MIDAS
Loading...
Searching...
No Matches
sha256.cxx
Go to the documentation of this file.
1/*
2 * FIPS-180-2 compliant SHA-256 implementation
3 *
4 * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
5 *
6 * This file is part of mbed TLS (https://tls.mbed.org)
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22/*
23 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
24 *
25 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
26 */
27
28//#if !defined(MBEDTLS_CONFIG_FILE)
29//#include "mbedtls/config.h"
30//#else
31//#include MBEDTLS_CONFIG_FILE
32//#endif
33
34#if 1 || defined(MBEDTLS_SHA256_C)
35
36//#include "mbedtls/sha256.h"
37#include "sha256.h"
38
39#include <string.h>
40
41#if defined(MBEDTLS_SELF_TEST)
42#if defined(MBEDTLS_PLATFORM_C)
43#include "mbedtls/platform.h"
44#else
45#include <stdio.h>
46#define mbedtls_printf printf
47#endif /* MBEDTLS_PLATFORM_C */
48#endif /* MBEDTLS_SELF_TEST */
49
50/* Implementation that should never be optimized out by the compiler */
51static void mbedtls_zeroize( void *v, size_t n ) {
52 volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
53}
54
55#if !defined(MBEDTLS_SHA256_ALT)
56
57/*
58 * 32-bit integer manipulation macros (big endian)
59 */
60#ifndef GET_UINT32_BE
61#define GET_UINT32_BE(n,b,i) \
62do { \
63 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
64 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
65 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
66 | ( (uint32_t) (b)[(i) + 3] ); \
67} while( 0 )
68#endif
69
70#ifndef PUT_UINT32_BE
71#define PUT_UINT32_BE(n,b,i) \
72do { \
73 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
74 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
75 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
76 (b)[(i) + 3] = (unsigned char) ( (n) ); \
77} while( 0 )
78#endif
79
80void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
81{
82 memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
83}
84
85void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
86{
87 if( ctx == NULL )
88 return;
89
90 mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
91}
92
93void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
94 const mbedtls_sha256_context *src )
95{
96 *dst = *src;
97}
98
99/*
100 * SHA-256 context setup
101 */
102void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
103{
104 ctx->total[0] = 0;
105 ctx->total[1] = 0;
106
107 if( is224 == 0 )
108 {
109 /* SHA-256 */
110 ctx->state[0] = 0x6A09E667;
111 ctx->state[1] = 0xBB67AE85;
112 ctx->state[2] = 0x3C6EF372;
113 ctx->state[3] = 0xA54FF53A;
114 ctx->state[4] = 0x510E527F;
115 ctx->state[5] = 0x9B05688C;
116 ctx->state[6] = 0x1F83D9AB;
117 ctx->state[7] = 0x5BE0CD19;
118 }
119 else
120 {
121 /* SHA-224 */
122 ctx->state[0] = 0xC1059ED8;
123 ctx->state[1] = 0x367CD507;
124 ctx->state[2] = 0x3070DD17;
125 ctx->state[3] = 0xF70E5939;
126 ctx->state[4] = 0xFFC00B31;
127 ctx->state[5] = 0x68581511;
128 ctx->state[6] = 0x64F98FA7;
129 ctx->state[7] = 0xBEFA4FA4;
130 }
131
132 ctx->is224 = is224;
133}
134
135#if !defined(MBEDTLS_SHA256_PROCESS_ALT)
136static const uint32_t K[] =
137{
138 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
139 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
140 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
141 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
142 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
143 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
144 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
145 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
146 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
147 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
148 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
149 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
150 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
151 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
152 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
153 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
154};
155
156#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
157#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
158
159#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
160#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
161
162#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
163#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
164
165#define F0(x,y,z) ((x & y) | (z & (x | y)))
166#define F1(x,y,z) (z ^ (x & (y ^ z)))
167
168#define R(t) \
169( \
170 W[t] = S1(W[t - 2]) + W[t - 7] + \
171 S0(W[t - 15]) + W[t - 16] \
172)
173
174#define P(a,b,c,d,e,f,g,h,x,K) \
175{ \
176 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
177 temp2 = S2(a) + F0(a,b,c); \
178 d += temp1; h = temp1 + temp2; \
179}
180
181void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] )
182{
183 uint32_t temp1, temp2, W[64];
