2 * FIPS-180-1 compliant SHA-1 implementation
6 * Copyright (C) 2001-2003 Christophe Devine
7 * Copyright (C) 2012 Chris Elston, Katalix Systems Ltd <celston@katalix.com>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
23 * Changed to use guint instead of uint 2004 by Anders Broman
24 * Original code found at http://www.cr0.net:8040/code/crypto/sha1/
25 * References: http://www.ietf.org/rfc/rfc3174.txt?number=3174
27 * 2012-08-21 - C Elston - Split sha1_hmac function to allow incremental usage.
34 #include "file_util.h"
36 #define GET_UINT32(n,b,i) \
38 (n) = ( (guint32) (b)[(i) ] << 24 ) \
39 | ( (guint32) (b)[(i) + 1] << 16 ) \
40 | ( (guint32) (b)[(i) + 2] << 8 ) \
41 | ( (guint32) (b)[(i) + 3] ); \
44 #define PUT_UINT32(n,b,i) \
46 (b)[(i) ] = (guint8) ( (n) >> 24 ); \
47 (b)[(i) + 1] = (guint8) ( (n) >> 16 ); \
48 (b)[(i) + 2] = (guint8) ( (n) >> 8 ); \
49 (b)[(i) + 3] = (guint8) ( (n) ); \
52 void sha1_starts( sha1_context *ctx )
57 ctx->state[0] = 0x67452301;
58 ctx->state[1] = 0xEFCDAB89;
59 ctx->state[2] = 0x98BADCFE;
60 ctx->state[3] = 0x10325476;
61 ctx->state[4] = 0xC3D2E1F0;
64 static void sha1_process( sha1_context *ctx, const guint8 data[64] )
66 guint32 temp, W[16], A, B, C, D, E;
68 GET_UINT32( W[0], data, 0 );
69 GET_UINT32( W[1], data, 4 );
70 GET_UINT32( W[2], data, 8 );
71 GET_UINT32( W[3], data, 12 );
72 GET_UINT32( W[4], data, 16 );
73 GET_UINT32( W[5], data, 20 );
74 GET_UINT32( W[6], data, 24 );
75 GET_UINT32( W[7], data, 28 );
76 GET_UINT32( W[8], data, 32 );
77 GET_UINT32( W[9], data, 36 );
78 GET_UINT32( W[10], data, 40 );
79 GET_UINT32( W[11], data, 44 );
80 GET_UINT32( W[12], data, 48 );
81 GET_UINT32( W[13], data, 52 );
82 GET_UINT32( W[14], data, 56 );
83 GET_UINT32( W[15], data, 60 );
85 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
89 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
90 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
91 ( W[t & 0x0F] = S(temp,1) ) \
94 #define P(a,b,c,d,e,x) \
96 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
105 #define F(x,y,z) (z ^ (x & (y ^ z)))
108 P( A, B, C, D, E, W[0] );
109 P( E, A, B, C, D, W[1] );
110 P( D, E, A, B, C, W[2] );
111 P( C, D, E, A, B, W[3] );
112 P( B, C, D, E, A, W[4] );
113 P( A, B, C, D, E, W[5] );
114 P( E, A, B, C, D, W[6] );
115 P( D, E, A, B, C, W[7] );
116 P( C, D, E, A, B, W[8] );
117 P( B, C, D, E, A, W[9] );
118 P( A, B, C, D, E, W[10] );
119 P( E, A, B, C, D, W[11] );
120 P( D, E, A, B, C, W[12] );
121 P( C, D, E, A, B, W[13] );
122 P( B, C, D, E, A, W[14] );
123 P( A, B, C, D, E, W[15] );
124 P( E, A, B, C, D, R(16) );
125 P( D, E, A, B, C, R(17) );
126 P( C, D, E, A, B, R(18) );
127 P( B, C, D, E, A, R(19) );
132 #define F(x,y,z) (x ^ y ^ z)
135 P( A, B, C, D, E, R(20) );
136 P( E, A, B, C, D, R(21) );
137 P( D, E, A, B, C, R(22) );
138 P( C, D, E, A, B, R(23) );
139 P( B, C, D, E, A, R(24) );
140 P( A, B, C, D, E, R(25) );
141 P( E, A, B, C, D, R(26) );
142 P( D, E, A, B, C, R(27) );
143 P( C, D, E, A, B, R(28) );
144 P( B, C, D, E, A, R(29) );
145 P( A, B, C, D, E, R(30) );
146 P( E, A, B, C, D, R(31) );
147 P( D, E, A, B, C, R(32) );
148 P( C, D, E, A, B, R(33) );
149 P( B, C, D, E, A, R(34) );
150 P( A, B, C, D, E, R(35) );
151 P( E, A, B, C, D, R(36) );
152 P( D, E, A, B, C, R(37) );
153 P( C, D, E, A, B, R(38) );
154 P( B, C, D, E, A, R(39) );
159 #define F(x,y,z) ((x & y) | (z & (x | y)))
162 P( A, B, C, D, E, R(40) );
163 P( E, A, B, C, D, R(41) );
164 P( D, E, A, B, C, R(42) );
165 P( C, D, E, A, B, R(43) );
166 P( B, C, D, E, A, R(44) );
167 P( A, B, C, D, E, R(45) );
168 P( E, A, B, C, D, R(46) );
169 P( D, E, A, B, C, R(47) );
170 P( C, D, E, A, B, R(48) );
171 P( B, C, D, E, A, R(49) );
172 P( A, B, C, D, E, R(50) );
173 P( E, A, B, C, D, R(51) );
174 P( D, E, A, B, C, R(52) );
175 P( C, D, E, A, B, R(53) );
176 P( B, C, D, E, A, R(54) );
177 P( A, B, C, D, E, R(55) );
178 P( E, A, B, C, D, R(56) );
179 P( D, E, A, B, C, R(57) );
180 P( C, D, E, A, B, R(58) );
181 P( B, C, D, E, A, R(59) );
186 #define F(x,y,z) (x ^ y ^ z)
189 P( A, B, C, D, E, R(60) );
190 P( E, A, B, C, D, R(61) );
191 P( D, E, A, B, C, R(62) );
