1 /* 2 * FIPS-180-2 compliant SHA-256 implementation 3 * 4 * Copyright The Mbed TLS Contributors 5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 6 * 7 * This file is provided under the Apache License 2.0, or the 8 * GNU General Public License v2.0 or later. 9 * 10 * ********** 11 * Apache License 2.0: 12 * 13 * Licensed under the Apache License, Version 2.0 (the "License"); you may 14 * not use this file except in compliance with the License. 15 * You may obtain a copy of the License at 16 * 17 * http://www.apache.org/licenses/LICENSE-2.0 18 * 19 * Unless required by applicable law or agreed to in writing, software 20 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 21 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 22 * See the License for the specific language governing permissions and 23 * limitations under the License. 24 * 25 * ********** 26 * 27 * ********** 28 * GNU General Public License v2.0 or later: 29 * 30 * This program is free software; you can redistribute it and/or modify 31 * it under the terms of the GNU General Public License as published by 32 * the Free Software Foundation; either version 2 of the License, or 33 * (at your option) any later version. 34 * 35 * This program is distributed in the hope that it will be useful, 36 * but WITHOUT ANY WARRANTY; without even the implied warranty of 37 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 38 * GNU General Public License for more details. 39 * 40 * You should have received a copy of the GNU General Public License along 41 * with this program; if not, write to the Free Software Foundation, Inc., 42 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 43 * 44 * ********** 45 */ 46 /* 47 * The SHA-256 Secure Hash Standard was published by NIST in 2002. 48 * 49 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf 50 */ 51 52 #if !defined(MBEDTLS_CONFIG_FILE) 53 #include "mbedtls/config.h" 54 #else 55 #include MBEDTLS_CONFIG_FILE 56 #endif 57 58 #if defined(MBEDTLS_SHA256_C) 59 60 #include "mbedtls/sha256.h" 61 #include "mbedtls/platform_util.h" 62 63 #include <string.h> 64 65 #if defined(MBEDTLS_SELF_TEST) 66 #if defined(MBEDTLS_PLATFORM_C) 67 #include "mbedtls/platform.h" 68 #else 69 #include <stdio.h> 70 #include <stdlib.h> 71 #define mbedtls_printf printf 72 #define mbedtls_calloc calloc 73 #define mbedtls_free free 74 #endif /* MBEDTLS_PLATFORM_C */ 75 #endif /* MBEDTLS_SELF_TEST */ 76 77 #define SHA256_VALIDATE_RET(cond) \ 78 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA ) 79 #define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) 80 81 #if !defined(MBEDTLS_SHA256_ALT) 82 83 /* 84 * 32-bit integer manipulation macros (big endian) 85 */ 86 #ifndef GET_UINT32_BE 87 #define GET_UINT32_BE(n,b,i) \ 88 do { \ 89 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ 90 | ( (uint32_t) (b)[(i) + 1] << 16 ) \ 91 | ( (uint32_t) (b)[(i) + 2] << 8 ) \ 92 | ( (uint32_t) (b)[(i) + 3] ); \ 93 } while( 0 ) 94 #endif 95 96 #ifndef PUT_UINT32_BE 97 #define PUT_UINT32_BE(n,b,i) \ 98 do { \ 99 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 100 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 101 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 102 (b)[(i) + 3] = (unsigned char) ( (n) ); \ 103 } while( 0 ) 104 #endif 105 106 void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) 107 { 108 SHA256_VALIDATE( ctx != NULL ); 109 110 memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); 111 } 112 113 void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) 114 { 115 if( ctx == NULL ) 116 return; 117 118 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); 119 } 120 121 void mbedtls_sha256_clone( mbedtls_sha256_context *dst, 122 const mbedtls_sha256_context *src ) 123 { 124 SHA256_VALIDATE( dst != NULL ); 125 SHA256_VALIDATE( src != NULL ); 126 127 *dst = *src; 128 } 129 130 /* 131 * SHA-256 context setup 132 */ 133 int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) 134 { 135 SHA256_VALIDATE_RET( ctx != NULL ); 136 SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); 137 138 ctx->total[0] = 0; 139 ctx->total[1] = 0; 140 141 if( is224 == 0 ) 142 { 143 /* SHA-256 */ 144 ctx->state[0] = 0x6A09E667; 145 ctx->state[1] = 0xBB67AE85; 146 ctx->state[2] = 0x3C6EF372; 147 ctx->state[3] = 0xA54FF53A; 148 ctx->state[4] = 0x510E527F; 149 ctx->state[5] = 0x9B05688C; 150 ctx->state[6] = 0x1F83D9AB; 151 ctx->state[7] = 0x5BE0CD19; 152 } 153 else 154 { 155 /* SHA-224 */ 156 ctx->state[0] = 0xC1059ED8; 157 ctx->state[1] = 0x367CD507; 158 ctx->state[2] = 0x3070DD17; 159 ctx->state[3] = 