Blame - library/sha512.c - mirror/mbed-tls - TrustedFirmware Git Browser

blob: 86e28a9b95c02ba6a95ef75e602ba0fec0356c43 [file] [log] [blame]

Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1	/*
				2	* FIPS-180-2 compliant SHA-384/512 implementation
				3	*
Manuel Pégourié-Gonnard	a658a40	2015-01-23 09:45:19 +0000	[diff] [blame]	4	* Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	5	*
Manuel Pégourié-Gonnard	fe44643	2015-03-06 13:17:10 +0000	[diff] [blame]	6	* This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakker	b96f154	2010-07-18 20:36:00 +0000	[diff] [blame]	7	*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	8	* This program is free software; you can redistribute it and/or modify
				9	* it under the terms of the GNU General Public License as published by
				10	* the Free Software Foundation; either version 2 of the License, or
				11	* (at your option) any later version.
				12	*
				13	* This program is distributed in the hope that it will be useful,
				14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				16	* GNU General Public License for more details.
				17	*
				18	* You should have received a copy of the GNU General Public License along
				19	* with this program; if not, write to the Free Software Foundation, Inc.,
				20	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				21	*/
				22	/*
				23	* The SHA-512 Secure Hash Standard was published by NIST in 2002.
				24	*
				25	* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
				26	*/
				27
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	28	#if !defined(POLARSSL_CONFIG_FILE)
Manuel Pégourié-Gonnard	7f80997	2015-03-09 17:05:11 +0000	[diff] [blame]	29	#include "mbedtls/config.h"
Manuel Pégourié-Gonnard	cef4ad2	2014-04-29 12:39:06 +0200	[diff] [blame]	30	#else
				31	#include POLARSSL_CONFIG_FILE
				32	#endif
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	33
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	34	#if defined(POLARSSL_SHA512_C)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	35
Manuel Pégourié-Gonnard	7f80997	2015-03-09 17:05:11 +0000	[diff] [blame]	36	#include "mbedtls/sha512.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	37
Manuel Pégourié-Gonnard	1dd1674	2015-03-05 16:13:04 +0000	[diff] [blame]	38	#if defined(_MSC_VER) \|\| defined(__WATCOMC__)
				39	#define UL64(x) x##ui64
				40	#else
				41	#define UL64(x) x##ULL
				42	#endif
				43
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	44	#include <string.h>
				45
				46	#if defined(POLARSSL_FS_IO)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	47	#include <stdio.h>
Paul Bakker	335db3f	2011-04-25 15:28:35 +0000	[diff] [blame]	48	#endif
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	49
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	50	#if defined(POLARSSL_SELF_TEST)
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	51	#if defined(POLARSSL_PLATFORM_C)
Manuel Pégourié-Gonnard	7f80997	2015-03-09 17:05:11 +0000	[diff] [blame]	52	#include "mbedtls/platform.h"
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	53	#else
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	54	#include <stdio.h>
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	55	#define polarssl_printf printf
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	56	#endif /* POLARSSL_PLATFORM_C */
				57	#endif /* POLARSSL_SELF_TEST */
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	58
Paul Bakker	3461772	2014-06-13 17:20:13 +0200	[diff] [blame]	59	/* Implementation that should never be optimized out by the compiler */
				60	static void polarssl_zeroize( void *v, size_t n ) {
				61	volatile unsigned char p = v; while( n-- ) p++ = 0;
				62	}
				63
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	64	#if !defined(POLARSSL_SHA512_ALT)
Paul Bakker	90995b5	2013-06-24 19:20:35 +0200	[diff] [blame]	65
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	66	/*
				67	* 64-bit integer manipulation macros (big endian)
				68	*/
				69	#ifndef GET_UINT64_BE
				70	#define GET_UINT64_BE(n,b,i) \
				71	{ \
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	72	(n) = ( (uint64_t) (b)[(i) ] << 56 ) \
				73	\| ( (uint64_t) (b)[(i) + 1] << 48 ) \
				74	\| ( (uint64_t) (b)[(i) + 2] << 40 ) \
				75	\| ( (uint64_t) (b)[(i) + 3] << 32 ) \
				76	\| ( (uint64_t) (b)[(i) + 4] << 24 ) \
				77	\| ( (uint64_t) (b)[(i) + 5] << 16 ) \
				78	\| ( (uint64_t) (b)[(i) + 6] << 8 ) \
				79	\| ( (uint64_t) (b)[(i) + 7] ); \
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	80	}
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	81	#endif /* GET_UINT64_BE */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	82
				83	#ifndef PUT_UINT64_BE
				84	#define PUT_UINT64_BE(n,b,i) \
				85	{ \
				86	(b)[(i) ] = (unsigned char) ( (n) >> 56 ); \
				87	(b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \
				88	(b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \
				89	(b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \
				90	(b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \
				91	(b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \
				92	(b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \
				93	(b)[(i) + 7] = (unsigned char) ( (n) ); \
				94	}
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	95	#endif /* PUT_UINT64_BE */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	96
				97	/*
				98	* Round constants
				99	*/
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	100	static const uint64_t K[80] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	101	{
				102	UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
				103	UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
				104	UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
				105	UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
				106	UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
				107	UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
				108	UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
				109	UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
				110	UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
				111	UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
				112	UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
				113	UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
				114	UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
				115	UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
