Blame - library/sha256.c - third_party/github/ARMmbed/mbedtls

blob: e4d48427df365f85644fef18d36db368255d3dd9 [file] [log] [blame]

Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1	/*
				2	* FIPS-180-2 compliant SHA-256 implementation
				3	*
Paul Bakker	90995b5	2013-06-24 19:20:35 +0200	[diff] [blame]	4	* Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	5	*
				6	* This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker	84f12b7	2010-07-18 10:13:04 +0000	[diff] [blame]	7	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	8	*
Paul Bakker	77b385e	2009-07-28 17:23:11 +0000	[diff] [blame]	9	* All rights reserved.
Paul Bakker	e0ccd0a	2009-01-04 16:27:10 +0000	[diff] [blame]	10	*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	11	* This program is free software; you can redistribute it and/or modify
				12	* it under the terms of the GNU General Public License as published by
				13	* the Free Software Foundation; either version 2 of the License, or
				14	* (at your option) any later version.
				15	*
				16	* This program is distributed in the hope that it will be useful,
				17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				19	* GNU General Public License for more details.
				20	*
				21	* You should have received a copy of the GNU General Public License along
				22	* with this program; if not, write to the Free Software Foundation, Inc.,
				23	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				24	*/
				25	/*
				26	* The SHA-256 Secure Hash Standard was published by NIST in 2002.
				27	*
				28	* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
				29	*/
				30
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	31	#include "polarssl/config.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	32
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	33	#if defined(POLARSSL_SHA256_C)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	34
Paul Bakker	d2681d8	2013-06-30 14:49:12 +0200	[diff] [blame]	35	#include "polarssl/sha256.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	36
Paul Bakker	335db3f	2011-04-25 15:28:35 +0000	[diff] [blame]	37	#if defined(POLARSSL_FS_IO) \|\| defined(POLARSSL_SELF_TEST)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	38	#include <stdio.h>
Paul Bakker	335db3f	2011-04-25 15:28:35 +0000	[diff] [blame]	39	#endif
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	40
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	41	#if !defined(POLARSSL_SHA256_ALT)
Paul Bakker	90995b5	2013-06-24 19:20:35 +0200	[diff] [blame]	42
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	43	/*
				44	* 32-bit integer manipulation macros (big endian)
				45	*/
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	46	#ifndef GET_UINT32_BE
				47	#define GET_UINT32_BE(n,b,i) \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	48	{ \
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	49	(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
				50	\| ( (uint32_t) (b)[(i) + 1] << 16 ) \
				51	\| ( (uint32_t) (b)[(i) + 2] << 8 ) \
				52	\| ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	53	}
				54	#endif
				55
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	56	#ifndef PUT_UINT32_BE
				57	#define PUT_UINT32_BE(n,b,i) \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	58	{ \
				59	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
				60	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
				61	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
				62	(b)[(i) + 3] = (unsigned char) ( (n) ); \
				63	}
				64	#endif
				65
				66	/*
				67	* SHA-256 context setup
				68	*/
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	69	void sha256_starts( sha256_context *ctx, int is224 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	70	{
				71	ctx->total[0] = 0;
				72	ctx->total[1] = 0;
				73
				74	if( is224 == 0 )
				75	{
				76	/* SHA-256 */
				77	ctx->state[0] = 0x6A09E667;
				78	ctx->state[1] = 0xBB67AE85;
				79	ctx->state[2] = 0x3C6EF372;
				80	ctx->state[3] = 0xA54FF53A;
				81	ctx->state[4] = 0x510E527F;
				82	ctx->state[5] = 0x9B05688C;
				83	ctx->state[6] = 0x1F83D9AB;
				84	ctx->state[7] = 0x5BE0CD19;
				85	}
				86	else
				87	{
				88	/* SHA-224 */
				89	ctx->state[0] = 0xC1059ED8;
				90	ctx->state[1] = 0x367CD507;
				91	ctx->state[2] = 0x3070DD17;
				92	ctx->state[3] = 0xF70E5939;
				93	ctx->state[4] = 0xFFC00B31;
				94	ctx->state[5] = 0x68581511;
				95	ctx->state[6] = 0x64F98FA7;
				96	ctx->state[7] = 0xBEFA4FA4;
				97	}
				98
				99	ctx->is224 = is224;
				100	}
				101
