2 * FIPS-180-1 compliant SHA-1 implementation
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: GPL-2.0
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 * This file is part of mbed TLS (https://tls.mbed.org)
24 * The SHA-1 standard was published by NIST in 1993.
26 * http://www.itl.nist.gov/fipspubs/fip180-1.htm
29 #if !defined(MBEDTLS_CONFIG_FILE)
30 #include "mbedtls/config.h"
32 #include MBEDTLS_CONFIG_FILE
35 #if defined(MBEDTLS_SHA1_C)
37 #include "mbedtls/sha1.h"
41 #if defined(MBEDTLS_SELF_TEST)
42 #if defined(MBEDTLS_PLATFORM_C)
43 #include "mbedtls/platform.h"
46 #define mbedtls_printf printf
47 #endif /* MBEDTLS_PLATFORM_C */
48 #endif /* MBEDTLS_SELF_TEST */
50 #if !defined(MBEDTLS_SHA1_ALT)
52 /* Implementation that should never be optimized out by the compiler */
53 static void mbedtls_zeroize( void *v
, size_t n
) {
54 volatile unsigned char *p
= (unsigned char*)v
; while( n
-- ) *p
++ = 0;
58 * 32-bit integer manipulation macros (big endian)
61 #define GET_UINT32_BE(n,b,i) \
63 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
64 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
65 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
66 | ( (uint32_t) (b)[(i) + 3] ); \
71 #define PUT_UINT32_BE(n,b,i) \
73 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
74 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
75 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
76 (b)[(i) + 3] = (unsigned char) ( (n) ); \
80 void mbedtls_sha1_init( mbedtls_sha1_context
*ctx
)
82 memset( ctx
, 0, sizeof( mbedtls_sha1_context
) );
85 void mbedtls_sha1_free( mbedtls_sha1_context
*ctx
)
90 mbedtls_zeroize( ctx
, sizeof( mbedtls_sha1_context
) );
93 void mbedtls_sha1_clone( mbedtls_sha1_context
*dst
,
94 const mbedtls_sha1_context
*src
)
100 * SHA-1 context setup
102 void mbedtls_sha1_starts( mbedtls_sha1_context
*ctx
)
107 ctx
->state
[0] = 0x67452301;
108 ctx
->state
[1] = 0xEFCDAB89;
109 ctx
->state
[2] = 0x98BADCFE;
110 ctx
->state
[3] = 0x10325476;
111 ctx
->state
[4] = 0xC3D2E1F0;
114 #if !defined(MBEDTLS_SHA1_PROCESS_ALT)
115 void mbedtls_sha1_process( mbedtls_sha1_context
*ctx
, const unsigned char data
[64] )
117 uint32_t temp
, W
[16], A
, B
, C
, D
, E
;
119 GET_UINT32_BE( W
[ 0], data
, 0 );
120 GET_UINT32_BE( W
[ 1], data
, 4 );
121 GET_UINT32_BE( W
[ 2], data
, 8 );
122 GET_UINT32_BE( W
[ 3], data
, 12 );
123 GET_UINT32_BE( W
[ 4], data
, 16 );
124 GET_UINT32_BE( W
[ 5], data
, 20 );
125 GET_UINT32_BE( W
[ 6], data
, 24 );
126 GET_UINT32_BE( W
[ 7], data
, 28 );
127 GET_UINT32_BE( W
[ 8], data
, 32 );
128 GET_UINT32_BE( W
[ 9], data
, 36 );
129 GET_UINT32_BE( W
[10], data
, 40 );
130 GET_UINT32_BE( W
[11], data
, 44 );
131 GET_UINT32_BE( W
[12], data
, 48 );
132 GET_UINT32_BE( W
[13], data
, 52 );
133 GET_UINT32_BE( W
[14], data
, 56 );
134 GET_UINT32_BE( W
[15], data
, 60 );
136 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
140 temp = W[( t - 3 ) & 0x0F] ^ W[( t - 8 ) & 0x0F] ^ \
141 W[( t - 14 ) & 0x0F] ^ W[ t & 0x0F], \
142 ( W[t & 0x0F] = S(temp,1) ) \
145 #define P(a,b,c,d,e,x) \
147 e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
156 #define F(x,y,z) (z ^ (x & (y ^ z)))
159 P( A
, B
, C
