[J-u-boot.git] / lib / sha1.c

// SPDX-License-Identifier: LGPL-2.1
/*
 *  Heiko Schocher, DENX Software Engineering, [email protected].
 *  based on:
 *  FIPS-180-1 compliant SHA-1 implementation
 *
 *  Copyright (C) 2003-2006  Christophe Devine
 */
/*
 *  The SHA-1 standard was published by NIST in 1993.
 *
 *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
 */

#ifndef _CRT_SECURE_NO_DEPRECATE
#define _CRT_SECURE_NO_DEPRECATE 1
#endif

#ifndef USE_HOSTCC
#include <u-boot/schedule.h>
#endif /* USE_HOSTCC */
#include <string.h>
#include <u-boot/sha1.h>

#include <linux/compiler_attributes.h>

const uint8_t sha1_der_prefix[SHA1_DER_LEN] = {
	0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
	0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
};

/*
 * 32-bit integer manipulation macros (big endian)
 */
#ifndef GET_UINT32_BE
#define GET_UINT32_BE(n,b,i) {				\
	(n) = ( (unsigned long) (b)[(i)    ] << 24 )	\
	    | ( (unsigned long) (b)[(i) + 1] << 16 )	\
	    | ( (unsigned long) (b)[(i) + 2] <<  8 )	\
	    | ( (unsigned long) (b)[(i) + 3]       );	\
}
#endif
#ifndef PUT_UINT32_BE
#define PUT_UINT32_BE(n,b,i) {				\
	(b)[(i)    ] = (unsigned char) ( (n) >> 24 );	\
	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 );	\
	(b)[(i) + 2] = (unsigned char) ( (n) >>  8 );	\
	(b)[(i) + 3] = (unsigned char) ( (n)       );	\
}
#endif

/*
 * SHA-1 context setup
 */
void sha1_starts (sha1_context * ctx)
{
	ctx->total[0] = 0;
	ctx->total[1] = 0;

	ctx->state[0] = 0x67452301;
	ctx->state[1] = 0xEFCDAB89;
	ctx->state[2] = 0x98BADCFE;
	ctx->state[3] = 0x10325476;
	ctx->state[4] = 0xC3D2E1F0;
}

static void __maybe_unused sha1_process_one(sha1_context *ctx, const unsigned char data[64])
{
	unsigned long temp, W[16], A, B, C, D, E;

	GET_UINT32_BE (W[0], data, 0);
	GET_UINT32_BE (W[1], data, 4);
	GET_UINT32_BE (W[2], data, 8);
	GET_UINT32_BE (W[3], data, 12);
	GET_UINT32_BE (W[4], data, 16);
	GET_UINT32_BE (W[5], data, 20);
	GET_UINT32_BE (W[6], data, 24);
	GET_UINT32_BE (W[7], data, 28);
	GET_UINT32_BE (W[8], data, 32);
	GET_UINT32_BE (W[9], data, 36);
	GET_UINT32_BE (W[10], data, 40);
	GET_UINT32_BE (W[11], data, 44);
	GET_UINT32_BE (W[12], data, 48);
	GET_UINT32_BE (W[13], data, 52);
	GET_UINT32_BE (W[14], data, 56);
	GET_UINT32_BE (W[15], data, 60);

#define S(x,n)	((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))

#define R(t) (						\
	temp = W[(t -  3) & 0x0F] ^ W[(t - 8) & 0x0F] ^	\
	       W[(t - 14) & 0x0F] ^ W[ t      & 0x0F],	\
	( W[t & 0x0F] = S(temp,1) )			\
)

#define P(a,b,c,d,e,x)	{				\
	e += S(a,5) + F(b,c,d) + K + x; b = S(b,30);	\
}

	A = ctx->state[0];
	B = ctx->state[1];
	C = ctx->state[2];
	D = ctx->state[3];
	E = ctx->state[4];

#define F(x,y,z) (z ^ (x & (y ^ z)))
#define K 0x5A827999

	P (A, B, C, D, E, W[0]);
	P (E, A, B, C, D, W[1]);
	P (D, E, A, B, C, W[2]);
	P (C, D, E, A, B, W[3]);
	P (B, C, D, E, A, W[4]);
	P (A, B, C, D, E, W[5]);
	P (E, A, B, C, D, W[6]);
	P (D, E, A, B, C, W[7]);
	P (C, D, E, A, B, W[8]);
	P (B, C, D, E, A, W[9]);
	P (A, B, C, D, E, W[10]);
	P (E, A, B, C, D, W[11]);
	P (D, E, A, B, C, W[12]);
	P (C, D, E, A, B, W[13]);
	P (B, C, D, E, A, W[14]);
	P (A, B, C, D, E, W[15]);
	P (E, A, B, C, D, R (16));
	P (D, E, A, B, C, R (17));
	P (C, D, E, A, B, R (18));
	P (B, C, D, E, A, R (19));

#undef K
#undef F

#define F(x,y,z) (x ^ y ^ z)
#define K 0x6ED9EBA1

	P (A, B, C, D, E, R (20));
	P (E, A, B, C, D, R (21));
	P (D, E, A, B, C, R (22));
	P (C, D, E, A, B, R (23));
	P (B, C, D, E, A, R (24));
	P (A, B, C, D, E, R (25));
	P (E, A, B, C, D, R (26));
	P (D, E, A, B, C, R (27));
	P (C, D, E, A, B, R (28));
	P (B, C, D, E, A, R (29));
	P (A, B, C, D, E, R (30));
	P (E, A, B, C, D, R (31));
	P (D, E, A, B, C, R (32));
	P (C, D, E, A, B, R (33));
	P (B, C, D, E, A, R (34));
	P (A, B, C, D, E, R (35));
	P (E, A, B, C, D, R (36));
	P (D, E, A, B, C, R (37));
	P (C, D, E, A, B, R (38));
	P (B, C, D, E, A, R (39));

#undef K
#undef F

#define F(x,y,z) ((x & y) | (z & (x | y)))
#define K 0x8F1BBCDC

	P (A, B, C, D, E, R (40));
	P (E, A, B, C, D, R (41));
	P (D, E, A, B, C, R (42));
	P (C, D, E, A, B, R (43));
	P (B, C, D, E, A, R (44));
	P (A, B, C, D, E, R (45));
	P (E, A, B, C, D, R (46));
	P (D, E, A, B, C, R (47));
	P (C, D, E, A, B, R (48));
	P (B, C, D, E, A, R (49));
	P (A, B, C, D, E, R (50));
	P (E, A, B, C, D, R (51));
	P (D, E, A, B, C, R (52));
	P (C, D, E, A, B, R (53));
	P (B, C, D, E, A, R (54));
	P (A, B, C, D, E, R (55));
	P (E, A, B, C, D, R (56));
	P (D, E, A, B, C, R (57));
	P (C, D, E, A, B, R (58));
	P (B, C, D, E, A, R (59));

#undef K
#undef F

#define F(x,y,z) (x ^ y ^ z)
#define K 0xCA62C1D6

	P (A, B, C, D, E, R (60));
	P (E, A, B, C, D, R (61));
	P (D, E, A, B, C, R (62));
	P (C, D, E, A, B, R (63));
	P (B, C, D, E, A, R (64));
	P (A, B, C, D, E, R (65));
	P (E, A, B, C, D, R (66));
	P (D, E, A, B, C, R (67));
	P (C, D, E, A, B, R (68));
	P (B, C, D, E, A, R (69));
	P (A, B, C, D, E, R (70));
	P (E, A, B, C, D, R (71));
	P (D, E, A, B, C, R (72));
	P (C, D, E, A, B, R (73));
	P (B, C, D, E, A, R (74));
	P (A, B, C, D, E, R (75));
	P (E, A, B, C, D, R (76));
	P (D, E, A, B, C, R (77));
	P (C, D, E, A, B, R (78));
	P (B, C, D, E, A, R (79));

