33 #if defined(POLARSSL_SHA1_C)
37 #if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
42 static void polarssl_zeroize(
void *v,
size_t n ) {
43 volatile unsigned char *p = v;
while( n-- ) *p++ = 0;
46 #if !defined(POLARSSL_SHA1_ALT)
52 #define GET_UINT32_BE(n,b,i) \
54 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
55 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
56 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
57 | ( (uint32_t) (b)[(i) + 3] ); \
62 #define PUT_UINT32_BE(n,b,i) \
64 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
65 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
66 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
67 (b)[(i) + 3] = (unsigned char) ( (n) ); \
79 ctx->
state[0] = 0x67452301;
80 ctx->
state[1] = 0xEFCDAB89;
81 ctx->
state[2] = 0x98BADCFE;
82 ctx->
state[3] = 0x10325476;
83 ctx->
state[4] = 0xC3D2E1F0;
88 uint32_t temp, W[16], A, B, C, D, E;
90 GET_UINT32_BE( W[ 0], data, 0 );
91 GET_UINT32_BE( W[ 1], data, 4 );
92 GET_UINT32_BE( W[ 2], data, 8 );
93 GET_UINT32_BE( W[ 3], data, 12 );
94 GET_UINT32_BE( W[ 4], data, 16 );
95 GET_UINT32_BE( W[ 5], data, 20 );
96 GET_UINT32_BE( W[ 6], data, 24 );
97 GET_UINT32_BE( W[ 7], data, 28 );
98 GET_UINT32_BE( W[ 8], data, 32 );
99 GET_UINT32_BE( W[ 9], data, 36 );
100 GET_UINT32_BE( W[10], data, 40 );
101 GET_UINT32_BE( W[11], data, 44 );
102 GET_UINT32_BE( W[12], data, 48 );
103 GET_UINT32_BE( W[13], data, 52 );
104 GET_UINT32_BE( W[14], data, 56 );
105 GET_UINT32_BE( W[15], data, 60 );
107 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
111 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
112 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
113 ( W[t & 0x0F] = S(temp,1) ) \
116 #define P(a,b,c,d,e,x) \
118 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
127 #define F(x,y,z) (z ^ (x & (y ^ z)))
130 P( A, B, C, D, E, W[0] );
131 P( E, A, B, C, D, W[1] );
132 P( D, E, A, B, C, W[2] );
133 P( C, D, E, A, B, W[3] );
134 P( B, C, D, E, A, W[4] );
135 P( A, B, C, D, E, W[5] );
136 P( E, A, B, C, D, W[6] );
137 P( D, E, A, B, C, W[7] );
138 P( C, D, E, A, B, W[8] );
139 P( B, C, D, E, A, W[9] );
140 P( A, B, C, D, E, W[10] );
141 P( E, A, B, C, D, W[11] );
142 P( D, E, A, B, C, W[12] );
143 P( C, D, E, A, B, W[13] );
144 P( B, C, D, E, A, W[14] );
145 P( A, B, C, D, E, W[15] );
146 P( E, A, B, C, D, R(16) );
147 P( D, E, A, B, C, R(17) );
148 P( C, D, E, A, B, R(18) );
149 P( B, C, D, E, A, R(19) );
154 #define F(x,y,z) (x ^ y ^ z)
157 P( A, B, C, D, E, R(20) );
158 P( E, A, B, C, D, R(21) );
159 P( D, E, A, B, C, R(22) );
160 P( C, D, E, A, B, R(23) );
161 P( B, C, D, E, A, R(24) );
162 P( A, B, C, D, E, R(25) );
163 P( E, A, B, C, D, R(26) );
164 P( D, E, A, B, C, R(27) );
165 P( C, D, E, A, B, R(28) );
166 P( B, C, D, E, A, R(29) );
167 P( A, B, C, D, E, R(30) );
168 P( E, A, B, C, D, R(31) );
169 P( D, E, A, B, C, R(32) );
170 P( C, D, E, A, B, R(33) );
171 P( B, C, D, E, A, R(34) );
172 P( A, B, C, D, E, R(35) );
173 P( E, A, B, C, D, R(36) );
174 P( D, E, A, B, C, R(37) );
175 P( C, D, E, A, B, R(38) );
176 P( B, C, D, E, A, R(39) );
181 #define F(x,y,z) ((x & y) | (z & (x | y)))
184 P( A, B, C, D, E, R(40) );
185 P( E, A, B, C, D, R(41) );
186 P( D, E, A, B, C, R(42) );
187 P( C, D, E, A, B, R(43) );
188 P( B, C, D, E, A, R(44) );
189 P( A, B, C, D, E, R(45) );
190 P( E, A, B, C, D, R(46) );
191 P( D, E, A, B, C, R(47) );
192 P( C, D, E, A, B, R(48) );
193 P( B, C, D, E, A, R(49) );
194 P( A, B, C, D, E, R(50) );
195 P( E, A, B, C, D, R(51) );
196 P( D, E, A, B, C, R(52) );
197 P( C, D, E, A, B, R(53) );
198 P( B, C, D, E, A, R(54) );
199 P( A, B, C, D, E, R(55) );
200 P( E, A, B, C, D, R(56) );
201 P( D, E, A, B, C, R(57) );
202 P( C, D, E, A, B, R(58) );
203 P( B, C, D, E, A, R(59) );
208 #define F(x,y,z) (x ^ y ^ z)
211 P( A, B, C, D, E, R(60) );
212 P( E, A, B, C, D, R(61) );
213 P( D, E, A, B, C, R(62) );
214 P( C, D, E, A, B, R(63) );
215 P( B, C, D, E, A, R(64) );
216 P( A, B, C, D, E, R(65) );
217 P( E, A, B, C, D, R(66) );
218 P( D, E, A, B, C, R(67) );
219 P( C, D, E, A, B, R(68) );
220 P( B, C, D, E, A, R(69) );
221 P( A, B, C, D, E, R(70) );
222 P( E, A, B, C, D, R(71) );
223 P( D, E, A, B, C, R(72) );
224 P( C, D, E, A, B, R(73) );
225 P( B, C, D, E, A, R(74) );
226 P( A, B, C, D, E, R(75) );
227 P( E, A, B, C, D, R(76) );
228 P( D, E, A, B, C, R(77) );
229 P( C, D, E, A, B, R(78) );
230 P( B, C, D, E, A, R(79) );
253 left = ctx->
total[0] & 0x3F;
256 ctx->
total[0] += (uint32_t) ilen;
257 ctx->
total[0] &= 0xFFFFFFFF;
259 if( ctx->
total[0] < (uint32_t) ilen )
262 if( left && ilen >= fill )
264 memcpy( (
void *) (ctx->
buffer + left), input, fill );
279 memcpy( (
void *) (ctx->
buffer + left), input, ilen );
282 static const unsigned char sha1_padding[64] =
284 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
285 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
286 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
287 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
297 unsigned char msglen[8];
299 high = ( ctx->
total[0] >> 29 )
300 | ( ctx->
total[1] << 3 );
301 low = ( ctx->
total[0] << 3 );
303 PUT_UINT32_BE( high, msglen, 0 );
304 PUT_UINT32_BE( low, msglen, 4 );
306 last = ctx->
total[0] & 0x3F;
307 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
312 PUT_UINT32_BE( ctx->
state[0], output, 0 );
313 PUT_UINT32_BE( ctx->
state[1], output, 4 );
314 PUT_UINT32_BE( ctx->
state[2], output, 8 );
315 PUT_UINT32_BE( ctx->
state[3], output, 12 );
316 PUT_UINT32_BE( ctx->
state[4], output, 16 );
324 void sha1(
const unsigned char *input,
size_t ilen,
unsigned char output[20] )
335 #if defined(POLARSSL_FS_IO)
339 int sha1_file(
const char *path,
unsigned char output[20] )
344 unsigned char buf[1024];
346 if( ( f = fopen( path,
"rb" ) ) == NULL )
351 while( ( n = fread( buf, 1,
sizeof( buf ), f ) ) > 0 )
358 if( ferror( f ) != 0 )
375 unsigned char sum[20];
379 sha1( key, keylen, sum );
384 memset( ctx->
ipad, 0x36, 64 );
385 memset( ctx->
opad, 0x5C, 64 );
387 for( i = 0; i < keylen; i++ )
389 ctx->
ipad[i] = (
unsigned char)( ctx->
ipad[i] ^ key[i] );
390 ctx->
opad[i] = (
unsigned char)( ctx->
opad[i] ^ key[i] );
396 polarssl_zeroize( sum,
sizeof( sum ) );
412 unsigned char tmpbuf[20];
420 polarssl_zeroize( tmpbuf,
sizeof( tmpbuf ) );
435 void sha1_hmac(
const unsigned char *key,
size_t keylen,
436 const unsigned char *input,
size_t ilen,
437 unsigned char output[20] )
448 #if defined(POLARSSL_SELF_TEST)
452 static unsigned char sha1_test_buf[3][57] =
455 {
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
459 static const int sha1_test_buflen[3] =
464 static const unsigned char sha1_test_sum[3][20] =
466 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
467 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
468 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
469 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
470 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
471 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
477 static unsigned char sha1_hmac_test_key[7][26] =
479 {
"\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
480 "\x0B\x0B\x0B\x0B" },
482 {
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
483 "\xAA\xAA\xAA\xAA" },
484 {
"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
485 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
486 {
"\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
487 "\x0C\x0C\x0C\x0C" },
492 static const int sha1_hmac_test_keylen[7] =
494 20, 4, 20, 25, 20, 80, 80
497 static unsigned char sha1_hmac_test_buf[7][74] =
500 {
"what do ya want for nothing?" },
501 {
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
502 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
503 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
504 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
505 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
506 {
"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
507 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
508 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
509 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
510 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
511 {
"Test With Truncation" },
512 {
"Test Using Larger Than Block-Size Key - Hash Key First" },
513 {
"Test Using Larger Than Block-Size Key and Larger"
514 " Than One Block-Size Data" }
517 static const int sha1_hmac_test_buflen[7] =
519 8, 28, 50, 50, 20, 54, 73
522 static const unsigned char sha1_hmac_test_sum[7][20] =
524 { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
525 0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
526 { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
527 0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
528 { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
529 0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
530 { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
531 0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
532 { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
534 { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
535 0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
536 { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
537 0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
546 unsigned char buf[1024];
547 unsigned char sha1sum[20];
553 for( i = 0; i < 3; i++ )
556 printf(
" SHA-1 test #%d: ", i + 1 );
562 memset( buf,
'a', buflen = 1000 );
564 for( j = 0; j < 1000; j++ )
569 sha1_test_buflen[i] );
573 if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
576 printf(
"failed\n" );
582 printf(
"passed\n" );
588 for( i = 0; i < 7; i++ )
591 printf(
" HMAC-SHA-1 test #%d: ", i + 1 );
593 if( i == 5 || i == 6 )
595 memset( buf,
'\xAA', buflen = 80 );
600 sha1_hmac_test_keylen[i] );
603 sha1_hmac_test_buflen[i] );
607 buflen = ( i == 4 ) ? 12 : 20;
609 if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
612 printf(
"failed\n" );
618 printf(
"passed\n" );
void sha1_hmac_finish(sha1_context *ctx, unsigned char output[20])
SHA-1 HMAC final digest.
int sha1_self_test(int verbose)
Checkup routine.
void sha1(const unsigned char *input, size_t ilen, unsigned char output[20])
Output = SHA-1( input buffer )
void sha1_finish(sha1_context *ctx, unsigned char output[20])
SHA-1 final digest.
void sha1_hmac(const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char output[20])
Output = HMAC-SHA-1( hmac key, input buffer )
Configuration options (set of defines)
void sha1_hmac_reset(sha1_context *ctx)
SHA-1 HMAC context reset.
int sha1_file(const char *path, unsigned char output[20])
Output = SHA-1( file contents )
void sha1_hmac_starts(sha1_context *ctx, const unsigned char *key, size_t keylen)
SHA-1 HMAC context setup.
void sha1_starts(sha1_context *ctx)
SHA-1 context setup.
SHA-1 cryptographic hash function.
void sha1_update(sha1_context *ctx, const unsigned char *input, size_t ilen)
SHA-1 process buffer.
void sha1_process(sha1_context *ctx, const unsigned char data[64])
void sha1_hmac_update(sha1_context *ctx, const unsigned char *input, size_t ilen)
SHA-1 HMAC process buffer.
#define POLARSSL_ERR_SHA1_FILE_IO_ERROR
Read/write error in file.