/src/wolfssl-sp-math-all/wolfcrypt/src/sha.c
Line | Count | Source |
1 | | /* sha.c |
2 | | * |
3 | | * Copyright (C) 2006-2026 wolfSSL Inc. |
4 | | * |
5 | | * This file is part of wolfSSL. |
6 | | * |
7 | | * wolfSSL is free software; you can redistribute it and/or modify |
8 | | * it under the terms of the GNU General Public License as published by |
9 | | * the Free Software Foundation; either version 3 of the License, or |
10 | | * (at your option) any later version. |
11 | | * |
12 | | * wolfSSL is distributed in the hope that it will be useful, |
13 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
15 | | * GNU General Public License for more details. |
16 | | * |
17 | | * You should have received a copy of the GNU General Public License |
18 | | * along with this program; if not, write to the Free Software |
19 | | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
20 | | */ |
21 | | |
22 | | /* |
23 | | * SHA-1 Build Options: |
24 | | * |
25 | | * Core: |
26 | | * NO_SHA: Disable SHA-1 support entirely default: off |
27 | | * USE_SLOW_SHA: Disable SHA-1 loop unrolling default: off |
28 | | * WC_HASH_DATA_ALIGNMENT: Required data alignment for hashing default: off |
29 | | * |
30 | | * Hardware Acceleration (SHA-1-specific): |
31 | | * WC_ASYNC_ENABLE_SHA: Enable async SHA-1 operations default: off |
32 | | * WOLFSSL_PIC32MZ_HASH: PIC32MZ hardware SHA default: off |
33 | | * WOLFSSL_PSA_NO_HASH: Disable PSA hash default: off |
34 | | * WOLFSSL_TI_HASH: TI hardware hash default: off |
35 | | * WOLFSSL_RENESAS_RX64_HASH: Renesas RX64 hardware hash default: off |
36 | | * FREESCALE_LTC_SHA: Freescale LTC SHA acceleration default: off |
37 | | * FREESCALE_MMCAU_SHA: Freescale MMCAU SHA acceleration default: off |
38 | | * STM32_HASH: STM32 hardware hash default: off |
39 | | * PSOC6_HASH_SHA1: PSoC6 hardware SHA-1 default: off |
40 | | */ |
41 | | |
42 | | #include <wolfssl/wolfcrypt/libwolfssl_sources.h> |
43 | | |
44 | | #ifdef DEBUG_WOLFSSL_VERBOSE |
45 | | #if defined(WOLFSSL_ESPIDF) |
46 | | #include <esp_log.h> |
47 | | #endif |
48 | | #endif |
49 | | |
50 | | #if !defined(NO_SHA) |
51 | | |
52 | | #if FIPS_VERSION3_GE(2,0,0) |
53 | | /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ |
54 | | #define FIPS_NO_WRAPPERS |
55 | | |
56 | | #ifdef USE_WINDOWS_API |
57 | | #pragma code_seg(".fipsA$k") |
58 | | #pragma const_seg(".fipsB$k") |
59 | | #endif |
60 | | #endif |
61 | | |
62 | | #include <wolfssl/wolfcrypt/sha.h> |
63 | | #include <wolfssl/wolfcrypt/hash.h> |
64 | | |
65 | | #ifdef WOLF_CRYPTO_CB |
66 | | #include <wolfssl/wolfcrypt/cryptocb.h> |
67 | | #endif |
68 | | |
69 | | #ifdef WOLFSSL_IMXRT1170_CAAM |
70 | | #include <wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h> |
71 | | #endif |
72 | | |
73 | | #if defined(WOLFSSL_PSOC6_CRYPTO) |
74 | | #include <wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h> |
75 | | #endif |
76 | | |
77 | | /* Assume no hash HW available until supporting HW found. */ |
78 | | #undef WOLFSSL_USE_ESP32_CRYPT_HASH_HW |
79 | | |
80 | | #if defined(WOLFSSL_ESP32_CRYPT) && \ |
81 | | !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) |
82 | | /* define a single keyword for simplicity & readability |
83 | | * |
84 | | * by default the HW acceleration is on for ESP32-WROOM32 |
85 | | * but individual components can be turned off. |
86 | | */ |
87 | | #define WOLFSSL_USE_ESP32_CRYPT_HASH_HW |
88 | | #include "wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h" |
89 | | |
90 | | /* Although we have hardware acceleration, |
91 | | ** we may need to fall back to software */ |
92 | | #define USE_SHA_SOFTWARE_IMPL |
93 | | |
94 | | #elif defined(WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW) |
95 | | /* The ESP32C3 is different; HW crypto here. Not yet implemented. |
96 | | ** We'll be using software for RISC-V at this time */ |
97 | | #else |
98 | | #undef WOLFSSL_USE_ESP32_CRYPT_HASH_HW |
99 | | #endif |
100 | | |
101 | | #undef WOLFSSL_USE_ESP32_CRYPT_HASH_HW |
102 | | #if defined(WOLFSSL_ESP32_CRYPT) && \ |
103 | | !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) |
104 | | /* define a single keyword for simplicity & readability |
105 | | * |
106 | | * by default the HW acceleration is on for ESP32-WROOM32 |
107 | | * but individual components can be turned off. |
108 | | */ |
109 | | #define WOLFSSL_USE_ESP32_CRYPT_HASH_HW |
110 | | #include "wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h" |
111 | | |
112 | | /* Although we have hardware acceleration, |
113 | | ** we may need to fall back to software */ |
114 | | #define USE_SHA_SOFTWARE_IMPL |
115 | | static const char* TAG = "wc_sha"; |
116 | | #elif defined(WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW) |
117 | | /* The ESP32C3 is different; HW crypto here. Not yet implemented. |
118 | | ** We'll be using software for RISC-V at this time */ |
119 | | static const char* TAG = "wc_sha-c3"; |
120 | | #else |
121 | | #undef WOLFSSL_USE_ESP32_CRYPT_HASH_HW |
122 | | #endif |
123 | | |
124 | | #if defined(WOLFSSL_TI_HASH) |
125 | | /* #include <wolfcrypt/src/port/ti/ti-hash.c> included by wc_port.c */ |
126 | | |
127 | | #else |
128 | | |
129 | | #ifdef NO_INLINE |
130 | | #include <wolfssl/wolfcrypt/misc.h> |
131 | | #else |
132 | | #define WOLFSSL_MISC_INCLUDED |
133 | | #include <wolfcrypt/src/misc.c> |
134 | | #endif |
135 | | |
136 | | #if FIPS_VERSION3_GE(6,0,0) |
137 | | const unsigned int wolfCrypt_FIPS_sha_ro_sanity[2] = |
138 | | { 0x1a2b3c4d, 0x00000013 }; |
139 | | int wolfCrypt_FIPS_SHA_sanity(void) |
140 | | { |
141 | | return 0; |
142 | | } |
143 | | #endif |
144 | | |
145 | | /* Hardware Acceleration */ |
146 | | #if defined(WOLFSSL_PIC32MZ_HASH) |
147 | | #include <wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h> |
148 | | |
149 | | #elif defined(STM32_HASH) |
150 | | |
151 | | /* Supports CubeMX HAL or Standard Peripheral Library */ |
