Blame - library/sha256.c - mirror/mbed-tls - TrustedFirmware Git Browser

blob: f548c672ea726af62b6223df0eebc45af4307a30 [file] [log] [blame]

Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1	/*
				2	* FIPS-180-2 compliant SHA-256 implementation
				3	*
Bence Szépkúti	1e14827	2020-08-07 13:07:28 +0200	[diff] [blame]	4	* Copyright The Mbed TLS Contributors
Manuel Pégourié-Gonnard	37ff140	2015-09-04 14:21:07 +0200	[diff] [blame]	5	* SPDX-License-Identifier: Apache-2.0
				6	*
				7	* Licensed under the Apache License, Version 2.0 (the "License"); you may
				8	* not use this file except in compliance with the License.
				9	* You may obtain a copy of the License at
				10	*
				11	* http://www.apache.org/licenses/LICENSE-2.0
				12	*
				13	* Unless required by applicable law or agreed to in writing, software
				14	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				15	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				16	* See the License for the specific language governing permissions and
				17	* limitations under the License.
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	18	*/
				19	/*
				20	* The SHA-256 Secure Hash Standard was published by NIST in 2002.
				21	*
				22	* http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
				23	*/
				24
Gilles Peskine	db09ef6	2020-06-03 01:43:33 +0200	[diff] [blame]	25	#include "common.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	26
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	27	#if defined(MBEDTLS_SHA256_C)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	28
Manuel Pégourié-Gonnard	7f80997	2015-03-09 17:05:11 +0000	[diff] [blame]	29	#include "mbedtls/sha256.h"
Andres Amaya Garcia	1f6301b	2018-04-17 09:51:09 -0500	[diff] [blame]	30	#include "mbedtls/platform_util.h"
Janos Follath	24eed8d	2019-11-22 13:21:35 +0000	[diff] [blame]	31	#include "mbedtls/error.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	32
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	33	#include <string.h>
				34
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	35	#if defined(MBEDTLS_SELF_TEST)
				36	#if defined(MBEDTLS_PLATFORM_C)
Manuel Pégourié-Gonnard	7f80997	2015-03-09 17:05:11 +0000	[diff] [blame]	37	#include "mbedtls/platform.h"
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	38	#else
Rich Evans	00ab470	2015-02-06 13:43:58 +0000	[diff] [blame]	39	#include <stdio.h>
Russ Butler	bb83b42	2016-10-12 17:36:50 -0500	[diff] [blame]	40	#include <stdlib.h>
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	41	#define mbedtls_printf printf
Russ Butler	bb83b42	2016-10-12 17:36:50 -0500	[diff] [blame]	42	#define mbedtls_calloc calloc
				43	#define mbedtls_free free
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	44	#endif /* MBEDTLS_PLATFORM_C */
				45	#endif /* MBEDTLS_SELF_TEST */
Paul Bakker	7dc4c44	2014-02-01 22:50:26 +0100	[diff] [blame]	46
Hanno Becker	2f6de42	2018-12-20 10:22:32 +0000	[diff] [blame]	47	#define SHA256_VALIDATE_RET(cond) \
				48	MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
				49	#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
				50
Manuel Pégourié-Gonnard	8b2641d	2015-08-27 20:03:46 +0200	[diff] [blame]	51	#if !defined(MBEDTLS_SHA256_ALT)
				52
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	53	void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	54	{
Hanno Becker	8d215e7	2018-12-18 17:53:21 +0000	[diff] [blame]	55	SHA256_VALIDATE( ctx != NULL );
Andres Amaya Garcia	79e593f	2018-12-09 20:41:20 +0000	[diff] [blame]	56
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	57	memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	58	}
				59
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	60	void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	61	{
				62	if( ctx == NULL )
				63	return;
				64
Andres Amaya Garcia	1f6301b	2018-04-17 09:51:09 -0500	[diff] [blame]	65	mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	66	}
				67
Manuel Pégourié-Gonnard	16d412f	2015-07-06 15:26:26 +0200	[diff] [blame]	68	void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
				69	const mbedtls_sha256_context *src )
				70	{
Hanno Becker	8d215e7	2018-12-18 17:53:21 +0000	[diff] [blame]	71	SHA256_VALIDATE( dst != NULL );
				72	SHA256_VALIDATE( src != NULL );
Andres Amaya Garcia	79e593f	2018-12-09 20:41:20 +0000	[diff] [blame]	73
Manuel Pégourié-Gonnard	16d412f	2015-07-06 15:26:26 +0200	[diff] [blame]	74	dst = src;
