Blame - library/sha1.c - mirror/mbed-tls - TrustedFirmware Git Browser

blob: 0e5e35d548e9b8c7c5983dc6eac82c135136ed63 [file] [log] [blame]

Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1	/*
				2	* FIPS-180-1 compliant SHA-1 implementation
				3	*
Bence Szépkúti	1e14827	2020-08-07 13:07:28 +0200	[diff] [blame]	4	* Copyright The Mbed TLS Contributors
Manuel Pégourié-Gonnard	37ff140	2015-09-04 14:21:07 +0200	[diff] [blame]	5	* SPDX-License-Identifier: Apache-2.0
				6	*
				7	* Licensed under the Apache License, Version 2.0 (the "License"); you may
				8	* not use this file except in compliance with the License.
				9	* You may obtain a copy of the License at
				10	*
				11	* http://www.apache.org/licenses/LICENSE-2.0
				12	*
				13	* Unless required by applicable law or agreed to in writing, software
				14	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				15	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				16	* See the License for the specific language governing permissions and
				17	* limitations under the License.
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	18	*/
				19	/*
				20	* The SHA-1 standard was published by NIST in 1993.
				21	*
				22	* http://www.itl.nist.gov/fipspubs/fip180-1.htm
				23	*/
				24
Gilles Peskine	db09ef6	2020-06-03 01:43:33 +0200	[diff] [blame]	25	#include "common.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	26
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	27	#if defined(MBEDTLS_SHA1_C)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	28
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	29	# include "mbedtls/sha1.h"
				30	# include "mbedtls/platform_util.h"
				31	# include "mbedtls/error.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	32
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	33	# include <string.h>
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	34
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	35	# if defined(MBEDTLS_SELF_TEST)
				36	# if defined(MBEDTLS_PLATFORM_C)
				37	# include "mbedtls/platform.h"
				38	# else
				39	# include <stdio.h>
				40	# define mbedtls_printf printf
				41	# endif /* MBEDTLS_PLATFORM_C */
				42	# endif /* MBEDTLS_SELF_TEST */
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	43
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	44	# define SHA1_VALIDATE_RET(cond) \
				45	MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA)
Hanno Becker	b3c7023	2018-12-20 10:18:05 +0000	[diff] [blame]	46
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	47	# define SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE(cond)
Hanno Becker	b3c7023	2018-12-20 10:18:05 +0000	[diff] [blame]	48
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	49	# if !defined(MBEDTLS_SHA1_ALT)
Manuel Pégourié-Gonnard	8b2641d	2015-08-27 20:03:46 +0200	[diff] [blame]	50
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	51	/*
				52	* 32-bit integer manipulation macros (big endian)
				53	*/
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	54	# ifndef GET_UINT32_BE
				55	# define GET_UINT32_BE(n, b, i) \
				56	{ \
				57	(n) = ((uint32_t)(b)[(i)] << 24) \| \
				58	((uint32_t)(b)[(i) + 1] << 16) \| \
				59	((uint32_t)(b)[(i) + 2] << 8) \| \
				60	((uint32_t)(b)[(i) + 3]); \
				61	}
				62	# endif
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	63
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	64	# ifndef PUT_UINT32_BE
				65	# define PUT_UINT32_BE(n, b, i) \
				66	{ \
				67	(b)[(i)] = (unsigned char)((n) >> 24); \
				68	(b)[(i) + 1] = (unsigned char)((n) >> 16); \
				69	(b)[(i) + 2] = (unsigned char)((n) >> 8); \
				70	(b)[(i) + 3] = (unsigned char)((n)); \
				71	}
				72	# endif
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	73
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	74	void mbedtls_sha1_init(mbedtls_sha1_context *ctx)
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	75	{
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	76	SHA1_VALIDATE(ctx != NULL);
Andres Amaya Garcia	f7c43b3	2018-12-09 19:12:19 +0000	[diff] [blame]	77
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	78	memset(ctx, 0, sizeof(mbedtls_sha1_context));
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	79	}
				80