184 uint32_t A[8];
185 unsigned int i;
186
187 for( i = 0; i < 8; i++ )
188 A[i] = ctx->state[i];
189
190#if defined(MBEDTLS_SHA256_SMALLER)
191 for( i = 0; i < 64; i++ )
192 {
193 if( i < 16 )
194 GET_UINT32_BE( W[i], data, 4 * i );
195 else
196 R( i );
197
198 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] );
199
200 temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3];
201 A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1;
202 }
203#else /* MBEDTLS_SHA256_SMALLER */
204 for( i = 0; i < 16; i++ )
205 GET_UINT32_BE( W[i], data, 4 * i );
206
207 for( i = 0; i < 16; i += 8 )
208 {
209 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] );
210 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] );
211 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] );
212 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] );
213 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] );
214 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
215 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
216 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
217 }
218
219 for( i = 16; i < 64; i += 8 )
220 {
221 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] );
222 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] );
223 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] );
224 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] );
225 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] );
226 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
227 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
228 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
229 }
230#endif /* MBEDTLS_SHA256_SMALLER */
231
232 for( i = 0; i < 8; i++ )
233 ctx->state[i] += A[i];
234}
235#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
236
237/*
238 * SHA-256 process buffer
239 */
240void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
241 size_t ilen )
242{
243 size_t fill;
244 uint32_t left;
245
246 if( ilen == 0 )
247 return;
248
249 left = ctx->total[0] & 0x3F;
250 fill = 64 - left;
251
252 ctx->total[0] += (uint32_t) ilen;
253 ctx->total[0] &= 0xFFFFFFFF;
254
255 if( ctx->total[0] < (uint32_t) ilen )
256 ctx->total[1]++;
257
258 if( left && ilen >= fill )
259 {
260 memcpy( (void *) (ctx->buffer + left), input, fill );
261 mbedtls_sha256_process( ctx, ctx->buffer );
262 input += fill;
263 ilen -= fill;
264 left = 0;
265 }
266
267 while( ilen >= 64 )
268 {
269 mbedtls_sha256_process( ctx, input );
270 input += 64;
271 ilen -= 64;
272 }
273
274 if( ilen > 0 )
275 memcpy( (void *) (ctx->buffer + left), input, ilen );
276}
277
278static const unsigned char sha256_padding[64] =
279{
280 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
281 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
282 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
283 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
284};
285
286/*
287 * SHA-256 final digest
288 */
289void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] )
290{
291 uint32_t last, padn;
292 uint32_t high, low;
293 unsigned char msglen[8];
294
295 high = ( ctx->total[0] >> 29 )
296 | ( ctx->total[1] << 3 );
297 low = ( ctx->total[0] << 3 );
298
299 PUT_UINT32_BE( high, msglen, 0 );
300 PUT_UINT32_BE( low, msglen, 4 );
301
302 last = ctx->total[0] & 0x3F;
303 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
304
305 mbedtls_sha256_update( ctx, sha256_padding, padn );
306 mbedtls_sha256_update( ctx, msglen, 8 );
307
308 PUT_UINT32_BE( ctx->state[0], output, 0 );
309 PUT_UINT32_BE( ctx->state[1], output, 4 );
310 PUT_UINT32_BE( ctx->state[2], output, 8 );
311 PUT_UINT32_BE( ctx->state[3], output, 12 );
312 PUT_UINT32_BE( ctx->state[4], output, 16 );
313 PUT_UINT32_BE( ctx->state[5], output, 20 );
314 PUT_UINT32_BE( ctx->state[6], output, 24 );
315
316 if( ctx->is224 == 0 )
317 PUT_UINT32_BE( ctx->state[7], output, 28 );
318}
319
320#endif /* !MBEDTLS_SHA256_ALT */
321
322/*
323 * output = SHA-256( input buffer )
324 */
325void mbedtls_sha256( const unsigned char *input, size_t ilen,
326 unsigned char output[32], int is224 )
327{
328 mbedtls_sha256_context ctx;
329
330 mbedtls_sha256_init( &ctx );
331 mbedtls_sha256_starts( &ctx, is224 );
332 mbedtls_sha256_update( &ctx, input, ilen );
333 mbedtls_sha256_finish( &ctx, output );
334 mbedtls_sha256_free( &ctx );
335}
336
337#if defined(MBEDTLS_SELF_TEST)
338/*
339 * FIPS-180-2 test vectors
340 */
341static const unsigned char sha256_test_buf[3][57] =
342{
343 { "abc" },
344 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
345 { "" }
346};
347
348static const int sha256_test_buflen[3] =
349{
350 3, 56, 1000
351};
352
353static const unsigned char sha256_test_sum[6][32] =
354{
355 /*
356 * SHA-224 test vectors
357 */
358 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
359 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
