TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 0963e6cfac2230d68c6ed1aa220ac41f096796ff / . / library / sha1.c
blob: 42f3d6cd5409a90fda43e44724fb345b58b700e3 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-1 compliant SHA-1 implementation
3 *
Manuel Pégourié-Gonnard6fb81872015-07-27 11:11:48 +0200[diff] [blame]4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]18 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]19 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]20 */
21/*
22 * The SHA-1 standard was published by NIST in 1993.
23 *
24 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
25 */
26
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]27#if !defined(MBEDTLS_CONFIG_FILE)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]28#include "mbedtls/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]29#else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]30#include MBEDTLS_CONFIG_FILE
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]31#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]32
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]33#if defined(MBEDTLS_SHA1_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]34
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]35#include "mbedtls/sha1.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]36
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]37#include <string.h>
38
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]39#if defined(MBEDTLS_SELF_TEST)
40#if defined(MBEDTLS_PLATFORM_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]41#include "mbedtls/platform.h"
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]42#else
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]43#include <stdio.h>
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]44#define mbedtls_printf printf
45#endif /* MBEDTLS_PLATFORM_C */
46#endif /* MBEDTLS_SELF_TEST */
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]47
Manuel Pégourié-Gonnard8b2641d2015-08-27 20:03:46 +0200[diff] [blame]48#if !defined(MBEDTLS_SHA1_ALT)
49
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]50/* Implementation that should never be optimized out by the compiler */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]51static void mbedtls_zeroize( void *v, size_t n ) {
Simon Butcher88ffc082016-05-20 00:00:37 +0100[diff] [blame]52 volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]53}
54
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]55/*
56 * 32-bit integer manipulation macros (big endian)
57 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]58#ifndef GET_UINT32_BE
59#define GET_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]60{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]61 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
62 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
63 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
64 | ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]65}
66#endif
67
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]68#ifndef PUT_UINT32_BE
69#define PUT_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]70{ \
71 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
72 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
73 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
74 (b)[(i) + 3] = (unsigned char) ( (n) ); \
75}
76#endif
77
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]78void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]79{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]80 memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]81}
82
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]83void mbedtls_sha1_free( mbedtls_sha1_context *ctx )
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]84{
85 if( ctx == NULL )
86 return;
87
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]88 mbedtls_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]89}
90
Manuel Pégourié-Gonnard16d412f2015-07-06 15:26:26 +0200[diff] [blame]91void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
92 const mbedtls_sha1_context *src )
93{
94 *dst = *src;
95}
96
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]97/*
98 * SHA-1 context setup
99 */
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]100int mbedtls_sha1_starts_ext( mbedtls_sha1_context *ctx )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]101{
102 ctx->total[0] = 0;
103 ctx->total[1] = 0;
104
105 ctx->state[0] = 0x67452301;
106 ctx->state[1] = 0xEFCDAB89;
107 ctx->state[2] = 0x98BADCFE;
108 ctx->state[3] = 0x10325476;
109 ctx->state[4] = 0xC3D2E1F0;
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]110
111 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]112}
113
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]114#if !defined(MBEDTLS_SHA1_PROCESS_ALT)
Andres Amaya Garciacccfe082017-06-28 10:36:39 +0100[diff] [blame]115int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
