TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 84f12b76fc6d5b9dc3ec4eff3dc0f1e6b03a259a / . / library / sha2.c
blob: 3f6f0db5e8ec41b38ca602334e5465ce39626ab9 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-2 compliant SHA-256 implementation
3 *
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame^]4 * Copyright (C) 2006-2010, Brainspark B.V.
5 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]6 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]7 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22/*
23 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
24 *
25 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
26 */
27
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]28#include "polarssl/config.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]29
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]30#if defined(POLARSSL_SHA2_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]31
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]32#include "polarssl/sha2.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]33
34#include <string.h>
35#include <stdio.h>
36
37/*
38 * 32-bit integer manipulation macros (big endian)
39 */
40#ifndef GET_ULONG_BE
41#define GET_ULONG_BE(n,b,i) \
42{ \
43 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
44 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
45 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
46 | ( (unsigned long) (b)[(i) + 3] ); \
47}
48#endif
49
50#ifndef PUT_ULONG_BE
51#define PUT_ULONG_BE(n,b,i) \
52{ \
53 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
54 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
55 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
56 (b)[(i) + 3] = (unsigned char) ( (n) ); \
57}
58#endif
59
60/*
61 * SHA-256 context setup
62 */
63void sha2_starts( sha2_context *ctx, int is224 )
64{
65 ctx->total[0] = 0;
66 ctx->total[1] = 0;
67
68 if( is224 == 0 )
69 {
70 /* SHA-256 */
71 ctx->state[0] = 0x6A09E667;
72 ctx->state[1] = 0xBB67AE85;
73 ctx->state[2] = 0x3C6EF372;
74 ctx->state[3] = 0xA54FF53A;
75 ctx->state[4] = 0x510E527F;
76 ctx->state[5] = 0x9B05688C;
77 ctx->state[6] = 0x1F83D9AB;
78 ctx->state[7] = 0x5BE0CD19;
79 }
80 else
81 {
82 /* SHA-224 */
83 ctx->state[0] = 0xC1059ED8;
84 ctx->state[1] = 0x367CD507;
85 ctx->state[2] = 0x3070DD17;
86 ctx->state[3] = 0xF70E5939;
87 ctx->state[4] = 0xFFC00B31;
88 ctx->state[5] = 0x68581511;
89 ctx->state[6] = 0x64F98FA7;
90 ctx->state[7] = 0xBEFA4FA4;
91 }
92
93 ctx->is224 = is224;
94}
95
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]96static void sha2_process( sha2_context *ctx, const unsigned char data[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]97{
98 unsigned long temp1, temp2, W[64];
99 unsigned long A, B, C, D, E, F, G, H;
100
101 GET_ULONG_BE( W[ 0], data, 0 );
102 GET_ULONG_BE( W[ 1], data, 4 );
103 GET_ULONG_BE( W[ 2], data, 8 );
104 GET_ULONG_BE( W[ 3], data, 12 );
105 GET_ULONG_BE( W[ 4], data, 16 );
106 GET_ULONG_BE( W[ 5], data, 20 );
107 GET_ULONG_BE( W[ 6], data, 24 );
108 GET_ULONG_BE( W[ 7], data, 28 );
109 GET_ULONG_BE( W[ 8], data, 32 );
110 GET_ULONG_BE( W[ 9], data, 36 );
111 GET_ULONG_BE( W[10], data, 40 );
112 GET_ULONG_BE( W[11], data, 44 );
113 GET_ULONG_BE( W[12], data, 48 );
114 GET_ULONG_BE( W[13], data, 52 );
115 GET_ULONG_BE( W[14], data, 56 );
116 GET_ULONG_BE( W[15], data, 60 );
117
118#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
119#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
120
121#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
122#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
123
124#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
125#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
