2 * FIPS-180-2 compliant SHA-384/512 implementation
\r
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
\r
5 * SPDX-License-Identifier: Apache-2.0
\r
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
\r
8 * not use this file except in compliance with the License.
\r
9 * You may obtain a copy of the License at
\r
11 * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * Unless required by applicable law or agreed to in writing, software
\r
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
\r
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * See the License for the specific language governing permissions and
\r
17 * limitations under the License.
\r
19 * This file is part of mbed TLS (https://tls.mbed.org)
\r
22 * The SHA-512 Secure Hash Standard was published by NIST in 2002.
\r
24 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
\r
27 #if !defined(MBEDTLS_CONFIG_FILE)
\r
28 #include "mbedtls/config.h"
\r
30 #include MBEDTLS_CONFIG_FILE
\r
33 #if defined(MBEDTLS_SHA512_C)
\r
35 #include "mbedtls/sha512.h"
\r
36 #include "mbedtls/platform_util.h"
\r
38 #if defined(_MSC_VER) || defined(__WATCOMC__)
\r
39 #define UL64(x) x##ui64
\r
41 #define UL64(x) x##ULL
\r
46 #if defined(MBEDTLS_SELF_TEST)
\r
47 #if defined(MBEDTLS_PLATFORM_C)
\r
48 #include "mbedtls/platform.h"
\r
52 #define mbedtls_printf printf
\r
53 #define mbedtls_calloc calloc
\r
54 #define mbedtls_free free
\r
55 #endif /* MBEDTLS_PLATFORM_C */
\r
56 #endif /* MBEDTLS_SELF_TEST */
\r
58 #define SHA512_VALIDATE_RET(cond) \
\r
59 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA )
\r
60 #define SHA512_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
\r
62 #if !defined(MBEDTLS_SHA512_ALT)
\r
65 * 64-bit integer manipulation macros (big endian)
\r
67 #ifndef GET_UINT64_BE
\r
68 #define GET_UINT64_BE(n,b,i) \
\r
70 (n) = ( (uint64_t) (b)[(i) ] << 56 ) \
\r
71 | ( (uint64_t) (b)[(i) + 1] << 48 ) \
\r
72 | ( (uint64_t) (b)[(i) + 2] << 40 ) \
\r
73 | ( (uint64_t) (b)[(i) + 3] << 32 ) \
\r
74 | ( (uint64_t) (b)[(i) + 4] << 24 ) \
\r
75 | ( (uint64_t) (b)[(i) + 5] << 16 ) \
\r
76 | ( (uint64_t) (b)[(i) + 6] << 8 ) \
\r
77 | ( (uint64_t) (b)[(i) + 7] ); \
\r
79 #endif /* GET_UINT64_BE */
\r
81 #ifndef PUT_UINT64_BE
\r
82 #define PUT_UINT64_BE(n,b,i) \
\r
84 (b)[(i) ] = (unsigned char) ( (n) >> 56 ); \
\r
85 (b)[(i) + 1] = (unsigned char) ( (n) >> 48 ); \
\r
86 (b)[(i) + 2] = (unsigned char) ( (n) >> 40 ); \
\r
87 (b)[(i) + 3] = (unsigned char) ( (n) >> 32 ); \
\r
88 (b)[(i) + 4] = (unsigned char) ( (n) >> 24 ); \
\r
89 (b)[(i) + 5] = (unsigned char) ( (n) >> 16 ); \
\r
90 (b)[(i) + 6] = (unsigned char) ( (n) >> 8 ); \
\r
91 (b)[(i) + 7] = (unsigned char) ( (n) ); \
\r
93 #endif /* PUT_UINT64_BE */
\r
95 void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
\r
97 SHA512_VALIDATE( ctx != NULL );
\r
99 memset( ctx, 0, sizeof( mbedtls_sha512_context ) );
\r
102 void mbedtls_sha512_free( mbedtls_sha512_context *ctx )
\r
107 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
\r
110 void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
\r
111 const mbedtls_sha512_context *src )
\r
113 SHA512_VALIDATE( dst != NULL );
\r
114 SHA512_VALIDATE( src != NULL );
\r
120 * SHA-512 context setup
\r
122 int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
\r
124 SHA512_VALIDATE_RET( ctx != NULL );
\r
