1 /* sha512.c
2 *
3 * Copyright (C) 2006-2021 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22
23 #ifdef HAVE_CONFIG_H
24 #include <config.h>
25 #endif
26
27 #include <wolfssl/wolfcrypt/settings.h>
28
29 #if (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)) && !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PSOC6_CRYPTO)
30
31 #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
32 /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
33 #define FIPS_NO_WRAPPERS
34
35 #ifdef USE_WINDOWS_API
36 #pragma code_seg(".fipsA$k")
37 #pragma const_seg(".fipsB$k")
38 #endif
39 #endif
40
41 #include <wolfssl/wolfcrypt/sha512.h>
42 #include <wolfssl/wolfcrypt/error-crypt.h>
43 #include <wolfssl/wolfcrypt/cpuid.h>
44 #include <wolfssl/wolfcrypt/hash.h>
45
46 #ifdef WOLF_CRYPTO_CB
47 #include <wolfssl/wolfcrypt/cryptocb.h>
48 #endif
49
50 /* deprecated USE_SLOW_SHA2 (replaced with USE_SLOW_SHA512) */
51 #if defined(USE_SLOW_SHA2) && !defined(USE_SLOW_SHA512)
52 #define USE_SLOW_SHA512
53 #endif
54
55 /* fips wrapper calls, user can call direct */
56 #if defined(HAVE_FIPS) && \
57 (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
58
59 #ifdef WOLFSSL_SHA512
60
wc_InitSha512(wc_Sha512 * sha)61 int wc_InitSha512(wc_Sha512* sha)
62 {
63 if (sha == NULL) {
64 return BAD_FUNC_ARG;
65 }
66
67 return InitSha512_fips(sha);
68 }
wc_InitSha512_ex(wc_Sha512 * sha,void * heap,int devId)69 int wc_InitSha512_ex(wc_Sha512* sha, void* heap, int devId)
70 {
71 (void)heap;
72 (void)devId;
73 if (sha == NULL) {
74 return BAD_FUNC_ARG;
75 }
76 return InitSha512_fips(sha);
77 }
wc_Sha512Update(wc_Sha512 * sha,const byte * data,word32 len)78 int wc_Sha512Update(wc_Sha512* sha, const byte* data, word32 len)
79 {
80 if (sha == NULL || (data == NULL && len > 0)) {
81 return BAD_FUNC_ARG;
82 }
83
84 return Sha512Update_fips(sha, data, len);
85 }
wc_Sha512Final(wc_Sha512 * sha,byte * out)86 int wc_Sha512Final(wc_Sha512* sha, byte* out)
87 {
88 if (sha == NULL || out == NULL) {
89 return BAD_FUNC_ARG;
90 }
91
92 return Sha512Final_fips(sha, out);
93 }
wc_Sha512Free(wc_Sha512 * sha)94 void wc_Sha512Free(wc_Sha512* sha)
95 {
96 (void)sha;
97 /* Not supported in FIPS */
98 }
99 #endif
100
101 #if defined(WOLFSSL_SHA384) || defined(HAVE_AESGCM)
wc_InitSha384(wc_Sha384 * sha)102 int wc_InitSha384(wc_Sha384* sha)
103 {
104 if (sha == NULL) {
105 return BAD_FUNC_ARG;
106 }
107 return InitSha384_fips(sha);
108 }
wc_InitSha384_ex(wc_Sha384 * sha,void * heap,int devId)109 int wc_InitSha384_ex(wc_Sha384* sha, void* heap, int devId)
110 {
111 (void)heap;
112 (void)devId;
113 if (sha == NULL) {
114 return BAD_FUNC_ARG;
115 }
116 return InitSha384_fips(sha);
117 }
wc_Sha384Update(wc_Sha384 * sha,const byte * data,word32 len)118 int wc_Sha384Update(wc_Sha384* sha, const byte* data, word32 len)
119 {
120 if (sha == NULL || (data == NULL && len > 0)) {
121 return BAD_FUNC_ARG;
122 }
123 return Sha384Update_fips(sha, data, len);
124 }
wc_Sha384Final(wc_Sha384 * sha,byte * out)125 int wc_Sha384Final(wc_Sha384* sha, byte* out)
126 {
127 if (sha == NULL || out == NULL) {
128 return BAD_FUNC_ARG;
129 }
130 return Sha384Final_fips(sha, out);
131 }
wc_Sha384Free(wc_Sha384 * sha)132 void wc_Sha384Free(wc_Sha384* sha)
133 {
134 (void)sha;
135 /* Not supported in FIPS */
136 }
137 #endif /* WOLFSSL_SHA384 || HAVE_AESGCM */
138
139 #else /* else build without fips, or for FIPS v2 */
140
141 #include <wolfssl/wolfcrypt/logging.h>
142
143 #ifdef NO_INLINE
144 #include <wolfssl/wolfcrypt/misc.h>
145 #else
146 #define WOLFSSL_MISC_INCLUDED
147 #include <wolfcrypt/src/misc.c>
148 #endif
149
150 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
151 #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
152 #endif
153
154
155 #if defined(USE_INTEL_SPEEDUP)
156 #if defined(__GNUC__) && ((__GNUC__ < 4) || \
157 (__GNUC__ == 4 && __GNUC_MINOR__ <= 8))
158 #undef NO_AVX2_SUPPORT
159 #define NO_AVX2_SUPPORT
160 #endif
161 #if defined(__clang__) && ((__clang_major__ < 3) || \
162 (__clang_major__ == 3 && __clang_minor__ <= 5))
163 #define NO_AVX2_SUPPORT
164 #elif defined(__clang__) && defined(NO_AVX2_SUPPORT)
165 #undef NO_AVX2_SUPPORT
166 #endif
167
168 #define HAVE_INTEL_AVX1
169 #ifndef NO_AVX2_SUPPORT
170 #define HAVE_INTEL_AVX2
171 #endif
172 #endif
173
174 #if defined(HAVE_INTEL_AVX1)
175 /* #define DEBUG_XMM */
176 #endif
177
178 #if defined(HAVE_INTEL_AVX2)
179 #define HAVE_INTEL_RORX
180 /* #define DEBUG_YMM */
181 #endif
182
183 #if defined(HAVE_BYTEREVERSE64) && \
184 !defined(HAVE_INTEL_AVX1) && !defined(HAVE_INTEL_AVX2)
185 #define ByteReverseWords64(out, in, size) ByteReverseWords64_1(out, size)
186 #define ByteReverseWords64_1(buf, size) \
187 { unsigned int i ;\
188 for(i=0; i< size/sizeof(word64); i++){\
189 __asm__ volatile("bswapq %0":"+r"(buf[i])::) ;\
190 }\
191 }
192 #endif
193
194 #if defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_HASH) && \
195 !defined(WOLFSSL_QNX_CAAM)
196 /* functions defined in wolfcrypt/src/port/caam/caam_sha.c */
197
198 #elif defined(WOLFSSL_SILABS_SHA384)
199 /* functions defined in wolfcrypt/src/port/silabs/silabs_hash.c */
200
201 #elif defined(WOLFSSL_KCAPI_HASH)
202 /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
203
204 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
wc_InitSha512(wc_Sha512 * sha512)205 int wc_InitSha512(wc_Sha512* sha512)
206 {
207 if (sha512 == NULL)
208 return BAD_FUNC_ARG;
209 return se050_hash_init(&sha512->se050Ctx, NULL);
210 }
wc_InitSha512_ex(wc_Sha512 * sha512,void * heap,int devId)211 int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
212 {
213 if (sha512 == NULL) {
214 return BAD_FUNC_ARG;
215 }
216 (void)devId;
217 return se050_hash_init(&sha512->se050Ctx, heap);
218 }
wc_Sha512Update(wc_Sha512 * sha512,const byte * data,word32 len)219 int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
220 {
221 return se050_hash_update(&sha512->se050Ctx, data, len);
222 }
wc_Sha512Final(wc_Sha512 * sha512,byte * hash)223 int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
224 {
225 int ret = 0;
226 int devId = INVALID_DEVID;
227 if (sha512 == NULL) {
228 return BAD_FUNC_ARG;
229 }
230 #ifdef WOLF_CRYPTO_CB
231 devId = sha512->devId;
232 #endif
233 ret = se050_hash_final(&sha512->se050Ctx, hash, WC_SHA512_DIGEST_SIZE,
234 kAlgorithm_SSS_SHA512);
235 (void)wc_InitSha512_ex(sha512, sha512->heap, devId);
236 return ret;
237 }
wc_Sha512FinalRaw(wc_Sha512 * sha512,byte * hash)238 int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash)
239 {
240 int ret = 0;
241 int devId = INVALID_DEVID;
242 if (sha512 == NULL) {
243 return BAD_FUNC_ARG;
244 }
245 #ifdef WOLF_CRYPTO_CB
246 devId = sha512->devId;
247 #endif
248 ret = se050_hash_final(&sha512->se050Ctx, hash, WC_SHA512_DIGEST_SIZE,
249 kAlgorithm_SSS_SHA512);
250 (void)wc_InitSha512_ex(sha512, sha512->heap, devId);
251 return ret;
252 }
wc_Sha512Free(wc_Sha512 * sha512)253 void wc_Sha512Free(wc_Sha512* sha512)
254 {
255 (void)sha512;
256 }
257
258 #else
259
260 #ifdef WOLFSSL_SHA512
261
InitSha512(wc_Sha512 * sha512)262 static int InitSha512(wc_Sha512* sha512)
263 {
264 if (sha512 == NULL)
265 return BAD_FUNC_ARG;
266
267 sha512->digest[0] = W64LIT(0x6a09e667f3bcc908);
268 sha512->digest[1] = W64LIT(0xbb67ae8584caa73b);
269 sha512->digest[2] = W64LIT(0x3c6ef372fe94f82b);
270 sha512->digest[3] = W64LIT(0xa54ff53a5f1d36f1);
271 sha512->digest[4] = W64LIT(0x510e527fade682d1);
272 sha512->digest[5] = W64LIT(0x9b05688c2b3e6c1f);
273 sha512->digest[6] = W64LIT(0x1f83d9abfb41bd6b);
274 sha512->digest[7] = W64LIT(0x5be0cd19137e2179);
275
276 sha512->buffLen = 0;
277 sha512->loLen = 0;
278 sha512->hiLen = 0;
279
280 #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
281 !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
282
283 sha512->ctx.sha_type = SHA2_512;
284 /* always start firstblock = 1 when using hw engine */
285 sha512->ctx.isfirstblock = 1;
286 if(sha512->ctx.mode == ESP32_SHA_HW) {
287 /* release hw */
288 esp_sha_hw_unlock();
289 }
290 /* always set mode as INIT
291 * whether using HW or SW is determined at first call of update()
292 */
293 sha512->ctx.mode = ESP32_SHA_INIT;
294 #endif
295 #ifdef WOLFSSL_HASH_FLAGS
296 sha512->flags = 0;
297 #endif
298 return 0;
299 }
300
301 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
302 #if !defined(WOLFSSL_NOSHA512_224)
303 /**
304 * Initialize given wc_Sha512 structure with value specific to sha512/224.
305 * Note that sha512/224 has different initial hash value from sha512.
306 * The initial hash value consists of eight 64bit words. They are given
307 * in FIPS180-4.
308 */
InitSha512_224(wc_Sha512 * sha512)309 static int InitSha512_224(wc_Sha512* sha512)
310 {
311 if (sha512 == NULL)
312 return BAD_FUNC_ARG;
313
314 sha512->digest[0] = W64LIT(0x8c3d37c819544da2);
315 sha512->digest[1] = W64LIT(0x73e1996689dcd4d6);
316 sha512->digest[2] = W64LIT(0x1dfab7ae32ff9c82);
317 sha512->digest[3] = W64LIT(0x679dd514582f9fcf);
318 sha512->digest[4] = W64LIT(0x0f6d2b697bd44da8);
319 sha512->digest[5] = W64LIT(0x77e36f7304c48942);
320 sha512->digest[6] = W64LIT(0x3f9d85a86a1d36c8);
321 sha512->digest[7] = W64LIT(0x1112e6ad91d692a1);
322
323 sha512->buffLen = 0;
324 sha512->loLen = 0;
325 sha512->hiLen = 0;
326
327 #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
328 !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
329
330 sha512->ctx.sha_type = SHA2_512;
331 /* always start firstblock = 1 when using hw engine */
332 sha512->ctx.isfirstblock = 1;
333 if(sha512->ctx.mode == ESP32_SHA_HW) {
334 /* release hw */
335 esp_sha_hw_unlock();
336 }
337 /* always set mode as INIT
338 * whether using HW or SW is determined at first call of update()
339 */
340 sha512->ctx.mode = ESP32_SHA_INIT;
341 #endif
342 #ifdef WOLFSSL_HASH_FLAGS
343 sha512->flags = 0;
344 #endif
345 return 0;
346 }
347 #endif /* !WOLFSSL_NOSHA512_224 */
348 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
349
350 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
351 #if !defined(WOLFSSL_NOSHA512_256)
352 /**
353 * Initialize given wc_Sha512 structure with value specific to sha512/256.
354 * Note that sha512/256 has different initial hash value from sha512.
355 * The initial hash value consists of eight 64bit words. They are given
356 * in FIPS180-4.
357 */
InitSha512_256(wc_Sha512 * sha512)358 static int InitSha512_256(wc_Sha512* sha512)
359 {
360 if (sha512 == NULL)
361 return BAD_FUNC_ARG;
362
363 sha512->digest[0] = W64LIT(0x22312194fc2bf72c);
364 sha512->digest[1] = W64LIT(0x9f555fa3c84c64c2);
365 sha512->digest[2] = W64LIT(0x2393b86b6f53b151);
366 sha512->digest[3] = W64LIT(0x963877195940eabd);
367 sha512->digest[4] = W64LIT(0x96283ee2a88effe3);
368 sha512->digest[5] = W64LIT(0xbe5e1e2553863992);
369 sha512->digest[6] = W64LIT(0x2b0199fc2c85b8aa);
370 sha512->digest[7] = W64LIT(0x0eb72ddc81c52ca2);
371
372 sha512->buffLen = 0;
373 sha512->loLen = 0;
374 sha512->hiLen = 0;
375
376 #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
377 !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
378
379 sha512->ctx.sha_type = SHA2_512;
380 /* always start firstblock = 1 when using hw engine */
381 sha512->ctx.isfirstblock = 1;
382 if(sha512->ctx.mode == ESP32_SHA_HW) {
383 /* release hw */
384 esp_sha_hw_unlock();
385 }
386 /* always set mode as INIT
387 * whether using HW or SW is determined at first call of update()
388 */
389 sha512->ctx.mode = ESP32_SHA_INIT;
390 #endif
391 #ifdef WOLFSSL_HASH_FLAGS
392 sha512->flags = 0;
393 #endif
394 return 0;
395 }
396 #endif /* !WOLFSSL_NOSHA512_256 */
397 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
398
399 #endif /* WOLFSSL_SHA512 */
400
401 /* Hardware Acceleration */
402 #if defined(USE_INTEL_SPEEDUP) && \
403 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
404
405 #ifdef WOLFSSL_SHA512
406
407 /*****
408 Intel AVX1/AVX2 Macro Control Structure
409
410 #if defined(HAVE_INTEL_SPEEDUP)
411 #define HAVE_INTEL_AVX1
412 #define HAVE_INTEL_AVX2
413 #endif
414
415 int InitSha512(wc_Sha512* sha512) {
416 Save/Recover XMM, YMM
417 ...
418
419 Check Intel AVX cpuid flags
420 }
421
422 #if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
423 Transform_Sha512_AVX1(); # Function prototype
424 Transform_Sha512_AVX2(); #
425 #endif
426
427 _Transform_Sha512() { # Native Transform Function body
428
429 }
430
431 int Sha512Update() {
432 Save/Recover XMM, YMM
433 ...
434 }
435
436 int Sha512Final() {
437 Save/Recover XMM, YMM
438 ...