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	102	void sha256_process( sha256_context *ctx, const unsigned char data[64] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	103	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	104	uint32_t temp1, temp2, W[64];
				105	uint32_t A, B, C, D, E, F, G, H;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	106
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	107	GET_UINT32_BE( W[ 0], data, 0 );
				108	GET_UINT32_BE( W[ 1], data, 4 );
				109	GET_UINT32_BE( W[ 2], data, 8 );
				110	GET_UINT32_BE( W[ 3], data, 12 );
				111	GET_UINT32_BE( W[ 4], data, 16 );
				112	GET_UINT32_BE( W[ 5], data, 20 );
				113	GET_UINT32_BE( W[ 6], data, 24 );
				114	GET_UINT32_BE( W[ 7], data, 28 );
				115	GET_UINT32_BE( W[ 8], data, 32 );
				116	GET_UINT32_BE( W[ 9], data, 36 );
				117	GET_UINT32_BE( W[10], data, 40 );
				118	GET_UINT32_BE( W[11], data, 44 );
				119	GET_UINT32_BE( W[12], data, 48 );
				120	GET_UINT32_BE( W[13], data, 52 );
				121	GET_UINT32_BE( W[14], data, 56 );
				122	GET_UINT32_BE( W[15], data, 60 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	123
				124	#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
				125	#define ROTR(x,n) (SHR(x,n) \| (x << (32 - n)))
				126
				127	#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
				128	#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
				129
				130	#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
				131	#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
				132
				133	#define F0(x,y,z) ((x & y) \| (z & (x \| y)))
				134	#define F1(x,y,z) (z ^ (x & (y ^ z)))
				135
				136	#define R(t) \
				137	( \
				138	W[t] = S1(W[t - 2]) + W[t - 7] + \
				139	S0(W[t - 15]) + W[t - 16] \
				140	)
				141
				142	#define P(a,b,c,d,e,f,g,h,x,K) \
				143	{ \
				144	temp1 = h + S3(e) + F1(e,f,g) + K + x; \
				145	temp2 = S2(a) + F0(a,b,c); \
				146	d += temp1; h = temp1 + temp2; \
				147	}
				148
				149	A = ctx->state[0];
				150	B = ctx->state[1];
				151	C = ctx->state[2];
				152	D = ctx->state[3];
				153	E = ctx->state[4];
				154	F = ctx->state[5];
				155	G = ctx->state[6];
				156	H = ctx->state[7];
				157
				158	P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 );
				159	P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 );
				160	P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF );
				161	P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 );
				162	P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B );
				163	P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 );
				164	P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 );
				165	P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 );
				166	P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 );
				167	P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 );
				168	P( G, H, A, B, C, D, E, F, W[10], 0x243185BE );
				169	P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 );
				170	P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 );
				171	P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE );
				172	P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 );
				173	P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 );
				174	P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 );
				175	P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 );
				176	P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 );
				177	P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC );
				178	P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F );
				179	P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA );
				180	P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC );
				181	P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA );
				182	P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 );
				183	P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D );
				184	P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 );
				185	P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 );
				186	P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 );
				187	P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 );
				188	P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 );
				189	P( B, C, D, E, F, G, H, A, R(31), 0x14292967 );
				190	P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 );
				191	P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 );
				192	P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC );
				193	P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 );
				194	P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 );
				195	P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB );
				196	P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E );
				197	P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 );
