1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/errno.h> 28 #include <sys/kmem.h> 29 #include <sys/systm.h> 30 #define _SHA2_IMPL 31 #include <sys/sha2.h> 32 #include <sys/crypto/common.h> 33 #include <sys/cmn_err.h> 34 #ifndef _KERNEL 35 #include <stdlib.h> 36 #include <string.h> 37 #include <strings.h> 38 #include <stdio.h> 39 #include <security/cryptoki.h> 40 #include <cryptoutil.h> 41 #include "softMAC.h" 42 #endif 43 #include <sha2/sha2_impl.h> 44 45 46 /* 47 * fips_sha2_build_context() 48 * 49 * Description: 50 * This function allocates and initializes SHA2 context. 51 */ 52 #ifndef _KERNEL 53 SHA2_CTX * 54 fips_sha2_build_context(CK_MECHANISM_TYPE mechanism) 55 { 56 SHA2_CTX *sha2_context; 57 58 if ((sha2_context = malloc(sizeof (SHA2_CTX))) == NULL) 59 return (NULL); 60 61 switch (mechanism) { 62 case CKM_SHA256: 63 SHA2Init(SHA256, sha2_context); 64 break; 65 66 case CKM_SHA384: 67 SHA2Init(SHA384, sha2_context); 68 break; 69 70 case CKM_SHA512: 71 SHA2Init(SHA512, sha2_context); 72 break; 73 } 74 75 return (sha2_context); 76 } 77 78 #else 79 SHA2_CTX * 80 fips_sha2_build_context(sha2_mech_t mechanism) 81 { 82 SHA2_CTX *sha2_context; 83 84 if ((sha2_context = kmem_zalloc(sizeof (SHA2_CTX), 85 KM_SLEEP)) == NULL) 86 return (NULL); 87 88 switch (mechanism) { 89 case SHA256_TYPE: 90 SHA2Init(SHA256, sha2_context); 91 break; 92 93 case SHA384_TYPE: 94 SHA2Init(SHA384, sha2_context); 95 break; 96 97 case SHA512_TYPE: 98 SHA2Init(SHA512, sha2_context); 99 break; 100 } 101 102 return (sha2_context); 103 } 104 #endif 105 106 /* 107 * fips_sha2_hash() 108 * 109 * Arguments: 110 * sha2_context: pointer to SHA2 context 111 * in: pointer to the input data to be hashed 112 * inlen: length of the input data 113 * out: pointer to the output data after hashing 114 * 115 * Description: 116 * This function calls the low-level SHA2 routines for hashing. 117 * 118 */ 119 int 120 fips_sha2_hash(SHA2_CTX *sha2_context, uchar_t *in, 121 ulong_t inlen, uchar_t *out) 122 { 123 124 int rv; 125 126 if (in != NULL) { 127 SHA2Update((SHA2_CTX *)sha2_context, in, inlen); 128 SHA2Final(out, (SHA2_CTX *)sha2_context); 129 rv = CKR_OK; 130 } else { 131 rv = CKR_ARGUMENTS_BAD; 132 } 133 134 if (sha2_context) 135 #ifdef _KERNEL 136 kmem_free(sha2_context, sizeof (SHA2_CTX)); 137 #else 138 free(sha2_context); 139 #endif 140 return (rv); 141 142 } 143 144 #ifndef _KERNEL 145 soft_hmac_ctx_t * 146 fips_sha2_hmac_build_context(CK_MECHANISM_TYPE mechanism, 147 uint8_t *secret_key, 148 unsigned int secret_key_length) 149 { 150 151 soft_hmac_ctx_t *hmac_ctx; 152 153 hmac_ctx = malloc(sizeof (soft_hmac_ctx_t)); 154 155 if (hmac_ctx == NULL) { 156 return (NULL); 157 } 158 159 switch (mechanism) { 160 case CKM_SHA256_HMAC: 161 { 