2 * Heiko Schocher, DENX Software Engineering, hs@denx.de.
4 * FIPS-180-1 compliant SHA-1 implementation
6 * Copyright (C) 2003-2006 Christophe Devine
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License, version 2.1 as published by the Free Software Foundation.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
23 * The SHA-1 standard was published by NIST in 1993.
25 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
28 #ifndef _CRT_SECURE_NO_DEPRECATE
29 #define _CRT_SECURE_NO_DEPRECATE 1
32 #include <linux/string.h>
36 * 32-bit integer manipulation macros (big endian)
39 #define GET_UINT32_BE(n,b,i) \
41 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
42 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
43 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
44 | ( (unsigned long) (b)[(i) + 3] ); \
48 #define PUT_UINT32_BE(n,b,i) \
50 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
51 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
52 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
53 (b)[(i) + 3] = (unsigned char) ( (n) ); \
60 void sha1_starts( sha1_context *ctx )
65 ctx->state[0] = 0x67452301;
66 ctx->state[1] = 0xEFCDAB89;
67 ctx->state[2] = 0x98BADCFE;
68 ctx->state[3] = 0x10325476;
69 ctx->state[4] = 0xC3D2E1F0;
72 static void sha1_process( sha1_context *ctx, unsigned char data[64] )
74 unsigned long temp, W[16], A, B, C, D, E;
76 GET_UINT32_BE( W[0], data, 0 );
77 GET_UINT32_BE( W[1], data, 4 );
78 GET_UINT32_BE( W[2], data, 8 );
79 GET_UINT32_BE( W[3], data, 12 );
80 GET_UINT32_BE( W[4], data, 16 );
81 GET_UINT32_BE( W[5], data, 20 );
82 GET_UINT32_BE( W[6], data, 24 );
83 GET_UINT32_BE( W[7], data, 28 );
84 GET_UINT32_BE( W[8], data, 32 );
85 GET_UINT32_BE( W[9], data, 36 );
86 GET_UINT32_BE( W[10], data, 40 );
87 GET_UINT32_BE( W[11], data, 44 );
88 GET_UINT32_BE( W[12], data, 48 );
89 GET_UINT32_BE( W[13], data, 52 );
90 GET_UINT32_BE( W[14], data, 56 );
91 GET_UINT32_BE( W[15], data, 60 );
93 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
97 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
98 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
99 ( W[t & 0x0F] = S(temp,1) ) \
102 #define P(a,b,c,d,e,x) \
104 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
113 #define F(x,y,z) (z ^ (x & (y ^ z)))
116 P( A, B, C, D, E, W[0] );
117 P( E, A, B, C, D, W[1] );
118 P( D, E, A, B, C, W[2] );
119 P( C, D, E, A, B, W[3] );
120 P( B, C, D, E, A, W[4] );
121 P( A, B, C, D, E, W[5] );
122 P( E, A, B, C, D, W[6] );
123 P( D, E, A, B, C, W[7] );
124 P( C, D, E, A, B, W[8] );
125 P( B, C, D, E, A, W[9] );
126 P( A, B, C, D, E, W[10] );
127 P( E, A, B, C, D, W[11] );
128 P( D, E, A, B, C, W[12] );
129 P( C, D, E, A, B, W[13] );
130 P( B, C, D, E, A, W[14] );
131 P( A, B, C, D, E, W[15] );
132 P( E, A, B, C, D, R(16) );
133 P( D, E, A, B, C, R(17) );
134 P( C, D, E, A, B, R(18) );
135 P( B, C, D, E, A, R(19) );
140 #define F(x,y,z) (x ^ y ^ z)
143 P( A, B, C, D, E, R(20) );
144 P( E, A, B, C, D, R(21) );
145 P( D, E, A, B, C, R(22) );
146 P( C, D, E, A, B, R(23) );
147 P( B, C, D, E, A, R(24) );
148 P( A, B, C, D, E, R(25) );
149 P( E, A, B, C, D, R(26) );
150 P( D, E, A, B, C, R(27) );
151 P( C, D, E, A, B, R(28) );
152 P( B, C, D, E, A, R(29) );
153 P( A, B, C, D, E, R(30) );
154 P( E, A, B, C, D, R(31) );
155 P( D, E, A, B, C, R(32) );
156 P( C, D, E, A, B, R(33) );
157 P( B, C, D, E, A, R(34) );
158 P( A, B, C, D, E, R(35) );
159 P( E, A, B, C, D, R(36) );
160 P( D, E, A, B, C, R(37) );
161 P( C, D, E, A, B, R(38) );
162 P( B, C, D, E, A, R(39) );
167 #define F(x,y,z) ((x & y) | (z & (x | y)))
170 P( A, B, C, D, E, R(40) );
171 P( E, A, B, C, D, R(41) );
172 P( D, E, A, B, C, R(42) );
173 P( C, D, E, A, B, R(43) );
174 P( B, C, D, E, A, R(44) );
175 P( A, B, C, D, E, R(45) );
176 P( E, A, B, C, D, R(46) );
177 P( D, E, A, B, C, R(47) );
178 P( C, D, E, A, B, R(48) );
179 P( B, C, D, E, A, R(49) );
180 P( A, B, C, D, E, R(50) );
181 P( E, A, B, C, D, R(51) );
182 P( D, E, A, B, C, R(52) );
183 P( C, D, E, A, B, R(53) );
184 P( B, C, D, E, A, R(54) );
185 P( A, B, C, D, E, R(55) );
186 P( E, A, B, C, D, R(56) );
187 P( D, E, A, B, C, R(57) );
188 P( C, D, E, A, B, R(58) );
189 P( B, C, D, E, A, R(59) );
194 #define F(x,y,z) (x ^ y ^ z)
197 P( A, B, C, D, E, R(60) );
198 P( E, A, B, C, D, R(61) );
199 P( D, E, A, B, C, R(62) );
200 P( C, D, E, A, B, R(63) );
201 P( B, C, D, E, A, R(64) );
202 P( A, B, C, D, E, R(65) );
203 P( E, A, B, C, D, R(66) );
204 P( D, E, A, B, C, R(67) );
205 P( C, D, E, A, B, R(68) );
206 P( B, C, D, E, A, R(69) );
207 P( A, B, C, D, E, R(70) );
208 P( E, A, B, C, D, R(71) );
209 P( D, E, A, B, C, R(72) );
210 P( C, D, E, A, B, R(73) );
211 P( B, C, D, E, A, R(74) );
212 P( A, B, C, D, E, R(75) );
213 P( E, A, B, C, D, R(76) );
214 P( D, E, A, B, C, R(77) );
215 P( C, D, E, A, B, R(78) );
216 P( B, C, D, E, A, R(79) );
229 * SHA-1 process buffer
231 void sha1_update( sha1_context *ctx, unsigned char *input, int ilen )
239 left = ctx->total[0] & 0x3F;
242 ctx->total[0] += ilen;
243 ctx->total[0] &= 0xFFFFFFFF;
245 if( ctx->total[0] < (unsigned long) ilen )
248 if( left && ilen >= fill )
250 memcpy( (void *) (ctx->buffer + left),
251 (void *) input, fill );
252 sha1_process( ctx, ctx->buffer );
260 sha1_process( ctx, input );
267 memcpy( (void *) (ctx->buffer + left),
268 (void *) input, ilen );
272 static const unsigned char sha1_padding[64] =
274 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
275 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
276 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
277 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
283 void sha1_finish( sha1_context *ctx, unsigned char output[20] )
285 unsigned long last, padn;
286 unsigned long high, low;
287 unsigned char msglen[8];
289 high = ( ctx->total[0] >> 29 )
290 | ( ctx->total[1] << 3 );
291 low = ( ctx->total[0] << 3 );
293 PUT_UINT32_BE( high, msglen, 0 );
294 PUT_UINT32_BE( low, msglen, 4 );
296 last = ctx->total[0] & 0x3F;
297 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
299 sha1_update( ctx, (unsigned char *) sha1_padding, padn );
300 sha1_update( ctx, msglen, 8 );
302 PUT_UINT32_BE( ctx->state[0], output, 0 );
303 PUT_UINT32_BE( ctx->state[1], output, 4 );
304 PUT_UINT32_BE( ctx->state[2], output, 8 );
305 PUT_UINT32_BE( ctx->state[3], output, 12 );
306 PUT_UINT32_BE( ctx->state[4], output, 16 );
310 * Output = SHA-1( input buffer )
312 void sha1_csum( unsigned char *input, int ilen,
313 unsigned char output[20] )
318 sha1_update( &ctx, input, ilen );
319 sha1_finish( &ctx, output );
323 * Output = HMAC-SHA-1( input buffer, hmac key )
325 void sha1_hmac( unsigned char *key, int keylen,
326 unsigned char *input, int ilen,
327 unsigned char output[20] )
331 unsigned char k_ipad[64];
332 unsigned char k_opad[64];
333 unsigned char tmpbuf[20];
335 memset( k_ipad, 0x36, 64 );
336 memset( k_opad, 0x5C, 64 );
338 for( i = 0; i < keylen; i++ )
347 sha1_update( &ctx, k_ipad, 64 );
348 sha1_update( &ctx, input, ilen );
349 sha1_finish( &ctx, tmpbuf );
352 sha1_update( &ctx, k_opad, 64 );
353 sha1_update( &ctx, tmpbuf, 20 );
354 sha1_finish( &ctx, output );
356 memset( k_ipad, 0, 64 );
357 memset( k_opad, 0, 64 );
358 memset( tmpbuf, 0, 20 );
359 memset( &ctx, 0, sizeof( sha1_context ) );
362 static const char _sha1_src[] = "_sha1_src";
366 * FIPS-180-1 test vectors
368 static const char sha1_test_str[3][57] =
371 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
375 static const unsigned char sha1_test_sum[3][20] =
377 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
378 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
379 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
380 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
381 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
382 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
388 int sha1_self_test( void )
391 unsigned char buf[1000];
392 unsigned char sha1sum[20];
395 for( i = 0; i < 3; i++ )
397 printf( " SHA-1 test #%d: ", i + 1 );
402 sha1_update( &ctx, (unsigned char *) sha1_test_str[i],
403 strlen( sha1_test_str[i] ) );
406 memset( buf, 'a', 1000 );
407 for( j = 0; j < 1000; j++ )
408 sha1_update( &ctx, buf, 1000 );
411 sha1_finish( &ctx, sha1sum );
413 if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
415 printf( "failed\n" );
419 printf( "passed\n" );
426 int sha1_self_test( void )