diff --git a/LICENSES/README.md b/LICENSES/README.md index 76fd437cf72..29ae23c7277 100644 --- a/LICENSES/README.md +++ b/LICENSES/README.md @@ -66,6 +66,9 @@ The following exceptions apply: - src/libsystemd/sd-journal/lookup3.h * the tools/chromiumos/gen_autosuspend_rules.py script is licensed under the **BSD-3-Clause** license. + * the following sources are under **Public Domain** (LicenseRef-alg-sha1-public-domain): + - src/fundamental/sha1-fundamental.c + - src/fundamental/sha1-fundamental.h * Heebo fonts under docs/fonts/ are licensed under the **SIL Open Font License 1.1**, * any files under test/ without an explicit license we assume non-copyrightable (eg: computer-generated fuzzer data) diff --git a/LICENSES/alg-sha1-public-domain.txt b/LICENSES/alg-sha1-public-domain.txt new file mode 100644 index 00000000000..1f146cc1b12 --- /dev/null +++ b/LICENSES/alg-sha1-public-domain.txt @@ -0,0 +1,6 @@ +SHA-1 in C, by Steve Reid , Public Domain +Modified by James H. Brown , 7/98, Public Domain +Modified by Steve Reid , 8/98, Public Domain +Modified by Saul Kravitz , 4/01, Public Domain +Modified by Ralph Giles , 07/2002, Public Domain +Modified by Björn Esser , 10/2017, Public Domain diff --git a/src/fundamental/meson.build b/src/fundamental/meson.build index 3e9866ef703..b1522a88f8e 100644 --- a/src/fundamental/meson.build +++ b/src/fundamental/meson.build @@ -6,6 +6,7 @@ fundamental_sources = files( 'bootspec-fundamental.c', 'efivars-fundamental.c', 'iovec-util-fundamental.h', + 'sha1-fundamental.c', 'sha256-fundamental.c', 'string-util-fundamental.c', 'uki.c', diff --git a/src/fundamental/sha1-fundamental.c b/src/fundamental/sha1-fundamental.c new file mode 100644 index 00000000000..0f631d50531 --- /dev/null +++ b/src/fundamental/sha1-fundamental.c @@ -0,0 +1,283 @@ +/* SPDX-License-Identifier: LicenseRef-alg-sha1-public-domain */ + +/* +SHA-1 in C +By Steve Reid +100% Public Domain + +----------------- +Modified 7/98 +By James H. Brown +Still 100% Public Domain + +Corrected a problem which generated improper hash values on 16 bit machines +Routine SHA1Update changed from + void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int len) +to + void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned long len) + +The 'len' parameter was declared an int which works fine on 32 bit machines. +However, on 16 bit machines an int is too small for the shifts being done +against +it. This caused the hash function to generate incorrect values if len was +greater than 8191 (8K - 1) due to the 'len << 3' on line 3 of SHA1Update(). + +Since the file IO in main() reads 16K at a time, any file 8K or larger would +be guaranteed to generate the wrong hash (e.g. Test Vector #3, +a million "a"s). + +I also changed the declaration of variables i & j in SHA1Update to +unsigned long from unsigned int for the same reason. + +These changes should make no difference to any 32 bit implementations since +an int and a long are the same size in those environments. + +-- +I also corrected a few compiler warnings generated by Borland C. +1. Added #include for exit() prototype +2. Removed unused variable 'j' in SHA1Final +3. Changed exit(0) to return(0) at end of main. + +ALL changes I made can be located by searching for comments containing 'JHB' +----------------- +Modified 8/98 +By Steve Reid +Still 100% public domain + +1- Removed #include and used return() instead of exit() +2- Fixed overwriting of finalcount in SHA1Final() (discovered by Chris Hall) +3- Changed email address from steve@edmweb.com to sreid@sea-to-sky.net + +----------------- +Modified 4/01 +By Saul Kravitz +Still 100% PD +Modified to run on Compaq Alpha hardware. + +----------------- +Modified 07/2002 +By Ralph Giles +Still 100% public domain +modified for use with stdint types, autoconf +code cleanup, removed attribution comments +switched SHA1Final() argument order for consistency +use SHA1_ prefix for public api +move public api to sha1.h + +----------------- +Modified 10/2017 +By Björn Esser +Still 100% public domain +modified for use with libxcrypt + +Modified 09/2024 +By anonymix007 <48598263+anonymix007@users.noreply.github.com> +Still 100% public domain +modified for use with systemd +*/ + +#include "memory-util-fundamental.h" +#include "sha1-fundamental.h" + +#define SHA1_DIGEST_SIZE 20 + +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) + +/* blk0() and blk() perform the initial expand. */ +/* I got the idea of expanding during the round function from SSLeay */ +/* FIXME: can we do this in an endian-proof way? */ +#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ +# define blk0(i) block.l[i] +#else +# define blk0(i) (block.l[i] = (rol(block.l[i], 24) & 0xFF00FF00) | (rol(block.l[i], 8) & 0x00FF00FF)) +#endif +#define blk(i) \ + (block.l[i & 15] = rol( \ + block.l[(i + 13) & 15] ^ block.l[(i + 8) & 15] ^ block.l[(i + 2) & 15] ^ \ + block.l[i & 15], \ + 1)) + +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ +#define R0(v, w, x, y, z, i) \ + z += ((w & (x ^ y)) ^ y) + blk0(i) + 0x5A827999 + rol(v, 5); \ + w = rol(w, 30); +#define R1(v, w, x, y, z, i) \ + z += ((w & (x ^ y)) ^ y) + blk(i) + 0x5A827999 + rol(v, 5); \ + w = rol(w, 30); +#define R2(v, w, x, y, z, i) \ + z += (w ^ x ^ y) + blk(i) + 0x6ED9EBA1 + rol(v, 5); \ + w = rol(w, 30); +#define R3(v, w, x, y, z, i) \ + z += (((w | x) & y) | (w & x)) + blk(i) + 0x8F1BBCDC + rol(v, 5); \ + w = rol(w, 30); +#define R4(v, w, x, y, z, i) \ + z += (w ^ x ^ y) + blk(i) + 0xCA62C1D6 + rol(v, 5); \ + w = rol(w, 30); + +/* Hash a single 512-bit block. This is the core of the algorithm. */ +static void sha1_do_transform(uint32_t state[5], const uint8_t buffer[64]) { + uint32_t a, b, c, d, e; + typedef union { + uint8_t c[64]; + uint32_t l[16]; + } CHAR64LONG16; + CHAR64LONG16 block; + + memcpy(&block, buffer, 64); + + /* Copy context->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a, b, c, d, e, 0); + R0(e, a, b, c, d, 1); + R0(d, e, a, b, c, 2); + R0(c, d, e, a, b, 3); + R0(b, c, d, e, a, 4); + R0(a, b, c, d, e, 5); + R0(e, a, b, c, d, 6); + R0(d, e, a, b, c, 7); + R0(c, d, e, a, b, 8); + R0(b, c, d, e, a, 9); + R0(a, b, c, d, e, 10); + R0(e, a, b, c, d, 11); + R0(d, e, a, b, c, 12); + R0(c, d, e, a, b, 13); + R0(b, c, d, e, a, 14); + R0(a, b, c, d, e, 15); + R1(e, a, b, c, d, 16); + R1(d, e, a, b, c, 17); + R1(c, d, e, a, b, 18); + R1(b, c, d, e, a, 19); + R2(a, b, c, d, e, 20); + R2(e, a, b, c, d, 21); + R2(d, e, a, b, c, 22); + R2(c, d, e, a, b, 23); + R2(b, c, d, e, a, 24); + R2(a, b, c, d, e, 25); + R2(e, a, b, c, d, 26); + R2(d, e, a, b, c, 27); + R2(c, d, e, a, b, 28); + R2(b, c, d, e, a, 29); + R2(a, b, c, d, e, 30); + R2(e, a, b, c, d, 31); + R2(d, e, a, b, c, 32); + R2(c, d, e, a, b, 33); + R2(b, c, d, e, a, 34); + R2(a, b, c, d, e, 35); + R2(e, a, b, c, d, 36); + R2(d, e, a, b, c, 37); + R2(c, d, e, a, b, 38); + R2(b, c, d, e, a, 39); + R3(a, b, c, d, e, 40); + R3(e, a, b, c, d, 41); + R3(d, e, a, b, c, 42); + R3(c, d, e, a, b, 43); + R3(b, c, d, e, a, 44); + R3(a, b, c, d, e, 45); + R3(e, a, b, c, d, 46); + R3(d, e, a, b, c, 47); + R3(c, d, e, a, b, 48); + R3(b, c, d, e, a, 49); + R3(a, b, c, d, e, 50); + R3(e, a, b, c, d, 51); + R3(d, e, a, b, c, 52); + R3(c, d, e, a, b, 53); + R3(b, c, d, e, a, 54); + R3(a, b, c, d, e, 55); + R3(e, a, b, c, d, 56); + R3(d, e, a, b, c, 57); + R3(c, d, e, a, b, 58); + R3(b, c, d, e, a, 59); + R4(a, b, c, d, e, 60); + R4(e, a, b, c, d, 61); + R4(d, e, a, b, c, 62); + R4(c, d, e, a, b, 63); + R4(b, c, d, e, a, 64); + R4(a, b, c, d, e, 65); + R4(e, a, b, c, d, 66); + R4(d, e, a, b, c, 67); + R4(c, d, e, a, b, 68); + R4(b, c, d, e, a, 69); + R4(a, b, c, d, e, 70); + R4(e, a, b, c, d, 71); + R4(d, e, a, b, c, 72); + R4(c, d, e, a, b, 73); + R4(b, c, d, e, a, 74); + R4(a, b, c, d, e, 75); + R4(e, a, b, c, d, 76); + R4(d, e, a, b, c, 77); + R4(c, d, e, a, b, 78); + R4(b, c, d, e, a, 79); + + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + + /* Wipe variables */ + a = b = c = d = e = 0; +} + +/* SHA1Init - Initialize new context */ +void sha1_init_ctx(struct sha1_ctx *ctx) { + /* SHA1 initialization constants */ + ctx->state[0] = 0x67452301; + ctx->state[1] = 0xEFCDAB89; + ctx->state[2] = 0x98BADCFE; + ctx->state[3] = 0x10325476; + ctx->state[4] = 0xC3D2E1F0; + ctx->count[0] = ctx->count[1] = 0; +} + +/* Run your data through this. */ +void sha1_process_bytes(const void *buffer, size_t size, struct sha1_ctx *ctx) { + size_t i, j; + + j = (ctx->count[0] >> 3) & 63; + if ((ctx->count[0] += (uint32_t) size << 3) < ((uint32_t) size << 3)) + ctx->count[1]++; + ctx->count[1] += (uint32_t) (size >> 29); + if ((j + size) > 63) { + memcpy(&ctx->buffer[j], buffer, (i = 64 - j)); + sha1_do_transform(ctx->state, ctx->buffer); + DISABLE_WARNING_STRINGOP_OVERREAD; + for (; i + 63 < size; i += 64) + sha1_do_transform(ctx->state, (const uint8_t *) buffer + i); + REENABLE_WARNING; + j = 0; + } else + i = 0; + memcpy(&ctx->buffer[j], (const uint8_t *) buffer + i, size - i); +} + +/* Add padding and return the message digest. */ +void *sha1_finish_ctx(struct sha1_ctx *ctx, uint8_t result[static SHA1_DIGEST_SIZE]) { + uint32_t i; + uint8_t finalcount[8]; + + for (i = 0; i < 8; i++) { + finalcount[i] = (unsigned char) ((ctx->count[(i >= 4 ? 0 : 1)] >> ((3 - (i & 3)) * 8)) & + 255); /* Endian independent */ + } + sha1_process_bytes((const uint8_t *) "\200", 1, ctx); + while ((ctx->count[0] & 504) != 448) + sha1_process_bytes((const uint8_t *) "\0", 1, ctx); + sha1_process_bytes(finalcount, 8, ctx); /* Should cause a sha1_do_transform() */ + for (i = 0; i < SHA1_DIGEST_SIZE; i++) { + result[i] = (uint8_t) ((ctx->state[i >> 2] >> ((3 - (i & 3)) * 8)) & 255); + } + + /* Wipe variables */ + i = 0; + memzero(ctx, sizeof(struct sha1_ctx)); + memzero(finalcount, 8); /* SWR */ + + return result; +} diff --git a/src/fundamental/sha1-fundamental.h b/src/fundamental/sha1-fundamental.h new file mode 100644 index 00000000000..3577ad5809f --- /dev/null +++ b/src/fundamental/sha1-fundamental.h @@ -0,0 +1,36 @@ +/* SPDX-License-Identifier: LicenseRef-alg-sha1-public-domain */ + +/* + * This is an implementation of the National Institute of Standards + * and Technology US Secure Hash Algorithm 1 (SHA1). + * + * Public api for steve reid's public domain SHA-1 implementation. + * This file is in the public domain. + */ +#pragma once + +#include +#include + +#define SHA1_DIGEST_SIZE 20 + +/* Structure to save state of computation between the single steps. */ +struct sha1_ctx { + uint32_t state[5]; + uint32_t count[2]; + uint8_t buffer[64]; +}; + +/* Initialize structure containing state of computation. + (RFC 3174, 6.1) */ +void sha1_init_ctx(struct sha1_ctx *ctx); + +/* Starting with the result of former calls of this function (or the + initialization function) update the context for the next LEN bytes + starting at BUFFER. LEN does not need to be a multiple of 64. */ +void sha1_process_bytes(const void *buffer, size_t size, struct sha1_ctx *ctx); + +/* Process the remaining bytes in the buffer and write the finalized + hash to RESBUF, which should point to 20 bytes of storage. All + data written to CTX is erased before returning from the function. */ +void *sha1_finish_ctx(struct sha1_ctx *ctx, uint8_t result[static SHA1_DIGEST_SIZE]);