#undef K
#undef F

	ctx->state[0] += A;
	ctx->state[1] += B;
	ctx->state[2] += C;
	ctx->state[3] += D;
	ctx->state[4] += E;
}

__weak void sha1_process(sha1_context *ctx, const unsigned char *data,
			 unsigned int blocks)
{
	if (!blocks)
		return;

	while (blocks--) {
		sha1_process_one(ctx, data);
		data += 64;
	}
}

/*
 * SHA-1 process buffer
 */
void sha1_update(sha1_context *ctx, const unsigned char *input,
		 unsigned int ilen)
{
	int fill;
	unsigned long left;

	if (ilen <= 0)
		return;

	left = ctx->total[0] & 0x3F;
	fill = 64 - left;

	ctx->total[0] += ilen;
	ctx->total[0] &= 0xFFFFFFFF;

	if (ctx->total[0] < (unsigned long) ilen)
		ctx->total[1]++;

	if (left && ilen >= fill) {
		memcpy ((void *) (ctx->buffer + left), (void *) input, fill);
		sha1_process(ctx, ctx->buffer, 1);
		input += fill;
		ilen -= fill;
		left = 0;
	}

	sha1_process(ctx, input, ilen / 64);
	input += ilen / 64 * 64;
	ilen = ilen % 64;

	if (ilen > 0) {
		memcpy ((void *) (ctx->buffer + left), (void *) input, ilen);
	}
}

static const unsigned char sha1_padding[64] = {
	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	   0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};

/*
 * SHA-1 final digest
 */
void sha1_finish (sha1_context * ctx, unsigned char output[20])
{
	unsigned long last, padn;
	unsigned long high, low;
	unsigned char msglen[8];

	high = (ctx->total[0] >> 29)
		| (ctx->total[1] << 3);
	low = (ctx->total[0] << 3);

	PUT_UINT32_BE (high, msglen, 0);
	PUT_UINT32_BE (low, msglen, 4);

	last = ctx->total[0] & 0x3F;
	padn = (last < 56) ? (56 - last) : (120 - last);

	sha1_update (ctx, (unsigned char *) sha1_padding, padn);
	sha1_update (ctx, msglen, 8);

	PUT_UINT32_BE (ctx->state[0], output, 0);
	PUT_UINT32_BE (ctx->state[1], output, 4);
	PUT_UINT32_BE (ctx->state[2], output, 8);
	PUT_UINT32_BE (ctx->state[3], output, 12);
	PUT_UINT32_BE (ctx->state[4], output, 16);
}

/*
 * Output = SHA-1( input buffer ). Trigger the watchdog every 'chunk_sz'
 * bytes of input processed.
 */
void sha1_csum_wd(const unsigned char *input, unsigned int ilen,
		  unsigned char *output, unsigned int chunk_sz)
{
	sha1_context ctx;
#if !defined(USE_HOSTCC) && \
    (defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG))
	const unsigned char *end, *curr;
	int chunk;
#endif

	sha1_starts (&ctx);

#if !defined(USE_HOSTCC) && \
    (defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG))
	curr = input;
	end = input + ilen;
	while (curr < end) {
		chunk = end - curr;
		if (chunk > chunk_sz)
			chunk = chunk_sz;
		sha1_update (&ctx, curr, chunk);
		curr += chunk;
		schedule();
	}
#else
	sha1_update (&ctx, input, ilen);
#endif

	sha1_finish (&ctx, output);
}

/*
 * Output = HMAC-SHA-1( input buffer, hmac key )
 */
void sha1_hmac(const unsigned char *key, int keylen,
	       const unsigned char *input, unsigned int ilen,
	       unsigned char *output)
{
	int i;
	sha1_context ctx;
	unsigned char k_ipad[64];
	unsigned char k_opad[64];
	unsigned char tmpbuf[20];

	memset (k_ipad, 0x36, 64);
	memset (k_opad, 0x5C, 64);

	for (i = 0; i < keylen; i++) {
		if (i >= 64)
			break;

		k_ipad[i] ^= key[i];
		k_opad[i] ^= key[i];
	}

	sha1_starts (&ctx);
	sha1_update (&ctx, k_ipad, 64);
	sha1_update (&ctx, input, ilen);
	sha1_finish (&ctx, tmpbuf);

	sha1_starts (&ctx);
	sha1_update (&ctx, k_opad, 64);
	sha1_update (&ctx, tmpbuf, 20);
	sha1_finish (&ctx, output);

	memset (k_ipad, 0, 64);
	memset (k_opad, 0, 64);
	memset (tmpbuf, 0, 20);
	memset (&ctx, 0, sizeof (sha1_context));
}

