mirror of
https://github.com/jakcron/nstool
synced 2024-11-14 01:36:41 +00:00
[fnd|polarssl] Added rsa-pss sign support.
This commit is contained in:
parent
3707969d7b
commit
bba9d21a47
13 changed files with 2482 additions and 14 deletions
|
@ -114,7 +114,7 @@ namespace fnd
|
|||
//int rsaSign(const sRsa1024Key& key, sha::HashType hash_type, const uint8_t* hash, uint8_t signature[kRsa1024Size]);
|
||||
//int rsaVerify(const sRsa1024Key& key, sha::HashType hash_type, const uint8_t* hash, const uint8_t signature[kRsa1024Size]);
|
||||
// rsa2048
|
||||
//int rsaSign(const sRsa2048Key& key, sha::HashType hash_type, const uint8_t* hash, uint8_t signature[kRsa2048Size]);
|
||||
int rsaSign(const sRsa2048Key& key, sha::HashType hash_type, const uint8_t* hash, uint8_t signature[kRsa2048Size]);
|
||||
int rsaVerify(const sRsa2048Key& key, sha::HashType hash_type, const uint8_t* hash, const uint8_t signature[kRsa2048Size]);
|
||||
// rsa4096
|
||||
//int rsaSign(const sRsa4096Key& key, sha::HashType hash_type, const uint8_t* hash, uint8_t signature[kRsa4096Size]);
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
#include <fnd/rsa.h>
|
||||
#include <polarssl/rsa.h>
|
||||
#include <polarssl/md.h>
|
||||
#include <polarssl/entropy.h>
|
||||
#include <polarssl/ctr_drbg.h>
|
||||
|
||||
using namespace fnd::rsa;
|
||||
using namespace fnd::sha;
|
||||
|
@ -165,6 +167,33 @@ int fnd::rsa::pkcs::rsaVerify(const sRsa4096Key & key, HashType hash_type, const
|
|||
return ret;
|
||||
}
|
||||
|
||||
int fnd::rsa::pss::rsaSign(const sRsa2048Key & key, HashType hash_type, const uint8_t * hash, uint8_t signature[kRsa2048Size])
|
||||
{
|
||||
int ret;
|
||||
const char* pers = "fnd::rsa::pss::rsaSign";
|
||||
|
||||
// rsa
|
||||
rsa_context rsa;
|
||||
rsa_init(&rsa, RSA_PKCS_V21, getMdWrappedHashType(hash_type));
|
||||
rsa.len = kRsa2048Size;
|
||||
mpi_read_binary(&rsa.D, key.priv_exponent, rsa.len);
|
||||
mpi_read_binary(&rsa.N, key.modulus, rsa.len);
|
||||
|
||||
entropy_context entropy;
|
||||
entropy_init(&entropy);
|
||||
|
||||
ctr_drbg_context ctr_drbg;
|
||||
ctr_drbg_init(&ctr_drbg, entropy_func, &entropy, (const uint8_t*)pers, strlen(pers));
|
||||
|
||||
ret = rsa_rsassa_pss_sign(&rsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, getWrappedHashType(hash_type), getWrappedHashSize(hash_type), hash, signature);
|
||||
|
||||
rsa_free(&rsa);
|
||||
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
int fnd::rsa::pss::rsaVerify(const sRsa2048Key & key, HashType hash_type, const uint8_t * hash, const uint8_t signature[kRsa2048Size])
|
||||
{
|
||||
static const uint8_t public_exponent[3] = { 0x01, 0x00, 0x01 };
|
||||
|
|
|
@ -506,7 +506,7 @@
|
|||
*
|
||||
* This module provides the CTR_DRBG AES-256 random number generator.
|
||||
*/
|
||||
//#define POLARSSL_CTR_DRBG_C
|
||||
#define POLARSSL_CTR_DRBG_C
|
||||
|
||||
/**
|
||||
* \def POLARSSL_DEBUG_C
|
||||
|
@ -578,7 +578,7 @@
|
|||
*
|
||||
* This module provides a generic entropy pool
|
||||
*/
|
||||
//#define POLARSSL_ENTROPY_C
|
||||
#define POLARSSL_ENTROPY_C
|
||||
|
||||
/**
|
||||
* \def POLARSSL_ERROR_C
|
||||
|
@ -838,7 +838,7 @@
|
|||
*
|
||||
* This module adds support for SHA-384 and SHA-512.
|
||||
*/
|
||||
//#define POLARSSL_SHA4_C
|
||||
#define POLARSSL_SHA4_C
|
||||
|
||||
/**
|
||||
* \def POLARSSL_SSL_CACHE_C
|
||||
|
|
234
lib/libpolarssl/include/polarssl/ctr_drbg.h
Normal file
234
lib/libpolarssl/include/polarssl/ctr_drbg.h
Normal file
|
@ -0,0 +1,234 @@
|
|||
/**
|
||||
* \file ctr_drbg.h
|
||||
*
|
||||
* \brief CTR_DRBG based on AES-256 (NIST SP 800-90)
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
*
|
||||
* This file is part of mbed TLS (https://polarssl.org)
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
#ifndef POLARSSL_CTR_DRBG_H
|
||||
#define POLARSSL_CTR_DRBG_H
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "aes.h"
|
||||
|
||||
#define POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 /**< The entropy source failed. */
|
||||
#define POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036 /**< Too many random requested in single call. */
|
||||
#define POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 /**< Input too large (Entropy + additional). */
|
||||
#define POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read/write error in file. */
|
||||
|
||||
#define CTR_DRBG_BLOCKSIZE 16 /**< Block size used by the cipher */
|
||||
#define CTR_DRBG_KEYSIZE 32 /**< Key size used by the cipher */
|
||||
#define CTR_DRBG_KEYBITS ( CTR_DRBG_KEYSIZE * 8 )
|
||||
#define CTR_DRBG_SEEDLEN ( CTR_DRBG_KEYSIZE + CTR_DRBG_BLOCKSIZE )
|
||||
/**< The seed length (counter + AES key) */
|
||||
|
||||
#if !defined(POLARSSL_CONFIG_OPTIONS)
|
||||
#define CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default */
|
||||
#define CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
|
||||
#define CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
|
||||
#define CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
|
||||
#define CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
|
||||
#endif /* !POLARSSL_CONFIG_OPTIONS */
|
||||
|
||||
#define CTR_DRBG_PR_OFF 0 /**< No prediction resistance */
|
||||
#define CTR_DRBG_PR_ON 1 /**< Prediction resistance enabled */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG context structure
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
unsigned char counter[16]; /*!< counter (V) */
|
||||
int reseed_counter; /*!< reseed counter */
|
||||
int prediction_resistance; /*!< enable prediction resistance (Automatic
|
||||
reseed before every random generation) */
|
||||
size_t entropy_len; /*!< amount of entropy grabbed on each (re)seed */
|
||||
int reseed_interval; /*!< reseed interval */
|
||||
|
||||
aes_context aes_ctx; /*!< AES context */
|
||||
|
||||
/*
|
||||
* Callbacks (Entropy)
|
||||
*/
|
||||
int (*f_entropy)(void *, unsigned char *, size_t);
|
||||
|
||||
void *p_entropy; /*!< context for the entropy function */
|
||||
}
|
||||
ctr_drbg_context;
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG initialization
|
||||
*
|
||||
* Note: Personalization data can be provided in addition to the more generic
|
||||
* entropy source to make this instantiation as unique as possible.
|
||||
*
|
||||
* \param ctx CTR_DRBG context to be initialized
|
||||
* \param f_entropy Entropy callback (p_entropy, buffer to fill, buffer
|
||||
* length)
|
||||
* \param p_entropy Entropy context
|
||||
* \param custom Personalization data (Device specific identifiers)
|
||||
* (Can be NULL)
|
||||
* \param len Length of personalization data
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
|
||||
*/
|
||||
int ctr_drbg_init( ctr_drbg_context *ctx,
|
||||
int (*f_entropy)(void *, unsigned char *, size_t),
|
||||
void *p_entropy,
|
||||
const unsigned char *custom,
|
||||
size_t len );
|
||||
|
||||
/**
|
||||
* \brief Enable / disable prediction resistance (Default: Off)
|
||||
*
|
||||
* Note: If enabled, entropy is used for ctx->entropy_len before each call!
|
||||
* Only use this if you have ample supply of good entropy!
|
||||
*
|
||||
* \param ctx CTR_DRBG context
|
||||
* \param resistance CTR_DRBG_PR_ON or CTR_DRBG_PR_OFF
|
||||
*/
|
||||
void ctr_drbg_set_prediction_resistance( ctr_drbg_context *ctx,
|
||||
int resistance );
|
||||
|
||||
/**
|
||||
* \brief Set the amount of entropy grabbed on each (re)seed
|
||||
* (Default: CTR_DRBG_ENTROPY_LEN)
|
||||
*
|
||||
* \param ctx CTR_DRBG context
|
||||
* \param len Amount of entropy to grab
|
||||
*/
|
||||
void ctr_drbg_set_entropy_len( ctr_drbg_context *ctx,
|
||||
size_t len );
|
||||
|
||||
/**
|
||||
* \brief Set the reseed interval
|
||||
* (Default: CTR_DRBG_RESEED_INTERVAL)
|
||||
*
|
||||
* \param ctx CTR_DRBG context
|
||||
* \param interval Reseed interval
|
||||
*/
|
||||
void ctr_drbg_set_reseed_interval( ctr_drbg_context *ctx,
|
||||
int interval );
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG reseeding (extracts data from entropy source)
|
||||
*
|
||||
* \param ctx CTR_DRBG context
|
||||
* \param additional Additional data to add to state (Can be NULL)
|
||||
* \param len Length of additional data
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
|
||||
*/
|
||||
int ctr_drbg_reseed( ctr_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t len );
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG update state
|
||||
*
|
||||
* \param ctx CTR_DRBG context
|
||||
* \param additional Additional data to update state with
|
||||
* \param add_len Length of additional data
|
||||
*
|
||||
* \note If add_len is greater than CTR_DRBG_MAX_SEED_INPUT,
|
||||
* only the first CTR_DRBG_MAX_SEED_INPUT bytes are used,
|
||||
* the remaining ones are silently discarded.
|
||||
*/
|
||||
void ctr_drbg_update( ctr_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t add_len );
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG generate random with additional update input
|
||||
*
|
||||
* Note: Automatically reseeds if reseed_counter is reached.
|
||||
*
|
||||
* \param p_rng CTR_DRBG context
|
||||
* \param output Buffer to fill
|
||||
* \param output_len Length of the buffer
|
||||
* \param additional Additional data to update with (Can be NULL)
|
||||
* \param add_len Length of additional data
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or
|
||||
* POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG
|
||||
*/
|
||||
int ctr_drbg_random_with_add( void *p_rng,
|
||||
unsigned char *output, size_t output_len,
|
||||
const unsigned char *additional, size_t add_len );
|
||||
|
||||
/**
|
||||
* \brief CTR_DRBG generate random
|
||||
*
|
||||
* Note: Automatically reseeds if reseed_counter is reached.
