mbed TLS library

Dependents:   HTTPClient-SSL WS_SERVER

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers sha1.c Source File

sha1.c

00001 /*
00002  *  FIPS-180-1 compliant SHA-1 implementation
00003  *
00004  *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
00005  *
00006  *  This file is part of mbed TLS (https://tls.mbed.org)
00007  *
00008  *  This program is free software; you can redistribute it and/or modify
00009  *  it under the terms of the GNU General Public License as published by
00010  *  the Free Software Foundation; either version 2 of the License, or
00011  *  (at your option) any later version.
00012  *
00013  *  This program is distributed in the hope that it will be useful,
00014  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00015  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00016  *  GNU General Public License for more details.
00017  *
00018  *  You should have received a copy of the GNU General Public License along
00019  *  with this program; if not, write to the Free Software Foundation, Inc.,
00020  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
00021  */
00022 /*
00023  *  The SHA-1 standard was published by NIST in 1993.
00024  *
00025  *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
00026  */
00027 
00028 #if !defined(POLARSSL_CONFIG_FILE)
00029 #include "polarssl/config.h"
00030 #else
00031 #include POLARSSL_CONFIG_FILE
00032 #endif
00033 
00034 #if defined(POLARSSL_SHA1_C)
00035 
00036 #include "polarssl/sha1.h"
00037 
00038 #include <string.h>
00039 
00040 #if defined(POLARSSL_FS_IO)
00041 #include <stdio.h>
00042 #endif
00043 
00044 #if defined(POLARSSL_SELF_TEST)
00045 #if defined(POLARSSL_PLATFORM_C)
00046 #include "polarssl/platform.h"
00047 #else
00048 #include <stdio.h>
00049 #define polarssl_printf printf
00050 #endif /* POLARSSL_PLATFORM_C */
00051 #endif /* POLARSSL_SELF_TEST */
00052 
00053 /* Implementation that should never be optimized out by the compiler */
00054 static void polarssl_zeroize( void *v, size_t n ) {
00055     volatile unsigned char *p = v; while( n-- ) *p++ = 0;
00056 }
00057 
00058 #if !defined(POLARSSL_SHA1_ALT)
00059 
00060 /*
00061  * 32-bit integer manipulation macros (big endian)
00062  */
00063 #ifndef GET_UINT32_BE
00064 #define GET_UINT32_BE(n,b,i)                            \
00065 {                                                       \
00066     (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
00067         | ( (uint32_t) (b)[(i) + 1] << 16 )             \
00068         | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
00069         | ( (uint32_t) (b)[(i) + 3]       );            \
00070 }
00071 #endif
00072 
00073 #ifndef PUT_UINT32_BE
00074 #define PUT_UINT32_BE(n,b,i)                            \
00075 {                                                       \
00076     (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
00077     (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
00078     (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
00079     (b)[(i) + 3] = (unsigned char) ( (n)       );       \
00080 }
00081 #endif
00082 
00083 void sha1_init( sha1_context *ctx )
00084 {
00085     memset( ctx, 0, sizeof( sha1_context ) );
00086 }
00087 
00088 void sha1_free( sha1_context *ctx )
00089 {
00090     if( ctx == NULL )
00091         return;
00092 
00093     polarssl_zeroize( ctx, sizeof( sha1_context ) );
00094 }
00095 
00096 /*
00097  * SHA-1 context setup
00098  */
00099 void sha1_starts( sha1_context *ctx )
00100 {
00101     ctx->total [0] = 0;
00102     ctx->total [1] = 0;
00103 
00104     ctx->state [0] = 0x67452301;
00105     ctx->state [1] = 0xEFCDAB89;
00106     ctx->state [2] = 0x98BADCFE;
00107     ctx->state [3] = 0x10325476;
00108     ctx->state [4] = 0xC3D2E1F0;
00109 }
00110 
00111 void sha1_process( sha1_context *ctx, const unsigned char data[64] )
00112 {
00113     uint32_t temp, W[16], A, B, C, D, E;
00114 
00115     GET_UINT32_BE( W[ 0], data,  0 );
00116     GET_UINT32_BE( W[ 1], data,  4 );
00117     GET_UINT32_BE( W[ 2], data,  8 );
00118     GET_UINT32_BE( W[ 3], data, 12 );
00119     GET_UINT32_BE( W[ 4], data, 16 );
00120     GET_UINT32_BE( W[ 5], data, 20 );
00121     GET_UINT32_BE( W[ 6], data, 24 );