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	81	void mbedtls_sha1_free(mbedtls_sha1_context *ctx)
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	82	{
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	83	if (ctx == NULL)
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	84	return;
				85
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	86	mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha1_context));
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	87	}
				88
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	89	void mbedtls_sha1_clone(mbedtls_sha1_context *dst,
				90	const mbedtls_sha1_context *src)
Manuel Pégourié-Gonnard	16d412f	2015-07-06 15:26:26 +0200	[diff] [blame]	91	{
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	92	SHA1_VALIDATE(dst != NULL);
				93	SHA1_VALIDATE(src != NULL);
Andres Amaya Garcia	f7c43b3	2018-12-09 19:12:19 +0000	[diff] [blame]	94
Manuel Pégourié-Gonnard	16d412f	2015-07-06 15:26:26 +0200	[diff] [blame]	95	dst = src;
				96	}
				97
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	98	/*
				99	* SHA-1 context setup
				100	*/
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	101	int mbedtls_sha1_starts(mbedtls_sha1_context *ctx)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	102	{
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	103	SHA1_VALIDATE_RET(ctx != NULL);
Andres Amaya Garcia	f7c43b3	2018-12-09 19:12:19 +0000	[diff] [blame]	104
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	105	ctx->total[0] = 0;
				106	ctx->total[1] = 0;
				107
				108	ctx->state[0] = 0x67452301;
				109	ctx->state[1] = 0xEFCDAB89;
				110	ctx->state[2] = 0x98BADCFE;
				111	ctx->state[3] = 0x10325476;
				112	ctx->state[4] = 0xC3D2E1F0;
Andres Amaya Garcia	034ea7e	2017-04-28 15:14:50 +0100	[diff] [blame]	113
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	114	return 0;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	115	}
				116
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	117	# if !defined(MBEDTLS_SHA1_PROCESS_ALT)
				118	int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx,
				119	const unsigned char data[64])
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	120	{
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	121	struct {
gabor-mezei-arm	4cb56f8	2020-08-25 19:12:01 +0200	[diff] [blame]	122	uint32_t temp, W[16], A, B, C, D, E;
				123	} local;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	124
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	125	SHA1_VALIDATE_RET(ctx != NULL);
				126	SHA1_VALIDATE_RET((const unsigned char *)data != NULL);
Andres Amaya Garcia	f7c43b3	2018-12-09 19:12:19 +0000	[diff] [blame]	127
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	128	GET_UINT32_BE(local.W[0], data, 0);
				129	GET_UINT32_BE(local.W[1], data, 4);
				130	GET_UINT32_BE(local.W[2], data, 8);
				131	GET_UINT32_BE(local.W[3], data, 12);
				132	GET_UINT32_BE(local.W[4], data, 16);
				133	GET_UINT32_BE(local.W[5], data, 20);
				134	GET_UINT32_BE(local.W[6], data, 24);
				135	GET_UINT32_BE(local.W[7], data, 28);
				136	GET_UINT32_BE(local.W[8], data, 32);
				137	GET_UINT32_BE(local.W[9], data, 36);
				138	GET_UINT32_BE(local.W[10], data, 40);
				139	GET_UINT32_BE(local.W[11], data, 44);
				140	GET_UINT32_BE(local.W[12], data, 48);
				141	GET_UINT32_BE(local.W[13], data, 52);
				142	GET_UINT32_BE(local.W[14], data, 56);
				143	GET_UINT32_BE(local.W[15], data, 60);
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	144
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	145	# define S(x, n) (((x) << (n)) \| (((x)&0xFFFFFFFF) >> (32 - (n))))
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	146
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	147	# define R(t) \
				148	(local.temp = local.W[((t)-3) & 0x0F] ^ \
				149	local.W[((t)-8) & 0x0F] ^ \
				150	local.W[((t)-14) & 0x0F] ^ local.W[(t)&0x0F], \
				151	(local.W[(t)&0x0F] = S(local.temp, 1)))
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	152
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	153	# define P(a, b, c, d, e, x) \
				154	do { \
				155	(e) += S((a), 5) + F((b), (c), (d)) + K + (x); \
				156	(b) = S((b), 30); \
				157	} while (0)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	158
