Coverage Report

Created: 2025-07-01 06:54

/work/mbedtls-2.28.8/library/sha1.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 *  FIPS-180-1 compliant SHA-1 implementation
3
 *
4
 *  Copyright The Mbed TLS Contributors
5
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6
 */
7
/*
8
 *  The SHA-1 standard was published by NIST in 1993.
9
 *
10
 *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
11
 */
12
13
#include "common.h"
14
15
#if defined(MBEDTLS_SHA1_C)
16
17
#include "mbedtls/sha1.h"
18
#include "mbedtls/platform_util.h"
19
#include "mbedtls/error.h"
20
21
#include <string.h>
22
23
#include "mbedtls/platform.h"
24
25
#define SHA1_VALIDATE_RET(cond)                             \
26
0
    MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA)
27
28
0
#define SHA1_VALIDATE(cond)  MBEDTLS_INTERNAL_VALIDATE(cond)
29
30
#if !defined(MBEDTLS_SHA1_ALT)
31
32
void mbedtls_sha1_init(mbedtls_sha1_context *ctx)
33
0
{
34
0
    SHA1_VALIDATE(ctx != NULL);
35
36
0
    memset(ctx, 0, sizeof(mbedtls_sha1_context));
37
0
}
38
39
void mbedtls_sha1_free(mbedtls_sha1_context *ctx)
40
0
{
41
0
    if (ctx == NULL) {
42
0
        return;
43
0
    }
44
45
0
    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha1_context));
46
0
}
47
48
void mbedtls_sha1_clone(mbedtls_sha1_context *dst,
49
                        const mbedtls_sha1_context *src)
50
0
{
51
0
    SHA1_VALIDATE(dst != NULL);
52
0
    SHA1_VALIDATE(src != NULL);
53
54
0
    *dst = *src;
55
0
}
56
57
/*
58
 * SHA-1 context setup
59
 */
60
int mbedtls_sha1_starts_ret(mbedtls_sha1_context *ctx)
61
0
{
62
0
    SHA1_VALIDATE_RET(ctx != NULL);
63
64
0
    ctx->total[0] = 0;
65
0
    ctx->total[1] = 0;
66
67
0
    ctx->state[0] = 0x67452301;
68
0
    ctx->state[1] = 0xEFCDAB89;
69
0
    ctx->state[2] = 0x98BADCFE;
70
0
    ctx->state[3] = 0x10325476;
71
0
    ctx->state[4] = 0xC3D2E1F0;
72
73
0
    return 0;
74
0
}
75
76
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
77
void mbedtls_sha1_starts(mbedtls_sha1_context *ctx)
78
0
{
79
0
    mbedtls_sha1_starts_ret(ctx);
80
0
}
81
#endif
82
83
#if !defined(MBEDTLS_SHA1_PROCESS_ALT)
84
int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx,
85
                                  const unsigned char data[64])
86
0
{
87
0
    struct {
88
0
        uint32_t temp, W[16], A, B, C, D, E;
89
0
    } local;
90
91
0
    SHA1_VALIDATE_RET(ctx != NULL);
92
0
    SHA1_VALIDATE_RET((const unsigned char *) data != NULL);
93
94
0
    local.W[0] = MBEDTLS_GET_UINT32_BE(data,  0);
95
0
    local.W[1] = MBEDTLS_GET_UINT32_BE(data,  4);
96
0
    local.W[2] = MBEDTLS_GET_UINT32_BE(data,  8);
97
0
    local.W[3] = MBEDTLS_GET_UINT32_BE(data, 12);
98
0
    local.W[4] = MBEDTLS_GET_UINT32_BE(data, 16);
99
0
    local.W[5] = MBEDTLS_GET_UINT32_BE(data, 20);
100
0
    local.W[6] = MBEDTLS_GET_UINT32_BE(data, 24);
101
0
    local.W[7] = MBEDTLS_GET_UINT32_BE(data, 28);
102
0
    local.W[8] = MBEDTLS_GET_UINT32_BE(data, 32);
103
0
    local.W[9] = MBEDTLS_GET_UINT32_BE(data, 36);
104
0
    local.W[10] = MBEDTLS_GET_UINT32_BE(data, 40);
105
0
    local.W[11] = MBEDTLS_GET_UINT32_BE(data, 44);
106
0
    local.W[12] = MBEDTLS_GET_UINT32_BE(data, 48);
107
0
    local.W[13] = MBEDTLS_GET_UINT32_BE(data, 52);
108
0
    local.W[14] = MBEDTLS_GET_UINT32_BE(data, 56);
109
0
    local.W[15] = MBEDTLS_GET_UINT32_BE(data, 60);
110
111
0
#define S(x, n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
112
113
0
#define R(t)                                                    \
114
0
    (                                                           \
115
0
        local.temp = local.W[((t) -  3) & 0x0F] ^             \
116
0
                     local.W[((t) -  8) & 0x0F] ^             \
