]>
git.proxmox.com Git - mirror_ovs.git/blob - lib/sha1.c
5 * This file implements the Secure Hashing Algorithm 1 as
6 * defined in FIPS PUB 180-1 published April 17, 1995.
8 * The SHA-1, produces a 160-bit message digest for a given
9 * data stream. It should take about 2**n steps to find a
10 * message with the same digest as a given message and
11 * 2**(n/2) to find any two messages with the same digest,
12 * when n is the digest size in bits. Therefore, this
13 * algorithm can serve as a means of providing a
14 * "fingerprint" for a message.
17 * SHA-1 is defined in terms of 32-bit "words". This code
18 * uses <stdint.h> (included via "sha1.h" to define 32 and 8
19 * bit unsigned integer types. If your C compiler does not
20 * support 32 bit unsigned integers, this code is not
24 * SHA-1 is designed to work with messages less than 2^64 bits
25 * long. Although SHA-1 allows a message digest to be generated
26 * for messages of any number of bits less than 2^64, this
27 * implementation only works with messages with a length that is
28 * a multiple of the size of an 8-bit character.
35 * Define the SHA1 circular left shift macro
37 #define SHA1CircularShift(bits,word) \
38 (((word) << (bits)) | ((word) >> (32-(bits))))
40 /* Local Function Prototyptes */
41 void SHA1PadMessage(SHA1Context
*);
42 void SHA1ProcessMessageBlock(SHA1Context
*);
48 * This function will initialize the SHA1Context in preparation
49 * for computing a new SHA1 message digest.
53 * The context to reset.
59 int SHA1Reset(SHA1Context
*context
)
66 context
->Length_Low
= 0;
67 context
->Length_High
= 0;
68 context
->Message_Block_Index
= 0;
70 context
->Intermediate_Hash
[0] = 0x67452301;
71 context
->Intermediate_Hash
[1] = 0xEFCDAB89;
72 context
->Intermediate_Hash
[2] = 0x98BADCFE;
73 context
->Intermediate_Hash
[3] = 0x10325476;
74 context
->Intermediate_Hash
[4] = 0xC3D2E1F0;
76 context
->Computed
= 0;
77 context
->Corrupted
= 0;
86 * This function will return the 160-bit message digest into the
87 * Message_Digest array provided by the caller.
88 * NOTE: The first octet of hash is stored in the 0th element,
89 * the last octet of hash in the 19th element.
93 * The context to use to calculate the SHA-1 hash.
94 * Message_Digest: [out]
95 * Where the digest is returned.
101 int SHA1Result( SHA1Context
*context
,
102 uint8_t Message_Digest
[SHA1HashSize
])
106 if (!context
|| !Message_Digest
)
111 if (context
->Corrupted
)
113 return context
->Corrupted
;
116 if (!context
->Computed
)
118 SHA1PadMessage(context
);
121 /* message may be sensitive, clear it out */
122 context
->Message_Block
[i
] = 0;
124 context
->Length_Low
= 0; /* and clear length */
125 context
->Length_High
= 0;
126 context
->Computed
= 1;
129 for(i
= 0; i
< SHA1HashSize
; ++i
)
131 Message_Digest
[i
] = context
->Intermediate_Hash
[i
>>2]
132 >> 8 * ( 3 - ( i
& 0x03 ) );
142 * This function accepts an array of octets as the next portion
147 * The SHA context to update
148 * message_array: [in]
149 * An array of characters representing the next portion of
152 * The length of the message in message_array
158 int SHA1Input( SHA1Context
*context
,
159 const uint8_t *message_array
,
167 if (!context
|| !message_array
)
172 if (context
->Computed
)
174 context
->Corrupted
= shaStateError
;
175 return shaStateError
;
178 if (context
->Corrupted
)
180 return context
->Corrupted
;
182 while(length
-- && !context
->Corrupted
)
184 context
->Message_Block
[context
->Message_Block_Index
++] =
185 (*message_array
& 0xFF);
187 context
->Length_Low
+= 8;
188 if (context
->Length_Low
== 0)
190 context
->Length_High
++;
191 if (context
->Length_High
== 0)
193 /* Message is too long */
194 context
->Corrupted
= 1;
198 if (context
->Message_Block_Index
== 64)
200 SHA1ProcessMessageBlock(context
);
210 * SHA1ProcessMessageBlock
213 * This function will process the next 512 bits of the message
214 * stored in the Message_Block array.
223 * Many of the variable names in this code, especially the
224 * single character names, were used because those were the
225 * names used in the publication.
