search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
text
[RRG-proxmark3.git] / common / mbedtls / sha512.c
blobf6038353e9a7cdb325b2eaadc0f0397e79cc4f7c
1 /*
2 * FIPS-180-2 compliant SHA-384/512 implementation
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19 /*
20 * The SHA-512 Secure Hash Standard was published by NIST in 2002.
21 *
22 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
23 */
24
25 #include "common.h"
26
27 #if defined(MBEDTLS_SHA512_C)
28
29 #include "mbedtls/sha512.h"
30 #include "mbedtls/platform_util.h"
31 #include "mbedtls/error.h"
32
33 #if defined(_MSC_VER) || defined(__WATCOMC__)
34 #define UL64(x) x##ui64
35 #else
36 #define UL64(x) x##ULL
37 #endif
38
39 #include <string.h>
40
41 #if defined(MBEDTLS_SELF_TEST)
42 #if defined(MBEDTLS_PLATFORM_C)
43 #include "mbedtls/platform.h"
44 #else
45 #include <stdio.h>
46 #include <stdlib.h>
47 #define mbedtls_printf printf
48 #define mbedtls_calloc calloc
49 #define mbedtls_free free
50 #endif /* MBEDTLS_PLATFORM_C */
51 #endif /* MBEDTLS_SELF_TEST */
52
53 #define SHA512_VALIDATE_RET(cond) \
54 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA )
55 #define SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
56
57 #if !defined(MBEDTLS_SHA512_ALT)
58
59 /*
60 * 64-bit integer manipulation macros (big endian)
61 */
62 #ifndef GET_UINT64_BE
63 #define GET_UINT64_BE(n,b,i) \
64 { \
65 (n) = ( (uint64_t) (b)[(i) ] << 56 ) \
66 | ( (uint64_t) (b)[(i) + 1] << 48 ) \
67 | ( (uint64_t) (b)[(i) + 2] << 40 ) \
68 | ( (uint64_t) (b)[(i) + 3] << 32 ) \
69 | ( (uint64_t) (b)[(i) + 4] << 24 ) \
70 | ( (uint64_t) (b)[(i) + 5] << 16 ) \
71 | ( (uint64_t) (b)[(i) + 6] << 8 ) \
72 | ( (uint64_t) (b)[(i) + 7] ); \
73 }
74 #endif /* GET_UINT64_BE */
75
76 #ifndef PUT_UINT64_BE
77 #define PUT_UINT64_BE(n,b,i) \
78 { \
79 (b)[(i) ] = (unsigned char) ( (n) >> 56 ); \
80 (b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \
81 (b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \
82 (b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \
83 (b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \
84 (b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \
85 (b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \
86 (b)[(i) + 7] = (unsigned char) ( (n) ); \
87 }
88 #endif /* PUT_UINT64_BE */
89
90 #if defined(MBEDTLS_SHA512_SMALLER)
91 static void sha512_put_uint64_be(uint64_t n, unsigned char *b, uint8_t i) {
92 PUT_UINT64_BE(n, b, i);
93 }
94 #else
95 #define sha512_put_uint64_be PUT_UINT64_BE
96 #endif /* MBEDTLS_SHA512_SMALLER */
97
98 void mbedtls_sha512_init(mbedtls_sha512_context *ctx) {
99 SHA512_VALIDATE(ctx != NULL);
100
101 memset(ctx, 0, sizeof(mbedtls_sha512_context));
102 }
103
104 void mbedtls_sha512_free(mbedtls_sha512_context *ctx) {
105 if (ctx == NULL)
106 return;
107
108 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha512_context));
109 }
110
111 void mbedtls_sha512_clone(mbedtls_sha512_context *dst,
112 const mbedtls_sha512_context *src) {
113 SHA512_VALIDATE(dst != NULL);
114 SHA512_VALIDATE(src != NULL);
115
116 *dst = *src;
117 }
118
119 /*
120 * SHA-512 context setup
121 */
122 int mbedtls_sha512_starts_ret(mbedtls_sha512_context *ctx, int is384) {
123 SHA512_VALIDATE_RET(ctx != NULL);
124 #if !defined(MBEDTLS_SHA512_NO_SHA384)
125 SHA512_VALIDATE_RET(is384 == 0 || is384 == 1);
126 #else
127 SHA512_VALIDATE_RET(is384 == 0);
128 #endif
129
130 ctx->total[0] = 0;
131 ctx->total[1] = 0;
132
133 if (is384 == 0) {
134 /* SHA-512 */
135 ctx->state[0] = UL64(0x6A09E667F3BCC908);
136 ctx->state[1] = UL64(0xBB67AE8584CAA73B);
137 ctx->state[2] = UL64(0x3C6EF372FE94F82B);
138 ctx->state[3] = UL64(0xA54FF53A5F1D36F1);
139 ctx->state[4] = UL64(0x510E527FADE682D1);
140 ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
141 ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
142 ctx->state[7] = UL64(0x5BE0CD19137E2179);
143 } else {
144 #if defined(MBEDTLS_SHA512_NO_SHA384)
145 return (MBEDTLS_ERR_SHA512_BAD_INPUT_DATA);
146 #else
147 /* SHA-384 */
148 ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
149 ctx->state[1] = UL64(0x629A292A367CD507);
150 ctx->state[2] = UL64(0x9159015A3070DD17);
151 ctx->state[3] = UL64(0x152FECD8F70E5939);
152 ctx->state[4] = UL64(0x67332667FFC00B31);
153 ctx->state[5] = UL64(0x8EB44A8768581511);
154 ctx->state[6] = UL64(0xDB0C2E0D64F98FA7);
155 ctx->state[7] = UL64(0x47B5481DBEFA4FA4);
156 #endif /* MBEDTLS_SHA512_NO_SHA384 */
157 }
158
159 #if !defined(MBEDTLS_SHA512_NO_SHA384)
160 ctx->is384 = is384;
161 #endif
162
163 return (0);
164 }
165
166 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
167 void mbedtls_sha512_starts(mbedtls_sha512_context *ctx,
168 int is384) {
169 mbedtls_sha512_starts_ret(ctx, is384);
170 }
171 #endif
172
173 #if !defined(MBEDTLS_SHA512_PROCESS_ALT)
174
175 /*
176 * Round constants
177 */
178 static const uint64_t K[80] = {
179 UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
180 UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
181 UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
182 UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
183 UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
184 UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
185 UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
186 UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
187 UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
188 UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
189 UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
190 UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
191 UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
192 UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
193 UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
194 UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
195 UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
196 UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
197 UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
198 UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
199 UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
200 UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
201 UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
202 UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
203 UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
204 UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
205 UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
206 UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
207 UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
208 UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
209 UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
210 UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
211 UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
212 UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
213 UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
214 UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
215 UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
216 UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
217 UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
218 UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
219 };
220
221 int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx,
222 const unsigned char data[128]) {
223 int i;
224 struct {
225 uint64_t temp1, temp2, W[80];
226 uint64_t A[8];
227 } local;
228
229 SHA512_VALIDATE_RET(ctx != NULL);
230 SHA512_VALIDATE_RET((const unsigned char *)data != NULL);
231
232 #define SHR(x,n) ((x) >> (n))
233 #define ROTR(x,n) (SHR((x),(n)) | ((x) << (64 - (n))))
234
235 #define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7))
236 #define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6))
237
238 #define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
239 #define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
240
241 #define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
242 #define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
243
244 #define P(a,b,c,d,e,f,g,h,x,K) \
245 do \
246 { \
