2 * Heiko Schocher, DENX Software Engineering, hs@denx.de.
4 * FIPS-180-1 compliant SHA-1 implementation
6 * Copyright (C) 2003-2006 Christophe Devine
8 * SPDX-License-Identifier: LGPL-2.1
11 * The SHA-1 standard was published by NIST in 1993.
13 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
16 #ifndef _CRT_SECURE_NO_DEPRECATE
17 #define _CRT_SECURE_NO_DEPRECATE 1
22 #include <linux/string.h>
25 #endif /* USE_HOSTCC */
27 #include <u-boot/sha1.h>
29 const uint8_t sha1_der_prefix[SHA1_DER_LEN] = {
30 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
31 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
35 * 32-bit integer manipulation macros (big endian)
38 #define GET_UINT32_BE(n,b,i) { \
39 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
40 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
41 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
42 | ( (unsigned long) (b)[(i) + 3] ); \
46 #define PUT_UINT32_BE(n,b,i) { \
47 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
48 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
49 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
50 (b)[(i) + 3] = (unsigned char) ( (n) ); \
57 void sha1_starts (sha1_context * ctx)
62 ctx->state[0] = 0x67452301;
63 ctx->state[1] = 0xEFCDAB89;
64 ctx->state[2] = 0x98BADCFE;
65 ctx->state[3] = 0x10325476;
66 ctx->state[4] = 0xC3D2E1F0;
69 static void sha1_process(sha1_context *ctx, const unsigned char data[64])
71 unsigned long temp, W[16], A, B, C, D, E;
73 GET_UINT32_BE (W[0], data, 0);
74 GET_UINT32_BE (W[1], data, 4);
75 GET_UINT32_BE (W[2], data, 8);
76 GET_UINT32_BE (W[3], data, 12);
77 GET_UINT32_BE (W[4], data, 16);
78 GET_UINT32_BE (W[5], data, 20);
79 GET_UINT32_BE (W[6], data, 24);
80 GET_UINT32_BE (W[7], data, 28);
81 GET_UINT32_BE (W[8], data, 32);
82 GET_UINT32_BE (W[9], data, 36);
83 GET_UINT32_BE (W[10], data, 40);
84 GET_UINT32_BE (W[11], data, 44);
85 GET_UINT32_BE (W[12], data, 48);
86 GET_UINT32_BE (W[13], data, 52);
87 GET_UINT32_BE (W[14], data, 56);
88 GET_UINT32_BE (W[15], data, 60);
90 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
93 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
94 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
95 ( W[t & 0x0F] = S(temp,1) ) \
98 #define P(a,b,c,d,e,x) { \
99 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
108 #define F(x,y,z) (z ^ (x & (y ^ z)))
111 P (A, B, C, D, E, W[0]);
112 P (E, A, B, C, D, W[1]);
113 P (D, E, A, B, C, W[2]);
114 P (C, D, E, A, B, W[3]);
115 P (B, C, D, E, A, W[4]);
116 P (A, B, C, D, E, W[5]);
117 P (E, A, B, C, D, W[6]);
118 P (D, E, A, B, C, W[7]);
119 P (C, D, E, A, B, W[8]);
120 P (B, C, D, E, A, W[9]);
121 P (A, B, C, D, E, W[10]);
122 P (E, A, B, C, D, W[11]);
123 P (D, E, A, B, C, W[12]);
124 P (C, D, E, A, B, W[13]);
125 P (B, C, D, E, A, W[14]);
126 P (A, B, C, D, E, W[15]);
127 P (E, A, B, C, D, R (16));
128 P (D, E, A, B, C, R (17));
129 P (C, D, E, A, B, R (18));
130 P (B, C, D, E, A, R (19));
135 #define F(x,y,z) (x ^ y ^ z)
138 P (A, B, C, D, E, R (20));
139 P (E, A, B, C, D, R (21));
140 P (D, E, A, B, C, R (22));
141 P (C, D, E, A, B, R (23));
142 P (B, C, D, E, A, R (24));
143 P (A, B, C, D, E, R (25));
144 P (E, A, B, C, D, R (26));
145 P (D, E, A, B, C, R (27));
146 P (C, D, E, A, B, R (28));
147 P (B, C, D, E, A, R (29));
148 P (A, B, C, D, E, R (30));
149 P (E, A, B, C, D, R (31));
150 P (D, E, A, B, C, R (32));
151 P (C, D, E, A, B, R (33));
152 P (B, C, D, E, A, R (34));
153 P (A, B, C, D, E, R (35));
154 P (E, A, B, C, D, R (36));
155 P (D, E, A, B, C, R (37));
156 P (C, D, E, A, B, R (38));
157 P (B, C, D, E, A, R (39));
162 #define F(x,y,z) ((x & y) | (z & (x | y)))
165 P (A, B, C, D, E, R (40));
166 P (E, A, B, C, D, R (41));
167 P (D, E, A, B, C, R (42));
168 P (C, D, E, A, B, R (43));
169 P (B, C, D, E, A, R (44));
170 P (A, B, C, D, E, R (45));
171 P (E, A, B, C, D, R (46));
172 P (D, E, A, B, C, R (47));
173 P (C, D, E, A, B, R (48));
174 P (B, C, D, E, A, R (49));
175 P (A, B, C, D, E, R (50));
176 P (E, A, B, C, D, R (51));
177 P (D, E, A, B, C, R (52));
178 P (C, D, E, A, B, R (53));
179 P (B, C, D, E, A, R (54));
180 P (A, B, C, D, E, R (55));
181 P (E, A, B, C, D, R (56));
182 P (D, E, A, B, C, R (57));
183 P (C, D, E, A, B, R (58));
184 P (B, C, D, E, A, R (59));
189 #define F(x,y,z) (x ^ y ^ z)
192 P (A, B, C, D, E, R (60));
193 P (E, A, B, C, D, R (61));
194 P (D, E, A, B, C, R (62));
195 P (C, D, E, A, B, R (63));
196 P (B, C, D, E, A, R (64));
197 P (A, B, C, D, E, R (65));
198 P (E, A, B, C, D, R (66));
199 P (D, E, A, B, C, R (67));
200 P (C, D, E, A, B, R (68));
201 P (B, C, D, E, A, R (69));
202 P (A, B, C, D, E, R (70));
203 P (E, A, B, C, D, R (71));
204 P (D, E, A, B, C, R (72));
205 P (C, D, E, A, B, R (73));
206 P (B, C, D, E, A, R (74));
207 P (A, B, C, D, E, R (75));
208 P (E, A, B, C, D, R (76));
209 P (D, E, A, B, C, R (77));
210 P (C, D, E, A, B, R (78));
211 P (B, C, D, E, A, R (79));
224 * SHA-1 process buffer
226 void sha1_update(sha1_context *ctx, const unsigned char *input,
235 left = ctx->total[0] & 0x3F;
238 ctx->total[0] += ilen;
239 ctx->total[0] &= 0xFFFFFFFF;
241 if (ctx->total[0] < (unsigned long) ilen)
244 if (left && ilen >= fill) {
245 memcpy ((void *) (ctx->buffer + left), (void *) input, fill);
246 sha1_process (ctx, ctx->buffer);
253 sha1_process (ctx, input);
259 memcpy ((void *) (ctx->buffer + left), (void *) input, ilen);
263 static const unsigned char sha1_padding[64] = {
264 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
265 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
266 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
267 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
273 void sha1_finish (sha1_context * ctx, unsigned char output[20])
275 unsigned long last, padn;
276 unsigned long high, low;
277 unsigned char msglen[8];
279 high = (ctx->total[0] >> 29)
280 | (ctx->total[1] << 3);
281 low = (ctx->total[0] << 3);
283 PUT_UINT32_BE (high, msglen, 0);
284 PUT_UINT32_BE (low, msglen, 4);
286 last = ctx->total[0] & 0x3F;
287 padn = (last < 56) ? (56 - last) : (120 - last);
289 sha1_update (ctx, (unsigned char *) sha1_padding, padn);
290 sha1_update (ctx, msglen, 8);
292 PUT_UINT32_BE (ctx->state[0], output, 0);
293 PUT_UINT32_BE (ctx->state[1], output, 4);
294 PUT_UINT32_BE (ctx->state[2], output, 8);
295 PUT_UINT32_BE (ctx->state[3], output, 12);
296 PUT_UINT32_BE (ctx->state[4], output, 16);
300 * Output = SHA-1( input buffer )
302 void sha1_csum(const unsigned char *input, unsigned int ilen,
303 unsigned char *output)
308 sha1_update (&ctx, input, ilen);
309 sha1_finish (&ctx, output);
313 * Output = SHA-1( input buffer ). Trigger the watchdog every 'chunk_sz'
314 * bytes of input processed.
316 void sha1_csum_wd(const unsigned char *input, unsigned int ilen,
317 unsigned char *output, unsigned int chunk_sz)
320 #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
321 const unsigned char *end, *curr;
327 #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
332 if (chunk > chunk_sz)
334 sha1_update (&ctx, curr, chunk);
339 sha1_update (&ctx, input, ilen);
342 sha1_finish (&ctx, output);
346 * Output = HMAC-SHA-1( input buffer, hmac key )
348 void sha1_hmac(const unsigned char *key, int keylen,
349 const unsigned char *input, unsigned int ilen,
350 unsigned char *output)
354 unsigned char k_ipad[64];
355 unsigned char k_opad[64];
356 unsigned char tmpbuf[20];
358 memset (k_ipad, 0x36, 64);
359 memset (k_opad, 0x5C, 64);
361 for (i = 0; i < keylen; i++) {
370 sha1_update (&ctx, k_ipad, 64);
371 sha1_update (&ctx, input, ilen);
372 sha1_finish (&ctx, tmpbuf);
375 sha1_update (&ctx, k_opad, 64);
376 sha1_update (&ctx, tmpbuf, 20);
377 sha1_finish (&ctx, output);
379 memset (k_ipad, 0, 64);
380 memset (k_opad, 0, 64);
381 memset (tmpbuf, 0, 20);
382 memset (&ctx, 0, sizeof (sha1_context));
387 * FIPS-180-1 test vectors
389 static const char sha1_test_str[3][57] = {
391 {"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"},
395 static const unsigned char sha1_test_sum[3][20] = {
396 {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
397 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D},
398 {0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
399 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1},
400 {0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
401 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F}
407 int sha1_self_test (void)
410 unsigned char buf[1000];
411 unsigned char sha1sum[20];
414 for (i = 0; i < 3; i++) {
415 printf (" SHA-1 test #%d: ", i + 1);
420 sha1_update (&ctx, (unsigned char *) sha1_test_str[i],
421 strlen (sha1_test_str[i]));
423 memset (buf, 'a', 1000);
424 for (j = 0; j < 1000; j++)
425 sha1_update (&ctx, buf, 1000);
428 sha1_finish (&ctx, sha1sum);
430 if (memcmp (sha1sum, sha1_test_sum[i], 20) != 0) {
442 int sha1_self_test (void)