xtunnelscvssha1.cpp

xtunnel nat/fw traversal source code

    for(t = 60; t < 80; t++)
    {
        temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
        E = D;
        D = C;
        C = SHA1CircularShift(30,B);
        B = A;
        A = temp;
    }

    context->Intermediate_Hash[0] += A;
    context->Intermediate_Hash[1] += B;
    context->Intermediate_Hash[2] += C;
    context->Intermediate_Hash[3] += D;
    context->Intermediate_Hash[4] += E;

    context->Message_Block_Index = 0;
}


/*
 *  SHA1PadMessage
 *
 *  Description:
 *      According to the standard, the message must be padded to an even
 *      512 bits.  The first padding bit must be a '1'.  The last 64
 *      bits represent the length of the original message.  All bits in
 *      between should be 0.  This function will pad the message
 *      according to those rules by filling the Message_Block array
 *      accordingly.  It will also call the ProcessMessageBlock function
 *      provided appropriately.  When it returns, it can be assumed that
 *      the message digest has been computed.
 *
 *  Parameters:
 *      context: [in/out]
 *          The context to pad
 *      ProcessMessageBlock: [in]
 *          The appropriate SHA*ProcessMessageBlock function
 *  Returns:
 *      Nothing.
 *
 */

void SHA1PadMessage(SHA1Context *context)
{
    /*
     *  Check to see if the current message block is too small to hold
     *  the initial padding bits and length.  If so, we will pad the
     *  block, process it, and then continue padding into a second
     *  block.
     */
    if (context->Message_Block_Index > 55)
    {
        context->Message_Block[context->Message_Block_Index++] = 0x80;
        while(context->Message_Block_Index < 64)
        {
            context->Message_Block[context->Message_Block_Index++] = 0;
        }

        SHA1ProcessMessageBlock(context);

        while(context->Message_Block_Index < 56)
        {
            context->Message_Block[context->Message_Block_Index++] = 0;
        }
    }
    else
    {
        context->Message_Block[context->Message_Block_Index++] = 0x80;
        while(context->Message_Block_Index < 56)
        {
            context->Message_Block[context->Message_Block_Index++] = 0;
        }
    }

    /*
     *  Store the message length as the last 8 octets
     */
    context->Message_Block[56] = context->Length_High >> 24;
    context->Message_Block[57] = context->Length_High >> 16;
    context->Message_Block[58] = context->Length_High >> 8;
    context->Message_Block[59] = context->Length_High;
    context->Message_Block[60] = context->Length_Low >> 24;
    context->Message_Block[61] = context->Length_Low >> 16;
    context->Message_Block[62] = context->Length_Low >> 8;
    context->Message_Block[63] = context->Length_Low;

    SHA1ProcessMessageBlock(context);
}


#if 0

/*
 *  sha1test.c
 *
 *  Description:
 *      This file will exercise the SHA-1 code performing the three
 *      tests documented in FIPS PUB 180-1 plus one which calls
 *      SHA1Input with an exact multiple of 512 bits, plus a few
 *      error test checks.
 *
 *  Portability Issues:
 *      None.
 *
 */

#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include "sha1.h"

/*
 *  Define patterns for testing
 */
#define TEST1   "abc"
#define TEST2a  "abcdbcdecdefdefgefghfghighijhi"
#define TEST2b  "jkijkljklmklmnlmnomnopnopq"
#define TEST2   TEST2a TEST2b
#define TEST3   "a"
#define TEST4a  "01234567012345670123456701234567"
#define TEST4b  "01234567012345670123456701234567"

 /* an exact multiple of 512 bits */
#define TEST4   TEST4a TEST4b
char *testarray[4] =
{
    TEST1,
    TEST2,
    TEST3,
    TEST4
};
long int repeatcount[4] = { 1, 1, 1000000, 10 };
char *resultarray[4] =
{
    "A9 99 3E 36 47 06 81 6A BA 3E 25 71 78 50 C2 6C 9C D0 D8 9D",
    "84 98 3E 44 1C 3B D2 6E BA AE 4A A1 F9 51 29 E5 E5 46 70 F1",
    "34 AA 97 3C D4 C4 DA A4 F6 1E EB 2B DB AD 27 31 65 34 01 6F",
    "DE A3 56 A2 CD DD 90 C7 A7 EC ED C5 EB B5 63 93 4F 46 04 52"
};

int main()
{
    SHA1Context sha;
    int i, j, err;
    uint8_t Message_Digest[20];

    /*
     *  Perform SHA-1 tests
     */
    for(j = 0; j < 4; ++j)
    {
        printf( "\nTest %d: %d, '%s'\n",
                j+1,
                repeatcount[j],
                testarray[j]);

        err = SHA1Reset(&sha);
        if (err)
        {
            fprintf(stderr, "SHA1Reset Error %d.\n", err );
            break;    /* out of for j loop */
        }

        for(i = 0; i < repeatcount[j]; ++i)
        {
            err = SHA1Input(&sha,
                  (const unsigned char *) testarray[j],
                  strlen(testarray[j]));
            if (err)
            {
                fprintf(stderr, "SHA1Input Error %d.\n", err );
                break;    /* out of for i loop */
            }
        }

        err = SHA1Result(&sha, Message_Digest);
        if (err)
        {
            fprintf(stderr,
            "SHA1Result Error %d, could not compute message digest.\n",
            err );
        }
        else
        {
            printf("\t");
            for(i = 0; i < 20 ; ++i)
            {
                printf("%02X ", Message_Digest[i]);
            }
            printf("\n");
        }
        printf("Should match:\n");
        printf("\t%s\n", resultarray[j]);
    }

    /* Test some error returns */
    err = SHA1Input(&sha,(const unsigned char *) testarray[1], 1);
    printf ("\nError %d. Should be %d.\n", err, shaStateError );
    err = SHA1Reset(0);
    printf ("\nError %d. Should be %d.\n", err, shaNull );
    return 0;
}

#endif //0

/*
8. Security Considerations

   This document is intended to provide convenient open source access by
   the Internet community to the United States of America Federal
   Information Processing Standard Secure Hash Function SHA-1 [FIPS
   180-1].  No independent assertion of the security of this hash
   function by the authors for any particular use is intended.

References

   [FIPS 180-1] "Secure Hash Standard", United States of American,
                National Institute of Science and Technology, Federal
                Information Processing Standard (FIPS) 180-1, April
                1993.

   [MD4]        "The MD4 Message Digest Algorithm," Advances in
                Cryptology - CRYPTO '90 Proceedings, Springer-Verlag,
                1991, pp. 303-311.

   [RFC 1320]   Rivest, R., "The MD4 Message-Digest Algorithm", RFC
                1320, April 1992.

   [RFC 1321]   Rivest, R., "The MD5 Message-Digest Algorithm", RFC
                1321, April 1992.

   [RFC 1750]   Eastlake, D., Crocker, S. and J. Schiller, "Randomness
                Requirements for Security", RFC 1750, December 1994.

Authors' Addresses

   Donald E. Eastlake, 3rd
   Motorola
   155 Beaver Street
   Milford, MA 01757 USA

   Phone:   +1 508-634-2066 (h)
            +1 508-261-5434 (w)
   Fax:     +1 508-261-4777
   EMail:   Donald.Eastlake@motorola.com


   Paul E. Jones
   Cisco Systems, Inc.
   7025 Kit Creek Road
   Research Triangle Park, NC 27709 USA

   Phone:   +1 919 392 6948
   EMail:   paulej@packetizer.com


*/

//----------------------------------------------------------------------------

void CVsSHA1::Init()
{
   bzero(&m_tContext, sizeof(m_tContext));
   bzero(m_pMessage_Digest, sizeof(m_pMessage_Digest));

   SHA1Reset(&m_tContext);
}

void CVsSHA1::Destroy()
{
   bzero(&m_tContext, sizeof(m_tContext));
   bzero(m_pMessage_Digest, sizeof(m_pMessage_Digest));
}

bool CVsSHA1::Write(
   const BYTE *pBuffer,
   DWORD dwBufferLength,
   DWORD *pBytesWritten
)
{
   bool bReturnResult = false;

   if (NULL == pBuffer)
   	return false;
   if (0 == dwBufferLength)
   	return false;

   if (NULL != pBytesWritten)
      *pBytesWritten = 0;

   int iError = SHA1Input(
      &m_tContext,
      pBuffer,
      dwBufferLength
   );

   if (0 != iError)
      goto FINALLY;
      
   if (NULL != pBytesWritten)
      *pBytesWritten = dwBufferLength;
   bReturnResult = true;
   FINALLY:
   {
   }

   return bReturnResult;
}

void CVsSHA1::Close()
{
   /*int iError =*/ SHA1Result(&m_tContext, m_pMessage_Digest);

   // clean out the sensitive context now that we have a message digest
   bzero(&m_tContext, sizeof(m_tContext));
}

void CVsSHA1::GetDigest(char* szOutDigest)
{
	sprintf(
	   szOutDigest,
	   "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",

      (unsigned int)(m_pMessage_Digest[0]),
      (unsigned int)(m_pMessage_Digest[1]),
      (unsigned int)(m_pMessage_Digest[2]),
      (unsigned int)(m_pMessage_Digest[3]),
      (unsigned int)(m_pMessage_Digest[4]),
      (unsigned int)(m_pMessage_Digest[5]),
      (unsigned int)(m_pMessage_Digest[6]),
      (unsigned int)(m_pMessage_Digest[7]),
      (unsigned int)(m_pMessage_Digest[8]),
      (unsigned int)(m_pMessage_Digest[9]),
      (unsigned int)(m_pMessage_Digest[10]),
      (unsigned int)(m_pMessage_Digest[11]),
      (unsigned int)(m_pMessage_Digest[12]),
      (unsigned int)(m_pMessage_Digest[13]),
      (unsigned int)(m_pMessage_Digest[14]),
      (unsigned int)(m_pMessage_Digest[15]),
      (unsigned int)(m_pMessage_Digest[16]),
      (unsigned int)(m_pMessage_Digest[17]),
      (unsigned int)(m_pMessage_Digest[18]),
      (unsigned int)(m_pMessage_Digest[19])
   );
}

//----------------------------------------------------------------------------
// http://www.faqs.org/rfcs/rfc2104.html
//

void hmac_sha1(
   const BYTE *pInTextBlob,
   DWORD dwInTextBlobLength,
   const BYTE *pInKey,
   DWORD dwInKeyLength,
   unsigned char pOutDigest[20]
)
{
   if (NULL == pOutDigest)
      return;

   bzero(pOutDigest, sizeof(pOutDigest));
   if (NULL == pInTextBlob)
      return;
   if (NULL == pInKey)
      return;

   SHA1Context context;
   unsigned char k_ipad[65];    /* inner padding -
                                * key XORd with ipad
                                */
   unsigned char k_opad[65];    /* outer padding -
                                * key XORd with opad
                                */
   unsigned char tk[sizeof(pOutDigest)];

   int i = 0;
   /* if key is longer than 64 bytes reset it to key=MD5(key) */
   if (dwInKeyLength > 64)
   {
      SHA1Context tctx;

      SHA1Reset(&tctx);
      SHA1Input(&tctx, pInKey, dwInKeyLength);
      SHA1Result(&tctx, tk);

      pInKey = tk;
      dwInKeyLength = sizeof(tk);
   }

   /*
   * the HMAC_MD5 transform looks like:
   *
   * MD5(K XOR opad, MD5(K XOR ipad, text))
   *
   * where K is an n byte key
   * ipad is the byte 0x36 repeated 64 times

   * opad is the byte 0x5c repeated 64 times
   * and text is the data being protected
   */

   /* start out by storing key in pads */
   memset(k_ipad, 0, sizeof(k_ipad));
   memset(k_opad, 0, sizeof(k_opad));
   memcpy(k_ipad, pInKey, dwInKeyLength);
   memcpy(k_opad, pInKey, dwInKeyLength);

   /* XOR key with ipad and opad values */
   for (i=0; i < 64; i++)
   {
      k_ipad[i] ^= 0x36;
      k_opad[i] ^= 0x5c;
   }
   /*
   * perform inner MD5
   */
   SHA1Reset(&context);                     /* init context for 1st
                                           * pass */
   SHA1Input(&context, k_ipad, 64);       /* start with inner pad */
   SHA1Input(&context, pInTextBlob, dwInTextBlobLength); /* then text of datagram */
   SHA1Result(&context, pOutDigest);        /* finish up 1st pass */
   /*
   * perform outer MD5
   */
   SHA1Reset(&context);                     /* init context for 2nd
                                           * pass */
   SHA1Input(&context, k_opad, 64);       /* start with outer pad */
   SHA1Input(&context, pOutDigest, sizeof(pOutDigest));   /* then results of 1st
                                           * hash */
   SHA1Result(&context, pOutDigest);        /* finish up 2nd pass */
}