117
0
                     local.W[((t) - 14) & 0x0F] ^             \
118
0
                     local.W[(t)        & 0x0F],              \
119
0
        (local.W[(t) & 0x0F] = S(local.temp, 1))               \
120
0
    )
121
122
0
#define P(a, b, c, d, e, x)                                          \
123
0
    do                                                          \
124
0
    {                                                           \
125
0
        (e) += S((a), 5) + F((b), (c), (d)) + K + (x);             \
126
0
        (b) = S((b), 30);                                        \
127
0
    } while (0)
128
129
0
    local.A = ctx->state[0];
130
0
    local.B = ctx->state[1];
131
0
    local.C = ctx->state[2];
132
0
    local.D = ctx->state[3];
133
0
    local.E = ctx->state[4];
134
135
0
#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
136
0
#define K 0x5A827999
137
138
0
    P(local.A, local.B, local.C, local.D, local.E, local.W[0]);
139
0
    P(local.E, local.A, local.B, local.C, local.D, local.W[1]);
140
0
    P(local.D, local.E, local.A, local.B, local.C, local.W[2]);
141
0
    P(local.C, local.D, local.E, local.A, local.B, local.W[3]);
142
0
    P(local.B, local.C, local.D, local.E, local.A, local.W[4]);
143
0
    P(local.A, local.B, local.C, local.D, local.E, local.W[5]);
144
0
    P(local.E, local.A, local.B, local.C, local.D, local.W[6]);
145
0
    P(local.D, local.E, local.A, local.B, local.C, local.W[7]);
146
0
    P(local.C, local.D, local.E, local.A, local.B, local.W[8]);
147
0
    P(local.B, local.C, local.D, local.E, local.A, local.W[9]);
148
0
    P(local.A, local.B, local.C, local.D, local.E, local.W[10]);
149
0
    P(local.E, local.A, local.B, local.C, local.D, local.W[11]);
150
0
    P(local.D, local.E, local.A, local.B, local.C, local.W[12]);
151
0
    P(local.C, local.D, local.E, local.A, local.B, local.W[13]);
152
0
    P(local.B, local.C, local.D, local.E, local.A, local.W[14]);
153
0
    P(local.A, local.B, local.C, local.D, local.E, local.W[15]);
154
0
    P(local.E, local.A, local.B, local.C, local.D, R(16));
155
0
    P(local.D, local.E, local.A, local.B, local.C, R(17));
156
0
    P(local.C, local.D, local.E, local.A, local.B, R(18));
157
0
    P(local.B, local.C, local.D, local.E, local.A, R(19));
158
159
0
#undef K
160
0
#undef F
161
162
0
#define F(x, y, z) ((x) ^ (y) ^ (z))
163
0
#define K 0x6ED9EBA1
164
165
0
    P(local.A, local.B, local.C, local.D, local.E, R(20));
166
0
    P(local.E, local.A, local.B, local.C, local.D, R(21));
167
0
    P(local.D, local.E, local.A, local.B, local.C, R(22));
168
0
    P(local.C, local.D, local.E, local.A, local.B, R(23));
169
0
    P(local.B, local.C, local.D, local.E, local.A, R(24));
170
0
    P(local.A, local.B, local.C, local.D, local.E, R(25));
171
0
    P(local.E, local.A, local.B, local.C, local.D, R(26));
172
0
    P(local.D, local.E, local.A, local.B, local.C, R(27));
173
0
    P(local.C, local.D, local.E, local.A, local.B, R(28));
174
0
    P(local.B, local.C, local.D, local.E, local.A, R(29));
175
0
    P(local.A, local.B, local.C, local.D, local.E, R(30));
176
0
    P(local.E, local.A, local.B, local.C, local.D, R(31));
177
0
    P(local.D, local.E, local.A, local.B, local.C, R(32));
178
0
    P(local.C, local.D, local.E, local.A, local.B, R(33));
179
0
    P(local.B, local.C, local.D, local.E, local.A, R(34));
180
0
    P(local.A, local.B, local.C, local.D, local.E, R(35));
181
0
    P(local.E, local.A, local.B, local.C, local.D, R(36));
182
0
    P(local.D, local.E, local.A, local.B, local.C, R(37));
183
0
    P(local.C, local.D, local.E, local.A, local.B, R(38));
184
0
    P(local.B, local.C, local.D, local.E, local.A, R(39));
185
186
0
#undef K
187
0
#undef F
188