gabor-mezei-arm	4cb56f8	2020-08-25 19:12:01 +0200	[diff] [blame]	159	local.A = ctx->state[0];
				160	local.B = ctx->state[1];
				161	local.C = ctx->state[2];
				162	local.D = ctx->state[3];
				163	local.E = ctx->state[4];
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	164
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	165	# define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
				166	# define K 0x5A827999
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	167
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	168	P(local.A, local.B, local.C, local.D, local.E, local.W[0]);
				169	P(local.E, local.A, local.B, local.C, local.D, local.W[1]);
				170	P(local.D, local.E, local.A, local.B, local.C, local.W[2]);
				171	P(local.C, local.D, local.E, local.A, local.B, local.W[3]);
				172	P(local.B, local.C, local.D, local.E, local.A, local.W[4]);
				173	P(local.A, local.B, local.C, local.D, local.E, local.W[5]);
				174	P(local.E, local.A, local.B, local.C, local.D, local.W[6]);
				175	P(local.D, local.E, local.A, local.B, local.C, local.W[7]);
				176	P(local.C, local.D, local.E, local.A, local.B, local.W[8]);
				177	P(local.B, local.C, local.D, local.E, local.A, local.W[9]);
				178	P(local.A, local.B, local.C, local.D, local.E, local.W[10]);
				179	P(local.E, local.A, local.B, local.C, local.D, local.W[11]);
				180	P(local.D, local.E, local.A, local.B, local.C, local.W[12]);
				181	P(local.C, local.D, local.E, local.A, local.B, local.W[13]);
				182	P(local.B, local.C, local.D, local.E, local.A, local.W[14]);
				183	P(local.A, local.B, local.C, local.D, local.E, local.W[15]);
				184	P(local.E, local.A, local.B, local.C, local.D, R(16));
				185	P(local.D, local.E, local.A, local.B, local.C, R(17));
				186	P(local.C, local.D, local.E, local.A, local.B, R(18));
				187	P(local.B, local.C, local.D, local.E, local.A, R(19));
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	188
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	189	# undef K
				190	# undef F
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	191
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	192	# define F(x, y, z) ((x) ^ (y) ^ (z))
				193	# define K 0x6ED9EBA1
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	194
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	195	P(local.A, local.B, local.C, local.D, local.E, R(20));
				196	P(local.E, local.A, local.B, local.C, local.D, R(21));
				197	P(local.D, local.E, local.A, local.B, local.C, R(22));
				198	P(local.C, local.D, local.E, local.A, local.B, R(23));
				199	P(local.B, local.C, local.D, local.E, local.A, R(24));
				200	P(local.A, local.B, local.C, local.D, local.E, R(25));
				201	P(local.E, local.A, local.B, local.C, local.D, R(26));
				202	P(local.D, local.E, local.A, local.B, local.C, R(27));
				203	P(local.C, local.D, local.E, local.A, local.B, R(28));
				204	P(local.B, local.C, local.D, local.E, local.A, R(29));
				205	P(local.A, local.B, local.C, local.D, local.E, R(30));
				206	P(local.E, local.A, local.B, local.C, local.D, R(31));
				207	P(local.D, local.E, local.A, local.B, local.C, R(32));
				208	P(local.C, local.D, local.E, local.A, local.B, R(33));
				209	P(local.B, local.C, local.D, local.E, local.A, R(34));
				210	P(local.A, local.B, local.C, local.D, local.E, R(35));
				211	P(local.E, local.A, local.B, local.C, local.D, R(36));
				212	P(local.D, local.E, local.A, local.B, local.C, R(37));
				213	P(local.C, local.D, local.E, local.A, local.B, R(38));
				214	P(local.B, local.C, local.D, local.E, local.A, R(39));
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	215
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	216	# undef K
				217	# undef F
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	218
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	219	# define F(x, y, z) (((x) & (y)) \| ((z) & ((x) \| (y))))
				220	# define K 0x8F1BBCDC
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	221
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	222	P(local.A, local.B, local.C, local.D, local.E, R(40));
				223	P(local.E, local.A, local.B, local.C, local.D, R(41));
				224	P(local.D, local.E, local.A, local.B, local.C, R(42));
				225	P(local.C, local.D, local.E, local.A, local.B, R(43));
				226	P(local.B, local.C, local.D, local.E, local.A, R(44));
				227	P(local.A, local.B, local.C, local.D, local.E, R(45));
				228	P(local.E, local.A, local.B, local.C, local.D, R(46));
				229	P(local.D, local.E, local.A, local.B, local.C, R(47));
				230	P(local.C, local.D, local.E, local.A, local.B, R(48));
				231	P(local.B, local.C, local.D, local.E, local.A, R(49));
				232	P(local.A, local.B, local.C, local.D, local.E, R(50));
				233	P(local.E, local.A, local.B, local.C, local.D, R(51));
				234	P(local.D, local.E, local.A, local.B, local.C, R(52));
				235	P(local.C, local.D, local.E, local.A, local.B, R(53));
				236	P(local.B, local.C, local.D, local.E, local.A, R(54));
				237	P(local.A, local.B, local.C, local.D, local.E, R(55));
				238	P(local.E, local.A, local.B, local.C, local.D, R(56));
				239	P(local.D, local.E, local.A, local.B, local.C, R(57));
				240	P(local.C, local.D, local.E, local.A, local.B, R(58));
				241	P(local.B, local.C, local.D, local.E, local.A, R(59));
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	242
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	243	# undef K
				244	# undef F
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	245
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	246	# define F(x, y, z) ((x) ^ (y) ^ (z))
				247	# define K 0xCA62C1D6
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	248
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	249	P(local.A, local.B, local.C, local.D, local.E, R(60));
				250	P(local.E, local.A, local.B, local.C, local.D, R(61));
				251	P(local.D, local.E, local.A, local.B, local.C, R(62));
				252	P(local.C, local.D, local.E, local.A, local.B, R(63));
				253	P(local.B, local.C, local.D, local.E, local.A, R(64));
				254	P(local.A, local.B, local.C, local.D, local.E, R(65));
				255	P(local.E, local.A, local.B, local.C, local.D, R(66));
				256	P(local.D, local.E, local.A, local.B, local.C, R(67));
				257	P(local.C, local.D, local.E, local.A, local.B, R(68));
				258	P(local.B, local.C, local.D, local.E, local.A, R(69));
				259	P(local.A, local.B, local.C, local.D, local.E, R(70));
				260	P(local.E, local.A, local.B, local.C, local.D, R(71));
				261	P(local.D, local.E, local.A, local.B, local.C, R(72));
				262	P(local.C, local.D, local.E, local.A, local.B, R(73));
				263	P(local.B, local.C, local.D, local.E, local.A, R(74));
				264	P(local.A, local.B, local.C, local.D, local.E, R(75));
				265	P(local.E, local.A, local.B, local.C, local.D, R(76));
				266	P(local.D, local.E, local.A, local.B, local.C, R(77));
				267	P(local.C, local.D, local.E, local.A, local.B, R(78));
				268	P(local.B, local.C, local.D, local.E, local.A, R(79));
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	269
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	270	# undef K
				271	# undef F
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	272
gabor-mezei-arm	4cb56f8	2020-08-25 19:12:01 +0200	[diff] [blame]	273	ctx->state[0] += local.A;
				274	ctx->state[1] += local.B;
				275	ctx->state[2] += local.C;
				276	ctx->state[3] += local.D;
				277	ctx->state[4] += local.E;
Andres Amaya Garcia	034ea7e	2017-04-28 15:14:50 +0100	[diff] [blame]	278
gabor-mezei-arm	76749ae	2020-07-30 16:41:25 +0200	[diff] [blame]	279	/* Zeroise buffers and variables to clear sensitive data from memory. */
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	280	mbedtls_platform_zeroize(&local, sizeof(local));
Andres Amaya Garcia	034ea7e	2017-04-28 15:14:50 +0100	[diff] [blame]	281
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	282	return 0;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	283	}
Jaeden Amero	041039f	2018-02-19 15:28:08 +0000	[diff] [blame]	284
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	285	# endif /* !MBEDTLS_SHA1_PROCESS_ALT */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	286
				287	/*
				288	* SHA-1 process buffer
				289	*/
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	290	int mbedtls_sha1_update(mbedtls_sha1_context *ctx,
				291	const unsigned char *input,
				292	size_t ilen)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	293	{
Janos Follath	24eed8d	2019-11-22 13:21:35 +0000	[diff] [blame]	294	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	295	size_t fill;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	296	uint32_t left;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	297
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	298	SHA1_VALIDATE_RET(ctx != NULL);
				299	SHA1_VALIDATE_RET(ilen == 0 \|\| input != NULL);
Hanno Becker	b3906d8	2018-12-18 11:35:00 +0000	[diff] [blame]	300
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	301	if (ilen == 0)
				302	return 0;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	303
				304	left = ctx->total[0] & 0x3F;
				305	fill = 64 - left;
				306
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	307	ctx->total[0] += (uint32_t)ilen;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	308	ctx->total[0] &= 0xFFFFFFFF;
				309
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	310	if (ctx->total[0] < (uint32_t)ilen)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	311	ctx->total[1]++;
				312
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	313	if (left && ilen >= fill) {
				314	memcpy((void *)(ctx->buffer + left), input, fill);
Andres Amaya Garcia	034ea7e	2017-04-28 15:14:50 +0100	[diff] [blame]	315
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	316	if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0)
				317	return ret;
Andres Amaya Garcia	034ea7e	2017-04-28 15:14:50 +0100	[diff] [blame]	318
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	319	input += fill;
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	320	ilen -= fill;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	321	left = 0;
				322	}
				323
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	324	while (ilen >= 64) {
				325	if ((ret = mbedtls_internal_sha1_process(ctx, input)) != 0)
				326	return ret;
Andres Amaya Garcia	034ea7e	2017-04-28 15:14:50 +0100	[diff] [blame]	327
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	328	input += 64;
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	329	ilen -= 64;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	330	}
				331
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	332	if (ilen > 0)
				333	memcpy((void *)(ctx->buffer + left), input, ilen);
Andres Amaya Garcia	034ea7e	2017-04-28 15:14:50 +0100	[diff] [blame]	334
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	335	return 0;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	336	}
				337
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	338	/*
				339	* SHA-1 final digest
				340	*/
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	341	int mbedtls_sha1_finish(mbedtls_sha1_context *ctx, unsigned char output[20])
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	342	{
Janos Follath	24eed8d	2019-11-22 13:21:35 +0000	[diff] [blame]	343	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard	1cc1fb0	2018-06-28 12:10:27 +0200	[diff] [blame]	344	uint32_t used;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	345	uint32_t high, low;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	346
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	347	SHA1_VALIDATE_RET(ctx != NULL);
				348	SHA1_VALIDATE_RET((unsigned char *)output != NULL);
Andres Amaya Garcia	f7c43b3	2018-12-09 19:12:19 +0000	[diff] [blame]	349
Manuel Pégourié-Gonnard	1cc1fb0	2018-06-28 12:10:27 +0200	[diff] [blame]	350	/*
				351	* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
				352	*/
				353	used = ctx->total[0] & 0x3F;
				354
				355	ctx->buffer[used++] = 0x80;
				356
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	357	if (used <= 56) {
Manuel Pégourié-Gonnard	1cc1fb0	2018-06-28 12:10:27 +0200	[diff] [blame]	358	/* Enough room for padding + length in current block */
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	359	memset(ctx->buffer + used, 0, 56 - used);
				360	} else {
Manuel Pégourié-Gonnard	1cc1fb0	2018-06-28 12:10:27 +0200	[diff] [blame]	361	/* We'll need an extra block */
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	362	memset(ctx->buffer + used, 0, 64 - used);
Manuel Pégourié-Gonnard	1cc1fb0	2018-06-28 12:10:27 +0200	[diff] [blame]	363
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	364	if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0)
				365	return ret;
Manuel Pégourié-Gonnard	1cc1fb0	2018-06-28 12:10:27 +0200	[diff] [blame]	366
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	367	memset(ctx->buffer, 0, 56);
Manuel Pégourié-Gonnard	1cc1fb0	2018-06-28 12:10:27 +0200	[diff] [blame]	368	}
				369
				370	/*
				371	* Add message length
				372	*/
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	373	high = (ctx->total[0] >> 29) \| (ctx->total[1] << 3);
				374	low = (ctx->total[0] << 3);
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	375
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	376	PUT_UINT32_BE(high, ctx->buffer, 56);
				377	PUT_UINT32_BE(low, ctx->buffer, 60);
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	378
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	379	if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0)
				380	return ret;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	381
Manuel Pégourié-Gonnard	1cc1fb0	2018-06-28 12:10:27 +0200	[diff] [blame]	382	/*
				383	* Output final state
				384	*/
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	385	PUT_UINT32_BE(ctx->state[0], output, 0);
				386	PUT_UINT32_BE(ctx->state[1], output, 4);
				387	PUT_UINT32_BE(ctx->state[2], output, 8);
				388	PUT_UINT32_BE(ctx->state[3], output, 12);
				389	PUT_UINT32_BE(ctx->state[4], output, 16);
Andres Amaya Garcia	034ea7e	2017-04-28 15:14:50 +0100	[diff] [blame]	390
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	391	return 0;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	392	}
				393
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	394	# endif /* !MBEDTLS_SHA1_ALT */
Paul Bakker	90995b5	2013-06-24 19:20:35 +0200	[diff] [blame]	395
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	396	/*
				397	* output = SHA-1( input buffer )
				398	*/
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	399	int mbedtls_sha1(const unsigned char *input,
				400	size_t ilen,
				401	unsigned char output[20])
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	402	{
Janos Follath	24eed8d	2019-11-22 13:21:35 +0000	[diff] [blame]	403	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	404	mbedtls_sha1_context ctx;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	405
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	406	SHA1_VALIDATE_RET(ilen == 0 \|\| input != NULL);
				407	SHA1_VALIDATE_RET((unsigned char *)output != NULL);
Andres Amaya Garcia	f7c43b3	2018-12-09 19:12:19 +0000	[diff] [blame]	408
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	409	mbedtls_sha1_init(&ctx);
Andres Amaya Garcia	034ea7e	2017-04-28 15:14:50 +0100	[diff] [blame]	410
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	411	if ((ret = mbedtls_sha1_starts(&ctx)) != 0)
Andres Amaya Garcia	0963e6c	2017-07-20 14:34:08 +0100	[diff] [blame]	412	goto exit;
Andres Amaya Garcia	034ea7e	2017-04-28 15:14:50 +0100	[diff] [blame]	413
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	414	if ((ret = mbedtls_sha1_update(&ctx, input, ilen)) != 0)
Andres Amaya Garcia	0963e6c	2017-07-20 14:34:08 +0100	[diff] [blame]	415	goto exit;
Andres Amaya Garcia	034ea7e	2017-04-28 15:14:50 +0100	[diff] [blame]	416
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	417	if ((ret = mbedtls_sha1_finish(&ctx, output)) != 0)
Andres Amaya Garcia	0963e6c	2017-07-20 14:34:08 +0100	[diff] [blame]	418	goto exit;
Andres Amaya Garcia	034ea7e	2017-04-28 15:14:50 +0100	[diff] [blame]	419
Andres Amaya Garcia	0963e6c	2017-07-20 14:34:08 +0100	[diff] [blame]	420	exit:
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	421	mbedtls_sha1_free(&ctx);
Andres Amaya Garcia	034ea7e	2017-04-28 15:14:50 +0100	[diff] [blame]	422
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	423	return ret;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	424	}
				425
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	426	# if defined(MBEDTLS_SELF_TEST)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	427	/*
				428	* FIPS-180-1 test vectors
				429	*/
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	430	static const unsigned char sha1_test_buf[3][57] = {
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	431	{ "abc" },
				432	{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
				433	{ "" }
				434	};
				435
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	436	static const size_t sha1_test_buflen[3] = { 3, 56, 1000 };
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	437
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	438	static const unsigned char sha1_test_sum[3][20] = {
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	439	{ 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
				440	0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
				441	{ 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
				442	0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
				443	{ 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
				444	0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
				445	};
				446
				447	/*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	448	* Checkup routine
				449	*/
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	450	int mbedtls_sha1_self_test(int verbose)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	451	{
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	452	int i, j, buflen, ret = 0;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	453	unsigned char buf[1024];
				454	unsigned char sha1sum[20];
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	455	mbedtls_sha1_context ctx;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	456
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	457	mbedtls_sha1_init(&ctx);
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	458
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	459	/*
				460	* SHA-1
				461	*/
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	462	for (i = 0; i < 3; i++) {
				463	if (verbose != 0)
				464	mbedtls_printf(" SHA-1 test #%d: ", i + 1);
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	465
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	466	if ((ret = mbedtls_sha1_starts(&ctx)) != 0)
Andres Amaya Garcia	034ea7e	2017-04-28 15:14:50 +0100	[diff] [blame]	467	goto fail;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	468
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	469	if (i == 2) {
				470	memset(buf, 'a', buflen = 1000);
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	471
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	472	for (j = 0; j < 1000; j++) {
				473	ret = mbedtls_sha1_update(&ctx, buf, buflen);
				474	if (ret != 0)
Andres Amaya Garcia	034ea7e	2017-04-28 15:14:50 +0100	[diff] [blame]	475	goto fail;
				476	}
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	477	} else {
				478	ret = mbedtls_sha1_update(&ctx, sha1_test_buf[i],
				479	sha1_test_buflen[i]);
				480	if (ret != 0)
Andres Amaya Garcia	034ea7e	2017-04-28 15:14:50 +0100	[diff] [blame]	481	goto fail;
				482	}
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	483
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	484	if ((ret = mbedtls_sha1_finish(&ctx, sha1sum)) != 0)
Andres Amaya Garcia	6a3f305	2017-07-20 14:18:54 +0100	[diff] [blame]	485	goto fail;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	486
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	487	if (memcmp(sha1sum, sha1_test_sum[i], 20) != 0) {
Andres Amaya Garcia	6a3f305	2017-07-20 14:18:54 +0100	[diff] [blame]	488	ret = 1;
				489	goto fail;
				490	}
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	491
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	492	if (verbose != 0)
				493	mbedtls_printf("passed\n");
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	494	}
				495
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	496	if (verbose != 0)
				497	mbedtls_printf("\n");
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	498
Andres Amaya Garcia	034ea7e	2017-04-28 15:14:50 +0100	[diff] [blame]	499	goto exit;
				500
				501	fail:
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	502	if (verbose != 0)
				503	mbedtls_printf("failed\n");
Andres Amaya Garcia	034ea7e	2017-04-28 15:14:50 +0100	[diff] [blame]	504
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	505	exit:
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	506	mbedtls_sha1_free(&ctx);
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	507
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	508	return ret;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	509	}
				510
Mateusz Starzyk	c0eabdc	2021-08-03 14:09:02 +0200	[diff] [blame^]	511	# endif /* MBEDTLS_SELF_TEST */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	512
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	513	#endif /* MBEDTLS_SHA1_C */