/src/opensips/sha1.c

Source (jump to first uncovered line)
/*
 *  FIPS-180-1 compliant SHA-1 implementation
 *
 *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
 *
 *  This file is part of mbed TLS (https://polarssl.org)
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
/*
 *  The SHA-1 standard was published by NIST in 1993.
 *
 *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
 */

#include "sha1.h"

#define polarssl_printf printf

/* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) {
    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
}

#if !defined(POLARSSL_SHA1_ALT)

/*
 * 32-bit integer manipulation macros (big endian)
 */
#ifndef GET_UINT32_BE
#define GET_UINT32_BE(n,b,i)                            \
{                                                       \
    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
        | ( (uint32_t) (b)[(i) + 3]       );            \
}
#endif

#ifndef PUT_UINT32_BE
#define PUT_UINT32_BE(n,b,i)                            \
{                                                       \
    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
}
#endif

void sha1_init( sha1_context *ctx )
{
    memset( ctx, 0, sizeof( sha1_context ) );
}

void sha1_free( sha1_context *ctx )
{
    if( ctx == NULL )
        return;

    polarssl_zeroize( ctx, sizeof( sha1_context ) );
}

/*
 * SHA-1 context setup
 */
void sha1_starts( sha1_context *ctx )
{
    ctx->total[0] = 0;
    ctx->total[1] = 0;

    ctx->state[0] = 0x67452301;
    ctx->state[1] = 0xEFCDAB89;
    ctx->state[2] = 0x98BADCFE;
    ctx->state[3] = 0x10325476;
    ctx->state[4] = 0xC3D2E1F0;
}

void sha1_process( sha1_context *ctx, const unsigned char data[64] )
{
    uint32_t temp, W[16], A, B, C, D, E;

    GET_UINT32_BE( W[ 0], data,  0 );
    GET_UINT32_BE( W[ 1], data,  4 );
    GET_UINT32_BE( W[ 2], data,  8 );
    GET_UINT32_BE( W[ 3], data, 12 );
    GET_UINT32_BE( W[ 4], data, 16 );
    GET_UINT32_BE( W[ 5], data, 20 );
    GET_UINT32_BE( W[ 6], data, 24 );
    GET_UINT32_BE( W[ 7], data, 28 );
    GET_UINT32_BE( W[ 8], data, 32 );
    GET_UINT32_BE( W[ 9], data, 36 );
    GET_UINT32_BE( W[10], data, 40 );
    GET_UINT32_BE( W[11], data, 44 );
    GET_UINT32_BE( W[12], data, 48 );
    GET_UINT32_BE( W[13], data, 52 );
    GET_UINT32_BE( W[14], data, 56 );
    GET_UINT32_BE( W[15], data, 60 );

#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))

#define R(t)                                            \
(                                                       \
    temp = W[( t -  3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \
           W[( t - 14 ) & 0x0F] ^ W[  t       & 0x0F],  \
    ( W[t & 0x0F] = S(temp,1) )                         \
)

#define P(a,b,c,d,e,x)                                  \
{                                                       \
    e += S(a,5) + F(b,c,d) + K + x; b = S(b,30);        \
}

    A = ctx->state[0];
    B = ctx->state[1];
    C = ctx->state[2];
    D = ctx->state[3];
    E = ctx->state[4];

#define F(x,y,z) (z ^ (x & (y ^ z)))
#define K 0x5A827999

    P( A, B, C, D, E, W[0]  );
    P( E, A, B, C, D, W[1]  );
    P( D, E, A, B, C, W[2]  );
    P( C, D, E, A, B, W[3]  );
    P( B, C, D, E, A, W[4]  );
    P( A, B, C, D, E, W[5]  );
    P( E, A, B, C, D, W[6]  );
    P( D, E, A, B, C, W[7]  );
    P( C, D, E, A, B, W[8]  );
    P( B, C, D, E, A, W[9]  );
    P( A, B, C, D, E, W[10] );
    P( E, A, B, C, D, W[11] );
    P( D, E, A, B, C, W[12] );
    P( C, D, E, A, B, W[13] );
    P( B, C, D, E, A, W[14] );
    P( A, B, C, D, E, W[15] );
    P( E, A, B, C, D, R(16) );
    P( D, E, A, B, C, R(17) );
    P( C, D, E, A, B, R(18) );
    P( B, C, D, E, A, R(19) );

