• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*!
2  * \copy
3  *     Copyright (c)  1998, 2009 Paul E. Jones <paulej@packetizer.com>
4  *     All rights reserved.
5  *
6  *     Redistribution and use in source and binary forms, with or without
7  *     modification, are permitted provided that the following conditions
8  *     are met:
9  *
10  *        * Redistributions of source code must retain the above copyright
11  *          notice, this list of conditions and the following disclaimer.
12  *
13  *        * Redistributions in binary form must reproduce the above copyright
14  *          notice, this list of conditions and the following disclaimer in
15  *          the documentation and/or other materials provided with the
16  *          distribution.
17  *
18  *     THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19  *     "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20  *     LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
21  *     FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22  *     COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
23  *     INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24  *     BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25  *     LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
26  *     CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  *     LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
28  *     ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29  *     POSSIBILITY OF SUCH DAMAGE.
30  *
31  */
32 
33 /*
34  *  Description:
35  *      This file implements the Secure Hashing Standard as defined
36  *      in FIPS PUB 180-1 published April 17, 1995.
37  *
38  *      The Secure Hashing Standard, which uses the Secure Hashing
39  *      Algorithm (SHA), produces a 160-bit message digest for a
40  *      given data stream.  In theory, it is highly improbable that
41  *      two messages will produce the same message digest.  Therefore,
42  *      this algorithm can serve as a means of providing a "fingerprint"
43  *      for a message.
44  *
45  *  Portability Issues:
46  *      SHA-1 is defined in terms of 32-bit "words".  This code was
47  *      written with the expectation that the processor has at least
48  *      a 32-bit machine word size.  If the machine word size is larger,
49  *      the code should still function properly.  One caveat to that
50  *      is that the input functions taking characters and character
51  *      arrays assume that only 8 bits of information are stored in each
52  *      character.
53  *
54  *  Caveats:
55  *      SHA-1 is designed to work with messages less than 2^64 bits
56  *      long. Although SHA-1 allows a message digest to be generated for
57  *      messages of any number of bits less than 2^64, this
58  *      implementation only works with messages with a length that is a
59  *      multiple of the size of an 8-bit character.
60  *
61  */
62 
63 #include "sha1.h"
64 
65 /*
66  *  Define the circular shift macro
67  */
68 #define SHA1CircularShift(bits,word) \
69                 ((((word) << (bits)) & 0xFFFFFFFF) | \
70                 ((word) >> (32-(bits))))
71 
72 /* Function prototypes */
73 void SHA1ProcessMessageBlock(SHA1Context *);
74 void SHA1PadMessage(SHA1Context *);
75 
76 /*
77  *  SHA1Reset
78  *
79  *  Description:
80  *      This function will initialize the SHA1Context in preparation
81  *      for computing a new message digest.
82  *
83  *  Parameters:
84  *      context: [in/out]
85  *          The context to reset.
86  *
87  *  Returns:
88  *      Nothing.
89  *
90  *  Comments:
91  *
92  */
SHA1Reset(SHA1Context * context)93 void SHA1Reset(SHA1Context *context)
94 {
95     context->Length_Low             = 0;
96     context->Length_High            = 0;
97     context->Message_Block_Index    = 0;
98 
99     context->Message_Digest[0]      = 0x67452301;
100     context->Message_Digest[1]      = 0xEFCDAB89;
101     context->Message_Digest[2]      = 0x98BADCFE;
102     context->Message_Digest[3]      = 0x10325476;
103     context->Message_Digest[4]      = 0xC3D2E1F0;
104 
105     context->Computed   = 0;
106     context->Corrupted  = 0;
107 }
108 
109 /*
110  *  SHA1Result
111  *
112  *  Description:
113  *      This function will return the 160-bit message digest into the
114  *      digest array provided as a parameter.
115  *
116  *  Parameters:
117  *      context: [in/out]
118  *          The context to use to calculate the SHA-1 hash.
119  *      digest: [out]
120  *          An array of characters where the digest is written.
121  *
122  *  Returns:
123  *      1 if successful, 0 if it failed.
