Coverage Report

Created: 2022-08-24 06:28

/src/wolfssl-sp-math-all/wolfcrypt/src/sha512.c
Line
Count
Source (jump to first uncovered line)
1
/* sha512.c
2
 *
3
 * Copyright (C) 2006-2022 wolfSSL Inc.
4
 *
5
 * This file is part of wolfSSL.
6
 *
7
 * wolfSSL is free software; you can redistribute it and/or modify
8
 * it under the terms of the GNU General Public License as published by
9
 * the Free Software Foundation; either version 2 of the License, or
10
 * (at your option) any later version.
11
 *
12
 * wolfSSL is distributed in the hope that it will be useful,
13
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15
 * GNU General Public License for more details.
16
 *
17
 * You should have received a copy of the GNU General Public License
18
 * along with this program; if not, write to the Free Software
19
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20
 */
21
22
23
#ifdef HAVE_CONFIG_H
24
    #include <config.h>
25
#endif
26
27
#include <wolfssl/wolfcrypt/settings.h>
28
29
#if (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)) && !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PSOC6_CRYPTO)
30
31
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
32
    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
33
    #define FIPS_NO_WRAPPERS
34
35
    #ifdef USE_WINDOWS_API
36
        #pragma code_seg(".fipsA$k")
37
        #pragma const_seg(".fipsB$k")
38
    #endif
39
#endif
40
41
#include <wolfssl/wolfcrypt/sha512.h>
42
#include <wolfssl/wolfcrypt/error-crypt.h>
43
#include <wolfssl/wolfcrypt/cpuid.h>
44
#include <wolfssl/wolfcrypt/hash.h>
45
46
#ifdef WOLF_CRYPTO_CB
47
    #include <wolfssl/wolfcrypt/cryptocb.h>
48
#endif
49
50
/* deprecated USE_SLOW_SHA2 (replaced with USE_SLOW_SHA512) */
51
#if defined(USE_SLOW_SHA2) && !defined(USE_SLOW_SHA512)
52
    #define USE_SLOW_SHA512
53
#endif
54
55
/* fips wrapper calls, user can call direct */
56
#if defined(HAVE_FIPS) && \
57
    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
58
59
    #ifdef WOLFSSL_SHA512
60
61
        int wc_InitSha512(wc_Sha512* sha)
62
        {
63
            if (sha == NULL) {
64
                return BAD_FUNC_ARG;
65
            }
66
67
            return InitSha512_fips(sha);
68
        }
69
        int wc_InitSha512_ex(wc_Sha512* sha, void* heap, int devId)
70
        {
71
            (void)heap;
72
            (void)devId;
73
            if (sha == NULL) {
74
                return BAD_FUNC_ARG;
75
            }
76
            return InitSha512_fips(sha);
77
        }
78
        int wc_Sha512Update(wc_Sha512* sha, const byte* data, word32 len)
79
        {
80
            if (sha == NULL || (data == NULL && len > 0)) {
81
                return BAD_FUNC_ARG;
82
            }
83
84
            return Sha512Update_fips(sha, data, len);
85
        }
86
        int wc_Sha512Final(wc_Sha512* sha, byte* out)
87
        {
88
            if (sha == NULL || out == NULL) {
89
                return BAD_FUNC_ARG;
90
            }
91
92
            return Sha512Final_fips(sha, out);
93
        }
94
        void wc_Sha512Free(wc_Sha512* sha)
95
        {
96
            (void)sha;
97
            /* Not supported in FIPS */
98
        }
99
    #endif
100
101
    #if defined(WOLFSSL_SHA384) || defined(HAVE_AESGCM)
102
        int wc_InitSha384(wc_Sha384* sha)
103
        {
104
            if (sha == NULL) {
105
                return BAD_FUNC_ARG;
106
            }
107
            return InitSha384_fips(sha);
108
        }
109
        int wc_InitSha384_ex(wc_Sha384* sha, void* heap, int devId)
110
        {
111
            (void)heap;
112
            (void)devId;
113
            if (sha == NULL) {
114
                return BAD_FUNC_ARG;
115
            }
116
            return InitSha384_fips(sha);
117
        }
118
        int wc_Sha384Update(wc_Sha384* sha, const byte* data, word32 len)
119
        {
120
            if (sha == NULL || (data == NULL && len > 0)) {
121
                return BAD_FUNC_ARG;
122
            }
123
            return Sha384Update_fips(sha, data, len);
124
        }
125
        int wc_Sha384Final(wc_Sha384* sha, byte* out)
126
        {
127
            if (sha == NULL || out == NULL) {
128
                return BAD_FUNC_ARG;
129
            }
130
            return Sha384Final_fips(sha, out);
131
        }
132
        void wc_Sha384Free(wc_Sha384* sha)
133
        {
134
            (void)sha;
135
            /* Not supported in FIPS */
136
        }
137
    #endif /* WOLFSSL_SHA384 || HAVE_AESGCM */
138
139
#else /* else build without fips, or for FIPS v2 */
140
141
#include <wolfssl/wolfcrypt/logging.h>
142
143
#ifdef NO_INLINE
144
    #include <wolfssl/wolfcrypt/misc.h>
145
#else
146
    #define WOLFSSL_MISC_INCLUDED
147
    #include <wolfcrypt/src/misc.c>
148
#endif
149
150
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
151
    #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
152
#endif
153
154
155
#if defined(USE_INTEL_SPEEDUP)
156
    #if defined(__GNUC__) && ((__GNUC__ < 4) || \
157
                              (__GNUC__ == 4 && __GNUC_MINOR__ <= 8))
158
        #undef  NO_AVX2_SUPPORT
159
        #define NO_AVX2_SUPPORT
160
    #endif
161
    #if defined(__clang__) && ((__clang_major__ < 3) || \
162
                               (__clang_major__ == 3 && __clang_minor__ <= 5))
163
        #define NO_AVX2_SUPPORT
164
    #elif defined(__clang__) && defined(NO_AVX2_SUPPORT)
165
        #undef NO_AVX2_SUPPORT
166
    #endif
167
168
    #define HAVE_INTEL_AVX1
169
    #ifndef NO_AVX2_SUPPORT
170
        #define HAVE_INTEL_AVX2
171
    #endif
172
#endif
173
174
#if defined(HAVE_INTEL_AVX1)
175
    /* #define DEBUG_XMM  */
176
#endif
177
178
#if defined(HAVE_INTEL_AVX2)
179
    #define HAVE_INTEL_RORX
180
    /* #define DEBUG_YMM  */
181
#endif
182
183
#if defined(HAVE_BYTEREVERSE64) && \
184
        !defined(HAVE_INTEL_AVX1) && !defined(HAVE_INTEL_AVX2)
185
    #define ByteReverseWords64(out, in, size) ByteReverseWords64_1(out, size)
186
    #define ByteReverseWords64_1(buf, size) \
187
        { unsigned int i ;\
188
            for(i=0; i< size/sizeof(word64); i++){\
189
                __asm__ volatile("bswapq %0":"+r"(buf[i])::) ;\
190
            }\
191
        }
192
#endif
193
194
#if defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_HASH) && \
195
    !defined(WOLFSSL_QNX_CAAM)
196
    /* functions defined in wolfcrypt/src/port/caam/caam_sha.c */
197
198
#elif defined(WOLFSSL_SILABS_SHA384)
199
    /* functions defined in wolfcrypt/src/port/silabs/silabs_hash.c */
200
201
#elif defined(WOLFSSL_KCAPI_HASH)
202
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
203
204
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
205
    int wc_InitSha512(wc_Sha512* sha512)
206
    {
207
        if (sha512 == NULL)
208
            return BAD_FUNC_ARG;
209
        return se050_hash_init(&sha512->se050Ctx, NULL);
210
    }
211
    int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
212
    {
213
        if (sha512 == NULL) {
214
            return BAD_FUNC_ARG;
215
        }
216
        (void)devId;
217
        return se050_hash_init(&sha512->se050Ctx, heap);
218
    }
219
    int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
220
    {
221
        return se050_hash_update(&sha512->se050Ctx, data, len);
222
    }
223
    int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
224
    {
225
        int ret = 0;
226
        int devId = INVALID_DEVID;
227
        if (sha512 == NULL) {
228
            return BAD_FUNC_ARG;
229
        }
230
    #ifdef WOLF_CRYPTO_CB
231
        devId = sha512->devId;
232
    #endif
233
        ret = se050_hash_final(&sha512->se050Ctx, hash, WC_SHA512_DIGEST_SIZE,
234
                               kAlgorithm_SSS_SHA512);
235
        return ret;
236
    }
237
    int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash)
238
    {
239
        int ret = 0;
240
        int devId = INVALID_DEVID;
241
        if (sha512 == NULL) {
242
            return BAD_FUNC_ARG;
243
        }
244
    #ifdef WOLF_CRYPTO_CB
245
        devId = sha512->devId;
246
    #endif
247
        ret = se050_hash_final(&sha512->se050Ctx, hash, WC_SHA512_DIGEST_SIZE,
248
                               kAlgorithm_SSS_SHA512);
249
        return ret;
250
    }
251
    void wc_Sha512Free(wc_Sha512* sha512)
252
    {
253
        se050_hash_free(&sha512->se050Ctx);
254
    }
255
256
#else
257
258
#ifdef WOLFSSL_SHA512
259
260
static int InitSha512(wc_Sha512* sha512)
261
4.34k
{
262
4.34k
    if (sha512 == NULL)
263
0
        return BAD_FUNC_ARG;
264
265
4.34k
    sha512->digest[0] = W64LIT(0x6a09e667f3bcc908);
266
4.34k
    sha512->digest[1] = W64LIT(0xbb67ae8584caa73b);
267
4.34k
    sha512->digest[2] = W64LIT(0x3c6ef372fe94f82b);
268
4.34k
    sha512->digest[3] = W64LIT(0xa54ff53a5f1d36f1);
269
4.34k
    sha512->digest[4] = W64LIT(0x510e527fade682d1);
270
4.34k
    sha512->digest[5] = W64LIT(0x9b05688c2b3e6c1f);
271
4.34k
    sha512->digest[6] = W64LIT(0x1f83d9abfb41bd6b);
272
4.34k
    sha512->digest[7] = W64LIT(0x5be0cd19137e2179);
273
274
4.34k
    sha512->buffLen = 0;
275
4.34k
    sha512->loLen   = 0;
276
4.34k
    sha512->hiLen   = 0;
277
278
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
279
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
280
281
    sha512->ctx.sha_type = SHA2_512;
282
     /* always start firstblock = 1 when using hw engine */
283
    sha512->ctx.isfirstblock = 1;
284
    if(sha512->ctx.mode == ESP32_SHA_HW) {
285
        /* release hw */
286
        esp_sha_hw_unlock(&(sha512->ctx));
287
    }
288
    /* always set mode as INIT
289
    *  whether using HW or SW is determined at first call of update()
290
    */
291
    sha512->ctx.mode = ESP32_SHA_INIT;
292
#endif
293
4.34k
#ifdef WOLFSSL_HASH_FLAGS
294
4.34k
    sha512->flags = 0;
295
4.34k
#endif
296
4.34k
    return 0;
297
4.34k
}
298
299
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
300
#if !defined(WOLFSSL_NOSHA512_224)
301
/**
302
 * Initialize given wc_Sha512 structure with value specific to sha512/224.
