[people/ms/u-boot.git] / lib / sha1.c

/*
 *  Heiko Schocher, DENX Software Engineering, hs@denx.de.
 *  based on:
 *  FIPS-180-1 compliant SHA-1 implementation
 *
 *  Copyright (C) 2003-2006  Christophe Devine
 *
 * SPDX-License-Identifier:	LGPL-2.1
 */
/*
 *  The SHA-1 standard was published by NIST in 1993.
 *
 *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
 */

#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif

#ifndef USE_HOSTCC
#include <common.h>
#include <linux/string.h>
#else
#include <string.h>
#endif /* USE_HOSTCC */
#include <watchdog.h>
#include <u-boot/sha1.h>

const uint8_t sha1_der_prefix[SHA1_DER_LEN] = {
	0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
	0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
};

/*
 * 32-bit integer manipulation macros (big endian)
 */
#ifndef GET_UINT32_BE
#define GET_UINT32_BE(n,b,i) {				\
	(n) = ( (unsigned long) (b)[(i)    ] << 24 )	\
	    | ( (unsigned long) (b)[(i) + 1] << 16 )	\
	    | ( (unsigned long) (b)[(i) + 2] <<  8 )	\
	    | ( (unsigned long) (b)[(i) + 3]       );	\
}
#endif
#ifndef PUT_UINT32_BE
#define PUT_UINT32_BE(n,b,i) {				\
	(b)[(i)    ] = (unsigned char) ( (n) >> 24 );	\
	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 );	\
	(b)[(i) + 2] = (unsigned char) ( (n) >>  8 );	\
	(b)[(i) + 3] = (unsigned char) ( (n)       );	\
}
#endif

/*
 * SHA-1 context setup
 */
void sha1_starts (sha1_context * ctx)
{
	ctx->total[0] = 0;
	ctx->total[1] = 0;

	ctx->state[0] = 0x67452301;
	ctx->state[1] = 0xEFCDAB89;
	ctx->state[2] = 0x98BADCFE;
	ctx->state[3] = 0x10325476;
	ctx->state[4] = 0xC3D2E1F0;
}

static void sha1_process(sha1_context *ctx, const unsigned char data[64])
{
	unsigned long temp, W[16], A, B, C, D, E;

	GET_UINT32_BE (W[0], data, 0);
	GET_UINT32_BE (W[1], data, 4);
	GET_UINT32_BE (W[2], data, 8);
	GET_UINT32_BE (W[3], data, 12);
	GET_UINT32_BE (W[4], data, 16);
	GET_UINT32_BE (W[5], data, 20);
	GET_UINT32_BE (W[6], data, 24);
	GET_UINT32_BE (W[7], data, 28);
	GET_UINT32_BE (W[8], data, 32);
	GET_UINT32_BE (W[9], data, 36);
	GET_UINT32_BE (W[10], data, 40);
	GET_UINT32_BE (W[11], data, 44);
	GET_UINT32_BE (W[12], data, 48);
	GET_UINT32_BE (W[13], data, 52);
	GET_UINT32_BE (W[14], data, 56);
	GET_UINT32_BE (W[15], data, 60);

#define S(x,n)	((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))

#define R(t) (						\
	temp = W[(t -  3) & 0x0F] ^ W[(t - 8) & 0x0F] ^	\
	       W[(t - 14) & 0x0F] ^ W[ t      & 0x0F],	\
	( W[t & 0x0F] = S(temp,1) )			\
)

#define P(a,b,c,d,e,x)	{				\
	e += S(a,5) + F(b,c,d) + K + x; b = S(b,30);	\
}

	A = ctx->state[0];
	B = ctx->state[1];
	C = ctx->state[2];
	D = ctx->state[3];
	E = ctx->state[4];