#ifdef SELF_TEST
/*
 * FIPS-180-1 test vectors
 */
static const char sha1_test_str[3][57] = {
	{"abc"},
	{"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"},
	{""}
};

static const unsigned char sha1_test_sum[3][20] = {
	{0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
	 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D},
	{0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
	 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1},
	{0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
	 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F}
};

/*
 * Checkup routine
 */
int sha1_self_test (void)
{
	int i, j;
	unsigned char buf[1000];
	unsigned char sha1sum[20];
	sha1_context ctx;

	for (i = 0; i < 3; i++) {
		printf ("  SHA-1 test #%d: ", i + 1);

		sha1_starts (&ctx);

		if (i < 2)
			sha1_update (&ctx, (unsigned char *) sha1_test_str[i],
				     strlen (sha1_test_str[i]));
		else {
			memset (buf, 'a', 1000);
			for (j = 0; j < 1000; j++)
				sha1_update (&ctx, buf, 1000);
		}

		sha1_finish (&ctx, sha1sum);

		if (memcmp (sha1sum, sha1_test_sum[i], 20) != 0) {
			printf ("failed\n");
			return (1);
		}

		printf ("passed\n");
	}

	printf ("\n");
	return (0);
}
#else
int sha1_self_test (void)
{
	return (0);
}
#endif
Commit	Line	Data
83d290c5	1	// SPDX-License-Identifier: LGPL-2.1
566a494f HS	2	/*
	3	* Heiko Schocher, DENX Software Engineering, [email protected].
	4	* based on:
	5	* FIPS-180-1 compliant SHA-1 implementation
	6	*
	7	* Copyright (C) 2003-2006 Christophe Devine
566a494f HS	8	*/
	9	/*
	10	* The SHA-1 standard was published by NIST in 1993.
	11	*
	12	* http://www.itl.nist.gov/fipspubs/fip180-1.htm
	13	*/
	14
	15	#ifndef _CRT_SECURE_NO_DEPRECATE
	16	#define _CRT_SECURE_NO_DEPRECATE 1
	17	#endif
	18
7590378f	19	#ifndef USE_HOSTCC
ed8a807d	20	#include <u-boot/schedule.h>
7590378f	21	#endif /* USE_HOSTCC */
bc9c7ccc	22	#include <string.h>
2b9912e6	23	#include <u-boot/sha1.h>
566a494f	24
8201b806 LP	25	#include <linux/compiler_attributes.h>
8201b806 LP	26
da29f299 AD	27	const uint8_t sha1_der_prefix[SHA1_DER_LEN] = {
	28	0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
	29	0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
	30	};
	31
566a494f HS	32	/*
	33	* 32-bit integer manipulation macros (big endian)
	34	*/
	35	#ifndef GET_UINT32_BE
4ef218f6 WD	36	#define GET_UINT32_BE(n,b,i) { \
	37	(n) = ( (unsigned long) (b)[(i) ] << 24 ) \
	38	\| ( (unsigned long) (b)[(i) + 1] << 16 ) \
	39	\| ( (unsigned long) (b)[(i) + 2] << 8 ) \
	40	\| ( (unsigned long) (b)[(i) + 3] ); \
566a494f HS	41	}
	42	#endif
	43	#ifndef PUT_UINT32_BE
4ef218f6 WD	44	#define PUT_UINT32_BE(n,b,i) { \
	45	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
	46	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
	47	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