125 SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
\r
133 ctx->state[0] = UL64(0x6A09E667F3BCC908);
\r
134 ctx->state[1] = UL64(0xBB67AE8584CAA73B);
\r
135 ctx->state[2] = UL64(0x3C6EF372FE94F82B);
\r
136 ctx->state[3] = UL64(0xA54FF53A5F1D36F1);
\r
137 ctx->state[4] = UL64(0x510E527FADE682D1);
\r
138 ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
\r
139 ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
\r
140 ctx->state[7] = UL64(0x5BE0CD19137E2179);
\r
145 ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
\r
146 ctx->state[1] = UL64(0x629A292A367CD507);
\r
147 ctx->state[2] = UL64(0x9159015A3070DD17);
\r
148 ctx->state[3] = UL64(0x152FECD8F70E5939);
\r
149 ctx->state[4] = UL64(0x67332667FFC00B31);
\r
150 ctx->state[5] = UL64(0x8EB44A8768581511);
\r
151 ctx->state[6] = UL64(0xDB0C2E0D64F98FA7);
\r
152 ctx->state[7] = UL64(0x47B5481DBEFA4FA4);
\r
155 ctx->is384 = is384;
\r
160 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
\r
161 void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
\r
164 mbedtls_sha512_starts_ret( ctx, is384 );
\r
168 #if !defined(MBEDTLS_SHA512_PROCESS_ALT)
\r
173 static const uint64_t K[80] =
\r
175 UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD),
\r
176 UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC),
\r
177 UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019),
\r
178 UL64(0x923F82A4AF194F9B), UL64(0xAB1C5ED5DA6D8118),
\r
179 UL64(0xD807AA98A3030242), UL64(0x12835B0145706FBE),
\r
180 UL64(0x243185BE4EE4B28C), UL64(0x550C7DC3D5FFB4E2),
\r
181 UL64(0x72BE5D74F27B896F), UL64(0x80DEB1FE3B1696B1),
\r
182 UL64(0x9BDC06A725C71235), UL64(0xC19BF174CF692694),
\r
183 UL64(0xE49B69C19EF14AD2), UL64(0xEFBE4786384F25E3),
\r
184 UL64(0x0FC19DC68B8CD5B5), UL64(0x240CA1CC77AC9C65),
\r
185 UL64(0x2DE92C6F592B0275), UL64(0x4A7484AA6EA6E483),
\r
186 UL64(0x5CB0A9DCBD41FBD4), UL64(0x76F988DA831153B5),
\r
187 UL64(0x983E5152EE66DFAB), UL64(0xA831C66D2DB43210),
\r
188 UL64(0xB00327C898FB213F), UL64(0xBF597FC7BEEF0EE4),
\r
189 UL64(0xC6E00BF33DA88FC2), UL64(0xD5A79147930AA725),
\r
190 UL64(0x06CA6351E003826F), UL64(0x142929670A0E6E70),
\r
191 UL64(0x27B70A8546D22FFC), UL64(0x2E1B21385C26C926),
\r
192 UL64(0x4D2C6DFC5AC42AED), UL64(0x53380D139D95B3DF),
\r
193 UL64(0x650A73548BAF63DE), UL64(0x766A0ABB3C77B2A8),
\r
194 UL64(0x81C2C92E47EDAEE6), UL64(0x92722C851482353B),
\r
195 UL64(0xA2BFE8A14CF10364), UL64(0xA81A664BBC423001),
\r
196 UL64(0xC24B8B70D0F89791), UL64(0xC76C51A30654BE30),
\r
197 UL64(0xD192E819D6EF5218), UL64(0xD69906245565A910),
\r
198 UL64(0xF40E35855771202A), UL64(0x106AA07032BBD1B8),
\r
199 UL64(0x19A4C116B8D2D0C8), UL64(0x1E376C085141AB53),
\r
200 UL64(0x2748774CDF8EEB99), UL64(0x34B0BCB5E19B48A8),
\r
201 UL64(0x391C0CB3C5C95A63), UL64(0x4ED8AA4AE3418ACB),
\r
202 UL64(0x5B9CCA4F7763E373), UL64(0x682E6FF3D6B2B8A3),
\r
203 UL64(0x748F82EE5DEFB2FC), UL64(0x78A5636F43172F60),
\r
204 UL64(0x84C87814A1F0AB72), UL64(0x8CC702081A6439EC),
\r
205 UL64(0x90BEFFFA23631E28), UL64(0xA4506CEBDE82BDE9),
\r
206 UL64(0xBEF9A3F7B2C67915), UL64(0xC67178F2E372532B),
\r
207 UL64(0xCA273ECEEA26619C), UL64(0xD186B8C721C0C207),
\r
208 UL64(0xEADA7DD6CDE0EB1E), UL64(0xF57D4F7FEE6ED178),
\r
209 UL64(0x06F067AA72176FBA), UL64(0x0A637DC5A2C898A6),
\r
210 UL64(0x113F9804BEF90DAE), UL64(0x1B710B35131C471B),
\r
211 UL64(0x28DB77F523047D84), UL64(0x32CAAB7B40C72493),
\r
212 UL64(0x3C9EBE0A15C9BEBC), UL64(0x431D67C49C100D4C),
\r
213 UL64(0x4CC5D4BECB3E42B6), UL64(0x597F299CFC657E2A),
\r
214 UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817)
\r
217 int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
\r
218 const unsigned char data[128] )
\r
221 uint64_t temp1, temp2, W[80];
\r
222 uint64_t A, B, C, D, E, F, G, H;
\r
224 SHA512_VALIDATE_RET( ctx != NULL );
\r
225 SHA512_VALIDATE_RET( (const unsigned char *)data != NULL );
\r
227 #define SHR(x,n) ((x) >> (n))
\r
228 #define ROTR(x,n) (SHR((x),(n)) | ((x) << (64 - (n))))
\r
230 #define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7))
\r
231 #define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x, 6))
\r
233 #define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
\r
234 #define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
\r
236 #define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
\r
237 #define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
\r
239 #define P(a,b,c,d,e,f,g,h,x,K) \
\r
242 temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
\r
243 temp2 = S2(a) + F0((a),(b),(c)); \
\r
244 (d) += temp1; (h) = temp1 + temp2; \
\r
247 for( i = 0; i < 16; i++ )
\r
249 GET_UINT64_BE( W[i], data, i << 3 );
\r
252 for( ; i < 80; i++ )
\r
254 W[i] = S1(W[i - 2]) + W[i - 7] +
\r
255 S0(W[i - 15]) + W[i - 16];
\r
270 P( A, B, C, D, E, F, G, H, W[i], K[i] ); i++;
\r
271 P( H, A, B, C, D, E, F, G, W[i], K[i] ); i++;
\r
272 P( G, H, A, B, C, D, E, F, W[i], K[i] ); i++;
\r
273 P( F, G, H, A, B, C, D, E, W[i], K[i] ); i++;
\r
274 P( E, F, G, H, A, B, C, D, W[i], K[i] ); i++;
\r
275 P( D, E, F, G, H, A, B, C, W[i], K[i] ); i++;
\r
276 P( C, D, E, F, G, H, A, B, W[i], K[i] ); i++;
\r
277 P( B, C, D, E, F, G, H, A, W[i], K[i] ); i++;
\r
281 ctx->state[0] += A;
\r
282 ctx->state[1] += B;
\r
283 ctx->state[2] += C;
\r
284 ctx->state[3] += D;
\r
285 ctx->state[4] += E;
\r
286 ctx->state[5] += F;
\r
287 ctx->state[6] += G;
\r
288 ctx->state[7] += H;
\r
293 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
\r
294 void mbedtls_sha512_process( mbedtls_sha512_context *ctx,
\r
295 const unsigned char data[128] )
\r
297 mbedtls_internal_sha512_process( ctx, data );
\r
300 #endif /* !MBEDTLS_SHA512_PROCESS_ALT */
\r
303 * SHA-512 process buffer
\r
305 int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
\r
306 const unsigned char *input,
\r
313 SHA512_VALIDATE_RET( ctx != NULL );
\r
314 SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
\r
319 left = (unsigned int) (ctx->total[0] & 0x7F);
\r
322 ctx->total[0] += (uint64_t) ilen;
\r
324 if( ctx->total[0] < (uint64_t) ilen )
\r
327 if( left && ilen >= fill )
\r
329 memcpy( (void *) (ctx->buffer + left), input, fill );
\r
331 if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 )
\r
339 while( ilen >= 128 )
\r
341 if( ( ret = mbedtls_internal_sha512_process( ctx, input ) ) != 0 )
\r
349 memcpy( (void *) (ctx->buffer + left), input, ilen );
\r
354 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
\r
355 void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
\r
356 const unsigned char *input,
\r
359 mbedtls_sha512_update_ret( ctx, input, ilen );
\r
364 * SHA-512 final digest
\r
366 int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
\r
367 unsigned char output[64] )
\r