#define F(x,y,z) (z ^ (x & (y ^ z)))
#define K 0x5A827999

	P (A, B, C, D, E, W[0]);
	P (E, A, B, C, D, W[1]);
	P (D, E, A, B, C, W[2]);
	P (C, D, E, A, B, W[3]);
	P (B, C, D, E, A, W[4]);
	P (A, B, C, D, E, W[5]);
	P (E, A, B, C, D, W[6]);
	P (D, E, A, B, C, W[7]);
	P (C, D, E, A, B, W[8]);
	P (B, C, D, E, A, W[9]);
	P (A, B, C, D, E, W[10]);
	P (E, A, B, C, D, W[11]);
	P (D, E, A, B, C, W[12]);
	P (C, D, E, A, B, W[13]);
	P (B, C, D, E, A, W[14]);
	P (A, B, C, D, E, W[15]);
	P (E, A, B, C, D, R (16));
	P (D, E, A, B, C, R (17));
	P (C, D, E, A, B, R (18));
	P (B, C, D, E, A, R (19));

#undef K
#undef F

#define F(x,y,z) (x ^ y ^ z)
#define K 0x6ED9EBA1

	P (A, B, C, D, E, R (20));
	P (E, A, B, C, D, R (21));
	P (D, E, A, B, C, R (22));
	P (C, D, E, A, B, R (23));
	P (B, C, D, E, A, R (24));
	P (A, B, C, D, E, R (25));
	P (E, A, B, C, D, R (26));
	P (D, E, A, B, C, R (27));
	P (C, D, E, A, B, R (28));
	P (B, C, D, E, A, R (29));
	P (A, B, C, D, E, R (30));
	P (E, A, B, C, D, R (31));
	P (D, E, A, B, C, R (32));
	P (C, D, E, A, B, R (33));
	P (B, C, D, E, A, R (34));
	P (A, B, C, D, E, R (35));
	P (E, A, B, C, D, R (36));
	P (D, E, A, B, C, R (37));
	P (C, D, E, A, B, R (38));
	P (B, C, D, E, A, R (39));

#undef K
#undef F

#define F(x,y,z) ((x & y) | (z & (x | y)))
#define K 0x8F1BBCDC

	P (A, B, C, D, E, R (40));
	P (E, A, B, C, D, R (41));
	P (D, E, A, B, C, R (42));
	P (C, D, E, A, B, R (43));
	P (B, C, D, E, A, R (44));
	P (A, B, C, D, E, R (45));
	P (E, A, B, C, D, R (46));
	P (D, E, A, B, C, R (47));
	P (C, D, E, A, B, R (48));
	P (B, C, D, E, A, R (49));
	P (A, B, C, D, E, R (50));
	P (E, A, B, C, D, R (51));
	P (D, E, A, B, C, R (52));
	P (C, D, E, A, B, R (53));
	P (B, C, D, E, A, R (54));
	P (A, B, C, D, E, R (55));
	P (E, A, B, C, D, R (56));
	P (D, E, A, B, C, R (57));
	P (C, D, E, A, B, R (58));
	P (B, C, D, E, A, R (59));

#undef K
#undef F

#define F(x,y,z) (x ^ y ^ z)
#define K 0xCA62C1D6

	P (A, B, C, D, E, R (60));
	P (E, A, B, C, D, R (61));
	P (D, E, A, B, C, R (62));
	P (C, D, E, A, B, R (63));
	P (B, C, D, E, A, R (64));
	P (A, B, C, D, E, R (65));
	P (E, A, B, C, D, R (66));
	P (D, E, A, B, C, R (67));
	P (C, D, E, A, B, R (68));
	P (B, C, D, E, A, R (69));
	P (A, B, C, D, E, R (70));
	P (E, A, B, C, D, R (71));
	P (D, E, A, B, C, R (72));
	P (C, D, E, A, B, R (73));
	P (B, C, D, E, A, R (74));
	P (A, B, C, D, E, R (75));
	P (E, A, B, C, D, R (76));
	P (D, E, A, B, C, R (77));
	P (C, D, E, A, B, R (78));
	P (B, C, D, E, A, R (79));

#undef K
#undef F

	ctx->state[0] += A;
	ctx->state[1] += B;
	ctx->state[2] += C;
	ctx->state[3] += D;
	ctx->state[4] += E;
}

