TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / b5904d25ef38ec06f34a69a5a62b1743eddd4680 / . / library / sha256.c
blob: f6f6556615fa4e57eb49a8db9d8d88fcd8404eb2 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-2 compliant SHA-256 implementation
3 *
Manuel Pégourié-Gonnarda658a402015-01-23 09:45:19 +0000[diff] [blame]4 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]6 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]7 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22/*
23 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
24 *
25 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
26 */
27
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]28#if !defined(POLARSSL_CONFIG_FILE)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]29#include "mbedtls/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]30#else
31#include POLARSSL_CONFIG_FILE
32#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]33
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]34#if defined(POLARSSL_SHA256_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]35
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]36#include "mbedtls/sha256.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]37
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]38#include <string.h>
39
40#if defined(POLARSSL_FS_IO)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]41#include <stdio.h>
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]42#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]43
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]44#if defined(POLARSSL_SELF_TEST)
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]45#if defined(POLARSSL_PLATFORM_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]46#include "mbedtls/platform.h"
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]47#else
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]48#include <stdio.h>
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]49#define polarssl_printf printf
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]50#endif /* POLARSSL_PLATFORM_C */
51#endif /* POLARSSL_SELF_TEST */
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]52
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]53/* Implementation that should never be optimized out by the compiler */
54static void polarssl_zeroize( void *v, size_t n ) {
55 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
56}
57
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]58#if !defined(POLARSSL_SHA256_ALT)
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]59
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]60/*
61 * 32-bit integer manipulation macros (big endian)
62 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]63#ifndef GET_UINT32_BE
64#define GET_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]65{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]66 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
67 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
68 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
69 | ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]70}
71#endif
72
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]73#ifndef PUT_UINT32_BE
74#define PUT_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]75{ \
76 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
77 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
78 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
79 (b)[(i) + 3] = (unsigned char) ( (n) ); \
80}
81#endif
82
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]83void sha256_init( sha256_context *ctx )
84{
85 memset( ctx, 0, sizeof( sha256_context ) );
86}
87
88void sha256_free( sha256_context *ctx )
89{
90 if( ctx == NULL )
91 return;
92
93 polarssl_zeroize( ctx, sizeof( sha256_context ) );
94}
95
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]96/*
97 * SHA-256 context setup
98 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]99void sha256_starts( sha256_context *ctx, int is224 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]100{
101 ctx->total[0] = 0;
102 ctx->total[1] = 0;
103
104 if( is224 == 0 )
105 {
106 /* SHA-256 */
107 ctx->state[0] = 0x6A09E667;
108 ctx->state[1] = 0xBB67AE85;
109 ctx->state[2] = 0x3C6EF372;
110 ctx->state[3] = 0xA54FF53A;
111 ctx->state[4] = 0x510E527F;
112 ctx->state[5] = 0x9B05688C;
113 ctx->state[6] = 0x1F83D9AB;
114 ctx->state[7] = 0x5BE0CD19;
115 }
116 else
117 {
118 /* SHA-224 */
119 ctx->state[0] = 0xC1059ED8;
120 ctx->state[1] = 0x367CD507;
121 ctx->state[2] = 0x3070DD17;
122 ctx->state[3] = 0xF70E5939;
123 ctx->state[4] = 0xFFC00B31;
124 ctx->state[5] = 0x68581511;
125 ctx->state[6] = 0x64F98FA7;
126 ctx->state[7] = 0xBEFA4FA4;
127 }
128
129 ctx->is224 = is224;
130}
131
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200[diff] [blame]132#if !defined(POLARSSL_SHA256_PROCESS_ALT)
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]133void sha256_process( sha256_context *ctx, const unsigned char data[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]134{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]135 uint32_t temp1, temp2, W[64];
136 uint32_t A, B, C, D, E, F, G, H;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]137
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]138 GET_UINT32_BE( W[ 0], data, 0 );
139 GET_UINT32_BE( W[ 1], data, 4 );
140 GET_UINT32_BE( W[ 2], data, 8 );
141 GET_UINT32_BE( W[ 3], data, 12 );
142 GET_UINT32_BE( W[ 4], data, 16 );
143 GET_UINT32_BE( W[ 5], data, 20 );
144 GET_UINT32_BE( W[ 6], data, 24 );
145 GET_UINT32_BE( W[ 7], data, 28 );
146 GET_UINT32_BE( W[ 8], data, 32 );
147 GET_UINT32_BE( W[ 9], data, 36 );
148 GET_UINT32_BE( W[10], data, 40 );
149 GET_UINT32_BE( W[11], data, 44 );
150 GET_UINT32_BE( W[12], data, 48 );
151 GET_UINT32_BE( W[13], data, 52 );
152 GET_UINT32_BE( W[14], data, 56 );
153 GET_UINT32_BE( W[15], data, 60 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]154
155#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
156#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
157
158#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
159#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
160
161#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
162#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
163
164#define F0(x,y,z) ((x & y) | (z & (x | y)))
165#define F1(x,y,z) (z ^ (x & (y ^ z)))
166
167#define R(t) \
168( \
169 W[t] = S1(W[t - 2]) + W[t - 7] + \
170 S0(W[t - 15]) + W[t - 16] \
171)
172
173#define P(a,b,c,d,e,f,g,h,x,K) \
174{ \
175 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
176 temp2 = S2(a) + F0(a,b,c); \
177 d += temp1; h = temp1 + temp2; \
178}
179
180 A = ctx->state[0];
181 B = ctx->state[1];
182 C = ctx->state[2];
183 D = ctx->state[3];
184 E = ctx->state[4];
185 F = ctx->state[5];
186 G = ctx->state[6];
187 H = ctx->state[7];
188
189 P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 );
190 P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 );
191 P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF );
192 P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 );
193 P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B );
194 P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 );
195 P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 );
196 P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 );
197 P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 );
198 P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 );