, D
, E
, W
[0] );
160 P( E
, A
, B
, C
, D
, W
[1] );
161 P( D
, E
, A
, B
, C
, W
[2] );
162 P( C
, D
, E
, A
, B
, W
[3] );
163 P( B
, C
, D
, E
, A
, W
[4] );
164 P( A
, B
, C
, D
, E
, W
[5] );
165 P( E
, A
, B
, C
, D
, W
[6] );
166 P( D
, E
, A
, B
, C
, W
[7] );
167 P( C
, D
, E
, A
, B
, W
[8] );
168 P( B
, C
, D
, E
, A
, W
[9] );
169 P( A
, B
, C
, D
, E
, W
[10] );
170 P( E
, A
, B
, C
, D
, W
[11] );
171 P( D
, E
, A
, B
, C
, W
[12] );
172 P( C
, D
, E
, A
, B
, W
[13] );
173 P( B
, C
, D
, E
, A
, W
[14] );
174 P( A
, B
, C
, D
, E
, W
[15] );
175 P( E
, A
, B
, C
, D
, R(16) );
176 P( D
, E
, A
, B
, C
, R(17) );
177 P( C
, D
, E
, A
, B
, R(18) );
178 P( B
, C
, D
, E
, A
, R(19) );
183 #define F(x,y,z) (x ^ y ^ z)
186 P( A
, B
, C
, D
, E
, R(20) );
187 P( E
, A
, B
, C
, D
, R(21) );
188 P( D
, E
, A
, B
, C
, R(22) );
189 P( C
, D
, E
, A
, B
, R(23) );
190 P( B
, C
, D
, E
, A
, R(24) );
191 P( A
, B
, C
, D
, E
, R(25) );
192 P( E
, A
, B
, C
, D
, R(26) );
193 P( D
, E
, A
, B
, C
, R(27) );
194 P( C
, D
, E
, A
, B
, R(28) );
195 P( B
, C
, D
, E
, A
, R(29) );
196 P( A
, B
, C
, D
, E
, R(30) );
197 P( E
, A
, B
, C
, D
, R(31) );
198 P( D
, E
, A
, B
, C
, R(32) );
199 P( C
, D
, E
, A
, B
, R(33) );
200 P( B
, C
, D
, E
, A
, R(34) );
201 P( A
, B
, C
, D
, E
, R(35) );
202 P( E
, A
, B
, C
, D
, R(36) );
203 P( D
, E
, A
, B
, C
, R(37) );
204 P( C
, D
, E
, A
, B
, R(38) );
205 P( B
, C
, D
, E
, A
, R(39) );
210 #define F(x,y,z) ((x & y) | (z & (x | y)))
213 P( A
, B
, C
, D
, E
, R(40) );
214 P( E
, A
, B
, C
, D
, R(41) );
215 P( D
, E
, A
, B
, C
, R(42) );
216 P( C
, D
, E
, A
, B
, R(43) );
217 P( B
, C
, D
, E
, A
, R(44) );
218 P( A
, B
, C
, D
, E
, R(45) );
219 P( E
, A
, B
, C
, D
, R(46) );
220 P( D
, E
, A
, B
, C
, R(47) );
221 P( C
, D
, E
, A
, B
, R(48) );
222 P( B
, C
, D
, E
, A
, R(49) );
223 P( A
, B
, C
, D
, E
, R(50) );
224 P( E
, A
, B
, C
, D
, R(51) );
225 P( D
, E
, A
, B
, C
, R(52) );
226 P( C
, D
, E
, A
, B
, R(53) );
227 P( B
, C
, D
, E
, A
, R(54) );
228 P( A
, B
, C
, D
, E
, R(55) );
229 P( E
, A
, B
, C
, D
, R(56) );
230 P( D
, E
, A
, B
, C
, R(57) );
231 P( C
, D
, E
, A
, B
, R(58) );
232 P( B
, C
, D
, E
, A
, R(59) );
237 #define F(x,y,z) (x ^ y ^ z)
240 P( A
, B
, C
, D
, E
, R(60) );
241 P( E
, A
, B
, C
, D
, R(61) );
242 P( D
, E
, A
, B
, C
, R(62) );
243 P( C
, D
, E
, A
, B
, R(63) );
244 P( B
, C
, D
, E
, A
, R(64) );
245 P( A
, B
, C
, D
, E
, R(65) );
246 P( E
, A
, B
, C
, D
, R(66) );
247 P( D
, E
, A
, B
, C
, R(67) );
248 P( C
, D
, E
, A
, B
, R(68) );
249 P( B
, C
, D
, E
, A
, R(69) );
250 P( A
, B
, C
, D
, E
, R(70) );
251 P( E
, A
, B
, C
, D
, R(71) );
252 P( D
, E
, A
, B
, C
, R(72) );
253 P( C
, D
, E
, A
, B
, R(73) );
254 P( B
, C
, D
, E
, A
, R(74) );
255 P( A
, B
, C
, D
, E
, R(75) );
256 P( E
, A
, B
, C
, D
, R(76) );
257 P( D
, E
, A
, B
, C
, R(77) );
258 P( C
, D
, E
, A
, B
, R(78) );
259 P( B
, C
, D
, E
, A
, R(79) );
270 #endif /* !MBEDTLS_SHA1_PROCESS_ALT */
273 * SHA-1 process buffer
275 void mbedtls_sha1_update( mbedtls_sha1_context
*ctx
, const unsigned char *input
, size_t ilen
)
283 left
= ctx
->total
[0] & 0x3F;
286 ctx
