1 /*********************************************************************
3 * Author: Brad Conte (brad AT bradconte.com)
5 * Disclaimer: This code is presented "as is" without any guarantees.
6 * Details: Implementation of the SHA1 hashing algorithm.
7 Algorithm specification can be found here:
8 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf
9 This implementation uses little endian byte order.
10 *********************************************************************/
12 /*************************** HEADER FILES ***************************/
17 /****************************** MACROS ******************************/
18 #define ROTLEFT(a, b) ((a << b) | (a >> (32 - b)))
20 /*********************** FUNCTION DEFINITIONS ***********************/
21 void sha1_transform(SHA1_CTX *ctx, const BYTE data[])
23 WORD a, b, c, d, e, i, j, t, m[80];
25 for (i = 0, j = 0; i < 16; ++i, j += 4)
26 m[i] = (data[j] << 24) + (data[j + 1] << 16) + (data[j + 2] << 8) + (data[j + 3]);
27 for ( ; i < 80; ++i) {
28 m[i] = (m[i - 3] ^ m[i - 8] ^ m[i - 14] ^ m[i - 16]);
29 m[i] = (m[i] << 1) | (m[i] >> 31);
38 for (i = 0; i < 20; ++i) {
39 t = ROTLEFT(a, 5) + ((b & c) ^ (~b & d)) + e + ctx->k[0] + m[i];
46 for ( ; i < 40; ++i) {
47 t = ROTLEFT(a, 5) + (b ^ c ^ d) + e + ctx->k[1] + m[i];
54 for ( ; i < 60; ++i) {
55 t = ROTLEFT(a, 5) + ((b & c) ^ (b & d) ^ (c & d)) + e + ctx->k[2] + m[i];
62 for ( ; i < 80; ++i) {
63 t = ROTLEFT(a, 5) + (b ^ c ^ d) + e + ctx->k[3] + m[i];
78 void sha1_init(SHA1_CTX *ctx)
82 ctx->state[0] = 0x67452301;
83 ctx->state[1] = 0xEFCDAB89;
84 ctx->state[2] = 0x98BADCFE;
85 ctx->state[3] = 0x10325476;
86 ctx->state[4] = 0xc3d2e1f0;
87 ctx->k[0] = 0x5a827999;
88 ctx->k[1] = 0x6ed9eba1;
89 ctx->k[2] = 0x8f1bbcdc;
90 ctx->k[3] = 0xca62c1d6;
93 void sha1_update(SHA1_CTX *ctx, const BYTE data[], size_t len)
97 for (i = 0; i < len; ++i) {
98 ctx->data[ctx->datalen] = data[i];
100 if (ctx->datalen == 64) {
101 sha1_transform(ctx, ctx->data);
108 void sha1_final(SHA1_CTX *ctx, BYTE hash[])
114 // Pad whatever data is left in the buffer.
115 if (ctx->datalen < 56) {
116 ctx->data[i++] = 0x80;
118 ctx->data[i++] = 0x00;
121 ctx->data[i++] = 0x80;
123 ctx->data[i++] = 0x00;
124 sha1_transform(ctx, ctx->data);
125 memset(ctx->data, 0, 56);
128 // Append to the padding the total message's length in bits and transform.
129 ctx->bitlen += ctx->datalen * 8;
130 ctx->data[63] = ctx->bitlen;
131 ctx->data[62] = ctx->bitlen >> 8;
132 ctx->data[61] = ctx->bitlen >> 16;
133 ctx->data[60] = ctx->bitlen >> 24;
134 ctx->data[59] = ctx->bitlen >> 32;
135 ctx->data[58] = ctx->bitlen >> 40;
136 ctx->data[57] = ctx->bitlen >> 48;
137 ctx->data[56] = ctx->bitlen >> 56;
138 sha1_transform(ctx, ctx->data);
140 // Since this implementation uses little endian byte ordering and MD uses big endian,
141 // reverse all the bytes when copying the final state to the output hash.
142 for (i = 0; i < 4; ++i) {
143 hash[i] = (ctx->state[0] >> (24 - i * 8)) & 0x000000ff;
144 hash[i + 4] = (ctx->state[1] >> (24 - i * 8)) & 0x000000ff;
145 hash[i + 8] = (ctx->state[2] >> (24 - i * 8)) & 0x000000ff;
146 hash[i + 12] = (ctx->state[3] >> (24 - i * 8)) & 0x000000ff;
147 hash[i + 16] = (ctx->state[4] >> (24 - i * 8)) & 0x000000ff;