/* src: https://www.di-mgt.com.au/src/sha1.c.txt */ /* sha1.c : Implementation of the Secure Hash Algorithm */ /* SHA:
Posted: Sun May 15, 2022 12:25 pm
/* src: https://www.di-mgt.com.au/src/sha1.c.txt */
/* sha1.c : Implementation of the Secure Hash Algorithm */
/* SHA: NIST's Secure Hash Algorithm */
/* This version written November 2000 by David Ireland of
DI Management Services Pty Limited <[email protected]>
Adapted from code in the Python Cryptography Toolkit,
version 1.0.0 by A.M. Kuchling 1995.
*/
/* AM Kuchling's posting:-
Based on SHA code originally posted to sci.crypt by Peter Gutmann
in message <30ajo5$[email protected]>.
Modified to test for endianness on creation of SHA objects by AMK.
Also, the original specification of SHA was found to have a weakness
by NSA/NIST. This code implements the fixed version of SHA.
*/
/* Here's the first paragraph of Peter Gutmann's posting:
The following is my SHA (FIPS 180) code updated to allow use of the "fixed"
SHA, thanks to Jim Gillogly and an anonymous contributor for the information on
what's changed in the new version. The fix is a simple change which involves
adding a single rotate in the initial expansion function. It is unknown
whether this is an optimal solution to the problem which was discovered in the
SHA or whether it's simply a bandaid which fixes the problem with a minimum of
effort (for example the reengineering of a great many Capstone chips).
*/
/* h files included here to make this just one file ... */
/* global.h */
#ifndef _GLOBAL_H_
#define _GLOBAL_H_ 1
/* POINTER defines a generic pointer type */
typedef unsigned char *POINTER;
/* UINT4 defines a four byte word */
// typedef unsigned long int UINT4;
#include <stdint.h> // on unix and mac computer
typedef uint32_t UINT4; // on unix and mac computer
/* BYTE defines a unsigned character */
typedef unsigned char BYTE;
#ifndef TRUE
#define FALSE 0
#define TRUE ( !FALSE )
#endif /* TRUE */
#endif /* end _GLOBAL_H_ */
/* sha.h */
#ifndef _SHA_H_
#define _SHA_H_ 1
/* #include "global.h" */
/* The structure for storing SHS info */
typedef struct
{
UINT4 digest[ 5 ]; /* Message digest */
UINT4 countLo, countHi; /* 64-bit bit count */
UINT4 data[ 16 ]; /* SHS data buffer */
int Endianness;
} SHA_CTX;
/* Message digest functions */
void SHAInit(SHA_CTX *);
void SHAUpdate(SHA_CTX *, BYTE *buffer, int count);
void SHAFinal(BYTE *output, SHA_CTX *);
#endif /* end _SHA_H_ */
/* endian.h */
#ifndef _ENDIAN_H_
#define _ENDIAN_H_ 1
void endianTest(int *endianness);
#endif /* end _ENDIAN_H_ */
/* sha.c */
#include <stdio.h>
#include <string.h>
static void SHAtoByte(BYTE *output, UINT4 *input, unsigned int len);
/* The SHS block size and message digest sizes, in bytes */
#define SHS_DATASIZE 64
#define SHS_DIGESTSIZE 20
/* The SHS f()-functions. The f1 and f3 functions can be optimized to
save one boolean operation each - thanks to Rich Schroeppel,
[email protected] for discovering this */
/*#define f1(x,y,z) ( ( x & y ) | ( ~x & z ) ) // Rounds 0-19 */
#define f1(x,y,z) ( z ^ ( x & ( y ^ z ) ) ) /* Rounds 0-19 */
#define f2(x,y,z) ( x ^ y ^ z ) /* Rounds 20-39 */
/*#define f3(x,y,z) ( ( x & y ) | ( x & z ) | ( y & z ) ) // Rounds 40-59 */
#define f3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) ) /* Rounds 40-59 */
#define f4(x,y,z) ( x ^ y ^ z ) /* Rounds 60-79 */
/* The SHS Mysterious Constants */
#define K1 0x5A827999L /* Rounds 0-19 */
#define K2 0x6ED9EBA1L /* Rounds 20-39 */
#define K3 0x8F1BBCDCL /* Rounds 40-59 */
#define K4 0xCA62C1D6L /* Rounds 60-79 */
/* SHS initial values */
#define h0init 0x67452301L
#define h1init 0xEFCDAB89L
#define h2init 0x98BADCFEL
#define h3init 0x10325476L
#define h4init 0xC3D2E1F0L
/* Note that it may be necessary to add parentheses to these macros if they
are to be called with expressions as arguments */
/* 32-bit rotate left - kludged with shifts */
#define ROTL(n,X) ( ( ( X ) << n ) | ( ( X ) >> ( 32 - n ) ) )
/* The initial expanding function. The hash function is defined over an
80-UINT2 expanded input array W, where the first 16 are copies of the input
data, and the remaining 64 are defined by
W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
This implementation generates these values on the fly in a circular
buffer - thanks to Colin Plumb, [email protected] for this
optimization.
The updated SHS changes the expanding function by adding a rotate of 1
bit. Thanks to Jim Gillogly, [email protected], and an anonymous contributor
for this information */
#define expand(W,i) ( W[ i & 15 ] = ROTL( 1, ( W[ i & 15 ] ^ W[ (i - 14) & 15 ] ^ \
W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] ) ) )
/* The prototype SHS sub-round. The fundamental sub-round is:
a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
b' = a;
c' = ROTL( 30, b );
d' = c;
e' = d;
but this is implemented by unrolling the loop 5 times and renaming the
variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
This code is then replicated 20 times for each of the 4 functions, using
the next 20 values from the W[] array each time */
#define subRound(a, b, c, d, e, f, k, data) \
( e += ROTL( 5, a ) + f( b, c, d ) + k + data, b = ROTL( 30, b ) )
/* Initialize the SHS values */
void SHAInit(SHA_CTX *shsInfo)
{
endianTest(&shsInfo->Endianness);
/* Set the h-vars to their initial values */
shsInfo->digest[ 0 ] = h0init;
shsInfo->digest[ 1 ] = h1init;
shsInfo->digest[ 2 ] = h2init;
shsInfo->digest[ 3 ] = h3init;
shsInfo->digest[ 4 ] = h4init;
/* Initialise bit count */
shsInfo->countLo = shsInfo->countHi = 0;
}
/* Perform the SHS transformation. Note that this code, like MD5, seems to
break some optimizing compilers due to the complexity of the expressions
and the size of the basic block. It may be necessary to split it into
sections, e.g. based on the four subrounds
Note that this corrupts the shsInfo->data area */
static void SHSTransform( digest, data )
UINT4 *digest, *data ;
{
UINT4 A, B, C, D, E; /* Local vars */
UINT4 eData[ 16 ]; /* Expanded data */
/* Set up first buffer and local data buffer */
A = digest[ 0 ];
B = digest[ 1 ];
C = digest[ 2 ];
D = digest[ 3 ];
E = digest[ 4 ];
memcpy( (POINTER)eData, (POINTER)data, SHS_DATASIZE );
/* Heavy mangling, in 4 sub-rounds of 20 interations each. */
subRound( A, B, C, D, E, f1, K1, eData[ 0 ] );
subRound( E, A, B, C, D, f1, K1, eData[ 1 ] );
subRound( D, E, A, B, C, f1, K1, eData[ 2 ] );
subRound( C, D, E, A, B, f1, K1, eData[ 3 ] );
subRound( B, C, D, E, A, f1, K1, eData[ 4 ] );
subRound( A, B, C, D, E, f1, K1, eData[ 5 ] );
subRound( E, A, B, C, D, f1, K1, eData[ 6 ] );
subRound( D, E, A, B, C, f1, K1, eData[ 7 ] );
subRound( C, D, E, A, B, f1, K1, eData[ 8 ] );
subRound( B, C, D, E, A, f1, K1, eData[ 9 ] );
subRound( A, B, C, D, E, f1, K1, eData[ 10 ] );
subRound( E, A, B, C, D, f1, K1, eData[ 11 ] );
subRound( D, E, A, B, C, f1, K1, eData[ 12 ] );
subRound( C, D, E, A, B, f1, K1, eData[ 13 ] );
subRound( B, C, D, E, A, f1, K1, eData[ 14 ] );
subRound( A, B, C, D, E, f1, K1, eData[ 15 ] );
subRound( E, A, B, C, D, f1, K1, expand( eData, 16 ) );
subRound( D, E, A, B, C, f1, K1, expand( eData, 17 ) );
subRound( C, D, E, A, B, f1, K1, expand( eData, 18 ) );
subRound( B, C, D, E, A, f1, K1, expand( eData, 19 ) );
subRound( A, B, C, D, E, f2, K2, expand( eData, 20 ) );
subRound( E, A, B, C, D, f2, K2, expand( eData, 21 ) );
subRound( D, E, A, B, C, f2, K2, expand( eData, 22 ) );
subRound( C, D, E, A, B, f2, K2, expand( eData, 23 ) );
subRound( B, C, D, E, A, f2, K2, expand( eData, 24 ) );
subRound( A, B, C, D, E, f2, K2, expand( eData, 25 ) );
subRound( E, A, B, C, D, f2, K2, expand( eData, 26 ) );
subRound( D, E, A, B, C, f2, K2, expand( eData, 27 ) );
subRound( C, D, E, A, B, f2, K2, expand( eData, 28 ) );
subRound( B, C, D, E, A, f2, K2, expand( eData, 29 ) );
subRound( A, B, C, D, E, f2, K2, expand( eData, 30 ) );
subRound( E, A, B, C, D, f2, K2, expand( eData, 31 ) );
subRound( D, E, A, B, C, f2, K2, expand( eData, 32 ) );
subRound( C, D, E, A, B, f2, K2, expand( eData, 33 ) );
subRound( B, C, D, E, A, f2, K2, expand( eData, 34 ) );
subRound( A, B, C, D, E, f2, K2, expand( eData, 35 ) );
subRound( E, A, B, C, D, f2, K2, expand( eData, 36 ) );
subRound( D, E, A, B, C, f2, K2, expand( eData, 37 ) );
subRound( C, D, E, A, B, f2, K2, expand( eData, 38 ) );
subRound( B, C, D, E, A, f2, K2, expand( eData, 39 ) );
subRound( A, B, C, D, E, f3, K3, expand( eData, 40 ) );
subRound( E, A, B, C, D, f3, K3, expand( eData, 41 ) );
subRound( D, E, A, B, C, f3, K3, expand( eData, 42 ) );
subRound( C, D, E, A, B, f3, K3, expand( eData, 43 ) );
subRound( B, C, D, E, A, f3, K3, expand( eData, 44 ) );
subRound( A, B, C, D, E, f3, K3, expand( eData, 45 ) );
subRound( E, A, B, C, D, f3, K3, expand( eData, 46 ) );
