TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 00b78a9c54ab2c5c2941d395fd3202272d148b88 / . / library / sha512.c
blob: 0f9e1e5352f7dd3313cef5a56ba9d132af8bd429 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-2 compliant SHA-384/512 implementation
3 *
Manuel Pégourié-Gonnard6fb81872015-07-27 11:11:48 +0200[diff] [blame]4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]18 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]19 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]20 */
21/*
22 * The SHA-512 Secure Hash Standard was published by NIST in 2002.
23 *
24 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
25 */
26
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]27#if !defined(MBEDTLS_CONFIG_FILE)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]28#include "mbedtls/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]29#else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]30#include MBEDTLS_CONFIG_FILE
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]31#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]32
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]33#if defined(MBEDTLS_SHA512_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]34
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]35#include "mbedtls/sha512.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]36
Manuel Pégourié-Gonnard1dd16742015-03-05 16:13:04 +0000[diff] [blame]37#if defined(_MSC_VER) || defined(__WATCOMC__)
38 #define UL64(x) x##ui64
39#else
40 #define UL64(x) x##ULL
41#endif
42
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]43#include <string.h>
44
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]45#if defined(MBEDTLS_SELF_TEST)
46#if defined(MBEDTLS_PLATFORM_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]47#include "mbedtls/platform.h"
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]48#else
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]49#include <stdio.h>
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]50#define mbedtls_printf printf
51#endif /* MBEDTLS_PLATFORM_C */
52#endif /* MBEDTLS_SELF_TEST */
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]53
Manuel Pégourié-Gonnard8b2641d2015-08-27 20:03:46 +0200[diff] [blame]54#if !defined(MBEDTLS_SHA512_ALT)
55
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]56/* Implementation that should never be optimized out by the compiler */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]57static void mbedtls_zeroize( void *v, size_t n ) {
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]58 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
59}
60
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]61/*
62 * 64-bit integer manipulation macros (big endian)
63 */
64#ifndef GET_UINT64_BE
65#define GET_UINT64_BE(n,b,i) \
66{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]67 (n) = ( (uint64_t) (b)[(i) ] << 56 ) \
68 | ( (uint64_t) (b)[(i) + 1] << 48 ) \
69 | ( (uint64_t) (b)[(i) + 2] << 40 ) \
70 | ( (uint64_t) (b)[(i) + 3] << 32 ) \
71 | ( (uint64_t) (b)[(i) + 4] << 24 ) \
72 | ( (uint64_t) (b)[(i) + 5] << 16 ) \
73 | ( (uint64_t) (b)[(i) + 6] << 8 ) \
74 | ( (uint64_t) (b)[(i) + 7] ); \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]75}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]76#endif /* GET_UINT64_BE */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]77
78#ifndef PUT_UINT64_BE
79#define PUT_UINT64_BE(n,b,i) \
80{ \
81 (b)[(i) ] = (unsigned char) ( (n) >> 56 ); \
82 (b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \
83 (b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \
84 (b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \
85 (b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \
86 (b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \
87 (b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \
88 (b)[(i) + 7] = (unsigned char) ( (n) ); \
89}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]90#endif /* PUT_UINT64_BE */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]91
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]92void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]93{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]94 memset( ctx, 0, sizeof( mbedtls_sha512_context ) );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]95}
96
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]97void mbedtls_sha512_free( mbedtls_sha512_context *ctx )
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]98{
99 if( ctx == NULL )
100 return;
101
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]102 mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]103}
104
Manuel Pégourié-Gonnard16d412f2015-07-06 15:26:26 +0200[diff] [blame]105void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
106 const mbedtls_sha512_context *src )
107{
108 *dst = *src;
109}
110
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]111/*
112 * SHA-512 context setup
113 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]114void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]115{
116 ctx->total[0] = 0;
117 ctx->total[1] = 0;
118
119 if( is384 == 0 )
120 {
121 /* SHA-512 */
122 ctx->state[0] = UL64(0x6A09E667F3BCC908);
123 ctx->state[1] = UL64(0xBB67AE8584CAA73B);
124 ctx->state[2] = UL64(0x3C6EF372FE94F82B);
125 ctx->state[3] = UL64(0xA54FF53A5F1D36F1);
126 ctx->state[4] = UL64(0x510E527FADE682D1);
127 ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
128 ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
129 ctx->state[7] = UL64(0x5BE0CD19137E2179);
130 }
131 else
132 {
133 /* SHA-384 */
134 ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
135 ctx->state[1] = UL64(0x629A292A367CD507);
136 ctx->state[2] = UL64(0x9159015A3070DD17);
137 ctx->state[3] = UL64(0x152FECD8F70E5939);
138 ctx->state[4] = UL64(0x67332667FFC00B31);
139 ctx->state[5] = UL64(0x8EB44A8768581511);
140 ctx->state[6] = UL64(0xDB0C2E0D64F98FA7);
141 ctx->state[7] = UL64(0x47B5481DBEFA4FA4);
142 }
143
144 ctx->is384 = is384;
145}
146
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]147#if !defined(MBEDTLS_SHA512_PROCESS_ALT)
Alexey Skalozub00b78a92016-01-13 17:39:58 +0200[diff] [blame^]148
149/*
150 * Round constants
151 */
152static const uint64_t K[80] =
153{
154 UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
155 UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
156 UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
157 UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
158 UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
159 UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
160 UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
161 UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
162 UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
163 UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
164 UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
165 UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
166 UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
167 UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
168 UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
169 UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
170 UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
171 UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
172 UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
