[J-u-boot.git] / lib / sha1.c

// SPDX-License-Identifier: LGPL-2.1
/*
 *  Heiko Schocher, DENX Software Engineering, [email protected].
 *  based on:
 *  FIPS-180-1 compliant SHA-1 implementation
 *
 *  Copyright (C) 2003-2006  Christophe Devine
 */
/*
 *  The SHA-1 standard was published by NIST in 1993.
 *
 *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
 */

#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif

#ifndef USE_HOSTCC
#include <cyclic.h>
#endif /* USE_HOSTCC */
#include <string.h>
#include <u-boot/sha1.h>

#include <linux/compiler_attributes.h>

const uint8_t sha1_der_prefix[SHA1_DER_LEN] = {
	0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
	0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
};

/*
 * 32-bit integer manipulation macros (big endian)
 */
#ifndef GET_UINT32_BE
#define GET_UINT32_BE(n,b,i) {				\
	(n) = ( (unsigned long) (b)[(i)    ] << 24 )	\
	    | ( (unsigned long) (b)[(i) + 1] << 16 )	\
	    | ( (unsigned long) (b)[(i) + 2] <<  8 )	\
	    | ( (unsigned long) (b)[(i) + 3]       );	\
}
#endif
#ifndef PUT_UINT32_BE
#define PUT_UINT32_BE(n,b,i) {				\
	(b)[(i)    ] = (unsigned char) ( (n) >> 24 );	\
	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 );	\
	(b)[(i) + 2] = (unsigned char) ( (n) >>  8 );	\
	(b)[(i) + 3] = (unsigned char) ( (n)       );	\
}
#endif

/*
 * SHA-1 context setup
 */
void sha1_starts (sha1_context * ctx)
{
	ctx->total[0] = 0;
	ctx->total[1] = 0;

	ctx->state[0] = 0x67452301;
	ctx->state[1] = 0xEFCDAB89;
	ctx->state[2] = 0x98BADCFE;
	ctx->state[3] = 0x10325476;
	ctx->state[4] = 0xC3D2E1F0;
}

static void __maybe_unused sha1_process_one(sha1_context *ctx, const unsigned char data[64])
{
	unsigned long temp, W[16], A, B, C, D, E;

	GET_UINT32_BE (W[0], data, 0);
	GET_UINT32_BE (W[1], data, 4);
	GET_UINT32_BE (W[2], data, 8);
	GET_UINT32_BE (W[3], data, 12);
	GET_UINT32_BE (W[4], data, 16);
	GET_UINT32_BE (W[5], data, 20);
	GET_UINT32_BE (W[6], data, 24);
	GET_UINT32_BE (W[7], data, 28);
	GET_UINT32_BE (W[8], data, 32);
	GET_UINT32_BE (W[9], data, 36);
	GET_UINT32_BE (W[10], data, 40);
	GET_UINT32_BE (W[11], data, 44);
	GET_UINT32_BE (W[12], data, 48);
	GET_UINT32_BE (W[13], data, 52);
	GET_UINT32_BE (W[14], data, 56);
	GET_UINT32_BE (W[15], data, 60);

#define S(x,n)	((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))

#define R(t) (						\
	temp = W[(t -  3) & 0x0F] ^ W[(t - 8) & 0x0F] ^	\
	       W[(t - 14) & 0x0F] ^ W[ t      & 0x0F],	\
	( W[t & 0x0F] = S(temp,1) )			\
)

#define P(a,b,c,d,e,x)	{				\
	e += S(a,5) + F(b,c,d) + K + x; b = S(b,30);	\
}

	A = ctx->state[0];
	B = ctx->state[1];
	C = ctx->state[2];
	D = ctx->state[3];
	E = ctx->state[4];

