00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031 #include "polarssl/config.h"
00032
00033 #if defined(POLARSSL_SHA1_C)
00034
00035 #include "polarssl/sha1.h"
00036
00037 #if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
00038 #include <stdio.h>
00039 #endif
00040
00041 #if !defined(POLARSSL_SHA1_ALT)
00042
00043
00044
00045
00046 #ifndef GET_UINT32_BE
00047 #define GET_UINT32_BE(n,b,i) \
00048 { \
00049 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
00050 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
00051 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
00052 | ( (uint32_t) (b)[(i) + 3] ); \
00053 }
00054 #endif
00055
00056 #ifndef PUT_UINT32_BE
00057 #define PUT_UINT32_BE(n,b,i) \
00058 { \
00059 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
00060 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
00061 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
00062 (b)[(i) + 3] = (unsigned char) ( (n) ); \
00063 }
00064 #endif
00065
00066
00067
00068
00069 void sha1_starts( sha1_context *ctx )
00070 {
00071 ctx->total[0] = 0;
00072 ctx->total[1] = 0;
00073
00074 ctx->state[0] = 0x67452301;
00075 ctx->state[1] = 0xEFCDAB89;
00076 ctx->state[2] = 0x98BADCFE;
00077 ctx->state[3] = 0x10325476;
00078 ctx->state[4] = 0xC3D2E1F0;
00079 }
00080
00081 void sha1_process( sha1_context *ctx, const unsigned char data[64] )
00082 {
00083 uint32_t temp, W[16], A, B, C, D, E;
00084
00085 GET_UINT32_BE( W[ 0], data, 0 );
00086 GET_UINT32_BE( W[ 1], data, 4 );
00087 GET_UINT32_BE( W[ 2], data, 8 );
00088 GET_UINT32_BE( W[ 3], data, 12 );
00089 GET_UINT32_BE( W[ 4], data, 16 );
00090 GET_UINT32_BE( W[ 5], data, 20 );
00091 GET_UINT32_BE( W[ 6], data, 24 );
00092 GET_UINT32_BE( W[ 7], data, 28 );
00093 GET_UINT32_BE( W[ 8], data, 32 );
00094 GET_UINT32_BE( W[ 9], data, 36 );
00095 GET_UINT32_BE( W[10], data, 40 );
00096 GET_UINT32_BE( W[11], data, 44 );
00097 GET_UINT32_BE( W[12], data, 48 );
00098 GET_UINT32_BE( W[13], data, 52 );
00099 GET_UINT32_BE( W[14], data, 56 );
00100 GET_UINT32_BE( W[15], data, 60 );
00101
00102 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
00103
00104 #define R(t) \
00105 ( \
00106 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
00107 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
00108 ( W[t & 0x0F] = S(temp,1) ) \
00109 )
00110
00111 #define P(a,b,c,d,e,x) \
00112 { \
00113 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
00114 }
00115
00116 A = ctx->state[0];
00117 B = ctx->state[1];
00118 C = ctx->state[2];
00119 D = ctx->state[3];
00120 E = ctx->state[4];
00121
00122 #define F(x,y,z) (z ^ (x & (y ^ z)))
00123 #define K 0x5A827999
00124
00125 P( A, B, C, D, E, W[0] );
00126 P( E, A, B, C, D, W[1] );
00127 P( D, E, A, B, C, W[2] );
00128 P( C, D, E, A, B, W[3] );
00129 P( B, C, D, E, A, W[4] );
00130 P( A, B, C, D, E, W[5] );
00131 P( E, A, B, C, D, W[6] );
00132 P( D, E, A, B, C, W[7] );
00133 P( C, D, E, A, B, W[8] );
00134 P( B, C, D, E, A, W[9] );
00135 P( A, B, C, D, E, W[10] );
00136 P( E, A, B, C, D, W[11] );
00137 P( D, E, A, B, C, W[12] );
00138 P( C, D, E, A, B, W[13] );
00139 P( B, C, D, E, A, W[14] );
00140 P( A, B, C, D, E, W[15] );
00141 P( E, A, B, C, D, R(16) );
00142 P( D, E, A, B, C, R(17) );
00143 P( C, D, E, A, B, R(18) );
00144 P( B, C, D, E, A, R(19) );
00145
00146 #undef K
00147 #undef F
00148
00149 #define F(x,y,z) (x ^ y ^ z)
00150 #define K 0x6ED9EBA1
00151
00152 P( A, B, C, D, E, R(20) );
00153 P( E, A, B, C, D, R(21) );
00154 P( D, E, A, B, C, R(22) );
00155 P( C, D, E, A, B, R(23) );
00156 P( B, C, D, E, A, R(24) );
00157 P( A, B, C, D, E, R(25) );
00158 P( E, A, B, C, D, R(26) );
00159 P( D, E, A, B, C, R(27) );
00160 P( C, D, E, A, B, R(28) );
00161 P( B, C, D, E, A, R(29) );
00162 P( A, B, C, D, E, R(30) );
00163 P( E, A, B, C, D, R(31) );
00164 P( D, E, A, B, C, R(32) );
00165 P( C, D, E, A, B, R(33) );
00166 P( B, C, D, E, A, R(34) );
