I am currently implementing the SHA256 hash-algorithm for a "custom-built" embeded-device. Obviously I have a problem with message padding. The routine I wrote does not work with message whose size equals exactly 512 bits.
In that case, how should the message be padded ? i.e.
M = "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPAABBCCDDEEFFGGHHIIJJKKLLMMNNOOPP"
I mean, what should be the hexa-decimal representation of the last padded block?
Any message that is 448 bits or larger is padded beyond the block size, and runs a second iteration of the compression function. If messages beyond this limit excluding intervals of 512 bits seem to work correctly, it is probably a simple math error. If it was an endianness issue, all lengths greater than 1 would fail.
I assume you are using a byte oriented approach to the design, therefore the padding byte [80] starts the first block, followed by [00] valued bytes, followed by the 64-bit length [0000000000000200], making the block look like this:
80 000000000000000000000000000000000000000000000 0000000000000200
