PolarSSL v1.3.9
sha256.c
Go to the documentation of this file.
1/*
2 * FIPS-180-2 compliant SHA-256 implementation
3 *
4 * Copyright (C) 2006-2014, Brainspark B.V.
5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
27 *
28 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
29 */
30
31#if !defined(POLARSSL_CONFIG_FILE)
32#include "polarssl/config.h"
33#else
34#include POLARSSL_CONFIG_FILE
35#endif
36
37#if defined(POLARSSL_SHA256_C)
38
39#include "polarssl/sha256.h"
40
41#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
42#include <stdio.h>
43#endif
44
45#if defined(POLARSSL_PLATFORM_C)
46#include "polarssl/platform.h"
47#else
48#define polarssl_printf printf
49#endif
50
51/* Implementation that should never be optimized out by the compiler */
52static void polarssl_zeroize( void *v, size_t n ) {
53 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
54}
55
56#if !defined(POLARSSL_SHA256_ALT)
57
58/*
59 * 32-bit integer manipulation macros (big endian)
60 */
61#ifndef GET_UINT32_BE
62#define GET_UINT32_BE(n,b,i) \
63{ \
64 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
65 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
66 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
67 | ( (uint32_t) (b)[(i) + 3] ); \
68}
69#endif
70
71#ifndef PUT_UINT32_BE
72#define PUT_UINT32_BE(n,b,i) \
73{ \
74 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
75 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
76 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
77 (b)[(i) + 3] = (unsigned char) ( (n) ); \
78}
79#endif
80
81void sha256_init( sha256_context *ctx )
82{
83 memset( ctx, 0, sizeof( sha256_context ) );
84}
85
86void sha256_free( sha256_context *ctx )
87{
88 if( ctx == NULL )
89 return;
90
91 polarssl_zeroize( ctx, sizeof( sha256_context ) );
92}
93
94/*
95 * SHA-256 context setup
96 */
97void sha256_starts( sha256_context *ctx, int is224 )
98{
99 ctx->total[0] = 0;
100 ctx->total[1] = 0;
101
102 if( is224 == 0 )
103 {
104 /* SHA-256 */
105 ctx->state[0] = 0x6A09E667;
106 ctx->state[1] = 0xBB67AE85;
107 ctx->state[2] = 0x3C6EF372;
108 ctx->state[3] = 0xA54FF53A;
109 ctx->state[4] = 0x510E527F;
110 ctx->state[5] = 0x9B05688C;
111 ctx->state[6] = 0x1F83D9AB;
112 ctx->state[7] = 0x5BE0CD19;
113 }
114 else
115 {
116 /* SHA-224 */
117 ctx->state[0] = 0xC1059ED8;
118 ctx->state[1] = 0x367CD507;
119 ctx->state[2] = 0x3070DD17;
120 ctx->state[3] = 0xF70E5939;
121 ctx->state[4] = 0xFFC00B31;
122 ctx->state[5] = 0x68581511;
123 ctx->state[6] = 0x64F98FA7;
124 ctx->state[7] = 0xBEFA4FA4;
125 }
126
127 ctx->is224 = is224;
128}
129
130void sha256_process( sha256_context *ctx, const unsigned char data[64] )
131{
132 uint32_t temp1, temp2, W[64];
133 uint32_t A, B, C, D, E, F, G, H;
134
135 GET_UINT32_BE( W[ 0], data, 0 );
136 GET_UINT32_BE( W[ 1], data, 4 );
137 GET_UINT32_BE( W[ 2], data, 8 );
138 GET_UINT32_BE( W[ 3], data, 12 );
139 GET_UINT32_BE( W[ 4], data, 16 );
140 GET_UINT32_BE( W[ 5], data, 20 );
141 GET_UINT32_BE( W[ 6], data, 24 );
142 GET_UINT32_BE( W[ 7], data, 28 );
143 GET_UINT32_BE( W[ 8], data, 32 );
144 GET_UINT32_BE( W[ 9], data, 36 );
145 GET_UINT32_BE( W[10], data, 40 );
146 GET_UINT32_BE( W[11], data, 44 );
147 GET_UINT32_BE( W[12], data, 48 );
148 GET_UINT32_BE( W[13], data, 52 );
149 GET_UINT32_BE( W[14], data, 56 );
150 GET_UINT32_BE( W[15], data, 60 );
151
152#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
153#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
154
155#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
156#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
157
158#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
159#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
