Blame - library/sha1.c - mirror/mbed-tls - TrustedFirmware Git Browser

blob: c6851336ba657b7848a6628dd349eeed1bced0d1 [file] [log] [blame]

Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1	/*
				2	* FIPS-180-1 compliant SHA-1 implementation
				3	*
Paul Bakker	4087c47	2013-06-12 16:49:10 +0200	[diff] [blame]	4	* Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	5	*
				6	* This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker	84f12b7	2010-07-18 10:13:04 +0000	[diff] [blame]	7	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	8	*
Paul Bakker	77b385e	2009-07-28 17:23:11 +0000	[diff] [blame]	9	* All rights reserved.
Paul Bakker	e0ccd0a	2009-01-04 16:27:10 +0000	[diff] [blame]	10	*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	11	* This program is free software; you can redistribute it and/or modify
				12	* it under the terms of the GNU General Public License as published by
				13	* the Free Software Foundation; either version 2 of the License, or
				14	* (at your option) any later version.
				15	*
				16	* This program is distributed in the hope that it will be useful,
				17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				19	* GNU General Public License for more details.
				20	*
				21	* You should have received a copy of the GNU General Public License along
				22	* with this program; if not, write to the Free Software Foundation, Inc.,
				23	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				24	*/
				25	/*
				26	* The SHA-1 standard was published by NIST in 1993.
				27	*
				28	* http://www.itl.nist.gov/fipspubs/fip180-1.htm
				29	*/
				30
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	31	#include "polarssl/config.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	32
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	33	#if defined(POLARSSL_SHA1_C)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	34
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	35	#include "polarssl/sha1.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	36
Paul Bakker	335db3f	2011-04-25 15:28:35 +0000	[diff] [blame]	37	#if defined(POLARSSL_FS_IO) \|\| defined(POLARSSL_SELF_TEST)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	38	#include <stdio.h>
Paul Bakker	335db3f	2011-04-25 15:28:35 +0000	[diff] [blame]	39	#endif
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	40
Paul Bakker	312da33	2014-06-13 17:20:13 +0200	[diff] [blame^]	41	/* Implementation that should never be optimized out by the compiler */
				42	static void polarssl_zeroize( void *v, size_t n ) {
				43	volatile unsigned char p = v; while( n-- ) p++ = 0;
				44	}
				45
Paul Bakker	4087c47	2013-06-12 16:49:10 +0200	[diff] [blame]	46	#if !defined(POLARSSL_SHA1_ALT)
				47
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	48	/*
				49	* 32-bit integer manipulation macros (big endian)
				50	*/
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	51	#ifndef GET_UINT32_BE
				52	#define GET_UINT32_BE(n,b,i) \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	53	{ \
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	54	(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
				55	\| ( (uint32_t) (b)[(i) + 1] << 16 ) \
				56	\| ( (uint32_t) (b)[(i) + 2] << 8 ) \
				57	\| ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	58	}
				59	#endif
				60
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	61	#ifndef PUT_UINT32_BE
				62	#define PUT_UINT32_BE(n,b,i) \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	63	{ \
				64	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
				65	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
				66	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
				67	(b)[(i) + 3] = (unsigned char) ( (n) ); \
				68	}
				69	#endif
				70
				71	/*
				72	* SHA-1 context setup
				73	*/
				74	void sha1_starts( sha1_context *ctx )
				75	{
