Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / 919f8f5829d286633238e639bd663c6acf220470 / . / library / sha512.c
blob: 1bef2e90cd882428dab5803a1dcb46832faa78fc [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-2 compliant SHA-384/512 implementation
3 *
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]4 * Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
Paul Bakker84f12b72010-07-18 10:13:04 +0000[diff] [blame]7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]8 *
Paul Bakker77b385e2009-07-28 17:23:11 +0000[diff] [blame]9 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +0000[diff] [blame]10 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25/*
26 * The SHA-512 Secure Hash Standard was published by NIST in 2002.
27 *
28 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
29 */
30
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]31#include "polarssl/config.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]32
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]33#if defined(POLARSSL_SHA512_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]34
Paul Bakkerd2681d82013-06-30 14:49:12 +0200[diff] [blame]35#include "polarssl/sha512.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]36
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]37#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]38#include <stdio.h>
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]39#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]40
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]41#if defined(POLARSSL_PLATFORM_C)
42#include "polarssl/platform.h"
43#else
44#define polarssl_printf printf
45#endif
46
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]47#if !defined(POLARSSL_SHA512_ALT)
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]48
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]49/*
50 * 64-bit integer manipulation macros (big endian)
51 */
52#ifndef GET_UINT64_BE
53#define GET_UINT64_BE(n,b,i) \
54{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]55 (n) = ( (uint64_t) (b)[(i) ] << 56 ) \
56 | ( (uint64_t) (b)[(i) + 1] << 48 ) \
57 | ( (uint64_t) (b)[(i) + 2] << 40 ) \
58 | ( (uint64_t) (b)[(i) + 3] << 32 ) \
59 | ( (uint64_t) (b)[(i) + 4] << 24 ) \
60 | ( (uint64_t) (b)[(i) + 5] << 16 ) \
61 | ( (uint64_t) (b)[(i) + 6] << 8 ) \
62 | ( (uint64_t) (b)[(i) + 7] ); \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]63}
64#endif
65
66#ifndef PUT_UINT64_BE
67#define PUT_UINT64_BE(n,b,i) \
68{ \
69 (b)[(i) ] = (unsigned char) ( (n) >> 56 ); \
70 (b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \
71 (b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \
72 (b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \
73 (b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \
74 (b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \
75 (b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \
76 (b)[(i) + 7] = (unsigned char) ( (n) ); \
77}
78#endif
79
80/*
81 * Round constants
82 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]83static const uint64_t K[80] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]84{
85 UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
86 UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
87 UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
88 UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
89 UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
90 UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
91 UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
92 UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
93 UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
94 UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
95 UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
96 UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
97 UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
98 UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
99 UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
100 UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
101 UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
102 UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
103 UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
104 UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
105 UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
106 UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
107 UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
108 UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
109 UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
110 UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
111 UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
