SHA-2 from https://github.com/amosnier/sha-2

6 files changed, 612 insertions, 0 deletions

diff --git a/test/monniaux/sha-2/LICENSE b/test/monniaux/sha-2/LICENSE
new file mode 100644
index 00000000..cf1ab25d
--- /dev/null
+++ b/test/monniaux/sha-2/LICENSE
@@ -0,0 +1,24 @@
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <http://unlicense.org>
diff --git a/test/monniaux/sha-2/Makefile b/test/monniaux/sha-2/Makefile
new file mode 100644
index 00000000..2904b77d
--- /dev/null
+++ b/test/monniaux/sha-2/Makefile
@@ -0,0 +1,40 @@
+CFLAGS=-Wall -O3
+K1C_CC=k1-mbr-gcc
+K1C_CFLAGS=-Wall -O3 -std=c99
+K1C_CCOMP=../../../ccomp
+K1C_CCOMPFLAGS=-Wall -O3 -D__thread= -D__int128=int
+
+PRODUCTS=sha-256.host sha-256.gcc.k1c.out sha-256.ccomp.k1c.out sha-256.ccomp.k1c.s sha-256.gcc.k1c.s sha-256.gcc.k1c sha-256.ccomp.k1c
+
+all:	$(PRODUCTS)
+
+%.gcc.k1c.s: %.c
+	$(K1C_CC) $(K1C_CFLAGS) -S $< -o $@
+
+%.gcc.k1c.o: %.gcc.k1c.s
+	$(K1C_CC) $(K1C_CFLAGS) -c $< -o $@
+
+%.ccomp.k1c.s: %.c
+	$(K1C_CCOMP) $(K1C_CCOMPFLAGS) -S $< -o $@
+
+%.ccomp.k1c.o: %.ccomp.k1c.s
+	$(K1C_CCOMP) $(K1C_CCOMPFLAGS) -c $< -o $@
+
+sha-256.host: sha-256.c sha-256_run.c sha-256.h
+	$(CC) $(CFLAGS) sha-256.c sha-256_run.c -o $@
+
+sha-256.gcc.k1c.s sha-256.ccomp.k1c.s sha-256_run.gcc.k1c.s: sha-256.h
+
+sha-256.gcc.k1c: sha-256.gcc.k1c.o sha-256_run.gcc.k1c.o
+	$(K1C_CC) $(K1C_CFLAGS) $+ -o $@
+
+sha-256.ccomp.k1c: sha-256.ccomp.k1c.o sha-256_run.gcc.k1c.o
+	$(K1C_CCOMP) $(K1C_CCOMPFLAGS) $+ -o $@
+
+%.k1c.out: %.k1c
+	k1-cluster --cycle-based -- $< | tee $@
+
+clean:
+	$(RM) -f $(PRODUCTS) sha-256.gcc.k1c.o sha-256.ccomp.k1c.o sha-256_run.gcc.k1c.o sha-256_run.gcc.k1c.s
+
+.PHONY: clean
diff --git a/test/monniaux/sha-2/README.md b/test/monniaux/sha-2/README.md
new file mode 100644
index 00000000..bd975955
--- /dev/null
+++ b/test/monniaux/sha-2/README.md
@@ -0,0 +1,99 @@
+# sha-2 [![Build Status](https://travis-ci.org/amosnier/sha-2.svg?branch=master)](https://travis-ci.org/amosnier/sha-2)
+
+https://github.com/amosnier/sha-2
+
+## Contents
+
+SHA-2 algorithm implementations.
+
+At the moment, only SHA-256 is implemented.
+
+## Design criteria
+
+- Easy to test, include in any project, compile and link.
+
+- ANSI C with as little specific C99 as possible (e.g. extended
+  integer types are used, but not bool).
+
+- Portable. Makes no assumptions on the target system's endianess or
+  word size.
+
+- The SHA-256 implementation is a straightforward implementation of
+  the algorithm specified on
+  [Wikipedia](https://en.wikipedia.org/wiki/SHA-2).
