Hannes Tschofenig
/
aes-gcm-test-program
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
sha256.c
00001 /* 00002 * FIPS-180-2 compliant SHA-256 implementation 00003 * 00004 * Copyright (C) 2006-2014, Brainspark B.V. 00005 * 00006 * This file is part of PolarSSL (http://www.polarssl.org) 00007 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> 00008 * 00009 * All rights reserved. 00010 * 00011 * This program is free software; you can redistribute it and/or modify 00012 * it under the terms of the GNU General Public License as published by 00013 * the Free Software Foundation; either version 2 of the License, or 00014 * (at your option) any later version. 00015 * 00016 * This program is distributed in the hope that it will be useful, 00017 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00018 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00019 * GNU General Public License for more details. 00020 * 00021 * You should have received a copy of the GNU General Public License along 00022 * with this program; if not, write to the Free Software Foundation, Inc., 00023 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00024 */ 00025 /* 00026 * The SHA-256 Secure Hash Standard was published by NIST in 2002. 00027 * 00028 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf 00029 */ 00030 00031 #if !defined(POLARSSL_CONFIG_FILE) 00032 #include "polarssl/config.h" 00033 #else 00034 #include POLARSSL_CONFIG_FILE 00035 #endif 00036 00037 #if defined(POLARSSL_SHA256_C) 00038 00039 #include "polarssl/sha256.h" 00040 00041 #if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST) 00042 #include <stdio.h> 00043 #endif 00044 00045 #if defined(POLARSSL_PLATFORM_C) 00046 #include "polarssl/platform.h" 00047 #else 00048 #define polarssl_printf printf 00049 #endif 00050 00051 #if !defined(POLARSSL_SHA256_ALT) 00052 00053 /* 00054 * 32-bit integer manipulation macros (big endian) 00055 */ 00056 #ifndef GET_UINT32_BE 00057 #define GET_UINT32_BE(n,b,i) \ 00058 { \ 00059 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ 00060 | ( (uint32_t) (b)[(i) + 1] << 16 ) \ 00061 | ( (uint32_t) (b)[(i) + 2] << 8 ) \ 00062 | ( (uint32_t) (b)[(i) + 3] ); \ 00063 } 00064 #endif 00065 00066 #ifndef PUT_UINT32_BE 00067 #define PUT_UINT32_BE(n,b,i) \ 00068 { \ 00069 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 00070 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 00071 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 00072 (b)[(i) + 3] = (unsigned char) ( (n) ); \ 00073 } 00074 #endif 00075 00076 /* 00077 * SHA-256 context setup 00078 */ 00079 void sha256_starts( sha256_context *ctx, int is224 ) 00080 { 00081 ctx->total [0] = 0; 00082 ctx->total [1] = 0; 00083 00084 if( is224 == 0 ) 00085 { 00086 /* SHA-256 */ 00087 ctx->state [0] = 0x6A09E667; 00088 ctx->state [1] = 0xBB67AE85; 00089 ctx->state [2] = 0x3C6EF372; 00090 ctx->state [3] = 0xA54FF53A; 00091 ctx->state [4] = 0x510E527F; 00092 ctx->state [5] = 0x9B05688C; 00093 ctx->state [6] = 0x1F83D9AB; 00094 ctx->state [7] = 0x5BE0CD19; 00095 } 00096 else 00097 { 00098 /* SHA-224 */ 00099 ctx->state [0] = 0xC1059ED8; 00100 ctx->state [1] = 0x367CD507; 00101 ctx->state [2] = 0x3070DD17; 00102 ctx->state [3] = 0xF70E5939; 00103 ctx->state [4] = 0xFFC00B31; 00104 ctx->state [5] = 0x68581511; 00105 ctx->state [6] = 0x64F98FA7; 00106 ctx->state [7] = 0xBEFA4FA4; 00107 } 00108 00109 ctx->is224 = is224; 00110 } 00111 00112 void sha256_process( sha256_context *ctx, const unsigned char data[64] ) 00113 { 00114 uint32_t temp1, temp2, W[64]; 00115 uint32_t A, B, C, D, E, F, G, H; 00116 00117 GET_UINT32_BE( W[ 0], data, 0 ); 00118 GET_UINT32_BE( W[ 1], data, 4 ); 00119 GET_UINT32_BE( W[ 2], data, 8 ); 00120 GET_UINT32_BE( W[ 3], data, 12 ); 00121 GET_UINT32_BE( W[ 4], data, 16 ); 00122 GET_UINT32_BE( W[ 5], data, 20 ); 00123 GET_UINT32_BE( W[ 6], data, 24 ); 00124 GET_UINT32_BE( W[ 7], data, 28 ); 00125 GET_UINT32_BE( W[ 8], data, 32 ); 00126 GET_UINT32_BE( W[ 9], data, 36 ); 00127 GET_UINT32_BE( W[10], data, 40 ); 00128 GET_UINT32_BE( W[11], data, 44 ); 00129 GET_UINT32_BE( W[12], data, 48 ); 00130 GET_UINT32_BE( W[13], data, 52 ); 00131 GET_UINT32_BE( W[14], data, 56 ); 00132 GET_UINT32_BE( W[15], data, 60 ); 00133 00134 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n) 00135 #define ROTR(x,n) (SHR(x,n) | (x << (32 - n))) 00136 00137 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) 00138 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) 00139 00140 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) 00141 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) 00142 00143 #define F0(x,y,z) ((x & y) | (z & (x | y))) 00144 #define F1(x,y,z) (z ^ (x & (y ^ z))) 00145 00146 #define R(t) \ 00147 ( \ 00148 W[t] = S1(W[t - 2]) + W[t - 7] + \ 00149 S0(W[t - 15]) + W[t - 16] \ 00150 ) 00151 00152 #define P(a,b,c,d,e,f,g,h,x,K) \ 00153 { \ 00154 temp1 = h + S3(e) + F1(e,f,g) + K + x; \ 00155 temp2 = S2(a) + F0(a,b,c); \ 00156 d += temp1; h = temp1 + temp2; \ 00157 } 00158 00159 A = ctx->state [0]; 00160 B = ctx->state [1]; 00161 C = ctx->state [2]; 00162 D = ctx->state [3]; 00163 E = ctx->state [4]; 00164 F = ctx->state [5]; 00165 G = ctx->state [6]; 00166 H = ctx->state [7]; 00167 00168 P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 ); 00169 P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 ); 00170 P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF ); 00171 P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 ); 00172 P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B ); 00173 P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 ); 00174 P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 ); 00175 P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 ); 00176 P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 ); 00177 P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 ); 00178 P( G, H, A, B, C, D, E, F, W[10], 0x243185BE ); 00179 P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 ); 00180 P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 ); 00181 P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE ); 00182 P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 ); 00183 P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 ); 00184 P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 ); 00185 P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 ); 00186 P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 ); 00187 P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC ); 00188 P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F ); 00189 P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA ); 00190 P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC ); 00191 P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA ); 00192 P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 ); 00193 P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D ); 00194 