NCBI C++ ToolKit
sha512.c
Go to the documentation of this file.

Go to the SVN repository for this file.

1 /*
2  * FIPS-180-2 compliant SHA-384/512 implementation
3  *
4  * Copyright The Mbed TLS Contributors
5  * SPDX-License-Identifier: Apache-2.0
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License"); you may
8  * not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 /*
20  * The SHA-512 Secure Hash Standard was published by NIST in 2002.
21  *
22  * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
23  */
24 
25 #include "common.h"
26 
27 #if defined(MBEDTLS_SHA512_C)
28 
29 #include "mbedtls/sha512.h"
30 #include "mbedtls/platform_util.h"
31 #include "mbedtls/error.h"
32 
33 #if defined(_MSC_VER) || defined(__WATCOMC__)
34  #define UL64(x) x##ui64
35 #else
36  #define UL64(x) x##ULL
37 #endif
38 
39 #include <string.h>
40 
41 #include "mbedtls/platform.h"
42 
43 #define SHA512_VALIDATE_RET(cond) \
44  MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA)
45 #define SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE(cond)
46 
47 #if !defined(MBEDTLS_SHA512_ALT)
48 
49 #if defined(MBEDTLS_SHA512_SMALLER)
50 static void sha512_put_uint64_be(uint64_t n, unsigned char *b, uint8_t i)
51 {
52  MBEDTLS_PUT_UINT64_BE(n, b, i);
53 }
54 #else
55 #define sha512_put_uint64_be MBEDTLS_PUT_UINT64_BE
56 #endif /* MBEDTLS_SHA512_SMALLER */
57 
58 void mbedtls_sha512_init(mbedtls_sha512_context *ctx)
59 {
60  SHA512_VALIDATE(ctx != NULL);
61 
62  memset(ctx, 0, sizeof(mbedtls_sha512_context));
63 }
64 
65 void mbedtls_sha512_free(mbedtls_sha512_context *ctx)
66 {
67  if (ctx == NULL) {
68  return;
69  }
70 
71  mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha512_context));
72 }
73 
74 void mbedtls_sha512_clone(mbedtls_sha512_context *dst,
75  const mbedtls_sha512_context *src)
76 {
77  SHA512_VALIDATE(dst != NULL);
78  SHA512_VALIDATE(src != NULL);
79 
80  *dst = *src;
81 }
82 
83 /*
84  * SHA-512 context setup
85  */
86 int mbedtls_sha512_starts_ret(mbedtls_sha512_context *ctx, int is384)
87 {
88  SHA512_VALIDATE_RET(ctx != NULL);
89 #if !defined(MBEDTLS_SHA512_NO_SHA384)
90  SHA512_VALIDATE_RET(is384 == 0 || is384 == 1);
91 #else
92  SHA512_VALIDATE_RET(is384 == 0);
93 #endif
94 
95  ctx->total[0] = 0;
96  ctx->total[1] = 0;
97 
98  if (is384 == 0) {
99  /* SHA-512 */
100  ctx->state[0] = UL64(0x6A09E667F3BCC908);
101  ctx->state[1] = UL64(0xBB67AE8584CAA73B);
102  ctx->state[2] = UL64(0x3C6EF372FE94F82B);
103  ctx->state[3] = UL64(0xA54FF53A5F1D36F1);
104  ctx->state[4] = UL64(0x510E527FADE682D1);
105  ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
106  ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
107  ctx->state[7] = UL64(0x5BE0CD19137E2179);
108  } else {
109 #if defined(MBEDTLS_SHA512_NO_SHA384)
110  return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
111 #else
112  /* SHA-384 */
113  ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
114  ctx->state[1] = UL64(0x629A292A367CD507);
115  ctx->state[2] = UL64(0x9159015A3070DD17);
116  ctx->state[3] = UL64(0x152FECD8F70E5939);
117  ctx->state[4] = UL64(0x67332667FFC00B31);
118  ctx->state[5] = UL64(0x8EB44A8768581511);
119  ctx->state[6] = UL64(0xDB0C2E0D64F98FA7);
120  ctx->state[7] = UL64(0x47B5481DBEFA4FA4);
121 #endif /* MBEDTLS_SHA512_NO_SHA384 */
122  }
123 
124 #if !defined(MBEDTLS_SHA512_NO_SHA384)
125  ctx->is384 = is384;
126 #endif
127 
128  return 0;
129 }
130 
131 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
132 void mbedtls_sha512_starts(mbedtls_sha512_context *ctx,
133  int is384)
134 {
135  mbedtls_sha512_starts_ret(ctx, is384);
136 }
137 #endif
138 
139 #if !defined(MBEDTLS_SHA512_PROCESS_ALT)
140 
141 /*
142  * Round constants
143  */
144 static const uint64_t K[80] =
145 {
146  UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
147  UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
148  UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
149  UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
150  UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
151  UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
152  UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
