add the gitkeep back -_- (2)

.github/workflows/dos-djgpp.yml

@@ -188,3 +188,121 @@ jobs:
         with:
           name: UMSKT-DOS-x86
           path: build/actions_upload
+  compress:
+    needs: build
+    if: success()
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+    steps:
+      - name: Setup test environment
+        run: |
+          sudo apt -y update
+          sudo apt -y install dosbox
+          
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: UMSKT-DOS-x86
+          path: .
+
+      - name: Install UPX
+        uses: crazy-max/ghaction-upx@v3
+        with:
+          install-only: true
+          
+      - name: Compress binary
+        shell: pwsh
+        run: |
+          upx umskt.exe --best --ultra-brute -v
+          
+      - name: Setup DOSBox test environment
+        run: |
+          mkdir -p dosbox_test
+          cp umskt.exe dosbox_test/
+          # Download DPMI server directly
+          # wget https://github.com/UMSKT/winactiontest/raw/refs/heads/main/CWSDPMI.EXE -O dosbox_test/CWSDPMI.EXE
+          # Create test batch file
+          cat > dosbox_test/test.bat << EOL
+          @echo off
+          echo Running test 1...
+          umskt.exe -b 2C -c 365 -s 069420 > TEST1.TXT
+          if errorlevel 1 goto error
+          echo Running test 2...
+          umskt.exe -i 253286028742154311079061239762245184619981623171292574 > TEST2.TXT
+          if errorlevel 1 goto error
+          echo Tests completed > DONE.TXT
+          goto end
+          :error
+          echo Test failed > ERROR.TXT
+          :end
+          exit
+          EOL
+          # Create DOSBox configuration
+          cat > dosbox_test/dosbox.conf << EOL
+          [sdl]
+          nosound=true
+          [cpu]
+          cputype=386
+          core=dynamic
+          cycles=max
+          [autoexec]
+          mount c .
+          c:
+          test.bat
+          exit
+          EOL
+
+      - name: Run tests in DOSBox
+      
+        run: |
+          cd dosbox_test
+          timeout 30s dosbox -conf dosbox.conf -nogui -exit
+          # Check if the test completed successfully
+          if [ ! -f DONE.TXT ]; then
+            echo "Tests did not complete successfully"
+            if [ -f ERROR.TXT ]; then
+              echo "Test execution failed"
+            fi
+            if [ -f TEST1.TXT ]; then
+              echo "Test 1 output:"
+              cat TEST1.TXT
+            fi
+            if [ -f TEST2.TXT ]; then
+              echo "Test 2 output:"
+              cat TEST2.TXT
+            fi
+            exit 1
+          fi
+          # Verify test outputs
+          if [ ! -f TEST1.TXT ] || [ ! -f TEST2.TXT ]; then
+            echo "Test output files missing"
+            exit 1
+          fi
+          # Check test results - looking for key format patterns
+          if ! grep -qE '[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}' TEST1.TXT || \
+             ! grep -qE '[0-9]{6}-[0-9]{6}-[0-9]{6}-[0-9]{6}-[0-9]{6}-[0-9]{6}-[0-9]{6}' TEST2.TXT; then
+            echo "Tests failed - unexpected output format"
+            echo "Test 1 output:"
+            cat TEST1.TXT
+            echo "Test 2 output:"
+            cat TEST2.TXT
+            exit 1
+          else
+            echo "All tests passed successfully"
+            echo "Test 1 output:"
+            cat TEST1.TXT
+            echo "Test 2 output:"
+            cat TEST2.TXT
+          fi
+
+      - name: Move executable to upload directory
+        run: |
+          mkdir actions_upload
+          mv umskt.exe actions_upload/
+          
+      - name: Upload build artifact
+        uses: actions/upload-artifact@v4.6.2
+        with:
+          name: UMSKT-DOS-x86-Compressed
+          path: actions_upload

