TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 525f87559f618e2d3b6f3c6db68d9062b373326e / . / library / sha1.c
blob: b89db3272faf4f11ca8daa2cb4c1d535286d369e [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-1 compliant SHA-1 implementation
3 *
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]4 * Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The SHA-1 standard was published by NIST in 1993.
27 *
28 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
29 */
30
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]31#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]32#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]33#else
34#include POLARSSL_CONFIG_FILE
35#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]36
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]37#if defined(POLARSSL_SHA1_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]38
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]39#include "polarssl/sha1.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]40
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]41#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]42#include <stdio.h>
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]43#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]44
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]45#if defined(POLARSSL_PLATFORM_C)
46#include "polarssl/platform.h"
47#else
48#define polarssl_printf printf
49#endif
50
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]51#if !defined(POLARSSL_SHA1_ALT)
52
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]53/*
54 * 32-bit integer manipulation macros (big endian)
55 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]56#ifndef GET_UINT32_BE
57#define GET_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]58{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]59 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
60 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
61 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
62 | ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]63}
64#endif
65
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]66#ifndef PUT_UINT32_BE
67#define PUT_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]68{ \
69 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
70 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
71 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
72 (b)[(i) + 3] = (unsigned char) ( (n) ); \
73}
74#endif
75
76/*
77 * SHA-1 context setup
78 */
79void sha1_starts( sha1_context *ctx )
80{
81 ctx->total[0] = 0;
82 ctx->total[1] = 0;
83
84 ctx->state[0] = 0x67452301;
85 ctx->state[1] = 0xEFCDAB89;
86 ctx->state[2] = 0x98BADCFE;
87 ctx->state[3] = 0x10325476;
88 ctx->state[4] = 0xC3D2E1F0;
89}
90
Paul Bakkere47b34b2013-02-27 14:48:00 +0100[diff] [blame]91void sha1_process( sha1_context *ctx, const unsigned char data[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]92{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]93 uint32_t temp, W[16], A, B, C, D, E;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]94
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]95 GET_UINT32_BE( W[ 0], data, 0 );
96 GET_UINT32_BE( W[ 1], data, 4 );
97 GET_UINT32_BE( W[ 2], data, 8 );
98 GET_UINT32_BE( W[ 3], data, 12 );
99 GET_UINT32_BE( W[ 4], data, 16 );
100 GET_UINT32_BE( W[ 5], data, 20 );
101 GET_UINT32_BE( W[ 6], data, 24 );
102 GET_UINT32_BE( W[ 7], data, 28 );
103 GET_UINT32_BE( W[ 8], data, 32 );
104 GET_UINT32_BE( W[ 9], data, 36 );
105 GET_UINT32_BE( W[10], data, 40 );
106 GET_UINT32_BE( W[11], data, 44 );
107 GET_UINT32_BE( W[12], data, 48 );
108 GET_UINT32_BE( W[13], data, 52 );
109 GET_UINT32_BE( W[14], data, 56 );
110 GET_UINT32_BE( W[15], data, 60 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]111
112#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
113
114#define R(t) \
115( \
116 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
117 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
118 ( W[t & 0x0F] = S(temp,1) ) \
119)
120
121#define P(a,b,c,d,e,x) \
122{ \
123 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
124}
125
126 A = ctx->state[0];
127 B = ctx->state[1];
128 C = ctx->state[2];
129 D = ctx->state[3];
130 E = ctx->state[4];
131
132#define F(x,y,z) (z ^ (x & (y ^ z)))
133#define K 0x5A827999
134
135 P( A, B, C, D, E, W[0] );
136 P( E, A, B, C, D, W[1] );
137 P( D, E, A, B, C, W[2] );
138 P( C, D, E, A, B, W[3] );
139 P( B, C, D, E, A, W[4] );
140 P( A, B, C, D, E, W[5] );
141 P( E, A, B, C, D, W[6] );
142 P( D, E, A, B, C, W[7] );
143 P( C, D, E, A, B, W[8] );
144 P( B, C, D, E, A, W[9] );
145 P( A, B, C, D, E, W[10] );
146 P( E, A, B, C, D, W[11] );
147 P( D, E, A, B, C, W[12] );
148 P( C, D, E, A, B, W[13] );
149 P( B, C, D, E, A, W[14] );
150 P( A, B, C, D, E, W[15] );
151 P( E, A, B, C, D, R(16) );
152 P( D, E, A, B, C, R(17) );
