[proxmark3-svn] / common / sha1.c

/*
 *  FIPS-180-1 compliant SHA-1 implementation
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
 *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
/*
 *  The SHA-1 standard was published by NIST in 1993.
 *
 *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
 */

#if !defined(POLARSSL_CONFIG_FILE)
//#include "polarssl/config.h"
#define POLARSSL_SHA1_C

#else
#include POLARSSL_CONFIG_FILE
#endif

#if defined(POLARSSL_SHA1_C)

#include "sha1.h"

#include <string.h>

#if defined(POLARSSL_FS_IO)
#include <stdio.h>
#endif

#if defined(POLARSSL_SELF_TEST)
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#include <stdio.h>
#define polarssl_printf printf
#endif /* POLARSSL_PLATFORM_C */
#endif /* POLARSSL_SELF_TEST */

/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}

#if !defined(POLARSSL_SHA1_ALT)

/*
 * 32-bit integer manipulation macros (big endian)
 */
#ifndef GET_UINT32_BE
#define GET_UINT32_BE(n,b,i)                            \
{                                                       \
    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
        | ( (uint32_t) (b)[(i) + 3]       );            \
}
#endif

#ifndef PUT_UINT32_BE
#define PUT_UINT32_BE(n,b,i)                            \
{                                                       \
    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
}
#endif

void sha1_init( sha1_context *ctx )
{
    memset( ctx, 0, sizeof( sha1_context ) );
}

void sha1_free( sha1_context *ctx )
{
    if( ctx == NULL )
        return;

    polarssl_zeroize( ctx, sizeof( sha1_context ) );
}

/*
 * SHA-1 context setup
 */
void sha1_starts( sha1_context *ctx )
{
    ctx->total[0] = 0;
    ctx->total[1] = 0;

    ctx->state[0] = 0x67452301;
    ctx->state[1] = 0xEFCDAB89;
    ctx->state[2] = 0x98BADCFE;
    ctx->state[3] = 0x10325476;
    ctx->state[4] = 0xC3D2E1F0;
}

void sha1_process( sha1_context *ctx, const unsigned char data[64] )
{
    uint32_t temp, W[16], A, B, C, D, E;

    GET_UINT32_BE( W[ 0], data,  0 );
    GET_UINT32_BE( W[ 1], data,  4 );
    GET_UINT32_BE( W[ 2], data,  8 );
    GET_UINT32_BE( W[ 3], data, 12 );
    GET_UINT32_BE( W[ 4], data, 16 );
    GET_UINT32_BE( W[ 5], data, 20 );
    GET_UINT32_BE( W[ 6], data, 24 );
    GET_UINT32_BE( W[ 7], data, 28 );
    GET_UINT32_BE( W[ 8], data, 32 );
    GET_UINT32_BE( W[ 9], data, 36 );
    GET_UINT32_BE( W[10], data, 40 );
    GET_UINT32_BE( W[11], data, 44 );
    GET_UINT32_BE( W[12], data, 48 );
    GET_UINT32_BE( W[13], data, 52 );
    GET_UINT32_BE( W[14], data, 56 );
    GET_UINT32_BE( W[15], data, 60 );

#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))

#define R(t)                                            \
(                                                       \
    temp = W[( t -  3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \
           W[( t - 14 ) & 0x0F] ^ W[  t       & 0x0F],  \
    ( W[t & 0x0F] = S(temp,1) )                         \
)

#define P(a,b,c,d,e,x)                                  \
{                                                       \
    e += S(a,5) + F(b,c,d) + K + x; b = S(b,30);        \
}

    A = ctx->state[0];
    B = ctx->state[1];
    C = ctx->state[2];
    D = ctx->state[3];
    E = ctx->state[4];

#define F(x,y,z) (z ^ (x & (y ^ z)))
#define K 0x5A827999

    P( A, B, C, D, E, W[0]  );
    P( E, A, B, C, D, W[1]  );
    P( D, E, A, B, C, W[2]  );
    P( C, D, E, A, B, W[3]  );
    P( B, C, D, E, A, W[4]  );
    P( A, B, C, D, E, W[5]  );
    P( E, A, B, C, D, W[6]  );
    P( D, E, A, B, C, W[7]  );
    P( C, D, E, A, B, W[8]  );
    P( B, C, D, E, A, W[9]  );
    P( A, B, C, D, E, W[10] );
    P( E, A, B, C, D, W[11] );
    P( D, E, A, B, C, W[12] );
    P( C, D, E, A, B, W[13] );
    P( B, C, D, E, A, W[14] );
    P( A, B, C, D, E, W[15] );
    P( E, A, B, C, D, R(16) );
    P( D, E, A, B, C, R(17) );
    P( C, D, E, A, B, R(18) );
    P( B, C, D, E, A, R(19) );