.github/workflows/windows-x86-x64.yml

@@ -98,9 +98,9 @@ jobs:
           cd openssl-1.1.1
 
           if [[ ${{ matrix.arch }} == "x86" ]]; then
-              /usr/bin/perl Configure mingw --prefix=$(cygpath -u "$GITHUB_WORKSPACE")/OpenSSL-TDM-${{ matrix.arch }} --openssldir=$(cygpath -u "$GITHUB_WORKSPACE")/OpenSSL-TDM-32 no-tests no-sse2 no-asm no-threads -DOPENSSL_DEV_NO_ATOMICS -mno-mmx -mno-sse -mno-sse2 -march=i686 -mtune=generic
+              /usr/bin/perl Configure mingw --prefix=$(cygpath -u "$GITHUB_WORKSPACE")/OpenSSL-TDM-${{ matrix.arch }} --openssldir=$(cygpath -u "$GITHUB_WORKSPACE")/OpenSSL-TDM-32 no-tests no-sse2 no-asm no-threads -DOPENSSL_DEV_NO_ATOMICS -mno-mmx -mno-sse -mno-sse2 -march=i686 -mtune=generic -Os -s -fno-exceptions -fno-rtti -fno-unwind-tables -fno-asynchronous-unwind-tables -ffunction-sections -fdata-sections -fno-stack-protector
           else
-              /usr/bin/perl Configure mingw64 --prefix=$(cygpath -u "$GITHUB_WORKSPACE")/OpenSSL-TDM-${{ matrix.arch }} --openssldir=$(cygpath -u "$GITHUB_WORKSPACE")/OpenSSL-TDM-64 no-tests no-asm -DOPENSSL_DEV_NO_ATOMICS -mno-mmx
+              /usr/bin/perl Configure mingw64 --prefix=$(cygpath -u "$GITHUB_WORKSPACE")/OpenSSL-TDM-${{ matrix.arch }} --openssldir=$(cygpath -u "$GITHUB_WORKSPACE")/OpenSSL-TDM-64 no-tests no-asm -DOPENSSL_DEV_NO_ATOMICS -mno-mmx -Os -s -fno-exceptions -fno-rtti -fno-unwind-tables -fno-asynchronous-unwind-tables -ffunction-sections -fdata-sections -fno-stack-protector
           fi
           mingw32-make -j
           mingw32-make install_sw
@@ -158,3 +158,78 @@ jobs:
         with:
           name: UMSKT-WinNT-${{ matrix.arch }}
           path: umskt.exe 
+
+  compress:
+    needs: build
+    if: success()
+    runs-on: windows-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - arch: x86
+          - arch: x64
+    steps:
+      - name: Setup TDM-GCC
+        run: |
+          Write-Host Downloading TDM-GCC v10.3.0...
+          Invoke-WebRequest -Uri 'https://github.com/jmeubank/tdm-gcc/releases/download/v10.3.0-tdm64-2/tdm64-gcc-10.3.0-2.exe' -OutFile 'C:\Windows\temp\TDM-GCC-64.exe'
+          Write-Host Creating directory...
+          New-Item -ItemType Directory -Path 'C:\TDM-GCC-64'
+          Write-Host Copying files [Set 1/3]...
+          Start-Process '7z' -ArgumentList 'e C:\Windows\temp\TDM-GCC-64.exe -oC:\TDM-GCC-64 -y' -Wait
+          Write-Host Copying files [Set 2/3]...
+          Start-Process '7z' -ArgumentList 'e C:\TDM-GCC-64\*.tar.xz -oC:\TDM-GCC-64 -y' -Wait
+          Write-Host Copying files [Set 3/3]...
+          Start-Process '7z' -ArgumentList 'x C:\TDM-GCC-64\*.tar -oC:\TDM-GCC-64 -y' -Wait
+          Write-Host Adding environment variables...
+          $env:PATH = 'C:\TDM-GCC-64\bin;' + $env:PATH
+          [Environment]::SetEnvironmentVariable('PATH', $env:PATH, [EnvironmentVariableTarget]::Machine)
+          
+      - name: Setup UPX
+        run: |
+          Invoke-WebRequest -Uri 'https://github.com/upx/upx/releases/download/v5.0.2/upx-5.0.2-win64.zip' -OutFile 'C:\Windows\temp\upx.zip'
+          Write-Host Creating directory...
+          New-Item -ItemType Directory -Path 'C:\UPX'
+          Write-Host Copying files...
+          Expand-Archive -Path 'C:\Windows\temp\upx.zip' -DestinationPath 'C:\UPX'
+          Write-Host Adding environment variables...
+          $env:PATH = 'C:\UPX\upx-5.0.2-win64;' + $env:PATH
+          [Environment]::SetEnvironmentVariable('PATH', $env:PATH, [EnvironmentVariableTarget]::Machine)
+        
+      - name: Download ${{matrix.arch}} artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: UMSKT-WinNT-${{ matrix.arch }}
+          path: .
+      - name: Compress binaries
+        shell: pwsh
+        run: |
+          # Strip symbols
+          strip .\umskt.exe
+
+          # Remove resources
+          llvm-objcopy --remove-section .rsrc umskt.exe umskt_comp.exe
+
+          # Compress with UPX
+          & "C:\UPX\upx-5.0.2-win64\upx.exe" --best --ultra-brute .\umskt_comp.exe
+
+          # Replace original EXE
+          Remove-Item .\umskt.exe
+          Rename-Item -Path .\umskt_comp.exe -NewName umskt.exe
+
+
+    
+      - name: Run tests
+        shell: pwsh
+        run: |
+          Write-Host Test 1 - generating key
+          .\umskt.exe -b 2C -c 365 -s 069420 -v
+          Write-Host Test 2 - generatng confid
+          .\umskt.exe -i 253286028742154311079061239762245184619981623171292574 
+          
+      - name: Upload build artifact
+        uses: actions/upload-artifact@v4.6.2
+        with:
+          name: UMSKT-WinNT-${{ matrix.arch }}-Compressed
+          path: umskt.exe

.gitignore

@@ -1,4 +1,5 @@
 build/*
+!build/.gitkeep
 *.tar
 *.exe
 *.wasm

CMakeLists.txt

@@ -27,6 +27,11 @@ if (WIN32 AND NOT MSVC)
     set(CMAKE_CXX_COMPILER "C:/TDM-GCC-64/bin/g++.exe" CACHE FILEPATH "C++ Compiler" FORCE)
     message(STATUS "[UMSKT] Forcing use of TDM-GCC in C:/TDM-GCC-64")
     
+    # Add size optimization flags for GCC
+    set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} -Os -s -fno-exceptions -fno-rtti -fno-unwind-tables -fno-asynchronous-unwind-tables -ffunction-sections -fdata-sections -fno-stack-protector")
+    set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE} -Os -s -fno-exceptions -fno-rtti -fno-unwind-tables -fno-asynchronous-unwind-tables -ffunction-sections -fdata-sections -fno-stack-protector")
+    set(CMAKE_EXE_LINKER_FLAGS_RELEASE "${CMAKE_EXE_LINKER_FLAGS_RELEASE} -Wl,--gc-sections -Wl,--strip-all")
+    
     # Configure windres for resource compilation
     set(CMAKE_RC_COMPILER "C:/TDM-GCC-64/bin/windres.exe")
     set(CMAKE_RC_COMPILER_INIT windres)
@@ -123,13 +128,13 @@ ENDIF()
 IF(MSVC)
     SET(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$<CONFIG:Debug>:Debug>")
     IF(NOT BUILD_SHARED_LIBS)
-        SET(CMAKE_CXX_FLAGS_RELEASE "/MT")
+        SET(CMAKE_CXX_FLAGS_RELEASE "/MT /Os /GL /GS- /Gy")
         SET(CMAKE_CXX_FLAGS_DEBUG "/MTd")
     ELSE()
-        SET(CMAKE_CXX_FLAGS_RELEASE "/MD")
+        SET(CMAKE_CXX_FLAGS_RELEASE "/MD /Os /GL /GS- /Gy")
         SET(CMAKE_CXX_FLAGS_DEBUG "/MDd")
     ENDIF()
-    SET(CMAKE_EXE_LINKER_FLAGS "/INCREMENTAL:NO /NODEFAULTLIB:MSVCRT")
+    SET(CMAKE_EXE_LINKER_FLAGS "/INCREMENTAL:NO /NODEFAULTLIB:MSVCRT /OPT:REF /OPT:ICF")
     SET(CMAKE_ENABLE_EXPORTS ON)
     SET(UMSKT_EXE_WINDOWS_EXTRA src/windows/umskt.rc)
     SET(UMSKT_EXE_WINDOWS_DLL src/windows/dllmain.cpp)
@@ -235,7 +240,7 @@ CPMAddPackage(
 ### Resource compilation
 CMRC_ADD_RESOURCE_LIBRARY(umskt-rc ALIAS umskt::rc NAMESPACE umskt keys.json)
 
-SET(LIBUMSKT_SRC src/libumskt/libumskt.cpp src/libumskt/pidgen3/BINK1998.cpp src/libumskt/pidgen3/BINK2002.cpp src/libumskt/pidgen3/key.cpp src/libumskt/pidgen3/util.cpp src/libumskt/confid/confid.cpp src/libumskt/pidgen2/PIDGEN2.cpp src/libumskt/debugoutput.cpp)
+SET(LIBUMSKT_SRC src/libumskt/libumskt.cpp src/libumskt/sha1/sha1.cpp src/libumskt/pidgen3/BINK1998.cpp src/libumskt/pidgen3/BINK2002.cpp src/libumskt/pidgen3/key.cpp src/libumskt/pidgen3/util.cpp src/libumskt/confid/confid.cpp src/libumskt/pidgen2/PIDGEN2.cpp src/libumskt/debugoutput.cpp)
 
 #### Separate Build Path for emscripten
 IF (EMSCRIPTEN)
@@ -293,4 +298,4 @@ ELSE()
         message(STATUS "[UMSKT] CWSDSTUB_LOCATION set to: ${CWSDSTUB_LOCATION}")
         message(STATUS "[UMSKT] DJGPP_BIN_LOCATION set to: ${DJGPP_BIN_LOCATION}")
     ENDIF()
-ENDIF()
+ENDIF()

src/libumskt/libumskt.cpp

@@ -59,7 +59,33 @@ FNEXPORT int PIDGEN2_GenerateOEM(char* year, char* day, char* oem, char* keyout)
     return PIDGEN2::GenerateOEM(year, day, oem, keyout);
 }
 
-// RNG utility functions
+// RNG implementation
+std::mt19937_64& UMSKT::get_rng() {
+    static std::mt19937_64 rng = []() {
+        // Seed the generator with multiple entropy sources
+        std::random_device rd;
+        std::array<std::uint64_t, std::mt19937_64::state_size> seed_data;
+        
+        // Mix in random_device entropy
+        std::generate(seed_data.begin(), seed_data.end(), std::ref(rd));
+        
+        // Mix in high-resolution time
+        auto now = std::chrono::high_resolution_clock::now();
+        auto nanos = std::chrono::duration_cast<std::chrono::nanoseconds>(
+            now.time_since_epoch()
+        ).count();
+        seed_data[0] ^= static_cast<std::uint64_t>(nanos);
+        
+        // Create a seed sequence
+        std::seed_seq seq(seed_data.begin(), seed_data.end());
+        
+        // Initialize RNG with the seed sequence
+        std::mt19937_64 generator(seq);
+        return generator;
+    }();
+    return rng;
+}
+
 int UMSKT::umskt_rand_bytes(unsigned char *buf, int num) {
 #if UMSKT_RNG_DJGPP
     // DOS-compatible RNG using DJGPP's random() function
@@ -89,14 +115,20 @@ int UMSKT::umskt_rand_bytes(unsigned char *buf, int num) {
     }
     return 1;
 #else
-    // Use OpenSSL's RAND_bytes for non-DOS systems
-    return RAND_bytes(buf, num);
+    // Use C++ std::uniform_int_distribution for better randomness
+    std::uniform_int_distribution<unsigned short> dist(0, 255);
+    auto& rng = get_rng();
+    
+    for (int i = 0; i < num; i++) {
+        buf[i] = static_cast<unsigned char>(dist(rng));
+    }
+    return 1;
 #endif
 }
 
 int UMSKT::umskt_bn_rand(BIGNUM *rnd, int bits, int top, int bottom) {
 #if UMSKT_RNG_DJGPP
-    // DOS-compatible RNG implementation for BIGNUMs
+    // Keep existing DOS-compatible implementation
     unsigned char *buf = (unsigned char *)malloc((bits + 7) / 8);
     if (!buf) return 0;
     
