31 #if !defined(POLARSSL_CONFIG_FILE)
34 #include POLARSSL_CONFIG_FILE
37 #if defined(POLARSSL_SHA1_C)
41 #if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
45 #if defined(POLARSSL_PLATFORM_C)
48 #define polarssl_printf printf
52 static void polarssl_zeroize(
void *v,
size_t n ) {
53 volatile unsigned char *p = v;
while( n-- ) *p++ = 0;
56 #if !defined(POLARSSL_SHA1_ALT)
62 #define GET_UINT32_BE(n,b,i) \
64 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
65 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
66 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
67 | ( (uint32_t) (b)[(i) + 3] ); \
72 #define PUT_UINT32_BE(n,b,i) \
74 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
75 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
76 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
77 (b)[(i) + 3] = (unsigned char) ( (n) ); \
102 ctx->
state[0] = 0x67452301;
103 ctx->
state[1] = 0xEFCDAB89;
104 ctx->
state[2] = 0x98BADCFE;
105 ctx->
state[3] = 0x10325476;
106 ctx->
state[4] = 0xC3D2E1F0;
111 uint32_t temp, W[16], A, B, C, D, E;
130 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
134 temp = W[( t - 3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \
135 W[( t - 14 ) & 0x0F] ^ W[ t & 0x0F], \
136 ( W[t & 0x0F] = S(temp,1) ) \
139 #define P(a,b,c,d,e,x) \
141 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
150 #define F(x,y,z) (z ^ (x & (y ^ z)))
153 P( A, B, C, D, E, W[0] );
154 P( E, A, B, C, D, W[1] );
155 P( D, E, A, B, C, W[2] );
156 P( C, D, E, A, B, W[3] );
157 P( B, C, D, E, A, W[4] );
158 P( A, B, C, D, E, W[5] );
159 P( E, A, B, C, D, W[6] );
160 P( D, E, A, B, C, W[7] );
161 P( C, D, E, A, B, W[8] );
162 P( B, C, D, E, A, W[9] );
163 P( A, B, C, D, E, W[10] );
164 P( E, A, B, C, D, W[11] );
165 P( D, E, A, B, C, W[12] );
166 P( C, D, E, A, B, W[13] );
167 P( B, C, D, E, A, W[14] );
168 P( A, B, C, D, E, W[15] );
169 P( E, A, B, C, D, R(16) );
170 P( D, E, A, B, C, R(17) );
171 P( C, D, E, A, B, R(18) );
172 P( B, C, D, E, A, R(19) );
177 #define F(x,y,z) (x ^ y ^ z)
180 P( A, B, C, D, E, R(20) );
181 P( E, A, B, C, D, R(21) );
182 P( D, E, A, B, C, R(22) );
183 P( C, D, E, A, B, R(23) );
184 P( B, C, D, E, A, R(24) );
185 P( A, B, C, D, E, R(25) );
186 P( E, A, B, C, D, R(26) );
187 P( D, E, A, B, C, R(27) );
188 P( C, D, E, A, B, R(28) );
189 P( B, C, D, E, A, R(29) );
190 P( A, B, C, D, E, R(30) );
191 P( E, A, B, C, D, R(31) );
192 P( D, E, A, B, C, R(32) );
193 P( C, D, E, A, B, R(33) );
194 P( B, C, D, E, A, R(34) );
195 P( A, B, C, D, E, R(35) );
196 P( E, A, B, C, D, R(36) );
197 P( D, E, A, B, C, R(37) );
198 P( C, D, E, A, B, R(38) );
199 P( B, C, D, E, A, R(39) );
204 #define F(x,y,z) ((x & y) | (z & (x | y)))
207 P( A, B, C, D, E, R(40) );
208 P( E, A, B, C, D, R(41) );
209 P( D, E, A, B, C, R(42) );
210 P( C, D, E, A, B, R(43) );
211 P( B, C, D, E, A, R(44) );
212 P( A, B, C, D, E, R(45) );
213 P( E, A, B, C, D, R(46) );
214 P( D, E, A, B, C, R(47) );
215 P( C, D, E, A, B, R(48) );
216 P( B, C, D, E, A, R(49) );
217 P( A, B, C, D, E, R(50) );
218 P( E, A, B, C, D, R(51) );
219 P( D, E, A, B, C, R(52) );
220 P( C, D, E, A, B, R(53) );
221 P( B, C, D, E, A, R(54) );
222 P( A, B, C, D, E, R(55) );
223 P( E, A, B, C, D, R(56) );
224 P( D, E, A, B, C, R(57) );
225 P( C, D, E, A, B, R(58) );
226 P( B, C, D, E, A, R(59) );
231 #define F(x,y,z) (x ^ y ^ z)
234 P( A, B, C, D, E, R(60) );
235 P( E, A, B, C, D, R(61) );
236 P( D, E, A, B, C, R(62) );
237 P( C, D, E, A, B, R(63) );
238 P( B, C, D, E, A, R(64) );
239 P( A, B, C, D, E, R(65) );
240 P( E, A, B, C, D, R(66) );
241 P( D, E, A, B, C, R(67) );
242 P( C, D, E, A, B, R(68) );
243 P( B, C, D, E, A, R(69) );
244 P( A, B, C, D, E, R(70) );
245 P( E, A, B, C, D, R(71) );
246 P( D, E, A, B, C, R(72) );
247 P( C, D, E, A, B, R(73) );
248 P( B, C, D, E, A, R(74) );
249 P( A, B, C, D, E, R(75) );
250 P( E, A, B, C, D, R(76) );
251 P( D, E, A, B, C, R(77) );
252 P( C, D, E, A, B, R(78) );
253 P( B, C, D, E, A, R(79) );
276 left = ctx->
total[0] & 0x3F;
279 ctx->
total[0] += (uint32_t) ilen;
280 ctx->
total[0] &= 0xFFFFFFFF;
282 if( ctx->
total[0] < (uint32_t) ilen )
285 if( left && ilen >= fill )
287 memcpy( (
void *) (ctx->
buffer + left), input, fill );
302 memcpy( (
void *) (ctx->
buffer + left), input, ilen );
305 static const unsigned char sha1_padding[64] =
307 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
308 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
309 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