				76	ctx->total[0] = 0;
				77	ctx->total[1] = 0;
				78
				79	ctx->state[0] = 0x67452301;
				80	ctx->state[1] = 0xEFCDAB89;
				81	ctx->state[2] = 0x98BADCFE;
				82	ctx->state[3] = 0x10325476;
				83	ctx->state[4] = 0xC3D2E1F0;
				84	}
				85
Paul Bakker	e47b34b	2013-02-27 14:48:00 +0100	[diff] [blame]	86	void sha1_process( sha1_context *ctx, const unsigned char data[64] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	87	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	88	uint32_t temp, W[16], A, B, C, D, E;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	89
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	90	GET_UINT32_BE( W[ 0], data, 0 );
				91	GET_UINT32_BE( W[ 1], data, 4 );
				92	GET_UINT32_BE( W[ 2], data, 8 );
				93	GET_UINT32_BE( W[ 3], data, 12 );
				94	GET_UINT32_BE( W[ 4], data, 16 );
				95	GET_UINT32_BE( W[ 5], data, 20 );
				96	GET_UINT32_BE( W[ 6], data, 24 );
				97	GET_UINT32_BE( W[ 7], data, 28 );
				98	GET_UINT32_BE( W[ 8], data, 32 );
				99	GET_UINT32_BE( W[ 9], data, 36 );
				100	GET_UINT32_BE( W[10], data, 40 );
				101	GET_UINT32_BE( W[11], data, 44 );
				102	GET_UINT32_BE( W[12], data, 48 );
				103	GET_UINT32_BE( W[13], data, 52 );
				104	GET_UINT32_BE( W[14], data, 56 );
				105	GET_UINT32_BE( W[15], data, 60 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	106
				107	#define S(x,n) ((x << n) \| ((x & 0xFFFFFFFF) >> (32 - n)))
				108
				109	#define R(t) \
				110	( \
				111	temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
				112	W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
				113	( W[t & 0x0F] = S(temp,1) ) \
				114	)
				115
				116	#define P(a,b,c,d,e,x) \
				117	{ \
				118	e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
				119	}
				120
				121	A = ctx->state[0];
				122	B = ctx->state[1];
				123	C = ctx->state[2];
				124	D = ctx->state[3];
				125	E = ctx->state[4];
				126
				127	#define F(x,y,z) (z ^ (x & (y ^ z)))
				128	#define K 0x5A827999
				129
				130	P( A, B, C, D, E, W[0] );
				131	P( E, A, B, C, D, W[1] );
				132	P( D, E, A, B, C, W[2] );
				133	P( C, D, E, A, B, W[3] );
				134	P( B, C, D, E, A, W[4] );
				135	P( A, B, C, D, E, W[5] );
				136	P( E, A, B, C, D, W[6] );
				137	P( D, E, A, B, C, W[7] );
				138	P( C, D, E, A, B, W[8] );
				139	P( B, C, D, E, A, W[9] );
				140	P( A, B, C, D, E, W[10] );
				141	P( E, A, B, C, D, W[11] );
				142	P( D, E, A, B, C, W[12] );
				143	P( C, D, E, A, B, W[13] );
				144	P( B, C, D, E, A, W[14] );
				145	P( A, B, C, D, E, W[15] );
				146	P( E, A, B, C, D, R(16) );
				147	P( D, E, A, B, C, R(17) );
				148	P( C, D, E, A, B, R(18) );
				149	P( B, C, D, E, A, R(19) );
				150
				151	#undef K
				152	#undef F
				153
				154	#define F(x,y,z) (x ^ y ^ z)
				155	#define K 0x6ED9EBA1
				156
				157	P( A, B, C, D, E, R(20) );
				158	P( E, A, B, C, D, R(21) );
				159	P( D, E, A, B, C, R(22) );
				160	P( C, D, E, A, B, R(23) );
				161	P( B, C, D, E, A, R(24) );
				162	P( A, B, C, D, E, R(25) );
				163	P( E, A, B, C, D, R(26) );
				164	P( D, E, A, B, C, R(27) );
				165	P( C, D, E, A, B, R(28) );
				166	P( B, C, D, E, A, R(29) );
				167	P( A, B, C, D, E, R(30) );
				168	P( E, A, B, C, D, R(31) );
				169	P( D, E, A, B, C, R(32) );
				170	P( C, D, E, A, B, R(33) );
				171	P( B, C, D, E, A, R(34) );
				172	P( A, B, C, D, E, R(35) );
				173	P( E, A, B, C, D, R(36) );
				174	P( D, E, A, B, C, R(37) );
				175	P( C, D, E, A, B, R(38) );
				176	P( B, C, D, E, A, R(39) );
				177
				178	#undef K
				179	#undef F
				180
				181	#define F(x,y,z) ((x & y) \| (z & (x \| y)))
				182	#define K 0x8F1BBCDC
				183
				184	P( A, B, C, D, E, R(40) );
				185	P( E, A, B, C, D, R(41) );
				186	P( D, E, A, B, C, R(42) );
				187	P( C, D, E, A, B, R(43) );
				188	P( B, C, D, E, A, R(44) );
				189	P( A, B, C, D, E, R(45) );
				190	P( E, A, B, C, D, R(46) );
