Greg Steiert / pegasus_dev

Dependents:   blinky_max32630fthr

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers sha1.c Source File

sha1.c

00001 /*
00002  *  FIPS-180-1 compliant SHA-1 implementation
00003  *
00004  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
00005  *  SPDX-License-Identifier: Apache-2.0
00006  *
00007  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
00008  *  not use this file except in compliance with the License.
00009  *  You may obtain a copy of the License at
00010  *
00011  *  http://www.apache.org/licenses/LICENSE-2.0
00012  *
00013  *  Unless required by applicable law or agreed to in writing, software
00014  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
00015  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00016  *  See the License for the specific language governing permissions and
00017  *  limitations under the License.
00018  *
00019  *  This file is part of mbed TLS (https://tls.mbed.org)
00020  */
00021 /*
00022  *  The SHA-1 standard was published by NIST in 1993.
00023  *
00024  *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
00025  */
00026 
00027 #if !defined(MBEDTLS_CONFIG_FILE)
00028 #include "mbedtls/config.h"
00029 #else
00030 #include MBEDTLS_CONFIG_FILE
00031 #endif
00032 
00033 #if defined(MBEDTLS_SHA1_C)
00034 
00035 #include "mbedtls/sha1.h"
00036 
00037 #include <string.h>
00038 
00039 #if defined(MBEDTLS_SELF_TEST)
00040 #if defined(MBEDTLS_PLATFORM_C)
00041 #include "mbedtls/platform.h"
00042 #else
00043 #include <stdio.h>
00044 #define mbedtls_printf printf
00045 #endif /* MBEDTLS_PLATFORM_C */
00046 #endif /* MBEDTLS_SELF_TEST */
00047 
00048 #if !defined(MBEDTLS_SHA1_ALT)
00049 
00050 /* Implementation that should never be optimized out by the compiler */
00051 static void mbedtls_zeroize( void *v, size_t n ) {
00052     volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
00053 }
00054 
00055 /*
00056  * 32-bit integer manipulation macros (big endian)
00057  */
00058 #ifndef GET_UINT32_BE
00059 #define GET_UINT32_BE(n,b,i)                            \
00060 {                                                       \
00061     (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
00062         | ( (uint32_t) (b)[(i) + 1] << 16 )             \
00063         | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
00064         | ( (uint32_t) (b)[(i) + 3]       );            \
00065 }
00066 #endif
00067 
00068 #ifndef PUT_UINT32_BE
00069 #define PUT_UINT32_BE(n,b,i)                            \
00070 {                                                       \
00071     (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
00072     (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
00073     (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
00074     (b)[(i) + 3] = (unsigned char) ( (n)       );       \
00075 }
00076 #endif
00077 
00078 void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
00079 {
00080     memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
00081 }
00082 
00083 void mbedtls_sha1_free( mbedtls_sha1_context *ctx )
00084 {
00085     if( ctx == NULL )
00086         return;
00087 
00088     mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
00089 }
00090 
00091 void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
00092                          const mbedtls_sha1_context *src )
00093 {
00094     *dst = *src;
00095 }
00096 
00097 /*
00098  * SHA-1 context setup
00099  */
00100 void mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
00101 {
00102     ctx->total [0] = 0;
00103     ctx->total [1] = 0;
00104 
00105     ctx->state [0] = 0x67452301;
00106     ctx->state [1] = 0xEFCDAB89;
00107     ctx->state [2] = 0x98BADCFE;
00108     ctx->state [3] = 0x10325476;
00109     ctx->state [4] = 0xC3D2E1F0;
00110 }
00111 
00112 #if !defined(MBEDTLS_SHA1_PROCESS_ALT)
00113 void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] )
00114 {
00115     uint32_t temp, W[16], A, B, C, D, E;
00116 
00117     GET_UINT32_BE( W[ 0], data,  0 );
00118     GET_UINT32_BE( W[ 1], data,  4 );
00119     GET_UINT32_BE( W[ 2], data,  8 );
00120     GET_UINT32_BE( W[ 3], data, 12 );
00121     GET_UINT32_BE( W[ 4], data, 16 );
00122     GET_UINT32_BE( W[ 5], data, 20 );
00123     GET_UINT32_BE( W[ 6], data, 24 );
00124     GET_UINT32_BE( W[ 7], data, 28 );
00125     GET_UINT32_BE( W[ 8], data, 32 );
00126     GET_UINT32_BE( W[ 9], data, 36 );
00127     GET_UINT32_BE( W[10], data, 40 );
00128     GET_UINT32_BE( W[11], data, 44 );
00129     GET_UINT32_BE( W[12], data, 48 );
00130     GET_UINT32_BE( W[13], data, 52 );
00131     GET_UINT32_BE( W[14], data, 56 );
00132     GET_UINT32_BE( W[15], data, 60 );
00133 
00134 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
00135 
00136 #define R(t)                                            \
00137 (                                                       \
00138     temp = W[( t -  3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \
00139            W[( t - 14 ) & 0x0F] ^ W[  t       & 0x0F],  \
00140     ( W[t & 0x0F] = S(temp,1) )                         \
00141 )
00142 
00143 #define P(a,b,c,d,e,x)                                  \
00144 {                                                       \
00145     e += S(a,5) + F(b,c,d) + K + x; b = S(b,30);        \
00146 }
00147 
00148     A = ctx->state [0];
00149     B = ctx->state [1];
00150     C = ctx->state [2];
00151     D = ctx->state [3];
00152     E = ctx->state [4];
00153 
00154 #define F(x,y,z) (z ^ (x & (y ^ z)))
00155 #define K 0x5A827999
00156 
00157     P( A, B, C, D, E, W[0]  );
00158     P( E, A, B, C, D, W[1]  );
00159     P( D, E, A, B, C, W[2]  );
00160     P( C, D, E, A, B, W[3]  );
00161     P( B, C, D, E, A, W[4]  );
00162     P( A, B, C, D, E, W[5]  );
00163     P( E, A, B, C, D, W[6]  );
00164     P( D, E, A, B, C, W[7]  );
00165     P( C, D, E, A, B, W[8]  );
00166     P( B, C, D, E, A, W[9]  );
00167     P( A, B, C, D, E, W[10] );
00168     P( E, A, B, C, D, W[11] );
00169     P( D, E, A, B, C, W[12] );
00170     P( C, D, E, A, B, W[13] );
00171     P( B, C, D, E, A, W[14] );
00172     P( A, B, C, D, E, W[15] );
00173     P( E, A, B, C, D, R(16) );
00174     P( D, E, A, B, C, R(17) );
00175     P( C, D, E, A, B, R(18) );
00176     P( B, C, D, E, A, R(19) );
00177 
00178 #undef K
00179 #undef F
00180 
00181 #define F(x,y,z) (x ^ y ^ z)
00182 #define K 0x6ED9EBA1
00183 
00184     P( A, B, C, D, E, R(20) );
00185     P( E, A, B, C, D, R(21) );
00186     P( D, E, A, B, C, R(22) );
00187     P( C, D, E, A, B, R(23) );
00188     P( B, C, D, E, A, R(24) );
00189     P( A, B, C, D, E, R(25) );
00190     P( E, A, B, C, D, R(26) );
00191     P( D, E, A, B, C, R(27) );
00192     P( C, D, E, A, B, R(28) );
00193     P( B, C, D, E, A, R(29) );
00194     P( A, B, C, D, E, R(30) );
00195     P( E, A, B, C, D, R(31) );
00196     P( D, E, A, B, C, R(32) );
00197     P( C, D, E, A, B, R(33) );
00198     P( B, C, D, E, A, R(34) );
00199     P( A, B, C, D, E, R(35) );
00200     P( E, A, B, C, D, R(36) );
00201     P( D, E, A, B, C, R(37) );
00202     P( C, D, E, A, B, R(38) );
00203     P( B, C, D, E, A, R(39) );
00204 
00205 #undef K
00206 #undef F
00207 
00208 #define F(x,y,z) ((x & y) | (z & (x | y)))
00209 #define K 0x8F1BBCDC
00210 
00211     P( A, B, C, D, E, R(40) );
00212     P( E, A, B, C, D, R(41) );
00213     P( D, E, A, B, C, R(42) );
00214     P( C, D, E, A, B, R(43) );
00215     P( B, C, D, E, A, R(44) );
00216     P( A, B, C, D, E, R(45) );
00217     P( E, A, B, C, D, R(46) );
00218     P( D, E, A, B, C, R(47) );
00219     P( C, D, E, A, B, R(48) );
00220     P( B, C, D, E, A, R(49) );
00221     P( A, B, C, D, E, R(50) );
00222     P( E, A, B, C, D, R(51) );
00223     P( D, E, A, B, C, R(52) );
00224     P( C, D, E, A, B, R(53) );
00225     P( B, C, D, E, A, R(54) );
00226     P( A, B, C, D, E, R(55) );
00227     P( E, A, B, C, D, R(56) );
00228     P( D, E, A, B, C, R(57) );
00229     P( C, D, E, A, B, R(58) );
00230     P( B, C, D, E, A, R(59) );
00231 
00232 #undef K
00233 #undef F
00234 
00235 #define F(x,y,z) (x ^ y ^ z)
00236 #define K 0xCA62C1D6
00237 
00238     P( A, B, C, D, E, R(60) );
00239     P( E, A, B, C, D, R(61) );
00240     P( D, E, A, B, C, R(62) );
00241     P( C, D, E, A, B, R(63) );
00242     P( B, C, D, E, A, R(64) );
00243     P( A, B, C, D, E, R(65) );
00244     P( E, A, B, C, D, R(66) );
00245     P( D, E, A, B, C, R(67) );
00246     P( C, D, E, A, B, R(68) );
00247     P( B, C, D, E, A, R(69) );
00248     P( A, B, C, D, E, R(70) );
00249     P( E, A, B, C, D, R(71) );
00250     P( D, E, A, B, C, R(72) );
00251     P( C, D, E, A, B, R(73) );
00252     P( B, C, D, E, A, R(74) );
00253     P( A, B, C, D, E, R(75) );
00254     P( E, A, B, C, D, R(76) );
00255     P( D, E, A, B, C, R(77) );
00256     P( C, D, E, A, B, R(78) );
00257     P( B, C, D, E, A, R(79) );
00258 
00259 #undef K
00260 #undef F
00261 
00262     ctx->state [0] += A;
00263     ctx->state [1] += B;
00264     ctx->state [2] += C;
00265     ctx->state [3] += D;
00266     ctx->state [4] += E;
00267 }
00268 #endif /* !MBEDTLS_SHA1_PROCESS_ALT */
00269 
00270 /*
00271  * SHA-1 process buffer
00272  */
00273 void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen )
00274 {
00275     size_t fill;
00276     uint32_t left;
00277 
00278     if( ilen == 0 )
00279         return;
00280 
00281     left = ctx->total [0] & 0x3F;
00282     fill = 64 - left;
00283 
00284     ctx->total [0] += (uint32_t) ilen;
00285     ctx->total [0] &= 0xFFFFFFFF;
00286 
00287     if( ctx->total [0] < (uint32_t) ilen )
00288         ctx->total [1]++;
00289 
00290     if( left && ilen >= fill )
00291     {
00292         memcpy( (void *) (ctx->buffer  + left), input, fill );
00293         mbedtls_sha1_process( ctx, ctx->buffer  );
00294         input += fill;
00295         ilen  -= fill;
00296         left = 0;
00297     }
00298 
00299     while( ilen >= 64 )
00300     {
00301         mbedtls_sha1_process( ctx, input );
00302         input += 64;
00303         ilen  -= 64;
00304     }
00305 
00306     if( ilen > 0 )
00307         memcpy( (void *) (ctx->buffer  + left), input, ilen );
00308 }
00309 
00310 static const unsigned char sha1_padding[64] =
00311 {
00312  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00313     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00314     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00315     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
00316 };
00317 
00318 /*
00319  * SHA-1 final digest
00320  */
00321 void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] )
00322 {
00323     uint32_t last, padn;
00324     uint32_t high, low;
00325     unsigned char msglen[8];
00326 
00327     high = ( ctx->total [0] >> 29 )
00328          | ( ctx->total [1] <<  3 );
00329     low  = ( ctx->total [0] <<  3 );
00330 
00331     PUT_UINT32_BE( high, msglen, 0 );
00332     PUT_UINT32_BE( low,  msglen, 4 );
00333 
00334     last = ctx->total [0] & 0x3F;
00335     padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
00336 
00337     mbedtls_sha1_update( ctx, sha1_padding, padn );
00338     mbedtls_sha1_update( ctx, msglen, 8 );
00339 
00340     PUT_UINT32_BE( ctx->state [0], output,  0 );
00341     PUT_UINT32_BE( ctx->state [1], output,  4 );
00342     PUT_UINT32_BE( ctx->state [2], output,  8 );
00343     PUT_UINT32_BE( ctx->state [3], output, 12 );
00344     PUT_UINT32_BE( ctx->state [4], output, 16 );
00345 }
00346 
00347 #endif /* !MBEDTLS_SHA1_ALT */
00348 
00349 /*
00350  * output = SHA-1( input buffer )
00351  */
00352 void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
00353 {
00354     mbedtls_sha1_context ctx;
00355 
00356     mbedtls_sha1_init( &ctx );
00357     mbedtls_sha1_starts( &ctx );
00358     mbedtls_sha1_update( &ctx, input, ilen );
00359     mbedtls_sha1_finish( &ctx, output );
00360     mbedtls_sha1_free( &ctx );
00361 }
00362 
00363 #if defined(MBEDTLS_SELF_TEST)
00364 /*
00365  * FIPS-180-1 test vectors
00366  */
00367 static const unsigned char sha1_test_buf[3][57] =
00368 {
00369     { "abc" },
00370     { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
00371     { "" }
00372 };
00373 
00374 static const int sha1_test_buflen[3] =
00375 {
00376     3, 56, 1000
00377 };
00378 
00379 static const unsigned char sha1_test_sum[3][20] =
00380 {
00381     { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
00382       0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
00383     { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
00384       0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
00385     { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
00386       0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
00387 };
00388 
00389 /*
00390  * Checkup routine
00391  */
00392 int mbedtls_sha1_self_test( int verbose )
00393 {
00394     int i, j, buflen, ret = 0;
00395     unsigned char buf[1024];
00396     unsigned char sha1sum[20];
00397     mbedtls_sha1_context ctx;
00398 
00399     mbedtls_sha1_init( &ctx );
00400 
00401     /*
00402      * SHA-1
00403      */
00404     for( i = 0; i < 3; i++ )
00405     {
00406         if( verbose != 0 )
00407             mbedtls_printf( "  SHA-1 test #%d: ", i + 1 );
00408 
00409         mbedtls_sha1_starts( &ctx );
00410 
00411         if( i == 2 )
00412         {
00413             memset( buf, 'a', buflen = 1000 );
00414 
00415             for( j = 0; j < 1000; j++ )
00416                 mbedtls_sha1_update( &ctx, buf, buflen );
00417         }
00418         else
00419             mbedtls_sha1_update( &ctx, sha1_test_buf[i],
00420                                sha1_test_buflen[i] );
00421 
00422         mbedtls_sha1_finish( &ctx, sha1sum );
00423 
00424         if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
00425         {
00426             if( verbose != 0 )
00427                 mbedtls_printf( "failed\n" );
00428 
00429             ret = 1;
00430             goto exit;
00431         }
00432 
00433         if( verbose != 0 )
00434             mbedtls_printf( "passed\n" );
00435     }
00436 
00437     if( verbose != 0 )
00438         mbedtls_printf( "\n" );
00439 
00440 exit:
00441     mbedtls_sha1_free( &ctx );
00442 
00443     return( ret );
00444 }
00445 
00446 #endif /* MBEDTLS_SELF_TEST */
00447 
00448 #endif /* MBEDTLS_SHA1_C */