160
161#define F0(x,y,z) ((x & y) | (z & (x | y)))
162#define F1(x,y,z) (z ^ (x & (y ^ z)))
163
164#define R(t) \
165( \
166 W[t] = S1(W[t - 2]) + W[t - 7] + \
167 S0(W[t - 15]) + W[t - 16] \
168)
169
170#define P(a,b,c,d,e,f,g,h,x,K) \
171{ \
172 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
173 temp2 = S2(a) + F0(a,b,c); \
174 d += temp1; h = temp1 + temp2; \
175}
176
177 A = ctx->state[0];
178 B = ctx->state[1];
179 C = ctx->state[2];
180 D = ctx->state[3];
181 E = ctx->state[4];
182 F = ctx->state[5];
183 G = ctx->state[6];
184 H = ctx->state[7];
185
186 P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 );
187 P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 );
188 P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF );
189 P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 );
190 P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B );
191 P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 );
192 P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 );
193 P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 );
194 P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 );
195 P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 );
196 P( G, H, A, B, C, D, E, F, W[10], 0x243185BE );
197 P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 );
198 P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 );
199 P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE );
200 P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 );
201 P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 );
202 P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 );
203 P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 );
204 P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 );
205 P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC );
206 P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F );
207 P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA );
208 P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC );
209 P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA );
210 P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 );
211 P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D );
212 P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 );
213 P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 );
214 P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 );
215 P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 );
216 P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 );
217 P( B, C, D, E, F, G, H, A, R(31), 0x14292967 );
218 P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 );
219 P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 );
220 P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC );
221 P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 );
222 P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 );
223 P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB );
224 P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E );
225 P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 );
226 P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 );
227 P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B );
228 P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 );
229 P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 );
230 P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 );
231 P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 );
232 P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 );
233 P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 );
234 P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 );
235 P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 );