|
||||
*
|
||||
* \param p_rng CTR_DRBG context
|
||||
* \param output Buffer to fill
|
||||
* \param output_len Length of the buffer
|
||||
*
|
||||
* \return 0 if successful, or
|
||||
* POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or
|
||||
* POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG
|
||||
*/
|
||||
int ctr_drbg_random( void *p_rng,
|
||||
unsigned char *output, size_t output_len );
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
/**
|
||||
* \brief Write a seed file
|
||||
*
|
||||
* \param path Name of the file
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or
|
||||
* POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
|
||||
*/
|
||||
int ctr_drbg_write_seed_file( ctr_drbg_context *ctx, const char *path );
|
||||
|
||||
/**
|
||||
* \brief Read and update a seed file. Seed is added to this
|
||||
* instance
|
||||
*
|
||||
* \param path Name of the file
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR on file error,
|
||||
* POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
|
||||
* POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG
|
||||
*/
|
||||
int ctr_drbg_update_seed_file( ctr_drbg_context *ctx, const char *path );
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*/
|
||||
int ctr_drbg_self_test( int verbose );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* ctr_drbg.h */
|
180
lib/libpolarssl/include/polarssl/entropy.h
Normal file
180
lib/libpolarssl/include/polarssl/entropy.h
Normal file
|
@ -0,0 +1,180 @@
|
|||
/**
|
||||
* \file entropy.h
|
||||
*
|
||||
* \brief Entropy accumulator implementation
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
*
|
||||
* This file is part of mbed TLS (https://polarssl.org)
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
#ifndef POLARSSL_ENTROPY_H
|
||||
#define POLARSSL_ENTROPY_H
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#include "sha4.h"
|
||||
#if defined(POLARSSL_HAVEGE_C)
|
||||
#include "havege.h"
|
||||
#endif
|
||||
|
||||
#define POLARSSL_ERR_ENTROPY_SOURCE_FAILED -0x003C /**< Critical entropy source failure. */
|
||||
#define POLARSSL_ERR_ENTROPY_MAX_SOURCES -0x003E /**< No more sources can be added. */
|
||||
#define POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040 /**< No sources have been added to poll. */
|
||||
#define POLARSSL_ERR_ENTROPY_FILE_IO_ERROR -0x0058 /**< Read/write error in file. */
|
||||
|
||||
#if !defined(POLARSSL_CONFIG_OPTIONS)
|
||||
#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
|
||||
#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
|
||||
#endif /* !POLARSSL_CONFIG_OPTIONS */
|
||||
|
||||
#define ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */
|
||||
|
||||
#define ENTROPY_MAX_SEED_SIZE 1024 /**< Maximum size of seed we read from seed file */
|
||||
#define ENTROPY_SOURCE_MANUAL ENTROPY_MAX_SOURCES
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Entropy poll callback pointer
|
||||
*
|
||||
* \param data Callback-specific data pointer
|
||||
* \param output Data to fill
|
||||
* \param len Maximum size to provide
|
||||
* \param olen The actual amount of bytes put into the buffer (Can be 0)
|
||||
*
|
||||
* \return 0 if no critical failures occurred,
|
||||
* POLARSSL_ERR_ENTROPY_SOURCE_FAILED otherwise
|
||||
*/
|
||||
typedef int (*f_source_ptr)(void *data, unsigned char *output, size_t len, size_t *olen);
|
||||
|
||||
/**
|
||||
* \brief Entropy source state
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
f_source_ptr f_source; /**< The entropy source callback */
|
||||
void * p_source; /**< The callback data pointer */
|
||||
size_t size; /**< Amount received */
|
||||
size_t threshold; /**< Minimum level required before release */
|
||||
}
|
||||
source_state;
|
||||
|
||||
/**
|
||||
* \brief Entropy context structure
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
sha4_context accumulator;
|
||||
int source_count;
|
||||
source_state source[ENTROPY_MAX_SOURCES];
|
||||
#if defined(POLARSSL_HAVEGE_C)
|
||||
havege_state havege_data;
|
||||
#endif
|
||||
}
|
||||
entropy_context;
|
||||
|
||||
/**
|
||||
* \brief Initialize the context
|
||||
*
|
||||
* \param ctx Entropy context to initialize
|
||||
*/
|
||||
void entropy_init( entropy_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Adds an entropy source to poll
|
||||
*
|
||||
* \param ctx Entropy context
|
||||
* \param f_source Entropy function
|
||||
* \param p_source Function data
|
||||
* \param threshold Minimum required from source before entropy is released
|
||||
* ( with entropy_func() )
|
||||
*
|
||||
* \return 0 if successful or POLARSSL_ERR_ENTROPY_MAX_SOURCES
|
||||
*/
|
||||
int entropy_add_source( entropy_context *ctx,
|
||||
f_source_ptr f_source, void *p_source,
|
||||
size_t threshold );
|
||||
|
||||
/**
|
||||
* \brief Trigger an extra gather poll for the accumulator
|
||||
*
|
||||
* \param ctx Entropy context
|
||||
*
|
||||
* \return 0 if successful, or POLARSSL_ERR_ENTROPY_SOURCE_FAILED
|
||||
*/
|
||||
int entropy_gather( entropy_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Retrieve entropy from the accumulator (Max ENTROPY_BLOCK_SIZE)
|
||||
*
|
||||
* \param data Entropy context
|
||||
* \param output Buffer to fill
|
||||
* \param len Length of buffer
|
||||
*
|
||||
* \return 0 if successful, or POLARSSL_ERR_ENTROPY_SOURCE_FAILED
|
||||
*/
|
||||
int entropy_func( void *data, unsigned char *output, size_t len );
|
||||
|
||||
/**
|
||||
* \brief Add data to the accumulator manually
|
||||
*
|
||||
* \param ctx Entropy context
|
||||
* \param data Data to add
|
||||
* \param len Length of data
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int entropy_update_manual( entropy_context *ctx,
|
||||
const unsigned char *data, size_t len );
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
/**
|
||||
* \brief Write a seed file
|
||||
*
|
||||
* \param ctx Entropy context
|
||||
* \param path Name of the file
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* POLARSSL_ERR_ENTROPY_FILE_IO_ERROR on file error, or
|
||||
* POLARSSL_ERR_ENTROPY_SOURCE_FAILED
|
||||
*/
|
||||
int entropy_write_seed_file( entropy_context *ctx, const char *path );
|
||||
|
||||
/**
|
||||
* \brief Read and update a seed file. Seed is added to this
|
||||
* instance. No more than ENTROPY_MAX_SEED_SIZE bytes are
|
||||
* read from the seed file. The rest is ignored.
|
||||
*
|
||||
* \param ctx Entropy context
|
||||
* \param path Name of the file
|
||||
*
|
||||
* \return 0 if successful,
|
||||
* POLARSSL_ERR_ENTROPY_FILE_IO_ERROR on file error,
|
||||
* POLARSSL_ERR_ENTROPY_SOURCE_FAILED
|
||||
*/
|
||||
int entropy_update_seed_file( entropy_context *ctx, const char *path );
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* entropy.h */
|
72
lib/libpolarssl/include/polarssl/entropy_poll.h
Normal file
72
lib/libpolarssl/include/polarssl/entropy_poll.h
Normal file
|
@ -0,0 +1,72 @@
|
|||
/**
|
||||
* \file entropy_poll.h
|
||||
*
|
||||
* \brief Platform-specific and custom entropy polling functions
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
*
|
||||
* This file is part of mbed TLS (https://polarssl.org)
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
#ifndef POLARSSL_ENTROPY_POLL_H
|
||||
#define POLARSSL_ENTROPY_POLL_H
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Default thresholds for built-in sources
|
||||
*/
|
||||
#define ENTROPY_MIN_PLATFORM 128 /**< Minimum for platform source */
|
||||
#define ENTROPY_MIN_HAVEGE 128 /**< Minimum for HAVEGE */
|
||||
#define ENTROPY_MIN_HARDCLOCK 32 /**< Minimum for hardclock() */
|
||||
|
||||
#if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
|
||||
/**
|
||||
* \brief Platform-specific entropy poll callback
|
||||
*/
|
||||
int platform_entropy_poll( void *data,
|
||||
unsigned char *output, size_t len, size_t *olen );
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_HAVEGE_C)
|
||||
/**
|
||||
* \brief HAVEGE based entropy poll callback
|
||||
*
|
||||
* Requires an HAVEGE state as its data pointer.
|
||||
*/
|
||||
int havege_poll( void *data,
|
||||
unsigned char *output, size_t len, size_t *olen );
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_TIMING_C)
|
||||
/**
|
||||
* \brief hardclock-based entropy poll callback
|
||||
*/
|
||||
int hardclock_poll( void *data,
|
||||
unsigned char *output, size_t len, size_t *olen );
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* entropy_poll.h */
|
183
lib/libpolarssl/include/polarssl/sha4.h
Normal file
183
lib/libpolarssl/include/polarssl/sha4.h
Normal file
|
@ -0,0 +1,183 @@
|
|||
/**
|
||||
* \file sha4.h
|
||||
*
|
||||
* \brief SHA-384 and SHA-512 cryptographic hash function
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
*
|
||||
* This file is part of mbed TLS (https://polarssl.org)
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
#ifndef POLARSSL_SHA4_H
|
||||
#define POLARSSL_SHA4_H
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(_MSC_VER) || defined(__WATCOMC__)
|
||||
#define UL64(x) x##ui64
|
||||
typedef unsigned __int64 uint64_t;
|
||||
#else
|
||||
#include <inttypes.h>
|
||||
#define UL64(x) x##ULL
|
||||
#endif
|
||||
|
||||
#define POLARSSL_ERR_SHA4_FILE_IO_ERROR -0x007A /**< Read/write error in file. */
|
||||
|
||||
#if !defined(POLARSSL_SHA1_ALT)
|
||||
// Regular implementation
|
||||
//
|
||||
|
||||
/**
|
||||
* \brief SHA-512 context structure
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
uint64_t total[2]; /*!< number of bytes processed */
|
||||
uint64_t state[8]; /*!< intermediate digest state */
|
||||
unsigned char buffer[128]; /*!< data block being processed */
|
||||
|
||||
unsigned char ipad[128]; /*!< HMAC: inner padding */
|
||||
unsigned char opad[128]; /*!< HMAC: outer padding */
|
||||
int is384; /*!< 0 => SHA-512, else SHA-384 */
|
||||
}
|
||||
sha4_context;
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief SHA-512 context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
* \param is384 0 = use SHA512, 1 = use SHA384
|
||||
*/
|
||||
void sha4_starts( sha4_context *ctx, int is384 );
|
||||
|
||||
/**
|
||||
* \brief SHA-512 process buffer
|
||||
*
|
||||
* \param ctx SHA-512 context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*/
|
||||
void sha4_update( sha4_context *ctx, const unsigned char *input, size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief SHA-512 final digest
|
||||
*
|
||||
* \param ctx SHA-512 context
|
||||
* \param output SHA-384/512 checksum result
|
||||
*/
|
||||
void sha4_finish( sha4_context *ctx, unsigned char output[64] );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* POLARSSL_SHA4_ALT */
|
||||
#include "sha4_alt.h"
|
||||
#endif /* POLARSSL_SHA4_ALT */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief Output = SHA-512( input buffer )
