Blame - library/sha1.c - third_party/github/ARMmbed/mbedtls

blob: a528d8ec7c99b21070b09f3e7ef76efb21deb4f3 [file] [log] [blame]

Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1	/*
				2	* FIPS-180-1 compliant SHA-1 implementation
				3	*
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	4	* Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	5	*
				6	* This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker	84f12b7	2010-07-18 10:13:04 +0000	[diff] [blame]	7	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	8	*
Paul Bakker	77b385e	2009-07-28 17:23:11 +0000	[diff] [blame]	9	* All rights reserved.
Paul Bakker	e0ccd0a	2009-01-04 16:27:10 +0000	[diff] [blame]	10	*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	11	* This program is free software; you can redistribute it and/or modify
				12	* it under the terms of the GNU General Public License as published by
				13	* the Free Software Foundation; either version 2 of the License, or
				14	* (at your option) any later version.
				15	*
				16	* This program is distributed in the hope that it will be useful,
				17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				19	* GNU General Public License for more details.
				20	*
				21	* You should have received a copy of the GNU General Public License along
				22	* with this program; if not, write to the Free Software Foundation, Inc.,
				23	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				24	*/
				25	/*
				26	* The SHA-1 standard was published by NIST in 1993.
				27	*
				28	* http://www.itl.nist.gov/fipspubs/fip180-1.htm
				29	*/
				30
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	31	#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	32	#include "polarssl/config.h"
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	33	#else
				34	#include POLARSSL_CONFIG_FILE
				35	#endif
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	36
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	37	#if defined(POLARSSL_SHA1_C)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	38
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	39	#include "polarssl/sha1.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	40
Paul Bakker	335db3f	2011-04-25 15:28:35 +0000	[diff] [blame]	41	#if defined(POLARSSL_FS_IO) \|\| defined(POLARSSL_SELF_TEST)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	42	#include <stdio.h>
Paul Bakker	335db3f	2011-04-25 15:28:35 +0000	[diff] [blame]	43	#endif
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	44
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	45	#if defined(POLARSSL_PLATFORM_C)
				46	#include "polarssl/platform.h"
				47	#else
				48	#define polarssl_printf printf
				49	#endif
				50
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame]	51	/* Implementation that should never be optimized out by the compiler */
				52	static void polarssl_zeroize( void *v, size_t n ) {
				53	volatile unsigned char p = v; while( n-- ) p++ = 0;
				54	}
				55
Paul Bakker	90995b5	2013-06-24 19:20:35 +0200	[diff] [blame]	56	#if !defined(POLARSSL_SHA1_ALT)
				57
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	58	/*
				59	* 32-bit integer manipulation macros (big endian)
				60	*/
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	61	#ifndef GET_UINT32_BE
				62	#define GET_UINT32_BE(n,b,i) \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	63	{ \
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	64	(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
				65	\| ( (uint32_t) (b)[(i) + 1] << 16 ) \
				66	\| ( (uint32_t) (b)[(i) + 2] << 8 ) \
				67	\| ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	68	}
				69	#endif
				70
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	71	#ifndef PUT_UINT32_BE
				72	#define PUT_UINT32_BE(n,b,i) \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	73	{ \
				74	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
				75	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
				76	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
				77	(b)[(i) + 3] = (unsigned char) ( (n) ); \
				78	}
				79	#endif
				80
				81	/*
				82	* SHA-1 context setup
				83	*/
				84	void sha1_starts( sha1_context *ctx )
				85	{
				86	ctx->total[0] = 0;
				87	ctx->total[1] = 0;
				88
				89	ctx->state[0] = 0x67452301;
				90	ctx->state[1] = 0xEFCDAB89;
				91	ctx->state[2] = 0x98BADCFE;
				92	ctx->state[3] = 0x10325476;
				93	ctx->state[4] = 0xC3D2E1F0;
				94	}
				95
Paul Bakker	e47b34b	2013-02-27 14:48:00 +0100	[diff] [blame]	96	void sha1_process( sha1_context *ctx, const unsigned char data[64] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	97	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	98	uint32_t temp, W[16], A, B, C, D, E;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	99
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	100	GET_UINT32_BE( W[ 0], data, 0 );
				101	GET_UINT32_BE( W[ 1], data, 4 );