371 uint64_t high, low;
\r
373 SHA512_VALIDATE_RET( ctx != NULL );
\r
374 SHA512_VALIDATE_RET( (unsigned char *)output != NULL );
\r
377 * Add padding: 0x80 then 0x00 until 16 bytes remain for the length
\r
379 used = ctx->total[0] & 0x7F;
\r
381 ctx->buffer[used++] = 0x80;
\r
385 /* Enough room for padding + length in current block */
\r
386 memset( ctx->buffer + used, 0, 112 - used );
\r
390 /* We'll need an extra block */
\r
391 memset( ctx->buffer + used, 0, 128 - used );
\r
393 if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 )
\r
396 memset( ctx->buffer, 0, 112 );
\r
400 * Add message length
\r
402 high = ( ctx->total[0] >> 61 )
\r
403 | ( ctx->total[1] << 3 );
\r
404 low = ( ctx->total[0] << 3 );
\r
406 PUT_UINT64_BE( high, ctx->buffer, 112 );
\r
407 PUT_UINT64_BE( low, ctx->buffer, 120 );
\r
409 if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 )
\r
413 * Output final state
\r
415 PUT_UINT64_BE( ctx->state[0], output, 0 );
\r
416 PUT_UINT64_BE( ctx->state[1], output, 8 );
\r
417 PUT_UINT64_BE( ctx->state[2], output, 16 );
\r
418 PUT_UINT64_BE( ctx->state[3], output, 24 );
\r
419 PUT_UINT64_BE( ctx->state[4], output, 32 );
\r
420 PUT_UINT64_BE( ctx->state[5], output, 40 );
\r
422 if( ctx->is384 == 0 )
\r
424 PUT_UINT64_BE( ctx->state[6], output, 48 );
\r
425 PUT_UINT64_BE( ctx->state[7], output, 56 );
\r
431 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
\r
432 void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
\r
433 unsigned char output[64] )
\r
435 mbedtls_sha512_finish_ret( ctx, output );
\r
439 #endif /* !MBEDTLS_SHA512_ALT */
\r
442 * output = SHA-512( input buffer )
\r
444 int mbedtls_sha512_ret( const unsigned char *input,
\r
446 unsigned char output[64],
\r
450 mbedtls_sha512_context ctx;
\r
452 SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
\r
453 SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
\r
454 SHA512_VALIDATE_RET( (unsigned char *)output != NULL );
\r
456 mbedtls_sha512_init( &ctx );
\r
458 if( ( ret = mbedtls_sha512_starts_ret( &ctx, is384 ) ) != 0 )
\r
461 if( ( ret = mbedtls_sha512_update_ret( &ctx, input, ilen ) ) != 0 )
\r
464 if( ( ret = mbedtls_sha512_finish_ret( &ctx, output ) ) != 0 )
\r
468 mbedtls_sha512_free( &ctx );
\r
473 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
\r
474 void mbedtls_sha512( const unsigned char *input,
\r
476 unsigned char output[64],
\r
479 mbedtls_sha512_ret( input, ilen, output, is384 );
\r
483 #if defined(MBEDTLS_SELF_TEST)
\r
486 * FIPS-180-2 test vectors
\r
488 static const unsigned char sha512_test_buf[3][113] =
\r
491 { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
\r
492 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" },
\r
496 static const size_t sha512_test_buflen[3] =
\r
501 static const unsigned char sha512_test_sum[6][64] =
\r
504 * SHA-384 test vectors
\r
506 { 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
\r
507 0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
\r
508 0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
\r
509 0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED,
\r
510 0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23,
\r
511 0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7 },
\r
512 { 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8,
\r
513 0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47,
