The Pedigree Project  0.1
sha1.c
1 /*
2  * FIPS-180-1 compliant SHA-1 implementation
3  *
4  * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
5  *
6  * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
7  *
8  * All rights reserved.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  *
14  * * Redistributions of source code must retain the above copyright
15  * notice, this list of conditions and the following disclaimer.
16  * * Redistributions in binary form must reproduce the above copyright
17  * notice, this list of conditions and the following disclaimer in the
18  * documentation and/or other materials provided with the distribution.
19  * * Neither the names of PolarSSL or XySSL nor the names of its contributors
20  * may be used to endorse or promote products derived from this software
21  * without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
26  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35 /*
36  * The SHA-1 standard was published by NIST in 1993.
37  *
38  * http://www.itl.nist.gov/fipspubs/fip180-1.htm
39  */
40 
41 #include "netif/ppp/ppp_opts.h"
42 #if PPP_SUPPORT && LWIP_INCLUDED_POLARSSL_SHA1
43 
44 #include "netif/ppp/polarssl/sha1.h"
45 
46 #include <string.h>
47 
48 /*
49  * 32-bit integer manipulation macros (big endian)
50  */
51 #ifndef GET_ULONG_BE
52 #define GET_ULONG_BE(n,b,i) \
53 { \
54  (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
55  | ( (unsigned long) (b)[(i) + 1] << 16 ) \
56  | ( (unsigned long) (b)[(i) + 2] << 8 ) \
57  | ( (unsigned long) (b)[(i) + 3] ); \
58 }
59 #endif
60 
61 #ifndef PUT_ULONG_BE
62 #define PUT_ULONG_BE(n,b,i) \
63 { \
64  (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
65  (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
66  (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
67  (b)[(i) + 3] = (unsigned char) ( (n) ); \
68 }
69 #endif
70 
71 /*
72  * SHA-1 context setup
73  */
74 void sha1_starts( sha1_context *ctx )
75 {
76  ctx->total[0] = 0;
77  ctx->total[1] = 0;
78 
79  ctx->state[0] = 0x67452301;
80  ctx->state[1] = 0xEFCDAB89;
81  ctx->state[2] = 0x98BADCFE;
82  ctx->state[3] = 0x10325476;
83  ctx->state[4] = 0xC3D2E1F0;
84 }
85 
86 static void sha1_process( sha1_context *ctx, const unsigned char data[64] )
87 {
88  unsigned long temp, W[16], A, B, C, D, E;
89 
90  GET_ULONG_BE( W[ 0], data, 0 );
91  GET_ULONG_BE( W[ 1], data, 4 );
92  GET_ULONG_BE( W[ 2], data, 8 );
93  GET_ULONG_BE( W[ 3], data, 12 );
94  GET_ULONG_BE( W[ 4], data, 16 );
95  GET_ULONG_BE( W[ 5], data, 20 );
96  GET_ULONG_BE( W[ 6], data, 24 );
97  GET_ULONG_BE( W[ 7], data, 28 );
98  GET_ULONG_BE( W[ 8], data, 32 );
99  GET_ULONG_BE( W[ 9], data, 36 );
100  GET_ULONG_BE( W[10], data, 40 );
101  GET_ULONG_BE( W[11], data, 44 );
102  GET_ULONG_BE( W[12], data, 48 );
103  GET_ULONG_BE( W[13], data, 52 );
104  GET_ULONG_BE( W[14], data, 56 );
105  GET_ULONG_BE( W[15], data, 60 );
106 
107 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
