TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a7a3a5fe37d01d02a3dc0c0ce759e701b2f9eda5 / . / library / sha256.c
blob: f80c2b8aab3509eeab65ed2398fa408716fbc436 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-2 compliant SHA-256 implementation
3 *
Manuel Pégourié-Gonnarda658a402015-01-23 09:45:19 +0000[diff] [blame]4 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]6 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]7 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22/*
23 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
24 *
25 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
26 */
27
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]28#if !defined(MBEDTLS_CONFIG_FILE)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]29#include "mbedtls/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]30#else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]31#include MBEDTLS_CONFIG_FILE
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]32#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]33
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]34#if defined(MBEDTLS_SHA256_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]35
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]36#include "mbedtls/sha256.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]37
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]38#include <string.h>
39
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]40#if defined(MBEDTLS_FS_IO)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]41#include <stdio.h>
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]42#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]43
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]44#if defined(MBEDTLS_SELF_TEST)
45#if defined(MBEDTLS_PLATFORM_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]46#include "mbedtls/platform.h"
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]47#else
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]48#include <stdio.h>
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]49#define mbedtls_printf printf
50#endif /* MBEDTLS_PLATFORM_C */
51#endif /* MBEDTLS_SELF_TEST */
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]52
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]53/* Implementation that should never be optimized out by the compiler */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]54static void mbedtls_zeroize( void *v, size_t n ) {
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]55 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
56}
57
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]58#if !defined(MBEDTLS_SHA256_ALT)
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]59
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]60/*
61 * 32-bit integer manipulation macros (big endian)
62 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]63#ifndef GET_UINT32_BE
64#define GET_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]65{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]66 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
67 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
68 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
69 | ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]70}
71#endif
72
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]73#ifndef PUT_UINT32_BE
74#define PUT_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]75{ \
76 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
77 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
78 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
79 (b)[(i) + 3] = (unsigned char) ( (n) ); \
80}
81#endif
82
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]83void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]84{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]85 memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]86}
87
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]88void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]89{
90 if( ctx == NULL )
91 return;
92
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]93 mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]94}
95
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]96/*
97 * SHA-256 context setup
98 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]99void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]100{
101 ctx->total[0] = 0;
102 ctx->total[1] = 0;
103
104 if( is224 == 0 )
105 {
106 /* SHA-256 */
107 ctx->state[0] = 0x6A09E667;
108 ctx->state[1] = 0xBB67AE85;
109 ctx->state[2] = 0x3C6EF372;
110 ctx->state[3] = 0xA54FF53A;
111 ctx->state[4] = 0x510E527F;
112 ctx->state[5] = 0x9B05688C;
113 ctx->state[6] = 0x1F83D9AB;
114 ctx->state[7] = 0x5BE0CD19;
115 }
116 else
117 {
118 /* SHA-224 */
119 ctx->state[0] = 0xC1059ED8;
120 ctx->state[1] = 0x367CD507;
121 ctx->state[2] = 0x3070DD17;
122 ctx->state[3] = 0xF70E5939;
123 ctx->state[4] = 0xFFC00B31;
124 ctx->state[5] = 0x68581511;
125 ctx->state[6] = 0x64F98FA7;
126 ctx->state[7] = 0xBEFA4FA4;
127 }
128
129 ctx->is224 = is224;
130}
131
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]132#if !defined(MBEDTLS_SHA256_PROCESS_ALT)
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame^]133static const uint32_t K[] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]134{
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame^]135 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
136 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
137 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
138 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
139 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
140 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
141 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
142 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
143 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
144 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
145 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
146 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
147 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
148 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
149 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
150 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
151};
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]152
153#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
154#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
155
156#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
157#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
158
159#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
160#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
161
162#define F0(x,y,z) ((x & y) | (z & (x | y)))
163#define F1(x,y,z) (z ^ (x & (y ^ z)))
