Difference between revisions of "SHA-1"

From Second Life Wiki
Jump to navigation Jump to search
(Direct residents to built-in SHA functions; tweak wording.)
 
(31 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{LSL Header}}
{{LSL Header}}
{{LSL Function/warning|inline=*|Security|There are dire security implications to changing the K constants (these are the hex values near the end of the lines marked with "//k" comments). https://malicioussha1.github.io/}}


Preforms a SHA1 Hash on the text.  Similar to and MD5 hash, although (slightly) more secure. Two versions of the function are provided, one for UTF-8 Strings (all strings in LSL are UTF-8) and the other is for Base64 Strings (you need to tell it how many bits long the data is).
{{LSL New}} LSL now includes its own (faster) [[llSHA1String]] function, which removes the need for the UTF8_SHA1 variant from this library. Also consider the more secure [[llSHA256String]].


View http://en.wikipedia.org/wiki/SHA1 for more information.
Performs a SHA-1 hash on the text. This is similar to an [[MD5]] hash, but is ''slightly'' more secure. Two versions of the function are provided: one for UTF-8 strings (all strings in LSL are UTF-8) and another for Base64 strings (for which you need to specify the data length in bits).


<pre>//////////////////////////////////////////////////////////////////////////////////////
There are also two [[SHA-2]] script implementations ([[SHA-2#SHA-256|SHA-256]] & [[SHA-2#SHA-224|SHA-224]]), though consider the faster [[llSHA256String]] provided by LSL itself.
 
View {{Wikipedia|SHA-1}} for more information.
 
<source lang="lsl2">//////////////////////////////////////////////////////////////////////////////////////
//
//
// UTF-8 SHA1
// UTF-8 SHA-1 160
// Version 1.0
// Version 1.3
// ESL Compiled: "Oct 19 2007", "23:50:33"
// ESL Compiled: "Nov 26 2013", "00:11:59"
// Copyright (C) 2007 Strife Onizuka
// Copyright (C) 2013 Strife Onizuka
//
// Based on Pseudo-code from http://en.wikipedia.org/wiki/SHA-1
// https://wiki.secondlife.com/wiki/SHA1
// https://wiki.secondlife.com/wiki/SHA-1
//
//
// This library is free software; you can redistribute it and/or
// This library is free software; you can redistribute it and/or
Line 32: Line 37:


//===================================================//
//===================================================//
//                 Combined Library                 //
//               Combined Library v1.0              //
//            "Oct 19 2007", "23:50:33"            //
//            "Nov 26 2013", "00:11:59"            //
//  Copyright (C) 2004-2007, Strife Onizuka (cc-by)  //
//  Copyright (C) 2004-2012, Strife Onizuka (cc-by)  //
//    http://creativecommons.org/licenses/by/3.0/    //
//    http://creativecommons.org/licenses/by/3.0/    //
//===================================================//
//===================================================//
//{
//{
string TrimRight(string src, string chrs)//Mono Unsafe, LSO Safe
{
    integer i = llStringLength(src);
    do;while(~llSubStringIndex(chrs, llGetSubString(src, (i = ~-i), i)) && i);
    return llDeleteSubString(src, (-~(i)), 0xFFFF);
}


string hexc="0123456789ABCDEF";
string hexc="0123456789ABCDEF";
Line 50: Line 48:
//} Combined Library
//} Combined Library


 
string Base64_SHA1(string plain, integer bit_length) {  
integer rol(integer number, integer ammount) {
    return (number << ammount) | ((number >> (32 - ammount)) & (~(-1 << ammount)));
}
 
string UTF8_SHA1(string plain) {
     integer H1 = 0x67452301;
     integer H1 = 0x67452301;
     integer H2 = 0xefcdab89;
     integer H2 = 0xefcdab89;
Line 62: Line 55:
     integer H5 = 0xc3d2e1f0;
     integer H5 = 0xc3d2e1f0;


