search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ssl_tls: fix format warning in ssl_parse_certificate() on x86_64
[tropicssl.git] / library / sha4.c
blobf7cdf2ae20409667d8012b183ac1d77980396515
1 /*
2 * FIPS-180-2 compliant SHA-384/512 implementation
3 *
4 * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
5 *
6 * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
7 *
8 * All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 *
14 * * Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * * Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * * Neither the names of PolarSSL or XySSL nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
26 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */
35 /*
36 * The SHA-512 Secure Hash Standard was published by NIST in 2002.
37 *
38 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
39 */
40
41 #include "tropicssl/config.h"
42
43 #if defined(TROPICSSL_SHA4_C)
44
45 #include "tropicssl/sha4.h"
46
47 #include <string.h>
48 #include <stdio.h>
49
50 /*
51 * 64-bit integer manipulation macros (big endian)
52 */
53 #ifndef GET_UINT64_BE
54 #define GET_UINT64_BE(n,b,i) \
55 { \
56 (n) = ( (unsigned int64) (b)[(i) ] << 56 ) \
57 | ( (unsigned int64) (b)[(i) + 1] << 48 ) \
58 | ( (unsigned int64) (b)[(i) + 2] << 40 ) \
59 | ( (unsigned int64) (b)[(i) + 3] << 32 ) \
60 | ( (unsigned int64) (b)[(i) + 4] << 24 ) \
61 | ( (unsigned int64) (b)[(i) + 5] << 16 ) \
62 | ( (unsigned int64) (b)[(i) + 6] << 8 ) \
63 | ( (unsigned int64) (b)[(i) + 7] ); \
64 }
65 #endif
66
67 #ifndef PUT_UINT64_BE
68 #define PUT_UINT64_BE(n,b,i) \
69 { \
70 (b)[(i) ] = (unsigned char) ( (n) >> 56 ); \
71 (b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \
72 (b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \
73 (b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \
74 (b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \
75 (b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \
76 (b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \
77 (b)[(i) + 7] = (unsigned char) ( (n) ); \
78 }
79 #endif
80
81 /*
82 * Round constants
83 */
84 static const unsigned int64 K[80] = {
85 UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
86 UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
87 UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
88 UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
89 UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
90 UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
91 UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
92 UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
93 UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
94 UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
95 UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
96 UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
97 UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
98 UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
99 UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
100 UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
101 UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
102 UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
103 UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
104 UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
105 UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
