2 * FIPS-180-2 compliant SHA-256 implementation
4 * Copyright (C) 2006-2010, Brainspark B.V.
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
28 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
31 #include "polarssl/config.h"
33 #if defined(POLARSSL_SHA2_C)
35 #include "polarssl/sha2.h"
41 * 32-bit integer manipulation macros (big endian)
44 #define GET_ULONG_BE(n,b,i) \
46 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
47 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
48 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
49 | ( (unsigned long) (b)[(i) + 3] ); \
54 #define PUT_ULONG_BE(n,b,i) \
56 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
57 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
58 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
59 (b)[(i) + 3] = (unsigned char) ( (n) ); \
64 * SHA-256 context setup
66 void sha2_starts( sha2_context *ctx, int is224 )
74 ctx->state[0] = 0x6A09E667;
75 ctx->state[1] = 0xBB67AE85;
76 ctx->state[2] = 0x3C6EF372;
77 ctx->state[3] = 0xA54FF53A;
78 ctx->state[4] = 0x510E527F;
79 ctx->state[5] = 0x9B05688C;
80 ctx->state[6] = 0x1F83D9AB;
81 ctx->state[7] = 0x5BE0CD19;
86 ctx->state[0] = 0xC1059ED8;
87 ctx->state[1] = 0x367CD507;
88 ctx->state[2] = 0x3070DD17;
89 ctx->state[3] = 0xF70E5939;
90 ctx->state[4] = 0xFFC00B31;
91 ctx->state[5] = 0x68581511;
92 ctx->state[6] = 0x64F98FA7;
93 ctx->state[7] = 0xBEFA4FA4;
99 static void sha2_process( sha2_context *ctx, const unsigned char data[64] )
101 unsigned long temp1, temp2, W[64];
102 unsigned long A, B, C, D, E, F, G, H;
104 GET_ULONG_BE( W[ 0], data, 0 );
105 GET_ULONG_BE( W[ 1], data, 4 );
106 GET_ULONG_BE( W[ 2], data, 8 );
107 GET_ULONG_BE( W[ 3], data, 12 );
108 GET_ULONG_BE( W[ 4], data, 16 );
109 GET_ULONG_BE( W[ 5], data, 20 );
110 GET_ULONG_BE( W[ 6], data, 24 );
111 GET_ULONG_BE( W[ 7], data, 28 );
112 GET_ULONG_BE( W[ 8], data, 32 );
113 GET_ULONG_BE( W[ 9], data, 36 );
114 GET_ULONG_BE( W[10], data, 40 );
115 GET_ULONG_BE( W[11], data, 44 );
116 GET_ULONG_BE( W[12], data, 48 );
117 GET_ULONG_BE( W[13], data, 52 );
118 GET_ULONG_BE( W[14], data, 56 );
119 GET_ULONG_BE( W[15], data, 60 );
121 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
122 #define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
124 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
125 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
127 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
128 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
130 #define F0(x,y,z) ((x & y) | (z & (x | y)))
131 #define F1(x,y,z) (z ^ (x & (y ^ z)))
135 W[t] = S1(W[t - 2]) + W[t - 7] + \
136 S0(W[t - 15]) + W[t - 16] \
139 #define P(a,b,c,d,e,f,g,h,x,K) \
141 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
142 temp2 = S2(a) + F0(a,b,c); \
143 d += temp1; h = temp1 + temp2; \
155 P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 );
156 P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 );
157 P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF );
158 P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 );
159 P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B );
160 P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 );
161 P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 );
162 P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 );
163 P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 );
164 P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 );
165 P( G, H, A, B, C, D, E, F, W[10], 0x243185BE );
166 P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 );
167 P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 );
168 P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE );
169 P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 );
170 P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 );
171 P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 );
172 P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 );
173 P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 );
174 P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC );
175 P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F );
176 P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA );
177 P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC );
178 P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA );
179 P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 );
180 P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D );
181 P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 );
182 P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 );
183 P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 );
184 P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 );
185 P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 );
186 P( B, C, D, E, F, G, H, A, R(31), 0x14292967 );
187 P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 );
188 P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 );
189 P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC );
190 P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 );
191 P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 );
192 P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB );
193 P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E );
194 P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 );
195 P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 );
196 P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B );
197 P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 );
198 P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 );
199 P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 );
200 P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 );
201 P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 );
202 P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 );
203 P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 );
204 P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 );
205 P( G, H, A, B, C, D, E, F, R(50), 0x2748774C );
206 P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 );
207 P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 );
208 P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A );
209 P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F );
210 P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 );
211 P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE );
212 P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F );
213 P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 );
214 P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 );
215 P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA );
216 P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB );
217 P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 );
218 P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 );
231 * SHA-256 process buffer
233 void sha2_update( sha2_context *ctx, const unsigned char *input, int ilen )
241 left = ctx->total[0] & 0x3F;
244 ctx->total[0] += ilen;
245 ctx->total[0] &= 0xFFFFFFFF;
247 if( ctx->total[0] < (unsigned long) ilen )
250 if( left && ilen >= fill )
252 memcpy( (void *) (ctx->buffer + left),
253 (void *) input, fill );
254 sha2_process( ctx, ctx->buffer );
262 sha2_process( ctx, input );
269 memcpy( (void *) (ctx->buffer + left),
270 (void *) input, ilen );
274 static const unsigned char sha2_padding[64] =
276 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
277 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
278 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
279 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
283 * SHA-256 final digest
285 void sha2_finish( sha2_context *ctx, unsigned char output[32] )
287 unsigned long last, padn;
288 unsigned long high, low;
289 unsigned char msglen[8];
291 high = ( ctx->total[0] >> 29 )
292 | ( ctx->total[1] << 3 );
293 low = ( ctx->total[0] << 3 );
295 PUT_ULONG_BE( high, msglen, 0 );
296 PUT_ULONG_BE( low, msglen, 4 );
298 last = ctx->total[0] & 0x3F;
299 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
301 sha2_update( ctx, (unsigned char *) sha2_padding, padn );
302 sha2_update( ctx, msglen, 8 );
304 PUT_ULONG_BE( ctx->state[0], output, 0 );
305 PUT_ULONG_BE( ctx->state[1], output, 4 );
306 PUT_ULONG_BE( ctx->state[2], output, 8 );
307 PUT_ULONG_BE( ctx->state[3], output, 12 );
308 PUT_ULONG_BE( ctx->state[4], output, 16 );
309 PUT_ULONG_BE( ctx->state[5], output, 20 );
310 PUT_ULONG_BE( ctx->state[6], output, 24 );
312 if( ctx->is224 == 0 )
313 PUT_ULONG_BE( ctx->state[7], output, 28 );
317 * output = SHA-256( input buffer )
319 void sha2( const unsigned char *input, int ilen,
320 unsigned char output[32], int is224 )
324 sha2_starts( &ctx, is224 );
325 sha2_update( &ctx, input, ilen );
326 sha2_finish( &ctx, output );
328 memset( &ctx, 0, sizeof( sha2_context ) );
332 * output = SHA-256( file contents )
334 int sha2_file( const char *path, unsigned char output[32], int is224 )
339 unsigned char buf[1024];
341 if( ( f = fopen( path, "rb" ) ) == NULL )