439 }
440
441
442 #if defined(HAVE_INTEL_AVX1)
443
444 XMM Instructions/INLINE asm Definitions
445
446 #endif
447
448 #if defined(HAVE_INTEL_AVX2)
449
450 YMM Instructions/INLINE asm Definitions
451
452 #endif
453
454 #if defined(HAVE_INTEL_AVX1)
455
456 int Transform_Sha512_AVX1() {
457 Stitched Message Sched/Round
458 }
459
460 #endif
461
462 #if defined(HAVE_INTEL_AVX2)
463
464 int Transform_Sha512_AVX2() {
465 Stitched Message Sched/Round
466 }
467 #endif
468
469 */
470
471
472 /* Each platform needs to query info type 1 from cpuid to see if aesni is
473 * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
474 */
475
476 #ifdef __cplusplus
477 extern "C" {
478 #endif
479
480 #if defined(HAVE_INTEL_AVX1)
481 extern int Transform_Sha512_AVX1(wc_Sha512 *sha512);
482 extern int Transform_Sha512_AVX1_Len(wc_Sha512 *sha512, word32 len);
483 #endif
484 #if defined(HAVE_INTEL_AVX2)
485 extern int Transform_Sha512_AVX2(wc_Sha512 *sha512);
486 extern int Transform_Sha512_AVX2_Len(wc_Sha512 *sha512, word32 len);
487 #if defined(HAVE_INTEL_RORX)
488 extern int Transform_Sha512_AVX1_RORX(wc_Sha512 *sha512);
489 extern int Transform_Sha512_AVX1_RORX_Len(wc_Sha512 *sha512,
490 word32 len);
491 extern int Transform_Sha512_AVX2_RORX(wc_Sha512 *sha512);
492 extern int Transform_Sha512_AVX2_RORX_Len(wc_Sha512 *sha512,
493 word32 len);
494 #endif
495 #endif
496
497 #ifdef __cplusplus
498 } /* extern "C" */
499 #endif
500
501 static int _Transform_Sha512(wc_Sha512 *sha512);
502 static int (*Transform_Sha512_p)(wc_Sha512* sha512) = _Transform_Sha512;
503 static int (*Transform_Sha512_Len_p)(wc_Sha512* sha512, word32 len) = NULL;
504 static int transform_check = 0;
505 static int intel_flags;
506 static int Transform_Sha512_is_vectorized = 0;
507
Transform_Sha512(wc_Sha512 * sha512)508 static WC_INLINE int Transform_Sha512(wc_Sha512 *sha512) {
509 int ret;
510 ret = (*Transform_Sha512_p)(sha512);
511 return ret;
512 }
Transform_Sha512_Len(wc_Sha512 * sha512,word32 len)513 static WC_INLINE int Transform_Sha512_Len(wc_Sha512 *sha512, word32 len) {
514 int ret;
515 ret = (*Transform_Sha512_Len_p)(sha512, len);
516 return ret;
517 }
518
Sha512_SetTransform(void)519 static void Sha512_SetTransform(void)
520 {
521 if (transform_check)
522 return;
523
524 intel_flags = cpuid_get_flags();
525
526 #if defined(HAVE_INTEL_AVX2)
527 if (IS_INTEL_AVX2(intel_flags)) {
528 #ifdef HAVE_INTEL_RORX
529 if (IS_INTEL_BMI2(intel_flags)) {
530 Transform_Sha512_p = Transform_Sha512_AVX2_RORX;
531 Transform_Sha512_Len_p = Transform_Sha512_AVX2_RORX_Len;
532 Transform_Sha512_is_vectorized = 1;
533 }
534 else
535 #endif
536 if (1) {
537 Transform_Sha512_p = Transform_Sha512_AVX2;
538 Transform_Sha512_Len_p = Transform_Sha512_AVX2_Len;
539 Transform_Sha512_is_vectorized = 1;
540 }
541 #ifdef HAVE_INTEL_RORX
542 else {
543 Transform_Sha512_p = Transform_Sha512_AVX1_RORX;
544 Transform_Sha512_Len_p = Transform_Sha512_AVX1_RORX_Len;
545 Transform_Sha512_is_vectorized = 1;
546 }
547 #endif
548 }
549 else
550 #endif
551 #if defined(HAVE_INTEL_AVX1)
552 if (IS_INTEL_AVX1(intel_flags)) {
553 Transform_Sha512_p = Transform_Sha512_AVX1;
554 Transform_Sha512_Len_p = Transform_Sha512_AVX1_Len;
555 Transform_Sha512_is_vectorized = 1;
556 }
557 else
558 #endif
559 {
560 Transform_Sha512_p = _Transform_Sha512;
561 Transform_Sha512_is_vectorized = 1;
562 }
563
564 transform_check = 1;
565 }
566 #endif /* WOLFSSL_SHA512 */
567
568 #else
569 #define Transform_Sha512(sha512) _Transform_Sha512(sha512)
570
571 #endif
572
573 #ifdef WOLFSSL_SHA512
574
InitSha512_Family(wc_Sha512 * sha512,void * heap,int devId,int (* initfp)(wc_Sha512 *))575 static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
576 int (*initfp)(wc_Sha512*))
577 {
578 int ret = 0;
579
580 if (sha512 == NULL)
581 return BAD_FUNC_ARG;
582
583 sha512->heap = heap;
584 #ifdef WOLFSSL_SMALL_STACK_CACHE
585 sha512->W = NULL;
586 #endif
587 #ifdef WOLF_CRYPTO_CB
588 sha512->devId = devId;
589 sha512->devCtx = NULL;
590 #endif
591
592 ret = initfp(sha512);
593 if (ret != 0)
594 return ret;
595
596 #if defined(USE_INTEL_SPEEDUP) && \
597 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
598 Sha512_SetTransform();
599 #endif
600
601 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
602 ret = wolfAsync_DevCtxInit(&sha512->asyncDev,
603 WOLFSSL_ASYNC_MARKER_SHA512, sha512->heap, devId);
604 #else
605 (void)devId;
606 #endif /* WOLFSSL_ASYNC_CRYPT */
607
608 return ret;
609 }
610
wc_InitSha512_ex(wc_Sha512 * sha512,void * heap,int devId)611 int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
612 {
613 return InitSha512_Family(sha512, heap, devId, InitSha512);
614 }
615
616 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
617 #if !defined(WOLFSSL_NOSHA512_224)
wc_InitSha512_224_ex(wc_Sha512 * sha512,void * heap,int devId)618 int wc_InitSha512_224_ex(wc_Sha512* sha512, void* heap, int devId)
619 {
620 return InitSha512_Family(sha512, heap, devId, InitSha512_224);
621 }
622 #endif /* !WOLFSSL_NOSHA512_224 */
623 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
624
625 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
626 #if !defined(WOLFSSL_NOSHA512_256)
wc_InitSha512_256_ex(wc_Sha512 * sha512,void * heap,int devId)627 int wc_InitSha512_256_ex(wc_Sha512* sha512, void* heap, int devId)
628 {
629 return InitSha512_Family(sha512, heap, devId, InitSha512_256);
630 }
631 #endif /* !WOLFSSL_NOSHA512_256 */
632 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
633
634 #endif /* WOLFSSL_SHA512 */
635
636
637 static const word64 K512[80] = {
638 W64LIT(0x428a2f98d728ae22), W64LIT(0x7137449123ef65cd),
639 W64LIT(0xb5c0fbcfec4d3b2f), W64LIT(0xe9b5dba58189dbbc),
640 W64LIT(0x3956c25bf348b538), W64LIT(0x59f111f1b605d019),
641 W64LIT(0x923f82a4af194f9b), W64LIT(0xab1c5ed5da6d8118),
642 W64LIT(0xd807aa98a3030242), W64LIT(0x12835b0145706fbe),
643 W64LIT(0x243185be4ee4b28c), W64LIT(0x550c7dc3d5ffb4e2),
644 W64LIT(0x72be5d74f27b896f), W64LIT(0x80deb1fe3b1696b1),
645 W64LIT(0x9bdc06a725c71235), W64LIT(0xc19bf174cf692694),
646 W64LIT(0xe49b69c19ef14ad2), W64LIT(0xefbe4786384f25e3),
647 W64LIT(0x0fc19dc68b8cd5b5), W64LIT(0x240ca1cc77ac9c65),
648 W64LIT(0x2de92c6f592b0275), W64LIT(0x4a7484aa6ea6e483),
649 W64LIT(0x5cb0a9dcbd41fbd4), W64LIT(0x76f988da831153b5),
650 W64LIT(0x983e5152ee66dfab), W64LIT(0xa831c66d2db43210),
651 W64LIT(0xb00327c898fb213f), W64LIT(0xbf597fc7beef0ee4),
652 W64LIT(0xc6e00bf33da88fc2), W64LIT(0xd5a79147930aa725),
653 W64LIT(0x06ca6351e003826f), W64LIT(0x142929670a0e6e70),
654 W64LIT(0x27b70a8546d22ffc), W64LIT(0x2e1b21385c26c926),
655 W64LIT(0x4d2c6dfc5ac42aed), W64LIT(0x53380d139d95b3df),
656 W64LIT(0x650a73548baf63de), W64LIT(0x766a0abb3c77b2a8),
657 W64LIT(0x81c2c92e47edaee6), W64LIT(0x92722c851482353b),
658 W64LIT(0xa2bfe8a14cf10364), W64LIT(0xa81a664bbc423001),
659 W64LIT(0xc24b8b70d0f89791), W64LIT(0xc76c51a30654be30),
660 W64LIT(0xd192e819d6ef5218), W64LIT(0xd69906245565a910),
661 W64LIT(0xf40e35855771202a), W64LIT(0x106aa07032bbd1b8),
662 W64LIT(0x19a4c116b8d2d0c8), W64LIT(0x1e376c085141ab53),
663 W64LIT(0x2748774cdf8eeb99), W64LIT(0x34b0bcb5e19b48a8),
664 W64LIT(0x391c0cb3c5c95a63), W64LIT(0x4ed8aa4ae3418acb),
665 W64LIT(0x5b9cca4f7763e373), W64LIT(0x682e6ff3d6b2b8a3),
666 W64LIT(0x748f82ee5defb2fc), W64LIT(0x78a5636f43172f60),
667 W64LIT(0x84c87814a1f0ab72), W64LIT(0x8cc702081a6439ec),
668 W64LIT(0x90befffa23631e28), W64LIT(0xa4506cebde82bde9),
669 W64LIT(0xbef9a3f7b2c67915), W64LIT(0xc67178f2e372532b),
670 W64LIT(0xca273eceea26619c), W64LIT(0xd186b8c721c0c207),
671 W64LIT(0xeada7dd6cde0eb1e), W64LIT(0xf57d4f7fee6ed178),
672 W64LIT(0x06f067aa72176fba), W64LIT(0x0a637dc5a2c898a6),
673 W64LIT(0x113f9804bef90dae), W64LIT(0x1b710b35131c471b),
674 W64LIT(0x28db77f523047d84), W64LIT(0x32caab7b40c72493),
675 W64LIT(0x3c9ebe0a15c9bebc), W64LIT(0x431d67c49c100d4c),
676 W64LIT(0x4cc5d4becb3e42b6), W64LIT(0x597f299cfc657e2a),
677 W64LIT(0x5fcb6fab3ad6faec), W64LIT(0x6c44198c4a475817)
678 };
679
680 #define blk0(i) (W[i] = sha512->buffer[i])
681
682 #define blk2(i) (\
683 W[ i & 15] += \
684 s1(W[(i-2) & 15])+ \
685 W[(i-7) & 15] + \
686 s0(W[(i-15) & 15]) \
687 )
688
689 #define Ch(x,y,z) (z ^ (x & (y ^ z)))
690 #define Maj(x,y,z) ((x & y) | (z & (x | y)))
691
692 #define a(i) T[(0-i) & 7]
693 #define b(i) T[(1-i) & 7]
694 #define c(i) T[(2-i) & 7]
695 #define d(i) T[(3-i) & 7]
696 #define e(i) T[(4-i) & 7]
697 #define f(i) T[(5-i) & 7]
698 #define g(i) T[(6-i) & 7]
699 #define h(i) T[(7-i) & 7]
700
701 #define S0(x) (rotrFixed64(x,28) ^ rotrFixed64(x,34) ^ rotrFixed64(x,39))
702 #define S1(x) (rotrFixed64(x,14) ^ rotrFixed64(x,18) ^ rotrFixed64(x,41))
703 #define s0(x) (rotrFixed64(x,1) ^ rotrFixed64(x,8) ^ (x>>7))
704 #define s1(x) (rotrFixed64(x,19) ^ rotrFixed64(x,61) ^ (x>>6))
705
706 #define R(i) \
707 h(i) += S1(e(i)) + Ch(e(i),f(i),g(i)) + K[i+j] + (j ? blk2(i) : blk0(i)); \
708 d(i) += h(i); \
709 h(i) += S0(a(i)) + Maj(a(i),b(i),c(i))
710
_Transform_Sha512(wc_Sha512 * sha512)711 static int _Transform_Sha512(wc_Sha512* sha512)
712 {
713 const word64* K = K512;
714 word32 j;
715 word64 T[8];
716
717 #ifdef WOLFSSL_SMALL_STACK_CACHE
718 word64* W = sha512->W;
719 if (W == NULL) {
720 W = (word64*)XMALLOC(sizeof(word64) * 16, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
721 if (W == NULL)
722 return MEMORY_E;
723 sha512->W = W;
724 }
725 #elif defined(WOLFSSL_SMALL_STACK)
726 word64* W;
727 W = (word64*) XMALLOC(sizeof(word64) * 16, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
728 if (W == NULL)
729 return MEMORY_E;
730 #else
731 word64 W[16];
732 #endif
733
734 /* Copy digest to working vars */
735 XMEMCPY(T, sha512->digest, sizeof(T));
736
737 #ifdef USE_SLOW_SHA512
738 /* over twice as small, but 50% slower */
739 /* 80 operations, not unrolled */
740 for (j = 0; j < 80; j += 16) {
741 int m;
742 for (m = 0; m < 16; m++) { /* braces needed here for macros {} */
743 R(m);
744 }
745 }
746 #else
747 /* 80 operations, partially loop unrolled */
748 for (j = 0; j < 80; j += 16) {
749 R( 0); R( 1); R( 2); R( 3);
750 R( 4); R( 5); R( 6); R( 7);
751 R( 8); R( 9); R(10); R(11);
752 R(12); R(13); R(14); R(15);
753 }
754 #endif /* USE_SLOW_SHA512 */
755
756 /* Add the working vars back into digest */
757 sha512->digest[0] += a(0);
758 sha512->digest[1] += b(0);
759 sha512->digest[2] += c(0);
760 sha512->digest[3] += d(0);
761 sha512->digest[4] += e(0);
762 sha512->digest[5] += f(0);
763 sha512->digest[6] += g(0);
764 sha512->digest[7] += h(0);
765
766 /* Wipe variables */
767 ForceZero(W, sizeof(word64) * 16);
768 ForceZero(T, sizeof(T));
769
770 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE)
771 XFREE(W, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
772 #endif
773
774 return 0;
775 }
776
777
AddLength(wc_Sha512 * sha512,word32 len)778 static WC_INLINE void AddLength(wc_Sha512* sha512, word32 len)
779 {
780 word64 tmp = sha512->loLen;
781 if ( (sha512->loLen += len) < tmp)
782 sha512->hiLen++; /* carry low to high */
783 }
784
Sha512Update(wc_Sha512 * sha512,const byte * data,word32 len)785 static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
786 {
787 int ret = 0;
788 /* do block size increments */
789 byte* local = (byte*)sha512->buffer;
790
791 /* check that internal buffLen is valid */
792 if (sha512->buffLen >= WC_SHA512_BLOCK_SIZE)
793 return BUFFER_E;
794
795 if (len == 0)
796 return 0;
797
798 AddLength(sha512, len);
799
800 if (sha512->buffLen > 0) {
801 word32 add = min(len, WC_SHA512_BLOCK_SIZE - sha512->buffLen);
802 if (add > 0) {
803 XMEMCPY(&local[sha512->buffLen], data, add);
804
805 sha512->buffLen += add;
806 data += add;
807 len -= add;
808 }
809
810 if (sha512->buffLen == WC_SHA512_BLOCK_SIZE) {
811 #if defined(LITTLE_ENDIAN_ORDER)
812 #if defined(USE_INTEL_SPEEDUP) && \
813 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
814 if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
815 #endif
816 {
817 #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
818 defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
819 ByteReverseWords64(sha512->buffer, sha512->buffer,
820 WC_SHA512_BLOCK_SIZE);
821 #endif
822 }
823 #endif
824 #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
825 defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
826 ret = Transform_Sha512(sha512);
827 #else
828 if(sha512->ctx.mode == ESP32_SHA_INIT) {
829 esp_sha_try_hw_lock(&sha512->ctx);
830 }
831 ret = esp_sha512_process(sha512);
832 if(ret == 0 && sha512->ctx.mode == ESP32_SHA_SW){
833 ret = Transform_Sha512(sha512);
834 }
835 #endif
836 if (ret == 0)
837 sha512->buffLen = 0;
838 else
839 len = 0;
840 }
841 }
842
843 #if defined(USE_INTEL_SPEEDUP) && \
844 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
845 if (Transform_Sha512_Len_p != NULL) {
846 word32 blocksLen = len & ~(WC_SHA512_BLOCK_SIZE-1);
847
848 if (blocksLen > 0) {
849 sha512->data = data;
850 /* Byte reversal performed in function if required. */
851 Transform_Sha512_Len(sha512, blocksLen);
852 data += blocksLen;
853 len -= blocksLen;
854 }
855 }
856 else
857 #endif
858 #if !defined(LITTLE_ENDIAN_ORDER) || (defined(USE_INTEL_SPEEDUP) && \
859 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)))
860 {
861 while (len >= WC_SHA512_BLOCK_SIZE) {
862 XMEMCPY(local, data, WC_SHA512_BLOCK_SIZE);
863
864 data += WC_SHA512_BLOCK_SIZE;
865 len -= WC_SHA512_BLOCK_SIZE;
866
867 #if defined(USE_INTEL_SPEEDUP) && \
868 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
869 if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
870 {
871 ByteReverseWords64(sha512->buffer, sha512->buffer,
872 WC_SHA512_BLOCK_SIZE);
873 }
874 #endif
875 /* Byte reversal performed in function if required. */
876 ret = Transform_Sha512(sha512);
877 if (ret != 0)
878 break;
879 }
880 }
881 #else
882 {
883 while (len >= WC_SHA512_BLOCK_SIZE) {
884 XMEMCPY(local, data, WC_SHA512_BLOCK_SIZE);
885
886 data += WC_SHA512_BLOCK_SIZE;
887 len -= WC_SHA512_BLOCK_SIZE;
888 #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
