TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 8cfd9d8c599c97b6d8cc60c5934d6e25780cfa58 / . / library / sha512.c
blob: a29c80a5aa0e13b890c5bbff753507f5bbf0d1ff [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-2 compliant SHA-384/512 implementation
3 *
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]4 * Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The SHA-512 Secure Hash Standard was published by NIST in 2002.
27 *
28 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
29 */
30
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]31#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]32#include "polarssl/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]33#else
34#include POLARSSL_CONFIG_FILE
35#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]36
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]37#if defined(POLARSSL_SHA512_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]38
Paul Bakkerd2681d82013-06-30 14:49:12 +0200[diff] [blame]39#include "polarssl/sha512.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]40
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]41#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]42#include <stdio.h>
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]43#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]44
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]45#if defined(POLARSSL_PLATFORM_C)
46#include "polarssl/platform.h"
47#else
48#define polarssl_printf printf
49#endif
50
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]51/* Implementation that should never be optimized out by the compiler */
52static void polarssl_zeroize( void *v, size_t n ) {
53 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
54}
55
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]56#if !defined(POLARSSL_SHA512_ALT)
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]57
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]58/*
59 * 64-bit integer manipulation macros (big endian)
60 */
61#ifndef GET_UINT64_BE
62#define GET_UINT64_BE(n,b,i) \
63{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]64 (n) = ( (uint64_t) (b)[(i) ] << 56 ) \
65 | ( (uint64_t) (b)[(i) + 1] << 48 ) \
66 | ( (uint64_t) (b)[(i) + 2] << 40 ) \
67 | ( (uint64_t) (b)[(i) + 3] << 32 ) \
68 | ( (uint64_t) (b)[(i) + 4] << 24 ) \
69 | ( (uint64_t) (b)[(i) + 5] << 16 ) \
70 | ( (uint64_t) (b)[(i) + 6] << 8 ) \
71 | ( (uint64_t) (b)[(i) + 7] ); \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]72}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]73#endif /* GET_UINT64_BE */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]74
75#ifndef PUT_UINT64_BE
76#define PUT_UINT64_BE(n,b,i) \
77{ \
78 (b)[(i) ] = (unsigned char) ( (n) >> 56 ); \
79 (b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \
80 (b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \
81 (b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \
82 (b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \
83 (b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \
84 (b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \
85 (b)[(i) + 7] = (unsigned char) ( (n) ); \
86}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]87#endif /* PUT_UINT64_BE */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]88
89/*
90 * Round constants
91 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]92static const uint64_t K[80] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]93{
94 UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
95 UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
96 UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
97 UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
98 UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
99 UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
100 UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
101 UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
102 UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
103 UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
104 UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
105 UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
106 UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
107 UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
108 UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
109 UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
110 UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
111 UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
112 UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
113 UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
114 UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
115 UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
116 UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