303
 * Note that sha512/224 has different initial hash value from sha512.
304
 * The initial hash value consists of eight 64bit words. They are given
305
 * in FIPS180-4.
306
 */
307
static int InitSha512_224(wc_Sha512* sha512)
308
0
{
309
0
    if (sha512 == NULL)
310
0
        return BAD_FUNC_ARG;
311
312
0
    sha512->digest[0] = W64LIT(0x8c3d37c819544da2);
313
0
    sha512->digest[1] = W64LIT(0x73e1996689dcd4d6);
314
0
    sha512->digest[2] = W64LIT(0x1dfab7ae32ff9c82);
315
0
    sha512->digest[3] = W64LIT(0x679dd514582f9fcf);
316
0
    sha512->digest[4] = W64LIT(0x0f6d2b697bd44da8);
317
0
    sha512->digest[5] = W64LIT(0x77e36f7304c48942);
318
0
    sha512->digest[6] = W64LIT(0x3f9d85a86a1d36c8);
319
0
    sha512->digest[7] = W64LIT(0x1112e6ad91d692a1);
320
321
0
    sha512->buffLen = 0;
322
0
    sha512->loLen   = 0;
323
0
    sha512->hiLen   = 0;
324
325
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
326
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
327
328
    sha512->ctx.sha_type = SHA2_512;
329
     /* always start firstblock = 1 when using hw engine */
330
    sha512->ctx.isfirstblock = 1;
331
    if(sha512->ctx.mode == ESP32_SHA_HW) {
332
        /* release hw */
333
        esp_sha_hw_unlock(&(sha512->ctx));
334
    }
335
    /* always set mode as INIT
336
    *  whether using HW or SW is determined at first call of update()
337
    */
338
    sha512->ctx.mode = ESP32_SHA_INIT;
339
#endif
340
0
#ifdef WOLFSSL_HASH_FLAGS
341
0
    sha512->flags = 0;
342
0
#endif
343
0
    return 0;
344
0
}
345
#endif /* !WOLFSSL_NOSHA512_224 */
346
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
347
348
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
349
#if !defined(WOLFSSL_NOSHA512_256)
350
/**
351
 * Initialize given wc_Sha512 structure with value specific to sha512/256.
352
 * Note that sha512/256 has different initial hash value from sha512.
353
 * The initial hash value consists of eight 64bit words. They are given
354
 * in FIPS180-4.
355
 */
356
static int InitSha512_256(wc_Sha512* sha512)
357
0
{
358
0
    if (sha512 == NULL)
359
0
        return BAD_FUNC_ARG;
360
361
0
    sha512->digest[0] = W64LIT(0x22312194fc2bf72c);
362
0
    sha512->digest[1] = W64LIT(0x9f555fa3c84c64c2);
363
0
    sha512->digest[2] = W64LIT(0x2393b86b6f53b151);
364
0
    sha512->digest[3] = W64LIT(0x963877195940eabd);
365
0
    sha512->digest[4] = W64LIT(0x96283ee2a88effe3);
366
0
    sha512->digest[5] = W64LIT(0xbe5e1e2553863992);
367
0
    sha512->digest[6] = W64LIT(0x2b0199fc2c85b8aa);
368
0
    sha512->digest[7] = W64LIT(0x0eb72ddc81c52ca2);
369
370
0
    sha512->buffLen = 0;
371
0
    sha512->loLen   = 0;
372
0
    sha512->hiLen   = 0;
373
374
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
375
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
376
377
    sha512->ctx.sha_type = SHA2_512;
378
     /* always start firstblock = 1 when using hw engine */
379
    sha512->ctx.isfirstblock = 1;
380
    if(sha512->ctx.mode == ESP32_SHA_HW) {
381
        /* release hw */
382
        esp_sha_hw_unlock(&(sha512->ctx));
383
    }
384
    /* always set mode as INIT
385
    *  whether using HW or SW is determined at first call of update()
386
    */
387
    sha512->ctx.mode = ESP32_SHA_INIT;
388
#endif
389
0
#ifdef WOLFSSL_HASH_FLAGS
390
0
    sha512->flags = 0;
391
0
#endif
392
0
    return 0;
393
0
}
394
#endif /* !WOLFSSL_NOSHA512_256 */
395
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
396
397
#endif /* WOLFSSL_SHA512 */
398
399
/* Hardware Acceleration */
400
#if defined(USE_INTEL_SPEEDUP) && \
401
    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
402
403
#ifdef WOLFSSL_SHA512
404
405
    /*****
406
    Intel AVX1/AVX2 Macro Control Structure
407
408
    #if defined(HAVE_INTEL_SPEEDUP)
409
        #define HAVE_INTEL_AVX1
410
        #define HAVE_INTEL_AVX2
411
    #endif
412
413
    int InitSha512(wc_Sha512* sha512) {
414
         Save/Recover XMM, YMM
415
         ...
416
417
         Check Intel AVX cpuid flags
418
    }
419
420
    #if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
421
      Transform_Sha512_AVX1(); # Function prototype
422
      Transform_Sha512_AVX2(); #
423
    #endif
424
425
      _Transform_Sha512() {     # Native Transform Function body
426
427
      }
428
429
      int Sha512Update() {
430
         Save/Recover XMM, YMM
431
         ...
432
      }
433
434
      int Sha512Final() {
435
         Save/Recover XMM, YMM
436
         ...