#define F(x,y,z) (z ^ (x & (y ^ z)))
#define K 0x5A827999

	P (A, B, C, D, E, W[0]);
	P (E, A, B, C, D, W[1]);
	P (D, E, A, B, C, W[2]);
	P (C, D, E, A, B, W[3]);
	P (B, C, D, E, A, W[4]);
	P (A, B, C, D, E, W[5]);
	P (E, A, B, C, D, W[6]);
	P (D, E, A, B, C, W[7]);
	P (C, D, E, A, B, W[8]);
	P (B, C, D, E, A, W[9]);
	P (A, B, C, D, E, W[10]);
	P (E, A, B, C, D, W[11]);
	P (D, E, A, B, C, W[12]);
	P (C, D, E, A, B, W[13]);
	P (B, C, D, E, A, W[14]);
	P (A, B, C, D, E, W[15]);
	P (E, A, B, C, D, R (16));
	P (D, E, A, B, C, R (17));
	P (C, D, E, A, B, R (18));
	P (B, C, D, E, A, R (19));

#undef K
#undef F

#define F(x,y,z) (x ^ y ^ z)
#define K 0x6ED9EBA1

	P (A, B, C, D, E, R (20));
	P (E, A, B, C, D, R (21));
	P (D, E, A, B, C, R (22));
	P (C, D, E, A, B, R (23));
	P (B, C, D, E, A, R (24));
	P (A, B, C, D, E, R (25));
	P (E, A, B, C, D, R (26));
	P (D, E, A, B, C, R (27));
	P (C, D, E, A, B, R (28));
	P (B, C, D, E, A, R (29));
	P (A, B, C, D, E, R (30));
	P (E, A, B, C, D, R (31));
	P (D, E, A, B, C, R (32));
	P (C, D, E, A, B, R (33));
	P (B, C, D, E, A, R (34));
	P (A, B, C, D, E, R (35));
	P (E, A, B, C, D, R (36));
	P (D, E, A, B, C, R (37));
	P (C, D, E, A, B, R (38));
	P (B, C, D, E, A, R (39));

#undef K
#undef F

#define F(x,y,z) ((x & y) | (z & (x | y)))
#define K 0x8F1BBCDC

	P (A, B, C, D, E, R (40));
	P (E, A, B, C, D, R (41));
	P (D, E, A, B, C, R (42));
	P (C, D, E, A, B, R (43));
	P (B, C, D, E, A, R (44));
	P (A, B, C, D, E, R (45));
	P (E, A, B, C, D, R (46));
	P (D, E, A, B, C, R (47));
	P (C, D, E, A, B, R (48));
	P (B, C, D, E, A, R (49));
	P (A, B, C, D, E, R (50));
	P (E, A, B, C, D, R (51));
	P (D, E, A, B, C, R (52));
	P (C, D, E, A, B, R (53));
	P (B, C, D, E, A, R (54));
	P (A, B, C, D, E, R (55));
	P (E, A, B, C, D, R (56));
	P (D, E, A, B, C, R (57));
	P (C, D, E, A, B, R (58));
	P (B, C, D, E, A, R (59));

#undef K
#undef F

#define F(x,y,z) (x ^ y ^ z)
#define K 0xCA62C1D6

	P (A, B, C, D, E, R (60));
	P (E, A, B, C, D, R (61));
	P (D, E, A, B, C, R (62));
	P (C, D, E, A, B, R (63));
	P (B, C, D, E, A, R (64));
	P (A, B, C, D, E, R (65));
	P (E, A, B, C, D, R (66));
	P (D, E, A, B, C, R (67));
	P (C, D, E, A, B, R (68));
	P (B, C, D, E, A, R (69));
	P (A, B, C, D, E, R (70));
	P (E, A, B, C, D, R (71));
	P (D, E, A, B, C, R (72));
	P (C, D, E, A, B, R (73));
	P (B, C, D, E, A, R (74));
	P (A, B, C, D, E, R (75));
	P (E, A, B, C, D, R (76));
	P (D, E, A, B, C, R (77));
	P (C, D, E, A, B, R (78));
	P (B, C, D, E, A, R (79));

#undef K
#undef F

	ctx->state[0] += A;
	ctx->state[1] += B;
	ctx->state[2] += C;
	ctx->state[3] += D;
	ctx->state[4] += E;
}

