[J-u-boot.git] / lib / sha1.c

// SPDX-License-Identifier: LGPL-2.1
/*
 *  Heiko Schocher, DENX Software Engineering, [email protected].
 *  based on:
 *  FIPS-180-1 compliant SHA-1 implementation
 *
 *  Copyright (C) 2003-2006  Christophe Devine
 */
/*
 *  The SHA-1 standard was published by NIST in 1993.
 *
 *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
 */

#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif

#ifndef USE_HOSTCC
#include <common.h>
#include <linux/string.h>
#else
#include <string.h>
#endif /* USE_HOSTCC */
#include <watchdog.h>
#include <u-boot/sha1.h>

const uint8_t sha1_der_prefix[SHA1_DER_LEN] = {
	0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
	0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
};

/*
 * 32-bit integer manipulation macros (big endian)
 */
#ifndef GET_UINT32_BE
#define GET_UINT32_BE(n,b,i) {				\
	(n) = ( (unsigned long) (b)[(i)    ] << 24 )	\
	    | ( (unsigned long) (b)[(i) + 1] << 16 )	\
	    | ( (unsigned long) (b)[(i) + 2] <<  8 )	\
	    | ( (unsigned long) (b)[(i) + 3]       );	\
}
#endif
#ifndef PUT_UINT32_BE
#define PUT_UINT32_BE(n,b,i) {				\
	(b)[(i)    ] = (unsigned char) ( (n) >> 24 );	\
	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 );	\
	(b)[(i) + 2] = (unsigned char) ( (n) >>  8 );	\
	(b)[(i) + 3] = (unsigned char) ( (n)       );	\
}
#endif

/*
 * SHA-1 context setup
 */
void sha1_starts (sha1_context * ctx)
{
	ctx->total[0] = 0;
	ctx->total[1] = 0;

	ctx->state[0] = 0x67452301;
	ctx->state[1] = 0xEFCDAB89;
	ctx->state[2] = 0x98BADCFE;
	ctx->state[3] = 0x10325476;
	ctx->state[4] = 0xC3D2E1F0;
}

static void sha1_process(sha1_context *ctx, const unsigned char data[64])
{
	unsigned long temp, W[16], A, B, C, D, E;

	GET_UINT32_BE (W[0], data, 0);
	GET_UINT32_BE (W[1], data, 4);
	GET_UINT32_BE (W[2], data, 8);
	GET_UINT32_BE (W[3], data, 12);
	GET_UINT32_BE (W[4], data, 16);
	GET_UINT32_BE (W[5], data, 20);
	GET_UINT32_BE (W[6], data, 24);
	GET_UINT32_BE (W[7], data, 28);
	GET_UINT32_BE (W[8], data, 32);
	GET_UINT32_BE (W[9], data, 36);
	GET_UINT32_BE (W[10], data, 40);
	GET_UINT32_BE (W[11], data, 44);
	GET_UINT32_BE (W[12], data, 48);
	GET_UINT32_BE (W[13], data, 52);
	GET_UINT32_BE (W[14], data, 56);
	GET_UINT32_BE (W[15], data, 60);

#define S(x,n)	((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))

#define R(t) (						\
	temp = W[(t -  3) & 0x0F] ^ W[(t - 8) & 0x0F] ^	\
	       W[(t - 14) & 0x0F] ^ W[ t      & 0x0F],	\
	( W[t & 0x0F] = S(temp,1) )			\
)

#define P(a,b,c,d,e,x)	{				\
	e += S(a,5) + F(b,c,d) + K + x; b = S(b,30);	\
}

	A = ctx->state[0];
	B = ctx->state[1];
	C = ctx->state[2];
	D = ctx->state[3];
	E = ctx->state[4];