				102	GET_UINT32_BE( W[ 2], data, 8 );
				103	GET_UINT32_BE( W[ 3], data, 12 );
				104	GET_UINT32_BE( W[ 4], data, 16 );
				105	GET_UINT32_BE( W[ 5], data, 20 );
				106	GET_UINT32_BE( W[ 6], data, 24 );
				107	GET_UINT32_BE( W[ 7], data, 28 );
				108	GET_UINT32_BE( W[ 8], data, 32 );
				109	GET_UINT32_BE( W[ 9], data, 36 );
				110	GET_UINT32_BE( W[10], data, 40 );
				111	GET_UINT32_BE( W[11], data, 44 );
				112	GET_UINT32_BE( W[12], data, 48 );
				113	GET_UINT32_BE( W[13], data, 52 );
				114	GET_UINT32_BE( W[14], data, 56 );
				115	GET_UINT32_BE( W[15], data, 60 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	116
				117	#define S(x,n) ((x << n) \| ((x & 0xFFFFFFFF) >> (32 - n)))
				118
				119	#define R(t) \
				120	( \
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	121	temp = W[( t - 3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \
				122	W[( t - 14 ) & 0x0F] ^ W[ t & 0x0F], \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	123	( W[t & 0x0F] = S(temp,1) ) \
				124	)
				125
				126	#define P(a,b,c,d,e,x) \
				127	{ \
				128	e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
				129	}
				130
				131	A = ctx->state[0];
				132	B = ctx->state[1];
				133	C = ctx->state[2];
				134	D = ctx->state[3];
				135	E = ctx->state[4];
				136
				137	#define F(x,y,z) (z ^ (x & (y ^ z)))
				138	#define K 0x5A827999
				139
				140	P( A, B, C, D, E, W[0] );
				141	P( E, A, B, C, D, W[1] );
				142	P( D, E, A, B, C, W[2] );
				143	P( C, D, E, A, B, W[3] );
				144	P( B, C, D, E, A, W[4] );
				145	P( A, B, C, D, E, W[5] );
				146	P( E, A, B, C, D, W[6] );
				147	P( D, E, A, B, C, W[7] );
				148	P( C, D, E, A, B, W[8] );
				149	P( B, C, D, E, A, W[9] );
				150	P( A, B, C, D, E, W[10] );
				151	P( E, A, B, C, D, W[11] );
				152	P( D, E, A, B, C, W[12] );
				153	P( C, D, E, A, B, W[13] );
				154	P( B, C, D, E, A, W[14] );
				155	P( A, B, C, D, E, W[15] );
				156	P( E, A, B, C, D, R(16) );
				157	P( D, E, A, B, C, R(17) );
				158	P( C, D, E, A, B, R(18) );
				159	P( B, C, D, E, A, R(19) );
				160
				161	#undef K
				162	#undef F
				163
				164	#define F(x,y,z) (x ^ y ^ z)
				165	#define K 0x6ED9EBA1
				166
				167	P( A, B, C, D, E, R(20) );
				168	P( E, A, B, C, D, R(21) );
				169	P( D, E, A, B, C, R(22) );
				170	P( C, D, E, A, B, R(23) );
				171	P( B, C, D, E, A, R(24) );
				172	P( A, B, C, D, E, R(25) );
				173	P( E, A, B, C, D, R(26) );
				174	P( D, E, A, B, C, R(27) );
				175	P( C, D, E, A, B, R(28) );
				176	P( B, C, D, E, A, R(29) );
				177	P( A, B, C, D, E, R(30) );
				178	P( E, A, B, C, D, R(31) );
				179	P( D, E, A, B, C, R(32) );
				180	P( C, D, E, A, B, R(33) );
				181	P( B, C, D, E, A, R(34) );
				182	P( A, B, C, D, E, R(35) );
				183	P( E, A, B, C, D, R(36) );
				184	P( D, E, A, B, C, R(37) );
				185	P( C, D, E, A, B, R(38) );
				186	P( B, C, D, E, A, R(39) );
				187
				188	#undef K
				189	#undef F
				190
				191	#define F(x,y,z) ((x & y) \| (z & (x \| y)))
				192	#define K 0x8F1BBCDC
				193
				194	P( A, B, C, D, E, R(40) );
				195	P( E, A, B, C, D, R(41) );
				196	P( D, E, A, B, C, R(42) );
				197	P( C, D, E, A, B, R(43) );
				198	P( B, C, D, E, A, R(44) );
				199	P( A, B, C, D, E, R(45) );
				200	P( E, A, B, C, D, R(46) );
				201	P( D, E, A, B, C, R(47) );
				202	P( C, D, E, A, B, R(48) );
				203	P( B, C, D, E, A, R(49) );
				204	P( A, B, C, D, E, R(50) );
				205	P( E, A, B, C, D, R(51) );
				206	P( D, E, A, B, C, R(52) );
				207	P( C, D, E, A, B, R(53) );
				208	P( B, C, D, E, A, R(54) );
				209	P( A, B, C, D, E, R(55) );
				210	P( E, A, B, C, D, R(56) );
				211	P( D, E, A, B, C, R(57) );
				212	P( C, D, E, A, B, R(58) );
				213	P( B, C, D, E, A, R(59) );
				214
				215	#undef K
				216	#undef F
				217
				218	#define F(x,y,z) (x ^ y ^ z)
				219	#define K 0xCA62C1D6
				220
				221	P( A, B, C, D, E, R(60) );
				222	P( E, A, B, C, D, R(61) );
				223	P( D, E, A, B, C, R(62) );
				224	P( C, D, E, A, B, R(63) );
				225	P( B, C, D, E, A, R(64) );
				226	P( A, B, C, D, E, R(65) );
				227	P( E, A, B, C, D, R(66) );
				228	P( D, E, A, B, C, R(67) );
				229	P( C, D, E, A, B, R(68) );
				230	P( B, C, D, E, A, R(69) );
				231	P( A, B, C, D, E, R(70) );
				232	P( E, A, B, C, D, R(71) );
				233	P( D, E, A, B, C, R(72) );
				234	P( C, D, E, A, B, R(73) );
				235	P( B, C, D, E, A, R(74) );
				236	P( A, B, C, D, E, R(75) );
				237	P( E, A, B, C, D, R(76) );
				238	P( D, E, A, B, C, R(77) );
				239	P( C, D, E, A, B, R(78) );
				240	P( B, C, D, E, A, R(79) );
				241
				242	#undef K
				243	#undef F
				244
				245	ctx->state[0] += A;
				246	ctx->state[1] += B;
				247	ctx->state[2] += C;
				248	ctx->state[3] += D;
				249	ctx->state[4] += E;
				250	}
				251
				252	/*
				253	* SHA-1 process buffer
				254	*/
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	255	void sha1_update( sha1_context ctx, const unsigned char input, size_t ilen )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	256	{
