Coverage Report

Created: 2022-08-24 06:37

/src/wolfssl-sp-math/wolfcrypt/src/sha512.c
Line
Count
Source (jump to first uncovered line)
1
/* sha512.c
2
 *
3
 * Copyright (C) 2006-2022 wolfSSL Inc.
4
 *
5
 * This file is part of wolfSSL.
6
 *
7
 * wolfSSL is free software; you can redistribute it and/or modify
8
 * it under the terms of the GNU General Public License as published by
9
 * the Free Software Foundation; either version 2 of the License, or
10
 * (at your option) any later version.
11
 *
12
 * wolfSSL is distributed in the hope that it will be useful,
13
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15
 * GNU General Public License for more details.
16
 *
17
 * You should have received a copy of the GNU General Public License
18
 * along with this program; if not, write to the Free Software
19
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20
 */
21
22
23
#ifdef HAVE_CONFIG_H
24
    #include <config.h>
25
#endif
26
27
#include <wolfssl/wolfcrypt/settings.h>
28
29
#if (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)) && !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_PSOC6_CRYPTO)
30
31
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
32
    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
33
    #define FIPS_NO_WRAPPERS
34
35
    #ifdef USE_WINDOWS_API
36
        #pragma code_seg(".fipsA$k")
37
        #pragma const_seg(".fipsB$k")
38
    #endif
39
#endif
40
41
#include <wolfssl/wolfcrypt/sha512.h>
42
#include <wolfssl/wolfcrypt/error-crypt.h>
43
#include <wolfssl/wolfcrypt/cpuid.h>
44
#include <wolfssl/wolfcrypt/hash.h>
45
46
#ifdef WOLF_CRYPTO_CB
47
    #include <wolfssl/wolfcrypt/cryptocb.h>
48
#endif
49
50
/* deprecated USE_SLOW_SHA2 (replaced with USE_SLOW_SHA512) */
51
#if defined(USE_SLOW_SHA2) && !defined(USE_SLOW_SHA512)
52
    #define USE_SLOW_SHA512
53
#endif
54
55
/* fips wrapper calls, user can call direct */
56
#if defined(HAVE_FIPS) && \
57
    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
58
59
    #ifdef WOLFSSL_SHA512
60
61
        int wc_InitSha512(wc_Sha512* sha)
62
        {
63
            if (sha == NULL) {
64
                return BAD_FUNC_ARG;
65
            }
66
67
            return InitSha512_fips(sha);
68
        }
69
        int wc_InitSha512_ex(wc_Sha512* sha, void* heap, int devId)
70
        {
71
            (void)heap;
72
            (void)devId;
73
            if (sha == NULL) {
74
                return BAD_FUNC_ARG;
75
            }
76
            return InitSha512_fips(sha);
77
        }
78
        int wc_Sha512Update(wc_Sha512* sha, const byte* data, word32 len)
79
        {
80
            if (sha == NULL || (data == NULL && len > 0)) {
81
                return BAD_FUNC_ARG;
82
            }
83
84
            return Sha512Update_fips(sha, data, len);
85
        }
86
        int wc_Sha512Final(wc_Sha512* sha, byte* out)
87
        {
88
            if (sha == NULL || out == NULL) {
89
                return BAD_FUNC_ARG;
90
            }
91
92
            return Sha512Final_fips(sha, out);
93
        }
94
        void wc_Sha512Free(wc_Sha512* sha)
95
        {
96
            (void)sha;
97
            /* Not supported in FIPS */
98
        }
99
    #endif
100
101
    #if defined(WOLFSSL_SHA384) || defined(HAVE_AESGCM)
102
        int wc_InitSha384(wc_Sha384* sha)
103
        {
104
            if (sha == NULL) {
105
                return BAD_FUNC_ARG;
106
            }
107
            return InitSha384_fips(sha);
108
        }
109
        int wc_InitSha384_ex(wc_Sha384* sha, void* heap, int devId)
110
        {
111
            (void)heap;
112
            (void)devId;
113
            if (sha == NULL) {
114
                return BAD_FUNC_ARG;
115
            }
116
            return InitSha384_fips(sha);
117
        }
118
        int wc_Sha384Update(wc_Sha384* sha, const byte* data, word32 len)
119
        {
120
            if (sha == NULL || (data == NULL && len > 0)) {
121
                return BAD_FUNC_ARG;
122
            }
123
            return Sha384Update_fips(sha, data, len);
124
        }
125
        int wc_Sha384Final(wc_Sha384* sha, byte* out)
126
        {
127
            if (sha == NULL || out == NULL) {
128
                return BAD_FUNC_ARG;
129
            }
130
            return Sha384Final_fips(sha, out);
131
        }
132
        void wc_Sha384Free(wc_Sha384* sha)
133
        {
134
            (void)sha;
135
            /* Not supported in FIPS */
136
        }
137
    #endif /* WOLFSSL_SHA384 || HAVE_AESGCM */
138
139
#else /* else build without fips, or for FIPS v2 */
140
141
#include <wolfssl/wolfcrypt/logging.h>
142
143
#ifdef NO_INLINE
144
    #include <wolfssl/wolfcrypt/misc.h>
145
#else
146
    #define WOLFSSL_MISC_INCLUDED
147
    #include <wolfcrypt/src/misc.c>
148
#endif
149
150
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
151
    #include <wolfssl/wolfcrypt/port/nxp/se050_port.h>
152
#endif
153
154
155
#if defined(USE_INTEL_SPEEDUP)
156
    #if defined(__GNUC__) && ((__GNUC__ < 4) || \
157
                              (__GNUC__ == 4 && __GNUC_MINOR__ <= 8))
158
        #undef  NO_AVX2_SUPPORT
159
        #define NO_AVX2_SUPPORT
160
    #endif
161
    #if defined(__clang__) && ((__clang_major__ < 3) || \
162
                               (__clang_major__ == 3 && __clang_minor__ <= 5))
163
        #define NO_AVX2_SUPPORT
164
    #elif defined(__clang__) && defined(NO_AVX2_SUPPORT)
165
        #undef NO_AVX2_SUPPORT
166
    #endif
167
168
    #define HAVE_INTEL_AVX1
169
    #ifndef NO_AVX2_SUPPORT
170
        #define HAVE_INTEL_AVX2
171
    #endif
172
#endif
173
174
#if defined(HAVE_INTEL_AVX1)
175
    /* #define DEBUG_XMM  */
176
#endif
177
178
#if defined(HAVE_INTEL_AVX2)
179
    #define HAVE_INTEL_RORX
180
    /* #define DEBUG_YMM  */
181
#endif
182
183
#if defined(HAVE_BYTEREVERSE64) && \
184
        !defined(HAVE_INTEL_AVX1) && !defined(HAVE_INTEL_AVX2)
185
    #define ByteReverseWords64(out, in, size) ByteReverseWords64_1(out, size)
186
    #define ByteReverseWords64_1(buf, size) \
187
        { unsigned int i ;\
188
            for(i=0; i< size/sizeof(word64); i++){\
189
                __asm__ volatile("bswapq %0":"+r"(buf[i])::) ;\
190
            }\
191
        }
192
#endif
193
194
#if defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_HASH) && \
195
    !defined(WOLFSSL_QNX_CAAM)
196
    /* functions defined in wolfcrypt/src/port/caam/caam_sha.c */
197
198
#elif defined(WOLFSSL_SILABS_SHA384)
199
    /* functions defined in wolfcrypt/src/port/silabs/silabs_hash.c */
200
201
#elif defined(WOLFSSL_KCAPI_HASH)
202
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
203
204
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
205
    int wc_InitSha512(wc_Sha512* sha512)
206
    {
207
        if (sha512 == NULL)
208
            return BAD_FUNC_ARG;
209
        return se050_hash_init(&sha512->se050Ctx, NULL);
210
    }
211
    int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
212
    {
213
        if (sha512 == NULL) {
214
            return BAD_FUNC_ARG;
215
        }
216
        (void)devId;
217
        return se050_hash_init(&sha512->se050Ctx, heap);
218
    }
219
    int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
220
    {
221
        return se050_hash_update(&sha512->se050Ctx, data, len);
222
    }
223
    int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
224
    {
225
        int ret = 0;
226
        int devId = INVALID_DEVID;
227
        if (sha512 == NULL) {
228
            return BAD_FUNC_ARG;
229
        }
230
    #ifdef WOLF_CRYPTO_CB
231
        devId = sha512->devId;
232
    #endif
233
        ret = se050_hash_final(&sha512->se050Ctx, hash, WC_SHA512_DIGEST_SIZE,
234
                               kAlgorithm_SSS_SHA512);
235
        return ret;
236
    }
237
    int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash)
238
    {
239
        int ret = 0;
240
        int devId = INVALID_DEVID;
241
        if (sha512 == NULL) {
242
            return BAD_FUNC_ARG;
243
        }
244
    #ifdef WOLF_CRYPTO_CB
245
        devId = sha512->devId;
246
    #endif
247
        ret = se050_hash_final(&sha512->se050Ctx, hash, WC_SHA512_DIGEST_SIZE,
248
                               kAlgorithm_SSS_SHA512);
249
        return ret;
250
    }
251
    void wc_Sha512Free(wc_Sha512* sha512)
252
    {
253
        se050_hash_free(&sha512->se050Ctx);
254
    }
255
256
#else
257
258
#ifdef WOLFSSL_SHA512
259
260
static int InitSha512(wc_Sha512* sha512)
261
95.3k
{
262
95.3k
    if (sha512 == NULL)
263
0
        return BAD_FUNC_ARG;
264
265
95.3k
    sha512->digest[0] = W64LIT(0x6a09e667f3bcc908);
266
95.3k
    sha512->digest[1] = W64LIT(0xbb67ae8584caa73b);
267
95.3k
    sha512->digest[2] = W64LIT(0x3c6ef372fe94f82b);
268
95.3k
    sha512->digest[3] = W64LIT(0xa54ff53a5f1d36f1);
269
95.3k
    sha512->digest[4] = W64LIT(0x510e527fade682d1);
270
95.3k
    sha512->digest[5] = W64LIT(0x9b05688c2b3e6c1f);
271
95.3k
    sha512->digest[6] = W64LIT(0x1f83d9abfb41bd6b);
272
95.3k
    sha512->digest[7] = W64LIT(0x5be0cd19137e2179);
273
274
95.3k
    sha512->buffLen = 0;
275
95.3k
    sha512->loLen   = 0;
276
95.3k
    sha512->hiLen   = 0;
277
278
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
279
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
280
281
    sha512->ctx.sha_type = SHA2_512;
282
     /* always start firstblock = 1 when using hw engine */
283
    sha512->ctx.isfirstblock = 1;
284
    if(sha512->ctx.mode == ESP32_SHA_HW) {
285
        /* release hw */
286
        esp_sha_hw_unlock(&(sha512->ctx));
287
    }
288
    /* always set mode as INIT
289
    *  whether using HW or SW is determined at first call of update()
290
    */
291
    sha512->ctx.mode = ESP32_SHA_INIT;
292
#endif
293
95.3k
#ifdef WOLFSSL_HASH_FLAGS
294
95.3k
    sha512->flags = 0;
295
95.3k
#endif
296
95.3k
    return 0;
297
95.3k
}
298
299
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
300
#if !defined(WOLFSSL_NOSHA512_224)
301
/**
302
 * Initialize given wc_Sha512 structure with value specific to sha512/224.
