PolarSSL v1.1.4
sha1.c
Go to the documentation of this file.
00001 /*
00002  *  FIPS-180-1 compliant SHA-1 implementation
00003  *
00004  *  Copyright (C) 2006-2010, Brainspark B.V.
00005  *
00006  *  This file is part of PolarSSL (http://www.polarssl.org)
00007  *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
00008  *
00009  *  All rights reserved.
00010  *
00011  *  This program is free software; you can redistribute it and/or modify
00012  *  it under the terms of the GNU General Public License as published by
00013  *  the Free Software Foundation; either version 2 of the License, or
00014  *  (at your option) any later version.
00015  *
00016  *  This program is distributed in the hope that it will be useful,
00017  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00018  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00019  *  GNU General Public License for more details.
00020  *
00021  *  You should have received a copy of the GNU General Public License along
00022  *  with this program; if not, write to the Free Software Foundation, Inc.,
00023  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
00024  */
00025 /*
00026  *  The SHA-1 standard was published by NIST in 1993.
00027  *
00028  *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
00029  */
00030 
00031 #include "polarssl/config.h"
00032 
00033 #if defined(POLARSSL_SHA1_C)
00034 
00035 #include "polarssl/sha1.h"
00036 
00037 #if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
00038 #include <stdio.h>
00039 #endif
00040 
00041 /*
00042  * 32-bit integer manipulation macros (big endian)
00043  */
00044 #ifndef GET_ULONG_BE
00045 #define GET_ULONG_BE(n,b,i)                             \
00046 {                                                       \
00047     (n) = ( (unsigned long) (b)[(i)    ] << 24 )        \
00048         | ( (unsigned long) (b)[(i) + 1] << 16 )        \
00049         | ( (unsigned long) (b)[(i) + 2] <<  8 )        \
00050         | ( (unsigned long) (b)[(i) + 3]       );       \
00051 }
00052 #endif
00053 
00054 #ifndef PUT_ULONG_BE
00055 #define PUT_ULONG_BE(n,b,i)                             \
00056 {                                                       \
00057     (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
00058     (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
00059     (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
00060     (b)[(i) + 3] = (unsigned char) ( (n)       );       \
00061 }
00062 #endif
00063 
00064 /*
00065  * SHA-1 context setup
00066  */
00067 void sha1_starts( sha1_context *ctx )
00068 {
00069     ctx->total[0] = 0;
00070     ctx->total[1] = 0;
00071 
00072     ctx->state[0] = 0x67452301;
00073     ctx->state[1] = 0xEFCDAB89;
00074     ctx->state[2] = 0x98BADCFE;
00075     ctx->state[3] = 0x10325476;
00076     ctx->state[4] = 0xC3D2E1F0;
00077 }
00078 
00079 static void sha1_process( sha1_context *ctx, const unsigned char data[64] )
00080 {
00081     unsigned long temp, W[16], A, B, C, D, E;
00082 
00083     GET_ULONG_BE( W[ 0], data,  0 );
00084     GET_ULONG_BE( W[ 1], data,  4 );
00085     GET_ULONG_BE( W[ 2], data,  8 );
00086     GET_ULONG_BE( W[ 3], data, 12 );
00087     GET_ULONG_BE( W[ 4], data, 16 );
00088     GET_ULONG_BE( W[ 5], data, 20 );
00089     GET_ULONG_BE( W[ 6], data, 24 );
00090     GET_ULONG_BE( W[ 7], data, 28 );
00091     GET_ULONG_BE( W[ 8], data, 32 );
00092     GET_ULONG_BE( W[ 9], data, 36 );
00093     GET_ULONG_BE( W[10], data, 40 );
00094     GET_ULONG_BE( W[11], data, 44 );
00095     GET_ULONG_BE( W[12], data, 48 );
00096     GET_ULONG_BE( W[13], data, 52 );
00097     GET_ULONG_BE( W[14], data, 56 );
00098     GET_ULONG_BE( W[15], data, 60 );
00099 
00100 #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
00101 
00102 #define R(t)                                            \
00103 (                                                       \
00104     temp = W[(t -  3) & 0x0F] ^ W[(t - 8) & 0x0F] ^     \
00105            W[(t - 14) & 0x0F] ^ W[ t      & 0x0F],      \