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	257	size_t fill;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	258	uint32_t left;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	259
Brian White	12895d1	2014-04-11 11:29:42 -0400	[diff] [blame]	260	if( ilen == 0 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	261	return;
				262
				263	left = ctx->total[0] & 0x3F;
				264	fill = 64 - left;
				265
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	266	ctx->total[0] += (uint32_t) ilen;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	267	ctx->total[0] &= 0xFFFFFFFF;
				268
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	269	if( ctx->total[0] < (uint32_t) ilen )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	270	ctx->total[1]++;
				271
				272	if( left && ilen >= fill )
				273	{
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	274	memcpy( (void *) (ctx->buffer + left), input, fill );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	275	sha1_process( ctx, ctx->buffer );
				276	input += fill;
				277	ilen -= fill;
				278	left = 0;
				279	}
				280
				281	while( ilen >= 64 )
				282	{
				283	sha1_process( ctx, input );
				284	input += 64;
				285	ilen -= 64;
				286	}
				287
				288	if( ilen > 0 )
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	289	memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	290	}
				291
				292	static const unsigned char sha1_padding[64] =
				293	{
				294	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
				295	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
				296	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
				297	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
				298	};
				299
				300	/*
				301	* SHA-1 final digest
				302	*/
				303	void sha1_finish( sha1_context *ctx, unsigned char output[20] )
				304	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	305	uint32_t last, padn;
				306	uint32_t high, low;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	307	unsigned char msglen[8];
				308
				309	high = ( ctx->total[0] >> 29 )
				310	\| ( ctx->total[1] << 3 );
				311	low = ( ctx->total[0] << 3 );
				312
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	313	PUT_UINT32_BE( high, msglen, 0 );
				314	PUT_UINT32_BE( low, msglen, 4 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	315
				316	last = ctx->total[0] & 0x3F;
				317	padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
				318
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	319	sha1_update( ctx, sha1_padding, padn );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	320	sha1_update( ctx, msglen, 8 );
				321
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	322	PUT_UINT32_BE( ctx->state[0], output, 0 );
				323	PUT_UINT32_BE( ctx->state[1], output, 4 );
				324	PUT_UINT32_BE( ctx->state[2], output, 8 );
				325	PUT_UINT32_BE( ctx->state[3], output, 12 );
				326	PUT_UINT32_BE( ctx->state[4], output, 16 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	327	}
				328
Paul Bakker	90995b5	2013-06-24 19:20:35 +0200	[diff] [blame]	329	#endif /* !POLARSSL_SHA1_ALT */
				330
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	331	/*
				332	* output = SHA-1( input buffer )
				333	*/
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	334	void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	335	{
				336	sha1_context ctx;
				337
				338	sha1_starts( &ctx );
				339	sha1_update( &ctx, input, ilen );
				340	sha1_finish( &ctx, output );
				341
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame]	342	polarssl_zeroize( &ctx, sizeof( sha1_context ) );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	343	}
				344
Paul Bakker	335db3f	2011-04-25 15:28:35 +0000	[diff] [blame]	345	#if defined(POLARSSL_FS_IO)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	346	/*
				347	* output = SHA-1( file contents )
				348	*/
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	349	int sha1_file( const char *path, unsigned char output[20] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	350	{
				351	FILE *f;
				352	size_t n;
				353	sha1_context ctx;
				354	unsigned char buf[1024];
				355
				356	if( ( f = fopen( path, "rb" ) ) == NULL )
Paul Bakker	69e095c	2011-12-10 21:55:01 +0000	[diff] [blame]	357	return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	358
				359	sha1_starts( &ctx );
				360
				361	while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
Paul Bakker	27fdf46	2011-06-09 13:55:13 +0000	[diff] [blame]	362	sha1_update( &ctx, buf, n );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	363
				364	sha1_finish( &ctx, output );
				365
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame]	366	polarssl_zeroize( &ctx, sizeof( sha1_context ) );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	367
				368	if( ferror( f ) != 0 )
				369	{
				370	fclose( f );