				116	UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
				117	UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
				118	UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
				119	UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
				120	UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
				121	UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
				122	UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
				123	UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
				124	UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
				125	UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
				126	UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
				127	UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
				128	UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
				129	UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
				130	UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
				131	UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
				132	UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
				133	UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
				134	UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
				135	UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
				136	UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
				137	UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
				138	UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
				139	UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
				140	UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
				141	UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
				142	};
				143
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	144	void sha512_init( sha512_context *ctx )
				145	{
				146	memset( ctx, 0, sizeof( sha512_context ) );
				147	}
				148
				149	void sha512_free( sha512_context *ctx )
				150	{
				151	if( ctx == NULL )
				152	return;
				153
				154	polarssl_zeroize( ctx, sizeof( sha512_context ) );
				155	}
				156
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	157	/*
				158	* SHA-512 context setup
				159	*/
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	160	void sha512_starts( sha512_context *ctx, int is384 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	161	{
				162	ctx->total[0] = 0;
				163	ctx->total[1] = 0;
				164
				165	if( is384 == 0 )
				166	{
				167	/* SHA-512 */
				168	ctx->state[0] = UL64(0x6A09E667F3BCC908);
				169	ctx->state[1] = UL64(0xBB67AE8584CAA73B);
				170	ctx->state[2] = UL64(0x3C6EF372FE94F82B);
				171	ctx->state[3] = UL64(0xA54FF53A5F1D36F1);
				172	ctx->state[4] = UL64(0x510E527FADE682D1);
				173	ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
				174	ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
				175	ctx->state[7] = UL64(0x5BE0CD19137E2179);
				176	}
				177	else
				178	{
				179	/* SHA-384 */
				180	ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
				181	ctx->state[1] = UL64(0x629A292A367CD507);
				182	ctx->state[2] = UL64(0x9159015A3070DD17);
				183	ctx->state[3] = UL64(0x152FECD8F70E5939);
				184	ctx->state[4] = UL64(0x67332667FFC00B31);
				185	ctx->state[5] = UL64(0x8EB44A8768581511);
				186	ctx->state[6] = UL64(0xDB0C2E0D64F98FA7);
				187	ctx->state[7] = UL64(0x47B5481DBEFA4FA4);
				188	}
				189
				190	ctx->is384 = is384;
				191	}
				192
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	193	void sha512_process( sha512_context *ctx, const unsigned char data[128] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	194	{
				195	int i;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	196	uint64_t temp1, temp2, W[80];
				197	uint64_t A, B, C, D, E, F, G, H;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	198
				199	#define SHR(x,n) (x >> n)
				200	#define ROTR(x,n) (SHR(x,n) \| (x << (64 - n)))
				201
				202	#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7))
				203	#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6))
				204
				205	#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
				206	#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
				207
				208	#define F0(x,y,z) ((x & y) \| (z & (x \| y)))
				209	#define F1(x,y,z) (z ^ (x & (y ^ z)))
				210
				211	#define P(a,b,c,d,e,f,g,h,x,K) \
				212	{ \
				213	temp1 = h + S3(e) + F1(e,f,g) + K + x; \
				214	temp2 = S2(a) + F0(a,b,c); \
				215	d += temp1; h = temp1 + temp2; \
				216	}
				217
				218	for( i = 0; i < 16; i++ )
				219	{
				220	GET_UINT64_BE( W[i], data, i << 3 );
				221	}
				222
				223	for( ; i < 80; i++ )
				224	{
				225	W[i] = S1(W[i - 2]) + W[i - 7] +
				226	S0(W[i - 15]) + W[i - 16];
				227	}
				228
				229	A = ctx->state[0];
				230	B = ctx->state[1];
				231	C = ctx->state[2];
				232	D = ctx->state[3];
				233	E = ctx->state[4];
				234	F = ctx->state[5];
				235	G = ctx->state[6];
				236	H = ctx->state[7];
				237	i = 0;
				238
				239	do
				240	{
				241	P( A, B, C, D, E, F, G, H, W[i], K[i] ); i++;
				242	P( H, A, B, C, D, E, F, G, W[i], K[i] ); i++;
				243	P( G, H, A, B, C, D, E, F, W[i], K[i] ); i++;
				244	P( F, G, H, A, B, C, D, E, W[i], K[i] ); i++;
				245	P( E, F, G, H, A, B, C, D, W[i], K[i] ); i++;
				246	P( D, E, F, G, H, A, B, C, W[i], K[i] ); i++;
				247	P( C, D, E, F, G, H, A, B, W[i], K[i] ); i++;
				248	P( B, C, D, E, F, G, H, A, W[i], K[i] ); i++;
				249	}
				250	while( i < 80 );
				251
				252	ctx->state[0] += A;
				253	ctx->state[1] += B;
				254	ctx->state[2] += C;
				255	ctx->state[3] += D;
				256	ctx->state[4] += E;
				257	ctx->state[5] += F;
				258	ctx->state[6] += G;
				259	ctx->state[7] += H;
				260	}
				261
				262	/*
				263	* SHA-512 process buffer
				264	*/
Paul Bakker	b9e4e2c	2014-05-01 14:18:25 +0200	[diff] [blame]	265	void sha512_update( sha512_context ctx, const unsigned char input,
				266	size_t ilen )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	267	{
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	268	size_t fill;
Paul Bakker	b8213a1	2011-07-11 08:16:18 +0000	[diff] [blame]	269	unsigned int left;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	270
Brian White	12895d1	2014-04-11 11:29:42 -0400	[diff] [blame]	271	if( ilen == 0 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	272	return;
				273
Paul Bakker	b8213a1	2011-07-11 08:16:18 +0000	[diff] [blame]	274	left = (unsigned int) (ctx->total[0] & 0x7F);
Paul Bakker	27fdf46	2011-06-09 13:55:13 +0000	[diff] [blame]	275	fill = 128 - left;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	276
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	277	ctx->total[0] += (uint64_t) ilen;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	278
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	279	if( ctx->total[0] < (uint64_t) ilen )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	280	ctx->total[1]++;
				281
				282	if( left && ilen >= fill )
				283	{
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	284	memcpy( (void *) (ctx->buffer + left), input, fill );
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	285	sha512_process( ctx, ctx->buffer );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	286	input += fill;
				287	ilen -= fill;
				288	left = 0;
				289	}
				290
				291	while( ilen >= 128 )
				292	{
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	293	sha512_process( ctx, input );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	294	input += 128;
				295	ilen -= 128;
				296	}
				297
				298	if( ilen > 0 )
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	299	memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	300	}
				301
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	302	static const unsigned char sha512_padding[128] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	303	{
				304	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
				305	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
				306	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
				307	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
				308	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
				309	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
				310	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
				311	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
				312	};
				313
				314	/*
				315	* SHA-512 final digest
				316	*/
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	317	void sha512_finish( sha512_context *ctx, unsigned char output[64] )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	318	{
Paul Bakker	27fdf46	2011-06-09 13:55:13 +0000	[diff] [blame]	319	size_t last, padn;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	320	uint64_t high, low;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	321	unsigned char msglen[16];
				322
				323	high = ( ctx->total[0] >> 61 )
				324	\| ( ctx->total[1] << 3 );
				325	low = ( ctx->total[0] << 3 );
				326
				327	PUT_UINT64_BE( high, msglen, 0 );
				328	PUT_UINT64_BE( low, msglen, 8 );
				329
Paul Bakker	27fdf46	2011-06-09 13:55:13 +0000	[diff] [blame]	330	last = (size_t)( ctx->total[0] & 0x7F );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	331	padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
				332
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	333	sha512_update( ctx, sha512_padding, padn );
				334	sha512_update( ctx, msglen, 16 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	335
				336	PUT_UINT64_BE( ctx->state[0], output, 0 );
				337	PUT_UINT64_BE( ctx->state[1], output, 8 );
				338	PUT_UINT64_BE( ctx->state[2], output, 16 );
				339	PUT_UINT64_BE( ctx->state[3], output, 24 );
				340	PUT_UINT64_BE( ctx->state[4], output, 32 );
				341	PUT_UINT64_BE( ctx->state[5], output, 40 );
				342
				343	if( ctx->is384 == 0 )
				344	{
				345	PUT_UINT64_BE( ctx->state[6], output, 48 );
				346	PUT_UINT64_BE( ctx->state[7], output, 56 );
				347	}
				348	}
				349
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	350	#endif /* !POLARSSL_SHA512_ALT */
Paul Bakker	90995b5	2013-06-24 19:20:35 +0200	[diff] [blame]	351
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	352	/*
				353	* output = SHA-512( input buffer )
				354	*/
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	355	void sha512( const unsigned char *input, size_t ilen,
				356	unsigned char output[64], int is384 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	357	{
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	358	sha512_context ctx;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	359
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	360	sha512_init( &ctx );
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	361	sha512_starts( &ctx, is384 );
				362	sha512_update( &ctx, input, ilen );
				363	sha512_finish( &ctx, output );
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	364	sha512_free( &ctx );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	365	}
				366
Paul Bakker	335db3f	2011-04-25 15:28:35 +0000	[diff] [blame]	367	#if defined(POLARSSL_FS_IO)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	368	/*
				369	* output = SHA-512( file contents )
				370	*/
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	371	int sha512_file( const char *path, unsigned char output[64], int is384 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	372	{
				373	FILE *f;
				374	size_t n;
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	375	sha512_context ctx;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	376	unsigned char buf[1024];
				377
				378	if( ( f = fopen( path, "rb" ) ) == NULL )
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	379	return( POLARSSL_ERR_SHA512_FILE_IO_ERROR );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	380
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	381	sha512_init( &ctx );
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	382	sha512_starts( &ctx, is384 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	383
				384	while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	385	sha512_update( &ctx, buf, n );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	386
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	387	sha512_finish( &ctx, output );
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	388	sha512_free( &ctx );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	389
				390	if( ferror( f ) != 0 )
				391	{
				392	fclose( f );
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	393	return( POLARSSL_ERR_SHA512_FILE_IO_ERROR );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	394	}
				395
				396	fclose( f );
				397	return( 0 );
				398	}
Paul Bakker	335db3f	2011-04-25 15:28:35 +0000	[diff] [blame]	399	#endif /* POLARSSL_FS_IO */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	400
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	401	#if defined(POLARSSL_SELF_TEST)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	402
				403	/*
				404	* FIPS-180-2 test vectors
				405	*/
Manuel Pégourié-Gonnard	28122e4	2015-03-11 09:13:42 +0000	[diff] [blame]	406	static const unsigned char sha512_test_buf[3][113] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	407	{
				408	{ "abc" },
				409	{ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
				410	"hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" },
				411	{ "" }
				412	};
				413
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	414	static const int sha512_test_buflen[3] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	415	{
				416	3, 112, 1000
				417	};
				418
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	419	static const unsigned char sha512_test_sum[6][64] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	420	{
				421	/*
				422	* SHA-384 test vectors
				423	*/
				424	{ 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
				425	0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
				426	0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
				427	0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED,
				428	0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23,
				429	0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7 },
				430	{ 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8,
				431	0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47,
				432	0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2,
				433	0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12,
				434	0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9,
				435	0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39 },
				436	{ 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB,
				437	0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C,
				438	0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52,
				439	0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B,
				440	0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB,
				441	0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 },
				442
				443	/*
				444	* SHA-512 test vectors
				445	*/
				446	{ 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA,
				447	0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31,
				448	0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
				449	0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A,
				450	0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8,
				451	0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
				452	0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E,
				453	0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F },
				454	{ 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA,
				455	0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F,
				456	0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1,
				457	0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18,
				458	0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4,
				459	0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A,
				460	0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54,
				461	0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09 },
				462	{ 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64,
				463	0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63,
				464	0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28,
				465	0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB,
				466	0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A,
				467	0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B,
				468	0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E,
				469	0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B }
				470	};
				471
				472	/*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	473	* Checkup routine
				474	*/
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	475	int sha512_self_test( int verbose )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	476	{
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	477	int i, j, k, buflen, ret = 0;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	478	unsigned char buf[1024];
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	479	unsigned char sha512sum[64];
				480	sha512_context ctx;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	481
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	482	sha512_init( &ctx );
				483
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	484	for( i = 0; i < 6; i++ )
				485	{
				486	j = i % 3;
				487	k = i < 3;
				488
				489	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	490	polarssl_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	491
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	492	sha512_starts( &ctx, k );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	493
				494	if( j == 2 )
				495	{
				496	memset( buf, 'a', buflen = 1000 );
				497
				498	for( j = 0; j < 1000; j++ )
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	499	sha512_update( &ctx, buf, buflen );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	500	}
				501	else
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	502	sha512_update( &ctx, sha512_test_buf[j],
				503	sha512_test_buflen[j] );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	504
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	505	sha512_finish( &ctx, sha512sum );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	506
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	507	if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	508	{
				509	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	510	polarssl_printf( "failed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	511
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	512	ret = 1;
				513	goto exit;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	514	}
				515
				516	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	517	polarssl_printf( "passed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	518	}
				519
				520	if( verbose != 0 )
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	521	polarssl_printf( "\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	522
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	523	exit:
				524	sha512_free( &ctx );
				525
				526	return( ret );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	527	}
				528
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	529	#endif /* POLARSSL_SELF_TEST */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	530
Paul Bakker	9af723c	2014-05-01 13:03:14 +0200	[diff] [blame]	531	#endif /* POLARSSL_SHA512_C */