Context Navigation

sha2.c @ 1159

Revision 1159, 20.9 KB checked in by paul, 2 months ago (diff)
Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it. As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules. Programs and tests were adapted accordingly

Line
1	/*
2	* FIPS-180-2 compliant SHA-256 implementation
3	*
4	* Copyright (C) 2006-2010, Brainspark B.V.
5	*
6	* This file is part of PolarSSL (http://www.polarssl.org)
7	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8	*
9	* All rights reserved.
10	*
11	* This program is free software; you can redistribute it and/or modify
12	* it under the terms of the GNU General Public License as published by
13	* the Free Software Foundation; either version 2 of the License, or
14	* (at your option) any later version.
15	*
16	* This program is distributed in the hope that it will be useful,
17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19	* GNU General Public License for more details.
20	*
21	* You should have received a copy of the GNU General Public License along
22	* with this program; if not, write to the Free Software Foundation, Inc.,
23	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24	*/
25	/*
26	* The SHA-256 Secure Hash Standard was published by NIST in 2002.
27	*
28	* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
29	*/
30
31	#include "polarssl/config.h"
32
33	#if defined(POLARSSL_SHA2_C)
34
35	#include "polarssl/sha2.h"
36
37	#if defined(POLARSSL_FS_IO) \|\| defined(POLARSSL_SELF_TEST)
38	#include <stdio.h>
39	#endif
40
41	/*
42	* 32-bit integer manipulation macros (big endian)
43	*/
44	#ifndef GET_ULONG_BE
45	#define GET_ULONG_BE(n,b,i) \
46	{ \
47	(n) = ( (unsigned long) (b)[(i) ] << 24 ) \
48	\| ( (unsigned long) (b)[(i) + 1] << 16 ) \
49	\| ( (unsigned long) (b)[(i) + 2] << 8 ) \
50	\| ( (unsigned long) (b)[(i) + 3] ); \
51	}
52	#endif
53
54	#ifndef PUT_ULONG_BE
55	#define PUT_ULONG_BE(n,b,i) \
56	{ \
57	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
58	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
59	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
60	(b)[(i) + 3] = (unsigned char) ( (n) ); \
61	}
62	#endif
63
64	/*
65	* SHA-256 context setup
66	*/
67	void sha2_starts( sha2_context *ctx, int is224 )
68	{
69	ctx->total[0] = 0;
70	ctx->total[1] = 0;
71
72	if( is224 == 0 )
73	{
74	/* SHA-256 */
75	ctx->state[0] = 0x6A09E667;
76	ctx->state[1] = 0xBB67AE85;
77	ctx->state[2] = 0x3C6EF372;
78	ctx->state[3] = 0xA54FF53A;
79	ctx->state[4] = 0x510E527F;
80	ctx->state[5] = 0x9B05688C;
81	ctx->state[6] = 0x1F83D9AB;
82	ctx->state[7] = 0x5BE0CD19;
83	}
84	else
85	{
86	/* SHA-224 */
87	ctx->state[0] = 0xC1059ED8;
88	ctx->state[1] = 0x367CD507;
89	ctx->state[2] = 0x3070DD17;
90	ctx->state[3] = 0xF70E5939;
91	ctx->state[4] = 0xFFC00B31;
92	ctx->state[5] = 0x68581511;
93	ctx->state[6] = 0x64F98FA7;
94	ctx->state[7] = 0xBEFA4FA4;
95	}
96
97	ctx->is224 = is224;
98	}
99
100	static void sha2_process( sha2_context *ctx, const unsigned char data[64] )
101	{
102	unsigned long temp1, temp2, W[64];
103	unsigned long A, B, C, D, E, F, G, H;
104
105	GET_ULONG_BE( W[ 0], data, 0 );
106	GET_ULONG_BE( W[ 1], data, 4 );
107	GET_ULONG_BE( W[ 2], data, 8 );
108	GET_ULONG_BE( W[ 3], data, 12 );
109	GET_ULONG_BE( W[ 4], data, 16 );
110	GET_ULONG_BE( W[ 5], data, 20 );
111	GET_ULONG_BE( W[ 6], data, 24 );
112	GET_ULONG_BE( W[ 7], data, 28 );
113	GET_ULONG_BE( W[ 8], data, 32 );
114	GET_ULONG_BE( W[ 9], data, 36 );
115	GET_ULONG_BE( W[10], data, 40 );
116	GET_ULONG_BE( W[11], data, 44 );
117	GET_ULONG_BE( W[12], data, 48 );
118	GET_ULONG_BE( W[13], data, 52 );
119	GET_ULONG_BE( W[14], data, 56 );
120	GET_ULONG_BE( W[15], data, 60 );
121
122	#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