247 local.temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
248 local.temp2 = S2(a) + F0((a),(b),(c)); \
249 (d) += local.temp1; (h) = local.temp1 + local.temp2; \
250 } while( 0 )
251
252 for (i = 0; i < 8; i++)
253 local.A[i] = ctx->state[i];
254
255 #if defined(MBEDTLS_SHA512_SMALLER)
256 for (i = 0; i < 80; i++) {
257 if (i < 16) {
258 GET_UINT64_BE(local.W[i], data, i << 3);
259 } else {
260 local.W[i] = S1(local.W[i - 2]) + local.W[i - 7] +
261 S0(local.W[i - 15]) + local.W[i - 16];
262 }
263
264 P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
265 local.A[5], local.A[6], local.A[7], local.W[i], K[i]);
266
267 local.temp1 = local.A[7];
268 local.A[7] = local.A[6];
269 local.A[6] = local.A[5];
270 local.A[5] = local.A[4];
271 local.A[4] = local.A[3];
272 local.A[3] = local.A[2];
273 local.A[2] = local.A[1];
274 local.A[1] = local.A[0];
275 local.A[0] = local.temp1;
276 }
277 #else /* MBEDTLS_SHA512_SMALLER */
278 for (i = 0; i < 16; i++) {
279 GET_UINT64_BE(local.W[i], data, i << 3);
280 }
281
282 for (; i < 80; i++) {
283 local.W[i] = S1(local.W[i - 2]) + local.W[i - 7] +
284 S0(local.W[i - 15]) + local.W[i - 16];
285 }
286
287 i = 0;
288 do {
289 P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
290 local.A[5], local.A[6], local.A[7], local.W[i], K[i]);
291 i++;
292 P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
293 local.A[4], local.A[5], local.A[6], local.W[i], K[i]);
294 i++;
295 P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
296 local.A[3], local.A[4], local.A[5], local.W[i], K[i]);
297 i++;
298 P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
299 local.A[2], local.A[3], local.A[4], local.W[i], K[i]);
300 i++;
301 P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
302 local.A[1], local.A[2], local.A[3], local.W[i], K[i]);
303 i++;
304 P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
305 local.A[0], local.A[1], local.A[2], local.W[i], K[i]);
306 i++;
307 P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
308 local.A[7], local.A[0], local.A[1], local.W[i], K[i]);
309 i++;
310 P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
311 local.A[6], local.A[7], local.A[0], local.W[i], K[i]);
312 i++;
313 } while (i < 80);
314 #endif /* MBEDTLS_SHA512_SMALLER */
315
316 for (i = 0; i < 8; i++)
317 ctx->state[i] += local.A[i];
318
319 /* Zeroise buffers and variables to clear sensitive data from memory. */
320 mbedtls_platform_zeroize(&local, sizeof(local));
321
322 return (0);
323 }
324
325 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
326 void mbedtls_sha512_process(mbedtls_sha512_context *ctx,
327 const unsigned char data[128]) {
328 mbedtls_internal_sha512_process(ctx, data);
329 }
330 #endif
331 #endif /* !MBEDTLS_SHA512_PROCESS_ALT */
332
333 /*
334 * SHA-512 process buffer
335 */
336 int mbedtls_sha512_update_ret(mbedtls_sha512_context *ctx,
337 const unsigned char *input,
338 size_t ilen) {
339 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
340 size_t fill;
341 unsigned int left;
342
343 SHA512_VALIDATE_RET(ctx != NULL);
344 SHA512_VALIDATE_RET(ilen == 0 || input != NULL);
345
346 if (ilen == 0)
347 return (0);
348
349 left = (unsigned int)(ctx->total[0] & 0x7F);
350 fill = 128 - left;
351
352 ctx->total[0] += (uint64_t) ilen;
353
354 if (ctx->total[0] < (uint64_t) ilen)
355 ctx->total[1]++;
356
357 if (left && ilen >= fill) {
358 memcpy((void *)(ctx->buffer + left), input, fill);
359
360 if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0)
361 return (ret);
362
363 input += fill;
364 ilen -= fill;
365 left = 0;
366 }
367
368 while (ilen >= 128) {
369 if ((ret = mbedtls_internal_sha512_process(ctx, input)) != 0)
370 return (ret);
371
372 input += 128;
373 ilen -= 128;
374 }
375
376 if (ilen > 0)
377 memcpy((void *)(ctx->buffer + left), input, ilen);
378
379 return (0);
380 }
381
382 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
383 void mbedtls_sha512_update(mbedtls_sha512_context *ctx,
384 const unsigned char *input,
385 size_t ilen) {
386 mbedtls_sha512_update_ret(ctx, input, ilen);
387 }
388 #endif
389
390 /*
391 * SHA-512 final digest
