]>
Commit | Line | Data |
---|---|---|
1c4c0b06 | 1 | /* |
2 | * FIPS-180-1 compliant SHA-1 implementation | |
3 | * | |
4 | * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved | |
5 | * This file is part of mbed TLS (https://tls.mbed.org) | |
6 | * | |
7 | * This program is free software; you can redistribute it and/or modify | |
8 | * it under the terms of the GNU General Public License as published by | |
9 | * the Free Software Foundation; either version 2 of the License, or | |
10 | * (at your option) any later version. | |
11 | * | |
12 | * This program is distributed in the hope that it will be useful, | |
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
15 | * GNU General Public License for more details. | |
16 | * | |
17 | * You should have received a copy of the GNU General Public License along | |
18 | * with this program; if not, write to the Free Software Foundation, Inc., | |
19 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | |
20 | */ | |
21 | /* | |
22 | * The SHA-1 standard was published by NIST in 1993. | |
23 | * | |
24 | * http://www.itl.nist.gov/fipspubs/fip180-1.htm | |
25 | */ | |
26 | ||
27 | #if !defined(POLARSSL_CONFIG_FILE) | |
28 | //#include "polarssl/config.h" | |
29 | #define POLARSSL_SHA1_C | |
30 | ||
31 | #else | |
32 | #include POLARSSL_CONFIG_FILE | |
33 | #endif | |
34 | ||
35 | #if defined(POLARSSL_SHA1_C) | |
36 | ||
37 | #include "sha1.h" | |
38 | ||
39 | #include <string.h> | |
40 | ||
41 | #if defined(POLARSSL_FS_IO) | |
42 | #include <stdio.h> | |
43 | #endif | |
44 | ||
45 | #if defined(POLARSSL_SELF_TEST) | |
46 | #if defined(POLARSSL_PLATFORM_C) | |
47 | #include "polarssl/platform.h" | |
48 | #else | |
49 | #include <stdio.h> | |
50 | #define polarssl_printf printf | |
51 | #endif /* POLARSSL_PLATFORM_C */ | |
52 | #endif /* POLARSSL_SELF_TEST */ | |
53 | ||
54 | /* Implementation that should never be optimized out by the compiler */ | |
55 | static void polarssl_zeroize( void *v, size_t n ) { | |
56 | volatile unsigned char *p = v; while( n-- ) *p++ = 0; | |
57 | } | |
58 | ||
59 | #if !defined(POLARSSL_SHA1_ALT) | |
60 | ||
61 | /* | |
62 | * 32-bit integer manipulation macros (big endian) | |
63 | */ | |
64 | #ifndef GET_UINT32_BE | |
65 | #define GET_UINT32_BE(n,b,i) \ | |
66 | { \ | |
67 | (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ | |
68 | | ( (uint32_t) (b)[(i) + 1] << 16 ) \ | |
69 | | ( (uint32_t) (b)[(i) + 2] << 8 ) \ | |
70 | | ( (uint32_t) (b)[(i) + 3] ); \ | |
71 | } | |
72 | #endif | |
73 | ||
74 | #ifndef PUT_UINT32_BE | |
75 | #define PUT_UINT32_BE(n,b,i) \ | |
76 | { \ | |
77 | (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ | |
78 | (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ | |
79 | (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ | |
80 | (b)[(i) + 3] = (unsigned char) ( (n) ); \ | |
81 | } | |
82 | #endif | |
83 | ||
84 | void sha1_init( sha1_context *ctx ) | |
85 | { | |
86 | memset( ctx, 0, sizeof( sha1_context ) ); | |
87 | } | |
88 | ||
89 | void sha1_free( sha1_context *ctx ) | |
90 | { | |
91 | if( ctx == NULL ) | |
92 | return; | |
93 | ||
94 | polarssl_zeroize( ctx, sizeof( sha1_context ) ); | |
95 | } | |
96 | ||
97 | /* | |
98 | * SHA-1 context setup | |
99 | */ | |
100 | void sha1_starts( sha1_context *ctx ) | |
101 | { | |
102 | ctx->total[0] = 0; | |
103 | ctx->total[1] = 0; | |
104 | ||
105 | ctx->state[0] = 0x67452301; | |
106 | ctx->state[1] = 0xEFCDAB89; | |
107 | ctx->state[2] = 0x98BADCFE; | |
108 | ctx->state[3] = 0x10325476; | |
109 | ctx->state[4] = 0xC3D2E1F0; | |
110 | } | |
111 | ||
112 | void sha1_process( sha1_context *ctx, const unsigned char data[64] ) | |
113 | { | |
114 | uint32_t temp, W[16], A, B, C, D, E; | |
115 | ||
116 | GET_UINT32_BE( W[ 0], data, 0 ); | |
117 | GET_UINT32_BE( W[ 1], data, 4 ); | |
118 | GET_UINT32_BE( W[ 2], data, 8 ); | |
119 | GET_UINT32_BE( W[ 3], data, 12 ); | |
120 | GET_UINT32_BE( W[ 4], data, 16 ); | |
121 | GET_UINT32_BE( W[ 5], data, 20 ); | |
122 | GET_UINT32_BE( W[ 6], data, 24 ); | |
123 | GET_UINT32_BE( W[ 7], data, 28 ); | |
124 | GET_UINT32_BE( W[ 8], data, 32 ); | |
125 | GET_UINT32_BE( W[ 9], data, 36 ); | |
126 | GET_UINT32_BE( W[10], data, 40 ); | |
127 | GET_UINT32_BE( W[11], data, 44 ); | |
128 | GET_UINT32_BE( W[12], data, 48 ); | |
129 | GET_UINT32_BE( W[13], data, 52 ); | |
130 | GET_UINT32_BE( W[14], data, 56 ); | |
131 | GET_UINT32_BE( W[15], data, 60 ); | |
132 | ||
133 | #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n))) | |
134 | ||
135 | #define R(t) \ | |
136 | ( \ | |
137 | temp = W[( t - 3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \ | |
138 | W[( t - 14 ) & 0x0F] ^ W[ t & 0x0F], \ | |
139 | ( W[t & 0x0F] = S(temp,1) ) \ | |
140 | ) | |
141 | ||
142 | #define P(a,b,c,d,e,x) \ | |
143 | { \ | |
144 | e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \ | |
145 | } | |
146 | ||
147 | A = ctx->state[0]; | |
148 | B = ctx->state[1]; | |
149 | C = ctx->state[2]; | |
150 | D = ctx->state[3]; | |
151 | E = ctx->state[4]; | |
152 | ||
153 | #define F(x,y,z) (z ^ (x & (y ^ z))) | |
154 | #define K 0x5A827999 | |
155 | ||
156 | P( A, B, C, D, E, W[0] ); | |
157 | P( E, A, B, C, D, W[1] ); | |
158 | P( D, E, A, B, C, W[2] ); | |
159 | P( C, D, E, A, B, W[3] ); | |
160 | P( B, C, D, E, A, W[4] ); | |
161 | P( A, B, C, D, E, W[5] ); | |
162 | P( E, A, B, C, D, W[6] ); | |
163 | P( D, E, A, B, C, W[7] ); | |
164 | P( C, D, E, A, B, W[8] ); | |
165 | P( B, C, D, E, A, W[9] ); | |
166 | P( A, B, C, D, E, W[10] ); | |
167 | P( E, A, B, C, D, W[11] ); | |
168 | P( D, E, A, B, C, W[12] ); | |
169 | P( C, D, E, A, B, W[13] ); | |
170 | P( B, C, D, E, A, W[14] ); | |
171 | P( A, B, C, D, E, W[15] ); | |
172 | P( E, A, B, C, D, R(16) ); | |
173 | P( D, E, A, B, C, R(17) ); | |
174 | P( C, D, E, A, B, R(18) ); | |
175 | P( B, C, D, E, A, R(19) ); | |
176 | ||
177 | #undef K | |
178 | #undef F | |
179 | ||
180 | #define F(x,y,z) (x ^ y ^ z) | |
181 | #define K 0x6ED9EBA1 | |
182 | ||
183 | P( A, B, C, D, E, R(20) ); | |
184 | P( E, A, B, C, D, R(21) ); | |
185 | P( D, E, A, B, C, R(22) ); | |
186 | P( C, D, E, A, B, R(23) ); | |
187 | P( B, C, D, E, A, R(24) ); | |
188 | P( A, B, C, D, E, R(25) ); | |
189 | P( E, A, B, C, D, R(26) ); | |
190 | P( D, E, A, B, C, R(27) ); | |
191 | P( C, D, E, A, B, R(28) ); | |
192 | P( B, C, D, E, A, R(29) ); | |
193 | P( A, B, C, D, E, R(30) ); | |
194 | P( E, A, B, C, D, R(31) ); | |
195 | P( D, E, A, B, C, R(32) ); | |
196 | P( C, D, E, A, B, R(33) ); | |
197 | P( B, C, D, E, A, R(34) ); | |
198 | P( A, B, C, D, E, R(35) ); | |
199 | P( E, A, B, C, D, R(36) ); | |
200 | P( D, E, A, B, C, R(37) ); | |
201 | P( C, D, E, A, B, R(38) ); | |
202 | P( B, C, D, E, A, R(39) ); | |
203 | ||
204 | #undef K | |
205 | #undef F | |
206 | ||
207 | #define F(x,y,z) ((x & y) | (z & (x | y))) | |
208 | #define K 0x8F1BBCDC | |
209 | ||
210 | P( A, B, C, D, E, R(40) ); | |
211 | P( E, A, B, C, D, R(41) ); | |
212 | P( D, E, A, B, C, R(42) ); | |
