TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_os / 8287cbcf8aef57bab94b81821008c8f7d48a5d34 / . / lib / libmbedtls / mbedtls / library / sha256.c
blob: bcdcb077be3e75e7c18b445d365843cec9a4f18f [file] [log] [blame]
Edison Aic6672fd2018-02-28 15:01:47 +0800[diff] [blame]1// SPDX-License-Identifier: Apache-2.0
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2/*
3 * FIPS-180-2 compliant SHA-256 implementation
4 *
5 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21/*
22 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
23 *
24 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
25 */
26
27#if !defined(MBEDTLS_CONFIG_FILE)
28#include "mbedtls/config.h"
29#else
30#include MBEDTLS_CONFIG_FILE
31#endif
32
33#if defined(MBEDTLS_SHA256_C)
34
35#include "mbedtls/sha256.h"
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]36#include "mbedtls/platform_util.h"
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]37
38#include <string.h>
39
40#if defined(MBEDTLS_SELF_TEST)
41#if defined(MBEDTLS_PLATFORM_C)
42#include "mbedtls/platform.h"
43#else
44#include <stdio.h>
45#include <stdlib.h>
46#define mbedtls_printf printf
47#define mbedtls_calloc calloc
48#define mbedtls_free free
49#endif /* MBEDTLS_PLATFORM_C */
50#endif /* MBEDTLS_SELF_TEST */
51
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]52#define SHA256_VALIDATE_RET(cond) \
53 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
54#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]55
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]56#if !defined(MBEDTLS_SHA256_ALT)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]57
58/*
59 * 32-bit integer manipulation macros (big endian)
60 */
61#ifndef GET_UINT32_BE
62#define GET_UINT32_BE(n,b,i) \
63do { \
64 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
65 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
66 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
67 | ( (uint32_t) (b)[(i) + 3] ); \
68} while( 0 )
69#endif
70
71#ifndef PUT_UINT32_BE
72#define PUT_UINT32_BE(n,b,i) \
73do { \
74 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
75 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
76 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
77 (b)[(i) + 3] = (unsigned char) ( (n) ); \
78} while( 0 )
79#endif
80
81void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
82{
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]83 SHA256_VALIDATE( ctx != NULL );
84
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]85 memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
86}
87
88void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
89{
90 if( ctx == NULL )
91 return;
92
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]93 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]94}
95
96void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
97 const mbedtls_sha256_context *src )
98{
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]99 SHA256_VALIDATE( dst != NULL );
100 SHA256_VALIDATE( src != NULL );
101
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]102 *dst = *src;
103}
104
105/*
106 * SHA-256 context setup
107 */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]108int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]109{
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]110 SHA256_VALIDATE_RET( ctx != NULL );
111 SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
112
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]113 ctx->total[0] = 0;
114 ctx->total[1] = 0;
115
116 if( is224 == 0 )
117 {
118 /* SHA-256 */
119 ctx->state[0] = 0x6A09E667;
120 ctx->state[1] = 0xBB67AE85;
121 ctx->state[2] = 0x3C6EF372;
122 ctx->state[3] = 0xA54FF53A;
123 ctx->state[4] = 0x510E527F;
124 ctx->state[5] = 0x9B05688C;
125 ctx->state[6] = 0x1F83D9AB;
126 ctx->state[7] = 0x5BE0CD19;
127 }
128 else
129 {
130 /* SHA-224 */
131 ctx->state[0] = 0xC1059ED8;
132 ctx->state[1] = 0x367CD507;
133 ctx->state[2] = 0x3070DD17;
134 ctx->state[3] = 0xF70E5939;
135 ctx->state[4] = 0xFFC00B31;
136 ctx->state[5] = 0x68581511;
137 ctx->state[6] = 0x64F98FA7;
138 ctx->state[7] = 0xBEFA4FA4;
139 }
140
141 ctx->is224 = is224;
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]142
143 return( 0 );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]144}
145
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]146#if !defined(MBEDTLS_DEPRECATED_REMOVED)
147void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
148 int is224 )
149{
150 mbedtls_sha256_starts_ret( ctx, is224 );
151}
152#endif
153
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]154#if !defined(MBEDTLS_SHA256_PROCESS_ALT)
155static const uint32_t K[] =
156{
157 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
158 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
159 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
160 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
161 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
162 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
163 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
164 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
165 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
166 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
167 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
168 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
169 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
170 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
171 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
172 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
173};
174
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]175#define SHR(x,n) (((x) & 0xFFFFFFFF) >> (n))
176#define ROTR(x,n) (SHR(x,n) | ((x) << (32 - (n))))
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]177
178#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
179#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
180
181#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
182#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
183
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]184#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
185#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]186
187#define R(t) \
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]188 ( \
189 W[t] = S1(W[(t) - 2]) + W[(t) - 7] + \
190 S0(W[(t) - 15]) + W[(t) - 16] \
191 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]192
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]193#define P(a,b,c,d,e,f,g,h,x,K) \
194 do \
195 { \
196 temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
197 temp2 = S2(a) + F0((a),(b),(c)); \
198 (d) += temp1; (h) = temp1 + temp2; \
199 } while( 0 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]200