				198	P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 );
				199	P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B );
				200	P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 );
				201	P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 );
				202	P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 );
				203	P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 );
				204	P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 );
				205	P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 );
				206	P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 );
				207	P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 );
				208	P( G, H, A, B, C, D, E, F, R(50), 0x2748774C );
				209	P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 );
				210	P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 );
				211	P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A );
				212	P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F );
				213	P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 );
				214	P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE );
				215	P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F );
				216	P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 );
				217	P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 );
				218	P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA );
				219	P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB );
				220	P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 );
				221	P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 );
				222
				223	ctx->state[0] += A;
				224	ctx->state[1] += B;
				225	ctx->state[2] += C;
				226	ctx->state[3] += D;
				227	ctx->state[4] += E;
				228	ctx->state[5] += F;
				229	ctx->state[6] += G;
				230	ctx->state[7] += H;
				231	}
				232
				233	/*
				234	* SHA-256 process buffer
				235	*/
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	236	void sha256_update( sha256_context ctx, const unsigned char input, size_t ilen )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	237	{
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	238	size_t fill;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	239	uint32_t left;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	240
				241	if( ilen <= 0 )
				242	return;
				243
				244	left = ctx->total[0] & 0x3F;
				245	fill = 64 - left;
				246
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	247	ctx->total[0] += (uint32_t) ilen;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	248	ctx->total[0] &= 0xFFFFFFFF;
				249
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	250	if( ctx->total[0] < (uint32_t) ilen )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	251	ctx->total[1]++;
				252
				253	if( left && ilen >= fill )
				254	{
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	255	memcpy( (void *) (ctx->buffer + left), input, fill );
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	256	sha256_process( ctx, ctx->buffer );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	257	input += fill;
				258	ilen -= fill;
				259	left = 0;
				260	}
				261
				262	while( ilen >= 64 )
				263	{
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	264	sha256_process( ctx, input );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	265	input += 64;
				266	ilen -= 64;
				267	}
				268
				269	if( ilen > 0 )
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	270	memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	271	}
				272
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	273	static const unsigned char sha256_padding[64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	274	{
				275	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
				276	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
				277	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
				278	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
				279	};
				280
				281	/*
				282	* SHA-256 final digest
				283	*/
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	284	void sha256_finish( sha256_context *ctx, unsigned char output[32] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	285	{
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	286	uint32_t last, padn;
				287	uint32_t high, low;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	288	unsigned char msglen[8];
				289
				290	high = ( ctx->total[0] >> 29 )
				291	\| ( ctx->total[1] << 3 );
				292	low = ( ctx->total[0] << 3 );
				293
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	294	PUT_UINT32_BE( high, msglen, 0 );
				295	PUT_UINT32_BE( low, msglen, 4 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	296
				297	last = ctx->total[0] & 0x3F;
