/work/mbedtls-2.28.8/library/sha1.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * FIPS-180-1 compliant SHA-1 implementation |
3 | | * |
4 | | * Copyright The Mbed TLS Contributors |
5 | | * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
6 | | */ |
7 | | /* |
8 | | * The SHA-1 standard was published by NIST in 1993. |
9 | | * |
10 | | * http://www.itl.nist.gov/fipspubs/fip180-1.htm |
11 | | */ |
12 | | |
13 | | #include "common.h" |
14 | | |
15 | | #if defined(MBEDTLS_SHA1_C) |
16 | | |
17 | | #include "mbedtls/sha1.h" |
18 | | #include "mbedtls/platform_util.h" |
19 | | #include "mbedtls/error.h" |
20 | | |
21 | | #include <string.h> |
22 | | |
23 | | #include "mbedtls/platform.h" |
24 | | |
25 | | #define SHA1_VALIDATE_RET(cond) \ |
26 | 0 | MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA) |
27 | | |
28 | 0 | #define SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE(cond) |
29 | | |
30 | | #if !defined(MBEDTLS_SHA1_ALT) |
31 | | |
32 | | void mbedtls_sha1_init(mbedtls_sha1_context *ctx) |
33 | 0 | { |
34 | 0 | SHA1_VALIDATE(ctx != NULL); |
35 | |
|
36 | 0 | memset(ctx, 0, sizeof(mbedtls_sha1_context)); |
37 | 0 | } |
38 | | |
39 | | void mbedtls_sha1_free(mbedtls_sha1_context *ctx) |
40 | 0 | { |
41 | 0 | if (ctx == NULL) { |
42 | 0 | return; |
43 | 0 | } |
44 | | |
45 | 0 | mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha1_context)); |
46 | 0 | } |
47 | | |
48 | | void mbedtls_sha1_clone(mbedtls_sha1_context *dst, |
49 | | const mbedtls_sha1_context *src) |
50 | 0 | { |
51 | 0 | SHA1_VALIDATE(dst != NULL); |
52 | 0 | SHA1_VALIDATE(src != NULL); |
53 | |
|
54 | 0 | *dst = *src; |
55 | 0 | } |
56 | | |
57 | | /* |
58 | | * SHA-1 context setup |
59 | | */ |
60 | | int mbedtls_sha1_starts_ret(mbedtls_sha1_context *ctx) |
61 | 0 | { |
62 | 0 | SHA1_VALIDATE_RET(ctx != NULL); |
63 | |
|
64 | 0 | ctx->total[0] = 0; |
65 | 0 | ctx->total[1] = 0; |
66 | |
|
67 | 0 | ctx->state[0] = 0x67452301; |
68 | 0 | ctx->state[1] = 0xEFCDAB89; |
69 | 0 | ctx->state[2] = 0x98BADCFE; |
70 | 0 | ctx->state[3] = 0x10325476; |
71 | 0 | ctx->state[4] = 0xC3D2E1F0; |
72 | |
|
73 | 0 | return 0; |
74 | 0 | } |
75 | | |
76 | | #if !defined(MBEDTLS_DEPRECATED_REMOVED) |
77 | | void mbedtls_sha1_starts(mbedtls_sha1_context *ctx) |
78 | 0 | { |
79 | 0 | mbedtls_sha1_starts_ret(ctx); |
80 | 0 | } |
81 | | #endif |
82 | | |
83 | | #if !defined(MBEDTLS_SHA1_PROCESS_ALT) |
84 | | int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx, |
85 | | const unsigned char data[64]) |
86 | 0 | { |
87 | 0 | struct { |
88 | 0 | uint32_t temp, W[16], A, B, C, D, E; |
89 | 0 | } local; |
90 | |
|
91 | 0 | SHA1_VALIDATE_RET(ctx != NULL); |
92 | 0 | SHA1_VALIDATE_RET((const unsigned char *) data != NULL); |
93 | |
|