#undef K
#undef F

#define F(x,y,z) (x ^ y ^ z)
#define K 0x6ED9EBA1

    P( A, B, C, D, E, R(20) );
    P( E, A, B, C, D, R(21) );
    P( D, E, A, B, C, R(22) );
    P( C, D, E, A, B, R(23) );
    P( B, C, D, E, A, R(24) );
    P( A, B, C, D, E, R(25) );
    P( E, A, B, C, D, R(26) );
    P( D, E, A, B, C, R(27) );
    P( C, D, E, A, B, R(28) );
    P( B, C, D, E, A, R(29) );
    P( A, B, C, D, E, R(30) );
    P( E, A, B, C, D, R(31) );
    P( D, E, A, B, C, R(32) );
    P( C, D, E, A, B, R(33) );
    P( B, C, D, E, A, R(34) );
    P( A, B, C, D, E, R(35) );
    P( E, A, B, C, D, R(36) );
    P( D, E, A, B, C, R(37) );
    P( C, D, E, A, B, R(38) );
    P( B, C, D, E, A, R(39) );

#undef K
#undef F

#define F(x,y,z) ((x & y) | (z & (x | y)))
#define K 0x8F1BBCDC

    P( A, B, C, D, E, R(40) );
    P( E, A, B, C, D, R(41) );
    P( D, E, A, B, C, R(42) );
    P( C, D, E, A, B, R(43) );
    P( B, C, D, E, A, R(44) );
    P( A, B, C, D, E, R(45) );
    P( E, A, B, C, D, R(46) );
    P( D, E, A, B, C, R(47) );
    P( C, D, E, A, B, R(48) );
    P( B, C, D, E, A, R(49) );
    P( A, B, C, D, E, R(50) );
    P( E, A, B, C, D, R(51) );
    P( D, E, A, B, C, R(52) );
    P( C, D, E, A, B, R(53) );
    P( B, C, D, E, A, R(54) );
    P( A, B, C, D, E, R(55) );
    P( E, A, B, C, D, R(56) );
    P( D, E, A, B, C, R(57) );
    P( C, D, E, A, B, R(58) );
    P( B, C, D, E, A, R(59) );

#undef K
#undef F

#define F(x,y,z) (x ^ y ^ z)
#define K 0xCA62C1D6

    P( A, B, C, D, E, R(60) );
    P( E, A, B, C, D, R(61) );
    P( D, E, A, B, C, R(62) );
    P( C, D, E, A, B, R(63) );
    P( B, C, D, E, A, R(64) );
    P( A, B, C, D, E, R(65) );
    P( E, A, B, C, D, R(66) );
    P( D, E, A, B, C, R(67) );
    P( C, D, E, A, B, R(68) );
    P( B, C, D, E, A, R(69) );
    P( A, B, C, D, E, R(70) );
    P( E, A, B, C, D, R(71) );
    P( D, E, A, B, C, R(72) );
    P( C, D, E, A, B, R(73) );
    P( B, C, D, E, A, R(74) );
    P( A, B, C, D, E, R(75) );
    P( E, A, B, C, D, R(76) );
    P( D, E, A, B, C, R(77) );
    P( C, D, E, A, B, R(78) );
    P( B, C, D, E, A, R(79) );

#undef K
#undef F

    ctx->state[0] += A;
    ctx->state[1] += B;
    ctx->state[2] += C;
    ctx->state[3] += D;
    ctx->state[4] += E;
}

/*
 * SHA-1 process buffer
 */
void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
{
    size_t fill;
    uint32_t left;

    if( ilen == 0 )
        return;

    left = ctx->total[0] & 0x3F;
    fill = 64 - left;

    ctx->total[0] += (uint32_t) ilen;
    ctx->total[0] &= 0xFFFFFFFF;

    if( ctx->total[0] < (uint32_t) ilen )
        ctx->total[1]++;

    if( left && ilen >= fill )
    {
        memcpy( (void *) (ctx->buffer + left), input, fill );
        sha1_process( ctx, ctx->buffer );
        input += fill;
        ilen  -= fill;
        left = 0;
    }

    while( ilen >= 64 )
    {
        sha1_process( ctx, input );
        input += 64;
        ilen  -= 64;
    }

    if( ilen > 0 )
        memcpy( (void *) (ctx->buffer + left), input, ilen );
}

static const unsigned char sha1_padding[64] =
{
 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};

/*
 * SHA-1 final digest
 */
void sha1_finish( sha1_context *ctx, unsigned char output[20] )
{
    uint32_t last, padn;
    uint32_t high, low;
    unsigned char msglen[8];

    high = ( ctx->total[0] >> 29 )
         | ( ctx->total[1] <<  3 );
    low  = ( ctx->total[0] <<  3 );