     //OR on the extra bit.
     integer b = ((bit_length + 40) >> 5) | 15;//this works because we want the value to be one less than the next appropriate multiple of 16.
     integer j = llStringLength(plain) << 3;
     string buf = "AAA";
     integer b = (~-(((j + 552) & -512) >> 5));
     integer i = -5;
     integer T = llBase64ToInteger(TrimRight(llGetSubString(plain = llStringToBase64(plain), -4, -1),"=")+"AAAA");
    do buf += buf; while((i = -~i));
    string buf;
     integer S = (6 * llSubStringIndex((plain)+"=", "="));
     integer i = 0;
     integer T = 0x80000000;
     for(;i < 85 ; (i = -~i))
     if(bit_length) {
        buf += "A";
        if(S < bit_length) {
    if(j)
            plain = llDeleteSubString(plain, S, 0x7FFFFFF0);
    {
            i = ((bit_length + 23) / 24) * 24;
         i = 0x800000;
            do
         if(T & 0xFF00)
                plain += buf;
            i = 0x00000080;
            while((S += 576) < i);
        else if(T & 0xFF0000)
        }
            i = 0x00008000;
         T = 23 - ((~-(bit_length)) % 24);
         T = (llBase64ToInteger(llGetSubString((llGetSubString(plain = llGetSubString(plain, 0, (bit_length / 6) | 3), -4, (~-(S / 6)))) + "AAAAA", 0, 5)) & (0xFFFFFF00 << T)) | (0x00000080 << T);
     }
     }
     else
     //llOwnerSay(llList2CSV([b,j, llStringLength(buf), llIntegerToBase64(j << (6 - ((b % 3) << 1)))]));
        T = i = 0x80000000;//T is corrupt because of https://jira.secondlife.com/browse/SVC-104
     plain = llInsertString( llDeleteSubString(plain, -4, -1) +  
//    llOwnerSay(llList2CSV([i,j]));
                             llGetSubString(llIntegerToBase64(T), 0, 5) + buf, (-~((b << 4) / 3)),
     plain = llGetSubString( llDeleteSubString(plain, -4, -1) +  
                            llGetSubString(llIntegerToBase64(bit_length << (6 - ((b % 3) << 1))), 0, 5));
                             llGetSubString(llIntegerToBase64(T | i), 0, 5) +  
     //llOwnerSay(llList2CSV([llStringLength(plain), Base64ToHex(plain), T]));
                            buf, 0, (b << 4) / 3) +
            llIntegerToBase64(j << (6 - ((b % 3) << 1)));
     buf = "";
 
     list x;
     list x;
     for (i = 0; i < b; i += 16)
     i = 0;
     {
     do {
         integer A = H1;
         integer A = H1;
         integer B = H2;
         integer B = H2;
Line 95: Line 85:
         integer D = H4;
         integer D = H4;
         integer E = H5;
         integer E = H5;
         for(j = 0; j < 16; (j = -~j))
         x = (list)(bit_length = 0);//the zero gets flushed off the stack by the later loops
         {
         do {
             T = ((i + j) << 4) / 3;
             T = llBase64ToInteger(buf = llGetSubString(plain, T = ((i + bit_length) << 4) / 3, T+6)) << (S = ((i + bit_length) % 3) << 1);
            integer offset = ((i + j) % 3) << 1;
             if(S)
             if(offset)
                 T = T | (llBase64ToInteger("A" + (llDeleteSubString(buf, 0, 1))) >> (6 - S));
                 T = ((llBase64ToInteger(llGetSubString(plain, T, T+5)) << offset) |  
                    (llBase64ToInteger("A"+llGetSubString(plain, T+2, T+6)) >> (6 - offset)));
            else
                T = llBase64ToInteger(llGetSubString(plain, T, T+5));
//            llOwnerSay("W["+(string)j+"]="+hex(T));
//            llOwnerSay("W["+(string)j+"]="+hex(T));
             x += T;
             x += T;
             T += rol(A,5) + (D ^ (B & (C ^ D))) + E + 0x5a827999;
             T += ((A << 5) | ((A >> 27) & 0x1F)) + (D ^ (B & (C ^ D))) + E + 0x5a827999;//k
             E = D;
             E = D;
             D = C;
             D = C;
             C = rol(B, 30);
             C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
             B = A;
             B = A;
             A = T;
             A = T;
         }
         } while(16 > (bit_length = -~bit_length));
// llOwnerSay(llList2CSV(hexm(x)));
// llOwnerSay(llList2CSV(hexm(x)));
         for (; j < 20; (j = -~j))
         do {
        {
             S = llList2Integer(x,  -3) ^ llList2Integer(x,  -8) ^ llList2Integer(x, -14) ^ llList2Integer(x, -16);
             x = llList2List(x + T = rol(llList2Integer(x,  -3) ^
            x = llList2List(x + (T = ((S << 1) | !!(S & 0x80000000))), -16, -1);
                                        llList2Integer(x,  -8) ^
                                        llList2Integer(x, -14) ^
                                        llList2Integer(x, -16), 1), -16, -1);
//            llOwnerSay("W["+(string)j+"]="+hex(T));
//            llOwnerSay("W["+(string)j+"]="+hex(T));
             T += rol(A,5) + (D ^ (B & (C ^ D))) + E + 0x5a827999;
             T += ((A << 5) | ((A >> 27) & 0x1F)) + (D ^ (B & (C ^ D))) + E + 0x5a827999;//k
             E = D;
             E = D;
             D = C;
             D = C;
             C = rol(B, 30);
             C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
             B = A;
             B = A;
             A = T;
             A = T;
         }
         } while(20 > (bit_length = -~bit_length));
        for (; j < 40; (j = -~j))
         do {
         {
             S = llList2Integer(x,  -3) ^ llList2Integer(x,  -8) ^ llList2Integer(x, -14) ^ llList2Integer(x, -16);
             x = llList2List(x + T = rol(llList2Integer(x,  -3) ^
            x = llList2List(x + (T = ((S << 1) | !!(S & 0x80000000))), -16, -1);
                                        llList2Integer(x,  -8) ^
                                        llList2Integer(x, -14) ^
                                        llList2Integer(x, -16), 1), -16, -1);
//            llOwnerSay("W["+(string)j+"]="+hex(T));
//            llOwnerSay("W["+(string)j+"]="+hex(T));
             T += rol(A,5) + (B ^ C ^ D) + E + 0x6ed9eba1;
             T += ((A << 5) | ((A >> 27) & 0x1F)) + (B ^ C ^ D) + E + 0x6ed9eba1;//k
             E = D;
             E = D;
             D = C;
             D = C;
             C = rol(B, 30);
             C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
             B = A;
             B = A;
             A = T;
             A = T;
         }
         } while(40 > (bit_length = -~bit_length));
        for (; j < 60; (j = -~j))
         do {
         {
             S = llList2Integer(x,  -3) ^ llList2Integer(x,  -8) ^ llList2Integer(x, -14) ^ llList2Integer(x, -16);
             x = llList2List(x + T = rol(llList2Integer(x,  -3) ^
            x = llList2List(x + (T = ((S << 1) | !!(S & 0x80000000))), -16, -1);
                                        llList2Integer(x,  -8) ^
                                        llList2Integer(x, -14) ^
                                        llList2Integer(x, -16), 1), -16, -1);
//            llOwnerSay("W["+(string)j+"]="+hex(T));
//            llOwnerSay("W["+(string)j+"]="+hex(T));
             T += rol(A,5) + ((B & C) | (B & D) | (C & D)) + E + 0x8f1bbcdc;
             T += ((A << 5) | ((A >> 27) & 0x1F)) + ((B & C) | (B & D) | (C & D)) + E + 0x8f1bbcdc;//k
             E = D;
             E = D;
             D = C;
             D = C;
             C = rol(B, 30);
             C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
             B = A;
             B = A;
             A = T;
             A = T;
         }
         } while(60 > (bit_length = -~bit_length));
        for (; j < 80; (j = -~j))
         do {
         {
             S = llList2Integer(x,  -3) ^ llList2Integer(x,  -8) ^ llList2Integer(x, -14) ^ llList2Integer(x, -16);
             x = llList2List(x + T = rol(llList2Integer(x,  -3) ^
            x = llList2List(x + (T = ((S << 1) | !!(S & 0x80000000))), -16, -1);
                                        llList2Integer(x,  -8) ^
                                        llList2Integer(x, -14) ^
                                        llList2Integer(x, -16), 1), -16, -1);
//            llOwnerSay("W["+(string)j+"]="+hex(T));
//            llOwnerSay("W["+(string)j+"]="+hex(T));
             T += rol(A,5) + (B ^ C ^ D) + E + 0xca62c1d6;
             T += ((A << 5) | ((A >> 27) & 0x1F)) + (B ^ C ^ D) + E + 0xca62c1d6;//k
             E = D;
             E = D;
             D = C;
             D = C;
             C = rol(B, 30);
             C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
             B = A;
             B = A;
             A = T;
             A = T;
         }
         } while(80 > (bit_length = -~bit_length));
         H1 += A;
         H1 += A;
         H2 += B;
         H2 += B;
Line 175: Line 149:
         H4 += D;
         H4 += D;
         H5 += E;
         H5 += E;
     }
     } while(b > (i += 16));
     x = [H1, H2, H3, H4, H5];
     x = [H1, H2, H3, H4, H5];
     for(i=-6; (i = -~i); buf += hex(llList2Integer(x,i)));
     i = -5;
    buf = "";
    do {
        T = llList2Integer(x,i);
        bit_length = 32;
        do {
            buf += llGetSubString(hexc, b = ((T >> (bit_length -= 4)) & 0xF), b);
        } while (bit_length);
    } while ((i = -~i));
     return buf;
     return buf;
}
}


