Blame - lib/libmbedtls/mbedtls/library/sha256.c - OP-TEE/optee_os

blob: be373d9cb0b0efe72faa5fa1201b4306a18080e3 [file] [log] [blame]

Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	1	/*
				2	* FIPS-180-2 compliant SHA-256 implementation
				3	*
Jerome Forissier	7901324	2021-07-28 10:24:04 +0200	[diff] [blame]	4	* Copyright The Mbed TLS Contributors
				5	* SPDX-License-Identifier: Apache-2.0
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	6	*
				7	* Licensed under the Apache License, Version 2.0 (the "License"); you may
				8	* not use this file except in compliance with the License.
				9	* You may obtain a copy of the License at
				10	*
				11	* http://www.apache.org/licenses/LICENSE-2.0
				12	*
				13	* Unless required by applicable law or agreed to in writing, software
				14	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				15	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				16	* See the License for the specific language governing permissions and
				17	* limitations under the License.
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	18	*/
				19	/*
				20	* The SHA-256 Secure Hash Standard was published by NIST in 2002.
				21	*
				22	* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
				23	*/
				24
Jerome Forissier	7901324	2021-07-28 10:24:04 +0200	[diff] [blame]	25	#include "common.h"
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	26
				27	#if defined(MBEDTLS_SHA256_C)
				28
				29	#include "mbedtls/sha256.h"
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	30	#include "mbedtls/platform_util.h"
Jerome Forissier	11fa71b	2020-04-20 17:17:56 +0200	[diff] [blame]	31	#include "mbedtls/error.h"
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	32
				33	#include <string.h>
				34
				35	#if defined(MBEDTLS_SELF_TEST)
				36	#if defined(MBEDTLS_PLATFORM_C)
				37	#include "mbedtls/platform.h"
				38	#else
				39	#include <stdio.h>
				40	#include <stdlib.h>
				41	#define mbedtls_printf printf
				42	#define mbedtls_calloc calloc
				43	#define mbedtls_free free
				44	#endif /* MBEDTLS_PLATFORM_C */
				45	#endif /* MBEDTLS_SELF_TEST */
				46
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	47	#define SHA256_VALIDATE_RET(cond) \
				48	MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
				49	#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	50
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	51	#if !defined(MBEDTLS_SHA256_ALT)
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	52
				53	/*
				54	* 32-bit integer manipulation macros (big endian)
				55	*/
				56	#ifndef GET_UINT32_BE
				57	#define GET_UINT32_BE(n,b,i) \
				58	do { \
				59	(n) = ( (uint32_t) (b)[(i) ] << 24 ) \
				60	\| ( (uint32_t) (b)[(i) + 1] << 16 ) \
				61	\| ( (uint32_t) (b)[(i) + 2] << 8 ) \
				62	\| ( (uint32_t) (b)[(i) + 3] ); \
				63	} while( 0 )
				64	#endif
				65
				66	#ifndef PUT_UINT32_BE
				67	#define PUT_UINT32_BE(n,b,i) \
				68	do { \
				69	(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
				70	(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
				71	(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
				72	(b)[(i) + 3] = (unsigned char) ( (n) ); \
				73	} while( 0 )
				74	#endif
				75
				76	void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
				77	{
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	78	SHA256_VALIDATE( ctx != NULL );
				79
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	80	memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
				81	}
				82
				83	void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
				84	{
				85	if( ctx == NULL )
				86	return;
				87
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	88	mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	89	}
				90
				91	void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
				92	const mbedtls_sha256_context *src )
				93	{
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	94	SHA256_VALIDATE( dst != NULL );
				95	SHA256_VALIDATE( src != NULL );
				96
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	97	dst = src;
				98	}
				99
				100	/*
				101	* SHA-256 context setup
				102	*/
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	103	int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	104	{
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	105	SHA256_VALIDATE_RET( ctx != NULL );
				106	SHA256_VALIDATE_RET( is224 == 0 \|\| is224 == 1 );
				107
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	108	ctx->total[0] = 0;
				109	ctx->total[1] = 0;
				110
				111	if( is224 == 0 )
				112	{
				113	/* SHA-256 */
				114	ctx->state[0] = 0x6A09E667;
				115	ctx->state[1] = 0xBB67AE85;
				116	ctx->state[2] = 0x3C6EF372;
				117	ctx->state[3] = 0xA54FF53A;
				118	ctx->state[4] = 0x510E527F;
				119	ctx->state[5] = 0x9B05688C;
				120	ctx->state[6] = 0x1F83D9AB;
				121	ctx->state[7] = 0x5BE0CD19;
				122	}
				123	else
				124	{
				125	/* SHA-224 */
				126	ctx->state[0] = 0xC1059ED8;
				127	ctx->state[1] = 0x367CD507;
				128	ctx->state[2] = 0x3070DD17;
				129	ctx->state[3] = 0xF70E5939;
				130	ctx->state[4] = 0xFFC00B31;