    PUT_UINT32_BE( high, msglen, 0 );
    PUT_UINT32_BE( low,  msglen, 4 );

    last = ctx->total[0] & 0x3F;
    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );

    sha1_update( ctx, sha1_padding, padn );
    sha1_update( ctx, msglen, 8 );

    PUT_UINT32_BE( ctx->state[0], output,  0 );
    PUT_UINT32_BE( ctx->state[1], output,  4 );
    PUT_UINT32_BE( ctx->state[2], output,  8 );
    PUT_UINT32_BE( ctx->state[3], output, 12 );
    PUT_UINT32_BE( ctx->state[4], output, 16 );
}

#endif /* !POLARSSL_SHA1_ALT */

/*
 * output = SHA-1( input buffer )
 */
void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
{
    sha1_context ctx;

    sha1_init( &ctx );
    sha1_starts( &ctx );
    sha1_update( &ctx, input, ilen );
    sha1_finish( &ctx, output );
    sha1_free( &ctx );
}

#if defined(POLARSSL_FS_IO)
/*
 * output = SHA-1( file contents )
 */
int sha1_file( const char *path, unsigned char output[20] )
{
    FILE *f;
    size_t n;
    sha1_context ctx;
    unsigned char buf[1024];

    if( ( f = fopen( path, "rb" ) ) == NULL )
        return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );

    sha1_init( &ctx );
    sha1_starts( &ctx );

    while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
        sha1_update( &ctx, buf, n );

    sha1_finish( &ctx, output );
    sha1_free( &ctx );

    if( ferror( f ) != 0 )
    {
        fclose( f );
        return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
    }

    fclose( f );
    return( 0 );
}
#endif /* POLARSSL_FS_IO */

/*
 * SHA-1 HMAC context setup
 */
void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key,
                       size_t keylen )
{
    size_t i;
    unsigned char sum[20];

    if( keylen > 64 )
    {
        sha1( key, keylen, sum );
        keylen = 20;
        key = sum;
    }

    memset( ctx->ipad, 0x36, 64 );
    memset( ctx->opad, 0x5C, 64 );

    for( i = 0; i < keylen; i++ )
    {
        ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
        ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
    }

    sha1_starts( ctx );
    sha1_update( ctx, ctx->ipad, 64 );

    polarssl_zeroize( sum, sizeof( sum ) );
}

/*
 * SHA-1 HMAC process buffer
 */
void sha1_hmac_update( sha1_context *ctx, const unsigned char *input,
                       size_t ilen )
{
    sha1_update( ctx, input, ilen );
}

/*
 * SHA-1 HMAC final digest
 */
void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
{
    unsigned char tmpbuf[20];

    sha1_finish( ctx, tmpbuf );
    sha1_starts( ctx );
    sha1_update( ctx, ctx->opad, 64 );
    sha1_update( ctx, tmpbuf, 20 );
    sha1_finish( ctx, output );

    polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
}

/*
 * SHA1 HMAC context reset
 */
void sha1_hmac_reset( sha1_context *ctx )
{
    sha1_starts( ctx );
    sha1_update( ctx, ctx->ipad, 64 );
}

/*
 * output = HMAC-SHA-1( hmac key, input buffer )
 */
void sha1_hmac( const unsigned char *key, size_t keylen,
                const unsigned char *input, size_t ilen,
                unsigned char output[20] )
{
    sha1_context ctx;

    sha1_init( &ctx );
    sha1_hmac_starts( &ctx, key, keylen );
    sha1_hmac_update( &ctx, input, ilen );
    sha1_hmac_finish( &ctx, output );
    sha1_free( &ctx );
}

#if defined(POLARSSL_SELF_TEST)
/*
 * FIPS-180-1 test vectors
 */
static const unsigned char sha1_test_buf[3][57] =
{
    { "abc" },
    { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
    { "" }
};

static const int sha1_test_buflen[3] =
{
    3, 56, 1000
};

static const unsigned char sha1_test_sum[3][20] =
{
    { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
      0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
    { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
      0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
    { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
      0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
};

/*
 * RFC 2202 test vectors
 */
static const unsigned char sha1_hmac_test_key[7][26] =
{
    { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
      "\x0B\x0B\x0B\x0B" },
    { "Jefe" },
    { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
      "\xAA\xAA\xAA\xAA" },
    { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
      "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
    { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
      "\x0C\x0C\x0C\x0C" },
    { "" }, /* 0xAA 80 times */
    { "" }
};

static const int sha1_hmac_test_keylen[7] =
{
    20, 4, 20, 25, 20, 80, 80
};

static const unsigned char sha1_hmac_test_buf[7][74] =
{
    { "Hi There" },
    { "what do ya want for nothing?" },
    { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
      "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
      "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
      "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
      "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
    { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
      "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
      "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
      "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
      "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
    { "Test With Truncation" },
    { "Test Using Larger Than Block-Size Key - Hash Key First" },
    { "Test Using Larger Than Block-Size Key and Larger"
      " Than One Block-Size Data" }
};

static const int sha1_hmac_test_buflen[7] =
{
    8, 28, 50, 50, 20, 54, 73
};

static const unsigned char sha1_hmac_test_sum[7][20] =
{
    { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
      0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
    { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
      0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
    { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
      0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
    { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
      0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
    { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
      0x7B, 0xE1 },
    { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
      0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
    { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
      0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
};