173 UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
174 UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
175 UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
176 UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
177 UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
178 UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
179 UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
180 UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
181 UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
182 UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
183 UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
184 UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
185 UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
186 UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
187 UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
188 UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
189 UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
190 UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
191 UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
192 UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
193 UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
194};
195
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]196void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]197{
198 int i;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]199 uint64_t temp1, temp2, W[80];
200 uint64_t A, B, C, D, E, F, G, H;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]201
202#define SHR(x,n) (x >> n)
203#define ROTR(x,n) (SHR(x,n) | (x << (64 - n)))
204
205#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7))
206#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6))
207
208#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
209#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
210
211#define F0(x,y,z) ((x & y) | (z & (x | y)))
212#define F1(x,y,z) (z ^ (x & (y ^ z)))
213
214#define P(a,b,c,d,e,f,g,h,x,K) \
215{ \
216 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
217 temp2 = S2(a) + F0(a,b,c); \
218 d += temp1; h = temp1 + temp2; \
219}
220
221 for( i = 0; i < 16; i++ )
222 {
223 GET_UINT64_BE( W[i], data, i << 3 );
224 }
225
226 for( ; i < 80; i++ )
227 {
228 W[i] = S1(W[i - 2]) + W[i - 7] +
229 S0(W[i - 15]) + W[i - 16];
230 }
231
232 A = ctx->state[0];
233 B = ctx->state[1];
234 C = ctx->state[2];
235 D = ctx->state[3];
236 E = ctx->state[4];
237 F = ctx->state[5];
238 G = ctx->state[6];
239 H = ctx->state[7];
240 i = 0;
241
242 do
243 {
244 P( A, B, C, D, E, F, G, H, W[i], K[i] ); i++;
245 P( H, A, B, C, D, E, F, G, W[i], K[i] ); i++;
246 P( G, H, A, B, C, D, E, F, W[i], K[i] ); i++;
247 P( F, G, H, A, B, C, D, E, W[i], K[i] ); i++;
248 P( E, F, G, H, A, B, C, D, W[i], K[i] ); i++;
249 P( D, E, F, G, H, A, B, C, W[i], K[i] ); i++;
250 P( C, D, E, F, G, H, A, B, W[i], K[i] ); i++;
251 P( B, C, D, E, F, G, H, A, W[i], K[i] ); i++;
252 }
253 while( i < 80 );
254
255 ctx->state[0] += A;
256 ctx->state[1] += B;
257 ctx->state[2] += C;
258 ctx->state[3] += D;
259 ctx->state[4] += E;
260 ctx->state[5] += F;
261 ctx->state[6] += G;
262 ctx->state[7] += H;
263}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]264#endif /* !MBEDTLS_SHA512_PROCESS_ALT */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]265
266/*
267 * SHA-512 process buffer
268 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]269void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input,
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]270 size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]271{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]272 size_t fill;
Paul Bakkerb8213a12011-07-11 08:16:18 +0000[diff] [blame]273 unsigned int left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]274
Brian White12895d12014-04-11 11:29:42 -0400[diff] [blame]275 if( ilen == 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]276 return;
277
Paul Bakkerb8213a12011-07-11 08:16:18 +0000[diff] [blame]278 left = (unsigned int) (ctx->total[0] & 0x7F);
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]279 fill = 128 - left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]280
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]281 ctx->total[0] += (uint64_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]282
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]283 if( ctx->total[0] < (uint64_t) ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]284 ctx->total[1]++;
285
286 if( left && ilen >= fill )
287 {
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]288 memcpy( (void *) (ctx->buffer + left), input, fill );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]289 mbedtls_sha512_process( ctx, ctx->buffer );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]290 input += fill;
291 ilen -= fill;
292 left = 0;
293 }
294
295 while( ilen >= 128 )
296 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]297 mbedtls_sha512_process( ctx, input );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]298 input += 128;
299 ilen -= 128;
300 }
301
302 if( ilen > 0 )
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]303 memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]304}
305
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]306static const unsigned char sha512_padding[128] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]307{
308 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
309 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
310 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
311 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
312 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
313 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
314 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
315 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
316};
317
318/*
319 * SHA-512 final digest
320 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]321void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]322{
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]323 size_t last, padn;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]324 uint64_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]325 unsigned char msglen[16];
326
327 high = ( ctx->total[0] >> 61 )
328 | ( ctx->total[1] << 3 );
329 low = ( ctx->total[0] << 3 );
330
331 PUT_UINT64_BE( high, msglen, 0 );
332 PUT_UINT64_BE( low, msglen, 8 );
333
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]334 last = (size_t)( ctx->total[0] & 0x7F );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]335 padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
336
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]337 mbedtls_sha512_update( ctx, sha512_padding, padn );
338 mbedtls_sha512_update( ctx, msglen, 16 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]339
340 PUT_UINT64_BE( ctx->state[0], output, 0 );
341 PUT_UINT64_BE( ctx->state[1], output, 8 );
342 PUT_UINT64_BE( ctx->state[2], output, 16 );
343 PUT_UINT64_BE( ctx->state[3], output, 24 );
344 PUT_UINT64_BE( ctx->state[4], output, 32 );
345 PUT_UINT64_BE( ctx->state[5], output, 40 );
346
347 if( ctx->is384 == 0 )
348 {
349 PUT_UINT64_BE( ctx->state[6], output, 48 );
350 PUT_UINT64_BE( ctx->state[7], output, 56 );
351 }
352}
353
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]354#endif /* !MBEDTLS_SHA512_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]355
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]356/*
357 * output = SHA-512( input buffer )
358 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]359void mbedtls_sha512( const unsigned char *input, size_t ilen,
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]360 unsigned char output[64], int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]361{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]362 mbedtls_sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]363
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]364 mbedtls_sha512_init( &ctx );
365 mbedtls_sha512_starts( &ctx, is384 );
366 mbedtls_sha512_update( &ctx, input, ilen );
367 mbedtls_sha512_finish( &ctx, output );
368 mbedtls_sha512_free( &ctx );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]369}
370
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]371#if defined(MBEDTLS_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]372
373/*
374 * FIPS-180-2 test vectors
375 */
Manuel Pégourié-Gonnard28122e42015-03-11 09:13:42 +0000[diff] [blame]376static const unsigned char sha512_test_buf[3][113] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]377{
378 { "abc" },
379 { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
380 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" },
381 { "" }
382};
383
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]384static const int sha512_test_buflen[3] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]385{
386 3, 112, 1000
387};
388
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]389static const unsigned char sha512_test_sum[6][64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]390{
391 /*
392 * SHA-384 test vectors
393 */
394 { 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
395 0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
396 0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
397 0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED,
398 0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23,
399 0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7 },
400 { 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8,
401 0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47,
402 0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2,
403 0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12,
404 0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9,
405 0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39 },
406 { 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB,
407 0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C,
408 0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52,
409 0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B,
410 0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB,
411 0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 },
412
413 /*
414 * SHA-512 test vectors
415 */
416 { 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA,
417 0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31,
418 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
419 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A,
420 0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8,
421 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
422 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E,
423 0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F },
424 { 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA,
425 0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F,
426 0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1,
427 0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18,
428 0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4,
429 0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A,
430 0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54,
431 0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09 },
432 { 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64,
433 0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63,
434 0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28,
435 0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB,
436 0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A,
437 0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B,
438 0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E,
439 0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B }
440};
441
442/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]443 * Checkup routine
444 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]445int mbedtls_sha512_self_test( int verbose )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]446{
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]447 int i, j, k, buflen, ret = 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]448 unsigned char buf[1024];
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]449 unsigned char sha512sum[64];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]450 mbedtls_sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]451
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]452 mbedtls_sha512_init( &ctx );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]453
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]454 for( i = 0; i < 6; i++ )
455 {
456 j = i % 3;
457 k = i < 3;
458
459 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]460 mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]461
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]462 mbedtls_sha512_starts( &ctx, k );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]463
464 if( j == 2 )
465 {
466 memset( buf, 'a', buflen = 1000 );
467
468 for( j = 0; j < 1000; j++ )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]469 mbedtls_sha512_update( &ctx, buf, buflen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]470 }
471 else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]472 mbedtls_sha512_update( &ctx, sha512_test_buf[j],
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]473 sha512_test_buflen[j] );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]474
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]475 mbedtls_sha512_finish( &ctx, sha512sum );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]476
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]477 if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]478 {
479 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]480 mbedtls_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]481
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]482 ret = 1;
483 goto exit;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]484 }
485
486 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]487 mbedtls_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]488 }
489
490 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]491 mbedtls_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]492
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]493exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]494 mbedtls_sha512_free( &ctx );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]495
496 return( ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]497}
498
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]499#endif /* MBEDTLS_SELF_TEST */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]500
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]501#endif /* MBEDTLS_SHA512_C */