153 P( C, D, E, A, B, R(18) );
154 P( B, C, D, E, A, R(19) );
155
156#undef K
157#undef F
158
159#define F(x,y,z) (x ^ y ^ z)
160#define K 0x6ED9EBA1
161
162 P( A, B, C, D, E, R(20) );
163 P( E, A, B, C, D, R(21) );
164 P( D, E, A, B, C, R(22) );
165 P( C, D, E, A, B, R(23) );
166 P( B, C, D, E, A, R(24) );
167 P( A, B, C, D, E, R(25) );
168 P( E, A, B, C, D, R(26) );
169 P( D, E, A, B, C, R(27) );
170 P( C, D, E, A, B, R(28) );
171 P( B, C, D, E, A, R(29) );
172 P( A, B, C, D, E, R(30) );
173 P( E, A, B, C, D, R(31) );
174 P( D, E, A, B, C, R(32) );
175 P( C, D, E, A, B, R(33) );
176 P( B, C, D, E, A, R(34) );
177 P( A, B, C, D, E, R(35) );
178 P( E, A, B, C, D, R(36) );
179 P( D, E, A, B, C, R(37) );
180 P( C, D, E, A, B, R(38) );
181 P( B, C, D, E, A, R(39) );
182
183#undef K
184#undef F
185
186#define F(x,y,z) ((x & y) | (z & (x | y)))
187#define K 0x8F1BBCDC
188
189 P( A, B, C, D, E, R(40) );
190 P( E, A, B, C, D, R(41) );
191 P( D, E, A, B, C, R(42) );
192 P( C, D, E, A, B, R(43) );
193 P( B, C, D, E, A, R(44) );
194 P( A, B, C, D, E, R(45) );
195 P( E, A, B, C, D, R(46) );
196 P( D, E, A, B, C, R(47) );
197 P( C, D, E, A, B, R(48) );
198 P( B, C, D, E, A, R(49) );
199 P( A, B, C, D, E, R(50) );
200 P( E, A, B, C, D, R(51) );
201 P( D, E, A, B, C, R(52) );
202 P( C, D, E, A, B, R(53) );
203 P( B, C, D, E, A, R(54) );
204 P( A, B, C, D, E, R(55) );
205 P( E, A, B, C, D, R(56) );
206 P( D, E, A, B, C, R(57) );
207 P( C, D, E, A, B, R(58) );
208 P( B, C, D, E, A, R(59) );
209
210#undef K
211#undef F
212
213#define F(x,y,z) (x ^ y ^ z)
214#define K 0xCA62C1D6
215
216 P( A, B, C, D, E, R(60) );
217 P( E, A, B, C, D, R(61) );
218 P( D, E, A, B, C, R(62) );
219 P( C, D, E, A, B, R(63) );
220 P( B, C, D, E, A, R(64) );
221 P( A, B, C, D, E, R(65) );
222 P( E, A, B, C, D, R(66) );
223 P( D, E, A, B, C, R(67) );
224 P( C, D, E, A, B, R(68) );
225 P( B, C, D, E, A, R(69) );
226 P( A, B, C, D, E, R(70) );
227 P( E, A, B, C, D, R(71) );
228 P( D, E, A, B, C, R(72) );
229 P( C, D, E, A, B, R(73) );
230 P( B, C, D, E, A, R(74) );
231 P( A, B, C, D, E, R(75) );
232 P( E, A, B, C, D, R(76) );
233 P( D, E, A, B, C, R(77) );
234 P( C, D, E, A, B, R(78) );
235 P( B, C, D, E, A, R(79) );
236
237#undef K
238#undef F
239
240 ctx->state[0] += A;
241 ctx->state[1] += B;
242 ctx->state[2] += C;
243 ctx->state[3] += D;
244 ctx->state[4] += E;
245}
246
247/*
248 * SHA-1 process buffer
249 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]250void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]251{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]252 size_t fill;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]253 uint32_t left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]254
255 if( ilen <= 0 )
256 return;
257
258 left = ctx->total[0] & 0x3F;
259 fill = 64 - left;
260
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]261 ctx->total[0] += (uint32_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]262 ctx->total[0] &= 0xFFFFFFFF;
263
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]264 if( ctx->total[0] < (uint32_t) ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]265 ctx->total[1]++;
266
267 if( left && ilen >= fill )
268 {
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]269 memcpy( (void *) (ctx->buffer + left), input, fill );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]270 sha1_process( ctx, ctx->buffer );
271 input += fill;
272 ilen -= fill;
273 left = 0;
274 }
275
276 while( ilen >= 64 )
277 {
278 sha1_process( ctx, input );
279 input += 64;
280 ilen -= 64;
281 }
282
283 if( ilen > 0 )
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]284 memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]285}
286
287static const unsigned char sha1_padding[64] =
288{
289 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
290 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
291 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
292 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
293};
294
295/*
296 * SHA-1 final digest
297 */
298void sha1_finish( sha1_context *ctx, unsigned char output[20] )
299{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]300 uint32_t last, padn;
301 uint32_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]302 unsigned char msglen[8];
303
304 high = ( ctx->total[0] >> 29 )
305 | ( ctx->total[1] << 3 );
306 low = ( ctx->total[0] << 3 );
307
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]308 PUT_UINT32_BE( high, msglen, 0 );
309 PUT_UINT32_BE( low, msglen, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]310
311 last = ctx->total[0] & 0x3F;
312 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
313
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]314 sha1_update( ctx, sha1_padding, padn );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]315 sha1_update( ctx, msglen, 8 );
316