00122     GET_UINT32_BE( W[ 7], data, 28 );
00123     GET_UINT32_BE( W[ 8], data, 32 );
00124     GET_UINT32_BE( W[ 9], data, 36 );
00125     GET_UINT32_BE( W[10], data, 40 );
00126     GET_UINT32_BE( W[11], data, 44 );
00127     GET_UINT32_BE( W[12], data, 48 );
00128     GET_UINT32_BE( W[13], data, 52 );
00129     GET_UINT32_BE( W[14], data, 56 );
00130     GET_UINT32_BE( W[15], data, 60 );
00131 
00132 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
00133 
00134 #define R(t)                                            \
00135 (                                                       \
00136     temp = W[( t -  3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \
00137            W[( t - 14 ) & 0x0F] ^ W[  t       & 0x0F],  \
00138     ( W[t & 0x0F] = S(temp,1) )                         \
00139 )
00140 
00141 #define P(a,b,c,d,e,x)                                  \
00142 {                                                       \
00143     e += S(a,5) + F(b,c,d) + K + x; b = S(b,30);        \
00144 }
00145 
00146     A = ctx->state [0];
00147     B = ctx->state [1];
00148     C = ctx->state [2];
00149     D = ctx->state [3];
00150     E = ctx->state [4];
00151 
00152 #define F(x,y,z) (z ^ (x & (y ^ z)))
00153 #define K 0x5A827999
00154 
00155     P( A, B, C, D, E, W[0]  );
00156     P( E, A, B, C, D, W[1]  );
00157     P( D, E, A, B, C, W[2]  );
00158     P( C, D, E, A, B, W[3]  );
00159     P( B, C, D, E, A, W[4]  );
00160     P( A, B, C, D, E, W[5]  );
00161     P( E, A, B, C, D, W[6]  );
00162     P( D, E, A, B, C, W[7]  );
00163     P( C, D, E, A, B, W[8]  );
00164     P( B, C, D, E, A, W[9]  );
00165     P( A, B, C, D, E, W[10] );
00166     P( E, A, B, C, D, W[11] );
00167     P( D, E, A, B, C, W[12] );
00168     P( C, D, E, A, B, W[13] );
00169     P( B, C, D, E, A, W[14] );
00170     P( A, B, C, D, E, W[15] );
00171     P( E, A, B, C, D, R(16) );
00172     P( D, E, A, B, C, R(17) );
00173     P( C, D, E, A, B, R(18) );
00174     P( B, C, D, E, A, R(19) );
00175 
00176 #undef K
00177 #undef F
00178 
00179 #define F(x,y,z) (x ^ y ^ z)
00180 #define K 0x6ED9EBA1
00181 
00182     P( A, B, C, D, E, R(20) );
00183     P( E, A, B, C, D, R(21) );
00184     P( D, E, A, B, C, R(22) );
00185     P( C, D, E, A, B, R(23) );
00186     P( B, C, D, E, A, R(24) );
00187     P( A, B, C, D, E, R(25) );
00188     P( E, A, B, C, D, R(26) );
00189     P( D, E, A, B, C, R(27) );
00190     P( C, D, E, A, B, R(28) );
00191     P( B, C, D, E, A, R(29) );
00192     P( A, B, C, D, E, R(30) );
00193     P( E, A, B, C, D, R(31) );
00194     P( D, E, A, B, C, R(32) );
00195     P( C, D, E, A, B, R(33) );
00196     P( B, C, D, E, A, R(34) );
00197     P( A, B, C, D, E, R(35) );
00198     P( E, A, B, C, D, R(36) );
00199     P( D, E, A, B, C, R(37) );
00200     P( C, D, E, A, B, R(38) );
00201     P( B, C, D, E, A, R(39) );
00202 
00203 #undef K
00204 #undef F
00205 
00206 #define F(x,y,z) ((x & y) | (z & (x | y)))
00207 #define K 0x8F1BBCDC
00208 
00209     P( A, B, C, D, E, R(40) );
00210     P( E, A, B, C, D, R(41) );
00211     P( D, E, A, B, C, R(42) );
00212     P( C, D, E, A, B, R(43) );
00213     P( B, C, D, E, A, R(44) );
00214     P( A, B, C, D, E, R(45) );
00215     P( E, A, B, C, D, R(46) );
00216     P( D, E, A, B, C, R(47) );
00217     P( C, D, E, A, B, R(48) );
00218     P( B, C, D, E, A, R(49) );
00219     P( A, B, C, D, E, R(50) );
00220     P( E, A, B, C, D, R(51) );
00221     P( D, E, A, B, C, R(52) );
00222     P( C, D, E, A, B, R(53) );
00223     P( B, C, D, E, A, R(54) );
00224     P( A, B, C, D, E, R(55) );
00225     P( E, A, B, C, D, R(56) );
00226     P( D, E, A, B, C, R(57) );
00227     P( C, D, E, A, B, R(58) );
00228     P( B, C, D, E, A, R(59) );
00229 
00230 #undef K
00231 #undef F
00232 
00233 #define F(x,y,z) (x ^ y ^ z)
00234 #define K 0xCA62C1D6
00235 
00236     P( A, B, C, D, E, R(60) );
00237     P( E, A, B, C, D, R(61) );
00238     P( D, E, A, B, C, R(62) );
00239     P( C, D, E, A, B, R(63) );
00240     P( B, C, D, E, A, R(64) );
00241     P( A, B, C, D, E, R(65) );
00242     P( E, A, B, C, D, R(66) );
00243     P( D, E, A, B, C, R(67) );
00244     P( C, D, E, A, B, R(68) );
00245     P( B, C, D, E, A, R(69) );
00246     P( A, B, C, D, E, R(70) );
00247     P( E, A, B, C, D, R(71) );
