From patchwork Wed Dec 11 20:26:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 1207898 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47Y7mv5wzgz9sR8 for ; Thu, 12 Dec 2019 07:28:47 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 47Y7mv27QVzDqjh for ; Thu, 12 Dec 2019 07:28:47 +1100 (AEDT) X-Original-To: slof@lists.ozlabs.org Delivered-To: slof@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=linux.vnet.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=stefanb@linux.vnet.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 47Y7ll4pwYzDqJ2 for ; Thu, 12 Dec 2019 07:27:44 +1100 (AEDT) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xBBKGfTJ105797; Wed, 11 Dec 2019 15:27:41 -0500 Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0a-001b2d01.pphosted.com with ESMTP id 2wsrdqkp01-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 11 Dec 2019 15:27:41 -0500 Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id xBBKLNbe020702; Wed, 11 Dec 2019 20:27:40 GMT Received: from b01cxnp23033.gho.pok.ibm.com (b01cxnp23033.gho.pok.ibm.com [9.57.198.28]) by ppma02dal.us.ibm.com with ESMTP id 2wr3q723tn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 11 Dec 2019 20:27:40 +0000 Received: from b01ledav003.gho.pok.ibm.com (b01ledav003.gho.pok.ibm.com [9.57.199.108]) by b01cxnp23033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id xBBKRdqe38273314 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 11 Dec 2019 20:27:39 GMT Received: from b01ledav003.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 793AAB2065; Wed, 11 Dec 2019 20:27:39 +0000 (GMT) Received: from b01ledav003.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6BDBFB2064; Wed, 11 Dec 2019 20:27:39 +0000 (GMT) Received: from newfield.pok.ibm.com (unknown [9.47.158.66]) by b01ledav003.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 11 Dec 2019 20:27:39 +0000 (GMT) From: Stefan Berger To: slof@lists.ozlabs.org Date: Wed, 11 Dec 2019 15:26:58 -0500 Message-Id: <20191211202728.127996-4-stefanb@linux.vnet.ibm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191211202728.127996-1-stefanb@linux.vnet.ibm.com> References: <20191211202728.127996-1-stefanb@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95, 18.0.572 definitions=2019-12-11_06:2019-12-11, 2019-12-11 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 phishscore=0 impostorscore=0 mlxlogscore=999 priorityscore=1501 adultscore=0 bulkscore=0 mlxscore=0 malwarescore=0 suspectscore=1 lowpriorityscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1912110168 Subject: [SLOF] [PATCH v4 03/33] tpm: Add sha1 implementation X-BeenThere: slof@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Patches for https://github.com/aik/SLOF" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kevin@koconnor.net MIME-Version: 1.0 Errors-To: slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "SLOF" The following patch adds a SHA1 implementation based on the algorithm description in NIST FIPS PUB 180-4. Signed-off-by: Stefan Berger --- lib/libtpm/Makefile | 2 +- lib/libtpm/sha1.c | 197 ++++++++++++++++++++++++++++++++++++++++++++ lib/libtpm/sha1.h | 20 +++++ 3 files changed, 218 insertions(+), 1 deletion(-) create mode 100644 lib/libtpm/sha1.c create mode 100644 lib/libtpm/sha1.h diff --git a/lib/libtpm/Makefile b/lib/libtpm/Makefile index 012fe37..1a67859 100644 --- a/lib/libtpm/Makefile +++ b/lib/libtpm/Makefile @@ -23,7 +23,7 @@ TARGET = ../libtpm.a all: $(TARGET) -SRCS = tpm_drivers.c tcgbios.c +SRCS = tpm_drivers.c tcgbios.c sha1.c OBJS = $(SRCS:%.c=%.o) diff --git a/lib/libtpm/sha1.c b/lib/libtpm/sha1.c new file mode 100644 index 0000000..2454b8f --- /dev/null +++ b/lib/libtpm/sha1.c @@ -0,0 +1,197 @@ +/***************************************************************************** + * Copyright (c) 2015 IBM Corporation + * All rights reserved. + * This program and the accompanying materials + * are made available under the terms of the BSD License + * which accompanies this distribution, and is available at + * http://www.opensource.org/licenses/bsd-license.php + * + * Contributors: + * IBM Corporation - initial implementation + *****************************************************************************/ + +/* + * See: NIST standard for SHA-1 in FIPS PUB 180-4 + */ + +#include "byteorder.h" +#include "sha1.h" +#include "string.h" + +typedef struct _sha1_ctx { + uint32_t h[5]; +} sha1_ctx; + +static uint32_t rol(uint32_t data, uint8_t n) +{ + if (!n) + return data; + return (data << n) | (data >> (32 - n)); +} + +static void sha1_block(uint32_t *w, sha1_ctx *ctx) +{ + uint32_t i; + uint32_t a,b,c,d,e,f; + uint32_t tmp; + uint32_t idx; + + /* + * FIPS 180-4 4.2.1: SHA1 Constants + */ + static const uint32_t sha_ko[4] = { + 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6 + }; + + /* + * FIPS 180-4 6.1.2: step 1 + * + * 0 <= i <= 15: + * W(t) = M(t) + * 16 <= i <= 79: + * W(t) = ROTL(W(t-3) XOR W(t-8) XOR W(t-14) XOR W(t-16), 1) + */ + + /* w(0)..(w15) already in big endian format */ + + for (i = 16; i <= 79; i++) { + tmp = w[i-3] ^ w[i-8] ^ w[i-14] ^ w[i-16]; + w[i] = rol(tmp, 1); + } + + /* + * step 2: a = H0, b = H1, c = H2, d = H3, e = H4. + */ + a = ctx->h[0]; + b = ctx->h[1]; + c = ctx->h[2]; + d = ctx->h[3]; + e = ctx->h[4]; + + /* + * step 3: For i = 0 to 79: + * T = ROTL(a, 5) + f(i; b,c,d) + e + W(t) + K(t); + */ + for (i = 0; i <= 79; i++) { + /* + * FIPS 180-4: 4.1.1 : definition of f(i; b,c,d) + */ + if (i <= 19) { + /* + * 0 <= i <= 19: + * f(i; b,c,d) = (b AND c) OR ((NOT b) AND d) + */ + f = (b & c) | ((b ^ 0xffffffff) & d); + idx = 0; + } else if (i <= 39) { + /* + * 20 <= i <= 39: + * f(i; b,c,d) = b XOR c XOR d + */ + f = b ^ c ^ d; + idx = 1; + } else if (i <= 59) { + /* + * 40 <= i <= 59: + * f(i; b,c,d) = (b AND c) OR (b AND d) OR (c AND d) + */ + f = (b & c) | (b & d) | (c & d); + idx = 2; + } else { + /* + * 60 <= i <= 79: + * f(i; b,c,d) = b XOR c XOR d + */ + f = b ^ c ^ d; + idx = 3; + } + + /* + * step 3: + * t = ROTL(a, 5) + f(t;b,c,d) + e + K(t) + W(t); + * e = d; d = c; c = ROTL(b, 30); b = a; a = t; + */ + tmp = rol(a, 5) + + f + + e + + sha_ko[idx] + + w[i]; + e = d; + d = c; + c = rol(b, 30); + b = a; + a = tmp; + } + + /* + * step 4: + * H0 = a + H0, H1 = b + H1, H2 = c + H2, H3 = d + H3, H4 = e + H4 + */ + ctx->h[0] += a; + ctx->h[1] += b; + ctx->h[2] += c; + ctx->h[3] += d; + ctx->h[4] += e; +} + +static void sha1_do(sha1_ctx *ctx, const uint8_t*data32, uint32_t length) +{ + uint32_t offset; + uint16_t num; + uint32_t bits = 0; + uint32_t w[80]; + uint64_t tmp; + + /* treat data in 64-byte chunks */ + for (offset = 0; length - offset >= 64; offset += 64) { + memcpy(w, data32 + offset, 64); + sha1_block((uint32_t *)w, ctx); + bits += (64 * 8); + } + + /* last block with less than 64 bytes */ + num = length - offset; + bits += (num << 3); + + memcpy(w, data32 + offset, num); + /* + * FIPS 180-4 5.1: Padding the Message + */ + ((uint8_t *)w)[num] = 0x80; + if (64 - (num + 1) > 0) + memset( &((uint8_t *)w)[num + 1], 0, 64 - (num + 1)); + + if (num >= 56) { + /* cannot append number of bits here */ + sha1_block((uint32_t *)w, ctx); + memset(w, 0, 60); + } + + /* write number of bits to end of block */ + tmp = bits; + memcpy(&w[14], &tmp, 8); + + sha1_block(w, ctx); +} + +uint32_t sha1(const uint8_t *data, uint32_t length, uint8_t *hash) +{ + sha1_ctx ctx = { + .h = { + /* + * FIPS 180-4: 6.1.1 + * -> 5.3.1: initial hash value + */ + 0x67452301, + 0xefcdab89, + 0x98badcfe, + 0x10325476, + 0xc3d2e1f0, + } + }; + + sha1_do(&ctx, data, length); + memcpy(hash, &ctx.h[0], 20); + + return 0; +} diff --git a/lib/libtpm/sha1.h b/lib/libtpm/sha1.h new file mode 100644 index 0000000..7fa3e03 --- /dev/null +++ b/lib/libtpm/sha1.h @@ -0,0 +1,20 @@ +/***************************************************************************** + * Copyright (c) 2015 IBM Corporation + * All rights reserved. + * This program and the accompanying materials + * are made available under the terms of the BSD License + * which accompanies this distribution, and is available at + * http://www.opensource.org/licenses/bsd-license.php + * + * Contributors: + * IBM Corporation - initial implementation + *****************************************************************************/ + +#ifndef __SHA1_H +#define __SHA1_H + +#include "types.h" + +uint32_t sha1(const uint8_t *data, uint32_t length, uint8_t *hash); + +#endif /* __SHA1_H */