31 #if !defined(POLARSSL_CONFIG_FILE) 34 #include POLARSSL_CONFIG_FILE 37 #if defined(POLARSSL_SHA1_C) 41 #if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST) 45 #if defined(POLARSSL_PLATFORM_C) 48 #define polarssl_printf printf 52 static void polarssl_zeroize(
void *v,
size_t n ) {
53 volatile unsigned char *p = v;
while( n-- ) *p++ = 0;
56 #if !defined(POLARSSL_SHA1_ALT) 62 #define GET_UINT32_BE(n,b,i) \ 64 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ 65 | ( (uint32_t) (b)[(i) + 1] << 16 ) \ 66 | ( (uint32_t) (b)[(i) + 2] << 8 ) \ 67 | ( (uint32_t) (b)[(i) + 3] ); \ 72 #define PUT_UINT32_BE(n,b,i) \ 74 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 75 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 76 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 77 (b)[(i) + 3] = (unsigned char) ( (n) ); \ 102 ctx->
state[0] = 0x67452301;
103 ctx->
state[1] = 0xEFCDAB89;
104 ctx->
state[2] = 0x98BADCFE;
105 ctx->
state[3] = 0x10325476;
106 ctx->
state[4] = 0xC3D2E1F0;
111 uint32_t temp, W[16], A, B, C, D, E;
130 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n))) 134 temp = W[( t - 3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \ 135 W[( t - 14 ) & 0x0F] ^ W[ t & 0x0F], \ 136 ( W[t & 0x0F] = S(temp,1) ) \ 139 #define P(a,b,c,d,e,x) \ 141 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \ 150 #define F(x,y,z) (z ^ (x & (y ^ z))) 153 P( A, B, C, D, E, W[0] );
154 P( E, A, B, C, D, W[1] );
155 P( D, E, A, B, C, W[2] );
156 P( C, D, E, A, B, W[3] );
157 P( B, C, D, E, A, W[4] );
158 P( A, B, C, D, E, W[5] );
159 P( E, A, B, C, D, W[6] );
160 P( D, E, A, B, C, W[7] );
161 P( C, D, E, A, B, W[8] );
162 P( B, C, D, E, A, W[9] );
163 P( A, B, C, D, E, W[10] );
164 P( E, A, B, C, D, W[11] );
165 P( D, E, A, B, C, W[12] );
166 P( C, D, E, A, B, W[13] );
167 P( B, C, D, E, A, W[14] );
168 P( A, B, C, D, E, W[15] );
169 P( E, A, B, C, D, R(16) );
170 P( D, E, A, B, C, R(17) );
171 P( C, D, E, A, B, R(18) );
172 P( B, C, D, E, A, R(19) );
177 #define F(x,y,z) (x ^ y ^ z) 180 P( A, B, C, D, E, R(20) );
181 P( E, A, B, C, D, R(21) );
182 P( D, E, A, B, C, R(22) );
183 P( C, D, E, A, B, R(23) );
184 P( B, C, D, E, A, R(24) );
185 P( A, B, C, D, E, R(25) );
186 P( E, A, B, C, D, R(26) );
187 P( D, E, A, B, C, R(27) );
188 P( C, D, E, A, B, R(28) );
189 P( B, C, D, E, A, R(29) );
190 P( A, B, C, D, E, R(30) );
191 P( E, A, B, C, D, R(31) );
192 P( D, E, A, B, C, R(32) );
193 P( C, D, E, A, B, R(33) );
194 P( B, C, D, E, A, R(34) );
195 P( A, B, C, D, E, R(35) );
196 P( E, A, B, C, D, R(36) );
197 P( D, E, A, B, C, R(37) );
198 P( C, D, E, A, B, R(38) );
199 P( B, C, D, E, A, R(39) );
204 #define F(x,y,z) ((x & y) | (z & (x | y))) 207 P( A, B, C, D, E, R(40) );
208 P( E, A, B, C, D, R(41) );
209 P( D, E, A, B, C, R(42) );
210 P( C, D, E, A, B, R(43) );
211 P( B, C, D, E, A, R(44) );
212 P( A, B, C, D, E, R(45) );
213 P( E, A, B, C, D, R(46) );
214 P( D, E, A, B, C, R(47) );
215 P( C, D, E, A, B, R(48) );
216 P( B, C, D, E, A, R(49) );
217 P( A, B, C, D, E, R(50) );
218 P( E, A, B, C, D, R(51) );
219 P( D, E, A, B, C, R(52) );
220 P( C, D, E, A, B, R(53) );
221 P( B, C, D, E, A, R(54) );
222 P( A, B, C, D, E, R(55) );
223 P( E, A, B, C, D, R(56) );
224 P( D, E, A, B, C, R(57) );
225 P( C, D, E, A, B, R(58) );
226 P( B, C, D, E, A, R(59) );
231 #define F(x,y,z) (x ^ y ^ z) 234 P( A, B, C, D, E, R(60) );
235 P( E, A, B, C, D, R(61) );
236 P( D, E, A, B, C, R(62) );
237 P( C, D, E, A, B, R(63) );
238 P( B, C, D, E, A, R(64) );
239 P( A, B, C, D, E, R(65) );
240 P( E, A, B, C, D, R(66) );
241 P( D, E, A, B, C, R(67) );
242 P( C, D, E, A, B, R(68) );
243 P( B, C, D, E, A, R(69) );
244 P( A, B, C, D, E, R(70) );
245 P( E, A, B, C, D, R(71) );
246 P( D, E, A, B, C, R(72) );
247 P( C, D, E, A, B, R(73) );
248 P( B, C, D, E, A, R(74) );
249 P( A, B, C, D, E, R(75) );
250 P( E, A, B, C, D, R(76) );
251 P( D, E, A, B, C, R(77) );
252 P( C, D, E, A, B, R(78) );
253 P( B, C, D, E, A, R(79) );
276 left = ctx->
total[0] & 0x3F;
279 ctx->
total[0] += (uint32_t) ilen;
280 ctx->
total[0] &= 0xFFFFFFFF;
282 if( ctx->
total[0] < (uint32_t) ilen )
285 if( left && ilen >= fill )
287 memcpy( (
void *) (ctx->
buffer + left), input, fill );
302 memcpy( (
void *) (ctx->
buffer + left), input, ilen );
305 static const unsigned char sha1_padding[64] =
307 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
308 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
309 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
310 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
320 unsigned char msglen[8];
322 high = ( ctx->
total[0] >> 29 )
323 | ( ctx->
total[1] << 3 );
324 low = ( ctx->
total[0] << 3 );
329 last = ctx->
total[0] & 0x3F;
330 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
347 void sha1(
const unsigned char *input,
size_t ilen,
unsigned char output[20] )
358 #if defined(POLARSSL_FS_IO) 362 int sha1_file(
const char *path,
unsigned char output[20] )
367 unsigned char buf[1024];
369 if( ( f = fopen( path,
"rb" ) ) == NULL )
375 while( ( n = fread( buf, 1,
sizeof( buf ), f ) ) > 0 )
381 if( ferror( f ) != 0 )
399 unsigned char sum[20];
403 sha1( key, keylen, sum );
408 memset( ctx->
ipad, 0x36, 64 );
409 memset( ctx->
opad, 0x5C, 64 );
411 for( i = 0; i < keylen; i++ )
413 ctx->
ipad[i] = (
unsigned char)( ctx->
ipad[i] ^ key[i] );
414 ctx->
opad[i] = (
unsigned char)( ctx->
opad[i] ^ key[i] );
420 polarssl_zeroize( sum,
sizeof( sum ) );
437 unsigned char tmpbuf[20];
445 polarssl_zeroize( tmpbuf,
sizeof( tmpbuf ) );
460 void sha1_hmac(
const unsigned char *key,
size_t keylen,
461 const unsigned char *input,
size_t ilen,
462 unsigned char output[20] )
473 #if defined(POLARSSL_SELF_TEST) 477 static unsigned char sha1_test_buf[3][57] =
480 {
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
484 static const int sha1_test_buflen[3] =
489 static const unsigned char sha1_test_sum[3][20] =
491 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
492 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
493 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
494 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
495 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
496 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
502 static unsigned char sha1_hmac_test_key[7][26] =
504 {
"\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" 505 "\x0B\x0B\x0B\x0B" },
507 {
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" 508 "\xAA\xAA\xAA\xAA" },
509 {
"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10" 510 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
511 {
"\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C" 512 "\x0C\x0C\x0C\x0C" },
517 static const int sha1_hmac_test_keylen[7] =
519 20, 4, 20, 25, 20, 80, 80
522 static unsigned char sha1_hmac_test_buf[7][74] =
525 {
"what do ya want for nothing?" },
526 {
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" 527 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" 528 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" 529 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" 530 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
531 {
"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" 532 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" 533 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" 534 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" 535 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
536 {
"Test With Truncation" },
537 {
"Test Using Larger Than Block-Size Key - Hash Key First" },
538 {
"Test Using Larger Than Block-Size Key and Larger" 539 " Than One Block-Size Data" }
542 static const int sha1_hmac_test_buflen[7] =
544 8, 28, 50, 50, 20, 54, 73
547 static const unsigned char sha1_hmac_test_sum[7][20] =
549 { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
550 0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
551 { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
552 0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
553 { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
554 0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
555 { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
556 0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
557 { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
559 { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
560 0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
561 { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
562 0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
570 int i, j, buflen, ret = 0;
571 unsigned char buf[1024];
572 unsigned char sha1sum[20];
580 for( i = 0; i < 3; i++ )
589 memset( buf,
'a', buflen = 1000 );
591 for( j = 0; j < 1000; j++ )
596 sha1_test_buflen[i] );
600 if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
616 for( i = 0; i < 7; i++ )
621 if( i == 5 || i == 6 )
623 memset( buf,
'\xAA', buflen = 80 );
628 sha1_hmac_test_keylen[i] );
631 sha1_hmac_test_buflen[i] );
635 buflen = ( i == 4 ) ? 12 : 20;
637 if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
void sha1_hmac_finish(sha1_context *ctx, unsigned char output[20])
SHA-1 HMAC final digest.
int sha1_self_test(int verbose)
Checkup routine.
#define PUT_UINT32_BE(n, b, i)
void sha1(const unsigned char *input, size_t ilen, unsigned char output[20])
Output = SHA-1( input buffer )
void sha1_finish(sha1_context *ctx, unsigned char output[20])
SHA-1 final digest.
void sha1_hmac(const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char output[20])
Output = HMAC-SHA-1( hmac key, input buffer )
Configuration options (set of defines)
void sha1_hmac_reset(sha1_context *ctx)
SHA-1 HMAC context reset.
int sha1_file(const char *path, unsigned char output[20])
Output = SHA-1( file contents )
void sha1_free(sha1_context *ctx)
Clear SHA-1 context.
void sha1_hmac_starts(sha1_context *ctx, const unsigned char *key, size_t keylen)
SHA-1 HMAC context setup.
void sha1_starts(sha1_context *ctx)
SHA-1 context setup.
#define GET_UINT32_BE(n, b, i)
SHA-1 cryptographic hash function.
void sha1_init(sha1_context *ctx)
Initialize SHA-1 context.
void sha1_update(sha1_context *ctx, const unsigned char *input, size_t ilen)
SHA-1 process buffer.
void sha1_process(sha1_context *ctx, const unsigned char data[64])
void sha1_hmac_update(sha1_context *ctx, const unsigned char *input, size_t ilen)
SHA-1 HMAC process buffer.
#define POLARSSL_ERR_SHA1_FILE_IO_ERROR
Read/write error in file.