236 P( G, H, A, B, C, D, E, F, R(50), 0x2748774C );
237 P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 );
238 P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 );
239 P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A );
240 P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F );
241 P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 );
242 P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE );
243 P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F );
244 P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 );
245 P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 );
246 P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA );
247 P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB );
248 P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 );
249 P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 );
250
251 ctx->state[0] += A;
252 ctx->state[1] += B;
253 ctx->state[2] += C;
254 ctx->state[3] += D;
255 ctx->state[4] += E;
256 ctx->state[5] += F;
257 ctx->state[6] += G;
258 ctx->state[7] += H;
259}
260
261/*
262 * SHA-256 process buffer
263 */
264void sha256_update( sha256_context *ctx, const unsigned char *input,
265 size_t ilen )
266{
267 size_t fill;
268 uint32_t left;
269
270 if( ilen == 0 )
271 return;
272
273 left = ctx->total[0] & 0x3F;
274 fill = 64 - left;
275
276 ctx->total[0] += (uint32_t) ilen;
277 ctx->total[0] &= 0xFFFFFFFF;
278
279 if( ctx->total[0] < (uint32_t) ilen )
280 ctx->total[1]++;
281
282 if( left && ilen >= fill )
283 {
284 memcpy( (void *) (ctx->buffer + left), input, fill );
285 sha256_process( ctx, ctx->buffer );
286 input += fill;
287 ilen -= fill;
288 left = 0;
289 }
290
291 while( ilen >= 64 )
292 {
293 sha256_process( ctx, input );
294 input += 64;
295 ilen -= 64;
296 }
297
298 if( ilen > 0 )
299 memcpy( (void *) (ctx->buffer + left), input, ilen );
300}
301
302static const unsigned char sha256_padding[64] =
303{
304 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
305 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
306 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
307 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
308};
309
310/*
311 * SHA-256 final digest
312 */
313void sha256_finish( sha256_context *ctx, unsigned char output[32] )
314{
315 uint32_t last, padn;
316 uint32_t high, low;
317 unsigned char msglen[8];
318
319 high = ( ctx->total[0] >> 29 )
320 | ( ctx->total[1] << 3 );
321 low = ( ctx->total[0] << 3 );
322
323 PUT_UINT32_BE( high, msglen, 0 );
324 PUT_UINT32_BE( low, msglen, 4 );
325
326 last = ctx->total[0] & 0x3F;
327 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
328
329 sha256_update( ctx, sha256_padding, padn );
330 sha256_update( ctx, msglen, 8 );
331
332 PUT_UINT32_BE( ctx->state[0], output, 0 );
333 PUT_UINT32_BE( ctx->state[1], output, 4 );
334 PUT_UINT32_BE( ctx->state[2], output, 8 );
335 PUT_UINT32_BE( ctx->state[3], output, 12 );
336 PUT_UINT32_BE( ctx->state[4], output, 16 );
337 PUT_UINT32_BE( ctx->state[5], output, 20 );
338 PUT_UINT32_BE( ctx->state[6], output, 24 );
339
340 if( ctx->is224 == 0 )
341 PUT_UINT32_BE( ctx->state[7], output, 28 );
342}
343
344#endif /* !POLARSSL_SHA256_ALT */
345
346/*
347 * output = SHA-256( input buffer )
348 */
349void sha256( const unsigned char *input, size_t ilen,
350 unsigned char output[32], int is224 )
351{
352 sha256_context ctx;
353
354 sha256_init( &ctx );
355 sha256_starts( &ctx, is224 );
356 sha256_update( &ctx, input, ilen );
357 sha256_finish( &ctx, output );
358 sha256_free( &ctx );
359}
360
361#if defined(POLARSSL_FS_IO)
362/*
363 * output = SHA-256( file contents )
364 */
365int sha256_file( const char *path, unsigned char output[32], int is224 )
