ps2classic/sha1.c

   1 /*
   2  *  sha1.c
   3  *
   4  *      Copyright (C) 1998
   5  *      Paul E. Jones <paulej@arid.us>
   6  *      All Rights Reserved
   7  *
   8  *  This software is licensed as "freeware."  Permission to distribute
   9  *  this software in source and binary forms is hereby granted without
  10  *  a fee.  THIS SOFTWARE IS PROVIDED 'AS IS' AND WITHOUT ANY EXPRESSED
  11  *  OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  12  *  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  13  *  THE AUTHOR SHALL NOT BE HELD LIABLE FOR ANY DAMAGES RESULTING
  14  *  FROM THE USE OF THIS SOFTWARE, EITHER DIRECTLY OR INDIRECTLY, INCLUDING,
  15  *  BUT NOT LIMITED TO, LOSS OF DATA OR DATA BEING RENDERED INACCURATE.
  16  *
  17  *****************************************************************************
  18  *      $Id: sha1.c,v 1.2 2004/03/27 18:00:33 paulej Exp $
  19  *****************************************************************************
  20  *
  21  *  Description:
  22  *      This file implements the Secure Hashing Standard as defined
  23  *      in FIPS PUB 180-1 published April 17, 1995.
  24  *
  25  *      The Secure Hashing Standard, which uses the Secure Hashing
  26  *      Algorithm (SHA), produces a 160-bit message digest for a
  27  *      given data stream.  In theory, it is highly improbable that
  28  *      two messages will produce the same message digest.  Therefore,
  29  *      this algorithm can serve as a means of providing a "fingerprint"
  30  *      for a message.
  31  *
  32  *  Portability Issues:
  33  *      SHA-1 is defined in terms of 32-bit "words".  This code was
  34  *      written with the expectation that the processor has at least
  35  *      a 32-bit machine word size.  If the machine word size is larger,
  36  *      the code should still function properly.  One caveat to that
  37  *      is that the input functions taking characters and character
  38  *      arrays assume that only 8 bits of information are stored in each
  39  *      character.
  40  *
  41  *  Caveats:
  42  *      SHA-1 is designed to work with messages less than 2^64 bits
  43  *      long. Although SHA-1 allows a message digest to be generated for
  44  *      messages of any number of bits less than 2^64, this
  45  *      implementation only works with messages with a length that is a
  46  *      multiple of the size of an 8-bit character.
  47  *
  48  */
  49
  50 #include "sha1.h"
  51
  52 /*
  53  *  Define the circular shift macro
  54  */
  55 #define SHA1CircularShift(bits,word) \
  56                 ((((word) << (bits)) & 0xFFFFFFFF) | \
  57                 ((word) >> (32-(bits))))
  58
  59 /* Function prototypes */
  60 void SHA1ProcessMessageBlock(SHA1Context *);
  61 void SHA1PadMessage(SHA1Context *);
  62
  63 /*
  64  *  SHA1Reset
  65  *
  66  *  Description:
  67  *      This function will initialize the SHA1Context in preparation
  68  *      for computing a new message digest.
  69  *
  70  *  Parameters:
  71  *      context: [in/out]
  72  *          The context to reset.
  73  *
  74  *  Returns:
  75  *      Nothing.
  76  *
  77  *  Comments:
  78  *
  79  */
  80 void SHA1Reset(SHA1Context *context)
  81 {
  82     context->Length_Low             = 0;
  83     context->Length_High            = 0;
  84     context->Message_Block_Index    = 0;
  85
  86     context->Message_Digest[0]      = 0x67452301;
  87     context->Message_Digest[1]      = 0xEFCDAB89;
  88     context->Message_Digest[2]      = 0x98BADCFE;
  89     context->Message_Digest[3]      = 0x10325476;
  90     context->Message_Digest[4]      = 0xC3D2E1F0;
  91
  92     context->Computed   = 0;
  93     context->Corrupted  = 0;
  94 }
  95
  96 /*
  97  *  SHA1Result
  98  *
  99  *  Description:
 100  *      This function will return the 160-bit message digest into the
 101  *      Message_Digest array within the SHA1Context provided
 102  *
 103  *  Parameters:
 104  *      context: [in/out]
 105  *          The context to use to calculate the SHA-1 hash.
 106  *
 107  *  Returns:
 108  *      1 if successful, 0 if it failed.
 109  *
 110  *  Comments:
 111  *
 112  */
 113 int SHA1Result(SHA1Context *context)
 114 {
 115
 116     if (context->Corrupted)
 117     {
 118         return 0;
 119     }
 120
 121     if (!context->Computed)
 122     {
 123         SHA1PadMessage(context);
 124         context->Computed = 1;
 125     }
 126
 127     return 1;
 128 }
 129
 130 /*
 131  *  SHA1Input
 132  *
 133  *  Description:
 134  *      This function accepts an array of octets as the next portion of
 135  *      the message.
 136  *
 137  *  Parameters:
 138  *      context: [in/out]
 139  *          The SHA-1 context to update
 140  *      message_array: [in]
 141  *          An array of characters representing the next portion of the
 142  *          message.
 143  *      length: [in]
 144  *          The length of the message in message_array
 145  *
 146  *  Returns:
 147  *      Nothing.
 148  *
 149  *  Comments:
 150  *
 151  */
 152 void SHA1Input(     SHA1Context         *context,
 153                     const unsigned char *message_array,
 154                     unsigned            length)
 155 {
 156     if (!length)
 157     {
 158         return;
 159     }
 160
 161     if (context->Computed || context->Corrupted)
 162     {
 163         context->Corrupted = 1;
 164         return;
 165     }
 166
 167     while(length-- && !context->Corrupted)
 168     {
 169         context->Message_Block[context->Message_Block_Index++] =
 170                                                 (*message_array & 0xFF);
 171
 172         context->Length_Low += 8;
 173         /* Force it to 32 bits */
 174         context->Length_Low &= 0xFFFFFFFF;
 175         if (context->Length_Low == 0)
 176         {
 177             context->Length_High++;
 178             /* Force it to 32 bits */
 179             context->Length_High &= 0xFFFFFFFF;
 180             if (context->Length_High == 0)
 181             {
 182                 /* Message is too long */
 183                 context->Corrupted = 1;
 184             }
 185         }
 186
 187         if (context->Message_Block_Index == 64)
 188         {
 189             SHA1ProcessMessageBlock(context);
 190         }
 191
 192         message_array++;
 193     }
 194 }
 195
 196 /*
 197  *  SHA1ProcessMessageBlock
 198  *
 199  *  Description:
 200  *      This function will process the next 512 bits of the message
 201  *      stored in the Message_Block array.
 202  *
 203  *  Parameters:
 204  *      None.
 205  *
 206  *  Returns:
 207  *      Nothing.
 208  *
 209  *  Comments:
 210  *      Many of the variable names in the SHAContext, especially the
 211  *      single character names, were used because those were the names
 212  *      used in the publication.
 213  *
 214  *
 215  */
 216 void SHA1ProcessMessageBlock(SHA1Context *context)
 217 {
 218     const unsigned K[] =            /* Constants defined in SHA-1   */
 219     {
 220         0x5A827999,
 221         0x6ED9EBA1,
 222         0x8F1BBCDC,
 223         0xCA62C1D6
 224     };
 225     int         t;                  /* Loop counter                 */
 226     unsigned    temp;               /* Temporary word value         */
 227     unsigned    W[80];              /* Word sequence                */
 228     unsigned    A, B, C, D, E;      /* Word buffers                 */
 229
 230     /*
 231      *  Initialize the first 16 words in the array W
 232      */
 233     for(t = 0; t < 16; t++)
 234     {
 235         W[t] = ((unsigned) context->Message_Block[t * 4]) << 24;
 236         W[t] |= ((unsigned) context->Message_Block[t * 4 + 1]) << 16;
 237         W[t] |= ((unsigned) context->Message_Block[t * 4 + 2]) << 8;
 238         W[t] |= ((unsigned) context->Message_Block[t * 4 + 3]);
 239     }
 240
 241     for(t = 16; t < 80; t++)
 242     {
 243        W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
 244     }
 245
 246     A = context->Message_Digest[0];
 247     B = context->Message_Digest[1];
 248     C = context->Message_Digest[2];
 249     D = context->Message_Digest[3];
 250     E = context->Message_Digest[4];
 251
 252     for(t = 0; t < 20; t++)
 253     {
 254         temp =  SHA1CircularShift(5,A) +
 255                 ((B & C) | ((~B) & D)) + E + W[t] + K[0];
 256         temp &= 0xFFFFFFFF;
 257         E = D;