303
 * Note that sha512/224 has different initial hash value from sha512.
304
 * The initial hash value consists of eight 64bit words. They are given
305
 * in FIPS180-4.
306
 */
307
static int InitSha512_224(wc_Sha512* sha512)
308
964
{
309
964
    if (sha512 == NULL)
310
0
        return BAD_FUNC_ARG;
311
312
964
    sha512->digest[0] = W64LIT(0x8c3d37c819544da2);
313
964
    sha512->digest[1] = W64LIT(0x73e1996689dcd4d6);
314
964
    sha512->digest[2] = W64LIT(0x1dfab7ae32ff9c82);
315
964
    sha512->digest[3] = W64LIT(0x679dd514582f9fcf);
316
964
    sha512->digest[4] = W64LIT(0x0f6d2b697bd44da8);
317
964
    sha512->digest[5] = W64LIT(0x77e36f7304c48942);
318
964
    sha512->digest[6] = W64LIT(0x3f9d85a86a1d36c8);
319
964
    sha512->digest[7] = W64LIT(0x1112e6ad91d692a1);
320
321
964
    sha512->buffLen = 0;
322
964
    sha512->loLen   = 0;
323
964
    sha512->hiLen   = 0;
324
325
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
326
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
327
328
    sha512->ctx.sha_type = SHA2_512;
329
     /* always start firstblock = 1 when using hw engine */
330
    sha512->ctx.isfirstblock = 1;
331
    if(sha512->ctx.mode == ESP32_SHA_HW) {
332
        /* release hw */
333
        esp_sha_hw_unlock(&(sha512->ctx));
334
    }
335
    /* always set mode as INIT
336
    *  whether using HW or SW is determined at first call of update()
337
    */
338
    sha512->ctx.mode = ESP32_SHA_INIT;
339
#endif
340
964
#ifdef WOLFSSL_HASH_FLAGS
341
964
    sha512->flags = 0;
342
964
#endif
343
964
    return 0;
344
964
}
345
#endif /* !WOLFSSL_NOSHA512_224 */
346
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
347
348
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
349
#if !defined(WOLFSSL_NOSHA512_256)
350
/**
351
 * Initialize given wc_Sha512 structure with value specific to sha512/256.
352
 * Note that sha512/256 has different initial hash value from sha512.
353
 * The initial hash value consists of eight 64bit words. They are given
354
 * in FIPS180-4.
355
 */
356
static int InitSha512_256(wc_Sha512* sha512)
357
640
{
358
640
    if (sha512 == NULL)
359
0
        return BAD_FUNC_ARG;
360
361
640
    sha512->digest[0] = W64LIT(0x22312194fc2bf72c);
362
640
    sha512->digest[1] = W64LIT(0x9f555fa3c84c64c2);
363
640
    sha512->digest[2] = W64LIT(0x2393b86b6f53b151);
364
640
    sha512->digest[3] = W64LIT(0x963877195940eabd);
365
640
    sha512->digest[4] = W64LIT(0x96283ee2a88effe3);
366
640
    sha512->digest[5] = W64LIT(0xbe5e1e2553863992);
367
640
    sha512->digest[6] = W64LIT(0x2b0199fc2c85b8aa);
368
640
    sha512->digest[7] = W64LIT(0x0eb72ddc81c52ca2);
369
370
640
    sha512->buffLen = 0;
371
640
    sha512->loLen   = 0;
372
640
    sha512->hiLen   = 0;
373
374
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
375
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
376
377
    sha512->ctx.sha_type = SHA2_512;
378
     /* always start firstblock = 1 when using hw engine */
379
    sha512->ctx.isfirstblock = 1;
380
    if(sha512->ctx.mode == ESP32_SHA_HW) {
381
        /* release hw */
382
        esp_sha_hw_unlock(&(sha512->ctx));
383
    }
384
    /* always set mode as INIT
385
    *  whether using HW or SW is determined at first call of update()
386
    */
387
    sha512->ctx.mode = ESP32_SHA_INIT;
388
#endif
389
640
#ifdef WOLFSSL_HASH_FLAGS
390
640
    sha512->flags = 0;
391
640
#endif
392
640
    return 0;
393
640
}
394
#endif /* !WOLFSSL_NOSHA512_256 */
395
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
396
397
#endif /* WOLFSSL_SHA512 */
398
399
/* Hardware Acceleration */
400
#if defined(USE_INTEL_SPEEDUP) && \
401
    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
402
403
#ifdef WOLFSSL_SHA512
404
405
    /*****
406
    Intel AVX1/AVX2 Macro Control Structure
407
408
    #if defined(HAVE_INTEL_SPEEDUP)
409
        #define HAVE_INTEL_AVX1
410
        #define HAVE_INTEL_AVX2
411
    #endif
412
413
    int InitSha512(wc_Sha512* sha512) {
414
         Save/Recover XMM, YMM
415
         ...
416
417
         Check Intel AVX cpuid flags
418
    }
419
420
    #if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
421
      Transform_Sha512_AVX1(); # Function prototype
422
      Transform_Sha512_AVX2(); #
423
    #endif
424
425
      _Transform_Sha512() {     # Native Transform Function body
426
427
      }
428
429
      int Sha512Update() {
430
         Save/Recover XMM, YMM
431
         ...
432
      }
433
434
      int Sha512Final() {
435
         Save/Recover XMM, YMM
436
         ...