|
||||
*
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output SHA-384/512 checksum result
|
||||
* \param is384 0 = use SHA512, 1 = use SHA384
|
||||
*/
|
||||
void sha4( const unsigned char *input, size_t ilen,
|
||||
unsigned char output[64], int is384 );
|
||||
|
||||
/**
|
||||
* \brief Output = SHA-512( file contents )
|
||||
*
|
||||
* \param path input file name
|
||||
* \param output SHA-384/512 checksum result
|
||||
* \param is384 0 = use SHA512, 1 = use SHA384
|
||||
*
|
||||
* \return 0 if successful, or POLARSSL_ERR_SHA4_FILE_IO_ERROR
|
||||
*/
|
||||
int sha4_file( const char *path, unsigned char output[64], int is384 );
|
||||
|
||||
/**
|
||||
* \brief SHA-512 HMAC context setup
|
||||
*
|
||||
* \param ctx HMAC context to be initialized
|
||||
* \param is384 0 = use SHA512, 1 = use SHA384
|
||||
* \param key HMAC secret key
|
||||
* \param keylen length of the HMAC key
|
||||
*/
|
||||
void sha4_hmac_starts( sha4_context *ctx, const unsigned char *key, size_t keylen,
|
||||
int is384 );
|
||||
|
||||
/**
|
||||
* \brief SHA-512 HMAC process buffer
|
||||
*
|
||||
* \param ctx HMAC context
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
*/
|
||||
void sha4_hmac_update( sha4_context *ctx, const unsigned char *input, size_t ilen );
|
||||
|
||||
/**
|
||||
* \brief SHA-512 HMAC final digest
|
||||
*
|
||||
* \param ctx HMAC context
|
||||
* \param output SHA-384/512 HMAC checksum result
|
||||
*/
|
||||
void sha4_hmac_finish( sha4_context *ctx, unsigned char output[64] );
|
||||
|
||||
/**
|
||||
* \brief SHA-512 HMAC context reset
|
||||
*
|
||||
* \param ctx HMAC context to be reset
|
||||
*/
|
||||
void sha4_hmac_reset( sha4_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Output = HMAC-SHA-512( hmac key, input buffer )
|
||||
*
|
||||
* \param key HMAC secret key
|
||||
* \param keylen length of the HMAC key
|
||||
* \param input buffer holding the data
|
||||
* \param ilen length of the input data
|
||||
* \param output HMAC-SHA-384/512 result
|
||||
* \param is384 0 = use SHA512, 1 = use SHA384
|
||||
*/
|
||||
void sha4_hmac( const unsigned char *key, size_t keylen,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char output[64], int is384 );
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
* \return 0 if successful, or 1 if the test failed
|
||||
*/
|
||||
int sha4_self_test( int verbose );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* sha4.h */
|
|
@ -117,30 +117,38 @@
|
|||
<OptimizeReferences>true</OptimizeReferences>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemGroup>
|
||||
<None Include="makefile" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="include\polarssl\aes.h" />
|
||||
<ClInclude Include="include\polarssl\base64.h" />
|
||||
<ClInclude Include="include\polarssl\bignum.h" />
|
||||
<ClInclude Include="include\polarssl\bn_mul.h" />
|
||||
<ClInclude Include="include\polarssl\config.h" />
|
||||
<ClInclude Include="include\polarssl\ctr_drbg.h" />
|
||||
<ClInclude Include="include\polarssl\entropy.h" />
|
||||
<ClInclude Include="include\polarssl\entropy_poll.h" />
|
||||
<ClInclude Include="include\polarssl\md.h" />
|
||||
<ClInclude Include="include\polarssl\md_wrap.h" />
|
||||
<ClInclude Include="include\polarssl\rsa.h" />
|
||||
<ClInclude Include="include\polarssl\sha1.h" />
|
||||
<ClInclude Include="include\polarssl\sha2.h" />
|
||||
<ClInclude Include="include\polarssl\sha4.h" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="source\aes.c" />
|
||||
<ClCompile Include="source\base64.c" />
|
||||
<ClCompile Include="source\bignum.c" />
|
||||
<ClCompile Include="source\ctr_drbg.c" />
|
||||
<ClCompile Include="source\entropy.c" />
|
||||
<ClCompile Include="source\entropy_poll.c" />
|
||||
<ClCompile Include="source\md.c" />
|
||||
<ClCompile Include="source\md_wrap.c" />
|
||||
<ClCompile Include="source\rsa.c" />
|
||||
<ClCompile Include="source\sha1.c" />
|
||||
<ClCompile Include="source\sha2.c" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<None Include="makefile" />
|
||||
<ClCompile Include="source\sha4.c" />
|
||||
</ItemGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||
<ImportGroup Label="ExtensionTargets">
|
||||
|
|
|
@ -14,6 +14,9 @@
|
|||
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
|
||||
</Filter>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<None Include="makefile" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="include\polarssl\aes.h">
|
||||
<Filter>Header Files</Filter>
|
||||
|
@ -30,6 +33,21 @@
|
|||
<ClInclude Include="include\polarssl\config.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="include\polarssl\ctr_drbg.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="include\polarssl\entropy.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="include\polarssl\entropy_poll.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="include\polarssl\md.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="include\polarssl\md_wrap.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="include\polarssl\rsa.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
|
@ -39,10 +57,7 @@
|
|||
<ClInclude Include="include\polarssl\sha2.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="include\polarssl\md.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="include\polarssl\md_wrap.h">
|
||||
<ClInclude Include="include\polarssl\sha4.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
|
@ -56,6 +71,15 @@
|
|||
<ClCompile Include="source\bignum.c">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="source\ctr_drbg.c">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="source\entropy.c">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="source\entropy_poll.c">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="source\md.c">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
|
@ -71,8 +95,8 @@
|
|||
<ClCompile Include="source\sha2.c">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<None Include="makefile" />
|
||||
<ClCompile Include="source\sha4.c">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
</Project>
|
582
lib/libpolarssl/source/ctr_drbg.c
Normal file
582
lib/libpolarssl/source/ctr_drbg.c
Normal file
|
@ -0,0 +1,582 @@
|
|||
/*
|
||||
* CTR_DRBG implementation based on AES-256 (NIST SP 800-90)
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
*
|
||||
* This file is part of mbed TLS (https://polarssl.org)
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
/*
|
||||
* The NIST SP 800-90 DRBGs are described in the following publucation.
|
||||
*
|
||||
* http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf
|
||||
*/
|
||||
|
||||
#include "polarssl/config.h"
|
||||
|
||||
#if defined(POLARSSL_CTR_DRBG_C)
|
||||
|
||||
#include "polarssl/ctr_drbg.h"
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
#include <stdio.h>
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Non-public function wrapped by ctr_crbg_init(). Necessary to allow NIST
|
||||
* tests to succeed (which require known length fixed entropy)
|
||||
*/
|
||||
int ctr_drbg_init_entropy_len(
|
||||
ctr_drbg_context *ctx,
|
||||
int (*f_entropy)(void *, unsigned char *, size_t),
|
||||
void *p_entropy,
|
||||
const unsigned char *custom,
|
||||
size_t len,
|
||||
size_t entropy_len );
|
||||
|
||||
int ctr_drbg_init_entropy_len(
|
||||
ctr_drbg_context *ctx,
|
||||
int (*f_entropy)(void *, unsigned char *, size_t),
|
||||
void *p_entropy,
|
||||
const unsigned char *custom,
|
||||
size_t len,
|
||||
size_t entropy_len )
|
||||
{
|
||||
int ret;
|
||||
unsigned char key[CTR_DRBG_KEYSIZE];
|
||||
|
||||
memset( ctx, 0, sizeof(ctr_drbg_context) );
|
||||
memset( key, 0, CTR_DRBG_KEYSIZE );
|
||||
|
||||
ctx->f_entropy = f_entropy;
|
||||
ctx->p_entropy = p_entropy;
|
||||
|
||||
ctx->entropy_len = entropy_len;
|
||||
ctx->reseed_interval = CTR_DRBG_RESEED_INTERVAL;
|
||||
|
||||
/*
|
||||
* Initialize with an empty key
|
||||
*/
|
||||
aes_setkey_enc( &ctx->aes_ctx, key, CTR_DRBG_KEYBITS );
|
||||
|
||||
if( ( ret = ctr_drbg_reseed( ctx, custom, len ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int ctr_drbg_init( ctr_drbg_context *ctx,
|
||||
int (*f_entropy)(void *, unsigned char *, size_t),
|
||||
void *p_entropy,
|
||||
const unsigned char *custom,
|
||||
size_t len )
|
||||
{
|
||||
return( ctr_drbg_init_entropy_len( ctx, f_entropy, p_entropy, custom, len,
|
||||
CTR_DRBG_ENTROPY_LEN ) );
|
||||
}
|
||||
|
||||
void ctr_drbg_set_prediction_resistance( ctr_drbg_context *ctx, int resistance )
|
||||
{
|
||||
ctx->prediction_resistance = resistance;
|
||||
}
|
||||
|
||||
void ctr_drbg_set_entropy_len( ctr_drbg_context *ctx, size_t len )
|
||||
{
|
||||
ctx->entropy_len = len;
|
||||
}
|
||||
|
||||
void ctr_drbg_set_reseed_interval( ctr_drbg_context *ctx, int interval )
|
||||
{
|
||||
ctx->reseed_interval = interval;
|
||||
}
|
||||
|
||||
static int block_cipher_df( unsigned char *output,
|
||||
const unsigned char *data, size_t data_len )
|
||||
{
|
||||
unsigned char buf[CTR_DRBG_MAX_SEED_INPUT + CTR_DRBG_BLOCKSIZE + 16];
|
||||
unsigned char tmp[CTR_DRBG_SEEDLEN];
|
||||
unsigned char key[CTR_DRBG_KEYSIZE];
|
||||
unsigned char chain[CTR_DRBG_BLOCKSIZE];
|
||||
unsigned char *p, *iv;
|
||||
aes_context aes_ctx;
|
||||
|
||||
int i, j, buf_len, use_len;
|
||||
|
||||
if( data_len > CTR_DRBG_MAX_SEED_INPUT )
|
||||
return( POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG );
|
||||
|
||||
memset( buf, 0, CTR_DRBG_MAX_SEED_INPUT + CTR_DRBG_BLOCKSIZE + 16 );
|
||||
|
||||
/*
|
||||
* Construct IV (16 bytes) and S in buffer
|
||||
* IV = Counter (in 32-bits) padded to 16 with zeroes
|
||||
* S = Length input string (in 32-bits) || Length of output (in 32-bits) ||
|
||||
* data || 0x80
|
||||
* (Total is padded to a multiple of 16-bytes with zeroes)
|
||||
*/
|
||||
p = buf + CTR_DRBG_BLOCKSIZE;
|
||||
*p++ = ( data_len >> 24 ) & 0xff;
|
||||
*p++ = ( data_len >> 16 ) & 0xff;
|
||||
*p++ = ( data_len >> 8 ) & 0xff;
|
||||
*p++ = ( data_len ) & 0xff;
|
||||
p += 3;
|
||||
*p++ = CTR_DRBG_SEEDLEN;
|
||||
memcpy( p, data, data_len );
|
||||
p[data_len] = 0x80;
|
||||
|
||||
buf_len = CTR_DRBG_BLOCKSIZE + 8 + data_len + 1;
|
||||
|
||||
for( i = 0; i < CTR_DRBG_KEYSIZE; i++ )
|
||||
key[i] = i;
|
||||
|
||||
aes_setkey_enc( &aes_ctx, key, CTR_DRBG_KEYBITS );
|
||||
|
||||
/*
|
||||
* Reduce data to POLARSSL_CTR_DRBG_SEEDLEN bytes of data
|
||||
*/
|
||||
for( j = 0; j < CTR_DRBG_SEEDLEN; j += CTR_DRBG_BLOCKSIZE )
|
||||
{
|
||||
p = buf;
|
||||
memset( chain, 0, CTR_DRBG_BLOCKSIZE );
|
||||
use_len = buf_len;
|
||||
|
||||
while( use_len > 0 )
|
||||
{
|
||||
for( i = 0; i < CTR_DRBG_BLOCKSIZE; i++ )
|
||||
chain[i] ^= p[i];
|
||||
p += CTR_DRBG_BLOCKSIZE;
|