117 UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
118 UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
119 UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
120 UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
121 UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
122 UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
123 UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
124 UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
125 UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
126 UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
127 UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
128 UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
129 UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
130 UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
131 UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
132 UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
133 UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
134};
135
136/*
137 * SHA-512 context setup
138 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]139void sha512_starts( sha512_context *ctx, int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]140{
141 ctx->total[0] = 0;
142 ctx->total[1] = 0;
143
144 if( is384 == 0 )
145 {
146 /* SHA-512 */
147 ctx->state[0] = UL64(0x6A09E667F3BCC908);
148 ctx->state[1] = UL64(0xBB67AE8584CAA73B);
149 ctx->state[2] = UL64(0x3C6EF372FE94F82B);
150 ctx->state[3] = UL64(0xA54FF53A5F1D36F1);
151 ctx->state[4] = UL64(0x510E527FADE682D1);
152 ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
153 ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
154 ctx->state[7] = UL64(0x5BE0CD19137E2179);
155 }
156 else
157 {
158 /* SHA-384 */
159 ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
160 ctx->state[1] = UL64(0x629A292A367CD507);
161 ctx->state[2] = UL64(0x9159015A3070DD17);
162 ctx->state[3] = UL64(0x152FECD8F70E5939);
163 ctx->state[4] = UL64(0x67332667FFC00B31);
164 ctx->state[5] = UL64(0x8EB44A8768581511);
165 ctx->state[6] = UL64(0xDB0C2E0D64F98FA7);
166 ctx->state[7] = UL64(0x47B5481DBEFA4FA4);
167 }
168
169 ctx->is384 = is384;
170}
171
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]172void sha512_process( sha512_context *ctx, const unsigned char data[128] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]173{
174 int i;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]175 uint64_t temp1, temp2, W[80];
176 uint64_t A, B, C, D, E, F, G, H;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]177
178#define SHR(x,n) (x >> n)
179#define ROTR(x,n) (SHR(x,n) | (x << (64 - n)))
180
181#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7))
182#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6))
183
184#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
185#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
186
187#define F0(x,y,z) ((x & y) | (z & (x | y)))
188#define F1(x,y,z) (z ^ (x & (y ^ z)))
189
190#define P(a,b,c,d,e,f,g,h,x,K) \
191{ \
192 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
193 temp2 = S2(a) + F0(a,b,c); \
194 d += temp1; h = temp1 + temp2; \
195}
196
197 for( i = 0; i < 16; i++ )
198 {
199 GET_UINT64_BE( W[i], data, i << 3 );
200 }
201
202 for( ; i < 80; i++ )
203 {
204 W[i] = S1(W[i - 2]) + W[i - 7] +
205 S0(W[i - 15]) + W[i - 16];
206 }
207
208 A = ctx->state[0];
209 B = ctx->state[1];
210 C = ctx->state[2];
211 D = ctx->state[3];
212 E = ctx->state[4];
213 F = ctx->state[5];
214 G = ctx->state[6];
215 H = ctx->state[7];
216 i = 0;
217
218 do
219 {
220 P( A, B, C, D, E, F, G, H, W[i], K[i] ); i++;
221 P( H, A, B, C, D, E, F, G, W[i], K[i] ); i++;
222 P( G, H, A, B, C, D, E, F, W[i], K[i] ); i++;
223 P( F, G, H, A, B, C, D, E, W[i], K[i] ); i++;
224 P( E, F, G, H, A, B, C, D, W[i], K[i] ); i++;
225 P( D, E, F, G, H, A, B, C, W[i], K[i] ); i++;
226 P( C, D, E, F, G, H, A, B, W[i], K[i] ); i++;
227 P( B, C, D, E, F, G, H, A, W[i], K[i] ); i++;
228 }
229 while( i < 80 );
230
231 ctx->state[0] += A;
232 ctx->state[1] += B;
233 ctx->state[2] += C;
234 ctx->state[3] += D;
235 ctx->state[4] += E;
236 ctx->state[5] += F;
237 ctx->state[6] += G;
238 ctx->state[7] += H;
239}
240
241/*
242 * SHA-512 process buffer
243 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]244void sha512_update( sha512_context *ctx, const unsigned char *input,
245 size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]246{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]247 size_t fill;
Paul Bakkerb8213a12011-07-11 08:16:18 +0000[diff] [blame]248 unsigned int left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]249
Brian White12895d12014-04-11 11:29:42 -0400[diff] [blame]250 if( ilen == 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]251 return;
252
Paul Bakkerb8213a12011-07-11 08:16:18 +0000[diff] [blame]253 left = (unsigned int) (ctx->total[0] & 0x7F);
