Coverage Report

Created: 2022-08-24 06:37

/src/wolfssl-normal-math/wolfcrypt/src/sha256.c
Line
Count
Source (jump to first uncovered line)
1
/* sha256.c
2
 *
3
 * Copyright (C) 2006-2022 wolfSSL Inc.
4
 *
5
 * This file is part of wolfSSL.
6
 *
7
 * wolfSSL is free software; you can redistribute it and/or modify
8
 * it under the terms of the GNU General Public License as published by
9
 * the Free Software Foundation; either version 2 of the License, or
10
 * (at your option) any later version.
11
 *
12
 * wolfSSL is distributed in the hope that it will be useful,
13
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15
 * GNU General Public License for more details.
16
 *
17
 * You should have received a copy of the GNU General Public License
18
 * along with this program; if not, write to the Free Software
19
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20
 */
21
22
/* For more info on the algorithm, see https://tools.ietf.org/html/rfc6234
23
 *
24
 * For more information on NIST FIPS PUB 180-4, see
25
 * https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
26
 */
27
28
/*
29
30
DESCRIPTION
31
This library provides the interface to SHA-256 secure hash algorithms.
32
SHA-256 performs processing on message blocks to produce a final hash digest
33
output. It can be used to hash a message, M, having a length of L bits,
34
where 0 <= L < 2^64.
35
36
Note that in some cases, hardware acceleration may be enabled, depending
37
on the specific device platform.
38
39
*/
40
41
#ifdef HAVE_CONFIG_H
42
    #include <config.h>
43
#endif
44
45
#include <wolfssl/wolfcrypt/settings.h>
46
47
/*
48
 * SHA256 Build Options:
49
 * USE_SLOW_SHA256:            Reduces code size by not partially unrolling
50
                                (~2KB smaller and ~25% slower) (default OFF)
51
 * WOLFSSL_SHA256_BY_SPEC:     Uses the Ch/Maj based on SHA256 specification
52
                                (default ON)
53
 * WOLFSSL_SHA256_ALT_CH_MAJ:  Alternate Ch/Maj that is easier for compilers to
54
                                optimize and recognize as SHA256 (default OFF)
55
 * SHA256_MANY_REGISTERS:      A SHA256 version that keeps all data in registers
56
                                and partial unrolled (default OFF)
57
 */
58
59
/* Default SHA256 to use Ch/Maj based on specification */
60
#if !defined(WOLFSSL_SHA256_BY_SPEC) && !defined(WOLFSSL_SHA256_ALT_CH_MAJ)
61
    #define WOLFSSL_SHA256_BY_SPEC
62
#endif
63
64
65
#if !defined(NO_SHA256) && !defined(WOLFSSL_ARMASM)
66
67
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
68
    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
69
    #define FIPS_NO_WRAPPERS
70
71
    #ifdef USE_WINDOWS_API
72
        #pragma code_seg(".fipsA$d")
73
        #pragma const_seg(".fipsB$d")
74
    #endif
75
#endif
76
77
#include <wolfssl/wolfcrypt/sha256.h>
78
#include <wolfssl/wolfcrypt/error-crypt.h>
79
#include <wolfssl/wolfcrypt/cpuid.h>
80
#include <wolfssl/wolfcrypt/hash.h>
81
82
#ifdef WOLF_CRYPTO_CB
83
    #include <wolfssl/wolfcrypt/cryptocb.h>
84
#endif
85
86
/* determine if we are using Espressif SHA hardware acceleration */
87
#undef WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW
88
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
89
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
90
    /* define a single keyword for simplicity & readability
91
     *
92
     * by default the HW acceleration is on for ESP32-WROOM32
93
     * but individual components can be turned off.
94
     */
95
    #define WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW
96
#else
97
    #undef WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW
98
#endif
99
100
/* fips wrapper calls, user can call direct */
101
#if defined(HAVE_FIPS) && \
102
    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
103
104
    int wc_InitSha256(wc_Sha256* sha)
105
    {
106
        if (sha == NULL) {
107
            return BAD_FUNC_ARG;
108
        }
109
        return InitSha256_fips(sha);
110
    }
111
    int wc_InitSha256_ex(wc_Sha256* sha, void* heap, int devId)
112
    {
113
        (void)heap;
114
        (void)devId;
115
        if (sha == NULL) {
116
            return BAD_FUNC_ARG;
117
        }
118
        return InitSha256_fips(sha);
119
    }
120
    int wc_Sha256Update(wc_Sha256* sha, const byte* data, word32 len)
121
    {
122
        if (sha == NULL ||  (data == NULL && len > 0)) {
123
            return BAD_FUNC_ARG;
124
        }
125
126
        if (data == NULL && len == 0) {
127
            /* valid, but do nothing */
128
            return 0;
129
        }
130
131
        return Sha256Update_fips(sha, data, len);
132
    }
133
    int wc_Sha256Final(wc_Sha256* sha, byte* out)
134
    {
135
        if (sha == NULL || out == NULL) {
136
            return BAD_FUNC_ARG;
137
        }
138
        return Sha256Final_fips(sha, out);
139
    }
140
    void wc_Sha256Free(wc_Sha256* sha)
141
    {
142
        (void)sha;
143
        /* Not supported in FIPS */
144
    }
145
146
#else /* else build without fips, or for FIPS v2 */
147
148
149
#if defined(WOLFSSL_TI_HASH)
150
    /* #include <wolfcrypt/src/port/ti/ti-hash.c> included by wc_port.c */
151
#elif defined(WOLFSSL_CRYPTOCELL)
152
    /* wc_port.c includes wolfcrypt/src/port/arm/cryptoCellHash.c */
153
154
#elif defined(WOLFSSL_PSOC6_CRYPTO)
155
156
157
#else
158
159
#include <wolfssl/wolfcrypt/logging.h>
160
161
#ifdef NO_INLINE
162
    #include <wolfssl/wolfcrypt/misc.h>
163
#else
164
    #define WOLFSSL_MISC_INCLUDED
165
    #include <wolfcrypt/src/misc.c>
166
#endif
167
168
#ifdef WOLFSSL_DEVCRYPTO_HASH
169
    #include <wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h>
170
#endif
171
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
172
    #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
173
#endif
174
175
176
#if defined(USE_INTEL_SPEEDUP)
177
    #if defined(__GNUC__) && ((__GNUC__ < 4) || \
178
                              (__GNUC__ == 4 && __GNUC_MINOR__ <= 8))
179
        #undef  NO_AVX2_SUPPORT
180
        #define NO_AVX2_SUPPORT
181
    #endif
182
    #if defined(__clang__) && ((__clang_major__ < 3) || \
183
                               (__clang_major__ == 3 && __clang_minor__ <= 5))
184
        #define NO_AVX2_SUPPORT
185
    #elif defined(__clang__) && defined(NO_AVX2_SUPPORT)
186
        #undef NO_AVX2_SUPPORT
187
    #endif
188
189
    #define HAVE_INTEL_AVX1
190
    #ifndef NO_AVX2_SUPPORT
191
        #define HAVE_INTEL_AVX2
192
    #endif
193
#else
194
    #undef HAVE_INTEL_AVX1
195
    #undef HAVE_INTEL_AVX2
196
#endif /* USE_INTEL_SPEEDUP */
197
198
#if defined(HAVE_INTEL_AVX2)
199
    #define HAVE_INTEL_RORX
200
#endif
201
202
203
#if !defined(WOLFSSL_PIC32MZ_HASH) && !defined(STM32_HASH_SHA2) && \
204
    (!defined(WOLFSSL_IMX6_CAAM) || defined(NO_IMX6_CAAM_HASH) || \
205
     defined(WOLFSSL_QNX_CAAM)) && \
206
    !defined(WOLFSSL_AFALG_HASH) && !defined(WOLFSSL_DEVCRYPTO_HASH) && \
207
    (!defined(WOLFSSL_ESP32WROOM32_CRYPT) || defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)) && \
208
    (!defined(WOLFSSL_RENESAS_TSIP_CRYPT) || defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \
209
    !defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_IMXRT_DCP) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
210
    !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_SE050_HASH) && \
211
    (!defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)) && \
212
    (!defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH))
213
214
215
216
static int InitSha256(wc_Sha256* sha256)
217
8.12M
{
218
8.12M
    int ret = 0;
219
220
8.12M
    if (sha256 == NULL)
221
0
        return BAD_FUNC_ARG;
222
223
8.12M
    XMEMSET(sha256->digest, 0, sizeof(sha256->digest));
224
8.12M
    sha256->digest[0] = 0x6A09E667L;
225
8.12M
    sha256->digest[1] = 0xBB67AE85L;
226
8.12M
    sha256->digest[2] = 0x3C6EF372L;
227
8.12M
    sha256->digest[3] = 0xA54FF53AL;
228
8.12M
    sha256->digest[4] = 0x510E527FL;
229
8.12M
    sha256->digest[5] = 0x9B05688CL;
230
8.12M
    sha256->digest[6] = 0x1F83D9ABL;
231
8.12M
    sha256->digest[7] = 0x5BE0CD19L;
232
233
8.12M
    sha256->buffLen = 0;
234
8.12M
    sha256->loLen   = 0;
235
8.12M
    sha256->hiLen   = 0;
236
8.12M
#ifdef WOLFSSL_HASH_FLAGS
237
8.12M
    sha256->flags = 0;
238
8.12M
#endif
239
#ifdef WOLFSSL_HASH_KEEP
240
    sha256->msg  = NULL;
241
    sha256->len  = 0;
242
    sha256->used = 0;
243
#endif
244
245
8.12M
#ifdef WOLF_CRYPTO_CB
246
8.12M
    sha256->devId = wc_CryptoCb_DefaultDevID();
247
8.12M
#endif
248
249
8.12M
    return ret;
250
8.12M
}
251
#endif
252
253
254
/* Hardware Acceleration */
255
#if defined(USE_INTEL_SPEEDUP) && (defined(HAVE_INTEL_AVX1) || \
256
                                                       defined(HAVE_INTEL_AVX2))
257
258
    /* in case intel instructions aren't available, plus we need the K[] global */
259
    #define NEED_SOFT_SHA256
260
261
    /*****
262
    Intel AVX1/AVX2 Macro Control Structure
263
264
    #define HAVE_INTEL_AVX1
265
    #define HAVE_INTEL_AVX2
266
267
    #define HAVE_INTEL_RORX
268
269
270
    int InitSha256(wc_Sha256* sha256) {
271
         Save/Recover XMM, YMM
272
         ...