||||
use_len -= CTR_DRBG_BLOCKSIZE;
|
||||
|
||||
aes_crypt_ecb( &aes_ctx, AES_ENCRYPT, chain, chain );
|
||||
}
|
||||
|
||||
memcpy( tmp + j, chain, CTR_DRBG_BLOCKSIZE );
|
||||
|
||||
/*
|
||||
* Update IV
|
||||
*/
|
||||
buf[3]++;
|
||||
}
|
||||
|
||||
/*
|
||||
* Do final encryption with reduced data
|
||||
*/
|
||||
aes_setkey_enc( &aes_ctx, tmp, CTR_DRBG_KEYBITS );
|
||||
iv = tmp + CTR_DRBG_KEYSIZE;
|
||||
p = output;
|
||||
|
||||
for( j = 0; j < CTR_DRBG_SEEDLEN; j += CTR_DRBG_BLOCKSIZE )
|
||||
{
|
||||
aes_crypt_ecb( &aes_ctx, AES_ENCRYPT, iv, iv );
|
||||
memcpy( p, iv, CTR_DRBG_BLOCKSIZE );
|
||||
p += CTR_DRBG_BLOCKSIZE;
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
static int ctr_drbg_update_internal( ctr_drbg_context *ctx,
|
||||
const unsigned char data[CTR_DRBG_SEEDLEN] )
|
||||
{
|
||||
unsigned char tmp[CTR_DRBG_SEEDLEN];
|
||||
unsigned char *p = tmp;
|
||||
int i, j;
|
||||
|
||||
memset( tmp, 0, CTR_DRBG_SEEDLEN );
|
||||
|
||||
for( j = 0; j < CTR_DRBG_SEEDLEN; j += CTR_DRBG_BLOCKSIZE )
|
||||
{
|
||||
/*
|
||||
* Increase counter
|
||||
*/
|
||||
for( i = CTR_DRBG_BLOCKSIZE; i > 0; i-- )
|
||||
if( ++ctx->counter[i - 1] != 0 )
|
||||
break;
|
||||
|
||||
/*
|
||||
* Crypt counter block
|
||||
*/
|
||||
aes_crypt_ecb( &ctx->aes_ctx, AES_ENCRYPT, ctx->counter, p );
|
||||
|
||||
p += CTR_DRBG_BLOCKSIZE;
|
||||
}
|
||||
|
||||
for( i = 0; i < CTR_DRBG_SEEDLEN; i++ )
|
||||
tmp[i] ^= data[i];
|
||||
|
||||
/*
|
||||
* Update key and counter
|
||||
*/
|
||||
aes_setkey_enc( &ctx->aes_ctx, tmp, CTR_DRBG_KEYBITS );
|
||||
memcpy( ctx->counter, tmp + CTR_DRBG_KEYSIZE, CTR_DRBG_BLOCKSIZE );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
void ctr_drbg_update( ctr_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t add_len )
|
||||
{
|
||||
unsigned char add_input[CTR_DRBG_SEEDLEN];
|
||||
|
||||
if( add_len > 0 )
|
||||
{
|
||||
/* MAX_INPUT would be more logical here, but we have to match
|
||||
* block_cipher_df()'s limits since we can't propagate errors */
|
||||
if( add_len > CTR_DRBG_MAX_SEED_INPUT )
|
||||
add_len = CTR_DRBG_MAX_SEED_INPUT;
|
||||
|
||||
block_cipher_df( add_input, additional, add_len );
|
||||
ctr_drbg_update_internal( ctx, add_input );
|
||||
}
|
||||
}
|
||||
|
||||
int ctr_drbg_reseed( ctr_drbg_context *ctx,
|
||||
const unsigned char *additional, size_t len )
|
||||
{
|
||||
unsigned char seed[CTR_DRBG_MAX_SEED_INPUT];
|
||||
size_t seedlen = 0;
|
||||
|
||||
if( ctx->entropy_len + len > CTR_DRBG_MAX_SEED_INPUT )
|
||||
return( POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG );
|
||||
|
||||
memset( seed, 0, CTR_DRBG_MAX_SEED_INPUT );
|
||||
|
||||
/*
|
||||
* Gather enropy_len bytes of entropy to seed state
|
||||
*/
|
||||
if( 0 != ctx->f_entropy( ctx->p_entropy, seed,
|
||||
ctx->entropy_len ) )
|
||||
{
|
||||
return( POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
|
||||
}
|
||||
|
||||
seedlen += ctx->entropy_len;
|
||||
|
||||
/*
|
||||
* Add additional data
|
||||
*/
|
||||
if( additional && len )
|
||||
{
|
||||
memcpy( seed + seedlen, additional, len );
|
||||
seedlen += len;
|
||||
}
|
||||
|
||||
/*
|
||||
* Reduce to 384 bits
|
||||
*/
|
||||
block_cipher_df( seed, seed, seedlen );
|
||||
|
||||
/*
|
||||
* Update state
|
||||
*/
|
||||
ctr_drbg_update_internal( ctx, seed );
|
||||
ctx->reseed_counter = 1;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int ctr_drbg_random_with_add( void *p_rng,
|
||||
unsigned char *output, size_t output_len,
|
||||
const unsigned char *additional, size_t add_len )
|
||||
{
|
||||
int ret = 0;
|
||||
ctr_drbg_context *ctx = (ctr_drbg_context *) p_rng;
|
||||
unsigned char add_input[CTR_DRBG_SEEDLEN];
|
||||
unsigned char *p = output;
|
||||
unsigned char tmp[CTR_DRBG_BLOCKSIZE];
|
||||
int i;
|
||||
size_t use_len;
|
||||
|
||||
if( output_len > CTR_DRBG_MAX_REQUEST )
|
||||
return( POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG );
|
||||
|
||||
if( add_len > CTR_DRBG_MAX_INPUT )
|
||||
return( POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG );
|
||||
|
||||
memset( add_input, 0, CTR_DRBG_SEEDLEN );
|
||||
|
||||
if( ctx->reseed_counter > ctx->reseed_interval ||
|
||||
ctx->prediction_resistance )
|
||||
{
|
||||
if( ( ret = ctr_drbg_reseed( ctx, additional, add_len ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
add_len = 0;
|
||||
}
|
||||
|
||||
if( add_len > 0 )
|
||||
{
|
||||
block_cipher_df( add_input, additional, add_len );
|
||||
ctr_drbg_update_internal( ctx, add_input );
|
||||
}
|
||||
|
||||
while( output_len > 0 )
|
||||
{
|
||||
/*
|
||||
* Increase counter
|
||||
*/
|
||||
for( i = CTR_DRBG_BLOCKSIZE; i > 0; i-- )
|
||||
if( ++ctx->counter[i - 1] != 0 )
|
||||
break;
|
||||
|
||||
/*
|
||||
* Crypt counter block
|
||||
*/
|
||||
aes_crypt_ecb( &ctx->aes_ctx, AES_ENCRYPT, ctx->counter, tmp );
|
||||
|
||||
use_len = (output_len > CTR_DRBG_BLOCKSIZE ) ? CTR_DRBG_BLOCKSIZE : output_len;
|
||||
/*
|
||||
* Copy random block to destination
|
||||
*/
|
||||
memcpy( p, tmp, use_len );
|
||||
p += use_len;
|
||||
output_len -= use_len;
|
||||
}
|
||||
|
||||
ctr_drbg_update_internal( ctx, add_input );
|
||||
|
||||
ctx->reseed_counter++;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int ctr_drbg_random( void *p_rng, unsigned char *output, size_t output_len )
|
||||
{
|
||||
return ctr_drbg_random_with_add( p_rng, output, output_len, NULL, 0 );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
int ctr_drbg_write_seed_file( ctr_drbg_context *ctx, const char *path )
|
||||
{
|
||||
int ret;
|
||||
FILE *f;
|
||||
unsigned char buf[ CTR_DRBG_MAX_INPUT ];
|
||||
|
||||
if( ( f = fopen( path, "wb" ) ) == NULL )
|
||||
return( POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR );
|
||||
|
||||
if( ( ret = ctr_drbg_random( ctx, buf, CTR_DRBG_MAX_INPUT ) ) != 0 )
|
||||
{
|
||||
fclose( f );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( fwrite( buf, 1, CTR_DRBG_MAX_INPUT, f ) != CTR_DRBG_MAX_INPUT )
|
||||
{
|
||||
fclose( f );
|
||||
return( POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR );
|
||||
}
|
||||
|
||||
fclose( f );
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int ctr_drbg_update_seed_file( ctr_drbg_context *ctx, const char *path )
|
||||
{
|
||||
FILE *f;
|
||||
size_t n;
|
||||
unsigned char buf[ CTR_DRBG_MAX_INPUT ];
|
||||
|
||||
if( ( f = fopen( path, "rb" ) ) == NULL )
|
||||
return( POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR );
|
||||
|
||||
fseek( f, 0, SEEK_END );
|
||||
n = (size_t) ftell( f );
|
||||
fseek( f, 0, SEEK_SET );
|
||||
|
||||
if( n > CTR_DRBG_MAX_INPUT )
|
||||
{
|
||||
fclose( f );
|
||||
return( POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG );
|
||||
}
|
||||
|
||||
if( fread( buf, 1, n, f ) != n )
|
||||
{
|
||||
fclose( f );
|
||||
return( POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR );
|
||||
}
|
||||
|
||||
ctr_drbg_update( ctx, buf, n );
|
||||
|
||||
fclose( f );
|
||||
|
||||
return( ctr_drbg_write_seed_file( ctx, path ) );
|
||||
}
|
||||
#endif /* POLARSSL_FS_IO */
|
||||
|
||||
#if defined(POLARSSL_SELF_TEST)
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
unsigned char entropy_source_pr[96] =
|
||||
{ 0xc1, 0x80, 0x81, 0xa6, 0x5d, 0x44, 0x02, 0x16,
|
||||
0x19, 0xb3, 0xf1, 0x80, 0xb1, 0xc9, 0x20, 0x02,
|
||||
0x6a, 0x54, 0x6f, 0x0c, 0x70, 0x81, 0x49, 0x8b,
|
||||
0x6e, 0xa6, 0x62, 0x52, 0x6d, 0x51, 0xb1, 0xcb,
|
||||
0x58, 0x3b, 0xfa, 0xd5, 0x37, 0x5f, 0xfb, 0xc9,
|
||||
0xff, 0x46, 0xd2, 0x19, 0xc7, 0x22, 0x3e, 0x95,
|
||||
0x45, 0x9d, 0x82, 0xe1, 0xe7, 0x22, 0x9f, 0x63,
|
||||
0x31, 0x69, 0xd2, 0x6b, 0x57, 0x47, 0x4f, 0xa3,
|
||||
0x37, 0xc9, 0x98, 0x1c, 0x0b, 0xfb, 0x91, 0x31,
|
||||
0x4d, 0x55, 0xb9, 0xe9, 0x1c, 0x5a, 0x5e, 0xe4,
|
||||
0x93, 0x92, 0xcf, 0xc5, 0x23, 0x12, 0xd5, 0x56,
|
||||
0x2c, 0x4a, 0x6e, 0xff, 0xdc, 0x10, 0xd0, 0x68 };
|
||||
|
||||
unsigned char entropy_source_nopr[64] =
|
||||
{ 0x5a, 0x19, 0x4d, 0x5e, 0x2b, 0x31, 0x58, 0x14,
|
||||
0x54, 0xde, 0xf6, 0x75, 0xfb, 0x79, 0x58, 0xfe,
|
||||
0xc7, 0xdb, 0x87, 0x3e, 0x56, 0x89, 0xfc, 0x9d,
|
||||
0x03, 0x21, 0x7c, 0x68, 0xd8, 0x03, 0x38, 0x20,
|
||||
0xf9, 0xe6, 0x5e, 0x04, 0xd8, 0x56, 0xf3, 0xa9,
|
||||
0xc4, 0x4a, 0x4c, 0xbd, 0xc1, 0xd0, 0x08, 0x46,
|
||||
0xf5, 0x98, 0x3d, 0x77, 0x1c, 0x1b, 0x13, 0x7e,
|
||||
0x4e, 0x0f, 0x9d, 0x8e, 0xf4, 0x09, 0xf9, 0x2e };
|
||||
|
||||
unsigned char nonce_pers_pr[16] =
|
||||
{ 0xd2, 0x54, 0xfc, 0xff, 0x02, 0x1e, 0x69, 0xd2,
|
||||
0x29, 0xc9, 0xcf, 0xad, 0x85, 0xfa, 0x48, 0x6c };
|
||||
|
||||
unsigned char nonce_pers_nopr[16] =
|
||||
{ 0x1b, 0x54, 0xb8, 0xff, 0x06, 0x42, 0xbf, 0xf5,
|
||||
0x21, 0xf1, 0x5c, 0x1c, 0x0b, 0x66, 0x5f, 0x3f };
|
||||
|
||||
unsigned char result_pr[16] =
|
||||
{ 0x34, 0x01, 0x16, 0x56, 0xb4, 0x29, 0x00, 0x8f,
|
||||
0x35, 0x63, 0xec, 0xb5, 0xf2, 0x59, 0x07, 0x23 };
|
||||
|
||||
unsigned char result_nopr[16] =
|
||||
{ 0xa0, 0x54, 0x30, 0x3d, 0x8a, 0x7e, 0xa9, 0x88,
|
||||
0x9d, 0x90, 0x3e, 0x07, 0x7c, 0x6f, 0x21, 0x8f };
|
||||
|
||||
static size_t test_offset;
|
||||
static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf,
|
||||
size_t len )
|
||||
{
|
||||
unsigned char *p = data;
|
||||
memcpy( buf, p + test_offset, len );
|
||||
test_offset += 32;
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Checkup routine
|
||||
*/
|
||||
int ctr_drbg_self_test( int verbose )
|
||||
{
|
||||
ctr_drbg_context ctx;
|
||||
unsigned char buf[16];
|
||||
|
||||
/*
|
||||
* Based on a NIST CTR_DRBG test vector (PR = True)
|
||||
*/
|
||||
if( verbose != 0 )
|
||||
printf( " CTR_DRBG (PR = TRUE) : " );
|
||||
|
||||
test_offset = 0;
|
||||
if( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy, entropy_source_pr, nonce_pers_pr, 16, 32 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
ctr_drbg_set_prediction_resistance( &ctx, CTR_DRBG_PR_ON );
|
||||
|
||||
if( ctr_drbg_random( &ctx, buf, CTR_DRBG_BLOCKSIZE ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
if( ctr_drbg_random( &ctx, buf, CTR_DRBG_BLOCKSIZE ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
if( memcmp( buf, result_pr, CTR_DRBG_BLOCKSIZE ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
printf( "passed\n" );
|
||||
|
||||
/*
|
||||
* Based on a NIST CTR_DRBG test vector (PR = FALSE)
|
||||
*/
|
||||
if( verbose != 0 )
|
||||
printf( " CTR_DRBG (PR = FALSE): " );
|
||||
|
||||
test_offset = 0;
|
||||
if( ctr_drbg_init_entropy_len( &ctx, ctr_drbg_self_test_entropy, entropy_source_nopr, nonce_pers_nopr, 16, 32 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
if( ctr_drbg_random( &ctx, buf, 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
if( ctr_drbg_reseed( &ctx, NULL, 0 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