+
+## Notes
+
+The Makefile is as minimal as possible. No effort was put into making
+it general. Its purpose is mainly to ease testing for the developer's
+host machine. The actual implementation is however extremely easy to
+include in any project, may it use GNU make or any other build tool.
+
+## Code review
+
+This code has been reviewed at [Stack Exchange CODE
+REVIEW](https://codereview.stackexchange.com/questions/182812/self-contained-sha-256-implementation-in-c),
+and the implementation has been improved accordingly.
+
+## Testing
+
+Testing is continuously performed on Travis CI (see above).
+
+Apart from that, the implementation has been successfully tested on an x86-64 machine
+under Linux as well as on a 16-bit DSP. On the x86-64 machine, all the
+available NIST test vectors where successfully tested ([SHA-256
+examples](https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA256.pdf)
+and [SHA-2 Additional
+examples](https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA2_Additional.pdf),
+plus a few others).
+
+In particular:
+
+```
+Input Message: "abc"
+Message Digest is BA7816BF 8F01CFEA 414140DE 5DAE2223 B00361A3 96177A9C B410FF61 F20015AD
+```
+
+```
+Input Message: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+Message Digest is 248D6A61 D20638B8 E5C02693 0C3E6039 A33CE459 64FF2167 F6ECEDD4 19DB06C1
+```
+
+```
+SHA-256 Test Data
+#1) 1 byte 0xbd 
+68325720 aabd7c82 f30f554b 313d0570 c95accbb 7dc4b5aa e11204c0 8ffe732b
+#2) 4 bytes 0xc98c8e55 
+7abc22c0 ae5af26c e93dbb94 433a0e0b 2e119d01 4f8e7f65 bd56c61c cccd9504 
+#3) 55 bytes of zeros 
+02779466 cdec1638 11d07881 5c633f21 90141308 1449002f 24aa3e80 f0b88ef7 
+#4) 56 bytes of zeros 
+d4817aa5 497628e7 c77e6b60 6107042b bba31308 88c5f47a 375e6179 be789fbb 
+#5) 57 bytes of zeros 
+65a16cb7 861335d5 ace3c607 18b5052e 44660726 da4cd13b b745381b 235a1785 
+#6) 64 bytes of zeros 
+f5a5fd42 d16a2030 2798ef6e d309979b 43003d23 20d9f0e8 ea9831a9 2759fb4b 
+#7) 1000 bytes of zeros 
+541b3e9d aa09b20b f85fa273 e5cbd3e8 0185aa4e c298e765 db87742b 70138a53 
+#8) 1000 bytes of 0x41 ‘A’ 
+c2e68682 3489ced2 017f6059 b8b23931 8b6364f6 dcd835d0 a519105a 1eadd6e4 
+#9) 1005 bytes of 0x55 ‘U’ 
+f4d62dde c0f3dd90 ea1380fa 16a5ff8d c4c54b21 740650f2 4afc4120 903552b0 
+#10) 1000000 bytes of zeros 
+d29751f2 649b32ff 572b5e0a 9f541ea6 60a50f94 ff0beedf b0b692b9 24cc8025 
+#11) 0x20000000 (536870912) bytes of 0x5a ‘Z’ 
+15a1868c 12cc5395 1e182344 277447cd 0979536b adcc512a d24c67e9 b2d4f3dd 
+#12) 0x41000000 (1090519040) bytes of zeros 
+461c19a9 3bd4344f 9215f5ec 64357090 342bc66b 15a14831 7d276e31 cbc20b53 
+#13) 0x6000003e (1610612798) bytes of 0x42 ‘B’ 
+c23ce8a7 895f4b21 ec0daf37 920ac0a2 62a22004 5a03eb2d fed48ef9 b05aabea
+```
+
+## License
+
+This repository is made available in the public domain. See [LICENSE
+FILE](LICENSE).
