reactos/dll/3rdparty/mbedtls/sha1.c

   1 /*
   2  *  FIPS-180-1 compliant SHA-1 implementation
   3  *
   4  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
   5  *  SPDX-License-Identifier: GPL-2.0
   6  *
   7  *  This program is free software; you can redistribute it and/or modify
   8  *  it under the terms of the GNU General Public License as published by
   9  *  the Free Software Foundation; either version 2 of the License, or
  10  *  (at your option) any later version.
  11  *
  12  *  This program is distributed in the hope that it will be useful,
  13  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  *  GNU General Public License for more details.
  16  *
  17  *  You should have received a copy of the GNU General Public License along
  18  *  with this program; if not, write to the Free Software Foundation, Inc.,
  19  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  *  This file is part of mbed TLS (https://tls.mbed.org)
  22  */
  23 /*
  24  *  The SHA-1 standard was published by NIST in 1993.
  25  *
  26  *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
  27  */
  28
  29 #if !defined(MBEDTLS_CONFIG_FILE)
  30 #include "mbedtls/config.h"
  31 #else
  32 #include MBEDTLS_CONFIG_FILE
  33 #endif
  34
  35 #if defined(MBEDTLS_SHA1_C)
  36
  37 #include "mbedtls/sha1.h"
  38
  39 #include <string.h>
  40
  41 #if defined(MBEDTLS_SELF_TEST)
  42 #if defined(MBEDTLS_PLATFORM_C)
  43 #include "mbedtls/platform.h"
  44 #else
  45 #include <stdio.h>
  46 #define mbedtls_printf printf
  47 #endif /* MBEDTLS_PLATFORM_C */
  48 #endif /* MBEDTLS_SELF_TEST */
  49
  50 #if !defined(MBEDTLS_SHA1_ALT)
  51
  52 /* Implementation that should never be optimized out by the compiler */
  53 static void mbedtls_zeroize( void *v, size_t n ) {
  54     volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
  55 }
  56
  57 /*
  58  * 32-bit integer manipulation macros (big endian)
  59  */
  60 #ifndef GET_UINT32_BE
  61 #define GET_UINT32_BE(n,b,i)                            \
  62 {                                                       \
  63     (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
  64         | ( (uint32_t) (b)[(i) + 1] << 16 )             \
  65         | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
  66         | ( (uint32_t) (b)[(i) + 3]       );            \
  67 }
  68 #endif
  69
  70 #ifndef PUT_UINT32_BE
  71 #define PUT_UINT32_BE(n,b,i)                            \
  72 {                                                       \
  73     (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
  74     (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
  75     (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
  76     (b)[(i) + 3] = (unsigned char) ( (n)       );       \
  77 }
  78 #endif
  79
  80 void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
  81 {
  82     memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
  83 }
  84
  85 void mbedtls_sha1_free( mbedtls_sha1_context *ctx )
  86 {
  87     if( ctx == NULL )
  88         return;
  89
  90     mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
  91 }
  92
  93 void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
  94                          const mbedtls_sha1_context *src )
  95 {
  96     *dst = *src;
  97 }
  98
  99 /*
 100  * SHA-1 context setup
 101  */
 102 void mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
 103 {