123	#define ROTR(x,n) (SHR(x,n) \| (x << (32 - n)))
124
125	#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
126	#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
127
128	#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
129	#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
130
131	#define F0(x,y,z) ((x & y) \| (z & (x \| y)))
132	#define F1(x,y,z) (z ^ (x & (y ^ z)))
133
134	#define R(t) \
135	( \
136	W[t] = S1(W[t - 2]) + W[t - 7] + \
137	S0(W[t - 15]) + W[t - 16] \
138	)
139
140	#define P(a,b,c,d,e,f,g,h,x,K) \
141	{ \
142	temp1 = h + S3(e) + F1(e,f,g) + K + x; \
143	temp2 = S2(a) + F0(a,b,c); \
144	d += temp1; h = temp1 + temp2; \
145	}
146
147	A = ctx->state[0];
148	B = ctx->state[1];
149	C = ctx->state[2];
150	D = ctx->state[3];
151	E = ctx->state[4];
152	F = ctx->state[5];
153	G = ctx->state[6];
154	H = ctx->state[7];
155
156	P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 );
157	P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 );
158	P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF );
159	P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 );
160	P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B );
161	P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 );
162	P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 );
163	P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 );
164	P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 );
165	P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 );
166	P( G, H, A, B, C, D, E, F, W[10], 0x243185BE );
167	P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 );
168	P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 );
169	P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE );
170	P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 );
171	P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 );
172	P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 );
173	P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 );
174	P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 );
175	P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC );
176	P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F );
177	P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA );
178	P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC );
179	P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA );
180	P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 );
181	P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D );
182	P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 );
183	P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 );
184	P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 );
185	P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 );
186	P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 );
187	P( B, C, D, E, F, G, H, A, R(31), 0x14292967 );
188	P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 );
189	P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 );
190	P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC );
191	P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 );
192	P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 );
193	P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB );
194	P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E );
195	P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 );
196	P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 );
197	P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B );
198	P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 );
199	P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 );
200	P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 );
201	P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 );
202	P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 );
203	P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 );
204	P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 );
205	P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 );
206	P( G, H, A, B, C, D, E, F, R(50), 0x2748774C );
207	P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 );
208	P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 );
209	P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A );
210	P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F );
211	P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 );
212	P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE );
213	P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F );
214	P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 );
215	P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 );
216	P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA );
217	P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB );
218	P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 );
219	P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 );
220
221	ctx->state[0] += A;
222	ctx->state[1] += B;
223	ctx->state[2] += C;
224	ctx->state[3] += D;
225	ctx->state[4] += E;
226	ctx->state[5] += F;
227	ctx->state[6] += G;
228	ctx->state[7] += H;
229	}
230
231	/*
232	* SHA-256 process buffer
233	*/
234	void sha2_update( sha2_context ctx, const unsigned char input, size_t ilen )
235	{
236	size_t fill;
237	unsigned long left;
238
239	if( ilen <= 0 )
240	return;
241
242	left = ctx->total[0] & 0x3F;
243	fill = 64 - left;
244
245	ctx->total[0] += (unsigned long) ilen;
246	ctx->total[0] &= 0xFFFFFFFF;
247
248	if( ctx->total[0] < (unsigned long) ilen )
249	ctx->total[1]++;
250
251	if( left && ilen >= fill )
252	{
253	memcpy( (void *) (ctx->buffer + left),
254	(void *) input, fill );
255	sha2_process( ctx, ctx->buffer );
256	input += fill;
257	ilen -= fill;
258	left = 0;
259	}
260
261	while( ilen >= 64 )
262	{
263	sha2_process( ctx, input );
264	input += 64;
265	ilen -= 64;
266	}
267
268	if( ilen > 0 )
269	{
270	memcpy( (void *) (ctx->buffer + left),
271	(void *) input, ilen );
272	}
273	}
274
275	static const unsigned char sha2_padding[64] =
276	{
277	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
278	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
279	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
280	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
281	};
282
283	/*
284	* SHA-256 final digest
285	*/
286	void sha2_finish( sha2_context *ctx, unsigned char output[32] )
287	{
288	unsigned long last, padn;
289	unsigned long high, low;
290	unsigned char msglen[8];
291
292	high = ( ctx->total[0] >> 29 )
293	\| ( ctx->total[1] << 3 );
294	low = ( ctx->total[0] << 3 );
295
296	PUT_ULONG_BE( high, msglen, 0 );
297	PUT_ULONG_BE( low, msglen, 4 );
298
299	last = ctx->total[0] & 0x3F;
300	padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
301
302	sha2_update( ctx, (unsigned char *) sha2_padding, padn );
303	sha2_update( ctx, msglen, 8 );
304
305	PUT_ULONG_BE( ctx->state[0], output, 0 );
306	PUT_ULONG_BE( ctx->state[1], output, 4 );
307	PUT_ULONG_BE( ctx->state[2], output, 8 );
308	PUT_ULONG_BE( ctx->state[3], output, 12 );
309	PUT_ULONG_BE( ctx->state[4], output, 16 );
310	PUT_ULONG_BE( ctx->state[5], output, 20 );
311	PUT_ULONG_BE( ctx->state[6], output, 24 );
312
313	if( ctx->is224 == 0 )
314	PUT_ULONG_BE( ctx->state[7], output, 28 );
315	}
316
317	/*
318	* output = SHA-256( input buffer )
319	*/
320	void sha2( const unsigned char *input, size_t ilen,
321	unsigned char output[32], int is224 )
322	{
323	sha2_context ctx;
324
325	sha2_starts( &ctx, is224 );
326	sha2_update( &ctx, input, ilen );
327	sha2_finish( &ctx, output );
328
329	memset( &ctx, 0, sizeof( sha2_context ) );
330	}
331
332	#if defined(POLARSSL_FS_IO)
333	/*
334	* output = SHA-256( file contents )
335	*/
336	int sha2_file( const char *path, unsigned char output[32], int is224 )
337	{
338	FILE *f;
339	size_t n;
340	sha2_context ctx;
341	unsigned char buf[1024];
342
343	if( ( f = fopen( path, "rb" ) ) == NULL )
344	return( POLARSSL_ERR_SHA2_FILE_IO_ERROR );
345
346	sha2_starts( &ctx, is224 );
347
348	while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
349	sha2_update( &ctx, buf, n );
350
351	sha2_finish( &ctx, output );
352
353	memset( &ctx, 0, sizeof( sha2_context ) );
354
355	if( ferror( f ) != 0 )
356	{
357	fclose( f );
358	return( POLARSSL_ERR_SHA2_FILE_IO_ERROR );
359	}
360
361	fclose( f );
362	return( 0 );
363	}
364	#endif /* POLARSSL_FS_IO */
365
366	/*
367	* SHA-256 HMAC context setup
368	*/
369	void sha2_hmac_starts( sha2_context ctx, const unsigned char key, size_t keylen,
370	int is224 )
371	{
372	size_t i;
373	unsigned char sum[32];
374
375	if( keylen > 64 )
376	{
377	sha2( key, keylen, sum, is224 );
378	keylen = ( is224 ) ? 28 : 32;
379	key = sum;
380	}
381
382	memset( ctx->ipad, 0x36, 64 );
383	memset( ctx->opad, 0x5C, 64 );
384
385	for( i = 0; i < keylen; i++ )
386	{
387	ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
388	ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
389	}
390
391	sha2_starts( ctx, is224 );
392	sha2_update( ctx, ctx->ipad, 64 );
393
394	memset( sum, 0, sizeof( sum ) );
395	}
396
397	/*
398	* SHA-256 HMAC process buffer
399	*/
400	void sha2_hmac_update( sha2_context ctx, const unsigned char input, size_t ilen )
401	{
402	sha2_update( ctx, input, ilen );
403	}
404
405	/*
406	* SHA-256 HMAC final digest
407	*/
408	void sha2_hmac_finish( sha2_context *ctx, unsigned char output[32] )
409	{
410	int is224, hlen;
411	unsigned char tmpbuf[32];
412
413	is224 = ctx->is224;
414	hlen = ( is224 == 0 ) ? 32 : 28;
415
416	sha2_finish( ctx, tmpbuf );
417	sha2_starts( ctx, is224 );
418	sha2_update( ctx, ctx->opad, 64 );
419	sha2_update( ctx, tmpbuf, hlen );
420	sha2_finish( ctx, output );
421
422	memset( tmpbuf, 0, sizeof( tmpbuf ) );
423	}
424
425	/*
426	* SHA-256 HMAC context reset
427	*/
428	void sha2_hmac_reset( sha2_context *ctx )
429	{
430	sha2_starts( ctx, ctx->is224 );
431	sha2_update( ctx, ctx->ipad, 64 );
432	}
433
434	/*
435	* output = HMAC-SHA-256( hmac key, input buffer )
436	*/
437	void sha2_hmac( const unsigned char *key, size_t keylen,
438	const unsigned char *input, size_t ilen,
439	unsigned char output[32], int is224 )
440	{
441	sha2_context ctx;
442
443	sha2_hmac_starts( &ctx, key, keylen, is224 );
444	sha2_hmac_update( &ctx, input, ilen );
445	sha2_hmac_finish( &ctx, output );
446
447	memset( &ctx, 0, sizeof( sha2_context ) );
448	}
449
450	#if defined(POLARSSL_SELF_TEST)
451	/*
452	* FIPS-180-2 test vectors
453	*/
454	static unsigned char sha2_test_buf[3][57] =
455	{
456	{ "abc" },
457	{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
458	{ "" }
459	};
460
461	static const int sha2_test_buflen[3] =
462	{
463	3, 56, 1000
464	};
465
466	static const unsigned char sha2_test_sum[6][32] =
467	{
468	/*
469	* SHA-224 test vectors
470	*/
471	{ 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
472	0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
473	0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
474	0xE3, 0x6C, 0x9D, 0xA7 },
475	{ 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
476	0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
477	0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
478	0x52, 0x52, 0x25, 0x25 },
479	{ 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
480	0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
481	0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
482	0x4E, 0xE7, 0xAD, 0x67 },
483
484	/*
485	* SHA-256 test vectors
486	*/
487	{ 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
488	0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
489	0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
490	0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
491	{ 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
492	0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
493	0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
494	0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
495	{ 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
496	0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
497	0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
498	0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
499	};
500
501	/*
502	* RFC 4231 test vectors
503	*/
504	static unsigned char sha2_hmac_test_key[7][26] =
505	{
506	{ "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
507	"\x0B\x0B\x0B\x0B" },
508	{ "Jefe" },
509	{ "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
510	"\xAA\xAA\xAA\xAA" },
511	{ "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
512	"\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
513	{ "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
514	"\x0C\x0C\x0C\x0C" },
515	{ "" }, /* 0xAA 131 times */
516	{ "" }
517	};
518
519	static const int sha2_hmac_test_keylen[7] =
520	{
521	20, 4, 20, 25, 20, 131, 131
522	};
523
524	static unsigned char sha2_hmac_test_buf[7][153] =
525	{
526	{ "Hi There" },
527	{ "what do ya want for nothing?" },
528	{ "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
529	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
530	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
531	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
532	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
533	{ "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
534	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
535	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
536	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
537	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
538	{ "Test With Truncation" },
539	{ "Test Using Larger Than Block-Size Key - Hash Key First" },
540	{ "This is a test using a larger than block-size key "
541	"and a larger than block-size data. The key needs to "
542	"be hashed before being used by the HMAC algorithm." }
543	};
544
545	static const int sha2_hmac_test_buflen[7] =
546	{
547	8, 28, 50, 50, 20, 54, 152
548	};
549
550	static const unsigned char sha2_hmac_test_sum[14][32] =
551	{
552	/*
553	* HMAC-SHA-224 test vectors
554	*/
555	{ 0x89, 0x6F, 0xB1, 0x12, 0x8A, 0xBB, 0xDF, 0x19,
556	0x68, 0x32, 0x10, 0x7C, 0xD4, 0x9D, 0xF3, 0x3F,
557	0x47, 0xB4, 0xB1, 0x16, 0x99, 0x12, 0xBA, 0x4F,
558	0x53, 0x68, 0x4B, 0x22 },
559	{ 0xA3, 0x0E, 0x01, 0x09, 0x8B, 0xC6, 0xDB, 0xBF,
560	0x45, 0x69, 0x0F, 0x3A, 0x7E, 0x9E, 0x6D, 0x0F,
561	0x8B, 0xBE, 0xA2, 0xA3, 0x9E, 0x61, 0x48, 0x00,
562	0x8F, 0xD0, 0x5E, 0x44 },
563	{ 0x7F, 0xB3, 0xCB, 0x35, 0x88, 0xC6, 0xC1, 0xF6,
564	0xFF, 0xA9, 0x69, 0x4D, 0x7D, 0x6A, 0xD2, 0x64,
565	0x93, 0x65, 0xB0, 0xC1, 0xF6, 0x5D, 0x69, 0xD1,
566	0xEC, 0x83, 0x33, 0xEA },
567	{ 0x6C, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3C, 0xAC,
568	0x6A, 0x2A, 0xBC, 0x1B, 0xB3, 0x82, 0x62, 0x7C,
569	0xEC, 0x6A, 0x90, 0xD8, 0x6E, 0xFC, 0x01, 0x2D,
570	0xE7, 0xAF, 0xEC, 0x5A },
571	{ 0x0E, 0x2A, 0xEA, 0x68, 0xA9, 0x0C, 0x8D, 0x37,
572	0xC9, 0x88, 0xBC, 0xDB, 0x9F, 0xCA, 0x6F, 0xA8 },
573	{ 0x95, 0xE9, 0xA0, 0xDB, 0x96, 0x20, 0x95, 0xAD,
574	0xAE, 0xBE, 0x9B, 0x2D, 0x6F, 0x0D, 0xBC, 0xE2,
575	0xD4, 0x99, 0xF1, 0x12, 0xF2, 0xD2, 0xB7, 0x27,
576	0x3F, 0xA6, 0x87, 0x0E },
577	{ 0x3A, 0x85, 0x41, 0x66, 0xAC, 0x5D, 0x9F, 0x02,
578	0x3F, 0x54, 0xD5, 0x17, 0xD0, 0xB3, 0x9D, 0xBD,
579	0x94, 0x67, 0x70, 0xDB, 0x9C, 0x2B, 0x95, 0xC9,
580	0xF6, 0xF5, 0x65, 0xD1 },
581
582	/*
583	* HMAC-SHA-256 test vectors
584	*/
585	{ 0xB0, 0x34, 0x4C, 0x61, 0xD8, 0xDB, 0x38, 0x53,
586	0x5C, 0xA8, 0xAF, 0xCE, 0xAF, 0x0B, 0xF1, 0x2B,
587	0x88, 0x1D, 0xC2, 0x00, 0xC9, 0x83, 0x3D, 0xA7,
588	0x26, 0xE9, 0x37, 0x6C, 0x2E, 0x32, 0xCF, 0xF7 },
589	{ 0x5B, 0xDC, 0xC1, 0x46, 0xBF, 0x60, 0x75, 0x4E,
590	0x6A, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xC7,
591	0x5A, 0x00, 0x3F, 0x08, 0x9D, 0x27, 0x39, 0x83,
592	0x9D, 0xEC, 0x58, 0xB9, 0x64, 0xEC, 0x38, 0x43 },
593	{ 0x77, 0x3E, 0xA9, 0x1E, 0x36, 0x80, 0x0E, 0x46,
594	0x85, 0x4D, 0xB8, 0xEB, 0xD0, 0x91, 0x81, 0xA7,
595	0x29, 0x59, 0x09, 0x8B, 0x3E, 0xF8, 0xC1, 0x22,
596	0xD9, 0x63, 0x55, 0x14, 0xCE, 0xD5, 0x65, 0xFE },
597	{ 0x82, 0x55, 0x8A, 0x38, 0x9A, 0x44, 0x3C, 0x0E,
598	0xA4, 0xCC, 0x81, 0x98, 0x99, 0xF2, 0x08, 0x3A,
599	0x85, 0xF0, 0xFA, 0xA3, 0xE5, 0x78, 0xF8, 0x07,
600	0x7A, 0x2E, 0x3F, 0xF4, 0x67, 0x29, 0x66, 0x5B },
601	{ 0xA3, 0xB6, 0x16, 0x74, 0x73, 0x10, 0x0E, 0xE0,
602	0x6E, 0x0C, 0x79, 0x6C, 0x29, 0x55, 0x55, 0x2B },
603	{ 0x60, 0xE4, 0x31, 0x59, 0x1E, 0xE0, 0xB6, 0x7F,
604	0x0D, 0x8A, 0x26, 0xAA, 0xCB, 0xF5, 0xB7, 0x7F,
605	0x8E, 0x0B, 0xC6, 0x21, 0x37, 0x28, 0xC5, 0x14,
606	0x05, 0x46, 0x04, 0x0F, 0x0E, 0xE3, 0x7F, 0x54 },
607	{ 0x9B, 0x09, 0xFF, 0xA7, 0x1B, 0x94, 0x2F, 0xCB,
608	0x27, 0x63, 0x5F, 0xBC, 0xD5, 0xB0, 0xE9, 0x44,
609	0xBF, 0xDC, 0x63, 0x64, 0x4F, 0x07, 0x13, 0x93,
610	0x8A, 0x7F, 0x51, 0x53, 0x5C, 0x3A, 0x35, 0xE2 }
611	};
612
613	/*
614	* Checkup routine
615	*/
616	int sha2_self_test( int verbose )
617	{
618	int i, j, k, buflen;
619	unsigned char buf[1024];
620	unsigned char sha2sum[32];
621	sha2_context ctx;
622
623	for( i = 0; i < 6; i++ )
624	{
625	j = i % 3;
626	k = i < 3;
627
628	if( verbose != 0 )
629	printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
630
631	sha2_starts( &ctx, k );
632
633	if( j == 2 )
634	{
635	memset( buf, 'a', buflen = 1000 );
636
637	for( j = 0; j < 1000; j++ )
638	sha2_update( &ctx, buf, buflen );
639	}
640	else
641	sha2_update( &ctx, sha2_test_buf[j],
642	sha2_test_buflen[j] );
643
644	sha2_finish( &ctx, sha2sum );
645
646	if( memcmp( sha2sum, sha2_test_sum[i], 32 - k * 4 ) != 0 )
647	{
648	if( verbose != 0 )
649	printf( "failed\n" );
650
651	return( 1 );
652	}
653
654	if( verbose != 0 )
655	printf( "passed\n" );
656	}
657
658	if( verbose != 0 )
659	printf( "\n" );
660
661	for( i = 0; i < 14; i++ )
662	{
663	j = i % 7;
664	k = i < 7;
665
666	if( verbose != 0 )
667	printf( " HMAC-SHA-%d test #%d: ", 256 - k * 32, j + 1 );
668
669	if( j == 5 \|\| j == 6 )
670	{
671	memset( buf, '\xAA', buflen = 131 );
672	sha2_hmac_starts( &ctx, buf, buflen, k );
673	}
674	else
675	sha2_hmac_starts( &ctx, sha2_hmac_test_key[j],
676	sha2_hmac_test_keylen[j], k );
677
678	sha2_hmac_update( &ctx, sha2_hmac_test_buf[j],
679	sha2_hmac_test_buflen[j] );
680
681	sha2_hmac_finish( &ctx, sha2sum );
682
683	buflen = ( j == 4 ) ? 16 : 32 - k * 4;
684
685	if( memcmp( sha2sum, sha2_hmac_test_sum[i], buflen ) != 0 )
686	{
687	if( verbose != 0 )
688	printf( "failed\n" );
689
690	return( 1 );
691	}
692
693	if( verbose != 0 )
694	printf( "passed\n" );
695	}
696
697	if( verbose != 0 )
698	printf( "\n" );
699
700	return( 0 );
701	}
702
703	#endif
704
705	#endif

Note: See TracBrowser for help on using the repository browser.

PolarSSL

Cryptography and SSL made easy

Context Navigation

source: trunk/library/sha2.c @ 1159

Download in other formats:

What are you looking for?

Main links

Community links

Documentation

Block cipher sources

Hash sources