search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
text
[RRG-proxmark3.git] / common / mbedtls / sha1.c
blobcfb302f5e0ff5134641e8c808cd28add076ca2d5
1 /*
2 * FIPS-180-1 compliant SHA-1 implementation
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19 /*
20 * The SHA-1 standard was published by NIST in 1993.
21 *
22 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
23 */
24
25 #include "common.h"
26
27 #if defined(MBEDTLS_SHA1_C)
28
29 #include "mbedtls/sha1.h"
30 #include "mbedtls/platform_util.h"
31 #include "mbedtls/error.h"
32
33 #include <string.h>
34
35 #if defined(MBEDTLS_SELF_TEST)
36 #if defined(MBEDTLS_PLATFORM_C)
37 #include "mbedtls/platform.h"
38 #else
39 #include <stdio.h>
40 #define mbedtls_printf printf
41 #endif /* MBEDTLS_PLATFORM_C */
42 #endif /* MBEDTLS_SELF_TEST */
43
44 #define SHA1_VALIDATE_RET(cond) \
45 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA )
46
47 #define SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
48
49 #if !defined(MBEDTLS_SHA1_ALT)
50
51 /*
52 * 32-bit integer manipulation macros (big endian)
53 */
54 #ifndef GET_UINT32_BE
55 #define GET_UINT32_BE(n,b,i) \
56 { \
57 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
58 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
59 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
60 | ( (uint32_t) (b)[(i) + 3] ); \
61 }
62 #endif
63
64 #ifndef PUT_UINT32_BE
65 #define PUT_UINT32_BE(n,b,i) \
66 { \
67 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
68 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
69 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
70 (b)[(i) + 3] = (unsigned char) ( (n) ); \
71 }
72 #endif
73
74 void mbedtls_sha1_init(mbedtls_sha1_context *ctx) {
75 SHA1_VALIDATE(ctx != NULL);
76
77 memset(ctx, 0, sizeof(mbedtls_sha1_context));
78 }
79
80 void mbedtls_sha1_free(mbedtls_sha1_context *ctx) {
81 if (ctx == NULL)
82 return;
83
84 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha1_context));
85 }
86
87 void mbedtls_sha1_clone(mbedtls_sha1_context *dst,
88 const mbedtls_sha1_context *src) {
89 SHA1_VALIDATE(dst != NULL);
90 SHA1_VALIDATE(src != NULL);
91
92 *dst = *src;
93 }
94
95 /*
96 * SHA-1 context setup
97 */
98 int mbedtls_sha1_starts_ret(mbedtls_sha1_context *ctx) {
99 SHA1_VALIDATE_RET(ctx != NULL);
100
101 ctx->total[0] = 0;
102 ctx->total[1] = 0;
103
104 ctx->state[0] = 0x67452301;
105 ctx->state[1] = 0xEFCDAB89;
106 ctx->state[2] = 0x98BADCFE;
107 ctx->state[3] = 0x10325476;
108 ctx->state[4] = 0xC3D2E1F0;
109
110 return (0);
111 }
112
113 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
114 void mbedtls_sha1_starts(mbedtls_sha1_context *ctx) {
115 mbedtls_sha1_starts_ret(ctx);
116 }
117 #endif
118
119 #if !defined(MBEDTLS_SHA1_PROCESS_ALT)
120 int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx,
121 const unsigned char data[64]) {
122 struct {
123 uint32_t temp, W[16], A, B, C, D, E;
124 } local;
125
126 SHA1_VALIDATE_RET(ctx != NULL);
127 SHA1_VALIDATE_RET((const unsigned char *)data != NULL);
128
129 GET_UINT32_BE(local.W[ 0], data, 0);
130 GET_UINT32_BE(local.W[ 1], data, 4);
131 GET_UINT32_BE(local.W[ 2], data, 8);
132 GET_UINT32_BE(local.W[ 3], data, 12);
133 GET_UINT32_BE(local.W[ 4], data, 16);
