TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / 12895d15f8a8d20f3c04ca97fbdba96af9b94dfa / . / library / sha512.c
blob: c13e0d9967b7c076a32c83c4dbee7539013891ab [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-2 compliant SHA-384/512 implementation
3 *
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]4 * Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The SHA-512 Secure Hash Standard was published by NIST in 2002.
27 *
28 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
29 */
30
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]31#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]32#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]33#else
34#include POLARSSL_CONFIG_FILE
35#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]36
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]37#if defined(POLARSSL_SHA512_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]38
Paul Bakkerd2681d82013-06-30 14:49:12 +0200[diff] [blame]39#include "polarssl/sha512.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]40
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]41#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]42#include <stdio.h>
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]43#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]44
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]45#if defined(POLARSSL_PLATFORM_C)
46#include "polarssl/platform.h"
47#else
48#define polarssl_printf printf
49#endif
50
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]51#if !defined(POLARSSL_SHA512_ALT)
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]52
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]53/*
54 * 64-bit integer manipulation macros (big endian)
55 */
56#ifndef GET_UINT64_BE
57#define GET_UINT64_BE(n,b,i) \
58{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]59 (n) = ( (uint64_t) (b)[(i) ] << 56 ) \
60 | ( (uint64_t) (b)[(i) + 1] << 48 ) \
61 | ( (uint64_t) (b)[(i) + 2] << 40 ) \
62 | ( (uint64_t) (b)[(i) + 3] << 32 ) \
63 | ( (uint64_t) (b)[(i) + 4] << 24 ) \
64 | ( (uint64_t) (b)[(i) + 5] << 16 ) \
65 | ( (uint64_t) (b)[(i) + 6] << 8 ) \
66 | ( (uint64_t) (b)[(i) + 7] ); \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]67}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]68#endif /* GET_UINT64_BE */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]69
70#ifndef PUT_UINT64_BE
71#define PUT_UINT64_BE(n,b,i) \
72{ \
73 (b)[(i) ] = (unsigned char) ( (n) >> 56 ); \
74 (b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \
75 (b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \
76 (b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \
77 (b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \
78 (b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \
79 (b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \
80 (b)[(i) + 7] = (unsigned char) ( (n) ); \
81}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]82#endif /* PUT_UINT64_BE */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]83
84/*
85 * Round constants
86 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]87static const uint64_t K[80] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]88{
89 UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
90 UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
91 UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
92 UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
93 UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
94 UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
95 UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
96 UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
97 UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
98 UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
99 UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
100 UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
101 UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
102 UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
103 UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
104 UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
105 UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
106 UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
107 UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
108 UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
109 UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
110 UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
111 UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
112 UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
113 UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
114 UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
