TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_os / 11fa71b9ddb429088f325cfda430183003ccd1db / . / lib / libmbedtls / mbedtls / library / sha256.c
blob: d0142a9058d2662fc6ba5377aa98f9836962de12 [file] [log] [blame]
Edison Aic6672fd2018-02-28 15:01:47 +0800[diff] [blame]1// SPDX-License-Identifier: Apache-2.0
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2/*
3 * FIPS-180-2 compliant SHA-256 implementation
4 *
5 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21/*
22 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
23 *
24 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
25 */
26
27#if !defined(MBEDTLS_CONFIG_FILE)
28#include "mbedtls/config.h"
29#else
30#include MBEDTLS_CONFIG_FILE
31#endif
32
33#if defined(MBEDTLS_SHA256_C)
34
35#include "mbedtls/sha256.h"
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]36#include "mbedtls/platform_util.h"
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame^]37#include "mbedtls/error.h"
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]38
39#include <string.h>
40
41#if defined(MBEDTLS_SELF_TEST)
42#if defined(MBEDTLS_PLATFORM_C)
43#include "mbedtls/platform.h"
44#else
45#include <stdio.h>
46#include <stdlib.h>
47#define mbedtls_printf printf
48#define mbedtls_calloc calloc
49#define mbedtls_free free
50#endif /* MBEDTLS_PLATFORM_C */
51#endif /* MBEDTLS_SELF_TEST */
52
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]53#define SHA256_VALIDATE_RET(cond) \
54 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
55#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]56
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]57#if !defined(MBEDTLS_SHA256_ALT)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]58
59/*
60 * 32-bit integer manipulation macros (big endian)
61 */
62#ifndef GET_UINT32_BE
63#define GET_UINT32_BE(n,b,i) \
64do { \
65 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
66 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
67 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
68 | ( (uint32_t) (b)[(i) + 3] ); \
69} while( 0 )
70#endif
71
72#ifndef PUT_UINT32_BE
73#define PUT_UINT32_BE(n,b,i) \
74do { \
75 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
76 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
77 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
78 (b)[(i) + 3] = (unsigned char) ( (n) ); \
79} while( 0 )
80#endif
81
82void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
83{
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]84 SHA256_VALIDATE( ctx != NULL );
85
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]86 memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
87}
88
89void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
90{
91 if( ctx == NULL )
92 return;
93
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]94 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]95}
96
97void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
98 const mbedtls_sha256_context *src )
99{
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]100 SHA256_VALIDATE( dst != NULL );
101 SHA256_VALIDATE( src != NULL );
102
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]103 *dst = *src;
104}
105
106/*
107 * SHA-256 context setup
108 */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]109int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]110{
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]111 SHA256_VALIDATE_RET( ctx != NULL );
112 SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
113
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]114 ctx->total[0] = 0;
115 ctx->total[1] = 0;
116
117 if( is224 == 0 )
118 {
119 /* SHA-256 */
120 ctx->state[0] = 0x6A09E667;
121 ctx->state[1] = 0xBB67AE85;
122 ctx->state[2] = 0x3C6EF372;
123 ctx->state[3] = 0xA54FF53A;
124 ctx->state[4] = 0x510E527F;
125 ctx->state[5] = 0x9B05688C;
126 ctx->state[6] = 0x1F83D9AB;
127 ctx->state[7] = 0x5BE0CD19;
128 }
129 else
130 {
131 /* SHA-224 */
132 ctx->state[0] = 0xC1059ED8;
133 ctx->state[1] = 0x367CD507;
134 ctx->state[2] = 0x3070DD17;
135 ctx->state[3] = 0xF70E5939;
136 ctx->state[4] = 0xFFC00B31;
137 ctx->state[5] = 0x68581511;
138 ctx->state[6] = 0x64F98FA7;
139 ctx->state[7] = 0xBEFA4FA4;
140 }
141
142 ctx->is224 = is224;
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]143
144 return( 0 );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]145}
146
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]147#if !defined(MBEDTLS_DEPRECATED_REMOVED)
148void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
149 int is224 )
150{
151 mbedtls_sha256_starts_ret( ctx, is224 );
152}
153#endif
154
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]155#if !defined(MBEDTLS_SHA256_PROCESS_ALT)
156static const uint32_t K[] =
157{
158 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
159 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
160 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
161 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
162 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
163 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
164 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
165 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
166 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
167 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
168 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
169 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
170 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
171 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
172 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
173 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
174};
175
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]176#define SHR(x,n) (((x) & 0xFFFFFFFF) >> (n))
177#define ROTR(x,n) (SHR(x,n) | ((x) << (32 - (n))))
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]178
179#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
180#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
181
182#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
183#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
184
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]185#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
186#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]187
188#define R(t) \
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]189 ( \
190 W[t] = S1(W[(t) - 2]) + W[(t) - 7] + \
191 S0(W[(t) - 15]) + W[(t) - 16] \
192 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]193
Jerome Forissier5b25c762020-04-07 11:18:49 +0200[diff] [blame]194#define P(a,b,c,d,e,f,g,h,x,K) \
195 do \
196 { \
197 temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
198 temp2 = S2(a) + F0((a),(b),(c)); \
199 (d) += temp1; (h) = temp1 + temp2; \