__weak void sha1_process(sha1_context *ctx, const unsigned char *data,
			 unsigned int blocks)
{
	if (!blocks)
		return;

	while (blocks--) {
		sha1_process_one(ctx, data);
		data += 64;
	}
}

/*
 * SHA-1 process buffer
 */
void sha1_update(sha1_context *ctx, const unsigned char *input,
		 unsigned int ilen)
{
	int fill;
	unsigned long left;

	if (ilen <= 0)
		return;

	left = ctx->total[0] & 0x3F;
	fill = 64 - left;

	ctx->total[0] += ilen;
	ctx->total[0] &= 0xFFFFFFFF;

	if (ctx->total[0] < (unsigned long) ilen)
		ctx->total[1]++;

	if (left && ilen >= fill) {
		memcpy ((void *) (ctx->buffer + left), (void *) input, fill);
		sha1_process(ctx, ctx->buffer, 1);
		input += fill;
		ilen -= fill;
		left = 0;
	}

	sha1_process(ctx, input, ilen / 64);
	input += ilen / 64 * 64;
	ilen = ilen % 64;

	if (ilen > 0) {
		memcpy ((void *) (ctx->buffer + left), (void *) input, ilen);
	}
}

static const unsigned char sha1_padding[64] = {
	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};

/*
 * SHA-1 final digest
 */
void sha1_finish (sha1_context * ctx, unsigned char output[20])
{
	unsigned long last, padn;
	unsigned long high, low;
	unsigned char msglen[8];

	high = (ctx->total[0] >> 29)
		| (ctx->total[1] << 3);
	low = (ctx->total[0] << 3);

	PUT_UINT32_BE (high, msglen, 0);
	PUT_UINT32_BE (low, msglen, 4);

	last = ctx->total[0] & 0x3F;
	padn = (last < 56) ? (56 - last) : (120 - last);

	sha1_update (ctx, (unsigned char *) sha1_padding, padn);
	sha1_update (ctx, msglen, 8);

	PUT_UINT32_BE (ctx->state[0], output, 0);
	PUT_UINT32_BE (ctx->state[1], output, 4);
	PUT_UINT32_BE (ctx->state[2], output, 8);
	PUT_UINT32_BE (ctx->state[3], output, 12);
	PUT_UINT32_BE (ctx->state[4], output, 16);
}

/*
 * Output = SHA-1( input buffer ). Trigger the watchdog every 'chunk_sz'
 * bytes of input processed.
 */
void sha1_csum_wd(const unsigned char *input, unsigned int ilen,
		  unsigned char *output, unsigned int chunk_sz)
{
	sha1_context ctx;
#if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
	const unsigned char *end, *curr;
	int chunk;
#endif

	sha1_starts (&ctx);

#if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
	curr = input;
	end = input + ilen;
	while (curr < end) {
		chunk = end - curr;
		if (chunk > chunk_sz)
			chunk = chunk_sz;
		sha1_update (&ctx, curr, chunk);
		curr += chunk;
		schedule();
	}
#else
	sha1_update (&ctx, input, ilen);
#endif

	sha1_finish (&ctx, output);
}

/*
 * Output = HMAC-SHA-1( input buffer, hmac key )
 */
void sha1_hmac(const unsigned char *key, int keylen,
	       const unsigned char *input, unsigned int ilen,
	       unsigned char *output)
{
	int i;
	sha1_context ctx;
	unsigned char k_ipad[64];
	unsigned char k_opad[64];
	unsigned char tmpbuf[20];

	memset (k_ipad, 0x36, 64);
	memset (k_opad, 0x5C, 64);

	for (i = 0; i < keylen; i++) {
		if (i >= 64)
			break;

		k_ipad[i] ^= key[i];
		k_opad[i] ^= key[i];
	}

	sha1_starts (&ctx);
	sha1_update (&ctx, k_ipad, 64);
	sha1_update (&ctx, input, ilen);
	sha1_finish (&ctx, tmpbuf);

	sha1_starts (&ctx);
	sha1_update (&ctx, k_opad, 64);
	sha1_update (&ctx, tmpbuf, 20);
	sha1_finish (&ctx, output);

	memset (k_ipad, 0, 64);
	memset (k_opad, 0, 64);
	memset (tmpbuf, 0, 20);
	memset (&ctx, 0, sizeof (sha1_context));
}