				298	padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
				299
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	300	sha256_update( ctx, sha256_padding, padn );
				301	sha256_update( ctx, msglen, 8 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	302
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	303	PUT_UINT32_BE( ctx->state[0], output, 0 );
				304	PUT_UINT32_BE( ctx->state[1], output, 4 );
				305	PUT_UINT32_BE( ctx->state[2], output, 8 );
				306	PUT_UINT32_BE( ctx->state[3], output, 12 );
				307	PUT_UINT32_BE( ctx->state[4], output, 16 );
				308	PUT_UINT32_BE( ctx->state[5], output, 20 );
				309	PUT_UINT32_BE( ctx->state[6], output, 24 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	310
				311	if( ctx->is224 == 0 )
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	312	PUT_UINT32_BE( ctx->state[7], output, 28 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	313	}
				314
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	315	#endif /* !POLARSSL_SHA256_ALT */
Paul Bakker	90995b5	2013-06-24 19:20:35 +0200	[diff] [blame]	316
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	317	/*
				318	* output = SHA-256( input buffer )
				319	*/
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	320	void sha256( const unsigned char *input, size_t ilen,
				321	unsigned char output[32], int is224 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	322	{
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	323	sha256_context ctx;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	324
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	325	sha256_starts( &ctx, is224 );
				326	sha256_update( &ctx, input, ilen );
				327	sha256_finish( &ctx, output );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	328
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	329	memset( &ctx, 0, sizeof( sha256_context ) );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	330	}
				331
Paul Bakker	335db3f	2011-04-25 15:28:35 +0000	[diff] [blame]	332	#if defined(POLARSSL_FS_IO)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	333	/*
				334	* output = SHA-256( file contents )
				335	*/
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	336	int sha256_file( const char *path, unsigned char output[32], int is224 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	337	{
				338	FILE *f;
				339	size_t n;
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	340	sha256_context ctx;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	341	unsigned char buf[1024];
				342
				343	if( ( f = fopen( path, "rb" ) ) == NULL )
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	344	return( POLARSSL_ERR_SHA256_FILE_IO_ERROR );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	345
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	346	sha256_starts( &ctx, is224 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	347
				348	while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	349	sha256_update( &ctx, buf, n );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	350
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	351	sha256_finish( &ctx, output );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	352
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	353	memset( &ctx, 0, sizeof( sha256_context ) );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	354
				355	if( ferror( f ) != 0 )
				356	{
				357	fclose( f );
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	358	return( POLARSSL_ERR_SHA256_FILE_IO_ERROR );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	359	}
				360
				361	fclose( f );
				362	return( 0 );
				363	}
Paul Bakker	335db3f	2011-04-25 15:28:35 +0000	[diff] [blame]	364	#endif /* POLARSSL_FS_IO */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	365
				366	/*
				367	* SHA-256 HMAC context setup
				368	*/
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	369	void sha256_hmac_starts( sha256_context ctx, const unsigned char key,
				370	size_t keylen, int is224 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	371	{
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	372	size_t i;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	373	unsigned char sum[32];
				374
				375	if( keylen > 64 )
				376	{
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	377	sha256( key, keylen, sum, is224 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	378	keylen = ( is224 ) ? 28 : 32;
				379	key = sum;
				380	}
				381
				382	memset( ctx->ipad, 0x36, 64 );
				383	memset( ctx->opad, 0x5C, 64 );
				384
				385	for( i = 0; i < keylen; i++ )
				386	{
				387	ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