437
      }
438
439
440
    #if defined(HAVE_INTEL_AVX1)
441
442
       XMM Instructions/INLINE asm Definitions
443
444
    #endif
445
446
    #if defined(HAVE_INTEL_AVX2)
447
448
       YMM Instructions/INLINE asm Definitions
449
450
    #endif
451
452
    #if defined(HAVE_INTEL_AVX1)
453
454
      int Transform_Sha512_AVX1() {
455
          Stitched Message Sched/Round
456
      }
457
458
    #endif
459
460
    #if defined(HAVE_INTEL_AVX2)
461
462
      int Transform_Sha512_AVX2() {
463
          Stitched Message Sched/Round
464
      }
465
    #endif
466
467
    */
468
469
470
    /* Each platform needs to query info type 1 from cpuid to see if aesni is
471
     * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
472
     */
473
474
#ifdef __cplusplus
475
    extern "C" {
476
#endif
477
478
    #if defined(HAVE_INTEL_AVX1)
479
        extern int Transform_Sha512_AVX1(wc_Sha512 *sha512);
480
        extern int Transform_Sha512_AVX1_Len(wc_Sha512 *sha512, word32 len);
481
    #endif
482
    #if defined(HAVE_INTEL_AVX2)
483
        extern int Transform_Sha512_AVX2(wc_Sha512 *sha512);
484
        extern int Transform_Sha512_AVX2_Len(wc_Sha512 *sha512, word32 len);
485
        #if defined(HAVE_INTEL_RORX)
486
            extern int Transform_Sha512_AVX1_RORX(wc_Sha512 *sha512);
487
            extern int Transform_Sha512_AVX1_RORX_Len(wc_Sha512 *sha512,
488
                                                      word32 len);
489
            extern int Transform_Sha512_AVX2_RORX(wc_Sha512 *sha512);
490
            extern int Transform_Sha512_AVX2_RORX_Len(wc_Sha512 *sha512,
491
                                                      word32 len);
492
        #endif
493
    #endif
494
495
#ifdef __cplusplus
496
    }  /* extern "C" */
497
#endif
498
499
    static int _Transform_Sha512(wc_Sha512 *sha512);
500
    static int (*Transform_Sha512_p)(wc_Sha512* sha512) = _Transform_Sha512;
501
    static int (*Transform_Sha512_Len_p)(wc_Sha512* sha512, word32 len) = NULL;
502
    static int transform_check = 0;
503
    static int intel_flags;
504
    static int Transform_Sha512_is_vectorized = 0;
505
506
    static WC_INLINE int Transform_Sha512(wc_Sha512 *sha512) {
507
        int ret;
508
        ret = (*Transform_Sha512_p)(sha512);
509
        return ret;
510
    }
511
    static WC_INLINE int Transform_Sha512_Len(wc_Sha512 *sha512, word32 len) {
512
        int ret;
513
        ret = (*Transform_Sha512_Len_p)(sha512, len);
514
        return ret;
515
    }
516
517
    static void Sha512_SetTransform(void)
518
    {
519
        if (transform_check)
520
            return;
521
522
        intel_flags = cpuid_get_flags();
523
524
    #if defined(HAVE_INTEL_AVX2)
525
        if (IS_INTEL_AVX2(intel_flags)) {
526
        #ifdef HAVE_INTEL_RORX
527
            if (IS_INTEL_BMI2(intel_flags)) {
528
                Transform_Sha512_p = Transform_Sha512_AVX2_RORX;
529
                Transform_Sha512_Len_p = Transform_Sha512_AVX2_RORX_Len;
530
                Transform_Sha512_is_vectorized = 1;
531
            }
532
            else
533
        #endif
534
            if (1) {
535
                Transform_Sha512_p = Transform_Sha512_AVX2;
536
                Transform_Sha512_Len_p = Transform_Sha512_AVX2_Len;
537
                Transform_Sha512_is_vectorized = 1;
538
            }
539
        #ifdef HAVE_INTEL_RORX
540
            else {
541
                Transform_Sha512_p = Transform_Sha512_AVX1_RORX;
542
                Transform_Sha512_Len_p = Transform_Sha512_AVX1_RORX_Len;
543
                Transform_Sha512_is_vectorized = 1;
544
            }
545
        #endif
546
        }
547
        else
548
    #endif
549
    #if defined(HAVE_INTEL_AVX1)
550
        if (IS_INTEL_AVX1(intel_flags)) {
551
            Transform_Sha512_p = Transform_Sha512_AVX1;
552
            Transform_Sha512_Len_p = Transform_Sha512_AVX1_Len;
553
            Transform_Sha512_is_vectorized = 1;
554
        }
555
        else
556
    #endif
557
        {
558
            Transform_Sha512_p = _Transform_Sha512;
559
            Transform_Sha512_is_vectorized = 1;
560
        }
561
562
        transform_check = 1;
563
    }
564
#endif /* WOLFSSL_SHA512 */
565
566
#else
567
4.15k
    #define Transform_Sha512(sha512) _Transform_Sha512(sha512)
568
569
#endif
570
571
#ifdef WOLFSSL_SHA512
572
573
static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
574
                             int (*initfp)(wc_Sha512*))
575
1.55k
{
576
1.55k
   int ret = 0;
577
578
1.55k
    if (sha512 == NULL)
579
0
        return BAD_FUNC_ARG;
580
581
1.55k
    sha512->heap = heap;
582
#ifdef WOLFSSL_SMALL_STACK_CACHE
583
    sha512->W = NULL;
584
#endif
585
1.55k
#ifdef WOLF_CRYPTO_CB
586
1.55k
    sha512->devId = devId;
587
1.55k
    sha512->devCtx = NULL;
588
1.55k
#endif
589
590
1.55k
    ret = initfp(sha512);
591
1.55k
    if (ret != 0)
592
0
        return ret;
593
594
#if defined(USE_INTEL_SPEEDUP) && \
595
    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
596
    Sha512_SetTransform();
597
#endif
598
#ifdef WOLFSSL_HASH_KEEP
599
    sha512->msg  = NULL;
600
    sha512->len  = 0;
601
    sha512->used = 0;
602
#endif
603
604
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
605
    ret = wolfAsync_DevCtxInit(&sha512->asyncDev,
606
                        WOLFSSL_ASYNC_MARKER_SHA512, sha512->heap, devId);
607
#else
608
1.55k
    (void)devId;
609
1.55k
#endif /* WOLFSSL_ASYNC_CRYPT */
610
611
1.55k
    return ret;
612
1.55k
}
613
614
int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
615
1.55k
{
616
1.55k
    return InitSha512_Family(sha512, heap, devId, InitSha512);
617
1.55k
}
618
619
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
620
#if !defined(WOLFSSL_NOSHA512_224)
621
int wc_InitSha512_224_ex(wc_Sha512* sha512, void* heap, int devId)
622
0
{
623
0
    return InitSha512_Family(sha512, heap, devId, InitSha512_224);
624
0
}
625
#endif /* !WOLFSSL_NOSHA512_224 */
626
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
627
628
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
629
#if !defined(WOLFSSL_NOSHA512_256)
630
int wc_InitSha512_256_ex(wc_Sha512* sha512, void* heap, int devId)
631
0
{
632
0
    return InitSha512_Family(sha512, heap, devId, InitSha512_256);
633
0
}
634
#endif /* !WOLFSSL_NOSHA512_256 */
635
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
636
637
#endif /* WOLFSSL_SHA512 */
638
639
640
static const word64 K512[80] = {
641
    W64LIT(0x428a2f98d728ae22), W64LIT(0x7137449123ef65cd),
642
    W64LIT(0xb5c0fbcfec4d3b2f), W64LIT(0xe9b5dba58189dbbc),
643
    W64LIT(0x3956c25bf348b538), W64LIT(0x59f111f1b605d019),
644
    W64LIT(0x923f82a4af194f9b), W64LIT(0xab1c5ed5da6d8118),
645
    W64LIT(0xd807aa98a3030242), W64LIT(0x12835b0145706fbe),
646
    W64LIT(0x243185be4ee4b28c), W64LIT(0x550c7dc3d5ffb4e2),
647
    W64LIT(0x72be5d74f27b896f), W64LIT(0x80deb1fe3b1696b1),
648
    W64LIT(0x9bdc06a725c71235), W64LIT(0xc19bf174cf692694),
649
    W64LIT(0xe49b69c19ef14ad2), W64LIT(0xefbe4786384f25e3),
650
    W64LIT(0x0fc19dc68b8cd5b5), W64LIT(0x240ca1cc77ac9c65),
651
    W64LIT(0x2de92c6f592b0275), W64LIT(0x4a7484aa6ea6e483),
652
    W64LIT(0x5cb0a9dcbd41fbd4), W64LIT(0x76f988da831153b5),
653
    W64LIT(0x983e5152ee66dfab), W64LIT(0xa831c66d2db43210),
654
    W64LIT(0xb00327c898fb213f), W64LIT(0xbf597fc7beef0ee4),
655
    W64LIT(0xc6e00bf33da88fc2), W64LIT(0xd5a79147930aa725),
656
    W64LIT(0x06ca6351e003826f), W64LIT(0x142929670a0e6e70),
657
    W64LIT(0x27b70a8546d22ffc), W64LIT(0x2e1b21385c26c926),
658
    W64LIT(0x4d2c6dfc5ac42aed), W64LIT(0x53380d139d95b3df),
659
    W64LIT(0x650a73548baf63de), W64LIT(0x766a0abb3c77b2a8),
660
    W64LIT(0x81c2c92e47edaee6), W64LIT(0x92722c851482353b),
661
    W64LIT(0xa2bfe8a14cf10364), W64LIT(0xa81a664bbc423001),
662
    W64LIT(0xc24b8b70d0f89791), W64LIT(0xc76c51a30654be30),
663
    W64LIT(0xd192e819d6ef5218), W64LIT(0xd69906245565a910),
664
    W64LIT(0xf40e35855771202a), W64LIT(0x106aa07032bbd1b8),
665
    W64LIT(0x19a4c116b8d2d0c8), W64LIT(0x1e376c085141ab53),
666
    W64LIT(0x2748774cdf8eeb99), W64LIT(0x34b0bcb5e19b48a8),
667
    W64LIT(0x391c0cb3c5c95a63), W64LIT(0x4ed8aa4ae3418acb),
668
    W64LIT(0x5b9cca4f7763e373), W64LIT(0x682e6ff3d6b2b8a3),
669
    W64LIT(0x748f82ee5defb2fc), W64LIT(0x78a5636f43172f60),
670
    W64LIT(0x84c87814a1f0ab72), W64LIT(0x8cc702081a6439ec),
671
    W64LIT(0x90befffa23631e28), W64LIT(0xa4506cebde82bde9),
672
    W64LIT(0xbef9a3f7b2c67915), W64LIT(0xc67178f2e372532b),
673
    W64LIT(0xca273eceea26619c), W64LIT(0xd186b8c721c0c207),
674
    W64LIT(0xeada7dd6cde0eb1e), W64LIT(0xf57d4f7fee6ed178),
675
    W64LIT(0x06f067aa72176fba), W64LIT(0x0a637dc5a2c898a6),
676
    W64LIT(0x113f9804bef90dae), W64LIT(0x1b710b35131c471b),
677
    W64LIT(0x28db77f523047d84), W64LIT(0x32caab7b40c72493),
678
    W64LIT(0x3c9ebe0a15c9bebc), W64LIT(0x431d67c49c100d4c),
679
    W64LIT(0x4cc5d4becb3e42b6), W64LIT(0x597f299cfc657e2a),
680
    W64LIT(0x5fcb6fab3ad6faec), W64LIT(0x6c44198c4a475817)
681
};
682
683
62.8k
#define blk0(i) (W[i] = sha512->buffer[i])
684
685
251k
#define blk2(i) (\
686
251k
               W[ (i)     & 15] += \
687
251k
            s1(W[((i)-2)  & 15])+ \
688
251k
               W[((i)-7)  & 15] + \
689
251k
            s0(W[((i)-15) & 15])  \
690
251k
        )
691
692
314k
#define Ch(x,y,z)  ((z) ^ ((x) & ((y) ^ (z))))
693
314k
#define Maj(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
694
695
3.93k
#define a(i) T[(0-(i)) & 7]
696
3.93k
#define b(i) T[(1-(i)) & 7]
697
3.93k
#define c(i) T[(2-(i)) & 7]
698
318k
#define d(i) T[(3-(i)) & 7]
699
3.93k
#define e(i) T[(4-(i)) & 7]
700
3.93k
#define f(i) T[(5-(i)) & 7]
701
3.93k
#define g(i) T[(6-(i)) & 7]
702
947k
#define h(i) T[(7-(i)) & 7]
703
704
314k
#define S0(x) (rotrFixed64(x,28) ^ rotrFixed64(x,34) ^ rotrFixed64(x,39))
705
314k
#define S1(x) (rotrFixed64(x,14) ^ rotrFixed64(x,18) ^ rotrFixed64(x,41))
706
251k
#define s0(x) (rotrFixed64(x,1)  ^ rotrFixed64(x,8)  ^ ((x)>>7))
707
251k
#define s1(x) (rotrFixed64(x,19) ^ rotrFixed64(x,61) ^ ((x)>>6))
708
709
#define R(i) \
710
314k
    h(i) += S1(e(i)) + Ch(e(i),f(i),g(i)) + K[(i)+j] + (j ? blk2(i) : blk0(i)); \
711
314k
    d(i) += h(i); \
712
314k
    h(i) += S0(a(i)) + Maj(a(i),b(i),c(i))
713
714
static int _Transform_Sha512(wc_Sha512* sha512)
715
4.15k
{
716
4.15k
    const word64* K = K512;
717
4.15k
    word32 j;
718
4.15k
    word64 T[8];
719
720
#ifdef WOLFSSL_SMALL_STACK_CACHE
721
    word64* W = sha512->W;
722
    if (W == NULL) {
723
        W = (word64*)XMALLOC(sizeof(word64) * 16, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
724
        if (W == NULL)
725
            return MEMORY_E;
726
        sha512->W = W;
727
    }
728
#elif defined(WOLFSSL_SMALL_STACK)
729
4.15k
    word64* W;
730
4.15k
    W = (word64*) XMALLOC(sizeof(word64) * 16, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
731
4.15k
    if (W == NULL)
732
223
        return MEMORY_E;
733
#else
734
    word64 W[16];
735
#endif
736
737
    /* Copy digest to working vars */
738
3.93k
    XMEMCPY(T, sha512->digest, sizeof(T));
739
740
#ifdef USE_SLOW_SHA512
741
    /* over twice as small, but 50% slower */
742
    /* 80 operations, not unrolled */
743
    for (j = 0; j < 80; j += 16) {
744
        int m;
745
        for (m = 0; m < 16; m++) { /* braces needed here for macros {} */
746
            R(m);
747
        }
748
    }
749
#else
750
    /* 80 operations, partially loop unrolled */
751
23.5k
    for (j = 0; j < 80; j += 16) {
752
19.6k
        R( 0); R( 1); R( 2); R( 3);
753
19.6k
        R( 4); R( 5); R( 6); R( 7);
754
19.6k
        R( 8); R( 9); R(10); R(11);
755
19.6k
        R(12); R(13); R(14); R(15);
756
19.6k
    }
757
3.93k
#endif /* USE_SLOW_SHA512 */
758
759
    /* Add the working vars back into digest */
760
3.93k
    sha512->digest[0] += a(0);
761
3.93k
    sha512->digest[1] += b(0);
762
3.93k
    sha512->digest[2] += c(0);
763
3.93k
    sha512->digest[3] += d(0);
764
3.93k
    sha512->digest[4] += e(0);
765
3.93k
    sha512->digest[5] += f(0);
766
3.93k
    sha512->digest[6] += g(0);
767
3.93k
    sha512->digest[7] += h(0);
768
769
    /* Wipe variables */
770
3.93k
    ForceZero(W, sizeof(word64) * 16);
771
3.93k
    ForceZero(T, sizeof(T));
772
773
3.93k
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE)
774
3.93k
    XFREE(W, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
775
3.93k
#endif
776
777
3.93k
    return 0;
778
4.15k
}
779
780
781
static WC_INLINE void AddLength(wc_Sha512* sha512, word32 len)
782
5.84k
{
783
5.84k
    word64 tmp = sha512->loLen;
784
5.84k
    if ( (sha512->loLen += len) < tmp)
785
0
        sha512->hiLen++;                       /* carry low to high */
786
5.84k
}
787
788
static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
789
5.84k
{
790
5.84k
    int ret = 0;
791
    /* do block size increments */
792
5.84k
    byte* local = (byte*)sha512->buffer;
793
794
    /* check that internal buffLen is valid */
795
5.84k
    if (sha512->buffLen >= WC_SHA512_BLOCK_SIZE)
796
0
        return BUFFER_E;
797
798
5.84k
    if (len == 0)
799
0
        return 0;
800
801
5.84k
    AddLength(sha512, len);
802
803
5.84k
    if (sha512->buffLen > 0) {
804
2.76k
        word32 add = min(len, WC_SHA512_BLOCK_SIZE - sha512->buffLen);
805
2.76k
        if (add > 0) {
806
2.76k
            XMEMCPY(&local[sha512->buffLen], data, add);
807
808
2.76k
            sha512->buffLen += add;
809
2.76k
            data            += add;
810
2.76k
            len             -= add;
811
2.76k
        }
812
813
2.76k
        if (sha512->buffLen == WC_SHA512_BLOCK_SIZE) {
814
340
    #if defined(LITTLE_ENDIAN_ORDER)
815
        #if defined(USE_INTEL_SPEEDUP) && \
816
            (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
817
            if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
818
        #endif
819
340
            {
820
340
        #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
821
340
             defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
822
340
                ByteReverseWords64(sha512->buffer, sha512->buffer,
823
340
                                                         WC_SHA512_BLOCK_SIZE);
824
340
        #endif
825
340
            }
826
340
    #endif
827
340
    #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
828
340
         defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
829
340
            ret = Transform_Sha512(sha512);
830
    #else
831
            if(sha512->ctx.mode == ESP32_SHA_INIT) {
832
                esp_sha_try_hw_lock(&sha512->ctx);
833
            }
834
            ret = esp_sha512_process(sha512);
835
            if(ret == 0 && sha512->ctx.mode == ESP32_SHA_SW){
836
                ret = Transform_Sha512(sha512);
837
            }
838
    #endif
839
340
            if (ret == 0)
840
310
                sha512->buffLen = 0;
841
30
            else
842
30
                len = 0;
843
340
        }
844
2.76k
    }
845
846
#if defined(USE_INTEL_SPEEDUP) && \
847
    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
848
    if (Transform_Sha512_Len_p != NULL) {
849
        word32 blocksLen = len & ~(WC_SHA512_BLOCK_SIZE-1);
850
851
        if (blocksLen > 0) {
852
            sha512->data = data;
853
            /* Byte reversal performed in function if required. */
854
            Transform_Sha512_Len(sha512, blocksLen);
855
            data += blocksLen;
856
            len  -= blocksLen;
857
        }
858
    }
859
    else
860
#endif
861
#if !defined(LITTLE_ENDIAN_ORDER) || (defined(USE_INTEL_SPEEDUP) && \
862
        (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)))
863
    {
864
        while (len >= WC_SHA512_BLOCK_SIZE) {
865
            XMEMCPY(local, data, WC_SHA512_BLOCK_SIZE);
866
867
            data += WC_SHA512_BLOCK_SIZE;
868
            len  -= WC_SHA512_BLOCK_SIZE;
869
870
        #if defined(USE_INTEL_SPEEDUP) && \
871
            (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
872
            if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
873
            {
874
                ByteReverseWords64(sha512->buffer, sha512->buffer,