164
165#define R(t) \
166( \
167 W[t] = S1(W[t - 2]) + W[t - 7] + \
168 S0(W[t - 15]) + W[t - 16] \
169)
170
171#define P(a,b,c,d,e,f,g,h,x,K) \
172{ \
173 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
174 temp2 = S2(a) + F0(a,b,c); \
175 d += temp1; h = temp1 + temp2; \
176}
177
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame^]178void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] )
179{
180 uint32_t temp1, temp2, W[64];
181 uint32_t A[8];
182 unsigned int i;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]183
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame^]184 for( i = 0; i < 16; i++ )
185 GET_UINT32_BE( W[i], data, 4 * i );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]186
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame^]187 for( i = 0; i < 8; i++ )
188 A[i] = ctx->state[i];
189
190 for( i = 0; i < 16; i += 8 )
191 {
192 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] );
193 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] );
194 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] );
195 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] );
196 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] );
197 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
198 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
199 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
200 }
201
202 for( i = 16; i < 64; i += 8 )
203 {
204 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] );
205 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] );
206 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] );
207 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] );
208 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] );
209 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
210 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
211 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
212 }
213
214 for( i = 0; i < 8; i++ )
215 ctx->state[i] += A[i];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]216}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]217#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]218
219/*
220 * SHA-256 process buffer
221 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]222void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]223 size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]224{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]225 size_t fill;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]226 uint32_t left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]227
Brian White12895d12014-04-11 11:29:42 -0400[diff] [blame]228 if( ilen == 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]229 return;
230
231 left = ctx->total[0] & 0x3F;
232 fill = 64 - left;
233
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]234 ctx->total[0] += (uint32_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]235 ctx->total[0] &= 0xFFFFFFFF;
236
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]237 if( ctx->total[0] < (uint32_t) ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]238 ctx->total[1]++;
239
240 if( left && ilen >= fill )
241 {
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]242 memcpy( (void *) (ctx->buffer + left), input, fill );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]243 mbedtls_sha256_process( ctx, ctx->buffer );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]244 input += fill;
245 ilen -= fill;
246 left = 0;
247 }
248
249 while( ilen >= 64 )
250 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]251 mbedtls_sha256_process( ctx, input );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]252 input += 64;
253 ilen -= 64;
254 }
255
256 if( ilen > 0 )
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]257 memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]258}
259
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]260static const unsigned char sha256_padding[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]261{
262 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
263 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
264 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
265 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
266};
267
268/*
269 * SHA-256 final digest
270 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]271void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]272{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]273 uint32_t last, padn;
274 uint32_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]275 unsigned char msglen[8];
276
277 high = ( ctx->total[0] >> 29 )
278 | ( ctx->total[1] << 3 );
279 low = ( ctx->total[0] << 3 );
280
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]281 PUT_UINT32_BE( high, msglen, 0 );
282 PUT_UINT32_BE( low, msglen, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]283
284 last = ctx->total[0] & 0x3F;
285 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
286
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]287 mbedtls_sha256_update( ctx, sha256_padding, padn );
288 mbedtls_sha256_update( ctx, msglen, 8 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]289
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]290 PUT_UINT32_BE( ctx->state[0], output, 0 );
291 PUT_UINT32_BE( ctx->state[1], output, 4 );
292 PUT_UINT32_BE( ctx->state[2], output, 8 );
293 PUT_UINT32_BE( ctx->state[3], output, 12 );
294 PUT_UINT32_BE( ctx->state[4], output, 16 );
295 PUT_UINT32_BE( ctx->state[5], output, 20 );
296 PUT_UINT32_BE( ctx->state[6], output, 24 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]297
298 if( ctx->is224 == 0 )
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]299 PUT_UINT32_BE( ctx->state[7], output, 28 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]300}
301
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]302#endif /* !MBEDTLS_SHA256_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]303
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]304/*
305 * output = SHA-256( input buffer )
306 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]307void mbedtls_sha256( const unsigned char *input, size_t ilen,
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]308 unsigned char output[32], int is224 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]309{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]310 mbedtls_sha256_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]311
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]312 mbedtls_sha256_init( &ctx );
313 mbedtls_sha256_starts( &ctx, is224 );
314 mbedtls_sha256_update( &ctx, input, ilen );
315 mbedtls_sha256_finish( &ctx, output );
316 mbedtls_sha256_free( &ctx );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]317}
318