112 UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
113 UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
114 UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
115 UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
116 UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
117 UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
118 UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
119 UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
120 UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
121 UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
122 UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
123 UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
124 UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
125};
126
127/*
128 * SHA-512 context setup
129 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]130void sha512_starts( sha512_context *ctx, int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]131{
132 ctx->total[0] = 0;
133 ctx->total[1] = 0;
134
135 if( is384 == 0 )
136 {
137 /* SHA-512 */
138 ctx->state[0] = UL64(0x6A09E667F3BCC908);
139 ctx->state[1] = UL64(0xBB67AE8584CAA73B);
140 ctx->state[2] = UL64(0x3C6EF372FE94F82B);
141 ctx->state[3] = UL64(0xA54FF53A5F1D36F1);
142 ctx->state[4] = UL64(0x510E527FADE682D1);
143 ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
144 ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
145 ctx->state[7] = UL64(0x5BE0CD19137E2179);
146 }
147 else
148 {
149 /* SHA-384 */
150 ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
151 ctx->state[1] = UL64(0x629A292A367CD507);
152 ctx->state[2] = UL64(0x9159015A3070DD17);
153 ctx->state[3] = UL64(0x152FECD8F70E5939);
154 ctx->state[4] = UL64(0x67332667FFC00B31);
155 ctx->state[5] = UL64(0x8EB44A8768581511);
156 ctx->state[6] = UL64(0xDB0C2E0D64F98FA7);
157 ctx->state[7] = UL64(0x47B5481DBEFA4FA4);
158 }
159
160 ctx->is384 = is384;
161}
162
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]163void sha512_process( sha512_context *ctx, const unsigned char data[128] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]164{
165 int i;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]166 uint64_t temp1, temp2, W[80];
167 uint64_t A, B, C, D, E, F, G, H;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]168
169#define SHR(x,n) (x >> n)
170#define ROTR(x,n) (SHR(x,n) | (x << (64 - n)))
171
172#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7))
173#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6))
174
175#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
176#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
177
178#define F0(x,y,z) ((x & y) | (z & (x | y)))
179#define F1(x,y,z) (z ^ (x & (y ^ z)))
180
181#define P(a,b,c,d,e,f,g,h,x,K) \
182{ \
183 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
184 temp2 = S2(a) + F0(a,b,c); \
185 d += temp1; h = temp1 + temp2; \
186}
187
188 for( i = 0; i < 16; i++ )
189 {
190 GET_UINT64_BE( W[i], data, i << 3 );
191 }
192
193 for( ; i < 80; i++ )
194 {
195 W[i] = S1(W[i - 2]) + W[i - 7] +
196 S0(W[i - 15]) + W[i - 16];
197 }
198
199 A = ctx->state[0];
200 B = ctx->state[1];
201 C = ctx->state[2];
202 D = ctx->state[3];
203 E = ctx->state[4];
204 F = ctx->state[5];
205 G = ctx->state[6];
206 H = ctx->state[7];
207 i = 0;
208
209 do
210 {
211 P( A, B, C, D, E, F, G, H, W[i], K[i] ); i++;
212 P( H, A, B, C, D, E, F, G, W[i], K[i] ); i++;
213 P( G, H, A, B, C, D, E, F, W[i], K[i] ); i++;
214 P( F, G, H, A, B, C, D, E, W[i], K[i] ); i++;
215 P( E, F, G, H, A, B, C, D, W[i], K[i] ); i++;
216 P( D, E, F, G, H, A, B, C, W[i], K[i] ); i++;
217 P( C, D, E, F, G, H, A, B, W[i], K[i] ); i++;
218 P( B, C, D, E, F, G, H, A, W[i], K[i] ); i++;
219 }
220 while( i < 80 );
221
222 ctx->state[0] += A;
223 ctx->state[1] += B;
224 ctx->state[2] += C;
225 ctx->state[3] += D;
226 ctx->state[4] += E;
227 ctx->state[5] += F;
228 ctx->state[6] += G;
229 ctx->state[7] += H;
230}
231
232/*
233 * SHA-512 process buffer
234 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]235void sha512_update( sha512_context *ctx, const unsigned char *input, size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]236{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]237 size_t fill;
Paul Bakkerb8213a12011-07-11 08:16:18 +0000[diff] [blame]238 unsigned int left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]239
240 if( ilen <= 0 )
241 return;
242
Paul Bakkerb8213a12011-07-11 08:16:18 +0000[diff] [blame]243 left = (unsigned int) (ctx->total[0] & 0x7F);
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]244 fill = 128 - left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]245