106 UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
107 UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
108 UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
109 UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
110 UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
111 UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
112 UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
113 UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
114 UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
115 UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
116 UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
117 UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
118 UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
119 UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
120 UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
121 UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
122 UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
123 UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
124 UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
125 };
126
127 /*
128 * SHA-512 context setup
129 */
130 void sha4_starts(sha4_context * ctx, int is384)
131 {
132 ctx->total[0] = 0;
133 ctx->total[1] = 0;
134
135 if (is384 == 0) {
136 /* SHA-512 */
137 ctx->state[0] = UL64(0x6A09E667F3BCC908);
138 ctx->state[1] = UL64(0xBB67AE8584CAA73B);
139 ctx->state[2] = UL64(0x3C6EF372FE94F82B);
140 ctx->state[3] = UL64(0xA54FF53A5F1D36F1);
141 ctx->state[4] = UL64(0x510E527FADE682D1);
142 ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
143 ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
144 ctx->state[7] = UL64(0x5BE0CD19137E2179);
145 } else {
146 /* SHA-384 */
147 ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
148 ctx->state[1] = UL64(0x629A292A367CD507);
149 ctx->state[2] = UL64(0x9159015A3070DD17);
150 ctx->state[3] = UL64(0x152FECD8F70E5939);
151 ctx->state[4] = UL64(0x67332667FFC00B31);
152 ctx->state[5] = UL64(0x8EB44A8768581511);
153 ctx->state[6] = UL64(0xDB0C2E0D64F98FA7);
154 ctx->state[7] = UL64(0x47B5481DBEFA4FA4);
155 }
156
157 ctx->is384 = is384;
158 }
159
160 static void sha4_process(sha4_context * ctx, const unsigned char data[128])
161 {
162 int i;
163 unsigned int64 temp1, temp2, W[80];
164 unsigned int64 A, B, C, D, E, F, G, H;
165
166 #define SHR(x,n) (x >> n)
167 #define ROTR(x,n) (SHR(x,n) | (x << (64 - n)))
168
169 #define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7))
170 #define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6))
171
172 #define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
173 #define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
174
175 #define F0(x,y,z) ((x & y) | (z & (x | y)))
176 #define F1(x,y,z) (z ^ (x & (y ^ z)))
177
178 #define P(a,b,c,d,e,f,g,h,x,K) \
179 { \
180 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
181 temp2 = S2(a) + F0(a,b,c); \
182 d += temp1; h = temp1 + temp2; \
183 }
184
185 for (i = 0; i < 16; i++) {
186 GET_UINT64_BE(W[i], data, i << 3);
187 }
188
189 for (; i < 80; i++) {
190 W[i] = S1(W[i - 2]) + W[i - 7] + S0(W[i - 15]) + W[i - 16];
191 }
192
193 A = ctx->state[0];
194 B = ctx->state[1];
195 C = ctx->state[2];
196 D = ctx->state[3];
197 E = ctx->state[4];
198 F = ctx->state[5];
199 G = ctx->state[6];
200 H = ctx->state[7];
201 i = 0;
202
203 do {