if( ctr_drbg_random( &ctx, buf, 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
if( memcmp( buf, result_nopr, 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
printf( "passed\n" );
|
||||
|
||||
if( verbose != 0 )
|
||||
printf( "\n" );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
261
lib/libpolarssl/source/entropy.c
Normal file
261
lib/libpolarssl/source/entropy.c
Normal file
|
@ -0,0 +1,261 @@
|
|||
/*
|
||||
* Entropy accumulator implementation
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
*
|
||||
* This file is part of mbed TLS (https://polarssl.org)
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#include "polarssl/config.h"
|
||||
|
||||
#if defined(POLARSSL_ENTROPY_C)
|
||||
|
||||
#include "polarssl/entropy.h"
|
||||
#include "polarssl/entropy_poll.h"
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
#include <stdio.h>
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_HAVEGE_C)
|
||||
#include "polarssl/havege.h"
|
||||
#endif
|
||||
|
||||
#define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */
|
||||
|
||||
void entropy_init( entropy_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof(entropy_context) );
|
||||
|
||||
sha4_starts( &ctx->accumulator, 0 );
|
||||
#if defined(POLARSSL_HAVEGE_C)
|
||||
havege_init( &ctx->havege_data );
|
||||
#endif
|
||||
|
||||
#if !defined(POLARSSL_NO_DEFAULT_ENTROPY_SOURCES)
|
||||
#if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
|
||||
entropy_add_source( ctx, platform_entropy_poll, NULL,
|
||||
ENTROPY_MIN_PLATFORM );
|
||||
#endif
|
||||
#if defined(POLARSSL_TIMING_C)
|
||||
entropy_add_source( ctx, hardclock_poll, NULL, ENTROPY_MIN_HARDCLOCK );
|
||||
#endif
|
||||
#if defined(POLARSSL_HAVEGE_C)
|
||||
entropy_add_source( ctx, havege_poll, &ctx->havege_data,
|
||||
ENTROPY_MIN_HAVEGE );
|
||||
#endif
|
||||
#endif /* POLARSSL_NO_DEFAULT_ENTROPY_SOURCES */
|
||||
}
|
||||
|
||||
int entropy_add_source( entropy_context *ctx,
|
||||
f_source_ptr f_source, void *p_source,
|
||||
size_t threshold )
|
||||
{
|
||||
int index = ctx->source_count;
|
||||
|
||||
if( index >= ENTROPY_MAX_SOURCES )
|
||||
return( POLARSSL_ERR_ENTROPY_MAX_SOURCES );
|
||||
|
||||
ctx->source[index].f_source = f_source;
|
||||
ctx->source[index].p_source = p_source;
|
||||
ctx->source[index].threshold = threshold;
|
||||
|
||||
ctx->source_count++;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Entropy accumulator update
|
||||
*/
|
||||
static int entropy_update( entropy_context *ctx, unsigned char source_id,
|
||||
const unsigned char *data, size_t len )
|
||||
{
|
||||
unsigned char header[2];
|
||||
unsigned char tmp[ENTROPY_BLOCK_SIZE];
|
||||
size_t use_len = len;
|
||||
const unsigned char *p = data;
|
||||
|
||||
if( use_len > ENTROPY_BLOCK_SIZE )
|
||||
{
|
||||
sha4( data, len, tmp, 0 );
|
||||
|
||||
p = tmp;
|
||||
use_len = ENTROPY_BLOCK_SIZE;
|
||||
}
|
||||
|
||||
header[0] = source_id;
|
||||
header[1] = use_len & 0xFF;
|
||||
|
||||
sha4_update( &ctx->accumulator, header, 2 );
|
||||
sha4_update( &ctx->accumulator, p, use_len );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int entropy_update_manual( entropy_context *ctx,
|
||||
const unsigned char *data, size_t len )
|
||||
{
|
||||
return entropy_update( ctx, ENTROPY_SOURCE_MANUAL, data, len );
|
||||
}
|
||||
|
||||
/*
|
||||
* Run through the different sources to add entropy to our accumulator
|
||||
*/
|
||||
int entropy_gather( entropy_context *ctx )
|
||||
{
|
||||
int ret, i;
|
||||
unsigned char buf[ENTROPY_MAX_GATHER];
|
||||
size_t olen;
|
||||
|
||||
if( ctx->source_count == 0 )
|
||||
return( POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED );
|
||||
|
||||
/*
|
||||
* Run through our entropy sources
|
||||
*/
|
||||
for( i = 0; i < ctx->source_count; i++ )
|
||||
{
|
||||
olen = 0;
|
||||
if ( ( ret = ctx->source[i].f_source( ctx->source[i].p_source,
|
||||
buf, ENTROPY_MAX_GATHER, &olen ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
* Add if we actually gathered something
|
||||
*/
|
||||
if( olen > 0 )
|
||||
{
|
||||
entropy_update( ctx, (unsigned char) i, buf, olen );
|
||||
ctx->source[i].size += olen;
|
||||
}
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int entropy_func( void *data, unsigned char *output, size_t len )
|
||||
{
|
||||
int ret, count = 0, i, reached;
|
||||
entropy_context *ctx = (entropy_context *) data;
|
||||
unsigned char buf[ENTROPY_BLOCK_SIZE];
|
||||
|
||||
if( len > ENTROPY_BLOCK_SIZE )
|
||||
return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
|
||||
|
||||
/*
|
||||
* Always gather extra entropy before a call
|
||||
*/
|
||||
do
|
||||
{
|
||||
if( count++ > ENTROPY_MAX_LOOP )
|
||||
return( POLARSSL_ERR_ENTROPY_SOURCE_FAILED );
|
||||
|
||||
if( ( ret = entropy_gather( ctx ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
reached = 0;
|
||||
|
||||
for( i = 0; i < ctx->source_count; i++ )
|
||||
if( ctx->source[i].size >= ctx->source[i].threshold )
|
||||
reached++;
|
||||
}
|
||||
while( reached != ctx->source_count );
|
||||
|
||||
memset( buf, 0, ENTROPY_BLOCK_SIZE );
|
||||
|
||||
sha4_finish( &ctx->accumulator, buf );
|
||||
|
||||
/*
|
||||
* Reset accumulator and counters and recycle existing entropy
|
||||
*/
|
||||
memset( &ctx->accumulator, 0, sizeof( sha4_context ) );
|
||||
sha4_starts( &ctx->accumulator, 0 );
|
||||
sha4_update( &ctx->accumulator, buf, ENTROPY_BLOCK_SIZE );
|
||||
|
||||
/*
|
||||
* Perform second SHA-512 on entropy
|
||||
*/
|
||||
sha4( buf, ENTROPY_BLOCK_SIZE, buf, 0 );
|
||||
|
||||
for( i = 0; i < ctx->source_count; i++ )
|
||||
ctx->source[i].size = 0;
|
||||
|
||||
memcpy( output, buf, len );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
int entropy_write_seed_file( entropy_context *ctx, const char *path )
|
||||
{
|
||||
int ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR;
|
||||
FILE *f;
|
||||
unsigned char buf[ENTROPY_BLOCK_SIZE];
|
||||
|
||||
if( ( f = fopen( path, "wb" ) ) == NULL )
|
||||
return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR );
|
||||
|
||||
if( ( ret = entropy_func( ctx, buf, ENTROPY_BLOCK_SIZE ) ) != 0 )
|
||||
goto exit;
|
||||
|
||||
if( fwrite( buf, 1, ENTROPY_BLOCK_SIZE, f ) != ENTROPY_BLOCK_SIZE )
|
||||
{
|
||||
ret = POLARSSL_ERR_ENTROPY_FILE_IO_ERROR;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
|
||||
exit:
|
||||
fclose( f );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
int entropy_update_seed_file( entropy_context *ctx, const char *path )
|
||||
{
|
||||
FILE *f;
|
||||
size_t n;
|
||||
unsigned char buf[ ENTROPY_MAX_SEED_SIZE ];
|
||||
|
||||
if( ( f = fopen( path, "rb" ) ) == NULL )
|
||||
return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR );
|
||||
|
||||
fseek( f, 0, SEEK_END );
|
||||
n = (size_t) ftell( f );
|
||||
fseek( f, 0, SEEK_SET );
|
||||
|
||||
if( n > ENTROPY_MAX_SEED_SIZE )
|
||||
n = ENTROPY_MAX_SEED_SIZE;
|
||||
|
||||
if( fread( buf, 1, n, f ) != n )
|
||||
{
|
||||
fclose( f );
|
||||
return( POLARSSL_ERR_ENTROPY_FILE_IO_ERROR );
|
||||
}
|
||||
|
||||
fclose( f );
|
||||
|
||||
entropy_update_manual( ctx, buf, n );
|
||||
|
||||
return( entropy_write_seed_file( ctx, path ) );
|
||||
}
|
||||
#endif /* POLARSSL_FS_IO */
|
||||
|
||||
#endif
|
133
lib/libpolarssl/source/entropy_poll.c
Normal file
133
lib/libpolarssl/source/entropy_poll.c
Normal file
|
@ -0,0 +1,133 @@
|
|||
/*
|
||||
* Platform-specific and custom entropy polling functions
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
*
|
||||
* This file is part of mbed TLS (https://polarssl.org)
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#include "polarssl/config.h"
|
||||
|
||||
#if defined(POLARSSL_ENTROPY_C)
|
||||
|
||||
#include "polarssl/entropy.h"
|
||||
#include "polarssl/entropy_poll.h"
|
||||
|
||||
#if defined(POLARSSL_TIMING_C)
|
||||
#include "polarssl/timing.h"
|
||||
#endif
|
||||
#if defined(POLARSSL_HAVEGE_C)
|
||||
#include "polarssl/havege.h"
|
||||
#endif
|
||||
|
||||
#if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
|
||||
#if defined(_WIN32)
|
||||
|
||||
#if !defined(_WIN32_WINNT)
|
||||
#define _WIN32_WINNT 0x0400
|
||||
#endif
|
||||
#include <windows.h>
|
||||
#include <wincrypt.h>
|
||||
|
||||
int platform_entropy_poll( void *data, unsigned char *output, size_t len,
|
||||
size_t *olen )
|
||||
{
|
||||
HCRYPTPROV provider;
|
||||
((void) data);
|
||||
*olen = 0;
|
||||
|
||||
if( CryptAcquireContext( &provider, NULL, NULL,
|
||||
PROV_RSA_FULL, CRYPT_VERIFYCONTEXT ) == FALSE )
|
||||
{
|
||||
return POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
|
||||
}
|
||||
|
||||
if( CryptGenRandom( provider, len, output ) == FALSE )
|
||||
return POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
|
||||
|
||||
CryptReleaseContext( provider, 0 );
|
||||
*olen = len;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#else
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
int platform_entropy_poll( void *data,
|
||||
unsigned char *output, size_t len, size_t *olen )
|
||||
{
|
||||
FILE *file;
|
||||
size_t ret;
|
||||
((void) data);
|
||||
|
||||
*olen = 0;
|
||||
|
||||
file = fopen( "/dev/urandom", "rb" );
|
||||
if( file == NULL )
|
||||
return POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
|
||||
|
||||
ret = fread( output, 1, len, file );
|
||||
if( ret != len )
|
||||
{
|
||||
fclose( file );
|
||||
return POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
|
||||
}
|
||||
|
||||
fclose( file );
|
||||
*olen = len;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_TIMING_C)
|
||||
int hardclock_poll( void *data,
|
||||
unsigned char *output, size_t len, size_t *olen )
|
||||
{
|
||||
unsigned long timer = hardclock();
|
||||
((void) data);
|
||||
*olen = 0;
|
||||
|
||||
if( len < sizeof(unsigned long) )
|
||||
return( 0 );
|
||||
|
||||
memcpy( output, &timer, sizeof(unsigned long) );
|
||||
*olen = sizeof(unsigned long);
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_HAVEGE_C)
|
||||
int havege_poll( void *data,
|
||||
unsigned char *output, size_t len, size_t *olen )
|
||||
{
|
||||
havege_state *hs = (havege_state *) data;
|
||||
*olen = 0;
|
||||
|
||||
if( havege_random( hs, output, len ) != 0 )
|
||||
return POLARSSL_ERR_ENTROPY_SOURCE_FAILED;
|
||||
|
||||
*olen = len;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* POLARSSL_ENTROPY_C */
|
762
lib/libpolarssl/source/sha4.c
Normal file
762
lib/libpolarssl/source/sha4.c
Normal file
|
@ -0,0 +1,762 @@
|
|||
/*
|
||||
* FIPS-180-2 compliant SHA-384/512 implementation
|
||||
*
|
||||
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
||||
*
|
||||
* This file is part of mbed TLS (https://polarssl.org)
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
/*
|
||||
* The SHA-512 Secure Hash Standard was published by NIST in 2002.
