TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 3c2122ff9df373dca325998ef3f2ec2be986f1ac / . / library / sha1.c
blob: 372c0c1cbea9eb1474656bca3282d886683de0db [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-1 compliant SHA-1 implementation
3 *
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]4 * Copyright (C) 2006-2010, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The SHA-1 standard was published by NIST in 1993.
27 *
28 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
29 */
30
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]31#include "polarssl/config.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]32
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]33#if defined(POLARSSL_SHA1_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]34
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]35#include "polarssl/sha1.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]36
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]37#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]38#include <stdio.h>
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]39#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]40
41/*
42 * 32-bit integer manipulation macros (big endian)
43 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]44#ifndef GET_UINT32_BE
45#define GET_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]46{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]47 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
48 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
49 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
50 | ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]51}
52#endif
53
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]54#ifndef PUT_UINT32_BE
55#define PUT_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]56{ \
57 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
58 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
59 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
60 (b)[(i) + 3] = (unsigned char) ( (n) ); \
61}
62#endif
63
64/*
65 * SHA-1 context setup
66 */
67void sha1_starts( sha1_context *ctx )
68{
69 ctx->total[0] = 0;
70 ctx->total[1] = 0;
71
72 ctx->state[0] = 0x67452301;
73 ctx->state[1] = 0xEFCDAB89;
74 ctx->state[2] = 0x98BADCFE;
75 ctx->state[3] = 0x10325476;
76 ctx->state[4] = 0xC3D2E1F0;
77}
78
Paul Bakkere47b34b2013-02-27 14:48:00 +0100[diff] [blame]79void sha1_process( sha1_context *ctx, const unsigned char data[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]80{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]81 uint32_t temp, W[16], A, B, C, D, E;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]82
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]83 GET_UINT32_BE( W[ 0], data, 0 );
84 GET_UINT32_BE( W[ 1], data, 4 );
85 GET_UINT32_BE( W[ 2], data, 8 );
86 GET_UINT32_BE( W[ 3], data, 12 );
87 GET_UINT32_BE( W[ 4], data, 16 );
88 GET_UINT32_BE( W[ 5], data, 20 );
89 GET_UINT32_BE( W[ 6], data, 24 );
90 GET_UINT32_BE( W[ 7], data, 28 );
91 GET_UINT32_BE( W[ 8], data, 32 );
92 GET_UINT32_BE( W[ 9], data, 36 );
93 GET_UINT32_BE( W[10], data, 40 );
94 GET_UINT32_BE( W[11], data, 44 );
95 GET_UINT32_BE( W[12], data, 48 );
96 GET_UINT32_BE( W[13], data, 52 );
97 GET_UINT32_BE( W[14], data, 56 );
98 GET_UINT32_BE( W[15], data, 60 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]99
100#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
101
102#define R(t) \
103( \
104 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
105 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
106 ( W[t & 0x0F] = S(temp,1) ) \
107)
108
109#define P(a,b,c,d,e,x) \
110{ \
111 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
112}
113
114 A = ctx->state[0];
115 B = ctx->state[1];
116 C = ctx->state[2];
117 D = ctx->state[3];
118 E = ctx->state[4];
119
120#define F(x,y,z) (z ^ (x & (y ^ z)))
121#define K 0x5A827999
122
123 P( A, B, C, D, E, W[0] );
124 P( E, A, B, C, D, W[1] );
125 P( D, E, A, B, C, W[2] );
126 P( C, D, E, A, B, W[3] );
127 P( B, C, D, E, A, W[4] );
128 P( A, B, C, D, E, W[5] );
129 P( E, A, B, C, D, W[6] );
130 P( D, E, A, B, C, W[7] );
131 P( C, D, E, A, B, W[8] );
132 P( B, C, D, E, A, W[9] );
133 P( A, B, C, D, E, W[10] );
134 P( E, A, B, C, D, W[11] );
135 P( D, E, A, B, C, W[12] );
136 P( C, D, E, A, B, W[13] );
137 P( B, C, D, E, A, W[14] );
138 P( A, B, C, D, E, W[15] );
139 P( E, A, B, C, D, R(16) );
140 P( D, E, A, B, C, R(17) );
141 P( C, D, E, A, B, R(18) );
142 P( B, C, D, E, A, R(19) );
143
144#undef K
145#undef F
146
147#define F(x,y,z) (x ^ y ^ z)
