Doug Anson
mbed TLS library
Dependents: HTTPClient-SSL WS_SERVER
Embed:
(wiki syntax)
Show/hide line numbers
sha1.c
00001 /* 00002 * FIPS-180-1 compliant SHA-1 implementation 00003 * 00004 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved 00005 * 00006 * This file is part of mbed TLS (https://tls.mbed.org) 00007 * 00008 * This program is free software; you can redistribute it and/or modify 00009 * it under the terms of the GNU General Public License as published by 00010 * the Free Software Foundation; either version 2 of the License, or 00011 * (at your option) any later version. 00012 * 00013 * This program is distributed in the hope that it will be useful, 00014 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00016 * GNU General Public License for more details. 00017 * 00018 * You should have received a copy of the GNU General Public License along 00019 * with this program; if not, write to the Free Software Foundation, Inc., 00020 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00021 */ 00022 /* 00023 * The SHA-1 standard was published by NIST in 1993. 00024 * 00025 * http://www.itl.nist.gov/fipspubs/fip180-1.htm 00026 */ 00027 00028 #if !defined(POLARSSL_CONFIG_FILE) 00029 #include "polarssl/config.h" 00030 #else 00031 #include POLARSSL_CONFIG_FILE 00032 #endif 00033 00034 #if defined(POLARSSL_SHA1_C) 00035 00036 #include "polarssl/sha1.h" 00037 00038 #include <string.h> 00039 00040 #if defined(POLARSSL_FS_IO) 00041 #include <stdio.h> 00042 #endif 00043 00044 #if defined(POLARSSL_SELF_TEST) 00045 #if defined(POLARSSL_PLATFORM_C) 00046 #include "polarssl/platform.h" 00047 #else 00048 #include <stdio.h> 00049 #define polarssl_printf printf 00050 #endif /* POLARSSL_PLATFORM_C */ 00051 #endif /* POLARSSL_SELF_TEST */ 00052 00053 /* Implementation that should never be optimized out by the compiler */ 00054 static void polarssl_zeroize( void *v, size_t n ) { 00055 volatile unsigned char *p = v; while( n-- ) *p++ = 0; 00056 } 00057 00058 #if !defined(POLARSSL_SHA1_ALT) 00059 00060 /* 00061 * 32-bit integer manipulation macros (big endian) 00062 */ 00063 #ifndef GET_UINT32_BE 00064 #define GET_UINT32_BE(n,b,i) \ 00065 { \ 00066 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ 00067 | ( (uint32_t) (b)[(i) + 1] << 16 ) \ 00068 | ( (uint32_t) (b)[(i) + 2] << 8 ) \ 00069 | ( (uint32_t) (b)[(i) + 3] ); \ 00070 } 00071 #endif 00072 00073 #ifndef PUT_UINT32_BE 00074 #define PUT_UINT32_BE(n,b,i) \ 00075 { \ 00076 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 00077 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 00078 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 00079 (b)[(i) + 3] = (unsigned char) ( (n) ); \ 00080 } 00081 #endif 00082 00083 void sha1_init( sha1_context *ctx ) 00084 { 00085 memset( ctx, 0, sizeof( sha1_context ) ); 00086 } 00087 00088 void sha1_free( sha1_context *ctx ) 00089 { 00090 if( ctx == NULL ) 00091 return; 00092 00093 polarssl_zeroize( ctx, sizeof( sha1_context ) ); 00094 } 00095 00096 /* 00097 * SHA-1 context setup 00098 */ 00099 void sha1_starts( sha1_context *ctx ) 00100 { 00101 ctx->total [0] = 0; 00102 ctx->total [1] = 0; 00103 00104 ctx->state [0] = 0x67452301; 00105 ctx->state [1] = 0xEFCDAB89; 00106 ctx->state [2] = 0x98BADCFE; 00107 ctx->state [3] = 0x10325476; 00108 ctx->state [4] = 0xC3D2E1F0; 00109 } 00110 00111 void sha1_process( sha1_context *ctx, const unsigned char data[64] ) 00112 { 00113 uint32_t temp, W[16], A, B, C, D, E; 00114 00115 GET_UINT32_BE( W[ 0], data, 0 ); 00116 GET_UINT32_BE( W[ 1], data, 4 ); 00117 GET_UINT32_BE( W[ 2], data, 8 ); 00118 GET_UINT32_BE( W[ 3], data, 12 ); 00119 GET_UINT32_BE( W[ 4], data, 16 ); 00120 GET_UINT32_BE( W[ 5], data, 20 ); 00121 GET_UINT32_BE( W[ 6], data, 24 ); 00122 GET_UINT32_BE( W[ 7], data, 28 ); 00123 GET_UINT32_BE( W[ 8], data, 32 ); 00124 GET_UINT32_BE( W[ 9], data, 36 ); 00125 GET_UINT32_BE( W[10], data, 40 ); 00126 GET_UINT32_BE( W[11], data, 44 ); 00127 GET_UINT32_BE( W[12], data, 48 ); 00128 GET_UINT32_BE( W[13], data, 52 ); 00129 GET_UINT32_BE( W[14], data, 56 ); 00130 GET_UINT32_BE( W[15], data, 60 ); 00131 00132 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n))) 00133 00134 #define R(t) \ 00135 ( \ 00136 temp = W[( t - 3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \ 00137 W[( t - 14 ) & 0x0F] ^ W[ t & 0x0F], \ 00138 ( W[t & 0x0F] = S(temp,1) ) \ 00139 ) 00140 00141 #define P(a,b,c,d,e,x) \ 00142 { \ 00143 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \ 00144 } 00145 00146 A = ctx->state [0]; 00147 B = ctx->state [1]; 00148 C = ctx->state [2]; 00149 D = ctx->state [3]; 00150 E = ctx->state [4]; 00151 00152 #define F(x,y,z) (z ^ (x & (y ^ z))) 00153 #define K 0x5A827999 00154 00155 P( A, B, C, D, E, W[0] ); 00156 P( E, A, B, C, D, W[1] ); 00157 P( D, E, A, B, C, W[2] ); 00158 P( C, D, E, A, B, W[3] ); 00159 P( B, C, D, E, A, W[4] ); 00160 P( A, B, C, D, E, W[5] ); 00161 P( E, A, B, C, D, W[6] ); 00162 P( D, E, A, B, C, W[7] ); 00163 P( C, D, E, A, B, W[8] ); 00164 P( B, C, D, E, A, W[9] ); 00165 P( A, B, C, D, E, W[10] ); 00166 P( E, A, B, C, D, W[11] ); 00167 P( D, E, A, B, C, W[12] ); 00168 P( C, D, E, A, B, W[13] ); 00169 P( B, C, D, E, A, W[14] ); 00170 P( A, B, C, D, E, W[15] ); 00171 P( E, A, B, C, D, R(16) ); 00172 P( D, E, A, B, C, R(17) ); 00173 P( C, D, E, A, B, R(18) ); 00174 P( B, C, D, E, A, R(19) ); 00175 00176 #undef K 00177 #undef F 00178 00179 #define F(x,y,z) (x ^ y ^ z) 00180 #define K 0x6ED9EBA1 00181 00182 P( A, B, C, D, E, R(20) ); 00183 P( E, A, B, C, D, R(21) ); 00184 P( D, E, A, B, C, R(22) ); 00185 P( C, D, E, A, B, R(23) ); 00186 P( B, C, D, E, A, R(24) ); 00187 P( A, B, C, D, E, R(25) ); 00188 P( E, A, B, C, D, R(26) ); 00189 P( D, E, A, B, C, R(27) ); 00190 P( C, D, E, A, B, R(28) ); 00191 P( B, C, D, E, A, R(29) ); 00192 P( A, B, C, D, E, R(30) ); 00193 P( E, A, B, C, D, R(31) ); 00194 P( D, E, A, B, C, R(32) ); 00195 P( C, D, E, A, B, R(33) ); 00196 P( B, C, D, E, A, R(34) ); 00197 P( A, B, C, D, E, R(35) ); 00198 P( E, A, B, C, D, R(36) ); 00199 P( D, E, A, B, C, R(37) ); 00200 P( C, D, E, A, B, R(38) ); 00201 P( B, C, D, E, A, R(39) ); 00202 00203 #undef K 00204 #undef F 00205 00206 #define F(x,y,z) ((x & y) | (z & (x | y))) 00207 #define K 0x8F1BBCDC 00208 00209 P( A, B, C, D, E, R(40) ); 00210 P( E, A, B, C, D, R(41) ); 00211 P( D, E, A, B, C, R(42) ); 00212 P( C, D, E, A, B, R(43) ); 00213 P( B, C, D, E, A, R(44) ); 00214 P( A, B, C, D, E, R(45) ); 00215 P( E, A, B, C, D, R(46) ); 00216 P( D, E, A, B, C, R(47) ); 00217 P( C, D, E, A, B, R(48) ); 00218 P( B, C, D, E, A, R(49) ); 00219 P( A, B, C, D, E, R(50) ); 00220 P( E, A, B, C, D, R(51) ); 00221 P( D, E, A, B, C, R(52) ); 00222 P( C, D, E, A, B, R(53) ); 00223 P( B, C, D, E, A, R(54) ); 00224 P( A, B, C, D, E, R(55) ); 00225 P( E, A, B, C, D, R(56) ); 00226 P( D, E, A, B, C, R(57) ); 00227 P( C, D, E, A, B, R(58) ); 00228 P( B, C, D, E, A, R(59) ); 00229 00230 #undef K 00231 #undef F 00232 00233 #define F(x,y,z) (x ^ y ^ z) 00234 #define K 0xCA62C1D6 00235 00236 P( A, B, C, D, E, R(60) ); 00237 P( E, A, B, C, D, R(61) ); 00238 P( D, E, A, B, C, R(62) ); 00239 P( C, D, E, A, B, R(63) ); 00240 P( B, C, D, E, A, R(64) ); 00241 P( A, B, C, D, E, R(65) ); 00242 P( E, A, B, C, D, R(66) ); 00243 P( D, E, A, B, C, R(67) ); 00244 P( C, D, E, A, B, R(68) ); 00245 P( B, C, D, E, A, R(69) ); 00246 P( A, B, C, D, E, R(70) ); 00247 P( E, A, B, C, D, R(71) ); 00248 P( D, E, A, B, C, R(72) ); 00249 P( C, D, E, A, B, R(73) ); 00250 P( B, C, D, E, A, R(74) ); 00251 P( A, B, C, D, E, R(75) ); 00252 P( E, A, B, C, D, R(76) ); 00253 P( D, E, A, B, C, R(77) ); 00254 P( C, D, E, A, B, R(78) ); 00255 P( B, C, D, E, A, R(79) ); 00256 00257 #undef K 00258 #undef F 00259 00260 ctx->state [0] += A; 00261 ctx->state [1] += B; 00262 ctx->state [2] += C; 00263 ctx->state [3] += D; 00264 ctx->state [4] += E; 00265 } 00266 00267 /* 00268 * SHA-1 process buffer 00269 */ 00270 void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen ) 00271 { 00272 size_t fill; 00273 uint32_t left; 00274 00275 if( ilen == 0 ) 00276 return; 00277 00278 left = ctx->total [0] & 0x3F; 00279 fill = 64 - left; 00280 00281 ctx->total [0] += (uint32_t) ilen; 00282 ctx->total [0] &= 0xFFFFFFFF; 00283 00284 if( ctx->total [0] < (uint32_t) ilen ) 00285 ctx->total [1]++; 00286 00287 if( left && ilen >= fill ) 00288 { 00289 memcpy( (void *) (ctx->buffer + left), input, fill ); 00290 sha1_process( ctx, ctx->buffer ); 00291 input += fill; 00292 ilen -= fill; 00293 left = 0; 00294 } 00295 00296 while( ilen >= 64 ) 00297 { 00298 sha1_process( ctx, input ); 00299 input += 64; 00300 ilen -= 64; 00301 } 00302 00303 if( ilen > 0 ) 00304 memcpy( (void *) (ctx->buffer + left), input, ilen ); 00305 } 00306 00307 static const unsigned char sha1_padding[64] = 00308 { 00309 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 00310 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 00311 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 00312 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 00313 }; 00314 00315 /* 00316 * SHA-1 final digest 00317 */ 00318 void sha1_finish( sha1_context *ctx, unsigned char output[20] ) 00319 { 00320 uint32_t last, padn; 00321 uint32_t high, low; 00322 unsigned char msglen[8]; 00323 00324 high = ( ctx->total [0] >> 29 ) 00325 | ( ctx->total [1] << 3 ); 