134 GET_UINT32_BE(local.W[ 5], data, 20);
135 GET_UINT32_BE(local.W[ 6], data, 24);
136 GET_UINT32_BE(local.W[ 7], data, 28);
137 GET_UINT32_BE(local.W[ 8], data, 32);
138 GET_UINT32_BE(local.W[ 9], data, 36);
139 GET_UINT32_BE(local.W[10], data, 40);
140 GET_UINT32_BE(local.W[11], data, 44);
141 GET_UINT32_BE(local.W[12], data, 48);
142 GET_UINT32_BE(local.W[13], data, 52);
143 GET_UINT32_BE(local.W[14], data, 56);
144 GET_UINT32_BE(local.W[15], data, 60);
145
146 #define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
147
148 #define R(t) \
149 ( \
150 local.temp = local.W[( (t) - 3 ) & 0x0F] ^ \
151 local.W[( (t) - 8 ) & 0x0F] ^ \
152 local.W[( (t) - 14 ) & 0x0F] ^ \
153 local.W[ (t) & 0x0F], \
154 ( local.W[(t) & 0x0F] = S(local.temp,1) ) \
155 )
156
157 #define P(a,b,c,d,e,x) \
158 do \
159 { \
160 (e) += S((a),5) + F((b),(c),(d)) + K + (x); \
161 (b) = S((b),30); \
162 } while( 0 )
163
164 local.A = ctx->state[0];
165 local.B = ctx->state[1];
166 local.C = ctx->state[2];
167 local.D = ctx->state[3];
168 local.E = ctx->state[4];
169
170 #define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
171 #define K 0x5A827999
172
173 P(local.A, local.B, local.C, local.D, local.E, local.W[0]);
174 P(local.E, local.A, local.B, local.C, local.D, local.W[1]);
175 P(local.D, local.E, local.A, local.B, local.C, local.W[2]);
176 P(local.C, local.D, local.E, local.A, local.B, local.W[3]);
177 P(local.B, local.C, local.D, local.E, local.A, local.W[4]);
178 P(local.A, local.B, local.C, local.D, local.E, local.W[5]);
179 P(local.E, local.A, local.B, local.C, local.D, local.W[6]);
180 P(local.D, local.E, local.A, local.B, local.C, local.W[7]);
181 P(local.C, local.D, local.E, local.A, local.B, local.W[8]);
182 P(local.B, local.C, local.D, local.E, local.A, local.W[9]);
183 P(local.A, local.B, local.C, local.D, local.E, local.W[10]);
184 P(local.E, local.A, local.B, local.C, local.D, local.W[11]);
185 P(local.D, local.E, local.A, local.B, local.C, local.W[12]);
186 P(local.C, local.D, local.E, local.A, local.B, local.W[13]);
187 P(local.B, local.C, local.D, local.E, local.A, local.W[14]);
188 P(local.A, local.B, local.C, local.D, local.E, local.W[15]);
189 P(local.E, local.A, local.B, local.C, local.D, R(16));
190 P(local.D, local.E, local.A, local.B, local.C, R(17));
191 P(local.C, local.D, local.E, local.A, local.B, R(18));
192 P(local.B, local.C, local.D, local.E, local.A, R(19));
193
194 #undef K
195 #undef F
196
197 #define F(x,y,z) ((x) ^ (y) ^ (z))
198 #define K 0x6ED9EBA1
199
200 P(local.A, local.B, local.C, local.D, local.E, R(20));
201 P(local.E, local.A, local.B, local.C, local.D, R(21));
202 P(local.D, local.E, local.A, local.B, local.C, R(22));
203 P(local.C, local.D, local.E, local.A, local.B, R(23));
204 P(local.B, local.C, local.D, local.E, local.A, R(24));
205 P(local.A, local.B, local.C, local.D, local.E, R(25));
206 P(local.E, local.A, local.B, local.C, local.D, R(26));
207 P(local.D, local.E, local.A, local.B, local.C, R(27));
208 P(local.C, local.D, local.E, local.A, local.B, R(28));
209 P(local.B, local.C, local.D, local.E, local.A, R(29));
210 P(local.A, local.B, local.C, local.D, local.E, R(30));
211 P(local.E, local.A, local.B, local.C, local.D, R(31));
