00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029 #include "polarssl/config.h"
00030
00031 #if defined(POLARSSL_SHA2_C)
00032
00033 #include "polarssl/sha2.h"
00034
00035 #include <string.h>
00036 #include <stdio.h>
00037
00038
00039
00040
00041 #ifndef GET_ULONG_BE
00042 #define GET_ULONG_BE(n,b,i) \
00043 { \
00044 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
00045 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
00046 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
00047 | ( (unsigned long) (b)[(i) + 3] ); \
00048 }
00049 #endif
00050
00051 #ifndef PUT_ULONG_BE
00052 #define PUT_ULONG_BE(n,b,i) \
00053 { \
00054 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
00055 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
00056 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
00057 (b)[(i) + 3] = (unsigned char) ( (n) ); \
00058 }
00059 #endif
00060
00061
00062
00063
00064 void sha2_starts( sha2_context *ctx, int is224 )
00065 {
00066 ctx->total[0] = 0;
00067 ctx->total[1] = 0;
00068
00069 if( is224 == 0 )
00070 {
00071
00072 ctx->state[0] = 0x6A09E667;
00073 ctx->state[1] = 0xBB67AE85;
00074 ctx->state[2] = 0x3C6EF372;
00075 ctx->state[3] = 0xA54FF53A;
00076 ctx->state[4] = 0x510E527F;
00077 ctx->state[5] = 0x9B05688C;
00078 ctx->state[6] = 0x1F83D9AB;
00079 ctx->state[7] = 0x5BE0CD19;
00080 }
00081 else
00082 {
00083
00084 ctx->state[0] = 0xC1059ED8;
00085 ctx->state[1] = 0x367CD507;
00086 ctx->state[2] = 0x3070DD17;
00087 ctx->state[3] = 0xF70E5939;
00088 ctx->state[4] = 0xFFC00B31;
00089 ctx->state[5] = 0x68581511;
00090 ctx->state[6] = 0x64F98FA7;
00091 ctx->state[7] = 0xBEFA4FA4;
00092 }
00093
00094 ctx->is224 = is224;
00095 }
00096
00097 static void sha2_process( sha2_context *ctx, unsigned char data[64] )
00098 {
00099 unsigned long temp1, temp2, W[64];
00100 unsigned long A, B, C, D, E, F, G, H;
00101
00102 GET_ULONG_BE( W[ 0], data, 0 );
00103 GET_ULONG_BE( W[ 1], data, 4 );
00104 GET_ULONG_BE( W[ 2], data, 8 );
00105 GET_ULONG_BE( W[ 3], data, 12 );
00106 GET_ULONG_BE( W[ 4], data, 16 );
00107 GET_ULONG_BE( W[ 5], data, 20 );
00108 GET_ULONG_BE( W[ 6], data, 24 );
00109 GET_ULONG_BE( W[ 7], data, 28 );
00110 GET_ULONG_BE( W[ 8], data, 32 );
00111 GET_ULONG_BE( W[ 9], data, 36 );
00112 GET_ULONG_BE( W[10], data, 40 );
00113 GET_ULONG_BE( W[11], data, 44 );
00114 GET_ULONG_BE( W[12], data, 48 );
00115 GET_ULONG_BE( W[13], data, 52 );
00116 GET_ULONG_BE( W[14], data, 56 );
00117 GET_ULONG_BE( W[15], data, 60 );
00118
00119 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
00120 #define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
00121
00122 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
00123 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
00124
00125 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
00126 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
00127
00128 #define F0(x,y,z) ((x & y) | (z & (x | y)))
00129 #define F1(x,y,z) (z ^ (x & (y ^ z)))
00130
00131 #define R(t) \
00132 ( \
00133 W[t] = S1(W[t - 2]) + W[t - 7] + \
00134 S0(W[t - 15]) + W[t - 16] \
00135 )
00136
00137 #define P(a,b,c,d,e,f,g,h,x,K) \
00138 { \
00139 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
00140 temp2 = S2(a) + F0(a,b,c); \
00141 d += temp1; h = temp1 + temp2; \
00142 }
00143
00144 A = ctx->state[0];
00145 B = ctx->state[1];
00146 C = ctx->state[2];
00147 D = ctx->state[3];
00148 E = ctx->state[4];
00149 F = ctx->state[5];
00150 G = ctx->state[6];
00151 H = ctx->state[7];
00152
