1 /*
2  * sha1.h
3  *
4  * interface to the Secure Hash Algorithm v.1 (SHA-1), specified in
5  * FIPS 180-1
6  *
7  * David A. McGrew
8  * Cisco Systems, Inc.
9  */
10 
11 /*
12  *
13  * Copyright (c) 2001-2017, Cisco Systems, Inc.
14  * All rights reserved.
15  *
16  * Redistribution and use in source and binary forms, with or without
17  * modification, are permitted provided that the following conditions
18  * are met:
19  *
20  *   Redistributions of source code must retain the above copyright
21  *   notice, this list of conditions and the following disclaimer.
22  *
23  *   Redistributions in binary form must reproduce the above
24  *   copyright notice, this list of conditions and the following
25  *   disclaimer in the documentation and/or other materials provided
26  *   with the distribution.
27  *
28  *   Neither the name of the Cisco Systems, Inc. nor the names of its
29  *   contributors may be used to endorse or promote products derived
30  *   from this software without specific prior written permission.
31  *
32  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
33  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
34  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
35  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
36  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
37  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
38  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
39  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
40  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
41  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
42  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
43  * OF THE POSSIBILITY OF SUCH DAMAGE.
44  *
45  */
46 
47 #ifndef SHA1_H
48 #define SHA1_H
49 
50 #ifdef HAVE_CONFIG_H
51 #include <config.h>
52 #endif
53 
54 #include "err.h"
55 #ifdef OPENSSL
56 #include <openssl/evp.h>
57 #include <stdint.h>
58 #else
59 #include "datatypes.h"
60 #endif
61 
62 #ifdef __cplusplus
63 extern "C" {
64 #endif
65 
66 #ifdef OPENSSL
67 
68 /*
69  * srtp_sha1_init(&ctx) initializes the SHA1 context ctx
70  *
71  * srtp_sha1_update(&ctx, msg, len) hashes the len octets starting at msg
72  * into the SHA1 context
73  *
74  * srtp_sha1_final(&ctx, output) performs the final processing of the SHA1
75  * context and writes the result to the 20 octets at output
76  *
77  * Return values are ignored on the EVP functions since all three
78  * of these functions return void.
79  *
80  */
81 
82 /* OpenSSL 1.1.0 made EVP_MD_CTX an opaque structure, which must be allocated
83    using EVP_MD_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */
84 #if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER
85 
86 typedef EVP_MD_CTX srtp_sha1_ctx_t;
87 
srtp_sha1_init(srtp_sha1_ctx_t * ctx)88 static inline void srtp_sha1_init(srtp_sha1_ctx_t *ctx)
89 {
90     EVP_MD_CTX_init(ctx);
91     EVP_DigestInit(ctx, EVP_sha1());
92 }
93 
srtp_sha1_update(srtp_sha1_ctx_t * ctx,const uint8_t * M,int octets_in_msg)94 static inline void srtp_sha1_update(srtp_sha1_ctx_t *ctx,
95                                     const uint8_t *M,
96                                     int octets_in_msg)
97 {
98     EVP_DigestUpdate(ctx, M, octets_in_msg);
99 }
100 
srtp_sha1_final(srtp_sha1_ctx_t * ctx,uint32_t * output)101 static inline void srtp_sha1_final(srtp_sha1_ctx_t *ctx, uint32_t *output)
102 {
103     unsigned int len = 0;
104 
105     EVP_DigestFinal(ctx, (unsigned char *)output, &len);
106     EVP_MD_CTX_cleanup(ctx);
107 }
108 
109 #else
110 
111 typedef EVP_MD_CTX *srtp_sha1_ctx_t;
112 
113 static inline void srtp_sha1_init(srtp_sha1_ctx_t *ctx)
114 {
115     *ctx = EVP_MD_CTX_new();
116     EVP_DigestInit(*ctx, EVP_sha1());
117 }
118 
119 static inline void srtp_sha1_update(srtp_sha1_ctx_t *ctx,
120                                     const uint8_t *M,
121                                     int octets_in_msg)
122 {
123     EVP_DigestUpdate(*ctx, M, octets_in_msg);
124 }
125 
126 static inline void srtp_sha1_final(srtp_sha1_ctx_t *ctx, uint32_t *output)
127 {
128     unsigned int len = 0;
129 
130     EVP_DigestFinal(*ctx, (unsigned char *)output, &len);
131     EVP_MD_CTX_free(*ctx);
132 }
133 #endif
134 
135 #else
136 
137 typedef struct {
138     uint32_t H[5];            /* state vector                    */
139     uint32_t M[16];           /* message buffer                  */
140     int octets_in_buffer;     /* octets of message in buffer     */
141     uint32_t num_bits_in_msg; /* total number of bits in message */
142 } srtp_sha1_ctx_t;
143 
144 /*
145  * srtp_sha1_init(&ctx) initializes the SHA1 context ctx
146  *
147  * srtp_sha1_update(&ctx, msg, len) hashes the len octets starting at msg
148  * into the SHA1 context
149  *
150  * srtp_sha1_final(&ctx, output) performs the final processing of the SHA1
151  * context and writes the result to the 20 octets at output
152  *
153  */
154 void srtp_sha1_init(srtp_sha1_ctx_t *ctx);
155 
156 void srtp_sha1_update(srtp_sha1_ctx_t *ctx,
157                       const uint8_t *M,
158                       int octets_in_msg);
159 
160 void srtp_sha1_final(srtp_sha1_ctx_t *ctx, uint32_t output[5]);
161 
162 /*
163  * The srtp_sha1_core function is INTERNAL to SHA-1, but it is declared
164  * here because it is also used by the cipher SEAL 3.0 in its key
165  * setup algorithm.
166  */
167 
168 /*
169  *  srtp_sha1_core(M, H) computes the core sha1 compression function, where M is
170  *  the next part of the message and H is the intermediate state {H0,
171  *  H1, ...}
172  *
173  *  this function does not do any of the padding required in the
174  *  complete sha1 function
175  */
176 void srtp_sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
177 
178 #endif /* else OPENSSL */
179 
180 #ifdef __cplusplus
181 }
182 #endif
183 
184 #endif /* SHA1_H */
185