Email Password Remember me?  Lost your password?

• Download source - 5.14 KB
• Download demo project - 52.84 KB

Contents

• Description of the Secure Hash Algorithm SHA-1
• CSHA1 Class Description
• CSHA1 Usage Samples: Hashing Binary Data and Strings
• CSHA1 Usage Samples: Hashing Files
• References
• Version History

Description of the Secure Hash Algorithm SHA-1

The Secure Hash Algorithm SHA-1 is a cryptographically secure one-way hash algorithm. It was designed by the NIST (National Institute of Standards and Technology), along with the NSA (National Security Agency). SHA-1 is based on the Message Digest MD4 algorithm design principles by Ronald L. Rivest of MIT.

Well, I think I don't have to explain what you can do with cryptographic hash algorithms. For an example of what you can do with such algorithms, see this CodeProject article (CMD5 class).

For more information about SHA-1, see references [1] and [2].

CSHA1 Class Description

The CSHA1 class is an easy-to-use class for the SHA-1 hash algorithm.

If you want to test whether your implementation of the class is working, try the test vectors in the 'TestVectors' directory in the demo zip file. You can find the correct final hash values in the header file of the CSHA1 class.

Class members of the CSHA1 class:

• void Reset(); 

  This member function resets the class. You have to call this method when using CSHA1 more than once. This method is called automatically in the constructor and the destructor of the class so if you only hash one single data stream you don't need to call Reset() manually.

• void Update(const unsigned char* pbData, unsigned int uLen); 

  Use this method to hash in a data stream. Data in const unsigned char* pbData, length of stream has to be submitted in unsigned int uLen. Length in bytes.

• bool HashFile(const TCHAR* tszFileName); 

  This method hashes file contents into the current state. If hashing was successful, the method returns true, otherwise false. If you use this member function, you don't need to make any call to the Update(...) method. After HashFile(...), you should call the Final() method immediately. You have to call Final() before getting the message digest of the file using the methods ReportHash(...) and GetHash(...).

• void Final(); 

  When you have hashed in all data to hash, call this method. This will compute the final SHA-1 message digest and it is therefore needed to call this method before ReportHash(...) and GetHash(...).

• void ReportHash(TCHAR* tszReport, REPORT_TYPE rtReportType); 

  After calling the Final method, you can get the message digest using this method. The result is stored as string in tszReport. Valid format types for uReportType are REPORT_HEX, REPORT_DIGIT and REPORT_HEX_SHORT. If you use REPORT_HEX the returned string looks like 5F A9 FB 34..., using REPORT_DIGIT this method returns the message digest in the form 129 67 5 98... . REPORT_HEX_SHORT is the same as REPORT_HEX, just without separating spaces.

• void GetHash(unsigned char* pbDest); 

  If you don't want to get the hash in a pre-formatted string like ReportHash, you can use this method. This method copies the final message digest (call Final before!) to pbDest. pbDest must be able to hold at least 20 bytes (SHA-1 produces a 160-bit / 20-byte hash).

Hashing Binary Data and Strings

CSHA1 sha1;
sha1.Update(string0, strlen(string0));
sha1.Update(string1, strlen(string1));
sha1.Update(binary2, uSizeOfBufferBinary2);
sha1.Update(binary3, uSizeOfBufferBinary3);
sha1.Final();

sha1.ReportHash(szReport, CSHA1::REPORT_HEX_SHORT);
// or
sha1.GetHash(binaryArray);

I will comment each line of the example above now.

First declare an instance of the CSHA1 class:

CSHA1 sha1;

Now hash in the data like this:

sha1.Update((unsigned char *)szString, strlen(szString));

You can call this method as often as you wish.

When you hashed in all data, call the Final() member function:

sha1.Final();

If you want to get the final message digest as a pre-formatted string, use this:

sha1.ReportHash(szReport, CSHA1::REPORT_HEX_SHORT);

If you want to get the final message digest in "raw form":

sha1.GetHash(binaryArray); // Get the raw message digest bytes

Hashing Files

Hashing files is the same process as hashing strings and binary data but instead of using the Update method you use the HashFile member function of the class.

For more comments, see the string/binary data hashing example above.

