PolarSSL v1.3.8
sha256.c
Go to the documentation of this file.
1 /*
2  * FIPS-180-2 compliant SHA-256 implementation
3  *
4  * Copyright (C) 2006-2014, Brainspark B.V.
5  *
6  * This file is part of PolarSSL (http://www.polarssl.org)
7  * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8  *
9  * All rights reserved.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 /*
26  * The SHA-256 Secure Hash Standard was published by NIST in 2002.
27  *
28  * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
29  */
30 
31 #if !defined(POLARSSL_CONFIG_FILE)
32 #include "polarssl/config.h"
33 #else
34 #include POLARSSL_CONFIG_FILE
35 #endif
36 
37 #if defined(POLARSSL_SHA256_C)
38 
39 #include "polarssl/sha256.h"
40 
41 #if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
42 #include <stdio.h>
43 #endif
44 
45 #if defined(POLARSSL_PLATFORM_C)
46 #include "polarssl/platform.h"
47 #else
48 #define polarssl_printf printf
49 #endif
50 
51 /* Implementation that should never be optimized out by the compiler */
52 static void polarssl_zeroize( void *v, size_t n ) {
53  volatile unsigned char *p = v; while( n-- ) *p++ = 0;
54 }
55 
56 #if !defined(POLARSSL_SHA256_ALT)
57 
58 /*
59  * 32-bit integer manipulation macros (big endian)
60  */
61 #ifndef GET_UINT32_BE
62 #define GET_UINT32_BE(n,b,i) \
63 { \
64  (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
65  | ( (uint32_t) (b)[(i) + 1] << 16 ) \
66  | ( (uint32_t) (b)[(i) + 2] << 8 ) \
67  | ( (uint32_t) (b)[(i) + 3] ); \
68 }
69 #endif
70 
71 #ifndef PUT_UINT32_BE
72 #define PUT_UINT32_BE(n,b,i) \
73 { \
74  (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
75  (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
76  (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
77  (b)[(i) + 3] = (unsigned char) ( (n) ); \
78 }
79 #endif
80 
81 void sha256_init( sha256_context *ctx )
82 {
83  memset( ctx, 0, sizeof( sha256_context ) );
84 }
85 
86 void sha256_free( sha256_context *ctx )
87 {
88  if( ctx == NULL )
89  return;
90 
91  polarssl_zeroize( ctx, sizeof( sha256_context ) );
92 }
93 
94 /*
95  * SHA-256 context setup
96  */
97 void sha256_starts( sha256_context *ctx, int is224 )
98 {
99  ctx->total[0] = 0;
100  ctx->total[1] = 0;
101 
102  if( is224 == 0 )
103  {
104  /* SHA-256 */
105  ctx->state[0] = 0x6A09E667;
106  ctx->state[1] = 0xBB67AE85;
107  ctx->state[2] = 0x3C6EF372;
108  ctx->state[3] = 0xA54FF53A;
109  ctx->state[4] = 0x510E527F;
110  ctx->state[5] = 0x9B05688C;
111  ctx->state[6] = 0x1F83D9AB;
112  ctx->state[7] = 0x5BE0CD19;
113  }
114  else
115  {
116  /* SHA-224 */
117  ctx->state[0] = 0xC1059ED8;
118  ctx->state[1] = 0x367CD507;
119  ctx->state[2] = 0x3070DD17;
120  ctx->state[3] = 0xF70E5939;
121  ctx->state[4] = 0xFFC00B31;
122  ctx->state[5] = 0x68581511;
123  ctx->state[6] = 0x64F98FA7;
124  ctx->state[7] = 0xBEFA4FA4;
125  }
126 
127  ctx->is224 = is224;
128 }
129 
130 void sha256_process( sha256_context *ctx, const unsigned char data[64] )
131 {
132  uint32_t temp1, temp2, W[64];
133  uint32_t A, B, C, D, E, F, G, H;
134 
135  GET_UINT32_BE( W[ 0], data, 0 );
136  GET_UINT32_BE( W[ 1], data, 4 );
137  GET_UINT32_BE( W[ 2], data, 8 );
138  GET_UINT32_BE( W[ 3], data, 12 );
139  GET_UINT32_BE( W[ 4], data, 16 );
140  GET_UINT32_BE( W[ 5], data, 20 );
141  GET_UINT32_BE( W[ 6], data, 24 );
142  GET_UINT32_BE( W[ 7], data, 28 );
143  GET_UINT32_BE( W[ 8], data, 32 );
144  GET_UINT32_BE( W[ 9], data, 36 );
145  GET_UINT32_BE( W[10], data, 40 );
146  GET_UINT32_BE( W[11], data, 44 );
147  GET_UINT32_BE( W[12], data, 48 );
148  GET_UINT32_BE( W[13], data, 52 );
149  GET_UINT32_BE( W[14], data, 56 );
150  GET_UINT32_BE( W[15], data, 60 );
151 
152 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
153 #define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
154 
155 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
156 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
157 
158 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
159 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
160 
161 #define F0(x,y,z) ((x & y) | (z & (x | y)))
162 #define F1(x,y,z) (z ^ (x & (y ^ z)))
163 
164 #define R(t) \
165 ( \
166  W[t] = S1(W[t - 2]) + W[t - 7] + \
167  S0(W[t - 15]) + W[t - 16] \
168 )
169 
170 #define P(a,b,c,d,e,f,g,h,x,K) \
171 { \
172  temp1 = h + S3(e) + F1(e,f,g) + K + x; \
173  temp2 = S2(a) + F0(a,b,c); \
174  d += temp1; h = temp1 + temp2; \
175 }
176 
177  A = ctx->state[0];
178  B = ctx->state[1];
179  C = ctx->state[2];
180  D = ctx->state[3];
181  E = ctx->state[4];
182  F = ctx->state[5];
183  G = ctx->state[6];
184  H = ctx->state[7];
185 
186  P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 );
187  P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 );
188  P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF );
189  P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 );
190  P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B );
191  P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 );
192  P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 );
193  P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 );
194  P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 );
195  P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 );
196  P( G, H, A, B, C, D, E, F, W[10], 0x243185BE );
197  P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 );
198  P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 );
199  P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE );
200  P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 );
201  P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 );
202  P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 );
203  P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 );
204  P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 );
205  P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC );
206  P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F );
207  P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA );
208  P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC );
209  P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA );
210  P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 );
211  P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D );
212  P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 );
213  P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 );
214  P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 );
215  P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 );
216  P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 );
217  P( B, C, D, E, F, G, H, A, R(31), 0x14292967 );
218  P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 );
219  P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 );
220  P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC );
221  P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 );
222  P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 );
223  P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB );
224  P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E );