				131	ctx->state[5] = 0x68581511;
				132	ctx->state[6] = 0x64F98FA7;
				133	ctx->state[7] = 0xBEFA4FA4;
				134	}
				135
				136	ctx->is224 = is224;
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	137
				138	return( 0 );
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	139	}
				140
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	141	#if !defined(MBEDTLS_DEPRECATED_REMOVED)
				142	void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
				143	int is224 )
				144	{
				145	mbedtls_sha256_starts_ret( ctx, is224 );
				146	}
				147	#endif
				148
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	149	#if !defined(MBEDTLS_SHA256_PROCESS_ALT)
				150	static const uint32_t K[] =
				151	{
				152	0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
				153	0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
				154	0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
				155	0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
				156	0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
				157	0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
				158	0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
				159	0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
				160	0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
				161	0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
				162	0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
				163	0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
				164	0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
				165	0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
				166	0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
				167	0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
				168	};
				169
Jerome Forissier	5b25c76	2020-04-07 11:18:49 +0200	[diff] [blame]	170	#define SHR(x,n) (((x) & 0xFFFFFFFF) >> (n))
				171	#define ROTR(x,n) (SHR(x,n) \| ((x) << (32 - (n))))
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	172
				173	#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
				174	#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
				175
				176	#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
				177	#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
				178
Jerome Forissier	5b25c76	2020-04-07 11:18:49 +0200	[diff] [blame]	179	#define F0(x,y,z) (((x) & (y)) \| ((z) & ((x) \| (y))))
				180	#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	181
Jerome Forissier	7901324	2021-07-28 10:24:04 +0200	[diff] [blame]	182	#define R(t) \
				183	( \
				184	local.W[t] = S1(local.W[(t) - 2]) + local.W[(t) - 7] + \
				185	S0(local.W[(t) - 15]) + local.W[(t) - 16] \
Jerome Forissier	5b25c76	2020-04-07 11:18:49 +0200	[diff] [blame]	186	)
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	187
Jerome Forissier	7901324	2021-07-28 10:24:04 +0200	[diff] [blame]	188	#define P(a,b,c,d,e,f,g,h,x,K) \
				189	do \
				190	{ \
				191	local.temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
				192	local.temp2 = S2(a) + F0((a),(b),(c)); \
				193	(d) += local.temp1; (h) = local.temp1 + local.temp2; \
Jerome Forissier	5b25c76	2020-04-07 11:18:49 +0200	[diff] [blame]	194	} while( 0 )
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	195
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	196	int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
				197	const unsigned char data[64] )
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	198	{
Jerome Forissier	7901324	2021-07-28 10:24:04 +0200	[diff] [blame]	199	struct
				200	{
				201	uint32_t temp1, temp2, W[64];
				202	uint32_t A[8];
				203	} local;
				204
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	205	unsigned int i;
				206
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	207	SHA256_VALIDATE_RET( ctx != NULL );
				208	SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
				209
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	210	for( i = 0; i < 8; i++ )
Jerome Forissier	7901324	2021-07-28 10:24:04 +0200	[diff] [blame]	211	local.A[i] = ctx->state[i];
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	212
				213	#if defined(MBEDTLS_SHA256_SMALLER)
				214	for( i = 0; i < 64; i++ )
				215	{
				216	if( i < 16 )
Jerome Forissier	7901324	2021-07-28 10:24:04 +0200	[diff] [blame]	217	GET_UINT32_BE( local.W[i], data, 4 * i );
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	218	else
				219	R( i );
				220
Jerome Forissier	7901324	2021-07-28 10:24:04 +0200	[diff] [blame]	221	P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
				222	local.A[5], local.A[6], local.A[7], local.W[i], K[i] );
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	223
Jerome Forissier	7901324	2021-07-28 10:24:04 +0200	[diff] [blame]	224	local.temp1 = local.A[7]; local.A[7] = local.A[6];
				225	local.A[6] = local.A[5]; local.A[5] = local.A[4];
				226	local.A[4] = local.A[3]; local.A[3] = local.A[2];
				227	local.A[2] = local.A[1]; local.A[1] = local.A[0];
				228	local.A[0] = local.temp1;
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	229	}
				230	#else /* MBEDTLS_SHA256_SMALLER */
				231	for( i = 0; i < 16; i++ )
Jerome Forissier	7901324	2021-07-28 10:24:04 +0200	[diff] [blame]	232	GET_UINT32_BE( local.W[i], data, 4 * i );
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	233
				234	for( i = 0; i < 16; i += 8 )
				235	{
Jerome Forissier	7901324	2021-07-28 10:24:04 +0200	[diff] [blame]	236	P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
				237	local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0] );
				238	P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
				239	local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1] );
				240	P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
				241	local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2] );
				242	P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
				243	local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3] );
				244	P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
				245	local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4] );
				246	P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
				247	local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5] );
				248	P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
				249	local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6] );
				250	P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
				251	local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7] );
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	252	}
				253
				254	for( i = 16; i < 64; i += 8 )
				255	{
Jerome Forissier	7901324	2021-07-28 10:24:04 +0200	[diff] [blame]	256	P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
				257	local.A[5], local.A[6], local.A[7], R(i+0), K[i+0] );
				258	P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
				259	local.A[4], local.A[5], local.A[6], R(i+1), K[i+1] );
				260	P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
				261	local.A[3], local.A[4], local.A[5], R(i+2), K[i+2] );
				262	P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
				263	local.A[2], local.A[3], local.A[4], R(i+3), K[i+3] );
				264	P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
				265	local.A[1], local.A[2], local.A[3], R(i+4), K[i+4] );
				266	P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
				267	local.A[0], local.A[1], local.A[2], R(i+5), K[i+5] );
				268	P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
				269	local.A[7], local.A[0], local.A[1], R(i+6), K[i+6] );
				270	P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
				271	local.A[6], local.A[7], local.A[0], R(i+7), K[i+7] );
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	272	}
				273	#endif /* MBEDTLS_SHA256_SMALLER */
				274
				275	for( i = 0; i < 8; i++ )
Jerome Forissier	7901324	2021-07-28 10:24:04 +0200	[diff] [blame]	276	ctx->state[i] += local.A[i];
				277
				278	/* Zeroise buffers and variables to clear sensitive data from memory. */
				279	mbedtls_platform_zeroize( &local, sizeof( local ) );
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	280
				281	return( 0 );
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	282	}
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	283
				284	#if !defined(MBEDTLS_DEPRECATED_REMOVED)
				285	void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
				286	const unsigned char data[64] )
				287	{
				288	mbedtls_internal_sha256_process( ctx, data );
				289	}
				290	#endif
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	291	#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
				292
				293	/*
				294	* SHA-256 process buffer
				295	*/
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	296	int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
				297	const unsigned char *input,
				298	size_t ilen )
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	299	{
Jerome Forissier	11fa71b	2020-04-20 17:17:56 +0200	[diff] [blame]	300	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	301	size_t fill;
				302	uint32_t left;
				303
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	304	SHA256_VALIDATE_RET( ctx != NULL );
				305	SHA256_VALIDATE_RET( ilen == 0 \|\| input != NULL );
				306
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	307	if( ilen == 0 )
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	308	return( 0 );
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	309
				310	left = ctx->total[0] & 0x3F;
				311	fill = 64 - left;
				312
				313	ctx->total[0] += (uint32_t) ilen;
				314	ctx->total[0] &= 0xFFFFFFFF;
				315
				316	if( ctx->total[0] < (uint32_t) ilen )
				317	ctx->total[1]++;
				318
				319	if( left && ilen >= fill )
				320	{
				321	memcpy( (void *) (ctx->buffer + left), input, fill );
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	322
				323	if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
				324	return( ret );
				325
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	326	input += fill;
				327	ilen -= fill;
				328	left = 0;
				329	}
				330
				331	while( ilen >= 64 )
				332	{
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	333	if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 )
				334	return( ret );
				335
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	336	input += 64;
