SHA-1 in fully-portable C89?

Discussion in 'C Programming' started by Tomás Ó hÉilidhe, Jan 1, 2008.

  1. (SHA-1 is a cryptographic hash function. For info on what SHA-1 is:
    http://en.wikipedia.org/wiki/SHA-1)

    I'm writing fullportable C89 code that needs to make use of the SHA-1
    algorithm. Does anyone know if there's been a fully-portable C89
    implementation of the SHA-1 algorithm?

    If not, could someone please point me to a very good implementation of the
    algorithm, an implementation which is very portable (perhaps portable to
    machines with 8-Bit bytes and which have exact 16-Bit, 32-Bit and 64-Bit
    integer types)?

    I've done a few Google searches but I'm getting back a lot of sub-standard
    platform-specific code.

    Thanks.

    --
    Tomás Ó hÉilidhe
     
    Tomás Ó hÉilidhe, Jan 1, 2008
    #1
    1. Advertising

  2. Tomás Ó hÉilidhe

    user923005 Guest

    On Dec 31, 7:31 pm, "Tomás Ó hÉilidhe" <> wrote:
    > (SHA-1 is a cryptographic hash function. For info on what SHA-1 is:http://en.wikipedia.org/wiki/SHA-1)
    >
    > I'm writing fullportable C89 code that needs to make use of the SHA-1
    > algorithm. Does anyone know if there's been a fully-portable C89
    > implementation of the SHA-1 algorithm?
    >
    > If not, could someone please point me to a very good implementation of the
    > algorithm, an implementation which is very portable (perhaps portable to
    > machines with 8-Bit bytes and which have exact 16-Bit, 32-Bit and 64-Bit
    > integer types)?
    >
    > I've done a few Google searches but I'm getting back a lot of sub-standard
    > platform-specific code.


    Here:
    http://www.mirrors.wiretapped.net/security/cryptography/algorithms/esign-id/call-6/sha1.c
    http://www.mirrors.wiretapped.net/security/cryptography/algorithms/esign-id/call-6/sha1.h

    A google search for "sha1.c" turns up a zillion hits.

    FWIW, the best implementations (typically a factor of 2x-4x faster)
    will have inline assembly, so no wonder you are pulling up non-
    portable stuff.

    Try this as well:
    http://ece.gmu.edu/courses/Crypto_resources/web_resources/libraries.htm

    I guess with a little more practice you will learn how to find things
    yourself with google.
    Another good bet is SourceForge.

    Oh, and by the way, searches for C source are not topical on
    news:comp.lang.c (but the FAQ reference for news:comp.sources.wanted
    is hopelessly outdated)
     
    user923005, Jan 1, 2008
    #2
    1. Advertising

  3. Tomás Ó hÉilidhe

    user923005 Guest

    On Dec 31, 7:31 pm, "Tomás Ó hÉilidhe" <> wrote:
    > (SHA-1 is a cryptographic hash function. For info on what SHA-1 is:http://en.wikipedia.org/wiki/SHA-1)
    >
    > I'm writing fullportable C89 code that needs to make use of the SHA-1
    > algorithm. Does anyone know if there's been a fully-portable C89
    > implementation of the SHA-1 algorithm?
    >
    > If not, could someone please point me to a very good implementation of the
    > algorithm, an implementation which is very portable (perhaps portable to
    > machines with 8-Bit bytes and which have exact 16-Bit, 32-Bit and 64-Bit
    > integer types)?
    >
    > I've done a few Google searches but I'm getting back a lot of sub-standard
    > platform-specific code.


    One more thing, there is a newsgroup called news:sci.crypt for this
    sort of thing.
    Unfortunately, it is spam bombarded right now, so it's a little hard
    to read.
    Some newsreaders can remove most of the junk, though.
     
    user923005, Jan 1, 2008
    #3
  4. Tomás Ó hÉilidhe

    Chris Hills Guest

    In article <Xns9A1823D9220Dtoelavabitcom@194.125.133.14>, Tomás Ó
    hÉilidhe <> writes
    >
    >(SHA-1 is a cryptographic hash function. For info on what SHA-1 is:
    >http://en.wikipedia.org/wiki/SHA-1)
    >
    >I'm writing fullportable C89 code that needs to make use of the SHA-1
    >algorithm. Does anyone know if there's been a fully-portable C89
    >implementation of the SHA-1 algorithm?