94 | 0 | local.W[0] = MBEDTLS_GET_UINT32_BE(data, 0); |
95 | 0 | local.W[1] = MBEDTLS_GET_UINT32_BE(data, 4); |
96 | 0 | local.W[2] = MBEDTLS_GET_UINT32_BE(data, 8); |
97 | 0 | local.W[3] = MBEDTLS_GET_UINT32_BE(data, 12); |
98 | 0 | local.W[4] = MBEDTLS_GET_UINT32_BE(data, 16); |
99 | 0 | local.W[5] = MBEDTLS_GET_UINT32_BE(data, 20); |
100 | 0 | local.W[6] = MBEDTLS_GET_UINT32_BE(data, 24); |
101 | 0 | local.W[7] = MBEDTLS_GET_UINT32_BE(data, 28); |
102 | 0 | local.W[8] = MBEDTLS_GET_UINT32_BE(data, 32); |
103 | 0 | local.W[9] = MBEDTLS_GET_UINT32_BE(data, 36); |
104 | 0 | local.W[10] = MBEDTLS_GET_UINT32_BE(data, 40); |
105 | 0 | local.W[11] = MBEDTLS_GET_UINT32_BE(data, 44); |
106 | 0 | local.W[12] = MBEDTLS_GET_UINT32_BE(data, 48); |
107 | 0 | local.W[13] = MBEDTLS_GET_UINT32_BE(data, 52); |
108 | 0 | local.W[14] = MBEDTLS_GET_UINT32_BE(data, 56); |
109 | 0 | local.W[15] = MBEDTLS_GET_UINT32_BE(data, 60); |
110 | |
|
111 | 0 | #define S(x, n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n)))) |
112 | |
|
113 | 0 | #define R(t) \ |
114 | 0 | ( \ |
115 | 0 | local.temp = local.W[((t) - 3) & 0x0F] ^ \ |
116 | 0 | local.W[((t) - 8) & 0x0F] ^ \ |
117 | 0 | local.W[((t) - 14) & 0x0F] ^ \ |
118 | 0 | local.W[(t) & 0x0F], \ |
119 | 0 | (local.W[(t) & 0x0F] = S(local.temp, 1)) \ |
120 | 0 | ) |
121 | |
|
122 | 0 | #define P(a, b, c, d, e, x) \ |
123 | 0 | do \ |
124 | 0 | { \ |
125 | 0 | (e) += S((a), 5) + F((b), (c), (d)) + K + (x); \ |
126 | 0 | (b) = S((b), 30); \ |
127 | 0 | } while (0) |
128 | |
|
129 | 0 | local.A = ctx->state[0]; |
130 | 0 | local.B = ctx->state[1]; |
131 | 0 | local.C = ctx->state[2]; |
132 | 0 | local.D = ctx->state[3]; |
133 | 0 | local.E = ctx->state[4]; |
134 | |
|
135 | 0 | #define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) |
136 | 0 | #define K 0x5A827999 |
137 | |
|
138 | 0 | P(local.A, local.B, local.C, local.D, local.E, local.W[0]); |
139 | 0 | P(local.E, local.A, local.B, local.C, local.D, local.W[1]); |
140 | 0 | P(local.D, local.E, local.A, local.B, local.C, local.W[2]); |
141 | 0 | P(local.C, local.D, local.E, local.A, local.B, local.W[3]); |
142 | 0 | P(local.B, local.C, local.D, local.E, local.A, local.W[4]); |
143 | 0 | P(local.A, local.B, local.C, local.D, local.E, local.W[5]); |
144 | 0 | P(local.E, local.A, local.B, local.C, local.D, local.W[6]); |
145 | 0 | P(local.D, local.E, local.A, local.B, local.C, local.W[7]); |
146 | 0 | P(local.C, local.D, local.E, local.A, local.B, local.W[8]); |
147 | 0 | P(local.B, local.C, local.D, local.E, local.A, local.W[9]); |
148 | 0 | P(local.A, local.B, local.C, local.D, local.E, local.W[10]); |
149 | 0 | P(local.E, local.A, local.B, local.C, local.D, local.W[11]); |
150 | 0 | P(local.D, local.E, local.A, local.B, local.C, local.W[12]); |
