Rivoreo Source Code Repositories
src.rivoreo.one / security / mbedtls / 723f8674c499e278b66d670570a16b54c22cbe59 / . / library / sha256.c
blob: 695485d8476b20cfdbfa6298815e05e3d0fb7b5f [file] [log] [blame] [raw]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-2 compliant SHA-256 implementation
3 *
Manuel Pégourié-Gonnard6fb81872015-07-27 11:11:48 +0200[diff] [blame]4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]18 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]19 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]20 */
21/*
22 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
23 *
24 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
25 */
26
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]27#if !defined(MBEDTLS_CONFIG_FILE)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]28#include "mbedtls/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]29#else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]30#include MBEDTLS_CONFIG_FILE
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]31#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]32
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]33#if defined(MBEDTLS_SHA256_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]34
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]35#include "mbedtls/sha256.h"
Andres Amaya Garcia1f6301b2018-04-17 09:51:09 -0500[diff] [blame]36#include "mbedtls/platform_util.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]37
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]38#include <string.h>
39
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]40#if defined(MBEDTLS_SELF_TEST)
41#if defined(MBEDTLS_PLATFORM_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]42#include "mbedtls/platform.h"
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]43#else
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]44#include <stdio.h>
Russ Butlerbb83b422016-10-12 17:36:50 -0500[diff] [blame]45#include <stdlib.h>
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]46#define mbedtls_printf printf
Russ Butlerbb83b422016-10-12 17:36:50 -0500[diff] [blame]47#define mbedtls_calloc calloc
48#define mbedtls_free free
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]49#endif /* MBEDTLS_PLATFORM_C */
50#endif /* MBEDTLS_SELF_TEST */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]51
Manuel Pégourié-Gonnard8b2641d2015-08-27 20:03:46 +0200[diff] [blame]52#if !defined(MBEDTLS_SHA256_ALT)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]53
54/*
55 * 32-bit integer manipulation macros (big endian)
56 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]57#ifndef GET_UINT32_BE
58#define GET_UINT32_BE(n,b,i) \
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]59do { \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]60 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
61 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
62 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
63 | ( (uint32_t) (b)[(i) + 3] ); \
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]64} while( 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]65#endif
66
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]67#ifndef PUT_UINT32_BE
68#define PUT_UINT32_BE(n,b,i) \
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]69do { \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]70 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
71 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
72 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
73 (b)[(i) + 3] = (unsigned char) ( (n) ); \
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]74} while( 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]75#endif
76
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]77void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]78{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]79 memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]80}
81
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]82void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]83{
84 if( ctx == NULL )
85 return;
86
Andres Amaya Garcia1f6301b2018-04-17 09:51:09 -0500[diff] [blame]87 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]88}
89
Manuel Pégourié-Gonnard16d412f2015-07-06 15:26:26 +0200[diff] [blame]90void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
91 const mbedtls_sha256_context *src )
92{
93 *dst = *src;
94}
95
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]96/*
97 * SHA-256 context setup
98 */
Gilles Peskine9e4f77c2018-01-22 11:48:08 +0100[diff] [blame]99int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]100{
101 ctx->total[0] = 0;
102 ctx->total[1] = 0;
103
104 if( is224 == 0 )
105 {
106 /* SHA-256 */
107 ctx->state[0] = 0x6A09E667;
108 ctx->state[1] = 0xBB67AE85;
109 ctx->state[2] = 0x3C6EF372;
110 ctx->state[3] = 0xA54FF53A;
111 ctx->state[4] = 0x510E527F;
112 ctx->state[5] = 0x9B05688C;
113 ctx->state[6] = 0x1F83D9AB;
114 ctx->state[7] = 0x5BE0CD19;
115 }
116 else
117 {
118 /* SHA-224 */
119 ctx->state[0] = 0xC1059ED8;
120 ctx->state[1] = 0x367CD507;
121 ctx->state[2] = 0x3070DD17;
122 ctx->state[3] = 0xF70E5939;
123 ctx->state[4] = 0xFFC00B31;
124 ctx->state[5] = 0x68581511;
125 ctx->state[6] = 0x64F98FA7;
126 ctx->state[7] = 0xBEFA4FA4;
127 }
128
129 ctx->is224 = is224;
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]130
131 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]132}
133
Jaeden Amero041039f2018-02-19 15:28:08 +0000[diff] [blame]134#if !defined(MBEDTLS_DEPRECATED_REMOVED)
135void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
136 int is224 )
137{
138 mbedtls_sha256_starts_ret( ctx, is224 );
139}
140#endif
141
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]142#if !defined(MBEDTLS_SHA256_PROCESS_ALT)
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]143static const uint32_t K[] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]144{
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]145 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
146 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