    You will probably want an ISO C95 version. C89 was superseded by ISO
    C90 and some amendments in 93-95. You will find more compilers support
    c95 than anything else.

    >If not, could someone please point me to a very good implementation of
    >the algorithm, an implementation which is very portable (perhaps
    >portable to machines with 8-Bit bytes and which have exact 16-Bit,
    >32-Bit and 64-Bit integer types)?


    You don't want much do you... I am sure some one can sell you what you
    need.

    >I've done a few Google searches but I'm getting back a lot of
    >sub-standard platform-specific code.


    I think for a lot of crypto work you are going to find most of the
    implementations are architecture or compiler specific. People usually
    need the crypto code to be fast and compact. Generic code will be
    neither.

    Also in many cases for security the writer will want it less accessible
    to hackers. We used various hardware resources to make things less
    obvious and more secure. Whist security by concealment is not
    recommended as a prime defence it does help when layered on top of other
    things.


    BTW for a repository of cypher sources see

    http://www.phaedsys.demon.co.uk/chris/index.htm

    And click on ciphers. There is an SHA1, SHA2 and SHA3 implementation

    Apologies for the state of the web site but it needs an overhaul.


    --
    \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
    \/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
    /\/\/ www.phaedsys.org \/\/\
    \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
     
    Chris Hills, Jan 1, 2008
    #4
  5. Chris Hills <> writes:
    > In article <Xns9A1823D9220Dtoelavabitcom@194.125.133.14>, Tomás Ó
    > hÉilidhe <> writes
    >> (SHA-1 is a cryptographic hash function. For info on what SHA-1 is:
    >> http://en.wikipedia.org/wiki/SHA-1)
    >>
    >> I'm writing fullportable C89 code that needs to make use of the
    >> SHA-1 algorithm. Does anyone know if there's been a fully-portable
    >> C89 implementation of the SHA-1 algorithm?

    >
    > You will probably want an ISO C95 version. C89 was superseded by ISO
    > C90 and some amendments in 93-95. You will find more compilers support
    > c95 than anything else.


    C89 (ANSI) and C90 (ISO) describe exactly the same language; the only
    changes were some introductory material and a renumbering of some of
    the sections.

    C95 made some minor changes to C90; I don't think anything added by
    C95 would be relevant to an implementation of SHA-1.

    I think C95 is entirely upward compatible with C90; C99 is *almost*
    entirely upward compatible with C90 and C95. A sufficiently portable
    C89/C90 implementation of SHA-1 should work with any C implementation.

    [...]

    --
    Keith Thompson (The_Other_Keith) <>
    [...]
    "We must do something. This is something. Therefore, we must do this."
    -- Antony Jay and Jonathan Lynn, "Yes Minister"
     
    Keith Thompson, Jan 1, 2008
    #5
  6. Tomás Ó hÉilidhe

    Army1987 Guest

    Chris Hills wrote:

    > In article <Xns9A1823D9220Dtoelavabitcom@194.125.133.14>, Tomás Ó
    > hÉilidhe <> writes


    >>I'm writing fullportable C89 code that needs to make use of the SHA-1
    >>algorithm. Does anyone know if there's been a fully-portable C89
    >>implementation of the SHA-1 algorithm?

    >
    > You will probably want an ISO C95 version. C89 was superseded by ISO
    > C90 and some amendments in 93-95. You will find more compilers support
    > c95 than anything else.

    I don't think C95 added anything useful to implement the SHA-1 algorithm,
    or that it broke any C89 program.

    --
    Army1987 (Replace "NOSPAM" with "email")
     
    Army1987, Jan 1, 2008
    #6
  7. Tomás Ó hÉilidhe

    Chris Hills Guest

    In article <fldrai$tpo$>, Army1987 <>
    writes
    >Chris Hills wrote:
    >
    >> In article <Xns9A1823D9220Dtoelavabitcom@194.125.133.14>, Tomás Ó
    >> hÉilidhe <> writes

    >
    >>>I'm writing fullportable C89 code that needs to make use of the SHA-1
    >>>algorithm. Does anyone know if there's been a fully-portable C89
    >>>implementation of the SHA-1 algorithm?

    >>
    >> You will probably want an ISO C95 version. C89 was superseded by ISO
    >> C90 and some amendments in 93-95. You will find more compilers support
    >> c95 than anything else.

    >I don't think C95 added anything useful to implement the SHA-1 algorithm,
    >or that it broke any C89 program.


    Then why reference an obsolete standard?
    --
    \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
    \/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
    /\/\/ www.phaedsys.org \/\/\
    \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
     
    Chris Hills, Jan 1, 2008
    #7
  8. Chris Hills wrote:
    > In article <fldrai$tpo$>, Army1987 <>
    > writes
    >> Chris Hills wrote:
    >>
    >>> In article <Xns9A1823D9220Dtoelavabitcom@194.125.133.14>, Tomás Ó
    >>> hÉilidhe <> writes
    >>>> I'm writing fullportable C89 code that needs to make use of the SHA-1
    >>>> algorithm. Does anyone know if there's been a fully-portable C89
    >>>> implementation of the SHA-1 algorithm?
    >>> You will probably want an ISO C95 version. C89 was superseded by ISO
    >>> C90 and some amendments in 93-95. You will find more compilers support
    >>> c95 than anything else.

    >> I don't think C95 added anything useful to implement the SHA-1 algorithm,
    >> or that it broke any C89 program.

    >
    > Then why reference an obsolete standard?


    You know C95 is obsolete, right?
     
    Philip Potter, Jan 1, 2008
    #8
  9. Tomás Ó hÉilidhe

    Chris Hills Guest

    In article <fldv43$377$>, Philip Potter <>
    writes
    >Chris Hills wrote:
    >> In article <fldrai$tpo$>, Army1987 <>
    >>writes
    >>> Chris Hills wrote:
    >>>
    >>>> In article <Xns9A1823D9220Dtoelavabitcom@194.125.133.14>, Tomás Ó
    >>>> hÉilidhe <> writes
    >>>>> I'm writing fullportable C89 code that needs to make use of the SHA-1
    >>>>> algorithm. Does anyone know if there's been a fully-portable C89
    >>>>> implementation of the SHA-1 algorithm?
    >>>> You will probably want an ISO C95 version. C89 was superseded by ISO
    >>>> C90 and some amendments in 93-95. You will find more compilers support
    >>>> c95 than anything else.
    >>> I don't think C95 added anything useful to implement the SHA-1 algorithm,
    >>> or that it broke any C89 program.

    >> Then why reference an obsolete standard?

    >
    >You know C95 is obsolete, right?


    Yes but it is the one that most compiler vendors used.

    --
    \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
    \/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
    /\/\/ www.phaedsys.org \/\/\
    \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
     
    Chris Hills, Jan 1, 2008
    #9
  10. Chris Hills <> writes:
    > In article <fldv43$377$>, Philip Potter <>
    > writes

    [...]
    >>You know C95 is obsolete, right?

    >
    > Yes but it is the one that most compiler vendors used.


    Most, but not all. In a discussion here a while ago, it was said that
    some implementations support C90 but not C95. Given that C95 is a
    superset of C90, more vendors support C90 than C95, and using
    C95-specific features in SHA-1 code would make that code slightly less
    portable.

    --
    Keith Thompson (The_Other_Keith) <>
    [...]
    "We must do something. This is something. Therefore, we must do this."
    -- Antony Jay and Jonathan Lynn, "Yes Minister"
     
    Keith Thompson, Jan 1, 2008
    #10
  11. Tomás Ó hÉilidhe

    Thad Smith Guest

    Tomas wrote:

    > (SHA-1 is a cryptographic hash function. For info on what SHA-1 is:
    > http://en.wikipedia.org/wiki/SHA-1)
    >
    > I'm writing fullportable C89 code that needs to make use of the SHA-1
    > algorithm. Does anyone know if there's been a fully-portable C89
    > implementation of the SHA-1 algorithm?


    A fully portable implementation could consider the input as either a stream
    of octets, one per byte, or a stream of bits, with log2(UCHAR_MAX+1) bits
    per byte. You would need to decide which. Perhaps you would want both
    implementations.

    Looking at the implementation referenced by user923005 at
    http://www.mirrors.wiretapped.net/security/cryptography/algorithms/, it
    shouldn't be too much extra work to accept a stream of octets using the low
    order 8 bits / byte. The conditional little endian code can be eliminated
    by assembling a 32-bit value from four consecutive bytes.

    --
    Thad
     
    Thad Smith, Jan 1, 2008
    #11
  12. Thad Smith <> wrote in comp.lang.c:

    > A fully portable implementation could consider the input as either a
    > stream of octets, one per byte, or a stream of bits, with
    > log2(UCHAR_MAX+1) bits per byte. You would need to decide which.
    > Perhaps you would want both implementations.
    >
    > Looking at the implementation referenced by user923005 at
    > http://www.mirrors.wiretapped.net/security/cryptography/algorithms/,
    > it shouldn't be too much extra work to accept a stream of octets using
    > the low order 8 bits / byte. The conditional little endian code can
    > be eliminated by assembling a 32-bit value from four consecutive
    > bytes.