0xF70E5939; 160 ctx->state[4] = 0xFFC00B31; 161 ctx->state[5] = 0x68581511; 162 ctx->state[6] = 0x64F98FA7; 163 ctx->state[7] = 0xBEFA4FA4; 164 } 165 166 ctx->is224 = is224; 167 168 return( 0 ); 169 } 170 171 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 172 void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, 173 int is224 ) 174 { 175 mbedtls_sha256_starts_ret( ctx, is224 ); 176 } 177 #endif 178 179 #if !defined(MBEDTLS_SHA256_PROCESS_ALT) 180 static const uint32_t K[] = 181 { 182 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 183 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, 184 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, 185 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174, 186 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC, 187 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA, 188 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, 189 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967, 190 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, 191 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85, 192 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, 193 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070, 194 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, 195 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3, 196 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, 197 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2, 198 }; 199 200 #define SHR(x,n) (((x) & 0xFFFFFFFF) >> (n)) 201 #define ROTR(x,n) (SHR(x,n) | ((x) << (32 - (n)))) 202 203 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) 204 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) 205 206 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) 207 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) 208 209 #define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) 210 #define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) 211 212 #define R(t) \ 213 ( \ 214 local.W[t] = S1(local.W[(t) - 2]) + local.W[(t) - 7] + \ 215 S0(local.W[(t) - 15]) + local.W[(t) - 16] \ 216 ) 217 218 #define P(a,b,c,d,e,f,g,h,x,K) \ 219 do \ 220 { \ 221 local.temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \ 222 local.temp2 = S2(a) + F0((a),(b),(c)); \ 223 (d) += local.temp1; (h) = local.temp1 + local.temp2; \ 224 } while( 0 ) 225 226 int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, 227 const unsigned char data[64] ) 228 { 229 struct 230 { 231 uint32_t temp1, temp2, W[64]; 232 uint32_t A[8]; 233 } local; 234 235 unsigned int i; 236 237 SHA256_VALIDATE_RET( ctx != NULL ); 238 SHA256_VALIDATE_RET( (const unsigned char *)data != NULL ); 239 240 for( i = 0; i < 8; i++ ) 241 local.A[i] = ctx->state[i]; 242 243 #if defined(MBEDTLS_SHA256_SMALLER) 244 for( i = 0; i < 64; i++ ) 245 { 246 if( i < 16 ) 247 GET_UINT32_BE( local.W[i], data, 4 * i ); 248 else 249 R( i ); 250 251 P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], 252 local.A[5], local.A[6], local.A[7], local.W[i], K[i] ); 253 254 local.temp1 = local.A[7]; local.A[7] = local.A[6]; 255 local.A[6] = local.A[5]; local.A[5] = local.A[4]; 256 local.A[4] = local.A[3]; local.A[3] = local.A[2]; 257 local.A[2] = local.A[1]; local.A[1] = local.A[0]; 258 local.A[0] = local.temp1; 259 } 260 #else /* MBEDTLS_SHA256_SMALLER */ 261 for( i = 0; i < 16; i++ ) 262 GET_UINT32_BE( local.W[i], data, 4 * i ); 263 264 for( i = 0; i < 16; i += 8 ) 265 { 266 P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], 267 local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0] ); 268 P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3], 269 local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1] ); 270 P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2], 271 local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2] ); 272 P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1], 273 local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3] ); 274 P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0], 275 local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4] ); 276 P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7], 277 local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5] ); 278 P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6], 279 local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6] ); 280 P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5], 281 local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7] ); 282 } 283 284 for( i = 16; i < 64; i += 8 ) 285 { 286 P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], 