225  P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 );
226  P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 );
227  P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B );
228  P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 );
229  P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 );
230  P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 );
231  P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 );
232  P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 );
233  P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 );
234  P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 );
235  P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 );
236  P( G, H, A, B, C, D, E, F, R(50), 0x2748774C );
237  P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 );
238  P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 );
239  P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A );
240  P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F );
241  P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 );
242  P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE );
243  P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F );
244  P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 );
245  P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 );
246  P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA );
247  P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB );
248  P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 );
249  P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 );
250 
251  ctx->state[0] += A;
252  ctx->state[1] += B;
253  ctx->state[2] += C;
254  ctx->state[3] += D;
255  ctx->state[4] += E;
256  ctx->state[5] += F;
257  ctx->state[6] += G;
258  ctx->state[7] += H;
259 }
260 
261 /*
262  * SHA-256 process buffer
263  */
264 void sha256_update( sha256_context *ctx, const unsigned char *input,
265  size_t ilen )
266 {
267  size_t fill;
268  uint32_t left;
269 
270  if( ilen == 0 )
271  return;
272 
273  left = ctx->total[0] & 0x3F;
274  fill = 64 - left;
275 
276  ctx->total[0] += (uint32_t) ilen;
277  ctx->total[0] &= 0xFFFFFFFF;
278 
279  if( ctx->total[0] < (uint32_t) ilen )
280  ctx->total[1]++;
281 
282  if( left && ilen >= fill )
283  {
284  memcpy( (void *) (ctx->buffer + left), input, fill );
285  sha256_process( ctx, ctx->buffer );
286  input += fill;
287  ilen -= fill;
288  left = 0;
289  }
290 
291  while( ilen >= 64 )
292  {
293  sha256_process( ctx, input );
294  input += 64;
295  ilen -= 64;
296  }
297 
298  if( ilen > 0 )
299  memcpy( (void *) (ctx->buffer + left), input, ilen );
300 }
301 
302 static const unsigned char sha256_padding[64] =
303 {
304  0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
305  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
306  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
307  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
308 };
309 
310 /*
311  * SHA-256 final digest
312  */
313 void sha256_finish( sha256_context *ctx, unsigned char output[32] )
314 {
315  uint32_t last, padn;
316  uint32_t high, low;
317  unsigned char msglen[8];
318 
319  high = ( ctx->total[0] >> 29 )
320  | ( ctx->total[1] << 3 );
321  low = ( ctx->total[0] << 3 );
322 
323  PUT_UINT32_BE( high, msglen, 0 );
324  PUT_UINT32_BE( low, msglen, 4 );
325 
326  last = ctx->total[0] & 0x3F;
327  padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
328 
329  sha256_update( ctx, sha256_padding, padn );
330  sha256_update( ctx, msglen, 8 );
