/src/wolfssl-sp-math/wolfcrypt/src/sha512.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* sha512.c |
2 | | * |
3 | | * Copyright (C) 2006-2022 wolfSSL Inc. |
4 | | * |
5 | | * This file is part of wolfSSL. |
6 | | * |
7 | | * wolfSSL is free software; you can redistribute it and/or modify |
8 | | * it under the terms of the GNU General Public License as published by |
9 | | * the Free Software Foundation; either version 2 of the License, or |
10 | | * (at your option) any later version. |
11 | | * |
12 | | * wolfSSL is distributed in the hope that it will be useful, |
13 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
15 | | * GNU General Public License for more details. |
16 | | * |
17 | | * You should have received a copy of the GNU General Public License |
18 | | * along with this program; if not, write to the Free Software |
19 | | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
20 | | */ |
21 | | |
22 | | |
23 | | #ifdef HAVE_CONFIG_H |
24 | | #include <config.h> |
25 | | #endif |
26 | | |
27 | | #include <wolfssl/wolfcrypt/settings.h> |
28 | | |
29 | | #if (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)) && !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PSOC6_CRYPTO) |
30 | | |
31 | | #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) |
32 | | /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ |
33 | | #define FIPS_NO_WRAPPERS |
34 | | |
35 | | #ifdef USE_WINDOWS_API |
36 | | #pragma code_seg(".fipsA$k") |
37 | | #pragma const_seg(".fipsB$k") |
38 | | #endif |
39 | | #endif |
40 | | |
41 | | #include <wolfssl/wolfcrypt/sha512.h> |
42 | | #include <wolfssl/wolfcrypt/error-crypt.h> |
43 | | #include <wolfssl/wolfcrypt/cpuid.h> |
44 | | #include <wolfssl/wolfcrypt/hash.h> |
45 | | |
46 | | #ifdef WOLF_CRYPTO_CB |
47 | | #include <wolfssl/wolfcrypt/cryptocb.h> |
48 | | #endif |
49 | | |
50 | | /* deprecated USE_SLOW_SHA2 (replaced with USE_SLOW_SHA512) */ |
51 | | #if defined(USE_SLOW_SHA2) && !defined(USE_SLOW_SHA512) |
52 | | #define USE_SLOW_SHA512 |
53 | | #endif |
54 | | |
55 | | /* fips wrapper calls, user can call direct */ |
56 | | #if defined(HAVE_FIPS) && \ |
57 | | (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) |
58 | | |
59 | | #ifdef WOLFSSL_SHA512 |
60 | | |
61 | | int wc_InitSha512(wc_Sha512* sha) |
62 | | { |
63 | | if (sha == NULL) { |
64 | | return BAD_FUNC_ARG; |
65 | | } |
66 | | |
67 | | return InitSha512_fips(sha); |
68 | | } |
69 | | int wc_InitSha512_ex(wc_Sha512* sha, void* heap, int devId) |
70 | | { |
71 | | (void)heap; |
72 | | (void)devId; |
73 | | if (sha == NULL) { |
74 | | return BAD_FUNC_ARG; |
75 | | } |
76 | | return InitSha512_fips(sha); |
77 | | } |
78 | | int wc_Sha512Update(wc_Sha512* sha, const byte* data, word32 len) |
79 | | { |
80 | | if (sha == NULL || (data == NULL && len > 0)) { |
81 | | return BAD_FUNC_ARG; |
82 | | } |
83 | | |
84 | | return Sha512Update_fips(sha, data, len); |
85 | | } |
86 | | int wc_Sha512Final(wc_Sha512* sha, byte* out) |
87 | | { |
88 | | if (sha == NULL || out == NULL) { |
89 | | return BAD_FUNC_ARG; |
90 | | } |
91 | | |
92 | | return Sha512Final_fips(sha, out); |
93 | | } |
94 | | void wc_Sha512Free(wc_Sha512* sha) |
95 | | { |
96 | | (void)sha; |
97 | | /* Not supported in FIPS */ |
98 | | } |
99 | | #endif |
100 | | |
101 | | #if defined(WOLFSSL_SHA384) || defined(HAVE_AESGCM) |
102 | | int wc_InitSha384(wc_Sha384* sha) |
103 | | { |
104 | | if (sha == NULL) { |
105 | | return BAD_FUNC_ARG; |
106 | | } |
107 | | return InitSha384_fips(sha); |
108 | | } |
109 | | int wc_InitSha384_ex(wc_Sha384* sha, void* heap, int devId) |
110 | | { |
111 | | (void)heap; |
112 | | (void)devId; |
113 | | if (sha == NULL) { |
114 | | return BAD_FUNC_ARG; |
115 | | } |
116 | | return InitSha384_fips(sha); |
117 | | } |
118 | | int wc_Sha384Update(wc_Sha384* sha, const byte* data, word32 len) |
119 | | { |
120 | | if (sha == NULL || (data == NULL && len > 0)) { |
121 | | return BAD_FUNC_ARG; |
122 | | } |
123 | | return Sha384Update_fips(sha, data, len); |
124 | | } |
125 | | int wc_Sha384Final(wc_Sha384* sha, byte* out) |
126 | | { |
127 | | if (sha == NULL || out == NULL) { |
128 | | return BAD_FUNC_ARG; |
129 | | } |
130 | | return Sha384Final_fips(sha, out); |
131 | | } |
132 | | void wc_Sha384Free(wc_Sha384* sha) |
133 | | { |
134 | | (void)sha; |
135 | | /* Not supported in FIPS */ |
136 | | } |
137 | | #endif /* WOLFSSL_SHA384 || HAVE_AESGCM */ |
138 | | |
139 | | #else /* else build without fips, or for FIPS v2 */ |
140 | | |
141 | | #include <wolfssl/wolfcrypt/logging.h> |
142 | | |
143 | | #ifdef NO_INLINE |
144 | | #include <wolfssl/wolfcrypt/misc.h> |
145 | | #else |
146 | | #define WOLFSSL_MISC_INCLUDED |
147 | | #include <wolfcrypt/src/misc.c> |
148 | | #endif |
149 | | |
150 | | #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) |
151 | | #include <wolfssl/wolfcrypt/port/nxp/se050_port.h> |
152 | | #endif |
153 | | |
154 | | |
155 | | #if defined(USE_INTEL_SPEEDUP) |
156 | | #if defined(__GNUC__) && ((__GNUC__ < 4) || \ |
157 | | (__GNUC__ == 4 && __GNUC_MINOR__ <= 8)) |
158 | | #undef NO_AVX2_SUPPORT |
159 | | #define NO_AVX2_SUPPORT |
160 | | #endif |
161 | | #if defined(__clang__) && ((__clang_major__ < 3) || \ |
162 | | (__clang_major__ == 3 && __clang_minor__ <= 5)) |
163 | | #define NO_AVX2_SUPPORT |
164 | | #elif defined(__clang__) && defined(NO_AVX2_SUPPORT) |
165 | | #undef NO_AVX2_SUPPORT |
166 | | #endif |
167 | | |
168 | | #define HAVE_INTEL_AVX1 |
169 | | #ifndef NO_AVX2_SUPPORT |
170 | | #define HAVE_INTEL_AVX2 |
171 | | #endif |
172 | | #endif |
173 | | |
174 | | #if defined(HAVE_INTEL_AVX1) |
175 | | /* #define DEBUG_XMM */ |
176 | | #endif |
177 | | |
178 | | #if defined(HAVE_INTEL_AVX2) |
179 | | #define HAVE_INTEL_RORX |
180 | | /* #define DEBUG_YMM */ |
181 | | #endif |
182 | | |
183 | | #if defined(HAVE_BYTEREVERSE64) && \ |
184 | | !defined(HAVE_INTEL_AVX1) && !defined(HAVE_INTEL_AVX2) |
185 | | #define ByteReverseWords64(out, in, size) ByteReverseWords64_1(out, size) |
186 | | #define ByteReverseWords64_1(buf, size) \ |
187 | | { unsigned int i ;\ |
188 | | for(i=0; i< size/sizeof(word64); i++){\ |
189 | | __asm__ volatile("bswapq %0":"+r"(buf[i])::) ;\ |
190 | | }\ |
191 | | } |
192 | | #endif |
193 | | |
194 | | #if defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_HASH) && \ |
195 | | !defined(WOLFSSL_QNX_CAAM) |
196 | | /* functions defined in wolfcrypt/src/port/caam/caam_sha.c */ |
197 | | |
198 | | #elif defined(WOLFSSL_SILABS_SHA384) |
199 | | /* functions defined in wolfcrypt/src/port/silabs/silabs_hash.c */ |
200 | | |
201 | | #elif defined(WOLFSSL_KCAPI_HASH) |
202 | | /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ |
203 | | |
204 | | #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) |
205 | | int wc_InitSha512(wc_Sha512* sha512) |
206 | | { |
207 | | if (sha512 == NULL) |
208 | | return BAD_FUNC_ARG; |
209 | | return se050_hash_init(&sha512->se050Ctx, NULL); |
210 | | } |
211 | | int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId) |
212 | | { |
213 | | if (sha512 == NULL) { |
214 | | return BAD_FUNC_ARG; |
215 | | } |
216 | | (void)devId; |
217 | | return se050_hash_init(&sha512->se050Ctx, heap); |
218 | | } |
219 | | int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) |
220 | | { |
221 | | return se050_hash_update(&sha512->se050Ctx, data, len); |
222 | | } |
223 | | int wc_Sha512Final(wc_Sha512* sha512, byte* hash) |
224 | | { |
225 | | int ret = 0; |
226 | | int devId = INVALID_DEVID; |
227 | | if (sha512 == NULL) { |
228 | | return BAD_FUNC_ARG; |
229 | | } |
230 | | #ifdef WOLF_CRYPTO_CB |
231 | | devId = sha512->devId; |
232 | | #endif |
233 | | ret = se050_hash_final(&sha512->se050Ctx, hash, WC_SHA512_DIGEST_SIZE, |
234 | | kAlgorithm_SSS_SHA512); |
235 | | return ret; |
236 | | } |
237 | | int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash) |
238 | | { |
239 | | int ret = 0; |
240 | | int devId = INVALID_DEVID; |
241 | | if (sha512 == NULL) { |
242 | | return BAD_FUNC_ARG; |
243 | | } |
244 | | #ifdef WOLF_CRYPTO_CB |
245 | | devId = sha512->devId; |
246 | | #endif |
247 | | ret = se050_hash_final(&sha512->se050Ctx, hash, WC_SHA512_DIGEST_SIZE, |
248 | | kAlgorithm_SSS_SHA512); |
249 | | return ret; |
250 | | } |
251 | | void wc_Sha512Free(wc_Sha512* sha512) |
252 | | { |
253 | | se050_hash_free(&sha512->se050Ctx); |
254 | | } |