287 local.A[5], local.A[6], local.A[7], R(i+0), K[i+0] ); 288 P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3], 289 local.A[4], local.A[5], local.A[6], R(i+1), K[i+1] ); 290 P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2], 291 local.A[3], local.A[4], local.A[5], R(i+2), K[i+2] ); 292 P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1], 293 local.A[2], local.A[3], local.A[4], R(i+3), K[i+3] ); 294 P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0], 295 local.A[1], local.A[2], local.A[3], R(i+4), K[i+4] ); 296 P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7], 297 local.A[0], local.A[1], local.A[2], R(i+5), K[i+5] ); 298 P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6], 299 local.A[7], local.A[0], local.A[1], R(i+6), K[i+6] ); 300 P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5], 301 local.A[6], local.A[7], local.A[0], R(i+7), K[i+7] ); 302 } 303 #endif /* MBEDTLS_SHA256_SMALLER */ 304 305 for( i = 0; i < 8; i++ ) 306 ctx->state[i] += local.A[i]; 307 308 /* Zeroise buffers and variables to clear sensitive data from memory. */ 309 mbedtls_platform_zeroize( &local, sizeof( local ) ); 310 311 return( 0 ); 312 } 313 314 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 315 void mbedtls_sha256_process( mbedtls_sha256_context *ctx, 316 const unsigned char data[64] ) 317 { 318 mbedtls_internal_sha256_process( ctx, data ); 319 } 320 #endif 321 #endif /* !MBEDTLS_SHA256_PROCESS_ALT */ 322 323 /* 324 * SHA-256 process buffer 325 */ 326 int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, 327 const unsigned char *input, 328 size_t ilen ) 329 { 330 int ret; 331 size_t fill; 332 uint32_t left; 333 334 SHA256_VALIDATE_RET( ctx != NULL ); 335 SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); 336 337 if( ilen == 0 ) 338 return( 0 ); 339 340 left = ctx->total[0] & 0x3F; 341 fill = 64 - left; 342 343 ctx->total[0] += (uint32_t) ilen; 344 ctx->total[0] &= 0xFFFFFFFF; 345 346 if( ctx->total[0] < (uint32_t) ilen ) 347 ctx->total[1]++; 348 349 if( left && ilen >= fill ) 350 { 351 memcpy( (void *) (ctx->buffer + left), input, fill ); 352 353 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) 354 return( ret ); 355 356 input += fill; 357 ilen -= fill; 358 left = 0; 359 } 360 361 while( ilen >= 64 ) 362 { 363 if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 ) 364 return( ret ); 365 366 input += 64; 367 ilen -= 64; 368 } 369 370 if( ilen > 0 ) 371 memcpy( (void *) (ctx->buffer + left), input, ilen ); 372 373 return( 0 ); 374 } 375 376 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 377 void mbedtls_sha256_update( mbedtls_sha256_context *ctx, 378 const unsigned char *input, 379 size_t ilen ) 380 { 381 mbedtls_sha256_update_ret( ctx, input, ilen ); 382 } 383 #endif 384 385 /* 386 * SHA-256 final digest 387 */ 388 int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, 389 unsigned char output[32] ) 390 { 391 int ret; 392 uint32_t used; 393 uint32_t high, low; 394 395 SHA256_VALIDATE_RET( ctx != NULL ); 396 SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); 397 398 /* 399 * Add padding: 0x80 then 0x00 until 8 bytes remain for the length 400 */ 401 used = ctx->total[0] & 0x3F; 402 403 ctx->buffer[used++] = 0x80; 404 405 if( used <= 56 ) 406 { 407 /* Enough room for padding + length in current block */ 408 memset( ctx->buffer + used, 0, 56 - used ); 409 } 410 else 411 { 412 /* We'll need an extra block */ 413 memset( ctx->buffer + used, 0, 64 - used ); 414 415 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) 416 return( ret ); 417 418 memset( ctx->buffer, 0, 56 ); 419 } 420 421 /* 422 * Add message length 423 */ 424 high = ( ctx->total[0] >> 29 ) 425 | ( ctx->total[1] << 3 ); 426 low = ( ctx->total[0] << 3 ); 427 428 PUT_UINT32_BE( high, ctx->buffer, 56 ); 429 PUT_UINT32_BE( low, ctx->buffer, 60 ); 430 431 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) 432 return( ret ); 433 434 /* 435 * Output final state 436 */ 437 PUT_UINT32_BE( ctx->state[0], output, 0 ); 438 PUT_UINT32_BE( ctx->state[1], output, 4 ); 439 PUT_UINT32_BE( ctx->state[2], output, 8 ); 440 PUT_UINT32_BE( ctx->state[3], output, 12 ); 441 PUT_UINT32_BE( ctx->state[4], output, 16 ); 442 PUT_UINT32_BE( ctx->state[5], output, 20 ); 443 PUT_UINT32_BE( ctx->state[6], output, 24 ); 444 445 if( ctx->is224 == 0 ) 446 PUT_UINT32_BE( ctx->state[7], output, 28 ); 447 448 return( 0 ); 449 } 450 451 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 452 void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, 453 unsigned char output[32] ) 454 { 455 