TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 12895d15f8a8d20f3c04ca97fbdba96af9b94dfa / . / library / sha1.c
blob: da69a8f6ee52ab3dbd87b871b47258b262695a07 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-1 compliant SHA-1 implementation
3 *
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]4 * Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The SHA-1 standard was published by NIST in 1993.
27 *
28 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
29 */
30
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]31#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]32#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]33#else
34#include POLARSSL_CONFIG_FILE
35#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]36
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]37#if defined(POLARSSL_SHA1_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]38
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]39#include "polarssl/sha1.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]40
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]41#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]42#include <stdio.h>
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]43#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]44
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]45#if defined(POLARSSL_PLATFORM_C)
46#include "polarssl/platform.h"
47#else
48#define polarssl_printf printf
49#endif
50
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]51#if !defined(POLARSSL_SHA1_ALT)
52
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]53/*
54 * 32-bit integer manipulation macros (big endian)
55 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]56#ifndef GET_UINT32_BE
57#define GET_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]58{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]59 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
60 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
61 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
62 | ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]63}
64#endif
65
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]66#ifndef PUT_UINT32_BE
67#define PUT_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]68{ \
69 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
70 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
71 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
72 (b)[(i) + 3] = (unsigned char) ( (n) ); \
73}
74#endif
75
76/*
77 * SHA-1 context setup
78 */
79void sha1_starts( sha1_context *ctx )
80{
81 ctx->total[0] = 0;
82 ctx->total[1] = 0;
83
84 ctx->state[0] = 0x67452301;
85 ctx->state[1] = 0xEFCDAB89;
86 ctx->state[2] = 0x98BADCFE;
87 ctx->state[3] = 0x10325476;
88 ctx->state[4] = 0xC3D2E1F0;
89}
90
Paul Bakkere47b34b2013-02-27 14:48:00 +0100[diff] [blame]91void sha1_process( sha1_context *ctx, const unsigned char data[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]92{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]93 uint32_t temp, W[16], A, B, C, D, E;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]94
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]95 GET_UINT32_BE( W[ 0], data, 0 );
96 GET_UINT32_BE( W[ 1], data, 4 );
97 GET_UINT32_BE( W[ 2], data, 8 );
98 GET_UINT32_BE( W[ 3], data, 12 );
99 GET_UINT32_BE( W[ 4], data, 16 );
100 GET_UINT32_BE( W[ 5], data, 20 );
101 GET_UINT32_BE( W[ 6], data, 24 );
102 GET_UINT32_BE( W[ 7], data, 28 );
103 GET_UINT32_BE( W[ 8], data, 32 );
104 GET_UINT32_BE( W[ 9], data, 36 );
105 GET_UINT32_BE( W[10], data, 40 );
106 GET_UINT32_BE( W[11], data, 44 );
107 GET_UINT32_BE( W[12], data, 48 );
108 GET_UINT32_BE( W[13], data, 52 );
109 GET_UINT32_BE( W[14], data, 56 );
110 GET_UINT32_BE( W[15], data, 60 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]111
112#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
113
114#define R(t) \
115( \
116 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
117 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
118 ( W[t & 0x0F] = S(temp,1) ) \
119)
120
121#define P(a,b,c,d,e,x) \
122{ \
123 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
124}
125
126 A = ctx->state[0];
127 B = ctx->state[1];
128 C = ctx->state[2];
129 D = ctx->state[3];
130 E = ctx->state[4];
131
132#define F(x,y,z) (z ^ (x & (y ^ z)))
133#define K 0x5A827999
134
135 P( A, B, C, D, E, W[0] );
136 P( E, A, B, C, D, W[1] );
137 P( D, E, A, B, C, W[2] );
138 P( C, D, E, A, B, W[3] );
139 P( B, C, D, E, A, W[4] );
140 P( A, B, C, D, E, W[5] );
141 P( E, A, B, C, D, W[6] );
142 P( D, E, A, B, C, W[7] );
143 P( C, D, E, A, B, W[8] );
144 P( B, C, D, E, A, W[9] );
145 P( A, B, C, D, E, W[10] );
146 P( E, A, B, C, D, W[11] );
147 P( D, E, A, B, C, W[12] );
148 P( C, D, E, A, B, W[13] );
149 P( B, C, D, E, A, W[14] );
150 P( A, B, C, D, E, W[15] );
151 P( E, A, B, C, D, R(16) );
152 P( D, E, A, B, C, R(17) );
153 P( C, D, E, A, B, R(18) );
154 P( B, C, D, E, A, R(19) );
155
156#undef K
157#undef F
158
159#define F(x,y,z) (x ^ y ^ z)