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]319#if defined(MBEDTLS_FS_IO)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]320/*
321 * output = SHA-256( file contents )
322 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]323int mbedtls_sha256_file( const char *path, unsigned char output[32], int is224 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]324{
325 FILE *f;
326 size_t n;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]327 mbedtls_sha256_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]328 unsigned char buf[1024];
329
330 if( ( f = fopen( path, "rb" ) ) == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]331 return( MBEDTLS_ERR_SHA256_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]332
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]333 mbedtls_sha256_init( &ctx );
334 mbedtls_sha256_starts( &ctx, is224 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]335
336 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]337 mbedtls_sha256_update( &ctx, buf, n );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]338
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]339 mbedtls_sha256_finish( &ctx, output );
340 mbedtls_sha256_free( &ctx );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]341
342 if( ferror( f ) != 0 )
343 {
344 fclose( f );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]345 return( MBEDTLS_ERR_SHA256_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]346 }
347
348 fclose( f );
349 return( 0 );
350}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]351#endif /* MBEDTLS_FS_IO */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]352
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]353#if defined(MBEDTLS_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]354/*
355 * FIPS-180-2 test vectors
356 */
Manuel Pégourié-Gonnard28122e42015-03-11 09:13:42 +0000[diff] [blame]357static const unsigned char sha256_test_buf[3][57] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]358{
359 { "abc" },
360 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
361 { "" }
362};
363
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]364static const int sha256_test_buflen[3] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]365{
366 3, 56, 1000
367};
368
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]369static const unsigned char sha256_test_sum[6][32] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]370{
371 /*
372 * SHA-224 test vectors
373 */
374 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
375 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
376 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
377 0xE3, 0x6C, 0x9D, 0xA7 },
378 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
379 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
380 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
381 0x52, 0x52, 0x25, 0x25 },
382 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
383 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
384 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
385 0x4E, 0xE7, 0xAD, 0x67 },
386
387 /*
388 * SHA-256 test vectors
389 */
390 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
391 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
392 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
393 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
394 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
395 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
396 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
397 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
398 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
399 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
400 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
401 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
402};
403
404/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]405 * Checkup routine
406 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]407int mbedtls_sha256_self_test( int verbose )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]408{
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]409 int i, j, k, buflen, ret = 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]410 unsigned char buf[1024];
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]411 unsigned char sha256sum[32];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]412 mbedtls_sha256_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]413
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]414 mbedtls_sha256_init( &ctx );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]415
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]416 for( i = 0; i < 6; i++ )
417 {
418 j = i % 3;
419 k = i < 3;
420
421 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]422 mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]423
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]424 mbedtls_sha256_starts( &ctx, k );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]425
426 if( j == 2 )
427 {
428 memset( buf, 'a', buflen = 1000 );
429
430 for( j = 0; j < 1000; j++ )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]431 mbedtls_sha256_update( &ctx, buf, buflen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]432 }
433 else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]434 mbedtls_sha256_update( &ctx, sha256_test_buf[j],
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]435 sha256_test_buflen[j] );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]436
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]437 mbedtls_sha256_finish( &ctx, sha256sum );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]438
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]439 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]440 {
441 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]442 mbedtls_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]443
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]444 ret = 1;
445 goto exit;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]446 }
447
448 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]449 mbedtls_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]450 }
451
452 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]453 mbedtls_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]454
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]455exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]456 mbedtls_sha256_free( &ctx );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]457
458 return( ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]459}
460
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]461#endif /* MBEDTLS_SELF_TEST */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]462
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]463#endif /* MBEDTLS_SHA256_C */