162 uint64_t sha_ipad[SHA256_HMAC_INTS_PER_BLOCK]; 163 uint64_t sha_opad[SHA256_HMAC_INTS_PER_BLOCK]; 164 165 hmac_ctx->hmac_len = SHA256_DIGEST_LENGTH; 166 bzero(sha_ipad, SHA256_HMAC_BLOCK_SIZE); 167 bzero(sha_opad, SHA256_HMAC_BLOCK_SIZE); 168 169 (void) memcpy(sha_ipad, secret_key, secret_key_length); 170 (void) memcpy(sha_opad, secret_key, secret_key_length); 171 172 sha2_hmac_ctx_init(CKM_TO_SHA2(mechanism), 173 &hmac_ctx->hc_ctx_u.sha2_ctx, 174 sha_ipad, sha_opad, 175 SHA256_HMAC_INTS_PER_BLOCK, 176 SHA256_HMAC_BLOCK_SIZE); 177 178 break; 179 } 180 181 case CKM_SHA384_HMAC: 182 { 183 uint64_t sha_ipad[SHA512_HMAC_INTS_PER_BLOCK]; 184 uint64_t sha_opad[SHA512_HMAC_INTS_PER_BLOCK]; 185 186 hmac_ctx->hmac_len = SHA384_DIGEST_LENGTH; 187 bzero(sha_ipad, SHA512_HMAC_BLOCK_SIZE); 188 bzero(sha_opad, SHA512_HMAC_BLOCK_SIZE); 189 190 (void) memcpy(sha_ipad, secret_key, secret_key_length); 191 (void) memcpy(sha_opad, secret_key, secret_key_length); 192 193 sha2_hmac_ctx_init(CKM_TO_SHA2(mechanism), 194 &hmac_ctx->hc_ctx_u.sha2_ctx, 195 sha_ipad, sha_opad, 196 SHA512_HMAC_INTS_PER_BLOCK, 197 SHA512_HMAC_BLOCK_SIZE); 198 break; 199 } 200 201 case CKM_SHA512_HMAC: 202 { 203 uint64_t sha_ipad[SHA512_HMAC_INTS_PER_BLOCK]; 204 uint64_t sha_opad[SHA512_HMAC_INTS_PER_BLOCK]; 205 206 hmac_ctx->hmac_len = SHA512_DIGEST_LENGTH; 207 bzero(sha_ipad, SHA512_HMAC_BLOCK_SIZE); 208 bzero(sha_opad, SHA512_HMAC_BLOCK_SIZE); 209 210 (void) memcpy(sha_ipad, secret_key, secret_key_length); 211 (void) memcpy(sha_opad, secret_key, secret_key_length); 212 213 sha2_hmac_ctx_init(CKM_TO_SHA2(mechanism), 214 &hmac_ctx->hc_ctx_u.sha2_ctx, 215 sha_ipad, sha_opad, 216 SHA512_HMAC_INTS_PER_BLOCK, 217 SHA512_HMAC_BLOCK_SIZE); 218 219 break; 220 } 221 } 222 223 return (hmac_ctx); 224 } 225 226 CK_RV 227 fips_hmac_sha2_hash(unsigned char *hmac_computed, 228 uint8_t *secret_key, 229 unsigned int secret_key_length, 230 uint8_t *message, 231 unsigned int message_length, 232 CK_MECHANISM_TYPE mechanism) 233 { 234 235 soft_hmac_ctx_t *hmac_ctx = NULL; 236 237 hmac_ctx = fips_sha2_hmac_build_context(mechanism, 238 secret_key, secret_key_length); 239 240 if (hmac_ctx == NULL) 241 return (CKR_HOST_MEMORY); 242 243 switch (mechanism) { 244 case CKM_SHA256_HMAC: 245 if (message != NULL) 246 SHA2Update(&(hmac_ctx->hc_ctx_u.sha2_ctx.hc_icontext), 247 message, message_length); 248 249 SOFT_MAC_FINAL_2(SHA256, &(hmac_ctx->hc_ctx_u.sha2_ctx), 250 hmac_computed); 251 break; 252 253 case CKM_SHA384_HMAC: 254 if (message != NULL) 255 SHA2Update(&(hmac_ctx->hc_ctx_u.sha2_ctx.hc_icontext), 256 message, message_length); 257 258 SOFT_MAC_FINAL_2(SHA384, &(hmac_ctx->hc_ctx_u.sha2_ctx), 259 hmac_computed); 260 break; 261 262 case CKM_SHA512_HMAC: 263 if (message != NULL) 264 SHA2Update(&(hmac_ctx->hc_ctx_u.sha2_ctx.hc_icontext), 265 message, message_length); 266 267 SOFT_MAC_FINAL_2(SHA512, &(hmac_ctx->hc_ctx_u.sha2_ctx), 268 hmac_computed); 269 break; 270 } 271 272 free(hmac_ctx); 273 return (CKR_OK); 274 } 275 276 #else 277 278 /* 279 * Initialize a SHA2-HMAC context. 