437
      }
438
439
440
    #if defined(HAVE_INTEL_AVX1)
441
442
       XMM Instructions/INLINE asm Definitions
443
444
    #endif
445
446
    #if defined(HAVE_INTEL_AVX2)
447
448
       YMM Instructions/INLINE asm Definitions
449
450
    #endif
451
452
    #if defined(HAVE_INTEL_AVX1)
453
454
      int Transform_Sha512_AVX1() {
455
          Stitched Message Sched/Round
456
      }
457
458
    #endif
459
460
    #if defined(HAVE_INTEL_AVX2)
461
462
      int Transform_Sha512_AVX2() {
463
          Stitched Message Sched/Round
464
      }
465
    #endif
466
467
    */
468
469
470
    /* Each platform needs to query info type 1 from cpuid to see if aesni is
471
     * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
472
     */
473
474
#ifdef __cplusplus
475
    extern "C" {
476
#endif
477
478
    #if defined(HAVE_INTEL_AVX1)
479
        extern int Transform_Sha512_AVX1(wc_Sha512 *sha512);
480
        extern int Transform_Sha512_AVX1_Len(wc_Sha512 *sha512, word32 len);
481
    #endif
482
    #if defined(HAVE_INTEL_AVX2)
483
        extern int Transform_Sha512_AVX2(wc_Sha512 *sha512);
484
        extern int Transform_Sha512_AVX2_Len(wc_Sha512 *sha512, word32 len);
485
        #if defined(HAVE_INTEL_RORX)
486
            extern int Transform_Sha512_AVX1_RORX(wc_Sha512 *sha512);
487
            extern int Transform_Sha512_AVX1_RORX_Len(wc_Sha512 *sha512,
488
                                                      word32 len);
489
            extern int Transform_Sha512_AVX2_RORX(wc_Sha512 *sha512);
490
            extern int Transform_Sha512_AVX2_RORX_Len(wc_Sha512 *sha512,
491
                                                      word32 len);
492
        #endif
493
    #endif
494
495
#ifdef __cplusplus
496
    }  /* extern "C" */
497
#endif
498
499
    static int _Transform_Sha512(wc_Sha512 *sha512);
500
    static int (*Transform_Sha512_p)(wc_Sha512* sha512) = _Transform_Sha512;
501
    static int (*Transform_Sha512_Len_p)(wc_Sha512* sha512, word32 len) = NULL;
502
    static int transform_check = 0;
503
    static int intel_flags;
504
    static int Transform_Sha512_is_vectorized = 0;
505
506
    static WC_INLINE int Transform_Sha512(wc_Sha512 *sha512) {
507
        int ret;
508
        ret = (*Transform_Sha512_p)(sha512);
509
        return ret;
510
    }
511
    static WC_INLINE int Transform_Sha512_Len(wc_Sha512 *sha512, word32 len) {
512
        int ret;
513
        ret = (*Transform_Sha512_Len_p)(sha512, len);
514
        return ret;
515
    }
516
517
    static void Sha512_SetTransform(void)
518
    {
519
        if (transform_check)
520
            return;
521
522
        intel_flags = cpuid_get_flags();
523
524
    #if defined(HAVE_INTEL_AVX2)
525
        if (IS_INTEL_AVX2(intel_flags)) {
526
        #ifdef HAVE_INTEL_RORX
527
            if (IS_INTEL_BMI2(intel_flags)) {
528
                Transform_Sha512_p = Transform_Sha512_AVX2_RORX;
529
                Transform_Sha512_Len_p = Transform_Sha512_AVX2_RORX_Len;
530
                Transform_Sha512_is_vectorized = 1;
531
            }
532
            else
533
        #endif
534
            if (1) {
535
                Transform_Sha512_p = Transform_Sha512_AVX2;
536
                Transform_Sha512_Len_p = Transform_Sha512_AVX2_Len;
537
                Transform_Sha512_is_vectorized = 1;
538
            }
539
        #ifdef HAVE_INTEL_RORX
540
            else {
541
                Transform_Sha512_p = Transform_Sha512_AVX1_RORX;
542
                Transform_Sha512_Len_p = Transform_Sha512_AVX1_RORX_Len;
543
                Transform_Sha512_is_vectorized = 1;
544
            }
545
        #endif
546
        }
547
        else
548
    #endif
549
    #if defined(HAVE_INTEL_AVX1)
550
        if (IS_INTEL_AVX1(intel_flags)) {
551
            Transform_Sha512_p = Transform_Sha512_AVX1;
552
            Transform_Sha512_Len_p = Transform_Sha512_AVX1_Len;
553
            Transform_Sha512_is_vectorized = 1;
554
        }
555
        else
556
    #endif
557
        {
558
            Transform_Sha512_p = _Transform_Sha512;
559
            Transform_Sha512_is_vectorized = 1;
560
        }
561
562
        transform_check = 1;
563
    }
564
#endif /* WOLFSSL_SHA512 */
565
566
#else
567
423k
    #define Transform_Sha512(sha512) _Transform_Sha512(sha512)
568
569
#endif
570
571
#ifdef WOLFSSL_SHA512
572
573
static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
574
                             int (*initfp)(wc_Sha512*))
575
74.2k
{
576
74.2k
   int ret = 0;
577
578
74.2k
    if (sha512 == NULL)
579
0
        return BAD_FUNC_ARG;
580
581
74.2k
    sha512->heap = heap;
582
#ifdef WOLFSSL_SMALL_STACK_CACHE
583
    sha512->W = NULL;
584
#endif
585
74.2k
#ifdef WOLF_CRYPTO_CB
586
74.2k
    sha512->devId = devId;
587
74.2k
    sha512->devCtx = NULL;
588
74.2k
#endif
589
590
74.2k
    ret = initfp(sha512);
591
74.2k
    if (ret != 0)
592
0
        return ret;
593
594
#if defined(USE_INTEL_SPEEDUP) && \
595
    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
596
    Sha512_SetTransform();
597
#endif
598
#ifdef WOLFSSL_HASH_KEEP
599
    sha512->msg  = NULL;
600
    sha512->len  = 0;
601
    sha512->used = 0;
602
#endif
603
604
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
605
    ret = wolfAsync_DevCtxInit(&sha512->asyncDev,
606
                        WOLFSSL_ASYNC_MARKER_SHA512, sha512->heap, devId);
607
#else
608
74.2k
    (void)devId;
609
74.2k
#endif /* WOLFSSL_ASYNC_CRYPT */
610
611
74.2k
    return ret;
612
74.2k
}
613
614
int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId)
615
73.4k
{
616
73.4k
    return InitSha512_Family(sha512, heap, devId, InitSha512);
617
73.4k
}
618
619
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
620
#if !defined(WOLFSSL_NOSHA512_224)
621
int wc_InitSha512_224_ex(wc_Sha512* sha512, void* heap, int devId)
622
482
{
623
482
    return InitSha512_Family(sha512, heap, devId, InitSha512_224);
624
482
}
625
#endif /* !WOLFSSL_NOSHA512_224 */
626
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
627
628
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
629
#if !defined(WOLFSSL_NOSHA512_256)
630
int wc_InitSha512_256_ex(wc_Sha512* sha512, void* heap, int devId)
631
320
{
632
320
    return InitSha512_Family(sha512, heap, devId, InitSha512_256);
633
320
}
634
#endif /* !WOLFSSL_NOSHA512_256 */
635
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
636
637
#endif /* WOLFSSL_SHA512 */
638
639
640
static const word64 K512[80] = {
641
    W64LIT(0x428a2f98d728ae22), W64LIT(0x7137449123ef65cd),
642
    W64LIT(0xb5c0fbcfec4d3b2f), W64LIT(0xe9b5dba58189dbbc),
643
    W64LIT(0x3956c25bf348b538), W64LIT(0x59f111f1b605d019),
644
    W64LIT(0x923f82a4af194f9b), W64LIT(0xab1c5ed5da6d8118),
645
    W64LIT(0xd807aa98a3030242), W64LIT(0x12835b0145706fbe),
646
    W64LIT(0x243185be4ee4b28c), W64LIT(0x550c7dc3d5ffb4e2),
647
    W64LIT(0x72be5d74f27b896f), W64LIT(0x80deb1fe3b1696b1),
648
    W64LIT(0x9bdc06a725c71235), W64LIT(0xc19bf174cf692694),
649
    W64LIT(0xe49b69c19ef14ad2), W64LIT(0xefbe4786384f25e3),
650
    W64LIT(0x0fc19dc68b8cd5b5), W64LIT(0x240ca1cc77ac9c65),
651
    W64LIT(0x2de92c6f592b0275), W64LIT(0x4a7484aa6ea6e483),
652
    W64LIT(0x5cb0a9dcbd41fbd4), W64LIT(0x76f988da831153b5),
653
    W64LIT(0x983e5152ee66dfab), W64LIT(0xa831c66d2db43210),
654
    W64LIT(0xb00327c898fb213f), W64LIT(0xbf597fc7beef0ee4),
655
    W64LIT(0xc6e00bf33da88fc2), W64LIT(0xd5a79147930aa725),
656
    W64LIT(0x06ca6351e003826f), W64LIT(0x142929670a0e6e70),
657
    W64LIT(0x27b70a8546d22ffc), W64LIT(0x2e1b21385c26c926),
658
    W64LIT(0x4d2c6dfc5ac42aed), W64LIT(0x53380d139d95b3df),
659
    W64LIT(0x650a73548baf63de), W64LIT(0x766a0abb3c77b2a8),
660
    W64LIT(0x81c2c92e47edaee6), W64LIT(0x92722c851482353b),
661
    W64LIT(0xa2bfe8a14cf10364), W64LIT(0xa81a664bbc423001),
662
    W64LIT(0xc24b8b70d0f89791), W64LIT(0xc76c51a30654be30),
663
    W64LIT(0xd192e819d6ef5218), W64LIT(0xd69906245565a910),
664
    W64LIT(0xf40e35855771202a), W64LIT(0x106aa07032bbd1b8),
665
    W64LIT(0x19a4c116b8d2d0c8), W64LIT(0x1e376c085141ab53),
666
    W64LIT(0x2748774cdf8eeb99), W64LIT(0x34b0bcb5e19b48a8),
667
    W64LIT(0x391c0cb3c5c95a63), W64LIT(0x4ed8aa4ae3418acb),