192 P( C, D, E, A, B, R(63) );
193 P( B, C, D, E, A, R(64) );
194 P( A, B, C, D, E, R(65) );
195 P( E, A, B, C, D, R(66) );
196 P( D, E, A, B, C, R(67) );
197 P( C, D, E, A, B, R(68) );
198 P( B, C, D, E, A, R(69) );
199 P( A, B, C, D, E, R(70) );
200 P( E, A, B, C, D, R(71) );
201 P( D, E, A, B, C, R(72) );
202 P( C, D, E, A, B, R(73) );
203 P( B, C, D, E, A, R(74) );
204 P( A, B, C, D, E, R(75) );
205 P( E, A, B, C, D, R(76) );
206 P( D, E, A, B, C, R(77) );
207 P( C, D, E, A, B, R(78) );
208 P( B, C, D, E, A, R(79) );
220 void sha1_update( sha1_context *ctx, const guint8 *input, guint32 length )
224 if( ! length ) return;
226 left = ctx->total[0] & 0x3F;
229 ctx->total[0] += length;
230 ctx->total[0] &= 0xFFFFFFFF;
232 if( ctx->total[0] < length )
235 if( left && length >= fill )
237 memcpy( (void *) (ctx->buffer + left),
238 (const void *) input, fill );
239 sha1_process( ctx, ctx->buffer );
245 while( length >= 64 )
247 sha1_process( ctx, input );
254 memcpy( (void *) (ctx->buffer + left),
255 (const void *) input, length );
259 static guint8 sha1_padding[64] =
261 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
262 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
263 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
264 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
267 void sha1_finish( sha1_context *ctx, guint8 digest[20] )
273 high = ( ctx->total[0] >> 29 )
274 | ( ctx->total[1] << 3 );
275 low = ( ctx->total[0] << 3 );
277 PUT_UINT32( high, msglen, 0 );
278 PUT_UINT32( low, msglen, 4 );
280 last = ctx->total[0] & 0x3F;
281 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
283 sha1_update( ctx, sha1_padding, padn );
284 sha1_update( ctx, msglen, 8 );
286 PUT_UINT32( ctx->state[0], digest, 0 );
287 PUT_UINT32( ctx->state[1], digest, 4 );
288 PUT_UINT32( ctx->state[2], digest, 8 );
289 PUT_UINT32( ctx->state[3], digest, 12 );
290 PUT_UINT32( ctx->state[4], digest, 16 );
293 void sha1_hmac_starts( sha1_hmac_context *hctx, const guint8 *key, guint32 keylen )
298 memset( k_ipad, 0x36, 64 );
299 memset( hctx->k_opad, 0x5C, 64 );
301 for( i = 0; i < keylen; i++ )
306 hctx->k_opad[i] ^= key[i];
309 sha1_starts( &hctx->ctx );
310 sha1_update( &hctx->ctx, k_ipad, 64 );
313 void sha1_hmac_update( sha1_hmac_context *hctx, const guint8 *buf, guint32 buflen )
315 sha1_update( &hctx->ctx, buf, buflen );
318 void sha1_hmac_finish( sha1_hmac_context *hctx, guint8 digest[20] )
322 sha1_finish( &hctx->ctx, tmpbuf );
324 sha1_starts( &hctx->ctx );
325 sha1_update( &hctx->ctx, hctx->k_opad, 64 );
326 sha1_update( &hctx->ctx, tmpbuf, 20 );
327 sha1_finish( &hctx->ctx, digest );
330 void sha1_hmac( const guint8 *key, guint32 keylen, const guint8 *buf, guint32 buflen,
333 sha1_hmac_context hctx;
335 sha1_hmac_starts( &hctx, key, keylen );
336 sha1_hmac_update( &hctx, buf, buflen );
337 sha1_hmac_finish( &hctx, digest );
348 * those are the standard FIPS-180-1 test vectors
351 static const char *msg[] =
354 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
358 static const char *val[] =
360 "a9993e364706816aba3e25717850c26c9cd0d89d",
361 "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
362 "34aa973cd4c4daa4f61eeb2bdbad27316534016f"
365 int main( int argc, char *argv[] )
371 unsigned char buf[1000];
372 unsigned char sha1sum[20];
376 printf( "\n SHA-1 Validation Tests:\n\n" );
378 for( i = 0; i < 3; i++ )
380 printf( " Test %d ", i + 1 );
386 sha1_update( &ctx, (guint8 *) msg[i],
391 memset( buf, 'a', 1000 );
393 for( j = 0; j < 1000; j++ )
395 sha1_update( &ctx, (guint8 *) buf, 1000 );
399 sha1_finish( &ctx, sha1sum );
401 for( j = 0; j < 20; j++ )
403 g_snprintf( output + j * 2, 41-j*2, "%02x", sha1sum[j] );
406 if( memcmp( output, val[i], 40 ) )
408 printf( "failed!\n" );
412 printf( "passed.\n" );
419 if( ! ( f = ws_fopen( argv[1], "rb" ) ) )
421 printf("fopen: %s", g_strerror(errno));
427 while( ( i = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
429 sha1_update( &ctx, buf, i );
432 sha1_finish( &ctx, sha1sum );
434 for( j = 0; j < 20; j++ )
436 printf( "%02x", sha1sum[j] );
439 printf( " %s\n", argv[1] );