255 | | |
256 | | #else |
257 | | |
258 | | #ifdef WOLFSSL_SHA512 |
259 | | |
260 | | static int InitSha512(wc_Sha512* sha512) |
261 | 95.3k | { |
262 | 95.3k | if (sha512 == NULL) |
263 | 0 | return BAD_FUNC_ARG; |
264 | | |
265 | 95.3k | sha512->digest[0] = W64LIT(0x6a09e667f3bcc908); |
266 | 95.3k | sha512->digest[1] = W64LIT(0xbb67ae8584caa73b); |
267 | 95.3k | sha512->digest[2] = W64LIT(0x3c6ef372fe94f82b); |
268 | 95.3k | sha512->digest[3] = W64LIT(0xa54ff53a5f1d36f1); |
269 | 95.3k | sha512->digest[4] = W64LIT(0x510e527fade682d1); |
270 | 95.3k | sha512->digest[5] = W64LIT(0x9b05688c2b3e6c1f); |
271 | 95.3k | sha512->digest[6] = W64LIT(0x1f83d9abfb41bd6b); |
272 | 95.3k | sha512->digest[7] = W64LIT(0x5be0cd19137e2179); |
273 | | |
274 | 95.3k | sha512->buffLen = 0; |
275 | 95.3k | sha512->loLen = 0; |
276 | 95.3k | sha512->hiLen = 0; |
277 | | |
278 | | #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ |
279 | | !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) |
280 | | |
281 | | sha512->ctx.sha_type = SHA2_512; |
282 | | /* always start firstblock = 1 when using hw engine */ |
283 | | sha512->ctx.isfirstblock = 1; |
284 | | if(sha512->ctx.mode == ESP32_SHA_HW) { |
285 | | /* release hw */ |
286 | | esp_sha_hw_unlock(&(sha512->ctx)); |
287 | | } |
288 | | /* always set mode as INIT |
289 | | * whether using HW or SW is determined at first call of update() |
290 | | */ |
291 | | sha512->ctx.mode = ESP32_SHA_INIT; |
292 | | #endif |
293 | 95.3k | #ifdef WOLFSSL_HASH_FLAGS |
294 | 95.3k | sha512->flags = 0; |
295 | 95.3k | #endif |
296 | 95.3k | return 0; |
297 | 95.3k | } |
298 | | |
299 | | #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) |
300 | | #if !defined(WOLFSSL_NOSHA512_224) |
301 | | /** |
302 | | * Initialize given wc_Sha512 structure with value specific to sha512/224. |
303 | | * Note that sha512/224 has different initial hash value from sha512. |
304 | | * The initial hash value consists of eight 64bit words. They are given |
305 | | * in FIPS180-4. |
306 | | */ |
307 | | static int InitSha512_224(wc_Sha512* sha512) |
308 | 964 | { |
309 | 964 | if (sha512 == NULL) |
310 | 0 | return BAD_FUNC_ARG; |
311 | | |
312 | 964 | sha512->digest[0] = W64LIT(0x8c3d37c819544da2); |
313 | 964 | sha512->digest[1] = W64LIT(0x73e1996689dcd4d6); |
314 | 964 | sha512->digest[2] = W64LIT(0x1dfab7ae32ff9c82); |
315 | 964 | sha512->digest[3] = W64LIT(0x679dd514582f9fcf); |
316 | 964 | sha512->digest[4] = W64LIT(0x0f6d2b697bd44da8); |
317 | 964 | sha512->digest[5] = W64LIT(0x77e36f7304c48942); |
318 | 964 | sha512->digest[6] = W64LIT(0x3f9d85a86a1d36c8); |
319 | 964 | sha512->digest[7] = W64LIT(0x1112e6ad91d692a1); |
320 | | |
321 | 964 | sha512->buffLen = 0; |
322 | 964 | sha512->loLen = 0; |
323 | 964 | sha512->hiLen = 0; |
324 | | |
325 | | #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ |
326 | | !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) |
327 | | |
328 | | sha512->ctx.sha_type = SHA2_512; |
329 | | /* always start firstblock = 1 when using hw engine */ |
330 | | sha512->ctx.isfirstblock = 1; |
331 | | if(sha512->ctx.mode == ESP32_SHA_HW) { |
332 | | /* release hw */ |
333 | | esp_sha_hw_unlock(&(sha512->ctx)); |
334 | | } |
335 | | /* always set mode as INIT |
336 | | * whether using HW or SW is determined at first call of update() |
337 | | */ |
338 | | sha512->ctx.mode = ESP32_SHA_INIT; |
339 | | #endif |
340 | 964 | #ifdef WOLFSSL_HASH_FLAGS |
341 | 964 | sha512->flags = 0; |
342 | 964 | #endif |
343 | 964 | return 0; |
344 | 964 | } |
345 | | #endif /* !WOLFSSL_NOSHA512_224 */ |
346 | | #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ |
347 | | |
348 | | #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) |
349 | | #if !defined(WOLFSSL_NOSHA512_256) |
350 | | /** |
351 | | * Initialize given wc_Sha512 structure with value specific to sha512/256. |
352 | | * Note that sha512/256 has different initial hash value from sha512. |
353 | | * The initial hash value consists of eight 64bit words. They are given |
354 | | * in FIPS180-4. |
355 | | */ |
356 | | static int InitSha512_256(wc_Sha512* sha512) |
357 | 640 | { |
358 | 640 | if (sha512 == NULL) |
359 | 0 | return BAD_FUNC_ARG; |
360 | | |
361 | 640 | sha512->digest[0] = W64LIT(0x22312194fc2bf72c); |
362 | 640 | sha512->digest[1] = W64LIT(0x9f555fa3c84c64c2); |
363 | 640 | sha512->digest[2] = W64LIT(0x2393b86b6f53b151); |
364 | 640 | sha512->digest[3] = W64LIT(0x963877195940eabd); |
365 | 640 | sha512->digest[4] = W64LIT(0x96283ee2a88effe3); |
366 | 640 | sha512->digest[5] = W64LIT(0xbe5e1e2553863992); |
367 | 640 | sha512->digest[6] = W64LIT(0x2b0199fc2c85b8aa); |
368 | 640 | sha512->digest[7] = W64LIT(0x0eb72ddc81c52ca2); |
369 | | |
370 | 640 | sha512->buffLen = 0; |
371 | 640 | sha512->loLen = 0; |
372 | 640 | sha512->hiLen = 0; |
373 | | |
374 | | #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ |
375 | | !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) |
376 | | |
377 | | sha512->ctx.sha_type = SHA2_512; |
378 | | /* always start firstblock = 1 when using hw engine */ |
379 | | sha512->ctx.isfirstblock = 1; |
380 | | if(sha512->ctx.mode == ESP32_SHA_HW) { |
381 | | /* release hw */ |
382 | | esp_sha_hw_unlock(&(sha512->ctx)); |
383 | | } |
384 | | /* always set mode as INIT |
385 | | * whether using HW or SW is determined at first call of update() |
386 | | */ |
387 | | sha512->ctx.mode = ESP32_SHA_INIT; |
388 | | #endif |
389 | 640 | #ifdef WOLFSSL_HASH_FLAGS |
390 | 640 | sha512->flags = 0; |
391 | 640 | #endif |
392 | 640 | return 0; |
393 | 640 | } |
394 | | #endif /* !WOLFSSL_NOSHA512_256 */ |
395 | | #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ |
396 | | |
397 | | #endif /* WOLFSSL_SHA512 */ |
398 | | |
399 | | /* Hardware Acceleration */ |
400 | | #if defined(USE_INTEL_SPEEDUP) && \ |
401 | | (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) |
402 | | |
403 | | #ifdef WOLFSSL_SHA512 |
404 | | |
405 | | /***** |
406 | | Intel AVX1/AVX2 Macro Control Structure |
407 | | |
408 | | #if defined(HAVE_INTEL_SPEEDUP) |
409 | | #define HAVE_INTEL_AVX1 |
410 | | #define HAVE_INTEL_AVX2 |
411 | | #endif |
412 | | |
413 | | int InitSha512(wc_Sha512* sha512) { |
414 | | Save/Recover XMM, YMM |
415 | | ... |
416 | | |
417 | | Check Intel AVX cpuid flags |
418 | | } |
419 | | |
420 | | #if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2) |
421 | | Transform_Sha512_AVX1(); # Function prototype |
422 | | Transform_Sha512_AVX2(); # |
423 | | #endif |
424 | | |
425 | | _Transform_Sha512() { # Native Transform Function body |
426 | | |
427 | | } |
428 | | |
429 | | int Sha512Update() { |
430 | | Save/Recover XMM, YMM |
431 | | ... |
432 | | } |
433 | | |
434 | | int Sha512Final() { |
435 | | Save/Recover XMM, YMM |
436 | | ... |
437 | | } |
438 | | |
439 | | |
440 | | #if defined(HAVE_INTEL_AVX1) |
441 | | |
442 | | XMM Instructions/INLINE asm Definitions |
443 | | |
444 | | #endif |
445 | | |
446 | | #if defined(HAVE_INTEL_AVX2) |
447 | | |
448 | | YMM Instructions/INLINE asm Definitions |
449 | | |
450 | | #endif |
451 | | |
452 | | #if defined(HAVE_INTEL_AVX1) |
453 | | |
454 | | int Transform_Sha512_AVX1() { |
455 | | Stitched Message Sched/Round |
456 | | } |
457 | | |
458 | | #endif |
459 | | |
460 | | #if defined(HAVE_INTEL_AVX2) |
461 | | |
462 | | int Transform_Sha512_AVX2() { |
463 | | Stitched Message Sched/Round |
464 | | } |
465 | | #endif |
466 | | |
467 | | */ |
468 | | |
469 | | |
470 | | /* Each platform needs to query info type 1 from cpuid to see if aesni is |
471 | | * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts |
472 | | */ |
473 | | |
474 | | #ifdef __cplusplus |
475 | | extern "C" { |
476 | | #endif |
477 | | |
478 | | #if defined(HAVE_INTEL_AVX1) |
479 | | extern int Transform_Sha512_AVX1(wc_Sha512 *sha512); |
480 | | extern int Transform_Sha512_AVX1_Len(wc_Sha512 *sha512, word32 len); |
481 | | #endif |
482 | | #if defined(HAVE_INTEL_AVX2) |
483 | | extern int Transform_Sha512_AVX2(wc_Sha512 *sha512); |
484 | | extern int Transform_Sha512_AVX2_Len(wc_Sha512 *sha512, word32 len); |
485 | | #if defined(HAVE_INTEL_RORX) |
486 | | extern int Transform_Sha512_AVX1_RORX(wc_Sha512 *sha512); |
487 | | extern int Transform_Sha512_AVX1_RORX_Len(wc_Sha512 *sha512, |
488 | | word32 len); |
489 | | extern int Transform_Sha512_AVX2_RORX(wc_Sha512 *sha512); |