199 P( G, H, A, B, C, D, E, F, W[10], 0x243185BE );
200 P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 );
201 P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 );
202 P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE );
203 P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 );
204 P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 );
205 P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 );
206 P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 );
207 P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 );
208 P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC );
209 P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F );
210 P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA );
211 P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC );
212 P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA );
213 P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 );
214 P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D );
215 P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 );
216 P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 );
217 P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 );
218 P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 );
219 P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 );
220 P( B, C, D, E, F, G, H, A, R(31), 0x14292967 );
221 P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 );
222 P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 );
223 P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC );
224 P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 );
225 P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 );
226 P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB );
227 P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E );
228 P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 );
229 P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 );
230 P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B );
231 P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 );
232 P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 );
233 P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 );
234 P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 );
235 P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 );
236 P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 );
237 P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 );
238 P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 );
239 P( G, H, A, B, C, D, E, F, R(50), 0x2748774C );
240 P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 );
241 P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 );
242 P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A );
243 P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F );
244 P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 );
245 P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE );
246 P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F );
247 P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 );
248 P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 );
249 P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA );
250 P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB );
251 P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 );
252 P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 );
253
254 ctx->state[0] += A;
255 ctx->state[1] += B;
256 ctx->state[2] += C;
257 ctx->state[3] += D;
258 ctx->state[4] += E;
259 ctx->state[5] += F;
260 ctx->state[6] += G;
261 ctx->state[7] += H;
262}
Manuel Pégourié-Gonnard427b6722015-03-31 18:32:50 +0200[diff] [blame]263#endif /* !POLARSSL_SHA256_PROCESS_ALT */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]264
265/*
266 * SHA-256 process buffer
267 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]268void sha256_update( sha256_context *ctx, const unsigned char *input,
269 size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]270{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]271 size_t fill;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]272 uint32_t left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]273
Brian White12895d12014-04-11 11:29:42 -0400[diff] [blame]274 if( ilen == 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]275 return;
276
277 left = ctx->total[0] & 0x3F;
278 fill = 64 - left;
279
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]280 ctx->total[0] += (uint32_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]281 ctx->total[0] &= 0xFFFFFFFF;
282
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]283 if( ctx->total[0] < (uint32_t) ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]284 ctx->total[1]++;
285
286 if( left && ilen >= fill )
287 {
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]288 memcpy( (void *) (ctx->buffer + left), input, fill );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]289 sha256_process( ctx, ctx->buffer );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]290 input += fill;
291 ilen -= fill;
292 left = 0;
293 }
294
295 while( ilen >= 64 )
296 {
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]297 sha256_process( ctx, input );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]298 input += 64;
299 ilen -= 64;
300 }
301
302 if( ilen > 0 )
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]303 memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]304}
305
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]306static const unsigned char sha256_padding[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]307{
308 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
309 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
310 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
311 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
312};
313
314/*
315 * SHA-256 final digest
316 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]317void sha256_finish( sha256_context *ctx, unsigned char output[32] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]318{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]319 uint32_t last, padn;
320 uint32_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]321 unsigned char msglen[8];
322
323 high = ( ctx->total[0] >> 29 )
324 | ( ctx->total[1] << 3 );
325 low = ( ctx->total[0] << 3 );
326
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]327 PUT_UINT32_BE( high, msglen, 0 );
328 PUT_UINT32_BE( low, msglen, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]329
330 last = ctx->total[0] & 0x3F;
331 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
332
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]333 sha256_update( ctx, sha256_padding, padn );
334 sha256_update( ctx, msglen, 8 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]335
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]336 PUT_UINT32_BE( ctx->state[0], output, 0 );
337 PUT_UINT32_BE( ctx->state[1], output, 4 );
338 PUT_UINT32_BE( ctx->state[2], output, 8 );
339 PUT_UINT32_BE( ctx->state[3], output, 12 );
340 PUT_UINT32_BE( ctx->state[4], output, 16 );
341 PUT_UINT32_BE( ctx->state[5], output, 20 );
342 PUT_UINT32_BE( ctx->state[6], output, 24 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]343
344 if( ctx->is224 == 0 )
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]345 PUT_UINT32_BE( ctx->state[7], output, 28 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]346}
347
