2 * SHA1 hashing code copied from Lepton's crack <http://usuarios.lycos.es/reinob/>
4 * Adapted to be API-compatible with the previous (GPL-incompatible) code.
11 * This file implements the Secure Hashing Algorithm 1 as
12 * defined in FIPS PUB 180-1 published April 17, 1995.
14 * The SHA-1, produces a 160-bit message digest for a given
15 * data stream. It should take about 2**n steps to find a
16 * message with the same digest as a given message and
17 * 2**(n/2) to find any two messages with the same digest,
18 * when n is the digest size in bits. Therefore, this
19 * algorithm can serve as a means of providing a
20 * "fingerprint" for a message.
23 * SHA-1 is defined in terms of 32-bit "words". This code
24 * uses <stdint.h> (included via "sha1.h" to define 32 and 8
25 * bit unsigned integer types. If your C compiler does not
26 * support 32 bit unsigned integers, this code is not
30 * SHA-1 is designed to work with messages less than 2^64 bits
31 * long. Although SHA-1 allows a message digest to be generated
32 * for messages of any number of bits less than 2^64, this
33 * implementation only works with messages with a length that is
34 * a multiple of the size of an 8-bit character.
43 * Define the SHA1 circular left shift macro
45 #define SHA1CircularShift(bits,word) \
46 (((word) << (bits)) | ((word) >> (32-(bits))))
48 /* Local Function Prototyptes */
49 static void sha1_pad(sha1_state_t
*);
50 static void sha1_process_block(sha1_state_t
*);
56 * This function will initialize the sha1_state_t in preparation
57 * for computing a new SHA1 message digest.
61 * The context to reset.
67 int sha1_init(sha1_state_t
* context
)
69 context
->Length_Low
= 0;
70 context
->Length_High
= 0;
71 context
->Message_Block_Index
= 0;
73 context
->Intermediate_Hash
[0] = 0x67452301;
74 context
->Intermediate_Hash
[1] = 0xEFCDAB89;
75 context
->Intermediate_Hash
[2] = 0x98BADCFE;
76 context
->Intermediate_Hash
[3] = 0x10325476;
77 context
->Intermediate_Hash
[4] = 0xC3D2E1F0;
79 context
->Computed
= 0;
80 context
->Corrupted
= 0;
89 * This function will return the 160-bit message digest into the
90 * Message_Digest array provided by the caller.
91 * NOTE: The first octet of hash is stored in the 0th element,
92 * the last octet of hash in the 19th element.
96 * The context to use to calculate the SHA-1 hash.
97 * Message_Digest: [out]
98 * Where the digest is returned.
104 int sha1_finish(sha1_state_t
* context
, uint8_t Message_Digest
[sha1_hash_size
])
108 if (!context
|| !Message_Digest
) {
112 if (context
->Corrupted
) {
113 return context
->Corrupted
;
116 if (!context
->Computed
) {
118 for (i
= 0; i
< 64; ++i
) {
119 /* message may be sensitive, clear it out */
120 context
->Message_Block
[i
] = 0;
122 context
->Length_Low
= 0; /* and clear length */
123 context
->Length_High
= 0;
124 context
->Computed
= 1;
128 for (i
= 0; i
< sha1_hash_size
; ++i
) {
129 Message_Digest
[i
] = context
->Intermediate_Hash
[i
>> 2]
130 >> 8 * (3 - (i
& 0x03));
140 * This function accepts an array of octets as the next portion
145 * The SHA context to update
146 * message_array: [in]
147 * An array of characters representing the next portion of
150 * The length of the message in message_array
157 sha1_append(sha1_state_t
* context
,
158 const uint8_t * message_array
, unsigned length
)
164 if (!context
|| !message_array
) {
168 if (context
->Computed
) {
169 context
->Corrupted
= shaStateError
;
171 return shaStateError
;
174 if (context
->Corrupted
) {
175 return context
->Corrupted
;
177 while (length
-- && !context
->Corrupted
) {
178 context
->Message_Block
[context
->Message_Block_Index
++] =
179 (*message_array
& 0xFF);
181 context
->Length_Low
+= 8;
182 if (context
->Length_Low
== 0) {
183 context
->Length_High
++;
184 if (context
->Length_High
== 0) {
185 /* Message is too long */
186 context
->Corrupted
= 1;
190 if (context
->Message_Block_Index
== 64) {
191 sha1_process_block(context
);
204 * This function will process the next 512 bits of the message
205 * stored in the Message_Block array.
214 * Many of the variable names in this code, especially the
215 * single character names, were used because those were the
216 * names used in the publication.
220 static void sha1_process_block(sha1_state_t
* context
)
222 const uint32_t K
[] = { /* Constants defined in SHA-1 */
228 int t
; /* Loop counter */
229 uint32_t temp
; /* Temporary word value */
230 uint32_t W
[80]; /* Word sequence */
231 uint32_t A
, B
, C
, D
, E
; /* Word buffers */
234 * Initialize the first 16 words in the array W
236 for (t
= 0; t
< 16; t
++) {
237 W
[t
] = context
->Message_Block
[t
* 4] << 24;
238 W
[t
] |= context
->Message_Block
[t
* 4 + 1] << 16;
239 W
[t
] |= context
->Message_Block
[t
* 4 + 2] << 8;
240 W
[t
] |= context
->Message_Block
[t
* 4 + 3];
243 for (t
= 16; t
< 80; t
++) {
246 W
[t
- 3] ^ W
[t
- 8] ^ W
[t
-
251 A
= context
->Intermediate_Hash
[0];
252 B
= context
->Intermediate_Hash
[1];
253 C
= context
->Intermediate_Hash
[2];
254 D
= context
->Intermediate_Hash
[3];
255 E
= context
->Intermediate_Hash
[4];
257 for (t
= 0; t
< 20; t
++) {
258 temp
= SHA1CircularShift(5, A
) +
259 ((B
& C
) | ((~B
) & D
)) + E
+ W
[t
] + K
[0];
262 C
= SHA1CircularShift(30, B
);
268 for (t
= 20; t
< 40; t
++) {
271 A
) + (B
^ C
^ D
) + E
+ W
[t
] + K
[1];
274 C
= SHA1CircularShift(30, B
);
279 for (t
= 40; t
< 60; t
++) {
280 temp
= SHA1CircularShift(5, A
) +
281 ((B
& C
) | (B
& D
) | (C
& D
)) + E
+ W
[t
] + K
[2];
284 C
= SHA1CircularShift(30, B
);
289 for (t
= 60; t
< 80; t
++) {
292 A
) + (B
^ C
^ D
) + E
+ W
[t
] + K
[3];
295 C
= SHA1CircularShift(30, B
);
300 context
->Intermediate_Hash
[0] += A
;
301 context
->Intermediate_Hash
[1] += B
;
302 context
->Intermediate_Hash
[2] += C
;
303 context
->Intermediate_Hash
[3] += D
;
304 context
->Intermediate_Hash
[4] += E
;
306 context
->Message_Block_Index
= 0;
313 * According to the standard, the message must be padded to an even
314 * 512 bits. The first padding bit must be a '1'. The last 64
315 * bits represent the length of the original message. All bits in
316 * between should be 0. This function will pad the message
317 * according to those rules by filling the Message_Block array
318 * accordingly. It will also call the ProcessMessageBlock function
319 * provided appropriately. When it returns, it can be assumed that
320 * the message digest has been computed.
325 * ProcessMessageBlock: [in]
326 * The appropriate SHA*ProcessMessageBlock function
332 static void sha1_pad(sha1_state_t
* context
)
335 * Check to see if the current message block is too small to hold
336 * the initial padding bits and length. If so, we will pad the
337 * block, process it, and then continue padding into a second
340 if (context
->Message_Block_Index
> 55) {
341 context
->Message_Block
[context
->Message_Block_Index
++] =
343 while (context
->Message_Block_Index
< 64) {
344 context
->Message_Block
[context
->
345 Message_Block_Index
++] = 0;
348 sha1_process_block(context
);
350 while (context
->Message_Block_Index
< 56) {
351 context
->Message_Block
[context
->
352 Message_Block_Index
++] = 0;
355 context
->Message_Block
[context
->Message_Block_Index
++] =
357 while (context
->Message_Block_Index
< 56) {
359 context
->Message_Block
[context
->
360 Message_Block_Index
++] = 0;
365 * Store the message length as the last 8 octets
367 context
->Message_Block
[56] = context
->Length_High
>> 24;
368 context
->Message_Block
[57] = context
->Length_High
>> 16;
369 context
->Message_Block
[58] = context
->Length_High
>> 8;
370 context
->Message_Block
[59] = context
->Length_High
;
371 context
->Message_Block
[60] = context
->Length_Low
>> 24;
372 context
->Message_Block
[61] = context
->Length_Low
>> 16;
373 context
->Message_Block
[62] = context
->Length_Low
>> 8;
374 context
->Message_Block
[63] = context
->Length_Low
;
376 sha1_process_block(context
);
379 #define HMAC_BLOCK_SIZE 64
381 /* BitlBee addition: */
382 void sha1_hmac(const char *key_
, size_t key_len
, const char *payload
, size_t payload_len
, uint8_t Message_Digest
[sha1_hash_size
])
385 uint8_t hash
[sha1_hash_size
];
386 uint8_t key
[HMAC_BLOCK_SIZE
+1];
390 key_len
= strlen( key_
);
391 if( payload_len
== 0 )
392 payload_len
= strlen( payload
);
394 /* Create K. If our current key is >64 chars we have to hash it,
395 otherwise just pad. */
396 memset( key
, 0, HMAC_BLOCK_SIZE
+ 1 );
397 if( key_len
> HMAC_BLOCK_SIZE
)
400 sha1_append( &sha1
, (uint8_t*) key_
, key_len
);
401 sha1_finish( &sha1
, key
);
405 memcpy( key
, key_
, key_len
);
408 /* Inner part: H(K XOR 0x36, text) */
410 for( i
= 0; i
< HMAC_BLOCK_SIZE
; i
++ )
412 sha1_append( &sha1
, key
, HMAC_BLOCK_SIZE
);
413 sha1_append( &sha1
, (const uint8_t*) payload
, payload_len
);
414 sha1_finish( &sha1
, hash
);
416 /* Final result: H(K XOR 0x5C, inner stuff) */
418 for( i
= 0; i
< HMAC_BLOCK_SIZE
; i
++ )
419 key
[i
] ^= 0x36 ^ 0x5c;
420 sha1_append( &sha1
, key
, HMAC_BLOCK_SIZE
);
421 sha1_append( &sha1
, hash
, sha1_hash_size
);
422 sha1_finish( &sha1
, Message_Digest
);
425 /* I think this follows the scheme described on:
426 http://en.wikipedia.org/wiki/Universally_unique_identifier#Version_4_.28random.29
427 My random data comes from a SHA1 generator but hey, it's random enough for
428 me, and RFC 4122 looks way more complicated than I need this to be.
430 Returns a value that must be free()d. */
431 char *sha1_random_uuid( sha1_state_t
* context
)
433 uint8_t dig
[sha1_hash_size
];
434 char *ret
= g_new0( char, 40 ); /* 36 chars + \0 */
437 sha1_finish(context
, dig
);
438 for( p
= i
= 0; i
< 16; i
++ )
440 if( i
== 4 || i
== 6 || i
== 8 || i
== 10 )
443 dig
[i
] = ( dig
[i
] & 0x0f ) | 0x40;
445 dig
[i
] = ( dig
[i
] & 0x30 ) | 0x80;
447 sprintf( ret
+ p
, "%02x", dig
[i
] );