126
127#define F0(x,y,z) ((x & y) | (z & (x | y)))
128#define F1(x,y,z) (z ^ (x & (y ^ z)))
129
130#define R(t) \
131( \
132 W[t] = S1(W[t - 2]) + W[t - 7] + \
133 S0(W[t - 15]) + W[t - 16] \
134)
135
136#define P(a,b,c,d,e,f,g,h,x,K) \
137{ \
138 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
139 temp2 = S2(a) + F0(a,b,c); \
140 d += temp1; h = temp1 + temp2; \
141}
142
143 A = ctx->state[0];
144 B = ctx->state[1];
145 C = ctx->state[2];
146 D = ctx->state[3];
147 E = ctx->state[4];
148 F = ctx->state[5];
149 G = ctx->state[6];
150 H = ctx->state[7];
151
152 P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 );
153 P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 );
154 P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF );
155 P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 );
156 P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B );
157 P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 );
158 P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 );
159 P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 );
160 P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 );
161 P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 );
162 P( G, H, A, B, C, D, E, F, W[10], 0x243185BE );
163 P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 );
164 P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 );
165 P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE );
166 P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 );
167 P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 );
168 P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 );
169 P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 );
170 P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 );
171 P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC );
172 P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F );
173 P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA );
174 P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC );
175 P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA );
176 P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 );
177 P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D );
178 P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 );
179 P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 );
180 P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 );
181 P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 );
182 P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 );
183 P( B, C, D, E, F, G, H, A, R(31), 0x14292967 );
184 P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 );
185 P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 );
186 P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC );
187 P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 );
188 P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 );
189 P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB );
190 P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E );
191 P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 );
192 P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 );
193 P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B );
194 P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 );
195 P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 );
196 P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 );
197 P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 );
198 P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 );
199 P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 );
200 P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 );
201 P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 );
202 P( G, H, A, B, C, D, E, F, R(50), 0x2748774C );