subRound( D, E, A, B, C, f3, K3, expand( eData, 47 ) );
subRound( C, D, E, A, B, f3, K3, expand( eData, 48 ) );
subRound( B, C, D, E, A, f3, K3, expand( eData, 49 ) );
subRound( A, B, C, D, E, f3, K3, expand( eData, 50 ) );
subRound( E, A, B, C, D, f3, K3, expand( eData, 51 ) );
subRound( D, E, A, B, C, f3, K3, expand( eData, 52 ) );
subRound( C, D, E, A, B, f3, K3, expand( eData, 53 ) );
subRound( B, C, D, E, A, f3, K3, expand( eData, 54 ) );
subRound( A, B, C, D, E, f3, K3, expand( eData, 55 ) );
subRound( E, A, B, C, D, f3, K3, expand( eData, 56 ) );
subRound( D, E, A, B, C, f3, K3, expand( eData, 57 ) );
subRound( C, D, E, A, B, f3, K3, expand( eData, 58 ) );
subRound( B, C, D, E, A, f3, K3, expand( eData, 59 ) );
subRound( A, B, C, D, E, f4, K4, expand( eData, 60 ) );
subRound( E, A, B, C, D, f4, K4, expand( eData, 61 ) );
subRound( D, E, A, B, C, f4, K4, expand( eData, 62 ) );
subRound( C, D, E, A, B, f4, K4, expand( eData, 63 ) );
subRound( B, C, D, E, A, f4, K4, expand( eData, 64 ) );
subRound( A, B, C, D, E, f4, K4, expand( eData, 65 ) );
subRound( E, A, B, C, D, f4, K4, expand( eData, 66 ) );
subRound( D, E, A, B, C, f4, K4, expand( eData, 67 ) );
subRound( C, D, E, A, B, f4, K4, expand( eData, 68 ) );
subRound( B, C, D, E, A, f4, K4, expand( eData, 69 ) );
subRound( A, B, C, D, E, f4, K4, expand( eData, 70 ) );
subRound( E, A, B, C, D, f4, K4, expand( eData, 71 ) );
subRound( D, E, A, B, C, f4, K4, expand( eData, 72 ) );
subRound( C, D, E, A, B, f4, K4, expand( eData, 73 ) );
subRound( B, C, D, E, A, f4, K4, expand( eData, 74 ) );
subRound( A, B, C, D, E, f4, K4, expand( eData, 75 ) );
subRound( E, A, B, C, D, f4, K4, expand( eData, 76 ) );
subRound( D, E, A, B, C, f4, K4, expand( eData, 77 ) );
subRound( C, D, E, A, B, f4, K4, expand( eData, 78 ) );
subRound( B, C, D, E, A, f4, K4, expand( eData, 79 ) );
/* Build message digest */
digest[ 0 ] += A;
digest[ 1 ] += B;
digest[ 2 ] += C;
digest[ 3 ] += D;
digest[ 4 ] += E;
}
/* When run on a little-endian CPU we need to perform byte reversal on an
array of long words. */
static void longReverse(UINT4 *buffer, int byteCount, int Endianness )
{
UINT4 value;
if (Endianness==TRUE) return;
byteCount /= sizeof( UINT4 );
while( byteCount-- )
{
value = *buffer;
value = ( ( value & 0xFF00FF00L ) >> 8 ) | \
( ( value & 0x00FF00FFL ) << 8 );
*buffer++ = ( value << 16 ) | ( value >> 16 );
}
}
/* Update SHS for a block of data */
void SHAUpdate(SHA_CTX *shsInfo, BYTE *buffer, int count)
{
UINT4 tmp;
int dataCount;
/* Update bitcount */
tmp = shsInfo->countLo;
if ( ( shsInfo->countLo = tmp + ( ( UINT4 ) count << 3 ) ) < tmp )
shsInfo->countHi++; /* Carry from low to high */
shsInfo->countHi += count >> 29;
/* Get count of bytes already in data */
dataCount = ( int ) ( tmp >> 3 ) & 0x3F;
/* Handle any leading odd-sized chunks */
if( dataCount )
{
BYTE *p = ( BYTE * ) shsInfo->data + dataCount;
dataCount = SHS_DATASIZE - dataCount;
if( count < dataCount )
{
memcpy( p, buffer, count );
return;
}
memcpy( p, buffer, dataCount );
longReverse( shsInfo->data, SHS_DATASIZE, shsInfo->Endianness);
SHSTransform( shsInfo->digest, shsInfo->data );
buffer += dataCount;
count -= dataCount;
}
/* Process data in SHS_DATASIZE chunks */
while( count >= SHS_DATASIZE )
{
memcpy( (POINTER)shsInfo->data, (POINTER)buffer, SHS_DATASIZE );
longReverse( shsInfo->data, SHS_DATASIZE, shsInfo->Endianness );
SHSTransform( shsInfo->digest, shsInfo->data );
buffer += SHS_DATASIZE;
count -= SHS_DATASIZE;
}
/* Handle any remaining bytes of data. */
memcpy( (POINTER)shsInfo->data, (POINTER)buffer, count );
}
/* Final wrapup - pad to SHS_DATASIZE-byte boundary with the bit pattern
1 0* (64-bit count of bits processed, MSB-first) */
void SHAFinal(BYTE *output, SHA_CTX *shsInfo)
{
int count;
BYTE *dataPtr;
/* Compute number of bytes mod 64 */
count = ( int ) shsInfo->countLo;
count = ( count >> 3 ) & 0x3F;
/* Set the first char of padding to 0x80. This is safe since there is
always at least one byte free */
dataPtr = ( BYTE * ) shsInfo->data + count;
*dataPtr++ = 0x80;
/* Bytes of padding needed to make 64 bytes */
count = SHS_DATASIZE - 1 - count;
/* Pad out to 56 mod 64 */
if( count < 8 )
{
/* Two lots of padding: Pad the first block to 64 bytes */
memset( dataPtr, 0, count );
longReverse( shsInfo->data, SHS_DATASIZE, shsInfo->Endianness );
SHSTransform( shsInfo->digest, shsInfo->data );
/* Now fill the next block with 56 bytes */
memset( (POINTER)shsInfo->data, 0, SHS_DATASIZE - 8 );
}
else
/* Pad block to 56 bytes */
memset( dataPtr, 0, count - 8 );
/* Append length in bits and transform */
shsInfo->data[ 14 ] = shsInfo->countHi;
shsInfo->data[ 15 ] = shsInfo->countLo;
longReverse( shsInfo->data, SHS_DATASIZE - 8, shsInfo->Endianness );
SHSTransform( shsInfo->digest, shsInfo->data );
/* Output to an array of bytes */
SHAtoByte(output, shsInfo->digest, SHS_DIGESTSIZE);
/* Zeroise sensitive stuff */
memset((POINTER)shsInfo, 0, sizeof(shsInfo));
}
static void SHAtoByte(BYTE *output, UINT4 *input, unsigned int len)
{ /* Output SHA digest in byte array */
unsigned int i, j;
for(i = 0, j = 0; j < len; i++, j += 4)
{
output[j+3] = (BYTE)( input & 0xff);
output[j+2] = (BYTE)((input >> 8 ) & 0xff);
output[j+1] = (BYTE)((input >> 16) & 0xff);
output[j ] = (BYTE)((input >> 24) & 0xff);
}
}
unsigned char digest[20];
unsigned char message[3] = {'a', 'b', 'c' };
unsigned char *mess56 =
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
/* Correct solutions from FIPS PUB 180-1 */
char *dig1 = "A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D";
char *dig2 = "84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1";
char *dig3 = "34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F";
/* Output should look like:-
a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d
A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D <= correct
84983e44 1c3bd26e baae4aa1 f95129e5 e54670f1
84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 <= correct
34aa973c d4c4daa4 f61eeb2b dbad2731 6534016f
34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F <= correct
*/
/* endian.c */
void endianTest(int *endian_ness)
{
if((*(unsigned short *) ("#S") >> 8) == '#')
{
/* printf("Big endian = no change\n"); */
*endian_ness = !(0);
}
else
{
/* printf("Little endian = swap\n"); */
*endian_ness = 0;
}
}
// ****************************************** //
// Don't change the above SHA1 core routines //
// ****************************************** //
// Professor Zhang made the following two functions for testing SHA1
// hash regular C-String str, put the hash value in ha
void SHAString( char* str, unsigned char* ha )
{
SHA_CTX shaContext;
int bytes = strlen( str );
SHAInit( &shaContext );
SHAUpdate( &shaContext, str, bytes );
SHAFinal( ha, &shaContext );
}
// hash a hex string represented by cstring, then put hash value in ha
void SHAHexstr( char* hexstr, unsigned char* ha )
{
SHA_CTX shaContext;
int bytes;
int i;
BYTE data[1024];
bytes = strlen( hexstr )/2;
for( i = 0; i < bytes; i ++ )
sscanf( hexstr + 2*i, "%02x", &data );
SHAInit( &shaContext );
SHAUpdate( &shaContext, data, bytes );
SHAFinal( ha, &shaContext );
}
int main()
{
char str[] = "The quick brown fox jumps over the lazy dog";
int i;
char hexstr[] = "FFFFFFFF";
BYTE target[20];
SHAHexstr( hexstr, target );
for (i = 0; i < 20; i++)
printf("%02x", target);
printf( "\n\n" );
SHAString( str, target );
for (i = 0; i < 20; i++)
printf("%02x", target);
printf( "\n\n" );
return 0;
}
/* src: https://www.di-mgt.com.au/src/sha1.c.txt */
/* sha1.c : Implementation of the Secure Hash Algorithm */
/* SHA: NIST's Secure Hash Algorithm */
/* This version written November 2000 by David Ireland of
DI Management Services Pty Limited <[email protected]>
Adapted from code in the Python Cryptography Toolkit,
version 1.0.0 by A.M. Kuchling 1995.
*/
/* AM Kuchling's posting:-
Based on SHA code originally posted to sci.crypt by Peter Gutmann
in message <30ajo5$[email protected]>.
Modified to test for endianness on creation of SHA objects by AMK.
Also, the original specification of SHA was found to have a weakness
by NSA/NIST. This code implements the fixed version of SHA.
*/
/* Here's the first paragraph of Peter Gutmann's posting:
The following is my SHA (FIPS 180) code updated to allow use of the "fixed"
SHA, thanks to Jim Gillogly and an anonymous contributor for the information on
what's changed in the new version. The fix is a simple change which involves
adding a single rotate in the initial expansion function. It is unknown
whether this is an optimal solution to the problem which was discovered in the
SHA or whether it's simply a bandaid which fixes the problem with a minimum of
effort (for example the reengineering of a great many Capstone chips).