				337	ilen -= 64;
				338	}
				339
				340	if( ilen > 0 )
				341	memcpy( (void *) (ctx->buffer + left), input, ilen );
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	342
				343	return( 0 );
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	344	}
				345
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	346	#if !defined(MBEDTLS_DEPRECATED_REMOVED)
				347	void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
				348	const unsigned char *input,
				349	size_t ilen )
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	350	{
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	351	mbedtls_sha256_update_ret( ctx, input, ilen );
				352	}
				353	#endif
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	354
				355	/*
				356	* SHA-256 final digest
				357	*/
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	358	int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
				359	unsigned char output[32] )
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	360	{
Jerome Forissier	11fa71b	2020-04-20 17:17:56 +0200	[diff] [blame]	361	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	362	uint32_t used;
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	363	uint32_t high, low;
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	364
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	365	SHA256_VALIDATE_RET( ctx != NULL );
				366	SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
				367
				368	/*
				369	* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
				370	*/
				371	used = ctx->total[0] & 0x3F;
				372
				373	ctx->buffer[used++] = 0x80;
				374
				375	if( used <= 56 )
				376	{
				377	/* Enough room for padding + length in current block */
				378	memset( ctx->buffer + used, 0, 56 - used );
				379	}
				380	else
				381	{
				382	/* We'll need an extra block */
				383	memset( ctx->buffer + used, 0, 64 - used );
				384
				385	if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
				386	return( ret );
				387
				388	memset( ctx->buffer, 0, 56 );
				389	}
				390
				391	/*
				392	* Add message length
				393	*/
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	394	high = ( ctx->total[0] >> 29 )
				395	\| ( ctx->total[1] << 3 );
				396	low = ( ctx->total[0] << 3 );
				397
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	398	PUT_UINT32_BE( high, ctx->buffer, 56 );
				399	PUT_UINT32_BE( low, ctx->buffer, 60 );
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	400
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	401	if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
				402	return( ret );
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	403
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	404	/*
				405	* Output final state
				406	*/
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	407	PUT_UINT32_BE( ctx->state[0], output, 0 );
				408	PUT_UINT32_BE( ctx->state[1], output, 4 );
				409	PUT_UINT32_BE( ctx->state[2], output, 8 );
				410	PUT_UINT32_BE( ctx->state[3], output, 12 );
				411	PUT_UINT32_BE( ctx->state[4], output, 16 );
				412	PUT_UINT32_BE( ctx->state[5], output, 20 );
				413	PUT_UINT32_BE( ctx->state[6], output, 24 );
				414
				415	if( ctx->is224 == 0 )
				416	PUT_UINT32_BE( ctx->state[7], output, 28 );
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	417
				418	return( 0 );
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	419	}
				420
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	421	#if !defined(MBEDTLS_DEPRECATED_REMOVED)
				422	void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
				423	unsigned char output[32] )
				424	{
				425	mbedtls_sha256_finish_ret( ctx, output );
				426	}
				427	#endif
				428
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	429	#endif /* !MBEDTLS_SHA256_ALT */
				430
				431	/*
				432	* output = SHA-256( input buffer )
				433	*/
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	434	int mbedtls_sha256_ret( const unsigned char *input,
				435	size_t ilen,
				436	unsigned char output[32],
				437	int is224 )
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	438	{
Jerome Forissier	11fa71b	2020-04-20 17:17:56 +0200	[diff] [blame]	439	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	440	mbedtls_sha256_context ctx;
				441
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	442	SHA256_VALIDATE_RET( is224 == 0 \|\| is224 == 1 );
				443	SHA256_VALIDATE_RET( ilen == 0 \|\| input != NULL );
				444	SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
				445
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	446	mbedtls_sha256_init( &ctx );
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	447
				448	if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )
				449	goto exit;
				450
				451	if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 )
				452	goto exit;
				453
				454	if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 )
				455	goto exit;
				456
				457	exit:
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	458	mbedtls_sha256_free( &ctx );
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	459
				460	return( ret );
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	461	}
				462
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	463	#if !defined(MBEDTLS_DEPRECATED_REMOVED)
				464	void mbedtls_sha256( const unsigned char *input,
				465	size_t ilen,
				466	unsigned char output[32],
				467	int is224 )
				468	{
				469	mbedtls_sha256_ret( input, ilen, output, is224 );
				470	}
				471	#endif
				472
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	473	#if defined(MBEDTLS_SELF_TEST)
				474	/*
				475	* FIPS-180-2 test vectors
				476	*/
				477	static const unsigned char sha256_test_buf[3][57] =
				478	{
				479	{ "abc" },
				480	{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
				481	{ "" }
				482	};
				483
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	484	static const size_t sha256_test_buflen[3] =
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	485	{
				486	3, 56, 1000
				487	};
				488
				489	static const unsigned char sha256_test_sum[6][32] =
				490	{
				491	/*
				492	* SHA-224 test vectors
				493	*/
				494	{ 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
				495	0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
				496	0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
				497	0xE3, 0x6C, 0x9D, 0xA7 },
				498	{ 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
				499	0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
				500	0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
				501	0x52, 0x52, 0x25, 0x25 },
				502	{ 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
				503	0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
				504	0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
				505	0x4E, 0xE7, 0xAD, 0x67 },
				506
				507	/*
				508	* SHA-256 test vectors
				509	*/
				510	{ 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
				511	0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
				512	0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
				513	0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
				514	{ 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
				515	0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
				516	0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
				517	0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
				518	{ 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
				519	0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
				520	0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
				521	0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
				522	};
				523
				524	/*
				525	* Checkup routine
				526	*/
				527	int mbedtls_sha256_self_test( int verbose )
				528	{
				529	int i, j, k, buflen, ret = 0;
				530	unsigned char *buf;
				531	unsigned char sha256sum[32];
				532	mbedtls_sha256_context ctx;
				533
				534	buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
				535	if( NULL == buf )
				536	{
				537	if( verbose != 0 )
				538	mbedtls_printf( "Buffer allocation failed\n" );
				539
				540	return( 1 );
				541	}
				542
				543	mbedtls_sha256_init( &ctx );
				544
				545	for( i = 0; i < 6; i++ )
				546	{
				547	j = i % 3;
				548	k = i < 3;
				549
				550	if( verbose != 0 )
				551	mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
				552
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	553	if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 )
				554	goto fail;
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	555
				556	if( j == 2 )
				557	{
				558	memset( buf, 'a', buflen = 1000 );
				559
				560	for( j = 0; j < 1000; j++ )
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	561	{
				562	ret = mbedtls_sha256_update_ret( &ctx, buf, buflen );
				563	if( ret != 0 )
				564	goto fail;
				565	}
				566
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	567	}
				568	else
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	569	{
				570	ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j],
				571	sha256_test_buflen[j] );
				572	if( ret != 0 )
				573	goto fail;
				574	}
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	575
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	576	if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 )
				577	goto fail;
				578
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	579
				580	if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
				581	{
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	582	ret = 1;
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	583	goto fail;
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	584	}
				585
				586	if( verbose != 0 )
				587	mbedtls_printf( "passed\n" );
				588	}
				589
				590	if( verbose != 0 )
				591	mbedtls_printf( "\n" );
				592
Jens Wiklander	3d3b059	2019-03-20 15:30:29 +0100	[diff] [blame]	593	goto exit;
				594
				595	fail:
				596	if( verbose != 0 )
				597	mbedtls_printf( "failed\n" );
				598
Jens Wiklander	817466c	2018-05-22 13:49:31 +0200	[diff] [blame]	599	exit:
				600	mbedtls_sha256_free( &ctx );
				601	mbedtls_free( buf );
				602
				603	return( ret );
				604	}
				605
				606	#endif /* MBEDTLS_SELF_TEST */
				607
				608	#endif /* MBEDTLS_SHA256_C */