151 | 0 | P(local.C, local.D, local.E, local.A, local.B, local.W[13]); |
152 | 0 | P(local.B, local.C, local.D, local.E, local.A, local.W[14]); |
153 | 0 | P(local.A, local.B, local.C, local.D, local.E, local.W[15]); |
154 | 0 | P(local.E, local.A, local.B, local.C, local.D, R(16)); |
155 | 0 | P(local.D, local.E, local.A, local.B, local.C, R(17)); |
156 | 0 | P(local.C, local.D, local.E, local.A, local.B, R(18)); |
157 | 0 | P(local.B, local.C, local.D, local.E, local.A, R(19)); |
158 | |
|
159 | 0 | #undef K |
160 | 0 | #undef F |
161 | |
|
162 | 0 | #define F(x, y, z) ((x) ^ (y) ^ (z)) |
163 | 0 | #define K 0x6ED9EBA1 |
164 | |
|
165 | 0 | P(local.A, local.B, local.C, local.D, local.E, R(20)); |
166 | 0 | P(local.E, local.A, local.B, local.C, local.D, R(21)); |
167 | 0 | P(local.D, local.E, local.A, local.B, local.C, R(22)); |
168 | 0 | P(local.C, local.D, local.E, local.A, local.B, R(23)); |
169 | 0 | P(local.B, local.C, local.D, local.E, local.A, R(24)); |
170 | 0 | P(local.A, local.B, local.C, local.D, local.E, R(25)); |
171 | 0 | P(local.E, local.A, local.B, local.C, local.D, R(26)); |
172 | 0 | P(local.D, local.E, local.A, local.B, local.C, R(27)); |
173 | 0 | P(local.C, local.D, local.E, local.A, local.B, R(28)); |
174 | 0 | P(local.B, local.C, local.D, local.E, local.A, R(29)); |
175 | 0 | P(local.A, local.B, local.C, local.D, local.E, R(30)); |
176 | 0 | P(local.E, local.A, local.B, local.C, local.D, R(31)); |
177 | 0 | P(local.D, local.E, local.A, local.B, local.C, R(32)); |
178 | 0 | P(local.C, local.D, local.E, local.A, local.B, R(33)); |
179 | 0 | P(local.B, local.C, local.D, local.E, local.A, R(34)); |
180 | 0 | P(local.A, local.B, local.C, local.D, local.E, R(35)); |
181 | 0 | P(local.E, local.A, local.B, local.C, local.D, R(36)); |
182 | 0 | P(local.D, local.E, local.A, local.B, local.C, R(37)); |
183 | 0 | P(local.C, local.D, local.E, local.A, local.B, R(38)); |
184 | 0 | P(local.B, local.C, local.D, local.E, local.A, R(39)); |
185 | |
|
186 | 0 | #undef K |
187 | 0 | #undef F |
188 | |
|
189 | 0 | #define F(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) |
190 | 0 | #define K 0x8F1BBCDC |
191 | |
|
192 | 0 | P(local.A, local.B, local.C, local.D, local.E, R(40)); |
193 | 0 | P(local.E, local.A, local.B, local.C, local.D, R(41)); |
194 | 0 | P(local.D, local.E, local.A, local.B, local.C, R(42)); |
195 | 0 | P(local.C, local.D, local.E, local.A, local.B, R(43)); |
196 | 0 | P(local.B, local.C, local.D, local.E, local.A, R(44)); |
197 | 0 | P(local.A, local.B, local.C, local.D, local.E, R(45)); |
198 | 0 | P(local.E, local.A, local.B, local.C, local.D, R(46)); |
199 | 0 | P(local.D, local.E, local.A, local.B, local.C, R(47)); |
200 | 0 | P(local.C, local.D, local.E, local.A, local.B, R(48)); |
201 | 0 | P(local.B, local.C, local.D, local.E, local.A, R(49)); |
202 | 0 | P(local.A, local.B, local.C, local.D, local.E, R(50)); |
203 | 0 | P(local.E, local.A, local.B, local.C, local.D, R(51)); |
204 | 0 | P(local.D, local.E, local.A, local.B, local.C, R(52)); |
205 | 0 | P(local.C, local.D, local.E, local.A, local.B, R(53)); |
206 | 0 | P(local.B, local.C, local.D, local.E, local.A, R(54)); |
207 | 0 | P(local.A, local.B, local.C, local.D, local.E, R(55)); |
208 | 0 | P(local.E, local.A, local.B, local.C, local.D, R(56)); |
209 | 0 | P(local.D, local.E, local.A, local.B, local.C, R(57)); |
210 | 0 | P(local.C, local.D, local.E, local.A, local.B, R(58)); |
211 | 0 | P(local.B, local.C, local.D, local.E, local.A, R(59)); |
212 | |
|
213 | 0 | #undef K |
214 | 0 | #undef F |
215 | |
|
216 | 0 | #define F(x, y, z) ((x) ^ (y) ^ (z)) |
217 | 0 | #define K 0xCA62C1D6 |
218 | |
|
219 | 0 | P(local.A, local.B, local.C, local.D, local.E, R(60)); |
220 | 0 | P(local.E, local.A, local.B, local.C, local.D, R(61)); |
221 | 0 | P(local.D, local.E, local.A, local.B, local.C, R(62)); |
222 | 0 | P(local.C, local.D, local.E, local.A, local.B, R(63)); |
223 | 0 | P(local.B, local.C, local.D, local.E, local.A, R(64)); |
224 | 0 | P(local.A, local.B, local.C, local.D, local.E, R(65)); |
225 | 0 | P(local.E, local.A, local.B, local.C, local.D, R(66)); |
226 | 0 | P(local.D, local.E, local.A, local.B, local.C, R(67)); |
227 | 0 | P(local.C, local.D, local.E, local.A, local.B, R(68)); |
228 | 0 | P(local.B, local.C, local.D, local.E, local.A, R(69)); |
229 | 0 | P(local.A, local.B, local.C, local.D, local.E, R(70)); |
230 | 0 | P(local.E, local.A, local.B, local.C, local.D, R(71)); |
231 | 0 | P(local.D, local.E, local.A, local.B, local.C, R(72)); |
232 | 0 | P(local.C, local.D, local.E, local.A, local.B, R(73)); |
233 | 0 | P(local.B, local.C, local.D, local.E, local.A, R(74)); |
234 | 0 | P(local.A, local.B, local.C, local.D, local.E, R(75)); |
235 | 0 | P(local.E, local.A, local.B, local.C, local.D, R(76)); |
236 | 0 | P(local.D, local.E, local.A, local.B, local.C, R(77)); |
237 | 0 | P(local.C, local.D, local.E, local.A, local.B, R(78)); |
238 | 0 | P(local.B, local.C, local.D, local.E, local.A, R(79)); |
239 | |
|
240 | 0 | #undef K |
241 | 0 | #undef F |
242 | |
|
243 | 0 | ctx->state[0] += local.A; |
244 | 0 | ctx->state[1] += local.B; |
245 | 0 | ctx->state[2] += local.C; |
246 | 0 | ctx->state[3] += local.D; |
247 | 0 | ctx->state[4] += local.E; |
248 | | |
249 | | /* Zeroise buffers and variables to clear sensitive data from memory. */ |
250 | 0 | mbedtls_platform_zeroize(&local, sizeof(local)); |
251 | |
|
252 | 0 | return 0; |
253 | 0 | } |
254 | | |
255 | | #if !defined(MBEDTLS_DEPRECATED_REMOVED) |
