TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 7dc4c44267f83ab1a0148047534836d655ee931f / . / library / sha1.c
blob: f02d6e6efb586f5b27eca646958c477c618aeb37 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-1 compliant SHA-1 implementation
3 *
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame^]4 * Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The SHA-1 standard was published by NIST in 1993.
27 *
28 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
29 */
30
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]31#include "polarssl/config.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]32
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]33#if defined(POLARSSL_SHA1_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]34
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]35#include "polarssl/sha1.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]36
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]37#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]38#include <stdio.h>
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]39#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]40
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame^]41#if defined(POLARSSL_PLATFORM_C)
42#include "polarssl/platform.h"
43#else
44#define polarssl_printf printf
45#endif
46
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]47#if !defined(POLARSSL_SHA1_ALT)
48
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]49/*
50 * 32-bit integer manipulation macros (big endian)
51 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]52#ifndef GET_UINT32_BE
53#define GET_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]54{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]55 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
56 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
57 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
58 | ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]59}
60#endif
61
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]62#ifndef PUT_UINT32_BE
63#define PUT_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]64{ \
65 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
66 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
67 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
68 (b)[(i) + 3] = (unsigned char) ( (n) ); \
69}
70#endif
71
72/*
73 * SHA-1 context setup
74 */
75void sha1_starts( sha1_context *ctx )
76{
77 ctx->total[0] = 0;
78 ctx->total[1] = 0;
79
80 ctx->state[0] = 0x67452301;
81 ctx->state[1] = 0xEFCDAB89;
82 ctx->state[2] = 0x98BADCFE;
83 ctx->state[3] = 0x10325476;
84 ctx->state[4] = 0xC3D2E1F0;
85}
86
Paul Bakkere47b34b2013-02-27 14:48:00 +0100[diff] [blame]87void sha1_process( sha1_context *ctx, const unsigned char data[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]88{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]89 uint32_t temp, W[16], A, B, C, D, E;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]90
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]91 GET_UINT32_BE( W[ 0], data, 0 );
92 GET_UINT32_BE( W[ 1], data, 4 );
93 GET_UINT32_BE( W[ 2], data, 8 );
94 GET_UINT32_BE( W[ 3], data, 12 );
95 GET_UINT32_BE( W[ 4], data, 16 );
96 GET_UINT32_BE( W[ 5], data, 20 );
97 GET_UINT32_BE( W[ 6], data, 24 );
98 GET_UINT32_BE( W[ 7], data, 28 );
99 GET_UINT32_BE( W[ 8], data, 32 );
100 GET_UINT32_BE( W[ 9], data, 36 );
101 GET_UINT32_BE( W[10], data, 40 );
102 GET_UINT32_BE( W[11], data, 44 );
103 GET_UINT32_BE( W[12], data, 48 );
104 GET_UINT32_BE( W[13], data, 52 );
105 GET_UINT32_BE( W[14], data, 56 );
106 GET_UINT32_BE( W[15], data, 60 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]107
108#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
109
110#define R(t) \
111( \
112 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
113 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
114 ( W[t & 0x0F] = S(temp,1) ) \
115)
116
117#define P(a,b,c,d,e,x) \
118{ \
119 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
120}
121
122 A = ctx->state[0];
123 B = ctx->state[1];
124 C = ctx->state[2];
125 D = ctx->state[3];
126 E = ctx->state[4];
127
128#define F(x,y,z) (z ^ (x & (y ^ z)))
129#define K 0x5A827999
130
131 P( A, B, C, D, E, W[0] );
132 P( E, A, B, C, D, W[1] );
133 P( D, E, A, B, C, W[2] );
134 P( C, D, E, A, B, W[3] );
135 P( B, C, D, E, A, W[4] );
136 P( A, B, C, D, E, W[5] );
137 P( E, A, B, C, D, W[6] );
138 P( D, E, A, B, C, W[7] );
139 P( C, D, E, A, B, W[8] );
140 P( B, C, D, E, A, W[9] );
141 P( A, B, C, D, E, W[10] );
142 P( E, A, B, C, D, W[11] );
143 P( D, E, A, B, C, W[12] );
144 P( C, D, E, A, B, W[13] );
145 P( B, C, D, E, A, W[14] );
146 P( A, B, C, D, E, W[15] );
147 P( E, A, B, C, D, R(16) );
148 P( D, E, A, B, C, R(17) );
149 P( C, D, E, A, B, R(18) );
150 P( B, C, D, E, A, R(19) );
151
152#undef K
153#undef F
154
