+++ /dev/null
-/*
- * Copyright(C) 2006 Cameron Rich
- *
- * This library is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation; either version 2.1 of the License, or
- * (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/**
- * SHA1 implementation - as defined in FIPS PUB 180-1 published April 17, 1995.
- * This code was originally taken from RFC3174
- */
-
-#include <string.h>
-#include "crypto.h"
-
-/*
- * Define the SHA1 circular left shift macro
- */
-#define SHA1CircularShift(bits,word) \
- (((word) << (bits)) | ((word) >> (32-(bits))))
-
-/* ----- static functions ----- */
-static void SHA1PadMessage(SHA1_CTX *ctx);
-static void SHA1ProcessMessageBlock(SHA1_CTX *ctx);
-
-/**
- * Initialize the SHA1 context
- */
-void SHA1Init(SHA1_CTX *ctx)
-{
- ctx->Length_Low = 0;
- ctx->Length_High = 0;
- ctx->Message_Block_Index = 0;
- ctx->Intermediate_Hash[0] = 0x67452301;
- ctx->Intermediate_Hash[1] = 0xEFCDAB89;
- ctx->Intermediate_Hash[2] = 0x98BADCFE;
- ctx->Intermediate_Hash[3] = 0x10325476;
- ctx->Intermediate_Hash[4] = 0xC3D2E1F0;
-}
-
-/**
- * Accepts an array of octets as the next portion of the message.
- */
-void SHA1Update(SHA1_CTX *ctx, const uint8_t *msg, int len)
-{
- while (len--)
- {
- ctx->Message_Block[ctx->Message_Block_Index++] = (*msg & 0xFF);
-
- ctx->Length_Low += 8;
- if (ctx->Length_Low == 0)
- {
- ctx->Length_High++;
- }
-
- if (ctx->Message_Block_Index == 64)
- {
- SHA1ProcessMessageBlock(ctx);
- }
-
- msg++;
- }
-}
-
-/**
- * Return the 160-bit message digest into the user's array
- */
-void SHA1Final(SHA1_CTX *ctx, uint8_t *digest)
-{
- int i;
-
- SHA1PadMessage(ctx);
- memset(ctx->Message_Block, 0, 64);
- ctx->Length_Low = 0; /* and clear length */
- ctx->Length_High = 0;
-
- for (i = 0; i < SHA1_SIZE; i++)
- {
- digest[i] = ctx->Intermediate_Hash[i>>2] >> 8 * ( 3 - ( i & 0x03 ) );
- }
-}
-
-/**
- * Process the next 512 bits of the message stored in the array.
- */
-static void SHA1ProcessMessageBlock(SHA1_CTX *ctx)
-{
- const uint32_t K[] = { /* Constants defined in SHA-1 */
- 0x5A827999,
- 0x6ED9EBA1,
- 0x8F1BBCDC,
- 0xCA62C1D6
- };
- int t; /* Loop counter */
- uint32_t temp; /* Temporary word value */
- uint32_t W[80]; /* Word sequence */
- uint32_t A, B, C, D, E; /* Word buffers */
-
- /*
- * Initialize the first 16 words in the array W
- */
- for (t = 0; t < 16; t++)
- {
- W[t] = ctx->Message_Block[t * 4] << 24;
- W[t] |= ctx->Message_Block[t * 4 + 1] << 16;
- W[t] |= ctx->Message_Block[t * 4 + 2] << 8;
- W[t] |= ctx->Message_Block[t * 4 + 3];
- }
-
- for (t = 16; t < 80; t++)
- {
- W[t] = SHA1CircularShift(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
- }
-
- A = ctx->Intermediate_Hash[0];
- B = ctx->Intermediate_Hash[1];
- C = ctx->Intermediate_Hash[2];
- D = ctx->Intermediate_Hash[3];
- E = ctx->Intermediate_Hash[4];
-
- for (t = 0; t < 20; t++)
- {
- temp = SHA1CircularShift(5,A) +
- ((B & C) | ((~B) & D)) + E + W[t] + K[0];
- E = D;
- D = C;
- C = SHA1CircularShift(30,B);
-
- B = A;
- A = temp;