				75	}
				76
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	77	/*
				78	* SHA-256 context setup
				79	*/
TRodziewicz	26371e4	2021-06-08 16:45:41 +0200	[diff] [blame]	80	int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	81	{
Hanno Becker	8d215e7	2018-12-18 17:53:21 +0000	[diff] [blame]	82	SHA256_VALIDATE_RET( ctx != NULL );
Andres Amaya Garcia	79e593f	2018-12-09 20:41:20 +0000	[diff] [blame]	83
Mateusz Starzyk	e3c48b4	2021-04-19 16:46:28 +0200	[diff] [blame]	84	#if defined(MBEDTLS_SHA224_C)
				85	SHA256_VALIDATE_RET( is224 == 0 \|\| is224 == 1 );
				86	#else
				87	SHA256_VALIDATE_RET( is224 == 0 );
				88	#endif
				89
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	90	ctx->total[0] = 0;
				91	ctx->total[1] = 0;
				92
				93	if( is224 == 0 )
				94	{
				95	/* SHA-256 */
				96	ctx->state[0] = 0x6A09E667;
				97	ctx->state[1] = 0xBB67AE85;
				98	ctx->state[2] = 0x3C6EF372;
				99	ctx->state[3] = 0xA54FF53A;
				100	ctx->state[4] = 0x510E527F;
				101	ctx->state[5] = 0x9B05688C;
				102	ctx->state[6] = 0x1F83D9AB;
				103	ctx->state[7] = 0x5BE0CD19;
				104	}
				105	else
				106	{
Mateusz Starzyk	e3c48b4	2021-04-19 16:46:28 +0200	[diff] [blame]	107	#if defined(MBEDTLS_SHA224_C)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	108	/* SHA-224 */
				109	ctx->state[0] = 0xC1059ED8;
				110	ctx->state[1] = 0x367CD507;
				111	ctx->state[2] = 0x3070DD17;
				112	ctx->state[3] = 0xF70E5939;
				113	ctx->state[4] = 0xFFC00B31;
				114	ctx->state[5] = 0x68581511;
				115	ctx->state[6] = 0x64F98FA7;
				116	ctx->state[7] = 0xBEFA4FA4;
Mateusz Starzyk	e3c48b4	2021-04-19 16:46:28 +0200	[diff] [blame]	117	#endif
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	118	}
				119
				120	ctx->is224 = is224;
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	121
				122	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	123	}
				124
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	125	#if !defined(MBEDTLS_SHA256_PROCESS_ALT)
Manuel Pégourié-Gonnard	a7a3a5f	2015-05-28 12:14:49 +0200	[diff] [blame]	126	static const uint32_t K[] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	127	{
Manuel Pégourié-Gonnard	a7a3a5f	2015-05-28 12:14:49 +0200	[diff] [blame]	128	0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
				129	0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
				130	0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
				131	0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
				132	0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
				133	0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
				134	0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
				135	0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
				136	0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
				137	0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
				138	0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
				139	0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
				140	0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
				141	0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
				142	0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
				143	0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
				144	};
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	145
Hanno Becker	1eeca41	2018-10-15 12:01:35 +0100	[diff] [blame]	146	#define SHR(x,n) (((x) & 0xFFFFFFFF) >> (n))
				147	#define ROTR(x,n) (SHR(x,n) \| ((x) << (32 - (n))))
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	148
				149	#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
				150	#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
				151
				152	#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
				153	#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
				154
Hanno Becker	1eeca41	2018-10-15 12:01:35 +0100	[diff] [blame]	155	#define F0(x,y,z) (((x) & (y)) \| ((z) & ((x) \| (y))))
				156	#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	157
gabor-mezei-arm	4cb56f8	2020-08-25 19:12:01 +0200	[diff] [blame]	158	#define R(t) \
				159	( \
				160	local.W[t] = S1(local.W[(t) - 2]) + local.W[(t) - 7] + \
				161	S0(local.W[(t) - 15]) + local.W[(t) - 16] \
Hanno Becker	1eeca41	2018-10-15 12:01:35 +0100	[diff] [blame]	162	)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	163
gabor-mezei-arm	4cb56f8	2020-08-25 19:12:01 +0200	[diff] [blame]	164	#define P(a,b,c,d,e,f,g,h,x,K) \
