SHA-1 Secure Hash Algorithm 1 SHA-1 – Brief Introduction 家族是美國國家安全局 (NSA) 設計,美國國家 標準與技術研究院 (NIST) 發佈的一系列密碼雜 湊函數,發表於1993年 從一個最大 264 位元的訊息中產生一串 160 位 元的摘要 設計 MD4 及 MD5 訊息摘要演算法的 MIT 教 授 Ronald L. Rivest 類似的原理為基礎來加 密 SHA-1 – Definitions of Bit Strings and Integers Hex Digit為16進位,可用4-bit的string表現 7 = 0111, A = 1010 一個word可表示成32-bit的string,而每4-bit就 等同一個Hex Digit 1010 0001 0000 0011 1111 1110 0010 0011 = A103FE23. 一個介於0到232-1的數字也可以轉換成16進位,而成 為八位的Hex Digit 當一整數232<= Z? Block = 512-bit string. 所以一個Block可以 代表16個words所組成的序列. SHA-1 – Operations on Words AND , OR, XOR, NOT The operation X + Y (where 0 <= x < 232 and 0 <= y < 232.) The circular left shift operation Sn(X) SHA-1 – Message Padding 在字串後面增加“1”. “01010000”,進行此步驟後會變成 “010100001” “0”的填置. 01100001 01100101 61626364 00000000 00000000 00000000 01100010 01100011 (1). 65800000 00000000 00000000 00000000 00000000 00000000 00000000. 01100100 00000000 00000000 00000000 如果string長度小於232如上例 l = 40 Hex過後將變成00000000 00000028. 而完成的sequence就被之後當成M(n)使用 SHA-1 – Functions and Constants Used 在SHA-1裡方程式f (0), f (1)……f (79) 每一個方程式解as a 32-bit word as output f (t;B,C,D) F (t;B,C,D) ( 0 <= t <= F (t;B,C,D) F (t;B,C,D) AND D) F (t;B,C,D) = (B AND C) OR ((NOT B) AND 19) = B XOR C XOR D (20 <= t <= = (B AND C) OR (B AND D) OR (40 <= t <= 59) = B XOR C XOR D (60 <= t <= D) 39) (C 79). A sequence of constant words K(0), K(1), ... , K(79) is used in the SHA-1. In hex these are given by K K K K (t) (t) (t) (t) = = = = 5A827999( 0 6ED9EBA1(20 8F1BBCDC(40 CA62C1D6(60 <= <= <= <= t t t t <= <= <= <= 19) 39) 59) 79). SHA-1 – Computing the Message Digest Before processing any blocks, the H’s are initialized as follows: in hex, H0 H1 H2 H3 H4 = = = = = 67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0. SHA-1 – Computing the Message Digest MASK = 0000000F. Then processing of M(i) is as follows: a. Divide M(i) into 16 words W[0], ... , W[15], where W[0] is the left-most word. b. Let A = H0, B = H1, C = H2, D = H3, E = H4. SHA-1 – Computing the Message Digest c. For t = 0 to 79 do s = t AND MASK; if (t >= 16) W [s] = S1 (W [(s + 13) AND MASK] XOR W [(s + 8) AND MASK] XOR W [(s + 2) AND MASK] XOR W [s]); TEMP = S5 (A) + f (t;B,C,D) + E + W [s] + K (t); E = D; D = C; C = S30(B); B = A; A = TEMP; d. Let H0 = H0 + A, H1 = H1 + B, H2 = H2 + C, H3 = H3 + D, H4 = H4 + E. SHA-1 – graph SHA-1 – code (Initialize variables:) a = h0 = 0x67452301 b = h1 = 0xEFCDAB89 c = h2 = 0x98BADCFE d = h3 = 0x10325476 e = h4 = 0xC3D2E1F0 (Pre-processing:) paddedmessage = (message) append 1 while length(paddedmessage) mod 512 <> 448: paddedmessage = paddedmessage append 0 paddedmessage = paddedmessage append (length(message) in 64-bit format) (Process the message in successive 512-bit chunks:) while 512-bit chunk(s) remain(s): break the current chunk into sixteen 32-bit words w(i), 0 <= i <= 15 (Extend the sixteen 32-bit words into eighty 32-bit words:) for i from 16 to 79: w(i) = (w(i-3) xor w(i-8) xor w(i-14) xor w(i-16)) leftrotate 1 (Main loop:) for i from 0 to 79: temp = (a leftrotate 5) + f(b,c,d) + e + k + w(i) (note: all addition is mod 2^32) where: (0 <= i <= 19): f(b,c,d) = (b and c) or ((not b) and d), k = 0x5A827999 (20 <= i <= 39): f(b,c,d) = (b xor c xor d), k = 0x6ED9EBA1 (40 <= i <= 59): f(b,c,d) = (b and c) or (b and d) or (c and d), k = 0x8F1BBCDC (60 <= i <= 79): f(b,c,d) = (b xor c xor d), k = 0xCA62C1D6 e = d d = c c = b leftrotate 30 b = a a = temp h0 =