130 lines
4.9 KiB
C
130 lines
4.9 KiB
C
/* sha512.h - TinyCrypt interface to a SHA-512 implementation */
|
|
|
|
/*
|
|
* Copyright (C) 2020 by Intel Corporation, All Rights Reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions are met:
|
|
*
|
|
* - Redistributions of source code must retain the above copyright notice,
|
|
* this list of conditions and the following disclaimer.
|
|
*
|
|
* - Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* - Neither the name of Intel Corporation nor the names of its contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
|
|
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
/**
|
|
* @file
|
|
* @brief Interface to a SHA-512 implementation.
|
|
*
|
|
* Overview: SHA-512 is a NIST approved cryptographic hashing algorithm
|
|
* specified in FIPS 180. A hash algorithm maps data of arbitrary
|
|
* size to data of fixed length.
|
|
*
|
|
* Security: SHA-512 provides 256 bits of security against collision attacks
|
|
* and 512 bits of security against pre-image attacks. SHA-512 does
|
|
* NOT behave like a random oracle, but it can be used as one if
|
|
* the string being hashed is prefix-free encoded before hashing.
|
|
*
|
|
* Usage: 1) call tc_sha512_init to initialize a struct
|
|
* tc_sha512_state_struct before hashing a new string.
|
|
*
|
|
* 2) call tc_sha512_update to hash the next string segment;
|
|
* tc_sha512_update can be called as many times as needed to hash
|
|
* all of the segments of a string; the order is important.
|
|
*
|
|
* 3) call tc_sha512_final to out put the digest from a hashing
|
|
* operation.
|
|
*/
|
|
|
|
#ifndef __TC_SHA512_H__
|
|
#define __TC_SHA512_H__
|
|
|
|
#include <stddef.h>
|
|
#include <stdint.h>
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
#define TC_SHA512_BLOCK_SIZE (128)
|
|
#define TC_SHA512_DIGEST_SIZE (64)
|
|
#define TC_SHA512_STATE_BLOCKS (TC_SHA512_DIGEST_SIZE/8)
|
|
|
|
struct tc_sha512_state_struct {
|
|
uint64_t iv[TC_SHA512_STATE_BLOCKS];
|
|
uint64_t bits_hashed;
|
|
uint8_t leftover[TC_SHA512_BLOCK_SIZE];
|
|
size_t leftover_offset;
|
|
};
|
|
|
|
typedef struct tc_sha512_state_struct *TCSha512State_t;
|
|
|
|
/**
|
|
* @brief SHA512 initialization procedure
|
|
* Initializes s
|
|
* @return returns TC_CRYPTO_SUCCESS (1)
|
|
* returns TC_CRYPTO_FAIL (0) if s == NULL
|
|
* @param s Sha512 state struct
|
|
*/
|
|
int tc_sha512_init(TCSha512State_t s);
|
|
|
|
/**
|
|
* @brief SHA512 update procedure
|
|
* Hashes data_length bytes addressed by data into state s
|
|
* @return returns TC_CRYPTO_SUCCESS (1)
|
|
* returns TC_CRYPTO_FAIL (0) if:
|
|
* s == NULL,
|
|
* s->iv == NULL,
|
|
* data == NULL
|
|
* @note Assumes s has been initialized by tc_sha512_init
|
|
* @warning The state buffer 'leftover' is left in memory after processing
|
|
* If your application intends to have sensitive data in this
|
|
* buffer, remind to erase it after the data has been processed
|
|
* @param s Sha512 state struct
|
|
* @param data message to hash
|
|
* @param datalen length of message to hash
|
|
*/
|
|
int tc_sha512_update (TCSha512State_t s, const uint8_t *data, size_t datalen);
|
|
|
|
/**
|
|
* @brief SHA512 final procedure
|
|
* Inserts the completed hash computation into digest
|
|
* @return returns TC_CRYPTO_SUCCESS (1)
|
|
* returns TC_CRYPTO_FAIL (0) if:
|
|
* s == NULL,
|
|
* s->iv == NULL,
|
|
* digest == NULL
|
|
* @note Assumes: s has been initialized by tc_sha512_init
|
|
* digest points to at least TC_SHA512_DIGEST_SIZE bytes
|
|
* @warning The state buffer 'leftover' is left in memory after processing
|
|
* If your application intends to have sensitive data in this
|
|
* buffer, remind to erase it after the data has been processed
|
|
* @param digest unsigned eight bit integer
|
|
* @param Sha512 state struct
|
|
*/
|
|
int tc_sha512_final(uint8_t *digest, TCSha512State_t s);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* __TC_SHA512_H__ */
|