147 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
148 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
149 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
150 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
151 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
152 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
153 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
154 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
155 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
156 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
157 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
158 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
159 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
160 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
161};
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]162
163#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
164#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
165
166#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
167#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
168
169#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
170#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
171
172#define F0(x,y,z) ((x & y) | (z & (x | y)))
173#define F1(x,y,z) (z ^ (x & (y ^ z)))
174
175#define R(t) \
176( \
177 W[t] = S1(W[t - 2]) + W[t - 7] + \
178 S0(W[t - 15]) + W[t - 16] \
179)
180
181#define P(a,b,c,d,e,f,g,h,x,K) \
182{ \
183 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
184 temp2 = S2(a) + F0(a,b,c); \
185 d += temp1; h = temp1 + temp2; \
186}
187
Andres Amaya Garciacccfe082017-06-28 10:36:39 +0100[diff] [blame]188int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]189 const unsigned char data[64] )
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]190{
191 uint32_t temp1, temp2, W[64];
192 uint32_t A[8];
193 unsigned int i;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]194
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]195 for( i = 0; i < 8; i++ )
196 A[i] = ctx->state[i];
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]197
198#if defined(MBEDTLS_SHA256_SMALLER)
199 for( i = 0; i < 64; i++ )
200 {
201 if( i < 16 )
202 GET_UINT32_BE( W[i], data, 4 * i );
203 else
204 R( i );
205
206 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] );
207
208 temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3];
209 A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1;
210 }
211#else /* MBEDTLS_SHA256_SMALLER */
212 for( i = 0; i < 16; i++ )
213 GET_UINT32_BE( W[i], data, 4 * i );
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]214
215 for( i = 0; i < 16; i += 8 )
216 {
217 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] );
218 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] );
219 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] );
220 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] );
221 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] );
222 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
223 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
224 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
225 }
226
227 for( i = 16; i < 64; i += 8 )
228 {
229 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] );
230 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] );
231 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] );
232 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] );
233 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] );
234 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
235 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
236 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
237 }
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]238#endif /* MBEDTLS_SHA256_SMALLER */
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]239
240 for( i = 0; i < 8; i++ )
241 ctx->state[i] += A[i];
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]242
243 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]244}
Jaeden Amero041039f2018-02-19 15:28:08 +0000[diff] [blame]245
246#if !defined(MBEDTLS_DEPRECATED_REMOVED)
247void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
248 const unsigned char data[64] )
249{
250 mbedtls_internal_sha256_process( ctx, data );
251}
252#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]253#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]254
255/*
256 * SHA-256 process buffer
257 */
Gilles Peskine9e4f77c2018-01-22 11:48:08 +0100[diff] [blame]258int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]259 const unsigned char *input,
260 size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]261{
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]262 int ret;
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]263 size_t fill;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]264 uint32_t left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]265
Brian White12895d12014-04-11 11:29:42 -0400[diff] [blame]266 if( ilen == 0 )
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]267 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]268
269 left = ctx->total[0] & 0x3F;
270 fill = 64 - left;
271
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]272 ctx->total[0] += (uint32_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]273 ctx->total[0] &= 0xFFFFFFFF;
274
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]275 if( ctx->total[0] < (uint32_t) ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]276 ctx->total[1]++;
277
278 if( left && ilen >= fill )
279 {
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]280 memcpy( (void *) (ctx->buffer + left), input, fill );
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]281
Andres Amaya Garciacccfe082017-06-28 10:36:39 +0100[diff] [blame]282 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]283 return( ret );
284
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]285 input += fill;
286 ilen -= fill;
287 left = 0;
288 }
289
290 while( ilen >= 64 )
291 {
Andres Amaya Garciacccfe082017-06-28 10:36:39 +0100[diff] [blame]292 if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 )