				191	P( D, E, A, B, C, R(47) );
				192	P( C, D, E, A, B, R(48) );
				193	P( B, C, D, E, A, R(49) );
				194	P( A, B, C, D, E, R(50) );
				195	P( E, A, B, C, D, R(51) );
				196	P( D, E, A, B, C, R(52) );
				197	P( C, D, E, A, B, R(53) );
				198	P( B, C, D, E, A, R(54) );
				199	P( A, B, C, D, E, R(55) );
				200	P( E, A, B, C, D, R(56) );
				201	P( D, E, A, B, C, R(57) );
				202	P( C, D, E, A, B, R(58) );
				203	P( B, C, D, E, A, R(59) );
				204
				205	#undef K
				206	#undef F
				207
				208	#define F(x,y,z) (x ^ y ^ z)
				209	#define K 0xCA62C1D6
				210
				211	P( A, B, C, D, E, R(60) );
				212	P( E, A, B, C, D, R(61) );
				213	P( D, E, A, B, C, R(62) );
				214	P( C, D, E, A, B, R(63) );
				215	P( B, C, D, E, A, R(64) );
				216	P( A, B, C, D, E, R(65) );
				217	P( E, A, B, C, D, R(66) );
				218	P( D, E, A, B, C, R(67) );
				219	P( C, D, E, A, B, R(68) );
				220	P( B, C, D, E, A, R(69) );
				221	P( A, B, C, D, E, R(70) );
				222	P( E, A, B, C, D, R(71) );
				223	P( D, E, A, B, C, R(72) );
				224	P( C, D, E, A, B, R(73) );
				225	P( B, C, D, E, A, R(74) );
				226	P( A, B, C, D, E, R(75) );
				227	P( E, A, B, C, D, R(76) );
				228	P( D, E, A, B, C, R(77) );
				229	P( C, D, E, A, B, R(78) );
				230	P( B, C, D, E, A, R(79) );
				231
				232	#undef K
				233	#undef F
				234
				235	ctx->state[0] += A;
				236	ctx->state[1] += B;
				237	ctx->state[2] += C;
				238	ctx->state[3] += D;
				239	ctx->state[4] += E;
				240	}
				241
				242	/*
				243	* SHA-1 process buffer
				244	*/
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	245	void sha1_update( sha1_context ctx, const unsigned char input, size_t ilen )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	246	{
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	247	size_t fill;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	248	uint32_t left;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	249
				250	if( ilen <= 0 )
				251	return;
				252
				253	left = ctx->total[0] & 0x3F;
				254	fill = 64 - left;
				255
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	256	ctx->total[0] += (uint32_t) ilen;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	257	ctx->total[0] &= 0xFFFFFFFF;
				258
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	259	if( ctx->total[0] < (uint32_t) ilen )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	260	ctx->total[1]++;
				261
				262	if( left && ilen >= fill )
				263	{
Paul Bakker	eae09db	2013-06-06 12:35:54 +0200	[diff] [blame]	264	memcpy( (void *) (ctx->buffer + left), input, fill );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	265	sha1_process( ctx, ctx->buffer );
				266	input += fill;
				267	ilen -= fill;
				268	left = 0;
				269	}
				270
				271	while( ilen >= 64 )
				272	{
				273	sha1_process( ctx, input );
				274	input += 64;
				275	ilen -= 64;
				276	}
				277
				278	if( ilen > 0 )
Paul Bakker	eae09db	2013-06-06 12:35:54 +0200	[diff] [blame]	279	memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	280	}
				281
				282	static const unsigned char sha1_padding[64] =
				283	{
				284	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
				285	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
				286	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
				287	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
				288	};
				289
				290	/*
				291	* SHA-1 final digest
				292	*/
				293	void sha1_finish( sha1_context *ctx, unsigned char output[20] )
				294	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	295	uint32_t last, padn;
				296	uint32_t high, low;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	297	unsigned char msglen[8];
				298
				299	high = ( ctx->total[0] >> 29 )
				300	\| ( ctx->total[1] << 3 );
				301	low = ( ctx->total[0] << 3 );
				302
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	303	PUT_UINT32_BE( high, msglen, 0 );
