2 * FIPS-180-1 compliant SHA-1 implementation
\r
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
\r
5 * SPDX-License-Identifier: Apache-2.0
\r
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
\r
8 * not use this file except in compliance with the License.
\r
9 * You may obtain a copy of the License at
\r
11 * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * Unless required by applicable law or agreed to in writing, software
\r
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
\r
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * See the License for the specific language governing permissions and
\r
17 * limitations under the License.
\r
19 * This file is part of mbed TLS (https://tls.mbed.org)
\r
22 * The SHA-1 standard was published by NIST in 1993.
\r
24 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
\r
27 #if !defined(MBEDTLS_CONFIG_FILE)
\r
28 #include "mbedtls/config.h"
\r
30 #include MBEDTLS_CONFIG_FILE
\r
33 #if defined(MBEDTLS_SHA1_C)
\r
35 #include "mbedtls/sha1.h"
\r
36 #include "mbedtls/platform_util.h"
\r
40 #if defined(MBEDTLS_SELF_TEST)
\r
41 #if defined(MBEDTLS_PLATFORM_C)
\r
42 #include "mbedtls/platform.h"
\r
45 #define mbedtls_printf printf
\r
46 #endif /* MBEDTLS_PLATFORM_C */
\r
47 #endif /* MBEDTLS_SELF_TEST */
\r
49 #define SHA1_VALIDATE_RET(cond) \
\r
50 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA )
\r
52 #define SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
\r
54 #if !defined(MBEDTLS_SHA1_ALT)
\r
57 * 32-bit integer manipulation macros (big endian)
\r
59 #ifndef GET_UINT32_BE
\r
60 #define GET_UINT32_BE(n,b,i) \
\r
62 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
\r
63 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
\r
64 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
\r
65 | ( (uint32_t) (b)[(i) + 3] ); \
\r
69 #ifndef PUT_UINT32_BE
\r
70 #define PUT_UINT32_BE(n,b,i) \
\r
72 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
\r
73 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
\r
74 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
\r
75 (b)[(i) + 3] = (unsigned char) ( (n) ); \
\r
79 void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
\r
81 SHA1_VALIDATE( ctx != NULL );
\r
83 memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
\r
86 void mbedtls_sha1_free( mbedtls_sha1_context *ctx )
\r
91 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
\r
94 void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
\r
95 const mbedtls_sha1_context *src )
\r
97 SHA1_VALIDATE( dst != NULL );
\r
98 SHA1_VALIDATE( src != NULL );
\r
104 * SHA-1 context setup
\r
106 int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
\r
108 SHA1_VALIDATE_RET( ctx != NULL );
\r
113 ctx->state[0] = 0x67452301;
\r
114 ctx->state[1] = 0xEFCDAB89;
\r
115 ctx->state[2] = 0x98BADCFE;
\r
116 ctx->state[3] = 0x10325476;
\r
117 ctx->state[4] = 0xC3D2E1F0;
\r
122 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
\r
123 void mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
\r
125 mbedtls_sha1_starts_ret( ctx );
\r
129 #if !defined(MBEDTLS_SHA1_PROCESS_ALT)
\r
130 int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
\r
131 const unsigned char data[64] )
\r
133 uint32_t temp, W[16], A, B, C, D, E;
\r
135 SHA1_VALIDATE_RET( ctx != NULL );
\r
136 SHA1_VALIDATE_RET( (const unsigned char *)data != NULL );
\r
138 GET_UINT32_BE( W[ 0], data, 0 );
\r
139 GET_UINT32_BE( W[ 1], data, 4 );
\r
140 GET_UINT32_BE( W[ 2], data, 8 );
\r
141 GET_UINT32_BE( W[ 3], data, 12 );
\r
142 GET_UINT32_BE( W[ 4], data, 16 );
\r
143 GET_UINT32_BE( W[ 5], data, 20 );
\r
144 GET_UINT32_BE( W[ 6], data, 24 );
\r
145 GET_UINT32_BE( W[ 7], data, 28 );
\r
146 GET_UINT32_BE( W[ 8], data, 32 );
\r
147 GET_UINT32_BE( W[ 9], data, 36 );
\r
148 GET_UINT32_BE( W[10], data, 40 );
\r
149 GET_UINT32_BE( W[11], data, 44 );
\r
150 GET_UINT32_BE( W[12], data, 48 );
\r
151 GET_UINT32_BE( W[13], data, 52 );
\r
152 GET_UINT32_BE( W[14], data, 56 );
\r
153 GET_UINT32_BE( W[15], data, 60 );
\r
155 #define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
\r
159 temp = W[( (t) - 3 ) & 0x0F] ^ W[( (t) - 8 ) & 0x0F] ^ \
\r
160 W[( (t) - 14 ) & 0x0F] ^ W[ (t) & 0x0F], \
\r
161 ( W[(t) & 0x0F] = S(temp,1) ) \
\r
164 #define P(a,b,c,d,e,x) \
\r
167 (e) += S((a),5) + F((b),(c),(d)) + K + (x); \
\r
177 #define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
\r
178 #define K 0x5A827999
\r
180 P( A, B, C, D, E, W[0] );
\r
181 P( E, A, B, C, D, W[1] );
\r
182 P( D, E, A, B, C, W[2] );
\r
183 P( C, D, E, A, B, W[3] );
\r
184 P( B, C, D, E, A, W[4] );
\r
185 P( A, B, C, D, E, W[5] );
\r
186 P( E, A, B, C, D, W[6] );
\r
187 P( D, E, A, B, C, W[7] );
\r
188 P( C, D, E, A, B, W[8] );
\r
189 P( B, C, D, E, A, W[9] );
\r
190 P( A, B, C, D, E, W[10] );
\r
191 P( E, A, B, C, D, W[11] );
\r
192 P( D, E, A, B, C, W[12] );
\r
193 P( C, D, E, A, B, W[13] );
\r
194 P( B, C, D, E, A, W[14] );
\r
195 P( A, B, C, D, E, W[15] );
\r
196 P( E, A, B, C, D, R(16) );
\r
197 P( D, E, A, B, C, R(17) );
\r
198 P( C, D, E, A, B, R(18) );
\r
199 P( B, C, D, E, A, R(19) );
\r
204 #define F(x,y,z) ((x) ^ (y) ^ (z))
\r
205 #define K 0x6ED9EBA1
\r
207 P( A, B, C, D, E, R(20) );
\r
208 P( E, A, B, C, D, R(21) );
\r
209 P( D, E, A, B, C, R(22) );
\r
210 P( C, D, E, A, B, R(23) );
\r
211 P( B, C, D, E, A, R(24) );
\r
212 P( A, B, C, D, E, R(25) );
\r
213 P( E, A, B, C, D, R(26) );
\r
214 P( D, E, A, B, C, R(27) );
\r
215 P( C, D, E, A, B, R(28) );
\r
216 P( B, C, D, E, A, R(29) );
\r
217 P( A, B, C, D, E, R(30) );
\r
218 P( E, A, B, C, D, R(31) );
\r
219 P( D, E, A, B, C, R(32) );
\r
220 P( C, D, E, A, B, R(33) );
\r
221 P( B, C, D, E, A, R(34) );
\r
222 P( A, B, C, D, E, R(35) );
\r
223 P( E, A, B, C, D, R(36) );
\r
224 P( D, E, A, B, C, R(37) );
\r
225 P( C, D, E, A, B, R(38) );
\r
226 P( B, C, D, E, A, R(39) );
\r
231 #define F(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
\r
232 #define K 0x8F1BBCDC
\r
234 P( A, B, C, D, E, R(40) );
\r
235 P( E, A, B, C, D, R(41) );
\r
236 P( D, E, A, B, C, R(42) );
\r
237 P( C, D, E, A, B, R(43) );
\r
238 P( B, C, D, E, A, R(44) );
\r
239 P( A, B, C, D, E, R(45) );
\r
240 P( E, A, B, C, D, R(46) );
\r
241 P( D, E, A, B, C, R(47) );
\r
242 P( C, D, E, A, B, R(48) );
\r
243 P( B, C, D, E, A, R(49) );