string Base64_SHA1(string plain, integer bit_length) {
string UTF8_SHA1(string plain) {  
     integer H1 = 0x67452301;
     integer H1 = 0x67452301;
     integer H2 = 0xefcdab89;
     integer H2 = 0xefcdab89;
Line 188: Line 170:
     integer H5 = 0xc3d2e1f0;
     integer H5 = 0xc3d2e1f0;


     //OR on the extra bit.
     //ORing on the extra bit. Since we are working in base64 the byte bounderies aren't where we want them.
     integer b = (~-(((bit_length + 552) & -512) >> 5));
    //So we get the last byte group and append our extra bit onto it. It contains either 1, 2, or 3 bytes.
    integer T = llBase64ToInteger(TrimRight(llGetSubString(plain, -4, -1),"=")+"AAAA");
     integer j = llSubStringIndex((plain = llStringToBase64(plain))+"=", "=");
    string buf;
    integer T = 0x80000000;
    integer i = 0;
    if(j) {
    for(;i < 85 ; (i = -~i))
        j = (6 * (T = j)) & -8;//length in bits
        buf += "A";
        T = llBase64ToInteger(llGetSubString((llGetSubString(plain, -4, (~-(T)))) + "AAAA", 0, 5)) | (0x00000080 << ((j % 3) << 3));
    if(bit_length)
    {
        i = 0x800000;
        if(T & 0xFF00)
            i = 0x00000080;
        else if(T & 0xFF0000)
            i = 0x00008000;
     }
     }
     else
     integer b = ((j + 40) >> 5) | 15;//this works because we want the value to be one less than the next appropriate multiple of 16.
        T = i = 0x80000000;//T is corrupt because of https://jira.secondlife.com/browse/SVC-104
    string buf = "AAA";
//   llOwnerSay(llList2CSV([i,bit_length]));
    integer i = -5;
     plain = llGetSubString( llDeleteSubString(plain, -4, -1) +  
    do buf += buf; while((i = -~i));//We need 85, 96 is close enough
                             llGetSubString(llIntegerToBase64(T | i), 0, 5) +  
    //llOwnerSay(llList2CSV([b,j, llStringLength(buf), llIntegerToBase64(j << (6 - ((b % 3) << 1)))]));
                            buf, 0, (b << 4) / 3) +
     plain = llInsertString( llDeleteSubString(plain, -4, -1) +  
            llIntegerToBase64(bit_length << (6 - ((b % 3) << 1)));
                             llGetSubString(llIntegerToBase64(T), 0, 5) + buf, (b << 4) / 3,
     buf = "";
                            llGetSubString(llIntegerToBase64(j >> ((b % 3) << 1)), 0, 5));
 
     //llOwnerSay(llList2CSV([llStringLength(plain), Base64ToHex(plain)]));
     list x;
     list x;
     for (i = 0; i < b; i += 16)
     integer S = 0;
     {
     do {
         integer A = H1;
         integer A = H1;
         integer B = H2;
         integer B = H2;
Line 220: Line 195:
         integer D = H4;
         integer D = H4;
         integer E = H5;
         integer E = H5;
         for(bit_length = 0; bit_length < 16; (bit_length = -~bit_length))
         x = (list)(j = 0);//the zero gets flushed off the stack by the later loops
         {
         do {
             T = ((i + bit_length) << 4) / 3;
             T = llBase64ToInteger(buf = llGetSubString(plain, T = ((i + j) << 4) / 3, T+6)) << (S = ((i + j) % 3) << 1);
            integer offset = ((i + bit_length) % 3) << 1;
             if(S)
             if(offset)
                 T = T | (llBase64ToInteger("A" + (llDeleteSubString(buf, 0, 1))) >> (6 - S));
                 T = ((llBase64ToInteger(llGetSubString(plain, T, T+5)) << offset) |  
//            llOwnerSay("W["+(string)j+"]="+hex(T));
                    (llBase64ToInteger("A"+llGetSubString(plain, T+2, T+6)) >> (6 - offset)));
            else
                T = llBase64ToInteger(llGetSubString(plain, T, T+5));
//            llOwnerSay("W["+(string)bit_length+"]="+hex(T));
             x += T;
             x += T;
             T += rol(A,5) + (D ^ (B & (C ^ D))) + E + 0x5a827999;
             T += ((A << 5) | ((A >> 27) & 0x1F)) + (D ^ (B & (C ^ D))) + E + 0x5a827999;//k
             E = D;
             E = D;
             D = C;
             D = C;
             C = rol(B, 30);
             C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
             B = A;
             B = A;
             A = T;
             A = T;
         }
         } while(16 > (j = -~j));
// llOwnerSay(llList2CSV(hexm(x)));
// llOwnerSay(llList2CSV(hexm(x)));
         for (; bit_length < 20; (bit_length = -~bit_length))
         do {
        {
             S = llList2Integer(x,  -3) ^ llList2Integer(x,  -8) ^ llList2Integer(x, -14) ^ llList2Integer(x, -16);
             x = llList2List(x + T = rol(llList2Integer(x,  -3) ^
            x = llList2List(x + (T = ((S << 1) | !!(S & 0x80000000))), -16, -1);
                                        llList2Integer(x,  -8) ^
//            llOwnerSay("W["+(string)j+"]="+hex(T));
                                        llList2Integer(x, -14) ^
             T += ((A << 5) | ((A >> 27) & 0x1F)) + (D ^ (B & (C ^ D))) + E + 0x5a827999;//k
                                        llList2Integer(x, -16), 1), -16, -1);
//            llOwnerSay("W["+(string)bit_length+"]="+hex(T));
             T += rol(A,5) + (D ^ (B & (C ^ D))) + E + 0x5a827999;
             E = D;
             E = D;
             D = C;
             D = C;
             C = rol(B, 30);
             C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
             B = A;
             B = A;
             A = T;
             A = T;
         }
         } while(20 > (j = -~j));
        for (; bit_length < 40; (bit_length = -~bit_length))
         do {
         {
             S = llList2Integer(x,  -3) ^ llList2Integer(x,  -8) ^ llList2Integer(x, -14) ^ llList2Integer(x, -16);
             x = llList2List(x + T = rol(llList2Integer(x,  -3) ^
            x = llList2List(x + (T = ((S << 1) | !!(S & 0x80000000))), -16, -1);
                                        llList2Integer(x,  -8) ^
//            llOwnerSay("W["+(string)j+"]="+hex(T));
                                        llList2Integer(x, -14) ^
             T += ((A << 5) | ((A >> 27) & 0x1F)) + (B ^ C ^ D) + E + 0x6ed9eba1;//k
                                        llList2Integer(x, -16), 1), -16, -1);
//            llOwnerSay("W["+(string)bit_length+"]="+hex(T));
             T += rol(A,5) + (B ^ C ^ D) + E + 0x6ed9eba1;
             E = D;
             E = D;
             D = C;
             D = C;
             C = rol(B, 30);
             C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
             B = A;
             B = A;
             A = T;
             A = T;
         }
         } while(40 > (j = -~j));
        for (; bit_length < 60; (bit_length = -~bit_length))
         do {
         {
             S = llList2Integer(x,  -3) ^ llList2Integer(x,  -8) ^ llList2Integer(x, -14) ^ llList2Integer(x, -16);
             x = llList2List(x + T = rol(llList2Integer(x,  -3) ^
            x = llList2List(x + (T = ((S << 1) | !!(S & 0x80000000))), -16, -1);
                                        llList2Integer(x,  -8) ^
//            llOwnerSay("W["+(string)j+"]="+hex(T));
                                        llList2Integer(x, -14) ^
             T += ((A << 5) | ((A >> 27) & 0x1F)) + ((B & C) | (B & D) | (C & D)) + E + 0x8f1bbcdc;//k
                                        llList2Integer(x, -16), 1), -16, -1);
//            llOwnerSay("W["+(string)bit_length+"]="+hex(T));
             T += rol(A,5) + ((B & C) | (B & D) | (C & D)) + E + 0x8f1bbcdc;
             E = D;
             E = D;
             D = C;
             D = C;
             C = rol(B, 30);
             C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
             B = A;
             B = A;
             A = T;
             A = T;
         }
         } while(60 > (j = -~j));
        for (; bit_length < 80; (bit_length = -~bit_length))
         do {
         {
             S = llList2Integer(x,  -3) ^ llList2Integer(x,  -8) ^ llList2Integer(x, -14) ^ llList2Integer(x, -16);
             x = llList2List(x + T = rol(llList2Integer(x,  -3) ^
            x = llList2List(x + (T = ((S << 1) | !!(S & 0x80000000))), -16, -1);
                                        llList2Integer(x,  -8) ^
//            llOwnerSay("W["+(string)j+"]="+hex(T));
                                        llList2Integer(x, -14) ^
             T += ((A << 5) | ((A >> 27) & 0x1F)) + (B ^ C ^ D) + E + 0xca62c1d6;//k
                                        llList2Integer(x, -16), 1), -16, -1);
//            llOwnerSay("W["+(string)bit_length+"]="+hex(T));
             T += rol(A,5) + (B ^ C ^ D) + E + 0xca62c1d6;
             E = D;
             E = D;
             D = C;
             D = C;
             C = rol(B, 30);
             C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
             B = A;
             B = A;
             A = T;
             A = T;
         }
         } while(80 > (j = -~j));
         H1 += A;
         H1 += A;
         H2 += B;
         H2 += B;
Line 300: Line 259:
         H4 += D;
         H4 += D;
         H5 += E;
         H5 += E;
     }
     } while(b > (i += 16));
     x = [H1, H2, H3, H4, H5];
     x = [H1, H2, H3, H4, H5];
     for(i=-6; (i = -~i); buf += hex(llList2Integer(x,i)));
     i = -5;
    buf = "";
    do {
        T = llList2Integer(x,i);
        j = 32;
        do {
            buf += llGetSubString(hexc, b = ((T >> (j -= 4)) & 0xF), b);
        } while (j);
    } while ((i = -~i));
     return buf;
     return buf;
}
}