155#define F(x,y,z) (x ^ y ^ z)
156#define K 0x6ED9EBA1
157
158 P( A, B, C, D, E, R(20) );
159 P( E, A, B, C, D, R(21) );
160 P( D, E, A, B, C, R(22) );
161 P( C, D, E, A, B, R(23) );
162 P( B, C, D, E, A, R(24) );
163 P( A, B, C, D, E, R(25) );
164 P( E, A, B, C, D, R(26) );
165 P( D, E, A, B, C, R(27) );
166 P( C, D, E, A, B, R(28) );
167 P( B, C, D, E, A, R(29) );
168 P( A, B, C, D, E, R(30) );
169 P( E, A, B, C, D, R(31) );
170 P( D, E, A, B, C, R(32) );
171 P( C, D, E, A, B, R(33) );
172 P( B, C, D, E, A, R(34) );
173 P( A, B, C, D, E, R(35) );
174 P( E, A, B, C, D, R(36) );
175 P( D, E, A, B, C, R(37) );
176 P( C, D, E, A, B, R(38) );
177 P( B, C, D, E, A, R(39) );
178
179#undef K
180#undef F
181
182#define F(x,y,z) ((x & y) | (z & (x | y)))
183#define K 0x8F1BBCDC
184
185 P( A, B, C, D, E, R(40) );
186 P( E, A, B, C, D, R(41) );
187 P( D, E, A, B, C, R(42) );
188 P( C, D, E, A, B, R(43) );
189 P( B, C, D, E, A, R(44) );
190 P( A, B, C, D, E, R(45) );
191 P( E, A, B, C, D, R(46) );
192 P( D, E, A, B, C, R(47) );
193 P( C, D, E, A, B, R(48) );
194 P( B, C, D, E, A, R(49) );
195 P( A, B, C, D, E, R(50) );
196 P( E, A, B, C, D, R(51) );
197 P( D, E, A, B, C, R(52) );
198 P( C, D, E, A, B, R(53) );
199 P( B, C, D, E, A, R(54) );
200 P( A, B, C, D, E, R(55) );
201 P( E, A, B, C, D, R(56) );
202 P( D, E, A, B, C, R(57) );
203 P( C, D, E, A, B, R(58) );
204 P( B, C, D, E, A, R(59) );
205
206#undef K
207#undef F
208
209#define F(x,y,z) (x ^ y ^ z)
210#define K 0xCA62C1D6
211
212 P( A, B, C, D, E, R(60) );
213 P( E, A, B, C, D, R(61) );
214 P( D, E, A, B, C, R(62) );
215 P( C, D, E, A, B, R(63) );
216 P( B, C, D, E, A, R(64) );
217 P( A, B, C, D, E, R(65) );
218 P( E, A, B, C, D, R(66) );
219 P( D, E, A, B, C, R(67) );
220 P( C, D, E, A, B, R(68) );
221 P( B, C, D, E, A, R(69) );
222 P( A, B, C, D, E, R(70) );
223 P( E, A, B, C, D, R(71) );
224 P( D, E, A, B, C, R(72) );
225 P( C, D, E, A, B, R(73) );
226 P( B, C, D, E, A, R(74) );
227 P( A, B, C, D, E, R(75) );
228 P( E, A, B, C, D, R(76) );
229 P( D, E, A, B, C, R(77) );
230 P( C, D, E, A, B, R(78) );
231 P( B, C, D, E, A, R(79) );
232
233#undef K
234#undef F
235
236 ctx->state[0] += A;
237 ctx->state[1] += B;
238 ctx->state[2] += C;
239 ctx->state[3] += D;
240 ctx->state[4] += E;
241}
242
243/*
244 * SHA-1 process buffer
245 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]246void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]247{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]248 size_t fill;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]249 uint32_t left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]250
251 if( ilen <= 0 )
252 return;
253
254 left = ctx->total[0] & 0x3F;
255 fill = 64 - left;
256
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]257 ctx->total[0] += (uint32_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]258 ctx->total[0] &= 0xFFFFFFFF;
259
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]260 if( ctx->total[0] < (uint32_t) ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]261 ctx->total[1]++;
262
263 if( left && ilen >= fill )
264 {
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]265 memcpy( (void *) (ctx->buffer + left), input, fill );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]266 sha1_process( ctx, ctx->buffer );
267 input += fill;
268 ilen -= fill;
269 left = 0;
270 }
271
272 while( ilen >= 64 )
273 {
274 sha1_process( ctx, input );
275 input += 64;
276 ilen -= 64;
277 }
278
279 if( ilen > 0 )
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]280 memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]281}
282
283static const unsigned char sha1_padding[64] =
284{
285 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
286 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
287 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
288 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
289};
290
291/*
292 * SHA-1 final digest
293 */
294void sha1_finish( sha1_context *ctx, unsigned char output[20] )
295{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]296 uint32_t last, padn;
297 uint32_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]298 unsigned char msglen[8];
299
300 high = ( ctx->total[0] >> 29 )
301 | ( ctx->total[1] << 3 );
302 low = ( ctx->total[0] << 3 );
303
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]304 PUT_UINT32_BE( high, msglen, 0 );
305 PUT_UINT32_BE( low, msglen, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]306
307 last = ctx->total[0] & 0x3F;
308 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
309
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]310 sha1_update( ctx, sha1_padding, padn );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]311 sha1_update( ctx, msglen, 8 );
312
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]313 PUT_UINT32_BE( ctx->state[0], output, 0 );
314 PUT_UINT32_BE( ctx->state[1], output, 4 );
315 PUT_UINT32_BE( ctx->state[2], output, 8 );
316 PUT_UINT32_BE( ctx->state[3], output, 12 );
317 PUT_UINT32_BE( ctx->state[4], output, 16 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]318}
319
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]320#endif /* !POLARSSL_SHA1_ALT */
321
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]322/*
323 * output = SHA-1( input buffer )
324 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]325void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]326{
327 sha1_context ctx;
328
329 sha1_starts( &ctx );
330 sha1_update( &ctx, input, ilen );
331 sha1_finish( &ctx, output );
332
333 memset( &ctx, 0, sizeof( sha1_context ) );
334}
335
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]336#if defined(POLARSSL_FS_IO)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]337/*
338 * output = SHA-1( file contents )
339 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]340int sha1_file( const char *path, unsigned char output[20] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]341{
342 FILE *f;
343 size_t n;
344 sha1_context ctx;
345 unsigned char buf[1024];
346
347 if( ( f = fopen( path, "rb" ) ) == NULL )
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]348 return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]349
350 sha1_starts( &ctx );
351
352 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]353 sha1_update( &ctx, buf, n );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]354
355 sha1_finish( &ctx, output );
356
357 memset( &ctx, 0, sizeof( sha1_context ) );
358
359 if( ferror( f ) != 0 )
360 {
361 fclose( f );
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]362 return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]363 }
364
365 fclose( f );
366 return( 0 );
367}
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]368#endif /* POLARSSL_FS_IO */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]369
370/*
371 * SHA-1 HMAC context setup
372 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]373void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keylen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]374{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]375 size_t i;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]376 unsigned char sum[20];
377
378 if( keylen > 64 )
379 {
380 sha1( key, keylen, sum );
381 keylen = 20;
382 key = sum;
383 }
384
385 memset( ctx->ipad, 0x36, 64 );
386 memset( ctx->opad, 0x5C, 64 );
387
388 for( i = 0; i < keylen; i++ )
389 {
390 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
391 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
392 }
393
394 sha1_starts( ctx );
395 sha1_update( ctx, ctx->ipad, 64 );
396
397 memset( sum, 0, sizeof( sum ) );
398}
399
400/*
401 * SHA-1 HMAC process buffer
402 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]403void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]404{
405 sha1_update( ctx, input, ilen );
406}
407
408/*
409 * SHA-1 HMAC final digest
410 */
411void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
412{
413 unsigned char tmpbuf[20];
414
415 sha1_finish( ctx, tmpbuf );
416 sha1_starts( ctx );
417 sha1_update( ctx, ctx->opad, 64 );
418 sha1_update( ctx, tmpbuf, 20 );
419 sha1_finish( ctx, output );
420
421 memset( tmpbuf, 0, sizeof( tmpbuf ) );
422}
423
424/*
Paul Bakker7d3b6612010-03-21 16:23:13 +0000[diff] [blame]425 * SHA1 HMAC context reset
426 */
427void sha1_hmac_reset( sha1_context *ctx )
428{
429 sha1_starts( ctx );
430 sha1_update( ctx, ctx->ipad, 64 );
431}
432
433/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]434 * output = HMAC-SHA-1( hmac key, input buffer )
435 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]436void sha1_hmac( const unsigned char *key, size_t keylen,
437 const unsigned char *input, size_t ilen,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]438 unsigned char output[20] )
439{
440 sha1_context ctx;
441
442 sha1_hmac_starts( &ctx, key, keylen );
443 sha1_hmac_update( &ctx, input, ilen );
444 sha1_hmac_finish( &ctx, output );
445
446 memset( &ctx, 0, sizeof( sha1_context ) );
447}
448
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]449#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]450/*
451 * FIPS-180-1 test vectors
452 */
453static unsigned char sha1_test_buf[3][57] =
454{
455 { "abc" },
456 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
457 { "" }
458};
459
460static const int sha1_test_buflen[3] =
461{
462 3, 56, 1000
463};
464
465static const unsigned char sha1_test_sum[3][20] =
466{
467 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
468 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
469 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
470 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
471 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
472 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
473};
474
475/*
476 * RFC 2202 test vectors
477 */
478static unsigned char sha1_hmac_test_key[7][26] =
479{
480 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
481 "\x0B\x0B\x0B\x0B" },
482 { "Jefe" },
483 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
484 "\xAA\xAA\xAA\xAA" },
485 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
486 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
487 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
488 "\x0C\x0C\x0C\x0C" },
489 { "" }, /* 0xAA 80 times */
490 { "" }
491};
492
493static const int sha1_hmac_test_keylen[7] =
494{
495 20, 4, 20, 25, 20, 80, 80
496};
497
498static unsigned char sha1_hmac_test_buf[7][74] =
499{
500 { "Hi There" },
501 { "what do ya want for nothing?" },
502 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
503 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
504 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
505 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
506 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
507 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
508 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
509 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
510 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
511 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
512 { "Test With Truncation" },
513 { "Test Using Larger Than Block-Size Key - Hash Key First" },
514 { "Test Using Larger Than Block-Size Key and Larger"
515 " Than One Block-Size Data" }
516};
517
518static const int sha1_hmac_test_buflen[7] =
519{
520 8, 28, 50, 50, 20, 54, 73
521};
522
523static const unsigned char sha1_hmac_test_sum[7][20] =
524{
525 { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
526 0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
527 { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
528 0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
529 { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
530 0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
531 { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
532 0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
533 { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
534 0x7B, 0xE1 },
535 { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
536 0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
537 { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
538 0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
539};
540
541/*
542 * Checkup routine
543 */
544int sha1_self_test( int verbose )
545{
546 int i, j, buflen;
547 unsigned char buf[1024];
548 unsigned char sha1sum[20];
549 sha1_context ctx;
550
551 /*
552 * SHA-1
553 */
554 for( i = 0; i < 3; i++ )
555 {
556 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame^]557 polarssl_printf( " SHA-1 test #%d: ", i + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]558
559 sha1_starts( &ctx );
560
561 if( i == 2 )
562 {
563 memset( buf, 'a', buflen = 1000 );
564
565 for( j = 0; j < 1000; j++ )
566 sha1_update( &ctx, buf, buflen );
567 }
568 else
569 sha1_update( &ctx, sha1_test_buf[i],
570 sha1_test_buflen[i] );
571
572 sha1_finish( &ctx, sha1sum );
573
574 if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
575 {
576 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame^]577 polarssl_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]578
579 return( 1 );
580 }
581
582 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame^]583 polarssl_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]584 }
585
586 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame^]587 polarssl_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]588
589 for( i = 0; i < 7; i++ )
590 {
591 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame^]592 polarssl_printf( " HMAC-SHA-1 test #%d: ", i + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]593
594 if( i == 5 || i == 6 )
595 {
596 memset( buf, '\xAA', buflen = 80 );
597 sha1_hmac_starts( &ctx, buf, buflen );
598 }
599 else
600 sha1_hmac_starts( &ctx, sha1_hmac_test_key[i],
601 sha1_hmac_test_keylen[i] );
602
603 sha1_hmac_update( &ctx, sha1_hmac_test_buf[i],
604 sha1_hmac_test_buflen[i] );
605
606 sha1_hmac_finish( &ctx, sha1sum );
607
608 buflen = ( i == 4 ) ? 12 : 20;
609
610 if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
611 {
612 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame^]613 polarssl_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]614
615 return( 1 );
616 }
617
618 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame^]619 polarssl_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]620 }
621
622 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame^]623 polarssl_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]624
625 return( 0 );
626}
627
628#endif
629
630#endif