1 /* 2 * Heiko Schocher, DENX Software Engineering, hs@denx.de. 3 * based on: 4 * FIPS-180-1 compliant SHA-1 implementation 5 * 6 * Copyright (C) 2003-2006 Christophe Devine 7 * 8 * This library is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU Lesser General Public 10 * License, version 2.1 as published by the Free Software Foundation. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 20 * MA 02110-1301 USA 21 */ 22 /* 23 * The SHA-1 standard was published by NIST in 1993. 24 * 25 * http://www.itl.nist.gov/fipspubs/fip180-1.htm 26 */ 27 28 #ifndef _CRT_SECURE_NO_DEPRECATE 29 #define _CRT_SECURE_NO_DEPRECATE 1 30 #endif 31 32 #ifndef USE_HOSTCC 33 #include <common.h> 34 #include <linux/string.h> 35 #else 36 #include <string.h> 37 #endif /* USE_HOSTCC */ 38 #include <watchdog.h> 39 #include <u-boot/sha1.h> 40 41 /* 42 * 32-bit integer manipulation macros (big endian) 43 */ 44 #ifndef GET_UINT32_BE 45 #define GET_UINT32_BE(n,b,i) { \ 46 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \ 47 | ( (unsigned long) (b)[(i) + 1] << 16 ) \ 48 | ( (unsigned long) (b)[(i) + 2] << 8 ) \ 49 | ( (unsigned long) (b)[(i) + 3] ); \ 50 } 51 #endif 52 #ifndef PUT_UINT32_BE 53 #define PUT_UINT32_BE(n,b,i) { \ 54 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 55 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 56 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 57 (b)[(i) + 3] = (unsigned char) ( (n) ); \ 58 } 59 #endif 60 61 /* 62 * SHA-1 context setup 63 */ 64 void sha1_starts (sha1_context * ctx) 65 { 66 ctx->total[0] = 0; 67 ctx->total[1] = 0; 68 69 ctx->state[0] = 0x67452301; 70 ctx->state[1] = 0xEFCDAB89; 71 ctx->state[2] = 0x98BADCFE; 72 ctx->state[3] = 0x10325476; 73 ctx->state[4] = 0xC3D2E1F0; 74 } 75 76 static void sha1_process(sha1_context *ctx, const unsigned char data[64]) 77 { 78 unsigned long temp, W[16], A, B, C, D, E; 79 80 GET_UINT32_BE (W[0], data, 0); 81 GET_UINT32_BE (W[1], data, 4); 82 GET_UINT32_BE (W[2], data, 8); 83 GET_UINT32_BE (W[3], data, 12); 84 GET_UINT32_BE (W[4], data, 16); 85 GET_UINT32_BE (W[5], data, 20); 86 GET_UINT32_BE (W[6], data, 24); 87 GET_UINT32_BE (W[7], data, 28); 88 GET_UINT32_BE (W[8], data, 32); 89 GET_UINT32_BE (W[9], data, 36); 90 GET_UINT32_BE (W[10], data, 40); 91 GET_UINT32_BE (W[11], data, 44); 92 GET_UINT32_BE (W[12], data, 48); 93 GET_UINT32_BE (W[13], data, 52); 94 GET_UINT32_BE (W[14], data, 56); 95 GET_UINT32_BE (W[15], data, 60); 96 97 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n))) 98 99 #define R(t) ( \ 100 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \ 101 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \ 102 ( W[t & 0x0F] = S(temp,1) ) \ 103 ) 104 105 #define P(a,b,c,d,e,x) { \ 106 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \ 107 } 108 109 A = ctx->state[0]; 110 B = ctx->state[1]; 111 C = ctx->state[2]; 112 D = ctx->state[3]; 113 E = ctx->state[4]; 114 115 #define F(x,y,z) (z ^ (x & (y ^ z))) 116 #define K 0x5A827999 117 118 P (A, B, C, D, E, W[0]); 119 P (E, A, B, C, D, W[1]); 120 P (D, E, A, B, C, W[2]); 121 P (C, D, E, A, B, W[3]); 122 P (B, C, D, E, A, W[4]); 123 P (A, B, C, D, E, W[5]); 124 P (E, A, B, C, D, W[6]); 125 P (D, E, A, B, C, W[7]); 126 P (C, D, E, A, B, W[8]); 127 P (B, C, D, E, A, W[9]); 128 P (A, B, C, D, E, W[10]); 129 P (E, A, B, C, D, W[11]); 130 P (D, E, A, B, C, W[12]); 131 P (C, D, E, A, B, W[13]); 132 P (B, C, D, E, A, W[14]); 133 P (A, B, C, D, E, W[15]); 134 P (E, A, B, C, D, R (16)); 135 P (D, E, A, B, C, R (17)); 136 P (C, D, E, A, B, R (18)); 137 P (B, C, D, E, A, R (19)); 138 139 #undef K 140 #undef F 141 142 #define F(x,y,z) (x ^ y ^ z) 143 #define K 0x6ED9EBA1 144 145 P (A, B, C, D, E, R (20)); 146 P (E, A, B, C, D, R (21)); 147 P (D, E, A, B, C, R (22)); 148 P (C, D, E, A, B, R (23)); 149 P (B, C, D, E, A, R (24)); 150 P (A, B, C, D, E, R (25)); 151 P (E, A, B, C, D, R (26)); 152 P (D, E, A, B, C, R (27)); 153 P (C, D, E, A, B, R (28)); 154 P (B, C, D, E, A, R (29)); 155 P (A, B, C, D, E, R (30)); 156 P (E, A, B, C, D, R (31)); 157 P (D, E, A, B, C, R (32)); 158 P (C, D, E, A, B, R (33)); 159 P (B, C, D, E, A, R (34)); 160 P (A, B, C, D, E, R (35)); 161 P (E, A, B, C, D, R (36)); 162 P (D, E, A, B, C, R (37)); 163 P (C, D, E, A, B, R (38)); 164 P (B, C, D, E, A, R (39)); 165 166 #undef K 167 #undef F 168 169 #define F(x,y,z) ((x & y) | (z & (x | y))) 170 #define K 0x8F1BBCDC 171 172 P (A, B, C, D, E, R (40)); 173 P (E, A, B, C, D, R (41)); 174 P (D, E, A, B, C, R (42)); 175 P (C, D, E, A, B, R (43)); 176 P (B, C, D, E, A, R (44)); 177 P (A, B, C, D, E, R (45)); 178 P (E, A, B, C, D, R (46)); 179 P (D, E, A, B, C, R (47)); 180 P (C, D, E, A, B, R (48)); 181 P (B, C, D, E, A, R (49)); 182 P (A, B, C, D, E, R (50)); 183 P (E, A, B, C, D, R (51)); 184 P (D, E, A, B, C, R (52)); 185 P (C, D, E, A, B, R (53)); 186 P (B, C, D, E, A, R (54)); 187 P (A, B, C, D, E, R (55)); 188 P (E, A, B, C, D, R (56)); 189 P (D, E, A, B, C, R (57)); 190 P (C, D, E, A, B, R (58)); 191 P (B, C, D, E, A, R (59)); 192 193 #undef K 194 #undef F 195 196 #define F(x,y,z) (x ^ y ^ z) 197 #define K 0xCA62C1D6 198 199 P (A, B, C, D, E, R (60)); 200 P (E, A, B, C, D, R (61)); 201 P (D, E, A, B, C, R (62)); 202 P (C, D, E, A, B, R (63)); 203 P (B, C, D, E, A, R (64)); 204 P (A, B, C, D, E, R (65)); 205 P (E, A, B, C, D, R (66)); 206 P (D, E, A, B, C, R (67)); 207 P (C, D, E, A, B, R (68)); 208 P (B, C, D, E, A, R (69)); 209 P (A, B, C, D, E, R (70)); 210 P (E, A, B, C, D, R (71)); 211 P (D, E, A, B, C, R (72)); 212 P (C, D, E, A, B, R (73)); 213 P (B, C, D, E, A, R (74)); 214 P (A, B, C, D, E, R (75)); 215 P (E, A, B, C, D, R (76)); 216 P (D, E, A, B, C, R (77)); 217 P (C, D, E, A, B, R (78)); 218 P (B, C, D, E, A, R (79)); 219 220 #undef K 221 #undef F 222 223 ctx->state[0] += A; 224 ctx->state[1] += B; 225 ctx->state[2] += C; 226 ctx->state[3] += D; 227 ctx->state[4] += E; 228 } 229 230 /* 231 * SHA-1 process buffer 232 */ 233 void sha1_update(sha1_context *ctx, const unsigned char *input, 234 unsigned int ilen) 235 { 236 int fill; 237 unsigned long left; 238 239 if (ilen <= 0) 240 return; 241 242 left = ctx->total[0] & 0x3F; 243 fill = 64 - left; 244 245 ctx->total[0] += ilen; 246 ctx->total[0] &= 0xFFFFFFFF; 247 248 if (ctx->total[0] < (unsigned long) ilen) 249 ctx->total[1]++; 250 251 if (left && ilen >= fill) { 252 memcpy ((void *) (ctx->buffer + left), (void *) input, fill); 253 sha1_process (ctx, ctx->buffer); 254 input += fill; 255 ilen -= fill; 256 left = 0; 257 } 258 259 while (ilen >= 64) { 260 sha1_process (ctx, input); 261 input += 64; 262 ilen -= 64; 263 } 264 265 if (ilen > 0) { 266 memcpy ((void *) (ctx->buffer + left), (void *) input, ilen); 267 } 268 } 269 270 static const unsigned char sha1_padding[64] = { 271 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 272 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 273 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 274 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 275 }; 276 277 /* 278 * SHA-1 final digest 279 */ 280 void sha1_finish (sha1_context * ctx, unsigned char output[20]) 281 { 282 unsigned long last, padn; 283 unsigned long high, low; 284 unsigned char msglen[8]; 285 286 high = (ctx->total[0] >> 29) 287 | (ctx->total[1] << 3); 288 low = (ctx->total[0] << 3); 289 290 PUT_UINT32_BE (high, msglen, 0); 291 PUT_UINT32_BE (low, msglen, 4); 292 293 last = ctx->total[0] & 0x3F; 294 padn = (last < 56) ? (56 - last) : (120 - last); 295 296 sha1_update (ctx, (unsigned char *) sha1_padding, padn); 297 sha1_update (ctx, msglen, 8); 298 299 PUT_UINT32_BE (ctx->state[0], output, 0); 300 PUT_UINT32_BE (ctx->state[1], output, 4); 301 PUT_UINT32_BE (ctx->state[2], output, 8); 302 PUT_UINT32_BE (ctx->state[3], output, 12); 303 PUT_UINT32_BE (ctx->state[4], output, 16); 304 } 305 306 /* 307 * Output = SHA-1( input buffer ) 308 */ 309 void sha1_csum(const unsigned char *input, unsigned int ilen, 310 unsigned char *output) 311 { 312 sha1_context ctx; 313 314 sha1_starts (&ctx); 315 sha1_update (&ctx, input, ilen); 316 sha1_finish (&ctx, output); 317 } 318 319 /* 320 * Output = SHA-1( input buffer ). Trigger the watchdog every 'chunk_sz' 321 * bytes of input processed. 322 */ 323 void sha1_csum_wd(const unsigned char *input, unsigned int ilen, 324 unsigned char *output, unsigned int chunk_sz) 325 { 326 sha1_context ctx; 327 #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG) 328 const unsigned char *end, *curr; 329 int chunk; 330 #endif 331 332 sha1_starts (&ctx); 333 334 #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG) 335 curr = input; 336 end = input + ilen; 337 while (curr < end) { 338 chunk = end - curr; 339 if (chunk > chunk_sz) 340 chunk = chunk_sz; 341 sha1_update (&ctx, curr, chunk); 342 curr += chunk; 343 WATCHDOG_RESET (); 344 } 345 #else 346 sha1_update (&ctx, input, ilen); 347 #endif 348 349 sha1_finish (&ctx, output); 350 } 351 352 /* 353 * Output = HMAC-SHA-1( input buffer, hmac key ) 354 */ 355 void sha1_hmac(const unsigned char *key, int keylen, 356 const unsigned char *input, unsigned int ilen, 357 unsigned char *output) 358 { 359 int i; 360 sha1_context ctx; 361 unsigned char k_ipad[64]; 362 unsigned char k_opad[64]; 363 unsigned char tmpbuf[20]; 364 365 memset (k_ipad, 0x36, 64); 366 memset (k_opad, 0x5C, 64); 367 368 for (i = 0; i < keylen; i++) { 369 if (i >= 64) 370 break; 371 372 k_ipad[i] ^= key[i]; 373 k_opad[i] ^= key[i]; 374 } 375 376 sha1_starts (&ctx); 377 sha1_update (&ctx, k_ipad, 64); 378 sha1_update (&ctx, input, ilen); 379 sha1_finish (&ctx, tmpbuf); 380 381 sha1_starts (&ctx); 382 sha1_update (&ctx, k_opad, 64); 383 sha1_update (&ctx, tmpbuf, 20); 384 sha1_finish (&ctx, output); 385 386 memset (k_ipad, 0, 64); 387 memset (k_opad, 0, 64); 388 memset (tmpbuf, 0, 20); 389 memset (&ctx, 0, sizeof (sha1_context)); 390 } 391 392 #ifdef SELF_TEST 393 /* 394 * FIPS-180-1 test vectors 395 */ 396 static const char sha1_test_str[3][57] = { 397 {"abc"}, 398 {"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"}, 399 {""} 400 }; 401 402 static const unsigned char sha1_test_sum[3][20] = { 403 {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E, 404 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D}, 405 {0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE, 406 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1}, 407 {0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E, 408 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F} 409 }; 410 411 /* 412 * Checkup routine 413 */ 414 int sha1_self_test (void) 415 { 416 int i, j; 417 unsigned char buf[1000]; 418 unsigned char sha1sum[20]; 419 sha1_context ctx; 420 421 for (i = 0; i < 3; i++) { 422 printf (" SHA-1 test #%d: ", i + 1); 423 424 sha1_starts (&ctx); 425 426 if (i < 2) 427 sha1_update (&ctx, (unsigned char *) sha1_test_str[i], 428 strlen (sha1_test_str[i])); 429 else { 430 memset (buf, 'a', 1000); 431 for (j = 0; j < 1000; j++) 432 sha1_update (&ctx, buf, 1000); 433 } 434 435 sha1_finish (&ctx, sha1sum); 436 437 if (memcmp (sha1sum, sha1_test_sum[i], 20) != 0) { 438 printf ("failed\n"); 439 return (1); 440 } 441 442 printf ("passed\n"); 443 } 444 445 printf ("\n"); 446 return (0); 447 } 448 #else 449 int sha1_self_test (void) 450 { 451 return (0); 452 } 453 #endif 454