TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / cef4ad2509f6c19f6c3e9cf4e6a077bac9d98280 / . / library / sha512.c
blob: 1d4b977060d636eed76a26944e82db7d90824661 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-2 compliant SHA-384/512 implementation
3 *
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]4 * Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The SHA-512 Secure Hash Standard was published by NIST in 2002.
27 *
28 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
29 */
30
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame^]31#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]32#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame^]33#else
34#include POLARSSL_CONFIG_FILE
35#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]36
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]37#if defined(POLARSSL_SHA512_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]38
Paul Bakkerd2681d82013-06-30 14:49:12 +0200[diff] [blame]39#include "polarssl/sha512.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]40
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]41#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]42#include <stdio.h>
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]43#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]44
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]45#if defined(POLARSSL_PLATFORM_C)
46#include "polarssl/platform.h"
47#else
48#define polarssl_printf printf
49#endif
50
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]51#if !defined(POLARSSL_SHA512_ALT)
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]52
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]53/*
54 * 64-bit integer manipulation macros (big endian)
55 */
56#ifndef GET_UINT64_BE
57#define GET_UINT64_BE(n,b,i) \
58{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]59 (n) = ( (uint64_t) (b)[(i) ] << 56 ) \
60 | ( (uint64_t) (b)[(i) + 1] << 48 ) \
61 | ( (uint64_t) (b)[(i) + 2] << 40 ) \
62 | ( (uint64_t) (b)[(i) + 3] << 32 ) \
63 | ( (uint64_t) (b)[(i) + 4] << 24 ) \
64 | ( (uint64_t) (b)[(i) + 5] << 16 ) \
65 | ( (uint64_t) (b)[(i) + 6] << 8 ) \
66 | ( (uint64_t) (b)[(i) + 7] ); \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]67}
68#endif
69
70#ifndef PUT_UINT64_BE
71#define PUT_UINT64_BE(n,b,i) \
72{ \
73 (b)[(i) ] = (unsigned char) ( (n) >> 56 ); \
74 (b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \
75 (b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \
76 (b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \
77 (b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \
78 (b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \
79 (b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \
80 (b)[(i) + 7] = (unsigned char) ( (n) ); \
81}
82#endif
83
84/*
85 * Round constants
86 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]87static const uint64_t K[80] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]88{
89 UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
90 UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
91 UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
92 UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
93 UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
94 UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
95 UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
96 UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
97 UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
98 UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
99 UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
100 UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
101 UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
102 UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
103 UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
104 UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
105 UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
106 UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
107 UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
108 UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
109 UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
110 UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
111 UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
112 UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
113 UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
114 UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
115 UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
116 UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
117 UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