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]317 PUT_UINT32_BE( ctx->state[0], output, 0 );
318 PUT_UINT32_BE( ctx->state[1], output, 4 );
319 PUT_UINT32_BE( ctx->state[2], output, 8 );
320 PUT_UINT32_BE( ctx->state[3], output, 12 );
321 PUT_UINT32_BE( ctx->state[4], output, 16 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]322}
323
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]324#endif /* !POLARSSL_SHA1_ALT */
325
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]326/*
327 * output = SHA-1( input buffer )
328 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]329void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]330{
331 sha1_context ctx;
332
333 sha1_starts( &ctx );
334 sha1_update( &ctx, input, ilen );
335 sha1_finish( &ctx, output );
336
337 memset( &ctx, 0, sizeof( sha1_context ) );
338}
339
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]340#if defined(POLARSSL_FS_IO)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]341/*
342 * output = SHA-1( file contents )
343 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]344int sha1_file( const char *path, unsigned char output[20] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]345{
346 FILE *f;
347 size_t n;
348 sha1_context ctx;
349 unsigned char buf[1024];
350
351 if( ( f = fopen( path, "rb" ) ) == NULL )
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]352 return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]353
354 sha1_starts( &ctx );
355
356 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]357 sha1_update( &ctx, buf, n );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]358
359 sha1_finish( &ctx, output );
360
361 memset( &ctx, 0, sizeof( sha1_context ) );
362
363 if( ferror( f ) != 0 )
364 {
365 fclose( f );
Paul Bakker69e095c2011-12-10 21:55:01 +0000[diff] [blame]366 return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]367 }
368
369 fclose( f );
370 return( 0 );
371}
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]372#endif /* POLARSSL_FS_IO */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]373
374/*
375 * SHA-1 HMAC context setup
376 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]377void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keylen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]378{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]379 size_t i;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]380 unsigned char sum[20];
381
382 if( keylen > 64 )
383 {
384 sha1( key, keylen, sum );
385 keylen = 20;
386 key = sum;
387 }
388
389 memset( ctx->ipad, 0x36, 64 );
390 memset( ctx->opad, 0x5C, 64 );
391
392 for( i = 0; i < keylen; i++ )
393 {
394 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
395 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
396 }
397
398 sha1_starts( ctx );
399 sha1_update( ctx, ctx->ipad, 64 );
400
401 memset( sum, 0, sizeof( sum ) );
402}
403
404/*
405 * SHA-1 HMAC process buffer
406 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]407void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]408{
409 sha1_update( ctx, input, ilen );
410}
411
412/*
413 * SHA-1 HMAC final digest
414 */
415void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
416{
417 unsigned char tmpbuf[20];
418
419 sha1_finish( ctx, tmpbuf );
420 sha1_starts( ctx );
421 sha1_update( ctx, ctx->opad, 64 );
422 sha1_update( ctx, tmpbuf, 20 );
423 sha1_finish( ctx, output );
424
425 memset( tmpbuf, 0, sizeof( tmpbuf ) );
426}
427
428/*
Paul Bakker7d3b6612010-03-21 16:23:13 +0000[diff] [blame]429 * SHA1 HMAC context reset
430 */
431void sha1_hmac_reset( sha1_context *ctx )
432{
433 sha1_starts( ctx );
434 sha1_update( ctx, ctx->ipad, 64 );
435}
436
437/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]438 * output = HMAC-SHA-1( hmac key, input buffer )
439 */
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]440void sha1_hmac( const unsigned char *key, size_t keylen,
441 const unsigned char *input, size_t ilen,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]442 unsigned char output[20] )
443{
444 sha1_context ctx;
445
446 sha1_hmac_starts( &ctx, key, keylen );
447 sha1_hmac_update( &ctx, input, ilen );
448 sha1_hmac_finish( &ctx, output );
449
450 memset( &ctx, 0, sizeof( sha1_context ) );
451}
452
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]453#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]454/*
455 * FIPS-180-1 test vectors
456 */
457static unsigned char sha1_test_buf[3][57] =
458{
459 { "abc" },
460 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
461 { "" }
462};
463
464static const int sha1_test_buflen[3] =
465{
466 3, 56, 1000
467};
468
469static const unsigned char sha1_test_sum[3][20] =
470{
471 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
472 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
473 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
474 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
