TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 16d412f4654d7eca75139c926c09ca66fe88a789 / . / library / sha512.c
blob: 3daf0808976ee53f8655153c0807e3bdac270435 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-2 compliant SHA-384/512 implementation
3 *
Manuel Pégourié-Gonnarda658a402015-01-23 09:45:19 +0000[diff] [blame]4 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]6 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]7 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22/*
23 * The SHA-512 Secure Hash Standard was published by NIST in 2002.
24 *
25 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
26 */
27
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]28#if !defined(MBEDTLS_CONFIG_FILE)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]29#include "mbedtls/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]30#else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]31#include MBEDTLS_CONFIG_FILE
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]32#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]33
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]34#if defined(MBEDTLS_SHA512_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]35
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]36#include "mbedtls/sha512.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]37
Manuel Pégourié-Gonnard1dd16742015-03-05 16:13:04 +0000[diff] [blame]38#if defined(_MSC_VER) || defined(__WATCOMC__)
39 #define UL64(x) x##ui64
40#else
41 #define UL64(x) x##ULL
42#endif
43
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]44#include <string.h>
45
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]46#if defined(MBEDTLS_SELF_TEST)
47#if defined(MBEDTLS_PLATFORM_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]48#include "mbedtls/platform.h"
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]49#else
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]50#include <stdio.h>
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]51#define mbedtls_printf printf
52#endif /* MBEDTLS_PLATFORM_C */
53#endif /* MBEDTLS_SELF_TEST */
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]54
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]55/* Implementation that should never be optimized out by the compiler */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]56static void mbedtls_zeroize( void *v, size_t n ) {
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]57 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
58}
59
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]60#if !defined(MBEDTLS_SHA512_ALT)
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]61
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]62/*
63 * 64-bit integer manipulation macros (big endian)
64 */
65#ifndef GET_UINT64_BE
66#define GET_UINT64_BE(n,b,i) \
67{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]68 (n) = ( (uint64_t) (b)[(i) ] << 56 ) \
69 | ( (uint64_t) (b)[(i) + 1] << 48 ) \
70 | ( (uint64_t) (b)[(i) + 2] << 40 ) \
71 | ( (uint64_t) (b)[(i) + 3] << 32 ) \
72 | ( (uint64_t) (b)[(i) + 4] << 24 ) \
73 | ( (uint64_t) (b)[(i) + 5] << 16 ) \
74 | ( (uint64_t) (b)[(i) + 6] << 8 ) \
75 | ( (uint64_t) (b)[(i) + 7] ); \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]76}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]77#endif /* GET_UINT64_BE */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]78
79#ifndef PUT_UINT64_BE
80#define PUT_UINT64_BE(n,b,i) \
81{ \
82 (b)[(i) ] = (unsigned char) ( (n) >> 56 ); \
83 (b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \
84 (b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \
85 (b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \
86 (b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \
87 (b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \
88 (b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \
89 (b)[(i) + 7] = (unsigned char) ( (n) ); \
90}
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]91#endif /* PUT_UINT64_BE */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]92
93/*
94 * Round constants
95 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]96static const uint64_t K[80] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]97{
98 UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
99 UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
100 UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
101 UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
102 UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
103 UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
104 UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
105 UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
106 UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
107 UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
108 UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
109 UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
110 UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
111 UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
112 UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
113 UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
114 UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
115 UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
116 UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
117 UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
118 UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
119 UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
120 UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
121 UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
122 UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
123 UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
124 UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
125 UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
126 UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
127 UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
128 UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
129 UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
130 UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
131 UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
132 UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
133 UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
134 UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
135 UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
136 UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
137 UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
138};
139
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]140void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]141{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]142 memset( ctx, 0, sizeof( mbedtls_sha512_context ) );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]143}
144
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]145void mbedtls_sha512_free( mbedtls_sha512_context *ctx )
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]146{
147 if( ctx == NULL )
148 return;
149
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]150 mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]151}
152
Manuel Pégourié-Gonnard16d412f2015-07-06 15:26:26 +0200[diff] [blame^]153void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
154 const mbedtls_sha512_context *src )
155{
156 *dst = *src;
157}
158
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]159/*
160 * SHA-512 context setup
161 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]162void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]163{
164 ctx->total[0] = 0;
165 ctx->total[1] = 0;
166
167 if( is384 == 0 )
168 {
169 /* SHA-512 */
170 ctx->state[0] = UL64(0x6A09E667F3BCC908);
171 ctx->state[1] = UL64(0xBB67AE8584CAA73B);
172 ctx->state[2] = UL64(0x3C6EF372FE94F82B);
173 ctx->state[3] = UL64(0xA54FF53A5F1D36F1);
174 ctx->state[4] = UL64(0x510E527FADE682D1);
175 ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
176 ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
177 ctx->state[7] = UL64(0x5BE0CD19137E2179);
178 }
179 else
180 {
181 /* SHA-384 */
182 ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
183 ctx->state[1] = UL64(0x629A292A367CD507);
184 ctx->state[2] = UL64(0x9159015A3070DD17);
185 ctx->state[3] = UL64(0x152FECD8F70E5939);
186 ctx->state[4] = UL64(0x67332667FFC00B31);
187 ctx->state[5] = UL64(0x8EB44A8768581511);
188 ctx->state[6] = UL64(0xDB0C2E0D64F98FA7);
189 ctx->state[7] = UL64(0x47B5481DBEFA4FA4);
190 }
191
192 ctx->is384 = is384;
193}
194
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]195#if !defined(MBEDTLS_SHA512_PROCESS_ALT)
196void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]197{
198 int i;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]199 uint64_t temp1, temp2, W[80];
200 uint64_t A, B, C, D, E, F, G, H;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]201
202#define SHR(x,n) (x >> n)
203#define ROTR(x,n) (SHR(x,n) | (x << (64 - n)))
204
205#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7))
206#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6))
207
208#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
209#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
210
211#define F0(x,y,z) ((x & y) | (z & (x | y)))
212#define F1(x,y,z) (z ^ (x & (y ^ z)))
213
214#define P(a,b,c,d,e,f,g,h,x,K) \
215{ \
216 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
217 temp2 = S2(a) + F0(a,b,c); \
218 d += temp1; h = temp1 + temp2; \
219}
220
221 for( i = 0; i < 16; i++ )
222 {
223 GET_UINT64_BE( W[i], data, i << 3 );
224 }
225
226 for( ; i < 80; i++ )
227 {
228 W[i] = S1(W[i - 2]) + W[i - 7] +
229 S0(W[i - 15]) + W[i - 16];
230 }
231
232 A = ctx->state[0];
233 B = ctx->state[1];
234 C = ctx->state[2];
235 D = ctx->state[3];
236 E = ctx->state[4];
237 F = ctx->state[5];
238 G = ctx->state[6];
239 H = ctx->state[7];
240 i = 0;
241
242 do
243 {
244 P( A, B, C, D, E, F, G, H, W[i], K[i] ); i++;
245 P( H, A, B, C, D, E, F, G, W[i], K[i] ); i++;
246 P( G, H, A, B, C, D, E, F, W[i], K[i] ); i++;
247 P( F, G, H, A, B, C, D, E, W[i], K[i] ); i++;
248 P( E, F, G, H, A, B, C, D, W[i], K[i] ); i++;
249 P( D, E, F, G, H, A, B, C, W[i], K[i] ); i++;
250 P( C, D, E, F, G, H, A, B, W[i], K[i] ); i++;
251 P( B, C, D, E, F, G, H, A, W[i], K[i] ); i++;
252 }
253 while( i < 80 );
254
255 ctx->state[0] += A;
256 ctx->state[1] += B;
257 ctx->state[2] += C;
258 ctx->state[3] += D;
259 ctx->state[4] += E;
260 ctx->state[5] += F;
261 ctx->state[6] += G;
262 ctx->state[7] += H;
263}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]264#endif /* !MBEDTLS_SHA512_PROCESS_ALT */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]265
266/*
267 * SHA-512 process buffer
268 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]269void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input,
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]270 size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]271{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]272 size_t fill;
Paul Bakkerb8213a12011-07-11 08:16:18 +0000[diff] [blame]273 unsigned int left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]274
Brian White12895d12014-04-11 11:29:42 -0400[diff] [blame]275 if( ilen == 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]276 return;
277
Paul Bakkerb8213a12011-07-11 08:16:18 +0000[diff] [blame]278 left = (unsigned int) (ctx->total[0] & 0x7F);
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]279 fill = 128 - left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]280
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]281 ctx->total[0] += (uint64_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]282
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]283 if( ctx->total[0] < (uint64_t) ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]284 ctx->total[1]++;
285
286 if( left && ilen >= fill )
287 {
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]288 memcpy( (void *) (ctx->buffer + left), input, fill );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]289 mbedtls_sha512_process( ctx, ctx->buffer );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]290 input += fill;
291 ilen -= fill;
292 left = 0;
293 }
294
295 while( ilen >= 128 )
296 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]297 mbedtls_sha512_process( ctx, input );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]298 input += 128;
299 ilen -= 128;
300 }
301
302 if( ilen > 0 )
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]303 memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]304}
305
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]306static const unsigned char sha512_padding[128] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]307{
308 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
309 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
310 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
311 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
312 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
313 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
314 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
315 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
316};
317
318/*
319 * SHA-512 final digest
320 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]321void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]322{
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]323 size_t last, padn;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]324 uint64_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]325 unsigned char msglen[16];
326
327 high = ( ctx->total[0] >> 61 )
328 | ( ctx->total[1] << 3 );
329 low = ( ctx->total[0] << 3 );
330
331 PUT_UINT64_BE( high, msglen, 0 );
332 PUT_UINT64_BE( low, msglen, 8 );
333
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]334 last = (size_t)( ctx->total[0] & 0x7F );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]335 padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
336
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]337 mbedtls_sha512_update( ctx, sha512_padding, padn );
338 mbedtls_sha512_update( ctx, msglen, 16 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]339
340 PUT_UINT64_BE( ctx->state[0], output, 0 );
341 PUT_UINT64_BE( ctx->state[1], output, 8 );
342 PUT_UINT64_BE( ctx->state[2], output, 16 );
343 PUT_UINT64_BE( ctx->state[3], output, 24 );
344 PUT_UINT64_BE( ctx->state[4], output, 32 );
345 PUT_UINT64_BE( ctx->state[5], output, 40 );
346
347 if( ctx->is384 == 0 )
348 {
349 PUT_UINT64_BE( ctx->state[6], output, 48 );
350 PUT_UINT64_BE( ctx->state[7], output, 56 );
351 }
352}
353
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]354#endif /* !MBEDTLS_SHA512_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]355