153  UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
154  UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
155  UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
156  UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
157  UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
158  UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
159  UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
160  UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
161  UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
162  UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
163  UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
164  UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
165  UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
166  UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
167  UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
168  UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
169  UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
170  UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
171  UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
172  UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
173  UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
174  UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
175  UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
176  UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
177  UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
178  UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
179  UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
180  UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
181  UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
182  UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
183  UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
184  UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
185  UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
186 };
187 
188 int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx,
189  const unsigned char data[128])
190 {
191  int i;
192  struct {
193  uint64_t temp1, temp2, W[80];
194  uint64_t A[8];
195  } local;
196 
197  SHA512_VALIDATE_RET(ctx != NULL);
198  SHA512_VALIDATE_RET((const unsigned char *) data != NULL);
199 
200 #define SHR(x, n) ((x) >> (n))
201 #define ROTR(x, n) (SHR((x), (n)) | ((x) << (64 - (n))))
202 
203 #define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7))
204 #define S1(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHR(x, 6))
205 
206 #define S2(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39))
207 #define S3(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41))
208 
209 #define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y))))
210 #define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
211 
212 #define P(a, b, c, d, e, f, g, h, x, K) \
213  do \
214  { \
215  local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \
216  local.temp2 = S2(a) + F0((a), (b), (c)); \
217  (d) += local.temp1; (h) = local.temp1 + local.temp2; \
218  } while (0)
219 
220  for (i = 0; i < 8; i++) {
221  local.A[i] = ctx->state[i];
222  }
223 
224 #if defined(MBEDTLS_SHA512_SMALLER)
225  for (i = 0; i < 80; i++) {
226  if (i < 16) {
227  local.W[i] = MBEDTLS_GET_UINT64_BE(data, i << 3);
228  } else {
229  local.W[i] = S1(local.W[i - 2]) + local.W[i - 7] +
230  S0(local.W[i - 15]) + local.W[i - 16];
231  }
232 
233  P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
234  local.A[5], local.A[6], local.A[7], local.W[i], K[i]);
235 
236  local.temp1 = local.A[7]; local.A[7] = local.A[6];
237  local.A[6] = local.A[5]; local.A[5] = local.A[4];
238  local.A[4] = local.A[3]; local.A[3] = local.A[2];
239  local.A[2] = local.A[1]; local.A[1] = local.A[0];
240  local.A[0] = local.temp1;
241  }
242 #else /* MBEDTLS_SHA512_SMALLER */
243  for (i = 0; i < 16; i++) {
244  local.W[i] = MBEDTLS_GET_UINT64_BE(data, i << 3);
245  }
246 
247  for (; i < 80; i++) {
248  local.W[i] = S1(local.W[i - 2]) + local.W[i - 7] +
249  S0(local.W[i - 15]) + local.W[i - 16];
250  }
251 
252  i = 0;
253  do {
254  P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
255  local.A[5], local.A[6], local.A[7], local.W[i], K[i]); i++;
