]> git.ipfire.org Git - thirdparty/u-boot.git/blob - lib/sha1.c
projects / thirdparty / u-boot.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
net: hifemac_mdio: use log_msg_ret() correctly, report error by dev_err()
[thirdparty/u-boot.git] / lib / sha1.c
1 // SPDX-License-Identifier: LGPL-2.1
2 /*
3 * Heiko Schocher, DENX Software Engineering, hs@denx.de.
4 * based on:
5 * FIPS-180-1 compliant SHA-1 implementation
6 *
7 * Copyright (C) 2003-2006 Christophe Devine
8 */
9 /*
10 * The SHA-1 standard was published by NIST in 1993.
11 *
12 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
13 */
14
15 #ifndef _CRT_SECURE_NO_DEPRECATE
16 #define _CRT_SECURE_NO_DEPRECATE 1
17 #endif
18
19 #ifndef USE_HOSTCC
20 #include <cyclic.h>
21 #endif /* USE_HOSTCC */
22 #include <string.h>
23 #include <u-boot/sha1.h>
24
25 #include <linux/compiler_attributes.h>
26
27 const uint8_t sha1_der_prefix[SHA1_DER_LEN] = {
28 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
29 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
30 };
31
32 /*
33 * 32-bit integer manipulation macros (big endian)
34 */
35 #ifndef GET_UINT32_BE
36 #define GET_UINT32_BE(n,b,i) { \
37 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
38 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
39 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
40 | ( (unsigned long) (b)[(i) + 3] ); \
41 }
42 #endif
43 #ifndef PUT_UINT32_BE
44 #define PUT_UINT32_BE(n,b,i) { \
45 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
46 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
47 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
48 (b)[(i) + 3] = (unsigned char) ( (n) ); \
49 }
50 #endif
51
52 /*
53 * SHA-1 context setup
54 */
55 void sha1_starts (sha1_context * ctx)
56 {
57 ctx->total[0] = 0;
58 ctx->total[1] = 0;
59
60 ctx->state[0] = 0x67452301;
61 ctx->state[1] = 0xEFCDAB89;
62 ctx->state[2] = 0x98BADCFE;
63 ctx->state[3] = 0x10325476;
64 ctx->state[4] = 0xC3D2E1F0;
65 }
66
67 static void __maybe_unused sha1_process_one(sha1_context *ctx, const unsigned char data[64])
68 {
69 unsigned long temp, W[16], A, B, C, D, E;
70
71 GET_UINT32_BE (W[0], data, 0);
72 GET_UINT32_BE (W[1], data, 4);
73 GET_UINT32_BE (W[2], data, 8);
74 GET_UINT32_BE (W[3], data, 12);
75 GET_UINT32_BE (W[4], data, 16);
76 GET_UINT32_BE (W[5], data, 20);
77 GET_UINT32_BE (W[6], data, 24);
78 GET_UINT32_BE (W[7], data, 28);
79 GET_UINT32_BE (W[8], data, 32);
80 GET_UINT32_BE (W[9], data, 36);
81 GET_UINT32_BE (W[10], data, 40);
82 GET_UINT32_BE (W[11], data, 44);
83 GET_UINT32_BE (W[12], data, 48);
84 GET_UINT32_BE (W[13], data, 52);
85 GET_UINT32_BE (W[14], data, 56);
86 GET_UINT32_BE (W[15], data, 60);
87
88 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
89
90 #define R(t) ( \
91 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
92 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
93 ( W[t & 0x0F] = S(temp,1) ) \
94 )
95
96 #define P(a,b,c,d,e,x) { \
97 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
98 }
99
100 A = ctx->state[0];
101 B = ctx->state[1];
102 C = ctx->state[2];
103 D = ctx->state[3];
104 E = ctx->state[4];
105
106 #define F(x,y,z) (z ^ (x & (y ^ z)))
107 #define K 0x5A827999
108
109 P (A, B, C, D, E, W[0]);
110 P (E, A, B, C, D, W[1]);
111 P (D, E, A, B, C, W[2]);
112 P (C, D, E, A, B, W[3]);
113 P (B, C, D, E, A, W[4]);
114 P (A, B, C, D, E, W[5]);
115 P (E, A, B, C, D, W[6]);
116 P (D, E, A, B, C, W[7]);
117 P (C, D, E, A, B, W[8]);
118 P (B, C, D, E, A, W[9]);
119 P (A, B, C, D, E, W[10]);
120 P (E, A, B, C, D, W[11]);
121 P (D, E, A, B, C, W[12]);
122 P (C, D, E, A, B, W[13]);
123 P (B, C, D, E, A, W[14]);
124 P (A, B, C, D, E, W[15]);
125 P (E, A, B, C, D, R (16));
126 P (D, E, A, B, C, R (17));
127 P (C, D, E, A, B, R (18));
128 P (B, C, D, E, A, R (19));
129
130 #undef K
131 #undef F
132
133 #define F(x,y,z) (x ^ y ^ z)
134 #define K 0x6ED9EBA1
135
136 P (A, B, C, D, E, R (20));
137 P (E, A, B, C, D, R (21));
138 P (D, E, A, B, C, R (22));
139 P (C, D, E, A, B, R (23));
140 P (B, C, D, E, A, R (24));
141 P (A, B, C, D, E, R (25));
142 P (E, A, B, C, D, R (26));
143 P (D, E, A, B, C, R (27));
144 P (C, D, E, A, B, R (28));
145 P (B, C, D, E, A, R (29));
146 P (A, B, C, D, E, R (30));
147 P (E, A, B, C, D, R (31));
148 P (D, E, A, B, C, R (32));
149 P (C, D, E, A, B, R (33));
150 P (B, C, D, E, A, R (34));
151 P (A, B, C, D, E, R (35));
152 P (E, A, B, C, D, R (36));
153 P (D, E, A, B, C, R (37));
154 P (C, D, E, A, B, R (38));
155 P (B, C, D, E, A, R (39));
156
157 #undef K
158 #undef F
159
160 #define F(x,y,z) ((x & y) | (z & (x | y)))
161 #define K 0x8F1BBCDC
162
163 P (A, B, C, D, E, R (40));
164 P (E, A, B, C, D, R (41));
165 P (D, E, A, B, C, R (42));
166 P (C, D, E, A, B, R (43));
167 P (B, C, D, E, A, R (44));
168 P (A, B, C, D, E, R (45));
169 P (E, A, B, C, D, R (46));
170 P (D, E, A, B, C, R (47));
171 P (C, D, E, A, B, R (48));
172 P (B, C, D, E, A, R (49));
173 P (A, B, C, D, E, R (50));
174 P (E, A, B, C, D, R (51));
175 P (D, E, A, B, C, R (52));
176 P (C, D, E, A, B, R (53));
177 P (B, C, D, E, A, R (54));
178 P (A, B, C, D, E, R (55));
179 P (E, A, B, C, D, R (56));
180 P (D, E, A, B, C, R (57));
181 P (C, D, E, A, B, R (58));
182 P (B, C, D, E, A, R (59));
183
184 #undef K
185 #undef F
186
187 #define F(x,y,z) (x ^ y ^ z)
188 #define K 0xCA62C1D6
189
190 P (A, B, C, D, E, R (60));
191 P (E, A, B, C, D, R (61));
192 P (D, E, A, B, C, R (62));
193 P (C, D, E, A, B, R (63));
194 P (B, C, D, E, A, R (64));
195 P (A, B, C, D, E, R (65));
196 P (E, A, B, C, D, R (66));
197 P (D, E, A, B, C, R (67));
198 P (C, D, E, A, B, R (68));
199 P (B, C, D, E, A, R (69));
200 P (A, B, C, D, E, R (70));
201 P (E, A, B, C, D, R (71));
202 P (D, E, A, B, C, R (72));
203 P (C, D, E, A, B, R (73));
204 P (B, C, D, E, A, R (74));
205 P (A, B, C, D, E, R (75));
206 P (E, A, B, C, D, R (76));
207 P (D, E, A, B, C, R (77));
208 P (C, D, E, A, B, R (78));
209 P (B, C, D, E, A, R (79));
210
211 #undef K
212 #undef F
213
214 ctx->state[0] += A;
215 ctx->state[1] += B;
216 ctx->state[2] += C;
217 ctx->state[3] += D;
218 ctx->state[4] += E;
219 }
220
221 __weak void sha1_process(sha1_context *ctx, const unsigned char *data,
222 unsigned int blocks)
223 {
224 if (!blocks)
225 return;
226
227 while (blocks--) {
228 sha1_process_one(ctx, data);
229 data += 64;
230 }
231 }
232
233 /*
234 * SHA-1 process buffer
235 */
236 void sha1_update(sha1_context *ctx, const unsigned char *input,
237 unsigned int ilen)
238 {
239 int fill;
240 unsigned long left;
241
242 if (ilen <= 0)
243 return;
244
245 left = ctx->total[0] & 0x3F;
246 fill = 64 - left;
247
248 ctx->total[0] += ilen;
249 ctx->total[0] &= 0xFFFFFFFF;
250
251 if (ctx->total[0] < (unsigned long) ilen)
252 ctx->total[1]++;
253
254 if (left && ilen >= fill) {
255 memcpy ((void *) (ctx->buffer + left), (void *) input, fill);
256 sha1_process(ctx, ctx->buffer, 1);
257 input += fill;
258 ilen -= fill;
259 left = 0;
260 }
261
262 sha1_process(ctx, input, ilen / 64);
263 input += ilen / 64 * 64;
264 ilen = ilen % 64;
265
266 if (ilen > 0) {
267 memcpy ((void *) (ctx->buffer + left), (void *) input, ilen);
268 }
269 }
270
271 static const unsigned char sha1_padding[64] = {
272 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
273 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
274 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
275 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
276 };
277
278 /*
279 * SHA-1 final digest
280 */
281 void sha1_finish (sha1_context * ctx, unsigned char output[20])
282 {
283 unsigned long last, padn;
284 unsigned long high, low;
285 unsigned char msglen[8];
286
287 high = (ctx->total[0] >> 29)
288 | (ctx->total[1] << 3);
289 low = (ctx->total[0] << 3);
290
291 PUT_UINT32_BE (high, msglen, 0);
292 PUT_UINT32_BE (low, msglen, 4);
293
294 last = ctx->total[0] & 0x3F;
295 padn = (last < 56) ? (56 - last) : (120 - last);
296
297 sha1_update (ctx, (unsigned char *) sha1_padding, padn);
298 sha1_update (ctx, msglen, 8);
299
300 PUT_UINT32_BE (ctx->state[0], output, 0);
301 PUT_UINT32_BE (ctx->state[1], output, 4);
302 PUT_UINT32_BE (ctx->state[2], output, 8);
303 PUT_UINT32_BE (ctx->state[3], output, 12);
304 PUT_UINT32_BE (ctx->state[4], output, 16);
305 }
306
307 /*
308 * Output = SHA-1( input buffer )
309 */
310 void sha1_csum(const unsigned char *input, unsigned int ilen,
311 unsigned char *output)
312 {
313 sha1_context ctx;
314
315 sha1_starts (&ctx);
316 sha1_update (&ctx, input, ilen);
317 sha1_finish (&ctx, output);
318 }
319
320 /*
321 * Output = SHA-1( input buffer ). Trigger the watchdog every 'chunk_sz'
322 * bytes of input processed.
323 */
324 void sha1_csum_wd(const unsigned char *input, unsigned int ilen,
325 unsigned char *output, unsigned int chunk_sz)
326 {
327 sha1_context ctx;
328 #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
329 const unsigned char *end, *curr;
330 int chunk;
331 #endif
332
333 sha1_starts (&ctx);
334
335 #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
336 curr = input;
337 end = input + ilen;
338 while (curr < end) {
339 chunk = end - curr;
340 if (chunk > chunk_sz)
341 chunk = chunk_sz;
342 sha1_update (&ctx, curr, chunk);
343 curr += chunk;
344 schedule();
345 }
346 #else
347 sha1_update (&ctx, input, ilen);
348 #endif
349
350 sha1_finish (&ctx, output);
351 }
352
353 /*
354 * Output = HMAC-SHA-1( input buffer, hmac key )
355 */
356 void sha1_hmac(const unsigned char *key, int keylen,
357 const unsigned char *input, unsigned int ilen,
358 unsigned char *output)
359 {
360 int i;
361 sha1_context ctx;
362 unsigned char k_ipad[64];
363 unsigned char k_opad[64];
364 unsigned char tmpbuf[20];
365
366 memset (k_ipad, 0x36, 64);
367 memset (k_opad, 0x5C, 64);
368
369 for (i = 0; i < keylen; i++) {
370 if (i >= 64)
371 break;
372
373 k_ipad[i] ^= key[i];
374 k_opad[i] ^= key[i];
375 }
376
377 sha1_starts (&ctx);
378 sha1_update (&ctx, k_ipad, 64);
379 sha1_update (&ctx, input, ilen);
380 sha1_finish (&ctx, tmpbuf);
381
382 sha1_starts (&ctx);
383 sha1_update (&ctx, k_opad, 64);
384 sha1_update (&ctx, tmpbuf, 20);
385 sha1_finish (&ctx, output);
386
387 memset (k_ipad, 0, 64);
388 memset (k_opad, 0, 64);
389 memset (tmpbuf, 0, 20);
390 memset (&ctx, 0, sizeof (sha1_context));
391 }
392
393 #ifdef SELF_TEST
394 /*
395 * FIPS-180-1 test vectors
396 */
397 static const char sha1_test_str[3][57] = {
398 {"abc"},
399 {"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"},
400 {""}
401 };
402
403 static const unsigned char sha1_test_sum[3][20] = {
404 {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
405 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D},
406 {0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
407 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1},
408 {0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
409 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F}
410 };
411
412 /*
413 * Checkup routine
414 */
415 int sha1_self_test (void)
416 {
417 int i, j;
418 unsigned char buf[1000];
419 unsigned char sha1sum[20];
420 sha1_context ctx;
421
422 for (i = 0; i < 3; i++) {
423 printf (" SHA-1 test #%d: ", i + 1);
424
425 sha1_starts (&ctx);
426
427 if (i < 2)
428 sha1_update (&ctx, (unsigned char *) sha1_test_str[i],
429 strlen (sha1_test_str[i]));
430 else {
431 memset (buf, 'a', 1000);
432 for (j = 0; j < 1000; j++)
433 sha1_update (&ctx, buf, 1000);
434 }
435
436 sha1_finish (&ctx, sha1sum);
437
438 if (memcmp (sha1sum, sha1_test_sum[i], 20) != 0) {
439 printf ("failed\n");
440 return (1);
441 }
442
443 printf ("passed\n");
444 }
445
446 printf ("\n");
447 return (0);
448 }
449 #else
450 int sha1_self_test (void)
451 {
452 return (0);
453 }
454 #endif
"Das U-Boot" Source Tree