875
                                                          WC_SHA512_BLOCK_SIZE);
876
            }
877
        #endif
878
            /* Byte reversal performed in function if required. */
879
            ret = Transform_Sha512(sha512);
880
            if (ret != 0)
881
                break;
882
        }
883
    }
884
#else
885
5.84k
    {
886
6.61k
        while (len >= WC_SHA512_BLOCK_SIZE) {
887
790
            XMEMCPY(local, data, WC_SHA512_BLOCK_SIZE);
888
889
790
            data += WC_SHA512_BLOCK_SIZE;
890
790
            len  -= WC_SHA512_BLOCK_SIZE;
891
790
    #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
892
790
         defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
893
790
            ByteReverseWords64(sha512->buffer, sha512->buffer,
894
790
                                                       WC_SHA512_BLOCK_SIZE);
895
790
    #endif
896
790
    #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
897
790
         defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
898
790
            ret = Transform_Sha512(sha512);
899
    #else
900
            if(sha512->ctx.mode == ESP32_SHA_INIT) {
901
                esp_sha_try_hw_lock(&sha512->ctx);
902
            }
903
            ret = esp_sha512_process(sha512);
904
            if(ret == 0 && sha512->ctx.mode == ESP32_SHA_SW){
905
                ret = Transform_Sha512(sha512);
906
            }
907
    #endif
908
790
            if (ret != 0)
909
21
                break;
910
790
        }
911
5.84k
    }
912
5.84k
#endif
913
914
5.84k
    if (ret == 0 && len > 0) {
915
3.36k
        XMEMCPY(local, data, len);
916
3.36k
        sha512->buffLen = len;
917
3.36k
    }
918
919
5.84k
    return ret;
920
5.84k
}
921
922
#ifdef WOLFSSL_SHA512
923
924
int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
925
5.84k
{
926
5.84k
    if (sha512 == NULL || (data == NULL && len > 0)) {
927
0
        return BAD_FUNC_ARG;
928
0
    }
929
930
5.84k
#ifdef WOLF_CRYPTO_CB
931
5.84k
    if (sha512->devId != INVALID_DEVID) {
932
0
        int ret = wc_CryptoCb_Sha512Hash(sha512, data, len, NULL);
933
0
        if (ret != CRYPTOCB_UNAVAILABLE)
934
0
            return ret;
935
        /* fall-through when unavailable */
936
0
    }
937
5.84k
#endif
938
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
939
    if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) {
940
    #if defined(HAVE_INTEL_QA)
941
        return IntelQaSymSha512(&sha512->asyncDev, NULL, data, len);
942
    #endif
943
    }
944
#endif /* WOLFSSL_ASYNC_CRYPT */
945
946
5.84k
    return Sha512Update(sha512, data, len);
947
5.84k
}
948
949
#endif /* WOLFSSL_SHA512 */
950
951
#endif /* WOLFSSL_IMX6_CAAM || WOLFSSL_SILABS_SHA384 */
952
953
954
#if defined(WOLFSSL_KCAPI_HASH)
955
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
956
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
957
958
#else
959
960
static WC_INLINE int Sha512Final(wc_Sha512* sha512)
961
2.96k
{
962
2.96k
    byte* local;
963
2.96k
    int ret;
964
965
2.96k
    if (sha512 == NULL) {
966
0
        return BAD_FUNC_ARG;
967
0
    }
968
969
2.96k
    local = (byte*)sha512->buffer;
970
971
2.96k
    local[sha512->buffLen++] = 0x80;  /* add 1 */
972
973
    /* pad with zeros */
974
2.96k
    if (sha512->buffLen > WC_SHA512_PAD_SIZE) {
975
72
        XMEMSET(&local[sha512->buffLen], 0, WC_SHA512_BLOCK_SIZE - sha512->buffLen);
976
72
        sha512->buffLen += WC_SHA512_BLOCK_SIZE - sha512->buffLen;
977
72
#if defined(LITTLE_ENDIAN_ORDER)
978
    #if defined(USE_INTEL_SPEEDUP) && \
979
        (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
980
        if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
981
    #endif
982
72
        {
983
984
72
       #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
985
72
            defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
986
72
            ByteReverseWords64(sha512->buffer,sha512->buffer,
987
72
                                                         WC_SHA512_BLOCK_SIZE);
988
72
       #endif
989
72
        }
990
72
#endif /* LITTLE_ENDIAN_ORDER */
991
72
#if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
992
72
     defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
993
72
        ret = Transform_Sha512(sha512);
994
#else
995
       if(sha512->ctx.mode == ESP32_SHA_INIT) {
996
            esp_sha_try_hw_lock(&sha512->ctx);
997
       }
998
        ret = esp_sha512_process(sha512);
999
        if(ret == 0 && sha512->ctx.mode == ESP32_SHA_SW){
1000
            ret = Transform_Sha512(sha512);
1001
        }
1002
#endif
1003
72
        if (ret != 0)
1004
11
            return ret;
1005
1006
61
        sha512->buffLen = 0;
1007
61
    }
1008
2.95k
    XMEMSET(&local[sha512->buffLen], 0, WC_SHA512_PAD_SIZE - sha512->buffLen);
1009
1010
    /* put lengths in bits */
1011
2.95k
    sha512->hiLen = (sha512->loLen >> (8 * sizeof(sha512->loLen) - 3)) +
1012
2.95k
                                                         (sha512->hiLen << 3);
1013
2.95k
    sha512->loLen = sha512->loLen << 3;
1014
1015
    /* store lengths */
1016
2.95k
#if defined(LITTLE_ENDIAN_ORDER)
1017
    #if defined(USE_INTEL_SPEEDUP) && \
1018
        (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1019
        if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
1020
    #endif
1021
2.95k
    #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
1022
2.95k
         defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1023
2.95k
            ByteReverseWords64(sha512->buffer, sha512->buffer, WC_SHA512_PAD_SIZE);
1024
2.95k
    #endif
1025
2.95k
#endif
1026
    /* ! length ordering dependent on digest endian type ! */
1027
1028
2.95k
#if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
1029
2.95k
     defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1030
2.95k
    sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2] = sha512->hiLen;
1031
2.95k
    sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 1] = sha512->loLen;
1032
2.95k
#endif
1033
1034
#if defined(USE_INTEL_SPEEDUP) && \
1035
    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1036
    if (IS_INTEL_AVX1(intel_flags) || IS_INTEL_AVX2(intel_flags))
1037
        ByteReverseWords64(&(sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2]),
1038
                           &(sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2]),
1039
                           WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE);
1040
#endif
1041
2.95k
#if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
1042
2.95k
    defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1043
2.95k
    ret = Transform_Sha512(sha512);
1044
#else
1045
    if(sha512->ctx.mode == ESP32_SHA_INIT) {
1046
        esp_sha_try_hw_lock(&sha512->ctx);
1047
    }
1048
    ret = esp_sha512_digest_process(sha512, 1);
1049
    if(ret == 0 && sha512->ctx.mode == ESP32_SHA_SW) {
1050
        ret = Transform_Sha512(sha512);
1051
    }
1052
#endif
1053
2.95k
    if (ret != 0)
1054
161
        return ret;
1055
1056
2.79k
    #ifdef LITTLE_ENDIAN_ORDER
1057
2.79k
        ByteReverseWords64(sha512->digest, sha512->digest, WC_SHA512_DIGEST_SIZE);
1058
2.79k
    #endif
1059
1060
2.79k
    return 0;
1061
2.95k
}
1062
1063
#endif /* WOLFSSL_KCAPI_HASH */
1064
1065
#ifdef WOLFSSL_SHA512
1066
1067
#if defined(WOLFSSL_KCAPI_HASH)
1068
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1069
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
1070
1071
#else
1072
1073
static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, int digestSz)
1074
0
{
1075
0
#ifdef LITTLE_ENDIAN_ORDER
1076
0
    word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)];
1077
0
#endif
1078
1079
0
    if (sha512 == NULL || hash == NULL) {
1080
0
        return BAD_FUNC_ARG;
1081
0
    }
1082
1083
0
#ifdef LITTLE_ENDIAN_ORDER
1084
0
    ByteReverseWords64((word64*)digest, (word64*)sha512->digest,
1085
0
                                                         WC_SHA512_DIGEST_SIZE);
1086
0
    XMEMCPY(hash, digest, digestSz);
