TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / refs/heads/mbedtls-2.28 / . / library / sha512.c
blob: 77bdc2ec234206a17bbcf0bfeeece4378f0eccb8 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-2 compliant SHA-384/512 implementation
3 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]4 * Copyright The Mbed TLS Contributors
Dave Rodgman7ff79652023-11-03 12:04:52 +0000[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]6 */
7/*
8 * The SHA-512 Secure Hash Standard was published by NIST in 2002.
9 *
10 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
11 */
12
Gilles Peskinedb09ef62020-06-03 01:43:33 +0200[diff] [blame]13#include "common.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]14
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]15#if defined(MBEDTLS_SHA512_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]16
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]17#include "mbedtls/sha512.h"
Andres Amaya Garcia1f6301b2018-04-17 09:51:09 -0500[diff] [blame]18#include "mbedtls/platform_util.h"
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]19#include "mbedtls/error.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]20
Manuel Pégourié-Gonnard1dd16742015-03-05 16:13:04 +0000[diff] [blame]21#if defined(_MSC_VER) || defined(__WATCOMC__)
22 #define UL64(x) x##ui64
23#else
24 #define UL64(x) x##ULL
25#endif
26
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]27#include <string.h>
28
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]29#include "mbedtls/platform.h"
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]30
Hanno Beckerc7560492018-12-20 10:23:39 +0000[diff] [blame]31#define SHA512_VALIDATE_RET(cond) \
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]32 MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA)
33#define SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE(cond)
Hanno Beckerc7560492018-12-20 10:23:39 +0000[diff] [blame]34
Manuel Pégourié-Gonnard8b2641d2015-08-27 20:03:46 +0200[diff] [blame]35#if !defined(MBEDTLS_SHA512_ALT)
36
Manuel Pégourié-Gonnard7f071952019-07-17 12:46:56 +0200[diff] [blame]37#if defined(MBEDTLS_SHA512_SMALLER)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]38static void sha512_put_uint64_be(uint64_t n, unsigned char *b, uint8_t i)
Manuel Pégourié-Gonnard7f071952019-07-17 12:46:56 +0200[diff] [blame]39{
Joe Subbiani1bd5d7d2021-07-16 12:29:49 +0100[diff] [blame]40 MBEDTLS_PUT_UINT64_BE(n, b, i);
Manuel Pégourié-Gonnard7f071952019-07-17 12:46:56 +0200[diff] [blame]41}
42#else
Joe Subbiani1bd5d7d2021-07-16 12:29:49 +0100[diff] [blame]43#define sha512_put_uint64_be MBEDTLS_PUT_UINT64_BE
Manuel Pégourié-Gonnard7f071952019-07-17 12:46:56 +0200[diff] [blame]44#endif /* MBEDTLS_SHA512_SMALLER */
45
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]46void mbedtls_sha512_init(mbedtls_sha512_context *ctx)
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]47{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]48 SHA512_VALIDATE(ctx != NULL);
Andres Amaya Garciaba519b92018-12-09 20:58:36 +0000[diff] [blame]49
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]50 memset(ctx, 0, sizeof(mbedtls_sha512_context));
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]51}
52
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]53void mbedtls_sha512_free(mbedtls_sha512_context *ctx)
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]54{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]55 if (ctx == NULL) {
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]56 return;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]57 }
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]58
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]59 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha512_context));
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]60}
61
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]62void mbedtls_sha512_clone(mbedtls_sha512_context *dst,
63 const mbedtls_sha512_context *src)
Manuel Pégourié-Gonnard16d412f2015-07-06 15:26:26 +0200[diff] [blame]64{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]65 SHA512_VALIDATE(dst != NULL);
66 SHA512_VALIDATE(src != NULL);
Andres Amaya Garciaba519b92018-12-09 20:58:36 +0000[diff] [blame]67
Manuel Pégourié-Gonnard16d412f2015-07-06 15:26:26 +0200[diff] [blame]68 *dst = *src;
69}
70
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]71/*
72 * SHA-512 context setup
73 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]74int mbedtls_sha512_starts_ret(mbedtls_sha512_context *ctx, int is384)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]75{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]76 SHA512_VALIDATE_RET(ctx != NULL);
Manuel Pégourié-Gonnard0b9db442020-01-07 10:14:54 +0100[diff] [blame]77#if !defined(MBEDTLS_SHA512_NO_SHA384)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]78 SHA512_VALIDATE_RET(is384 == 0 || is384 == 1);
Manuel Pégourié-Gonnard0b9db442020-01-07 10:14:54 +0100[diff] [blame]79#else
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]80 SHA512_VALIDATE_RET(is384 == 0);
Manuel Pégourié-Gonnard0b9db442020-01-07 10:14:54 +0100[diff] [blame]81#endif
Andres Amaya Garciaba519b92018-12-09 20:58:36 +0000[diff] [blame]82
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]83 ctx->total[0] = 0;
84 ctx->total[1] = 0;
85
