File: sha1.h

package info (click to toggle)
golang-github-pjbgf-sha1cd 0.3.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 7,576 kB
  • sloc: ansic: 2,188; asm: 1,527; makefile: 28
file content (114 lines) | stat: -rw-r--r-- 4,252 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
 
/***
 * Copyright 2017 Marc Stevens <marc@marc-stevens.nl>, Dan Shumow <danshu@microsoft.com>
 * Distributed under the MIT Software License.
 * See accompanying file LICENSE.txt or copy at
 * https://opensource.org/licenses/MIT
 ***/

// Originally from: https://github.com/cr-marcstevens/sha1collisiondetection

#ifndef SHA1DC_SHA1_H
#define SHA1DC_SHA1_H

#if defined(__cplusplus)
extern "C"
{
#endif

#ifndef SHA1DC_NO_STANDARD_INCLUDES
#include <stdint.h>
#endif

	/* sha-1 compression function that takes an already expanded message, and additionally store intermediate states */
	/* only stores states ii (the state between step ii-1 and step ii) when DOSTORESTATEii is defined in ubc_check.h */
	void sha1_compression_states(uint32_t[5], const uint32_t[16], uint32_t[80], uint32_t[80][5]);

	/*
	// Function type for sha1_recompression_step_T (uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5]).
	// Where 0 <= T < 80
	//       me2 is an expanded message (the expansion of an original message block XOR'ed with a disturbance vector's message block difference.)
	//       state is the internal state (a,b,c,d,e) before step T of the SHA-1 compression function while processing the original message block.
	// The function will return:
	//       ihvin: The reconstructed input chaining value.
	//       ihvout: The reconstructed output chaining value.
	*/
	typedef void (*sha1_recompression_type)(uint32_t *, uint32_t *, const uint32_t *, const uint32_t *);

	/* A callback function type that can be set to be called when a collision block has been found: */
	/* void collision_block_callback(uint64_t byteoffset, const uint32_t ihvin1[5], const uint32_t ihvin2[5], const uint32_t m1[80], const uint32_t m2[80]) */
	typedef void (*collision_block_callback)(uint64_t, const uint32_t *, const uint32_t *, const uint32_t *, const uint32_t *);

	/* The SHA-1 context. */
	typedef struct
	{
		uint64_t total;
		uint32_t ihv[5];
		unsigned char buffer[64];
		int found_collision;
		int safe_hash;
		int detect_coll;
		int ubc_check;
		int reduced_round_coll;
		collision_block_callback callback;

		uint32_t ihv1[5];
		uint32_t ihv2[5];
		uint32_t m1[80];
		uint32_t m2[80];
		uint32_t states[80][5];
	} SHA1_CTX;

	/* Initialize SHA-1 context. */
	void SHA1DCInit(SHA1_CTX *);

	/*
		Function to enable safe SHA-1 hashing:
		Collision attacks are thwarted by hashing a detected near-collision block 3 times.
		Think of it as extending SHA-1 from 80-steps to 240-steps for such blocks:
			The best collision attacks against SHA-1 have complexity about 2^60,
			thus for 240-steps an immediate lower-bound for the best cryptanalytic attacks would be 2^180.
			An attacker would be better off using a generic birthday search of complexity 2^80.

	   Enabling safe SHA-1 hashing will result in the correct SHA-1 hash for messages where no collision attack was detected,
	   but it will result in a different SHA-1 hash for messages where a collision attack was detected.
	   This will automatically invalidate SHA-1 based digital signature forgeries.
	   Enabled by default.
	*/
	void SHA1DCSetSafeHash(SHA1_CTX *, int);

	/*
		Function to disable or enable the use of Unavoidable Bitconditions (provides a significant speed up).
		Enabled by default
	 */
	void SHA1DCSetUseUBC(SHA1_CTX *, int);

	/*
		Function to disable or enable the use of Collision Detection.
		Enabled by default.
	 */
	void SHA1DCSetUseDetectColl(SHA1_CTX *, int);

	/* function to disable or enable the detection of reduced-round SHA-1 collisions */
	/* disabled by default */
	void SHA1DCSetDetectReducedRoundCollision(SHA1_CTX *, int);

	/* function to set a callback function, pass NULL to disable */
	/* by default no callback set */
	void SHA1DCSetCallback(SHA1_CTX *, collision_block_callback);

	/* update SHA-1 context with buffer contents */
	void SHA1DCUpdate(SHA1_CTX *, const char *, size_t);

	/* obtain SHA-1 hash from SHA-1 context */
	/* returns: 0 = no collision detected, otherwise = collision found => warn user for active attack */
	int SHA1DCFinal(unsigned char[20], SHA1_CTX *);

#if defined(__cplusplus)
}
#endif

#ifdef SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_H
#include SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_H
#endif

#endif