xref: /rk3399_rockchip-uboot/tools/rockchip/sha.c (revision bc04a3dd9a41813372820ba50655022a6a28bfbf) 
1 /* sha.c
2 **
3 ** Copyright 2008, The Android Open Source Project
4 **
5 ** Redistribution and use in source and binary forms, with or without
6 ** modification, are permitted provided that the following conditions are met:
7 **     * Redistributions of source code must retain the above copyright
8 **       notice, this list of conditions and the following disclaimer.
9 **     * Redistributions in binary form must reproduce the above copyright
10 **       notice, this list of conditions and the following disclaimer in the
11 **       documentation and/or other materials provided with the distribution.
12 **     * Neither the name of Google Inc. nor the names of its contributors may
13 **       be used to endorse or promote products derived from this software
14 **       without specific prior written permission.
15 **
16 ** THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
17 ** IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18 ** MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19 ** EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20 ** SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 ** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22 ** OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 ** WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 ** OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25 ** ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27 
28 #include "sha.h"
29 
30 /*
31  Some machines lack byteswap.h and endian.h.  These have to use the
32  slower code, even if they're little-endian.
33 */
34 
35 #if defined(HAVE_ENDIAN_H) && defined(HAVE_LITTLE_ENDIAN)
36 
37 #include <byteswap.h>
38 #include <memory.h>
39 
40 /*
41  This version is about 28% faster than the generic version below,
42  but assumes little-endianness.
43 */
44 
45 static inline uint32_t ror27(uint32_t val)
46 {
47 	return (val >> 27) | (val << 5);
48 }
49 static inline uint32_t ror2(uint32_t val)
50 {
51 	return (val >> 2) | (val << 30);
52 }
53 static inline uint32_t ror31(uint32_t val)
54 {
55 	return (val >> 31) | (val << 1);
56 }
57 
58 static void SHA1_Transform(SHA_CTX *ctx)
59 {
60 	uint32_t W[80];
61 	register uint32_t A, B, C, D, E;
62 	int t;
63 
64 	A = ctx->state[0];
65 	B = ctx->state[1];
66 	C = ctx->state[2];
67 	D = ctx->state[3];
68 	E = ctx->state[4];
69 
70 #define SHA_F1(A, B, C, D, E, t)                                               \
71   E += ror27(A) + (W[t] = bswap_32(ctx->buf.w[t])) + (D ^ (B & (C ^ D))) +     \
72        0x5A827999;                                                             \
73   B = ror2(B);
74 
75 	for (t = 0; t < 15; t += 5) {
76 		SHA_F1(A, B, C, D, E, t + 0);
77 		SHA_F1(E, A, B, C, D, t + 1);
78 		SHA_F1(D, E, A, B, C, t + 2);
79 		SHA_F1(C, D, E, A, B, t + 3);
80 		SHA_F1(B, C, D, E, A, t + 4);
81 	}
82 	SHA_F1(A, B, C, D, E, t + 0); /* 16th one, t == 15 */
83 
84 #undef SHA_F1
85 
86 #define SHA_F1(A, B, C, D, E, t)                                               \
87   E +=                                                                         \
88       ror27(A) + (W[t] = ror31(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16])) + \
89       (D ^ (B & (C ^ D))) + 0x5A827999;                                        \
90   B = ror2(B);
91 
92 	SHA_F1(E, A, B, C, D, t + 1);
93 	SHA_F1(D, E, A, B, C, t + 2);
94 	SHA_F1(C, D, E, A, B, t + 3);
95 	SHA_F1(B, C, D, E, A, t + 4);
96 
97 #undef SHA_F1
98 
99 #define SHA_F2(A, B, C, D, E, t)                                               \
100   E +=                                                                         \
101       ror27(A) + (W[t] = ror31(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16])) + \
102       (B ^ C ^ D) + 0x6ED9EBA1;                                                \
103   B = ror2(B);
104 
105 	for (t = 20; t < 40; t += 5) {
106 		SHA_F2(A, B, C, D, E, t + 0);
107 		SHA_F2(E, A, B, C, D, t + 1);
108 		SHA_F2(D, E, A, B, C, t + 2);
109 		SHA_F2(C, D, E, A, B, t + 3);
110 		SHA_F2(B, C, D, E, A, t + 4);
111 	}
112 
113 #undef SHA_F2
114 
115 #define SHA_F3(A, B, C, D, E, t)                                               \
116   E +=                                                                         \
117       ror27(A) + (W[t] = ror31(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16])) + \
118       ((B & C) | (D & (B | C))) + 0x8F1BBCDC;                                  \
119   B = ror2(B);
120 
121 	for (; t < 60; t += 5) {
122 		SHA_F3(A, B, C, D, E, t + 0);
123 		SHA_F3(E, A, B, C, D, t + 1);
124 		SHA_F3(D, E, A, B, C, t + 2);
125 		SHA_F3(C, D, E, A, B, t + 3);
126 		SHA_F3(B, C, D, E, A, t + 4);
127 	}
128 
129 #undef SHA_F3
130 
131 #define SHA_F4(A, B, C, D, E, t)                                               \
132   E +=                                                                         \
133       ror27(A) + (W[t] = ror31(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16])) + \
134       (B ^ C ^ D) + 0xCA62C1D6;                                                \
135   B = ror2(B);
136 
137 	for (; t < 80; t += 5) {
138 		SHA_F4(A, B, C, D, E, t + 0);
139 		SHA_F4(E, A, B, C, D, t + 1);
140 		SHA_F4(D, E, A, B, C, t + 2);
141 		SHA_F4(C, D, E, A, B, t + 3);
142 		SHA_F4(B, C, D, E, A, t + 4);
143 	}
144 
145 #undef SHA_F4
146 
147 	ctx->state[0] += A;
148 	ctx->state[1] += B;
149 	ctx->state[2] += C;
150 	ctx->state[3] += D;
151 	ctx->state[4] += E;
152 }
153 
154 void SHA_update(SHA_CTX *ctx, const void *data, int len)
155 {
156 	int i = ctx->count % sizeof(ctx->buf);
157 	const uint8_t *p = (const uint8_t *)data;
158 
159 	ctx->count += len;
160 
161 	while (len > sizeof(ctx->buf) - i) {
162 		memcpy(&ctx->buf.b[i], p, sizeof(ctx->buf) - i);
163 		len -= sizeof(ctx->buf) - i;
164 		p += sizeof(ctx->buf) - i;
165 		SHA1_Transform(ctx);
166 		i = 0;
167 	}
168 
169 	while (len--) {
170 		ctx->buf.b[i++] = *p++;
171 		if (i == sizeof(ctx->buf)) {
172 			SHA1_Transform(ctx);
173 			i = 0;
174 		}
175 	}
176 }
177 
178 const uint8_t *SHA_final(SHA_CTX *ctx)
179 {
180 	uint64_t cnt = ctx->count * 8;
181 	int i;
182 
183 	SHA_update(ctx, (uint8_t *)"\x80", 1);
184 	while ((ctx->count % sizeof(ctx->buf)) != (sizeof(ctx->buf) - 8)) {
