root / tests / sha1.c @ a8d3431a
History | View | Annotate | Download (7.4 kB)
1 |
|
---|---|
2 |
/* from valgrind tests */
|
3 |
|
4 |
/* ================ sha1.c ================ */
|
5 |
/*
|
6 |
SHA-1 in C
|
7 |
By Steve Reid <steve@edmweb.com>
|
8 |
100% Public Domain
|
9 |
|
10 |
Test Vectors (from FIPS PUB 180-1)
|
11 |
"abc"
|
12 |
A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
|
13 |
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
|
14 |
84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
|
15 |
A million repetitions of "a"
|
16 |
34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
|
17 |
*/
|
18 |
|
19 |
/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
|
20 |
/* #define SHA1HANDSOFF * Copies data before messing with it. */
|
21 |
|
22 |
#define SHA1HANDSOFF
|
23 |
|
24 |
#include <stdio.h> |
25 |
#include <string.h> |
26 |
#include <sys/types.h> /* for u_int*_t */ |
27 |
|
28 |
/* ================ sha1.h ================ */
|
29 |
/*
|
30 |
SHA-1 in C
|
31 |
By Steve Reid <steve@edmweb.com>
|
32 |
100% Public Domain
|
33 |
*/
|
34 |
|
35 |
typedef struct { |
36 |
u_int32_t state[5];
|
37 |
u_int32_t count[2];
|
38 |
unsigned char buffer[64]; |
39 |
} SHA1_CTX; |
40 |
|
41 |
void SHA1Transform(u_int32_t state[5], const unsigned char buffer[64]); |
42 |
void SHA1Init(SHA1_CTX* context);
|
43 |
void SHA1Update(SHA1_CTX* context, const unsigned char* data, u_int32_t len); |
44 |
void SHA1Final(unsigned char digest[20], SHA1_CTX* context); |
45 |
/* ================ end of sha1.h ================ */
|
46 |
#include <endian.h> |
47 |
|
48 |
#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) |
49 |
|
50 |
/* blk0() and blk() perform the initial expand. */
|
51 |
/* I got the idea of expanding during the round function from SSLeay */
|
52 |
#if BYTE_ORDER == LITTLE_ENDIAN
|
53 |
#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ |
54 |
|(rol(block->l[i],8)&0x00FF00FF)) |
55 |
#elif BYTE_ORDER == BIG_ENDIAN
|
56 |
#define blk0(i) block->l[i]
|
57 |
#else
|
58 |
#error "Endianness not defined!" |
59 |
#endif
|
60 |
#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ |
61 |
^block->l[(i+2)&15]^block->l[i&15],1)) |
62 |
|
63 |
/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
|
64 |
#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); |
65 |
#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); |
66 |
#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); |
67 |
#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); |
68 |
#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); |
69 |
|
70 |
|
71 |
/* Hash a single 512-bit block. This is the core of the algorithm. */
|
72 |
|
73 |
void SHA1Transform(u_int32_t state[5], const unsigned char buffer[64]) |
74 |
{ |
75 |
u_int32_t a, b, c, d, e; |
76 |
typedef union { |
77 |
unsigned char c[64]; |
78 |
u_int32_t l[16];
|
79 |
} CHAR64LONG16; |
80 |
#ifdef SHA1HANDSOFF
|
81 |
CHAR64LONG16 block[1]; /* use array to appear as a pointer */ |
82 |
memcpy(block, buffer, 64);
|
83 |
#else
|
84 |
/* The following had better never be used because it causes the
|
85 |
* pointer-to-const buffer to be cast into a pointer to non-const.
|
86 |
* And the result is written through. I threw a "const" in, hoping
|
87 |
* this will cause a diagnostic.
|
88 |
*/
|
89 |
CHAR64LONG16* block = (const CHAR64LONG16*)buffer;
|
90 |
#endif
|
91 |
/* Copy context->state[] to working vars */
|
92 |
a = state[0];
|
93 |
b = state[1];
|
94 |
c = state[2];
|
95 |
d = state[3];
|
96 |
e = state[4];
|
97 |
/* 4 rounds of 20 operations each. Loop unrolled. */
|
98 |
R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); |
99 |
R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); |
100 |
R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); |
101 |
R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); |
102 |
R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); |
103 |
R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); |
104 |
R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); |
105 |
R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); |
106 |
R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); |
107 |
R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); |
108 |
R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); |
109 |
R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); |
110 |
R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); |
111 |
R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); |
112 |
R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); |
113 |
R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); |
114 |
R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); |
115 |
R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); |
116 |
R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); |
117 |
R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); |
118 |
/* Add the working vars back into context.state[] */
|
119 |
state[0] += a;
|
120 |
state[1] += b;
|
121 |
state[2] += c;
|
122 |
state[3] += d;
|
123 |
state[4] += e;
|
124 |
/* Wipe variables */
|
125 |
a = b = c = d = e = 0;
|
126 |
#ifdef SHA1HANDSOFF
|
127 |
memset(block, '\0', sizeof(block)); |
128 |
#endif
|
129 |
} |
130 |
|
131 |
|
132 |
/* SHA1Init - Initialize new context */
|
133 |
|
134 |
void SHA1Init(SHA1_CTX* context)
|
135 |
{ |
136 |
/* SHA1 initialization constants */
|
137 |
context->state[0] = 0x67452301; |
138 |
context->state[1] = 0xEFCDAB89; |
139 |
context->state[2] = 0x98BADCFE; |
140 |
context->state[3] = 0x10325476; |
141 |
context->state[4] = 0xC3D2E1F0; |
142 |
context->count[0] = context->count[1] = 0; |
143 |
} |
144 |
|
145 |
|
146 |
/* Run your data through this. */
|
147 |
|
148 |
void SHA1Update(SHA1_CTX* context, const unsigned char* data, u_int32_t len) |
149 |
{ |
150 |
u_int32_t i; |
151 |
u_int32_t j; |
152 |
|
153 |
j = context->count[0];
|
154 |
if ((context->count[0] += len << 3) < j) |
155 |
context->count[1]++;
|
156 |
context->count[1] += (len>>29); |
157 |
j = (j >> 3) & 63; |
158 |
if ((j + len) > 63) { |
159 |
memcpy(&context->buffer[j], data, (i = 64-j));
|
160 |
SHA1Transform(context->state, context->buffer); |
161 |
for ( ; i + 63 < len; i += 64) { |
162 |
SHA1Transform(context->state, &data[i]); |
163 |
} |
164 |
j = 0;
|
165 |
} |
166 |
else i = 0; |
167 |
memcpy(&context->buffer[j], &data[i], len - i); |
168 |
} |
169 |
|
170 |
|
171 |
/* Add padding and return the message digest. */
|
172 |
|
173 |
void SHA1Final(unsigned char digest[20], SHA1_CTX* context) |
174 |
{ |
175 |
unsigned i;
|
176 |
unsigned char finalcount[8]; |
177 |
unsigned char c; |
178 |
|
179 |
#if 0 /* untested "improvement" by DHR */
|
180 |
/* Convert context->count to a sequence of bytes
|
181 |
* in finalcount. Second element first, but
|
182 |
* big-endian order within element.
|
183 |
* But we do it all backwards.
|
184 |
*/
|
185 |
unsigned char *fcp = &finalcount[8];
|
186 |
|
187 |
for (i = 0; i < 2; i++)
|
188 |
{
|
189 |
u_int32_t t = context->count[i];
|
190 |
int j;
|
191 |
|
192 |
for (j = 0; j < 4; t >>= 8, j++)
|
193 |
*--fcp = (unsigned char) t
|
194 |
}
|
195 |
#else
|
196 |
for (i = 0; i < 8; i++) { |
197 |
finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] |
198 |
>> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ |
199 |
} |
200 |
#endif
|
201 |
c = 0200;
|
202 |
SHA1Update(context, &c, 1);
|
203 |
while ((context->count[0] & 504) != 448) { |
204 |
c = 0000;
|
205 |
SHA1Update(context, &c, 1);
|
206 |
} |
207 |
SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ |
208 |
for (i = 0; i < 20; i++) { |
209 |
digest[i] = (unsigned char) |
210 |
((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); |
211 |
} |
212 |
/* Wipe variables */
|
213 |
memset(context, '\0', sizeof(*context)); |
214 |
memset(&finalcount, '\0', sizeof(finalcount)); |
215 |
} |
216 |
/* ================ end of sha1.c ================ */
|
217 |
|
218 |
#define BUFSIZE 4096 |
219 |
|
220 |
int
|
221 |
main(int argc, char **argv) |
222 |
{ |
223 |
SHA1_CTX ctx; |
224 |
unsigned char hash[20], buf[BUFSIZE]; |
225 |
int i;
|
226 |
|
227 |
for(i=0;i<BUFSIZE;i++) |
228 |
buf[i] = i; |
229 |
|
230 |
SHA1Init(&ctx); |
231 |
for(i=0;i<1000;i++) |
232 |
SHA1Update(&ctx, buf, BUFSIZE); |
233 |
SHA1Final(hash, &ctx); |
234 |
|
235 |
printf("SHA1=");
|
236 |
for(i=0;i<20;i++) |
237 |
printf("%02x", hash[i]);
|
238 |
printf("\n");
|
239 |
return 0; |
240 |
} |
241 |
|
242 |
|