TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / 7d3b661bfebcf0c5e636f73fc5f4dab5e08f5f19 / . / library / sha2.c
blob: 8f920ce44d6e22486be811fd8734a92ddecc6026 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-2 compliant SHA-256 implementation
3 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]4 * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
5 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]6 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]7 * Joined copyright on original XySSL code with: Christophe Devine
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 */
23/*
24 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
25 *
26 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
27 */
28
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]29#include "polarssl/config.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]30
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]31#if defined(POLARSSL_SHA2_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]32
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]33#include "polarssl/sha2.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]34
35#include <string.h>
36#include <stdio.h>
37
38/*
39 * 32-bit integer manipulation macros (big endian)
40 */
41#ifndef GET_ULONG_BE
42#define GET_ULONG_BE(n,b,i) \
43{ \
44 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
45 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
46 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
47 | ( (unsigned long) (b)[(i) + 3] ); \
48}
49#endif
50
51#ifndef PUT_ULONG_BE
52#define PUT_ULONG_BE(n,b,i) \
53{ \
54 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
55 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
56 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
57 (b)[(i) + 3] = (unsigned char) ( (n) ); \
58}
59#endif
60
61/*
62 * SHA-256 context setup
63 */
64void sha2_starts( sha2_context *ctx, int is224 )
65{
66 ctx->total[0] = 0;
67 ctx->total[1] = 0;
68
69 if( is224 == 0 )
70 {
71 /* SHA-256 */
72 ctx->state[0] = 0x6A09E667;
73 ctx->state[1] = 0xBB67AE85;
74 ctx->state[2] = 0x3C6EF372;
75 ctx->state[3] = 0xA54FF53A;
76 ctx->state[4] = 0x510E527F;
77 ctx->state[5] = 0x9B05688C;
78 ctx->state[6] = 0x1F83D9AB;
79 ctx->state[7] = 0x5BE0CD19;
80 }
81 else
82 {
83 /* SHA-224 */
84 ctx->state[0] = 0xC1059ED8;
85 ctx->state[1] = 0x367CD507;
86 ctx->state[2] = 0x3070DD17;
87 ctx->state[3] = 0xF70E5939;
88 ctx->state[4] = 0xFFC00B31;
89 ctx->state[5] = 0x68581511;
90 ctx->state[6] = 0x64F98FA7;
91 ctx->state[7] = 0xBEFA4FA4;
92 }
93
94 ctx->is224 = is224;
95}
96
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]97static void sha2_process( sha2_context *ctx, const unsigned char data[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]98{
99 unsigned long temp1, temp2, W[64];
100 unsigned long A, B, C, D, E, F, G, H;
101
102 GET_ULONG_BE( W[ 0], data, 0 );
103 GET_ULONG_BE( W[ 1], data, 4 );
104 GET_ULONG_BE( W[ 2], data, 8 );
105 GET_ULONG_BE( W[ 3], data, 12 );
106 GET_ULONG_BE( W[ 4], data, 16 );
107 GET_ULONG_BE( W[ 5], data, 20 );
108 GET_ULONG_BE( W[ 6], data, 24 );
109 GET_ULONG_BE( W[ 7], data, 28 );
110 GET_ULONG_BE( W[ 8], data, 32 );
111 GET_ULONG_BE( W[ 9], data, 36 );
112 GET_ULONG_BE( W[10], data, 40 );
113 GET_ULONG_BE( W[11], data, 44 );
114 GET_ULONG_BE( W[12], data, 48 );
115 GET_ULONG_BE( W[13], data, 52 );
116 GET_ULONG_BE( W[14], data, 56 );
117 GET_ULONG_BE( W[15], data, 60 );
118
119#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
120#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
121
122#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
123#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
124
125#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