@@ -129,7 +161,37 @@ int UMSKT::umskt_bn_rand(BIGNUM *rnd, int bits, int top, int bottom) {
     
     return 1;
 #else
-    // Use OpenSSL's BN_rand for non-DOS systems
-    return BN_rand(rnd, bits, top, bottom);
+    // Generate random bytes using C++ RNG
+    unsigned char *buf = (unsigned char *)malloc((bits + 7) / 8);
+    if (!buf) return 0;
+    
+    // Generate random bytes
+    umskt_rand_bytes(buf, (bits + 7) / 8);
+    
+    // Convert to BIGNUM
+    if (!BN_bin2bn(buf, (bits + 7) / 8, rnd)) {
+        free(buf);
+        return 0;
+    }
+    
+    free(buf);
+    
+    // Apply top/bottom constraints
+    if (top != -1) {
+        if (top) {
+            if (bits == 0) {
+                BN_zero(rnd);
+                return 1;
+            }
+            BN_set_bit(rnd, bits - 1);
+        }
+        BN_mask_bits(rnd, bits);
+    }
+    
+    if (bottom) {
+        BN_set_bit(rnd, 0);
+    }
+    
+    return 1;
 #endif
 }

src/libumskt/libumskt.h

@@ -28,13 +28,16 @@
 #include <string>
 #include <iostream>
 #include <sstream>
+#include <random>
+#include <chrono>
+#include <algorithm>
+#include <array>
 
 #include <openssl/bn.h>
 #include <openssl/ec.h>
-#include <openssl/sha.h>
 #include <openssl/evp.h>
-#include <openssl/rand.h>
 
+#include "sha1/sha1.h"
 #include <fmt/core.h>
 #include <fmt/format.h>
 
@@ -75,6 +78,9 @@ extern "C" {
 #endif
 
 class UMSKT {
+private:
+    static std::mt19937_64& get_rng();
+
 public:
     static std::FILE* debug;
     class PIDGEN2;

src/libumskt/pidgen3/BINK1998.cpp

@@ -154,7 +154,7 @@ bool PIDGEN3::BINK1998::Verify(
     memcpy((void *)&msgBuffer[4 + FIELD_BYTES], (void *)yBin, FIELD_BYTES);
 
     // compHash = SHA1(pSerial || P.x || P.y)
-    SHA1(msgBuffer, SHA_MSG_LENGTH_XP, msgDigest);
+    SHA1_DIGEST(msgBuffer, SHA_MSG_LENGTH_XP, msgDigest);
 
     // Translate the byte digest into a 32-bit integer - this is our computed hash.
     // Truncate the hash to 28 bits.
@@ -226,7 +226,7 @@ void PIDGEN3::BINK1998::Generate(
         memcpy((void *)&msgBuffer[4 + FIELD_BYTES], (void *)yBin, FIELD_BYTES);
 
         // pHash = SHA1(pSerial || R.x || R.y)
-        SHA1(msgBuffer, SHA_MSG_LENGTH_XP, msgDigest);
+        SHA1_DIGEST(msgBuffer, SHA_MSG_LENGTH_XP, msgDigest);
 
         // Translate the byte digest into a 32-bit integer - this is our computed pHash.
         // Truncate the pHash to 28 bits.

src/libumskt/pidgen3/BINK2002.cpp

@@ -127,7 +127,7 @@ bool PIDGEN3::BINK2002::Verify(
     msgBuffer[0x0A] = 0x00;
 
     // newSignature = SHA1(5D || Channel ID || Hash || AuthInfo || 00 00)
-    SHA1(msgBuffer, 11, msgDigest);
+    SHA1_DIGEST(msgBuffer, 11, msgDigest);
 
     // Translate the byte digest into a 64-bit integer - this is our computed intermediate signature.
     // As the signature is only 62 bits long at most, we have to truncate it by shifting the high DWORD right 2 bits (per spec).
@@ -185,7 +185,7 @@ bool PIDGEN3::BINK2002::Verify(
     memcpy((void *)&msgBuffer[3 + FIELD_BYTES_2003], (void *)yBin, FIELD_BYTES_2003);
 
