Knight KE / Mbed OS Game_Master
Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers sha1.c Source File

sha1.c

00001 /*
00002  *  FIPS-180-1 compliant SHA-1 implementation
00003  *
00004  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
00005  *  SPDX-License-Identifier: Apache-2.0
00006  *
00007  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
00008  *  not use this file except in compliance with the License.
00009  *  You may obtain a copy of the License at
00010  *
00011  *  http://www.apache.org/licenses/LICENSE-2.0
00012  *
00013  *  Unless required by applicable law or agreed to in writing, software
00014  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
00015  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00016  *  See the License for the specific language governing permissions and
00017  *  limitations under the License.
00018  *
00019  *  This file is part of mbed TLS (https://tls.mbed.org)
00020  */
00021 /*
00022  *  The SHA-1 standard was published by NIST in 1993.
00023  *
00024  *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
00025  */
00026 
00027 #if !defined(MBEDTLS_CONFIG_FILE)
00028 #include "mbedtls/config.h"
00029 #else
00030 #include MBEDTLS_CONFIG_FILE
00031 #endif
00032 
00033 #if defined(MBEDTLS_SHA1_C)
00034 
00035 #include "mbedtls/sha1.h"
00036 #include "mbedtls/platform_util.h"
00037 
00038 #include <string.h>
00039 
00040 #if defined(MBEDTLS_SELF_TEST)
00041 #if defined(MBEDTLS_PLATFORM_C)
00042 #include "mbedtls/platform.h"
00043 #else
00044 #include <stdio.h>
00045 #define mbedtls_printf printf
00046 #endif /* MBEDTLS_PLATFORM_C */
00047 #endif /* MBEDTLS_SELF_TEST */
00048 
00049 #if !defined(MBEDTLS_SHA1_ALT)
00050 
00051 /*
00052  * 32-bit integer manipulation macros (big endian)
00053  */
00054 #ifndef GET_UINT32_BE
00055 #define GET_UINT32_BE(n,b,i)                            \
00056 {                                                       \
00057     (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
00058         | ( (uint32_t) (b)[(i) + 1] << 16 )             \
00059         | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
00060         | ( (uint32_t) (b)[(i) + 3]       );            \
00061 }
00062 #endif
00063 
00064 #ifndef PUT_UINT32_BE
00065 #define PUT_UINT32_BE(n,b,i)                            \
00066 {                                                       \
00067     (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
00068     (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
00069     (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
00070     (b)[(i) + 3] = (unsigned char) ( (n)       );       \
00071 }
00072 #endif
00073 
00074 void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
00075 {
00076     memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
00077 }
00078 
00079 void mbedtls_sha1_free( mbedtls_sha1_context *ctx )
00080 {
00081     if( ctx == NULL )
00082         return;
00083 
00084     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
00085 }
00086 
00087 void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
00088                          const mbedtls_sha1_context *src )
00089 {
00090     *dst = *src;
00091 }
00092 
00093 /*
00094  * SHA-1 context setup
00095  */
00096 int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
00097 {
00098     ctx->total [0] = 0;
00099     ctx->total [1] = 0;
00100 
00101     ctx->state [0] = 0x67452301;
00102     ctx->state [1] = 0xEFCDAB89;
00103     ctx->state [2] = 0x98BADCFE;
00104     ctx->state [3] = 0x10325476;
00105     ctx->state [4] = 0xC3D2E1F0;
00106 
00107     return( 0 );
00108 }
00109 
00110 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
00111 void mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
00112 {
00113     mbedtls_sha1_starts_ret( ctx );
00114 }
00115 #endif
00116 
00117 #if !defined(MBEDTLS_SHA1_PROCESS_ALT)
00118 int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
00119                                    const unsigned char data[64] )
00120 {
00121     uint32_t temp, W[16], A, B, C, D, E;
00122 
00123     GET_UINT32_BE( W[ 0], data,  0 );
00124     GET_UINT32_BE( W[ 1], data,  4 );
00125     GET_UINT32_BE( W[ 2], data,  8 );
00126     GET_UINT32_BE( W[ 3], data, 12 );
00127     GET_UINT32_BE( W[ 4], data, 16 );
00128     GET_UINT32_BE( W[ 5], data, 20 );
00129     GET_UINT32_BE( W[ 6], data, 24 );
00130     GET_UINT32_BE( W[ 7], data, 28 );
00131     GET_UINT32_BE( W[ 8], data, 32 );
00132     GET_UINT32_BE( W[ 9], data, 36 );
00133     GET_UINT32_BE( W[10], data, 40 );
00134     GET_UINT32_BE( W[11], data, 44 );
00135     GET_UINT32_BE( W[12], data, 48 );
00136     GET_UINT32_BE( W[13], data, 52 );
00137     GET_UINT32_BE( W[14], data, 56 );
00138     GET_UINT32_BE( W[15], data, 60 );
00139 
00140 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
00141 
00142 #define R(t)                                            \
00143 (                                                       \
00144     temp = W[( t -  3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \
00145            W[( t - 14 ) & 0x0F] ^ W[  t       & 0x0F],  \
00146     ( W[t & 0x0F] = S(temp,1) )                         \
00147 )
00148 
00149 #define P(a,b,c,d,e,x)                                  \
00150 {                                                       \
00151     e += S(a,5) + F(b,c,d) + K + x; b = S(b,30);        \
00152 }
00153 
00154     A = ctx->state [0];
00155     B = ctx->state [1];
00156     C = ctx->state [2];
00157     D = ctx->state [3];
00158     E = ctx->state [4];
00159 
00160 #define F(x,y,z) (z ^ (x & (y ^ z)))
00161 #define K 0x5A827999
00162 
00163     P( A, B, C, D, E, W[0]  );
00164     P( E, A, B, C, D, W[1]  );
00165     P( D, E, A, B, C, W[2]  );
00166     P( C, D, E, A, B, W[3]  );
00167     P( B, C, D, E, A, W[4]  );
00168     P( A, B, C, D, E, W[5]  );
00169     P( E, A, B, C, D, W[6]  );
00170     P( D, E, A, B, C, W[7]  );
00171     P( C, D, E, A, B, W[8]  );
00172     P( B, C, D, E, A, W[9]  );
00173     P( A, B, C, D, E, W[10] );
00174     P( E, A, B, C, D, W[11] );
00175     P( D, E, A, B, C, W[12] );
00176     P( C, D, E, A, B, W[13] );
00177     P( B, C, D, E, A, W[14] );
00178     P( A, B, C, D, E, W[15] );
00179     P( E, A, B, C, D, R(16) );
00180     P( D, E, A, B, C, R(17) );
00181     P( C, D, E, A, B, R(18) );
00182     P( B, C, D, E, A, R(19) );
00183 
00184 #undef K
00185 #undef F
00186 
00187 #define F(x,y,z) (x ^ y ^ z)
00188 #define K 0x6ED9EBA1
00189 
00190     P( A, B, C, D, E, R(20) );
00191     P( E, A, B, C, D, R(21) );
00192     P( D, E, A, B, C, R(22) );
00193     P( C, D, E, A, B, R(23) );
00194     P( B, C, D, E, A, R(24) );
00195     P( A, B, C, D, E, R(25) );
00196     P( E, A, B, C, D, R(26) );
00197     P( D, E, A, B, C, R(27) );
00198     P( C, D, E, A, B, R(28) );
00199     P( B, C, D, E, A, R(29) );
00200     P( A, B, C, D, E, R(30) );
00201     P( E, A, B, C, D, R(31) );
00202     P( D, E, A, B, C, R(32) );
00203     P( C, D, E, A, B, R(33) );
00204     P( B, C, D, E, A, R(34) );
00205     P( A, B, C, D, E, R(35) );
00206     P( E, A, B, C, D, R(36) );
00207     P( D, E, A, B, C, R(37) );
00208     P( C, D, E, A, B, R(38) );
00209     P( B, C, D, E, A, R(39) );
00210 
00211 #undef K
00212 #undef F
00213 
00214 #define F(x,y,z) ((x & y) | (z & (x | y)))
00215 #define K 0x8F1BBCDC
00216 
00217     P( A, B, C, D, E, R(40) );
00218     P( E, A, B, C, D, R(41) );
00219     P( D, E, A, B, C, R(42) );
00220     P( C, D, E, A, B, R(43) );
00221     P( B, C, D, E, A, R(44) );
00222     P( A, B, C, D, E, R(45) );
00223     P( E, A, B, C, D, R(46) );
00224     P( D, E, A, B, C, R(47) );
00225     P( C, D, E, A, B, R(48) );
00226     P( B, C, D, E, A, R(49) );
00227     P( A, B, C, D, E, R(50) );
00228     P( E, A, B, C, D, R(51) );
00229     P( D, E, A, B, C, R(52) );
00230     P( C, D, E, A, B, R(53) );
00231     P( B, C, D, E, A, R(54) );
00232     P( A, B, C, D, E, R(55) );
00233     P( E, A, B, C, D, R(56) );
00234     P( D, E, A, B, C, R(57) );
00235     P( C, D, E, A, B, R(58) );
00236     P( B, C, D, E, A, R(59) );
00237 
00238 #undef K
00239 #undef F
00240 
00241 #define F(x,y,z) (x ^ y ^ z)
00242 #define K 0xCA62C1D6
00243 
00244     P( A, B, C, D, E, R(60) );
00245     P( E, A, B, C, D, R(61) );
00246     P( D, E, A, B, C, R(62) );
00247     P( C, D, E, A, B, R(63) );
00248     P( B, C, D, E, A, R(64) );
00249     P( A, B, C, D, E, R(65) );
00250     P( E, A, B, C, D, R(66) );
00251     P( D, E, A, B, C, R(67) );
00252     P( C, D, E, A, B, R(68) );
00253     P( B, C, D, E, A, R(69) );
00254     P( A, B, C, D, E, R(70) );
00255     P( E, A, B, C, D, R(71) );
00256     P( D, E, A, B, C, R(72) );
00257     P( C, D, E, A, B, R(73) );
00258     P( B, C, D, E, A, R(74) );
00259     P( A, B, C, D, E, R(75) );
00260     P( E, A, B, C, D, R(76) );
00261     P( D, E, A, B, C, R(77) );
00262     P( C, D, E, A, B, R(78) );
00263     P( B, C, D, E, A, R(79) );
00264 
00265 #undef K
00266 #undef F
00267 
00268     ctx->state [0] += A;
00269     ctx->state [1] += B;
00270     ctx->state [2] += C;
00271     ctx->state [3] += D;
00272     ctx->state [4] += E;
00273 
00274     return( 0 );
00275 }
00276 
00277 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
00278 void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
00279                            const unsigned char data[64] )
00280 {
00281     mbedtls_internal_sha1_process( ctx, data );
00282 }
00283 #endif
00284 #endif /* !MBEDTLS_SHA1_PROCESS_ALT */
00285 
00286 /*
00287  * SHA-1 process buffer
00288  */
00289 int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
00290                              const unsigned char *input,
00291                              size_t ilen )
00292 {
00293     int ret;
00294     size_t fill;
00295     uint32_t left;
00296 
00297     if( ilen == 0 )
00298         return( 0 );
00299 
00300     left = ctx->total [0] & 0x3F;
00301     fill = 64 - left;
00302 
00303     ctx->total [0] += (uint32_t) ilen;
00304     ctx->total [0] &= 0xFFFFFFFF;
00305 
00306     if( ctx->total [0] < (uint32_t) ilen )
00307         ctx->total [1]++;
00308 
00309     if( left && ilen >= fill )
00310     {
00311         memcpy( (void *) (ctx->buffer  + left), input, fill );
00312 
00313         if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer  ) ) != 0 )
00314             return( ret );
00315 
00316         input += fill;
00317         ilen  -= fill;
00318         left = 0;
00319     }
00320 
00321     while( ilen >= 64 )
00322     {
00323         if( ( ret = mbedtls_internal_sha1_process( ctx, input ) ) != 0 )
00324             return( ret );
00325 
00326         input += 64;
00327         ilen  -= 64;
00328     }
00329 
00330     if( ilen > 0 )
00331         memcpy( (void *) (ctx->buffer  + left), input, ilen );
00332 
00333     return( 0 );
00334 }
00335 
00336 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
00337 void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
00338                           const unsigned char *input,
00339                           size_t ilen )
00340 {
00341     mbedtls_sha1_update_ret( ctx, input, ilen );
00342 }
00343 #endif
00344 
00345 static const unsigned char sha1_padding[64] =
00346 {
00347  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00348     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00349     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00350     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
00351 };
00352 
00353 /*
00354  * SHA-1 final digest
00355  */
00356 int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
00357                              unsigned char output[20] )
00358 {
00359     int ret;
00360     uint32_t last, padn;
00361     uint32_t high, low;
00362     unsigned char msglen[8];
00363 
00364     high = ( ctx->total [0] >> 29 )
00365          | ( ctx->total [1] <<  3 );
00366     low  = ( ctx->total [0] <<  3 );
00367 
00368     PUT_UINT32_BE( high, msglen, 0 );
00369     PUT_UINT32_BE( low,  msglen, 4 );
00370 
00371     last = ctx->total [0] & 0x3F;
00372     padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
00373 
00374     if( ( ret = mbedtls_sha1_update_ret( ctx, sha1_padding, padn ) ) != 0 )
00375         return( ret );
00376     if( ( ret = mbedtls_sha1_update_ret( ctx, msglen, 8 ) ) != 0 )
00377         return( ret );
00378 
00379     PUT_UINT32_BE( ctx->state [0], output,  0 );
00380     PUT_UINT32_BE( ctx->state [1], output,  4 );
00381     PUT_UINT32_BE( ctx->state [2], output,  8 );
00382     PUT_UINT32_BE( ctx->state [3], output, 12 );
00383     PUT_UINT32_BE( ctx->state [4], output, 16 );