#ifdef SELF_TEST
/*
 * FIPS-180-1 test vectors
 */
static const char sha1_test_str[3][57] = {
	{"abc"},
	{"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"},
	{""}
};

static const unsigned char sha1_test_sum[3][20] = {
	{0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
	 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D},
	{0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
	 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1},
	{0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
	 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F}
};

/*
 * Checkup routine
 */
int sha1_self_test (void)
{
	int i, j;
	unsigned char buf[1000];
	unsigned char sha1sum[20];
	sha1_context ctx;

	for (i = 0; i < 3; i++) {
		printf ("  SHA-1 test #%d: ", i + 1);

		sha1_starts (&ctx);

		if (i < 2)
			sha1_update (&ctx, (unsigned char *) sha1_test_str[i],
				     strlen (sha1_test_str[i]));
		else {
			memset (buf, 'a', 1000);
			for (j = 0; j < 1000; j++)
				sha1_update (&ctx, buf, 1000);
		}

		sha1_finish (&ctx, sha1sum);

		if (memcmp (sha1sum, sha1_test_sum[i], 20) != 0) {
			printf ("failed\n");
			return (1);
		}

		printf ("passed\n");
	}

	printf ("\n");
	return (0);
}
#else
int sha1_self_test (void)
{
	return (0);
}
#endif
Commit	Line	Data
83d290c5	1	// SPDX-License-Identifier: LGPL-2.1
566a494f HS	2	/*
	3	* Heiko Schocher, DENX Software Engineering, [email protected].
	4	* based on:
	5	* FIPS-180-1 compliant SHA-1 implementation
	6	*
	7	* Copyright (C) 2003-2006 Christophe Devine
566a494f HS	8	*/
	9	/*
	10	* The SHA-1 standard was published by NIST in 1993.
	11	*
	12	* http://www.itl.nist.gov/fipspubs/fip180-1.htm
	13	*/
	14
	15	#ifndef _CRT_SECURE_NO_DEPRECATE
	16	#define _CRT_SECURE_NO_DEPRECATE 1
	17	#endif
	18
7590378f	19	#ifndef USE_HOSTCC
bc9c7ccc	20	#include <cyclic.h>
7590378f	21	#endif /* USE_HOSTCC */
bc9c7ccc	22	#include <string.h>
2b9912e6	23	#include <u-boot/sha1.h>
566a494f	24
8201b806 LP	25	#include <linux/compiler_attributes.h>
8201b806 LP	26
da29f299 AD	27	const uint8_t sha1_der_prefix[SHA1_DER_LEN] = {
	28	0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
	29	0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
	30	};
	31
566a494f HS	32	/*
	33	* 32-bit integer manipulation macros (big endian)
	34	*/
	35	#ifndef GET_UINT32_BE
4ef218f6 WD	36	#define GET_UINT32_BE(n,b,i) { \
	37	(n) = ( (unsigned long) (b)[(i) ] << 24 ) \
	38	\| ( (unsigned long) (b)[(i) + 1] << 16 ) \
	39	\| ( (unsigned long) (b)[(i) + 2] << 8 ) \
	40	\| ( (unsigned long) (b)[(i) + 3] ); \
566a494f HS	41	}
	42	#endif
	43	#ifndef PUT_UINT32_BE
4ef218f6 WD	44	#define PUT_UINT32_BE(n,b,i) { \
	45	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
	46	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
	47	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