152 | | int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) |
153 | | { |
154 | | if (sha == NULL) { |
155 | | return BAD_FUNC_ARG; |
156 | | } |
157 | | |
158 | | (void)devId; |
159 | | (void)heap; |
160 | | |
161 | | wc_Stm32_Hash_Init(&sha->stmCtx); |
162 | | |
163 | | return 0; |
164 | | } |
165 | | |
166 | | int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) |
167 | | { |
168 | | int ret; |
169 | | |
170 | | if (sha == NULL || (data == NULL && len > 0)) { |
171 | | return BAD_FUNC_ARG; |
172 | | } |
173 | | |
174 | | ret = wolfSSL_CryptHwMutexLock(); |
175 | | if (ret == 0) { |
176 | | ret = wc_Stm32_Hash_Update(&sha->stmCtx, HASH_AlgoSelection_SHA1, |
177 | | data, len, WC_SHA_BLOCK_SIZE); |
178 | | wolfSSL_CryptHwMutexUnLock(); |
179 | | } |
180 | | return ret; |
181 | | } |
182 | | |
183 | | int wc_ShaFinal(wc_Sha* sha, byte* hash) |
184 | | { |
185 | | int ret; |
186 | | |
187 | | if (sha == NULL || hash == NULL) { |
188 | | return BAD_FUNC_ARG; |
189 | | } |
190 | | |
191 | | ret = wolfSSL_CryptHwMutexLock(); |
192 | | if (ret == 0) { |
193 | | ret = wc_Stm32_Hash_Final(&sha->stmCtx, HASH_AlgoSelection_SHA1, |
194 | | hash, WC_SHA_DIGEST_SIZE); |
195 | | wolfSSL_CryptHwMutexUnLock(); |
196 | | } |
197 | | |
198 | | (void)wc_InitSha(sha); /* reset state */ |
199 | | |
200 | | return ret; |
201 | | } |
202 | | |
203 | | |
204 | | #elif defined(FREESCALE_LTC_SHA) |
205 | | |
206 | | #include "fsl_ltc.h" |
207 | | int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) |
208 | | { |
209 | | if (sha == NULL) { |
210 | | return BAD_FUNC_ARG; |
211 | | } |
212 | | |
213 | | (void)devId; |
214 | | (void)heap; |
215 | | |
216 | | LTC_HASH_Init(LTC_BASE, &sha->ctx, kLTC_Sha1, NULL, 0); |
217 | | return 0; |
218 | | } |
219 | | |
220 | | int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) |
221 | | { |
222 | | LTC_HASH_Update(&sha->ctx, data, len); |
223 | | return 0; |
224 | | } |
225 | | |
226 | | int wc_ShaFinal(wc_Sha* sha, byte* hash) |
227 | | { |
228 | | word32 hashlen = WC_SHA_DIGEST_SIZE; |
229 | | LTC_HASH_Finish(&sha->ctx, hash, &hashlen); |
230 | | return wc_InitSha(sha); /* reset state */ |
231 | | } |
232 | | |
233 | | |
234 | | #elif defined(FREESCALE_MMCAU_SHA) |
235 | | |
236 | | #ifdef FREESCALE_MMCAU_CLASSIC_SHA |
237 | | #include "cau_api.h" |
238 | | #else |
239 | | #include "fsl_mmcau.h" |
240 | | #endif |
241 | | |
242 | | #define USE_SHA_SOFTWARE_IMPL /* Only for API's, actual transform is here */ |
243 | | |
244 | | #define XTRANSFORM(S,B) Transform((S),(B)) |
245 | | #define XTRANSFORM_LEN(S,B,L) Transform_Len((S),(B),(L)) |
246 | | |
247 | | #ifndef WC_HASH_DATA_ALIGNMENT |
248 | | /* these hardware API's require 4 byte (word32) alignment */ |
249 | | #define WC_HASH_DATA_ALIGNMENT 4 |
250 | | #endif |
251 | | |
252 | | static int InitSha(wc_Sha* sha) |
253 | | { |
254 | | int ret = 0; |
255 | | ret = wolfSSL_CryptHwMutexLock(); |
256 | | if (ret != 0) { |
257 | | return ret; |
258 | | } |
259 | | #ifdef FREESCALE_MMCAU_CLASSIC_SHA |
260 | | cau_sha1_initialize_output(sha->digest); |
261 | | #else |
262 | | MMCAU_SHA1_InitializeOutput((word32*)sha->digest); |
263 | | #endif |
264 | | wolfSSL_CryptHwMutexUnLock(); |
265 | | |
266 | | sha->buffLen = 0; |
267 | | sha->loLen = 0; |
268 | | sha->hiLen = 0; |
269 | | |
270 | | return ret; |
271 | | } |
272 | | |
273 | | static int Transform(wc_Sha* sha, const byte* data) |
274 | | { |
275 | | int ret = wolfSSL_CryptHwMutexLock(); |
276 | | if (ret == 0) { |
277 | | #ifdef FREESCALE_MMCAU_CLASSIC_SHA |
278 | | cau_sha1_hash_n((byte*)data, 1, sha->digest); |
279 | | #else |
280 | | MMCAU_SHA1_HashN((byte*)data, 1, (word32*)sha->digest); |
281 | | #endif |
282 | | wolfSSL_CryptHwMutexUnLock(); |
283 | | } |
284 | | return ret; |
285 | | } |
286 | | |
287 | | static int Transform_Len(wc_Sha* sha, const byte* data, word32 len) |
288 | | { |
289 | | int ret = wolfSSL_CryptHwMutexLock(); |
290 | | if (ret == 0) { |
291 | | #if defined(WC_HASH_DATA_ALIGNMENT) && WC_HASH_DATA_ALIGNMENT > 0 |
292 | | if ((wc_ptr_t)data % WC_HASH_DATA_ALIGNMENT) { |
293 | | /* data pointer is NOT aligned, |
294 | | * so copy and perform one block at a time */ |
295 | | byte* local = (byte*)sha->buffer; |
296 | | while (len >= WC_SHA_BLOCK_SIZE) { |
297 | | XMEMCPY(local, data, WC_SHA_BLOCK_SIZE); |
298 | | #ifdef FREESCALE_MMCAU_CLASSIC_SHA |
299 | | cau_sha1_hash_n(local, 1, sha->digest); |
300 | | #else |
301 | | MMCAU_SHA1_HashN(local, 1, sha->digest); |
302 | | #endif |
303 | | data += WC_SHA_BLOCK_SIZE; |
304 | | len -= WC_SHA_BLOCK_SIZE; |
305 | | } |
306 | | } |
307 | | else |
308 | | #endif |
309 | | { |
310 | | #ifdef FREESCALE_MMCAU_CLASSIC_SHA |
311 | | cau_sha1_hash_n((byte*)data, len/WC_SHA_BLOCK_SIZE, sha->digest); |
312 | | #else |
313 | | MMCAU_SHA1_HashN((byte*)data, len/WC_SHA_BLOCK_SIZE, |
314 | | (word32*)sha->digest); |
315 | | #endif |
316 | | } |
317 | | wolfSSL_CryptHwMutexUnLock(); |
318 | | } |
319 | | return ret; |
320 | | } |
321 | | |
322 | | #elif defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_HASH) && \ |
323 | | !defined(WOLFSSL_QNX_CAAM) |
324 | | /* wolfcrypt/src/port/caam/caam_sha.c */ |
325 | | |
326 | | #elif defined(MAX3266X_SHA) |
327 | | /* Already brought in by sha.h */ |
328 | | /* #include <wolfssl/wolfcrypt/port/maxim/max3266x.h> */ |
329 | | |
330 | | #elif defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) || \ |
331 | | defined(WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW) |
332 | | |
333 | | /* This function initializes SHA. |
334 | | ** This is automatically called by wc_ShaHash */ |
335 | | static int InitSha(wc_Sha* sha) |
336 | | { |
337 | | int ret = 0; |
338 | | |
339 | | sha->digest[0] = 0x67452301L; |
340 | | sha->digest[1] = 0xEFCDAB89L; |
341 | | sha->digest[2] = 0x98BADCFEL; |
342 | | sha->digest[3] = 0x10325476L; |
343 | | sha->digest[4] = 0xC3D2E1F0L; |
