Coverage Report

Created: 2022-08-24 06:37

/src/wolfssl-sp-math-all/wolfcrypt/src/sha.c
Line
Count
Source (jump to first uncovered line)
1
/* sha.c
2
 *
3
 * Copyright (C) 2006-2022 wolfSSL Inc.
4
 *
5
 * This file is part of wolfSSL.
6
 *
7
 * wolfSSL is free software; you can redistribute it and/or modify
8
 * it under the terms of the GNU General Public License as published by
9
 * the Free Software Foundation; either version 2 of the License, or
10
 * (at your option) any later version.
11
 *
12
 * wolfSSL is distributed in the hope that it will be useful,
13
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15
 * GNU General Public License for more details.
16
 *
17
 * You should have received a copy of the GNU General Public License
18
 * along with this program; if not, write to the Free Software
19
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20
 */
21
22
23
#ifdef HAVE_CONFIG_H
24
    #include <config.h>
25
#endif
26
27
#include <wolfssl/wolfcrypt/settings.h>
28
29
#if !defined(NO_SHA)
30
31
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
32
    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
33
    #define FIPS_NO_WRAPPERS
34
35
    #ifdef USE_WINDOWS_API
36
        #pragma code_seg(".fipsA$j")
37
        #pragma const_seg(".fipsB$j")
38
    #endif
39
#endif
40
41
#include <wolfssl/wolfcrypt/sha.h>
42
#include <wolfssl/wolfcrypt/error-crypt.h>
43
#include <wolfssl/wolfcrypt/hash.h>
44
45
#ifdef WOLF_CRYPTO_CB
46
    #include <wolfssl/wolfcrypt/cryptocb.h>
47
#endif
48
49
/* fips wrapper calls, user can call direct */
50
#if defined(HAVE_FIPS) && \
51
    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
52
53
    int wc_InitSha(wc_Sha* sha)
54
    {
55
        if (sha == NULL) {
56
            return BAD_FUNC_ARG;
57
        }
58
        return InitSha_fips(sha);
59
    }
60
    int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
61
    {
62
        (void)heap;
63
        (void)devId;
64
        if (sha == NULL) {
65
            return BAD_FUNC_ARG;
66
        }
67
        return InitSha_fips(sha);
68
    }
69
70
    int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len)
71
    {
72
        if (sha == NULL || (data == NULL && len > 0)) {
73
            return BAD_FUNC_ARG;
74
        }
75
        return ShaUpdate_fips(sha, data, len);
76
    }
77
78
    int wc_ShaFinal(wc_Sha* sha, byte* out)
79
    {
80
        if (sha == NULL || out == NULL) {
81
            return BAD_FUNC_ARG;
82
        }
83
        return ShaFinal_fips(sha,out);
84
    }
85
    void wc_ShaFree(wc_Sha* sha)
86
    {
87
        (void)sha;
88
        /* Not supported in FIPS */
89
    }
90
91
#else /* else build without fips, or for FIPS v2 */
92
93
94
#if defined(WOLFSSL_TI_HASH)
95
    /* #include <wolfcrypt/src/port/ti/ti-hash.c> included by wc_port.c */
96
97
#else
98
99
#include <wolfssl/wolfcrypt/logging.h>
100
#ifdef NO_INLINE
101
    #include <wolfssl/wolfcrypt/misc.h>
102
#else
103
    #define WOLFSSL_MISC_INCLUDED
104
    #include <wolfcrypt/src/misc.c>
105
#endif
106
107
108
/* Hardware Acceleration */
109
#if defined(WOLFSSL_PIC32MZ_HASH)
110
    #include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h>
111
112
#elif defined(STM32_HASH)
113
114
    /* Supports CubeMX HAL or Standard Peripheral Library */
115
    int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
116
    {
117
        if (sha == NULL) {
118
            return BAD_FUNC_ARG;
119
        }
120
121
        (void)devId;
122
        (void)heap;
123
124
        wc_Stm32_Hash_Init(&sha->stmCtx);
125
126
        return 0;
127
    }
128
129
    int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len)
130
    {
131
        int ret;
132
133
        if (sha == NULL || (data == NULL && len > 0)) {
134
            return BAD_FUNC_ARG;
135
        }
136
137
        ret = wolfSSL_CryptHwMutexLock();
138
        if (ret == 0) {
139
            ret = wc_Stm32_Hash_Update(&sha->stmCtx, HASH_AlgoSelection_SHA1,
140
                data, len, WC_SHA_BLOCK_SIZE);