	48	(b)[(i) + 3] = (unsigned char) ( (n) ); \
566a494f HS	49	}
	50	#endif
	51
	52	/*
	53	* SHA-1 context setup
	54	*/
4ef218f6	55	void sha1_starts (sha1_context * ctx)
566a494f	56	{
4ef218f6 WD	57	ctx->total[0] = 0;
	58	ctx->total[1] = 0;
	59
	60	ctx->state[0] = 0x67452301;
	61	ctx->state[1] = 0xEFCDAB89;
	62	ctx->state[2] = 0x98BADCFE;
	63	ctx->state[3] = 0x10325476;
	64	ctx->state[4] = 0xC3D2E1F0;
566a494f HS	65	}
566a494f HS	66
8201b806	67	static void __maybe_unused sha1_process_one(sha1_context *ctx, const unsigned char data[64])
566a494f	68	{
4ef218f6 WD	69	unsigned long temp, W[16], A, B, C, D, E;
	70
	71	GET_UINT32_BE (W[0], data, 0);
	72	GET_UINT32_BE (W[1], data, 4);
	73	GET_UINT32_BE (W[2], data, 8);
	74	GET_UINT32_BE (W[3], data, 12);
	75	GET_UINT32_BE (W[4], data, 16);
	76	GET_UINT32_BE (W[5], data, 20);
	77	GET_UINT32_BE (W[6], data, 24);
	78	GET_UINT32_BE (W[7], data, 28);
	79	GET_UINT32_BE (W[8], data, 32);
	80	GET_UINT32_BE (W[9], data, 36);
	81	GET_UINT32_BE (W[10], data, 40);
	82	GET_UINT32_BE (W[11], data, 44);
	83	GET_UINT32_BE (W[12], data, 48);
	84	GET_UINT32_BE (W[13], data, 52);
	85	GET_UINT32_BE (W[14], data, 56);
	86	GET_UINT32_BE (W[15], data, 60);
	87
	88	#define S(x,n) ((x << n) \| ((x & 0xFFFFFFFF) >> (32 - n)))
	89
	90	#define R(t) ( \
	91	temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
	92	W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
	93	( W[t & 0x0F] = S(temp,1) ) \
566a494f HS	94	)
566a494f HS	95
4ef218f6 WD	96	#define P(a,b,c,d,e,x) { \
4ef218f6 WD	97	e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
566a494f HS	98	}
566a494f HS	99
4ef218f6 WD	100	A = ctx->state[0];
	101	B = ctx->state[1];
	102	C = ctx->state[2];
	103	D = ctx->state[3];
	104	E = ctx->state[4];
566a494f HS	105
	106	#define F(x,y,z) (z ^ (x & (y ^ z)))
	107	#define K 0x5A827999
	108
4ef218f6 WD	109	P (A, B, C, D, E, W[0]);
	110	P (E, A, B, C, D, W[1]);
	111	P (D, E, A, B, C, W[2]);
	112	P (C, D, E, A, B, W[3]);
	113	P (B, C, D, E, A, W[4]);
	114	P (A, B, C, D, E, W[5]);
	115	P (E, A, B, C, D, W[6]);
	116	P (D, E, A, B, C, W[7]);
	117	P (C, D, E, A, B, W[8]);
	118	P (B, C, D, E, A, W[9]);
	119	P (A, B, C, D, E, W[10]);
	120	P (E, A, B, C, D, W[11]);
	121	P (D, E, A, B, C, W[12]);
	122	P (C, D, E, A, B, W[13]);
	123	P (B, C, D, E, A, W[14]);
	124	P (A, B, C, D, E, W[15]);
	125	P (E, A, B, C, D, R (16));
	126	P (D, E, A, B, C, R (17));
	127	P (C, D, E, A, B, R (18));
	128	P (B, C, D, E, A, R (19));
566a494f HS	129
	130	#undef K
	131	#undef F
	132
	133	#define F(x,y,z) (x ^ y ^ z)
	134	#define K 0x6ED9EBA1
	135
4ef218f6 WD	136	P (A, B, C, D, E, R (20));
	137	P (E, A, B, C, D, R (21));
	138	P (D, E, A, B, C, R (22));
	139	P (C, D, E, A, B, R (23));
	140	P (B, C, D, E, A, R (24));
	141	P (A, B, C, D, E, R (25));
	142	P (E, A, B, C, D, R (26));
