Blame - library/sha1.c - third_party/github/ARMmbed/mbedtls

blob: c477e9a61666da8159d112dc14cf66399f1309a3 [file] [log] [blame]

Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1	/*
				2	* FIPS-180-1 compliant SHA-1 implementation
				3	*
Manuel Pégourié-Gonnard	a658a40	2015-01-23 09:45:19 +0000	[diff] [blame]	4	* Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	5	*
Manuel Pégourié-Gonnard	860b516	2015-01-28 17:12:07 +0000	[diff] [blame]	6	* This file is part of mbed TLS (https://polarssl.org)
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	7	*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	8	* This program is free software; you can redistribute it and/or modify
				9	* it under the terms of the GNU General Public License as published by
				10	* the Free Software Foundation; either version 2 of the License, or
				11	* (at your option) any later version.
				12	*
				13	* This program is distributed in the hope that it will be useful,
				14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				16	* GNU General Public License for more details.
				17	*
				18	* You should have received a copy of the GNU General Public License along
				19	* with this program; if not, write to the Free Software Foundation, Inc.,
				20	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				21	*/
				22	/*
				23	* The SHA-1 standard was published by NIST in 1993.
				24	*
				25	* http://www.itl.nist.gov/fipspubs/fip180-1.htm
				26	*/
				27
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	28	#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	29	#include "polarssl/config.h"
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	30	#else
				31	#include POLARSSL_CONFIG_FILE
				32	#endif
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	33
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	34	#if defined(POLARSSL_SHA1_C)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	35
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	36	#include "polarssl/sha1.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	37
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	38	#include <string.h>
				39
				40	#if defined(POLARSSL_FS_IO)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	41	#include <stdio.h>
Paul Bakker	335db3f	2011-04-25 15:28:35 +0000	[diff] [blame]	42	#endif
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	43
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	44	#if defined(POLARSSL_SELF_TEST)
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	45	#if defined(POLARSSL_PLATFORM_C)
				46	#include "polarssl/platform.h"
				47	#else
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	48	#include <stdio.h>
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	49	#define polarssl_printf printf
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	50	#endif /* POLARSSL_PLATFORM_C */
				51	#endif /* POLARSSL_SELF_TEST */
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	52
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame]	53	/* Implementation that should never be optimized out by the compiler */
				54	static void polarssl_zeroize( void *v, size_t n ) {
				55	volatile unsigned char p = v; while( n-- ) p++ = 0;
				56	}
				57
Paul Bakker	90995b5	2013-06-24 19:20:35 +0200	[diff] [blame]	58	#if !defined(POLARSSL_SHA1_ALT)
				59
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	60	/*
				61	* 32-bit integer manipulation macros (big endian)
				62	*/
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	63	#ifndef GET_UINT32_BE
				64	#define GET_UINT32_BE(n,b,i) \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	65	{ \
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	66	(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
				67	\| ( (uint32_t) (b)[(i) + 1] << 16 ) \
				68	\| ( (uint32_t) (b)[(i) + 2] << 8 ) \
				69	\| ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	70	}
				71	#endif
				72
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	73	#ifndef PUT_UINT32_BE
				74	#define PUT_UINT32_BE(n,b,i) \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	75	{ \
				76	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
				77	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
				78	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
				79	(b)[(i) + 3] = (unsigned char) ( (n) ); \
				80	}
				81	#endif
				82
