00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031 #include "polarssl/config.h"
00032
00033 #if defined(POLARSSL_SHA256_C)
00034
00035 #include "polarssl/sha256.h"
00036
00037 #if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
00038 #include <stdio.h>
00039 #endif
00040
00041 #if !defined(POLARSSL_SHA256_ALT)
00042
00043
00044
00045
00046 #ifndef GET_UINT32_BE
00047 #define GET_UINT32_BE(n,b,i) \
00048 { \
00049 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
00050 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
00051 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
00052 | ( (uint32_t) (b)[(i) + 3] ); \
00053 }
00054 #endif
00055
00056 #ifndef PUT_UINT32_BE
00057 #define PUT_UINT32_BE(n,b,i) \
00058 { \
00059 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
00060 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
00061 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
00062 (b)[(i) + 3] = (unsigned char) ( (n) ); \
00063 }
00064 #endif
00065
00066
00067
00068
00069 void sha256_starts( sha256_context *ctx, int is224 )
00070 {
00071 ctx->total[0] = 0;
00072 ctx->total[1] = 0;
00073
00074 if( is224 == 0 )
00075 {
00076
00077 ctx->state[0] = 0x6A09E667;
00078 ctx->state[1] = 0xBB67AE85;
00079 ctx->state[2] = 0x3C6EF372;
00080 ctx->state[3] = 0xA54FF53A;
00081 ctx->state[4] = 0x510E527F;
00082 ctx->state[5] = 0x9B05688C;
00083 ctx->state[6] = 0x1F83D9AB;
00084 ctx->state[7] = 0x5BE0CD19;
00085 }
00086 else
00087 {
00088
00089 ctx->state[0] = 0xC1059ED8;
00090 ctx->state[1] = 0x367CD507;
00091 ctx->state[2] = 0x3070DD17;
00092 ctx->state[3] = 0xF70E5939;
00093 ctx->state[4] = 0xFFC00B31;
00094 ctx->state[5] = 0x68581511;
00095 ctx->state[6] = 0x64F98FA7;
00096 ctx->state[7] = 0xBEFA4FA4;
00097 }
00098
00099 ctx->is224 = is224;
00100 }
00101
00102 void sha256_process( sha256_context *ctx, const unsigned char data[64] )
00103 {
00104 uint32_t temp1, temp2, W[64];
00105 uint32_t A, B, C, D, E, F, G, H;
00106
00107 GET_UINT32_BE( W[ 0], data, 0 );
00108 GET_UINT32_BE( W[ 1], data, 4 );
00109 GET_UINT32_BE( W[ 2], data, 8 );
00110 GET_UINT32_BE( W[ 3], data, 12 );
00111 GET_UINT32_BE( W[ 4], data, 16 );
00112 GET_UINT32_BE( W[ 5], data, 20 );
00113 GET_UINT32_BE( W[ 6], data, 24 );
00114 GET_UINT32_BE( W[ 7], data, 28 );
00115 GET_UINT32_BE( W[ 8], data, 32 );
00116 GET_UINT32_BE( W[ 9], data, 36 );
00117 GET_UINT32_BE( W[10], data, 40 );
00118 GET_UINT32_BE( W[11], data, 44 );
00119 GET_UINT32_BE( W[12], data, 48 );
00120 GET_UINT32_BE( W[13], data, 52 );
00121 GET_UINT32_BE( W[14], data, 56 );
00122 GET_UINT32_BE( W[15], data, 60 );
00123
00124 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
00125 #define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
00126
00127 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
00128 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
00129
00130 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
00131 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
00132
00133 #define F0(x,y,z) ((x & y) | (z & (x | y)))
00134 #define F1(x,y,z) (z ^ (x & (y ^ z)))
00135
00136 #define R(t) \
00137 ( \
00138 W[t] = S1(W[t - 2]) + W[t - 7] + \
00139 S0(W[t - 15]) + W[t - 16] \
00140 )
00141
00142 #define P(a,b,c,d,e,f,g,h,x,K) \
00143 { \
00144 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
00145 temp2 = S2(a) + F0(a,b,c); \
00146 d += temp1; h = temp1 + temp2; \
00147 }
00148
00149 A = ctx->state[0];
00150 B = ctx->state[1];
00151 C = ctx->state[2];
00152 D = ctx->state[3];
00153 E = ctx->state[4];
00154 F = ctx->state[5];
00155 G = ctx->state[6];
00156 H = ctx->state[7];