344 | | |
345 | | sha->buffLen = 0; |
346 | | sha->loLen = 0; |
347 | | sha->hiLen = 0; |
348 | | |
349 | | /* HW needs to be carefully initialized, taking into account soft copy. |
350 | | ** If already in use; copy may revert to SW as needed. */ |
351 | | ret = esp_sha_init(&(sha->ctx), WC_HASH_TYPE_SHA); |
352 | | |
353 | | return ret; |
354 | | } |
355 | | |
356 | | #elif (defined(WOLFSSL_RENESAS_TSIP_TLS) || \ |
357 | | defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \ |
358 | | !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) |
359 | | |
360 | | /* implemented in wolfcrypt/src/port/Renesas/renesas_tsip_sha.c */ |
361 | | |
362 | | #elif defined(WOLFSSL_RENESAS_RSIP) && \ |
363 | | !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) |
364 | | |
365 | | /* implemented in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ |
366 | | |
367 | | #elif defined(WOLFSSL_IMXRT_DCP) |
368 | | #include <wolfssl/wolfcrypt/port/nxp/dcp_port.h> |
369 | | /* implemented in wolfcrypt/src/port/nxp/dcp_port.c */ |
370 | | |
371 | | #elif defined(WOLFSSL_SILABS_SE_ACCEL) |
372 | | |
373 | | /* implemented in wolfcrypt/src/port/silabs/silabs_hash.c */ |
374 | | |
375 | | #elif defined(WOLFSSL_RENESAS_RX64_HASH) |
376 | | |
377 | | /* implemented in wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c */ |
378 | | |
379 | | #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) |
380 | | |
381 | | #include <wolfssl/wolfcrypt/port/nxp/se050_port.h> |
382 | | int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) |
383 | | { |
384 | | if (sha == NULL) { |
385 | | return BAD_FUNC_ARG; |
386 | | } |
387 | | (void)devId; |
388 | | |
389 | | return se050_hash_init(&sha->se050Ctx, heap); |
390 | | } |
391 | | |
392 | | int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) |
393 | | { |
394 | | return se050_hash_update(&sha->se050Ctx, data, len); |
395 | | |
396 | | } |
397 | | |
398 | | int wc_ShaFinal(wc_Sha* sha, byte* hash) |
399 | | { |
400 | | int ret = 0; |
401 | | ret = se050_hash_final(&sha->se050Ctx, hash, WC_SHA_DIGEST_SIZE, |
402 | | kAlgorithm_SSS_SHA1); |
403 | | return ret; |
404 | | } |
405 | | int wc_ShaFinalRaw(wc_Sha* sha, byte* hash) |
406 | | { |
407 | | int ret = 0; |
408 | | ret = se050_hash_final(&sha->se050Ctx, hash, WC_SHA_DIGEST_SIZE, |
409 | | kAlgorithm_SSS_SHA1); |
410 | | return ret; |
411 | | } |
412 | | |
413 | | #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH) |
414 | | /* implemented in wolfcrypt/src/port/psa/psa_hash.c */ |
415 | | #elif defined(PSOC6_HASH_SHA1) |
416 | | /* Implemented in wolfcrypt/src/port/cypress/psoc6_crypto.c */ |
417 | | #else |
418 | | /* Software implementation */ |
419 | | #define USE_SHA_SOFTWARE_IMPL |
420 | | |
421 | | static int InitSha(wc_Sha* sha) |
422 | 428k | { |
423 | 428k | int ret = 0; |
424 | | |
425 | 428k | sha->digest[0] = 0x67452301L; |
426 | 428k | sha->digest[1] = 0xEFCDAB89L; |
427 | 428k | sha->digest[2] = 0x98BADCFEL; |
428 | 428k | sha->digest[3] = 0x10325476L; |
429 | 428k | sha->digest[4] = 0xC3D2E1F0L; |
430 | | |
431 | 428k | sha->buffLen = 0; |
432 | 428k | XMEMSET(sha->buffer, 0, sizeof(sha->buffer)); |
433 | 428k | sha->loLen = 0; |
434 | 428k | sha->hiLen = 0; |
435 | 428k | #ifdef WOLFSSL_HASH_FLAGS |
436 | 428k | sha->flags = 0; |
437 | 428k | #endif |
438 | | |
439 | 428k | return ret; |
440 | 428k | } |
441 | | #endif /* End Hardware Acceleration */ |
442 | | |
443 | | /* Software implementation */ |
444 | | #ifdef USE_SHA_SOFTWARE_IMPL |
445 | | |
446 | | static WC_INLINE void AddLength(wc_Sha* sha, word32 len) |
447 | 527k | { |
448 | 527k | word32 tmp = sha->loLen; |
449 | 527k | if ((sha->loLen += len) < tmp) |
450 | 0 | sha->hiLen++; /* carry low to high */ |
451 | 527k | } |
452 | | |
453 | | /* Check if custom wc_Sha transform is used */ |
454 | | #ifndef XTRANSFORM |
455 | 1.17M | #define XTRANSFORM(S,B) Transform((S),(B)) |
456 | | |
457 | 19.5M | #define blk0(i) (W[i] = *((const word32*)&data[(i)*sizeof(word32)])) |
458 | 78.1M | #define blk1(i) (W[(i)&15] = \ |
459 | 78.1M | rotlFixed(W[((i)+13)&15]^W[((i)+8)&15]^W[((i)+2)&15]^W[(i)&15],1)) |
460 | | |
461 | 24.4M | #define f1(x,y,z) ((z)^((x) &((y)^(z)))) |
462 | 24.4M | #define f2(x,y,z) ((x)^(y)^(z)) |
463 | 24.4M | #define f3(x,y,z) (((x)&(y))|((z)&((x)|(y)))) |
464 | 24.4M | #define f4(x,y,z) ((x)^(y)^(z)) |
465 | | |
466 | | #if defined(WOLFSSL_NUCLEUS_1_2) || defined(NUCLEUS_PLUS_2_3) |
467 | | /* nucleus.h also defines R1-R4 */ |
468 | | #undef R1 |
469 | | #undef R2 |
470 | | #undef R3 |
471 | | #undef R4 |
472 | | #endif |
473 | | |
474 | | /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ |
475 | 19.5M | #define R0(v,w,x,y,z,i) (z)+= f1((w),(x),(y)) + blk0((i)) + 0x5A827999+ \ |
476 | 19.5M | rotlFixed((v),5); (w) = rotlFixed((w),30); |
477 | 4.88M | #define R1(v,w,x,y,z,i) (z)+= f1((w),(x),(y)) + blk1((i)) + 0x5A827999+ \ |
478 | 4.88M | rotlFixed((v),5); (w) = rotlFixed((w),30); |
479 | 24.4M | #define R2(v,w,x,y,z,i) (z)+= f2((w),(x),(y)) + blk1((i)) + 0x6ED9EBA1+ \ |
480 | 24.4M | rotlFixed((v),5); (w) = rotlFixed((w),30); |
481 | 24.4M | #define R3(v,w,x,y,z,i) (z)+= f3((w),(x),(y)) + blk1((i)) + 0x8F1BBCDC+ \ |
482 | 24.4M | rotlFixed((v),5); (w) = rotlFixed((w),30); |
483 | 24.4M | #define R4(v,w,x,y,z,i) (z)+= f4((w),(x),(y)) + blk1((i)) + 0xCA62C1D6+ \ |
484 | 24.4M | rotlFixed((v),5); (w) = rotlFixed((w),30); |
485 | | |
486 | | static int Transform(wc_Sha* sha, const byte* data) |
487 | 1.22M | { |
488 | 1.22M | word32 W[WC_SHA_BLOCK_SIZE / sizeof(word32)]; |
489 | | |
490 | | /* Copy context->state[] to working vars */ |
491 | 1.22M | word32 a = sha->digest[0]; |
492 | 1.22M | word32 b = sha->digest[1]; |
493 | 1.22M | word32 c = sha->digest[2]; |
494 | 1.22M | word32 d = sha->digest[3]; |
495 | 1.22M | word32 e = sha->digest[4]; |
496 | | |
497 | | #ifdef USE_SLOW_SHA |
498 | | word32 t, i; |
499 | | |