160#define K 0x6ED9EBA1
161
162 P( A, B, C, D, E, R(20) );
163 P( E, A, B, C, D, R(21) );
164 P( D, E, A, B, C, R(22) );
165 P( C, D, E, A, B, R(23) );
166 P( B, C, D, E, A, R(24) );
167 P( A, B, C, D, E, R(25) );
168 P( E, A, B, C, D, R(26) );
169 P( D, E, A, B, C, R(27) );
170 P( C, D, E, A, B, R(28) );
171 P( B, C, D, E, A, R(29) );
172 P( A, B, C, D, E, R(30) );
173 P( E, A, B, C, D, R(31) );
174 P( D, E, A, B, C, R(32) );
175 P( C, D, E, A, B, R(33) );
176 P( B, C, D, E, A, R(34) );
177 P( A, B, C, D, E, R(35) );
178 P( E, A, B, C, D, R(36) );
179 P( D, E, A, B, C, R(37) );
180 P( C, D, E, A, B, R(38) );
181 P( B, C, D, E, A, R(39) );
182
183#undef K
184#undef F
185
186#define F(x,y,z) ((x & y) | (z & (x | y)))
187#define K 0x8F1BBCDC
188
189 P( A, B, C, D, E, R(40) );
190 P( E, A, B, C, D, R(41) );
191 P( D, E, A, B, C, R(42) );
192 P( C, D, E, A, B, R(43) );
193 P( B, C, D, E, A, R(44) );
194 P( A, B, C, D, E, R(45) );
195 P( E, A, B, C, D, R(46) );
196 P( D, E, A, B, C, R(47) );
197 P( C, D, E, A, B, R(48) );
198 P( B, C, D, E, A, R(49) );
199 P( A, B, C, D, E, R(50) );
200 P( E, A, B, C, D, R(51) );
201 P( D, E, A, B, C, R(52) );
202 P( C, D, E, A, B, R(53) );
203 P( B, C, D, E, A, R(54) );
204 P( A, B, C, D, E, R(55) );
205 P( E, A, B, C, D, R(56) );
206 P( D, E, A, B, C, R(57) );
207 P( C, D, E, A, B, R(58) );
208 P( B, C, D, E, A, R(59) );
209
210#undef K
211#undef F
212
213#define F(x,y,z) (x ^ y ^ z)
214#define K 0xCA62C1D6
215
216 P( A, B, C, D, E, R(60) );
217 P( E, A, B, C, D, R(61) );
218 P( D, E, A, B, C, R(62) );
219 P( C, D, E, A, B, R(63) );
220 P( B, C, D, E, A, R(64) );
221 P( A, B, C, D, E, R(65) );
222 P( E, A, B, C, D, R(66) );
223 P( D, E, A, B, C, R(67) );
224 P( C, D, E, A, B, R(68) );
225 P( B, C, D, E, A, R(69) );
226 P( A, B, C, D, E, R(70) );
227 P( E, A, B, C, D, R(71) );
228 P( D, E, A, B, C, R(72) );
229 P( C, D, E, A, B, R(73) );
230 P( B, C, D, E, A, R(74) );
231 P( A, B, C, D, E, R(75) );
232 P( E, A, B, C, D, R(76) );
233 P( D, E, A, B, C, R(77) );
234 P( C, D, E, A, B, R(78) );
235 P( B, C, D, E, A, R(79) );
236
237#undef K
238#undef F
239
240 ctx->state[0] += A;
241 ctx->state[1] += B;
242 ctx->state[2] += C;
243 ctx->state[3] += D;
244 ctx->state[4] += E;
245}
246
247/*
248 * SHA-1 process buffer
249 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]250void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]251{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]252 size_t fill;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]253 uint32_t left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]254
Brian White12895d12014-04-11 11:29:42 -0400[diff] [blame^]255 if( ilen == 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]256 return;
257
258 left = ctx->total[0] & 0x3F;
259 fill = 64 - left;
260
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]261 ctx->total[0] += (uint32_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]262 ctx->total[0] &= 0xFFFFFFFF;
263
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]264 if( ctx->total[0] < (uint32_t) ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]265 ctx->total[1]++;
266
267 if( left && ilen >= fill )
268 {
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]269 memcpy( (void *) (ctx->buffer + left), input, fill );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]270 sha1_process( ctx, ctx->buffer );
271 input += fill;
272 ilen -= fill;
273 left = 0;
274 }
275
276 while( ilen >= 64 )
277 {
278 sha1_process( ctx, input );
279 input += 64;
280 ilen -= 64;
281 }
282
283 if( ilen > 0 )
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]284 memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]285}
286
287static const unsigned char sha1_padding[64] =
288{
289 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
290 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
291 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
292 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
293};
294
295/*
296 * SHA-1 final digest
297 */
298void sha1_finish( sha1_context *ctx, unsigned char output[20] )
299{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]300 uint32_t last, padn;
301 uint32_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]302 unsigned char msglen[8];
303
304 high = ( ctx->total[0] >> 29 )
305 | ( ctx->total[1] << 3 );
306 low = ( ctx->total[0] << 3 );
307
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]308 PUT_UINT32_BE( high, msglen, 0 );
309 PUT_UINT32_BE( low, msglen, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]310
311 last = ctx->total[0] & 0x3F;
312 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
313
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]314 sha1_update( ctx, sha1_padding, padn );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]315 sha1_update( ctx, msglen, 8 );
316
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]317 PUT_UINT32_BE( ctx->state[0], output, 0 );
318 PUT_UINT32_BE( ctx->state[1], output, 4 );
319 PUT_UINT32_BE( ctx->state[2], output, 8 );