00326 low = ( ctx->total [0] << 3 ); 00327 00328 PUT_UINT32_BE( high, msglen, 0 ); 00329 PUT_UINT32_BE( low, msglen, 4 ); 00330 00331 last = ctx->total [0] & 0x3F; 00332 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); 00333 00334 sha1_update( ctx, sha1_padding, padn ); 00335 sha1_update( ctx, msglen, 8 ); 00336 00337 PUT_UINT32_BE( ctx->state [0], output, 0 ); 00338 PUT_UINT32_BE( ctx->state [1], output, 4 ); 00339 PUT_UINT32_BE( ctx->state [2], output, 8 ); 00340 PUT_UINT32_BE( ctx->state [3], output, 12 ); 00341 PUT_UINT32_BE( ctx->state [4], output, 16 ); 00342 } 00343 00344 #endif /* !POLARSSL_SHA1_ALT */ 00345 00346 /* 00347 * output = SHA-1( input buffer ) 00348 */ 00349 void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ) 00350 { 00351 sha1_context ctx; 00352 00353 sha1_init( &ctx ); 00354 sha1_starts( &ctx ); 00355 sha1_update( &ctx, input, ilen ); 00356 sha1_finish( &ctx, output ); 00357 sha1_free( &ctx ); 00358 } 00359 00360 #if defined(POLARSSL_FS_IO) 00361 /* 00362 * output = SHA-1( file contents ) 00363 */ 00364 int sha1_file( const char *path, unsigned char output[20] ) 00365 { 00366 FILE *f; 00367 size_t n; 00368 sha1_context ctx; 00369 unsigned char buf[1024]; 00370 00371 if( ( f = fopen( path, "rb" ) ) == NULL ) 00372 return( POLARSSL_ERR_SHA1_FILE_IO_ERROR ); 00373 00374 sha1_init( &ctx ); 00375 sha1_starts( &ctx ); 00376 00377 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) 00378 sha1_update( &ctx, buf, n ); 00379 00380 sha1_finish( &ctx, output ); 00381 sha1_free( &ctx ); 00382 00383 if( ferror( f ) != 0 ) 00384 { 00385 fclose( f ); 00386 return( POLARSSL_ERR_SHA1_FILE_IO_ERROR ); 00387 } 00388 00389 fclose( f ); 00390 return( 0 ); 00391 } 00392 #endif /* POLARSSL_FS_IO */ 00393 00394 /* 00395 * SHA-1 HMAC context setup 00396 */ 00397 void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, 00398 size_t keylen ) 00399 { 00400 size_t i; 00401 unsigned char sum[20]; 00402 00403 if( keylen > 64 ) 00404 { 00405 sha1( key, keylen, sum ); 00406 keylen = 20; 00407 key = sum; 00408 } 00409 00410 memset( ctx->ipad , 0x36, 64 ); 00411 memset( ctx->opad , 0x5C, 64 ); 00412 00413 for( i = 0; i < keylen; i++ ) 00414 { 00415 ctx->ipad [i] = (unsigned char)( ctx->ipad [i] ^ key[i] ); 00416 ctx->opad [i] = (unsigned char)( ctx->opad [i] ^ key[i] ); 00417 } 00418 00419 sha1_starts( ctx ); 00420 sha1_update( ctx, ctx->ipad , 64 ); 00421 00422 polarssl_zeroize( sum, sizeof( sum ) ); 00423 } 00424 00425 /* 00426 * SHA-1 HMAC process buffer 00427 */ 00428 void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, 00429 size_t ilen ) 00430 { 00431 sha1_update( ctx, input, ilen ); 00432 } 00433 00434 /* 00435 * SHA-1 HMAC final digest 00436 */ 00437 void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] ) 00438 { 00439 unsigned char tmpbuf[20]; 00440 00441 sha1_finish( ctx, tmpbuf ); 00442 sha1_starts( ctx ); 00443 sha1_update( ctx, ctx->opad , 64 ); 00444 sha1_update( ctx, tmpbuf, 20 ); 00445 sha1_finish( ctx, output ); 00446 00447 polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) ); 00448 } 00449 00450 /* 00451 * SHA1 HMAC