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]348#endif /* !POLARSSL_SHA256_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]349
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]350/*
351 * output = SHA-256( input buffer )
352 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]353void sha256( const unsigned char *input, size_t ilen,
354 unsigned char output[32], int is224 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]355{
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]356 sha256_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]357
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]358 sha256_init( &ctx );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]359 sha256_starts( &ctx, is224 );
360 sha256_update( &ctx, input, ilen );
361 sha256_finish( &ctx, output );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]362 sha256_free( &ctx );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]363}
364
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]365#if defined(POLARSSL_FS_IO)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]366/*
367 * output = SHA-256( file contents )
368 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]369int sha256_file( const char *path, unsigned char output[32], int is224 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]370{
371 FILE *f;
372 size_t n;
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]373 sha256_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]374 unsigned char buf[1024];
375
376 if( ( f = fopen( path, "rb" ) ) == NULL )
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]377 return( POLARSSL_ERR_SHA256_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]378
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]379 sha256_init( &ctx );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]380 sha256_starts( &ctx, is224 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]381
382 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]383 sha256_update( &ctx, buf, n );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]384
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]385 sha256_finish( &ctx, output );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]386 sha256_free( &ctx );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]387
388 if( ferror( f ) != 0 )
389 {
390 fclose( f );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]391 return( POLARSSL_ERR_SHA256_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]392 }
393
394 fclose( f );
395 return( 0 );
396}
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]397#endif /* POLARSSL_FS_IO */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]398
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]399#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]400/*
401 * FIPS-180-2 test vectors
402 */
Manuel Pégourié-Gonnard28122e42015-03-11 09:13:42 +0000[diff] [blame]403static const unsigned char sha256_test_buf[3][57] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]404{
405 { "abc" },
406 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
407 { "" }
408};
409
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]410static const int sha256_test_buflen[3] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]411{
412 3, 56, 1000
413};
414
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]415static const unsigned char sha256_test_sum[6][32] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]416{
417 /*
418 * SHA-224 test vectors
419 */
420 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
421 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
422 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
423 0xE3, 0x6C, 0x9D, 0xA7 },
424 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
425 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
426 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
427 0x52, 0x52, 0x25, 0x25 },
428 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
429 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
430 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
431 0x4E, 0xE7, 0xAD, 0x67 },
432
433 /*
434 * SHA-256 test vectors
435 */
436 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
437 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
438 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
439 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
440 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
441 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
442 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
443 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
444 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
445 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
446 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
447 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
448};
449
450/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]451 * Checkup routine
452 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]453int sha256_self_test( int verbose )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]454{
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]455 int i, j, k, buflen, ret = 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]456 unsigned char buf[1024];
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]457 unsigned char sha256sum[32];
458 sha256_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]459
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]460 sha256_init( &ctx );
461
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]462 for( i = 0; i < 6; i++ )
463 {
464 j = i % 3;
465 k = i < 3;
466
467 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]468 polarssl_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]469
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]470 sha256_starts( &ctx, k );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]471
472 if( j == 2 )
473 {
474 memset( buf, 'a', buflen = 1000 );
475
476 for( j = 0; j < 1000; j++ )
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]477 sha256_update( &ctx, buf, buflen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]478 }
479 else
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]480 sha256_update( &ctx, sha256_test_buf[j],
481 sha256_test_buflen[j] );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]482
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]483 sha256_finish( &ctx, sha256sum );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]484
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]485 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]486 {
487 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]488 polarssl_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]489
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]490 ret = 1;
491 goto exit;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]492 }
493
494 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]495 polarssl_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]496 }
497
498 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]499 polarssl_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]500
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]501exit:
502 sha256_free( &ctx );
503
504 return( ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]505}
506
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]507#endif /* POLARSSL_SELF_TEST */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]508
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]509#endif /* POLARSSL_SHA256_C */