1 /*
2 * FIPS-180-2 compliant SHA-256 implementation
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 *
7 * This file is provided under the Apache License 2.0, or the
8 * GNU General Public License v2.0 or later.
9 *
10 * **********
11 * Apache License 2.0:
12 *
13 * Licensed under the Apache License, Version 2.0 (the "License"); you may
14 * not use this file except in compliance with the License.
15 * You may obtain a copy of the License at
16 *
17 * http://www.apache.org/licenses/LICENSE-2.0
18 *
19 * Unless required by applicable law or agreed to in writing, software
20 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22 * See the License for the specific language governing permissions and
23 * limitations under the License.
24 *
25 * **********
26 *
27 * **********
28 * GNU General Public License v2.0 or later:
29 *
30 * This program is free software; you can redistribute it and/or modify
31 * it under the terms of the GNU General Public License as published by
32 * the Free Software Foundation; either version 2 of the License, or
33 * (at your option) any later version.
34 *
35 * This program is distributed in the hope that it will be useful,
36 * but WITHOUT ANY WARRANTY; without even the implied warranty of
37 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
38 * GNU General Public License for more details.
39 *
40 * You should have received a copy of the GNU General Public License along
41 * with this program; if not, write to the Free Software Foundation, Inc.,
42 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
43 *
44 * **********
45 */
46 /*
47 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
48 *
49 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
50 */
51
52 #if !defined(MBEDTLS_CONFIG_FILE)
53 #include "mbedtls/config.h"
54 #else
55 #include MBEDTLS_CONFIG_FILE
56 #endif
57
58 #if defined(MBEDTLS_SHA256_C)
59
60 #include "mbedtls/sha256.h"
61 #include "mbedtls/platform_util.h"
62
63 #include <string.h>
64
65 #if defined(MBEDTLS_SELF_TEST)
66 #if defined(MBEDTLS_PLATFORM_C)
67 #include "mbedtls/platform.h"
68 #else
69 #include <stdio.h>
70 #include <stdlib.h>
71 #define mbedtls_printf printf
72 #define mbedtls_calloc calloc
73 #define mbedtls_free free
74 #endif /* MBEDTLS_PLATFORM_C */
75 #endif /* MBEDTLS_SELF_TEST */
76
77 #define SHA256_VALIDATE_RET(cond) \
78 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
79 #define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
80
81 #if !defined(MBEDTLS_SHA256_ALT)
82
83 /*
84 * 32-bit integer manipulation macros (big endian)
85 */
86 #ifndef GET_UINT32_BE
87 #define GET_UINT32_BE(n,b,i) \
88 do { \
89 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
90 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
91 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
92 | ( (uint32_t) (b)[(i) + 3] ); \
93 } while( 0 )
94 #endif
95
96 #ifndef PUT_UINT32_BE
97 #define PUT_UINT32_BE(n,b,i) \
98 do { \
99 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
100 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
101 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
102 (b)[(i) + 3] = (unsigned char) ( (n) ); \
103 } while( 0 )
104 #endif
105
mbedtls_sha256_init(mbedtls_sha256_context * ctx)106 void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
107 {
108 SHA256_VALIDATE( ctx != NULL );
109
110 memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
111 }
112
mbedtls_sha256_free(mbedtls_sha256_context * ctx)113 void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
114 {
115 if( ctx == NULL )
116 return;
117
118 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
119 }
120
mbedtls_sha256_clone(mbedtls_sha256_context * dst,const mbedtls_sha256_context * src)121 void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
122 const mbedtls_sha256_context *src )
123 {
124 SHA256_VALIDATE( dst != NULL );
125 SHA256_VALIDATE( src != NULL );
126
127 *dst = *src;
128 }
129
130 /*
131 * SHA-256 context setup
132 */
mbedtls_sha256_starts_ret(mbedtls_sha256_context * ctx,int is224)133 int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
134 {
135 SHA256_VALIDATE_RET( ctx != NULL );
136 SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
137
138 ctx->total[0] = 0;
139 ctx->total[1] = 0;
140
141 if( is224 == 0 )
142 {
143 /* SHA-256 */
144 ctx->state[0] = 0x6A09E667;
145 ctx->state[1] = 0xBB67AE85;
146 ctx->state[2] = 0x3C6EF372;
147 ctx->state[3] = 0xA54FF53A;
148 ctx->state[4] = 0x510E527F;
149 ctx->state[5] = 0x9B05688C;
150 ctx->state[6] = 0x1F83D9AB;
151 ctx->state[7] = 0x5BE0CD19;
152 }
153 else
154 {
155 /* SHA-224 */
156 ctx->state[0] = 0xC1059ED8;
157 ctx->state[1] = 0x367CD507;
158 ctx->state[2] = 0x3070DD17;
159 ctx->state[3] = 0xF70E5939;
