2 * Heiko Schocher, DENX Software Engineering, hs@denx.de.
4 * FIPS-180-1 compliant SHA-1 implementation
6 * Copyright (C) 2003-2006 Christophe Devine
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License, version 2.1 as published by the Free Software Foundation.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
23 * The SHA-1 standard was published by NIST in 1993.
25 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
28 #ifndef _CRT_SECURE_NO_DEPRECATE
29 #define _CRT_SECURE_NO_DEPRECATE 1
34 #endif /* USE_HOSTCC */
36 #include <linux/string.h>
40 * 32-bit integer manipulation macros (big endian)
43 #define GET_UINT32_BE(n,b,i) { \
44 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
45 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
46 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
47 | ( (unsigned long) (b)[(i) + 3] ); \
51 #define PUT_UINT32_BE(n,b,i) { \
52 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
53 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
54 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
55 (b)[(i) + 3] = (unsigned char) ( (n) ); \
62 void sha1_starts (sha1_context * ctx)
67 ctx->state[0] = 0x67452301;
68 ctx->state[1] = 0xEFCDAB89;
69 ctx->state[2] = 0x98BADCFE;
70 ctx->state[3] = 0x10325476;
71 ctx->state[4] = 0xC3D2E1F0;
74 static void sha1_process (sha1_context * ctx, unsigned char data[64])
76 unsigned long temp, W[16], A, B, C, D, E;
78 GET_UINT32_BE (W[0], data, 0);
79 GET_UINT32_BE (W[1], data, 4);
80 GET_UINT32_BE (W[2], data, 8);
81 GET_UINT32_BE (W[3], data, 12);
82 GET_UINT32_BE (W[4], data, 16);
83 GET_UINT32_BE (W[5], data, 20);
84 GET_UINT32_BE (W[6], data, 24);
85 GET_UINT32_BE (W[7], data, 28);
86 GET_UINT32_BE (W[8], data, 32);
87 GET_UINT32_BE (W[9], data, 36);
88 GET_UINT32_BE (W[10], data, 40);
89 GET_UINT32_BE (W[11], data, 44);
90 GET_UINT32_BE (W[12], data, 48);
91 GET_UINT32_BE (W[13], data, 52);
92 GET_UINT32_BE (W[14], data, 56);
93 GET_UINT32_BE (W[15], data, 60);
95 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
98 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
99 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
100 ( W[t & 0x0F] = S(temp,1) ) \
103 #define P(a,b,c,d,e,x) { \
104 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
113 #define F(x,y,z) (z ^ (x & (y ^ z)))
116 P (A, B, C, D, E, W[0]);
117 P (E, A, B, C, D, W[1]);
118 P (D, E, A, B, C, W[2]);
119 P (C, D, E, A, B, W[3]);
120 P (B, C, D, E, A, W[4]);
121 P (A, B, C, D, E, W[5]);
122 P (E, A, B, C, D, W[6]);
123 P (D, E, A, B, C, W[7]);
124 P (C, D, E, A, B, W[8]);
125 P (B, C, D, E, A, W[9]);
126 P (A, B, C, D, E, W[10]);
127 P (E, A, B, C, D, W[11]);
128 P (D, E, A, B, C, W[12]);
129 P (C, D, E, A, B, W[13]);
130 P (B, C, D, E, A, W[14]);
131 P (A, B, C, D, E, W[15]);
132 P (E, A, B, C, D, R (16));
133 P (D, E, A, B, C, R (17));
134 P (C, D, E, A, B, R (18));
135 P (B, C, D, E, A, R (19));
140 #define F(x,y,z) (x ^ y ^ z)
143 P (A, B, C, D, E, R (20));
144 P (E, A, B, C, D, R (21));
145 P (D, E, A, B, C, R (22));
146 P (C, D, E, A, B, R (23));
147 P (B, C, D, E, A, R (24));
148 P (A, B, C, D, E, R (25));
149 P (E, A, B, C, D, R (26));
150 P (D, E, A, B, C, R (27));
151 P (C, D, E, A, B, R (28));
152 P (B, C, D, E, A, R (29));
153 P (A, B, C, D, E, R (30));
154 P (E, A, B, C, D, R (31));
155 P (D, E, A, B, C, R (32));
156 P (C, D, E, A, B, R (33));
157 P (B, C, D, E, A, R (34));
158 P (A, B, C, D, E, R (35));
159 P (E, A, B, C, D, R (36));
160 P (D, E, A, B, C, R (37));
161 P (C, D, E, A, B, R (38));
162 P (B, C, D, E, A, R (39));
167 #define F(x,y,z) ((x & y) | (z & (x | y)))
170 P (A, B, C, D, E, R (40));
171 P (E, A, B, C, D, R (41));
172 P (D, E, A, B, C, R (42));
173 P (C, D, E, A, B, R (43));
174 P (B, C, D, E, A, R (44));
175 P (A, B, C, D, E, R (45));
176 P (E, A, B, C, D, R (46));
177 P (D, E, A, B, C, R (47));
178 P (C, D, E, A, B, R (48));
179 P (B, C, D, E, A, R (49));
180 P (A, B, C, D, E, R (50));
181 P (E, A, B, C, D, R (51));
182 P (D, E, A, B, C, R (52));
183 P (C, D, E, A, B, R (53));
184 P (B, C, D, E, A, R (54));
185 P (A, B, C, D, E, R (55));
186 P (E, A, B, C, D, R (56));
187 P (D, E, A, B, C, R (57));
188 P (C, D, E, A, B, R (58));
189 P (B, C, D, E, A, R (59));
194 #define F(x,y,z) (x ^ y ^ z)
197 P (A, B, C, D, E, R (60));
198 P (E, A, B, C, D, R (61));
199 P (D, E, A, B, C, R (62));
200 P (C, D, E, A, B, R (63));
201 P (B, C, D, E, A, R (64));
202 P (A, B, C, D, E, R (65));
203 P (E, A, B, C, D, R (66));
204 P (D, E, A, B, C, R (67));
205 P (C, D, E, A, B, R (68));
206 P (B, C, D, E, A, R (69));
207 P (A, B, C, D, E, R (70));
208 P (E, A, B, C, D, R (71));
209 P (D, E, A, B, C, R (72));
210 P (C, D, E, A, B, R (73));
211 P (B, C, D, E, A, R (74));
212 P (A, B, C, D, E, R (75));
213 P (E, A, B, C, D, R (76));
214 P (D, E, A, B, C, R (77));
215 P (C, D, E, A, B, R (78));
216 P (B, C, D, E, A, R (79));
229 * SHA-1 process buffer
231 void sha1_update (sha1_context * ctx, unsigned char *input, int ilen)
239 left = ctx->total[0] & 0x3F;
242 ctx->total[0] += ilen;
243 ctx->total[0] &= 0xFFFFFFFF;
245 if (ctx->total[0] < (unsigned long) ilen)
248 if (left && ilen >= fill) {
249 memcpy ((void *) (ctx->buffer + left), (void *) input, fill);
250 sha1_process (ctx, ctx->buffer);
257 sha1_process (ctx, input);
263 memcpy ((void *) (ctx->buffer + left), (void *) input, ilen);
267 static const unsigned char sha1_padding[64] = {
268 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
269 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
270 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
271 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
277 void sha1_finish (sha1_context * ctx, unsigned char output[20])
279 unsigned long last, padn;
280 unsigned long high, low;
281 unsigned char msglen[8];
283 high = (ctx->total[0] >> 29)
284 | (ctx->total[1] << 3);
285 low = (ctx->total[0] << 3);
287 PUT_UINT32_BE (high, msglen, 0);
288 PUT_UINT32_BE (low, msglen, 4);
290 last = ctx->total[0] & 0x3F;
291 padn = (last < 56) ? (56 - last) : (120 - last);
293 sha1_update (ctx, (unsigned char *) sha1_padding, padn);
294 sha1_update (ctx, msglen, 8);
296 PUT_UINT32_BE (ctx->state[0], output, 0);
297 PUT_UINT32_BE (ctx->state[1], output, 4);
298 PUT_UINT32_BE (ctx->state[2], output, 8);
299 PUT_UINT32_BE (ctx->state[3], output, 12);
300 PUT_UINT32_BE (ctx->state[4], output, 16);
304 * Output = SHA-1( input buffer )
306 void sha1_csum (unsigned char *input, int ilen, unsigned char output[20])
311 sha1_update (&ctx, input, ilen);
312 sha1_finish (&ctx, output);
316 * Output = SHA-1( input buffer ). Trigger the watchdog every 'chunk_sz'
317 * bytes of input processed.
319 void sha1_csum_wd (unsigned char *input, int ilen, unsigned char output[20],
320 unsigned int chunk_sz)
323 #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
324 unsigned char *end, *curr;
330 #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
335 if (chunk > chunk_sz)
337 sha1_update (&ctx, curr, chunk);
342 sha1_update (&ctx, input, ilen);
345 sha1_finish (&ctx, output);
349 * Output = HMAC-SHA-1( input buffer, hmac key )
351 void sha1_hmac (unsigned char *key, int keylen,
352 unsigned char *input, int ilen, unsigned char output[20])
356 unsigned char k_ipad[64];
357 unsigned char k_opad[64];
358 unsigned char tmpbuf[20];
360 memset (k_ipad, 0x36, 64);
361 memset (k_opad, 0x5C, 64);
363 for (i = 0; i < keylen; i++) {
372 sha1_update (&ctx, k_ipad, 64);
373 sha1_update (&ctx, input, ilen);
374 sha1_finish (&ctx, tmpbuf);
377 sha1_update (&ctx, k_opad, 64);
378 sha1_update (&ctx, tmpbuf, 20);
379 sha1_finish (&ctx, output);
381 memset (k_ipad, 0, 64);
382 memset (k_opad, 0, 64);
383 memset (tmpbuf, 0, 20);
384 memset (&ctx, 0, sizeof (sha1_context));
387 static const char _sha1_src[] = "_sha1_src";
391 * FIPS-180-1 test vectors
393 static const char sha1_test_str[3][57] = {
395 {"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"},
399 static const unsigned char sha1_test_sum[3][20] = {
400 {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
401 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D},
402 {0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
403 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1},
404 {0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
405 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F}
411 int sha1_self_test (void)
414 unsigned char buf[1000];
415 unsigned char sha1sum[20];
418 for (i = 0; i < 3; i++) {
419 printf (" SHA-1 test #%d: ", i + 1);
424 sha1_update (&ctx, (unsigned char *) sha1_test_str[i],
425 strlen (sha1_test_str[i]));
427 memset (buf, 'a', 1000);
428 for (j = 0; j < 1000; j++)
429 sha1_update (&ctx, buf, 1000);
432 sha1_finish (&ctx, sha1sum);
434 if (memcmp (sha1sum, sha1_test_sum[i], 20) != 0) {
446 int sha1_self_test (void)