273
    }
274
275
    #if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
276
      Transform_Sha256(); Function prototype
277
    #else
278
      Transform_Sha256() {   }
279
      int Sha256Final() {
280
         Save/Recover XMM, YMM
281
         ...
282
      }
283
    #endif
284
285
    #if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
286
        #if defined(HAVE_INTEL_RORX
287
             #define RND with rorx instruction
288
        #else
289
            #define RND
290
        #endif
291
    #endif
292
293
    #if defined(HAVE_INTEL_AVX1)
294
295
       #define XMM Instructions/inline asm
296
297
       int Transform_Sha256() {
298
           Stitched Message Sched/Round
299
        }
300
301
    #elif defined(HAVE_INTEL_AVX2)
302
303
      #define YMM Instructions/inline asm
304
305
      int Transform_Sha256() {
306
          More granular Stitched Message Sched/Round
307
      }
308
309
    #endif
310
311
    */
312
313
    /* Each platform needs to query info type 1 from cpuid to see if aesni is
314
     * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
315
     */
316
317
    /* #if defined(HAVE_INTEL_AVX1/2) at the tail of sha256 */
318
    static int Transform_Sha256(wc_Sha256* sha256, const byte* data);
319
320
#ifdef __cplusplus
321
    extern "C" {
322
#endif
323
324
    #if defined(HAVE_INTEL_AVX1)
325
        extern int Transform_Sha256_AVX1(wc_Sha256 *sha256, const byte* data);
326
        extern int Transform_Sha256_AVX1_Len(wc_Sha256* sha256,
327
                                             const byte* data, word32 len);
328
    #endif
329
    #if defined(HAVE_INTEL_AVX2)
330
        extern int Transform_Sha256_AVX2(wc_Sha256 *sha256, const byte* data);
331
        extern int Transform_Sha256_AVX2_Len(wc_Sha256* sha256,
332
                                             const byte* data, word32 len);
333
        #ifdef HAVE_INTEL_RORX
334
        extern int Transform_Sha256_AVX1_RORX(wc_Sha256 *sha256, const byte* data);
335
        extern int Transform_Sha256_AVX1_RORX_Len(wc_Sha256* sha256,
336
                                                  const byte* data, word32 len);
337
        extern int Transform_Sha256_AVX2_RORX(wc_Sha256 *sha256, const byte* data);
338
        extern int Transform_Sha256_AVX2_RORX_Len(wc_Sha256* sha256,
339
                                                  const byte* data, word32 len);
340
        #endif /* HAVE_INTEL_RORX */
341
    #endif /* HAVE_INTEL_AVX2 */
342
343
#ifdef __cplusplus
344
    }  /* extern "C" */
345
#endif
346
347
    static int (*Transform_Sha256_p)(wc_Sha256* sha256, const byte* data);
348
                                                       /* = _Transform_Sha256 */
349
    static int (*Transform_Sha256_Len_p)(wc_Sha256* sha256, const byte* data,
350
                                         word32 len);
351
                                                                    /* = NULL */
352
    static int transform_check = 0;
353
    static word32 intel_flags;
354
    static int Transform_Sha256_is_vectorized = 0;
355
356
    static WC_INLINE int inline_XTRANSFORM(wc_Sha256* S, const byte* D) {
357
        int ret;
358
        ret = (*Transform_Sha256_p)(S, D);
359
        return ret;
360
    }
361
#define XTRANSFORM(...) inline_XTRANSFORM(__VA_ARGS__)
362
363
    static WC_INLINE int inline_XTRANSFORM_LEN(wc_Sha256* S, const byte* D, word32 L) {
364
        int ret;
365
        ret = (*Transform_Sha256_Len_p)(S, D, L);
366
        return ret;
367
    }
368
#define XTRANSFORM_LEN(...) inline_XTRANSFORM_LEN(__VA_ARGS__)
369
370
    static void Sha256_SetTransform(void)
371
    {
372
373
        if (transform_check)
374
            return;
375
376
        intel_flags = cpuid_get_flags();
377
378
    #ifdef HAVE_INTEL_AVX2
379
        if (1 && IS_INTEL_AVX2(intel_flags)) {
380
        #ifdef HAVE_INTEL_RORX
381
            if (IS_INTEL_BMI2(intel_flags)) {
382
                Transform_Sha256_p = Transform_Sha256_AVX2_RORX;
383
                Transform_Sha256_Len_p = Transform_Sha256_AVX2_RORX_Len;
384
                Transform_Sha256_is_vectorized = 1;
385
            }
386
            else
387
        #endif
388
            if (1)
389
            {
390
                Transform_Sha256_p = Transform_Sha256_AVX2;
391
                Transform_Sha256_Len_p = Transform_Sha256_AVX2_Len;
392
                Transform_Sha256_is_vectorized = 1;
393
            }
394
        #ifdef HAVE_INTEL_RORX
395
            else {
396
                Transform_Sha256_p = Transform_Sha256_AVX1_RORX;
397
                Transform_Sha256_Len_p = Transform_Sha256_AVX1_RORX_Len;
398
                Transform_Sha256_is_vectorized = 1;
399
            }
400
        #endif
401
        }
402
        else
403
    #endif
404
    #ifdef HAVE_INTEL_AVX1
405
        if (IS_INTEL_AVX1(intel_flags)) {
406
            Transform_Sha256_p = Transform_Sha256_AVX1;
407
            Transform_Sha256_Len_p = Transform_Sha256_AVX1_Len;
408
            Transform_Sha256_is_vectorized = 1;
409
        }
410
        else
411
    #endif
412
        {
413
            Transform_Sha256_p = Transform_Sha256;
414
            Transform_Sha256_Len_p = NULL;
415
            Transform_Sha256_is_vectorized = 0;
416
        }
417
418
        transform_check = 1;
419
    }
420
421
#if !defined(WOLFSSL_KCAPI_HASH)
422
    int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
423
    {
424
        int ret = 0;
425
        if (sha256 == NULL)
426
            return BAD_FUNC_ARG;
427
428
        sha256->heap = heap;
429
    #ifdef WOLF_CRYPTO_CB
430
        sha256->devId = devId;
431
        sha256->devCtx = NULL;
432
    #endif
433
    #ifdef WOLFSSL_SMALL_STACK_CACHE
434
        sha256->W = NULL;
435
    #endif
436
437
        ret = InitSha256(sha256);
438
        if (ret != 0)
439
            return ret;
440
441
        /* choose best Transform function under this runtime environment */
442
        Sha256_SetTransform();
443
444
    #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256)
445
        ret = wolfAsync_DevCtxInit(&sha256->asyncDev,
446
                            WOLFSSL_ASYNC_MARKER_SHA256, sha256->heap, devId);
447
    #else
448
        (void)devId;
449
    #endif /* WOLFSSL_ASYNC_CRYPT */
450
451
        return ret;
452
    }
453
#endif /* !WOLFSSL_KCAPI_HASH */
454
455
#elif defined(FREESCALE_LTC_SHA)
456
    int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
457
    {
458
        (void)heap;
459
        (void)devId;
460
461
        LTC_HASH_Init(LTC_BASE, &sha256->ctx, kLTC_Sha256, NULL, 0);
462
463
        return 0;
464
    }
465
466
#elif defined(FREESCALE_MMCAU_SHA)
467
468
    #ifdef FREESCALE_MMCAU_CLASSIC_SHA
469
        #include "cau_api.h"
470
    #else
471
        #include "fsl_mmcau.h"
472
    #endif
473
474
    #define XTRANSFORM(S, D)         Transform_Sha256((S),(D))
475
    #define XTRANSFORM_LEN(S, D, L)  Transform_Sha256_Len((S),(D),(L))
476
477
    #ifndef WC_HASH_DATA_ALIGNMENT
478
        /* these hardware API's require 4 byte (word32) alignment */
479
        #define WC_HASH_DATA_ALIGNMENT 4
480
    #endif
481
482
    int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
483
    {
484
        int ret = 0;
485
486
        (void)heap;
487
        (void)devId;
488
489
        ret = wolfSSL_CryptHwMutexLock();
490
        if (ret != 0) {
491
            return ret;
492
        }
493
494
    #ifdef FREESCALE_MMCAU_CLASSIC_SHA
495
        cau_sha256_initialize_output(sha256->digest);
496
    #else
497
        MMCAU_SHA256_InitializeOutput((uint32_t*)sha256->digest);
498
    #endif
499
        wolfSSL_CryptHwMutexUnLock();
500
501
        sha256->buffLen = 0;
502
        sha256->loLen   = 0;
503
        sha256->hiLen   = 0;
504
    #ifdef WOLFSSL_SMALL_STACK_CACHE
505
        sha256->W = NULL;
506
    #endif
507
508
        return ret;
509
    }
510
511
    static int Transform_Sha256(wc_Sha256* sha256, const byte* data)
512
    {
513
        int ret = wolfSSL_CryptHwMutexLock();
514
        if (ret == 0) {
515
    #ifdef FREESCALE_MMCAU_CLASSIC_SHA
516
            cau_sha256_hash_n((byte*)data, 1, sha256->digest);
517
    #else
518
            MMCAU_SHA256_HashN((byte*)data, 1, (uint32_t*)sha256->digest);
519
    #endif
520
            wolfSSL_CryptHwMutexUnLock();
521
        }
522
        return ret;
523
    }
524
525
    static int Transform_Sha256_Len(wc_Sha256* sha256, const byte* data,
526
        word32 len)
527
    {
528
        int ret = wolfSSL_CryptHwMutexLock();
529
        if (ret == 0) {
530
        #if defined(WC_HASH_DATA_ALIGNMENT) && WC_HASH_DATA_ALIGNMENT > 0
531
            if ((wc_ptr_t)data % WC_HASH_DATA_ALIGNMENT) {
532
                /* data pointer is NOT aligned,
533
                 * so copy and perform one block at a time */
534
                byte* local = (byte*)sha256->buffer;
535
                while (len >= WC_SHA256_BLOCK_SIZE) {
536
                    XMEMCPY(local, data, WC_SHA256_BLOCK_SIZE);
537
                #ifdef FREESCALE_MMCAU_CLASSIC_SHA
538
                    cau_sha256_hash_n(local, 1, sha256->digest);
539
                #else
540
                    MMCAU_SHA256_HashN(local, 1, (uint32_t*)sha256->digest);
541
                #endif
542
                    data += WC_SHA256_BLOCK_SIZE;
543
                    len  -= WC_SHA256_BLOCK_SIZE;
544
                }
545
            }
546
            else
547
        #endif
548
            {
549
    #ifdef FREESCALE_MMCAU_CLASSIC_SHA
550
            cau_sha256_hash_n((byte*)data, len/WC_SHA256_BLOCK_SIZE,
551
                sha256->digest);
552
    #else
553
            MMCAU_SHA256_HashN((byte*)data, len/WC_SHA256_BLOCK_SIZE,
554
                (uint32_t*)sha256->digest);
555
    #endif
556
            }
557
            wolfSSL_CryptHwMutexUnLock();
558
        }
559
        return ret;
560
    }
561
562
#elif defined(WOLFSSL_PIC32MZ_HASH)
563
    #include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
564
565
#elif defined(STM32_HASH_SHA2)
566
567
    /* Supports CubeMX HAL or Standard Peripheral Library */
568
569
    int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
570
    {
571
        if (sha256 == NULL)
572
            return BAD_FUNC_ARG;
573
574
        (void)devId;
575
        (void)heap;
576
577
        XMEMSET(sha256, 0, sizeof(wc_Sha256));
578
        wc_Stm32_Hash_Init(&sha256->stmCtx);
579
        return 0;
580
    }
581
582
    int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
583
    {
584
        int ret = 0;
585
586
        if (sha256 == NULL || (data == NULL && len > 0)) {
587
            return BAD_FUNC_ARG;
588
        }
589
590
        ret = wolfSSL_CryptHwMutexLock();
591
        if (ret == 0) {
592
            ret = wc_Stm32_Hash_Update(&sha256->stmCtx,
593
                HASH_AlgoSelection_SHA256, data, len, WC_SHA256_BLOCK_SIZE);
594
            wolfSSL_CryptHwMutexUnLock();
595
        }
596
        return ret;
597
    }
598
599
    int wc_Sha256Final(wc_Sha256* sha256, byte* hash)
600
    {
601
        int ret = 0;
602
603
        if (sha256 == NULL || hash == NULL) {
604
            return BAD_FUNC_ARG;
605
        }
606
607
        ret = wolfSSL_CryptHwMutexLock();
608
        if (ret == 0) {
609
            ret = wc_Stm32_Hash_Final(&sha256->stmCtx,
610
                HASH_AlgoSelection_SHA256, hash, WC_SHA256_DIGEST_SIZE);
611
            wolfSSL_CryptHwMutexUnLock();
612
        }
613
614
        (void)wc_InitSha256(sha256); /* reset state */
615
616
        return ret;
617
    }
618
619
#elif defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_HASH) && \
620
    !defined(WOLFSSL_QNX_CAAM)
621
    /* functions defined in wolfcrypt/src/port/caam/caam_sha256.c */
622
623
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
624
625
    int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
626
    {
627
        if (sha256 == NULL) {
628
            return BAD_FUNC_ARG;
629
        }
630
        (void)devId;
631
632
        return se050_hash_init(&sha256->se050Ctx, heap);
633
    }
634
635
    int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
636
    {
637
        return se050_hash_update(&sha256->se050Ctx, data, len);
638
    }
639
640
    int wc_Sha256Final(wc_Sha256* sha256, byte* hash)
641
    {
642
        int ret = 0;
643
        ret = se050_hash_final(&sha256->se050Ctx, hash, WC_SHA256_DIGEST_SIZE,
644
                               kAlgorithm_SSS_SHA256);
645
        return ret;
646
    }
647
    int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash)
648
    {
649
        int ret = 0;
650
        ret = se050_hash_final(&sha256->se050Ctx, hash, WC_SHA256_DIGEST_SIZE,
651
                               kAlgorithm_SSS_SHA256);
652
        return ret;
653
    }
654
655
#elif defined(WOLFSSL_AFALG_HASH)
656
    /* implemented in wolfcrypt/src/port/af_alg/afalg_hash.c */
657
658
#elif defined(WOLFSSL_DEVCRYPTO_HASH)
659
    /* implemented in wolfcrypt/src/port/devcrypto/devcrypt_hash.c */
660
661
#elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_HASH)
662
    #include "hal_data.h"
663
664
    #ifndef WOLFSSL_SCE_SHA256_HANDLE
665
        #define WOLFSSL_SCE_SHA256_HANDLE g_sce_hash_0
666
    #endif
667
668
    #define WC_SHA256_DIGEST_WORD_SIZE 16
669
    #define XTRANSFORM(S, D) wc_Sha256SCE_XTRANSFORM((S), (D))
670
    static int wc_Sha256SCE_XTRANSFORM(wc_Sha256* sha256, const byte* data)
671
    {
672
        if (WOLFSSL_SCE_GSCE_HANDLE.p_cfg->endian_flag ==
673
                CRYPTO_WORD_ENDIAN_LITTLE)
674
        {
675
            ByteReverseWords((word32*)data, (word32*)data,
676
                    WC_SHA256_BLOCK_SIZE);
677
            ByteReverseWords(sha256->digest, sha256->digest,
678
                    WC_SHA256_DIGEST_SIZE);
679
        }
680
681
        if (WOLFSSL_SCE_SHA256_HANDLE.p_api->hashUpdate(
682
                    WOLFSSL_SCE_SHA256_HANDLE.p_ctrl, (word32*)data,
683
                    WC_SHA256_DIGEST_WORD_SIZE, sha256->digest) != SSP_SUCCESS){
684
            WOLFSSL_MSG("Unexpected hardware return value");
685
            return WC_HW_E;
686
        }
687
688
        if (WOLFSSL_SCE_GSCE_HANDLE.p_cfg->endian_flag ==
689
                CRYPTO_WORD_ENDIAN_LITTLE)
690
        {
691
            ByteReverseWords((word32*)data, (word32*)data,
692
                    WC_SHA256_BLOCK_SIZE);
693
            ByteReverseWords(sha256->digest, sha256->digest,
694
                    WC_SHA256_DIGEST_SIZE);
695
        }
696
697
        return 0;
698
    }
699
700
701
    int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
702
    {
703
        int ret = 0;
704
        if (sha256 == NULL)
705
            return BAD_FUNC_ARG;
706
707
        sha256->heap = heap;
708
709
        ret = InitSha256(sha256);
710
        if (ret != 0)
711
            return ret;
712
713
        (void)devId;
714
715
        return ret;
716
    }
717
718
#elif defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW)
719
720
    /* HW may fail since there's only one, so we still need SW */
721
    #define NEED_SOFT_SHA256
722
723
    /*
724
     * soft SHA needs initialization digest, but HW does not.
725
     */
726
    static int InitSha256(wc_Sha256* sha256)
727
    {
728
        int ret = 0; /* zero = success */
729
730
        if (sha256 == NULL)
731
            return BAD_FUNC_ARG;
732
733
        XMEMSET(sha256->digest, 0, sizeof(sha256->digest));
734
        sha256->digest[0] = 0x6A09E667L;
735
        sha256->digest[1] = 0xBB67AE85L;
736
        sha256->digest[2] = 0x3C6EF372L;
737
        sha256->digest[3] = 0xA54FF53AL;
738
        sha256->digest[4] = 0x510E527FL;
739
        sha256->digest[5] = 0x9B05688CL;
740
        sha256->digest[6] = 0x1F83D9ABL;
741
        sha256->digest[7] = 0x5BE0CD19L;
742
743
        sha256->buffLen = 0;
744
        sha256->loLen   = 0;
745
        sha256->hiLen   = 0;
746
747
        /* always start firstblock = 1 when using hw engine */
748
        sha256->ctx.isfirstblock = 1;
749
        sha256->ctx.sha_type = SHA2_256;
750
        if(sha256->ctx.mode == ESP32_SHA_HW) {
751
            /* release hw */
752
            esp_sha_hw_unlock(&(sha256->ctx));
753
        }
754
755
        /* always set mode as INIT
756
        *  whether using HW or SW is determined at first call of update()
757
        */
758
        sha256->ctx.mode = ESP32_SHA_INIT;
759
760
        return ret;
761
    }
762
763
    /*
764
     * wolfCrypt InitSha256 external wrapper
765
     */
766
    int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
767
    {
768
        int ret = 0; /* zero = success */
769
770
        if (sha256 == NULL)
771
            return BAD_FUNC_ARG;
772
773
        XMEMSET(sha256, 0, sizeof(wc_Sha256));
774
        sha256->ctx.mode = ESP32_SHA_INIT;
775
        sha256->ctx.isfirstblock = 1;
776
        sha256->ctx.lockDepth = 0; /* we'll keep track of our own lock depth */
777
        (void)devId;
778
779
        ret = InitSha256(sha256);
780
781
        return ret;
782
    }
783
784
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
785
    !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
786
787
    /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */
788
789
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \
790
    !defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)
791
792
    /* implemented in wolfcrypt/src/port/Renesas/renesas_sce_sha.c */
793
794
#elif defined(WOLFSSL_PSOC6_CRYPTO)
795
796
    /* implemented in wolfcrypt/src/port/cypress/psoc6_crypto.c */
797
798
#elif defined(WOLFSSL_IMXRT_DCP)
799
    #include <wolfssl/wolfcrypt/port/nxp/dcp_port.h>
800
    /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */
801
802
#elif defined(WOLFSSL_SILABS_SE_ACCEL)
803
    /* implemented in wolfcrypt/src/port/silabs/silabs_hash.c */
804
805
#elif defined(WOLFSSL_KCAPI_HASH)
806
    /* implemented in wolfcrypt/src/port/kcapi/kcapi_hash.c */
807
808
#elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH)
809
    /* implemented in wolfcrypt/src/port/psa/psa_hash.c */
810
811
#else
812
    #define NEED_SOFT_SHA256
813
814
    int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
815
4.06M
    {
816
4.06M
        int ret = 0;
817
4.06M
        if (sha256 == NULL)
818
0
            return BAD_FUNC_ARG;
819
4.06M
        ret = InitSha256(sha256);
820
4.06M
        if (ret != 0)
821
0
            return ret;
822
823
4.06M
        sha256->heap = heap;
824
4.06M
    #ifdef WOLF_CRYPTO_CB
825
4.06M
        sha256->devId = devId;
826
4.06M
        sha256->devCtx = NULL;
827
4.06M
    #endif
828
    #ifdef WOLFSSL_SMALL_STACK_CACHE
829
        sha256->W = NULL;
830
    #endif
831
832
    #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256)
833
        ret = wolfAsync_DevCtxInit(&sha256->asyncDev,
834
                            WOLFSSL_ASYNC_MARKER_SHA256, sha256->heap, devId);
835
    #else
836
4.06M
        (void)devId;
837
4.06M
    #endif /* WOLFSSL_ASYNC_CRYPT */
838
839
4.06M
        return ret;
840
4.06M
    }
841
#endif /* End Hardware Acceleration */
842
843
#ifdef NEED_SOFT_SHA256
844
845
    static const FLASH_QUALIFIER ALIGN32 word32 K[64] = {
846
        0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL,
847
        0x59F111F1L, 0x923F82A4L, 0xAB1C5ED5L, 0xD807AA98L, 0x12835B01L,
848
        0x243185BEL, 0x550C7DC3L, 0x72BE5D74L, 0x80DEB1FEL, 0x9BDC06A7L,
849
        0xC19BF174L, 0xE49B69C1L, 0xEFBE4786L, 0x0FC19DC6L, 0x240CA1CCL,
850
        0x2DE92C6FL, 0x4A7484AAL, 0x5CB0A9DCL, 0x76F988DAL, 0x983E5152L,
851
        0xA831C66DL, 0xB00327C8L, 0xBF597FC7L, 0xC6E00BF3L, 0xD5A79147L,
852
        0x06CA6351L, 0x14292967L, 0x27B70A85L, 0x2E1B2138L, 0x4D2C6DFCL,
853
        0x53380D13L, 0x650A7354L, 0x766A0ABBL, 0x81C2C92EL, 0x92722C85L,
854
        0xA2BFE8A1L, 0xA81A664BL, 0xC24B8B70L, 0xC76C51A3L, 0xD192E819L,
855
        0xD6990624L, 0xF40E3585L, 0x106AA070L, 0x19A4C116L, 0x1E376C08L,
856
        0x2748774CL, 0x34B0BCB5L, 0x391C0CB3L, 0x4ED8AA4AL, 0x5B9CCA4FL,
857
        0x682E6FF3L, 0x748F82EEL, 0x78A5636FL, 0x84C87814L, 0x8CC70208L,
858
        0x90BEFFFAL, 0xA4506CEBL, 0xBEF9A3F7L, 0xC67178F2L
859
    };
860
861
/* Both versions of Ch and Maj are logically the same, but with the second set
862
    the compilers can recognize them better for optimization */
863
#ifdef WOLFSSL_SHA256_BY_SPEC
864
    /* SHA256 math based on specification */
865
45.3M
    #define Ch(x,y,z)       ((z) ^ ((x) & ((y) ^ (z))))
866
45.3M
    #define Maj(x,y,z)      ((((x) | (y)) & (z)) | ((x) & (y)))
867
#else
868
    /* SHA256 math reworked for easier compiler optimization */
869
    #define Ch(x,y,z)       ((((y) ^ (z)) & (x)) ^ (z))
870
    #define Maj(x,y,z)      ((((x) ^ (y)) & ((y) ^ (z))) ^ (y))
871
#endif
872
68.0M
    #define R(x, n)         (((x) & 0xFFFFFFFFU) >> (n))
873
874
408M
    #define S(x, n)         rotrFixed(x, n)
875
45.3M
    #define Sigma0(x)       (S(x, 2)  ^ S(x, 13) ^ S(x, 22))
876
45.3M
    #define Sigma1(x)       (S(x, 6)  ^ S(x, 11) ^ S(x, 25))
877
34.0M
    #define Gamma0(x)       (S(x, 7)  ^ S(x, 18) ^ R(x, 3))
878
34.0M
    #define Gamma1(x)       (S(x, 17) ^ S(x, 19) ^ R(x, 10))
879
880
    #define a(i) S[(0-(i)) & 7]
881
    #define b(i) S[(1-(i)) & 7]
882
    #define c(i) S[(2-(i)) & 7]
883
45.3M
    #define d(i) S[(3-(i)) & 7]
884
    #define e(i) S[(4-(i)) & 7]
885
    #define f(i) S[(5-(i)) & 7]
886
    #define g(i) S[(6-(i)) & 7]
887
90.7M
    #define h(i) S[(7-(i)) & 7]
888
889
    #ifndef XTRANSFORM
890
6.46M
         #define XTRANSFORM(S, D)         Transform_Sha256((S),(D))
891
    #endif
892
893
#ifndef SHA256_MANY_REGISTERS
894
    #define RND(j) \
895
45.3M
         t0 = h(j) + Sigma1(e(j)) + Ch(e(j), f(j), g(j)) + K[i+(j)] + W[i+(j)]; \
896
45.3M
         t1 = Sigma0(a(j)) + Maj(a(j), b(j), c(j)); \
897
45.3M
         d(j) += t0; \
898
45.3M
         h(j)  = t0 + t1
899
900
    static int Transform_Sha256(wc_Sha256* sha256, const byte* data)
901
709k
    {
902
709k
        word32 S[8], t0, t1;
903
709k
        int i;
904
905
    #ifdef WOLFSSL_SMALL_STACK_CACHE
906
        word32* W = sha256->W;
907
        if (W == NULL) {
908
            W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, NULL,
909
                                                           DYNAMIC_TYPE_DIGEST);
910
            if (W == NULL)
911
                return MEMORY_E;
912
            sha256->W = W;
913
        }
914
    #elif defined(WOLFSSL_SMALL_STACK)
915
709k
        word32* W;
916
709k
        W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, NULL,
917
709k
                                                       DYNAMIC_TYPE_TMP_BUFFER);
918
709k
        if (W == NULL)
919
402
            return MEMORY_E;
920
    #else
921
        word32 W[WC_SHA256_BLOCK_SIZE];
922
    #endif
923
924
        /* Copy context->state[] to working vars */
925
6.38M
        for (i = 0; i < 8; i++)
926
5.67M
            S[i] = sha256->digest[i];
927
928
12.0M
        for (i = 0; i < 16; i++)
929
11.3M
            W[i] = *((const word32*)&data[i*sizeof(word32)]);
930
931
34.7M
        for (i = 16; i < WC_SHA256_BLOCK_SIZE; i++)
932
34.0M
            W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15]) + W[i-16];
933
934
    #ifdef USE_SLOW_SHA256
935
        /* not unrolled - ~2k smaller and ~25% slower */
936
        for (i = 0; i < WC_SHA256_BLOCK_SIZE; i += 8) {
937
            int j;
938
            for (j = 0; j < 8; j++) { /* braces needed here for macros {} */
939
                RND(j);
940
            }
941
        }
942
    #else
943
        /* partially loop unrolled */
944
6.38M
        for (i = 0; i < WC_SHA256_BLOCK_SIZE; i += 8) {
945
5.67M
            RND(0); RND(1); RND(2); RND(3);
946
5.67M
            RND(4); RND(5); RND(6); RND(7);
947
5.67M
        }
948
709k
    #endif /* USE_SLOW_SHA256 */
949
950
        /* Add the working vars back into digest state[] */
951
6.38M
        for (i = 0; i < 8; i++) {
952
5.67M
            sha256->digest[i] += S[i];
953
5.67M
        }
954
955
709k
    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE)
956
709k
        XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
957
709k
    #endif
958
709k
        return 0;
959
709k
    }
960
#else
961
    /* SHA256 version that keeps all data in registers */
962
    #define SCHED1(j) (W[j] = *((word32*)&data[j*sizeof(word32)]))
963
    #define SCHED(j) (               \
964
                   W[ j     & 15] += \
965
            Gamma1(W[(j-2)  & 15])+  \
966
                   W[(j-7)  & 15] +  \
967
            Gamma0(W[(j-15) & 15])   \
968
        )
969
970
    #define RND1(j) \
971
         t0 = h(j) + Sigma1(e(j)) + Ch(e(j), f(j), g(j)) + K[i+j] + SCHED1(j); \
972
         t1 = Sigma0(a(j)) + Maj(a(j), b(j), c(j)); \
973
         d(j) += t0; \
974
         h(j)  = t0 + t1
975
    #define RNDN(j) \
976
         t0 = h(j) + Sigma1(e(j)) + Ch(e(j), f(j), g(j)) + K[i+j] + SCHED(j); \
977
         t1 = Sigma0(a(j)) + Maj(a(j), b(j), c(j)); \
978
         d(j) += t0; \
979
         h(j)  = t0 + t1
980
981
    static int Transform_Sha256(wc_Sha256* sha256, const byte* data)
982
    {
983
        word32 S[8], t0, t1;
984
        int i;
985
        word32 W[WC_SHA256_BLOCK_SIZE/sizeof(word32)];
986
987
        /* Copy digest to working vars */
988
        S[0] = sha256->digest[0];
989
        S[1] = sha256->digest[1];
990
        S[2] = sha256->digest[2];
991
        S[3] = sha256->digest[3];
992
        S[4] = sha256->digest[4];
993
        S[5] = sha256->digest[5];
994
        S[6] = sha256->digest[6];
995
        S[7] = sha256->digest[7];
996
997
        i = 0;
998
        RND1( 0); RND1( 1); RND1( 2); RND1( 3);
999
        RND1( 4); RND1( 5); RND1( 6); RND1( 7);
1000
        RND1( 8); RND1( 9); RND1(10); RND1(11);
1001
        RND1(12); RND1(13); RND1(14); RND1(15);
1002
        /* 64 operations, partially loop unrolled */
1003
        for (i = 16; i < 64; i += 16) {
1004
            RNDN( 0); RNDN( 1); RNDN( 2); RNDN( 3);
1005
            RNDN( 4); RNDN( 5); RNDN( 6); RNDN( 7);
1006
            RNDN( 8); RNDN( 9); RNDN(10); RNDN(11);
1007
            RNDN(12); RNDN(13); RNDN(14); RNDN(15);
1008
        }
1009
1010
        /* Add the working vars back into digest */
1011
        sha256->digest[0] += S[0];
1012
        sha256->digest[1] += S[1];
1013
        sha256->digest[2] += S[2];
1014
        sha256->digest[3] += S[3];
1015
        sha256->digest[4] += S[4];
1016
        sha256->digest[5] += S[5];
1017
        sha256->digest[6] += S[6];
1018
        sha256->digest[7] += S[7];
1019
1020
        return 0;
1021
    }
1022
#endif /* SHA256_MANY_REGISTERS */
1023
#endif
1024
/* End wc_ software implementation */
1025
1026
1027
#ifdef XTRANSFORM
1028
1029
    static WC_INLINE void AddLength(wc_Sha256* sha256, word32 len)
1030
8.03M
    {
1031
8.03M
        word32 tmp = sha256->loLen;
1032
8.03M
        if ((sha256->loLen += len) < tmp) {
1033
0
            sha256->hiLen++;                       /* carry low to high */
1034
0
        }
1035
8.03M
    }
1036
1037
    /* do block size increments/updates */
1038
    static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
1039
8.03M
    {
1040
8.03M
        int ret = 0;
1041
8.03M
        word32 blocksLen;
1042
8.03M
        byte* local;
1043
1044
8.03M
        if (sha256 == NULL || (data == NULL && len > 0)) {
1045
0
            return BAD_FUNC_ARG;
1046
0
        }
1047
1048
8.03M
        if (data == NULL && len == 0) {
1049
            /* valid, but do nothing */
1050
743
            return 0;
1051
743
        }
1052
1053
        /* check that internal buffLen is valid */
1054
8.03M
        if (sha256->buffLen >= WC_SHA256_BLOCK_SIZE) {
1055
0
            return BUFFER_E;
1056
0
        }
1057
1058
        /* add length for final */
1059
8.03M
        AddLength(sha256, len);
1060
1061
8.03M
        local = (byte*)sha256->buffer;
1062
1063
        /* process any remainder from previous operation */
1064
8.03M
        if (sha256->buffLen > 0) {
1065
3.87M
            blocksLen = min(len, WC_SHA256_BLOCK_SIZE - sha256->buffLen);
1066
3.87M
            XMEMCPY(&local[sha256->buffLen], data, blocksLen);
1067
1068
3.87M
            sha256->buffLen += blocksLen;
1069
3.87M
            data            += blocksLen;
1070
3.87M
            len             -= blocksLen;
1071
1072
3.87M
            if (sha256->buffLen == WC_SHA256_BLOCK_SIZE) {
1073
99.8k
            #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
1074
                #if defined(USE_INTEL_SPEEDUP) && \
1075
                          (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1076
                if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
1077
                #endif
1078
99.8k
                {
1079
99.8k
                    ByteReverseWords(sha256->buffer, sha256->buffer,
1080
99.8k
                        WC_SHA256_BLOCK_SIZE);
1081
99.8k
                }
1082
99.8k
            #endif
1083
1084
            #if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW)
1085
                if (sha256->ctx.mode == ESP32_SHA_INIT ||
1086
                    sha256->ctx.mode == ESP32_SHA_FAIL_NEED_UNROLL) {
1087
                    esp_sha_try_hw_lock(&sha256->ctx);
1088
                }
1089
1090
                if (sha256->ctx.mode == ESP32_SHA_SW) {
1091
                    ret = XTRANSFORM(sha256, (const byte*)local);
1092
                }
1093
                else {
1094
                    esp_sha256_process(sha256, (const byte*)local);
1095
                }
1096
            #else
1097
99.8k
                ret = XTRANSFORM(sha256, (const byte*)local);
1098
99.8k
            #endif
1099
1100
99.8k
                if (ret == 0)
1101
99.8k
                    sha256->buffLen = 0;
1102
0
                else
1103
0
                    len = 0; /* error */
1104
99.8k
            }
1105
3.87M
        }
1106
1107
        /* process blocks */
1108
    #ifdef XTRANSFORM_LEN
1109
        #if defined(USE_INTEL_SPEEDUP) && \
1110
                          (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1111
        if (Transform_Sha256_Len_p != NULL)
1112
        #endif
1113
        {
1114
            /* get number of blocks */
1115
            /* 64-1 = 0x3F (~ Inverted = 0xFFFFFFC0) */
1116
            /* len (masked by 0xFFFFFFC0) returns block aligned length */
1117
            blocksLen = len & ~(WC_SHA256_BLOCK_SIZE-1);
1118
            if (blocksLen > 0) {
1119
                /* Byte reversal and alignment handled in function if required */
1120
                XTRANSFORM_LEN(sha256, data, blocksLen);
1121
                data += blocksLen;
1122
                len  -= blocksLen;
1123
            }
1124
        }
1125
        #if defined(USE_INTEL_SPEEDUP) && \
1126
                          (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1127
        else
1128
        #endif
1129
    #endif /* XTRANSFORM_LEN */
1130
8.03M
    #if !defined(XTRANSFORM_LEN) || (defined(USE_INTEL_SPEEDUP) && \
1131
8.03M
                         (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)))
1132
8.03M
        {
1133
9.10M
            while (len >= WC_SHA256_BLOCK_SIZE) {
1134
1.07M
                word32* local32 = sha256->buffer;
1135
                /* optimization to avoid memcpy if data pointer is properly aligned */
1136
                /* Intel transform function requires use of sha256->buffer */
1137
                /* Little Endian requires byte swap, so can't use data directly */
1138
            #if defined(WC_HASH_DATA_ALIGNMENT) && !defined(LITTLE_ENDIAN_ORDER) && \
1139
                !(defined(USE_INTEL_SPEEDUP) && \
1140
                         (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)))
1141
                if (((wc_ptr_t)data % WC_HASH_DATA_ALIGNMENT) == 0) {
1142
                    local32 = (word32*)data;
1143
                }
1144
                else
1145
            #endif
1146
1.07M
                {
1147
1.07M
                    XMEMCPY(local32, data, WC_SHA256_BLOCK_SIZE);
1148
1.07M
                }
1149
1150
1.07M
                data += WC_SHA256_BLOCK_SIZE;
1151
1.07M
                len  -= WC_SHA256_BLOCK_SIZE;
1152
1153
1.07M
            #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
1154
                #if defined(USE_INTEL_SPEEDUP) && \
1155
                          (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1156
                if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
1157
                #endif
1158
1.07M
                {
1159
1.07M
                    ByteReverseWords(local32, local32, WC_SHA256_BLOCK_SIZE);
1160
1.07M
                }
1161
1.07M
            #endif
1162
1163
            #if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW)
1164
                if (sha256->ctx.mode == ESP32_SHA_INIT){
1165
                    esp_sha_try_hw_lock(&sha256->ctx);
1166
                }
1167
                if (sha256->ctx.mode == ESP32_SHA_SW) {
1168
                    ret = XTRANSFORM(sha256, (const byte*)local32);
1169
                }
1170
                else {
1171
                    esp_sha256_process(sha256, (const byte*)local32);
1172
                }
1173
#else
1174
1.07M
                ret = XTRANSFORM(sha256, (const byte*)local32);
1175
1.07M
            #endif
1176
1177
1.07M
                if (ret != 0)
1178
27
                    break;
1179
1.07M
            }
1180
8.03M
        }
1181
8.03M
    #endif
1182
1183
        /* save remainder */
1184
8.03M
        if (ret == 0 && len > 0) {
1185
4.16M
            XMEMCPY(local, data, len);
1186
4.16M
            sha256->buffLen = len;
1187
4.16M
        }
1188
1189
8.03M
        return ret;
1190
8.03M
    }
1191
1192
#if defined(WOLFSSL_KCAPI_HASH)
1193
    /* implemented in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1194
1195
#else
1196
    int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
1197
717k
    {
1198
717k
        if (sha256 == NULL || (data == NULL && len > 0)) {
1199
0
            return BAD_FUNC_ARG;
1200
0
        }
1201
1202
717k
        if (data == NULL && len == 0) {
1203
            /* valid, but do nothing */
1204
3.64k
            return 0;
1205
3.64k
        }
1206
1207
713k
    #ifdef WOLF_CRYPTO_CB
1208
713k
        if (sha256->devId != INVALID_DEVID) {
1209
140
            int ret = wc_CryptoCb_Sha256Hash(sha256, data, len, NULL);
1210
140
            if (ret != CRYPTOCB_UNAVAILABLE)
1211
0
                return ret;
1212
            /* fall-through when unavailable */
1213
140
        }
1214
713k
    #endif
1215
    #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256)
1216
        if (sha256->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA256) {
1217
        #if defined(HAVE_INTEL_QA)
1218
            return IntelQaSymSha256(&sha256->asyncDev, NULL, data, len);
1219
        #endif
1220
        }
1221
    #endif /* WOLFSSL_ASYNC_CRYPT */
1222
1223
713k
        return Sha256Update(sha256, data, len);
1224
713k
    }
1225
#endif
1226
1227
    static WC_INLINE int Sha256Final(wc_Sha256* sha256)
1228
4.05M
    {
1229
1230
4.05M
        int ret;
1231
4.05M
        byte* local;
1232
1233
4.05M
        if (sha256 == NULL) {
1234
0
            return BAD_FUNC_ARG;
1235
0
        }
1236
1237
4.05M
        local = (byte*)sha256->buffer;
1238
4.05M
        local[sha256->buffLen++] = 0x80; /* add 1 */
1239
1240
        /* pad with zeros */
1241
4.05M
        if (sha256->buffLen > WC_SHA256_PAD_SIZE) {
1242
1.23M
            XMEMSET(&local[sha256->buffLen], 0,
1243
1.23M
                WC_SHA256_BLOCK_SIZE - sha256->buffLen);
1244
1.23M
            sha256->buffLen += WC_SHA256_BLOCK_SIZE - sha256->buffLen;
1245
1246
1.23M
        #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
1247
            #if defined(USE_INTEL_SPEEDUP) && \
1248
                          (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1249
            if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
1250
            #endif
1251
1.23M
            {
1252
1.23M
                ByteReverseWords(sha256->buffer, sha256->buffer,
1253
1.23M
                                                      WC_SHA256_BLOCK_SIZE);
1254
1.23M
            }
1255
1.23M
        #endif
1256
1257
        #if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW)
1258
            if (sha256->ctx.mode == ESP32_SHA_INIT) {
1259
                esp_sha_try_hw_lock(&sha256->ctx);
1260
            }
1261
            if (sha256->ctx.mode == ESP32_SHA_SW) {
1262
                ret = XTRANSFORM(sha256, (const byte*)local);
1263
            }
1264
            else {
1265
                ret = esp_sha256_process(sha256, (const byte*)local);
1266
            }
1267
        #else
1268
1.23M
            ret = XTRANSFORM(sha256, (const byte*)local);
1269
1.23M
        #endif
1270
1.23M
            if (ret != 0)
1271
100
                return ret;
1272
1273
1.23M
            sha256->buffLen = 0;
1274
1.23M
        }
1275
4.05M
        XMEMSET(&local[sha256->buffLen], 0,
1276
4.05M
            WC_SHA256_PAD_SIZE - sha256->buffLen);
1277
1278
        /* put lengths in bits */
1279
4.05M
        sha256->hiLen = (sha256->loLen >> (8 * sizeof(sha256->loLen) - 3)) +
1280
4.05M
                                                         (sha256->hiLen << 3);
1281
4.05M
        sha256->loLen = sha256->loLen << 3;
1282
1283
        /* store lengths */
1284
4.05M
    #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
1285
        #if defined(USE_INTEL_SPEEDUP) && \
1286
                          (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1287
        if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
1288
        #endif
1289
4.05M
        {
1290
4.05M
            ByteReverseWords(sha256->buffer, sha256->buffer,
1291
4.05M
                WC_SHA256_BLOCK_SIZE);
1292
4.05M
        }
1293
4.05M
    #endif
1294
        /* ! length ordering dependent on digest endian type ! */
1295
4.05M
        XMEMCPY(&local[WC_SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
1296
4.05M
        XMEMCPY(&local[WC_SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
1297
4.05M
                sizeof(word32));
1298
1299
    #if defined(FREESCALE_MMCAU_SHA) || (defined(USE_INTEL_SPEEDUP) && \
1300
                         (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)))
1301
        /* Kinetis requires only these bytes reversed */
1302
        #if defined(USE_INTEL_SPEEDUP) && \
1303
                          (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1304
        if (IS_INTEL_AVX1(intel_flags) || IS_INTEL_AVX2(intel_flags))
1305
        #endif
1306
        {
1307
            ByteReverseWords(
1308
                &sha256->buffer[WC_SHA256_PAD_SIZE / sizeof(word32)],
1309
                &sha256->buffer[WC_SHA256_PAD_SIZE / sizeof(word32)],
1310
                2 * sizeof(word32));
1311
        }
1312
    #endif
1313
1314
    #if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW)
1315
        if (sha256->ctx.mode == ESP32_SHA_INIT) {
1316
            esp_sha_try_hw_lock(&sha256->ctx);
1317
        }
1318
        if (sha256->ctx.mode == ESP32_SHA_SW) {
1319
            ret = XTRANSFORM(sha256, (const byte*)local);
1320
        }
1321
        else {
1322
            ret = esp_sha256_digest_process(sha256, 1);
1323
        }
1324
    #else
1325
4.05M
        ret = XTRANSFORM(sha256, (const byte*)local);
1326
4.05M
    #endif
1327
1328
4.05M
        return ret;
1329
4.05M
    }
1330
1331
#if !defined(WOLFSSL_KCAPI_HASH)
1332
1333
    int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash)
1334
68
    {
1335
68
    #ifdef LITTLE_ENDIAN_ORDER
1336
68
        word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)];
1337
68
    #endif
1338
1339
68
        if (sha256 == NULL || hash == NULL) {
1340
0
            return BAD_FUNC_ARG;
1341
0
        }
1342
1343
68
    #ifdef LITTLE_ENDIAN_ORDER
1344
68
        ByteReverseWords((word32*)digest, (word32*)sha256->digest,
1345
68
                                                         WC_SHA256_DIGEST_SIZE);
1346
68
        XMEMCPY(hash, digest, WC_SHA256_DIGEST_SIZE);
1347
    #else
1348
        XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
1349
    #endif
1350
1351
68
        return 0;
1352
68
    }
1353
1354
    int wc_Sha256Final(wc_Sha256* sha256, byte* hash)
1355
535k
    {
1356
535k
        int ret;
1357
1358
535k
        if (sha256 == NULL || hash == NULL) {
1359
0
            return BAD_FUNC_ARG;
1360
0
        }
1361
1362
535k
    #ifdef WOLF_CRYPTO_CB
1363
535k
        if (sha256->devId != INVALID_DEVID) {
1364
40
            ret = wc_CryptoCb_Sha256Hash(sha256, NULL, 0, hash);
1365
40
            if (ret != CRYPTOCB_UNAVAILABLE)
1366
0
                return ret;
1367
            /* fall-through when unavailable */
1368
40
        }
1369
535k
    #endif
1370
1371
    #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256)
1372
        if (sha256->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA256) {
1373
        #if defined(HAVE_INTEL_QA)
1374
            return IntelQaSymSha256(&sha256->asyncDev, hash, NULL,
1375
                                            WC_SHA256_DIGEST_SIZE);
1376
        #endif
1377
        }
1378
    #endif /* WOLFSSL_ASYNC_CRYPT */
1379
1380
535k
        ret = Sha256Final(sha256);
1381
535k
        if (ret != 0)
1382
375
            return ret;
1383
1384
534k
    #if defined(LITTLE_ENDIAN_ORDER)
1385
534k
        ByteReverseWords(sha256->digest, sha256->digest, WC_SHA256_DIGEST_SIZE);
1386
534k
    #endif
1387
534k
        XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
1388
1389
534k
        return InitSha256(sha256);  /* reset state */
1390
535k
    }
1391
1392
#endif /* !WOLFSSL_KCAPI_HASH */
1393
1394
    #if defined(OPENSSL_EXTRA)
1395
/* Apply SHA256 transformation to the data                */
1396
/* @param sha  a pointer to wc_Sha256 structure           */
1397
/* @param data data to be applied SHA256 transformation   */
1398
/* @return 0 on successful, otherwise non-zero on failure */
1399
    int wc_Sha256Transform(wc_Sha256* sha, const unsigned char* data)
1400
    {
1401
        if (sha == NULL || data == NULL) {
1402
            return BAD_FUNC_ARG;
1403
        }
1404
        return (Transform_Sha256(sha, data));
1405
    }
1406
    #endif
1407
#endif /* XTRANSFORM */
1408
1409
#ifdef WOLFSSL_SHA224
1410
1411
#ifdef STM32_HASH_SHA2
1412
1413
    /* Supports CubeMX HAL or Standard Peripheral Library */
1414
1415
    int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId)
1416
    {
1417
        if (sha224 == NULL)
1418
            return BAD_FUNC_ARG;
1419
        (void)devId;
1420
        (void)heap;
1421
1422
        XMEMSET(sha224, 0, sizeof(wc_Sha224));
1423
        wc_Stm32_Hash_Init(&sha224->stmCtx);
1424
        return 0;
1425
    }
1426
1427
    int wc_Sha224Update(wc_Sha224* sha224, const byte* data, word32 len)
1428
    {
1429
        int ret = 0;
1430
1431
        if (sha224 == NULL || (data == NULL && len > 0)) {
1432
            return BAD_FUNC_ARG;
1433
        }
1434
1435
        ret = wolfSSL_CryptHwMutexLock();
1436
        if (ret == 0) {
1437
            ret = wc_Stm32_Hash_Update(&sha224->stmCtx,
1438
                HASH_AlgoSelection_SHA224, data, len, WC_SHA224_BLOCK_SIZE);
1439
            wolfSSL_CryptHwMutexUnLock();
1440
        }
1441
        return ret;
1442
    }
1443
1444
    int wc_Sha224Final(wc_Sha224* sha224, byte* hash)
1445
    {
1446
        int ret = 0;
1447
1448
        if (sha224 == NULL || hash == NULL) {
1449
            return BAD_FUNC_ARG;
1450
        }
1451
1452
        ret = wolfSSL_CryptHwMutexLock();
1453
        if (ret == 0) {
1454
            ret = wc_Stm32_Hash_Final(&sha224->stmCtx,
1455
                HASH_AlgoSelection_SHA224, hash, WC_SHA224_DIGEST_SIZE);
1456
            wolfSSL_CryptHwMutexUnLock();
1457
        }
1458
1459
        (void)wc_InitSha224(sha224); /* reset state */
1460
1461
        return ret;
1462
    }
1463
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
1464
1465
    int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId)
1466
    {
1467
        if (sha224 == NULL) {
1468
            return BAD_FUNC_ARG;
1469
        }
1470
        (void)devId;
1471
1472
        return se050_hash_init(&sha224->se050Ctx, heap);
1473
    }
1474
1475
    int wc_Sha224Update(wc_Sha224* sha224, const byte* data, word32 len)
1476
    {
1477
        return se050_hash_update(&sha224->se050Ctx, data, len);
1478
    }
1479
1480
    int wc_Sha224Final(wc_Sha224* sha224, byte* hash)
1481
    {
1482
        int ret = 0;
1483
        ret = se050_hash_final(&sha224->se050Ctx, hash, WC_SHA224_DIGEST_SIZE,
1484
                               kAlgorithm_SSS_SHA224);
1485
        (void)wc_InitSha224(sha224);
1486
        return ret;
1487
    }
1488
1489
#elif defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_HASH) && \
1490
    !defined(WOLFSSL_QNX_CAAM)
1491
    /* functions defined in wolfcrypt/src/port/caam/caam_sha256.c */
1492
1493
#elif defined(WOLFSSL_AFALG_HASH)
1494
    #error SHA224 currently not supported with AF_ALG enabled
1495
1496
#elif defined(WOLFSSL_DEVCRYPTO_HASH)
1497
    /* implemented in wolfcrypt/src/port/devcrypto/devcrypt_hash.c */
1498
1499
#elif defined(WOLFSSL_SILABS_SE_ACCEL)
1500
    /* implemented in wolfcrypt/src/port/silabs/silabs_hash.c */
1501
1502
#elif defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_NO_KCAPI_SHA224)
1503
    /* implemented in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1504
1505
#elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH)
1506
    /* implemented in wolfcrypt/src/port/psa/psa_hash.c */
1507
1508
#else
1509
1510
    #define NEED_SOFT_SHA224
1511
1512
1513
    static int InitSha224(wc_Sha224* sha224)
1514
2.69k
    {
1515
2.69k
        int ret = 0;
1516
1517
2.69k
        if (sha224 == NULL) {
1518
0
            return BAD_FUNC_ARG;
1519
0
        }
1520
1521
2.69k
        sha224->digest[0] = 0xc1059ed8;
1522
2.69k
        sha224->digest[1] = 0x367cd507;
1523
2.69k
        sha224->digest[2] = 0x3070dd17;
1524
2.69k
        sha224->digest[3] = 0xf70e5939;
1525
2.69k
        sha224->digest[4] = 0xffc00b31;
1526
2.69k
        sha224->digest[5] = 0x68581511;
1527
2.69k
        sha224->digest[6] = 0x64f98fa7;
1528
2.69k
        sha224->digest[7] = 0xbefa4fa4;
1529
1530
2.69k
        sha224->buffLen = 0;
1531
2.69k
        sha224->loLen   = 0;
1532
2.69k
        sha224->hiLen   = 0;
1533
1534
    #if defined(USE_INTEL_SPEEDUP) && \
1535
                          (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1536
        /* choose best Transform function under this runtime environment */
1537
        Sha256_SetTransform();
1538
    #endif
1539
2.69k
    #ifdef WOLFSSL_HASH_FLAGS
1540
2.69k
        sha224->flags = 0;
1541
2.69k
    #endif
1542
    #ifdef WOLFSSL_HASH_KEEP
1543
        sha224->msg  = NULL;
1544
        sha224->len  = 0;
1545
        sha224->used = 0;
1546
    #endif
1547
1548
1549
2.69k
        return ret;
1550
2.69k
    }
1551
1552
#endif
1553
1554
#ifdef NEED_SOFT_SHA224
1555
    int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId)
1556
1.33k
    {
1557
1.33k
        int ret = 0;
1558
1559
1.33k
        if (sha224 == NULL)
1560
0
            return BAD_FUNC_ARG;
1561
1562
1.33k
        sha224->heap = heap;
1563
    #ifdef WOLFSSL_SMALL_STACK_CACHE
1564
        sha224->W = NULL;
1565
    #endif
1566
1567
1.33k
        ret = InitSha224(sha224);
1568
1.33k
        if (ret != 0)
1569
0
            return ret;
1570
1571
    #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA224)
1572
        ret = wolfAsync_DevCtxInit(&sha224->asyncDev,
1573
                            WOLFSSL_ASYNC_MARKER_SHA224, sha224->heap, devId);
1574
    #else
1575
1.33k
        (void)devId;
1576
1.33k
    #endif /* WOLFSSL_ASYNC_CRYPT */
1577
1578
1.33k
        return ret;
1579
1.33k
    }
1580
1581
    int wc_Sha224Update(wc_Sha224* sha224, const byte* data, word32 len)
1582
2.42k
    {
1583
2.42k
        int ret;
1584
1585
2.42k
        if (sha224 == NULL || (data == NULL && len > 0)) {
1586
0
            return BAD_FUNC_ARG;
1587
0
        }
1588
1589
    #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA224)
1590
        if (sha224->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA224) {
1591
        #if defined(HAVE_INTEL_QA)
1592
            return IntelQaSymSha224(&sha224->asyncDev, NULL, data, len);
1593
        #endif
1594
        }
1595
    #endif /* WOLFSSL_ASYNC_CRYPT */
1596
1597
2.42k
        ret = Sha256Update((wc_Sha256*)sha224, data, len);
1598
1599
2.42k
        return ret;
1600
2.42k
    }
1601
1602
    int wc_Sha224Final(wc_Sha224* sha224, byte* hash)
1603
1.36k
    {
1604
1.36k
        int ret;
1605
1606
1.36k
        if (sha224 == NULL || hash == NULL) {
1607
0
            return BAD_FUNC_ARG;
1608
0
        }
1609
1610
    #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA224)
1611
        if (sha224->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA224) {
1612
        #if defined(HAVE_INTEL_QA)
1613
            return IntelQaSymSha224(&sha224->asyncDev, hash, NULL,
1614
                                            WC_SHA224_DIGEST_SIZE);
1615
        #endif
1616
        }
1617
    #endif /* WOLFSSL_ASYNC_CRYPT */
1618
1619
1.36k
        ret = Sha256Final((wc_Sha256*)sha224);
1620
1.36k
        if (ret != 0)
1621
0
            return ret;
1622
1623
1.36k
    #if defined(LITTLE_ENDIAN_ORDER)
1624
1.36k
        ByteReverseWords(sha224->digest, sha224->digest, WC_SHA224_DIGEST_SIZE);
1625
1.36k
    #endif
1626
1.36k
        XMEMCPY(hash, sha224->digest, WC_SHA224_DIGEST_SIZE);
1627
1628
1.36k
        return InitSha224(sha224);  /* reset state */
1629
1.36k
    }
1630
#endif /* end of SHA224 software implementation */
1631
1632
    int wc_InitSha224(wc_Sha224* sha224)
1633
1.18k
    {
1634
1.18k
        int devId = INVALID_DEVID;
1635
1636
1.18k
    #ifdef WOLF_CRYPTO_CB
1637
1.18k
        devId = wc_CryptoCb_DefaultDevID();
1638
1.18k
    #endif
1639
1.18k
        return wc_InitSha224_ex(sha224, NULL, devId);
1640
1.18k
    }
1641
1642
#if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)
1643
    /* implemented in wolfcrypt/src/port/psa/psa_hash.c */
1644
1645
    void wc_Sha224Free(wc_Sha224* sha224)
1646
2.68k
    {
1647
2.68k
        if (sha224 == NULL)
1648
0
            return;
1649
1650
#ifdef WOLFSSL_SMALL_STACK_CACHE
1651
    if (sha224->W != NULL) {
1652
        XFREE(sha224->W, NULL, DYNAMIC_TYPE_DIGEST);
1653
        sha224->W = NULL;
1654
    }
1655
#endif
1656
1657
    #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA224)
1658
        wolfAsync_DevCtxFree(&sha224->asyncDev, WOLFSSL_ASYNC_MARKER_SHA224);
1659
    #endif /* WOLFSSL_ASYNC_CRYPT */
1660
1661
    #ifdef WOLFSSL_PIC32MZ_HASH
1662
        wc_Sha256Pic32Free(sha224);
1663
    #endif
1664
    #if defined(WOLFSSL_KCAPI_HASH)
1665
        KcapiHashFree(&sha224->kcapi);
1666
    #endif
1667
2.68k
    }
1668
#endif /* WOLFSSL_SHA224 */
1669
#endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */
1670
1671
1672
int wc_InitSha256(wc_Sha256* sha256)
1673
3.38M
{
1674
3.38M
    int devId = INVALID_DEVID;
1675
1676
3.38M
#ifdef WOLF_CRYPTO_CB
1677
3.38M
    devId = wc_CryptoCb_DefaultDevID();
1678
3.38M
#endif
1679
3.38M
    return wc_InitSha256_ex(sha256, NULL, devId);
1680
3.38M
}
1681
1682
#if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)
1683
    /* implemented in wolfcrypt/src/port/psa/psa_hash.c */
1684
1685
void wc_Sha256Free(wc_Sha256* sha256)
1686
4.07M
{
1687
4.07M
    if (sha256 == NULL)
1688
0
        return;
1689
1690
#ifdef WOLFSSL_SMALL_STACK_CACHE
1691
    if (sha256->W != NULL) {
1692
        XFREE(sha256->W, NULL, DYNAMIC_TYPE_DIGEST);
1693
        sha256->W = NULL;
1694
    }
1695
#endif
1696
1697
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256)
1698
    wolfAsync_DevCtxFree(&sha256->asyncDev, WOLFSSL_ASYNC_MARKER_SHA256);
1699
#endif /* WOLFSSL_ASYNC_CRYPT */
1700
#ifdef WOLFSSL_PIC32MZ_HASH
1701
    wc_Sha256Pic32Free(sha256);
1702
#endif
1703
#if defined(WOLFSSL_AFALG_HASH)
1704
    if (sha256->alFd > 0) {
1705
        close(sha256->alFd);
1706
        sha256->alFd = -1; /* avoid possible double close on socket */
1707
    }
1708
    if (sha256->rdFd > 0) {
1709
        close(sha256->rdFd);
1710
        sha256->rdFd = -1; /* avoid possible double close on socket */
1711
    }
1712
#endif /* WOLFSSL_AFALG_HASH */
1713
#ifdef WOLFSSL_DEVCRYPTO_HASH
1714
    wc_DevCryptoFree(&sha256->ctx);
1715
#endif /* WOLFSSL_DEVCRYPTO */
1716
#if (defined(WOLFSSL_AFALG_HASH) && defined(WOLFSSL_AFALG_HASH_KEEP)) || \
1717
    (defined(WOLFSSL_DEVCRYPTO_HASH) && defined(WOLFSSL_DEVCRYPTO_HASH_KEEP)) || \
1718
    (defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
1719
    !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) || \
1720
    (defined(WOLFSSL_RENESAS_SCEPROTECT) && \
1721
    !defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)) || \
1722
    defined(WOLFSSL_HASH_KEEP)
1723
1724
    if (sha256->msg != NULL) {
1725
        XFREE(sha256->msg, sha256->heap, DYNAMIC_TYPE_TMP_BUFFER);
1726
        sha256->msg = NULL;
1727
    }
1728
#endif
1729
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
1730
    se050_hash_free(&sha256->se050Ctx);
1731
#endif
1732
#if defined(WOLFSSL_KCAPI_HASH)
1733
    KcapiHashFree(&sha256->kcapi);
1734
#endif
1735
#ifdef WOLFSSL_IMXRT_DCP
1736
    DCPSha256Free(sha256);
1737
#endif
1738
/* Espressif embedded hardware acceleration specific: */
1739
#if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW)
1740
    if (sha256->ctx.lockDepth > 0) {
1741
        /* probably due to unclean shutdown, error, or other problem.