#undef K
#undef F

#define F(x,y,z) (x ^ y ^ z)
#define K 0x6ED9EBA1

    P( A, B, C, D, E, R(20) );
    P( E, A, B, C, D, R(21) );
    P( D, E, A, B, C, R(22) );
    P( C, D, E, A, B, R(23) );
    P( B, C, D, E, A, R(24) );
    P( A, B, C, D, E, R(25) );
    P( E, A, B, C, D, R(26) );
    P( D, E, A, B, C, R(27) );
    P( C, D, E, A, B, R(28) );
    P( B, C, D, E, A, R(29) );
    P( A, B, C, D, E, R(30) );
    P( E, A, B, C, D, R(31) );
    P( D, E, A, B, C, R(32) );
    P( C, D, E, A, B, R(33) );
    P( B, C, D, E, A, R(34) );
    P( A, B, C, D, E, R(35) );
    P( E, A, B, C, D, R(36) );
    P( D, E, A, B, C, R(37) );
    P( C, D, E, A, B, R(38) );
    P( B, C, D, E, A, R(39) );

#undef K
#undef F

#define F(x,y,z) ((x & y) | (z & (x | y)))
#define K 0x8F1BBCDC

    P( A, B, C, D, E, R(40) );
    P( E, A, B, C, D, R(41) );
    P( D, E, A, B, C, R(42) );
    P( C, D, E, A, B, R(43) );
    P( B, C, D, E, A, R(44) );
    P( A, B, C, D, E, R(45) );
    P( E, A, B, C, D, R(46) );
    P( D, E, A, B, C, R(47) );
    P( C, D, E, A, B, R(48) );
    P( B, C, D, E, A, R(49) );
    P( A, B, C, D, E, R(50) );
    P( E, A, B, C, D, R(51) );
    P( D, E, A, B, C, R(52) );
    P( C, D, E, A, B, R(53) );
    P( B, C, D, E, A, R(54) );
    P( A, B, C, D, E, R(55) );
    P( E, A, B, C, D, R(56) );
    P( D, E, A, B, C, R(57) );
    P( C, D, E, A, B, R(58) );
    P( B, C, D, E, A, R(59) );

#undef K
#undef F

#define F(x,y,z) (x ^ y ^ z)
#define K 0xCA62C1D6

    P( A, B, C, D, E, R(60) );
    P( E, A, B, C, D, R(61) );
    P( D, E, A, B, C, R(62) );
    P( C, D, E, A, B, R(63) );
    P( B, C, D, E, A, R(64) );
    P( A, B, C, D, E, R(65) );
    P( E, A, B, C, D, R(66) );
    P( D, E, A, B, C, R(67) );
    P( C, D, E, A, B, R(68) );
    P( B, C, D, E, A, R(69) );
    P( A, B, C, D, E, R(70) );
    P( E, A, B, C, D, R(71) );
    P( D, E, A, B, C, R(72) );
    P( C, D, E, A, B, R(73) );
    P( B, C, D, E, A, R(74) );
    P( A, B, C, D, E, R(75) );
    P( E, A, B, C, D, R(76) );
    P( D, E, A, B, C, R(77) );
    P( C, D, E, A, B, R(78) );
    P( B, C, D, E, A, R(79) );

#undef K
#undef F

    ctx->state[0] += A;
    ctx->state[1] += B;
    ctx->state[2] += C;
    ctx->state[3] += D;
    ctx->state[4] += E;
}

/*
 * SHA-1 process buffer
 */
void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
{
    size_t fill;
    uint32_t left;

    if( ilen == 0 )
        return;

    left = ctx->total[0] & 0x3F;
    fill = 64 - left;

    ctx->total[0] += (uint32_t) ilen;
    ctx->total[0] &= 0xFFFFFFFF;

    if( ctx->total[0] < (uint32_t) ilen )
        ctx->total[1]++;

    if( left && ilen >= fill )
    {
        memcpy( (void *) (ctx->buffer + left), input, fill );
        sha1_process( ctx, ctx->buffer );
        input += fill;
        ilen  -= fill;
        left = 0;
    }

    while( ilen >= 64 )
    {
        sha1_process( ctx, input );
        input += 64;
        ilen  -= 64;
    }

    if( ilen > 0 )
        memcpy( (void *) (ctx->buffer + left), input, ilen );
}

static const unsigned char sha1_padding[64] =
{
 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};

/*
 * SHA-1 final digest
 */
void sha1_finish( sha1_context *ctx, unsigned char output[20] )
{
    uint32_t last, padn;
    uint32_t high, low;
    unsigned char msglen[8];

    high = ( ctx->total[0] >> 29 )
         | ( ctx->total[1] <<  3 );
    low  = ( ctx->total[0] <<  3 );

    PUT_UINT32_BE( high, msglen, 0 );
    PUT_UINT32_BE( low,  msglen, 4 );

    last = ctx->total[0] & 0x3F;
    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );

    sha1_update( ctx, sha1_padding, padn );
    sha1_update( ctx, msglen, 8 );