108 
109 #define R(t) \
110 ( \
111  temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
112  W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
113  ( W[t & 0x0F] = S(temp,1) ) \
114 )
115 
116 #define P(a,b,c,d,e,x) \
117 { \
118  e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
119 }
120 
121  A = ctx->state[0];
122  B = ctx->state[1];
123  C = ctx->state[2];
124  D = ctx->state[3];
125  E = ctx->state[4];
126 
127 #define F(x,y,z) (z ^ (x & (y ^ z)))
128 #define K 0x5A827999
129 
130  P( A, B, C, D, E, W[0] );
131  P( E, A, B, C, D, W[1] );
132  P( D, E, A, B, C, W[2] );
133  P( C, D, E, A, B, W[3] );
134  P( B, C, D, E, A, W[4] );
135  P( A, B, C, D, E, W[5] );
136  P( E, A, B, C, D, W[6] );
137  P( D, E, A, B, C, W[7] );
138  P( C, D, E, A, B, W[8] );
139  P( B, C, D, E, A, W[9] );
140  P( A, B, C, D, E, W[10] );
141  P( E, A, B, C, D, W[11] );
142  P( D, E, A, B, C, W[12] );
143  P( C, D, E, A, B, W[13] );
144  P( B, C, D, E, A, W[14] );
145  P( A, B, C, D, E, W[15] );
146  P( E, A, B, C, D, R(16) );
147  P( D, E, A, B, C, R(17) );
148  P( C, D, E, A, B, R(18) );
149  P( B, C, D, E, A, R(19) );
150 
151 #undef K
152 #undef F
153 
154 #define F(x,y,z) (x ^ y ^ z)
155 #define K 0x6ED9EBA1
156 
157  P( A, B, C, D, E, R(20) );
158  P( E, A, B, C, D, R(21) );
159  P( D, E, A, B, C, R(22) );
160  P( C, D, E, A, B, R(23) );
161  P( B, C, D, E, A, R(24) );
162  P( A, B, C, D, E, R(25) );
163  P( E, A, B, C, D, R(26) );
164  P( D, E, A, B, C, R(27) );
165  P( C, D, E, A, B, R(28) );
166  P( B, C, D, E, A, R(29) );
167  P( A, B, C, D, E, R(30) );
168  P( E, A, B, C, D, R(31) );
169  P( D, E, A, B, C, R(32) );
170  P( C, D, E, A, B, R(33) );
171  P( B, C, D, E, A, R(34) );
172  P( A, B, C, D, E, R(35) );
173  P( E, A, B, C, D, R(36) );
174  P( D, E, A, B, C, R(37) );
175  P( C, D, E, A, B, R(38) );
176  P( B, C, D, E, A, R(39) );
177 
178 #undef K
179 #undef F
180 
181 #define F(x,y,z) ((x & y) | (z & (x | y)))
182 #define K 0x8F1BBCDC
183 
184  P( A, B, C, D, E, R(40) );
185  P( E, A, B, C, D, R(41) );
186  P( D, E, A, B, C, R(42) );
187  P( C, D, E, A, B, R(43) );
188  P( B, C, D, E, A, R(44) );
189  P( A, B, C, D, E, R(45) );
190  P( E, A, B, C, D, R(46) );
191  P( D, E, A, B, C, R(47) );
192  P( C, D, E, A, B, R(48) );
193  P( B, C, D, E, A, R(49) );
194  P( A, B, C, D, E, R(50) );
195  P( E, A, B, C, D, R(51) );
196  P( D, E, A, B, C, R(52) );
197  P( C, D, E, A, B, R(53) );
198  P( B, C, D, E, A, R(54) );
199  P( A, B, C, D, E, R(55) );
200  P( E, A, B, C, D, R(56) );
201  P( D, E, A, B, C, R(57) );
202  P( C, D, E, A, B, R(58) );
203  P( B, C, D, E, A, R(59) );
204 
205 #undef K
206 #undef F
207 
208 #define F(x,y,z) (x ^ y ^ z)
209 #define K 0xCA62C1D6
210 
211  P( A, B, C, D, E, R(60) );
212  P( E, A, B, C, D, R(61) );
213  P( D, E, A, B, C, R(62) );
214  P( C, D, E, A, B, R(63) );
215  P( B, C, D, E, A, R(64) );
216  P( A, B, C, D, E, R(65) );
217  P( E, A, B, C, D, R(66) );
218  P( D, E, A, B, C, R(67) );
219  P( C, D, E, A, B, R(68) );
220  P( B, C, D, E, A, R(69) );
221  P( A, B, C, D, E, R(70) );
222  P( E, A, B, C, D, R(71) );
223  P( D, E, A, B, C, R(72) );
224  P( C, D, E, A, B, R(73) );
225  P( B, C, D, E, A, R(74) );
226  P( A, B, C, D, E, R(75) );
227  P( E, A, B, C, D, R(76) );
228  P( D, E, A, B, C, R(77) );
229  P( C, D, E, A, B, R(78) );
230  P( B, C, D, E, A, R(79) );
231 
232 #undef K
233 #undef F
234 
235  ctx->state[0] += A;
236  ctx->state[1] += B;
237  ctx->state[2] += C;
238  ctx->state[3] += D;
239  ctx->state[4] += E;
240 }
241 
242 /*
243  * SHA-1 process buffer
244  */
245 void sha1_update( sha1_context *ctx, const unsigned char *input, int ilen )
246 {
247  int fill;
248  unsigned long left;
249 
250  if( ilen <= 0 )
251  return;
252 
253  left = ctx->total[0] & 0x3F;
254  fill = 64 - left;
255 
256  ctx->total[0] += ilen;
257  ctx->total[0] &= 0xFFFFFFFF;
258 
259  if( ctx->total[0] < (unsigned long) ilen )
260  ctx->total[1]++;
261 
262  if( left && ilen >= fill )
263  {
264  MEMCPY( (void *) (ctx->buffer + left),
265  input, fill );
266  sha1_process( ctx, ctx->buffer );
267  input += fill;
268  ilen -= fill;
269  left = 0;
270  }
271 
272  while( ilen >= 64 )
273  {
274  sha1_process( ctx, input );
275  input += 64;
276  ilen -= 64;
277  }
278 
279  if( ilen > 0 )
280  {
281  MEMCPY( (void *) (ctx->buffer + left),
282  input, ilen );
283  }
284 }
285 
286 static const unsigned char sha1_padding[64] =
287 {
288  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
289  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
290  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
291  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
292 };
293 
294 /*
295  * SHA-1 final digest
296  */
297 void sha1_finish( sha1_context *ctx, unsigned char output[20] )
298 {
299  unsigned long last, padn;
300  unsigned long high, low;
301  unsigned char msglen[8];
302 
303  high = ( ctx->total[0] >> 29 )
304  | ( ctx->total[1] << 3 );
305  low = ( ctx->total[0] << 3 );
306 
307  PUT_ULONG_BE( high, msglen, 0 );
308  PUT_ULONG_BE( low, msglen, 4 );
309 
310  last = ctx->total[0] & 0x3F;
311  padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
312 
313  sha1_update( ctx, sha1_padding, padn );
314  sha1_update( ctx, msglen, 8 );
315 
316  PUT_ULONG_BE( ctx->state[0], output, 0 );
317  PUT_ULONG_BE( ctx->state[1], output, 4 );
318  PUT_ULONG_BE( ctx->state[2], output, 8 );
319  PUT_ULONG_BE( ctx->state[3], output, 12 );
320  PUT_ULONG_BE( ctx->state[4], output, 16 );
321 }
322 
323 /*
324  * output = SHA-1( input buffer )
325  */
326 void sha1( unsigned char *input, int ilen, unsigned char output[20] )
327 {
328  sha1_context ctx;
329 
330  sha1_starts( &ctx );
331  sha1_update( &ctx, input, ilen );
332  sha1_finish( &ctx, output );
333 }
334 
335 #endif /* PPP_SUPPORT && LWIP_INCLUDED_POLARSSL_SHA1 */
Generated on Fri Jan 24 2020 06:46:15 for The Pedigree Project by   doxygen 1.8.11