1742
         *
1743
         * if you find yourself here, code needs to be cleaned up to
1744
         * properly release hardware. this init is only for handling
1745
         * the unexpected. by the time free is called, the hardware
1746
         * should have already been released (lockDepth = 0)
1747
         */
1748
        InitSha256(sha256); /* unlock mutex, set mode to ESP32_SHA_INIT */
1749
        ESP_LOGE("sha256", "ERROR: hardware unlock needed in wc_Sha256Free");
1750
    }
1751
    else {
1752
        ESP_LOGV("sha256", "hardware unlock not needed in wc_Sha256Free");
1753
    }
1754
#endif
1755
4.07M
}
1756
1757
#endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */
1758
#ifdef WOLFSSL_HASH_KEEP
1759
/* Some hardware have issues with update, this function stores the data to be
1760
 * hashed into an array. Once ready, the Final operation is called on all of the
1761
 * data to be hashed at once.
1762
 * returns 0 on success
1763
 */
1764
int wc_Sha256_Grow(wc_Sha256* sha256, const byte* in, int inSz)
1765
{
1766
    return _wc_Hash_Grow(&(sha256->msg), &(sha256->used), &(sha256->len), in,
1767
                        inSz, sha256->heap);
1768
}
1769
#ifdef WOLFSSL_SHA224
1770
int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
1771
{
1772
    return _wc_Hash_Grow(&(sha224->msg), &(sha224->used), &(sha224->len), in,
1773
                        inSz, sha224->heap);
1774
}
1775
#endif /* WOLFSSL_SHA224 */
1776
#endif /* WOLFSSL_HASH_KEEP */
1777
1778
#endif /* !WOLFSSL_TI_HASH */
1779
#endif /* HAVE_FIPS */
1780
1781
1782
#ifndef WOLFSSL_TI_HASH
1783
#ifdef WOLFSSL_SHA224
1784
1785
#if defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_NO_KCAPI_SHA224)
1786
    /* implemented in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1787
#elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH)
1788
    /* implemented in wolfcrypt/src/port/psa/psa_hash.c */
1789
1790
#else
1791
1792
    int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash)
1793
0
    {
1794
0
        int ret;
1795
0
        wc_Sha224 tmpSha224;
1796
1797
0
        wc_InitSha224(&tmpSha224);
1798
0
        if (sha224 == NULL || hash == NULL)
1799
0
            return BAD_FUNC_ARG;
1800
1801
0
        ret = wc_Sha224Copy(sha224, &tmpSha224);
1802
0
        if (ret == 0) {
1803
0
            ret = wc_Sha224Final(&tmpSha224, hash);
1804
0
            wc_Sha224Free(&tmpSha224);
1805
0
        }
1806
0
        return ret;
1807
0
    }
1808
    int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst)
1809
1.30k
    {
1810
1.30k
        int ret = 0;
1811
1812
1.30k
        if (src == NULL || dst == NULL)
1813
0
            return BAD_FUNC_ARG;
1814
1815
1.30k
        XMEMCPY(dst, src, sizeof(wc_Sha224));
1816
    #ifdef WOLFSSL_SMALL_STACK_CACHE
1817
        dst->W = NULL;
1818
    #endif
1819
1820
    #ifdef WOLFSSL_SILABS_SE_ACCEL
1821
        dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx);
1822
        dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx);
1823
    #endif
1824
1825
    #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA224)
1826
        ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
1827
    #endif
1828
1.30k
    #ifdef WOLFSSL_HASH_FLAGS
1829
1.30k
        dst->flags |= WC_HASH_FLAG_ISCOPY;
1830
1.30k
    #endif
1831
    #if defined(WOLFSSL_HASH_KEEP)
1832
        if (src->msg != NULL) {
1833
            dst->msg = (byte*)XMALLOC(src->len, dst->heap,
1834
                                      DYNAMIC_TYPE_TMP_BUFFER);
1835
            if (dst->msg == NULL)
1836
                return MEMORY_E;
1837
            XMEMCPY(dst->msg, src->msg, src->len);
1838
        }
1839
    #endif
1840
1841
1.30k
        return ret;
1842
1.30k
    }
1843
1844
#endif /* WOLFSSL_KCAPI_HASH && !WOLFSSL_NO_KCAPI_SHA224 */
1845
1846
#ifdef WOLFSSL_HASH_FLAGS
1847
    int wc_Sha224SetFlags(wc_Sha224* sha224, word32 flags)
1848
0
    {
1849
0
        if (sha224) {
1850
0
            sha224->flags = flags;
1851
0
        }
1852
0
        return 0;
1853
0
    }
1854
    int wc_Sha224GetFlags(wc_Sha224* sha224, word32* flags)
1855
0
    {
1856
0
        if (sha224 && flags) {
1857
0
            *flags = sha224->flags;
1858
0
        }
1859
0
        return 0;
1860
0
    }
1861
#endif
1862
1863
#endif /* WOLFSSL_SHA224 */
1864
1865
#ifdef WOLFSSL_AFALG_HASH
1866
    /* implemented in wolfcrypt/src/port/af_alg/afalg_hash.c */
1867
1868
#elif defined(WOLFSSL_DEVCRYPTO_HASH)
1869
    /* implemented in wolfcrypt/src/port/devcrypto/devcrypt_hash.c */
1870
1871
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
1872
    !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
1873
1874
    /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */
1875
1876
#elif defined(WOLFSSL_RENESAS_SCEPROTECT) && \
1877
    !defined(NO_WOLFSSL_RENESAS_SCEPROTECT_HASH)
1878
1879
    /* implemented in wolfcrypt/src/port/Renesas/renesas_sce_sha.c */
1880
1881
#elif defined(WOLFSSL_PSOC6_CRYPTO)
1882
    /* implemented in wolfcrypt/src/port/cypress/psoc6_crypto.c */
1883
#elif defined(WOLFSSL_IMXRT_DCP)
1884
    /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */
1885
#elif defined(WOLFSSL_KCAPI_HASH)
1886
    /* implemented in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1887
1888
#elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH)
1889
    /* implemented in wolfcrypt/src/port/psa/psa_hash.c */
1890
1891
#else
1892
1893
int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)
1894
6.18k
{
1895
6.18k
    int ret;
1896
6.18k
    wc_Sha256 tmpSha256;
1897
1898
6.18k
    if (sha256 == NULL || hash == NULL)
1899
0
        return BAD_FUNC_ARG;
1900
1901
#if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW)
1902
1903
    /* ESP32 hardware can only handle only 1 active hardware hashing
1904
     * at a time. If the mutex lock is acquired the first time then
1905
     * that Sha256 instance has exclusive access to hardware. The
1906
     * final or free needs to release the mutex. Operations that
1907
     * do not get the lock fallback to software based Sha256 */
1908
1909
   if(sha256->ctx.mode == ESP32_SHA_INIT){
1910
        esp_sha_try_hw_lock(&sha256->ctx);
1911
    }
1912
    if(sha256->ctx.mode == ESP32_SHA_HW)
1913
    {
1914
        esp_sha256_digest_process(sha256, 0);
1915
    }
1916
#endif
1917
6.18k
    ret = wc_Sha256Copy(sha256, &tmpSha256);
1918
6.18k
    if (ret == 0) {
1919
6.18k
        ret = wc_Sha256Final(&tmpSha256, hash);
1920
1921
#if  defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW)
1922
    {
1923
        sha256->ctx.mode = ESP32_SHA_SW;
1924
    }
1925
#endif
1926
1927
6.18k
        wc_Sha256Free(&tmpSha256);
1928
6.18k
    }
1929
1930
#if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW)
1931
    /* TODO: Make sure the ESP32 crypto mutex is released (in case final is not
1932
     * called */
1933
#endif
1934
6.18k
    return ret;
1935
6.18k
}
1936
int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
1937
9.16k
{
1938
9.16k
    int ret = 0;
1939
1940
9.16k
    if (src == NULL || dst == NULL)
1941
0
        return BAD_FUNC_ARG;
1942
1943
9.16k
    XMEMCPY(dst, src, sizeof(wc_Sha256));
1944
#ifdef WOLFSSL_SMALL_STACK_CACHE
1945
    dst->W = NULL;
1946
#endif
1947
1948
#ifdef WOLFSSL_SILABS_SE_ACCEL
1949
    dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx);
1950
    dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx);
1951
#endif
1952
1953
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256)
1954
    ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
1955
#endif
1956
#ifdef WOLFSSL_PIC32MZ_HASH
1957
    ret = wc_Pic32HashCopy(&src->cache, &dst->cache);
1958
#endif
1959
1960
#if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW)
1961
    dst->ctx.mode         = src->ctx.mode;
1962
    dst->ctx.isfirstblock = src->ctx.isfirstblock;
1963
    dst->ctx.sha_type     = src->ctx.sha_type;
1964
    dst->ctx.lockDepth    = src->ctx.lockDepth;
1965
#endif
1966
1967
9.16k
#ifdef WOLFSSL_HASH_FLAGS
1968
9.16k
     dst->flags |= WC_HASH_FLAG_ISCOPY;
1969
9.16k
#endif
1970
#if defined(WOLFSSL_HASH_KEEP)
1971
    if (src->msg != NULL) {
1972
        dst->msg = (byte*)XMALLOC(src->len, dst->heap, DYNAMIC_TYPE_TMP_BUFFER);
1973
        if (dst->msg == NULL)
1974
            return MEMORY_E;
1975
        XMEMCPY(dst->msg, src->msg, src->len);
1976
    }
1977
#endif
1978
1979
9.16k
    return ret;
1980
9.16k
}
1981
#endif
1982
1983
#ifdef WOLFSSL_HASH_FLAGS
1984
int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags)
1985
0
{
1986
0
    if (sha256) {
1987
0
        sha256->flags = flags;
1988
0
    }
1989
0
    return 0;
1990
0
}
1991
int wc_Sha256GetFlags(wc_Sha256* sha256, word32* flags)
1992
0
{
1993
0
    if (sha256 && flags) {
1994
0
        *flags = sha256->flags;
1995
0
    }
1996
0
    return 0;
1997
0
}
1998
#endif
1999
#endif /* !WOLFSSL_TI_HASH */
2000
2001
#endif /* NO_SHA256 */