P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 ); 00195 P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 ); 00196 P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 ); 00197 P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 ); 00198 P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 ); 00199 P( B, C, D, E, F, G, H, A, R(31), 0x14292967 ); 00200 P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 ); 00201 P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 ); 00202 P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC ); 00203 P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 ); 00204 P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 ); 00205 P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB ); 00206 P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E ); 00207 P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 ); 00208 P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 ); 00209 P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B ); 00210 P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 ); 00211 P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 ); 00212 P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 ); 00213 P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 ); 00214 P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 ); 00215 P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 ); 00216 P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 ); 00217 P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 ); 00218 P( G, H, A, B, C, D, E, F, R(50), 0x2748774C ); 00219 P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 ); 00220 P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 ); 00221 P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A ); 00222 P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F ); 00223 P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 ); 00224 P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE ); 00225 P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F ); 00226 P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 ); 00227 P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 ); 00228 P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA ); 00229 P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB ); 00230 P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 ); 00231 P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 ); 00232 00233 ctx->state [0] += A; 00234 ctx->state [1] += B; 00235 ctx->state [2] += C; 00236 ctx->state [3] += D; 00237 ctx->state [4] += E; 00238 ctx->state [5] += F; 00239 ctx->state [6] += G; 00240 ctx->state [7] += H; 00241 } 00242 00243 /* 00244 * SHA-256 process buffer 00245 */ 00246 void sha256_update( sha256_context *ctx, const unsigned char *input, 00247 size_t ilen ) 00248 { 00249 size_t fill; 00250 uint32_t left; 00251 00252 if( ilen <= 0 ) 00253 return; 00254 00255 left = ctx->total [0] & 0x3F; 00256 fill = 64 - left; 00257 00258 ctx->total [0] += (uint32_t) ilen; 00259 ctx->total [0] &= 0xFFFFFFFF; 00260 00261 if( ctx->total [0] < (uint32_t) ilen ) 00262 ctx->total [1]++; 00263 00264 if( left && ilen >= fill ) 00265 { 00266 memcpy( (void *) (ctx->buffer + left), input, fill ); 00267 sha256_process( ctx, ctx->buffer ); 00268 input += fill; 00269 ilen -= fill; 00270 left = 0; 00271 } 00272 00273 while( ilen >= 64 ) 00274 { 00275 sha256_process( ctx, input ); 00276 input += 64; 00277 ilen -= 64; 00278 } 00279 00280 if( ilen > 0 ) 00281 