126#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
127
128#define F0(x,y,z) ((x & y) | (z & (x | y)))
129#define F1(x,y,z) (z ^ (x & (y ^ z)))
130
131#define R(t) \
132( \
133 W[t] = S1(W[t - 2]) + W[t - 7] + \
134 S0(W[t - 15]) + W[t - 16] \
135)
136
137#define P(a,b,c,d,e,f,g,h,x,K) \
138{ \
139 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
140 temp2 = S2(a) + F0(a,b,c); \
141 d += temp1; h = temp1 + temp2; \
142}
143
144 A = ctx->state[0];
145 B = ctx->state[1];
146 C = ctx->state[2];
147 D = ctx->state[3];
148 E = ctx->state[4];
149 F = ctx->state[5];
150 G = ctx->state[6];
151 H = ctx->state[7];
152
153 P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 );
154 P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 );
155 P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF );
156 P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 );
157 P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B );
158 P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 );
159 P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 );
160 P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 );
161 P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 );
162 P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 );
163 P( G, H, A, B, C, D, E, F, W[10], 0x243185BE );
164 P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 );
165 P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 );
166 P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE );
167 P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 );
168 P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 );
169 P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 );
170 P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 );
171 P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 );
172 P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC );
173 P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F );
174 P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA );
175 P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC );
176 P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA );
177 P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 );
178 P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D );
179 P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 );
180 P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 );
181 P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 );
182 P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 );
183 P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 );
184 P( B, C, D, E, F, G, H, A, R(31), 0x14292967 );
185 P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 );
186 P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 );
187 P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC );
188 P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 );
189 P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 );
190 P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB );
191 P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E );
192 P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 );
193 P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 );
194 P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B );
195 P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 );
196 P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 );
197 P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 );
198 P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 );
199 P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 );
200 P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 );
201 P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 );
202 P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 );
