]>
Commit | Line | Data |
---|---|---|
928a50a3 JB |
1 | /* |
2 | * SHA1 hash implementation and interface functions | |
3 | * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi> | |
4 | * | |
0f3d578e JM |
5 | * This software may be distributed under the terms of the BSD license. |
6 | * See README for more details. | |
928a50a3 JB |
7 | */ |
8 | ||
9 | #include "includes.h" | |
10 | ||
11 | #include "common.h" | |
12 | #include "sha1.h" | |
6b5c4c33 | 13 | #include "sha1_i.h" |
928a50a3 JB |
14 | #include "md5.h" |
15 | #include "crypto.h" | |
16 | ||
928a50a3 JB |
17 | typedef struct SHA1Context SHA1_CTX; |
18 | ||
05edfe29 | 19 | void SHA1Transform(u32 state[5], const unsigned char buffer[64]); |
928a50a3 JB |
20 | |
21 | ||
09eef142 | 22 | #ifdef CONFIG_CRYPTO_INTERNAL |
928a50a3 JB |
23 | /** |
24 | * sha1_vector - SHA-1 hash for data vector | |
25 | * @num_elem: Number of elements in the data vector | |
26 | * @addr: Pointers to the data areas | |
27 | * @len: Lengths of the data blocks | |
28 | * @mac: Buffer for the hash | |
0a5d68ab | 29 | * Returns: 0 on success, -1 of failure |
928a50a3 | 30 | */ |
0a5d68ab | 31 | int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) |
928a50a3 JB |
32 | { |
33 | SHA1_CTX ctx; | |
34 | size_t i; | |
35 | ||
07555778 JM |
36 | if (TEST_FAIL()) |
37 | return -1; | |
38 | ||
928a50a3 JB |
39 | SHA1Init(&ctx); |
40 | for (i = 0; i < num_elem; i++) | |
41 | SHA1Update(&ctx, addr[i], len[i]); | |
42 | SHA1Final(mac, &ctx); | |
0a5d68ab | 43 | return 0; |
928a50a3 | 44 | } |
09eef142 | 45 | #endif /* CONFIG_CRYPTO_INTERNAL */ |
928a50a3 JB |
46 | |
47 | ||
928a50a3 JB |
48 | /* ===== start - public domain SHA1 implementation ===== */ |
49 | ||
50 | /* | |
51 | SHA-1 in C | |
52 | By Steve Reid <sreid@sea-to-sky.net> | |
53 | 100% Public Domain | |
54 | ||
55 | ----------------- | |
95de34a1 | 56 | Modified 7/98 |
928a50a3 JB |
57 | By James H. Brown <jbrown@burgoyne.com> |
58 | Still 100% Public Domain | |
59 | ||
60 | Corrected a problem which generated improper hash values on 16 bit machines | |
61 | Routine SHA1Update changed from | |
62 | void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int | |
63 | len) | |
64 | to | |
65 | void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned | |
66 | long len) | |
67 | ||
68 | The 'len' parameter was declared an int which works fine on 32 bit machines. | |
69 | However, on 16 bit machines an int is too small for the shifts being done | |
70 | against | |
71 | it. This caused the hash function to generate incorrect values if len was | |
72 | greater than 8191 (8K - 1) due to the 'len << 3' on line 3 of SHA1Update(). | |
73 | ||
74 | Since the file IO in main() reads 16K at a time, any file 8K or larger would | |
75 | be guaranteed to generate the wrong hash (e.g. Test Vector #3, a million | |
76 | "a"s). | |
77 | ||
95de34a1 | 78 | I also changed the declaration of variables i & j in SHA1Update to |
928a50a3 JB |
79 | unsigned long from unsigned int for the same reason. |
80 | ||
81 | These changes should make no difference to any 32 bit implementations since | |
82 | an | |
83 | int and a long are the same size in those environments. | |
84 | ||
85 | -- | |
86 | I also corrected a few compiler warnings generated by Borland C. | |
87 | 1. Added #include <process.h> for exit() prototype | |
88 | 2. Removed unused variable 'j' in SHA1Final | |
89 | 3. Changed exit(0) to return(0) at end of main. | |
90 | ||
91 | ALL changes I made can be located by searching for comments containing 'JHB' | |
92 | ----------------- | |
93 | Modified 8/98 | |
94 | By Steve Reid <sreid@sea-to-sky.net> | |
95 | Still 100% public domain | |
96 | ||
97 | 1- Removed #include <process.h> and used return() instead of exit() | |
98 | 2- Fixed overwriting of finalcount in SHA1Final() (discovered by Chris Hall) | |
99 | 3- Changed email address from steve@edmweb.com to sreid@sea-to-sky.net | |
100 | ||
101 | ----------------- | |