256  P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
257  local.A[4], local.A[5], local.A[6], local.W[i], K[i]); i++;
258  P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
259  local.A[3], local.A[4], local.A[5], local.W[i], K[i]); i++;
260  P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
261  local.A[2], local.A[3], local.A[4], local.W[i], K[i]); i++;
262  P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
263  local.A[1], local.A[2], local.A[3], local.W[i], K[i]); i++;
264  P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
265  local.A[0], local.A[1], local.A[2], local.W[i], K[i]); i++;
266  P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
267  local.A[7], local.A[0], local.A[1], local.W[i], K[i]); i++;
268  P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
269  local.A[6], local.A[7], local.A[0], local.W[i], K[i]); i++;
270  } while (i < 80);
271 #endif /* MBEDTLS_SHA512_SMALLER */
272 
273  for (i = 0; i < 8; i++) {
274  ctx->state[i] += local.A[i];
275  }
276 
277  /* Zeroise buffers and variables to clear sensitive data from memory. */
278  mbedtls_platform_zeroize(&local, sizeof(local));
279 
280  return 0;
281 }
282 
283 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
284 void mbedtls_sha512_process(mbedtls_sha512_context *ctx,
285  const unsigned char data[128])
286 {
287  mbedtls_internal_sha512_process(ctx, data);
288 }
289 #endif
290 #endif /* !MBEDTLS_SHA512_PROCESS_ALT */
291 
292 /*
293  * SHA-512 process buffer
294  */
295 int mbedtls_sha512_update_ret(mbedtls_sha512_context *ctx,
296  const unsigned char *input,
297  size_t ilen)
298 {
299  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
300  size_t fill;
301  unsigned int left;
302 
303  SHA512_VALIDATE_RET(ctx != NULL);
304  SHA512_VALIDATE_RET(ilen == 0 || input != NULL);
305 
306  if (ilen == 0) {
307  return 0;
308  }
309 
310  left = (unsigned int) (ctx->total[0] & 0x7F);
311  fill = 128 - left;
312 
313  ctx->total[0] += (uint64_t) ilen;
314 
315  if (ctx->total[0] < (uint64_t) ilen) {
316  ctx->total[1]++;
317  }
318 
319  if (left && ilen >= fill) {
320  memcpy((void *) (ctx->buffer + left), input, fill);
321 
322  if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
323  return ret;
324  }
325 
326  input += fill;
327  ilen -= fill;
328  left = 0;
329  }
330 
331  while (ilen >= 128) {
332  if ((ret = mbedtls_internal_sha512_process(ctx, input)) != 0) {
333  return ret;
334  }
335 
336  input += 128;
337  ilen -= 128;
338  }
339 
340  if (ilen > 0) {
341  memcpy((void *) (ctx->buffer + left), input, ilen);
342  }
343 
344  return 0;
345 }
346 
347 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
348 void mbedtls_sha512_update(mbedtls_sha512_context *ctx,
349  const unsigned char *input,
350  size_t ilen)
351 {
352  mbedtls_sha512_update_ret(ctx, input, ilen);
353 }
354 #endif
355 
356 /*
357  * SHA-512 final digest
358  */
359 int mbedtls_sha512_finish_ret(mbedtls_sha512_context *ctx,
360  unsigned char output[64])
361 {
362  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
363  unsigned used;
364  uint64_t high, low;
365 
366  SHA512_VALIDATE_RET(ctx != NULL);
367  SHA512_VALIDATE_RET((unsigned char *) output != NULL);
368 
369  /*
370  * Add padding: 0x80 then 0x00 until 16 bytes remain for the length
371  */
372  used = ctx->total[0] & 0x7F;
373 
374  ctx->buffer[used++] = 0x80;
375 
376  if (used <= 112) {
377  /* Enough room for padding + length in current block */
378  memset(ctx->buffer + used, 0, 112 - used);
379  } else {
380  /* We'll need an extra block */
381  memset(ctx->buffer + used, 0, 128 - used);
382 
383  if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
384  return ret;
385  }
386 
387  memset(ctx->buffer, 0, 112);
388  }
389 
390  /*
391  * Add message length
392  */
393  high = (ctx->total[0] >> 61)
394  | (ctx->total[1] << 3);
395  low = (ctx->total[0] << 3);
396 
397  sha512_put_uint64_be(high, ctx->buffer, 112);
398  sha512_put_uint64_be(low, ctx->buffer, 120);
399 
400  if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) {
401  return ret;
402  }
403 
404  /*
405  * Output final state
406  */
407  sha512_put_uint64_be(ctx->state[0], output, 0);