00106     ( W[t & 0x0F] = S(temp,1) )                         \
00107 )
00108 
00109 #define P(a,b,c,d,e,x)                                  \
00110 {                                                       \
00111     e += S(a,5) + F(b,c,d) + K + x; b = S(b,30);        \
00112 }
00113 
00114     A = ctx->state[0];
00115     B = ctx->state[1];
00116     C = ctx->state[2];
00117     D = ctx->state[3];
00118     E = ctx->state[4];
00119 
00120 #define F(x,y,z) (z ^ (x & (y ^ z)))
00121 #define K 0x5A827999
00122 
00123     P( A, B, C, D, E, W[0]  );
00124     P( E, A, B, C, D, W[1]  );
00125     P( D, E, A, B, C, W[2]  );
00126     P( C, D, E, A, B, W[3]  );
00127     P( B, C, D, E, A, W[4]  );
00128     P( A, B, C, D, E, W[5]  );
00129     P( E, A, B, C, D, W[6]  );
00130     P( D, E, A, B, C, W[7]  );
00131     P( C, D, E, A, B, W[8]  );
00132     P( B, C, D, E, A, W[9]  );
00133     P( A, B, C, D, E, W[10] );
00134     P( E, A, B, C, D, W[11] );
00135     P( D, E, A, B, C, W[12] );
00136     P( C, D, E, A, B, W[13] );
00137     P( B, C, D, E, A, W[14] );
00138     P( A, B, C, D, E, W[15] );
00139     P( E, A, B, C, D, R(16) );
00140     P( D, E, A, B, C, R(17) );
00141     P( C, D, E, A, B, R(18) );
00142     P( B, C, D, E, A, R(19) );
00143 
00144 #undef K
00145 #undef F
00146 
00147 #define F(x,y,z) (x ^ y ^ z)
00148 #define K 0x6ED9EBA1
00149 
00150     P( A, B, C, D, E, R(20) );
00151     P( E, A, B, C, D, R(21) );
00152     P( D, E, A, B, C, R(22) );
00153     P( C, D, E, A, B, R(23) );
00154     P( B, C, D, E, A, R(24) );
00155     P( A, B, C, D, E, R(25) );
00156     P( E, A, B, C, D, R(26) );
00157     P( D, E, A, B, C, R(27) );
00158     P( C, D, E, A, B, R(28) );
00159     P( B, C, D, E, A, R(29) );
00160     P( A, B, C, D, E, R(30) );
00161     P( E, A, B, C, D, R(31) );
00162     P( D, E, A, B, C, R(32) );
00163     P( C, D, E, A, B, R(33) );
00164     P( B, C, D, E, A, R(34) );
00165     P( A, B, C, D, E, R(35) );
00166     P( E, A, B, C, D, R(36) );
00167     P( D, E, A, B, C, R(37) );
00168     P( C, D, E, A, B, R(38) );
00169     P( B, C, D, E, A, R(39) );
00170 
00171 #undef K
00172 #undef F
00173 
00174 #define F(x,y,z) ((x & y) | (z & (x | y)))
00175 #define K 0x8F1BBCDC
00176 
00177     P( A, B, C, D, E, R(40) );
00178     P( E, A, B, C, D, R(41) );
00179     P( D, E, A, B, C, R(42) );
00180     P( C, D, E, A, B, R(43) );
00181     P( B, C, D, E, A, R(44) );
00182     P( A, B, C, D, E, R(45) );
00183     P( E, A, B, C, D, R(46) );
00184     P( D, E, A, B, C, R(47) );
00185     P( C, D, E, A, B, R(48) );
00186     P( B, C, D, E, A, R(49) );
00187     P( A, B, C, D, E, R(50) );
00188     P( E, A, B, C, D, R(51) );
00189     P( D, E, A, B, C, R(52) );
00190     P( C, D, E, A, B, R(53) );
00191     P( B, C, D, E, A, R(54) );
00192     P( A, B, C, D, E, R(55) );
00193     P( E, A, B, C, D, R(56) );
00194     P( D, E, A, B, C, R(57) );
00195     P( C, D, E, A, B, R(58) );
00196     P( B, C, D, E, A, R(59) );
00197 
00198 #undef K
00199 #undef F
00200 
00201 #define F(x,y,z) (x ^ y ^ z)
00202 #define K 0xCA62C1D6
00203 
00204     P( A, B, C, D, E, R(60) );
00205     P( E, A, B, C, D, R(61) );
00206     P( D, E, A, B, C, R(62) );
00207     P( C, D, E, A, B, R(63) );
00208     P( B, C, D, E, A, R(64) );
00209     P( A, B, C, D, E, R(65) );
00210     P( E, A, B, C, D, R(66) );
00211     P( D, E, A, B, C, R(67) );
00212     P( C, D, E, A, B, R(68) );
00213     P( B, C, D, E, A, R(69) );
00214     P( A, B, C, D, E, R(70) );
00215     P( E, A, B, C, D, R(71) );
00216     P( D, E, A, B, C, R(72) );
00217     P( C, D, E, A, B, R(73) );
00218     P( B, C, D, E, A, R(74) );
00219     P( A, B, C, D, E, R(75) );
00220     P( E, A, B, C, D, R(76) );
00221     P( D, E, A, B, C, R(77) );
00222     P( C, D, E, A, B, R(78) );
00223     P( B, C, D, E, A, R(79) );
00224 
00225 #undef K
00226 #undef F
00227 
00228     ctx->state[0] += A;
00229     ctx->state[1] += B;
00230     ctx->state[2] += C;
00231     ctx->state[3] += D;
00232     ctx->state[4] += E;