+
+## Reference implementation
+
+I had missed that when I made this implementation but [RFC 6234, chapter 8](https://tools.ietf.org/html/rfc6234#section-8) actually includes a reference implementation in C that is (at least in ambition) broader in scope than this one. I have however neither compiled nor tested it.
diff --git a/test/monniaux/sha-2/sha-256.c b/test/monniaux/sha-2/sha-256.c
new file mode 100644
index 00000000..53d6ff2e
--- /dev/null
+++ b/test/monniaux/sha-2/sha-256.c
@@ -0,0 +1,210 @@
+#include <stdint.h>
+#include <string.h>
+
+#include "sha-256.h"
+
+#define CHUNK_SIZE 64
+#define TOTAL_LEN_LEN 8
+
+/*
+ * ABOUT bool: this file does not use bool in order to be as pre-C99 compatible as possible.
+ */
+
+/*
+ * Comments from pseudo-code at https://en.wikipedia.org/wiki/SHA-2 are reproduced here.
+ * When useful for clarification, portions of the pseudo-code are reproduced here too.
+ */
+
+/*
+ * Initialize array of round constants:
+ * (first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311):
+ */
+static const uint32_t k[] = {
+	0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+	0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+	0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+	0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+	0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+	0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+	0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+	0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+};
+
+struct buffer_state {
+	const uint8_t * p;
+	size_t len;
+	size_t total_len;
+	int single_one_delivered; /* bool */
+	int total_len_delivered; /* bool */
+};
+
+static inline uint32_t right_rot(uint32_t value, unsigned int count)
+{
+	/*
+	 * Defined behaviour in standard C for all count where 0 < count < 32,
+	 * which is what we need here.
+	 */
+	return value >> count | value << (32 - count);
+}
+
+static void init_buf_state(struct buffer_state * state, const void * input, size_t len)
+{
+	state->p = input;
+	state->len = len;
+	state->total_len = len;
+	state->single_one_delivered = 0;
+	state->total_len_delivered = 0;
+}
+
+/* Return value: bool */
+static int calc_chunk(uint8_t chunk[CHUNK_SIZE], struct buffer_state * state)
+{
+	size_t space_in_chunk;
+
+	if (state->total_len_delivered) {
+		return 0;
+	}
+
+	if (state->len >= CHUNK_SIZE) {
+		memcpy(chunk, state->p, CHUNK_SIZE);
+		state->p += CHUNK_SIZE;
+		state->len -= CHUNK_SIZE;
+		return 1;
+	}
+
+	memcpy(chunk, state->p, state->len);
+	chunk += state->len;
+	space_in_chunk = CHUNK_SIZE - state->len;
+	state->p += state->len;
+	state->len = 0;
+
+	/* If we are here, space_in_chunk is one at minimum. */
+	if (!state->single_one_delivered) {
+		*chunk++ = 0x80;
+		space_in_chunk -= 1;
+		state->single_one_delivered = 1;
+	}
+
+	/*
+	 * Now:
+	 * - either there is enough space left for the total length, and we can conclude,
+	 * - or there is too little space left, and we have to pad the rest of this chunk with zeroes.
+	 * In the latter case, we will conclude at the next invokation of this function.
+	 */
+	if (space_in_chunk >= TOTAL_LEN_LEN) {
+		const size_t left = space_in_chunk - TOTAL_LEN_LEN;
+		size_t len = state->total_len;
+		int i;
+		memset(chunk, 0x00, left);
+		chunk += left;
+
+		/* Storing of len * 8 as a big endian 64-bit without overflow. */
+		chunk[7] = (uint8_t) (len << 3);
+		len >>= 5;
+		for (i = 6; i >= 0; i--) {
+			chunk[i] = (uint8_t) len;
+			len >>= 8;
+		}
+		state->total_len_delivered = 1;
+	} else {
+		memset(chunk, 0x00, space_in_chunk);
+	}
+
+	return 1;
+}
+
+/*
+ * Limitations:
+ * - Since input is a pointer in RAM, the data to hash should be in RAM, which could be a problem
+ *   for large data sizes.
+ * - SHA algorithms theoretically operate on bit strings. However, this implementation has no support
+ *   for bit string lengths that are not multiples of eight, and it really operates on arrays of bytes.