500 | | for (i = 0; i < 16; i++) { |
501 | | R0(a, b, c, d, e, i); |
502 | | t = e; e = d; d = c; c = b; b = a; a = t; |
503 | | } |
504 | | |
505 | | for (; i < 20; i++) { |
506 | | R1(a, b, c, d, e, i); |
507 | | t = e; e = d; d = c; c = b; b = a; a = t; |
508 | | } |
509 | | |
510 | | for (; i < 40; i++) { |
511 | | R2(a, b, c, d, e, i); |
512 | | t = e; e = d; d = c; c = b; b = a; a = t; |
513 | | } |
514 | | |
515 | | for (; i < 60; i++) { |
516 | | R3(a, b, c, d, e, i); |
517 | | t = e; e = d; d = c; c = b; b = a; a = t; |
518 | | } |
519 | | |
520 | | for (; i < 80; i++) { |
521 | | R4(a, b, c, d, e, i); |
522 | | t = e; e = d; d = c; c = b; b = a; a = t; |
523 | | } |
524 | | #else |
525 | | /* nearly 1 K bigger in code size but 25% faster */ |
526 | | /* 4 rounds of 20 operations each. Loop unrolled. */ |
527 | 1.22M | R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); |
528 | 1.22M | R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); |
529 | 1.22M | R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); |
530 | 1.22M | R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); |
531 | | |
532 | 1.22M | R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); |
533 | | |
534 | 1.22M | R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); |
535 | 1.22M | R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); |
536 | 1.22M | R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); |
537 | 1.22M | R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); |
538 | 1.22M | R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); |
539 | | |
540 | 1.22M | R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); |
541 | 1.22M | R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); |
542 | 1.22M | R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); |
543 | 1.22M | R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); |
544 | 1.22M | R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); |
545 | | |
546 | 1.22M | R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); |
547 | 1.22M | R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); |
548 | 1.22M | R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); |
549 | 1.22M | R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); |
550 | 1.22M | R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); |
551 | 1.22M | #endif |
552 | | |
553 | | /* Add the working vars back into digest state[] */ |
554 | 1.22M | sha->digest[0] += a; |
555 | 1.22M | sha->digest[1] += b; |
556 | 1.22M | sha->digest[2] += c; |
557 | 1.22M | sha->digest[3] += d; |
558 | 1.22M | sha->digest[4] += e; |
559 | | |
560 | 1.22M | (void)data; /* Not used */ |
561 | | |
562 | 1.22M | return 0; |
563 | 1.22M | } |
564 | | #endif /* XTRANSFORM when USE_SHA_SOFTWARE_IMPL is enabled */ |
565 | | |
566 | | |
567 | | /* |
568 | | ** wolfCrypt InitSha external wrapper. |
569 | | ** |
570 | | ** we'll assume this is ALWAYS for a new, uninitialized sha |
571 | | */ |
572 | | int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) |
573 | 259k | { |
574 | 259k | int ret = 0; |
575 | 259k | if (sha == NULL) { |
576 | 0 | return BAD_FUNC_ARG; |
577 | 0 | } |
578 | | |
579 | 259k | sha->heap = heap; |
580 | 259k | #ifdef WOLF_CRYPTO_CB |
581 | 259k | sha->devId = devId; |
582 | 259k | sha->devCtx = NULL; |
583 | 259k | #endif |
584 | | #ifdef WOLFSSL_HASH_KEEP |
585 | | sha->msg = NULL; |
586 | | sha->len = 0; |
587 | | sha->used = 0; |
588 | | #endif |
589 | | |
590 | | #ifdef WOLFSSL_USE_ESP32_CRYPT_HASH_HW |
591 | | if (sha->ctx.mode != ESP32_SHA_INIT) { |
592 | | /* it may be interesting to see old values during debugging */ |
593 | | ESP_LOGV(TAG, "Set ctx mode from prior value: %d", sha->ctx.mode); |
594 | | } |
595 | | /* We know this is a fresh, uninitialized item, so set to INIT */ |
596 | | sha->ctx.mode = ESP32_SHA_INIT; |
597 | | #endif |
598 | | |
599 | 259k | ret = InitSha(sha); |
600 | 259k | if (ret != 0) { |
601 | 0 | return ret; |
602 | 0 | } |
603 | | |
604 | | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA) |
605 | | ret = wolfAsync_DevCtxInit(&sha->asyncDev, WOLFSSL_ASYNC_MARKER_SHA, |
606 | | sha->heap, devId); |
607 | | #else |
608 | 259k | (void)devId; |
609 | 259k | #endif /* WOLFSSL_ASYNC_CRYPT */ |
610 | | #ifdef WOLFSSL_IMXRT1170_CAAM |
611 | | ret = wc_CAAM_HashInit(&sha->hndl, &sha->ctx, WC_HASH_TYPE_SHA); |
612 | | #endif |
613 | | |
614 | 259k | return ret; |
615 | 259k | } /* wc_InitSha_ex */ |
616 | | |
617 | | /* do block size increments/updates */ |
618 | | int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) |
619 | 510k | { |
620 | 510k | int ret = 0; |
621 | 510k | word32 blocksLen; |
622 | 510k | byte* local; |
623 | | |
624 | 510k | if (sha == NULL || (data == NULL && len > 0)) { |
625 | 0 | return BAD_FUNC_ARG; |
626 | 0 | } |
627 | | |
628 | 510k | if (data == NULL && len == 0) { |
629 | | /* valid, but do nothing */ |
630 | 54 | return 0; |
631 | 54 | } |
632 | | |
633 | 510k | #ifdef WOLF_CRYPTO_CB |
634 | 510k | if (sha->devId != INVALID_DEVID) { |
635 | 0 | ret = wc_CryptoCb_ShaHash(sha, data, len, NULL); |
636 | 0 | if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) |
637 | 0 | return ret; |
638 | 0 | ret = 0; /* reset ret */ |
639 | | /* fall-through when unavailable */ |
640 | 0 | } |
641 | 510k | #endif |
642 | | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA) |
643 | | if (sha->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA) { |
644 | | #if defined(HAVE_INTEL_QA) |
645 | | return IntelQaSymSha(&sha->asyncDev, NULL, data, len); |
646 | | #endif |
647 | | } |
648 | | #endif /* WOLFSSL_ASYNC_CRYPT */ |
649 | | |
650 | | /* check that internal buffLen is valid */ |
651 | 510k | if (sha->buffLen >= WC_SHA_BLOCK_SIZE) { |
652 | 0 | return BUFFER_E; |
653 | 0 | } |
654 | | |
655 | | /* add length for final */ |
656 | 510k | AddLength(sha, len); |
657 | | |
658 | 510k | local = (byte*)sha->buffer; |
659 | | |
660 | | /* process any remainder from previous operation */ |
661 | 510k | if (sha->buffLen > 0) { |
662 | 281k | blocksLen = min(len, WC_SHA_BLOCK_SIZE - sha->buffLen); |
663 | 281k | XMEMCPY(&local[sha->buffLen], data, blocksLen); |
664 | | |
665 | 281k | sha->buffLen += blocksLen; |
666 | 281k | data += blocksLen; |
667 | 281k | len -= blocksLen; |
668 | | |
669 | 281k | if (sha->buffLen == WC_SHA_BLOCK_SIZE) { |
670 | | #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) |
671 | | if (sha->ctx.mode == ESP32_SHA_INIT) { |
672 | | #if defined(WOLFSSL_DEBUG_MUTEX) |
673 | | { |
674 | | ESP_LOGI(TAG, "wc_ShaUpdate try hardware"); |
675 | | } |
676 | | #endif |
677 | | esp_sha_try_hw_lock(&sha->ctx); |
678 | | } |
679 | | #endif |
680 | | |
681 | 78.1k | #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA) |
682 | | #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \ |
683 | | defined(CONFIG_IDF_TARGET_ESP8684) || \ |
684 | | defined(CONFIG_IDF_TARGET_ESP32C3) || \ |
685 | | defined(CONFIG_IDF_TARGET_ESP32C6) \ |
686 | | ) && \ |
687 | | defined(WOLFSSL_ESP32_CRYPT) && \ |
688 | | !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) |
689 | | /* For Espressif RISC-V Targets, we *may* need to reverse bytes |
690 | | * depending on if HW is active or not. */ |
691 | | if (esp_sha_need_byte_reversal(&sha->ctx)) |
692 | | #endif |
693 | 78.1k | { |
694 | 78.1k | ByteReverseWords(sha->buffer, sha->buffer, WC_SHA_BLOCK_SIZE); |
695 | 78.1k | } |
696 | 78.1k | #endif |
697 | | |
698 | | #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) |
699 | | if (sha->ctx.mode == ESP32_SHA_SW) { |
700 | | #if defined(WOLFSSL_DEBUG_MUTEX) |
701 | | { |
702 | | ESP_LOGI(TAG, "wc_ShaUpdate process software"); |
703 | | } |
704 | | #endif |
705 | | ret = XTRANSFORM(sha, (const byte*)local); |
706 | | } |
707 | | else { |
708 | | #if defined(WOLFSSL_DEBUG_MUTEX) |
709 | | { |
710 | | ESP_LOGI(TAG, "wc_ShaUpdate process hardware"); |
711 | | } |
712 | | #endif |
713 | | esp_sha_process(sha, (const byte*)local); |
714 | | } |
715 | | #elif defined (WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW) |
716 | | ESP_LOGI(TAG, "wc_ShaUpdate not implemented for ESP32C3"); |
717 | | ret = XTRANSFORM(sha, (const byte*)local); |
718 | | #else |
719 | 78.1k | ret = XTRANSFORM(sha, (const byte*)local); |
720 | 78.1k | #endif |
721 | 78.1k | if (ret != 0) { |
722 | 0 | return ret; |
723 | 0 | } |
724 | | |
725 | 78.1k | sha->buffLen = 0; /* Nothing left to do, so set to zero. */ |
726 | 78.1k | } /* (sha->buffLen == WC_SHA_BLOCK_SIZE) */ |
727 | 281k | } /* (sha->buffLen > 0) Process any remainder from previous operation. */ |
728 | | |
729 | | /* process blocks */ |
730 | | #ifdef XTRANSFORM_LEN |
731 | | /* get number of blocks */ |
732 | | /* 64-1 = 0x3F (~ Inverted = 0xFFFFFFC0) */ |
733 | | /* len (masked by 0xFFFFFFC0) returns block aligned length */ |
734 | | blocksLen = len & ~(WC_SHA_BLOCK_SIZE-1); |
735 | | if (blocksLen > 0) { |
736 | | /* Byte reversal performed in function if required. */ |
737 | | XTRANSFORM_LEN(sha, data, blocksLen); |
738 | | data += blocksLen; |
739 | | len -= blocksLen; |
740 | | } |
741 | | #else |
742 | 1.45M | while (len >= WC_SHA_BLOCK_SIZE) { |
743 | 943k | word32* local32 = sha->buffer; |
744 | | /* optimization to avoid memcpy if data pointer is properly aligned */ |
745 | | /* Little Endian requires byte swap, so can't use data directly */ |
746 | | #if defined(WC_HASH_DATA_ALIGNMENT) && !defined(LITTLE_ENDIAN_ORDER) |
747 | | if (((wc_ptr_t)data % WC_HASH_DATA_ALIGNMENT) == 0) { |
748 | | local32 = (word32*)data; |
749 | | } |
750 | | else |
751 | | #endif |
752 | 943k | { |
753 | 943k | XMEMCPY(local32, data, WC_SHA_BLOCK_SIZE); |
754 | 943k | } |
755 | | |
756 | 943k | data += WC_SHA_BLOCK_SIZE; |
757 | 943k | len -= WC_SHA_BLOCK_SIZE; |
758 | | |
759 | | #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) |
760 | | if (sha->ctx.mode == ESP32_SHA_INIT){ |
761 | | esp_sha_try_hw_lock(&sha->ctx); |
762 | | } |
763 | | #endif |
764 | | |
765 | 943k | #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA) |
766 | | #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \ |
767 | | defined(CONFIG_IDF_TARGET_ESP8684) || \ |
768 | | defined(CONFIG_IDF_TARGET_ESP32C3) || \ |
769 | | defined(CONFIG_IDF_TARGET_ESP32C6) \ |
770 | | ) && \ |
771 | | defined(WOLFSSL_ESP32_CRYPT) && \ |
772 | | !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) |
773 | | /* For Espressif RISC-V Targets, we *may* need to reverse bytes |
774 | | * depending on if HW is active or not. */ |
775 | | if (esp_sha_need_byte_reversal(&sha->ctx)) |
776 | | #endif |
777 | 943k | { |
778 | 943k | ByteReverseWords(local32, local32, WC_SHA_BLOCK_SIZE); |
779 | 943k | } |
780 | 943k | #endif |
781 | | |
782 | | #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) |
783 | | if (sha->ctx.mode == ESP32_SHA_SW){ |
784 | | ret = XTRANSFORM(sha, (const byte*)local32); |
785 | | } |
786 | | else { |
787 | | esp_sha_process(sha, (const byte*)local32); |
788 | | } |
789 | | #else |
790 | 943k | ret = XTRANSFORM(sha, (const byte*)local32); |
791 | 943k | #endif |
792 | 943k | } |
793 | 510k | #endif /* XTRANSFORM_LEN */ |
794 | | |
795 | | /* save remainder */ |
796 | 510k | if (len > 0) { |
797 | 250k | XMEMCPY(local, data, len); |
798 | 250k | sha->buffLen = len; |
799 | 250k | } |
800 | | |
801 | 510k | return ret; |
802 | 510k | } |
803 | | |
804 | | int wc_ShaFinalRaw(wc_Sha* sha, byte* hash) |
805 | 172 | { |
806 | 172 | #ifdef LITTLE_ENDIAN_ORDER |
807 | 172 | word32 digest[WC_SHA_DIGEST_SIZE / sizeof(word32)]; |
808 | 172 | XMEMSET(digest, 0, sizeof(digest)); |
809 | 172 | #endif |
810 | | |
811 | 172 | if (sha == NULL || hash == NULL) { |
812 | 0 | return BAD_FUNC_ARG; |
813 | 0 | } |
814 | | |
815 | 172 | #ifdef LITTLE_ENDIAN_ORDER |
816 | | #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \ |
817 | | defined(CONFIG_IDF_TARGET_ESP8684) || \ |
818 | | defined(CONFIG_IDF_TARGET_ESP32C3) || \ |
819 | | defined(CONFIG_IDF_TARGET_ESP32C6) \ |
820 | | ) && \ |
821 | | defined(WOLFSSL_ESP32_CRYPT) && \ |
822 | | !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) |
823 | | /* For Espressif RISC-V Targets, we *may* need to reverse bytes |
824 | | * depending on if HW is active or not. */ |
825 | | if (esp_sha_need_byte_reversal(&sha->ctx)) |
826 | | #endif |
827 | 172 | { |
828 | 172 | ByteReverseWords((word32*)digest, (word32*)sha->digest, WC_SHA_DIGEST_SIZE); |
829 | 172 | } |
830 | 172 | XMEMCPY(hash, (byte *)&digest[0], WC_SHA_DIGEST_SIZE); |
831 | | #else |
832 | | XMEMCPY(hash, sha->digest, WC_SHA_DIGEST_SIZE); |
833 | | #endif |
834 | | |
835 | 172 | return 0; |
836 | 172 | } |
837 | | |
838 | | /* |
839 | | ** Finalizes hashing of data. Result is placed into hash. |
840 | | ** Resets state of sha struct. |
841 | | */ |
842 | | int wc_ShaFinal(wc_Sha* sha, byte* hash) |
843 | 152k | { |
844 | 152k | int ret; |
845 | 152k | byte* local; |
846 | | |
847 | 152k | if (sha == NULL || hash == NULL) { |
848 | 0 | return BAD_FUNC_ARG; |
849 | 0 | } |
850 | | |
851 | 152k | local = (byte*)sha->buffer; |
852 | | |
853 | 152k | #ifdef WOLF_CRYPTO_CB |
854 | 152k | if (sha->devId != INVALID_DEVID) { |
855 | 0 | ret = wc_CryptoCb_ShaHash(sha, NULL, 0, hash); |
856 | 0 | if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) |
857 | 0 | return ret; |
858 | | /* fall-through when unavailable */ |
859 | 0 | } |
860 | 152k | #endif |
861 | | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA) |
862 | | if (sha->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA) { |
863 | | #if defined(HAVE_INTEL_QA) |
864 | | return IntelQaSymSha(&sha->asyncDev, hash, NULL, WC_SHA_DIGEST_SIZE); |
865 | | #endif |
866 | | } |
867 | | #endif /* WOLFSSL_ASYNC_CRYPT */ |
868 | | |
869 | | /* we'll add a 0x80 byte at the end, |
870 | | ** so make sure we have appropriate buffer length. */ |
871 | 152k | if (sha->buffLen > WC_SHA_BLOCK_SIZE - 1) { |
872 | | /* exit with error code if there's a bad buffer size in buffLen */ |
873 | 0 | return BAD_STATE_E; |
874 | 0 | } /* buffLen check */ |
875 | | |
876 | 152k | local[sha->buffLen++] = 0x80; /* add 1 */ |
877 | | |
878 | | /* pad with zeros */ |
879 | 152k | if (sha->buffLen > WC_SHA_PAD_SIZE) { |
880 | 5.03k | if (sha->buffLen < WC_SHA_BLOCK_SIZE) { |
881 | 3.70k | XMEMSET(&local[sha->buffLen], 0, WC_SHA_BLOCK_SIZE - sha->buffLen); |
882 | 3.70k | } |
883 | | |
884 | 5.03k | sha->buffLen += WC_SHA_BLOCK_SIZE - sha->buffLen; |
885 | | |
886 | | #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) |
887 | | /* For a fresh sha.ctx, try to use hardware acceleration */ |
888 | | if (sha->ctx.mode == ESP32_SHA_INIT) { |
889 | | esp_sha_try_hw_lock(&sha->ctx); |
890 | | } |
891 | | #endif |
892 | | |
893 | 5.03k | #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA) |
894 | | #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \ |
895 | | defined(CONFIG_IDF_TARGET_ESP8684) || \ |
896 | | defined(CONFIG_IDF_TARGET_ESP32C3) || \ |
897 | | defined(CONFIG_IDF_TARGET_ESP32C6) \ |
898 | | ) && \ |
899 | | defined(WOLFSSL_ESP32_CRYPT) && \ |
900 | | !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) |
901 | | /* For Espressif RISC-V Targets, we *may* need to reverse bytes |
902 | | * depending on if HW is active or not. */ |
903 | | if (esp_sha_need_byte_reversal(&sha->ctx)) |
904 | | #endif |
905 | 5.03k | { |
906 | 5.03k | ByteReverseWords(sha->buffer, sha->buffer, WC_SHA_BLOCK_SIZE); |
907 | 5.03k | } |
908 | 5.03k | #endif |
909 | | |
910 | | #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) |
911 | | /* if HW was busy, we may need to fall back to SW. */ |
912 | | if (sha->ctx.mode == ESP32_SHA_SW) { |
913 | | ret = XTRANSFORM(sha, (const byte*)local); |
914 | | } |
915 | | else { |
916 | | ret = esp_sha_process(sha, (const byte*)local); |
917 | | } |
918 | | #else |
919 | | /* |
920 | | ** The #if defined(WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW) also falls |
921 | | ** though here to SW, as it's not yet implemented for HW. |
922 | | */ |
923 | 5.03k | ret = XTRANSFORM(sha, (const byte*)local); |
924 | 5.03k | #endif |
925 | 5.03k | if (ret != 0) { |
926 | 0 | return ret; |
927 | 0 | } |
928 | | |
929 | 5.03k | sha->buffLen = 0; |
930 | 5.03k | } /* (sha->buffLen > WC_SHA_PAD_SIZE) */ |
931 | | |
932 | 152k | XMEMSET(&local[sha->buffLen], 0, WC_SHA_PAD_SIZE - sha->buffLen); |
933 | | |
934 | | #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) |
935 | | if (sha->ctx.mode == ESP32_SHA_INIT) { |
936 | | esp_sha_try_hw_lock(&sha->ctx); |
937 | | } |
938 | | #endif |
939 | | |
940 | 152k | #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU_SHA) |
941 | | #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \ |
942 | | defined(CONFIG_IDF_TARGET_ESP8684) || \ |
943 | | defined(CONFIG_IDF_TARGET_ESP32C3) || \ |
944 | | defined(CONFIG_IDF_TARGET_ESP32C6) \ |
945 | | ) && \ |
946 | | defined(WOLFSSL_ESP32_CRYPT) && \ |
947 | | !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) |
948 | | /* For Espressif RISC-V Targets, we *may* need to reverse bytes |
949 | | * depending on if HW is active or not. */ |
950 | | if (esp_sha_need_byte_reversal(&sha->ctx)) |
951 | | #endif |
952 | 152k | { /* reminder local also points to sha->buffer */ |
953 | 152k | ByteReverseWords(sha->buffer, sha->buffer, WC_SHA_BLOCK_SIZE); |
954 | 152k | } |
955 | 152k | #endif |
956 | | |
957 | | /* store lengths */ |
958 | | /* put lengths in bits */ |
959 | 152k | sha->hiLen = (sha->loLen >> (8*sizeof(sha->loLen) - 3)) + (sha->hiLen << 3); |
960 | 152k | sha->loLen = sha->loLen << 3; |
961 | | |
962 | | /* ! length ordering dependent on digest endian type ! */ |
963 | 152k | XMEMCPY(&local[WC_SHA_PAD_SIZE], &sha->hiLen, sizeof(word32)); |