\r
244 P( A, B, C, D, E, R(50) );
\r
245 P( E, A, B, C, D, R(51) );
\r
246 P( D, E, A, B, C, R(52) );
\r
247 P( C, D, E, A, B, R(53) );
\r
248 P( B, C, D, E, A, R(54) );
\r
249 P( A, B, C, D, E, R(55) );
\r
250 P( E, A, B, C, D, R(56) );
\r
251 P( D, E, A, B, C, R(57) );
\r
252 P( C, D, E, A, B, R(58) );
\r
253 P( B, C, D, E, A, R(59) );
\r
258 #define F(x,y,z) ((x) ^ (y) ^ (z))
\r
259 #define K 0xCA62C1D6
\r
261 P( A, B, C, D, E, R(60) );
\r
262 P( E, A, B, C, D, R(61) );
\r
263 P( D, E, A, B, C, R(62) );
\r
264 P( C, D, E, A, B, R(63) );
\r
265 P( B, C, D, E, A, R(64) );
\r
266 P( A, B, C, D, E, R(65) );
\r
267 P( E, A, B, C, D, R(66) );
\r
268 P( D, E, A, B, C, R(67) );
\r
269 P( C, D, E, A, B, R(68) );
\r
270 P( B, C, D, E, A, R(69) );
\r
271 P( A, B, C, D, E, R(70) );
\r
272 P( E, A, B, C, D, R(71) );
\r
273 P( D, E, A, B, C, R(72) );
\r
274 P( C, D, E, A, B, R(73) );
\r
275 P( B, C, D, E, A, R(74) );
\r
276 P( A, B, C, D, E, R(75) );
\r
277 P( E, A, B, C, D, R(76) );
\r
278 P( D, E, A, B, C, R(77) );
\r
279 P( C, D, E, A, B, R(78) );
\r
280 P( B, C, D, E, A, R(79) );
\r
285 ctx->state[0] += A;
\r
286 ctx->state[1] += B;
\r
287 ctx->state[2] += C;
\r
288 ctx->state[3] += D;
\r
289 ctx->state[4] += E;
\r
294 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
\r
295 void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
\r
296 const unsigned char data[64] )
\r
298 mbedtls_internal_sha1_process( ctx, data );
\r
301 #endif /* !MBEDTLS_SHA1_PROCESS_ALT */
\r
304 * SHA-1 process buffer
\r
306 int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
\r
307 const unsigned char *input,
\r
314 SHA1_VALIDATE_RET( ctx != NULL );
\r
315 SHA1_VALIDATE_RET( ilen == 0 || input != NULL );
\r
320 left = ctx->total[0] & 0x3F;
\r
323 ctx->total[0] += (uint32_t) ilen;
\r
324 ctx->total[0] &= 0xFFFFFFFF;
\r
326 if( ctx->total[0] < (uint32_t) ilen )
\r
329 if( left && ilen >= fill )
\r
331 memcpy( (void *) (ctx->buffer + left), input, fill );
\r
333 if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
\r
341 while( ilen >= 64 )
\r
343 if( ( ret = mbedtls_internal_sha1_process( ctx, input ) ) != 0 )
\r
351 memcpy( (void *) (ctx->buffer + left), input, ilen );
\r
356 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
\r
357 void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
\r
358 const unsigned char *input,
\r
361 mbedtls_sha1_update_ret( ctx, input, ilen );
\r
366 * SHA-1 final digest
\r
368 int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
\r
369 unsigned char output[20] )
\r
373 uint32_t high, low;
\r
375 SHA1_VALIDATE_RET( ctx != NULL );
\r
376 SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
\r
379 * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
\r
381 used = ctx->total[0] & 0x3F;
\r
383 ctx->buffer[used++] = 0x80;
\r
387 /* Enough room for padding + length in current block */
\r
388 memset( ctx->buffer + used, 0, 56 - used );
\r
392 /* We'll need an extra block */
\r
393 memset( ctx->buffer + used, 0, 64 - used );
\r
395 if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
\r
398 memset( ctx->buffer, 0, 56 );
\r
402 * Add message length
\r
404 high = ( ctx->total[0] >> 29 )
\r
405 | ( ctx->total[1] << 3 );
\r
406 low = ( ctx->total[0] << 3 );
\r
408 PUT_UINT32_BE( high, ctx->buffer, 56 );
\r
409 PUT_UINT32_BE( low, ctx->buffer, 60 );
\r
411 if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
\r
415 * Output final state
\r
417 PUT_UINT32_BE( ctx->state[0], output, 0 );
\r
418 PUT_UINT32_BE( ctx->state[1], output, 4 );
\r
419 PUT_UINT32_BE( ctx->state[2], output, 8 );
\r
420 PUT_UINT32_BE( ctx->state[3], output, 12 );
\r
421 PUT_UINT32_BE( ctx->state[4], output, 16 );
\r
426 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
\r
427 void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
\r
428 unsigned char output[20] )
\r
430 mbedtls_sha1_finish_ret( ctx, output );
\r
434 #endif /* !MBEDTLS_SHA1_ALT */
\r
437 * output = SHA-1( input buffer )
\r
439 int mbedtls_sha1_ret( const unsigned char *input,
\r
441 unsigned char output[20] )
\r
444 mbedtls_sha1_context ctx;
\r
446 SHA1_VALIDATE_RET( ilen == 0 || input != NULL );
\r
447 SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
\r
449 mbedtls_sha1_init( &ctx );
\r
451 if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 )
\r
454 if( ( ret = mbedtls_sha1_update_ret( &ctx, input, ilen ) ) != 0 )
\r
457 if( ( ret = mbedtls_sha1_finish_ret( &ctx, output ) ) != 0 )
\r
461 mbedtls_sha1_free( &ctx );
\r
466 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
\r
467 void mbedtls_sha1( const unsigned char *input,
\r
469 unsigned char output[20] )
\r
471 mbedtls_sha1_ret( input, ilen, output );
\r
475 #if defined(MBEDTLS_SELF_TEST)
\r
477 * FIPS-180-1 test vectors
\r
479 static const unsigned char sha1_test_buf[3][57] =
\r
482 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
\r
486 static const size_t sha1_test_buflen[3] =
\r
491 static const unsigned char sha1_test_sum[3][20] =
\r
493 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
\r
494 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
\r
495 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
\r
496 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
\r
497 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
\r
498 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
\r
504 int mbedtls_sha1_self_test( int verbose )
\r
506 int i, j, buflen, ret = 0;
\r
507 unsigned char buf[1024];
\r
508 unsigned char sha1sum[20];
\r
509 mbedtls_sha1_context ctx;
\r
511 mbedtls_sha1_init( &ctx );
\r
516 for( i = 0; i < 3; i++ )
\r
519 mbedtls_printf( " SHA-1 test #%d: ", i + 1 );
\r
521 if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 )
\r
526 memset( buf, 'a', buflen = 1000 );
\r
528 for( j = 0; j < 1000; j++ )
\r
530 ret = mbedtls_sha1_update_ret( &ctx, buf, buflen );
\r
537 ret = mbedtls_sha1_update_ret( &ctx, sha1_test_buf[i],
\r
538 sha1_test_buflen[i] );
\r
543 if( ( ret = mbedtls_sha1_finish_ret( &ctx, sha1sum ) ) != 0 )
\r
546 if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
\r
553 mbedtls_printf( "passed\n" );
\r
557 mbedtls_printf( "\n" );
\r
563 mbedtls_printf( "failed\n" );
\r
566 mbedtls_sha1_free( &ctx );
\r
571 #endif /* MBEDTLS_SELF_TEST */
\r
573 #endif /* MBEDTLS_SHA1_C */
\r