490 | | extern int Transform_Sha512_AVX2_RORX_Len(wc_Sha512 *sha512, |
491 | | word32 len); |
492 | | #endif |
493 | | #endif |
494 | | |
495 | | #ifdef __cplusplus |
496 | | } /* extern "C" */ |
497 | | #endif |
498 | | |
499 | | static int _Transform_Sha512(wc_Sha512 *sha512); |
500 | | static int (*Transform_Sha512_p)(wc_Sha512* sha512) = _Transform_Sha512; |
501 | | static int (*Transform_Sha512_Len_p)(wc_Sha512* sha512, word32 len) = NULL; |
502 | | static int transform_check = 0; |
503 | | static int intel_flags; |
504 | | static int Transform_Sha512_is_vectorized = 0; |
505 | | |
506 | | static WC_INLINE int Transform_Sha512(wc_Sha512 *sha512) { |
507 | | int ret; |
508 | | ret = (*Transform_Sha512_p)(sha512); |
509 | | return ret; |
510 | | } |
511 | | static WC_INLINE int Transform_Sha512_Len(wc_Sha512 *sha512, word32 len) { |
512 | | int ret; |
513 | | ret = (*Transform_Sha512_Len_p)(sha512, len); |
514 | | return ret; |
515 | | } |
516 | | |
517 | | static void Sha512_SetTransform(void) |
518 | | { |
519 | | if (transform_check) |
520 | | return; |
521 | | |
522 | | intel_flags = cpuid_get_flags(); |
523 | | |
524 | | #if defined(HAVE_INTEL_AVX2) |
525 | | if (IS_INTEL_AVX2(intel_flags)) { |
526 | | #ifdef HAVE_INTEL_RORX |
527 | | if (IS_INTEL_BMI2(intel_flags)) { |
528 | | Transform_Sha512_p = Transform_Sha512_AVX2_RORX; |
529 | | Transform_Sha512_Len_p = Transform_Sha512_AVX2_RORX_Len; |
530 | | Transform_Sha512_is_vectorized = 1; |
531 | | } |
532 | | else |
533 | | #endif |
534 | | if (1) { |
535 | | Transform_Sha512_p = Transform_Sha512_AVX2; |
536 | | Transform_Sha512_Len_p = Transform_Sha512_AVX2_Len; |
537 | | Transform_Sha512_is_vectorized = 1; |
538 | | } |
539 | | #ifdef HAVE_INTEL_RORX |
540 | | else { |
541 | | Transform_Sha512_p = Transform_Sha512_AVX1_RORX; |
542 | | Transform_Sha512_Len_p = Transform_Sha512_AVX1_RORX_Len; |
543 | | Transform_Sha512_is_vectorized = 1; |
544 | | } |
545 | | #endif |
546 | | } |
547 | | else |
548 | | #endif |
549 | | #if defined(HAVE_INTEL_AVX1) |
550 | | if (IS_INTEL_AVX1(intel_flags)) { |
551 | | Transform_Sha512_p = Transform_Sha512_AVX1; |
552 | | Transform_Sha512_Len_p = Transform_Sha512_AVX1_Len; |
553 | | Transform_Sha512_is_vectorized = 1; |
554 | | } |
555 | | else |
556 | | #endif |
557 | | { |
558 | | Transform_Sha512_p = _Transform_Sha512; |
559 | | Transform_Sha512_is_vectorized = 1; |
560 | | } |
561 | | |
562 | | transform_check = 1; |
563 | | } |
564 | | #endif /* WOLFSSL_SHA512 */ |
565 | | |
566 | | #else |
567 | 423k | #define Transform_Sha512(sha512) _Transform_Sha512(sha512) |
568 | | |
569 | | #endif |
570 | | |
571 | | #ifdef WOLFSSL_SHA512 |
572 | | |
573 | | static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId, |
574 | | int (*initfp)(wc_Sha512*)) |
575 | 74.2k | { |
576 | 74.2k | int ret = 0; |
577 | | |
578 | 74.2k | if (sha512 == NULL) |
579 | 0 | return BAD_FUNC_ARG; |
580 | | |
581 | 74.2k | sha512->heap = heap; |
582 | | #ifdef WOLFSSL_SMALL_STACK_CACHE |
583 | | sha512->W = NULL; |
584 | | #endif |
585 | 74.2k | #ifdef WOLF_CRYPTO_CB |
586 | 74.2k | sha512->devId = devId; |
587 | 74.2k | sha512->devCtx = NULL; |
588 | 74.2k | #endif |
589 | | |
590 | 74.2k | ret = initfp(sha512); |
591 | 74.2k | if (ret != 0) |
592 | 0 | return ret; |
593 | | |
594 | | #if defined(USE_INTEL_SPEEDUP) && \ |
595 | | (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) |
596 | | Sha512_SetTransform(); |
597 | | #endif |
598 | | #ifdef WOLFSSL_HASH_KEEP |
599 | | sha512->msg = NULL; |
600 | | sha512->len = 0; |
601 | | sha512->used = 0; |
602 | | #endif |
603 | | |
604 | | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512) |
605 | | ret = wolfAsync_DevCtxInit(&sha512->asyncDev, |
606 | | WOLFSSL_ASYNC_MARKER_SHA512, sha512->heap, devId); |
607 | | #else |
608 | 74.2k | (void)devId; |
609 | 74.2k | #endif /* WOLFSSL_ASYNC_CRYPT */ |
610 | | |
611 | 74.2k | return ret; |
612 | 74.2k | } |
613 | | |
614 | | int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId) |
615 | 73.4k | { |
616 | 73.4k | return InitSha512_Family(sha512, heap, devId, InitSha512); |
617 | 73.4k | } |
618 | | |
619 | | #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) |
620 | | #if !defined(WOLFSSL_NOSHA512_224) |
621 | | int wc_InitSha512_224_ex(wc_Sha512* sha512, void* heap, int devId) |
622 | 482 | { |
623 | 482 | return InitSha512_Family(sha512, heap, devId, InitSha512_224); |
624 | 482 | } |
625 | | #endif /* !WOLFSSL_NOSHA512_224 */ |
626 | | #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ |
627 | | |
628 | | #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) |
629 | | #if !defined(WOLFSSL_NOSHA512_256) |
630 | | int wc_InitSha512_256_ex(wc_Sha512* sha512, void* heap, int devId) |
631 | 320 | { |
632 | 320 | return InitSha512_Family(sha512, heap, devId, InitSha512_256); |
633 | 320 | } |
634 | | #endif /* !WOLFSSL_NOSHA512_256 */ |
635 | | #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ |
636 | | |
637 | | #endif /* WOLFSSL_SHA512 */ |
638 | | |
639 | | |
640 | | static const word64 K512[80] = { |
641 | | W64LIT(0x428a2f98d728ae22), W64LIT(0x7137449123ef65cd), |
642 | | W64LIT(0xb5c0fbcfec4d3b2f), W64LIT(0xe9b5dba58189dbbc), |
643 | | W64LIT(0x3956c25bf348b538), W64LIT(0x59f111f1b605d019), |
644 | | W64LIT(0x923f82a4af194f9b), W64LIT(0xab1c5ed5da6d8118), |
645 | | W64LIT(0xd807aa98a3030242), W64LIT(0x12835b0145706fbe), |
646 | | W64LIT(0x243185be4ee4b28c), W64LIT(0x550c7dc3d5ffb4e2), |
647 | | W64LIT(0x72be5d74f27b896f), W64LIT(0x80deb1fe3b1696b1), |
648 | | W64LIT(0x9bdc06a725c71235), W64LIT(0xc19bf174cf692694), |
649 | | W64LIT(0xe49b69c19ef14ad2), W64LIT(0xefbe4786384f25e3), |
650 | | W64LIT(0x0fc19dc68b8cd5b5), W64LIT(0x240ca1cc77ac9c65), |
651 | | W64LIT(0x2de92c6f592b0275), W64LIT(0x4a7484aa6ea6e483), |
652 | | W64LIT(0x5cb0a9dcbd41fbd4), W64LIT(0x76f988da831153b5), |
653 | | W64LIT(0x983e5152ee66dfab), W64LIT(0xa831c66d2db43210), |
654 | | W64LIT(0xb00327c898fb213f), W64LIT(0xbf597fc7beef0ee4), |
655 | | W64LIT(0xc6e00bf33da88fc2), W64LIT(0xd5a79147930aa725), |
656 | | W64LIT(0x06ca6351e003826f), W64LIT(0x142929670a0e6e70), |
657 | | W64LIT(0x27b70a8546d22ffc), W64LIT(0x2e1b21385c26c926), |
658 | | W64LIT(0x4d2c6dfc5ac42aed), W64LIT(0x53380d139d95b3df), |
659 | | W64LIT(0x650a73548baf63de), W64LIT(0x766a0abb3c77b2a8), |
660 | | W64LIT(0x81c2c92e47edaee6), W64LIT(0x92722c851482353b), |
661 | | W64LIT(0xa2bfe8a14cf10364), W64LIT(0xa81a664bbc423001), |
662 | | W64LIT(0xc24b8b70d0f89791), W64LIT(0xc76c51a30654be30), |
663 | | W64LIT(0xd192e819d6ef5218), W64LIT(0xd69906245565a910), |
664 | | W64LIT(0xf40e35855771202a), W64LIT(0x106aa07032bbd1b8), |
665 | | W64LIT(0x19a4c116b8d2d0c8), W64LIT(0x1e376c085141ab53), |
666 | | W64LIT(0x2748774cdf8eeb99), W64LIT(0x34b0bcb5e19b48a8), |
667 | | W64LIT(0x391c0cb3c5c95a63), W64LIT(0x4ed8aa4ae3418acb), |
668 | | W64LIT(0x5b9cca4f7763e373), W64LIT(0x682e6ff3d6b2b8a3), |
669 | | W64LIT(0x748f82ee5defb2fc), W64LIT(0x78a5636f43172f60), |
670 | | W64LIT(0x84c87814a1f0ab72), W64LIT(0x8cc702081a6439ec), |
671 | | W64LIT(0x90befffa23631e28), W64LIT(0xa4506cebde82bde9), |
672 | | W64LIT(0xbef9a3f7b2c67915), W64LIT(0xc67178f2e372532b), |
673 | | W64LIT(0xca273eceea26619c), W64LIT(0xd186b8c721c0c207), |
674 | | W64LIT(0xeada7dd6cde0eb1e), W64LIT(0xf57d4f7fee6ed178), |
675 | | W64LIT(0x06f067aa72176fba), W64LIT(0x0a637dc5a2c898a6), |
676 | | W64LIT(0x113f9804bef90dae), W64LIT(0x1b710b35131c471b), |
677 | | W64LIT(0x28db77f523047d84), W64LIT(0x32caab7b40c72493), |
678 | | W64LIT(0x3c9ebe0a15c9bebc), W64LIT(0x431d67c49c100d4c), |
679 | | W64LIT(0x4cc5d4becb3e42b6), W64LIT(0x597f299cfc657e2a), |
680 | | W64LIT(0x5fcb6fab3ad6faec), W64LIT(0x6c44198c4a475817) |
681 | | }; |
682 | | |
683 | 381k | #define blk0(i) (W[i] = sha512->buffer[i]) |
684 | | |
685 | 1.52M | #define blk2(i) (\ |
686 | 1.52M | W[ (i) & 15] += \ |
687 | 1.52M | s1(W[((i)-2) & 15])+ \ |
688 | 1.52M | W[((i)-7) & 15] + \ |
689 | 1.52M | s0(W[((i)-15) & 15]) \ |
690 | 1.52M | ) |
691 | | |
692 | 1.90M | #define Ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) |
693 | 1.90M | #define Maj(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) |
694 | | |
695 | 23.8k | #define a(i) T[(0-(i)) & 7] |
696 | 23.8k | #define b(i) T[(1-(i)) & 7] |
697 | 23.8k | #define c(i) T[(2-(i)) & 7] |
698 | 1.93M | #define d(i) T[(3-(i)) & 7] |
699 | 23.8k | #define e(i) T[(4-(i)) & 7] |