+ *   In particular, the len parameter is a number of bytes.
+ */
+void calc_sha_256(uint8_t hash[32], const void * input, size_t len)
+{
+	/*
+	 * Note 1: All integers (expect indexes) are 32-bit unsigned integers and addition is calculated modulo 2^32.
+	 * Note 2: For each round, there is one round constant k[i] and one entry in the message schedule array w[i], 0 = i = 63
+	 * Note 3: The compression function uses 8 working variables, a through h
+	 * Note 4: Big-endian convention is used when expressing the constants in this pseudocode,
+	 *     and when parsing message block data from bytes to words, for example,
+	 *     the first word of the input message "abc" after padding is 0x61626380
+	 */
+
+	/*
+	 * Initialize hash values:
+	 * (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19):
+	 */
+	uint32_t h[] = { 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 };
+	int i, j;
+
+	/* 512-bit chunks is what we will operate on. */
+	uint8_t chunk[64];
+
+	struct buffer_state state;
+
+	init_buf_state(&state, input, len);
+
+	while (calc_chunk(chunk, &state)) {
+		uint32_t ah[8];
+		
+		/*
+		 * create a 64-entry message schedule array w[0..63] of 32-bit words
+		 * (The initial values in w[0..63] don't matter, so many implementations zero them here)
+		 * copy chunk into first 16 words w[0..15] of the message schedule array
+		 */
+		uint32_t w[64];
+		const uint8_t *p = chunk;
+
+		memset(w, 0x00, sizeof w);
+		for (i = 0; i < 16; i++) {
+			w[i] = (uint32_t) p[0] << 24 | (uint32_t) p[1] << 16 |
+				(uint32_t) p[2] << 8 | (uint32_t) p[3];
+			p += 4;
+		}
+
+		/* Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array: */
+		for (i = 16; i < 64; i++) {
+			const uint32_t s0 = right_rot(w[i - 15], 7) ^ right_rot(w[i - 15], 18) ^ (w[i - 15] >> 3);
+			const uint32_t s1 = right_rot(w[i - 2], 17) ^ right_rot(w[i - 2], 19) ^ (w[i - 2] >> 10);
+			w[i] = w[i - 16] + s0 + w[i - 7] + s1;
+		}
+		
+		/* Initialize working variables to current hash value: */
+		for (i = 0; i < 8; i++)
+			ah[i] = h[i];
+
+		/* Compression function main loop: */
+		for (i = 0; i < 64; i++) {
+			const uint32_t s1 = right_rot(ah[4], 6) ^ right_rot(ah[4], 11) ^ right_rot(ah[4], 25);
+			const uint32_t ch = (ah[4] & ah[5]) ^ (~ah[4] & ah[6]);
+			const uint32_t temp1 = ah[7] + s1 + ch + k[i] + w[i];
+			const uint32_t s0 = right_rot(ah[0], 2) ^ right_rot(ah[0], 13) ^ right_rot(ah[0], 22);
+			const uint32_t maj = (ah[0] & ah[1]) ^ (ah[0] & ah[2]) ^ (ah[1] & ah[2]);
+			const uint32_t temp2 = s0 + maj;
+
+			ah[7] = ah[6];
+			ah[6] = ah[5];
+			ah[5] = ah[4];
+			ah[4] = ah[3] + temp1;
+			ah[3] = ah[2];
+			ah[2] = ah[1];
+			ah[1] = ah[0];
+			ah[0] = temp1 + temp2;
+		}
+
+		/* Add the compressed chunk to the current hash value: */
+		for (i = 0; i < 8; i++)
+			h[i] += ah[i];
+	}
+
+	/* Produce the final hash value (big-endian): */
+	for (i = 0, j = 0; i < 8; i++)
+	{
+		hash[j++] = (uint8_t) (h[i] >> 24);
+		hash[j++] = (uint8_t) (h[i] >> 16);
+		hash[j++] = (uint8_t) (h[i] >> 8);
+		hash[j++] = (uint8_t) h[i];
+	}
+}
diff --git a/test/monniaux/sha-2/sha-256.h b/test/monniaux/sha-2/sha-256.h
new file mode 100644
index 00000000..47f06ebf
--- /dev/null
+++ b/test/monniaux/sha-2/sha-256.h
@@ -0,0 +1 @@
+void calc_sha_256(uint8_t hash[32], const void *input, size_t len);
diff --git a/test/monniaux/sha-2/sha-256_run.c b/test/monniaux/sha-2/sha-256_run.c