/*
 * Checkup routine
 */
int sha1_self_test( int verbose )
{
    int i, j, buflen, ret = 0;
    unsigned char buf[1024];
    unsigned char sha1sum[20];
    sha1_context ctx;

    sha1_init( &ctx );

    /*
     * SHA-1
     */
    for( i = 0; i < 3; i++ )
    {
        if( verbose != 0 )
            polarssl_printf( "  SHA-1 test #%d: ", i + 1 );

        sha1_starts( &ctx );

        if( i == 2 )
        {
            memset( buf, 'a', buflen = 1000 );

            for( j = 0; j < 1000; j++ )
                sha1_update( &ctx, buf, buflen );
        }
        else
            sha1_update( &ctx, sha1_test_buf[i],
                               sha1_test_buflen[i] );

        sha1_finish( &ctx, sha1sum );

        if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
        {
            if( verbose != 0 )
                polarssl_printf( "failed\n" );

            ret = 1;
            goto exit;
        }

        if( verbose != 0 )
            polarssl_printf( "passed\n" );
    }

    if( verbose != 0 )
        polarssl_printf( "\n" );

    for( i = 0; i < 7; i++ )
    {
        if( verbose != 0 )
            polarssl_printf( "  HMAC-SHA-1 test #%d: ", i + 1 );

        if( i == 5 || i == 6 )
        {
            memset( buf, 0xAA, buflen = 80 );
            sha1_hmac_starts( &ctx, buf, buflen );
        }
        else
            sha1_hmac_starts( &ctx, sha1_hmac_test_key[i],
                                    sha1_hmac_test_keylen[i] );

        sha1_hmac_update( &ctx, sha1_hmac_test_buf[i],
                                sha1_hmac_test_buflen[i] );

        sha1_hmac_finish( &ctx, sha1sum );

        buflen = ( i == 4 ) ? 12 : 20;

        if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
        {
            if( verbose != 0 )
                polarssl_printf( "failed\n" );

            ret = 1;
            goto exit;
        }

        if( verbose != 0 )
            polarssl_printf( "passed\n" );
    }

    if( verbose != 0 )
        polarssl_printf( "\n" );

exit:
    sha1_free( &ctx );