00233 }
00234 
00235 /*
00236  * SHA-1 process buffer
00237  */
00238 void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
00239 {
00240     size_t fill;
00241     unsigned long left;
00242 
00243     if( ilen <= 0 )
00244         return;
00245 
00246     left = ctx->total[0] & 0x3F;
00247     fill = 64 - left;
00248 
00249     ctx->total[0] += (unsigned long) ilen;
00250     ctx->total[0] &= 0xFFFFFFFF;
00251 
00252     if( ctx->total[0] < (unsigned long) ilen )
00253         ctx->total[1]++;
00254 
00255     if( left && ilen >= fill )
00256     {
00257         memcpy( (void *) (ctx->buffer + left),
00258                 (void *) input, fill );
00259         sha1_process( ctx, ctx->buffer );
00260         input += fill;
00261         ilen  -= fill;
00262         left = 0;
00263     }
00264 
00265     while( ilen >= 64 )
00266     {
00267         sha1_process( ctx, input );
00268         input += 64;
00269         ilen  -= 64;
00270     }
00271 
00272     if( ilen > 0 )
00273     {
00274         memcpy( (void *) (ctx->buffer + left),
00275                 (void *) input, ilen );
00276     }
00277 }
00278 
00279 static const unsigned char sha1_padding[64] =
00280 {
00281  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00282     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00283     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00284     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
00285 };
00286 
00287 /*
00288  * SHA-1 final digest
00289  */
00290 void sha1_finish( sha1_context *ctx, unsigned char output[20] )
00291 {
00292     unsigned long last, padn;
00293     unsigned long high, low;
00294     unsigned char msglen[8];
00295 
00296     high = ( ctx->total[0] >> 29 )
00297          | ( ctx->total[1] <<  3 );
00298     low  = ( ctx->total[0] <<  3 );
00299 
00300     PUT_ULONG_BE( high, msglen, 0 );
00301     PUT_ULONG_BE( low,  msglen, 4 );
00302 
00303     last = ctx->total[0] & 0x3F;
00304     padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
00305 
00306     sha1_update( ctx, (unsigned char *) sha1_padding, padn );
00307     sha1_update( ctx, msglen, 8 );
00308 
00309     PUT_ULONG_BE( ctx->state[0], output,  0 );
00310     PUT_ULONG_BE( ctx->state[1], output,  4 );
00311     PUT_ULONG_BE( ctx->state[2], output,  8 );
00312     PUT_ULONG_BE( ctx->state[3], output, 12 );
00313     PUT_ULONG_BE( ctx->state[4], output, 16 );
00314 }
00315 
00316 /*
00317  * output = SHA-1( input buffer )
00318  */
00319 void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
00320 {
00321     sha1_context ctx;
00322 
00323     sha1_starts( &ctx );
00324     sha1_update( &ctx, input, ilen );
00325     sha1_finish( &ctx, output );
00326 
00327     memset( &ctx, 0, sizeof( sha1_context ) );
00328 }
00329 
00330 #if defined(POLARSSL_FS_IO)
00331 /*
00332  * output = SHA-1( file contents )
00333  */
00334 int sha1_file( const char *path, unsigned char output[20] )
00335 {
00336     FILE *f;
00337     size_t n;
00338     sha1_context ctx;
00339     unsigned char buf[1024];
00340 
00341     if( ( f = fopen( path, "rb" ) ) == NULL )
00342         return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
00343 
00344     sha1_starts( &ctx );
00345 
00346     while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
00347         sha1_update( &ctx, buf, n );
00348 
00349     sha1_finish( &ctx, output );
00350 
00351     memset( &ctx, 0, sizeof( sha1_context ) );
00352 
00353     if( ferror( f ) != 0 )
00354     {
00355         fclose( f );
00356         return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
00357     }
00358 
00359     fclose( f );
00360     return( 0 );
00361 }
00362 #endif /* POLARSSL_FS_IO */
00363 
00364 /*
00365  * SHA-1 HMAC context setup
00366  */
00367 void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keylen )
00368 {
00369     size_t i;
00370     unsigned char sum[20];
00371 
00372     if( keylen > 64 )
00373     {
00374         sha1( key, keylen, sum );
00375         keylen = 20;