360 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
361 0xE3, 0x6C, 0x9D, 0xA7 },
362 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
363 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
364 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
365 0x52, 0x52, 0x25, 0x25 },
366 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
367 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
368 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
369 0x4E, 0xE7, 0xAD, 0x67 },
370
371 /*
372 * SHA-256 test vectors
373 */
374 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
375 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
376 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
377 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
378 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
379 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
380 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
381 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
382 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
383 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
384 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
385 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
386};
387
388/*
389 * Checkup routine
390 */
391int mbedtls_sha256_self_test( int verbose )
392{
393 int i, j, k, buflen, ret = 0;
394 unsigned char buf[1024];
395 unsigned char sha256sum[32];
396 mbedtls_sha256_context ctx;
397
398 mbedtls_sha256_init( &ctx );
399
400 for( i = 0; i < 6; i++ )
401 {
402 j = i % 3;
403 k = i < 3;
404
405 if( verbose != 0 )
406 mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
407
408 mbedtls_sha256_starts( &ctx, k );
409
410 if( j == 2 )
411 {
412 memset( buf, 'a', buflen = 1000 );
413
414 for( j = 0; j < 1000; j++ )
415 mbedtls_sha256_update( &ctx, buf, buflen );
416 }
417 else
418 mbedtls_sha256_update( &ctx, sha256_test_buf[j],
419 sha256_test_buflen[j] );
420
421 mbedtls_sha256_finish( &ctx, sha256sum );
422
423 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
424 {
425 if( verbose != 0 )
426 mbedtls_printf( "failed\n" );
427
428 ret = 1;
429 goto exit;
430 }
431
432 if( verbose != 0 )
433 mbedtls_printf( "passed\n" );
434 }
435
436 if( verbose != 0 )
437 mbedtls_printf( "\n" );
438
439exit:
440 mbedtls_sha256_free( &ctx );
441
442 return( ret );
443}
444
445#endif /* MBEDTLS_SELF_TEST */
446
447#endif /* MBEDTLS_SHA256_C */
A
Definition test_init.cxx:9
n
DWORD n[4]
Definition mana.cxx:247
data
void * data
Definition mana.cxx:268
verbose
BOOL verbose
Definition mana.cxx:255
i
INT i
Definition mdump.cxx:32
output
static void output(code_int code)
Definition mgd.cxx:1647
left
static int left(const struct frozen *f)
Definition mongoose6.cxx:622
j
INT j
Definition odbhist.cxx:40
k
INT k
Definition odbhist.cxx:40
mbedtls_zeroize
static void mbedtls_zeroize(void *v, size_t n)
Definition sha256.cxx:51
mbedtls_sha256_process
void mbedtls_sha256_process(mbedtls_sha256_context *ctx, const unsigned char data[64])
Definition sha256.cxx:181
R
#define R(t)
Definition sha256.cxx:168
GET_UINT32_BE
#define GET_UINT32_BE(n, b, i)
Definition sha256.cxx:61
PUT_UINT32_BE
#define PUT_UINT32_BE(n, b, i)
Definition sha256.cxx:71
mbedtls_sha256_finish
void mbedtls_sha256_finish(mbedtls_sha256_context *ctx, unsigned char output[32])
SHA-256 final digest.
Definition sha256.cxx:289
mbedtls_sha256
void mbedtls_sha256(const unsigned char *input, size_t ilen, unsigned char output[32], int is224)
Output = SHA-256( input buffer )
Definition sha256.cxx:325
mbedtls_sha256_update
void mbedtls_sha256_update(mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen)
SHA-256 process buffer.
Definition sha256.cxx:240
mbedtls_sha256_free
void mbedtls_sha256_free(mbedtls_sha256_context *ctx)
Clear SHA-256 context.
Definition sha256.cxx:85
sha256_padding
static const unsigned char sha256_padding[64]
Definition sha256.cxx:278
mbedtls_sha256_init
void mbedtls_sha256_init(mbedtls_sha256_context *ctx)
Initialize SHA-256 context.
Definition sha256.cxx:80
P
#define P(a, b, c, d, e, f, g, h, x, K)
Definition sha256.cxx:174
mbedtls_sha256_clone
void mbedtls_sha256_clone(mbedtls_sha256_context *dst, const mbedtls_sha256_context *src)
Clone (the state of) a SHA-256 context.
Definition sha256.cxx:93
K
static const uint32_t K[]
Definition sha256.cxx:136
mbedtls_sha256_starts
void mbedtls_sha256_starts(mbedtls_sha256_context *ctx, int is224)
SHA-256 context setup.
Definition sha256.cxx:102
mbedtls_sha256_self_test
int mbedtls_sha256_self_test(int verbose)
Checkup routine.
mbedtls_sha256_context
SHA-256 context structure.
Definition sha256.h:48
mbedtls_sha256_context::state
uint32_t state[8]
Definition sha256.h:50
mbedtls_sha256_context::total
uint32_t total[2]
Definition sha256.h:49
mbedtls_sha256_context::is224
int is224
Definition sha256.h:52
mbedtls_sha256_context::buffer
unsigned char buffer[64]
Definition sha256.h:51