366{
367 FILE *f;
368 size_t n;
369 sha256_context ctx;
370 unsigned char buf[1024];
371
372 if( ( f = fopen( path, "rb" ) ) == NULL )
373 return( POLARSSL_ERR_SHA256_FILE_IO_ERROR );
374
375 sha256_init( &ctx );
376 sha256_starts( &ctx, is224 );
377
378 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
379 sha256_update( &ctx, buf, n );
380
381 sha256_finish( &ctx, output );
382 sha256_free( &ctx );
383
384 if( ferror( f ) != 0 )
385 {
386 fclose( f );
387 return( POLARSSL_ERR_SHA256_FILE_IO_ERROR );
388 }
389
390 fclose( f );
391 return( 0 );
392}
393#endif /* POLARSSL_FS_IO */
394
395/*
396 * SHA-256 HMAC context setup
397 */
398void sha256_hmac_starts( sha256_context *ctx, const unsigned char *key,
399 size_t keylen, int is224 )
400{
401 size_t i;
402 unsigned char sum[32];
403
404 if( keylen > 64 )
405 {
406 sha256( key, keylen, sum, is224 );
407 keylen = ( is224 ) ? 28 : 32;
408 key = sum;
409 }
410
411 memset( ctx->ipad, 0x36, 64 );
412 memset( ctx->opad, 0x5C, 64 );
413
414 for( i = 0; i < keylen; i++ )
415 {
416 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
417 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
418 }
419
420 sha256_starts( ctx, is224 );
421 sha256_update( ctx, ctx->ipad, 64 );
422
423 polarssl_zeroize( sum, sizeof( sum ) );
424}
425
426/*
427 * SHA-256 HMAC process buffer
428 */
429void sha256_hmac_update( sha256_context *ctx, const unsigned char *input,
430 size_t ilen )
431{
432 sha256_update( ctx, input, ilen );
433}
434
435/*
436 * SHA-256 HMAC final digest
437 */
438void sha256_hmac_finish( sha256_context *ctx, unsigned char output[32] )
439{
440 int is224, hlen;
441 unsigned char tmpbuf[32];
442
443 is224 = ctx->is224;
444 hlen = ( is224 == 0 ) ? 32 : 28;
445
446 sha256_finish( ctx, tmpbuf );
447 sha256_starts( ctx, is224 );
448 sha256_update( ctx, ctx->opad, 64 );
449 sha256_update( ctx, tmpbuf, hlen );
450 sha256_finish( ctx, output );
451
452 polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
453}
454
455/*
456 * SHA-256 HMAC context reset
457 */
458void sha256_hmac_reset( sha256_context *ctx )
459{
460 sha256_starts( ctx, ctx->is224 );
461 sha256_update( ctx, ctx->ipad, 64 );
462}
463
464/*
465 * output = HMAC-SHA-256( hmac key, input buffer )
466 */
467void sha256_hmac( const unsigned char *key, size_t keylen,
468 const unsigned char *input, size_t ilen,
469 unsigned char output[32], int is224 )
470{
471 sha256_context ctx;
472
473 sha256_init( &ctx );
474 sha256_hmac_starts( &ctx, key, keylen, is224 );
475 sha256_hmac_update( &ctx, input, ilen );
476 sha256_hmac_finish( &ctx, output );
477 sha256_free( &ctx );
478}
479
480#if defined(POLARSSL_SELF_TEST)
481/*
482 * FIPS-180-2 test vectors
483 */
484static unsigned char sha256_test_buf[3][57] =
485{
486 { "abc" },
487 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
488 { "" }
489};
490
491static const int sha256_test_buflen[3] =
492{
493 3, 56, 1000
494};
495
496static const unsigned char sha256_test_sum[6][32] =
497{
498 /*
499 * SHA-224 test vectors
500 */
501 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
502 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
503 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
504 0xE3, 0x6C, 0x9D, 0xA7 },
505 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
506 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
507 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
508 0x52, 0x52, 0x25, 0x25 },
509 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
510 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
511 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
512 0x4E, 0xE7, 0xAD, 0x67 },
513
514 /*
515 * SHA-256 test vectors