00376         key = sum;
00377     }
00378 
00379     memset( ctx->ipad, 0x36, 64 );
00380     memset( ctx->opad, 0x5C, 64 );
00381 
00382     for( i = 0; i < keylen; i++ )
00383     {
00384         ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
00385         ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
00386     }
00387 
00388     sha1_starts( ctx );
00389     sha1_update( ctx, ctx->ipad, 64 );
00390 
00391     memset( sum, 0, sizeof( sum ) );
00392 }
00393 
00394 /*
00395  * SHA-1 HMAC process buffer
00396  */
00397 void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, size_t ilen )
00398 {
00399     sha1_update( ctx, input, ilen );
00400 }
00401 
00402 /*
00403  * SHA-1 HMAC final digest
00404  */
00405 void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] )
00406 {
00407     unsigned char tmpbuf[20];
00408 
00409     sha1_finish( ctx, tmpbuf );
00410     sha1_starts( ctx );
00411     sha1_update( ctx, ctx->opad, 64 );
00412     sha1_update( ctx, tmpbuf, 20 );
00413     sha1_finish( ctx, output );
00414 
00415     memset( tmpbuf, 0, sizeof( tmpbuf ) );
00416 }
00417 
00418 /*
00419  * SHA1 HMAC context reset
00420  */
00421 void sha1_hmac_reset( sha1_context *ctx )
00422 {
00423     sha1_starts( ctx );
00424     sha1_update( ctx, ctx->ipad, 64 );
00425 }
00426 
00427 /*
00428  * output = HMAC-SHA-1( hmac key, input buffer )
00429  */
00430 void sha1_hmac( const unsigned char *key, size_t keylen,
00431                 const unsigned char *input, size_t ilen,
00432                 unsigned char output[20] )
00433 {
00434     sha1_context ctx;
00435 
00436     sha1_hmac_starts( &ctx, key, keylen );
00437     sha1_hmac_update( &ctx, input, ilen );
00438     sha1_hmac_finish( &ctx, output );
00439 
00440     memset( &ctx, 0, sizeof( sha1_context ) );
00441 }
00442 
00443 #if defined(POLARSSL_SELF_TEST)
00444 /*
00445  * FIPS-180-1 test vectors
00446  */
00447 static unsigned char sha1_test_buf[3][57] = 
00448 {
00449     { "abc" },
00450     { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
00451     { "" }
00452 };
00453 
00454 static const int sha1_test_buflen[3] =
00455 {
00456     3, 56, 1000
00457 };
00458 
00459 static const unsigned char sha1_test_sum[3][20] =
00460 {
00461     { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
00462       0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
00463     { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
00464       0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
00465     { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
00466       0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
00467 };
00468 
00469 /*
00470  * RFC 2202 test vectors
00471  */
00472 static unsigned char sha1_hmac_test_key[7][26] =
00473 {
00474     { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
00475       "\x0B\x0B\x0B\x0B" },
00476     { "Jefe" },
00477     { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
00478       "\xAA\xAA\xAA\xAA" },
00479     { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
00480       "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
00481     { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
00482       "\x0C\x0C\x0C\x0C" },
00483     { "" }, /* 0xAA 80 times */
00484     { "" }
00485 };
00486 
00487 static const int sha1_hmac_test_keylen[7] =
00488 {
00489     20, 4, 20, 25, 20, 80, 80
00490 };
00491 
00492 static unsigned char sha1_hmac_test_buf[7][74] =
00493 {
00494     { "Hi There" },
00495     { "what do ya want for nothing?" },
00496     { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00497       "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00498       "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00499       "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00500       "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