     // compHash = SHA1(79 || Channel ID || p.x || p.y)
-    SHA1(msgBuffer, SHA_MSG_LENGTH_2003, msgDigest);
+    SHA1_DIGEST(msgBuffer, SHA_MSG_LENGTH_2003, msgDigest);
 
     // Translate the byte digest into a 32-bit integer - this is our computed hash.
     // Truncate the hash to 31 bits.
@@ -263,7 +263,7 @@ void PIDGEN3::BINK2002::Generate(
         memcpy((void *)&msgBuffer[3 + FIELD_BYTES_2003], (void *)yBin, FIELD_BYTES_2003);
 
         // pHash = SHA1(79 || Channel ID || R.x || R.y)
-        SHA1(msgBuffer, SHA_MSG_LENGTH_2003, msgDigest);
+        SHA1_DIGEST(msgBuffer, SHA_MSG_LENGTH_2003, msgDigest);
 
         // Translate the byte digest into a 32-bit integer - this is our computed hash.
         // Truncate the hash to 31 bits.
@@ -283,7 +283,7 @@ void PIDGEN3::BINK2002::Generate(
         msgBuffer[0x0A] = 0x00;
 
         // newSignature = SHA1(5D || Channel ID || Hash || AuthInfo || 00 00)
-        SHA1(msgBuffer, 11, msgDigest);
+        SHA1_DIGEST(msgBuffer, 11, msgDigest);
 
         // Translate the byte digest into a 64-bit integer - this is our computed intermediate signature.
         // As the signature is only 62 bits long at most, we have to truncate it by shifting the high DWORD right 2 bits (per spec).

src/libumskt/sha1/sha1.cpp

@@ -0,0 +1,140 @@
+#include "sha1.h"
+#include <cstring>
+#include <bit>
+
+namespace umskt {
+
+// Rotate left operation
+static inline uint32_t rotl(uint32_t value, unsigned int bits) {
+    return (value << bits) | (value >> (32 - bits));
+}
+
+SHA1::SHA1() {
+    reset();
+}
+
+void SHA1::reset() {
+    std::memcpy(state, INIT_STATE, sizeof(state));
+    totalBytes = 0;
+    bufferSize = 0;
+}
+
+void SHA1::update(const uint8_t* data, size_t len) {
+    while (len > 0) {
+        size_t copy = std::min(BLOCK_SIZE - bufferSize, len);
+        std::memcpy(buffer + bufferSize, data, copy);
+        bufferSize += copy;
+        data += copy;
+        len -= copy;
+        
+        if (bufferSize == BLOCK_SIZE) {
+            processBlock(buffer);
+            totalBytes += BLOCK_SIZE;
+            bufferSize = 0;
+        }
+    }
+}
+
+SHA1::Digest SHA1::finalize() {
+    // Total size including padding must be a multiple of 64 bytes
+    totalBytes += bufferSize;
+    
+    // Add padding byte
+    buffer[bufferSize++] = 0x80;
+    
+    // If there isn't enough room for the length (8 bytes), process this block and start a new one
+    if (bufferSize > BLOCK_SIZE - 8) {
+        std::memset(buffer + bufferSize, 0, BLOCK_SIZE - bufferSize);
+        processBlock(buffer);
+        bufferSize = 0;
+    }
+    
+    // Pad with zeros and add 64-bit length (in bits)
+    std::memset(buffer + bufferSize, 0, BLOCK_SIZE - 8 - bufferSize);
+    uint64_t bitCount = totalBytes * 8;
+    
+    // Store length in big-endian format
+    for (int i = 7; i >= 0; --i) {
+        buffer[BLOCK_SIZE - 1 - i] = static_cast<uint8_t>(bitCount >> (i * 8));
+    }
+    
+    processBlock(buffer);
+    
+    // Convert state to bytes (big-endian)
+    Digest digest;
+    for (int i = 0; i < 5; ++i) {
+        digest[i*4] = static_cast<uint8_t>(state[i] >> 24);
+        digest[i*4 + 1] = static_cast<uint8_t>(state[i] >> 16);
+        digest[i*4 + 2] = static_cast<uint8_t>(state[i] >> 8);
+        digest[i*4 + 3] = static_cast<uint8_t>(state[i]);
+    }
+    
+    return digest;
+}
+
+void SHA1::processBlock(const uint8_t* block) {
+    // Convert block to 16 32-bit words (big-endian)
+    uint32_t w[80];
+    for (int i = 0; i < 16; ++i) {
+        w[i] = (static_cast<uint32_t>(block[i*4]) << 24) |
+               (static_cast<uint32_t>(block[i*4 + 1]) << 16) |
+               (static_cast<uint32_t>(block[i*4 + 2]) << 8) |
+               static_cast<uint32_t>(block[i*4 + 3]);
+    }
+    
+    // Extend 16 words to 80 words
+    for (int i = 16; i < 80; ++i) {
+        w[i] = rotl(w[i-3] ^ w[i-8] ^ w[i-14] ^ w[i-16], 1);
+    }
+    
+    // Initialize working variables
+    uint32_t a = state[0];
+    uint32_t b = state[1];
+    uint32_t c = state[2];
+    uint32_t d = state[3];
+    uint32_t e = state[4];
+    
+    // Main loop
+    for (int i = 0; i < 80; ++i) {
+        uint32_t f, k;
+        
+        if (i < 20) {
+            f = (b & c) | ((~b) & d);
+            k = 0x5A827999;
+        }
+        else if (i < 40) {
+            f = b ^ c ^ d;
+            k = 0x6ED9EBA1;
+        }
+        else if (i < 60) {
+            f = (b & c) | (b & d) | (c & d);
+            k = 0x8F1BBCDC;
+        }
+        else {
+            f = b ^ c ^ d;
+            k = 0xCA62C1D6;
+        }
+        
+        uint32_t temp = rotl(a, 5) + f + e + k + w[i];
+        e = d;
+        d = c;
+        c = rotl(b, 30);
+        b = a;
+        a = temp;
+    }
+    
+    // Update state
+    state[0] += a;
+    state[1] += b;
+    state[2] += c;
+    state[3] += d;
+    state[4] += e;
+}
+
+SHA1::Digest SHA1::hash(const uint8_t* data, size_t len) {
+    SHA1 sha1;
+    sha1.update(data, len);
+    return sha1.finalize();
+}
+
+} // namespace umskt 