668
    W64LIT(0x5b9cca4f7763e373), W64LIT(0x682e6ff3d6b2b8a3),
669
    W64LIT(0x748f82ee5defb2fc), W64LIT(0x78a5636f43172f60),
670
    W64LIT(0x84c87814a1f0ab72), W64LIT(0x8cc702081a6439ec),
671
    W64LIT(0x90befffa23631e28), W64LIT(0xa4506cebde82bde9),
672
    W64LIT(0xbef9a3f7b2c67915), W64LIT(0xc67178f2e372532b),
673
    W64LIT(0xca273eceea26619c), W64LIT(0xd186b8c721c0c207),
674
    W64LIT(0xeada7dd6cde0eb1e), W64LIT(0xf57d4f7fee6ed178),
675
    W64LIT(0x06f067aa72176fba), W64LIT(0x0a637dc5a2c898a6),
676
    W64LIT(0x113f9804bef90dae), W64LIT(0x1b710b35131c471b),
677
    W64LIT(0x28db77f523047d84), W64LIT(0x32caab7b40c72493),
678
    W64LIT(0x3c9ebe0a15c9bebc), W64LIT(0x431d67c49c100d4c),
679
    W64LIT(0x4cc5d4becb3e42b6), W64LIT(0x597f299cfc657e2a),
680
    W64LIT(0x5fcb6fab3ad6faec), W64LIT(0x6c44198c4a475817)
681
};
682
683
381k
#define blk0(i) (W[i] = sha512->buffer[i])
684
685
1.52M
#define blk2(i) (\
686
1.52M
               W[ (i)     & 15] += \
687
1.52M
            s1(W[((i)-2)  & 15])+ \
688
1.52M
               W[((i)-7)  & 15] + \
689
1.52M
            s0(W[((i)-15) & 15])  \
690
1.52M
        )
691
692
1.90M
#define Ch(x,y,z)  ((z) ^ ((x) & ((y) ^ (z))))
693
1.90M
#define Maj(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
694
695
23.8k
#define a(i) T[(0-(i)) & 7]
696
23.8k
#define b(i) T[(1-(i)) & 7]
697
23.8k
#define c(i) T[(2-(i)) & 7]
698
1.93M
#define d(i) T[(3-(i)) & 7]
699
23.8k
#define e(i) T[(4-(i)) & 7]
700
23.8k
#define f(i) T[(5-(i)) & 7]
701
23.8k
#define g(i) T[(6-(i)) & 7]
702
5.74M
#define h(i) T[(7-(i)) & 7]
703
704
1.90M
#define S0(x) (rotrFixed64(x,28) ^ rotrFixed64(x,34) ^ rotrFixed64(x,39))
705
1.90M
#define S1(x) (rotrFixed64(x,14) ^ rotrFixed64(x,18) ^ rotrFixed64(x,41))
706
1.52M
#define s0(x) (rotrFixed64(x,1)  ^ rotrFixed64(x,8)  ^ ((x)>>7))
707
1.52M
#define s1(x) (rotrFixed64(x,19) ^ rotrFixed64(x,61) ^ ((x)>>6))
708
709
#define R(i) \
710
1.90M
    h(i) += S1(e(i)) + Ch(e(i),f(i),g(i)) + K[(i)+j] + (j ? blk2(i) : blk0(i)); \
711
1.90M
    d(i) += h(i); \
712
1.90M
    h(i) += S0(a(i)) + Maj(a(i),b(i),c(i))
713
714
static int _Transform_Sha512(wc_Sha512* sha512)
715
24.9k
{
716
24.9k
    const word64* K = K512;
717
24.9k
    word32 j;
718
24.9k
    word64 T[8];
719
720
#ifdef WOLFSSL_SMALL_STACK_CACHE
721
    word64* W = sha512->W;
722
    if (W == NULL) {
723
        W = (word64*)XMALLOC(sizeof(word64) * 16, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
724
        if (W == NULL)
725
            return MEMORY_E;
726
        sha512->W = W;
727
    }
728
#elif defined(WOLFSSL_SMALL_STACK)
729
24.9k
    word64* W;
730
24.9k
    W = (word64*) XMALLOC(sizeof(word64) * 16, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
731
24.9k
    if (W == NULL)
732
1.09k
        return MEMORY_E;
733
#else
734
    word64 W[16];
735
#endif
736
737
    /* Copy digest to working vars */
738
23.8k
    XMEMCPY(T, sha512->digest, sizeof(T));
739
740
#ifdef USE_SLOW_SHA512
741
    /* over twice as small, but 50% slower */
742
    /* 80 operations, not unrolled */
743
    for (j = 0; j < 80; j += 16) {
744
        int m;
745
        for (m = 0; m < 16; m++) { /* braces needed here for macros {} */
746
            R(m);
747
        }
748
    }
749
#else
750
    /* 80 operations, partially loop unrolled */
751
143k
    for (j = 0; j < 80; j += 16) {
752
119k
        R( 0); R( 1); R( 2); R( 3);
753
119k
        R( 4); R( 5); R( 6); R( 7);
754
119k
        R( 8); R( 9); R(10); R(11);
755
119k
        R(12); R(13); R(14); R(15);
756
119k
    }
757
23.8k
#endif /* USE_SLOW_SHA512 */
758
759
    /* Add the working vars back into digest */
760
23.8k
    sha512->digest[0] += a(0);
761
23.8k
    sha512->digest[1] += b(0);
762
23.8k
    sha512->digest[2] += c(0);
763
23.8k
    sha512->digest[3] += d(0);
764
23.8k
    sha512->digest[4] += e(0);
765
23.8k
    sha512->digest[5] += f(0);
766
23.8k
    sha512->digest[6] += g(0);
767
23.8k
    sha512->digest[7] += h(0);
768
769
    /* Wipe variables */
770
23.8k
    ForceZero(W, sizeof(word64) * 16);
771
23.8k
    ForceZero(T, sizeof(T));
772
773
23.8k
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE)
774
23.8k
    XFREE(W, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
775
23.8k
#endif
776
777
23.8k
    return 0;
778
24.9k
}
779
780
781
static WC_INLINE void AddLength(wc_Sha512* sha512, word32 len)
782
346k
{
783
346k
    word64 tmp = sha512->loLen;
784
346k
    if ( (sha512->loLen += len) < tmp)
785
0
        sha512->hiLen++;                       /* carry low to high */
786
346k
}
787
788
static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
789
356k
{
790
356k
    int ret = 0;
791
    /* do block size increments */
792
356k
    byte* local = (byte*)sha512->buffer;
793
794
    /* check that internal buffLen is valid */
795
356k
    if (sha512->buffLen >= WC_SHA512_BLOCK_SIZE)
796
0
        return BUFFER_E;
797
798
356k
    if (len == 0)
799
10.0k
        return 0;
800
801
346k
    AddLength(sha512, len);
802
803
346k
    if (sha512->buffLen > 0) {
804
241k
        word32 add = min(len, WC_SHA512_BLOCK_SIZE - sha512->buffLen);
805
241k
        if (add > 0) {
806
241k
            XMEMCPY(&local[sha512->buffLen], data, add);
807
808
241k
            sha512->buffLen += add;
809
241k
            data            += add;
810
241k
            len             -= add;
811
241k
        }
812
813
241k
        if (sha512->buffLen == WC_SHA512_BLOCK_SIZE) {
814
57.4k
    #if defined(LITTLE_ENDIAN_ORDER)
815
        #if defined(USE_INTEL_SPEEDUP) && \
816
            (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
817
            if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
818
        #endif
819
57.4k
            {
820
57.4k
        #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
821
57.4k
             defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
822
57.4k
                ByteReverseWords64(sha512->buffer, sha512->buffer,
823
57.4k
                                                         WC_SHA512_BLOCK_SIZE);
824
57.4k
        #endif
825
57.4k
            }
826
57.4k
    #endif
827
57.4k
    #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
828
57.4k
         defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
829
57.4k
            ret = Transform_Sha512(sha512);
830
    #else
831
            if(sha512->ctx.mode == ESP32_SHA_INIT) {
832
                esp_sha_try_hw_lock(&sha512->ctx);
833
            }
834
            ret = esp_sha512_process(sha512);
835
            if(ret == 0 && sha512->ctx.mode == ESP32_SHA_SW){
836
                ret = Transform_Sha512(sha512);
837
            }
838
    #endif
839
57.4k
            if (ret == 0)
840
57.3k
                sha512->buffLen = 0;
841
131
            else
842
131
                len = 0;
843
57.4k
        }
844
241k
    }
845
846
#if defined(USE_INTEL_SPEEDUP) && \
847
    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
848
    if (Transform_Sha512_Len_p != NULL) {
849
        word32 blocksLen = len & ~(WC_SHA512_BLOCK_SIZE-1);
850
851
        if (blocksLen > 0) {
852
            sha512->data = data;
853
            /* Byte reversal performed in function if required. */
854
            Transform_Sha512_Len(sha512, blocksLen);
855
            data += blocksLen;
856
            len  -= blocksLen;
857
        }
858
    }
859
    else
860
#endif
861
#if !defined(LITTLE_ENDIAN_ORDER) || (defined(USE_INTEL_SPEEDUP) && \
862
        (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)))
863
    {
864
        while (len >= WC_SHA512_BLOCK_SIZE) {
865
            XMEMCPY(local, data, WC_SHA512_BLOCK_SIZE);
866
867
            data += WC_SHA512_BLOCK_SIZE;
868
            len  -= WC_SHA512_BLOCK_SIZE;
869
870
        #if defined(USE_INTEL_SPEEDUP) && \
871
            (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
872
            if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
873
            {
874
                ByteReverseWords64(sha512->buffer, sha512->buffer,
875
                                                          WC_SHA512_BLOCK_SIZE);
876
            }
877
        #endif
878
