Implementation and explanation of "cryptography" SHA1 algorithm

1 SHA1 Algorithm Introduction

Secure Hash algorithm is primarily intended for digital Signature algorithm DSA, which is defined in the digital Signature standard DSS. For messages that are less than 2^64 bits in length, SHA1 produces a 160-bit message digest. When a message is received, this message digest can be used to verify the integrity of the data. As the data is likely to change during transmission, a different message digest is generated.

SHA1 has the following characteristics: It is not possible to recover information from a message digest; two different messages do not produce the same message digest.

2 Terminology and concepts

2.1-bit (bit), Byte (byte), and Word (word)

SHA1 always treats the message as a bit string. In this article, a word is 32 bits, and a "byte" (Byte) is a 8-bit. For example, the string "abc" can be converted to a bit string: 01100001 01100010 01100011. It can also be represented as a 16 binary string: 0x616263.

2.2 Operators and symbols

The following logical operators are used in Word

X^y = X, Y logic and

X \ y = x, y logic or

x XOR y= x, Y logic XOR

~x = X logical Inverse

X+y is defined as follows:

The words x and y represent two integers x and y, where 0 <= x < 2^32 and 0 <= Y < 2^32. Make integer z = (x + y) mod 2^32. This time 0 <= Z < 2^32. Convert Z to character z, then z = X + Y.

Loop left shift operator SN (X). X is a word, n is an integer, 0<=n<=32. Sn (X) = (x<<n) OR (x>>32-n)

X<<n is defined as follows: Discard the leftmost n digits, move the bits to the left n bits, and then fill the right n bits with 0 (the last result or 32 bits). X>>n is to discard the n bits on the right, move each bit to the right n bits, and then fill 0 on the left n bits. So it can be called SN (X) bit cyclic shift operation

3 SHA1 Algorithm Description

In the SHA1 algorithm, we must convert the original message (string, file, etc.) into a bit string. The SHA1 algorithm only accepts bits as input. Suppose we generate a message digest for the string "abc". First, we convert it into a bit string as follows:

01100001 01100010 01100011

―――――――――――――

' A ' =97 ' B ' =98 ' C ' =99

The length of this bit string is 24. Below we need 5 steps to calculate the MD5.

3.1 Fill-in

The message must be interpolated so that its length is 448 after the remainder of modulo 512. That is, (the message length after the complement)%512 = 448. Even if the length has been satisfied with 512 modulo after the remainder is 448, the complement must also be carried out.

The complement is done in this way: First fill a 1, and then 0, until the length satisfies the 512 modulo the remainder is 448. In short, the complement is at least one complement, up to 512 bits. Or the previous "ABC" as an example to show the process of the complement.

Original information: 01100001 01100010 01100011

Complement first step: 01100001 01100010 01100011 1

First, a "1"

Complement Step two: 01100001 01100010 01100011 10.....0

Then fill 423 "0"

We can write the final completion of the data with 16 binary as the following look

61626380 00000000 00000000 00000000

00000000 00000000 00000000 00000000

00000000 00000000 00000000 00000000

00000000 00000000

Now that the length of the data is 448, we can do the next step.

3.2 Complement length

The so-called complement length is the length of the original data that is appended to the message that has already done the complement operation. Typically, a 64-bit data is used to represent the length of the original message. If the message length is less than 2^64, then the first word is 0. After the completion of the length of the operation, the entire message becomes the following (16 binary format)

61626380 00000000 00000000 00000000

00000000 00000000 00000000 00000000

00000000 00000000 00000000 00000000

00000000 00000000 00000000 00000018

If the original message is longer than 512, we need to fill it in multiples of 512. We then divide the entire message into a 512-bit block of data, processing each block of data, to get a message digest.

3.3 Constants Used

A series of constant characters K (0), K (1), ..., K (79), if given in 16. They are as follows:

Kt = 0x5a827999 (0 <= T <= 19)

Kt = 0X6ED9EBA1 (<= t <= 39)

Kt = 0X8F1BBCDC (<= t <= 59)

Kt = 0xca62c1d6 (<= t <= 79).

3.4 Functions that need to be used

In SHA1 we need a series of functions. Each function ft (0 <= T <= 79) operates a 32-bit word b,c,d and produces a 32-bit word as output. FT (b,c,d) can be defined as follows

FT (b,c,d) = (b and C) OR ((not B) and D) (0 <= T <= 19)

FT (b,c,d) = B xor C xor D (<= T <= 39)

FT (b,c,d) = (b and C) or (b and D) or (C and D) (<= T <= 59)

FT (b,c,d) = B xor C xor D (<= T <= 79).

3.5 Summary of calculated messages

The message digest must be computed using the message with the complement and the length of the complement. The calculation requires two buffers, each consisting of 5 32-bit words, and a buffer of 80 32-bit words. The first 5-word buffer is identified as a,b,c,d,e. The first 5-word buffer is identified as H0,H1, H2, H3, H4

。 A buffer of 80 characters is identified as W0, W1,..., W79

In addition, a single word of the temp buffer is required.

In order to generate a message digest, the 16-word data block defined in part 4th M1, M2,..., Mn

is processed sequentially, each block of MI consists of 80 steps.

The buffer {Hi} is initialized to the following value (16 binary) before processing each block of data

H0 = 0x67452301

H1 = 0xefcdab89

H2 = 0x98badcfe

H3 = 0x10325476

H4 = 0xc3d2e1f0.
Now start dealing with M1, M2, ..., Mn. In order to process Mi, the following steps are required

(1). Divide Mi into 16 characters W0, W1, ..., W15, W0 is the leftmost word.

(2). For t = 16 to 79 Make Wt = S1 (Wt-3 xor Wt-8 xor Wt-14 xor Wt-16).

(3). Make A = H0, B = H1, C = H2, D = H3, E = H4.

(4) for t = 0 to 79, perform the following loop

TEMP = S5 (A) + ft (b,c,d) + E + Wt + Kt;

E = D; D = C; C = S30 (B); B = A; A = TEMP;

(5). Make H0 = H0 + A, H1 = H1 + B, H2 = H2 + C, H3 = H3 + D, H4 = H4 + E.
After all Mn has been processed, the message digest is a 160-bit string that is identified in the following order

H0 H1 H2 H3 H4.

For sha256,sha384,sha512. You can also calculate the message digest in a similar way. The algorithm for filling the message is exactly the same.

4 references

1:fips 180-1 Secure Hash standard:http://www.itl.nist.gov/fipspubs/fip180-1.htm

2:secure Hash Standard:http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf

Implementation and explanation of "cryptography" SHA1 algorithm