408  sha512_put_uint64_be(ctx->state[1], output, 8);
409  sha512_put_uint64_be(ctx->state[2], output, 16);
410  sha512_put_uint64_be(ctx->state[3], output, 24);
411  sha512_put_uint64_be(ctx->state[4], output, 32);
412  sha512_put_uint64_be(ctx->state[5], output, 40);
413 
414  int truncated = 0;
415 #if !defined(MBEDTLS_SHA512_NO_SHA384)
416  truncated = ctx->is384;
417 #endif
418  if (!truncated) {
419  sha512_put_uint64_be(ctx->state[6], output, 48);
420  sha512_put_uint64_be(ctx->state[7], output, 56);
421  }
422 
423  return 0;
424 }
425 
426 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
427 void mbedtls_sha512_finish(mbedtls_sha512_context *ctx,
428  unsigned char output[64])
429 {
430  mbedtls_sha512_finish_ret(ctx, output);
431 }
432 #endif
433 
434 #endif /* !MBEDTLS_SHA512_ALT */
435 
436 /*
437  * output = SHA-512( input buffer )
438  */
439 int mbedtls_sha512_ret(const unsigned char *input,
440  size_t ilen,
441  unsigned char output[64],
442  int is384)
443 {
444  int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
445  mbedtls_sha512_context ctx;
446 
447 #if !defined(MBEDTLS_SHA512_NO_SHA384)
448  SHA512_VALIDATE_RET(is384 == 0 || is384 == 1);
449 #else
450  SHA512_VALIDATE_RET(is384 == 0);
451 #endif
452  SHA512_VALIDATE_RET(ilen == 0 || input != NULL);
453  SHA512_VALIDATE_RET((unsigned char *) output != NULL);
454 
455  mbedtls_sha512_init(&ctx);
456 
457  if ((ret = mbedtls_sha512_starts_ret(&ctx, is384)) != 0) {
458  goto exit;
459  }
460 
461  if ((ret = mbedtls_sha512_update_ret(&ctx, input, ilen)) != 0) {
462  goto exit;
463  }
464 
465  if ((ret = mbedtls_sha512_finish_ret(&ctx, output)) != 0) {
466  goto exit;
467  }
468 
469 exit:
470  mbedtls_sha512_free(&ctx);
471 
472  return ret;
473 }
474 
475 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
476 void mbedtls_sha512(const unsigned char *input,
477  size_t ilen,
478  unsigned char output[64],
479  int is384)
480 {
481  mbedtls_sha512_ret(input, ilen, output, is384);
482 }
483 #endif
484 
485 #if defined(MBEDTLS_SELF_TEST)
486 
487 /*
488  * FIPS-180-2 test vectors
489  */
490 static const unsigned char sha512_test_buf[3][113] =
491 {
492  { "abc" },
493  {
494  "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
495  },
496  { "" }
497 };
498 
499 static const size_t sha512_test_buflen[3] =
500 {
501  3, 112, 1000
502 };
503 
504 static const unsigned char sha512_test_sum[][64] =
505 {
506 #if !defined(MBEDTLS_SHA512_NO_SHA384)
507  /*
508  * SHA-384 test vectors
509  */
510  { 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
511  0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
512  0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
513  0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED,
514  0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23,
515  0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7 },
516  { 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8,
517  0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47,
518  0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2,
519  0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12,
520  0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9,
521  0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39 },
522  { 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB,
523  0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C,
524  0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52,
525  0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B,
526  0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB,
527  0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 },
528 #endif /* !MBEDTLS_SHA512_NO_SHA384 */
529 
530  /*
531  * SHA-512 test vectors
532  */
533  { 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA,
534  0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31,
535  0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
536  0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A,
537  0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8,
538  0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
539  0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E,
540  0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F },