160 ctx->state[4] = 0xFFC00B31;
161 ctx->state[5] = 0x68581511;
162 ctx->state[6] = 0x64F98FA7;
163 ctx->state[7] = 0xBEFA4FA4;
164 }
165
166 ctx->is224 = is224;
167
168 return( 0 );
169 }
170
171 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256_starts(mbedtls_sha256_context * ctx,int is224)172 void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
173 int is224 )
174 {
175 mbedtls_sha256_starts_ret( ctx, is224 );
176 }
177 #endif
178
179 #if !defined(MBEDTLS_SHA256_PROCESS_ALT)
180 static const uint32_t K[] =
181 {
182 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
183 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
184 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
185 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
186 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
187 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
188 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
189 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
190 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
191 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
192 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
193 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
194 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
195 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
196 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
197 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
198 };
199
200 #define SHR(x,n) (((x) & 0xFFFFFFFF) >> (n))
201 #define ROTR(x,n) (SHR(x,n) | ((x) << (32 - (n))))
202
203 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
204 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
205
206 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
207 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
208
209 #define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
210 #define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
211
212 #define R(t) \
213 ( \
214 local.W[t] = S1(local.W[(t) - 2]) + local.W[(t) - 7] + \
215 S0(local.W[(t) - 15]) + local.W[(t) - 16] \
216 )
217
218 #define P(a,b,c,d,e,f,g,h,x,K) \
219 do \
220 { \
221 local.temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
222 local.temp2 = S2(a) + F0((a),(b),(c)); \
223 (d) += local.temp1; (h) = local.temp1 + local.temp2; \
224 } while( 0 )
225
mbedtls_internal_sha256_process(mbedtls_sha256_context * ctx,const unsigned char data[64])226 int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
227 const unsigned char data[64] )
228 {
229 struct
230 {
231 uint32_t temp1, temp2, W[64];
232 uint32_t A[8];
233 } local;
234
235 unsigned int i;
236
237 SHA256_VALIDATE_RET( ctx != NULL );
238 SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
239
240 for( i = 0; i < 8; i++ )
241 local.A[i] = ctx->state[i];
242
243 #if defined(MBEDTLS_SHA256_SMALLER)
244 for( i = 0; i < 64; i++ )
245 {
246 if( i < 16 )
247 GET_UINT32_BE( local.W[i], data, 4 * i );
248 else
249 R( i );
250
251 P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
252 local.A[5], local.A[6], local.A[7], local.W[i], K[i] );
253
254 local.temp1 = local.A[7]; local.A[7] = local.A[6];
255 local.A[6] = local.A[5]; local.A[5] = local.A[4];
256 local.A[4] = local.A[3]; local.A[3] = local.A[2];
257 local.A[2] = local.A[1]; local.A[1] = local.A[0];
258 local.A[0] = local.temp1;
259 }
260 #else /* MBEDTLS_SHA256_SMALLER */
261 for( i = 0; i < 16; i++ )
262 GET_UINT32_BE( local.W[i], data, 4 * i );
263
264 for( i = 0; i < 16; i += 8 )
265 {
266 P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
267 local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0] );
268 P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
269 local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1] );
270 P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
271 local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2] );
272 P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
273 local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3] );
274 P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
275 local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4] );
276 P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
277 local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5] );
278 P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
279 local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6] );
280 P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
281 local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7] );
282 }
283
284 for( i = 16; i < 64; i += 8 )
285 {
286 P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
287 local.A[5], local.A[6], local.A[7], R(i+0), K[i+0] );
288 P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
