安全哈希算法(Secure Hash Algorithm)主要适用于数字签名标准 (Digital Signature Standard DSS)里面定义的数字签名算法(Digital Signature Algorithm DSA)。对于长度小于2^64位的消息。SHA1会产生一个160位的消息摘要。当接收到消息的时候,这个消息摘要能够用来验证数据的完整性。在传输的过程中。数据非常可能会发生变化,那么这时候就会产生不同的消息摘要。
SHA1有例如以下特性:不能够从消息摘要中复原信息;两个不同的消息不会产生相同的消息摘要。
算法实现的版本号比較多,下面代码来自:http://download.csdn.net/detail/zhangrulzu/2936159,代码行数非常少,但确实实现了想要的效果。
下载的SHA-1算法:
#include<stdio.h>
void creat_w(unsigned char input[64],unsigned long w[80])
{int i,j;unsigned long temp,temp1;for(i=0;i<16;i++){j=4*i;w[i]=((long)input[j])<<24 |((long)input[1+j])<<16|((long)input[2+j])<<8|((long)input[3+j])<<0;}for(i=16;i<80;i++){w[i]=w[i-16]^w[i-14]^w[i-8]^w[i-3];temp=w[i]<<1;temp1=w[i]>>31;w[i]=temp|temp1;}
}
char ms_len(long a,char intput[64])
{unsigned long temp3,p1; int i,j;temp3=0;p1=~(~temp3<<8);for(i=0;i<4;i++){j=8*i;intput[63-i]=(char)((a&(p1<<j))>>j);}}
main()
{unsigned long H0=0x67452301,H1=0xefcdab89,H2=0x98badcfe,H3=0x10325476,H4=0xc3d2e1f0;unsigned long A,B,C,D,E,temp,temp1,temp2,temp3,k,f;int i,flag;unsigned long w[80];unsigned char input[64]; long x;int n;printf("input message:\n");scanf("%s",input);n=strlen(input);if(n<57){x=n*8;ms_len(x,input);if(n==56)for(i=n;i<60;i++)input[i]=0;else{input[n]=128;for(i=n+1;i<60;i++)input[i]=0;}}creat_w(input,w);/*for(i=0;i<80;i++)printf("%lx,",w[i]);*/printf("\n");A=H0;B=H1;C=H2;D=H3;E=H4;for(i=0;i<80;i++){flag=i/20;switch(flag){case 0: k=0x5a827999;f=(B&C)|(~B&D);break;case 1: k=0x6ed9eba1;f=B^C^D;break;case 2: k=0x8f1bbcdc;f=(B&C)|(B&D)|(C&D);break;case 3: k=0xca62c1d6;f=B^C^D;break;}/*printf("%lx,%lx\n",k,f); */temp1=A<<5;temp2=A>>27;temp3=temp1|temp2;temp=temp3+f+E+w[i]+k;E=D;D=C;temp1=B<<30;temp2=B>>2;C=temp1|temp2;B=A;A=temp;printf("%lx,%lx,%lx,%lx,%lx\n",A,B,C,D,E);}H0=H0+A;H1=H1+B;H2=H2+C;H3=H3+D;H4=H4+E;printf("\noutput hash value:\n");printf("%lx,%lx,%lx,%lx,%lx",H0,H1,H2,H3,H4);getch();
}
这里对算法验证过程做一个记录说明:
Visual Studio 2005,文件》新建》项目》Visual c++》Win32控制台应用程序,输入项目名称“SHA1”。完毕;
把下载的代码贴到SHA1.cpp文件末尾,复制“int _tmain(int argc, _TCHAR* argv[])”,删除_tmain函数。替换“main()”;
编译代码。提示下面错误:
错误 2 error C3861: “strlen”: 找不到标识符 e:\devlop\sha1\sha1\sha1.cpp 43
错误 3 error C2664: “ms_len”: 不能将參数 2 从“unsigned char [64]”转换为“char []” e:\devlop\sha1\sha1\sha1.cpp 47
错误 4 error C3861: “getch”: 找不到标识符 e:\devlop\sha1\sha1\sha1.cpp 98
第一条是警告。能够不处理
警告 1 warning C4996: 'scanf': This function or variable may be unsafe. Consider using scanf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. e:\devlop\sha1\sha1\sha1.cpp 42
双击错误2。定位到错误位置,在“strlen"上单击鼠标右键》Refactor》Add Include,例如以下图:
假设没有这一项,那应该是没有安装VC助手的原因;
双击错误3,定位到错误位置。在变量input前加(char*)强制转换;
双击错误4,定位到错误位置,在“getch"上单击鼠标右键》Refactor》Add Include;