/*
 * SHA-1 process buffer
 */
void sha1_update(sha1_context *ctx, const unsigned char *input,
		 unsigned int ilen)
{
	int fill;
	unsigned long left;

	if (ilen <= 0)
		return;

	left = ctx->total[0] & 0x3F;
	fill = 64 - left;

	ctx->total[0] += ilen;
	ctx->total[0] &= 0xFFFFFFFF;

	if (ctx->total[0] < (unsigned long) ilen)
		ctx->total[1]++;

	if (left && ilen >= fill) {
		memcpy ((void *) (ctx->buffer + left), (void *) input, fill);
		sha1_process (ctx, ctx->buffer);
		input += fill;
		ilen -= fill;
		left = 0;
	}

	while (ilen >= 64) {
		sha1_process (ctx, input);
		input += 64;
		ilen -= 64;
	}

	if (ilen > 0) {
		memcpy ((void *) (ctx->buffer + left), (void *) input, ilen);
	}
}

static const unsigned char sha1_padding[64] = {
	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};

/*
 * SHA-1 final digest
 */
void sha1_finish (sha1_context * ctx, unsigned char output[20])
{
	unsigned long last, padn;
	unsigned long high, low;
	unsigned char msglen[8];

	high = (ctx->total[0] >> 29)
		| (ctx->total[1] << 3);
	low = (ctx->total[0] << 3);

	PUT_UINT32_BE (high, msglen, 0);
	PUT_UINT32_BE (low, msglen, 4);

	last = ctx->total[0] & 0x3F;
	padn = (last < 56) ? (56 - last) : (120 - last);

	sha1_update (ctx, (unsigned char *) sha1_padding, padn);
	sha1_update (ctx, msglen, 8);

	PUT_UINT32_BE (ctx->state[0], output, 0);
	PUT_UINT32_BE (ctx->state[1], output, 4);
	PUT_UINT32_BE (ctx->state[2], output, 8);
	PUT_UINT32_BE (ctx->state[3], output, 12);
	PUT_UINT32_BE (ctx->state[4], output, 16);
}

/*
 * Output = SHA-1( input buffer )
 */
void sha1_csum(const unsigned char *input, unsigned int ilen,
	       unsigned char *output)
{
	sha1_context ctx;

	sha1_starts (&ctx);
	sha1_update (&ctx, input, ilen);
	sha1_finish (&ctx, output);
}

/*
 * Output = SHA-1( input buffer ). Trigger the watchdog every 'chunk_sz'
 * bytes of input processed.
 */
void sha1_csum_wd(const unsigned char *input, unsigned int ilen,
		  unsigned char *output, unsigned int chunk_sz)
{
	sha1_context ctx;
#if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
	const unsigned char *end, *curr;
	int chunk;
#endif

	sha1_starts (&ctx);

#if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
	curr = input;
	end = input + ilen;
	while (curr < end) {
		chunk = end - curr;
		if (chunk > chunk_sz)
			chunk = chunk_sz;
		sha1_update (&ctx, curr, chunk);
		curr += chunk;
		WATCHDOG_RESET ();
	}
#else
	sha1_update (&ctx, input, ilen);
#endif

	sha1_finish (&ctx, output);
}

/*
 * Output = HMAC-SHA-1( input buffer, hmac key )
 */
void sha1_hmac(const unsigned char *key, int keylen,
	       const unsigned char *input, unsigned int ilen,
	       unsigned char *output)
{
	int i;
	sha1_context ctx;
	unsigned char k_ipad[64];
	unsigned char k_opad[64];
	unsigned char tmpbuf[20];

	memset (k_ipad, 0x36, 64);
	memset (k_opad, 0x5C, 64);

	for (i = 0; i < keylen; i++) {
		if (i >= 64)
			break;

		k_ipad[i] ^= key[i];
		k_opad[i] ^= key[i];
	}

	sha1_starts (&ctx);
	sha1_update (&ctx, k_ipad, 64);
	sha1_update (&ctx, input, ilen);
	sha1_finish (&ctx, tmpbuf);

	sha1_starts (&ctx);
	sha1_update (&ctx, k_opad, 64);
	sha1_update (&ctx, tmpbuf, 20);
	sha1_finish (&ctx, output);

	memset (k_ipad, 0, 64);
	memset (k_opad, 0, 64);
	memset (tmpbuf, 0, 20);
	memset (&ctx, 0, sizeof (sha1_context));
}