141
            wolfSSL_CryptHwMutexUnLock();
142
        }
143
        return ret;
144
    }
145
146
    int wc_ShaFinal(wc_Sha* sha, byte* hash)
147
    {
148
        int ret;
149
150
        if (sha == NULL || hash == NULL) {
151
            return BAD_FUNC_ARG;
152
        }
153
154
        ret = wolfSSL_CryptHwMutexLock();
155
        if (ret == 0) {
156
            ret = wc_Stm32_Hash_Final(&sha->stmCtx, HASH_AlgoSelection_SHA1,
157
                hash, WC_SHA_DIGEST_SIZE);
158
            wolfSSL_CryptHwMutexUnLock();
159
        }
160
161
        (void)wc_InitSha(sha);  /* reset state */
162
163
        return ret;
164
    }
165
166
167
#elif defined(FREESCALE_LTC_SHA)
168
169
    #include "fsl_ltc.h"
170
    int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
171
    {
172
        if (sha == NULL) {
173
            return BAD_FUNC_ARG;
174
        }
175
176
        (void)devId;
177
        (void)heap;
178
179
        LTC_HASH_Init(LTC_BASE, &sha->ctx, kLTC_Sha1, NULL, 0);
180
        return 0;
181
    }
182
183
    int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len)
184
    {
185
        LTC_HASH_Update(&sha->ctx, data, len);
186
        return 0;
187
    }
188
189
    int wc_ShaFinal(wc_Sha* sha, byte* hash)
190
    {
191
        word32 hashlen = WC_SHA_DIGEST_SIZE;
192
        LTC_HASH_Finish(&sha->ctx, hash, &hashlen);
193
        return wc_InitSha(sha);  /* reset state */
194
    }
195
196
197
#elif defined(FREESCALE_MMCAU_SHA)
198
199
    #ifdef FREESCALE_MMCAU_CLASSIC_SHA
200
        #include "cau_api.h"
201
    #else
202
        #include "fsl_mmcau.h"
203
    #endif
204
205
    #define USE_SHA_SOFTWARE_IMPL /* Only for API's, actual transform is here */
206
207
    #define XTRANSFORM(S,B)       Transform((S),(B))
208
    #define XTRANSFORM_LEN(S,B,L) Transform_Len((S),(B),(L))
209
210
    #ifndef WC_HASH_DATA_ALIGNMENT
211
        /* these hardware API's require 4 byte (word32) alignment */
212
        #define WC_HASH_DATA_ALIGNMENT 4
213
    #endif
214
215
    static int InitSha(wc_Sha* sha)
216
    {
217
        int ret = 0;
218
        ret = wolfSSL_CryptHwMutexLock();
219
        if (ret != 0) {
220
            return ret;
221
        }
222
    #ifdef FREESCALE_MMCAU_CLASSIC_SHA
223
        cau_sha1_initialize_output(sha->digest);
224
    #else
225
        MMCAU_SHA1_InitializeOutput((word32*)sha->digest);
226
    #endif
227
        wolfSSL_CryptHwMutexUnLock();
228
229
        sha->buffLen = 0;
230
        sha->loLen   = 0;
231
        sha->hiLen   = 0;
232
233
        return ret;
234
    }
235
236
    static int Transform(wc_Sha* sha, const byte* data)
237
    {
238
        int ret = wolfSSL_CryptHwMutexLock();
239
        if (ret == 0) {
240
    #ifdef FREESCALE_MMCAU_CLASSIC_SHA
241
            cau_sha1_hash_n((byte*)data, 1, sha->digest);
242
    #else
243
            MMCAU_SHA1_HashN((byte*)data, 1, (word32*)sha->digest);
244
    #endif
245
            wolfSSL_CryptHwMutexUnLock();
246
        }
247
        return ret;
248
    }
249
250
    static int Transform_Len(wc_Sha* sha, const byte* data, word32 len)
251
    {
252
        int ret = wolfSSL_CryptHwMutexLock();
253
        if (ret == 0) {
254
        #if defined(WC_HASH_DATA_ALIGNMENT) && WC_HASH_DATA_ALIGNMENT > 0
255
            if ((wc_ptr_t)data % WC_HASH_DATA_ALIGNMENT) {
256
                /* data pointer is NOT aligned,
257
                 * so copy and perform one block at a time */
258
                byte* local = (byte*)sha->buffer;
259
                while (len >= WC_SHA_BLOCK_SIZE) {
260
                    XMEMCPY(local, data, WC_SHA_BLOCK_SIZE);
261
                #ifdef FREESCALE_MMCAU_CLASSIC_SHA
262
                    cau_sha1_hash_n(local, 1, sha->digest);
263
                #else
264
                    MMCAU_SHA1_HashN(local, 1, sha->digest);
265
                #endif
266
                    data += WC_SHA_BLOCK_SIZE;
267
                    len  -= WC_SHA_BLOCK_SIZE;
268
                }
269