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]201int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
202 const unsigned char data[64] )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]203{
204 uint32_t temp1, temp2, W[64];
205 uint32_t A[8];
206 unsigned int i;
207
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]208 SHA256_VALIDATE_RET( ctx != NULL );
209 SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
210
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]211 for( i = 0; i < 8; i++ )
212 A[i] = ctx->state[i];
213
214#if defined(MBEDTLS_SHA256_SMALLER)
215 for( i = 0; i < 64; i++ )
216 {
217 if( i < 16 )
218 GET_UINT32_BE( W[i], data, 4 * i );
219 else
220 R( i );
221
222 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] );
223
224 temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3];
225 A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1;
226 }
227#else /* MBEDTLS_SHA256_SMALLER */
228 for( i = 0; i < 16; i++ )
229 GET_UINT32_BE( W[i], data, 4 * i );
230
231 for( i = 0; i < 16; i += 8 )
232 {
233 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] );
234 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] );
235 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] );
236 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] );
237 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] );
238 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
239 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
240 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
241 }
242
243 for( i = 16; i < 64; i += 8 )
244 {
245 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] );
246 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] );
247 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] );
248 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] );
249 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] );
250 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
251 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
252 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
253 }
254#endif /* MBEDTLS_SHA256_SMALLER */
255
256 for( i = 0; i < 8; i++ )
257 ctx->state[i] += A[i];
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]258
259 return( 0 );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]260}
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]261
262#if !defined(MBEDTLS_DEPRECATED_REMOVED)
263void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
264 const unsigned char data[64] )
265{
266 mbedtls_internal_sha256_process( ctx, data );
267}
268#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]269#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
270
271/*
272 * SHA-256 process buffer
273 */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]274int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
275 const unsigned char *input,
276 size_t ilen )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]277{
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]278 int ret;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]279 size_t fill;
280 uint32_t left;
281
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]282 SHA256_VALIDATE_RET( ctx != NULL );
283 SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
284
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]285 if( ilen == 0 )
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]286 return( 0 );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]287
288 left = ctx->total[0] & 0x3F;
289 fill = 64 - left;
290
291 ctx->total[0] += (uint32_t) ilen;
292 ctx->total[0] &= 0xFFFFFFFF;
293
294 if( ctx->total[0] < (uint32_t) ilen )
295 ctx->total[1]++;
296
297 if( left && ilen >= fill )
298 {
299 memcpy( (void *) (ctx->buffer + left), input, fill );
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]300
301 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
302 return( ret );
303
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]304 input += fill;
305 ilen -= fill;
306 left = 0;
307 }
308
309 while( ilen >= 64 )
310 {
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]311 if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 )
312 return( ret );
313
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]314 input += 64;
315 ilen -= 64;
316 }
317
318 if( ilen > 0 )
319 memcpy( (void *) (ctx->buffer + left), input, ilen );
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]320
321 return( 0 );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]322}
323
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]324#if !defined(MBEDTLS_DEPRECATED_REMOVED)
325void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
326 const unsigned char *input,
327 size_t ilen )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]328{
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]329 mbedtls_sha256_update_ret( ctx, input, ilen );
330}
331#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]332
333/*
334 * SHA-256 final digest
335 */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]336int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
337 unsigned char output[32] )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]338{
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]339 int ret;
340 uint32_t used;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]341 uint32_t high, low;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]342
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]343 SHA256_VALIDATE_RET( ctx != NULL );
344 SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
345
346 /*
347 * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
348 */
349 used = ctx->total[0] & 0x3F;
350
351 ctx->buffer[used++] = 0x80;
352
353 if( used <= 56 )
354 {
355 /* Enough room for padding + length in current block */
356 memset( ctx->buffer + used, 0, 56 - used );
357 }
358 else
359 {
360 /* We'll need an extra block */
361 memset( ctx->buffer + used, 0, 64 - used );
362
363 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
364 return( ret );
365
366 memset( ctx->buffer, 0, 56 );
367 }
368
369 /*
370 * Add message length
371 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]372 high = ( ctx->total[0] >> 29 )
373 | ( ctx->total[1] << 3 );
374 low = ( ctx->total[0] << 3 );
375
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]376 PUT_UINT32_BE( high, ctx->buffer, 56 );
377 PUT_UINT32_BE( low, ctx->buffer, 60 );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]378
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]379 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
380 return( ret );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]381
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]382 /*
383 * Output final state
384 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]385 PUT_UINT32_BE( ctx->state[0], output, 0 );
386 PUT_UINT32_BE( ctx->state[1], output, 4 );
387 PUT_UINT32_BE( ctx->state[2], output, 8 );
388 PUT_UINT32_BE( ctx->state[3], output, 12 );
389 PUT_UINT32_BE( ctx->state[4], output, 16 );
390 PUT_UINT32_BE( ctx->state[5], output, 20 );
391 PUT_UINT32_BE( ctx->state[6], output, 24 );
392
393 if( ctx->is224 == 0 )
394 PUT_UINT32_BE( ctx->state[7], output, 28 );
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]395
396 return( 0 );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]397}
398
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]399#if !defined(MBEDTLS_DEPRECATED_REMOVED)
400void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
401 unsigned char output[32] )
402{
403 mbedtls_sha256_finish_ret( ctx, output );
404}
405#endif
406
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]407#endif /* !MBEDTLS_SHA256_ALT */
408
409/*
410 * output = SHA-256( input buffer )
411 */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]412int mbedtls_sha256_ret( const unsigned char *input,
413 size_t ilen,
414 unsigned char output[32],
415 int is224 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]416{
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]417 int ret;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]418 mbedtls_sha256_context ctx;
419
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]420 SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
421 SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
422 SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
423
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]424 mbedtls_sha256_init( &ctx );
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]425
426 if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )
427 goto exit;
428
429 if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 )
430 goto exit;
431
432 if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 )
433 goto exit;
434
435exit:
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]436 mbedtls_sha256_free( &ctx );
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]437
438 return( ret );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]439}
440
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]441#if !defined(MBEDTLS_DEPRECATED_REMOVED)
442void mbedtls_sha256( const unsigned char *input,
443 size_t ilen,
444 unsigned char output[32],
445 int is224 )
446{
447 mbedtls_sha256_ret( input, ilen, output, is224 );
448}
449#endif
450
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]451#if defined(MBEDTLS_SELF_TEST)
452/*
453 * FIPS-180-2 test vectors
454 */
455static const unsigned char sha256_test_buf[3][57] =
456{
457 { "abc" },
458 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
459 { "" }
460};
461
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]462static const size_t sha256_test_buflen[3] =
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]463{
464 3, 56, 1000
465};
466
467static const unsigned char sha256_test_sum[6][32] =
468{
469 /*
470 * SHA-224 test vectors
471 */
472 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
473 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
474 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
475 0xE3, 0x6C, 0x9D, 0xA7 },
476 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
477 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
478 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
479 0x52, 0x52, 0x25, 0x25 },
480 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
481 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
482 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
483 0x4E, 0xE7, 0xAD, 0x67 },
484
485 /*
486 * SHA-256 test vectors
487 */
488 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
489 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
490 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
491 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
492 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
493 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
494 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
495 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
496 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
497 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
498 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
499 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
500};
501
502/*
503 * Checkup routine
504 */
505int mbedtls_sha256_self_test( int verbose )
506{
507 int i, j, k, buflen, ret = 0;
508 unsigned char *buf;
509 unsigned char sha256sum[32];
510 mbedtls_sha256_context ctx;
511
512 buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
513 if( NULL == buf )
514 {
515 if( verbose != 0 )
516 mbedtls_printf( "Buffer allocation failed\n" );
517
518 return( 1 );
519 }
520
521 mbedtls_sha256_init( &ctx );
522
523 for( i = 0; i < 6; i++ )
524 {
525 j = i % 3;
526 k = i < 3;
527
528 if( verbose != 0 )
529 mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
530
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]531 if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 )
532 goto fail;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]533
534 if( j == 2 )
535 {
536 memset( buf, 'a', buflen = 1000 );
537
538 for( j = 0; j < 1000; j++ )
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]539 {
540 ret = mbedtls_sha256_update_ret( &ctx, buf, buflen );
541 if( ret != 0 )
542 goto fail;
543 }
544
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]545 }
546 else
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]547 {
548 ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j],
549 sha256_test_buflen[j] );
550 if( ret != 0 )
551 goto fail;
552 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]553
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]554 if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 )
555 goto fail;
556
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]557
558 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
559 {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]560 ret = 1;
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]561 goto fail;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]562 }
563
564 if( verbose != 0 )
565 mbedtls_printf( "passed\n" );
566 }
567
568 if( verbose != 0 )
569 mbedtls_printf( "\n" );
570
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]571 goto exit;
572
573fail:
574 if( verbose != 0 )
575 mbedtls_printf( "failed\n" );
576
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]577exit:
578 mbedtls_sha256_free( &ctx );
579 mbedtls_free( buf );
580
581 return( ret );
582}
583
584#endif /* MBEDTLS_SELF_TEST */
585
586#endif /* MBEDTLS_SHA256_C */