124  *
125  *  Comments:
126  *
127  */
SHA1Result(SHA1Context * context,unsigned char * digest)128 int SHA1Result(SHA1Context *context, unsigned char *digest)
129 {
130     int i;
131 
132     if (context->Corrupted)
133     {
134         return 0;
135     }
136 
137     if (!context->Computed)
138     {
139         SHA1PadMessage(context);
140         context->Computed = 1;
141     }
142 
143     for (i = 0; i < SHA_DIGEST_LENGTH; i++)
144         digest[i] = context->Message_Digest[i / 4] >> (8 * (3 - (i % 4)));
145 
146     return 1;
147 }
148 
149 /*
150  *  SHA1Input
151  *
152  *  Description:
153  *      This function accepts an array of octets as the next portion of
154  *      the message.
155  *
156  *  Parameters:
157  *      context: [in/out]
158  *          The SHA-1 context to update
159  *      message_array: [in]
160  *          An array of characters representing the next portion of the
161  *          message.
162  *      length: [in]
163  *          The length of the message in message_array
164  *
165  *  Returns:
166  *      Nothing.
167  *
168  *  Comments:
169  *
170  */
SHA1Input(SHA1Context * context,const unsigned char * message_array,unsigned length)171 void SHA1Input(     SHA1Context         *context,
172                     const unsigned char *message_array,
173                     unsigned            length)
174 {
175     if (!length)
176     {
177         return;
178     }
179 
180     if (context->Computed || context->Corrupted)
181     {
182         context->Corrupted = 1;
183         return;
184     }
185 
186     while(length-- && !context->Corrupted)
187     {
188         context->Message_Block[context->Message_Block_Index++] =
189                                                 (*message_array & 0xFF);
190 
191         context->Length_Low += 8;
192         /* Force it to 32 bits */
193         context->Length_Low &= 0xFFFFFFFF;
194         if (context->Length_Low == 0)
195         {
196             context->Length_High++;
197             /* Force it to 32 bits */
198             context->Length_High &= 0xFFFFFFFF;
199             if (context->Length_High == 0)
200             {
201                 /* Message is too long */
202                 context->Corrupted = 1;
203             }
204         }
205 
206         if (context->Message_Block_Index == 64)
207         {
208             SHA1ProcessMessageBlock(context);
209         }
210 
211         message_array++;
212     }
213 }
214 
215 /*
216  *  SHA1ProcessMessageBlock
217  *
218  *  Description:
219  *      This function will process the next 512 bits of the message
220  *      stored in the Message_Block array.
221  *
222  *  Parameters:
223  *      None.
224  *
225  *  Returns:
226  *      Nothing.
227  *
228  *  Comments:
229  *      Many of the variable names in the SHAContext, especially the
230  *      single character names, were used because those were the names
231  *      used in the publication.
232  *
233  *
234  */
SHA1ProcessMessageBlock(SHA1Context * context)235 void SHA1ProcessMessageBlock(SHA1Context *context)
236 {
237     const unsigned K[] =            /* Constants defined in SHA-1   */
238     {
239         0x5A827999,
240         0x6ED9EBA1,
241         0x8F1BBCDC,
242         0xCA62C1D6
243     };
244     int         t;                  /* Loop counter                 */
245     unsigned    temp;               /* Temporary word value         */
246     unsigned    W[80];              /* Word sequence                */
247     unsigned    A, B, C, D, E;      /* Word buffers                 */
248 
249     /*
250      *  Initialize the first 16 words in the array W
251      */
252     for(t = 0; t < 16; t++)
253     {
254         W[t] = ((unsigned) context->Message_Block[t * 4]) << 24;
255         W[t] |= ((unsigned) context->Message_Block[t * 4 + 1]) << 16;
256         W[t] |= ((unsigned) context->Message_Block[t * 4 + 2]) << 8;
257         W[t] |= ((unsigned) context->Message_Block[t * 4 + 3]);
258     }
259 
260     for(t = 16; t < 80; t++)
261     {
262        W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
263     }
264 
265     A = context->Message_Digest[0];
266     B = context->Message_Digest[1];
267     C = context->Message_Digest[2];
268     D = context->Message_Digest[3];
269     E = context->Message_Digest[4];
270 
271     for(t = 0; t < 20; t++)
272     {