	48	(b)[(i) + 3] = (unsigned char) ( (n) ); \
566a494f HS	49	}
	50	#endif
	51
	52	/*
	53	* SHA-1 context setup
	54	*/
4ef218f6	55	void sha1_starts (sha1_context * ctx)
566a494f	56	{
4ef218f6 WD	57	ctx->total[0] = 0;
	58	ctx->total[1] = 0;
	59
	60	ctx->state[0] = 0x67452301;
	61	ctx->state[1] = 0xEFCDAB89;
	62	ctx->state[2] = 0x98BADCFE;
	63	ctx->state[3] = 0x10325476;
	64	ctx->state[4] = 0xC3D2E1F0;
566a494f HS	65	}
566a494f HS	66
8201b806	67	static void __maybe_unused sha1_process_one(sha1_context *ctx, const unsigned char data[64])
566a494f	68	{
4ef218f6 WD	69	unsigned long temp, W[16], A, B, C, D, E;
	70
	71	GET_UINT32_BE (W[0], data, 0);
	72	GET_UINT32_BE (W[1], data, 4);
	73	GET_UINT32_BE (W[2], data, 8);
	74	GET_UINT32_BE (W[3], data, 12);
	75	GET_UINT32_BE (W[4], data, 16);
	76	GET_UINT32_BE (W[5], data, 20);
	77	GET_UINT32_BE (W[6], data, 24);
	78	GET_UINT32_BE (W[7], data, 28);
	79	GET_UINT32_BE (W[8], data, 32);
	80	GET_UINT32_BE (W[9], data, 36);
	81	GET_UINT32_BE (W[10], data, 40);
	82	GET_UINT32_BE (W[11], data, 44);
	83	GET_UINT32_BE (W[12], data, 48);
	84	GET_UINT32_BE (W[13], data, 52);
	85	GET_UINT32_BE (W[14], data, 56);
	86	GET_UINT32_BE (W[15], data, 60);
	87
	88	#define S(x,n) ((x << n) \| ((x & 0xFFFFFFFF) >> (32 - n)))
	89
	90	#define R(t) ( \
	91	temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
	92	W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
	93	( W[t & 0x0F] = S(temp,1) ) \
566a494f HS	94	)
566a494f HS	95
4ef218f6 WD	96	#define P(a,b,c,d,e,x) { \
4ef218f6 WD	97	e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
566a494f HS	98	}
566a494f HS	99
4ef218f6 WD	100	A = ctx->state[0];
	101	B = ctx->state[1];
	102	C = ctx->state[2];
	103	D = ctx->state[3];
	104	E = ctx->state[4];
566a494f HS	105
	106	#define F(x,y,z) (z ^ (x & (y ^ z)))
	107	#define K 0x5A827999
	108
4ef218f6 WD	109	P (A, B, C, D, E, W[0]);
	110	P (E, A, B, C, D, W[1]);
	111	P (D, E, A, B, C, W[2]);
	112	P (C, D, E, A, B, W[3]);
	113	P (B, C, D, E, A, W[4]);
	114	P (A, B, C, D, E, W[5]);
	115	P (E, A, B, C, D, W[6]);
	116	P (D, E, A, B, C, W[7]);
	117	P (C, D, E, A, B, W[8]);
	118	P (B, C, D, E, A, W[9]);
	119	P (A, B, C, D, E, W[10]);
	120	P (E, A, B, C, D, W[11]);
	121	P (D, E, A, B, C, W[12]);
	122	P (C, D, E, A, B, W[13]);
	123	P (B, C, D, E, A, W[14]);
	124	P (A, B, C, D, E, W[15]);
	125	P (E, A, B, C, D, R (16));
	126	P (D, E, A, B, C, R (17));
	127	P (C, D, E, A, B, R (18));
	128	P (B, C, D, E, A, R (19));
566a494f HS	129
	130	#undef K
	131	#undef F
	132
	133	#define F(x,y,z) (x ^ y ^ z)
	134	#define K 0x6ED9EBA1
	135
4ef218f6 WD	136	P (A, B, C, D, E, R (20));
	137	P (E, A, B, C, D, R (21));
	138	P (D, E, A, B, C, R (22));
	139	P (C, D, E, A, B, R (23));
	140	P (B, C, D, E, A, R (24));
	141	P (A, B, C, D, E, R (25));