            /* Byte reversal performed in function if required. */
879
            ret = Transform_Sha512(sha512);
880
            if (ret != 0)
881
                break;
882
        }
883
    }
884
#else
885
346k
    {
886
663k
        while (len >= WC_SHA512_BLOCK_SIZE) {
887
317k
            XMEMCPY(local, data, WC_SHA512_BLOCK_SIZE);
888
889
317k
            data += WC_SHA512_BLOCK_SIZE;
890
317k
            len  -= WC_SHA512_BLOCK_SIZE;
891
317k
    #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
892
317k
         defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
893
317k
            ByteReverseWords64(sha512->buffer, sha512->buffer,
894
317k
                                                       WC_SHA512_BLOCK_SIZE);
895
317k
    #endif
896
317k
    #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
897
317k
         defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
898
317k
            ret = Transform_Sha512(sha512);
899
    #else
900
            if(sha512->ctx.mode == ESP32_SHA_INIT) {
901
                esp_sha_try_hw_lock(&sha512->ctx);
902
            }
903
            ret = esp_sha512_process(sha512);
904
            if(ret == 0 && sha512->ctx.mode == ESP32_SHA_SW){
905
                ret = Transform_Sha512(sha512);
906
            }
907
    #endif
908
317k
            if (ret != 0)
909
107
                break;
910
317k
        }
911
346k
    }
912
346k
#endif
913
914
346k
    if (ret == 0 && len > 0) {
915
141k
        XMEMCPY(local, data, len);
916
141k
        sha512->buffLen = len;
917
141k
    }
918
919
346k
    return ret;
920
356k
}
921
922
#ifdef WOLFSSL_SHA512
923
924
int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len)
925
32.3k
{
926
32.3k
    if (sha512 == NULL || (data == NULL && len > 0)) {
927
0
        return BAD_FUNC_ARG;
928
0
    }
929
930
32.3k
#ifdef WOLF_CRYPTO_CB
931
32.3k
    if (sha512->devId != INVALID_DEVID) {
932
0
        int ret = wc_CryptoCb_Sha512Hash(sha512, data, len, NULL);
933
0
        if (ret != CRYPTOCB_UNAVAILABLE)
934
0
            return ret;
935
        /* fall-through when unavailable */
936
0
    }
937
32.3k
#endif
938
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
939
    if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) {
940
    #if defined(HAVE_INTEL_QA)
941
        return IntelQaSymSha512(&sha512->asyncDev, NULL, data, len);
942
    #endif
943
    }
944
#endif /* WOLFSSL_ASYNC_CRYPT */
945
946
32.3k
    return Sha512Update(sha512, data, len);
947
32.3k
}
948
949
#endif /* WOLFSSL_SHA512 */
950
951
#endif /* WOLFSSL_IMX6_CAAM || WOLFSSL_SILABS_SHA384 */
952
953
954
#if defined(WOLFSSL_KCAPI_HASH)
955
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
956
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
957
958
#else
959
960
static WC_INLINE int Sha512Final(wc_Sha512* sha512)
961
47.0k
{
962
47.0k
    byte* local;
963
47.0k
    int ret;
964
965
47.0k
    if (sha512 == NULL) {
966
0
        return BAD_FUNC_ARG;
967
0
    }
968
969
47.0k
    local = (byte*)sha512->buffer;
970
971
47.0k
    local[sha512->buffLen++] = 0x80;  /* add 1 */
972
973
    /* pad with zeros */
974
47.0k
    if (sha512->buffLen > WC_SHA512_PAD_SIZE) {
975
1.39k
        XMEMSET(&local[sha512->buffLen], 0, WC_SHA512_BLOCK_SIZE - sha512->buffLen);
976
1.39k
        sha512->buffLen += WC_SHA512_BLOCK_SIZE - sha512->buffLen;
977
1.39k
#if defined(LITTLE_ENDIAN_ORDER)
978
    #if defined(USE_INTEL_SPEEDUP) && \
979
        (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
980
        if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
981
    #endif
982
1.39k
        {
983
984
1.39k
       #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
985
1.39k
            defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
986
1.39k
            ByteReverseWords64(sha512->buffer,sha512->buffer,
987
1.39k
                                                         WC_SHA512_BLOCK_SIZE);
988
1.39k
       #endif
989
1.39k
        }
990
1.39k
#endif /* LITTLE_ENDIAN_ORDER */
991
1.39k
#if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
992
1.39k
     defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
993
1.39k
        ret = Transform_Sha512(sha512);
994
#else
995
       if(sha512->ctx.mode == ESP32_SHA_INIT) {
996
            esp_sha_try_hw_lock(&sha512->ctx);
997
       }
998
        ret = esp_sha512_process(sha512);
999
        if(ret == 0 && sha512->ctx.mode == ESP32_SHA_SW){
1000
            ret = Transform_Sha512(sha512);
1001
        }
1002
#endif
1003
1.39k
        if (ret != 0)
1004
56
            return ret;
1005
1006
1.34k
        sha512->buffLen = 0;
1007
1.34k
    }
1008
46.9k
    XMEMSET(&local[sha512->buffLen], 0, WC_SHA512_PAD_SIZE - sha512->buffLen);
1009
1010
    /* put lengths in bits */
1011
46.9k
    sha512->hiLen = (sha512->loLen >> (8 * sizeof(sha512->loLen) - 3)) +
1012
46.9k
                                                         (sha512->hiLen << 3);
1013
46.9k
    sha512->loLen = sha512->loLen << 3;
1014
1015
    /* store lengths */
1016
46.9k
#if defined(LITTLE_ENDIAN_ORDER)
1017
    #if defined(USE_INTEL_SPEEDUP) && \
1018
        (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1019
        if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
1020
    #endif
1021
46.9k
    #if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
1022
46.9k
         defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1023
46.9k
            ByteReverseWords64(sha512->buffer, sha512->buffer, WC_SHA512_PAD_SIZE);
1024
46.9k
    #endif
1025
46.9k
#endif
1026
    /* ! length ordering dependent on digest endian type ! */
1027
1028
46.9k
#if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
1029
46.9k
     defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1030
46.9k
    sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2] = sha512->hiLen;
1031
46.9k
    sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 1] = sha512->loLen;
1032
46.9k
#endif
1033
1034
#if defined(USE_INTEL_SPEEDUP) && \
1035
    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1036
    if (IS_INTEL_AVX1(intel_flags) || IS_INTEL_AVX2(intel_flags))
1037
        ByteReverseWords64(&(sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2]),
1038
                           &(sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2]),
1039
                           WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE);
1040
#endif
1041
46.9k
#if !defined(WOLFSSL_ESP32WROOM32_CRYPT) || \
1042
46.9k
    defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1043
46.9k
    ret = Transform_Sha512(sha512);
1044
#else
1045
    if(sha512->ctx.mode == ESP32_SHA_INIT) {
1046
        esp_sha_try_hw_lock(&sha512->ctx);
1047
    }
1048
    ret = esp_sha512_digest_process(sha512, 1);
1049
    if(ret == 0 && sha512->ctx.mode == ESP32_SHA_SW) {
1050
        ret = Transform_Sha512(sha512);
1051
    }
1052
#endif
1053
46.9k
    if (ret != 0)
1054
800
        return ret;
1055
1056
46.1k
    #ifdef LITTLE_ENDIAN_ORDER
1057
46.1k
        ByteReverseWords64(sha512->digest, sha512->digest, WC_SHA512_DIGEST_SIZE);
1058
46.1k
    #endif
1059
1060
46.1k
    return 0;
1061
46.9k
}
1062
1063
#endif /* WOLFSSL_KCAPI_HASH */
1064
1065
#ifdef WOLFSSL_SHA512
1066
1067
#if defined(WOLFSSL_KCAPI_HASH)
1068
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1069
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
1070
1071
#else
1072
1073
static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, int digestSz)
1074
0
{
1075
0
#ifdef LITTLE_ENDIAN_ORDER
1076
0
    word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)];
1077
0
#endif
1078
1079
0
    if (sha512 == NULL || hash == NULL) {
1080
0
        return BAD_FUNC_ARG;
1081
0
    }
1082
1083
0
#ifdef LITTLE_ENDIAN_ORDER
1084
0
    ByteReverseWords64((word64*)digest, (word64*)sha512->digest,
1085
0
                                                         WC_SHA512_DIGEST_SIZE);
1086
0
    XMEMCPY(hash, digest, digestSz);
1087
#else
1088
    XMEMCPY(hash, sha512->digest, digestSz);
1089
#endif
1090
1091
0
    return 0;
1092
0
}
1093
1094
int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash)
1095
0
{
1096
0