*/
/* h files included here to make this just one file ... */
/* global.h */
#ifndef _GLOBAL_H_
#define _GLOBAL_H_ 1
/* POINTER defines a generic pointer type */
typedef unsigned char *POINTER;
/* UINT4 defines a four byte word */
// typedef unsigned long int UINT4;
#include <stdint.h> // on unix and mac computer
typedef uint32_t UINT4; // on unix and mac computer
/* BYTE defines a unsigned character */
typedef unsigned char BYTE;
#ifndef TRUE
#define FALSE 0
#define TRUE ( !FALSE )
#endif /* TRUE */
#endif /* end _GLOBAL_H_ */
/* sha.h */
#ifndef _SHA_H_
#define _SHA_H_ 1
/* #include "global.h" */
/* The structure for storing SHS info */
typedef struct
{
UINT4 digest[ 5 ]; /* Message digest */
UINT4 countLo, countHi; /* 64-bit bit count */
UINT4 data[ 16 ]; /* SHS data buffer */
int Endianness;
} SHA_CTX;
/* Message digest functions */
void SHAInit(SHA_CTX *);
void SHAUpdate(SHA_CTX *, BYTE *buffer, int count);
void SHAFinal(BYTE *output, SHA_CTX *);
#endif /* end _SHA_H_ */
/* endian.h */
#ifndef _ENDIAN_H_
#define _ENDIAN_H_ 1
void endianTest(int *endianness);
#endif /* end _ENDIAN_H_ */
/* sha.c */
#include <stdio.h>
#include <string.h>
static void SHAtoByte(BYTE *output, UINT4 *input, unsigned int len);
/* The SHS block size and message digest sizes, in bytes */
#define SHS_DATASIZE 64
#define SHS_DIGESTSIZE 20
/* The SHS f()-functions. The f1 and f3 functions can be optimized to
save one boolean operation each - thanks to Rich Schroeppel,
[email protected] for discovering this */
/*#define f1(x,y,z) ( ( x & y ) | ( ~x & z ) ) // Rounds 0-19 */
#define f1(x,y,z) ( z ^ ( x & ( y ^ z ) ) ) /* Rounds 0-19 */
#define f2(x,y,z) ( x ^ y ^ z ) /* Rounds 20-39 */
/*#define f3(x,y,z) ( ( x & y ) | ( x & z ) | ( y & z ) ) // Rounds 40-59 */
#define f3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) ) /* Rounds 40-59 */
#define f4(x,y,z) ( x ^ y ^ z ) /* Rounds 60-79 */
/* The SHS Mysterious Constants */
#define K1 0x5A827999L /* Rounds 0-19 */
#define K2 0x6ED9EBA1L /* Rounds 20-39 */
#define K3 0x8F1BBCDCL /* Rounds 40-59 */
#define K4 0xCA62C1D6L /* Rounds 60-79 */
/* SHS initial values */
#define h0init 0x67452301L
#define h1init 0xEFCDAB89L
#define h2init 0x98BADCFEL
#define h3init 0x10325476L
#define h4init 0xC3D2E1F0L
/* Note that it may be necessary to add parentheses to these macros if they
are to be called with expressions as arguments */
/* 32-bit rotate left - kludged with shifts */
#define ROTL(n,X) ( ( ( X ) << n ) | ( ( X ) >> ( 32 - n ) ) )
/* The initial expanding function. The hash function is defined over an
80-UINT2 expanded input array W, where the first 16 are copies of the input
data, and the remaining 64 are defined by
W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
This implementation generates these values on the fly in a circular
buffer - thanks to Colin Plumb, [email protected] for this
optimization.
The updated SHS changes the expanding function by adding a rotate of 1
bit. Thanks to Jim Gillogly, [email protected], and an anonymous contributor
for this information */
#define expand(W,i) ( W[ i & 15 ] = ROTL( 1, ( W[ i & 15 ] ^ W[ (i - 14) & 15 ] ^ \
W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] ) ) )
/* The prototype SHS sub-round. The fundamental sub-round is:
a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
b' = a;
c' = ROTL( 30, b );
d' = c;
e' = d;
but this is implemented by unrolling the loop 5 times and renaming the
variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
This code is then replicated 20 times for each of the 4 functions, using
the next 20 values from the W[] array each time */
#define subRound(a, b, c, d, e, f, k, data) \
( e += ROTL( 5, a ) + f( b, c, d ) + k + data, b = ROTL( 30, b ) )
/* Initialize the SHS values */
void SHAInit(SHA_CTX *shsInfo)
{
endianTest(&shsInfo->Endianness);
/* Set the h-vars to their initial values */
shsInfo->digest[ 0 ] = h0init;
shsInfo->digest[ 1 ] = h1init;
shsInfo->digest[ 2 ] = h2init;
shsInfo->digest[ 3 ] = h3init;
shsInfo->digest[ 4 ] = h4init;
/* Initialise bit count */
shsInfo->countLo = shsInfo->countHi = 0;
}
/* Perform the SHS transformation. Note that this code, like MD5, seems to
break some optimizing compilers due to the complexity of the expressions
and the size of the basic block. It may be necessary to split it into
sections, e.g. based on the four subrounds
Note that this corrupts the shsInfo->data area */
static void SHSTransform( digest, data )
UINT4 *digest, *data ;
{
UINT4 A, B, C, D, E; /* Local vars */
UINT4 eData[ 16 ]; /* Expanded data */
/* Set up first buffer and local data buffer */
A = digest[ 0 ];
B = digest[ 1 ];
C = digest[ 2 ];
D = digest[ 3 ];
E = digest[ 4 ];
memcpy( (POINTER)eData, (POINTER)data, SHS_DATASIZE );
/* Heavy mangling, in 4 sub-rounds of 20 interations each. */
subRound( A, B, C, D, E, f1, K1, eData[ 0 ] );
subRound( E, A, B, C, D, f1, K1, eData[ 1 ] );
subRound( D, E, A, B, C, f1, K1, eData[ 2 ] );
subRound( C, D, E, A, B, f1, K1, eData[ 3 ] );
subRound( B, C, D, E, A, f1, K1, eData[ 4 ] );
subRound( A, B, C, D, E, f1, K1, eData[ 5 ] );
subRound( E, A, B, C, D, f1, K1, eData[ 6 ] );
subRound( D, E, A, B, C, f1, K1, eData[ 7 ] );
subRound( C, D, E, A, B, f1, K1, eData[ 8 ] );
subRound( B, C, D, E, A, f1, K1, eData[ 9 ] );
subRound( A, B, C, D, E, f1, K1, eData[ 10 ] );
subRound( E, A, B, C, D, f1, K1, eData[ 11 ] );
subRound( D, E, A, B, C, f1, K1, eData[ 12 ] );
subRound( C, D, E, A, B, f1, K1, eData[ 13 ] );
subRound( B, C, D, E, A, f1, K1, eData[ 14 ] );
subRound( A, B, C, D, E, f1, K1, eData[ 15 ] );
subRound( E, A, B, C, D, f1, K1, expand( eData, 16 ) );
subRound( D, E, A, B, C, f1, K1, expand( eData, 17 ) );
subRound( C, D, E, A, B, f1, K1, expand( eData, 18 ) );
subRound( B, C, D, E, A, f1, K1, expand( eData, 19 ) );
subRound( A, B, C, D, E, f2, K2, expand( eData, 20 ) );
subRound( E, A, B, C, D, f2, K2, expand( eData, 21 ) );
subRound( D, E, A, B, C, f2, K2, expand( eData, 22 ) );
subRound( C, D, E, A, B, f2, K2, expand( eData, 23 ) );
subRound( B, C, D, E, A, f2, K2, expand( eData, 24 ) );
subRound( A, B, C, D, E, f2, K2, expand( eData, 25 ) );
subRound( E, A, B, C, D, f2, K2, expand( eData, 26 ) );
subRound( D, E, A, B, C, f2, K2, expand( eData, 27 ) );
subRound( C, D, E, A, B, f2, K2, expand( eData, 28 ) );
subRound( B, C, D, E, A, f2, K2, expand( eData, 29 ) );
subRound( A, B, C, D, E, f2, K2, expand( eData, 30 ) );
subRound( E, A, B, C, D, f2, K2, expand( eData, 31 ) );
subRound( D, E, A, B, C, f2, K2, expand( eData, 32 ) );
subRound( C, D, E, A, B, f2, K2, expand( eData, 33 ) );
subRound( B, C, D, E, A, f2, K2, expand( eData, 34 ) );
subRound( A, B, C, D, E, f2, K2, expand( eData, 35 ) );
subRound( E, A, B, C, D, f2, K2, expand( eData, 36 ) );
subRound( D, E, A, B, C, f2, K2, expand( eData, 37 ) );
subRound( C, D, E, A, B, f2, K2, expand( eData, 38 ) );
subRound( B, C, D, E, A, f2, K2, expand( eData, 39 ) );
subRound( A, B, C, D, E, f3, K3, expand( eData, 40 ) );
subRound( E, A, B, C, D, f3, K3, expand( eData, 41 ) );
subRound( D, E, A, B, C, f3, K3, expand( eData, 42 ) );
subRound( C, D, E, A, B, f3, K3, expand( eData, 43 ) );
subRound( B, C, D, E, A, f3, K3, expand( eData, 44 ) );
subRound( A, B, C, D, E, f3, K3, expand( eData, 45 ) );
subRound( E, A, B, C, D, f3, K3, expand( eData, 46 ) );
subRound( D, E, A, B, C, f3, K3, expand( eData, 47 ) );
subRound( C, D, E, A, B, f3, K3, expand( eData, 48 ) );
subRound( B, C, D, E, A, f3, K3, expand( eData, 49 ) );
subRound( A, B, C, D, E, f3, K3, expand( eData, 50 ) );
subRound( E, A, B, C, D, f3, K3, expand( eData, 51 ) );
subRound( D, E, A, B, C, f3, K3, expand( eData, 52 ) );
subRound( C, D, E, A, B, f3, K3, expand( eData, 53 ) );
subRound( B, C, D, E, A, f3, K3, expand( eData, 54 ) );
subRound( A, B, C, D, E, f3, K3, expand( eData, 55 ) );
subRound( E, A, B, C, D, f3, K3, expand( eData, 56 ) );
subRound( D, E, A, B, C, f3, K3, expand( eData, 57 ) );
subRound( C, D, E, A, B, f3, K3, expand( eData, 58 ) );
subRound( B, C, D, E, A, f3, K3, expand( eData, 59 ) );
subRound( A, B, C, D, E, f4, K4, expand( eData, 60 ) );
subRound( E, A, B, C, D, f4, K4, expand( eData, 61 ) );
subRound( D, E, A, B, C, f4, K4, expand( eData, 62 ) );
subRound( C, D, E, A, B, f4, K4, expand( eData, 63 ) );
subRound( B, C, D, E, A, f4, K4, expand( eData, 64 ) );
subRound( A, B, C, D, E, f4, K4, expand( eData, 65 ) );
subRound( E, A, B, C, D, f4, K4, expand( eData, 66 ) );
subRound( D, E, A, B, C, f4, K4, expand( eData, 67 ) );
subRound( C, D, E, A, B, f4, K4, expand( eData, 68 ) );
subRound( B, C, D, E, A, f4, K4, expand( eData, 69 ) );
subRound( A, B, C, D, E, f4, K4, expand( eData, 70 ) );
subRound( E, A, B, C, D, f4, K4, expand( eData, 71 ) );
subRound( D, E, A, B, C, f4, K4, expand( eData, 72 ) );
subRound( C, D, E, A, B, f4, K4, expand( eData, 73 ) );
subRound( B, C, D, E, A, f4, K4, expand( eData, 74 ) );
subRound( A, B, C, D, E, f4, K4, expand( eData, 75 ) );
subRound( E, A, B, C, D, f4, K4, expand( eData, 76 ) );
subRound( D, E, A, B, C, f4, K4, expand( eData, 77 ) );
subRound( C, D, E, A, B, f4, K4, expand( eData, 78 ) );
subRound( B, C, D, E, A, f4, K4, expand( eData, 79 ) );
/* Build message digest */
digest[ 0 ] += A;
digest[ 1 ] += B;
digest[ 2 ] += C;
digest[ 3 ] += D;
digest[ 4 ] += E;
}
/* When run on a little-endian CPU we need to perform byte reversal on an
array of long words. */
static void longReverse(UINT4 *buffer, int byteCount, int Endianness )
{
UINT4 value;
if (Endianness==TRUE) return;
byteCount /= sizeof( UINT4 );
while( byteCount-- )
{
value = *buffer;
value = ( ( value & 0xFF00FF00L ) >> 8 ) | \
( ( value & 0x00FF00FFL ) << 8 );
*buffer++ = ( value << 16 ) | ( value >> 16 );
}
}
/* Update SHS for a block of data */
void SHAUpdate(SHA_CTX *shsInfo, BYTE *buffer, int count)
{
UINT4 tmp;
int dataCount;
/* Update bitcount */
tmp = shsInfo->countLo;
if ( ( shsInfo->countLo = tmp + ( ( UINT4 ) count << 3 ) ) < tmp )
shsInfo->countHi++; /* Carry from low to high */
shsInfo->countHi += count >> 29;
/* Get count of bytes already in data */
dataCount = ( int ) ( tmp >> 3 ) & 0x3F;
/* Handle any leading odd-sized chunks */
if( dataCount )
{
BYTE *p = ( BYTE * ) shsInfo->data + dataCount;
dataCount = SHS_DATASIZE - dataCount;
if( count < dataCount )
{
memcpy( p, buffer, count );
return;
}
memcpy( p, buffer, dataCount );
longReverse( shsInfo->data, SHS_DATASIZE, shsInfo->Endianness);