273         temp =  SHA1CircularShift(5,A) +
274                 ((B & C) | ((~B) & D)) + E + W[t] + K[0];
275         temp &= 0xFFFFFFFF;
276         E = D;
277         D = C;
278         C = SHA1CircularShift(30,B);
279         B = A;
280         A = temp;
281     }
282 
283     for(t = 20; t < 40; t++)
284     {
285         temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
286         temp &= 0xFFFFFFFF;
287         E = D;
288         D = C;
289         C = SHA1CircularShift(30,B);
290         B = A;
291         A = temp;
292     }
293 
294     for(t = 40; t < 60; t++)
295     {
296         temp = SHA1CircularShift(5,A) +
297                ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
298         temp &= 0xFFFFFFFF;
299         E = D;
300         D = C;
301         C = SHA1CircularShift(30,B);
302         B = A;
303         A = temp;
304     }
305 
306     for(t = 60; t < 80; t++)
307     {
308         temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
309         temp &= 0xFFFFFFFF;
310         E = D;
311         D = C;
312         C = SHA1CircularShift(30,B);
313         B = A;
314         A = temp;
315     }
316 
317     context->Message_Digest[0] =
318                         (context->Message_Digest[0] + A) & 0xFFFFFFFF;
319     context->Message_Digest[1] =
320                         (context->Message_Digest[1] + B) & 0xFFFFFFFF;
321     context->Message_Digest[2] =
322                         (context->Message_Digest[2] + C) & 0xFFFFFFFF;
323     context->Message_Digest[3] =
324                         (context->Message_Digest[3] + D) & 0xFFFFFFFF;
325     context->Message_Digest[4] =
326                         (context->Message_Digest[4] + E) & 0xFFFFFFFF;
327 
328     context->Message_Block_Index = 0;
329 }
330 
331 /*
332  *  SHA1PadMessage
333  *
334  *  Description:
335  *      According to the standard, the message must be padded to an even
336  *      512 bits.  The first padding bit must be a '1'.  The last 64
337  *      bits represent the length of the original message.  All bits in
338  *      between should be 0.  This function will pad the message
339  *      according to those rules by filling the Message_Block array
340  *      accordingly.  It will also call SHA1ProcessMessageBlock()
341  *      appropriately.  When it returns, it can be assumed that the
342  *      message digest has been computed.
343  *
344  *  Parameters:
345  *      context: [in/out]
346  *          The context to pad
347  *
348  *  Returns:
349  *      Nothing.
350  *
351  *  Comments:
352  *
353  */
SHA1PadMessage(SHA1Context * context)354 void SHA1PadMessage(SHA1Context *context)
355 {
356     /*
357      *  Check to see if the current message block is too small to hold
358      *  the initial padding bits and length.  If so, we will pad the
359      *  block, process it, and then continue padding into a second
360      *  block.
361      */
362     if (context->Message_Block_Index > 55)
363     {
364         context->Message_Block[context->Message_Block_Index++] = 0x80;
365         while(context->Message_Block_Index < 64)
366         {
367             context->Message_Block[context->Message_Block_Index++] = 0;
368         }
369 
370         SHA1ProcessMessageBlock(context);
371 
372         while(context->Message_Block_Index < 56)
373         {
374             context->Message_Block[context->Message_Block_Index++] = 0;
375         }
376     }
377     else
378     {
379         context->Message_Block[context->Message_Block_Index++] = 0x80;
380         while(context->Message_Block_Index < 56)
381         {
382             context->Message_Block[context->Message_Block_Index++] = 0;
383         }
384     }
385 
386     /*
387      *  Store the message length as the last 8 octets
388      */
389     context->Message_Block[56] = (context->Length_High >> 24) & 0xFF;
390     context->Message_Block[57] = (context->Length_High >> 16) & 0xFF;
391     context->Message_Block[58] = (context->Length_High >> 8) & 0xFF;
392     context->Message_Block[59] = (context->Length_High) & 0xFF;
393     context->Message_Block[60] = (context->Length_Low >> 24) & 0xFF;
394     context->Message_Block[61] = (context->Length_Low >> 16) & 0xFF;
395     context->Message_Block[62] = (context->Length_Low >> 8) & 0xFF;
396     context->Message_Block[63] = (context->Length_Low) & 0xFF;
397 
398     SHA1ProcessMessageBlock(context);
399 }
400