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]86 if (is384 == 0) {
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]87 /* SHA-512 */
88 ctx->state[0] = UL64(0x6A09E667F3BCC908);
89 ctx->state[1] = UL64(0xBB67AE8584CAA73B);
90 ctx->state[2] = UL64(0x3C6EF372FE94F82B);
91 ctx->state[3] = UL64(0xA54FF53A5F1D36F1);
92 ctx->state[4] = UL64(0x510E527FADE682D1);
93 ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
94 ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
95 ctx->state[7] = UL64(0x5BE0CD19137E2179);
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]96 } else {
Manuel Pégourié-Gonnard3df4e602019-07-17 15:16:14 +0200[diff] [blame]97#if defined(MBEDTLS_SHA512_NO_SHA384)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]98 return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
Manuel Pégourié-Gonnard3df4e602019-07-17 15:16:14 +0200[diff] [blame]99#else
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]100 /* SHA-384 */
101 ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
102 ctx->state[1] = UL64(0x629A292A367CD507);
103 ctx->state[2] = UL64(0x9159015A3070DD17);
104 ctx->state[3] = UL64(0x152FECD8F70E5939);
105 ctx->state[4] = UL64(0x67332667FFC00B31);
106 ctx->state[5] = UL64(0x8EB44A8768581511);
107 ctx->state[6] = UL64(0xDB0C2E0D64F98FA7);
108 ctx->state[7] = UL64(0x47B5481DBEFA4FA4);
Manuel Pégourié-Gonnard3df4e602019-07-17 15:16:14 +0200[diff] [blame]109#endif /* MBEDTLS_SHA512_NO_SHA384 */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]110 }
111
Manuel Pégourié-Gonnard3df4e602019-07-17 15:16:14 +0200[diff] [blame]112#if !defined(MBEDTLS_SHA512_NO_SHA384)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]113 ctx->is384 = is384;
Manuel Pégourié-Gonnard3df4e602019-07-17 15:16:14 +0200[diff] [blame]114#endif
Andres Amaya Garcia614c6892017-05-02 12:07:26 +0100[diff] [blame]115
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]116 return 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]117}
118
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]119#if !defined(MBEDTLS_DEPRECATED_REMOVED)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]120void mbedtls_sha512_starts(mbedtls_sha512_context *ctx,
121 int is384)
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]122{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]123 mbedtls_sha512_starts_ret(ctx, is384);
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]124}
125#endif
126
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]127#if !defined(MBEDTLS_SHA512_PROCESS_ALT)
Alexey Skalozub00b78a92016-01-13 17:39:58 +0200[diff] [blame]128
129/*
130 * Round constants
131 */
132static const uint64_t K[80] =
133{
134 UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
135 UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
136 UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
137 UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
138 UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
139 UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
140 UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
141 UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
142 UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
143 UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
144 UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
145 UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
146 UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
147 UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
148 UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
149 UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
150 UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
151 UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
152 UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
153 UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
154 UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
155 UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
156 UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
157 UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
158 UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
159 UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
160 UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
161 UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
162 UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
163 UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
164 UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
165 UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
166 UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
167 UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
168 UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
169 UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
170 UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
171 UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
172 UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
173 UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
174};
175
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]176int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx,
177 const unsigned char data[128])
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]178{
179 int i;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]180 struct {
gabor-mezei-arm4cb56f82020-08-25 19:12:01 +0200[diff] [blame]181 uint64_t temp1, temp2, W[80];