148#define K 0x6ED9EBA1
149
150 P( A, B, C, D, E, R(20) );
151 P( E, A, B, C, D, R(21) );
152 P( D, E, A, B, C, R(22) );
153 P( C, D, E, A, B, R(23) );
154 P( B, C, D, E, A, R(24) );
155 P( A, B, C, D, E, R(25) );
156 P( E, A, B, C, D, R(26) );
157 P( D, E, A, B, C, R(27) );
158 P( C, D, E, A, B, R(28) );
159 P( B, C, D, E, A, R(29) );
160 P( A, B, C, D, E, R(30) );
161 P( E, A, B, C, D, R(31) );
162 P( D, E, A, B, C, R(32) );
163 P( C, D, E, A, B, R(33) );
164 P( B, C, D, E, A, R(34) );
165 P( A, B, C, D, E, R(35) );
166 P( E, A, B, C, D, R(36) );
167 P( D, E, A, B, C, R(37) );
168 P( C, D, E, A, B, R(38) );
169 P( B, C, D, E, A, R(39) );
170
171#undef K
172#undef F
173
174#define F(x,y,z) ((x & y) | (z & (x | y)))
175#define K 0x8F1BBCDC
176
177 P( A, B, C, D, E, R(40) );
178 P( E, A, B, C, D, R(41) );
179 P( D, E, A, B, C, R(42) );
180 P( C, D, E, A, B, R(43) );
181 P( B, C, D, E, A, R(44) );
182 P( A, B, C, D, E, R(45) );
183 P( E, A, B, C, D, R(46) );
184 P( D, E, A, B, C, R(47) );
185 P( C, D, E, A, B, R(48) );
186 P( B, C, D, E, A, R(49) );
187 P( A, B, C, D, E, R(50) );
188 P( E, A, B, C, D, R(51) );
189 P( D, E, A, B, C, R(52) );
190 P( C, D, E, A, B, R(53) );
191 P( B, C, D, E, A, R(54) );
192 P( A, B, C, D, E, R(55) );
193 P( E, A, B, C, D, R(56) );
194 P( D, E, A, B, C, R(57) );
195 P( C, D, E, A, B, R(58) );
196 P( B, C, D, E, A, R(59) );
197
198#undef K
199#undef F
200
201#define F(x,y,z) (x ^ y ^ z)
202#define K 0xCA62C1D6
203
204 P( A, B, C, D, E, R(60) );
205 P( E, A, B, C, D, R(61) );
206 P( D, E, A, B, C, R(62) );
207 P( C, D, E, A, B, R(63) );
208 P( B, C, D, E, A, R(64) );
209 P( A, B, C, D, E, R(65) );
210 P( E, A, B, C, D, R(66) );
211 P( D, E, A, B, C, R(67) );
212 P( C, D, E, A, B, R(68) );
213 P( B, C, D, E, A, R(69) );
214 P( A, B, C, D, E, R(70) );
215 P( E, A, B, C, D, R(71) );
216 P( D, E, A, B, C, R(72) );
217 P( C, D, E, A, B, R(73) );
218 P( B, C, D, E, A, R(74) );
219 P( A, B, C, D, E, R(75) );
220 P( E, A, B, C, D, R(76) );
221 P( D, E, A, B, C, R(77) );
222 P( C, D, E, A, B, R(78) );
223 P( B, C, D, E, A, R(79) );
224
225#undef K
226#undef F
227
228 ctx->state[0] += A;
229 ctx->state[1] += B;
230 ctx->state[2] += C;
231 ctx->state[3] += D;
232 ctx->state[4] += E;
233}
234
235/*
236 * SHA-1 process buffer
237 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]238void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]239{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]240 size_t fill;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]241 uint32_t left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]242
243 if( ilen <= 0 )
244 return;
245
246 left = ctx->total[0] & 0x3F;
247 fill = 64 - left;
248
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]249 ctx->total[0] += (uint32_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]250 ctx->total[0] &= 0xFFFFFFFF;
251
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]252 if( ctx->total[0] < (uint32_t) ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]253 ctx->total[1]++;
254
255 if( left && ilen >= fill )
256 {
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame^]257 memcpy( (void *) (ctx->buffer + left), input, fill );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]258 sha1_process( ctx, ctx->buffer );
259 input += fill;
260 ilen -= fill;
261 left = 0;
262 }
263
264 while( ilen >= 64 )
265 {
266 sha1_process( ctx, input );
267 input += 64;
268 ilen -= 64;
269 }
270
271 if( ilen > 0 )
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame^]272 memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]273}
274
275static const unsigned char sha1_padding[64] =
276{
277 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
278 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
279 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
280 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
281};
282
283/*
284 * SHA-1 final digest
285 */
286void sha1_finish( sha1_context *ctx, unsigned char output[20] )
287{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]288 uint32_t last, padn;
289 uint32_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]290 unsigned char msglen[8];
291
292 high = ( ctx->total[0] >> 29 )
293 | ( ctx->total[1] << 3 );
294 low = ( ctx->total[0] << 3 );
295
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]296 PUT_UINT32_BE( high, msglen, 0 );
297 PUT_UINT32_BE( low, msglen, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]298
299 last = ctx->total[0] & 0x3F;
300 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
301