289 local.A[4], local.A[5], local.A[6], R(i+1), K[i+1] );
290 P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
291 local.A[3], local.A[4], local.A[5], R(i+2), K[i+2] );
292 P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
293 local.A[2], local.A[3], local.A[4], R(i+3), K[i+3] );
294 P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
295 local.A[1], local.A[2], local.A[3], R(i+4), K[i+4] );
296 P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
297 local.A[0], local.A[1], local.A[2], R(i+5), K[i+5] );
298 P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
299 local.A[7], local.A[0], local.A[1], R(i+6), K[i+6] );
300 P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
301 local.A[6], local.A[7], local.A[0], R(i+7), K[i+7] );
302 }
303 #endif /* MBEDTLS_SHA256_SMALLER */
304
305 for( i = 0; i < 8; i++ )
306 ctx->state[i] += local.A[i];
307
308 /* Zeroise buffers and variables to clear sensitive data from memory. */
309 mbedtls_platform_zeroize( &local, sizeof( local ) );
310
311 return( 0 );
312 }
313
314 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256_process(mbedtls_sha256_context * ctx,const unsigned char data[64])315 void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
316 const unsigned char data[64] )
317 {
318 mbedtls_internal_sha256_process( ctx, data );
319 }
320 #endif
321 #endif /* !MBEDTLS_SHA256_PROCESS_ALT */
322
323 /*
324 * SHA-256 process buffer
325 */
mbedtls_sha256_update_ret(mbedtls_sha256_context * ctx,const unsigned char * input,size_t ilen)326 int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
327 const unsigned char *input,
328 size_t ilen )
329 {
330 int ret;
331 size_t fill;
332 uint32_t left;
333
334 SHA256_VALIDATE_RET( ctx != NULL );
335 SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
336
337 if( ilen == 0 )
338 return( 0 );
339
340 left = ctx->total[0] & 0x3F;
341 fill = 64 - left;
342
343 ctx->total[0] += (uint32_t) ilen;
344 ctx->total[0] &= 0xFFFFFFFF;
345
346 if( ctx->total[0] < (uint32_t) ilen )
347 ctx->total[1]++;
348
349 if( left && ilen >= fill )
350 {
351 memcpy( (void *) (ctx->buffer + left), input, fill );
352
353 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
354 return( ret );
355
356 input += fill;
357 ilen -= fill;
358 left = 0;
359 }
360
361 while( ilen >= 64 )
362 {
363 if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 )
364 return( ret );
365
366 input += 64;
367 ilen -= 64;
368 }
369
370 if( ilen > 0 )
371 memcpy( (void *) (ctx->buffer + left), input, ilen );
372
373 return( 0 );
374 }
375
376 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256_update(mbedtls_sha256_context * ctx,const unsigned char * input,size_t ilen)377 void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
378 const unsigned char *input,
379 size_t ilen )
380 {
381 mbedtls_sha256_update_ret( ctx, input, ilen );
382 }
383 #endif
384
385 /*
386 * SHA-256 final digest
387 */
mbedtls_sha256_finish_ret(mbedtls_sha256_context * ctx,unsigned char output[32])388 int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
389 unsigned char output[32] )
390 {
391 int ret;
392 uint32_t used;
393 uint32_t high, low;
394
395 SHA256_VALIDATE_RET( ctx != NULL );
396 SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
397
398 /*
399 * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
400 */
401 used = ctx->total[0] & 0x3F;
402
403 ctx->buffer[used++] = 0x80;
404
405 if( used <= 56 )
406 {
407 /* Enough room for padding + length in current block */
408 memset( ctx->buffer + used, 0, 56 - used );
409 }
410 else
411 {
412 /* We'll need an extra block */
413 memset( ctx->buffer + used, 0, 64 - used );
414
415 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
416 return( ret );
417
418 memset( ctx->buffer, 0, 56 );
419 }
420
421 /*
422 * Add message length
423 */
424 high = ( ctx->total[0] >> 29 )
425 | ( ctx->total[1] << 3 );
426 low = ( ctx->total[0] << 3 );
427
428 PUT_UINT32_BE( high, ctx->buffer, 56 );
429 PUT_UINT32_BE( low, ctx->buffer, 60 );
430
431 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
432 return( ret );
433
434 /*
435 * Output final state
436 */
437 PUT_UINT32_BE( ctx->state[0], output, 0 );
438 PUT_UINT32_BE( ctx->state[1], output, 4 );
439 PUT_UINT32_BE( ctx->state[2], output, 8 );
440 PUT_UINT32_BE( ctx->state[3], output, 12 );
441 PUT_UINT32_BE( ctx->state[4], output, 16 );
442 PUT_UINT32_BE( ctx->state[5], output, 20 );
443 PUT_UINT32_BE( ctx->state[6], output, 24 );
444
445 if( ctx->is224 == 0 )
446 PUT_UINT32_BE( ctx->state[7], output, 28 );
447
448 return( 0 );
449 }
450
451 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256_finish(mbedtls_sha256_context * ctx,unsigned char output[32])452 void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
453 unsigned char output[32] )