 104     ctx->total[0] = 0;
 105     ctx->total[1] = 0;
 106
 107     ctx->state[0] = 0x67452301;
 108     ctx->state[1] = 0xEFCDAB89;
 109     ctx->state[2] = 0x98BADCFE;
 110     ctx->state[3] = 0x10325476;
 111     ctx->state[4] = 0xC3D2E1F0;
 112 }
 113
 114 #if !defined(MBEDTLS_SHA1_PROCESS_ALT)
 115 void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] )
 116 {
 117     uint32_t temp, W[16], A, B, C, D, E;
 118
 119     GET_UINT32_BE( W[ 0], data,  0 );
 120     GET_UINT32_BE( W[ 1], data,  4 );
 121     GET_UINT32_BE( W[ 2], data,  8 );
 122     GET_UINT32_BE( W[ 3], data, 12 );
 123     GET_UINT32_BE( W[ 4], data, 16 );
 124     GET_UINT32_BE( W[ 5], data, 20 );
 125     GET_UINT32_BE( W[ 6], data, 24 );
 126     GET_UINT32_BE( W[ 7], data, 28 );
 127     GET_UINT32_BE( W[ 8], data, 32 );
 128     GET_UINT32_BE( W[ 9], data, 36 );
 129     GET_UINT32_BE( W[10], data, 40 );
 130     GET_UINT32_BE( W[11], data, 44 );
 131     GET_UINT32_BE( W[12], data, 48 );
 132     GET_UINT32_BE( W[13], data, 52 );
 133     GET_UINT32_BE( W[14], data, 56 );
 134     GET_UINT32_BE( W[15], data, 60 );
 135
 136 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
 137
 138 #define R(t)                                            \
 139 (                                                       \
 140     temp = W[( t -  3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \
 141            W[( t - 14 ) & 0x0F] ^ W[  t       & 0x0F],  \
 142     ( W[t & 0x0F] = S(temp,1) )                         \
 143 )
 144
 145 #define P(a,b,c,d,e,x)                                  \
 146 {                                                       \
 147     e += S(a,5) + F(b,c,d) + K + x; b = S(b,30);        \
 148 }
 149
 150     A = ctx->state[0];
 151     B = ctx->state[1];
 152     C = ctx->state[2];
 153     D = ctx->state[3];
 154     E = ctx->state[4];
 155
 156 #define F(x,y,z) (z ^ (x & (y ^ z)))
 157 #define K 0x5A827999
 158
 159     P( A, B, C, D, E, W[0]  );
 160     P( E, A, B, C, D, W[1]  );
 161     P( D, E, A, B, C, W[2]  );
 162     P( C, D, E, A, B, W[3]  );
 163     P( B, C, D, E, A, W[4]  );
 164     P( A, B, C, D, E, W[5]  );
 165     P( E, A, B, C, D, W[6]  );
 166     P( D, E, A, B, C, W[7]  );
 167     P( C, D, E, A, B, W[8]  );
 168     P( B, C, D, E, A, W[9]  );
 169     P( A, B, C, D, E, W[10] );
 170     P( E, A, B, C, D, W[11] );
 171     P( D, E, A, B, C, W[12] );
 172     P( C, D, E, A, B, W[13] );
 173     P( B, C, D, E, A, W[14] );
 174     P( A, B, C, D, E, W[15] );
 175     P( E, A, B, C, D, R(16) );
 176     P( D, E, A, B, C, R(17) );
 177     P( C, D, E, A, B, R(18) );
 178     P( B, C, D, E, A, R(19) );
 179
 180 #undef K
 181 #undef F
 182
 183 #define F(x,y,z) (x ^ y ^ z)
 184 #define K 0x6ED9EBA1
 185
 186     P( A, B, C, D, E, R(20) );
 187     P( E, A, B, C, D, R(21) );
 188     P( D, E, A, B, C, R(22) );
 189     P( C, D, E, A, B, R(23) );
 190     P( B, C, D, E, A, R(24) );
 191     P( A, B, C, D, E, R(25) );
 192     P( E, A, B, C, D, R(26) );
 193     P( D, E, A, B, C, R(27) );
 194     P( C, D, E, A, B, R(28) );
 195     P( B, C, D, E, A, R(29) );
 196     P( A, B, C, D, E, R(30) );
 197     P( E, A, B, C, D, R(31) );
 198     P( D, E, A, B, C, R(32) );
 199     P( C, D, E, A, B, R(33) );
 200     P( B, C, D, E, A, R(34) );
 201     P( A, B, C, D, E, R(35) );
 202     P( E, A, B, C, D, R(36) );
 203     P( D, E, A, B, C, R(37) );
 204     P( C, D, E, A, B, R(38) );