- }
-
- for (t = 20; t < 40; t++)
- {
- temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[1];
- E = D;
- D = C;
- C = SHA1CircularShift(30,B);
- B = A;
- A = temp;
- }
-
- for (t = 40; t < 60; t++)
- {
- temp = SHA1CircularShift(5,A) +
- ((B & C) | (B & D) | (C & D)) + E + W[t] + K[2];
- E = D;
- D = C;
- C = SHA1CircularShift(30,B);
- B = A;
- A = temp;
- }
-
- for (t = 60; t < 80; t++)
- {
- temp = SHA1CircularShift(5,A) + (B ^ C ^ D) + E + W[t] + K[3];
- E = D;
- D = C;
- C = SHA1CircularShift(30,B);
- B = A;
- A = temp;
- }
-
- ctx->Intermediate_Hash[0] += A;
- ctx->Intermediate_Hash[1] += B;
- ctx->Intermediate_Hash[2] += C;
- ctx->Intermediate_Hash[3] += D;
- ctx->Intermediate_Hash[4] += E;
- ctx->Message_Block_Index = 0;
-}
-
-/*
- * According to the standard, the message must be padded to an even
- * 512 bits. The first padding bit must be a '1'. The last 64
- * bits represent the length of the original message. All bits in
- * between should be 0. This function will pad the message
- * according to those rules by filling the Message_Block array
- * accordingly. It will also call the ProcessMessageBlock function
- * provided appropriately. When it returns, it can be assumed that
- * the message digest has been computed.
- *
- * @param ctx [in, out] The SHA1 context
- */
-static void SHA1PadMessage(SHA1_CTX *ctx)
-{
- /*
- * Check to see if the current message block is too small to hold
- * the initial padding bits and length. If so, we will pad the
- * block, process it, and then continue padding into a second
- * block.
- */
- if (ctx->Message_Block_Index > 55)
- {
- ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
- while(ctx->Message_Block_Index < 64)
- {
- ctx->Message_Block[ctx->Message_Block_Index++] = 0;
- }
-
- SHA1ProcessMessageBlock(ctx);
-
- while (ctx->Message_Block_Index < 56)
- {
- ctx->Message_Block[ctx->Message_Block_Index++] = 0;
- }
- }
- else
- {
- ctx->Message_Block[ctx->Message_Block_Index++] = 0x80;
- while(ctx->Message_Block_Index < 56)
- {
-
- ctx->Message_Block[ctx->Message_Block_Index++] = 0;
- }
- }
-
- /*
- * Store the message length as the last 8 octets
- */
- ctx->Message_Block[56] = ctx->Length_High >> 24;
- ctx->Message_Block[57] = ctx->Length_High >> 16;
- ctx->Message_Block[58] = ctx->Length_High >> 8;
- ctx->Message_Block[59] = ctx->Length_High;
- ctx->Message_Block[60] = ctx->Length_Low >> 24;
- ctx->Message_Block[61] = ctx->Length_Low >> 16;
- ctx->Message_Block[62] = ctx->Length_Low >> 8;
- ctx->Message_Block[63] = ctx->Length_Low;
- SHA1ProcessMessageBlock(ctx);
-}
+++ /dev/null
-#include "crypto/axtls/crypto.h"
-#include <ipxe/crypto.h>
-#include <ipxe/sha1.h>
-
-static void sha1_init ( void *ctx ) {
- SHA1Init ( ctx );
-}
-
-static void sha1_update ( void *ctx, const void *data, size_t len ) {
- SHA1Update ( ctx, data, len );
-}
-
-static void sha1_final ( void *ctx, void *out ) {
- SHA1Final ( ctx, out );
-}
-
-struct digest_algorithm sha1_algorithm = {
- .name = "sha1",
- .ctxsize = SHA1_CTX_SIZE,