Paul Bakker	69e095c	2011-12-10 21:55:01 +0000	[diff] [blame]	371	return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	372	}
				373
				374	fclose( f );
				375	return( 0 );
				376	}
Paul Bakker	335db3f	2011-04-25 15:28:35 +0000	[diff] [blame]	377	#endif /* POLARSSL_FS_IO */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	378
				379	/*
				380	* SHA-1 HMAC context setup
				381	*/
Paul Bakker	b9e4e2c	2014-05-01 14:18:25 +0200	[diff] [blame]	382	void sha1_hmac_starts( sha1_context ctx, const unsigned char key,
				383	size_t keylen )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	384	{
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	385	size_t i;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	386	unsigned char sum[20];
				387
				388	if( keylen > 64 )
				389	{
				390	sha1( key, keylen, sum );
				391	keylen = 20;
				392	key = sum;
				393	}
				394
				395	memset( ctx->ipad, 0x36, 64 );
				396	memset( ctx->opad, 0x5C, 64 );
				397
				398	for( i = 0; i < keylen; i++ )
				399	{
				400	ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
				401	ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
				402	}
				403
				404	sha1_starts( ctx );
				405	sha1_update( ctx, ctx->ipad, 64 );
				406
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame]	407	polarssl_zeroize( sum, sizeof( sum ) );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	408	}
				409
				410	/*
				411	* SHA-1 HMAC process buffer
				412	*/
Paul Bakker	b9e4e2c	2014-05-01 14:18:25 +0200	[diff] [blame]	413	void sha1_hmac_update( sha1_context ctx, const unsigned char input,
				414	size_t ilen )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	415	{
				416	sha1_update( ctx, input, ilen );
				417	}
				418
				419	/*
				420	* SHA-1 HMAC final digest
				421	*/
				422	void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
				423	{
				424	unsigned char tmpbuf[20];
				425
				426	sha1_finish( ctx, tmpbuf );
				427	sha1_starts( ctx );
				428	sha1_update( ctx, ctx->opad, 64 );
				429	sha1_update( ctx, tmpbuf, 20 );
				430	sha1_finish( ctx, output );
				431
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame]	432	polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	433	}
				434
				435	/*
Paul Bakker	7d3b661	2010-03-21 16:23:13 +0000	[diff] [blame]	436	* SHA1 HMAC context reset
				437	*/
				438	void sha1_hmac_reset( sha1_context *ctx )
				439	{
				440	sha1_starts( ctx );
				441	sha1_update( ctx, ctx->ipad, 64 );
				442	}
				443
				444	/*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	445	* output = HMAC-SHA-1( hmac key, input buffer )
				446	*/
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	447	void sha1_hmac( const unsigned char *key, size_t keylen,
				448	const unsigned char *input, size_t ilen,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	449	unsigned char output[20] )
				450	{
				451	sha1_context ctx;
				452
				453	sha1_hmac_starts( &ctx, key, keylen );
				454	sha1_hmac_update( &ctx, input, ilen );
				455	sha1_hmac_finish( &ctx, output );
				456
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame]	457	polarssl_zeroize( &ctx, sizeof( sha1_context ) );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	458	}
				459
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	460	#if defined(POLARSSL_SELF_TEST)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	461	/*
				462	* FIPS-180-1 test vectors
				463	*/
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	464	static unsigned char sha1_test_buf[3][57] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	465	{
				466	{ "abc" },
				467	{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
				468	{ "" }
				469	};
				470
				471	static const int sha1_test_buflen[3] =
				472	{
				473	3, 56, 1000
				474	};
				475
				476	static const unsigned char sha1_test_sum[3][20] =
				477	{
				478	{ 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
				479	0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
				480	{ 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
				481	0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
				482	{ 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
				483	0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
				484	};
				485
				486	/*
				487	* RFC 2202 test vectors
				488	*/
				489	static unsigned char sha1_hmac_test_key[7][26] =
				490	{
				491	{ "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
				492	"\x0B\x0B\x0B\x0B" },
				493	{ "Jefe" },
				494	{ "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
				495	"\xAA\xAA\xAA\xAA" },
				496	{ "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
				497	"\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
				498	{ "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
				499	"\x0C\x0C\x0C\x0C" },
				500	{ "" }, /* 0xAA 80 times */
				501	{ "" }
				502	};
				503
				504	static const int sha1_hmac_test_keylen[7] =
				505	{
				506	20, 4, 20, 25, 20, 80, 80