344 sha2_starts( &ctx, is224 );
346 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
347 sha2_update( &ctx, buf, (int) n );
349 sha2_finish( &ctx, output );
351 memset( &ctx, 0, sizeof( sha2_context ) );
353 if( ferror( f ) != 0 )
364 * SHA-256 HMAC context setup
366 void sha2_hmac_starts( sha2_context *ctx, const unsigned char *key, int keylen,
370 unsigned char sum[32];
374 sha2( key, keylen, sum, is224 );
375 keylen = ( is224 ) ? 28 : 32;
379 memset( ctx->ipad, 0x36, 64 );
380 memset( ctx->opad, 0x5C, 64 );
382 for( i = 0; i < keylen; i++ )
384 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
385 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
388 sha2_starts( ctx, is224 );
389 sha2_update( ctx, ctx->ipad, 64 );
391 memset( sum, 0, sizeof( sum ) );
395 * SHA-256 HMAC process buffer
397 void sha2_hmac_update( sha2_context *ctx, const unsigned char *input, int ilen )
399 sha2_update( ctx, input, ilen );
403 * SHA-256 HMAC final digest
405 void sha2_hmac_finish( sha2_context *ctx, unsigned char output[32] )
408 unsigned char tmpbuf[32];
411 hlen = ( is224 == 0 ) ? 32 : 28;
413 sha2_finish( ctx, tmpbuf );
414 sha2_starts( ctx, is224 );
415 sha2_update( ctx, ctx->opad, 64 );
416 sha2_update( ctx, tmpbuf, hlen );
417 sha2_finish( ctx, output );
419 memset( tmpbuf, 0, sizeof( tmpbuf ) );
423 * SHA-256 HMAC context reset
425 void sha2_hmac_reset( sha2_context *ctx )
427 sha2_starts( ctx, ctx->is224 );
428 sha2_update( ctx, ctx->ipad, 64 );
432 * output = HMAC-SHA-256( hmac key, input buffer )
434 void sha2_hmac( const unsigned char *key, int keylen,
435 const unsigned char *input, int ilen,
436 unsigned char output[32], int is224 )
440 sha2_hmac_starts( &ctx, key, keylen, is224 );
441 sha2_hmac_update( &ctx, input, ilen );
442 sha2_hmac_finish( &ctx, output );
444 memset( &ctx, 0, sizeof( sha2_context ) );
447 #if defined(POLARSSL_SELF_TEST)
449 * FIPS-180-2 test vectors
451 static unsigned char sha2_test_buf[3][57] =
454 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
458 static const int sha2_test_buflen[3] =
463 static const unsigned char sha2_test_sum[6][32] =
466 * SHA-224 test vectors
468 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
469 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
470 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
471 0xE3, 0x6C, 0x9D, 0xA7 },
472 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
473 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
474 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
475 0x52, 0x52, 0x25, 0x25 },
476 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
477 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
478 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
479 0x4E, 0xE7, 0xAD, 0x67 },
482 * SHA-256 test vectors
484 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
485 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
486 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
487 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
488 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
489 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
490 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
491 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
492 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
493 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
494 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
495 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
499 * RFC 4231 test vectors
501 static unsigned char sha2_hmac_test_key[7][26] =
503 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
504 "\x0B\x0B\x0B\x0B" },
506 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
507 "\xAA\xAA\xAA\xAA" },
508 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
509 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
510 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
511 "\x0C\x0C\x0C\x0C" },
512 { "" }, /* 0xAA 131 times */
516 static const int sha2_hmac_test_keylen[7] =
518 20, 4, 20, 25, 20, 131, 131
521 static unsigned char sha2_hmac_test_buf[7][153] =
524 { "what do ya want for nothing?" },
525 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
526 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
527 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
528 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
529 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
530 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