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame^]302 sha1_update( ctx, sha1_padding, padn );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]303 sha1_update( ctx, msglen, 8 );
304
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]305 PUT_UINT32_BE( ctx->state[0], output, 0 );
306 PUT_UINT32_BE( ctx->state[1], output, 4 );
307 PUT_UINT32_BE( ctx->state[2], output, 8 );
308 PUT_UINT32_BE( ctx->state[3], output, 12 );
309 PUT_UINT32_BE( ctx->state[4], output, 16 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]310}
311
312/*
313 * output = SHA-1( input buffer )
314 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]315void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]316{
317 sha1_context ctx;
318
319 sha1_starts( &ctx );
320 sha1_update( &ctx, input, ilen );
321 sha1_finish( &ctx, output );
322
323 memset( &ctx, 0, sizeof( sha1_context ) );
324}
325
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]326#if defined(POLARSSL_FS_IO)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]327/*
328 * output = SHA-1( file contents )
329 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]330int sha1_file( const char *path, unsigned char output[20] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]331{
332 FILE *f;
333 size_t n;
334 sha1_context ctx;
335 unsigned char buf[1024];
336
337 if( ( f = fopen( path, "rb" ) ) == NULL )
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]338 return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]339
340 sha1_starts( &ctx );
341
342 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]343 sha1_update( &ctx, buf, n );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]344
345 sha1_finish( &ctx, output );
346
347 memset( &ctx, 0, sizeof( sha1_context ) );
348
349 if( ferror( f ) != 0 )
350 {
351 fclose( f );
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]352 return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]353 }
354
355 fclose( f );
356 return( 0 );
357}
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]358#endif /* POLARSSL_FS_IO */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]359
360/*
361 * SHA-1 HMAC context setup
362 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]363void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keylen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]364{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]365 size_t i;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]366 unsigned char sum[20];
367
368 if( keylen > 64 )
369 {
370 sha1( key, keylen, sum );
371 keylen = 20;
372 key = sum;
373 }
374
375 memset( ctx->ipad, 0x36, 64 );
376 memset( ctx->opad, 0x5C, 64 );
377
378 for( i = 0; i < keylen; i++ )
379 {
380 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
381 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
382 }
383
384 sha1_starts( ctx );
385 sha1_update( ctx, ctx->ipad, 64 );
386
387 memset( sum, 0, sizeof( sum ) );
388}
389
390/*
391 * SHA-1 HMAC process buffer
392 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]393void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]394{
395 sha1_update( ctx, input, ilen );
396}
397
398/*
399 * SHA-1 HMAC final digest
400 */
401void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
402{
403 unsigned char tmpbuf[20];
404
405 sha1_finish( ctx, tmpbuf );
406 sha1_starts( ctx );
407 sha1_update( ctx, ctx->opad, 64 );
408 sha1_update( ctx, tmpbuf, 20 );
409 sha1_finish( ctx, output );
410
411 memset( tmpbuf, 0, sizeof( tmpbuf ) );
412}
413
414/*
Paul Bakker7d3b6612010-03-21 16:23:13 +0000[diff] [blame]415 * SHA1 HMAC context reset
416 */
417void sha1_hmac_reset( sha1_context *ctx )
418{
419 sha1_starts( ctx );
420 sha1_update( ctx, ctx->ipad, 64 );
421}
422
423/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]424 * output = HMAC-SHA-1( hmac key, input buffer )
425 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]426void sha1_hmac( const unsigned char *key, size_t keylen,
427 const unsigned char *input, size_t ilen,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]428 unsigned char output[20] )
429{
430 sha1_context ctx;
431
432 sha1_hmac_starts( &ctx, key, keylen );
433 sha1_hmac_update( &ctx, input, ilen );
434 sha1_hmac_finish( &ctx, output );
435
436 memset( &ctx, 0, sizeof( sha1_context ) );
437}
438
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]439#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]440/*
441 * FIPS-180-1 test vectors
442 */
443static unsigned char sha1_test_buf[3][57] =
444{
445 { "abc" },
446 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
447 { "" }
448};
449
