2 * SHA1 hash algorithm. Used in SSH2 as a MAC, and the transform is
3 * also used as a `stirring' function for the PuTTY random number
4 * pool. Implemented directly from the specification by Simon
10 typedef unsigned int uint32;
12 /* ----------------------------------------------------------------------
13 * Core SHA algorithm: processes 16-word blocks into a message digest.
16 #define rol(x,y) ( ((x) << (y)) | (((uint32)x) >> (32-y)) )
18 void SHA_Core_Init(uint32 h[5]) {
26 void SHATransform(word32 *digest, word32 *block) {
31 for (t = 0; t < 16; t++)
34 for (t = 16; t < 80; t++) {
35 word32 tmp = w[t-3] ^ w[t-8] ^ w[t-14] ^ w[t-16];
45 for (t = 0; t < 20; t++) {
46 word32 tmp = rol(a, 5) + ( (b&c) | (d&~b) ) + e + w[t] + 0x5a827999;
47 e = d; d = c; c = rol(b, 30); b = a; a = tmp;
49 for (t = 20; t < 40; t++) {
50 word32 tmp = rol(a, 5) + (b^c^d) + e + w[t] + 0x6ed9eba1;
51 e = d; d = c; c = rol(b, 30); b = a; a = tmp;
53 for (t = 40; t < 60; t++) {
54 word32 tmp = rol(a, 5) + ( (b&c) | (b&d) | (c&d) ) + e + w[t] + 0x8f1bbcdc;
55 e = d; d = c; c = rol(b, 30); b = a; a = tmp;
57 for (t = 60; t < 80; t++) {
58 word32 tmp = rol(a, 5) + (b^c^d) + e + w[t] + 0xca62c1d6;
59 e = d; d = c; c = rol(b, 30); b = a; a = tmp;
69 /* ----------------------------------------------------------------------
70 * Outer SHA algorithm: take an arbitrary length byte string,
71 * convert it into 16-word blocks with the prescribed padding at
72 * the end, and pass those blocks to the core SHA algorithm.
75 void SHA_Init(SHA_State *s) {
78 s->lenhi = s->lenlo = 0;
81 void SHA_Bytes(SHA_State *s, void *p, int len) {
82 unsigned char *q = (unsigned char *)p;
88 * Update the length field.
91 s->lenhi += (s->lenlo < lenw);
93 if (s->blkused && s->blkused+len < 64) {
95 * Trivial case: just add to the block.
97 memcpy(s->block + s->blkused, q, len);
101 * We must complete and process at least one block.
103 while (s->blkused + len >= 64) {
104 memcpy(s->block + s->blkused, q, 64 - s->blkused);
105 q += 64 - s->blkused;
106 len -= 64 - s->blkused;
107 /* Now process the block. Gather bytes big-endian into words */
108 for (i = 0; i < 16; i++) {
110 ( ((uint32)s->block[i*4+0]) << 24 ) |
111 ( ((uint32)s->block[i*4+1]) << 16 ) |
112 ( ((uint32)s->block[i*4+2]) << 8 ) |
113 ( ((uint32)s->block[i*4+3]) << 0 );
115 SHATransform(s->h, wordblock);
118 memcpy(s->block, q, len);
123 void SHA_Final(SHA_State *s, unsigned char *output) {
129 if (s->blkused >= 56)
130 pad = 56 + 64 - s->blkused;
132 pad = 56 - s->blkused;
134 lenhi = (s->lenhi << 3) | (s->lenlo >> (32-3));
135 lenlo = (s->lenlo << 3);
139 SHA_Bytes(s, &c, pad);
141 c[0] = (lenhi >> 24) & 0xFF;
142 c[1] = (lenhi >> 16) & 0xFF;
143 c[2] = (lenhi >> 8) & 0xFF;
144 c[3] = (lenhi >> 0) & 0xFF;
145 c[4] = (lenlo >> 24) & 0xFF;
146 c[5] = (lenlo >> 16) & 0xFF;
147 c[6] = (lenlo >> 8) & 0xFF;
148 c[7] = (lenlo >> 0) & 0xFF;
152 for (i = 0; i < 5; i++) {
153 output[i*4 ] = (s->h[i] >> 24) & 0xFF;
154 output[i*4+1] = (s->h[i] >> 16) & 0xFF;
155 output[i*4+2] = (s->h[i] >> 8) & 0xFF;
156 output[i*4+3] = (s->h[i] ) & 0xFF;
160 void SHA_Simple(void *p, int len, unsigned char *output) {
164 SHA_Bytes(&s, p, len);
165 SHA_Final(&s, output);
168 /* ----------------------------------------------------------------------
169 * The above is the SHA-1 algorithm itself. Now we implement the
170 * HMAC wrapper on it.
173 static SHA_State sha1_cs_mac_s1, sha1_cs_mac_s2;
174 static SHA_State sha1_sc_mac_s1, sha1_sc_mac_s2;
176 static void sha1_key(SHA_State *s1, SHA_State *s2,
177 unsigned char *key, int len) {
178 unsigned char foo[64];
181 memset(foo, 0x36, 64);
182 for (i = 0; i < len && i < 64; i++)
185 SHA_Bytes(s1, foo, 64);
187 memset(foo, 0x5C, 64);
188 for (i = 0; i < len && i < 64; i++)
191 SHA_Bytes(s2, foo, 64);
193 memset(foo, 0, 64); /* burn the evidence */
196 static void sha1_cskey(unsigned char *key) {
197 sha1_key(&sha1_cs_mac_s1, &sha1_cs_mac_s2, key, 20);
200 static void sha1_sckey(unsigned char *key) {
201 sha1_key(&sha1_sc_mac_s1, &sha1_sc_mac_s2, key, 20);
204 static void sha1_do_hmac(SHA_State *s1, SHA_State *s2,
205 unsigned char *blk, int len, unsigned long seq,
206 unsigned char *hmac) {
208 unsigned char intermediate[20];
210 intermediate[0] = (unsigned char)((seq >> 24) & 0xFF);
211 intermediate[1] = (unsigned char)((seq >> 16) & 0xFF);
212 intermediate[2] = (unsigned char)((seq >> 8) & 0xFF);
213 intermediate[3] = (unsigned char)((seq ) & 0xFF);
215 s = *s1; /* structure copy */
216 SHA_Bytes(&s, intermediate, 4);
217 SHA_Bytes(&s, blk, len);
218 SHA_Final(&s, intermediate);
219 s = *s2; /* structure copy */
220 SHA_Bytes(&s, intermediate, 20);
224 static void sha1_generate(unsigned char *blk, int len, unsigned long seq) {
225 sha1_do_hmac(&sha1_cs_mac_s1, &sha1_cs_mac_s2, blk, len, seq, blk+len);
228 static int sha1_verify(unsigned char *blk, int len, unsigned long seq) {
229 unsigned char correct[20];
230 sha1_do_hmac(&sha1_sc_mac_s1, &sha1_sc_mac_s2, blk, len, seq, correct);
231 return !memcmp(correct, blk+len, 20);
234 struct ssh_mac ssh_sha1 = {
235 sha1_cskey, sha1_sckey,
projects / PuTTY.git / blob