TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 15566e43963bf569dd8142ee8ca354e8019d8f81 / . / library / sha1.c
blob: 5f625839f42502d483b1015a80af715931ffdc53 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-1 compliant SHA-1 implementation
3 *
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]4 * Copyright (C) 2006-2010, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The SHA-1 standard was published by NIST in 1993.
27 *
28 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
29 */
30
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]31#include "polarssl/config.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]32
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]33#if defined(POLARSSL_SHA1_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]34
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]35#include "polarssl/sha1.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]36
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]37#include <stdio.h>
38
39/*
40 * 32-bit integer manipulation macros (big endian)
41 */
42#ifndef GET_ULONG_BE
43#define GET_ULONG_BE(n,b,i) \
44{ \
45 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
46 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
47 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
48 | ( (unsigned long) (b)[(i) + 3] ); \
49}
50#endif
51
52#ifndef PUT_ULONG_BE
53#define PUT_ULONG_BE(n,b,i) \
54{ \
55 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
56 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
57 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
58 (b)[(i) + 3] = (unsigned char) ( (n) ); \
59}
60#endif
61
62/*
63 * SHA-1 context setup
64 */
65void sha1_starts( sha1_context *ctx )
66{
67 ctx->total[0] = 0;
68 ctx->total[1] = 0;
69
70 ctx->state[0] = 0x67452301;
71 ctx->state[1] = 0xEFCDAB89;
72 ctx->state[2] = 0x98BADCFE;
73 ctx->state[3] = 0x10325476;
74 ctx->state[4] = 0xC3D2E1F0;
75}
76
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]77static void sha1_process( sha1_context *ctx, const unsigned char data[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]78{
79 unsigned long temp, W[16], A, B, C, D, E;
80
81 GET_ULONG_BE( W[ 0], data, 0 );
82 GET_ULONG_BE( W[ 1], data, 4 );
83 GET_ULONG_BE( W[ 2], data, 8 );
84 GET_ULONG_BE( W[ 3], data, 12 );
85 GET_ULONG_BE( W[ 4], data, 16 );
86 GET_ULONG_BE( W[ 5], data, 20 );
87 GET_ULONG_BE( W[ 6], data, 24 );
88 GET_ULONG_BE( W[ 7], data, 28 );
89 GET_ULONG_BE( W[ 8], data, 32 );
90 GET_ULONG_BE( W[ 9], data, 36 );
91 GET_ULONG_BE( W[10], data, 40 );
92 GET_ULONG_BE( W[11], data, 44 );
93 GET_ULONG_BE( W[12], data, 48 );
94 GET_ULONG_BE( W[13], data, 52 );
95 GET_ULONG_BE( W[14], data, 56 );
96 GET_ULONG_BE( W[15], data, 60 );
97
98#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
99
100#define R(t) \
101( \
102 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
103 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
104 ( W[t & 0x0F] = S(temp,1) ) \
105)
106
107#define P(a,b,c,d,e,x) \
108{ \
109 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
110}
111
112 A = ctx->state[0];
113 B = ctx->state[1];
114 C = ctx->state[2];
115 D = ctx->state[3];
116 E = ctx->state[4];
117
118#define F(x,y,z) (z ^ (x & (y ^ z)))
119#define K 0x5A827999
120
121 P( A, B, C, D, E, W[0] );
122 P( E, A, B, C, D, W[1] );
123 P( D, E, A, B, C, W[2] );
124 P( C, D, E, A, B, W[3] );
125 P( B, C, D, E, A, W[4] );
126 P( A, B, C, D, E, W[5] );
127 P( E, A, B, C, D, W[6] );
128 P( D, E, A, B, C, W[7] );
129 P( C, D, E, A, B, W[8] );
130 P( B, C, D, E, A, W[9] );
131 P( A, B, C, D, E, W[10] );
132 P( E, A, B, C, D, W[11] );
133 P( D, E, A, B, C, W[12] );
134 P( C, D, E, A, B, W[13] );
135 P( B, C, D, E, A, W[14] );
136 P( A, B, C, D, E, W[15] );
137 P( E, A, B, C, D, R(16) );
138 P( D, E, A, B, C, R(17) );
139 P( C, D, E, A, B, R(18) );
140 P( B, C, D, E, A, R(19) );
141
142#undef K
143#undef F
144
145#define F(x,y,z) (x ^ y ^ z)
146#define K 0x6ED9EBA1
147
148 P( A, B, C, D, E, R(20) );
149 P( E, A, B, C, D, R(21) );
150 P( D, E, A, B, C, R(22) );
151 P( C, D, E, A, B, R(23) );
152 P( B, C, D, E, A, R(24) );
153 P( A, B, C, D, E, R(25) );
154 P( E, A, B, C, D, R(26) );
155 P( D, E, A, B, C, R(27) );
156 P( C, D, E, A, B, R(28) );
157 P( B, C, D, E, A, R(29) );
158 P( A, B, C, D, E, R(30) );
159 P( E, A, B, C, D, R(31) );
160 P( D, E, A, B, C, R(32) );
161 P( C, D, E, A, B, R(33) );
162 P( B, C, D, E, A, R(34) );
163 P( A, B, C, D, E, R(35) );
164 P( E, A, B, C, D, R(36) );
165 P( D, E, A, B, C, R(37) );
166 P( C, D, E, A, B, R(38) );
167 P( B, C, D, E, A, R(39) );
168
169#undef K
170#undef F
171
172#define F(x,y,z) ((x & y) | (z & (x | y)))
173#define K 0x8F1BBCDC
174
175 P( A, B, C, D, E, R(40) );
176 P( E, A, B, C, D, R(41) );
177 P( D, E, A, B, C, R(42) );
178 P( C, D, E, A, B, R(43) );
179 P( B, C, D, E, A, R(44) );
180 P( A, B, C, D, E, R(45) );
181 P( E, A, B, C, D, R(46) );
182 P( D, E, A, B, C, R(47) );
183 P( C, D, E, A, B, R(48) );
184 P( B, C, D, E, A, R(49) );
185 P( A, B, C, D, E, R(50) );
186 P( E, A, B, C, D, R(51) );
187 P( D, E, A, B, C, R(52) );
188 P( C, D, E, A, B, R(53) );
189 P( B, C, D, E, A, R(54) );
190 P( A, B, C, D, E, R(55) );
191 P( E, A, B, C, D, R(56) );
192 P( D, E, A, B, C, R(57) );
193 P( C, D, E, A, B, R(58) );
194 P( B, C, D, E, A, R(59) );
195
196#undef K
197#undef F
198
199#define F(x,y,z) (x ^ y ^ z)
200#define K 0xCA62C1D6
201
202 P( A, B, C, D, E, R(60) );
203 P( E, A, B, C, D, R(61) );
204 P( D, E, A, B, C, R(62) );
205 P( C, D, E, A, B, R(63) );
206 P( B, C, D, E, A, R(64) );
207 P( A, B, C, D, E, R(65) );
208 P( E, A, B, C, D, R(66) );
209 P( D, E, A, B, C, R(67) );
210 P( C, D, E, A, B, R(68) );
211 P( B, C, D, E, A, R(69) );
212 P( A, B, C, D, E, R(70) );
213 P( E, A, B, C, D, R(71) );
214 P( D, E, A, B, C, R(72) );
215 P( C, D, E, A, B, R(73) );
216 P( B, C, D, E, A, R(74) );
217 P( A, B, C, D, E, R(75) );
218 P( E, A, B, C, D, R(76) );
219 P( D, E, A, B, C, R(77) );
220 P( C, D, E, A, B, R(78) );
221 P( B, C, D, E, A, R(79) );
222
223#undef K
224#undef F
225
226 ctx->state[0] += A;
227 ctx->state[1] += B;
228 ctx->state[2] += C;
229 ctx->state[3] += D;
230 ctx->state[4] += E;
231}
232
233/*
234 * SHA-1 process buffer
235 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]236void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]237{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]238 size_t fill;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]239 unsigned long left;
240
241 if( ilen <= 0 )
242 return;
243
244 left = ctx->total[0] & 0x3F;
245 fill = 64 - left;
246
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]247 ctx->total[0] += (unsigned long) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]248 ctx->total[0] &= 0xFFFFFFFF;
249
250 if( ctx->total[0] < (unsigned long) ilen )
251 ctx->total[1]++;
252
253 if( left && ilen >= fill )
254 {
255 memcpy( (void *) (ctx->buffer + left),
256 (void *) input, fill );
257 sha1_process( ctx, ctx->buffer );
258 input += fill;
259 ilen -= fill;
260 left = 0;
261 }
262
263 while( ilen >= 64 )
264 {
265 sha1_process( ctx, input );
266 input += 64;
267 ilen -= 64;
268 }
269
270 if( ilen > 0 )
271 {
272 memcpy( (void *) (ctx->buffer + left),
273 (void *) input, ilen );
274 }
275}
276
277static const unsigned char sha1_padding[64] =
278{
279 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
280 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
281 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
282 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
283};
284
285/*
286 * SHA-1 final digest
287 */
288void sha1_finish( sha1_context *ctx, unsigned char output[20] )
289{
290 unsigned long last, padn;
291 unsigned long high, low;
292 unsigned char msglen[8];
293
294 high = ( ctx->total[0] >> 29 )
295 | ( ctx->total[1] << 3 );
296 low = ( ctx->total[0] << 3 );
297
298 PUT_ULONG_BE( high, msglen, 0 );
299 PUT_ULONG_BE( low, msglen, 4 );
300
301 last = ctx->total[0] & 0x3F;
302 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
303
304 sha1_update( ctx, (unsigned char *) sha1_padding, padn );
305 sha1_update( ctx, msglen, 8 );
306
307 PUT_ULONG_BE( ctx->state[0], output, 0 );
308 PUT_ULONG_BE( ctx->state[1], output, 4 );
309 PUT_ULONG_BE( ctx->state[2], output, 8 );