00501     { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00502       "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00503       "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00504       "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00505       "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
00506     { "Test With Truncation" },
00507     { "Test Using Larger Than Block-Size Key - Hash Key First" },
00508     { "Test Using Larger Than Block-Size Key and Larger"
00509       " Than One Block-Size Data" }
00510 };
00511 
00512 static const int sha1_hmac_test_buflen[7] =
00513 {
00514     8, 28, 50, 50, 20, 54, 73
00515 };
00516 
00517 static const unsigned char sha1_hmac_test_sum[7][20] =
00518 {
00519     { 0xB6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xE2, 0x8B,
00520       0xC0, 0xB6, 0xFB, 0x37, 0x8C, 0x8E, 0xF1, 0x46, 0xBE, 0x00 },
00521     { 0xEF, 0xFC, 0xDF, 0x6A, 0xE5, 0xEB, 0x2F, 0xA2, 0xD2, 0x74,
00522       0x16, 0xD5, 0xF1, 0x84, 0xDF, 0x9C, 0x25, 0x9A, 0x7C, 0x79 },
00523     { 0x12, 0x5D, 0x73, 0x42, 0xB9, 0xAC, 0x11, 0xCD, 0x91, 0xA3,
00524       0x9A, 0xF4, 0x8A, 0xA1, 0x7B, 0x4F, 0x63, 0xF1, 0x75, 0xD3 },
00525     { 0x4C, 0x90, 0x07, 0xF4, 0x02, 0x62, 0x50, 0xC6, 0xBC, 0x84,
00526       0x14, 0xF9, 0xBF, 0x50, 0xC8, 0x6C, 0x2D, 0x72, 0x35, 0xDA },
00527     { 0x4C, 0x1A, 0x03, 0x42, 0x4B, 0x55, 0xE0, 0x7F, 0xE7, 0xF2,
00528       0x7B, 0xE1 },
00529     { 0xAA, 0x4A, 0xE5, 0xE1, 0x52, 0x72, 0xD0, 0x0E, 0x95, 0x70,
00530       0x56, 0x37, 0xCE, 0x8A, 0x3B, 0x55, 0xED, 0x40, 0x21, 0x12 },
00531     { 0xE8, 0xE9, 0x9D, 0x0F, 0x45, 0x23, 0x7D, 0x78, 0x6D, 0x6B,
00532       0xBA, 0xA7, 0x96, 0x5C, 0x78, 0x08, 0xBB, 0xFF, 0x1A, 0x91 }
00533 };
00534 
00535 /*
00536  * Checkup routine
00537  */
00538 int sha1_self_test( int verbose )
00539 {
00540     int i, j, buflen;
00541     unsigned char buf[1024];
00542     unsigned char sha1sum[20];
00543     sha1_context ctx;
00544 
00545     /*
00546      * SHA-1
00547      */
00548     for( i = 0; i < 3; i++ )
00549     {
00550         if( verbose != 0 )
00551             printf( "  SHA-1 test #%d: ", i + 1 );
00552 
00553         sha1_starts( &ctx );
00554 
00555         if( i == 2 )
00556         {
00557             memset( buf, 'a', buflen = 1000 );
00558 
00559             for( j = 0; j < 1000; j++ )
00560                 sha1_update( &ctx, buf, buflen );
00561         }
00562         else
00563             sha1_update( &ctx, sha1_test_buf[i],
00564                                sha1_test_buflen[i] );
00565 
00566         sha1_finish( &ctx, sha1sum );
00567 
00568         if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
00569         {
00570             if( verbose != 0 )
00571                 printf( "failed\n" );
00572 
00573             return( 1 );
00574         }
00575 
00576         if( verbose != 0 )
00577             printf( "passed\n" );
00578     }
00579 
00580     if( verbose != 0 )
00581         printf( "\n" );
00582 
00583     for( i = 0; i < 7; i++ )
00584     {
00585         if( verbose != 0 )
00586             printf( "  HMAC-SHA-1 test #%d: ", i + 1 );
00587 
00588         if( i == 5 || i == 6 )
00589         {
00590             memset( buf, '\xAA', buflen = 80 );
00591             sha1_hmac_starts( &ctx, buf, buflen );
00592         }
00593         else
00594             sha1_hmac_starts( &ctx, sha1_hmac_test_key[i],
00595                                     sha1_hmac_test_keylen[i] );
00596 
00597         sha1_hmac_update( &ctx, sha1_hmac_test_buf[i],
00598                                 sha1_hmac_test_buflen[i] );
00599 
00600         sha1_hmac_finish( &ctx, sha1sum );
00601 
00602         buflen = ( i == 4 ) ? 12 : 20;
00603 
00604         if( memcmp( sha1sum, sha1_hmac_test_sum[i], buflen ) != 0 )
00605         {
00606             if( verbose != 0 )
00607                 printf( "failed\n" );
00608 
00609             return( 1 );
00610         }
00611 
00612         if( verbose != 0 )
00613             printf( "passed\n" );
00614     }
00615 
00616     if( verbose != 0 )
00617         printf( "\n" );
00618 
00619     return( 0 );
00620 }
00621 
00622 #endif
00623 
00624 #endif