	142	P (E, A, B, C, D, R (26));
	143	P (D, E, A, B, C, R (27));
	144	P (C, D, E, A, B, R (28));
	145	P (B, C, D, E, A, R (29));
	146	P (A, B, C, D, E, R (30));
	147	P (E, A, B, C, D, R (31));
	148	P (D, E, A, B, C, R (32));
	149	P (C, D, E, A, B, R (33));
	150	P (B, C, D, E, A, R (34));
	151	P (A, B, C, D, E, R (35));
	152	P (E, A, B, C, D, R (36));
	153	P (D, E, A, B, C, R (37));
	154	P (C, D, E, A, B, R (38));
	155	P (B, C, D, E, A, R (39));
566a494f HS	156
	157	#undef K
	158	#undef F
	159
	160	#define F(x,y,z) ((x & y) \| (z & (x \| y)))
	161	#define K 0x8F1BBCDC
	162
4ef218f6 WD	163	P (A, B, C, D, E, R (40));
	164	P (E, A, B, C, D, R (41));
	165	P (D, E, A, B, C, R (42));
	166	P (C, D, E, A, B, R (43));
	167	P (B, C, D, E, A, R (44));
	168	P (A, B, C, D, E, R (45));
	169	P (E, A, B, C, D, R (46));
	170	P (D, E, A, B, C, R (47));
	171	P (C, D, E, A, B, R (48));
	172	P (B, C, D, E, A, R (49));
	173	P (A, B, C, D, E, R (50));
	174	P (E, A, B, C, D, R (51));
	175	P (D, E, A, B, C, R (52));
	176	P (C, D, E, A, B, R (53));
	177	P (B, C, D, E, A, R (54));
	178	P (A, B, C, D, E, R (55));
	179	P (E, A, B, C, D, R (56));
	180	P (D, E, A, B, C, R (57));
	181	P (C, D, E, A, B, R (58));
	182	P (B, C, D, E, A, R (59));
566a494f HS	183
	184	#undef K
	185	#undef F
	186
	187	#define F(x,y,z) (x ^ y ^ z)
	188	#define K 0xCA62C1D6
	189
4ef218f6 WD	190	P (A, B, C, D, E, R (60));
	191	P (E, A, B, C, D, R (61));
	192	P (D, E, A, B, C, R (62));
	193	P (C, D, E, A, B, R (63));
	194	P (B, C, D, E, A, R (64));
	195	P (A, B, C, D, E, R (65));
	196	P (E, A, B, C, D, R (66));
	197	P (D, E, A, B, C, R (67));
	198	P (C, D, E, A, B, R (68));
	199	P (B, C, D, E, A, R (69));
	200	P (A, B, C, D, E, R (70));
	201	P (E, A, B, C, D, R (71));
	202	P (D, E, A, B, C, R (72));
	203	P (C, D, E, A, B, R (73));
	204	P (B, C, D, E, A, R (74));
	205	P (A, B, C, D, E, R (75));
	206	P (E, A, B, C, D, R (76));
	207	P (D, E, A, B, C, R (77));
	208	P (C, D, E, A, B, R (78));
	209	P (B, C, D, E, A, R (79));
566a494f HS	210
	211	#undef K
	212	#undef F
	213
4ef218f6 WD	214	ctx->state[0] += A;
	215	ctx->state[1] += B;
	216	ctx->state[2] += C;
	217	ctx->state[3] += D;
	218	ctx->state[4] += E;
566a494f HS	219	}
566a494f HS	220
8201b806 LP	221	__weak void sha1_process(sha1_context ctx, const unsigned char data,
	222	unsigned int blocks)
	223	{
	224	if (!blocks)
	225	return;
	226
	227	while (blocks--) {
	228	sha1_process_one(ctx, data);
	229	data += 64;
	230	}
	231	}
	232
566a494f HS	233	/*
	234	* SHA-1 process buffer
	235	*/
a7d1d765 SG	236	void sha1_update(sha1_context ctx, const unsigned char input,
a7d1d765 SG	237	unsigned int ilen)
566a494f	238	{
4ef218f6 WD	239	int fill;
	240	unsigned long left;
	241
	242	if (ilen <= 0)
	243	return;
	244
	245	left = ctx->total[0] & 0x3F;