889 defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
890 ByteReverseWords64(sha512->buffer, sha512->buffer,
891 WC_SHA512_BLOCK_SIZE);
892 #endif
893 #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
894 defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
895 ret = Transform_Sha512(sha512);
896 #else
897 if(sha512->ctx.mode == ESP32_SHA_INIT) {
898 esp_sha_try_hw_lock(&sha512->ctx);
899 }
900 ret = esp_sha512_process(sha512);
901 if(ret == 0 && sha512->ctx.mode == ESP32_SHA_SW){
902 ret = Transform_Sha512(sha512);
903 }
904 #endif
905 if (ret != 0)
906 break;
907 }
908 }
909 #endif
910
911 if (ret == 0 && len > 0) {
912 XMEMCPY(local, data, len);
913 sha512->buffLen = len;
914 }
915
916 return ret;
917 }
918
919 #ifdef WOLFSSL_SHA512
920
wc_Sha512Update(wc_Sha512 * sha512,const byte * data,word32 len)921 int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
922 {
923 if (sha512 == NULL || (data == NULL && len > 0)) {
924 return BAD_FUNC_ARG;
925 }
926
927 #ifdef WOLF_CRYPTO_CB
928 if (sha512->devId != INVALID_DEVID) {
929 int ret = wc_CryptoCb_Sha512Hash(sha512, data, len, NULL);
930 if (ret != CRYPTOCB_UNAVAILABLE)
931 return ret;
932 /* fall-through when unavailable */
933 }
934 #endif
935 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
936 if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) {
937 #if defined(HAVE_INTEL_QA)
938 return IntelQaSymSha512(&sha512->asyncDev, NULL, data, len);
939 #endif
940 }
941 #endif /* WOLFSSL_ASYNC_CRYPT */
942
943 return Sha512Update(sha512, data, len);
944 }
945
946 #endif /* WOLFSSL_SHA512 */
947
948 #endif /* WOLFSSL_IMX6_CAAM || WOLFSSL_SILABS_SHA384 */
949
950
951 #if defined(WOLFSSL_KCAPI_HASH)
952 /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
953 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
954
955 #else
956
Sha512Final(wc_Sha512 * sha512)957 static WC_INLINE int Sha512Final(wc_Sha512* sha512)
958 {
959 byte* local = (byte*)sha512->buffer;
960 int ret;
961
962 if (sha512 == NULL) {
963 return BAD_FUNC_ARG;
964 }
965
966 local[sha512->buffLen++] = 0x80; /* add 1 */
967
968 /* pad with zeros */
969 if (sha512->buffLen > WC_SHA512_PAD_SIZE) {
970 XMEMSET(&local[sha512->buffLen], 0, WC_SHA512_BLOCK_SIZE - sha512->buffLen);
971 sha512->buffLen += WC_SHA512_BLOCK_SIZE - sha512->buffLen;
972 #if defined(LITTLE_ENDIAN_ORDER)
973 #if defined(USE_INTEL_SPEEDUP) && \
974 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
975 if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
976 #endif
977 {
978
979 #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
980 defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
981 ByteReverseWords64(sha512->buffer,sha512->buffer,
982 WC_SHA512_BLOCK_SIZE);
983 #endif
984 }
985 #endif /* LITTLE_ENDIAN_ORDER */
986 #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
987 defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
988 ret = Transform_Sha512(sha512);
989 #else
990 if(sha512->ctx.mode == ESP32_SHA_INIT) {
991 esp_sha_try_hw_lock(&sha512->ctx);
992 }
993 ret = esp_sha512_process(sha512);
994 if(ret == 0 && sha512->ctx.mode == ESP32_SHA_SW){
995 ret = Transform_Sha512(sha512);
996 }
997 #endif
998 if (ret != 0)
999 return ret;
1000
1001 sha512->buffLen = 0;
1002 }
1003 XMEMSET(&local[sha512->buffLen], 0, WC_SHA512_PAD_SIZE - sha512->buffLen);
1004
1005 /* put lengths in bits */
1006 sha512->hiLen = (sha512->loLen >> (8 * sizeof(sha512->loLen) - 3)) +
1007 (sha512->hiLen << 3);
1008 sha512->loLen = sha512->loLen << 3;
1009
1010 /* store lengths */
1011 #if defined(LITTLE_ENDIAN_ORDER)
1012 #if defined(USE_INTEL_SPEEDUP) && \
1013 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1014 if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
1015 #endif
1016 #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
1017 defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1018 ByteReverseWords64(sha512->buffer, sha512->buffer, WC_SHA512_PAD_SIZE);
1019 #endif
1020 #endif
1021 /* ! length ordering dependent on digest endian type ! */
1022
1023 #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
1024 defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1025 sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2] = sha512->hiLen;
1026 sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 1] = sha512->loLen;
1027 #endif
1028
1029 #if defined(USE_INTEL_SPEEDUP) && \
1030 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1031 if (IS_INTEL_AVX1(intel_flags) || IS_INTEL_AVX2(intel_flags))
1032 ByteReverseWords64(&(sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2]),
1033 &(sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2]),
1034 WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE);
1035 #endif
1036 #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
1037 defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1038 ret = Transform_Sha512(sha512);
1039 #else
1040 if(sha512->ctx.mode == ESP32_SHA_INIT) {
1041 esp_sha_try_hw_lock(&sha512->ctx);
1042 }
1043 ret = esp_sha512_digest_process(sha512, 1);
1044 if(ret == 0 && sha512->ctx.mode == ESP32_SHA_SW) {
1045 ret = Transform_Sha512(sha512);
1046 }
1047 #endif
1048 if (ret != 0)
1049 return ret;
1050
1051 #ifdef LITTLE_ENDIAN_ORDER
1052 ByteReverseWords64(sha512->digest, sha512->digest, WC_SHA512_DIGEST_SIZE);
1053 #endif
1054
1055 return 0;
1056 }
1057
1058 #endif /* WOLFSSL_KCAPI_HASH */
1059
1060 #ifdef WOLFSSL_SHA512
1061
1062 #if defined(WOLFSSL_KCAPI_HASH)
1063 /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1064 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
1065
1066 #else
1067
Sha512FinalRaw(wc_Sha512 * sha512,byte * hash,int digestSz)1068 static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, int digestSz)
1069 {
1070 #ifdef LITTLE_ENDIAN_ORDER
1071 word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)];
1072 #endif
1073
1074 if (sha512 == NULL || hash == NULL) {
1075 return BAD_FUNC_ARG;
1076 }
1077
1078 #ifdef LITTLE_ENDIAN_ORDER
1079 ByteReverseWords64((word64*)digest, (word64*)sha512->digest,
1080 WC_SHA512_DIGEST_SIZE);
1081 XMEMCPY(hash, digest, digestSz);
1082 #else
1083 XMEMCPY(hash, sha512->digest, digestSz);
1084 #endif
1085
1086 return 0;
1087 }
1088
wc_Sha512FinalRaw(wc_Sha512 * sha512,byte * hash)1089 int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash)
1090 {
1091 return Sha512FinalRaw(sha512, hash, WC_SHA512_DIGEST_SIZE);
1092 }
1093
Sha512_Family_Final(wc_Sha512 * sha512,byte * hash,int digestSz,int (* initfp)(wc_Sha512 *))1094 static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash, int digestSz,
1095 int (*initfp)(wc_Sha512*))
1096 {
1097 int ret;
1098
1099 if (sha512 == NULL || hash == NULL) {
1100 return BAD_FUNC_ARG;
1101 }
1102
1103 #ifdef WOLF_CRYPTO_CB
1104 if (sha512->devId != INVALID_DEVID) {
1105 ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, hash);
1106 if (ret != CRYPTOCB_UNAVAILABLE)
1107 return ret;
1108 /* fall-through when unavailable */
1109 }
1110 #endif
1111 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
1112 if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) {
1113 #if defined(HAVE_INTEL_QA)
1114 return IntelQaSymSha512(&sha512->asyncDev, hash, NULL, digestSz);
1115 #endif
1116 }
1117 #endif /* WOLFSSL_ASYNC_CRYPT */
1118
1119 ret = Sha512Final(sha512);
1120 if (ret != 0)
1121 return ret;
1122
1123 XMEMCPY(hash, sha512->digest, digestSz);
1124
1125 /* initialize Sha512 structure for the next use */
1126 return initfp(sha512);
1127 }
1128
wc_Sha512Final(wc_Sha512 * sha512,byte * hash)1129 int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
1130 {
1131 return Sha512_Family_Final(sha512, hash, WC_SHA512_DIGEST_SIZE, InitSha512);
1132 }
1133
1134 #endif /* WOLFSSL_KCAPI_HASH */
1135
1136 #if !defined(WOLFSSL_SE050) || !defined(WOLFSSL_SE050_HASH)
wc_InitSha512(wc_Sha512 * sha512)1137 int wc_InitSha512(wc_Sha512* sha512)
1138 {
1139 return wc_InitSha512_ex(sha512, NULL, INVALID_DEVID);
1140 }
1141
wc_Sha512Free(wc_Sha512 * sha512)1142 void wc_Sha512Free(wc_Sha512* sha512)
1143 {
1144 if (sha512 == NULL)
1145 return;
1146
1147 #ifdef WOLFSSL_SMALL_STACK_CACHE
1148 if (sha512->W != NULL) {
1149 XFREE(sha512->W, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
1150 sha512->W = NULL;
1151 }
1152 #endif
1153
1154 #if defined(WOLFSSL_KCAPI_HASH)
1155 KcapiHashFree(&sha512->kcapi);
1156 #endif
1157
1158 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
1159 wolfAsync_DevCtxFree(&sha512->asyncDev, WOLFSSL_ASYNC_MARKER_SHA512);
1160 #endif /* WOLFSSL_ASYNC_CRYPT */
1161 }
1162 #if defined(OPENSSL_EXTRA)
1163 /* Apply SHA512 transformation to the data */
1164 /* @param sha a pointer to wc_Sha512 structure */
1165 /* @param data data to be applied SHA512 transformation */
1166 /* @return 0 on successful, otherwise non-zero on failure */
wc_Sha512Transform(wc_Sha512 * sha,const unsigned char * data)1167 int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
1168 {
1169 int ret;
1170 /* back up buffer */
1171 #ifdef WOLFSSL_SMALL_STACK
1172 word64 *buffer;
1173 #else
1174 word64 buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64)];
1175 #endif
1176
1177 /* sanity check */
1178 if (sha == NULL || data == NULL) {
1179 return BAD_FUNC_ARG;
1180 }
1181
1182 #ifdef WOLFSSL_SMALL_STACK
1183 buffer = (word64 *)XMALLOC(sizeof(word64) * 16, sha->heap,
1184 DYNAMIC_TYPE_TMP_BUFFER);
1185 if (buffer == NULL)
1186 return MEMORY_E;
1187 #endif
1188
1189 #if defined(USE_INTEL_SPEEDUP) && \
1190 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1191 Sha512_SetTransform();
1192 #endif
1193
1194 #if defined(LITTLE_ENDIAN_ORDER)
1195 #if defined(USE_INTEL_SPEEDUP) && \
1196 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1197 if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
1198 #endif
1199 {
1200 ByteReverseWords64((word64*)data, (word64*)data,
1201 WC_SHA512_BLOCK_SIZE);
1202 }
1203 #endif /* !LITTLE_ENDIAN_ORDER */
1204
1205 XMEMCPY(buffer, sha->buffer, WC_SHA512_BLOCK_SIZE);
1206 XMEMCPY(sha->buffer, data, WC_SHA512_BLOCK_SIZE);
1207
1208 ret = Transform_Sha512(sha);
1209
1210 XMEMCPY(sha->buffer, buffer, WC_SHA512_BLOCK_SIZE);
1211 #ifdef WOLFSSL_SMALL_STACK
1212 XFREE(buffer, sha->heap, DYNAMIC_TYPE_TMP_BUFFER);
1213 #endif
1214 return ret;
1215 }
1216 #endif /* OPENSSL_EXTRA */
1217 #endif /* WOLFSSL_SHA512 */
1218 #endif /* !WOLFSSL_SE050 || !WOLFSSL_SE050_HASH */
1219
1220
1221 /* -------------------------------------------------------------------------- */
1222 /* SHA384 */
1223 /* -------------------------------------------------------------------------- */
1224 #ifdef WOLFSSL_SHA384
1225
1226 #if defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_HASH) && \
1227 !defined(WOLFSSL_QNX_CAAM)
1228 /* functions defined in wolfcrypt/src/port/caam/caam_sha.c */
1229 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
wc_InitSha384_ex(wc_Sha384 * sha384,void * heap,int devId)1230 int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
1231 {
1232 if (sha384 == NULL) {
1233 return BAD_FUNC_ARG;
1234 }
1235 (void)devId;
1236 return se050_hash_init(&sha384->se050Ctx, heap);
1237 }
wc_Sha384Update(wc_Sha384 * sha384,const byte * data,word32 len)1238 int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
1239 {
1240 return se050_hash_update(&sha384->se050Ctx, data, len);
1241
1242 }
wc_Sha384Final(wc_Sha384 * sha384,byte * hash)1243 int wc_Sha384Final(wc_Sha384* sha384, byte* hash)
1244 {
1245 int ret = 0;
1246 ret = se050_hash_final(&sha384->se050Ctx, hash, WC_SHA384_DIGEST_SIZE,
1247 kAlgorithm_SSS_SHA384);
1248 (void)wc_InitSha384(sha384);
1249 return ret;
1250 }
wc_Sha384FinalRaw(wc_Sha384 * sha384,byte * hash)1251 int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash)
1252 {
1253 int ret = 0;
1254 ret = se050_hash_final(&sha384->se050Ctx, hash, WC_SHA384_DIGEST_SIZE,
1255 kAlgorithm_SSS_SHA384);
1256 (void)wc_InitSha384(sha384);
1257 return ret;
1258 }
1259
1260 #elif defined(WOLFSSL_SILABS_SHA512)
1261 /* functions defined in wolfcrypt/src/port/silabs/silabs_hash.c */
1262
1263 #elif defined(WOLFSSL_KCAPI_HASH)
1264 /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1265
1266 #else
1267
InitSha384(wc_Sha384 * sha384)1268 static int InitSha384(wc_Sha384* sha384)
1269 {
1270 if (sha384 == NULL) {
1271 return BAD_FUNC_ARG;
1272 }
1273
1274 sha384->digest[0] = W64LIT(0xcbbb9d5dc1059ed8);
1275 sha384->digest[1] = W64LIT(0x629a292a367cd507);
1276 sha384->digest[2] = W64LIT(0x9159015a3070dd17);
1277 sha384->digest[3] = W64LIT(0x152fecd8f70e5939);
1278 sha384->digest[4] = W64LIT(0x67332667ffc00b31);
1279 sha384->digest[5] = W64LIT(0x8eb44a8768581511);
1280 sha384->digest[6] = W64LIT(0xdb0c2e0d64f98fa7);
1281 sha384->digest[7] = W64LIT(0x47b5481dbefa4fa4);
1282
1283 sha384->buffLen = 0;
1284 sha384->loLen = 0;
1285 sha384->hiLen = 0;
1286
1287 #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1288 !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1289 sha384->ctx.sha_type = SHA2_384;
1290 /* always start firstblock = 1 when using hw engine */
1291 sha384->ctx.isfirstblock = 1;
1292 if(sha384->ctx.mode == ESP32_SHA_HW) {
1293 /* release hw */
1294 esp_sha_hw_unlock();
1295 }
1296 /* always set mode as INIT
1297 * whether using HW or SW is determined at first call of update()
1298 */
1299 sha384->ctx.mode = ESP32_SHA_INIT;
1300
1301 #endif
1302 #ifdef WOLFSSL_HASH_FLAGS
1303 sha384->flags = 0;
1304 #endif
1305
1306 return 0;
1307 }
1308
wc_Sha384Update(wc_Sha384 * sha384,const byte * data,word32 len)1309 int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
1310 {
1311 if (sha384 == NULL || (data == NULL && len > 0)) {
1312 return BAD_FUNC_ARG;
1313 }
1314
1315 #ifdef WOLF_CRYPTO_CB
1316 if (sha384->devId != INVALID_DEVID) {
1317 int ret = wc_CryptoCb_Sha384Hash(sha384, data, len, NULL);
1318 if (ret != CRYPTOCB_UNAVAILABLE)
1319 return ret;
1320 /* fall-through when unavailable */
1321 }
1322 #endif
1323 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
1324 if (sha384->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA384) {
1325 #if defined(HAVE_INTEL_QA)
1326 return IntelQaSymSha384(&sha384->asyncDev, NULL, data, len);
1327 #endif
1328 }
1329 #endif /* WOLFSSL_ASYNC_CRYPT */
1330
1331 return Sha512Update((wc_Sha512*)sha384, data, len);
1332 }
1333
1334
wc_Sha384FinalRaw(wc_Sha384 * sha384,byte * hash)1335 int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash)
1336 {
1337 #ifdef LITTLE_ENDIAN_ORDER
1338 word64 digest[WC_SHA384_DIGEST_SIZE / sizeof(word64)];
1339 #endif
1340
1341 if (sha384 == NULL || hash == NULL) {
1342 return BAD_FUNC_ARG;
1343 }
1344
1345 #ifdef LITTLE_ENDIAN_ORDER
1346 ByteReverseWords64((word64*)digest, (word64*)sha384->digest,
1347 WC_SHA384_DIGEST_SIZE);
1348 XMEMCPY(hash, digest, WC_SHA384_DIGEST_SIZE);
1349 #else
1350 XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE);
1351 #endif
1352
1353 return 0;
1354 }
1355
wc_Sha384Final(wc_Sha384 * sha384,byte * hash)1356 int wc_Sha384Final(wc_Sha384* sha384, byte* hash)
1357 {
1358 int ret;
1359
1360 if (sha384 == NULL || hash == NULL) {
1361 return BAD_FUNC_ARG;
1362 }
1363
1364 #ifdef WOLF_CRYPTO_CB
1365 if (sha384->devId != INVALID_DEVID) {
1366 ret = wc_CryptoCb_Sha384Hash(sha384, NULL, 0, hash);
1367 if (ret != CRYPTOCB_UNAVAILABLE)
1368 return ret;
1369 /* fall-through when unavailable */
1370 }
1371 #endif
1372 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
1373 if (sha384->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA384) {
1374 #if defined(HAVE_INTEL_QA)
1375 return IntelQaSymSha384(&sha384->asyncDev, hash, NULL,
1376 WC_SHA384_DIGEST_SIZE);
1377 #endif
1378 }
1379 #endif /* WOLFSSL_ASYNC_CRYPT */
1380
1381 ret = Sha512Final((wc_Sha512*)sha384);
1382 if (ret != 0)
1383 return ret;
1384
1385 XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE);
1386
1387 return InitSha384(sha384); /* reset state */
1388 }
1389
wc_InitSha384_ex(wc_Sha384 * sha384,void * heap,int devId)1390 int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
1391 {
1392 int ret;
1393
1394 if (sha384 == NULL) {
1395 return BAD_FUNC_ARG;
1396 }
1397
1398 sha384->heap = heap;
1399 #ifdef WOLFSSL_SMALL_STACK_CACHE
1400 sha384->W = NULL;
1401 #endif
1402 #ifdef WOLF_CRYPTO_CB
1403 sha384->devId = devId;
1404 sha384->devCtx = NULL;
1405 #endif
1406
1407 ret = InitSha384(sha384);
1408 if (ret != 0)
1409 return ret;
1410
1411 #if defined(USE_INTEL_SPEEDUP) && \
1412 (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1413 Sha512_SetTransform();
1414 #endif
1415
1416 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
1417 ret = wolfAsync_DevCtxInit(&sha384->asyncDev, WOLFSSL_ASYNC_MARKER_SHA384,
1418 sha384->heap, devId);
1419 #else
1420 (void)devId;
1421 #endif /* WOLFSSL_ASYNC_CRYPT */
1422
1423 return ret;
1424 }
1425
1426 #endif /* WOLFSSL_IMX6_CAAM || WOLFSSL_SILABS_SHA512 || WOLFSSL_KCAPI_HASH */
1427
wc_InitSha384(wc_Sha384 * sha384)1428 int wc_InitSha384(wc_Sha384* sha384)
1429 {
1430 return wc_InitSha384_ex(sha384, NULL, INVALID_DEVID);
1431 }
1432
wc_Sha384Free(wc_Sha384 * sha384)1433 void wc_Sha384Free(wc_Sha384* sha384)
1434 {
1435 if (sha384 == NULL)
1436 return;
1437
1438 #ifdef WOLFSSL_SMALL_STACK_CACHE
1439 if (sha384->W != NULL) {
1440 XFREE(sha384->W, sha384->heap, DYNAMIC_TYPE_TMP_BUFFER);
1441 sha384->W = NULL;
1442 }
1443 #endif
1444
1445 #if defined(WOLFSSL_KCAPI_HASH)
1446 KcapiHashFree(&sha384->kcapi);
1447 #endif
1448
1449
1450 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
1451 wolfAsync_DevCtxFree(&sha384->asyncDev, WOLFSSL_ASYNC_MARKER_SHA384);
1452 #endif /* WOLFSSL_ASYNC_CRYPT */
1453 }
1454
1455 #endif /* WOLFSSL_SHA384 */
1456
1457 #endif /* HAVE_FIPS */
1458
1459 #ifdef WOLFSSL_SHA512
1460
1461 #if defined(WOLFSSL_KCAPI_HASH)
1462 /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1463
1464 #else
1465
Sha512_Family_GetHash(wc_Sha512 * sha512,byte * hash,int (* finalfp)(wc_Sha512 *,byte *))1466 static int Sha512_Family_GetHash(wc_Sha512* sha512, byte* hash,
1467 int (*finalfp)(wc_Sha512*, byte*))
1468 {
1469 int ret;
1470 wc_Sha512 tmpSha512;
1471
1472 if (sha512 == NULL || hash == NULL)
1473 return BAD_FUNC_ARG;
1474
1475 #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1476 !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1477 if(sha512->ctx.mode == ESP32_SHA_INIT) {
1478 esp_sha_try_hw_lock(&sha512->ctx);
1479 }
1480 if(sha512->ctx.mode != ESP32_SHA_SW)
1481 esp_sha512_digest_process(sha512, 0);
1482 #endif
1483
1484 ret = wc_Sha512Copy(sha512, &tmpSha512);
1485 if (ret == 0) {
1486 ret = finalfp(&tmpSha512, hash);
1487 #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1488 !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1489 sha512->ctx.mode = ESP32_SHA_SW;;
1490 #endif
1491 wc_Sha512Free(&tmpSha512);
1492 }
1493 return ret;
1494 }
1495
wc_Sha512GetHash(wc_Sha512 * sha512,byte * hash)1496 int wc_Sha512GetHash(wc_Sha512* sha512, byte* hash)
1497 {
1498 return Sha512_Family_GetHash(sha512, hash, wc_Sha512Final);
1499 }
1500
wc_Sha512Copy(wc_Sha512 * src,wc_Sha512 * dst)1501 int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
1502 {
1503 int ret = 0;
1504
1505 if (src == NULL || dst == NULL)
1506 return BAD_FUNC_ARG;
1507
1508 XMEMCPY(dst, src, sizeof(wc_Sha512));
1509 #ifdef WOLFSSL_SMALL_STACK_CACHE
1510 dst->W = NULL;
1511 #endif
1512
1513 #ifdef WOLFSSL_SILABS_SHA512
1514 dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx);
1515 dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx);
1516 #endif
1517
1518 #ifdef WOLFSSL_ASYNC_CRYPT
1519 ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
1520 #endif
1521 #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1522 !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1523 dst->ctx.mode = src->ctx.mode;
1524 dst->ctx.isfirstblock = src->ctx.isfirstblock;
1525 dst->ctx.sha_type = src->ctx.sha_type;
1526 #endif
1527 #ifdef WOLFSSL_HASH_FLAGS
1528 dst->flags |= WC_HASH_FLAG_ISCOPY;
1529 #endif
1530
1531 return ret;
1532 }
1533
1534 #endif /* WOLFSSL_KCAPI_HASH */
1535
1536 #ifdef WOLFSSL_HASH_FLAGS
wc_Sha512SetFlags(wc_Sha512 * sha512,word32 flags)1537 int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags)
1538 {
1539 if (sha512) {
1540 sha512->flags = flags;
1541 }
1542 return 0;
1543 }
wc_Sha512GetFlags(wc_Sha512 * sha512,word32 * flags)1544 int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags)
1545 {
1546 if (sha512 && flags) {
1547 *flags = sha512->flags;
1548 }
1549 return 0;
1550 }
1551 #endif /* WOLFSSL_HASH_FLAGS */
1552
1553 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
1554
1555 #if !defined(WOLFSSL_NOSHA512_224)
wc_InitSha512_224(wc_Sha512 * sha)1556 int wc_InitSha512_224(wc_Sha512* sha)
1557 {
1558 return wc_InitSha512_224_ex(sha, NULL, INVALID_DEVID);
1559 }
wc_Sha512_224Update(wc_Sha512 * sha,const byte * data,word32 len)1560 int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len)
1561 {
1562 return wc_Sha512Update(sha, data, len);
1563 }
1564