    return( ret );
}

#endif /* POLARSSL_SELF_TEST */

#endif /* POLARSSL_SHA1_C */
Commit	Line	Data
ea75b30c	1	/*
	2	* FIPS-180-1 compliant SHA-1 implementation
	3	*
	4	* Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
	5	*
	6	* This file is part of mbed TLS (https://tls.mbed.org)
	7	*
	8	* This program is free software; you can redistribute it and/or modify
	9	* it under the terms of the GNU General Public License as published by
	10	* the Free Software Foundation; either version 2 of the License, or
	11	* (at your option) any later version.
	12	*
	13	* This program is distributed in the hope that it will be useful,
	14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	16	* GNU General Public License for more details.
	17	*
	18	* You should have received a copy of the GNU General Public License along
	19	* with this program; if not, write to the Free Software Foundation, Inc.,
	20	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	21	*/
	22	/*
	23	* The SHA-1 standard was published by NIST in 1993.
	24	*
	25	* http://www.itl.nist.gov/fipspubs/fip180-1.htm
	26	*/
	27
	28	#if !defined(POLARSSL_CONFIG_FILE)
	29	//#include "polarssl/config.h"
	30	#define POLARSSL_SHA1_C
	31
	32	#else
	33	#include POLARSSL_CONFIG_FILE
	34	#endif
	35
	36	#if defined(POLARSSL_SHA1_C)
	37
	38	#include "sha1.h"
	39
	40	#include <string.h>
	41
	42	#if defined(POLARSSL_FS_IO)
	43	#include <stdio.h>
	44	#endif
	45
	46	#if defined(POLARSSL_SELF_TEST)
	47	#if defined(POLARSSL_PLATFORM_C)
	48	#include "polarssl/platform.h"
	49	#else
	50	#include <stdio.h>
	51	#define polarssl_printf printf
	52	#endif /* POLARSSL_PLATFORM_C */
	53	#endif /* POLARSSL_SELF_TEST */
	54
	55	/* Implementation that should never be optimized out by the compiler */
	56	static void polarssl_zeroize( void *v, size_t n ) {
	57	volatile unsigned char p = v; while( n-- ) p++ = 0;
	58	}
	59
	60	#if !defined(POLARSSL_SHA1_ALT)
	61
	62	/*
	63	* 32-bit integer manipulation macros (big endian)
	64	*/
65	#ifndef GET_UINT32_BE
66	#define GET_UINT32_BE(n,b,i) \
67	{ \
68	(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
69	\| ( (uint32_t) (b)[(i) + 1] << 16 ) \
70	\| ( (uint32_t) (b)[(i) + 2] << 8 ) \
71	\| ( (uint32_t) (b)[(i) + 3] ); \
72	}
73	#endif
74
75	#ifndef PUT_UINT32_BE
76	#define PUT_UINT32_BE(n,b,i) \
77	{ \
78	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
79	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
80	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
81	(b)[(i) + 3] = (unsigned char) ( (n) ); \
82	}
83	#endif
84
85	void sha1_init( sha1_context *ctx )
86	{
87	memset( ctx, 0, sizeof( sha1_context ) );
88	}
89
90	void sha1_free( sha1_context *ctx )
91	{
92	if( ctx == NULL )
93	return;
94
95	polarssl_zeroize( ctx, sizeof( sha1_context ) );
96	}
97
98	/*
99	* SHA-1 context setup
100	*/
101	void sha1_starts( sha1_context *ctx )
102	{
103	ctx->total[0] = 0;
104	ctx->total[1] = 0;
105
106	ctx->state[0] = 0x67452301;
107	ctx->state[1] = 0xEFCDAB89;
108	ctx->state[2] = 0x98BADCFE;
109	ctx->state[3] = 0x10325476;
110	ctx->state[4] = 0xC3D2E1F0;
111	}
112
113	void sha1_process( sha1_context *ctx, const unsigned char data[64] )
114	{
115	uint32_t temp, W[16], A, B, C, D, E;
116
117	GET_UINT32_BE( W[ 0], data, 0 );
118	GET_UINT32_BE( W[ 1], data, 4 );
119	GET_UINT32_BE( W[ 2], data, 8 );
120	GET_UINT32_BE( W[ 3], data, 12 );
121	GET_UINT32_BE( W[ 4], data, 16 );
122	GET_UINT32_BE( W[ 5], data, 20 );
123	GET_UINT32_BE( W[ 6], data, 24 );
124	GET_UINT32_BE( W[ 7], data, 28 );
125	GET_UINT32_BE( W[ 8], data, 32 );
126	GET_UINT32_BE( W[ 9], data, 36 );
127	GET_UINT32_BE( W[10], data, 40 );
128	GET_UINT32_BE( W[11], data, 44 );
129	GET_UINT32_BE( W[12], data, 48 );
130	GET_UINT32_BE( W[13], data, 52 );
131	GET_UINT32_BE( W[14], data, 56 );
132	GET_UINT32_BE( W[15], data, 60 );
133
134	#define S(x,n) ((x << n) \| ((x & 0xFFFFFFFF) >> (32 - n)))
135
136	#define R(t) \
137	( \
138	temp = W[( t - 3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \
139	W[( t - 14 ) & 0x0F] ^ W[ t & 0x0F], \
140	( W[t & 0x0F] = S(temp,1) ) \
141	)
142
143	#define P(a,b,c,d,e,x) \
144	{ \
145	e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
146	}
147
148	A = ctx->state[0];
149	B = ctx->state[1];
150	C = ctx->state[2];
151	D = ctx->state[3];
152	E = ctx->state[4];
153