203 P( G, H, A, B, C, D, E, F, R(50), 0x2748774C );
204 P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 );
205 P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 );
206 P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A );
207 P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F );
208 P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 );
209 P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE );
210 P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F );
211 P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 );
212 P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 );
213 P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA );
214 P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB );
215 P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 );
216 P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 );
217
218 ctx->state[0] += A;
219 ctx->state[1] += B;
220 ctx->state[2] += C;
221 ctx->state[3] += D;
222 ctx->state[4] += E;
223 ctx->state[5] += F;
224 ctx->state[6] += G;
225 ctx->state[7] += H;
226}
227
228/*
229 * SHA-256 process buffer
230 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]231void sha2_update( sha2_context *ctx, const unsigned char *input, int ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]232{
233 int fill;
234 unsigned long left;
235
236 if( ilen <= 0 )
237 return;
238
239 left = ctx->total[0] & 0x3F;
240 fill = 64 - left;
241
242 ctx->total[0] += ilen;
243 ctx->total[0] &= 0xFFFFFFFF;
244
245 if( ctx->total[0] < (unsigned long) ilen )
246 ctx->total[1]++;
247
248 if( left && ilen >= fill )
249 {
250 memcpy( (void *) (ctx->buffer + left),
251 (void *) input, fill );
252 sha2_process( ctx, ctx->buffer );
253 input += fill;
254 ilen -= fill;
255 left = 0;
256 }
257
258 while( ilen >= 64 )
259 {
260 sha2_process( ctx, input );
261 input += 64;
262 ilen -= 64;
263 }
264
265 if( ilen > 0 )
266 {
267 memcpy( (void *) (ctx->buffer + left),
268 (void *) input, ilen );
269 }
270}
271
272static const unsigned char sha2_padding[64] =
273{
274 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
275 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
276 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
277 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
278};
279
280/*
281 * SHA-256 final digest
282 */
283void sha2_finish( sha2_context *ctx, unsigned char output[32] )
284{
285 unsigned long last, padn;
286 unsigned long high, low;
287 unsigned char msglen[8];
288
289 high = ( ctx->total[0] >> 29 )
290 | ( ctx->total[1] << 3 );
291 low = ( ctx->total[0] << 3 );
292
293 PUT_ULONG_BE( high, msglen, 0 );
294 PUT_ULONG_BE( low, msglen, 4 );
295
296 last = ctx->total[0] & 0x3F;
297 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
298
299 sha2_update( ctx, (unsigned char *) sha2_padding, padn );
300 sha2_update( ctx, msglen, 8 );
301
302 PUT_ULONG_BE( ctx->state[0], output, 0 );
303 PUT_ULONG_BE( ctx->state[1], output, 4 );
304 PUT_ULONG_BE( ctx->state[2], output, 8 );
305 PUT_ULONG_BE( ctx->state[3], output, 12 );
306 PUT_ULONG_BE( ctx->state[4], output, 16 );
307 PUT_ULONG_BE( ctx->state[5], output, 20 );
308 PUT_ULONG_BE( ctx->state[6], output, 24 );
309
310 if( ctx->is224 == 0 )
311 PUT_ULONG_BE( ctx->state[7], output, 28 );
312}
313
314/*
315 * output = SHA-256( input buffer )
316 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]317void sha2( const unsigned char *input, int ilen,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]318 unsigned char output[32], int is224 )
319{
320 sha2_context ctx;
321
322 sha2_starts( &ctx, is224 );
323 sha2_update( &ctx, input, ilen );
324 sha2_finish( &ctx, output );
325
326 memset( &ctx, 0, sizeof( sha2_context ) );
327}
328
329/*