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	83	void sha1_init( sha1_context *ctx )
				84	{
				85	memset( ctx, 0, sizeof( sha1_context ) );
				86	}
				87
				88	void sha1_free( sha1_context *ctx )
				89	{
				90	if( ctx == NULL )
				91	return;
				92
				93	polarssl_zeroize( ctx, sizeof( sha1_context ) );
				94	}
				95
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	96	/*
				97	* SHA-1 context setup
				98	*/
				99	void sha1_starts( sha1_context *ctx )
				100	{
				101	ctx->total[0] = 0;
				102	ctx->total[1] = 0;
				103
				104	ctx->state[0] = 0x67452301;
				105	ctx->state[1] = 0xEFCDAB89;
				106	ctx->state[2] = 0x98BADCFE;
				107	ctx->state[3] = 0x10325476;
				108	ctx->state[4] = 0xC3D2E1F0;
				109	}
				110
Paul Bakker	e47b34b	2013-02-27 14:48:00 +0100	[diff] [blame]	111	void sha1_process( sha1_context *ctx, const unsigned char data[64] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	112	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	113	uint32_t temp, W[16], A, B, C, D, E;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	114
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	115	GET_UINT32_BE( W[ 0], data, 0 );
				116	GET_UINT32_BE( W[ 1], data, 4 );
				117	GET_UINT32_BE( W[ 2], data, 8 );
				118	GET_UINT32_BE( W[ 3], data, 12 );
				119	GET_UINT32_BE( W[ 4], data, 16 );
				120	GET_UINT32_BE( W[ 5], data, 20 );
				121	GET_UINT32_BE( W[ 6], data, 24 );
				122	GET_UINT32_BE( W[ 7], data, 28 );
				123	GET_UINT32_BE( W[ 8], data, 32 );
				124	GET_UINT32_BE( W[ 9], data, 36 );
				125	GET_UINT32_BE( W[10], data, 40 );
				126	GET_UINT32_BE( W[11], data, 44 );
				127	GET_UINT32_BE( W[12], data, 48 );
				128	GET_UINT32_BE( W[13], data, 52 );
				129	GET_UINT32_BE( W[14], data, 56 );
				130	GET_UINT32_BE( W[15], data, 60 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	131
				132	#define S(x,n) ((x << n) \| ((x & 0xFFFFFFFF) >> (32 - n)))
				133
				134	#define R(t) \
				135	( \
Paul Bakker	66d5d07	2014-06-17 16:39:18 +0200	[diff] [blame]	136	temp = W[( t - 3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \
				137	W[( t - 14 ) & 0x0F] ^ W[ t & 0x0F], \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	138	( W[t & 0x0F] = S(temp,1) ) \
				139	)
				140
				141	#define P(a,b,c,d,e,x) \
				142	{ \
				143	e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
				144	}
				145
				146	A = ctx->state[0];
				147	B = ctx->state[1];
				148	C = ctx->state[2];
				149	D = ctx->state[3];
				150	E = ctx->state[4];
				151
				152	#define F(x,y,z) (z ^ (x & (y ^ z)))
				153	#define K 0x5A827999
				154
				155	P( A, B, C, D, E, W[0] );
				156	P( E, A, B, C, D, W[1] );
				157	P( D, E, A, B, C, W[2] );
				158	P( C, D, E, A, B, W[3] );
				159	P( B, C, D, E, A, W[4] );
				160	P( A, B, C, D, E, W[5] );
				161	P( E, A, B, C, D, W[6] );
				162	P( D, E, A, B, C, W[7] );
				163	P( C, D, E, A, B, W[8] );
				164	P( B, C, D, E, A, W[9] );
				165	P( A, B, C, D, E, W[10] );
				166	P( E, A, B, C, D, W[11] );
				167	P( D, E, A, B, C, W[12] );
				168	P( C, D, E, A, B, W[13] );
				169	P( B, C, D, E, A, W[14] );
				170	P( A, B, C, D, E, W[15] );
				171	P( E, A, B, C, D, R(16) );
				172	P( D, E, A, B, C, R(17) );
				173	P( C, D, E, A, B, R(18) );
				174	P( B, C, D, E, A, R(19) );
				175
				176	#undef K
				177	#undef F
				178
				179	#define F(x,y,z) (x ^ y ^ z)
				180	#define K 0x6ED9EBA1
				181
				182	P( A, B, C, D, E, R(20) );
				183	P( E, A, B, C, D, R(21) );
				184	P( D, E, A, B, C, R(22) );
				185	P( C, D, E, A, B, R(23) );
				186	P( B, C, D, E, A, R(24) );
				187	P( A, B, C, D, E, R(25) );
				188	P( E, A, B, C, D, R(26) );
				189	P( D, E, A, B, C, R(27) );
				190	P( C, D, E, A, B, R(28) );
				191	P( B, C, D, E, A, R(29) );
				192	P( A, B, C, D, E, R(30) );
				193	P( E, A, B, C, D, R(31) );
				194	P( D, E, A, B, C, R(32) );
				195	P( C, D, E, A, B, R(33) );
				196	P( B, C, D, E, A, R(34) );
				197	P( A, B, C, D, E, R(35) );
				198	P( E, A, B, C, D, R(36) );
				199	P( D, E, A, B, C, R(37) );
				200	P( C, D, E, A, B, R(38) );
				201	P( B, C, D, E, A, R(39) );
				202
				203	#undef K
				204	#undef F
				205
				206	#define F(x,y,z) ((x & y) \| (z & (x \| y)))
				207	#define K 0x8F1BBCDC
				208
				209	P( A, B, C, D, E, R(40) );
				210	P( E, A, B, C, D, R(41) );
				211	P( D, E, A, B, C, R(42) );
				212	P( C, D, E, A, B, R(43) );