mbedtls_sha256_finish_ret( ctx, output ); 456 } 457 #endif 458 459 #endif /* !MBEDTLS_SHA256_ALT */ 460 461 /* 462 * output = SHA-256( input buffer ) 463 */ 464 int mbedtls_sha256_ret( const unsigned char *input, 465 size_t ilen, 466 unsigned char output[32], 467 int is224 ) 468 { 469 int ret; 470 mbedtls_sha256_context ctx; 471 472 SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); 473 SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); 474 SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); 475 476 mbedtls_sha256_init( &ctx ); 477 478 if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 ) 479 goto exit; 480 481 if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 ) 482 goto exit; 483 484 if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 ) 485 goto exit; 486 487 exit: 488 mbedtls_sha256_free( &ctx ); 489 490 return( ret ); 491 } 492 493 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 494 void mbedtls_sha256( const unsigned char *input, 495 size_t ilen, 496 unsigned char output[32], 497 int is224 ) 498 { 499 mbedtls_sha256_ret( input, ilen, output, is224 ); 500 } 501 #endif 502 503 #if defined(MBEDTLS_SELF_TEST) 504 /* 505 * FIPS-180-2 test vectors 506 */ 507 static const unsigned char sha256_test_buf[3][57] = 508 { 509 { "abc" }, 510 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, 511 { "" } 512 }; 513 514 static const size_t sha256_test_buflen[3] = 515 { 516 3, 56, 1000 517 }; 518 519 static const unsigned char sha256_test_sum[6][32] = 520 { 521 /* 522 * SHA-224 test vectors 523 */ 524 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22, 525 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3, 526 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7, 527 0xE3, 0x6C, 0x9D, 0xA7 }, 528 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC, 529 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50, 530 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19, 531 0x52, 0x52, 0x25, 0x25 }, 532 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8, 533 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B, 534 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE, 535 0x4E, 0xE7, 0xAD, 0x67 }, 536 537 /* 538 * SHA-256 test vectors 539 */ 540 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA, 541 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23, 542 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C, 543 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD }, 544 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8, 545 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39, 546 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67, 547 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 }, 548 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92, 549 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67, 550 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E, 551 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 } 552 }; 553 554 /* 555 * Checkup routine 556 */ 557 int mbedtls_sha256_self_test( int verbose ) 558 { 559 int i, j, k, buflen, ret = 0; 560 unsigned char *buf; 561 unsigned char sha256sum[32]; 562 mbedtls_sha256_context ctx; 563 564 buf = mbedtls_calloc( 1024, sizeof(unsigned char) ); 565 if( NULL == buf ) 566 { 567 if( verbose != 0 ) 568 mbedtls_printf( "Buffer allocation failed\n" ); 569 570 return( 1 ); 571 } 572 573 mbedtls_sha256_init( &ctx ); 574 575 for( i = 0; i < 6; i++ ) 576 { 577 j = i % 3; 578 k = i < 3; 579 580 if( verbose != 0 ) 581 mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 ); 582 583 if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 ) 584 goto fail; 585 586 if( j == 2 ) 587 { 588 memset( buf, 'a', buflen = 1000 ); 589 590 for( j = 0; j < 1000; j++ ) 591 { 592 ret = mbedtls_sha256_update_ret( &ctx, buf, buflen ); 593 if( ret != 0 ) 594 goto fail; 595 } 596 597 } 598 else 599 { 600 ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j], 601 sha256_test_buflen[j] ); 602 if( ret != 0 ) 603 goto fail; 604 } 605 606 if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 ) 607 goto fail; 608 609 610 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 ) 611 { 612 ret = 1; 613 goto fail; 614 } 615 616 if( verbose != 0 ) 617 mbedtls_printf( "passed\n" ); 618 } 619 620 if( verbose != 0 ) 621 mbedtls_printf( "\n" ); 622 623 goto exit; 624 625 fail: 626 if( verbose != 0 ) 627 mbedtls_printf( "failed\n" ); 628 629 exit: 630 mbedtls_sha256_free( &ctx ); 631 mbedtls_free( buf ); 632 633 return( ret ); 634 } 635 636 #endif /* MBEDTLS_SELF_TEST */ 637 638 #endif /* MBEDTLS_SHA256_C */ 639