203 P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 );
204 P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 );
205 P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A );
206 P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F );
207 P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 );
208 P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE );
209 P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F );
210 P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 );
211 P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 );
212 P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA );
213 P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB );
214 P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 );
215 P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 );
216
217 ctx->state[0] += A;
218 ctx->state[1] += B;
219 ctx->state[2] += C;
220 ctx->state[3] += D;
221 ctx->state[4] += E;
222 ctx->state[5] += F;
223 ctx->state[6] += G;
224 ctx->state[7] += H;
225}
226
227/*
228 * SHA-256 process buffer
229 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]230void sha2_update( sha2_context *ctx, const unsigned char *input, int ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]231{
232 int fill;
233 unsigned long left;
234
235 if( ilen <= 0 )
236 return;
237
238 left = ctx->total[0] & 0x3F;
239 fill = 64 - left;
240
241 ctx->total[0] += ilen;
242 ctx->total[0] &= 0xFFFFFFFF;
243
244 if( ctx->total[0] < (unsigned long) ilen )
245 ctx->total[1]++;
246
247 if( left && ilen >= fill )
248 {
249 memcpy( (void *) (ctx->buffer + left),
250 (void *) input, fill );
251 sha2_process( ctx, ctx->buffer );
252 input += fill;
253 ilen -= fill;
254 left = 0;
255 }
256
257 while( ilen >= 64 )
258 {
259 sha2_process( ctx, input );
260 input += 64;
261 ilen -= 64;
262 }
263
264 if( ilen > 0 )
265 {
266 memcpy( (void *) (ctx->buffer + left),
267 (void *) input, ilen );
268 }
269}
270
271static const unsigned char sha2_padding[64] =
272{
273 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
274 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
275 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
276 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
277};
278
279/*
280 * SHA-256 final digest
281 */
282void sha2_finish( sha2_context *ctx, unsigned char output[32] )
283{
284 unsigned long last, padn;
285 unsigned long high, low;
286 unsigned char msglen[8];
287
288 high = ( ctx->total[0] >> 29 )
289 | ( ctx->total[1] << 3 );
290 low = ( ctx->total[0] << 3 );
291
292 PUT_ULONG_BE( high, msglen, 0 );
293 PUT_ULONG_BE( low, msglen, 4 );
294
295 last = ctx->total[0] & 0x3F;
296 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
297
298 sha2_update( ctx, (unsigned char *) sha2_padding, padn );
299 sha2_update( ctx, msglen, 8 );
300
301 PUT_ULONG_BE( ctx->state[0], output, 0 );
302 PUT_ULONG_BE( ctx->state[1], output, 4 );
303 PUT_ULONG_BE( ctx->state[2], output, 8 );
304 PUT_ULONG_BE( ctx->state[3], output, 12 );
305 PUT_ULONG_BE( ctx->state[4], output, 16 );
306 PUT_ULONG_BE( ctx->state[5], output, 20 );
307 PUT_ULONG_BE( ctx->state[6], output, 24 );
308
309 if( ctx->is224 == 0 )
310 PUT_ULONG_BE( ctx->state[7], output, 28 );
311}
312
313/*
314 * output = SHA-256( input buffer )
315 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]316void sha2( const unsigned char *input, int ilen,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]317 unsigned char output[32], int is224 )
318{
319 sha2_context ctx;
320
321 sha2_starts( &ctx, is224 );
322 sha2_update( &ctx, input, ilen );
323 sha2_finish( &ctx, output );
324
325 memset( &ctx, 0, sizeof( sha2_context ) );
326}
327
328/*
329 * output = SHA-256( file contents )