00157
00158 P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 );
00159 P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 );
00160 P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF );
00161 P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 );
00162 P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B );
00163 P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 );
00164 P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 );
00165 P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 );
00166 P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 );
00167 P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 );
00168 P( G, H, A, B, C, D, E, F, W[10], 0x243185BE );
00169 P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 );
00170 P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 );
00171 P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE );
00172 P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 );
00173 P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 );
00174 P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 );
00175 P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 );
00176 P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 );
00177 P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC );
00178 P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F );
00179 P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA );
00180 P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC );
00181 P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA );
00182 P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 );
00183 P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D );
00184 P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 );
00185 P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 );
00186 P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 );
00187 P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 );
00188 P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 );
00189 P( B, C, D, E, F, G, H, A, R(31), 0x14292967 );
00190 P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 );
00191 P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 );
00192 P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC );
00193 P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 );
00194 P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 );
00195 P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB );
00196 P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E );
00197 P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 );
00198 P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 );
00199 P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B );
00200 P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 );
00201 P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 );
00202 P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 );
00203 P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 );
00204 P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 );
00205 P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 );
00206 P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 );
00207 P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 );
00208 P( G, H, A, B, C, D, E, F, R(50), 0x2748774C );
00209 P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 );
00210 P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 );
00211 P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A );
00212 P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F );
00213 P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 );