200 } while( 0 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]201
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]202int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
203 const unsigned char data[64] )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]204{
205 uint32_t temp1, temp2, W[64];
206 uint32_t A[8];
207 unsigned int i;
208
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]209 SHA256_VALIDATE_RET( ctx != NULL );
210 SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
211
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]212 for( i = 0; i < 8; i++ )
213 A[i] = ctx->state[i];
214
215#if defined(MBEDTLS_SHA256_SMALLER)
216 for( i = 0; i < 64; i++ )
217 {
218 if( i < 16 )
219 GET_UINT32_BE( W[i], data, 4 * i );
220 else
221 R( i );
222
223 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] );
224
225 temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3];
226 A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1;
227 }
228#else /* MBEDTLS_SHA256_SMALLER */
229 for( i = 0; i < 16; i++ )
230 GET_UINT32_BE( W[i], data, 4 * i );
231
232 for( i = 0; i < 16; i += 8 )
233 {
234 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] );
235 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] );
236 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] );
237 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] );
238 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] );
239 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
240 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
241 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
242 }
243
244 for( i = 16; i < 64; i += 8 )
245 {
246 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] );
247 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] );
248 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] );
249 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] );
250 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] );
251 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
252 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
253 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
254 }
255#endif /* MBEDTLS_SHA256_SMALLER */
256
257 for( i = 0; i < 8; i++ )
258 ctx->state[i] += A[i];
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]259
260 return( 0 );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]261}
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]262
263#if !defined(MBEDTLS_DEPRECATED_REMOVED)
264void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
265 const unsigned char data[64] )
266{
267 mbedtls_internal_sha256_process( ctx, data );
268}
269#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]270#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
271
272/*
273 * SHA-256 process buffer
274 */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]275int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
276 const unsigned char *input,
277 size_t ilen )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]278{
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame^]279 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]280 size_t fill;
281 uint32_t left;
282
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]283 SHA256_VALIDATE_RET( ctx != NULL );
284 SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
285
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]286 if( ilen == 0 )
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]287 return( 0 );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]288
289 left = ctx->total[0] & 0x3F;
290 fill = 64 - left;
291
292 ctx->total[0] += (uint32_t) ilen;
293 ctx->total[0] &= 0xFFFFFFFF;
294
295 if( ctx->total[0] < (uint32_t) ilen )
296 ctx->total[1]++;
297
298 if( left && ilen >= fill )
299 {
300 memcpy( (void *) (ctx->buffer + left), input, fill );
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]301
302 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
303 return( ret );
304
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]305 input += fill;
306 ilen -= fill;
307 left = 0;
308 }
309
310 while( ilen >= 64 )
311 {
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]312 if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 )
313 return( ret );
314
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]315 input += 64;
316 ilen -= 64;
317 }
318
319 if( ilen > 0 )
320 memcpy( (void *) (ctx->buffer + left), input, ilen );
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]321
322 return( 0 );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]323}
324
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]325#if !defined(MBEDTLS_DEPRECATED_REMOVED)
326void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
327 const unsigned char *input,
328 size_t ilen )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]329{
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]330 mbedtls_sha256_update_ret( ctx, input, ilen );
331}
332#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]333
334/*
335 * SHA-256 final digest
336 */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]337int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
338 unsigned char output[32] )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]339{
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame^]340 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]341 uint32_t used;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]342 uint32_t high, low;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]343
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]344 SHA256_VALIDATE_RET( ctx != NULL );
345 SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
346
347 /*
348 * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
349 */
350 used = ctx->total[0] & 0x3F;
351
352 ctx->buffer[used++] = 0x80;
353
354 if( used <= 56 )
355 {
356 /* Enough room for padding + length in current block */
357 memset( ctx->buffer + used, 0, 56 - used );
358 }
359 else
360 {
361 /* We'll need an extra block */
362 memset( ctx->buffer + used, 0, 64 - used );
363
364 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
365 return( ret );
366
367 memset( ctx->buffer, 0, 56 );
368 }
369
370 /*
371 * Add message length
372 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]373 high = ( ctx->total[0] >> 29 )
374 | ( ctx->total[1] << 3 );
375 low = ( ctx->total[0] << 3 );
376
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]377 PUT_UINT32_BE( high, ctx->buffer, 56 );
378 PUT_UINT32_BE( low, ctx->buffer, 60 );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]379
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]380 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
381 return( ret );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]382
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]383 /*
384 * Output final state
385 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]386 PUT_UINT32_BE( ctx->state[0], output, 0 );
387 PUT_UINT32_BE( ctx->state[1], output, 4 );
388 PUT_UINT32_BE( ctx->state[2], output, 8 );
389 PUT_UINT32_BE( ctx->state[3], output, 12 );
390 PUT_UINT32_BE( ctx->state[4], output, 16 );
391 PUT_UINT32_BE( ctx->state[5], output, 20 );
392 PUT_UINT32_BE( ctx->state[6], output, 24 );
393
394 if( ctx->is224 == 0 )
395 PUT_UINT32_BE( ctx->state[7], output, 28 );
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]396
397 return( 0 );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]398}
399
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]400#if !defined(MBEDTLS_DEPRECATED_REMOVED)
401void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
402 unsigned char output[32] )
403{
404 mbedtls_sha256_finish_ret( ctx, output );
405}
406#endif
407
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]408#endif /* !MBEDTLS_SHA256_ALT */
409
410/*
411 * output = SHA-256( input buffer )
412 */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]413int mbedtls_sha256_ret( const unsigned char *input,
414 size_t ilen,
415 unsigned char output[32],
416 int is224 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]417{
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame^]418 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]419 mbedtls_sha256_context ctx;
420
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]421 SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
422 SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
423 SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
424
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]425 mbedtls_sha256_init( &ctx );
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]426
427 if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )
428 goto exit;
429
430 if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 )
431 goto exit;
432
433 if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 )
434 goto exit;
435
436exit:
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]437 mbedtls_sha256_free( &ctx );
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]438
439 return( ret );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]440}
441
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]442#if !defined(MBEDTLS_DEPRECATED_REMOVED)
443void mbedtls_sha256( const unsigned char *input,
444 size_t ilen,
445 unsigned char output[32],
446 int is224 )
447{
448 mbedtls_sha256_ret( input, ilen, output, is224 );
449}
450#endif
451
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]452#if defined(MBEDTLS_SELF_TEST)
453/*
454 * FIPS-180-2 test vectors
455 */
456static const unsigned char sha256_test_buf[3][57] =
457{
458 { "abc" },
459 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
460 { "" }
461};
462
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]463static const size_t sha256_test_buflen[3] =
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]464{
465 3, 56, 1000
466};
467
468static const unsigned char sha256_test_sum[6][32] =
469{
470 /*
471 * SHA-224 test vectors
472 */
473 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
474 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
475 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
476 0xE3, 0x6C, 0x9D, 0xA7 },
477 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
478 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
479 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
480 0x52, 0x52, 0x25, 0x25 },
481 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
482 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
483 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
484 0x4E, 0xE7, 0xAD, 0x67 },
485
486 /*
487 * SHA-256 test vectors
488 */
489 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
490 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
491 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
492 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
493 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
494 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
495 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
496 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
497 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
498 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
499 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
500 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
501};
502
503/*
504 * Checkup routine
505 */
506int mbedtls_sha256_self_test( int verbose )
507{
508 int i, j, k, buflen, ret = 0;
509 unsigned char *buf;
510 unsigned char sha256sum[32];
511 mbedtls_sha256_context ctx;
512
513 buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
514 if( NULL == buf )
515 {
516 if( verbose != 0 )
517 mbedtls_printf( "Buffer allocation failed\n" );
518
519 return( 1 );
520 }
521
522 mbedtls_sha256_init( &ctx );
523
524 for( i = 0; i < 6; i++ )
525 {
526 j = i % 3;
527 k = i < 3;
528
529 if( verbose != 0 )
530 mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
531
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]532 if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 )
533 goto fail;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]534
535 if( j == 2 )
536 {
537 memset( buf, 'a', buflen = 1000 );
538
539 for( j = 0; j < 1000; j++ )
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]540 {
541 ret = mbedtls_sha256_update_ret( &ctx, buf, buflen );
542 if( ret != 0 )
543 goto fail;
544 }
545
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]546 }
547 else
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]548 {
549 ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j],
550 sha256_test_buflen[j] );
551 if( ret != 0 )
552 goto fail;
553 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]554
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]555 if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 )
556 goto fail;
557
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]558
559 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
560 {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]561 ret = 1;
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]562 goto fail;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]563 }
564
565 if( verbose != 0 )
566 mbedtls_printf( "passed\n" );
567 }
568
569 if( verbose != 0 )
570 mbedtls_printf( "\n" );
571
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]572 goto exit;
573
574fail:
575 if( verbose != 0 )
576 mbedtls_printf( "failed\n" );
577
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]578exit:
579 mbedtls_sha256_free( &ctx );
580 mbedtls_free( buf );
581
582 return( ret );
583}
584
585#endif /* MBEDTLS_SELF_TEST */
586
587#endif /* MBEDTLS_SHA256_C */