TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 26c9f90cae10a86461ad30884aa84b5e5cfbea29 / . / library / sha256.c
blob: 7d4c32c1247a3155c0b4aac3609cdc1eec8cbb2d [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-2 compliant SHA-256 implementation
3 *
Manuel Pégourié-Gonnarda658a402015-01-23 09:45:19 +0000[diff] [blame]4 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]5 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]6 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakkerb96f1542010-07-18 20:36:00 +0000[diff] [blame]7 *
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22/*
23 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
24 *
25 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
26 */
27
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]28#if !defined(POLARSSL_CONFIG_FILE)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]29#include "mbedtls/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]30#else
31#include POLARSSL_CONFIG_FILE
32#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]33
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]34#if defined(POLARSSL_SHA256_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]35
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]36#include "mbedtls/sha256.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]37
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]38#include <string.h>
39
40#if defined(POLARSSL_FS_IO)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]41#include <stdio.h>
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]42#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]43
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]44#if defined(POLARSSL_SELF_TEST)
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]45#if defined(POLARSSL_PLATFORM_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]46#include "mbedtls/platform.h"
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]47#else
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]48#include <stdio.h>
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]49#define polarssl_printf printf
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]50#endif /* POLARSSL_PLATFORM_C */
51#endif /* POLARSSL_SELF_TEST */
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]52
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]53/* Implementation that should never be optimized out by the compiler */
54static void polarssl_zeroize( void *v, size_t n ) {
55 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
56}
57
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]58#if !defined(POLARSSL_SHA256_ALT)
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]59
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]60/*
61 * 32-bit integer manipulation macros (big endian)
62 */
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]63#ifndef GET_UINT32_BE
64#define GET_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]65{ \
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]66 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
67 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
68 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
69 | ( (uint32_t) (b)[(i) + 3] ); \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]70}
71#endif
72
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]73#ifndef PUT_UINT32_BE
74#define PUT_UINT32_BE(n,b,i) \
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]75{ \
76 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
77 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
78 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
79 (b)[(i) + 3] = (unsigned char) ( (n) ); \
80}
81#endif
82
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]83void sha256_init( sha256_context *ctx )
84{
85 memset( ctx, 0, sizeof( sha256_context ) );
86}
87
88void sha256_free( sha256_context *ctx )
89{
90 if( ctx == NULL )
91 return;
92
93 polarssl_zeroize( ctx, sizeof( sha256_context ) );
94}
95
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]96/*
97 * SHA-256 context setup
98 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]99void sha256_starts( sha256_context *ctx, int is224 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]100{
101 ctx->total[0] = 0;
102 ctx->total[1] = 0;
103
104 if( is224 == 0 )
105 {
106 /* SHA-256 */
107 ctx->state[0] = 0x6A09E667;
108 ctx->state[1] = 0xBB67AE85;
109 ctx->state[2] = 0x3C6EF372;
110 ctx->state[3] = 0xA54FF53A;
111 ctx->state[4] = 0x510E527F;
112 ctx->state[5] = 0x9B05688C;
113 ctx->state[6] = 0x1F83D9AB;
114 ctx->state[7] = 0x5BE0CD19;
115 }
116 else
117 {
118 /* SHA-224 */
119 ctx->state[0] = 0xC1059ED8;
120 ctx->state[1] = 0x367CD507;
121 ctx->state[2] = 0x3070DD17;
122 ctx->state[3] = 0xF70E5939;
123 ctx->state[4] = 0xFFC00B31;
124 ctx->state[5] = 0x68581511;
125 ctx->state[6] = 0x64F98FA7;
126 ctx->state[7] = 0xBEFA4FA4;
127 }
128
129 ctx->is224 = is224;
130}
131
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]132void sha256_process( sha256_context *ctx, const unsigned char data[64] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]133{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]134 uint32_t temp1, temp2, W[64];
135 uint32_t A, B, C, D, E, F, G, H;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]136
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]137 GET_UINT32_BE( W[ 0], data, 0 );
138 GET_UINT32_BE( W[ 1], data, 4 );
139 GET_UINT32_BE( W[ 2], data, 8 );
140 GET_UINT32_BE( W[ 3], data, 12 );
141 GET_UINT32_BE( W[ 4], data, 16 );
142 GET_UINT32_BE( W[ 5], data, 20 );
143 GET_UINT32_BE( W[ 6], data, 24 );
144 GET_UINT32_BE( W[ 7], data, 28 );
145 GET_UINT32_BE( W[ 8], data, 32 );
146 GET_UINT32_BE( W[ 9], data, 36 );
147 GET_UINT32_BE( W[10], data, 40 );
148 GET_UINT32_BE( W[11], data, 44 );
149 GET_UINT32_BE( W[12], data, 48 );
150 GET_UINT32_BE( W[13], data, 52 );
151 GET_UINT32_BE( W[14], data, 56 );
152 GET_UINT32_BE( W[15], data, 60 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]153
154#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
155#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
156
157#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
158#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
159
160#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
161#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
162
163#define F0(x,y,z) ((x & y) | (z & (x | y)))
164#define F1(x,y,z) (z ^ (x & (y ^ z)))
165
166#define R(t) \
167( \
168 W[t] = S1(W[t - 2]) + W[t - 7] + \
169 S0(W[t - 15]) + W[t - 16] \
170)
171
172#define P(a,b,c,d,e,f,g,h,x,K) \
173{ \
174 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
175 temp2 = S2(a) + F0(a,b,c); \
176 d += temp1; h = temp1 + temp2; \
177}
178
179 A = ctx->state[0];
180 B = ctx->state[1];
181 C = ctx->state[2];
182 D = ctx->state[3];
183 E = ctx->state[4];
184 F = ctx->state[5];
185 G = ctx->state[6];
186 H = ctx->state[7];
187
188 P( A, B, C, D, E, F, G, H, W[ 0], 0x428A2F98 );
189 P( H, A, B, C, D, E, F, G, W[ 1], 0x71374491 );
190 P( G, H, A, B, C, D, E, F, W[ 2], 0xB5C0FBCF );
191 P( F, G, H, A, B, C, D, E, W[ 3], 0xE9B5DBA5 );
192 P( E, F, G, H, A, B, C, D, W[ 4], 0x3956C25B );
193 P( D, E, F, G, H, A, B, C, W[ 5], 0x59F111F1 );
194 P( C, D, E, F, G, H, A, B, W[ 6], 0x923F82A4 );
195 P( B, C, D, E, F, G, H, A, W[ 7], 0xAB1C5ED5 );
196 P( A, B, C, D, E, F, G, H, W[ 8], 0xD807AA98 );
197 P( H, A, B, C, D, E, F, G, W[ 9], 0x12835B01 );
198 P( G, H, A, B, C, D, E, F, W[10], 0x243185BE );
199 P( F, G, H, A, B, C, D, E, W[11], 0x550C7DC3 );
200 P( E, F, G, H, A, B, C, D, W[12], 0x72BE5D74 );
201 P( D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE );
202 P( C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7 );
203 P( B, C, D, E, F, G, H, A, W[15], 0xC19BF174 );
204 P( A, B, C, D, E, F, G, H, R(16), 0xE49B69C1 );
205 P( H, A, B, C, D, E, F, G, R(17), 0xEFBE4786 );
206 P( G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6 );
207 P( F, G, H, A, B, C, D, E, R(19), 0x240CA1CC );
208 P( E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F );
209 P( D, E, F, G, H, A, B, C, R(21), 0x4A7484AA );
210 P( C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC );
211 P( B, C, D, E, F, G, H, A, R(23), 0x76F988DA );
212 P( A, B, C, D, E, F, G, H, R(24), 0x983E5152 );
213 P( H, A, B, C, D, E, F, G, R(25), 0xA831C66D );
214 P( G, H, A, B, C, D, E, F, R(26), 0xB00327C8 );
215 P( F, G, H, A, B, C, D, E, R(27), 0xBF597FC7 );
216 P( E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3 );
217 P( D, E, F, G, H, A, B, C, R(29), 0xD5A79147 );
218 P( C, D, E, F, G, H, A, B, R(30), 0x06CA6351 );
219 P( B, C, D, E, F, G, H, A, R(31), 0x14292967 );
220 P( A, B, C, D, E, F, G, H, R(32), 0x27B70A85 );
221 P( H, A, B, C, D, E, F, G, R(33), 0x2E1B2138 );
222 P( G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC );
223 P( F, G, H, A, B, C, D, E, R(35), 0x53380D13 );
224 P( E, F, G, H, A, B, C, D, R(36), 0x650A7354 );
225 P( D, E, F, G, H, A, B, C, R(37), 0x766A0ABB );
226 P( C, D, E, F, G, H, A, B, R(38), 0x81C2C92E );
227 P( B, C, D, E, F, G, H, A, R(39), 0x92722C85 );
228 P( A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1 );
229 P( H, A, B, C, D, E, F, G, R(41), 0xA81A664B );
230 P( G, H, A, B, C, D, E, F, R(42), 0xC24B8B70 );
231 P( F, G, H, A, B, C, D, E, R(43), 0xC76C51A3 );
232 P( E, F, G, H, A, B, C, D, R(44), 0xD192E819 );
233 P( D, E, F, G, H, A, B, C, R(45), 0xD6990624 );
234 P( C, D, E, F, G, H, A, B, R(46), 0xF40E3585 );
235 P( B, C, D, E, F, G, H, A, R(47), 0x106AA070 );
236 P( A, B, C, D, E, F, G, H, R(48), 0x19A4C116 );
237 P( H, A, B, C, D, E, F, G, R(49), 0x1E376C08 );
238 P( G, H, A, B, C, D, E, F, R(50), 0x2748774C );
239 P( F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5 );
240 P( E, F, G, H, A, B, C, D, R(52), 0x391C0CB3 );
241 P( D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A );
242 P( C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F );
243 P( B, C, D, E, F, G, H, A, R(55), 0x682E6FF3 );
244 P( A, B, C, D, E, F, G, H, R(56), 0x748F82EE );
245 P( H, A, B, C, D, E, F, G, R(57), 0x78A5636F );
246 P( G, H, A, B, C, D, E, F, R(58), 0x84C87814 );
247 P( F, G, H, A, B, C, D, E, R(59), 0x8CC70208 );
248 P( E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA );
249 P( D, E, F, G, H, A, B, C, R(61), 0xA4506CEB );
250 P( C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7 );
251 P( B, C, D, E, F, G, H, A, R(63), 0xC67178F2 );
252
253 ctx->state[0] += A;
254 ctx->state[1] += B;
255 ctx->state[2] += C;
256 ctx->state[3] += D;
257 ctx->state[4] += E;
258 ctx->state[5] += F;
259 ctx->state[6] += G;
260 ctx->state[7] += H;
261}
262
263/*
264 * SHA-256 process buffer
265 */
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame]266void sha256_update( sha256_context *ctx, const unsigned char *input,
267 size_t ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]268{
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]269 size_t fill;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]270 uint32_t left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]271
Brian White12895d12014-04-11 11:29:42 -0400[diff] [blame]272 if( ilen == 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]273 return;
274
275 left = ctx->total[0] & 0x3F;
276 fill = 64 - left;
277
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]278 ctx->total[0] += (uint32_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]279 ctx->total[0] &= 0xFFFFFFFF;
280
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]281 if( ctx->total[0] < (uint32_t) ilen )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]282 ctx->total[1]++;
283
284 if( left && ilen >= fill )
285 {
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]286 memcpy( (void *) (ctx->buffer + left), input, fill );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]287 sha256_process( ctx, ctx->buffer );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]288 input += fill;
289 ilen -= fill;
290 left = 0;
291 }
292
293 while( ilen >= 64 )
294 {
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]295 sha256_process( ctx, input );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]296 input += 64;
297 ilen -= 64;
298 }
299
300 if( ilen > 0 )
Paul Bakker3c2122f2013-06-24 19:03:14 +0200[diff] [blame]301 memcpy( (void *) (ctx->buffer + left), input, ilen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]302}
303
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]304static const unsigned char sha256_padding[64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]305{
306 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
307 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
308 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
309 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
310};
311
312/*
313 * SHA-256 final digest
314 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]315void sha256_finish( sha256_context *ctx, unsigned char output[32] )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]316{
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]317 uint32_t last, padn;
318 uint32_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]319 unsigned char msglen[8];
320
321 high = ( ctx->total[0] >> 29 )
322 | ( ctx->total[1] << 3 );
323 low = ( ctx->total[0] << 3 );
324
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]325 PUT_UINT32_BE( high, msglen, 0 );
326 PUT_UINT32_BE( low, msglen, 4 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]327
328 last = ctx->total[0] & 0x3F;
329 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
330
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]331 sha256_update( ctx, sha256_padding, padn );
332 sha256_update( ctx, msglen, 8 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]333
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]334 PUT_UINT32_BE( ctx->state[0], output, 0 );
335 PUT_UINT32_BE( ctx->state[1], output, 4 );
336 PUT_UINT32_BE( ctx->state[2], output, 8 );
337 PUT_UINT32_BE( ctx->state[3], output, 12 );
338 PUT_UINT32_BE( ctx->state[4], output, 16 );
339 PUT_UINT32_BE( ctx->state[5], output, 20 );
340 PUT_UINT32_BE( ctx->state[6], output, 24 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]341
342 if( ctx->is224 == 0 )
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]343 PUT_UINT32_BE( ctx->state[7], output, 28 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]344}
345
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]346#endif /* !POLARSSL_SHA256_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]347
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]348/*
349 * output = SHA-256( input buffer )
350 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]351void sha256( const unsigned char *input, size_t ilen,
352 unsigned char output[32], int is224 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]353{
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]354 sha256_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]355
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]356 sha256_init( &ctx );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]357 sha256_starts( &ctx, is224 );
358 sha256_update( &ctx, input, ilen );
359 sha256_finish( &ctx, output );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]360 sha256_free( &ctx );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]361}
362
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]363#if defined(POLARSSL_FS_IO)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]364/*
365 * output = SHA-256( file contents )
366 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]367int sha256_file( const char *path, unsigned char output[32], int is224 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]368{
369 FILE *f;
370 size_t n;
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]371 sha256_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]372 unsigned char buf[1024];
373
374 if( ( f = fopen( path, "rb" ) ) == NULL )
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]375 return( POLARSSL_ERR_SHA256_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]376
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]377 sha256_init( &ctx );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]378 sha256_starts( &ctx, is224 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]379
380 while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]381 sha256_update( &ctx, buf, n );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]382
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]383 sha256_finish( &ctx, output );
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]384 sha256_free( &ctx );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]385
386 if( ferror( f ) != 0 )
387 {
388 fclose( f );
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]389 return( POLARSSL_ERR_SHA256_FILE_IO_ERROR );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]390 }
391
392 fclose( f );
393 return( 0 );
394}
Paul Bakker335db3f2011-04-25 15:28:35 +0000[diff] [blame]395#endif /* POLARSSL_FS_IO */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]396
Paul Bakker40e46942009-01-03 21:51:57 +0000[diff] [blame]397#if defined(POLARSSL_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]398/*
399 * FIPS-180-2 test vectors
400 */
Manuel Pégourié-Gonnard28122e42015-03-11 09:13:42 +0000[diff] [blame]401static const unsigned char sha256_test_buf[3][57] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]402{
403 { "abc" },
404 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
405 { "" }
406};
407
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]408static const int sha256_test_buflen[3] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]409{
410 3, 56, 1000
411};
412
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]413static const unsigned char sha256_test_sum[6][32] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]414{
415 /*
416 * SHA-224 test vectors
417 */
418 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
419 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
420 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
421 0xE3, 0x6C, 0x9D, 0xA7 },
422 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
423 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
424 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
425 0x52, 0x52, 0x25, 0x25 },
426 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
427 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
428 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
429 0x4E, 0xE7, 0xAD, 0x67 },
430
431 /*
432 * SHA-256 test vectors
433 */
434 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
435 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
436 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
437 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
438 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
439 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
440 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
441 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
442 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
443 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
444 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
445 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
446};
447
448/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]449 * Checkup routine
450 */
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]451int sha256_self_test( int verbose )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]452{
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]453 int i, j, k, buflen, ret = 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]454 unsigned char buf[1024];
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]455 unsigned char sha256sum[32];
456 sha256_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]457
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]458 sha256_init( &ctx );
459
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]460 for( i = 0; i < 6; i++ )
461 {
462 j = i % 3;
463 k = i < 3;
464
465 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]466 polarssl_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]467
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]468 sha256_starts( &ctx, k );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]469
470 if( j == 2 )
471 {
472 memset( buf, 'a', buflen = 1000 );
473
474 for( j = 0; j < 1000; j++ )
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]475 sha256_update( &ctx, buf, buflen );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]476 }
477 else
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]478 sha256_update( &ctx, sha256_test_buf[j],
479 sha256_test_buflen[j] );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]480
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]481 sha256_finish( &ctx, sha256sum );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]482
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]483 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]484 {
485 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]486 polarssl_printf( "failed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]487
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]488 ret = 1;
489 goto exit;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]490 }
491
492 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]493 polarssl_printf( "passed\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]494 }
495
496 if( verbose != 0 )
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]497 polarssl_printf( "\n" );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]498
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]499exit:
500 sha256_free( &ctx );
501
502 return( ret );
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]503}
504
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]505#endif /* POLARSSL_SELF_TEST */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]506
Paul Bakker9af723c2014-05-01 13:03:14 +0200[diff] [blame]507#endif /* POLARSSL_SHA256_C */