280 */ 281 void 282 sha2_mac_init_ctx(sha2_hmac_ctx_t *ctx, void *keyval, uint_t length_in_bytes) 283 { 284 uint64_t ipad[SHA512_HMAC_BLOCK_SIZE / sizeof (uint64_t)]; 285 uint64_t opad[SHA512_HMAC_BLOCK_SIZE / sizeof (uint64_t)]; 286 int i, block_size, blocks_per_int64; 287 288 /* Determine the block size */ 289 if (ctx->hc_mech_type <= SHA256_HMAC_GEN_MECH_INFO_TYPE) { 290 block_size = SHA256_HMAC_BLOCK_SIZE; 291 blocks_per_int64 = SHA256_HMAC_BLOCK_SIZE / sizeof (uint64_t); 292 } else { 293 block_size = SHA512_HMAC_BLOCK_SIZE; 294 blocks_per_int64 = SHA512_HMAC_BLOCK_SIZE / sizeof (uint64_t); 295 } 296 297 (void) bzero(ipad, block_size); 298 (void) bzero(opad, block_size); 299 (void) bcopy(keyval, ipad, length_in_bytes); 300 (void) bcopy(keyval, opad, length_in_bytes); 301 302 /* XOR key with ipad (0x36) and opad (0x5c) */ 303 for (i = 0; i < blocks_per_int64; i ++) { 304 ipad[i] ^= 0x3636363636363636; 305 opad[i] ^= 0x5c5c5c5c5c5c5c5c; 306 } 307 308 /* perform SHA2 on ipad */ 309 SHA2Init(ctx->hc_mech_type, &ctx->hc_icontext); 310 SHA2Update(&ctx->hc_icontext, (uint8_t *)ipad, block_size); 311 312 /* perform SHA2 on opad */ 313 SHA2Init(ctx->hc_mech_type, &ctx->hc_ocontext); 314 SHA2Update(&ctx->hc_ocontext, (uint8_t *)opad, block_size); 315 316 } 317 318 sha2_hmac_ctx_t * 319 fips_sha2_hmac_build_context(sha2_mech_t mechanism, 320 uint8_t *secret_key, 321 unsigned int secret_key_length) 322 { 323 sha2_hmac_ctx_t *sha2_hmac_ctx_tmpl; 324 325 /* 326 * Allocate and initialize SHA2 context. 327 */ 328 sha2_hmac_ctx_tmpl = kmem_alloc(sizeof (sha2_hmac_ctx_t), 329 KM_SLEEP); 330 if (sha2_hmac_ctx_tmpl == NULL) 331 return (NULL); 332 333 switch (mechanism) { 334 case SHA256_TYPE: 335 sha2_hmac_ctx_tmpl->hc_mech_type = 336 SHA256_HMAC_MECH_INFO_TYPE; 337 break; 338 339 case SHA384_TYPE: 340 sha2_hmac_ctx_tmpl->hc_mech_type = 341 SHA384_HMAC_MECH_INFO_TYPE; 342 break; 343 344 case SHA512_TYPE: 345 sha2_hmac_ctx_tmpl->hc_mech_type = 346 SHA512_HMAC_MECH_INFO_TYPE; 347 break; 348 } 349 350 /* 351 * initialize ctx->hc_icontext and ctx->hc_ocontext 352 */ 353 sha2_mac_init_ctx(sha2_hmac_ctx_tmpl, secret_key, 354 secret_key_length); 355 356 return (sha2_hmac_ctx_tmpl); 357 } 358 359 void 360 fips_hmac_sha2_hash(sha2_hmac_ctx_t *sha2_hmac_ctx, 361 uint8_t *message, 362 uint32_t message_len, 363 uint8_t *hmac_computed, 364 sha2_mech_t mechanism) 365 366 { 367 368 SHA2Update(&((sha2_hmac_ctx)->hc_icontext), message, 