 258         D = C;
 259         C = SHA1CircularShift(30,B);
 260         B = A;
 261         A = temp;
 262     }
 263
 264     for(t = 20; t < 40; t++)
 265     {
 266         temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
 267         temp &= 0xFFFFFFFF;
 268         E = D;
 269         D = C;
 270         C = SHA1CircularShift(30,B);
 271         B = A;
 272         A = temp;
 273     }
 274
 275     for(t = 40; t < 60; t++)
 276     {
 277         temp = SHA1CircularShift(5,A) +
 278                ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
 279         temp &= 0xFFFFFFFF;
 280         E = D;
 281         D = C;
 282         C = SHA1CircularShift(30,B);
 283         B = A;
 284         A = temp;
 285     }
 286
 287     for(t = 60; t < 80; t++)
 288     {
 289         temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
 290         temp &= 0xFFFFFFFF;
 291         E = D;
 292         D = C;
 293         C = SHA1CircularShift(30,B);
 294         B = A;
 295         A = temp;
 296     }
 297
 298     context->Message_Digest[0] =
 299                         (context->Message_Digest[0] + A) & 0xFFFFFFFF;
 300     context->Message_Digest[1] =
 301                         (context->Message_Digest[1] + B) & 0xFFFFFFFF;
 302     context->Message_Digest[2] =
 303                         (context->Message_Digest[2] + C) & 0xFFFFFFFF;
 304     context->Message_Digest[3] =
 305                         (context->Message_Digest[3] + D) & 0xFFFFFFFF;
 306     context->Message_Digest[4] =
 307                         (context->Message_Digest[4] + E) & 0xFFFFFFFF;
 308
 309     context->Message_Block_Index = 0;
 310 }
 311
 312 /*
 313  *  SHA1PadMessage
 314  *
 315  *  Description:
 316  *      According to the standard, the message must be padded to an even
 317  *      512 bits.  The first padding bit must be a '1'.  The last 64
 318  *      bits represent the length of the original message.  All bits in
 319  *      between should be 0.  This function will pad the message
 320  *      according to those rules by filling the Message_Block array
 321  *      accordingly.  It will also call SHA1ProcessMessageBlock()
 322  *      appropriately.  When it returns, it can be assumed that the
 323  *      message digest has been computed.
 324  *
 325  *  Parameters:
 326  *      context: [in/out]
 327  *          The context to pad
 328  *
 329  *  Returns:
 330  *      Nothing.
 331  *
 332  *  Comments:
 333  *
 334  */
 335 void SHA1PadMessage(SHA1Context *context)
 336 {
 337     /*
 338      *  Check to see if the current message block is too small to hold
 339      *  the initial padding bits and length.  If so, we will pad the
 340      *  block, process it, and then continue padding into a second
 341      *  block.
 342      */
 343     if (context->Message_Block_Index > 55)
 344     {
 345         context->Message_Block[context->Message_Block_Index++] = 0x80;
 346         while(context->Message_Block_Index < 64)
 347         {
 348             context->Message_Block[context->Message_Block_Index++] = 0;
 349         }
 350
 351         SHA1ProcessMessageBlock(context);
 352
 353         while(context->Message_Block_Index < 56)
 354         {
 355             context->Message_Block[context->Message_Block_Index++] = 0;
 356         }
 357     }
 358     else
 359     {
 360         context->Message_Block[context->Message_Block_Index++] = 0x80;
 361         while(context->Message_Block_Index < 56)
 362         {
 363             context->Message_Block[context->Message_Block_Index++] = 0;
 364         }
 365     }
 366
 367     /*
 368      *  Store the message length as the last 8 octets
 369      */
 370     context->Message_Block[56] = (context->Length_High >> 24) & 0xFF;
 371     context->Message_Block[57] = (context->Length_High >> 16) & 0xFF;
 372     context->Message_Block[58] = (context->Length_High >> 8) & 0xFF;
 373     context->Message_Block[59] = (context->Length_High) & 0xFF;
 374     context->Message_Block[60] = (context->Length_Low >> 24) & 0xFF;
 375     context->Message_Block[61] = (context->Length_Low >> 16) & 0xFF;
 376     context->Message_Block[62] = (context->Length_Low >> 8) & 0xFF;
 377     context->Message_Block[63] = (context->Length_Low) & 0xFF;
 378
 379     SHA1ProcessMessageBlock(context);
 380 }