- .blocksize = 64,
- .digestsize = SHA1_DIGEST_SIZE,
- .init = sha1_init,
- .update = sha1_update,
- .final = sha1_final,
-};
--- /dev/null
+/*
+ * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
+/** @file
+ *
+ * SHA-1 algorithm
+ *
+ */
+
+#include <stdint.h>
+#include <string.h>
+#include <byteswap.h>
+#include <assert.h>
+#include <ipxe/crypto.h>
+#include <ipxe/sha1.h>
+
+/**
+ * Rotate dword left
+ *
+ * @v dword Dword
+ * @v rotate Amount of rotation
+ */
+static inline __attribute__ (( always_inline )) uint32_t
+rol32 ( uint32_t dword, unsigned int rotate ) {
+ return ( ( dword << rotate ) | ( dword >> ( 32 - rotate ) ) );
+}
+
+/** SHA-1 variables */
+struct sha1_variables {
+ /* This layout matches that of struct sha1_digest_data,
+ * allowing for efficient endianness-conversion,
+ */
+ uint32_t a;
+ uint32_t b;
+ uint32_t c;
+ uint32_t d;
+ uint32_t e;
+ uint32_t w[80];
+} __attribute__ (( packed ));
+
+/**
+ * f(a,b,c,d) for steps 0 to 19
+ *
+ * @v v SHA-1 variables
+ * @ret f f(a,b,c,d)
+ */
+static uint32_t sha1_f_0_19 ( struct sha1_variables *v ) {
+ return ( ( v->b & v->c ) | ( (~v->b) & v->d ) );
+}
+
+/**
+ * f(a,b,c,d) for steps 20 to 39 and 60 to 79
+ *
+ * @v v SHA-1 variables
+ * @ret f f(a,b,c,d)
+ */
+static uint32_t sha1_f_20_39_60_79 ( struct sha1_variables *v ) {
+ return ( v->b ^ v->c ^ v->d );
+}
+
+/**
+ * f(a,b,c,d) for steps 40 to 59
+ *
+ * @v v SHA-1 variables
+ * @ret f f(a,b,c,d)
+ */
+static uint32_t sha1_f_40_59 ( struct sha1_variables *v ) {
+ return ( ( v->b & v->c ) | ( v->b & v->d ) | ( v->c & v->d ) );
+}
+
+/** An SHA-1 step function */
+struct sha1_step {
+ /**
+ * Calculate f(a,b,c,d)
+ *
+ * @v v SHA-1 variables
+ * @ret f f(a,b,c,d)
+ */
+ uint32_t ( * f ) ( struct sha1_variables *v );
+ /** Constant k */
+ uint32_t k;
+};
+
+/** SHA-1 steps */
+static struct sha1_step sha1_steps[4] = {
+ /** 0 to 19 */
+ { .f = sha1_f_0_19, .k = 0x5a827999 },
+ /** 20 to 39 */
+ { .f = sha1_f_20_39_60_79, .k = 0x6ed9eba1 },
+ /** 40 to 59 */
+ { .f = sha1_f_40_59, .k = 0x8f1bbcdc },
+ /** 60 to 79 */
+ { .f = sha1_f_20_39_60_79, .k = 0xca62c1d6 },
+};
+
+/**
+ * Initialise SHA-1 algorithm
+ *
+ * @v ctx SHA-1 context
+ */
+static void sha1_init ( void *ctx ) {
+ struct sha1_context *context = ctx;
+
+ context->ddd.dd.digest.h[0] = cpu_to_be32 ( 0x67452301 );
+ context->ddd.dd.digest.h[1] = cpu_to_be32 ( 0xefcdab89 );
+ context->ddd.dd.digest.h[2] = cpu_to_be32 ( 0x98badcfe );
+ context->ddd.dd.digest.h[3] = cpu_to_be32 ( 0x10325476 );
+ context->ddd.dd.digest.h[4] = cpu_to_be32 ( 0xc3d2e1f0 );
+ context->len = 0;
+}
+
+/**
+ * Calculate SHA-1 digest of accumulated data
+ *
+ * @v context SHA-1 context
+ */
+static void sha1_digest ( struct sha1_context *context ) {
+ union {
+ union sha1_digest_data_dwords ddd;
+ struct sha1_variables v;
+ } u;
+ uint32_t *a = &u.v.a;
+ uint32_t *b = &u.v.b;
+ uint32_t *c = &u.v.c;
+ uint32_t *d = &u.v.d;
+ uint32_t *e = &u.v.e;
+ uint32_t *w = u.v.w;
+ uint32_t f;
+ uint32_t k;