1565 #if defined(WOLFSSL_KCAPI_HASH)
1566 /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1567 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
1568
1569 #else
wc_Sha512_224FinalRaw(wc_Sha512 * sha,byte * hash)1570 int wc_Sha512_224FinalRaw(wc_Sha512* sha, byte* hash)
1571 {
1572 return Sha512FinalRaw(sha, hash, WC_SHA512_224_DIGEST_SIZE);
1573 }
wc_Sha512_224Final(wc_Sha512 * sha512,byte * hash)1574 int wc_Sha512_224Final(wc_Sha512* sha512, byte* hash)
1575 {
1576 return Sha512_Family_Final(sha512, hash, WC_SHA512_224_DIGEST_SIZE,
1577 InitSha512_224);
1578 }
1579 #endif
wc_Sha512_224Free(wc_Sha512 * sha)1580 void wc_Sha512_224Free(wc_Sha512* sha)
1581 {
1582 wc_Sha512Free(sha);
1583 }
1584 #if defined(WOLFSSL_KCAPI_HASH)
1585 /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1586 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
1587
1588
1589 #else
wc_Sha512_224GetHash(wc_Sha512 * sha512,byte * hash)1590 int wc_Sha512_224GetHash(wc_Sha512* sha512, byte* hash)
1591 {
1592 return Sha512_Family_GetHash(sha512, hash, wc_Sha512_224Final);
1593 }
wc_Sha512_224Copy(wc_Sha512 * src,wc_Sha512 * dst)1594 int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst)
1595 {
1596 return wc_Sha512Copy(src, dst);
1597 }
1598 #endif
1599
1600 #ifdef WOLFSSL_HASH_FLAGS
wc_Sha512_224SetFlags(wc_Sha512 * sha,word32 flags)1601 int wc_Sha512_224SetFlags(wc_Sha512* sha, word32 flags)
1602 {
1603 return wc_Sha512SetFlags(sha, flags);
1604 }
wc_Sha512_224GetFlags(wc_Sha512 * sha,word32 * flags)1605 int wc_Sha512_224GetFlags(wc_Sha512* sha, word32* flags)
1606 {
1607 return wc_Sha512GetFlags(sha, flags);
1608 }
1609 #endif /* WOLFSSL_HASH_FLAGS */
1610
1611 #if defined(OPENSSL_EXTRA)
wc_Sha512_224Transform(wc_Sha512 * sha,const unsigned char * data)1612 int wc_Sha512_224Transform(wc_Sha512* sha, const unsigned char* data)
1613 {
1614 return wc_Sha512Transform(sha, data);
1615 }
1616 #endif /* OPENSSL_EXTRA */
1617
1618 #endif /* !WOLFSSL_NOSHA512_224 */
1619
1620 #if !defined(WOLFSSL_NOSHA512_256)
wc_InitSha512_256(wc_Sha512 * sha)1621 int wc_InitSha512_256(wc_Sha512* sha)
1622 {
1623 return wc_InitSha512_256_ex(sha, NULL, INVALID_DEVID);
1624 }
wc_Sha512_256Update(wc_Sha512 * sha,const byte * data,word32 len)1625 int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len)
1626 {
1627 return wc_Sha512Update(sha, data, len);
1628 }
1629 #if defined(WOLFSSL_KCAPI_HASH)
1630 /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1631 #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
1632
1633 #else
wc_Sha512_256FinalRaw(wc_Sha512 * sha,byte * hash)1634 int wc_Sha512_256FinalRaw(wc_Sha512* sha, byte* hash)
1635 {
1636 return Sha512FinalRaw(sha, hash, WC_SHA512_256_DIGEST_SIZE);
1637 }
wc_Sha512_256Final(wc_Sha512 * sha512,byte * hash)1638 int wc_Sha512_256Final(wc_Sha512* sha512, byte* hash)
1639 {
1640 return Sha512_Family_Final(sha512, hash, WC_SHA512_256_DIGEST_SIZE,
1641 InitSha512_256);
1642 }
1643 #endif
wc_Sha512_256Free(wc_Sha512 * sha)1644 void wc_Sha512_256Free(wc_Sha512* sha)
1645 {
1646 wc_Sha512Free(sha);
1647 }
1648 #if defined(WOLFSSL_KCAPI_HASH)
1649 /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1650
1651 #else
wc_Sha512_256GetHash(wc_Sha512 * sha512,byte * hash)1652 int wc_Sha512_256GetHash(wc_Sha512* sha512, byte* hash)
1653 {
1654 return Sha512_Family_GetHash(sha512, hash, wc_Sha512_256Final);
1655 }
wc_Sha512_256Copy(wc_Sha512 * src,wc_Sha512 * dst)1656 int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst)
1657 {
1658 return wc_Sha512Copy(src, dst);
1659 }
1660 #endif
1661
1662 #ifdef WOLFSSL_HASH_FLAGS
wc_Sha512_256SetFlags(wc_Sha512 * sha,word32 flags)1663 int wc_Sha512_256SetFlags(wc_Sha512* sha, word32 flags)
1664 {
1665 return wc_Sha512SetFlags(sha, flags);
1666 }
wc_Sha512_256GetFlags(wc_Sha512 * sha,word32 * flags)1667 int wc_Sha512_256GetFlags(wc_Sha512* sha, word32* flags)
1668 {
1669 return wc_Sha512GetFlags(sha, flags);
1670 }
1671 #endif /* WOLFSSL_HASH_FLAGS */
1672
1673 #if defined(OPENSSL_EXTRA)
wc_Sha512_256Transform(wc_Sha512 * sha,const unsigned char * data)1674 int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data)
1675 {
1676 return wc_Sha512Transform(sha, data);
1677 }
1678 #endif /* OPENSSL_EXTRA */
1679
1680 #endif /* !WOLFSSL_NOSHA512_224 */
1681 #endif /* !HAVE_FIPS && !HAVE_SELFTEST */
1682
1683 #endif /* WOLFSSL_SHA512 */
1684
1685 #ifdef WOLFSSL_SHA384
1686
1687 #if defined(WOLFSSL_KCAPI_HASH)
1688 /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1689
1690 #else
1691
wc_Sha384GetHash(wc_Sha384 * sha384,byte * hash)1692 int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash)
1693 {
1694 int ret;
1695 wc_Sha384 tmpSha384;
1696
1697 if (sha384 == NULL || hash == NULL)
1698 return BAD_FUNC_ARG;
1699 #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1700 !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1701 if(sha384->ctx.mode == ESP32_SHA_INIT) {
1702 esp_sha_try_hw_lock(&sha384->ctx);
1703 }
1704 if(sha384->ctx.mode != ESP32_SHA_SW) {
1705 esp_sha512_digest_process(sha384, 0);
1706 }
1707 #endif
1708 ret = wc_Sha384Copy(sha384, &tmpSha384);
1709 if (ret == 0) {
1710 ret = wc_Sha384Final(&tmpSha384, hash);
1711 #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1712 !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1713 sha384->ctx.mode = ESP32_SHA_SW;
1714 #endif
1715 wc_Sha384Free(&tmpSha384);
1716 }
1717 return ret;
1718 }
wc_Sha384Copy(wc_Sha384 * src,wc_Sha384 * dst)1719 int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
1720 {
1721 int ret = 0;
1722
1723 if (src == NULL || dst == NULL)
1724 return BAD_FUNC_ARG;
1725
1726 XMEMCPY(dst, src, sizeof(wc_Sha384));
1727 #ifdef WOLFSSL_SMALL_STACK_CACHE
1728 dst->W = NULL;
1729 #endif
1730
1731 #ifdef WOLFSSL_SILABS_SHA384
1732 dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx);
1733 dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx);
1734 #endif
1735
1736 #ifdef WOLFSSL_ASYNC_CRYPT
1737 ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
1738 #endif
1739 #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1740 !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1741 dst->ctx.mode = src->ctx.mode;
1742 dst->ctx.isfirstblock = src->ctx.isfirstblock;
1743 dst->ctx.sha_type = src->ctx.sha_type;
1744 #endif
1745 #ifdef WOLFSSL_HASH_FLAGS
1746 dst->flags |= WC_HASH_FLAG_ISCOPY;
1747 #endif
1748
1749 return ret;
1750 }
1751
1752 #endif /* WOLFSSL_KCAPI_HASH */
1753
1754 #ifdef WOLFSSL_HASH_FLAGS
wc_Sha384SetFlags(wc_Sha384 * sha384,word32 flags)1755 int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags)
1756 {
1757 if (sha384) {
1758 sha384->flags = flags;
1759 }
1760 return 0;
1761 }
wc_Sha384GetFlags(wc_Sha384 * sha384,word32 * flags)1762 int wc_Sha384GetFlags(wc_Sha384* sha384, word32* flags)
1763 {
1764 if (sha384 && flags) {
1765 *flags = sha384->flags;
1766 }
1767 return 0;
1768 }
1769 #endif
1770
1771 #endif /* WOLFSSL_SHA384 */
1772
1773 #endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */
1774