				388	ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
				389	}
				390
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	391	sha256_starts( ctx, is224 );
				392	sha256_update( ctx, ctx->ipad, 64 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	393
				394	memset( sum, 0, sizeof( sum ) );
				395	}
				396
				397	/*
				398	* SHA-256 HMAC process buffer
				399	*/
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	400	void sha256_hmac_update( sha256_context ctx, const unsigned char input, size_t ilen )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	401	{
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	402	sha256_update( ctx, input, ilen );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	403	}
				404
				405	/*
				406	* SHA-256 HMAC final digest
				407	*/
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	408	void sha256_hmac_finish( sha256_context *ctx, unsigned char output[32] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	409	{
				410	int is224, hlen;
				411	unsigned char tmpbuf[32];
				412
				413	is224 = ctx->is224;
				414	hlen = ( is224 == 0 ) ? 32 : 28;
				415
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	416	sha256_finish( ctx, tmpbuf );
				417	sha256_starts( ctx, is224 );
				418	sha256_update( ctx, ctx->opad, 64 );
				419	sha256_update( ctx, tmpbuf, hlen );
				420	sha256_finish( ctx, output );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	421
				422	memset( tmpbuf, 0, sizeof( tmpbuf ) );
				423	}
				424
				425	/*
Paul Bakker	7d3b661	2010-03-21 16:23:13 +0000	[diff] [blame]	426	* SHA-256 HMAC context reset
				427	*/
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	428	void sha256_hmac_reset( sha256_context *ctx )
Paul Bakker	7d3b661	2010-03-21 16:23:13 +0000	[diff] [blame]	429	{
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	430	sha256_starts( ctx, ctx->is224 );
				431	sha256_update( ctx, ctx->ipad, 64 );
Paul Bakker	7d3b661	2010-03-21 16:23:13 +0000	[diff] [blame]	432	}
				433
				434	/*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	435	* output = HMAC-SHA-256( hmac key, input buffer )
				436	*/
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	437	void sha256_hmac( const unsigned char *key, size_t keylen,
				438	const unsigned char *input, size_t ilen,
				439	unsigned char output[32], int is224 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	440	{
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	441	sha256_context ctx;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	442
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	443	sha256_hmac_starts( &ctx, key, keylen, is224 );
				444	sha256_hmac_update( &ctx, input, ilen );
				445	sha256_hmac_finish( &ctx, output );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	446
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	447	memset( &ctx, 0, sizeof( sha256_context ) );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	448	}
				449
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	450	#if defined(POLARSSL_SELF_TEST)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	451	/*
				452	* FIPS-180-2 test vectors
				453	*/
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	454	static unsigned char sha256_test_buf[3][57] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	455	{
				456	{ "abc" },
				457	{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
				458	{ "" }
				459	};
				460
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	461	static const int sha256_test_buflen[3] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	462	{
				463	3, 56, 1000
				464	};
				465
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	466	static const unsigned char sha256_test_sum[6][32] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	467	{
				468	/*
				469	* SHA-224 test vectors
				470	*/
				471	{ 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
				472	0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
				473	0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
				474	0xE3, 0x6C, 0x9D, 0xA7 },
				475	{ 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
				476	0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
				477	0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
				478	0x52, 0x52, 0x25, 0x25 },
				479	{ 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
				480	0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
				481	0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
				482	0x4E, 0xE7, 0xAD, 0x67 },
				483
				484	/*
				485	* SHA-256 test vectors
				486	*/
				487	{ 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
				488	0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
				489	0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
				490	0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
				491	{ 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
				492	0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
				493	0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
				494	0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
				495	{ 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
				496	0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
				497	0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
				498	0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
				499	};
				500
				501	/*
				502	* RFC 4231 test vectors
				503	*/
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	504	static unsigned char sha256_hmac_test_key[7][26] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	505	{
				506	{ "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
				507	"\x0B\x0B\x0B\x0B" },
				508	{ "Jefe" },
				509	{ "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
				510	"\xAA\xAA\xAA\xAA" },
				511	{ "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
				512	"\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
				513	{ "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
				514	"\x0C\x0C\x0C\x0C" },
				515	{ "" }, /* 0xAA 131 times */
				516	{ "" }
				517	};
				518
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	519	static const int sha256_hmac_test_keylen[7] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	520	{
				521	20, 4, 20, 25, 20, 131, 131
				522	};
				523
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	524	static unsigned char sha256_hmac_test_buf[7][153] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	525	{
				526	{ "Hi There" },
				527	{ "what do ya want for nothing?" },
				528	{ "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
				529	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
				530	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
				531	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
				532	"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
				533	{ "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
				534	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
				535	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
				536	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
				537	"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
				538	{ "Test With Truncation" },
				539	{ "Test Using Larger Than Block-Size Key - Hash Key First" },
				540	{ "This is a test using a larger than block-size key "
				541	"and a larger than block-size data. The key needs to "
				542	"be hashed before being used by the HMAC algorithm." }
				543	};
				544
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	545	static const int sha256_hmac_test_buflen[7] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	546	{
				547	8, 28, 50, 50, 20, 54, 152
				548	};
				549
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	550	static const unsigned char sha256_hmac_test_sum[14][32] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	551	{
				552	/*
				553	* HMAC-SHA-224 test vectors
				554	*/
				555	{ 0x89, 0x6F, 0xB1, 0x12, 0x8A, 0xBB, 0xDF, 0x19,
				556	0x68, 0x32, 0x10, 0x7C, 0xD4, 0x9D, 0xF3, 0x3F,
				557	0x47, 0xB4, 0xB1, 0x16, 0x99, 0x12, 0xBA, 0x4F,
				558	0x53, 0x68, 0x4B, 0x22 },
				559	{ 0xA3, 0x0E, 0x01, 0x09, 0x8B, 0xC6, 0xDB, 0xBF,
				560	0x45, 0x69, 0x0F, 0x3A, 0x7E, 0x9E, 0x6D, 0x0F,
				561	0x8B, 0xBE, 0xA2, 0xA3, 0x9E, 0x61, 0x48, 0x00,
				562	0x8F, 0xD0, 0x5E, 0x44 },
				563	{ 0x7F, 0xB3, 0xCB, 0x35, 0x88, 0xC6, 0xC1, 0xF6,
				564	0xFF, 0xA9, 0x69, 0x4D, 0x7D, 0x6A, 0xD2, 0x64,
				565	0x93, 0x65, 0xB0, 0xC1, 0xF6, 0x5D, 0x69, 0xD1,
				566	0xEC, 0x83, 0x33, 0xEA },
				567	{ 0x6C, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3C, 0xAC,
				568	0x6A, 0x2A, 0xBC, 0x1B, 0xB3, 0x82, 0x62, 0x7C,
				569	0xEC, 0x6A, 0x90, 0xD8, 0x6E, 0xFC, 0x01, 0x2D,
				570	0xE7, 0xAF, 0xEC, 0x5A },
				571	{ 0x0E, 0x2A, 0xEA, 0x68, 0xA9, 0x0C, 0x8D, 0x37,
				572	0xC9, 0x88, 0xBC, 0xDB, 0x9F, 0xCA, 0x6F, 0xA8 },
				573	{ 0x95, 0xE9, 0xA0, 0xDB, 0x96, 0x20, 0x95, 0xAD,
				574	0xAE, 0xBE, 0x9B, 0x2D, 0x6F, 0x0D, 0xBC, 0xE2,
				575	0xD4, 0x99, 0xF1, 0x12, 0xF2, 0xD2, 0xB7, 0x27,
				576	0x3F, 0xA6, 0x87, 0x0E },
				577	{ 0x3A, 0x85, 0x41, 0x66, 0xAC, 0x5D, 0x9F, 0x02,
				578	0x3F, 0x54, 0xD5, 0x17, 0xD0, 0xB3, 0x9D, 0xBD,
				579	0x94, 0x67, 0x70, 0xDB, 0x9C, 0x2B, 0x95, 0xC9,
				580	0xF6, 0xF5, 0x65, 0xD1 },
				581
				582	/*
				583	* HMAC-SHA-256 test vectors
				584	*/
				585	{ 0xB0, 0x34, 0x4C, 0x61, 0xD8, 0xDB, 0x38, 0x53,
				586	0x5C, 0xA8, 0xAF, 0xCE, 0xAF, 0x0B, 0xF1, 0x2B,
