Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / 3b1bdff28579e9537e5e2d2f165a3a01f011d9ff / . / library / sha256.c
blob: ad25d38333f91219f1396862cafe15acd4dd3286 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-2 compliant SHA-256 implementation
3 *
Manuel Pégourié-Gonnard6fb81872015-07-27 11:11:48 +0200[diff] [blame]4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]18 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]19 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]20 */
21/*
22 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
23 *
24 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
25 */
26
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]27#if !defined(MBEDTLS_CONFIG_FILE)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]28#include "mbedtls/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]29#else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]30#include MBEDTLS_CONFIG_FILE
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]31#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]32
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]33#if defined(MBEDTLS_SHA256_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]34
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]35#include "mbedtls/sha256.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]36
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]37#include <string.h>
38
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]39#if defined(MBEDTLS_SELF_TEST)
40#if defined(MBEDTLS_PLATFORM_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]41#include "mbedtls/platform.h"
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]42#else
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]43#include <stdio.h>
Russ Butlerbb83b422016-10-12 17:36:50 -0500[diff] [blame]44#include <stdlib.h>
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]45#define mbedtls_printf printf
Russ Butlerbb83b422016-10-12 17:36:50 -0500[diff] [blame]46#define mbedtls_calloc calloc
47#define mbedtls_free free
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]48#endif /* MBEDTLS_PLATFORM_C */
49#endif /* MBEDTLS_SELF_TEST */
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]50
Manuel Pégourié-Gonnard8b2641d2015-08-27 20:03:46 +0200[diff] [blame]51#if !defined(MBEDTLS_SHA256_ALT)
52
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]53/* Implementation that should never be optimized out by the compiler */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]54static void mbedtls_zeroize( void *v, size_t n ) {
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]55 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
56}
57
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]58/*
59 * 32-bit integer manipulation macros (big endian)
60 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]61#ifndef GET_UINT32_BE
62#define GET_UINT32_BE(n,b,i) \
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]63do { \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]64 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
65 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
66 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
67 | ( (uint32_t) (b)[(i) + 3] ); \
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]68} while( 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]69#endif
70
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]71#ifndef PUT_UINT32_BE
72#define PUT_UINT32_BE(n,b,i) \
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]73do { \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]74 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
75 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
76 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
77 (b)[(i) + 3] = (unsigned char) ( (n) ); \
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]78} while( 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]79#endif
80
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]81void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]82{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]83 memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]84}
85
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]86void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]87{
88 if( ctx == NULL )
89 return;
90
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]91 mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]92}
93
Manuel Pégourié-Gonnard16d412f2015-07-06 15:26:26 +0200[diff] [blame]94void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
95 const mbedtls_sha256_context *src )
96{
97 *dst = *src;
98}
99
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]100/*
101 * SHA-256 context setup
102 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]103void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]104{
105 ctx->total[0] = 0;
106 ctx->total[1] = 0;
107
108 if( is224 == 0 )
109 {
110 /* SHA-256 */
111 ctx->state[0] = 0x6A09E667;
112 ctx->state[1] = 0xBB67AE85;
113 ctx->state[2] = 0x3C6EF372;
114 ctx->state[3] = 0xA54FF53A;
115 ctx->state[4] = 0x510E527F;
116 ctx->state[5] = 0x9B05688C;
117 ctx->state[6] = 0x1F83D9AB;
118 ctx->state[7] = 0x5BE0CD19;
119 }
120 else
121 {
122 /* SHA-224 */
123 ctx->state[0] = 0xC1059ED8;
124 ctx->state[1] = 0x367CD507;
125 ctx->state[2] = 0x3070DD17;
126 ctx->state[3] = 0xF70E5939;
127 ctx->state[4] = 0xFFC00B31;
128 ctx->state[5] = 0x68581511;
129 ctx->state[6] = 0x64F98FA7;
130 ctx->state[7] = 0xBEFA4FA4;
131 }
132
133 ctx->is224 = is224;
134}
135
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]136#if !defined(MBEDTLS_SHA256_PROCESS_ALT)
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]137static const uint32_t K[] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]138{
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]139 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
140 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
141 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
142 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
143 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
144 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
145 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
146 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
147 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
148 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
149 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
150 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
151 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
152 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
153 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
