mirror of
https://github.com/u-boot/u-boot.git
synced 2024-12-16 00:03:26 +08:00
83d290c56f
When U-Boot started using SPDX tags we were among the early adopters and there weren't a lot of other examples to borrow from. So we picked the area of the file that usually had a full license text and replaced it with an appropriate SPDX-License-Identifier: entry. Since then, the Linux Kernel has adopted SPDX tags and they place it as the very first line in a file (except where shebangs are used, then it's second line) and with slightly different comment styles than us. In part due to community overlap, in part due to better tag visibility and in part for other minor reasons, switch over to that style. This commit changes all instances where we have a single declared license in the tag as both the before and after are identical in tag contents. There's also a few places where I found we did not have a tag and have introduced one. Signed-off-by: Tom Rini <trini@konsulko.com>
446 lines
9.8 KiB
C
446 lines
9.8 KiB
C
// SPDX-License-Identifier: LGPL-2.1
|
|
/*
|
|
* Heiko Schocher, DENX Software Engineering, hs@denx.de.
|
|
* based on:
|
|
* FIPS-180-1 compliant SHA-1 implementation
|
|
*
|
|
* Copyright (C) 2003-2006 Christophe Devine
|
|
*/
|
|
/*
|
|
* The SHA-1 standard was published by NIST in 1993.
|
|
*
|
|
* http://www.itl.nist.gov/fipspubs/fip180-1.htm
|
|
*/
|
|
|
|
#ifndef _CRT_SECURE_NO_DEPRECATE
|
|
#define _CRT_SECURE_NO_DEPRECATE 1
|
|
#endif
|
|
|
|
#ifndef USE_HOSTCC
|
|
#include <common.h>
|
|
#include <linux/string.h>
|
|
#else
|
|
#include <string.h>
|
|
#endif /* USE_HOSTCC */
|
|
#include <watchdog.h>
|
|
#include <u-boot/sha1.h>
|
|
|
|
const uint8_t sha1_der_prefix[SHA1_DER_LEN] = {
|
|
0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
|
|
0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
|
|
};
|
|
|
|
/*
|
|
* 32-bit integer manipulation macros (big endian)
|
|
*/
|
|
#ifndef GET_UINT32_BE
|
|
#define GET_UINT32_BE(n,b,i) { \
|
|
(n) = ( (unsigned long) (b)[(i) ] << 24 ) \
|
|
| ( (unsigned long) (b)[(i) + 1] << 16 ) \
|
|
| ( (unsigned long) (b)[(i) + 2] << 8 ) \
|
|
| ( (unsigned long) (b)[(i) + 3] ); \
|
|
}
|
|
#endif
|
|
#ifndef PUT_UINT32_BE
|
|
#define PUT_UINT32_BE(n,b,i) { \
|
|
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
|
|
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
|
|
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
|
|
(b)[(i) + 3] = (unsigned char) ( (n) ); \
|
|
}
|
|
#endif
|
|
|
|
/*
|
|
* SHA-1 context setup
|
|
*/
|
|
void sha1_starts (sha1_context * ctx)
|
|
{
|
|
ctx->total[0] = 0;
|
|
ctx->total[1] = 0;
|
|
|
|
ctx->state[0] = 0x67452301;
|
|
ctx->state[1] = 0xEFCDAB89;
|
|
ctx->state[2] = 0x98BADCFE;
|
|
ctx->state[3] = 0x10325476;
|
|
ctx->state[4] = 0xC3D2E1F0;
|
|
}
|
|
|
|
static void sha1_process(sha1_context *ctx, const unsigned char data[64])
|
|
{
|
|
unsigned long temp, W[16], A, B, C, D, E;
|
|
|
|
GET_UINT32_BE (W[0], data, 0);
|
|
GET_UINT32_BE (W[1], data, 4);
|
|
GET_UINT32_BE (W[2], data, 8);
|
|
GET_UINT32_BE (W[3], data, 12);
|
|
GET_UINT32_BE (W[4], data, 16);
|
|
GET_UINT32_BE (W[5], data, 20);
|
|
GET_UINT32_BE (W[6], data, 24);
|
|
GET_UINT32_BE (W[7], data, 28);
|
|
GET_UINT32_BE (W[8], data, 32);
|
|
GET_UINT32_BE (W[9], data, 36);
|
|
GET_UINT32_BE (W[10], data, 40);
|
|
GET_UINT32_BE (W[11], data, 44);
|
|
GET_UINT32_BE (W[12], data, 48);
|
|
GET_UINT32_BE (W[13], data, 52);
|
|
GET_UINT32_BE (W[14], data, 56);
|
|
GET_UINT32_BE (W[15], data, 60);
|
|
|
|
#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
|
|
|
|
#define R(t) ( \
|
|
temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
|
|
W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
|
|
( W[t & 0x0F] = S(temp,1) ) \
|
|
)
|
|
|
|
#define P(a,b,c,d,e,x) { \
|
|
e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
|
|
}
|
|
|
|
A = ctx->state[0];
|
|
B = ctx->state[1];
|
|
C = ctx->state[2];
|
|
D = ctx->state[3];
|
|
E = ctx->state[4];
|
|
|
|
#define F(x,y,z) (z ^ (x & (y ^ z)))
|
|
#define K 0x5A827999
|
|
|
|
P (A, B, C, D, E, W[0]);
|
|
P (E, A, B, C, D, W[1]);
|
|
P (D, E, A, B, C, W[2]);
|
|
P (C, D, E, A, B, W[3]);
|
|
P (B, C, D, E, A, W[4]);
|
|
P (A, B, C, D, E, W[5]);
|
|
P (E, A, B, C, D, W[6]);
|
|
P (D, E, A, B, C, W[7]);
|
|
P (C, D, E, A, B, W[8]);
|
|
P (B, C, D, E, A, W[9]);
|
|
P (A, B, C, D, E, W[10]);
|
|
P (E, A, B, C, D, W[11]);
|
|
P (D, E, A, B, C, W[12]);
|
|
P (C, D, E, A, B, W[13]);
|
|
P (B, C, D, E, A, W[14]);
|
|
P (A, B, C, D, E, W[15]);
|
|
P (E, A, B, C, D, R (16));
|
|
P (D, E, A, B, C, R (17));
|
|
P (C, D, E, A, B, R (18));
|
|
P (B, C, D, E, A, R (19));
|
|
|
|
#undef K
|
|
#undef F
|
|
|
|
#define F(x,y,z) (x ^ y ^ z)
|
|
#define K 0x6ED9EBA1
|
|
|
|
P (A, B, C, D, E, R (20));
|
|
P (E, A, B, C, D, R (21));
|
|
P (D, E, A, B, C, R (22));
|
|
P (C, D, E, A, B, R (23));
|
|
P (B, C, D, E, A, R (24));
|
|
P (A, B, C, D, E, R (25));
|
|
P (E, A, B, C, D, R (26));
|
|
P (D, E, A, B, C, R (27));
|
|
P (C, D, E, A, B, R (28));
|
|
P (B, C, D, E, A, R (29));
|
|
P (A, B, C, D, E, R (30));
|
|
P (E, A, B, C, D, R (31));
|
|
P (D, E, A, B, C, R (32));
|
|
P (C, D, E, A, B, R (33));
|
|
P (B, C, D, E, A, R (34));
|
|
P (A, B, C, D, E, R (35));
|
|
P (E, A, B, C, D, R (36));
|
|
P (D, E, A, B, C, R (37));
|
|
P (C, D, E, A, B, R (38));
|
|
P (B, C, D, E, A, R (39));
|
|
|
|
#undef K
|
|
#undef F
|
|
|
|
#define F(x,y,z) ((x & y) | (z & (x | y)))
|
|
#define K 0x8F1BBCDC
|
|
|
|
P (A, B, C, D, E, R (40));
|
|
P (E, A, B, C, D, R (41));
|
|
P (D, E, A, B, C, R (42));
|
|
P (C, D, E, A, B, R (43));
|
|
P (B, C, D, E, A, R (44));
|
|
P (A, B, C, D, E, R (45));
|
|
P (E, A, B, C, D, R (46));
|
|
P (D, E, A, B, C, R (47));
|
|
P (C, D, E, A, B, R (48));
|
|
P (B, C, D, E, A, R (49));
|
|
P (A, B, C, D, E, R (50));
|
|
P (E, A, B, C, D, R (51));
|
|
P (D, E, A, B, C, R (52));
|
|
P (C, D, E, A, B, R (53));
|
|
P (B, C, D, E, A, R (54));
|
|
P (A, B, C, D, E, R (55));
|
|
P (E, A, B, C, D, R (56));
|
|
P (D, E, A, B, C, R (57));
|
|
P (C, D, E, A, B, R (58));
|
|
