Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / 53585eeb1765ee61ae28fa548f663b19bb40b841 / . / library / sha256.c
blob: cf0b15fad57f7fcb12e672633cfe549d6111649a [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-2 compliant SHA-256 implementation
3 *
Manuel Pégourié-Gonnarda658a402015-01-23 09:45:19 +0000[diff] [blame]4 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]6 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]7 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22/*
23 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
24 *
25 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
26 */
27
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]28#if !defined(MBEDTLS_CONFIG_FILE)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]29#include "mbedtls/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]30#else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]31#include MBEDTLS_CONFIG_FILE
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]32#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]33
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]34#if defined(MBEDTLS_SHA256_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]35
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]36#include "mbedtls/sha256.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]37
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]38#include <string.h>
39
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]40#if defined(MBEDTLS_SELF_TEST)
41#if defined(MBEDTLS_PLATFORM_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]42#include "mbedtls/platform.h"
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]43#else
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]44#include <stdio.h>
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]45#define mbedtls_printf printf
46#endif /* MBEDTLS_PLATFORM_C */
47#endif /* MBEDTLS_SELF_TEST */
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]48
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]49/* Implementation that should never be optimized out by the compiler */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]50static void mbedtls_zeroize( void *v, size_t n ) {
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]51 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
52}
53
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]54#if !defined(MBEDTLS_SHA256_ALT)
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]55
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]56/*
57 * 32-bit integer manipulation macros (big endian)
58 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]59#ifndef GET_UINT32_BE
60#define GET_UINT32_BE(n,b,i) \
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]61do { \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]62 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
63 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
64 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
65 | ( (uint32_t) (b)[(i) + 3] ); \
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]66} while( 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]67#endif
68
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]69#ifndef PUT_UINT32_BE
70#define PUT_UINT32_BE(n,b,i) \
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]71do { \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]72 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
73 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
74 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
75 (b)[(i) + 3] = (unsigned char) ( (n) ); \
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]76} while( 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]77#endif
78
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]79void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]80{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]81 memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]82}
83
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]84void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]85{
86 if( ctx == NULL )
87 return;
88
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]89 mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]90}
91
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]92/*
93 * SHA-256 context setup
94 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]95void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]96{
97 ctx->total[0] = 0;
98 ctx->total[1] = 0;
99
100 if( is224 == 0 )
101 {
102 /* SHA-256 */
103 ctx->state[0] = 0x6A09E667;
104 ctx->state[1] = 0xBB67AE85;
105 ctx->state[2] = 0x3C6EF372;
106 ctx->state[3] = 0xA54FF53A;
107 ctx->state[4] = 0x510E527F;
108 ctx->state[5] = 0x9B05688C;
109 ctx->state[6] = 0x1F83D9AB;
110 ctx->state[7] = 0x5BE0CD19;
111 }
112 else
113 {
114 /* SHA-224 */
115 ctx->state[0] = 0xC1059ED8;
116 ctx->state[1] = 0x367CD507;
117 ctx->state[2] = 0x3070DD17;
118 ctx->state[3] = 0xF70E5939;
119 ctx->state[4] = 0xFFC00B31;
120 ctx->state[5] = 0x68581511;
121 ctx->state[6] = 0x64F98FA7;
122 ctx->state[7] = 0xBEFA4FA4;
123 }
124
125 ctx->is224 = is224;
126}
127
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]128#if !defined(MBEDTLS_SHA256_PROCESS_ALT)
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]129static const uint32_t K[] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]130{
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]131 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
132 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
133 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
134 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
135 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
136 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
137 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
138 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
139 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
140 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
141 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
142 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
143 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
144 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
145 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
146 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
147};
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]148
149#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
150#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
151
152#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
153#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
154
155#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
156#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
157
158#define F0(x,y,z) ((x & y) | (z & (x | y)))
159#define F1(x,y,z) (z ^ (x & (y ^ z)))
160
161#define R(t) \
162( \
163 W[t] = S1(W[t - 2]) + W[t - 7] + \
164 S0(W[t - 15]) + W[t - 16] \
165)
166
167#define P(a,b,c,d,e,f,g,h,x,K) \
168{ \
169 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
170 temp2 = S2(a) + F0(a,b,c); \
171 d += temp1; h = temp1 + temp2; \
172}
173
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]174void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] )
175{
176 uint32_t temp1, temp2, W[64];
177 uint32_t A[8];
178 unsigned int i;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]179
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]180 for( i = 0; i < 8; i++ )
181 A[i] = ctx->state[i];
182
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]183#if defined(MBEDTLS_SHA256_SMALLER)
184 for( i = 0; i < 64; i++ )
185 {
186 if( i < 16 )
187 GET_UINT32_BE( W[i], data, 4 * i );
188 else
189 R( i );
190
191 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] );
192
193 temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3];
194 A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1;
195 }
196#else /* MBEDTLS_SHA256_SMALLER */
197 for( i = 0; i < 16; i++ )
198 GET_UINT32_BE( W[i], data, 4 * i );
199
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]200 for( i = 0; i < 16; i += 8 )
201 {
202 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] );
203 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] );
204 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] );
205 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] );
206 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] );
207 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
208 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
209 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
210 }
211
212 for( i = 16; i < 64; i += 8 )
213 {
214 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] );
215 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] );
216 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] );
217 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] );
218 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] );
219 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
220 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
221 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
222 }
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]223#endif /* MBEDTLS_SHA256_SMALLER */
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]224
225 for( i = 0; i < 8; i++ )
226 ctx->state[i] += A[i];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]227}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]228#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]229
230/*
231 * SHA-256 process buffer
232 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]233void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]234 size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]235{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]236 size_t fill;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]237 uint32_t left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]238
Brian White12895d12014-04-11 11:29:42 -0400[diff] [blame]239 if( ilen == 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]240 return;
241
242 left = ctx->total[0] & 0x3F;
243 fill = 64 - left;
244
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]245 ctx->total[0] += (uint32_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]246 ctx->total[0] &= 0xFFFFFFFF;
247
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]248 if( ctx->total[0] < (uint32_t) ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]249 ctx->total[1]++;
250
251 if( left && ilen >= fill )
252 {
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]253 memcpy( (void *) (ctx->buffer + left), input, fill );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]254 mbedtls_sha256_process( ctx, ctx->buffer );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]255 input += fill;
256 ilen -= fill;
257 left = 0;
258 }
259
260 while( ilen >= 64 )
261 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]262 mbedtls_sha256_process( ctx, input );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]263 input += 64;
264 ilen -= 64;
265 }
266
267 if( ilen > 0 )
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]268 memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]269}
270
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]271static const unsigned char sha256_padding[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]272{
273 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
274 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
275 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
276 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
277};
278
279/*
280 * SHA-256 final digest
281 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]282void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]283{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]284 uint32_t last, padn;
285 uint32_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]286 unsigned char msglen[8];
287
288 high = ( ctx->total[0] >> 29 )
289 | ( ctx->total[1] << 3 );
290 low = ( ctx->total[0] << 3 );
291
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]292 PUT_UINT32_BE( high, msglen, 0 );
293 PUT_UINT32_BE( low, msglen, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]294
295 last = ctx->total[0] & 0x3F;
296 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
297
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]298 mbedtls_sha256_update( ctx, sha256_padding, padn );
299 mbedtls_sha256_update( ctx, msglen, 8 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]300
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]301 PUT_UINT32_BE( ctx->state[0], output, 0 );
302 PUT_UINT32_BE( ctx->state[1], output, 4 );
303 PUT_UINT32_BE( ctx->state[2], output, 8 );
304 PUT_UINT32_BE( ctx->state[3], output, 12 );
305 PUT_UINT32_BE( ctx->state[4], output, 16 );
306 PUT_UINT32_BE( ctx->state[5], output, 20 );
307 PUT_UINT32_BE( ctx->state[6], output, 24 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]308
309 if( ctx->is224 == 0 )
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]310 PUT_UINT32_BE( ctx->state[7], output, 28 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]311}
312
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]313#endif /* !MBEDTLS_SHA256_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]314
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]315/*
316 * output = SHA-256( input buffer )
317 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]318void mbedtls_sha256( const unsigned char *input, size_t ilen,
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]319 unsigned char output[32], int is224 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]320{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]321 mbedtls_sha256_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]322
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]323 mbedtls_sha256_init( &ctx );
324 mbedtls_sha256_starts( &ctx, is224 );
325 mbedtls_sha256_update( &ctx, input, ilen );
326 mbedtls_sha256_finish( &ctx, output );
327 mbedtls_sha256_free( &ctx );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]328}
329
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]330#if defined(MBEDTLS_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]331/*
332 * FIPS-180-2 test vectors
333 */
Manuel Pégourié-Gonnard28122e42015-03-11 09:13:42 +0000[diff] [blame]334static const unsigned char sha256_test_buf[3][57] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]335{
336 { "abc" },
337 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
338 { "" }
339};
340
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]341static const int sha256_test_buflen[3] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]342{
343 3, 56, 1000
344};
345
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]346static const unsigned char sha256_test_sum[6][32] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]347{
348 /*
349 * SHA-224 test vectors
350 */
351 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
352 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
353 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
354 0xE3, 0x6C, 0x9D, 0xA7 },
355 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
356 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
357 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
358 0x52, 0x52, 0x25, 0x25 },
359 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
360 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
361 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
362 0x4E, 0xE7, 0xAD, 0x67 },
363
364 /*
365 * SHA-256 test vectors
366 */
367 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
368 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
369 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
370 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
371 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
372 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
373 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
374 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
375 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
376 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
377 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
378 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
379};
380
381/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]382 * Checkup routine
383 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]384int mbedtls_sha256_self_test( int verbose )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]385{
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]386 int i, j, k, buflen, ret = 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]387 unsigned char buf[1024];
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]388 unsigned char sha256sum[32];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]389 mbedtls_sha256_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]390
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]391 mbedtls_sha256_init( &ctx );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]392
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]393 for( i = 0; i < 6; i++ )
394 {
395 j = i % 3;
396 k = i < 3;
397
398 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]399 mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]400
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]401 mbedtls_sha256_starts( &ctx, k );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]402
403 if( j == 2 )
404 {
405 memset( buf, 'a', buflen = 1000 );
406
407 for( j = 0; j < 1000; j++ )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]408 mbedtls_sha256_update( &ctx, buf, buflen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]409 }
410 else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]411 mbedtls_sha256_update( &ctx, sha256_test_buf[j],
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]412 sha256_test_buflen[j] );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]413
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]414 mbedtls_sha256_finish( &ctx, sha256sum );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]415
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]416 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]417 {
418 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]419 mbedtls_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]420
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]421 ret = 1;
422 goto exit;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]423 }
424
425 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]426 mbedtls_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]427 }
428
429 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]430 mbedtls_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]431
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]432exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]433 mbedtls_sha256_free( &ctx );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]434
435 return( ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]436}
437
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]438#endif /* MBEDTLS_SELF_TEST */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]439
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]440#endif /* MBEDTLS_SHA256_C */