uint8_t buffer[64])
112 uint32_t a, b, c, d, e;
119 block = (CHAR64LONG16*)buffer;
121 /* Copy context->state[] to working vars */
128 /* 4 rounds of 20 operations each. Loop unrolled. */
129 R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
130 R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
131 R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
132 R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
133 R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
134 R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
135 R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
136 R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
137 R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
138 R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
139 R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
140 R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
141 R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
142 R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
143 R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
144 R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
145 R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
146 R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
147 R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
148 R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
150 /* Add the working vars back into context.state[] */
158 a = b = c = d = e = 0;
162 /* SHA1Init - Initialize new context */
163 void sat_SHA1_Init(SHA1_CTX* context)
165 /* SHA1 initialization constants */
166 context->state[0] = 0x67452301;
167 context->state[1] = 0xEFCDAB89;
168 context->state[2] = 0x98BADCFE;
169 context->state[3] = 0x10325476;
170 context->state[4] = 0xC3D2E1F0;
171 context->count[0] = context->count[1] = 0;
175 /* Run your data through this. */
176 void sat_SHA1_Update(SHA1_CTX* context, const uint8_t* data, const size_t len)
181 SHAPrintContext(context, "before");
184 j = (context->count[0] >> 3) & 63;
185 if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++;
186 context->count[1] += (len >> 29);
187 if ((j + len) > 63) {
188 memcpy(&context->buffer[j], data, (i = 64-j));
189 SHA1_Transform(context->state, context->buffer);
190 for ( ; i + 63 < len; i += 64) {
191 SHA1_Transform(context->state, data + i);
196 memcpy(&context->buffer[j], &data[i], len - i);
199 SHAPrintContext(context, "after ");
204 /* Add padding and return the message digest. */
205 void sat_SHA1_Final(SHA1_CTX* context, uint8_t digest[SHA1_DIGEST_SIZE])
208 uint8_t finalcount[8];
210 for (i = 0; i < 8; i++) {
211 finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
212 >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
214 sat_SHA1_Update(context, (uint8_t *)"\200", 1);
215 while ((context->count[0] & 504) != 448) {
216 sat_SHA1_Update(context, (uint8_t *)"\0", 1);
218 sat_SHA1_Update(context, finalcount, 8); /* Should cause a SHA1_Transform() */
219 for (i = 0; i < SHA1_DIGEST_SIZE; i++) {
220 digest[i] = (uint8_t)
221 ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
226 memset(context->buffer, 0, 64);
227 memset(context->state, 0, 20);
228 memset(context->count, 0, 8);
229 memset(finalcount, 0, 8); /* SWR */