P (B, C, D, E, A, R (59));
|
|
|
|
#undef K
|
|
#undef F
|
|
|
|
#define F(x,y,z) (x ^ y ^ z)
|
|
#define K 0xCA62C1D6
|
|
|
|
P (A, B, C, D, E, R (60));
|
|
P (E, A, B, C, D, R (61));
|
|
P (D, E, A, B, C, R (62));
|
|
P (C, D, E, A, B, R (63));
|
|
P (B, C, D, E, A, R (64));
|
|
P (A, B, C, D, E, R (65));
|
|
P (E, A, B, C, D, R (66));
|
|
P (D, E, A, B, C, R (67));
|
|
P (C, D, E, A, B, R (68));
|
|
P (B, C, D, E, A, R (69));
|
|
P (A, B, C, D, E, R (70));
|
|
P (E, A, B, C, D, R (71));
|
|
P (D, E, A, B, C, R (72));
|
|
P (C, D, E, A, B, R (73));
|
|
P (B, C, D, E, A, R (74));
|
|
P (A, B, C, D, E, R (75));
|
|
P (E, A, B, C, D, R (76));
|
|
P (D, E, A, B, C, R (77));
|
|
P (C, D, E, A, B, R (78));
|
|
P (B, C, D, E, A, R (79));
|
|
|
|
#undef K
|
|
#undef F
|
|
|
|
ctx->state[0] += A;
|
|
ctx->state[1] += B;
|
|
ctx->state[2] += C;
|
|
ctx->state[3] += D;
|
|
ctx->state[4] += E;
|
|
}
|
|
|
|
/*
|
|
* SHA-1 process buffer
|
|
*/
|
|
void sha1_update(sha1_context *ctx, const unsigned char *input,
|
|
unsigned int ilen)
|
|
{
|
|
int fill;
|
|
unsigned long left;
|
|
|
|
if (ilen <= 0)
|
|
return;
|
|
|
|
left = ctx->total[0] & 0x3F;
|
|
fill = 64 - left;
|
|
|
|
ctx->total[0] += ilen;
|
|
ctx->total[0] &= 0xFFFFFFFF;
|
|
|
|
if (ctx->total[0] < (unsigned long) ilen)
|
|
ctx->total[1]++;
|
|
|
|
if (left && ilen >= fill) {
|
|
memcpy ((void *) (ctx->buffer + left), (void *) input, fill);
|
|
sha1_process (ctx, ctx->buffer);
|
|
input += fill;
|
|
ilen -= fill;
|
|
left = 0;
|
|
}
|
|
|
|
while (ilen >= 64) {
|
|
sha1_process (ctx, input);
|
|
input += 64;
|
|
ilen -= 64;
|
|
}
|
|
|
|
if (ilen > 0) {
|
|
memcpy ((void *) (ctx->buffer + left), (void *) input, ilen);
|
|
}
|
|
}
|
|
|
|
static const unsigned char sha1_padding[64] = {
|
|
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
|
|
};
|
|
|
|
/*
|
|
* SHA-1 final digest
|
|
*/
|
|
void sha1_finish (sha1_context * ctx, unsigned char output[20])
|
|
{
|
|
unsigned long last, padn;
|
|
unsigned long high, low;
|
|
unsigned char msglen[8];
|
|
|
|
high = (ctx->total[0] >> 29)
|
|
| (ctx->total[1] << 3);
|
|
low = (ctx->total[0] << 3);
|
|
|
|
PUT_UINT32_BE (high, msglen, 0);
|
|
PUT_UINT32_BE (low, msglen, 4);
|
|
|
|
last = ctx->total[0] & 0x3F;
|
|
padn = (last < 56) ? (56 - last) : (120 - last);
|
|
|
|
sha1_update (ctx, (unsigned char *) sha1_padding, padn);
|
|
sha1_update (ctx, msglen, 8);
|
|
|
|
PUT_UINT32_BE (ctx->state[0], output, 0);
|
|
PUT_UINT32_BE (ctx->state[1], output, 4);
|
|
PUT_UINT32_BE (ctx->state[2], output, 8);
|
|
PUT_UINT32_BE (ctx->state[3], output, 12);
|
|
PUT_UINT32_BE (ctx->state[4], output, 16);
|
|
}
|
|
|
|
/*
|
|
* Output = SHA-1( input buffer )
|
|
*/
|
|
void sha1_csum(const unsigned char *input, unsigned int ilen,
|
|
unsigned char *output)
|
|
{
|
|
sha1_context ctx;
|
|
|
|
sha1_starts (&ctx);
|
|
sha1_update (&ctx, input, ilen);
|
|
sha1_finish (&ctx, output);
|
|
}
|
|
|
|
/*
|
|
* Output = SHA-1( input buffer ). Trigger the watchdog every 'chunk_sz'
|
|
* bytes of input processed.