	143	P (D, E, A, B, C, R (27));
	144	P (C, D, E, A, B, R (28));
	145	P (B, C, D, E, A, R (29));
	146	P (A, B, C, D, E, R (30));
	147	P (E, A, B, C, D, R (31));
	148	P (D, E, A, B, C, R (32));
	149	P (C, D, E, A, B, R (33));
	150	P (B, C, D, E, A, R (34));
	151	P (A, B, C, D, E, R (35));
	152	P (E, A, B, C, D, R (36));
	153	P (D, E, A, B, C, R (37));
	154	P (C, D, E, A, B, R (38));
	155	P (B, C, D, E, A, R (39));
566a494f HS	156
	157	#undef K
	158	#undef F
	159
	160	#define F(x,y,z) ((x & y) \| (z & (x \| y)))
	161	#define K 0x8F1BBCDC
	162
4ef218f6 WD	163	P (A, B, C, D, E, R (40));
	164	P (E, A, B, C, D, R (41));
	165	P (D, E, A, B, C, R (42));
	166	P (C, D, E, A, B, R (43));
	167	P (B, C, D, E, A, R (44));
	168	P (A, B, C, D, E, R (45));
	169	P (E, A, B, C, D, R (46));
	170	P (D, E, A, B, C, R (47));
	171	P (C, D, E, A, B, R (48));
	172	P (B, C, D, E, A, R (49));
	173	P (A, B, C, D, E, R (50));
	174	P (E, A, B, C, D, R (51));
	175	P (D, E, A, B, C, R (52));
	176	P (C, D, E, A, B, R (53));
	177	P (B, C, D, E, A, R (54));
	178	P (A, B, C, D, E, R (55));
	179	P (E, A, B, C, D, R (56));
	180	P (D, E, A, B, C, R (57));
	181	P (C, D, E, A, B, R (58));
	182	P (B, C, D, E, A, R (59));
566a494f HS	183
	184	#undef K
	185	#undef F
	186
	187	#define F(x,y,z) (x ^ y ^ z)
	188	#define K 0xCA62C1D6
	189
4ef218f6 WD	190	P (A, B, C, D, E, R (60));
	191	P (E, A, B, C, D, R (61));
	192	P (D, E, A, B, C, R (62));
	193	P (C, D, E, A, B, R (63));
	194	P (B, C, D, E, A, R (64));
	195	P (A, B, C, D, E, R (65));
	196	P (E, A, B, C, D, R (66));
	197	P (D, E, A, B, C, R (67));
	198	P (C, D, E, A, B, R (68));
	199	P (B, C, D, E, A, R (69));
	200	P (A, B, C, D, E, R (70));
	201	P (E, A, B, C, D, R (71));
	202	P (D, E, A, B, C, R (72));
	203	P (C, D, E, A, B, R (73));
	204	P (B, C, D, E, A, R (74));
	205	P (A, B, C, D, E, R (75));
	206	P (E, A, B, C, D, R (76));
	207	P (D, E, A, B, C, R (77));
	208	P (C, D, E, A, B, R (78));
	209	P (B, C, D, E, A, R (79));
566a494f HS	210
	211	#undef K
	212	#undef F
	213
4ef218f6 WD	214	ctx->state[0] += A;
	215	ctx->state[1] += B;
	216	ctx->state[2] += C;
	217	ctx->state[3] += D;
	218	ctx->state[4] += E;
566a494f HS	219	}
566a494f HS	220
8201b806 LP	221	__weak void sha1_process(sha1_context ctx, const unsigned char data,
	222	unsigned int blocks)
	223	{
	224	if (!blocks)
	225	return;
	226
	227	while (blocks--) {
	228	sha1_process_one(ctx, data);
	229	data += 64;
	230	}
	231	}
	232
566a494f HS	233	/*
	234	* SHA-1 process buffer
	235	*/
a7d1d765 SG	236	void sha1_update(sha1_context ctx, const unsigned char input,
a7d1d765 SG	237	unsigned int ilen)
566a494f	238	{
4ef218f6 WD	239	int fill;
	240	unsigned long left;
	241
	242	if (ilen <= 0)
	243	return;
	244
	245	left = ctx->total[0] & 0x3F;
	246	fill = 64 - left;
	247
	248	ctx->total[0] += ilen;
	249	ctx->total[0] &= 0xFFFFFFFF;