string hex(integer value)
 
{
integer go(string in, string answer) {
     integer t = 8;
    llOwnerSay("");
     string buf = "";
    string b = llStringToBase64(in);
     do
     integer len = (6 * llSubStringIndex((b)+"=", "=")) & -8;
     {
    llResetTime();
        integer index = value & 0xF;
     string outu = UTF8_SHA1(in);
        buf = llGetSubString(hexc, index, index) + buf;
    float tu = llGetTime();
         value = (0xfffFFFF & (value >> 4));
     llOwnerSay(llList2CSV(([outu, tu, len])));
    } while ((t = ~-t));
     llResetTime();
     return buf;
    string outb = Base64_SHA1(b, len);
    float tb = llGetTime();
    llOwnerSay(llList2CSV(([outb, tb, len])));
    if(answer) {
         llOwnerSay(llList2CSV(([answer, (answer == outu),(answer == outb)])));
        return (answer == outb) && (answer == outu);
    }
     return TRUE;
}
}


Line 323: Line 297:
     state_entry()
     state_entry()
     {
     {
         llOwnerSay("");
         if(Base64_SHA1("AAAA", 24) != "29E2DCFBB16F63BB0254DF7585A15BB6FB5E927D")
        llOwnerSay(UTF8_SHA1(""));
            llOwnerSay("Failed Base64_SHA1(\"AAAA\", 24)");
         llOwnerSay("DA39A3EE5E6B4B0D3255BFEF95601890AFD80709");
         if(go("", "DA39A3EE5E6B4B0D3255BFEF95601890AFD80709"))
        llOwnerSay("");
         if(go("abc", "A9993E364706816ABA3E25717850C26C9CD0D89D"))
         llOwnerSay(UTF8_SHA1("abc"));
         if(go("The quick brown fox jumps over the lazy dog", "2FD4E1C67A2D28FCED849EE1BB76E7391B93EB12"))
        llOwnerSay("A9993E364706816ABA3E25717850C26C9CD0D89D");
            llOwnerSay("All Tests Passed!");
        llOwnerSay("");
//        llOwnerSay((string)llGetTime());
         llOwnerSay(UTF8_SHA1("The quick brown fox jumps over the lazy dog"));
        llOwnerSay("2FD4E1C67A2D28FCED849EE1BB76E7391B93EB12");
     }
     }
}
}</source>
</pre>