				165	do \
				166	{ \
				167	local.temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
				168	local.temp2 = S2(a) + F0((a),(b),(c)); \
				169	(d) += local.temp1; (h) = local.temp1 + local.temp2; \
Hanno Becker	1eeca41	2018-10-15 12:01:35 +0100	[diff] [blame]	170	} while( 0 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	171
Andres Amaya Garcia	cccfe08	2017-06-28 10:36:39 +0100	[diff] [blame]	172	int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	173	const unsigned char data[64] )
Manuel Pégourié-Gonnard	a7a3a5f	2015-05-28 12:14:49 +0200	[diff] [blame]	174	{
gabor-mezei-arm	4cb56f8	2020-08-25 19:12:01 +0200	[diff] [blame]	175	struct
				176	{
				177	uint32_t temp1, temp2, W[64];
				178	uint32_t A[8];
				179	} local;
				180
Manuel Pégourié-Gonnard	a7a3a5f	2015-05-28 12:14:49 +0200	[diff] [blame]	181	unsigned int i;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	182
Hanno Becker	8d215e7	2018-12-18 17:53:21 +0000	[diff] [blame]	183	SHA256_VALIDATE_RET( ctx != NULL );
				184	SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
Andres Amaya Garcia	79e593f	2018-12-09 20:41:20 +0000	[diff] [blame]	185
Manuel Pégourié-Gonnard	a7a3a5f	2015-05-28 12:14:49 +0200	[diff] [blame]	186	for( i = 0; i < 8; i++ )
gabor-mezei-arm	4cb56f8	2020-08-25 19:12:01 +0200	[diff] [blame]	187	local.A[i] = ctx->state[i];
Manuel Pégourié-Gonnard	a7a3a5f	2015-05-28 12:14:49 +0200	[diff] [blame]	188
Manuel Pégourié-Gonnard	eb0d870	2015-05-28 12:54:04 +0200	[diff] [blame]	189	#if defined(MBEDTLS_SHA256_SMALLER)
				190	for( i = 0; i < 64; i++ )
				191	{
				192	if( i < 16 )
gabor-mezei-arm	4cb56f8	2020-08-25 19:12:01 +0200	[diff] [blame]	193	GET_UINT32_BE( local.W[i], data, 4 * i );
Manuel Pégourié-Gonnard	eb0d870	2015-05-28 12:54:04 +0200	[diff] [blame]	194	else
				195	R( i );
				196
gabor-mezei-arm	4cb56f8	2020-08-25 19:12:01 +0200	[diff] [blame]	197	P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
				198	local.A[5], local.A[6], local.A[7], local.W[i], K[i] );
Manuel Pégourié-Gonnard	eb0d870	2015-05-28 12:54:04 +0200	[diff] [blame]	199
gabor-mezei-arm	4cb56f8	2020-08-25 19:12:01 +0200	[diff] [blame]	200	local.temp1 = local.A[7]; local.A[7] = local.A[6];
				201	local.A[6] = local.A[5]; local.A[5] = local.A[4];
				202	local.A[4] = local.A[3]; local.A[3] = local.A[2];
				203	local.A[2] = local.A[1]; local.A[1] = local.A[0];
				204	local.A[0] = local.temp1;
Manuel Pégourié-Gonnard	eb0d870	2015-05-28 12:54:04 +0200	[diff] [blame]	205	}
				206	#else /* MBEDTLS_SHA256_SMALLER */
				207	for( i = 0; i < 16; i++ )
gabor-mezei-arm	4cb56f8	2020-08-25 19:12:01 +0200	[diff] [blame]	208	GET_UINT32_BE( local.W[i], data, 4 * i );
Manuel Pégourié-Gonnard	eb0d870	2015-05-28 12:54:04 +0200	[diff] [blame]	209
Manuel Pégourié-Gonnard	a7a3a5f	2015-05-28 12:14:49 +0200	[diff] [blame]	210	for( i = 0; i < 16; i += 8 )
				211	{
gabor-mezei-arm	4cb56f8	2020-08-25 19:12:01 +0200	[diff] [blame]	212	P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
				213	local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0] );
				214	P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
				215	local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1] );
				216	P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
				217	local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2] );
				218	P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
				219	local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3] );
				220	P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
				221	local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4] );
				222	P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
				223	local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5] );
				224	P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
				225	local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6] );
				226	P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
				227	local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7] );
Manuel Pégourié-Gonnard	a7a3a5f	2015-05-28 12:14:49 +0200	[diff] [blame]	228	}
				229
				230	for( i = 16; i < 64; i += 8 )
				231	{
gabor-mezei-arm	4cb56f8	2020-08-25 19:12:01 +0200	[diff] [blame]	232	P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
				233	local.A[5], local.A[6], local.A[7], R(i+0), K[i+0] );
				234	P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