new file mode 100644
index 00000000..5b5031c3
--- /dev/null
+++ b/test/monniaux/sha-2/sha-256_run.c
@@ -0,0 +1,238 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "sha-256.h"
+
+struct string_vector {
+	const char *input;
+	const char *output;
+};
+
+static const struct string_vector STRING_VECTORS[] = {
+	{
+		"",
+		"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
+	},
+	{
+		"abc",
+		"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
+	},
+	{
+		"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
+		"a8ae6e6ee929abea3afcfc5258c8ccd6f85273e0d4626d26c7279f3250f77c8e"
+	},
+	{
+		"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcde",
+		"057ee79ece0b9a849552ab8d3c335fe9a5f1c46ef5f1d9b190c295728628299c"
+	},
+	{
+		"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0",
+		"2a6ad82f3620d3ebe9d678c812ae12312699d673240d5be8fac0910a70000d93"
+	},
+	{
+		"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+		"248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1"
+	},
+	{
+		"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno"
+		"ijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
+		"cf5b16a778af8380036ce59e7b0492370b249b11e8f07a51afac45037afee9d1"
+	}
+};
+
+#define LARGE_MESSAGES 1
+
+static uint8_t data1[] = { 0xbd };
+static uint8_t data2[] = { 0xc9, 0x8c, 0x8e, 0x55 };
+static uint8_t data7[1000];
+static uint8_t data8[1000];
+static uint8_t data9[1005];
+#if LARGE_MESSAGES
+#define SIZEOF_DATA11 536870912
+#define SIZEOF_DATA12 1090519040
+#define SIZEOF_DATA13 1610612798
+static uint8_t * data11;
+static uint8_t * data12;
+static uint8_t * data13;
+#endif
+
+struct vector {
+	const uint8_t *input;
+	size_t input_len;
+	const char *output;
+};
+
+static struct vector vectors[] = {
+	{
+		data1,
+		sizeof data1,
+		"68325720aabd7c82f30f554b313d0570c95accbb7dc4b5aae11204c08ffe732b"
+	},
+	{
+		data2,
+		sizeof data2,
+		"7abc22c0ae5af26ce93dbb94433a0e0b2e119d014f8e7f65bd56c61ccccd9504"
+	},
+	{
+		data7,
+		55,
+		"02779466cdec163811d078815c633f21901413081449002f24aa3e80f0b88ef7"
+	},
+	{
+		data7,
+		56,
+		"d4817aa5497628e7c77e6b606107042bbba3130888c5f47a375e6179be789fbb"
+	},
+	{
+		data7,
+		57,
+		"65a16cb7861335d5ace3c60718b5052e44660726da4cd13bb745381b235a1785"
+	},
+	{
+		data7,
+		64,
+		"f5a5fd42d16a20302798ef6ed309979b43003d2320d9f0e8ea9831a92759fb4b"
+	},
+	{
+		data7,
+		sizeof data7,
+		"541b3e9daa09b20bf85fa273e5cbd3e80185aa4ec298e765db87742b70138a53"
+	},
+	{
+		data8,
+		sizeof data8,
+		"c2e686823489ced2017f6059b8b239318b6364f6dcd835d0a519105a1eadd6e4"
+	},
+	{
+		data9,
+		sizeof data9,
+		"f4d62ddec0f3dd90ea1380fa16a5ff8dc4c54b21740650f24afc4120903552b0"
+	}
+#if LARGE_MESSAGES
+	,
+	{
+		NULL,
+		1000000,
+		"d29751f2649b32ff572b5e0a9f541ea660a50f94ff0beedfb0b692b924cc8025"
+	},
+	{
+		NULL,
+		SIZEOF_DATA11,
+		"15a1868c12cc53951e182344277447cd0979536badcc512ad24c67e9b2d4f3dd"
+	},
+	{
+		NULL,
+		SIZEOF_DATA12,
+		"461c19a93bd4344f9215f5ec64357090342bc66b15a148317d276e31cbc20b53"
+	},
+	{
+		NULL,
+		SIZEOF_DATA13,
+		"c23ce8a7895f4b21ec0daf37920ac0a262a220045a03eb2dfed48ef9b05aabea"
+	}
+#endif
+};
+
+static void construct_binary_messages(void)
+{
+	memset(data7, 0x00, sizeof data7);
+	memset(data8, 0x41, sizeof data8);
+	memset(data9, 0x55, sizeof data9);
+#if LARGE_MESSAGES
+	/*
+	 * Heap allocation as a workaround for some linkers not liking
+	 * large BSS segments.
