33 #if defined(POLARSSL_SHA2_C)
37 #if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
41 #if !defined(POLARSSL_SHA2_ALT)
47 #define GET_UINT32_BE(n,b,i) \
49 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
50 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
51 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
52 | ( (uint32_t) (b)[(i) + 3] ); \
57 #define PUT_UINT32_BE(n,b,i) \
59 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
60 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
61 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
62 (b)[(i) + 3] = (unsigned char) ( (n) ); \
77 ctx->
state[0] = 0x6A09E667;
78 ctx->
state[1] = 0xBB67AE85;
79 ctx->
state[2] = 0x3C6EF372;
80 ctx->
state[3] = 0xA54FF53A;
81 ctx->
state[4] = 0x510E527F;
82 ctx->
state[5] = 0x9B05688C;
83 ctx->
state[6] = 0x1F83D9AB;
84 ctx->
state[7] = 0x5BE0CD19;
89 ctx->
state[0] = 0xC1059ED8;
90 ctx->
state[1] = 0x367CD507;
91 ctx->
state[2] = 0x3070DD17;
92 ctx->
state[3] = 0xF70E5939;
93 ctx->
state[4] = 0xFFC00B31;
94 ctx->
state[5] = 0x68581511;
95 ctx->
state[6] = 0x64F98FA7;
96 ctx->
state[7] = 0xBEFA4FA4;
104 uint32_t temp1, temp2, W[64];
105 uint32_t A, B, C, D, E, F, G, H;
124 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
125 #define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
127 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
128 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
130 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
131 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
133 #define F0(x,y,z) ((x & y) | (z & (x | y)))
134 #define F1(x,y,z) (z ^ (x & (y ^ z)))
138 W[t] = S1(W[t - 2]) + W[t - 7] + \
139 S0(W[t - 15]) + W[t - 16] \
142 #define P(a,b,c,d,e,f,g,h,x,K) \
144 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
145 temp2 = S2(a) + F0(a,b,c); \
146 d += temp1; h = temp1 + temp2; \
158 P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 );
159 P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 );
160 P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF );
161 P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 );
162 P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B );
163 P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 );
164 P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 );
165 P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 );
166 P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 );
167 P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 );
168 P( G, H, A, B, C, D, E, F, W[10], 0x243185BE );
169 P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 );
170 P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 );
171 P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE );
172 P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 );
173 P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 );
174 P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 );
175 P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 );
176 P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 );
177 P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC );
178 P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F );
179 P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA );
180 P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC );
181 P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA );
182 P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 );
183 P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D );
184 P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 );
185 P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 );
186 P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 );
187 P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 );
188 P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 );
189 P( B, C, D, E, F, G, H, A, R(31), 0x14292967 );
190 P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 );
191 P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 );
192 P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC );
193 P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 );
194 P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 );
195 P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB );
196 P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E );
197 P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 );
198 P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 );
199 P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B );
200 P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 );
201 P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 );
202 P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 );
203 P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 );