369 message_len); 370 SHA2Final(hmac_computed, &((sha2_hmac_ctx)->hc_icontext)); 371 372 switch (mechanism) { 373 case SHA256_TYPE: 374 SHA2Update(&((sha2_hmac_ctx)->hc_ocontext), 375 hmac_computed, SHA256_DIGEST_LENGTH); 376 break; 377 378 case SHA384_TYPE: 379 SHA2Update(&((sha2_hmac_ctx)->hc_ocontext), 380 hmac_computed, SHA384_DIGEST_LENGTH); 381 break; 382 383 case SHA512_TYPE: 384 SHA2Update(&((sha2_hmac_ctx)->hc_ocontext), 385 hmac_computed, SHA512_DIGEST_LENGTH); 386 break; 387 } 388 389 SHA2Final(hmac_computed, &((sha2_hmac_ctx)->hc_ocontext)); 390 391 kmem_free(sha2_hmac_ctx, sizeof (sha2_hmac_ctx_t)); 392 } 393 394 #endif 395 396 /* 397 * SHA2 Power-On SelfTest(s). 398 */ 399 int 400 fips_sha2_post(void) 401 { 402 403 /* 404 * SHA-256 Known Hash Message (512-bits). 405 * Source from NIST SHA256ShortMsg (Len = 512) 406 */ 407 static uint8_t sha256_known_hash_message[] = { 408 0x35, 0x92, 0xec, 0xfd, 0x1e, 0xac, 0x61, 0x8f, 409 0xd3, 0x90, 0xe7, 0xa9, 0xc2, 0x4b, 0x65, 0x65, 410 0x32, 0x50, 0x93, 0x67, 0xc2, 0x1a, 0x0e, 0xac, 411 0x12, 0x12, 0xac, 0x83, 0xc0, 0xb2, 0x0c, 0xd8, 412 0x96, 0xeb, 0x72, 0xb8, 0x01, 0xc4, 0xd2, 0x12, 413 0xc5, 0x45, 0x2b, 0xbb, 0xf0, 0x93, 0x17, 0xb5, 414 0x0c, 0x5c, 0x9f, 0xb1, 0x99, 0x75, 0x53, 0xd2, 415 0xbb, 0xc2, 0x9b, 0xb4, 0x2f, 0x57, 0x48, 0xad 416 }; 417 418 /* known SHA256 Digest Message (32 bytes) */ 419 static uint8_t known_sha256_digest[] = { 420 0x10, 0x5a, 0x60, 0x86, 0x58, 0x30, 0xac, 0x3a, 421 0x37, 0x1d, 0x38, 0x43, 0x32, 0x4d, 0x4b, 0xb5, 422 0xfa, 0x8e, 0xc0, 0xe0, 0x2d, 0xda, 0xa3, 0x89, 423 0xad, 0x8d, 0xa4, 0xf1, 0x02, 0x15, 0xc4, 0x54 424 }; 425 426 /* 427 * SHA-384 Known Hash Message (512-bits). 428 * Source from NIST SHA384ShortMsg (Len = 512) 429 */ 430 static uint8_t sha384_known_hash_message[] = { 431 0x58, 0xbe, 0xab, 0xf9, 0x79, 0xab, 0x35, 0xab, 432 0xba, 0x29, 0x37, 0x6d, 0x5d, 0xc2, 0x27, 0xab, 433 0xb3, 0xd2, 0xff, 0x4d, 0x90, 0x30, 0x49, 0x82, 434 0xfc, 0x10, 0x79, 0xbc, 0x2b, 0x28, 0x80, 0xfc, 435 0xb0, 0x12, 0x9e, 0x4f, 0xed, 0xf2, 0x78, 0x98, 436 0xce, 0x58, 0x6a, 0x91, 0xb7, 0x68, 0x1e, 0x0d, 437 0xba, 0x38, 0x5e, 0x80, 0x0e, 0x79, 0x26, 0xc0, 438 0xbc, 0x5a, 0xfe, 0x0d, 0x9c, 0xa9, 0x86, 0x50 439 }; 440 441 /* known SHA384 Digest Message (48 bytes) */ 442 static uint8_t known_sha384_digest[] = { 443 0xa0, 0x88, 0x8e, 0x1c, 0x4d, 0x7e, 0x80, 0xcb, 444 0xaa, 0xaf, 0xa8, 0xbb, 0x1c, 0xa1, 0xca, 0x91, 445 0x2a, 0x93, 0x21, 0x75, 0xc2, 0xef, 0x98, 0x2c, 446 0xe1, 0xf1, 0x23, 0xa8, 0xc1, 0xae, 0xe9, 0x63, 447 0x5a, 0xd7, 0x5b, 0xe5, 0x25, 0x90, 0xa9, 0x24, 448 0xbe, 0xd3, 0xf5, 0xec, 0x36, 0xc3, 0x56, 0x90 449 }; 450 451 /* 452 * SHA-512 Known Hash Message (512-bits). 