450static const int sha1_test_buflen[3] =
451{
452 3, 56, 1000
453};
454
455static const unsigned char sha1_test_sum[3][20] =
456{
457 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
458 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
459 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
460 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
461 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
462 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
463};
464
465/*
466 * RFC 2202 test vectors
467 */
468static unsigned char sha1_hmac_test_key[7][26] =
469{
470 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
471 "\x0B\x0B\x0B\x0B" },
472 { "Jefe" },
473 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
474 "\xAA\xAA\xAA\xAA" },
475 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
476 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
477 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
478 "\x0C\x0C\x0C\x0C" },
479 { "" }, /* 0xAA 80 times */
480 { "" }
481};
482
483static const int sha1_hmac_test_keylen[7] =
484{
485 20, 4, 20, 25, 20, 80, 80
486};
487
488static unsigned char sha1_hmac_test_buf[7][74] =
489{
490 { "Hi There" },
491 { "what do ya want for nothing?" },
492 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
493 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
494 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
495 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
496 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
497 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
498 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
499 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
500 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
501 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
502 { "Test With Truncation" },
503 { "Test Using Larger Than Block-Size Key - Hash Key First" },
504 { "Test Using Larger Than Block-Size Key and Larger"
505 " Than One Block-Size Data" }
506};
507
508static const int sha1_hmac_test_buflen[7] =
509{
510 8, 28, 50, 50, 20, 54, 73
511};
512
513static const unsigned char sha1_hmac_test_sum[7][20] =
514{
515 { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
516 0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
517 { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
518 0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
519 { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
520 0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
521 { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
522 0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
523 { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
524 0x7B, 0xE1 },
525 { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
526 0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
527 { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
528 0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
529};
530
531/*
532 * Checkup routine
533 */
534int sha1_self_test( int verbose )
535{
536 int i, j, buflen;
537 unsigned char buf[1024];
538 unsigned char sha1sum[20];
539 sha1_context ctx;
540
541 /*
542 * SHA-1
543 */
544 for( i = 0; i < 3; i++ )
545 {
546 if( verbose != 0 )
547 printf( " SHA-1 test #%d: ", i + 1 );
548
549 sha1_starts( &ctx );
550
551 if( i == 2 )
552 {
553 memset( buf, 'a', buflen = 1000 );
554
555 for( j = 0; j < 1000; j++ )
556 sha1_update( &ctx, buf, buflen );
557 }
558 else
559 sha1_update( &ctx, sha1_test_buf[i],
560 sha1_test_buflen[i] );
561
562 sha1_finish( &ctx, sha1sum );
563
564 if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
565 {
566 if( verbose != 0 )
567 printf( "failed\n" );
568
569 return( 1 );
570 }
571
572 if( verbose != 0 )
573 printf( "passed\n" );
574 }
575
576 if( verbose != 0 )
577 printf( "\n" );
578
579 for( i = 0; i < 7; i++ )
580 {
581 if( verbose != 0 )
582 printf( " HMAC-SHA-1 test #%d: ", i + 1 );
583
584 if( i == 5 || i == 6 )
585 {
586 memset( buf, '\xAA', buflen = 80 );
587 sha1_hmac_starts( &ctx, buf, buflen );
588 }
589 else
590 sha1_hmac_starts( &ctx, sha1_hmac_test_key[i],
591 sha1_hmac_test_keylen[i] );
592
593 sha1_hmac_update( &ctx, sha1_hmac_test_buf[i],
594 sha1_hmac_test_buflen[i] );
595
596 sha1_hmac_finish( &ctx, sha1sum );
597
598 buflen = ( i == 4 ) ? 12 : 20;
599
600 if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
601 {
602 if( verbose != 0 )
603 printf( "failed\n" );
604
605 return( 1 );
606 }
607
608 if( verbose != 0 )
609 printf( "passed\n" );
610 }
611
612 if( verbose != 0 )
613 printf( "\n" );
614
615 return( 0 );
616}
617
618#endif
619
620#endif