2 * FIPS-180-1 compliant SHA-1 implementation
4 * Copyright (C) 2001-2003 Christophe Devine
5 * Copyright (C) 2012 Chris Elston, Katalix Systems Ltd <celston@katalix.com>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
21 * Changed to use guint instead of uint 2004 by Anders Broman
22 * Original code found at http://www.cr0.net:8040/code/crypto/sha1/
23 * References: http://www.ietf.org/rfc/rfc3174.txt?number=3174
25 * 2012-08-21 - C Elston - Split sha1_hmac function to allow incremental usage.
32 #include "file_util.h"
34 #define GET_UINT32(n,b,i) \
36 (n) = ( (guint32) (b)[(i) ] << 24 ) \
37 | ( (guint32) (b)[(i) + 1] << 16 ) \
38 | ( (guint32) (b)[(i) + 2] << 8 ) \
39 | ( (guint32) (b)[(i) + 3] ); \
42 #define PUT_UINT32(n,b,i) \
44 (b)[(i) ] = (guint8) ( (n) >> 24 ); \
45 (b)[(i) + 1] = (guint8) ( (n) >> 16 ); \
46 (b)[(i) + 2] = (guint8) ( (n) >> 8 ); \
47 (b)[(i) + 3] = (guint8) ( (n) ); \
50 void sha1_starts( sha1_context *ctx )
55 ctx->state[0] = 0x67452301;
56 ctx->state[1] = 0xEFCDAB89;
57 ctx->state[2] = 0x98BADCFE;
58 ctx->state[3] = 0x10325476;
59 ctx->state[4] = 0xC3D2E1F0;
62 static void sha1_process( sha1_context *ctx, const guint8 data[64] )
64 guint32 temp, W[16], A, B, C, D, E;
66 GET_UINT32( W[0], data, 0 );
67 GET_UINT32( W[1], data, 4 );
68 GET_UINT32( W[2], data, 8 );
69 GET_UINT32( W[3], data, 12 );
70 GET_UINT32( W[4], data, 16 );
71 GET_UINT32( W[5], data, 20 );
72 GET_UINT32( W[6], data, 24 );
73 GET_UINT32( W[7], data, 28 );
74 GET_UINT32( W[8], data, 32 );
75 GET_UINT32( W[9], data, 36 );
76 GET_UINT32( W[10], data, 40 );
77 GET_UINT32( W[11], data, 44 );
78 GET_UINT32( W[12], data, 48 );
79 GET_UINT32( W[13], data, 52 );
80 GET_UINT32( W[14], data, 56 );
81 GET_UINT32( W[15], data, 60 );
83 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
87 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
88 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
89 ( W[t & 0x0F] = S(temp,1) ) \
92 #define P(a,b,c,d,e,x) \
94 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
103 #define F(x,y,z) (z ^ (x & (y ^ z)))
106 P( A, B, C, D, E, W[0] );
107 P( E, A, B, C, D, W[1] );
108 P( D, E, A, B, C, W[2] );
109 P( C, D, E, A, B, W[3] );
110 P( B, C, D, E, A, W[4] );
111 P( A, B, C, D, E, W[5] );
112 P( E, A, B, C, D, W[6] );
113 P( D, E, A, B, C, W[7] );
114 P( C, D, E, A, B, W[8] );
115 P( B, C, D, E, A, W[9] );
116 P( A, B, C, D, E, W[10] );
117 P( E, A, B, C, D, W[11] );
118 P( D, E, A, B, C, W[12] );
119 P( C, D, E, A, B, W[13] );
120 P( B, C, D, E, A, W[14] );
121 P( A, B, C, D, E, W[15] );
122 P( E, A, B, C, D, R(16) );
123 P( D, E, A, B, C, R(17) );
124 P( C, D, E, A, B, R(18) );
125 P( B, C, D, E, A, R(19) );
130 #define F(x,y,z) (x ^ y ^ z)
133 P( A, B, C, D, E, R(20) );
134 P( E, A, B, C, D, R(21) );
135 P( D, E, A, B, C, R(22) );
136 P( C, D, E, A, B, R(23) );
137 P( B, C, D, E, A, R(24) );
138 P( A, B, C, D, E, R(25) );
139 P( E, A, B, C, D, R(26) );
140 P( D, E, A, B, C, R(27) );
141 P( C, D, E, A, B, R(28) );
142 P( B, C, D, E, A, R(29) );
143 P( A, B, C, D, E, R(30) );
144 P( E, A, B, C, D, R(31) );
145 P( D, E, A, B, C, R(32) );
146 P( C, D, E, A, B, R(33) );
147 P( B, C, D, E, A, R(34) );
148 P( A, B, C, D, E, R(35) );
149 P( E, A, B, C, D, R(36) );
150 P( D, E, A, B, C, R(37) );
151 P( C, D, E, A, B, R(38) );
152 P( B, C, D, E, A, R(39) );
157 #define F(x,y,z) ((x & y) | (z & (x | y)))
160 P( A, B, C, D, E, R(40) );
161 P( E, A, B, C, D, R(41) );
162 P( D, E, A, B, C, R(42) );
163 P( C, D, E, A, B, R(43) );
164 P( B, C, D, E, A, R(44) );
165 P( A, B, C, D, E, R(45) );
166 P( E, A, B, C, D, R(46) );
167 P( D, E, A, B, C, R(47) );
168 P( C, D, E, A, B, R(48) );
169 P( B, C, D, E, A, R(49) );
170 P( A, B, C, D, E, R(50) );
171 P( E, A, B, C, D, R(51) );
172 P( D, E, A, B, C, R(52) );
173 P( C, D, E, A, B, R(53) );
174 P( B, C, D, E, A, R(54) );
175 P( A, B, C, D, E, R(55) );
176 P( E, A, B, C, D, R(56) );
177 P( D, E, A, B, C, R(57) );
178 P( C, D, E, A, B, R(58) );
179 P( B, C, D, E, A, R(59) );
184 #define F(x,y,z) (x ^ y ^ z)
187 P( A, B, C, D, E, R(60) );
188 P( E, A, B, C, D, R(61) );
189 P( D, E, A, B, C, R(62) );
190 P( C, D, E, A, B, R(63) );
191 P( B, C, D, E, A, R(64) );
192 P( A, B, C, D, E, R(65) );
193 P( E, A, B, C, D, R(66) );
194 P( D, E, A, B, C, R(67) );
195 P( C, D, E, A, B, R(68) );
196 P( B, C, D, E, A, R(69) );
197 P( A, B, C, D, E, R(70) );
198 P( E, A, B, C, D, R(71) );
199 P( D, E, A, B, C, R(72) );
200 P( C, D, E, A, B, R(73) );
201 P( B, C, D, E, A, R(74) );
202 P( A, B, C, D, E, R(75) );
203 P( E, A, B, C, D, R(76) );
204 P( D, E, A, B, C, R(77) );
205 P( C, D, E, A, B, R(78) );
206 P( B, C, D, E, A, R(79) );
218 void sha1_update( sha1_context *ctx, const guint8 *input, guint32 length )
222 if( ! length ) return;
224 left = ctx->total[0] & 0x3F;
227 ctx->total[0] += length;
228 ctx->total[0] &= 0xFFFFFFFF;
230 if( ctx->total[0] < length )
233 if( left && length >= fill )
235 memcpy( (void *) (ctx->buffer + left),
236 (const void *) input, fill );
237 sha1_process( ctx, ctx->buffer );
243 while( length >= 64 )
245 sha1_process( ctx, input );
252 memcpy( (void *) (ctx->buffer + left),
253 (const void *) input, length );
257 static guint8 sha1_padding[64] =
259 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
260 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
261 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
262 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
265 void sha1_finish( sha1_context *ctx, guint8 digest[20] )
271 high = ( ctx->total[0] >> 29 )
272 | ( ctx->total[1] << 3 );
273 low = ( ctx->total[0] << 3 );
275 PUT_UINT32( high, msglen, 0 );
276 PUT_UINT32( low, msglen, 4 );
278 last = ctx->total[0] & 0x3F;
279 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
281 sha1_update( ctx, sha1_padding, padn );
282 sha1_update( ctx, msglen, 8 );
284 PUT_UINT32( ctx->state[0], digest, 0 );
285 PUT_UINT32( ctx->state[1], digest, 4 );
286 PUT_UINT32( ctx->state[2], digest, 8 );
287 PUT_UINT32( ctx->state[3], digest, 12 );
288 PUT_UINT32( ctx->state[4], digest, 16 );
291 void sha1_hmac_starts( sha1_hmac_context *hctx, const guint8 *key, guint32 keylen )
296 memset( k_ipad, 0x36, 64 );
297 memset( hctx->k_opad, 0x5C, 64 );
299 for( i = 0; i < keylen; i++ )
304 hctx->k_opad[i] ^= key[i];
307 sha1_starts( &hctx->ctx );
308 sha1_update( &hctx->ctx, k_ipad, 64 );
311 void sha1_hmac_update( sha1_hmac_context *hctx, const guint8 *buf, guint32 buflen )
313 sha1_update( &hctx->ctx, buf, buflen );
316 void sha1_hmac_finish( sha1_hmac_context *hctx, guint8 digest[20] )
320 sha1_finish( &hctx->ctx, tmpbuf );
322 sha1_starts( &hctx->ctx );
323 sha1_update( &hctx->ctx, hctx->k_opad, 64 );
324 sha1_update( &hctx->ctx, tmpbuf, 20 );
325 sha1_finish( &hctx->ctx, digest );
328 void sha1_hmac( const guint8 *key, guint32 keylen, const guint8 *buf, guint32 buflen,
331 sha1_hmac_context hctx;
333 sha1_hmac_starts( &hctx, key, keylen );
334 sha1_hmac_update( &hctx, buf, buflen );
335 sha1_hmac_finish( &hctx, digest );
346 * those are the standard FIPS-180-1 test vectors
349 static const char *msg[] =
352 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
356 static const char *val[] =
358 "a9993e364706816aba3e25717850c26c9cd0d89d",
359 "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
360 "34aa973cd4c4daa4f61eeb2bdbad27316534016f"
363 int main( int argc, char *argv[] )
369 unsigned char buf[1000];
370 unsigned char sha1sum[20];
374 printf( "\n SHA-1 Validation Tests:\n\n" );
376 for( i = 0; i < 3; i++ )
378 printf( " Test %d ", i + 1 );
384 sha1_update( &ctx, (guint8 *) msg[i],
389 memset( buf, 'a', 1000 );
391 for( j = 0; j < 1000; j++ )
393 sha1_update( &ctx, (guint8 *) buf, 1000 );
397 sha1_finish( &ctx, sha1sum );
399 for( j = 0; j < 20; j++ )
401 g_snprintf( output + j * 2, 41-j*2, "%02x", sha1sum[j] );
404 if( memcmp( output, val[i], 40 ) )
406 printf( "failed!\n" );
410 printf( "passed.\n" );
417 if( ! ( f = ws_fopen( argv[1], "rb" ) ) )
419 printf("fopen: %s", g_strerror(errno));
425 while( ( i = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
427 sha1_update( &ctx, buf, i );
430 sha1_finish( &ctx, sha1sum );
432 for( j = 0; j < 20; j++ )
434 printf( "%02x", sha1sum[j] );
437 printf( " %s\n", argv[1] );