]>
Commit | Line | Data |
---|---|---|
928a50a3 JB |
1 | /* |
2 | * SHA1 hash implementation and interface functions | |
3 | * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi> | |
4 | * | |
0f3d578e JM |
5 | * This software may be distributed under the terms of the BSD license. |
6 | * See README for more details. | |
928a50a3 JB |
7 | */ |
8 | ||
9 | #include "includes.h" | |
10 | ||
11 | #include "common.h" | |
12 | #include "sha1.h" | |
6b5c4c33 | 13 | #include "sha1_i.h" |
928a50a3 JB |
14 | #include "md5.h" |
15 | #include "crypto.h" | |
16 | ||
928a50a3 JB |
17 | typedef struct SHA1Context SHA1_CTX; |
18 | ||
05edfe29 | 19 | void SHA1Transform(u32 state[5], const unsigned char buffer[64]); |
928a50a3 JB |
20 | |
21 | ||
09eef142 | 22 | #ifdef CONFIG_CRYPTO_INTERNAL |
928a50a3 JB |
23 | /** |
24 | * sha1_vector - SHA-1 hash for data vector | |
25 | * @num_elem: Number of elements in the data vector | |
26 | * @addr: Pointers to the data areas | |
27 | * @len: Lengths of the data blocks | |
28 | * @mac: Buffer for the hash | |
0a5d68ab | 29 | * Returns: 0 on success, -1 of failure |
928a50a3 | 30 | */ |
0a5d68ab | 31 | int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) |
928a50a3 JB |
32 | { |
33 | SHA1_CTX ctx; | |
34 | size_t i; | |
35 | ||
36 | SHA1Init(&ctx); | |
37 | for (i = 0; i < num_elem; i++) | |
38 | SHA1Update(&ctx, addr[i], len[i]); | |
39 | SHA1Final(mac, &ctx); | |
0a5d68ab | 40 | return 0; |
928a50a3 | 41 | } |
09eef142 | 42 | #endif /* CONFIG_CRYPTO_INTERNAL */ |
928a50a3 JB |
43 | |
44 | ||
928a50a3 JB |
45 | /* ===== start - public domain SHA1 implementation ===== */ |
46 | ||
47 | /* | |
48 | SHA-1 in C | |
49 | By Steve Reid <sreid@sea-to-sky.net> | |
50 | 100% Public Domain | |
51 | ||
52 | ----------------- | |
53 | Modified 7/98 | |
54 | By James H. Brown <jbrown@burgoyne.com> | |
55 | Still 100% Public Domain | |
56 | ||
57 | Corrected a problem which generated improper hash values on 16 bit machines | |
58 | Routine SHA1Update changed from | |
59 | void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int | |
60 | len) | |
61 | to | |
62 | void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned | |
63 | long len) | |
64 | ||
65 | The 'len' parameter was declared an int which works fine on 32 bit machines. | |
66 | However, on 16 bit machines an int is too small for the shifts being done | |
67 | against | |
68 | it. This caused the hash function to generate incorrect values if len was | |
69 | greater than 8191 (8K - 1) due to the 'len << 3' on line 3 of SHA1Update(). | |
70 | ||
71 | Since the file IO in main() reads 16K at a time, any file 8K or larger would | |
72 | be guaranteed to generate the wrong hash (e.g. Test Vector #3, a million | |
73 | "a"s). | |
74 | ||
75 | I also changed the declaration of variables i & j in SHA1Update to | |
76 | unsigned long from unsigned int for the same reason. | |
77 | ||
78 | These changes should make no difference to any 32 bit implementations since | |
79 | an | |
80 | int and a long are the same size in those environments. | |
81 | ||
82 | -- | |
83 | I also corrected a few compiler warnings generated by Borland C. | |
84 | 1. Added #include <process.h> for exit() prototype | |
85 | 2. Removed unused variable 'j' in SHA1Final | |
86 | 3. Changed exit(0) to return(0) at end of main. | |
87 | ||
88 | ALL changes I made can be located by searching for comments containing 'JHB' | |
89 | ----------------- | |
90 | Modified 8/98 | |
91 | By Steve Reid <sreid@sea-to-sky.net> | |
92 | Still 100% public domain | |
93 | ||
94 | 1- Removed #include <process.h> and used return() instead of exit() | |
95 | 2- Fixed overwriting of finalcount in SHA1Final() (discovered by Chris Hall) | |
96 | 3- Changed email address from steve@edmweb.com to sreid@sea-to-sky.net | |
97 | ||
98 | ----------------- | |
99 | Modified 4/01 | |
100 | By Saul Kravitz <Saul.Kravitz@celera.com> | |
101 | Still 100% PD | |
102 | Modified to run on Compaq Alpha hardware. | |
103 | ||
104 | ----------------- | |
105 | Modified 4/01 | |
106 | By Jouni Malinen <j@w1.fi> | |
107 | Minor changes to match the coding style used in Dynamics. | |
108 | ||
109 | Modified September 24, 2004 | |
110 | By Jouni Malinen <j@w1.fi> | |
111 | Fixed alignment issue in SHA1Transform when SHA1HANDSOFF is defined. | |
112 | ||
113 | */ | |
114 | ||
115 | /* | |
116 | Test Vectors (from FIPS PUB 180-1) | |
117 | "abc" | |
118 | A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D | |
119 | "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" | |
120 | 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 | |
121 | A million repetitions of "a" | |
122 | 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F | |
123 | */ | |
124 | ||
125 | #define SHA1HANDSOFF | |
126 | ||
127 | #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) | |
128 | ||
129 | /* blk0() and blk() perform the initial expand. */ | |
130 | /* I got the idea of expanding during the round function from SSLeay */ | |
131 | #ifndef WORDS_BIGENDIAN | |
132 | #define blk0(i) (block->l[i] = (rol(block->l[i], 24) & 0xFF00FF00) | \ | |
133 | (rol(block->l[i], 8) & 0x00FF00FF)) | |
134 | #else | |
135 | #define blk0(i) block->l[i] | |
136 | #endif | |
137 | #define blk(i) (block->l[i & 15] = rol(block->l[(i + 13) & 15] ^ \ | |
138 | block->l[(i + 8) & 15] ^ block->l[(i + 2) & 15] ^ block->l[i & 15], 1)) | |
139 | ||
140 | /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ | |
141 | #define R0(v,w,x,y,z,i) \ | |
142 | z += ((w & (x ^ y)) ^ y) + blk0(i) + 0x5A827999 + rol(v, 5); \ | |
143 | w = rol(w, 30); | |
144 | #define R1(v,w,x,y,z,i) \ | |
145 | z += ((w & (x ^ y)) ^ y) + blk(i) + 0x5A827999 + rol(v, 5); \ | |
146 | w = rol(w, 30); | |
147 | #define R2(v,w,x,y,z,i) \ | |
148 | z += (w ^ x ^ y) + blk(i) + 0x6ED9EBA1 + rol(v, 5); w = rol(w, 30); | |
149 | #define R3(v,w,x,y,z,i) \ | |
150 | z += (((w | x) & y) | (w & x)) + blk(i) + 0x8F1BBCDC + rol(v, 5); \ | |
151 | w = rol(w, 30); | |
152 | #define R4(v,w,x,y,z,i) \ | |
153 | z += (w ^ x ^ y) + blk(i) + 0xCA62C1D6 + rol(v, 5); \ | |
154 | w=rol(w, 30); | |
155 | ||
156 | ||
157 | #ifdef VERBOSE /* SAK */ | |
158 | void SHAPrintContext(SHA1_CTX *context, char *msg) | |
159 | { | |
160 | printf("%s (%d,%d) %x %x %x %x %x\n", | |
161 | msg, | |
162 | context->count[0], context->count[1], | |
163 | context->state[0], | |
164 | context->state[1], | |
165 | context->state[2], | |
166 | context->state[3], | |
167 | context->state[4]); | |
168 | } | |
169 | #endif | |
170 | ||
171 | /* Hash a single 512-bit block. This is the core of the algorithm. */ | |
172 | ||
05edfe29 | 173 | void SHA1Transform(u32 state[5], const unsigned char buffer[64]) |
928a50a3 JB |
174 | { |
175 | u32 a, b, c, d, e; | |
176 | typedef union { | |
177 | unsigned char c[64]; | |
178 | u32 l[16]; | |
179 | } CHAR64LONG16; | |
180 | CHAR64LONG16* block; | |
181 | #ifdef SHA1HANDSOFF | |
6d798e8b JM |
182 | CHAR64LONG16 workspace; |
183 | block = &workspace; | |
928a50a3 JB |
184 | os_memcpy(block, buffer, 64); |
185 | #else | |
186 | block = (CHAR64LONG16 *) buffer; | |
187 | #endif | |
188 | /* Copy context->state[] to working vars */ | |
189 | a = state[0]; | |
190 | b = state[1]; | |
191 | c = state[2]; | |
192 | d = state[3]; | |
193 | e = state[4]; | |
194 | /* 4 rounds of 20 operations each. Loop unrolled. */ | |
195 | R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); | |
196 | R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); | |
197 | R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); | |
198 | R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); | |
199 | R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); | |
200 | R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); | |
201 | R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); | |
202 | R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); | |
203 | R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); | |
204 | R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); | |
205 | R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); | |
206 | R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); | |
207 | R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); | |
208 | R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); | |
209 | R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); | |
210 | R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); | |
211 | R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); | |
212 | R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); | |
213 | R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); | |
214 | R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); | |
215 | /* Add the working vars back into context.state[] */ | |
216 | state[0] += a; | |
217 | state[1] += b; | |
218 | state[2] += c; | |
219 | state[3] += d; | |
220 | state[4] += e; | |
221 | /* Wipe variables */ | |
222 | a = b = c = d = e = 0; | |
223 | #ifdef SHA1HANDSOFF | |
224 | os_memset(block, 0, 64); | |
225 | #endif | |
226 | } | |
227 | ||
228 | ||
229 | /* SHA1Init - Initialize new context */ | |
230 | ||
231 | void SHA1Init(SHA1_CTX* context) | |
232 | { | |
233 | /* SHA1 initialization constants */ | |
234 | context->state[0] = 0x67452301; | |
235 | context->state[1] = 0xEFCDAB89; | |
236 | context->state[2] = 0x98BADCFE; | |
237 | context->state[3] = 0x10325476; | |
238 | context->state[4] = 0xC3D2E1F0; | |
239 | context->count[0] = context->count[1] = 0; | |
240 | } | |
241 | ||
242 | ||
243 | /* Run your data through this. */ | |
244 | ||
245 | void SHA1Update(SHA1_CTX* context, const void *_data, u32 len) | |
246 | { | |
247 | u32 i, j; | |
248 | const unsigned char *data = _data; | |
249 | ||
250 | #ifdef VERBOSE | |
251 | SHAPrintContext(context, "before"); | |
252 | #endif | |
253 | j = (context->count[0] >> 3) & 63; | |
254 | if ((context->count[0] += len << 3) < (len << 3)) | |
255 | context->count[1]++; | |
256 | context->count[1] += (len >> 29); | |
257 | if ((j + len) > 63) { | |
258 | os_memcpy(&context->buffer[j], data, (i = 64-j)); | |
259 | SHA1Transform(context->state, context->buffer); | |
260 | for ( ; i + 63 < len; i += 64) { | |
261 | SHA1Transform(context->state, &data[i]); | |
262 | } | |
263 | j = 0; | |
264 | } | |
265 | else i = 0; | |
266 | os_memcpy(&context->buffer[j], &data[i], len - i); | |
267 | #ifdef VERBOSE | |
268 | SHAPrintContext(context, "after "); | |
269 | #endif | |
270 | } | |
271 | ||
272 | ||
273 | /* Add padding and return the message digest. */ | |
274 | ||
275 | void SHA1Final(unsigned char digest[20], SHA1_CTX* context) | |
276 | { | |
277 | u32 i; | |
278 | unsigned char finalcount[8]; | |
279 | ||
280 | for (i = 0; i < 8; i++) { | |
281 | finalcount[i] = (unsigned char) | |
282 | ((context->count[(i >= 4 ? 0 : 1)] >> | |
283 | ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ | |
284 | } | |
285 | SHA1Update(context, (unsigned char *) "\200", 1); | |
286 | while ((context->count[0] & 504) != 448) { | |
287 | SHA1Update(context, (unsigned char *) "\0", 1); | |
288 | } | |
289 | SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() | |
290 | */ | |
291 | for (i = 0; i < 20; i++) { | |
292 | digest[i] = (unsigned char) | |
293 | ((context->state[i >> 2] >> ((3 - (i & 3)) * 8)) & | |
294 | 255); | |
295 | } | |
296 | /* Wipe variables */ | |
297 | i = 0; | |
298 | os_memset(context->buffer, 0, 64); | |
299 | os_memset(context->state, 0, 20); | |
300 | os_memset(context->count, 0, 8); | |
301 | os_memset(finalcount, 0, 8); | |
302 | } | |
303 | ||
304 | /* ===== end - public domain SHA1 implementation ===== */ |