Add SHA-1 and HMAC-SHA1 libraries with unit tests

sha1.c

sha1.h

sha1_hmac.c

birdlib.h

bitops.c

bitops.h

#include "lib/md5.h"

#include "lib/md5.c" /* REMOVE ME */

#define MD5_BYTES 16

#define MD5_CHARS 32

#define MD5_SIZE 	16

#define MD5_HEX_SIZE 	33

static void

get_md5(unsigned char hash[MD5_BYTES], unsigned char const *str)

get_md5(const char *str, char (*out_hash)[MD5_HEX_SIZE])

{

  unsigned char hash[MD5_SIZE];

  struct MD5Context ctxt;

  MD5Init(&ctxt);

  MD5Update(&ctxt, str, strlen(str));

  MD5Final(hash, &ctxt);

}

static void

compute_md5(const char *str, char (*out_hash)[MD5_CHARS+1])

{

  unsigned char hash[MD5_BYTES];

  get_md5(hash, str);

  int i;

  for(i = 0; i < MD5_BYTES; i++)

  for(i = 0; i < MD5_SIZE; i++)

    sprintf(*out_hash + i*2, "%02x", hash[i]);

}

{

  struct in_out {

    char *in;

    char out[MD5_CHARS+1];

    char fn_out[MD5_CHARS+1];

    char out[MD5_HEX_SIZE];

  } in_out[] = {

      {

	  .in  = "",

      },

  };

  bt_assert_fn_in_out(compute_md5, in_out, "'%s'", "'%s'");

  bt_assert_fn_in_out(get_md5, in_out, "'%s'", "'%s'");

  return BT_SUCCESS;

}

{

  bt_init(argc, argv);

  bt_test_suite(t_md5, "Test Suite from RFC1321");

  bt_test_suite(t_md5, "Test Suite by RFC 1321");

  return bt_end();

}

/*

 *	BIRD -- SHA-1 Hash Function (FIPS 180-1, RFC 3174)

 *

 *	(c) 2015 CZ.NIC z.s.p.o.

 *

 *	Based on the code from libucw6.4

 *	(c) 2008--2009 Martin Mares <mj@ucw.cz>

 *

 *	Can be freely distributed and used under the terms of the GNU GPL.

 */

#include "lib/null.h"

#include "lib/sha1.h"

#include "lib/unaligned.h"

#include <string.h>

void

sha1_init(sha1_context *hd)

{

  hd->h0 = 0x67452301;

  hd->h1 = 0xefcdab89;

  hd->h2 = 0x98badcfe;

  hd->h3 = 0x10325476;

  hd->h4 = 0xc3d2e1f0;

  hd->nblocks = 0;

  hd->count = 0;

}

/*

 * Transform the message X which consists of 16 32-bit-words

 */

static void

transform(sha1_context *hd, const byte *data)

{

  u32 a,b,c,d,e,tm;

  u32 x[16];

  /* Get values from the chaining vars. */

  a = hd->h0;

  b = hd->h1;

  c = hd->h2;

  d = hd->h3;

  e = hd->h4;

#ifdef CPU_BIG_ENDIAN

  memcpy( x, data, 64 );

#else

  {

    int i;

    for (i=0; i<16; i++)

      x[i] = get_u32_be(data+4*i);

  }

#endif

#define K1  0x5A827999L

#define K2  0x6ED9EBA1L

#define K3  0x8F1BBCDCL

#define K4  0xCA62C1D6L

#define F1(x,y,z)   ( z ^ ( x & ( y ^ z ) ) )

#define F2(x,y,z)   ( x ^ y ^ z )

#define F3(x,y,z)   ( ( x & y ) | ( z & ( x | y ) ) )

#define F4(x,y,z)   ( x ^ y ^ z )

#define M(i) ( tm =   x[i&0x0f] ^ x[(i-14)&0x0f] \

		    ^ x[(i-8)&0x0f] ^ x[(i-3)&0x0f] \

	       , (x[i&0x0f] = ROL(tm, 1)) )