#ifdef SELF_TEST
/*
 * FIPS-180-1 test vectors
 */
static const char sha1_test_str[3][57] = {
	{"abc"},
	{"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"},
	{""}
};

static const unsigned char sha1_test_sum[3][20] = {
	{0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
	 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D},
	{0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
	 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1},
	{0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
	 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F}
};

/*
 * Checkup routine
 */
int sha1_self_test (void)
{
	int i, j;
	unsigned char buf[1000];
	unsigned char sha1sum[20];
	sha1_context ctx;

	for (i = 0; i < 3; i++) {
		printf ("  SHA-1 test #%d: ", i + 1);

		sha1_starts (&ctx);

		if (i < 2)
			sha1_update (&ctx, (unsigned char *) sha1_test_str[i],
				     strlen (sha1_test_str[i]));
		else {
			memset (buf, 'a', 1000);
			for (j = 0; j < 1000; j++)
				sha1_update (&ctx, buf, 1000);
		}

		sha1_finish (&ctx, sha1sum);

		if (memcmp (sha1sum, sha1_test_sum[i], 20) != 0) {
			printf ("failed\n");
			return (1);
		}

		printf ("passed\n");
	}

	printf ("\n");
	return (0);
}
#else
int sha1_self_test (void)
{
	return (0);
}
#endif
Commit	Line	Data
566a494f HS	1	/*
	2	* Heiko Schocher, DENX Software Engineering, hs@denx.de.
	3	* based on:
	4	* FIPS-180-1 compliant SHA-1 implementation
	5	*
	6	* Copyright (C) 2003-2006 Christophe Devine
	7	*
5b8031cc	8	* SPDX-License-Identifier: LGPL-2.1
566a494f HS	9	*/
	10	/*
	11	* The SHA-1 standard was published by NIST in 1993.
	12	*
	13	* http://www.itl.nist.gov/fipspubs/fip180-1.htm
	14	*/
	15
	16	#ifndef _CRT_SECURE_NO_DEPRECATE
	17	#define _CRT_SECURE_NO_DEPRECATE 1
	18	#endif
	19
7590378f BS	20	#ifndef USE_HOSTCC
7590378f BS	21	#include <common.h>
a94f22f0	22	#include <linux/string.h>
338cc038 WD	23	#else
338cc038 WD	24	#include <string.h>
7590378f BS	25	#endif /* USE_HOSTCC */
7590378f BS	26	#include <watchdog.h>
2b9912e6	27	#include <u-boot/sha1.h>
566a494f	28
da29f299 AD	29	const uint8_t sha1_der_prefix[SHA1_DER_LEN] = {
	30	0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
	31	0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
	32	};
	33
566a494f HS	34	/*
	35	* 32-bit integer manipulation macros (big endian)
	36	*/
	37	#ifndef GET_UINT32_BE
4ef218f6 WD	38	#define GET_UINT32_BE(n,b,i) { \
	39	(n) = ( (unsigned long) (b)[(i) ] << 24 ) \
	40	\| ( (unsigned long) (b)[(i) + 1] << 16 ) \
	41	\| ( (unsigned long) (b)[(i) + 2] << 8 ) \
	42	\| ( (unsigned long) (b)[(i) + 3] ); \
566a494f HS	43	}
	44	#endif
	45	#ifndef PUT_UINT32_BE
4ef218f6 WD	46	#define PUT_UINT32_BE(n,b,i) { \
	47	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
	48	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
	49	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
	50	(b)[(i) + 3] = (unsigned char) ( (n) ); \
566a494f HS	51	}
	52	#endif
	53
	54	/*
	55	* SHA-1 context setup
	56	*/
4ef218f6	57	void sha1_starts (sha1_context * ctx)
566a494f	58	{
4ef218f6 WD	59	ctx->total[0] = 0;
	60	ctx->total[1] = 0;
	61
	62	ctx->state[0] = 0x67452301;
	63	ctx->state[1] = 0xEFCDAB89;
	64	ctx->state[2] = 0x98BADCFE;
	65	ctx->state[3] = 0x10325476;
	66	ctx->state[4] = 0xC3D2E1F0;
566a494f HS	67	}
566a494f HS	68
a7d1d765	69	static void sha1_process(sha1_context *ctx, const unsigned char data[64])
566a494f	70	{
4ef218f6 WD	71	unsigned long temp, W[16], A, B, C, D, E;
	72
	73	GET_UINT32_BE (W[0], data, 0);
	74	GET_UINT32_BE (W[1], data, 4);
	75	GET_UINT32_BE (W[2], data, 8);
	76	GET_UINT32_BE (W[3], data, 12);
	77	GET_UINT32_BE (W[4], data, 16);
	78	GET_UINT32_BE (W[5], data, 20);
	79	GET_UINT32_BE (W[6], data, 24);
	80	GET_UINT32_BE (W[7], data, 28);
	81	GET_UINT32_BE (W[8], data, 32);
	82	GET_UINT32_BE (W[9], data, 36);
	83	GET_UINT32_BE (W[10], data, 40);
	84	GET_UINT32_BE (W[11], data, 44);
	85	GET_UINT32_BE (W[12], data, 48);
	86	GET_UINT32_BE (W[13], data, 52);
	87	GET_UINT32_BE (W[14], data, 56);
	88	GET_UINT32_BE (W[15], data, 60);
	89
	90	#define S(x,n) ((x << n) \| ((x & 0xFFFFFFFF) >> (32 - n)))
	91
	92	#define R(t) ( \
	93	temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
	94	W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
	95	( W[t & 0x0F] = S(temp,1) ) \
566a494f HS	96	)
566a494f HS	97
4ef218f6 WD	98	#define P(a,b,c,d,e,x) { \
4ef218f6 WD	99	e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
566a494f HS	100	}
566a494f HS	101
4ef218f6 WD	102	A = ctx->state[0];
	103	B = ctx->state[1];
	104	C = ctx->state[2];
	105	D = ctx->state[3];
	106	E = ctx->state[4];
566a494f HS	107
	108	#define F(x,y,z) (z ^ (x & (y ^ z)))
	109	#define K 0x5A827999
	110
4ef218f6 WD	111	P (A, B, C, D, E, W[0]);
	112	P (E, A, B, C, D, W[1]);
	113	P (D, E, A, B, C, W[2]);
	114	P (C, D, E, A, B, W[3]);
	115	P (B, C, D, E, A, W[4]);
	116	P (A, B, C, D, E, W[5]);
	117	P (E, A, B, C, D, W[6]);
	118	P (D, E, A, B, C, W[7]);
	119	P (C, D, E, A, B, W[8]);
	120	P (B, C, D, E, A, W[9]);
	121	P (A, B, C, D, E, W[10]);
	122	P (E, A, B, C, D, W[11]);
	123	P (D, E, A, B, C, W[12]);
	124	P (C, D, E, A, B, W[13]);
	125	P (B, C, D, E, A, W[14]);
	126	P (A, B, C, D, E, W[15]);
	127	P (E, A, B, C, D, R (16));
	128	P (D, E, A, B, C, R (17));
	129	P (C, D, E, A, B, R (18));
	130	P (B, C, D, E, A, R (19));
566a494f HS	131
	132	#undef K
	133	#undef F
	134
	135	#define F(x,y,z) (x ^ y ^ z)
	136	#define K 0x6ED9EBA1
	137
4ef218f6 WD	138	P (A, B, C, D, E, R (20));
	139	P (E, A, B, C, D, R (21));
	140	P (D, E, A, B, C, R (22));
	141	P (C, D, E, A, B, R (23));
	142	P (B, C, D, E, A, R (24));
	143	P (A, B, C, D, E, R (25));