330 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]331int sha2_file( const char *path, unsigned char output[32], int is224 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]332{
333 FILE *f;
334 size_t n;
335 sha2_context ctx;
336 unsigned char buf[1024];
337
338 if( ( f = fopen( path, "rb" ) ) == NULL )
339 return( 1 );
340
341 sha2_starts( &ctx, is224 );
342
343 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
344 sha2_update( &ctx, buf, (int) n );
345
346 sha2_finish( &ctx, output );
347
348 memset( &ctx, 0, sizeof( sha2_context ) );
349
350 if( ferror( f ) != 0 )
351 {
352 fclose( f );
353 return( 2 );
354 }
355
356 fclose( f );
357 return( 0 );
358}
359
360/*
361 * SHA-256 HMAC context setup
362 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]363void sha2_hmac_starts( sha2_context *ctx, const unsigned char *key, int keylen,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]364 int is224 )
365{
366 int i;
367 unsigned char sum[32];
368
369 if( keylen > 64 )
370 {
371 sha2( key, keylen, sum, is224 );
372 keylen = ( is224 ) ? 28 : 32;
373 key = sum;
374 }
375
376 memset( ctx->ipad, 0x36, 64 );
377 memset( ctx->opad, 0x5C, 64 );
378
379 for( i = 0; i < keylen; i++ )
380 {
381 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
382 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
383 }
384
385 sha2_starts( ctx, is224 );
386 sha2_update( ctx, ctx->ipad, 64 );
387
388 memset( sum, 0, sizeof( sum ) );
389}
390
391/*
392 * SHA-256 HMAC process buffer
393 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]394void sha2_hmac_update( sha2_context *ctx, const unsigned char *input, int ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]395{
396 sha2_update( ctx, input, ilen );
397}
398
399/*
400 * SHA-256 HMAC final digest
401 */
402void sha2_hmac_finish( sha2_context *ctx, unsigned char output[32] )
403{
404 int is224, hlen;
405 unsigned char tmpbuf[32];
406
407 is224 = ctx->is224;
408 hlen = ( is224 == 0 ) ? 32 : 28;
409
410 sha2_finish( ctx, tmpbuf );
411 sha2_starts( ctx, is224 );
412 sha2_update( ctx, ctx->opad, 64 );
413 sha2_update( ctx, tmpbuf, hlen );
414 sha2_finish( ctx, output );
415
416 memset( tmpbuf, 0, sizeof( tmpbuf ) );
417}
418
419/*
Paul Bakker7d3b6612010-03-21 16:23:13 +0000[diff] [blame]420 * SHA-256 HMAC context reset
421 */
422void sha2_hmac_reset( sha2_context *ctx )
423{
424 sha2_starts( ctx, ctx->is224 );
425 sha2_update( ctx, ctx->ipad, 64 );
426}
427
428/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]429 * output = HMAC-SHA-256( hmac key, input buffer )
430 */
Paul Bakkerff60ee62010-03-16 21:09:09 +0000[diff] [blame]431void sha2_hmac( const unsigned char *key, int keylen,
432 const unsigned char *input, int ilen,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]433 unsigned char output[32], int is224 )
434{
435 sha2_context ctx;
436
437 sha2_hmac_starts( &ctx, key, keylen, is224 );
438 sha2_hmac_update( &ctx, input, ilen );
439 sha2_hmac_finish( &ctx, output );
440
441 memset( &ctx, 0, sizeof( sha2_context ) );
442}
443
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]444#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]445/*
446 * FIPS-180-2 test vectors
447 */
448static unsigned char sha2_test_buf[3][57] =
449{
450 { "abc" },
451 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
452 { "" }
453};
454
455static const int sha2_test_buflen[3] =
456{
457 3, 56, 1000
458};
459
460static const unsigned char sha2_test_sum[6][32] =
461{
462 /*
463 * SHA-224 test vectors
464 */
465 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
466 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
467 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
468 0xE3, 0x6C, 0x9D, 0xA7 },
469 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
470 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
471 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
472 0x52, 0x52, 0x25, 0x25 },
473 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
474 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
475 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
476 0x4E, 0xE7, 0xAD, 0x67 },
477
478 /*
479 * SHA-256 test vectors
480 */
481 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
482 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
483 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
484 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
485 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
486 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
487 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
488 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
489 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
490 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
491 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
492 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
493};
494
495/*
496 * RFC 4231 test vectors
497 */
498static unsigned char sha2_hmac_test_key[7][26] =
499{
500 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
501 "\x0B\x0B\x0B\x0B" },
502 { "Jefe" },
503 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
504 "\xAA\xAA\xAA\xAA" },
505 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
506 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
507 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
508 "\x0C\x0C\x0C\x0C" },
509 { "" }, /* 0xAA 131 times */
510 { "" }
511};
512
513static const int sha2_hmac_test_keylen[7] =
514{
515 20, 4, 20, 25, 20, 131, 131
516};
517
518static unsigned char sha2_hmac_test_buf[7][153] =
519{
520 { "Hi There" },
521 { "what do ya want for nothing?" },
522 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
523 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
524 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
525 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
526 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
527 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
528 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
529 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
530 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
531 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
532 { "Test With Truncation" },
533 { "Test Using Larger Than Block-Size Key - Hash Key First" },
534 { "This is a test using a larger than block-size key "
535 "and a larger than block-size data. The key needs to "
536 "be hashed before being used by the HMAC algorithm." }
537};
538
539static const int sha2_hmac_test_buflen[7] =
540{
541 8, 28, 50, 50, 20, 54, 152
542};
543
544static const unsigned char sha2_hmac_test_sum[14][32] =
545{
546 /*
547 * HMAC-SHA-224 test vectors
548 */
549 { 0x89, 0x6F, 0xB1, 0x12, 0x8A, 0xBB, 0xDF, 0x19,
550 0x68, 0x32, 0x10, 0x7C, 0xD4, 0x9D, 0xF3, 0x3F,
551 0x47, 0xB4, 0xB1, 0x16, 0x99, 0x12, 0xBA, 0x4F,
552 0x53, 0x68, 0x4B, 0x22 },
553 { 0xA3, 0x0E, 0x01, 0x09, 0x8B, 0xC6, 0xDB, 0xBF,
554 0x45, 0x69, 0x0F, 0x3A, 0x7E, 0x9E, 0x6D, 0x0F,
555 0x8B, 0xBE, 0xA2, 0xA3, 0x9E, 0x61, 0x48, 0x00,
556 0x8F, 0xD0, 0x5E, 0x44 },
557 { 0x7F, 0xB3, 0xCB, 0x35, 0x88, 0xC6, 0xC1, 0xF6,
558 0xFF, 0xA9, 0x69, 0x4D, 0x7D, 0x6A, 0xD2, 0x64,
559 0x93, 0x65, 0xB0, 0xC1, 0xF6, 0x5D, 0x69, 0xD1,
560 0xEC, 0x83, 0x33, 0xEA },
561 { 0x6C, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3C, 0xAC,
562 0x6A, 0x2A, 0xBC, 0x1B, 0xB3, 0x82, 0x62, 0x7C,
563 0xEC, 0x6A, 0x90, 0xD8, 0x6E, 0xFC, 0x01, 0x2D,
564 0xE7, 0xAF, 0xEC, 0x5A },
565 { 0x0E, 0x2A, 0xEA, 0x68, 0xA9, 0x0C, 0x8D, 0x37,
566 0xC9, 0x88, 0xBC, 0xDB, 0x9F, 0xCA, 0x6F, 0xA8 },
567 { 0x95, 0xE9, 0xA0, 0xDB, 0x96, 0x20, 0x95, 0xAD,
568 0xAE, 0xBE, 0x9B, 0x2D, 0x6F, 0x0D, 0xBC, 0xE2,
569 0xD4, 0x99, 0xF1, 0x12, 0xF2, 0xD2, 0xB7, 0x27,
570 0x3F, 0xA6, 0x87, 0x0E },
571 { 0x3A, 0x85, 0x41, 0x66, 0xAC, 0x5D, 0x9F, 0x02,
572 0x3F, 0x54, 0xD5, 0x17, 0xD0, 0xB3, 0x9D, 0xBD,
573 0x94, 0x67, 0x70, 0xDB, 0x9C, 0x2B, 0x95, 0xC9,
574 0xF6, 0xF5, 0x65, 0xD1 },
575
576 /*
577 * HMAC-SHA-256 test vectors
578 */
579 { 0xB0, 0x34, 0x4C, 0x61, 0xD8, 0xDB, 0x38, 0x53,
580 0x5C, 0xA8, 0xAF, 0xCE, 0xAF, 0x0B, 0xF1, 0x2B,
581 0x88, 0x1D, 0xC2, 0x00, 0xC9, 0x83, 0x3D, 0xA7,
582 0x26, 0xE9, 0x37, 0x6C, 0x2E, 0x32, 0xCF, 0xF7 },
583 { 0x5B, 0xDC, 0xC1, 0x46, 0xBF, 0x60, 0x75, 0x4E,
584 0x6A, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xC7,
585 0x5A, 0x00, 0x3F, 0x08, 0x9D, 0x27, 0x39, 0x83,
586 0x9D, 0xEC, 0x58, 0xB9, 0x64, 0xEC, 0x38, 0x43 },
587 { 0x77, 0x3E, 0xA9, 0x1E, 0x36, 0x80, 0x0E, 0x46,
588 0x85, 0x4D, 0xB8, 0xEB, 0xD0, 0x91, 0x81, 0xA7,
589 0x29, 0x59, 0x09, 0x8B, 0x3E, 0xF8, 0xC1, 0x22,
590 0xD9, 0x63, 0x55, 0x14, 0xCE, 0xD5, 0x65, 0xFE },
591 { 0x82, 0x55, 0x8A, 0x38, 0x9A, 0x44, 0x3C, 0x0E,
592 0xA4, 0xCC, 0x81, 0x98, 0x99, 0xF2, 0x08, 0x3A,
593 0x85, 0xF0, 0xFA, 0xA3, 0xE5, 0x78, 0xF8, 0x07,
594 0x7A, 0x2E, 0x3F, 0xF4, 0x67, 0x29, 0x66, 0x5B },
595 { 0xA3, 0xB6, 0x16, 0x74, 0x73, 0x10, 0x0E, 0xE0,
596 0x6E, 0x0C, 0x79, 0x6C, 0x29, 0x55, 0x55, 0x2B },
597 { 0x60, 0xE4, 0x31, 0x59, 0x1E, 0xE0, 0xB6, 0x7F,
598 0x0D, 0x8A, 0x26, 0xAA, 0xCB, 0xF5, 0xB7, 0x7F,
599 0x8E, 0x0B, 0xC6, 0x21, 0x37, 0x28, 0xC5, 0x14,
600 0x05, 0x46, 0x04, 0x0F, 0x0E, 0xE3, 0x7F, 0x54 },
601 { 0x9B, 0x09, 0xFF, 0xA7, 0x1B, 0x94, 0x2F, 0xCB,
602 0x27, 0x63, 0x5F, 0xBC, 0xD5, 0xB0, 0xE9, 0x44,
603 0xBF, 0xDC, 0x63, 0x64, 0x4F, 0x07, 0x13, 0x93,
604 0x8A, 0x7F, 0x51, 0x53, 0x5C, 0x3A, 0x35, 0xE2 }
605};
606
607/*
608 * Checkup routine
609 */
610int sha2_self_test( int verbose )
611{
612 int i, j, k, buflen;
613 unsigned char buf[1024];
614 unsigned char sha2sum[32];
615 sha2_context ctx;
616
617 for( i = 0; i < 6; i++ )
618 {
619 j = i % 3;
620 k = i < 3;
621
622 if( verbose != 0 )
623 printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
624
625 sha2_starts( &ctx, k );
626
627 if( j == 2 )
628 {
629 memset( buf, 'a', buflen = 1000 );
630
631 for( j = 0; j < 1000; j++ )
632 sha2_update( &ctx, buf, buflen );
633 }
634 else
635 sha2_update( &ctx, sha2_test_buf[j],
636 sha2_test_buflen[j] );
637
638 sha2_finish( &ctx, sha2sum );
639
640 if( memcmp( sha2sum, sha2_test_sum[i], 32 - k * 4 ) != 0 )
641 {
642 if( verbose != 0 )
643 printf( "failed\n" );
644
645 return( 1 );
646 }
647
648 if( verbose != 0 )
649 printf( "passed\n" );
650 }
651
652 if( verbose != 0 )
653 printf( "\n" );
654
655 for( i = 0; i < 14; i++ )
656 {
657 j = i % 7;
658 k = i < 7;
659
660 if( verbose != 0 )
661 printf( " HMAC-SHA-%d test #%d: ", 256 - k * 32, j + 1 );
662
663 if( j == 5 || j == 6 )
664 {
665 memset( buf, '\xAA', buflen = 131 );
666 sha2_hmac_starts( &ctx, buf, buflen, k );
667 }
668 else
669 sha2_hmac_starts( &ctx, sha2_hmac_test_key[j],
670 sha2_hmac_test_keylen[j], k );
671
672 sha2_hmac_update( &ctx, sha2_hmac_test_buf[j],
673 sha2_hmac_test_buflen[j] );
674
675 sha2_hmac_finish( &ctx, sha2sum );
676
677 buflen = ( j == 4 ) ? 16 : 32 - k * 4;
678
679 if( memcmp( sha2sum, sha2_hmac_test_sum[i], buflen ) != 0 )
680 {
681 if( verbose != 0 )
682 printf( "failed\n" );
683
684 return( 1 );
685 }
686
687 if( verbose != 0 )
688 printf( "passed\n" );
689 }
690
691 if( verbose != 0 )
692 printf( "\n" );
693
694 return( 0 );
695}
696
697#endif
698
699#endif