310 PUT_ULONG_BE( ctx->state[3], output, 12 );
311 PUT_ULONG_BE( ctx->state[4], output, 16 );
312}
313
314/*
315 * output = SHA-1( input buffer )
316 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]317void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]318{
319 sha1_context ctx;
320
321 sha1_starts( &ctx );
322 sha1_update( &ctx, input, ilen );
323 sha1_finish( &ctx, output );
324
325 memset( &ctx, 0, sizeof( sha1_context ) );
326}
327
328/*
329 * output = SHA-1( file contents )
330 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]331int sha1_file( const char *path, unsigned char output[20] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]332{
333 FILE *f;
334 size_t n;
335 sha1_context ctx;
336 unsigned char buf[1024];
337
338 if( ( f = fopen( path, "rb" ) ) == NULL )
339 return( 1 );
340
341 sha1_starts( &ctx );
342
343 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
344 sha1_update( &ctx, buf, (int) n );
345
346 sha1_finish( &ctx, output );
347
348 memset( &ctx, 0, sizeof( sha1_context ) );
349
350 if( ferror( f ) != 0 )
351 {
352 fclose( f );
353 return( 2 );
354 }
355
356 fclose( f );
357 return( 0 );
358}
359
360/*
361 * SHA-1 HMAC context setup
362 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]363void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keylen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]364{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]365 size_t i;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]366 unsigned char sum[20];
367
368 if( keylen > 64 )
369 {
370 sha1( key, keylen, sum );
371 keylen = 20;
372 key = sum;
373 }
374
375 memset( ctx->ipad, 0x36, 64 );
376 memset( ctx->opad, 0x5C, 64 );
377
378 for( i = 0; i < keylen; i++ )
379 {
380 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
381 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
382 }
383
384 sha1_starts( ctx );
385 sha1_update( ctx, ctx->ipad, 64 );
386
387 memset( sum, 0, sizeof( sum ) );
388}
389
390/*
391 * SHA-1 HMAC process buffer
392 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]393void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]394{
395 sha1_update( ctx, input, ilen );
396}
397
398/*
399 * SHA-1 HMAC final digest
400 */
401void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
402{
403 unsigned char tmpbuf[20];
404
405 sha1_finish( ctx, tmpbuf );
406 sha1_starts( ctx );
407 sha1_update( ctx, ctx->opad, 64 );
408 sha1_update( ctx, tmpbuf, 20 );
409 sha1_finish( ctx, output );
410
411 memset( tmpbuf, 0, sizeof( tmpbuf ) );
412}
413
414/*
Paul Bakker7d3b6612010-03-21 16:23:13 +0000[diff] [blame]415 * SHA1 HMAC context reset
416 */
417void sha1_hmac_reset( sha1_context *ctx )
418{
419 sha1_starts( ctx );
420 sha1_update( ctx, ctx->ipad, 64 );
421}
422
423/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]424 * output = HMAC-SHA-1( hmac key, input buffer )
425 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]426void sha1_hmac( const unsigned char *key, size_t keylen,
427 const unsigned char *input, size_t ilen,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]428 unsigned char output[20] )
429{
430 sha1_context ctx;
431
432 sha1_hmac_starts( &ctx, key, keylen );
433 sha1_hmac_update( &ctx, input, ilen );
434 sha1_hmac_finish( &ctx, output );
435
436 memset( &ctx, 0, sizeof( sha1_context ) );
437}
438
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]439#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]440/*
441 * FIPS-180-1 test vectors
442 */
443static unsigned char sha1_test_buf[3][57] =
444{
445 { "abc" },
446 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
447 { "" }
448};
449
450static const int sha1_test_buflen[3] =
451{
452 3, 56, 1000
453};
454
455static const unsigned char sha1_test_sum[3][20] =
456{
457 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
458 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
459 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
460 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
461 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
462 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