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]356/*
357 * output = SHA-512( input buffer )
358 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]359void mbedtls_sha512( const unsigned char *input, size_t ilen,
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]360 unsigned char output[64], int is384 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]361{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]362 mbedtls_sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]363
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]364 mbedtls_sha512_init( &ctx );
365 mbedtls_sha512_starts( &ctx, is384 );
366 mbedtls_sha512_update( &ctx, input, ilen );
367 mbedtls_sha512_finish( &ctx, output );
368 mbedtls_sha512_free( &ctx );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]369}
370
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]371#if defined(MBEDTLS_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]372
373/*
374 * FIPS-180-2 test vectors
375 */
Manuel Pégourié-Gonnard28122e42015-03-11 09:13:42 +0000[diff] [blame]376static const unsigned char sha512_test_buf[3][113] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]377{
378 { "abc" },
379 { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
380 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" },
381 { "" }
382};
383
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]384static const int sha512_test_buflen[3] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]385{
386 3, 112, 1000
387};
388
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]389static const unsigned char sha512_test_sum[6][64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]390{
391 /*
392 * SHA-384 test vectors
393 */
394 { 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
395 0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
396 0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
397 0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED,
398 0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23,
399 0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7 },
400 { 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8,
401 0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47,
402 0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2,
403 0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12,
404 0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9,
405 0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39 },
406 { 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB,
407 0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C,
408 0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52,
409 0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B,
410 0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB,
411 0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 },
412
413 /*
414 * SHA-512 test vectors
415 */
416 { 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA,
417 0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31,
418 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
419 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A,
420 0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8,
421 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
422 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E,
423 0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F },
424 { 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA,
425 0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F,
426 0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1,
427 0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18,
428 0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4,
429 0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A,
430 0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54,
431 0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09 },
432 { 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64,
433 0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63,
434 0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28,
435 0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB,
436 0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A,
437 0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B,
438 0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E,
439 0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B }
440};
441
442/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]443 * Checkup routine
444 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]445int mbedtls_sha512_self_test( int verbose )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]446{
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]447 int i, j, k, buflen, ret = 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]448 unsigned char buf[1024];
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]449 unsigned char sha512sum[64];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]450 mbedtls_sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]451
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]452 mbedtls_sha512_init( &ctx );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]453
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]454 for( i = 0; i < 6; i++ )
455 {
456 j = i % 3;
457 k = i < 3;
458
459 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]460 mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]461
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]462 mbedtls_sha512_starts( &ctx, k );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]463
464 if( j == 2 )
465 {
466 memset( buf, 'a', buflen = 1000 );
467
468 for( j = 0; j < 1000; j++ )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]469 mbedtls_sha512_update( &ctx, buf, buflen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]470 }
471 else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]472 mbedtls_sha512_update( &ctx, sha512_test_buf[j],
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]473 sha512_test_buflen[j] );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]474
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]475 mbedtls_sha512_finish( &ctx, sha512sum );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]476
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]477 if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]478 {
479 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]480 mbedtls_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]481
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]482 ret = 1;
483 goto exit;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]484 }
485
486 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]487 mbedtls_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]488 }
489
490 if( verbose != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]491 mbedtls_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]492
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]493exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]494 mbedtls_sha512_free( &ctx );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]495
496 return( ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]497}
498
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]499#endif /* MBEDTLS_SELF_TEST */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]500
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]501#endif /* MBEDTLS_SHA512_C */