1087
#else
1088
    XMEMCPY(hash, sha512->digest, digestSz);
1089
#endif
1090
1091
0
    return 0;
1092
0
}
1093
1094
int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash)
1095
0
{
1096
0
    return Sha512FinalRaw(sha512, hash, WC_SHA512_DIGEST_SIZE);
1097
0
}
1098
1099
static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash, int digestSz,
1100
                               int (*initfp)(wc_Sha512*))
1101
2.96k
{
1102
2.96k
    int ret;
1103
1104
2.96k
    if (sha512 == NULL || hash == NULL) {
1105
0
        return BAD_FUNC_ARG;
1106
0
    }
1107
1108
2.96k
#ifdef WOLF_CRYPTO_CB
1109
2.96k
    if (sha512->devId != INVALID_DEVID) {
1110
0
        ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, hash);
1111
0
        if (ret != CRYPTOCB_UNAVAILABLE)
1112
0
            return ret;
1113
        /* fall-through when unavailable */
1114
0
    }
1115
2.96k
#endif
1116
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
1117
    if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) {
1118
    #if defined(HAVE_INTEL_QA)
1119
        return IntelQaSymSha512(&sha512->asyncDev, hash, NULL, digestSz);
1120
    #endif
1121
    }
1122
#endif /* WOLFSSL_ASYNC_CRYPT */
1123
1124
2.96k
    ret = Sha512Final(sha512);
1125
2.96k
    if (ret != 0)
1126
172
        return ret;
1127
1128
2.79k
    XMEMCPY(hash, sha512->digest, digestSz);
1129
1130
    /* initialize Sha512 structure for the next use */
1131
2.79k
    return initfp(sha512);
1132
2.96k
}
1133
1134
int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
1135
2.96k
{
1136
2.96k
    return Sha512_Family_Final(sha512, hash, WC_SHA512_DIGEST_SIZE, InitSha512);
1137
2.96k
}
1138
1139
#endif /* WOLFSSL_KCAPI_HASH */
1140
1141
#if !defined(WOLFSSL_SE050) || !defined(WOLFSSL_SE050_HASH)
1142
int wc_InitSha512(wc_Sha512* sha512)
1143
0
{
1144
0
    int devId = INVALID_DEVID;
1145
1146
0
#ifdef WOLF_CRYPTO_CB
1147
0
    devId = wc_CryptoCb_DefaultDevID();
1148
0
#endif
1149
0
    return wc_InitSha512_ex(sha512, NULL, devId);
1150
0
}
1151
1152
void wc_Sha512Free(wc_Sha512* sha512)
1153
1.55k
{
1154
1.55k
    if (sha512 == NULL)
1155
0
        return;
1156
1157
#ifdef WOLFSSL_SMALL_STACK_CACHE
1158
    if (sha512->W != NULL) {
1159
        XFREE(sha512->W, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
1160
        sha512->W = NULL;
1161
    }
1162
#endif
1163
1164
#if defined(WOLFSSL_KCAPI_HASH)
1165
    KcapiHashFree(&sha512->kcapi);
1166
#endif
1167
1168
#if defined(WOLFSSL_HASH_KEEP)
1169
    if (sha512->msg != NULL) {
1170
        XFREE(sha512->msg, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
1171
        sha512->msg = NULL;
1172
    }
1173
#endif
1174
1175
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
1176
    wolfAsync_DevCtxFree(&sha512->asyncDev, WOLFSSL_ASYNC_MARKER_SHA512);
1177
#endif /* WOLFSSL_ASYNC_CRYPT */
1178
1.55k
}
1179
#if defined(OPENSSL_EXTRA)
1180
/* Apply SHA512 transformation to the data                */
1181
/* @param sha  a pointer to wc_Sha512 structure           */
1182
/* @param data data to be applied SHA512 transformation   */
1183
/* @return 0 on successful, otherwise non-zero on failure */
1184
int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
1185
{
1186
    int ret;
1187
    /* back up buffer */
1188
#ifdef WOLFSSL_SMALL_STACK
1189
    word64 *buffer;
1190
#else
1191
    word64  buffer[WC_SHA512_BLOCK_SIZE  / sizeof(word64)];
1192
#endif
1193
1194
    /* sanity check */
1195
    if (sha == NULL || data == NULL) {
1196
        return BAD_FUNC_ARG;
1197
    }
1198
1199
#ifdef WOLFSSL_SMALL_STACK
1200
    buffer = (word64 *)XMALLOC(sizeof(word64) * 16, sha->heap,
1201
                               DYNAMIC_TYPE_TMP_BUFFER);
1202
    if (buffer == NULL)
1203
        return MEMORY_E;
1204
#endif
1205
1206
#if defined(USE_INTEL_SPEEDUP) && \
1207
    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1208
    Sha512_SetTransform();
1209
#endif
1210
1211
#if defined(LITTLE_ENDIAN_ORDER)
1212
#if defined(USE_INTEL_SPEEDUP) && \
1213
    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1214
    if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
1215
#endif
1216
    {
1217
        ByteReverseWords64((word64*)data, (word64*)data,
1218
                                                WC_SHA512_BLOCK_SIZE);
1219
    }
1220
#endif /* !LITTLE_ENDIAN_ORDER */
1221
1222
    XMEMCPY(buffer, sha->buffer, WC_SHA512_BLOCK_SIZE);
1223
    XMEMCPY(sha->buffer, data, WC_SHA512_BLOCK_SIZE);
1224
1225
    ret = Transform_Sha512(sha);
1226
1227
    XMEMCPY(sha->buffer, buffer, WC_SHA512_BLOCK_SIZE);
1228
#ifdef WOLFSSL_SMALL_STACK
1229
    XFREE(buffer, sha->heap, DYNAMIC_TYPE_TMP_BUFFER);
1230
#endif
1231
    return ret;
1232
}
1233
#endif /* OPENSSL_EXTRA */
1234
#endif /* WOLFSSL_SHA512 */
1235
#endif /* !WOLFSSL_SE050 || !WOLFSSL_SE050_HASH */
1236
1237
1238
/* -------------------------------------------------------------------------- */
1239
/* SHA384 */
1240
/* -------------------------------------------------------------------------- */
1241
#ifdef WOLFSSL_SHA384
1242
1243
#if defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_HASH) && \
1244
    !defined(WOLFSSL_QNX_CAAM)
1245
    /* functions defined in wolfcrypt/src/port/caam/caam_sha.c */
1246
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
1247
    int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
1248
    {
1249
        if (sha384 == NULL) {
1250
            return BAD_FUNC_ARG;
1251
        }
1252
        (void)devId;
1253
        return se050_hash_init(&sha384->se050Ctx, heap);
1254
    }
1255
    int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
1256
    {
1257
        return se050_hash_update(&sha384->se050Ctx, data, len);
1258
1259
    }
1260
    int wc_Sha384Final(wc_Sha384* sha384, byte* hash)
1261
    {
1262
        int ret = 0;
1263
        ret = se050_hash_final(&sha384->se050Ctx, hash, WC_SHA384_DIGEST_SIZE,
1264
                               kAlgorithm_SSS_SHA384);
1265
        return ret;
1266
    }
1267
    int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash)
1268
    {
1269
        int ret = 0;
1270
        ret = se050_hash_final(&sha384->se050Ctx, hash, WC_SHA384_DIGEST_SIZE,
1271
                               kAlgorithm_SSS_SHA384);
1272
        return ret;
1273
    }
1274
1275
#elif defined(WOLFSSL_SILABS_SHA512)
1276
    /* functions defined in wolfcrypt/src/port/silabs/silabs_hash.c */
1277
1278
#elif defined(WOLFSSL_KCAPI_HASH)
1279
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1280
1281
#else
1282
1283
static int InitSha384(wc_Sha384* sha384)
1284
0
{
1285
0
    if (sha384 == NULL) {
1286
0
        return BAD_FUNC_ARG;
1287
0
    }
1288
1289
0
    sha384->digest[0] = W64LIT(0xcbbb9d5dc1059ed8);
1290
0
    sha384->digest[1] = W64LIT(0x629a292a367cd507);
1291
0
    sha384->digest[2] = W64LIT(0x9159015a3070dd17);
1292
0
    sha384->digest[3] = W64LIT(0x152fecd8f70e5939);
1293
0
    sha384->digest[4] = W64LIT(0x67332667ffc00b31);
1294
0
    sha384->digest[5] = W64LIT(0x8eb44a8768581511);
1295
0
    sha384->digest[6] = W64LIT(0xdb0c2e0d64f98fa7);
1296
0
    sha384->digest[7] = W64LIT(0x47b5481dbefa4fa4);
1297
1298
0
    sha384->buffLen = 0;
1299
0
    sha384->loLen   = 0;
1300
0
    sha384->hiLen   = 0;
1301
1302
#if  defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1303
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1304
    sha384->ctx.sha_type = SHA2_384;
1305
     /* always start firstblock = 1 when using hw engine */
1306
    sha384->ctx.isfirstblock = 1;
1307
    if(sha384->ctx.mode == ESP32_SHA_HW) {
1308
        /* release hw */
1309
        esp_sha_hw_unlock(&(sha512->ctx));
1310
    }
1311
    /* always set mode as INIT
1312
    *  whether using HW or SW is determined at first call of update()
1313
    */
1314
    sha384->ctx.mode = ESP32_SHA_INIT;
1315
1316
#endif
1317
0
#ifdef WOLFSSL_HASH_FLAGS
1318
0
    sha384->flags = 0;
1319
0
#endif
1320
#ifdef WOLFSSL_HASH_KEEP
1321
    sha384->msg  = NULL;
1322
    sha384->len  = 0;
1323
    sha384->used = 0;
1324
#endif
1325
1326
0
    return 0;
1327
0
}
1328
1329
int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
1330
0
{
1331
0
    if (sha384 == NULL || (data == NULL && len > 0)) {
1332
0
        return BAD_FUNC_ARG;
1333
0
    }
1334
1335
0
#ifdef WOLF_CRYPTO_CB
1336
0
    if (sha384->devId != INVALID_DEVID) {
1337
0
        int ret = wc_CryptoCb_Sha384Hash(sha384, data, len, NULL);
1338
0
        if (ret != CRYPTOCB_UNAVAILABLE)
1339
0
            return ret;
1340
        /* fall-through when unavailable */
1341
0
    }
1342
0
#endif
1343
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
1344
    if (sha384->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA384) {
1345
    #if defined(HAVE_INTEL_QA)
1346
        return IntelQaSymSha384(&sha384->asyncDev, NULL, data, len);
1347
    #endif
1348
    }
1349
#endif /* WOLFSSL_ASYNC_CRYPT */
1350
1351
0
    return Sha512Update((wc_Sha512*)sha384, data, len);
1352
0
}
1353
1354
1355
int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash)
1356
0
{
1357
0
#ifdef LITTLE_ENDIAN_ORDER
1358
0
    word64 digest[WC_SHA384_DIGEST_SIZE / sizeof(word64)];
1359
0
#endif
1360
1361
0
    if (sha384 == NULL || hash == NULL) {
1362
0
        return BAD_FUNC_ARG;
1363
0
    }
1364
1365
0
#ifdef LITTLE_ENDIAN_ORDER
1366
0
    ByteReverseWords64((word64*)digest, (word64*)sha384->digest,
1367
0
                                                         WC_SHA384_DIGEST_SIZE);
1368
0
    XMEMCPY(hash, digest, WC_SHA384_DIGEST_SIZE);
1369
#else
1370
    XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE);
1371
#endif
1372
1373
0
    return 0;
1374
0
}
1375
1376
int wc_Sha384Final(wc_Sha384* sha384, byte* hash)
1377
0
{
1378
0
    int ret;
1379
1380
0
    if (sha384 == NULL || hash == NULL) {
1381
0
        return BAD_FUNC_ARG;
1382
0
    }
1383
1384
0
#ifdef WOLF_CRYPTO_CB
1385
0
    if (sha384->devId != INVALID_DEVID) {
1386
0
        ret = wc_CryptoCb_Sha384Hash(sha384, NULL, 0, hash);
1387
0
        if (ret != CRYPTOCB_UNAVAILABLE)
1388
0
            return ret;
1389
        /* fall-through when unavailable */
1390
0
    }
1391
0
#endif
1392
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
1393
    if (sha384->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA384) {
1394
    #if defined(HAVE_INTEL_QA)
1395
        return IntelQaSymSha384(&sha384->asyncDev, hash, NULL,
1396
                                            WC_SHA384_DIGEST_SIZE);
1397
    #endif
1398
    }
1399
#endif /* WOLFSSL_ASYNC_CRYPT */
1400
1401
0
    ret = Sha512Final((wc_Sha512*)sha384);
1402
0
    if (ret != 0)
1403
0
        return ret;
1404
1405
0
    XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE);
1406
1407
0
    return InitSha384(sha384);  /* reset state */
1408
0
}
1409
1410
int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
1411
0
{
1412
0
    int ret;
1413
1414
0
    if (sha384 == NULL) {
1415
0
        return BAD_FUNC_ARG;
1416
0
    }
1417
1418
0
    sha384->heap = heap;
1419
#ifdef WOLFSSL_SMALL_STACK_CACHE
1420
    sha384->W = NULL;
1421
#endif
1422
0
#ifdef WOLF_CRYPTO_CB
1423
0
    sha384->devId = devId;
1424
0
    sha384->devCtx = NULL;
1425
0
#endif
1426
1427
0
    ret = InitSha384(sha384);
1428
0
    if (ret != 0)
1429
0
        return ret;
1430
1431
#if defined(USE_INTEL_SPEEDUP) && \
1432
    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1433
    Sha512_SetTransform();
1434
#endif
1435
1436
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
1437
    ret = wolfAsync_DevCtxInit(&sha384->asyncDev, WOLFSSL_ASYNC_MARKER_SHA384,
1438
                                                           sha384->heap, devId);
1439
#else
1440
0
    (void)devId;
1441
0
#endif /* WOLFSSL_ASYNC_CRYPT */
1442
1443
0
    return ret;
1444
0
}
1445
1446
#endif /* WOLFSSL_IMX6_CAAM || WOLFSSL_SILABS_SHA512 || WOLFSSL_KCAPI_HASH */
1447
1448
int wc_InitSha384(wc_Sha384* sha384)
1449
0
{
1450
0
    int devId = INVALID_DEVID;
1451
1452
0
#ifdef WOLF_CRYPTO_CB
1453
0
    devId = wc_CryptoCb_DefaultDevID();
1454
0
#endif
1455
0
    return wc_InitSha384_ex(sha384, NULL, devId);
1456
0
}
1457
1458
void wc_Sha384Free(wc_Sha384* sha384)
1459
0
{
1460
0
    if (sha384 == NULL)
1461
0
        return;
1462
1463
#ifdef WOLFSSL_SMALL_STACK_CACHE
1464
    if (sha384->W != NULL) {
1465
        XFREE(sha384->W, sha384->heap, DYNAMIC_TYPE_TMP_BUFFER);
1466
        sha384->W = NULL;
1467
    }
1468
#endif
1469
1470
#if defined(WOLFSSL_KCAPI_HASH)
1471
    KcapiHashFree(&sha384->kcapi);
1472
#endif
1473
1474
#if defined(WOLFSSL_HASH_KEEP)
1475
    if (sha384->msg != NULL) {
1476
        XFREE(sha384->msg, sha384->heap, DYNAMIC_TYPE_TMP_BUFFER);
1477
        sha384->msg = NULL;
1478
    }
1479
#endif
1480
1481
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
1482
    se050_hash_free(&sha384->se050Ctx);
1483
#endif
1484
1485
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
1486
    wolfAsync_DevCtxFree(&sha384->asyncDev, WOLFSSL_ASYNC_MARKER_SHA384);
1487
#endif /* WOLFSSL_ASYNC_CRYPT */
1488
0
}
1489
1490
#endif /* WOLFSSL_SHA384 */
1491
1492
#endif /* HAVE_FIPS */
1493
1494
#ifdef WOLFSSL_SHA512
1495
1496
#if defined(WOLFSSL_KCAPI_HASH)
1497
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1498
1499
#else
1500
1501
static int Sha512_Family_GetHash(wc_Sha512* sha512, byte* hash,
1502
                                 int (*finalfp)(wc_Sha512*, byte*))
1503
0
{
1504
0
    int ret;
1505
0
    wc_Sha512 tmpSha512;
1506
1507
0
    if (sha512 == NULL || hash == NULL)
1508
0
        return BAD_FUNC_ARG;
1509
1510
#if  defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1511
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1512
    if(sha512->ctx.mode == ESP32_SHA_INIT) {
1513
        esp_sha_try_hw_lock(&sha512->ctx);
1514
    }
1515
    if(sha512->ctx.mode != ESP32_SHA_SW)
1516
       esp_sha512_digest_process(sha512, 0);
1517
#endif
1518
1519
0
    ret = wc_Sha512Copy(sha512, &tmpSha512);
1520
0
    if (ret == 0) {
1521
0
        ret = finalfp(&tmpSha512, hash);
1522
#if  defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1523
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1524
        sha512->ctx.mode = ESP32_SHA_SW;;
1525
#endif
1526
0
        wc_Sha512Free(&tmpSha512);
1527
0
    }
1528
0
    return ret;
1529
0
}
1530
1531
int wc_Sha512GetHash(wc_Sha512* sha512, byte* hash)
1532
0
{
1533
0
    return Sha512_Family_GetHash(sha512, hash, wc_Sha512Final);
1534
0
}
1535
1536
int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
1537
0
{
1538
0
    int ret = 0;
1539
1540
0
    if (src == NULL || dst == NULL)
1541
0
        return BAD_FUNC_ARG;
1542
1543
0
    XMEMCPY(dst, src, sizeof(wc_Sha512));
1544
#ifdef WOLFSSL_SMALL_STACK_CACHE
1545
    dst->W = NULL;
1546
#endif
1547
1548
#ifdef WOLFSSL_SILABS_SHA512
1549
    dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx);
1550
    dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx);
1551
#endif
1552
1553
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
1554
    ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
1555
#endif
1556
#if  defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1557
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1558
    dst->ctx.mode = src->ctx.mode;
1559
    dst->ctx.isfirstblock = src->ctx.isfirstblock;
1560
    dst->ctx.sha_type = src->ctx.sha_type;
1561
#endif
1562
0
#ifdef WOLFSSL_HASH_FLAGS
1563
0
     dst->flags |= WC_HASH_FLAG_ISCOPY;
1564
0
#endif
1565
#if defined(WOLFSSL_HASH_KEEP)
1566
    if (src->msg != NULL) {
1567
        dst->msg = (byte*)XMALLOC(src->len, dst->heap, DYNAMIC_TYPE_TMP_BUFFER);
1568
        if (dst->msg == NULL)
1569
            return MEMORY_E;
1570
        XMEMCPY(dst->msg, src->msg, src->len);
1571
    }
1572
#endif
1573
1574
0
    return ret;
1575
0
}
1576
1577
#endif /* WOLFSSL_KCAPI_HASH */
1578
1579
#ifdef WOLFSSL_HASH_FLAGS
1580
int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags)
1581
0
{
1582
0
    if (sha512) {
1583
0
        sha512->flags = flags;
1584
0
    }
1585
0
    return 0;
1586
0
}
1587
int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags)