|
||||
*
|
||||
* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
|
||||
*/
|
||||
|
||||
#include "polarssl/config.h"
|
||||
|
||||
#if defined(POLARSSL_SHA4_C)
|
||||
|
||||
#include "polarssl/sha4.h"
|
||||
|
||||
#if defined(POLARSSL_FS_IO) || defined(POLARSSL_SELF_TEST)
|
||||
#include <stdio.h>
|
||||
#endif
|
||||
|
||||
#if !defined(POLARSSL_SHA4_ALT)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void polarssl_zeroize( void *v, size_t n ) {
|
||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* 64-bit integer manipulation macros (big endian)
|
||||
*/
|
||||
#ifndef GET_UINT64_BE
|
||||
#define GET_UINT64_BE(n,b,i) \
|
||||
{ \
|
||||
(n) = ( (uint64_t) (b)[(i) ] << 56 ) \
|
||||
| ( (uint64_t) (b)[(i) + 1] << 48 ) \
|
||||
| ( (uint64_t) (b)[(i) + 2] << 40 ) \
|
||||
| ( (uint64_t) (b)[(i) + 3] << 32 ) \
|
||||
| ( (uint64_t) (b)[(i) + 4] << 24 ) \
|
||||
| ( (uint64_t) (b)[(i) + 5] << 16 ) \
|
||||
| ( (uint64_t) (b)[(i) + 6] << 8 ) \
|
||||
| ( (uint64_t) (b)[(i) + 7] ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef PUT_UINT64_BE
|
||||
#define PUT_UINT64_BE(n,b,i) \
|
||||
{ \
|
||||
(b)[(i) ] = (unsigned char) ( (n) >> 56 ); \
|
||||
(b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \
|
||||
(b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \
|
||||
(b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \
|
||||
(b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \
|
||||
(b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \
|
||||
(b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \
|
||||
(b)[(i) + 7] = (unsigned char) ( (n) ); \
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Round constants
|
||||
*/
|
||||
static const uint64_t K[80] =
|
||||
{
|
||||
UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
|
||||
UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
|
||||
UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
|
||||
UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
|
||||
UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
|
||||
UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
|
||||
UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
|
||||
UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
|
||||
UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
|
||||
UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
|
||||
UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
|
||||
UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
|
||||
UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
|
||||
UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
|
||||
UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
|
||||
UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
|
||||
UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
|
||||
UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
|
||||
UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
|
||||
UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
|
||||
UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
|
||||
UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
|
||||
UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
|
||||
UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
|
||||
UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
|
||||
UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
|
||||
UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
|
||||
UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
|
||||
UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
|
||||
UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
|
||||
UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
|
||||
UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
|
||||
UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
|
||||
UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
|
||||
UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
|
||||
UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
|
||||
UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
|
||||
UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
|
||||
UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
|
||||
UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
|
||||
};
|
||||
|
||||
/*
|
||||
* SHA-512 context setup
|
||||
*/
|
||||
void sha4_starts( sha4_context *ctx, int is384 )
|
||||
{
|
||||
ctx->total[0] = 0;
|
||||
ctx->total[1] = 0;
|
||||
|
||||
if( is384 == 0 )
|
||||
{
|
||||
/* SHA-512 */
|
||||
ctx->state[0] = UL64(0x6A09E667F3BCC908);
|
||||
ctx->state[1] = UL64(0xBB67AE8584CAA73B);
|
||||
ctx->state[2] = UL64(0x3C6EF372FE94F82B);
|
||||
ctx->state[3] = UL64(0xA54FF53A5F1D36F1);
|
||||
ctx->state[4] = UL64(0x510E527FADE682D1);
|
||||
ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
|
||||
ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
|
||||
ctx->state[7] = UL64(0x5BE0CD19137E2179);
|
||||
}
|
||||
else
|
||||
{
|
||||
/* SHA-384 */
|
||||
ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
|
||||
ctx->state[1] = UL64(0x629A292A367CD507);
|
||||
ctx->state[2] = UL64(0x9159015A3070DD17);
|
||||
ctx->state[3] = UL64(0x152FECD8F70E5939);
|
||||
ctx->state[4] = UL64(0x67332667FFC00B31);
|
||||
ctx->state[5] = UL64(0x8EB44A8768581511);
|
||||
ctx->state[6] = UL64(0xDB0C2E0D64F98FA7);
|
||||
ctx->state[7] = UL64(0x47B5481DBEFA4FA4);
|
||||
}
|
||||
|
||||
ctx->is384 = is384;
|
||||
}
|
||||
|
||||
static void sha4_process( sha4_context *ctx, const unsigned char data[128] )
|
||||
{
|
||||
int i;
|
||||
uint64_t temp1, temp2, W[80];
|
||||
uint64_t A, B, C, D, E, F, G, H;
|
||||
|
||||
#define SHR(x,n) (x >> n)
|
||||
#define ROTR(x,n) (SHR(x,n) | (x << (64 - n)))
|
||||
|
||||
#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7))
|
||||
#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6))
|
||||
|
||||
#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
|
||||
#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
|
||||
|
||||
#define F0(x,y,z) ((x & y) | (z & (x | y)))
|
||||
#define F1(x,y,z) (z ^ (x & (y ^ z)))
|
||||
|
||||
#define P(a,b,c,d,e,f,g,h,x,K) \
|
||||
{ \
|
||||
temp1 = h + S3(e) + F1(e,f,g) + K + x; \
|
||||
temp2 = S2(a) + F0(a,b,c); \
|
||||
d += temp1; h = temp1 + temp2; \
|
||||
}
|
||||
|
||||
for( i = 0; i < 16; i++ )
|
||||
{
|
||||
GET_UINT64_BE( W[i], data, i << 3 );
|
||||
}
|
||||
|
||||
for( ; i < 80; i++ )
|
||||
{
|
||||
W[i] = S1(W[i - 2]) + W[i - 7] +
|
||||
S0(W[i - 15]) + W[i - 16];
|
||||
}
|
||||
|
||||
A = ctx->state[0];
|
||||
B = ctx->state[1];
|
||||
C = ctx->state[2];
|
||||
D = ctx->state[3];
|
||||
E = ctx->state[4];
|
||||
F = ctx->state[5];
|
||||
G = ctx->state[6];
|
||||
H = ctx->state[7];
|
||||
i = 0;
|
||||
|
||||
do
|
||||
{
|
||||
P( A, B, C, D, E, F, G, H, W[i], K[i] ); i++;
|
||||
P( H, A, B, C, D, E, F, G, W[i], K[i] ); i++;
|
||||
P( G, H, A, B, C, D, E, F, W[i], K[i] ); i++;
|
||||
P( F, G, H, A, B, C, D, E, W[i], K[i] ); i++;
|
||||
P( E, F, G, H, A, B, C, D, W[i], K[i] ); i++;
|
||||
P( D, E, F, G, H, A, B, C, W[i], K[i] ); i++;
|
||||
P( C, D, E, F, G, H, A, B, W[i], K[i] ); i++;
|
||||
P( B, C, D, E, F, G, H, A, W[i], K[i] ); i++;
|
||||
}
|
||||
while( i < 80 );
|
||||
|
||||
ctx->state[0] += A;
|
||||
ctx->state[1] += B;
|
||||
ctx->state[2] += C;
|
||||
ctx->state[3] += D;
|
||||
ctx->state[4] += E;
|
||||
ctx->state[5] += F;
|
||||
ctx->state[6] += G;
|
||||
ctx->state[7] += H;
|
||||
}
|
||||
|
||||
/*
|
||||
* SHA-512 process buffer
|
||||
*/
|
||||
void sha4_update( sha4_context *ctx, const unsigned char *input, size_t ilen )
|
||||
{
|
||||
size_t fill;
|
||||
unsigned int left;
|
||||
|
||||
if( ilen <= 0 )
|
||||
return;
|
||||
|
||||
left = (unsigned int) (ctx->total[0] & 0x7F);
|
||||
fill = 128 - left;
|
||||
|
||||
ctx->total[0] += (uint64_t) ilen;
|
||||
|
||||
if( ctx->total[0] < (uint64_t) ilen )
|
||||
ctx->total[1]++;
|
||||
|
||||
if( left && ilen >= fill )
|
||||
{
|
||||
memcpy( (void *) (ctx->buffer + left), input, fill );
|
||||
sha4_process( ctx, ctx->buffer );
|
||||
input += fill;
|
||||
ilen -= fill;
|
||||
left = 0;
|
||||
}
|
||||
|
||||
while( ilen >= 128 )
|
||||
{
|
||||
sha4_process( ctx, input );
|
||||
input += 128;
|
||||
ilen -= 128;
|
||||
}
|
||||
|
||||
if( ilen > 0 )
|
||||
memcpy( (void *) (ctx->buffer + left), input, ilen );
|
||||
}
|
||||
|
||||
static const unsigned char sha4_padding[128] =
|
||||
{
|
||||
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
||||
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
|
||||
};
|
||||
|
||||
/*
|
||||
* SHA-512 final digest
|
||||
*/
|
||||
void sha4_finish( sha4_context *ctx, unsigned char output[64] )
|
||||
{
|
||||
size_t last, padn;
|
||||
uint64_t high, low;
|
||||
unsigned char msglen[16];
|
||||
|
||||
high = ( ctx->total[0] >> 61 )
|
||||
| ( ctx->total[1] << 3 );
|
||||
low = ( ctx->total[0] << 3 );
|
||||
|
||||
PUT_UINT64_BE( high, msglen, 0 );
|
||||
PUT_UINT64_BE( low, msglen, 8 );
|
||||
|
||||
last = (size_t)( ctx->total[0] & 0x7F );
|
||||
padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
|
||||
|
||||
sha4_update( ctx, sha4_padding, padn );
|
||||
sha4_update( ctx, msglen, 16 );
|
||||
|
||||
PUT_UINT64_BE( ctx->state[0], output, 0 );
|
||||
PUT_UINT64_BE( ctx->state[1], output, 8 );
|
||||
PUT_UINT64_BE( ctx->state[2], output, 16 );
|
||||
PUT_UINT64_BE( ctx->state[3], output, 24 );
|
||||
PUT_UINT64_BE( ctx->state[4], output, 32 );
|
||||
PUT_UINT64_BE( ctx->state[5], output, 40 );
|
||||
|
||||
if( ctx->is384 == 0 )
|
||||
{
|
||||
PUT_UINT64_BE( ctx->state[6], output, 48 );
|
||||
PUT_UINT64_BE( ctx->state[7], output, 56 );
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* !POLARSSL_SHA4_ALT */
|
||||
|
||||
/*
|
||||
* output = SHA-512( input buffer )
|
||||
*/
|
||||
void sha4( const unsigned char *input, size_t ilen,
|
||||
unsigned char output[64], int is384 )
|
||||
{
|
||||
sha4_context ctx;
|
||||
|
||||
sha4_starts( &ctx, is384 );
|
||||
sha4_update( &ctx, input, ilen );
|
||||
sha4_finish( &ctx, output );
|
||||
|
||||
polarssl_zeroize( &ctx, sizeof( sha4_context ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
/*
|
||||
* output = SHA-512( file contents )
|
||||
*/
|
||||
int sha4_file( const char *path, unsigned char output[64], int is384 )
|
||||
{
|
||||
FILE *f;
|
||||
size_t n;
|
||||
sha4_context ctx;
|
||||
unsigned char buf[1024];
|
||||
|
||||
if( ( f = fopen( path, "rb" ) ) == NULL )
|
||||
return( POLARSSL_ERR_SHA4_FILE_IO_ERROR );
|
||||
|
||||
sha4_starts( &ctx, is384 );
|
||||
|
||||
while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
|
||||
sha4_update( &ctx, buf, n );
|
||||
|
||||
sha4_finish( &ctx, output );
|
||||
|
||||
polarssl_zeroize( &ctx, sizeof( sha4_context ) );
|
||||
|
||||
if( ferror( f ) != 0 )
|
||||
{
|
||||
fclose( f );
|
||||
return( POLARSSL_ERR_SHA4_FILE_IO_ERROR );
|
||||
}
|
||||
|
||||
fclose( f );
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* POLARSSL_FS_IO */
|
||||
|
||||
/*
|
||||
* SHA-512 HMAC context setup
|
||||
*/
|
||||
void sha4_hmac_starts( sha4_context *ctx, const unsigned char *key, size_t keylen,
|
||||
int is384 )
|
||||
{
|
||||
size_t i;
|
||||
unsigned char sum[64];
|
||||
|
||||
if( keylen > 128 )
|
||||
{
|
||||
sha4( key, keylen, sum, is384 );
|
||||
keylen = ( is384 ) ? 48 : 64;
|
||||
key = sum;
|
||||
}
|
||||
|
||||
memset( ctx->ipad, 0x36, 128 );
|
||||
memset( ctx->opad, 0x5C, 128 );
|
||||
|
||||
for( i = 0; i < keylen; i++ )
|
||||
{
|
||||
ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] );
|
||||
ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] );
|
||||
}
|
||||
|
||||
sha4_starts( ctx, is384 );
|
||||
sha4_update( ctx, ctx->ipad, 128 );
|
||||
|
||||
polarssl_zeroize( sum, sizeof( sum ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* SHA-512 HMAC process buffer
|
||||
*/
|
||||
void sha4_hmac_update( sha4_context *ctx,
|
||||
const unsigned char *input, size_t ilen )
|
||||
{
|
||||
sha4_update( ctx, input, ilen );
|
||||
}
|
||||
|
||||
/*
|
||||
* SHA-512 HMAC final digest
|
||||
*/
|
||||
void sha4_hmac_finish( sha4_context *ctx, unsigned char output[64] )
|
||||
{
|
||||
int is384, hlen;
|
||||
unsigned char tmpbuf[64];
|
||||
|
||||
is384 = ctx->is384;
|
||||
hlen = ( is384 == 0 ) ? 64 : 48;
|
||||
|
||||
sha4_finish( ctx, tmpbuf );
|
||||
sha4_starts( ctx, is384 );
|
||||
sha4_update( ctx, ctx->opad, 128 );
|
||||
sha4_update( ctx, tmpbuf, hlen );
|
||||
sha4_finish( ctx, output );
|
||||
|
||||
polarssl_zeroize( tmpbuf, sizeof( tmpbuf ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* SHA-512 HMAC context reset
|
||||
*/
|
||||
void sha4_hmac_reset( sha4_context *ctx )
|
||||
{
|
||||
sha4_starts( ctx, ctx->is384 );
|
||||
sha4_update( ctx, ctx->ipad, 128 );
|
||||
}
|
||||
|
||||
/*
|
||||
* output = HMAC-SHA-512( hmac key, input buffer )
|
||||
*/
|
||||
void sha4_hmac( const unsigned char *key, size_t keylen,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char output[64], int is384 )
|
||||
{
|
||||
sha4_context ctx;
|
||||
|
||||
sha4_hmac_starts( &ctx, key, keylen, is384 );
|
||||
sha4_hmac_update( &ctx, input, ilen );
|
||||
sha4_hmac_finish( &ctx, output );
|
||||
|
||||
polarssl_zeroize( &ctx, sizeof( sha4_context ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SELF_TEST)
|
||||
|
||||
/*
|
||||
* FIPS-180-2 test vectors
|
||||
*/
|
||||
static unsigned char sha4_test_buf[3][113] =
|
||||
{
|
||||
{ "abc" },
|
||||
{ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
|
||||
"hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" },
|
||||
{ "" }
|
||||
};
|
||||
|
||||
static const int sha4_test_buflen[3] =
|
||||
{
|
||||
3, 112, 1000
|
||||
};
|
||||
|
||||
static const unsigned char sha4_test_sum[6][64] =
|
||||
{
|
||||
/*
|
||||
* SHA-384 test vectors
|
||||
*/
|
||||
{ 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
|
||||
0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
|
||||
0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
|
||||
0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED,
|
||||
0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23,
|
||||
0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7 },
|
||||
{ 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8,
|
||||
0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47,
|
||||
0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2,
|
||||
0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12,
|
||||
0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9,
|
||||
0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39 },
|
||||
{ 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB,
|
||||
0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C,
|
||||
0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52,
|
||||
0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B,
|
||||
0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB,
|
||||
0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 },
|
||||
|
||||
/*
|
||||
* SHA-512 test vectors
|
||||
*/
|
||||
{ 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA,
|
||||
0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31,
|
||||
0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
|
||||
0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A,
|
||||
0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8,
|
||||
0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
|
||||
0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E,
|
||||
0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F },
|
||||
{ 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA,
|
||||
0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F,
|
||||
0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1,
|
||||
0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18,
|
||||
0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4,
|
||||
0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A,
|
||||
0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54,
|
||||
0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09 },
|
||||
{ 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64,
|
||||
0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63,
|
||||
0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28,
|
||||
0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB,
|
||||
0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A,
|
||||
0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B,
|
||||
0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E,
|
||||
0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B }
|
||||
};
|
||||
|
||||
/*
|
||||
* RFC 4231 test vectors
|
||||
*/
|
||||
static unsigned char sha4_hmac_test_key[7][26] =
|
||||
{
|
||||
{ "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
|
||||
"\x0B\x0B\x0B\x0B" },
|
||||
{ "Jefe" },
|
||||
{ "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
|
||||
"\xAA\xAA\xAA\xAA" },
|
||||
{ "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
|
||||
"\x11\x12\x13\x14\x15\x16\x17\x18\x19" },
|
||||
