31 #if !defined(POLARSSL_CONFIG_FILE)
34 #include POLARSSL_CONFIG_FILE
37 #if defined(POLARSSL_SHA1_C)
41 #if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
45 #if defined(POLARSSL_PLATFORM_C)
48 #define polarssl_printf printf
51 #if !defined(POLARSSL_SHA1_ALT)
57 #define GET_UINT32_BE(n,b,i) \
59 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
60 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
61 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
62 | ( (uint32_t) (b)[(i) + 3] ); \
67 #define PUT_UINT32_BE(n,b,i) \
69 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
70 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
71 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
72 (b)[(i) + 3] = (unsigned char) ( (n) ); \
84 ctx->
state[0] = 0x67452301;
85 ctx->
state[1] = 0xEFCDAB89;
86 ctx->
state[2] = 0x98BADCFE;
87 ctx->
state[3] = 0x10325476;
88 ctx->
state[4] = 0xC3D2E1F0;
93 uint32_t temp, W[16], A, B, C, D, E;
95 GET_UINT32_BE( W[ 0], data, 0 );
96 GET_UINT32_BE( W[ 1], data, 4 );
97 GET_UINT32_BE( W[ 2], data, 8 );
98 GET_UINT32_BE( W[ 3], data, 12 );
99 GET_UINT32_BE( W[ 4], data, 16 );
100 GET_UINT32_BE( W[ 5], data, 20 );
101 GET_UINT32_BE( W[ 6], data, 24 );
102 GET_UINT32_BE( W[ 7], data, 28 );
103 GET_UINT32_BE( W[ 8], data, 32 );
104 GET_UINT32_BE( W[ 9], data, 36 );
105 GET_UINT32_BE( W[10], data, 40 );
106 GET_UINT32_BE( W[11], data, 44 );
107 GET_UINT32_BE( W[12], data, 48 );
108 GET_UINT32_BE( W[13], data, 52 );
109 GET_UINT32_BE( W[14], data, 56 );
110 GET_UINT32_BE( W[15], data, 60 );
112 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
116 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
117 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
118 ( W[t & 0x0F] = S(temp,1) ) \
121 #define P(a,b,c,d,e,x) \
123 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
132 #define F(x,y,z) (z ^ (x & (y ^ z)))
135 P( A, B, C, D, E, W[0] );
136 P( E, A, B, C, D, W[1] );
137 P( D, E, A, B, C, W[2] );
138 P( C, D, E, A, B, W[3] );
139 P( B, C, D, E, A, W[4] );
140 P( A, B, C, D, E, W[5] );
141 P( E, A, B, C, D, W[6] );
142 P( D, E, A, B, C, W[7] );
143 P( C, D, E, A, B, W[8] );
144 P( B, C, D, E, A, W[9] );
145 P( A, B, C, D, E, W[10] );
146 P( E, A, B, C, D, W[11] );
147 P( D, E, A, B, C, W[12] );
148 P( C, D, E, A, B, W[13] );
149 P( B, C, D, E, A, W[14] );
150 P( A, B, C, D, E, W[15] );
151 P( E, A, B, C, D, R(16) );
152 P( D, E, A, B, C, R(17) );
153 P( C, D, E, A, B, R(18) );
154 P( B, C, D, E, A, R(19) );
159 #define F(x,y,z) (x ^ y ^ z)
162 P( A, B, C, D, E, R(20) );
163 P( E, A, B, C, D, R(21) );
164 P( D, E, A, B, C, R(22) );
165 P( C, D, E, A, B, R(23) );
166 P( B, C, D, E, A, R(24) );
167 P( A, B, C, D, E, R(25) );
168 P( E, A, B, C, D, R(26) );
169 P( D, E, A, B, C, R(27) );
170 P( C, D, E, A, B, R(28) );
171 P( B, C, D, E, A, R(29) );
172 P( A, B, C, D, E, R(30) );
173 P( E, A, B, C, D, R(31) );
174 P( D, E, A, B, C, R(32) );
175 P( C, D, E, A, B, R(33) );
176 P( B, C, D, E, A, R(34) );
177 P( A, B, C, D, E, R(35) );
178 P( E, A, B, C, D, R(36) );
179 P( D, E, A, B, C, R(37) );
180 P( C, D, E, A, B, R(38) );
181 P( B, C, D, E, A, R(39) );
186 #define F(x,y,z) ((x & y) | (z & (x | y)))
189 P( A, B, C, D, E, R(40) );
190 P( E, A, B, C, D, R(41) );
191 P( D, E, A, B, C, R(42) );
192 P( C, D, E, A, B, R(43) );
193 P( B, C, D, E, A, R(44) );
194 P( A, B, C, D, E, R(45) );
195 P( E, A, B, C, D, R(46) );
196 P( D, E, A, B, C, R(47) );
197 P( C, D, E, A, B, R(48) );
198 P( B, C, D, E, A, R(49) );
199 P( A, B, C, D, E, R(50) );
200 P( E, A, B, C, D, R(51) );
201 P( D, E, A, B, C, R(52) );
202 P( C, D, E, A, B, R(53) );
203 P( B, C, D, E, A, R(54) );
204 P( A, B, C, D, E, R(55) );
205 P( E, A, B, C, D, R(56) );
206 P( D, E, A, B, C, R(57) );
207 P( C, D, E, A, B, R(58) );
208 P( B, C, D, E, A, R(59) );
213 #define F(x,y,z) (x ^ y ^ z)
216 P( A, B, C, D, E, R(60) );
217 P( E, A, B, C, D, R(61) );
218 P( D, E, A, B, C, R(62) );
219 P( C, D, E, A, B, R(63) );
220 P( B, C, D, E, A, R(64) );
221 P( A, B, C, D, E, R(65) );
222 P( E, A, B, C, D, R(66) );
223 P( D, E, A, B, C, R(67) );
224 P( C, D, E, A, B, R(68) );
225 P( B, C, D, E, A, R(69) );
226 P( A, B, C, D, E, R(70) );
227 P( E, A, B, C, D, R(71) );
228 P( D, E, A, B, C, R(72) );
229 P( C, D, E, A, B, R(73) );
230 P( B, C, D, E, A, R(74) );
231 P( A, B, C, D, E, R(75) );
232 P( E, A, B, C, D, R(76) );
233 P( D, E, A, B, C, R(77) );
234 P( C, D, E, A, B, R(78) );
235 P( B, C, D, E, A, R(79) );
258 left = ctx->
total[0] & 0x3F;
261 ctx->
total[0] += (uint32_t) ilen;
262 ctx->
total[0] &= 0xFFFFFFFF;
264 if( ctx->
total[0] < (uint32_t) ilen )
267 if( left && ilen >= fill )
269 memcpy( (
void *) (ctx->
buffer + left), input, fill );
284 memcpy( (
void *) (ctx->
buffer + left), input, ilen );
287 static const unsigned char sha1_padding[64] =
289 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
290 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
291 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
292 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
302 unsigned char msglen[8];
304 high = ( ctx->
total[0] >> 29 )
305 | ( ctx->
total[1] << 3 );
306 low = ( ctx->
total[0] << 3 );
308 PUT_UINT32_BE( high, msglen, 0 );
309 PUT_UINT32_BE( low, msglen, 4 );
311 last = ctx->
total[0] & 0x3F;
312 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
317 PUT_UINT32_BE( ctx->
state[0], output, 0 );
318 PUT_UINT32_BE( ctx->
state[1], output, 4 );
319 PUT_UINT32_BE( ctx->
state[2], output, 8 );
320 PUT_UINT32_BE( ctx->
state[3], output, 12 );
321 PUT_UINT32_BE( ctx->
state[4], output, 16 );
329 void sha1(
const unsigned char *input,
size_t ilen,
unsigned char output[20] )
340 #if defined(POLARSSL_FS_IO)
344 int sha1_file(
const char *path,
unsigned char output[20] )
349 unsigned char buf[1024];
351 if( ( f = fopen( path,
"rb" ) ) == NULL )
356 while( ( n = fread( buf, 1,
sizeof( buf ), f ) ) > 0 )
363 if( ferror( f ) != 0 )
381 unsigned char sum[20];
385 sha1( key, keylen, sum );
390 memset( ctx->
ipad, 0x36, 64 );
391 memset( ctx->
opad, 0x5C, 64 );
393 for( i = 0; i < keylen; i++ )
395 ctx->
ipad[i] = (
unsigned char)( ctx->
ipad[i] ^ key[i] );
396 ctx->
opad[i] = (
unsigned char)( ctx->
opad[i] ^ key[i] );
402 memset( sum, 0,
sizeof( sum ) );
419 unsigned char tmpbuf[20];
427 memset( tmpbuf, 0,
sizeof( tmpbuf ) );
442 void sha1_hmac(
const unsigned char *key,
size_t keylen,
443 const unsigned char *input,
size_t ilen,
444 unsigned char output[20] )
455 #if defined(POLARSSL_SELF_TEST)
459 static unsigned char sha1_test_buf[3][57] =
462 {
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
466 static const int sha1_test_buflen[3] =
471 static const unsigned char sha1_test_sum[3][20] =
473 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
474 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
475 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
476 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
477 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
478 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
484 static unsigned char sha1_hmac_test_key[7][26] =
486 {
"\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
487 "\x0B\x0B\x0B\x0B" },
489 {
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
490 "\xAA\xAA\xAA\xAA" },
491 {
"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
492 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
493 {
"\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
494 "\x0C\x0C\x0C\x0C" },
499 static const int sha1_hmac_test_keylen[7] =
501 20, 4, 20, 25, 20, 80, 80
504 static unsigned char sha1_hmac_test_buf[7][74] =
507 {
"what do ya want for nothing?" },
508 {
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
509 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
510 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
511 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
512 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
513 {
"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
514 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
515 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
516 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
517 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
518 {
"Test With Truncation" },
519 {
"Test Using Larger Than Block-Size Key - Hash Key First" },
520 {
"Test Using Larger Than Block-Size Key and Larger"
521 " Than One Block-Size Data" }
524 static const int sha1_hmac_test_buflen[7] =
526 8, 28, 50, 50, 20, 54, 73
529 static const unsigned char sha1_hmac_test_sum[7][20] =
531 { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
532 0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
533 { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
534 0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
535 { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
536 0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
537 { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
538 0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
539 { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
541 { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
542 0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
543 { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
544 0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
553 unsigned char buf[1024];
554 unsigned char sha1sum[20];
560 for( i = 0; i < 3; i++ )
569 memset( buf,
'a', buflen = 1000 );
571 for( j = 0; j < 1000; j++ )
576 sha1_test_buflen[i] );
580 if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
595 for( i = 0; i < 7; i++ )
600 if( i == 5 || i == 6 )
602 memset( buf,
'\xAA', buflen = 80 );
607 sha1_hmac_test_keylen[i] );
610 sha1_hmac_test_buflen[i] );
614 buflen = ( i == 4 ) ? 12 : 20;
616 if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
void sha1_hmac_finish(sha1_context *ctx, unsigned char output[20])
SHA-1 HMAC final digest.
int sha1_self_test(int verbose)
Checkup routine.
void sha1(const unsigned char *input, size_t ilen, unsigned char output[20])
Output = SHA-1( input buffer )
void sha1_finish(sha1_context *ctx, unsigned char output[20])
SHA-1 final digest.
void sha1_hmac(const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char output[20])
Output = HMAC-SHA-1( hmac key, input buffer )
Configuration options (set of defines)
void sha1_hmac_reset(sha1_context *ctx)
SHA-1 HMAC context reset.
int sha1_file(const char *path, unsigned char output[20])
Output = SHA-1( file contents )
void sha1_hmac_starts(sha1_context *ctx, const unsigned char *key, size_t keylen)
SHA-1 HMAC context setup.
void sha1_starts(sha1_context *ctx)
SHA-1 context setup.
SHA-1 cryptographic hash function.
void sha1_update(sha1_context *ctx, const unsigned char *input, size_t ilen)
SHA-1 process buffer.
void sha1_process(sha1_context *ctx, const unsigned char data[64])
void sha1_hmac_update(sha1_context *ctx, const unsigned char *input, size_t ilen)
SHA-1 HMAC process buffer.
#define POLARSSL_ERR_SHA1_FILE_IO_ERROR
Read/write error in file.