				587	0x88, 0x1D, 0xC2, 0x00, 0xC9, 0x83, 0x3D, 0xA7,
				588	0x26, 0xE9, 0x37, 0x6C, 0x2E, 0x32, 0xCF, 0xF7 },
				589	{ 0x5B, 0xDC, 0xC1, 0x46, 0xBF, 0x60, 0x75, 0x4E,
				590	0x6A, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xC7,
				591	0x5A, 0x00, 0x3F, 0x08, 0x9D, 0x27, 0x39, 0x83,
				592	0x9D, 0xEC, 0x58, 0xB9, 0x64, 0xEC, 0x38, 0x43 },
				593	{ 0x77, 0x3E, 0xA9, 0x1E, 0x36, 0x80, 0x0E, 0x46,
				594	0x85, 0x4D, 0xB8, 0xEB, 0xD0, 0x91, 0x81, 0xA7,
				595	0x29, 0x59, 0x09, 0x8B, 0x3E, 0xF8, 0xC1, 0x22,
				596	0xD9, 0x63, 0x55, 0x14, 0xCE, 0xD5, 0x65, 0xFE },
				597	{ 0x82, 0x55, 0x8A, 0x38, 0x9A, 0x44, 0x3C, 0x0E,
				598	0xA4, 0xCC, 0x81, 0x98, 0x99, 0xF2, 0x08, 0x3A,
				599	0x85, 0xF0, 0xFA, 0xA3, 0xE5, 0x78, 0xF8, 0x07,
				600	0x7A, 0x2E, 0x3F, 0xF4, 0x67, 0x29, 0x66, 0x5B },
				601	{ 0xA3, 0xB6, 0x16, 0x74, 0x73, 0x10, 0x0E, 0xE0,
				602	0x6E, 0x0C, 0x79, 0x6C, 0x29, 0x55, 0x55, 0x2B },
				603	{ 0x60, 0xE4, 0x31, 0x59, 0x1E, 0xE0, 0xB6, 0x7F,
				604	0x0D, 0x8A, 0x26, 0xAA, 0xCB, 0xF5, 0xB7, 0x7F,
				605	0x8E, 0x0B, 0xC6, 0x21, 0x37, 0x28, 0xC5, 0x14,
				606	0x05, 0x46, 0x04, 0x0F, 0x0E, 0xE3, 0x7F, 0x54 },
				607	{ 0x9B, 0x09, 0xFF, 0xA7, 0x1B, 0x94, 0x2F, 0xCB,
				608	0x27, 0x63, 0x5F, 0xBC, 0xD5, 0xB0, 0xE9, 0x44,
				609	0xBF, 0xDC, 0x63, 0x64, 0x4F, 0x07, 0x13, 0x93,
				610	0x8A, 0x7F, 0x51, 0x53, 0x5C, 0x3A, 0x35, 0xE2 }
				611	};
				612
				613	/*
				614	* Checkup routine
				615	*/
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	616	int sha256_self_test( int verbose )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	617	{
				618	int i, j, k, buflen;
				619	unsigned char buf[1024];
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	620	unsigned char sha256sum[32];
				621	sha256_context ctx;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	622
				623	for( i = 0; i < 6; i++ )
				624	{
				625	j = i % 3;
				626	k = i < 3;
				627
				628	if( verbose != 0 )
				629	printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
				630
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	631	sha256_starts( &ctx, k );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	632
				633	if( j == 2 )
				634	{
				635	memset( buf, 'a', buflen = 1000 );
				636
				637	for( j = 0; j < 1000; j++ )
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	638	sha256_update( &ctx, buf, buflen );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	639	}
				640	else
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	641	sha256_update( &ctx, sha256_test_buf[j],
				642	sha256_test_buflen[j] );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	643
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	644	sha256_finish( &ctx, sha256sum );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	645
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	646	if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	647	{
				648	if( verbose != 0 )
				649	printf( "failed\n" );
				650
				651	return( 1 );
				652	}
				653
				654	if( verbose != 0 )
				655	printf( "passed\n" );
				656	}
				657
				658	if( verbose != 0 )
				659	printf( "\n" );
				660
				661	for( i = 0; i < 14; i++ )
				662	{
				663	j = i % 7;
				664	k = i < 7;
				665
				666	if( verbose != 0 )
				667	printf( " HMAC-SHA-%d test #%d: ", 256 - k * 32, j + 1 );
				668
				669	if( j == 5 \|\| j == 6 )
				670	{
				671	memset( buf, '\xAA', buflen = 131 );
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	672	sha256_hmac_starts( &ctx, buf, buflen, k );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	673	}
				674	else
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	675	sha256_hmac_starts( &ctx, sha256_hmac_test_key[j],
				676	sha256_hmac_test_keylen[j], k );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	677
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	678	sha256_hmac_update( &ctx, sha256_hmac_test_buf[j],
				679	sha256_hmac_test_buflen[j] );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	680
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	681	sha256_hmac_finish( &ctx, sha256sum );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	682
				683	buflen = ( j == 4 ) ? 16 : 32 - k * 4;
				684
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	685	if( memcmp( sha256sum, sha256_hmac_test_sum[i], buflen ) != 0 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	686	{
				687	if( verbose != 0 )
				688	printf( "failed\n" );
				689
				690	return( 1 );
				691	}
				692
				693	if( verbose != 0 )
				694	printf( "passed\n" );
				695	}
				696
				697	if( verbose != 0 )
				698	printf( "\n" );
				699
				700	return( 0 );
				701	}
				702
				703	#endif
				704
				705	#endif