按F6键编译项目,发现还有错误:
错误 2 error C2664: “strlen”: 不能将參数 1 从“unsigned char [64]”转换为“const char *” e:\devlop\sha1\sha1\sha1.cpp 45
双击错误2,定位到错误位置,在input前加(LPSTR)强制转换,编译。还有错误:
错误 2 error C2065: “LPSTR”: 未声明的标识符 e:\devlop\sha1\sha1\sha1.cpp 45
错误 3 error C2146: 语法错误 : 缺少“)”(在标识符“input”的前面) e:\devlop\sha1\sha1\sha1.cpp 45
错误 4 error C2059: 语法错误 : “)” e:\devlop\sha1\sha1\sha1.cpp 45
还是找不到标识符。方法一样:在“LPSTR"上单击鼠标右键》Refactor》Add Include;
再编译。又报错:
错误 4 error C4716: “ms_len”: 必须返回一个值 e:\devlop\sha1\sha1\sha1.cpp 38
定位到错误位置,细致看了一下,这个函数的返回值应该没什么用,随便返回一个:return '0';
再编译,OK。最终生成成功了。
F5调试,输入:abcd,回车。哦。输出了好多东东,查看代码的输出调用,
找到92行应该没用,凝视://printf("%lx,%lx,%lx,%lx,%lx\n",A,B,C,D,E);//输出编码过程。
最后得到的SHA1哈希值中还有逗号,找到100行。将printf("%lx,%lx,%lx,%lx,%lx",H0,H1,H2,H3,H4);格式化字符串中的逗号去掉;
再编译。F5调试。输入:abcd,回车,结果例如以下图:
得到的结果对不正确呢。找到一个在线SHA1加密工具,输入abcd,结果例如以下:
对照一下,OK,结果一至。
改动后的SHA-1算法:
// SHA1.cpp : 定义控制台应用程序的入口点。
//
#include "stdafx.h"
#include<stdio.h>
#include <string.h>
#include <conio.h>
#include <wtypes.h>
void creat_w(unsigned char input[64],unsigned long w[80])
{int i,j;unsigned long temp,temp1;for(i=0;i<16;i++){j=4*i;w[i]=((long)input[j])<<24 |((long)input[1+j])<<16|((long)input[2+j])<<8|((long)input[3+j])<<0;}for(i=16;i<80;i++){w[i]=w[i-16]^w[i-14]^w[i-8]^w[i-3];temp=w[i]<<1;temp1=w[i]>>31;w[i]=temp|temp1;}
}
char ms_len(long a,char intput[64])
{unsigned long temp3,p1; int i,j;temp3=0;p1=~(~temp3<<8);for(i=0;i<4;i++){j=8*i;intput[63-i]=(char)((a&(p1<<j))>>j);}return '0';
}
int _tmain(int argc, _TCHAR* argv[])
{unsigned long H0=0x67452301,H1=0xefcdab89,H2=0x98badcfe,H3=0x10325476,H4=0xc3d2e1f0;unsigned long A,B,C,D,E,temp,temp1,temp2,temp3,k,f;int i,flag;unsigned long w[80];unsigned char input[64]; long x;int n;printf("input message:\n");scanf("%s",input);n=strlen((LPSTR)input);if(n<57){x=n*8;ms_len(x,(char*)input);if(n==56)for(i=n;i<60;i++)input[i]=0;else{input[n]=128;for(i=n+1;i<60;i++)input[i]=0;}}creat_w(input,w);/*for(i=0;i<80;i++)printf("%lx,",w[i]);*/printf("\n");A=H0;B=H1;C=H2;D=H3;E=H4;for(i=0;i<80;i++){flag=i/20;switch(flag){case 0: k=0x5a827999;f=(B&C)|(~B&D);break;case 1: k=0x6ed9eba1;f=B^C^D;break;case 2: k=0x8f1bbcdc;f=(B&C)|(B&D)|(C&D);break;case 3: k=0xca62c1d6;f=B^C^D;break;}/*printf("%lx,%lx\n",k,f); */temp1=A<<5;temp2=A>>27;temp3=temp1|temp2;temp=temp3+f+E+w[i]+k;E=D;D=C;temp1=B<<30;temp2=B>>2;C=temp1|temp2;B=A;A=temp;//printf("%lx,%lx,%lx,%lx,%lx\n",A,B,C,D,E);//输出编码过程}H0=H0+A;H1=H1+B;H2=H2+C;H3=H3+D;H4=H4+E;printf("\noutput hash value:\n");printf("%lx%lx%lx%lx%lx",H0,H1,H2,H3,H4);getch();
}
改动后项目源代码下载:http://download.csdn.net/detail/testcs_dn/7344003
注意:此代码存在局限性,字符数大于57的时候,结果就不正确了!
sha-1仅仅满足64比特的输入 期中有8比特是用于长度的所以大于57的就加不了密了!
研究算法原理的朋友请參考:Redis源代码中探秘SHA-1算法原理及其编程实现
以及下面的RFC文档:没有找到中文版。看E文吧!
RFC中已经给出了实现代码。感兴趣的小伙伴能够提取出来验证!
Network Working Group D. Eastlake, 3rd
Request for Comments: 3174 Motorola
Category: Informational P. JonesCisco SystemsSeptember 2001US Secure Hash Algorithm 1 (SHA1)Status of this MemoThis memo provides information for the Internet community. It doesnot specify an Internet standard of any kind. Distribution of thismemo is unlimited.Copyright NoticeCopyright (C) The Internet Society (2001). All Rights Reserved.AbstractThe purpose of this document is to make the SHA-1 (Secure HashAlgorithm 1) hash algorithm conveniently available to the Internetcommunity. The United States of America has adopted the SHA-1 hashalgorithm described herein as a Federal Information ProcessingStandard. Most of the text herein was taken by the authors from FIPS180-1. Only the C code implementation is "original".AcknowledgementsMost of the text herein was taken from [FIPS 180-1]. Only the C codeimplementation is "original" but its style is similar to thepreviously published MD4 and MD5 RFCs [RFCs 1320, 1321].The SHA-1 is based on principles similar to those used by ProfessorRonald L. Rivest of MIT when designing the MD4 message digestalgorithm [MD4] and is modeled after that algorithm [RFC 1320].Useful comments from the following, which have been incorporatedherein, are gratefully acknowledged:Tony HansenGarrett WollmanEastlake & Jones Informational [Page 1]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001Table of Contents1. Overview of Contents........................................... 22. Definitions of Bit Strings and Integers........................ 33. Operations on Words............................................ 34. Message Padding................................................ 45. Functions and Constants Used................................... 66. Computing the Message Digest................................... 66.1 Method 1...................................................... 66.2 Method 2...................................................... 77. C Code......................................................... 87.1 .h file....................................................... 87.2 .c file....................................................... 107.3 Test Driver................................................... 188. Security Considerations........................................ 20References........................................................ 21Authors' Addresses................................................ 21Full Copyright Statement.......................................... 221. Overview of ContentsNOTE: The text below is mostly taken from [FIPS 180-1] and assertionstherein of the security of SHA-1 are made by the US Government, theauthor of [FIPS 180-1], and not by the authors of this document.This document specifies a Secure Hash Algorithm, SHA-1, for computinga condensed representation of a message or a data file. When amessage of any length < 2^64 bits is input, the SHA-1 produces a160-bit output called a message digest. The message digest can then,for example, be input to a signature algorithm which generates orverifies the signature for the message. Signing the message digestrather than the message often improves the efficiency of the processbecause the message digest is usually much smaller in size than themessage. The same hash algorithm must be used by the verifier of adigital signature as was used by the creator of the digitalsignature. Any change to the message in transit will, with very highprobability, result in a different message digest, and the signaturewill fail to verify.The SHA-1 is called secure because it is computationally infeasibleto find a message which corresponds to a given message digest, or tofind two different messages which produce the same message digest.Any change to a message in transit will, with very high probability,result in a different message digest, and the signature will fail toverify.Eastlake & Jones Informational [Page 2]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001Section 2 below defines the terminology and functions used asbuilding blocks to form SHA-1.2. Definitions of Bit Strings and IntegersThe following terminology related to bit strings and integers will beused:a. A hex digit is an element of the set {0, 1, ... , 9, A, ... , F}.A hex digit is the representation of a 4-bit string. Examples: 7= 0111, A = 1010.b. A word equals a 32-bit string which may be represented as asequence of 8 hex digits. To convert a word to 8 hex digits each4-bit string is converted to its hex equivalent as described in(a) above. Example:1010 0001 0000 0011 1111 1110 0010 0011 = A103FE23.c. An integer between 0 and 2^32 - 1 inclusive may be represented asa word. The least significant