SHSTransform( shsInfo->digest, shsInfo->data );
buffer += dataCount;
count -= dataCount;
}
/* Process data in SHS_DATASIZE chunks */
while( count >= SHS_DATASIZE )
{
memcpy( (POINTER)shsInfo->data, (POINTER)buffer, SHS_DATASIZE );
longReverse( shsInfo->data, SHS_DATASIZE, shsInfo->Endianness );
SHSTransform( shsInfo->digest, shsInfo->data );
buffer += SHS_DATASIZE;
count -= SHS_DATASIZE;
}
/* Handle any remaining bytes of data. */
memcpy( (POINTER)shsInfo->data, (POINTER)buffer, count );
}
/* Final wrapup - pad to SHS_DATASIZE-byte boundary with the bit pattern
1 0* (64-bit count of bits processed, MSB-first) */
void SHAFinal(BYTE *output, SHA_CTX *shsInfo)
{
int count;
BYTE *dataPtr;
/* Compute number of bytes mod 64 */
count = ( int ) shsInfo->countLo;
count = ( count >> 3 ) & 0x3F;
/* Set the first char of padding to 0x80. This is safe since there is
always at least one byte free */
dataPtr = ( BYTE * ) shsInfo->data + count;
*dataPtr++ = 0x80;
/* Bytes of padding needed to make 64 bytes */
count = SHS_DATASIZE - 1 - count;
/* Pad out to 56 mod 64 */
if( count < 8 )
{
/* Two lots of padding: Pad the first block to 64 bytes */
memset( dataPtr, 0, count );
longReverse( shsInfo->data, SHS_DATASIZE, shsInfo->Endianness );
SHSTransform( shsInfo->digest, shsInfo->data );
/* Now fill the next block with 56 bytes */
memset( (POINTER)shsInfo->data, 0, SHS_DATASIZE - 8 );
}
else
/* Pad block to 56 bytes */
memset( dataPtr, 0, count - 8 );
/* Append length in bits and transform */
shsInfo->data[ 14 ] = shsInfo->countHi;
shsInfo->data[ 15 ] = shsInfo->countLo;
longReverse( shsInfo->data, SHS_DATASIZE - 8, shsInfo->Endianness );
SHSTransform( shsInfo->digest, shsInfo->data );
/* Output to an array of bytes */
SHAtoByte(output, shsInfo->digest, SHS_DIGESTSIZE);
/* Zeroise sensitive stuff */
memset((POINTER)shsInfo, 0, sizeof(shsInfo));
}
static void SHAtoByte(BYTE *output, UINT4 *input, unsigned int len)
{ /* Output SHA digest in byte array */
unsigned int i, j;
for(i = 0, j = 0; j < len; i++, j += 4)
{
output[j+3] = (BYTE)( input & 0xff);
output[j+2] = (BYTE)((input >> 8 ) & 0xff);
output[j+1] = (BYTE)((input >> 16) & 0xff);
output[j ] = (BYTE)((input >> 24) & 0xff);
}
}
unsigned char digest[20];
unsigned char message[3] = {'a', 'b', 'c' };
unsigned char *mess56 =
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
/* Correct solutions from FIPS PUB 180-1 */
char *dig1 = "A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D";
char *dig2 = "84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1";
char *dig3 = "34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F";
/* Output should look like:-
a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d
A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D <= correct
84983e44 1c3bd26e baae4aa1 f95129e5 e54670f1
84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 <= correct
34aa973c d4c4daa4 f61eeb2b dbad2731 6534016f
34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F <= correct
*/
/* endian.c */
void endianTest(int *endian_ness)
{
if((*(unsigned short *) ("#S") >> 8) == '#')
{
/* printf("Big endian = no change\n"); */
*endian_ness = !(0);
}
else
{
/* printf("Little endian = swap\n"); */
*endian_ness = 0;
}
}
// ****************************************** //
// Don't change the above SHA1 core routines //
// ****************************************** //
// Professor Zhang made the following two functions for testing SHA1
// hash regular C-String str, put the hash value in ha
void SHAString( char* str, unsigned char* ha )
{
SHA_CTX shaContext;
int bytes = strlen( str );
SHAInit( &shaContext );
SHAUpdate( &shaContext, str, bytes );
SHAFinal( ha, &shaContext );
}
// hash a hex string represented by cstring, then put hash value in ha
void SHAHexstr( char* hexstr, unsigned char* ha )
{
SHA_CTX shaContext;
int bytes;
int i;
BYTE data[1024];
bytes = strlen( hexstr )/2;
for( i = 0; i < bytes; i ++ )
sscanf( hexstr + 2*i, "%02x", &data );
SHAInit( &shaContext );
SHAUpdate( &shaContext, data, bytes );
SHAFinal( ha, &shaContext );
}
int main()
{
char str[] = "The quick brown fox jumps over the lazy dog";
int i;
char hexstr[] = "FFFFFFFF";
BYTE target[20];
SHAHexstr( hexstr, target );
for (i = 0; i < 20; i++)
printf("%02x", target);
printf( "\n\n" );
SHAString( str, target );
for (i = 0; i < 20; i++)
printf("%02x", target);
printf( "\n\n" );
return 0;
}
Team Project #7 - HMAC-SHAI Max Score: 20 pts, Due: Thurs 5/12 Again, this is a team project. It is to create HMAC-SHA message authentication tags with various input formats The source code for the hash function SHAlis given on Blackboard (Proj_shal.c.zip), which is a slightly modified version from https://www.di-mgt.com.au/src/shal.c. We need you to implement a HMAC-SHAI message authentication tag generating function based on the formula given in the lecture: 1=HMACSHA1(kx)=SHATE (K A opad) SHAL ( A ipad) x)] where is the generated tag, k is the secret key, and x is the message: You will be making two functions as specified below, one for generating a tag for a string, the other for generating a tag for a given file (in any format, say, pdf, dock, exc, txt, jpeg, etc.). * \brief HMAC-SHA1 message authentication code for a string /file param msg input string param key input key param inFile input file name param mode control input parameter types return generated tag unsigned char* Himachal_str unsigned char key, unsigned char" msg, int mode) unsigned char* Hmachal_file unsigned char" key, char* in File, int mode): When mode = 0, the type for msg and key is string, mode = 1, the type for meg and key is hex: mode - 2, the type for msg and key is hase-64. Returned tag always uses hex format. Make sure your project gives the correct results with various test vectors. For example, if both secret key and msg are strings the call to Himachal_su) and the generated tag ate: Hmacshal_str("key", "The quick brown fox jumps over the lazy dog", 0); de 7c9b85b8b78aa6bc8a7a36E70a90701c9db4d9 You should test other test vectors with your code, and then compare your results with the ones from your favorite online HMAC calculators Submission Each team only needs to have one submission, it includes the following:
You will be making two functions as specified below, one for generating a tag for a string, the other for generating a tag for a given file (in any format, say, pdf, docx, exc, txt,jpeg, etc.) • brief HMAC-SHA message authentication code for a string /file param msg input string param key input key param inFile input file name param mode control input parameter types retum generated tag * unsigned char* Hmacshal_str(unsigned char key, unsigned char* msg, int mode): unsigned char* Hmacshal_filelunsigned char* key, char* inFile, int mode): When mode = 0, the type for msg and key is string mode - 1. the type for msg and key is hex, mode - 2 the type for msg and key is base-64. Returned tag always uses hex format Make sure your project gives the correct results with various less vectors. For example, if both secret key and msg are strings the call to Hmacshal_str() and the generated tag are Hmacshal_str("key", "The quick brown fox jumps over the lazy dog", 0); de 7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9 You should test other test vectors with your code, and then compare your results with the ones from your favorite online HMAC calculators. Submission: Each team only needs to have one submission, it includes the following: Source code put all source code files into one folder and zip it to TeamName_Hmacshal.zip. Before submission, make sure you code can generate tags correctly. 2. Technical report in pdf as TeamName_Himachal.pdf, which includes btitle page include team name, team members names >> Various test vectors and their results in different modes: Technical difficulties you've encountered while doing the project and the solutions to these technical difficulties What you have learned from doing this project.
Team Project #7 - HMAC-SHAI Max Score: 20 pts, Due: Thurs 5/12 Again, this is a team project. It is to create HMAC-SHAl message authentication tags with various input formats. The source code for the hash function SHAlis given on Blackboard (Proj shal.c.zip), which is a slightly modified version from bttps://www.di-mgt.com.au'sto'shal.c.txt We need you to implement a HMAC-SHAI message authentication tag generating function based on the formula given in the lecture: 1=HMACSHA1(kx)=SHAT (WA opad) | SHAH (WA ipad) *) where is the generated tag, k is the secret key, and x is the message You will be making two functions as specified below, one for generating a tag for a string, the other for generating a tag for a given file (in any format, say, pdf, docx, exe, txt, jpeg, etc.) brief HMAC-SHAI message authentication code for a string /file param msg input string param key input key * \param in File input file name * \param mode control input parameter types * retum generated tag unsigned char* Hmacshal strf unsigned char key, unsigned char* msg, int mode): unsigned char* Hmacshal_file unsigned char* key, char in File, int mode): When mode - 0, the type for msg and key is string mode - 1. the type for msg and key is hex: mode - 2. the type for msg and key is base-64. Returned tag always uses hex format. Make sure your project gives the correct results with various test vectors. For example, if both secret key and msg are strings, the call to Hmacshal_str() and the generated tag are: Hmacshal_str("key", "The quick brown fox jumps over the lazy dog", 0); de 7c9b85b8b78aa6bc8a7a36570a90701c9db4d9 You should test other test vectors with your code, and then compare your results with the ones from your favorite online HMAC calculators Submission: Each team only needs to have one submission, it includes the following:
Submission: Each team only needs to have one submission, it includes the following: 1 Source code: put all source code files into one folder and zip it to TeamName_Hmacshal.zip. Before submission, make sure you code can generate tags correctly. 2. Technical report in pdf as TeamName_Hmarshal.pdf, which includes title page include team name, team members names: >> Various test vectors and their results in different modes: Technical difficulties you've encountered while doing the project and the solutions to these technical difficulties What you have learned from doing this project.