189
0
#define F(x, y, z) (((x) & (y)) | ((z) & ((x) | (y))))
190
0
#define K 0x8F1BBCDC
191
192
0
    P(local.A, local.B, local.C, local.D, local.E, R(40));
193
0
    P(local.E, local.A, local.B, local.C, local.D, R(41));
194
0
    P(local.D, local.E, local.A, local.B, local.C, R(42));
195
0
    P(local.C, local.D, local.E, local.A, local.B, R(43));
196
0
    P(local.B, local.C, local.D, local.E, local.A, R(44));
197
0
    P(local.A, local.B, local.C, local.D, local.E, R(45));
198
0
    P(local.E, local.A, local.B, local.C, local.D, R(46));
199
0
    P(local.D, local.E, local.A, local.B, local.C, R(47));
200
0
    P(local.C, local.D, local.E, local.A, local.B, R(48));
201
0
    P(local.B, local.C, local.D, local.E, local.A, R(49));
202
0
    P(local.A, local.B, local.C, local.D, local.E, R(50));
203
0
    P(local.E, local.A, local.B, local.C, local.D, R(51));
204
0
    P(local.D, local.E, local.A, local.B, local.C, R(52));
205
0
    P(local.C, local.D, local.E, local.A, local.B, R(53));
206
0
    P(local.B, local.C, local.D, local.E, local.A, R(54));
207
0
    P(local.A, local.B, local.C, local.D, local.E, R(55));
208
0
    P(local.E, local.A, local.B, local.C, local.D, R(56));
209
0
    P(local.D, local.E, local.A, local.B, local.C, R(57));
210
0
    P(local.C, local.D, local.E, local.A, local.B, R(58));
211
0
    P(local.B, local.C, local.D, local.E, local.A, R(59));
212
213
0
#undef K
214
0
#undef F
215
216
0
#define F(x, y, z) ((x) ^ (y) ^ (z))
217
0
#define K 0xCA62C1D6
218
219
0
    P(local.A, local.B, local.C, local.D, local.E, R(60));
220
0
    P(local.E, local.A, local.B, local.C, local.D, R(61));
221
0
    P(local.D, local.E, local.A, local.B, local.C, R(62));
222
0
    P(local.C, local.D, local.E, local.A, local.B, R(63));
223
0
    P(local.B, local.C, local.D, local.E, local.A, R(64));
224
0
    P(local.A, local.B, local.C, local.D, local.E, R(65));
225
0
    P(local.E, local.A, local.B, local.C, local.D, R(66));
226
0
    P(local.D, local.E, local.A, local.B, local.C, R(67));
227
0
    P(local.C, local.D, local.E, local.A, local.B, R(68));
228
0
    P(local.B, local.C, local.D, local.E, local.A, R(69));
229
0
    P(local.A, local.B, local.C, local.D, local.E, R(70));
230
0
    P(local.E, local.A, local.B, local.C, local.D, R(71));
231
0
    P(local.D, local.E, local.A, local.B, local.C, R(72));
232
0
    P(local.C, local.D, local.E, local.A, local.B, R(73));
233
0
    P(local.B, local.C, local.D, local.E, local.A, R(74));
234
0
    P(local.A, local.B, local.C, local.D, local.E, R(75));
235
0
    P(local.E, local.A, local.B, local.C, local.D, R(76));
236
0
    P(local.D, local.E, local.A, local.B, local.C, R(77));
237
0
    P(local.C, local.D, local.E, local.A, local.B, R(78));
238
0
    P(local.B, local.C, local.D, local.E, local.A, R(79));
239
240
0
#undef K
241
0
#undef F
242
243
0
    ctx->state[0] += local.A;
244
0
    ctx->state[1] += local.B;
245
0
    ctx->state[2] += local.C;
246
0
    ctx->state[3] += local.D;
247
0
    ctx->state[4] += local.E;
248
249
    /* Zeroise buffers and variables to clear sensitive data from memory. */
250
0
    mbedtls_platform_zeroize(&local, sizeof(local));
251
252
0
    return 0;
253
0
}
254
255
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
256
void mbedtls_sha1_process(mbedtls_sha1_context *ctx,
257
                          const unsigned char data[64])
258
0
{
259
0
    mbedtls_internal_sha1_process(ctx, data);
260
0
}
261
#endif
262
#endif /* !MBEDTLS_SHA1_PROCESS_ALT */
263
264
/*
265
 * SHA-1 process buffer
266
 */
267
int mbedtls_sha1_update_ret(mbedtls_sha1_context *ctx,
268
                            const unsigned char *input,
269
                            size_t ilen)
270
0
{
271