453 * Source from NIST SHA512ShortMsg (Len = 512) 454 */ 455 static uint8_t sha512_known_hash_message[] = { 456 0x09, 0x5c, 0x7f, 0x30, 0x82, 0x4f, 0xc9, 0x28, 457 0x58, 0xcc, 0x93, 0x47, 0xc0, 0x85, 0xd5, 0x78, 458 0x88, 0x5f, 0xf3, 0x61, 0x4d, 0xd3, 0x8e, 0xe7, 459 0xee, 0x94, 0xa0, 0xf4, 0x40, 0x72, 0xc8, 0x77, 460 0x04, 0x7e, 0xe2, 0xad, 0x16, 0x6f, 0xdb, 0xa0, 461 0xe7, 0x44, 0xc3, 0xed, 0x2c, 0x2b, 0x24, 0xc9, 462 0xd8, 0xa2, 0x93, 0x46, 0x48, 0xdc, 0x84, 0xd3, 463 0xbe, 0x66, 0x63, 0x02, 0x11, 0x0a, 0xe0, 0x8f 464 }; 465 466 /* known SHA512 Digest Message (64 bytes) */ 467 static uint8_t known_sha512_digest[] = { 468 0xd5, 0xcd, 0xaf, 0x83, 0xbb, 0x4a, 0x27, 0xea, 469 0xad, 0x8d, 0x8f, 0x18, 0xe4, 0xbe, 0xe9, 0xc2, 470 0x5b, 0xe9, 0x49, 0xa7, 0x61, 0xa0, 0xfd, 0x0f, 471 0xb2, 0x28, 0x4c, 0xab, 0x14, 0x3c, 0xad, 0x60, 472 0xbe, 0xb5, 0x68, 0x87, 0x34, 0xb2, 0xf8, 0x1e, 473 0x9e, 0x2d, 0x64, 0x0b, 0x42, 0x5f, 0xd3, 0x2c, 474 0xcb, 0x3d, 0x20, 0xd0, 0x2d, 0x63, 0xc2, 0xc9, 475 0x4c, 0x03, 0xab, 0x3d, 0x9e, 0x7d, 0x9b, 0x4a 476 }; 477 478 /* SHA-2 HMAC Test Vectors */ 479 480 /* 481 * SHA-256 HMAC Known Hash Message (512-bits). 482 */ 483 static uint8_t sha256_hmac_known_hash_message[] = { 484 0x54, 0x68, 0x65, 0x20, 0x74, 0x65, 0x73, 0x74, 485 0x20, 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 486 0x20, 0x66, 0x6F, 0x72, 0x20, 0x74, 0x68, 0x65, 487 0x20, 0x4D, 0x44, 0x32, 0x2C, 0x20, 0x4D, 0x44, 488 0x35, 0x2C, 0x20, 0x61, 0x6E, 0x64, 0x20, 0x53, 489 0x48, 0x41, 0x2D, 0x31, 0x20, 0x68, 0x61, 0x73, 490 0x68, 0x69, 0x6E, 0x67, 0x20, 0x61, 0x6C, 0x67, 491 0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D, 0x73, 0x2E 492 }; 493 494 static uint8_t sha256_hmac_known_secret_key[] = { 495 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 496 0x74, 0x68, 0x65, 0x20, 0x53, 0x48, 0x41, 0x2D, 497 0x32, 0x35, 0x36, 0x20, 0x48, 0x4D, 0x41, 0x43, 498 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x20, 499 0x6B, 0x65, 0x79, 0x21 500 }; 501 502 static uint8_t sha256_hmac_known_secret_key_length 503 = sizeof (sha256_hmac_known_secret_key); 504 505 506 /* known SHA256 hmac (32 bytes) */ 507 static uint8_t known_sha256_hmac[] = { 508 0x02, 0x87, 0x21, 0x93, 0x84, 0x8a, 0x35, 0xae, 509 0xdb, 0xb6, 0x79, 0x26, 0x96, 0xf0, 0x50, 0xeb, 510 0x33, 0x49, 0x57, 0xf1, 0xb2, 0x32, 0xd3, 0x63, 511 0x03, 0x65, 0x57, 0xa2, 0xba, 0xa2, 0x5f, 0x35 512 }; 513 514 /* 515 * SHA-384 HMAC Known Hash Message (512-bits). 