sha1.c
Go to the documentation of this file.
1 /**
2  * @file sha1.c
3  * @brief SHA-1 (Secure Hash Algorithm 1)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2022 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @section Description
28  *
29  * SHA-1 is a secure hash algorithm for computing a condensed representation
30  * of an electronic message. Refer to FIPS 180-4 for more details
31  *
32  * @author Oryx Embedded SARL (www.oryx-embedded.com)
33  * @version 2.1.8
34  **/
35 
36 //Switch to the appropriate trace level
37 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
38 
39 //Dependencies
40 #include "core/crypto.h"
41 #include "hash/sha1.h"
42 
43 //Check crypto library configuration
44 #if (SHA1_SUPPORT == ENABLED)
45 
46 //Macro to access the workspace as a circular buffer
47 #define W(t) w[(t) & 0x0F]
48 
49 //SHA-1 auxiliary functions
50 #define CH(x, y, z) (((x) & (y)) | (~(x) & (z)))
51 #define PARITY(x, y, z) ((x) ^ (y) ^ (z))
52 #define MAJ(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
53 
54 //SHA-1 padding
55 static const uint8_t padding[64] =
56 {
57  0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
58  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
59  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
60  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
61 };
62 
63 //SHA-1 constants
64 static const uint32_t k[4] =
65 {
66  0x5A827999,
67  0x6ED9EBA1,
68  0x8F1BBCDC,
69  0xCA62C1D6
70 };
71 
72 //SHA-1 object identifier (1.3.14.3.2.26)
73 const uint8_t sha1Oid[5] = {0x2B, 0x0E, 0x03, 0x02, 0x1A};
74 
75 //Common interface for hash algorithms
77 {
78  "SHA-1",
79  sha1Oid,
80  sizeof(sha1Oid),
81  sizeof(Sha1Context),
85  TRUE,
90 #if ((defined(MIMXRT1050_CRYPTO_HASH_SUPPORT) && MIMXRT1050_CRYPTO_HASH_SUPPORT == ENABLED) || \
91  (defined(MIMXRT1060_CRYPTO_HASH_SUPPORT) && MIMXRT1060_CRYPTO_HASH_SUPPORT == ENABLED) || \
92  (defined(MIMXRT1170_CRYPTO_HASH_SUPPORT) && MIMXRT1170_CRYPTO_HASH_SUPPORT == ENABLED))
93  NULL,
94 #else
96 #endif
97 };
98 
99 
100 /**
101  * @brief Digest a message using SHA-1
102  * @param[in] data Pointer to the message being hashed
103  * @param[in] length Length of the message
104  * @param[out] digest Pointer to the calculated digest
105  * @return Error code
106  **/
107 
108 __weak_func error_t sha1Compute(const void *data, size_t length, uint8_t *digest)
109 {
110  error_t error;
111  Sha1Context *context;
112 
113  //Allocate a memory buffer to hold the SHA-1 context
114  context = cryptoAllocMem(sizeof(Sha1Context));
115 
116  //Successful memory allocation?
117  if(context != NULL)
118  {
119  //Initialize the SHA-1 context
120  sha1Init(context);
121  //Digest the message
122  sha1Update(context, data, length);
123  //Finalize the SHA-1 message digest
124  sha1Final(context, digest);
125 
126  //Free previously allocated memory
127  cryptoFreeMem(context);
128 
129  //Successful processing
130  error = NO_ERROR;
131  }
132  else
133  {
134  //Failed to allocate memory
135  error = ERROR_OUT_OF_MEMORY;
136  }
137 
138  //Return status code
139  return error;
140 }
141 
142 
143 /**
144  * @brief Initialize SHA-1 message digest context
145  * @param[in] context Pointer to the SHA-1 context to initialize
146  **/
147 
148 __weak_func void sha1Init(Sha1Context *context)
149 {
150  //Set initial hash value
151  context->h[0] = 0x67452301;
152  context->h[1] = 0xEFCDAB89;
153  context->h[2] = 0x98BADCFE;
154  context->h[3] = 0x10325476;
155  context->h[4] = 0xC3D2E1F0;
156 
157  //Number of bytes in the buffer
158  context->size = 0;
159  //Total length of the message
160  context->totalSize = 0;
161 }
162 
163 
164 /**
165  * @brief Update the SHA-1 context with a portion of the message being hashed
166  * @param[in] context Pointer to the SHA-1 context
167  * @param[in] data Pointer to the buffer being hashed
168  * @param[in] length Length of the buffer
169  **/
170 
171 __weak_func void sha1Update(Sha1Context *context, const void *data, size_t length)
172 {
173  size_t n;
174 
175  //Process the incoming data
176  while(length > 0)
177  {
178  //The buffer can hold at most 64 bytes
179  n = MIN(length, 64 - context->size);
180 
181  //Copy the data to the buffer
182  osMemcpy(context->buffer + context->size, data, n);
183 
184  //Update the SHA-1 context
185  context->size += n;
186  context->totalSize += n;
187  //Advance the data pointer
188  data = (uint8_t *) data + n;
189  //Remaining bytes to process
190  length -= n;
191 
192  //Process message in 16-word blocks
193  if(context->size == 64)
194  {
195  //Transform the 16-word block
196  sha1ProcessBlock(context);
197  //Empty the buffer
198  context->size = 0;
199  }
200  }
201 }
202 
203 
204 /**
205  * @brief Finish the SHA-1 message digest
206  * @param[in] context Pointer to the SHA-1 context
207  * @param[out] digest Calculated digest (optional parameter)
208  **/
209 
210 __weak_func void sha1Final(Sha1Context *context, uint8_t *digest)
211 {
212  uint_t i;
213  size_t paddingSize;
214  uint64_t totalSize;
215 
216  //Length of the original message (before padding)
217  totalSize = context->totalSize * 8;
218 
219  //Pad the message so that its length is congruent to 56 modulo 64
220  if(context->size < 56)
221  {
222  paddingSize = 56 - context->size;
223  }
224  else
225  {
226  paddingSize = 64 + 56 - context->size;
227  }
228 
229  //Append padding
230  sha1Update(context, padding, paddingSize);
231 
232  //Append the length of the original message
233  context->w[14] = htobe32((uint32_t) (totalSize >> 32));
234  context->w[15] = htobe32((uint32_t) totalSize);
235 
236  //Calculate the message digest
237  sha1ProcessBlock(context);
238 
239  //Convert from host byte order to big-endian byte order
240  for(i = 0; i < 5; i++)
241  {
242  context->h[i] = htobe32(context->h[i]);
243  }
244 
245  //Copy the resulting digest
246  if(digest != NULL)
247  {
248  osMemcpy(digest, context->digest, SHA1_DIGEST_SIZE);
249  }
250 }
251 
252 
253 /**
254  * @brief Finish the SHA-1 message digest (no padding added)
255  * @param[in] context Pointer to the SHA-1 context
256  * @param[out] digest Calculated digest
257  **/
258 
259 __weak_func void sha1FinalRaw(Sha1Context *context, uint8_t *digest)
260 {
261  uint_t i;
262 
263  //Convert from host byte order to big-endian byte order
264  for(i = 0; i < 5; i++)
265  {
266  context->h[i] = htobe32(context->h[i]);
267  }
268 
269  //Copy the resulting digest
270  osMemcpy(digest, context->digest, SHA1_DIGEST_SIZE);
271 
272  //Convert from big-endian byte order to host byte order
273  for(i = 0; i < 5; i++)
274  {
275  context->h[i] = betoh32(context->h[i]);
276  }
277 }
278 
279 
280 /**
281  * @brief Process message in 16-word blocks
282  * @param[in] context Pointer to the SHA-1 context
283  **/
284 
285 __weak_func void sha1ProcessBlock(Sha1Context *context)
286 {
287  uint_t t;
288  uint32_t temp;
289 
290  //Initialize the 5 working registers
291  uint32_t a = context->h[0];
292  uint32_t b = context->h[1];
293  uint32_t c = context->h[2];
294  uint32_t d = context->h[3];
295  uint32_t e = context->h[4];
296 
297  //Process message in 16-word blocks
298  uint32_t *w = context->w;
299 
300  //Convert from big-endian byte order to host byte order
301  for(t = 0; t < 16; t++)
302  {
303  w[t] = betoh32(w[t]);
304  }
305 
306  //SHA-1 hash computation (alternate method)
307  for(t = 0; t < 80; t++)
308  {