    PUT_UINT32_BE( ctx->state[0], output,  0 );
    PUT_UINT32_BE( ctx->state[1], output,  4 );
    PUT_UINT32_BE( ctx->state[2], output,  8 );
    PUT_UINT32_BE( ctx->state[3], output, 12 );
    PUT_UINT32_BE( ctx->state[4], output, 16 );
}

#endif /* !POLARSSL_SHA1_ALT */

/*
 * output = SHA-1( input buffer )
 */
void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
{
    sha1_context ctx;

    sha1_init( &ctx );
    sha1_starts( &ctx );
    sha1_update( &ctx, input, ilen );
    sha1_finish( &ctx, output );
    sha1_free( &ctx );
}

#if defined(POLARSSL_FS_IO)
/*
 * output = SHA-1( file contents )
 */
int sha1_file( const char *path, unsigned char output[20] )
{
    FILE *f;
    size_t n;
    sha1_context ctx;
    unsigned char buf[1024];

    if( ( f = fopen( path, "rb" ) ) == NULL )
        return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );

    sha1_init( &ctx );
    sha1_starts( &ctx );

    while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
        sha1_update( &ctx, buf, n );

    sha1_finish( &ctx, output );
    sha1_free( &ctx );

    if( ferror( f ) != 0 )
    {
        fclose( f );
        return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
    }

    fclose( f );
    return( 0 );
}
#endif /* POLARSSL_FS_IO */

/*
 * SHA-1 HMAC context setup
 */
void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key,
                       size_t keylen )
{
    size_t i;
    unsigned char sum[20];

    if( keylen > 64 )
    {
        sha1( key, keylen, sum );
        keylen = 20;
        key = sum;
    }

    memset( ctx->ipad, 0x36, 64 );
    memset( ctx->opad, 0x5C, 64 );

    for( i = 0; i < keylen; i++ )
    {
        ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
        ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
    }

    sha1_starts( ctx );
    sha1_update( ctx, ctx->ipad, 64 );

    polarssl_zeroize( sum, sizeof( sum ) );
}

/*
 * SHA-1 HMAC process buffer
 */
void sha1_hmac_update( sha1_context *ctx, const unsigned char *input,
                       size_t ilen )
{
    sha1_update( ctx, input, ilen );
}

/*
 * SHA-1 HMAC final digest
 */
void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
{
    unsigned char tmpbuf[20];

    sha1_finish( ctx, tmpbuf );
    sha1_starts( ctx );
    sha1_update( ctx, ctx->opad, 64 );
    sha1_update( ctx, tmpbuf, 20 );
    sha1_finish( ctx, output );

    polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
}

/*
 * SHA1 HMAC context reset
 */
void sha1_hmac_reset( sha1_context *ctx )
{
    sha1_starts( ctx );
    sha1_update( ctx, ctx->ipad, 64 );
}

/*
 * output = HMAC-SHA-1( hmac key, input buffer )
 */
void sha1_hmac( const unsigned char *key, size_t keylen,
                const unsigned char *input, size_t ilen,
                unsigned char output[20] )
{
    sha1_context ctx;

    sha1_init( &ctx );
    sha1_hmac_starts( &ctx, key, keylen );
    sha1_hmac_update( &ctx, input, ilen );
    sha1_hmac_finish( &ctx, output );
    sha1_free( &ctx );
}

#if defined(POLARSSL_SELF_TEST)
/*
 * FIPS-180-1 test vectors
 */
static unsigned char sha1_test_buf[3][57] =
{
    { "abc" },
    { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
    { "" }
};

static const int sha1_test_buflen[3] =
{
    3, 56, 1000
};

static const unsigned char sha1_test_sum[3][20] =
{
    { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
      0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
    { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
      0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
    { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
      0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
};

/*
 * RFC 2202 test vectors
 */
static unsigned char sha1_hmac_test_key[7][26] =
{
    { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
      "\x0B\x0B\x0B\x0B" },
    { "Jefe" },
    { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
      "\xAA\xAA\xAA\xAA" },
    { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
      "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
    { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
      "\x0C\x0C\x0C\x0C" },
    { "" }, /* 0xAA 80 times */
    { "" }
};

static const int sha1_hmac_test_keylen[7] =
{
    20, 4, 20, 25, 20, 80, 80
};

static unsigned char sha1_hmac_test_buf[7][74] =
{
    { "Hi There" },
    { "what do ya want for nothing?" },
    { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
      "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
      "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
      "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
      "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
    { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
      "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
      "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
      "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
      "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
    { "Test With Truncation" },
    { "Test Using Larger Than Block-Size Key - Hash Key First" },
    { "Test Using Larger Than Block-Size Key and Larger"
      " Than One Block-Size Data" }
};

static const int sha1_hmac_test_buflen[7] =
{
    8, 28, 50, 50, 20, 54, 73
};

static const unsigned char sha1_hmac_test_sum[7][20] =
{
    { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
      0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
    { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
      0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
    { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
      0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
    { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
      0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
    { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
      0x7B, 0xE1 },
    { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
      0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
    { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
      0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
};