115 UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
116 UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
117 UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
118 UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
119 UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
120 UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
121 UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
122 UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
123 UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
124 UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
125 UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
126 UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
127 UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
128 UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
129};
130
131/*
132 * SHA-512 context setup
133 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]134void sha512_starts( sha512_context *ctx, int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]135{
136 ctx->total[0] = 0;
137 ctx->total[1] = 0;
138
139 if( is384 == 0 )
140 {
141 /* SHA-512 */
142 ctx->state[0] = UL64(0x6A09E667F3BCC908);
143 ctx->state[1] = UL64(0xBB67AE8584CAA73B);
144 ctx->state[2] = UL64(0x3C6EF372FE94F82B);
145 ctx->state[3] = UL64(0xA54FF53A5F1D36F1);
146 ctx->state[4] = UL64(0x510E527FADE682D1);
147 ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
148 ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
149 ctx->state[7] = UL64(0x5BE0CD19137E2179);
150 }
151 else
152 {
153 /* SHA-384 */
154 ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
155 ctx->state[1] = UL64(0x629A292A367CD507);
156 ctx->state[2] = UL64(0x9159015A3070DD17);
157 ctx->state[3] = UL64(0x152FECD8F70E5939);
158 ctx->state[4] = UL64(0x67332667FFC00B31);
159 ctx->state[5] = UL64(0x8EB44A8768581511);
160 ctx->state[6] = UL64(0xDB0C2E0D64F98FA7);
161 ctx->state[7] = UL64(0x47B5481DBEFA4FA4);
162 }
163
164 ctx->is384 = is384;
165}
166
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]167void sha512_process( sha512_context *ctx, const unsigned char data[128] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]168{
169 int i;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]170 uint64_t temp1, temp2, W[80];
171 uint64_t A, B, C, D, E, F, G, H;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]172
173#define SHR(x,n) (x >> n)
174#define ROTR(x,n) (SHR(x,n) | (x << (64 - n)))
175
176#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7))
177#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6))
178
179#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
180#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
181
182#define F0(x,y,z) ((x & y) | (z & (x | y)))
183#define F1(x,y,z) (z ^ (x & (y ^ z)))
184
185#define P(a,b,c,d,e,f,g,h,x,K) \
186{ \
187 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
188 temp2 = S2(a) + F0(a,b,c); \
189 d += temp1; h = temp1 + temp2; \
190}
191
192 for( i = 0; i < 16; i++ )
193 {
194 GET_UINT64_BE( W[i], data, i << 3 );
195 }
196
197 for( ; i < 80; i++ )
198 {
199 W[i] = S1(W[i - 2]) + W[i - 7] +
200 S0(W[i - 15]) + W[i - 16];
201 }
202
203 A = ctx->state[0];
204 B = ctx->state[1];
205 C = ctx->state[2];
206 D = ctx->state[3];
207 E = ctx->state[4];
208 F = ctx->state[5];
209 G = ctx->state[6];
210 H = ctx->state[7];
211 i = 0;
212
213 do
214 {
215 P( A, B, C, D, E, F, G, H, W[i], K[i] ); i++;
216 P( H, A, B, C, D, E, F, G, W[i], K[i] ); i++;
217 P( G, H, A, B, C, D, E, F, W[i], K[i] ); i++;
218 P( F, G, H, A, B, C, D, E, W[i], K[i] ); i++;
219 P( E, F, G, H, A, B, C, D, W[i], K[i] ); i++;
220 P( D, E, F, G, H, A, B, C, W[i], K[i] ); i++;
221 P( C, D, E, F, G, H, A, B, W[i], K[i] ); i++;
222 P( B, C, D, E, F, G, H, A, W[i], K[i] ); i++;
223 }
224 while( i < 80 );
225
226 ctx->state[0] += A;
227 ctx->state[1] += B;
228 ctx->state[2] += C;
229 ctx->state[3] += D;
230 ctx->state[4] += E;
231 ctx->state[5] += F;
232 ctx->state[6] += G;
233 ctx->state[7] += H;
234}
235
236/*
237 * SHA-512 process buffer
238 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]239void sha512_update( sha512_context *ctx, const unsigned char *input,
240 size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]241{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]242 size_t fill;
Paul Bakkerb8213a12011-07-11 08:16:18 +0000[diff] [blame]243 unsigned int left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]244
Brian White12895d12014-04-11 11:29:42 -0400[diff] [blame^]245 if( ilen == 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]246 return;
247
Paul Bakkerb8213a12011-07-11 08:16:18 +0000[diff] [blame]248 left = (unsigned int) (ctx->total[0] & 0x7F);
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]249 fill = 128 - left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]250
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]251 ctx->total[0] += (uint64_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]252
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]253 if( ctx->total[0] < (uint64_t) ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]254 ctx->total[1]++;
255
256 if( left && ilen >= fill )
257 {
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]258 memcpy( (void *) (ctx->buffer + left), input, fill );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]259 sha512_process( ctx, ctx->buffer );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]260 input += fill;
261 ilen -= fill;
262 left = 0;
263 }
264
265 while( ilen >= 128 )
266 {
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]267 sha512_process( ctx, input );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]268 input += 128;
269 ilen -= 128;
270 }
271
272 if( ilen > 0 )
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]273 memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]274}
275
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]276static const unsigned char sha512_padding[128] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]277{
278 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
279 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
280 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
281 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
282 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
283 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
284 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
285 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
286};
287
288/*
289 * SHA-512 final digest
290 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]291void sha512_finish( sha512_context *ctx, unsigned char output[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]292{
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]293 size_t last, padn;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]294 uint64_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]295 unsigned char msglen[16];
296
297 high = ( ctx->total[0] >> 61 )
298 | ( ctx->total[1] << 3 );
299 low = ( ctx->total[0] << 3 );
300
301 PUT_UINT64_BE( high, msglen, 0 );
302 PUT_UINT64_BE( low, msglen, 8 );
303
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]304 last = (size_t)( ctx->total[0] & 0x7F );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]305 padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
306
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]307 sha512_update( ctx, sha512_padding, padn );
308 sha512_update( ctx, msglen, 16 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]309
310 PUT_UINT64_BE( ctx->state[0], output, 0 );
311 PUT_UINT64_BE( ctx->state[1], output, 8 );
312 PUT_UINT64_BE( ctx->state[2], output, 16 );
313 PUT_UINT64_BE( ctx->state[3], output, 24 );
314 PUT_UINT64_BE( ctx->state[4], output, 32 );
315 PUT_UINT64_BE( ctx->state[5], output, 40 );
316
317 if( ctx->is384 == 0 )
318 {
319 PUT_UINT64_BE( ctx->state[6], output, 48 );
320 PUT_UINT64_BE( ctx->state[7], output, 56 );
321 }
322}
323
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]324#endif /* !POLARSSL_SHA512_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]325
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]326/*
327 * output = SHA-512( input buffer )
328 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]329void sha512( const unsigned char *input, size_t ilen,
330 unsigned char output[64], int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]331{
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]332 sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]333
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]334 sha512_starts( &ctx, is384 );
335 sha512_update( &ctx, input, ilen );
336 sha512_finish( &ctx, output );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]337
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]338 memset( &ctx, 0, sizeof( sha512_context ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]339}
340
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]341#if defined(POLARSSL_FS_IO)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]342/*
343 * output = SHA-512( file contents )
344 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]345int sha512_file( const char *path, unsigned char output[64], int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]346{
347 FILE *f;
348 size_t n;
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]349 sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]350 unsigned char buf[1024];
351
352 if( ( f = fopen( path, "rb" ) ) == NULL )