212 P(local.D, local.E, local.A, local.B, local.C, R(32));
213 P(local.C, local.D, local.E, local.A, local.B, R(33));
214 P(local.B, local.C, local.D, local.E, local.A, R(34));
215 P(local.A, local.B, local.C, local.D, local.E, R(35));
216 P(local.E, local.A, local.B, local.C, local.D, R(36));
217 P(local.D, local.E, local.A, local.B, local.C, R(37));
218 P(local.C, local.D, local.E, local.A, local.B, R(38));
219 P(local.B, local.C, local.D, local.E, local.A, R(39));
220
221 #undef K
222 #undef F
223
224 #define F(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
225 #define K 0x8F1BBCDC
226
227 P(local.A, local.B, local.C, local.D, local.E, R(40));
228 P(local.E, local.A, local.B, local.C, local.D, R(41));
229 P(local.D, local.E, local.A, local.B, local.C, R(42));
230 P(local.C, local.D, local.E, local.A, local.B, R(43));
231 P(local.B, local.C, local.D, local.E, local.A, R(44));
232 P(local.A, local.B, local.C, local.D, local.E, R(45));
233 P(local.E, local.A, local.B, local.C, local.D, R(46));
234 P(local.D, local.E, local.A, local.B, local.C, R(47));
235 P(local.C, local.D, local.E, local.A, local.B, R(48));
236 P(local.B, local.C, local.D, local.E, local.A, R(49));
237 P(local.A, local.B, local.C, local.D, local.E, R(50));
238 P(local.E, local.A, local.B, local.C, local.D, R(51));
239 P(local.D, local.E, local.A, local.B, local.C, R(52));
240 P(local.C, local.D, local.E, local.A, local.B, R(53));
241 P(local.B, local.C, local.D, local.E, local.A, R(54));
242 P(local.A, local.B, local.C, local.D, local.E, R(55));
243 P(local.E, local.A, local.B, local.C, local.D, R(56));
244 P(local.D, local.E, local.A, local.B, local.C, R(57));
245 P(local.C, local.D, local.E, local.A, local.B, R(58));
246 P(local.B, local.C, local.D, local.E, local.A, R(59));
247
248 #undef K
249 #undef F
250
251 #define F(x,y,z) ((x) ^ (y) ^ (z))
252 #define K 0xCA62C1D6
253
254 P(local.A, local.B, local.C, local.D, local.E, R(60));
255 P(local.E, local.A, local.B, local.C, local.D, R(61));
256 P(local.D, local.E, local.A, local.B, local.C, R(62));
257 P(local.C, local.D, local.E, local.A, local.B, R(63));
258 P(local.B, local.C, local.D, local.E, local.A, R(64));
259 P(local.A, local.B, local.C, local.D, local.E, R(65));
260 P(local.E, local.A, local.B, local.C, local.D, R(66));
261 P(local.D, local.E, local.A, local.B, local.C, R(67));
262 P(local.C, local.D, local.E, local.A, local.B, R(68));
263 P(local.B, local.C, local.D, local.E, local.A, R(69));
264 P(local.A, local.B, local.C, local.D, local.E, R(70));
265 P(local.E, local.A, local.B, local.C, local.D, R(71));
266 P(local.D, local.E, local.A, local.B, local.C, R(72));
267 P(local.C, local.D, local.E, local.A, local.B, R(73));
268 P(local.B, local.C, local.D, local.E, local.A, R(74));
269 P(local.A, local.B, local.C, local.D, local.E, R(75));
270 P(local.E, local.A, local.B, local.C, local.D, R(76));
271 P(local.D, local.E, local.A, local.B, local.C, R(77));
272 P(local.C, local.D, local.E, local.A, local.B, R(78));
273 P(local.B, local.C, local.D, local.E, local.A, R(79));
274
275 #undef K
276 #undef F
277
278 ctx->state[0] += local.A;
279 ctx->state[1] += local.B;
280 ctx->state[2] += local.C;
281 ctx->state[3] += local.D;
