SHA1哈希算法原理及实现(附源码)

相关文章:

• SHA1哈希算法原理及实现(附源码)
• MD5哈希算法原理及实现(附源码)
• MD4哈希算法原理及实现(附源码)
• MD2哈希算法原理及实现(附源码)
• MD2中用于随机置换的S盒是如何生成的？

最近陆续造了一批哈希算法的轮子，包括MD家族(包括MD2/MD4/MD5), SHA1, SHA2家族(SHA256/SHA384/SHA512)，SHA3家族以及国密SM3算法。
原来打算将每一个算法都详细分析并实现，现在看来，这个工作短时间可能无法完成，所以先将源码发上来。

这部分实现的源码完全参考官方文档的算法描述，连变量名也尽可能和官方文档中的变量保持一致，方便学习。

另外, 代码封装的SHA1哈希调用接口参考了openssl官方的接口，完全兼容，无缝对接。会使用这里的接口，就会使用openssl的库函数接口，甚至连代码都不需要修改。

除了实现的源码外，还另外附带了一个测试例子，这个测试例子不仅仅是用于测试哈希算法的实现是否正确，还可以提供了"-f"/"-s"等选项用于对任意文件和字符串进行哈希，因此作为一个工具使用，类似系统内置的md5sum/sha1sum。

SHA1实现源码

1. 头文件sha1.c

/*
 * @        file: sha1.h
 * @ description: header file for sha1.c
 * @      author: Gu Yongqiang
 * @        blog: https://blog.csdn.net/guyongqiangx
 */
#ifndef __ROCKY_SHA1__H
#define __ROCKY_SHA1__H

#define ERR_OK           0
#define ERR_ERR         -1  /* generic error */
#define ERR_INV_PARAM   -2  /* invalid parameter */
#define ERR_TOO_LONG    -3  /* too long */
#define ERR_STATE_ERR   -4  /* state error */

typedef unsigned char      uint8_t;
typedef unsigned short     uint16_t;
typedef unsigned int       uint32_t;
typedef unsigned long long uint64_t;

typedef struct sha1_context {
    /* message total length in bytes */
    uint64_t total;

    /* intermedia hash value for each block */
    struct {
        uint32_t a;
        uint32_t b;
        uint32_t c;
        uint32_t d;
        uint32_t e;
    }hash;

    /* last block */
    struct {
        uint32_t used;     /* used bytes */
        uint8_t  buf[64];  /* block data buffer */
    }last;
}SHA_CTX;

/* https://www.openssl.org/docs/man1.1.1/man3/SHA256_Final.html */
int SHA1_Init(SHA_CTX *c);
int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
int SHA1_Final(unsigned char *md, SHA_CTX *c);
unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
#endif

2. 代码文件sha1.c

/*
 * @        file: sha1.c
 * @ description: implementation for the SHA1 Secure Hash Algorithm
 * @      author: Gu Yongqiang
 * @        blog: https://blog.csdn.net/guyongqiangx
 */
#include <stdio.h>
#include <string.h>

#include "utils.h"
#include "sha1.h"

//#define DEBUG

#ifdef DEBUG
#define DBG(...) printf(__VA_ARGS__)
#define DUMP_BLOCK_DATA 1
#define DUMP_BLOCK_HASH 1
#define DUMP_ROUND_DATA 1
#else
#define DBG(...)
#define DUMP_BLOCK_DATA 0
#define DUMP_BLOCK_HASH 0
#define DUMP_ROUND_DATA 0
#endif

#define SHA1_BLOCK_SIZE         64  /* 512 bits = 64 Bytes */
#define SHA1_LEN_SIZE           8   /* 64 bits = 8 bytes */
#define SHA1_LEN_OFFSET         (SHA1_BLOCK_SIZE - SHA1_LEN_SIZE)
#define SHA1_DIGEST_SIZE        20 /* 160 bits = 20 bytes */

#define SHA1_PADDING_PATTERN    0x80
#define SHA1_ROUND_NUM          80

#define HASH_BLOCK_SIZE         SHA1_BLOCK_SIZE
#define HASH_LEN_SIZE           SHA1_LEN_SIZE
#define HASH_LEN_OFFSET         SHA1_LEN_OFFSET
#define HASH_DIGEST_SIZE        SHA1_DIGEST_SIZE

#define HASH_PADDING_PATTERN    SHA1_PADDING_PATTERN
#define HASH_ROUND_NUM          SHA1_ROUND_NUM

typedef uint32_t (*sha1_func)(uint32_t x, uint32_t y, uint32_t z);

/* SHA1 Round Constants */
static uint32_t K[4] = 
{
    0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xCA62C1D6
};

