]> cvs.zerfleddert.de Git - proxmark3-svn/blame_incremental - common/polarssl/sha1.c
ignore SELECT ALL
[proxmark3-svn] / common / polarssl / sha1.c
... / ...
CommitLineData
1/*
2 * FIPS-180-1 compliant SHA-1 implementation
3 *
4 * Copyright (C) 2006-2013, Brainspark B.V.
5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The SHA-1 standard was published by NIST in 1993.
27 *
28 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
29 */
30
31#include "polarssl_config.h"
32
33#if defined(POLARSSL_SHA1_C)
34
35#include "sha1.h"
36
37#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
38#include <stdio.h>
39#endif
40
41#if !defined(POLARSSL_SHA1_ALT)
42
43/*
44 * 32-bit integer manipulation macros (big endian)
45 */
46#ifndef GET_UINT32_BE
47#define GET_UINT32_BE(n,b,i) \
48{ \
49 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
50 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
51 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
52 | ( (uint32_t) (b)[(i) + 3] ); \
53}
54#endif
55
56#ifndef PUT_UINT32_BE
57#define PUT_UINT32_BE(n,b,i) \
58{ \
59 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
60 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
61 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
62 (b)[(i) + 3] = (unsigned char) ( (n) ); \
63}
64#endif
65
66/*
67 * SHA-1 context setup
68 */
69void sha1_starts( sha1_context *ctx )
70{
71 ctx->total[0] = 0;
72 ctx->total[1] = 0;
73
74 ctx->state[0] = 0x67452301;
75 ctx->state[1] = 0xEFCDAB89;
76 ctx->state[2] = 0x98BADCFE;
77 ctx->state[3] = 0x10325476;
78 ctx->state[4] = 0xC3D2E1F0;
79}
80
81void sha1_process( sha1_context *ctx, const unsigned char data[64] )
82{
83 uint32_t temp, W[16], A, B, C, D, E;
84
85 GET_UINT32_BE( W[ 0], data, 0 );
86 GET_UINT32_BE( W[ 1], data, 4 );
87 GET_UINT32_BE( W[ 2], data, 8 );
88 GET_UINT32_BE( W[ 3], data, 12 );
89 GET_UINT32_BE( W[ 4], data, 16 );
90 GET_UINT32_BE( W[ 5], data, 20 );
91 GET_UINT32_BE( W[ 6], data, 24 );
92 GET_UINT32_BE( W[ 7], data, 28 );
93 GET_UINT32_BE( W[ 8], data, 32 );
94 GET_UINT32_BE( W[ 9], data, 36 );
95 GET_UINT32_BE( W[10], data, 40 );
96 GET_UINT32_BE( W[11], data, 44 );
97 GET_UINT32_BE( W[12], data, 48 );
98 GET_UINT32_BE( W[13], data, 52 );
99 GET_UINT32_BE( W[14], data, 56 );
100 GET_UINT32_BE( W[15], data, 60 );
101
102#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
103
104#define R(t) \
105( \
106 temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
107 W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
108 ( W[t & 0x0F] = S(temp,1) ) \
109)
110
111#define P(a,b,c,d,e,x) \
112{ \
113 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
114}
115
116 A = ctx->state[0];
117 B = ctx->state[1];
118 C = ctx->state[2];
119 D = ctx->state[3];
120 E = ctx->state[4];
121
122#define F(x,y,z) (z ^ (x & (y ^ z)))
123#define K 0x5A827999
124
125 P( A, B, C, D, E, W[0] );
126 P( E, A, B, C, D, W[1] );
127 P( D, E, A, B, C, W[2] );
128 P( C, D, E, A, B, W[3] );
129 P( B, C, D, E, A, W[4] );
130 P( A, B, C, D, E, W[5] );
131 P( E, A, B, C, D, W[6] );
132 P( D, E, A, B, C, W[7] );
133 P( C, D, E, A, B, W[8] );
134 P( B, C, D, E, A, W[9] );
135 P( A, B, C, D, E, W[10] );
136 P( E, A, B, C, D, W[11] );
137 P( D, E, A, B, C, W[12] );
138 P( C, D, E, A, B, W[13] );
139 P( B, C, D, E, A, W[14] );
140 P( A, B, C, D, E, W[15] );
141 P( E, A, B, C, D, R(16) );
142 P( D, E, A, B, C, R(17) );
143 P( C, D, E, A, B, R(18) );
144 P( B, C, D, E, A, R(19) );
145
146#undef K
147#undef F
148
149#define F(x,y,z) (x ^ y ^ z)
150#define K 0x6ED9EBA1
151
152 P( A, B, C, D, E, R(20) );
153 P( E, A, B, C, D, R(21) );
154 P( D, E, A, B, C, R(22) );
155 P( C, D, E, A, B, R(23) );
156 P( B, C, D, E, A, R(24) );
157 P( A, B, C, D, E, R(25) );
158 P( E, A, B, C, D, R(26) );
159 P( D, E, A, B, C, R(27) );
160 P( C, D, E, A, B, R(28) );