102 | Modified 4/01 | |
103 | By Saul Kravitz <Saul.Kravitz@celera.com> | |
104 | Still 100% PD | |
95de34a1 | 105 | Modified to run on Compaq Alpha hardware. |
928a50a3 JB |
106 | |
107 | ----------------- | |
108 | Modified 4/01 | |
109 | By Jouni Malinen <j@w1.fi> | |
110 | Minor changes to match the coding style used in Dynamics. | |
111 | ||
112 | Modified September 24, 2004 | |
113 | By Jouni Malinen <j@w1.fi> | |
114 | Fixed alignment issue in SHA1Transform when SHA1HANDSOFF is defined. | |
115 | ||
116 | */ | |
117 | ||
118 | /* | |
119 | Test Vectors (from FIPS PUB 180-1) | |
120 | "abc" | |
121 | A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D | |
122 | "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" | |
123 | 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 | |
124 | A million repetitions of "a" | |
125 | 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F | |
126 | */ | |
127 | ||
128 | #define SHA1HANDSOFF | |
129 | ||
130 | #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) | |
131 | ||
132 | /* blk0() and blk() perform the initial expand. */ | |
133 | /* I got the idea of expanding during the round function from SSLeay */ | |
134 | #ifndef WORDS_BIGENDIAN | |
135 | #define blk0(i) (block->l[i] = (rol(block->l[i], 24) & 0xFF00FF00) | \ | |
136 | (rol(block->l[i], 8) & 0x00FF00FF)) | |
137 | #else | |
138 | #define blk0(i) block->l[i] | |
139 | #endif | |
140 | #define blk(i) (block->l[i & 15] = rol(block->l[(i + 13) & 15] ^ \ | |
141 | block->l[(i + 8) & 15] ^ block->l[(i + 2) & 15] ^ block->l[i & 15], 1)) | |
142 | ||
143 | /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ | |
144 | #define R0(v,w,x,y,z,i) \ | |
145 | z += ((w & (x ^ y)) ^ y) + blk0(i) + 0x5A827999 + rol(v, 5); \ | |
146 | w = rol(w, 30); | |
147 | #define R1(v,w,x,y,z,i) \ | |
148 | z += ((w & (x ^ y)) ^ y) + blk(i) + 0x5A827999 + rol(v, 5); \ | |
149 | w = rol(w, 30); | |
150 | #define R2(v,w,x,y,z,i) \ | |
151 | z += (w ^ x ^ y) + blk(i) + 0x6ED9EBA1 + rol(v, 5); w = rol(w, 30); | |
152 | #define R3(v,w,x,y,z,i) \ | |
153 | z += (((w | x) & y) | (w & x)) + blk(i) + 0x8F1BBCDC + rol(v, 5); \ | |
154 | w = rol(w, 30); | |
155 | #define R4(v,w,x,y,z,i) \ | |
156 | z += (w ^ x ^ y) + blk(i) + 0xCA62C1D6 + rol(v, 5); \ | |
157 | w=rol(w, 30); | |
158 | ||
159 | ||
160 | #ifdef VERBOSE /* SAK */ | |
161 | void SHAPrintContext(SHA1_CTX *context, char *msg) | |
162 | { | |
163 | printf("%s (%d,%d) %x %x %x %x %x\n", | |
164 | msg, | |
95de34a1 | 165 | context->count[0], context->count[1], |
928a50a3 JB |
166 | context->state[0], |
167 | context->state[1], | |
168 | context->state[2], | |
169 | context->state[3], | |
170 | context->state[4]); | |
171 | } | |
172 | #endif | |
173 | ||
174 | /* Hash a single 512-bit block. This is the core of the algorithm. */ | |
175 | ||
05edfe29 | 176 | void SHA1Transform(u32 state[5], const unsigned char buffer[64]) |
928a50a3 JB |
177 | { |
178 | u32 a, b, c, d, e; | |
179 | typedef union { | |
180 | unsigned char c[64]; | |
181 | u32 l[16]; | |
182 | } CHAR64LONG16; | |
183 | CHAR64LONG16* block; | |
184 | #ifdef SHA1HANDSOFF | |
6d798e8b JM |
185 | CHAR64LONG16 workspace; |
186 | block = &workspace; | |
928a50a3 JB |
187 | os_memcpy(block, buffer, 64); |
188 | #else | |
189 | block = (CHAR64LONG16 *) buffer; | |
190 | #endif | |
191 | /* Copy context->state[] to working vars */ | |
192 | a = state[0]; | |
193 | b = state[1]; | |
194 | c = state[2]; | |
195 | d = state[3]; | |
196 | e = state[4]; | |
197 | /* 4 rounds of 20 operations each. Loop unrolled. */ | |
198 | R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); | |
199 | R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); | |
200 | R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); | |
201 | R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); | |
202 | R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); | |
203 | R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); | |