four bits of the integer arerepresented by the right-most hex digit of the wordrepresentation. Example: the integer 291 = 2^8+2^5+2^1+2^0 =256+32+2+1 is represented by the hex word, 00000123.If z is an integer, 0 <= z < 2^64, then z = (2^32)x + y where 0 <=x < 2^32 and 0 <= y < 2^32. Since x and y can be represented aswords X and Y, respectively, z can be represented as the pair ofwords (X,Y).d. block = 512-bit string. A block (e.g., B) may be represented as asequence of 16 words.3. Operations on WordsThe following logical operators will be applied to words:a. Bitwise logical word operationsX AND Y = bitwise logical "and" of X and Y.X OR Y = bitwise logical "inclusive-or" of X and Y.X XOR Y = bitwise logical "exclusive-or" of X and Y.NOT X = bitwise logical "complement" of X.Eastlake & Jones Informational [Page 3]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001Example:01101100101110011101001001111011XOR 01100101110000010110100110110111--------------------------------= 00001001011110001011101111001100b. The operation X + Y is defined as follows: words X and Yrepresent integers x and y, where 0 <= x < 2^32 and 0 <= y < 2^32.For positive integers n and m, let n mod m be the remainder upondividing n by m. Computez = (x + y) mod 2^32.Then 0 <= z < 2^32. Convert z to a word, Z, and define Z = X +Y.c. The circular left shift operation S^n(X), where X is a word and nis an integer with 0 <= n < 32, is defined byS^n(X) = (X << n) OR (X >> 32-n).In the above, X << n is obtained as follows: discard the left-mostn bits of X and then pad the result with n zeroes on the right(the result will still be 32 bits). X >> n is obtained bydiscarding the right-most n bits of X and then padding the resultwith n zeroes on the left. Thus S^n(X) is equivalent to acircular shift of X by n positions to the left.4. Message PaddingSHA-1 is used to compute a message digest for a message or data filethat is provided as input. The message or data file should beconsidered to be a bit string. The length of the message is thenumber of bits in the message (the empty message has length 0). Ifthe number of bits in a message is a multiple of 8, for compactnesswe can represent the message in hex. The purpose of message paddingis to make the total length of a padded message a multiple of 512.SHA-1 sequentially processes blocks of 512 bits when computing themessage digest. The following specifies how this padding shall beperformed. As a summary, a "1" followed by m "0"s followed by a 64-bit integer are appended to the end of the message to produce apadded message of length 512 * n. The 64-bit integer is the lengthof the original message. The padded message is then processed by theSHA-1 as n 512-bit blocks.Eastlake & Jones Informational [Page 4]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001Suppose a message has length l < 2^64. Before it is input to theSHA-1, the message is padded on the right as follows:a. "1" is appended. Example: if the original message is "01010000",this is padded to "010100001".b. "0"s are appended. The number of "0"s will depend on the originallength of the message. The last 64 bits of the last 512-bit blockare reservedfor the length l of the original message.Example: Suppose the original message is the bit string01100001 01100010 01100011 01100100 01100101.After step (a) this gives01100001 01100010 01100011 01100100 01100101 1.Since l = 40, the number of bits in the above is 41 and 407 "0"sare appended, making the total now 448. This gives (in hex)61626364 65800000 00000000 0000000000000000 00000000 00000000 0000000000000000 00000000 00000000 0000000000000000 00000000.c. Obtain the 2-word representation of l, the number of bits in theoriginal message. If l < 2^32 then the first word is all zeroes.Append these two words to the padded message.Example: Suppose the original message is as in (b). Then l = 40(note that l is computed before any padding). The two-wordrepresentation of 40 is hex 00000000 00000028. Hence the finalpadded message is hex61626364 65800000 00000000 0000000000000000 00000000 00000000 0000000000000000 00000000 00000000 0000000000000000 00000000 00000000 00000028.The padded message will contain 16 * n words for some n > 0.The padded message is regarded as a sequence of n blocks M(1) ,M(2), first characters (or bits) of the message.Eastlake & Jones Informational [Page 5]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 20015. Functions and Constants UsedA sequence of logical functions f(0), f(1),..., f(79) is used inSHA-1. Each f(t), 0 <= t <= 79, operates on three 32-bit words B, C,D and produces a 32-bit word as output. f(t;B,C,D) is defined asfollows: for words B, C, D,f(t;B,C,D) = (B AND C) OR ((NOT B) AND D) ( 0 <= t <= 19)f(t;B,C,D) = B XOR C XOR D (20 <= t <= 39)f(t;B,C,D) = (B AND