00384 
00385     return( 0 );
00386 }
00387 
00388 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
00389 void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
00390                           unsigned char output[20] )
00391 {
00392     mbedtls_sha1_finish_ret( ctx, output );
00393 }
00394 #endif
00395 
00396 #endif /* !MBEDTLS_SHA1_ALT */
00397 
00398 /*
00399  * output = SHA-1( input buffer )
00400  */
00401 int mbedtls_sha1_ret( const unsigned char *input,
00402                       size_t ilen,
00403                       unsigned char output[20] )
00404 {
00405     int ret;
00406     mbedtls_sha1_context ctx;
00407 
00408     mbedtls_sha1_init( &ctx );
00409 
00410     if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 )
00411         goto exit;
00412 
00413     if( ( ret = mbedtls_sha1_update_ret( &ctx, input, ilen ) ) != 0 )
00414         goto exit;
00415 
00416     if( ( ret = mbedtls_sha1_finish_ret( &ctx, output ) ) != 0 )
00417         goto exit;
00418 
00419 exit:
00420     mbedtls_sha1_free( &ctx );
00421 
00422     return( ret );
00423 }
00424 
00425 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
00426 void mbedtls_sha1( const unsigned char *input,
00427                    size_t ilen,
00428                    unsigned char output[20] )
00429 {
00430     mbedtls_sha1_ret( input, ilen, output );
00431 }
00432 #endif
00433 
00434 #if defined(MBEDTLS_SELF_TEST)
00435 /*
00436  * FIPS-180-1 test vectors
00437  */
00438 static const unsigned char sha1_test_buf[3][57] =
00439 {
00440     { "abc" },
00441     { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
00442     { "" }
00443 };
00444 
00445 static const size_t sha1_test_buflen[3] =
00446 {
00447     3, 56, 1000
00448 };
00449 
00450 static const unsigned char sha1_test_sum[3][20] =
00451 {
00452     { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
00453       0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
00454     { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
00455       0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
00456     { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
00457       0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
00458 };
00459 
00460 /*
00461  * Checkup routine
00462  */
00463 int mbedtls_sha1_self_test( int verbose )
00464 {
00465     int i, j, buflen, ret = 0;
00466     unsigned char buf[1024];
00467     unsigned char sha1sum[20];
00468     mbedtls_sha1_context ctx;
00469 
00470     mbedtls_sha1_init( &ctx );
00471 
00472     /*
00473      * SHA-1
00474      */
00475     for( i = 0; i < 3; i++ )
00476     {
00477         if( verbose != 0 )
00478             mbedtls_printf( "  SHA-1 test #%d: ", i + 1 );
00479 
00480         if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 )
00481             goto fail;
00482 
00483         if( i == 2 )
00484         {
00485             memset( buf, 'a', buflen = 1000 );
00486 
00487             for( j = 0; j < 1000; j++ )
00488             {
00489                 ret = mbedtls_sha1_update_ret( &ctx, buf, buflen );
00490                 if( ret != 0 )
00491                     goto fail;
00492             }
00493         }
00494         else
00495         {
00496             ret = mbedtls_sha1_update_ret( &ctx, sha1_test_buf[i],
00497                                            sha1_test_buflen[i] );
00498             if( ret != 0 )
00499                 goto fail;
00500         }
00501 
00502         if( ( ret = mbedtls_sha1_finish_ret( &ctx, sha1sum ) ) != 0 )
00503             goto fail;
00504 
00505         if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
00506         {
00507             ret = 1;
00508             goto fail;
00509         }
00510 
00511         if( verbose != 0 )
00512             mbedtls_printf( "passed\n" );
00513     }
00514 
00515     if( verbose != 0 )
00516         mbedtls_printf( "\n" );
00517 
00518     goto exit;
00519 
00520 fail:
00521     if( verbose != 0 )
00522         mbedtls_printf( "failed\n" );
00523 
00524 exit:
00525     mbedtls_sha1_free( &ctx );
00526 
00527     return( ret );
00528 }
00529 
00530 #endif /* MBEDTLS_SELF_TEST */
00531 
00532 #endif /* MBEDTLS_SHA1_C */