118 UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
119 UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
120 UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
121 UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
122 UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
123 UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
124 UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
125 UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
126 UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
127 UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
128 UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
129};
130
131/*
132 * SHA-512 context setup
133 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]134void sha512_starts( sha512_context *ctx, int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]135{
136 ctx->total[0] = 0;
137 ctx->total[1] = 0;
138
139 if( is384 == 0 )
140 {
141 /* SHA-512 */
142 ctx->state[0] = UL64(0x6A09E667F3BCC908);
143 ctx->state[1] = UL64(0xBB67AE8584CAA73B);
144 ctx->state[2] = UL64(0x3C6EF372FE94F82B);
145 ctx->state[3] = UL64(0xA54FF53A5F1D36F1);
146 ctx->state[4] = UL64(0x510E527FADE682D1);
147 ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
148 ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
149 ctx->state[7] = UL64(0x5BE0CD19137E2179);
150 }
151 else
152 {
153 /* SHA-384 */
154 ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
155 ctx->state[1] = UL64(0x629A292A367CD507);
156 ctx->state[2] = UL64(0x9159015A3070DD17);
157 ctx->state[3] = UL64(0x152FECD8F70E5939);
158 ctx->state[4] = UL64(0x67332667FFC00B31);
159 ctx->state[5] = UL64(0x8EB44A8768581511);
160 ctx->state[6] = UL64(0xDB0C2E0D64F98FA7);
161 ctx->state[7] = UL64(0x47B5481DBEFA4FA4);
162 }
163
164 ctx->is384 = is384;
165}
166
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]167void sha512_process( sha512_context *ctx, const unsigned char data[128] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]168{
169 int i;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]170 uint64_t temp1, temp2, W[80];
171 uint64_t A, B, C, D, E, F, G, H;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]172
173#define SHR(x,n) (x >> n)
174#define ROTR(x,n) (SHR(x,n) | (x << (64 - n)))
175
176#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7))
177#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6))
178
179#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
180#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
181
182#define F0(x,y,z) ((x & y) | (z & (x | y)))
183#define F1(x,y,z) (z ^ (x & (y ^ z)))
184
185#define P(a,b,c,d,e,f,g,h,x,K) \
186{ \
187 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
188 temp2 = S2(a) + F0(a,b,c); \
189 d += temp1; h = temp1 + temp2; \
190}
191
192 for( i = 0; i < 16; i++ )
193 {
194 GET_UINT64_BE( W[i], data, i << 3 );
195 }
196
197 for( ; i < 80; i++ )
198 {
199 W[i] = S1(W[i - 2]) + W[i - 7] +
200 S0(W[i - 15]) + W[i - 16];
201 }
202
203 A = ctx->state[0];
204 B = ctx->state[1];
205 C = ctx->state[2];
206 D = ctx->state[3];
207 E = ctx->state[4];
208 F = ctx->state[5];
209 G = ctx->state[6];
210 H = ctx->state[7];
211 i = 0;
212
213 do
214 {
215 P( A, B, C, D, E, F, G, H, W[i], K[i] ); i++;
216 P( H, A, B, C, D, E, F, G, W[i], K[i] ); i++;
217 P( G, H, A, B, C, D, E, F, W[i], K[i] ); i++;
218 P( F, G, H, A, B, C, D, E, W[i], K[i] ); i++;
219 P( E, F, G, H, A, B, C, D, W[i], K[i] ); i++;
220 P( D, E, F, G, H, A, B, C, W[i], K[i] ); i++;
221 P( C, D, E, F, G, H, A, B, W[i], K[i] ); i++;
222 P( B, C, D, E, F, G, H, A, W[i], K[i] ); i++;
223 }
224 while( i < 80 );
225
226 ctx->state[0] += A;
227 ctx->state[1] += B;
228 ctx->state[2] += C;
229 ctx->state[3] += D;
230 ctx->state[4] += E;
231 ctx->state[5] += F;
232 ctx->state[6] += G;
233 ctx->state[7] += H;
234}
235
236/*
237 * SHA-512 process buffer
238 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]239void sha512_update( sha512_context *ctx, const unsigned char *input, size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]240{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]241 size_t fill;
Paul Bakkerb8213a12011-07-11 08:16:18 +0000[diff] [blame]242 unsigned int left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]243
244 if( ilen <= 0 )
245 return;
246
Paul Bakkerb8213a12011-07-11 08:16:18 +0000[diff] [blame]247 left = (unsigned int) (ctx->total[0] & 0x7F);
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]248 fill = 128 - left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]249
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]250 ctx->total[0] += (uint64_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]251
