projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[AMSTREAM] Sync with Wine Staging 3.9. CORE-14656
[reactos.git] / dll / 3rdparty / mbedtls / sha256.c
1 /*
2 * FIPS-180-2 compliant SHA-256 implementation
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: GPL-2.0
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * This file is part of mbed TLS (https://tls.mbed.org)
22 */
23 /*
24 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
25 *
26 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
27 */
28
29 #if !defined(MBEDTLS_CONFIG_FILE)
30 #include "mbedtls/config.h"
31 #else
32 #include MBEDTLS_CONFIG_FILE
33 #endif
34
35 #if defined(MBEDTLS_SHA256_C)
36
37 #include "mbedtls/sha256.h"
38
39 #include <string.h>
40
41 #if defined(MBEDTLS_SELF_TEST)
42 #if defined(MBEDTLS_PLATFORM_C)
43 #include "mbedtls/platform.h"
44 #else
45 #include <stdio.h>
46 #include <stdlib.h>
47 #define mbedtls_printf printf
48 #define mbedtls_calloc calloc
49 #define mbedtls_free free
50 #endif /* MBEDTLS_PLATFORM_C */
51 #endif /* MBEDTLS_SELF_TEST */
52
53 #if !defined(MBEDTLS_SHA256_ALT)
54
55 /* Implementation that should never be optimized out by the compiler */
56 static void mbedtls_zeroize( void *v, size_t n ) {
57 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
58 }
59
60 /*
61 * 32-bit integer manipulation macros (big endian)
62 */
63 #ifndef GET_UINT32_BE
64 #define GET_UINT32_BE(n,b,i) \
65 do { \
66 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
67 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
68 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
69 | ( (uint32_t) (b)[(i) + 3] ); \
70 } while( 0 )
71 #endif
72
73 #ifndef PUT_UINT32_BE
74 #define PUT_UINT32_BE(n,b,i) \
75 do { \
76 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
77 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
78 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
79 (b)[(i) + 3] = (unsigned char) ( (n) ); \
80 } while( 0 )
81 #endif
82
83 void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
84 {
85 memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
86 }
87
88 void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
89 {
90 if( ctx == NULL )
91 return;
92
93 mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
94 }
95
96 void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
97 const mbedtls_sha256_context *src )
98 {
99 *dst = *src;
100 }
101
102 /*
103 * SHA-256 context setup
104 */
105 void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
106 {
107 ctx->total[0] = 0;
108 ctx->total[1] = 0;
109
110 if( is224 == 0 )
111 {
112 /* SHA-256 */
113 ctx->state[0] = 0x6A09E667;
114 ctx->state[1] = 0xBB67AE85;
115 ctx->state[2] = 0x3C6EF372;
116 ctx->state[3] = 0xA54FF53A;
117 ctx->state[4] = 0x510E527F;
118 ctx->state[5] = 0x9B05688C;
119 ctx->state[6] = 0x1F83D9AB;
120 ctx->state[7] = 0x5BE0CD19;
121 }
122 else
123 {
124 /* SHA-224 */
125 ctx->state[0] = 0xC1059ED8;
126 ctx->state[1] = 0x367CD507;
127 ctx->state[2] = 0x3070DD17;
128 ctx->state[3] = 0xF70E5939;
129 ctx->state[4] = 0xFFC00B31;
130 ctx->state[5] = 0x68581511;
131 ctx->state[6] = 0x64F98FA7;
132 ctx->state[7] = 0xBEFA4FA4;
133 }
134
135 ctx->is224 = is224;
136 }
137
138 #if !defined(MBEDTLS_SHA256_PROCESS_ALT)
139 static const uint32_t K[] =
140 {
141 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
142 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
143 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
144 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
145 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
146 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
147 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
148 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
149 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
150 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
151 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
152 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
153 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
154 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
155 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
156 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