src/libumskt/sha1/sha1.h

@@ -0,0 +1,59 @@
+#ifndef UMSKT_SHA1_H
+#define UMSKT_SHA1_H
+
+#include "../../typedefs.h"
+#include <cstdint>
+#include <array>
+#include <string>
+
+// OpenSSL-compatible constants
+#define SHA_DIGEST_LENGTH 20
+#define SHA_CBLOCK    64
+#define SHA_LBLOCK    16
+
+namespace umskt {
+
+class SHA1 {
+public:
+    static constexpr size_t DIGEST_SIZE = SHA_DIGEST_LENGTH;  // SHA1 produces a 160-bit (20-byte) hash
+    using Digest = std::array<uint8_t, DIGEST_SIZE>;
+
+    SHA1();
+    
+    // Update the hash with more data
+    void update(const uint8_t* data, size_t len);
+    
+    // Finalize and get the hash
+    Digest finalize();
+    
+    // Reset the hash state
+    void reset();
+    
+    // Convenience method to hash data in one call
+    static Digest hash(const uint8_t* data, size_t len);
+
+private:
+    static constexpr size_t BLOCK_SIZE = SHA_CBLOCK;  // SHA1 operates on 512-bit (64-byte) blocks
+    static constexpr uint32_t INIT_STATE[5] = {
+        0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0
+    };
+
+    void processBlock(const uint8_t* block);
+    
+    uint32_t state[5];           // Hash state
+    uint8_t buffer[BLOCK_SIZE];  // Input buffer
+    uint64_t totalBytes;         // Total bytes processed
+    size_t bufferSize;          // Current bytes in buffer
+};
+
+// OpenSSL-compatible function
+inline void SHA1_wrapper(const unsigned char* data, size_t len, unsigned char* digest) {
+    auto result = SHA1::hash(data, len);
+    std::copy(result.begin(), result.end(), digest);
+}
+
+} // namespace umskt
+
+#define SHA1_DIGEST(d,n,md) umskt::SHA1_wrapper((d),(n),(md))
+
+#endif // UMSKT_SHA1_H