310 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
320 unsigned char msglen[8];
322 high = ( ctx->
total[0] >> 29 )
323 | ( ctx->
total[1] << 3 );
324 low = ( ctx->
total[0] << 3 );
329 last = ctx->
total[0] & 0x3F;
330 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
347 void sha1(
const unsigned char *input,
size_t ilen,
unsigned char output[20] )
358 #if defined(POLARSSL_FS_IO)
362 int sha1_file(
const char *path,
unsigned char output[20] )
367 unsigned char buf[1024];
369 if( ( f = fopen( path,
"rb" ) ) == NULL )
375 while( ( n = fread( buf, 1,
sizeof( buf ), f ) ) > 0 )
381 if( ferror( f ) != 0 )
399 unsigned char sum[20];
403 sha1( key, keylen, sum );
408 memset( ctx->
ipad, 0x36, 64 );
409 memset( ctx->
opad, 0x5C, 64 );
411 for( i = 0; i < keylen; i++ )
413 ctx->
ipad[i] = (
unsigned char)( ctx->
ipad[i] ^ key[i] );
414 ctx->
opad[i] = (
unsigned char)( ctx->
opad[i] ^ key[i] );
420 polarssl_zeroize( sum,
sizeof( sum ) );
437 unsigned char tmpbuf[20];
445 polarssl_zeroize( tmpbuf,
sizeof( tmpbuf ) );
460 void sha1_hmac(
const unsigned char *key,
size_t keylen,
461 const unsigned char *input,
size_t ilen,
462 unsigned char output[20] )
473 #if defined(POLARSSL_SELF_TEST)
477 static unsigned char sha1_test_buf[3][57] =
480 {
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
484 static const int sha1_test_buflen[3] =
489 static const unsigned char sha1_test_sum[3][20] =
491 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
492 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
493 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
494 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
495 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
496 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
502 static unsigned char sha1_hmac_test_key[7][26] =
504 {
"\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
505 "\x0B\x0B\x0B\x0B" },
507 {
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
508 "\xAA\xAA\xAA\xAA" },
509 {
"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
510 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
511 {
"\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
512 "\x0C\x0C\x0C\x0C" },
517 static const int sha1_hmac_test_keylen[7] =
519 20, 4, 20, 25, 20, 80, 80
522 static unsigned char sha1_hmac_test_buf[7][74] =
525 {
"what do ya want for nothing?" },
526 {
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
527 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
528 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
529 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
530 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
531 {
"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
532 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
533 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
534 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
535 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
536 {
"Test With Truncation" },
537 {
"Test Using Larger Than Block-Size Key - Hash Key First" },
538 {
"Test Using Larger Than Block-Size Key and Larger"
539 " Than One Block-Size Data" }
542 static const int sha1_hmac_test_buflen[7] =
544 8, 28, 50, 50, 20, 54, 73
547 static const unsigned char sha1_hmac_test_sum[7][20] =
549 { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
550 0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
551 { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
552 0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
553 { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
554 0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
555 { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
556 0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
557 { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
559 { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
560 0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
561 { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
562 0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
570 int i, j, buflen, ret = 0;
571 unsigned char buf[1024];
572 unsigned char sha1sum[20];
580 for( i = 0; i < 3; i++ )
589 memset( buf,
'a', buflen = 1000 );
591 for( j = 0; j < 1000; j++ )
596 sha1_test_buflen[i] );
600 if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
616 for( i = 0; i < 7; i++ )
621 if( i == 5 || i == 6 )
623 memset( buf,
'\xAA', buflen = 80 );
628 sha1_hmac_test_keylen[i] );
631 sha1_hmac_test_buflen[i] );
635 buflen = ( i == 4 ) ? 12 : 20;
637 if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )