TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_os / 50a57cfac89291d55a91078e8c6c4e7578494074 / . / lib / libmbedtls / mbedtls / library / sha256.c
blob: 8a540adfbedf1ffa8800399e2ad2ce0a08f13d9f [file] [log] [blame]
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1/*
2 * FIPS-180-2 compliant SHA-256 implementation
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]5 * SPDX-License-Identifier: Apache-2.0
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21/*
22 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
23 *
24 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
25 */
26
27#if !defined(MBEDTLS_CONFIG_FILE)
28#include "mbedtls/config.h"
29#else
30#include MBEDTLS_CONFIG_FILE
31#endif
32
33#if defined(MBEDTLS_SHA256_C)
34
35#include "mbedtls/sha256.h"
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]36#include "mbedtls/platform_util.h"
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]37
38#include <string.h>
39
40#if defined(MBEDTLS_SELF_TEST)
41#if defined(MBEDTLS_PLATFORM_C)
42#include "mbedtls/platform.h"
43#else
44#include <stdio.h>
45#include <stdlib.h>
46#define mbedtls_printf printf
47#define mbedtls_calloc calloc
48#define mbedtls_free free
49#endif /* MBEDTLS_PLATFORM_C */
50#endif /* MBEDTLS_SELF_TEST */
51
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]52#define SHA256_VALIDATE_RET(cond) \
53 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
54#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]55
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]56#if !defined(MBEDTLS_SHA256_ALT)
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]57
58/*
59 * 32-bit integer manipulation macros (big endian)
60 */
61#ifndef GET_UINT32_BE
62#define GET_UINT32_BE(n,b,i) \
63do { \
64 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
65 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
66 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
67 | ( (uint32_t) (b)[(i) + 3] ); \
68} while( 0 )
69#endif
70
71#ifndef PUT_UINT32_BE
72#define PUT_UINT32_BE(n,b,i) \
73do { \
74 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
75 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
76 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
77 (b)[(i) + 3] = (unsigned char) ( (n) ); \
78} while( 0 )
79#endif
80
81void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
82{
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]83 SHA256_VALIDATE( ctx != NULL );
84
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]85 memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
86}
87
88void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
89{
90 if( ctx == NULL )
91 return;
92
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]93 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]94}
95
96void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
97 const mbedtls_sha256_context *src )
98{
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]99 SHA256_VALIDATE( dst != NULL );
100 SHA256_VALIDATE( src != NULL );
101
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]102 *dst = *src;
103}
104
105/*
106 * SHA-256 context setup
107 */
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]108int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]109{
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]110 SHA256_VALIDATE_RET( ctx != NULL );
111 SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
112
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]113 ctx->total[0] = 0;
114 ctx->total[1] = 0;
115
116 if( is224 == 0 )
117 {
118 /* SHA-256 */
119 ctx->state[0] = 0x6A09E667;
120 ctx->state[1] = 0xBB67AE85;
121 ctx->state[2] = 0x3C6EF372;
122 ctx->state[3] = 0xA54FF53A;
123 ctx->state[4] = 0x510E527F;
124 ctx->state[5] = 0x9B05688C;
125 ctx->state[6] = 0x1F83D9AB;
126 ctx->state[7] = 0x5BE0CD19;
127 }
128 else
129 {
130 /* SHA-224 */
131 ctx->state[0] = 0xC1059ED8;
132 ctx->state[1] = 0x367CD507;
133 ctx->state[2] = 0x3070DD17;
134 ctx->state[3] = 0xF70E5939;
135 ctx->state[4] = 0xFFC00B31;
136 ctx->state[5] = 0x68581511;
137 ctx->state[6] = 0x64F98FA7;
138 ctx->state[7] = 0xBEFA4FA4;
139 }
140
141 ctx->is224 = is224;
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]142
143 return( 0 );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]144}
145
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]146#if !defined(MBEDTLS_DEPRECATED_REMOVED)
147void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
148 int is224 )
149{
150 mbedtls_sha256_starts_ret( ctx, is224 );
151}
152#endif
153
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]154#if !defined(MBEDTLS_SHA256_PROCESS_ALT)
155static const uint32_t K[] =
156{
157 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
158 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
159 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
160 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
161 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
162 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
163 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
164 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
165 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
166 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
167 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
168 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
169 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
170 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
171 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
172 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
173};
174
175#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
176#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
177
178#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
179#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
180
181#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
182#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
183
184#define F0(x,y,z) ((x & y) | (z & (x | y)))
185#define F1(x,y,z) (z ^ (x & (y ^ z)))
186
187#define R(t) \
188( \
189 W[t] = S1(W[t - 2]) + W[t - 7] + \
190 S0(W[t - 15]) + W[t - 16] \
191)
192
193#define P(a,b,c,d,e,f,g,h,x,K) \
194{ \
195 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
196 temp2 = S2(a) + F0(a,b,c); \
197 d += temp1; h = temp1 + temp2; \
198}
199
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]200int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
201 const unsigned char data[64] )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]202{
203 uint32_t temp1, temp2, W[64];
204 uint32_t A[8];
205 unsigned int i;