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]252 if( ctx->total[0] < (uint64_t) ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]253 ctx->total[1]++;
254
255 if( left && ilen >= fill )
256 {
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]257 memcpy( (void *) (ctx->buffer + left), input, fill );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]258 sha512_process( ctx, ctx->buffer );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]259 input += fill;
260 ilen -= fill;
261 left = 0;
262 }
263
264 while( ilen >= 128 )
265 {
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]266 sha512_process( ctx, input );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]267 input += 128;
268 ilen -= 128;
269 }
270
271 if( ilen > 0 )
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]272 memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]273}
274
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]275static const unsigned char sha512_padding[128] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]276{
277 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
278 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
279 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
280 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
281 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
282 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
283 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
284 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
285};
286
287/*
288 * SHA-512 final digest
289 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]290void sha512_finish( sha512_context *ctx, unsigned char output[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]291{
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]292 size_t last, padn;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]293 uint64_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]294 unsigned char msglen[16];
295
296 high = ( ctx->total[0] >> 61 )
297 | ( ctx->total[1] << 3 );
298 low = ( ctx->total[0] << 3 );
299
300 PUT_UINT64_BE( high, msglen, 0 );
301 PUT_UINT64_BE( low, msglen, 8 );
302
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]303 last = (size_t)( ctx->total[0] & 0x7F );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]304 padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
305
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]306 sha512_update( ctx, sha512_padding, padn );
307 sha512_update( ctx, msglen, 16 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]308
309 PUT_UINT64_BE( ctx->state[0], output, 0 );
310 PUT_UINT64_BE( ctx->state[1], output, 8 );
311 PUT_UINT64_BE( ctx->state[2], output, 16 );
312 PUT_UINT64_BE( ctx->state[3], output, 24 );
313 PUT_UINT64_BE( ctx->state[4], output, 32 );
314 PUT_UINT64_BE( ctx->state[5], output, 40 );
315
316 if( ctx->is384 == 0 )
317 {
318 PUT_UINT64_BE( ctx->state[6], output, 48 );
319 PUT_UINT64_BE( ctx->state[7], output, 56 );
320 }
321}
322
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]323#endif /* !POLARSSL_SHA512_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]324
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]325/*
326 * output = SHA-512( input buffer )
327 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]328void sha512( const unsigned char *input, size_t ilen,
329 unsigned char output[64], int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]330{
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]331 sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]332
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]333 sha512_starts( &ctx, is384 );
334 sha512_update( &ctx, input, ilen );
335 sha512_finish( &ctx, output );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]336
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]337 memset( &ctx, 0, sizeof( sha512_context ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]338}
339
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]340#if defined(POLARSSL_FS_IO)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]341/*
342 * output = SHA-512( file contents )
343 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]344int sha512_file( const char *path, unsigned char output[64], int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]345{
346 FILE *f;
347 size_t n;
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]348 sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]349 unsigned char buf[1024];
350
351 if( ( f = fopen( path, "rb" ) ) == NULL )
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]352 return( POLARSSL_ERR_SHA512_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]353
