CodeProject: CSHA1 - A C++ Class Implementation of the SHA-1 Hash Algorithm. Free source code and programming help

Announcements

	Windows 7 Comp Win a laptop!
	Monthly Competition

Articles

Desktop Development

Web Development

Enterprise Systems

Content Management Server

Microsoft BizTalk Server

SQL Reporting Services

Platforms, Frameworks & Libraries

Windows Communication Foundation

Windows Presentation Foundation

Windows Workflow Foundation

Cryptography & Security

Threads, Processes & IPC

WinHelp / HTMLHelp

Uncategorised Quick Answers

Graphics / Design

Expression

Usability

Development Lifecycle

Debug Tips

Design and Architecture

Uncategorised Technical Blogs

Services

Code-signing Certificates

Job Board

CodeProject VS2008 Addin

Feature Zones

Product Showcase

Code Signing Resources

WhitePapers / Webcasts

ASP.NET Web Hosting

Advanced Search
Add to IE Search

Discuss

Report

49 votes for this article.

Popularity: 7.85 Rating: 4.65 out of 5

Description of the Secure Hash Algorithm SHA-1
CSHA1 Class Description
CSHA1 Usage Samples: Hashing Binary Data and Strings
CSHA1 Usage Samples: Hashing Files
References
Version History

Description of the Secure Hash Algorithm SHA-1

The Secure Hash Algorithm SHA-1 is a cryptographically secure one-way hash algorithm. It was designed by the NIST (National Institute of Standards and Technology), along with the NSA (National Security Agency). SHA-1 is based on the Message Digest MD4 algorithm design principles by Ronald L. Rivest of MIT.

Well, I think I don't have to explain what you can do with cryptographic hash algorithms. For an example of what you can do with such algorithms, see this CodeProject article (CMD5 class).

For more information about SHA-1, see references [1] and [2].

CSHA1 Class Description

The CSHA1 class is an easy-to-use class for the SHA-1 hash algorithm.

If you want to test whether your implementation of the class is working, try the test vectors in the 'TestVectors' directory in the demo zip file. You can find the correct final hash values in the header file of the CSHA1 class.

Class members of the CSHA1 class:

```
void Reset(); 
```
This member function resets the class. You have to call this method when using CSHA1 more than once. This method is called automatically in the constructor and the destructor of the class so if you only hash one single data stream you don't need to call Reset() manually.
```
void Update(const unsigned char* pbData, unsigned int uLen); 
```
Use this method to hash in a data stream. Data in const unsigned char* pbData, length of stream has to be submitted in unsigned int uLen. Length in bytes.
```
bool HashFile(const TCHAR* tszFileName); 
```
This method hashes file contents into the current state. If hashing was successful, the method returns true, otherwise false. If you use this member function, you don't need to make any call to the Update(...) method. After HashFile(...), you should call the Final() method immediately. You have to call Final() before getting the message digest of the file using the methods ReportHash(...) and GetHash(...).
```
void Final(); 
```
When you have hashed in all data to hash, call this method. This will compute the final SHA-1 message digest and it is therefore needed to call this method before ReportHash(...) and GetHash(...).
```
void ReportHash(TCHAR* tszReport, REPORT_TYPE rtReportType); 
```
After calling the Final method, you can get the message digest using this method. The result is stored as string in tszReport. Valid format types for uReportType are REPORT_HEX, REPORT_DIGIT and REPORT_HEX_SHORT. If you use REPORT_HEX the returned string looks like 5F A9 FB 34..., using REPORT_DIGIT this method returns the message digest in the form 129 67 5 98... . REPORT_HEX_SHORT is the same as REPORT_HEX, just without separating spaces.
```
void GetHash(unsigned char* pbDest); 
```
If you don't want to get the hash in a pre-formatted string like ReportHash, you can use this method. This method copies the final message digest (call Final before!) to pbDest. pbDest must be able to hold at least 20 bytes (SHA-1 produces a 160-bit / 20-byte hash).

