]> git.ipfire.org Git - people/ms/u-boot.git/blob - lib/sha1.c
projects / people / ms / u-boot.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
imx: hab: Check if CSF contains deprecated commands
[people/ms/u-boot.git] / lib / sha1.c
1 /*
2 * Heiko Schocher, DENX Software Engineering, hs@denx.de.
3 * based on:
4 * FIPS-180-1 compliant SHA-1 implementation
5 *
6 * Copyright (C) 2003-2006 Christophe Devine
7 *
8 * SPDX-License-Identifier: LGPL-2.1
9 */
10 /*
11 * The SHA-1 standard was published by NIST in 1993.
12 *
13 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
14 */
15
16 #ifndef _CRT_SECURE_NO_DEPRECATE
17 #define _CRT_SECURE_NO_DEPRECATE 1
18 #endif
19
20 #ifndef USE_HOSTCC
21 #include <common.h>
22 #include <linux/string.h>
23 #else
24 #include <string.h>
25 #endif /* USE_HOSTCC */
26 #include <watchdog.h>
27 #include <u-boot/sha1.h>
28
29 const uint8_t sha1_der_prefix[SHA1_DER_LEN] = {
30 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
31 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
32 };
33
34 /*
35 * 32-bit integer manipulation macros (big endian)
36 */
37 #ifndef GET_UINT32_BE
38 #define GET_UINT32_BE(n,b,i) { \
39 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
40 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
41 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
42 | ( (unsigned long) (b)[(i) + 3] ); \
43 }
44 #endif
45 #ifndef PUT_UINT32_BE
46 #define PUT_UINT32_BE(n,b,i) { \
47 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
48 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
49 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
50 (b)[(i) + 3] = (unsigned char) ( (n) ); \
51 }
52 #endif
53
54 /*
55 * SHA-1 context setup
56 */
57 void sha1_starts (sha1_context * ctx)
58 {
59 ctx->total[0] = 0;
60 ctx->total[1] = 0;
61
62 ctx->state[0] = 0x67452301;
63 ctx->state[1] = 0xEFCDAB89;
64 ctx->state[2] = 0x98BADCFE;
65 ctx->state[3] = 0x10325476;
66 ctx->state[4] = 0xC3D2E1F0;
67 }
68
69 static void sha1_process(sha1_context *ctx, const unsigned char data[64])
70 {
71 unsigned long temp, W[16], A, B, C, D, E;
72
73 GET_UINT32_BE (W[0], data, 0);
74 GET_UINT32_BE (W[1], data, 4);
75 GET_UINT32_BE (W[2], data, 8);
76 GET_UINT32_BE (W[3], data, 12);
77 GET_UINT32_BE (W[4], data, 16);
78 GET_UINT32_BE (W[5], data, 20);
79 GET_UINT32_BE (W[6], data, 24);
80 GET_UINT32_BE (W[7], data, 28);
81 GET_UINT32_BE (W[8], data, 32);
82 GET_UINT32_BE (W[9], data, 36);
83 GET_UINT32_BE (W[10], data, 40);
84 GET_UINT32_BE (W[11], data, 44);
85 GET_UINT32_BE (W[12], data, 48);
86 GET_UINT32_BE (W[13], data, 52);
87 GET_UINT32_BE (W[14], data, 56);
88 GET_UINT32_BE (W[15], data, 60);
89
90 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
91
92 #define R(t) ( \
93 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
94 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
95 ( W[t & 0x0F] = S(temp,1) ) \
96 )
97
98 #define P(a,b,c,d,e,x) { \
99 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
100 }
101
102 A = ctx->state[0];
103 B = ctx->state[1];
104 C = ctx->state[2];
105 D = ctx->state[3];
106 E = ctx->state[4];
107
108 #define F(x,y,z) (z ^ (x & (y ^ z)))
109 #define K 0x5A827999
110
111 P (A, B, C, D, E, W[0]);
112 P (E, A, B, C, D, W[1]);
113 P (D, E, A, B, C, W[2]);
114 P (C, D, E, A, B, W[3]);
115 P (B, C, D, E, A, W[4]);
116 P (A, B, C, D, E, W[5]);
117 P (E, A, B, C, D, W[6]);
118 P (D, E, A, B, C, W[7]);
119 P (C, D, E, A, B, W[8]);
120 P (B, C, D, E, A, W[9]);
121 P (A, B, C, D, E, W[10]);
122 P (E, A, B, C, D, W[11]);
123 P (D, E, A, B, C, W[12]);
124 P (C, D, E, A, B, W[13]);
125 P (B, C, D, E, A, W[14]);
126 P (A, B, C, D, E, W[15]);
127 P (E, A, B, C, D, R (16));
128 P (D, E, A, B, C, R (17));
129 P (C, D, E, A, B, R (18));
130 P (B, C, D, E, A, R (19));
131
132 #undef K
133 #undef F
134
135 #define F(x,y,z) (x ^ y ^ z)
136 #define K 0x6ED9EBA1
137
138 P (A, B, C, D, E, R (20));
139 P (E, A, B, C, D, R (21));
140 P (D, E, A, B, C, R (22));
141 P (C, D, E, A, B, R (23));
142 P (B, C, D, E, A, R (24));
143 P (A, B, C, D, E, R (25));
144 P (E, A, B, C, D, R (26));
145 P (D, E, A, B, C, R (27));
146 P (C, D, E, A, B, R (28));
147 P (B, C, D, E, A, R (29));
148 P (A, B, C, D, E, R (30));
149 P (E, A, B, C, D, R (31));
150 P (D, E, A, B, C, R (32));
151 P (C, D, E, A, B, R (33));
152 P (B, C, D, E, A, R (34));
153 P (A, B, C, D, E, R (35));
154 P (E, A, B, C, D, R (36));
155 P (D, E, A, B, C, R (37));
156 P (C, D, E, A, B, R (38));
157 P (B, C, D, E, A, R (39));
158
159 #undef K
160 #undef F
161
162 #define F(x,y,z) ((x & y) | (z & (x | y)))
163 #define K 0x8F1BBCDC
164
165 P (A, B, C, D, E, R (40));
166 P (E, A, B, C, D, R (41));
167 P (D, E, A, B, C, R (42));
168 P (C, D, E, A, B, R (43));
169 P (B, C, D, E, A, R (44));
170 P (A, B, C, D, E, R (45));
171 P (E, A, B, C, D, R (46));
172 P (D, E, A, B, C, R (47));
173 P (C, D, E, A, B, R (48));
174 P (B, C, D, E, A, R (49));
175 P (A, B, C, D, E, R (50));
176 P (E, A, B, C, D, R (51));
177 P (D, E, A, B, C, R (52));
178 P (C, D, E, A, B, R (53));
179 P (B, C, D, E, A, R (54));
180 P (A, B, C, D, E, R (55));
181 P (E, A, B, C, D, R (56));
182 P (D, E, A, B, C, R (57));
183 P (C, D, E, A, B, R (58));
184 P (B, C, D, E, A, R (59));
185
186 #undef K
187 #undef F
188
189 #define F(x,y,z) (x ^ y ^ z)
190 #define K 0xCA62C1D6
191
192 P (A, B, C, D, E, R (60));
193 P (E, A, B, C, D, R (61));
194 P (D, E, A, B, C, R (62));
195 P (C, D, E, A, B, R (63));
196 P (B, C, D, E, A, R (64));
197 P (A, B, C, D, E, R (65));
198 P (E, A, B, C, D, R (66));
199 P (D, E, A, B, C, R (67));
200 P (C, D, E, A, B, R (68));
201 P (B, C, D, E, A, R (69));
202 P (A, B, C, D, E, R (70));
203 P (E, A, B, C, D, R (71));
204 P (D, E, A, B, C, R (72));
205 P (C, D, E, A, B, R (73));
206 P (B, C, D, E, A, R (74));
207 P (A, B, C, D, E, R (75));
208 P (E, A, B, C, D, R (76));
209 P (D, E, A, B, C, R (77));
210 P (C, D, E, A, B, R (78));
211 P (B, C, D, E, A, R (79));
212
213 #undef K
214 #undef F
215
216 ctx->state[0] += A;
217 ctx->state[1] += B;
218 ctx->state[2] += C;
219 ctx->state[3] += D;
220 ctx->state[4] += E;
221 }
222
223 /*
224 * SHA-1 process buffer
225 */
226 void sha1_update(sha1_context *ctx, const unsigned char *input,
227 unsigned int ilen)
228 {
229 int fill;
230 unsigned long left;
231
232 if (ilen <= 0)
233 return;
234
235 left = ctx->total[0] & 0x3F;
236 fill = 64 - left;
237
238 ctx->total[0] += ilen;
239 ctx->total[0] &= 0xFFFFFFFF;
240
241 if (ctx->total[0] < (unsigned long) ilen)
242 ctx->total[1]++;
243
244 if (left && ilen >= fill) {
245 memcpy ((void *) (ctx->buffer + left), (void *) input, fill);
246 sha1_process (ctx, ctx->buffer);
247 input += fill;
248 ilen -= fill;
249 left = 0;
250 }
251
252 while (ilen >= 64) {
253 sha1_process (ctx, input);
254 input += 64;
255 ilen -= 64;
256 }
257
258 if (ilen > 0) {
259 memcpy ((void *) (ctx->buffer + left), (void *) input, ilen);
260 }
261 }
262
263 static const unsigned char sha1_padding[64] = {
264 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
265 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
266 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
267 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
268 };
269
270 /*
271 * SHA-1 final digest
272 */
273 void sha1_finish (sha1_context * ctx, unsigned char output[20])
274 {
275 unsigned long last, padn;
276 unsigned long high, low;
277 unsigned char msglen[8];
278
279 high = (ctx->total[0] >> 29)
280 | (ctx->total[1] << 3);
281 low = (ctx->total[0] << 3);
282
283 PUT_UINT32_BE (high, msglen, 0);
284 PUT_UINT32_BE (low, msglen, 4);
285
286 last = ctx->total[0] & 0x3F;
287 padn = (last < 56) ? (56 - last) : (120 - last);
288
289 sha1_update (ctx, (unsigned char *) sha1_padding, padn);
290 sha1_update (ctx, msglen, 8);
291
292 PUT_UINT32_BE (ctx->state[0], output, 0);
293 PUT_UINT32_BE (ctx->state[1], output, 4);
294 PUT_UINT32_BE (ctx->state[2], output, 8);
295 PUT_UINT32_BE (ctx->state[3], output, 12);
296 PUT_UINT32_BE (ctx->state[4], output, 16);
297 }
298
299 /*
300 * Output = SHA-1( input buffer )
301 */
302 void sha1_csum(const unsigned char *input, unsigned int ilen,
303 unsigned char *output)
304 {
305 sha1_context ctx;
306
307 sha1_starts (&ctx);
308 sha1_update (&ctx, input, ilen);
309 sha1_finish (&ctx, output);
310 }
311
312 /*
313 * Output = SHA-1( input buffer ). Trigger the watchdog every 'chunk_sz'
314 * bytes of input processed.
315 */
316 void sha1_csum_wd(const unsigned char *input, unsigned int ilen,
317 unsigned char *output, unsigned int chunk_sz)
318 {
319 sha1_context ctx;
320 #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
321 const unsigned char *end, *curr;
322 int chunk;
323 #endif
324
325 sha1_starts (&ctx);
326
327 #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
328 curr = input;
329 end = input + ilen;
330 while (curr < end) {
331 chunk = end - curr;
332 if (chunk > chunk_sz)
333 chunk = chunk_sz;
334 sha1_update (&ctx, curr, chunk);
335 curr += chunk;
336 WATCHDOG_RESET ();
337 }
338 #else
339 sha1_update (&ctx, input, ilen);
340 #endif
341
342 sha1_finish (&ctx, output);
343 }
344
345 /*
346 * Output = HMAC-SHA-1( input buffer, hmac key )
347 */
348 void sha1_hmac(const unsigned char *key, int keylen,
349 const unsigned char *input, unsigned int ilen,
350 unsigned char *output)
351 {
352 int i;
353 sha1_context ctx;
354 unsigned char k_ipad[64];
355 unsigned char k_opad[64];
356 unsigned char tmpbuf[20];
357
358 memset (k_ipad, 0x36, 64);
359 memset (k_opad, 0x5C, 64);
360
361 for (i = 0; i < keylen; i++) {
362 if (i >= 64)
363 break;
364
365 k_ipad[i] ^= key[i];
366 k_opad[i] ^= key[i];
367 }
368
369 sha1_starts (&ctx);
370 sha1_update (&ctx, k_ipad, 64);
371 sha1_update (&ctx, input, ilen);
372 sha1_finish (&ctx, tmpbuf);
373
374 sha1_starts (&ctx);
375 sha1_update (&ctx, k_opad, 64);
376 sha1_update (&ctx, tmpbuf, 20);
377 sha1_finish (&ctx, output);
378
379 memset (k_ipad, 0, 64);
380 memset (k_opad, 0, 64);
381 memset (tmpbuf, 0, 20);
382 memset (&ctx, 0, sizeof (sha1_context));
383 }
384
385 #ifdef SELF_TEST
386 /*
387 * FIPS-180-1 test vectors
388 */
389 static const char sha1_test_str[3][57] = {
390 {"abc"},
391 {"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"},
392 {""}
393 };
394
395 static const unsigned char sha1_test_sum[3][20] = {
396 {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
397 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D},
398 {0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
399 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1},
400 {0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
401 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F}
402 };
403
404 /*
405 * Checkup routine
406 */
407 int sha1_self_test (void)
408 {
409 int i, j;
410 unsigned char buf[1000];
411 unsigned char sha1sum[20];
412 sha1_context ctx;
413
414 for (i = 0; i < 3; i++) {
415 printf (" SHA-1 test #%d: ", i + 1);
416
417 sha1_starts (&ctx);
418
419 if (i < 2)
420 sha1_update (&ctx, (unsigned char *) sha1_test_str[i],
421 strlen (sha1_test_str[i]));
422 else {
423 memset (buf, 'a', 1000);
424 for (j = 0; j < 1000; j++)
425 sha1_update (&ctx, buf, 1000);
426 }
427
428 sha1_finish (&ctx, sha1sum);
429
430 if (memcmp (sha1sum, sha1_test_sum[i], 20) != 0) {
431 printf ("failed\n");
432 return (1);
433 }
434
435 printf ("passed\n");
436 }
437
438 printf ("\n");
439 return (0);
440 }
441 #else
442 int sha1_self_test (void)
443 {
444 return (0);
445 }
446 #endif
"Das U-Boot" Source Tree