154 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
155};
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]156
157#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
158#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
159
160#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
161#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
162
163#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
164#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
165
166#define F0(x,y,z) ((x & y) | (z & (x | y)))
167#define F1(x,y,z) (z ^ (x & (y ^ z)))
168
169#define R(t) \
170( \
171 W[t] = S1(W[t - 2]) + W[t - 7] + \
172 S0(W[t - 15]) + W[t - 16] \
173)
174
175#define P(a,b,c,d,e,f,g,h,x,K) \
176{ \
177 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
178 temp2 = S2(a) + F0(a,b,c); \
179 d += temp1; h = temp1 + temp2; \
180}
181
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]182void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] )
183{
184 uint32_t temp1, temp2, W[64];
185 uint32_t A[8];
186 unsigned int i;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]187
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]188 for( i = 0; i < 8; i++ )
189 A[i] = ctx->state[i];
190
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]191#if defined(MBEDTLS_SHA256_SMALLER)
192 for( i = 0; i < 64; i++ )
193 {
194 if( i < 16 )
195 GET_UINT32_BE( W[i], data, 4 * i );
196 else
197 R( i );
198
199 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] );
200
201 temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3];
202 A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1;
203 }
204#else /* MBEDTLS_SHA256_SMALLER */
205 for( i = 0; i < 16; i++ )
206 GET_UINT32_BE( W[i], data, 4 * i );
207
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]208 for( i = 0; i < 16; i += 8 )
209 {
210 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] );
211 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] );
212 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] );
213 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] );
214 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] );
215 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
216 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
217 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
218 }
219
220 for( i = 16; i < 64; i += 8 )
221 {
222 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] );
223 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] );
224 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] );
225 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] );
226 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] );
227 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
228 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
229 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
230 }
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]231#endif /* MBEDTLS_SHA256_SMALLER */
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]232
233 for( i = 0; i < 8; i++ )
234 ctx->state[i] += A[i];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]235}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]236#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]237
238/*
239 * SHA-256 process buffer
240 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]241void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]242 size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]243{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]244 size_t fill;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]245 uint32_t left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]246
Brian White12895d12014-04-11 11:29:42 -0400[diff] [blame]247 if( ilen == 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]248 return;
249
250 left = ctx->total[0] & 0x3F;
251 fill = 64 - left;
252
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]253 ctx->total[0] += (uint32_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]254 ctx->total[0] &= 0xFFFFFFFF;
255
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]256 if( ctx->total[0] < (uint32_t) ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]257 ctx->total[1]++;
258
259 if( left && ilen >= fill )
260 {
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]261 memcpy( (void *) (ctx->buffer + left), input, fill );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]262 mbedtls_sha256_process( ctx, ctx->buffer );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]263 input += fill;
264 ilen -= fill;
265 left = 0;
266 }
267
268 while( ilen >= 64 )
269 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]270 mbedtls_sha256_process( ctx, input );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]271 input += 64;
272 ilen -= 64;
273 }
274
275 if( ilen > 0 )
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]276 memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]277}
278
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]279static const unsigned char sha256_padding[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]280{
281 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
282 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
283 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
284 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
285};
286
287/*
288 * SHA-256 final digest
289 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]290void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]291{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]292 uint32_t last, padn;
293 uint32_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]294 unsigned char msglen[8];
295
296 high = ( ctx->total[0] >> 29 )
297 | ( ctx->total[1] << 3 );
298 low = ( ctx->total[0] << 3 );
299
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]300 PUT_UINT32_BE( high, msglen, 0 );
301 PUT_UINT32_BE( low, msglen, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]302
303 last = ctx->total[0] & 0x3F;
304 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
305
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]306 mbedtls_sha256_update( ctx, sha256_padding, padn );
307 mbedtls_sha256_update( ctx, msglen, 8 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]308
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]309 PUT_UINT32_BE( ctx->state[0], output, 0 );
310 PUT_UINT32_BE( ctx->state[1], output, 4 );
311 PUT_UINT32_BE( ctx->state[2], output, 8 );
312 PUT_UINT32_BE( ctx->state[3], output, 12 );
313 PUT_UINT32_BE( ctx->state[4], output, 16 );
314 PUT_UINT32_BE( ctx->state[5], output, 20 );
315 PUT_UINT32_BE( ctx->state[6], output, 24 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]316
317 if( ctx->is224 == 0 )
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]318 PUT_UINT32_BE( ctx->state[7], output, 28 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]319}
320
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]321#endif /* !MBEDTLS_SHA256_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]322
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]323/*
324 * output = SHA-256( input buffer )
325 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]326void mbedtls_sha256( const unsigned char *input, size_t ilen,
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]327 unsigned char output[32], int is224 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]328{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]329 mbedtls_sha256_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]330
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]331 mbedtls_sha256_init( &ctx );
332 mbedtls_sha256_starts( &ctx, is224 );
333 mbedtls_sha256_update( &ctx, input, ilen );
334 mbedtls_sha256_finish( &ctx, output );
335 mbedtls_sha256_free( &ctx );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]336}
337
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]338#if defined(MBEDTLS_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]339/*
340 * FIPS-180-2 test vectors
341 */
Manuel Pégourié-Gonnard28122e42015-03-11 09:13:42 +0000[diff] [blame]342static const unsigned char sha256_test_buf[3][57] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]343{
344 { "abc" },
345 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
346 { "" }
347};
348
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]349static const int sha256_test_buflen[3] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]350{
351 3, 56, 1000
352};
353
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]354static const unsigned char sha256_test_sum[6][32] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]355{
356 /*
357 * SHA-224 test vectors
358 */
359 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
360 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
361 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
362 0xE3, 0x6C, 0x9D, 0xA7 },
363 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
364 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
365 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
366 0x52, 0x52, 0x25, 0x25 },
367 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
368 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
369 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
370 0x4E, 0xE7, 0xAD, 0x67 },
371
372 /*
373 * SHA-256 test vectors
374 */
375 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
376 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
377 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
378 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
379 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
380 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
381 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
382 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
383 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
384 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
385 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
386 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
387};
388
389/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]390 * Checkup routine
391 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]392int mbedtls_sha256_self_test( int verbose )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]393{
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]394 int i, j, k, buflen, ret = 0;
Russ Butlerbb83b422016-10-12 17:36:50 -0500[diff] [blame]395 unsigned char *buf;
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]396 unsigned char sha256sum[32];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]397 mbedtls_sha256_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]398
Russ Butlerbb83b422016-10-12 17:36:50 -0500[diff] [blame]399 buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
400 if( NULL == buf )
401 {
402 if( verbose != 0 )
403 mbedtls_printf( "Buffer allocation failed\n" );
404
405 return( 1 );
406 }
407
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]408 mbedtls_sha256_init( &ctx );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]409
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]410 for( i = 0; i < 6; i++ )
411 {
412 j = i % 3;
413 k = i < 3;
414
415 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]416 mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]417
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]418 mbedtls_sha256_starts( &ctx, k );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]419
420 if( j == 2 )
421 {
422 memset( buf, 'a', buflen = 1000 );
423
424 for( j = 0; j < 1000; j++ )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]425 mbedtls_sha256_update( &ctx, buf, buflen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]426 }
427 else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]428 mbedtls_sha256_update( &ctx, sha256_test_buf[j],
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]429 sha256_test_buflen[j] );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]430
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]431 mbedtls_sha256_finish( &ctx, sha256sum );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]432
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]433 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]434 {
435 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]436 mbedtls_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]437
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]438 ret = 1;
439 goto exit;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]440 }
441
442 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]443 mbedtls_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]444 }
445
446 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]447 mbedtls_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]448
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]449exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]450 mbedtls_sha256_free( &ctx );
Russ Butlerbb83b422016-10-12 17:36:50 -0500[diff] [blame]451 mbedtls_free( buf );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]452
453 return( ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]454}
455
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]456#endif /* MBEDTLS_SELF_TEST */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]457
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]458#endif /* MBEDTLS_SHA256_C */