    Exactly, I'd like to use bytes (whether they be 8-Bit, 9-Bit, or 53-Bit) to
    store each octet, using only the least significant eight bits for each
    octet's value.

    I'll let you know how I get on... but first I've to read up on hash
    functions :-O

    --
    Tomás Ó hÉilidhe
     
    Tomás Ó hÉilidhe, Jan 1, 2008
    #12
  13. Tomás Ó hÉilidhe

    CBFalconer Guest

    "Tomás Ó hÉilidhe" wrote:
    >

    .... snip ...
    >
    > I'll let you know how I get on... but first I've to read up on
    > hash functions :-O


    When hashing char strings, the following utility functions are
    efficient and I have found them to be quite adequate. Another
    useful multiplicative constant is 33. The following is an extract
    from hashlib.zip, available at:

    <http://cbfalconer.home.att.net/download/>

    (while hashlib is under GPL, these functions are long known and
    public domain)

    /* ============= Useful generic functions ============= */

    /* NOTE: hash is called once per operation, while rehash is
    called _no more_ than once per operation. Thus it
    is preferable that hash be the more efficient.
    */

    /* Hash a string quantity */
    unsigned long hshstrhash(const char * string) {
    unsigned long h;

    h = 0;
    while (*string) {
    h = h * 31UL + (unsigned char) *string++;
    }
    return h;
    } /* hshstrhash */

    /* 1------------------1 */

    /* ReHash a string quantity */
    unsigned long hshstrehash(const char * string) {
    unsigned long h;

    h = 0;
    while (*string) {
    h = h * 37UL + (unsigned char) *string++;
    }
    return h;
    } /* hshstrehash */

    --
    Merry Christmas, Happy Hanukah, Happy New Year
    Joyeux Noel, Bonne Annee, Frohe Weihnachten
    Chuck F (cbfalconer at maineline dot net)
    <http://cbfalconer.home.att.net>



    --
    Posted via a free Usenet account from http://www.teranews.com
     
    CBFalconer, Jan 2, 2008
    #13
  14. Tomás Ó hÉilidhe

    Chris Hills Guest

    In article <Xns9A18EAC43A6B9toelavabitcom@194.125.133.14>, Tomás Ó
    hÉilidhe <> writes
    >Thad Smith <> wrote in comp.lang.c:
    >
    >> A fully portable implementation could consider the input as either a
    >> stream of octets, one per byte, or a stream of bits, with
    >> log2(UCHAR_MAX+1) bits per byte. You would need to decide which.
    >>Perhaps you would want both implementations.
    >> Looking at the implementation referenced by user923005 at
    >>http://www.mirrors.wiretapped.net/security/cryptography/algorithms/,
    >> it shouldn't be too much extra work to accept a stream of octets using
    >> the low order 8 bits / byte. The conditional little endian code can
    >> be eliminated by assembling a 32-bit value from four consecutive
    >> bytes.

    >
    >
    >Exactly, I'd like to use bytes (whether they be 8-Bit, 9-Bit, or
    >53-Bit) to store each octet, using only the least significant eight
    >bits for each octet's value.


    That is not efficient. You are unlikely to find any decent crypto code
    doing that because they usually need speed and compact size.
    --
    \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
    \/\/\/\/\ Chris Hills Staffs England /\/\/\/\/
    /\/\/ www.phaedsys.org \/\/\
    \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
     
    Chris Hills, Jan 2, 2008
    #14
  15. Chris Hills <> wrote in comp.lang.c:

    > That is not efficient. You are unlikely to find any decent crypto code
    > doing that because they usually need speed and compact size.



    I know it's not efficient. My program only runs the algorithm once though,
    so I doubt the human observer will notice a difference between 1ms and 5ms,
    even though it's a 400% increase.

    --
    Tomás Ó hÉilidhe
     
    Tomás Ó hÉilidhe, Jan 2, 2008
    #15
  16. Tomás Ó hÉilidhe

    Tor Rustad Guest

    "Tom" wrote:
    >
    > (SHA-1 is a cryptographic hash function. For info on what SHA-1 is:
    > http://en.wikipedia.org/wiki/SHA-1)
    >
    > I'm writing fullportable C89 code that needs to make use of the SHA-1
    > algorithm. Does anyone know if there's been a fully-portable C89
    > implementation of the SHA-1 algorithm?
    >
    > If not, could someone please point me to a very good implementation of
    > the algorithm, an implementation which is very portable (perhaps
    > portable to machines with 8-Bit bytes and which have exact 16-Bit,
    > 32-Bit and 64-Bit integer types)?
    >
    > I've done a few Google searches but I'm getting back a lot of
    > sub-standard platform-specific code.


    Just look in one of the well known crypto libraries... SSH, OpenSSL,
    cryptlib etc. etc.

    The implementation I have been using for a decade, is (almost) ISO C90,
    and has been used on mainframes to embedded systems, big-endian and
    little-endian systems. There are many more implementations around,
    equally portable.

    --
    Tor < | tr i-za-h a-z>
     
    Tor Rustad, Jan 4, 2008
    #16
  17. Tor Rustad <> wrote in comp.lang.c:

    > The implementation I have been using for a decade, is (almost) ISO C90,
    > and has been used on mainframes to embedded systems, big-endian and
    > little-endian systems.



    Might I ask where I can get my hands on the one you've been using?

    --
    Tomás Ó hÉilidhe
     
    Tomás Ó hÉilidhe, Jan 4, 2008
    #17
  18. Tomás Ó hÉilidhe

    CBFalconer Guest

    "Tomás Ó hÉilidhe" wrote:
    > Tor Rustad <> wrote in comp.lang.c:
    >
    >> The implementation I have been using for a decade, is (almost)
    >> ISO C90, and has been used on mainframes to embedded systems,
    >> big-endian and little-endian systems.

    >
    > Might I ask where I can get my hands on the one you've been using?


    Try "gcc -W -Wall -ansi -pedantic"

    --
    Chuck F (cbfalconer at maineline dot net)
    <http://cbfalconer.home.att.net>
    Try the download section.



    --
    Posted via a free Usenet account from http://www.teranews.com
     
    CBFalconer, Jan 4, 2008
    #18
  19. Tomás Ó hÉilidhe

    Ian Collins Guest

    CBFalconer wrote:
    > "Tomás Ó hÉilidhe" wrote:
    >> Tor Rustad <> wrote in comp.lang.c:
    >>
    >>> The implementation I have been using for a decade, is (almost)
    >>> ISO C90, and has been used on mainframes to embedded systems,
    >>> big-endian and little-endian systems.

    >> Might I ask where I can get my hands on the one you've been using?

    >
    > Try "gcc -W -Wall -ansi -pedantic"
    >

    I didn't know gcc doubled as a search engine....

    --
    Ian Collins.
     
    Ian Collins, Jan 4, 2008
    #19
  20. CBFalconer <> writes:
    > "Tomás Ó hÉilidhe" wrote:
    >> Tor Rustad <> wrote in comp.lang.c:
    >>
    >>> The implementation I have been using for a decade, is (almost)
    >>> ISO C90, and has been used on mainframes to embedded systems,
    >>> big-endian and little-endian systems.

    >>
    >> Might I ask where I can get my hands on the one you've been using?

    >
    > Try "gcc -W -Wall -ansi -pedantic"


    I believe the question was about an implementation of SHA-1, not of C.

    --
    Keith Thompson (The_Other_Keith) <>
    [...]
    "We must do something. This is something. Therefore, we must do this."
    -- Antony Jay and Jonathan Lynn, "Yes Minister"
     
    Keith Thompson, Jan 4, 2008
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Almad

    sha-2 and sha-512 bindings

    Almad, May 4, 2005, in forum: Python
    Replies:
    1
    Views:
    685
  2. sha, PyCrypto, SHA-256

    , Dec 16, 2006, in forum: Python
    Replies:
    3
    Views:
    2,351
    Tim Henderson
    Dec 19, 2006
  3. G Patel
    Replies:
    1
    Views:
    567
  4. Frederick Gotham

    Fully-portable version of limits.h

    Frederick Gotham, Sep 18, 2006, in forum: C Programming
    Replies:
    4
    Views:
    322
    =?ISO-8859-1?Q?=22Nils_O=2E_Sel=E5sdal=22?=
    Sep 19, 2006
  5. myalo
    Replies:
    4
    Views:
    1,400
    A. Sinan Unur
    Nov 28, 2007
Loading...

Share This Page