116 const unsigned char data[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]117{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]118 uint32_t temp, W[16], A, B, C, D, E;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]119
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]120 GET_UINT32_BE( W[ 0], data, 0 );
121 GET_UINT32_BE( W[ 1], data, 4 );
122 GET_UINT32_BE( W[ 2], data, 8 );
123 GET_UINT32_BE( W[ 3], data, 12 );
124 GET_UINT32_BE( W[ 4], data, 16 );
125 GET_UINT32_BE( W[ 5], data, 20 );
126 GET_UINT32_BE( W[ 6], data, 24 );
127 GET_UINT32_BE( W[ 7], data, 28 );
128 GET_UINT32_BE( W[ 8], data, 32 );
129 GET_UINT32_BE( W[ 9], data, 36 );
130 GET_UINT32_BE( W[10], data, 40 );
131 GET_UINT32_BE( W[11], data, 44 );
132 GET_UINT32_BE( W[12], data, 48 );
133 GET_UINT32_BE( W[13], data, 52 );
134 GET_UINT32_BE( W[14], data, 56 );
135 GET_UINT32_BE( W[15], data, 60 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]136
137#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
138
139#define R(t) \
140( \
Paul Bakker66d5d072014-06-17 16:39:18 +0200[diff] [blame]141 temp = W[( t - 3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \
142 W[( t - 14 ) & 0x0F] ^ W[ t & 0x0F], \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]143 ( W[t & 0x0F] = S(temp,1) ) \
144)
145
146#define P(a,b,c,d,e,x) \
147{ \
148 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
149}
150
151 A = ctx->state[0];
152 B = ctx->state[1];
153 C = ctx->state[2];
154 D = ctx->state[3];
155 E = ctx->state[4];
156
157#define F(x,y,z) (z ^ (x & (y ^ z)))
158#define K 0x5A827999
159
160 P( A, B, C, D, E, W[0] );
161 P( E, A, B, C, D, W[1] );
162 P( D, E, A, B, C, W[2] );
163 P( C, D, E, A, B, W[3] );
164 P( B, C, D, E, A, W[4] );
165 P( A, B, C, D, E, W[5] );
166 P( E, A, B, C, D, W[6] );
167 P( D, E, A, B, C, W[7] );
168 P( C, D, E, A, B, W[8] );
169 P( B, C, D, E, A, W[9] );
170 P( A, B, C, D, E, W[10] );
171 P( E, A, B, C, D, W[11] );
172 P( D, E, A, B, C, W[12] );
173 P( C, D, E, A, B, W[13] );
174 P( B, C, D, E, A, W[14] );
175 P( A, B, C, D, E, W[15] );
176 P( E, A, B, C, D, R(16) );
177 P( D, E, A, B, C, R(17) );
178 P( C, D, E, A, B, R(18) );
179 P( B, C, D, E, A, R(19) );
180
181#undef K
182#undef F
183
184#define F(x,y,z) (x ^ y ^ z)
185#define K 0x6ED9EBA1
186
187 P( A, B, C, D, E, R(20) );
188 P( E, A, B, C, D, R(21) );
189 P( D, E, A, B, C, R(22) );
190 P( C, D, E, A, B, R(23) );
191 P( B, C, D, E, A, R(24) );
192 P( A, B, C, D, E, R(25) );
193 P( E, A, B, C, D, R(26) );
194 P( D, E, A, B, C, R(27) );
195 P( C, D, E, A, B, R(28) );
196 P( B, C, D, E, A, R(29) );
197 P( A, B, C, D, E, R(30) );
198 P( E, A, B, C, D, R(31) );
199 P( D, E, A, B, C, R(32) );
200 P( C, D, E, A, B, R(33) );
201 P( B, C, D, E, A, R(34) );
202 P( A, B, C, D, E, R(35) );
203 P( E, A, B, C, D, R(36) );
204 P( D, E, A, B, C, R(37) );
205 P( C, D, E, A, B, R(38) );
206 P( B, C, D, E, A, R(39) );
207
208#undef K
209#undef F
210
211#define F(x,y,z) ((x & y) | (z & (x | y)))
212#define K 0x8F1BBCDC
213
214 P( A, B, C, D, E, R(40) );
215 P( E, A, B, C, D, R(41) );
216 P( D, E, A, B, C, R(42) );
217 P( C, D, E, A, B, R(43) );
218 P( B, C, D, E, A, R(44) );
219 P( A, B, C, D, E, R(45) );
220 P( E, A, B, C, D, R(46) );
221 P( D, E, A, B, C, R(47) );
222 P( C, D, E, A, B, R(48) );
223 P( B, C, D, E, A, R(49) );
224 P( A, B, C, D, E, R(50) );
225 P( E, A, B, C, D, R(51) );
226 P( D, E, A, B, C, R(52) );
227 P( C, D, E, A, B, R(53) );
228 P( B, C, D, E, A, R(54) );
229 P( A, B, C, D, E, R(55) );
230 P( E, A, B, C, D, R(56) );
231 P( D, E, A, B, C, R(57) );
232 P( C, D, E, A, B, R(58) );
233 P( B, C, D, E, A, R(59) );
234
235#undef K
236#undef F
237
238#define F(x,y,z) (x ^ y ^ z)
239#define K 0xCA62C1D6
240
241 P( A, B, C, D, E, R(60) );
242 P( E, A, B, C, D, R(61) );
243 P( D, E, A, B, C, R(62) );
244 P( C, D, E, A, B, R(63) );
245 P( B, C, D, E, A, R(64) );
246 P( A, B, C, D, E, R(65) );
247 P( E, A, B, C, D, R(66) );
248 P( D, E, A, B, C, R(67) );
249 P( C, D, E, A, B, R(68) );
250 P( B, C, D, E, A, R(69) );
251 P( A, B, C, D, E, R(70) );
252 P( E, A, B, C, D, R(71) );
253 P( D, E, A, B, C, R(72) );
254 P( C, D, E, A, B, R(73) );
255 P( B, C, D, E, A, R(74) );
256 P( A, B, C, D, E, R(75) );
257 P( E, A, B, C, D, R(76) );
258 P( D, E, A, B, C, R(77) );
259 P( C, D, E, A, B, R(78) );
260 P( B, C, D, E, A, R(79) );
261
262#undef K
263#undef F
264
265 ctx->state[0] += A;
266 ctx->state[1] += B;
267 ctx->state[2] += C;
268 ctx->state[3] += D;
269 ctx->state[4] += E;
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]270
271 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]272}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]273#endif /* !MBEDTLS_SHA1_PROCESS_ALT */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]274
275/*
276 * SHA-1 process buffer
277 */
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]278int mbedtls_sha1_update_ext( mbedtls_sha1_context *ctx,
