2  *  FIPS-180-1 compliant SHA-1 implementation
5  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8  *  The SHA-1 standard was published by NIST in 1993.
10  *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
48  * SHA-1 context setup
52     ctx->total[0] = 0;  in mbedtls_sha1_starts()
53     ctx->total[1] = 0;  in mbedtls_sha1_starts()
55     ctx->state[0] = 0x67452301;  in mbedtls_sha1_starts()
56     ctx->state[1] = 0xEFCDAB89;  in mbedtls_sha1_starts()
57     ctx->state[2] = 0x98BADCFE;  in mbedtls_sha1_starts()
58     ctx->state[3] = 0x10325476;  in mbedtls_sha1_starts()
59     ctx->state[4] = 0xC3D2E1F0;  in mbedtls_sha1_starts()
69         uint32_t temp, W[16], A, B, C, D, E;  in mbedtls_internal_sha1_process()  member
72     local.W[0] = MBEDTLS_GET_UINT32_BE(data,  0);  in mbedtls_internal_sha1_process()
73     local.W[1] = MBEDTLS_GET_UINT32_BE(data,  4);  in mbedtls_internal_sha1_process()
74     local.W[2] = MBEDTLS_GET_UINT32_BE(data,  8);  in mbedtls_internal_sha1_process()
75     local.W[3] = MBEDTLS_GET_UINT32_BE(data, 12);  in mbedtls_internal_sha1_process()
76     local.W[4] = MBEDTLS_GET_UINT32_BE(data, 16);  in mbedtls_internal_sha1_process()
77     local.W[5] = MBEDTLS_GET_UINT32_BE(data, 20);  in mbedtls_internal_sha1_process()
78     local.W[6] = MBEDTLS_GET_UINT32_BE(data, 24);  in mbedtls_internal_sha1_process()
79     local.W[7] = MBEDTLS_GET_UINT32_BE(data, 28);  in mbedtls_internal_sha1_process()
80     local.W[8] = MBEDTLS_GET_UINT32_BE(data, 32);  in mbedtls_internal_sha1_process()
81     local.W[9] = MBEDTLS_GET_UINT32_BE(data, 36);  in mbedtls_internal_sha1_process()
82     local.W[10] = MBEDTLS_GET_UINT32_BE(data, 40);  in mbedtls_internal_sha1_process()
83     local.W[11] = MBEDTLS_GET_UINT32_BE(data, 44);  in mbedtls_internal_sha1_process()
84     local.W[12] = MBEDTLS_GET_UINT32_BE(data, 48);  in mbedtls_internal_sha1_process()
85     local.W[13] = MBEDTLS_GET_UINT32_BE(data, 52);  in mbedtls_internal_sha1_process()
86     local.W[14] = MBEDTLS_GET_UINT32_BE(data, 56);  in mbedtls_internal_sha1_process()
87     local.W[15] = MBEDTLS_GET_UINT32_BE(data, 60);  in mbedtls_internal_sha1_process()
89 #define S(x, n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))  in mbedtls_internal_sha1_process()
93         local.temp = local.W[((t) -  3) & 0x0F] ^             \  in mbedtls_internal_sha1_process()
94                      local.W[((t) -  8) & 0x0F] ^             \  in mbedtls_internal_sha1_process()
95                      local.W[((t) - 14) & 0x0F] ^             \  in mbedtls_internal_sha1_process()
96                      local.W[(t)        & 0x0F],              \  in mbedtls_internal_sha1_process()
97         (local.W[(t) & 0x0F] = S(local.temp, 1))               \  in mbedtls_internal_sha1_process()
107     local.A = ctx->state[0];  in mbedtls_internal_sha1_process()
108     local.B = ctx->state[1];  in mbedtls_internal_sha1_process()
109     local.C = ctx->state[2];  in mbedtls_internal_sha1_process()
110     local.D = ctx->state[3];  in mbedtls_internal_sha1_process()
111     local.E = ctx->state[4];  in mbedtls_internal_sha1_process()
116     P(local.A, local.B, local.C, local.D, local.E, local.W[0]);  in mbedtls_internal_sha1_process()
117     P(local.E, local.A, local.B, local.C, local.D, local.W[1]);  in mbedtls_internal_sha1_process()
118     P(local.D, local.E, local.A, local.B, local.C, local.W[2]);  in mbedtls_internal_sha1_process()
119     P(local.C, local.D, local.E, local.A, local.B, local.W[3]);  in mbedtls_internal_sha1_process()
120     P(local.B, local.C, local.D, local.E, local.A, local.W[4]);  in mbedtls_internal_sha1_process()
121     P(local.A, local.B, local.C, local.D, local.E, local.W[5]);  in mbedtls_internal_sha1_process()
