This paper mainly describes the process of computing the Information digest using the SHA1 algorithm.

Security System (0)--encryption and decryption algorithm, message digest, message authentication technology, digital signature and public key certificate

Security System (i)--des algorithm detailed

Security System (ii)--RSA algorithm detailed

In order to ensure the security of transmission information, in addition to the information encryption, it is necessary to authenticate the information. The purpose of certification is two: one is to verify that the sender of the information is legal, and the second is to verify the integrity of the information. The hash function is an effective means for information authentication.

1.Hash function and message integrity

The hash function is also called a hash function or hash function, the function input is a variable length x, the output is a fixed length string, which is called the input x hash value or digital fingerprint.

Because the hash function is a many-to-one function, the different input corresponds to the same output, it is difficult to find the inverse, the value of a given input calculation hash must be very easy, but from the hash value of the inverse input is difficult, so also called hash function is a one-way hash function.

Hash functions generally meet the following basic requirements:

1). Input x can be any length

2). Fixed output data length

3). Easy to calculate, given any x, it is easy to calculate the hash value of X

4). One-way function, which gives a hash value, makes it difficult to calculate the original input x in reverse.

5). Uniqueness, that is difficult to find out two different inputs will get the same hash output value

Hash length is determined by the type of the algorithm, independent of the input message size, generally 128bit or 160bit, even if the difference between two messages is very small, such as only one or two-bit difference, the results of the hash function will be very different, Using the same algorithm to hash a message can only obtain a hash value that is only determined.

A safe one-way iterative function is to construct the security message hash is worthy of the core and the foundation, with a good one-way iterative function, you can use the appropriate iterative method to construct the iterative hash function, the hash function of the security design theory has the following two points: one is the one-way function, and the other is the randomness of function mapping. The common hash algorithm is MD-5, SHA and so on.

Introduction to the 2.SHA1 algorithm

SHA (Security hash algorithm) is a standard hash algorithm for the NIST and NSA designs in the United States, originally published in 93, known as SHA-0, because of the security implications that were soon discovered, and a second version of SHA-1 was released in 95. In 02, NIST released SHA-256, SHA-384, SHA-512, which are collectively known as SHA-2. SHA-224 was added in 08. At present, the SHA-2 versions have become mainstream.

Here take SHA1 as an example to explain the SHA algorithm, the other series of similar principles. The SHA1 features are:

1). Cannot use message digest to restore information;

2). Different messages produce different message digests.

**3.**
**Terminology and Concepts**
**3.1**
**bit** (

**bit)**
**, bytes (**
byte

**), and Word (**
**word**
**)**
SHA1 the message as a bitwise (BIT) string. The smallest unit is called a bit, 8 bits make up one byte, and two bytes make up one word.

For example, the string "ABC" is converted into a bit string that is 01100001 01100010 01100011, and the conversion to a 16 binary string is 0x616263.

**3.2**
**operators and symbols**
The following logical operators Act on the word

X^y = X, Y logic and

X \ y = x, y logic or

x XOR y= x, Y logic XOR

~x = X logical Inverse

X+y definition: The word x and y represent two integers x and y, where 0 <= X < 2^32 and 0 <= Y < 2^32. Make integer z = (x + y) mod 2^32. This time 0 <= Z < 2^32. Convert Z to character z, then z = X + Y.

Cyclic left shift operator SN (x): X is a word, n is an integer, 0<=n<=32. Sn (X) = (x<<n) OR (x>>32-n). This is easy to understand, such as x=11111111 00000001 00000001 00000000,n=5, then sn (X) =111 00000001 00000001 00000000 11111.

X<<n definition: Discard the leftmost n digits, move the bits to the left n bits, then fill the right n bits with 0 (the last result or 32 bits).

X>>n definition: Discard the right n bits, move each bit to the right n bits, then fill 0 on the left n bits.

**4.sha1**
**algorithm** 4.1. Convert the message to a bit string

Because the SHA1 algorithm only accepts bits as input, the original message (such as a string, file, and so on) must be converted into a bit string before it is evaluated.

For example, a message digest is generated for the string "abc", ' A ' =97 ' B ' =98 ' c ' = 99, first converted to a 24-bit string:01100001 01100010 01100011

4.2. Perform a bitwise operation on the converted bit string

The message must be interpolated so that the remainder of its length after modulo 512 is 448, i.e. (the length of the message after the complement)%512 = 448.

When the message is in the complement, the first one 1, if not meet the requirements, and then fill 0 until the 512 modulo remainder to meet 448. This means that the complement is at least one bit (the original message bit is 512n+447), up to 512 bits (the original message bit number is 512n+448).

Or the previous "ABC" example to show the process of the complement:

Original information: 01100001 01100010 01100011

Complement the first step, first fill a 1:01100001 01100010 01100011 1

You can be sure that if you use a byte to represent a character, you must not satisfy the condition after 1, and you still need to continue to fill the position.

Complement the second step, the back of 0 until the total length of 512 modulo remainder is 448, here to fill 423 0, so that the total length reached 448:

01100001 01100010 01100011 1 000.....00

The data is converted to 16 after the completion of the complement:

616263 00000000 00000000 00000000

00000000 00000000 00000000 00000000

00000000 00000000 00000000 00000000

00000000 00000000

From the 16 binary data can be seen, we can also directly use the 16-way to complement , we first fill 80, to see if the length of 64 to take the result of the remainder is 56, do not meet to continue to fill 0.

You can think for yourself why you can make up 80.

**4.3** **Additional length information**

In this step, the length (binary digits) of the original message (before the complement operation) is appended to the already-completed message .

Typically, a 64-bit data is used to represent the length of the original message. If the message length is less than 2^64, then the first word is 0.

After the operation of the complement length, the entire message (16 binary) is as follows:

616263 00000000 00000000 00000000

00000000 00000000 00000000 00000000

00000000 00000000 00000000 00000000

00000000 00000000 00000000 00000018

Then, the entire message is split into a single 512-bit block of M1,m2,...,mn, and then each block of mi (1≤i≤n) is processed to get a message digest.

Note that this is 64 bits, the length after the last step is 512k+448,k≥0, so that 512k+448+64=512 (k+1), exactly divisible by 512 .

In our example, there are only 512 bits, so it is processed as a block of data.

**constants and functions used by** 4.4

A series of constant characters K (0), K (1), ..., K (79), if given in 16, they are as follows:

Kt = 0x5a827999 (0 <= T <= 19)

Kt = 0X6ED9EBA1 (<= t <= 39)

Kt = 0X8F1BBCDC (<= t <= 59)

Kt = 0xca62c1d6 (<= t <= 79)

In SHA1 we need a series of functions. Each function ft (0 <= T <= 79) operates a 32-bit word b,c,d and produces a 32-bit word as output. FT (b,c,d) can be defined as follows

FT (b,c,d) = (b and C) OR ((not B) and D) (0 <= T <= 19)

FT (b,c,d) = B xor C xor D (<= T <= 39)

FT (b,c,d) = (b and C) or (b and D) or (C and D) (<= T <= 59)

FT (b,c,d) = B xor C xor D (<= T <= 79)

**4.5**
**Compute message digest**
The message digest is calculated using the message with the complement and complement length.

Calculate the required buffers:

1). two consists of 5 32-bit words in a buffer BUF1 and BUF2, BUF1 's 5 32-bit buffers are identified as A,B,C,D,E,BUF2 5 32-bit buffers that are identified as H0,H1,H2,H3,H4.

2). a buffer of 80 32-bit words BUF3, according to 32 bits, is identified in turn as W0, W1,..., W79.

3). a 1-word temp buffer .

To calculate the message digest:

In 3.2, we append the data of the complement to the length information and then divide it into a single 512-bit (16-word) block of data m1,m2,..., Mn, where each chunk of mi (1≤i≤n) is processed sequentially.

Before processing each chunk of MI (1≤i≤n), initialize the buffer h0,h1,h2,h3,h4 to the following value (16 binary):

H0 = 0x67452301

H1 = 0xefcdab89

H2 = 0x98badcfe

H3 = 0x10325476

H4 = 0xc3d2e1f0.

Next process Mi (1≤i≤n), the steps are as follows :

1). Divide each mi into 16 characters (32 bits per word) W0, W1, ..., W15, W0 is the leftmost word;

When n mi is divided, it becomes w0,w1,..., w15,w16,..., w31,w32,... W79;

2). For t = 16 to 79 Make Wt = S1 (Wt-3 xor Wt-8 xor Wt-14 xor Wt-16);

3). Make A = H0, B = H1, C = H2, D = H3, E = H4;

4) for t = 0 to 79, perform the following loop

TEMP = S5 (A) + ft (b,c,d) + E + Wt + Kt;

E = D;

D = C;

C = S30 (B);

B = A;

A = TEMP;

5). Make H0 = H0 + A, H1 = H1 + B, H2 = H2 + C, H3 = H3 + D, H4 = H4 + E.

After all Mi (1≤i≤n) is processed, a 160-bit (5 32-bit word) String message digest is obtained H0 H1 H2 H3 H4.

Security System (iii)--SHA1 algorithm detailed