Hashing Binary Data and Strings

CSHA1 sha1;
sha1.Update(string0, strlen(string0));
sha1.Update(string1, strlen(string1));
sha1.Update(binary2, uSizeOfBufferBinary2);
sha1.Update(binary3, uSizeOfBufferBinary3);
sha1.Final();

sha1.ReportHash(szReport, CSHA1::REPORT_HEX_SHORT);
// or
sha1.GetHash(binaryArray);

I will comment each line of the example above now.

First declare an instance of the CSHA1 class:

CSHA1 sha1;

Now hash in the data like this:

sha1.Update((unsigned char *)szString, strlen(szString));

You can call this method as often as you wish.

When you hashed in all data, call the Final() member function:

sha1.Final();

If you want to get the final message digest as a pre-formatted string, use this:

sha1.ReportHash(szReport, CSHA1::REPORT_HEX_SHORT);

If you want to get the final message digest in "raw form":

sha1.GetHash(binaryArray); // Get the raw message digest bytes

Hashing Files

Hashing files is the same process as hashing strings and binary data but instead of using the Update method you use the HashFile member function of the class.

For more comments, see the string/binary data hashing example above.

CSHA1 sha1;
sha1.HashFile("TheFile.cpp"); // Hash in the contents of the file
                              // 'TheFile.cpp'
sha1.Final();

sha1.ReportHash(szReport, CSHA1::REPORT_HEX); // Get final hash as
                                              // pre-formatted string
// or
sha1.GetHash(binaryArray); // Get the raw message digest bytes to a
                           // temporary buffer

References

[1] RFC 3174: US Secure Hash Algorithm 1 (SHA1)
[2] Bruce Schneier, "Applied Cryptography", pages 442-445

Version History

16 Mar 2009 - 1.8
- Converted project files to Visual Studio 2008 format
- Added Unicode support for HashFile utility method
- Added support for hashing files using the HashFile method that are larger than 2 GB
- HashFile now returns an error code instead of copying an error message into the output buffer
- GetHash now returns an error code and validates the input parameter
- Added ReportHashStl STL utility method
- Added REPORT_HEX_SHORT reporting mode
- Improved Linux compatibility of test program
21 Dec 2006 - 1.7
- Fixed buffer underrun warning that appeared when compiling with Borland C Builder (thanks to Rex Bloom and Tim Gallagher for the patch)
- Breaking change: ReportHash writes the final hash to the start of the buffer, i.e. it's not appending it to the string anymore
- Made some function parameters const
- Added Visual Studio 2005 project files to demo project
07 Feb 2005 - 1.6 Thanks to Howard Kapustein for the following patches:
- You can set the endianness in your files, no need to modify the header file of the CSHA1 class anymore
- Aligned data support
- Made support/compilation of the utility functions (ReportHash and HashFile) optional (useful when bytes count, for example in embedded environments)
1 Jan 2005 - 1.5
- 64-bit compiler compatibility added
- Made variable wiping optional (define SHA1_WIPE_VARIABLES)
- Removed unnecessary variable initializations
- ROL32 improvement for the Microsoft compiler (using _rotl)
22 Jul 2004 - 1.4
- CSHA1 now compiles fine with GCC 33 under MacOS X (thanks to Larry Hastings)
17 Aug 2003 - 1.3
- Fixed a small memory bug and made a buffer array a class member to ensure correct working when using multiple CSHA1 class instances at one time
16 Nov 2002 - 1.2
- Borlands C++ compiler seems to have problems with string addition using sprintf. Fixed the bug which caused the digest report function not to work properly. CSHA1 is now Borland compatible.
11 Oct 2002 - 1.1
- Removed two unnecessary header file includes and changed BOOL to bool. Fixed some minor bugs in the web page contents
20 Jun 2002 - 1.0
- First official release

That's it! Happy hashing!

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

Dominik Reichl

Member

Dominik started programming in Omikron Basic, a programming language for the good old Atari ST. After this, there was some short period of QBasic programming on the PC, but soon he began learning C++, which is his favorite language up to now.

Today, his programming experience includes C / C++ / [Visual] C++ [MFC], C#/.NET, Java, JavaScript, PHP and HTML and the basics of pure assembler.

He is interested in almost everything that has to do with computing, his special interests are security and data compression.