213 | P( C, D, E, A, B, R(43) ); | |
214 | P( B, C, D, E, A, R(44) ); | |
215 | P( A, B, C, D, E, R(45) ); | |
216 | P( E, A, B, C, D, R(46) ); | |
217 | P( D, E, A, B, C, R(47) ); | |
218 | P( C, D, E, A, B, R(48) ); | |
219 | P( B, C, D, E, A, R(49) ); | |
220 | P( A, B, C, D, E, R(50) ); | |
221 | P( E, A, B, C, D, R(51) ); | |
222 | P( D, E, A, B, C, R(52) ); | |
223 | P( C, D, E, A, B, R(53) ); | |
224 | P( B, C, D, E, A, R(54) ); | |
225 | P( A, B, C, D, E, R(55) ); | |
226 | P( E, A, B, C, D, R(56) ); | |
227 | P( D, E, A, B, C, R(57) ); | |
228 | P( C, D, E, A, B, R(58) ); | |
229 | P( B, C, D, E, A, R(59) ); | |
230 | ||
231 | #undef K | |
232 | #undef F | |
233 | ||
234 | #define F(x,y,z) (x ^ y ^ z) | |
235 | #define K 0xCA62C1D6 | |
236 | ||
237 | P( A, B, C, D, E, R(60) ); | |
238 | P( E, A, B, C, D, R(61) ); | |
239 | P( D, E, A, B, C, R(62) ); | |
240 | P( C, D, E, A, B, R(63) ); | |
241 | P( B, C, D, E, A, R(64) ); | |
242 | P( A, B, C, D, E, R(65) ); | |
243 | P( E, A, B, C, D, R(66) ); | |
244 | P( D, E, A, B, C, R(67) ); | |
245 | P( C, D, E, A, B, R(68) ); | |
246 | P( B, C, D, E, A, R(69) ); | |
247 | P( A, B, C, D, E, R(70) ); | |
248 | P( E, A, B, C, D, R(71) ); | |
249 | P( D, E, A, B, C, R(72) ); | |
250 | P( C, D, E, A, B, R(73) ); | |
251 | P( B, C, D, E, A, R(74) ); | |
252 | P( A, B, C, D, E, R(75) ); | |
253 | P( E, A, B, C, D, R(76) ); | |
254 | P( D, E, A, B, C, R(77) ); | |
255 | P( C, D, E, A, B, R(78) ); | |
256 | P( B, C, D, E, A, R(79) ); | |
257 | ||
258 | #undef K | |
259 | #undef F | |
260 | ||
261 | ctx->state[0] += A; | |
262 | ctx->state[1] += B; | |
263 | ctx->state[2] += C; | |
264 | ctx->state[3] += D; | |
265 | ctx->state[4] += E; | |
266 | } | |
267 | ||
268 | /* | |
269 | * SHA-1 process buffer | |
270 | */ | |
271 | void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen ) | |
272 | { | |
273 | size_t fill; | |
274 | uint32_t left; | |
275 | ||
276 | if( ilen == 0 ) | |
277 | return; | |
278 | ||
279 | left = ctx->total[0] & 0x3F; | |
280 | fill = 64 - left; | |
281 | ||
282 | ctx->total[0] += (uint32_t) ilen; | |
283 | ctx->total[0] &= 0xFFFFFFFF; | |
284 | ||
285 | if( ctx->total[0] < (uint32_t) ilen ) | |
286 | ctx->total[1]++; | |
287 | ||
288 | if( left && ilen >= fill ) | |
289 | { | |
290 | memcpy( (void *) (ctx->buffer + left), input, fill ); | |
291 | sha1_process( ctx, ctx->buffer ); | |
292 | input += fill; | |
293 | ilen -= fill; | |
294 | left = 0; | |
295 | } | |
296 | ||
297 | while( ilen >= 64 ) | |
298 | { | |
299 | sha1_process( ctx, input ); | |
300 | input += 64; | |
301 | ilen -= 64; | |
302 | } | |
303 | ||
304 | if( ilen > 0 ) | |
305 | memcpy( (void *) (ctx->buffer + left), input, ilen ); | |
306 | } | |
307 | ||
308 | static const unsigned char sha1_padding[64] = | |
309 | { | |
310 | 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
311 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
312 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
313 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 | |
314 | }; | |
315 | ||
316 | /* | |
317 | * SHA-1 final digest | |
318 | */ | |
319 | void sha1_finish( sha1_context *ctx, unsigned char output[20] ) | |
320 | { | |
321 | uint32_t last, padn; | |
322 | uint32_t high, low; | |
323 | unsigned char msglen[8]; | |
324 | ||
325 | high = ( ctx->total[0] >> 29 ) | |
326 | | ( ctx->total[1] << 3 ); | |
327 | low = ( ctx->total[0] << 3 ); | |
328 | ||
329 | PUT_UINT32_BE( high, msglen, 0 ); | |