->total
[0] += (uint32_t) ilen
;
287 ctx
->total
[0] &= 0xFFFFFFFF;
289 if( ctx
->total
[0] < (uint32_t) ilen
)
292 if( left
&& ilen
>= fill
)
294 memcpy( (void *) (ctx
->buffer
+ left
), input
, fill
);
295 mbedtls_sha1_process( ctx
, ctx
->buffer
);
303 mbedtls_sha1_process( ctx
, input
);
309 memcpy( (void *) (ctx
->buffer
+ left
), input
, ilen
);
312 static const unsigned char sha1_padding
[64] =
314 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
315 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
316 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
317 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
323 void mbedtls_sha1_finish( mbedtls_sha1_context
*ctx
, unsigned char output
[20] )
327 unsigned char msglen
[8];
329 high
= ( ctx
->total
[0] >> 29 )
330 | ( ctx
->total
[1] << 3 );
331 low
= ( ctx
->total
[0] << 3 );
333 PUT_UINT32_BE( high
, msglen
, 0 );
334 PUT_UINT32_BE( low
, msglen
, 4 );
336 last
= ctx
->total
[0] & 0x3F;
337 padn
= ( last
< 56 ) ? ( 56 - last
) : ( 120 - last
);
339 mbedtls_sha1_update( ctx
, sha1_padding
, padn
);
340 mbedtls_sha1_update( ctx
, msglen
, 8 );
342 PUT_UINT32_BE( ctx
->state
[0], output
, 0 );
343 PUT_UINT32_BE( ctx
->state
[1], output
, 4 );
344 PUT_UINT32_BE( ctx
->state
[2], output
, 8 );
345 PUT_UINT32_BE( ctx
->state
[3], output
, 12 );
346 PUT_UINT32_BE( ctx
->state
[4], output
, 16 );
349 #endif /* !MBEDTLS_SHA1_ALT */
352 * output = SHA-1( input buffer )
354 void mbedtls_sha1( const unsigned char *input
, size_t ilen
, unsigned char output
[20] )
356 mbedtls_sha1_context ctx
;
358 mbedtls_sha1_init( &ctx
);
359 mbedtls_sha1_starts( &ctx
);
360 mbedtls_sha1_update( &ctx
, input
, ilen
);
361 mbedtls_sha1_finish( &ctx
, output
);
362 mbedtls_sha1_free( &ctx
);
365 #if defined(MBEDTLS_SELF_TEST)
367 * FIPS-180-1 test vectors
369 static const unsigned char sha1_test_buf
[3][57] =
372 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
376 static const int sha1_test_buflen
[3] =
381 static const unsigned char sha1_test_sum
[3][20] =
383 { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
384 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
385 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
386 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
387 { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
388 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
394 int mbedtls_sha1_self_test( int verbose
)
396 int i
, j
, buflen
, ret
= 0;
397 unsigned char buf
[1024];
398 unsigned char sha1sum
[20];
399 mbedtls_sha1_context ctx
;
401 mbedtls_sha1_init( &ctx
);
406 for( i
= 0; i
< 3; i
++ )
409 mbedtls_printf( " SHA-1 test #%d: ", i
+ 1 );
411 mbedtls_sha1_starts( &ctx
);
415 memset( buf
, 'a', buflen
= 1000 );
417 for( j
= 0; j
< 1000; j
++ )
418 mbedtls_sha1_update( &ctx
, buf
, buflen
);
421 mbedtls_sha1_update( &ctx
, sha1_test_buf
[i
],
422 sha1_test_buflen
[i
] );
424 mbedtls_sha1_finish( &ctx
, sha1sum
);
426 if( memcmp( sha1sum
, sha1_test_sum
[i
], 20 ) != 0 )
429 mbedtls_printf( "failed\n" );
436 mbedtls_printf( "passed\n" );
440 mbedtls_printf( "\n" );
443 mbedtls_sha1_free( &ctx
);
448 #endif /* MBEDTLS_SELF_TEST */
450 #endif /* MBEDTLS_SHA1_C */