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]246 ctx->total[0] += (uint64_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]247
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]248 if( ctx->total[0] < (uint64_t) ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]249 ctx->total[1]++;
250
251 if( left && ilen >= fill )
252 {
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]253 memcpy( (void *) (ctx->buffer + left), input, fill );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]254 sha512_process( ctx, ctx->buffer );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]255 input += fill;
256 ilen -= fill;
257 left = 0;
258 }
259
260 while( ilen >= 128 )
261 {
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]262 sha512_process( ctx, input );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]263 input += 128;
264 ilen -= 128;
265 }
266
267 if( ilen > 0 )
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]268 memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]269}
270
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]271static const unsigned char sha512_padding[128] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]272{
273 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
274 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
275 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
276 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
277 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
278 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
279 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
280 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
281};
282
283/*
284 * SHA-512 final digest
285 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]286void sha512_finish( sha512_context *ctx, unsigned char output[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]287{
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]288 size_t last, padn;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]289 uint64_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]290 unsigned char msglen[16];
291
292 high = ( ctx->total[0] >> 61 )
293 | ( ctx->total[1] << 3 );
294 low = ( ctx->total[0] << 3 );
295
296 PUT_UINT64_BE( high, msglen, 0 );
297 PUT_UINT64_BE( low, msglen, 8 );
298
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]299 last = (size_t)( ctx->total[0] & 0x7F );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]300 padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
301
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]302 sha512_update( ctx, sha512_padding, padn );
303 sha512_update( ctx, msglen, 16 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]304
305 PUT_UINT64_BE( ctx->state[0], output, 0 );
306 PUT_UINT64_BE( ctx->state[1], output, 8 );
307 PUT_UINT64_BE( ctx->state[2], output, 16 );
308 PUT_UINT64_BE( ctx->state[3], output, 24 );
309 PUT_UINT64_BE( ctx->state[4], output, 32 );
310 PUT_UINT64_BE( ctx->state[5], output, 40 );
311
312 if( ctx->is384 == 0 )
313 {
314 PUT_UINT64_BE( ctx->state[6], output, 48 );
315 PUT_UINT64_BE( ctx->state[7], output, 56 );
316 }
317}
318
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]319#endif /* !POLARSSL_SHA512_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]320
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]321/*
322 * output = SHA-512( input buffer )
323 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]324void sha512( const unsigned char *input, size_t ilen,
325 unsigned char output[64], int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]326{
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]327 sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]328
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]329 sha512_starts( &ctx, is384 );
330 sha512_update( &ctx, input, ilen );
331 sha512_finish( &ctx, output );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]332
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]333 memset( &ctx, 0, sizeof( sha512_context ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]334}
335
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]336#if defined(POLARSSL_FS_IO)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]337/*
338 * output = SHA-512( file contents )
339 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]340int sha512_file( const char *path, unsigned char output[64], int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]341{
342 FILE *f;
343 size_t n;
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]344 sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]345 unsigned char buf[1024];
346
347 if( ( f = fopen( path, "rb" ) ) == NULL )
