1 /* sha256.h - TinyCrypt interface to a SHA-256 implementation */ 2 3 /* 4 * Copyright (C) 2017 by Intel Corporation, All Rights Reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are met: 8 * 9 * - Redistributions of source code must retain the above copyright notice, 10 * this list of conditions and the following disclaimer. 11 * 12 * - Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * - Neither the name of Intel Corporation nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 /** 34 * @file 35 * @brief Interface to a SHA-256 implementation. 36 * 37 * Overview: SHA-256 is a NIST approved cryptographic hashing algorithm 38 * specified in FIPS 180. A hash algorithm maps data of arbitrary 39 * size to data of fixed length. 40 * 41 * Security: SHA-256 provides 128 bits of security against collision attacks 42 * and 256 bits of security against pre-image attacks. SHA-256 does 43 * NOT behave like a random oracle, but it can be used as one if 44 * the string being hashed is prefix-free encoded before hashing. 45 * 46 * Usage: 1) call tc_sha256_init to initialize a struct 47 * tc_sha256_state_struct before hashing a new string. 48 * 49 * 2) call tc_sha256_update to hash the next string segment; 50 * tc_sha256_update can be called as many times as needed to hash 51 * all of the segments of a string; the order is important. 52 * 53 * 3) call tc_sha256_final to out put the digest from a hashing 54 * operation. 55 */ 56 57 #ifndef __BLE_MESH_TC_SHA256_H__ 58 #define __BLE_MESH_TC_SHA256_H__ 59 60 #include <stddef.h> 61 #include <stdint.h> 62 63 #ifdef __cplusplus 64 extern "C" { 65 #endif 66 67 #define TC_SHA256_BLOCK_SIZE (64) 68 #define TC_SHA256_DIGEST_SIZE (32) 69 #define TC_SHA256_STATE_BLOCKS (TC_SHA256_DIGEST_SIZE/4) 70 71 struct tc_sha256_state_struct { 72 unsigned int iv[TC_SHA256_STATE_BLOCKS]; 73 uint64_t bits_hashed; 74 uint8_t leftover[TC_SHA256_BLOCK_SIZE]; 75 size_t leftover_offset; 76 }; 77 78 typedef struct tc_sha256_state_struct *TCSha256State_t; 79 80 /** 81 * @brief SHA256 initialization procedure 82 * Initializes s 83 * @return returns TC_CRYPTO_SUCCESS (1) 84 * returns TC_CRYPTO_FAIL (0) if s == NULL 85 * @param s Sha256 state struct 86 */ 87 int tc_sha256_init(TCSha256State_t s); 88 89 /** 90 * @brief SHA256 update procedure 91 * Hashes data_length bytes addressed by data into state s 92 * @return returns TC_CRYPTO_SUCCESS (1) 93 * returns TC_CRYPTO_FAIL (0) if: 94 * s == NULL, 95 * s->iv == NULL, 96 * data == NULL 97 * @note Assumes s has been initialized by tc_sha256_init 98 * @warning The state buffer 'leftover' is left in memory after processing 99 * If your application intends to have sensitive data in this 100 * buffer, remind to erase it after the data has been processed 101 * @param s Sha256 state struct 102 * @param data message to hash 103 * @param datalen length of message to hash 104 */ 105 int tc_sha256_update (TCSha256State_t s, const uint8_t *data, size_t datalen); 106 107 /** 108 * @brief SHA256 final procedure 109 * Inserts the completed hash computation into digest 110 * @return returns TC_CRYPTO_SUCCESS (1) 111 * returns TC_CRYPTO_FAIL (0) if: 112 * s == NULL, 113 * s->iv == NULL, 114 * digest == NULL 115 * @note Assumes: s has been initialized by tc_sha256_init 116 * digest points to at least TC_SHA256_DIGEST_SIZE bytes 117 * @warning The state buffer 'leftover' is left in memory after processing 118 * If your application intends to have sensitive data in this 119 * buffer, remind to erase it after the data has been processed 120 * @param digest unsigned eight bit integer 121 * @param Sha256 state struct 122 */ 123 int tc_sha256_final(uint8_t *digest, TCSha256State_t s); 124 125 #ifdef __cplusplus 126 } 127 #endif 128 129 #endif /* __BLE_MESH_TC_SHA256_H__ */ 130