				213	P( B, C, D, E, A, R(44) );
				214	P( A, B, C, D, E, R(45) );
				215	P( E, A, B, C, D, R(46) );
				216	P( D, E, A, B, C, R(47) );
				217	P( C, D, E, A, B, R(48) );
				218	P( B, C, D, E, A, R(49) );
				219	P( A, B, C, D, E, R(50) );
				220	P( E, A, B, C, D, R(51) );
				221	P( D, E, A, B, C, R(52) );
				222	P( C, D, E, A, B, R(53) );
				223	P( B, C, D, E, A, R(54) );
				224	P( A, B, C, D, E, R(55) );
				225	P( E, A, B, C, D, R(56) );
				226	P( D, E, A, B, C, R(57) );
				227	P( C, D, E, A, B, R(58) );
				228	P( B, C, D, E, A, R(59) );
				229
				230	#undef K
				231	#undef F
				232
				233	#define F(x,y,z) (x ^ y ^ z)
				234	#define K 0xCA62C1D6
				235
				236	P( A, B, C, D, E, R(60) );
				237	P( E, A, B, C, D, R(61) );
				238	P( D, E, A, B, C, R(62) );
				239	P( C, D, E, A, B, R(63) );
				240	P( B, C, D, E, A, R(64) );
				241	P( A, B, C, D, E, R(65) );
				242	P( E, A, B, C, D, R(66) );
				243	P( D, E, A, B, C, R(67) );
				244	P( C, D, E, A, B, R(68) );
				245	P( B, C, D, E, A, R(69) );
				246	P( A, B, C, D, E, R(70) );
				247	P( E, A, B, C, D, R(71) );
				248	P( D, E, A, B, C, R(72) );
				249	P( C, D, E, A, B, R(73) );
				250	P( B, C, D, E, A, R(74) );
				251	P( A, B, C, D, E, R(75) );
				252	P( E, A, B, C, D, R(76) );
				253	P( D, E, A, B, C, R(77) );
				254	P( C, D, E, A, B, R(78) );
				255	P( B, C, D, E, A, R(79) );
				256
				257	#undef K
				258	#undef F
				259
				260	ctx->state[0] += A;
				261	ctx->state[1] += B;
				262	ctx->state[2] += C;
				263	ctx->state[3] += D;
				264	ctx->state[4] += E;
				265	}
				266
				267	/*
				268	* SHA-1 process buffer
				269	*/
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	270	void sha1_update( sha1_context ctx, const unsigned char input, size_t ilen )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	271	{
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	272	size_t fill;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	273	uint32_t left;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	274
Brian White	12895d1	2014-04-11 11:29:42 -0400	[diff] [blame]	275	if( ilen == 0 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	276	return;
				277
				278	left = ctx->total[0] & 0x3F;
				279	fill = 64 - left;
				280
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	281	ctx->total[0] += (uint32_t) ilen;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	282	ctx->total[0] &= 0xFFFFFFFF;
				283
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	284	if( ctx->total[0] < (uint32_t) ilen )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	285	ctx->total[1]++;
				286
				287	if( left && ilen >= fill )
				288	{
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	289	memcpy( (void *) (ctx->buffer + left), input, fill );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	290	sha1_process( ctx, ctx->buffer );
				291	input += fill;
				292	ilen -= fill;
				293	left = 0;
				294	}
				295
				296	while( ilen >= 64 )
				297	{
				298	sha1_process( ctx, input );
				299	input += 64;
				300	ilen -= 64;
				301	}
				302
				303	if( ilen > 0 )
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	304	memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	305	}
				306
				307	static const unsigned char sha1_padding[64] =
				308	{
				309	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
				310	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
				311	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
				312	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
				313	};
				314
				315	/*
				316	* SHA-1 final digest
				317	*/
				318	void sha1_finish( sha1_context *ctx, unsigned char output[20] )
				319	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	320	uint32_t last, padn;
				321	uint32_t high, low;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	322	unsigned char msglen[8];
				323
				324	high = ( ctx->total[0] >> 29 )
				325	\| ( ctx->total[1] << 3 );
				326	low = ( ctx->total[0] << 3 );
				327
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	328	PUT_UINT32_BE( high, msglen, 0 );
				329	PUT_UINT32_BE( low, msglen, 4 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	330
				331	last = ctx->total[0] & 0x3F;
				332	padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
				333