204 | R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); | |
205 | R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); | |
206 | R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); | |
207 | R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); | |
208 | R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); | |
209 | R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); | |
210 | R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); | |
211 | R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); | |
212 | R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); | |
213 | R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); | |
214 | R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); | |
215 | R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); | |
216 | R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); | |
217 | R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); | |
218 | /* Add the working vars back into context.state[] */ | |
219 | state[0] += a; | |
220 | state[1] += b; | |
221 | state[2] += c; | |
222 | state[3] += d; | |
223 | state[4] += e; | |
224 | /* Wipe variables */ | |
225 | a = b = c = d = e = 0; | |
226 | #ifdef SHA1HANDSOFF | |
31bc66e4 | 227 | forced_memzero(block, 64); |
928a50a3 JB |
228 | #endif |
229 | } | |
230 | ||
231 | ||
232 | /* SHA1Init - Initialize new context */ | |
233 | ||
234 | void SHA1Init(SHA1_CTX* context) | |
235 | { | |
236 | /* SHA1 initialization constants */ | |
237 | context->state[0] = 0x67452301; | |
238 | context->state[1] = 0xEFCDAB89; | |
239 | context->state[2] = 0x98BADCFE; | |
240 | context->state[3] = 0x10325476; | |
241 | context->state[4] = 0xC3D2E1F0; | |
242 | context->count[0] = context->count[1] = 0; | |
243 | } | |
244 | ||
245 | ||
246 | /* Run your data through this. */ | |
247 | ||
248 | void SHA1Update(SHA1_CTX* context, const void *_data, u32 len) | |
249 | { | |
250 | u32 i, j; | |
251 | const unsigned char *data = _data; | |
252 | ||
253 | #ifdef VERBOSE | |
254 | SHAPrintContext(context, "before"); | |
255 | #endif | |
256 | j = (context->count[0] >> 3) & 63; | |
257 | if ((context->count[0] += len << 3) < (len << 3)) | |
258 | context->count[1]++; | |
259 | context->count[1] += (len >> 29); | |
260 | if ((j + len) > 63) { | |
261 | os_memcpy(&context->buffer[j], data, (i = 64-j)); | |
262 | SHA1Transform(context->state, context->buffer); | |
263 | for ( ; i + 63 < len; i += 64) { | |
264 | SHA1Transform(context->state, &data[i]); | |
265 | } | |
266 | j = 0; | |
267 | } | |
268 | else i = 0; | |
269 | os_memcpy(&context->buffer[j], &data[i], len - i); | |
270 | #ifdef VERBOSE | |
271 | SHAPrintContext(context, "after "); | |
272 | #endif | |
273 | } | |
274 | ||
275 | ||
276 | /* Add padding and return the message digest. */ | |
277 | ||
278 | void SHA1Final(unsigned char digest[20], SHA1_CTX* context) | |
279 | { | |
280 | u32 i; | |
281 | unsigned char finalcount[8]; | |
282 | ||
283 | for (i = 0; i < 8; i++) { | |
284 | finalcount[i] = (unsigned char) | |
285 | ((context->count[(i >= 4 ? 0 : 1)] >> | |
286 | ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ | |
287 | } | |
288 | SHA1Update(context, (unsigned char *) "\200", 1); | |
289 | while ((context->count[0] & 504) != 448) { | |
290 | SHA1Update(context, (unsigned char *) "\0", 1); | |
291 | } | |
292 | SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() | |
293 | */ | |
294 | for (i = 0; i < 20; i++) { | |
295 | digest[i] = (unsigned char) | |
296 | ((context->state[i >> 2] >> ((3 - (i & 3)) * 8)) & | |
297 | 255); | |
298 | } | |
299 | /* Wipe variables */ | |
928a50a3 JB |
300 | os_memset(context->buffer, 0, 64); |
301 | os_memset(context->state, 0, 20); | |
302 | os_memset(context->count, 0, 8); | |
31bc66e4 | 303 | forced_memzero(finalcount, sizeof(finalcount)); |
928a50a3 JB |
304 | } |
305 | ||
306 | /* ===== end - public domain SHA1 implementation ===== */ |