From eef453dcd96cf1d1bd7c9e70495ad32f97c63b43 Mon Sep 17 00:00:00 2001 From: Mario Fetka Date: Tue, 31 Oct 2017 15:15:02 +0100 Subject: [PATCH] Imported Upstream version 2.13 --- Changes | 587 +++++++++++++++++++++++++++ MANIFEST | 14 + META.yml | 24 ++ Makefile.PL | 41 ++ README | 14 + SHA1.pm | 246 +++++++++++ SHA1.xs | 622 ++++++++++++++++++++++++++++ fip180-1.gif | Bin 0 -> 7960 bytes fip180-1.html | 1035 +++++++++++++++++++++++++++++++++++++++++++++++ hints/irix_6.pl | 6 + t/badfile.t | 19 + t/bits.t | 36 ++ t/sha1.t | 62 +++ typemap | 5 + 14 files changed, 2711 insertions(+) create mode 100644 Changes create mode 100644 MANIFEST create mode 100644 META.yml create mode 100644 Makefile.PL create mode 100644 README create mode 100644 SHA1.pm create mode 100644 SHA1.xs create mode 100644 fip180-1.gif create mode 100644 fip180-1.html create mode 100644 hints/irix_6.pl create mode 100644 t/badfile.t create mode 100644 t/bits.t create mode 100644 t/sha1.t create mode 100644 typemap diff --git a/Changes b/Changes new file mode 100644 index 0000000..3435753 --- /dev/null +++ b/Changes @@ -0,0 +1,587 @@ +2010-07-03 Release 2.13 + + Mike McCauley (1): + Fix memory leak in sha1_transform + + + +2009-05-23 Release 2.12 + + Gisle Aas (6): + Get rid of the old CVS ids + Avoid "redefined" error for ULONG on Win64 + Less optimizations on IRIX [RT#8999] + Clean up the 'git status' output + Mention that SHA-1 might be weak [RT#11880] + Ensure more stuff in the META.yml file [RT#40757] + + Steve Peters (1): + Quiet warnings when compiled with -Wwrite-strings [RT#31915] + + + +2006-01-18 Gisle Aas + + Release 2.11 + + Internal cleanup to avoid some compiler warnings. + + + +2004-04-05 Gisle Aas + + Release 2.10 + + Restore compatibility with perl-5.004 and perl-5.005. + + + +2004-04-01 Gisle Aas + + Release 2.09 + + The 2.08 release did not compile with a threaded debugging + perl, because assert() then needs my_perl. Fixed by commenting + out the asserts. + + + +2004-04-01 Gisle Aas + + Release 2.08 + + Enable PERL_NO_GET_CONTEXT for more more efficient execution + on a threaded perl. + + Fix up md5 references. Patch by Ville Skyttä . + + + +2003-12-05 Gisle Aas + + Release 2.07 + + Inherit add_bits() from Digest::base if available. + + + +2003-10-13 Gisle Aas + + Release 2.06 + + The sha1_transform() function did not check that it was actually + passed any arguments. + + Complete self-contained documentation included (copied from + Digest::MD5), since the Digest.pm manpage is not always available. + + + +2003-10-06 Gisle Aas + + Release 2.05 + + Added missing cast to support C++ compilation. Patch by Jan Dubois. + + Document that the sha1_base64 function and the b64digest method + does not pad their result. + + + +2003-07-22 Gisle Aas + + Release 2.04 + + Don't assume PerlIO_read() works like fread() even though + it was documented like that for perl 5.6. It returns negative + on read failure. + + Kill test #3 in t/badfile.t. I don't know a reliable way + to test read failures on a file handle. Seems better not to + test than to make many worry. + + + +2003-07-05 Gisle Aas + + Release 2.03 + + Implemented sha1_transform, required to implement NIST FIPS 186-2. + Contributed by Mike McCauley . + + Make it build on 64-bit platforms with 32-bit longs. At least + I hope it will. + + Sync up with the Digest::MD5 implementation: + - added clone method + - addfile croaks if it can't read + - the sha1*() functions warn if called as method + or with reference arguments. + + + +2002-12-27 Gisle Aas + + Release 2.02 + + Make it work when there is a mismatch between the + sizeof(BYTEORDER) and sizeof(long). Based on patch + by Allen Smith . + + Support UTF8 strings in newer versions of Perl. + + + +2001-12-30 Gisle Aas + + Release 2.01 + + Applied trivial win32 fix from Gurusamy Sarathy that + avoids stray temp files left after 'make test'. + + + +2001-03-13 Gisle Aas + + Release 2.00 + + Broken out of the Digest-MD5-2.12 distribution and made into + a separate dist. + + + +------------------------------------------------------------------- +Changes below from the Digest-MD5 dist. + + +2000-09-18 Gisle Aas + + Release 2.12 + + Avoid pointer cast warning for machines with bigger ints + than pointers. Patch by Robin Barker . + + + +2000-08-19 Gisle Aas + + Release 2.11 + + The fallback code introduced in 2.10 did only work for + perl-5.6.0. It should now for for perl5.004 and 5.005 + as well. Patch by Ville Skyttä . + + + +2000-08-18 Gisle Aas + + Release 2.10 + + Digest::MD5 will now try to fallback to the pure perl + implementation of Digest::Perl::MD5 if bootstrap fails. + + Added a bit internal paranoia about casting the IV + in the Digest::MD5 object to the MD5_CTX* pointer. + + + +1999-08-06 Gisle Aas + + Release 2.09 + + Documentation update. + + + +1999-07-28 Gisle Aas + + Release 2.08 + + The addfile() methods could trigger a core dump when passed + a filehandle that had failed to open. + + + +1999-04-26 Gisle Aas + + Release 2.07 + + The Digest::SHA1 module failed on some 64-bit systems, because I + assumed there was a correspondence between the U32 size and + BYTEORDER. This version use 'unsigned long' as Uwe's original + SHA module did. + + The module should now work better when liked statically with perl, + because we now use a safer module-loaded test in Digest.pm. + + Assume we know the outcome of the alignment test on VMS. Patch by + Chuck Lane + + + +1999-03-26 Gisle Aas + + Release 2.06 + + Avoid LONG and BYTE types in SHA.xs as they was in conflict + with similar definitions in . + + Patch by Marko Asplund to make the the alignment + test program link successfully with sfio-perl. + + Fixed a typo in MD5.xs that might have affected 64-bit systems. + Spotted by Nick Ing-Simmons + + + +1999-03-15 Gisle Aas + + Release 2.05 + + Included Digest::SHA1 based on Uwe Hollerbach's SHA module. + + + +1999-03-05 Gisle Aas + + Release 2.04 + + Avoid the -o option when compiling alignment test program + for Win32 as suggested by Gurusamy Sarathy. + + DEC Compiler bug workaround. Contributed by D Roland Walker + + + Having references to a local variable called "na" was not + very safe either. Some older versions of Perl can apparently + macroize this into something completely different. + + + +1999-02-27 Gisle Aas + + Release 2.03 + + Patch from Christopher J. Madsen that + should help getting the u32align test program to compile with + Visual C++ 5 on Windows NT. + + Got rid of references to PL_na. + + + +1999-01-31 Gisle Aas + + Release 2.02 + + Added a hints file as workaround for an IRIX compiler bug. + Contributed by D Roland Walker . + + Note that the rfc2202 test can still fail on some DEC Alpha, + because of a compiler bug that affects the perl 'x' operator. + The Digest:: modules should work and be safe to install anyway. + + + +1998-12-18 Gisle Aas + + Release 2.01 + + Some casts and tweaks to make picky compilers more happy. + + + +1998-11-04 Gisle Aas + + Release 2.00. + + Taken out Digest::SHA1 as this module will be provided from Uwe + Hollerbach later. + + Some tweaks to MD2.xs and MD5.xs since "na" disappeared in + perl5.005_53 + + + +1998-10-30 Gisle Aas + + Release 1.99_60 + + The 1.99_59 release introduced compilation problems for big-endian + systems with free U32 alignment. Bug reported, and fix suggested + by Paul J. Schinder . + + + +1998-10-28 Gisle Aas + + Release 1.99_59 + + Makefile.PL will run a test program to find out if U32 values can + be aligned anywhere. This hopefully cures the core dumps reported + on Solaris and other big endian systems. Thanks to Graham Barr for + debugging this. + + + +1998-10-28 Gisle Aas + + Release 1.99_58 + + Should be very close to a 2.00 release now. Need some success + reports from people running on big-endian machines first I think. + + Added a Digest::MD2 implementation. + + Wrote Digest.pm documentation. This define the interface that all + Digest:: modules should provide. + + Avoided some code duplication in MD5.xs + + Fixed typo, that prevented Digest::SHA1::sha1_base64() from working. + + + +1998-10-27 Gisle Aas + + Release 1.99_57 + + Rewritten most of the MD5 C code to make it real fast (especially + on little-endian machines without alignment restrictions for U32). + Compared to MD5-1.7 we can process files 4 times as fast and we + digest small stuff in memory 7 times faster. I came to these + conclusions after these tests (gcc -O2, i586, Linux): + + First tested calculation of the digest of a 31 MB file, using + perl -le 'print Digest::MD5->new->addfile(*STDIN)->hexdigest' + and similar stuff: + + MD5-1.7: 21.06s + Digest::MD5-1.99_57: 5.23s + md5sum (GNU textutils): 4.90s + + As you can see, we do nearly as good as the md5sum program. I + think the reason we don't beat md5sum is that perl always insist on + loading extra modules like Config.pm, Carp.pm, strict.pm, vars.pm, + AutoLoader.pm and DynaLoader.pm. When I simply wrapped the MD5.xs + hasher code in a C program I managed to process the file in 4.68s. + + Then we calculated the digest of the same 6 byte sting, 20000 + times: + + MD5-1.7: 11.81s + Digest::MD5-1.99_57: 1.68s + + Digest::MD5 benefit from making this into a plain procedure call + instead of a static method call. + + + Other changes in this release are: + + Documentation update + + Internal MD5.xs cleanup. + + $md5->digest will automatically reset now. + + Digest::HMAC methods add() and addfile() did not return the + correct object. + + Added Digest.pm loading module. I am not sure this is a good idea. + + Added Digest::SHA1 and Digest::HMAC_SHA1 module. The Digest::SHA1 + module is just a wrapper around SHA.pm. I hope to get the author + of SHA.pm to move his module to the Digest:: category. + + + +1998-10-25 Gisle Aas + + Release 1.99_56 + + Fix memcpy_byteswap() function in MD5.xs. Must be careful with + htovl() as it might evaluate its arguments more than once. + + + +1998-10-25 Gisle Aas + + Release 1.99_55 + + Grahams HMAC_MD5.pm splitted into two modules. Digest::HMAC and + Digest::HMAC_MD5. Also provide functional interface. Documentation + is still lacking. + + Included RFC 2202 based test for HMAC-MD5. + + + +1998-10-24 Gisle Aas + + Release 1.99_54 + + Included HMAC_MD5.pm, contributed by Graham Barr . + + I have a hard time to make up my mind :-) md5_bin() renamed back + to md5(). Functions are not exported by default any more. + + Try to Encode/Decode with memcpy_byteswap for 32-bit big-endian + machines. + + + +1998-10-23 Gisle Aas + + Release 1.99_53 + + Renamed core module as Digest::MD5. Leave a MD5.pm stub for + legacy code. + + The md5() function renamed as md5_bin(). + + The constructor, Digest::MD5->new, no longer takes any extra + arguments. + + Added some new tests. + + Updated the documentation. + + $md5->b64digest implemented with same base64 encoder as md5_base64. + + + +1998-10-23 Gisle Aas + + Release 1.99_52 + + Patch from Graham Barr which make it work for big-endian machines + again. + + + +1998-10-22 Gisle Aas + + Release 1.99_51 + + The MD5 class is now subclassable. + + The add() and addfile() methods now return $self. + + The reset() method is just an alias for new(). + + The constructor (MD5->new) now takes optional arguments which are + automatically added. It means that we can now write: + + MD5->new($data)->hexdigest; + + New $md5->b64digest method. + + New functions that are exported on request: md5, md5_hex, md5_base64 + + Included RFC 1321 + + Barely started to update the documentation. + + + +1998-10-22 Gisle Aas + + Release 1.99_50 + + Much better performance (more than twice as fast now). Mostly + because we use Copy/Zero instead of the original MD5_memcpy and + MD5_memset functions. + + The addfile() and hexdigest() methods are now XS implemented. + + All RSA functions now included in MD5.xs and made static. + + Use perl's Copy/Zero. + + Random cleanup, simplifications and reformatting. + Merged things better with the perl configuration. + + + +Neil Winton's versions below: + + +*** 96/06/20 Version 1.7 + +MD5 is now completely 64-bit clean (I hope). The basic MD5 code uses +32-bit quantities and requires a typedef UINT4 to be defined in +global.h. Perl configuration data (the value of BYTEORDER) is used to +determine if unsigned longs have 4 or 8 bytes. On 64-bit platforms (eg +DEC Alpha) then it assumes that "unsigned int" will be a 32-bit type. +If this is incorrect then adding -DUINT4_IS_LONG to the DEFINES line in +Makefile.PL will override this. + +On some machines (at least Cray that I know of) there is no 32-bit +integer type. In this case defining TRUNCATE_UINT4 (which is done +automatically for a Cray) will ensure that 64-bit values are masked +down to 32 bits. I have done my best to test this but without easy +access to a true 64-bit machine I can not totally guarantee it (unless +anyone wants to lend me a spare Cray :-) + +There is one remaining limitation for 64-bit enabled processors. The +amount of data passed to any single call to the underlying MD5 +routines is limited to (2^32 - 1) bytes -- that's 4 gigabytes. I'm +sorry if that's a real problem for you ... + +And finally, a minor compilation warning (unsigned char * used with +function having char * prototype) has also been eliminated. + +*** 96/04/09 Version 1.6 + +Re-generated module framework using h2xs to pick up the latest module +conventions for versions etc. You can now say "use MD5 1.6;" and things +should work correctly. MD5.pod has been integrated into MD5.pm and +CHANGES renamed to Changes. There is a fairly comprehensive test.pl +which can be invoked via "make test". There are no functional changes +to the MD5 routines themselves. + +*** 96/03/14 Version 1.5.3 + +Fixed addfile method to accept type-glob references for the file-handle +(eg \*STDOUT). This is more consistent with other routines and is now the +recommended way of passing file-handles. The documentation now gives more +examples as to how the routines might be used. + +*** 96/03/12 Version 1.5.2 + +Minor fixes from Christopher J Madsen to provide +support for building on OS/2 (and to work around a perl -w bug). + +Remove warning about possible difference between add('foo', 'bar') and +add('foobar'). This is not true (it may have been true in the earliest +version of the module but is no longer the case). + +*** 96/03/08 Version 1.5.1 + +Add CHANGES file to make it easier for people to figure out what has +been going on. (Meant to do this as part of 1.5) + +*** 96/03/05 Version 1.5 + +Add hash() and hexhash() methods at the suggestion/request of Gary +Howland before inclusion in a wider library +of cryptography modules. + +*** 96/02/27 Version 1.4 + +Finally fixed the pesky Solaris dynamic loading bug. All kudos to Ken +Pizzini ! + +*** 95/11/29 Version 1.3.1 + +Add explanations of current known problems. + +*** 95/06/02 Version 1.3 + +Fix problems with scope resolution in addfile() reported by +Jean-Claude Giese . Basically ARGV is +always implicitly in package main while other filehandles aren't. + +*** 95/05/23 Version 1.2.1 + +[Changes pre 1.2.1 not recorded] diff --git a/MANIFEST b/MANIFEST new file mode 100644 index 0000000..f1b42b1 --- /dev/null +++ b/MANIFEST @@ -0,0 +1,14 @@ +Changes +MANIFEST +Makefile.PL +README +SHA1.pm +SHA1.xs +fip180-1.gif +fip180-1.html +hints/irix_6.pl +t/badfile.t +t/bits.t +t/sha1.t +typemap +META.yml Module meta-data (added by MakeMaker) diff --git a/META.yml b/META.yml new file mode 100644 index 0000000..dcc308a --- /dev/null +++ b/META.yml @@ -0,0 +1,24 @@ +--- #YAML:1.0 +name: Digest-SHA1 +version: 2.13 +abstract: Perl interface to the SHA-1 algorithm +author: + - Gisle Aas +license: perl +distribution_type: module +configure_requires: + ExtUtils::MakeMaker: 0 +build_requires: + ExtUtils::MakeMaker: 0 +requires: + Digest::base: 1.00 + perl: 5.004 +no_index: + directory: + - t + - inc +generated_by: ExtUtils::MakeMaker version 6.56 +meta-spec: + url: http://module-build.sourceforge.net/META-spec-v1.4.html + version: 1.4 +repository: http://github.com/gisle/digest-sha1 diff --git a/Makefile.PL b/Makefile.PL new file mode 100644 index 0000000..ca16008 --- /dev/null +++ b/Makefile.PL @@ -0,0 +1,41 @@ +require 5.004; +use ExtUtils::MakeMaker; + +WriteMakefile( + 'NAME' => 'Digest::SHA1', + 'VERSION_FROM' => 'SHA1.pm', + 'ABSTRACT' => 'Perl interface to the SHA-1 algorithm', + 'AUTHOR' => 'Gisle Aas ', + 'LICENSE' => "perl", + 'MIN_PERL_VERSION' => 5.004, + 'PREREQ_PM' => { + 'Digest::base' => '1.00', + }, + 'META_MERGE' => { + repository => 'http://github.com/gisle/digest-sha1', + }, + 'dist' => { COMPRESS => 'gzip -9f', SUFFIX => 'gz', }, +); + + +BEGIN { + # compatibility with older versions of MakeMaker + my $developer = -f "NOTES.txt"; + my %mm_req = ( + LICENCE => 6.31, + META_MERGE => 6.45, + META_ADD => 6.45, + MIN_PERL_VERSION => 6.48, + ); + undef(*WriteMakefile); + *WriteMakefile = sub { + my %arg = @_; + for (keys %mm_req) { + unless (eval { ExtUtils::MakeMaker->VERSION($mm_req{$_}) }) { + warn "$_ $@" if $developer; + delete $arg{$_}; + } + } + ExtUtils::MakeMaker::WriteMakefile(%arg); + }; +} diff --git a/README b/README new file mode 100644 index 0000000..9642e19 --- /dev/null +++ b/README @@ -0,0 +1,14 @@ +The Digest::SHA1 module allows you to use the NIST SHA-1 message +digest algorithm from within Perl programs. The algorithm takes as +input a message of arbitrary length and produces as output a 160-bit +"fingerprint" or "message digest" of the input. + +SHA1 is described at + +You will need Perl version 5.004 or better to install this module. + +Copyright 1999-2004 Gisle Aas. +Copyright 1997 Uwe Hollerbach. + +This library is free software; you can redistribute it and/or +modify it under the same terms as Perl itself. diff --git a/SHA1.pm b/SHA1.pm new file mode 100644 index 0000000..bd2647a --- /dev/null +++ b/SHA1.pm @@ -0,0 +1,246 @@ +package Digest::SHA1; + +use strict; +use vars qw($VERSION @ISA @EXPORT_OK); + +$VERSION = '2.13'; + +require Exporter; +*import = \&Exporter::import; +@EXPORT_OK = qw(sha1 sha1_hex sha1_base64 sha1_transform); + +require DynaLoader; +@ISA=qw(DynaLoader); + +eval { + require Digest::base; + push(@ISA, 'Digest::base'); +}; +if ($@) { + my $err = $@; + *add_bits = sub { die $err }; +} + +Digest::SHA1->bootstrap($VERSION); + +1; +__END__ + +=head1 NAME + +Digest::SHA1 - Perl interface to the SHA-1 algorithm + +=head1 SYNOPSIS + + # Functional style + use Digest::SHA1 qw(sha1 sha1_hex sha1_base64); + + $digest = sha1($data); + $digest = sha1_hex($data); + $digest = sha1_base64($data); + $digest = sha1_transform($data); + + + # OO style + use Digest::SHA1; + + $sha1 = Digest::SHA1->new; + + $sha1->add($data); + $sha1->addfile(*FILE); + + $sha1_copy = $sha1->clone; + + $digest = $sha1->digest; + $digest = $sha1->hexdigest; + $digest = $sha1->b64digest; + $digest = $sha1->transform; + +=head1 DESCRIPTION + +The C module allows you to use the NIST SHA-1 message +digest algorithm from within Perl programs. The algorithm takes as +input a message of arbitrary length and produces as output a 160-bit +"fingerprint" or "message digest" of the input. + +In 2005, security flaws were identified in SHA-1, namely that a possible +mathematical weakness might exist, indicating that a stronger hash function +would be desirable. The L module implements the stronger +algorithms in the SHA family. + +The C module provide a procedural interface for simple +use, as well as an object oriented interface that can handle messages +of arbitrary length and which can read files directly. + +=head1 FUNCTIONS + +The following functions can be exported from the C +module. No functions are exported by default. + +=over 4 + +=item sha1($data,...) + +This function will concatenate all arguments, calculate the SHA-1 +digest of this "message", and return it in binary form. The returned +string will be 20 bytes long. + +The result of sha1("a", "b", "c") will be exactly the same as the +result of sha1("abc"). + +=item sha1_hex($data,...) + +Same as sha1(), but will return the digest in hexadecimal form. The +length of the returned string will be 40 and it will only contain +characters from this set: '0'..'9' and 'a'..'f'. + +=item sha1_base64($data,...) + +Same as sha1(), but will return the digest as a base64 encoded string. +The length of the returned string will be 27 and it will only contain +characters from this set: 'A'..'Z', 'a'..'z', '0'..'9', '+' and +'/'. + +Note that the base64 encoded string returned is not padded to be a +multiple of 4 bytes long. If you want interoperability with other +base64 encoded sha1 digests you might want to append the redundant +string "=" to the result. + +=item sha1_transform($data) + +Implements the basic SHA1 transform on a 64 byte block. The $data +argument and the returned $digest are in binary form. This algorithm +is used in NIST FIPS 186-2 + +=back + +=head1 METHODS + +The object oriented interface to C is described in this +section. After a C object has been created, you will add +data to it and finally ask for the digest in a suitable format. A +single object can be used to calculate multiple digests. + +The following methods are provided: + +=over 4 + +=item $sha1 = Digest::SHA1->new + +The constructor returns a new C object which encapsulate +the state of the SHA-1 message-digest algorithm. + +If called as an instance method (i.e. $sha1->new) it will just reset the +state the object to the state of a newly created object. No new +object is created in this case. + +=item $sha1->reset + +This is just an alias for $sha1->new. + +=item $sha1->clone + +This a copy of the $sha1 object. It is useful when you do not want to +destroy the digests state, but need an intermediate value of the +digest, e.g. when calculating digests iteratively on a continuous data +stream. Example: + + my $sha1 = Digest::SHA1->new; + while (<>) { + $sha1->add($_); + print "Line $.: ", $sha1->clone->hexdigest, "\n"; + } + +=item $sha1->add($data,...) + +The $data provided as argument are appended to the message we +calculate the digest for. The return value is the $sha1 object itself. + +All these lines will have the same effect on the state of the $sha1 +object: + + $sha1->add("a"); $sha1->add("b"); $sha1->add("c"); + $sha1->add("a")->add("b")->add("c"); + $sha1->add("a", "b", "c"); + $sha1->add("abc"); + +=item $sha1->addfile($io_handle) + +The $io_handle will be read until EOF and its content appended to the +message we calculate the digest for. The return value is the $sha1 +object itself. + +The addfile() method will croak() if it fails reading data for some +reason. If it croaks it is unpredictable what the state of the $sha1 +object will be in. The addfile() method might have been able to read +the file partially before it failed. It is probably wise to discard +or reset the $sha1 object if this occurs. + +In most cases you want to make sure that the $io_handle is in +C before you pass it as argument to the addfile() method. + +=item $sha1->add_bits($data, $nbits) + +=item $sha1->add_bits($bitstring) + +This implementation of SHA-1 only supports byte oriented input so you +might only add bits as multiples of 8. If you need bit level support +please consider using the C module instead. The +add_bits() method is provided here for compatibility with other digest +implementations. See L for description of the arguments that +add_bits() take. + +=item $sha1->digest + +Return the binary digest for the message. The returned string will be +20 bytes long. + +Note that the C operation is effectively a destructive, +read-once operation. Once it has been performed, the C +object is automatically C and can be used to calculate another +digest value. Call $sha1->clone->digest if you want to calculate the +digest without reseting the digest state. + +=item $sha1->hexdigest + +Same as $sha1->digest, but will return the digest in hexadecimal +form. The length of the returned string will be 40 and it will only +contain characters from this set: '0'..'9' and 'a'..'f'. + +=item $sha1->b64digest + +Same as $sha1->digest, but will return the digest as a base64 encoded +string. The length of the returned string will be 27 and it will only +contain characters from this set: 'A'..'Z', 'a'..'z', '0'..'9', '+' +and '/'. + + +The base64 encoded string returned is not padded to be a multiple of 4 +bytes long. If you want interoperability with other base64 encoded +SHA-1 digests you might want to append the string "=" to the result. + +=back + +=head1 SEE ALSO + +L, L, L, L + +http://www.itl.nist.gov/fipspubs/fip180-1.htm + +http://en.wikipedia.org/wiki/SHA_hash_functions + +=head1 COPYRIGHT + +This library is free software; you can redistribute it and/or +modify it under the same terms as Perl itself. + + Copyright 1999-2004 Gisle Aas. + Copyright 1997 Uwe Hollerbach. + +=head1 AUTHORS + +Peter C. Gutmann, +Uwe Hollerbach , +Gisle Aas + +=cut diff --git a/SHA1.xs b/SHA1.xs new file mode 100644 index 0000000..909c710 --- /dev/null +++ b/SHA1.xs @@ -0,0 +1,622 @@ +#ifdef __cplusplus +extern "C" { +#endif +#define PERL_NO_GET_CONTEXT /* we want efficiency */ +#include "EXTERN.h" +#include "perl.h" +#include "XSUB.h" +#ifdef __cplusplus +} +#endif + +#ifndef PERL_VERSION +# include +# if !(defined(PERL_VERSION) || (SUBVERSION > 0 && defined(PATCHLEVEL))) +# include +# endif +# define PERL_REVISION 5 +# define PERL_VERSION PATCHLEVEL +# define PERL_SUBVERSION SUBVERSION +#endif + +#if PERL_VERSION <= 4 && !defined(PL_dowarn) + #define PL_dowarn dowarn +#endif + +#ifdef G_WARN_ON + #define DOWARN (PL_dowarn & G_WARN_ON) +#else + #define DOWARN PL_dowarn +#endif + +#ifdef SvPVbyte + #if PERL_REVISION == 5 && PERL_VERSION < 7 + /* SvPVbyte does not work in perl-5.6.1, borrowed version for 5.7.3 */ + #undef SvPVbyte + #define SvPVbyte(sv, lp) \ + ((SvFLAGS(sv) & (SVf_POK|SVf_UTF8)) == (SVf_POK) \ + ? ((lp = SvCUR(sv)), SvPVX(sv)) : my_sv_2pvbyte(aTHX_ sv, &lp)) + + static char * + my_sv_2pvbyte(pTHX_ register SV *sv, STRLEN *lp) + { + sv_utf8_downgrade(sv,0); + return SvPV(sv,*lp); + } + #endif +#else + #define SvPVbyte SvPV +#endif + +#ifndef dTHX + #define pTHX_ + #define aTHX_ +#endif + +/* NIST Secure Hash Algorithm */ +/* heavily modified by Uwe Hollerbach */ +/* from Peter C. Gutmann's implementation as found in */ +/* Applied Cryptography by Bruce Schneier */ +/* Further modifications to include the "UNRAVEL" stuff, below */ + +/* This code is in the public domain */ + +/* Useful defines & typedefs */ + +#if defined(U64TYPE) && (defined(USE_64_BIT_INT) || ((BYTEORDER != 0x1234) && (BYTEORDER != 0x4321))) +typedef U64TYPE ULONGx; +# if BYTEORDER == 0x1234 +# undef BYTEORDER +# define BYTEORDER 0x12345678 +# elif BYTEORDER == 0x4321 +# undef BYTEORDER +# define BYTEORDER 0x87654321 +# endif +#else +typedef unsigned long ULONGx; /* 32-or-more-bit quantity */ +#endif + +#define SHA_BLOCKSIZE 64 +#define SHA_DIGESTSIZE 20 + +typedef struct { + ULONGx digest[5]; /* message digest */ + ULONGx count_lo, count_hi; /* 64-bit bit count */ + U8 data[SHA_BLOCKSIZE]; /* SHA data buffer */ + int local; /* unprocessed amount in data */ +} SHA_INFO; + + +/* UNRAVEL should be fastest & biggest */ +/* UNROLL_LOOPS should be just as big, but slightly slower */ +/* both undefined should be smallest and slowest */ + +#define SHA_VERSION 1 +#define UNRAVEL +/* #define UNROLL_LOOPS */ + +/* SHA f()-functions */ +#define f1(x,y,z) ((x & y) | (~x & z)) +#define f2(x,y,z) (x ^ y ^ z) +#define f3(x,y,z) ((x & y) | (x & z) | (y & z)) +#define f4(x,y,z) (x ^ y ^ z) + +/* SHA constants */ +#define CONST1 0x5a827999L +#define CONST2 0x6ed9eba1L +#define CONST3 0x8f1bbcdcL +#define CONST4 0xca62c1d6L + +/* truncate to 32 bits -- should be a null op on 32-bit machines */ +#define T32(x) ((x) & 0xffffffffL) + +/* 32-bit rotate */ +#define R32(x,n) T32(((x << n) | (x >> (32 - n)))) + +/* the generic case, for when the overall rotation is not unraveled */ +#define FG(n) \ + T = T32(R32(A,5) + f##n(B,C,D) + E + *WP++ + CONST##n); \ + E = D; D = C; C = R32(B,30); B = A; A = T + +/* specific cases, for when the overall rotation is unraveled */ +#define FA(n) \ + T = T32(R32(A,5) + f##n(B,C,D) + E + *WP++ + CONST##n); B = R32(B,30) + +#define FB(n) \ + E = T32(R32(T,5) + f##n(A,B,C) + D + *WP++ + CONST##n); A = R32(A,30) + +#define FC(n) \ + D = T32(R32(E,5) + f##n(T,A,B) + C + *WP++ + CONST##n); T = R32(T,30) + +#define FD(n) \ + C = T32(R32(D,5) + f##n(E,T,A) + B + *WP++ + CONST##n); E = R32(E,30) + +#define FE(n) \ + B = T32(R32(C,5) + f##n(D,E,T) + A + *WP++ + CONST##n); D = R32(D,30) + +#define FT(n) \ + A = T32(R32(B,5) + f##n(C,D,E) + T + *WP++ + CONST##n); C = R32(C,30) + + +static void sha_transform(SHA_INFO *sha_info) +{ + int i; + U8 *dp; + ULONGx T, A, B, C, D, E, W[80], *WP; + + dp = sha_info->data; + +/* +the following makes sure that at least one code block below is +traversed or an error is reported, without the necessity for nested +preprocessor if/else/endif blocks, which are a great pain in the +nether regions of the anatomy... +*/ +#undef SWAP_DONE + +#if BYTEORDER == 0x1234 +#define SWAP_DONE + /* assert(sizeof(ULONGx) == 4); */ + for (i = 0; i < 16; ++i) { + T = *((ULONGx *) dp); + dp += 4; + W[i] = ((T << 24) & 0xff000000) | ((T << 8) & 0x00ff0000) | + ((T >> 8) & 0x0000ff00) | ((T >> 24) & 0x000000ff); + } +#endif + +#if BYTEORDER == 0x4321 +#define SWAP_DONE + /* assert(sizeof(ULONGx) == 4); */ + for (i = 0; i < 16; ++i) { + T = *((ULONGx *) dp); + dp += 4; + W[i] = T32(T); + } +#endif + +#if BYTEORDER == 0x12345678 +#define SWAP_DONE + /* assert(sizeof(ULONGx) == 8); */ + for (i = 0; i < 16; i += 2) { + T = *((ULONGx *) dp); + dp += 8; + W[i] = ((T << 24) & 0xff000000) | ((T << 8) & 0x00ff0000) | + ((T >> 8) & 0x0000ff00) | ((T >> 24) & 0x000000ff); + T >>= 32; + W[i+1] = ((T << 24) & 0xff000000) | ((T << 8) & 0x00ff0000) | + ((T >> 8) & 0x0000ff00) | ((T >> 24) & 0x000000ff); + } +#endif + +#if BYTEORDER == 0x87654321 +#define SWAP_DONE + /* assert(sizeof(ULONGx) == 8); */ + for (i = 0; i < 16; i += 2) { + T = *((ULONGx *) dp); + dp += 8; + W[i] = T32(T >> 32); + W[i+1] = T32(T); + } +#endif + +#ifndef SWAP_DONE +#error Unknown byte order -- you need to add code here +#endif /* SWAP_DONE */ + + for (i = 16; i < 80; ++i) { + W[i] = W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16]; +#if (SHA_VERSION == 1) + W[i] = R32(W[i], 1); +#endif /* SHA_VERSION */ + } + A = sha_info->digest[0]; + B = sha_info->digest[1]; + C = sha_info->digest[2]; + D = sha_info->digest[3]; + E = sha_info->digest[4]; + WP = W; +#ifdef UNRAVEL + FA(1); FB(1); FC(1); FD(1); FE(1); FT(1); FA(1); FB(1); FC(1); FD(1); + FE(1); FT(1); FA(1); FB(1); FC(1); FD(1); FE(1); FT(1); FA(1); FB(1); + FC(2); FD(2); FE(2); FT(2); FA(2); FB(2); FC(2); FD(2); FE(2); FT(2); + FA(2); FB(2); FC(2); FD(2); FE(2); FT(2); FA(2); FB(2); FC(2); FD(2); + FE(3); FT(3); FA(3); FB(3); FC(3); FD(3); FE(3); FT(3); FA(3); FB(3); + FC(3); FD(3); FE(3); FT(3); FA(3); FB(3); FC(3); FD(3); FE(3); FT(3); + FA(4); FB(4); FC(4); FD(4); FE(4); FT(4); FA(4); FB(4); FC(4); FD(4); + FE(4); FT(4); FA(4); FB(4); FC(4); FD(4); FE(4); FT(4); FA(4); FB(4); + sha_info->digest[0] = T32(sha_info->digest[0] + E); + sha_info->digest[1] = T32(sha_info->digest[1] + T); + sha_info->digest[2] = T32(sha_info->digest[2] + A); + sha_info->digest[3] = T32(sha_info->digest[3] + B); + sha_info->digest[4] = T32(sha_info->digest[4] + C); +#else /* !UNRAVEL */ +#ifdef UNROLL_LOOPS + FG(1); FG(1); FG(1); FG(1); FG(1); FG(1); FG(1); FG(1); FG(1); FG(1); + FG(1); FG(1); FG(1); FG(1); FG(1); FG(1); FG(1); FG(1); FG(1); FG(1); + FG(2); FG(2); FG(2); FG(2); FG(2); FG(2); FG(2); FG(2); FG(2); FG(2); + FG(2); FG(2); FG(2); FG(2); FG(2); FG(2); FG(2); FG(2); FG(2); FG(2); + FG(3); FG(3); FG(3); FG(3); FG(3); FG(3); FG(3); FG(3); FG(3); FG(3); + FG(3); FG(3); FG(3); FG(3); FG(3); FG(3); FG(3); FG(3); FG(3); FG(3); + FG(4); FG(4); FG(4); FG(4); FG(4); FG(4); FG(4); FG(4); FG(4); FG(4); + FG(4); FG(4); FG(4); FG(4); FG(4); FG(4); FG(4); FG(4); FG(4); FG(4); +#else /* !UNROLL_LOOPS */ + for (i = 0; i < 20; ++i) { FG(1); } + for (i = 20; i < 40; ++i) { FG(2); } + for (i = 40; i < 60; ++i) { FG(3); } + for (i = 60; i < 80; ++i) { FG(4); } +#endif /* !UNROLL_LOOPS */ + sha_info->digest[0] = T32(sha_info->digest[0] + A); + sha_info->digest[1] = T32(sha_info->digest[1] + B); + sha_info->digest[2] = T32(sha_info->digest[2] + C); + sha_info->digest[3] = T32(sha_info->digest[3] + D); + sha_info->digest[4] = T32(sha_info->digest[4] + E); +#endif /* !UNRAVEL */ +} + +/* initialize the SHA digest */ + +static void sha_init(SHA_INFO *sha_info) +{ + sha_info->digest[0] = 0x67452301L; + sha_info->digest[1] = 0xefcdab89L; + sha_info->digest[2] = 0x98badcfeL; + sha_info->digest[3] = 0x10325476L; + sha_info->digest[4] = 0xc3d2e1f0L; + sha_info->count_lo = 0L; + sha_info->count_hi = 0L; + sha_info->local = 0; +} + +/* update the SHA digest */ + +static void sha_update(SHA_INFO *sha_info, U8 *buffer, int count) +{ + int i; + ULONGx clo; + + clo = T32(sha_info->count_lo + ((ULONGx) count << 3)); + if (clo < sha_info->count_lo) { + ++sha_info->count_hi; + } + sha_info->count_lo = clo; + sha_info->count_hi += (ULONGx) count >> 29; + if (sha_info->local) { + i = SHA_BLOCKSIZE - sha_info->local; + if (i > count) { + i = count; + } + memcpy(((U8 *) sha_info->data) + sha_info->local, buffer, i); + count -= i; + buffer += i; + sha_info->local += i; + if (sha_info->local == SHA_BLOCKSIZE) { + sha_transform(sha_info); + } else { + return; + } + } + while (count >= SHA_BLOCKSIZE) { + memcpy(sha_info->data, buffer, SHA_BLOCKSIZE); + buffer += SHA_BLOCKSIZE; + count -= SHA_BLOCKSIZE; + sha_transform(sha_info); + } + memcpy(sha_info->data, buffer, count); + sha_info->local = count; +} + + +static void sha_transform_and_copy(unsigned char digest[20], SHA_INFO *sha_info) +{ + sha_transform(sha_info); + digest[ 0] = (unsigned char) ((sha_info->digest[0] >> 24) & 0xff); + digest[ 1] = (unsigned char) ((sha_info->digest[0] >> 16) & 0xff); + digest[ 2] = (unsigned char) ((sha_info->digest[0] >> 8) & 0xff); + digest[ 3] = (unsigned char) ((sha_info->digest[0] ) & 0xff); + digest[ 4] = (unsigned char) ((sha_info->digest[1] >> 24) & 0xff); + digest[ 5] = (unsigned char) ((sha_info->digest[1] >> 16) & 0xff); + digest[ 6] = (unsigned char) ((sha_info->digest[1] >> 8) & 0xff); + digest[ 7] = (unsigned char) ((sha_info->digest[1] ) & 0xff); + digest[ 8] = (unsigned char) ((sha_info->digest[2] >> 24) & 0xff); + digest[ 9] = (unsigned char) ((sha_info->digest[2] >> 16) & 0xff); + digest[10] = (unsigned char) ((sha_info->digest[2] >> 8) & 0xff); + digest[11] = (unsigned char) ((sha_info->digest[2] ) & 0xff); + digest[12] = (unsigned char) ((sha_info->digest[3] >> 24) & 0xff); + digest[13] = (unsigned char) ((sha_info->digest[3] >> 16) & 0xff); + digest[14] = (unsigned char) ((sha_info->digest[3] >> 8) & 0xff); + digest[15] = (unsigned char) ((sha_info->digest[3] ) & 0xff); + digest[16] = (unsigned char) ((sha_info->digest[4] >> 24) & 0xff); + digest[17] = (unsigned char) ((sha_info->digest[4] >> 16) & 0xff); + digest[18] = (unsigned char) ((sha_info->digest[4] >> 8) & 0xff); + digest[19] = (unsigned char) ((sha_info->digest[4] ) & 0xff); +} + +/* finish computing the SHA digest */ +static void sha_final(unsigned char digest[20], SHA_INFO *sha_info) +{ + int count; + ULONGx lo_bit_count, hi_bit_count; + + lo_bit_count = sha_info->count_lo; + hi_bit_count = sha_info->count_hi; + count = (int) ((lo_bit_count >> 3) & 0x3f); + ((U8 *) sha_info->data)[count++] = 0x80; + if (count > SHA_BLOCKSIZE - 8) { + memset(((U8 *) sha_info->data) + count, 0, SHA_BLOCKSIZE - count); + sha_transform(sha_info); + memset((U8 *) sha_info->data, 0, SHA_BLOCKSIZE - 8); + } else { + memset(((U8 *) sha_info->data) + count, 0, + SHA_BLOCKSIZE - 8 - count); + } + sha_info->data[56] = (U8)((hi_bit_count >> 24) & 0xff); + sha_info->data[57] = (U8)((hi_bit_count >> 16) & 0xff); + sha_info->data[58] = (U8)((hi_bit_count >> 8) & 0xff); + sha_info->data[59] = (U8)((hi_bit_count >> 0) & 0xff); + sha_info->data[60] = (U8)((lo_bit_count >> 24) & 0xff); + sha_info->data[61] = (U8)((lo_bit_count >> 16) & 0xff); + sha_info->data[62] = (U8)((lo_bit_count >> 8) & 0xff); + sha_info->data[63] = (U8)((lo_bit_count >> 0) & 0xff); + sha_transform_and_copy(digest, sha_info); +} + + + + + +/*----------------------------------------------------------------*/ +#ifndef INT2PTR +#define INT2PTR(any,d) (any)(d) +#endif + +static SHA_INFO* get_sha_info(pTHX_ SV* sv) +{ + if (sv_derived_from(sv, "Digest::SHA1")) + return INT2PTR(SHA_INFO*, SvIV(SvRV(sv))); + croak("Not a reference to a Digest::SHA1 object"); + return (SHA_INFO*)0; /* some compilers insist on a return value */ +} + + +static char* hex_20(const unsigned char* from, char* to) +{ + static const char *hexdigits = "0123456789abcdef"; + const unsigned char *end = from + 20; + char *d = to; + + while (from < end) { + *d++ = hexdigits[(*from >> 4)]; + *d++ = hexdigits[(*from & 0x0F)]; + from++; + } + *d = '\0'; + return to; +} + +static char* base64_20(const unsigned char* from, char* to) +{ + static const char* base64 = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + const unsigned char *end = from + 20; + unsigned char c1, c2, c3; + char *d = to; + + while (1) { + c1 = *from++; + c2 = *from++; + *d++ = base64[c1>>2]; + *d++ = base64[((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4)]; + if (from == end) { + *d++ = base64[(c2 & 0xF) << 2]; + break; + } + c3 = *from++; + *d++ = base64[((c2 & 0xF) << 2) | ((c3 & 0xC0) >>6)]; + *d++ = base64[c3 & 0x3F]; + } + *d = '\0'; + return to; +} + +/* Formats */ +#define F_BIN 0 +#define F_HEX 1 +#define F_B64 2 + +static SV* make_mortal_sv(pTHX_ const unsigned char *src, int type) +{ + STRLEN len; + char result[41]; + char *ret; + + switch (type) { + case F_BIN: + ret = (char*)src; + len = 20; + break; + case F_HEX: + ret = hex_20(src, result); + len = 40; + break; + case F_B64: + ret = base64_20(src, result); + len = 27; + break; + default: + croak("Bad convertion type (%d)", type); + break; + } + return sv_2mortal(newSVpv(ret,len)); +} + + +/********************************************************************/ + +typedef PerlIO* InputStream; + +MODULE = Digest::SHA1 PACKAGE = Digest::SHA1 + +PROTOTYPES: DISABLE + +void +new(xclass) + SV* xclass + PREINIT: + SHA_INFO* context; + PPCODE: + if (!SvROK(xclass)) { + STRLEN my_na; + char *sclass = SvPV(xclass, my_na); + New(55, context, 1, SHA_INFO); + ST(0) = sv_newmortal(); + sv_setref_pv(ST(0), sclass, (void*)context); + SvREADONLY_on(SvRV(ST(0))); + } else { + context = get_sha_info(aTHX_ xclass); + } + sha_init(context); + XSRETURN(1); + +void +clone(self) + SV* self + PREINIT: + SHA_INFO* cont = get_sha_info(aTHX_ self); + const char *myname = sv_reftype(SvRV(self),TRUE); + SHA_INFO* context; + PPCODE: + New(55, context, 1, SHA_INFO); + ST(0) = sv_newmortal(); + sv_setref_pv(ST(0), myname , (void*)context); + SvREADONLY_on(SvRV(ST(0))); + memcpy(context,cont,sizeof(SHA_INFO)); + XSRETURN(1); + +void +DESTROY(context) + SHA_INFO* context + CODE: + Safefree(context); + +void +add(self, ...) + SV* self + PREINIT: + SHA_INFO* context = get_sha_info(aTHX_ self); + int i; + unsigned char *data; + STRLEN len; + PPCODE: + for (i = 1; i < items; i++) { + data = (unsigned char *)(SvPVbyte(ST(i), len)); + sha_update(context, data, len); + } + XSRETURN(1); /* self */ + +void +addfile(self, fh) + SV* self + InputStream fh + PREINIT: + SHA_INFO* context = get_sha_info(aTHX_ self); + unsigned char buffer[4096]; + int n; + CODE: + if (fh) { + /* Process blocks until EOF or error */ + while ( (n = PerlIO_read(fh, buffer, sizeof(buffer))) > 0) { + sha_update(context, buffer, n); + } + if (PerlIO_error(fh)) { + croak("Reading from filehandle failed"); + } + } + else { + croak("No filehandle passed"); + } + + XSRETURN(1); /* self */ + +void +digest(context) + SHA_INFO* context + ALIAS: + Digest::SHA1::digest = F_BIN + Digest::SHA1::hexdigest = F_HEX + Digest::SHA1::b64digest = F_B64 + PREINIT: + unsigned char digeststr[20]; + PPCODE: + sha_final(digeststr, context); + sha_init(context); /* In case it is reused */ + ST(0) = make_mortal_sv(aTHX_ digeststr, ix); + XSRETURN(1); + +void +sha1(...) + ALIAS: + Digest::SHA1::sha1 = F_BIN + Digest::SHA1::sha1_hex = F_HEX + Digest::SHA1::sha1_base64 = F_B64 + PREINIT: + SHA_INFO ctx; + int i; + unsigned char *data; + STRLEN len; + unsigned char digeststr[20]; + PPCODE: + sha_init(&ctx); + + if (DOWARN) { + const char *msg = 0; + if (items == 1) { + if (SvROK(ST(0))) { + SV* sv = SvRV(ST(0)); + if (SvOBJECT(sv) && strEQ(HvNAME(SvSTASH(sv)), "Digest::SHA1")) + msg = "probably called as method"; + else + msg = "called with reference argument"; + } + } + else if (items > 1) { + data = (unsigned char *)SvPVbyte(ST(0), len); + if (len == 12 && memEQ("Digest::SHA1", data, 12)) { + msg = "probably called as class method"; + } + } + if (msg) { + const char *f = (ix == F_BIN) ? "sha1" : + (ix == F_HEX) ? "sha1_hex" : "sha1_base64"; + warn("&Digest::SHA1::%s function %s", f, msg); + } + } + + for (i = 0; i < items; i++) { + data = (unsigned char *)(SvPVbyte(ST(i), len)); + sha_update(&ctx, data, len); + } + sha_final(digeststr, &ctx); + ST(0) = make_mortal_sv(aTHX_ digeststr, ix); + XSRETURN(1); + +void +sha1_transform(data) + SV* data + PREINIT: + SHA_INFO ctx; + unsigned char *data_pv; + unsigned char test[64]; + STRLEN len; + unsigned char digeststr[20]; + PPCODE: + sha_init(&ctx); + + memset (test, 0, 64); + data_pv = (unsigned char *)(SvPVbyte(data, len)); + memcpy (test, data_pv, len); + memcpy ((&ctx)->data, test, 64); + sha_transform_and_copy(digeststr, &ctx); + ST(0) = sv_2mortal(newSVpv((char*)digeststr, 20)); + XSRETURN(1); + diff --git a/fip180-1.gif b/fip180-1.gif new file mode 100644 index 0000000000000000000000000000000000000000..b0e0f18f065a61d7f79272df537079c776bb8bd1 GIT binary patch literal 7960 zcmZ`-Wmwbi*WXV?KnWE=X+#>NCJoYE(hX9Bjgs!}2FcM#N_UNvh6xe_Y3VKr>HWX> z>Ur~=U5j&_bDvL~dwVfySt(vVWBdmn|N9HNkB)!Oj(=|*K-SUG3B-J7{=m_{Iv50k zfIx5%2nhnAK|lrugTN3F7!Cp>L16TK5dsE5ARq`F1VMrz==)wc7zBra;BXKe34){V zk0QY!Bm{(ngOErN5)DiOp}`!w&MC)x`fHeSK z0uq7KfR%tAz%0NWKrt{35Dc6IXaPI`U|=>d8hyXs`);5N1hQSL5Fr?m7N*_Wq{)6MRqkpN9L3^N-fOf`3TBXy7UV z8%6^X0c0Sqk8*PI{rvm@PyqEF`~Kzr6A&!-SN#6FfQfYjLSvK3RONI9Vi7Ru4^-uL zhdz5NmmyRAwKwuL7&bppo!1{rB_2U0Ta!PSz@S#5KUh;RoWgE8lp$MN_#>Uyac6$8 zwrDh4B=8BjTwU>4o=gIh!BE||iK35ra+z}VC8$#ETG+x+ed%=Nr|t-H`G&HYTFZ$N zgW-nqxyH|{Lz(i86$=Qrlbwa(#>%A*zlTpL6q>4(Fv19!4UtXNtNn3r<+Bu;Yu1NT z!B&e=GgO}QMfL0j1yWTuS|YJ-MR zgr1vYQHNoCY03>Bk(4nEAmlIp8qD5@H6OWohWR}Dd~h>2l)f-@C6p%OS5CNK%`~+y z0bWp^r~J@Xex&rG#j3bsMUiRT3E}qJ2;r3?a~F-mR5LFXBHpYxQ5U|g|UMd?B=3^aC*Sp&;CmhG2sGu!`5+p>#+HLd1^$nDU7O@91} z&dv0$78;GC#8e!60L8Y*aCxwkk$L^oo2f91!^CnYtnNh`G$(~yx3oNTcBizWC;V!w zGWncor?TgOzs$w0u-~LC*F=q>w#+thkUH163@!`FIDN#L#@27aX)ftC!JDdoX>j=7` zO^64$lza)s*0i8{xgTKvr_6GIbrt9Rk8as$>q#1MZ|5gl7OkEsElpQ%Nh>^RiwY;E8oD%giX>GM}T z*Ae8ItDFQoP93_W70$nB<$S8PQao*MW+FX*lyBpQT+%lvLq@k3%pM#4jVTT}08gpE zCG)v_N;!WMwnSR$);vzYTOi(UY9W+AyNS>AH|xuY*;)hh)c$Kaj-IX)bY%2DITHL{XyUK?yNg*-i)g;OgCcFkuzSI?*bYhsVS@pAIlGXuRdlAp3}uk z(Us|5>pTj)o(xpQb;W9aRq<2j&XWp1)UvT}y-Jjah8j2Fg48SXAXF~O%g*8fy!DnJjf8tRO-_X$WNlUTz#9tAtbibF8y_Bs9o?bOW zNkA*y&KTV@U&hc91`OgJSOt9ZdO@ut)5I13#lT_MoaM~1Uvz^bVw-@1$rakG98hDy zZlcZ}D2rUu;D|>?ZS1;CSK*|U!NHt#@8bEYZKss{9^vG0J`F__aeUS+;naSr1&`B& z+^Bv&q9Li6?dMoFPSD|)TgJ+DVRq}S)uiaAywE)7^E6Dz`H3*6$%e|9hqL(w>KQE@ z@D0Cc$2DLI{9PQD+-~m^WmhJy$4FW7k%6Nw4uq?7K;5A7lQ8bkzo>6_md|s}*mkJr;Iq^!(kfkaWr@$%_%?6PnFGzgs4|o$=)H%uDKiHg;EfY@~>180>b= z{K$HuX(DQ~p=N-sVwYU*zokBz@=UVzdxT>`AXkx==Zs8e1tDMVO;p@gWNozVqbcK!Qf$tn1p3X_* zHF^%;esUxjoZDieYhe=HcBqV8h$IBK?#+(JIc@^L~Ady@h5z0VJ{ff9{)utvPiOlScG-QaymcuOL=Gu(o@x_qrhy%2M z41!bXJghx(>_OhW&Wbo5wpOZ*&$~(GR?}&>WIf4<)wf_>A|8#du1&3PP31=DK+mFU zGjbJ7*`LfJvz_a*F%`FH506Lv+U>tG3T=pyl1zL)s16pg{-i8C8*qm@Ekw;5XjGD* z(i`e1WDQ_CqgVYBy`{LG`j{G+%fKSL0$dt0`%^XvIXWzq{x`kQZO>9vQw`zrQln-M9>d&l1oolAVC zC+B{|^mLVyr_8@x{?$lvYR|J@{o=i~8izpMAo$KJrqODtw%)zd)o1(oAb-%54GGP1 ztdhoOTF3u(-1)S9F$2G8bNijMM0VCi#jBeSd;ZGjy=vr_f6l$hT!Fc zf4a6ewjw7lP5)vp|7WlLBAxt)Qv4~J zoXCo8NiMAMv1F+po3u6f9ijXly7=J?=(BPMOlSol`dC=pe5qu7$~8?z+yYqYe0HP) zB@%dlUxfjFraiedg5SP-oXZ>(Y)ys%&$1|Oq=U}}aCj<7(c z;$S^2Uvo>?JFE~k%V5)i5Mj%Z8;h-=Zb+z1YCs}QsAF-^%xb9Xg@@Hfh~4XeULsQdy`3>HZV29J2h%Z zCQ1z}I%zEm{wr#DzK6i)g8Owk~t3J6?|&PT#Ah*f+10b| zW`s$a&hBzEoWI4B7@EFlK{btJ6N=OYr7ZaLw^^yXeF)&RtAQUM=4oi3eNc86^dV4X z=7|cskPHNYP@$xl*8^=6|tMYcX;# zU>*_;*{9ofl)O29I*GS^Idc~&7r#vKbaSa^vR~`MUU^uxH;MND@?Q)~i!P2#pNW`s z3nb?^q0~*H*NuF)^R-vUiV>E`b``}jLJq05tO)7ePFrXov{P!G9co3yaBi%{Po&w!>- zd6Fm(w@5EtXe57Vcu8@|KqfKD5#Z6dZ##Fx8#`NtwHb?k^C^CP=yusgrKC77mTF? z17+5*lA>AFr(lt|q^!oCl5)9}L~up5?l*V2($(-1sB|hL+@PU_!sr_xkGQgoBzer1 zWA|zzGNDWkR?!%36QYrCC zfk~+Qf1VnZ%_Wi^ls7x@F8(4My);!6x5fIGE?D`6hZg>&AeC;xXm~Z3XDz~`@-dvr znV7wkI`Jmqn}BC6i+S~UnxP4S24&F)FTR@Gol4A7Ro;Tkb!hE5e>ElJhtn&bM*>D} z{8XGg32P^;OlBOI?gC>a0%J^hAJglp%&R${GRZe&DY_?1Kb64QO;{MLF~unHe_68@ zpPeRKemYpEs~7LeT>bWSgNuBn`e}u-WgI4d=ERw%8y}aFUPI)Z6QNa|Xk@t&H_fxO z+@xW}{h4NXsTkd0bF`J9!JMdOc+gwjV#D!9c>zHLylF15OoUPU22Y}~@+pEIk-IL3 zc*!VHn$S=;?vpzf6DQw_D69sRRP@?=J>YG17;a5}-WK$rCpj6P>n&ta-GZsBP| z-nHGRYul=)%=&P<&7AkTMZ3{c?{50`V}!(^C$w5m_S!0Y^EwhOkSXTr@X*U@+>;+u zu<0z)uB7G~fB>y83x!mHiwOk#*~Hi>9-y z*iV~X%*^f=^5M*_)t5|}Rg>w@zI@lxeUpsH;1kq%KBM04LH`Ruy{uaoNZ|5_Pm#Nq zPBKFu+slQ_Dn%mhhwKlMR=Ztjqhx#6c`ENIp;*N%Ut*-=wOb``LJaWU^ z$;~rqFy}Wgh3?1J-Pg0atT)|Px*orIdWZgNIvwk?Evv#uaKFb)lYgombkjuLO7-!S z%Pz?!fD~RFIpBUWP$N;>)H@ii)$63C^rEDO1FjO5-X|4MuR7lGDySmSx+QhmwQ(>Z zvU!ld^ox~X5v!HBji4sg4C1AgMqBMrGfUw<^P4u7?y4saI%S_nyIaaJ5yNG9|FxE( zZd~P_Dt959f5N#4Ukz#Ll}(Tg%7~AwAiEx2BAQ%#_u-rdI0Jz=70RXG=f9W!5zO|2 zX7Qs&hdgzK1BNf6kQ*$6foUV01vykK2AB(jH`rw)W7X3C-8SYKtF8`{BQw${BI^pe z8qPEHOUFb}vh?N;#$?upOvcHvGJmSiklbF4xvq@=iOQzQRHWN4c$F!+V`a{%_>;Z7 zncQGt*J^^$d;D+VxNWFWk?{}2jqtc_q?jhGqY7X2XDT(PB z1dT5)g*$ogo7w4@)=n~^T4}-R&~i%q+v&)*(vg*4lmE>GMbDt5ofbM<#~Z*eMU|U(zfjqXnC?$8+P<4E0i*!gfLFPYd_ueb?ri%_Z;qAU&kP+bGw|qa zW+CHv%fjRXoc>PS_%U)BSDZd%Q5I}4amgzKJGjp-bG90H;p;+Kvtmby_d?`&vfo=( z7g8Z4?p)#RV*58$ky7=^_ne1bD$GAR%yH>@GgF)AR4-dnx^S2NM$YZqq|V)@du}hd zu*~;gd44Uc|4LSyBERtCb^SLkN0Dbqc zl)<6P+Q#OUPvqY>Z8|g%8cF8tPF7i)FUN=}7PEHBte|TTeU@cy7N^QrDFwc7D6Vl? z!F9;0`D<5PFqhlkTXAi!-Q2Xz`7^le=q!D>6A7aA5S?G~omn=JPs z7F5`wSKO6ST&bss9#QmfH5^r>*dr)eR`!6U#_WOjcH-W|BG*Ae0T@UYQ& zvPa~sUvrWB4eOh9_>tN*H;&yB>B$j7fZusYo8emR_@F+=R{pi!N#dzC4Mw%hL6xRe z&q2)4lXhNOw#u-ZK~BoxfOj?06{#H~$3Fc{n;*>bFoh;0qZet@5pbvWYVX z^(Lpmi)+)lznGOxewE7lif8y42OnaNCWp6fm9CETQ-pnnu(RXgz6wD`7uk04SZrO1 z!}bA@3AJ`NjyBh554|S~H?-exmMLy`HKq)W_R$ktf~@|gZ4sS#cj*+D3?@CZ;=2DTndTQkIP~qxWr5!kCay=A_$qq zoKjU*rDDj1d>#?2t__4dV>F?GtF8|PK2xa)A|@!5jpTaQo(NalRLT;vkje;~*!-Bu zO887NEwNCs5FJDpOro(f87-elQILkpQzn>&48W$8%H%g+DbAvl&f1&h8vI#jHEp}qTmuQMeg2TpOQjmN(kotL+eTby4R4pe z>RaIB7vGfh$HeEKzi>IAt;}9*CgnLCMd8P=DnEOFIJ34}{)$rX#`N^ms5C_o?d{dS zwGc>GQrFzMThVzCCx0Lm=(Nk$5Vez_*nax@2HF1PZ(e1`(@fKm?-wuUKZBn$=YMAS zubcX(2w}K5dlv?68C&DIR8N)E7WHXdAKB={GvOEg2}fe2q%UiV2-4-Q?Ime(t)7?c zOv&R5mv4?NrNJ|3d}>p0p!2U=qvV9I5QuiLFcz+}1bZxmq`5NQk6&NaCDt&xK2mSyj20w7 z(BRXe%IM;EIK?l|_2c9oxhF?^Ua1xyT&Z0d zV+K<<&ko-CrD_+*%?z<|XwbFsWvL=%O@fg?!E2IN!jVtGT-0vHp%`LKH*=x%6uc@CY%#+|6Z1XV z%OO8#*@UCs#x$Bn2tWQivLH3(CK97a^m^S!BLu$IWf%fCg4Y+!n5EDCm|4zjOLF4R z)suR@nR7@^GMgoENBp~>(PkDp;^)l^D=6}5gjIZ#A{i|2P@1-?$wgi5rM}bD+pJ0_ zN7&f>NJdQ7?LyLQTG!h=4=c{j^%mM6vXLIWB7U#iLcv4GXdioLN~os&HhbcG>~DE} zP3a$`8AlGJg=c&mjEB~Iu!8OvTGH=21nZEbgf=ZBLYR6hL(T-Z<4H1`Sp0Er%2*eR zWZ4N9`fq$l=bE5AFP%u=65eS(Pbhc1!mpgN(;B?)Xl?J(X!F&W9`rRxvZoY%xr9=D z)9>uEF~;4hfnyNreZp4%l5g}(+DONDcpI$}dnA!tH1o|;VkN$kzrOPlh3~%iVD@^0 zNLctdTn#_%`Q4|Y&Zmo8Zntysn8cP8cpKYL_=6YGI9nZ2q90)|%o6rTOhrWt4nL6X z5yw2xU^ILe;dyzT{lx!0-5Xeyn;^AGk+pMcD~+B0aNu%8Mt_TPd5r%o_zimG6~l?B zvV+IhiO2Pp5=1ph9|c=K_3C5wGLTqCw3M3cNrm;Wm~2P=op?z;T154n?%4fGPX~|O z@&g54RTRG2^wT+QvVcoWk3LiN^43?(N7p}Kp=~W=S-*R-wPv2!3z4Y|R24NJ`Hz2D zQ`2ysZyXRGQ=}g>S#Qp;tkfnNPU7P;c&7y(4%!~KeK|SQ=q39_15Zt|@jabU1RVJ~ zISMYXy8(_4RDgb`O+%^Ua#c4Il@s@-FFms0?d4N)NS?^pl(67OH7mI^Ok^G^;0Uhs zDSJ#!Wc}^2_|VlX<$XSpjecY)f&ojc!GB3{^1aS4*3kEad5hDmk~PWt~qJ z31h%M2J@?bB|;TTOTtu>TI|&exl!MggJJ3g{2C>is1mJSm}Y&8MuiKi)Cj{$yO&?H zCK**`A!((HYSCbLvt<7i!bcQsiYEpWwAzXShejw1ByLEL-s3R2wYHd#CYV1g5>R@i{WNt=f z;!XtwF0QnL@n=h@DV3I;gO#JD-DfI@odcB?)Yi<-)sc#WmBSeq7vf-NLnUf$YH4oc zPNfKxTuKxlwVkv*U`Hn>*RrvQR18IvG1a?Qj*?rKvbX*{Q@u zl|&^(adH1Kf!Y{bm{ZvpyHi;jyO>j%n48=FA5yr+RG*CFIPS 180-1 - Secure Hash Standard + + +FIPS PUB 180-1
+Supersedes FIPS PUB 180
+1993 May 11

+ +

Federal Information
+Processing Standards Publication 180-1
+
+1995 April 17
+
Announcing the Standard for
 +
+

SECURE HASH STANDARD

+ +(The Foreword, Abstract, and +Key Words
can be found at the end of this document.)
+ +
+Federal Information Processing Standards Publications (FIPS PUBS) +are issued by the National Institute of Standards and Technology after +approval by the Secretary of Commerce pursuant to Section 111(d) of the +Federal Property and Administrative Services Act of 1949, as amended by the +Computer Security Act of 1987, Public Law 100-235.
+

+Name of Standard: Secure Hash Standard. +

+Category of Standard: Computer Security. +

+Explanation: This Standard specifies a Secure Hash Algorithm, +SHA-1, for computing a condensed representation of a message or a data file. +When a message of any length < 264 bits is +input, the SHA-1 produces a 160-bit output called a message digest. The +message digest can then be input to the Digital Signature Algorithm (DSA) +which generates or verifies the signature for the message. Signing the +message +digest rather than the message often improves the efficiency of the process +because the message digest is usually much smaller in size than the message. +The same hash algorithm must be used by the verifier of a digital signature as +was used by the creator of the digital signature. +

+The SHA-1 is called secure because it is computationally infeasible to find +a message which corresponds to a given message digest, or to find two +different messages which produce the same message digest. Any change to a +message in transit will, with very high probability, result in a different +message digest, and the signature will fail to verify. SHA-1 is a technical +revision of SHA (FIPS 180). A circular left shift operation has been added +to the specifications in section 7, line b, page 9 of FIPS 180 and its +equivalent in section 8, line c, page 10 of FIPS 180. This revision improves +the security provided by this standard. The SHA-1 is based on principles +similar to those used by Professor Ronald L. Rivest of MIT when designing +the MD4 message digest algorithm ("The MD4 Message Digest Algorithm," +Advances in Cryptology - CRYPTO '90 Proceedings, Springer-Verlag, 1991, +pp. 303-311), and is closely modelled after that algorithm. +
+

+Figure 1: Using the SHA-1 with the DSA


+Approving Authority: Secretary of Commerce. +

+Maintenance Agency: U.S. Department of Commerce, National +Institute of Standards and Technology, Computer Systems Laboratory. +

+Applicability: This standard is applicable to all Federal departments +and agencies for the protection of unclassified information that is not subject +to section 2315 of Title 10, United States Code, or section 3502(2) of Title +44, United States Code. This standard is required for use with the Digital +Signature Algorithm (DSA) as specified in the Digital Signature Standard +(DSS) and whenever a secure hash algorithm is required for Federal applica- +tions. Private and commercial organizations are encouraged to adopt and use +this standard. +

+Applications: The SHA-1 may be used with the DSA in electronic +mail, electronic funds transfer, software distribution, data storage, and other +applications which require data integrity assurance and data origin +authentication. The SHA-1 may also be used whenever it is necessary to +generate a condensed version of a message. +

+Implementations: The SHA-1 may be implemented in software, +firmware, hardware, or any combination thereof. Only implementations of +the +SHA-1 that are validated by NIST will be considered as complying with this +standard. Information about the requirements for validating +implementations +of this standard can be obtained from the National Institute of Standards +and Technology, Computer Systems Laboratory, Attn: SHS Validation, +Gaithersburg, MD 20899. +

+Export Control: Implementations of this standard are subject to +FederalGovernment export controls as specified in Title 15, Code of Federal +Regulations, Parts 768 through 799. Exporters are advised to contact the +Department of Commerce, Bureau of Export Administration for more +information. +

+Patents: Implementations of the SHA-1 in this standard may be +covered by U.S. and foreign patents. +

+Implementation Schedule: This standard becomes effective October +2, 1995. +

+Specifications: Federal Information Processing Standard (FIPS +180-1) Secure Hash Standard (affixed). +

+Cross Index: +
+
a. FIPS PUB 46-2, Data Encryption Standard. +

+
b. FIPS PUB 73, Guidelines for Security of Computer Applications. +

+
c. FIPS PUB 140-1, Security Requirements for Cryptographic Modules. +

+
d. FIPS PUB 186, Digital Signature Standard. +

+
e. Federal Informations Resources Management Regulations (FIRMR) +subpart 201.20.303, Standards, and subpart 201.39.1002, Federal Standards. +

+Objectives: The objectives of this standard are to: +
+
a. Specify the secure hash algorithm required for use with the Digital + Signature Standard (FIPS 186) in the generation and verification of + digital signatures; +

+
b. Specify the secure hash algorithm to be used whenever a secure hash + algorithm is required for Federal applications; and

+ +
c. Encourage the adoption and use of the specified secure hash algorithm + by private and commercial organizations. +

+Qualifications: While it is the intent of this standard to specify a +secure hash algorithm, conformance to this standard does not assure that a +particular implementation is secure. The responsible authority in each agency +or department shall assure that an overall implementation provides an +acceptable level of security. This standard will be reviewed every five years in +order to assess its adequacy. +

+Waiver Procedure: Under certain exceptional circumstances, the +heads of Federal departments and agencies may approve waivers to Federal +Information Processing Standards (FIPS). The head of such agency may +redelegate such authority only to a senior official designated pursuant to +section 3506(b) of Title 44, United States Code. Waiver shall be granted only +when: +
+
a. Compliance with a standard would adversely affect the +accomplishment of the mission of an operator of a Federal computer system; +or

+
b. Compliance with a standard would cause a major adverse financial +impact on the operator which is not offset by Government-wide savings. +
+Agency heads may act upon a written waiver request containing the +information detailed above. Agency heads may also act without a written +waiver request when they determine that conditions for meeting the standard +cannot be met. Agency heads may approve waivers only by a written decision +which explains the basis on which the agency head made the required +finding(s). A copy of each decision, with procurement sensitive or classified +portions clearly identified, shall be sent to: National Institute of Standards +and +Technology; ATTN: FIPS Waiver Decisions, Technology Building, Room +B-154, Gaithersburg, MD 20899. +

+In addition, notice of each waiver granted and each delegation of authority +to approve waivers shall be sent promptly to the Committee on Government +Operations of the House of Representatives and the Committee on +Government Affairs of the Senate and shall be published promptly in the +Federal Register. +

+When the determination on a waiver applies to the procurement of equipment +and/or services, a notice of the waiver determination must be published in +the Commerce Business Daily as a part of the notice of solicitation for +offers of an acquisition or, if the waiver determination is made after that +notice is published, by amendment to such notice. +

+A copy of the waiver, any supporting documents, the document approving the +waiver and any accompanying documents, with such deletions as the agency is +authorized and decides to make under 5 United States Code Section 552(b), +shall be part of the procurement documentation and retained by the agency. +

+Where to Obtain Copies of the Standard: Copies of this publication +are for sale by the National Technical Information Service, U.S. Department +of +Commerce, Springfield, VA 22161. When ordering, refer to Federal +Information Processing Standards Publication 180-1 (FIPSPUB180-1), and +identify the title. When microfiche is desired, this should be specified. Prices +are published by NTIS in current catalogs and other issuances. Payment may +be made by check, money order, deposit account or charged to a credit card +accepted by NTIS.

+
+FIPS PUB 180-1
+Supersedes FIPS PUB 180
+1993 May 11
+

+

Federal Information
+Processing Standards Publication 180-1

+1995 April 17
+
Specifications for
 +
+

SECURE HASH STANDARD

+

+
1. INTRODUCTION
+

+The Secure Hash Algorithm (SHA-1) is required for use with the Digital +Signature Algorithm (DSA) as specified in the Digital Signature Standard +(DSS) and whenever a secure hash algorithm is required for federal applica- +tions. For a message of length < 2^64 bits, the SHA-1 produces a 160-bit +condensed representation of the message called a message digest. The +message +digest is used during generation of a signature for the message. The SHA-1 +is also used to compute a message digest for the received version of the +message during the process of verifying the signature. Any change to the +message in transit will, with very high probability, result in a different +message digest, and the signature will fail to verify. +

+The SHA-1 is designed to have the following properties: it is computationally +infeasible to find a message which corresponds to a given message digest, or +to find two different messages which produce the same message digest. +

+
2. BIT STRINGS AND INTEGERS
+

+The following terminology related to bit strings and integers will be used: +
+
a. A hex digit is an element of the set {0, 1, ... , 9, A, ... , F}. A hex digit +is the representation of a 4-bit string. Examples: 7 = 0111, A = 1010. +

+
b. A word equals a 32-bit string which may be represented as a sequence +of 8 hex digits. To convert a word to 8 hex digits each 4-bit string is converted +to its hex equivalent as described in (a) above. Example:

+
+ 1010 0001 0000 0011 1111 1110 0010 0011 = A103FE23. +

+
c. An integer between 0 and 232 - 1 +inclusive may be represented as a word. The least significant four bits of the +integer are represented by the +right-most hex digit of the word representation. Example: the +integer +291 = 28+25+21+20 = 256+32+2+1 is represented by the hex word, +00000123. +

+
If z is an integer, 0 <= z < 264, then z = +232x + y where + 0 <= x < 232 and 0 <= y < 232. Since x and y can be represented as + words X and Y, respectively, z can be represented as the pair of words + (X,Y). +

+
d. block = 512-bit string. A block (e.g., B) may be represented as a + sequence of 16 words.

+
3. OPERATIONS ON WORDS
+

+The following logical operators will be applied to words: +
+
a. Bitwise logical word operations +
 
+X ^ Y         =  bitwise logical "and" of  X and Y.
+
+X \/ Y        =  bitwise logical "inclusive-or" of X and Y.
+    
+X XOR Y       =  bitwise logical "exclusive-or" of X and Y.
+
+~ X           =  bitwise logical "complement" of X.
+

+
Example: +
+            01101100101110011101001001111011
+      XOR   01100101110000010110100110110111
+            --------------------------------
+        =   00001001011110001011101111001100
+
+
b. The operation X + Y is defined as follows: words X and Y represent + integers x and y, where 0 <= x < 232 and +0 +<= y < 232. For positive + integers n and m, let n mod m be the remainder upon dividing n by m. + Compute +
+
z = (x + y) mod 232. +

+
Then 0 <= z < 232. Convert z to a +word, Z, and define Z = X + Y. +

+
c. The circular left shift operation Sn(X), where X is a word and n is an + integer with 0 <= n 32, is defined by +
+
Sn(X) = (X << n) OR (X >> 32-n). +

+
In the above, X << n is obtained as follows: discard the left-most n + bits of X and then pad the result with n zeroes on the right (the result + will still be 32 bits). X >> n is obtained by discarding the right-most + n bits of X and then padding the result with n zeroes on the left. Thus + Sn(X) is equivalent to a circular shift of +X +by n positions to the left.

+ +
4. MESSAGE PADDING
+

+The SHA-1 is used to compute a message digest for a message or data file that +is provided as input. The message or data file should be considered to be a +bit string. The length of the message is the number of bits in the message +(the empty message has length 0). If the number of bits in a message is a +multiple of 8, for compactness we can represent the message in hex. The +purpose of message padding is to make the total length of a padded message a +multiple of 512. The SHA-1 sequentially processes blocks of 512 bits when +computing the message digest. The following specifies how this padding shall +be performed. As a summary, a "1" followed by m "0"s followed by a 64-bit +integer are appended to the end of the message to produce a padded message +of length 512 * n. The 64-bit integer is l, the length of the original message. +The padded message is then processed by the SHA-1 as n 512-bit blocks. +

+Suppose a message has length l < 264. +Before it is input to the SHA-1, the +message is padded on the right as follows: +
+
a. "1" is appended. Example: if the original message is +"01010000", this is padded to "010100001". +

+
b. "0"s are appended. The number of "0"s will depend on the original +length of the message. The last 64 bits of the last 512-bit block are reserved +for the length l of the original message. +
+
Example: Suppose the original message is the bit string
+ +
01100001 01100010 01100011 01100100 01100101.
+
+
After step (a) this gives +
+
01100001 01100010 01100011 01100100 01100101 1.
+

+
Since l = 40, the number of bits in the above is 41 and 407 "0"s are + appended, making the total now 448. This gives (in hex) +
+
61626364 65800000 00000000 00000000 +
00000000 00000000 00000000 00000000 +
00000000 00000000 00000000 00000000 +
00000000 00000000. +

+
c. Obtain the 2-word representation of l, the number of bits in the +original message. If l < 232 then the first +word is all zeroes. Append these two words to the padded message. +
+
Example: Suppose the original message is as in (b). Then l = 40 +(note that l is computed before any padding). The two-word representation of +40 is hex 00000000 00000028. Hence the final padded message is hex +
+
61626364 65800000 00000000 00000000 +
00000000 00000000 00000000 00000000 +
00000000 00000000 00000000 00000000 +
00000000 00000000 00000000 00000028. +

+The padded message will contain 16 * n words for some n > 0. The padded +message is regarded as a sequence of n blocks M1 , M2, ... , +Mn, where +each Mi contains 16 words and +M1 contains the first characters (or bits) +of the message.

+
5. FUNCTIONS USED
+

+A sequence of logical functions f0, +f1,..., f79 +is +used in the SHA-1. +Each ft, 0 <= t <= 79, operates on three +32-bit words B, C, D and produces +a 32-bit word as output. ft(B,C,D) is defined +as follows: +for words B, C, D,
+ +
ft(B,C,D) = (B AND C) OR ((NOT B) +AND D) ( 0 <= t <= 19) +

+
ft(B,C,D) = B XOR C XOR D + + (20 <= t <= 39) +

+
ft(B,C,D) = (B AND C) OR (B AND +D) +OR (C AND D) (40 <= t <= 59) +

+
ft(B,C,D) = B XOR C XOR D + + (60 <= t <= 79). +

+
6. CONSTANTS USED
+

+ A sequence of constant words K(0), K(1), ... , K(79) is used in the SHA-1. +In hex these are given by +
+
K = 5A827999 ( 0 <= t <= 19) +

+
Kt = 6ED9EBA1 (20 <= t <= 39) +

+
Kt = 8F1BBCDC (40 <= t <= 59) +

+
Kt = CA62C1D6 (60 <= t <= 79). +

+
7. COMPUTING THE MESSAGE DIGEST
+

+ The message digest is computed using the final padded message. The +computation uses two buffers, each consisting of five 32-bit words, and a +sequence of eighty 32-bit words. The words of the first 5-word buffer are +labeled A,B,C,D,E. The words of the second 5-word buffer are labeled +H0, H1, +H2, H3, +H4. The words of the 80-word sequence are +labeled W0, W1,..., +W79. A single word buffer TEMP is also +employed. +

+ To generate the message digest, the 16-word blocks M1, M2,..., +Mn +defined in Section 4 are processed in order. The processing of each +Mi +involves 80 steps. +

+ Before processing any blocks, the {Hi} are +initialized as follows: in hex, +
+
H0 = 67452301 +

+
H1 = EFCDAB89 +

+
H2 = 98BADCFE +

+
H3 = 10325476 +

+
H4 = C3D2E1F0. +

+ Now M1, M2, ... , Mn are +processed. To process Mi, we proceed as +follows: +
+
a. Divide Mi into 16 words +W0, W1, +... +, W15, where W0 is the left-most word. +

+
b. For t = 16 to 79 let Wt = +S1(Wt-3 XOR +Wt-8 XOR Wt- +14 XOR Wt-16). +

+
c. Let A = H0, B = H1, C = H2, D = +H3, E = H4.

+
d. For t = 0 to 79 do +
+
TEMP = S5(A) + ft(B,C,D) + E + Wt + +Kt; +

+
E = D; D = C; C = S30(B); B = A; A = +TEMP; +

+
e. Let H0 = H0 + A, H1 = +H1 + B, H2 += H2 + C, H3 = H3 + D, +H4 = H4 + +E. +

+ After processing Mn, the message digest is +the 160-bit string +represented by the 5 words +
+
H0 H1 H2 H3 H4. +

+
8. ALTERNATE METHOD OF COMPUTATION +


+ The above assumes that the sequence W0, +... , W79 is implemented +as an array of eighty 32-bit words. This is efficient from the standpoint +of minimization of execution time, since the addresses of Wt-3, ... ,Wt-16 +in step (b) are easily computed. If space is at a premium, an alternative is +to regard { Wt } as a circular queue, which +may be implemented using an +array of sixteen 32-bit words W[0], ... W[15]. In this case, in hex let +MASK = 0000000F. Then processing of Mi +is as follows: +
+
a. Divide Mi into 16 words W[0], ... , +W[15], where W[0] is the + left-most word. +

+
b. Let A = H0, B = H1, C = H2, D = +H3, E = H4. +

+
c. For t = 0 to 79 do +
+
s = t ^ MASK; +

+
if (t >= 16) W[s] = S1(W[(s + 13) ^ +MASK] XOR W[(s + 8) AND MASK] +XOR W[(s + 2) ^ MASK] XOR W[s]); +

+
TEMP = S5(A) + ft(B,C,D) + E + W[s] + Kt; +

+
E = D; D = C; C = S30(B); B = A; A = +TEMP; +

+
d. Let H0 = H0 + A, H1 = +H1 + B, H2 += H2 + C, H3 = H3 + D, +H4 = H4 + +E. +

+
9. COMPARISON OF METHODS
+

+The methods of Sections 7 and 8 yield the same message digest. Although +using the method of Section 8 saves sixty-four 32-bit words of storage, it +is likely to lengthen execution time due to the increased complexity of the +address computations for the { W[t] } in step (c). Other computation methods +which give identical results may be implemented in conformance with the +standard. +

+
APPENDIX A. A SAMPLE MESSAGE AND ITS MESSAGE +DIGEST
+

+This appendix is for informational purposes only and is not required to meet +the standard. +

+Let the message be the ASCII binary-coded form of "abc", i.e., +
+
01100001 01100010 01100011. +

+This message has length l = 24. In step (a) of Section 4, we append "1". In +step (b) we append 423 "0"s. In step (c) we append hex 00000000 00000018, +the 2-word representation of 24. Thus the final padded message consists of +one block, so that n = 1 in the notation of Section 4. +

+The initial hex values of {Hi} are +

+H0 = 67452301 +
+H1 = EFCDAB89 +
+H2 = 98BADCFE +
+H3 = 10325476 +
+H4 = C3D2E1F0. +

+Start processing block 1. The words of block 1 are +

+W[0] = 61626380
+W[1] = 00000000
+W[2] = 00000000
+W[3] = 00000000
+W[4] = 00000000
+W[5] = 00000000
+W[6] = 00000000
+W[7] = 00000000
+W[8] = 00000000
+W[9] = 00000000
+W[10] = 00000000
+W[11] = 00000000
+W[12] = 00000000
+W[13] = 00000000
+W[14] = 00000000
+W[15] = 00000018. +

+The hex values of A,B,C,D,E after pass t of the "for t = 0 to 79" loop +(step (d) of Section 7 or step (c) of Section 8) are
+       
+            A           B           C           D           E
+
+t =  0: 0116FC33    67452301    7BF36AE2    98BADCFE    10325476
+t =  1: 8990536D    0116FC33    59D148C0    7BF36AE2    98BADCFE
+t =  2: A1390F08    8990536D    C045BF0C    59D148C0    7BF36AE2
+t =  3: CDD8E11B    A1390F08    626414DB    C045BF0C    59D148C0
+t =  4: CFD499DE    CDD8E11B    284E43C2    626414DB    C045BF0C
+t =  5: 3FC7CA40    CFD499DE    F3763846    284E43C2    626414DB
+t =  6: 993E30C1    3FC7CA40    B3F52677    F3763846    284E43C2
+t =  7: 9E8C07D4    993E30C1    0FF1F290    B3F52677    F3763846
+t =  8: 4B6AE328    9E8C07D4    664F8C30    0FF1F290    B3F52677
+t =  9: 8351F929    4B6AE328    27A301F5    664F8C30    0FF1F290
+t = 10: FBDA9E89    8351F929    12DAB8CA    27A301F5    664F8C30
+t = 11: 63188FE4    FBDA9E89    60D47E4A    12DAB8CA    27A301F5
+t = 12: 4607B664    63188FE4    7EF6A7A2    60D47E4A    12DAB8CA
+t = 13: 9128F695    4607B664    18C623F9    7EF6A7A2    60D47E4A
+t = 14: 196BEE77    9128F695    1181ED99    18C623F9    7EF6A7A2
+t = 15: 20BDD62F    196BEE77    644A3DA5    1181ED99    18C623F9
+t = 16: 4E925823    20BDD62F    C65AFB9D    644A3DA5    1181ED99
+t = 17: 82AA6728    4E925823    C82F758B    C65AFB9D    644A3DA5
+t = 18: DC64901D    82AA6728    D3A49608    C82F758B    C65AFB9D
+t = 19: FD9E1D7D    DC64901D    20AA99CA    D3A49608    C82F758B
+t = 20: 1A37B0CA    FD9E1D7D    77192407    20AA99CA    D3A49608
+t = 21: 33A23BFC    1A37B0CA    7F67875F    77192407    20AA99CA
+t = 22: 21283486    33A23BFC    868DEC32    7F67875F    77192407
+t = 23: D541F12D    21283486    0CE88EFF    868DEC32    7F67875F
+t = 24: C7567DC6    D541F12D    884A0D21    0CE88EFF    868DEC32
+t = 25: 48413BA4    C7567DC6    75507C4B    884A0D21    0CE88EFF
+t = 26: BE35FBD5    48413BA4    B1D59F71    75507C4B    884A0D21
+t = 27: 4AA84D97    BE35FBD5    12104EE9    B1D59F71    75507C4B
+t = 28: 8370B52E    4AA84D97    6F8D7EF5    12104EE9    B1D59F71
+t = 29: C5FBAF5D    8370B52E    D2AA1365    6F8D7EF5    12104EE9
+t = 30: 1267B407    C5FBAF5D    A0DC2D4B    D2AA1365    6F8D7EF5
+t = 31: 3B845D33    1267B407    717EEBD7    A0DC2D4B    D2AA1365
+t = 32: 046FAA0A    3B845D33    C499ED01    717EEBD7    A0DC2D4B
+t = 33: 2C0EBC11    046FAA0A    CEE1174C    C499ED01    717EEBD7
+t = 34: 21796AD4    2C0EBC11    811BEA82    CEE1174C    C499ED01
+t = 35: DCBBB0CB    21796AD4    4B03AF04    811BEA82    CEE1174C
+t = 36: 0F511FD8    DCBBB0CB    085E5AB5    4B03AF04    811BEA82
+t = 37: DC63973F    0F511FD8    F72EEC32    085E5AB5    4B03AF04
+t = 38: 4C986405    DC63973F    03D447F6    F72EEC32    085E5AB5
+t = 39: 32DE1CBA    4C986405    F718E5CF    03D447F6    F72EEC32
+t = 40: FC87DEDF    32DE1CBA    53261901    F718E5CF    03D447F6
+t = 41: 970A0D5C    FC87DEDF    8CB7872E    53261901    F718E5CF
+t = 42: 7F193DC5    970A0D5C    FF21F7B7    8CB7872E    53261901
+t = 43: EE1B1AAF    7F193DC5    25C28357    FF21F7B7    8CB7872E
+t = 44: 40F28E09    EE1B1AAF    5FC64F71    25C28357    FF21F7B7
+t = 45: 1C51E1F2    40F28E09    FB86C6AB    5FC64F71    25C28357
+t = 46: A01B846C    1C51E1F2    503CA382    FB86C6AB    5FC64F71
+t = 47: BEAD02CA    A01B846C    8714787C    503CA382    FB86C6AB
+t = 48: BAF39337    BEAD02CA    2806E11B    8714787C    503CA382
+t = 49: 120731C5    BAF39337    AFAB40B2    2806E11B    8714787C
+t = 50: 641DB2CE    120731C5    EEBCE4CD    AFAB40B2    2806E11B
+t = 51: 3847AD66    641DB2CE    4481CC71    EEBCE4CD    AFAB40B2
+t = 52: E490436D    3847AD66    99076CB3    4481CC71    EEBCE4CD
+t = 53: 27E9F1D8    E490436D    8E11EB59    99076CB3    4481CC71
+t = 54: 7B71F76D    27E9F1D8    792410DB    8E11EB59    99076CB3
+t = 55: 5E6456AF    7B71F76D    09FA7C76    792410DB    8E11EB59
+t = 56: C846093F    5E6456AF    5EDC7DDB    09FA7C76    792410DB
+t = 57: D262FF50    C846093F    D79915AB    5EDC7DDB    09FA7C76
+t = 58: 09D785FD    D262FF50    F211824F    D79915AB    5EDC7DDB
+t = 59: 3F52DE5A    09D785FD    3498BFD4    F211824F    D79915AB
+t = 60: D756C147    3F52DE5A    4275E17F    3498BFD4    F211824F
+t = 61: 548C9CB2    D756C147    8FD4B796    4275E17F    3498BFD4
+t = 62: B66C020B    548C9CB2    F5D5B051    8FD4B796    4275E17F
+t = 63: 6B61C9E1    B66C020B    9523272C    F5D5B051    8FD4B796
+t = 64: 19DFA7AC    6B61C9E1    ED9B0082    9523272C    F5D5B051
+t = 65: 101655F9    19DFA7AC    5AD87278    ED9B0082    9523272C
+t = 66: 0C3DF2B4    101655F9    0677E9EB    5AD87278    ED9B0082
+t = 67: 78DD4D2B    0C3DF2B4    4405957E    0677E9EB    5AD87278
+t = 68: 497093C0    78DD4D2B    030F7CAD    4405957E    0677E9EB
+t = 69: 3F2588C2    497093C0    DE37534A    030F7CAD    4405957E
+t = 70: C199F8C7    3F2588C2    125C24F0    DE37534A    030F7CAD
+t = 71: 39859DE7    C199F8C7    8FC96230    125C24F0    DE37534A
+t = 72: EDB42DE4    39859DE7    F0667E31    8FC96230    125C24F0
+t = 73: 11793F6F    EDB42DE4    CE616779    F0667E31    8FC96230
+t = 74: 5EE76897    11793F6F    3B6D0B79    CE616779    F0667E31
+t = 75: 63F7DAB7    5EE76897    C45E4FDB    3B6D0B79    CE616779
+t = 76: A079B7D9    63F7DAB7    D7B9DA25    C45E4FDB    3B6D0B79
+t = 77: 860D21CC    A079B7D9    D8FDF6AD    D7B9DA25    C45E4FDB
+t = 78: 5738D5E1    860D21CC    681E6DF6    D8FDF6AD    D7B9DA25
+t = 79: 42541B35    5738D5E1    21834873    681E6DF6    D8FDF6AD.
+
+Block 1 has been processed. The values of {Hi} are +

+H0 = 67452301 + 42541B35 = A9993E36 +
+H1 = EFCDAB89 + 5738D5E1 = +4706816A +
+H2 = 98BADCFE + 21834873 = +BA3E2571 +
+H3 = 10325476 + 681E6DF6 = 7850C26C +
+H4 = C3D2E1F0 + D8FDF6AD = +9CD0D89D. +

+Message digest = A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D +


+
APPENDIX B. A SECOND SAMPLE MESSAGE AND ITS +MESSAGE DIGEST
+

+This appendix is for informational purposes only and is not required to +meet the standard. +

+Let the message be the binary-coded form (cf. Appendix A) of the ASCII +string +
+
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq". +

+Since each of the 56 characters is converted to 8 bits, the length of the +message is l = 448. In step (a) of Section 4, we append "1". In step (b) +we append 511 "0"s. In step (c) we append the 2-word representation of 448, +i.e., hex 00000000 000001C0. This gives n = 2. +

+The initial hex values of {Hi} are +

+H0 = 67452301 +
+H1 = EFCDAB89 +
+H2 = 98BADCFE +
+H3 = 10325476 +
+H4 = C3D2E1F0. +

+Start processing block 1. The words of block 1 are +

+W[0] = 61626364
+W[1] = 62636465
+W[2] = 63646566
+W[3] = 64656667
+W[4] = 65666768
+W[5] = 66676869
+W[6] = 6768696A
+W[7] = 68696A6B
+W[8] = 696A6B6C
+W[9] = 6A6B6C6D
+W[10] = 6B6C6D6E
+W[11] = 6C6D6E6F
+W[12] = 6D6E6F70
+W[13] = 6E6F7071
+W[14] = 80000000
+W[15] = 00000000. +

+The hex values of A,B,C,D,E after pass t of the "for t = 0 to 79" loop (step +(d) of Section 7 or step (c) of Section 8) are
+ 
      
+            A           B           C           D           E
+
+t =  0: 0116FC17    67452301    7BF36AE2    98BADCFE    10325476
+t =  1: EBF3B452    0116FC17    59D148C0    7BF36AE2    98BADCFE
+t =  2: 5109913A    EBF3B452    C045BF05    59D148C0    7BF36AE2
+t =  3: 2C4F6EAC    5109913A    BAFCED14    C045BF05    59D148C0
+t =  4: 33F4AE5B    2C4F6EAC    9442644E    BAFCED14    C045BF05
+t =  5: 96B85189    33F4AE5B    0B13DBAB    9442644E    BAFCED14
+t =  6: DB04CB58    96B85189    CCFD2B96    0B13DBAB    9442644E
+t =  7: 45833F0F    DB04CB58    65AE1462    CCFD2B96    0B13DBAB
+t =  8: C565C35E    45833F0F    36C132D6    65AE1462    CCFD2B96
+t =  9: 6350AFDA    C565C35E    D160CFC3    36C132D6    65AE1462
+t = 10: 8993EA77    6350AFDA    B15970D7    D160CFC3    36C132D6
+t = 11: E19ECAA2    8993EA77    98D42BF6    B15970D7    D160CFC3
+t = 12: 8603481E    E19ECAA2    E264FA9D    98D42BF6    B15970D7
+t = 13: 32F94A85    8603481E    B867B2A8    E264FA9D    98D42BF6
+t = 14: B2E7A8BE    32F94A85    A180D207    B867B2A8    E264FA9D
+t = 15: 42637E39    B2E7A8BE    4CBE52A1    A180D207    B867B2A8
+t = 16: 6B068048    42637E39    ACB9EA2F    4CBE52A1    A180D207
+t = 17: 426B9C35    6B068048    5098DF8E    ACB9EA2F    4CBE52A1
+t = 18: 944B1BD1    426B9C35    1AC1A012    5098DF8E    ACB9EA2F
+t = 19: 6C445652    944B1BD1    509AE70D    1AC1A012    5098DF8E
+t = 20: 95836DA5    6C445652    6512C6F4    509AE70D    1AC1A012
+t = 21: 09511177    95836DA5    9B111594    6512C6F4    509AE70D
+t = 22: E2B92DC4    09511177    6560DB69    9B111594    6512C6F4
+t = 23: FD224575    E2B92DC4    C254445D    6560DB69    9B111594
+t = 24: EEB82D9A    FD224575    38AE4B71    C254445D    6560DB69
+t = 25: 5A142C1A    EEB82D9A    7F48915D    38AE4B71    C254445D
+t = 26: 2972F7C7    5A142C1A    BBAE0B66    7F48915D    38AE4B71
+t = 27: D526A644    2972F7C7    96850B06    BBAE0B66    7F48915D
+t = 28: E1122421    D526A644    CA5CBDF1    96850B06    BBAE0B66
+t = 29: 05B457B2    E1122421    3549A991    CA5CBDF1    96850B06
+t = 30: A9C84BEC    05B457B2    78448908    3549A991    CA5CBDF1
+t = 31: 52E31F60    A9C84BEC    816D15EC    78448908    3549A991
+t = 32: 5AF3242C    52E31F60    2A7212FB    816D15EC    78448908
+t = 33: 31C756A9    5AF3242C    14B8C7D8    2A7212FB    816D15EC
+t = 34: E9AC987C    31C756A9    16BCC90B    14B8C7D8    2A7212FB
+t = 35: AB7C32EE    E9AC987C    4C71D5AA    16BCC90B    14B8C7D8
+t = 36: 5933FC99    AB7C32EE    3A6B261F    4C71D5AA    16BCC90B
+t = 37: 43F87AE9    5933FC99    AADF0CBB    3A6B261F    4C71D5AA
+t = 38: 24957F22    43F87AE9    564CFF26    AADF0CBB    3A6B261F
+t = 39: ADEB7478    24957F22    50FE1EBA    564CFF26    AADF0CBB
+t = 40: D70E5010    ADEB7478    89255FC8    50FE1EBA    564CFF26
+t = 41: 79BCFB08    D70E5010    2B7ADD1E    89255FC8    50FE1EBA
+t = 42: F9BCB8DE    79BCFB08    35C39404    2B7ADD1E    89255FC8
+t = 43: 633E9561    F9BCB8DE    1E6F3EC2    35C39404    2B7ADD1E
+t = 44: 98C1EA64    633E9561    BE6F2E37    1E6F3EC2    35C39404
+t = 45: C6EA241E    98C1EA64    58CFA558    BE6F2E37    1E6F3EC2
+t = 46: A2AD4F02    C6EA241E    26307A99    58CFA558    BE6F2E37
+t = 47: C8A69090    A2AD4F02    B1BA8907    26307A99    58CFA558
+t = 48: 88341600    C8A69090    A8AB53C0    B1BA8907    26307A99
+t = 49: 7E846F58    88341600    3229A424    A8AB53C0    B1BA8907
+t = 50: 86E358BA    7E846F58    220D0580    3229A424    A8AB53C0
+t = 51: 8D2E76C8    86E358BA    1FA11BD6    220D0580    3229A424
+t = 52: CE892E10    8D2E76C8    A1B8D62E    1FA11BD6    220D0580
+t = 53: EDEA95B1    CE892E10    234B9DB2    A1B8D62E    1FA11BD6
+t = 54: 36D1230A    EDEA95B1    33A24B84    234B9DB2    A1B8D62E
+t = 55: 776C3910    36D1230A    7B7AA56C    33A24B84    234B9DB2
+t = 56: A681B723    776C3910    8DB448C2    7B7AA56C    33A24B84
+t = 57: AC0A794F    A681B723    1DDB0E44    8DB448C2    7B7AA56C
+t = 58: F03D3782    AC0A794F    E9A06DC8    1DDB0E44    8DB448C2
+t = 59: 9EF775C3    F03D3782    EB029E53    E9A06DC8    1DDB0E44
+t = 60: 36254B13    9EF775C3    BC0F4DE0    EB029E53    E9A06DC8
+t = 61: 4080D4DC    36254B13    E7BDDD70    BC0F4DE0    EB029E53
+t = 62: 2BFAF7A8    4080D4DC    CD8952C4    E7BDDD70    BC0F4DE0
+t = 63: 513F9CA0    2BFAF7A8    10203537    CD8952C4    E7BDDD70
+t = 64: E5895C81    513F9CA0    0AFEBDEA    10203537    CD8952C4
+t = 65: 1037D2D5    E5895C81    144FE728    0AFEBDEA    10203537
+t = 66: 14A82DA9    1037D2D5    79625720    144FE728    0AFEBDEA
+t = 67: 6D17C9FD    14A82DA9    440DF4B5    79625720    144FE728
+t = 68: 2C7B07BD    6D17C9FD    452A0B6A    440DF4B5    79625720
+t = 69: FDF6EFFF    2C7B07BD    5B45F27F    452A0B6A    440DF4B5
+t = 70: 112B96E3    FDF6EFFF    4B1EC1EF    5B45F27F    452A0B6A
+t = 71: 84065712    112B96E3    FF7DBBFF    4B1EC1EF    5B45F27F
+t = 72: AB89FB71    84065712    C44AE5B8    FF7DBBFF    4B1EC1EF
+t = 73: C5210E35    AB89FB71    A10195C4    C44AE5B8    FF7DBBFF
+t = 74: 352D9F4B    C5210E35    6AE27EDC    A10195C4    C44AE5B8
+t = 75: 1A0E0E0A    352D9F4B    7148438D    6AE27EDC    A10195C4
+t = 76: D0D47349    1A0E0E0A    CD4B67D2    7148438D    6AE27EDC
+t = 77: AD38620D    D0D47349    86838382    CD4B67D2    7148438D
+t = 78: D3AD7C25    AD38620D    74351CD2    86838382    CD4B67D2
+t = 79: 8CE34517    D3AD7C25    6B4E1883    74351CD2    86838382.
+

+Block 1 has been processed. The values of {Hi} are +

+H0 = 67452301 + 8CE34517 = F4286818 +
+H1 = EFCDAB89 + D3AD7C25 = +C37B27AE +
+H2 = 98BADCFE + 6B4E1883 = +0408F581 +
+H3 = 10325476 + 74351CD2 = 84677148 +
+H4 = C3D2E1F0 + 86838382 = 4A566572. +

+Start processing block 2. The words of block 2 are +

+W[0] = 00000000
+W[1] = 00000000
+W[2] = 00000000
+W[3] = 00000000
+W[4] = 00000000
+W[5] = 00000000
+W[6] = 00000000
+W[7] = 00000000
+W[8] = 00000000
+W[9] = 00000000
+W[10] = 00000000
+W[11] = 00000000
+W[12] = 00000000
+W[13] = 00000000
+W[14] = 00000000
+W[15] = 000001C0. +

+The hex values of A,B,C,D,E after pass t of the for "t = 0 to 79" loop +(step (d) of Section 7 or step (c) of Section 8) are
+
       
+            A           B           C           D           E
+
+t =  0: 2DF257E9    F4286818    B0DEC9EB    0408F581    84677148
+t =  1: 4D3DC58F    2DF257E9    3D0A1A06    B0DEC9EB    0408F581
+t =  2: C352BB05    4D3DC58F    4B7C95FA    3D0A1A06    B0DEC9EB
+t =  3: EEF743C6    C352BB05    D34F7163    4B7C95FA    3D0A1A06
+t =  4: 41E34277    EEF743C6    70D4AEC1    D34F7163    4B7C95FA
+t =  5: 5443915C    41E34277    BBBDD0F1    70D4AEC1    D34F7163
+t =  6: E7FA0377    5443915C    D078D09D    BBBDD0F1    70D4AEC1
+t =  7: C6946813    E7FA0377    1510E457    D078D09D    BBBDD0F1
+t =  8: FDDE1DE1    C6946813    F9FE80DD    1510E457    D078D09D
+t =  9: B8538ACA    FDDE1DE1    F1A51A04    F9FE80DD    1510E457
+t = 10: 6BA94F63    B8538ACA    7F778778    F1A51A04    F9FE80DD
+t = 11: 43A2792F    6BA94F63    AE14E2B2    7F778778    F1A51A04
+t = 12: FECD7BBF    43A2792F    DAEA53D8    AE14E2B2    7F778778
+t = 13: A2604CA8    FECD7BBF    D0E89E4B    DAEA53D8    AE14E2B2
+t = 14: 258B0BAA    A2604CA8    FFB35EEF    D0E89E4B    DAEA53D8
+t = 15: D9772360    258B0BAA    2898132A    FFB35EEF    D0E89E4B
+t = 16: 5507DB6E    D9772360    8962C2EA    2898132A    FFB35EEF
+t = 17: A51B58BC    5507DB6E    365DC8D8    8962C2EA    2898132A
+t = 18: C2EB709F    A51B58BC    9541F6DB    365DC8D8    8962C2EA
+t = 19: D8992153    C2EB709F    2946D62F    9541F6DB    365DC8D8
+t = 20: 37482F5F    D8992153    F0BADC27    2946D62F    9541F6DB
+t = 21: EE8700BD    37482F5F    F6264854    F0BADC27    2946D62F
+t = 22: 9AD594B9    EE8700BD    CDD20BD7    F6264854    F0BADC27
+t = 23: 8FBAA5B9    9AD594B9    7BA1C02F    CDD20BD7    F6264854
+t = 24: 88FB5867    8FBAA5B9    66B5652E    7BA1C02F    CDD20BD7
+t = 25: EEC50521    88FB5867    63EEA96E    66B5652E    7BA1C02F
+t = 26: 50BCE434    EEC50521    E23ED619    63EEA96E    66B5652E
+t = 27: 5C416DAF    50BCE434    7BB14148    E23ED619    63EEA96E
+t = 28: 2429BE5F    5C416DAF    142F390D    7BB14148    E23ED619
+t = 29: 0A2FB108    2429BE5F    D7105B6B    142F390D    7BB14148
+t = 30: 17986223    0A2FB108    C90A6F97    D7105B6B    142F390D
+t = 31: 8A4AF384    17986223    028BEC42    C90A6F97    D7105B6B
+t = 32: 6B629993    8A4AF384    C5E61888    028BEC42    C90A6F97
+t = 33: F15F04F3    6B629993    2292BCE1    C5E61888    028BEC42
+t = 34: 295CC25B    F15F04F3    DAD8A664    2292BCE1    C5E61888
+t = 35: 696DA404    295CC25B    FC57C13C    DAD8A664    2292BCE1
+t = 36: CEF5AE12    696DA404    CA573096    FC57C13C    DAD8A664
+t = 37: 87D5B80C    CEF5AE12    1A5B6901    CA573096    FC57C13C
+t = 38: 84E2A5F2    87D5B80C    B3BD6B84    1A5B6901    CA573096
+t = 39: 03BB6310    84E2A5F2    21F56E03    B3BD6B84    1A5B6901
+t = 40: C2D8F75F    03BB6310    A138A97C    21F56E03    B3BD6B84
+t = 41: BFB25768    C2D8F75F    00EED8C4    A138A97C    21F56E03
+t = 42: 28589152    BFB25768    F0B63DD7    00EED8C4    A138A97C
+t = 43: EC1D3D61    28589152    2FEC95DA    F0B63DD7    00EED8C4
+t = 44: 3CAED7AF    EC1D3D61    8A162454    2FEC95DA    F0B63DD7
+t = 45: C3D033EA    3CAED7AF    7B074F58    8A162454    2FEC95DA
+t = 46: 7316056A    C3D033EA    CF2BB5EB    7B074F58    8A162454
+t = 47: 46F93B68    7316056A    B0F40CFA    CF2BB5EB    7B074F58
+t = 48: DC8E7F26    46F93B68    9CC5815A    B0F40CFA    CF2BB5EB
+t = 49: 850D411C    DC8E7F26    11BE4EDA    9CC5815A    B0F40CFA
+t = 50: 7E4672C0    850D411C    B7239FC9    11BE4EDA    9CC5815A
+t = 51: 89FBD41D    7E4672C0    21435047    B7239FC9    11BE4EDA
+t = 52: 1797E228    89FBD41D    1F919CB0    21435047    B7239FC9
+t = 53: 431D65BC    1797E228    627EF507    1F919CB0    21435047
+t = 54: 2BDBB8CB    431D65BC    05E5F88A    627EF507    1F919CB0
+t = 55: 6DA72E7F    2BDBB8CB    10C7596F    05E5F88A    627EF507
+t = 56: A8495A9B    6DA72E7F    CAF6EE32    10C7596F    05E5F88A
+t = 57: E785655A    A8495A9B    DB69CB9F    CAF6EE32    10C7596F
+t = 58: 5B086C42    E785655A    EA1256A6    DB69CB9F    CAF6EE32
+t = 59: A65818F7    5B086C42    B9E15956    EA1256A6    DB69CB9F
+t = 60: 7AAB101B    A65818F7    96C21B10    B9E15956    EA1256A6
+t = 61: 93614C9C    7AAB101B    E996063D    96C21B10    B9E15956
+t = 62: F66D9BF4    93614C9C    DEAAC406    E996063D    96C21B10
+t = 63: D504902B    F66D9BF4    24D85327    DEAAC406    E996063D
+t = 64: 60A9DA62    D504902B    3D9B66FD    24D85327    DEAAC406
+t = 65: 8B687819    60A9DA62    F541240A    3D9B66FD    24D85327
+t = 66: 083E90C3    8B687819    982A7698    F541240A    3D9B66FD
+t = 67: F6226BBF    083E90C3    62DA1E06    982A7698    F541240A
+t = 68: 76C0563B    F6226BBF    C20FA430    62DA1E06    982A7698
+t = 69: 989DD165    76C0563B    FD889AEF    C20FA430    62DA1E06
+t = 70: 8B2C7573    989DD165    DDB0158E    FD889AEF    C20FA430
+t = 71: AE1B8E7B    8B2C7573    66277459    DDB0158E    FD889AEF
+t = 72: CA1840DE    AE1B8E7B    E2CB1D5C    66277459    DDB0158E
+t = 73: 16F3BABB    CA1840DE    EB86E39E    E2CB1D5C    66277459
+t = 74: D28D83AD    16F3BABB    B2861037    EB86E39E    E2CB1D5C
+t = 75: 6BC02DFE    D28D83AD    C5BCEEAE    B2861037    EB86E39E
+t = 76: D3A6E275    6BC02DFE    74A360EB    C5BCEEAE    B2861037
+t = 77: DA955482    D3A6E275    9AF00B7F    74A360EB    C5BCEEAE
+t = 78: 58C0AAC0    DA955482    74E9B89D    9AF00B7F    74A360EB
+t = 79: 906FD62C    58C0AAC0    B6A55520    74E9B89D    9AF00B7F.
+

+Block 2 has been processed. The values of {Hi} are +

+H0 = F4286818 + 906FD62C = 84983E44 +
+H1 = C37B27AE + 58C0AAC0 = +1C3BD26E +
+H2 = 0408F581 + B6A55520 = +BAAE4AA1 +
+H3 = 84677148 + 74E9B89D = F95129E5 +
+H4 = 4A566572 + 9AF00B7F = E54670F1. +

+Message digest = 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 +

+
APPENDIX C. A THIRD SAMPLE MESSAGE AND ITS +MESSAGE DIGEST
+

+This appendix is for informational purposes only and is not required to meet +the standard. +

+Let the message be the binary-coded form of the ASCII string which consists +of 1,000,000 repetitions of "a". +

+Message digest = 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F +

+
+ +
The Foreword, Abstract, and Key Words follow: +
+

+FIPS PUB 180-1
+FEDERAL INFORMATION
+ PROCESSING STANDARDS PUBLICATION

+ +1995 April 17
+U.S. DEPARTMENT OF COMMERCE/National Institute of Standards and +Technology

+ +

SECURE HASH STANDARD

+ + +U.S. DEPARTMENT OF COMMERCE, Ronald H. Brown, +Secretary
+ +National Institute of Standards and Technology, Arati Prabhakar, +Director +

Foreword
+ The Federal Information Processing Standards Publication Series +of the National Institute of Standards and Technology (NIST) is the official +publication relating to standards and guidelines adopted and promulgated +under the provisions of Section 111(d) of the Federal Property and +Administrative Services Act of 1949 as amended by the Computer Security +Act +of 1987, Public Law 100-235. These mandates have given the Secretary of +Commerce and NIST important responsibilities for improving the utilization +and management of computers and related telecommunications systems in the +Federal Government. The NIST, through its Computer Systems Laboratory, +provides leadership, technical guidance, and coordination of Government +efforts in the development of standards and guidelines in these areas. +

+ Comments concerning Federal Information Processing Standards +Publications are welcomed and should be addressed to the Director, +Computer Systems Laboratory, National Institute of Standards and +Technology, Gaithersburg, MD 20899. +

+James H. Burrows, Director
+Computer Systems Laboratory

+ +
Abstract
+ This standard specifies a Secure Hash Algorithm (SHA-1) which can +be used to generate a condensed representation of a message called a +message digest. The SHA-1 is required for use with the Digital Signature +Algorithm (DSA) as specified in the Digital Signature Standard (DSS) and +whenever a secure hash algorithm is required for Federal applications. +The SHA-1 is used by both the transmitter and intended receiver of a +message in computing and verifying a digital signature. +

+ +Key words: computer security; digital signatures; Federal +Information +Processing Standard (FIPS); hash algorithm.

+ + diff --git a/hints/irix_6.pl b/hints/irix_6.pl new file mode 100644 index 0000000..e38ae14 --- /dev/null +++ b/hints/irix_6.pl @@ -0,0 +1,6 @@ +# The Mongoose v7.1 compiler freezes up somewhere in the optimization of +# MD5Transform() in MD5.c with optimization -O3. This is a workaround: + +if ($Config{cc} =~ /64|n32/ && `$Config{cc} -version 2>&1` =~ /\s7\.1/) { + $self->{OPTIMIZE} = "-O1"; +} diff --git a/t/badfile.t b/t/badfile.t new file mode 100644 index 0000000..d7c820c --- /dev/null +++ b/t/badfile.t @@ -0,0 +1,19 @@ +print "1..2\n"; + +use Digest::SHA1 (); + +$sha1 = Digest::SHA1->new; + +eval { + use vars qw(*FOO); + $sha1->addfile(*FOO); +}; +print "not " unless $@ =~ /^Bad filehandle: FOO at/; +print "ok 1\n"; + +open(BAR, "no-existing-file.$$"); +eval { + $sha1->addfile(*BAR); +}; +print "not " unless $@ =~ /^No filehandle passed at/; +print "ok 2\n"; diff --git a/t/bits.t b/t/bits.t new file mode 100644 index 0000000..92818b3 --- /dev/null +++ b/t/bits.t @@ -0,0 +1,36 @@ +#!perl -w + +BEGIN { + if ($] < 5.005) { + # Test module can't be expected to be available + # and I ended up with seg faults when trying to + # load it with eval { require Test }; + print "1..0\n"; + exit; + } +} + +use Test qw(plan ok); +plan tests => 2; + +use Digest::SHA1; + +my $sha1 = Digest::SHA1->new; + +if ($Digest::base::VERSION && $Digest::base::VERSION) { + $sha1->add_bits("01111111"); + ok($sha1->hexdigest, "23833462f55515a900e016db2eb943fb474c19f6"); + eval { + $sha1->add_bits("0111"); + }; + ok($@ =~ /must be multiple of 8/); +} +else { + print "# No Digest::base\n"; + eval { + $sha1->add_bits("foo"); + }; + ok($@ =~ /^Can\'t locate Digest\/base\.pm in \@INC/); + ok(1); # dummy +} + diff --git a/t/sha1.t b/t/sha1.t new file mode 100644 index 0000000..352a02c --- /dev/null +++ b/t/sha1.t @@ -0,0 +1,62 @@ +print "1..13\n"; + +use Digest::SHA1 qw(sha1 sha1_hex sha1_base64 sha1_transform); + +print "not " unless Digest::SHA1->new->add("abc")->hexdigest eq "a9993e364706816aba3e25717850c26c9cd0d89d"; +print "ok 1\n"; + +print "not " unless sha1("abc") eq pack("H*", "a9993e364706816aba3e25717850c26c9cd0d89d"); +print "ok 2\n"; + +print "not " unless sha1_hex("abc") eq "a9993e364706816aba3e25717850c26c9cd0d89d"; +print "ok 3\n"; + +print "not " unless sha1_base64("abc") eq "qZk+NkcGgWq6PiVxeFDCbJzQ2J0"; +print "ok 4\n"; + +# Test file checking from too... +open(FILE, ">stest$$.txt") || die; +binmode(FILE); +for (1..512) { + print FILE "This is line $_\n"; +} +close(FILE); + +open(FILE, "stest$$.txt") || die; +$digest = Digest::SHA1->new->addfile(*FILE)->b64digest; +print "$digest\nnot " unless $digest eq "1ZuIK/sQeBwqh+dIACqpnoRQUE4"; +print "ok 5\n"; +close(FILE); + +unlink("stest$$.txt"); + + +print "not " unless sha1_transform(pack('H*', 'dc71a8092d4b1b7b98101d58698d9d1cc48225bb')) + eq pack('H*', '2e4c75ad39160f52614d122e6c7ec80446f68567'); +print "ok 6\n"; + +print "not " unless sha1_transform(pack('H*', '0abe1db666612acdf95d2f86d60c65210b78ab23')) + eq pack('H*', '7c1c2aabca822912f3016299b160035787477b48'); +print "ok 7\n"; + +print "not " unless sha1_transform(pack('H*', '86da486230e353e0ec5e9220876c687892c0266c')) + eq pack('H*', '1da304aec652c21d4f54642434705c91aeaf9abe'); +print "ok 8\n"; + +$digest = Digest::SHA1->new; +print "not " unless $digest->hexdigest eq "da39a3ee5e6b4b0d3255bfef95601890afd80709"; +print "ok 9\n"; + +print "not " unless $digest->clone->hexdigest eq "da39a3ee5e6b4b0d3255bfef95601890afd80709"; +print "ok 10\n"; + +$digest->add("abc"); +print "not " unless $digest->clone->hexdigest eq "a9993e364706816aba3e25717850c26c9cd0d89d"; +print "ok 11\n"; + +$digest->add("d"); +print "not " unless $digest->hexdigest eq "81fe8bfe87576c3ecb22426f8e57847382917acf"; +print "ok 12\n"; + +print "not " unless $digest->hexdigest eq "da39a3ee5e6b4b0d3255bfef95601890afd80709"; +print "ok 13\n"; diff --git a/typemap b/typemap new file mode 100644 index 0000000..85c1d27 --- /dev/null +++ b/typemap @@ -0,0 +1,5 @@ +SHA_INFO* T_SHA_INFO + +INPUT +T_SHA_INFO + $var = get_sha_info(aTHX_ $arg)