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]254 fill = 128 - left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]255
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]256 ctx->total[0] += (uint64_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]257
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]258 if( ctx->total[0] < (uint64_t) ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]259 ctx->total[1]++;
260
261 if( left && ilen >= fill )
262 {
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]263 memcpy( (void *) (ctx->buffer + left), input, fill );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]264 sha512_process( ctx, ctx->buffer );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]265 input += fill;
266 ilen -= fill;
267 left = 0;
268 }
269
270 while( ilen >= 128 )
271 {
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]272 sha512_process( ctx, input );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]273 input += 128;
274 ilen -= 128;
275 }
276
277 if( ilen > 0 )
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]278 memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]279}
280
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]281static const unsigned char sha512_padding[128] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]282{
283 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
284 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
285 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
286 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
287 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
288 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
289 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
290 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
291};
292
293/*
294 * SHA-512 final digest
295 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]296void sha512_finish( sha512_context *ctx, unsigned char output[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]297{
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]298 size_t last, padn;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]299 uint64_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]300 unsigned char msglen[16];
301
302 high = ( ctx->total[0] >> 61 )
303 | ( ctx->total[1] << 3 );
304 low = ( ctx->total[0] << 3 );
305
306 PUT_UINT64_BE( high, msglen, 0 );
307 PUT_UINT64_BE( low, msglen, 8 );
308
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]309 last = (size_t)( ctx->total[0] & 0x7F );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]310 padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
311
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]312 sha512_update( ctx, sha512_padding, padn );
313 sha512_update( ctx, msglen, 16 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]314
315 PUT_UINT64_BE( ctx->state[0], output, 0 );
316 PUT_UINT64_BE( ctx->state[1], output, 8 );
317 PUT_UINT64_BE( ctx->state[2], output, 16 );
318 PUT_UINT64_BE( ctx->state[3], output, 24 );
319 PUT_UINT64_BE( ctx->state[4], output, 32 );
320 PUT_UINT64_BE( ctx->state[5], output, 40 );
321
322 if( ctx->is384 == 0 )
323 {
324 PUT_UINT64_BE( ctx->state[6], output, 48 );
325 PUT_UINT64_BE( ctx->state[7], output, 56 );
326 }
327}
328
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]329#endif /* !POLARSSL_SHA512_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]330
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]331/*
332 * output = SHA-512( input buffer )
333 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]334void sha512( const unsigned char *input, size_t ilen,
335 unsigned char output[64], int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]336{
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]337 sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]338
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]339 sha512_starts( &ctx, is384 );
340 sha512_update( &ctx, input, ilen );
341 sha512_finish( &ctx, output );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]342
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]343 polarssl_zeroize( &ctx, sizeof( sha512_context ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]344}
345
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]346#if defined(POLARSSL_FS_IO)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]347/*
348 * output = SHA-512( file contents )
349 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]350int sha512_file( const char *path, unsigned char output[64], int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]351{
352 FILE *f;
353 size_t n;
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]354 sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]355 unsigned char buf[1024];
356
357 if( ( f = fopen( path, "rb" ) ) == NULL )