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]348 return( POLARSSL_ERR_SHA512_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]349
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]350 sha512_starts( &ctx, is384 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]351
352 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]353 sha512_update( &ctx, buf, n );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]354
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]355 sha512_finish( &ctx, output );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]356
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]357 memset( &ctx, 0, sizeof( sha512_context ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]358
359 if( ferror( f ) != 0 )
360 {
361 fclose( f );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]362 return( POLARSSL_ERR_SHA512_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]363 }
364
365 fclose( f );
366 return( 0 );
367}
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]368#endif /* POLARSSL_FS_IO */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]369
370/*
371 * SHA-512 HMAC context setup
372 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]373void sha512_hmac_starts( sha512_context *ctx, const unsigned char *key,
374 size_t keylen, int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]375{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]376 size_t i;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]377 unsigned char sum[64];
378
379 if( keylen > 128 )
380 {
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]381 sha512( key, keylen, sum, is384 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]382 keylen = ( is384 ) ? 48 : 64;
383 key = sum;
384 }
385
386 memset( ctx->ipad, 0x36, 128 );
387 memset( ctx->opad, 0x5C, 128 );
388
389 for( i = 0; i < keylen; i++ )
390 {
391 ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
392 ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
393 }
394
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]395 sha512_starts( ctx, is384 );
396 sha512_update( ctx, ctx->ipad, 128 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]397
398 memset( sum, 0, sizeof( sum ) );
399}
400
401/*
402 * SHA-512 HMAC process buffer
403 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]404void sha512_hmac_update( sha512_context *ctx,
405 const unsigned char *input, size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]406{
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]407 sha512_update( ctx, input, ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]408}
409
410/*
411 * SHA-512 HMAC final digest
412 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]413void sha512_hmac_finish( sha512_context *ctx, unsigned char output[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]414{
415 int is384, hlen;
416 unsigned char tmpbuf[64];
417
418 is384 = ctx->is384;
419 hlen = ( is384 == 0 ) ? 64 : 48;
420
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]421 sha512_finish( ctx, tmpbuf );
422 sha512_starts( ctx, is384 );
423 sha512_update( ctx, ctx->opad, 128 );
424 sha512_update( ctx, tmpbuf, hlen );
425 sha512_finish( ctx, output );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]426
427 memset( tmpbuf, 0, sizeof( tmpbuf ) );
428}
429
430/*
Paul Bakker7d3b6612010-03-21 16:23:13 +0000[diff] [blame]431 * SHA-512 HMAC context reset
432 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]433void sha512_hmac_reset( sha512_context *ctx )
Paul Bakker7d3b6612010-03-21 16:23:13 +0000[diff] [blame]434{
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]435 sha512_starts( ctx, ctx->is384 );
436 sha512_update( ctx, ctx->ipad, 128 );
Paul Bakker7d3b6612010-03-21 16:23:13 +0000[diff] [blame]437}
438
439/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]440 * output = HMAC-SHA-512( hmac key, input buffer )
441 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]442void sha512_hmac( const unsigned char *key, size_t keylen,
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]443 const unsigned char *input, size_t ilen,
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]444 unsigned char output[64], int is384 )
445{
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]446 sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]447
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]448 sha512_hmac_starts( &ctx, key, keylen, is384 );
449 sha512_hmac_update( &ctx, input, ilen );
450 sha512_hmac_finish( &ctx, output );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]451
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]452 memset( &ctx, 0, sizeof( sha512_context ) );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]453}
454