206
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]207 SHA256_VALIDATE_RET( ctx != NULL );
208 SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
209
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]210 for( i = 0; i < 8; i++ )
211 A[i] = ctx->state[i];
212
213#if defined(MBEDTLS_SHA256_SMALLER)
214 for( i = 0; i < 64; i++ )
215 {
216 if( i < 16 )
217 GET_UINT32_BE( W[i], data, 4 * i );
218 else
219 R( i );
220
221 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] );
222
223 temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3];
224 A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1;
225 }
226#else /* MBEDTLS_SHA256_SMALLER */
227 for( i = 0; i < 16; i++ )
228 GET_UINT32_BE( W[i], data, 4 * i );
229
230 for( i = 0; i < 16; i += 8 )
231 {
232 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] );
233 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] );
234 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] );
235 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] );
236 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] );
237 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
238 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
239 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
240 }
241
242 for( i = 16; i < 64; i += 8 )
243 {
244 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] );
245 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] );
246 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] );
247 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] );
248 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] );
249 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
250 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
251 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
252 }
253#endif /* MBEDTLS_SHA256_SMALLER */
254
255 for( i = 0; i < 8; i++ )
256 ctx->state[i] += A[i];
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]257
258 return( 0 );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]259}
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]260
261#if !defined(MBEDTLS_DEPRECATED_REMOVED)
262void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
263 const unsigned char data[64] )
264{
265 mbedtls_internal_sha256_process( ctx, data );
266}
267#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]268#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
269
270/*
271 * SHA-256 process buffer
272 */
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]273int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
274 const unsigned char *input,
275 size_t ilen )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]276{
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]277 int ret;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]278 size_t fill;
279 uint32_t left;
280
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]281 SHA256_VALIDATE_RET( ctx != NULL );
282 SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
283
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]284 if( ilen == 0 )
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]285 return( 0 );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]286
287 left = ctx->total[0] & 0x3F;
288 fill = 64 - left;
289
290 ctx->total[0] += (uint32_t) ilen;
291 ctx->total[0] &= 0xFFFFFFFF;
292
293 if( ctx->total[0] < (uint32_t) ilen )
294 ctx->total[1]++;
295
296 if( left && ilen >= fill )
297 {
298 memcpy( (void *) (ctx->buffer + left), input, fill );
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]299
300 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
301 return( ret );
302
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]303 input += fill;
304 ilen -= fill;
305 left = 0;
306 }
307
308 while( ilen >= 64 )
309 {
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]310 if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 )
311 return( ret );
312
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]313 input += 64;
314 ilen -= 64;
315 }
316
317 if( ilen > 0 )
318 memcpy( (void *) (ctx->buffer + left), input, ilen );
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]319
320 return( 0 );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]321}
322
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]323#if !defined(MBEDTLS_DEPRECATED_REMOVED)
324void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
325 const unsigned char *input,
326 size_t ilen )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]327{
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]328 mbedtls_sha256_update_ret( ctx, input, ilen );
329}
330#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]331
332/*
333 * SHA-256 final digest
334 */
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]335int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
336 unsigned char output[32] )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]337{
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]338 int ret;
339 uint32_t used;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]340 uint32_t high, low;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]341
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]342 SHA256_VALIDATE_RET( ctx != NULL );
343 SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
344
345 /*
346 * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
347 */
348 used = ctx->total[0] & 0x3F;
349
350 ctx->buffer[used++] = 0x80;
351
352 if( used <= 56 )
353 {
354 /* Enough room for padding + length in current block */
355 memset( ctx->buffer + used, 0, 56 - used );
356 }
357 else
358 {
359 /* We'll need an extra block */
360 memset( ctx->buffer + used, 0, 64 - used );
361
362 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
363 return( ret );
364
365 memset( ctx->buffer, 0, 56 );
366 }
367
368 /*
369 * Add message length
370 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]371 high = ( ctx->total[0] >> 29 )
372 | ( ctx->total[1] << 3 );
373 low = ( ctx->total[0] << 3 );
374
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]375 PUT_UINT32_BE( high, ctx->buffer, 56 );
376 PUT_UINT32_BE( low, ctx->buffer, 60 );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]377
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]378 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
379 return( ret );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]380
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]381 /*
382 * Output final state
383 */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]384 PUT_UINT32_BE( ctx->state[0], output, 0 );
385 PUT_UINT32_BE( ctx->state[1], output, 4 );
386 PUT_UINT32_BE( ctx->state[2], output, 8 );
387 PUT_UINT32_BE( ctx->state[3], output, 12 );
388 PUT_UINT32_BE( ctx->state[4], output, 16 );
389 PUT_UINT32_BE( ctx->state[5], output, 20 );
390 PUT_UINT32_BE( ctx->state[6], output, 24 );
391
392 if( ctx->is224 == 0 )
393 PUT_UINT32_BE( ctx->state[7], output, 28 );
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]394
395 return( 0 );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]396}
397
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]398#if !defined(MBEDTLS_DEPRECATED_REMOVED)
399void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
400 unsigned char output[32] )
401{
402 mbedtls_sha256_finish_ret( ctx, output );
403}
404#endif
405
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]406#endif /* !MBEDTLS_SHA256_ALT */
407
408/*
409 * output = SHA-256( input buffer )
410 */
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]411int mbedtls_sha256_ret( const unsigned char *input,
412 size_t ilen,
413 unsigned char output[32],
414 int is224 )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]415{
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]416 int ret;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]417 mbedtls_sha256_context ctx;
418
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]419 SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
420 SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
421 SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
422
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]423 mbedtls_sha256_init( &ctx );
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]424
425 if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )
426 goto exit;
427
428 if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 )
429 goto exit;
430
431 if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 )
432 goto exit;
433
434exit:
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]435 mbedtls_sha256_free( &ctx );
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]436
437 return( ret );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]438}
439
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]440#if !defined(MBEDTLS_DEPRECATED_REMOVED)
441void mbedtls_sha256( const unsigned char *input,
442 size_t ilen,
443 unsigned char output[32],
444 int is224 )
445{
446 mbedtls_sha256_ret( input, ilen, output, is224 );
447}
448#endif
449
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]450#if defined(MBEDTLS_SELF_TEST)
451/*
452 * FIPS-180-2 test vectors
453 */
454static const unsigned char sha256_test_buf[3][57] =
455{
456 { "abc" },
457 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
458 { "" }
459};
460
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]461static const size_t sha256_test_buflen[3] =
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]462{
463 3, 56, 1000
464};
465
466static const unsigned char sha256_test_sum[6][32] =
467{
468 /*
469 * SHA-224 test vectors
470 */
471 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
472 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
473 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
474 0xE3, 0x6C, 0x9D, 0xA7 },
475 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
476 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
477 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
478 0x52, 0x52, 0x25, 0x25 },
479 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
480 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
481 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
482 0x4E, 0xE7, 0xAD, 0x67 },
483
484 /*
485 * SHA-256 test vectors
486 */
487 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
488 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
489 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
490 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
491 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
492 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
493 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
494 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
495 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
496 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
497 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
498 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
499};
500
501/*
502 * Checkup routine
503 */
504int mbedtls_sha256_self_test( int verbose )
505{
506 int i, j, k, buflen, ret = 0;
507 unsigned char *buf;
508 unsigned char sha256sum[32];
509 mbedtls_sha256_context ctx;
510
511 buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
512 if( NULL == buf )
513 {
514 if( verbose != 0 )
515 mbedtls_printf( "Buffer allocation failed\n" );
516
517 return( 1 );
518 }
519
520 mbedtls_sha256_init( &ctx );
521
522 for( i = 0; i < 6; i++ )
523 {
524 j = i % 3;
525 k = i < 3;
526
527 if( verbose != 0 )
528 mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
529
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]530 if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 )
531 goto fail;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]532
533 if( j == 2 )
534 {
535 memset( buf, 'a', buflen = 1000 );
536
537 for( j = 0; j < 1000; j++ )
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]538 {
539 ret = mbedtls_sha256_update_ret( &ctx, buf, buflen );
540 if( ret != 0 )
541 goto fail;
542 }
543
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]544 }
545 else
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]546 {
547 ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j],
548 sha256_test_buflen[j] );
549 if( ret != 0 )
550 goto fail;
551 }
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]552
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]553 if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 )
554 goto fail;
555
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]556
557 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
558 {
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]559 ret = 1;
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]560 goto fail;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]561 }
562
563 if( verbose != 0 )
564 mbedtls_printf( "passed\n" );
565 }
566
567 if( verbose != 0 )
568 mbedtls_printf( "\n" );
569
Jens Wiklander50a57cf2019-03-13 10:41:54 +0100[diff] [blame^]570 goto exit;
571
572fail:
573 if( verbose != 0 )
574 mbedtls_printf( "failed\n" );
575
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]576exit:
577 mbedtls_sha256_free( &ctx );
578 mbedtls_free( buf );
579
580 return( ret );
581}
582
583#endif /* MBEDTLS_SELF_TEST */
584
585#endif /* MBEDTLS_SHA256_C */