330 | PUT_UINT32_BE( low, msglen, 4 ); | |
331 | ||
332 | last = ctx->total[0] & 0x3F; | |
333 | padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); | |
334 | ||
335 | sha1_update( ctx, sha1_padding, padn ); | |
336 | sha1_update( ctx, msglen, 8 ); | |
337 | ||
338 | PUT_UINT32_BE( ctx->state[0], output, 0 ); | |
339 | PUT_UINT32_BE( ctx->state[1], output, 4 ); | |
340 | PUT_UINT32_BE( ctx->state[2], output, 8 ); | |
341 | PUT_UINT32_BE( ctx->state[3], output, 12 ); | |
342 | PUT_UINT32_BE( ctx->state[4], output, 16 ); | |
343 | } | |
344 | ||
345 | #endif /* !POLARSSL_SHA1_ALT */ | |
346 | ||
347 | /* | |
348 | * output = SHA-1( input buffer ) | |
349 | */ | |
350 | void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ) | |
351 | { | |
352 | sha1_context ctx; | |
353 | ||
354 | sha1_init( &ctx ); | |
355 | sha1_starts( &ctx ); | |
356 | sha1_update( &ctx, input, ilen ); | |
357 | sha1_finish( &ctx, output ); | |
358 | sha1_free( &ctx ); | |
359 | } | |
360 | ||
361 | #if defined(POLARSSL_FS_IO) | |
362 | /* | |
363 | * output = SHA-1( file contents ) | |
364 | */ | |
365 | int sha1_file( const char *path, unsigned char output[20] ) | |
366 | { | |
367 | FILE *f; | |
368 | size_t n; | |
369 | sha1_context ctx; | |
370 | unsigned char buf[1024]; | |
371 | ||
372 | if( ( f = fopen( path, "rb" ) ) == NULL ) | |
373 | return( POLARSSL_ERR_SHA1_FILE_IO_ERROR ); | |
374 | ||
375 | sha1_init( &ctx ); | |
376 | sha1_starts( &ctx ); | |
377 | ||
378 | while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) | |
379 | sha1_update( &ctx, buf, n ); | |
380 | ||
381 | sha1_finish( &ctx, output ); | |
382 | sha1_free( &ctx ); | |
383 | ||
384 | if( ferror( f ) != 0 ) | |
385 | { | |
386 | fclose( f ); | |
387 | return( POLARSSL_ERR_SHA1_FILE_IO_ERROR ); | |
388 | } | |
389 | ||
390 | fclose( f ); | |
391 | return( 0 ); | |
392 | } | |
393 | #endif /* POLARSSL_FS_IO */ | |
394 | ||
395 | /* | |
396 | * SHA-1 HMAC context setup | |
397 | */ | |
398 | void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, | |
399 | size_t keylen ) | |
400 | { | |
401 | size_t i; | |
402 | unsigned char sum[20]; | |
403 | ||
404 | if( keylen > 64 ) | |
405 | { | |
406 | sha1( key, keylen, sum ); | |
407 | keylen = 20; | |
408 | key = sum; | |
409 | } | |
410 | ||
411 | memset( ctx->ipad, 0x36, 64 ); | |
412 | memset( ctx->opad, 0x5C, 64 ); | |
413 | ||
414 | for( i = 0; i < keylen; i++ ) | |
415 | { | |
416 | ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] ); | |
417 | ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] ); | |
418 | } | |
419 | ||
420 | sha1_starts( ctx ); | |
421 | sha1_update( ctx, ctx->ipad, 64 ); | |
422 | ||
423 | polarssl_zeroize( sum, sizeof( sum ) ); | |
424 | } | |
425 | ||
426 | /* | |
427 | * SHA-1 HMAC process buffer | |
428 | */ | |
429 | void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, | |
430 | size_t ilen ) | |
431 | { | |
432 | sha1_update( ctx, input, ilen ); | |
433 | } | |
434 | ||
435 | /* | |
436 | * SHA-1 HMAC final digest | |
437 | */ | |
438 | void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] ) | |
439 | { | |
440 | unsigned char tmpbuf[20]; | |
441 | ||
442 | sha1_finish( ctx, tmpbuf ); | |
443 | sha1_starts( ctx ); | |
444 | sha1_update( ctx, ctx->opad, 64 ); | |
445 | sha1_update( ctx, tmpbuf, 20 ); | |
446 | sha1_finish( ctx, output ); | |
447 | ||
448 | polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) ); | |
449 | } | |
450 | ||
451 | /* | |
452 | * SHA1 HMAC context reset | |