CSHA1 sha1;
sha1.HashFile("TheFile.cpp"); // Hash in the contents of the file
                              // 'TheFile.cpp'
sha1.Final();

sha1.ReportHash(szReport, CSHA1::REPORT_HEX); // Get final hash as
                                              // pre-formatted string
// or
sha1.GetHash(binaryArray); // Get the raw message digest bytes to a
                           // temporary buffer

References

[1] RFC 3174: US Secure Hash Algorithm 1 (SHA1)
[2] Bruce Schneier, "Applied Cryptography", pages 442-445

Version History

• 16 Mar 2009 - 1.8
  • Converted project files to Visual Studio 2008 format
  • Added Unicode support for HashFile utility method
  • Added support for hashing files using the HashFile method that are larger than 2 GB
  • HashFile now returns an error code instead of copying an error message into the output buffer
  • GetHash now returns an error code and validates the input parameter
  • Added ReportHashStl STL utility method
  • Added REPORT_HEX_SHORT reporting mode
  • Improved Linux compatibility of test program
• 21 Dec 2006 - 1.7
  • Fixed buffer underrun warning that appeared when compiling with Borland C Builder (thanks to Rex Bloom and Tim Gallagher for the patch)
  • Breaking change: ReportHash writes the final hash to the start of the buffer, i.e. it's not appending it to the string anymore
  • Made some function parameters const
  • Added Visual Studio 2005 project files to demo project
• 07 Feb 2005 - 1.6 Thanks to Howard Kapustein for the following patches:
  • You can set the endianness in your files, no need to modify the header file of the CSHA1 class anymore
  • Aligned data support
  • Made support/compilation of the utility functions (ReportHash and HashFile) optional (useful when bytes count, for example in embedded environments)
• 1 Jan 2005 - 1.5
  • 64-bit compiler compatibility added
  • Made variable wiping optional (define SHA1_WIPE_VARIABLES)
  • Removed unnecessary variable initializations
  • ROL32 improvement for the Microsoft compiler (using _rotl)
• 22 Jul 2004 - 1.4
  • CSHA1 now compiles fine with GCC 33 under MacOS X (thanks to Larry Hastings)
• 17 Aug 2003 - 1.3
  • Fixed a small memory bug and made a buffer array a class member to ensure correct working when using multiple CSHA1 class instances at one time
• 16 Nov 2002 - 1.2
  • Borlands C++ compiler seems to have problems with string addition using sprintf. Fixed the bug which caused the digest report function not to work properly. CSHA1 is now Borland compatible.
• 11 Oct 2002 - 1.1
  • Removed two unnecessary header file includes and changed BOOL to bool. Fixed some minor bugs in the web page contents
• 20 Jun 2002 - 1.0
  • First official release

That's it! Happy hashing!

You must Sign In to use this message board.

Per page 102550

FirstPrevNext

Output bug vcor 12:26 5 Mar '09   Not sure how it worked for others, but using strcat ends up with extra garbage in the output string since the string is never initialized. Changing these to strcpy fixes this (see bold below). void CSHA1::ReportHash(char *szReport, unsigned char uReportType) { unsigned char i; char szTemp[16]; if(szReport == NULL) return; if(uReportType == REPORT_HEX) { sprintf(szTemp, "%02X", m_digest[0]); strcpy(szReport, szTemp); // change from strcat for(i = 1; i < 20; i++) { sprintf(szTemp, " %02X", m_digest[i]); strcat(szReport, szTemp); } } else if(uReportType == REPORT_DIGIT) { sprintf(szTemp, "%u", m_digest[0]); strcpy(szReport, szTemp); // change from strcat for(i = 1; i < 20; i++) { sprintf(szTemp, " %u", m_digest[i]); strcat(szReport, szTemp); } } else strcpy(szReport, "Error: Unknown report type!"); } Sign In·View Thread·PermaLink 2.00/5 Re: Output bug Dominik Reichl 23:55 17 Mar '09   The strcats were originally intended (to be able to easily append hashes to strings, that's why all strings in the demo application are initialized with 0), but I agree that from a design point of view it's better to just write the hash to the output buffer (overwriting any previous data). Additionally, I've changed the ReportHash method to return a boolean error code, instead of writing an error message to the output buffer. I've released version 1.8 of CSHA1, with these changes (and quite a few other improvements). Thanks and best regards Dominik Too many passwords to remember? Try KeePass Password Safe! Sign In·View Thread·PermaLink small patch to use short hex output values thomasdev 1:32 19 Feb '09   please look there for the patched files: sha1.cpp sha1.h you can now use: sha1.ReportHash(hash, CSHA1::REPORT_HEX_SHORT); which just misses the spaces in the resulting String. thanks for the great class! thomas Sign In·View Thread·PermaLink Re: small patch to use short hex output values Dominik Reichl 23:56 17 Mar '09   I've released version 1.8 of CSHA1, which includes support for CSHA1::REPORT_HEX_SHORT. Thanks and best regards Dominik Too many passwords to remember? Try KeePass Password Safe! Sign In·View Thread·PermaLink Re: small patch to use short hex output values thomasdev 0:51 18 Mar '09   we had to modify your class in order to build flawless on linux x86, x86_64 and windows. the main problem were the self defined types. EWe fixed it by using pstdint.h instead. See there: http://rigsofrods.svn.sourceforge.net/viewvc/rigsofrods/trunk/build/main/source/sha1.h?view=markup[^] http://rigsofrods.svn.sourceforge.net/viewvc/rigsofrods/trunk/build/main/source/sha1.cpp?view=markup[^] http://rigsofrods.svn.sourceforge.net/viewvc/rigsofrods/trunk/build/main/source/[^] Sign In·View Thread·PermaLink HMAC-SHA receiver processing? Adam Harding 13:52 3 Jun '08   Hi there, Is this example code for the functions that the sender will perform to calculate the digest? What about the receiver? Is it done in the same way? Is there any example code out there that shows how the receiver compares its calculated digest with the digest it was sent and then either accepting or discarding the data based on this? Thanks! Sign In·View Thread·PermaLink Re: HMAC-SHA receiver processing? Dominik Reichl 6:11 4 Jun '08   For HMAC-SHA1, see this article: http://www.codeproject.com/KB/recipes/HMACSHA1class.aspx[^]. Best regards Dominik Too many passwords to remember? Try KeePass Password Safe! Sign In·View Thread·PermaLink Useful! Dlt75 4:00 15 Nov '07   Thank you for the example exe file! I used it and it works well for my purposes. Sign In·View Thread·PermaLink Undefined reference to CSHA1::Update RussellGilbert 12:37 15 Jul '07   I haven't had a chance to investigate fully yet, but it appears that if you're compiling on a Linux machine and you #include <string>, and then #include "SHA1.h" afterward, you get the following linker error: undefined reference to `CSHA1::Update(unsigned char*, unsigned long)' The workaround for me was to just move the #include "SHA1.h" above the #include <string> and the error went away. Russell Sign In·View Thread·PermaLink Re: Undefined reference to CSHA1::Update bruno1999 10:37 5 Mar '08   I had the same issue on Mac OS (10.5). Remark the following section in SHA1.h, that will help. I don't know the impact on a 64 bit system though. //#if (ULONG_MAX == 0xFFFFFFFF) //#define UINT_32 unsigned long //#else #define UINT_32 unsigned int //#endif Regards, Bruno Sign In·View Thread·PermaLink UTF16 encoding? TuringMachine 11:38 31 May '07   Using .NET ComputeHash with a UTF8 encoding gets me the same hash that your code produces. When I switch the ComputeHash encoding to UTF16 I get a different hash. Is there a way to alter your code to work with the UTF16 encoding? Thanks in advance. jchambers@mcomi.com Sign In·View Thread·PermaLink Re: UTF16 encoding? Dominik Reichl 23:10 31 May '07   Hash algorithms like SHA-1 work with bytes, not with characters. This