700 | 23.8k | #define f(i) T[(5-(i)) & 7] |
701 | 23.8k | #define g(i) T[(6-(i)) & 7] |
702 | 5.74M | #define h(i) T[(7-(i)) & 7] |
703 | | |
704 | 1.90M | #define S0(x) (rotrFixed64(x,28) ^ rotrFixed64(x,34) ^ rotrFixed64(x,39)) |
705 | 1.90M | #define S1(x) (rotrFixed64(x,14) ^ rotrFixed64(x,18) ^ rotrFixed64(x,41)) |
706 | 1.52M | #define s0(x) (rotrFixed64(x,1) ^ rotrFixed64(x,8) ^ ((x)>>7)) |
707 | 1.52M | #define s1(x) (rotrFixed64(x,19) ^ rotrFixed64(x,61) ^ ((x)>>6)) |
708 | | |
709 | | #define R(i) \ |
710 | 1.90M | h(i) += S1(e(i)) + Ch(e(i),f(i),g(i)) + K[(i)+j] + (j ? blk2(i) : blk0(i)); \ |
711 | 1.90M | d(i) += h(i); \ |
712 | 1.90M | h(i) += S0(a(i)) + Maj(a(i),b(i),c(i)) |
713 | | |
714 | | static int _Transform_Sha512(wc_Sha512* sha512) |
715 | 24.9k | { |
716 | 24.9k | const word64* K = K512; |
717 | 24.9k | word32 j; |
718 | 24.9k | word64 T[8]; |
719 | | |
720 | | #ifdef WOLFSSL_SMALL_STACK_CACHE |
721 | | word64* W = sha512->W; |
722 | | if (W == NULL) { |
723 | | W = (word64*)XMALLOC(sizeof(word64) * 16, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER); |
724 | | if (W == NULL) |
725 | | return MEMORY_E; |
726 | | sha512->W = W; |
727 | | } |
728 | | #elif defined(WOLFSSL_SMALL_STACK) |
729 | 24.9k | word64* W; |
730 | 24.9k | W = (word64*) XMALLOC(sizeof(word64) * 16, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER); |
731 | 24.9k | if (W == NULL) |
732 | 1.09k | return MEMORY_E; |
733 | | #else |
734 | | word64 W[16]; |
735 | | #endif |
736 | | |
737 | | /* Copy digest to working vars */ |
738 | 23.8k | XMEMCPY(T, sha512->digest, sizeof(T)); |
739 | | |
740 | | #ifdef USE_SLOW_SHA512 |
741 | | /* over twice as small, but 50% slower */ |
742 | | /* 80 operations, not unrolled */ |
743 | | for (j = 0; j < 80; j += 16) { |
744 | | int m; |
745 | | for (m = 0; m < 16; m++) { /* braces needed here for macros {} */ |
746 | | R(m); |
747 | | } |
748 | | } |
749 | | #else |
750 | | /* 80 operations, partially loop unrolled */ |
751 | 143k | for (j = 0; j < 80; j += 16) { |
752 | 119k | R( 0); R( 1); R( 2); R( 3); |
753 | 119k | R( 4); R( 5); R( 6); R( 7); |
754 | 119k | R( 8); R( 9); R(10); R(11); |
755 | 119k | R(12); R(13); R(14); R(15); |
756 | 119k | } |
757 | 23.8k | #endif /* USE_SLOW_SHA512 */ |
758 | | |
759 | | /* Add the working vars back into digest */ |
760 | 23.8k | sha512->digest[0] += a(0); |
761 | 23.8k | sha512->digest[1] += b(0); |
762 | 23.8k | sha512->digest[2] += c(0); |
763 | 23.8k | sha512->digest[3] += d(0); |
764 | 23.8k | sha512->digest[4] += e(0); |
765 | 23.8k | sha512->digest[5] += f(0); |
766 | 23.8k | sha512->digest[6] += g(0); |
767 | 23.8k | sha512->digest[7] += h(0); |
768 | | |
769 | | /* Wipe variables */ |
770 | 23.8k | ForceZero(W, sizeof(word64) * 16); |
771 | 23.8k | ForceZero(T, sizeof(T)); |
772 | | |
773 | 23.8k | #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE) |
774 | 23.8k | XFREE(W, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER); |
775 | 23.8k | #endif |
776 | | |
777 | 23.8k | return 0; |
778 | 24.9k | } |
779 | | |
780 | | |
781 | | static WC_INLINE void AddLength(wc_Sha512* sha512, word32 len) |
782 | 346k | { |
783 | 346k | word64 tmp = sha512->loLen; |
784 | 346k | if ( (sha512->loLen += len) < tmp) |
785 | 0 | sha512->hiLen++; /* carry low to high */ |
786 | 346k | } |
787 | | |
788 | | static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) |
789 | 356k | { |
790 | 356k | int ret = 0; |
791 | | /* do block size increments */ |
792 | 356k | byte* local = (byte*)sha512->buffer; |
793 | | |
794 | | /* check that internal buffLen is valid */ |
795 | 356k | if (sha512->buffLen >= WC_SHA512_BLOCK_SIZE) |
796 | 0 | return BUFFER_E; |
797 | | |
798 | 356k | if (len == 0) |
799 | 10.0k | return 0; |
800 | | |
801 | 346k | AddLength(sha512, len); |
802 | | |
803 | 346k | if (sha512->buffLen > 0) { |
804 | 241k | word32 add = min(len, WC_SHA512_BLOCK_SIZE - sha512->buffLen); |
805 | 241k | if (add > 0) { |
806 | 241k | XMEMCPY(&local[sha512->buffLen], data, add); |
807 | | |
808 | 241k | sha512->buffLen += add; |
809 | 241k | data += add; |
810 | 241k | len -= add; |
811 | 241k | } |
812 | | |
813 | 241k | if (sha512->buffLen == WC_SHA512_BLOCK_SIZE) { |
814 | 57.4k | #if defined(LITTLE_ENDIAN_ORDER) |
815 | | #if defined(USE_INTEL_SPEEDUP) && \ |
816 | | (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) |
817 | | if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) |
818 | | #endif |
819 | 57.4k | { |
820 | 57.4k | #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \ |
821 | 57.4k | defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) |
822 | 57.4k | ByteReverseWords64(sha512->buffer, sha512->buffer, |
823 | 57.4k | WC_SHA512_BLOCK_SIZE); |
824 | 57.4k | #endif |
825 | 57.4k | } |
826 | 57.4k | #endif |
827 | 57.4k | #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \ |
828 | 57.4k | defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) |
829 | 57.4k | ret = Transform_Sha512(sha512); |
830 | | #else |
831 | | if(sha512->ctx.mode == ESP32_SHA_INIT) { |
832 | | esp_sha_try_hw_lock(&sha512->ctx); |
833 | | } |
834 | | ret = esp_sha512_process(sha512); |
835 | | if(ret == 0 && sha512->ctx.mode == ESP32_SHA_SW){ |
836 | | ret = Transform_Sha512(sha512); |
837 | | } |
838 | | #endif |
839 | 57.4k | if (ret == 0) |
840 | 57.3k | sha512->buffLen = 0; |
841 | 131 | else |
842 | 131 | len = 0; |
843 | 57.4k | } |
844 | 241k | } |
845 | | |
846 | | #if defined(USE_INTEL_SPEEDUP) && \ |
847 | | (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) |
848 | | if (Transform_Sha512_Len_p != NULL) { |
849 | | word32 blocksLen = len & ~(WC_SHA512_BLOCK_SIZE-1); |
850 | | |
851 | | if (blocksLen > 0) { |
852 | | sha512->data = data; |
853 | | /* Byte reversal performed in function if required. */ |
854 | | Transform_Sha512_Len(sha512, blocksLen); |
855 | | data += blocksLen; |
856 | | len -= blocksLen; |
857 | | } |
858 | | } |
859 | | else |
860 | | #endif |
861 | | #if !defined(LITTLE_ENDIAN_ORDER) || (defined(USE_INTEL_SPEEDUP) && \ |
862 | | (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))) |
863 | | { |
864 | | while (len >= WC_SHA512_BLOCK_SIZE) { |
865 | | XMEMCPY(local, data, WC_SHA512_BLOCK_SIZE); |
866 | | |
867 | | data += WC_SHA512_BLOCK_SIZE; |
868 | | len -= WC_SHA512_BLOCK_SIZE; |
869 | | |
870 | | #if defined(USE_INTEL_SPEEDUP) && \ |
871 | | (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) |
872 | | if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) |
873 | | { |
874 | | ByteReverseWords64(sha512->buffer, sha512->buffer, |
875 | | WC_SHA512_BLOCK_SIZE); |
876 | | } |
877 | | #endif |
878 | | /* Byte reversal performed in function if required. */ |
879 | | ret = Transform_Sha512(sha512); |
880 | | if (ret != 0) |
881 | | break; |
882 | | } |
883 | | } |
884 | | #else |
885 | 346k | { |
886 | 663k | while (len >= WC_SHA512_BLOCK_SIZE) { |
887 | 317k | XMEMCPY(local, data, WC_SHA512_BLOCK_SIZE); |
888 | | |
889 | 317k | data += WC_SHA512_BLOCK_SIZE; |
890 | 317k | len -= WC_SHA512_BLOCK_SIZE; |
891 | 317k | #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \ |
892 | 317k | defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) |
893 | 317k | ByteReverseWords64(sha512->buffer, sha512->buffer, |
894 | 317k | WC_SHA512_BLOCK_SIZE); |
895 | 317k | #endif |
896 | 317k | #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \ |
897 | 317k | defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) |
898 | 317k | ret = Transform_Sha512(sha512); |
899 | | #else |
900 | | if(sha512->ctx.mode == ESP32_SHA_INIT) { |
901 | | esp_sha_try_hw_lock(&sha512->ctx); |
902 | | } |
903 | | ret = esp_sha512_process(sha512); |
904 | | if(ret == 0 && sha512->ctx.mode == ESP32_SHA_SW){ |
905 | | ret = Transform_Sha512(sha512); |
906 | | } |
907 | | #endif |
908 | 317k | if (ret != 0) |
909 | 107 | break; |
910 | 317k | } |
911 | 346k | } |
912 | 346k | #endif |
913 | | |
914 | 346k | if (ret == 0 && len > 0) { |
915 | 141k | XMEMCPY(local, data, len); |
916 | 141k | sha512->buffLen = len; |
917 | 141k | } |
918 | | |
919 | 346k | return ret; |
920 | 356k | } |
921 | | |
922 | | #ifdef WOLFSSL_SHA512 |
923 | | |
924 | | int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) |
925 | 32.3k | { |
926 | 32.3k | if (sha512 == NULL || (data == NULL && len > 0)) { |
927 | 0 | return BAD_FUNC_ARG; |
928 | 0 | } |
929 | | |
930 | 32.3k | #ifdef WOLF_CRYPTO_CB |
931 | 32.3k | if (sha512->devId != INVALID_DEVID) { |
932 | 0 | int ret = wc_CryptoCb_Sha512Hash(sha512, data, len, NULL); |
933 | 0 | if (ret != CRYPTOCB_UNAVAILABLE) |
934 | 0 | return ret; |
935 | | /* fall-through when unavailable */ |
936 | 0 | } |
937 | 32.3k | #endif |
938 | | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512) |
939 | | if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) { |
940 | | #if defined(HAVE_INTEL_QA) |
941 | | return IntelQaSymSha512(&sha512->asyncDev, NULL, data, len); |
942 | | #endif |
943 | | } |
944 | | #endif /* WOLFSSL_ASYNC_CRYPT */ |
945 | | |
946 | 32.3k | return Sha512Update(sha512, data, len); |
947 | 32.3k | } |
948 | | |
949 | | #endif /* WOLFSSL_SHA512 */ |
950 | | |
951 | | #endif /* WOLFSSL_IMX6_CAAM || WOLFSSL_SILABS_SHA384 */ |
952 | | |
953 | | |
954 | | #if defined(WOLFSSL_KCAPI_HASH) |
955 | | /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ |
956 | | #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) |
957 | | |
958 | | #else |
959 | | |
960 | | static WC_INLINE int Sha512Final(wc_Sha512* sha512) |
961 | 47.0k | { |
962 | 47.0k | byte* local; |
963 | 47.0k | int ret; |
964 | | |
965 | 47.0k | if (sha512 == NULL) { |
966 | 0 | return BAD_FUNC_ARG; |
967 | 0 | } |
968 | | |
969 | 47.0k | local = (byte*)sha512->buffer; |
970 | | |
971 | 47.0k | local[sha512->buffLen++] = 0x80; /* add 1 */ |
972 | | |
973 | | /* pad with zeros */ |
974 | 47.0k | if (sha512->buffLen > WC_SHA512_PAD_SIZE) { |
975 | 1.39k | XMEMSET(&local[sha512->buffLen], 0, WC_SHA512_BLOCK_SIZE - sha512->buffLen); |
976 | 1.39k | sha512->buffLen += WC_SHA512_BLOCK_SIZE - sha512->buffLen; |
977 | 1.39k | #if defined(LITTLE_ENDIAN_ORDER) |
978 | | #if defined(USE_INTEL_SPEEDUP) && \ |
979 | | (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) |
980 | | if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) |
981 | | #endif |
982 | 1.39k | { |
983 | | |
984 | 1.39k | #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \ |
985 | 1.39k | defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) |
986 | 1.39k | ByteReverseWords64(sha512->buffer,sha512->buffer, |
987 | 1.39k | WC_SHA512_BLOCK_SIZE); |
988 | 1.39k | #endif |
989 | 1.39k | } |
990 | 1.39k | #endif /* LITTLE_ENDIAN_ORDER */ |
991 | 1.39k | #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \ |
992 | 1.39k | defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) |
993 | 1.39k | ret = Transform_Sha512(sha512); |
994 | | #else |
995 | | if(sha512->ctx.mode == ESP32_SHA_INIT) { |
996 | | esp_sha_try_hw_lock(&sha512->ctx); |
997 | | } |
998 | | ret = esp_sha512_process(sha512); |
999 | | if(ret == 0 && sha512->ctx.mode == ESP32_SHA_SW){ |
1000 | | ret = Transform_Sha512(sha512); |
1001 | | } |
1002 | | #endif |
1003 | 1.39k | if (ret != 0) |
1004 | 56 | return ret; |
1005 | | |
1006 | 1.34k | sha512->buffLen = 0; |
1007 | 1.34k | } |
1008 | 46.9k | XMEMSET(&local[sha512->buffLen], 0, WC_SHA512_PAD_SIZE - sha512->buffLen); |
1009 | | |
1010 | | /* put lengths in bits */ |
1011 | 46.9k | sha512->hiLen = (sha512->loLen >> (8 * sizeof(sha512->loLen) - 3)) + |
1012 | 46.9k | (sha512->hiLen << 3); |
1013 | 46.9k | sha512->loLen = sha512->loLen << 3; |
1014 | | |
1015 | | /* store lengths */ |
1016 | 46.9k | #if defined(LITTLE_ENDIAN_ORDER) |
1017 | | #if defined(USE_INTEL_SPEEDUP) && \ |
1018 | | (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) |
1019 | | if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) |
1020 | | #endif |
1021 | 46.9k | #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \ |
1022 | 46.9k | defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) |
1023 | 46.9k | ByteReverseWords64(sha512->buffer, sha512->buffer, WC_SHA512_PAD_SIZE); |
1024 | 46.9k | #endif |
1025 | 46.9k | #endif |
1026 | | /* ! length ordering dependent on digest endian type ! */ |
1027 | | |
1028 | 46.9k | #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \ |
1029 | 46.9k | defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) |
1030 | 46.9k | sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2] = sha512->hiLen; |
1031 | 46.9k | sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 1] = sha512->loLen; |
1032 | 46.9k | #endif |
1033 | | |
1034 | | #if defined(USE_INTEL_SPEEDUP) && \ |
1035 | | (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) |
1036 | | if (IS_INTEL_AVX1(intel_flags) || IS_INTEL_AVX2(intel_flags)) |
1037 | | ByteReverseWords64(&(sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2]), |
1038 | | &(sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2]), |
1039 | | WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE); |
1040 | | #endif |
1041 | 46.9k | #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \ |
1042 | 46.9k | defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) |
1043 | 46.9k | ret = Transform_Sha512(sha512); |
1044 | | #else |
1045 | | if(sha512->ctx.mode == ESP32_SHA_INIT) { |
1046 | | esp_sha_try_hw_lock(&sha512->ctx); |
1047 | | } |
1048 | | ret = esp_sha512_digest_process(sha512, 1); |
1049 | | if(ret == 0 && sha512->ctx.mode == ESP32_SHA_SW) { |
1050 | | ret = Transform_Sha512(sha512); |
1051 | | } |
1052 | | #endif |
1053 | 46.9k | if (ret != 0) |
1054 | 800 | return ret; |
1055 | | |
1056 | 46.1k | #ifdef LITTLE_ENDIAN_ORDER |
1057 | 46.1k | ByteReverseWords64(sha512->digest, sha512->digest, WC_SHA512_DIGEST_SIZE); |
1058 | 46.1k | #endif |
1059 | | |
1060 | 46.1k | return 0; |
1061 | 46.9k | } |
1062 | | |
1063 | | #endif /* WOLFSSL_KCAPI_HASH */ |
1064 | | |
1065 | | #ifdef WOLFSSL_SHA512 |
1066 | | |
1067 | | #if defined(WOLFSSL_KCAPI_HASH) |
1068 | | /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ |
1069 | | #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) |
1070 | | |
1071 | | #else |
1072 | | |
1073 | | static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, int digestSz) |
1074 | 0 | { |
1075 | 0 | #ifdef LITTLE_ENDIAN_ORDER |
1076 | 0 | word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)]; |
1077 | 0 | #endif |
1078 | |
|
1079 | 0 | if (sha512 == NULL || hash == NULL) { |
1080 | 0 | return BAD_FUNC_ARG; |
1081 | 0 | } |
1082 | | |
1083 | 0 | #ifdef LITTLE_ENDIAN_ORDER |
1084 | 0 | ByteReverseWords64((word64*)digest, (word64*)sha512->digest, |
1085 | 0 | WC_SHA512_DIGEST_SIZE); |
1086 | 0 | XMEMCPY(hash, digest, digestSz); |
1087 | | #else |
1088 | | XMEMCPY(hash, sha512->digest, digestSz); |
1089 | | #endif |
1090 | |
|
1091 | 0 | return 0; |
1092 | 0 | } |
1093 | | |
1094 | | int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash) |
1095 | 0 | { |
1096 | 0 | return Sha512FinalRaw(sha512, hash, WC_SHA512_DIGEST_SIZE); |
1097 | 0 | } |
1098 | | |
1099 | | static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash, int digestSz, |
1100 | | int (*initfp)(wc_Sha512*)) |
1101 | 14.5k | { |
1102 | 14.5k | int ret; |
1103 | | |
1104 | 14.5k | if (sha512 == NULL || hash == NULL) { |
1105 | 0 | return BAD_FUNC_ARG; |
1106 | 0 | } |
1107 | | |
1108 | 14.5k | #ifdef WOLF_CRYPTO_CB |
1109 | 14.5k | if (sha512->devId != INVALID_DEVID) { |
1110 | 0 | ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, hash); |
1111 | 0 | if (ret != CRYPTOCB_UNAVAILABLE) |
1112 | 0 | return ret; |
1113 | | /* fall-through when unavailable */ |
1114 | 0 | } |
1115 | 14.5k | #endif |
1116 | | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512) |
1117 | | if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) { |
1118 | | #if defined(HAVE_INTEL_QA) |
1119 | | return IntelQaSymSha512(&sha512->asyncDev, hash, NULL, digestSz); |
1120 | | #endif |
1121 | | } |
1122 | | #endif /* WOLFSSL_ASYNC_CRYPT */ |
1123 | | |
1124 | 14.5k | ret = Sha512Final(sha512); |
1125 | 14.5k | if (ret != 0) |
1126 | 856 | return ret; |
1127 | | |
1128 | 13.7k | XMEMCPY(hash, sha512->digest, digestSz); |
1129 | | |
1130 | | /* initialize Sha512 structure for the next use */ |
1131 | 13.7k | return initfp(sha512); |
1132 | 14.5k | } |
1133 | | |
1134 | | int wc_Sha512Final(wc_Sha512* sha512, byte* hash) |
1135 | 22.6k | { |
1136 | 22.6k | return Sha512_Family_Final(sha512, hash, WC_SHA512_DIGEST_SIZE, InitSha512); |
1137 | 22.6k | } |
1138 | | |
1139 | | #endif /* WOLFSSL_KCAPI_HASH */ |
1140 | | |
1141 | | #if !defined(WOLFSSL_SE050) || !defined(WOLFSSL_SE050_HASH) |
1142 | | int wc_InitSha512(wc_Sha512* sha512) |
1143 | 2.86k | { |
1144 | 2.86k | int devId = INVALID_DEVID; |
1145 | | |
1146 | 2.86k | #ifdef WOLF_CRYPTO_CB |
1147 | 2.86k | devId = wc_CryptoCb_DefaultDevID(); |
1148 | 2.86k | #endif |
1149 | 2.86k | return wc_InitSha512_ex(sha512, NULL, devId); |
1150 | 2.86k | } |
1151 | | |
1152 | | void wc_Sha512Free(wc_Sha512* sha512) |
1153 | 78.6k | { |
1154 | 78.6k | if (sha512 == NULL) |
1155 | 0 | return; |
1156 | | |
1157 | | #ifdef WOLFSSL_SMALL_STACK_CACHE |
1158 | | if (sha512->W != NULL) { |
1159 | | XFREE(sha512->W, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER); |
1160 | | sha512->W = NULL; |
1161 | | } |
1162 | | #endif |
1163 | | |
1164 | | #if defined(WOLFSSL_KCAPI_HASH) |
1165 | | KcapiHashFree(&sha512->kcapi); |
1166 | | #endif |
1167 | | |
1168 | | #if defined(WOLFSSL_HASH_KEEP) |
1169 | | if (sha512->msg != NULL) { |
1170 | | XFREE(sha512->msg, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER); |
1171 | | sha512->msg = NULL; |
1172 | | } |
1173 | | #endif |
1174 | | |
1175 | | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512) |
1176 | | wolfAsync_DevCtxFree(&sha512->asyncDev, WOLFSSL_ASYNC_MARKER_SHA512); |
1177 | | #endif /* WOLFSSL_ASYNC_CRYPT */ |
1178 | 78.6k | } |
1179 | | #if defined(OPENSSL_EXTRA) |
1180 | | /* Apply SHA512 transformation to the data */ |
1181 | | /* @param sha a pointer to wc_Sha512 structure */ |
1182 | | /* @param data data to be applied SHA512 transformation */ |
1183 | | /* @return 0 on successful, otherwise non-zero on failure */ |
1184 | | int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data) |
1185 | | { |
1186 | | int ret; |
1187 | | /* back up buffer */ |
1188 | | #ifdef WOLFSSL_SMALL_STACK |
1189 | | word64 *buffer; |
1190 | | #else |
1191 | | word64 buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64)]; |
1192 | | #endif |
1193 | | |
1194 | | /* sanity check */ |
1195 | | if (sha == NULL || data == NULL) { |
1196 | | return BAD_FUNC_ARG; |
1197 | | } |
1198 | | |
1199 | | #ifdef WOLFSSL_SMALL_STACK |
1200 | | buffer = (word64 *)XMALLOC(sizeof(word64) * 16, sha->heap, |
1201 | | DYNAMIC_TYPE_TMP_BUFFER); |
1202 | | if (buffer == NULL) |
1203 | | return MEMORY_E; |
1204 | | #endif |
1205 | | |
1206 | | #if defined(USE_INTEL_SPEEDUP) && \ |
1207 | | (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) |
1208 | | Sha512_SetTransform(); |
1209 | | #endif |
1210 | | |
1211 | | #if defined(LITTLE_ENDIAN_ORDER) |
1212 | | #if defined(USE_INTEL_SPEEDUP) && \ |
1213 | | (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) |
1214 | | if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) |
1215 | | #endif |
1216 | | { |
1217 | | ByteReverseWords64((word64*)data, (word64*)data, |
1218 | | WC_SHA512_BLOCK_SIZE); |
1219 | | } |
1220 | | #endif /* !LITTLE_ENDIAN_ORDER */ |
1221 | | |
1222 | | XMEMCPY(buffer, sha->buffer, WC_SHA512_BLOCK_SIZE); |
1223 | | XMEMCPY(sha->buffer, data, WC_SHA512_BLOCK_SIZE); |
1224 | | |
1225 | | ret = Transform_Sha512(sha); |
1226 | | |
1227 | | XMEMCPY(sha->buffer, buffer, WC_SHA512_BLOCK_SIZE); |
1228 | | #ifdef WOLFSSL_SMALL_STACK |
1229 | | XFREE(buffer, sha->heap, DYNAMIC_TYPE_TMP_BUFFER); |
1230 | | #endif |
1231 | | return ret; |
1232 | | } |
1233 | | #endif /* OPENSSL_EXTRA */ |
1234 | | #endif /* WOLFSSL_SHA512 */ |
1235 | | #endif /* !WOLFSSL_SE050 || !WOLFSSL_SE050_HASH */ |
1236 | | |
1237 | | |
1238 | | /* -------------------------------------------------------------------------- */ |
1239 | | /* SHA384 */ |
1240 | | /* -------------------------------------------------------------------------- */ |
1241 | | #ifdef WOLFSSL_SHA384 |
1242 | | |
1243 | | #if defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_HASH) && \ |
1244 | | !defined(WOLFSSL_QNX_CAAM) |
1245 | | /* functions defined in wolfcrypt/src/port/caam/caam_sha.c */ |
1246 | | #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) |
1247 | | int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) |
1248 | | { |
1249 | | if (sha384 == NULL) { |
1250 | | return BAD_FUNC_ARG; |
1251 | | } |
1252 | | (void)devId; |
1253 | | return se050_hash_init(&sha384->se050Ctx, heap); |
1254 | | } |
1255 | | int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len) |
1256 | | { |
1257 | | return se050_hash_update(&sha384->se050Ctx, data, len); |
1258 | | |
1259 | | } |
1260 | | int wc_Sha384Final(wc_Sha384* sha384, byte* hash) |
1261 | | { |
1262 | | int ret = 0; |
1263 | | ret = se050_hash_final(&sha384->se050Ctx, hash, WC_SHA384_DIGEST_SIZE, |
1264 | | kAlgorithm_SSS_SHA384); |
1265 | | return ret; |
1266 | | } |
1267 | | int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash) |
1268 | | { |
1269 | | int ret = 0; |
1270 | | ret = se050_hash_final(&sha384->se050Ctx, hash, WC_SHA384_DIGEST_SIZE, |
1271 | | kAlgorithm_SSS_SHA384); |
1272 | | return ret; |
1273 | | } |
1274 | | |
1275 | | #elif defined(WOLFSSL_SILABS_SHA512) |
1276 | | /* functions defined in wolfcrypt/src/port/silabs/silabs_hash.c */ |
1277 | | |
1278 | | #elif defined(WOLFSSL_KCAPI_HASH) |
1279 | | /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ |
1280 | | |
1281 | | #else |
1282 | | |
1283 | | static int InitSha384(wc_Sha384* sha384) |
1284 | 92.6k | { |
1285 | 92.6k | if (sha384 == NULL) { |
1286 | 0 | return BAD_FUNC_ARG; |
1287 | 0 | } |
1288 | | |
1289 | 92.6k | sha384->digest[0] = W64LIT(0xcbbb9d5dc1059ed8); |
1290 | 92.6k | sha384->digest[1] = W64LIT(0x629a292a367cd507); |
1291 | 92.6k | sha384->digest[2] = W64LIT(0x9159015a3070dd17); |
1292 | 92.6k | sha384->digest[3] = W64LIT(0x152fecd8f70e5939); |
1293 | 92.6k | sha384->digest[4] = W64LIT(0x67332667ffc00b31); |
1294 | 92.6k | sha384->digest[5] = W64LIT(0x8eb44a8768581511); |
1295 | 92.6k | sha384->digest[6] = W64LIT(0xdb0c2e0d64f98fa7); |
1296 | 92.6k | sha384->digest[7] = W64LIT(0x47b5481dbefa4fa4); |
1297 | | |
1298 | 92.6k | sha384->buffLen = 0; |
1299 | 92.6k | sha384->loLen = 0; |
1300 | 92.6k | sha384->hiLen = 0; |
1301 | | |
1302 | | #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ |
1303 | | !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) |
1304 | | sha384->ctx.sha_type = SHA2_384; |
1305 | | /* always start firstblock = 1 when using hw engine */ |
1306 | | sha384->ctx.isfirstblock = 1; |
1307 | | if(sha384->ctx.mode == ESP32_SHA_HW) { |
1308 | | /* release hw */ |
1309 | | esp_sha_hw_unlock(&(sha512->ctx)); |
1310 | | } |
1311 | | /* always set mode as INIT |
1312 | | * whether using HW or SW is determined at first call of update() |
1313 | | */ |
1314 | | sha384->ctx.mode = ESP32_SHA_INIT; |
1315 | | |
1316 | | #endif |
1317 | 92.6k | #ifdef WOLFSSL_HASH_FLAGS |
1318 | 92.6k | sha384->flags = 0; |
1319 | 92.6k | #endif |
1320 | | #ifdef WOLFSSL_HASH_KEEP |
1321 | | sha384->msg = NULL; |
1322 | | sha384->len = 0; |
1323 | | sha384->used = 0; |
1324 | | #endif |
1325 | | |
1326 | 92.6k | return 0; |
1327 | 92.6k | } |
1328 | | |
1329 | | int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len) |
1330 | 1.12k | { |
1331 | 1.12k | if (sha384 == NULL || (data == NULL && len > 0)) { |
1332 | 0 | return BAD_FUNC_ARG; |
1333 | 0 | } |
1334 | | |
1335 | 1.12k | #ifdef WOLF_CRYPTO_CB |
1336 | 1.12k | if (sha384->devId != INVALID_DEVID) { |
1337 | 0 | int ret = wc_CryptoCb_Sha384Hash(sha384, data, len, NULL); |
1338 | 0 | if (ret != CRYPTOCB_UNAVAILABLE) |
1339 | 0 | return ret; |
1340 | | /* fall-through when unavailable */ |
1341 | 0 | } |
1342 | 1.12k | #endif |
1343 | | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384) |
1344 | | if (sha384->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA384) { |
1345 | | #if defined(HAVE_INTEL_QA) |
1346 | | return IntelQaSymSha384(&sha384->asyncDev, NULL, data, len); |
1347 | | #endif |
1348 | | } |
1349 | | #endif /* WOLFSSL_ASYNC_CRYPT */ |
1350 | | |
1351 | 1.12k | return Sha512Update((wc_Sha512*)sha384, data, len); |
1352 | 1.12k | } |
1353 | | |
1354 | | |
1355 | | int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash) |
1356 | 38 | { |
1357 | 38 | #ifdef LITTLE_ENDIAN_ORDER |
1358 | 38 | word64 digest[WC_SHA384_DIGEST_SIZE / sizeof(word64)]; |
1359 | 38 | #endif |
1360 | | |
1361 | 38 | if (sha384 == NULL || hash == NULL) { |
1362 | 0 | return BAD_FUNC_ARG; |
1363 | 0 | } |
1364 | | |
1365 | 38 | #ifdef LITTLE_ENDIAN_ORDER |
1366 | 38 | ByteReverseWords64((word64*)digest, (word64*)sha384->digest, |
1367 | 38 | WC_SHA384_DIGEST_SIZE); |
1368 | 38 | XMEMCPY(hash, digest, WC_SHA384_DIGEST_SIZE); |
1369 | | #else |
1370 | | XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE); |
1371 | | #endif |
1372 | | |
1373 | 38 | return 0; |
1374 | 38 | } |
1375 | | |
1376 | | int wc_Sha384Final(wc_Sha384* sha384, byte* hash) |
1377 | 156 | { |
1378 | 156 | int ret; |
1379 | | |
1380 | 156 | if (sha384 == NULL || hash == NULL) { |
1381 | 0 | return BAD_FUNC_ARG; |
1382 | 0 | } |
1383 | | |
1384 | 156 | #ifdef WOLF_CRYPTO_CB |
1385 | 156 | if (sha384->devId != INVALID_DEVID) { |
1386 | 0 | ret = wc_CryptoCb_Sha384Hash(sha384, NULL, 0, hash); |
1387 | 0 | if (ret != CRYPTOCB_UNAVAILABLE) |
1388 | 0 | return ret; |
1389 | | /* fall-through when unavailable */ |
1390 | 0 | } |
1391 | 156 | #endif |
1392 | | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384) |
1393 | | if (sha384->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA384) { |
1394 | | #if defined(HAVE_INTEL_QA) |
1395 | | return IntelQaSymSha384(&sha384->asyncDev, hash, NULL, |
1396 | | WC_SHA384_DIGEST_SIZE); |
1397 | | #endif |
1398 | | } |
1399 | | #endif /* WOLFSSL_ASYNC_CRYPT */ |
1400 | | |
1401 | 156 | ret = Sha512Final((wc_Sha512*)sha384); |
1402 | 156 | if (ret != 0) |
1403 | 0 | return ret; |
1404 | | |
1405 | 156 | XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE); |
1406 | | |
1407 | 156 | return InitSha384(sha384); /* reset state */ |
1408 | 156 | } |
1409 | | |
1410 | | int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) |
1411 | 69.1k | { |
1412 | 69.1k | int ret; |
1413 | | |
1414 | 69.1k | if (sha384 == NULL) { |
1415 | 0 | return BAD_FUNC_ARG; |
1416 | 0 | } |
1417 | | |
1418 | 69.1k | sha384->heap = heap; |
1419 | | #ifdef WOLFSSL_SMALL_STACK_CACHE |
1420 | | sha384->W = NULL; |
1421 | | #endif |
1422 | 69.1k | #ifdef WOLF_CRYPTO_CB |
1423 | 69.1k | sha384->devId = devId; |
1424 | 69.1k | sha384->devCtx = NULL; |
1425 | 69.1k | #endif |
1426 | | |
1427 | 69.1k | ret = InitSha384(sha384); |
1428 | 69.1k | if (ret != 0) |
1429 | 0 | return ret; |
1430 | | |
1431 | | #if defined(USE_INTEL_SPEEDUP) && \ |
1432 | | (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)) |
1433 | | Sha512_SetTransform(); |
1434 | | #endif |
1435 | | |
1436 | | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384) |
1437 | | ret = wolfAsync_DevCtxInit(&sha384->asyncDev, WOLFSSL_ASYNC_MARKER_SHA384, |
1438 | | sha384->heap, devId); |
1439 | | #else |
1440 | 69.1k | (void)devId; |
1441 | 69.1k | #endif /* WOLFSSL_ASYNC_CRYPT */ |
1442 | | |
1443 | 69.1k | return ret; |
1444 | 69.1k | } |
1445 | | |
1446 | | #endif /* WOLFSSL_IMX6_CAAM || WOLFSSL_SILABS_SHA512 || WOLFSSL_KCAPI_HASH */ |
1447 | | |
1448 | | int wc_InitSha384(wc_Sha384* sha384) |
1449 | 1.20k | { |
1450 | 1.20k | int devId = INVALID_DEVID; |
1451 | | |
1452 | 1.20k | #ifdef WOLF_CRYPTO_CB |
1453 | 1.20k | devId = wc_CryptoCb_DefaultDevID(); |
1454 | 1.20k | #endif |
1455 | 1.20k | return wc_InitSha384_ex(sha384, NULL, devId); |
1456 | 1.20k | } |
1457 | | |
1458 | | void wc_Sha384Free(wc_Sha384* sha384) |
1459 | 72.3k | { |
1460 | 72.3k | if (sha384 == NULL) |
1461 | 0 | return; |
1462 | | |
1463 | | #ifdef WOLFSSL_SMALL_STACK_CACHE |
1464 | | if (sha384->W != NULL) { |
1465 | | XFREE(sha384->W, sha384->heap, DYNAMIC_TYPE_TMP_BUFFER); |
1466 | | sha384->W = NULL; |
1467 | | } |
1468 | | #endif |
1469 | | |
1470 | | #if defined(WOLFSSL_KCAPI_HASH) |
1471 | | KcapiHashFree(&sha384->kcapi); |
1472 | | #endif |
1473 | | |
1474 | | #if defined(WOLFSSL_HASH_KEEP) |
1475 | | if (sha384->msg != NULL) { |
1476 | | XFREE(sha384->msg, sha384->heap, DYNAMIC_TYPE_TMP_BUFFER); |
1477 | | sha384->msg = NULL; |
1478 | | } |
1479 | | #endif |
1480 | | |
1481 | | #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) |
1482 | | se050_hash_free(&sha384->se050Ctx); |
1483 | | #endif |
1484 | | |
1485 | | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384) |
1486 | | wolfAsync_DevCtxFree(&sha384->asyncDev, WOLFSSL_ASYNC_MARKER_SHA384); |
1487 | | #endif /* WOLFSSL_ASYNC_CRYPT */ |
1488 | 72.3k | } |
1489 | | |
1490 | | #endif /* WOLFSSL_SHA384 */ |
1491 | | |
1492 | | #endif /* HAVE_FIPS */ |
1493 | | |
1494 | | #ifdef WOLFSSL_SHA512 |
1495 | | |
1496 | | #if defined(WOLFSSL_KCAPI_HASH) |
1497 | | /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ |
1498 | | |
1499 | | #else |
1500 | | |
1501 | | static int Sha512_Family_GetHash(wc_Sha512* sha512, byte* hash, |
1502 | | int (*finalfp)(wc_Sha512*, byte*)) |
1503 | 397 | { |
1504 | 397 | int ret; |
1505 | 397 | wc_Sha512 tmpSha512; |
1506 | | |
1507 | 397 | if (sha512 == NULL || hash == NULL) |
1508 | 0 | return BAD_FUNC_ARG; |
1509 | | |
1510 | | #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ |
1511 | | !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) |
1512 | | if(sha512->ctx.mode == ESP32_SHA_INIT) { |
1513 | | esp_sha_try_hw_lock(&sha512->ctx); |
1514 | | } |
1515 | | if(sha512->ctx.mode != ESP32_SHA_SW) |
1516 | | esp_sha512_digest_process(sha512, 0); |
1517 | | #endif |
1518 | | |
1519 | 397 | ret = wc_Sha512Copy(sha512, &tmpSha512); |
1520 | 397 | if (ret == 0) { |
1521 | 397 | ret = finalfp(&tmpSha512, hash); |
1522 | | #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ |
1523 | | !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) |
1524 | | sha512->ctx.mode = ESP32_SHA_SW;; |
1525 | | #endif |
1526 | 397 | wc_Sha512Free(&tmpSha512); |
1527 | 397 | } |
1528 | 397 | return ret; |
1529 | 397 | } |
1530 | | |
1531 | | int wc_Sha512GetHash(wc_Sha512* sha512, byte* hash) |
1532 | 397 | { |
1533 | 397 | return Sha512_Family_GetHash(sha512, hash, wc_Sha512Final); |
1534 | 397 | } |
1535 | | |
1536 | | int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst) |
1537 | 4.26k | { |
1538 | 4.26k | int ret = 0; |
1539 | | |
1540 | 4.26k | if (src == NULL || dst == NULL) |
1541 | 0 | return BAD_FUNC_ARG; |
1542 | | |
1543 | 4.26k | XMEMCPY(dst, src, sizeof(wc_Sha512)); |
1544 | | #ifdef WOLFSSL_SMALL_STACK_CACHE |
1545 | | dst->W = NULL; |
1546 | | #endif |
1547 | | |
1548 | | #ifdef WOLFSSL_SILABS_SHA512 |
1549 | | dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx); |
1550 | | dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx); |
1551 | | #endif |
1552 | | |
1553 | | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512) |
1554 | | ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev); |
1555 | | #endif |
1556 | | #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ |
1557 | | !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) |
1558 | | dst->ctx.mode = src->ctx.mode; |
1559 | | dst->ctx.isfirstblock = src->ctx.isfirstblock; |
1560 | | dst->ctx.sha_type = src->ctx.sha_type; |
1561 | | #endif |
1562 | 4.26k | #ifdef WOLFSSL_HASH_FLAGS |
1563 | 4.26k | dst->flags |= WC_HASH_FLAG_ISCOPY; |
1564 | 4.26k | #endif |
1565 | | #if defined(WOLFSSL_HASH_KEEP) |
1566 | | if (src->msg != NULL) { |
1567 | | dst->msg = (byte*)XMALLOC(src->len, dst->heap, DYNAMIC_TYPE_TMP_BUFFER); |
1568 | | if (dst->msg == NULL) |
1569 | | return MEMORY_E; |
1570 | | XMEMCPY(dst->msg, src->msg, src->len); |
1571 | | } |
1572 | | #endif |
1573 | | |
1574 | 4.26k | return ret; |
1575 | 4.26k | } |
1576 | | |
1577 | | #endif /* WOLFSSL_KCAPI_HASH */ |
1578 | | |
1579 | | #ifdef WOLFSSL_HASH_FLAGS |
1580 | | int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags) |
1581 | 0 | { |
1582 | 0 | if (sha512) { |
1583 | 0 | sha512->flags = flags; |
1584 | 0 | } |
1585 | 0 | return 0; |
1586 | 0 | } |
1587 | | int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags) |
1588 | 0 | { |
1589 | 0 | if (sha512 && flags) { |
1590 | 0 | *flags = sha512->flags; |
1591 | 0 | } |
1592 | 0 | return 0; |
1593 | 0 | } |
1594 | | #endif /* WOLFSSL_HASH_FLAGS */ |
1595 | | |
1596 | | #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) |
1597 | | |
1598 | | #if !defined(WOLFSSL_NOSHA512_224) |
1599 | | int wc_InitSha512_224(wc_Sha512* sha) |
1600 | 482 | { |
1601 | 482 | return wc_InitSha512_224_ex(sha, NULL, INVALID_DEVID); |
1602 | 482 | } |
1603 | | int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len) |
1604 | 482 | { |
1605 | 482 | return wc_Sha512Update(sha, data, len); |
1606 | 482 | } |
1607 | | |
1608 | | #if defined(WOLFSSL_KCAPI_HASH) |
1609 | | /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ |
1610 | | #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) |
1611 | | |
1612 | | #else |
1613 | | int wc_Sha512_224FinalRaw(wc_Sha512* sha, byte* hash) |
1614 | 0 | { |
1615 | 0 | return Sha512FinalRaw(sha, hash, WC_SHA512_224_DIGEST_SIZE); |
1616 | 0 | } |
1617 | | int wc_Sha512_224Final(wc_Sha512* sha512, byte* hash) |
1618 | 482 | { |
1619 | 482 | return Sha512_Family_Final(sha512, hash, WC_SHA512_224_DIGEST_SIZE, |
1620 | 482 | InitSha512_224); |
1621 | 482 | } |
1622 | | #endif |
1623 | | void wc_Sha512_224Free(wc_Sha512* sha) |
1624 | 482 | { |
1625 | 482 | wc_Sha512Free(sha); |
1626 | 482 | } |
1627 | | #if defined(WOLFSSL_KCAPI_HASH) |
1628 | | /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ |
1629 | | #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) |
1630 | | |
1631 | | |
1632 | | #else |
1633 | | int wc_Sha512_224GetHash(wc_Sha512* sha512, byte* hash) |
1634 | 0 | { |
1635 | 0 | return Sha512_Family_GetHash(sha512, hash, wc_Sha512_224Final); |
1636 | 0 | } |
1637 | | int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst) |
1638 | 0 | { |
1639 | 0 | return wc_Sha512Copy(src, dst); |
1640 | 0 | } |
1641 | | #endif |
1642 | | |
1643 | | #ifdef WOLFSSL_HASH_FLAGS |
1644 | | int wc_Sha512_224SetFlags(wc_Sha512* sha, word32 flags) |
1645 | 0 | { |
1646 | 0 | return wc_Sha512SetFlags(sha, flags); |
1647 | 0 | } |
1648 | | int wc_Sha512_224GetFlags(wc_Sha512* sha, word32* flags) |
1649 | 0 | { |
1650 | 0 | return wc_Sha512GetFlags(sha, flags); |
1651 | 0 | } |
1652 | | #endif /* WOLFSSL_HASH_FLAGS */ |
1653 | | |
1654 | | #if defined(OPENSSL_EXTRA) |
1655 | | int wc_Sha512_224Transform(wc_Sha512* sha, const unsigned char* data) |
1656 | | { |
1657 | | return wc_Sha512Transform(sha, data); |
1658 | | } |
1659 | | #endif /* OPENSSL_EXTRA */ |
1660 | | |
1661 | | #endif /* !WOLFSSL_NOSHA512_224 */ |
1662 | | |
1663 | | #if !defined(WOLFSSL_NOSHA512_256) |
1664 | | int wc_InitSha512_256(wc_Sha512* sha) |
1665 | 320 | { |
1666 | 320 | return wc_InitSha512_256_ex(sha, NULL, INVALID_DEVID); |
1667 | 320 | } |
1668 | | int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len) |
1669 | 320 | { |
1670 | 320 | return wc_Sha512Update(sha, data, len); |
1671 | 320 | } |
1672 | | #if defined(WOLFSSL_KCAPI_HASH) |
1673 | | /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ |
1674 | | #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) |
1675 | | |
1676 | | #else |
1677 | | int wc_Sha512_256FinalRaw(wc_Sha512* sha, byte* hash) |
1678 | 0 | { |
1679 | 0 | return Sha512FinalRaw(sha, hash, WC_SHA512_256_DIGEST_SIZE); |
1680 | 0 | } |
1681 | | int wc_Sha512_256Final(wc_Sha512* sha512, byte* hash) |
1682 | 320 | { |
1683 | 320 | return Sha512_Family_Final(sha512, hash, WC_SHA512_256_DIGEST_SIZE, |
1684 | 320 | InitSha512_256); |
1685 | 320 | } |
1686 | | #endif |
1687 | | void wc_Sha512_256Free(wc_Sha512* sha) |
1688 | 320 | { |
1689 | 320 | wc_Sha512Free(sha); |
1690 | 320 | } |
1691 | | #if defined(WOLFSSL_KCAPI_HASH) |
1692 | | /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ |
1693 | | |
1694 | | #else |
1695 | | int wc_Sha512_256GetHash(wc_Sha512* sha512, byte* hash) |
1696 | 0 | { |
1697 | 0 | return Sha512_Family_GetHash(sha512, hash, wc_Sha512_256Final); |
1698 | 0 | } |
1699 | | int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst) |
1700 | 0 | { |
1701 | 0 | return wc_Sha512Copy(src, dst); |
1702 | 0 | } |
1703 | | #endif |
1704 | | |
1705 | | #ifdef WOLFSSL_HASH_FLAGS |
1706 | | int wc_Sha512_256SetFlags(wc_Sha512* sha, word32 flags) |
1707 | 0 | { |
1708 | 0 | return wc_Sha512SetFlags(sha, flags); |
1709 | 0 | } |
1710 | | int wc_Sha512_256GetFlags(wc_Sha512* sha, word32* flags) |
1711 | 0 | { |
1712 | 0 | return wc_Sha512GetFlags(sha, flags); |
1713 | 0 | } |
1714 | | #endif /* WOLFSSL_HASH_FLAGS */ |
1715 | | |
1716 | | #if defined(OPENSSL_EXTRA) |
1717 | | int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data) |
1718 | | { |
1719 | | return wc_Sha512Transform(sha, data); |
1720 | | } |
1721 | | #endif /* OPENSSL_EXTRA */ |
1722 | | |
1723 | | #endif /* !WOLFSSL_NOSHA512_224 */ |
1724 | | #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ |
1725 | | |
1726 | | #endif /* WOLFSSL_SHA512 */ |
1727 | | |
1728 | | #ifdef WOLFSSL_SHA384 |
1729 | | |
1730 | | #if defined(WOLFSSL_KCAPI_HASH) |
1731 | | /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ |
1732 | | |
1733 | | #else |
1734 | | |
1735 | | int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash) |
1736 | 2.23k | { |
1737 | 2.23k | int ret; |
1738 | 2.23k | wc_Sha384 tmpSha384; |
1739 | | |
1740 | 2.23k | if (sha384 == NULL || hash == NULL) |
1741 | 0 | return BAD_FUNC_ARG; |
1742 | | #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ |
1743 | | !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) |
1744 | | if(sha384->ctx.mode == ESP32_SHA_INIT) { |
1745 | | esp_sha_try_hw_lock(&sha384->ctx); |
1746 | | } |
1747 | | if(sha384->ctx.mode != ESP32_SHA_SW) { |
1748 | | esp_sha512_digest_process(sha384, 0); |
1749 | | } |
1750 | | #endif |
1751 | 2.23k | ret = wc_Sha384Copy(sha384, &tmpSha384); |
1752 | 2.23k | if (ret == 0) { |
1753 | 2.23k | ret = wc_Sha384Final(&tmpSha384, hash); |
1754 | | #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ |
1755 | | !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) |
1756 | | sha384->ctx.mode = ESP32_SHA_SW; |
1757 | | #endif |
1758 | 2.23k | wc_Sha384Free(&tmpSha384); |
1759 | 2.23k | } |
1760 | 2.23k | return ret; |
1761 | 2.23k | } |
1762 | | int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst) |
1763 | 3.28k | { |
1764 | 3.28k | int ret = 0; |
1765 | | |
1766 | 3.28k | if (src == NULL || dst == NULL) |
1767 | 0 | return BAD_FUNC_ARG; |
1768 | | |
1769 | 3.28k | XMEMCPY(dst, src, sizeof(wc_Sha384)); |
1770 | | #ifdef WOLFSSL_SMALL_STACK_CACHE |
1771 | | dst->W = NULL; |
1772 | | #endif |
1773 | | |
1774 | | #ifdef WOLFSSL_SILABS_SHA384 |
1775 | | dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx); |
1776 | | dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx); |
1777 | | #endif |
1778 | | |
1779 | | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384) |
1780 | | ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev); |
1781 | | #endif |
1782 | | #if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ |
1783 | | !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) |
1784 | | dst->ctx.mode = src->ctx.mode; |
1785 | | dst->ctx.isfirstblock = src->ctx.isfirstblock; |
1786 | | dst->ctx.sha_type = src->ctx.sha_type; |
1787 | | #endif |
1788 | 3.28k | #ifdef WOLFSSL_HASH_FLAGS |
1789 | 3.28k | dst->flags |= WC_HASH_FLAG_ISCOPY; |
1790 | 3.28k | #endif |
1791 | | #if defined(WOLFSSL_HASH_KEEP) |
1792 | | if (src->msg != NULL) { |
1793 | | dst->msg = (byte*)XMALLOC(src->len, dst->heap, DYNAMIC_TYPE_TMP_BUFFER); |
1794 | | if (dst->msg == NULL) |
1795 | | return MEMORY_E; |
1796 | | XMEMCPY(dst->msg, src->msg, src->len); |
1797 | | } |
1798 | | #endif |
1799 | | |
1800 | 3.28k | return ret; |
1801 | 3.28k | } |
1802 | | |
1803 | | #endif /* WOLFSSL_KCAPI_HASH */ |
1804 | | |
1805 | | #ifdef WOLFSSL_HASH_FLAGS |
1806 | | int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags) |
1807 | 0 | { |
1808 | 0 | if (sha384) { |
1809 | 0 | sha384->flags = flags; |
1810 | 0 | } |
1811 | 0 | return 0; |
1812 | 0 | } |
1813 | | int wc_Sha384GetFlags(wc_Sha384* sha384, word32* flags) |
1814 | 0 | { |
1815 | 0 | if (sha384 && flags) { |
1816 | 0 | *flags = sha384->flags; |
1817 | 0 | } |
1818 | 0 | return 0; |
1819 | 0 | } |
1820 | | #endif |
1821 | | |
1822 | | #endif /* WOLFSSL_SHA384 */ |
1823 | | |
1824 | | #ifdef WOLFSSL_HASH_KEEP |
1825 | | /* Some hardware have issues with update, this function stores the data to be |
1826 | | * hashed into an array. Once ready, the Final operation is called on all of the |
1827 | | * data to be hashed at once. |
1828 | | * returns 0 on success |
1829 | | */ |
1830 | | int wc_Sha512_Grow(wc_Sha512* sha512, const byte* in, int inSz) |
1831 | | { |
1832 | | return _wc_Hash_Grow(&(sha512->msg), &(sha512->used), &(sha512->len), in, |
1833 | | inSz, sha512->heap); |
1834 | | } |
1835 | | #ifdef WOLFSSL_SHA384 |
1836 | | int wc_Sha384_Grow(wc_Sha384* sha384, const byte* in, int inSz) |
1837 | | { |
1838 | | return _wc_Hash_Grow(&(sha384->msg), &(sha384->used), &(sha384->len), in, |
1839 | | inSz, sha384->heap); |
1840 | | } |
1841 | | #endif /* WOLFSSL_SHA384 */ |
1842 | | #endif /* WOLFSSL_HASH_KEEP */ |
1843 | | #endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */ |