You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

sha1.c 7.2KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276
  1. /*
  2. * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
  3. *
  4. * This program is free software; you can redistribute it and/or
  5. * modify it under the terms of the GNU General Public License as
  6. * published by the Free Software Foundation; either version 2 of the
  7. * License, or any later version.
  8. *
  9. * This program is distributed in the hope that it will be useful, but
  10. * WITHOUT ANY WARRANTY; without even the implied warranty of
  11. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  12. * General Public License for more details.
  13. *
  14. * You should have received a copy of the GNU General Public License
  15. * along with this program; if not, write to the Free Software
  16. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  17. * 02110-1301, USA.
  18. *
  19. * You can also choose to distribute this program under the terms of
  20. * the Unmodified Binary Distribution Licence (as given in the file
  21. * COPYING.UBDL), provided that you have satisfied its requirements.
  22. */
  23. FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
  24. /** @file
  25. *
  26. * SHA-1 algorithm
  27. *
  28. */
  29. #include <stdint.h>
  30. #include <string.h>
  31. #include <byteswap.h>
  32. #include <assert.h>
  33. #include <ipxe/rotate.h>
  34. #include <ipxe/crypto.h>
  35. #include <ipxe/asn1.h>
  36. #include <ipxe/sha1.h>
  37. /** SHA-1 variables */
  38. struct sha1_variables {
  39. /* This layout matches that of struct sha1_digest_data,
  40. * allowing for efficient endianness-conversion,
  41. */
  42. uint32_t a;
  43. uint32_t b;
  44. uint32_t c;
  45. uint32_t d;
  46. uint32_t e;
  47. uint32_t w[80];
  48. } __attribute__ (( packed ));
  49. /**
  50. * f(a,b,c,d) for steps 0 to 19
  51. *
  52. * @v v SHA-1 variables
  53. * @ret f f(a,b,c,d)
  54. */
  55. static uint32_t sha1_f_0_19 ( struct sha1_variables *v ) {
  56. return ( ( v->b & v->c ) | ( (~v->b) & v->d ) );
  57. }
  58. /**
  59. * f(a,b,c,d) for steps 20 to 39 and 60 to 79
  60. *
  61. * @v v SHA-1 variables
  62. * @ret f f(a,b,c,d)
  63. */
  64. static uint32_t sha1_f_20_39_60_79 ( struct sha1_variables *v ) {
  65. return ( v->b ^ v->c ^ v->d );
  66. }
  67. /**
  68. * f(a,b,c,d) for steps 40 to 59
  69. *
  70. * @v v SHA-1 variables
  71. * @ret f f(a,b,c,d)
  72. */
  73. static uint32_t sha1_f_40_59 ( struct sha1_variables *v ) {
  74. return ( ( v->b & v->c ) | ( v->b & v->d ) | ( v->c & v->d ) );
  75. }
  76. /** An SHA-1 step function */
  77. struct sha1_step {
  78. /**
  79. * Calculate f(a,b,c,d)
  80. *
  81. * @v v SHA-1 variables
  82. * @ret f f(a,b,c,d)
  83. */
  84. uint32_t ( * f ) ( struct sha1_variables *v );
  85. /** Constant k */
  86. uint32_t k;
  87. };
  88. /** SHA-1 steps */
  89. static struct sha1_step sha1_steps[4] = {
  90. /** 0 to 19 */
  91. { .f = sha1_f_0_19, .k = 0x5a827999 },
  92. /** 20 to 39 */
  93. { .f = sha1_f_20_39_60_79, .k = 0x6ed9eba1 },
  94. /** 40 to 59 */
  95. { .f = sha1_f_40_59, .k = 0x8f1bbcdc },
  96. /** 60 to 79 */
  97. { .f = sha1_f_20_39_60_79, .k = 0xca62c1d6 },
  98. };
  99. /**
  100. * Initialise SHA-1 algorithm
  101. *
  102. * @v ctx SHA-1 context
  103. */
  104. static void sha1_init ( void *ctx ) {
  105. struct sha1_context *context = ctx;
  106. context->ddd.dd.digest.h[0] = cpu_to_be32 ( 0x67452301 );
  107. context->ddd.dd.digest.h[1] = cpu_to_be32 ( 0xefcdab89 );
  108. context->ddd.dd.digest.h[2] = cpu_to_be32 ( 0x98badcfe );
  109. context->ddd.dd.digest.h[3] = cpu_to_be32 ( 0x10325476 );
  110. context->ddd.dd.digest.h[4] = cpu_to_be32 ( 0xc3d2e1f0 );
  111. context->len = 0;
  112. }
  113. /**
  114. * Calculate SHA-1 digest of accumulated data
  115. *
  116. * @v context SHA-1 context
  117. */
  118. static void sha1_digest ( struct sha1_context *context ) {
  119. union {
  120. union sha1_digest_data_dwords ddd;
  121. struct sha1_variables v;
  122. } u;
  123. uint32_t *a = &u.v.a;
  124. uint32_t *b = &u.v.b;
  125. uint32_t *c = &u.v.c;
  126. uint32_t *d = &u.v.d;
  127. uint32_t *e = &u.v.e;
  128. uint32_t *w = u.v.w;
  129. uint32_t f;
  130. uint32_t k;
  131. uint32_t temp;
  132. struct sha1_step *step;
  133. unsigned int i;
  134. /* Sanity checks */