/* ROTate Left (circular left shift) */
static uint32_t ROTL(uint32_t x, uint8_t shift)
{
    return (x << shift) | (x >> (32 - shift));
}

/* Ch ... choose */
static uint32_t Ch(uint32_t x, uint32_t y, uint32_t z)
{
    //DBG("    Ch(0x%08x, 0x%08x, 0x%08x);\n", x, y, z);
    return (x & y) ^ (~x & z) ;
}

/* Par ... parity */
static uint32_t Parity(uint32_t x, uint32_t y, uint32_t z)
{
    //DBG("Parity(0x%08x, 0x%08x, 0x%08x);\n", x, y, z);
    return x ^ y ^ z;
}

/* Maj ... majority */
static uint32_t Maj(uint32_t x, uint32_t y, uint32_t z)
{
    //DBG("   Maj(0x%08x, 0x%08x, 0x%08x);\n", x, y, z);
    return (x & y) ^ (x & z) ^ (y & z);
}

/* SHA1 Functions */
static sha1_func F[4] =
{
    Ch, Parity, Maj, Parity
};

int SHA1_Init(SHA_CTX *c)
{
    if (NULL == c)
    {
        return ERR_INV_PARAM;
    }

    memset(c, 0, sizeof(SHA_CTX));

    c->hash.a = 0x67452301;
    c->hash.b = 0xEFCDAB89;
    c->hash.c = 0x98BADCFE;
    c->hash.d = 0x10325476;
    c->hash.e = 0xC3D2E1F0;

    c->total = 0;
    c->last.used = 0;

    return ERR_OK;
}

static int SHA1_PrepareScheduleWord(const uint32_t *block, uint32_t *W)
{
    uint32_t t;

    if ((NULL == block) || (NULL == W))
    {
        return ERR_INV_PARAM;
    }

    for (t=0; t<HASH_ROUND_NUM; t++)
    {
        if (t<=15) /*  0 <= t <= 15 */
            W[t] = be32toh(block[t]);
        else	   /* 16 <= t <= 79 */
            W[t] = ROTL(W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16], 1);
    }

    return ERR_OK;
}

static int SHA1_ProcessBlock(SHA_CTX *ctx, const void *block)
{
    uint32_t t;
    uint32_t W[HASH_ROUND_NUM];
    uint32_t T;
    uint32_t a, b, c, d, e;

    if ((NULL == ctx) || (NULL == block))
    {
        return ERR_INV_PARAM;
    }

#if (DUMP_BLOCK_DATA == 1)
    DBG("---------------------------------------------------------\n");
    DBG("   BLOCK: %llu\n", ctx->total/HASH_BLOCK_SIZE);
    DBG("    DATA:\n");
    print_buffer(block, HASH_BLOCK_SIZE, "    ");
#endif

    /* prepare schedule word */
    SHA1_PrepareScheduleWord(block, W);

    a = ctx->hash.a;
    b = ctx->hash.b;
    c = ctx->hash.c;
    d = ctx->hash.d;
    e = ctx->hash.e;

#if (DUMP_BLOCK_HASH == 1)
    DBG("      IV: %08x %08x %08x %08x %08x\n",
        ctx->hash.a, ctx->hash.b, ctx->hash.c, ctx->hash.d, ctx->hash.e);
#endif

    for (t=0; t<HASH_ROUND_NUM; t++)
    {
        T = ROTL(a, 5) + (F[t/20])(b, c, d) + e + K[t/20] + W[t];
        e = d;
        d = c;
        c = ROTL(b, 30);
        b = a;
        a = T;

#if (DUMP_ROUND_DATA == 1)
        DBG("      %02d: T=0x%08x, W=0x%08x, a=0x%08x, b=0x%08x, c=0x%08x, d=0x%08x, e=0x%08x\n",
                t, T, W[t], a, b, c, d, e);
#endif
    }

    ctx->hash.a += a;
    ctx->hash.b += b;
    ctx->hash.c += c;
    ctx->hash.d += d;
    ctx->hash.e += e;

#if (DUMP_BLOCK_HASH == 1)
    DBG("    HASH: %08x %08x %08x %08x %08x\n",
        ctx->hash.a, ctx->hash.b, ctx->hash.c, ctx->hash.d, ctx->hash.e);
#endif

    return ERR_OK;
}

int SHA1_Update(SHA_CTX *c, const void *data, size_t len)
{
    uint32_t copy_len = 0;

    if ((NULL == c) || (NULL == data))
    {
        return ERR_INV_PARAM;
    }

    /* has used data */
    if (c->last.used != 0)
    {
        /* less than 1 block in total, combine data */
        if (c->last.used + len < HASH_BLOCK_SIZE)
        {
            memcpy(&c->last.buf[c->last.used], data, len);
            c->last.used += len;

            return ERR_OK;
        }
        else /* more than 1 block */
        {
            /* process the block in context buffer */
            copy_len = HASH_BLOCK_SIZE - c->last.used;
            memcpy(&c->last.buf[c->last.used], data, copy_len);
            SHA1_ProcessBlock(c, &c->last.buf);
            c->total += HASH_BLOCK_SIZE;

            data = (uint8_t *)data + copy_len;
            len -= copy_len;

            /* reset context buffer */
            memset(&c->last.buf[0], 0, HASH_BLOCK_SIZE);
            c->last.used = 0;
        }
    }

    /* less than 1 block, copy to context buffer */
    if (len < HASH_BLOCK_SIZE)
    {
        memcpy(&c->last.buf[c->last.used], data, len);
        c->last.used += len;

        return ERR_OK;
    }
    else
    {
        /* process data blocks */
        while (len >= HASH_BLOCK_SIZE)
        {
            SHA1_ProcessBlock(c, data);
            c->total += HASH_BLOCK_SIZE;

            data = (uint8_t *)data + HASH_BLOCK_SIZE;
            len -= HASH_BLOCK_SIZE;
        }

        /* copy rest data to context buffer */
        memcpy(&c->last.buf[0], data, len);
        c->last.used = len;
    }

    return ERR_OK;
}

int SHA1_Final(unsigned char *md, SHA_CTX *c)
{
    uint32_t *temp;
    //uint64_t *buf;

    if ((NULL == c) || (NULL == md))
    {
        return ERR_INV_PARAM;
    }

    /* Last block should be less thant HASH_BLOCK_SIZE - HASH_LEN_SIZE */
    if (c->last.used >= (HASH_BLOCK_SIZE - HASH_LEN_SIZE))
    {
        c->total += c->last.used;

        /* one more block */
        c->last.buf[c->last.used] = HASH_PADDING_PATTERN;
        c->last.used++;

        memset(&c->last.buf[c->last.used], 0, HASH_BLOCK_SIZE - c->last.used);
        SHA1_ProcessBlock(c, &c->last.buf);

        memset(&c->last.buf[0], 0, HASH_BLOCK_SIZE - HASH_LEN_SIZE);
        c->last.used = 0;

        /* save length */
        //buf = (uint64_t *)&(c->last.buf[HASH_LEN_OFFSET]);
        //*buf = htobe64(c->total << 3);
        temp = (uint32_t *)&(c->last.buf[HASH_LEN_OFFSET]);
        temp[0] = htobe32((c->total << 3) >> 32 & 0xFFFFFFFF);
        temp[1] = htobe32((c->total << 3) & 0xFFFFFFFF);

        SHA1_ProcessBlock(c, &c->last.buf);
    }
    else /* 0 <= last.used < HASH_BLOCK_SIZE - HASH_LEN_SIZE */
    {
        c->total += c->last.used;

        /* one more block */
        c->last.buf[c->last.used] = HASH_PADDING_PATTERN;
        c->last.used++;

        /* padding 0s */
        memset(&c->last.buf[c->last.used], 0, HASH_BLOCK_SIZE - HASH_LEN_SIZE - c->last.used);

        /* save length */
        //buf = (uint64_t *)&(c->last.buf[HASH_LEN_OFFSET]);
        //*buf = htobe64(c->total << 3);
        temp = (uint32_t *)&(c->last.buf[HASH_LEN_OFFSET]);
        temp[0] = htobe32((c->total << 3) >> 32 & 0xFFFFFFFF);
        temp[1] = htobe32((c->total << 3) & 0xFFFFFFFF);

        SHA1_ProcessBlock(c, &c->last.buf);
    }

    temp = (uint32_t *)md;
    temp[0] = htobe32(c->hash.a);
    temp[1] = htobe32(c->hash.b);
    temp[2] = htobe32(c->hash.c);
    temp[3] = htobe32(c->hash.d);
    temp[4] = htobe32(c->hash.e);

    return ERR_OK;
}

unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
{
    SHA_CTX c;

    if ((NULL == d) || (NULL == md))
    {
        return NULL;
    }

    SHA1_Init(&c);
    SHA1_Update(&c, d, n);
    SHA1_Final(md, &c);

    return md;
}

SHA1源码的编译和测试

我直接在Makefile中内置了一个test伪目标，编译时除了编译生成名为sha1的哈希工具外，还会直接调用内置的哈希测试。

编译和运行如下：

$ make
gcc -Wall -g -O2 -c utils.c -o utils.o
gcc -Wall -g -O2 -c sha1.c -o sha1.o
gcc -Wall -g -O2 -c sha1test.c -o sha1test.o
gcc -Wall -g -O2 utils.o sha1.o sha1test.o -o sha1

Run Test...
./sha1 -x
Internal hash tests for ./sha1:
./sha1("")
  Expect: da39a3ee5e6b4b0d3255bfef95601890afd80709
  Result: da39a3ee5e6b4b0d3255bfef95601890afd80709

./sha1("a")
  Expect: 86f7e437faa5a7fce15d1ddcb9eaeaea377667b8
  Result: 86f7e437faa5a7fce15d1ddcb9eaeaea377667b8

./sha1("abc")
  Expect: a9993e364706816aba3e25717850c26c9cd0d89d
  Result: a9993e364706816aba3e25717850c26c9cd0d89d

./sha1("message digest")
  Expect: c12252ceda8be8994d5fa0290a47231c1d16aae3
  Result: c12252ceda8be8994d5fa0290a47231c1d16aae3

./sha1("abcdefghijklmnopqrstuvwxyz")
  Expect: 32d10c7b8cf96570ca04ce37f2a19d84240d3a89
  Result: 32d10c7b8cf96570ca04ce37f2a19d84240d3a89

./sha1("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789")
  Expect: 761c457bf73b14d27e9e9265c46f4b4dda11f940
  Result: 761c457bf73b14d27e9e9265c46f4b4dda11f940

./sha1("12345678901234567890123456789012345678901234567890123456789012345678901234567890")
  Expect: 50abf5706a150990a08b2c5ea40fa0e585554732
  Result: 50abf5706a150990a08b2c5ea40fa0e585554732

目前版本的openssl工具支持sha1哈希算法，因此可以将sha1工具和openssl执行dgst计算的结果进行比较:

$ sha1 -h
Usage:
Common options: [-x|-f file|-s string|-h]
Hash a string:
        sha1 -s string
Hash a file:
        sha1 -f file [-k key]
-x      Internal string hash test
-h      Display this message

# 使用"-f"和"-s"选项分别对文件和字符串计算md4哈希值
$ sha1 -f sha1.o
sha1(sha1.o) = 0d2074139b82aff767c2dbefbec21cc76d29f354
$ sha1 -s "I Love China!"
sha1("I Love China!") = 693b2935968a35d0c163d81fbf8c51476c16242b

# 使用开源的openssl工具计算相应的哈希进行对比
$ openssl dgst -sha1 sha1.o
SHA1(sha1.o)= 0d2074139b82aff767c2dbefbec21cc76d29f354
$ echo -n "I Love China!" | openssl dgst -sha1
(stdin)= 693b2935968a35d0c163d81fbf8c51476c16242b

完整代码

完整的代码文件列表如下:

sha1$ ls -lh
total 36K
-rwxr--r-- 1 rocky rocky  597 Jun 19 22:44 Makefile
-rwxrwxr-x 1 rocky rocky 8.3K Jun 19 22:59 sha1.c
-rwxrwxr-x 1 rocky rocky 1.3K Jun 19 22:59 sha1.h
-rwxr--r-- 1 rocky rocky 5.7K Jun 19 22:59 sha1test.c
-rwxr--r-- 1 rocky rocky  578 Jun 17 21:46 utils.c
-rwxr--r-- 1 rocky rocky 1.7K Jun 17 21:46 utils.h

需要代码请访问:

• https://github.com/guyongqiangx/cryptography/

其它

洛奇工作中常常会遇到自己不熟悉的问题，这些问题可能并不难，但因为不了解，找不到人帮忙而瞎折腾，往往导致浪费几天甚至更久的时间。

所以我组建了几个微信讨论群(记得微信我说加哪个群，如何加微信见后面)，欢迎一起讨论:

• 一个密码编码学讨论组，主要讨论各种加解密，签名校验等算法，请说明加密码学讨论群。
• 一个Android OTA的讨论组，请说明加Android OTA群。
• 一个git和repo的讨论组，请说明加git和repo群。

在工作之余，洛奇尽量写一些对大家有用的东西，如果洛奇的这篇文章让您有所收获，解决了您一直以来未能解决的问题，不妨赞赏一下洛奇，这也是对洛奇付出的最大鼓励。扫下面的二维码赞赏洛奇，金额随意：

洛奇自己维护了一个公众号“洛奇看世界”，一个很佛系的公众号，不定期瞎逼逼。公号也提供个人联系方式，一些资源，说不定会有意外的收获，详细内容见公号提示。扫下方二维码关注公众号：