	246	fill = 64 - left;
	247
	248	ctx->total[0] += ilen;
	249	ctx->total[0] &= 0xFFFFFFFF;
	250
	251	if (ctx->total[0] < (unsigned long) ilen)
	252	ctx->total[1]++;
	253
	254	if (left && ilen >= fill) {
	255	memcpy ((void ) (ctx->buffer + left), (void ) input, fill);
8201b806	256	sha1_process(ctx, ctx->buffer, 1);
4ef218f6 WD	257	input += fill;
	258	ilen -= fill;
	259	left = 0;
	260	}
	261
8201b806 LP	262	sha1_process(ctx, input, ilen / 64);
	263	input += ilen / 64 * 64;
	264	ilen = ilen % 64;
4ef218f6 WD	265
	266	if (ilen > 0) {
	267	memcpy ((void ) (ctx->buffer + left), (void ) input, ilen);
	268	}
566a494f HS	269	}
566a494f HS	270
4ef218f6 WD	271	static const unsigned char sha1_padding[64] = {
	272	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	273	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	274	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	275	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
566a494f HS	276	};
	277
	278	/*
	279	* SHA-1 final digest
	280	*/
4ef218f6	281	void sha1_finish (sha1_context * ctx, unsigned char output[20])
566a494f	282	{
4ef218f6 WD	283	unsigned long last, padn;
	284	unsigned long high, low;
	285	unsigned char msglen[8];
566a494f	286
4ef218f6 WD	287	high = (ctx->total[0] >> 29)
	288	\| (ctx->total[1] << 3);
	289	low = (ctx->total[0] << 3);
566a494f	290
4ef218f6 WD	291	PUT_UINT32_BE (high, msglen, 0);
4ef218f6 WD	292	PUT_UINT32_BE (low, msglen, 4);
566a494f	293
4ef218f6 WD	294	last = ctx->total[0] & 0x3F;
4ef218f6 WD	295	padn = (last < 56) ? (56 - last) : (120 - last);
566a494f	296
4ef218f6 WD	297	sha1_update (ctx, (unsigned char *) sha1_padding, padn);
4ef218f6 WD	298	sha1_update (ctx, msglen, 8);
566a494f	299
4ef218f6 WD	300	PUT_UINT32_BE (ctx->state[0], output, 0);
	301	PUT_UINT32_BE (ctx->state[1], output, 4);
	302	PUT_UINT32_BE (ctx->state[2], output, 8);
	303	PUT_UINT32_BE (ctx->state[3], output, 12);
	304	PUT_UINT32_BE (ctx->state[4], output, 16);
566a494f HS	305	}
566a494f HS	306
215b01bb BS	307	/*
	308	* Output = SHA-1( input buffer ). Trigger the watchdog every 'chunk_sz'
	309	* bytes of input processed.
	310	*/
a7d1d765 SG	311	void sha1_csum_wd(const unsigned char *input, unsigned int ilen,
a7d1d765 SG	312	unsigned char *output, unsigned int chunk_sz)
215b01bb BS	313	{
	314	sha1_context ctx;
	315	#if defined(CONFIG_HW_WATCHDOG) \|\| defined(CONFIG_WATCHDOG)
a7d1d765	316	const unsigned char end, curr;
215b01bb BS	317	int chunk;
	318	#endif
	319
	320	sha1_starts (&ctx);
	321
	322	#if defined(CONFIG_HW_WATCHDOG) \|\| defined(CONFIG_WATCHDOG)
	323	curr = input;
	324	end = input + ilen;
	325	while (curr < end) {
	326	chunk = end - curr;
	327	if (chunk > chunk_sz)
	328	chunk = chunk_sz;
	329	sha1_update (&ctx, curr, chunk);
	330	curr += chunk;
29caf930	331	schedule();
215b01bb BS	332	}
	333	#else
	334	sha1_update (&ctx, input, ilen);
	335	#endif
	336
	337	sha1_finish (&ctx, output);
	338	}
	339
566a494f HS	340	/*
	341	* Output = HMAC-SHA-1( input buffer, hmac key )
	342	*/
a7d1d765 SG	343	void sha1_hmac(const unsigned char *key, int keylen,
	344	const unsigned char *input, unsigned int ilen,
	345	unsigned char *output)
566a494f	346	{
4ef218f6 WD	347	int i;
	348	sha1_context ctx;
	349	unsigned char k_ipad[64];
	350	unsigned char k_opad[64];
	351	unsigned char tmpbuf[20];
	352
	353	memset (k_ipad, 0x36, 64);
	354	memset (k_opad, 0x5C, 64);
	355
	356	for (i = 0; i < keylen; i++) {
	357	if (i >= 64)
	358	break;
	359
	360	k_ipad[i] ^= key[i];
	361	k_opad[i] ^= key[i];
	362	}
	363
	364	sha1_starts (&ctx);
	365	sha1_update (&ctx, k_ipad, 64);
	366	sha1_update (&ctx, input, ilen);
	367	sha1_finish (&ctx, tmpbuf);
	368
	369	sha1_starts (&ctx);
	370	sha1_update (&ctx, k_opad, 64);
	371	sha1_update (&ctx, tmpbuf, 20);
	372	sha1_finish (&ctx, output);
	373
	374	memset (k_ipad, 0, 64);
	375	memset (k_opad, 0, 64);
	376	memset (tmpbuf, 0, 20);
	377	memset (&ctx, 0, sizeof (sha1_context));
566a494f HS	378	}
566a494f HS	379
566a494f HS	380	#ifdef SELF_TEST
	381	/*
	382	* FIPS-180-1 test vectors
	383	*/
4ef218f6 WD	384	static const char sha1_test_str[3][57] = {
	385	{"abc"},
	386	{"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"},
	387	{""}
566a494f HS	388	};
566a494f HS	389
4ef218f6 WD	390	static const unsigned char sha1_test_sum[3][20] = {
	391	{0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
	392	0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D},
	393	{0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
	394	0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1},
	395	{0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
	396	0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F}
566a494f HS	397	};
	398
	399	/*
	400	* Checkup routine
	401	*/
4ef218f6	402	int sha1_self_test (void)
566a494f	403	{
4ef218f6 WD	404	int i, j;
	405	unsigned char buf[1000];
	406	unsigned char sha1sum[20];
	407	sha1_context ctx;
	408
	409	for (i = 0; i < 3; i++) {
	410	printf (" SHA-1 test #%d: ", i + 1);
	411
	412	sha1_starts (&ctx);
	413
	414	if (i < 2)
	415	sha1_update (&ctx, (unsigned char *) sha1_test_str[i],
	416	strlen (sha1_test_str[i]));
	417	else {
	418	memset (buf, 'a', 1000);
	419	for (j = 0; j < 1000; j++)
	420	sha1_update (&ctx, buf, 1000);
	421	}
	422
	423	sha1_finish (&ctx, sha1sum);
	424
	425	if (memcmp (sha1sum, sha1_test_sum[i], 20) != 0) {
	426	printf ("failed\n");
	427	return (1);
	428	}
	429
	430	printf ("passed\n");
	431	}
	432
	433	printf ("\n");
	434	return (0);
566a494f HS	435	}
566a494f HS	436	#else
4ef218f6	437	int sha1_self_test (void)
566a494f	438	{
4ef218f6	439	return (0);
566a494f HS	440	}
566a494f HS	441	#endif