#define F(x,y,z) (z ^ (x & (y ^ z)))
#define K 0x5A827999

	P (A, B, C, D, E, W[0]);
	P (E, A, B, C, D, W[1]);
	P (D, E, A, B, C, W[2]);
	P (C, D, E, A, B, W[3]);
	P (B, C, D, E, A, W[4]);
	P (A, B, C, D, E, W[5]);
	P (E, A, B, C, D, W[6]);
	P (D, E, A, B, C, W[7]);
	P (C, D, E, A, B, W[8]);
	P (B, C, D, E, A, W[9]);
	P (A, B, C, D, E, W[10]);
	P (E, A, B, C, D, W[11]);
	P (D, E, A, B, C, W[12]);
	P (C, D, E, A, B, W[13]);
	P (B, C, D, E, A, W[14]);
	P (A, B, C, D, E, W[15]);
	P (E, A, B, C, D, R (16));
	P (D, E, A, B, C, R (17));
	P (C, D, E, A, B, R (18));
	P (B, C, D, E, A, R (19));

#undef K
#undef F

#define F(x,y,z) (x ^ y ^ z)
#define K 0x6ED9EBA1

	P (A, B, C, D, E, R (20));
	P (E, A, B, C, D, R (21));
	P (D, E, A, B, C, R (22));
	P (C, D, E, A, B, R (23));
	P (B, C, D, E, A, R (24));
	P (A, B, C, D, E, R (25));
	P (E, A, B, C, D, R (26));
	P (D, E, A, B, C, R (27));
	P (C, D, E, A, B, R (28));
	P (B, C, D, E, A, R (29));
	P (A, B, C, D, E, R (30));
	P (E, A, B, C, D, R (31));
	P (D, E, A, B, C, R (32));
	P (C, D, E, A, B, R (33));
	P (B, C, D, E, A, R (34));
	P (A, B, C, D, E, R (35));
	P (E, A, B, C, D, R (36));
	P (D, E, A, B, C, R (37));
	P (C, D, E, A, B, R (38));
	P (B, C, D, E, A, R (39));

#undef K
#undef F

#define F(x,y,z) ((x & y) | (z & (x | y)))
#define K 0x8F1BBCDC

	P (A, B, C, D, E, R (40));
	P (E, A, B, C, D, R (41));
	P (D, E, A, B, C, R (42));
	P (C, D, E, A, B, R (43));
	P (B, C, D, E, A, R (44));
	P (A, B, C, D, E, R (45));
	P (E, A, B, C, D, R (46));
	P (D, E, A, B, C, R (47));
	P (C, D, E, A, B, R (48));
	P (B, C, D, E, A, R (49));
	P (A, B, C, D, E, R (50));
	P (E, A, B, C, D, R (51));
	P (D, E, A, B, C, R (52));
	P (C, D, E, A, B, R (53));
	P (B, C, D, E, A, R (54));
	P (A, B, C, D, E, R (55));
	P (E, A, B, C, D, R (56));
	P (D, E, A, B, C, R (57));
	P (C, D, E, A, B, R (58));
	P (B, C, D, E, A, R (59));

#undef K
#undef F

#define F(x,y,z) (x ^ y ^ z)
#define K 0xCA62C1D6

	P (A, B, C, D, E, R (60));
	P (E, A, B, C, D, R (61));
	P (D, E, A, B, C, R (62));
	P (C, D, E, A, B, R (63));
	P (B, C, D, E, A, R (64));
	P (A, B, C, D, E, R (65));
	P (E, A, B, C, D, R (66));
	P (D, E, A, B, C, R (67));
	P (C, D, E, A, B, R (68));
	P (B, C, D, E, A, R (69));
	P (A, B, C, D, E, R (70));
	P (E, A, B, C, D, R (71));
	P (D, E, A, B, C, R (72));
	P (C, D, E, A, B, R (73));
	P (B, C, D, E, A, R (74));
	P (A, B, C, D, E, R (75));
	P (E, A, B, C, D, R (76));
	P (D, E, A, B, C, R (77));
	P (C, D, E, A, B, R (78));
	P (B, C, D, E, A, R (79));

#undef K
#undef F

	ctx->state[0] += A;
	ctx->state[1] += B;
	ctx->state[2] += C;
	ctx->state[3] += D;
	ctx->state[4] += E;
}