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]354 sha512_starts( &ctx, is384 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]355
356 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]357 sha512_update( &ctx, buf, n );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]358
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]359 sha512_finish( &ctx, output );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]360
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]361 memset( &ctx, 0, sizeof( sha512_context ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]362
363 if( ferror( f ) != 0 )
364 {
365 fclose( f );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]366 return( POLARSSL_ERR_SHA512_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]367 }
368
369 fclose( f );
370 return( 0 );
371}
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]372#endif /* POLARSSL_FS_IO */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]373
374/*
375 * SHA-512 HMAC context setup
376 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]377void sha512_hmac_starts( sha512_context *ctx, const unsigned char *key,
378 size_t keylen, int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]379{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]380 size_t i;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]381 unsigned char sum[64];
382
383 if( keylen > 128 )
384 {
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]385 sha512( key, keylen, sum, is384 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]386 keylen = ( is384 ) ? 48 : 64;
387 key = sum;
388 }
389
390 memset( ctx->ipad, 0x36, 128 );
391 memset( ctx->opad, 0x5C, 128 );
392
393 for( i = 0; i < keylen; i++ )
394 {
395 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
396 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
397 }
398
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]399 sha512_starts( ctx, is384 );
400 sha512_update( ctx, ctx->ipad, 128 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]401
402 memset( sum, 0, sizeof( sum ) );
403}
404
405/*
406 * SHA-512 HMAC process buffer
407 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]408void sha512_hmac_update( sha512_context *ctx,
409 const unsigned char *input, size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]410{
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]411 sha512_update( ctx, input, ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]412}
413
414/*
415 * SHA-512 HMAC final digest
416 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]417void sha512_hmac_finish( sha512_context *ctx, unsigned char output[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]418{
419 int is384, hlen;
420 unsigned char tmpbuf[64];
421
422 is384 = ctx->is384;
423 hlen = ( is384 == 0 ) ? 64 : 48;
424
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]425 sha512_finish( ctx, tmpbuf );
426 sha512_starts( ctx, is384 );
427 sha512_update( ctx, ctx->opad, 128 );
428 sha512_update( ctx, tmpbuf, hlen );
429 sha512_finish( ctx, output );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]430
431 memset( tmpbuf, 0, sizeof( tmpbuf ) );
432}
433
434/*
Paul Bakker7d3b6612010-03-21 16:23:13 +0000[diff] [blame]435 * SHA-512 HMAC context reset
436 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]437void sha512_hmac_reset( sha512_context *ctx )
Paul Bakker7d3b6612010-03-21 16:23:13 +0000[diff] [blame]438{
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]439 sha512_starts( ctx, ctx->is384 );
440 sha512_update( ctx, ctx->ipad, 128 );
Paul Bakker7d3b6612010-03-21 16:23:13 +0000[diff] [blame]441}
442
443/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]444 * output = HMAC-SHA-512( hmac key, input buffer )
445 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]446void sha512_hmac( const unsigned char *key, size_t keylen,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]447 const unsigned char *input, size_t ilen,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]448 unsigned char output[64], int is384 )
449{
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]450 sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]451
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]452 sha512_hmac_starts( &ctx, key, keylen, is384 );
453 sha512_hmac_update( &ctx, input, ilen );
454 sha512_hmac_finish( &ctx, output );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]455
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]456 memset( &ctx, 0, sizeof( sha512_context ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]457}
458
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]459#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]460