  135. assert ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 );
  136. linker_assert ( &u.ddd.dd.digest.h[0] == a, sha1_bad_layout );
  137. linker_assert ( &u.ddd.dd.digest.h[1] == b, sha1_bad_layout );
  138. linker_assert ( &u.ddd.dd.digest.h[2] == c, sha1_bad_layout );
  139. linker_assert ( &u.ddd.dd.digest.h[3] == d, sha1_bad_layout );
  140. linker_assert ( &u.ddd.dd.digest.h[4] == e, sha1_bad_layout );
  141. linker_assert ( &u.ddd.dd.data.dword[0] == w, sha1_bad_layout );
  142. DBGC ( context, "SHA1 digesting:\n" );
  143. DBGC_HDA ( context, 0, &context->ddd.dd.digest,
  144. sizeof ( context->ddd.dd.digest ) );
  145. DBGC_HDA ( context, context->len, &context->ddd.dd.data,
  146. sizeof ( context->ddd.dd.data ) );
  147. /* Convert h[0..4] to host-endian, and initialise a, b, c, d,
  148. * e, and w[0..15]
  149. */
  150. for ( i = 0 ; i < ( sizeof ( u.ddd.dword ) /
  151. sizeof ( u.ddd.dword[0] ) ) ; i++ ) {
  152. be32_to_cpus ( &context->ddd.dword[i] );
  153. u.ddd.dword[i] = context->ddd.dword[i];
  154. }
  155. /* Initialise w[16..79] */
  156. for ( i = 16 ; i < 80 ; i++ )
  157. w[i] = rol32 ( ( w[i-3] ^ w[i-8] ^ w[i-14] ^ w[i-16] ), 1 );
  158. /* Main loop */
  159. for ( i = 0 ; i < 80 ; i++ ) {
  160. step = &sha1_steps[ i / 20 ];
  161. f = step->f ( &u.v );
  162. k = step->k;
  163. temp = ( rol32 ( *a, 5 ) + f + *e + k + w[i] );
  164. *e = *d;
  165. *d = *c;
  166. *c = rol32 ( *b, 30 );
  167. *b = *a;
  168. *a = temp;
  169. DBGC2 ( context, "%2d : %08x %08x %08x %08x %08x\n",
  170. i, *a, *b, *c, *d, *e );
  171. }
  172. /* Add chunk to hash and convert back to big-endian */
  173. for ( i = 0 ; i < 5 ; i++ ) {
  174. context->ddd.dd.digest.h[i] =
  175. cpu_to_be32 ( context->ddd.dd.digest.h[i] +
  176. u.ddd.dd.digest.h[i] );
  177. }
  178. DBGC ( context, "SHA1 digested:\n" );
  179. DBGC_HDA ( context, 0, &context->ddd.dd.digest,
  180. sizeof ( context->ddd.dd.digest ) );
  181. }
  182. /**
  183. * Accumulate data with SHA-1 algorithm
  184. *
  185. * @v ctx SHA-1 context
  186. * @v data Data
  187. * @v len Length of data
  188. */
  189. static void sha1_update ( void *ctx, const void *data, size_t len ) {
  190. struct sha1_context *context = ctx;
  191. const uint8_t *byte = data;
  192. size_t offset;
  193. /* Accumulate data a byte at a time, performing the digest
  194. * whenever we fill the data buffer
  195. */
  196. while ( len-- ) {
  197. offset = ( context->len % sizeof ( context->ddd.dd.data ) );
  198. context->ddd.dd.data.byte[offset] = *(byte++);
  199. context->len++;
  200. if ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 )
  201. sha1_digest ( context );
  202. }
  203. }
  204. /**
  205. * Generate SHA-1 digest
  206. *
  207. * @v ctx SHA-1 context
  208. * @v out Output buffer
  209. */
  210. static void sha1_final ( void *ctx, void *out ) {
  211. struct sha1_context *context = ctx;
  212. uint64_t len_bits;
  213. uint8_t pad;
  214. /* Record length before pre-processing */
  215. len_bits = cpu_to_be64 ( ( ( uint64_t ) context->len ) * 8 );
  216. /* Pad with a single "1" bit followed by as many "0" bits as required */
  217. pad = 0x80;
  218. do {
  219. sha1_update ( ctx, &pad, sizeof ( pad ) );
  220. pad = 0x00;
  221. } while ( ( context->len % sizeof ( context->ddd.dd.data ) ) !=
  222. offsetof ( typeof ( context->ddd.dd.data ), final.len ) );
  223. /* Append length (in bits) */
  224. sha1_update ( ctx, &len_bits, sizeof ( len_bits ) );
  225. assert ( ( context->len % sizeof ( context->ddd.dd.data ) ) == 0 );
  226. /* Copy out final digest */
  227. memcpy ( out, &context->ddd.dd.digest,
  228. sizeof ( context->ddd.dd.digest ) );
  229. }
  230. /** SHA-1 algorithm */
  231. struct digest_algorithm sha1_algorithm = {
  232. .name = "sha1",
  233. .ctxsize = sizeof ( struct sha1_context ),
  234. .blocksize = sizeof ( union sha1_block ),
  235. .digestsize = sizeof ( struct sha1_digest ),
  236. .init = sha1_init,
  237. .update = sha1_update,
  238. .final = sha1_final,
  239. };
  240. /** "sha1" object identifier */
  241. static uint8_t oid_sha1[] = { ASN1_OID_SHA1 };
  242. /** "sha1" OID-identified algorithm */
  243. struct asn1_algorithm oid_sha1_algorithm __asn1_algorithm = {
  244. .name = "sha1",
  245. .digest = &sha1_algorithm,
  246. .oid = ASN1_OID_CURSOR ( oid_sha1 ),
  247. };