You can find his latest freeware, open-source projects and all articles on his homepage: http://www.dominik-reichl.de/

Occupation:	Software Developer
Location:	Germany

Other popular Algorithms & Recipes articles:

Symbolic Differentiation
This article demonstrates differentiating expressions using a stack and displaying the input expression and its derivative.
Manipulating colors in .NET - Part 1
Understand and use color models in .NET
Neural Networks on C#
The articles describes a C# library for neural network computations, and their application for several problem solving.
Fast mathematical expressions parser
Code for a fast math parser library.
State of the Art Expression Evaluation
A tutorial on how to realize an expression evaluator in CSharp with ANTLR

Article Top

You must Sign In to use this message board.

FAQ
Noise Tolerance Layout Per page

Msgs 1 to 25 of 120 (Total in Forum: 120) (Refresh)

FirstPrevNext

Output bug

vcor

12:26 5 Mar '09

Not sure how it worked for others, but using strcat ends up with extra garbage in the output string since the string is never initialized. Changing these to strcpy fixes this (see bold below).

void CSHA1::ReportHash(char *szReport, unsigned char uReportType)
{
	unsigned char i;
	char szTemp[16];

	if(szReport == NULL) return;

	if(uReportType == REPORT_HEX)
	{
		sprintf(szTemp, "%02X", m_digest[0]);
		strcpy(szReport, szTemp);     // change from strcat

		for(i = 1; i < 20; i++)
		{
			sprintf(szTemp, " %02X", m_digest[i]);
			strcat(szReport, szTemp);
		}
	}
	else if(uReportType == REPORT_DIGIT)
	{
		sprintf(szTemp, "%u", m_digest[0]);
		strcpy(szReport, szTemp);     // change from strcat

		for(i = 1; i < 20; i++)
		{
			sprintf(szTemp, " %u", m_digest[i]);
			strcat(szReport, szTemp);
		}
	}
	else strcpy(szReport, "Error: Unknown report type!");
}

2.00/5 (1 vote)

Re: Output bug

Dominik Reichl

23:55 17 Mar '09

The strcats were originally intended (to be able to easily append hashes to strings, that's why all strings in the demo application are initialized with 0), but I agree that from a design point of view it's better to just write the hash to the output buffer (overwriting any previous data).

Additionally, I've changed the ReportHash method to return a boolean error code, instead of writing an error message to the output buffer.

I've released version 1.8 of CSHA1, with these changes (and quite a few other improvements).

Thanks and best regards
Dominik

Too many passwords to remember? Try KeePass Password Safe!

small patch to use short hex output values

thomasdev

1:32 19 Feb '09

please look there for the patched files: sha1.cpp sha1.h you can now use: `sha1.ReportHash(hash, CSHA1::REPORT_HEX_SHORT);` which just misses the spaces in the resulting String. thanks for the great class! thomas
Sign In·View Thread·PermaLink

Re: small patch to use short hex output values

Dominik Reichl

23:56 17 Mar '09

I've released version 1.8 of CSHA1, which includes support for `CSHA1::REPORT_HEX_SHORT`. Thanks and best regards Dominik Too many passwords to remember? Try KeePass Password Safe!
Sign In·View Thread·PermaLink

Re: small patch to use short hex output values

thomasdev

0:51 18 Mar '09

we had to modify your class in order to build flawless on linux x86, x86_64 and windows.
the main problem were the self defined types. EWe fixed it by using pstdint.h instead. See there:

http://rigsofrods.svn.sourceforge.net/viewvc/rigsofrods/trunk/build/main/source/sha1.h?view=markup[^]

http://rigsofrods.svn.sourceforge.net/viewvc/rigsofrods/trunk/build/main/source/sha1.cpp?view=markup[^]

http://rigsofrods.svn.sourceforge.net/viewvc/rigsofrods/trunk/build/main/source/[^]

HMAC-SHA receiver processing?

Adam Harding

13:52 3 Jun '08

Hi there, Is this example code for the functions that the sender will perform to calculate the digest? What about the receiver? Is it done in the same way? Is there any example code out there that shows how the receiver compares its calculated digest with the digest it was sent and then either accepting or discarding the data based on this? Thanks!
Sign In·View Thread·PermaLink

Re: HMAC-SHA receiver processing?