/*
 * SHA-1 process buffer
 */
void sha1_update(sha1_context *ctx, const unsigned char *input,
		 unsigned int ilen)
{
	int fill;
	unsigned long left;

	if (ilen <= 0)
		return;

	left = ctx->total[0] & 0x3F;
	fill = 64 - left;

	ctx->total[0] += ilen;
	ctx->total[0] &= 0xFFFFFFFF;

	if (ctx->total[0] < (unsigned long) ilen)
		ctx->total[1]++;

	if (left && ilen >= fill) {
		memcpy ((void *) (ctx->buffer + left), (void *) input, fill);
		sha1_process (ctx, ctx->buffer);
		input += fill;
		ilen -= fill;
		left = 0;
	}

	while (ilen >= 64) {
		sha1_process (ctx, input);
		input += 64;
		ilen -= 64;
	}

	if (ilen > 0) {
		memcpy ((void *) (ctx->buffer + left), (void *) input, ilen);
	}
}

static const unsigned char sha1_padding[64] = {
	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};

/*
 * SHA-1 final digest
 */
void sha1_finish (sha1_context * ctx, unsigned char output[20])
{
	unsigned long last, padn;
	unsigned long high, low;
	unsigned char msglen[8];

	high = (ctx->total[0] >> 29)
		| (ctx->total[1] << 3);
	low = (ctx->total[0] << 3);

	PUT_UINT32_BE (high, msglen, 0);
	PUT_UINT32_BE (low, msglen, 4);

	last = ctx->total[0] & 0x3F;
	padn = (last < 56) ? (56 - last) : (120 - last);

	sha1_update (ctx, (unsigned char *) sha1_padding, padn);
	sha1_update (ctx, msglen, 8);

	PUT_UINT32_BE (ctx->state[0], output, 0);
	PUT_UINT32_BE (ctx->state[1], output, 4);
	PUT_UINT32_BE (ctx->state[2], output, 8);
	PUT_UINT32_BE (ctx->state[3], output, 12);
	PUT_UINT32_BE (ctx->state[4], output, 16);
}

/*
 * Output = SHA-1( input buffer )
 */
void sha1_csum(const unsigned char *input, unsigned int ilen,
	       unsigned char *output)
{
	sha1_context ctx;

	sha1_starts (&ctx);
	sha1_update (&ctx, input, ilen);
	sha1_finish (&ctx, output);
}

/*
 * Output = SHA-1( input buffer ). Trigger the watchdog every 'chunk_sz'
 * bytes of input processed.
 */
void sha1_csum_wd(const unsigned char *input, unsigned int ilen,
		  unsigned char *output, unsigned int chunk_sz)
{
	sha1_context ctx;
#if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
	const unsigned char *end, *curr;
	int chunk;
#endif

	sha1_starts (&ctx);

#if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
	curr = input;
	end = input + ilen;
	while (curr < end) {
		chunk = end - curr;
		if (chunk > chunk_sz)
			chunk = chunk_sz;
		sha1_update (&ctx, curr, chunk);
		curr += chunk;
		WATCHDOG_RESET ();
	}
#else
	sha1_update (&ctx, input, ilen);
#endif

	sha1_finish (&ctx, output);
}

/*
 * Output = HMAC-SHA-1( input buffer, hmac key )
 */
void sha1_hmac(const unsigned char *key, int keylen,
	       const unsigned char *input, unsigned int ilen,
	       unsigned char *output)
{
	int i;
	sha1_context ctx;
	unsigned char k_ipad[64];
	unsigned char k_opad[64];
	unsigned char tmpbuf[20];

	memset (k_ipad, 0x36, 64);
	memset (k_opad, 0x5C, 64);

	for (i = 0; i < keylen; i++) {
		if (i >= 64)
			break;

		k_ipad[i] ^= key[i];
		k_opad[i] ^= key[i];
	}

	sha1_starts (&ctx);
	sha1_update (&ctx, k_ipad, 64);
	sha1_update (&ctx, input, ilen);
	sha1_finish (&ctx, tmpbuf);

	sha1_starts (&ctx);
	sha1_update (&ctx, k_opad, 64);
	sha1_update (&ctx, tmpbuf, 20);
	sha1_finish (&ctx, output);

	memset (k_ipad, 0, 64);
	memset (k_opad, 0, 64);
	memset (tmpbuf, 0, 20);
	memset (&ctx, 0, sizeof (sha1_context));
}