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]358 return( POLARSSL_ERR_SHA512_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]359
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]360 sha512_starts( &ctx, is384 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]361
362 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]363 sha512_update( &ctx, buf, n );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]364
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]365 sha512_finish( &ctx, output );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]366
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]367 polarssl_zeroize( &ctx, sizeof( sha512_context ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]368
369 if( ferror( f ) != 0 )
370 {
371 fclose( f );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]372 return( POLARSSL_ERR_SHA512_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]373 }
374
375 fclose( f );
376 return( 0 );
377}
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]378#endif /* POLARSSL_FS_IO */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]379
380/*
381 * SHA-512 HMAC context setup
382 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]383void sha512_hmac_starts( sha512_context *ctx, const unsigned char *key,
384 size_t keylen, int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]385{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]386 size_t i;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]387 unsigned char sum[64];
388
389 if( keylen > 128 )
390 {
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]391 sha512( key, keylen, sum, is384 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]392 keylen = ( is384 ) ? 48 : 64;
393 key = sum;
394 }
395
396 memset( ctx->ipad, 0x36, 128 );
397 memset( ctx->opad, 0x5C, 128 );
398
399 for( i = 0; i < keylen; i++ )
400 {
401 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
402 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
403 }
404
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]405 sha512_starts( ctx, is384 );
406 sha512_update( ctx, ctx->ipad, 128 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]407
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]408 polarssl_zeroize( sum, sizeof( sum ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]409}
410
411/*
412 * SHA-512 HMAC process buffer
413 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]414void sha512_hmac_update( sha512_context *ctx,
415 const unsigned char *input, size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]416{
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]417 sha512_update( ctx, input, ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]418}
419
420/*
421 * SHA-512 HMAC final digest
422 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]423void sha512_hmac_finish( sha512_context *ctx, unsigned char output[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]424{
425 int is384, hlen;
426 unsigned char tmpbuf[64];
427
428 is384 = ctx->is384;
429 hlen = ( is384 == 0 ) ? 64 : 48;
430
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]431 sha512_finish( ctx, tmpbuf );
432 sha512_starts( ctx, is384 );
433 sha512_update( ctx, ctx->opad, 128 );
434 sha512_update( ctx, tmpbuf, hlen );
435 sha512_finish( ctx, output );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]436
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]437 polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]438}
439
440/*
Paul Bakker7d3b6612010-03-21 16:23:13 +0000[diff] [blame]441 * SHA-512 HMAC context reset
442 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]443void sha512_hmac_reset( sha512_context *ctx )
Paul Bakker7d3b6612010-03-21 16:23:13 +0000[diff] [blame]444{
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]445 sha512_starts( ctx, ctx->is384 );
446 sha512_update( ctx, ctx->ipad, 128 );
Paul Bakker7d3b6612010-03-21 16:23:13 +0000[diff] [blame]447}
448
449/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]450 * output = HMAC-SHA-512( hmac key, input buffer )
451 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]452void sha512_hmac( const unsigned char *key, size_t keylen,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]453 const unsigned char *input, size_t ilen,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]454 unsigned char output[64], int is384 )
455{
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]456 sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]457
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]458 sha512_hmac_starts( &ctx, key, keylen, is384 );
459 sha512_hmac_update( &ctx, input, ilen );
460 sha512_hmac_finish( &ctx, output );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]461