            }
270
            else
271
        #endif
272
            {
273
    #ifdef FREESCALE_MMCAU_CLASSIC_SHA
274
            cau_sha1_hash_n((byte*)data, len/WC_SHA_BLOCK_SIZE, sha->digest);
275
    #else
276
            MMCAU_SHA1_HashN((byte*)data, len/WC_SHA_BLOCK_SIZE,
277
                (word32*)sha->digest);
278
    #endif
279
            }
280
            wolfSSL_CryptHwMutexUnLock();
281
        }
282
        return ret;
283
    }
284
285
#elif defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_HASH) && \
286
    !defined(WOLFSSL_QNX_CAAM)
287
    /* wolfcrypt/src/port/caam/caam_sha.c */
288
289
#elif defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
290
     !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
291
292
    #include "wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h"
293
294
    #define USE_SHA_SOFTWARE_IMPL
295
296
    static int InitSha(wc_Sha* sha)
297
    {
298
        int ret = 0;
299
300
        sha->digest[0] = 0x67452301L;
301
        sha->digest[1] = 0xEFCDAB89L;
302
        sha->digest[2] = 0x98BADCFEL;
303
        sha->digest[3] = 0x10325476L;
304
        sha->digest[4] = 0xC3D2E1F0L;
305
306
        sha->buffLen = 0;
307
        sha->loLen   = 0;
308
        sha->hiLen   = 0;
309
310
        /* always start firstblock = 1 when using hw engine */
311
        sha->ctx.isfirstblock = 1;
312
        sha->ctx.sha_type = SHA1;
313
        if(sha->ctx.mode == ESP32_SHA_HW){
314
            sha->ctx.lockDepth = 0;
315
            /* release hw engine */
316
            esp_sha_hw_unlock(&(sha->ctx));
317
        }
318
        /* always set mode as INIT
319
        *  whether using HW or SW is determined at first call of update()
320
        */
321
        sha->ctx.mode = ESP32_SHA_INIT;
322
        sha->ctx.lockDepth = 0;
323
        return ret;
324
    }
325
326
#elif defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
327
    !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
328
329
    /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */
330
331
#elif defined(WOLFSSL_IMXRT_DCP)
332
    #include <wolfssl/wolfcrypt/port/nxp/dcp_port.h>
333
    /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */
334
335
#elif defined(WOLFSSL_SILABS_SE_ACCEL)
336
337
    /* implemented in wolfcrypt/src/port/silabs/silabs_hash.c */
338
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
339
340
    #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
341
    int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
342
    {
343
        if (sha == NULL) {
344
            return BAD_FUNC_ARG;
345
        }
346
        (void)devId;
347
348
        return se050_hash_init(&sha->se050Ctx, heap);
349
    }
350
351
    int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len)
352
    {
353
        return se050_hash_update(&sha->se050Ctx, data, len);
354
355
    }
356
357
    int wc_ShaFinal(wc_Sha* sha, byte* hash)
358
    {
359
        int ret = 0;
360
        ret = se050_hash_final(&sha->se050Ctx, hash, WC_SHA_DIGEST_SIZE,
361
                               kAlgorithm_SSS_SHA1);
362
        return ret;
363
    }
364
    int wc_ShaFinalRaw(wc_Sha* sha, byte* hash)
365
    {
366
        int ret = 0;
367
        ret = se050_hash_final(&sha->se050Ctx, hash, WC_SHA_DIGEST_SIZE,
368
                               kAlgorithm_SSS_SHA1);
369
        return ret;
370
    }
371
372
#elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH)
373
/* implemented in wolfcrypt/src/port/psa/psa_hash.c */
374
#else
375
    /* Software implementation */
376
    #define USE_SHA_SOFTWARE_IMPL
377
378
    static int InitSha(wc_Sha* sha)
379
356k
    {
380
356k
        int ret = 0;
381
382
356k
        sha->digest[0] = 0x67452301L;
383
356k
        sha->digest[1] = 0xEFCDAB89L;
384
356k
        sha->digest[2] = 0x98BADCFEL;
385
356k
        sha->digest[3] = 0x10325476L;
386
356k
        sha->digest[4] = 0xC3D2E1F0L;
387
388
356k
        sha->buffLen = 0;
389
356k
        sha->loLen   = 0;
390
356k
        sha->hiLen   = 0;
391
356k
    #ifdef WOLFSSL_HASH_FLAGS
392
356k
        sha->flags = 0;
393
356k
    #endif
394
395
356k
        return ret;
396
356k
    }
397
#endif /* End Hardware Acceleration */
398
399
/* Software implementation */
400
#ifdef USE_SHA_SOFTWARE_IMPL
401
402
static WC_INLINE void AddLength(wc_Sha* sha, word32 len)
403
544k
{
404
544k
    word32 tmp = sha->loLen;
405
544k
    if ((sha->loLen += len) < tmp)
406
0
        sha->hiLen++;                       /* carry low to high */
407
544k
}
408
409
/* Check if custom wc_Sha transform is used */
410
#ifndef XTRANSFORM
411
7.81k
    #define XTRANSFORM(S,B)   Transform((S),(B))
412
413
15.6M
    #define blk0(i) (W[i] = *((word32*)&data[(i)*sizeof(word32)]))
414
62.5M
    #define blk1(i) (W[(i)&15] = \
415
62.5M
        rotlFixed(W[((i)+13)&15]^W[((i)+8)&15]^W[((i)+2)&15]^W[(i)&15],1))
416
417
19.5M
    #define f1(x,y,z) ((z)^((x) &((y)^(z))))
418
19.5M
    #define f2(x,y,z) ((x)^(y)^(z))
419
19.5M
    #define f3(x,y,z) (((x)&(y))|((z)&((x)|(y))))
420
19.5M
    #define f4(x,y,z) ((x)^(y)^(z))
421
422
    #ifdef WOLFSSL_NUCLEUS_1_2
423
        /* nucleus.h also defines R1-R4 */
424
        #undef R1
425
        #undef R2
426
        #undef R3
427
        #undef R4
428
    #endif
429
430
    /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
431
15.6M
    #define R0(v,w,x,y,z,i) (z)+= f1((w),(x),(y)) + blk0((i)) + 0x5A827999+ \
432
15.6M
        rotlFixed((v),5); (w) = rotlFixed((w),30);
433
3.91M
    #define R1(v,w,x,y,z,i) (z)+= f1((w),(x),(y)) + blk1((i)) + 0x5A827999+ \
434
3.91M
        rotlFixed((v),5); (w) = rotlFixed((w),30);
435
19.5M
    #define R2(v,w,x,y,z,i) (z)+= f2((w),(x),(y)) + blk1((i)) + 0x6ED9EBA1+ \
436
19.5M
        rotlFixed((v),5); (w) = rotlFixed((w),30);
437
19.5M
    #define R3(v,w,x,y,z,i) (z)+= f3((w),(x),(y)) + blk1((i)) + 0x8F1BBCDC+ \
438
19.5M
        rotlFixed((v),5); (w) = rotlFixed((w),30);
439
19.5M
    #define R4(v,w,x,y,z,i) (z)+= f4((w),(x),(y)) + blk1((i)) + 0xCA62C1D6+ \
440
19.5M
        rotlFixed((v),5); (w) = rotlFixed((w),30);
441
442
    static int Transform(wc_Sha* sha, const byte* data)
443
978k
    {
444
978k
        word32 W[WC_SHA_BLOCK_SIZE / sizeof(word32)];
445
446
        /* Copy context->state[] to working vars */
447
978k
        word32 a = sha->digest[0];
448
978k
        word32 b = sha->digest[1];
449
978k
        word32 c = sha->digest[2];
450
978k
        word32 d = sha->digest[3];
451
978k
        word32 e = sha->digest[4];
452
453
    #ifdef USE_SLOW_SHA
454
        word32 t, i;
455
456
        for (i = 0; i < 16; i++) {
457
            R0(a, b, c, d, e, i);
458
            t = e; e = d; d = c; c = b; b = a; a = t;
459
        }
460
461
        for (; i < 20; i++) {
462
            R1(a, b, c, d, e, i);
463
            t = e; e = d; d = c; c = b; b = a; a = t;
464
        }
465
466
        for (; i < 40; i++) {
467
            R2(a, b, c, d, e, i);
468
            t = e; e = d; d = c; c = b; b = a; a = t;
469
        }
470
471
        for (; i < 60; i++) {
472
            R3(a, b, c, d, e, i);
473
            t = e; e = d; d = c; c = b; b = a; a = t;
474
        }
475
476
        for (; i < 80; i++) {
477
            R4(a, b, c, d, e, i);
478
            t = e; e = d; d = c; c = b; b = a; a = t;
479
        }
480
    #else
481
        /* nearly 1 K bigger in code size but 25% faster */
482
        /* 4 rounds of 20 operations each. Loop unrolled. */
483
978k
        R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
484
978k
        R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
485
978k
        R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
486
978k
        R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
487
488
978k
        R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
489
490
978k
        R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
491
978k
        R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
492
978k
        R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
493
978k
        R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
494
978k
        R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
495
496
978k
        R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
497
978k
        R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
498
978k
        R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
499
978k
        R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
500
978k
        R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
501
502
978k
        R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
503
978k
        R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
504
978k
        R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
505
978k
        R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
506
978k
        R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
507
978k
    #endif
508
509
        /* Add the working vars back into digest state[] */
510
978k
        sha->digest[0] += a;
511
978k
        sha->digest[1] += b;
512
978k
        sha->digest[2] += c;
513
978k
        sha->digest[3] += d;
514
978k
        sha->digest[4] += e;
515
516
978k
        (void)data; /* Not used */
517
518
978k
        return 0;
519
978k
    }
520
#endif /* !USE_CUSTOM_SHA_TRANSFORM */
521
522
523
int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId)
524
187k
{
525
187k
    int ret = 0;
526
527
187k
    if (sha == NULL)
528
0
        return BAD_FUNC_ARG;
529
530
187k
    sha->heap = heap;
531
187k
#ifdef WOLF_CRYPTO_CB
532
187k
    sha->devId = devId;
533
187k
    sha->devCtx = NULL;
534
187k
#endif
535
536
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
537
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
538
    sha->ctx.mode = ESP32_SHA_INIT;
539
    sha->ctx.isfirstblock = 1;
540
    sha->ctx.lockDepth = 0; /* keep track of how many times lock is called */
541
#endif
542
187k
    ret = InitSha(sha);
543
187k
    if (ret != 0)
544
0
        return ret;
545
546
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA)
547
    ret = wolfAsync_DevCtxInit(&sha->asyncDev, WOLFSSL_ASYNC_MARKER_SHA,
548
                                                            sha->heap, devId);
549
#else
550
187k
    (void)devId;
551
187k
#endif /* WOLFSSL_ASYNC_CRYPT */
552
553
187k
    return ret;
554
187k
}
555
556
/* do block size increments/updates */
557
int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len)
558
3.62k
{
559
3.62k
    int ret = 0;
560
3.62k
    word32 blocksLen;
561
3.62k
    byte* local;
562
563
3.62k
    if (sha == NULL || (data == NULL && len > 0)) {
564
0
        return BAD_FUNC_ARG;
565
0
    }
566
567
3.62k
    if (data == NULL && len == 0) {
568
        /* valid, but do nothing */
569
3.18k
        return 0;
570
3.18k
    }
571
572
441
#ifdef WOLF_CRYPTO_CB
573
441
    if (sha->devId != INVALID_DEVID) {
574
0
        ret = wc_CryptoCb_ShaHash(sha, data, len, NULL);
575
0
        if (ret != CRYPTOCB_UNAVAILABLE)
576
0
            return ret;
577
0
        ret = 0; /* reset ret */
578
        /* fall-through when unavailable */
579
0
    }
580
441
#endif
581
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA)
582
    if (sha->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA) {
583
    #if defined(HAVE_INTEL_QA)
584
        return IntelQaSymSha(&sha->asyncDev, NULL, data, len);
585
    #endif
586
    }
587
#endif /* WOLFSSL_ASYNC_CRYPT */
588
589
    /* check that internal buffLen is valid */
590
441
    if (sha->buffLen >= WC_SHA_BLOCK_SIZE)
591
0
        return BUFFER_E;
592
593
    /* add length for final */
594
441
    AddLength(sha, len);
595
596
441
    local = (byte*)sha->buffer;
597
598
    /* process any remainder from previous operation */
599
441
    if (sha->buffLen > 0) {
600
140
        blocksLen = min(len, WC_SHA_BLOCK_SIZE - sha->buffLen);
601
140
        XMEMCPY(&local[sha->buffLen], data, blocksLen);
602
603
140
        sha->buffLen += blocksLen;
604
140
        data         += blocksLen;
605
140
        len          -= blocksLen;
606
607
140
        if (sha->buffLen == WC_SHA_BLOCK_SIZE) {
608
51
        #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
609
51
            ByteReverseWords(sha->buffer, sha->buffer, WC_SHA_BLOCK_SIZE);
610
51
        #endif
611
612
        #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
613
            !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
614
            if (sha->ctx.mode == ESP32_SHA_INIT) {
615
                esp_sha_try_hw_lock(&sha->ctx);
616
            }
617
            if (sha->ctx.mode == ESP32_SHA_SW) {
618
                ret = XTRANSFORM(sha, (const byte*)local);
619
            }
620
            else {
621
                esp_sha_process(sha, (const byte*)local);
622
            }
623
        #else
624
51
            ret = XTRANSFORM(sha, (const byte*)local);
625
51
        #endif
626
51
            if (ret != 0)
627
0
                return ret;
628
629
51
            sha->buffLen = 0;
630
51
        }
631
140
    }
632
633
    /* process blocks */
634
#ifdef XTRANSFORM_LEN
635
    /* get number of blocks */
636
    /* 64-1 = 0x3F (~ Inverted = 0xFFFFFFC0) */
637
    /* len (masked by 0xFFFFFFC0) returns block aligned length */
638
    blocksLen = len & ~(WC_SHA_BLOCK_SIZE-1);
639
    if (blocksLen > 0) {
640
        /* Byte reversal performed in function if required. */
641
        XTRANSFORM_LEN(sha, data, blocksLen);
642
        data += blocksLen;
643
        len  -= blocksLen;
644
    }
645
#else
646
7.95k
    while (len >= WC_SHA_BLOCK_SIZE) {
647
7.51k
        word32* local32 = sha->buffer;
648
        /* optimization to avoid memcpy if data pointer is properly aligned */
649
        /* Little Endian requires byte swap, so can't use data directly */
650
    #if defined(WC_HASH_DATA_ALIGNMENT) && !defined(LITTLE_ENDIAN_ORDER)
651
        if (((wc_ptr_t)data % WC_HASH_DATA_ALIGNMENT) == 0) {
652
            local32 = (word32*)data;
653
        }
654
        else
655
    #endif
656
7.51k
        {
657
7.51k
            XMEMCPY(local32, data, WC_SHA_BLOCK_SIZE);
658
7.51k
        }
659
660
7.51k
        data += WC_SHA_BLOCK_SIZE;
661
7.51k
        len  -= WC_SHA_BLOCK_SIZE;
662
663
7.51k
    #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
664
7.51k
        ByteReverseWords(local32, local32, WC_SHA_BLOCK_SIZE);
665
7.51k
    #endif
666
667
    #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
668
        !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
669
        if (sha->ctx.mode == ESP32_SHA_INIT){
670
            esp_sha_try_hw_lock(&sha->ctx);
671
        }
672
        if (sha->ctx.mode == ESP32_SHA_SW){
673
            ret = XTRANSFORM(sha, (const byte*)local32);
674
        }
675
        else {
676
            esp_sha_process(sha, (const byte*)local32);
677
        }
678
    #else
679
7.51k
        ret = XTRANSFORM(sha, (const byte*)local32);
680
7.51k
    #endif
681
7.51k
    }
682
441
#endif /* XTRANSFORM_LEN */
683
684
    /* save remainder */
685
441
    if (len > 0) {
686
221
        XMEMCPY(local, data, len);
687
221
        sha->buffLen = len;
688
221
    }
689
690
441
    return ret;
691
441
}
692
693
int wc_ShaFinalRaw(wc_Sha* sha, byte* hash)
694
114
{
695
114
#ifdef LITTLE_ENDIAN_ORDER
696
114
    word32 digest[WC_SHA_DIGEST_SIZE / sizeof(word32)];
697
114
#endif
698
699
114
    if (sha == NULL || hash == NULL) {
700
0
        return BAD_FUNC_ARG;
701
0
    }
702
703
114
#ifdef LITTLE_ENDIAN_ORDER
704
114
    ByteReverseWords((word32*)digest, (word32*)sha->digest, WC_SHA_DIGEST_SIZE);
705
114
    XMEMCPY(hash, (byte *)&digest[0], WC_SHA_DIGEST_SIZE);
706
#else
707
    XMEMCPY(hash, sha->digest, WC_SHA_DIGEST_SIZE);
708
#endif
709
710
114
    return 0;
711
114
}
712
713
int wc_ShaFinal(wc_Sha* sha, byte* hash)
714
241
{
715
241
    int ret;
716
241
    byte* local;
717
718
241
    if (sha == NULL || hash == NULL) {
719
0
        return BAD_FUNC_ARG;
720
0
    }
721
722
241
    local = (byte*)sha->buffer;
723
724
241
#ifdef WOLF_CRYPTO_CB
725
241
    if (sha->devId != INVALID_DEVID) {
726
0
        ret = wc_CryptoCb_ShaHash(sha, NULL, 0, hash);
727
0
        if (ret != CRYPTOCB_UNAVAILABLE)
728
0
            return ret;
729
        /* fall-through when unavailable */
730
0
    }
731
241
#endif
732
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA)
733
    if (sha->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA) {
734
    #if defined(HAVE_INTEL_QA)
735
        return IntelQaSymSha(&sha->asyncDev, hash, NULL, WC_SHA_DIGEST_SIZE);
736
    #endif
737
    }
738
#endif /* WOLFSSL_ASYNC_CRYPT */
739
740
241
    local[sha->buffLen++] = 0x80;  /* add 1 */
741
742
    /* pad with zeros */
743
241
    if (sha->buffLen > WC_SHA_PAD_SIZE) {
744
8
        XMEMSET(&local[sha->buffLen], 0, WC_SHA_BLOCK_SIZE - sha->buffLen);
745
8
        sha->buffLen += WC_SHA_BLOCK_SIZE - sha->buffLen;
746
747
8
    #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
748
8
        ByteReverseWords(sha->buffer, sha->buffer, WC_SHA_BLOCK_SIZE);
749
8
    #endif
750
751
    #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
752
        !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
753
        if (sha->ctx.mode == ESP32_SHA_INIT) {
754
            esp_sha_try_hw_lock(&sha->ctx);
755
        }
756
        if (sha->ctx.mode == ESP32_SHA_SW) {
757
            ret = XTRANSFORM(sha, (const byte*)local);
758
        }
759
        else {
760
            ret = esp_sha_process(sha, (const byte*)local);
761
        }
762
    #else
763
8
        ret = XTRANSFORM(sha, (const byte*)local);
764
8
    #endif
765
8
        if (ret != 0)
766
0
            return ret;
767
768
8
        sha->buffLen = 0;
769
8
    }
770
241
    XMEMSET(&local[sha->buffLen], 0, WC_SHA_PAD_SIZE - sha->buffLen);
771
772
241
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA)
773
241
    ByteReverseWords(sha->buffer, sha->buffer, WC_SHA_BLOCK_SIZE);
774
241
#endif
775
776
    /* store lengths */
777
    /* put lengths in bits */
778
241
    sha->hiLen = (sha->loLen >> (8*sizeof(sha->loLen) - 3)) + (sha->hiLen << 3);
779
241
    sha->loLen = sha->loLen << 3;
780
781
    /* ! length ordering dependent on digest endian type ! */
782
241
    XMEMCPY(&local[WC_SHA_PAD_SIZE], &sha->hiLen, sizeof(word32));
783
241
    XMEMCPY(&local[WC_SHA_PAD_SIZE + sizeof(word32)], &sha->loLen, sizeof(word32));
784
785
#if defined(FREESCALE_MMCAU_SHA)
786
    /* Kinetis requires only these bytes reversed */
787
    ByteReverseWords(&sha->buffer[WC_SHA_PAD_SIZE/sizeof(word32)],
788
                     &sha->buffer[WC_SHA_PAD_SIZE/sizeof(word32)],
789
                     2 * sizeof(word32));
790
#endif
791
792
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
793
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
794
    if (sha->ctx.mode == ESP32_SHA_INIT) {
795
        esp_sha_try_hw_lock(&sha->ctx);
796
    }
797
    if (sha->ctx.mode == ESP32_SHA_SW) {
798
        ret = XTRANSFORM(sha, (const byte*)local);
799
    }
800
    else {
801
        ret = esp_sha_digest_process(sha, 1);
802
    }
803
#else
804
241
    ret = XTRANSFORM(sha, (const byte*)local);
805
241
#endif
806
807
241
#ifdef LITTLE_ENDIAN_ORDER
808
241
    ByteReverseWords(sha->digest, sha->digest, WC_SHA_DIGEST_SIZE);
809
241
#endif
810
811
241
    XMEMCPY(hash, (byte *)&sha->digest[0], WC_SHA_DIGEST_SIZE);
812
813
241
    (void)InitSha(sha); /* reset state */
814
815
241
    return ret;
816
241
}
817
818
#if defined(OPENSSL_EXTRA)
819
/* Apply SHA1 transformation to the data                  */
820
/* @param sha  a pointer to wc_Sha structure              */
821
/* @param data data to be applied SHA1 transformation     */
822
/* @return 0 on successful, otherwise non-zero on failure */
823
int wc_ShaTransform(wc_Sha* sha, const unsigned char* data)
824
{
825
    /* sanity check */
826
    if (sha == NULL || data == NULL) {
827
        return BAD_FUNC_ARG;
828
    }
829
    return (Transform(sha, data));
830
}
831