320 PUT_UINT32_BE( ctx->state[3], output, 12 );
321 PUT_UINT32_BE( ctx->state[4], output, 16 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]322}
323
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]324#endif /* !POLARSSL_SHA1_ALT */
325
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]326/*
327 * output = SHA-1( input buffer )
328 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]329void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]330{
331 sha1_context ctx;
332
333 sha1_starts( &ctx );
334 sha1_update( &ctx, input, ilen );
335 sha1_finish( &ctx, output );
336
337 memset( &ctx, 0, sizeof( sha1_context ) );
338}
339
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]340#if defined(POLARSSL_FS_IO)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]341/*
342 * output = SHA-1( file contents )
343 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]344int sha1_file( const char *path, unsigned char output[20] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]345{
346 FILE *f;
347 size_t n;
348 sha1_context ctx;
349 unsigned char buf[1024];
350
351 if( ( f = fopen( path, "rb" ) ) == NULL )
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]352 return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]353
354 sha1_starts( &ctx );
355
356 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]357 sha1_update( &ctx, buf, n );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]358
359 sha1_finish( &ctx, output );
360
361 memset( &ctx, 0, sizeof( sha1_context ) );
362
363 if( ferror( f ) != 0 )
364 {
365 fclose( f );
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]366 return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]367 }
368
369 fclose( f );
370 return( 0 );
371}
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]372#endif /* POLARSSL_FS_IO */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]373
374/*
375 * SHA-1 HMAC context setup
376 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]377void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key,
378 size_t keylen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]379{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]380 size_t i;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]381 unsigned char sum[20];
382
383 if( keylen > 64 )
384 {
385 sha1( key, keylen, sum );
386 keylen = 20;
387 key = sum;
388 }
389
390 memset( ctx->ipad, 0x36, 64 );
391 memset( ctx->opad, 0x5C, 64 );
392
393 for( i = 0; i < keylen; i++ )
394 {
395 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
396 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
397 }
398
399 sha1_starts( ctx );
400 sha1_update( ctx, ctx->ipad, 64 );
401
402 memset( sum, 0, sizeof( sum ) );
403}
404
405/*
406 * SHA-1 HMAC process buffer
407 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]408void sha1_hmac_update( sha1_context *ctx, const unsigned char *input,
409 size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]410{
411 sha1_update( ctx, input, ilen );
412}
413
414/*
415 * SHA-1 HMAC final digest
416 */
417void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
418{
419 unsigned char tmpbuf[20];
420
421 sha1_finish( ctx, tmpbuf );
422 sha1_starts( ctx );
423 sha1_update( ctx, ctx->opad, 64 );
424 sha1_update( ctx, tmpbuf, 20 );
425 sha1_finish( ctx, output );
426
427 memset( tmpbuf, 0, sizeof( tmpbuf ) );
428}
429
430/*
Paul Bakker7d3b6612010-03-21 16:23:13 +0000[diff] [blame]431 * SHA1 HMAC context reset
432 */
433void sha1_hmac_reset( sha1_context *ctx )
434{
435 sha1_starts( ctx );
436 sha1_update( ctx, ctx->ipad, 64 );
437}
438
439/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]440 * output = HMAC-SHA-1( hmac key, input buffer )
441 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]442void sha1_hmac( const unsigned char *key, size_t keylen,
443 const unsigned char *input, size_t ilen,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]444 unsigned char output[20] )
445{
446 sha1_context ctx;
447
448 sha1_hmac_starts( &ctx, key, keylen );
449 sha1_hmac_update( &ctx, input, ilen );
450 sha1_hmac_finish( &ctx, output );
451
452 memset( &ctx, 0, sizeof( sha1_context ) );
453}
454
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]455#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]456/*
457 * FIPS-180-1 test vectors
458 */
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]459static unsigned char sha1_test_buf[3][57] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]460{
461 { "abc" },
462 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
463 { "" }
464};
465
466static const int sha1_test_buflen[3] =
467{
468 3, 56, 1000
469};
470
471static const unsigned char sha1_test_sum[3][20] =
472{
473 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
474 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
475 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
476 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
477 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