453 | */ | |
454 | void sha1_hmac_reset( sha1_context *ctx ) | |
455 | { | |
456 | sha1_starts( ctx ); | |
457 | sha1_update( ctx, ctx->ipad, 64 ); | |
458 | } | |
459 | ||
460 | /* | |
461 | * output = HMAC-SHA-1( hmac key, input buffer ) | |
462 | */ | |
463 | void sha1_hmac( const unsigned char *key, size_t keylen, | |
464 | const unsigned char *input, size_t ilen, | |
465 | unsigned char output[20] ) | |
466 | { | |
467 | sha1_context ctx; | |
468 | ||
469 | sha1_init( &ctx ); | |
470 | sha1_hmac_starts( &ctx, key, keylen ); | |
471 | sha1_hmac_update( &ctx, input, ilen ); | |
472 | sha1_hmac_finish( &ctx, output ); | |
473 | sha1_free( &ctx ); | |
474 | } | |
475 | ||
476 | #if defined(POLARSSL_SELF_TEST) | |
477 | /* | |
478 | * FIPS-180-1 test vectors | |
479 | */ | |
480 | static const unsigned char sha1_test_buf[3][57] = | |
481 | { | |
482 | { "abc" }, | |
483 | { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, | |
484 | { "" } | |
485 | }; | |
486 | ||
487 | static const int sha1_test_buflen[3] = | |
488 | { | |
489 | 3, 56, 1000 | |
490 | }; | |
491 | ||
492 | static const unsigned char sha1_test_sum[3][20] = | |
493 | { | |
494 | { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E, | |
495 | 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D }, | |
496 | { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE, | |
497 | 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 }, | |
498 | { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E, | |
499 | 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F } | |
500 | }; | |
501 | ||
502 | /* | |
503 | * RFC 2202 test vectors | |
504 | */ | |
505 | static const unsigned char sha1_hmac_test_key[7][26] = | |
506 | { | |
507 | { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" | |
508 | "\x0B\x0B\x0B\x0B" }, | |
509 | { "Jefe" }, | |
510 | { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" | |
511 | "\xAA\xAA\xAA\xAA" }, | |
512 | { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10" | |
513 | "\x11\x12\x13\x14\x15\x16\x17\x18\x19" }, | |
514 | { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C" | |
515 | "\x0C\x0C\x0C\x0C" }, | |
516 | { "" }, /* 0xAA 80 times */ | |
517 | { "" } | |
518 | }; | |
519 | ||
520 | static const int sha1_hmac_test_keylen[7] = | |
521 | { | |
522 | 20, 4, 20, 25, 20, 80, 80 | |
523 | }; | |
524 | ||
525 | static const unsigned char sha1_hmac_test_buf[7][74] = | |
526 | { | |
527 | { "Hi There" }, | |
528 | { "what do ya want for nothing?" }, | |
529 | { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" | |
530 | "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" | |
531 | "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" | |
532 | "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" | |
533 | "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" }, | |
534 | { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" | |
535 | "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" | |
536 | "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" | |
537 | "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" | |
538 | "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" }, | |
539 | { "Test With Truncation" }, | |
540 | { "Test Using Larger Than Block-Size Key - Hash Key First" }, | |
541 | { "Test Using Larger Than Block-Size Key and Larger" | |
542 | " Than One Block-Size Data" } | |
543 | }; | |
544 | ||
545 | static const int sha1_hmac_test_buflen[7] = | |
546 | { | |
547 | 8, 28, 50, 50, 20, 54, 73 | |
548 | }; | |
549 | ||
550 | static const unsigned char sha1_hmac_test_sum[7][20] = | |
551 | { | |
552 | { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B, | |
553 | 0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 }, | |
554 | { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74, | |
555 | 0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 }, | |
556 | { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3, | |
557 | 0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 }, | |
558 | { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84, | |
559 | 0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA }, | |
560 | { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2, | |
561 | 0x7B, 0xE1 }, | |
562 | { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70, | |
563 | 0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 }, | |
564 | { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B, | |
565 | 0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 } | |
566 | }; | |
567 | ||
568 | /* | |
569 | * Checkup routine | |
570 | */ | |
571 | int sha1_self_test( int verbose ) | |
572 | { | |
573 | int i, j, buflen, ret = 0; | |
574 | unsigned char buf[1024]; | |
575 | unsigned char sha1sum[20]; | |
576 | sha1_context ctx; | |
577 | ||
578 | sha1_init( &ctx ); | |
579 | ||
580 | /* | |
581 | * SHA-1 | |
582 | */ | |
583 | for( i = 0; i < 3; i++ ) | |
584 | { | |
585 | if( verbose != 0 ) | |
586 | polarssl_printf( " SHA-1 test #%d: ", i + 1 ); | |
587 | ||
588 | sha1_starts( &ctx ); | |
589 | ||
590 | if( i == 2 ) | |
591 | { | |
592 | memset( buf, 'a', buflen = 1000 ); | |
593 | ||
594 | for( j = 0; j < 1000; j++ ) | |
595 | sha1_update( &ctx, buf, buflen ); | |
596 | } | |
597 | else | |
598 | sha1_update( &ctx, sha1_test_buf[i], | |
599 | sha1_test_buflen[i] ); | |
600 | ||
601 | sha1_finish( &ctx, sha1sum ); | |
602 | ||
603 | if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 ) | |
604 | { | |
605 | if( verbose != 0 ) | |
606 | polarssl_printf( "failed\n" ); | |
607 | ||
608 | ret = 1; | |
609 | goto exit; | |
610 | } | |
611 | ||
612 | if( verbose != 0 ) | |
613 | polarssl_printf( "passed\n" ); | |
614 | } | |
615 | ||
616 | if( verbose != 0 ) | |
617 | polarssl_printf( "\n" ); | |
618 | ||
619 | for( i = 0; i < 7; i++ ) | |
620 | { | |
621 | if( verbose != 0 ) | |
622 | polarssl_printf( " HMAC-SHA-1 test #%d: ", i + 1 ); | |
623 | ||
624 | if( i == 5 || i == 6 ) | |
625 | { | |
626 | memset( buf, 0xAA, buflen = 80 ); | |
627 | sha1_hmac_starts( &ctx, buf, buflen ); | |
628 | } | |
629 | else | |
630 | sha1_hmac_starts( &ctx, sha1_hmac_test_key[i], | |
631 | sha1_hmac_test_keylen[i] ); | |
632 | ||
633 | sha1_hmac_update( &ctx, sha1_hmac_test_buf[i], | |
634 | sha1_hmac_test_buflen[i] ); | |
635 | ||
636 | sha1_hmac_finish( &ctx, sha1sum ); | |
637 | ||
638 | buflen = ( i == 4 ) ? 12 : 20; | |
639 | ||
640 | if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 ) | |
641 | { | |
642 | if( verbose != 0 ) | |
643 | polarssl_printf( "failed\n" ); | |
644 | ||
645 | ret = 1; | |
646 | goto exit; | |
647 | } | |
648 | ||
649 | if( verbose != 0 ) | |
650 | polarssl_printf( "passed\n" ); | |
651 | } | |
652 | ||
653 | if( verbose != 0 ) | |
654 | polarssl_printf( "\n" ); | |
655 | ||
656 | exit: | |
657 | sha1_free( &ctx ); | |
658 | ||
659 | return( ret ); | |
660 | } | |
661 | ||
662 | #endif /* POLARSSL_SELF_TEST */ | |
663 | ||
664 | #endif /* POLARSSL_SHA1_C */ | |
665 |