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	334	sha1_update( ctx, sha1_padding, padn );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	335	sha1_update( ctx, msglen, 8 );
				336
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	337	PUT_UINT32_BE( ctx->state[0], output, 0 );
				338	PUT_UINT32_BE( ctx->state[1], output, 4 );
				339	PUT_UINT32_BE( ctx->state[2], output, 8 );
				340	PUT_UINT32_BE( ctx->state[3], output, 12 );
				341	PUT_UINT32_BE( ctx->state[4], output, 16 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	342	}
				343
Paul Bakker	90995b5	2013-06-24 19:20:35 +0200	[diff] [blame]	344	#endif /* !POLARSSL_SHA1_ALT */
				345
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	346	/*
				347	* output = SHA-1( input buffer )
				348	*/
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	349	void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	350	{
				351	sha1_context ctx;
				352
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	353	sha1_init( &ctx );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	354	sha1_starts( &ctx );
				355	sha1_update( &ctx, input, ilen );
				356	sha1_finish( &ctx, output );
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	357	sha1_free( &ctx );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	358	}
				359
Paul Bakker	335db3f	2011-04-25 15:28:35 +0000	[diff] [blame]	360	#if defined(POLARSSL_FS_IO)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	361	/*
				362	* output = SHA-1( file contents )
				363	*/
Paul Bakker	ff60ee6	2010-03-16 21:09:09 +0000	[diff] [blame]	364	int sha1_file( const char *path, unsigned char output[20] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	365	{
				366	FILE *f;
				367	size_t n;
				368	sha1_context ctx;
				369	unsigned char buf[1024];
				370
				371	if( ( f = fopen( path, "rb" ) ) == NULL )
Paul Bakker	69e095c	2011-12-10 21:55:01 +0000	[diff] [blame]	372	return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	373
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	374	sha1_init( &ctx );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	375	sha1_starts( &ctx );
				376
				377	while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
Paul Bakker	27fdf46	2011-06-09 13:55:13 +0000	[diff] [blame]	378	sha1_update( &ctx, buf, n );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	379
				380	sha1_finish( &ctx, output );
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	381	sha1_free( &ctx );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	382
				383	if( ferror( f ) != 0 )
				384	{
				385	fclose( f );
Paul Bakker	69e095c	2011-12-10 21:55:01 +0000	[diff] [blame]	386	return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	387	}
				388
				389	fclose( f );
				390	return( 0 );
				391	}
Paul Bakker	335db3f	2011-04-25 15:28:35 +0000	[diff] [blame]	392	#endif /* POLARSSL_FS_IO */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	393
				394	/*
				395	* SHA-1 HMAC context setup
				396	*/
Paul Bakker	b9e4e2c	2014-05-01 14:18:25 +0200	[diff] [blame]	397	void sha1_hmac_starts( sha1_context ctx, const unsigned char key,
				398	size_t keylen )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	399	{
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	400	size_t i;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	401	unsigned char sum[20];
				402
				403	if( keylen > 64 )
				404	{
				405	sha1( key, keylen, sum );
				406	keylen = 20;
				407	key = sum;
				408	}
				409
				410	memset( ctx->ipad, 0x36, 64 );
				411	memset( ctx->opad, 0x5C, 64 );
				412
				413	for( i = 0; i < keylen; i++ )
				414	{
				415	ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
				416	ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
				417	}
				418
				419	sha1_starts( ctx );
				420	sha1_update( ctx, ctx->ipad, 64 );
				421
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame]	422	polarssl_zeroize( sum, sizeof( sum ) );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	423	}
				424
				425	/*
				426	* SHA-1 HMAC process buffer
				427	*/
Paul Bakker	b9e4e2c	2014-05-01 14:18:25 +0200	[diff] [blame]	428	void sha1_hmac_update( sha1_context ctx, const unsigned char input,
				429	size_t ilen )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	430	{
				431	sha1_update( ctx, input, ilen );
				432	}
				433
				434	/*
				435	* SHA-1 HMAC final digest
				436	*/
				437	void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