185 		SHA_update(ctx, (uint8_t *)"\0", 1);
186 	}
187 	for (i = 0; i < 8; ++i) {
188 		uint8_t tmp = cnt >> ((7 - i) * 8);
189 		SHA_update(ctx, &tmp, 1);
190 	}
191 
192 	for (i = 0; i < 5; i++) {
193 		ctx->buf.w[i] = bswap_32(ctx->state[i]);
194 	}
195 
196 	return ctx->buf.b;
197 }
198 
199 #else /* #if defined(HAVE_ENDIAN_H) && defined(HAVE_LITTLE_ENDIAN)*/
200 
201 #define rol(bits, value) (((value) << (bits)) | ((value) >> (32 - (bits))))
202 
203 static void SHA1_transform(SHA_CTX *ctx)
204 {
205 	uint32_t W[80];
206 	uint32_t A, B, C, D, E;
207 	uint8_t *p = ctx->buf;
208 	int t;
209 
210 	for (t = 0; t < 16; ++t) {
211 		uint32_t tmp = *p++ << 24;
212 		tmp |= *p++ << 16;
213 		tmp |= *p++ << 8;
214 		tmp |= *p++;
215 		W[t] = tmp;
216 	}
217 
218 	for (; t < 80; t++) {
219 		W[t] = rol(1, W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16]);
220 	}
221 
222 	A = ctx->state[0];
223 	B = ctx->state[1];
224 	C = ctx->state[2];
225 	D = ctx->state[3];
226 	E = ctx->state[4];
227 
228 	for (t = 0; t < 80; t++) {
229 		uint32_t tmp = rol(5, A) + E + W[t];
230 
231 		if (t < 20)
232 			tmp += (D ^ (B & (C ^ D))) + 0x5A827999;
233 		else if (t < 40)
234 			tmp += (B ^ C ^ D) + 0x6ED9EBA1;
235 		else if (t < 60)
236 			tmp += ((B & C) | (D & (B | C))) + 0x8F1BBCDC;
237 		else
238 			tmp += (B ^ C ^ D) + 0xCA62C1D6;
239 
240 		E = D;
241 		D = C;
242 		C = rol(30, B);
243 		B = A;
244 		A = tmp;
245 	}
246 
247 	ctx->state[0] += A;
248 	ctx->state[1] += B;
249 	ctx->state[2] += C;
250 	ctx->state[3] += D;
251 	ctx->state[4] += E;
252 }
253 
254 void SHA_update(SHA_CTX *ctx, const void *data, int len)
255 {
256 	int i = ctx->count % sizeof(ctx->buf);
257 	const uint8_t *p = (const uint8_t *)data;
258 
259 	ctx->count += len;
260 
261 	while (len--) {
262 		ctx->buf[i++] = *p++;
263 		if (i == sizeof(ctx->buf)) {
264 			SHA1_transform(ctx);
265 			i = 0;
266 		}
267 	}
268 }
269 const uint8_t *SHA_final(SHA_CTX *ctx)
270 {
271 	uint8_t *p = ctx->buf;
272 	uint64_t cnt = ctx->count * 8;
273 	int i;
274 
275 	SHA_update(ctx, (uint8_t *)"\x80", 1);
276 	while ((ctx->count % sizeof(ctx->buf)) != (sizeof(ctx->buf) - 8)) {
277 		SHA_update(ctx, (uint8_t *)"\0", 1);
278 	}
279 	for (i = 0; i < 8; ++i) {
280 		uint8_t tmp = cnt >> ((7 - i) * 8);
281 		SHA_update(ctx, &tmp, 1);
282 	}
283 
284 	for (i = 0; i < 5; i++) {
285 		uint32_t tmp = ctx->state[i];
286 		*p++ = tmp >> 24;
287 		*p++ = tmp >> 16;
288 		*p++ = tmp >> 8;
289 		*p++ = tmp >> 0;
290 	}
291 
292 	return ctx->buf;
293 }
294 
295 #endif /* endianness */
296 
297 void SHA_init(SHA_CTX *ctx)
298 {
299 	ctx->state[0] = 0x67452301;
300 	ctx->state[1] = 0xEFCDAB89;
301 	ctx->state[2] = 0x98BADCFE;
302 	ctx->state[3] = 0x10325476;
303 	ctx->state[4] = 0xC3D2E1F0;
304 	ctx->count = 0;
305 }
306 
307 /* Convenience function */
308 const uint8_t *SHA(const void *data, int len, uint8_t *digest)
309 {
310 	const uint8_t *p;
311 	int i;
312 	SHA_CTX ctx;
313 	SHA_init(&ctx);
314 	SHA_update(&ctx, data, len);
315 	p = SHA_final(&ctx);
316 	for (i = 0; i < SHA_DIGEST_SIZE; ++i) {
317 		digest[i] = *p++;
318 	}
319 	return digest;
320 }
321