/*
 * Checkup routine
 */
int sha1_self_test( int verbose )
{
    int i, j, buflen, ret = 0;
    unsigned char buf[1024];
    unsigned char sha1sum[20];
    sha1_context ctx;

    sha1_init( &ctx );

    /*
     * SHA-1
     */
    for( i = 0; i < 3; i++ )
    {
        if( verbose != 0 )
            polarssl_printf( "  SHA-1 test #%d: ", i + 1 );

        sha1_starts( &ctx );

        if( i == 2 )
        {
            memset( buf, 'a', buflen = 1000 );

            for( j = 0; j < 1000; j++ )
                sha1_update( &ctx, buf, buflen );
        }
        else
            sha1_update( &ctx, sha1_test_buf[i],
                               sha1_test_buflen[i] );

        sha1_finish( &ctx, sha1sum );

        if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
        {
            if( verbose != 0 )
                polarssl_printf( "failed\n" );

            ret = 1;
            goto exit;
        }

        if( verbose != 0 )
            polarssl_printf( "passed\n" );
    }

    if( verbose != 0 )
        polarssl_printf( "\n" );

    for( i = 0; i < 7; i++ )
    {
        if( verbose != 0 )
            polarssl_printf( "  HMAC-SHA-1 test #%d: ", i + 1 );

        if( i == 5 || i == 6 )
        {
            memset( buf, '\xAA', buflen = 80 );
            sha1_hmac_starts( &ctx, buf, buflen );
        }
        else
            sha1_hmac_starts( &ctx, sha1_hmac_test_key[i],
                                    sha1_hmac_test_keylen[i] );

        sha1_hmac_update( &ctx, sha1_hmac_test_buf[i],
                                sha1_hmac_test_buflen[i] );

        sha1_hmac_finish( &ctx, sha1sum );

        buflen = ( i == 4 ) ? 12 : 20;

        if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
        {
            if( verbose != 0 )
                polarssl_printf( "failed\n" );

            ret = 1;
            goto exit;
        }

        if( verbose != 0 )
            polarssl_printf( "passed\n" );
    }

    if( verbose != 0 )
        polarssl_printf( "\n" );

exit:
    sha1_free( &ctx );

