4 * This file is part of BeRTOS.
6 * Bertos is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
20 * As a special exception, you may use this file as part of a free software
21 * library without restriction. Specifically, if other files instantiate
22 * templates or use macros or inline functions from this file, or you compile
23 * this file and link it with other files to produce an executable, this
24 * file does not by itself cause the resulting executable to be covered by
25 * the GNU General Public License. This exception does not however
26 * invalidate any other reasons why the executable file might be covered by
27 * the GNU General Public License.
29 * Copyright 2010 Develer S.r.l. (http://www.develer.com/)
33 * \brief SHA-1 Hashing algorithm.
34 * \author Giovanni Bajo <rasky@develer.com>
40 * By Steve Reid <steve@edmweb.com>
44 /* #define LITTLE_ENDIAN * This should be #define'd if true. */
45 /* #define SHA1HANDSOFF * Copies data before messing with it. */
49 #include <cfg/compiler.h>
50 #include <cfg/debug.h>
51 #include <cfg/macros.h>
52 #include <cpu/byteorder.h> // CPU_BYTE_ORDER
57 #define SHA1_BLOCK_LEN 16
58 #define SHA1_DIGEST_LEN 16
60 static void SHA1Transform(uint32_t state[5], const uint8_t buffer[64]);
62 #define rol(value, bits) ROTL(value, bits)
64 /* blk0() and blk() perform the initial expand. */
65 /* I got the idea of expanding during the round function from SSLeay */
66 #define blk0(i) (block->l[i] = be32_to_cpu(block->l[i]))
67 #define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
68 ^block->l[(i+2)&15]^block->l[i&15],1))
70 /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
71 #define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
72 #define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
73 #define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
74 #define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
75 #define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
78 /* Hash a single 512-bit block. This is the core of the algorithm. */
83 static CHAR64LONG16 workspace;
85 static void SHA1Transform(uint32_t state[5], const uint8_t buffer[64])
87 uint32_t a, b, c, d, e;
89 CHAR64LONG16* block = &workspace;
90 memcpy(block, buffer, 64);
92 /* Copy context->state[] to working vars */
98 /* 4 rounds of 20 operations each. Loop unrolled. */
179 /* Add the working vars back into context.state[] */
186 a = b = c = d = e = 0;
189 static void SHA1_begin(Hash* h)
191 SHA1_Context *context = (SHA1_Context*)h;
192 /* SHA1 initialization constants */
193 context->state[0] = 0x67452301;
194 context->state[1] = 0xEFCDAB89;
195 context->state[2] = 0x98BADCFE;
196 context->state[3] = 0x10325476;
197 context->state[4] = 0xC3D2E1F0;
198 context->count[0] = context->count[1] = 0;
201 /* Run your data through this. */
203 static void SHA1_update(Hash* h, const void* vdata, size_t len)
205 SHA1_Context *context = (SHA1_Context*)h;
206 const uint8_t *data = (const uint8_t*)vdata;
209 j = (context->count[0] >> 3) & 63;
210 if ((context->count[0] += len << 3) < (len << 3))
212 context->count[1] += (len >> 29);
213 if ((j + len) > 63) {
214 memcpy(&context->buffer[j], data, (i = 64-j));
215 SHA1Transform(context->state, context->buffer);
216 for ( ; i + 63 < len; i += 64) {
217 SHA1Transform(context->state, &data[i]);
222 memcpy(&context->buffer[j], &data[i], len - i);
226 /* Add padding and return the message digest. */
228 static uint8_t *SHA1_final(Hash* h)
230 SHA1_Context *context = (SHA1_Context*)h;
232 uint8_t finalcount[8];
234 for (i = 0; i < 8; i++)
235 finalcount[i] = (uint8_t)((context->count[(i >= 4 ? 0 : 1)]
236 >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
238 SHA1_update(h, "\200", 1);
239 while ((context->count[0] & 504) != 448)
240 SHA1_update(h, "\0", 1);
241 SHA1_update(h, finalcount, 8); /* Should cause a SHA1Transform() */
243 for (i = 0; i < 20; i++)
244 context->buffer[i] = (uint8_t)
245 ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
249 return context->buffer;
253 /*************************************************************/
255 void SHA1_init(SHA1_Context* ctx)
257 ctx->h.block_len = SHA1_BLOCK_LEN;
258 ctx->h.digest_len = SHA1_DIGEST_LEN;
259 ctx->h.begin = SHA1_begin;
260 ctx->h.update = SHA1_update;
261 ctx->h.final = SHA1_final;
264 #include <drv/timer.h>
266 void SHA1_benchmark(int numk)
268 SHA1_Context context;
271 static uint8_t buf[512];
272 memset(buf, 0x12, sizeof(buf));
274 ticks_t t = timer_clock();
276 for (int j=0;j<64;++j) {
277 SHA1_begin(&context.h);
278 for (int i=0; i<numk*2; ++i)
279 SHA1_update(&context.h, buf, 512);
280 SHA1_final(&context.h);
283 t = timer_clock() - t;
285 utime_t usec = ticks_to_us(t) / 64;
286 kprintf("%s @ %dMhz: SHA1 of %dKiB of data: %lu.%lu ms\n", CPU_CORE_NAME, CPU_FREQ/1000000, numk, (usec/1000), (usec % 1000));
291 Test Vectors (from FIPS PUB 180-1)
293 A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
294 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
295 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
296 A million repetitions of "a"
297 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
300 int main(int argc, char** argv)