    return Sha512FinalRaw(sha512, hash, WC_SHA512_DIGEST_SIZE);
1097
0
}
1098
1099
static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash, int digestSz,
1100
                               int (*initfp)(wc_Sha512*))
1101
14.5k
{
1102
14.5k
    int ret;
1103
1104
14.5k
    if (sha512 == NULL || hash == NULL) {
1105
0
        return BAD_FUNC_ARG;
1106
0
    }
1107
1108
14.5k
#ifdef WOLF_CRYPTO_CB
1109
14.5k
    if (sha512->devId != INVALID_DEVID) {
1110
0
        ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, hash);
1111
0
        if (ret != CRYPTOCB_UNAVAILABLE)
1112
0
            return ret;
1113
        /* fall-through when unavailable */
1114
0
    }
1115
14.5k
#endif
1116
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
1117
    if (sha512->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA512) {
1118
    #if defined(HAVE_INTEL_QA)
1119
        return IntelQaSymSha512(&sha512->asyncDev, hash, NULL, digestSz);
1120
    #endif
1121
    }
1122
#endif /* WOLFSSL_ASYNC_CRYPT */
1123
1124
14.5k
    ret = Sha512Final(sha512);
1125
14.5k
    if (ret != 0)
1126
856
        return ret;
1127
1128
13.7k
    XMEMCPY(hash, sha512->digest, digestSz);
1129
1130
    /* initialize Sha512 structure for the next use */
1131
13.7k
    return initfp(sha512);
1132
14.5k
}
1133
1134
int wc_Sha512Final(wc_Sha512* sha512, byte* hash)
1135
22.6k
{
1136
22.6k
    return Sha512_Family_Final(sha512, hash, WC_SHA512_DIGEST_SIZE, InitSha512);
1137
22.6k
}
1138
1139
#endif /* WOLFSSL_KCAPI_HASH */
1140
1141
#if !defined(WOLFSSL_SE050) || !defined(WOLFSSL_SE050_HASH)
1142
int wc_InitSha512(wc_Sha512* sha512)
1143
2.86k
{
1144
2.86k
    int devId = INVALID_DEVID;
1145
1146
2.86k
#ifdef WOLF_CRYPTO_CB
1147
2.86k
    devId = wc_CryptoCb_DefaultDevID();
1148
2.86k
#endif
1149
2.86k
    return wc_InitSha512_ex(sha512, NULL, devId);
1150
2.86k
}
1151
1152
void wc_Sha512Free(wc_Sha512* sha512)
1153
78.6k
{
1154
78.6k
    if (sha512 == NULL)
1155
0
        return;
1156
1157
#ifdef WOLFSSL_SMALL_STACK_CACHE
1158
    if (sha512->W != NULL) {
1159
        XFREE(sha512->W, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
1160
        sha512->W = NULL;
1161
    }
1162
#endif
1163
1164
#if defined(WOLFSSL_KCAPI_HASH)
1165
    KcapiHashFree(&sha512->kcapi);
1166
#endif
1167
1168
#if defined(WOLFSSL_HASH_KEEP)
1169
    if (sha512->msg != NULL) {
1170
        XFREE(sha512->msg, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
1171
        sha512->msg = NULL;
1172
    }
1173
#endif
1174
1175
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
1176
    wolfAsync_DevCtxFree(&sha512->asyncDev, WOLFSSL_ASYNC_MARKER_SHA512);
1177
#endif /* WOLFSSL_ASYNC_CRYPT */
1178
78.6k
}
1179
#if defined(OPENSSL_EXTRA)
1180
/* Apply SHA512 transformation to the data                */
1181
/* @param sha  a pointer to wc_Sha512 structure           */
1182
/* @param data data to be applied SHA512 transformation   */
1183
/* @return 0 on successful, otherwise non-zero on failure */
1184
int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
1185
{
1186
    int ret;
1187
    /* back up buffer */
1188
#ifdef WOLFSSL_SMALL_STACK
1189
    word64 *buffer;
1190
#else
1191
    word64  buffer[WC_SHA512_BLOCK_SIZE  / sizeof(word64)];
1192
#endif
1193
1194
    /* sanity check */
1195
    if (sha == NULL || data == NULL) {
1196
        return BAD_FUNC_ARG;
1197
    }
1198
1199
#ifdef WOLFSSL_SMALL_STACK
1200
    buffer = (word64 *)XMALLOC(sizeof(word64) * 16, sha->heap,
1201
                               DYNAMIC_TYPE_TMP_BUFFER);
1202
    if (buffer == NULL)
1203
        return MEMORY_E;
1204
#endif
1205
1206
#if defined(USE_INTEL_SPEEDUP) && \
1207
    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1208
    Sha512_SetTransform();
1209
#endif
1210
1211
#if defined(LITTLE_ENDIAN_ORDER)
1212
#if defined(USE_INTEL_SPEEDUP) && \
1213
    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1214
    if (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags))
1215
#endif
1216
    {
1217
        ByteReverseWords64((word64*)data, (word64*)data,
1218
                                                WC_SHA512_BLOCK_SIZE);
1219
    }
1220
#endif /* !LITTLE_ENDIAN_ORDER */
1221
1222
    XMEMCPY(buffer, sha->buffer, WC_SHA512_BLOCK_SIZE);
1223
    XMEMCPY(sha->buffer, data, WC_SHA512_BLOCK_SIZE);
1224
1225
    ret = Transform_Sha512(sha);
1226
1227
    XMEMCPY(sha->buffer, buffer, WC_SHA512_BLOCK_SIZE);
1228
#ifdef WOLFSSL_SMALL_STACK
1229
    XFREE(buffer, sha->heap, DYNAMIC_TYPE_TMP_BUFFER);
1230
#endif
1231
    return ret;
1232
}
1233
#endif /* OPENSSL_EXTRA */
1234
#endif /* WOLFSSL_SHA512 */
1235
#endif /* !WOLFSSL_SE050 || !WOLFSSL_SE050_HASH */
1236
1237
1238
/* -------------------------------------------------------------------------- */
1239
/* SHA384 */
1240
/* -------------------------------------------------------------------------- */
1241
#ifdef WOLFSSL_SHA384
1242
1243
#if defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_HASH) && \
1244
    !defined(WOLFSSL_QNX_CAAM)
1245
    /* functions defined in wolfcrypt/src/port/caam/caam_sha.c */
1246
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
1247
    int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
1248
    {
1249
        if (sha384 == NULL) {
1250
            return BAD_FUNC_ARG;
1251
        }
1252
        (void)devId;
1253
        return se050_hash_init(&sha384->se050Ctx, heap);
1254
    }
1255
    int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
1256
    {
1257
        return se050_hash_update(&sha384->se050Ctx, data, len);
1258
1259
    }
1260
    int wc_Sha384Final(wc_Sha384* sha384, byte* hash)
1261
    {
1262
        int ret = 0;
1263
        ret = se050_hash_final(&sha384->se050Ctx, hash, WC_SHA384_DIGEST_SIZE,
1264
                               kAlgorithm_SSS_SHA384);
1265
        return ret;
1266
    }
1267
    int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash)
1268
    {
1269
        int ret = 0;
1270
        ret = se050_hash_final(&sha384->se050Ctx, hash, WC_SHA384_DIGEST_SIZE,
1271
                               kAlgorithm_SSS_SHA384);
1272
        return ret;
1273
    }
1274
1275
#elif defined(WOLFSSL_SILABS_SHA512)
1276
    /* functions defined in wolfcrypt/src/port/silabs/silabs_hash.c */
1277
1278
#elif defined(WOLFSSL_KCAPI_HASH)
1279
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1280
1281
#else
1282
1283
static int InitSha384(wc_Sha384* sha384)
1284
92.6k
{
1285
92.6k
    if (sha384 == NULL) {
1286
0
        return BAD_FUNC_ARG;
1287
0
    }
1288
1289
92.6k
    sha384->digest[0] = W64LIT(0xcbbb9d5dc1059ed8);
1290
92.6k
    sha384->digest[1] = W64LIT(0x629a292a367cd507);
1291
92.6k
    sha384->digest[2] = W64LIT(0x9159015a3070dd17);
1292
92.6k
    sha384->digest[3] = W64LIT(0x152fecd8f70e5939);
1293
92.6k
    sha384->digest[4] = W64LIT(0x67332667ffc00b31);
1294
92.6k
    sha384->digest[5] = W64LIT(0x8eb44a8768581511);
1295
92.6k
    sha384->digest[6] = W64LIT(0xdb0c2e0d64f98fa7);
1296
92.6k
    sha384->digest[7] = W64LIT(0x47b5481dbefa4fa4);
1297
1298
92.6k
    sha384->buffLen = 0;
1299
92.6k
    sha384->loLen   = 0;
1300
92.6k
    sha384->hiLen   = 0;
1301
1302
#if  defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1303
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1304
    sha384->ctx.sha_type = SHA2_384;
1305
     /* always start firstblock = 1 when using hw engine */
1306
    sha384->ctx.isfirstblock = 1;
1307
    if(sha384->ctx.mode == ESP32_SHA_HW) {
1308
        /* release hw */
1309
        esp_sha_hw_unlock(&(sha512->ctx));
1310
    }
1311
    /* always set mode as INIT
1312
    *  whether using HW or SW is determined at first call of update()
1313
    */
1314
    sha384->ctx.mode = ESP32_SHA_INIT;
1315
1316
#endif
1317
92.6k
#ifdef WOLFSSL_HASH_FLAGS
1318
92.6k
    sha384->flags = 0;
1319
92.6k
#endif
1320
#ifdef WOLFSSL_HASH_KEEP
1321
    sha384->msg  = NULL;
1322
    sha384->len  = 0;
1323
    sha384->used = 0;
1324
#endif
1325
1326
92.6k
    return 0;
1327
92.6k
}
1328
1329
int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len)
1330
1.12k
{
1331
1.12k
    if (sha384 == NULL || (data == NULL && len > 0)) {
1332
0
        return BAD_FUNC_ARG;
1333
0
    }
1334
1335
1.12k
#ifdef WOLF_CRYPTO_CB
1336
1.12k
    if (sha384->devId != INVALID_DEVID) {
1337
0
        int ret = wc_CryptoCb_Sha384Hash(sha384, data, len, NULL);
1338
0
        if (ret != CRYPTOCB_UNAVAILABLE)
1339
0
            return ret;
1340
        /* fall-through when unavailable */
1341
0
    }
1342
1.12k
#endif
1343
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
1344
    if (sha384->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA384) {
1345
    #if defined(HAVE_INTEL_QA)
1346
        return IntelQaSymSha384(&sha384->asyncDev, NULL, data, len);
1347
    #endif
1348
    }
1349
#endif /* WOLFSSL_ASYNC_CRYPT */
1350
1351
1.12k
    return Sha512Update((wc_Sha512*)sha384, data, len);
1352
1.12k
}
1353
1354
1355
int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash)
1356
38
{
1357
38
#ifdef LITTLE_ENDIAN_ORDER
1358
38
    word64 digest[WC_SHA384_DIGEST_SIZE / sizeof(word64)];
1359
38
#endif
1360
1361
38
    if (sha384 == NULL || hash == NULL) {
1362
0
        return BAD_FUNC_ARG;
1363
0
    }
1364
1365
38
#ifdef LITTLE_ENDIAN_ORDER
1366
38
    ByteReverseWords64((word64*)digest, (word64*)sha384->digest,
1367
38
                                                         WC_SHA384_DIGEST_SIZE);
1368
38
    XMEMCPY(hash, digest, WC_SHA384_DIGEST_SIZE);
1369
#else
1370
    XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE);
1371
#endif
1372
1373
38
    return 0;
1374
38
}
1375
1376
int wc_Sha384Final(wc_Sha384* sha384, byte* hash)
1377
156
{
1378
156
    int ret;
1379
1380
156
    if (sha384 == NULL || hash == NULL) {
1381
0
        return BAD_FUNC_ARG;
1382
0
    }
1383
1384
156
#ifdef WOLF_CRYPTO_CB
1385
156
    if (sha384->devId != INVALID_DEVID) {
1386
0
        ret = wc_CryptoCb_Sha384Hash(sha384, NULL, 0, hash);
1387
0
        if (ret != CRYPTOCB_UNAVAILABLE)
1388
0
            return ret;
1389
        /* fall-through when unavailable */
1390
0
    }
1391
156
#endif
1392
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
1393
    if (sha384->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA384) {
1394
    #if defined(HAVE_INTEL_QA)
1395
        return IntelQaSymSha384(&sha384->asyncDev, hash, NULL,
1396
                                            WC_SHA384_DIGEST_SIZE);
1397
    #endif
1398
    }
1399
#endif /* WOLFSSL_ASYNC_CRYPT */
1400
1401
156
    ret = Sha512Final((wc_Sha512*)sha384);
1402
156
    if (ret != 0)
1403
0
        return ret;
1404
1405
156
    XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE);
1406
1407
156
    return InitSha384(sha384);  /* reset state */
1408
156
}
1409
1410
int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
1411
69.1k
{
1412
69.1k
    int ret;
1413
1414
69.1k
    if (sha384 == NULL) {
1415
0
        return BAD_FUNC_ARG;
1416
0
    }
1417
1418
69.1k
    sha384->heap = heap;
1419
#ifdef WOLFSSL_SMALL_STACK_CACHE
1420
    sha384->W = NULL;
1421
#endif
1422
69.1k
#ifdef WOLF_CRYPTO_CB
1423
69.1k
    sha384->devId = devId;
1424
69.1k
    sha384->devCtx = NULL;
1425
69.1k
#endif
1426
1427
69.1k
    ret = InitSha384(sha384);
1428
69.1k
    if (ret != 0)
1429
0
        return ret;
1430
1431
#if defined(USE_INTEL_SPEEDUP) && \
1432
    (defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2))
1433
    Sha512_SetTransform();
1434
#endif
1435
1436
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
1437
    ret = wolfAsync_DevCtxInit(&sha384->asyncDev, WOLFSSL_ASYNC_MARKER_SHA384,
1438
                                                           sha384->heap, devId);
1439
#else
1440
69.1k
    (void)devId;
1441
69.1k
#endif /* WOLFSSL_ASYNC_CRYPT */
1442
1443
69.1k
    return ret;
1444
69.1k
}
1445
1446
#endif /* WOLFSSL_IMX6_CAAM || WOLFSSL_SILABS_SHA512 || WOLFSSL_KCAPI_HASH */
1447
1448
int wc_InitSha384(wc_Sha384* sha384)
1449
1.20k
{
1450
1.20k
    int devId = INVALID_DEVID;
1451
1452
1.20k
#ifdef WOLF_CRYPTO_CB
1453
1.20k
    devId = wc_CryptoCb_DefaultDevID();
1454
1.20k
#endif
1455
1.20k
    return wc_InitSha384_ex(sha384, NULL, devId);
1456
1.20k
}
1457
1458
void wc_Sha384Free(wc_Sha384* sha384)
1459
72.3k
{
1460
72.3k
    if (sha384 == NULL)
1461
0
        return;
1462
1463
#ifdef WOLFSSL_SMALL_STACK_CACHE
1464
    if (sha384->W != NULL) {
1465
        XFREE(sha384->W, sha384->heap, DYNAMIC_TYPE_TMP_BUFFER);
1466
        sha384->W = NULL;
1467
    }
1468
#endif
1469
1470
#if defined(WOLFSSL_KCAPI_HASH)
1471
    KcapiHashFree(&sha384->kcapi);
1472
#endif
1473
1474
#if defined(WOLFSSL_HASH_KEEP)
1475
    if (sha384->msg != NULL) {
1476
        XFREE(sha384->msg, sha384->heap, DYNAMIC_TYPE_TMP_BUFFER);
1477
        sha384->msg = NULL;
1478
    }
1479
#endif
1480
1481
#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
1482
    se050_hash_free(&sha384->se050Ctx);
1483
#endif
1484
1485
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
1486
    wolfAsync_DevCtxFree(&sha384->asyncDev, WOLFSSL_ASYNC_MARKER_SHA384);
1487
#endif /* WOLFSSL_ASYNC_CRYPT */
1488
72.3k
}
1489
1490
#endif /* WOLFSSL_SHA384 */
1491
1492
#endif /* HAVE_FIPS */
1493
1494
#ifdef WOLFSSL_SHA512
1495
1496
#if defined(WOLFSSL_KCAPI_HASH)
1497
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1498
1499
#else
1500
1501
static int Sha512_Family_GetHash(wc_Sha512* sha512, byte* hash,
1502
                                 int (*finalfp)(wc_Sha512*, byte*))
1503
397
{
1504
397
    int ret;
1505
397
    wc_Sha512 tmpSha512;
1506
1507
397
    if (sha512 == NULL || hash == NULL)
1508
0
        return BAD_FUNC_ARG;
1509
1510
#if  defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1511
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1512
    if(sha512->ctx.mode == ESP32_SHA_INIT) {
1513
        esp_sha_try_hw_lock(&sha512->ctx);
1514
    }
1515
    if(sha512->ctx.mode != ESP32_SHA_SW)
1516
       esp_sha512_digest_process(sha512, 0);
1517
#endif
1518
1519
397
    ret = wc_Sha512Copy(sha512, &tmpSha512);
1520
397
    if (ret == 0) {
1521
397
        ret = finalfp(&tmpSha512, hash);
1522
#if  defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1523
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1524
        sha512->ctx.mode = ESP32_SHA_SW;;
1525
#endif
1526
397
        wc_Sha512Free(&tmpSha512);
1527
397
    }
1528
397
    return ret;
1529
397
}
1530
1531
int wc_Sha512GetHash(wc_Sha512* sha512, byte* hash)
1532
397
{
1533
397
    return Sha512_Family_GetHash(sha512, hash, wc_Sha512Final);
1534
397
}
1535
1536
int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
1537
4.26k
{
1538
4.26k
    int ret = 0;
1539
1540
4.26k
    if (src == NULL || dst == NULL)
1541
0
        return BAD_FUNC_ARG;
1542
1543
4.26k
    XMEMCPY(dst, src, sizeof(wc_Sha512));
1544
#ifdef WOLFSSL_SMALL_STACK_CACHE
1545
    dst->W = NULL;
1546
#endif
1547
1548
#ifdef WOLFSSL_SILABS_SHA512
1549
    dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx);
1550
    dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx);
1551
#endif
1552
1553
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512)
1554
    ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
1555
#endif
1556
#if  defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1557
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1558
    dst->ctx.mode = src->ctx.mode;
1559
    dst->ctx.isfirstblock = src->ctx.isfirstblock;
1560
    dst->ctx.sha_type = src->ctx.sha_type;
1561
#endif
1562
4.26k
#ifdef WOLFSSL_HASH_FLAGS
1563
4.26k
     dst->flags |= WC_HASH_FLAG_ISCOPY;
1564
4.26k
#endif
1565
#if defined(WOLFSSL_HASH_KEEP)
1566
    if (src->msg != NULL) {
1567
        dst->msg = (byte*)XMALLOC(src->len, dst->heap, DYNAMIC_TYPE_TMP_BUFFER);
1568
        if (dst->msg == NULL)
1569
            return MEMORY_E;
1570
        XMEMCPY(dst->msg, src->msg, src->len);
1571
    }
1572
#endif
1573
1574
4.26k
    return ret;
1575
4.26k
}
1576
1577
#endif /* WOLFSSL_KCAPI_HASH */
1578
1579
#ifdef WOLFSSL_HASH_FLAGS
1580
int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags)
1581
0
{
1582
0
    if (sha512) {
1583
0
        sha512->flags = flags;
1584
0
    }
1585
0
    return 0;
1586
0
}
1587
int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags)
1588
0
{
1589
0
    if (sha512 && flags) {