/* sha1.c : Implementation of the Secure Hash Algorithm */
/* SHA: NIST's Secure Hash Algorithm */
/* This version written November 2000 by David Ireland of
DI Management Services Pty Limited <[email protected]>
Adapted from code in the Python Cryptography Toolkit,
version 1.0.0 by A.M. Kuchling 1995.
*/
/* AM Kuchling's posting:-
Based on SHA code originally posted to sci.crypt by Peter Gutmann
in message <30ajo5$[email protected]>.
Modified to test for endianness on creation of SHA objects by AMK.
Also, the original specification of SHA was found to have a weakness
by NSA/NIST. This code implements the fixed version of SHA.
*/
/* Here's the first paragraph of Peter Gutmann's posting:
The following is my SHA (FIPS 180) code updated to allow use of the "fixed"
SHA, thanks to Jim Gillogly and an anonymous contributor for the information on
what's changed in the new version. The fix is a simple change which involves
adding a single rotate in the initial expansion function. It is unknown
whether this is an optimal solution to the problem which was discovered in the
SHA or whether it's simply a bandaid which fixes the problem with a minimum of
effort (for example the reengineering of a great many Capstone chips).
*/
/* h files included here to make this just one file ... */
/* global.h */
#ifndef _GLOBAL_H_
#define _GLOBAL_H_ 1
/* POINTER defines a generic pointer type */
typedef unsigned char *POINTER;
/* UINT4 defines a four byte word */
// typedef unsigned long int UINT4;
#include <stdint.h> // on unix and mac computer
typedef uint32_t UINT4; // on unix and mac computer
/* BYTE defines a unsigned character */
typedef unsigned char BYTE;
#ifndef TRUE
#define FALSE 0
#define TRUE ( !FALSE )
#endif /* TRUE */
#endif /* end _GLOBAL_H_ */
/* sha.h */
#ifndef _SHA_H_
#define _SHA_H_ 1
/* #include "global.h" */
/* The structure for storing SHS info */
typedef struct
{
UINT4 digest[ 5 ]; /* Message digest */
UINT4 countLo, countHi; /* 64-bit bit count */
UINT4 data[ 16 ]; /* SHS data buffer */
int Endianness;
} SHA_CTX;
/* Message digest functions */
void SHAInit(SHA_CTX *);
void SHAUpdate(SHA_CTX *, BYTE *buffer, int count);
void SHAFinal(BYTE *output, SHA_CTX *);
#endif /* end _SHA_H_ */
/* endian.h */
#ifndef _ENDIAN_H_
#define _ENDIAN_H_ 1
void endianTest(int *endianness);
#endif /* end _ENDIAN_H_ */
/* sha.c */
#include <stdio.h>
#include <string.h>
static void SHAtoByte(BYTE *output, UINT4 *input, unsigned int len);
/* The SHS block size and message digest sizes, in bytes */
#define SHS_DATASIZE 64
#define SHS_DIGESTSIZE 20
/* The SHS f()-functions. The f1 and f3 functions can be optimized to
save one boolean operation each - thanks to Rich Schroeppel,
[email protected] for discovering this */
/*#define f1(x,y,z) ( ( x & y ) | ( ~x & z ) ) // Rounds 0-19 */
#define f1(x,y,z) ( z ^ ( x & ( y ^ z ) ) ) /* Rounds 0-19 */
#define f2(x,y,z) ( x ^ y ^ z ) /* Rounds 20-39 */
/*#define f3(x,y,z) ( ( x & y ) | ( x & z ) | ( y & z ) ) // Rounds 40-59 */
#define f3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) ) /* Rounds 40-59 */
#define f4(x,y,z) ( x ^ y ^ z ) /* Rounds 60-79 */
/* The SHS Mysterious Constants */
#define K1 0x5A827999L /* Rounds 0-19 */
#define K2 0x6ED9EBA1L /* Rounds 20-39 */
#define K3 0x8F1BBCDCL /* Rounds 40-59 */
#define K4 0xCA62C1D6L /* Rounds 60-79 */
/* SHS initial values */
#define h0init 0x67452301L
#define h1init 0xEFCDAB89L
#define h2init 0x98BADCFEL
#define h3init 0x10325476L
#define h4init 0xC3D2E1F0L
/* Note that it may be necessary to add parentheses to these macros if they
are to be called with expressions as arguments */
/* 32-bit rotate left - kludged with shifts */
#define ROTL(n,X) ( ( ( X ) << n ) | ( ( X ) >> ( 32 - n ) ) )
/* The initial expanding function. The hash function is defined over an
80-UINT2 expanded input array W, where the first 16 are copies of the input
data, and the remaining 64 are defined by
W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
This implementation generates these values on the fly in a circular
buffer - thanks to Colin Plumb, [email protected] for this
optimization.
The updated SHS changes the expanding function by adding a rotate of 1
bit. Thanks to Jim Gillogly, [email protected], and an anonymous contributor
for this information */
#define expand(W,i) ( W[ i & 15 ] = ROTL( 1, ( W[ i & 15 ] ^ W[ (i - 14) & 15 ] ^ \
W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] ) ) )
/* The prototype SHS sub-round. The fundamental sub-round is:
a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
b' = a;
c' = ROTL( 30, b );
d' = c;
e' = d;
but this is implemented by unrolling the loop 5 times and renaming the
variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
This code is then replicated 20 times for each of the 4 functions, using
the next 20 values from the W[] array each time */
#define subRound(a, b, c, d, e, f, k, data) \
( e += ROTL( 5, a ) + f( b, c, d ) + k + data, b = ROTL( 30, b ) )
/* Initialize the SHS values */
void SHAInit(SHA_CTX *shsInfo)
{
endianTest(&shsInfo->Endianness);
/* Set the h-vars to their initial values */
shsInfo->digest[ 0 ] = h0init;
shsInfo->digest[ 1 ] = h1init;
shsInfo->digest[ 2 ] = h2init;
shsInfo->digest[ 3 ] = h3init;
shsInfo->digest[ 4 ] = h4init;
/* Initialise bit count */
shsInfo->countLo = shsInfo->countHi = 0;
}
/* Perform the SHS transformation. Note that this code, like MD5, seems to
break some optimizing compilers due to the complexity of the expressions
and the size of the basic block. It may be necessary to split it into
sections, e.g. based on the four subrounds
Note that this corrupts the shsInfo->data area */
static void SHSTransform( digest, data )
UINT4 *digest, *data ;
{
UINT4 A, B, C, D, E; /* Local vars */
UINT4 eData[ 16 ]; /* Expanded data */
/* Set up first buffer and local data buffer */
A = digest[ 0 ];
B = digest[ 1 ];
C = digest[ 2 ];
D = digest[ 3 ];
E = digest[ 4 ];
memcpy( (POINTER)eData, (POINTER)data, SHS_DATASIZE );
/* Heavy mangling, in 4 sub-rounds of 20 interations each. */
subRound( A, B, C, D, E, f1, K1, eData[ 0 ] );
subRound( E, A, B, C, D, f1, K1, eData[ 1 ] );
subRound( D, E, A, B, C, f1, K1, eData[ 2 ] );
subRound( C, D, E, A, B, f1, K1, eData[ 3 ] );
subRound( B, C, D, E, A, f1, K1, eData[ 4 ] );
subRound( A, B, C, D, E, f1, K1, eData[ 5 ] );
subRound( E, A, B, C, D, f1, K1, eData[ 6 ] );
subRound( D, E, A, B, C, f1, K1, eData[ 7 ] );
subRound( C, D, E, A, B, f1, K1, eData[ 8 ] );
subRound( B, C, D, E, A, f1, K1, eData[ 9 ] );
subRound( A, B, C, D, E, f1, K1, eData[ 10 ] );
subRound( E, A, B, C, D, f1, K1, eData[ 11 ] );
subRound( D, E, A, B, C, f1, K1, eData[ 12 ] );
subRound( C, D, E, A, B, f1, K1, eData[ 13 ] );
subRound( B, C, D, E, A, f1, K1, eData[ 14 ] );
subRound( A, B, C, D, E, f1, K1, eData[ 15 ] );
subRound( E, A, B, C, D, f1, K1, expand( eData, 16 ) );
subRound( D, E, A, B, C, f1, K1, expand( eData, 17 ) );
subRound( C, D, E, A, B, f1, K1, expand( eData, 18 ) );
subRound( B, C, D, E, A, f1, K1, expand( eData, 19 ) );
subRound( A, B, C, D, E, f2, K2, expand( eData, 20 ) );
subRound( E, A, B, C, D, f2, K2, expand( eData, 21 ) );
subRound( D, E, A, B, C, f2, K2, expand( eData, 22 ) );
subRound( C, D, E, A, B, f2, K2, expand( eData, 23 ) );
subRound( B, C, D, E, A, f2, K2, expand( eData, 24 ) );
subRound( A, B, C, D, E, f2, K2, expand( eData, 25 ) );
subRound( E, A, B, C, D, f2, K2, expand( eData, 26 ) );
subRound( D, E, A, B, C, f2, K2, expand( eData, 27 ) );
subRound( C, D, E, A, B, f2, K2, expand( eData, 28 ) );
subRound( B, C, D, E, A, f2, K2, expand( eData, 29 ) );
subRound( A, B, C, D, E, f2, K2, expand( eData, 30 ) );
subRound( E, A, B, C, D, f2, K2, expand( eData, 31 ) );
subRound( D, E, A, B, C, f2, K2, expand( eData, 32 ) );
subRound( C, D, E, A, B, f2, K2, expand( eData, 33 ) );
subRound( B, C, D, E, A, f2, K2, expand( eData, 34 ) );
subRound( A, B, C, D, E, f2, K2, expand( eData, 35 ) );
subRound( E, A, B, C, D, f2, K2, expand( eData, 36 ) );
subRound( D, E, A, B, C, f2, K2, expand( eData, 37 ) );
subRound( C, D, E, A, B, f2, K2, expand( eData, 38 ) );
subRound( B, C, D, E, A, f2, K2, expand( eData, 39 ) );
subRound( A, B, C, D, E, f3, K3, expand( eData, 40 ) );
subRound( E, A, B, C, D, f3, K3, expand( eData, 41 ) );
subRound( D, E, A, B, C, f3, K3, expand( eData, 42 ) );
subRound( C, D, E, A, B, f3, K3, expand( eData, 43 ) );
subRound( B, C, D, E, A, f3, K3, expand( eData, 44 ) );
subRound( A, B, C, D, E, f3, K3, expand( eData, 45 ) );
subRound( E, A, B, C, D, f3, K3, expand( eData, 46 ) );
subRound( D, E, A, B, C, f3, K3, expand( eData, 47 ) );
subRound( C, D, E, A, B, f3, K3, expand( eData, 48 ) );
subRound( B, C, D, E, A, f3, K3, expand( eData, 49 ) );
subRound( A, B, C, D, E, f3, K3, expand( eData, 50 ) );
subRound( E, A, B, C, D, f3, K3, expand( eData, 51 ) );
subRound( D, E, A, B, C, f3, K3, expand( eData, 52 ) );
subRound( C, D, E, A, B, f3, K3, expand( eData, 53 ) );
subRound( B, C, D, E, A, f3, K3, expand( eData, 54 ) );
subRound( A, B, C, D, E, f3, K3, expand( eData, 55 ) );
subRound( E, A, B, C, D, f3, K3, expand( eData, 56 ) );
subRound( D, E, A, B, C, f3, K3, expand( eData, 57 ) );
subRound( C, D, E, A, B, f3, K3, expand( eData, 58 ) );
subRound( B, C, D, E, A, f3, K3, expand( eData, 59 ) );
subRound( A, B, C, D, E, f4, K4, expand( eData, 60 ) );
subRound( E, A, B, C, D, f4, K4, expand( eData, 61 ) );
subRound( D, E, A, B, C, f4, K4, expand( eData, 62 ) );
subRound( C, D, E, A, B, f4, K4, expand( eData, 63 ) );
subRound( B, C, D, E, A, f4, K4, expand( eData, 64 ) );
subRound( A, B, C, D, E, f4, K4, expand( eData, 65 ) );
subRound( E, A, B, C, D, f4, K4, expand( eData, 66 ) );
subRound( D, E, A, B, C, f4, K4, expand( eData, 67 ) );
subRound( C, D, E, A, B, f4, K4, expand( eData, 68 ) );
subRound( B, C, D, E, A, f4, K4, expand( eData, 69 ) );
subRound( A, B, C, D, E, f4, K4, expand( eData, 70 ) );
subRound( E, A, B, C, D, f4, K4, expand( eData, 71 ) );
subRound( D, E, A, B, C, f4, K4, expand( eData, 72 ) );
subRound( C, D, E, A, B, f4, K4, expand( eData, 73 ) );
subRound( B, C, D, E, A, f4, K4, expand( eData, 74 ) );
subRound( A, B, C, D, E, f4, K4, expand( eData, 75 ) );
subRound( E, A, B, C, D, f4, K4, expand( eData, 76 ) );
subRound( D, E, A, B, C, f4, K4, expand( eData, 77 ) );
subRound( C, D, E, A, B, f4, K4, expand( eData, 78 ) );
subRound( B, C, D, E, A, f4, K4, expand( eData, 79 ) );
/* Build message digest */
digest[ 0 ] += A;
digest[ 1 ] += B;
digest[ 2 ] += C;
digest[ 3 ] += D;
digest[ 4 ] += E;
}
/* When run on a little-endian CPU we need to perform byte reversal on an
array of long words. */
static void longReverse(UINT4 *buffer, int byteCount, int Endianness )
{
UINT4 value;
if (Endianness==TRUE) return;
byteCount /= sizeof( UINT4 );
while( byteCount-- )
{
value = *buffer;
value = ( ( value & 0xFF00FF00L ) >> 8 ) | \
( ( value & 0x00FF00FFL ) << 8 );
*buffer++ = ( value << 16 ) | ( value >> 16 );
}
}
/* Update SHS for a block of data */
void SHAUpdate(SHA_CTX *shsInfo, BYTE *buffer, int count)
{
UINT4 tmp;
int dataCount;
/* Update bitcount */
tmp = shsInfo->countLo;
if ( ( shsInfo->countLo = tmp + ( ( UINT4 ) count << 3 ) ) < tmp )
shsInfo->countHi++; /* Carry from low to high */
shsInfo->countHi += count >> 29;
/* Get count of bytes already in data */
dataCount = ( int ) ( tmp >> 3 ) & 0x3F;
/* Handle any leading odd-sized chunks */
if( dataCount )
{
BYTE *p = ( BYTE * ) shsInfo->data + dataCount;
dataCount = SHS_DATASIZE - dataCount;
if( count < dataCount )
{
memcpy( p, buffer, count );
return;
}
memcpy( p, buffer, dataCount );
longReverse( shsInfo->data, SHS_DATASIZE, shsInfo->Endianness);
SHSTransform( shsInfo->digest, shsInfo->data );
buffer += dataCount;
count -= dataCount;
}
/* Process data in SHS_DATASIZE chunks */
while( count >= SHS_DATASIZE )
{
memcpy( (POINTER)shsInfo->data, (POINTER)buffer, SHS_DATASIZE );
longReverse( shsInfo->data, SHS_DATASIZE, shsInfo->Endianness );
SHSTransform( shsInfo->digest, shsInfo->data );
buffer += SHS_DATASIZE;
count -= SHS_DATASIZE;
}
/* Handle any remaining bytes of data. */
memcpy( (POINTER)shsInfo->data, (POINTER)buffer, count );
}
/* Final wrapup - pad to SHS_DATASIZE-byte boundary with the bit pattern
1 0* (64-bit count of bits processed, MSB-first) */
void SHAFinal(BYTE *output, SHA_CTX *shsInfo)
{
int count;
BYTE *dataPtr;
/* Compute number of bytes mod 64 */
count = ( int ) shsInfo->countLo;
count = ( count >> 3 ) & 0x3F;
/* Set the first char of padding to 0x80. This is safe since there is
always at least one byte free */
dataPtr = ( BYTE * ) shsInfo->data + count;
*dataPtr++ = 0x80;
/* Bytes of padding needed to make 64 bytes */
count = SHS_DATASIZE - 1 - count;
/* Pad out to 56 mod 64 */
if( count < 8 )
{
/* Two lots of padding: Pad the first block to 64 bytes */
memset( dataPtr, 0, count );
longReverse( shsInfo->data, SHS_DATASIZE, shsInfo->Endianness );
SHSTransform( shsInfo->digest, shsInfo->data );
/* Now fill the next block with 56 bytes */
memset( (POINTER)shsInfo->data, 0, SHS_DATASIZE - 8 );
}
else
/* Pad block to 56 bytes */
memset( dataPtr, 0, count - 8 );
/* Append length in bits and transform */
shsInfo->data[ 14 ] = shsInfo->countHi;
shsInfo->data[ 15 ] = shsInfo->countLo;
longReverse( shsInfo->data, SHS_DATASIZE - 8, shsInfo->Endianness );
SHSTransform( shsInfo->digest, shsInfo->data );
/* Output to an array of bytes */
SHAtoByte(output, shsInfo->digest, SHS_DIGESTSIZE);
/* Zeroise sensitive stuff */
memset((POINTER)shsInfo, 0, sizeof(shsInfo));
}
static void SHAtoByte(BYTE *output, UINT4 *input, unsigned int len)
{ /* Output SHA digest in byte array */
unsigned int i, j;
for(i = 0, j = 0; j < len; i++, j += 4)
{
output[j+3] = (BYTE)( input & 0xff);
output[j+2] = (BYTE)((input >> 8 ) & 0xff);
output[j+1] = (BYTE)((input >> 16) & 0xff);
output[j ] = (BYTE)((input >> 24) & 0xff);
}
}
unsigned char digest[20];
unsigned char message[3] = {'a', 'b', 'c' };
unsigned char *mess56 =
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
/* Correct solutions from FIPS PUB 180-1 */
char *dig1 = "A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D";
char *dig2 = "84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1";
char *dig3 = "34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F";
/* Output should look like:-
a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d
A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D <= correct
84983e44 1c3bd26e baae4aa1 f95129e5 e54670f1
84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 <= correct
34aa973c d4c4daa4 f61eeb2b dbad2731 6534016f
34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F <= correct
*/
/* endian.c */
void endianTest(int *endian_ness)
{
if((*(unsigned short *) ("#S") >> 8) == '#')
{
/* printf("Big endian = no change\n"); */
*endian_ness = !(0);
}
else
{
/* printf("Little endian = swap\n"); */
*endian_ness = 0;
}
}
// ****************************************** //
// Don't change the above SHA1 core routines //
// ****************************************** //
// Professor Zhang made the following two functions for testing SHA1
// hash regular C-String str, put the hash value in ha
void SHAString( char* str, unsigned char* ha )
{
SHA_CTX shaContext;
int bytes = strlen( str );
SHAInit( &shaContext );
SHAUpdate( &shaContext, str, bytes );
SHAFinal( ha, &shaContext );
}
// hash a hex string represented by cstring, then put hash value in ha
void SHAHexstr( char* hexstr, unsigned char* ha )
{
SHA_CTX shaContext;
int bytes;
int i;
BYTE data[1024];
bytes = strlen( hexstr )/2;
for( i = 0; i < bytes; i ++ )
sscanf( hexstr + 2*i, "%02x", &data );
SHAInit( &shaContext );
SHAUpdate( &shaContext, data, bytes );
SHAFinal( ha, &shaContext );
}
int main()
{
char str[] = "The quick brown fox jumps over the lazy dog";
int i;
char hexstr[] = "FFFFFFFF";
BYTE target[20];
SHAHexstr( hexstr, target );
for (i = 0; i < 20; i++)
printf("%02x", target);
printf( "\n\n" );
SHAString( str, target );
for (i = 0; i < 20; i++)
printf("%02x", target);
printf( "\n\n" );
return 0;
}
- Src Https Www Di Mgt Com Au Src Sha1 C Txt Sha1 C Implementation Of The Secure Hash Algorithm Sha 1 (38.66 KiB) Viewed 59 times
- Src Https Www Di Mgt Com Au Src Sha1 C Txt Sha1 C Implementation Of The Secure Hash Algorithm Sha 2 (37.1 KiB) Viewed 59 times
- Src Https Www Di Mgt Com Au Src Sha1 C Txt Sha1 C Implementation Of The Secure Hash Algorithm Sha 3 (41.1 KiB) Viewed 59 times
- Src Https Www Di Mgt Com Au Src Sha1 C Txt Sha1 C Implementation Of The Secure Hash Algorithm Sha 4 (41.1 KiB) Viewed 59 times
/* sha1.c : Implementation of the Secure Hash Algorithm */
/* SHA: NIST's Secure Hash Algorithm */
/* This version written November 2000 by David Ireland of
DI Management Services Pty Limited <[email protected]>
Adapted from code in the Python Cryptography Toolkit,
version 1.0.0 by A.M. Kuchling 1995.
*/
/* AM Kuchling's posting:-
Based on SHA code originally posted to sci.crypt by Peter Gutmann
in message <30ajo5$[email protected]>.
Modified to test for endianness on creation of SHA objects by AMK.
Also, the original specification of SHA was found to have a weakness
by NSA/NIST. This code implements the fixed version of SHA.
*/
/* Here's the first paragraph of Peter Gutmann's posting:
The following is my SHA (FIPS 180) code updated to allow use of the "fixed"
SHA, thanks to Jim Gillogly and an anonymous contributor for the information on
what's changed in the new version. The fix is a simple change which involves
adding a single rotate in the initial expansion function. It is unknown
whether this is an optimal solution to the problem which was discovered in the
SHA or whether it's simply a bandaid which fixes the problem with a minimum of
effort (for example the reengineering of a great many Capstone chips).