516 */
517 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
518 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
519 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
520 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
521 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
522 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
523 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
524 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
525 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
526 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
527 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
528 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
529};
530
531/*
532 * RFC 4231 test vectors
533 */
534static unsigned char sha256_hmac_test_key[7][26] =
535{
536 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
537 "\x0B\x0B\x0B\x0B" },
538 { "Jefe" },
539 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
540 "\xAA\xAA\xAA\xAA" },
541 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
542 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
543 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
544 "\x0C\x0C\x0C\x0C" },
545 { "" }, /* 0xAA 131 times */
546 { "" }
547};
548
549static const int sha256_hmac_test_keylen[7] =
550{
551 20, 4, 20, 25, 20, 131, 131
552};
553
554static unsigned char sha256_hmac_test_buf[7][153] =
555{
556 { "Hi There" },
557 { "what do ya want for nothing?" },
558 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
559 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
560 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
561 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
562 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
563 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
564 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
565 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
566 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
567 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
568 { "Test With Truncation" },
569 { "Test Using Larger Than Block-Size Key - Hash Key First" },
570 { "This is a test using a larger than block-size key "
571 "and a larger than block-size data. The key needs to "
572 "be hashed before being used by the HMAC algorithm." }
573};
574
575static const int sha256_hmac_test_buflen[7] =
576{
577 8, 28, 50, 50, 20, 54, 152
578};
579
580static const unsigned char sha256_hmac_test_sum[14][32] =
581{
582 /*
583 * HMAC-SHA-224 test vectors
584 */
585 { 0x89, 0x6F, 0xB1, 0x12, 0x8A, 0xBB, 0xDF, 0x19,
586 0x68, 0x32, 0x10, 0x7C, 0xD4, 0x9D, 0xF3, 0x3F,
587 0x47, 0xB4, 0xB1, 0x16, 0x99, 0x12, 0xBA, 0x4F,
588 0x53, 0x68, 0x4B, 0x22 },
589 { 0xA3, 0x0E, 0x01, 0x09, 0x8B, 0xC6, 0xDB, 0xBF,
590 0x45, 0x69, 0x0F, 0x3A, 0x7E, 0x9E, 0x6D, 0x0F,
591 0x8B, 0xBE, 0xA2, 0xA3, 0x9E, 0x61, 0x48, 0x00,
592 0x8F, 0xD0, 0x5E, 0x44 },
593 { 0x7F, 0xB3, 0xCB, 0x35, 0x88, 0xC6, 0xC1, 0xF6,
594 0xFF, 0xA9, 0x69, 0x4D, 0x7D, 0x6A, 0xD2, 0x64,
595 0x93, 0x65, 0xB0, 0xC1, 0xF6, 0x5D, 0x69, 0xD1,
596 0xEC, 0x83, 0x33, 0xEA },
597 { 0x6C, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3C, 0xAC,
598 0x6A, 0x2A, 0xBC, 0x1B, 0xB3, 0x82, 0x62, 0x7C,
599 0xEC, 0x6A, 0x90, 0xD8, 0x6E, 0xFC, 0x01, 0x2D,
600 0xE7, 0xAF, 0xEC, 0x5A },
601 { 0x0E, 0x2A, 0xEA, 0x68, 0xA9, 0x0C, 0x8D, 0x37,
602 0xC9, 0x88, 0xBC, 0xDB, 0x9F, 0xCA, 0x6F, 0xA8 },
603 { 0x95, 0xE9, 0xA0, 0xDB, 0x96, 0x20, 0x95, 0xAD,
604 0xAE, 0xBE, 0x9B, 0x2D, 0x6F, 0x0D, 0xBC, 0xE2,
605 0xD4, 0x99, 0xF1, 0x12, 0xF2, 0xD2, 0xB7, 0x27,
606 0x3F, 0xA6, 0x87, 0x0E },
607 { 0x3A, 0x85, 0x41, 0x66, 0xAC, 0x5D, 0x9F, 0x02,