				235	local.A[4], local.A[5], local.A[6], R(i+1), K[i+1] );
				236	P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
				237	local.A[3], local.A[4], local.A[5], R(i+2), K[i+2] );
				238	P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
				239	local.A[2], local.A[3], local.A[4], R(i+3), K[i+3] );
				240	P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
				241	local.A[1], local.A[2], local.A[3], R(i+4), K[i+4] );
				242	P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
				243	local.A[0], local.A[1], local.A[2], R(i+5), K[i+5] );
				244	P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
				245	local.A[7], local.A[0], local.A[1], R(i+6), K[i+6] );
				246	P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
				247	local.A[6], local.A[7], local.A[0], R(i+7), K[i+7] );
Manuel Pégourié-Gonnard	a7a3a5f	2015-05-28 12:14:49 +0200	[diff] [blame]	248	}
Manuel Pégourié-Gonnard	eb0d870	2015-05-28 12:54:04 +0200	[diff] [blame]	249	#endif /* MBEDTLS_SHA256_SMALLER */
Manuel Pégourié-Gonnard	a7a3a5f	2015-05-28 12:14:49 +0200	[diff] [blame]	250
				251	for( i = 0; i < 8; i++ )
gabor-mezei-arm	4cb56f8	2020-08-25 19:12:01 +0200	[diff] [blame]	252	ctx->state[i] += local.A[i];
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	253
gabor-mezei-arm	76749ae	2020-07-30 16:41:25 +0200	[diff] [blame]	254	/* Zeroise buffers and variables to clear sensitive data from memory. */
gabor-mezei-arm	4cb56f8	2020-08-25 19:12:01 +0200	[diff] [blame]	255	mbedtls_platform_zeroize( &local, sizeof( local ) );
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	256
				257	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	258	}
Jaeden Amero	041039f	2018-02-19 15:28:08 +0000	[diff] [blame]	259
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	260	#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	261
				262	/*
				263	* SHA-256 process buffer
				264	*/
TRodziewicz	26371e4	2021-06-08 16:45:41 +0200	[diff] [blame]	265	int mbedtls_sha256_update( mbedtls_sha256_context *ctx,
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	266	const unsigned char *input,
				267	size_t ilen )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	268	{
Janos Follath	24eed8d	2019-11-22 13:21:35 +0000	[diff] [blame]	269	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker	23986e5	2011-04-24 08:57:21 +0000	[diff] [blame]	270	size_t fill;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	271	uint32_t left;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	272
Hanno Becker	8d215e7	2018-12-18 17:53:21 +0000	[diff] [blame]	273	SHA256_VALIDATE_RET( ctx != NULL );
				274	SHA256_VALIDATE_RET( ilen == 0 \|\| input != NULL );
Hanno Becker	596e014	2018-12-18 15:00:38 +0000	[diff] [blame]	275
Brian White	12895d1	2014-04-11 11:29:42 -0400	[diff] [blame]	276	if( ilen == 0 )
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	277	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	278
				279	left = ctx->total[0] & 0x3F;
				280	fill = 64 - left;
				281
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	282	ctx->total[0] += (uint32_t) ilen;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	283	ctx->total[0] &= 0xFFFFFFFF;
				284
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	285	if( ctx->total[0] < (uint32_t) ilen )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	286	ctx->total[1]++;
				287
				288	if( left && ilen >= fill )
				289	{
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	290	memcpy( (void *) (ctx->buffer + left), input, fill );
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	291
Andres Amaya Garcia	cccfe08	2017-06-28 10:36:39 +0100	[diff] [blame]	292	if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	293	return( ret );
				294
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	295	input += fill;
				296	ilen -= fill;
				297	left = 0;
				298	}
				299
				300	while( ilen >= 64 )
				301	{
Andres Amaya Garcia	cccfe08	2017-06-28 10:36:39 +0100	[diff] [blame]	302	if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 )
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	303	return( ret );
				304
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	305	input += 64;
				306	ilen -= 64;
				307	}
				308
				309	if( ilen > 0 )
Paul Bakker	3c2122f	2013-06-24 19:03:14 +0200	[diff] [blame]	310	memcpy( (void *) (ctx->buffer + left), input, ilen );
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	311
				312	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	313	}