Dominik Reichl

6:11 4 Jun '08

For HMAC-SHA1, see this article: http://www.codeproject.com/KB/recipes/HMACSHA1class.aspx[^]. Best regards Dominik Too many passwords to remember? Try KeePass Password Safe!
Sign In·View Thread·PermaLink

Useful!

Dlt75

4:00 15 Nov '07

Thank you for the example exe file! I used it and it works well for my purposes.
Sign In·View Thread·PermaLink

Undefined reference to CSHA1::Update

RussellGilbert

12:37 15 Jul '07

I haven't had a chance to investigate fully yet, but it appears that if you're compiling on a Linux machine and you #include <string>, and then #include "SHA1.h" afterward, you get the following linker error:

undefined reference to `CSHA1::Update(unsigned char*, unsigned long)'

The workaround for me was to just move the #include "SHA1.h" above the #include <string> and the error went away.

Russell

Re: Undefined reference to CSHA1::Update

bruno1999

10:37 5 Mar '08

I had the same issue on Mac OS (10.5). Remark the following section in SHA1.h, that will help. I don't know the impact on a 64 bit system though. //#if (ULONG_MAX == 0xFFFFFFFF) //#define UINT_32 unsigned long //#else #define UINT_32 unsigned int //#endif Regards, Bruno
Sign In·View Thread·PermaLink

UTF16 encoding?

TuringMachine

11:38 31 May '07

Using .NET ComputeHash with a UTF8 encoding gets me the same hash that your code produces. When I switch the ComputeHash encoding to UTF16 I get a different hash. Is there a way to alter your code to work with the UTF16 encoding? Thanks in advance. jchambers@mcomi.com
Sign In·View Thread·PermaLink

Re: UTF16 encoding?

Dominik Reichl

23:10 31 May '07

Hash algorithms like SHA-1 work with bytes, not with characters. This allows the algorithms to be used with arbitrary data (like image files, ...) and not only with text messages.

Therefore, there is no way to "make SHA-1 work with UTF-16". SHA-1 just sees a stream of bytes, it doesn't know anything about the type of the data. By using different encodings, you get different byte streams and consequently different hashes, which is actually good because the byte stream *has* changed.

If you want to get the UTF-8 hashes of UTF-16 text, you first need to convert the text from its UTF-16 representation to the UTF-8 format and then hash it. The other way round, if you want to get UTF-16 hashes of UTF-8 text, you first need to convert it to UTF-16 and then hash it. Because of the mass of different encodings and conversion complexity, no helper functions will be added to the hash algorithm class (the hash algorithm doesn't have anything to do with encodings anyway!). You must do the conversion on your own, for example using the libiconv[^] library.

Best regards
Dominik

Too many passwords to remember? Try KeePass Password Safe!

There is a overrun bug

missilry

14:58 4 Dec '06

I run the program with C++ builder 6,
and check the memory leak with CodeGuard,

when i hash a string,like "123456",
the error msg is:

Error 00019. 0x140100 (Thread 0x0A54):
Pointer underrun: 0x0012F658, that is at offset 8 in local block
0x0012F650(=[ebp-0x1C] @Project1.exe:0x01:007BD1) (size 8).
memcpy(0x0012FEC4, 0x0012F658, 0x0 [0])

Call Tree:
0x00408904(=Project1.exe:0x01:007904) D:\temp\csha1_demo\CSHA1ClassSource\SHA1.cpp#154
0x00408BD1(=Project1.exe:0x01:007BD1) D:\temp\csha1_demo\CSHA1ClassSource\SHA1.cpp#217
0x00401399(=Project1.exe:0x01:000399) D:\temp\csha1_demo\CSHA1Test.cpp#58
0x00401237(=Project1.exe:0x01:000237) D:\temp\csha1_demo\CSHA1Test.cpp#30
0x3267DB86(=CC3260MT.DLL:0x01:07CB86)

------------------------------------------

code is here:memcpy(&m_buffer[j], &data[i], len - i);

missile

Re: There is a overrun bug

Dominik Reichl

23:52 4 Dec '06

It's not an overrun bug, but a underrun warning. This problem only occurs in C++ Builder and is non-critical. It has been fixed already for the next version (I just didn't have the time yet to release it). Thanks anyway and best regards Dominik `_outp(0x64, 0xAD);` and `__asm mov al, 0xAD __asm out 0x64, al` do the same... but what do they do?? (doesn't work on NT)
Sign In·View Thread·PermaLink

SHA1 Hash does not give same hash as NET SHA1

Kilty

2:34 19 Nov '06

Using the SHA1CryptoServiceProvider ComputeHash() method gives a totally different hash value than produced by your sample code. What gives?
Sign In·View Thread·PermaLink	1.00/5 (1 vote)

Re: SHA1 Hash does not give same hash as NET SHA1

Dominik Reichl

8:53 30 Nov '06

I've verified the results of my `CSHA1` class against the official test vectors - with success. So most probably you're using `CSHA1` or `SHA1CryptoServiceProvider` incorrectly. Can you post the code you used for testing? Best regards Dominik `_outp(0x64, 0xAD);` and `__asm mov al, 0xAD __asm out 0x64, al` do the same... but what do they do?? (doesn't work on NT)
Sign In·View Thread·PermaLink

Re: SHA1 Hash does not give same hash as NET SHA1

Kilty

9:13 30 Nov '06

I managed to work out what I was doing wrong. I coded the C++ code correctly, but used the wrong encoding (ASCIIEncoding) in the VB .NET test program. Using UTF8Encoding soon sorted the problem. Thanks for replying anyway.
Sign In·View Thread·PermaLink	2.00/5 (1 vote)

Limitation: Adding iostream Gives Compiler Errors

alam00

9:53 20 May '06

Hi,

I have checking the linker, the class locations etc...but likethe previous thread "adding iostream and fstream" once I include #include the compiler cannot find the Update functions. This problem is preplexing because whether or not I change the namespace I see this error. Also, the compiler recognizes all the other SHA1.h functions fine. I would appreciate if someone can help me with this. Here is the error I get:
---------------------
$ make
g++ -g -Wall -c CSHA1Test.cpp
g++ SHA1.o CSHA1Test.o -o csha1
CSHA1Test.o(.text+0x71): In function `HashString()':
/home/betamaz/courses/cs290f/CSHA1/CSHA1Test.cpp:59: undefined reference to `CSHA1::Update(unsigned char*, unsigned long)'
collect2: ld returned 1 exit status
---------------------
and I've tried different linking mechanisms, but the result is all the same. I believe I am linking it correctly:
CPP = g++
CPPFLAGS = -g -Wall -c
RM = rm -f

all: csha1

clean:
-rm CSHA1Test.o SHA1.o csha1

csha1: SHA1.o CSHA1Test.o
$(CPP) SHA1.o CSHA1Test.o -o csha1

SHA1.o: SHA1.cpp SHA1.h
$(CPP) $(CPPFLAGS) SHA1.cpp

CSHA1Test.o: CSHA1Test.cpp CSHA1Test.h SHA1.h
$(CPP) $(CPPFLAGS) CSHA1Test.cpp
---------------------

Just in case you need more information: For simplicity, I've placed the SHA1.cpp/h files in the same directory as CSHA1Test.cpp and here is the change in CSHA1Test.cpp that creates the compiler error:

#define WIN32_LEAN_AND_MEAN

#include
#include // Needed for strlen(...)
#include
//using namespace std;

#include "CSHA1Test.h" // Test driver header file

#include "SHA1.h" // The CSHA1 class

int main(int argc, char *argv[])
{
//...everything else is the same
---------------------
Thanks in advance. Confused

2.00/5 (1 vote)

Re: Limitation: Adding iostream Gives Compiler Errors

Kapali Viswanathan

8:05 6 Jun '06

Hi

I had a similar problem (relating to the linker and not to the compiler -- I was getting a "undefined reference to" message from the linker).

RESOLUTION: ensure that SHA1.h is the first include before every other #include statement in your source code (client application). This worked for me while using latest version of g++ on Linux.