#ifdef SELF_TEST
/*
 * FIPS-180-1 test vectors
 */
static const char sha1_test_str[3][57] = {
	{"abc"},
	{"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"},
	{""}
};

static const unsigned char sha1_test_sum[3][20] = {
	{0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
	 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D},
	{0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
	 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1},
	{0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
	 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F}
};

/*
 * Checkup routine
 */
int sha1_self_test (void)
{
	int i, j;
	unsigned char buf[1000];
	unsigned char sha1sum[20];
	sha1_context ctx;

	for (i = 0; i < 3; i++) {
		printf ("  SHA-1 test #%d: ", i + 1);

		sha1_starts (&ctx);

		if (i < 2)
			sha1_update (&ctx, (unsigned char *) sha1_test_str[i],
				     strlen (sha1_test_str[i]));
		else {
			memset (buf, 'a', 1000);
			for (j = 0; j < 1000; j++)
				sha1_update (&ctx, buf, 1000);
		}

		sha1_finish (&ctx, sha1sum);

		if (memcmp (sha1sum, sha1_test_sum[i], 20) != 0) {
			printf ("failed\n");
			return (1);
		}

		printf ("passed\n");
	}

	printf ("\n");
	return (0);
}
#else
int sha1_self_test (void)
{
	return (0);
}
#endif
Commit	Line	Data
83d290c5	1	// SPDX-License-Identifier: LGPL-2.1
566a494f HS	2	/*
	3	* Heiko Schocher, DENX Software Engineering, [email protected].
	4	* based on:
	5	* FIPS-180-1 compliant SHA-1 implementation
	6	*
	7	* Copyright (C) 2003-2006 Christophe Devine
566a494f HS	8	*/
	9	/*
	10	* The SHA-1 standard was published by NIST in 1993.
	11	*
	12	* http://www.itl.nist.gov/fipspubs/fip180-1.htm
	13	*/
	14
	15	#ifndef _CRT_SECURE_NO_DEPRECATE
	16	#define _CRT_SECURE_NO_DEPRECATE 1
	17	#endif
	18
7590378f BS	19	#ifndef USE_HOSTCC
7590378f BS	20	#include <common.h>
a94f22f0	21	#include <linux/string.h>
338cc038 WD	22	#else
338cc038 WD	23	#include <string.h>
7590378f BS	24	#endif /* USE_HOSTCC */
7590378f BS	25	#include <watchdog.h>
2b9912e6	26	#include <u-boot/sha1.h>
566a494f	27
da29f299 AD	28	const uint8_t sha1_der_prefix[SHA1_DER_LEN] = {
	29	0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
	30	0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
	31	};
	32
566a494f HS	33	/*
	34	* 32-bit integer manipulation macros (big endian)
	35	*/
	36	#ifndef GET_UINT32_BE
4ef218f6 WD	37	#define GET_UINT32_BE(n,b,i) { \
	38	(n) = ( (unsigned long) (b)[(i) ] << 24 ) \
	39	\| ( (unsigned long) (b)[(i) + 1] << 16 ) \
	40	\| ( (unsigned long) (b)[(i) + 2] << 8 ) \
	41	\| ( (unsigned long) (b)[(i) + 3] ); \
566a494f HS	42	}
	43	#endif
	44	#ifndef PUT_UINT32_BE
4ef218f6 WD	45	#define PUT_UINT32_BE(n,b,i) { \
	46	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
	47	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
	48	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
	49	(b)[(i) + 3] = (unsigned char) ( (n) ); \
566a494f HS	50	}
	51	#endif
	52
	53	/*
	54	* SHA-1 context setup
	55	*/
4ef218f6	56	void sha1_starts (sha1_context * ctx)
566a494f	57	{
4ef218f6 WD	58	ctx->total[0] = 0;
	59	ctx->total[1] = 0;
	60
	61	ctx->state[0] = 0x67452301;
	62	ctx->state[1] = 0xEFCDAB89;
	63	ctx->state[2] = 0x98BADCFE;
	64	ctx->state[3] = 0x10325476;
	65	ctx->state[4] = 0xC3D2E1F0;
566a494f HS	66	}
566a494f HS	67
a7d1d765	68	static void sha1_process(sha1_context *ctx, const unsigned char data[64])
566a494f	69	{
4ef218f6 WD	70	unsigned long temp, W[16], A, B, C, D, E;
	71
	72	GET_UINT32_BE (W[0], data, 0);
	73	GET_UINT32_BE (W[1], data, 4);
	74	GET_UINT32_BE (W[2], data, 8);
	75	GET_UINT32_BE (W[3], data, 12);
	76	GET_UINT32_BE (W[4], data, 16);
	77	GET_UINT32_BE (W[5], data, 20);
	78	GET_UINT32_BE (W[6], data, 24);
	79	GET_UINT32_BE (W[7], data, 28);
	80	GET_UINT32_BE (W[8], data, 32);
	81	GET_UINT32_BE (W[9], data, 36);
	82	GET_UINT32_BE (W[10], data, 40);
	83	GET_UINT32_BE (W[11], data, 44);
	84	GET_UINT32_BE (W[12], data, 48);
	85	GET_UINT32_BE (W[13], data, 52);
	86	GET_UINT32_BE (W[14], data, 56);
	87	GET_UINT32_BE (W[15], data, 60);
	88
	89	#define S(x,n) ((x << n) \| ((x & 0xFFFFFFFF) >> (32 - n)))
	90
	91	#define R(t) ( \
	92	temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
	93	W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
	94	( W[t & 0x0F] = S(temp,1) ) \
566a494f HS	95	)
566a494f HS	96
4ef218f6 WD	97	#define P(a,b,c,d,e,x) { \
4ef218f6 WD	98	e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
566a494f HS	99	}
566a494f HS	100
4ef218f6 WD	101	A = ctx->state[0];
	102	B = ctx->state[1];
	103	C = ctx->state[2];
	104	D = ctx->state[3];
	105	E = ctx->state[4];
566a494f HS	106
	107	#define F(x,y,z) (z ^ (x & (y ^ z)))
	108	#define K 0x5A827999
	109
4ef218f6 WD	110	P (A, B, C, D, E, W[0]);
	111	P (E, A, B, C, D, W[1]);
	112	P (D, E, A, B, C, W[2]);
	113	P (C, D, E, A, B, W[3]);
	114	P (B, C, D, E, A, W[4]);
	115	P (A, B, C, D, E, W[5]);
	116	P (E, A, B, C, D, W[6]);
	117	P (D, E, A, B, C, W[7]);
	118	P (C, D, E, A, B, W[8]);
	119	P (B, C, D, E, A, W[9]);
	120	P (A, B, C, D, E, W[10]);
	121	P (E, A, B, C, D, W[11]);
	122	P (D, E, A, B, C, W[12]);
	123	P (C, D, E, A, B, W[13]);
	124	P (B, C, D, E, A, W[14]);
	125	P (A, B, C, D, E, W[15]);
	126	P (E, A, B, C, D, R (16));
	127	P (D, E, A, B, C, R (17));
	128	P (C, D, E, A, B, R (18));
	129	P (B, C, D, E, A, R (19));
566a494f HS	130
	131	#undef K
	132	#undef F
	133
	134	#define F(x,y,z) (x ^ y ^ z)
	135	#define K 0x6ED9EBA1
	136
4ef218f6 WD	137	P (A, B, C, D, E, R (20));
	138	P (E, A, B, C, D, R (21));
	139	P (D, E, A, B, C, R (22));
	140	P (C, D, E, A, B, R (23));
	141	P (B, C, D, E, A, R (24));
	142	P (A, B, C, D, E, R (25));