				438	{
				439	unsigned char tmpbuf[20];
				440
				441	sha1_finish( ctx, tmpbuf );
				442	sha1_starts( ctx );
				443	sha1_update( ctx, ctx->opad, 64 );
				444	sha1_update( ctx, tmpbuf, 20 );
				445	sha1_finish( ctx, output );
				446
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame]	447	polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	448	}
				449
				450	/*
Paul Bakker	7d3b661	2010-03-21 16:23:13 +0000	[diff] [blame]	451	* SHA1 HMAC context reset
				452	*/
				453	void sha1_hmac_reset( sha1_context *ctx )
				454	{
				455	sha1_starts( ctx );
				456	sha1_update( ctx, ctx->ipad, 64 );
				457	}
				458
				459	/*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	460	* output = HMAC-SHA-1( hmac key, input buffer )
				461	*/
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	462	void sha1_hmac( const unsigned char *key, size_t keylen,
				463	const unsigned char *input, size_t ilen,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	464	unsigned char output[20] )
				465	{
				466	sha1_context ctx;
				467
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	468	sha1_init( &ctx );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	469	sha1_hmac_starts( &ctx, key, keylen );
				470	sha1_hmac_update( &ctx, input, ilen );
				471	sha1_hmac_finish( &ctx, output );
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	472	sha1_free( &ctx );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	473	}
				474
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	475	#if defined(POLARSSL_SELF_TEST)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	476	/*
				477	* FIPS-180-1 test vectors
				478	*/
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	479	static unsigned char sha1_test_buf[3][57] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	480	{
				481	{ "abc" },
				482	{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
				483	{ "" }
				484	};
				485
				486	static const int sha1_test_buflen[3] =
				487	{
				488	3, 56, 1000
				489	};
				490
				491	static const unsigned char sha1_test_sum[3][20] =
				492	{
				493	{ 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
				494	0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
				495	{ 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
				496	0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
				497	{ 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
				498	0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
				499	};
				500
				501	/*
				502	* RFC 2202 test vectors
				503	*/
				504	static unsigned char sha1_hmac_test_key[7][26] =
				505	{
				506	{ "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
				507	"\x0B\x0B\x0B\x0B" },
				508	{ "Jefe" },
				509	{ "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
				510	"\xAA\xAA\xAA\xAA" },
				511	{ "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
				512	"\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
				513	{ "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
				514	"\x0C\x0C\x0C\x0C" },
				515	{ "" }, /* 0xAA 80 times */
				516	{ "" }
				517	};
				518
				519	static const int sha1_hmac_test_keylen[7] =
				520	{
				521	20, 4, 20, 25, 20, 80, 80
				522	};
				523
				524	static unsigned char sha1_hmac_test_buf[7][74] =
				525	{
				526	{ "Hi There" },
				527	{ "what do ya want for nothing?" },
				528	{ "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
				529	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
				530	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
				531	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
				532	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
				533	{ "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
				534	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
				535	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
				536	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
				537	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
				538	{ "Test With Truncation" },
				539	{ "Test Using Larger Than Block-Size Key - Hash Key First" },
				540	{ "Test Using Larger Than Block-Size Key and Larger"
				541	" Than One Block-Size Data" }
				542	};
				543
				544	static const int sha1_hmac_test_buflen[7] =
				545	{
				546	8, 28, 50, 50, 20, 54, 73
				547	};
				548
				549	static const unsigned char sha1_hmac_test_sum[7][20] =
				550	{
				551	{ 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
				552	0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
				553	{ 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
				554	0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
				555	{ 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
				556	0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
				557	{ 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
				558	0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
				559	{ 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
				560	0x7B, 0xE1 },
				561	{ 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
				562	0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
				563	{ 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
				564	0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
				565	};
				566
				567	/*
				568	* Checkup routine
				569	*/
				570	int sha1_self_test( int verbose )
				571	{
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	572	int i, j, buflen, ret = 0;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	573	unsigned char buf[1024];
				574	unsigned char sha1sum[20];
				575	sha1_context ctx;
				576
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	577	sha1_init( &ctx );
				578
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	579	/*
				580	* SHA-1
				581	*/
				582	for( i = 0; i < 3; i++ )
				583	{
				584	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	585	polarssl_printf( " SHA-1 test #%d: ", i + 1 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	586
				587	sha1_starts( &ctx );
				588
				589	if( i == 2 )
				590	{
				591	memset( buf, 'a', buflen = 1000 );
				592
				593	for( j = 0; j < 1000; j++ )
				594	sha1_update( &ctx, buf, buflen );
				595	}
				596	else
				597	sha1_update( &ctx, sha1_test_buf[i],
				598	sha1_test_buflen[i] );
				599
				600	sha1_finish( &ctx, sha1sum );
				601
				602	if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
				603	{
				604	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	605	polarssl_printf( "failed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	606
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	607	ret = 1;
				608	goto exit;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	609	}
				610
				611	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	612	polarssl_printf( "passed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	613	}
				614
				615	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	616	polarssl_printf( "\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	617
				618	for( i = 0; i < 7; i++ )
				619	{
				620	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	621	polarssl_printf( " HMAC-SHA-1 test #%d: ", i + 1 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	622
				623	if( i == 5 \|\| i == 6 )
				624	{
				625	memset( buf, '\xAA', buflen = 80 );
				626	sha1_hmac_starts( &ctx, buf, buflen );
				627	}
				628	else
				629	sha1_hmac_starts( &ctx, sha1_hmac_test_key[i],
				630	sha1_hmac_test_keylen[i] );
				631
				632	sha1_hmac_update( &ctx, sha1_hmac_test_buf[i],
				633	sha1_hmac_test_buflen[i] );
				634
				635	sha1_hmac_finish( &ctx, sha1sum );
				636
				637	buflen = ( i == 4 ) ? 12 : 20;
				638
				639	if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
				640	{
				641	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	642	polarssl_printf( "failed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	643
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	644	ret = 1;
				645	goto exit;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	646	}
				647
				648	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	649	polarssl_printf( "passed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	650	}
				651
				652	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	653	polarssl_printf( "\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	654
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	655	exit:
				656	sha1_free( &ctx );
				657
				658	return( ret );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	659	}
				660
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	661	#endif /* POLARSSL_SELF_TEST */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	662
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	663	#endif /* POLARSSL_SHA1_C */