282 ctx->state[4] += local.E;
283
284 /* Zeroise buffers and variables to clear sensitive data from memory. */
285 mbedtls_platform_zeroize(&local, sizeof(local));
286
287 return (0);
288 }
289
290 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
291 void mbedtls_sha1_process(mbedtls_sha1_context *ctx,
292 const unsigned char data[64]) {
293 mbedtls_internal_sha1_process(ctx, data);
294 }
295 #endif
296 #endif /* !MBEDTLS_SHA1_PROCESS_ALT */
297
298 /*
299 * SHA-1 process buffer
300 */
301 int mbedtls_sha1_update_ret(mbedtls_sha1_context *ctx,
302 const unsigned char *input,
303 size_t ilen) {
304 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
305 size_t fill;
306 uint32_t left;
307
308 SHA1_VALIDATE_RET(ctx != NULL);
309 SHA1_VALIDATE_RET(ilen == 0 || input != NULL);
310
311 if (ilen == 0)
312 return (0);
313
314 left = ctx->total[0] & 0x3F;
315 fill = 64 - left;
316
317 ctx->total[0] += (uint32_t) ilen;
318 ctx->total[0] &= 0xFFFFFFFF;
319
320 if (ctx->total[0] < (uint32_t) ilen)
321 ctx->total[1]++;
322
323 if (left && ilen >= fill) {
324 memcpy((void *)(ctx->buffer + left), input, fill);
325
326 if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0)
327 return (ret);
328
329 input += fill;
330 ilen -= fill;
331 left = 0;
332 }
333
334 while (ilen >= 64) {
335 if ((ret = mbedtls_internal_sha1_process(ctx, input)) != 0)
336 return (ret);
337
338 input += 64;
339 ilen -= 64;
340 }
341
342 if (ilen > 0)
343 memcpy((void *)(ctx->buffer + left), input, ilen);
344
345 return (0);
346 }
347
348 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
349 void mbedtls_sha1_update(mbedtls_sha1_context *ctx,
350 const unsigned char *input,
351 size_t ilen) {
352 mbedtls_sha1_update_ret(ctx, input, ilen);
353 }
354 #endif
355
356 /*
357 * SHA-1 final digest
358 */
359 int mbedtls_sha1_finish_ret(mbedtls_sha1_context *ctx,
360 unsigned char output[20]) {
361 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
362 uint32_t used;
363 uint32_t high, low;
364
365 SHA1_VALIDATE_RET(ctx != NULL);
366 SHA1_VALIDATE_RET((unsigned char *)output != NULL);
367
368 /*
369 * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
370 */
371 used = ctx->total[0] & 0x3F;
372
373 ctx->buffer[used++] = 0x80;
374
375 if (used <= 56) {
376 /* Enough room for padding + length in current block */
377 memset(ctx->buffer + used, 0, 56 - used);
378 } else {
379 /* We'll need an extra block */
380 memset(ctx->buffer + used, 0, 64 - used);
381
382 if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0)
383 return (ret);
384
385 memset(ctx->buffer, 0, 56);
386 }
387
388 /*
389 * Add message length
390 */
391 high = (ctx->total[0] >> 29)
392 | (ctx->total[1] << 3);
393 low = (ctx->total[0] << 3);
394
395 PUT_UINT32_BE(high, ctx->buffer, 56);
396 PUT_UINT32_BE(low, ctx->buffer, 60);
397
398 if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0)
399 return (ret);
400
401 /*
402 * Output final state
403 */
404 PUT_UINT32_BE(ctx->state[0], output, 0);
405 PUT_UINT32_BE(ctx->state[1], output, 4);
406 PUT_UINT32_BE(ctx->state[2], output, 8);
407 PUT_UINT32_BE(ctx->state[3], output, 12);
408 PUT_UINT32_BE(ctx->state[4], output, 16);
409
410 return (0);
411 }
412
413 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