541  { 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA,
542  0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F,
543  0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1,
544  0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18,
545  0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4,
546  0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A,
547  0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54,
548  0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09 },
549  { 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64,
550  0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63,
551  0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28,
552  0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB,
553  0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A,
554  0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B,
555  0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E,
556  0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B }
557 };
558 
559 #define ARRAY_LENGTH(a) (sizeof(a) / sizeof((a)[0]))
560 
561 /*
562  * Checkup routine
563  */
564 int mbedtls_sha512_self_test(int verbose)
565 {
566  int i, j, k, buflen, ret = 0;
567  unsigned char *buf;
568  unsigned char sha512sum[64];
569  mbedtls_sha512_context ctx;
570 
571  buf = mbedtls_calloc(1024, sizeof(unsigned char));
572  if (NULL == buf) {
573  if (verbose != 0) {
574  mbedtls_printf("Buffer allocation failed\n");
575  }
576 
577  return 1;
578  }
579 
580  mbedtls_sha512_init(&ctx);
581 
582  for (i = 0; i < (int) ARRAY_LENGTH(sha512_test_sum); i++) {
583  j = i % 3;
584 #if !defined(MBEDTLS_SHA512_NO_SHA384)
585  k = i < 3;
586 #else
587  k = 0;
588 #endif
589 
590  if (verbose != 0) {
591  mbedtls_printf(" SHA-%d test #%d: ", 512 - k * 128, j + 1);
592  }
593 
594  if ((ret = mbedtls_sha512_starts_ret(&ctx, k)) != 0) {
595  goto fail;
596  }
597 
598  if (j == 2) {
599  memset(buf, 'a', buflen = 1000);
600 
601  for (j = 0; j < 1000; j++) {
602  ret = mbedtls_sha512_update_ret(&ctx, buf, buflen);
603  if (ret != 0) {
604  goto fail;
605  }
606  }
607  } else {
608  ret = mbedtls_sha512_update_ret(&ctx, sha512_test_buf[j],
609  sha512_test_buflen[j]);
610  if (ret != 0) {
611  goto fail;
612  }
613  }
614 
615  if ((ret = mbedtls_sha512_finish_ret(&ctx, sha512sum)) != 0) {
616  goto fail;
617  }
618 
619  if (memcmp(sha512sum, sha512_test_sum[i], 64 - k * 16) != 0) {
620  ret = 1;
621  goto fail;
622  }
623 
624  if (verbose != 0) {
625  mbedtls_printf("passed\n");
626  }
627  }
628 
629  if (verbose != 0) {
630  mbedtls_printf("\n");
631  }
632 
633  goto exit;
634 
635 fail:
636  if (verbose != 0) {
637  mbedtls_printf("failed\n");
638  }
639 
640 exit:
641  mbedtls_sha512_free(&ctx);
642  mbedtls_free(buf);
643 
644  return ret;
645 }
646 
647 #undef ARRAY_LENGTH
648 
649 #endif /* MBEDTLS_SELF_TEST */
650 
651 #endif /* MBEDTLS_SHA512_C */
MBEDTLS_PUT_UINT64_BE
#define MBEDTLS_PUT_UINT64_BE(n, data, offset)
Put in memory a 64 bits unsigned integer in big-endian order.
Definition: common.h:292
MBEDTLS_GET_UINT64_BE
#define MBEDTLS_GET_UINT64_BE(data, offset)
Get the unsigned 64 bits integer corresponding to eight bytes in big-endian order (MSB first).
Definition: common.h:269
ctx
CS_CONTEXT * ctx
Definition: t0006.c:12
A
#define A(i)
Definition: ecp_curves.c:948
NULL
#define NULL
Definition: ncbistd.hpp:225
int
unsigned int
A callback function used to compare two keys in a database.
Definition: types.hpp:1210
exit
exit(2)
buf
char * buf
Definition: lex.newick.cpp:1452
input
static int input()
Definition: lex.newick.cpp:1147
i
int i
Definition: lex.newick.cpp:1456
n
yy_size_t n
Definition: lex.newick.cpp:1455
platform.h
This file contains the definitions and functions of the Mbed TLS platform abstraction layer.
mbedtls_free
#define mbedtls_free
Definition: platform.h:168
mbedtls_calloc
#define mbedtls_calloc
Definition: platform.h:169
mbedtls_printf
#define mbedtls_printf
Definition: platform.h:219
platform_util.h
Common and shared functions used by multiple modules in the Mbed TLS library.
mbedtls_platform_zeroize
void mbedtls_platform_zeroize(void *buf, size_t len)
Securely zeroize a buffer.