461/*
462 * FIPS-180-2 test vectors
463 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]464static unsigned char sha512_test_buf[3][113] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]465{
466 { "abc" },
467 { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
468 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" },
469 { "" }
470};
471
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]472static const int sha512_test_buflen[3] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]473{
474 3, 112, 1000
475};
476
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]477static const unsigned char sha512_test_sum[6][64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]478{
479 /*
480 * SHA-384 test vectors
481 */
482 { 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
483 0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
484 0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
485 0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED,
486 0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23,
487 0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7 },
488 { 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8,
489 0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47,
490 0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2,
491 0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12,
492 0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9,
493 0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39 },
494 { 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB,
495 0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C,
496 0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52,
497 0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B,
498 0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB,
499 0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 },
500
501 /*
502 * SHA-512 test vectors
503 */
504 { 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA,
505 0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31,
506 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
507 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A,
508 0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8,
509 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
510 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E,
511 0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F },
512 { 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA,
513 0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F,
514 0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1,
515 0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18,
516 0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4,
517 0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A,
518 0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54,
519 0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09 },
520 { 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64,
521 0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63,
522 0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28,
523 0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB,
524 0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A,
525 0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B,
526 0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E,
527 0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B }
528};
529
530/*
531 * RFC 4231 test vectors
532 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]533static unsigned char sha512_hmac_test_key[7][26] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]534{
535 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
536 "\x0B\x0B\x0B\x0B" },
537 { "Jefe" },
538 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
539 "\xAA\xAA\xAA\xAA" },
540 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
541 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
542 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
543 "\x0C\x0C\x0C\x0C" },
544 { "" }, /* 0xAA 131 times */
545 { "" }
546};
547
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]548static const int sha512_hmac_test_keylen[7] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]549{
550 20, 4, 20, 25, 20, 131, 131
551};
552
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]553static unsigned char sha512_hmac_test_buf[7][153] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]554{
555 { "Hi There" },
556 { "what do ya want for nothing?" },
557 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
558 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
559 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
560 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