	143	P (E, A, B, C, D, R (26));
	144	P (D, E, A, B, C, R (27));
	145	P (C, D, E, A, B, R (28));
	146	P (B, C, D, E, A, R (29));
	147	P (A, B, C, D, E, R (30));
	148	P (E, A, B, C, D, R (31));
	149	P (D, E, A, B, C, R (32));
	150	P (C, D, E, A, B, R (33));
	151	P (B, C, D, E, A, R (34));
	152	P (A, B, C, D, E, R (35));
	153	P (E, A, B, C, D, R (36));
	154	P (D, E, A, B, C, R (37));
	155	P (C, D, E, A, B, R (38));
	156	P (B, C, D, E, A, R (39));
566a494f HS	157
	158	#undef K
	159	#undef F
	160
	161	#define F(x,y,z) ((x & y) \| (z & (x \| y)))
	162	#define K 0x8F1BBCDC
	163
4ef218f6 WD	164	P (A, B, C, D, E, R (40));
	165	P (E, A, B, C, D, R (41));
	166	P (D, E, A, B, C, R (42));
	167	P (C, D, E, A, B, R (43));
	168	P (B, C, D, E, A, R (44));
	169	P (A, B, C, D, E, R (45));
	170	P (E, A, B, C, D, R (46));
	171	P (D, E, A, B, C, R (47));
	172	P (C, D, E, A, B, R (48));
	173	P (B, C, D, E, A, R (49));
	174	P (A, B, C, D, E, R (50));
	175	P (E, A, B, C, D, R (51));
	176	P (D, E, A, B, C, R (52));
	177	P (C, D, E, A, B, R (53));
	178	P (B, C, D, E, A, R (54));
	179	P (A, B, C, D, E, R (55));
	180	P (E, A, B, C, D, R (56));
	181	P (D, E, A, B, C, R (57));
	182	P (C, D, E, A, B, R (58));
	183	P (B, C, D, E, A, R (59));
566a494f HS	184
	185	#undef K
	186	#undef F
	187
	188	#define F(x,y,z) (x ^ y ^ z)
	189	#define K 0xCA62C1D6
	190
4ef218f6 WD	191	P (A, B, C, D, E, R (60));
	192	P (E, A, B, C, D, R (61));
	193	P (D, E, A, B, C, R (62));
	194	P (C, D, E, A, B, R (63));
	195	P (B, C, D, E, A, R (64));
	196	P (A, B, C, D, E, R (65));
	197	P (E, A, B, C, D, R (66));
	198	P (D, E, A, B, C, R (67));
	199	P (C, D, E, A, B, R (68));
	200	P (B, C, D, E, A, R (69));
	201	P (A, B, C, D, E, R (70));
	202	P (E, A, B, C, D, R (71));
	203	P (D, E, A, B, C, R (72));
	204	P (C, D, E, A, B, R (73));
	205	P (B, C, D, E, A, R (74));
	206	P (A, B, C, D, E, R (75));
	207	P (E, A, B, C, D, R (76));
	208	P (D, E, A, B, C, R (77));
	209	P (C, D, E, A, B, R (78));
	210	P (B, C, D, E, A, R (79));
566a494f HS	211
	212	#undef K
	213	#undef F
	214
4ef218f6 WD	215	ctx->state[0] += A;
	216	ctx->state[1] += B;
	217	ctx->state[2] += C;
	218	ctx->state[3] += D;
	219	ctx->state[4] += E;
566a494f HS	220	}
	221
	222	/*
	223	* SHA-1 process buffer
	224	*/
a7d1d765 SG	225	void sha1_update(sha1_context ctx, const unsigned char input,
a7d1d765 SG	226	unsigned int ilen)
566a494f	227	{
4ef218f6 WD	228	int fill;
	229	unsigned long left;
	230
	231	if (ilen <= 0)
	232	return;
	233
	234	left = ctx->total[0] & 0x3F;
	235	fill = 64 - left;
	236
	237	ctx->total[0] += ilen;
	238	ctx->total[0] &= 0xFFFFFFFF;
	239
	240	if (ctx->total[0] < (unsigned long) ilen)
	241	ctx->total[1]++;
	242
	243	if (left && ilen >= fill) {
	244	memcpy ((void ) (ctx->buffer + left), (void ) input, fill);
	245	sha1_process (ctx, ctx->buffer);
	246	input += fill;
	247	ilen -= fill;
	248	left = 0;
	249	}
	250
	251	while (ilen >= 64) {
	252	sha1_process (ctx, input);
	253	input += 64;
	254	ilen -= 64;
	255	}
	256
	257	if (ilen > 0) {
	258	memcpy ((void ) (ctx->buffer + left), (void ) input, ilen);
	259	}
566a494f HS	260	}
566a494f HS	261
4ef218f6 WD	262	static const unsigned char sha1_padding[64] = {
	263	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	264	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	265	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	266	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
566a494f HS	267	};
	268
	269	/*
	270	* SHA-1 final digest
	271	*/
4ef218f6	272	void sha1_finish (sha1_context * ctx, unsigned char output[20])
566a494f	273	{
4ef218f6 WD	274	unsigned long last, padn;
	275	unsigned long high, low;
	276	unsigned char msglen[8];
566a494f	277
4ef218f6 WD	278	high = (ctx->total[0] >> 29)
	279	\| (ctx->total[1] << 3);
	280	low = (ctx->total[0] << 3);
566a494f	281
4ef218f6 WD	282	PUT_UINT32_BE (high, msglen, 0);
4ef218f6 WD	283	PUT_UINT32_BE (low, msglen, 4);
566a494f	284
4ef218f6 WD	285	last = ctx->total[0] & 0x3F;
4ef218f6 WD	286	padn = (last < 56) ? (56 - last) : (120 - last);
566a494f	287
4ef218f6 WD	288	sha1_update (ctx, (unsigned char *) sha1_padding, padn);
4ef218f6 WD	289	sha1_update (ctx, msglen, 8);
566a494f	290
4ef218f6 WD	291	PUT_UINT32_BE (ctx->state[0], output, 0);
	292	PUT_UINT32_BE (ctx->state[1], output, 4);
	293	PUT_UINT32_BE (ctx->state[2], output, 8);
	294	PUT_UINT32_BE (ctx->state[3], output, 12);
	295	PUT_UINT32_BE (ctx->state[4], output, 16);
566a494f HS	296	}
	297
	298	/*
	299	* Output = SHA-1( input buffer )
	300	*/
a7d1d765 SG	301	void sha1_csum(const unsigned char *input, unsigned int ilen,
a7d1d765 SG	302	unsigned char *output)
566a494f	303	{
4ef218f6	304	sha1_context ctx;
566a494f	305
4ef218f6 WD	306	sha1_starts (&ctx);
	307	sha1_update (&ctx, input, ilen);
	308	sha1_finish (&ctx, output);
566a494f HS	309	}
566a494f HS	310
215b01bb BS	311	/*
	312	* Output = SHA-1( input buffer ). Trigger the watchdog every 'chunk_sz'
	313	* bytes of input processed.
	314	*/
a7d1d765 SG	315	void sha1_csum_wd(const unsigned char *input, unsigned int ilen,
a7d1d765 SG	316	unsigned char *output, unsigned int chunk_sz)
215b01bb BS	317	{
	318	sha1_context ctx;
	319	#if defined(CONFIG_HW_WATCHDOG) \|\| defined(CONFIG_WATCHDOG)
a7d1d765	320	const unsigned char end, curr;
215b01bb BS	321	int chunk;
	322	#endif
	323
	324	sha1_starts (&ctx);
	325
	326	#if defined(CONFIG_HW_WATCHDOG) \|\| defined(CONFIG_WATCHDOG)
	327	curr = input;
	328	end = input + ilen;
	329	while (curr < end) {
	330	chunk = end - curr;
	331	if (chunk > chunk_sz)
	332	chunk = chunk_sz;
	333	sha1_update (&ctx, curr, chunk);
	334	curr += chunk;
	335	WATCHDOG_RESET ();
	336	}
	337	#else
	338	sha1_update (&ctx, input, ilen);
	339	#endif
	340
	341	sha1_finish (&ctx, output);
	342	}
	343
566a494f HS	344	/*
	345	* Output = HMAC-SHA-1( input buffer, hmac key )
	346	*/
a7d1d765 SG	347	void sha1_hmac(const unsigned char *key, int keylen,
	348	const unsigned char *input, unsigned int ilen,
	349	unsigned char *output)
566a494f	350	{
4ef218f6 WD	351	int i;
	352	sha1_context ctx;
	353	unsigned char k_ipad[64];
	354	unsigned char k_opad[64];
	355	unsigned char tmpbuf[20];
	356
	357	memset (k_ipad, 0x36, 64);
	358	memset (k_opad, 0x5C, 64);
	359
	360	for (i = 0; i < keylen; i++) {
	361	if (i >= 64)
	362	break;
	363
	364	k_ipad[i] ^= key[i];
	365	k_opad[i] ^= key[i];
	366	}
	367
	368	sha1_starts (&ctx);
	369	sha1_update (&ctx, k_ipad, 64);
	370	sha1_update (&ctx, input, ilen);
	371	sha1_finish (&ctx, tmpbuf);
	372
	373	sha1_starts (&ctx);
	374	sha1_update (&ctx, k_opad, 64);
	375	sha1_update (&ctx, tmpbuf, 20);
	376	sha1_finish (&ctx, output);
	377
	378	memset (k_ipad, 0, 64);
	379	memset (k_opad, 0, 64);
	380	memset (tmpbuf, 0, 20);
	381	memset (&ctx, 0, sizeof (sha1_context));
566a494f HS	382	}
566a494f HS	383
566a494f HS	384	#ifdef SELF_TEST
	385	/*
	386	* FIPS-180-1 test vectors
	387	*/
4ef218f6 WD	388	static const char sha1_test_str[3][57] = {
	389	{"abc"},
	390	{"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"},
	391	{""}
566a494f HS	392	};
566a494f HS	393
4ef218f6 WD	394	static const unsigned char sha1_test_sum[3][20] = {
	395	{0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
	396	0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D},
	397	{0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
	398	0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1},
	399	{0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
	400	0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F}
566a494f HS	401	};
	402
	403	/*
	404	* Checkup routine
	405	*/
4ef218f6	406	int sha1_self_test (void)
566a494f	407	{
4ef218f6 WD	408	int i, j;
	409	unsigned char buf[1000];
	410	unsigned char sha1sum[20];
	411	sha1_context ctx;
	412
	413	for (i = 0; i < 3; i++) {
	414	printf (" SHA-1 test #%d: ", i + 1);
	415
	416	sha1_starts (&ctx);
	417
	418	if (i < 2)
	419	sha1_update (&ctx, (unsigned char *) sha1_test_str[i],
	420	strlen (sha1_test_str[i]));
	421	else {
	422	memset (buf, 'a', 1000);
	423	for (j = 0; j < 1000; j++)
	424	sha1_update (&ctx, buf, 1000);
	425	}
	426
	427	sha1_finish (&ctx, sha1sum);
	428
	429	if (memcmp (sha1sum, sha1_test_sum[i], 20) != 0) {
	430	printf ("failed\n");
	431	return (1);
	432	}
	433
	434	printf ("passed\n");
	435	}
	436
	437	printf ("\n");
	438	return (0);
566a494f HS	439	}
566a494f HS	440	#else
4ef218f6	441	int sha1_self_test (void)
566a494f	442	{
4ef218f6	443	return (0);
566a494f HS	444	}
566a494f HS	445	#endif