\r
514 0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2,
\r
515 0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12,
\r
516 0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9,
\r
517 0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39 },
\r
518 { 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB,
\r
519 0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C,
\r
520 0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52,
\r
521 0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B,
\r
522 0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB,
\r
523 0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 },
\r
526 * SHA-512 test vectors
\r
528 { 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA,
\r
529 0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31,
\r
530 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
\r
531 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A,
\r
532 0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8,
\r
533 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
\r
534 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E,
\r
535 0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F },
\r
536 { 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA,
\r
537 0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F,
\r
538 0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1,
\r
539 0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18,
\r
540 0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4,
\r
541 0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A,
\r
542 0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54,
\r
543 0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09 },
\r
544 { 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64,
\r
545 0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63,
\r
546 0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28,
\r
547 0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB,
\r
548 0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A,
\r
549 0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B,
\r
550 0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E,
\r
551 0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B }
\r
557 int mbedtls_sha512_self_test( int verbose )
\r
559 int i, j, k, buflen, ret = 0;
\r
560 unsigned char *buf;
\r
561 unsigned char sha512sum[64];
\r
562 mbedtls_sha512_context ctx;
\r
564 buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
\r
568 mbedtls_printf( "Buffer allocation failed\n" );
\r
573 mbedtls_sha512_init( &ctx );
\r
575 for( i = 0; i < 6; i++ )
\r
581 mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 );
\r
583 if( ( ret = mbedtls_sha512_starts_ret( &ctx, k ) ) != 0 )
\r
588 memset( buf, 'a', buflen = 1000 );
\r
590 for( j = 0; j < 1000; j++ )
\r
592 ret = mbedtls_sha512_update_ret( &ctx, buf, buflen );
\r
599 ret = mbedtls_sha512_update_ret( &ctx, sha512_test_buf[j],
\r
600 sha512_test_buflen[j] );
\r
605 if( ( ret = mbedtls_sha512_finish_ret( &ctx, sha512sum ) ) != 0 )
\r
608 if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 )
\r
615 mbedtls_printf( "passed\n" );
\r
619 mbedtls_printf( "\n" );
\r
625 mbedtls_printf( "failed\n" );
\r
628 mbedtls_sha512_free( &ctx );
\r
629 mbedtls_free( buf );
\r
634 #endif /* MBEDTLS_SELF_TEST */
\r
636 #endif /* MBEDTLS_SHA512_C */
\r