    return( ret );
}

#endif /* POLARSSL_SELF_TEST */

Coverage Report

Created: 2025-08-26 06:38

Line	Count	Source (jump to first uncovered line)
1		/*
2		* FIPS-180-1 compliant SHA-1 implementation
3		*
4		* Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
5		*
6		* This file is part of mbed TLS (https://polarssl.org)
7		*
8		* This program is free software; you can redistribute it and/or modify
9		* it under the terms of the GNU General Public License as published by
10		* the Free Software Foundation; either version 2 of the License, or
11		* (at your option) any later version.
12		*
13		* This program is distributed in the hope that it will be useful,
14		* but WITHOUT ANY WARRANTY; without even the implied warranty of
15		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16		* GNU General Public License for more details.
17		*
18		* You should have received a copy of the GNU General Public License along
19		* with this program; if not, write to the Free Software Foundation, Inc.,
20		* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21		*/
22		/*
23		* The SHA-1 standard was published by NIST in 1993.
24		*
25		* http://www.itl.nist.gov/fipspubs/fip180-1.htm
26		*/
27
28		#include "sha1.h"
29
30		#define polarssl_printf printf
31
32		/* Implementation that should never be optimized out by the compiler */
33	0	static void polarssl_zeroize( void *v, size_t n ) {
34	0	volatile unsigned char p = v; while( n-- ) p++ = 0;
35	0	}
36
37		#if !defined(POLARSSL_SHA1_ALT)
38
39		/*
40		* 32-bit integer manipulation macros (big endian)
41		*/
42		#ifndef GET_UINT32_BE
43	0	#define GET_UINT32_BE(n,b,i) \
44	0	{ \
45	0	(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
46	0	\| ( (uint32_t) (b)[(i) + 1] << 16 ) \
47	0	\| ( (uint32_t) (b)[(i) + 2] << 8 ) \
48	0	\| ( (uint32_t) (b)[(i) + 3] ); \
49	0	}
50		#endif
51
52		#ifndef PUT_UINT32_BE
53	0	#define PUT_UINT32_BE(n,b,i) \
54	0	{ \
55	0	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
56	0	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
57	0	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
58	0	(b)[(i) + 3] = (unsigned char) ( (n) ); \
59	0	}
60		#endif
61
62		void sha1_init( sha1_context *ctx )
63	0	{
64	0	memset( ctx, 0, sizeof( sha1_context ) );
65	0	}
66
67		void sha1_free( sha1_context *ctx )
68	0	{
69	0	if( ctx == NULL )
70	0	return;
71
72	0	polarssl_zeroize( ctx, sizeof( sha1_context ) );
73	0	}
74
75		/*
76		* SHA-1 context setup
77		*/
78		void sha1_starts( sha1_context *ctx )
79	0	{
80	0	ctx->total[0] = 0;
81	0	ctx->total[1] = 0;
82
83	0	ctx->state[0] = 0x67452301;
84	0	ctx->state[1] = 0xEFCDAB89;
85	0	ctx->state[2] = 0x98BADCFE;
86	0	ctx->state[3] = 0x10325476;
87	0	ctx->state[4] = 0xC3D2E1F0;
88	0	}
89
90		void sha1_process( sha1_context *ctx, const unsigned char data[64] )
91	0	{
92	0	uint32_t temp, W[16], A, B, C, D, E;
93
94	0	GET_UINT32_BE( W[ 0], data, 0 );
95	0	GET_UINT32_BE( W[ 1], data, 4 );
96	0	GET_UINT32_BE( W[ 2], data, 8 );
97	0	GET_UINT32_BE( W[ 3], data, 12 );
98	0	GET_UINT32_BE( W[ 4], data, 16 );
99	0	GET_UINT32_BE( W[ 5], data, 20 );
100	0	GET_UINT32_BE( W[ 6], data, 24 );
101	0	GET_UINT32_BE( W[ 7], data, 28 );
102	0	GET_UINT32_BE( W[ 8], data, 32 );
103	0	GET_UINT32_BE( W[ 9], data, 36 );
104	0	GET_UINT32_BE( W[10], data, 40 );
105	0	GET_UINT32_BE( W[11], data, 44 );
106	0	GET_UINT32_BE( W[12], data, 48 );
107	0	GET_UINT32_BE( W[13], data, 52 );
108	0	GET_UINT32_BE( W[14], data, 56 );
109	0	GET_UINT32_BE( W[15], data, 60 );
110
111	0	#define S(x,n) ((x << n) \| ((x & 0xFFFFFFFF) >> (32 - n)))
112
113	0	#define R(t) \
114	0	( \
115	0	temp = W[( t - 3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \
116	0	W[( t - 14 ) & 0x0F] ^ W[ t & 0x0F], \
117	0	( W[t & 0x0F] = S(temp,1) ) \
118	0	)
119
120	0	#define P(a,b,c,d,e,x) \
121	0	{ \
122	0	e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
123	0	}
124
125	0	A = ctx->state[0];
126	0	B = ctx->state[1];
127	0	C = ctx->state[2];
128	0	D = ctx->state[3];
129	0	E = ctx->state[4];
130
131	0	#define F(x,y,z) (z ^ (x & (y ^ z)))
132	0	#define K 0x5A827999
133
134	0	P( A, B, C, D, E, W[0] );
135	0	P( E, A, B, C, D, W[1] );
136	0	P( D, E, A, B, C, W[2] );
137	0	P( C, D, E, A, B, W[3] );
138	0	P( B, C, D, E, A, W[4] );
139	0	P( A, B, C, D, E, W[5] );
140	0	P( E, A, B, C, D, W[6] );
141	0	P( D, E, A, B, C, W[7] );
142	0	P( C, D, E, A, B, W[8] );
143	0	P( B, C, D, E, A, W[9] );
144	0	P( A, B, C, D, E, W[10] );
145	0	P( E, A, B, C, D, W[11] );
146	0	P( D, E, A, B, C, W[12] );
147	0	P( C, D, E, A, B, W[13] );
148	0	P( B, C, D, E, A, W[14] );
149	0	P( A, B, C, D, E, W[15] );
150	0	P( E, A, B, C, D, R(16) );
151	0	P( D, E, A, B, C, R(17) );
152	0	P( C, D, E, A, B, R(18) );
153	0	P( B, C, D, E, A, R(19) );
154
155	0	#undef K
156	0	#undef F
157
158	0	#define F(x,y,z) (x ^ y ^ z)
159	0	#define K 0x6ED9EBA1
160
161	0	P( A, B, C, D, E, R(20) );
162	0	P( E, A, B, C, D, R(21) );
163	0	P( D, E, A, B, C, R(22) );
164	0	P( C, D, E, A, B, R(23) );
165	0	P( B, C, D, E, A, R(24) );
166	0	P( A, B, C, D, E, R(25) );
167	0	P( E, A, B, C, D, R(26) );
168	0	P( D, E, A, B, C, R(27) );
169	0	P( C, D, E, A, B, R(28) );
170	0	P( B, C, D, E, A, R(29) );
171	0	P( A, B, C, D, E, R(30) );
172	0	P( E, A, B, C, D, R(31) );
173	0	P( D, E, A, B, C, R(32) );
174	0	P( C, D, E, A, B, R(33) );
175	0	P( B, C, D, E, A, R(34) );
176	0	P( A, B, C, D, E, R(35) );
177	0	P( E, A, B, C, D, R(36) );
178	0	P( D, E, A, B, C, R(37) );
179	0	P( C, D, E, A, B, R(38) );
180	0	P( B, C, D, E, A, R(39) );
181
182	0	#undef K
183	0	#undef F
184
185	0	#define F(x,y,z) ((x & y) \| (z & (x \| y)))
186	0	#define K 0x8F1BBCDC
187
188	0	P( A, B, C, D, E, R(40) );
189	0	P( E, A, B, C, D, R(41) );
190	0	P( D, E, A, B, C, R(42) );
191	0	P( C, D, E, A, B, R(43) );
192	0	P( B, C, D, E, A, R(44) );
193	0	P( A, B, C, D, E, R(45) );
194	0	P( E, A, B, C, D, R(46) );
195	0	P( D, E, A, B, C, R(47) );
196	0	P( C, D, E, A, B, R(48) );
197	0	P( B, C, D, E, A, R(49) );
198	0	P( A, B, C, D, E, R(50) );
199	0	P( E, A, B, C, D, R(51) );
200	0	P( D, E, A, B, C, R(52) );
201	0	P( C, D, E, A, B, R(53) );
202	0	P( B, C, D, E, A, R(54) );
203	0	P( A, B, C, D, E, R(55) );
204	0	P( E, A, B, C, D, R(56) );
205	0	P( D, E, A, B, C, R(57) );
206	0	P( C, D, E, A, B, R(58) );
207	0	P( B, C, D, E, A, R(59) );
208
209	0	#undef K
210	0	#undef F
211
212	0	#define F(x,y,z) (x ^ y ^ z)
213	0	#define K 0xCA62C1D6
214
215	0	P( A, B, C, D, E, R(60) );
216	0	P( E, A, B, C, D, R(61) );
217	0	P( D, E, A, B, C, R(62) );
218	0	P( C, D, E, A, B, R(63) );
219	0	P( B, C, D, E, A, R(64) );
220	0	P( A, B, C, D, E, R(65) );
221	0	P( E, A, B, C, D, R(66) );
222	0	P( D, E, A, B, C, R(67) );
223	0	P( C, D, E, A, B, R(68) );
224	0	P( B, C, D, E, A, R(69) );
225	0	P( A, B, C, D, E, R(70) );
226	0	P( E, A, B, C, D, R(71) );
227	0	P( D, E, A, B, C, R(72) );
228	0	P( C, D, E, A, B, R(73) );
229	0	P( B, C, D, E, A, R(74) );
230	0	P( A, B, C, D, E, R(75) );
231	0	P( E, A, B, C, D, R(76) );
232	0	P( D, E, A, B, C, R(77) );
233	0	P( C, D, E, A, B, R(78) );
234	0	P( B, C, D, E, A, R(79) );
235
236	0	#undef K
237	0	#undef F
238
239	0	ctx->state[0] += A;
240	0	ctx->state[1] += B;
241	0	ctx->state[2] += C;
242	0	ctx->state[3] += D;
243	0	ctx->state[4] += E;
244	0	}
245
246		/*
247		* SHA-1 process buffer
248		*/
249		void sha1_update( sha1_context ctx, const unsigned char input, size_t ilen )
250	0	{
251	0	size_t fill;
252	0	uint32_t left;
253
254	0	if( ilen == 0 )
255	0	return;
256
257	0	left = ctx->total[0] & 0x3F;
258	0	fill = 64 - left;
259
260	0	ctx->total[0] += (uint32_t) ilen;
261	0	ctx->total[0] &= 0xFFFFFFFF;
262
263	0	if( ctx->total[0] < (uint32_t) ilen )
264	0	ctx->total[1]++;
265
266	0	if( left && ilen >= fill )
267	0	{
268	0	memcpy( (void *) (ctx->buffer + left), input, fill );
269	0	sha1_process( ctx, ctx->buffer );
270	0	input += fill;
271	0	ilen -= fill;
272	0	left = 0;
273	0	}
274
275	0	while( ilen >= 64 )
276	0	{
277	0	sha1_process( ctx, input );
278	0	input += 64;
279	0	ilen -= 64;
280	0	}
281
282	0	if( ilen > 0 )
283	0	memcpy( (void *) (ctx->buffer + left), input, ilen );
284	0	}
285
286		static const unsigned char sha1_padding[64] =
287		{
288		0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
289		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
290		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
291		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
292		};
293
294		/*
295		* SHA-1 final digest
296		*/
297		void sha1_finish( sha1_context *ctx, unsigned char output[20] )
298	0	{
299	0	uint32_t last, padn;
300	0	uint32_t high, low;
301	0	unsigned char msglen[8];
302
303	0	high = ( ctx->total[0] >> 29 )
304	0	\| ( ctx->total[1] << 3 );
305	0	low = ( ctx->total[0] << 3 );
306
307	0	PUT_UINT32_BE( high, msglen, 0 );
308	0	PUT_UINT32_BE( low, msglen, 4 );
309
310	0	last = ctx->total[0] & 0x3F;
311	0	padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
312
313	0	sha1_update( ctx, sha1_padding, padn );
314	0	sha1_update( ctx, msglen, 8 );
315
316	0	PUT_UINT32_BE( ctx->state[0], output, 0 );
317	0	PUT_UINT32_BE( ctx->state[1], output, 4 );
318	0	PUT_UINT32_BE( ctx->state[2], output, 8 );
319	0	PUT_UINT32_BE( ctx->state[3], output, 12 );
320	0	PUT_UINT32_BE( ctx->state[4], output, 16 );
321	0	}
322
323		#endif /* !POLARSSL_SHA1_ALT */
324
325		/*
326		* output = SHA-1( input buffer )
327		*/
328		void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
329	0	{
330	0	sha1_context ctx;
331
332	0	sha1_init( &ctx );
333	0	sha1_starts( &ctx );
334	0	sha1_update( &ctx, input, ilen );
335	0	sha1_finish( &ctx, output );
336	0	sha1_free( &ctx );
337	0	}
338
339		#if defined(POLARSSL_FS_IO)
340		/*
341		* output = SHA-1( file contents )
342		*/
343		int sha1_file( const char *path, unsigned char output[20] )
344		{
345		FILE *f;
346		size_t n;
347		sha1_context ctx;
348		unsigned char buf[1024];
349
350		if( ( f = fopen( path, "rb" ) ) == NULL )
351		return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
352
353		sha1_init( &ctx );
354		sha1_starts( &ctx );
355
356		while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
357		sha1_update( &ctx, buf, n );
358
359		sha1_finish( &ctx, output );
360		sha1_free( &ctx );
361
362		if( ferror( f ) != 0 )
363		{
364		fclose( f );
365		return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
366		}
367
368		fclose( f );
369		return( 0 );
370		}
371		#endif /* POLARSSL_FS_IO */
372
373		/*
374		* SHA-1 HMAC context setup
375		*/
376		void sha1_hmac_starts( sha1_context ctx, const unsigned char key,
377		size_t keylen )
378	0	{
379	0	size_t i;
380	0	unsigned char sum[20];
381
382	0	if( keylen > 64 )
383	0	{
384	0	sha1( key, keylen, sum );
385	0	keylen = 20;
386	0	key = sum;
387	0	}
388
389	0	memset( ctx->ipad, 0x36, 64 );
390	0	memset( ctx->opad, 0x5C, 64 );
391
392	0	for( i = 0; i < keylen; i++ )
393	0	{
394	0	ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
395	0	ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
396	0	}
397
398	0	sha1_starts( ctx );
399	0	sha1_update( ctx, ctx->ipad, 64 );
400
401	0	polarssl_zeroize( sum, sizeof( sum ) );
402	0	}
403
404		/*
405		* SHA-1 HMAC process buffer
406		*/
407		void sha1_hmac_update( sha1_context ctx, const unsigned char input,
408		size_t ilen )
409	0	{
410	0	sha1_update( ctx, input, ilen );
411	0	}
412
413		/*
414		* SHA-1 HMAC final digest
415		*/
416		void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
417	0	{
418	0	unsigned char tmpbuf[20];
419
420	0	sha1_finish( ctx, tmpbuf );
421	0	sha1_starts( ctx );
422	0	sha1_update( ctx, ctx->opad, 64 );
423	0	sha1_update( ctx, tmpbuf, 20 );
424	0	sha1_finish( ctx, output );
425
426	0	polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
427	0	}
428
429		/*
430		* SHA1 HMAC context reset
431		*/
432		void sha1_hmac_reset( sha1_context *ctx )
433	0	{
434	0	sha1_starts( ctx );
435	0	sha1_update( ctx, ctx->ipad, 64 );
436	0	}
437
438		/*
439		* output = HMAC-SHA-1( hmac key, input buffer )
440		*/
441		void sha1_hmac( const unsigned char *key, size_t keylen,
442		const unsigned char *input, size_t ilen,
443		unsigned char output[20] )
444	0	{
445	0	sha1_context ctx;
446
447	0	sha1_init( &ctx );
448	0	sha1_hmac_starts( &ctx, key, keylen );
449	0	sha1_hmac_update( &ctx, input, ilen );
450	0	sha1_hmac_finish( &ctx, output );
451	0	sha1_free( &ctx );
452	0	}
453
454		#if defined(POLARSSL_SELF_TEST)
455		/*
456		* FIPS-180-1 test vectors
457		*/
458		static unsigned char sha1_test_buf[3][57] =
459		{
460		{ "abc" },
461		{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
462		{ "" }
463		};
464
465		static const int sha1_test_buflen[3] =
466		{
467		3, 56, 1000
468		};
469
470		static const unsigned char sha1_test_sum[3][20] =
471		{
472		{ 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
473		0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
474		{ 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
475		0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
476		{ 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
477		0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
478		};
479
480		/*
481		* RFC 2202 test vectors
482		*/
483		static unsigned char sha1_hmac_test_key[7][26] =
484		{
485		{ "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
486		"\x0B\x0B\x0B\x0B" },
487		{ "Jefe" },
488		{ "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
489		"\xAA\xAA\xAA\xAA" },
490		{ "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
491		"\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
492		{ "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
493		"\x0C\x0C\x0C\x0C" },
494		{ "" }, /* 0xAA 80 times */
495		{ "" }
496		};
497
498		static const int sha1_hmac_test_keylen[7] =
499		{
500		20, 4, 20, 25, 20, 80, 80
501		};
502
503		static unsigned char sha1_hmac_test_buf[7][74] =
504		{
505		{ "Hi There" },
506		{ "what do ya want for nothing?" },
507		{ "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
508		"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
509		"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
510		"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
511		"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
512		{ "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
513		"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
514		"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
515		"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
516		"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
517		{ "Test With Truncation" },
518		{ "Test Using Larger Than Block-Size Key - Hash Key First" },
519		{ "Test Using Larger Than Block-Size Key and Larger"
520		" Than One Block-Size Data" }
521		};
522
523		static const int sha1_hmac_test_buflen[7] =
524		{
525		8, 28, 50, 50, 20, 54, 73
526		};
527
528		static const unsigned char sha1_hmac_test_sum[7][20] =
529		{
530		{ 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
531		0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
532		{ 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
533		0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
534		{ 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
535		0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
536		{ 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
537		0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
538		{ 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
539		0x7B, 0xE1 },
540		{ 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
541		0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
542		{ 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
543		0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
544		};
545
546		/*
547		* Checkup routine
548		*/
549		int sha1_self_test( int verbose )
550		{
551		int i, j, buflen, ret = 0;
552		unsigned char buf[1024];
553		unsigned char sha1sum[20];
554		sha1_context ctx;
555
556		sha1_init( &ctx );
557
558		/*
559		* SHA-1
560		*/
561		for( i = 0; i < 3; i++ )
562		{
563		if( verbose != 0 )
564		polarssl_printf( " SHA-1 test #%d: ", i + 1 );
565
566		sha1_starts( &ctx );
567
568		if( i == 2 )
569		{
570		memset( buf, 'a', buflen = 1000 );
571
572		for( j = 0; j < 1000; j++ )
573		sha1_update( &ctx, buf, buflen );
574		}
575		else
576		sha1_update( &ctx, sha1_test_buf[i],
577		sha1_test_buflen[i] );
578
579		sha1_finish( &ctx, sha1sum );
580
581		if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
582		{
583		if( verbose != 0 )
584		polarssl_printf( "failed\n" );
585
586		ret = 1;
587		goto exit;
588		}
589
590		if( verbose != 0 )
591		polarssl_printf( "passed\n" );
592		}
593
594		if( verbose != 0 )
595		polarssl_printf( "\n" );
596
597		for( i = 0; i < 7; i++ )
598		{
599		if( verbose != 0 )
600		polarssl_printf( " HMAC-SHA-1 test #%d: ", i + 1 );
601
602		if( i == 5 \|\| i == 6 )
603		{
604		memset( buf, '\xAA', buflen = 80 );
605		sha1_hmac_starts( &ctx, buf, buflen );
606		}
607		else
608		sha1_hmac_starts( &ctx, sha1_hmac_test_key[i],
609		sha1_hmac_test_keylen[i] );
610
611		sha1_hmac_update( &ctx, sha1_hmac_test_buf[i],
612		sha1_hmac_test_buflen[i] );
613
614		sha1_hmac_finish( &ctx, sha1sum );
615
616		buflen = ( i == 4 ) ? 12 : 20;
617
618		if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
619		{
620		if( verbose != 0 )
621		polarssl_printf( "failed\n" );
622
623		ret = 1;
624		goto exit;
625		}
626
627		if( verbose != 0 )
628		polarssl_printf( "passed\n" );
629		}
630
631		if( verbose != 0 )
632		polarssl_printf( "\n" );
633
634		exit:
635		sha1_free( &ctx );
636
637		return( ret );
638		}
639
640		#endif /* POLARSSL_SELF_TEST */