##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

sha1dc: manually define integer types on msvc 2008...
Gregory Szorc -
r44540:ef36156e default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,110 +1,117 b''
1 1 /***
2 2 * Copyright 2017 Marc Stevens <marc@marc-stevens.nl>, Dan Shumow <danshu@microsoft.com>
3 3 * Distributed under the MIT Software License.
4 4 * See accompanying file LICENSE.txt or copy at
5 5 * https://opensource.org/licenses/MIT
6 6 ***/
7 7
8 8 #ifndef SHA1DC_SHA1_H
9 9 #define SHA1DC_SHA1_H
10 10
11 11 #if defined(__cplusplus)
12 12 extern "C" {
13 13 #endif
14 14
15 15 #ifndef SHA1DC_NO_STANDARD_INCLUDES
16 /* PY27 this can be changed to a straight #include once Python 2.7 is
17 dropped, since this is for MSVC 2008 support. */
18 #if !defined(_MSC_VER) || _MSC_VER >= 1600
16 19 #include <stdint.h>
20 #else
21 typedef unsigned __int32 uint32_t;
22 typedef unsigned __int64 uint64_t;
23 #endif
17 24 #endif
18 25
19 26 /* sha-1 compression function that takes an already expanded message, and additionally store intermediate states */
20 27 /* only stores states ii (the state between step ii-1 and step ii) when DOSTORESTATEii is defined in ubc_check.h */
21 28 void sha1_compression_states(uint32_t[5], const uint32_t[16], uint32_t[80], uint32_t[80][5]);
22 29
23 30 /*
24 31 // Function type for sha1_recompression_step_T (uint32_t ihvin[5], uint32_t ihvout[5], const uint32_t me2[80], const uint32_t state[5]).
25 32 // Where 0 <= T < 80
26 33 // me2 is an expanded message (the expansion of an original message block XOR'ed with a disturbance vector's message block difference.)
27 34 // state is the internal state (a,b,c,d,e) before step T of the SHA-1 compression function while processing the original message block.
28 35 // The function will return:
29 36 // ihvin: The reconstructed input chaining value.
30 37 // ihvout: The reconstructed output chaining value.
31 38 */
32 39 typedef void(*sha1_recompression_type)(uint32_t*, uint32_t*, const uint32_t*, const uint32_t*);
33 40
34 41 /* A callback function type that can be set to be called when a collision block has been found: */
35 42 /* void collision_block_callback(uint64_t byteoffset, const uint32_t ihvin1[5], const uint32_t ihvin2[5], const uint32_t m1[80], const uint32_t m2[80]) */
36 43 typedef void(*collision_block_callback)(uint64_t, const uint32_t*, const uint32_t*, const uint32_t*, const uint32_t*);
37 44
38 45 /* The SHA-1 context. */
39 46 typedef struct {
40 47 uint64_t total;
41 48 uint32_t ihv[5];
42 49 unsigned char buffer[64];
43 50 int found_collision;
44 51 int safe_hash;
45 52 int detect_coll;
46 53 int ubc_check;
47 54 int reduced_round_coll;
48 55 collision_block_callback callback;
49 56
50 57 uint32_t ihv1[5];
51 58 uint32_t ihv2[5];
52 59 uint32_t m1[80];
53 60 uint32_t m2[80];
54 61 uint32_t states[80][5];
55 62 } SHA1_CTX;
56 63
57 64 /* Initialize SHA-1 context. */
58 65 void SHA1DCInit(SHA1_CTX*);
59 66
60 67 /*
61 68 Function to enable safe SHA-1 hashing:
62 69 Collision attacks are thwarted by hashing a detected near-collision block 3 times.
63 70 Think of it as extending SHA-1 from 80-steps to 240-steps for such blocks:
64 71 The best collision attacks against SHA-1 have complexity about 2^60,
65 72 thus for 240-steps an immediate lower-bound for the best cryptanalytic attacks would be 2^180.
66 73 An attacker would be better off using a generic birthday search of complexity 2^80.
67 74
68 75 Enabling safe SHA-1 hashing will result in the correct SHA-1 hash for messages where no collision attack was detected,
69 76 but it will result in a different SHA-1 hash for messages where a collision attack was detected.
70 77 This will automatically invalidate SHA-1 based digital signature forgeries.
71 78 Enabled by default.
72 79 */
73 80 void SHA1DCSetSafeHash(SHA1_CTX*, int);
74 81
75 82 /*
76 83 Function to disable or enable the use of Unavoidable Bitconditions (provides a significant speed up).
77 84 Enabled by default
78 85 */
79 86 void SHA1DCSetUseUBC(SHA1_CTX*, int);
80 87
81 88 /*
82 89 Function to disable or enable the use of Collision Detection.
83 90 Enabled by default.
84 91 */
85 92 void SHA1DCSetUseDetectColl(SHA1_CTX*, int);
86 93
87 94 /* function to disable or enable the detection of reduced-round SHA-1 collisions */
88 95 /* disabled by default */
89 96 void SHA1DCSetDetectReducedRoundCollision(SHA1_CTX*, int);
90 97
91 98 /* function to set a callback function, pass NULL to disable */
92 99 /* by default no callback set */
93 100 void SHA1DCSetCallback(SHA1_CTX*, collision_block_callback);
94 101
95 102 /* update SHA-1 context with buffer contents */
96 103 void SHA1DCUpdate(SHA1_CTX*, const char*, size_t);
97 104
98 105 /* obtain SHA-1 hash from SHA-1 context */
99 106 /* returns: 0 = no collision detected, otherwise = collision found => warn user for active attack */
100 107 int SHA1DCFinal(unsigned char[20], SHA1_CTX*);
101 108
102 109 #if defined(__cplusplus)
103 110 }
104 111 #endif
105 112
106 113 #ifdef SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_H
107 114 #include SHA1DC_CUSTOM_TRAILING_INCLUDE_SHA1_H
108 115 #endif
109 116
110 117 #endif
General Comments 0
You need to be logged in to leave comments. Login now