204 P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 );
205 P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 );
206 P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 );
207 P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 );
208 P( G, H, A, B, C, D, E, F, R(50), 0x2748774C );
209 P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 );
210 P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 );
211 P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A );
212 P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F );
213 P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 );
214 P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE );
215 P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F );
216 P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 );
217 P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 );
218 P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA );
219 P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB );
220 P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 );
221 P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 );
244 left = ctx->
total[0] & 0x3F;
247 ctx->
total[0] += (uint32_t) ilen;
248 ctx->
total[0] &= 0xFFFFFFFF;
250 if( ctx->
total[0] < (uint32_t) ilen )
253 if( left && ilen >= fill )
255 memcpy( (
void *) (ctx->
buffer + left), input, fill );
270 memcpy( (
void *) (ctx->
buffer + left), input, ilen );
273 static const unsigned char sha2_padding[64] =
275 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
276 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
277 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
278 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
288 unsigned char msglen[8];
290 high = ( ctx->
total[0] >> 29 )
291 | ( ctx->
total[1] << 3 );
292 low = ( ctx->
total[0] << 3 );
297 last = ctx->
total[0] & 0x3F;
298 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
311 if( ctx->
is224 == 0 )
320 void sha2(
const unsigned char *input,
size_t ilen,
321 unsigned char output[32],
int is224 )
332 #if defined(POLARSSL_FS_IO)
336 int sha2_file(
const char *path,
unsigned char output[32],
int is224 )
341 unsigned char buf[1024];
343 if( ( f = fopen( path,
"rb" ) ) == NULL )
348 while( ( n = fread( buf, 1,
sizeof( buf ), f ) ) > 0 )
355 if( ferror( f ) != 0 )
373 unsigned char sum[32];
377 sha2( key, keylen, sum, is224 );
378 keylen = ( is224 ) ? 28 : 32;
382 memset( ctx->
ipad, 0x36, 64 );
383 memset( ctx->
opad, 0x5C, 64 );
385 for( i = 0; i < keylen; i++ )
387 ctx->
ipad[i] = (
unsigned char)( ctx->
ipad[i] ^ key[i] );
388 ctx->
opad[i] = (
unsigned char)( ctx->
opad[i] ^ key[i] );
394 memset( sum, 0,
sizeof( sum ) );
411 unsigned char tmpbuf[32];
414 hlen = ( is224 == 0 ) ? 32 : 28;
422 memset( tmpbuf, 0,
sizeof( tmpbuf ) );
437 void sha2_hmac(
const unsigned char *key,
size_t keylen,
438 const unsigned char *input,
size_t ilen,
439 unsigned char output[32],
int is224 )
450 #if defined(POLARSSL_SELF_TEST)
454 static unsigned char sha2_test_buf[3][57] =
457 {
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
461 static const int sha2_test_buflen[3] =
466 static const unsigned char sha2_test_sum[6][32] =
471 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
472 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
473 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
474 0xE3, 0x6C, 0x9D, 0xA7 },
475 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
476 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
477 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
478 0x52, 0x52, 0x25, 0x25 },
479 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
480 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
481 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
482 0x4E, 0xE7, 0xAD, 0x67 },
487 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
488 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
489 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
490 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
491 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
492 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
493 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
494 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
495 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
496 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
497 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
498 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
504 static unsigned char sha2_hmac_test_key[7][26] =
506 {
"\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
507 "\x0B\x0B\x0B\x0B" },
509 {
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
510 "\xAA\xAA\xAA\xAA" },
511 {
"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