				314
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	315	/*
				316	* SHA-256 final digest
				317	*/
TRodziewicz	26371e4	2021-06-08 16:45:41 +0200	[diff] [blame]	318	int mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
Gilles Peskine	d7b3d92	2021-05-13 00:45:25 +0200	[diff] [blame]	319	unsigned char *output )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	320	{
Janos Follath	24eed8d	2019-11-22 13:21:35 +0000	[diff] [blame]	321	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard	1cc1fb0	2018-06-28 12:10:27 +0200	[diff] [blame]	322	uint32_t used;
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	323	uint32_t high, low;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	324
Hanno Becker	8d215e7	2018-12-18 17:53:21 +0000	[diff] [blame]	325	SHA256_VALIDATE_RET( ctx != NULL );
				326	SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
Andres Amaya Garcia	79e593f	2018-12-09 20:41:20 +0000	[diff] [blame]	327
Manuel Pégourié-Gonnard	1cc1fb0	2018-06-28 12:10:27 +0200	[diff] [blame]	328	/*
				329	* Add padding: 0x80 then 0x00 until 8 bytes remain for the length
				330	*/
				331	used = ctx->total[0] & 0x3F;
				332
				333	ctx->buffer[used++] = 0x80;
				334
				335	if( used <= 56 )
				336	{
				337	/* Enough room for padding + length in current block */
				338	memset( ctx->buffer + used, 0, 56 - used );
				339	}
				340	else
				341	{
				342	/* We'll need an extra block */
				343	memset( ctx->buffer + used, 0, 64 - used );
				344
				345	if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
				346	return( ret );
				347
				348	memset( ctx->buffer, 0, 56 );
				349	}
				350
				351	/*
				352	* Add message length
				353	*/
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	354	high = ( ctx->total[0] >> 29 )
				355	\| ( ctx->total[1] << 3 );
				356	low = ( ctx->total[0] << 3 );
				357
Manuel Pégourié-Gonnard	1cc1fb0	2018-06-28 12:10:27 +0200	[diff] [blame]	358	PUT_UINT32_BE( high, ctx->buffer, 56 );
				359	PUT_UINT32_BE( low, ctx->buffer, 60 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	360
Manuel Pégourié-Gonnard	1cc1fb0	2018-06-28 12:10:27 +0200	[diff] [blame]	361	if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
Andres Amaya Garcia	aa464ef	2017-07-21 14:21:53 +0100	[diff] [blame]	362	return( ret );
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	363
Manuel Pégourié-Gonnard	1cc1fb0	2018-06-28 12:10:27 +0200	[diff] [blame]	364	/*
				365	* Output final state
				366	*/
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	367	PUT_UINT32_BE( ctx->state[0], output, 0 );
				368	PUT_UINT32_BE( ctx->state[1], output, 4 );
				369	PUT_UINT32_BE( ctx->state[2], output, 8 );
				370	PUT_UINT32_BE( ctx->state[3], output, 12 );
				371	PUT_UINT32_BE( ctx->state[4], output, 16 );
				372	PUT_UINT32_BE( ctx->state[5], output, 20 );
				373	PUT_UINT32_BE( ctx->state[6], output, 24 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	374
Mateusz Starzyk	e3c48b4	2021-04-19 16:46:28 +0200	[diff] [blame]	375	#if defined(MBEDTLS_SHA224_C)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	376	if( ctx->is224 == 0 )
Mateusz Starzyk	e3c48b4	2021-04-19 16:46:28 +0200	[diff] [blame]	377	#endif
Paul Bakker	5c2364c	2012-10-01 14:41:15 +0000	[diff] [blame]	378	PUT_UINT32_BE( ctx->state[7], output, 28 );
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	379
				380	return( 0 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	381	}
				382
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	383	#endif /* !MBEDTLS_SHA256_ALT */
Paul Bakker	90995b5	2013-06-24 19:20:35 +0200	[diff] [blame]	384
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	385	/*
				386	* output = SHA-256( input buffer )
				387	*/
TRodziewicz	26371e4	2021-06-08 16:45:41 +0200	[diff] [blame]	388	int mbedtls_sha256( const unsigned char *input,
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	389	size_t ilen,
Gilles Peskine	d7b3d92	2021-05-13 00:45:25 +0200	[diff] [blame]	390	unsigned char *output,
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	391	int is224 )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	392	{
Janos Follath	24eed8d	2019-11-22 13:21:35 +0000	[diff] [blame]	393	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	394	mbedtls_sha256_context ctx;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	395
Mateusz Starzyk	e3c48b4	2021-04-19 16:46:28 +0200	[diff] [blame]	396	#if defined(MBEDTLS_SHA224_C)
