]> git.ipfire.org Git - people/ms/u-boot.git/blob - lib/sha1.c
projects / people / ms / u-boot.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
arc: add empty asm/processor.h to satisfy compilation of USB code
[people/ms/u-boot.git] / lib / sha1.c
1 /*
2 * Heiko Schocher, DENX Software Engineering, hs@denx.de.
3 * based on:
4 * FIPS-180-1 compliant SHA-1 implementation
5 *
6 * Copyright (C) 2003-2006 Christophe Devine
7 *
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License, version 2.1 as published by the Free Software Foundation.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
20 * MA 02110-1301 USA
21 */
22 /*
23 * The SHA-1 standard was published by NIST in 1993.
24 *
25 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
26 */
27
28 #ifndef _CRT_SECURE_NO_DEPRECATE
29 #define _CRT_SECURE_NO_DEPRECATE 1
30 #endif
31
32 #ifndef USE_HOSTCC
33 #include <common.h>
34 #include <linux/string.h>
35 #else
36 #include <string.h>
37 #endif /* USE_HOSTCC */
38 #include <watchdog.h>
39 #include <u-boot/sha1.h>
40
41 /*
42 * 32-bit integer manipulation macros (big endian)
43 */
44 #ifndef GET_UINT32_BE
45 #define GET_UINT32_BE(n,b,i) { \
46 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
47 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
48 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
49 | ( (unsigned long) (b)[(i) + 3] ); \
50 }
51 #endif
52 #ifndef PUT_UINT32_BE
53 #define PUT_UINT32_BE(n,b,i) { \
54 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
55 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
56 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
57 (b)[(i) + 3] = (unsigned char) ( (n) ); \
58 }
59 #endif
60
61 /*
62 * SHA-1 context setup
63 */
64 void sha1_starts (sha1_context * ctx)
65 {
66 ctx->total[0] = 0;
67 ctx->total[1] = 0;
68
69 ctx->state[0] = 0x67452301;
70 ctx->state[1] = 0xEFCDAB89;
71 ctx->state[2] = 0x98BADCFE;
72 ctx->state[3] = 0x10325476;
73 ctx->state[4] = 0xC3D2E1F0;
74 }
75
76 static void sha1_process(sha1_context *ctx, const unsigned char data[64])
77 {
78 unsigned long temp, W[16], A, B, C, D, E;
79
80 GET_UINT32_BE (W[0], data, 0);
81 GET_UINT32_BE (W[1], data, 4);
82 GET_UINT32_BE (W[2], data, 8);
83 GET_UINT32_BE (W[3], data, 12);
84 GET_UINT32_BE (W[4], data, 16);
85 GET_UINT32_BE (W[5], data, 20);
86 GET_UINT32_BE (W[6], data, 24);
87 GET_UINT32_BE (W[7], data, 28);
88 GET_UINT32_BE (W[8], data, 32);
89 GET_UINT32_BE (W[9], data, 36);
90 GET_UINT32_BE (W[10], data, 40);
91 GET_UINT32_BE (W[11], data, 44);
92 GET_UINT32_BE (W[12], data, 48);
93 GET_UINT32_BE (W[13], data, 52);
94 GET_UINT32_BE (W[14], data, 56);
95 GET_UINT32_BE (W[15], data, 60);
96
97 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
98
99 #define R(t) ( \
100 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
101 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
102 ( W[t & 0x0F] = S(temp,1) ) \
103 )
104
105 #define P(a,b,c,d,e,x) { \
106 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
107 }
108
109 A = ctx->state[0];
110 B = ctx->state[1];
111 C = ctx->state[2];
112 D = ctx->state[3];
113 E = ctx->state[4];
114
115 #define F(x,y,z) (z ^ (x & (y ^ z)))
116 #define K 0x5A827999
117
118 P (A, B, C, D, E, W[0]);
119 P (E, A, B, C, D, W[1]);
120 P (D, E, A, B, C, W[2]);
121 P (C, D, E, A, B, W[3]);
122 P (B, C, D, E, A, W[4]);
123 P (A, B, C, D, E, W[5]);
124 P (E, A, B, C, D, W[6]);
125 P (D, E, A, B, C, W[7]);
126 P (C, D, E, A, B, W[8]);
127 P (B, C, D, E, A, W[9]);
128 P (A, B, C, D, E, W[10]);
129 P (E, A, B, C, D, W[11]);
130 P (D, E, A, B, C, W[12]);
131 P (C, D, E, A, B, W[13]);
132 P (B, C, D, E, A, W[14]);
133 P (A, B, C, D, E, W[15]);
134 P (E, A, B, C, D, R (16));
135 P (D, E, A, B, C, R (17));
136 P (C, D, E, A, B, R (18));
137 P (B, C, D, E, A, R (19));
138
139 #undef K
140 #undef F
141
142 #define F(x,y,z) (x ^ y ^ z)
143 #define K 0x6ED9EBA1
144
145 P (A, B, C, D, E, R (20));
146 P (E, A, B, C, D, R (21));
147 P (D, E, A, B, C, R (22));
148 P (C, D, E, A, B, R (23));
149 P (B, C, D, E, A, R (24));
150 P (A, B, C, D, E, R (25));
151 P (E, A, B, C, D, R (26));
152 P (D, E, A, B, C, R (27));
153 P (C, D, E, A, B, R (28));
154 P (B, C, D, E, A, R (29));