204 P(A, B, C, D, E, F, G, H, W[i], K[i]);
205 i++;
206 P(H, A, B, C, D, E, F, G, W[i], K[i]);
207 i++;
208 P(G, H, A, B, C, D, E, F, W[i], K[i]);
209 i++;
210 P(F, G, H, A, B, C, D, E, W[i], K[i]);
211 i++;
212 P(E, F, G, H, A, B, C, D, W[i], K[i]);
213 i++;
214 P(D, E, F, G, H, A, B, C, W[i], K[i]);
215 i++;
216 P(C, D, E, F, G, H, A, B, W[i], K[i]);
217 i++;
218 P(B, C, D, E, F, G, H, A, W[i], K[i]);
219 i++;
220 } while (i < 80);
221
222 ctx->state[0] += A;
223 ctx->state[1] += B;
224 ctx->state[2] += C;
225 ctx->state[3] += D;
226 ctx->state[4] += E;
227 ctx->state[5] += F;
228 ctx->state[6] += G;
229 ctx->state[7] += H;
230 }
231
232 /*
233 * SHA-512 process buffer
234 */
235 void sha4_update(sha4_context * ctx, const unsigned char *input, int ilen)
236 {
237 int fill;
238 unsigned int64 left;
239
240 if (ilen <= 0)
241 return;
242
243 left = ctx->total[0] & 0x7F;
244 fill = (int)(128 - left);
245
246 ctx->total[0] += ilen;
247
248 if (ctx->total[0] < (unsigned int64)ilen)
249 ctx->total[1]++;
250
251 if (left && ilen >= fill) {
252 memcpy((void *)(ctx->buffer + left), (const void *)input, fill);
253 sha4_process(ctx, ctx->buffer);
254 input += fill;
255 ilen -= fill;
256 left = 0;
257 }
258
259 while (ilen >= 128) {
260 sha4_process(ctx, input);
261 input += 128;
262 ilen -= 128;
263 }
264
265 if (ilen > 0) {
266 memcpy((void *)(ctx->buffer + left), (const void *)input, ilen);
267 }
268 }
269
270 static const unsigned char sha4_padding[128] = {
271 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
272 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
273 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
274 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
275 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
276 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
277 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
278 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
279 };
280
281 /*
282 * SHA-512 final digest
283 */
284 void sha4_finish(sha4_context * ctx, unsigned char output[64])
285 {
286 int last, padn;
287 unsigned int64 high, low;
288 unsigned char msglen[16];
289
290 high = (ctx->total[0] >> 61)
291 | (ctx->total[1] << 3);
292 low = (ctx->total[0] << 3);
293
294 PUT_UINT64_BE(high, msglen, 0);
295 PUT_UINT64_BE(low, msglen, 8);
296
297 last = (int)(ctx->total[0] & 0x7F);
298 padn = (last < 112) ? (112 - last) : (240 - last);
299
300 sha4_update(ctx, sha4_padding, padn);
301 sha4_update(ctx, msglen, 16);
302
303 PUT_UINT64_BE(ctx->state[0], output, 0);
304 PUT_UINT64_BE(ctx->state[1], output, 8);
305 PUT_UINT64_BE(ctx->state[2], output, 16);
306 PUT_UINT64_BE(ctx->state[3], output, 24);
307 PUT_UINT64_BE(ctx->state[4], output, 32);
308 PUT_UINT64_BE(ctx->state[5], output, 40);
309
310 if (ctx->is384 == 0) {
311 PUT_UINT64_BE(ctx->state[6], output, 48);
312 PUT_UINT64_BE(ctx->state[7], output, 56);
313 }
314 }
315
316 /*
317 * output = SHA-512( input buffer )
318 */
319 void sha4(const unsigned char *input, int ilen, unsigned char output[64], int is384)
320 {
321 sha4_context ctx;
322
323 sha4_starts(&ctx, is384);
324 sha4_update(&ctx, input, ilen);
325 sha4_finish(&ctx, output);
326
327 memset(&ctx, 0, sizeof(sha4_context));
328 }
329
330 /*
331 * output = SHA-512( file contents )
332 */
333 int sha4_file(const char *path, unsigned char output[64], int is384)
334 {
335 FILE *f;
336 size_t n;