964 | 152k | XMEMCPY(&local[WC_SHA_PAD_SIZE + sizeof(word32)], &sha->loLen, sizeof(word32)); |
965 | | |
966 | | #if defined(FREESCALE_MMCAU_SHA) |
967 | | /* Kinetis requires only these bytes reversed */ |
968 | | ByteReverseWords(&sha->buffer[WC_SHA_PAD_SIZE/sizeof(word32)], |
969 | | &sha->buffer[WC_SHA_PAD_SIZE/sizeof(word32)], |
970 | | 2 * sizeof(word32)); |
971 | | #endif |
972 | | |
973 | | |
974 | | #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \ |
975 | | defined(CONFIG_IDF_TARGET_ESP8684) || \ |
976 | | defined(CONFIG_IDF_TARGET_ESP32C3) || \ |
977 | | defined(CONFIG_IDF_TARGET_ESP32C6) \ |
978 | | ) && \ |
979 | | defined(WOLFSSL_ESP32_CRYPT) && !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) |
980 | | if (sha->ctx.mode == ESP32_SHA_HW) { |
981 | | #if defined(WOLFSSL_SUPER_VERBOSE_DEBUG) |
982 | | { |
983 | | ESP_LOGV(TAG, "Start: Reverse PAD SIZE Endianness."); |
984 | | } |
985 | | #endif |
986 | | ByteReverseWords(&sha->buffer[WC_SHA_PAD_SIZE/sizeof(word32)], /* out */ |
987 | | &sha->buffer[WC_SHA_PAD_SIZE/sizeof(word32)], /* in */ |
988 | | 2 * sizeof(word32) /* byte count to reverse */ |
989 | | ); |
990 | | #if defined(WOLFSSL_SUPER_VERBOSE_DEBUG) |
991 | | { |
992 | | ESP_LOGV(TAG, "End: Reverse PAD SIZE Endianness."); |
993 | | } |
994 | | #endif |
995 | | } /* end if (sha->ctx.mode == ESP32_SHA_HW) */ |
996 | | #endif |
997 | | |
998 | | #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) |
999 | | if (sha->ctx.mode == ESP32_SHA_SW) { |
1000 | | ret = XTRANSFORM(sha, (const byte*)local); |
1001 | | } |
1002 | | else { |
1003 | | ret = esp_sha_digest_process(sha, 1); |
1004 | | } |
1005 | | /* |
1006 | | ** The #if defined(WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW) also falls |
1007 | | ** though here to SW, as it's not yet implemented for HW. |
1008 | | */ |
1009 | | #else |
1010 | 152k | ret = XTRANSFORM(sha, (const byte*)local); |
1011 | 152k | #endif |
1012 | | |
1013 | 152k | #ifdef LITTLE_ENDIAN_ORDER |
1014 | | #if ( defined(CONFIG_IDF_TARGET_ESP32C2) || \ |
1015 | | defined(CONFIG_IDF_TARGET_ESP8684) || \ |
1016 | | defined(CONFIG_IDF_TARGET_ESP32C3) || \ |
1017 | | defined(CONFIG_IDF_TARGET_ESP32C6) \ |
1018 | | ) && \ |
1019 | | defined(WOLFSSL_ESP32_CRYPT) && !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) |
1020 | | /* For Espressif RISC-V Targets, we *may* need to reverse bytes |
1021 | | * depending on if HW is active or not. */ |
1022 | | if (esp_sha_need_byte_reversal(&sha->ctx)) |
1023 | | #endif |
1024 | 152k | { |
1025 | 152k | ByteReverseWords(sha->digest, sha->digest, WC_SHA_DIGEST_SIZE); |
1026 | 152k | } |
1027 | 152k | #endif |
1028 | | |
1029 | 152k | XMEMCPY(hash, (byte *)&sha->digest[0], WC_SHA_DIGEST_SIZE); |
1030 | | |
1031 | | /* we'll always reset state upon exit and return the error code from above, |
1032 | | * which may cause fall back to SW if HW is busy. we do not return result |
1033 | | * of initSha here */ |
1034 | 152k | (void)InitSha(sha); /* reset state */ |
1035 | 152k | return ret; |
1036 | 152k | } |
1037 | | |
1038 | | #if defined(OPENSSL_EXTRA) || defined(HAVE_CURL) |
1039 | | /* Apply SHA1 transformation to the data */ |
1040 | | /* @param sha a pointer to wc_Sha structure */ |
1041 | | /* @param data data to be applied SHA1 transformation */ |
1042 | | /* @return 0 on successful, otherwise non-zero on failure */ |
1043 | | int wc_ShaTransform(wc_Sha* sha, const unsigned char* data) |
1044 | | { |
1045 | | /* sanity check */ |
1046 | | if (sha == NULL || data == NULL) { |
1047 | | return BAD_FUNC_ARG; |
1048 | | } |
1049 | | return (Transform(sha, data)); |
1050 | | } |
1051 | | #endif |
1052 | | |
1053 | | #endif /* USE_SHA_SOFTWARE_IMPL */ |
1054 | | |
1055 | | /* |
1056 | | ** This function initializes SHA. This is automatically called by wc_ShaHash. |
1057 | | */ |
1058 | | int wc_InitSha(wc_Sha* sha) |
1059 | 136 | { |
1060 | 136 | return wc_InitSha_ex(sha, NULL, INVALID_DEVID); |
1061 | 136 | } |
1062 | | |
1063 | | |
1064 | | #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) |
1065 | | |
1066 | | #ifndef MAX3266X_SHA |
1067 | | |
1068 | | void wc_ShaFree(wc_Sha* sha) |
1069 | 261k | { |
1070 | | #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_FREE) |
1071 | | int ret = 0; |
1072 | | #endif |
1073 | | |
1074 | 261k | if (sha == NULL) |
1075 | 0 | return; |
1076 | | |
1077 | | #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_FREE) |
1078 | | #ifndef WOLF_CRYPTO_CB_FIND |
1079 | | if (sha->devId != INVALID_DEVID) |
1080 | | #endif |
1081 | | { |
1082 | | ret = wc_CryptoCb_Free(sha->devId, WC_ALGO_TYPE_HASH, |
1083 | | WC_HASH_TYPE_SHA, 0, (void*)sha); |
1084 | | /* If they want the standard free, they can call it themselves */ |
1085 | | /* via their callback setting devId to INVALID_DEVID */ |
1086 | | /* otherwise assume the callback handled it */ |
1087 | | if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) |
1088 | | return; |
1089 | | /* fall-through when unavailable */ |
1090 | | } |
1091 | | |
1092 | | /* silence compiler warning */ |
1093 | | (void)ret; |
1094 | | |
1095 | | #endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_FREE */ |
1096 | | |
1097 | | #if defined(WOLFSSL_ESP32) && !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) |
1098 | | esp_sha_release_unfinished_lock(&sha->ctx); |
1099 | | #endif |
1100 | | |
1101 | | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA) |
1102 | | wolfAsync_DevCtxFree(&sha->asyncDev, WOLFSSL_ASYNC_MARKER_SHA); |
1103 | | #endif /* WOLFSSL_ASYNC_CRYPT */ |
1104 | | |
1105 | | #ifdef WOLFSSL_PIC32MZ_HASH |
1106 | | wc_ShaPic32Free(sha); |
1107 | | #endif |
1108 | | #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) |
1109 | | se050_hash_free(&sha->se050Ctx); |
1110 | | #endif |
1111 | | #if (defined(WOLFSSL_RENESAS_TSIP_TLS) || \ |
1112 | | defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \ |
1113 | | !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) || \ |
1114 | | (defined(WOLFSSL_RENESAS_RSIP) && (WOLFSSL_RENESAS_RZFSP_VER >= 220)) ||\ |
1115 | | defined(WOLFSSL_RENESAS_RX64_HASH) |
1116 | | XFREE(sha->msg, sha->heap, DYNAMIC_TYPE_TMP_BUFFER); |
1117 | | sha->msg = NULL; |
1118 | | #endif |
1119 | | #ifdef WOLFSSL_IMXRT_DCP |
1120 | | DCPShaFree(sha); |
1121 | | #endif |
1122 | | |
1123 | | #ifdef WOLFSSL_HASH_KEEP |
1124 | | if (sha->msg != NULL) { |
1125 | | ForceZero(sha->msg, sha->len); |
1126 | | XFREE(sha->msg, sha->heap, DYNAMIC_TYPE_TMP_BUFFER); |
1127 | | sha->msg = NULL; |
1128 | | } |
1129 | | #endif |
1130 | | |
1131 | | #if defined(PSOC6_HASH_SHA1) |
1132 | | wc_Psoc6_Sha_Free(); |
1133 | | #endif |
1134 | 261k | } |
1135 | | |
1136 | | #endif /* !MAX3266X_SHA */ |
1137 | | #endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */ |
1138 | | #endif /* !WOLFSSL_TI_HASH */ |
1139 | | |
1140 | | #if !defined(WOLFSSL_TI_HASH) && !defined(WOLFSSL_IMXRT_DCP) |
1141 | | |
1142 | | #if ((!defined(WOLFSSL_RENESAS_TSIP_TLS) && \ |
1143 | | !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) || \ |
1144 | | defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) && \ |
1145 | | (!defined(WOLFSSL_RENESAS_RSIP) || \ |
1146 | | defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)) |
1147 | | #if !defined(WOLFSSL_RENESAS_RX64_HASH) |
1148 | | |
1149 | | #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) |
1150 | | |
1151 | | #ifndef MAX3266X_SHA |
1152 | | |
1153 | | /* wc_ShaGetHash get hash value */ |
1154 | | int wc_ShaGetHash(wc_Sha* sha, byte* hash) |
1155 | 1.67k | { |
1156 | 1.67k | int ret; |
1157 | 1.67k | WC_DECLARE_VAR(tmpSha, wc_Sha, 1, 0); |
1158 | | |
1159 | 1.67k | if (sha == NULL || hash == NULL) { |
1160 | 0 | return BAD_FUNC_ARG; |
1161 | 0 | } |
1162 | | |
1163 | 1.67k | WC_CALLOC_VAR_EX(tmpSha, wc_Sha, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER, |
1164 | 1.67k | return MEMORY_E); |
1165 | | |
1166 | 1.66k | ret = wc_ShaCopy(sha, tmpSha); |
1167 | 1.66k | if (ret == 0) { |
1168 | 1.66k | ret = wc_ShaFinal(tmpSha, hash); |
1169 | 1.66k | } |
1170 | | |
1171 | 1.66k | WC_FREE_VAR_EX(tmpSha, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
1172 | | |
1173 | 1.66k | return ret; |
1174 | 1.67k | } |
1175 | | |
1176 | | int wc_ShaCopy(wc_Sha* src, wc_Sha* dst) |
1177 | 1.73k | { |
1178 | 1.73k | int ret = 0; |
1179 | | |
1180 | 1.73k | if (src == NULL || dst == NULL) |
1181 | 0 | return BAD_FUNC_ARG; |
1182 | | |
1183 | | #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_COPY) |
1184 | | #ifndef WOLF_CRYPTO_CB_FIND |
1185 | | if (src->devId != INVALID_DEVID) |
1186 | | #endif |
1187 | | { |
1188 | | /* Cast the source and destination to be void to keep the abstraction */ |
1189 | | ret = wc_CryptoCb_Copy(src->devId, WC_ALGO_TYPE_HASH, |
1190 | | WC_HASH_TYPE_SHA, (void*)src, (void*)dst); |
1191 | | if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) |
1192 | | return ret; |
1193 | | /* fall-through when unavailable */ |
1194 | | } |
1195 | | ret = 0; /* Reset ret to 0 to avoid returning the callback error code */ |
1196 | | #endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_COPY */ |
1197 | | |
1198 | | /* Free dst resources before copy to prevent memory leaks (e.g., msg |
1199 | | * buffer, W cache, hardware contexts). XMEMCPY overwrites dst. */ |
1200 | 1.73k | wc_ShaFree(dst); |
1201 | 1.73k | XMEMCPY(dst, src, sizeof(wc_Sha)); |
1202 | | |
1203 | | #if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3) |
1204 | | dst->silabsCtx.hash_ctx.cmd_ctx = &dst->silabsCtx.cmd_ctx; |
1205 | | dst->silabsCtx.hash_ctx.hash_type_ctx = &dst->silabsCtx.hash_type_ctx; |
1206 | | #endif |
1207 | | |
1208 | | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA) |
1209 | | ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev); |
1210 | | #endif |
1211 | | |
1212 | | #ifdef WOLFSSL_PIC32MZ_HASH |
1213 | | ret = wc_Pic32HashCopy(&src->cache, &dst->cache); |
1214 | | #endif |
1215 | | |
1216 | | #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) |
1217 | | ret = se050_hash_copy(&src->se050Ctx, &dst->se050Ctx); |
1218 | | #endif |
1219 | | |
1220 | | #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) |
1221 | | esp_sha_ctx_copy(src, dst); |
1222 | | #endif |
1223 | | |
1224 | | |
1225 | | #if defined(PSOC6_HASH_SHA1) |
1226 | | wc_Psoc6_Sha1_Sha2_Init(dst, WC_PSOC6_SHA1, 0); |
1227 | | #endif |
1228 | | |
1229 | 1.73k | #ifdef WOLFSSL_HASH_FLAGS |
1230 | 1.73k | dst->flags |= WC_HASH_FLAG_ISCOPY; |
1231 | 1.73k | #endif |
1232 | | |
1233 | | #if defined(WOLFSSL_HASH_KEEP) |
1234 | | if (src->msg != NULL) { |
1235 | | dst->msg = (byte*)XMALLOC(src->len, dst->heap, |
1236 | | DYNAMIC_TYPE_TMP_BUFFER); |
1237 | | if (dst->msg == NULL) { |
1238 | | return MEMORY_E; |
1239 | | } |
1240 | | XMEMCPY(dst->msg, src->msg, src->used); |
1241 | | } |
1242 | | #endif |
1243 | | |
1244 | 1.73k | return ret; |
1245 | 1.73k | } |
1246 | | #endif /* WOLFSSL_RENESAS_RX64_HASH */ |
1247 | | #endif /* !MAX3266X_SHA */ |
1248 | | #endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */ |
1249 | | #endif /* !defined(WOLFSSL_RENESAS_TSIP_TLS) && \ |
1250 | | !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) || |
1251 | | defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) */ |
1252 | | #endif /* !defined(WOLFSSL_TI_HASH) && !defined(WOLFSSL_IMXRT_DCP) */ |
1253 | | |
1254 | | #ifdef WOLFSSL_HASH_FLAGS |
1255 | | int wc_ShaSetFlags(wc_Sha* sha, word32 flags) |
1256 | 106k | { |
1257 | 106k | if (sha) { |
1258 | 106k | sha->flags = flags; |
1259 | 106k | } |
1260 | 106k | return 0; |
1261 | 106k | } |
1262 | | int wc_ShaGetFlags(wc_Sha* sha, word32* flags) |
1263 | 0 | { |
1264 | 0 | if (sha && flags) { |
1265 | 0 | *flags = sha->flags; |
1266 | 0 | } |
1267 | 0 | return 0; |
1268 | 0 | } |
1269 | | #endif |
1270 | | |
1271 | | #endif /* !NO_SHA */ |