512 "\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
513 {
"\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
514 "\x0C\x0C\x0C\x0C" },
519 static const int sha2_hmac_test_keylen[7] =
521 20, 4, 20, 25, 20, 131, 131
524 static unsigned char sha2_hmac_test_buf[7][153] =
527 {
"what do ya want for nothing?" },
528 {
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
529 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
530 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
531 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
532 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
533 {
"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
534 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
535 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
536 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
537 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
538 {
"Test With Truncation" },
539 {
"Test Using Larger Than Block-Size Key - Hash Key First" },
540 {
"This is a test using a larger than block-size key "
541 "and a larger than block-size data. The key needs to "
542 "be hashed before being used by the HMAC algorithm." }
545 static const int sha2_hmac_test_buflen[7] =
547 8, 28, 50, 50, 20, 54, 152
550 static const unsigned char sha2_hmac_test_sum[14][32] =
555 { 0x89, 0x6F, 0xB1, 0x12, 0x8A, 0xBB, 0xDF, 0x19,
556 0x68, 0x32, 0x10, 0x7C, 0xD4, 0x9D, 0xF3, 0x3F,
557 0x47, 0xB4, 0xB1, 0x16, 0x99, 0x12, 0xBA, 0x4F,
558 0x53, 0x68, 0x4B, 0x22 },
559 { 0xA3, 0x0E, 0x01, 0x09, 0x8B, 0xC6, 0xDB, 0xBF,
560 0x45, 0x69, 0x0F, 0x3A, 0x7E, 0x9E, 0x6D, 0x0F,
561 0x8B, 0xBE, 0xA2, 0xA3, 0x9E, 0x61, 0x48, 0x00,
562 0x8F, 0xD0, 0x5E, 0x44 },
563 { 0x7F, 0xB3, 0xCB, 0x35, 0x88, 0xC6, 0xC1, 0xF6,
564 0xFF, 0xA9, 0x69, 0x4D, 0x7D, 0x6A, 0xD2, 0x64,
565 0x93, 0x65, 0xB0, 0xC1, 0xF6, 0x5D, 0x69, 0xD1,
566 0xEC, 0x83, 0x33, 0xEA },
567 { 0x6C, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3C, 0xAC,
568 0x6A, 0x2A, 0xBC, 0x1B, 0xB3, 0x82, 0x62, 0x7C,
569 0xEC, 0x6A, 0x90, 0xD8, 0x6E, 0xFC, 0x01, 0x2D,
570 0xE7, 0xAF, 0xEC, 0x5A },
571 { 0x0E, 0x2A, 0xEA, 0x68, 0xA9, 0x0C, 0x8D, 0x37,
572 0xC9, 0x88, 0xBC, 0xDB, 0x9F, 0xCA, 0x6F, 0xA8 },
573 { 0x95, 0xE9, 0xA0, 0xDB, 0x96, 0x20, 0x95, 0xAD,
574 0xAE, 0xBE, 0x9B, 0x2D, 0x6F, 0x0D, 0xBC, 0xE2,
575 0xD4, 0x99, 0xF1, 0x12, 0xF2, 0xD2, 0xB7, 0x27,
576 0x3F, 0xA6, 0x87, 0x0E },
577 { 0x3A, 0x85, 0x41, 0x66, 0xAC, 0x5D, 0x9F, 0x02,
578 0x3F, 0x54, 0xD5, 0x17, 0xD0, 0xB3, 0x9D, 0xBD,
579 0x94, 0x67, 0x70, 0xDB, 0x9C, 0x2B, 0x95, 0xC9,
580 0xF6, 0xF5, 0x65, 0xD1 },
585 { 0xB0, 0x34, 0x4C, 0x61, 0xD8, 0xDB, 0x38, 0x53,
586 0x5C, 0xA8, 0xAF, 0xCE, 0xAF, 0x0B, 0xF1, 0x2B,
587 0x88, 0x1D, 0xC2, 0x00, 0xC9, 0x83, 0x3D, 0xA7,
588 0x26, 0xE9, 0x37, 0x6C, 0x2E, 0x32, 0xCF, 0xF7 },
589 { 0x5B, 0xDC, 0xC1, 0x46, 0xBF, 0x60, 0x75, 0x4E,
590 0x6A, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xC7,
591 0x5A, 0x00, 0x3F, 0x08, 0x9D, 0x27, 0x39, 0x83,
592 0x9D, 0xEC, 0x58, 0xB9, 0x64, 0xEC, 0x38, 0x43 },
593 { 0x77, 0x3E, 0xA9, 0x1E, 0x36, 0x80, 0x0E, 0x46,
594 0x85, 0x4D, 0xB8, 0xEB, 0xD0, 0x91, 0x81, 0xA7,
595 0x29, 0x59, 0x09, 0x8B, 0x3E, 0xF8, 0xC1, 0x22,
596 0xD9, 0x63, 0x55, 0x14, 0xCE, 0xD5, 0x65, 0xFE },
597 { 0x82, 0x55, 0x8A, 0x38, 0x9A, 0x44, 0x3C, 0x0E,
598 0xA4, 0xCC, 0x81, 0x98, 0x99, 0xF2, 0x08, 0x3A,
599 0x85, 0xF0, 0xFA, 0xA3, 0xE5, 0x78, 0xF8, 0x07,
600 0x7A, 0x2E, 0x3F, 0xF4, 0x67, 0x29, 0x66, 0x5B },
601 { 0xA3, 0xB6, 0x16, 0x74, 0x73, 0x10, 0x0E, 0xE0,
602 0x6E, 0x0C, 0x79, 0x6C, 0x29, 0x55, 0x55, 0x2B },
603 { 0x60, 0xE4, 0x31, 0x59, 0x1E, 0xE0, 0xB6, 0x7F,
604 0x0D, 0x8A, 0x26, 0xAA, 0xCB, 0xF5, 0xB7, 0x7F,
605 0x8E, 0x0B, 0xC6, 0x21, 0x37, 0x28, 0xC5, 0x14,
606 0x05, 0x46, 0x04, 0x0F, 0x0E, 0xE3, 0x7F, 0x54 },
607 { 0x9B, 0x09, 0xFF, 0xA7, 0x1B, 0x94, 0x2F, 0xCB,
608 0x27, 0x63, 0x5F, 0xBC, 0xD5, 0xB0, 0xE9, 0x44,
609 0xBF, 0xDC, 0x63, 0x64, 0x4F, 0x07, 0x13, 0x93,
610 0x8A, 0x7F, 0x51, 0x53, 0x5C, 0x3A, 0x35, 0xE2 }
619 unsigned char buf[1024];
620 unsigned char sha2sum[32];
623 for( i = 0; i < 6; i++ )
629 printf(
" SHA-%d test #%d: ", 256 - k * 32, j + 1 );
635 memset( buf,
'a', buflen = 1000 );
637 for( j = 0; j < 1000; j++ )
642 sha2_test_buflen[j] );
646 if( memcmp( sha2sum, sha2_test_sum[i], 32 - k * 4 ) != 0 )
649 printf(
"failed\n" );
655 printf(
"passed\n" );
661 for( i = 0; i < 14; i++ )
667 printf(
" HMAC-SHA-%d test #%d: ", 256 - k * 32, j + 1 );
669 if( j == 5 || j == 6 )
671 memset( buf,
'\xAA', buflen = 131 );
676 sha2_hmac_test_keylen[j], k );
679 sha2_hmac_test_buflen[j] );
683 buflen = ( j == 4 ) ? 16 : 32 - k * 4;
685 if( memcmp( sha2sum, sha2_hmac_test_sum[i], buflen ) != 0 )
688 printf(
"failed\n" );
694 printf(
"passed\n" );