]> git.ipfire.org Git - thirdparty/u-boot.git/blob - lib/sha1.c
projects / thirdparty / u-boot.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SPDX: Convert all of our single license tags to Linux Kernel style
[thirdparty/u-boot.git] / lib / sha1.c
1 // SPDX-License-Identifier: LGPL-2.1
2 /*
3 * Heiko Schocher, DENX Software Engineering, hs@denx.de.
4 * based on:
5 * FIPS-180-1 compliant SHA-1 implementation
6 *
7 * Copyright (C) 2003-2006 Christophe Devine
8 */
9 /*
10 * The SHA-1 standard was published by NIST in 1993.
11 *
12 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
13 */
14
15 #ifndef _CRT_SECURE_NO_DEPRECATE
16 #define _CRT_SECURE_NO_DEPRECATE 1
17 #endif
18
19 #ifndef USE_HOSTCC
20 #include <common.h>
21 #include <linux/string.h>
22 #else
23 #include <string.h>
24 #endif /* USE_HOSTCC */
25 #include <watchdog.h>
26 #include <u-boot/sha1.h>
27
28 const uint8_t sha1_der_prefix[SHA1_DER_LEN] = {
29 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
30 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
31 };
32
33 /*
34 * 32-bit integer manipulation macros (big endian)
35 */
36 #ifndef GET_UINT32_BE
37 #define GET_UINT32_BE(n,b,i) { \
38 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
39 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
40 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
41 | ( (unsigned long) (b)[(i) + 3] ); \
42 }
43 #endif
44 #ifndef PUT_UINT32_BE
45 #define PUT_UINT32_BE(n,b,i) { \
46 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
47 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
48 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
49 (b)[(i) + 3] = (unsigned char) ( (n) ); \
50 }
51 #endif
52
53 /*
54 * SHA-1 context setup
55 */
56 void sha1_starts (sha1_context * ctx)
57 {
58 ctx->total[0] = 0;
59 ctx->total[1] = 0;
60
61 ctx->state[0] = 0x67452301;
62 ctx->state[1] = 0xEFCDAB89;
63 ctx->state[2] = 0x98BADCFE;
64 ctx->state[3] = 0x10325476;
65 ctx->state[4] = 0xC3D2E1F0;
66 }
67
68 static void sha1_process(sha1_context *ctx, const unsigned char data[64])
69 {
70 unsigned long temp, W[16], A, B, C, D, E;
71
72 GET_UINT32_BE (W[0], data, 0);
73 GET_UINT32_BE (W[1], data, 4);
74 GET_UINT32_BE (W[2], data, 8);
75 GET_UINT32_BE (W[3], data, 12);
76 GET_UINT32_BE (W[4], data, 16);
77 GET_UINT32_BE (W[5], data, 20);
78 GET_UINT32_BE (W[6], data, 24);
79 GET_UINT32_BE (W[7], data, 28);
80 GET_UINT32_BE (W[8], data, 32);
81 GET_UINT32_BE (W[9], data, 36);
82 GET_UINT32_BE (W[10], data, 40);
83 GET_UINT32_BE (W[11], data, 44);
84 GET_UINT32_BE (W[12], data, 48);
85 GET_UINT32_BE (W[13], data, 52);
86 GET_UINT32_BE (W[14], data, 56);
87 GET_UINT32_BE (W[15], data, 60);
88
89 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
90
91 #define R(t) ( \
92 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
93 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
94 ( W[t & 0x0F] = S(temp,1) ) \
95 )
96
97 #define P(a,b,c,d,e,x) { \
98 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
99 }
100
101 A = ctx->state[0];
102 B = ctx->state[1];
103 C = ctx->state[2];
104 D = ctx->state[3];
105 E = ctx->state[4];
106
107 #define F(x,y,z) (z ^ (x & (y ^ z)))
108 #define K 0x5A827999
109
110 P (A, B, C, D, E, W[0]);
111 P (E, A, B, C, D, W[1]);
112 P (D, E, A, B, C, W[2]);
113 P (C, D, E, A, B, W[3]);
114 P (B, C, D, E, A, W[4]);
115 P (A, B, C, D, E, W[5]);
116 P (E, A, B, C, D, W[6]);
117 P (D, E, A, B, C, W[7]);
118 P (C, D, E, A, B, W[8]);
119 P (B, C, D, E, A, W[9]);
120 P (A, B, C, D, E, W[10]);
121 P (E, A, B, C, D, W[11]);
122 P (D, E, A, B, C, W[12]);
123 P (C, D, E, A, B, W[13]);
124 P (B, C, D, E, A, W[14]);
125 P (A, B, C, D, E, W[15]);
126 P (E, A, B, C, D, R (16));
127 P (D, E, A, B, C, R (17));
128 P (C, D, E, A, B, R (18));
129 P (B, C, D, E, A, R (19));
130
131 #undef K
132 #undef F
133
134 #define F(x,y,z) (x ^ y ^ z)
135 #define K 0x6ED9EBA1
136
137 P (A, B, C, D, E, R (20));
138 P (E, A, B, C, D, R (21));
139 P (D, E, A, B, C, R (22));
140 P (C, D, E, A, B, R (23));
141 P (B, C, D, E, A, R (24));
142 P (A, B, C, D, E, R (25));
143 P (E, A, B, C, D, R (26));
144 P (D, E, A, B, C, R (27));
145 P (C, D, E, A, B, R (28));
146 P (B, C, D, E, A, R (29));
147 P (A, B, C, D, E, R (30));
148 P (E, A, B, C, D, R (31));
149 P (D, E, A, B, C, R (32));
150 P (C, D, E, A, B, R (33));
151 P (B, C, D, E, A, R (34));
152 P (A, B, C, D, E, R (35));
153 P (E, A, B, C, D, R (36));
154 P (D, E, A, B, C, R (37));
155 P (C, D, E, A, B, R (38));
156 P (B, C, D, E, A, R (39));
157
158 #undef K
159 #undef F
160
161 #define F(x,y,z) ((x & y) | (z & (x | y)))
162 #define K 0x8F1BBCDC
163
164 P (A, B, C, D, E, R (40));
165 P (E, A, B, C, D, R (41));
166 P (D, E, A, B, C, R (42));
167 P (C, D, E, A, B, R (43));
168 P (B, C, D, E, A, R (44));
169 P (A, B, C, D, E, R (45));
170 P (E, A, B, C, D, R (46));
171 P (D, E, A, B, C, R (47));
172 P (C, D, E, A, B, R (48));
173 P (B, C, D, E, A, R (49));
174 P (A, B, C, D, E, R (50));
175 P (E, A, B, C, D, R (51));
176 P (D, E, A, B, C, R (52));
177 P (C, D, E, A, B, R (53));
178 P (B, C, D, E, A, R (54));
179 P (A, B, C, D, E, R (55));
180 P (E, A, B, C, D, R (56));
181 P (D, E, A, B, C, R (57));
182 P (C, D, E, A, B, R (58));
183 P (B, C, D, E, A, R (59));
184
185 #undef K
186 #undef F
187
188 #define F(x,y,z) (x ^ y ^ z)
189 #define K 0xCA62C1D6
190
191 P (A, B, C, D, E, R (60));
192 P (E, A, B, C, D, R (61));
193 P (D, E, A, B, C, R (62));
194 P (C, D, E, A, B, R (63));
195 P (B, C, D, E, A, R (64));
196 P (A, B, C, D, E, R (65));
197 P (E, A, B, C, D, R (66));
198 P (D, E, A, B, C, R (67));
199 P (C, D, E, A, B, R (68));
200 P (B, C, D, E, A, R (69));
201 P (A, B, C, D, E, R (70));
202 P (E, A, B, C, D, R (71));
203 P (D, E, A, B, C, R (72));
204 P (C, D, E, A, B, R (73));
205 P (B, C, D, E, A, R (74));
206 P (A, B, C, D, E, R (75));
207 P (E, A, B, C, D, R (76));
208 P (D, E, A, B, C, R (77));
209 P (C, D, E, A, B, R (78));
210 P (B, C, D, E, A, R (79));
211
212 #undef K
213 #undef F
214
215 ctx->state[0] += A;
216 ctx->state[1] += B;
217 ctx->state[2] += C;
218 ctx->state[3] += D;
219 ctx->state[4] += E;
220 }
221
222 /*
223 * SHA-1 process buffer
224 */
225 void sha1_update(sha1_context *ctx, const unsigned char *input,
226 unsigned int ilen)
227 {
228 int fill;
229 unsigned long left;
230
231 if (ilen <= 0)
232 return;
233
234 left = ctx->total[0] & 0x3F;
235 fill = 64 - left;
236
237 ctx->total[0] += ilen;
238 ctx->total[0] &= 0xFFFFFFFF;
239
240 if (ctx->total[0] < (unsigned long) ilen)
241 ctx->total[1]++;
242
243 if (left && ilen >= fill) {
244 memcpy ((void *) (ctx->buffer + left), (void *) input, fill);
245 sha1_process (ctx, ctx->buffer);
246 input += fill;
247 ilen -= fill;
248 left = 0;
249 }
250
251 while (ilen >= 64) {
252 sha1_process (ctx, input);
253 input += 64;
254 ilen -= 64;
255 }
256
257 if (ilen > 0) {
258 memcpy ((void *) (ctx->buffer + left), (void *) input, ilen);
259 }
260 }
261
262 static const unsigned char sha1_padding[64] = {
263 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
264 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
265 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
266 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
267 };
268
269 /*
270 * SHA-1 final digest
271 */
272 void sha1_finish (sha1_context * ctx, unsigned char output[20])
273 {
274 unsigned long last, padn;
275 unsigned long high, low;
276 unsigned char msglen[8];
277
278 high = (ctx->total[0] >> 29)
279 | (ctx->total[1] << 3);
280 low = (ctx->total[0] << 3);
281
282 PUT_UINT32_BE (high, msglen, 0);
283 PUT_UINT32_BE (low, msglen, 4);
284
285 last = ctx->total[0] & 0x3F;
286 padn = (last < 56) ? (56 - last) : (120 - last);
287
288 sha1_update (ctx, (unsigned char *) sha1_padding, padn);
289 sha1_update (ctx, msglen, 8);
290
291 PUT_UINT32_BE (ctx->state[0], output, 0);
292 PUT_UINT32_BE (ctx->state[1], output, 4);
293 PUT_UINT32_BE (ctx->state[2], output, 8);
294 PUT_UINT32_BE (ctx->state[3], output, 12);
295 PUT_UINT32_BE (ctx->state[4], output, 16);
296 }
297
298 /*
299 * Output = SHA-1( input buffer )
300 */
301 void sha1_csum(const unsigned char *input, unsigned int ilen,
302 unsigned char *output)
303 {
304 sha1_context ctx;
305
306 sha1_starts (&ctx);
307 sha1_update (&ctx, input, ilen);
308 sha1_finish (&ctx, output);
309 }
310
311 /*
312 * Output = SHA-1( input buffer ). Trigger the watchdog every 'chunk_sz'
313 * bytes of input processed.
314 */
315 void sha1_csum_wd(const unsigned char *input, unsigned int ilen,
316 unsigned char *output, unsigned int chunk_sz)
317 {
318 sha1_context ctx;
319 #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
320 const unsigned char *end, *curr;
321 int chunk;
322 #endif
323
324 sha1_starts (&ctx);
325
326 #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
327 curr = input;
328 end = input + ilen;
329 while (curr < end) {
330 chunk = end - curr;
331 if (chunk > chunk_sz)
332 chunk = chunk_sz;
333 sha1_update (&ctx, curr, chunk);
334 curr += chunk;
335 WATCHDOG_RESET ();
336 }
337 #else
338 sha1_update (&ctx, input, ilen);
339 #endif
340
341 sha1_finish (&ctx, output);
342 }
343
344 /*
345 * Output = HMAC-SHA-1( input buffer, hmac key )
346 */
347 void sha1_hmac(const unsigned char *key, int keylen,
348 const unsigned char *input, unsigned int ilen,
349 unsigned char *output)
350 {
351 int i;
352 sha1_context ctx;
353 unsigned char k_ipad[64];
354 unsigned char k_opad[64];
355 unsigned char tmpbuf[20];
356
357 memset (k_ipad, 0x36, 64);
358 memset (k_opad, 0x5C, 64);
359
360 for (i = 0; i < keylen; i++) {
361 if (i >= 64)
362 break;
363
364 k_ipad[i] ^= key[i];
365 k_opad[i] ^= key[i];
366 }
367
368 sha1_starts (&ctx);
369 sha1_update (&ctx, k_ipad, 64);
370 sha1_update (&ctx, input, ilen);
371 sha1_finish (&ctx, tmpbuf);
372
373 sha1_starts (&ctx);
374 sha1_update (&ctx, k_opad, 64);
375 sha1_update (&ctx, tmpbuf, 20);
376 sha1_finish (&ctx, output);
377
378 memset (k_ipad, 0, 64);
379 memset (k_opad, 0, 64);
380 memset (tmpbuf, 0, 20);
381 memset (&ctx, 0, sizeof (sha1_context));
382 }
383
384 #ifdef SELF_TEST
385 /*
386 * FIPS-180-1 test vectors
387 */
388 static const char sha1_test_str[3][57] = {
389 {"abc"},
390 {"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"},
391 {""}
392 };
393
394 static const unsigned char sha1_test_sum[3][20] = {
395 {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
396 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D},
397 {0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
398 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1},
399 {0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
400 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F}
401 };
402
403 /*
404 * Checkup routine
405 */
406 int sha1_self_test (void)
407 {
408 int i, j;
409 unsigned char buf[1000];
410 unsigned char sha1sum[20];
411 sha1_context ctx;
412
413 for (i = 0; i < 3; i++) {
414 printf (" SHA-1 test #%d: ", i + 1);
415
416 sha1_starts (&ctx);
417
418 if (i < 2)
419 sha1_update (&ctx, (unsigned char *) sha1_test_str[i],
420 strlen (sha1_test_str[i]));
421 else {
422 memset (buf, 'a', 1000);
423 for (j = 0; j < 1000; j++)
424 sha1_update (&ctx, buf, 1000);
425 }
426
427 sha1_finish (&ctx, sha1sum);
428
429 if (memcmp (sha1sum, sha1_test_sum[i], 20) != 0) {
430 printf ("failed\n");
431 return (1);
432 }
433
434 printf ("passed\n");
435 }
436
437 printf ("\n");
438 return (0);
439 }
440 #else
441 int sha1_self_test (void)
442 {
443 return (0);
444 }
445 #endif
"Das U-Boot" Source Tree