1 /*############################################################################
2 # Copyright 2017 Intel Corporation
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 #     http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15 ############################################################################*/
16 
17 /*
18  *  Copyright (C) 2017 by Intel Corporation, All Rights Reserved.
19  *
20  *  Redistribution and use in source and binary forms, with or without
21  *  modification, are permitted provided that the following conditions are met:
22  *
23  *    - Redistributions of source code must retain the above copyright notice,
24  *     this list of conditions and the following disclaimer.
25  *
26  *    - Redistributions in binary form must reproduce the above copyright
27  *    notice, this list of conditions and the following disclaimer in the
28  *    documentation and/or other materials provided with the distribution.
29  *
30  *    - Neither the name of Intel Corporation nor the names of its contributors
31  *    may be used to endorse or promote products derived from this software
32  *    without specific prior written permission.
33  *
34  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
35  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
36  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
37  *  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
38  *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
39  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
40  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
41  *  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
42  *  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
43  *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
44  *  POSSIBILITY OF SUCH DAMAGE.
45  */
46 
47 /**
48  * @file
49  * @brief Interface to a SHA-256 implementation.
50  *
51  *  Overview:   SHA-256 is a NIST approved cryptographic hashing algorithm
52  *              specified in FIPS 180. A hash algorithm maps data of arbitrary
53  *              size to data of fixed length.
54  *
55  *  Security:   SHA-256 provides 128 bits of security against collision attacks
56  *              and 256 bits of security against pre-image attacks. SHA-256 does
57  *              NOT behave like a random oracle, but it can be used as one if
58  *              the string being hashed is prefix-free encoded before hashing.
59  *
60  *  Usage:      1) call tc_sha256_init to initialize a struct
61  *              tc_sha256_state_struct before hashing a new string.
62  *
63  *              2) call tc_sha256_update to hash the next string segment;
64  *              tc_sha256_update can be called as many times as needed to hash
65  *              all of the segments of a string; the order is important.
66  *
67  *              3) call tc_sha256_final to out put the digest from a hashing
68  *              operation.
69  */
70 
71 #ifndef EPID_MEMBER_TINY_MATH_SHA256_H_
72 #define EPID_MEMBER_TINY_MATH_SHA256_H_
73 
74 #include <stddef.h>
75 #include <stdint.h>
76 
77 /// Block size
78 #define SHA256_BLOCK_SIZE (64)
79 /// Digest size
80 #define SHA256_DIGEST_SIZE (32)
81 /// Number of blocks in state
82 #define SHA256_STATE_BLOCKS (SHA256_DIGEST_SIZE / 4)
83 
84 /// The SHA state
85 /// \cond
86 typedef struct sha256_state {
87   unsigned int iv[SHA256_STATE_BLOCKS];
88   uint64_t bits_hashed;
89   uint8_t leftover[SHA256_BLOCK_SIZE];
90   size_t leftover_offset;
91 } sha256_state;
92 /// \endcond
93 
94 /**
95  *  @brief SHA256 initialization procedure
96  *  Initializes s
97  *  @param s Sha256 state struct
98  */
99 void tc_sha256_init(sha256_state* s);
100 
101 /**
102  *  @brief SHA256 update procedure
103  *  Hashes data_length bytes addressed by data into state s
104 
105  *  @note Assumes s has been initialized by tc_sha256_init
106  *  @warning The state buffer 'leftover' is left in memory after processing
107  *           If your application intends to have sensitive data in this
108  *           buffer, remind to erase it after the data has been processed
109  *  @param s Sha256 state struct
110  *  @param data message to hash
111  *  @param datalen length of message to hash
112  */
113 void tc_sha256_update(sha256_state* s, const uint8_t* data, size_t datalen);
114 
115 /**
116  *  @brief SHA256 final procedure
117  *  Inserts the completed hash computation into digest
118  *  @return returns 1
119  *          returns 0 if:
120  *                s == NULL,
121  *                s->iv == NULL,
122  *                digest == NULL
123  *  @note Assumes: s has been initialized by tc_sha256_init
124  *        digest points to at least SHA256_DIGEST_SIZE bytes
125  *  @warning The state buffer 'leftover' is left in memory after processing
126  *           If your application intends to have sensitive data in this
127  *           buffer, remind to erase it after the data has been processed
128  *  @param digest unsigned eight bit integer
129  *  @param s Sha256 state struct
130  */
131 void tc_sha256_final(uint8_t* digest, sha256_state* s);
132 
133 #endif  // EPID_MEMBER_TINY_MATH_SHA256_H_
134