| Fabio Utzig | e4fe463 | 2020-02-03 09:55:28 -0300 | [diff] [blame] | 1 | /* sha512.h - TinyCrypt interface to a SHA-512 implementation */ | 
|  | 2 |  | 
|  | 3 | /* | 
|  | 4 | *  Copyright (C) 2020 by Intel Corporation, All Rights Reserved. | 
|  | 5 | * | 
|  | 6 | *  Redistribution and use in source and binary forms, with or without | 
|  | 7 | *  modification, are permitted provided that the following conditions are met: | 
|  | 8 | * | 
|  | 9 | *    - Redistributions of source code must retain the above copyright notice, | 
|  | 10 | *     this list of conditions and the following disclaimer. | 
|  | 11 | * | 
|  | 12 | *    - Redistributions in binary form must reproduce the above copyright | 
|  | 13 | *    notice, this list of conditions and the following disclaimer in the | 
|  | 14 | *    documentation and/or other materials provided with the distribution. | 
|  | 15 | * | 
|  | 16 | *    - Neither the name of Intel Corporation nor the names of its contributors | 
|  | 17 | *    may be used to endorse or promote products derived from this software | 
|  | 18 | *    without specific prior written permission. | 
|  | 19 | * | 
|  | 20 | *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | 
|  | 21 | *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 
|  | 22 | *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 
|  | 23 | *  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE | 
|  | 24 | *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | 
|  | 25 | *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | 
|  | 26 | *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | 
|  | 27 | *  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | 
|  | 28 | *  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 
|  | 29 | *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | 
|  | 30 | *  POSSIBILITY OF SUCH DAMAGE. | 
|  | 31 | */ | 
|  | 32 |  | 
|  | 33 | /** | 
|  | 34 | * @file | 
|  | 35 | * @brief Interface to a SHA-512 implementation. | 
|  | 36 | * | 
|  | 37 | *  Overview:   SHA-512 is a NIST approved cryptographic hashing algorithm | 
|  | 38 | *              specified in FIPS 180. A hash algorithm maps data of arbitrary | 
|  | 39 | *              size to data of fixed length. | 
|  | 40 | * | 
|  | 41 | *  Security:   SHA-512 provides 256 bits of security against collision attacks | 
|  | 42 | *              and 512 bits of security against pre-image attacks. SHA-512 does | 
|  | 43 | *              NOT behave like a random oracle, but it can be used as one if | 
|  | 44 | *              the string being hashed is prefix-free encoded before hashing. | 
|  | 45 | * | 
|  | 46 | *  Usage:      1) call tc_sha512_init to initialize a struct | 
|  | 47 | *              tc_sha512_state_struct before hashing a new string. | 
|  | 48 | * | 
|  | 49 | *              2) call tc_sha512_update to hash the next string segment; | 
|  | 50 | *              tc_sha512_update can be called as many times as needed to hash | 
|  | 51 | *              all of the segments of a string; the order is important. | 
|  | 52 | * | 
|  | 53 | *              3) call tc_sha512_final to out put the digest from a hashing | 
|  | 54 | *              operation. | 
|  | 55 | */ | 
|  | 56 |  | 
|  | 57 | #ifndef __TC_SHA512_H__ | 
|  | 58 | #define __TC_SHA512_H__ | 
|  | 59 |  | 
|  | 60 | #include <stddef.h> | 
|  | 61 | #include <stdint.h> | 
|  | 62 |  | 
|  | 63 | #ifdef __cplusplus | 
|  | 64 | extern "C" { | 
|  | 65 | #endif | 
|  | 66 |  | 
|  | 67 | #define TC_SHA512_BLOCK_SIZE (128) | 
|  | 68 | #define TC_SHA512_DIGEST_SIZE (64) | 
|  | 69 | #define TC_SHA512_STATE_BLOCKS (TC_SHA512_DIGEST_SIZE/8) | 
|  | 70 |  | 
|  | 71 | struct tc_sha512_state_struct { | 
|  | 72 | uint64_t iv[TC_SHA512_STATE_BLOCKS]; | 
|  | 73 | uint64_t bits_hashed; | 
|  | 74 | uint8_t leftover[TC_SHA512_BLOCK_SIZE]; | 
|  | 75 | size_t leftover_offset; | 
|  | 76 | }; | 
|  | 77 |  | 
|  | 78 | typedef struct tc_sha512_state_struct *TCSha512State_t; | 
|  | 79 |  | 
|  | 80 | /** | 
|  | 81 | *  @brief SHA512 initialization procedure | 
|  | 82 | *  Initializes s | 
|  | 83 | *  @return returns TC_CRYPTO_SUCCESS (1) | 
|  | 84 | *          returns TC_CRYPTO_FAIL (0) if s == NULL | 
|  | 85 | *  @param s Sha512 state struct | 
|  | 86 | */ | 
|  | 87 | int tc_sha512_init(TCSha512State_t s); | 
|  | 88 |  | 
|  | 89 | /** | 
|  | 90 | *  @brief SHA512 update procedure | 
|  | 91 | *  Hashes data_length bytes addressed by data into state s | 
|  | 92 | *  @return returns TC_CRYPTO_SUCCESS (1) | 
|  | 93 | *          returns TC_CRYPTO_FAIL (0) if: | 
|  | 94 | *                s == NULL, | 
|  | 95 | *                s->iv == NULL, | 
|  | 96 | *                data == NULL | 
|  | 97 | *  @note Assumes s has been initialized by tc_sha512_init | 
|  | 98 | *  @warning The state buffer 'leftover' is left in memory after processing | 
|  | 99 | *           If your application intends to have sensitive data in this | 
|  | 100 | *           buffer, remind to erase it after the data has been processed | 
|  | 101 | *  @param s Sha512 state struct | 
|  | 102 | *  @param data message to hash | 
|  | 103 | *  @param datalen length of message to hash | 
|  | 104 | */ | 
|  | 105 | int tc_sha512_update (TCSha512State_t s, const uint8_t *data, size_t datalen); | 
|  | 106 |  | 
|  | 107 | /** | 
|  | 108 | *  @brief SHA512 final procedure | 
|  | 109 | *  Inserts the completed hash computation into digest | 
|  | 110 | *  @return returns TC_CRYPTO_SUCCESS (1) | 
|  | 111 | *          returns TC_CRYPTO_FAIL (0) if: | 
|  | 112 | *                s == NULL, | 
|  | 113 | *                s->iv == NULL, | 
|  | 114 | *                digest == NULL | 
|  | 115 | *  @note Assumes: s has been initialized by tc_sha512_init | 
|  | 116 | *        digest points to at least TC_SHA512_DIGEST_SIZE bytes | 
|  | 117 | *  @warning The state buffer 'leftover' is left in memory after processing | 
|  | 118 | *           If your application intends to have sensitive data in this | 
|  | 119 | *           buffer, remind to erase it after the data has been processed | 
|  | 120 | *  @param digest unsigned eight bit integer | 
|  | 121 | *  @param Sha512 state struct | 
|  | 122 | */ | 
|  | 123 | int tc_sha512_final(uint8_t *digest, TCSha512State_t s); | 
|  | 124 |  | 
|  | 125 | #ifdef __cplusplus | 
|  | 126 | } | 
|  | 127 | #endif | 
|  | 128 |  | 
|  | 129 | #endif /* __TC_SHA512_H__ */ |