allows the algorithms to be used with arbitrary data (like image files, ...) and not only with text messages. Therefore, there is no way to "make SHA-1 work with UTF-16". SHA-1 just sees a stream of bytes, it doesn't know anything about the type of the data. By using different encodings, you get different byte streams and consequently different hashes, which is actually good because the byte stream *has* changed. If you want to get the UTF-8 hashes of UTF-16 text, you first need to convert the text from its UTF-16 representation to the UTF-8 format and then hash it. The other way round, if you want to get UTF-16 hashes of UTF-8 text, you first need to convert it to UTF-16 and then hash it. Because of the mass of different encodings and conversion complexity, no helper functions will be added to the hash algorithm class (the hash algorithm doesn't have anything to do with encodings anyway!). You must do the conversion on your own, for example using the libiconv[^] library. Best regards Dominik Too many passwords to remember? Try KeePass Password Safe! Sign In·View Thread·PermaLink There is a overrun bug missilry 14:58 4 Dec '06   I run the program with C++ builder 6, and check the memory leak with CodeGuard, when i hash a string,like "123456", the error msg is: Error 00019. 0x140100 (Thread 0x0A54): Pointer underrun: 0x0012F658, that is at offset 8 in local block 0x0012F650(=[ebp-0x1C] @Project1.exe:0x01:007BD1) (size 8). memcpy(0x0012FEC4, 0x0012F658, 0x0 [0]) Call Tree: 0x00408904(=Project1.exe:0x01:007904) D:\temp\csha1_demo\CSHA1ClassSource\SHA1.cpp#154 0x00408BD1(=Project1.exe:0x01:007BD1) D:\temp\csha1_demo\CSHA1ClassSource\SHA1.cpp#217 0x00401399(=Project1.exe:0x01:000399) D:\temp\csha1_demo\CSHA1Test.cpp#58 0x00401237(=Project1.exe:0x01:000237) D:\temp\csha1_demo\CSHA1Test.cpp#30 0x3267DB86(=CC3260MT.DLL:0x01:07CB86) ------------------------------------------ code is here:memcpy(&m_buffer[j], &data[i], len - i); missile Sign In·View Thread·PermaLink Re: There is a overrun bug Dominik Reichl 23:52 4 Dec '06   It's not an overrun bug, but a underrun warning. This problem only occurs in C++ Builder and is non-critical. It has been fixed already for the next version (I just didn't have the time yet to release it). Thanks anyway and best regards Dominik _outp(0x64, 0xAD); and __asm mov al, 0xAD __asm out 0x64, al do the same... but what do they do?? (doesn't work on NT) Sign In·View Thread·PermaLink SHA1 Hash does not give same hash as NET SHA1 Kilty 2:34 19 Nov '06   Using the SHA1CryptoServiceProvider ComputeHash() method gives a totally different hash value than produced by your sample code. What gives? Sign In·View Thread·PermaLink 1.00/5 Re: SHA1 Hash does not give same hash as NET SHA1 Dominik Reichl 8:53 30 Nov '06   I've verified the results of my CSHA1 class against the official test vectors - with success. So most probably you're using CSHA1 or SHA1CryptoServiceProvider incorrectly. Can you post the code you used for testing? Best regards Dominik _outp(0x64, 0xAD); and __asm mov al, 0xAD __asm out 0x64, al do the same... but what do they do?? (doesn't work on NT) Sign In·View Thread·PermaLink Re: SHA1 Hash does not give same hash as NET SHA1 Kilty 9:13 30 Nov '06   I managed to work out what I was doing wrong. I coded the C++ code correctly, but used the wrong encoding (ASCIIEncoding) in the VB .NET test program. Using UTF8Encoding soon sorted the problem. Thanks for replying anyway. Sign In·View Thread·PermaLink 2.00/5 Limitation: Adding iostream Gives Compiler Errors alam00 9:53 20 May '06   Hi, I have checking the linker, the class locations etc...but likethe previous thread "adding iostream and fstream" once I include #include the compiler cannot find the Update functions. This problem is preplexing because whether or not I change the namespace I see this error. Also, the compiler recognizes all the other SHA1.h functions fine. I would appreciate if someone can help me with this. Here is the error I get: --------------------- $ make g++ -g -Wall -c CSHA1Test.cpp g++ SHA1.o CSHA1Test.o -o csha1 CSHA1Test.o(.text+0x71): In function `HashString()': /home/betamaz/courses/cs290f/CSHA1/CSHA1Test.cpp:59: undefined reference to `CSHA1::Update(unsigned char*, unsigned long)' collect2: ld returned 1 exit status --------------------- and I've tried different linking mechanisms, but the result is all the same. I believe I am linking it correctly: CPP = g++ CPPFLAGS = -g -Wall -c RM = rm -f all: csha1 clean: -rm CSHA1Test.o SHA1.o csha1 csha1: SHA1.o CSHA1Test.o $(CPP) SHA1.o CSHA1Test.o -o csha1 SHA1.o: SHA1.cpp SHA1.h $(CPP) $(CPPFLAGS) SHA1.cpp CSHA1Test.o: CSHA1Test.cpp CSHA1Test.h SHA1.h $(CPP) $(CPPFLAGS) CSHA1Test.cpp --------------------- Just in case you need more information: For simplicity, I've placed the SHA1.cpp/h files in the same directory as CSHA1Test.cpp and here is the change in CSHA1Test.cpp that creates the compiler error: #define WIN32_LEAN_AND_MEAN #include #include // Needed