projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[SHELL] IPersistFolder2::GetCurFolder takes a PIDLIST_ABSOLUTE*. CORE-16385
[reactos.git] / dll / 3rdparty / mbedtls / sha256.c
1 /*
2 * FIPS-180-2 compliant SHA-256 implementation
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: GPL-2.0
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * This file is part of mbed TLS (https://tls.mbed.org)
22 */
23 /*
24 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
25 *
26 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
27 */
28
29 #if !defined(MBEDTLS_CONFIG_FILE)
30 #include "mbedtls/config.h"
31 #else
32 #include MBEDTLS_CONFIG_FILE
33 #endif
34
35 #if defined(MBEDTLS_SHA256_C)
36
37 #include "mbedtls/sha256.h"
38
39 #include <string.h>
40
41 #if defined(MBEDTLS_SELF_TEST)
42 #if defined(MBEDTLS_PLATFORM_C)
43 #include "mbedtls/platform.h"
44 #else
45 #include <stdio.h>
46 #include <stdlib.h>
47 #define mbedtls_printf printf
48 #define mbedtls_calloc calloc
49 #define mbedtls_free free
50 #endif /* MBEDTLS_PLATFORM_C */
51 #endif /* MBEDTLS_SELF_TEST */
52
53 #if !defined(MBEDTLS_SHA256_ALT)
54
55 /* Implementation that should never be optimized out by the compiler */
56 static void mbedtls_zeroize( void *v, size_t n ) {
57 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
58 }
59
60 /*
61 * 32-bit integer manipulation macros (big endian)
62 */
63 #ifndef GET_UINT32_BE
64 #define GET_UINT32_BE(n,b,i) \
65 do { \
66 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
67 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
68 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
69 | ( (uint32_t) (b)[(i) + 3] ); \
70 } while( 0 )
71 #endif
72
73 #ifndef PUT_UINT32_BE
74 #define PUT_UINT32_BE(n,b,i) \
75 do { \
76 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
77 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
78 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
79 (b)[(i) + 3] = (unsigned char) ( (n) ); \
80 } while( 0 )
81 #endif
82
83 void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
84 {
85 memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
86 }
87
88 void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
89 {
90 if( ctx == NULL )
91 return;
92
93 mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
94 }
95
96 void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
97 const mbedtls_sha256_context *src )
98 {
99 *dst = *src;
100 }
101
102 /*
103 * SHA-256 context setup
104 */
105 int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
106 {
107 ctx->total[0] = 0;
108 ctx->total[1] = 0;
109
110 if( is224 == 0 )
111 {
112 /* SHA-256 */
113 ctx->state[0] = 0x6A09E667;
114 ctx->state[1] = 0xBB67AE85;
115 ctx->state[2] = 0x3C6EF372;
116 ctx->state[3] = 0xA54FF53A;
117 ctx->state[4] = 0x510E527F;
118 ctx->state[5] = 0x9B05688C;
119 ctx->state[6] = 0x1F83D9AB;
120 ctx->state[7] = 0x5BE0CD19;
121 }
122 else
123 {
124 /* SHA-224 */
125 ctx->state[0] = 0xC1059ED8;
126 ctx->state[1] = 0x367CD507;
127 ctx->state[2] = 0x3070DD17;
128 ctx->state[3] = 0xF70E5939;
129 ctx->state[4] = 0xFFC00B31;
130 ctx->state[5] = 0x68581511;
131 ctx->state[6] = 0x64F98FA7;
132 ctx->state[7] = 0xBEFA4FA4;
133 }
134
135 ctx->is224 = is224;
136
137 return( 0 );
138 }
139
140 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
141 void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
142 int is224 )
143 {
144 mbedtls_sha256_starts_ret( ctx, is224 );
145 }
146 #endif
147
148 #if !defined(MBEDTLS_SHA256_PROCESS_ALT)
149 static const uint32_t K[] =
150 {
151 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
152 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
153 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
154 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
155 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
156 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
157 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
158 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
159 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
160 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
161 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
162 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
163 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
164 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
165 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
166 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
167 };
168
169 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
170 #define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
171
172 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
173 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
174
175 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
176 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
177
178 #define F0(x,y,z) ((x & y) | (z & (x | y)))
179 #define F1(x,y,z) (z ^ (x & (y ^ z)))
180
181 #define R(t) \
182 ( \
183 W[t] = S1(W[t - 2]) + W[t - 7] + \
184 S0(W[t - 15]) + W[t - 16] \
185 )
186
187 #define P(a,b,c,d,e,f,g,h,x,K) \
188 { \
189 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
190 temp2 = S2(a) + F0(a,b,c); \
191 d += temp1; h = temp1 + temp2; \
192 }
193
194 int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
195 const unsigned char data[64] )
196 {
197 uint32_t temp1, temp2, W[64];
198 uint32_t A[8];
199 unsigned int i;
200
201 for( i = 0; i < 8; i++ )
202 A[i] = ctx->state[i];
203
204 #if defined(MBEDTLS_SHA256_SMALLER)
205 for( i = 0; i < 64; i++ )
206 {
207 if( i < 16 )
208 GET_UINT32_BE( W[i], data, 4 * i );
209 else
210 R( i );
211
212 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] );
213
214 temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3];
215 A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1;
216 }
217 #else /* MBEDTLS_SHA256_SMALLER */
218 for( i = 0; i < 16; i++ )
219 GET_UINT32_BE( W[i], data, 4 * i );
220
221 for( i = 0; i < 16; i += 8 )
222 {
223 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] );
224 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] );
225 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] );
226 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] );
227 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] );
228 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
229 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
230 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
231 }
232
233 for( i = 16; i < 64; i += 8 )
234 {
235 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] );
236 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] );
237 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] );
238 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] );
239 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] );
240 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
241 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
242 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
243 }
244 #endif /* MBEDTLS_SHA256_SMALLER */
245
246 for( i = 0; i < 8; i++ )
247 ctx->state[i] += A[i];
248
249 return( 0 );
250 }
251
252 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
253 void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
254 const unsigned char data[64] )
255 {
256 mbedtls_internal_sha256_process( ctx, data );
257 }
258 #endif
259 #endif /* !MBEDTLS_SHA256_PROCESS_ALT */
260
261 /*
262 * SHA-256 process buffer
263 */
264 int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
265 const unsigned char *input,
266 size_t ilen )
267 {
268 int ret;
269 size_t fill;
270 uint32_t left;
271
272 if( ilen == 0 )
273 return( 0 );
274
275 left = ctx->total[0] & 0x3F;
276 fill = 64 - left;
277
278 ctx->total[0] += (uint32_t) ilen;
279 ctx->total[0] &= 0xFFFFFFFF;
280
281 if( ctx->total[0] < (uint32_t) ilen )
282 ctx->total[1]++;
283
284 if( left && ilen >= fill )
285 {
286 memcpy( (void *) (ctx->buffer + left), input, fill );
287
288 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
289 return( ret );
290
291 input += fill;
292 ilen -= fill;
293 left = 0;
294 }
295
296 while( ilen >= 64 )
297 {
298 if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 )
299 return( ret );
300
301 input += 64;
302 ilen -= 64;
303 }
304
305 if( ilen > 0 )
306 memcpy( (void *) (ctx->buffer + left), input, ilen );
307
308 return( 0 );
309 }
310
311 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
312 void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
313 const unsigned char *input,
314 size_t ilen )
315 {
316 mbedtls_sha256_update_ret( ctx, input, ilen );
317 }
318 #endif
319
320 /*
321 * SHA-256 final digest
322 */
323 int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
324 unsigned char output[32] )
325 {
326 int ret;
327 uint32_t used;
328 uint32_t high, low;
329
330 /*
331 * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
332 */
333 used = ctx->total[0] & 0x3F;
334
335 ctx->buffer[used++] = 0x80;
336
337 if( used <= 56 )
338 {
339 /* Enough room for padding + length in current block */
340 memset( ctx->buffer + used, 0, 56 - used );
341 }
342 else
343 {
344 /* We'll need an extra block */
345 memset( ctx->buffer + used, 0, 64 - used );
346
347 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
348 return( ret );
349
350 memset( ctx->buffer, 0, 56 );
351 }
352
353 /*
354 * Add message length
355 */
356 high = ( ctx->total[0] >> 29 )
357 | ( ctx->total[1] << 3 );
358 low = ( ctx->total[0] << 3 );
359
360 PUT_UINT32_BE( high, ctx->buffer, 56 );
361 PUT_UINT32_BE( low, ctx->buffer, 60 );
362
363 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
364 return( ret );
365
366 /*
367 * Output final state
368 */
369 PUT_UINT32_BE( ctx->state[0], output, 0 );
370 PUT_UINT32_BE( ctx->state[1], output, 4 );
371 PUT_UINT32_BE( ctx->state[2], output, 8 );
372 PUT_UINT32_BE( ctx->state[3], output, 12 );
373 PUT_UINT32_BE( ctx->state[4], output, 16 );
374 PUT_UINT32_BE( ctx->state[5], output, 20 );
375 PUT_UINT32_BE( ctx->state[6], output, 24 );
376
377 if( ctx->is224 == 0 )
378 PUT_UINT32_BE( ctx->state[7], output, 28 );
379
380 return( 0 );
381 }
382
383 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
384 void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
385 unsigned char output[32] )
386 {
387 mbedtls_sha256_finish_ret( ctx, output );
388 }
389 #endif
390
391 #endif /* !MBEDTLS_SHA256_ALT */
392
393 /*
394 * output = SHA-256( input buffer )
395 */
396 int mbedtls_sha256_ret( const unsigned char *input,
397 size_t ilen,
398 unsigned char output[32],
399 int is224 )
400 {
401 int ret;
402 mbedtls_sha256_context ctx;
403
404 mbedtls_sha256_init( &ctx );
405
406 if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )
407 goto exit;
408
409 if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 )
410 goto exit;
411
412 if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 )
413 goto exit;
414
415 exit:
416 mbedtls_sha256_free( &ctx );
417
418 return( ret );
419 }
420
421 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
422 void mbedtls_sha256( const unsigned char *input,
423 size_t ilen,
424 unsigned char output[32],
425 int is224 )
426 {
427 mbedtls_sha256_ret( input, ilen, output, is224 );
428 }
429 #endif
430
431 #if defined(MBEDTLS_SELF_TEST)
432 /*
433 * FIPS-180-2 test vectors
434 */
435 static const unsigned char sha256_test_buf[3][57] =
436 {
437 { "abc" },
438 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
439 { "" }
440 };
441
442 static const size_t sha256_test_buflen[3] =
443 {
444 3, 56, 1000
445 };
446
447 static const unsigned char sha256_test_sum[6][32] =
448 {
449 /*
450 * SHA-224 test vectors
451 */
452 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
453 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
454 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
455 0xE3, 0x6C, 0x9D, 0xA7 },
456 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
457 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
458 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
459 0x52, 0x52, 0x25, 0x25 },
460 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
461 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
462 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
463 0x4E, 0xE7, 0xAD, 0x67 },
464
465 /*
466 * SHA-256 test vectors
467 */
468 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
469 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
470 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
471 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
472 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
473 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
474 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
475 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
476 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
477 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
478 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
479 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
480 };
481
482 /*
483 * Checkup routine
484 */
485 int mbedtls_sha256_self_test( int verbose )
486 {
487 int i, j, k, buflen, ret = 0;
488 unsigned char *buf;
489 unsigned char sha256sum[32];
490 mbedtls_sha256_context ctx;
491
492 buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
493 if( NULL == buf )
494 {
495 if( verbose != 0 )
496 mbedtls_printf( "Buffer allocation failed\n" );
497
498 return( 1 );
499 }
500
501 mbedtls_sha256_init( &ctx );
502
503 for( i = 0; i < 6; i++ )
504 {
505 j = i % 3;
506 k = i < 3;
507
508 if( verbose != 0 )
509 mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
510
511 if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 )
512 goto fail;
513
514 if( j == 2 )
515 {
516 memset( buf, 'a', buflen = 1000 );
517
518 for( j = 0; j < 1000; j++ )
519 {
520 ret = mbedtls_sha256_update_ret( &ctx, buf, buflen );
521 if( ret != 0 )
522 goto fail;
523 }
524
525 }
526 else
527 {
528 ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j],
529 sha256_test_buflen[j] );
530 if( ret != 0 )
531 goto fail;
532 }
533
534 if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 )
535 goto fail;
536
537
538 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
539 {
540 ret = 1;
541 goto fail;
542 }
543
544 if( verbose != 0 )
545 mbedtls_printf( "passed\n" );
546 }
547
548 if( verbose != 0 )
549 mbedtls_printf( "\n" );
550
551 goto exit;
552
553 fail:
554 if( verbose != 0 )
555 mbedtls_printf( "failed\n" );
556
557 exit:
558 mbedtls_sha256_free( &ctx );
559 mbedtls_free( buf );
560
561 return( ret );
562 }
563
564 #endif /* MBEDTLS_SELF_TEST */
565
566 #endif /* MBEDTLS_SHA256_C */
A free Windows-compatible Operating System