3 By Steve Reid <steve@edmweb.com>
6 Test Vectors (from FIPS PUB 180-1)
8 A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
9 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
10 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
11 A million repetitions of "a"
12 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
15 /* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
16 /* #define SHA1HANDSOFF * Copies data before messing with it. */
28 #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
30 /* blk0() and blk() perform the initial expand. */
31 /* I got the idea of expanding during the round function from SSLeay */
32 #if defined(LITTLE_ENDIAN)
34 (block->l[i] = (rol(block->l[i], 24) & 0xFF00FF00) | \
35 (rol(block->l[i], 8) & 0x00FF00FF))
36 #elif defined(BIG_ENDIAN)
37 #define blk0(i) block->l[i]
39 #error "Endianness not defined!"
42 (block->l[i & 15] = rol(block->l[(i + 13) & 15] ^ block->l[(i + 8) & 15] ^ \
43 block->l[(i + 2) & 15] ^ block->l[i & 15], \
46 /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
47 #define R0(v, w, x, y, z, i) \
48 z += ((w & (x ^ y)) ^ y) + blk0(i) + 0x5A827999 + rol(v, 5); \
50 #define R1(v, w, x, y, z, i) \
51 z += ((w & (x ^ y)) ^ y) + blk(i) + 0x5A827999 + rol(v, 5); \
53 #define R2(v, w, x, y, z, i) \
54 z += (w ^ x ^ y) + blk(i) + 0x6ED9EBA1 + rol(v, 5); \
56 #define R3(v, w, x, y, z, i) \
57 z += (((w | x) & y) | (w & x)) + blk(i) + 0x8F1BBCDC + rol(v, 5); \
59 #define R4(v, w, x, y, z, i) \
60 z += (w ^ x ^ y) + blk(i) + 0xCA62C1D6 + rol(v, 5); \
63 static void SHA1Transform(uint32_t state[5], const unsigned char buffer[64]);
65 static void SHA1Init(SHA1_CTX *context);
67 static void SHA1Update(SHA1_CTX *context, const unsigned char *data, uint32_t len);
69 static void SHA1Final(unsigned char digest[20], SHA1_CTX *context);
72 /* Hash a single 512-bit block. This is the core of the algorithm. */
74 static void SHA1Transform(uint32_t state[5], const unsigned char buffer[64]) {
75 uint32_t a, b, c, d, e;
83 CHAR64LONG16 block[1]; /* use array to appear as a pointer */
85 memcpy(block, buffer, 64);
87 /* The following had better never be used because it causes the
88 * pointer-to-const buffer to be cast into a pointer to non-const.
89 * And the result is written through. I threw a "const" in, hoping
90 * this will cause a diagnostic.
92 CHAR64LONG16 *block = (const CHAR64LONG16 *)buffer;
94 /* Copy context->state[] to working vars */
100 /* 4 rounds of 20 operations each. Loop unrolled. */
101 R0(a, b, c, d, e, 0);
102 R0(e, a, b, c, d, 1);
103 R0(d, e, a, b, c, 2);
104 R0(c, d, e, a, b, 3);
105 R0(b, c, d, e, a, 4);
106 R0(a, b, c, d, e, 5);
107 R0(e, a, b, c, d, 6);
108 R0(d, e, a, b, c, 7);
109 R0(c, d, e, a, b, 8);
110 R0(b, c, d, e, a, 9);
111 R0(a, b, c, d, e, 10);
112 R0(e, a, b, c, d, 11);
113 R0(d, e, a, b, c, 12);
114 R0(c, d, e, a, b, 13);
115 R0(b, c, d, e, a, 14);
116 R0(a, b, c, d, e, 15);
117 R1(e, a, b, c, d, 16);
118 R1(d, e, a, b, c, 17);
119 R1(c, d, e, a, b, 18);
120 R1(b, c, d, e, a, 19);
121 R2(a, b, c, d, e, 20);
122 R2(e, a, b, c, d, 21);
123 R2(d, e, a, b, c, 22);
124 R2(c, d, e, a, b, 23);
125 R2(b, c, d, e, a, 24);
126 R2(a, b, c, d, e, 25);
127 R2(e, a, b, c, d, 26);
128 R2(d, e, a, b, c, 27);
129 R2(c, d, e, a, b, 28);
130 R2(b, c, d, e, a, 29);
131 R2(a, b, c, d, e, 30);
132 R2(e, a, b, c, d, 31);
133 R2(d, e, a, b, c, 32);
134 R2(c, d, e, a, b, 33);
135 R2(b, c, d, e, a, 34);
136 R2(a, b, c, d, e, 35);
137 R2(e, a, b, c, d, 36);
138 R2(d, e, a, b, c, 37);
139 R2(c, d, e, a, b, 38);
140 R2(b, c, d, e, a, 39);
141 R3(a, b, c, d, e, 40);
142 R3(e, a, b, c, d, 41);
143 R3(d, e, a, b, c, 42);
144 R3(c, d, e, a, b, 43);
145 R3(b, c, d, e, a, 44);
146 R3(a, b, c, d, e, 45);
147 R3(e, a, b, c, d, 46);
148 R3(d, e, a, b, c, 47);
149 R3(c, d, e, a, b, 48);
150 R3(b, c, d, e, a, 49);
151 R3(a, b, c, d, e, 50);
152 R3(e, a, b, c, d, 51);
153 R3(d, e, a, b, c, 52);
154 R3(c, d, e, a, b, 53);
155 R3(b, c, d, e, a, 54);
156 R3(a, b, c, d, e, 55);
157 R3(e, a, b, c, d, 56);
158 R3(d, e, a, b, c, 57);
159 R3(c, d, e, a, b, 58);
160 R3(b, c, d, e, a, 59);
161 R4(a, b, c, d, e, 60);
162 R4(e, a, b, c, d, 61);
163 R4(d, e, a, b, c, 62);
164 R4(c, d, e, a, b, 63);
165 R4(b, c, d, e, a, 64);
166 R4(a, b, c, d, e, 65);
167 R4(e, a, b, c, d, 66);
168 R4(d, e, a, b, c, 67);
169 R4(c, d, e, a, b, 68);
170 R4(b, c, d, e, a, 69);
171 R4(a, b, c, d, e, 70);
172 R4(e, a, b, c, d, 71);
173 R4(d, e, a, b, c, 72);
174 R4(c, d, e, a, b, 73);
175 R4(b, c, d, e, a, 74);
176 R4(a, b, c, d, e, 75);
177 R4(e, a, b, c, d, 76);
178 R4(d, e, a, b, c, 77);
179 R4(c, d, e, a, b, 78);
180 R4(b, c, d, e, a, 79);
181 /* Add the working vars back into context.state[] */
188 a = b = c = d = e = 0;
190 memset(block, '\0', sizeof(block));
194 /* SHA1Init - Initialize new context */
196 static void SHA1Init(SHA1_CTX *context) {
197 /* SHA1 initialization constants */
198 context->state[0] = 0x67452301;
199 context->state[1] = 0xEFCDAB89;
200 context->state[2] = 0x98BADCFE;
201 context->state[3] = 0x10325476;
202 context->state[4] = 0xC3D2E1F0;
203 context->count[0] = context->count[1] = 0;
206 /* Run your data through this. */
208 static void SHA1Update(SHA1_CTX *context, const unsigned char *data, uint32_t len) {
213 j = context->count[0];
214 if ((context->count[0] += len << 3) < j)
216 context->count[1] += (len >> 29);
218 if ((j + len) > 63) {
219 memcpy(&context->buffer[j], data, (i = 64 - j));
220 SHA1Transform(context->state, context->buffer);
221 for (; i + 63 < len; i += 64) {
222 SHA1Transform(context->state, &data[i]);
227 memcpy(&context->buffer[j], &data[i], len - i);
230 /* Add padding and return the message digest. */
232 static void SHA1Final(unsigned char digest[20], SHA1_CTX *context) {
235 unsigned char finalcount[8];
239 #if 0 /* untested "improvement" by DHR */
240 /* Convert context->count to a sequence of bytes
241 * in finalcount. Second element first, but
242 * big-endian order within element.
243 * But we do it all backwards.
245 unsigned char *fcp = &finalcount[8];
247 for (i = 0; i < 2; i++)
249 uint32_t t = context->count[i];
253 for (j = 0; j < 4; t >>= 8, j++)
254 *--fcp = (unsigned char) t}
256 for (i = 0; i < 8; i++) {
257 finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] >>
258 ((3 - (i & 3)) * 8)) &
259 255); /* Endian independent */
263 SHA1Update(context, &c, 1);
264 while ((context->count[0] & 504) != 448) {
266 SHA1Update(context, &c, 1);
268 SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
269 for (i = 0; i < 20; i++) {
271 (unsigned char)((context->state[i >> 2] >> ((3 - (i & 3)) * 8)) &
275 memset(context, '\0', sizeof(*context));
276 memset(&finalcount, '\0', sizeof(finalcount));
279 void builtin_SHA1(char *hash_out, const char *str, int len) {
284 for (ii = 0; ii < len; ii += 1)
285 SHA1Update(&ctx, (const unsigned char *)str + ii, 1);
286 SHA1Final((unsigned char *)hash_out, &ctx);