154	#define F(x,y,z) (z ^ (x & (y ^ z)))
155	#define K 0x5A827999
156
157	P( A, B, C, D, E, W[0] );
158	P( E, A, B, C, D, W[1] );
159	P( D, E, A, B, C, W[2] );
160	P( C, D, E, A, B, W[3] );
161	P( B, C, D, E, A, W[4] );
162	P( A, B, C, D, E, W[5] );
163	P( E, A, B, C, D, W[6] );
164	P( D, E, A, B, C, W[7] );
165	P( C, D, E, A, B, W[8] );
166	P( B, C, D, E, A, W[9] );
167	P( A, B, C, D, E, W[10] );
168	P( E, A, B, C, D, W[11] );
169	P( D, E, A, B, C, W[12] );
170	P( C, D, E, A, B, W[13] );
171	P( B, C, D, E, A, W[14] );
172	P( A, B, C, D, E, W[15] );
173	P( E, A, B, C, D, R(16) );
174	P( D, E, A, B, C, R(17) );
175	P( C, D, E, A, B, R(18) );
176	P( B, C, D, E, A, R(19) );
177
178	#undef K
179	#undef F
180
181	#define F(x,y,z) (x ^ y ^ z)
182	#define K 0x6ED9EBA1
183
184	P( A, B, C, D, E, R(20) );
185	P( E, A, B, C, D, R(21) );
186	P( D, E, A, B, C, R(22) );
187	P( C, D, E, A, B, R(23) );
188	P( B, C, D, E, A, R(24) );
189	P( A, B, C, D, E, R(25) );
190	P( E, A, B, C, D, R(26) );
191	P( D, E, A, B, C, R(27) );
192	P( C, D, E, A, B, R(28) );
193	P( B, C, D, E, A, R(29) );
194	P( A, B, C, D, E, R(30) );
195	P( E, A, B, C, D, R(31) );
196	P( D, E, A, B, C, R(32) );
197	P( C, D, E, A, B, R(33) );
198	P( B, C, D, E, A, R(34) );
199	P( A, B, C, D, E, R(35) );
200	P( E, A, B, C, D, R(36) );
201	P( D, E, A, B, C, R(37) );
202	P( C, D, E, A, B, R(38) );
203	P( B, C, D, E, A, R(39) );
204
205	#undef K
206	#undef F
207
208	#define F(x,y,z) ((x & y) \| (z & (x \| y)))
209	#define K 0x8F1BBCDC
210
211	P( A, B, C, D, E, R(40) );
212	P( E, A, B, C, D, R(41) );
213	P( D, E, A, B, C, R(42) );
214	P( C, D, E, A, B, R(43) );
215	P( B, C, D, E, A, R(44) );
216	P( A, B, C, D, E, R(45) );
217	P( E, A, B, C, D, R(46) );
218	P( D, E, A, B, C, R(47) );
219	P( C, D, E, A, B, R(48) );
220	P( B, C, D, E, A, R(49) );
221	P( A, B, C, D, E, R(50) );
222	P( E, A, B, C, D, R(51) );
223	P( D, E, A, B, C, R(52) );
224	P( C, D, E, A, B, R(53) );
225	P( B, C, D, E, A, R(54) );
226	P( A, B, C, D, E, R(55) );
227	P( E, A, B, C, D, R(56) );
228	P( D, E, A, B, C, R(57) );
229	P( C, D, E, A, B, R(58) );
230	P( B, C, D, E, A, R(59) );
231
232	#undef K
233	#undef F
234
235	#define F(x,y,z) (x ^ y ^ z)
236	#define K 0xCA62C1D6
237
238	P( A, B, C, D, E, R(60) );
239	P( E, A, B, C, D, R(61) );
240	P( D, E, A, B, C, R(62) );
241	P( C, D, E, A, B, R(63) );
242	P( B, C, D, E, A, R(64) );
243	P( A, B, C, D, E, R(65) );
244	P( E, A, B, C, D, R(66) );
245	P( D, E, A, B, C, R(67) );
246	P( C, D, E, A, B, R(68) );
247	P( B, C, D, E, A, R(69) );
248	P( A, B, C, D, E, R(70) );
249	P( E, A, B, C, D, R(71) );
250	P( D, E, A, B, C, R(72) );
251	P( C, D, E, A, B, R(73) );
252	P( B, C, D, E, A, R(74) );
253	P( A, B, C, D, E, R(75) );
254	P( E, A, B, C, D, R(76) );
255	P( D, E, A, B, C, R(77) );
256	P( C, D, E, A, B, R(78) );
257	P( B, C, D, E, A, R(79) );
258
259	#undef K
260	#undef F
261
262	ctx->state[0] += A;
263	ctx->state[1] += B;
264	ctx->state[2] += C;
265	ctx->state[3] += D;
266	ctx->state[4] += E;
267	}
268
269	/*
270	* SHA-1 process buffer
271	*/
272	void sha1_update( sha1_context ctx, const unsigned char input, size_t ilen )
273	{
274	size_t fill;
275	uint32_t left;
276
277	if( ilen == 0 )
278	return;
279
280	left = ctx->total[0] & 0x3F;
281	fill = 64 - left;
282
283	ctx->total[0] += (uint32_t) ilen;
284	ctx->total[0] &= 0xFFFFFFFF;
285
286	if( ctx->total[0] < (uint32_t) ilen )
287	ctx->total[1]++;
288
289	if( left && ilen >= fill )
290	{
291	memcpy( (void *) (ctx->buffer + left), input, fill );
292	sha1_process( ctx, ctx->buffer );
293	input += fill;
294	ilen -= fill;
295	left = 0;
296	}
297
298	while( ilen >= 64 )
299	{
300	sha1_process( ctx, input );
301	input += 64;
302	ilen -= 64;
303	}
304
305	if( ilen > 0 )
306	memcpy( (void *) (ctx->buffer + left), input, ilen );
307	}
308
309	static const unsigned char sha1_padding[64] =
310	{
311	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
312	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
313	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
314	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
315	};
316
317	/*
318	* SHA-1 final digest
319	*/
320	void sha1_finish( sha1_context *ctx, unsigned char output[20] )
321	{
322	uint32_t last, padn;
323	uint32_t high, low;
324	unsigned char msglen[8];
325
326	high = ( ctx->total[0] >> 29 )