331 
332  PUT_UINT32_BE( ctx->state[0], output, 0 );
333  PUT_UINT32_BE( ctx->state[1], output, 4 );
334  PUT_UINT32_BE( ctx->state[2], output, 8 );
335  PUT_UINT32_BE( ctx->state[3], output, 12 );
336  PUT_UINT32_BE( ctx->state[4], output, 16 );
337  PUT_UINT32_BE( ctx->state[5], output, 20 );
338  PUT_UINT32_BE( ctx->state[6], output, 24 );
339 
340  if( ctx->is224 == 0 )
341  PUT_UINT32_BE( ctx->state[7], output, 28 );
342 }
343 
344 #endif /* !POLARSSL_SHA256_ALT */
345 
346 /*
347  * output = SHA-256( input buffer )
348  */
349 void sha256( const unsigned char *input, size_t ilen,
350  unsigned char output[32], int is224 )
351 {
352  sha256_context ctx;
353 
354  sha256_init( &ctx );
355  sha256_starts( &ctx, is224 );
356  sha256_update( &ctx, input, ilen );
357  sha256_finish( &ctx, output );
358  sha256_free( &ctx );
359 }
360 
361 #if defined(POLARSSL_FS_IO)
362 /*
363  * output = SHA-256( file contents )
364  */
365 int sha256_file( const char *path, unsigned char output[32], int is224 )
366 {
367  FILE *f;
368  size_t n;
369  sha256_context ctx;
370  unsigned char buf[1024];
371 
372  if( ( f = fopen( path, "rb" ) ) == NULL )
374 
375  sha256_init( &ctx );
376  sha256_starts( &ctx, is224 );
377 
378  while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
379  sha256_update( &ctx, buf, n );
380 
381  sha256_finish( &ctx, output );
382  sha256_free( &ctx );
383 
384  if( ferror( f ) != 0 )
385  {
386  fclose( f );
388  }
389 
390  fclose( f );
391  return( 0 );
392 }
393 #endif /* POLARSSL_FS_IO */
394 
395 /*
396  * SHA-256 HMAC context setup
397  */
398 void sha256_hmac_starts( sha256_context *ctx, const unsigned char *key,
399  size_t keylen, int is224 )
400 {
401  size_t i;
402  unsigned char sum[32];
403 
404  if( keylen > 64 )
405  {
406  sha256( key, keylen, sum, is224 );
407  keylen = ( is224 ) ? 28 : 32;
408  key = sum;
409  }
410 
411  memset( ctx->ipad, 0x36, 64 );
412  memset( ctx->opad, 0x5C, 64 );
413 
414  for( i = 0; i < keylen; i++ )
415  {
416  ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
417  ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
418  }
419 
420  sha256_starts( ctx, is224 );
421  sha256_update( ctx, ctx->ipad, 64 );
422 
423  polarssl_zeroize( sum, sizeof( sum ) );
424 }
425 
426 /*
427  * SHA-256 HMAC process buffer
428  */
429 void sha256_hmac_update( sha256_context *ctx, const unsigned char *input,
430  size_t ilen )
431 {
432  sha256_update( ctx, input, ilen );
433 }
434 
435 /*
436  * SHA-256 HMAC final digest
437  */
438 void sha256_hmac_finish( sha256_context *ctx, unsigned char output[32] )
439 {
440  int is224, hlen;
441  unsigned char tmpbuf[32];
442 
443  is224 = ctx->is224;
444  hlen = ( is224 == 0 ) ? 32 : 28;
445 
446  sha256_finish( ctx, tmpbuf );
447  sha256_starts( ctx, is224 );
448  sha256_update( ctx, ctx->opad, 64 );
449  sha256_update( ctx, tmpbuf, hlen );
450  sha256_finish( ctx, output );
451 
452  polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
453 }
454 
455 /*
456  * SHA-256 HMAC context reset
457  */
459 {
460  sha256_starts( ctx, ctx->is224 );
461  sha256_update( ctx, ctx->ipad, 64 );
462 }
463 
464 /*
465  * output = HMAC-SHA-256( hmac key, input buffer )
466  */
467 void sha256_hmac( const unsigned char *key, size_t keylen,
468  const unsigned char *input, size_t ilen,
469  unsigned char output[32], int is224 )
470 {
471  sha256_context ctx;
472 
473  sha256_init( &ctx );
474  sha256_hmac_starts( &ctx, key, keylen, is224 );
475  sha256_hmac_update( &ctx, input, ilen );