330 * output = SHA-256( file contents )
331 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]332int sha2_file( const char *path, unsigned char output[32], int is224 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]333{
334 FILE *f;
335 size_t n;
336 sha2_context ctx;
337 unsigned char buf[1024];
338
339 if( ( f = fopen( path, "rb" ) ) == NULL )
340 return( 1 );
341
342 sha2_starts( &ctx, is224 );
343
344 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
345 sha2_update( &ctx, buf, (int) n );
346
347 sha2_finish( &ctx, output );
348
349 memset( &ctx, 0, sizeof( sha2_context ) );
350
351 if( ferror( f ) != 0 )
352 {
353 fclose( f );
354 return( 2 );
355 }
356
357 fclose( f );
358 return( 0 );
359}
360
361/*
362 * SHA-256 HMAC context setup
363 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]364void sha2_hmac_starts( sha2_context *ctx, const unsigned char *key, int keylen,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]365 int is224 )
366{
367 int i;
368 unsigned char sum[32];
369
370 if( keylen > 64 )
371 {
372 sha2( key, keylen, sum, is224 );
373 keylen = ( is224 ) ? 28 : 32;
374 key = sum;
375 }
376
377 memset( ctx->ipad, 0x36, 64 );
378 memset( ctx->opad, 0x5C, 64 );
379
380 for( i = 0; i < keylen; i++ )
381 {
382 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
383 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
384 }
385
386 sha2_starts( ctx, is224 );
387 sha2_update( ctx, ctx->ipad, 64 );
388
389 memset( sum, 0, sizeof( sum ) );
390}
391
392/*
393 * SHA-256 HMAC process buffer
394 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]395void sha2_hmac_update( sha2_context *ctx, const unsigned char *input, int ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]396{
397 sha2_update( ctx, input, ilen );
398}
399
400/*
401 * SHA-256 HMAC final digest
402 */
403void sha2_hmac_finish( sha2_context *ctx, unsigned char output[32] )
404{
405 int is224, hlen;
406 unsigned char tmpbuf[32];
407
408 is224 = ctx->is224;
409 hlen = ( is224 == 0 ) ? 32 : 28;
410
411 sha2_finish( ctx, tmpbuf );
412 sha2_starts( ctx, is224 );
413 sha2_update( ctx, ctx->opad, 64 );
414 sha2_update( ctx, tmpbuf, hlen );
415 sha2_finish( ctx, output );
416
417 memset( tmpbuf, 0, sizeof( tmpbuf ) );
418}
419
420/*
Paul Bakker7d3b6612010-03-21 16:23:13 +0000[diff] [blame^]421 * SHA-256 HMAC context reset
422 */
423void sha2_hmac_reset( sha2_context *ctx )
424{
425 sha2_starts( ctx, ctx->is224 );
426 sha2_update( ctx, ctx->ipad, 64 );
427}
428
429/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]430 * output = HMAC-SHA-256( hmac key, input buffer )
431 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]432void sha2_hmac( const unsigned char *key, int keylen,
433 const unsigned char *input, int ilen,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]434 unsigned char output[32], int is224 )
435{
436 sha2_context ctx;
437
438 sha2_hmac_starts( &ctx, key, keylen, is224 );
439 sha2_hmac_update( &ctx, input, ilen );
440 sha2_hmac_finish( &ctx, output );
441
442 memset( &ctx, 0, sizeof( sha2_context ) );
443}
444
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]445#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]446/*
447 * FIPS-180-2 test vectors
448 */
449static unsigned char sha2_test_buf[3][57] =
450{
451 { "abc" },
452 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
453 { "" }
454};
455
456static const int sha2_test_buflen[3] =
457{
458 3, 56, 1000
459};
460
461static const unsigned char sha2_test_sum[6][32] =
462{
463 /*
464 * SHA-224 test vectors
465 */
466 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
467 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
468 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