337 sha4_context ctx;
338 unsigned char buf[1024];
339
340 if ((f = fopen(path, "rb")) == NULL)
341 return (1);
342
343 sha4_starts(&ctx, is384);
344
345 while ((n = fread(buf, 1, sizeof(buf), f)) > 0)
346 sha4_update(&ctx, buf, (int)n);
347
348 sha4_finish(&ctx, output);
349
350 memset(&ctx, 0, sizeof(sha4_context));
351
352 if (ferror(f) != 0) {
353 fclose(f);
354 return (2);
355 }
356
357 fclose(f);
358 return (0);
359 }
360
361 /*
362 * SHA-512 HMAC context setup
363 */
364 void sha4_hmac_starts(sha4_context * ctx, const unsigned char *key, int keylen,
365 int is384)
366 {
367 int i;
368 unsigned char sum[64];
369
370 if (keylen > 128) {
371 sha4(key, keylen, sum, is384);
372 keylen = (is384) ? 48 : 64;
373 key = sum;
374 }
375
376 memset(ctx->ipad, 0x36, 128);
377 memset(ctx->opad, 0x5C, 128);
378
379 for (i = 0; i < keylen; i++) {
380 ctx->ipad[i] = (unsigned char)(ctx->ipad[i] ^ key[i]);
381 ctx->opad[i] = (unsigned char)(ctx->opad[i] ^ key[i]);
382 }
383
384 sha4_starts(ctx, is384);
385 sha4_update(ctx, ctx->ipad, 128);
386
387 memset(sum, 0, sizeof(sum));
388 }
389
390 /*
391 * SHA-512 HMAC process buffer
392 */
393 void sha4_hmac_update(sha4_context * ctx, const unsigned char *input, int ilen)
394 {
395 sha4_update(ctx, input, ilen);
396 }
397
398 /*
399 * SHA-512 HMAC final digest
400 */
401 void sha4_hmac_finish(sha4_context * ctx, unsigned char output[64])
402 {
403 int is384, hlen;
404 unsigned char tmpbuf[64];
405
406 is384 = ctx->is384;
407 hlen = (is384 == 0) ? 64 : 48;
408
409 sha4_finish(ctx, tmpbuf);
410 sha4_starts(ctx, is384);
411 sha4_update(ctx, ctx->opad, 128);
412 sha4_update(ctx, tmpbuf, hlen);
413 sha4_finish(ctx, output);
414
415 memset(tmpbuf, 0, sizeof(tmpbuf));
416 }
417
418 /*
419 * output = HMAC-SHA-512( hmac key, input buffer )
420 */
421 void sha4_hmac(const unsigned char *key, int keylen,
422 const unsigned char *input, int ilen,
423 unsigned char output[64], int is384)
424 {
425 sha4_context ctx;
426
427 sha4_hmac_starts(&ctx, key, keylen, is384);
428 sha4_hmac_update(&ctx, input, ilen);
429 sha4_hmac_finish(&ctx, output);
430
431 memset(&ctx, 0, sizeof(sha4_context));
432 }
433
434 #if defined(TROPICSSL_SELF_TEST)
435
436 /*
437 * FIPS-180-2 test vectors
438 */
439 static unsigned char sha4_test_buf[3][113] = {
440 {"abc"},
441 {
442 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
443 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"},
444 {""}
445 };
446
447 static const int sha4_test_buflen[3] = {
448 3, 112, 1000
449 };
450
451 static const unsigned char sha4_test_sum[6][64] = {
452 /*
453 * SHA-384 test vectors
454 */
455 {
456 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
457 0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
458 0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
459 0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED,
460 0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23,
461 0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7},
462 {
463 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8,
464 0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47,
465 0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2,
466 0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12,
467 0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9,
468 0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39},
469 {