1590
0
        *flags = sha512->flags;
1591
0
    }
1592
0
    return 0;
1593
0
}
1594
#endif /* WOLFSSL_HASH_FLAGS */
1595
1596
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
1597
1598
#if !defined(WOLFSSL_NOSHA512_224)
1599
int wc_InitSha512_224(wc_Sha512* sha)
1600
482
{
1601
482
    return wc_InitSha512_224_ex(sha, NULL, INVALID_DEVID);
1602
482
}
1603
int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len)
1604
482
{
1605
482
    return wc_Sha512Update(sha, data, len);
1606
482
}
1607
1608
#if defined(WOLFSSL_KCAPI_HASH)
1609
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1610
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
1611
1612
#else
1613
int wc_Sha512_224FinalRaw(wc_Sha512* sha, byte* hash)
1614
0
{
1615
0
    return Sha512FinalRaw(sha, hash, WC_SHA512_224_DIGEST_SIZE);
1616
0
}
1617
int wc_Sha512_224Final(wc_Sha512* sha512, byte* hash)
1618
482
{
1619
482
    return Sha512_Family_Final(sha512, hash, WC_SHA512_224_DIGEST_SIZE,
1620
482
                               InitSha512_224);
1621
482
}
1622
#endif
1623
void wc_Sha512_224Free(wc_Sha512* sha)
1624
482
{
1625
482
    wc_Sha512Free(sha);
1626
482
}
1627
#if defined(WOLFSSL_KCAPI_HASH)
1628
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1629
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
1630
1631
1632
#else
1633
int wc_Sha512_224GetHash(wc_Sha512* sha512, byte* hash)
1634
0
{
1635
0
    return Sha512_Family_GetHash(sha512, hash, wc_Sha512_224Final);
1636
0
}
1637
int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst)
1638
0
{
1639
0
    return wc_Sha512Copy(src, dst);
1640
0
}
1641
#endif
1642
1643
#ifdef WOLFSSL_HASH_FLAGS
1644
int wc_Sha512_224SetFlags(wc_Sha512* sha, word32 flags)
1645
0
{
1646
0
    return wc_Sha512SetFlags(sha, flags);
1647
0
}
1648
int wc_Sha512_224GetFlags(wc_Sha512* sha, word32* flags)
1649
0
{
1650
0
    return wc_Sha512GetFlags(sha, flags);
1651
0
}
1652
#endif /* WOLFSSL_HASH_FLAGS */
1653
1654
#if defined(OPENSSL_EXTRA)
1655
int wc_Sha512_224Transform(wc_Sha512* sha, const unsigned char* data)
1656
{
1657
    return wc_Sha512Transform(sha, data);
1658
}
1659
#endif /* OPENSSL_EXTRA */
1660
1661
#endif /* !WOLFSSL_NOSHA512_224 */
1662
1663
#if !defined(WOLFSSL_NOSHA512_256)
1664
int wc_InitSha512_256(wc_Sha512* sha)
1665
320
{
1666
320
    return wc_InitSha512_256_ex(sha, NULL, INVALID_DEVID);
1667
320
}
1668
int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len)
1669
320
{
1670
320
    return wc_Sha512Update(sha, data, len);
1671
320
}
1672
#if defined(WOLFSSL_KCAPI_HASH)
1673
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1674
#elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
1675
1676
#else
1677
int wc_Sha512_256FinalRaw(wc_Sha512* sha, byte* hash)
1678
0
{
1679
0
    return Sha512FinalRaw(sha, hash, WC_SHA512_256_DIGEST_SIZE);
1680
0
}
1681
int wc_Sha512_256Final(wc_Sha512* sha512, byte* hash)
1682
320
{
1683
320
    return Sha512_Family_Final(sha512, hash, WC_SHA512_256_DIGEST_SIZE,
1684
320
                               InitSha512_256);
1685
320
}
1686
#endif
1687
void wc_Sha512_256Free(wc_Sha512* sha)
1688
320
{
1689
320
    wc_Sha512Free(sha);
1690
320
}
1691
#if defined(WOLFSSL_KCAPI_HASH)
1692
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1693
1694
#else
1695
int wc_Sha512_256GetHash(wc_Sha512* sha512, byte* hash)
1696
0
{
1697
0
    return Sha512_Family_GetHash(sha512, hash, wc_Sha512_256Final);
1698
0
}
1699
int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst)
1700
0
{
1701
0
    return wc_Sha512Copy(src, dst);
1702
0
}
1703
#endif
1704
1705
#ifdef WOLFSSL_HASH_FLAGS
1706
int wc_Sha512_256SetFlags(wc_Sha512* sha, word32 flags)
1707
0
{
1708
0
    return wc_Sha512SetFlags(sha, flags);
1709
0
}
1710
int wc_Sha512_256GetFlags(wc_Sha512* sha, word32* flags)
1711
0
{
1712
0
    return wc_Sha512GetFlags(sha, flags);
1713
0
}
1714
#endif /* WOLFSSL_HASH_FLAGS */
1715
1716
#if defined(OPENSSL_EXTRA)
1717
int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data)
1718
{
1719
    return wc_Sha512Transform(sha, data);
1720
}
1721
#endif /* OPENSSL_EXTRA */
1722
1723
#endif /* !WOLFSSL_NOSHA512_224 */
1724
#endif /* !HAVE_FIPS && !HAVE_SELFTEST */
1725
1726
#endif /* WOLFSSL_SHA512 */
1727
1728
#ifdef WOLFSSL_SHA384
1729
1730
#if defined(WOLFSSL_KCAPI_HASH)
1731
    /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */
1732
1733
#else
1734
1735
int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash)
1736
2.23k
{
1737
2.23k
    int ret;
1738
2.23k
    wc_Sha384 tmpSha384;
1739
1740
2.23k
    if (sha384 == NULL || hash == NULL)
1741
0
        return BAD_FUNC_ARG;
1742
#if  defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1743
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1744
    if(sha384->ctx.mode == ESP32_SHA_INIT) {
1745
        esp_sha_try_hw_lock(&sha384->ctx);
1746
    }
1747
    if(sha384->ctx.mode != ESP32_SHA_SW) {
1748
        esp_sha512_digest_process(sha384, 0);
1749
    }
1750
#endif
1751
2.23k
    ret = wc_Sha384Copy(sha384, &tmpSha384);
1752
2.23k
    if (ret == 0) {
1753
2.23k
        ret = wc_Sha384Final(&tmpSha384, hash);
1754
#if  defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1755
    !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1756
        sha384->ctx.mode = ESP32_SHA_SW;
1757
#endif
1758
2.23k
        wc_Sha384Free(&tmpSha384);
1759
2.23k
    }
1760
2.23k
    return ret;
1761
2.23k
}
1762
int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
1763
3.28k
{
1764
3.28k
    int ret = 0;
1765
1766
3.28k
    if (src == NULL || dst == NULL)
1767
0
        return BAD_FUNC_ARG;
1768
1769
3.28k
    XMEMCPY(dst, src, sizeof(wc_Sha384));
1770
#ifdef WOLFSSL_SMALL_STACK_CACHE
1771
    dst->W = NULL;
1772
#endif
1773
1774
#ifdef WOLFSSL_SILABS_SHA384
1775
    dst->silabsCtx.hash_ctx.cmd_ctx = &(dst->silabsCtx.cmd_ctx);
1776
    dst->silabsCtx.hash_ctx.hash_type_ctx = &(dst->silabsCtx.hash_type_ctx);
1777
#endif
1778
1779
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA384)
1780
    ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
1781
#endif
1782
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
1783
   !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
1784
    dst->ctx.mode = src->ctx.mode;
1785
    dst->ctx.isfirstblock = src->ctx.isfirstblock;
1786
    dst->ctx.sha_type = src->ctx.sha_type;
1787
#endif
1788
3.28k
#ifdef WOLFSSL_HASH_FLAGS
1789
3.28k
     dst->flags |= WC_HASH_FLAG_ISCOPY;
1790
3.28k
#endif
1791
#if defined(WOLFSSL_HASH_KEEP)
1792
    if (src->msg != NULL) {
1793
        dst->msg = (byte*)XMALLOC(src->len, dst->heap, DYNAMIC_TYPE_TMP_BUFFER);
1794
        if (dst->msg == NULL)
1795
            return MEMORY_E;
1796
        XMEMCPY(dst->msg, src->msg, src->len);
1797
    }
1798
#endif
1799
1800
3.28k
    return ret;
1801
3.28k
}
1802
1803
#endif /* WOLFSSL_KCAPI_HASH */
1804
1805
#ifdef WOLFSSL_HASH_FLAGS
1806
int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags)
1807
0
{
1808
0
    if (sha384) {
1809
0
        sha384->flags = flags;
1810
0
    }
1811
0
    return 0;
1812
0
}
1813
int wc_Sha384GetFlags(wc_Sha384* sha384, word32* flags)
1814
0
{
1815
0
    if (sha384 && flags) {
1816
0
        *flags = sha384->flags;
1817
0
    }
1818
0
    return 0;
1819
0
}
1820
#endif
1821
1822
#endif /* WOLFSSL_SHA384 */
1823
1824
#ifdef WOLFSSL_HASH_KEEP
1825
/* Some hardware have issues with update, this function stores the data to be
1826
 * hashed into an array. Once ready, the Final operation is called on all of the
1827
 * data to be hashed at once.
1828
 * returns 0 on success
1829
 */
1830
int wc_Sha512_Grow(wc_Sha512* sha512, const byte* in, int inSz)
1831
{
1832
    return _wc_Hash_Grow(&(sha512->msg), &(sha512->used), &(sha512->len), in,
1833
                        inSz, sha512->heap);
1834
}
1835
#ifdef WOLFSSL_SHA384
1836
int wc_Sha384_Grow(wc_Sha384* sha384, const byte* in, int inSz)
1837
{
1838
    return _wc_Hash_Grow(&(sha384->msg), &(sha384->used), &(sha384->len), in,
1839
                        inSz, sha384->heap);
1840
}
1841
#endif /* WOLFSSL_SHA384 */
1842
#endif /* WOLFSSL_HASH_KEEP */
1843
#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */