| blob | 4153ff1bf58fa2284a8929c71101a1c9de94b1c7 |
1 /*
2 * SHA1 hashing code copied from Lepton's crack <http://usuarios.lycos.es/reinob/>
3 *
4 * Adapted to be API-compatible with the previous (GPL-incompatible) code.
5 */
7 /*
8 * sha1.c
9 *
10 * Description:
11 * This file implements the Secure Hashing Algorithm 1 as
12 * defined in FIPS PUB 180-1 published April 17, 1995.
13 *
14 * The SHA-1, produces a 160-bit message digest for a given
15 * data stream. It should take about 2**n steps to find a
16 * message with the same digest as a given message and
17 * 2**(n/2) to find any two messages with the same digest,
18 * when n is the digest size in bits. Therefore, this
19 * algorithm can serve as a means of providing a
20 * "fingerprint" for a message.
21 *
22 * Portability Issues:
23 * SHA-1 is defined in terms of 32-bit "words". This code
24 * uses <stdint.h> (included via "sha1.h" to define 32 and 8
25 * bit unsigned integer types. If your C compiler does not
26 * support 32 bit unsigned integers, this code is not
27 * appropriate.
28 *
29 * Caveats:
30 * SHA-1 is designed to work with messages less than 2^64 bits
31 * long. Although SHA-1 allows a message digest to be generated
32 * for messages of any number of bits less than 2^64, this
33 * implementation only works with messages with a length that is
34 * a multiple of the size of an 8-bit character.
35 *
36 */
38 #include <string.h>
39 #include <stdio.h>
42 /*
43 * Define the SHA1 circular left shift macro
44 */
45 #define SHA1CircularShift(bits,word) \
46 (((word) << (bits)) | ((word) >> (32-(bits))))
48 /* Local Function Prototyptes */
52 /*
53 * sha1_init
54 *
55 * Description:
56 * This function will initialize the sha1_state_t in preparation
57 * for computing a new SHA1 message digest.
58 *
59 * Parameters:
60 * context: [in/out]
61 * The context to reset.
62 *
63 * Returns:
64 * sha Error Code.
65 *
66 */
68 {
83 }
85 /*
86 * sha1_finish
87 *
88 * Description:
89 * This function will return the 160-bit message digest into the
90 * Message_Digest array provided by the caller.
91 * NOTE: The first octet of hash is stored in the 0th element,
92 * the last octet of hash in the 19th element.
93 *
94 * Parameters:
95 * context: [in/out]
96 * The context to use to calculate the SHA-1 hash.
97 * Message_Digest: [out]
98 * Where the digest is returned.
99 *
100 * Returns:
101 * sha Error Code.
102 *
103 */
105 {
110 }
114 }
119 /* message may be sensitive, clear it out */
121 }
126 }
131 }
134 }
136 /*
137 * sha1_append
138 *
139 * Description:
140 * This function accepts an array of octets as the next portion
141 * of the message.
142 *
143 * Parameters:
144 * context: [in/out]
145 * The SHA context to update
146 * message_array: [in]
147 * An array of characters representing the next portion of
148 * the message.
149 * length: [in]
150 * The length of the message in message_array
151 *
152 * Returns:
153 * sha Error Code.
154 *
155 */
156 int
159 {
162 }
166 }
172 }
176 }
185 /* Message is too long */
187 }
188 }
192 }
194 message_array++;
195 }
198 }
200 /*
201 * sha1_process_block
202 *
203 * Description:
204 * This function will process the next 512 bits of the message
205 * stored in the Message_Block array.
206 *
207 * Parameters:
208 * None.
209 *
210 * Returns:
211 * Nothing.
212 *
213 * Comments:
214 * Many of the variable names in this code, especially the
215 * single character names, were used because those were the
216 * names used in the publication.
217 *
218 *
219 */
221 {
226 0xCA62C1D6
227 };
233 /*
234 * Initialize the first 16 words in the array W
235 */
241 }
249 }
266 }
269 temp =
277 }
287 }
290 temp =
298 }
307 }
309 /*
310 * sha1_pad
311 *
312 * Description:
313 * According to the standard, the message must be padded to an even
314 * 512 bits. The first padding bit must be a '1'. The last 64
315 * bits represent the length of the original message. All bits in
316 * between should be 0. This function will pad the message
317 * according to those rules by filling the Message_Block array
318 * accordingly. It will also call the ProcessMessageBlock function
319 * provided appropriately. When it returns, it can be assumed that
320 * the message digest has been computed.
321 *
322 * Parameters:
323 * context: [in/out]
324 * The context to pad
325 * ProcessMessageBlock: [in]
326 * The appropriate SHA*ProcessMessageBlock function
327 * Returns:
328 * Nothing.
329 *
330 */
333 {
334 /*
335 * Check to see if the current message block is too small to hold
336 * the initial padding bits and length. If so, we will pad the
337 * block, process it, and then continue padding into a second
338 * block.
339 */
346 }
353 }
361 }
362 }
364 /*
365 * Store the message length as the last 8 octets
366 */
377 }
379 #define HMAC_BLOCK_SIZE 64
381 /* BitlBee addition: */
382 void sha1_hmac(const char *key_, size_t key_len, const char *payload, size_t payload_len, uint8_t Message_Digest[sha1_hash_size])
383 {
384 sha1_state_t sha1;
394 /* Create K. If our current key is >64 chars we have to hash it,
395 otherwise just pad. */
398 {
402 }
403 else
404 {
406 }
408 /* Inner part: H(K XOR 0x36, text) */
416 /* Final result: H(K XOR 0x5C, inner stuff) */
423 }
425 /* I think this follows the scheme described on:
426 http://en.wikipedia.org/wiki/Universally_unique_identifier#Version_4_.28random.29
427 My random data comes from a SHA1 generator but hey, it's random enough for
428 me, and RFC 4122 looks way more complicated than I need this to be.
430 Returns a value that must be free()d. */
432 {
439 {
449 }
453 }