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]293 return( ret );
294
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]295 input += 64;
296 ilen -= 64;
297 }
298
299 if( ilen > 0 )
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]300 memcpy( (void *) (ctx->buffer + left), input, ilen );
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]301
302 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]303}
304
Jaeden Amero041039f2018-02-19 15:28:08 +0000[diff] [blame]305#if !defined(MBEDTLS_DEPRECATED_REMOVED)
306void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
307 const unsigned char *input,
308 size_t ilen )
309{
310 mbedtls_sha256_update_ret( ctx, input, ilen );
311}
312#endif
313
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]314static const unsigned char sha256_padding[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]315{
316 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
317 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
318 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
319 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
320};
321
322/*
323 * SHA-256 final digest
324 */
Gilles Peskine9e4f77c2018-01-22 11:48:08 +0100[diff] [blame]325int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]326 unsigned char output[32] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]327{
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]328 int ret;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]329 uint32_t last, padn;
330 uint32_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]331 unsigned char msglen[8];
332
333 high = ( ctx->total[0] >> 29 )
334 | ( ctx->total[1] << 3 );
335 low = ( ctx->total[0] << 3 );
336
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]337 PUT_UINT32_BE( high, msglen, 0 );
338 PUT_UINT32_BE( low, msglen, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]339
340 last = ctx->total[0] & 0x3F;
341 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
342
Gilles Peskine9e4f77c2018-01-22 11:48:08 +0100[diff] [blame]343 if( ( ret = mbedtls_sha256_update_ret( ctx, sha256_padding, padn ) ) != 0 )
Andres Amaya Garciaaa464ef2017-07-21 14:21:53 +0100[diff] [blame]344 return( ret );
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]345
Gilles Peskine9e4f77c2018-01-22 11:48:08 +0100[diff] [blame]346 if( ( ret = mbedtls_sha256_update_ret( ctx, msglen, 8 ) ) != 0 )
Andres Amaya Garciaaa464ef2017-07-21 14:21:53 +0100[diff] [blame]347 return( ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]348
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]349 PUT_UINT32_BE( ctx->state[0], output, 0 );
350 PUT_UINT32_BE( ctx->state[1], output, 4 );
351 PUT_UINT32_BE( ctx->state[2], output, 8 );
352 PUT_UINT32_BE( ctx->state[3], output, 12 );
353 PUT_UINT32_BE( ctx->state[4], output, 16 );
354 PUT_UINT32_BE( ctx->state[5], output, 20 );
355 PUT_UINT32_BE( ctx->state[6], output, 24 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]356
357 if( ctx->is224 == 0 )
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]358 PUT_UINT32_BE( ctx->state[7], output, 28 );
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]359
360 return( 0 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]361}
362
Jaeden Amero041039f2018-02-19 15:28:08 +0000[diff] [blame]363#if !defined(MBEDTLS_DEPRECATED_REMOVED)
364void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
365 unsigned char output[32] )
366{
367 mbedtls_sha256_finish_ret( ctx, output );
368}
369#endif
370
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]371#endif /* !MBEDTLS_SHA256_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]372
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]373/*
374 * output = SHA-256( input buffer )
375 */
Gilles Peskine9e4f77c2018-01-22 11:48:08 +0100[diff] [blame]376int mbedtls_sha256_ret( const unsigned char *input,
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]377 size_t ilen,
378 unsigned char output[32],
379 int is224 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]380{
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]381 int ret;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]382 mbedtls_sha256_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]383
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]384 mbedtls_sha256_init( &ctx );
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]385
Gilles Peskine9e4f77c2018-01-22 11:48:08 +0100[diff] [blame]386 if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame]387 goto exit;
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]388
Gilles Peskine9e4f77c2018-01-22 11:48:08 +0100[diff] [blame]389 if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 )
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame]390 goto exit;
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]391
Gilles Peskine9e4f77c2018-01-22 11:48:08 +0100[diff] [blame]392 if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 )
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame]393 goto exit;
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]394
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame]395exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]396 mbedtls_sha256_free( &ctx );
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]397
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame]398 return( ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]399}
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]400
Jaeden Amero041039f2018-02-19 15:28:08 +0000[diff] [blame]401#if !defined(MBEDTLS_DEPRECATED_REMOVED)
402void mbedtls_sha256( const unsigned char *input,
403 size_t ilen,
404 unsigned char output[32],
405 int is224 )
406{
407 mbedtls_sha256_ret( input, ilen, output, is224 );
408}
409#endif
410
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]411#if defined(MBEDTLS_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]412/*
413 * FIPS-180-2 test vectors
414 */
Manuel Pégourié-Gonnard28122e42015-03-11 09:13:42 +0000[diff] [blame]415static const unsigned char sha256_test_buf[3][57] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]416{