				507	};
				508
				509	static unsigned char sha1_hmac_test_buf[7][74] =
				510	{
				511	{ "Hi There" },
				512	{ "what do ya want for nothing?" },
				513	{ "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
				514	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
				515	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
				516	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
				517	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
				518	{ "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
				519	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
				520	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
				521	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
				522	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
				523	{ "Test With Truncation" },
				524	{ "Test Using Larger Than Block-Size Key - Hash Key First" },
				525	{ "Test Using Larger Than Block-Size Key and Larger"
				526	" Than One Block-Size Data" }
				527	};
				528
				529	static const int sha1_hmac_test_buflen[7] =
				530	{
				531	8, 28, 50, 50, 20, 54, 73
				532	};
				533
				534	static const unsigned char sha1_hmac_test_sum[7][20] =
				535	{
				536	{ 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
				537	0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
				538	{ 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
				539	0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
				540	{ 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
				541	0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
				542	{ 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
				543	0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
				544	{ 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
				545	0x7B, 0xE1 },
				546	{ 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
				547	0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
				548	{ 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
				549	0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
				550	};
				551
				552	/*
				553	* Checkup routine
				554	*/
				555	int sha1_self_test( int verbose )
				556	{
				557	int i, j, buflen;
				558	unsigned char buf[1024];
				559	unsigned char sha1sum[20];
				560	sha1_context ctx;
				561
				562	/*
				563	* SHA-1
				564	*/
				565	for( i = 0; i < 3; i++ )
				566	{
				567	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	568	polarssl_printf( " SHA-1 test #%d: ", i + 1 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	569
				570	sha1_starts( &ctx );
				571
				572	if( i == 2 )
				573	{
				574	memset( buf, 'a', buflen = 1000 );
				575
				576	for( j = 0; j < 1000; j++ )
				577	sha1_update( &ctx, buf, buflen );
				578	}
				579	else
				580	sha1_update( &ctx, sha1_test_buf[i],
				581	sha1_test_buflen[i] );
				582
				583	sha1_finish( &ctx, sha1sum );
				584
				585	if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
				586	{
				587	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	588	polarssl_printf( "failed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	589
				590	return( 1 );
				591	}
				592
				593	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	594	polarssl_printf( "passed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	595	}
				596
				597	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	598	polarssl_printf( "\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	599
				600	for( i = 0; i < 7; i++ )
				601	{
				602	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	603	polarssl_printf( " HMAC-SHA-1 test #%d: ", i + 1 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	604
				605	if( i == 5 \|\| i == 6 )
				606	{
				607	memset( buf, '\xAA', buflen = 80 );
				608	sha1_hmac_starts( &ctx, buf, buflen );
				609	}
				610	else
				611	sha1_hmac_starts( &ctx, sha1_hmac_test_key[i],
				612	sha1_hmac_test_keylen[i] );
				613
				614	sha1_hmac_update( &ctx, sha1_hmac_test_buf[i],
				615	sha1_hmac_test_buflen[i] );
				616
				617	sha1_hmac_finish( &ctx, sha1sum );
				618
				619	buflen = ( i == 4 ) ? 12 : 20;
				620
				621	if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
				622	{
				623	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	624	polarssl_printf( "failed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	625
				626	return( 1 );
				627	}
				628
				629	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	630	polarssl_printf( "passed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	631	}
				632
				633	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	634	polarssl_printf( "\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	635
				636	return( 0 );
				637	}
				638
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	639	#endif /* POLARSSL_SELF_TEST */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	640
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	641	#endif /* POLARSSL_SHA1_C */