sha1.c
Go to the documentation of this file.
1 /**
2  * @file sha1.c
3  * @brief SHA-1 (Secure Hash Algorithm 1)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2019 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCrypto Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @section Description
28  *
29  * SHA-1 is a secure hash algorithm for computing a condensed representation
30  * of an electronic message. Refer to FIPS 180-4 for more details
31  *
32  * @author Oryx Embedded SARL (www.oryx-embedded.com)
33  * @version 1.9.6
34  **/
35 
36 //Switch to the appropriate trace level
37 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
38 
39 //Dependencies
40 #include "core/crypto.h"
41 #include "hash/sha1.h"
42 
43 //Check crypto library configuration
44 #if (SHA1_SUPPORT == ENABLED)
45 
46 //Macro to access the workspace as a circular buffer
47 #define W(t) w[(t) & 0x0F]
48 
49 //SHA-1 auxiliary functions
50 #define CH(x, y, z) (((x) & (y)) | (~(x) & (z)))
51 #define PARITY(x, y, z) ((x) ^ (y) ^ (z))
52 #define MAJ(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
53 
54 //SHA-1 padding
55 static const uint8_t padding[64] =
56 {
57  0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
58  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
59  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
60  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
61 };
62 
63 //SHA-1 constants
64 static const uint32_t k[4] =
65 {
66  0x5A827999,
67  0x6ED9EBA1,
68  0x8F1BBCDC,
69  0xCA62C1D6
70 };
71 
72 //SHA-1 object identifier (1.3.14.3.2.26)
73 const uint8_t sha1Oid[5] = {0x2B, 0x0E, 0x03, 0x02, 0x1A};
74 
75 //Common interface for hash algorithms
77 {
78  "SHA-1",
79  sha1Oid,
80  sizeof(sha1Oid),
81  sizeof(Sha1Context),
85  TRUE,
91 };
92 
93 
94 /**
95  * @brief Digest a message using SHA-1
96  * @param[in] data Pointer to the message being hashed
97  * @param[in] length Length of the message
98  * @param[out] digest Pointer to the calculated digest
99  * @return Error code
100  **/
101 
102 error_t sha1Compute(const void *data, size_t length, uint8_t *digest)
103 {
104  //Allocate a memory buffer to hold the SHA-1 context
105  Sha1Context *context = cryptoAllocMem(sizeof(Sha1Context));
106  //Failed to allocate memory?
107  if(context == NULL)
108  return ERROR_OUT_OF_MEMORY;
109 
110  //Initialize the SHA-1 context
111  sha1Init(context);
112  //Digest the message
113  sha1Update(context, data, length);
114  //Finalize the SHA-1 message digest
115  sha1Final(context, digest);
116 
117  //Free previously allocated memory
118  cryptoFreeMem(context);
119  //Successful processing
120  return NO_ERROR;
121 }
122 
123 
124 /**
125  * @brief Initialize SHA-1 message digest context
126  * @param[in] context Pointer to the SHA-1 context to initialize
127  **/
128 
129 void sha1Init(Sha1Context *context)
130 {
131  //Set initial hash value
132  context->h[0] = 0x67452301;
133  context->h[1] = 0xEFCDAB89;
134  context->h[2] = 0x98BADCFE;
135  context->h[3] = 0x10325476;
136  context->h[4] = 0xC3D2E1F0;
137 
138  //Number of bytes in the buffer
139  context->size = 0;
140  //Total length of the message
141  context->totalSize = 0;
142 }
143 
144 
145 /**
146  * @brief Update the SHA-1 context with a portion of the message being hashed
147  * @param[in] context Pointer to the SHA-1 context
148  * @param[in] data Pointer to the buffer being hashed
149  * @param[in] length Length of the buffer
150  **/
151 
152 void sha1Update(Sha1Context *context, const void *data, size_t length)
153 {
154  size_t n;
155 
156  //Process the incoming data
157  while(length > 0)
158  {
159  //The buffer can hold at most 64 bytes
160  n = MIN(length, 64 - context->size);
161 
162  //Copy the data to the buffer
163  cryptoMemcpy(context->buffer + context->size, data, n);
164 
165  //Update the SHA-1 context
166  context->size += n;
167  context->totalSize += n;
168  //Advance the data pointer
169  data = (uint8_t *) data + n;
170  //Remaining bytes to process
171  length -= n;
172 
173  //Process message in 16-word blocks
174  if(context->size == 64)
175  {
176  //Transform the 16-word block
177  sha1ProcessBlock(context);
178  //Empty the buffer
179  context->size = 0;
180  }
181  }
182 }
183 
184 
185 /**
186  * @brief Finish the SHA-1 message digest
187  * @param[in] context Pointer to the SHA-1 context
188  * @param[out] digest Calculated digest (optional parameter)
189  **/
190 
191 void sha1Final(Sha1Context *context, uint8_t *digest)
192 {
193  uint_t i;
194  size_t paddingSize;
195  uint64_t totalSize;
196 
197  //Length of the original message (before padding)
198  totalSize = context->totalSize * 8;
199 
200  //Pad the message so that its length is congruent to 56 modulo 64
201  if(context->size < 56)
202  paddingSize = 56 - context->size;
203  else
204  paddingSize = 64 + 56 - context->size;
205 
206  //Append padding
207  sha1Update(context, padding, paddingSize);
208 
209  //Append the length of the original message
210  context->w[14] = htobe32((uint32_t) (totalSize >> 32));
211  context->w[15] = htobe32((uint32_t) totalSize);
212 
213  //Calculate the message digest
214  sha1ProcessBlock(context);
215 
216  //Convert from host byte order to big-endian byte order
217  for(i = 0; i < 5; i++)
218  {
219  context->h[i] = htobe32(context->h[i]);
220  }
221 
222  //Copy the resulting digest
223  if(digest != NULL)
224  cryptoMemcpy(digest, context->digest, SHA1_DIGEST_SIZE);
225 }
226 
227 
228 /**
229  * @brief Finish the SHA-1 message digest (no padding is added)
230  * @param[in] context Pointer to the SHA-1 context
231  * @param[out] digest Calculated digest
232  **/
233 
234 void sha1FinalRaw(Sha1Context *context, uint8_t *digest)
235 {
236  uint_t i;
237 
238  //Convert from host byte order to big-endian byte order
239  for(i = 0; i < 5; i++)
240  {
241  context->h[i] = htobe32(context->h[i]);
242  }
243 
244  //Copy the resulting digest
245  cryptoMemcpy(digest, context->digest, SHA1_DIGEST_SIZE);
246 
247  //Convert from big-endian byte order to host byte order
248  for(i = 0; i < 5; i++)
249  {
250  context->h[i] = betoh32(context->h[i]);
251  }
252 }
253 
254 
255 /**
256  * @brief Process message in 16-word blocks
257  * @param[in] context Pointer to the SHA-1 context
258  **/
259 
261 {
262  uint_t t;
263  uint32_t temp;
264 
265  //Initialize the 5 working registers
266  uint32_t a = context->h[0];
267  uint32_t b = context->h[1];
268  uint32_t c = context->h[2];
269  uint32_t d = context->h[3];
270  uint32_t e = context->h[4];
271 
272  //Process message in 16-word blocks
273  uint32_t *w = context->w;
274 
275  //Convert from big-endian byte order to host byte order
276  for(t = 0; t < 16; t++)
277  {
278  w[t] = betoh32(w[t]);
279  }
280 
281  //SHA-1 hash computation (alternate method)
282  for(t = 0; t < 80; t++)
283  {
284  //Prepare the message schedule
285  if(t >= 16)
286  W(t) = ROL32(W(t + 13) ^ W(t + 8) ^ W(t + 2) ^ W(t), 1);
287 
288  //Calculate T
289  if(t < 20)
290  temp = ROL32(a, 5) + CH(b, c, d) + e + W(t) + k[0];
291  else if(t < 40)
292  temp = ROL32(a, 5) + PARITY(b, c, d) + e + W(t) + k[1];
293  else if(t < 60)
294  temp = ROL32(a, 5) + MAJ(b, c, d) + e + W(t) + k[2];
295  else
296  temp = ROL32(a, 5) + PARITY(b, c, d) + e + W(t) + k[3];
297 
298  //Update the working registers
299  e = d;
300  d = c;
301  c = ROL32(b, 30);
302  b = a;
303  a = temp;
304  }
305 
306  //Update the hash value
307  context->h[0] += a;
308  context->h[1] += b;
309  context->h[2] += c;
310  context->h[3] += d;
311  context->h[4] += e;
312 }
313 
314 #endif
void sha1Update(Sha1Context *context, const void *data, size_t length)
Update the SHA-1 context with a portion of the message being hashed.