327	\| ( ctx->total[1] << 3 );
328	low = ( ctx->total[0] << 3 );
329
330	PUT_UINT32_BE( high, msglen, 0 );
331	PUT_UINT32_BE( low, msglen, 4 );
332
333	last = ctx->total[0] & 0x3F;
334	padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
335
336	sha1_update( ctx, sha1_padding, padn );
337	sha1_update( ctx, msglen, 8 );
338
339	PUT_UINT32_BE( ctx->state[0], output, 0 );
340	PUT_UINT32_BE( ctx->state[1], output, 4 );
341	PUT_UINT32_BE( ctx->state[2], output, 8 );
342	PUT_UINT32_BE( ctx->state[3], output, 12 );
343	PUT_UINT32_BE( ctx->state[4], output, 16 );
344	}
345
346	#endif /* !POLARSSL_SHA1_ALT */
347
348	/*
349	* output = SHA-1( input buffer )
350	*/
351	void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
352	{
353	sha1_context ctx;
354
355	sha1_init( &ctx );
356	sha1_starts( &ctx );
357	sha1_update( &ctx, input, ilen );
358	sha1_finish( &ctx, output );
359	sha1_free( &ctx );
360	}
361
362	#if defined(POLARSSL_FS_IO)
363	/*
364	* output = SHA-1( file contents )
365	*/
366	int sha1_file( const char *path, unsigned char output[20] )
367	{
368	FILE *f;
369	size_t n;
370	sha1_context ctx;
371	unsigned char buf[1024];
372
373	if( ( f = fopen( path, "rb" ) ) == NULL )
374	return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
375
376	sha1_init( &ctx );
377	sha1_starts( &ctx );
378
379	while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
380	sha1_update( &ctx, buf, n );
381
382	sha1_finish( &ctx, output );
383	sha1_free( &ctx );
384
385	if( ferror( f ) != 0 )
386	{
387	fclose( f );
388	return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
389	}
390
391	fclose( f );
392	return( 0 );
393	}
394	#endif /* POLARSSL_FS_IO */
395
396	/*
397	* SHA-1 HMAC context setup
398	*/
399	void sha1_hmac_starts( sha1_context ctx, const unsigned char key,
400	size_t keylen )
401	{
402	size_t i;
403	unsigned char sum[20];
404
405	if( keylen > 64 )
406	{
407	sha1( key, keylen, sum );
408	keylen = 20;
409	key = sum;
410	}
411
412	memset( ctx->ipad, 0x36, 64 );
413	memset( ctx->opad, 0x5C, 64 );
414
415	for( i = 0; i < keylen; i++ )
416	{
417	ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
418	ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
419	}
420
421	sha1_starts( ctx );
422	sha1_update( ctx, ctx->ipad, 64 );
423
424	polarssl_zeroize( sum, sizeof( sum ) );
425	}
426
427	/*
428	* SHA-1 HMAC process buffer
429	*/
430	void sha1_hmac_update( sha1_context ctx, const unsigned char input,
431	size_t ilen )
432	{
433	sha1_update( ctx, input, ilen );
434	}
435
436	/*
437	* SHA-1 HMAC final digest
438	*/
439	void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
440	{
441	unsigned char tmpbuf[20];
442
443	sha1_finish( ctx, tmpbuf );
444	sha1_starts( ctx );
445	sha1_update( ctx, ctx->opad, 64 );
446	sha1_update( ctx, tmpbuf, 20 );
447	sha1_finish( ctx, output );
448
449	polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
450	}
451
452	/*
453	* SHA1 HMAC context reset
454	*/
455	void sha1_hmac_reset( sha1_context *ctx )
456	{
457	sha1_starts( ctx );
458	sha1_update( ctx, ctx->ipad, 64 );
459	}
460
461	/*
462	* output = HMAC-SHA-1( hmac key, input buffer )
463	*/
464	void sha1_hmac( const unsigned char *key, size_t keylen,
465	const unsigned char *input, size_t ilen,
466	unsigned char output[20] )
467	{
468	sha1_context ctx;
469
470	sha1_init( &ctx );
471	sha1_hmac_starts( &ctx, key, keylen );
472	sha1_hmac_update( &ctx, input, ilen );
473	sha1_hmac_finish( &ctx, output );
474	sha1_free( &ctx );
475	}
476
477	#if defined(POLARSSL_SELF_TEST)
478	/*
479	* FIPS-180-1 test vectors
480	*/
481	static const unsigned char sha1_test_buf[3][57] =
482	{
483	{ "abc" },
484	{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
485	{ "" }
486	};
487
488	static const int sha1_test_buflen[3] =
489	{
490	3, 56, 1000
491	};
492
493	static const unsigned char sha1_test_sum[3][20] =
494	{
495	{ 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
496	0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
497	{ 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
498	0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
499	{ 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
500	0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
501	};
502
503	/*
504	* RFC 2202 test vectors
505	*/
506	static const unsigned char sha1_hmac_test_key[7][26] =
507	{
508	{ "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
509	"\x0B\x0B\x0B\x0B" },
510	{ "Jefe" },
511	{ "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
512	"\xAA\xAA\xAA\xAA" },
513	{ "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
514	"\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
515	{ "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
516	"\x0C\x0C\x0C\x0C" },
517	{ "" }, /* 0xAA 80 times */
518	{ "" }
519	};
520
521	static const int sha1_hmac_test_keylen[7] =
522	{
523	20, 4, 20, 25, 20, 80, 80
524	};
525
526	static const unsigned char sha1_hmac_test_buf[7][74] =
527	{
528	{ "Hi There" },
529	{ "what do ya want for nothing?" },
530	{ "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
531	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
532	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
533	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
534	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
535	{ "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
536	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
537	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
538	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
539	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
540	{ "Test With Truncation" },
541	{ "Test Using Larger Than Block-Size Key - Hash Key First" },
542	{ "Test Using Larger Than Block-Size Key and Larger"
543	" Than One Block-Size Data" }
544	};
545
546	static const int sha1_hmac_test_buflen[7] =
547	{
548	8, 28, 50, 50, 20, 54, 73
549	};
550
551	static const unsigned char sha1_hmac_test_sum[7][20] =
552	{
553	{ 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
554	0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
555	{ 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
556	0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
557	{ 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
558	0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
559	{ 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
560	0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
561	{ 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
562	0x7B, 0xE1 },
563	{ 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
564	0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
565	{ 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
566	0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
567	};
568
569	/*
570	* Checkup routine
571	*/
572	int sha1_self_test( int verbose )
573	{
574	int i, j, buflen, ret = 0;
575	unsigned char buf[1024];
576	unsigned char sha1sum[20];
577	sha1_context ctx;
578
579	sha1_init( &ctx );
580
581	/*
582	* SHA-1
583	*/
584	for( i = 0; i < 3; i++ )
585	{
586	if( verbose != 0 )
587	polarssl_printf( " SHA-1 test #%d: ", i + 1 );
588
589	sha1_starts( &ctx );
590
591	if( i == 2 )
592	{
593	memset( buf, 'a', buflen = 1000 );
594
595	for( j = 0; j < 1000; j++ )
596	sha1_update( &ctx, buf, buflen );
597	}
598	else
599	sha1_update( &ctx, sha1_test_buf[i],
600	sha1_test_buflen[i] );
601
602	sha1_finish( &ctx, sha1sum );
603
604	if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
605	{
606	if( verbose != 0 )
607	polarssl_printf( "failed\n" );
608
609	ret = 1;
610	goto exit;
611	}
612
613	if( verbose != 0 )
614	polarssl_printf( "passed\n" );
615	}
616
617	if( verbose != 0 )
618	polarssl_printf( "\n" );
619
620	for( i = 0; i < 7; i++ )
621	{
622	if( verbose != 0 )
623	polarssl_printf( " HMAC-SHA-1 test #%d: ", i + 1 );
624
625	if( i == 5 \|\| i == 6 )
626	{
627	memset( buf, 0xAA, buflen = 80 );
628	sha1_hmac_starts( &ctx, buf, buflen );
629	}
630	else
631	sha1_hmac_starts( &ctx, sha1_hmac_test_key[i],
632	sha1_hmac_test_keylen[i] );
633
634	sha1_hmac_update( &ctx, sha1_hmac_test_buf[i],
635	sha1_hmac_test_buflen[i] );
636
637	sha1_hmac_finish( &ctx, sha1sum );
638
639	buflen = ( i == 4 ) ? 12 : 20;
640
641	if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
642	{
643	if( verbose != 0 )
644	polarssl_printf( "failed\n" );
645
646	ret = 1;
647	goto exit;
648	}
649
650	if( verbose != 0 )
651	polarssl_printf( "passed\n" );
652	}
653
654	if( verbose != 0 )
655	polarssl_printf( "\n" );
656
657	exit:
658	sha1_free( &ctx );
659
660	return( ret );
661	}
662
663	#endif /* POLARSSL_SELF_TEST */
664
665	#endif /* POLARSSL_SHA1_C */