The present invention generally relates to the secure hash standard. More specifically, the present invention relates to a method and system for implementing a secure hash algorithm (SHA-1) specified by the secure hash standard with hardware resources.
The SHA-1 generally operates as follows. The SHA-1 takes as input a message of maximum length which is less than 264 bits. The message is padded, if necessary, to render the total message length a multiple of 512. The message is then converted into 512-bit blocks. The 512-bit blocks are processed sequentially and the cumulative results represent a 160-bit message digest.
The SHA-1 performs eighty rounds of processing for each 512-bit block. For each of four groups of twenty rounds, the SHA-1 uses one of four Boolean functions and one of four constant values, to be further described below. Once all eighty processing rounds are completed, five 32-bit intermediate variables are updated. The process is then repeated for the next 512-bit block. Once all the 512-bit blocks are processed, the final, cumulative values of the five intermediate variables represent the 160-bit message digest. The details with respect to the processing of the 512-bit blocks will be further described below.
As mentioned above, the SHA-1 converts the message into 512-bit blocks and then processes the 512-bit blocks one at a time. More specifically, each 512-bit block to be processed is divided into sixteen (16) longwords W0, W1, . . . , W15, where W0 is the leftmost longword. Each longword is thirty-two (32) bits in length. The SHA-1 uses a five longword circular buffer to maintain the five 32-bit intermediate variables, a, b, c, d and e.
Prior to processing the first 512-bit block, the intermediate variables are initialized with the constant values H0 through H4 (in hex) respectively as follows:a=H0=0x67452301b=H1=0xEFCDAB89c=H2=0x98BADCFEd=H3=0x10325476e=H4=0xC3D2E1F0
After the intermediate variables are initialized, the processing of the 512-bit blocks takes place as follows:
For t=16 to 79, let Wt=S1(Wt-3XOR Wt-8XOR Wt-14XOR Wt-16), where Sk( ) represents a k-bit circular left shift.
The eighty (80) rounds of processing for each 512-bit block are executed according to the following equations:For t=0 to 79 doa=TEMP=S5(a)+ft(b, c, d)+e+Wt+Kt b=ac=S30(b)d=ce=d
where “+” represents addition modulo 232.
The function ft(b, c, d) and the constant Kt vary during the eighty (80) rounds of processing as follows:
ft(b,c,d) = (b AND c) OR (NOT b AND d),for (t = 0 to 19);ft(b,c,d) = b XOR c XOR d,for (t = 20 to 39);ft(b,c,d) = (b AND c) OR (b AND d) OR (c AND d),for (t = 40 to 59);ft(b,c,d) = b XOR c XOR d,for (t = 60 to 79)Kt = 232 × (21/2/4) = 0x5A827999for (t = 0 to 19);Kt = 232 × (31/2/4) = 0x6ED9EBA1for (t = 20 to 39);Kt = 232 × (51/2/4) = 0x8F1BBCDCfor (t = 40 to 59);Kt = 232 × (101/2/4) = 0xCA62C1D6for (t = 60 to 79)
After the eighty (80) rounds of processing (t=0 to 79) are completed, i.e., after a 512-bit block is processed, the intermediate variables a, b, c, d and e are updated as follows:a=a+H0 b=b+H1 c=c+H2 d=d+H3 e=e+H4 
After processing the last 512-bit block, the message digest is the 160-bit string represented by the five (5) longwords, a, b, c, d and e. The foregoing is a brief description of the SHA-1. Details with respect to the operations of the SHA-1 are well understood.
The SHA-1 is typically implemented using software. A person of ordinary skill in the art will know how to implement the SHA-1 using software. Using software to implement the SHA-1, however, has a number of shortcomings. For example, it is relatively easy to break into a software program designed to implement the SHA-1 thereby revealing that the SHA-1 is used for encrypting messages. By ascertaining the type of encryption algorithm that is being used to encrypt messages, a hacker may then successfully decrypt the message digests to obtain the messages. Hence, it would be desirable to provide a method and system that is capable of offering more secure implementation of the SHA-1.