33 #if defined(POLARSSL_SHA1_C)
37 #if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
45 #define GET_ULONG_BE(n,b,i) \
47 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
48 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
49 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
50 | ( (unsigned long) (b)[(i) + 3] ); \
55 #define PUT_ULONG_BE(n,b,i) \
57 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
58 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
59 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
60 (b)[(i) + 3] = (unsigned char) ( (n) ); \
72 ctx->
state[0] = 0x67452301;
73 ctx->
state[1] = 0xEFCDAB89;
74 ctx->
state[2] = 0x98BADCFE;
75 ctx->
state[3] = 0x10325476;
76 ctx->
state[4] = 0xC3D2E1F0;
79 static void sha1_process(
sha1_context *ctx,
const unsigned char data[64] )
81 unsigned long temp, W[16], A, B, C, D, E;
100 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
104 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
105 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
106 ( W[t & 0x0F] = S(temp,1) ) \
109 #define P(a,b,c,d,e,x) \
111 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
120 #define F(x,y,z) (z ^ (x & (y ^ z)))
123 P( A, B, C, D, E, W[0] );
124 P( E, A, B, C, D, W[1] );
125 P( D, E, A, B, C, W[2] );
126 P( C, D, E, A, B, W[3] );
127 P( B, C, D, E, A, W[4] );
128 P( A, B, C, D, E, W[5] );
129 P( E, A, B, C, D, W[6] );
130 P( D, E, A, B, C, W[7] );
131 P( C, D, E, A, B, W[8] );
132 P( B, C, D, E, A, W[9] );
133 P( A, B, C, D, E, W[10] );
134 P( E, A, B, C, D, W[11] );
135 P( D, E, A, B, C, W[12] );
136 P( C, D, E, A, B, W[13] );
137 P( B, C, D, E, A, W[14] );
138 P( A, B, C, D, E, W[15] );
139 P( E, A, B, C, D, R(16) );
140 P( D, E, A, B, C, R(17) );
141 P( C, D, E, A, B, R(18) );
142 P( B, C, D, E, A, R(19) );
147 #define F(x,y,z) (x ^ y ^ z)
150 P( A, B, C, D, E, R(20) );
151 P( E, A, B, C, D, R(21) );
152 P( D, E, A, B, C, R(22) );
153 P( C, D, E, A, B, R(23) );
154 P( B, C, D, E, A, R(24) );
155 P( A, B, C, D, E, R(25) );
156 P( E, A, B, C, D, R(26) );
157 P( D, E, A, B, C, R(27) );
158 P( C, D, E, A, B, R(28) );
159 P( B, C, D, E, A, R(29) );
160 P( A, B, C, D, E, R(30) );
161 P( E, A, B, C, D, R(31) );
162 P( D, E, A, B, C, R(32) );
163 P( C, D, E, A, B, R(33) );
164 P( B, C, D, E, A, R(34) );
165 P( A, B, C, D, E, R(35) );
166 P( E, A, B, C, D, R(36) );
167 P( D, E, A, B, C, R(37) );
168 P( C, D, E, A, B, R(38) );
169 P( B, C, D, E, A, R(39) );
174 #define F(x,y,z) ((x & y) | (z & (x | y)))
177 P( A, B, C, D, E, R(40) );
178 P( E, A, B, C, D, R(41) );
179 P( D, E, A, B, C, R(42) );
180 P( C, D, E, A, B, R(43) );
181 P( B, C, D, E, A, R(44) );
182 P( A, B, C, D, E, R(45) );
183 P( E, A, B, C, D, R(46) );
184 P( D, E, A, B, C, R(47) );
185 P( C, D, E, A, B, R(48) );
186 P( B, C, D, E, A, R(49) );
187 P( A, B, C, D, E, R(50) );
188 P( E, A, B, C, D, R(51) );
189 P( D, E, A, B, C, R(52) );
190 P( C, D, E, A, B, R(53) );
191 P( B, C, D, E, A, R(54) );
192 P( A, B, C, D, E, R(55) );
193 P( E, A, B, C, D, R(56) );
194 P( D, E, A, B, C, R(57) );
195 P( C, D, E, A, B, R(58) );
196 P( B, C, D, E, A, R(59) );
201 #define F(x,y,z) (x ^ y ^ z)
204 P( A, B, C, D, E, R(60) );
205 P( E, A, B, C, D, R(61) );
206 P( D, E, A, B, C, R(62) );
207 P( C, D, E, A, B, R(63) );
208 P( B, C, D, E, A, R(64) );
209 P( A, B, C, D, E, R(65) );
210 P( E, A, B, C, D, R(66) );
211 P( D, E, A, B, C, R(67) );
212 P( C, D, E, A, B, R(68) );
213 P( B, C, D, E, A, R(69) );
214 P( A, B, C, D, E, R(70) );
215 P( E, A, B, C, D, R(71) );
216 P( D, E, A, B, C, R(72) );
217 P( C, D, E, A, B, R(73) );
218 P( B, C, D, E, A, R(74) );
219 P( A, B, C, D, E, R(75) );
220 P( E, A, B, C, D, R(76) );
221 P( D, E, A, B, C, R(77) );
222 P( C, D, E, A, B, R(78) );
223 P( B, C, D, E, A, R(79) );
246 left = ctx->
total[0] & 0x3F;
249 ctx->
total[0] += (
unsigned long) ilen;
250 ctx->
total[0] &= 0xFFFFFFFF;
252 if( ctx->
total[0] < (
unsigned long) ilen )
255 if( left && ilen >= fill )
257 memcpy( (
void *) (ctx->
buffer + left),
258 (
void *) input, fill );
259 sha1_process( ctx, ctx->
buffer );
267 sha1_process( ctx, input );
274 memcpy( (
void *) (ctx->
buffer + left),
275 (
void *) input, ilen );
279 static const unsigned char sha1_padding[64] =
281 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
282 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
283 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
284 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
292 unsigned long last, padn;
293 unsigned long high, low;
294 unsigned char msglen[8];
296 high = ( ctx->
total[0] >> 29 )
297 | ( ctx->
total[1] << 3 );