|
|
*/
|
|
void sha1_csum_wd(const unsigned char *input, unsigned int ilen,
|
|
unsigned char *output, unsigned int chunk_sz)
|
|
{
|
|
sha1_context ctx;
|
|
#if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
|
|
const unsigned char *end, *curr;
|
|
int chunk;
|
|
#endif
|
|
|
|
sha1_starts (&ctx);
|
|
|
|
#if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
|
|
curr = input;
|
|
end = input + ilen;
|
|
while (curr < end) {
|
|
chunk = end - curr;
|
|
if (chunk > chunk_sz)
|
|
chunk = chunk_sz;
|
|
sha1_update (&ctx, curr, chunk);
|
|
curr += chunk;
|
|
WATCHDOG_RESET ();
|
|
}
|
|
#else
|
|
sha1_update (&ctx, input, ilen);
|
|
#endif
|
|
|
|
sha1_finish (&ctx, output);
|
|
}
|
|
|
|
/*
|
|
* Output = HMAC-SHA-1( input buffer, hmac key )
|
|
*/
|
|
void sha1_hmac(const unsigned char *key, int keylen,
|
|
const unsigned char *input, unsigned int ilen,
|
|
unsigned char *output)
|
|
{
|
|
int i;
|
|
sha1_context ctx;
|
|
unsigned char k_ipad[64];
|
|
unsigned char k_opad[64];
|
|
unsigned char tmpbuf[20];
|
|
|
|
memset (k_ipad, 0x36, 64);
|
|
memset (k_opad, 0x5C, 64);
|
|
|
|
for (i = 0; i < keylen; i++) {
|
|
if (i >= 64)
|
|
break;
|
|
|
|
k_ipad[i] ^= key[i];
|
|
k_opad[i] ^= key[i];
|
|
}
|
|
|
|
sha1_starts (&ctx);
|
|
sha1_update (&ctx, k_ipad, 64);
|
|
sha1_update (&ctx, input, ilen);
|
|
sha1_finish (&ctx, tmpbuf);
|
|
|
|
sha1_starts (&ctx);
|
|
sha1_update (&ctx, k_opad, 64);
|
|
sha1_update (&ctx, tmpbuf, 20);
|
|
sha1_finish (&ctx, output);
|
|
|
|
memset (k_ipad, 0, 64);
|
|
memset (k_opad, 0, 64);
|
|
memset (tmpbuf, 0, 20);
|
|
memset (&ctx, 0, sizeof (sha1_context));
|
|
}
|
|
|
|
#ifdef SELF_TEST
|
|
/*
|
|
* FIPS-180-1 test vectors
|
|
*/
|
|
static const char sha1_test_str[3][57] = {
|
|
{"abc"},
|
|
{"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"},
|
|
{""}
|
|
};
|
|
|
|
static const unsigned char sha1_test_sum[3][20] = {
|
|
{0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
|
|
0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D},
|
|
{0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
|
|
0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1},
|
|
{0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
|
|
0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F}
|
|
};
|
|
|
|
/*
|
|
* Checkup routine
|
|
*/
|
|
int sha1_self_test (void)
|
|
{
|
|
int i, j;
|
|
unsigned char buf[1000];
|
|
unsigned char sha1sum[20];
|
|
sha1_context ctx;
|
|
|
|
for (i = 0; i < 3; i++) {
|
|
printf (" SHA-1 test #%d: ", i + 1);
|
|
|
|
sha1_starts (&ctx);
|
|
|
|
if (i < 2)
|
|
sha1_update (&ctx, (unsigned char *) sha1_test_str[i],
|
|
strlen (sha1_test_str[i]));
|
|
else {
|
|
memset (buf, 'a', 1000);
|
|
for (j = 0; j < 1000; j++)
|
|
sha1_update (&ctx, buf, 1000);
|
|
}
|
|
|
|
sha1_finish (&ctx, sha1sum);
|
|
|
|
if (memcmp (sha1sum, sha1_test_sum[i], 20) != 0) {
|
|
printf ("failed\n");
|
|
return (1);
|
|
}
|
|
|
|
printf ("passed\n");
|
|
}
|
|
|
|
printf ("\n");
|
|
return (0);
|
|
}
|
|
#else
|
|
int sha1_self_test (void)
|
|
{
|
|
return (0);
|
|
}
|
|
#endif
|