				304	PUT_UINT32_BE( low, msglen, 4 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	305
				306	last = ctx->total[0] & 0x3F;
				307	padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
				308
Paul Bakker	eae09db	2013-06-06 12:35:54 +0200	[diff] [blame]	309	sha1_update( ctx, sha1_padding, padn );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	310	sha1_update( ctx, msglen, 8 );
				311
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	312	PUT_UINT32_BE( ctx->state[0], output, 0 );
				313	PUT_UINT32_BE( ctx->state[1], output, 4 );
				314	PUT_UINT32_BE( ctx->state[2], output, 8 );
				315	PUT_UINT32_BE( ctx->state[3], output, 12 );
				316	PUT_UINT32_BE( ctx->state[4], output, 16 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	317	}
				318
Paul Bakker	4087c47	2013-06-12 16:49:10 +0200	[diff] [blame]	319	#endif /* !POLARSSL_SHA1_ALT */
				320
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	321	/*
				322	* output = SHA-1( input buffer )
				323	*/
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	324	void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	325	{
				326	sha1_context ctx;
				327
				328	sha1_starts( &ctx );
				329	sha1_update( &ctx, input, ilen );
				330	sha1_finish( &ctx, output );
				331
Paul Bakker	312da33	2014-06-13 17:20:13 +0200	[diff] [blame^]	332	polarssl_zeroize( &ctx, sizeof( sha1_context ) );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	333	}
				334
Paul Bakker	335db3f	2011-04-25 15:28:35 +0000	[diff] [blame]	335	#if defined(POLARSSL_FS_IO)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	336	/*
				337	* output = SHA-1( file contents )
				338	*/
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	339	int sha1_file( const char *path, unsigned char output[20] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	340	{
				341	FILE *f;
				342	size_t n;
				343	sha1_context ctx;
				344	unsigned char buf[1024];
				345
				346	if( ( f = fopen( path, "rb" ) ) == NULL )
Paul Bakker	69e095c	2011-12-10 21:55:01 +0000	[diff] [blame]	347	return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	348
				349	sha1_starts( &ctx );
				350
				351	while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
Paul Bakker	27fdf46	2011-06-09 13:55:13 +0000	[diff] [blame]	352	sha1_update( &ctx, buf, n );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	353
				354	sha1_finish( &ctx, output );
				355
Paul Bakker	312da33	2014-06-13 17:20:13 +0200	[diff] [blame^]	356	polarssl_zeroize( &ctx, sizeof( sha1_context ) );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	357
				358	if( ferror( f ) != 0 )
				359	{
				360	fclose( f );
Paul Bakker	69e095c	2011-12-10 21:55:01 +0000	[diff] [blame]	361	return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	362	}
				363
				364	fclose( f );
				365	return( 0 );
				366	}
Paul Bakker	335db3f	2011-04-25 15:28:35 +0000	[diff] [blame]	367	#endif /* POLARSSL_FS_IO */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	368
				369	/*
				370	* SHA-1 HMAC context setup
				371	*/
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	372	void sha1_hmac_starts( sha1_context ctx, const unsigned char key, size_t keylen )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	373	{
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	374	size_t i;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	375	unsigned char sum[20];
				376
				377	if( keylen > 64 )
				378	{
				379	sha1( key, keylen, sum );
				380	keylen = 20;
				381	key = sum;
				382	}
				383
				384	memset( ctx->ipad, 0x36, 64 );
				385	memset( ctx->opad, 0x5C, 64 );
				386
				387	for( i = 0; i < keylen; i++ )
				388	{
				389	ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
				390	ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
				391	}
				392
				393	sha1_starts( ctx );
				394	sha1_update( ctx, ctx->ipad, 64 );
				395
Paul Bakker	312da33	2014-06-13 17:20:13 +0200	[diff] [blame^]	396	polarssl_zeroize( sum, sizeof( sum ) );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	397	}
				398
				399	/*
				400	* SHA-1 HMAC process buffer
				401	*/
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	402	void sha1_hmac_update( sha1_context ctx, const unsigned char input, size_t ilen )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	403	{
				404	sha1_update( ctx, input, ilen );
				405	}
				406
				407	/*
				408	* SHA-1 HMAC final digest
				409	*/
				410	void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
				411	{
				412	unsigned char tmpbuf[20];
				413
				414	sha1_finish( ctx, tmpbuf );
				415	sha1_starts( ctx );
				416	sha1_update( ctx, ctx->opad, 64 );
				417	sha1_update( ctx, tmpbuf, 20 );
				418	sha1_finish( ctx, output );
				419
Paul Bakker	312da33	2014-06-13 17:20:13 +0200	[diff] [blame^]	420	polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	421	}
				422
				423	/*
Paul Bakker	7d3b661	2010-03-21 16:23:13 +0000	[diff] [blame]	424	* SHA1 HMAC context reset
				425	*/
				426	void sha1_hmac_reset( sha1_context *ctx )
				427	{
				428	sha1_starts( ctx );
				429	sha1_update( ctx, ctx->ipad, 64 );
				430	}
				431
				432	/*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	433	* output = HMAC-SHA-1( hmac key, input buffer )
				434	*/
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	435	void sha1_hmac( const unsigned char *key, size_t keylen,
				436	const unsigned char *input, size_t ilen,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	437	unsigned char output[20] )
				438	{
				439	sha1_context ctx;
				440
				441	sha1_hmac_starts( &ctx, key, keylen );
				442	sha1_hmac_update( &ctx, input, ilen );
				443	sha1_hmac_finish( &ctx, output );
				444
Paul Bakker	312da33	2014-06-13 17:20:13 +0200	[diff] [blame^]	445	polarssl_zeroize( &ctx, sizeof( sha1_context ) );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	446	}
				447
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	448	#if defined(POLARSSL_SELF_TEST)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	449	/*
				450	* FIPS-180-1 test vectors
				451	*/
				452	static unsigned char sha1_test_buf[3][57] =
				453	{
				454	{ "abc" },
				455	{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
				456	{ "" }
				457	};
				458
				459	static const int sha1_test_buflen[3] =
				460	{
				461	3, 56, 1000
				462	};
				463
				464	static const unsigned char sha1_test_sum[3][20] =
				465	{
				466	{ 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
				467	0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
				468	{ 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
				469	0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
				470	{ 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
				471	0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
				472	};
				473
				474	/*
				475	* RFC 2202 test vectors
				476	*/
				477	static unsigned char sha1_hmac_test_key[7][26] =
				478	{
				479	{ "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
				480	"\x0B\x0B\x0B\x0B" },
				481	{ "Jefe" },
				482	{ "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
				483	"\xAA\xAA\xAA\xAA" },
				484	{ "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
				485	"\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
				486	{ "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
				487	"\x0C\x0C\x0C\x0C" },
				488	{ "" }, /* 0xAA 80 times */
				489	{ "" }
				490	};
				491
				492	static const int sha1_hmac_test_keylen[7] =
				493	{
				494	20, 4, 20, 25, 20, 80, 80
				495	};
				496
				497	static unsigned char sha1_hmac_test_buf[7][74] =
				498	{
				499	{ "Hi There" },
				500	{ "what do ya want for nothing?" },
				501	{ "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
				502	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
				503	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
				504	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
				505	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
				506	{ "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
				507	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
				508	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
				509	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
				510	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
				511	{ "Test With Truncation" },
				512	{ "Test Using Larger Than Block-Size Key - Hash Key First" },
				513	{ "Test Using Larger Than Block-Size Key and Larger"
				514	" Than One Block-Size Data" }
				515	};
				516
				517	static const int sha1_hmac_test_buflen[7] =
				518	{
				519	8, 28, 50, 50, 20, 54, 73
				520	};
				521
				522	static const unsigned char sha1_hmac_test_sum[7][20] =
				523	{
				524	{ 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
				525	0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
				526	{ 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
				527	0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
				528	{ 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
				529	0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
				530	{ 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
				531	0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
				532	{ 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
				533	0x7B, 0xE1 },
				534	{ 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
				535	0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
				536	{ 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
				537	0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
				538	};
				539
				540	/*
				541	* Checkup routine
				542	*/
				543	int sha1_self_test( int verbose )
				544	{
				545	int i, j, buflen;
				546	unsigned char buf[1024];
				547	unsigned char sha1sum[20];
				548	sha1_context ctx;
				549
				550	/*
				551	* SHA-1
				552	*/
				553	for( i = 0; i < 3; i++ )
				554	{
				555	if( verbose != 0 )
				556	printf( " SHA-1 test #%d: ", i + 1 );
				557
				558	sha1_starts( &ctx );
				559
				560	if( i == 2 )
				561	{
				562	memset( buf, 'a', buflen = 1000 );
				563
				564	for( j = 0; j < 1000; j++ )
				565	sha1_update( &ctx, buf, buflen );
				566	}
				567	else
				568	sha1_update( &ctx, sha1_test_buf[i],
				569	sha1_test_buflen[i] );
				570
				571	sha1_finish( &ctx, sha1sum );
				572
				573	if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
				574	{
				575	if( verbose != 0 )
				576	printf( "failed\n" );
				577
				578	return( 1 );
				579	}
				580
				581	if( verbose != 0 )
				582	printf( "passed\n" );
				583	}
				584
				585	if( verbose != 0 )
				586	printf( "\n" );
				587
				588	for( i = 0; i < 7; i++ )
				589	{
				590	if( verbose != 0 )
				591	printf( " HMAC-SHA-1 test #%d: ", i + 1 );
				592
				593	if( i == 5 \|\| i == 6 )
				594	{
				595	memset( buf, '\xAA', buflen = 80 );
				596	sha1_hmac_starts( &ctx, buf, buflen );
				597	}
				598	else
				599	sha1_hmac_starts( &ctx, sha1_hmac_test_key[i],
				600	sha1_hmac_test_keylen[i] );
				601
				602	sha1_hmac_update( &ctx, sha1_hmac_test_buf[i],
				603	sha1_hmac_test_buflen[i] );
				604
				605	sha1_hmac_finish( &ctx, sha1sum );
				606
				607	buflen = ( i == 4 ) ? 12 : 20;
				608
				609	if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
				610	{
				611	if( verbose != 0 )
				612	printf( "failed\n" );
				613
				614	return( 1 );
				615	}
				616
				617	if( verbose != 0 )
				618	printf( "passed\n" );
				619	}
				620
				621	if( verbose != 0 )
				622	printf( "\n" );
				623
				624	return( 0 );
				625	}
				626
				627	#endif
				628
				629	#endif