470 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB,
471 0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C,
472 0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52,
473 0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B,
474 0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB,
475 0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85},
476
477 /*
478 * SHA-512 test vectors
479 */
480 {
481 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA,
482 0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31,
483 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
484 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A,
485 0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8,
486 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
487 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E,
488 0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F},
489 {
490 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA,
491 0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F,
492 0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1,
493 0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18,
494 0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4,
495 0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A,
496 0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54,
497 0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09},
498 {
499 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64,
500 0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63,
501 0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28,
502 0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB,
503 0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A,
504 0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B,
505 0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E,
506 0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B}
507 };
508
509 /*
510 * RFC 4231 test vectors
511 */
512 static unsigned char sha4_hmac_test_key[7][26] = {
513 {
514 "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
515 "\x0B\x0B\x0B\x0B"},
516 {"Jefe"},
517 {
518 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
519 "\xAA\xAA\xAA\xAA"},
520 {
521 "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
522 "\x11\x12\x13\x14\x15\x16\x17\x18\x19"},
523 {
524 "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
525 "\x0C\x0C\x0C\x0C"},
526 {""}, /* 0xAA 131 times */
527 {""}
528 };
529
530 static const int sha4_hmac_test_keylen[7] = {
531 20, 4, 20, 25, 20, 131, 131
532 };
533
534 static unsigned char sha4_hmac_test_buf[7][153] = {
535 {"Hi There"},
536 {"what do ya want for nothing?"},
537 {
538 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
539 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
540 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
541 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
542 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"},
543 {
544 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
545 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
546 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
547 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
548 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"},
549 {"Test With Truncation"},
550 {"Test Using Larger Than Block-Size Key - Hash Key First"},
551 {
552 "This is a test using a larger than block-size key "