229 void SHA1ProcessMessageBlock(SHA1Context
*context
)
231 const uint32_t K
[] = { /* Constants defined in SHA-1 */
237 int t
; /* Loop counter */
238 uint32_t temp
; /* Temporary word value */
239 uint32_t W
[80]; /* Word sequence */
240 uint32_t A
, B
, C
, D
, E
; /* Word buffers */
243 * Initialize the first 16 words in the array W
245 for(t
= 0; t
< 16; t
++)
247 W
[t
] = context
->Message_Block
[t
* 4] << 24;
248 W
[t
] |= context
->Message_Block
[t
* 4 + 1] << 16;
249 W
[t
] |= context
->Message_Block
[t
* 4 + 2] << 8;
250 W
[t
] |= context
->Message_Block
[t
* 4 + 3];
253 for(t
= 16; t
< 80; t
++)
255 W
[t
] = SHA1CircularShift(1,W
[t
-3] ^ W
[t
-8] ^ W
[t
-14] ^ W
[t
-16]);
258 A
= context
->Intermediate_Hash
[0];
259 B
= context
->Intermediate_Hash
[1];
260 C
= context
->Intermediate_Hash
[2];
261 D
= context
->Intermediate_Hash
[3];
262 E
= context
->Intermediate_Hash
[4];
264 for(t
= 0; t
< 20; t
++)
266 temp
= SHA1CircularShift(5,A
) +
267 ((B
& C
) | ((~B
) & D
)) + E
+ W
[t
] + K
[0];
270 C
= SHA1CircularShift(30,B
);
275 for(t
= 20; t
< 40; t
++)
277 temp
= SHA1CircularShift(5,A
) + (B
^ C
^ D
) + E
+ W
[t
] + K
[1];
280 C
= SHA1CircularShift(30,B
);
285 for(t
= 40; t
< 60; t
++)
287 temp
= SHA1CircularShift(5,A
) +
288 ((B
& C
) | (B
& D
) | (C
& D
)) + E
+ W
[t
] + K
[2];
291 C
= SHA1CircularShift(30,B
);
296 for(t
= 60; t
< 80; t
++)
298 temp
= SHA1CircularShift(5,A
) + (B
^ C
^ D
) + E
+ W
[t
] + K
[3];
301 C
= SHA1CircularShift(30,B
);
306 context
->Intermediate_Hash
[0] += A
;
307 context
->Intermediate_Hash
[1] += B
;
308 context
->Intermediate_Hash
[2] += C
;
309 context
->Intermediate_Hash
[3] += D
;
310 context
->Intermediate_Hash
[4] += E
;
312 context
->Message_Block_Index
= 0;
320 * According to the standard, the message must be padded to an even
321 * 512 bits. The first padding bit must be a '1'. The last 64
322 * bits represent the length of the original message. All bits in
323 * between should be 0. This function will pad the message
324 * according to those rules by filling the Message_Block array
325 * accordingly. It will also call the ProcessMessageBlock function
326 * provided appropriately. When it returns, it can be assumed that
327 * the message digest has been computed.
332 * ProcessMessageBlock: [in]
333 * The appropriate SHA*ProcessMessageBlock function
339 void SHA1PadMessage(SHA1Context
*context
)
342 * Check to see if the current message block is too small to hold
343 * the initial padding bits and length. If so, we will pad the
344 * block, process it, and then continue padding into a second
347 if (context
->Message_Block_Index
> 55)
349 context
->Message_Block
[context
->Message_Block_Index
++] = 0x80;
350 while(context
->Message_Block_Index
< 64)
352 context
->Message_Block
[context
->Message_Block_Index
++] = 0;
355 SHA1ProcessMessageBlock(context
);
357 while(context
->Message_Block_Index
< 56)
359 context
->Message_Block
[context
->Message_Block_Index
++] = 0;
364 context
->Message_Block
[context
->Message_Block_Index
++] = 0x80;
365 while(context
->Message_Block_Index
< 56)
367 context
->Message_Block
[context
->Message_Block_Index
++] = 0;
372 * Store the message length as the last 8 octets
374 context
->Message_Block
[56] = context
->Length_High
>> 24;
375 context
->Message_Block
[57] = context
->Length_High
>> 16;
376 context
->Message_Block
[58] = context
->Length_High
>> 8;
377 context
->Message_Block
[59] = context
->Length_High
;
378 context
->Message_Block
[60] = context
->Length_Low
>> 24;
379 context
->Message_Block
[61] = context
->Length_Low
>> 16;
380 context
->Message_Block
[62] = context
->Length_Low
>> 8;
381 context
->Message_Block
[63] = context
->Length_Low
;
383 SHA1ProcessMessageBlock(context
);
387 SHA1Bytes(const void *data
, unsigned int n
,
388 uint8_t Message_Digest
[SHA1HashSize
])
392 SHA1Input(&ctx
, data
, n
);
393 SHA1Result(&ctx
, Message_Digest
);