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]455#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]456
457/*
458 * FIPS-180-2 test vectors
459 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]460static unsigned char sha512_test_buf[3][113] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]461{
462 { "abc" },
463 { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
464 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" },
465 { "" }
466};
467
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]468static const int sha512_test_buflen[3] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]469{
470 3, 112, 1000
471};
472
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]473static const unsigned char sha512_test_sum[6][64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]474{
475 /*
476 * SHA-384 test vectors
477 */
478 { 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
479 0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
480 0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
481 0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED,
482 0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23,
483 0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7 },
484 { 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8,
485 0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47,
486 0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2,
487 0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12,
488 0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9,
489 0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39 },
490 { 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB,
491 0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C,
492 0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52,
493 0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B,
494 0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB,
495 0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 },
496
497 /*
498 * SHA-512 test vectors
499 */
500 { 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA,
501 0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31,
502 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
503 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A,
504 0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8,
505 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
506 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E,
507 0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F },
508 { 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA,
509 0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F,
510 0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1,
511 0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18,
512 0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4,
513 0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A,
514 0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54,
515 0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09 },
516 { 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64,
517 0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63,
518 0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28,
519 0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB,
520 0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A,
521 0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B,
522 0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E,
523 0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B }
524};
525
526/*
527 * RFC 4231 test vectors
528 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]529static unsigned char sha512_hmac_test_key[7][26] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]530{
531 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
532 "\x0B\x0B\x0B\x0B" },
533 { "Jefe" },
534 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
535 "\xAA\xAA\xAA\xAA" },
536 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
537 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
538 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
539 "\x0C\x0C\x0C\x0C" },
540 { "" }, /* 0xAA 131 times */
541 { "" }
542};
543
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]544static const int sha512_hmac_test_keylen[7] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]545{
546 20, 4, 20, 25, 20, 131, 131
547};
548
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]549static unsigned char sha512_hmac_test_buf[7][153] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]550{
551 { "Hi There" },
552 { "what do ya want for nothing?" },
553 { "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
554 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
555 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