608 0x3F, 0x54, 0xD5, 0x17, 0xD0, 0xB3, 0x9D, 0xBD,
609 0x94, 0x67, 0x70, 0xDB, 0x9C, 0x2B, 0x95, 0xC9,
610 0xF6, 0xF5, 0x65, 0xD1 },
611
612 /*
613 * HMAC-SHA-256 test vectors
614 */
615 { 0xB0, 0x34, 0x4C, 0x61, 0xD8, 0xDB, 0x38, 0x53,
616 0x5C, 0xA8, 0xAF, 0xCE, 0xAF, 0x0B, 0xF1, 0x2B,
617 0x88, 0x1D, 0xC2, 0x00, 0xC9, 0x83, 0x3D, 0xA7,
618 0x26, 0xE9, 0x37, 0x6C, 0x2E, 0x32, 0xCF, 0xF7 },
619 { 0x5B, 0xDC, 0xC1, 0x46, 0xBF, 0x60, 0x75, 0x4E,
620 0x6A, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xC7,
621 0x5A, 0x00, 0x3F, 0x08, 0x9D, 0x27, 0x39, 0x83,
622 0x9D, 0xEC, 0x58, 0xB9, 0x64, 0xEC, 0x38, 0x43 },
623 { 0x77, 0x3E, 0xA9, 0x1E, 0x36, 0x80, 0x0E, 0x46,
624 0x85, 0x4D, 0xB8, 0xEB, 0xD0, 0x91, 0x81, 0xA7,
625 0x29, 0x59, 0x09, 0x8B, 0x3E, 0xF8, 0xC1, 0x22,
626 0xD9, 0x63, 0x55, 0x14, 0xCE, 0xD5, 0x65, 0xFE },
627 { 0x82, 0x55, 0x8A, 0x38, 0x9A, 0x44, 0x3C, 0x0E,
628 0xA4, 0xCC, 0x81, 0x98, 0x99, 0xF2, 0x08, 0x3A,
629 0x85, 0xF0, 0xFA, 0xA3, 0xE5, 0x78, 0xF8, 0x07,
630 0x7A, 0x2E, 0x3F, 0xF4, 0x67, 0x29, 0x66, 0x5B },
631 { 0xA3, 0xB6, 0x16, 0x74, 0x73, 0x10, 0x0E, 0xE0,
632 0x6E, 0x0C, 0x79, 0x6C, 0x29, 0x55, 0x55, 0x2B },
633 { 0x60, 0xE4, 0x31, 0x59, 0x1E, 0xE0, 0xB6, 0x7F,
634 0x0D, 0x8A, 0x26, 0xAA, 0xCB, 0xF5, 0xB7, 0x7F,
635 0x8E, 0x0B, 0xC6, 0x21, 0x37, 0x28, 0xC5, 0x14,
636 0x05, 0x46, 0x04, 0x0F, 0x0E, 0xE3, 0x7F, 0x54 },
637 { 0x9B, 0x09, 0xFF, 0xA7, 0x1B, 0x94, 0x2F, 0xCB,
638 0x27, 0x63, 0x5F, 0xBC, 0xD5, 0xB0, 0xE9, 0x44,
639 0xBF, 0xDC, 0x63, 0x64, 0x4F, 0x07, 0x13, 0x93,
640 0x8A, 0x7F, 0x51, 0x53, 0x5C, 0x3A, 0x35, 0xE2 }
641};
642
643/*
644 * Checkup routine
645 */
646int sha256_self_test( int verbose )
647{
648 int i, j, k, buflen, ret = 0;
649 unsigned char buf[1024];
650 unsigned char sha256sum[32];
651 sha256_context ctx;
652
653 sha256_init( &ctx );
654
655 for( i = 0; i < 6; i++ )
656 {
657 j = i % 3;
658 k = i < 3;
659
660 if( verbose != 0 )
661 polarssl_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
662
663 sha256_starts( &ctx, k );
664
665 if( j == 2 )
666 {
667 memset( buf, 'a', buflen = 1000 );
668
669 for( j = 0; j < 1000; j++ )
670 sha256_update( &ctx, buf, buflen );
671 }
672 else
673 sha256_update( &ctx, sha256_test_buf[j],
674 sha256_test_buflen[j] );
675
676 sha256_finish( &ctx, sha256sum );
677
678 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
679 {
680 if( verbose != 0 )
681 polarssl_printf( "failed\n" );
682
683 ret = 1;
684 goto exit;
685 }
686
687 if( verbose != 0 )
688 polarssl_printf( "passed\n" );
689 }
690
691 if( verbose != 0 )
692 polarssl_printf( "\n" );
693
694 for( i = 0; i < 14; i++ )
695 {
696 j = i % 7;
697 k = i < 7;
698
699 if( verbose != 0 )
700 polarssl_printf( " HMAC-SHA-%d test #%d: ", 256 - k * 32, j + 1 );
701
702 if( j == 5 || j == 6 )
703 {
704 memset( buf, '\xAA', buflen = 131 );
705 sha256_hmac_starts( &ctx, buf, buflen, k );
706 }
707 else
708 sha256_hmac_starts( &ctx, sha256_hmac_test_key[j],
709 sha256_hmac_test_keylen[j], k );
710
711 sha256_hmac_update( &ctx, sha256_hmac_test_buf[j],
712 sha256_hmac_test_buflen[j] );
713
714 sha256_hmac_finish( &ctx, sha256sum );
715
716 buflen = ( j == 4 ) ? 16 : 32 - k * 4;
717
718 if( memcmp( sha256sum, sha256_hmac_test_sum[i], buflen ) != 0 )
719 {
720 if( verbose != 0 )
721 polarssl_printf( "failed\n" );
722
723 ret = 1;
724 goto exit;
725 }
726
727 if( verbose != 0 )
728 polarssl_printf( "passed\n" );
729 }
730
731 if( verbose != 0 )
732 polarssl_printf( "\n" );
733
734exit:
735 sha256_free( &ctx );
736
737 return( ret );
738}
739
740#endif /* POLARSSL_SELF_TEST */
741
742#endif /* POLARSSL_SHA256_C */
config.h
Configuration options (set of defines)
platform.h
PolarSSL Platform abstraction layer.