516 * Source from NIST HMAC.txt (Count = 15, Klen = 16, Tlen = 48) 517 */ 518 static uint8_t sha384_hmac_known_secret_key[] = { 519 0x01, 0xac, 0x59, 0xf4, 0x2f, 0x8b, 0xb9, 0x1d, 520 0x1b, 0xd1, 0x0f, 0xe6, 0x99, 0x0d, 0x7a, 0x87 521 }; 522 523 static uint8_t sha384_hmac_known_secret_key_length 524 = sizeof (sha384_hmac_known_secret_key); 525 526 static uint8_t sha384_hmac_known_hash_message[] = { 527 0x3c, 0xaf, 0x18, 0xc4, 0x76, 0xed, 0xd5, 0x61, 528 0x5f, 0x34, 0x3a, 0xc7, 0xb7, 0xd3, 0xa9, 0xda, 529 0x9e, 0xfa, 0xde, 0x75, 0x56, 0x72, 0xd5, 0xba, 530 0x4b, 0x8a, 0xe8, 0xa7, 0x50, 0x55, 0x39, 0xea, 531 0x2c, 0x12, 0x4f, 0xf7, 0x55, 0xec, 0x04, 0x57, 532 0xfb, 0xe4, 0x9e, 0x43, 0x48, 0x0b, 0x3c, 0x71, 533 0xe7, 0xf4, 0x74, 0x2e, 0xc3, 0x69, 0x3a, 0xad, 534 0x11, 0x5d, 0x03, 0x9f, 0x90, 0x22, 0x2b, 0x03, 535 0x0f, 0xdc, 0x94, 0x40, 0x31, 0x36, 0x91, 0x71, 536 0x6d, 0x53, 0x02, 0x00, 0x58, 0x08, 0xc0, 0x76, 537 0x27, 0x48, 0x3b, 0x91, 0x6f, 0xdf, 0x61, 0x98, 538 0x30, 0x63, 0xc2, 0xeb, 0x12, 0x68, 0xf2, 0xde, 539 0xee, 0xf4, 0x2f, 0xc7, 0x90, 0x33, 0x44, 0x56, 540 0xbc, 0x6b, 0xad, 0x25, 0x6e, 0x31, 0xfc, 0x90, 541 0x66, 0xde, 0x7c, 0xc7, 0xe4, 0x3d, 0x13, 0x21, 542 0xb1, 0x86, 0x6d, 0xb4, 0x5e, 0x90, 0x56, 0x22 543 }; 544 545 /* known SHA384 hmac (48 bytes) */ 546 static uint8_t known_sha384_hmac[] = { 547 0x19, 0x85, 0xfa, 0x21, 0x63, 0xa5, 0x94, 0x3f, 548 0xc5, 0xd9, 0x2f, 0x1f, 0xe8, 0x83, 0x12, 0x15, 549 0xe7, 0xe9, 0x1f, 0x0b, 0xff, 0x53, 0x32, 0xbc, 550 0x71, 0x3a, 0x07, 0x2b, 0xdb, 0x3a, 0x8f, 0x9e, 551 0x5c, 0x51, 0x57, 0x46, 0x3a, 0x3b, 0xfe, 0xb3, 552 0x62, 0x31, 0x41, 0x6e, 0x65, 0x97, 0x3e, 0x64 553 }; 554 555 /* 556 * SHA-512 HMAC Known Hash Message (512-bits). 557 * Source from NIST HMAC.txt (Count = 30, Klen = 20, Tlen = 64) 558 */ 559 static uint8_t sha512_hmac_known_secret_key[] = { 560 0xa7, 0x36, 0xf2, 0x74, 0xfd, 0xa6, 0x8e, 0x1b, 561 0xd5, 0xf9, 0x47, 0x1e, 0x85, 0xfd, 0x41, 0x5d, 562 0x7f, 0x2b, 0xa1, 0xbc 563 }; 564 565 static uint8_t sha512_hmac_known_secret_key_length 566 = sizeof (sha512_hmac_known_secret_key); 567 568 static uint8_t sha512_hmac_known_hash_message[] = { 569 0xa6, 0xcc, 0xc3, 0x55, 0x2c, 0x33, 0xe9, 0x17, 570 0x8b, 0x6b, 0x82, 0xc6, 0x53, 0xd6, 0x3d, 0xe2, 571 0x54, 0x0f, 0x17, 0x08, 0x07, 0xc3, 0xd9, 0x6a, 572 0x2a, 0xc2, 0xe2, 0x7d, 0xab, 0x55, 0x26, 0xf1, 573 0xc7, 0xd3, 0x77, 0xe6, 0x73, 0x6f, 0x04, 0x5d, 574 0xfb, 0x54, 0x1f, 0xec, 0xe9, 0xf4, 0x43, 0xb7, 575 0x28, 0x9c, 0x55, 0x9b, 0x69, 0x4c, 0x2a, 0xac, 576 0xc6, 0xc7, 0x4a, 0xe2, 0xa5, 0xe6, 0xf3, 0x0f, 577 0xe0, 0x31, 0x61, 0x14, 0x23, 0xb0, 0x4d, 0x55, 578 0x95, 0xff, 0xb4, 0x6a, 0xba, 0xa1, 0xd9, 0x18, 579 0x98, 0x96, 0x8d, 0x7f, 0x18, 0x30, 0xae, 0x94, 580 0xb0, 0x22, 0xee, 0xd2, 0x3f, 0xda, 0xd5, 0x2d, 581 0x38, 0x11, 0x0a, 0x48, 0x03, 0xa0, 0xce, 0xe7, 582 0xa0, 0x95, 0xc9, 0xa7, 0x8e, 0x86, 0x09, 0xed, 583 0xeb, 0x25, 0x48, 0x1c, 0xdc, 0x15, 0x6d, 0x0b, 584 0x2f, 0xfc, 0x56, 0xb6, 0x3f, 0xda, 0xd5, 0x33 585 }; 586 587 /* known SHA512 hmac (64 bytes) */ 588 static uint8_t known_sha512_hmac[] = { 589 0xf7, 0x18, 0x03, 0x43, 0x1e, 0x07, 0xa5, 