531 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
532 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
533 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
534 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
535 { "Test With Truncation" },
536 { "Test Using Larger Than Block-Size Key - Hash Key First" },
537 { "This is a test using a larger than block-size key "
538 "and a larger than block-size data. The key needs to "
539 "be hashed before being used by the HMAC algorithm." }
542 static const int sha2_hmac_test_buflen[7] =
544 8, 28, 50, 50, 20, 54, 152
547 static const unsigned char sha2_hmac_test_sum[14][32] =
550 * HMAC-SHA-224 test vectors
552 { 0x89, 0x6F, 0xB1, 0x12, 0x8A, 0xBB, 0xDF, 0x19,
553 0x68, 0x32, 0x10, 0x7C, 0xD4, 0x9D, 0xF3, 0x3F,
554 0x47, 0xB4, 0xB1, 0x16, 0x99, 0x12, 0xBA, 0x4F,
555 0x53, 0x68, 0x4B, 0x22 },
556 { 0xA3, 0x0E, 0x01, 0x09, 0x8B, 0xC6, 0xDB, 0xBF,
557 0x45, 0x69, 0x0F, 0x3A, 0x7E, 0x9E, 0x6D, 0x0F,
558 0x8B, 0xBE, 0xA2, 0xA3, 0x9E, 0x61, 0x48, 0x00,
559 0x8F, 0xD0, 0x5E, 0x44 },
560 { 0x7F, 0xB3, 0xCB, 0x35, 0x88, 0xC6, 0xC1, 0xF6,
561 0xFF, 0xA9, 0x69, 0x4D, 0x7D, 0x6A, 0xD2, 0x64,
562 0x93, 0x65, 0xB0, 0xC1, 0xF6, 0x5D, 0x69, 0xD1,
563 0xEC, 0x83, 0x33, 0xEA },
564 { 0x6C, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3C, 0xAC,
565 0x6A, 0x2A, 0xBC, 0x1B, 0xB3, 0x82, 0x62, 0x7C,
566 0xEC, 0x6A, 0x90, 0xD8, 0x6E, 0xFC, 0x01, 0x2D,
567 0xE7, 0xAF, 0xEC, 0x5A },
568 { 0x0E, 0x2A, 0xEA, 0x68, 0xA9, 0x0C, 0x8D, 0x37,
569 0xC9, 0x88, 0xBC, 0xDB, 0x9F, 0xCA, 0x6F, 0xA8 },
570 { 0x95, 0xE9, 0xA0, 0xDB, 0x96, 0x20, 0x95, 0xAD,
571 0xAE, 0xBE, 0x9B, 0x2D, 0x6F, 0x0D, 0xBC, 0xE2,
572 0xD4, 0x99, 0xF1, 0x12, 0xF2, 0xD2, 0xB7, 0x27,
573 0x3F, 0xA6, 0x87, 0x0E },
574 { 0x3A, 0x85, 0x41, 0x66, 0xAC, 0x5D, 0x9F, 0x02,
575 0x3F, 0x54, 0xD5, 0x17, 0xD0, 0xB3, 0x9D, 0xBD,
576 0x94, 0x67, 0x70, 0xDB, 0x9C, 0x2B, 0x95, 0xC9,
577 0xF6, 0xF5, 0x65, 0xD1 },
580 * HMAC-SHA-256 test vectors
582 { 0xB0, 0x34, 0x4C, 0x61, 0xD8, 0xDB, 0x38, 0x53,
583 0x5C, 0xA8, 0xAF, 0xCE, 0xAF, 0x0B, 0xF1, 0x2B,
584 0x88, 0x1D, 0xC2, 0x00, 0xC9, 0x83, 0x3D, 0xA7,
585 0x26, 0xE9, 0x37, 0x6C, 0x2E, 0x32, 0xCF, 0xF7 },
586 { 0x5B, 0xDC, 0xC1, 0x46, 0xBF, 0x60, 0x75, 0x4E,
587 0x6A, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xC7,
588 0x5A, 0x00, 0x3F, 0x08, 0x9D, 0x27, 0x39, 0x83,
589 0x9D, 0xEC, 0x58, 0xB9, 0x64, 0xEC, 0x38, 0x43 },
590 { 0x77, 0x3E, 0xA9, 0x1E, 0x36, 0x80, 0x0E, 0x46,
591 0x85, 0x4D, 0xB8, 0xEB, 0xD0, 0x91, 0x81, 0xA7,
592 0x29, 0x59, 0x09, 0x8B, 0x3E, 0xF8, 0xC1, 0x22,
593 0xD9, 0x63, 0x55, 0x14, 0xCE, 0xD5, 0x65, 0xFE },
594 { 0x82, 0x55, 0x8A, 0x38, 0x9A, 0x44, 0x3C, 0x0E,
595 0xA4, 0xCC, 0x81, 0x98, 0x99, 0xF2, 0x08, 0x3A,
596 0x85, 0xF0, 0xFA, 0xA3, 0xE5, 0x78, 0xF8, 0x07,
597 0x7A, 0x2E, 0x3F, 0xF4, 0x67, 0x29, 0x66, 0x5B },
598 { 0xA3, 0xB6, 0x16, 0x74, 0x73, 0x10, 0x0E, 0xE0,
599 0x6E, 0x0C, 0x79, 0x6C, 0x29, 0x55, 0x55, 0x2B },
600 { 0x60, 0xE4, 0x31, 0x59, 0x1E, 0xE0, 0xB6, 0x7F,
601 0x0D, 0x8A, 0x26, 0xAA, 0xCB, 0xF5, 0xB7, 0x7F,
602 0x8E, 0x0B, 0xC6, 0x21, 0x37, 0x28, 0xC5, 0x14,
603 0x05, 0x46, 0x04, 0x0F, 0x0E, 0xE3, 0x7F, 0x54 },
604 { 0x9B, 0x09, 0xFF, 0xA7, 0x1B, 0x94, 0x2F, 0xCB,
605 0x27, 0x63, 0x5F, 0xBC, 0xD5, 0xB0, 0xE9, 0x44,
606 0xBF, 0xDC, 0x63, 0x64, 0x4F, 0x07, 0x13, 0x93,
607 0x8A, 0x7F, 0x51, 0x53, 0x5C, 0x3A, 0x35, 0xE2 }
613 int sha2_self_test( int verbose )
616 unsigned char buf[1024];
617 unsigned char sha2sum[32];
620 for( i = 0; i < 6; i++ )
626 printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
628 sha2_starts( &ctx, k );
632 memset( buf, 'a', buflen = 1000 );
634 for( j = 0; j < 1000; j++ )
635 sha2_update( &ctx, buf, buflen );
638 sha2_update( &ctx, sha2_test_buf[j],
639 sha2_test_buflen[j] );
641 sha2_finish( &ctx, sha2sum );
643 if( memcmp( sha2sum, sha2_test_sum[i], 32 - k * 4 ) != 0 )
646 printf( "failed\n" );
652 printf( "passed\n" );
658 for( i = 0; i < 14; i++ )
664 printf( " HMAC-SHA-%d test #%d: ", 256 - k * 32, j + 1 );
666 if( j == 5 || j == 6 )
668 memset( buf, '\xAA', buflen = 131 );
669 sha2_hmac_starts( &ctx, buf, buflen, k );
672 sha2_hmac_starts( &ctx, sha2_hmac_test_key[j],
673 sha2_hmac_test_keylen[j], k );
675 sha2_hmac_update( &ctx, sha2_hmac_test_buf[j],
676 sha2_hmac_test_buflen[j] );
678 sha2_hmac_finish( &ctx, sha2sum );
680 buflen = ( j == 4 ) ? 16 : 32 - k * 4;
682 if( memcmp( sha2sum, sha2_hmac_test_sum[i], buflen ) != 0 )
685 printf( "failed\n" );
691 printf( "passed\n" );
git://git.exim.org / users / heiko / exim.git / blob