454 {
455 mbedtls_sha256_finish_ret( ctx, output );
456 }
457 #endif
458
459 #endif /* !MBEDTLS_SHA256_ALT */
460
461 /*
462 * output = SHA-256( input buffer )
463 */
mbedtls_sha256_ret(const unsigned char * input,size_t ilen,unsigned char output[32],int is224)464 int mbedtls_sha256_ret( const unsigned char *input,
465 size_t ilen,
466 unsigned char output[32],
467 int is224 )
468 {
469 int ret;
470 mbedtls_sha256_context ctx;
471
472 SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
473 SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
474 SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
475
476 mbedtls_sha256_init( &ctx );
477
478 if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )
479 goto exit;
480
481 if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 )
482 goto exit;
483
484 if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 )
485 goto exit;
486
487 exit:
488 mbedtls_sha256_free( &ctx );
489
490 return( ret );
491 }
492
493 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256(const unsigned char * input,size_t ilen,unsigned char output[32],int is224)494 void mbedtls_sha256( const unsigned char *input,
495 size_t ilen,
496 unsigned char output[32],
497 int is224 )
498 {
499 mbedtls_sha256_ret( input, ilen, output, is224 );
500 }
501 #endif
502
503 #if defined(MBEDTLS_SELF_TEST)
504 /*
505 * FIPS-180-2 test vectors
506 */
507 static const unsigned char sha256_test_buf[3][57] =
508 {
509 { "abc" },
510 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
511 { "" }
512 };
513
514 static const size_t sha256_test_buflen[3] =
515 {
516 3, 56, 1000
517 };
518
519 static const unsigned char sha256_test_sum[6][32] =
520 {
521 /*
522 * SHA-224 test vectors
523 */
524 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
525 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
526 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
527 0xE3, 0x6C, 0x9D, 0xA7 },
528 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
529 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
530 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
531 0x52, 0x52, 0x25, 0x25 },
532 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
533 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
534 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
535 0x4E, 0xE7, 0xAD, 0x67 },
536
537 /*
538 * SHA-256 test vectors
539 */
540 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
541 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
542 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
543 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
544 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
545 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
546 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
547 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
548 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
549 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
550 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
551 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
552 };
553
554 /*
555 * Checkup routine
556 */
mbedtls_sha256_self_test(int verbose)557 int mbedtls_sha256_self_test( int verbose )
558 {
559 int i, j, k, buflen, ret = 0;
560 unsigned char *buf;
561 unsigned char sha256sum[32];
562 mbedtls_sha256_context ctx;
563
564 buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
565 if( NULL == buf )
566 {
567 if( verbose != 0 )
568 mbedtls_printf( "Buffer allocation failed\n" );
569
570 return( 1 );
571 }
572
573 mbedtls_sha256_init( &ctx );
574
575 for( i = 0; i < 6; i++ )
576 {
577 j = i % 3;
578 k = i < 3;
579
580 if( verbose != 0 )
581 mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
582
583 if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 )
584 goto fail;
585
586 if( j == 2 )
587 {
588 memset( buf, 'a', buflen = 1000 );
589
590 for( j = 0; j < 1000; j++ )
591 {
592 ret = mbedtls_sha256_update_ret( &ctx, buf, buflen );
593 if( ret != 0 )
594 goto fail;
595 }
596
597 }
598 else
599 {
600 ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j],
601 sha256_test_buflen[j] );
602 if( ret != 0 )
603 goto fail;
604 }
605
606 if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 )
607 goto fail;
608
609
610 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
611 {
612 ret = 1;
613 goto fail;
614 }
615
616 if( verbose != 0 )
617 mbedtls_printf( "passed\n" );
618 }
619
620 if( verbose != 0 )
621 mbedtls_printf( "\n" );
622
623 goto exit;
624
625 fail:
626 if( verbose != 0 )
627 mbedtls_printf( "failed\n" );
628
629 exit:
630 mbedtls_sha256_free( &ctx );
631 mbedtls_free( buf );
632
633 return( ret );
634 }
635
636 #endif /* MBEDTLS_SELF_TEST */
637
638 #endif /* MBEDTLS_SHA256_C */
639