1588
0
{
1589
0
    if (sha512 && flags) {
1590
0
        *flags = sha512->flags;
1591
0
    }
1592
0
    return 0;
1593
0
}
1594
#endif /* WOLFSSL_HASH_FLAGS */
1595
1596
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
1597
1598
#if !defined(WOLFSSL_NOSHA512_224)
1599
int wc_InitSha512_224(wc_Sha512* sha)
1600
0
{
1601
0
    return wc_InitSha512_224_ex(sha, NULL, INVALID_DEVID);
1602
0
}
1603
int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len)
1604
0
{
1605
0
    return wc_Sha512Update(sha, data, len);
1606
0
}
1607
1608
#if defined(WOLFSSL_KCAPI_HASH)
1609
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1610
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
1611
1612
#else
1613
int wc_Sha512_224FinalRaw(wc_Sha512* sha, byte* hash)
1614
0
{
1615
0
    return Sha512FinalRaw(sha, hash, WC_SHA512_224_DIGEST_SIZE);
1616
0
}
1617
int wc_Sha512_224Final(wc_Sha512* sha512, byte* hash)
1618
0
{
1619
0
    return Sha512_Family_Final(sha512, hash, WC_SHA512_224_DIGEST_SIZE,
1620
0
                               InitSha512_224);
1621
0
}
1622
#endif
1623
void wc_Sha512_224Free(wc_Sha512* sha)
1624
0
{
1625
0
    wc_Sha512Free(sha);
1626
0
}
1627
#if defined(WOLFSSL_KCAPI_HASH)
1628
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1629
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
1630
1631
1632
#else
1633
int wc_Sha512_224GetHash(wc_Sha512* sha512, byte* hash)
1634
0
{
1635
0
    return Sha512_Family_GetHash(sha512, hash, wc_Sha512_224Final);
1636
0
}
1637
int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst)
1638
0
{
1639
0
    return wc_Sha512Copy(src, dst);
1640
0
}
1641
#endif
1642
1643
#ifdef WOLFSSL_HASH_FLAGS
1644
int wc_Sha512_224SetFlags(wc_Sha512* sha, word32 flags)
1645
0
{
1646
0
    return wc_Sha512SetFlags(sha, flags);
1647
0
}
1648
int wc_Sha512_224GetFlags(wc_Sha512* sha, word32* flags)
1649
0
{
1650
0
    return wc_Sha512GetFlags(sha, flags);
1651
0
}
1652
#endif /* WOLFSSL_HASH_FLAGS */
1653
1654
#if defined(OPENSSL_EXTRA)
1655
int wc_Sha512_224Transform(wc_Sha512* sha, const unsigned char* data)
1656
{
1657
    return wc_Sha512Transform(sha, data);
1658
}
1659
#endif /* OPENSSL_EXTRA */
1660
1661
#endif /* !WOLFSSL_NOSHA512_224 */
1662
1663
#if !defined(WOLFSSL_NOSHA512_256)
1664
int wc_InitSha512_256(wc_Sha512* sha)
1665
0
{
1666
0
    return wc_InitSha512_256_ex(sha, NULL, INVALID_DEVID);
1667
0
}
1668
int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len)
1669
0
{
1670
0
    return wc_Sha512Update(sha, data, len);
1671
0
}
1672
#if defined(WOLFSSL_KCAPI_HASH)
1673
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1674
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
1675
1676
#else
1677
int wc_Sha512_256FinalRaw(wc_Sha512* sha, byte* hash)
1678
0
{
1679
0
    return Sha512FinalRaw(sha, hash, WC_SHA512_256_DIGEST_SIZE);
1680
0
}
1681
int wc_Sha512_256Final(wc_Sha512* sha512, byte* hash)
1682
0
{
1683
0
    return Sha512_Family_Final(sha512, hash, WC_SHA512_256_DIGEST_SIZE,
1684
0
                               InitSha512_256);
1685
0
}
1686
#endif
1687
void wc_Sha512_256Free(wc_Sha512* sha)
1688
0
{
1689
0
    wc_Sha512Free(sha);
1690
0
}
1691
#if defined(WOLFSSL_KCAPI_HASH)
1692
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1693
1694
#else
1695
int wc_Sha512_256GetHash(wc_Sha512* sha512, byte* hash)
1696
0
{
1697
0
    return Sha512_Family_GetHash(sha512, hash, wc_Sha512_256Final);
1698
0
}
1699
int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst)
1700
0
{
1701
0
    return wc_Sha512Copy(src, dst);
1702
0
}
1703
#endif
1704
1705
#ifdef WOLFSSL_HASH_FLAGS
1706
int wc_Sha512_256SetFlags(wc_Sha512* sha, word32 flags)
1707
0
{
1708
0
    return wc_Sha512SetFlags(sha, flags);
1709
0
}
1710
int wc_Sha512_256GetFlags(wc_Sha512* sha, word32* flags)
1711
0
{
1712
0
    return wc_Sha512GetFlags(sha, flags);
1713
0
}
1714
#endif /* WOLFSSL_HASH_FLAGS */
1715
1716
#if defined(OPENSSL_EXTRA)
1717
int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data)
1718
{
1719
    return wc_Sha512Transform(sha, data);
1720
}
1721
#endif /* OPENSSL_EXTRA */
1722
1723
#endif /* !WOLFSSL_NOSHA512_224 */
1724
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
1725
1726
#endif /* WOLFSSL_SHA512 */
1727
1728
#ifdef WOLFSSL_SHA384
1729
1730
#if defined(WOLFSSL_KCAPI_HASH)
1731
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1732
1733
#else
1734
1735
int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash)
1736
0
{
1737
0
    int ret;
1738
0
    wc_Sha384 tmpSha384;
1739
1740
0
    if (sha384 == NULL || hash == NULL)
1741
0
        return BAD_FUNC_ARG;
1742
#if  defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1743
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1744
    if(sha384->ctx.mode == ESP32_SHA_INIT) {
1745
        esp_sha_try_hw_lock(&sha384->ctx);
1746
    }
1747
    if(sha384->ctx.mode != ESP32_SHA_SW) {
1748
        esp_sha512_digest_process(sha384, 0);
1749
    }
1750
#endif
1751
0
    ret = wc_Sha384Copy(sha384, &tmpSha384);
1752
0
    if (ret == 0) {
1753
0
        ret = wc_Sha384Final(&tmpSha384, hash);
1754
#if  defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1755
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1756
        sha384->ctx.mode = ESP32_SHA_SW;
1757
#endif
1758
0
        wc_Sha384Free(&tmpSha384);
1759
0
    }
1760
0
    return ret;
1761
0
}
1762
int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
1763
0
{
1764
0
    int ret = 0;
1765
1766
0
    if (src == NULL || dst == NULL)
1767
0
        return BAD_FUNC_ARG;
1768
1769
0
    XMEMCPY(dst, src, sizeof(wc_Sha384));
1770
#ifdef WOLFSSL_SMALL_STACK_CACHE
1771
    dst->W = NULL;
1772
#endif
1773
1774
#ifdef WOLFSSL_SILABS_SHA384
1775
    dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx);
1776
    dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx);
1777
#endif
1778
1779
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
1780
    ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
1781
#endif
1782
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1783
   !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1784
    dst->ctx.mode = src->ctx.mode;
1785
    dst->ctx.isfirstblock = src->ctx.isfirstblock;
1786
    dst->ctx.sha_type = src->ctx.sha_type;
1787
#endif
1788
0
#ifdef WOLFSSL_HASH_FLAGS
1789
0
     dst->flags |= WC_HASH_FLAG_ISCOPY;
1790
0
#endif
1791
#if defined(WOLFSSL_HASH_KEEP)
1792
    if (src->msg != NULL) {
1793
        dst->msg = (byte*)XMALLOC(src->len, dst->heap, DYNAMIC_TYPE_TMP_BUFFER);
1794
        if (dst->msg == NULL)
1795
            return MEMORY_E;
1796
        XMEMCPY(dst->msg, src->msg, src->len);
1797
    }
1798
#endif
1799
1800
0
    return ret;
1801
0
}
1802
1803
#endif /* WOLFSSL_KCAPI_HASH */
1804
1805
#ifdef WOLFSSL_HASH_FLAGS
1806
int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags)
1807
0
{
1808
0
    if (sha384) {
1809
0
        sha384->flags = flags;
1810
0
    }
1811
0
    return 0;
1812
0
}
1813
int wc_Sha384GetFlags(wc_Sha384* sha384, word32* flags)
1814
0
{
1815
0
    if (sha384 && flags) {
1816
0
        *flags = sha384->flags;
1817
0
    }
1818
0
    return 0;
1819
0
}
1820
#endif
1821
1822
#endif /* WOLFSSL_SHA384 */
1823
1824
#ifdef WOLFSSL_HASH_KEEP
1825
/* Some hardware have issues with update, this function stores the data to be
1826
 * hashed into an array. Once ready, the Final operation is called on all of the
1827
 * data to be hashed at once.
1828
 * returns 0 on success
1829
 */
1830
int wc_Sha512_Grow(wc_Sha512* sha512, const byte* in, int inSz)
1831
{
1832
    return _wc_Hash_Grow(&(sha512->msg), &(sha512->used), &(sha512->len), in,
1833
                        inSz, sha512->heap);
1834
}
1835
#ifdef WOLFSSL_SHA384
1836
int wc_Sha384_Grow(wc_Sha384* sha384, const byte* in, int inSz)
1837
{
1838
    return _wc_Hash_Grow(&(sha384->msg), &(sha384->used), &(sha384->len), in,
1839
                        inSz, sha384->heap);
1840
}
1841
#endif /* WOLFSSL_SHA384 */
1842
#endif /* WOLFSSL_HASH_KEEP */
1843
#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */