SHA-1 in fully-portable C89?

[Tomás Ó hÉilidhe]

(SHA-1 is a cryptographic hash function. For info on what SHA-1 is:
http://en.wikipedia.org/wiki/SHA-1)

I'm writing fullportable C89 code that needs to make use of the SHA-1
algorithm. Does anyone know if there's been a fully-portable C89
implementation of the SHA-1 algorithm?

If not, could someone please point me to a very good implementation of the
algorithm, an implementation which is very portable (perhaps portable to
machines with 8-Bit bytes and which have exact 16-Bit, 32-Bit and 64-Bit
integer types)?

I've done a few Google searches but I'm getting back a lot of sub-standard
platform-specific code.

Thanks.

 

[user923005]

(SHA-1 is a cryptographic hash function. For info on what SHA-1 is:http://en.wikipedia.org/wiki/SHA-1)

I'm writing fullportable C89 code that needs to make use of the SHA-1
algorithm. Does anyone know if there's been a fully-portable C89
implementation of the SHA-1 algorithm?

If not, could someone please point me to a very good implementation of the
algorithm, an implementation which is very portable (perhaps portable to
machines with 8-Bit bytes and which have exact 16-Bit, 32-Bit and 64-Bit
integer types)?

I've done a few Google searches but I'm getting back a lot of sub-standard
platform-specific code.

Here:
http://www.mirrors.wiretapped.net/security/cryptography/algorithms/esign-id/call-6/sha1.c
http://www.mirrors.wiretapped.net/security/cryptography/algorithms/esign-id/call-6/sha1.h

A google search for "sha1.c" turns up a zillion hits.

FWIW, the best implementations (typically a factor of 2x-4x faster)
will have inline assembly, so no wonder you are pulling up non-
portable stuff.

Try this as well:
http://ece.gmu.edu/courses/Crypto_resources/web_resources/libraries.htm

I guess with a little more practice you will learn how to find things
yourself with google.
Another good bet is SourceForge.

Oh, and by the way, searches for C source are not topical on
(but the FAQ reference for is hopelessly outdated)

 

[user923005]

(SHA-1 is a cryptographic hash function. For info on what SHA-1 is:http://en.wikipedia.org/wiki/SHA-1)

I'm writing fullportable C89 code that needs to make use of the SHA-1
algorithm. Does anyone know if there's been a fully-portable C89
implementation of the SHA-1 algorithm?

If not, could someone please point me to a very good implementation of the
algorithm, an implementation which is very portable (perhaps portable to
machines with 8-Bit bytes and which have exact 16-Bit, 32-Bit and 64-Bit
integer types)?

I've done a few Google searches but I'm getting back a lot of sub-standard
platform-specific code.

One more thing, there is a newsgroup called for this
sort of thing.
Unfortunately, it is spam bombarded right now, so it's a little hard
to read.
Some newsreaders can remove most of the junk, though.

 

[Chris Hills]

(SHA-1 is a cryptographic hash function. For info on what SHA-1 is:
http://en.wikipedia.org/wiki/SHA-1)

I'm writing fullportable C89 code that needs to make use of the SHA-1
algorithm. Does anyone know if there's been a fully-portable C89
implementation of the SHA-1 algorithm?

You will probably want an ISO C95 version. C89 was superseded by ISO
C90 and some amendments in 93-95. You will find more compilers support
c95 than anything else.

If not, could someone please point me to a very good implementation of
the algorithm, an implementation which is very portable (perhaps
portable to machines with 8-Bit bytes and which have exact 16-Bit,
32-Bit and 64-Bit integer types)?

You don't want much do you... I am sure some one can sell you what you
need.

I've done a few Google searches but I'm getting back a lot of
sub-standard platform-specific code.

I think for a lot of crypto work you are going to find most of the
implementations are architecture or compiler specific. People usually
need the crypto code to be fast and compact. Generic code will be
neither.

Also in many cases for security the writer will want it less accessible
to hackers. We used various hardware resources to make things less
obvious and more secure. Whist security by concealment is not
recommended as a prime defence it does help when layered on top of other
things.


BTW for a repository of cypher sources see

http://www.phaedsys.demon.co.uk/chris/index.htm

And click on ciphers. There is an SHA1, SHA2 and SHA3 implementation

Apologies for the state of the web site but it needs an overhaul.

 

[Keith Thompson]

You will probably want an ISO C95 version. C89 was superseded by ISO
C90 and some amendments in 93-95. You will find more compilers support
c95 than anything else.

C89 (ANSI) and C90 (ISO) describe exactly the same language; the only
changes were some introductory material and a renumbering of some of
the sections.

C95 made some minor changes to C90; I don't think anything added by
C95 would be relevant to an implementation of SHA-1.

I think C95 is entirely upward compatible with C90; C99 is *almost*
entirely upward compatible with C90 and C95. A sufficiently portable
C89/C90 implementation of SHA-1 should work with any C implementation.

[...]

 

[Army1987]

You will probably want an ISO C95 version. C89 was superseded by ISO
C90 and some amendments in 93-95. You will find more compilers support
c95 than anything else.

I don't think C95 added anything useful to implement the SHA-1 algorithm,
or that it broke any C89 program.

 

[Chris Hills]

I don't think C95 added anything useful to implement the SHA-1 algorithm,
or that it broke any C89 program.

Then why reference an obsolete standard?

 

[Philip Potter]

I don't think C95 added anything useful to implement the SHA-1 algorithm,
or that it broke any C89 program.

Then why reference an obsolete standard?[/QUOTE]

You know C95 is obsolete, right?

 

[Chris Hills]

Then why reference an obsolete standard?

You know C95 is obsolete, right?[/QUOTE]

Yes but it is the one that most compiler vendors used.

 

[Keith Thompson]

writes [...]

You know C95 is obsolete, right?

Yes but it is the one that most compiler vendors used.

Most, but not all. In a discussion here a while ago, it was said that
some implementations support C90 but not C95. Given that C95 is a
superset of C90, more vendors support C90 than C95, and using
C95-specific features in SHA-1 code would make that code slightly less
portable.

 

[Thad Smith]

(SHA-1 is a cryptographic hash function. For info on what SHA-1 is:
http://en.wikipedia.org/wiki/SHA-1)

I'm writing fullportable C89 code that needs to make use of the SHA-1
algorithm. Does anyone know if there's been a fully-portable C89
implementation of the SHA-1 algorithm?

A fully portable implementation could consider the input as either a stream
of octets, one per byte, or a stream of bits, with log2(UCHAR_MAX+1) bits
per byte. You would need to decide which. Perhaps you would want both
implementations.

Looking at the implementation referenced by user923005 at
http://www.mirrors.wiretapped.net/security/cryptography/algorithms/, it
shouldn't be too much extra work to accept a stream of octets using the low
order 8 bits / byte. The conditional little endian code can be eliminated
by assembling a 32-bit value from four consecutive bytes.

 

[Tomás Ó hÉilidhe]

A fully portable implementation could consider the input as either a
stream of octets, one per byte, or a stream of bits, with
log2(UCHAR_MAX+1) bits per byte. You would need to decide which.
Perhaps you would want both implementations.

Looking at the implementation referenced by user923005 at
http://www.mirrors.wiretapped.net/security/cryptography/algorithms/,
it shouldn't be too much extra work to accept a stream of octets using
the low order 8 bits / byte. The conditional little endian code can
be eliminated by assembling a 32-bit value from four consecutive
bytes.

Exactly, I'd like to use bytes (whether they be 8-Bit, 9-Bit, or 53-Bit) to
store each octet, using only the least significant eight bits for each
octet's value.

I'll let you know how I get on... but first I've to read up on hash
functions :-O

 

[CBFalconer]

.... snip ...

I'll let you know how I get on... but first I've to read up on
hash functions :-O

When hashing char strings, the following utility functions are
efficient and I have found them to be quite adequate. Another
useful multiplicative constant is 33. The following is an extract
from hashlib.zip, available at:

<http://cbfalconer.home.att.net/download/>

(while hashlib is under GPL, these functions are long known and
public domain)

/* ============= Useful generic functions ============= */

/* NOTE: hash is called once per operation, while rehash is
called _no more_ than once per operation. Thus it
is preferable that hash be the more efficient.
*/

/* Hash a string quantity */
unsigned long hshstrhash(const char * string) {
unsigned long h;

h = 0;
while (*string) {
h = h * 31UL + (unsigned char) *string++;
}
return h;
} /* hshstrhash */

/* 1------------------1 */

/* ReHash a string quantity */
unsigned long hshstrehash(const char * string) {
unsigned long h;

h = 0;
while (*string) {
h = h * 37UL + (unsigned char) *string++;
}
return h;
} /* hshstrehash */

 

[Chris Hills]

Exactly, I'd like to use bytes (whether they be 8-Bit, 9-Bit, or
53-Bit) to store each octet, using only the least significant eight
bits for each octet's value.

That is not efficient. You are unlikely to find any decent crypto code
doing that because they usually need speed and compact size.

 

[Tomás Ó hÉilidhe]

That is not efficient. You are unlikely to find any decent crypto code
doing that because they usually need speed and compact size.

I know it's not efficient. My program only runs the algorithm once though,
so I doubt the human observer will notice a difference between 1ms and 5ms,
even though it's a 400% increase.

 

[Tor Rustad]

(SHA-1 is a cryptographic hash function. For info on what SHA-1 is:
http://en.wikipedia.org/wiki/SHA-1)

I'm writing fullportable C89 code that needs to make use of the SHA-1
algorithm. Does anyone know if there's been a fully-portable C89
implementation of the SHA-1 algorithm?

If not, could someone please point me to a very good implementation of
the algorithm, an implementation which is very portable (perhaps
portable to machines with 8-Bit bytes and which have exact 16-Bit,
32-Bit and 64-Bit integer types)?

I've done a few Google searches but I'm getting back a lot of
sub-standard platform-specific code.

Just look in one of the well known crypto libraries... SSH, OpenSSL,
cryptlib etc. etc.

The implementation I have been using for a decade, is (almost) ISO C90,
and has been used on mainframes to embedded systems, big-endian and
little-endian systems. There are many more implementations around,
equally portable.

 

[Tomás Ó hÉilidhe]

The implementation I have been using for a decade, is (almost) ISO C90,
and has been used on mainframes to embedded systems, big-endian and
little-endian systems.

Might I ask where I can get my hands on the one you've been using?

 

[CBFalconer]

Might I ask where I can get my hands on the one you've been using?

Try "gcc -W -Wall -ansi -pedantic"

 

[Ian Collins]

Try "gcc -W -Wall -ansi -pedantic"

I didn't know gcc doubled as a search engine....

 

[Keith Thompson]

Try "gcc -W -Wall -ansi -pedantic"

I believe the question was about an implementation of SHA-1, not of C.