	144	P (E, A, B, C, D, R (26));
	145	P (D, E, A, B, C, R (27));
	146	P (C, D, E, A, B, R (28));
	147	P (B, C, D, E, A, R (29));
	148	P (A, B, C, D, E, R (30));
	149	P (E, A, B, C, D, R (31));
	150	P (D, E, A, B, C, R (32));
	151	P (C, D, E, A, B, R (33));
	152	P (B, C, D, E, A, R (34));
	153	P (A, B, C, D, E, R (35));
	154	P (E, A, B, C, D, R (36));
	155	P (D, E, A, B, C, R (37));
	156	P (C, D, E, A, B, R (38));
	157	P (B, C, D, E, A, R (39));
566a494f HS	158
	159	#undef K
	160	#undef F
	161
	162	#define F(x,y,z) ((x & y) \| (z & (x \| y)))
	163	#define K 0x8F1BBCDC
	164
4ef218f6 WD	165	P (A, B, C, D, E, R (40));
	166	P (E, A, B, C, D, R (41));
	167	P (D, E, A, B, C, R (42));
	168	P (C, D, E, A, B, R (43));
	169	P (B, C, D, E, A, R (44));
	170	P (A, B, C, D, E, R (45));
	171	P (E, A, B, C, D, R (46));
	172	P (D, E, A, B, C, R (47));
	173	P (C, D, E, A, B, R (48));
	174	P (B, C, D, E, A, R (49));
	175	P (A, B, C, D, E, R (50));
	176	P (E, A, B, C, D, R (51));
	177	P (D, E, A, B, C, R (52));
	178	P (C, D, E, A, B, R (53));
	179	P (B, C, D, E, A, R (54));
	180	P (A, B, C, D, E, R (55));
	181	P (E, A, B, C, D, R (56));
	182	P (D, E, A, B, C, R (57));
	183	P (C, D, E, A, B, R (58));
	184	P (B, C, D, E, A, R (59));
566a494f HS	185
	186	#undef K
	187	#undef F
	188
	189	#define F(x,y,z) (x ^ y ^ z)
	190	#define K 0xCA62C1D6
	191
4ef218f6 WD	192	P (A, B, C, D, E, R (60));
	193	P (E, A, B, C, D, R (61));
	194	P (D, E, A, B, C, R (62));
	195	P (C, D, E, A, B, R (63));
	196	P (B, C, D, E, A, R (64));
	197	P (A, B, C, D, E, R (65));
	198	P (E, A, B, C, D, R (66));
	199	P (D, E, A, B, C, R (67));
	200	P (C, D, E, A, B, R (68));
	201	P (B, C, D, E, A, R (69));
	202	P (A, B, C, D, E, R (70));
	203	P (E, A, B, C, D, R (71));
	204	P (D, E, A, B, C, R (72));
	205	P (C, D, E, A, B, R (73));
	206	P (B, C, D, E, A, R (74));
	207	P (A, B, C, D, E, R (75));
	208	P (E, A, B, C, D, R (76));
	209	P (D, E, A, B, C, R (77));
	210	P (C, D, E, A, B, R (78));
	211	P (B, C, D, E, A, R (79));
566a494f HS	212
	213	#undef K
	214	#undef F
	215
4ef218f6 WD	216	ctx->state[0] += A;
	217	ctx->state[1] += B;
	218	ctx->state[2] += C;
	219	ctx->state[3] += D;
	220	ctx->state[4] += E;
566a494f HS	221	}
	222
	223	/*
	224	* SHA-1 process buffer
	225	*/
a7d1d765 SG	226	void sha1_update(sha1_context ctx, const unsigned char input,
a7d1d765 SG	227	unsigned int ilen)
566a494f	228	{
4ef218f6 WD	229	int fill;
	230	unsigned long left;
	231
	232	if (ilen <= 0)
	233	return;
	234
	235	left = ctx->total[0] & 0x3F;
	236	fill = 64 - left;
	237
	238	ctx->total[0] += ilen;
	239	ctx->total[0] &= 0xFFFFFFFF;
	240
	241	if (ctx->total[0] < (unsigned long) ilen)
	242	ctx->total[1]++;
	243
	244	if (left && ilen >= fill) {
	245	memcpy ((void ) (ctx->buffer + left), (void ) input, fill);
	246	sha1_process (ctx, ctx->buffer);