161 P( B, C, D, E, A, R(29) );
162 P( A, B, C, D, E, R(30) );
163 P( E, A, B, C, D, R(31) );
164 P( D, E, A, B, C, R(32) );
165 P( C, D, E, A, B, R(33) );
166 P( B, C, D, E, A, R(34) );
167 P( A, B, C, D, E, R(35) );
168 P( E, A, B, C, D, R(36) );
169 P( D, E, A, B, C, R(37) );
170 P( C, D, E, A, B, R(38) );
171 P( B, C, D, E, A, R(39) );
172
173#undef K
174#undef F
175
176#define F(x,y,z) ((x & y) | (z & (x | y)))
177#define K 0x8F1BBCDC
178
179 P( A, B, C, D, E, R(40) );
180 P( E, A, B, C, D, R(41) );
181 P( D, E, A, B, C, R(42) );
182 P( C, D, E, A, B, R(43) );
183 P( B, C, D, E, A, R(44) );
184 P( A, B, C, D, E, R(45) );
185 P( E, A, B, C, D, R(46) );
186 P( D, E, A, B, C, R(47) );
187 P( C, D, E, A, B, R(48) );
188 P( B, C, D, E, A, R(49) );
189 P( A, B, C, D, E, R(50) );
190 P( E, A, B, C, D, R(51) );
191 P( D, E, A, B, C, R(52) );
192 P( C, D, E, A, B, R(53) );
193 P( B, C, D, E, A, R(54) );
194 P( A, B, C, D, E, R(55) );
195 P( E, A, B, C, D, R(56) );
196 P( D, E, A, B, C, R(57) );
197 P( C, D, E, A, B, R(58) );
198 P( B, C, D, E, A, R(59) );
199
200#undef K
201#undef F
202
203#define F(x,y,z) (x ^ y ^ z)
204#define K 0xCA62C1D6
205
206 P( A, B, C, D, E, R(60) );
207 P( E, A, B, C, D, R(61) );
208 P( D, E, A, B, C, R(62) );
209 P( C, D, E, A, B, R(63) );
210 P( B, C, D, E, A, R(64) );
211 P( A, B, C, D, E, R(65) );
212 P( E, A, B, C, D, R(66) );
213 P( D, E, A, B, C, R(67) );
214 P( C, D, E, A, B, R(68) );
215 P( B, C, D, E, A, R(69) );
216 P( A, B, C, D, E, R(70) );
217 P( E, A, B, C, D, R(71) );
218 P( D, E, A, B, C, R(72) );
219 P( C, D, E, A, B, R(73) );
220 P( B, C, D, E, A, R(74) );
221 P( A, B, C, D, E, R(75) );
222 P( E, A, B, C, D, R(76) );
223 P( D, E, A, B, C, R(77) );
224 P( C, D, E, A, B, R(78) );
225 P( B, C, D, E, A, R(79) );
226
227#undef K
228#undef F
229
230 ctx->state[0] += A;
231 ctx->state[1] += B;
232 ctx->state[2] += C;
233 ctx->state[3] += D;
234 ctx->state[4] += E;
235}
236
237/*
238 * SHA-1 process buffer
239 */
240void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
241{
242 size_t fill;
243 uint32_t left;
244
245 if( ilen <= 0 )
246 return;
247
248 left = ctx->total[0] & 0x3F;
249 fill = 64 - left;
250
251 ctx->total[0] += (uint32_t) ilen;
252 ctx->total[0] &= 0xFFFFFFFF;
253
254 if( ctx->total[0] < (uint32_t) ilen )
255 ctx->total[1]++;
256
257 if( left && ilen >= fill )
258 {
259 memcpy( (void *) (ctx->buffer + left), input, fill );
260 sha1_process( ctx, ctx->buffer );
261 input += fill;
262 ilen -= fill;
263 left = 0;
264 }
265
266 while( ilen >= 64 )
267 {
268 sha1_process( ctx, input );
269 input += 64;
270 ilen -= 64;
271 }
272
273 if( ilen > 0 )
274 memcpy( (void *) (ctx->buffer + left), input, ilen );
275}
276
277static const unsigned char sha1_padding[64] =
278{
279 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
280 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
281 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
282 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
283};
284
285/*
286 * SHA-1 final digest
287 */
288void sha1_finish( sha1_context *ctx, unsigned char output[20] )
289{
290 uint32_t last, padn;
291 uint32_t high, low;
292 unsigned char msglen[8];
293
294 high = ( ctx->total[0] >> 29 )
295 | ( ctx->total[1] << 3 );
296 low = ( ctx->total[0] << 3 );
297
298 PUT_UINT32_BE( high, msglen, 0 );
299 PUT_UINT32_BE( low, msglen, 4 );
300
301 last = ctx->total[0] & 0x3F;
302 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
303
304 sha1_update( ctx, sha1_padding, padn );
305 sha1_update( ctx, msglen, 8 );
306
307 PUT_UINT32_BE( ctx->state[0], output, 0 );
308 PUT_UINT32_BE( ctx->state[1], output, 4 );
309 PUT_UINT32_BE( ctx->state[2], output, 8 );
310 PUT_UINT32_BE( ctx->state[3], output, 12 );
311 PUT_UINT32_BE( ctx->state[4], output, 16 );
312}
313
314#endif /* !POLARSSL_SHA1_ALT */