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]353 return( POLARSSL_ERR_SHA512_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]354
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]355 sha512_starts( &ctx, is384 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]356
357 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]358 sha512_update( &ctx, buf, n );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]359
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]360 sha512_finish( &ctx, output );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]361
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]362 memset( &ctx, 0, sizeof( sha512_context ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]363
364 if( ferror( f ) != 0 )
365 {
366 fclose( f );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]367 return( POLARSSL_ERR_SHA512_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]368 }
369
370 fclose( f );
371 return( 0 );
372}
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]373#endif /* POLARSSL_FS_IO */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]374
375/*
376 * SHA-512 HMAC context setup
377 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]378void sha512_hmac_starts( sha512_context *ctx, const unsigned char *key,
379 size_t keylen, int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]380{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]381 size_t i;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]382 unsigned char sum[64];
383
384 if( keylen > 128 )
385 {
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]386 sha512( key, keylen, sum, is384 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]387 keylen = ( is384 ) ? 48 : 64;
388 key = sum;
389 }
390
391 memset( ctx->ipad, 0x36, 128 );
392 memset( ctx->opad, 0x5C, 128 );
393
394 for( i = 0; i < keylen; i++ )
395 {
396 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
397 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
398 }
399
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]400 sha512_starts( ctx, is384 );
401 sha512_update( ctx, ctx->ipad, 128 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]402
403 memset( sum, 0, sizeof( sum ) );
404}
405
406/*
407 * SHA-512 HMAC process buffer
408 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]409void sha512_hmac_update( sha512_context *ctx,
410 const unsigned char *input, size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]411{
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]412 sha512_update( ctx, input, ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]413}
414
415/*
416 * SHA-512 HMAC final digest
417 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]418void sha512_hmac_finish( sha512_context *ctx, unsigned char output[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]419{
420 int is384, hlen;
421 unsigned char tmpbuf[64];
422
423 is384 = ctx->is384;
424 hlen = ( is384 == 0 ) ? 64 : 48;
425
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]426 sha512_finish( ctx, tmpbuf );
427 sha512_starts( ctx, is384 );
428 sha512_update( ctx, ctx->opad, 128 );
429 sha512_update( ctx, tmpbuf, hlen );
430 sha512_finish( ctx, output );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]431
432 memset( tmpbuf, 0, sizeof( tmpbuf ) );
433}
434
435/*
Paul Bakker7d3b6612010-03-21 16:23:13 +0000[diff] [blame]436 * SHA-512 HMAC context reset
437 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]438void sha512_hmac_reset( sha512_context *ctx )
Paul Bakker7d3b6612010-03-21 16:23:13 +0000[diff] [blame]439{
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]440 sha512_starts( ctx, ctx->is384 );
441 sha512_update( ctx, ctx->ipad, 128 );
Paul Bakker7d3b6612010-03-21 16:23:13 +0000[diff] [blame]442}
443
444/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]445 * output = HMAC-SHA-512( hmac key, input buffer )
446 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]447void sha512_hmac( const unsigned char *key, size_t keylen,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]448 const unsigned char *input, size_t ilen,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]449 unsigned char output[64], int is384 )
450{
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]451 sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]452
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]453 sha512_hmac_starts( &ctx, key, keylen, is384 );
454 sha512_hmac_update( &ctx, input, ilen );
455 sha512_hmac_finish( &ctx, output );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]456
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]457 memset( &ctx, 0, sizeof( sha512_context ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]458}
459
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]460#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]461