476  sha256_hmac_finish( &ctx, output );
477  sha256_free( &ctx );
478 }
479 
480 #if defined(POLARSSL_SELF_TEST)
481 /*
482  * FIPS-180-2 test vectors
483  */
484 static unsigned char sha256_test_buf[3][57] =
485 {
486  { "abc" },
487  { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
488  { "" }
489 };
490 
491 static const int sha256_test_buflen[3] =
492 {
493  3, 56, 1000
494 };
495 
496 static const unsigned char sha256_test_sum[6][32] =
497 {
498  /*
499  * SHA-224 test vectors
500  */
501  { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
502  0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
503  0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
504  0xE3, 0x6C, 0x9D, 0xA7 },
505  { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
506  0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
507  0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
508  0x52, 0x52, 0x25, 0x25 },
509  { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
510  0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
511  0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
512  0x4E, 0xE7, 0xAD, 0x67 },
513 
514  /*
515  * SHA-256 test vectors
516  */
517  { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
518  0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
519  0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
520  0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
521  { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
522  0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
523  0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
524  0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
525  { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
526  0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
527  0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
528  0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
529 };
530 
531 /*
532  * RFC 4231 test vectors
533  */
534 static unsigned char sha256_hmac_test_key[7][26] =
535 {
536  { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
537  "\x0B\x0B\x0B\x0B" },
538  { "Jefe" },
539  { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
540  "\xAA\xAA\xAA\xAA" },
541  { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
542  "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
543  { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
544  "\x0C\x0C\x0C\x0C" },
545  { "" }, /* 0xAA 131 times */
546  { "" }
547 };
548 
549 static const int sha256_hmac_test_keylen[7] =
550 {
551  20, 4, 20, 25, 20, 131, 131
552 };
553 
554 static unsigned char sha256_hmac_test_buf[7][153] =
555 {
556  { "Hi There" },
557  { "what do ya want for nothing?" },
558  { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
559  "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
560  "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
561  "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
562  "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
563  { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
564  "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
565  "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
566  "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
567  "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
568  { "Test With Truncation" },
569  { "Test Using Larger Than Block-Size Key - Hash Key First" },
570  { "This is a test using a larger than block-size key "
571  "and a larger than block-size data. The key needs to "