	247	input += fill;
	248	ilen -= fill;
	249	left = 0;
	250	}
	251
	252	while (ilen >= 64) {
	253	sha1_process (ctx, input);
	254	input += 64;
	255	ilen -= 64;
	256	}
	257
	258	if (ilen > 0) {
	259	memcpy ((void ) (ctx->buffer + left), (void ) input, ilen);
	260	}
566a494f HS	261	}
566a494f HS	262
4ef218f6 WD	263	static const unsigned char sha1_padding[64] = {
	264	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	265	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	266	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	267	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
566a494f HS	268	};
	269
	270	/*
	271	* SHA-1 final digest
	272	*/
4ef218f6	273	void sha1_finish (sha1_context * ctx, unsigned char output[20])
566a494f	274	{
4ef218f6 WD	275	unsigned long last, padn;
	276	unsigned long high, low;
	277	unsigned char msglen[8];
566a494f	278
4ef218f6 WD	279	high = (ctx->total[0] >> 29)
	280	\| (ctx->total[1] << 3);
	281	low = (ctx->total[0] << 3);
566a494f	282
4ef218f6 WD	283	PUT_UINT32_BE (high, msglen, 0);
4ef218f6 WD	284	PUT_UINT32_BE (low, msglen, 4);
566a494f	285
4ef218f6 WD	286	last = ctx->total[0] & 0x3F;
4ef218f6 WD	287	padn = (last < 56) ? (56 - last) : (120 - last);
566a494f	288
4ef218f6 WD	289	sha1_update (ctx, (unsigned char *) sha1_padding, padn);
4ef218f6 WD	290	sha1_update (ctx, msglen, 8);
566a494f	291
4ef218f6 WD	292	PUT_UINT32_BE (ctx->state[0], output, 0);
	293	PUT_UINT32_BE (ctx->state[1], output, 4);
	294	PUT_UINT32_BE (ctx->state[2], output, 8);
	295	PUT_UINT32_BE (ctx->state[3], output, 12);
	296	PUT_UINT32_BE (ctx->state[4], output, 16);
566a494f HS	297	}
	298
	299	/*
	300	* Output = SHA-1( input buffer )
	301	*/
a7d1d765 SG	302	void sha1_csum(const unsigned char *input, unsigned int ilen,
a7d1d765 SG	303	unsigned char *output)
566a494f	304	{
4ef218f6	305	sha1_context ctx;
566a494f	306
4ef218f6 WD	307	sha1_starts (&ctx);
	308	sha1_update (&ctx, input, ilen);
	309	sha1_finish (&ctx, output);
566a494f HS	310	}
566a494f HS	311
215b01bb BS	312	/*
	313	* Output = SHA-1( input buffer ). Trigger the watchdog every 'chunk_sz'
	314	* bytes of input processed.
	315	*/
a7d1d765 SG	316	void sha1_csum_wd(const unsigned char *input, unsigned int ilen,
a7d1d765 SG	317	unsigned char *output, unsigned int chunk_sz)
215b01bb BS	318	{
	319	sha1_context ctx;
	320	#if defined(CONFIG_HW_WATCHDOG) \|\| defined(CONFIG_WATCHDOG)
a7d1d765	321	const unsigned char end, curr;
215b01bb BS	322	int chunk;
	323	#endif
	324
	325	sha1_starts (&ctx);
	326
	327	#if defined(CONFIG_HW_WATCHDOG) \|\| defined(CONFIG_WATCHDOG)
	328	curr = input;
	329	end = input + ilen;
	330	while (curr < end) {
	331	chunk = end - curr;
	332	if (chunk > chunk_sz)
	333	chunk = chunk_sz;
	334	sha1_update (&ctx, curr, chunk);
	335	curr += chunk;
	336	WATCHDOG_RESET ();