462/*
463 * FIPS-180-2 test vectors
464 */
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]465static unsigned char sha512_test_buf[3][113] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]466{
467 { "abc" },
468 { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
469 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" },
470 { "" }
471};
472
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]473static const int sha512_test_buflen[3] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]474{
475 3, 112, 1000
476};
477
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]478static const unsigned char sha512_test_sum[6][64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]479{
480 /*
481 * SHA-384 test vectors
482 */
483 { 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
484 0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
485 0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
486 0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED,
487 0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23,
488 0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7 },
489 { 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8,
490 0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47,
491 0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2,
492 0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12,
493 0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9,
494 0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39 },
495 { 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB,
496 0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C,
497 0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52,
498 0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B,
499 0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB,
500 0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 },
501
502 /*
503 * SHA-512 test vectors
504 */
505 { 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA,
506 0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31,
507 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
508 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A,
509 0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8,
510 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
511 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E,
512 0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F },
513 { 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA,
514 0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F,
515 0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1,
516 0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18,
517 0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4,
518 0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A,
519 0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54,
520 0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09 },
521 { 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64,
522 0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63,
523 0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28,
524 0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB,
525 0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A,
526 0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B,
527 0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E,
528 0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B }
529};
530
531/*
532 * RFC 4231 test vectors
533 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]534static unsigned char sha512_hmac_test_key[7][26] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]535{
536 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
537 "\x0B\x0B\x0B\x0B" },
538 { "Jefe" },
539 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
540 "\xAA\xAA\xAA\xAA" },
541 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
542 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
543 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
544 "\x0C\x0C\x0C\x0C" },
545 { "" }, /* 0xAA 131 times */
546 { "" }
547};
548
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]549static const int sha512_hmac_test_keylen[7] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]550{
551 20, 4, 20, 25, 20, 131, 131
552};
553
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]554static unsigned char sha512_hmac_test_buf[7][153] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]555{
556 { "Hi There" },
557 { "what do ya want for nothing?" },
558 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
559 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
560 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
561 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
562 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