478 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
479};
480
481/*
482 * RFC 2202 test vectors
483 */
484static unsigned char sha1_hmac_test_key[7][26] =
485{
486 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
487 "\x0B\x0B\x0B\x0B" },
488 { "Jefe" },
489 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
490 "\xAA\xAA\xAA\xAA" },
491 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
492 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
493 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
494 "\x0C\x0C\x0C\x0C" },
495 { "" }, /* 0xAA 80 times */
496 { "" }
497};
498
499static const int sha1_hmac_test_keylen[7] =
500{
501 20, 4, 20, 25, 20, 80, 80
502};
503
504static unsigned char sha1_hmac_test_buf[7][74] =
505{
506 { "Hi There" },
507 { "what do ya want for nothing?" },
508 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
509 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
510 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
511 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
512 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
513 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
514 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
515 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
516 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
517 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
518 { "Test With Truncation" },
519 { "Test Using Larger Than Block-Size Key - Hash Key First" },
520 { "Test Using Larger Than Block-Size Key and Larger"
521 " Than One Block-Size Data" }
522};
523
524static const int sha1_hmac_test_buflen[7] =
525{
526 8, 28, 50, 50, 20, 54, 73
527};
528
529static const unsigned char sha1_hmac_test_sum[7][20] =
530{
531 { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
532 0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
533 { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
534 0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
535 { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
536 0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
537 { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
538 0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
539 { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
540 0x7B, 0xE1 },
541 { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
542 0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
543 { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
544 0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
545};
546
547/*
548 * Checkup routine
549 */
550int sha1_self_test( int verbose )
551{
552 int i, j, buflen;
553 unsigned char buf[1024];
554 unsigned char sha1sum[20];
555 sha1_context ctx;
556
557 /*
558 * SHA-1
559 */
560 for( i = 0; i < 3; i++ )
561 {
562 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]563 polarssl_printf( " SHA-1 test #%d: ", i + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]564
565 sha1_starts( &ctx );
566
567 if( i == 2 )
568 {
569 memset( buf, 'a', buflen = 1000 );
570
571 for( j = 0; j < 1000; j++ )
572 sha1_update( &ctx, buf, buflen );
573 }
574 else
575 sha1_update( &ctx, sha1_test_buf[i],
576 sha1_test_buflen[i] );
577
578 sha1_finish( &ctx, sha1sum );
579
580 if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
581 {
582 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]583 polarssl_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]584
585 return( 1 );
586 }
587
588 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]589 polarssl_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]590 }
591
592 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]593 polarssl_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]594
595 for( i = 0; i < 7; i++ )
596 {
597 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]598 polarssl_printf( " HMAC-SHA-1 test #%d: ", i + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]599
600 if( i == 5 || i == 6 )
601 {
602 memset( buf, '\xAA', buflen = 80 );
603 sha1_hmac_starts( &ctx, buf, buflen );
604 }
605 else
606 sha1_hmac_starts( &ctx, sha1_hmac_test_key[i],
607 sha1_hmac_test_keylen[i] );
608
609 sha1_hmac_update( &ctx, sha1_hmac_test_buf[i],
610 sha1_hmac_test_buflen[i] );
611
612 sha1_hmac_finish( &ctx, sha1sum );
613
614 buflen = ( i == 4 ) ? 12 : 20;
615
616 if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
617 {
618 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]619 polarssl_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]620
621 return( 1 );
622 }
623
624 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]625 polarssl_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]626 }
627
628 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]629 polarssl_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]630
631 return( 0 );
632}
633
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]634#endif /* POLARSSL_SELF_TEST */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]635
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]636#endif /* POLARSSL_SHA1_C */