Definition: sha1.c:152
#define betoh32(value)
Definition: cpu_endian.h:430
uint8_t length
Definition: dtls_misc.h:149
error_t sha1Compute(const void *data, size_t length, uint8_t *digest)
Digest a message using SHA-1.
Definition: sha1.c:102
void(* HashAlgoInit)(void *context)
Definition: crypto.h:1094
uint8_t a
Definition: ndp.h:410
uint8_t b[6]
Definition: dtls_misc.h:139
SHA-1 (Secure Hash Algorithm 1)
void sha1FinalRaw(Sha1Context *context, uint8_t *digest)
Finish the SHA-1 message digest (no padding is added)
Definition: sha1.c:234
#define SHA1_BLOCK_SIZE
Definition: sha1.h:38
#define TRUE
Definition: os_port.h:50
#define PARITY(x, y, z)
Definition: sha1.c:51
@ ERROR_OUT_OF_MEMORY
Definition: error.h:63
uint16_t w[3]
Definition: ethernet.h:166
void(* HashAlgoUpdate)(void *context, const void *data, size_t length)
Definition: crypto.h:1095
uint64_t totalSize
Definition: sha1.h:71
uint8_t t
Definition: llmnr_common.h:81
void sha1Init(Sha1Context *context)
Initialize SHA-1 message digest context.
Definition: sha1.c:129
error_t
Error codes.
Definition: error.h:42
uint32_t h[5]
Definition: sha1.h:62
General definitions for cryptographic algorithms.
#define MIN(a, b)
Definition: os_port.h:62
void(* HashAlgoFinal)(void *context, uint8_t *digest)
Definition: crypto.h:1096
#define CH(x, y, z)
Definition: sha1.c:50
#define htobe32(value)
Definition: cpu_endian.h:422
#define SHA1_DIGEST_SIZE
Definition: sha1.h:40
#define ROL32(a, n)
Definition: crypto.h:917
uint8_t n
#define cryptoMemcpy(dest, src, length)
Definition: crypto.h:642
#define cryptoFreeMem(p)
Definition: crypto.h:630
uint32_t totalSize
size_t size
Definition: sha1.h:70
uint32_t w[16]
Definition: sha1.h:67
#define cryptoAllocMem(size)
Definition: crypto.h:625
SHA-1 algorithm context.
Definition: sha1.h:58
const HashAlgo sha1HashAlgo
Definition: sha1.c:76
void sha1ProcessBlock(Sha1Context *context)
Process message in 16-word blocks.
Definition: sha1.c:260
#define MAJ(x, y, z)
Definition: sha1.c:52
Common interface for hash algorithms.
Definition: crypto.h:1128
uint8_t buffer[64]
Definition: sha1.h:68
unsigned int uint_t
Definition: compiler_port.h:45
uint8_t data[]
Definition: dtls_misc.h:176
error_t(* HashAlgoCompute)(const void *data, size_t length, uint8_t *digest)
Definition: crypto.h:1093
void(* HashAlgoFinalRaw)(void *context, uint8_t *digest)
Definition: crypto.h:1097
#define W(t)
Definition: sha1.c:47
void sha1Final(Sha1Context *context, uint8_t *digest)
Finish the SHA-1 message digest.
Definition: sha1.c:191
uint8_t digest[20]
Definition: sha1.h:63
@ NO_ERROR
Success.
Definition: error.h:44
uint8_t c
Definition: ndp.h:513
#define SHA1_MIN_PAD_SIZE
Definition: sha1.h:42
const uint8_t sha1Oid[5]
Definition: sha1.c:73