556 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
557 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
558 { "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
559 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
560 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
561 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
562 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
563 { "Test With Truncation" },
564 { "Test Using Larger Than Block-Size Key - Hash Key First" },
565 { "This is a test using a larger than block-size key "
566 "and a larger than block-size data. The key needs to "
567 "be hashed before being used by the HMAC algorithm." }
568};
569
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]570static const int sha512_hmac_test_buflen[7] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]571{
572 8, 28, 50, 50, 20, 54, 152
573};
574
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]575static const unsigned char sha512_hmac_test_sum[14][64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]576{
577 /*
578 * HMAC-SHA-384 test vectors
579 */
580 { 0xAF, 0xD0, 0x39, 0x44, 0xD8, 0x48, 0x95, 0x62,
581 0x6B, 0x08, 0x25, 0xF4, 0xAB, 0x46, 0x90, 0x7F,
582 0x15, 0xF9, 0xDA, 0xDB, 0xE4, 0x10, 0x1E, 0xC6,
583 0x82, 0xAA, 0x03, 0x4C, 0x7C, 0xEB, 0xC5, 0x9C,
584 0xFA, 0xEA, 0x9E, 0xA9, 0x07, 0x6E, 0xDE, 0x7F,
585 0x4A, 0xF1, 0x52, 0xE8, 0xB2, 0xFA, 0x9C, 0xB6 },
586 { 0xAF, 0x45, 0xD2, 0xE3, 0x76, 0x48, 0x40, 0x31,
587 0x61, 0x7F, 0x78, 0xD2, 0xB5, 0x8A, 0x6B, 0x1B,
588 0x9C, 0x7E, 0xF4, 0x64, 0xF5, 0xA0, 0x1B, 0x47,
589 0xE4, 0x2E, 0xC3, 0x73, 0x63, 0x22, 0x44, 0x5E,
590 0x8E, 0x22, 0x40, 0xCA, 0x5E, 0x69, 0xE2, 0xC7,
591 0x8B, 0x32, 0x39, 0xEC, 0xFA, 0xB2, 0x16, 0x49 },
592 { 0x88, 0x06, 0x26, 0x08, 0xD3, 0xE6, 0xAD, 0x8A,
593 0x0A, 0xA2, 0xAC, 0xE0, 0x14, 0xC8, 0xA8, 0x6F,
594 0x0A, 0xA6, 0x35, 0xD9, 0x47, 0xAC, 0x9F, 0xEB,
595 0xE8, 0x3E, 0xF4, 0xE5, 0x59, 0x66, 0x14, 0x4B,
596 0x2A, 0x5A, 0xB3, 0x9D, 0xC1, 0x38, 0x14, 0xB9,
597 0x4E, 0x3A, 0xB6, 0xE1, 0x01, 0xA3, 0x4F, 0x27 },
598 { 0x3E, 0x8A, 0x69, 0xB7, 0x78, 0x3C, 0x25, 0x85,
599 0x19, 0x33, 0xAB, 0x62, 0x90, 0xAF, 0x6C, 0xA7,
600 0x7A, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9C,
601 0xC5, 0x57, 0x7C, 0x6E, 0x1F, 0x57, 0x3B, 0x4E,
602 0x68, 0x01, 0xDD, 0x23, 0xC4, 0xA7, 0xD6, 0x79,
603 0xCC, 0xF8, 0xA3, 0x86, 0xC6, 0x74, 0xCF, 0xFB },
604 { 0x3A, 0xBF, 0x34, 0xC3, 0x50, 0x3B, 0x2A, 0x23,
605 0xA4, 0x6E, 0xFC, 0x61, 0x9B, 0xAE, 0xF8, 0x97 },
606 { 0x4E, 0xCE, 0x08, 0x44, 0x85, 0x81, 0x3E, 0x90,
607 0x88, 0xD2, 0xC6, 0x3A, 0x04, 0x1B, 0xC5, 0xB4,
608 0x4F, 0x9E, 0xF1, 0x01, 0x2A, 0x2B, 0x58, 0x8F,
609 0x3C, 0xD1, 0x1F, 0x05, 0x03, 0x3A, 0xC4, 0xC6,
610 0x0C, 0x2E, 0xF6, 0xAB, 0x40, 0x30, 0xFE, 0x82,
611 0x96, 0x24, 0x8D, 0xF1, 0x63, 0xF4, 0x49, 0x52 },
612 { 0x66, 0x17, 0x17, 0x8E, 0x94, 0x1F, 0x02, 0x0D,
613 0x35, 0x1E, 0x2F, 0x25, 0x4E, 0x8F, 0xD3, 0x2C,
614 0x60, 0x24, 0x20, 0xFE, 0xB0, 0xB8, 0xFB, 0x9A,
615 0xDC, 0xCE, 0xBB, 0x82, 0x46, 0x1E, 0x99, 0xC5,
616 0xA6, 0x78, 0xCC, 0x31, 0xE7, 0x99, 0x17, 0x6D,
617 0x38, 0x60, 0xE6, 0x11, 0x0C, 0x46, 0x52, 0x3E },
618
619 /*
620 * HMAC-SHA-512 test vectors
621 */
622 { 0x87, 0xAA, 0x7C, 0xDE, 0xA5, 0xEF, 0x61, 0x9D,
623 0x4F, 0xF0, 0xB4, 0x24, 0x1A, 0x1D, 0x6C, 0xB0,
624 0x23, 0x79, 0xF4, 0xE2, 0xCE, 0x4E, 0xC2, 0x78,
625 0x7A, 0xD0, 0xB3, 0x05, 0x45, 0xE1, 0x7C, 0xDE,
626 0xDA, 0xA8, 0x33, 0xB7, 0xD6, 0xB8, 0xA7, 0x02,
627 0x03, 0x8B, 0x27, 0x4E, 0xAE, 0xA3, 0xF4, 0xE4,
628 0xBE, 0x9D, 0x91, 0x4E, 0xEB, 0x61, 0xF1, 0x70,
629 0x2E, 0x69, 0x6C, 0x20, 0x3A, 0x12, 0x68, 0x54 },
630 { 0x16, 0x4B, 0x7A, 0x7B, 0xFC, 0xF8, 0x19, 0xE2,
631 0xE3, 0x95, 0xFB, 0xE7, 0x3B, 0x56, 0xE0, 0xA3,
632 0x87, 0xBD, 0x64, 0x22, 0x2E, 0x83, 0x1F, 0xD6,
633 0x10, 0x27, 0x0C, 0xD7, 0xEA, 0x25, 0x05, 0x54,
634 0x97, 0x58, 0xBF, 0x75, 0xC0, 0x5A, 0x99, 0x4A,
635 0x6D, 0x03, 0x4F, 0x65, 0xF8, 0xF0, 0xE6, 0xFD,
636 0xCA, 0xEA, 0xB1, 0xA3, 0x4D, 0x4A, 0x6B, 0x4B,
637 0x63, 0x6E, 0x07, 0x0A, 0x38, 0xBC, 0xE7, 0x37 },
638 { 0xFA, 0x73, 0xB0, 0x08, 0x9D, 0x56, 0xA2, 0x84,
639 0xEF, 0xB0, 0xF0, 0x75, 0x6C, 0x89, 0x0B, 0xE9,
640 0xB1, 0xB5, 0xDB, 0xDD, 0x8E, 0xE8, 0x1A, 0x36,
641 0x55, 0xF8, 0x3E, 0x33, 0xB2, 0x27, 0x9D, 0x39,
642 0xBF, 0x3E, 0x84, 0x82, 0x79, 0xA7, 0x22, 0xC8,
643 0x06, 0xB4, 0x85, 0xA4, 0x7E, 0x67, 0xC8, 0x07,
644 0xB9, 0x46, 0xA3, 0x37, 0xBE, 0xE8, 0x94, 0x26,
645 0x74, 0x27, 0x88, 0x59, 0xE1, 0x32, 0x92, 0xFB },
646 { 0xB0, 0xBA, 0x46, 0x56, 0x37, 0x45, 0x8C, 0x69,
647 0x90, 0xE5, 0xA8, 0xC5, 0xF6, 0x1D, 0x4A, 0xF7,
648 0xE5, 0x76, 0xD9, 0x7F, 0xF9, 0x4B, 0x87, 0x2D,
649 0xE7, 0x6F, 0x80, 0x50, 0x36, 0x1E, 0xE3, 0xDB,
650 0xA9, 0x1C, 0xA5, 0xC1, 0x1A, 0xA2, 0x5E, 0xB4,