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]462 polarssl_zeroize( &ctx, sizeof( sha512_context ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]463}
464
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]465#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]466
467/*
468 * FIPS-180-2 test vectors
469 */
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]470static unsigned char sha512_test_buf[3][113] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]471{
472 { "abc" },
473 { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
474 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" },
475 { "" }
476};
477
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]478static const int sha512_test_buflen[3] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]479{
480 3, 112, 1000
481};
482
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]483static const unsigned char sha512_test_sum[6][64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]484{
485 /*
486 * SHA-384 test vectors
487 */
488 { 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
489 0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
490 0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
491 0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED,
492 0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23,
493 0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7 },
494 { 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8,
495 0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47,
496 0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2,
497 0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12,
498 0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9,
499 0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39 },
500 { 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB,
501 0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C,
502 0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52,
503 0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B,
504 0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB,
505 0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 },
506
507 /*
508 * SHA-512 test vectors
509 */
510 { 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA,
511 0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31,
512 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
513 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A,
514 0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8,
515 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
516 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E,
517 0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F },
518 { 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA,
519 0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F,
520 0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1,
521 0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18,
522 0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4,
523 0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A,
524 0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54,
525 0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09 },
526 { 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64,
527 0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63,
528 0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28,
529 0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB,
530 0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A,
531 0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B,
532 0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E,
533 0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B }
534};
535
536/*
537 * RFC 4231 test vectors
538 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]539static unsigned char sha512_hmac_test_key[7][26] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]540{
541 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
542 "\x0B\x0B\x0B\x0B" },
543 { "Jefe" },
544 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
545 "\xAA\xAA\xAA\xAA" },
546 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
547 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
548 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
549 "\x0C\x0C\x0C\x0C" },
550 { "" }, /* 0xAA 131 times */
551 { "" }
552};
553
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]554static const int sha512_hmac_test_keylen[7] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]555{
556 20, 4, 20, 25, 20, 131, 131
557};
558
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]559static unsigned char sha512_hmac_test_buf[7][153] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]560{
561 { "Hi There" },
562 { "what do ya want for nothing?" },
563 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
564 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
565 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
566 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
567 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
568 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
569 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
570 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
571 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
572 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
573 { "Test With Truncation" },
574 { "Test Using Larger Than Block-Size Key - Hash Key First" },
575 { "This is a test using a larger than block-size key "
576 "and a larger than block-size data. The key needs to "
577 "be hashed before being used by the HMAC algorithm." }
578};
579
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]580static const int sha512_hmac_test_buflen[7] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]581{
582 8, 28, 50, 50, 20, 54, 152
583};
584
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]585static const unsigned char sha512_hmac_test_sum[14][64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]586{
587 /*
588 * HMAC-SHA-384 test vectors
589 */
590 { 0xAF, 0xD0, 0x39, 0x44, 0xD8, 0x48, 0x95, 0x62,
591 0x6B, 0x08, 0x25, 0xF4, 0xAB, 0x46, 0x90, 0x7F,
592 0x15, 0xF9, 0xDA, 0xDB, 0xE4, 0x10, 0x1E, 0xC6,
593 0x82, 0xAA, 0x03, 0x4C, 0x7C, 0xEB, 0xC5, 0x9C,
594 0xFA, 0xEA, 0x9E, 0xA9, 0x07, 0x6E, 0xDE, 0x7F,
595 0x4A, 0xF1, 0x52, 0xE8, 0xB2, 0xFA, 0x9C, 0xB6 },
596 { 0xAF, 0x45, 0xD2, 0xE3, 0x76, 0x48, 0x40, 0x31,
597 0x61, 0x7F, 0x78, 0xD2, 0xB5, 0x8A, 0x6B, 0x1B,
598 0x9C, 0x7E, 0xF4, 0x64, 0xF5, 0xA0, 0x1B, 0x47,
599 0xE4, 0x2E, 0xC3, 0x73, 0x63, 0x22, 0x44, 0x5E,
600 0x8E, 0x22, 0x40, 0xCA, 0x5E, 0x69, 0xE2, 0xC7,
601 0x8B, 0x32, 0x39, 0xEC, 0xFA, 0xB2, 0x16, 0x49 },
602 { 0x88, 0x06, 0x26, 0x08, 0xD3, 0xE6, 0xAD, 0x8A,
603 0x0A, 0xA2, 0xAC, 0xE0, 0x14, 0xC8, 0xA8, 0x6F,
604 0x0A, 0xA6, 0x35, 0xD9, 0x47, 0xAC, 0x9F, 0xEB,
605 0xE8, 0x3E, 0xF4, 0xE5, 0x59, 0x66, 0x14, 0x4B,
606 0x2A, 0x5A, 0xB3, 0x9D, 0xC1, 0x38, 0x14, 0xB9,
607 0x4E, 0x3A, 0xB6, 0xE1, 0x01, 0xA3, 0x4F, 0x27 },
608 { 0x3E, 0x8A, 0x69, 0xB7, 0x78, 0x3C, 0x25, 0x85,
609 0x19, 0x33, 0xAB, 0x62, 0x90, 0xAF, 0x6C, 0xA7,
610 0x7A, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9C,
611 0xC5, 0x57, 0x7C, 0x6E, 0x1F, 0x57, 0x3B, 0x4E,
612 0x68, 0x01, 0xDD, 0x23, 0xC4, 0xA7, 0xD6, 0x79,
613 0xCC, 0xF8, 0xA3, 0x86, 0xC6, 0x74, 0xCF, 0xFB },
614 { 0x3A, 0xBF, 0x34, 0xC3, 0x50, 0x3B, 0x2A, 0x23,
615 0xA4, 0x6E, 0xFC, 0x61, 0x9B, 0xAE, 0xF8, 0x97 },
616 { 0x4E, 0xCE, 0x08, 0x44, 0x85, 0x81, 0x3E, 0x90,
617 0x88, 0xD2, 0xC6, 0x3A, 0x04, 0x1B, 0xC5, 0xB4,
618 0x4F, 0x9E, 0xF1, 0x01, 0x2A, 0x2B, 0x58, 0x8F,
619 0x3C, 0xD1, 0x1F, 0x05, 0x03, 0x3A, 0xC4, 0xC6,
620 0x0C, 0x2E, 0xF6, 0xAB, 0x40, 0x30, 0xFE, 0x82,
621 0x96, 0x24, 0x8D, 0xF1, 0x63, 0xF4, 0x49, 0x52 },
622 { 0x66, 0x17, 0x17, 0x8E, 0x94, 0x1F, 0x02, 0x0D,
623 0x35, 0x1E, 0x2F, 0x25, 0x4E, 0x8F, 0xD3, 0x2C,
624 0x60, 0x24, 0x20, 0xFE, 0xB0, 0xB8, 0xFB, 0x9A,
625 0xDC, 0xCE, 0xBB, 0x82, 0x46, 0x1E, 0x99, 0xC5,
626 0xA6, 0x78, 0xCC, 0x31, 0xE7, 0x99, 0x17, 0x6D,
627 0x38, 0x60, 0xE6, 0x11, 0x0C, 0x46, 0x52, 0x3E },
628
629 /*
630 * HMAC-SHA-512 test vectors
631 */
632 { 0x87, 0xAA, 0x7C, 0xDE, 0xA5, 0xEF, 0x61, 0x9D,
633 0x4F, 0xF0, 0xB4, 0x24, 0x1A, 0x1D, 0x6C, 0xB0,
634 0x23, 0x79, 0xF4, 0xE2, 0xCE, 0x4E, 0xC2, 0x78,
635 0x7A, 0xD0, 0xB3, 0x05, 0x45, 0xE1, 0x7C, 0xDE,
636 0xDA, 0xA8, 0x33, 0xB7, 0xD6, 0xB8, 0xA7, 0x02,
637 0x03, 0x8B, 0x27, 0x4E, 0xAE, 0xA3, 0xF4, 0xE4,
638 0xBE, 0x9D, 0x91, 0x4E, 0xEB, 0x61, 0xF1, 0x70,
639 0x2E, 0x69, 0x6C, 0x20, 0x3A, 0x12, 0x68, 0x54 },
640 { 0x16, 0x4B, 0x7A, 0x7B, 0xFC, 0xF8, 0x19, 0xE2,
641 0xE3, 0x95, 0xFB, 0xE7, 0x3B, 0x56, 0xE0, 0xA3,
642 0x87, 0xBD, 0x64, 0x22, 0x2E, 0x83, 0x1F, 0xD6,
643 0x10, 0x27, 0x0C, 0xD7, 0xEA, 0x25, 0x05, 0x54,
644 0x97, 0x58, 0xBF, 0x75, 0xC0, 0x5A, 0x99, 0x4A,
645 0x6D, 0x03, 0x4F, 0x65, 0xF8, 0xF0, 0xE6, 0xFD,
646 0xCA, 0xEA, 0xB1, 0xA3, 0x4D, 0x4A, 0x6B, 0x4B,
647 0x63, 0x6E, 0x07, 0x0A, 0x38, 0xBC, 0xE7, 0x37 },
648 { 0xFA, 0x73, 0xB0, 0x08, 0x9D, 0x56, 0xA2, 0x84,
649 0xEF, 0xB0, 0xF0, 0x75, 0x6C, 0x89, 0x0B, 0xE9,
650 0xB1, 0xB5, 0xDB, 0xDD, 0x8E, 0xE8, 0x1A, 0x36,
651 0x55, 0xF8, 0x3E, 0x33, 0xB2, 0x27, 0x9D, 0x39,
652 0xBF, 0x3E, 0x84, 0x82, 0x79, 0xA7, 0x22, 0xC8,
653 0x06, 0xB4, 0x85, 0xA4, 0x7E, 0x67, 0xC8, 0x07,
654 0xB9, 0x46, 0xA3, 0x37, 0xBE, 0xE8, 0x94, 0x26,
655 0x74, 0x27, 0x88, 0x59, 0xE1, 0x32, 0x92, 0xFB },
656 { 0xB0, 0xBA, 0x46, 0x56, 0x37, 0x45, 0x8C, 0x69,
657 0x90, 0xE5, 0xA8, 0xC5, 0xF6, 0x1D, 0x4A, 0xF7,
658 0xE5, 0x76, 0xD9, 0x7F, 0xF9, 0x4B, 0x87, 0x2D,
659 0xE7, 0x6F, 0x80, 0x50, 0x36, 0x1E, 0xE3, 0xDB,
660 0xA9, 0x1C, 0xA5, 0xC1, 0x1A, 0xA2, 0x5E, 0xB4,
661 0xD6, 0x79, 0x27, 0x5C, 0xC5, 0x78, 0x80, 0x63,
662 0xA5, 0xF1, 0x97, 0x41, 0x12, 0x0C, 0x4F, 0x2D,
663 0xE2, 0xAD, 0xEB, 0xEB, 0x10, 0xA2, 0x98, 0xDD },
664 { 0x41, 0x5F, 0xAD, 0x62, 0x71, 0x58, 0x0A, 0x53,
665 0x1D, 0x41, 0x79, 0xBC, 0x89, 0x1D, 0x87, 0xA6 },
666 { 0x80, 0xB2, 0x42, 0x63, 0xC7, 0xC1, 0xA3, 0xEB,
667 0xB7, 0x14, 0x93, 0xC1, 0xDD, 0x7B, 0xE8, 0xB4,
668 0x9B, 0x46, 0xD1, 0xF4, 0x1B, 0x4A, 0xEE, 0xC1,
669 0x12, 0x1B, 0x01, 0x37, 0x83, 0xF8, 0xF3, 0x52,
670 0x6B, 0x56, 0xD0, 0x37, 0xE0, 0x5F, 0x25, 0x98,
671 0xBD, 0x0F, 0xD2, 0x21, 0x5D, 0x6A, 0x1E, 0x52,
672 0x95, 0xE6, 0x4F, 0x73, 0xF6, 0x3F, 0x0A, 0xEC,
673 0x8B, 0x91, 0x5A, 0x98, 0x5D, 0x78, 0x65, 0x98 },
674 { 0xE3, 0x7B, 0x6A, 0x77, 0x5D, 0xC8, 0x7D, 0xBA,
675 0xA4, 0xDF, 0xA9, 0xF9, 0x6E, 0x5E, 0x3F, 0xFD,
676 0xDE, 0xBD, 0x71, 0xF8, 0x86, 0x72, 0x89, 0x86,
677 0x5D, 0xF5, 0xA3, 0x2D, 0x20, 0xCD, 0xC9, 0x44,
678 0xB6, 0x02, 0x2C, 0xAC, 0x3C, 0x49, 0x82, 0xB1,
679 0x0D, 0x5E, 0xEB, 0x55, 0xC3, 0xE4, 0xDE, 0x15,
680 0x13, 0x46, 0x76, 0xFB, 0x6D, 0xE0, 0x44, 0x60,
681 0x65, 0xC9, 0x74, 0x40, 0xFA, 0x8C, 0x6A, 0x58 }
682};
683
684/*
685 * Checkup routine
686 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]687int sha512_self_test( int verbose )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]688{
689 int i, j, k, buflen;
690 unsigned char buf[1024];
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]691 unsigned char sha512sum[64];
692 sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]693
694 for( i = 0; i < 6; i++ )
695 {
696 j = i % 3;
697 k = i < 3;
698
699 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]700 polarssl_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]701
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]702 sha512_starts( &ctx, k );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]703
704 if( j == 2 )
705 {
706 memset( buf, 'a', buflen = 1000 );
707
708 for( j = 0; j < 1000; j++ )
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]709 sha512_update( &ctx, buf, buflen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]710 }
711 else
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]712 sha512_update( &ctx, sha512_test_buf[j],
713 sha512_test_buflen[j] );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]714
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]715 sha512_finish( &ctx, sha512sum );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]716
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]717 if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]718 {
719 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]720 polarssl_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]721
722 return( 1 );
723 }
724
725 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]726 polarssl_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]727 }
728
729 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]730 polarssl_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]731
732 for( i = 0; i < 14; i++ )
733 {
734 j = i % 7;
735 k = i < 7;
736
737 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]738 polarssl_printf( " HMAC-SHA-%d test #%d: ", 512 - k * 128, j + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]739
740 if( j == 5 || j == 6 )
741 {
742 memset( buf, '\xAA', buflen = 131 );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]743 sha512_hmac_starts( &ctx, buf, buflen, k );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]744 }
745 else
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]746 sha512_hmac_starts( &ctx, sha512_hmac_test_key[j],
747 sha512_hmac_test_keylen[j], k );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]748
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]749 sha512_hmac_update( &ctx, sha512_hmac_test_buf[j],
750 sha512_hmac_test_buflen[j] );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]751
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]752 sha512_hmac_finish( &ctx, sha512sum );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]753
754 buflen = ( j == 4 ) ? 16 : 64 - k * 16;
755
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]756 if( memcmp( sha512sum, sha512_hmac_test_sum[i], buflen ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]757 {
758 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]759 polarssl_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]760
761 return( 1 );
762 }
763
764 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]765 polarssl_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]766 }
767
768 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]769 polarssl_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]770
771 return( 0 );
772}
773
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]774#endif /* POLARSSL_SELF_TEST */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]775
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]776#endif /* POLARSSL_SHA512_C */