0xa6, 590 0xe5, 0xfd, 0x4a, 0xe4, 0xcf, 0xc2, 0x75, 0x3b, 591 0xc8, 0x0d, 0x26, 0xe1, 0x67, 0x23, 0xd9, 0xe8, 592 0x8b, 0x40, 0x5a, 0x02, 0x34, 0x8e, 0xf4, 0xb9, 593 0x67, 0x92, 0xc9, 0x9c, 0xed, 0x64, 0xdc, 0x70, 594 0xea, 0x47, 0x53, 0x78, 0xb7, 0x46, 0x6a, 0xc2, 595 0xca, 0xf4, 0xa4, 0x20, 0xb0, 0x1f, 0xf6, 0x1e, 596 0x72, 0xc5, 0xb5, 0xee, 0x8e, 0xaa, 0xd4, 0xd4 597 }; 598 599 /* SHA-2 variables. */ 600 uint8_t sha256_computed_digest[SHA256_DIGEST_LENGTH]; 601 uint8_t sha384_computed_digest[SHA384_DIGEST_LENGTH]; 602 uint8_t sha512_computed_digest[SHA512_DIGEST_LENGTH]; 603 604 uint8_t hmac_computed[SHA512_DIGEST_LENGTH]; 605 SHA2_CTX *sha2_context = NULL; 606 607 #ifdef _KERNEL 608 sha2_hmac_ctx_t *sha2_hmac_ctx; 609 #endif 610 611 int rv; 612 613 /* 614 * SHA-2 Known Answer Hashing Test. 615 */ 616 617 /* SHA-256 POST */ 618 619 #ifdef _KERNEL 620 sha2_context = fips_sha2_build_context(SHA256_TYPE); 621 #else 622 sha2_context = fips_sha2_build_context(CKM_SHA256); 623 #endif 624 625 if (sha2_context == NULL) 626 return (CKR_HOST_MEMORY); 627 628 rv = fips_sha2_hash(sha2_context, 629 sha256_known_hash_message, 630 FIPS_KNOWN_HMAC_MESSAGE_LENGTH, 631 sha256_computed_digest); 632 633 if ((rv != CKR_OK) || 634 (memcmp(sha256_computed_digest, known_sha256_digest, 635 SHA256_DIGEST_LENGTH) != 0)) 636 return (CKR_DEVICE_ERROR); 637 638 /* SHA-384 POST */ 639 640 #ifdef _KERNEL 641 sha2_context = fips_sha2_build_context(SHA384_TYPE); 642 #else 643 sha2_context = fips_sha2_build_context(CKM_SHA384); 644 #endif 645 646 if (sha2_context == NULL) 647 return (CKR_HOST_MEMORY); 648 649 rv = fips_sha2_hash(sha2_context, 650 sha384_known_hash_message, 651 FIPS_KNOWN_HMAC_MESSAGE_LENGTH, 652 sha384_computed_digest); 653 654 if ((rv != CKR_OK) || 655 (memcmp(sha384_computed_digest, known_sha384_digest, 656 SHA384_DIGEST_LENGTH) != 0)) 657 return (CKR_DEVICE_ERROR); 658 659 /* SHA-512 POST */ 660 661 #ifdef _KERNEL 662 sha2_context = fips_sha2_build_context(SHA512_TYPE); 663 #else 664 sha2_context = fips_sha2_build_context(CKM_SHA512); 665 #endif 666 667 if (sha2_context == NULL) 668 return (CKR_HOST_MEMORY); 669 670 rv = fips_sha2_hash(sha2_context, 671 sha512_known_hash_message, 672 FIPS_KNOWN_HMAC_MESSAGE_LENGTH, 673 sha512_computed_digest); 674 675 if ((rv != CKR_OK) || 676 (memcmp(sha512_computed_digest, known_sha512_digest, 677 SHA512_DIGEST_LENGTH) != 0)) 678 return (CKR_DEVICE_ERROR); 679 680 /* 681 * SHA-2 HMAC Known Answer Hashing Test. 682 */ 683 684 /* HMAC SHA-256 POST */ 685 686 #ifdef _KERNEL 687 sha2_hmac_ctx = fips_sha2_hmac_build_context( 688 SHA256_TYPE, 689 sha256_hmac_known_secret_key, 690 sha256_hmac_known_secret_key_length); 691 692 if (sha2_hmac_ctx == NULL) 693 return (CKR_HOST_MEMORY); 694 