651 0xD6, 0x79, 0x27, 0x5C, 0xC5, 0x78, 0x80, 0x63,
652 0xA5, 0xF1, 0x97, 0x41, 0x12, 0x0C, 0x4F, 0x2D,
653 0xE2, 0xAD, 0xEB, 0xEB, 0x10, 0xA2, 0x98, 0xDD },
654 { 0x41, 0x5F, 0xAD, 0x62, 0x71, 0x58, 0x0A, 0x53,
655 0x1D, 0x41, 0x79, 0xBC, 0x89, 0x1D, 0x87, 0xA6 },
656 { 0x80, 0xB2, 0x42, 0x63, 0xC7, 0xC1, 0xA3, 0xEB,
657 0xB7, 0x14, 0x93, 0xC1, 0xDD, 0x7B, 0xE8, 0xB4,
658 0x9B, 0x46, 0xD1, 0xF4, 0x1B, 0x4A, 0xEE, 0xC1,
659 0x12, 0x1B, 0x01, 0x37, 0x83, 0xF8, 0xF3, 0x52,
660 0x6B, 0x56, 0xD0, 0x37, 0xE0, 0x5F, 0x25, 0x98,
661 0xBD, 0x0F, 0xD2, 0x21, 0x5D, 0x6A, 0x1E, 0x52,
662 0x95, 0xE6, 0x4F, 0x73, 0xF6, 0x3F, 0x0A, 0xEC,
663 0x8B, 0x91, 0x5A, 0x98, 0x5D, 0x78, 0x65, 0x98 },
664 { 0xE3, 0x7B, 0x6A, 0x77, 0x5D, 0xC8, 0x7D, 0xBA,
665 0xA4, 0xDF, 0xA9, 0xF9, 0x6E, 0x5E, 0x3F, 0xFD,
666 0xDE, 0xBD, 0x71, 0xF8, 0x86, 0x72, 0x89, 0x86,
667 0x5D, 0xF5, 0xA3, 0x2D, 0x20, 0xCD, 0xC9, 0x44,
668 0xB6, 0x02, 0x2C, 0xAC, 0x3C, 0x49, 0x82, 0xB1,
669 0x0D, 0x5E, 0xEB, 0x55, 0xC3, 0xE4, 0xDE, 0x15,
670 0x13, 0x46, 0x76, 0xFB, 0x6D, 0xE0, 0x44, 0x60,
671 0x65, 0xC9, 0x74, 0x40, 0xFA, 0x8C, 0x6A, 0x58 }
672};
673
674/*
675 * Checkup routine
676 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]677int sha512_self_test( int verbose )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]678{
679 int i, j, k, buflen;
680 unsigned char buf[1024];
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]681 unsigned char sha512sum[64];
682 sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]683
684 for( i = 0; i < 6; i++ )
685 {
686 j = i % 3;
687 k = i < 3;
688
689 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]690 polarssl_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]691
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]692 sha512_starts( &ctx, k );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]693
694 if( j == 2 )
695 {
696 memset( buf, 'a', buflen = 1000 );
697
698 for( j = 0; j < 1000; j++ )
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]699 sha512_update( &ctx, buf, buflen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]700 }
701 else
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]702 sha512_update( &ctx, sha512_test_buf[j],
703 sha512_test_buflen[j] );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]704
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]705 sha512_finish( &ctx, sha512sum );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]706
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]707 if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]708 {
709 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]710 polarssl_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]711
712 return( 1 );
713 }
714
715 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]716 polarssl_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]717 }
718
719 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]720 polarssl_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]721
722 for( i = 0; i < 14; i++ )
723 {
724 j = i % 7;
725 k = i < 7;
726
727 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]728 polarssl_printf( " HMAC-SHA-%d test #%d: ", 512 - k * 128, j + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]729
730 if( j == 5 || j == 6 )
731 {
732 memset( buf, '\xAA', buflen = 131 );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]733 sha512_hmac_starts( &ctx, buf, buflen, k );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]734 }
735 else
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]736 sha512_hmac_starts( &ctx, sha512_hmac_test_key[j],
737 sha512_hmac_test_keylen[j], k );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]738
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]739 sha512_hmac_update( &ctx, sha512_hmac_test_buf[j],
740 sha512_hmac_test_buflen[j] );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]741
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]742 sha512_hmac_finish( &ctx, sha512sum );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]743
744 buflen = ( j == 4 ) ? 16 : 64 - k * 16;
745
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]746 if( memcmp( sha512sum, sha512_hmac_test_sum[i], buflen ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]747 {
748 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]749 polarssl_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]750
751 return( 1 );
752 }
753
754 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]755 polarssl_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]756 }
757
758 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]759 polarssl_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]760
761 return( 0 );
762}
763
764#endif
765
766#endif