*/
/* h files included here to make this just one file ... */
/* global.h */
#ifndef _GLOBAL_H_
#define _GLOBAL_H_ 1
/* POINTER defines a generic pointer type */
typedef unsigned char *POINTER;
/* UINT4 defines a four byte word */
// typedef unsigned long int UINT4;
#include <stdint.h> // on unix and mac computer
typedef uint32_t UINT4; // on unix and mac computer
/* BYTE defines a unsigned character */
typedef unsigned char BYTE;
#ifndef TRUE
#define FALSE 0
#define TRUE ( !FALSE )
#endif /* TRUE */
#endif /* end _GLOBAL_H_ */
/* sha.h */
#ifndef _SHA_H_
#define _SHA_H_ 1
/* #include "global.h" */
/* The structure for storing SHS info */
typedef struct
{
UINT4 digest[ 5 ]; /* Message digest */
UINT4 countLo, countHi; /* 64-bit bit count */
UINT4 data[ 16 ]; /* SHS data buffer */
int Endianness;
} SHA_CTX;
/* Message digest functions */
void SHAInit(SHA_CTX *);
void SHAUpdate(SHA_CTX *, BYTE *buffer, int count);
void SHAFinal(BYTE *output, SHA_CTX *);
#endif /* end _SHA_H_ */
/* endian.h */
#ifndef _ENDIAN_H_
#define _ENDIAN_H_ 1
void endianTest(int *endianness);
#endif /* end _ENDIAN_H_ */
/* sha.c */
#include <stdio.h>
#include <string.h>
static void SHAtoByte(BYTE *output, UINT4 *input, unsigned int len);
/* The SHS block size and message digest sizes, in bytes */
#define SHS_DATASIZE 64
#define SHS_DIGESTSIZE 20
/* The SHS f()-functions. The f1 and f3 functions can be optimized to
save one boolean operation each - thanks to Rich Schroeppel,
[email protected] for discovering this */
/*#define f1(x,y,z) ( ( x & y ) | ( ~x & z ) ) // Rounds 0-19 */
#define f1(x,y,z) ( z ^ ( x & ( y ^ z ) ) ) /* Rounds 0-19 */
#define f2(x,y,z) ( x ^ y ^ z ) /* Rounds 20-39 */
/*#define f3(x,y,z) ( ( x & y ) | ( x & z ) | ( y & z ) ) // Rounds 40-59 */
#define f3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) ) /* Rounds 40-59 */
#define f4(x,y,z) ( x ^ y ^ z ) /* Rounds 60-79 */
/* The SHS Mysterious Constants */
#define K1 0x5A827999L /* Rounds 0-19 */
#define K2 0x6ED9EBA1L /* Rounds 20-39 */
#define K3 0x8F1BBCDCL /* Rounds 40-59 */
#define K4 0xCA62C1D6L /* Rounds 60-79 */
/* SHS initial values */
#define h0init 0x67452301L
#define h1init 0xEFCDAB89L
#define h2init 0x98BADCFEL
#define h3init 0x10325476L
#define h4init 0xC3D2E1F0L
/* Note that it may be necessary to add parentheses to these macros if they
are to be called with expressions as arguments */
/* 32-bit rotate left - kludged with shifts */
#define ROTL(n,X) ( ( ( X ) << n ) | ( ( X ) >> ( 32 - n ) ) )
/* The initial expanding function. The hash function is defined over an
80-UINT2 expanded input array W, where the first 16 are copies of the input
data, and the remaining 64 are defined by
W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
This implementation generates these values on the fly in a circular
buffer - thanks to Colin Plumb, [email protected] for this
optimization.
The updated SHS changes the expanding function by adding a rotate of 1
bit. Thanks to Jim Gillogly, [email protected], and an anonymous contributor
for this information */
#define expand(W,i) ( W[ i & 15 ] = ROTL( 1, ( W[ i & 15 ] ^ W[ (i - 14) & 15 ] ^ \
W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] ) ) )
/* The prototype SHS sub-round. The fundamental sub-round is:
a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
b' = a;
c' = ROTL( 30, b );
d' = c;
e' = d;
but this is implemented by unrolling the loop 5 times and renaming the
variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
This code is then replicated 20 times for each of the 4 functions, using
the next 20 values from the W[] array each time */
#define subRound(a, b, c, d, e, f, k, data) \
( e += ROTL( 5, a ) + f( b, c, d ) + k + data, b = ROTL( 30, b ) )
/* Initialize the SHS values */
void SHAInit(SHA_CTX *shsInfo)
{
endianTest(&shsInfo->Endianness);
/* Set the h-vars to their initial values */
shsInfo->digest[ 0 ] = h0init;
shsInfo->digest[ 1 ] = h1init;
shsInfo->digest[ 2 ] = h2init;
shsInfo->digest[ 3 ] = h3init;
shsInfo->digest[ 4 ] = h4init;
/* Initialise bit count */
shsInfo->countLo = shsInfo->countHi = 0;
}
/* Perform the SHS transformation. Note that this code, like MD5, seems to
break some optimizing compilers due to the complexity of the expressions
and the size of the basic block. It may be necessary to split it into
sections, e.g. based on the four subrounds
Note that this corrupts the shsInfo->data area */
static void SHSTransform( digest, data )
UINT4 *digest, *data ;
{
UINT4 A, B, C, D, E; /* Local vars */
UINT4 eData[ 16 ]; /* Expanded data */
/* Set up first buffer and local data buffer */
A = digest[ 0 ];
B = digest[ 1 ];
C = digest[ 2 ];
D = digest[ 3 ];
E = digest[ 4 ];
memcpy( (POINTER)eData, (POINTER)data, SHS_DATASIZE );
/* Heavy mangling, in 4 sub-rounds of 20 interations each. */
subRound( A, B, C, D, E, f1, K1, eData[ 0 ] );
subRound( E, A, B, C, D, f1, K1, eData[ 1 ] );
subRound( D, E, A, B, C, f1, K1, eData[ 2 ] );
subRound( C, D, E, A, B, f1, K1, eData[ 3 ] );
subRound( B, C, D, E, A, f1, K1, eData[ 4 ] );
subRound( A, B, C, D, E, f1, K1, eData[ 5 ] );
subRound( E, A, B, C, D, f1, K1, eData[ 6 ] );
subRound( D, E, A, B, C, f1, K1, eData[ 7 ] );
subRound( C, D, E, A, B, f1, K1, eData[ 8 ] );
subRound( B, C, D, E, A, f1, K1, eData[ 9 ] );
subRound( A, B, C, D, E, f1, K1, eData[ 10 ] );
subRound( E, A, B, C, D, f1, K1, eData[ 11 ] );
subRound( D, E, A, B, C, f1, K1, eData[ 12 ] );
subRound( C, D, E, A, B, f1, K1, eData[ 13 ] );
subRound( B, C, D, E, A, f1, K1, eData[ 14 ] );
subRound( A, B, C, D, E, f1, K1, eData[ 15 ] );
subRound( E, A, B, C, D, f1, K1, expand( eData, 16 ) );
subRound( D, E, A, B, C, f1, K1, expand( eData, 17 ) );
subRound( C, D, E, A, B, f1, K1, expand( eData, 18 ) );
subRound( B, C, D, E, A, f1, K1, expand( eData, 19 ) );
subRound( A, B, C, D, E, f2, K2, expand( eData, 20 ) );
subRound( E, A, B, C, D, f2, K2, expand( eData, 21 ) );
subRound( D, E, A, B, C, f2, K2, expand( eData, 22 ) );
subRound( C, D, E, A, B, f2, K2, expand( eData, 23 ) );
subRound( B, C, D, E, A, f2, K2, expand( eData, 24 ) );
subRound( A, B, C, D, E, f2, K2, expand( eData, 25 ) );
subRound( E, A, B, C, D, f2, K2, expand( eData, 26 ) );
subRound( D, E, A, B, C, f2, K2, expand( eData, 27 ) );
subRound( C, D, E, A, B, f2, K2, expand( eData, 28 ) );
subRound( B, C, D, E, A, f2, K2, expand( eData, 29 ) );
subRound( A, B, C, D, E, f2, K2, expand( eData, 30 ) );
subRound( E, A, B, C, D, f2, K2, expand( eData, 31 ) );
subRound( D, E, A, B, C, f2, K2, expand( eData, 32 ) );
subRound( C, D, E, A, B, f2, K2, expand( eData, 33 ) );
subRound( B, C, D, E, A, f2, K2, expand( eData, 34 ) );
subRound( A, B, C, D, E, f2, K2, expand( eData, 35 ) );
subRound( E, A, B, C, D, f2, K2, expand( eData, 36 ) );
subRound( D, E, A, B, C, f2, K2, expand( eData, 37 ) );
subRound( C, D, E, A, B, f2, K2, expand( eData, 38 ) );
subRound( B, C, D, E, A, f2, K2, expand( eData, 39 ) );
subRound( A, B, C, D, E, f3, K3, expand( eData, 40 ) );
subRound( E, A, B, C, D, f3, K3, expand( eData, 41 ) );
subRound( D, E, A, B, C, f3, K3, expand( eData, 42 ) );
subRound( C, D, E, A, B, f3, K3, expand( eData, 43 ) );
subRound( B, C, D, E, A, f3, K3, expand( eData, 44 ) );
subRound( A, B, C, D, E, f3, K3, expand( eData, 45 ) );
subRound( E, A, B, C, D, f3, K3, expand( eData, 46 ) );
subRound( D, E, A, B, C, f3, K3, expand( eData, 47 ) );
subRound( C, D, E, A, B, f3, K3, expand( eData, 48 ) );
subRound( B, C, D, E, A, f3, K3, expand( eData, 49 ) );
subRound( A, B, C, D, E, f3, K3, expand( eData, 50 ) );
subRound( E, A, B, C, D, f3, K3, expand( eData, 51 ) );
subRound( D, E, A, B, C, f3, K3, expand( eData, 52 ) );
subRound( C, D, E, A, B, f3, K3, expand( eData, 53 ) );
subRound( B, C, D, E, A, f3, K3, expand( eData, 54 ) );
subRound( A, B, C, D, E, f3, K3, expand( eData, 55 ) );
subRound( E, A, B, C, D, f3, K3, expand( eData, 56 ) );
subRound( D, E, A, B, C, f3, K3, expand( eData, 57 ) );
subRound( C, D, E, A, B, f3, K3, expand( eData, 58 ) );
subRound( B, C, D, E, A, f3, K3, expand( eData, 59 ) );
subRound( A, B, C, D, E, f4, K4, expand( eData, 60 ) );
subRound( E, A, B, C, D, f4, K4, expand( eData, 61 ) );
subRound( D, E, A, B, C, f4, K4, expand( eData, 62 ) );
subRound( C, D, E, A, B, f4, K4, expand( eData, 63 ) );
subRound( B, C, D, E, A, f4, K4, expand( eData, 64 ) );
subRound( A, B, C, D, E, f4, K4, expand( eData, 65 ) );
subRound( E, A, B, C, D, f4, K4, expand( eData, 66 ) );
subRound( D, E, A, B, C, f4, K4, expand( eData, 67 ) );
subRound( C, D, E, A, B, f4, K4, expand( eData, 68 ) );
subRound( B, C, D, E, A, f4, K4, expand( eData, 69 ) );
subRound( A, B, C, D, E, f4, K4, expand( eData, 70 ) );
subRound( E, A, B, C, D, f4, K4, expand( eData, 71 ) );
subRound( D, E, A, B, C, f4, K4, expand( eData, 72 ) );
subRound( C, D, E, A, B, f4, K4, expand( eData, 73 ) );
subRound( B, C, D, E, A, f4, K4, expand( eData, 74 ) );
subRound( A, B, C, D, E, f4, K4, expand( eData, 75 ) );
subRound( E, A, B, C, D, f4, K4, expand( eData, 76 ) );
subRound( D, E, A, B, C, f4, K4, expand( eData, 77 ) );
subRound( C, D, E, A, B, f4, K4, expand( eData, 78 ) );
subRound( B, C, D, E, A, f4, K4, expand( eData, 79 ) );
/* Build message digest */
digest[ 0 ] += A;
digest[ 1 ] += B;
digest[ 2 ] += C;
digest[ 3 ] += D;
digest[ 4 ] += E;
}
/* When run on a little-endian CPU we need to perform byte reversal on an
array of long words. */
static void longReverse(UINT4 *buffer, int byteCount, int Endianness )
{
UINT4 value;
if (Endianness==TRUE) return;
byteCount /= sizeof( UINT4 );
while( byteCount-- )
{
value = *buffer;
value = ( ( value & 0xFF00FF00L ) >> 8 ) | \
( ( value & 0x00FF00FFL ) << 8 );
*buffer++ = ( value << 16 ) | ( value >> 16 );
}
}
/* Update SHS for a block of data */
void SHAUpdate(SHA_CTX *shsInfo, BYTE *buffer, int count)
{
UINT4 tmp;
int dataCount;
/* Update bitcount */
tmp = shsInfo->countLo;
if ( ( shsInfo->countLo = tmp + ( ( UINT4 ) count << 3 ) ) < tmp )
shsInfo->countHi++; /* Carry from low to high */
shsInfo->countHi += count >> 29;
/* Get count of bytes already in data */
dataCount = ( int ) ( tmp >> 3 ) & 0x3F;
/* Handle any leading odd-sized chunks */
if( dataCount )
{
BYTE *p = ( BYTE * ) shsInfo->data + dataCount;
dataCount = SHS_DATASIZE - dataCount;
if( count < dataCount )
{
memcpy( p, buffer, count );
return;
}
memcpy( p, buffer, dataCount );
longReverse( shsInfo->data, SHS_DATASIZE, shsInfo->Endianness);
SHSTransform( shsInfo->digest, shsInfo->data );
buffer += dataCount;
count -= dataCount;
}
/* Process data in SHS_DATASIZE chunks */
while( count >= SHS_DATASIZE )
{
memcpy( (POINTER)shsInfo->data, (POINTER)buffer, SHS_DATASIZE );
longReverse( shsInfo->data, SHS_DATASIZE, shsInfo->Endianness );
SHSTransform( shsInfo->digest, shsInfo->data );
buffer += SHS_DATASIZE;
count -= SHS_DATASIZE;
}
/* Handle any remaining bytes of data. */
memcpy( (POINTER)shsInfo->data, (POINTER)buffer, count );
}
/* Final wrapup - pad to SHS_DATASIZE-byte boundary with the bit pattern
1 0* (64-bit count of bits processed, MSB-first) */
void SHAFinal(BYTE *output, SHA_CTX *shsInfo)
{
int count;
BYTE *dataPtr;
/* Compute number of bytes mod 64 */
count = ( int ) shsInfo->countLo;
count = ( count >> 3 ) & 0x3F;
/* Set the first char of padding to 0x80. This is safe since there is
always at least one byte free */
dataPtr = ( BYTE * ) shsInfo->data + count;
*dataPtr++ = 0x80;
/* Bytes of padding needed to make 64 bytes */
count = SHS_DATASIZE - 1 - count;
/* Pad out to 56 mod 64 */
if( count < 8 )
{
/* Two lots of padding: Pad the first block to 64 bytes */
memset( dataPtr, 0, count );
longReverse( shsInfo->data, SHS_DATASIZE, shsInfo->Endianness );
SHSTransform( shsInfo->digest, shsInfo->data );
/* Now fill the next block with 56 bytes */
memset( (POINTER)shsInfo->data, 0, SHS_DATASIZE - 8 );
}
else
/* Pad block to 56 bytes */
memset( dataPtr, 0, count - 8 );
/* Append length in bits and transform */
shsInfo->data[ 14 ] = shsInfo->countHi;
shsInfo->data[ 15 ] = shsInfo->countLo;
longReverse( shsInfo->data, SHS_DATASIZE - 8, shsInfo->Endianness );
SHSTransform( shsInfo->digest, shsInfo->data );
/* Output to an array of bytes */
SHAtoByte(output, shsInfo->digest, SHS_DIGESTSIZE);
/* Zeroise sensitive stuff */
memset((POINTER)shsInfo, 0, sizeof(shsInfo));
}
static void SHAtoByte(BYTE *output, UINT4 *input, unsigned int len)
{ /* Output SHA digest in byte array */
unsigned int i, j;
for(i = 0, j = 0; j < len; i++, j += 4)
{
output[j+3] = (BYTE)( input & 0xff);
output[j+2] = (BYTE)((input >> 8 ) & 0xff);
output[j+1] = (BYTE)((input >> 16) & 0xff);
output[j ] = (BYTE)((input >> 24) & 0xff);
}
}
unsigned char digest[20];
unsigned char message[3] = {'a', 'b', 'c' };
unsigned char *mess56 =
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
/* Correct solutions from FIPS PUB 180-1 */
char *dig1 = "A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D";
char *dig2 = "84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1";
char *dig3 = "34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F";
/* Output should look like:-
a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d
A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D <= correct
84983e44 1c3bd26e baae4aa1 f95129e5 e54670f1
84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 <= correct
34aa973c d4c4daa4 f61eeb2b dbad2731 6534016f
34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F <= correct
*/
/* endian.c */
void endianTest(int *endian_ness)
{
if((*(unsigned short *) ("#S") >> 8) == '#')
{
/* printf("Big endian = no change\n"); */
*endian_ness = !(0);
}
else
{
/* printf("Little endian = swap\n"); */
*endian_ness = 0;
}
}
// ****************************************** //
// Don't change the above SHA1 core routines //
// ****************************************** //
// Professor Zhang made the following two functions for testing SHA1
// hash regular C-String str, put the hash value in ha
void SHAString( char* str, unsigned char* ha )
{
SHA_CTX shaContext;
int bytes = strlen( str );
SHAInit( &shaContext );
SHAUpdate( &shaContext, str, bytes );
SHAFinal( ha, &shaContext );
}
// hash a hex string represented by cstring, then put hash value in ha
void SHAHexstr( char* hexstr, unsigned char* ha )
{
SHA_CTX shaContext;
int bytes;
int i;
BYTE data[1024];
bytes = strlen( hexstr )/2;
for( i = 0; i < bytes; i ++ )
sscanf( hexstr + 2*i, "%02x", &data );
SHAInit( &shaContext );
SHAUpdate( &shaContext, data, bytes );
SHAFinal( ha, &shaContext );
}
int main()
{
char str[] = "The quick brown fox jumps over the lazy dog";
int i;
char hexstr[] = "FFFFFFFF";
BYTE target[20];
SHAHexstr( hexstr, target );
for (i = 0; i < 20; i++)
printf("%02x", target);
printf( "\n\n" );
SHAString( str, target );
for (i = 0; i < 20; i++)
printf("%02x", target);
printf( "\n\n" );
return 0;
}
- Src Https Www Di Mgt Com Au Src Sha1 C Txt Sha1 C Implementation Of The Secure Hash Algorithm Sha 5 (15 KiB) Viewed 59 times
You will be making two functions as specified below, one for generating a tag for a string, the other for generating a tag for a given file (in any format, say, pdf, docx, exc, txt,jpeg, etc.) • brief HMAC-SHA message authentication code for a string /file param msg input string param key input key param inFile input file name param mode control input parameter types retum generated tag * unsigned char* Hmacshal_str(unsigned char key, unsigned char* msg, int mode): unsigned char* Hmacshal_filelunsigned char* key, char* inFile, int mode): When mode = 0, the type for msg and key is string mode - 1. the type for msg and key is hex, mode - 2 the type for msg and key is base-64. Returned tag always uses hex format Make sure your project gives the correct results with various less vectors. For example, if both secret key and msg are strings the call to Hmacshal_str() and the generated tag are Hmacshal_str("key", "The quick brown fox jumps over the lazy dog", 0); de 7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9 You should test other test vectors with your code, and then compare your results with the ones from your favorite online HMAC calculators. Submission: Each team only needs to have one submission, it includes the following: Source code put all source code files into one folder and zip it to TeamName_Hmacshal.zip. Before submission, make sure you code can generate tags correctly. 2. Technical report in pdf as TeamName_Himachal.pdf, which includes btitle page include team name, team members names >> Various test vectors and their results in different modes: Technical difficulties you've encountered while doing the project and the solutions to these technical difficulties What you have learned from doing this project.
Team Project #7 - HMAC-SHAI Max Score: 20 pts, Due: Thurs 5/12 Again, this is a team project. It is to create HMAC-SHAl message authentication tags with various input formats. The source code for the hash function SHAlis given on Blackboard (Proj shal.c.zip), which is a slightly modified version from bttps://www.di-mgt.com.au'sto'shal.c.txt We need you to implement a HMAC-SHAI message authentication tag generating function based on the formula given in the lecture: 1=HMACSHA1(kx)=SHAT (WA opad) | SHAH (WA ipad) *) where is the generated tag, k is the secret key, and x is the message You will be making two functions as specified below, one for generating a tag for a string, the other for generating a tag for a given file (in any format, say, pdf, docx, exe, txt, jpeg, etc.) brief HMAC-SHAI message authentication code for a string /file param msg input string param key input key * \param in File input file name * \param mode control input parameter types * retum generated tag unsigned char* Hmacshal strf unsigned char key, unsigned char* msg, int mode): unsigned char* Hmacshal_file unsigned char* key, char in File, int mode): When mode - 0, the type for msg and key is string mode - 1. the type for msg and key is hex: mode - 2. the type for msg and key is base-64. Returned tag always uses hex format. Make sure your project gives the correct results with various test vectors. For example, if both secret key and msg are strings, the call to Hmacshal_str() and the generated tag are: Hmacshal_str("key", "The quick brown fox jumps over the lazy dog", 0); de 7c9b85b8b78aa6bc8a7a36570a90701c9db4d9 You should test other test vectors with your code, and then compare your results with the ones from your favorite online HMAC calculators Submission: Each team only needs to have one submission, it includes the following:
Submission: Each team only needs to have one submission, it includes the following: 1 Source code: put all source code files into one folder and zip it to TeamName_Hmacshal.zip. Before submission, make sure you code can generate tags correctly. 2. Technical report in pdf as TeamName_Hmarshal.pdf, which includes title page include team name, team members names: >> Various test vectors and their results in different modes: Technical difficulties you've encountered while doing the project and the solutions to these technical difficulties What you have learned from doing this project.