sha1.c
Go to the documentation of this file.
1 /**
2  * @file sha1.c
3  * @brief SHA-1 (Secure Hash Algorithm 1)
4  *
5  * @section License
6  *
7  * Copyright (C) 2010-2018 Oryx Embedded SARL. All rights reserved.
8  *
9  * This file is part of CycloneCrypto Open.
10  *
11  * This program is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU General Public License
13  * as published by the Free Software Foundation; either version 2
14  * of the License, or (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software Foundation,
23  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
24  *
25  * @section Description
26  *
27  * SHA-1 is a secure hash algorithm for computing a condensed representation
28  * of an electronic message. Refer to FIPS 180-4 for more details
29  *
30  * @author Oryx Embedded SARL (www.oryx-embedded.com)
31  * @version 1.9.0
32  **/
33 
34 //Switch to the appropriate trace level
35 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
36 
37 //Dependencies
38 #include "core/crypto.h"
39 #include "hash/sha1.h"
40 
41 //Check crypto library configuration
42 #if (SHA1_SUPPORT == ENABLED)
43 
44 //Macro to access the workspace as a circular buffer
45 #define W(t) w[(t) & 0x0F]
46 
47 //SHA-1 auxiliary functions
48 #define CH(x, y, z) (((x) & (y)) | (~(x) & (z)))
49 #define PARITY(x, y, z) ((x) ^ (y) ^ (z))
50 #define MAJ(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
51 
52 //SHA-1 padding
53 static const uint8_t padding[64] =
54 {
55  0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
56  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
57  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
58  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
59 };
60 
61 //SHA-1 constants
62 static const uint32_t k[4] =
63 {
64  0x5A827999,
65  0x6ED9EBA1,
66  0x8F1BBCDC,
67  0xCA62C1D6
68 };
69 
70 //SHA-1 object identifier (1.3.14.3.2.26)
71 const uint8_t sha1Oid[5] = {0x2B, 0x0E, 0x03, 0x02, 0x1A};
72 
73 //Common interface for hash algorithms
75 {
76  "SHA-1",
77  sha1Oid,
78  sizeof(sha1Oid),
79  sizeof(Sha1Context),
86 };
87 
88 
89 /**
90  * @brief Digest a message using SHA-1
91  * @param[in] data Pointer to the message being hashed
92  * @param[in] length Length of the message
93  * @param[out] digest Pointer to the calculated digest
94  * @return Error code
95  **/
96 
97 error_t sha1Compute(const void *data, size_t length, uint8_t *digest)
98 {
99  //Allocate a memory buffer to hold the SHA-1 context
100  Sha1Context *context = cryptoAllocMem(sizeof(Sha1Context));
101  //Failed to allocate memory?
102  if(context == NULL)
103  return ERROR_OUT_OF_MEMORY;
104 
105  //Initialize the SHA-1 context
106  sha1Init(context);
107  //Digest the message
108  sha1Update(context, data, length);
109  //Finalize the SHA-1 message digest
110  sha1Final(context, digest);
111 
112  //Free previously allocated memory
113  cryptoFreeMem(context);
114  //Successful processing
115  return NO_ERROR;
116 }
117 
118 
119 /**
120  * @brief Initialize SHA-1 message digest context
121  * @param[in] context Pointer to the SHA-1 context to initialize
122  **/
123 
124 void sha1Init(Sha1Context *context)
125 {
126  //Set initial hash value
127  context->h[0] = 0x67452301;
128  context->h[1] = 0xEFCDAB89;
129  context->h[2] = 0x98BADCFE;
130  context->h[3] = 0x10325476;
131  context->h[4] = 0xC3D2E1F0;
132 
133  //Number of bytes in the buffer
134  context->size = 0;
135  //Total length of the message
136  context->totalSize = 0;
137 }
138 
139 
140 /**
141  * @brief Update the SHA-1 context with a portion of the message being hashed
142  * @param[in] context Pointer to the SHA-1 context
143  * @param[in] data Pointer to the buffer being hashed
144  * @param[in] length Length of the buffer
145  **/
146 
147 void sha1Update(Sha1Context *context, const void *data, size_t length)
148 {
149  size_t n;
150 
151  //Process the incoming data
152  while(length > 0)
153  {
154  //The buffer can hold at most 64 bytes
155  n = MIN(length, 64 - context->size);
156 
157  //Copy the data to the buffer
158  cryptoMemcpy(context->buffer + context->size, data, n);
159 
160  //Update the SHA-1 context
161  context->size += n;
162  context->totalSize += n;
163  //Advance the data pointer
164  data = (uint8_t *) data + n;
165  //Remaining bytes to process
166  length -= n;
167 
168  //Process message in 16-word blocks
169  if(context->size == 64)
170  {
171  //Transform the 16-word block
172  sha1ProcessBlock(context);
173  //Empty the buffer
174  context->size = 0;
175  }
176  }
177 }
178 
179 
180 /**
181  * @brief Finish the SHA-1 message digest
182  * @param[in] context Pointer to the SHA-1 context
183  * @param[out] digest Calculated digest (optional parameter)
184  **/
185 
186 void sha1Final(Sha1Context *context, uint8_t *digest)
187 {
