1 /* sha256.h - TinyCrypt interface to a SHA-256 implementation */
2 
3 /*
4  *  Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
5  *
6  *  Redistribution and use in source and binary forms, with or without
7  *  modification, are permitted provided that the following conditions are met:
8  *
9  *    - Redistributions of source code must retain the above copyright notice,
10  *     this list of conditions and the following disclaimer.
11  *
12  *    - Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  *    - Neither the name of Intel Corporation nor the names of its contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  *  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
24  *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27  *  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28  *  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29  *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30  *  POSSIBILITY OF SUCH DAMAGE.
31  */
32 
33 /**
34  * @file
35  * @brief Interface to a SHA-256 implementation.
36  *
37  *  Overview:   SHA-256 is a NIST approved cryptographic hashing algorithm
38  *              specified in FIPS 180. A hash algorithm maps data of arbitrary
39  *              size to data of fixed length.
40  *
41  *  Security:   SHA-256 provides 128 bits of security against collision attacks
42  *              and 256 bits of security against pre-image attacks. SHA-256 does
43  *              NOT behave like a random oracle, but it can be used as one if
44  *              the string being hashed is prefix-free encoded before hashing.
45  *
46  *  Usage:      1) call tc_sha256_init to initialize a struct
47  *              tc_sha256_state_struct before hashing a new string.
48  *
49  *              2) call tc_sha256_update to hash the next string segment;
50  *              tc_sha256_update can be called as many times as needed to hash
51  *              all of the segments of a string; the order is important.
52  *
53  *              3) call tc_sha256_final to out put the digest from a hashing
54  *              operation.
55  */
56 
57 #ifndef __TC_SHA256_H__
58 #define __TC_SHA256_H__
59 
60 #include <stddef.h>
61 #include <stdint.h>
62 
63 #ifdef __cplusplus
64 extern "C" {
65 #endif
66 
67 #define TC_SHA256_BLOCK_SIZE (64)
68 #define TC_SHA256_DIGEST_SIZE (32)
69 #define TC_SHA256_STATE_BLOCKS (TC_SHA256_DIGEST_SIZE/4)
70 
71 struct tc_sha256_state_struct {
72 	unsigned int iv[TC_SHA256_STATE_BLOCKS];
73 	uint64_t bits_hashed;
74 	uint8_t leftover[TC_SHA256_BLOCK_SIZE];
75 	size_t leftover_offset;
76 };
77 
78 typedef struct tc_sha256_state_struct *TCSha256State_t;
79 
80 /**
81  *  @brief SHA256 initialization procedure
82  *  Initializes s
83  *  @return returns TC_CRYPTO_SUCCESS (1)
84  *          returns TC_CRYPTO_FAIL (0) if s == NULL
85  *  @param s Sha256 state struct
86  */
87 int tc_sha256_init(TCSha256State_t s);
88 
89 /**
90  *  @brief SHA256 update procedure
91  *  Hashes data_length bytes addressed by data into state s
92  *  @return returns TC_CRYPTO_SUCCESS (1)
93  *          returns TC_CRYPTO_FAIL (0) if:
94  *                s == NULL,
95  *                s->iv == NULL,
96  *                data == NULL
97  *  @note Assumes s has been initialized by tc_sha256_init
98  *  @warning The state buffer 'leftover' is left in memory after processing
99  *           If your application intends to have sensitive data in this
100  *           buffer, remind to erase it after the data has been processed
101  *  @param s Sha256 state struct
102  *  @param data message to hash
103  *  @param datalen length of message to hash
104  */
105 int tc_sha256_update (TCSha256State_t s, const uint8_t *data, size_t datalen);
106 
107 /**
108  *  @brief SHA256 final procedure
109  *  Inserts the completed hash computation into digest
110  *  @return returns TC_CRYPTO_SUCCESS (1)
111  *          returns TC_CRYPTO_FAIL (0) if:
112  *                s == NULL,
113  *                s->iv == NULL,
114  *                digest == NULL
115  *  @note Assumes: s has been initialized by tc_sha256_init
116  *        digest points to at least TC_SHA256_DIGEST_SIZE bytes
117  *  @warning The state buffer 'leftover' is left in memory after processing
118  *           If your application intends to have sensitive data in this
119  *           buffer, remind to erase it after the data has been processed
120  *  @param digest unsigned eight bit integer
121  *  @param Sha256 state struct
122  */
123 int tc_sha256_final(uint8_t *digest, TCSha256State_t s);
124 
125 #ifdef __cplusplus
126 }
127 #endif
128 
129 #endif /* __TC_SHA256_H__ */
130