182 uint64_t A[8];
183 } local;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]184
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]185 SHA512_VALIDATE_RET(ctx != NULL);
186 SHA512_VALIDATE_RET((const unsigned char *) data != NULL);
Andres Amaya Garciaba519b92018-12-09 20:58:36 +0000[diff] [blame]187
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]188#define SHR(x, n) ((x) >> (n))
189#define ROTR(x, n) (SHR((x), (n)) | ((x) << (64 - (n))))
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]190
191#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7))
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]192#define S1(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHR(x, 6))
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]193
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]194#define S2(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39))
195#define S3(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41))
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]196
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]197#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y))))
198#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]199
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]200#define P(a, b, c, d, e, f, g, h, x, K) \
gabor-mezei-arm4cb56f82020-08-25 19:12:01 +0200[diff] [blame]201 do \
202 { \
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]203 local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \
204 local.temp2 = S2(a) + F0((a), (b), (c)); \
gabor-mezei-arm4cb56f82020-08-25 19:12:01 +0200[diff] [blame]205 (d) += local.temp1; (h) = local.temp1 + local.temp2; \
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]206 } while (0)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]207
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]208 for (i = 0; i < 8; i++) {
gabor-mezei-arm4cb56f82020-08-25 19:12:01 +0200[diff] [blame]209 local.A[i] = ctx->state[i];
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]210 }
Manuel Pégourié-Gonnard0270ed92019-07-17 13:01:56 +0200[diff] [blame]211
Manuel Pégourié-Gonnard49d65ba2019-07-17 13:16:54 +0200[diff] [blame]212#if defined(MBEDTLS_SHA512_SMALLER)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]213 for (i = 0; i < 80; i++) {
214 if (i < 16) {
215 local.W[i] = MBEDTLS_GET_UINT64_BE(data, i << 3);
216 } else {
gabor-mezei-arm4cb56f82020-08-25 19:12:01 +0200[diff] [blame]217 local.W[i] = S1(local.W[i - 2]) + local.W[i - 7] +
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]218 S0(local.W[i - 15]) + local.W[i - 16];
Manuel Pégourié-Gonnard49d65ba2019-07-17 13:16:54 +0200[diff] [blame]219 }
220
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]221 P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
222 local.A[5], local.A[6], local.A[7], local.W[i], K[i]);
Manuel Pégourié-Gonnard49d65ba2019-07-17 13:16:54 +0200[diff] [blame]223
gabor-mezei-arm4cb56f82020-08-25 19:12:01 +0200[diff] [blame]224 local.temp1 = local.A[7]; local.A[7] = local.A[6];
225 local.A[6] = local.A[5]; local.A[5] = local.A[4];
226 local.A[4] = local.A[3]; local.A[3] = local.A[2];
227 local.A[2] = local.A[1]; local.A[1] = local.A[0];
228 local.A[0] = local.temp1;
Manuel Pégourié-Gonnard49d65ba2019-07-17 13:16:54 +0200[diff] [blame]229 }
230#else /* MBEDTLS_SHA512_SMALLER */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]231 for (i = 0; i < 16; i++) {
232 local.W[i] = MBEDTLS_GET_UINT64_BE(data, i << 3);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]233 }
234
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]235 for (; i < 80; i++) {
gabor-mezei-arm4cb56f82020-08-25 19:12:01 +0200[diff] [blame]236 local.W[i] = S1(local.W[i - 2]) + local.W[i - 7] +
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]237 S0(local.W[i - 15]) + local.W[i - 16];
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]238 }
239
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]240 i = 0;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]241 do {
242 P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
243 local.A[5], local.A[6], local.A[7], local.W[i], K[i]); i++;
244 P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
245 local.A[4], local.A[5], local.A[6], local.W[i], K[i]); i++;
246 P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
247 local.A[3], local.A[4], local.A[5], local.W[i], K[i]); i++;
248 P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
249 local.A[2], local.A[3], local.A[4], local.W[i], K[i]); i++;
250 P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
251 local.A[1], local.A[2], local.A[3], local.W[i], K[i]); i++;
252 P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
253 local.A[0], local.A[1], local.A[2], local.W[i], K[i]); i++;
254 P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
255 local.A[7], local.A[0], local.A[1], local.W[i], K[i]); i++;
256 P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
257 local.A[6], local.A[7], local.A[0], local.W[i], K[i]); i++;
258 } while (i < 80);
Manuel Pégourié-Gonnard49d65ba2019-07-17 13:16:54 +0200[diff] [blame]259#endif /* MBEDTLS_SHA512_SMALLER */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]260
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]261 for (i = 0; i < 8; i++) {
gabor-mezei-arm4cb56f82020-08-25 19:12:01 +0200[diff] [blame]262 ctx->state[i] += local.A[i];
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]263 }
Andres Amaya Garcia614c6892017-05-02 12:07:26 +0100[diff] [blame]264
gabor-mezei-arm76749ae2020-07-30 16:41:25 +0200[diff] [blame]265 /* Zeroise buffers and variables to clear sensitive data from memory. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]266 mbedtls_platform_zeroize(&local, sizeof(local));
Andres Amaya Garcia614c6892017-05-02 12:07:26 +0100[diff] [blame]267
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]268 return 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]269}
Jaeden Amero041039f2018-02-19 15:28:08 +0000[diff] [blame]270
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]271#if !defined(MBEDTLS_DEPRECATED_REMOVED)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]272void mbedtls_sha512_process(mbedtls_sha512_context *ctx,
273 const unsigned char data[128])
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]274{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]275 mbedtls_internal_sha512_process(ctx, data);
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]276}
277#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]278#endif /* !MBEDTLS_SHA512_PROCESS_ALT */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]279
280/*
281 * SHA-512 process buffer
282 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]283int mbedtls_sha512_update_ret(mbedtls_sha512_context *ctx,
284 const unsigned char *input,
285 size_t ilen)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]286{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]287 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]288 size_t fill;
Paul Bakkerb8213a12011-07-11 08:16:18 +0000[diff] [blame]289 unsigned int left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]290
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]291 SHA512_VALIDATE_RET(ctx != NULL);
292 SHA512_VALIDATE_RET(ilen == 0 || input != NULL);
Hanno Beckerca6f4582018-12-18 15:37:22 +0000[diff] [blame]293
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]294 if (ilen == 0) {
295 return 0;
296 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]297
Paul Bakkerb8213a12011-07-11 08:16:18 +0000[diff] [blame]298 left = (unsigned int) (ctx->total[0] & 0x7F);
Paul Bakker27fdf462011-06-09 13:55:13 +0000[diff] [blame]299 fill = 128 - left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]300
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]301 ctx->total[0] += (uint64_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]302
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]303 if (ctx->total[0] < (uint64_t) ilen) {
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]304 ctx->total[1]++;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]305 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]306
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]307 if (left && ilen >= fill) {
308 memcpy((void *) (ctx->buffer + left), input, fill);
Andres Amaya Garcia614c6892017-05-02 12:07:26 +0100[diff] [blame]309
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]310 if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
311 return ret;
312 }
Andres Amaya Garcia614c6892017-05-02 12:07:26 +0100[diff] [blame]313
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]314 input += fill;
315 ilen -= fill;
316 left = 0;
317 }
318
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]319 while (ilen >= 128) {
320 if ((ret = mbedtls_internal_sha512_process(ctx, input)) != 0) {
321 return ret;
322 }
Andres Amaya Garcia614c6892017-05-02 12:07:26 +0100[diff] [blame]323
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]324 input += 128;
325 ilen -= 128;
326 }
327
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]328 if (ilen > 0) {
329 memcpy((void *) (ctx->buffer + left), input, ilen);
330 }
Andres Amaya Garcia614c6892017-05-02 12:07:26 +0100[diff] [blame]331
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]332 return 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]333}
334
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]335#if !defined(MBEDTLS_DEPRECATED_REMOVED)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]336void mbedtls_sha512_update(mbedtls_sha512_context *ctx,
337 const unsigned char *input,
338 size_t ilen)
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]339{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]340 mbedtls_sha512_update_ret(ctx, input, ilen);
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]341}
342#endif
343
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]344/*
345 * SHA-512 final digest
346 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]347int mbedtls_sha512_finish_ret(mbedtls_sha512_context *ctx,
348 unsigned char output[64])
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]349{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]350 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard1cc1fb02018-06-28 12:10:27 +0200[diff] [blame]351 unsigned used;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]352 uint64_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]353
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]354 SHA512_VALIDATE_RET(ctx != NULL);
355 SHA512_VALIDATE_RET((unsigned char *) output != NULL);
Andres Amaya Garciaba519b92018-12-09 20:58:36 +0000[diff] [blame]356
Manuel Pégourié-Gonnard1cc1fb02018-06-28 12:10:27 +0200[diff] [blame]357 /*
358 * Add padding: 0x80 then 0x00 until 16 bytes remain for the length
359 */
360 used = ctx->total[0] & 0x7F;
361
362 ctx->buffer[used++] = 0x80;
363
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]364 if (used <= 112) {
Manuel Pégourié-Gonnard1cc1fb02018-06-28 12:10:27 +0200[diff] [blame]365 /* Enough room for padding + length in current block */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]366 memset(ctx->buffer + used, 0, 112 - used);
367 } else {
Manuel Pégourié-Gonnard1cc1fb02018-06-28 12:10:27 +0200[diff] [blame]368 /* We'll need an extra block */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]369 memset(ctx->buffer + used, 0, 128 - used);
Manuel Pégourié-Gonnard1cc1fb02018-06-28 12:10:27 +0200[diff] [blame]370
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]371 if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
372 return ret;
373 }
Manuel Pégourié-Gonnard1cc1fb02018-06-28 12:10:27 +0200[diff] [blame]374
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]375 memset(ctx->buffer, 0, 112);
Manuel Pégourié-Gonnard1cc1fb02018-06-28 12:10:27 +0200[diff] [blame]376 }
377
378 /*
379 * Add message length
380 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]381 high = (ctx->total[0] >> 61)
382 | (ctx->total[1] << 3);
383 low = (ctx->total[0] << 3);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]384
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]385 sha512_put_uint64_be(high, ctx->buffer, 112);
386 sha512_put_uint64_be(low, ctx->buffer, 120);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]387
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]388 if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
389 return ret;
390 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]391
Manuel Pégourié-Gonnard1cc1fb02018-06-28 12:10:27 +0200[diff] [blame]392 /*
393 * Output final state
394 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]395 sha512_put_uint64_be(ctx->state[0], output, 0);
396 sha512_put_uint64_be(ctx->state[1], output, 8);
397 sha512_put_uint64_be(ctx->state[2], output, 16);
398 sha512_put_uint64_be(ctx->state[3], output, 24);
399 sha512_put_uint64_be(ctx->state[4], output, 32);
400 sha512_put_uint64_be(ctx->state[5], output, 40);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]401
David Horstmannf3b1eaf2022-10-06 18:45:09 +0100[diff] [blame]402 int truncated = 0;
Manuel Pégourié-Gonnard3df4e602019-07-17 15:16:14 +0200[diff] [blame]403#if !defined(MBEDTLS_SHA512_NO_SHA384)
David Horstmannf3b1eaf2022-10-06 18:45:09 +0100[diff] [blame]404 truncated = ctx->is384;
Manuel Pégourié-Gonnard3df4e602019-07-17 15:16:14 +0200[diff] [blame]405#endif
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]406 if (!truncated) {
407 sha512_put_uint64_be(ctx->state[6], output, 48);
408 sha512_put_uint64_be(ctx->state[7], output, 56);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]409 }
Andres Amaya Garcia614c6892017-05-02 12:07:26 +0100[diff] [blame]410
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]411 return 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]412}
413
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]414#if !defined(MBEDTLS_DEPRECATED_REMOVED)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]415void mbedtls_sha512_finish(mbedtls_sha512_context *ctx,
416 unsigned char output[64])
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]417{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]418 mbedtls_sha512_finish_ret(ctx, output);
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]419}
420#endif
421
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]422#endif /* !MBEDTLS_SHA512_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]423
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]424/*
425 * output = SHA-512( input buffer )
426 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]427int mbedtls_sha512_ret(const unsigned char *input,
428 size_t ilen,
429 unsigned char output[64],
430 int is384)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]431{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]432 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]433 mbedtls_sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]434
Manuel Pégourié-Gonnard0b9db442020-01-07 10:14:54 +0100[diff] [blame]435#if !defined(MBEDTLS_SHA512_NO_SHA384)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]436 SHA512_VALIDATE_RET(is384 == 0 || is384 == 1);
Manuel Pégourié-Gonnard0b9db442020-01-07 10:14:54 +0100[diff] [blame]437#else
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]438 SHA512_VALIDATE_RET(is384 == 0);
Manuel Pégourié-Gonnard0b9db442020-01-07 10:14:54 +0100[diff] [blame]439#endif
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]440 SHA512_VALIDATE_RET(ilen == 0 || input != NULL);
441 SHA512_VALIDATE_RET((unsigned char *) output != NULL);
Andres Amaya Garciaba519b92018-12-09 20:58:36 +0000[diff] [blame]442
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]443 mbedtls_sha512_init(&ctx);
Andres Amaya Garcia614c6892017-05-02 12:07:26 +0100[diff] [blame]444
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]445 if ((ret = mbedtls_sha512_starts_ret(&ctx, is384)) != 0) {
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame]446 goto exit;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]447 }
Andres Amaya Garcia614c6892017-05-02 12:07:26 +0100[diff] [blame]448
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]449 if ((ret = mbedtls_sha512_update_ret(&ctx, input, ilen)) != 0) {
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame]450 goto exit;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]451 }
Andres Amaya Garcia614c6892017-05-02 12:07:26 +0100[diff] [blame]452
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]453 if ((ret = mbedtls_sha512_finish_ret(&ctx, output)) != 0) {
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame]454 goto exit;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]455 }
Andres Amaya Garcia614c6892017-05-02 12:07:26 +0100[diff] [blame]456
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame]457exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]458 mbedtls_sha512_free(&ctx);
Andres Amaya Garcia614c6892017-05-02 12:07:26 +0100[diff] [blame]459
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]460 return ret;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]461}
462
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]463#if !defined(MBEDTLS_DEPRECATED_REMOVED)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]464void mbedtls_sha512(const unsigned char *input,
465 size_t ilen,
466 unsigned char output[64],
467 int is384)
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]468{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]469 mbedtls_sha512_ret(input, ilen, output, is384);
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]470}
471#endif
472
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]473#if defined(MBEDTLS_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]474
475/*
476 * FIPS-180-2 test vectors
477 */
Manuel Pégourié-Gonnard28122e42015-03-11 09:13:42 +0000[diff] [blame]478static const unsigned char sha512_test_buf[3][113] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]479{
480 { "abc" },
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]481 {
482 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
483 },
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]484 { "" }
485};
486
Andres Amaya Garcia2d0aa8b2017-07-21 14:57:26 +0100[diff] [blame]487static const size_t sha512_test_buflen[3] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]488{
489 3, 112, 1000
490};
491
Manuel Pégourié-Gonnard39ea19a2019-07-17 15:36:23 +0200[diff] [blame]492static const unsigned char sha512_test_sum[][64] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]493{
Manuel Pégourié-Gonnard39ea19a2019-07-17 15:36:23 +0200[diff] [blame]494#if !defined(MBEDTLS_SHA512_NO_SHA384)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]495 /*
496 * SHA-384 test vectors
497 */
498 { 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
499 0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
500 0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
501 0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED,
502 0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23,
503 0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7 },
504 { 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8,
505 0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47,
506 0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2,
507 0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12,
508 0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9,
509 0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39 },
510 { 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB,
511 0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C,
512 0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52,
513 0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B,
514 0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB,
515 0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 },
Manuel Pégourié-Gonnard39ea19a2019-07-17 15:36:23 +0200[diff] [blame]516#endif /* !MBEDTLS_SHA512_NO_SHA384 */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]517
518 /*
519 * SHA-512 test vectors
520 */
521 { 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA,
522 0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31,
523 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
524 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A,
525 0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8,
526 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
527 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E,
528 0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F },
529 { 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA,
530 0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F,
531 0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1,
532 0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18,
533 0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4,
534 0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A,
535 0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54,
536 0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09 },
537 { 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64,
538 0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63,
539 0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28,
540 0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB,
541 0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A,
542 0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B,
543 0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E,
544 0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B }
545};
546
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]547#define ARRAY_LENGTH(a) (sizeof(a) / sizeof((a)[0]))
Manuel Pégourié-Gonnard39ea19a2019-07-17 15:36:23 +0200[diff] [blame]548
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]549/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]550 * Checkup routine
551 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]552int mbedtls_sha512_self_test(int verbose)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]553{
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]554 int i, j, k, buflen, ret = 0;
Russ Butlerbb83b422016-10-12 17:36:50 -0500[diff] [blame]555 unsigned char *buf;
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]556 unsigned char sha512sum[64];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]557 mbedtls_sha512_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]558
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]559 buf = mbedtls_calloc(1024, sizeof(unsigned char));
560 if (NULL == buf) {
561 if (verbose != 0) {
562 mbedtls_printf("Buffer allocation failed\n");
563 }
Russ Butlerbb83b422016-10-12 17:36:50 -0500[diff] [blame]564
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]565 return 1;
Russ Butlerbb83b422016-10-12 17:36:50 -0500[diff] [blame]566 }
567
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]568 mbedtls_sha512_init(&ctx);
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]569
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]570 for (i = 0; i < (int) ARRAY_LENGTH(sha512_test_sum); i++) {
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]571 j = i % 3;
Manuel Pégourié-Gonnard39ea19a2019-07-17 15:36:23 +0200[diff] [blame]572#if !defined(MBEDTLS_SHA512_NO_SHA384)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]573 k = i < 3;
Manuel Pégourié-Gonnard39ea19a2019-07-17 15:36:23 +0200[diff] [blame]574#else
575 k = 0;
576#endif
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]577
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]578 if (verbose != 0) {
579 mbedtls_printf(" SHA-%d test #%d: ", 512 - k * 128, j + 1);
580 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]581
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]582 if ((ret = mbedtls_sha512_starts_ret(&ctx, k)) != 0) {
Andres Amaya Garcia614c6892017-05-02 12:07:26 +0100[diff] [blame]583 goto fail;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]584 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]585
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]586 if (j == 2) {
587 memset(buf, 'a', buflen = 1000);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]588
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]589 for (j = 0; j < 1000; j++) {
590 ret = mbedtls_sha512_update_ret(&ctx, buf, buflen);
591 if (ret != 0) {
Andres Amaya Garcia614c6892017-05-02 12:07:26 +0100[diff] [blame]592 goto fail;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]593 }
594 }
595 } else {
596 ret = mbedtls_sha512_update_ret(&ctx, sha512_test_buf[j],
597 sha512_test_buflen[j]);
598 if (ret != 0) {
599 goto fail;
Andres Amaya Garcia6a3f3052017-07-20 14:18:54 +0100[diff] [blame]600 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]601 }
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]602
603 if ((ret = mbedtls_sha512_finish_ret(&ctx, sha512sum)) != 0) {
604 goto fail;
Andres Amaya Garcia614c6892017-05-02 12:07:26 +0100[diff] [blame]605 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]606
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]607 if (memcmp(sha512sum, sha512_test_sum[i], 64 - k * 16) != 0) {
Andres Amaya Garcia6a3f3052017-07-20 14:18:54 +0100[diff] [blame]608 ret = 1;
Andres Amaya Garcia614c6892017-05-02 12:07:26 +0100[diff] [blame]609 goto fail;
Andres Amaya Garcia6a3f3052017-07-20 14:18:54 +0100[diff] [blame]610 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]611
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]612 if (verbose != 0) {
613 mbedtls_printf("passed\n");
614 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]615 }
616
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]617 if (verbose != 0) {
618 mbedtls_printf("\n");
619 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]620
Andres Amaya Garcia614c6892017-05-02 12:07:26 +0100[diff] [blame]621 goto exit;
622
623fail:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]624 if (verbose != 0) {
625 mbedtls_printf("failed\n");
626 }
Andres Amaya Garcia614c6892017-05-02 12:07:26 +0100[diff] [blame]627
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]628exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]629 mbedtls_sha512_free(&ctx);
630 mbedtls_free(buf);
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]631
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]632 return ret;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]633}
634
Manuel Pégourié-Gonnard2b9b7802020-01-24 11:01:02 +0100[diff] [blame]635#undef ARRAY_LENGTH
Manuel Pégourié-Gonnard2d885492020-01-07 10:17:35 +0100[diff] [blame]636
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]637#endif /* MBEDTLS_SELF_TEST */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]638
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]639#endif /* MBEDTLS_SHA512_C */