553 "and a larger than block-size data. The key needs to "
554 "be hashed before being used by the HMAC algorithm."}
555 };
556
557 static const int sha4_hmac_test_buflen[7] = {
558 8, 28, 50, 50, 20, 54, 152
559 };
560
561 static const unsigned char sha4_hmac_test_sum[14][64] = {
562 /*
563 * HMAC-SHA-384 test vectors
564 */
565 {
566 0xAF, 0xD0, 0x39, 0x44, 0xD8, 0x48, 0x95, 0x62,
567 0x6B, 0x08, 0x25, 0xF4, 0xAB, 0x46, 0x90, 0x7F,
568 0x15, 0xF9, 0xDA, 0xDB, 0xE4, 0x10, 0x1E, 0xC6,
569 0x82, 0xAA, 0x03, 0x4C, 0x7C, 0xEB, 0xC5, 0x9C,
570 0xFA, 0xEA, 0x9E, 0xA9, 0x07, 0x6E, 0xDE, 0x7F,
571 0x4A, 0xF1, 0x52, 0xE8, 0xB2, 0xFA, 0x9C, 0xB6},
572 {
573 0xAF, 0x45, 0xD2, 0xE3, 0x76, 0x48, 0x40, 0x31,
574 0x61, 0x7F, 0x78, 0xD2, 0xB5, 0x8A, 0x6B, 0x1B,
575 0x9C, 0x7E, 0xF4, 0x64, 0xF5, 0xA0, 0x1B, 0x47,
576 0xE4, 0x2E, 0xC3, 0x73, 0x63, 0x22, 0x44, 0x5E,
577 0x8E, 0x22, 0x40, 0xCA, 0x5E, 0x69, 0xE2, 0xC7,
578 0x8B, 0x32, 0x39, 0xEC, 0xFA, 0xB2, 0x16, 0x49},
579 {
580 0x88, 0x06, 0x26, 0x08, 0xD3, 0xE6, 0xAD, 0x8A,
581 0x0A, 0xA2, 0xAC, 0xE0, 0x14, 0xC8, 0xA8, 0x6F,
582 0x0A, 0xA6, 0x35, 0xD9, 0x47, 0xAC, 0x9F, 0xEB,
583 0xE8, 0x3E, 0xF4, 0xE5, 0x59, 0x66, 0x14, 0x4B,
584 0x2A, 0x5A, 0xB3, 0x9D, 0xC1, 0x38, 0x14, 0xB9,
585 0x4E, 0x3A, 0xB6, 0xE1, 0x01, 0xA3, 0x4F, 0x27},
586 {
587 0x3E, 0x8A, 0x69, 0xB7, 0x78, 0x3C, 0x25, 0x85,
588 0x19, 0x33, 0xAB, 0x62, 0x90, 0xAF, 0x6C, 0xA7,
589 0x7A, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9C,
590 0xC5, 0x57, 0x7C, 0x6E, 0x1F, 0x57, 0x3B, 0x4E,
591 0x68, 0x01, 0xDD, 0x23, 0xC4, 0xA7, 0xD6, 0x79,
592 0xCC, 0xF8, 0xA3, 0x86, 0xC6, 0x74, 0xCF, 0xFB},
593 {
594 0x3A, 0xBF, 0x34, 0xC3, 0x50, 0x3B, 0x2A, 0x23,
595 0xA4, 0x6E, 0xFC, 0x61, 0x9B, 0xAE, 0xF8, 0x97},
596 {
597 0x4E, 0xCE, 0x08, 0x44, 0x85, 0x81, 0x3E, 0x90,
598 0x88, 0xD2, 0xC6, 0x3A, 0x04, 0x1B, 0xC5, 0xB4,
599 0x4F, 0x9E, 0xF1, 0x01, 0x2A, 0x2B, 0x58, 0x8F,
600 0x3C, 0xD1, 0x1F, 0x05, 0x03, 0x3A, 0xC4, 0xC6,
601 0x0C, 0x2E, 0xF6, 0xAB, 0x40, 0x30, 0xFE, 0x82,
602 0x96, 0x24, 0x8D, 0xF1, 0x63, 0xF4, 0x49, 0x52},
603 {
604 0x66, 0x17, 0x17, 0x8E, 0x94, 0x1F, 0x02, 0x0D,
605 0x35, 0x1E, 0x2F, 0x25, 0x4E, 0x8F, 0xD3, 0x2C,
606 0x60, 0x24, 0x20, 0xFE, 0xB0, 0xB8, 0xFB, 0x9A,
607 0xDC, 0xCE, 0xBB, 0x82, 0x46, 0x1E, 0x99, 0xC5,
608 0xA6, 0x78, 0xCC, 0x31, 0xE7, 0x99, 0x17, 0x6D,
609 0x38, 0x60, 0xE6, 0x11, 0x0C, 0x46, 0x52, 0x3E},
610
611 /*
612 * HMAC-SHA-512 test vectors
613 */
614 {
615 0x87, 0xAA, 0x7C, 0xDE, 0xA5, 0xEF, 0x61, 0x9D,
616 0x4F, 0xF0, 0xB4, 0x24, 0x1A, 0x1D, 0x6C, 0xB0,
617 0x23, 0x79, 0xF4, 0xE2, 0xCE, 0x4E, 0xC2, 0x78,
618 0x7A, 0xD0, 0xB3, 0x05, 0x45, 0xE1, 0x7C, 0xDE,
619 0xDA, 0xA8, 0x33, 0xB7, 0xD6, 0xB8, 0xA7, 0x02,
620 0x03, 0x8B, 0x27, 0x4E, 0xAE, 0xA3, 0xF4, 0xE4,
621 0xBE, 0x9D, 0x91, 0x4E, 0xEB, 0x61, 0xF1, 0x70,
622 0x2E, 0x69, 0x6C, 0x20, 0x3A, 0x12, 0x68, 0x54},
623 {
624 0x16, 0x4B, 0x7A, 0x7B, 0xFC, 0xF8, 0x19, 0xE2,
625 0xE3, 0x95, 0xFB, 0xE7, 0x3B, 0x56, 0xE0, 0xA3,
626 0x87, 0xBD, 0x64, 0x22, 0x2E, 0x83, 0x1F, 0xD6,
627 0x10, 0x27, 0x0C, 0xD7, 0xEA, 0x25, 0x05, 0x54,
628 0x97, 0x58, 0xBF, 0x75, 0xC0, 0x5A, 0x99, 0x4A,
629 0x6D, 0x03, 0x4F, 0x65, 0xF8, 0xF0, 0xE6, 0xFD,
630 0xCA, 0xEA, 0xB1, 0xA3, 0x4D, 0x4A, 0x6B, 0x4B,
631 0x63, 0x6E, 0x07, 0x0A, 0x38, 0xBC, 0xE7, 0x37},
632 {
633 0xFA, 0x73, 0xB0, 0x08, 0x9D, 0x56, 0xA2, 0x84,
634 0xEF, 0xB0, 0xF0, 0x75, 0x6C, 0x89, 0x0B, 0xE9,
635 0xB1, 0xB5, 0xDB, 0xDD, 0x8E, 0xE8, 0x1A, 0x36,
636 0x55, 0xF8, 0x3E, 0x33, 0xB2, 0x27, 0x9D, 0x39,
637 0xBF, 0x3E, 0x84, 0x82, 0x79, 0xA7, 0x22, 0xC8,
638 0x06, 0xB4, 0x85, 0xA4, 0x7E, 0x67, 0xC8, 0x07,
639 0xB9, 0x46, 0xA3, 0x37, 0xBE, 0xE8, 0x94, 0x26,
640 0x74, 0x27, 0x88, 0x59, 0xE1, 0x32, 0x92, 0xFB},
641 {
642 0xB0, 0xBA, 0x46, 0x56, 0x37, 0x45, 0x8C, 0x69,
643 0x90, 0xE5, 0xA8, 0xC5, 0xF6, 0x1D, 0x4A, 0xF7,
644 0xE5, 0x76, 0xD9, 0x7F, 0xF9, 0x4B, 0x87, 0x2D,
645 0xE7, 0x6F, 0x80, 0x50, 0x36, 0x1E, 0xE3, 0xDB,
646 0xA9, 0x1C, 0xA5, 0xC1, 0x1A, 0xA2, 0x5E, 0xB4,
647 0xD6, 0x79, 0x27, 0x5C, 0xC5, 0x78, 0x80, 0x63,
648 0xA5, 0xF1, 0x97, 0x41, 0x12, 0x0C, 0x4F, 0x2D,
649 0xE2, 0xAD, 0xEB, 0xEB, 0x10, 0xA2, 0x98, 0xDD},
650 {
651 0x41, 0x5F, 0xAD, 0x62, 0x71, 0x58, 0x0A, 0x53,
652 0x1D, 0x41, 0x79, 0xBC, 0x89, 0x1D, 0x87, 0xA6},
653 {
654 0x80, 0xB2, 0x42, 0x63, 0xC7, 0xC1, 0xA3, 0xEB,
655 0xB7, 0x14, 0x93, 0xC1, 0xDD, 0x7B, 0xE8, 0xB4,
656 0x9B, 0x46, 0xD1, 0xF4, 0x1B, 0x4A, 0xEE, 0xC1,
657 0x12, 0x1B, 0x01, 0x37, 0x83, 0xF8, 0xF3, 0x52,
658 0x6B, 0x56, 0xD0, 0x37, 0xE0, 0x5F, 0x25, 0x98,
659 0xBD, 0x0F, 0xD2, 0x21, 0x5D, 0x6A, 0x1E, 0x52,
660 0x95, 0xE6, 0x4F, 0x73, 0xF6, 0x3F, 0x0A, 0xEC,
661 0x8B, 0x91, 0x5A, 0x98, 0x5D, 0x78, 0x65, 0x98},
662 {
663 0xE3, 0x7B, 0x6A, 0x77, 0x5D, 0xC8, 0x7D, 0xBA,
664 0xA4, 0xDF, 0xA9, 0xF9, 0x6E, 0x5E, 0x3F, 0xFD,
665 0xDE, 0xBD, 0x71, 0xF8, 0x86, 0x72, 0x89, 0x86,
666 0x5D, 0xF5, 0xA3, 0x2D, 0x20, 0xCD, 0xC9, 0x44,
667 0xB6, 0x02, 0x2C, 0xAC, 0x3C, 0x49, 0x82, 0xB1,
668 0x0D, 0x5E, 0xEB, 0x55, 0xC3, 0xE4, 0xDE, 0x15,
669 0x13, 0x46, 0x76, 0xFB, 0x6D, 0xE0, 0x44, 0x60,
670 0x65, 0xC9, 0x74, 0x40, 0xFA, 0x8C, 0x6A, 0x58}
671 };
672
673 /*
674 * Checkup routine
675 */
676 int sha4_self_test(int verbose)
677 {
678 int i, j, k, buflen;
679 unsigned char buf[1024];
680 unsigned char sha4sum[64];
681 sha4_context ctx;
682
683 for (i = 0; i < 6; i++) {
684 j = i % 3;
685 k = i < 3;
686
687 if (verbose != 0)
688 printf(" SHA-%d test #%d: ", 512 - k * 128, j + 1);
689
690 sha4_starts(&ctx, k);
691
692 if (j == 2) {
693 memset(buf, 'a', buflen = 1000);
694
695 for (j = 0; j < 1000; j++)
696 sha4_update(&ctx, buf, buflen);
697 } else
698 sha4_update(&ctx, sha4_test_buf[j],
699 sha4_test_buflen[j]);
700
701 sha4_finish(&ctx, sha4sum);
702
703 if (memcmp(sha4sum, sha4_test_sum[i], 64 - k * 16) != 0) {
704 if (verbose != 0)
705 printf("failed\n");
706
707 return (1);
708 }
709
710 if (verbose != 0)
711 printf("passed\n");
712 }
713
714 if (verbose != 0)
715 printf("\n");
716
717 for (i = 0; i < 14; i++) {
718 j = i % 7;
719 k = i < 7;
720
721 if (verbose != 0)
722 printf(" HMAC-SHA-%d test #%d: ", 512 - k * 128,
723 j + 1);
724
725 if (j == 5 || j == 6) {
726 memset(buf, '\xAA', buflen = 131);
727 sha4_hmac_starts(&ctx, buf, buflen, k);
728 } else
729 sha4_hmac_starts(&ctx, sha4_hmac_test_key[j],
730 sha4_hmac_test_keylen[j], k);
731
732 sha4_hmac_update(&ctx, sha4_hmac_test_buf[j],
733 sha4_hmac_test_buflen[j]);
734
735 sha4_hmac_finish(&ctx, sha4sum);
736
737 buflen = (j == 4) ? 16 : 64 - k * 16;
738
739 if (memcmp(sha4sum, sha4_hmac_test_sum[i], buflen) != 0) {
740 if (verbose != 0)
741 printf("failed\n");
742
743 return (1);
744 }
745
746 if (verbose != 0)
747 printf("passed\n");
748 }
749
750 if (verbose != 0)
751 printf("\n");
752
753 return (0);
754 }
755
756 #endif
757
758 #endif
fork of last BSD polarssl