context reset 00452 */ 00453 void sha1_hmac_reset( sha1_context *ctx ) 00454 { 00455 sha1_starts( ctx ); 00456 sha1_update( ctx, ctx->ipad , 64 ); 00457 } 00458 00459 /* 00460 * output = HMAC-SHA-1( hmac key, input buffer ) 00461 */ 00462 void sha1_hmac( const unsigned char *key, size_t keylen, 00463 const unsigned char *input, size_t ilen, 00464 unsigned char output[20] ) 00465 { 00466 sha1_context ctx; 00467 00468 sha1_init( &ctx ); 00469 sha1_hmac_starts( &ctx, key, keylen ); 00470 sha1_hmac_update( &ctx, input, ilen ); 00471 sha1_hmac_finish( &ctx, output ); 00472 sha1_free( &ctx ); 00473 } 00474 00475 #if defined(POLARSSL_SELF_TEST) 00476 /* 00477 * FIPS-180-1 test vectors 00478 */ 00479 static const unsigned char sha1_test_buf[3][57] = 00480 { 00481 { "abc" }, 00482 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, 00483 { "" } 00484 }; 00485 00486 static const int sha1_test_buflen[3] = 00487 { 00488 3, 56, 1000 00489 }; 00490 00491 static const unsigned char sha1_test_sum[3][20] = 00492 { 00493 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E, 00494 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D }, 00495 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE, 00496 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 }, 00497 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E, 00498 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F } 00499 }; 00500 00501 /* 00502 * RFC 2202 test vectors 00503 */ 00504 static const unsigned char sha1_hmac_test_key[7][26] = 00505 { 00506 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" 00507 "\x0B\x0B\x0B\x0B" }, 00508 { "Jefe" }, 00509 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" 00510 "\xAA\xAA\xAA\xAA" }, 00511 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10" 00512 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" }, 00513 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C" 00514 "\x0C\x0C\x0C\x0C" }, 00515 { "" }, /* 0xAA 80 times */ 00516 { "" } 00517 }; 00518 00519 static const int sha1_hmac_test_keylen[7] = 00520 { 00521 20, 4, 20, 25, 20, 80, 80 00522 }; 00523 00524 static const unsigned char sha1_hmac_test_buf[7][74] = 00525 { 00526 { "Hi There" }, 00527 { "what do ya want for nothing?" }, 00528 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" 00529 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" 00530 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" 00531 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" 00532 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" }, 00533 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" 00534 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" 00535 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" 00536 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" 00537 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" }, 00538 { "Test With Truncation" }, 00539 { "Test Using Larger Than Block-Size Key - Hash Key First" }, 00540 { "Test Using Larger Than Block-Size Key and Larger" 00541 " Than One Block-Size Data" } 00542 }; 00543 00544 static const int sha1_hmac_test_buflen[7] = 00545 { 00546 8, 28, 50, 50, 20, 54, 73 00547 }; 00548 00549 static const unsigned char sha1_hmac_test_sum[7][20] = 00550 { 00551 { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B, 00552 0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 }, 00553 { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74, 00554 0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 }, 00555 { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3, 00556 0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 }, 00557 { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84, 00558 0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA }, 00559 { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2, 00560 0x7B, 0xE1 }, 00561 { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70, 00562 0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 }, 00563 { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B, 00564 0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 } 00565 }; 00566 00567 /* 00568 * Checkup routine 00569 */ 00570 int sha1_self_test( int verbose ) 00571 { 00572 int i, j, buflen, ret = 0; 00573 unsigned char buf[1024]; 00574 unsigned char sha1sum[20]; 00575 sha1_context ctx; 00576 00577 sha1_init( &ctx ); 00578 00579 /* 00580 * SHA-1 00581 */ 00582 for( i = 0; i < 3; i++ ) 00583 { 00584 if( verbose != 0 ) 00585 polarssl_printf( " SHA-1 test #%d: ", i + 1 ); 00586 00587 sha1_starts( &ctx ); 00588 00589 if( i == 2 ) 00590 { 00591 memset( buf, 'a', buflen = 1000 ); 00592 00593 for( j = 0; j < 1000; j++ ) 00594 sha1_update( &ctx, buf, buflen ); 00595 } 00596 else 00597 sha1_update( &ctx, sha1_test_buf[i], 00598 sha1_test_buflen[i] ); 00599 00600 sha1_finish( &ctx, sha1sum ); 00601 00602 if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 ) 00603 { 00604 if( verbose != 0 ) 00605 polarssl_printf( "failed\n" ); 00606 00607 ret = 1; 00608 goto exit; 00609 } 00610 00611 if( verbose != 0 ) 00612 polarssl_printf( "passed\n" ); 00613 } 00614 00615 if( verbose != 0 ) 00616 polarssl_printf( "\n" ); 00617 00618 for( i = 0; i < 7; i++ ) 00619 { 00620 if( verbose != 0 ) 00621 polarssl_printf( " HMAC-SHA-1 test #%d: ", i + 1 ); 00622 00623 if( i == 5 || i == 6 ) 00624 { 00625 memset( buf, 0xAA, buflen = 80 ); 00626 sha1_hmac_starts( &ctx, buf, buflen ); 00627 } 00628 else 00629 sha1_hmac_starts( &ctx, sha1_hmac_test_key[i], 00630 sha1_hmac_test_keylen[i] ); 00631 00632 sha1_hmac_update( &ctx, sha1_hmac_test_buf[i], 00633 sha1_hmac_test_buflen[i] ); 00634 00635 sha1_hmac_finish( &ctx, sha1sum ); 00636 00637 buflen = ( i == 4 ) ? 12 : 20; 00638 00639 if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 ) 00640 { 00641 if( verbose != 0 ) 00642 polarssl_printf( "failed\n" ); 00643 00644 ret = 1; 00645 goto exit; 00646 } 00647 00648 if( verbose != 0 ) 00649 polarssl_printf( "passed\n" ); 00650 } 00651 00652 if( verbose != 0 ) 00653 polarssl_printf( "\n" ); 00654 00655 exit: 00656 sha1_free( &ctx ); 00657 00658 return( ret ); 00659 } 00660 00661 #endif /* POLARSSL_SELF_TEST */ 00662 00663 #endif /* POLARSSL_SHA1_C */ 00664
Generated on Tue Jul 12 2022 13:50:38 by
1.7.2