	337	}
	338	#else
	339	sha1_update (&ctx, input, ilen);
	340	#endif
	341
	342	sha1_finish (&ctx, output);
	343	}
	344
566a494f HS	345	/*
	346	* Output = HMAC-SHA-1( input buffer, hmac key )
	347	*/
a7d1d765 SG	348	void sha1_hmac(const unsigned char *key, int keylen,
	349	const unsigned char *input, unsigned int ilen,
	350	unsigned char *output)
566a494f	351	{
4ef218f6 WD	352	int i;
	353	sha1_context ctx;
	354	unsigned char k_ipad[64];
	355	unsigned char k_opad[64];
	356	unsigned char tmpbuf[20];
	357
	358	memset (k_ipad, 0x36, 64);
	359	memset (k_opad, 0x5C, 64);
	360
	361	for (i = 0; i < keylen; i++) {
	362	if (i >= 64)
	363	break;
	364
	365	k_ipad[i] ^= key[i];
	366	k_opad[i] ^= key[i];
	367	}
	368
	369	sha1_starts (&ctx);
	370	sha1_update (&ctx, k_ipad, 64);
	371	sha1_update (&ctx, input, ilen);
	372	sha1_finish (&ctx, tmpbuf);
	373
	374	sha1_starts (&ctx);
	375	sha1_update (&ctx, k_opad, 64);
	376	sha1_update (&ctx, tmpbuf, 20);
	377	sha1_finish (&ctx, output);
	378
	379	memset (k_ipad, 0, 64);
	380	memset (k_opad, 0, 64);
	381	memset (tmpbuf, 0, 20);
	382	memset (&ctx, 0, sizeof (sha1_context));
566a494f HS	383	}
566a494f HS	384
566a494f HS	385	#ifdef SELF_TEST
	386	/*
	387	* FIPS-180-1 test vectors
	388	*/
4ef218f6 WD	389	static const char sha1_test_str[3][57] = {
	390	{"abc"},
	391	{"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"},
	392	{""}
566a494f HS	393	};
566a494f HS	394
4ef218f6 WD	395	static const unsigned char sha1_test_sum[3][20] = {
	396	{0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
	397	0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D},
	398	{0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
	399	0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1},
	400	{0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
	401	0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F}
566a494f HS	402	};
	403
	404	/*
	405	* Checkup routine
	406	*/
4ef218f6	407	int sha1_self_test (void)
566a494f	408	{
4ef218f6 WD	409	int i, j;
	410	unsigned char buf[1000];
	411	unsigned char sha1sum[20];
	412	sha1_context ctx;
	413
	414	for (i = 0; i < 3; i++) {
	415	printf (" SHA-1 test #%d: ", i + 1);
	416
	417	sha1_starts (&ctx);
	418
	419	if (i < 2)
	420	sha1_update (&ctx, (unsigned char *) sha1_test_str[i],
	421	strlen (sha1_test_str[i]));
	422	else {
	423	memset (buf, 'a', 1000);
	424	for (j = 0; j < 1000; j++)
	425	sha1_update (&ctx, buf, 1000);
	426	}
	427
	428	sha1_finish (&ctx, sha1sum);
	429
	430	if (memcmp (sha1sum, sha1_test_sum[i], 20) != 0) {
	431	printf ("failed\n");
	432	return (1);
	433	}
	434
	435	printf ("passed\n");
	436	}
	437
	438	printf ("\n");
	439	return (0);
566a494f HS	440	}
566a494f HS	441	#else
4ef218f6	442	int sha1_self_test (void)
566a494f	443	{
4ef218f6	444	return (0);
566a494f HS	445	}
566a494f HS	446	#endif