include/u-boot/sha1.h

/* SPDX-License-Identifier: LGPL-2.1 */
/**
 * \file sha1.h
 * based from http://xyssl.org/code/source/sha1/
 *  FIPS-180-1 compliant SHA-1 implementation
 *
 *  Copyright (C) 2003-2006  Christophe Devine
 */
/*
 *  The SHA-1 standard was published by NIST in 1993.
 *
 *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
 */
#ifndef _SHA1_H
#define _SHA1_H

#include <linux/kconfig.h>
#include <linux/types.h>

#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
/*
 * FIXME:
 * MbedTLS define the members of "mbedtls_sha256_context" as private,
 * but "state" needs to be access by arch/arm/cpu/armv8/sha1_ce_glue.
 * MBEDTLS_ALLOW_PRIVATE_ACCESS needs to be enabled to allow the external
 * access.
 * Directly including <external/mbedtls/library/common.h> is not allowed,
 * since this will include <malloc.h> and break the sandbox test.
 */
#define MBEDTLS_ALLOW_PRIVATE_ACCESS

#include <mbedtls/sha1.h>
#endif

#ifdef __cplusplus
extern "C" {
#endif

#define SHA1_SUM_POS	-0x20
#define SHA1_SUM_LEN	20
#define SHA1_DER_LEN	15

#define SHA1_DEF_CHUNK_SZ 0x10000

#define K_IPAD_VAL 0x36
#define K_OPAD_VAL 0x5C
#define K_PAD_LEN 64

extern const uint8_t sha1_der_prefix[];

#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
typedef mbedtls_sha1_context sha1_context;
#else
/**
 * \brief	   SHA-1 context structure
 */
typedef struct
{
    unsigned long total[2];	/*!< number of bytes processed	*/
    uint32_t state[5];		/*!< intermediate digest state	*/
    unsigned char buffer[64];	/*!< data block being processed */
}
sha1_context;
#endif

/**
 * \brief	   SHA-1 context setup
 *
 * \param ctx	   SHA-1 context to be initialized
 */
void sha1_starts(sha1_context *ctx);

/**
 * \brief	   SHA-1 process buffer
 *
 * \param ctx	   SHA-1 context
 * \param input    buffer holding the  data
 * \param ilen	   length of the input data
 */
void sha1_update(sha1_context *ctx, const unsigned char *input,
		 unsigned int ilen);

/**
 * \brief	   SHA-1 final digest
 *
 * \param ctx	   SHA-1 context
 * \param output   SHA-1 checksum result
 */
void sha1_finish( sha1_context *ctx, unsigned char output[20] );

/**
 * \brief	   Output = SHA-1( input buffer ), with watchdog triggering
 *
 * \param input    buffer holding the  data
 * \param ilen	   length of the input data
 * \param output   SHA-1 checksum result
 * \param chunk_sz watchdog triggering period (in bytes of input processed)
 */
void sha1_csum_wd(const unsigned char *input, unsigned int ilen,
		unsigned char *output, unsigned int chunk_sz);

/**
 * \brief	   Output = HMAC-SHA-1( input buffer, hmac key )
 *
 * \param key	   HMAC secret key
 * \param keylen   length of the HMAC key
 * \param input    buffer holding the  data
 * \param ilen	   length of the input data
 * \param output   HMAC-SHA-1 result
 */
void sha1_hmac(const unsigned char *key, int keylen,
		const unsigned char *input, unsigned int ilen,
		unsigned char *output);

/**
 * \brief	   Checkup routine
 *
 * \return	   0 if successful, or 1 if the test failed
 */
int sha1_self_test( void );

#ifdef __cplusplus
}
#endif

#endif /* sha1.h */