00214 P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE );
00215 P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F );
00216 P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 );
00217 P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 );
00218 P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA );
00219 P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB );
00220 P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 );
00221 P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 );
00222
00223 ctx->state[0] += A;
00224 ctx->state[1] += B;
00225 ctx->state[2] += C;
00226 ctx->state[3] += D;
00227 ctx->state[4] += E;
00228 ctx->state[5] += F;
00229 ctx->state[6] += G;
00230 ctx->state[7] += H;
00231 }
00232
00233
00234
00235
00236 void sha256_update( sha256_context *ctx, const unsigned char *input, size_t ilen )
00237 {
00238 size_t fill;
00239 uint32_t left;
00240
00241 if( ilen <= 0 )
00242 return;
00243
00244 left = ctx->total[0] & 0x3F;
00245 fill = 64 - left;
00246
00247 ctx->total[0] += (uint32_t) ilen;
00248 ctx->total[0] &= 0xFFFFFFFF;
00249
00250 if( ctx->total[0] < (uint32_t) ilen )
00251 ctx->total[1]++;
00252
00253 if( left && ilen >= fill )
00254 {
00255 memcpy( (void *) (ctx->buffer + left), input, fill );
00256 sha256_process( ctx, ctx->buffer );
00257 input += fill;
00258 ilen -= fill;
00259 left = 0;
00260 }
00261
00262 while( ilen >= 64 )
00263 {
00264 sha256_process( ctx, input );
00265 input += 64;
00266 ilen -= 64;
00267 }
00268
00269 if( ilen > 0 )
00270 memcpy( (void *) (ctx->buffer + left), input, ilen );
00271 }
00272
00273 static const unsigned char sha256_padding[64] =
00274 {
00275 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00276 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00277 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00278 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
00279 };
00280
00281
00282
00283
00284 void sha256_finish( sha256_context *ctx, unsigned char output[32] )
00285 {
00286 uint32_t last, padn;
00287 uint32_t high, low;
00288 unsigned char msglen[8];
00289
00290 high = ( ctx->total[0] >> 29 )
00291 | ( ctx->total[1] << 3 );
00292 low = ( ctx->total[0] << 3 );
00293
00294 PUT_UINT32_BE( high, msglen, 0 );
00295 PUT_UINT32_BE( low, msglen, 4 );
00296
00297 last = ctx->total[0] & 0x3F;
00298 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
00299
00300 sha256_update( ctx, sha256_padding, padn );
00301 sha256_update( ctx, msglen, 8 );
00302
00303 PUT_UINT32_BE( ctx->state[0], output, 0 );
00304 PUT_UINT32_BE( ctx->state[1], output, 4 );
00305 PUT_UINT32_BE( ctx->state[2], output, 8 );
00306 PUT_UINT32_BE( ctx->state[3], output, 12 );
00307 PUT_UINT32_BE( ctx->state[4], output, 16 );
00308 PUT_UINT32_BE( ctx->state[5], output, 20 );
00309 PUT_UINT32_BE( ctx->state[6], output, 24 );
00310
00311 if( ctx->is224 == 0 )
00312 PUT_UINT32_BE( ctx->state[7], output, 28 );
00313 }
00314
00315 #endif
00316
00317
00318
00319
00320 void sha256( const unsigned char *input, size_t ilen,
00321 unsigned char output[32], int is224 )
00322 {
00323 sha256_context ctx;
00324
00325 sha256_starts( &ctx, is224 );
00326 sha256_update( &ctx, input, ilen );
00327 sha256_finish( &ctx, output );
00328
00329 memset( &ctx, 0, sizeof( sha256_context ) );
00330 }
00331
00332 #if defined(POLARSSL_FS_IO)
00333
00334
00335
00336 int sha256_file( const char *path, unsigned char output[32], int is224 )
00337 {
00338 FILE *f;
00339 size_t n;
00340 sha256_context ctx;
00341 unsigned char buf[1024];
00342
00343 if( ( f = fopen( path, "rb" ) ) == NULL )
00344 return( POLARSSL_ERR_SHA256_FILE_IO_ERROR );
00345
00346 sha256_starts( &ctx, is224 );
00347
00348 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
00349 sha256_update( &ctx, buf, n );
00350
00351 sha256_finish( &ctx, output );
00352
00353 memset( &ctx, 0, sizeof( sha256_context ) );
00354
00355 if( ferror( f ) != 0 )
00356 {
00357 fclose( f );
00358 return( POLARSSL_ERR_SHA256_FILE_IO_ERROR );
00359 }
00360
00361 fclose( f );
00362 return( 0 );
00363 }
00364 #endif
00365
00366
00367
00368
00369 void sha256_hmac_starts( sha256_context *ctx, const unsigned char *key,
00370 size_t keylen, int is224 )
00371 {
00372 size_t i;
00373 unsigned char sum[32];
00374
00375 if( keylen > 64 )
00376 {
00377 sha256( key, keylen, sum, is224 );
00378 keylen = ( is224 ) ? 28 : 32;
00379 key = sum;
00380 }
00381
00382 memset( ctx->ipad, 0x36, 64 );
00383 memset( ctx->opad, 0x5C, 64 );
00384
00385 for( i = 0; i < keylen; i++ )
00386 {
00387 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
00388 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
00389 }
00390
00391 sha256_starts( ctx, is224 );
00392 sha256_update( ctx, ctx->ipad, 64 );
00393
00394 memset( sum, 0, sizeof( sum ) );
00395 }
00396
00397
00398
00399
00400 void sha256_hmac_update( sha256_context *ctx, const unsigned char *input, size_t ilen )
00401 {
00402 sha256_update( ctx, input, ilen );
00403 }
00404
00405
00406
00407
00408 void sha256_hmac_finish( sha256_context *ctx, unsigned char output[32] )
00409 {
00410 int is224, hlen;
00411 unsigned char tmpbuf[32];
00412
00413 is224 = ctx->is224;
00414 hlen = ( is224 == 0 ) ? 32 : 28;
00415
00416 sha256_finish( ctx, tmpbuf );
00417 sha256_starts( ctx, is224 );
00418 sha256_update( ctx, ctx->opad, 64 );
00419 sha256_update( ctx, tmpbuf, hlen );
00420 sha256_finish( ctx, output );
00421
00422 memset( tmpbuf, 0, sizeof( tmpbuf ) );
00423 }
00424
00425
00426
00427
00428 void sha256_hmac_reset( sha256_context *ctx )
00429 {
00430 sha256_starts( ctx, ctx->is224 );
00431 sha256_update( ctx, ctx->ipad, 64 );
00432 }
00433
00434
00435
00436
00437 void sha256_hmac( const unsigned char *key, size_t keylen,
00438 const unsigned char *input, size_t ilen,
00439 unsigned char output[32], int is224 )
00440 {
00441 sha256_context ctx;
00442
00443 sha256_hmac_starts( &ctx, key, keylen, is224 );
00444 sha256_hmac_update( &ctx, input, ilen );
00445 sha256_hmac_finish( &ctx, output );
00446
00447 memset( &ctx, 0, sizeof( sha256_context ) );
00448 }
00449
00450 #if defined(POLARSSL_SELF_TEST)
00451
00452
00453
00454 static unsigned char sha256_test_buf[3][57] =
00455 {
00456 { "abc" },
00457 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
00458 { "" }
00459 };
00460
00461 static const int sha256_test_buflen[3] =
00462 {
00463 3, 56, 1000
00464 };
00465
00466 static const unsigned char sha256_test_sum[6][32] =
00467 {
00468
00469
00470
00471 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
00472 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
00473 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
00474 0xE3, 0x6C, 0x9D, 0xA7 },
00475 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
00476 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
00477 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
00478 0x52, 0x52, 0x25, 0x25 },
00479 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
00480 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
00481 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
00482 0x4E, 0xE7, 0xAD, 0x67 },
00483
00484
00485
00486
00487 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
00488 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
00489 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
00490 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
00491 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
00492 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
00493 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
00494 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
00495 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
00496 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
00497 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
00498 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
00499 };
00500
00501
00502
00503
00504 static unsigned char sha256_hmac_test_key[7][26] =
00505 {
00506 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
00507 "\x0B\x0B\x0B\x0B" },
00508 { "Jefe" },
00509 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
00510 "\xAA\xAA\xAA\xAA" },
00511 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
00512 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
00513 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
00514 "\x0C\x0C\x0C\x0C" },
00515 { "" },
00516 { "" }
00517 };
00518
00519 static const int sha256_hmac_test_keylen[7] =
00520 {
00521 20, 4, 20, 25, 20, 131, 131
00522 };
00523
00524 static unsigned char sha256_hmac_test_buf[7][153] =
00525 {
00526 { "Hi There" },
00527 { "what do ya want for nothing?" },
00528 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00529 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00530 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00531 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00532 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
00533 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00534 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00535 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00536 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00537 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
00538 { "Test With Truncation" },
00539 { "Test Using Larger Than Block-Size Key - Hash Key First" },
00540 { "This is a test using a larger than block-size key "
00541 "and a larger than block-size data. The key needs to "
00542 "be hashed before being used by the HMAC algorithm." }
00543 };
00544
00545 static const int sha256_hmac_test_buflen[7] =
00546 {
00547 8, 28, 50, 50, 20, 54, 152
00548 };
00549
00550 static const unsigned char sha256_hmac_test_sum[14][32] =
00551 {
00552
00553
00554
00555 { 0x89, 0x6F, 0xB1, 0x12, 0x8A, 0xBB, 0xDF, 0x19,
00556 0x68, 0x32, 0x10, 0x7C, 0xD4, 0x9D, 0xF3, 0x3F,
00557 0x47, 0xB4, 0xB1, 0x16, 0x99, 0x12, 0xBA, 0x4F,
00558 0x53, 0x68, 0x4B, 0x22 },
00559 { 0xA3, 0x0E, 0x01, 0x09, 0x8B, 0xC6, 0xDB, 0xBF,
00560 0x45, 0x69, 0x0F, 0x3A, 0x7E, 0x9E, 0x6D, 0x0F,
00561 0x8B, 0xBE, 0xA2, 0xA3, 0x9E, 0x61, 0x48, 0x00,
00562 0x8F, 0xD0, 0x5E, 0x44 },
00563 { 0x7F, 0xB3, 0xCB, 0x35, 0x88, 0xC6, 0xC1, 0xF6,
00564 0xFF, 0xA9, 0x69, 0x4D, 0x7D, 0x6A, 0xD2, 0x64,
00565 0x93, 0x65, 0xB0, 0xC1, 0xF6, 0x5D, 0x69, 0xD1,
00566 0xEC, 0x83, 0x33, 0xEA },
00567 { 0x6C, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3C, 0xAC,
00568 0x6A, 0x2A, 0xBC, 0x1B, 0xB3, 0x82, 0x62, 0x7C,
00569 0xEC, 0x6A, 0x90, 0xD8, 0x6E, 0xFC, 0x01, 0x2D,
00570 0xE7, 0xAF, 0xEC, 0x5A },
00571 { 0x0E, 0x2A, 0xEA, 0x68, 0xA9, 0x0C, 0x8D, 0x37,
00572 0xC9, 0x88, 0xBC, 0xDB, 0x9F, 0xCA, 0x6F, 0xA8 },
00573 { 0x95, 0xE9, 0xA0, 0xDB, 0x96, 0x20, 0x95, 0xAD,
00574 0xAE, 0xBE, 0x9B, 0x2D, 0x6F, 0x0D, 0xBC, 0xE2,
00575 0xD4, 0x99, 0xF1, 0x12, 0xF2, 0xD2, 0xB7, 0x27,
00576 0x3F, 0xA6, 0x87, 0x0E },
00577 { 0x3A, 0x85, 0x41, 0x66, 0xAC, 0x5D, 0x9F, 0x02,
00578 0x3F, 0x54, 0xD5, 0x17, 0xD0, 0xB3, 0x9D, 0xBD,
00579 0x94, 0x67, 0x70, 0xDB, 0x9C, 0x2B, 0x95, 0xC9,
00580 0xF6, 0xF5, 0x65, 0xD1 },
00581
00582
00583
00584
00585 { 0xB0, 0x34, 0x4C, 0x61, 0xD8, 0xDB, 0x38, 0x53,
00586 0x5C, 0xA8, 0xAF, 0xCE, 0xAF, 0x0B, 0xF1, 0x2B,
00587 0x88, 0x1D, 0xC2, 0x00, 0xC9, 0x83, 0x3D, 0xA7,
00588 0x26, 0xE9, 0x37, 0x6C, 0x2E, 0x32, 0xCF, 0xF7 },
00589 { 0x5B, 0xDC, 0xC1, 0x46, 0xBF, 0x60, 0x75, 0x4E,
00590 0x6A, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xC7,
00591 0x5A, 0x00, 0x3F, 0x08, 0x9D, 0x27, 0x39, 0x83,
00592 0x9D, 0xEC, 0x58, 0xB9, 0x64, 0xEC, 0x38, 0x43 },
00593 { 0x77, 0x3E, 0xA9, 0x1E, 0x36, 0x80, 0x0E, 0x46,
00594 0x85, 0x4D, 0xB8, 0xEB, 0xD0, 0x91, 0x81, 0xA7,
00595 0x29, 0x59, 0x09, 0x8B, 0x3E, 0xF8, 0xC1, 0x22,
00596 0xD9, 0x63, 0x55, 0x14, 0xCE, 0xD5, 0x65, 0xFE },
00597 { 0x82, 0x55, 0x8A, 0x38, 0x9A, 0x44, 0x3C, 0x0E,
00598 0xA4, 0xCC, 0x81, 0x98, 0x99, 0xF2, 0x08, 0x3A,
00599 0x85, 0xF0, 0xFA, 0xA3, 0xE5, 0x78, 0xF8, 0x07,
00600 0x7A, 0x2E, 0x3F, 0xF4, 0x67, 0x29, 0x66, 0x5B },
00601 { 0xA3, 0xB6, 0x16, 0x74, 0x73, 0x10, 0x0E, 0xE0,
00602 0x6E, 0x0C, 0x79, 0x6C, 0x29, 0x55, 0x55, 0x2B },
00603 { 0x60, 0xE4, 0x31, 0x59, 0x1E, 0xE0, 0xB6, 0x7F,
00604 0x0D, 0x8A, 0x26, 0xAA, 0xCB, 0xF5, 0xB7, 0x7F,
00605 0x8E, 0x0B, 0xC6, 0x21, 0x37, 0x28, 0xC5, 0x14,
00606 0x05, 0x46, 0x04, 0x0F, 0x0E, 0xE3, 0x7F, 0x54 },
00607 { 0x9B, 0x09, 0xFF, 0xA7, 0x1B, 0x94, 0x2F, 0xCB,
00608 0x27, 0x63, 0x5F, 0xBC, 0xD5, 0xB0, 0xE9, 0x44,
00609 0xBF, 0xDC, 0x63, 0x64, 0x4F, 0x07, 0x13, 0x93,
00610 0x8A, 0x7F, 0x51, 0x53, 0x5C, 0x3A, 0x35, 0xE2 }
00611 };
00612
00613
00614
00615
00616 int sha256_self_test( int verbose )
00617 {
00618 int i, j, k, buflen;
00619 unsigned char buf[1024];
00620 unsigned char sha256sum[32];
00621 sha256_context ctx;
00622
00623 for( i = 0; i < 6; i++ )
00624 {
00625 j = i % 3;
00626 k = i < 3;
00627
00628 if( verbose != 0 )
00629 printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
00630
00631 sha256_starts( &ctx, k );
00632
00633 if( j == 2 )
00634 {
00635 memset( buf, 'a', buflen = 1000 );
00636
00637 for( j = 0; j < 1000; j++ )
00638 sha256_update( &ctx, buf, buflen );
00639 }
00640 else
00641 sha256_update( &ctx, sha256_test_buf[j],
00642 sha256_test_buflen[j] );
00643
00644 sha256_finish( &ctx, sha256sum );
00645
00646 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
00647 {
00648 if( verbose != 0 )
00649 printf( "failed\n" );
00650
00651 return( 1 );
00652 }
00653
00654 if( verbose != 0 )
00655 printf( "passed\n" );
00656 }
00657
00658 if( verbose != 0 )
00659 printf( "\n" );
00660
00661 for( i = 0; i < 14; i++ )
00662 {
00663 j = i % 7;
00664 k = i < 7;
00665
00666 if( verbose != 0 )
00667 printf( " HMAC-SHA-%d test #%d: ", 256 - k * 32, j + 1 );
00668
00669 if( j == 5 || j == 6 )
00670 {
00671 memset( buf, '\xAA', buflen = 131 );
00672 sha256_hmac_starts( &ctx, buf, buflen, k );
00673 }
00674 else
00675 sha256_hmac_starts( &ctx, sha256_hmac_test_key[j],
00676 sha256_hmac_test_keylen[j], k );
00677
00678 sha256_hmac_update( &ctx, sha256_hmac_test_buf[j],
00679 sha256_hmac_test_buflen[j] );
00680
00681 sha256_hmac_finish( &ctx, sha256sum );
00682
00683 buflen = ( j == 4 ) ? 16 : 32 - k * 4;
00684
00685 if( memcmp( sha256sum, sha256_hmac_test_sum[i], buflen ) != 0 )
00686 {
00687 if( verbose != 0 )
00688 printf( "failed\n" );
00689
00690 return( 1 );
00691 }
00692
00693 if( verbose != 0 )
00694 printf( "passed\n" );
00695 }
00696
00697 if( verbose != 0 )
00698 printf( "\n" );
00699
00700 return( 0 );
00701 }
00702
00703 #endif
00704
00705 #endif