157 };
158
159 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
160 #define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
161
162 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
163 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
164
165 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
166 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
167
168 #define F0(x,y,z) ((x & y) | (z & (x | y)))
169 #define F1(x,y,z) (z ^ (x & (y ^ z)))
170
171 #define R(t) \
172 ( \
173 W[t] = S1(W[t - 2]) + W[t - 7] + \
174 S0(W[t - 15]) + W[t - 16] \
175 )
176
177 #define P(a,b,c,d,e,f,g,h,x,K) \
178 { \
179 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
180 temp2 = S2(a) + F0(a,b,c); \
181 d += temp1; h = temp1 + temp2; \
182 }
183
184 void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] )
185 {
186 uint32_t temp1, temp2, W[64];
187 uint32_t A[8];
188 unsigned int i;
189
190 for( i = 0; i < 8; i++ )
191 A[i] = ctx->state[i];
192
193 #if defined(MBEDTLS_SHA256_SMALLER)
194 for( i = 0; i < 64; i++ )
195 {
196 if( i < 16 )
197 GET_UINT32_BE( W[i], data, 4 * i );
198 else
199 R( i );
200
201 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] );
202
203 temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3];
204 A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1;
205 }
206 #else /* MBEDTLS_SHA256_SMALLER */
207 for( i = 0; i < 16; i++ )
208 GET_UINT32_BE( W[i], data, 4 * i );
209
210 for( i = 0; i < 16; i += 8 )
211 {
212 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] );
213 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] );
214 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] );
215 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] );
216 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] );
217 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
218 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
219 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
220 }
221
222 for( i = 16; i < 64; i += 8 )
223 {
224 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] );
225 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] );
226 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] );
227 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] );
228 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] );
229 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
230 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
231 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
232 }
233 #endif /* MBEDTLS_SHA256_SMALLER */
234
235 for( i = 0; i < 8; i++ )
236 ctx->state[i] += A[i];
237 }
238 #endif /* !MBEDTLS_SHA256_PROCESS_ALT */
239
240 /*
241 * SHA-256 process buffer
242 */
243 void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
244 size_t ilen )
245 {
246 size_t fill;
247 uint32_t left;
248
249 if( ilen == 0 )
250 return;
251
252 left = ctx->total[0] & 0x3F;
253 fill = 64 - left;
254
255 ctx->total[0] += (uint32_t) ilen;
256 ctx->total[0] &= 0xFFFFFFFF;
257
258 if( ctx->total[0] < (uint32_t) ilen )
259 ctx->total[1]++;
260
261 if( left && ilen >= fill )
262 {
263 memcpy( (void *) (ctx->buffer + left), input, fill );
264 mbedtls_sha256_process( ctx, ctx->buffer );
265 input += fill;
266 ilen -= fill;
267 left = 0;
268 }
269
270 while( ilen >= 64 )
271 {
272 mbedtls_sha256_process( ctx, input );
273 input += 64;
274 ilen -= 64;
275 }
276
277 if( ilen > 0 )
278 memcpy( (void *) (ctx->buffer + left), input, ilen );
279 }
280
281 static const unsigned char sha256_padding[64] =
282 {
283 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
284 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
285 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
286 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
287 };
288
289 /*
290 * SHA-256 final digest
291 */
292 void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] )
293 {
294 uint32_t last, padn;
295 uint32_t high, low;
296 unsigned char msglen[8];
297
298 high = ( ctx->total[0] >> 29 )
299 | ( ctx->total[1] << 3 );
300 low = ( ctx->total[0] << 3 );
301
302 PUT_UINT32_BE( high, msglen, 0 );
303 PUT_UINT32_BE( low, msglen, 4 );
304
305 last = ctx->total[0] & 0x3F;
306 padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
307
308 mbedtls_sha256_update( ctx, sha256_padding, padn );
309 mbedtls_sha256_update( ctx, msglen, 8 );
310
311 PUT_UINT32_BE( ctx->state[0], output, 0 );
312 PUT_UINT32_BE( ctx->state[1], output, 4 );
313 PUT_UINT32_BE( ctx->state[2], output, 8 );
314 PUT_UINT32_BE( ctx->state[3], output, 12 );
315 PUT_UINT32_BE( ctx->state[4], output, 16 );
316 PUT_UINT32_BE( ctx->state[5], output, 20 );
317 PUT_UINT32_BE( ctx->state[6], output, 24 );
318
319 if( ctx->is224 == 0 )
320 PUT_UINT32_BE( ctx->state[7], output, 28 );
321 }
322
323 #endif /* !MBEDTLS_SHA256_ALT */
324
325 /*
326 * output = SHA-256( input buffer )
327 */
328 void mbedtls_sha256( const unsigned char *input, size_t ilen,
329 unsigned char output[32], int is224 )
330 {
331 mbedtls_sha256_context ctx;
332
333 mbedtls_sha256_init( &ctx );
334 mbedtls_sha256_starts( &ctx, is224 );
335 mbedtls_sha256_update( &ctx, input, ilen );
336 mbedtls_sha256_finish( &ctx, output );
337 mbedtls_sha256_free( &ctx );
338 }
339
340 #if defined(MBEDTLS_SELF_TEST)
341 /*
342 * FIPS-180-2 test vectors
343 */
344 static const unsigned char sha256_test_buf[3][57] =
345 {
346 { "abc" },
347 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
348 { "" }
349 };
350
351 static const int sha256_test_buflen[3] =
352 {
353 3, 56, 1000
354 };
355
356 static const unsigned char sha256_test_sum[6][32] =
357 {
358 /*
359 * SHA-224 test vectors
360 */
361 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
362 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
363 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
364 0xE3, 0x6C, 0x9D, 0xA7 },
365 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
366 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
367 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
368 0x52, 0x52, 0x25, 0x25 },
369 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
370 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
371 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
372 0x4E, 0xE7, 0xAD, 0x67 },
373
374 /*
375 * SHA-256 test vectors
376 */
377 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
378 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
379 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
380 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
381 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
382 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
383 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
384 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
385 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
386 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
387 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
388 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
389 };
390
391 /*
392 * Checkup routine
393 */
394 int mbedtls_sha256_self_test( int verbose )
395 {
396 int i, j, k, buflen, ret = 0;
397 unsigned char *buf;
398 unsigned char sha256sum[32];
399 mbedtls_sha256_context ctx;
400
401 buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
402 if( NULL == buf )
403 {
404 if( verbose != 0 )
405 mbedtls_printf( "Buffer allocation failed\n" );
406
407 return( 1 );
408 }
409
410 mbedtls_sha256_init( &ctx );
411
412 for( i = 0; i < 6; i++ )
413 {
414 j = i % 3;
415 k = i < 3;
416
417 if( verbose != 0 )
418 mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
419
420 mbedtls_sha256_starts( &ctx, k );
421
422 if( j == 2 )
423 {
424 memset( buf, 'a', buflen = 1000 );
425
426 for( j = 0; j < 1000; j++ )
427 mbedtls_sha256_update( &ctx, buf, buflen );
428 }
429 else
430 mbedtls_sha256_update( &ctx, sha256_test_buf[j],
431 sha256_test_buflen[j] );
432
433 mbedtls_sha256_finish( &ctx, sha256sum );
434
435 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
436 {
437 if( verbose != 0 )
438 mbedtls_printf( "failed\n" );
439
440 ret = 1;
441 goto exit;
442 }
443
444 if( verbose != 0 )
445 mbedtls_printf( "passed\n" );
446 }
447
448 if( verbose != 0 )
449 mbedtls_printf( "\n" );
450
451 exit:
452 mbedtls_sha256_free( &ctx );
453 mbedtls_free( buf );
454
455 return( ret );
456 }
457
458 #endif /* MBEDTLS_SELF_TEST */
459
460 #endif /* MBEDTLS_SHA256_C */
A free Windows-compatible Operating System