414 void mbedtls_sha1_finish(mbedtls_sha1_context *ctx,
415 unsigned char output[20]) {
416 mbedtls_sha1_finish_ret(ctx, output);
417 }
418 #endif
419
420 #endif /* !MBEDTLS_SHA1_ALT */
421
422 /*
423 * output = SHA-1( input buffer )
424 */
425 int mbedtls_sha1_ret(const unsigned char *input,
426 size_t ilen,
427 unsigned char output[20]) {
428 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
429 mbedtls_sha1_context ctx;
430
431 SHA1_VALIDATE_RET(ilen == 0 || input != NULL);
432 SHA1_VALIDATE_RET((unsigned char *)output != NULL);
433
434 mbedtls_sha1_init(&ctx);
435
436 if ((ret = mbedtls_sha1_starts_ret(&ctx)) != 0)
437 goto exit;
438
439 if ((ret = mbedtls_sha1_update_ret(&ctx, input, ilen)) != 0)
440 goto exit;
441
442 if ((ret = mbedtls_sha1_finish_ret(&ctx, output)) != 0)
443 goto exit;
444
445 exit:
446 mbedtls_sha1_free(&ctx);
447
448 return (ret);
449 }
450
451 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
452 void mbedtls_sha1(const unsigned char *input,
453 size_t ilen,
454 unsigned char output[20]) {
455 mbedtls_sha1_ret(input, ilen, output);
456 }
457 #endif
458
459 #if defined(MBEDTLS_SELF_TEST)
460 /*
461 * FIPS-180-1 test vectors
462 */
463 static const unsigned char sha1_test_buf[3][57] = {
464 { "abc" },
465 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
466 { "" }
467 };
468
469 static const size_t sha1_test_buflen[3] = {
470 3, 56, 1000
471 };
472
473 static const unsigned char sha1_test_sum[3][20] = {
474 {
475 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
476 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D
477 },
478 {
479 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
480 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1
481 },
482 {
483 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
484 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F
485 }
486 };
487
488 /*
489 * Checkup routine
490 */
491 int mbedtls_sha1_self_test(int verbose) {
492 int i, j, buflen, ret = 0;
493 unsigned char buf[1024];
494 unsigned char sha1sum[20];
495 mbedtls_sha1_context ctx;
496
497 mbedtls_sha1_init(&ctx);
498
499 /*
500 * SHA-1
501 */
502 for (i = 0; i < 3; i++) {
503 if (verbose != 0)
504 mbedtls_printf(" SHA-1 test #%d: ", i + 1);
505
506 if ((ret = mbedtls_sha1_starts_ret(&ctx)) != 0)
507 goto fail;
508
509 if (i == 2) {
510 memset(buf, 'a', buflen = 1000);
511
512 for (j = 0; j < 1000; j++) {
513 ret = mbedtls_sha1_update_ret(&ctx, buf, buflen);
514 if (ret != 0)
515 goto fail;
516 }
517 } else {
518 ret = mbedtls_sha1_update_ret(&ctx, sha1_test_buf[i],
519 sha1_test_buflen[i]);
520 if (ret != 0)
521 goto fail;
522 }
523
524 if ((ret = mbedtls_sha1_finish_ret(&ctx, sha1sum)) != 0)
525 goto fail;
526
527 if (memcmp(sha1sum, sha1_test_sum[i], 20) != 0) {
528 ret = 1;
529 goto fail;
530 }
531
532 if (verbose != 0)
533 mbedtls_printf("passed\n");
534 }
535
536 if (verbose != 0)
537 mbedtls_printf("\n");
538
539 goto exit;
540
541 fail:
542 if (verbose != 0)
543 mbedtls_printf("failed\n");
544
545 exit:
546 mbedtls_sha1_free(&ctx);
547
548 return (ret);
549 }
550
551 #endif /* MBEDTLS_SELF_TEST */
552
553 #endif /* MBEDTLS_SHA1_C */
Proxmark3 - the RFID research Swiss army knife. Iceman firmware