417 { "abc" },
418 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
419 { "" }
420};
421
Andres Amaya Garcia2d0aa8b2017-07-21 14:57:26 +0100[diff] [blame]422static const size_t sha256_test_buflen[3] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]423{
424 3, 56, 1000
425};
426
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]427static const unsigned char sha256_test_sum[6][32] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]428{
429 /*
430 * SHA-224 test vectors
431 */
432 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
433 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
434 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
435 0xE3, 0x6C, 0x9D, 0xA7 },
436 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
437 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
438 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
439 0x52, 0x52, 0x25, 0x25 },
440 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
441 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
442 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
443 0x4E, 0xE7, 0xAD, 0x67 },
444
445 /*
446 * SHA-256 test vectors
447 */
448 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
449 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
450 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
451 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
452 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
453 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
454 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
455 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
456 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
457 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
458 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
459 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
460};
461
462/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]463 * Checkup routine
464 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]465int mbedtls_sha256_self_test( int verbose )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]466{
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]467 int i, j, k, buflen, ret = 0;
Russ Butlerbb83b422016-10-12 17:36:50 -0500[diff] [blame]468 unsigned char *buf;
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]469 unsigned char sha256sum[32];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]470 mbedtls_sha256_context ctx;
Russ Butlerbb83b422016-10-12 17:36:50 -0500[diff] [blame]471
472 buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
473 if( NULL == buf )
474 {
475 if( verbose != 0 )
476 mbedtls_printf( "Buffer allocation failed\n" );
477
478 return( 1 );
479 }
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]480
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]481 mbedtls_sha256_init( &ctx );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]482
483 for( i = 0; i < 6; i++ )
484 {
485 j = i % 3;
486 k = i < 3;
487
488 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]489 mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]490
Gilles Peskine9e4f77c2018-01-22 11:48:08 +0100[diff] [blame]491 if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 )
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]492 goto fail;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]493
494 if( j == 2 )
495 {
496 memset( buf, 'a', buflen = 1000 );
497
498 for( j = 0; j < 1000; j++ )
Andres Amaya Garcia6a3f3052017-07-20 14:18:54 +0100[diff] [blame]499 {
Gilles Peskine9e4f77c2018-01-22 11:48:08 +0100[diff] [blame]500 ret = mbedtls_sha256_update_ret( &ctx, buf, buflen );
Andres Amaya Garcia6a3f3052017-07-20 14:18:54 +0100[diff] [blame]501 if( ret != 0 )
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]502 goto fail;
Andres Amaya Garcia6a3f3052017-07-20 14:18:54 +0100[diff] [blame]503 }
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]504
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]505 }
506 else
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]507 {
Gilles Peskine9e4f77c2018-01-22 11:48:08 +0100[diff] [blame]508 ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j],
Andres Amaya Garcia6a3f3052017-07-20 14:18:54 +0100[diff] [blame]509 sha256_test_buflen[j] );
510 if( ret != 0 )
511 goto fail;
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]512 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]513
Gilles Peskine9e4f77c2018-01-22 11:48:08 +0100[diff] [blame]514 if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 )
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]515 goto fail;
516
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]517
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]518 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
Andres Amaya Garcia6a3f3052017-07-20 14:18:54 +0100[diff] [blame]519 {
520 ret = 1;
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]521 goto fail;
Andres Amaya Garcia6a3f3052017-07-20 14:18:54 +0100[diff] [blame]522 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]523
524 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]525 mbedtls_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]526 }
527
528 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]529 mbedtls_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]530
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]531 goto exit;
532
533fail:
534 if( verbose != 0 )
535 mbedtls_printf( "failed\n" );
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]536
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]537exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]538 mbedtls_sha256_free( &ctx );
Russ Butlerbb83b422016-10-12 17:36:50 -0500[diff] [blame]539 mbedtls_free( buf );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]540
541 return( ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]542}
543
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]544#endif /* MBEDTLS_SELF_TEST */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]545
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]546#endif /* MBEDTLS_SHA256_C */