+	 */
+	data11 = malloc(SIZEOF_DATA11);
+	data12 = malloc(SIZEOF_DATA12);
+	data13 = malloc(SIZEOF_DATA13);
+	memset(data11, 0x5a, SIZEOF_DATA11);
+	memset(data12, 0x00, SIZEOF_DATA12);
+	memset(data13, 0x42, SIZEOF_DATA13);
+	vectors[9].input = data12;
+	vectors[10].input = data11;
+	vectors[11].input = data12;
+	vectors[12].input = data13;
+#endif
+}
+
+static void destruct_binary_messages(void)
+{
+#if LARGE_MESSAGES
+	free(data11);
+	free(data12);
+	free(data13);
+#endif
+}
+
+static void hash_to_string(char string[65], const uint8_t hash[32])
+{
+	size_t i;
+	for (i = 0; i < 32; i++) {
+		string += sprintf(string, "%02x", hash[i]);
+	}
+}	
+	
+static int string_test(const char input[], const char output[])
+{
+	uint8_t hash[32];
+	char hash_string[65];
+	calc_sha_256(hash, input, strlen(input));
+	hash_to_string(hash_string, hash);
+	printf("input: %s\n", input);
+	printf("hash : %s\n", hash_string);
+	if (strcmp(output, hash_string)) {
+		printf("FAILURE!\n\n");
+		return 1;
+	} else {
+		printf("SUCCESS!\n\n");
+		return 0;
+	}		
+}
+
+/*
+ * Limitation:
+ * - The variable input_len will be truncated to its LONG_BIT least
+ * significant bits in the print output. This will never be a problem
+ * for values that in practice are less than 2^32 - 1. Rationale: ANSI
+ * C-compatibility and keeping it simple.
+ */
+static int test(const uint8_t * input, size_t input_len, const char output[])
+{
+	uint8_t hash[32];
+	char hash_string[65];
+	calc_sha_256(hash, input, input_len);
+	hash_to_string(hash_string, hash);
+	printf("input starts with 0x%02x, length %lu\n", *input, (unsigned long) input_len);
+	printf("hash : %s\n", hash_string);
+	if (strcmp(output, hash_string)) {
+		printf("FAILURE!\n\n");
+		return 1;
+	} else {
+		printf("SUCCESS!\n\n");
+		return 0;
+	}
+}
+
+int main(void)
+{
+	size_t i;
+	for (i = 0; i < (sizeof STRING_VECTORS / sizeof (struct string_vector)); i++) {
+		const struct string_vector *vector = &STRING_VECTORS[i];
+		if (string_test(vector->input, vector->output))
+			return 1;
+	}
+	construct_binary_messages();
+	for (i = 0; i < (sizeof vectors / sizeof (struct vector)); i++) {
+		const struct vector *vector = &vectors[i];
+		if (test(vector->input, vector->input_len, vector->output))
+		{
+			destruct_binary_messages();
+			return 1;
+		}
+	}
+	destruct_binary_messages();
+	return 0;
+}