695 fips_hmac_sha2_hash(sha2_hmac_ctx, 696 sha256_hmac_known_hash_message, 697 FIPS_KNOWN_HMAC_MESSAGE_LENGTH, 698 hmac_computed, 699 SHA256_TYPE); 700 701 if (memcmp(hmac_computed, known_sha256_hmac, 702 SHA256_DIGEST_LENGTH) != 0) 703 return (CKR_DEVICE_ERROR); 704 705 #else 706 rv = fips_hmac_sha2_hash(hmac_computed, 707 sha256_hmac_known_secret_key, 708 sha256_hmac_known_secret_key_length, 709 sha256_hmac_known_hash_message, 710 FIPS_KNOWN_HMAC_MESSAGE_LENGTH, 711 CKM_SHA256_HMAC); 712 713 if ((rv != CKR_OK) || 714 (memcmp(hmac_computed, known_sha256_hmac, 715 SHA256_DIGEST_LENGTH) != 0)) 716 return (CKR_DEVICE_ERROR); 717 718 #endif 719 720 /* HMAC SHA-384 POST */ 721 722 #ifdef _KERNEL 723 sha2_hmac_ctx = fips_sha2_hmac_build_context( 724 SHA384_TYPE, 725 sha384_hmac_known_secret_key, 726 sha384_hmac_known_secret_key_length); 727 728 if (sha2_hmac_ctx == NULL) 729 return (CKR_HOST_MEMORY); 730 731 fips_hmac_sha2_hash(sha2_hmac_ctx, 732 sha384_hmac_known_hash_message, 733 sizeof (sha384_hmac_known_hash_message), 734 hmac_computed, 735 SHA384_TYPE); 736 737 if (memcmp(hmac_computed, known_sha384_hmac, 738 SHA384_DIGEST_LENGTH) != 0) 739 return (CKR_DEVICE_ERROR); 740 #else 741 rv = fips_hmac_sha2_hash(hmac_computed, 742 sha384_hmac_known_secret_key, 743 sha384_hmac_known_secret_key_length, 744 sha384_hmac_known_hash_message, 745 sizeof (sha384_hmac_known_hash_message), 746 CKM_SHA384_HMAC); 747 748 if ((rv != CKR_OK) || 749 (memcmp(hmac_computed, known_sha384_hmac, 750 SHA384_DIGEST_LENGTH) != 0)) 751 return (CKR_DEVICE_ERROR); 752 753 #endif 754 755 /* HMAC SHA-512 POST */ 756 757 #ifdef _KERNEL 758 sha2_hmac_ctx = fips_sha2_hmac_build_context( 759 SHA512_TYPE, 760 sha512_hmac_known_secret_key, 761 sha512_hmac_known_secret_key_length); 762 763 if (sha2_hmac_ctx == NULL) 764 return (CKR_HOST_MEMORY); 765 766 fips_hmac_sha2_hash(sha2_hmac_ctx, 767 sha512_hmac_known_hash_message, 768 sizeof (sha512_hmac_known_hash_message), 769 hmac_computed, 770 SHA512_TYPE); 771 772 if (memcmp(hmac_computed, known_sha512_hmac, 773 SHA512_DIGEST_LENGTH) != 0) 774 return (CKR_DEVICE_ERROR); 775 776 #else 777 rv = fips_hmac_sha2_hash(hmac_computed, 778 sha512_hmac_known_secret_key, 779 sha512_hmac_known_secret_key_length, 780 sha512_hmac_known_hash_message, 781 sizeof (sha512_hmac_known_hash_message), 782 CKM_SHA512_HMAC); 783 784 if ((rv != CKR_OK) || 785 (memcmp(hmac_computed, known_sha512_hmac, 786 SHA512_DIGEST_LENGTH) != 0)) 787 return (CKR_DEVICE_ERROR); 788 789 #endif 790 791 return (CKR_OK); 792 } 793
Indexes created Mon Mar 22 07:20:35 UTC 2010
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Site Map |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
© 2010, Oracle Corporation and/or its affiliates