155 P (A, B, C, D, E, R (30));
156 P (E, A, B, C, D, R (31));
157 P (D, E, A, B, C, R (32));
158 P (C, D, E, A, B, R (33));
159 P (B, C, D, E, A, R (34));
160 P (A, B, C, D, E, R (35));
161 P (E, A, B, C, D, R (36));
162 P (D, E, A, B, C, R (37));
163 P (C, D, E, A, B, R (38));
164 P (B, C, D, E, A, R (39));
165
166 #undef K
167 #undef F
168
169 #define F(x,y,z) ((x & y) | (z & (x | y)))
170 #define K 0x8F1BBCDC
171
172 P (A, B, C, D, E, R (40));
173 P (E, A, B, C, D, R (41));
174 P (D, E, A, B, C, R (42));
175 P (C, D, E, A, B, R (43));
176 P (B, C, D, E, A, R (44));
177 P (A, B, C, D, E, R (45));
178 P (E, A, B, C, D, R (46));
179 P (D, E, A, B, C, R (47));
180 P (C, D, E, A, B, R (48));
181 P (B, C, D, E, A, R (49));
182 P (A, B, C, D, E, R (50));
183 P (E, A, B, C, D, R (51));
184 P (D, E, A, B, C, R (52));
185 P (C, D, E, A, B, R (53));
186 P (B, C, D, E, A, R (54));
187 P (A, B, C, D, E, R (55));
188 P (E, A, B, C, D, R (56));
189 P (D, E, A, B, C, R (57));
190 P (C, D, E, A, B, R (58));
191 P (B, C, D, E, A, R (59));
192
193 #undef K
194 #undef F
195
196 #define F(x,y,z) (x ^ y ^ z)
197 #define K 0xCA62C1D6
198
199 P (A, B, C, D, E, R (60));
200 P (E, A, B, C, D, R (61));
201 P (D, E, A, B, C, R (62));
202 P (C, D, E, A, B, R (63));
203 P (B, C, D, E, A, R (64));
204 P (A, B, C, D, E, R (65));
205 P (E, A, B, C, D, R (66));
206 P (D, E, A, B, C, R (67));
207 P (C, D, E, A, B, R (68));
208 P (B, C, D, E, A, R (69));
209 P (A, B, C, D, E, R (70));
210 P (E, A, B, C, D, R (71));
211 P (D, E, A, B, C, R (72));
212 P (C, D, E, A, B, R (73));
213 P (B, C, D, E, A, R (74));
214 P (A, B, C, D, E, R (75));
215 P (E, A, B, C, D, R (76));
216 P (D, E, A, B, C, R (77));
217 P (C, D, E, A, B, R (78));
218 P (B, C, D, E, A, R (79));
219
220 #undef K
221 #undef F
222
223 ctx->state[0] += A;
224 ctx->state[1] += B;
225 ctx->state[2] += C;
226 ctx->state[3] += D;
227 ctx->state[4] += E;
228 }
229
230 /*
231 * SHA-1 process buffer
232 */
233 void sha1_update(sha1_context *ctx, const unsigned char *input,
234 unsigned int ilen)
235 {
236 int fill;
237 unsigned long left;
238
239 if (ilen <= 0)
240 return;
241
242 left = ctx->total[0] & 0x3F;
243 fill = 64 - left;
244
245 ctx->total[0] += ilen;
246 ctx->total[0] &= 0xFFFFFFFF;
247
248 if (ctx->total[0] < (unsigned long) ilen)
249 ctx->total[1]++;
250
251 if (left && ilen >= fill) {
252 memcpy ((void *) (ctx->buffer + left), (void *) input, fill);
253 sha1_process (ctx, ctx->buffer);
254 input += fill;
255 ilen -= fill;
256 left = 0;
257 }
258
259 while (ilen >= 64) {
260 sha1_process (ctx, input);
261 input += 64;
262 ilen -= 64;
263 }
264
265 if (ilen > 0) {
266 memcpy ((void *) (ctx->buffer + left), (void *) input, ilen);
267 }
268 }
269
270 static const unsigned char sha1_padding[64] = {
271 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
272 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
273 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
274 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
275 };
276
277 /*
278 * SHA-1 final digest
279 */
280 void sha1_finish (sha1_context * ctx, unsigned char output[20])
281 {
282 unsigned long last, padn;
283 unsigned long high, low;
284 unsigned char msglen[8];
285
286 high = (ctx->total[0] >> 29)
287 | (ctx->total[1] << 3);
288 low = (ctx->total[0] << 3);
289
290 PUT_UINT32_BE (high, msglen, 0);
291 PUT_UINT32_BE (low, msglen, 4);
292
293 last = ctx->total[0] & 0x3F;
294 padn = (last < 56) ? (56 - last) : (120 - last);
295
296 sha1_update (ctx, (unsigned char *) sha1_padding, padn);
297 sha1_update (ctx, msglen, 8);
298
299 PUT_UINT32_BE (ctx->state[0], output, 0);
300 PUT_UINT32_BE (ctx->state[1], output, 4);
301 PUT_UINT32_BE (ctx->state[2], output, 8);
302 PUT_UINT32_BE (ctx->state[3], output, 12);
303 PUT_UINT32_BE (ctx->state[4], output, 16);
304 }
305
306 /*
307 * Output = SHA-1( input buffer )
308 */
309 void sha1_csum(const unsigned char *input, unsigned int ilen,
310 unsigned char *output)
311 {
312 sha1_context ctx;
313
314 sha1_starts (&ctx);
315 sha1_update (&ctx, input, ilen);
316 sha1_finish (&ctx, output);
317 }
318
319 /*
320 * Output = SHA-1( input buffer ). Trigger the watchdog every 'chunk_sz'
321 * bytes of input processed.
322 */
323 void sha1_csum_wd(const unsigned char *input, unsigned int ilen,
324 unsigned char *output, unsigned int chunk_sz)
325 {
326 sha1_context ctx;
327 #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
328 const unsigned char *end, *curr;
329 int chunk;
330 #endif
331
332 sha1_starts (&ctx);
333
334 #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
335 curr = input;
336 end = input + ilen;
337 while (curr < end) {
338 chunk = end - curr;
339 if (chunk > chunk_sz)
340 chunk = chunk_sz;
341 sha1_update (&ctx, curr, chunk);
342 curr += chunk;
343 WATCHDOG_RESET ();
344 }
345 #else
346 sha1_update (&ctx, input, ilen);
347 #endif
348
349 sha1_finish (&ctx, output);
350 }
351
352 /*
353 * Output = HMAC-SHA-1( input buffer, hmac key )
354 */
355 void sha1_hmac(const unsigned char *key, int keylen,
356 const unsigned char *input, unsigned int ilen,
357 unsigned char *output)
358 {
359 int i;
360 sha1_context ctx;
361 unsigned char k_ipad[64];
362 unsigned char k_opad[64];
363 unsigned char tmpbuf[20];
364
365 memset (k_ipad, 0x36, 64);
366 memset (k_opad, 0x5C, 64);
367
368 for (i = 0; i < keylen; i++) {
369 if (i >= 64)
370 break;
371
372 k_ipad[i] ^= key[i];
373 k_opad[i] ^= key[i];
374 }
375
376 sha1_starts (&ctx);
377 sha1_update (&ctx, k_ipad, 64);
378 sha1_update (&ctx, input, ilen);
379 sha1_finish (&ctx, tmpbuf);
380
381 sha1_starts (&ctx);
382 sha1_update (&ctx, k_opad, 64);
383 sha1_update (&ctx, tmpbuf, 20);
384 sha1_finish (&ctx, output);
385
386 memset (k_ipad, 0, 64);
387 memset (k_opad, 0, 64);
388 memset (tmpbuf, 0, 20);
389 memset (&ctx, 0, sizeof (sha1_context));
390 }
391
392 #ifdef SELF_TEST
393 /*
394 * FIPS-180-1 test vectors
395 */
396 static const char sha1_test_str[3][57] = {
397 {"abc"},
398 {"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"},
399 {""}
400 };
401
402 static const unsigned char sha1_test_sum[3][20] = {
403 {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
404 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D},
405 {0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
406 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1},
407 {0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
408 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F}
409 };
410
411 /*
412 * Checkup routine
413 */
414 int sha1_self_test (void)
415 {
416 int i, j;
417 unsigned char buf[1000];
418 unsigned char sha1sum[20];
419 sha1_context ctx;
420
421 for (i = 0; i < 3; i++) {
422 printf (" SHA-1 test #%d: ", i + 1);
423
424 sha1_starts (&ctx);
425
426 if (i < 2)
427 sha1_update (&ctx, (unsigned char *) sha1_test_str[i],
428 strlen (sha1_test_str[i]));
429 else {
430 memset (buf, 'a', 1000);
431 for (j = 0; j < 1000; j++)
432 sha1_update (&ctx, buf, 1000);
433 }
434
435 sha1_finish (&ctx, sha1sum);
436
437 if (memcmp (sha1sum, sha1_test_sum[i], 20) != 0) {
438 printf ("failed\n");
439 return (1);
440 }
441
442 printf ("passed\n");
443 }
444
445 printf ("\n");
446 return (0);
447 }
448 #else
449 int sha1_self_test (void)
450 {
451 return (0);
452 }
453 #endif
"Das U-Boot" Source Tree