469 0xE3, 0x6C, 0x9D, 0xA7 },
470 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
471 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
472 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
473 0x52, 0x52, 0x25, 0x25 },
474 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
475 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
476 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
477 0x4E, 0xE7, 0xAD, 0x67 },
478
479 /*
480 * SHA-256 test vectors
481 */
482 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
483 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
484 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
485 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
486 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
487 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
488 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
489 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
490 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
491 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
492 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
493 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
494};
495
496/*
497 * RFC 4231 test vectors
498 */
499static unsigned char sha2_hmac_test_key[7][26] =
500{
501 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
502 "\x0B\x0B\x0B\x0B" },
503 { "Jefe" },
504 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
505 "\xAA\xAA\xAA\xAA" },
506 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
507 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
508 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
509 "\x0C\x0C\x0C\x0C" },
510 { "" }, /* 0xAA 131 times */
511 { "" }
512};
513
514static const int sha2_hmac_test_keylen[7] =
515{
516 20, 4, 20, 25, 20, 131, 131
517};
518
519static unsigned char sha2_hmac_test_buf[7][153] =
520{
521 { "Hi There" },
522 { "what do ya want for nothing?" },
523 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
524 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
525 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
526 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
527 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
528 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
529 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
530 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
531 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
532 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
533 { "Test With Truncation" },
534 { "Test Using Larger Than Block-Size Key - Hash Key First" },
535 { "This is a test using a larger than block-size key "
536 "and a larger than block-size data. The key needs to "
537 "be hashed before being used by the HMAC algorithm." }
538};
539
540static const int sha2_hmac_test_buflen[7] =
541{
542 8, 28, 50, 50, 20, 54, 152
543};
544
545static const unsigned char sha2_hmac_test_sum[14][32] =
546{
547 /*
548 * HMAC-SHA-224 test vectors
549 */
550 { 0x89, 0x6F, 0xB1, 0x12, 0x8A, 0xBB, 0xDF, 0x19,
551 0x68, 0x32, 0x10, 0x7C, 0xD4, 0x9D, 0xF3, 0x3F,
552 0x47, 0xB4, 0xB1, 0x16, 0x99, 0x12, 0xBA, 0x4F,
553 0x53, 0x68, 0x4B, 0x22 },
554 { 0xA3, 0x0E, 0x01, 0x09, 0x8B, 0xC6, 0xDB, 0xBF,
555 0x45, 0x69, 0x0F, 0x3A, 0x7E, 0x9E, 0x6D, 0x0F,
556 0x8B, 0xBE, 0xA2, 0xA3, 0x9E, 0x61, 0x48, 0x00,
557 0x8F, 0xD0, 0x5E, 0x44 },
558 { 0x7F, 0xB3, 0xCB, 0x35, 0x88, 0xC6, 0xC1, 0xF6,
559 0xFF, 0xA9, 0x69, 0x4D, 0x7D, 0x6A, 0xD2, 0x64,
560 0x93, 0x65, 0xB0, 0xC1, 0xF6, 0x5D, 0x69, 0xD1,
561 0xEC, 0x83, 0x33, 0xEA },
562 { 0x6C, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3C, 0xAC,
563 0x6A, 0x2A, 0xBC, 0x1B, 0xB3, 0x82, 0x62, 0x7C,
564 0xEC, 0x6A, 0x90, 0xD8, 0x6E, 0xFC, 0x01, 0x2D,
565 0xE7, 0xAF, 0xEC, 0x5A },
566 { 0x0E, 0x2A, 0xEA, 0x68, 0xA9, 0x0C, 0x8D, 0x37,
567 0xC9, 0x88, 0xBC, 0xDB, 0x9F, 0xCA, 0x6F, 0xA8 },
568 { 0x95, 0xE9, 0xA0, 0xDB, 0x96, 0x20, 0x95, 0xAD,
569 0xAE, 0xBE, 0x9B, 0x2D, 0x6F, 0x0D, 0xBC, 0xE2,
570 0xD4, 0x99, 0xF1, 0x12, 0xF2, 0xD2, 0xB7, 0x27,
571 0x3F, 0xA6, 0x87, 0x0E },
572 { 0x3A, 0x85, 0x41, 0x66, 0xAC, 0x5D, 0x9F, 0x02,
573 0x3F, 0x54, 0xD5, 0x17, 0xD0, 0xB3, 0x9D, 0xBD,
574 0x94, 0x67, 0x70, 0xDB, 0x9C, 0x2B, 0x95, 0xC9,
575 0xF6, 0xF5, 0x65, 0xD1 },
576
577 /*
578 * HMAC-SHA-256 test vectors
579 */
580 { 0xB0, 0x34, 0x4C, 0x61, 0xD8, 0xDB, 0x38, 0x53,
581 0x5C, 0xA8, 0xAF, 0xCE, 0xAF, 0x0B, 0xF1, 0x2B,
582 0x88, 0x1D, 0xC2, 0x00, 0xC9, 0x83, 0x3D, 0xA7,
583 0x26, 0xE9, 0x37, 0x6C, 0x2E, 0x32, 0xCF, 0xF7 },
584 { 0x5B, 0xDC, 0xC1, 0x46, 0xBF, 0x60, 0x75, 0x4E,
585 0x6A, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xC7,
586 0x5A, 0x00, 0x3F, 0x08, 0x9D, 0x27, 0x39, 0x83,
587 0x9D, 0xEC, 0x58, 0xB9, 0x64, 0xEC, 0x38, 0x43 },
588 { 0x77, 0x3E, 0xA9, 0x1E, 0x36, 0x80, 0x0E, 0x46,
589 0x85, 0x4D, 0xB8, 0xEB, 0xD0, 0x91, 0x81, 0xA7,
590 0x29, 0x59, 0x09, 0x8B, 0x3E, 0xF8, 0xC1, 0x22,
591 0xD9, 0x63, 0x55, 0x14, 0xCE, 0xD5, 0x65, 0xFE },
592 { 0x82, 0x55, 0x8A, 0x38, 0x9A, 0x44, 0x3C, 0x0E,
593 0xA4, 0xCC, 0x81, 0x98, 0x99, 0xF2, 0x08, 0x3A,
594 0x85, 0xF0, 0xFA, 0xA3, 0xE5, 0x78, 0xF8, 0x07,
595 0x7A, 0x2E, 0x3F, 0xF4, 0x67, 0x29, 0x66, 0x5B },
596 { 0xA3, 0xB6, 0x16, 0x74, 0x73, 0x10, 0x0E, 0xE0,
597 0x6E, 0x0C, 0x79, 0x6C, 0x29, 0x55, 0x55, 0x2B },
598 { 0x60, 0xE4, 0x31, 0x59, 0x1E, 0xE0, 0xB6, 0x7F,
599 0x0D, 0x8A, 0x26, 0xAA, 0xCB, 0xF5, 0xB7, 0x7F,
600 0x8E, 0x0B, 0xC6, 0x21, 0x37, 0x28, 0xC5, 0x14,
601 0x05, 0x46, 0x04, 0x0F, 0x0E, 0xE3, 0x7F, 0x54 },
602 { 0x9B, 0x09, 0xFF, 0xA7, 0x1B, 0x94, 0x2F, 0xCB,
603 0x27, 0x63, 0x5F, 0xBC, 0xD5, 0xB0, 0xE9, 0x44,
604 0xBF, 0xDC, 0x63, 0x64, 0x4F, 0x07, 0x13, 0x93,
605 0x8A, 0x7F, 0x51, 0x53, 0x5C, 0x3A, 0x35, 0xE2 }
606};
607
608/*
609 * Checkup routine
610 */
611int sha2_self_test( int verbose )
612{
613 int i, j, k, buflen;
614 unsigned char buf[1024];
615 unsigned char sha2sum[32];
616 sha2_context ctx;
617
618 for( i = 0; i < 6; i++ )
619 {
620 j = i % 3;
621 k = i < 3;
622
623 if( verbose != 0 )
624 printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
625
626 sha2_starts( &ctx, k );
627
628 if( j == 2 )
629 {
630 memset( buf, 'a', buflen = 1000 );
631
632 for( j = 0; j < 1000; j++ )
633 sha2_update( &ctx, buf, buflen );
634 }
635 else
636 sha2_update( &ctx, sha2_test_buf[j],
637 sha2_test_buflen[j] );
638
639 sha2_finish( &ctx, sha2sum );
640
641 if( memcmp( sha2sum, sha2_test_sum[i], 32 - k * 4 ) != 0 )
642 {
643 if( verbose != 0 )
644 printf( "failed\n" );
645
646 return( 1 );
647 }
648
649 if( verbose != 0 )
650 printf( "passed\n" );
651 }
652
653 if( verbose != 0 )
654 printf( "\n" );
655
656 for( i = 0; i < 14; i++ )
657 {
658 j = i % 7;
659 k = i < 7;
660
661 if( verbose != 0 )
662 printf( " HMAC-SHA-%d test #%d: ", 256 - k * 32, j + 1 );
663
664 if( j == 5 || j == 6 )
665 {
666 memset( buf, '\xAA', buflen = 131 );
667 sha2_hmac_starts( &ctx, buf, buflen, k );
668 }
669 else
670 sha2_hmac_starts( &ctx, sha2_hmac_test_key[j],
671 sha2_hmac_test_keylen[j], k );
672
673 sha2_hmac_update( &ctx, sha2_hmac_test_buf[j],
674 sha2_hmac_test_buflen[j] );
675
676 sha2_hmac_finish( &ctx, sha2sum );
677
678 buflen = ( j == 4 ) ? 16 : 32 - k * 4;
679
680 if( memcmp( sha2sum, sha2_hmac_test_sum[i], buflen ) != 0 )
681 {
682 if( verbose != 0 )
683 printf( "failed\n" );
684
685 return( 1 );
686 }
687
688 if( verbose != 0 )
689 printf( "passed\n" );
690 }
691
692 if( verbose != 0 )
693 printf( "\n" );
694
695 return( 0 );
696}
697
698#endif
699
700#endif