{ "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
|
||||
"\x0C\x0C\x0C\x0C" },
|
||||
{ "" }, /* 0xAA 131 times */
|
||||
{ "" }
|
||||
};
|
||||
|
||||
static const int sha4_hmac_test_keylen[7] =
|
||||
{
|
||||
20, 4, 20, 25, 20, 131, 131
|
||||
};
|
||||
|
||||
static unsigned char sha4_hmac_test_buf[7][153] =
|
||||
{
|
||||
{ "Hi There" },
|
||||
{ "what do ya want for nothing?" },
|
||||
{ "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
|
||||
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
|
||||
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
|
||||
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
|
||||
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" },
|
||||
{ "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
|
||||
"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
|
||||
"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
|
||||
"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
|
||||
"\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD" },
|
||||
{ "Test With Truncation" },
|
||||
{ "Test Using Larger Than Block-Size Key - Hash Key First" },
|
||||
{ "This is a test using a larger than block-size key "
|
||||
"and a larger than block-size data. The key needs to "
|
||||
"be hashed before being used by the HMAC algorithm." }
|
||||
};
|
||||
|
||||
static const int sha4_hmac_test_buflen[7] =
|
||||
{
|
||||
8, 28, 50, 50, 20, 54, 152
|
||||
};
|
||||
|
||||
static const unsigned char sha4_hmac_test_sum[14][64] =
|
||||
{
|
||||
/*
|
||||
* HMAC-SHA-384 test vectors
|
||||
*/
|
||||
{ 0xAF, 0xD0, 0x39, 0x44, 0xD8, 0x48, 0x95, 0x62,
|
||||
0x6B, 0x08, 0x25, 0xF4, 0xAB, 0x46, 0x90, 0x7F,
|
||||
0x15, 0xF9, 0xDA, 0xDB, 0xE4, 0x10, 0x1E, 0xC6,
|
||||
0x82, 0xAA, 0x03, 0x4C, 0x7C, 0xEB, 0xC5, 0x9C,
|
||||
0xFA, 0xEA, 0x9E, 0xA9, 0x07, 0x6E, 0xDE, 0x7F,
|
||||
0x4A, 0xF1, 0x52, 0xE8, 0xB2, 0xFA, 0x9C, 0xB6 },
|
||||
{ 0xAF, 0x45, 0xD2, 0xE3, 0x76, 0x48, 0x40, 0x31,
|
||||
0x61, 0x7F, 0x78, 0xD2, 0xB5, 0x8A, 0x6B, 0x1B,
|
||||
0x9C, 0x7E, 0xF4, 0x64, 0xF5, 0xA0, 0x1B, 0x47,
|
||||
0xE4, 0x2E, 0xC3, 0x73, 0x63, 0x22, 0x44, 0x5E,
|
||||
0x8E, 0x22, 0x40, 0xCA, 0x5E, 0x69, 0xE2, 0xC7,
|
||||
0x8B, 0x32, 0x39, 0xEC, 0xFA, 0xB2, 0x16, 0x49 },
|
||||
{ 0x88, 0x06, 0x26, 0x08, 0xD3, 0xE6, 0xAD, 0x8A,
|
||||
0x0A, 0xA2, 0xAC, 0xE0, 0x14, 0xC8, 0xA8, 0x6F,
|
||||
0x0A, 0xA6, 0x35, 0xD9, 0x47, 0xAC, 0x9F, 0xEB,
|
||||
0xE8, 0x3E, 0xF4, 0xE5, 0x59, 0x66, 0x14, 0x4B,
|
||||
0x2A, 0x5A, 0xB3, 0x9D, 0xC1, 0x38, 0x14, 0xB9,
|
||||
0x4E, 0x3A, 0xB6, 0xE1, 0x01, 0xA3, 0x4F, 0x27 },
|
||||
{ 0x3E, 0x8A, 0x69, 0xB7, 0x78, 0x3C, 0x25, 0x85,
|
||||
0x19, 0x33, 0xAB, 0x62, 0x90, 0xAF, 0x6C, 0xA7,
|
||||
0x7A, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9C,
|
||||
0xC5, 0x57, 0x7C, 0x6E, 0x1F, 0x57, 0x3B, 0x4E,
|
||||
0x68, 0x01, 0xDD, 0x23, 0xC4, 0xA7, 0xD6, 0x79,
|
||||
0xCC, 0xF8, 0xA3, 0x86, 0xC6, 0x74, 0xCF, 0xFB },
|
||||
{ 0x3A, 0xBF, 0x34, 0xC3, 0x50, 0x3B, 0x2A, 0x23,
|
||||
0xA4, 0x6E, 0xFC, 0x61, 0x9B, 0xAE, 0xF8, 0x97 },
|
||||
{ 0x4E, 0xCE, 0x08, 0x44, 0x85, 0x81, 0x3E, 0x90,
|
||||
0x88, 0xD2, 0xC6, 0x3A, 0x04, 0x1B, 0xC5, 0xB4,
|
||||
0x4F, 0x9E, 0xF1, 0x01, 0x2A, 0x2B, 0x58, 0x8F,
|
||||
0x3C, 0xD1, 0x1F, 0x05, 0x03, 0x3A, 0xC4, 0xC6,
|
||||
0x0C, 0x2E, 0xF6, 0xAB, 0x40, 0x30, 0xFE, 0x82,
|
||||
0x96, 0x24, 0x8D, 0xF1, 0x63, 0xF4, 0x49, 0x52 },
|
||||
{ 0x66, 0x17, 0x17, 0x8E, 0x94, 0x1F, 0x02, 0x0D,
|
||||
0x35, 0x1E, 0x2F, 0x25, 0x4E, 0x8F, 0xD3, 0x2C,
|
||||
0x60, 0x24, 0x20, 0xFE, 0xB0, 0xB8, 0xFB, 0x9A,
|
||||
0xDC, 0xCE, 0xBB, 0x82, 0x46, 0x1E, 0x99, 0xC5,
|
||||
0xA6, 0x78, 0xCC, 0x31, 0xE7, 0x99, 0x17, 0x6D,
|
||||
0x38, 0x60, 0xE6, 0x11, 0x0C, 0x46, 0x52, 0x3E },
|
||||
|
||||
/*
|
||||
* HMAC-SHA-512 test vectors
|
||||
*/
|
||||
{ 0x87, 0xAA, 0x7C, 0xDE, 0xA5, 0xEF, 0x61, 0x9D,
|
||||
0x4F, 0xF0, 0xB4, 0x24, 0x1A, 0x1D, 0x6C, 0xB0,
|
||||
0x23, 0x79, 0xF4, 0xE2, 0xCE, 0x4E, 0xC2, 0x78,
|
||||
0x7A, 0xD0, 0xB3, 0x05, 0x45, 0xE1, 0x7C, 0xDE,
|
||||
0xDA, 0xA8, 0x33, 0xB7, 0xD6, 0xB8, 0xA7, 0x02,
|
||||
0x03, 0x8B, 0x27, 0x4E, 0xAE, 0xA3, 0xF4, 0xE4,
|
||||
0xBE, 0x9D, 0x91, 0x4E, 0xEB, 0x61, 0xF1, 0x70,
|
||||
0x2E, 0x69, 0x6C, 0x20, 0x3A, 0x12, 0x68, 0x54 },
|
||||
{ 0x16, 0x4B, 0x7A, 0x7B, 0xFC, 0xF8, 0x19, 0xE2,
|
||||
0xE3, 0x95, 0xFB, 0xE7, 0x3B, 0x56, 0xE0, 0xA3,
|
||||
0x87, 0xBD, 0x64, 0x22, 0x2E, 0x83, 0x1F, 0xD6,
|
||||
0x10, 0x27, 0x0C, 0xD7, 0xEA, 0x25, 0x05, 0x54,
|
||||
0x97, 0x58, 0xBF, 0x75, 0xC0, 0x5A, 0x99, 0x4A,
|
||||
0x6D, 0x03, 0x4F, 0x65, 0xF8, 0xF0, 0xE6, 0xFD,
|
||||
0xCA, 0xEA, 0xB1, 0xA3, 0x4D, 0x4A, 0x6B, 0x4B,
|
||||
0x63, 0x6E, 0x07, 0x0A, 0x38, 0xBC, 0xE7, 0x37 },
|
||||
{ 0xFA, 0x73, 0xB0, 0x08, 0x9D, 0x56, 0xA2, 0x84,
|
||||
0xEF, 0xB0, 0xF0, 0x75, 0x6C, 0x89, 0x0B, 0xE9,
|
||||
0xB1, 0xB5, 0xDB, 0xDD, 0x8E, 0xE8, 0x1A, 0x36,
|
||||
0x55, 0xF8, 0x3E, 0x33, 0xB2, 0x27, 0x9D, 0x39,
|
||||
0xBF, 0x3E, 0x84, 0x82, 0x79, 0xA7, 0x22, 0xC8,
|
||||
0x06, 0xB4, 0x85, 0xA4, 0x7E, 0x67, 0xC8, 0x07,
|
||||
0xB9, 0x46, 0xA3, 0x37, 0xBE, 0xE8, 0x94, 0x26,
|
||||
0x74, 0x27, 0x88, 0x59, 0xE1, 0x32, 0x92, 0xFB },
|
||||
{ 0xB0, 0xBA, 0x46, 0x56, 0x37, 0x45, 0x8C, 0x69,
|
||||
0x90, 0xE5, 0xA8, 0xC5, 0xF6, 0x1D, 0x4A, 0xF7,
|
||||
0xE5, 0x76, 0xD9, 0x7F, 0xF9, 0x4B, 0x87, 0x2D,
|
||||
0xE7, 0x6F, 0x80, 0x50, 0x36, 0x1E, 0xE3, 0xDB,
|
||||
0xA9, 0x1C, 0xA5, 0xC1, 0x1A, 0xA2, 0x5E, 0xB4,
|
||||
0xD6, 0x79, 0x27, 0x5C, 0xC5, 0x78, 0x80, 0x63,
|
||||
0xA5, 0xF1, 0x97, 0x41, 0x12, 0x0C, 0x4F, 0x2D,
|
||||
0xE2, 0xAD, 0xEB, 0xEB, 0x10, 0xA2, 0x98, 0xDD },
|
||||
{ 0x41, 0x5F, 0xAD, 0x62, 0x71, 0x58, 0x0A, 0x53,
|
||||
0x1D, 0x41, 0x79, 0xBC, 0x89, 0x1D, 0x87, 0xA6 },
|
||||
{ 0x80, 0xB2, 0x42, 0x63, 0xC7, 0xC1, 0xA3, 0xEB,
|
||||
0xB7, 0x14, 0x93, 0xC1, 0xDD, 0x7B, 0xE8, 0xB4,
|
||||
0x9B, 0x46, 0xD1, 0xF4, 0x1B, 0x4A, 0xEE, 0xC1,
|
||||
0x12, 0x1B, 0x01, 0x37, 0x83, 0xF8, 0xF3, 0x52,
|
||||
0x6B, 0x56, 0xD0, 0x37, 0xE0, 0x5F, 0x25, 0x98,
|
||||
0xBD, 0x0F, 0xD2, 0x21, 0x5D, 0x6A, 0x1E, 0x52,
|
||||
0x95, 0xE6, 0x4F, 0x73, 0xF6, 0x3F, 0x0A, 0xEC,
|
||||
0x8B, 0x91, 0x5A, 0x98, 0x5D, 0x78, 0x65, 0x98 },
|
||||
{ 0xE3, 0x7B, 0x6A, 0x77, 0x5D, 0xC8, 0x7D, 0xBA,
|
||||
0xA4, 0xDF, 0xA9, 0xF9, 0x6E, 0x5E, 0x3F, 0xFD,
|
||||
0xDE, 0xBD, 0x71, 0xF8, 0x86, 0x72, 0x89, 0x86,
|
||||
0x5D, 0xF5, 0xA3, 0x2D, 0x20, 0xCD, 0xC9, 0x44,
|
||||
0xB6, 0x02, 0x2C, 0xAC, 0x3C, 0x49, 0x82, 0xB1,
|
||||
0x0D, 0x5E, 0xEB, 0x55, 0xC3, 0xE4, 0xDE, 0x15,
|
||||
0x13, 0x46, 0x76, 0xFB, 0x6D, 0xE0, 0x44, 0x60,
|
||||
0x65, 0xC9, 0x74, 0x40, 0xFA, 0x8C, 0x6A, 0x58 }
|
||||
};
|
||||
|
||||
/*
|
||||
* Checkup routine
|
||||
*/
|
||||
int sha4_self_test( int verbose )
|
||||
{
|
||||
int i, j, k, buflen;
|
||||
unsigned char buf[1024];
|
||||
unsigned char sha4sum[64];
|
||||
sha4_context ctx;
|
||||
|
||||
for( i = 0; i < 6; i++ )
|
||||
{
|
||||
j = i % 3;
|
||||
k = i < 3;
|
||||
|
||||
if( verbose != 0 )
|
||||
printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 );
|
||||
|
||||
sha4_starts( &ctx, k );
|
||||
|
||||
if( j == 2 )
|
||||
{
|
||||
memset( buf, 'a', buflen = 1000 );
|
||||
|
||||
for( j = 0; j < 1000; j++ )
|
||||
sha4_update( &ctx, buf, buflen );
|
||||
}
|
||||
else
|
||||
sha4_update( &ctx, sha4_test_buf[j],
|
||||
sha4_test_buflen[j] );
|
||||
|
||||
sha4_finish( &ctx, sha4sum );
|
||||
|
||||
if( memcmp( sha4sum, sha4_test_sum[i], 64 - k * 16 ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
printf( "passed\n" );
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
printf( "\n" );
|
||||
|
||||
for( i = 0; i < 14; i++ )
|
||||
{
|
||||
j = i % 7;
|
||||
k = i < 7;
|
||||
|
||||
if( verbose != 0 )
|
||||
printf( " HMAC-SHA-%d test #%d: ", 512 - k * 128, j + 1 );
|
||||
|
||||
if( j == 5 || j == 6 )
|
||||
{
|
||||
memset( buf, '\xAA', buflen = 131 );
|
||||
sha4_hmac_starts( &ctx, buf, buflen, k );
|
||||
}
|
||||
else
|
||||
sha4_hmac_starts( &ctx, sha4_hmac_test_key[j],
|
||||
sha4_hmac_test_keylen[j], k );
|
||||
|
||||
sha4_hmac_update( &ctx, sha4_hmac_test_buf[j],
|
||||
sha4_hmac_test_buflen[j] );
|
||||
|
||||
sha4_hmac_finish( &ctx, sha4sum );
|
||||
|
||||
buflen = ( j == 4 ) ? 16 : 64 - k * 16;
|
||||
|
||||
if( memcmp( sha4sum, sha4_hmac_test_sum[i], buflen ) != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
printf( "failed\n" );
|
||||
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
printf( "passed\n" );
|
||||
}
|
||||
|
||||
if( verbose != 0 )
|
||||
printf( "\n" );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#endif
|
Loading…
Reference in a new issue