{{LSLC|Library}}{{LSLC|Examples}}
{{LSLC|Library}}{{LSLC|Examples}}
[[Category: LSL Encryption]]

Latest revision as of 15:52, 9 December 2023

Emblem-important-red.png Security Warning!

There are dire security implications to changing the K constants (these are the hex values near the end of the lines marked with "//k" comments). https://malicioussha1.github.io/

 NEW  LSL now includes its own (faster) llSHA1String function, which removes the need for the UTF8_SHA1 variant from this library. Also consider the more secure llSHA256String.

Performs a SHA-1 hash on the text. This is similar to an MD5 hash, but is slightly more secure. Two versions of the function are provided: one for UTF-8 strings (all strings in LSL are UTF-8) and another for Base64 strings (for which you need to specify the data length in bits).

There are also two SHA-2 script implementations (SHA-256 & SHA-224), though consider the faster llSHA256String provided by LSL itself.

View "Wikipedia logo"SHA-1 for more information.

//////////////////////////////////////////////////////////////////////////////////////
//
//	UTF-8 SHA-1 160
//	Version 1.3 
//	ESL Compiled: "Nov 26 2013", "00:11:59"
//	Copyright (C) 2013  Strife Onizuka
//	Based on Pseudo-code from http://en.wikipedia.org/wiki/SHA-1
//	https://wiki.secondlife.com/wiki/SHA-1
//
//	This library is free software; you can redistribute it and/or
//	modify it under the terms of the GNU Lesser General Public License
//	as published by the Free Software Foundation;
//	version 3 of the License.
//	
//	This library is distributed in the hope that it will be useful,
//	but WITHOUT ANY WARRANTY; without even the implied warranty of
//	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//	GNU Lesser General Public License for more details.
//	
//	You should have received a copy of the GNU Lesser General Public License
//	along with this library.  If not, see <http://www.gnu.org/licenses/>
//	or write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330,
//	Boston, MA  02111-1307  USA
//	
//////////////////////////////////////////////////////////////////////////////////////

//===================================================//
//               Combined Library v1.0               //
//             "Nov 26 2013", "00:11:59"             //
//  Copyright (C) 2004-2012, Strife Onizuka (cc-by)  //
//    http://creativecommons.org/licenses/by/3.0/    //
//===================================================//
//{

string hexc="0123456789ABCDEF";

//} Combined Library

string Base64_SHA1(string plain, integer bit_length) { 
    integer H1 = 0x67452301;
    integer H2 = 0xefcdab89;
    integer H3 = 0x98badcfe;
    integer H4 = 0x10325476;
    integer H5 = 0xc3d2e1f0;

    integer b = ((bit_length + 40) >> 5) | 15;//this works because we want the value to be one less than the next appropriate multiple of 16.
    string buf = "AAA";
    integer i = -5;
    do buf += buf; while((i = -~i));
    integer S = (6 * llSubStringIndex((plain)+"=", "="));
    integer T = 0x80000000;
    if(bit_length) {
        if(S < bit_length) {
            plain = llDeleteSubString(plain, S, 0x7FFFFFF0);
            i = ((bit_length + 23) / 24) * 24;
            do 
                plain += buf;
            while((S += 576) < i);
        }
        T = 23 - ((~-(bit_length)) % 24);
        T = (llBase64ToInteger(llGetSubString((llGetSubString(plain = llGetSubString(plain, 0, (bit_length / 6) | 3), -4, (~-(S / 6)))) + "AAAAA", 0, 5)) & (0xFFFFFF00 << T)) | (0x00000080 << T);
    }
    //llOwnerSay(llList2CSV([b,j, llStringLength(buf), llIntegerToBase64(j << (6 - ((b % 3) << 1)))]));
    plain = llInsertString( llDeleteSubString(plain, -4, -1) + 
                            llGetSubString(llIntegerToBase64(T), 0, 5) + buf, (-~((b << 4) / 3)), 
                            llGetSubString(llIntegerToBase64(bit_length << (6 - ((b % 3) << 1))), 0, 5));
    //llOwnerSay(llList2CSV([llStringLength(plain), Base64ToHex(plain), T]));
    list x;
    i = 0;
    do {
        integer A = H1;
        integer B = H2;
        integer C = H3;
        integer D = H4;
        integer E = H5;
        x = (list)(bit_length = 0);//the zero gets flushed off the stack by the later loops
        do {
            T = llBase64ToInteger(buf = llGetSubString(plain, T = ((i + bit_length) << 4) / 3, T+6)) << (S = ((i + bit_length) % 3) << 1);
            if(S)
                T = T | (llBase64ToInteger("A" + (llDeleteSubString(buf, 0, 1))) >> (6 - S));
//            llOwnerSay("W["+(string)j+"]="+hex(T));
            x += T;
            T += ((A << 5) | ((A >> 27) & 0x1F)) + (D ^ (B & (C ^ D))) + E + 0x5a827999;//k
            E = D;
            D = C;
            C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
            B = A;
            A = T;
        } while(16 > (bit_length = -~bit_length));
//		llOwnerSay(llList2CSV(hexm(x)));
        do {
            S = llList2Integer(x,  -3) ^ llList2Integer(x,  -8) ^ llList2Integer(x, -14) ^ llList2Integer(x, -16);
            x = llList2List(x + (T = ((S << 1) | !!(S & 0x80000000))), -16, -1);
//            llOwnerSay("W["+(string)j+"]="+hex(T));
            T += ((A << 5) | ((A >> 27) & 0x1F)) + (D ^ (B & (C ^ D))) + E + 0x5a827999;//k
            E = D;
            D = C;
            C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
            B = A;
            A = T;
        } while(20 > (bit_length = -~bit_length));
        do {
            S = llList2Integer(x,  -3) ^ llList2Integer(x,  -8) ^ llList2Integer(x, -14) ^ llList2Integer(x, -16);
            x = llList2List(x + (T = ((S << 1) | !!(S & 0x80000000))), -16, -1);
//            llOwnerSay("W["+(string)j+"]="+hex(T));
            T += ((A << 5) | ((A >> 27) & 0x1F)) + (B ^ C ^ D) + E + 0x6ed9eba1;//k
            E = D;
            D = C;
            C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
            B = A;
            A = T;
        } while(40 > (bit_length = -~bit_length));
        do {
            S = llList2Integer(x,  -3) ^ llList2Integer(x,  -8) ^ llList2Integer(x, -14) ^ llList2Integer(x, -16);
            x = llList2List(x + (T = ((S << 1) | !!(S & 0x80000000))), -16, -1);
//            llOwnerSay("W["+(string)j+"]="+hex(T));
            T += ((A << 5) | ((A >> 27) & 0x1F)) + ((B & C) | (B & D) | (C & D)) + E + 0x8f1bbcdc;//k
            E = D;
            D = C;
            C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
            B = A;
            A = T;
        } while(60 > (bit_length = -~bit_length));
        do {
            S = llList2Integer(x,  -3) ^ llList2Integer(x,  -8) ^ llList2Integer(x, -14) ^ llList2Integer(x, -16);
            x = llList2List(x + (T = ((S << 1) | !!(S & 0x80000000))), -16, -1);
//            llOwnerSay("W["+(string)j+"]="+hex(T));
            T += ((A << 5) | ((A >> 27) & 0x1F)) + (B ^ C ^ D) + E + 0xca62c1d6;//k
            E = D;
            D = C;
            C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
            B = A;
            A = T;
        } while(80 > (bit_length = -~bit_length));
        H1 += A;
        H2 += B;
        H3 += C;
        H4 += D;
        H5 += E;
    } while(b > (i += 16));
    x = [H1, H2, H3, H4, H5];
    i = -5;
    buf = "";
    do {
        T = llList2Integer(x,i);
        bit_length = 32;
        do {
            buf += llGetSubString(hexc, b = ((T >> (bit_length -= 4)) & 0xF), b);
        } while (bit_length);
    } while ((i = -~i));
    return buf;
}

string UTF8_SHA1(string plain) { 
    integer H1 = 0x67452301;
    integer H2 = 0xefcdab89;
    integer H3 = 0x98badcfe;
    integer H4 = 0x10325476;
    integer H5 = 0xc3d2e1f0;