 205     P( B, C, D, E, A, R(39) );
 206
 207 #undef K
 208 #undef F
 209
 210 #define F(x,y,z) ((x & y) | (z & (x | y)))
 211 #define K 0x8F1BBCDC
 212
 213     P( A, B, C, D, E, R(40) );
 214     P( E, A, B, C, D, R(41) );
 215     P( D, E, A, B, C, R(42) );
 216     P( C, D, E, A, B, R(43) );
 217     P( B, C, D, E, A, R(44) );
 218     P( A, B, C, D, E, R(45) );
 219     P( E, A, B, C, D, R(46) );
 220     P( D, E, A, B, C, R(47) );
 221     P( C, D, E, A, B, R(48) );
 222     P( B, C, D, E, A, R(49) );
 223     P( A, B, C, D, E, R(50) );
 224     P( E, A, B, C, D, R(51) );
 225     P( D, E, A, B, C, R(52) );
 226     P( C, D, E, A, B, R(53) );
 227     P( B, C, D, E, A, R(54) );
 228     P( A, B, C, D, E, R(55) );
 229     P( E, A, B, C, D, R(56) );
 230     P( D, E, A, B, C, R(57) );
 231     P( C, D, E, A, B, R(58) );
 232     P( B, C, D, E, A, R(59) );
 233
 234 #undef K
 235 #undef F
 236
 237 #define F(x,y,z) (x ^ y ^ z)
 238 #define K 0xCA62C1D6
 239
 240     P( A, B, C, D, E, R(60) );
 241     P( E, A, B, C, D, R(61) );
 242     P( D, E, A, B, C, R(62) );
 243     P( C, D, E, A, B, R(63) );
 244     P( B, C, D, E, A, R(64) );
 245     P( A, B, C, D, E, R(65) );
 246     P( E, A, B, C, D, R(66) );
 247     P( D, E, A, B, C, R(67) );
 248     P( C, D, E, A, B, R(68) );
 249     P( B, C, D, E, A, R(69) );
 250     P( A, B, C, D, E, R(70) );
 251     P( E, A, B, C, D, R(71) );
 252     P( D, E, A, B, C, R(72) );
 253     P( C, D, E, A, B, R(73) );
 254     P( B, C, D, E, A, R(74) );
 255     P( A, B, C, D, E, R(75) );
 256     P( E, A, B, C, D, R(76) );
 257     P( D, E, A, B, C, R(77) );
 258     P( C, D, E, A, B, R(78) );
 259     P( B, C, D, E, A, R(79) );
 260
 261 #undef K
 262 #undef F
 263
 264     ctx->state[0] += A;
 265     ctx->state[1] += B;
 266     ctx->state[2] += C;
 267     ctx->state[3] += D;
 268     ctx->state[4] += E;
 269 }
 270 #endif /* !MBEDTLS_SHA1_PROCESS_ALT */
 271
 272 /*
 273  * SHA-1 process buffer
 274  */
 275 void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen )
 276 {
 277     size_t fill;
 278     uint32_t left;
 279
 280     if( ilen == 0 )
 281         return;
 282
 283     left = ctx->total[0] & 0x3F;
 284     fill = 64 - left;
 285
 286     ctx->total[0] += (uint32_t) ilen;
 287     ctx->total[0] &= 0xFFFFFFFF;
 288
 289     if( ctx->total[0] < (uint32_t) ilen )
 290         ctx->total[1]++;
 291
 292     if( left && ilen >= fill )
 293     {
 294         memcpy( (void *) (ctx->buffer + left), input, fill );
 295         mbedtls_sha1_process( ctx, ctx->buffer );
 296         input += fill;
 297         ilen  -= fill;
 298         left = 0;
 299     }
 300
 301     while( ilen >= 64 )
 302     {
 303         mbedtls_sha1_process( ctx, input );
 304         input += 64;
 305         ilen  -= 64;
 306     }
 307
 308     if( ilen > 0 )
 309         memcpy( (void *) (ctx->buffer + left), input, ilen );
 310 }
 311
 312 static const unsigned char sha1_padding[64] =
 313 {
 314  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 315     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 316     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 317     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
 318 };
 319
 320 /*
 321  * SHA-1 final digest
 322  */
 323 void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] )
 324 {
 325     uint32_t last, padn;
 326     uint32_t high, low;
 327     unsigned char msglen[8];
 328
 329     high = ( ctx->total[0] >> 29 )
 330          | ( ctx->total[1] <<  3 );
 331     low  = ( ctx->total[0] <<  3 );
 332
 333     PUT_UINT32_BE( high, msglen, 0 );
 334     PUT_UINT32_BE( low,  msglen, 4 );
 335
 336     last = ctx->total[0] & 0x3F;
 337     padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
 338
 339     mbedtls_sha1_update( ctx, sha1_padding, padn );
 340     mbedtls_sha1_update( ctx, msglen, 8 );
 341
 342     PUT_UINT32_BE( ctx->state[0], output,  0 );
 343     PUT_UINT32_BE( ctx->state[1], output,  4 );
 344     PUT_UINT32_BE( ctx->state[2], output,  8 );
 345     PUT_UINT32_BE( ctx->state[3], output, 12 );
 346     PUT_UINT32_BE( ctx->state[4], output, 16 );
 347 }
 348
 349 #endif /* !MBEDTLS_SHA1_ALT */
 350
 351 /*
 352  * output = SHA-1( input buffer )
 353  */
 354 void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
 355 {
 356     mbedtls_sha1_context ctx;
 357
 358     mbedtls_sha1_init( &ctx );
 359     mbedtls_sha1_starts( &ctx );
 360     mbedtls_sha1_update( &ctx, input, ilen );
 361     mbedtls_sha1_finish( &ctx, output );
 362     mbedtls_sha1_free( &ctx );
 363 }
 364
 365 #if defined(MBEDTLS_SELF_TEST)
 366 /*
 367  * FIPS-180-1 test vectors
 368  */
 369 static const unsigned char sha1_test_buf[3][57] =
 370 {
 371     { "abc" },
 372     { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
 373     { "" }
 374 };
 375
 376 static const int sha1_test_buflen[3] =
 377 {
 378     3, 56, 1000
 379 };
 380
 381 static const unsigned char sha1_test_sum[3][20] =
 382 {
 383     { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
 384       0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
 385     { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
 386       0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
 387     { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
 388       0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
 389 };
 390
 391 /*
 392  * Checkup routine
 393  */
 394 int mbedtls_sha1_self_test( int verbose )
 395 {
 396     int i, j, buflen, ret = 0;
 397     unsigned char buf[1024];
 398     unsigned char sha1sum[20];
 399     mbedtls_sha1_context ctx;
 400
 401     mbedtls_sha1_init( &ctx );
 402
 403     /*
 404      * SHA-1
 405      */
 406     for( i = 0; i < 3; i++ )
 407     {
 408         if( verbose != 0 )
 409             mbedtls_printf( "  SHA-1 test #%d: ", i + 1 );
 410
 411         mbedtls_sha1_starts( &ctx );
 412
 413         if( i == 2 )
 414         {
 415             memset( buf, 'a', buflen = 1000 );
 416
 417             for( j = 0; j < 1000; j++ )
 418                 mbedtls_sha1_update( &ctx, buf, buflen );
 419         }
 420         else
 421             mbedtls_sha1_update( &ctx, sha1_test_buf[i],
 422                                sha1_test_buflen[i] );
 423
 424         mbedtls_sha1_finish( &ctx, sha1sum );
 425
 426         if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
 427         {
 428             if( verbose != 0 )
 429                 mbedtls_printf( "failed\n" );
 430
 431             ret = 1;
 432             goto exit;
 433         }
 434
 435         if( verbose != 0 )
 436             mbedtls_printf( "passed\n" );
 437     }
 438
 439     if( verbose != 0 )
 440         mbedtls_printf( "\n" );
 441
 442 exit:
 443     mbedtls_sha1_free( &ctx );
 444
 445     return( ret );
 446 }
 447
 448 #endif /* MBEDTLS_SELF_TEST */
 449
 450 #endif /* MBEDTLS_SHA1_C */