563 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
564 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
565 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
566 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
567 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
568 { "Test With Truncation" },
569 { "Test Using Larger Than Block-Size Key - Hash Key First" },
570 { "This is a test using a larger than block-size key "
571 "and a larger than block-size data. The key needs to "
572 "be hashed before being used by the HMAC algorithm." }
573};
574
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]575static const int sha512_hmac_test_buflen[7] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]576{
577 8, 28, 50, 50, 20, 54, 152
578};
579
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]580static const unsigned char sha512_hmac_test_sum[14][64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]581{
582 /*
583 * HMAC-SHA-384 test vectors
584 */
585 { 0xAF, 0xD0, 0x39, 0x44, 0xD8, 0x48, 0x95, 0x62,
586 0x6B, 0x08, 0x25, 0xF4, 0xAB, 0x46, 0x90, 0x7F,
587 0x15, 0xF9, 0xDA, 0xDB, 0xE4, 0x10, 0x1E, 0xC6,
588 0x82, 0xAA, 0x03, 0x4C, 0x7C, 0xEB, 0xC5, 0x9C,
589 0xFA, 0xEA, 0x9E, 0xA9, 0x07, 0x6E, 0xDE, 0x7F,
590 0x4A, 0xF1, 0x52, 0xE8, 0xB2, 0xFA, 0x9C, 0xB6 },
591 { 0xAF, 0x45, 0xD2, 0xE3, 0x76, 0x48, 0x40, 0x31,
592 0x61, 0x7F, 0x78, 0xD2, 0xB5, 0x8A, 0x6B, 0x1B,
593 0x9C, 0x7E, 0xF4, 0x64, 0xF5, 0xA0, 0x1B, 0x47,
594 0xE4, 0x2E, 0xC3, 0x73, 0x63, 0x22, 0x44, 0x5E,
595 0x8E, 0x22, 0x40, 0xCA, 0x5E, 0x69, 0xE2, 0xC7,
596 0x8B, 0x32, 0x39, 0xEC, 0xFA, 0xB2, 0x16, 0x49 },
597 { 0x88, 0x06, 0x26, 0x08, 0xD3, 0xE6, 0xAD, 0x8A,
598 0x0A, 0xA2, 0xAC, 0xE0, 0x14, 0xC8, 0xA8, 0x6F,
599 0x0A, 0xA6, 0x35, 0xD9, 0x47, 0xAC, 0x9F, 0xEB,
600 0xE8, 0x3E, 0xF4, 0xE5, 0x59, 0x66, 0x14, 0x4B,
601 0x2A, 0x5A, 0xB3, 0x9D, 0xC1, 0x38, 0x14, 0xB9,
602 0x4E, 0x3A, 0xB6, 0xE1, 0x01, 0xA3, 0x4F, 0x27 },
603 { 0x3E, 0x8A, 0x69, 0xB7, 0x78, 0x3C, 0x25, 0x85,
604 0x19, 0x33, 0xAB, 0x62, 0x90, 0xAF, 0x6C, 0xA7,
605 0x7A, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9C,
606 0xC5, 0x57, 0x7C, 0x6E, 0x1F, 0x57, 0x3B, 0x4E,
607 0x68, 0x01, 0xDD, 0x23, 0xC4, 0xA7, 0xD6, 0x79,
608 0xCC, 0xF8, 0xA3, 0x86, 0xC6, 0x74, 0xCF, 0xFB },
609 { 0x3A, 0xBF, 0x34, 0xC3, 0x50, 0x3B, 0x2A, 0x23,
610 0xA4, 0x6E, 0xFC, 0x61, 0x9B, 0xAE, 0xF8, 0x97 },
611 { 0x4E, 0xCE, 0x08, 0x44, 0x85, 0x81, 0x3E, 0x90,
612 0x88, 0xD2, 0xC6, 0x3A, 0x04, 0x1B, 0xC5, 0xB4,
613 0x4F, 0x9E, 0xF1, 0x01, 0x2A, 0x2B, 0x58, 0x8F,
614 0x3C, 0xD1, 0x1F, 0x05, 0x03, 0x3A, 0xC4, 0xC6,
615 0x0C, 0x2E, 0xF6, 0xAB, 0x40, 0x30, 0xFE, 0x82,
616 0x96, 0x24, 0x8D, 0xF1, 0x63, 0xF4, 0x49, 0x52 },
617 { 0x66, 0x17, 0x17, 0x8E, 0x94, 0x1F, 0x02, 0x0D,
618 0x35, 0x1E, 0x2F, 0x25, 0x4E, 0x8F, 0xD3, 0x2C,
619 0x60, 0x24, 0x20, 0xFE, 0xB0, 0xB8, 0xFB, 0x9A,
620 0xDC, 0xCE, 0xBB, 0x82, 0x46, 0x1E, 0x99, 0xC5,
621 0xA6, 0x78, 0xCC, 0x31, 0xE7, 0x99, 0x17, 0x6D,
622 0x38, 0x60, 0xE6, 0x11, 0x0C, 0x46, 0x52, 0x3E },
623
624 /*
625 * HMAC-SHA-512 test vectors
626 */
627 { 0x87, 0xAA, 0x7C, 0xDE, 0xA5, 0xEF, 0x61, 0x9D,
628 0x4F, 0xF0, 0xB4, 0x24, 0x1A, 0x1D, 0x6C, 0xB0,
629 0x23, 0x79, 0xF4, 0xE2, 0xCE, 0x4E, 0xC2, 0x78,
630 0x7A, 0xD0, 0xB3, 0x05, 0x45, 0xE1, 0x7C, 0xDE,
631 0xDA, 0xA8, 0x33, 0xB7, 0xD6, 0xB8, 0xA7, 0x02,
632 0x03, 0x8B, 0x27, 0x4E, 0xAE, 0xA3, 0xF4, 0xE4,
633 0xBE, 0x9D, 0x91, 0x4E, 0xEB, 0x61, 0xF1, 0x70,
634 0x2E, 0x69, 0x6C, 0x20, 0x3A, 0x12, 0x68, 0x54 },
635 { 0x16, 0x4B, 0x7A, 0x7B, 0xFC, 0xF8, 0x19, 0xE2,
636 0xE3, 0x95, 0xFB, 0xE7, 0x3B, 0x56, 0xE0, 0xA3,
637 0x87, 0xBD, 0x64, 0x22, 0x2E, 0x83, 0x1F, 0xD6,
638 0x10, 0x27, 0x0C, 0xD7, 0xEA, 0x25, 0x05, 0x54,
639 0x97, 0x58, 0xBF, 0x75, 0xC0, 0x5A, 0x99, 0x4A,
640 0x6D, 0x03, 0x4F, 0x65, 0xF8, 0xF0, 0xE6, 0xFD,
641 0xCA, 0xEA, 0xB1, 0xA3, 0x4D, 0x4A, 0x6B, 0x4B,
642 0x63, 0x6E, 0x07, 0x0A, 0x38, 0xBC, 0xE7, 0x37 },
643 { 0xFA, 0x73, 0xB0, 0x08, 0x9D, 0x56, 0xA2, 0x84,
644 0xEF, 0xB0, 0xF0, 0x75, 0x6C, 0x89, 0x0B, 0xE9,
645 0xB1, 0xB5, 0xDB, 0xDD, 0x8E, 0xE8, 0x1A, 0x36,
646 0x55, 0xF8, 0x3E, 0x33, 0xB2, 0x27, 0x9D, 0x39,
647 0xBF, 0x3E, 0x84, 0x82, 0x79, 0xA7, 0x22, 0xC8,
648 0x06, 0xB4, 0x85, 0xA4, 0x7E, 0x67, 0xC8, 0x07,
649 0xB9, 0x46, 0xA3, 0x37, 0xBE, 0xE8, 0x94, 0x26,
650 0x74, 0x27, 0x88, 0x59, 0xE1, 0x32, 0x92, 0xFB },
651 { 0xB0, 0xBA, 0x46, 0x56, 0x37, 0x45, 0x8C, 0x69,
652 0x90, 0xE5, 0xA8, 0xC5, 0xF6, 0x1D, 0x4A, 0xF7,
653 0xE5, 0x76, 0xD9, 0x7F, 0xF9, 0x4B, 0x87, 0x2D,
654 0xE7, 0x6F, 0x80, 0x50, 0x36, 0x1E, 0xE3, 0xDB,
655 0xA9, 0x1C, 0xA5, 0xC1, 0x1A, 0xA2, 0x5E, 0xB4,
656 0xD6, 0x79, 0x27, 0x5C, 0xC5, 0x78, 0x80, 0x63,
657 0xA5, 0xF1, 0x97, 0x41, 0x12, 0x0C, 0x4F, 0x2D,
658 0xE2, 0xAD, 0xEB, 0xEB, 0x10, 0xA2, 0x98, 0xDD },
659 { 0x41, 0x5F, 0xAD, 0x62, 0x71, 0x58, 0x0A, 0x53,
660 0x1D, 0x41, 0x79, 0xBC, 0x89, 0x1D, 0x87, 0xA6 },
661 { 0x80, 0xB2, 0x42, 0x63, 0xC7, 0xC1, 0xA3, 0xEB,
662 0xB7, 0x14, 0x93, 0xC1, 0xDD, 0x7B, 0xE8, 0xB4,
663 0x9B, 0x46, 0xD1, 0xF4, 0x1B, 0x4A, 0xEE, 0xC1,
664 0x12, 0x1B, 0x01, 0x37, 0x83, 0xF8, 0xF3, 0x52,
665 0x6B, 0x56, 0xD0, 0x37, 0xE0, 0x5F, 0x25, 0x98,
666 0xBD, 0x0F, 0xD2, 0x21, 0x5D, 0x6A, 0x1E, 0x52,
667 0x95, 0xE6, 0x4F, 0x73, 0xF6, 0x3F, 0x0A, 0xEC,
668 0x8B, 0x91, 0x5A, 0x98, 0x5D, 0x78, 0x65, 0x98 },
669 { 0xE3, 0x7B, 0x6A, 0x77, 0x5D, 0xC8, 0x7D, 0xBA,
670 0xA4, 0xDF, 0xA9, 0xF9, 0x6E, 0x5E, 0x3F, 0xFD,
671 0xDE, 0xBD, 0x71, 0xF8, 0x86, 0x72, 0x89, 0x86,
672 0x5D, 0xF5, 0xA3, 0x2D, 0x20, 0xCD, 0xC9, 0x44,
673 0xB6, 0x02, 0x2C, 0xAC, 0x3C, 0x49, 0x82, 0xB1,
674 0x0D, 0x5E, 0xEB, 0x55, 0xC3, 0xE4, 0xDE, 0x15,
675 0x13, 0x46, 0x76, 0xFB, 0x6D, 0xE0, 0x44, 0x60,
676 0x65, 0xC9, 0x74, 0x40, 0xFA, 0x8C, 0x6A, 0x58 }
677};
678
679/*
680 * Checkup routine
681 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]682int sha512_self_test( int verbose )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]683{
684 int i, j, k, buflen;
685 unsigned char buf[1024];
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]686 unsigned char sha512sum[64];
687 sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]688
689 for( i = 0; i < 6; i++ )
690 {
691 j = i % 3;
692 k = i < 3;
693
694 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]695 polarssl_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]696
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]697 sha512_starts( &ctx, k );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]698
699 if( j == 2 )
700 {
701 memset( buf, 'a', buflen = 1000 );
702
703 for( j = 0; j < 1000; j++ )
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]704 sha512_update( &ctx, buf, buflen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]705 }
706 else
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]707 sha512_update( &ctx, sha512_test_buf[j],
708 sha512_test_buflen[j] );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]709
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]710 sha512_finish( &ctx, sha512sum );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]711
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]712 if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]713 {
714 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]715 polarssl_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]716
717 return( 1 );
718 }
719
720 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]721 polarssl_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]722 }
723
724 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]725 polarssl_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]726
727 for( i = 0; i < 14; i++ )
728 {
729 j = i % 7;
730 k = i < 7;
731
732 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]733 polarssl_printf( " HMAC-SHA-%d test #%d: ", 512 - k * 128, j + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]734
735 if( j == 5 || j == 6 )
736 {
737 memset( buf, '\xAA', buflen = 131 );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]738 sha512_hmac_starts( &ctx, buf, buflen, k );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]739 }
740 else
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]741 sha512_hmac_starts( &ctx, sha512_hmac_test_key[j],
742 sha512_hmac_test_keylen[j], k );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]743
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]744 sha512_hmac_update( &ctx, sha512_hmac_test_buf[j],
745 sha512_hmac_test_buflen[j] );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]746
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]747 sha512_hmac_finish( &ctx, sha512sum );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]748
749 buflen = ( j == 4 ) ? 16 : 64 - k * 16;
750
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]751 if( memcmp( sha512sum, sha512_hmac_test_sum[i], buflen ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]752 {
753 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]754 polarssl_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]755
756 return( 1 );
757 }
758
759 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]760 polarssl_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]761 }
762
763 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]764 polarssl_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]765
766 return( 0 );
767}
768
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]769#endif /* POLARSSL_SELF_TEST */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]770
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]771#endif /* POLARSSL_SHA512_C */