Hanno Becker	8d215e7	2018-12-18 17:53:21 +0000	[diff] [blame]	397	SHA256_VALIDATE_RET( is224 == 0 \|\| is224 == 1 );
Mateusz Starzyk	e3c48b4	2021-04-19 16:46:28 +0200	[diff] [blame]	398	#else
				399	SHA256_VALIDATE_RET( is224 == 0 );
				400	#endif
				401
Hanno Becker	8d215e7	2018-12-18 17:53:21 +0000	[diff] [blame]	402	SHA256_VALIDATE_RET( ilen == 0 \|\| input != NULL );
				403	SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
Andres Amaya Garcia	79e593f	2018-12-09 20:41:20 +0000	[diff] [blame]	404
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	405	mbedtls_sha256_init( &ctx );
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	406
TRodziewicz	26371e4	2021-06-08 16:45:41 +0200	[diff] [blame]	407	if( ( ret = mbedtls_sha256_starts( &ctx, is224 ) ) != 0 )
Andres Amaya Garcia	0963e6c	2017-07-20 14:34:08 +0100	[diff] [blame]	408	goto exit;
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	409
TRodziewicz	26371e4	2021-06-08 16:45:41 +0200	[diff] [blame]	410	if( ( ret = mbedtls_sha256_update( &ctx, input, ilen ) ) != 0 )
Andres Amaya Garcia	0963e6c	2017-07-20 14:34:08 +0100	[diff] [blame]	411	goto exit;
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	412
TRodziewicz	26371e4	2021-06-08 16:45:41 +0200	[diff] [blame]	413	if( ( ret = mbedtls_sha256_finish( &ctx, output ) ) != 0 )
Andres Amaya Garcia	0963e6c	2017-07-20 14:34:08 +0100	[diff] [blame]	414	goto exit;
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	415
Andres Amaya Garcia	0963e6c	2017-07-20 14:34:08 +0100	[diff] [blame]	416	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	417	mbedtls_sha256_free( &ctx );
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	418
Andres Amaya Garcia	0963e6c	2017-07-20 14:34:08 +0100	[diff] [blame]	419	return( ret );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	420	}
				421
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	422	#if defined(MBEDTLS_SELF_TEST)
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	423	/*
				424	* FIPS-180-2 test vectors
				425	*/
Manuel Pégourié-Gonnard	28122e4	2015-03-11 09:13:42 +0000	[diff] [blame]	426	static const unsigned char sha256_test_buf[3][57] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	427	{
				428	{ "abc" },
				429	{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
				430	{ "" }
				431	};
				432
Andres Amaya Garcia	2d0aa8b	2017-07-21 14:57:26 +0100	[diff] [blame]	433	static const size_t sha256_test_buflen[3] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	434	{
				435	3, 56, 1000
				436	};
				437
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	438	static const unsigned char sha256_test_sum[6][32] =
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	439	{
				440	/*
				441	* SHA-224 test vectors
				442	*/
				443	{ 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
				444	0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
				445	0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
				446	0xE3, 0x6C, 0x9D, 0xA7 },
				447	{ 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
				448	0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
				449	0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
				450	0x52, 0x52, 0x25, 0x25 },
				451	{ 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
				452	0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
				453	0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
				454	0x4E, 0xE7, 0xAD, 0x67 },
				455
				456	/*
				457	* SHA-256 test vectors
				458	*/
				459	{ 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
				460	0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
				461	0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
				462	0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
				463	{ 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
				464	0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
				465	0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
				466	0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
				467	{ 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
				468	0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
				469	0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
				470	0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
				471	};
				472
				473	/*
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	474	* Checkup routine
				475	*/