279 const unsigned char *input,
280 size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]281{
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]282 int ret;
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]283 size_t fill;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]284 uint32_t left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]285
Brian White12895d12014-04-11 11:29:42 -0400[diff] [blame]286 if( ilen == 0 )
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]287 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]288
289 left = ctx->total[0] & 0x3F;
290 fill = 64 - left;
291
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]292 ctx->total[0] += (uint32_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]293 ctx->total[0] &= 0xFFFFFFFF;
294
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]295 if( ctx->total[0] < (uint32_t) ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]296 ctx->total[1]++;
297
298 if( left && ilen >= fill )
299 {
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]300 memcpy( (void *) (ctx->buffer + left), input, fill );
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]301
Andres Amaya Garciacccfe082017-06-28 10:36:39 +0100[diff] [blame]302 if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]303 return( ret );
304
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]305 input += fill;
306 ilen -= fill;
307 left = 0;
308 }
309
310 while( ilen >= 64 )
311 {
Andres Amaya Garciacccfe082017-06-28 10:36:39 +0100[diff] [blame]312 if( ( ret = mbedtls_internal_sha1_process( ctx, input ) ) != 0 )
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]313 return( ret );
314
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]315 input += 64;
316 ilen -= 64;
317 }
318
319 if( ilen > 0 )
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]320 memcpy( (void *) (ctx->buffer + left), input, ilen );
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]321
322 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]323}
324
325static const unsigned char sha1_padding[64] =
326{
327 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
328 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
329 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
330 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
331};
332
333/*
334 * SHA-1 final digest
335 */
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]336int mbedtls_sha1_finish_ext( mbedtls_sha1_context *ctx,
337 unsigned char output[20] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]338{
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]339 int ret;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]340 uint32_t last, padn;
341 uint32_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]342 unsigned char msglen[8];
343
344 high = ( ctx->total[0] >> 29 )
345 | ( ctx->total[1] << 3 );
346 low = ( ctx->total[0] << 3 );
347
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]348 PUT_UINT32_BE( high, msglen, 0 );
349 PUT_UINT32_BE( low, msglen, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]350
351 last = ctx->total[0] & 0x3F;
352 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
353
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]354 if( ( ret = mbedtls_sha1_update_ext( ctx, sha1_padding, padn ) ) != 0 )
355 return( ret );
356 if( ( ret = mbedtls_sha1_update_ext( ctx, msglen, 8 ) ) != 0 )
357 return( ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]358
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]359 PUT_UINT32_BE( ctx->state[0], output, 0 );
360 PUT_UINT32_BE( ctx->state[1], output, 4 );
361 PUT_UINT32_BE( ctx->state[2], output, 8 );
362 PUT_UINT32_BE( ctx->state[3], output, 12 );
363 PUT_UINT32_BE( ctx->state[4], output, 16 );
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]364
365 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]366}
367
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]368#endif /* !MBEDTLS_SHA1_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]369
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]370/*
371 * output = SHA-1( input buffer )
372 */
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]373int mbedtls_sha1_ext( const unsigned char *input,
374 size_t ilen,
375 unsigned char output[20] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]376{
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]377 int ret;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]378 mbedtls_sha1_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]379
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]380 mbedtls_sha1_init( &ctx );
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]381
382 if( ( ret = mbedtls_sha1_starts_ext( &ctx ) ) != 0 )
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame^]383 goto exit;
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]384
385 if( ( ret = mbedtls_sha1_update_ext( &ctx, input, ilen ) ) != 0 )
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame^]386 goto exit;
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]387
388 if( ( ret = mbedtls_sha1_finish_ext( &ctx, output ) ) != 0 )
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame^]389 goto exit;
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]390
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame^]391exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]392 mbedtls_sha1_free( &ctx );
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]393
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame^]394 return( ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]395}
396
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]397#if defined(MBEDTLS_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]398/*
399 * FIPS-180-1 test vectors
400 */
Manuel Pégourié-Gonnard28122e42015-03-11 09:13:42 +0000[diff] [blame]401static const unsigned char sha1_test_buf[3][57] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]402{
403 { "abc" },
404 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
405 { "" }
406};
407
408static const int sha1_test_buflen[3] =
409{
410 3, 56, 1000
411};
412
413static const unsigned char sha1_test_sum[3][20] =
414{
415 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
416 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
417 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
418 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
419 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
420 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
421};
422
423/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]424 * Checkup routine
425 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]426int mbedtls_sha1_self_test( int verbose )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]427{
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]428 int i, j, buflen, ret = 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]429 unsigned char buf[1024];
430 unsigned char sha1sum[20];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]431 mbedtls_sha1_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]432
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]433 mbedtls_sha1_init( &ctx );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]434
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]435 /*
436 * SHA-1
437 */
438 for( i = 0; i < 3; i++ )
439 {
440 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]441 mbedtls_printf( " SHA-1 test #%d: ", i + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]442
Andres Amaya Garcia6a3f3052017-07-20 14:18:54 +0100[diff] [blame]443 if( ( ret = mbedtls_sha1_starts_ext( &ctx ) ) != 0 )
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]444 goto fail;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]445
446 if( i == 2 )
447 {
448 memset( buf, 'a', buflen = 1000 );
449
450 for( j = 0; j < 1000; j++ )
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]451 {
Andres Amaya Garcia6a3f3052017-07-20 14:18:54 +0100[diff] [blame]452 ret = mbedtls_sha1_update_ext( &ctx, buf, buflen );
453 if( ret != 0 )
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]454 goto fail;
455 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]456 }
457 else
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]458 {
Andres Amaya Garcia6a3f3052017-07-20 14:18:54 +0100[diff] [blame]459 ret = mbedtls_sha1_update_ext( &ctx, sha1_test_buf[i],
460 sha1_test_buflen[i] );
461 if( ret != 0 )
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]462 goto fail;
463 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]464
Andres Amaya Garcia6a3f3052017-07-20 14:18:54 +0100[diff] [blame]465 if( ( ret = mbedtls_sha1_finish_ext( &ctx, sha1sum ) ) != 0 )
466 goto fail;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]467
468 if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
Andres Amaya Garcia6a3f3052017-07-20 14:18:54 +0100[diff] [blame]469 {
470 ret = 1;
471 goto fail;
472 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]473
474 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]475 mbedtls_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]476 }
477
478 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]479 mbedtls_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]480
Andres Amaya Garcia034ea7e2017-04-28 15:14:50 +0100[diff] [blame]481 goto exit;
482
483fail:
484 if( verbose != 0 )
485 mbedtls_printf( "failed\n" );
486
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]487exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]488 mbedtls_sha1_free( &ctx );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]489
490 return( ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]491}
492
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]493#endif /* MBEDTLS_SELF_TEST */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]494
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]495#endif /* MBEDTLS_SHA1_C */