sha256.h
SHA-224 and SHA-256 cryptographic hash function.
sha256_finish
void sha256_finish(sha256_context *ctx, unsigned char output[32])
SHA-256 final digest.
sha256_file
int sha256_file(const char *path, unsigned char output[32], int is224)
Output = SHA-256( file contents )
sha256_hmac_finish
void sha256_hmac_finish(sha256_context *ctx, unsigned char output[32])
SHA-256 HMAC final digest.
POLARSSL_ERR_SHA256_FILE_IO_ERROR
#define POLARSSL_ERR_SHA256_FILE_IO_ERROR
Read/write error in file.
Definition sha256.h:45
sha256_self_test
int sha256_self_test(int verbose)
Checkup routine.
sha256_hmac_update
void sha256_hmac_update(sha256_context *ctx, const unsigned char *input, size_t ilen)
SHA-256 HMAC process buffer.
sha256_free
void sha256_free(sha256_context *ctx)
Clear SHA-256 context.
sha256
void sha256(const unsigned char *input, size_t ilen, unsigned char output[32], int is224)
Output = SHA-256( input buffer )
sha256_process
void sha256_process(sha256_context *ctx, const unsigned char data[64])
sha256_hmac_reset
void sha256_hmac_reset(sha256_context *ctx)
SHA-256 HMAC context reset.
sha256_hmac_starts
void sha256_hmac_starts(sha256_context *ctx, const unsigned char *key, size_t keylen, int is224)
SHA-256 HMAC context setup.
sha256_hmac
void sha256_hmac(const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char output[32], int is224)
Output = HMAC-SHA-256( hmac key, input buffer )
sha256_update
void sha256_update(sha256_context *ctx, const unsigned char *input, size_t ilen)
SHA-256 process buffer.
sha256_starts
void sha256_starts(sha256_context *ctx, int is224)
SHA-256 context setup.
sha256_init
void sha256_init(sha256_context *ctx)
Initialize SHA-256 context.
sha256_context
SHA-256 context structure.
Definition sha256.h:59
sha256_context::ipad
unsigned char ipad[64]
Definition sha256.h:64
sha256_context::opad
unsigned char opad[64]
Definition sha256.h:65
sha256_context::buffer
unsigned char buffer[64]
Definition sha256.h:62
sha256_context::total
uint32_t total[2]
Definition sha256.h:60
sha256_context::is224
int is224
Definition sha256.h:66
sha256_context::state
uint32_t state[8]
Definition sha256.h:61
GET_UINT32_BE
#define GET_UINT32_BE(n, b, i)
Definition test_suite_aes.cbc.c:39
PUT_UINT32_BE
#define PUT_UINT32_BE(n, b, i)
Definition test_suite_aes.cbc.c:49
polarssl_printf
#define polarssl_printf
Definition test_suite_aes.cbc.c:309
Generated on Tue Feb 20 2024 18:30:52 for PolarSSL v1.3.9 by doxygen 1.9.8