for strlen(...) #include //using namespace std; #include "CSHA1Test.h" // Test driver header file #include "SHA1.h" // The CSHA1 class int main(int argc, char *argv[]) { //...everything else is the same --------------------- Thanks in advance. Sign In·View Thread·PermaLink 2.00/5 Re: Limitation: Adding iostream Gives Compiler Errors Kapali Viswanathan 8:05 6 Jun '06   Hi I had a similar problem (relating to the linker and not to the compiler -- I was getting a "undefined reference to" message from the linker). RESOLUTION: ensure that SHA1.h is the first include before every other #include statement in your source code (client application). This worked for me while using latest version of g++ on Linux. POSSIBLE CAUSE: I guess that there should be two independent causes to result in this problem. Let your code that depends on SHA1.cpp be called the client application. 1. the iostream library, or some other library that it uses, defines UINT_32 and UINT_8, if they are not already defined, to be unsigned long while SHA1.cpp defines it to unsigned int on Linux 2. g++ compiles SHA1.cpp first and independently of the client application both depending on SHA1.h. So the object file from SHA1.cpp has definition for UINT_32 as unsigned int while the object file for the client application has definition for UINT_32 as unsigned long. Since C++ is a more strongly typed language that C, it thinks that foo(unsigned int) and foo(unsinged long) are two different functions -- which is essential for function overloading purposes. later program can potentially define it to be unsigned long. Clearly the signatures of all functions would potentially become incompatible. COMMENT: The resolution is not a nice one but works for me. A better resolution would be to rework the following part of SHA1.h so that it resolves things properly on non-microsoft platforms as well. #ifndef UINT_32 #ifdef _MSC_VER #define UINT_8 unsigned __int8 #define UINT_32 unsigned __int32 #else #define UINT_8 unsigned char #if (ULONG_MAX == 0xFFFFFFFF) #define UINT_32 unsigned long #else #define UINT_32 unsigned int #endif #endif #endif Regards, Kapali Kapali Viswanthan Sign In·View Thread·PermaLink 1.00/5 erreur LIBCD.lib ramzi2006 23:54 18 Feb '06   bonjour tout le monde j'ai essayer de compiler SHA1 mais j'ai pas pu l'exécuter VSC++, je trouve ce message d'erreur: --------------------Configuration: SHA1 - Win32 Debug-------------------- Linking... LIBCD.lib(crt0.obj) : error LNK2001: unresolved external symbol _main Debug/SHA1.exe : fatal error LNK1120: 1 unresolved externals Error executing link.exe. SHA1.exe - 2 error(s), 0 warning(s) help!!!!please........... Sign In·View Thread·PermaLink 1.00/5 const char * bramp 5:30 10 Jan '06   Hi, Firstly love the code and have used it in a few of my personal projects now. But I just started to use it today and I made a few minor changes to your API. void Update(UINT_8 *data, UINT_32 len); bool HashFile(char *szFileName); void Transform(UINT_32 *state, UINT_8 *buffer); changed to void Update(const UINT_8 *data, UINT_32 len); bool HashFile(const char *szFileName); void Transform(UINT_32 *state, const UINT_8 *buffer); The difference being that data, szFileName and buffer are now all const pointers, rather than non const. Since you don't actually change what data these pointers point to it is safe to make them const, and in my opinion is good to do this so that programmers know that their buffers aren't going to be altered. Also this made it easier to use std::string's c_str() method which returns a const char*, thus I now don't have to cast away the constness. Either way thanks for the great code. Andrew -- modified at 10:31 Tuesday 10th January, 2006 I just noticed someone else posted about this a few months ago. Sorry for the dup. Sign In·View Thread·PermaLink Thanks for contributing this GadgetMan66 4:46 21 Dec '05   The spirit of open source is alive and kicking... Amir Sign In·View Thread·PermaLink thanx a lot! zoz 3:09 27 Nov '05   good job! I gave you 5 cause my app now works excellent with your code! best regards zoz Sign In·View Thread·PermaLink adding iostream and fstream nmullane 18:20 22 Oct '05   Hi I was wanting to utilise this algorithm in a project that #includes iostream and fstream, but am getting an error saying [Linker error] undefined reference to `CSHA1::Update(unsigned char*, unsigned long)' If I remove these includes everything works fine. I am a long way into the project and don't want to have to recode using stdio.h -- is there an obvious reason as to why I'm having these problems?? thanks Sign In·View Thread·PermaLink 2.00/5 Re: adding iostream and fstream Miroslav Rajcic 2:57 16 Oct '06   I've noticed the same problem when using this class on Ubuntu 6.06 (but I didn't know the reason for it). On the other side, the class links fine on Fedora (FC5 and FC6T3). Miroslav Rajcic Sign In·View Thread·PermaLink

Last Visit: 18:14 21 Nov '09     Last Update: 18:14 21 Nov '09 12345 Next »