298 low = ( ctx->
total[0] << 3 );
303 last = ctx->
total[0] & 0x3F;
304 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
306 sha1_update( ctx, (
unsigned char *) sha1_padding, padn );
319 void sha1(
const unsigned char *input,
size_t ilen,
unsigned char output[20] )
330 #if defined(POLARSSL_FS_IO)
334 int sha1_file(
const char *path,
unsigned char output[20] )
339 unsigned char buf[1024];
341 if( ( f = fopen( path,
"rb" ) ) == NULL )
346 while( ( n = fread( buf, 1,
sizeof( buf ), f ) ) > 0 )
353 if( ferror( f ) != 0 )
370 unsigned char sum[20];
374 sha1( key, keylen, sum );
379 memset( ctx->
ipad, 0x36, 64 );
380 memset( ctx->
opad, 0x5C, 64 );
382 for( i = 0; i < keylen; i++ )
384 ctx->
ipad[i] = (
unsigned char)( ctx->
ipad[i] ^ key[i] );
385 ctx->
opad[i] = (
unsigned char)( ctx->
opad[i] ^ key[i] );
391 memset( sum, 0,
sizeof( sum ) );
407 unsigned char tmpbuf[20];
415 memset( tmpbuf, 0,
sizeof( tmpbuf ) );
430 void sha1_hmac(
const unsigned char *key,
size_t keylen,
431 const unsigned char *input,
size_t ilen,
432 unsigned char output[20] )
443 #if defined(POLARSSL_SELF_TEST)
447 static unsigned char sha1_test_buf[3][57] =
450 {
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
454 static const int sha1_test_buflen[3] =
459 static const unsigned char sha1_test_sum[3][20] =
461 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
462 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
463 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
464 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
465 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
466 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
472 static unsigned char sha1_hmac_test_key[7][26] =
474 {
"\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
475 "\x0B\x0B\x0B\x0B" },
477 {
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
478 "\xAA\xAA\xAA\xAA" },
479 {
"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
480 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
481 {
"\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
482 "\x0C\x0C\x0C\x0C" },
487 static const int sha1_hmac_test_keylen[7] =
489 20, 4, 20, 25, 20, 80, 80
492 static unsigned char sha1_hmac_test_buf[7][74] =
495 {
"what do ya want for nothing?" },
496 {
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
497 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
498 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
499 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
500 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
501 {
"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
502 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
503 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
504 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
505 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
506 {
"Test With Truncation" },
507 {
"Test Using Larger Than Block-Size Key - Hash Key First" },
508 {
"Test Using Larger Than Block-Size Key and Larger"
509 " Than One Block-Size Data" }
512 static const int sha1_hmac_test_buflen[7] =
514 8, 28, 50, 50, 20, 54, 73
517 static const unsigned char sha1_hmac_test_sum[7][20] =
519 { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
520 0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
521 { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
522 0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
523 { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
524 0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
525 { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
526 0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
527 { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
529 { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
530 0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
531 { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
532 0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
541 unsigned char buf[1024];
542 unsigned char sha1sum[20];
548 for( i = 0; i < 3; i++ )
551 printf(
" SHA-1 test #%d: ", i + 1 );
557 memset( buf,
'a', buflen = 1000 );
559 for( j = 0; j < 1000; j++ )
564 sha1_test_buflen[i] );
568 if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
571 printf(
"failed\n" );
577 printf(
"passed\n" );
583 for( i = 0; i < 7; i++ )
586 printf(
" HMAC-SHA-1 test #%d: ", i + 1 );
588 if( i == 5 || i == 6 )
590 memset( buf,
'\xAA', buflen = 80 );
595 sha1_hmac_test_keylen[i] );
598 sha1_hmac_test_buflen[i] );
602 buflen = ( i == 4 ) ? 12 : 20;
604 if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
607 printf(
"failed\n" );
613 printf(
"passed\n" );