5 * This file implements the Secure Hashing Algorithm 1 as
6 * defined in FIPS PUB 180-1 published April 17, 1995.
8 * The SHA-1, produces a 160-bit message digest for a given
9 * data stream. It should take about 2**n steps to find a
10 * message with the same digest as a given message and
11 * 2**(n/2) to find any two messages with the same digest,
12 * when n is the digest size in bits. Therefore, this
13 * algorithm can serve as a means of providing a
14 * "fingerprint" for a message.
17 * SHA-1 is defined in terms of 32-bit "words". This code
18 * uses <stdint.h> (included via "sha1.h" to define 32 and 8
19 * bit unsigned integer types. If your C compiler does not
20 * support 32 bit unsigned integers, this code is not
24 * SHA-1 is designed to work with messages less than 2^64 bits
25 * long. Although SHA-1 allows a message digest to be generated
26 * for messages of any number of bits less than 2^64, this
27 * implementation only works with messages with a length that is
28 * a multiple of the size of an 8-bit character.
30 * See sha1.h for copyright
36 * Define the SHA1 circular left shift macro
38 #define SHA1CircularShift(bits,word) \
39 (((word) << (bits)) | ((word) >> (32-(bits))))
41 /* Local Function Prototyptes */
42 static void SHA1PadMessage(SHA1Context *);
43 static void SHA1ProcessMessageBlock(SHA1Context *);
49 * This function will initialize the SHA1Context in preparation
50 * for computing a new SHA1 message digest.
54 * The context to reset.
60 int SHA1Init(SHA1Context *context)
67 context->Length_Low = 0;
68 context->Length_High = 0;
69 context->Message_Block_Index = 0;
71 context->Intermediate_Hash[0] = 0x67452301;
72 context->Intermediate_Hash[1] = 0xEFCDAB89;
73 context->Intermediate_Hash[2] = 0x98BADCFE;
74 context->Intermediate_Hash[3] = 0x10325476;
75 context->Intermediate_Hash[4] = 0xC3D2E1F0;
77 context->Computed = 0;
78 context->Corrupted = 0;
87 * This function will return the 160-bit message digest into the
88 * Message_Digest array provided by the caller.
89 * NOTE: The first octet of hash is stored in the 0th element,
90 * the last octet of hash in the 19th element.
94 * The context to use to calculate the SHA-1 hash.
95 * Message_Digest: [out]
96 * Where the digest is returned.
102 int SHA1Final(SHA1Context *context,
103 uint8_t Message_Digest[SHA1HashSize])
107 if (!context || !Message_Digest) {
111 if (context->Corrupted) {
112 return context->Corrupted;
115 if (!context->Computed) {
116 SHA1PadMessage(context);
117 for(i=0; i<64; ++i) {
118 /* message may be sensitive, clear it out */
119 context->Message_Block[i] = 0;
121 context->Length_Low = 0; /* and clear length */
122 context->Length_High = 0;
123 context->Computed = 1;
127 for(i = 0; i < SHA1HashSize; ++i) {
128 Message_Digest[i] = context->Intermediate_Hash[i>>2]
129 >> 8 * ( 3 - ( i & 0x03 ) );
139 * This function accepts an array of octets as the next portion
144 * The SHA context to update
145 * message_array: [in]
146 * An array of characters representing the next portion of
149 * The length of the message in message_array
155 int SHA1Update(SHA1Context *context,
156 const uint8_t *message_array,
163 if (!context || !message_array) {
167 if (context->Computed) {
168 context->Corrupted = shaStateError;
170 return shaStateError;
173 if (context->Corrupted) {
174 return context->Corrupted;
176 while(length-- && !context->Corrupted) {
177 context->Message_Block[context->Message_Block_Index++] =
178 (*message_array & 0xFF);
180 context->Length_Low += 8;
181 if (context->Length_Low == 0) {
182 context->Length_High++;
183 if (context->Length_High == 0) {
184 /* Message is too long */
185 context->Corrupted = 1;
189 if (context->Message_Block_Index == 64) {
190 SHA1ProcessMessageBlock(context);
200 * SHA1ProcessMessageBlock
203 * This function will process the next 512 bits of the message
204 * stored in the Message_Block array.
214 * Many of the variable names in this code, especially the
215 * single character names, were used because those were the
216 * names used in the publication.
220 static void SHA1ProcessMessageBlock(SHA1Context *context)
222 const uint32_t K[] = { /* Constants defined in SHA-1 */
228 int t; /* Loop counter */
229 uint32_t temp; /* Temporary word value */
230 uint32_t W[80]; /* Word sequence */
231 uint32_t A, B, C, D, E; /* Word buffers */
234 * Initialize the first 16 words in the array W
236 for(t = 0; t < 16; t++) {
237 W[t] = context->Message_Block[t * 4] << 24;
238 W[t] |= context->Message_Block[t * 4 + 1] << 16;
239 W[t] |= context->Message_Block[t * 4 + 2] << 8;
240 W[t] |= context->Message_Block[t * 4 + 3];
243 for(t = 16; t < 80; t++) {
244 W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
247 A = context->Intermediate_Hash[0];
248 B = context->Intermediate_Hash[1];
249 C = context->Intermediate_Hash[2];
250 D = context->Intermediate_Hash[3];
251 E = context->Intermediate_Hash[4];
253 for(t = 0; t < 20; t++) {
254 temp = SHA1CircularShift(5,A) +
255 ((B & C) | ((~B) & D)) + E + W[t] + K[0];
258 C = SHA1CircularShift(30,B);
264 for(t = 20; t < 40; t++) {
265 temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
268 C = SHA1CircularShift(30,B);
273 for(t = 40; t < 60; t++) {
274 temp = SHA1CircularShift(5,A) +
275 ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
278 C = SHA1CircularShift(30,B);
283 for(t = 60; t < 80; t++) {
284 temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
287 C = SHA1CircularShift(30,B);
292 context->Intermediate_Hash[0] += A;
293 context->Intermediate_Hash[1] += B;
294 context->Intermediate_Hash[2] += C;
295 context->Intermediate_Hash[3] += D;
296 context->Intermediate_Hash[4] += E;
298 context->Message_Block_Index = 0;
306 * According to the standard, the message must be padded to an even
307 * 512 bits. The first padding bit must be a '1'. The last 64
308 * bits represent the length of the original message. All bits in
309 * between should be 0. This function will pad the message
310 * according to those rules by filling the Message_Block array
311 * accordingly. It will also call the ProcessMessageBlock function
312 * provided appropriately. When it returns, it can be assumed that
313 * the message digest has been computed.