463};
464
465/*
466 * RFC 2202 test vectors
467 */
468static unsigned char sha1_hmac_test_key[7][26] =
469{
470 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
471 "\x0B\x0B\x0B\x0B" },
472 { "Jefe" },
473 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
474 "\xAA\xAA\xAA\xAA" },
475 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
476 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
477 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
478 "\x0C\x0C\x0C\x0C" },
479 { "" }, /* 0xAA 80 times */
480 { "" }
481};
482
483static const int sha1_hmac_test_keylen[7] =
484{
485 20, 4, 20, 25, 20, 80, 80
486};
487
488static unsigned char sha1_hmac_test_buf[7][74] =
489{
490 { "Hi There" },
491 { "what do ya want for nothing?" },
492 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
493 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
494 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
495 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
496 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
497 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
498 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
499 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
500 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
501 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
502 { "Test With Truncation" },
503 { "Test Using Larger Than Block-Size Key - Hash Key First" },
504 { "Test Using Larger Than Block-Size Key and Larger"
505 " Than One Block-Size Data" }
506};
507
508static const int sha1_hmac_test_buflen[7] =
509{
510 8, 28, 50, 50, 20, 54, 73
511};
512
513static const unsigned char sha1_hmac_test_sum[7][20] =
514{
515 { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
516 0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
517 { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
518 0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
519 { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
520 0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
521 { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
522 0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
523 { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
524 0x7B, 0xE1 },
525 { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
526 0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
527 { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
528 0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
529};
530
531/*
532 * Checkup routine
533 */
534int sha1_self_test( int verbose )
535{
536 int i, j, buflen;
537 unsigned char buf[1024];
538 unsigned char sha1sum[20];
539 sha1_context ctx;
540
541 /*
542 * SHA-1
543 */
544 for( i = 0; i < 3; i++ )
545 {
546 if( verbose != 0 )
547 printf( " SHA-1 test #%d: ", i + 1 );
548
549 sha1_starts( &ctx );
550
551 if( i == 2 )
552 {
553 memset( buf, 'a', buflen = 1000 );
554
555 for( j = 0; j < 1000; j++ )
556 sha1_update( &ctx, buf, buflen );
557 }
558 else
559 sha1_update( &ctx, sha1_test_buf[i],
560 sha1_test_buflen[i] );
561
562 sha1_finish( &ctx, sha1sum );
563
564 if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
565 {
566 if( verbose != 0 )
567 printf( "failed\n" );
568
569 return( 1 );
570 }
571
572 if( verbose != 0 )
573 printf( "passed\n" );
574 }
575
576 if( verbose != 0 )
577 printf( "\n" );
578
579 for( i = 0; i < 7; i++ )
580 {
581 if( verbose != 0 )
582 printf( " HMAC-SHA-1 test #%d: ", i + 1 );
583
584 if( i == 5 || i == 6 )
585 {
586 memset( buf, '\xAA', buflen = 80 );
587 sha1_hmac_starts( &ctx, buf, buflen );
588 }
589 else
590 sha1_hmac_starts( &ctx, sha1_hmac_test_key[i],
591 sha1_hmac_test_keylen[i] );
592
593 sha1_hmac_update( &ctx, sha1_hmac_test_buf[i],
594 sha1_hmac_test_buflen[i] );
595
596 sha1_hmac_finish( &ctx, sha1sum );
597
598 buflen = ( i == 4 ) ? 12 : 20;
599
600 if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
601 {
602 if( verbose != 0 )
603 printf( "failed\n" );
604
605 return( 1 );
606 }
607
608 if( verbose != 0 )
609 printf( "passed\n" );
610 }
611
612 if( verbose != 0 )
613 printf( "\n" );
614
615 return( 0 );
616}
617
618#endif
619
620#endif