00153 P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 );
00154 P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 );
00155 P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF );
00156 P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 );
00157 P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B );
00158 P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 );
00159 P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 );
00160 P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 );
00161 P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 );
00162 P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 );
00163 P( G, H, A, B, C, D, E, F, W[10], 0x243185BE );
00164 P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 );
00165 P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 );
00166 P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE );
00167 P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 );
00168 P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 );
00169 P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 );
00170 P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 );
00171 P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 );
00172 P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC );
00173 P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F );
00174 P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA );
00175 P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC );
00176 P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA );
00177 P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 );
00178 P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D );
00179 P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 );
00180 P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 );
00181 P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 );
00182 P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 );
00183 P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 );
00184 P( B, C, D, E, F, G, H, A, R(31), 0x14292967 );
00185 P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 );
00186 P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 );
00187 P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC );
00188 P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 );
00189 P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 );
00190 P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB );
00191 P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E );
00192 P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 );
00193 P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 );
00194 P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B );
00195 P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 );
00196 P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 );
00197 P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 );
00198 P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 );
00199 P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 );
00200 P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 );
00201 P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 );
00202 P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 );
00203 P( G, H, A, B, C, D, E, F, R(50), 0x2748774C );
00204 P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 );
00205 P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 );
00206 P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A );
00207 P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F );
00208 P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 );
00209 P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE );
00210 P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F );
00211 P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 );
00212 P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 );
00213 P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA );
00214 P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB );
00215 P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 );
00216 P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 );
00217
00218 ctx->state[0] += A;
00219 ctx->state[1] += B;
00220 ctx->state[2] += C;
00221 ctx->state[3] += D;
00222 ctx->state[4] += E;
00223 ctx->state[5] += F;
00224 ctx->state[6] += G;
00225 ctx->state[7] += H;
00226 }
00227
00228
00229
00230
00231 void sha2_update( sha2_context *ctx, unsigned char *input, int ilen )
00232 {
00233 int fill;
00234 unsigned long left;
00235
00236 if( ilen <= 0 )
00237 return;
00238
00239 left = ctx->total[0] & 0x3F;
00240 fill = 64 - left;
00241
00242 ctx->total[0] += ilen;
00243 ctx->total[0] &= 0xFFFFFFFF;
00244
00245 if( ctx->total[0] < (unsigned long) ilen )
00246 ctx->total[1]++;
00247
00248 if( left && ilen >= fill )
00249 {
00250 memcpy( (void *) (ctx->buffer + left),
00251 (void *) input, fill );
00252 sha2_process( ctx, ctx->buffer );
00253 input += fill;
00254 ilen -= fill;
00255 left = 0;
00256 }
00257
00258 while( ilen >= 64 )
00259 {
00260 sha2_process( ctx, input );
00261 input += 64;
00262 ilen -= 64;
00263 }
00264
00265 if( ilen > 0 )
00266 {
00267 memcpy( (void *) (ctx->buffer + left),
00268 (void *) input, ilen );
00269 }
00270 }
00271
00272 static const unsigned char sha2_padding[64] =
00273 {
00274 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00275 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00276 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
00277 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
00278 };
00279
00280
00281
00282
00283 void sha2_finish( sha2_context *ctx, unsigned char output[32] )
00284 {
00285 unsigned long last, padn;
00286 unsigned long high, low;
00287 unsigned char msglen[8];
00288
00289 high = ( ctx->total[0] >> 29 )
00290 | ( ctx->total[1] << 3 );
00291 low = ( ctx->total[0] << 3 );
00292
00293 PUT_ULONG_BE( high, msglen, 0 );
00294 PUT_ULONG_BE( low, msglen, 4 );
00295
00296 last = ctx->total[0] & 0x3F;
00297 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
00298
00299 sha2_update( ctx, (unsigned char *) sha2_padding, padn );
00300 sha2_update( ctx, msglen, 8 );
00301
00302 PUT_ULONG_BE( ctx->state[0], output, 0 );
00303 PUT_ULONG_BE( ctx->state[1], output, 4 );
00304 PUT_ULONG_BE( ctx->state[2], output, 8 );
00305 PUT_ULONG_BE( ctx->state[3], output, 12 );
00306 PUT_ULONG_BE( ctx->state[4], output, 16 );
00307 PUT_ULONG_BE( ctx->state[5], output, 20 );
00308 PUT_ULONG_BE( ctx->state[6], output, 24 );
00309
00310 if( ctx->is224 == 0 )
00311 PUT_ULONG_BE( ctx->state[7], output, 28 );
00312 }
00313
00314
00315
00316
00317 void sha2( unsigned char *input, int ilen,
00318 unsigned char output[32], int is224 )
00319 {
00320 sha2_context ctx;
00321
00322 sha2_starts( &ctx, is224 );
00323 sha2_update( &ctx, input, ilen );
00324 sha2_finish( &ctx, output );
00325
00326 memset( &ctx, 0, sizeof( sha2_context ) );
00327 }
00328
00329
00330
00331
00332 int sha2_file( char *path, unsigned char output[32], int is224 )
00333 {
00334 FILE *f;
00335 size_t n;
00336 sha2_context ctx;
00337 unsigned char buf[1024];
00338
00339 if( ( f = fopen( path, "rb" ) ) == NULL )
00340 return( 1 );
00341
00342 sha2_starts( &ctx, is224 );
00343
00344 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
00345 sha2_update( &ctx, buf, (int) n );
00346
00347 sha2_finish( &ctx, output );
00348
00349 memset( &ctx, 0, sizeof( sha2_context ) );
00350
00351 if( ferror( f ) != 0 )
00352 {
00353 fclose( f );
00354 return( 2 );
00355 }
00356
00357 fclose( f );
00358 return( 0 );
00359 }
00360
00361
00362
00363
00364 void sha2_hmac_starts( sha2_context *ctx, unsigned char *key, int keylen,
00365 int is224 )
00366 {
00367 int i;
00368 unsigned char sum[32];
00369
00370 if( keylen > 64 )
00371 {
00372 sha2( key, keylen, sum, is224 );
00373 keylen = ( is224 ) ? 28 : 32;
00374 key = sum;
00375 }
00376
00377 memset( ctx->ipad, 0x36, 64 );
00378 memset( ctx->opad, 0x5C, 64 );
00379
00380 for( i = 0; i < keylen; i++ )
00381 {
00382 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
00383 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
00384 }
00385
00386 sha2_starts( ctx, is224 );
00387 sha2_update( ctx, ctx->ipad, 64 );
00388
00389 memset( sum, 0, sizeof( sum ) );
00390 }
00391
00392
00393
00394
00395 void sha2_hmac_update( sha2_context *ctx, unsigned char *input, int ilen )
00396 {
00397 sha2_update( ctx, input, ilen );
00398 }
00399
00400
00401
00402
00403 void sha2_hmac_finish( sha2_context *ctx, unsigned char output[32] )
00404 {
00405 int is224, hlen;
00406 unsigned char tmpbuf[32];
00407
00408 is224 = ctx->is224;
00409 hlen = ( is224 == 0 ) ? 32 : 28;
00410
00411 sha2_finish( ctx, tmpbuf );
00412 sha2_starts( ctx, is224 );
00413 sha2_update( ctx, ctx->opad, 64 );
00414 sha2_update( ctx, tmpbuf, hlen );
00415 sha2_finish( ctx, output );
00416
00417 memset( tmpbuf, 0, sizeof( tmpbuf ) );
00418 }
00419
00420
00421
00422
00423 void sha2_hmac( unsigned char *key, int keylen,
00424 unsigned char *input, int ilen,
00425 unsigned char output[32], int is224 )
00426 {
00427 sha2_context ctx;
00428
00429 sha2_hmac_starts( &ctx, key, keylen, is224 );
00430 sha2_hmac_update( &ctx, input, ilen );
00431 sha2_hmac_finish( &ctx, output );
00432
00433 memset( &ctx, 0, sizeof( sha2_context ) );
00434 }
00435
00436 #if defined(POLARSSL_SELF_TEST)
00437
00438
00439
00440 static unsigned char sha2_test_buf[3][57] =
00441 {
00442 { "abc" },
00443 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
00444 { "" }
00445 };
00446
00447 static const int sha2_test_buflen[3] =
00448 {
00449 3, 56, 1000
00450 };
00451
00452 static const unsigned char sha2_test_sum[6][32] =
00453 {
00454
00455
00456
00457 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
00458 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
00459 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
00460 0xE3, 0x6C, 0x9D, 0xA7 },
00461 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
00462 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
00463 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
00464 0x52, 0x52, 0x25, 0x25 },
00465 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
00466 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
00467 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
00468 0x4E, 0xE7, 0xAD, 0x67 },
00469
00470
00471
00472
00473 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
00474 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
00475 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
00476 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
00477 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
00478 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
00479 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
00480 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
00481 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
00482 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
00483 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
00484 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
00485 };
00486
00487
00488
00489
00490 static unsigned char sha2_hmac_test_key[7][26] =
00491 {
00492 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
00493 "\x0B\x0B\x0B\x0B" },
00494 { "Jefe" },
00495 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
00496 "\xAA\xAA\xAA\xAA" },
00497 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
00498 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
00499 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
00500 "\x0C\x0C\x0C\x0C" },
00501 { "" },
00502 { "" }
00503 };
00504
00505 static const int sha2_hmac_test_keylen[7] =
00506 {
00507 20, 4, 20, 25, 20, 131, 131
00508 };
00509
00510 static unsigned char sha2_hmac_test_buf[7][153] =
00511 {
00512 { "Hi There" },
00513 { "what do ya want for nothing?" },
00514 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00515 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00516 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00517 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
00518 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
00519 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00520 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00521 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00522 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
00523 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
00524 { "Test With Truncation" },
00525 { "Test Using Larger Than Block-Size Key - Hash Key First" },
00526 { "This is a test using a larger than block-size key "
00527 "and a larger than block-size data. The key needs to "
00528 "be hashed before being used by the HMAC algorithm." }
00529 };
00530
00531 static const int sha2_hmac_test_buflen[7] =
00532 {
00533 8, 28, 50, 50, 20, 54, 152
00534 };
00535
00536 static const unsigned char sha2_hmac_test_sum[14][32] =
00537 {
00538
00539
00540
00541 { 0x89, 0x6F, 0xB1, 0x12, 0x8A, 0xBB, 0xDF, 0x19,
00542 0x68, 0x32, 0x10, 0x7C, 0xD4, 0x9D, 0xF3, 0x3F,
00543 0x47, 0xB4, 0xB1, 0x16, 0x99, 0x12, 0xBA, 0x4F,
00544 0x53, 0x68, 0x4B, 0x22 },
00545 { 0xA3, 0x0E, 0x01, 0x09, 0x8B, 0xC6, 0xDB, 0xBF,
00546 0x45, 0x69, 0x0F, 0x3A, 0x7E, 0x9E, 0x6D, 0x0F,
00547 0x8B, 0xBE, 0xA2, 0xA3, 0x9E, 0x61, 0x48, 0x00,
00548 0x8F, 0xD0, 0x5E, 0x44 },
00549 { 0x7F, 0xB3, 0xCB, 0x35, 0x88, 0xC6, 0xC1, 0xF6,
00550 0xFF, 0xA9, 0x69, 0x4D, 0x7D, 0x6A, 0xD2, 0x64,
00551 0x93, 0x65, 0xB0, 0xC1, 0xF6, 0x5D, 0x69, 0xD1,
00552 0xEC, 0x83, 0x33, 0xEA },
00553 { 0x6C, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3C, 0xAC,
00554 0x6A, 0x2A, 0xBC, 0x1B, 0xB3, 0x82, 0x62, 0x7C,
00555 0xEC, 0x6A, 0x90, 0xD8, 0x6E, 0xFC, 0x01, 0x2D,
00556 0xE7, 0xAF, 0xEC, 0x5A },
00557 { 0x0E, 0x2A, 0xEA, 0x68, 0xA9, 0x0C, 0x8D, 0x37,
00558 0xC9, 0x88, 0xBC, 0xDB, 0x9F, 0xCA, 0x6F, 0xA8 },
00559 { 0x95, 0xE9, 0xA0, 0xDB, 0x96, 0x20, 0x95, 0xAD,
00560 0xAE, 0xBE, 0x9B, 0x2D, 0x6F, 0x0D, 0xBC, 0xE2,
00561 0xD4, 0x99, 0xF1, 0x12, 0xF2, 0xD2, 0xB7, 0x27,
00562 0x3F, 0xA6, 0x87, 0x0E },
00563 { 0x3A, 0x85, 0x41, 0x66, 0xAC, 0x5D, 0x9F, 0x02,
00564 0x3F, 0x54, 0xD5, 0x17, 0xD0, 0xB3, 0x9D, 0xBD,
00565 0x94, 0x67, 0x70, 0xDB, 0x9C, 0x2B, 0x95, 0xC9,
00566 0xF6, 0xF5, 0x65, 0xD1 },
00567
00568
00569
00570
00571 { 0xB0, 0x34, 0x4C, 0x61, 0xD8, 0xDB, 0x38, 0x53,
00572 0x5C, 0xA8, 0xAF, 0xCE, 0xAF, 0x0B, 0xF1, 0x2B,
00573 0x88, 0x1D, 0xC2, 0x00, 0xC9, 0x83, 0x3D, 0xA7,
00574 0x26, 0xE9, 0x37, 0x6C, 0x2E, 0x32, 0xCF, 0xF7 },
00575 { 0x5B, 0xDC, 0xC1, 0x46, 0xBF, 0x60, 0x75, 0x4E,
00576 0x6A, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xC7,
00577 0x5A, 0x00, 0x3F, 0x08, 0x9D, 0x27, 0x39, 0x83,
00578 0x9D, 0xEC, 0x58, 0xB9, 0x64, 0xEC, 0x38, 0x43 },
00579 { 0x77, 0x3E, 0xA9, 0x1E, 0x36, 0x80, 0x0E, 0x46,
00580 0x85, 0x4D, 0xB8, 0xEB, 0xD0, 0x91, 0x81, 0xA7,
00581 0x29, 0x59, 0x09, 0x8B, 0x3E, 0xF8, 0xC1, 0x22,
00582 0xD9, 0x63, 0x55, 0x14, 0xCE, 0xD5, 0x65, 0xFE },
00583 { 0x82, 0x55, 0x8A, 0x38, 0x9A, 0x44, 0x3C, 0x0E,
00584 0xA4, 0xCC, 0x81, 0x98, 0x99, 0xF2, 0x08, 0x3A,
00585 0x85, 0xF0, 0xFA, 0xA3, 0xE5, 0x78, 0xF8, 0x07,
00586 0x7A, 0x2E, 0x3F, 0xF4, 0x67, 0x29, 0x66, 0x5B },
00587 { 0xA3, 0xB6, 0x16, 0x74, 0x73, 0x10, 0x0E, 0xE0,
00588 0x6E, 0x0C, 0x79, 0x6C, 0x29, 0x55, 0x55, 0x2B },
00589 { 0x60, 0xE4, 0x31, 0x59, 0x1E, 0xE0, 0xB6, 0x7F,
00590 0x0D, 0x8A, 0x26, 0xAA, 0xCB, 0xF5, 0xB7, 0x7F,
00591 0x8E, 0x0B, 0xC6, 0x21, 0x37, 0x28, 0xC5, 0x14,
00592 0x05, 0x46, 0x04, 0x0F, 0x0E, 0xE3, 0x7F, 0x54 },
00593 { 0x9B, 0x09, 0xFF, 0xA7, 0x1B, 0x94, 0x2F, 0xCB,
00594 0x27, 0x63, 0x5F, 0xBC, 0xD5, 0xB0, 0xE9, 0x44,
00595 0xBF, 0xDC, 0x63, 0x64, 0x4F, 0x07, 0x13, 0x93,
00596 0x8A, 0x7F, 0x51, 0x53, 0x5C, 0x3A, 0x35, 0xE2 }
00597 };
00598
00599
00600
00601
00602 int sha2_self_test( int verbose )
00603 {
00604 int i, j, k, buflen;
00605 unsigned char buf[1024];
00606 unsigned char sha2sum[32];
00607 sha2_context ctx;
00608
00609 for( i = 0; i < 6; i++ )
00610 {
00611 j = i % 3;
00612 k = i < 3;
00613
00614 if( verbose != 0 )
00615 printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
00616
00617 sha2_starts( &ctx, k );
00618
00619 if( j == 2 )
00620 {
00621 memset( buf, 'a', buflen = 1000 );
00622
00623 for( j = 0; j < 1000; j++ )
00624 sha2_update( &ctx, buf, buflen );
00625 }
00626 else
00627 sha2_update( &ctx, sha2_test_buf[j],
00628 sha2_test_buflen[j] );
00629
00630 sha2_finish( &ctx, sha2sum );
00631
00632 if( memcmp( sha2sum, sha2_test_sum[i], 32 - k * 4 ) != 0 )
00633 {
00634 if( verbose != 0 )
00635 printf( "failed\n" );
00636
00637 return( 1 );
00638 }
00639
00640 if( verbose != 0 )
00641 printf( "passed\n" );
00642 }
00643
00644 if( verbose != 0 )
00645 printf( "\n" );
00646
00647 for( i = 0; i < 14; i++ )
00648 {
00649 j = i % 7;
00650 k = i < 7;
00651
00652 if( verbose != 0 )
00653 printf( " HMAC-SHA-%d test #%d: ", 256 - k * 32, j + 1 );
00654
00655 if( j == 5 || j == 6 )
00656 {
00657 memset( buf, '\xAA', buflen = 131 );
00658 sha2_hmac_starts( &ctx, buf, buflen, k );
00659 }
00660 else
00661 sha2_hmac_starts( &ctx, sha2_hmac_test_key[j],
00662 sha2_hmac_test_keylen[j], k );
00663
00664 sha2_hmac_update( &ctx, sha2_hmac_test_buf[j],
00665 sha2_hmac_test_buflen[j] );
00666
00667 sha2_hmac_finish( &ctx, sha2sum );
00668
00669 buflen = ( j == 4 ) ? 16 : 32 - k * 4;
00670
00671 if( memcmp( sha2sum, sha2_hmac_test_sum[i], buflen ) != 0 )
00672 {
00673 if( verbose != 0 )
00674 printf( "failed\n" );
00675
00676 return( 1 );
00677 }
00678
00679 if( verbose != 0 )
00680 printf( "passed\n" );
00681 }
00682
00683 if( verbose != 0 )
00684 printf( "\n" );
00685
00686 return( 0 );
00687 }
00688
00689 #endif
00690
00691 #endif