    //ORing on the extra bit. Since we are working in base64 the byte bounderies aren't where we want them.
    //So we get the last byte group and append our extra bit onto it. It contains either 1, 2, or 3 bytes.
    integer j = llSubStringIndex((plain = llStringToBase64(plain))+"=", "=");
    integer T = 0x80000000;
    if(j) {
        j = (6 * (T = j)) & -8;//length in bits
        T = llBase64ToInteger(llGetSubString((llGetSubString(plain, -4, (~-(T)))) + "AAAA", 0, 5)) | (0x00000080 << ((j % 3) << 3));
    }
    integer b = ((j + 40) >> 5) | 15;//this works because we want the value to be one less than the next appropriate multiple of 16.
    string buf = "AAA";
    integer i = -5;
    do buf += buf; while((i = -~i));//We need 85, 96 is close enough
    //llOwnerSay(llList2CSV([b,j, llStringLength(buf), llIntegerToBase64(j << (6 - ((b % 3) << 1)))]));
    plain = llInsertString( llDeleteSubString(plain, -4, -1) + 
                            llGetSubString(llIntegerToBase64(T), 0, 5) + buf, (b << 4) / 3, 
                            llGetSubString(llIntegerToBase64(j >> ((b % 3) << 1)), 0, 5));
    //llOwnerSay(llList2CSV([llStringLength(plain), Base64ToHex(plain)]));
    list x;
    integer S = 0;
    do {
        integer A = H1;
        integer B = H2;
        integer C = H3;
        integer D = H4;
        integer E = H5;
        x = (list)(j = 0);//the zero gets flushed off the stack by the later loops
        do {
            T = llBase64ToInteger(buf = llGetSubString(plain, T = ((i + j) << 4) / 3, T+6)) << (S = ((i + j) % 3) << 1);
            if(S)
                T = T | (llBase64ToInteger("A" + (llDeleteSubString(buf, 0, 1))) >> (6 - S));
//            llOwnerSay("W["+(string)j+"]="+hex(T));
            x += T;
            T += ((A << 5) | ((A >> 27) & 0x1F)) + (D ^ (B & (C ^ D))) + E + 0x5a827999;//k
            E = D;
            D = C;
            C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
            B = A;
            A = T;
        } while(16 > (j = -~j));
//		llOwnerSay(llList2CSV(hexm(x)));
        do {
            S = llList2Integer(x,  -3) ^ llList2Integer(x,  -8) ^ llList2Integer(x, -14) ^ llList2Integer(x, -16);
            x = llList2List(x + (T = ((S << 1) | !!(S & 0x80000000))), -16, -1);
//            llOwnerSay("W["+(string)j+"]="+hex(T));
            T += ((A << 5) | ((A >> 27) & 0x1F)) + (D ^ (B & (C ^ D))) + E + 0x5a827999;//k
            E = D;
            D = C;
            C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
            B = A;
            A = T;
        } while(20 > (j = -~j));
        do {
            S = llList2Integer(x,  -3) ^ llList2Integer(x,  -8) ^ llList2Integer(x, -14) ^ llList2Integer(x, -16);
            x = llList2List(x + (T = ((S << 1) | !!(S & 0x80000000))), -16, -1);
//            llOwnerSay("W["+(string)j+"]="+hex(T));
            T += ((A << 5) | ((A >> 27) & 0x1F)) + (B ^ C ^ D) + E + 0x6ed9eba1;//k
            E = D;
            D = C;
            C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
            B = A;
            A = T;
        } while(40 > (j = -~j));
        do {
            S = llList2Integer(x,  -3) ^ llList2Integer(x,  -8) ^ llList2Integer(x, -14) ^ llList2Integer(x, -16);
            x = llList2List(x + (T = ((S << 1) | !!(S & 0x80000000))), -16, -1);
//            llOwnerSay("W["+(string)j+"]="+hex(T));
            T += ((A << 5) | ((A >> 27) & 0x1F)) + ((B & C) | (B & D) | (C & D)) + E + 0x8f1bbcdc;//k
            E = D;
            D = C;
            C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
            B = A;
            A = T;
        } while(60 > (j = -~j));
        do {
            S = llList2Integer(x,  -3) ^ llList2Integer(x,  -8) ^ llList2Integer(x, -14) ^ llList2Integer(x, -16);
            x = llList2List(x + (T = ((S << 1) | !!(S & 0x80000000))), -16, -1);
//            llOwnerSay("W["+(string)j+"]="+hex(T));
            T += ((A << 5) | ((A >> 27) & 0x1F)) + (B ^ C ^ D) + E + 0xca62c1d6;//k
            E = D;
            D = C;
            C = ((B << 30) | ((B >> 2) & 0x3FFFFFFF));
            B = A;
            A = T;
        } while(80 > (j = -~j));
        H1 += A;
        H2 += B;
        H3 += C;
        H4 += D;
        H5 += E;
    } while(b > (i += 16));
    x = [H1, H2, H3, H4, H5];
    i = -5;
    buf = "";
    do {
        T = llList2Integer(x,i);
        j = 32;
        do {
            buf += llGetSubString(hexc, b = ((T >> (j -= 4)) & 0xF), b);
        } while (j);
    } while ((i = -~i));
    return buf;
}


integer go(string in, string answer) {
    llOwnerSay("");
    string b = llStringToBase64(in);
    integer len = (6 * llSubStringIndex((b)+"=", "=")) & -8;
    llResetTime();
    string outu = UTF8_SHA1(in);
    float tu = llGetTime();
    llOwnerSay(llList2CSV(([outu, tu, len])));
    llResetTime();
    string outb = Base64_SHA1(b, len);
    float tb = llGetTime();
    llOwnerSay(llList2CSV(([outb, tb, len])));
    if(answer) {
        llOwnerSay(llList2CSV(([answer, (answer == outu),(answer == outb)])));
        return (answer == outb) && (answer == outu);
    }
    return TRUE;
}

default
{
    state_entry()
    {
        if(Base64_SHA1("AAAA", 24) != "29E2DCFBB16F63BB0254DF7585A15BB6FB5E927D")
            llOwnerSay("Failed Base64_SHA1(\"AAAA\", 24)");
        if(go("", "DA39A3EE5E6B4B0D3255BFEF95601890AFD80709"))
        if(go("abc", "A9993E364706816ABA3E25717850C26C9CD0D89D"))
        if(go("The quick brown fox jumps over the lazy dog", "2FD4E1C67A2D28FCED849EE1BB76E7391B93EB12"))
            llOwnerSay("All Tests Passed!");
//        llOwnerSay((string)llGetTime());
    }
}