318 * ProcessMessageBlock: [in]
319 * The appropriate SHA*ProcessMessageBlock function
325 static void SHA1PadMessage(SHA1Context *context)
328 * Check to see if the current message block is too small to hold
329 * the initial padding bits and length. If so, we will pad the
330 * block, process it, and then continue padding into a second
333 if (context->Message_Block_Index > 55) {
334 context->Message_Block[context->Message_Block_Index++] = 0x80;
335 while(context->Message_Block_Index < 64) {
336 context->Message_Block[context->Message_Block_Index++] = 0;
339 SHA1ProcessMessageBlock(context);
341 while(context->Message_Block_Index < 56) {
342 context->Message_Block[context->Message_Block_Index++] = 0;
345 context->Message_Block[context->Message_Block_Index++] = 0x80;
346 while(context->Message_Block_Index < 56) {
348 context->Message_Block[context->Message_Block_Index++] = 0;
353 * Store the message length as the last 8 octets
355 context->Message_Block[56] = context->Length_High >> 24;
356 context->Message_Block[57] = context->Length_High >> 16;
357 context->Message_Block[58] = context->Length_High >> 8;
358 context->Message_Block[59] = context->Length_High;
359 context->Message_Block[60] = context->Length_Low >> 24;
360 context->Message_Block[61] = context->Length_Low >> 16;
361 context->Message_Block[62] = context->Length_Low >> 8;
362 context->Message_Block[63] = context->Length_Low;
364 SHA1ProcessMessageBlock(context);
373 * This file will exercise the SHA-1 code performing the three
374 * tests documented in FIPS PUB 180-1 plus one which calls
375 * SHA1Input with an exact multiple of 512 bits, plus a few
378 * Portability Issues:
389 * Define patterns for testing
392 #define TEST2a "abcdbcdecdefdefgefghfghighijhi"
394 #define TEST2b "jkijkljklmklmnlmnomnopnopq"
395 #define TEST2 TEST2a TEST2b
397 #define TEST4a "01234567012345670123456701234567"
398 #define TEST4b "01234567012345670123456701234567"
399 /* an exact multiple of 512 bits */
400 #define TEST4 TEST4a TEST4b
408 long int repeatcount[4] = { 1, 1, 1000000, 10 };
409 char *resultarray[4] =
411 "A9 99 3E 36 47 06 81 6A BA 3E 25 71 78 50 C2 6C 9C D0 D8 9D",
412 "84 98 3E 44 1C 3B D2 6E BA AE 4A A1 F9 51 29 E5 E5 46 70 F1",
413 "34 AA 97 3C D4 C4 DA A4 F6 1E EB 2B DB AD 27 31 65 34 01 6F",
414 "DE A3 56 A2 CD DD 90 C7 A7 EC ED C5 EB B5 63 93 4F 46 04 52"
421 uint8_t Message_Digest[20];
424 * Perform SHA-1 tests
426 for(j = 0; j < 4; ++j) {
427 printf( "\nTest %d: %d, '%s'\n",
432 err = SHA1Init(&sha);
434 fprintf(stderr, "SHA1Reset Error %d.\n", err );
435 break; /* out of for j loop */
438 for(i = 0; i < repeatcount[j]; ++i) {
440 err = SHA1Input(&sha,
441 (const unsigned char *) testarray[j],
442 strlen(testarray[j]));
444 fprintf(stderr, "SHA1Input Error %d.\n", err );
445 break; /* out of for i loop */
449 err = SHA1Final(&sha, Message_Digest);
452 "SHA1Result Error %d, could not compute message digest.\n",
458 for(i = 0; i < 20 ; ++i) {
459 printf("%02X ", Message_Digest[i]);
463 printf("Should match:\n");
464 printf("\t%s\n", resultarray[j]);
467 /* Test some error returns */
468 err = SHA1Input(&sha,(const unsigned char *) testarray[1], 1);
469 printf ("\nError %d. Should be %d.\n", err, shaStateError );
471 printf ("\nError %d. Should be %d.\n", err, shaNull );
475 #endif /* TEST_DRIVER */
479 * Reads a single ASCII file and prints the HEX sha1 sum.
482 int main(int argc, char *argv[])
490 printf("Must have filename\n");
493 fd = fopen(argv[1], "r");
495 printf("Could not open %s: ERR=%s\n", argv[1], strerror(errno));
499 while (fgets(buf, sizeof(buf), fd)) {
500 SHA1Update(&ctx, (unsigned char *)buf, strlen(buf));
502 SHA1Final(&ctx, (unsigned char *)signature);
503 for (int i=0; i < 20; i++) {
504 printf("%02x", signature[i]& 0xFF);
506 printf(" %s\n", argv[1]);