572  "be hashed before being used by the HMAC algorithm." }
573 };
574 
575 static const int sha256_hmac_test_buflen[7] =
576 {
577  8, 28, 50, 50, 20, 54, 152
578 };
579 
580 static const unsigned char sha256_hmac_test_sum[14][32] =
581 {
582  /*
583  * HMAC-SHA-224 test vectors
584  */
585  { 0x89, 0x6F, 0xB1, 0x12, 0x8A, 0xBB, 0xDF, 0x19,
586  0x68, 0x32, 0x10, 0x7C, 0xD4, 0x9D, 0xF3, 0x3F,
587  0x47, 0xB4, 0xB1, 0x16, 0x99, 0x12, 0xBA, 0x4F,
588  0x53, 0x68, 0x4B, 0x22 },
589  { 0xA3, 0x0E, 0x01, 0x09, 0x8B, 0xC6, 0xDB, 0xBF,
590  0x45, 0x69, 0x0F, 0x3A, 0x7E, 0x9E, 0x6D, 0x0F,
591  0x8B, 0xBE, 0xA2, 0xA3, 0x9E, 0x61, 0x48, 0x00,
592  0x8F, 0xD0, 0x5E, 0x44 },
593  { 0x7F, 0xB3, 0xCB, 0x35, 0x88, 0xC6, 0xC1, 0xF6,
594  0xFF, 0xA9, 0x69, 0x4D, 0x7D, 0x6A, 0xD2, 0x64,
595  0x93, 0x65, 0xB0, 0xC1, 0xF6, 0x5D, 0x69, 0xD1,
596  0xEC, 0x83, 0x33, 0xEA },
597  { 0x6C, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3C, 0xAC,
598  0x6A, 0x2A, 0xBC, 0x1B, 0xB3, 0x82, 0x62, 0x7C,
599  0xEC, 0x6A, 0x90, 0xD8, 0x6E, 0xFC, 0x01, 0x2D,
600  0xE7, 0xAF, 0xEC, 0x5A },
601  { 0x0E, 0x2A, 0xEA, 0x68, 0xA9, 0x0C, 0x8D, 0x37,
602  0xC9, 0x88, 0xBC, 0xDB, 0x9F, 0xCA, 0x6F, 0xA8 },
603  { 0x95, 0xE9, 0xA0, 0xDB, 0x96, 0x20, 0x95, 0xAD,
604  0xAE, 0xBE, 0x9B, 0x2D, 0x6F, 0x0D, 0xBC, 0xE2,
605  0xD4, 0x99, 0xF1, 0x12, 0xF2, 0xD2, 0xB7, 0x27,
606  0x3F, 0xA6, 0x87, 0x0E },
607  { 0x3A, 0x85, 0x41, 0x66, 0xAC, 0x5D, 0x9F, 0x02,
608  0x3F, 0x54, 0xD5, 0x17, 0xD0, 0xB3, 0x9D, 0xBD,
609  0x94, 0x67, 0x70, 0xDB, 0x9C, 0x2B, 0x95, 0xC9,
610  0xF6, 0xF5, 0x65, 0xD1 },
611 
612  /*
613  * HMAC-SHA-256 test vectors
614  */
615  { 0xB0, 0x34, 0x4C, 0x61, 0xD8, 0xDB, 0x38, 0x53,
616  0x5C, 0xA8, 0xAF, 0xCE, 0xAF, 0x0B, 0xF1, 0x2B,
617  0x88, 0x1D, 0xC2, 0x00, 0xC9, 0x83, 0x3D, 0xA7,
618  0x26, 0xE9, 0x37, 0x6C, 0x2E, 0x32, 0xCF, 0xF7 },
619  { 0x5B, 0xDC, 0xC1, 0x46, 0xBF, 0x60, 0x75, 0x4E,
620  0x6A, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xC7,
621  0x5A, 0x00, 0x3F, 0x08, 0x9D, 0x27, 0x39, 0x83,
622  0x9D, 0xEC, 0x58, 0xB9, 0x64, 0xEC, 0x38, 0x43 },
623  { 0x77, 0x3E, 0xA9, 0x1E, 0x36, 0x80, 0x0E, 0x46,
624  0x85, 0x4D, 0xB8, 0xEB, 0xD0, 0x91, 0x81, 0xA7,
625  0x29, 0x59, 0x09, 0x8B, 0x3E, 0xF8, 0xC1, 0x22,
626  0xD9, 0x63, 0x55, 0x14, 0xCE, 0xD5, 0x65, 0xFE },
627  { 0x82, 0x55, 0x8A, 0x38, 0x9A, 0x44, 0x3C, 0x0E,
628  0xA4, 0xCC, 0x81, 0x98, 0x99, 0xF2, 0x08, 0x3A,
629  0x85, 0xF0, 0xFA, 0xA3, 0xE5, 0x78, 0xF8, 0x07,
630  0x7A, 0x2E, 0x3F, 0xF4, 0x67, 0x29, 0x66, 0x5B },
631  { 0xA3, 0xB6, 0x16, 0x74, 0x73, 0x10, 0x0E, 0xE0,
632  0x6E, 0x0C, 0x79, 0x6C, 0x29, 0x55, 0x55, 0x2B },
633  { 0x60, 0xE4, 0x31, 0x59, 0x1E, 0xE0, 0xB6, 0x7F,
634  0x0D, 0x8A, 0x26, 0xAA, 0xCB, 0xF5, 0xB7, 0x7F,
635  0x8E, 0x0B, 0xC6, 0x21, 0x37, 0x28, 0xC5, 0x14,
636  0x05, 0x46, 0x04, 0x0F, 0x0E, 0xE3, 0x7F, 0x54 },
637  { 0x9B, 0x09, 0xFF, 0xA7, 0x1B, 0x94, 0x2F, 0xCB,
638  0x27, 0x63, 0x5F, 0xBC, 0xD5, 0xB0, 0xE9, 0x44,
639  0xBF, 0xDC, 0x63, 0x64, 0x4F, 0x07, 0x13, 0x93,
640  0x8A, 0x7F, 0x51, 0x53, 0x5C, 0x3A, 0x35, 0xE2 }
641 };
642 
643 /*
644  * Checkup routine
645  */
646 int sha256_self_test( int verbose )
647 {
648  int i, j, k, buflen, ret = 0;
649  unsigned char buf[1024];
650  unsigned char sha256sum[32];
651  sha256_context ctx;
652 
653  sha256_init( &ctx );
654 
655  for( i = 0; i < 6; i++ )
656  {
657  j = i % 3;
658  k = i < 3;
659 
660  if( verbose != 0 )
661  polarssl_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
662 
663  sha256_starts( &ctx, k );
664 
665  if( j == 2 )