#define	ROL(x, bits) (((x) << (bits)) | ((uint)(x) >> (sizeof(uint)*8 - (bits))))		/** Bitwise rotation of an unsigned int to the left **/

  #define R(a,b,c,d,e,f,k,m)  do { e += ROL( a, 5 )     \

				      + f( b, c, d )  \

				      + k	      \

				      + m;	      \

				 b = ROL( b, 30 );    \

			       } while(0)

  R( a, b, c, d, e, F1, K1, x[ 0] );

  R( e, a, b, c, d, F1, K1, x[ 1] );

  R( d, e, a, b, c, F1, K1, x[ 2] );

  R( c, d, e, a, b, F1, K1, x[ 3] );

  R( b, c, d, e, a, F1, K1, x[ 4] );

  R( a, b, c, d, e, F1, K1, x[ 5] );

  R( e, a, b, c, d, F1, K1, x[ 6] );

  R( d, e, a, b, c, F1, K1, x[ 7] );

  R( c, d, e, a, b, F1, K1, x[ 8] );

  R( b, c, d, e, a, F1, K1, x[ 9] );

  R( a, b, c, d, e, F1, K1, x[10] );

  R( e, a, b, c, d, F1, K1, x[11] );

  R( d, e, a, b, c, F1, K1, x[12] );

  R( c, d, e, a, b, F1, K1, x[13] );

  R( b, c, d, e, a, F1, K1, x[14] );

  R( a, b, c, d, e, F1, K1, x[15] );

  R( e, a, b, c, d, F1, K1, M(16) );

  R( d, e, a, b, c, F1, K1, M(17) );

  R( c, d, e, a, b, F1, K1, M(18) );

  R( b, c, d, e, a, F1, K1, M(19) );

  R( a, b, c, d, e, F2, K2, M(20) );

  R( e, a, b, c, d, F2, K2, M(21) );

  R( d, e, a, b, c, F2, K2, M(22) );

  R( c, d, e, a, b, F2, K2, M(23) );

  R( b, c, d, e, a, F2, K2, M(24) );

  R( a, b, c, d, e, F2, K2, M(25) );

  R( e, a, b, c, d, F2, K2, M(26) );

  R( d, e, a, b, c, F2, K2, M(27) );

  R( c, d, e, a, b, F2, K2, M(28) );

  R( b, c, d, e, a, F2, K2, M(29) );

  R( a, b, c, d, e, F2, K2, M(30) );

  R( e, a, b, c, d, F2, K2, M(31) );

  R( d, e, a, b, c, F2, K2, M(32) );

  R( c, d, e, a, b, F2, K2, M(33) );

  R( b, c, d, e, a, F2, K2, M(34) );

  R( a, b, c, d, e, F2, K2, M(35) );

  R( e, a, b, c, d, F2, K2, M(36) );

  R( d, e, a, b, c, F2, K2, M(37) );

  R( c, d, e, a, b, F2, K2, M(38) );

  R( b, c, d, e, a, F2, K2, M(39) );

  R( a, b, c, d, e, F3, K3, M(40) );

  R( e, a, b, c, d, F3, K3, M(41) );

  R( d, e, a, b, c, F3, K3, M(42) );

  R( c, d, e, a, b, F3, K3, M(43) );

  R( b, c, d, e, a, F3, K3, M(44) );

  R( a, b, c, d, e, F3, K3, M(45) );

  R( e, a, b, c, d, F3, K3, M(46) );

  R( d, e, a, b, c, F3, K3, M(47) );

  R( c, d, e, a, b, F3, K3, M(48) );

  R( b, c, d, e, a, F3, K3, M(49) );

  R( a, b, c, d, e, F3, K3, M(50) );

  R( e, a, b, c, d, F3, K3, M(51) );

  R( d, e, a, b, c, F3, K3, M(52) );

  R( c, d, e, a, b, F3, K3, M(53) );

  R( b, c, d, e, a, F3, K3, M(54) );

  R( a, b, c, d, e, F3, K3, M(55) );

  R( e, a, b, c, d, F3, K3, M(56) );

  R( d, e, a, b, c, F3, K3, M(57) );

  R( c, d, e, a, b, F3, K3, M(58) );

  R( b, c, d, e, a, F3, K3, M(59) );

  R( a, b, c, d, e, F4, K4, M(60) );

  R( e, a, b, c, d, F4, K4, M(61) );

  R( d, e, a, b, c, F4, K4, M(62) );

  R( c, d, e, a, b, F4, K4, M(63) );

  R( b, c, d, e, a, F4, K4, M(64) );

  R( a, b, c, d, e, F4, K4, M(65) );

  R( e, a, b, c, d, F4, K4, M(66) );

  R( d, e, a, b, c, F4, K4, M(67) );

  R( c, d, e, a, b, F4, K4, M(68) );

  R( b, c, d, e, a, F4, K4, M(69) );

  R( a, b, c, d, e, F4, K4, M(70) );

  R( e, a, b, c, d, F4, K4, M(71) );

  R( d, e, a, b, c, F4, K4, M(72) );

  R( c, d, e, a, b, F4, K4, M(73) );

  R( b, c, d, e, a, F4, K4, M(74) );

  R( a, b, c, d, e, F4, K4, M(75) );

  R( e, a, b, c, d, F4, K4, M(76) );

  R( d, e, a, b, c, F4, K4, M(77) );

  R( c, d, e, a, b, F4, K4, M(78) );

  R( b, c, d, e, a, F4, K4, M(79) );

  /* Update chaining vars. */

  hd->h0 += a;

  hd->h1 += b;

  hd->h2 += c;

  hd->h3 += d;

  hd->h4 += e;

}

/*

 * Update the message digest with the contents

 * of INBUF with length INLEN.

 */

void

sha1_update(sha1_context *hd, const byte *inbuf, uint inlen)

{

  if( hd->count == 64 )  /* flush the buffer */

  {

    transform( hd, hd->buf );

    hd->count = 0;

    hd->nblocks++;

  }

  if( !inbuf )

    return;

  if( hd->count )

  {

    for( ; inlen && hd->count < 64; inlen-- )

      hd->buf[hd->count++] = *inbuf++;

    sha1_update( hd, NULL, 0 );

    if( !inlen )

      return;

  }

  while( inlen >= 64 ) 

  {

    transform( hd, inbuf );

    hd->count = 0;

    hd->nblocks++;

    inlen -= 64;

    inbuf += 64;

  }

  for( ; inlen && hd->count < 64; inlen-- )

    hd->buf[hd->count++] = *inbuf++;

}

/*

 * The routine final terminates the computation and

 * returns the digest.

 * The handle is prepared for a new cycle, but adding bytes to the

 * handle will the destroy the returned buffer.

 * Returns: 20 bytes representing the digest.

 */

byte *

sha1_final(sha1_context *hd)

{

  u32 t, msb, lsb;

  byte *p;

  sha1_update(hd, NULL, 0); /* flush */;

  t = hd->nblocks;

  /* multiply by 64 to make a byte count */

  lsb = t << 6;

  msb = t >> 26;

  /* add the count */

  t = lsb;

  if( (lsb += hd->count) < t )

    msb++;

  /* multiply by 8 to make a bit count */

  t = lsb;

  lsb <<= 3;

  msb <<= 3;

  msb |= t >> 29;

  if( hd->count < 56 )  /* enough room */

  {

    hd->buf[hd->count++] = 0x80; /* pad */

    while( hd->count < 56 )

      hd->buf[hd->count++] = 0;  /* pad */

  }

  else  /* need one extra block */

  {

    hd->buf[hd->count++] = 0x80; /* pad character */

    while( hd->count < 64 )

      hd->buf[hd->count++] = 0;

    sha1_update(hd, NULL, 0);  /* flush */;

    memset(hd->buf, 0, 56 ); /* fill next block with zeroes */

  }

  /* append the 64 bit count */

  hd->buf[56] = msb >> 24;

  hd->buf[57] = msb >> 16;

  hd->buf[58] = msb >>  8;

  hd->buf[59] = msb	   ;

  hd->buf[60] = lsb >> 24;

  hd->buf[61] = lsb >> 16;

  hd->buf[62] = lsb >>  8;

  hd->buf[63] = lsb	   ;

  transform( hd, hd->buf );

  p = hd->buf;

#define X(a) do { put_u32_be(p, hd->h##a); p += 4; } while(0)

  X(0);

  X(1);

  X(2);

  X(3);

  X(4);

#undef X

  return hd->buf;

}

/*

 * Shortcut function which puts the hash value of the supplied buffer

 * into outbuf which must have a size of 20 bytes.

 */

void

sha1_hash_buffer(byte *outbuf, const byte *buffer, uint length)

{

  sha1_context hd;

  sha1_init(&hd);

  sha1_update(&hd, buffer, length);

  memcpy(outbuf, sha1_final(&hd), SHA1_SIZE);

}

#ifdef TEST

#include <stdio.h>

#include <unistd.h>

#include <ucw/string.h>

int main(void)

{

  sha1_context hd;

  byte buf[3];

  int cnt;

  sha1_init(&hd);

  while ((cnt = read(0, buf, sizeof(buf))) > 0)

    sha1_update(&hd, buf, cnt);

  char text[SHA1_HEX_SIZE];

  mem_to_hex(text, sha1_final(&hd), SHA1_SIZE, 0);

  puts(text);

  return 0;

}

#endif

/*

 *	BIRD -- SHA-1 Hash Function (FIPS 180-1, RFC 3174)

 *

 *	(c) 2015 CZ.NIC z.s.p.o.

 *

 *	Based on the code from libucw6.4

 *	(c) 2008--2009 Martin Mares <mj@ucw.cz>

 *

 *	Can be freely distributed and used under the terms of the GNU GPL.

 */

#ifndef _BIRD_SHA1_H

#define _BIRD_SHA1_H

#include "sysdep/config.h"

/**

 * Internal SHA1 state.

 * You should use it just as an opaque handle only.

 */

typedef struct {

  u32 h0,h1,h2,h3,h4;

  u32 nblocks;

  byte buf[64];

  int count;

} sha1_context;

void sha1_init(sha1_context *hd); /** Initialize new algorithm run in the @hd context. **/

/**

 * Push another @inlen bytes of data pointed to by @inbuf onto the

 * SHA1 hash currently in @hd. You can call this any times you want on

 * the same hash (and you do not need to reinitialize it by

 * @sha1_init()). It has the same effect as concatenating all the data

 * together and passing them at once.

 */

void sha1_update(sha1_context *hd, const byte *inbuf, uint inlen);

/**

 * No more @sha1_update() calls will be done. This terminates the hash

 * and returns a pointer to it.

 *

 * Note that the pointer points into data in the @hd context. If it ceases

 * to exist, the pointer becomes invalid.

 *

 * To convert the hash to its usual hexadecimal representation, see

 * <<string:mem_to_hex()>>.

 */

byte *sha1_final(sha1_context *hd);

/**

 * A convenience one-shot function for SHA1 hash.

 * It is equivalent to this snippet of code:

 *

 *  sha1_context hd;

 *  sha1_init(&hd);

 *  sha1_update(&hd, buffer, length);

 *  memcpy(outbuf, sha1_final(&hd), SHA1_SIZE);

 */

void sha1_hash_buffer(byte *outbuf, const byte *buffer, uint length);

/**

 * SHA1 HMAC message authentication. If you provide @key and @data,

 * the result will be stored in @outbuf.

 */

void sha1_hmac(byte *outbuf, const byte *key, uint keylen, const byte *data, uint datalen);

/**

 * The HMAC also exists in a stream version in a way analogous to the

 * plain SHA1. Pass this as a context.

 */

typedef struct {

  sha1_context ictx;

  sha1_context octx;

} sha1_hmac_context;

void sha1_hmac_init(sha1_hmac_context *hd, const byte *key, uint keylen);	/** Initialize HMAC with context @hd and the given key. See sha1_init(). */

void sha1_hmac_update(sha1_hmac_context *hd, const byte *data, uint datalen);	/** Hash another @datalen bytes of data. See sha1_update(). */

byte *sha1_hmac_final(sha1_hmac_context *hd);					/** Terminate the HMAC and return a pointer to the allocated hash. See sha1_final(). */

#define SHA1_SIZE 20 /** Size of the SHA1 hash in its binary representation **/

#define SHA1_HEX_SIZE 41 /** Buffer length for a string containing SHA1 in hexadecimal format. **/

#define SHA1_BLOCK_SIZE 64 /** SHA1 splits input to blocks of this size. **/

#endif

/*

 *	BIRD -- HMAC-SHA1 Message Authentication (RFC 2202)

 *

 *	(c) 2015 CZ.NIC z.s.p.o.

 *

 *	Based on the code from libucw6.4

 *	(c) 2008--2009 Martin Mares <mj@ucw.cz>

 *

 *	Can be freely distributed and used under the terms of the GNU GPL.

 */

#include "lib/sha1.h"

#include "lib/unaligned.h"

#include <string.h>

void

sha1_hmac_init(sha1_hmac_context *hd, const byte *key, uint keylen)

{

  byte keybuf[SHA1_BLOCK_SIZE], buf[SHA1_BLOCK_SIZE];

  // Hash the key if necessary

  if (keylen <= SHA1_BLOCK_SIZE)

  {

    memcpy(keybuf, key, keylen);

    bzero(keybuf + keylen, SHA1_BLOCK_SIZE - keylen);

  }

  else

  {

    sha1_hash_buffer(keybuf, key, keylen);

    bzero(keybuf + SHA1_SIZE, SHA1_BLOCK_SIZE - SHA1_SIZE);

  }

  // Initialize the inner digest

  sha1_init(&hd->ictx);

  int i;

  for (i = 0; i < SHA1_BLOCK_SIZE; i++)

    buf[i] = keybuf[i] ^ 0x36;

  sha1_update(&hd->ictx, buf, SHA1_BLOCK_SIZE);

  // Initialize the outer digest

  sha1_init(&hd->octx);

  for (i = 0; i < SHA1_BLOCK_SIZE; i++)

    buf[i] = keybuf[i] ^ 0x5c;

  sha1_update(&hd->octx, buf, SHA1_BLOCK_SIZE);

}

void

sha1_hmac_update(sha1_hmac_context *hd, const byte *data, uint datalen)

{

  // Just update the inner digest

  sha1_update(&hd->ictx, data, datalen);

}

byte *sha1_hmac_final(sha1_hmac_context *hd)

{

  // Finish the inner digest

  byte *isha = sha1_final(&hd->ictx);

  // Finish the outer digest

  sha1_update(&hd->octx, isha, SHA1_SIZE);

  return sha1_final(&hd->octx);

}

void

sha1_hmac(byte *outbuf, const byte *key, uint keylen, const byte *data, uint datalen)

{

  sha1_hmac_context hd;

  sha1_hmac_init(&hd, key, keylen);

  sha1_hmac_update(&hd, data, datalen);

  byte *osha = sha1_hmac_final(&hd);

  memcpy(outbuf, osha, SHA1_SIZE);

}

#ifdef TEST

#include <stdio.h>

#include <ucw/string.h>

static uint rd(char *dest)

{

  char buf[1024];

  if (!fgets(buf, sizeof(buf), stdin))

    die("fgets()");

  *strchr(buf, '\n') = 0;

  if (buf[0] == '0' && buf[1] == 'x')

  {

    const char *e = hex_to_mem(dest, buf+2, 1024, 0);

    ASSERT(!*e);

    return (e-buf-2)/2;

  }

  else

  {

    strcpy(dest, buf);

    return strlen(dest);

  }

}

int main(void)

{

  char key[1024], data[1024];

  byte hmac[SHA1_SIZE];

  uint kl = rd(key);

  uint dl = rd(data);

  sha1_hmac(hmac, key, kl, data, dl);

  mem_to_hex(data, hmac, SHA1_SIZE, 0);

  puts(data);

  return 0;

}

#endif