	250
	251	if (ctx->total[0] < (unsigned long) ilen)
	252	ctx->total[1]++;
	253
	254	if (left && ilen >= fill) {
	255	memcpy ((void ) (ctx->buffer + left), (void ) input, fill);
8201b806	256	sha1_process(ctx, ctx->buffer, 1);
4ef218f6 WD	257	input += fill;
	258	ilen -= fill;
	259	left = 0;
	260	}
	261
8201b806 LP	262	sha1_process(ctx, input, ilen / 64);
	263	input += ilen / 64 * 64;
	264	ilen = ilen % 64;
4ef218f6 WD	265
	266	if (ilen > 0) {
	267	memcpy ((void ) (ctx->buffer + left), (void ) input, ilen);
	268	}
566a494f HS	269	}
566a494f HS	270
4ef218f6 WD	271	static const unsigned char sha1_padding[64] = {
	272	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	273	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	274	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
	275	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
566a494f HS	276	};
	277
	278	/*
	279	* SHA-1 final digest
	280	*/
4ef218f6	281	void sha1_finish (sha1_context * ctx, unsigned char output[20])
566a494f	282	{
4ef218f6 WD	283	unsigned long last, padn;
	284	unsigned long high, low;
	285	unsigned char msglen[8];
566a494f	286
4ef218f6 WD	287	high = (ctx->total[0] >> 29)
	288	\| (ctx->total[1] << 3);
	289	low = (ctx->total[0] << 3);
566a494f	290
4ef218f6 WD	291	PUT_UINT32_BE (high, msglen, 0);
4ef218f6 WD	292	PUT_UINT32_BE (low, msglen, 4);
566a494f	293
4ef218f6 WD	294	last = ctx->total[0] & 0x3F;
4ef218f6 WD	295	padn = (last < 56) ? (56 - last) : (120 - last);
566a494f	296
4ef218f6 WD	297	sha1_update (ctx, (unsigned char *) sha1_padding, padn);
4ef218f6 WD	298	sha1_update (ctx, msglen, 8);
566a494f	299
4ef218f6 WD	300	PUT_UINT32_BE (ctx->state[0], output, 0);
	301	PUT_UINT32_BE (ctx->state[1], output, 4);
	302	PUT_UINT32_BE (ctx->state[2], output, 8);
	303	PUT_UINT32_BE (ctx->state[3], output, 12);
	304	PUT_UINT32_BE (ctx->state[4], output, 16);
566a494f HS	305	}
566a494f HS	306
215b01bb BS	307	/*
	308	* Output = SHA-1( input buffer ). Trigger the watchdog every 'chunk_sz'
	309	* bytes of input processed.
	310	*/
a7d1d765 SG	311	void sha1_csum_wd(const unsigned char *input, unsigned int ilen,
a7d1d765 SG	312	unsigned char *output, unsigned int chunk_sz)
215b01bb BS	313	{
215b01bb BS	314	sha1_context ctx;
c7401fc1 HS	315	#if !defined(USE_HOSTCC) && \
c7401fc1 HS	316	(defined(CONFIG_HW_WATCHDOG) \|\| defined(CONFIG_WATCHDOG))
a7d1d765	317	const unsigned char end, curr;
215b01bb BS	318	int chunk;
	319	#endif
	320
	321	sha1_starts (&ctx);
	322
c7401fc1 HS	323	#if !defined(USE_HOSTCC) && \
c7401fc1 HS	324	(defined(CONFIG_HW_WATCHDOG) \|\| defined(CONFIG_WATCHDOG))
215b01bb BS	325	curr = input;
	326	end = input + ilen;
	327	while (curr < end) {
	328	chunk = end - curr;
	329	if (chunk > chunk_sz)
	330	chunk = chunk_sz;
	331	sha1_update (&ctx, curr, chunk);
	332	curr += chunk;
29caf930	333	schedule();
215b01bb BS	334	}
	335	#else
	336	sha1_update (&ctx, input, ilen);
	337	#endif
	338
	339	sha1_finish (&ctx, output);
	340	}
	341
566a494f HS	342	/*
	343	* Output = HMAC-SHA-1( input buffer, hmac key )
	344	*/
a7d1d765 SG	345	void sha1_hmac(const unsigned char *key, int keylen,
	346	const unsigned char *input, unsigned int ilen,
	347	unsigned char *output)
566a494f	348	{
4ef218f6 WD	349	int i;
	350	sha1_context ctx;
	351	unsigned char k_ipad[64];
	352	unsigned char k_opad[64];
	353	unsigned char tmpbuf[20];
	354
	355	memset (k_ipad, 0x36, 64);
	356	memset (k_opad, 0x5C, 64);
	357
	358	for (i = 0; i < keylen; i++) {
	359	if (i >= 64)
	360	break;
	361
	362	k_ipad[i] ^= key[i];
	363	k_opad[i] ^= key[i];
	364	}
	365
	366	sha1_starts (&ctx);
	367	sha1_update (&ctx, k_ipad, 64);
	368	sha1_update (&ctx, input, ilen);
	369	sha1_finish (&ctx, tmpbuf);
	370
	371	sha1_starts (&ctx);
	372	sha1_update (&ctx, k_opad, 64);
	373	sha1_update (&ctx, tmpbuf, 20);
	374	sha1_finish (&ctx, output);
	375
	376	memset (k_ipad, 0, 64);
	377	memset (k_opad, 0, 64);
	378	memset (tmpbuf, 0, 20);
	379	memset (&ctx, 0, sizeof (sha1_context));
566a494f HS	380	}
566a494f HS	381
566a494f HS	382	#ifdef SELF_TEST
	383	/*
	384	* FIPS-180-1 test vectors
	385	*/
4ef218f6 WD	386	static const char sha1_test_str[3][57] = {
	387	{"abc"},
	388	{"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"},
	389	{""}
566a494f HS	390	};
566a494f HS	391
4ef218f6 WD	392	static const unsigned char sha1_test_sum[3][20] = {
	393	{0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
	394	0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D},
	395	{0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
	396	0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1},
	397	{0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
	398	0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F}
566a494f HS	399	};
	400
	401	/*
	402	* Checkup routine
	403	*/
4ef218f6	404	int sha1_self_test (void)
566a494f	405	{
4ef218f6 WD	406	int i, j;
	407	unsigned char buf[1000];
	408	unsigned char sha1sum[20];
	409	sha1_context ctx;
	410
	411	for (i = 0; i < 3; i++) {
	412	printf (" SHA-1 test #%d: ", i + 1);
	413
	414	sha1_starts (&ctx);
	415
	416	if (i < 2)
	417	sha1_update (&ctx, (unsigned char *) sha1_test_str[i],
	418	strlen (sha1_test_str[i]));
	419	else {
	420	memset (buf, 'a', 1000);
	421	for (j = 0; j < 1000; j++)
	422	sha1_update (&ctx, buf, 1000);
	423	}
	424
	425	sha1_finish (&ctx, sha1sum);
	426
	427	if (memcmp (sha1sum, sha1_test_sum[i], 20) != 0) {
	428	printf ("failed\n");
	429	return (1);
	430	}
	431
	432	printf ("passed\n");
	433	}
	434
	435	printf ("\n");
	436	return (0);
566a494f HS	437	}
566a494f HS	438	#else
4ef218f6	439	int sha1_self_test (void)
566a494f	440	{
4ef218f6	441	return (0);
566a494f HS	442	}
566a494f HS	443	#endif