666  {
667  memset( buf, 'a', buflen = 1000 );
668 
669  for( j = 0; j < 1000; j++ )
670  sha256_update( &ctx, buf, buflen );
671  }
672  else
673  sha256_update( &ctx, sha256_test_buf[j],
674  sha256_test_buflen[j] );
675 
676  sha256_finish( &ctx, sha256sum );
677 
678  if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
679  {
680  if( verbose != 0 )
681  polarssl_printf( "failed\n" );
682 
683  ret = 1;
684  goto exit;
685  }
686 
687  if( verbose != 0 )
688  polarssl_printf( "passed\n" );
689  }
690 
691  if( verbose != 0 )
692  polarssl_printf( "\n" );
693 
694  for( i = 0; i < 14; i++ )
695  {
696  j = i % 7;
697  k = i < 7;
698 
699  if( verbose != 0 )
700  polarssl_printf( " HMAC-SHA-%d test #%d: ", 256 - k * 32, j + 1 );
701 
702  if( j == 5 || j == 6 )
703  {
704  memset( buf, '\xAA', buflen = 131 );
705  sha256_hmac_starts( &ctx, buf, buflen, k );
706  }
707  else
708  sha256_hmac_starts( &ctx, sha256_hmac_test_key[j],
709  sha256_hmac_test_keylen[j], k );
710 
711  sha256_hmac_update( &ctx, sha256_hmac_test_buf[j],
712  sha256_hmac_test_buflen[j] );
713 
714  sha256_hmac_finish( &ctx, sha256sum );
715 
716  buflen = ( j == 4 ) ? 16 : 32 - k * 4;
717 
718  if( memcmp( sha256sum, sha256_hmac_test_sum[i], buflen ) != 0 )
719  {
720  if( verbose != 0 )
721  polarssl_printf( "failed\n" );
722 
723  ret = 1;
724  goto exit;
725  }
726 
727  if( verbose != 0 )
728  polarssl_printf( "passed\n" );
729  }
730 
731  if( verbose != 0 )
732  polarssl_printf( "\n" );
733 
734 exit:
735  sha256_free( &ctx );
736 
737  return( ret );
738 }
739 
740 #endif /* POLARSSL_SELF_TEST */
741 
742 #endif /* POLARSSL_SHA256_C */
void sha256_hmac_update(sha256_context *ctx, const unsigned char *input, size_t ilen)
SHA-256 HMAC process buffer.
uint32_t total[2]
Definition: sha256.h:60
uint32_t state[8]
Definition: sha256.h:61
#define polarssl_printf
int sha256_file(const char *path, unsigned char output[32], int is224)
Output = SHA-256( file contents )
void sha256_update(sha256_context *ctx, const unsigned char *input, size_t ilen)
SHA-256 process buffer.
void sha256(const unsigned char *input, size_t ilen, unsigned char output[32], int is224)
Output = SHA-256( input buffer )
void sha256_hmac(const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char output[32], int is224)
Output = HMAC-SHA-256( hmac key, input buffer )
Configuration options (set of defines)
PolarSSL Platform abstraction layer.
unsigned char opad[64]
Definition: sha256.h:65
unsigned char ipad[64]
Definition: sha256.h:64
void sha256_hmac_finish(sha256_context *ctx, unsigned char output[32])
SHA-256 HMAC final digest.
unsigned char buffer[64]
Definition: sha256.h:62
void sha256_hmac_starts(sha256_context *ctx, const unsigned char *key, size_t keylen, int is224)
SHA-256 HMAC context setup.
#define PUT_UINT32_BE(n, b, i)
int sha256_self_test(int verbose)
Checkup routine.
void sha256_starts(sha256_context *ctx, int is224)
SHA-256 context setup.
#define POLARSSL_ERR_SHA256_FILE_IO_ERROR
Read/write error in file.
Definition: sha256.h:45
void sha256_hmac_reset(sha256_context *ctx)
SHA-256 HMAC context reset.
void sha256_process(sha256_context *ctx, const unsigned char data[64])
void sha256_init(sha256_context *ctx)
Initialize SHA-256 context.
void sha256_free(sha256_context *ctx)
Clear SHA-256 context.
void sha256_finish(sha256_context *ctx, unsigned char output[32])
SHA-256 final digest.
#define GET_UINT32_BE(n, b, i)
SHA-256 context structure.
Definition: sha256.h:58
SHA-224 and SHA-256 cryptographic hash function.