1 /* 2 * SHA1 hash implementation and interface functions 3 * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "sha1.h" 13 #include "sha1_i.h" 14 #include "md5.h" 15 #include "crypto.h" 16 17 typedef struct SHA1Context SHA1_CTX; 18 19 void SHA1Transform(u32 state[5], const unsigned char buffer[64]); 20 21 22 #ifdef CONFIG_CRYPTO_INTERNAL 23 /** 24 * sha1_vector - SHA-1 hash for data vector 25 * @num_elem: Number of elements in the data vector 26 * @addr: Pointers to the data areas 27 * @len: Lengths of the data blocks 28 * @mac: Buffer for the hash 29 * Returns: 0 on success, -1 of failure 30 */ 31 int sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) 32 { 33 SHA1_CTX ctx; 34 size_t i; 35 36 if (TEST_FAIL()) 37 return -1; 38 39 SHA1Init(&ctx); 40 for (i = 0; i < num_elem; i++) 41 SHA1Update(&ctx, addr[i], len[i]); 42 SHA1Final(mac, &ctx); 43 return 0; 44 } 45 #endif /* CONFIG_CRYPTO_INTERNAL */ 46 47 48 /* ===== start - public domain SHA1 implementation ===== */ 49 50 /* 51 SHA-1 in C 52 By Steve Reid <sreid@sea-to-sky.net> 53 100% Public Domain 54 55 ----------------- 56 Modified 7/98 57 By James H. Brown <jbrown@burgoyne.com> 58 Still 100% Public Domain 59 60 Corrected a problem which generated improper hash values on 16 bit machines 61 Routine SHA1Update changed from 62 void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int 63 len) 64 to 65 void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned 66 long len) 67 68 The 'len' parameter was declared an int which works fine on 32 bit machines. 69 However, on 16 bit machines an int is too small for the shifts being done 70 against 71 it. This caused the hash function to generate incorrect values if len was 72 greater than 8191 (8K - 1) due to the 'len << 3' on line 3 of SHA1Update(). 73 74 Since the file IO in main() reads 16K at a time, any file 8K or larger would 75 be guaranteed to generate the wrong hash (e.g. Test Vector #3, a million 76 "a"s). 77 78 I also changed the declaration of variables i & j in SHA1Update to 79 unsigned long from unsigned int for the same reason. 80 81 These changes should make no difference to any 32 bit implementations since 82 an 83 int and a long are the same size in those environments. 84 85 -- 86 I also corrected a few compiler warnings generated by Borland C. 87 1. Added #include <process.h> for exit() prototype 88 2. Removed unused variable 'j' in SHA1Final 89 3. Changed exit(0) to return(0) at end of main. 90 91 ALL changes I made can be located by searching for comments containing 'JHB' 92 ----------------- 93 Modified 8/98 94 By Steve Reid <sreid@sea-to-sky.net> 95 Still 100% public domain 96 97 1- Removed #include <process.h> and used return() instead of exit() 98 2- Fixed overwriting of finalcount in SHA1Final() (discovered by Chris Hall) 99 3- Changed email address from steve@edmweb.com to sreid@sea-to-sky.net 100 101 ----------------- 102 Modified 4/01 103 By Saul Kravitz <Saul.Kravitz@celera.com> 104 Still 100% PD 105 Modified to run on Compaq Alpha hardware. 106 107 ----------------- 108 Modified 4/01 109 By Jouni Malinen <j@w1.fi> 110 Minor changes to match the coding style used in Dynamics. 111 112 Modified September 24, 2004 113 By Jouni Malinen <j@w1.fi> 114 Fixed alignment issue in SHA1Transform when SHA1HANDSOFF is defined. 115 116 */ 117 118 /* 119 Test Vectors (from FIPS PUB 180-1) 120 "abc" 121 A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D 122 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" 123 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 124 A million repetitions of "a" 125 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F 126 */ 127 128 #define SHA1HANDSOFF 129 130 #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) 131 132 /* blk0() and blk() perform the initial expand. */ 133 /* I got the idea of expanding during the round function from SSLeay */ 134 #ifndef WORDS_BIGENDIAN 135 #define blk0(i) (block->l[i] = (rol(block->l[i], 24) & 0xFF00FF00) | \ 136 (rol(block->l[i], 8) & 0x00FF00FF)) 137 #else 138 #define blk0(i) block->l[i] 139 #endif 140 #define blk(i) (block->l[i & 15] = rol(block->l[(i + 13) & 15] ^ \ 141 block->l[(i + 8) & 15] ^ block->l[(i + 2) & 15] ^ block->l[i & 15], 1)) 142 143 /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ 144 #define R0(v,w,x,y,z,i) \ 145 z += ((w & (x ^ y)) ^ y) + blk0(i) + 0x5A827999 + rol(v, 5); \ 146 w = rol(w, 30); 147 #define R1(v,w,x,y,z,i) \ 148 z += ((w & (x ^ y)) ^ y) + blk(i) + 0x5A827999 + rol(v, 5); \ 149 w = rol(w, 30); 150 #define R2(v,w,x,y,z,i) \ 151 z += (w ^ x ^ y) + blk(i) + 0x6ED9EBA1 + rol(v, 5); w = rol(w, 30); 152 #define R3(v,w,x,y,z,i) \ 153 z += (((w | x) & y) | (w & x)) + blk(i) + 0x8F1BBCDC + rol(v, 5); \ 154 w = rol(w, 30); 155 #define R4(v,w,x,y,z,i) \ 156 z += (w ^ x ^ y) + blk(i) + 0xCA62C1D6 + rol(v, 5); \ 157 w=rol(w, 30); 158 159 160 #ifdef VERBOSE /* SAK */ 161 void SHAPrintContext(SHA1_CTX *context, char *msg) 162 { 163 printf("%s (%d,%d) %x %x %x %x %x\n", 164 msg, 165 context->count[0], context->count[1], 166 context->state[0], 167 context->state[1], 168 context->state[2], 169 context->state[3], 170 context->state[4]); 171 } 172 #endif 173 174 /* Hash a single 512-bit block. This is the core of the algorithm. */ 175 176 void SHA1Transform(u32 state[5], const unsigned char buffer[64]) 177 { 178 u32 a, b, c, d, e; 179 typedef union { 180 unsigned char c[64]; 181 u32 l[16]; 182 } CHAR64LONG16; 183 CHAR64LONG16* block; 184 #ifdef SHA1HANDSOFF 185 CHAR64LONG16 workspace; 186 block = &workspace; 187 os_memcpy(block, buffer, 64); 188 #else 189 block = (CHAR64LONG16 *) buffer; 190 #endif 191 /* Copy context->state[] to working vars */ 192 a = state[0]; 193 b = state[1]; 194 c = state[2]; 195 d = state[3]; 196 e = state[4]; 197 /* 4 rounds of 20 operations each. Loop unrolled. */ 198 R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); 199 R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); 200 R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); 201 R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); 202 R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); 203 R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); 204 R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); 205 R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); 206 R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); 207 R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); 208 R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); 209 R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); 210 R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); 211 R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); 212 R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); 213 R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); 214 R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); 215 R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); 216 R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); 217 R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); 218 /* Add the working vars back into context.state[] */ 219 state[0] += a; 220 state[1] += b; 221 state[2] += c; 222 state[3] += d; 223 state[4] += e; 224 /* Wipe variables */ 225 a = b = c = d = e = 0; 226 #ifdef SHA1HANDSOFF 227 forced_memzero(block, 64); 228 #endif 229 } 230 231 232 /* SHA1Init - Initialize new context */ 233 234 void SHA1Init(SHA1_CTX* context) 235 { 236 /* SHA1 initialization constants */ 237 context->state[0] = 0x67452301; 238 context->state[1] = 0xEFCDAB89; 239 context->state[2] = 0x98BADCFE; 240 context->state[3] = 0x10325476; 241 context->state[4] = 0xC3D2E1F0; 242 context->count[0] = context->count[1] = 0; 243 } 244 245 246 /* Run your data through this. */ 247 248 void SHA1Update(SHA1_CTX* context, const void *_data, u32 len) 249 { 250 u32 i, j; 251 const unsigned char *data = _data; 252 253 #ifdef VERBOSE 254 SHAPrintContext(context, "before"); 255 #endif 256 j = (context->count[0] >> 3) & 63; 257 if ((context->count[0] += len << 3) < (len << 3)) 258 context->count[1]++; 259 context->count[1] += (len >> 29); 260 if ((j + len) > 63) { 261 os_memcpy(&context->buffer[j], data, (i = 64-j)); 262 SHA1Transform(context->state, context->buffer); 263 for ( ; i + 63 < len; i += 64) { 264 SHA1Transform(context->state, &data[i]); 265 } 266 j = 0; 267 } 268 else i = 0; 269 os_memcpy(&context->buffer[j], &data[i], len - i); 270 #ifdef VERBOSE 271 SHAPrintContext(context, "after "); 272 #endif 273 } 274 275 276 /* Add padding and return the message digest. */ 277 278 void SHA1Final(unsigned char digest[20], SHA1_CTX* context) 279 { 280 u32 i; 281 unsigned char finalcount[8]; 282 283 for (i = 0; i < 8; i++) { 284 finalcount[i] = (unsigned char) 285 ((context->count[(i >= 4 ? 0 : 1)] >> 286 ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ 287 } 288 SHA1Update(context, (unsigned char *) "\200", 1); 289 while ((context->count[0] & 504) != 448) { 290 SHA1Update(context, (unsigned char *) "\0", 1); 291 } 292 SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() 293 */ 294 for (i = 0; i < 20; i++) { 295 digest[i] = (unsigned char) 296 ((context->state[i >> 2] >> ((3 - (i & 3)) * 8)) & 297 255); 298 } 299 /* Wipe variables */ 300 os_memset(context->buffer, 0, 64); 301 os_memset(context->state, 0, 20); 302 os_memset(context->count, 0, 8); 303 forced_memzero(finalcount, sizeof(finalcount)); 304 } 305 306 /* ===== end - public domain SHA1 implementation ===== */ 307