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	476	int mbedtls_sha256_self_test( int verbose )
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	477	{
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	478	int i, j, k, buflen, ret = 0;
Russ Butler	bb83b42	2016-10-12 17:36:50 -0500	[diff] [blame]	479	unsigned char *buf;
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	480	unsigned char sha256sum[32];
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	481	mbedtls_sha256_context ctx;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	482
Russ Butler	bb83b42	2016-10-12 17:36:50 -0500	[diff] [blame]	483	buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
				484	if( NULL == buf )
				485	{
				486	if( verbose != 0 )
				487	mbedtls_printf( "Buffer allocation failed\n" );
				488
				489	return( 1 );
				490	}
				491
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	492	mbedtls_sha256_init( &ctx );
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	493
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	494	for( i = 0; i < 6; i++ )
				495	{
				496	j = i % 3;
				497	k = i < 3;
				498
				499	if( verbose != 0 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	500	mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	501
TRodziewicz	26371e4	2021-06-08 16:45:41 +0200	[diff] [blame]	502	if( ( ret = mbedtls_sha256_starts( &ctx, k ) ) != 0 )
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	503	goto fail;
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	504
				505	if( j == 2 )
				506	{
				507	memset( buf, 'a', buflen = 1000 );
				508
				509	for( j = 0; j < 1000; j++ )
Andres Amaya Garcia	6a3f305	2017-07-20 14:18:54 +0100	[diff] [blame]	510	{
TRodziewicz	26371e4	2021-06-08 16:45:41 +0200	[diff] [blame]	511	ret = mbedtls_sha256_update( &ctx, buf, buflen );
Andres Amaya Garcia	6a3f305	2017-07-20 14:18:54 +0100	[diff] [blame]	512	if( ret != 0 )
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	513	goto fail;
Andres Amaya Garcia	6a3f305	2017-07-20 14:18:54 +0100	[diff] [blame]	514	}
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	515
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	516	}
				517	else
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	518	{
TRodziewicz	26371e4	2021-06-08 16:45:41 +0200	[diff] [blame]	519	ret = mbedtls_sha256_update( &ctx, sha256_test_buf[j],
Andres Amaya Garcia	6a3f305	2017-07-20 14:18:54 +0100	[diff] [blame]	520	sha256_test_buflen[j] );
				521	if( ret != 0 )
				522	goto fail;
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	523	}
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	524
TRodziewicz	26371e4	2021-06-08 16:45:41 +0200	[diff] [blame]	525	if( ( ret = mbedtls_sha256_finish( &ctx, sha256sum ) ) != 0 )
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	526	goto fail;
				527
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	528
Paul Bakker	9e36f04	2013-06-30 14:34:05 +0200	[diff] [blame]	529	if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
Andres Amaya Garcia	6a3f305	2017-07-20 14:18:54 +0100	[diff] [blame]	530	{
				531	ret = 1;
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	532	goto fail;
Andres Amaya Garcia	6a3f305	2017-07-20 14:18:54 +0100	[diff] [blame]	533	}
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	534
				535	if( verbose != 0 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	536	mbedtls_printf( "passed\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	537	}
				538
				539	if( verbose != 0 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	540	mbedtls_printf( "\n" );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	541
Andres Amaya Garcia	72a7f53	2017-05-02 11:38:47 +0100	[diff] [blame]	542	goto exit;
				543
				544	fail:
				545	if( verbose != 0 )
				546	mbedtls_printf( "failed\n" );
				547
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	548	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	549	mbedtls_sha256_free( &ctx );
Russ Butler	bb83b42	2016-10-12 17:36:50 -0500	[diff] [blame]	550	mbedtls_free( buf );
Paul Bakker	5b4af39	2014-06-26 12:09:34 +0200	[diff] [blame]	551
				552	return( ret );
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	553	}
				554
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	555	#endif /* MBEDTLS_SELF_TEST */
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	556
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	557	#endif /* MBEDTLS_SHA256_C */