C) OR (B AND D) OR (C AND D) (40 <= t <= 59)f(t;B,C,D) = B XOR C XOR D (60 <= t <= 79).A sequence of constant words K(0), K(1), ... , K(79) is used in theSHA-1. In hex these are given byK(t) = 5A827999 ( 0 <= t <= 19)K(t) = 6ED9EBA1 (20 <= t <= 39)K(t) = 8F1BBCDC (40 <= t <= 59)K(t) = CA62C1D6 (60 <= t <= 79).6. Computing the Message DigestThe methods given in 6.1 and 6.2 below yield the same message digest.Although using method 2 saves sixty-four 32-bit words of storage, itis likely to lengthen execution time due to the increased complexityof the address computations for the { W[t] } in step (c). There areother computation methods which give identical results.6.1 Method 1The message digest is computed using the message padded as describedin section 4. The computation is described using two buffers, eachconsisting of five 32-bit words, and a sequence of eighty 32-bitwords. The words of the first 5-word buffer are labeled A,B,C,D,E.The words of the second 5-word buffer are labeled H0, H1, H2, H3, H4.The words of the 80-word sequence are labeled W(0), W(1),..., W(79).A single word buffer TEMP is also employed.To generate the message digest, the 16-word blocks M(1), M(2),...,M(n) defined in section 4 are processed in order. The processing ofeach M(i) involves 80 steps.Eastlake & Jones Informational [Page 6]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001Before processing any blocks, the H's are initialized as follows: inhex,H0 = 67452301H1 = EFCDAB89H2 = 98BADCFEH3 = 10325476H4 = C3D2E1F0.Now M(1), M(2), ... , M(n) are processed. To process M(i), weproceed as follows:a. Divide M(i) into 16 words W(0), W(1), ... , W(15), where W(0)is the left-most word.b. For t = 16 to 79 letW(t) = S^1(W(t-3) XOR W(t-8) XOR W(t-14) XOR W(t-16)).c. Let A = H0, B = H1, C = H2, D = H3, E = H4.d. For t = 0 to 79 doTEMP = S^5(A) + f(t;B,C,D) + E + W(t) + K(t);E = D; D = C; C = S^30(B); B = A; A = TEMP;e. Let H0 = H0 + A, H1 = H1 + B, H2 = H2 + C, H3 = H3 + D, H4 = H4+ E.After processing M(n), the message digest is the 160-bit stringrepresented by the 5 wordsH0 H1 H2 H3 H4.6.2 Method 2The method above assumes that the sequence W(0), ... , W(79) isimplemented as an array of eighty 32-bit words. This is efficientfrom the standpoint of minimization of execution time, since theaddresses of W(t-3), ... ,W(t-16) in step (b) are easily computed.If space is at a premium, an alternative is to regard { W(t) } as aEastlake & Jones Informational [Page 7]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001circular queue, which may be implemented using an array of sixteen32-bit words W[0], ... W[15]. In this case, in hex letMASK = 0000000F. Then processing of M(i) is as follows:a. Divide M(i) into 16 words W[0], ... , W[15], where W[0] is theleft-most word.b. Let A = H0, B = H1, C = H2, D = H3, E = H4.c. For t = 0 to 79 dos = t AND MASK;if (t >= 16) W[s] = S^1(W[(s + 13) AND MASK] XOR W[(s + 8) ANDMASK] XOR W[(s + 2) AND MASK] XOR W[s]);TEMP = S^5(A) + f(t;B,C,D) + E + W[s] + K(t);E = D; D = C; C = S^30(B); B = A; A = TEMP;d. Let H0 = H0 + A, H1 = H1 + B, H2 = H2 + C, H3 = H3 + D, H4 = H4+ E.7. C CodeBelow is a demonstration implementation of SHA-1 in C. Section 7.1contains the header file, 7.2 the C code, and 7.3 a test driver.7.1 .h file/** sha1.h** Description:* This is the header file for code which implements the Secure* Hashing Algorithm 1 as defined in FIPS PUB 180-1 published* April 17, 1995.** Many of the variable names in this code, especially the* single character names, were used because those were the names* used in the publication.** Please read the file sha1.c for more information.**/Eastlake & Jones Informational [Page 8]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001#ifndef _SHA1_H_
#define _SHA1_H_#include <stdint.h>
/** If you do not have the ISO standard stdint.h header file, then you* must typdef the following:* name meaning* uint32_t unsigned 32 bit integer* uint8_t unsigned 8 bit integer (i.e., unsigned char)* int_least16_t integer of >= 16 bits**/#ifndef _SHA_enum_
#define _SHA_enum_
enum
{shaSuccess = 0,shaNull, /* Null pointer parameter */shaInputTooLong, /* input data too long */shaStateError /* called Input after Result */
};
#endif
#define SHA1HashSize 20/** This structure will hold context information for the SHA-1* hashing operation*/
typedef struct SHA1Context
{uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */uint32_t Length_Low; /* Message length in bits */uint32_t Length_High; /* Message length in bits *//* Index into message block array */int_least16_t Message_Block_Index;uint8_t Message_Block[64]; /* 512-bit message blocks */int Computed; /* Is the digest computed? */int Corrupted; /* Is the message digest corrupted? */