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
272
0
    size_t fill;
273
0
    uint32_t left;
274
275
0
    SHA1_VALIDATE_RET(ctx != NULL);
276
0
    SHA1_VALIDATE_RET(ilen == 0 || input != NULL);
277
278
0
    if (ilen == 0) {
279
0
        return 0;
280
0
    }
281
282
0
    left = ctx->total[0] & 0x3F;
283
0
    fill = 64 - left;
284
285
0
    ctx->total[0] += (uint32_t) ilen;
286
0
    ctx->total[0] &= 0xFFFFFFFF;
287
288
0
    if (ctx->total[0] < (uint32_t) ilen) {
289
0
        ctx->total[1]++;
290
0
    }
291
292
0
    if (left && ilen >= fill) {
293
0
        memcpy((void *) (ctx->buffer + left), input, fill);
294
295
0
        if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {
296
0
            return ret;
297
0
        }
298
299
0
        input += fill;
300
0
        ilen  -= fill;
301
0
        left = 0;
302
0
    }
303
304
0
    while (ilen >= 64) {
305
0
        if ((ret = mbedtls_internal_sha1_process(ctx, input)) != 0) {
306
0
            return ret;
307
0
        }
308
309
0
        input += 64;
310
0
        ilen  -= 64;
311
0
    }
312
313
0
    if (ilen > 0) {
314
0
        memcpy((void *) (ctx->buffer + left), input, ilen);
315
0
    }
316
317
0
    return 0;
318
0
}
319
320
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
321
void mbedtls_sha1_update(mbedtls_sha1_context *ctx,
322
                         const unsigned char *input,
323
                         size_t ilen)
324
0
{
325
0
    mbedtls_sha1_update_ret(ctx, input, ilen);
326
0
}
327
#endif
328
329
/*
330
 * SHA-1 final digest
331
 */
332
int mbedtls_sha1_finish_ret(mbedtls_sha1_context *ctx,
333
                            unsigned char output[20])
334
0
{
335
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
336
0
    uint32_t used;
337
0
    uint32_t high, low;
338
339
0
    SHA1_VALIDATE_RET(ctx != NULL);
340
0
    SHA1_VALIDATE_RET((unsigned char *) output != NULL);
341
342
    /*
343
     * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
344
     */
345
0
    used = ctx->total[0] & 0x3F;
346
347
0
    ctx->buffer[used++] = 0x80;
348
349
0
    if (used <= 56) {
350
        /* Enough room for padding + length in current block */
351
0
        memset(ctx->buffer + used, 0, 56 - used);
352
0
    } else {
353
        /* We'll need an extra block */
354
0
        memset(ctx->buffer + used, 0, 64 - used);
355
356
0
        if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {
357
0
            return ret;
358
0
        }
359
360
0
        memset(ctx->buffer, 0, 56);
361
0
    }
362
363
    /*
364
     * Add message length
365
     */
366
0
    high = (ctx->total[0] >> 29)
367
0
           | (ctx->total[1] <<  3);
368
0
    low  = (ctx->total[0] <<  3);
369
370
0
    MBEDTLS_PUT_UINT32_BE(high, ctx->buffer, 56);
371
0
    MBEDTLS_PUT_UINT32_BE(low,  ctx->buffer, 60);
372
373
0
    if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) {
374
0
        return ret;
375
0
    }
376
377
    /*
378
     * Output final state
379
     */
380
0
    MBEDTLS_PUT_UINT32_BE(ctx->state[0], output,  0);
381
0
    MBEDTLS_PUT_UINT32_BE(ctx->state[1], output,  4);
382
0
    MBEDTLS_PUT_UINT32_BE(ctx->state[2], output,  8);
383
0
    MBEDTLS_PUT_UINT32_BE(ctx->state[3], output, 12);
384
0
    MBEDTLS_PUT_UINT32_BE(ctx->state[4], output, 16);
385
386
0
    return 0;
387
0
}
388
389
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
390
void mbedtls_sha1_finish(mbedtls_sha1_context *ctx,
391
                         unsigned char output[20])
392
0
{
393
0
    mbedtls_sha1_finish_ret(ctx, output);
394
0
}
395
#endif
396
397
#endif /* !MBEDTLS_SHA1_ALT */
398
399
/*
400
 * output = SHA-1( input buffer )
401
 */
402
int mbedtls_sha1_ret(const unsigned char *input,
403
                     size_t ilen,
404
                     unsigned char output[20])
405
0
{
406
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
407
0
    mbedtls_sha1_context ctx;
408
409
0
    SHA1_VALIDATE_RET(ilen == 0 || input != NULL);
410
0
    SHA1_VALIDATE_RET((unsigned char *) output != NULL);
411
412
0
    mbedtls_sha1_init(&ctx);
413
414
0
    if ((ret = mbedtls_sha1_starts_ret(&ctx)) != 0) {
415
0
        goto exit;
416
0
    }
417
418
0
    if ((ret = mbedtls_sha1_update_ret(&ctx, input, ilen)) != 0) {
419
0
        goto exit;
420
0
    }
421
422
0
    if ((ret = mbedtls_sha1_finish_ret(&ctx, output)) != 0) {
423
0
        goto exit;
424
0
    }
425
426
0
exit:
427
0
    mbedtls_sha1_free(&ctx);
428
429
0
    return ret;
430
0
}
431
432
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
433
void mbedtls_sha1(const unsigned char *input,
434
                  size_t ilen,
435
                  unsigned char output[20])
436
0
{
437
0
    mbedtls_sha1_ret(input, ilen, output);
438
0
}
439
#endif
440
441
#if defined(MBEDTLS_SELF_TEST)
442
/*
443
 * FIPS-180-1 test vectors
444
 */
445
static const unsigned char sha1_test_buf[3][57] =
446
{
447
    { "abc" },
448
    { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
449
    { "" }
450
};
451
452
static const size_t sha1_test_buflen[3] =
453
{
454
    3, 56, 1000
455
};
456
457
static const unsigned char sha1_test_sum[3][20] =
458
{
459
    { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
460
      0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
461
    { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
462
      0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
463
    { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
464
      0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
465
};
466
467
/*
468
 * Checkup routine
469
 */
470
int mbedtls_sha1_self_test(int verbose)
471
0
{
472
0
    int i, j, buflen, ret = 0;
473
0
    unsigned char buf[1024];
474
0
    unsigned char sha1sum[20];
475
0
    mbedtls_sha1_context ctx;
476
477
0
    mbedtls_sha1_init(&ctx);
478
479
    /*
480
     * SHA-1
481
     */
482
0
    for (i = 0; i < 3; i++) {
483
0
        if (verbose != 0) {
484
0
            mbedtls_printf("  SHA-1 test #%d: ", i + 1);
485
0
        }
486
487
0
        if ((ret = mbedtls_sha1_starts_ret(&ctx)) != 0) {
488
0
            goto fail;
489
0
        }
490
491
0
        if (i == 2) {
492
0
            memset(buf, 'a', buflen = 1000);
493
494
0
            for (j = 0; j < 1000; j++) {
495
0
                ret = mbedtls_sha1_update_ret(&ctx, buf, buflen);
496
0
                if (ret != 0) {
497
0
                    goto fail;
498
0
                }
499
0
            }
500
0
        } else {
501
0
            ret = mbedtls_sha1_update_ret(&ctx, sha1_test_buf[i],
502
0
                                          sha1_test_buflen[i]);
503
0
            if (ret != 0) {
504
0
                goto fail;
505
0
            }
506
0
        }
507
508
0
        if ((ret = mbedtls_sha1_finish_ret(&ctx, sha1sum)) != 0) {
509
0
            goto fail;
510
0
        }
511
512
0
        if (memcmp(sha1sum, sha1_test_sum[i], 20) != 0) {
513
0
            ret = 1;
514
0
            goto fail;
515
0
        }
516
517
0
        if (verbose != 0) {
518
0
            mbedtls_printf("passed\n");
519
0
        }
520
0
    }
521
522
0
    if (verbose != 0) {
523
0
        mbedtls_printf("\n");
524
0
    }
525
526
0
    goto exit;
527
528
0
fail:
529
0
    if (verbose != 0) {
530
0
        mbedtls_printf("failed\n");
531
0
    }
532
533
0
exit:
534
0
    mbedtls_sha1_free(&ctx);
535
536
0
    return ret;
537
0
}
538
539
#endif /* MBEDTLS_SELF_TEST */
540
541
#endif /* MBEDTLS_SHA1_C */