3 * Based on the RFC 3174
5 * Full Copyright Statement
7 * Copyright (C) The Internet Society (2001). All Rights Reserved.
9 * This document and translations of it may be copied and furnished to
10 * others, and derivative works that comment on or otherwise explain it
11 * or assist in its implementation may be prepared, copied, published
12 * and distributed, in whole or in part, without restriction of any
13 * kind, provided that the above copyright notice and this paragraph are
14 * included on all such copies and derivative works. However, this
15 * document itself may not be modified in any way, such as by removing
16 * the copyright notice or references to the Internet Society or other
17 * Internet organizations, except as needed for the purpose of
18 * developing Internet standards in which case the procedures for
19 * copyrights defined in the Internet Standards process must be
20 * followed, or as required to translate it into languages other than
23 * The limited permissions granted above are perpetual and will not be
24 * revoked by the Internet Society or its successors or assigns.
26 * This document and the information contained herein is provided on an
27 * "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
28 * TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
29 * BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
30 * HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
31 * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
36 * This file implements the Secure Hashing Algorithm 1 as
37 * defined in FIPS PUB 180-1 published April 17, 1995.
39 * The SHA-1, produces a 160-bit message digest for a given
40 * data stream. It should take about 2**n steps to find a
41 * message with the same digest as a given message and
42 * 2**(n/2) to find any two messages with the same digest,
43 * when n is the digest size in bits. Therefore, this
44 * algorithm can serve as a means of providing a
45 * "fingerprint" for a message.
48 * SHA-1 is defined in terms of 32-bit "words". This code
49 * uses <stdint.h> (included via "sha1.h" to define 32 and 8
50 * bit unsigned integer types. If your C compiler does not
51 * support 32 bit unsigned integers, this code is not
55 * SHA-1 is designed to work with messages less than 2^64 bits
56 * long. Although SHA-1 allows a message digest to be generated
57 * for messages of any number of bits less than 2^64, this
58 * implementation only works with messages with a length that is
59 * a multiple of the size of an 8-bit character.
64 #include "asterisk/sha1.h"
67 * Define the SHA1 circular left shift macro
69 #define SHA1CircularShift(bits,word) \
70 (((word) << (bits)) | ((word) >> (32-(bits))))
72 /* Local Function Prototyptes */
73 void SHA1PadMessage(SHA1Context
*);
74 void SHA1ProcessMessageBlock(SHA1Context
*);
80 * This function will initialize the SHA1Context in preparation
81 * for computing a new SHA1 message digest.
85 * The context to reset.
91 int SHA1Reset(SHA1Context
*context
)
98 context
->Length_Low
= 0;
99 context
->Length_High
= 0;
100 context
->Message_Block_Index
= 0;
102 context
->Intermediate_Hash
[0] = 0x67452301;
103 context
->Intermediate_Hash
[1] = 0xEFCDAB89;
104 context
->Intermediate_Hash
[2] = 0x98BADCFE;
105 context
->Intermediate_Hash
[3] = 0x10325476;
106 context
->Intermediate_Hash
[4] = 0xC3D2E1F0;
108 context
->Computed
= 0;
109 context
->Corrupted
= 0;
118 * This function will return the 160-bit message digest into the
119 * Message_Digest array provided by the caller.
120 * NOTE: The first octet of hash is stored in the 0th element,
121 * the last octet of hash in the 19th element.
125 * The context to use to calculate the SHA-1 hash.
126 * Message_Digest: [out]
127 * Where the digest is returned.
133 int SHA1Result( SHA1Context
*context
,
134 uint8_t Message_Digest
[SHA1HashSize
])
138 if (!context
|| !Message_Digest
)
143 if (context
->Corrupted
)
145 return context
->Corrupted
;
148 if (!context
->Computed
)
150 SHA1PadMessage(context
);
153 /* message may be sensitive, clear it out */
154 context
->Message_Block
[i
] = 0;
156 context
->Length_Low
= 0; /* and clear length */
157 context
->Length_High
= 0;
158 context
->Computed
= 1;
162 for(i
= 0; i
< SHA1HashSize
; ++i
)
164 Message_Digest
[i
] = context
->Intermediate_Hash
[i
>>2]
165 >> 8 * ( 3 - ( i
& 0x03 ) );
175 * This function accepts an array of octets as the next portion
180 * The SHA context to update
181 * message_array: [in]
182 * An array of characters representing the next portion of
185 * The length of the message in message_array
191 int SHA1Input( SHA1Context
*context
,
192 const uint8_t *message_array
,
200 if (!context
|| !message_array
)
205 if (context
->Computed
)
207 context
->Corrupted
= shaStateError
;
208 return shaStateError
;
211 if (context
->Corrupted
)
213 return context
->Corrupted
;
215 while(length
-- && !context
->Corrupted
)
217 context
->Message_Block
[context
->Message_Block_Index
++] =
218 (*message_array
& 0xFF);
220 context
->Length_Low
+= 8;
221 if (context
->Length_Low
== 0)
223 context
->Length_High
++;
224 if (context
->Length_High
== 0)
226 /* Message is too long */
227 context
->Corrupted
= 1;
231 if (context
->Message_Block_Index
== 64)
233 SHA1ProcessMessageBlock(context
);
243 * SHA1ProcessMessageBlock
246 * This function will process the next 512 bits of the message
247 * stored in the Message_Block array.
256 * Many of the variable names in this code, especially the
257 * single character names, were used because those were the
258 * names used in the publication.
262 void SHA1ProcessMessageBlock(SHA1Context
*context
)
264 const uint32_t K
[] = { /* Constants defined in SHA-1 */
270 int t
; /* Loop counter */
271 uint32_t temp
; /* Temporary word value */
272 uint32_t W
[80]; /* Word sequence */
273 uint32_t A
, B
, C
, D
, E
; /* Word buffers */
276 * Initialize the first 16 words in the array W
278 for(t
= 0; t
< 16; t
++)
280 W
[t
] = context
->Message_Block
[t
* 4] << 24;
281 W
[t
] |= context
->Message_Block
[t
* 4 + 1] << 16;
282 W
[t
] |= context
->Message_Block
[t
* 4 + 2] << 8;
283 W
[t
] |= context
->Message_Block
[t
* 4 + 3];
286 for(t
= 16; t
< 80; t
++)
288 W
[t
] = SHA1CircularShift(1,W
[t
-3] ^ W
[t
-8] ^ W
[t
-14] ^ W
[t
-16]);
291 A
= context
->Intermediate_Hash
[0];
292 B
= context
->Intermediate_Hash
[1];
293 C
= context
->Intermediate_Hash
[2];
294 D
= context
->Intermediate_Hash
[3];
295 E
= context
->Intermediate_Hash
[4];
297 for(t
= 0; t
< 20; t
++)
299 temp
= SHA1CircularShift(5,A
) +
300 ((B
& C
) | ((~B
) & D
)) + E
+ W
[t
] + K
[0];
303 C
= SHA1CircularShift(30,B
);
308 for(t
= 20; t
< 40; t
++)
310 temp
= SHA1CircularShift(5,A
) + (B
^ C
^ D
) + E
+ W
[t
] + K
[1];
313 C
= SHA1CircularShift(30,B
);
318 for(t
= 40; t
< 60; t
++)
320 temp
= SHA1CircularShift(5,A
) +
321 ((B
& C
) | (B
& D
) | (C
& D
)) + E
+ W
[t
] + K
[2];
324 C
= SHA1CircularShift(30,B
);
329 for(t
= 60; t
< 80; t
++)
331 temp
= SHA1CircularShift(5,A
) + (B
^ C
^ D
) + E
+ W
[t
] + K
[3];
334 C
= SHA1CircularShift(30,B
);
339 context
->Intermediate_Hash
[0] += A
;
340 context
->Intermediate_Hash
[1] += B
;
341 context
->Intermediate_Hash
[2] += C
;
342 context
->Intermediate_Hash
[3] += D
;
343 context
->Intermediate_Hash
[4] += E
;
345 context
->Message_Block_Index
= 0;
353 * According to the standard, the message must be padded to an even
354 * 512 bits. The first padding bit must be a '1'. The last 64
355 * bits represent the length of the original message. All bits in
356 * between should be 0. This function will pad the message
357 * according to those rules by filling the Message_Block array
358 * accordingly. It will also call the ProcessMessageBlock function
359 * provided appropriately. When it returns, it can be assumed that
360 * the message digest has been computed.
365 * ProcessMessageBlock: [in]
366 * The appropriate SHA*ProcessMessageBlock function
372 void SHA1PadMessage(SHA1Context
*context
)
375 * Check to see if the current message block is too small to hold
376 * the initial padding bits and length. If so, we will pad the
377 * block, process it, and then continue padding into a second
380 if (context
->Message_Block_Index
> 55)
382 context
->Message_Block
[context
->Message_Block_Index
++] = 0x80;
383 while(context
->Message_Block_Index
< 64)
385 context
->Message_Block
[context
->Message_Block_Index
++] = 0;
388 SHA1ProcessMessageBlock(context
);
390 while(context
->Message_Block_Index
< 56)
392 context
->Message_Block
[context
->Message_Block_Index
++] = 0;
397 context
->Message_Block
[context
->Message_Block_Index
++] = 0x80;
398 while(context
->Message_Block_Index
< 56)
400 context
->Message_Block
[context
->Message_Block_Index
++] = 0;
405 * Store the message length as the last 8 octets
407 context
->Message_Block
[56] = context
->Length_High
>> 24;
408 context
->Message_Block
[57] = context
->Length_High
>> 16;
409 context
->Message_Block
[58] = context
->Length_High
>> 8;
410 context
->Message_Block
[59] = context
->Length_High
;
411 context
->Message_Block
[60] = context
->Length_Low
>> 24;
412 context
->Message_Block
[61] = context
->Length_Low
>> 16;
413 context
->Message_Block
[62] = context
->Length_Low
>> 8;
414 context
->Message_Block
[63] = context
->Length_Low
;
416 SHA1ProcessMessageBlock(context
);