256 | | void mbedtls_sha1_process(mbedtls_sha1_context *ctx, |
257 | | const unsigned char data[64]) |
258 | 0 | { |
259 | 0 | mbedtls_internal_sha1_process(ctx, data); |
260 | 0 | } |
261 | | #endif |
262 | | #endif /* !MBEDTLS_SHA1_PROCESS_ALT */ |
263 | | |
264 | | /* |
265 | | * SHA-1 process buffer |
266 | | */ |
267 | | int mbedtls_sha1_update_ret(mbedtls_sha1_context *ctx, |
268 | | const unsigned char *input, |
269 | | size_t ilen) |
270 | 0 | { |
271 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
272 | 0 | size_t fill; |
273 | 0 | uint32_t left; |
274 | |
|
275 | 0 | SHA1_VALIDATE_RET(ctx != NULL); |
276 | 0 | SHA1_VALIDATE_RET(ilen == 0 || input != NULL); |
277 | |
|
278 | 0 | if (ilen == 0) { |
279 | 0 | return 0; |
280 | 0 | } |
281 | | |
282 | 0 | left = ctx->total[0] & 0x3F; |
283 | 0 | fill = 64 - left; |
284 | |
|
285 | 0 | ctx->total[0] += (uint32_t) ilen; |
286 | 0 | ctx->total[0] &= 0xFFFFFFFF; |
287 | |
|
288 | 0 | if (ctx->total[0] < (uint32_t) ilen) { |
289 | 0 | ctx->total[1]++; |
290 | 0 | } |
291 | |
|
292 | 0 | if (left && ilen >= fill) { |
293 | 0 | memcpy((void *) (ctx->buffer + left), input, fill); |
294 | |
|
295 | 0 | if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) { |
296 | 0 | return ret; |
297 | 0 | } |
298 | | |
299 | 0 | input += fill; |
300 | 0 | ilen -= fill; |
301 | 0 | left = 0; |
302 | 0 | } |
303 | | |
304 | 0 | while (ilen >= 64) { |
305 | 0 | if ((ret = mbedtls_internal_sha1_process(ctx, input)) != 0) { |
306 | 0 | return ret; |
307 | 0 | } |
308 | | |
309 | 0 | input += 64; |
310 | 0 | ilen -= 64; |
311 | 0 | } |
312 | | |
313 | 0 | if (ilen > 0) { |
314 | 0 | memcpy((void *) (ctx->buffer + left), input, ilen); |
315 | 0 | } |
316 | |
|
317 | 0 | return 0; |
318 | 0 | } |
319 | | |
320 | | #if !defined(MBEDTLS_DEPRECATED_REMOVED) |
321 | | void mbedtls_sha1_update(mbedtls_sha1_context *ctx, |
322 | | const unsigned char *input, |
323 | | size_t ilen) |
324 | 0 | { |
325 | 0 | mbedtls_sha1_update_ret(ctx, input, ilen); |
326 | 0 | } |
327 | | #endif |
328 | | |
329 | | /* |
330 | | * SHA-1 final digest |
331 | | */ |
332 | | int mbedtls_sha1_finish_ret(mbedtls_sha1_context *ctx, |
333 | | unsigned char output[20]) |
334 | 0 | { |
335 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
336 | 0 | uint32_t used; |
337 | 0 | uint32_t high, low; |
338 | |
|
339 | 0 | SHA1_VALIDATE_RET(ctx != NULL); |
340 | 0 | SHA1_VALIDATE_RET((unsigned char *) output != NULL); |
341 | | |
342 | | /* |
343 | | * Add padding: 0x80 then 0x00 until 8 bytes remain for the length |
344 | | */ |
345 | 0 | used = ctx->total[0] & 0x3F; |
346 | |
|
347 | 0 | ctx->buffer[used++] = 0x80; |
348 | |
|
349 | 0 | if (used <= 56) { |
350 | | /* Enough room for padding + length in current block */ |
351 | 0 | memset(ctx->buffer + used, 0, 56 - used); |
352 | 0 | } else { |
353 | | /* We'll need an extra block */ |
354 | 0 | memset(ctx->buffer + used, 0, 64 - used); |
355 | |
|
356 | 0 | if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) { |
357 | 0 | return ret; |
358 | 0 | } |
359 | | |
360 | 0 | memset(ctx->buffer, 0, 56); |
361 | 0 | } |
362 | | |
363 | | /* |
364 | | * Add message length |
365 | | */ |
366 | 0 | high = (ctx->total[0] >> 29) |
367 | 0 | | (ctx->total[1] << 3); |
368 | 0 | low = (ctx->total[0] << 3); |
369 | |
|
370 | 0 | MBEDTLS_PUT_UINT32_BE(high, ctx->buffer, 56); |
371 | 0 | MBEDTLS_PUT_UINT32_BE(low, ctx->buffer, 60); |
372 | |
|
373 | 0 | if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) { |
374 | 0 | return ret; |
375 | 0 | } |
376 | | |
377 | | /* |
378 | | * Output final state |
379 | | */ |
380 | 0 | MBEDTLS_PUT_UINT32_BE(ctx->state[0], output, 0); |
381 | 0 | MBEDTLS_PUT_UINT32_BE(ctx->state[1], output, 4); |
382 | 0 | MBEDTLS_PUT_UINT32_BE(ctx->state[2], output, 8); |
383 | 0 | MBEDTLS_PUT_UINT32_BE(ctx->state[3], output, 12); |
384 | 0 | MBEDTLS_PUT_UINT32_BE(ctx->state[4], output, 16); |
385 | |
|
386 | 0 | return 0; |
387 | 0 | } |
388 | | |
389 | | #if !defined(MBEDTLS_DEPRECATED_REMOVED) |
390 | | void mbedtls_sha1_finish(mbedtls_sha1_context *ctx, |
391 | | unsigned char output[20]) |
392 | 0 | { |
393 | 0 | mbedtls_sha1_finish_ret(ctx, output); |
394 | 0 | } |
395 | | #endif |
396 | | |
397 | | #endif /* !MBEDTLS_SHA1_ALT */ |
398 | | |
399 | | /* |
400 | | * output = SHA-1( input buffer ) |
401 | | */ |
402 | | int mbedtls_sha1_ret(const unsigned char *input, |
403 | | size_t ilen, |
404 | | unsigned char output[20]) |
405 | 0 | { |
406 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
407 | 0 | mbedtls_sha1_context ctx; |
408 | |
|
409 | 0 | SHA1_VALIDATE_RET(ilen == 0 || input != NULL); |
410 | 0 | SHA1_VALIDATE_RET((unsigned char *) output != NULL); |
411 | |
|
412 | 0 | mbedtls_sha1_init(&ctx); |
413 | |
|
414 | 0 | if ((ret = mbedtls_sha1_starts_ret(&ctx)) != 0) { |
415 | 0 | goto exit; |
416 | 0 | } |
417 | | |
418 | 0 | if ((ret = mbedtls_sha1_update_ret(&ctx, input, ilen)) != 0) { |
419 | 0 | goto exit; |
420 | 0 | } |
421 | | |
422 | 0 | if ((ret = mbedtls_sha1_finish_ret(&ctx, output)) != 0) { |
423 | 0 | goto exit; |
424 | 0 | } |
425 | | |
426 | 0 | exit: |
427 | 0 | mbedtls_sha1_free(&ctx); |
428 | |
|
429 | 0 | return ret; |
430 | 0 | } |
431 | | |
432 | | #if !defined(MBEDTLS_DEPRECATED_REMOVED) |
433 | | void mbedtls_sha1(const unsigned char *input, |
434 | | size_t ilen, |
435 | | unsigned char output[20]) |
436 | 0 | { |
437 | 0 | mbedtls_sha1_ret(input, ilen, output); |
438 | 0 | } |
439 | | #endif |
440 | | |
441 | | #if defined(MBEDTLS_SELF_TEST) |
442 | | /* |
443 | | * FIPS-180-1 test vectors |
444 | | */ |
445 | | static const unsigned char sha1_test_buf[3][57] = |
446 | | { |
447 | | { "abc" }, |
448 | | { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, |
449 | | { "" } |
450 | | }; |
451 | | |
452 | | static const size_t sha1_test_buflen[3] = |
453 | | { |
454 | | 3, 56, 1000 |
455 | | }; |
456 | | |
457 | | static const unsigned char sha1_test_sum[3][20] = |
458 | | { |
459 | | { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E, |
460 | | 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D }, |
461 | | { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE, |
462 | | 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 }, |
463 | | { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E, |
464 | | 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F } |
465 | | }; |
466 | | |
467 | | /* |
468 | | * Checkup routine |
469 | | */ |
470 | | int mbedtls_sha1_self_test(int verbose) |
471 | 0 | { |
472 | 0 | int i, j, buflen, ret = 0; |
473 | 0 | unsigned char buf[1024]; |
474 | 0 | unsigned char sha1sum[20]; |
475 | 0 | mbedtls_sha1_context ctx; |
476 | |
|
477 | 0 | mbedtls_sha1_init(&ctx); |
478 | | |
479 | | /* |
480 | | * SHA-1 |
481 | | */ |
482 | 0 | for (i = 0; i < 3; i++) { |
483 | 0 | if (verbose != 0) { |
484 | 0 | mbedtls_printf(" SHA-1 test #%d: ", i + 1); |
485 | 0 | } |
486 | |
|
487 | 0 | if ((ret = mbedtls_sha1_starts_ret(&ctx)) != 0) { |
488 | 0 | goto fail; |
489 | 0 | } |
490 | | |
491 | 0 | if (i == 2) { |
492 | 0 | memset(buf, 'a', buflen = 1000); |
493 | |
|
494 | 0 | for (j = 0; j < 1000; j++) { |
495 | 0 | ret = mbedtls_sha1_update_ret(&ctx, buf, buflen); |
496 | 0 | if (ret != 0) { |
497 | 0 | goto fail; |
498 | 0 | } |
499 | 0 | } |
500 | 0 | } else { |
501 | 0 | ret = mbedtls_sha1_update_ret(&ctx, sha1_test_buf[i], |
502 | 0 | sha1_test_buflen[i]); |
503 | 0 | if (ret != 0) { |
504 | 0 | goto fail; |
505 | 0 | } |
506 | 0 | } |
507 | | |
508 | 0 | if ((ret = mbedtls_sha1_finish_ret(&ctx, sha1sum)) != 0) { |
509 | 0 | goto fail; |
510 | 0 | } |
511 | | |
512 | 0 | if (memcmp(sha1sum, sha1_test_sum[i], 20) != 0) { |
513 | 0 | ret = 1; |
514 | 0 | goto fail; |
515 | 0 | } |
516 | | |
517 | 0 | if (verbose != 0) { |
518 | 0 | mbedtls_printf("passed\n"); |
519 | 0 | } |
520 | 0 | } |
521 | | |
522 | 0 | if (verbose != 0) { |
523 | 0 | mbedtls_printf("\n"); |
524 | 0 | } |
525 | |
|
526 | 0 | goto exit; |
527 | | |
528 | 0 | fail: |
529 | 0 | if (verbose != 0) { |
530 | 0 | mbedtls_printf("failed\n"); |
531 | 0 | } |
532 | |
|
533 | 0 | exit: |
534 | 0 | mbedtls_sha1_free(&ctx); |
535 | |
|
536 | 0 | return ret; |
537 | 0 | } |
538 | | |
539 | | #endif /* MBEDTLS_SELF_TEST */ |
540 | | |
541 | | #endif /* MBEDTLS_SHA1_C */ |