00248     P( D, E, A, B, C, R(72) );
00249     P( C, D, E, A, B, R(73) );
00250     P( B, C, D, E, A, R(74) );
00251     P( A, B, C, D, E, R(75) );
00252     P( E, A, B, C, D, R(76) );
00253     P( D, E, A, B, C, R(77) );
00254     P( C, D, E, A, B, R(78) );
00255     P( B, C, D, E, A, R(79) );
00256 
00257 #undef K
00258 #undef F
00259 
00260     ctx->state [0] += A;
00261     ctx->state [1] += B;
00262     ctx->state [2] += C;
00263     ctx->state [3] += D;
00264     ctx->state [4] += E;
00265 }
00266 
00267 /*
00268  * SHA-1 process buffer
00269  */
00270 void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
00271 {
00272     size_t fill;
00273     uint32_t left;
00274 
00275     if( ilen == 0 )
00276         return;
00277 
00278     left = ctx->total [0] & 0x3F;
00279     fill = 64 - left;
00280 
00281     ctx->total [0] += (uint32_t) ilen;
00282     ctx->total [0] &= 0xFFFFFFFF;
00283 
00284     if( ctx->total [0] < (uint32_t) ilen )
00285         ctx->total [1]++;
00286 
00287     if( left && ilen >= fill )
00288     {
00289         memcpy( (void *) (ctx->buffer  + left), input, fill );
00290         sha1_process( ctx, ctx->buffer  );
00291         input += fill;
00292         ilen  -= fill;
00293         left = 0;
00294     }
00295 
00296     while( ilen >= 64 )
00297     {
00298         sha1_process( ctx, input );
00299         input += 64;
00300         ilen  -= 64;
00301     }
00302 
00303     if( ilen > 0 )
00304         memcpy( (void *) (ctx->buffer  + left), input, ilen );
00305 }
00306 
00307 static const unsigned char sha1_padding[64] =
00308 {
00309  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00310     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00311     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00312     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
00313 };
00314 
00315 /*
00316  * SHA-1 final digest
00317  */
00318 void sha1_finish( sha1_context *ctx, unsigned char output[20] )
00319 {
00320     uint32_t last, padn;
00321     uint32_t high, low;
00322     unsigned char msglen[8];
00323 
00324     high = ( ctx->total [0] >> 29 )
00325          | ( ctx->total [1] <<  3 );
00326     low  = ( ctx->total [0] <<  3 );
00327 
00328     PUT_UINT32_BE( high, msglen, 0 );
00329     PUT_UINT32_BE( low,  msglen, 4 );
00330 
00331     last = ctx->total [0] & 0x3F;
00332     padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
00333 
00334     sha1_update( ctx, sha1_padding, padn );
00335     sha1_update( ctx, msglen, 8 );
00336 
00337     PUT_UINT32_BE( ctx->state [0], output,  0 );
00338     PUT_UINT32_BE( ctx->state [1], output,  4 );
00339     PUT_UINT32_BE( ctx->state [2], output,  8 );
00340     PUT_UINT32_BE( ctx->state [3], output, 12 );
00341     PUT_UINT32_BE( ctx->state [4], output, 16 );
00342 }
00343 
00344 #endif /* !POLARSSL_SHA1_ALT */
00345 
00346 /*
00347  * output = SHA-1( input buffer )
00348  */
00349 void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
00350 {
00351     sha1_context ctx;
00352 
00353     sha1_init( &ctx );
00354     sha1_starts( &ctx );
00355     sha1_update( &ctx, input, ilen );
00356     sha1_finish( &ctx, output );
00357     sha1_free( &ctx );
00358 }
00359 
00360 #if defined(POLARSSL_FS_IO)
00361 /*
00362  * output = SHA-1( file contents )
00363  */
00364 int sha1_file( const char *path, unsigned char output[20] )
00365 {
00366     FILE *f;
00367     size_t n;
00368     sha1_context ctx;
00369     unsigned char buf[1024];
00370 
00371     if( ( f = fopen( path, "rb" ) ) == NULL )
00372         return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
00373 
00374     sha1_init( &ctx );
00375     sha1_starts( &ctx );
00376 
00377     while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
00378         sha1_update( &ctx, buf, n );
00379 
00380     sha1_finish( &ctx, output );
00381     sha1_free( &ctx );
00382 
00383     if( ferror( f ) != 0 )
00384     {
00385         fclose( f );
00386         return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
00387     }
00388 
00389     fclose( f );
00390     return( 0 );
00391 }
00392 #endif /* POLARSSL_FS_IO */
00393 
00394 /*
00395  * SHA-1 HMAC context setup
00396  */
00397 void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key,
00398                        size_t keylen )
00399 {
00400     size_t i;
00401     unsigned char sum[20];
00402 
00403     if( keylen > 64 )
00404     {
00405         sha1( key, keylen, sum );
00406         keylen = 20;
00407         key = sum;
00408     }
00409 
00410     memset( ctx->ipad , 0x36, 64 );
00411     memset( ctx->opad , 0x5C, 64 );
00412 
00413     for( i = 0; i < keylen; i++ )
00414     {
00415         ctx->ipad [i] = (unsigned char)( ctx->ipad [i] ^ key[i] );
00416         ctx->opad [i] = (unsigned char)( ctx->opad [i] ^ key[i] );
00417     }
00418 
00419     sha1_starts( ctx );
00420     sha1_update( ctx, ctx->ipad , 64 );
00421 
00422     polarssl_zeroize( sum, sizeof( sum ) );
00423 }
00424 
00425 /*
00426  * SHA-1 HMAC process buffer
00427  */
00428 void sha1_hmac_update( sha1_context *ctx, const unsigned char *input,
00429                        size_t ilen )
00430 {
00431     sha1_update( ctx, input, ilen );
00432 }
00433 
00434 /*
00435  * SHA-1 HMAC final digest
00436  */
00437 void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
00438 {
00439     unsigned char tmpbuf[20];
00440 
00441     sha1_finish( ctx, tmpbuf );
00442     sha1_starts( ctx );
00443     sha1_update( ctx, ctx->opad , 64 );
00444     sha1_update( ctx, tmpbuf, 20 );
00445     sha1_finish( ctx, output );
00446 
00447     polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
00448 }
00449 
00450 /*
00451  * SHA1 HMAC context reset
00452  */
00453 void sha1_hmac_reset( sha1_context *ctx )
00454 {
00455     sha1_starts( ctx );
00456     sha1_update( ctx, ctx->ipad , 64 );
00457 }
00458 
00459 /*
00460  * output = HMAC-SHA-1( hmac key, input buffer )
00461  */
00462 void sha1_hmac( const unsigned char *key, size_t keylen,
00463                 const unsigned char *input, size_t ilen,
00464                 unsigned char output[20] )
00465 {
00466     sha1_context ctx;
00467 
00468     sha1_init( &ctx );
00469     sha1_hmac_starts( &ctx, key, keylen );
00470     sha1_hmac_update( &ctx, input, ilen );
00471     sha1_hmac_finish( &ctx, output );
00472     sha1_free( &ctx );
00473 }
00474 
00475 #if defined(POLARSSL_SELF_TEST)
00476 /*
00477  * FIPS-180-1 test vectors
00478  */
00479 static const unsigned char sha1_test_buf[3][57] =
00480 {
00481     { "abc" },
00482     { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
00483     { "" }
00484 };
00485 
00486 static const int sha1_test_buflen[3] =
00487 {
00488     3, 56, 1000
00489 };
00490 
00491 static const unsigned char sha1_test_sum[3][20] =
00492 {
00493     { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
00494       0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
00495     { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
00496       0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
00497     { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
00498       0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
00499 };
00500 
00501 /*
00502  * RFC 2202 test vectors
00503  */
00504 static const unsigned char sha1_hmac_test_key[7][26] =
00505 {
00506     { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
00507       "\x0B\x0B\x0B\x0B" },
00508     { "Jefe" },
00509     { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
00510       "\xAA\xAA\xAA\xAA" },
00511     { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
00512       "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
00513     { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
00514       "\x0C\x0C\x0C\x0C" },
00515     { "" }, /* 0xAA 80 times */
00516     { "" }
00517 };
00518 
00519 static const int sha1_hmac_test_keylen[7] =
00520 {
00521     20, 4, 20, 25, 20, 80, 80
00522 };
00523 
00524 static const unsigned char sha1_hmac_test_buf[7][74] =
00525 {
00526     { "Hi There" },
00527     { "what do ya want for nothing?" },
00528     { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00529       "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00530       "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00531       "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00532       "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
00533     { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00534       "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00535       "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00536       "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00537       "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
00538     { "Test With Truncation" },
00539     { "Test Using Larger Than Block-Size Key - Hash Key First" },
00540     { "Test Using Larger Than Block-Size Key and Larger"
00541       " Than One Block-Size Data" }
00542 };
00543 
00544 static const int sha1_hmac_test_buflen[7] =
00545 {
00546     8, 28, 50, 50, 20, 54, 73
00547 };
00548 
00549 static const unsigned char sha1_hmac_test_sum[7][20] =
00550 {
00551     { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
00552       0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
00553     { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
00554       0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
00555     { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
00556       0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
00557     { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
00558       0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
00559     { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
00560       0x7B, 0xE1 },
00561     { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
00562       0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
00563     { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
00564       0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
00565 };
00566 
00567 /*
00568  * Checkup routine
00569  */
00570 int sha1_self_test( int verbose )
00571 {
00572     int i, j, buflen, ret = 0;
00573     unsigned char buf[1024];
00574     unsigned char sha1sum[20];
00575     sha1_context ctx;
00576 
00577     sha1_init( &ctx );
00578 
00579     /*
00580      * SHA-1
00581      */
00582     for( i = 0; i < 3; i++ )
00583     {
00584         if( verbose != 0 )
00585             polarssl_printf( "  SHA-1 test #%d: ", i + 1 );
00586 
00587         sha1_starts( &ctx );
00588 
00589         if( i == 2 )
00590         {
00591             memset( buf, 'a', buflen = 1000 );
00592 
00593             for( j = 0; j < 1000; j++ )
00594                 sha1_update( &ctx, buf, buflen );
00595         }
00596         else
00597             sha1_update( &ctx, sha1_test_buf[i],
00598                                sha1_test_buflen[i] );
00599 
00600         sha1_finish( &ctx, sha1sum );
00601 
00602         if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
00603         {
00604             if( verbose != 0 )
00605                 polarssl_printf( "failed\n" );
00606 
00607             ret = 1;
00608             goto exit;
00609         }
00610 
00611         if( verbose != 0 )
00612             polarssl_printf( "passed\n" );
00613     }
00614 
00615     if( verbose != 0 )
00616         polarssl_printf( "\n" );
00617 
00618     for( i = 0; i < 7; i++ )
00619     {
00620         if( verbose != 0 )
00621             polarssl_printf( "  HMAC-SHA-1 test #%d: ", i + 1 );
00622 
00623         if( i == 5 || i == 6 )
00624         {
00625             memset( buf, 0xAA, buflen = 80 );
00626             sha1_hmac_starts( &ctx, buf, buflen );
00627         }
00628         else
00629             sha1_hmac_starts( &ctx, sha1_hmac_test_key[i],
00630                                     sha1_hmac_test_keylen[i] );
00631 
00632         sha1_hmac_update( &ctx, sha1_hmac_test_buf[i],
00633                                 sha1_hmac_test_buflen[i] );
00634 
00635         sha1_hmac_finish( &ctx, sha1sum );
00636 
00637         buflen = ( i == 4 ) ? 12 : 20;
00638 
00639         if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
00640         {
00641             if( verbose != 0 )
00642                 polarssl_printf( "failed\n" );
00643 
00644             ret = 1;
00645             goto exit;
00646         }
00647 
00648         if( verbose != 0 )
00649             polarssl_printf( "passed\n" );
00650     }
00651 
00652     if( verbose != 0 )
00653         polarssl_printf( "\n" );
00654 
00655 exit:
00656     sha1_free( &ctx );
00657 
00658     return( ret );
00659 }
00660 
00661 #endif /* POLARSSL_SELF_TEST */
00662 
00663 #endif /* POLARSSL_SHA1_C */
00664