392 */
393 int mbedtls_sha512_finish_ret(mbedtls_sha512_context *ctx,
394 unsigned char output[64]) {
395 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
396 unsigned used;
397 uint64_t high, low;
398
399 SHA512_VALIDATE_RET(ctx != NULL);
400 SHA512_VALIDATE_RET((unsigned char *)output != NULL);
401
402 /*
403 * Add padding: 0x80 then 0x00 until 16 bytes remain for the length
404 */
405 used = ctx->total[0] & 0x7F;
406
407 ctx->buffer[used++] = 0x80;
408
409 if (used <= 112) {
410 /* Enough room for padding + length in current block */
411 memset(ctx->buffer + used, 0, 112 - used);
412 } else {
413 /* We'll need an extra block */
414 memset(ctx->buffer + used, 0, 128 - used);
415
416 if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0)
417 return (ret);
418
419 memset(ctx->buffer, 0, 112);
420 }
421
422 /*
423 * Add message length
424 */
425 high = (ctx->total[0] >> 61)
426 | (ctx->total[1] << 3);
427 low = (ctx->total[0] << 3);
428
429 sha512_put_uint64_be(high, ctx->buffer, 112);
430 sha512_put_uint64_be(low, ctx->buffer, 120);
431
432 if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0)
433 return (ret);
434
435 /*
436 * Output final state
437 */
438 sha512_put_uint64_be(ctx->state[0], output, 0);
439 sha512_put_uint64_be(ctx->state[1], output, 8);
440 sha512_put_uint64_be(ctx->state[2], output, 16);
441 sha512_put_uint64_be(ctx->state[3], output, 24);
442 sha512_put_uint64_be(ctx->state[4], output, 32);
443 sha512_put_uint64_be(ctx->state[5], output, 40);
444
445 #if !defined(MBEDTLS_SHA512_NO_SHA384)
446 if (ctx->is384 == 0)
447 #endif
448 {
449 sha512_put_uint64_be(ctx->state[6], output, 48);
450 sha512_put_uint64_be(ctx->state[7], output, 56);
451 }
452
453 return (0);
454 }
455
456 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
457 void mbedtls_sha512_finish(mbedtls_sha512_context *ctx,
458 unsigned char output[64]) {
459 mbedtls_sha512_finish_ret(ctx, output);
460 }
461 #endif
462
463 #endif /* !MBEDTLS_SHA512_ALT */
464
465 /*
466 * output = SHA-512( input buffer )
467 */
468 int mbedtls_sha512_ret(const unsigned char *input,
469 size_t ilen,
470 unsigned char output[64],
471 int is384) {
472 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
473 mbedtls_sha512_context ctx;
474
475 #if !defined(MBEDTLS_SHA512_NO_SHA384)
476 SHA512_VALIDATE_RET(is384 == 0 || is384 == 1);
477 #else
478 SHA512_VALIDATE_RET(is384 == 0);
479 #endif
480 SHA512_VALIDATE_RET(ilen == 0 || input != NULL);
481 SHA512_VALIDATE_RET((unsigned char *)output != NULL);
482
483 mbedtls_sha512_init(&ctx);
484
485 if ((ret = mbedtls_sha512_starts_ret(&ctx, is384)) != 0)
486 goto exit;
487
488 if ((ret = mbedtls_sha512_update_ret(&ctx, input, ilen)) != 0)
489 goto exit;
490
491 if ((ret = mbedtls_sha512_finish_ret(&ctx, output)) != 0)
492 goto exit;
493
494 exit:
495 mbedtls_sha512_free(&ctx);
496
497 return (ret);
498 }
499
500 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
501 void mbedtls_sha512(const unsigned char *input,
502 size_t ilen,
503 unsigned char output[64],
504 int is384) {
505 mbedtls_sha512_ret(input, ilen, output, is384);
506 }
507 #endif
508
509 #if defined(MBEDTLS_SELF_TEST)
510
511 /*
512 * FIPS-180-2 test vectors
513 */
514 static const unsigned char sha512_test_buf[3][113] = {
515 { "abc" },
516 { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" },
517 { "" }
518 };
519
520 static const size_t sha512_test_buflen[3] = {
521 3, 112, 1000
522 };
523
524 static const unsigned char sha512_test_sum[][64] = {
525 #if !defined(MBEDTLS_SHA512_NO_SHA384)
526 /*
527 * SHA-384 test vectors
528 */
529 {
530 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
531 0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
532 0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
533 0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED,
534 0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23,
535 0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7
536 },
537 {
538 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8,
539 0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47,