122     P(local.E, local.A, local.B, local.C, local.D, local.W[6]);  in mbedtls_internal_sha1_process()
123     P(local.D, local.E, local.A, local.B, local.C, local.W[7]);  in mbedtls_internal_sha1_process()
124     P(local.C, local.D, local.E, local.A, local.B, local.W[8]);  in mbedtls_internal_sha1_process()
125     P(local.B, local.C, local.D, local.E, local.A, local.W[9]);  in mbedtls_internal_sha1_process()
126     P(local.A, local.B, local.C, local.D, local.E, local.W[10]);  in mbedtls_internal_sha1_process()
127     P(local.E, local.A, local.B, local.C, local.D, local.W[11]);  in mbedtls_internal_sha1_process()
128     P(local.D, local.E, local.A, local.B, local.C, local.W[12]);  in mbedtls_internal_sha1_process()
129     P(local.C, local.D, local.E, local.A, local.B, local.W[13]);  in mbedtls_internal_sha1_process()
130     P(local.B, local.C, local.D, local.E, local.A, local.W[14]);  in mbedtls_internal_sha1_process()
131     P(local.A, local.B, local.C, local.D, local.E, local.W[15]);  in mbedtls_internal_sha1_process()
221     ctx->state[0] += local.A;  in mbedtls_internal_sha1_process()
222     ctx->state[1] += local.B;  in mbedtls_internal_sha1_process()
223     ctx->state[2] += local.C;  in mbedtls_internal_sha1_process()
224     ctx->state[3] += local.D;  in mbedtls_internal_sha1_process()
225     ctx->state[4] += local.E;  in mbedtls_internal_sha1_process()
236  * SHA-1 process buffer
250     left = ctx->total[0] & 0x3F;  in mbedtls_sha1_update()
251     fill = 64 - left;  in mbedtls_sha1_update()
253     ctx->total[0] += (uint32_t) ilen;  in mbedtls_sha1_update()
254     ctx->total[0] &= 0xFFFFFFFF;  in mbedtls_sha1_update()
256     if (ctx->total[0] < (uint32_t) ilen) {  in mbedtls_sha1_update()
257         ctx->total[1]++;  in mbedtls_sha1_update()
261         memcpy((void *) (ctx->buffer + left), input, fill);  in mbedtls_sha1_update()
263         if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {  in mbedtls_sha1_update()
268         ilen  -= fill;  in mbedtls_sha1_update()
278         ilen  -= 64;  in mbedtls_sha1_update()
282         memcpy((void *) (ctx->buffer + left), input, ilen);  in mbedtls_sha1_update()
289  * SHA-1 final digest
301     used = ctx->total[0] & 0x3F;  in mbedtls_sha1_finish()
303     ctx->buffer[used++] = 0x80;  in mbedtls_sha1_finish()
307         memset(ctx->buffer + used, 0, 56 - used);  in mbedtls_sha1_finish()
310         memset(ctx->buffer + used, 0, 64 - used);  in mbedtls_sha1_finish()
312         if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {  in mbedtls_sha1_finish()
316         memset(ctx->buffer, 0, 56);  in mbedtls_sha1_finish()
322     high = (ctx->total[0] >> 29)  in mbedtls_sha1_finish()
323            | (ctx->total[1] <<  3);  in mbedtls_sha1_finish()
324     low  = (ctx->total[0] <<  3);  in mbedtls_sha1_finish()
326     MBEDTLS_PUT_UINT32_BE(high, ctx->buffer, 56);  in mbedtls_sha1_finish()
327     MBEDTLS_PUT_UINT32_BE(low,  ctx->buffer, 60);  in mbedtls_sha1_finish()
329     if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {  in mbedtls_sha1_finish()
336     MBEDTLS_PUT_UINT32_BE(ctx->state[0], output,  0);  in mbedtls_sha1_finish()
337     MBEDTLS_PUT_UINT32_BE(ctx->state[1], output,  4);  in mbedtls_sha1_finish()
338     MBEDTLS_PUT_UINT32_BE(ctx->state[2], output,  8);  in mbedtls_sha1_finish()
339     MBEDTLS_PUT_UINT32_BE(ctx->state[3], output, 12);  in mbedtls_sha1_finish()
340     MBEDTLS_PUT_UINT32_BE(ctx->state[4], output, 16);  in mbedtls_sha1_finish()
352  * output = SHA-1( input buffer )
382  * FIPS-180-1 test vectors
419      * SHA-1  in mbedtls_sha1_self_test()
423             mbedtls_printf("  SHA-1 test #%d: ", i + 1);  in mbedtls_sha1_self_test()