315
316/*
317 * output = SHA-1( input buffer )
318 */
319void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
320{
321 sha1_context ctx;
322
323 sha1_starts( &ctx );
324 sha1_update( &ctx, input, ilen );
325 sha1_finish( &ctx, output );
326
327 memset( &ctx, 0, sizeof( sha1_context ) );
328}
329
330#if defined(POLARSSL_FS_IO)
331/*
332 * output = SHA-1( file contents )
333 */
334int sha1_file( const char *path, unsigned char output[20] )
335{
336 FILE *f;
337 size_t n;
338 sha1_context ctx;
339 unsigned char buf[1024];
340
341 if( ( f = fopen( path, "rb" ) ) == NULL )
342 return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
343
344 sha1_starts( &ctx );
345
346 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
347 sha1_update( &ctx, buf, n );
348
349 sha1_finish( &ctx, output );
350
351 memset( &ctx, 0, sizeof( sha1_context ) );
352
353 if( ferror( f ) != 0 )
354 {
355 fclose( f );
356 return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
357 }
358
359 fclose( f );
360 return( 0 );
361}
362#endif /* POLARSSL_FS_IO */
363
364/*
365 * SHA-1 HMAC context setup
366 */
367void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keylen )
368{
369 size_t i;
370 unsigned char sum[20];
371
372 if( keylen > 64 )
373 {
374 sha1( key, keylen, sum );
375 keylen = 20;
376 key = sum;
377 }
378
379 memset( ctx->ipad, 0x36, 64 );
380 memset( ctx->opad, 0x5C, 64 );
381
382 for( i = 0; i < keylen; i++ )
383 {
384 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
385 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
386 }
387
388 sha1_starts( ctx );
389 sha1_update( ctx, ctx->ipad, 64 );
390
391 memset( sum, 0, sizeof( sum ) );
392}
393
394/*
395 * SHA-1 HMAC process buffer
396 */
397void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
398{
399 sha1_update( ctx, input, ilen );
400}
401
402/*
403 * SHA-1 HMAC final digest
404 */
405void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
406{
407 unsigned char tmpbuf[20];
408
409 sha1_finish( ctx, tmpbuf );
410 sha1_starts( ctx );
411 sha1_update( ctx, ctx->opad, 64 );
412 sha1_update( ctx, tmpbuf, 20 );
413 sha1_finish( ctx, output );
414
415 memset( tmpbuf, 0, sizeof( tmpbuf ) );
416}
417
418/*
419 * SHA1 HMAC context reset
420 */
421void sha1_hmac_reset( sha1_context *ctx )
422{
423 sha1_starts( ctx );
424 sha1_update( ctx, ctx->ipad, 64 );
425}
426
427/*
428 * output = HMAC-SHA-1( hmac key, input buffer )
429 */
430void sha1_hmac( const unsigned char *key, size_t keylen,
431 const unsigned char *input, size_t ilen,
432 unsigned char output[20] )
433{
434 sha1_context ctx;
435
436 sha1_hmac_starts( &ctx, key, keylen );
437 sha1_hmac_update( &ctx, input, ilen );
438 sha1_hmac_finish( &ctx, output );
439
440 memset( &ctx, 0, sizeof( sha1_context ) );
441}
442
443#if defined(POLARSSL_SELF_TEST)
444/*
445 * FIPS-180-1 test vectors
446 */
447static unsigned char sha1_test_buf[3][57] =
448{
449 { "abc" },
450 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
451 { "" }
452};
453
454static const int sha1_test_buflen[3] =
455{
456 3, 56, 1000
457};
458
459static const unsigned char sha1_test_sum[3][20] =
460{
461 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
462 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
463 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
464 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
465 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
466 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
467};
468
469/*
470 * RFC 2202 test vectors
471 */
472static unsigned char sha1_hmac_test_key[7][26] =
473{
474 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
475 "\x0B\x0B\x0B\x0B" },
476 { "Jefe" },
477 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
478 "\xAA\xAA\xAA\xAA" },
479 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
480 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
481 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
482 "\x0C\x0C\x0C\x0C" },
483 { "" }, /* 0xAA 80 times */
484 { "" }
485};
486
487static const int sha1_hmac_test_keylen[7] =
488{
489 20, 4, 20, 25, 20, 80, 80
490};
491
492static unsigned char sha1_hmac_test_buf[7][74] =
493{
494 { "Hi There" },
495 { "what do ya want for nothing?" },
496 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
497 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
498 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
499 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
500 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
501 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
502 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
503 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
504 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
505 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
506 { "Test With Truncation" },
507 { "Test Using Larger Than Block-Size Key - Hash Key First" },
508 { "Test Using Larger Than Block-Size Key and Larger"
509 " Than One Block-Size Data" }
510};
511
512static const int sha1_hmac_test_buflen[7] =
513{
514 8, 28, 50, 50, 20, 54, 73
515};
516
517static const unsigned char sha1_hmac_test_sum[7][20] =
518{
519 { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
520 0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
521 { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
522 0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
523 { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
524 0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
525 { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
526 0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
527 { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
528 0x7B, 0xE1 },
529 { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
530 0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
531 { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
532 0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
533};
534
535/*
536 * Checkup routine
537 */
538int sha1_self_test( int verbose )
539{
540 int i, j, buflen;
541 unsigned char buf[1024];
542 unsigned char sha1sum[20];
543 sha1_context ctx;
544
545 /*
546 * SHA-1
547 */
548 for( i = 0; i < 3; i++ )
549 {
550 if( verbose != 0 )
551 printf( " SHA-1 test #%d: ", i + 1 );
552
553 sha1_starts( &ctx );
554
555 if( i == 2 )
556 {
557 memset( buf, 'a', buflen = 1000 );
558
559 for( j = 0; j < 1000; j++ )
560 sha1_update( &ctx, buf, buflen );
561 }
562 else
563 sha1_update( &ctx, sha1_test_buf[i],
564 sha1_test_buflen[i] );
565
566 sha1_finish( &ctx, sha1sum );
567
568 if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
569 {
570 if( verbose != 0 )
571 printf( "failed\n" );
572
573 return( 1 );
574 }
575
576 if( verbose != 0 )
577 printf( "passed\n" );
578 }
579
580 if( verbose != 0 )
581 printf( "\n" );
582
583 for( i = 0; i < 7; i++ )
584 {
585 if( verbose != 0 )
586 printf( " HMAC-SHA-1 test #%d: ", i + 1 );
587
588 if( i == 5 || i == 6 )
589 {
590 memset( buf, '\xAA', buflen = 80 );
591 sha1_hmac_starts( &ctx, buf, buflen );
592 }
593 else
594 sha1_hmac_starts( &ctx, sha1_hmac_test_key[i],
595 sha1_hmac_test_keylen[i] );
596
597 sha1_hmac_update( &ctx, sha1_hmac_test_buf[i],
598 sha1_hmac_test_buflen[i] );
599
600 sha1_hmac_finish( &ctx, sha1sum );
601
602 buflen = ( i == 4 ) ? 12 : 20;
603
604 if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
605 {
606 if( verbose != 0 )
607 printf( "failed\n" );
608
609 return( 1 );
610 }
611
612 if( verbose != 0 )
613 printf( "passed\n" );
614 }
615
616 if( verbose != 0 )
617 printf( "\n" );
618
619 return( 0 );
620}
621
622#endif
623
624#endif
Impressum, Datenschutz