540 0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2,
541 0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12,
542 0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9,
543 0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39
544 },
545 {
546 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB,
547 0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C,
548 0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52,
549 0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B,
550 0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB,
551 0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85
552 },
553 #endif /* !MBEDTLS_SHA512_NO_SHA384 */
554
555 /*
556 * SHA-512 test vectors
557 */
558 {
559 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA,
560 0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31,
561 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
562 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A,
563 0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8,
564 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
565 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E,
566 0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F
567 },
568 {
569 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA,
570 0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F,
571 0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1,
572 0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18,
573 0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4,
574 0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A,
575 0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54,
576 0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09
577 },
578 {
579 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64,
580 0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63,
581 0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28,
582 0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB,
583 0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A,
584 0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B,
585 0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E,
586 0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B
587 }
588 };
589
590 #define ARRAY_LENGTH( a ) ( sizeof( a ) / sizeof( ( a )[0] ) )
591
592 /*
593 * Checkup routine
594 */
595 int mbedtls_sha512_self_test(int verbose) {
596 int i, j, k, buflen, ret = 0;
597 unsigned char *buf;
598 unsigned char sha512sum[64];
599 mbedtls_sha512_context ctx;
600
601 buf = mbedtls_calloc(1024, sizeof(unsigned char));
602 if (NULL == buf) {
603 if (verbose != 0)
604 mbedtls_printf("Buffer allocation failed\n");
605
606 return (1);
607 }
608
609 mbedtls_sha512_init(&ctx);
610
611 for (i = 0; i < (int) ARRAY_LENGTH(sha512_test_sum); i++) {
612 j = i % 3;
613 #if !defined(MBEDTLS_SHA512_NO_SHA384)
614 k = i < 3;
615 #else
616 k = 0;
617 #endif
618
619 if (verbose != 0)
620 mbedtls_printf(" SHA-%d test #%d: ", 512 - k * 128, j + 1);
621
622 if ((ret = mbedtls_sha512_starts_ret(&ctx, k)) != 0)
623 goto fail;
624
625 if (j == 2) {
626 memset(buf, 'a', buflen = 1000);
627
628 for (j = 0; j < 1000; j++) {
629 ret = mbedtls_sha512_update_ret(&ctx, buf, buflen);
630 if (ret != 0)
631 goto fail;
632 }
633 } else {
634 ret = mbedtls_sha512_update_ret(&ctx, sha512_test_buf[j],
635 sha512_test_buflen[j]);
636 if (ret != 0)
637 goto fail;
638 }
639
640 if ((ret = mbedtls_sha512_finish_ret(&ctx, sha512sum)) != 0)
641 goto fail;
642
643 if (memcmp(sha512sum, sha512_test_sum[i], 64 - k * 16) != 0) {
644 ret = 1;
645 goto fail;
646 }
647
648 if (verbose != 0)
649 mbedtls_printf("passed\n");
650 }
651
652 if (verbose != 0)
653 mbedtls_printf("\n");
654
655 goto exit;
656
657 fail:
658 if (verbose != 0)
659 mbedtls_printf("failed\n");
660
661 exit:
662 mbedtls_sha512_free(&ctx);
663 mbedtls_free(buf);
664
665 return (ret);
666 }
667
668 #undef ARRAY_LENGTH
669
670 #endif /* MBEDTLS_SELF_TEST */
671
672 #endif /* MBEDTLS_SHA512_C */
Proxmark3 - the RFID research Swiss army knife. Iceman firmware