#endif
832
833
#endif /* USE_SHA_SOFTWARE_IMPL */
834
835
836
int wc_InitSha(wc_Sha* sha)
837
108
{
838
108
    return wc_InitSha_ex(sha, NULL, INVALID_DEVID);
839
108
}
840
841
#if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)
842
843
void wc_ShaFree(wc_Sha* sha)
844
194k
{
845
194k
    if (sha == NULL)
846
0
        return;
847
848
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA)
849
    wolfAsync_DevCtxFree(&sha->asyncDev, WOLFSSL_ASYNC_MARKER_SHA);
850
#endif /* WOLFSSL_ASYNC_CRYPT */
851
852
#ifdef WOLFSSL_PIC32MZ_HASH
853
    wc_ShaPic32Free(sha);
854
#endif
855
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
856
    se050_hash_free(&sha->se050Ctx);
857
#endif
858
#if (defined(WOLFSSL_RENESAS_TSIP_CRYPT) && \
859
    !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH))
860
    if (sha->msg != NULL) {
861
        XFREE(sha->msg, sha->heap, DYNAMIC_TYPE_TMP_BUFFER);
862
        sha->msg = NULL;
863
    }
864
#endif
865
#ifdef WOLFSSL_IMXRT_DCP
866
    DCPShaFree(sha);
867
#endif
868
194k
}
869
870
#endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */
871
#endif /* !WOLFSSL_TI_HASH */
872
#endif /* HAVE_FIPS */
873
874
#if !defined(WOLFSSL_TI_HASH) && !defined(WOLFSSL_IMXRT_DCP)
875
876
#if !defined(WOLFSSL_RENESAS_TSIP_CRYPT) || \
877
    defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
878
879
#if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH)
880
int wc_ShaGetHash(wc_Sha* sha, byte* hash)
881
954
{
882
954
    int ret;
883
954
    wc_Sha tmpSha;
884
885
954
    if (sha == NULL || hash == NULL)
886
0
        return BAD_FUNC_ARG;
887
888
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
889
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
890
    if(sha->ctx.mode == ESP32_SHA_INIT){
891
        esp_sha_try_hw_lock(&sha->ctx);
892
    }
893
    if (sha->ctx.mode != ESP32_SHA_SW) {
894
        /* TODO check SW/HW logic */
895
        esp_sha_digest_process(sha, 0);
896
    }
897
#endif
898
899
954
    ret = wc_ShaCopy(sha, &tmpSha);
900
954
    if (ret == 0) {
901
        /* if HW failed, use SW */
902
954
        ret = wc_ShaFinal(&tmpSha, hash);
903
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
904
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
905
        sha->ctx.mode = ESP32_SHA_SW;
906
#endif
907
908
909
954
    }
910
954
    return ret;
911
954
}
912
913
int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
914
4.54k
{
915
4.54k
    int ret = 0;
916
917
4.54k
    if (src == NULL || dst == NULL)
918
0
        return BAD_FUNC_ARG;
919
920
4.54k
    XMEMCPY(dst, src, sizeof(wc_Sha));
921
922
#ifdef WOLFSSL_SILABS_SE_ACCEL
923
    dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx);
924
    dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx);
925
#endif
926
927
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA)
928
    ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
929
#endif
930
#ifdef WOLFSSL_PIC32MZ_HASH
931
    ret = wc_Pic32HashCopy(&src->cache, &dst->cache);
932
#endif
933
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
934
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
935
     dst->ctx.mode = src->ctx.mode;
936
     dst->ctx.isfirstblock = src->ctx.isfirstblock;
937
     dst->ctx.sha_type = src->ctx.sha_type;
938
#endif
939
4.54k
#ifdef WOLFSSL_HASH_FLAGS
940
4.54k
     dst->flags |= WC_HASH_FLAG_ISCOPY;
941
4.54k
#endif
942
4.54k
    return ret;
943
4.54k
}
944
#endif /* defined(WOLFSSL_RENESAS_TSIP_CRYPT) ... */
945
#endif /* !WOLFSSL_TI_HASH && !WOLFSSL_IMXRT_DCP */
946
#endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */
947
948
#ifdef WOLFSSL_HASH_FLAGS
949
int wc_ShaSetFlags(wc_Sha* sha, word32 flags)
950
0
{
951
0
    if (sha) {
952
0
        sha->flags = flags;
953
0
    }
954
0
    return 0;
955
0
}
956
int wc_ShaGetFlags(wc_Sha* sha, word32* flags)
957
0
{
958
0
    if (sha && flags) {
959
0
        *flags = sha->flags;
960
0
    }
961
0
    return 0;
962
0
}
963
#endif
964
965
#endif /* !NO_SHA */