+ uint32_t temp;
+ struct sha1_step *step;
+ unsigned int i;
+
+ /* Sanity checks */
+ assert ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 );
+ linker_assert ( &u.ddd.dd.digest.h[0] == a, sha1_bad_layout );
+ linker_assert ( &u.ddd.dd.digest.h[1] == b, sha1_bad_layout );
+ linker_assert ( &u.ddd.dd.digest.h[2] == c, sha1_bad_layout );
+ linker_assert ( &u.ddd.dd.digest.h[3] == d, sha1_bad_layout );
+ linker_assert ( &u.ddd.dd.digest.h[4] == e, sha1_bad_layout );
+ linker_assert ( &u.ddd.dd.data.dword[0] == w, sha1_bad_layout );
+
+ DBGC ( context, "SHA1 digesting:\n" );
+ DBGC_HDA ( context, 0, &context->ddd.dd.digest,
+ sizeof ( context->ddd.dd.digest ) );
+ DBGC_HDA ( context, context->len, &context->ddd.dd.data,
+ sizeof ( context->ddd.dd.data ) );
+
+ /* Convert h[0..4] to host-endian, and initialise a, b, c, d,
+ * e, and w[0..15]
+ */
+ for ( i = 0 ; i < ( sizeof ( u.ddd.dword ) /
+ sizeof ( u.ddd.dword[0] ) ) ; i++ ) {
+ be32_to_cpus ( &context->ddd.dword[i] );
+ u.ddd.dword[i] = context->ddd.dword[i];
+ }
+
+ /* Initialise w[16..79] */
+ for ( i = 16 ; i < 80 ; i++ )
+ w[i] = rol32 ( ( w[i-3] ^ w[i-8] ^ w[i-14] ^ w[i-16] ), 1 );
+
+ /* Main loop */
+ for ( i = 0 ; i < 80 ; i++ ) {
+ step = &sha1_steps[ i / 20 ];
+ f = step->f ( &u.v );
+ k = step->k;
+ temp = ( rol32 ( *a, 5 ) + f + *e + k + w[i] );
+ *e = *d;
+ *d = *c;
+ *c = rol32 ( *b, 30 );
+ *b = *a;
+ *a = temp;
+ DBGC2 ( context, "%2d : %08x %08x %08x %08x %08x\n",
+ i, *a, *b, *c, *d, *e );
+ }
+
+ /* Add chunk to hash and convert back to big-endian */
+ for ( i = 0 ; i < 5 ; i++ ) {
+ context->ddd.dd.digest.h[i] =
+ cpu_to_be32 ( context->ddd.dd.digest.h[i] +
+ u.ddd.dd.digest.h[i] );
+ }
+
+ DBGC ( context, "SHA1 digested:\n" );
+ DBGC_HDA ( context, 0, &context->ddd.dd.digest,
+ sizeof ( context->ddd.dd.digest ) );
+}
+
+/**
+ * Accumulate data with SHA-1 algorithm
+ *
+ * @v ctx SHA-1 context
+ * @v data Data
+ * @v len Length of data
+ */
+static void sha1_update ( void *ctx, const void *data, size_t len ) {
+ struct sha1_context *context = ctx;
+ const uint8_t *byte = data;
+ size_t offset;
+
+ /* Accumulate data a byte at a time, performing the digest
+ * whenever we fill the data buffer
+ */
+ while ( len-- ) {
+ offset = ( context->len % sizeof ( context->ddd.dd.data ) );
+ context->ddd.dd.data.byte[offset] = *(byte++);
+ context->len++;
+ if ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 )
+ sha1_digest ( context );
+ }
+}
+
+/**
+ * Generate SHA-1 digest
+ *
+ * @v ctx SHA-1 context
+ * @v out Output buffer
+ */
+static void sha1_final ( void *ctx, void *out ) {
+ struct sha1_context *context = ctx;
+ uint64_t len_bits;
+ uint8_t pad;
+
+ /* Record length before pre-processing */
+ len_bits = cpu_to_be64 ( ( ( uint64_t ) context->len ) * 8 );
+
+ /* Pad with a single "1" bit followed by as many "0" bits as required */
+ pad = 0x80;
+ do {
+ sha1_update ( ctx, &pad, sizeof ( pad ) );
+ pad = 0x00;
+ } while ( ( context->len % sizeof ( context->ddd.dd.data ) ) !=
+ offsetof ( typeof ( context->ddd.dd.data ), final.len ) );
+
+ /* Append length (in bits) */
+ sha1_update ( ctx, &len_bits, sizeof ( len_bits ) );
+ assert ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 );
+
+ /* Copy out final digest */
+ memcpy ( out, &context->ddd.dd.digest,
+ sizeof ( context->ddd.dd.digest ) );
+}
+
+/** SHA-1 algorithm */
+struct digest_algorithm sha1_algorithm = {
+ .name = "sha1",
+ .ctxsize = sizeof ( struct sha1_context ),
+ .blocksize = sizeof ( union sha1_block ),
+ .digestsize = sizeof ( struct sha1_digest ),
+ .init = sha1_init,
+ .update = sha1_update,
+ .final = sha1_final,
+};
#ifndef _IPXE_SHA1_H
#define _IPXE_SHA1_H
+/** @file
+ *
+ * SHA-1 algorithm
+ *
+ */
+
FILE_LICENCE ( GPL2_OR_LATER );
-#include "crypto/axtls/crypto.h"
+#include <stdint.h>
+#include <ipxe/crypto.h>
-struct digest_algorithm;
+/** An SHA-1 digest */
+struct sha1_digest {
+ /** Hash output */
+ uint32_t h[5];
+};
-#define SHA1_CTX_SIZE sizeof ( SHA1_CTX )
-#define SHA1_DIGEST_SIZE SHA1_SIZE
+/** An SHA-1 data block */
+union sha1_block {
+ /** Raw bytes */
+ uint8_t byte[64];
+ /** Raw dwords */
+ uint32_t dword[16];
+ /** Final block structure */
+ struct {
+ /** Padding */
+ uint8_t pad[56];
+ /** Length in bits */
+ uint64_t len;
+ } final;
+};
-extern struct digest_algorithm sha1_algorithm;
+/** SHA-1 digest and data block
+ *
+ * The order of fields within this structure is designed to minimise
+ * code size.
+ */
+struct sha1_digest_data {
+ /** Digest of data already processed */
+ struct sha1_digest digest;
+ /** Accumulated data */
+ union sha1_block data;
+} __attribute__ (( packed ));
+
+/** SHA-1 digest and data block */
+union sha1_digest_data_dwords {
+ /** Digest and data block */
+ struct sha1_digest_data dd;
+ /** Raw dwords */
+ uint32_t dword[ sizeof ( struct sha1_digest_data ) /
+ sizeof ( uint32_t ) ];
+};
-/* SHA1-wrapping functions defined in sha1extra.c: */
+/** An SHA-1 context */
+struct sha1_context {
+ /** Amount of accumulated data */
+ size_t len;
+ /** Digest and accumulated data */
+ union sha1_digest_data_dwords ddd;
+} __attribute__ (( packed ));
-void prf_sha1 ( const void *key, size_t key_len, const char *label,
- const void *data, size_t data_len, void *prf, size_t prf_len );
+/** SHA-1 context size */
+#define SHA1_CTX_SIZE sizeof ( struct sha1_context )
+
+/** SHA-1 digest size */
+#define SHA1_DIGEST_SIZE sizeof ( struct sha1_digest )
+
+extern struct digest_algorithm sha1_algorithm;
-void pbkdf2_sha1 ( const void *passphrase, size_t pass_len,
- const void *salt, size_t salt_len,
- int iterations, void *key, size_t key_len );
+extern void prf_sha1 ( const void *key, size_t key_len, const char *label,
+ const void *data, size_t data_len, void *prf,
+ size_t prf_len );
+extern void pbkdf2_sha1 ( const void *passphrase, size_t pass_len,
+ const void *salt, size_t salt_len,
+ int iterations, void *key, size_t key_len );
#endif /* _IPXE_SHA1_H */
projects / thirdparty / ipxe.git / commitdiff