memcpy( (void *) (ctx->buffer + left), input, ilen ); 00282 } 00283 00284 static const unsigned char sha256_padding[64] = 00285 { 00286 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 00287 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 00288 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 00289 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 00290 }; 00291 00292 /* 00293 * SHA-256 final digest 00294 */ 00295 void sha256_finish( sha256_context *ctx, unsigned char output[32] ) 00296 { 00297 uint32_t last, padn; 00298 uint32_t high, low; 00299 unsigned char msglen[8]; 00300 00301 high = ( ctx->total [0] >> 29 ) 00302 | ( ctx->total [1] << 3 ); 00303 low = ( ctx->total [0] << 3 ); 00304 00305 PUT_UINT32_BE( high, msglen, 0 ); 00306 PUT_UINT32_BE( low, msglen, 4 ); 00307 00308 last = ctx->total [0] & 0x3F; 00309 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); 00310 00311 sha256_update( ctx, sha256_padding, padn ); 00312 sha256_update( ctx, msglen, 8 ); 00313 00314 PUT_UINT32_BE( ctx->state [0], output, 0 ); 00315 PUT_UINT32_BE( ctx->state [1], output, 4 ); 00316 PUT_UINT32_BE( ctx->state [2], output, 8 ); 00317 PUT_UINT32_BE( ctx->state [3], output, 12 ); 00318 PUT_UINT32_BE( ctx->state [4], output, 16 ); 00319 PUT_UINT32_BE( ctx->state [5], output, 20 ); 00320 PUT_UINT32_BE( ctx->state [6], output, 24 ); 00321 00322 if( ctx->is224 == 0 ) 00323 PUT_UINT32_BE( ctx->state [7], output, 28 ); 00324 } 00325 00326 #endif /* !POLARSSL_SHA256_ALT */ 00327 00328 /* 00329 * output = SHA-256( input buffer ) 00330 */ 00331 void sha256( const unsigned char *input, size_t ilen, 00332 unsigned char output[32], int is224 ) 00333 { 00334 sha256_context ctx; 00335 00336 sha256_starts( &ctx, is224 ); 00337 sha256_update( &ctx, input, ilen ); 00338 sha256_finish( &ctx, output ); 00339 00340 memset( &ctx, 0, sizeof( sha256_context ) ); 00341 } 00342 00343 #if defined(POLARSSL_FS_IO) 00344 /* 00345 * output = SHA-256( file contents ) 00346 */ 00347 int sha256_file( const char *path, unsigned char output[32], int is224 ) 00348 { 00349 FILE *f; 00350 size_t n; 00351 sha256_context ctx; 00352 unsigned char buf[1024]; 00353 00354 if( ( f = fopen( path, "rb" ) ) == NULL ) 00355 return( POLARSSL_ERR_SHA256_FILE_IO_ERROR ); 00356 00357 sha256_starts( &ctx, is224 ); 00358 00359 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) 00360 sha256_update( &ctx, buf, n ); 00361 00362 sha256_finish( &ctx, output ); 00363 00364 memset( &ctx, 0, sizeof( sha256_context ) ); 00365 00366 if( ferror( f ) != 0 ) 00367 { 00368 fclose( f ); 00369 return( POLARSSL_ERR_SHA256_FILE_IO_ERROR ); 00370 } 00371 00372 fclose( f ); 00373 return( 0 ); 00374 } 00375 #endif /* POLARSSL_FS_IO */ 00376 00377 /* 00378 * SHA-256 HMAC context setup 00379 */ 00380 void sha256_hmac_starts( sha256_context *ctx, const unsigned char *key, 00381 size_t keylen, int is224 ) 00382 { 00383 size_t i; 00384 unsigned char sum[32]; 00385 00386 if( keylen > 64 ) 00387 { 00388 sha256( key, keylen, sum, is224 ); 00389 keylen = ( is224 ) ? 28 : 32; 00390 key = sum; 00391 } 00392 00393 memset( ctx->ipad , 0x36, 64 ); 00394 memset( ctx->opad , 0x5C, 64 ); 00395 00396 for( i = 0; i < keylen; i++ ) 00397 { 00398 ctx->ipad [i] = (unsigned char)( ctx->ipad [i] ^ key[i] ); 00399 ctx->opad [i] = (unsigned char)( ctx->opad [i] ^ key[i] ); 00400 } 00401 00402 sha256_starts( ctx, is224 ); 00403 sha256_update( ctx, ctx->ipad , 64 ); 00404 00405 memset( sum, 0, sizeof( sum ) ); 00406 } 00407 00408 /* 00409 * SHA-256 HMAC process buffer 00410 */ 00411 void sha256_hmac_update( sha256_context *ctx, const unsigned char *input, 00412 size_t ilen ) 00413 { 00414 sha256_update( ctx, input, ilen ); 00415 } 00416 00417 /* 00418 * SHA-256 HMAC final digest 00419 */ 00420 void sha256_hmac_finish( sha256_context *ctx, unsigned char output[32] ) 00421 { 00422 int is224, hlen; 00423 unsigned char tmpbuf[32]; 00424 00425 is224 = ctx->is224 ; 00426 hlen = ( is224 == 0 ) ? 32 : 28; 00427 00428 sha256_finish( ctx, tmpbuf ); 00429 sha256_starts( ctx, is224 ); 00430 sha256_update( ctx, ctx->opad , 64 ); 00431 sha256_update( ctx, tmpbuf, hlen ); 00432 sha256_finish( ctx, output ); 00433 00434 memset( tmpbuf, 0, sizeof( tmpbuf ) ); 00435 } 00436 00437 /* 00438 * SHA-256 HMAC context reset 00439 */ 00440 void sha256_hmac_reset( sha256_context *ctx ) 00441 { 00442 sha256_starts( ctx, ctx->is224 ); 00443 sha256_update( ctx, ctx->ipad , 64 ); 00444 } 00445 00446 /* 00447 * output = HMAC-SHA-256( hmac key, input buffer ) 00448 */ 00449 void sha256_hmac( const unsigned char *key, size_t keylen, 00450 const unsigned char *input, size_t ilen, 00451 unsigned char output[32], int is224 ) 00452 { 00453 sha256_context ctx; 00454 00455 sha256_hmac_starts( &ctx, key, keylen, is224 ); 00456 sha256_hmac_update( &ctx, input, ilen ); 00457 sha256_hmac_finish( &ctx, output ); 00458 00459 memset( &ctx, 0, sizeof( sha256_context ) ); 00460 } 00461 00462 #if defined(POLARSSL_SELF_TEST) 00463 /* 00464 * FIPS-180-2 test vectors 00465 */ 00466 static unsigned char sha256_test_buf[3][57] = 00467 { 00468 { "abc" }, 00469 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, 00470 { "" } 00471 }; 00472 00473 static const int sha256_test_buflen[3] = 00474 { 00475 3, 56, 1000 00476 }; 00477 00478 static const unsigned char sha256_test_sum[6][32] = 00479 { 00480 /* 00481 * SHA-224 test vectors 00482 */ 00483 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22, 00484 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3, 00485 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7, 00486 0xE3, 0x6C, 0x9D, 0xA7 }, 00487 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC, 00488 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50, 00489 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19, 00490 0x52, 0x52, 0x25, 0x25 }, 00491 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8, 00492 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B, 00493 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE, 00494 0x4E, 0xE7, 0xAD, 0x67 }, 00495 00496 /* 00497 * SHA-256 test vectors 00498 */ 00499 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA, 00500 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23, 00501 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C, 00502 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD }, 00503 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8, 00504 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39, 00505 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67, 00506 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 }, 00507 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92, 00508 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67, 00509 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E, 00510 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 } 00511 }; 00512 00513 /* 00514 * RFC 4231 test vectors 00515 */ 00516 static unsigned char sha256_hmac_test_key[7][26] = 00517 { 00518 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B" 00519 "\x0B\x0B\x0B\x0B" }, 00520 { "Jefe" }, 00521 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" 00522 "\xAA\xAA\xAA\xAA" }, 00523 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10" 00524 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" }, 00525 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C" 00526 "\x0C\x0C\x0C\x0C" }, 00527 { "" }, /* 0xAA 131 times */ 00528 { "" } 00529 }; 00530 00531 static const int sha256_hmac_test_keylen[7] = 00532 { 00533 20, 4, 20, 25, 20, 131, 131 00534 }; 00535 00536 static unsigned char sha256_hmac_test_buf[7][153] = 00537 { 00538 { "Hi There" }, 00539 { "what do ya want for nothing?" }, 00540 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" 00541 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" 00542 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" 00543 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" 00544 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" }, 00545 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" 00546 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" 00547 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" 00548 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" 00549 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" }, 00550 { "Test With Truncation" }, 00551 { "Test Using Larger Than Block-Size Key - Hash Key First" }, 00552 { "This is a test using a larger than block-size key " 00553 "and a larger than block-size data. The key needs to " 00554 "be hashed before being used by the HMAC algorithm." } 00555 }; 00556 00557 static const int sha256_hmac_test_buflen[7] = 00558 { 00559 8, 28, 50, 50, 20, 54, 152 00560 }; 00561 00562 static const unsigned char sha256_hmac_test_sum[14][32] = 00563 { 00564 /* 00565 * HMAC-SHA-224 test vectors 00566 */ 00567 { 0x89, 0x6F, 0xB1, 0x12, 0x8A, 0xBB, 0xDF, 0x19, 00568 0x68, 0x32, 0x10, 0x7C, 0xD4, 0x9D, 0xF3, 0x3F, 00569 0x47, 0xB4, 0xB1, 0x16, 0x99, 0x12, 0xBA, 0x4F, 00570 0x53, 0x68, 0x4B, 0x22 }, 00571 { 0xA3, 0x0E, 0x01, 0x09, 0x8B, 0xC6, 0xDB, 0xBF, 00572 0x45, 0x69, 0x0F, 0x3A, 0x7E, 0x9E, 0x6D, 0x0F, 00573 0x8B, 0xBE, 0xA2, 0xA3, 0x9E, 0x61, 0x48, 0x00, 00574 0x8F, 0xD0, 0x5E, 0x44 }, 00575 { 0x7F, 0xB3, 0xCB, 0x35, 0x88, 0xC6, 0xC1, 0xF6, 00576 0xFF, 0xA9, 0x69, 0x4D, 0x7D, 0x6A, 0xD2, 0x64, 00577 0x93, 0x65, 0xB0, 0xC1, 0xF6, 0x5D, 0x69, 0xD1, 00578 0xEC, 0x83, 0x33, 0xEA }, 00579 { 0x6C, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3C, 0xAC, 00580 0x6A, 0x2A, 0xBC, 0x1B, 0xB3, 0x82, 0x62, 0x7C, 00581 0xEC, 0x6A, 0x90, 0xD8, 0x6E, 0xFC, 0x01, 0x2D, 00582 0xE7, 0xAF, 0xEC, 0x5A }, 00583 { 0x0E, 0x2A, 0xEA, 0x68, 0xA9, 0x0C, 0x8D, 0x37, 00584 0xC9, 0x88, 0xBC, 0xDB, 0x9F, 0xCA, 0x6F, 0xA8 }, 00585 { 0x95, 0xE9, 0xA0, 0xDB, 0x96, 0x20, 0x95, 0xAD, 00586 0xAE, 0xBE, 0x9B, 0x2D, 0x6F, 0x0D, 0xBC, 0xE2, 00587 0xD4, 0x99, 0xF1, 0x12, 0xF2, 0xD2, 0xB7, 0x27, 00588 0x3F, 0xA6, 0x87, 0x0E }, 00589 { 0x3A, 0x85, 0x41, 0x66, 0xAC, 0x5D, 0x9F, 0x02, 00590 0x3F, 0x54, 0xD5, 0x17, 0xD0, 0xB3, 0x9D, 0xBD, 00591 0x94, 0x67, 0x70, 0xDB, 0x9C, 0x2B, 0x95, 0xC9, 00592 0xF6, 0xF5, 0x65, 0xD1 }, 00593 00594 /* 00595 * HMAC-SHA-256 test vectors 00596 */ 00597 { 0xB0, 0x34, 0x4C, 0x61, 0xD8, 0xDB, 0x38, 0x53, 00598 0x5C, 0xA8, 0xAF, 0xCE, 0xAF, 0x0B, 0xF1, 0x2B, 00599 0x88, 0x1D, 0xC2, 0x00, 0xC9, 0x83, 0x3D, 0xA7, 00600 