POSSIBLE CAUSE: I guess that there should be two independent causes to result in this problem. Let your code that depends on SHA1.cpp be called the client application.
1. the iostream library, or some other library that it uses, defines UINT_32 and UINT_8, if they are not already defined, to be unsigned long while SHA1.cpp defines it to unsigned int on Linux
2. g++ compiles SHA1.cpp first and independently of the client application both depending on SHA1.h.

So the object file from SHA1.cpp has definition for UINT_32 as unsigned int while the object file for the client application has definition for UINT_32 as unsigned long. Since C++ is a more strongly typed language that C, it thinks that foo(unsigned int) and foo(unsinged long) are two different functions -- which is essential for function overloading purposes. later program can potentially define it to be unsigned long. Clearly the signatures of all functions would potentially become incompatible.

COMMENT: The resolution is not a nice one but works for me. A better resolution would be to rework the following part of SHA1.h so that it resolves things properly on non-microsoft platforms as well.

#ifndef UINT_32
#ifdef _MSC_VER

#define UINT_8 unsigned __int8
#define UINT_32 unsigned __int32

#else

#define UINT_8 unsigned char

#if (ULONG_MAX == 0xFFFFFFFF)
#define UINT_32 unsigned long
#else
#define UINT_32 unsigned int
#endif

#endif
#endif

Regards,
Kapali

Kapali Viswanthan

1.00/5 (1 vote)

erreur LIBCD.lib

ramzi2006

23:54 18 Feb '06

bonjour tout le monde
j'ai essayer de compiler SHA1 mais j'ai pas pu l'exécuter VSC++, je trouve ce message d'erreur:
--------------------Configuration: SHA1 - Win32 Debug--------------------
Linking...
LIBCD.lib(crt0.obj) : error LNK2001: unresolved external symbol _main
Debug/SHA1.exe : fatal error LNK1120: 1 unresolved externals
Error executing link.exe.

SHA1.exe - 2 error(s), 0 warning(s)

help!!!!please...........

1.00/5 (4 votes)

const char *

bramp

5:30 10 Jan '06

Hi,
Firstly love the code and have used it in a few of my personal projects now.

But I just started to use it today and I made a few minor changes to your API.

void Update(UINT_8 *data, UINT_32 len);
bool HashFile(char *szFileName);
void Transform(UINT_32 *state, UINT_8 *buffer);

changed to

void Update(const UINT_8 *data, UINT_32 len);
bool HashFile(const char *szFileName);
void Transform(UINT_32 *state, const UINT_8 *buffer);

The difference being that data, szFileName and buffer are now all const pointers, rather than non const. Since you don't actually change what data these pointers point to it is safe to make them const, and in my opinion is good to do this so that programmers know that their buffers aren't going to be altered. Also this made it easier to use std::string's c_str() method which returns a const char*, thus I now don't have to cast away the constness.

Either way thanks for the great code.
Andrew

-- modified at 10:31 Tuesday 10th January, 2006
I just noticed someone else posted about this a few months ago. Sorry for the dup.

Thanks for contributing this

GadgetMan66

4:46 21 Dec '05

The spirit of open source is alive and kicking... Amir
Sign In·View Thread·PermaLink

thanx a lot!

zoz

3:09 27 Nov '05

good job! I gave you 5 cause my app now works excellent with your code! best regards zoz
Sign In·View Thread·PermaLink

adding iostream and fstream

nmullane

18:20 22 Oct '05

Hi

I was wanting to utilise this algorithm in a project that #includes iostream and fstream, but am getting an error saying

[Linker error] undefined reference to `CSHA1::Update(unsigned char*, unsigned long)'

If I remove these includes everything works fine. I am a long way into the project and don't want to have to recode using stdio.h -- is there an obvious reason as to why I'm having these problems??

thanks

2.00/5 (1 vote)

Re: adding iostream and fstream

Miroslav Rajcic

2:57 16 Oct '06

I've noticed the same problem when using this class on Ubuntu 6.06 (but I didn't know the reason for it). On the other side, the class links fine on Fedora (FC5 and FC6T3). Miroslav Rajcic
Sign In·View Thread·PermaLink