561 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
562 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
563 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
564 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
565 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
566 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
567 { "Test With Truncation" },
568 { "Test Using Larger Than Block-Size Key - Hash Key First" },
569 { "This is a test using a larger than block-size key "
570 "and a larger than block-size data. The key needs to "
571 "be hashed before being used by the HMAC algorithm." }
572};
573
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]574static const int sha512_hmac_test_buflen[7] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]575{
576 8, 28, 50, 50, 20, 54, 152
577};
578
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]579static const unsigned char sha512_hmac_test_sum[14][64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]580{
581 /*
582 * HMAC-SHA-384 test vectors
583 */
584 { 0xAF, 0xD0, 0x39, 0x44, 0xD8, 0x48, 0x95, 0x62,
585 0x6B, 0x08, 0x25, 0xF4, 0xAB, 0x46, 0x90, 0x7F,
586 0x15, 0xF9, 0xDA, 0xDB, 0xE4, 0x10, 0x1E, 0xC6,
587 0x82, 0xAA, 0x03, 0x4C, 0x7C, 0xEB, 0xC5, 0x9C,
588 0xFA, 0xEA, 0x9E, 0xA9, 0x07, 0x6E, 0xDE, 0x7F,
589 0x4A, 0xF1, 0x52, 0xE8, 0xB2, 0xFA, 0x9C, 0xB6 },
590 { 0xAF, 0x45, 0xD2, 0xE3, 0x76, 0x48, 0x40, 0x31,
591 0x61, 0x7F, 0x78, 0xD2, 0xB5, 0x8A, 0x6B, 0x1B,
592 0x9C, 0x7E, 0xF4, 0x64, 0xF5, 0xA0, 0x1B, 0x47,
593 0xE4, 0x2E, 0xC3, 0x73, 0x63, 0x22, 0x44, 0x5E,
594 0x8E, 0x22, 0x40, 0xCA, 0x5E, 0x69, 0xE2, 0xC7,
595 0x8B, 0x32, 0x39, 0xEC, 0xFA, 0xB2, 0x16, 0x49 },
596 { 0x88, 0x06, 0x26, 0x08, 0xD3, 0xE6, 0xAD, 0x8A,
597 0x0A, 0xA2, 0xAC, 0xE0, 0x14, 0xC8, 0xA8, 0x6F,
598 0x0A, 0xA6, 0x35, 0xD9, 0x47, 0xAC, 0x9F, 0xEB,
599 0xE8, 0x3E, 0xF4, 0xE5, 0x59, 0x66, 0x14, 0x4B,
600 0x2A, 0x5A, 0xB3, 0x9D, 0xC1, 0x38, 0x14, 0xB9,
601 0x4E, 0x3A, 0xB6, 0xE1, 0x01, 0xA3, 0x4F, 0x27 },
602 { 0x3E, 0x8A, 0x69, 0xB7, 0x78, 0x3C, 0x25, 0x85,
603 0x19, 0x33, 0xAB, 0x62, 0x90, 0xAF, 0x6C, 0xA7,
604 0x7A, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9C,
605 0xC5, 0x57, 0x7C, 0x6E, 0x1F, 0x57, 0x3B, 0x4E,
606 0x68, 0x01, 0xDD, 0x23, 0xC4, 0xA7, 0xD6, 0x79,
607 0xCC, 0xF8, 0xA3, 0x86, 0xC6, 0x74, 0xCF, 0xFB },
608 { 0x3A, 0xBF, 0x34, 0xC3, 0x50, 0x3B, 0x2A, 0x23,
609 0xA4, 0x6E, 0xFC, 0x61, 0x9B, 0xAE, 0xF8, 0x97 },
610 { 0x4E, 0xCE, 0x08, 0x44, 0x85, 0x81, 0x3E, 0x90,
611 0x88, 0xD2, 0xC6, 0x3A, 0x04, 0x1B, 0xC5, 0xB4,
612 0x4F, 0x9E, 0xF1, 0x01, 0x2A, 0x2B, 0x58, 0x8F,
613 0x3C, 0xD1, 0x1F, 0x05, 0x03, 0x3A, 0xC4, 0xC6,
614 0x0C, 0x2E, 0xF6, 0xAB, 0x40, 0x30, 0xFE, 0x82,
615 0x96, 0x24, 0x8D, 0xF1, 0x63, 0xF4, 0x49, 0x52 },
616 { 0x66, 0x17, 0x17, 0x8E, 0x94, 0x1F, 0x02, 0x0D,
617 0x35, 0x1E, 0x2F, 0x25, 0x4E, 0x8F, 0xD3, 0x2C,
618 0x60, 0x24, 0x20, 0xFE, 0xB0, 0xB8, 0xFB, 0x9A,
619 0xDC, 0xCE, 0xBB, 0x82, 0x46, 0x1E, 0x99, 0xC5,
620 0xA6, 0x78, 0xCC, 0x31, 0xE7, 0x99, 0x17, 0x6D,
621 0x38, 0x60, 0xE6, 0x11, 0x0C, 0x46, 0x52, 0x3E },
622
623 /*
624 * HMAC-SHA-512 test vectors
625 */
626 { 0x87, 0xAA, 0x7C, 0xDE, 0xA5, 0xEF, 0x61, 0x9D,
627 0x4F, 0xF0, 0xB4, 0x24, 0x1A, 0x1D, 0x6C, 0xB0,
628 0x23, 0x79, 0xF4, 0xE2, 0xCE, 0x4E, 0xC2, 0x78,
629 0x7A, 0xD0, 0xB3, 0x05, 0x45, 0xE1, 0x7C, 0xDE,
630 0xDA, 0xA8, 0x33, 0xB7, 0xD6, 0xB8, 0xA7, 0x02,
631 0x03, 0x8B, 0x27, 0x4E, 0xAE, 0xA3, 0xF4, 0xE4,
632 0xBE, 0x9D, 0x91, 0x4E, 0xEB, 0x61, 0xF1, 0x70,
633 0x2E, 0x69, 0x6C, 0x20, 0x3A, 0x12, 0x68, 0x54 },
634 { 0x16, 0x4B, 0x7A, 0x7B, 0xFC, 0xF8, 0x19, 0xE2,
635 0xE3, 0x95, 0xFB, 0xE7, 0x3B, 0x56, 0xE0, 0xA3,
636 0x87, 0xBD, 0x64, 0x22, 0x2E, 0x83, 0x1F, 0xD6,
637 0x10, 0x27, 0x0C, 0xD7, 0xEA, 0x25, 0x05, 0x54,
638 0x97, 0x58, 0xBF, 0x75, 0xC0, 0x5A, 0x99, 0x4A,
639 0x6D, 0x03, 0x4F, 0x65, 0xF8, 0xF0, 0xE6, 0xFD,
640 0xCA, 0xEA, 0xB1, 0xA3, 0x4D, 0x4A, 0x6B, 0x4B,
641 0x63, 0x6E, 0x07, 0x0A, 0x38, 0xBC, 0xE7, 0x37 },
642 { 0xFA, 0x73, 0xB0, 0x08, 0x9D, 0x56, 0xA2, 0x84,
643 0xEF, 0xB0, 0xF0, 0x75, 0x6C, 0x89, 0x0B, 0xE9,
644 0xB1, 0xB5, 0xDB, 0xDD, 0x8E, 0xE8, 0x1A, 0x36,
645 0x55, 0xF8, 0x3E, 0x33, 0xB2, 0x27, 0x9D, 0x39,
646 0xBF, 0x3E, 0x84, 0x82, 0x79, 0xA7, 0x22, 0xC8,
647 0x06, 0xB4, 0x85, 0xA4, 0x7E, 0x67, 0xC8, 0x07,
648 0xB9, 0x46, 0xA3, 0x37, 0xBE, 0xE8, 0x94, 0x26,
649 0x74, 0x27, 0x88, 0x59, 0xE1, 0x32, 0x92, 0xFB },
650 { 0xB0, 0xBA, 0x46, 0x56, 0x37, 0x45, 0x8C, 0x69,
651 0x90, 0xE5, 0xA8, 0xC5, 0xF6, 0x1D, 0x4A, 0xF7,
652 0xE5, 0x76, 0xD9, 0x7F, 0xF9, 0x4B, 0x87, 0x2D,
653 0xE7, 0x6F, 0x80, 0x50, 0x36, 0x1E, 0xE3, 0xDB,
654 0xA9, 0x1C, 0xA5, 0xC1, 0x1A, 0xA2, 0x5E, 0xB4,
655 0xD6, 0x79, 0x27, 0x5C, 0xC5, 0x78, 0x80, 0x63,
656 0xA5, 0xF1, 0x97, 0x41, 0x12, 0x0C, 0x4F, 0x2D,
657 0xE2, 0xAD, 0xEB, 0xEB, 0x10, 0xA2, 0x98, 0xDD },
658 { 0x41, 0x5F, 0xAD, 0x62, 0x71, 0x58, 0x0A, 0x53,
659 0x1D, 0x41, 0x79, 0xBC, 0x89, 0x1D, 0x87, 0xA6 },
660 { 0x80, 0xB2, 0x42, 0x63, 0xC7, 0xC1, 0xA3, 0xEB,
661 0xB7, 0x14, 0x93, 0xC1, 0xDD, 0x7B, 0xE8, 0xB4,
662 0x9B, 0x46, 0xD1, 0xF4, 0x1B, 0x4A, 0xEE, 0xC1,
663 0x12, 0x1B, 0x01, 0x37, 0x83, 0xF8, 0xF3, 0x52,
664 0x6B, 0x56, 0xD0, 0x37, 0xE0, 0x5F, 0x25, 0x98,
665 0xBD, 0x0F, 0xD2, 0x21, 0x5D, 0x6A, 0x1E, 0x52,
666 0x95, 0xE6, 0x4F, 0x73, 0xF6, 0x3F, 0x0A, 0xEC,
667 0x8B, 0x91, 0x5A, 0x98, 0x5D, 0x78, 0x65, 0x98 },
668 { 0xE3, 0x7B, 0x6A, 0x77, 0x5D, 0xC8, 0x7D, 0xBA,
669 0xA4, 0xDF, 0xA9, 0xF9, 0x6E, 0x5E, 0x3F, 0xFD,
670 0xDE, 0xBD, 0x71, 0xF8, 0x86, 0x72, 0x89, 0x86,
671 0x5D, 0xF5, 0xA3, 0x2D, 0x20, 0xCD, 0xC9, 0x44,
672 0xB6, 0x02, 0x2C, 0xAC, 0x3C, 0x49, 0x82, 0xB1,
673 0x0D, 0x5E, 0xEB, 0x55, 0xC3, 0xE4, 0xDE, 0x15,
674 0x13, 0x46, 0x76, 0xFB, 0x6D, 0xE0, 0x44, 0x60,
675 0x65, 0xC9, 0x74, 0x40, 0xFA, 0x8C, 0x6A, 0x58 }
676};
677
678/*
679 * Checkup routine
680 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]681int sha512_self_test( int verbose )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]682{
683 int i, j, k, buflen;
684 unsigned char buf[1024];
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]685 unsigned char sha512sum[64];
686 sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]687
688 for( i = 0; i < 6; i++ )
689 {
690 j = i % 3;
691 k = i < 3;
692
693 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]694 polarssl_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]695
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]696 sha512_starts( &ctx, k );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]697
698 if( j == 2 )
699 {
700 memset( buf, 'a', buflen = 1000 );
701
702 for( j = 0; j < 1000; j++ )
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]703 sha512_update( &ctx, buf, buflen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]704 }
705 else
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]706 sha512_update( &ctx, sha512_test_buf[j],
707 sha512_test_buflen[j] );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]708
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]709 sha512_finish( &ctx, sha512sum );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]710
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]711 if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]712 {
713 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]714 polarssl_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]715
716 return( 1 );
717 }
718
719 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]720 polarssl_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]721 }
722
723 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]724 polarssl_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]725
726 for( i = 0; i < 14; i++ )
727 {
728 j = i % 7;
729 k = i < 7;
730
731 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]732 polarssl_printf( " HMAC-SHA-%d test #%d: ", 512 - k * 128, j + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]733
734 if( j == 5 || j == 6 )
735 {
736 memset( buf, '\xAA', buflen = 131 );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]737 sha512_hmac_starts( &ctx, buf, buflen, k );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]738 }
739 else
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]740 sha512_hmac_starts( &ctx, sha512_hmac_test_key[j],
741 sha512_hmac_test_keylen[j], k );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]742
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]743 sha512_hmac_update( &ctx, sha512_hmac_test_buf[j],
744 sha512_hmac_test_buflen[j] );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]745
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]746 sha512_hmac_finish( &ctx, sha512sum );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]747
748 buflen = ( j == 4 ) ? 16 : 64 - k * 16;
749
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]750 if( memcmp( sha512sum, sha512_hmac_test_sum[i], buflen ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]751 {
752 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]753 polarssl_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]754
755 return( 1 );
756 }
757
758 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]759 polarssl_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]760 }
761
762 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]763 polarssl_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]764
765 return( 0 );
766}
767
768#endif
769
770#endif