output
static SQLCHAR output[256]
Definition: print.c:5
verbose
true_type verbose
Definition: processing.cpp:902
ARRAY_LENGTH
#define ARRAY_LENGTH(array)
Definition: psa_crypto.c:88
S0
#define S0(x)
S1
#define S1(x)
sha512_put_uint64_be
#define sha512_put_uint64_be
Definition: sha512.c:55
UL64
#define UL64(x)
Definition: sha512.c:36
P
#define P(a, b, c, d, e, f, g, h, x, K)
SHA512_VALIDATE
#define SHA512_VALIDATE(cond)
Definition: sha512.c:45
K
static const uint64_t K[80]
Definition: sha512.c:144
SHA512_VALIDATE_RET
#define SHA512_VALIDATE_RET(cond)
Definition: sha512.c:43
sha512.h
This file contains SHA-384 and SHA-512 definitions and functions.
mbedtls_sha512_ret
int mbedtls_sha512_ret(const unsigned char *input, size_t ilen, unsigned char output[64], int is384)
This function calculates the SHA-512 or SHA-384 checksum of a buffer.
mbedtls_sha512_starts
void mbedtls_sha512_starts(mbedtls_sha512_context *ctx, int is384)
This function starts a SHA-384 or SHA-512 checksum calculation.
mbedtls_internal_sha512_process
int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, const unsigned char data[128])
This function processes a single data block within the ongoing SHA-512 computation.
mbedtls_sha512_process
void mbedtls_sha512_process(mbedtls_sha512_context *ctx, const unsigned char data[128])
This function processes a single data block within the ongoing SHA-512 computation.
mbedtls_sha512_clone
void mbedtls_sha512_clone(mbedtls_sha512_context *dst, const mbedtls_sha512_context *src)
This function clones the state of a SHA-512 context.
mbedtls_sha512_update
void mbedtls_sha512_update(mbedtls_sha512_context *ctx, const unsigned char *input, size_t ilen)
This function feeds an input buffer into an ongoing SHA-512 checksum calculation.
mbedtls_sha512_free
void mbedtls_sha512_free(mbedtls_sha512_context *ctx)
This function clears a SHA-512 context.
MBEDTLS_ERR_SHA512_BAD_INPUT_DATA
#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA
SHA-512 input data was malformed.
Definition: sha512.h:40
mbedtls_sha512
void mbedtls_sha512(const unsigned char *input, size_t ilen, unsigned char output[64], int is384)
This function calculates the SHA-512 or SHA-384 checksum of a buffer.
mbedtls_sha512_starts_ret
int mbedtls_sha512_starts_ret(mbedtls_sha512_context *ctx, int is384)
This function starts a SHA-384 or SHA-512 checksum calculation.
mbedtls_sha512_finish
void mbedtls_sha512_finish(mbedtls_sha512_context *ctx, unsigned char output[64])
This function finishes the SHA-512 operation, and writes the result to the output buffer.
mbedtls_sha512_update_ret
int mbedtls_sha512_update_ret(mbedtls_sha512_context *ctx, const unsigned char *input, size_t ilen)
This function feeds an input buffer into an ongoing SHA-512 checksum calculation.
mbedtls_sha512_finish_ret
int mbedtls_sha512_finish_ret(mbedtls_sha512_context *ctx, unsigned char output[64])
This function finishes the SHA-512 operation, and writes the result to the output buffer.
mbedtls_sha512_init
void mbedtls_sha512_init(mbedtls_sha512_context *ctx)
This function initializes a SHA-512 context.
error.h
Error to string translation.
MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED
#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED
This is a bug in the library.
Definition: error.h:122
uint8_t
unsigned char uint8_t
Definition: stdint.h:124
uint64_t
unsigned __int64 uint64_t
Definition: stdint.h:136
mbedtls_sha512_context
The SHA-512 context structure.
Definition: sha512.h:57
W
#define W
Definition: crc32.c:85
local
#define local
Definition: zutil.h:33
Generated by doxygen 1.9.0
Modified on Sat Dec 02 09:21:31 2023 by modify_doxy.py rev. 669887