475 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
476 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
477};
478
479/*
480 * RFC 2202 test vectors
481 */
482static unsigned char sha1_hmac_test_key[7][26] =
483{
484 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
485 "\x0B\x0B\x0B\x0B" },
486 { "Jefe" },
487 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
488 "\xAA\xAA\xAA\xAA" },
489 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
490 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
491 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
492 "\x0C\x0C\x0C\x0C" },
493 { "" }, /* 0xAA 80 times */
494 { "" }
495};
496
497static const int sha1_hmac_test_keylen[7] =
498{
499 20, 4, 20, 25, 20, 80, 80
500};
501
502static unsigned char sha1_hmac_test_buf[7][74] =
503{
504 { "Hi There" },
505 { "what do ya want for nothing?" },
506 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
507 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
508 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
509 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
510 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
511 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
512 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
513 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
514 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
515 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
516 { "Test With Truncation" },
517 { "Test Using Larger Than Block-Size Key - Hash Key First" },
518 { "Test Using Larger Than Block-Size Key and Larger"
519 " Than One Block-Size Data" }
520};
521
522static const int sha1_hmac_test_buflen[7] =
523{
524 8, 28, 50, 50, 20, 54, 73
525};
526
527static const unsigned char sha1_hmac_test_sum[7][20] =
528{
529 { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
530 0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
531 { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
532 0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
533 { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
534 0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
535 { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
536 0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
537 { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
538 0x7B, 0xE1 },
539 { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
540 0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
541 { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
542 0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
543};
544
545/*
546 * Checkup routine
547 */
548int sha1_self_test( int verbose )
549{
550 int i, j, buflen;
551 unsigned char buf[1024];
552 unsigned char sha1sum[20];
553 sha1_context ctx;
554
555 /*
556 * SHA-1
557 */
558 for( i = 0; i < 3; i++ )
559 {
560 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]561 polarssl_printf( " SHA-1 test #%d: ", i + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]562
563 sha1_starts( &ctx );
564
565 if( i == 2 )
566 {
567 memset( buf, 'a', buflen = 1000 );
568
569 for( j = 0; j < 1000; j++ )
570 sha1_update( &ctx, buf, buflen );
571 }
572 else
573 sha1_update( &ctx, sha1_test_buf[i],
574 sha1_test_buflen[i] );
575
576 sha1_finish( &ctx, sha1sum );
577
578 if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
579 {
580 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]581 polarssl_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]582
583 return( 1 );
584 }
585
586 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]587 polarssl_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]588 }
589
590 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]591 polarssl_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]592
593 for( i = 0; i < 7; i++ )
594 {
595 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]596 polarssl_printf( " HMAC-SHA-1 test #%d: ", i + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]597
598 if( i == 5 || i == 6 )
599 {
600 memset( buf, '\xAA', buflen = 80 );
601 sha1_hmac_starts( &ctx, buf, buflen );
602 }
603 else
604 sha1_hmac_starts( &ctx, sha1_hmac_test_key[i],
605 sha1_hmac_test_keylen[i] );
606
607 sha1_hmac_update( &ctx, sha1_hmac_test_buf[i],
608 sha1_hmac_test_buflen[i] );
609
610 sha1_hmac_finish( &ctx, sha1sum );
611
612 buflen = ( i == 4 ) ? 12 : 20;
613
614 if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
615 {
616 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]617 polarssl_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]618
619 return( 1 );
620 }
621
622 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]623 polarssl_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]624 }
625
626 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]627 polarssl_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]628
629 return( 0 );
630}
631
632#endif
633
634#endif