188  uint_t i;
189  size_t paddingSize;
190  uint64_t totalSize;
191 
192  //Length of the original message (before padding)
193  totalSize = context->totalSize * 8;
194 
195  //Pad the message so that its length is congruent to 56 modulo 64
196  if(context->size < 56)
197  paddingSize = 56 - context->size;
198  else
199  paddingSize = 64 + 56 - context->size;
200 
201  //Append padding
202  sha1Update(context, padding, paddingSize);
203 
204  //Append the length of the original message
205  context->w[14] = htobe32((uint32_t) (totalSize >> 32));
206  context->w[15] = htobe32((uint32_t) totalSize);
207 
208  //Calculate the message digest
209  sha1ProcessBlock(context);
210 
211  //Convert from host byte order to big-endian byte order
212  for(i = 0; i < 5; i++)
213  context->h[i] = htobe32(context->h[i]);
214 
215  //Copy the resulting digest
216  if(digest != NULL)
217  cryptoMemcpy(digest, context->digest, SHA1_DIGEST_SIZE);
218 }
219 
220 
221 /**
222  * @brief Process message in 16-word blocks
223  * @param[in] context Pointer to the SHA-1 context
224  **/
225 
227 {
228  uint_t t;
229  uint32_t temp;
230 
231  //Initialize the 5 working registers
232  uint32_t a = context->h[0];
233  uint32_t b = context->h[1];
234  uint32_t c = context->h[2];
235  uint32_t d = context->h[3];
236  uint32_t e = context->h[4];
237 
238  //Process message in 16-word blocks
239  uint32_t *w = context->w;
240 
241  //Convert from big-endian byte order to host byte order
242  for(t = 0; t < 16; t++)
243  w[t] = betoh32(w[t]);
244 
245  //SHA-1 hash computation (alternate method)
246  for(t = 0; t < 80; t++)
247  {
248  //Prepare the message schedule
249  if(t >= 16)
250  W(t) = ROL32(W(t + 13) ^ W(t + 8) ^ W(t + 2) ^ W(t), 1);
251 
252  //Calculate T
253  if(t < 20)
254  temp = ROL32(a, 5) + CH(b, c, d) + e + W(t) + k[0];
255  else if(t < 40)
256  temp = ROL32(a, 5) + PARITY(b, c, d) + e + W(t) + k[1];
257  else if(t < 60)
258  temp = ROL32(a, 5) + MAJ(b, c, d) + e + W(t) + k[2];
259  else
260  temp = ROL32(a, 5) + PARITY(b, c, d) + e + W(t) + k[3];
261 
262  //Update the working registers
263  e = d;
264  d = c;
265  c = ROL32(b, 30);
266  b = a;
267  a = temp;
268  }
269 
270  //Update the hash value
271  context->h[0] += a;
272  context->h[1] += b;
273  context->h[2] += c;
274  context->h[3] += d;
275  context->h[4] += e;
276 }
277 
278 #endif
#define ROL32(a, n)
Definition: crypto.h:849
uint8_t c
Definition: ndp.h:510
#define W(t)
Definition: sha1.c:45
#define cryptoMemcpy(dest, src, length)
Definition: crypto.h:590
#define cryptoFreeMem(p)
Definition: crypto.h:578
uint8_t buffer[64]
Definition: sha1.h:64
void sha1Init(Sha1Context *context)
Initialize SHA-1 message digest context.
Definition: sha1.c:124
error_t(* HashAlgoCompute)(const void *data, size_t length, uint8_t *digest)
Definition: crypto.h:1020
SHA-1 algorithm context.
Definition: sha1.h:54
#define cryptoAllocMem(size)
Definition: crypto.h:573
#define htobe32(value)
Definition: cpu_endian.h:420
uint64_t totalSize
Definition: sha1.h:67
General definitions for cryptographic algorithms.
#define CH(x, y, z)
Definition: sha1.c:48
uint32_t h[5]
Definition: sha1.h:58
#define SHA1_DIGEST_SIZE
Definition: sha1.h:38
uint32_t totalSize
#define betoh32(value)
Definition: cpu_endian.h:428
uint8_t a
Definition: ndp.h:407
uint16_t w[3]
Definition: ethernet.h:154
const HashAlgo sha1HashAlgo
Definition: sha1.c:74
error_t sha1Compute(const void *data, size_t length, uint8_t *digest)
Digest a message using SHA-1.
Definition: sha1.c:97
void(* HashAlgoInit)(void *context)
Definition: crypto.h:1021
#define MIN(a, b)
Definition: os_port.h:60
void sha1ProcessBlock(Sha1Context *context)
Process message in 16-word blocks.
Definition: sha1.c:226
#define MAJ(x, y, z)
Definition: sha1.c:50
void(* HashAlgoUpdate)(void *context, const void *data, size_t length)
Definition: crypto.h:1022
void sha1Final(Sha1Context *context, uint8_t *digest)
Finish the SHA-1 message digest.
Definition: sha1.c:186
Success.
Definition: error.h:42
uint32_t w[16]
Definition: sha1.h:63
error_t
Error codes.
Definition: error.h:40
uint8_t digest[20]
Definition: sha1.h:59
unsigned int uint_t
Definition: compiler_port.h:43
const uint8_t sha1Oid[5]
Definition: sha1.c:71
uint8_t data[]
Definition: dtls_misc.h:167
#define SHA1_BLOCK_SIZE
Definition: sha1.h:36
SHA-1 (Secure Hash Algorithm 1)
void sha1Update(Sha1Context *context, const void *data, size_t length)
Update the SHA-1 context with a portion of the message being hashed.
Definition: sha1.c:147
size_t size
Definition: sha1.h:66
Common interface for hash algorithms.
Definition: crypto.h:1054
uint8_t length
Definition: dtls_misc.h:140
uint8_t n
#define PARITY(x, y, z)
Definition: sha1.c:49
uint8_t b[6]
Definition: dtls_misc.h:130
void(* HashAlgoFinal)(void *context, uint8_t *digest)
Definition: crypto.h:1023