} SHA1Context;/** Function Prototypes*/Eastlake & Jones Informational [Page 9]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001int SHA1Reset( SHA1Context *);
int SHA1Input( SHA1Context *,const uint8_t *,unsigned int);
int SHA1Result( SHA1Context *,uint8_t Message_Digest[SHA1HashSize]);#endif7.2 .c file/** sha1.c** Description:* This file implements the Secure Hashing Algorithm 1 as* defined in FIPS PUB 180-1 published April 17, 1995.** The SHA-1, produces a 160-bit message digest for a given* data stream. It should take about 2**n steps to find a* message with the same digest as a given message and* 2**(n/2) to find any two messages with the same digest,* when n is the digest size in bits. Therefore, this* algorithm can serve as a means of providing a* "fingerprint" for a message.** Portability Issues:* SHA-1 is defined in terms of 32-bit "words". This code* uses <stdint.h> (included via "sha1.h" to define 32 and 8* bit unsigned integer types. If your C compiler does not* support 32 bit unsigned integers, this code is not* appropriate.** Caveats:* SHA-1 is designed to work with messages less than 2^64 bits* long. Although SHA-1 allows a message digest to be generated* for messages of any number of bits less than 2^64, this* implementation only works with messages with a length that is* a multiple of the size of an 8-bit character.**/Eastlake & Jones Informational [Page 10]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001#include "sha1.h"/** Define the SHA1 circular left shift macro*/
#define SHA1CircularShift(bits,word) \(((word) << (bits)) | ((word) >> (32-(bits))))/* Local Function Prototyptes */
void SHA1PadMessage(SHA1Context *);
void SHA1ProcessMessageBlock(SHA1Context *);/** SHA1Reset** Description:* This function will initialize the SHA1Context in preparation* for computing a new SHA1 message digest.** Parameters:* context: [in/out]* The context to reset.** Returns:* sha Error Code.**/
int SHA1Reset(SHA1Context *context)
{if (!context){return shaNull;}context->Length_Low = 0;context->Length_High = 0;context->Message_Block_Index = 0;context->Intermediate_Hash[0] = 0x67452301;context->Intermediate_Hash[1] = 0xEFCDAB89;context->Intermediate_Hash[2] = 0x98BADCFE;context->Intermediate_Hash[3] = 0x10325476;context->Intermediate_Hash[4] = 0xC3D2E1F0;context->Computed = 0;context->Corrupted = 0;Eastlake & Jones Informational [Page 11]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001return shaSuccess;
}/** SHA1Result** Description:* This function will return the 160-bit message digest into the* Message_Digest array provided by the caller.* NOTE: The first octet of hash is stored in the 0th element,* the last octet of hash in the 19th element.** Parameters:* context: [in/out]* The context to use to calculate the SHA-1 hash.* Message_Digest: [out]* Where the digest is returned.** Returns:* sha Error Code.**/
int SHA1Result( SHA1Context *context,uint8_t Message_Digest[SHA1HashSize])
{int i;if (!context || !Message_Digest){return shaNull;}if (context->Corrupted){return context->Corrupted;}if (!context->Computed){SHA1PadMessage(context);for(i=0; i<64; ++i){/* message may be sensitive, clear it out */context->Message_Block[i] = 0;}context->Length_Low = 0; /* and clear length */context->Length_High = 0;context->Computed = 1;Eastlake & Jones Informational [Page 12]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001}for(i = 0; i < SHA1HashSize; ++i){Message_Digest[i] = context->Intermediate_Hash[i>>2]>> 8 * ( 3 - ( i & 0x03 ) );}return shaSuccess;
}/** SHA1Input** Description:* This function accepts an array of octets as the next portion* of the message.** Parameters:* context: [in/out]* The SHA context to update* message_array: [in]* An array of characters representing the next portion of* the message.* length: [in]* The length of the message in message_array** Returns:* sha Error Code.**/
int SHA1Input( SHA1Context *context,const uint8_t *message_array,unsigned length)
{if (!length){return shaSuccess;}if (!context || !message_array){return shaNull;}if (context->Computed){context->Corrupted = shaStateError;Eastlake & Jones Informational [Page 13]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001return shaStateError;}if (context->Corrupted){return context->Corrupted;}while(length-- && !context->Corrupted){context->Message_Block[context->Message_Block_Index++] =(*message_array & 0xFF);context->Length_Low += 8;if (context->Length_Low == 0){context->Length_High++;if (context->Length_High == 0){/* Message is too long */context->Corrupted = 1;}}if (context->Message_Block_Index == 64){SHA1ProcessMessageBlock(context);}message_array++;}return shaSuccess;
}/** SHA1ProcessMessageBlock** Description:* This function will process the next 512 bits of the message* stored in the Message_Block array.** Parameters:* None.** Returns:* Nothing.** Comments:Eastlake & Jones Informational [Page 14]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001* Many of the variable names in this code, especially the* single character names, were used because those were the* names used in the publication.***/
void SHA1ProcessMessageBlock(SHA1Context *context)
{const uint32_t K[] = { /* Constants defined in SHA-1 */0x5A827999,0x6ED9EBA1,0x8F1BBCDC,0xCA62C1D6};int t; /* Loop counter */uint32_t temp; /* Temporary word value */uint32_t W[80]; /* Word sequence */uint32_t A, B, C, D, E; /* Word buffers *//** Initialize the first 16 words in the array W*/for(t = 0; t < 16; t++){W[t] = context->Message_Block[t * 4] << 24;W[t] |= context->Message_Block[t * 4 + 1] << 16;W[t] |= context->Message_Block[t * 4 + 2] << 8;W[t] |= context->Message_Block[t * 4 + 3];}for(t = 16; t < 80; t++){W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);}A = context->Intermediate_Hash[0];B = context->Intermediate_Hash[1];C = context->Intermediate_Hash[2];D = context->Intermediate_Hash[3];E = context->Intermediate_Hash[4];for(t = 0; t < 20; t++){temp = SHA1CircularShift(5,A) +((B & C) | ((~B) & D)) + E + W[t] + K[0];E = D;D = C;C = SHA1CircularShift(30,B);Eastlake & Jones Informational [Page 15]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001B = A;A = temp;}for(t = 20; t < 40; t++){temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];E = D;D = C;C = SHA1CircularShift(30,B);B = A;A = temp;}for(t = 40; t < 60; t++){temp = SHA1CircularShift(5,A) +((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];E = D;D = C;C = SHA1CircularShift(30,B);B = A;A = temp;}for(t = 60; t < 80; t++){temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];E = D;D = C;C = SHA1CircularShift(30,B);B = A;A = temp;}context->Intermediate_Hash[0] += A;context->Intermediate_Hash[1] += B;context->Intermediate_Hash[2] += C;context->Intermediate_Hash[3] += D;context->Intermediate_Hash[4] += E;context->Message_Block_Index = 0;
}/** SHA1PadMessage*Eastlake & Jones Informational [Page 16]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001* Description:* According to the standard, the message must be padded to an even* 512 bits. The first padding bit must be a '1'. The last 64* bits represent the length of the original message. All bits in* between should be 0. This function will pad the message* according to those rules by filling the Message_Block array* accordingly. It will also call the ProcessMessageBlock function* provided appropriately. When it returns, it can be assumed that* the message digest has been computed.** Parameters:* context: [in/out]* The context to pad* ProcessMessageBlock: [in]* The appropriate SHA*ProcessMessageBlock function* Returns:* Nothing.**/void SHA1PadMessage(SHA1Context *context)
{/** Check to see if the current message block is too small to hold* the initial padding bits and length. If so, we will pad the* block, process it, and then continue padding into a second* block.*/if (context->Message_Block_Index > 55){context->Message_Block[context->Message_Block_Index++] = 0x80;while(context->Message_Block_Index < 64){context->Message_Block[context->Message_Block_Index++] = 0;}SHA1ProcessMessageBlock(context);while(context->Message_Block_Index < 56){context->Message_Block[context->Message_Block_Index++] = 0;}}else{context->Message_Block[context->Message_Block_Index++] = 0x80;while(context->Message_Block_Index < 56){Eastlake & Jones Informational [Page 17]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001context->Message_Block[context->Message_Block_Index++] = 0;}}/** Store the message length as the last 8 octets*/context->Message_Block[56] = context->Length_High >> 24;context->Message_Block[57] = context->Length_High >> 16;context->Message_Block[58] = context->Length_High >> 8;context->Message_Block[59] = context->Length_High;context->Message_Block[60] = context->Length_Low >> 24;context->Message_Block[61] = context->Length_Low >> 16;context->Message_Block[62] = context->Length_Low >> 8;context->Message_Block[63] = context->Length_Low;SHA1ProcessMessageBlock(context);
}7.3 Test DriverThe following code is a main program test driver to exercise the codein sha1.c./** sha1test.c** Description:* This file will exercise the SHA-1 code performing the three* tests documented in FIPS PUB 180-1 plus one which calls* SHA1Input with an exact multiple of 512 bits, plus a few* error test checks.** Portability Issues:* None.**/#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include "sha1.h"/** Define patterns for testing*/
#define TEST1 "abc"
#define TEST2a "abcdbcdecdefdefgefghfghighijhi"Eastlake & Jones Informational [Page 18]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001#define TEST2b "jkijkljklmklmnlmnomnopnopq"
#define TEST2 TEST2a TEST2b
#define TEST3 "a"
#define TEST4a "01234567012345670123456701234567"
#define TEST4b "01234567012345670123456701234567"/* an exact multiple of 512 bits */
#define TEST4 TEST4a TEST4b
char *testarray[4] =
{TEST1,TEST2,TEST3,TEST4
};
long int repeatcount[4] = { 1, 1, 1000000, 10 };
char *resultarray[4] =
{"A9 99 3E 36 47 06 81 6A BA 3E 25 71 78 50 C2 6C 9C D0 D8 9D","84 98 3E 44 1C 3B D2 6E BA AE 4A A1 F9 51 29 E5 E5 46 70 F1","34 AA 97 3C D4 C4 DA A4 F6 1E EB 2B DB AD 27 31 65 34 01 6F","DE A3 56 A2 CD DD 90 C7 A7 EC ED C5 EB B5 63 93 4F 46 04 52"
};int main()
{SHA1Context sha;int i, j, err;uint8_t Message_Digest[20];/** Perform SHA-1 tests*/for(j = 0; j < 4; ++j){printf( "\nTest %d: %d, '%s'\n",j+1,repeatcount[j],testarray[j]);err = SHA1Reset(&sha);if (err){fprintf(stderr, "SHA1Reset Error %d.\n", err );break; /* out of for j loop */}for(i = 0; i < repeatcount[j]; ++i){Eastlake & Jones Informational [Page 19]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001err = SHA1Input(&sha,(const unsigned char *) testarray[j],strlen(testarray[j]));if (err){fprintf(stderr, "SHA1Input Error %d.\n", err );break; /* out of for i loop */}}err = SHA1Result(&sha, Message_Digest);if (err){fprintf(stderr,"SHA1Result Error %d, could not compute message digest.\n",err );}else{printf("\t");for(i = 0; i < 20 ; ++i){printf("%02X ", Message_Digest[i]);}printf("\n");}printf("Should match:\n");printf("\t%s\n", resultarray[j]);}/* Test some error returns */err = SHA1Input(&sha,(const unsigned char *) testarray[1], 1);printf ("\nError %d. Should be %d.\n", err, shaStateError );err = SHA1Reset(0);printf ("\nError %d. Should be %d.\n", err, shaNull );return 0;
}8. Security ConsiderationsThis document is intended to provide convenient open source access bythe Internet community to the United States of America FederalInformation Processing Standard Secure Hash Function SHA-1 [FIPS180-1]. No independent assertion of the security of this hashfunction by the authors for any particular use is intended.Eastlake & Jones Informational [Page 20]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001References[FIPS 180-1] "Secure Hash Standard", United States of American,National Institute of Science and Technology, FederalInformation Processing Standard (FIPS) 180-1, April1993.[MD4] "The MD4 Message Digest Algorithm," Advances inCryptology - CRYPTO '90 Proceedings, Springer-Verlag,1991, pp. 303-311.[RFC 1320] Rivest, R., "The MD4 Message-Digest Algorithm", RFC1320, April 1992.[RFC 1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC1321, April 1992.[RFC 1750] Eastlake, D., Crocker, S. and J. Schiller, "RandomnessRequirements for Security", RFC 1750, December 1994.Authors' AddressesDonald E. Eastlake, 3rdMotorola155 Beaver StreetMilford, MA 01757 USAPhone: +1 508-634-2066 (h)+1 508-261-5434 (w)Fax: +1 508-261-4777EMail: Donald.Eastlake@motorola.comPaul E. JonesCisco Systems, Inc.7025 Kit Creek RoadResearch Triangle Park, NC 27709 USAPhone: +1 919 392 6948EMail: paulej@packetizer.comEastlake & Jones Informational [Page 21]RFC 3174 US Secure Hash Algorithm 1 (SHA1) September 2001Full Copyright StatementCopyright (C) The Internet Society (2001). All Rights Reserved.This document and translations of it may be copied and furnished toothers, and derivative works that comment on or otherwise explain itor assist in its implementation may be prepared, copied, publishedand distributed, in whole or in part, without restriction of anykind, provided that the above copyright notice and this paragraph areincluded on all such copies and derivative works. However, thisdocument itself may not be modified in any way, such as by removingthe copyright notice or references to the Internet Society or otherInternet organizations, except as needed for the purpose ofdeveloping Internet standards in which case the procedures forcopyrights defined in the Internet Standards process must befollowed, or as required to translate it into languages other thanEnglish.The limited permissions granted above are perpetual and will not berevoked by the Internet Society or its successors or assigns.This document and the information contained herein is provided on an"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERINGTASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDINGBUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATIONHEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OFMERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.AcknowledgementFunding for the RFC Editor function is currently provided by theInternet Society.Eastlake & Jones Informational [Page 22]
======================文档信息===========================
版权声明:非商用自由转载-保持署名-注明出处
署名(BY) :testcs_dn(微wx笑)
文章出处:[无知人生。记录点滴](http://blog.csdn.net/testcs_dn)
![[Noi2014]随机数生成器](https://images2015.cnblogs.com/blog/1107065/201705/1107065-20170502180600601-1078122663.png)