00167 P( A, B, C, D, E, R(35) );
00168 P( E, A, B, C, D, R(36) );
00169 P( D, E, A, B, C, R(37) );
00170 P( C, D, E, A, B, R(38) );
00171 P( B, C, D, E, A, R(39) );
00172
00173 #undef K
00174 #undef F
00175
00176 #define F(x,y,z) ((x & y) | (z & (x | y)))
00177 #define K 0x8F1BBCDC
00178
00179 P( A, B, C, D, E, R(40) );
00180 P( E, A, B, C, D, R(41) );
00181 P( D, E, A, B, C, R(42) );
00182 P( C, D, E, A, B, R(43) );
00183 P( B, C, D, E, A, R(44) );
00184 P( A, B, C, D, E, R(45) );
00185 P( E, A, B, C, D, R(46) );
00186 P( D, E, A, B, C, R(47) );
00187 P( C, D, E, A, B, R(48) );
00188 P( B, C, D, E, A, R(49) );
00189 P( A, B, C, D, E, R(50) );
00190 P( E, A, B, C, D, R(51) );
00191 P( D, E, A, B, C, R(52) );
00192 P( C, D, E, A, B, R(53) );
00193 P( B, C, D, E, A, R(54) );
00194 P( A, B, C, D, E, R(55) );
00195 P( E, A, B, C, D, R(56) );
00196 P( D, E, A, B, C, R(57) );
00197 P( C, D, E, A, B, R(58) );
00198 P( B, C, D, E, A, R(59) );
00199
00200 #undef K
00201 #undef F
00202
00203 #define F(x,y,z) (x ^ y ^ z)
00204 #define K 0xCA62C1D6
00205
00206 P( A, B, C, D, E, R(60) );
00207 P( E, A, B, C, D, R(61) );
00208 P( D, E, A, B, C, R(62) );
00209 P( C, D, E, A, B, R(63) );
00210 P( B, C, D, E, A, R(64) );
00211 P( A, B, C, D, E, R(65) );
00212 P( E, A, B, C, D, R(66) );
00213 P( D, E, A, B, C, R(67) );
00214 P( C, D, E, A, B, R(68) );
00215 P( B, C, D, E, A, R(69) );
00216 P( A, B, C, D, E, R(70) );
00217 P( E, A, B, C, D, R(71) );
00218 P( D, E, A, B, C, R(72) );
00219 P( C, D, E, A, B, R(73) );
00220 P( B, C, D, E, A, R(74) );
00221 P( A, B, C, D, E, R(75) );
00222 P( E, A, B, C, D, R(76) );
00223 P( D, E, A, B, C, R(77) );
00224 P( C, D, E, A, B, R(78) );
00225 P( B, C, D, E, A, R(79) );
00226
00227 #undef K
00228 #undef F
00229
00230 ctx->state[0] += A;
00231 ctx->state[1] += B;
00232 ctx->state[2] += C;
00233 ctx->state[3] += D;
00234 ctx->state[4] += E;
00235 }
00236
00237
00238
00239
00240 void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
00241 {
00242 size_t fill;
00243 uint32_t left;
00244
00245 if( ilen <= 0 )
00246 return;
00247
00248 left = ctx->total[0] & 0x3F;
00249 fill = 64 - left;
00250
00251 ctx->total[0] += (uint32_t) ilen;
00252 ctx->total[0] &= 0xFFFFFFFF;
00253
00254 if( ctx->total[0] < (uint32_t) ilen )
00255 ctx->total[1]++;
00256
00257 if( left && ilen >= fill )
00258 {
00259 memcpy( (void *) (ctx->buffer + left), input, fill );
00260 sha1_process( ctx, ctx->buffer );
00261 input += fill;
00262 ilen -= fill;
00263 left = 0;
00264 }
00265
00266 while( ilen >= 64 )
00267 {
00268 sha1_process( ctx, input );
00269 input += 64;
00270 ilen -= 64;
00271 }
00272
00273 if( ilen > 0 )
00274 memcpy( (void *) (ctx->buffer + left), input, ilen );
00275 }
00276
00277 static const unsigned char sha1_padding[64] =
00278 {
00279 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00280 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00281 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00282 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
00283 };
00284
00285
00286
00287
00288 void sha1_finish( sha1_context *ctx, unsigned char output[20] )
00289 {
00290 uint32_t last, padn;
00291 uint32_t high, low;
00292 unsigned char msglen[8];
00293
00294 high = ( ctx->total[0] >> 29 )
00295 | ( ctx->total[1] << 3 );
00296 low = ( ctx->total[0] << 3 );
00297
00298 PUT_UINT32_BE( high, msglen, 0 );
00299 PUT_UINT32_BE( low, msglen, 4 );
00300
00301 last = ctx->total[0] & 0x3F;
00302 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
00303
00304 sha1_update( ctx, sha1_padding, padn );
00305 sha1_update( ctx, msglen, 8 );
00306
00307 PUT_UINT32_BE( ctx->state[0], output, 0 );
00308 PUT_UINT32_BE( ctx->state[1], output, 4 );
00309 PUT_UINT32_BE( ctx->state[2], output, 8 );
00310 PUT_UINT32_BE( ctx->state[3], output, 12 );
00311 PUT_UINT32_BE( ctx->state[4], output, 16 );
00312 }
00313
00314 #endif
00315
00316
00317
00318
00319 void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
00320 {
00321 sha1_context ctx;
00322
00323 sha1_starts( &ctx );
00324 sha1_update( &ctx, input, ilen );
00325 sha1_finish( &ctx, output );
00326
00327 memset( &ctx, 0, sizeof( sha1_context ) );
00328 }
00329
00330 #if defined(POLARSSL_FS_IO)
00331
00332
00333
00334 int sha1_file( const char *path, unsigned char output[20] )
00335 {
00336 FILE *f;
00337 size_t n;
00338 sha1_context ctx;
00339 unsigned char buf[1024];
00340
00341 if( ( f = fopen( path, "rb" ) ) == NULL )
00342 return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
00343
00344 sha1_starts( &ctx );
00345
00346 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
00347 sha1_update( &ctx, buf, n );
00348
00349 sha1_finish( &ctx, output );
00350
00351 memset( &ctx, 0, sizeof( sha1_context ) );
00352
00353 if( ferror( f ) != 0 )
00354 {
00355 fclose( f );
00356 return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
00357 }
00358
00359 fclose( f );
00360 return( 0 );
00361 }
00362 #endif
00363
00364
00365
00366
00367 void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keylen )
00368 {
00369 size_t i;
00370 unsigned char sum[20];
00371
00372 if( keylen > 64 )
00373 {
00374 sha1( key, keylen, sum );
00375 keylen = 20;
00376 key = sum;
00377 }
00378
00379 memset( ctx->ipad, 0x36, 64 );
00380 memset( ctx->opad, 0x5C, 64 );
00381
00382 for( i = 0; i < keylen; i++ )
00383 {
00384 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
00385 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
00386 }
00387
00388 sha1_starts( ctx );
00389 sha1_update( ctx, ctx->ipad, 64 );
00390
00391 memset( sum, 0, sizeof( sum ) );
00392 }
00393
00394
00395
00396
00397 void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
00398 {
00399 sha1_update( ctx, input, ilen );
00400 }
00401
00402
00403
00404
00405 void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
00406 {
00407 unsigned char tmpbuf[20];
00408
00409 sha1_finish( ctx, tmpbuf );
00410 sha1_starts( ctx );
00411 sha1_update( ctx, ctx->opad, 64 );
00412 sha1_update( ctx, tmpbuf, 20 );
00413 sha1_finish( ctx, output );
00414
00415 memset( tmpbuf, 0, sizeof( tmpbuf ) );
00416 }
00417
00418
00419
00420
00421 void sha1_hmac_reset( sha1_context *ctx )
00422 {
00423 sha1_starts( ctx );
00424 sha1_update( ctx, ctx->ipad, 64 );
00425 }
00426
00427
00428
00429
00430 void sha1_hmac( const unsigned char *key, size_t keylen,
00431 const unsigned char *input, size_t ilen,
00432 unsigned char output[20] )
00433 {
00434 sha1_context ctx;
00435
00436 sha1_hmac_starts( &ctx, key, keylen );
00437 sha1_hmac_update( &ctx, input, ilen );
00438 sha1_hmac_finish( &ctx, output );
00439
00440 memset( &ctx, 0, sizeof( sha1_context ) );
00441 }
00442
00443 #if defined(POLARSSL_SELF_TEST)
00444
00445
00446
00447 static unsigned char sha1_test_buf[3][57] =
00448 {
00449 { "abc" },
00450 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
00451 { "" }
00452 };
00453
00454 static const int sha1_test_buflen[3] =
00455 {
00456 3, 56, 1000
00457 };
00458
00459 static const unsigned char sha1_test_sum[3][20] =
00460 {
00461 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
00462 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
00463 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
00464 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
00465 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
00466 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
00467 };
00468
00469
00470
00471
00472 static unsigned char sha1_hmac_test_key[7][26] =
00473 {
00474 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
00475 "\x0B\x0B\x0B\x0B" },
00476 { "Jefe" },
00477 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
00478 "\xAA\xAA\xAA\xAA" },
00479 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
00480 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
00481 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
00482 "\x0C\x0C\x0C\x0C" },
00483 { "" },
00484 { "" }
00485 };
00486
00487 static const int sha1_hmac_test_keylen[7] =
00488 {
00489 20, 4, 20, 25, 20, 80, 80
00490 };
00491
00492 static unsigned char sha1_hmac_test_buf[7][74] =
00493 {
00494 { "Hi There" },
00495 { "what do ya want for nothing?" },
00496 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00497 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00498 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00499 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00500 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
00501 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00502 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00503 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00504 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00505 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
00506 { "Test With Truncation" },
00507 { "Test Using Larger Than Block-Size Key - Hash Key First" },
00508 { "Test Using Larger Than Block-Size Key and Larger"
00509 " Than One Block-Size Data" }
00510 };
00511
00512 static const int sha1_hmac_test_buflen[7] =
00513 {
00514 8, 28, 50, 50, 20, 54, 73
00515 };
00516
00517 static const unsigned char sha1_hmac_test_sum[7][20] =
00518 {
00519 { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
00520 0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
00521 { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
00522 0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
00523 { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
00524 0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
00525 { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
00526 0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
00527 { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
00528 0x7B, 0xE1 },
00529 { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
00530 0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
00531 { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
00532 0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
00533 };
00534
00535
00536
00537
00538 int sha1_self_test( int verbose )
00539 {
00540 int i, j, buflen;
00541 unsigned char buf[1024];
00542 unsigned char sha1sum[20];
00543 sha1_context ctx;
00544
00545
00546
00547
00548 for( i = 0; i < 3; i++ )
00549 {
00550 if( verbose != 0 )
00551 printf( " SHA-1 test #%d: ", i + 1 );
00552
00553 sha1_starts( &ctx );
00554
00555 if( i == 2 )
00556 {
00557 memset( buf, 'a', buflen = 1000 );
00558
00559 for( j = 0; j < 1000; j++ )
00560 sha1_update( &ctx, buf, buflen );
00561 }
00562 else
00563 sha1_update( &ctx, sha1_test_buf[i],
00564 sha1_test_buflen[i] );
00565
00566 sha1_finish( &ctx, sha1sum );
00567
00568 if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
00569 {
00570 if( verbose != 0 )
00571 printf( "failed\n" );
00572
00573 return( 1 );
00574 }
00575
00576 if( verbose != 0 )
00577 printf( "passed\n" );
00578 }
00579
00580 if( verbose != 0 )
00581 printf( "\n" );
00582
00583 for( i = 0; i < 7; i++ )
00584 {
00585 if( verbose != 0 )
00586 printf( " HMAC-SHA-1 test #%d: ", i + 1 );
00587
00588 if( i == 5 || i == 6 )
00589 {
00590 memset( buf, '\xAA', buflen = 80 );
00591 sha1_hmac_starts( &ctx, buf, buflen );
00592 }
00593 else
00594 sha1_hmac_starts( &ctx, sha1_hmac_test_key[i],
00595 sha1_hmac_test_keylen[i] );
00596
00597 sha1_hmac_update( &ctx, sha1_hmac_test_buf[i],
00598 sha1_hmac_test_buflen[i] );
00599
00600 sha1_hmac_finish( &ctx, sha1sum );
00601
00602 buflen = ( i == 4 ) ? 12 : 20;
00603
00604 if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
00605 {
00606 if( verbose != 0 )
00607 printf( "failed\n" );
00608
00609 return( 1 );
00610 }
00611
00612 if( verbose != 0 )
00613 printf( "passed\n" );
00614 }
00615
00616 if( verbose != 0 )
00617 printf( "\n" );
00618
00619 return( 0 );
00620 }
00621
00622 #endif
00623
00624 #endif