0x26, 0xE9, 0x37, 0x6C, 0x2E, 0x32, 0xCF, 0xF7 }, 00601 { 0x5B, 0xDC, 0xC1, 0x46, 0xBF, 0x60, 0x75, 0x4E, 00602 0x6A, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xC7, 00603 0x5A, 0x00, 0x3F, 0x08, 0x9D, 0x27, 0x39, 0x83, 00604 0x9D, 0xEC, 0x58, 0xB9, 0x64, 0xEC, 0x38, 0x43 }, 00605 { 0x77, 0x3E, 0xA9, 0x1E, 0x36, 0x80, 0x0E, 0x46, 00606 0x85, 0x4D, 0xB8, 0xEB, 0xD0, 0x91, 0x81, 0xA7, 00607 0x29, 0x59, 0x09, 0x8B, 0x3E, 0xF8, 0xC1, 0x22, 00608 0xD9, 0x63, 0x55, 0x14, 0xCE, 0xD5, 0x65, 0xFE }, 00609 { 0x82, 0x55, 0x8A, 0x38, 0x9A, 0x44, 0x3C, 0x0E, 00610 0xA4, 0xCC, 0x81, 0x98, 0x99, 0xF2, 0x08, 0x3A, 00611 0x85, 0xF0, 0xFA, 0xA3, 0xE5, 0x78, 0xF8, 0x07, 00612 0x7A, 0x2E, 0x3F, 0xF4, 0x67, 0x29, 0x66, 0x5B }, 00613 { 0xA3, 0xB6, 0x16, 0x74, 0x73, 0x10, 0x0E, 0xE0, 00614 0x6E, 0x0C, 0x79, 0x6C, 0x29, 0x55, 0x55, 0x2B }, 00615 { 0x60, 0xE4, 0x31, 0x59, 0x1E, 0xE0, 0xB6, 0x7F, 00616 0x0D, 0x8A, 0x26, 0xAA, 0xCB, 0xF5, 0xB7, 0x7F, 00617 0x8E, 0x0B, 0xC6, 0x21, 0x37, 0x28, 0xC5, 0x14, 00618 0x05, 0x46, 0x04, 0x0F, 0x0E, 0xE3, 0x7F, 0x54 }, 00619 { 0x9B, 0x09, 0xFF, 0xA7, 0x1B, 0x94, 0x2F, 0xCB, 00620 0x27, 0x63, 0x5F, 0xBC, 0xD5, 0xB0, 0xE9, 0x44, 00621 0xBF, 0xDC, 0x63, 0x64, 0x4F, 0x07, 0x13, 0x93, 00622 0x8A, 0x7F, 0x51, 0x53, 0x5C, 0x3A, 0x35, 0xE2 } 00623 }; 00624 00625 /* 00626 * Checkup routine 00627 */ 00628 int sha256_self_test( int verbose ) 00629 { 00630 int i, j, k, buflen; 00631 unsigned char buf[1024]; 00632 unsigned char sha256sum[32]; 00633 sha256_context ctx; 00634 00635 for( i = 0; i < 6; i++ ) 00636 { 00637 j = i % 3; 00638 k = i < 3; 00639 00640 if( verbose != 0 ) 00641 polarssl_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 ); 00642 00643 sha256_starts( &ctx, k ); 00644 00645 if( j == 2 ) 00646 { 00647 memset( buf, 'a', buflen = 1000 ); 00648 00649 for( j = 0; j < 1000; j++ ) 00650 sha256_update( &ctx, buf, buflen ); 00651 } 00652 else 00653 sha256_update( &ctx, sha256_test_buf[j], 00654 sha256_test_buflen[j] ); 00655 00656 sha256_finish( &ctx, sha256sum ); 00657 00658 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 ) 00659 { 00660 if( verbose != 0 ) 00661 polarssl_printf( "failed\n" ); 00662 00663 return( 1 ); 00664 } 00665 00666 if( verbose != 0 ) 00667 polarssl_printf( "passed\n" ); 00668 } 00669 00670 if( verbose != 0 ) 00671 polarssl_printf( "\n" ); 00672 00673 for( i = 0; i < 14; i++ ) 00674 { 00675 j = i % 7; 00676 k = i < 7; 00677 00678 if( verbose != 0 ) 00679 polarssl_printf( " HMAC-SHA-%d test #%d: ", 256 - k * 32, j + 1 ); 00680 00681 if( j == 5 || j == 6 ) 00682 { 00683 memset( buf, '\xAA', buflen = 131 ); 00684 sha256_hmac_starts( &ctx, buf, buflen, k ); 00685 } 00686 else 00687 sha256_hmac_starts( &ctx, sha256_hmac_test_key[j], 00688 sha256_hmac_test_keylen[j], k ); 00689 00690 sha256_hmac_update( &ctx, sha256_hmac_test_buf[j], 00691 sha256_hmac_test_buflen[j] ); 00692 00693 sha256_hmac_finish( &ctx, sha256sum ); 00694 00695 buflen = ( j == 4 ) ? 16 : 32 - k * 4; 00696 00697 if( memcmp( sha256sum, sha256_hmac_test_sum[i], buflen ) != 0 ) 00698 { 00699 if( verbose != 0 ) 00700 polarssl_printf( "failed\n" ); 00701 00702 return( 1 ); 00703 } 00704 00705 if( verbose != 0 ) 00706 polarssl_printf( "passed\n" ); 00707 } 00708 00709 if( verbose != 0 ) 00710 polarssl_printf( "\n" ); 00711 00712 return( 0 ); 00713 } 00714 00715 #endif /* POLARSSL_SELF_TEST */ 00716 00717 #endif /* POLARSSL_SHA256_C */ 00718 00719
Generated on Tue Jul 12 2022 19:40:20 by
1.7.2