309  //Prepare the message schedule
310  if(t >= 16)
311  {
312  W(t) = ROL32(W(t + 13) ^ W(t + 8) ^ W(t + 2) ^ W(t), 1);
313  }
314 
315  //Calculate T
316  if(t < 20)
317  {
318  temp = ROL32(a, 5) + CH(b, c, d) + e + W(t) + k[0];
319  }
320  else if(t < 40)
321  {
322  temp = ROL32(a, 5) + PARITY(b, c, d) + e + W(t) + k[1];
323  }
324  else if(t < 60)
325  {
326  temp = ROL32(a, 5) + MAJ(b, c, d) + e + W(t) + k[2];
327  }
328  else
329  {
330  temp = ROL32(a, 5) + PARITY(b, c, d) + e + W(t) + k[3];
331  }
332 
333  //Update the working registers
334  e = d;
335  d = c;
336  c = ROL32(b, 30);
337  b = a;
338  a = temp;
339  }
340 
341  //Update the hash value
342  context->h[0] += a;
343  context->h[1] += b;
344  context->h[2] += c;
345  context->h[3] += d;
346  context->h[4] += e;
347 }
348 
349 #endif
uint8_t length
Definition: coap_common.h:193
#define betoh32(value)
Definition: cpu_endian.h:454
void(* HashAlgoInit)(void *context)
Definition: crypto.h:855
uint8_t a
Definition: ndp.h:409
uint8_t data[]
Definition: ethernet.h:220
SHA-1 (Secure Hash Algorithm 1)
#define SHA1_BLOCK_SIZE
Definition: sha1.h:38
uint8_t t
Definition: lldp_ext_med.h:210
#define TRUE
Definition: os_port.h:50
#define PARITY(x, y, z)
Definition: sha1.c:51
@ ERROR_OUT_OF_MEMORY
Definition: error.h:63
uint16_t w[3]
Definition: ethernet.h:191
void(* HashAlgoUpdate)(void *context, const void *data, size_t length)
Definition: crypto.h:856
uint64_t totalSize
Definition: sha1.h:71
#define osMemcpy(dest, src, length)
Definition: os_port.h:137
__weak_func void sha1Update(Sha1Context *context, const void *data, size_t length)
Update the SHA-1 context with a portion of the message being hashed.
Definition: sha1.c:171
error_t
Error codes.
Definition: error.h:43
__weak_func void sha1ProcessBlock(Sha1Context *context)
Process message in 16-word blocks.
Definition: sha1.c:285
uint32_t h[5]
Definition: sha1.h:62
General definitions for cryptographic algorithms.
__weak_func error_t sha1Compute(const void *data, size_t length, uint8_t *digest)
Digest a message using SHA-1.
Definition: sha1.c:108
#define MIN(a, b)
Definition: os_port.h:62
__weak_func void sha1FinalRaw(Sha1Context *context, uint8_t *digest)
Finish the SHA-1 message digest (no padding added)
Definition: sha1.c:259
void(* HashAlgoFinal)(void *context, uint8_t *digest)
Definition: crypto.h:857
#define CH(x, y, z)
Definition: sha1.c:50
#define htobe32(value)
Definition: cpu_endian.h:446
uint8_t b[6]
Definition: ethernet.h:190
#define SHA1_DIGEST_SIZE
Definition: sha1.h:40
#define ROL32(a, n)
Definition: crypto.h:678
uint8_t n
#define cryptoFreeMem(p)
Definition: crypto.h:672
uint32_t totalSize
size_t size
Definition: sha1.h:70
uint32_t w[16]
Definition: sha1.h:67
#define cryptoAllocMem(size)
Definition: crypto.h:667
SHA-1 algorithm context.
Definition: sha1.h:59
const HashAlgo sha1HashAlgo
Definition: sha1.c:76
#define MAJ(x, y, z)
Definition: sha1.c:52
Common interface for hash algorithms.
Definition: crypto.h:882
uint8_t buffer[64]
Definition: sha1.h:68
__weak_func void sha1Final(Sha1Context *context, uint8_t *digest)
Finish the SHA-1 message digest.
Definition: sha1.c:210
unsigned int uint_t
Definition: compiler_port.h:45
error_t(* HashAlgoCompute)(const void *data, size_t length, uint8_t *digest)
Definition: crypto.h:854
void(* HashAlgoFinalRaw)(void *context, uint8_t *digest)
Definition: crypto.h:858
#define W(t)
Definition: sha1.c:47
uint8_t digest[20]
Definition: sha1.h:63
@ NO_ERROR
Success.
Definition: error.h:44
uint8_t c
Definition: ndp.h:512
#define SHA1_MIN_PAD_SIZE
Definition: sha1.h:42
const uint8_t sha1Oid[5]
Definition: sha1.c:73
__weak_func void sha1Init(Sha1Context *context)
Initialize SHA-1 message digest context.
Definition: sha1.c:148