sha.h (12923B)
1 /* sha.h 2 * 3 * Copyright (C) 2006-2025 wolfSSL Inc. 4 * 5 * This file is part of wolfSSL. 6 * 7 * wolfSSL is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 3 of the License, or 10 * (at your option) any later version. 11 * 12 * wolfSSL is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 */ 21 22 /* sha.h for openssl */ 23 24 25 #ifndef WOLFSSL_SHA_H_ 26 #define WOLFSSL_SHA_H_ 27 28 #include <wolfssl/wolfcrypt/settings.h> 29 #include <wolfssl/wolfcrypt/types.h> 30 #include <wolfssl/wolfcrypt/sha256.h> 31 #ifdef WOLFSSL_PREFIX 32 #include "prefix_sha.h" 33 #endif 34 35 #ifdef __cplusplus 36 extern "C" { 37 #endif 38 39 /* adder for HW crypto */ 40 #if defined(STM32_HASH) 41 #define CTX_SHA_HW_ADDER sizeof(STM32_HASH_Context) 42 #elif defined(WOLFSSL_IMXRT1170_CAAM) 43 #define CTX_SHA_HW_ADDER (sizeof(caam_hash_ctx_t) + sizeof(caam_handle_t)) 44 #elif defined(WOLFSSL_ESP32) && \ 45 !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) 46 #define CTX_SHA_HW_ADDER sizeof(WC_ESP32SHA) 47 #else 48 #define CTX_SHA_HW_ADDER 0 49 #endif 50 51 52 #ifndef NO_SHA 53 typedef struct WOLFSSL_SHA_CTX { 54 /* big enough to hold wolfcrypt Sha, but check on init */ 55 void* holder[(112 + WC_ASYNC_DEV_SIZE + CTX_SHA_HW_ADDER) / sizeof(void*)]; 56 #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) 57 void* keephash_holder[sizeof(void*) + (2 * sizeof(unsigned int))]; 58 #endif 59 #ifdef WOLF_CRYPTO_CB 60 void* cryptocb_holder[(sizeof(int) + sizeof(void*) + 4) / sizeof(void*)]; 61 #endif 62 } WOLFSSL_SHA_CTX; 63 64 WOLFSSL_API int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha); 65 WOLFSSL_API int wolfSSL_SHA_Update(WOLFSSL_SHA_CTX* sha, const void* input, 66 unsigned long sz); 67 WOLFSSL_API int wolfSSL_SHA_Final(byte* input, WOLFSSL_SHA_CTX* sha); 68 WOLFSSL_API int wolfSSL_SHA_Transform(WOLFSSL_SHA_CTX* sha, 69 const unsigned char* data); 70 /* SHA1 points to above, shouldn't use SHA0 ever */ 71 WOLFSSL_API int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX* sha); 72 WOLFSSL_API int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX* sha, const void* input, 73 unsigned long sz); 74 WOLFSSL_API int wolfSSL_SHA1_Final(byte* output, WOLFSSL_SHA_CTX* sha); 75 WOLFSSL_API int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX* sha, 76 const unsigned char *data); 77 #if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) 78 enum { 79 SHA_DIGEST_LENGTH = 20 80 }; 81 82 typedef WOLFSSL_SHA_CTX SHA_CTX; 83 84 #define SHA_Init wolfSSL_SHA_Init 85 #define SHA_Update wolfSSL_SHA_Update 86 #define SHA_Final wolfSSL_SHA_Final 87 #define SHA_Transform wolfSSL_SHA_Transform 88 89 #if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_SELFTEST) && \ 90 (!defined(HAVE_FIPS) || \ 91 (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) 92 /* SHA is only available in non-fips mode or fips version > 2 mode 93 * because of SHA enum in FIPS build. */ 94 #define SHA wolfSSL_SHA1 95 #endif 96 97 #define SHA1_Init wolfSSL_SHA1_Init 98 #define SHA1_Update wolfSSL_SHA1_Update 99 #define SHA1_Final wolfSSL_SHA1_Final 100 #define SHA1_Transform wolfSSL_SHA1_Transform 101 102 #endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ 103 #endif /* !NO_SHA */ 104 105 106 #ifdef WOLFSSL_SHA224 107 108 /* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha256 109 * struct are 16 byte aligned. Any dereference to those elements after casting 110 * to Sha224, is expected to also be 16 byte aligned addresses. */ 111 typedef struct WOLFSSL_SHA224_CTX { 112 /* big enough to hold wolfcrypt Sha224, but check on init */ 113 ALIGN16 void* holder[(274 + CTX_SHA_HW_ADDER + WC_ASYNC_DEV_SIZE) / 114 sizeof(void*)]; 115 #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) 116 ALIGN16 void* keephash_holder[sizeof(void*) + (2 * sizeof(unsigned int))]; 117 #endif 118 #ifdef WOLF_CRYPTO_CB 119 ALIGN16 void* cryptocb_holder[(sizeof(int) + sizeof(void*) + 4) / 120 sizeof(void*)]; 121 #endif 122 } WOLFSSL_SHA224_CTX; 123 124 WOLFSSL_API int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha); 125 WOLFSSL_API int wolfSSL_SHA224_Update(WOLFSSL_SHA224_CTX* sha, const void* input, 126 unsigned long sz); 127 WOLFSSL_API int wolfSSL_SHA224_Final(byte* output, WOLFSSL_SHA224_CTX* sha); 128 #if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) 129 enum { 130 SHA224_DIGEST_LENGTH = 28 131 }; 132 133 typedef WOLFSSL_SHA224_CTX SHA224_CTX; 134 135 #define SHA224_Init wolfSSL_SHA224_Init 136 #define SHA224_Update wolfSSL_SHA224_Update 137 #define SHA224_Final wolfSSL_SHA224_Final 138 #if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_SELFTEST) && \ 139 (!defined(HAVE_FIPS) || \ 140 (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) 141 /* SHA224 is only available in non-fips mode or fips version > 2 mode 142 * because of SHA224 enum in FIPS build. */ 143 #define SHA224 wolfSSL_SHA224 144 #endif 145 #endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ 146 #endif /* WOLFSSL_SHA224 */ 147 148 #ifndef NO_SHA256 149 /* Using ALIGN16 because when AES-NI is enabled digest and buffer in Sha256 150 * struct are 16 byte aligned. Any dereference to those elements after casting 151 * to Sha256, is expected to also be 16 byte aligned addresses. */ 152 typedef struct WOLFSSL_SHA256_CTX { 153 /* big enough to hold wolfcrypt Sha256, but check on init */ 154 ALIGN16 void* holder[sizeof(wc_Sha256) / 155 sizeof(void*)]; 156 #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) 157 ALIGN16 void* keephash_holder[sizeof(void*) + (2 * sizeof(unsigned int))]; 158 #endif 159 #ifdef WOLF_CRYPTO_CB 160 ALIGN16 void* cryptocb_holder[(sizeof(int) + sizeof(void*) + 4) / 161 sizeof(void*)]; 162 #endif 163 } WOLFSSL_SHA256_CTX; 164 165 WOLFSSL_API int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256); 166 WOLFSSL_API int wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX* sha, const void* input, 167 unsigned long sz); 168 WOLFSSL_API int wolfSSL_SHA256_Final(byte* output, WOLFSSL_SHA256_CTX* sha); 169 WOLFSSL_API int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256, 170 const unsigned char *data); 171 #if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) 172 enum { 173 SHA256_DIGEST_LENGTH = 32 174 }; 175 176 typedef WOLFSSL_SHA256_CTX SHA256_CTX; 177 178 #define SHA256_Init wolfSSL_SHA256_Init 179 #define SHA256_Update wolfSSL_SHA256_Update 180 #define SHA256_Final wolfSSL_SHA256_Final 181 #define SHA256_Transform wolfSSL_SHA256_Transform 182 183 /* "SHA256" has some conflicts 184 * If not FIPS and NO_OLD_SHA_NAMES defined 185 * If FIPS V3 or higher and NO_OLD_SHA_NAMES defined 186 * If FIPS V2 and NO_OLD_SHA256_NAMES defined 187 * If FIPS v1 not allowed 188 * If HAVE_SELFTEST not allowed 189 */ 190 #if !defined(HAVE_SELFTEST) && \ 191 (defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS)) || \ 192 (defined(NO_OLD_SHA_NAMES) && defined(HAVE_FIPS) && \ 193 defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 3) || \ 194 (defined(NO_OLD_SHA256_NAMES) && defined(HAVE_FIPS) && \ 195 defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2) 196 197 #define SHA256 wolfSSL_SHA256 198 #endif 199 #endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ 200 #endif /* !NO_SHA256 */ 201 202 #ifdef WOLFSSL_SHA384 203 typedef struct WOLFSSL_SHA384_CTX { 204 /* big enough to hold wolfCrypt Sha384, but check on init */ 205 void* holder[(288 + CTX_SHA_HW_ADDER + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; 206 #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) 207 void* keephash_holder[sizeof(void*) + (2 * sizeof(unsigned int))]; 208 #endif 209 #ifdef WOLF_CRYPTO_CB 210 void* cryptocb_holder[(sizeof(int) + sizeof(void*) + 4) / sizeof(void*)]; 211 #endif 212 } WOLFSSL_SHA384_CTX; 213 214 WOLFSSL_API int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha); 215 WOLFSSL_API int wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX* sha, const void* input, 216 unsigned long sz); 217 WOLFSSL_API int wolfSSL_SHA384_Final(byte* output, WOLFSSL_SHA384_CTX* sha); 218 #if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) 219 enum { 220 SHA384_DIGEST_LENGTH = 48 221 }; 222 223 typedef WOLFSSL_SHA384_CTX SHA384_CTX; 224 225 #define SHA384_Init wolfSSL_SHA384_Init 226 #define SHA384_Update wolfSSL_SHA384_Update 227 #define SHA384_Final wolfSSL_SHA384_Final 228 #if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) 229 /* SHA384 is only available in non-fips mode because of SHA384 enum in FIPS 230 * build. */ 231 #define SHA384 wolfSSL_SHA384 232 #endif 233 #endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ 234 235 #endif /* WOLFSSL_SHA384 */ 236 237 #ifdef WOLFSSL_SHA512 238 typedef struct WOLFSSL_SHA512_CTX { 239 /* big enough to hold wolfCrypt Sha384, but check on init */ 240 void* holder[(288 + CTX_SHA_HW_ADDER + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; 241 #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) 242 void* keephash_holder[sizeof(void*) + (2 * sizeof(unsigned int))]; 243 #endif 244 #ifdef WOLF_CRYPTO_CB 245 void* cryptocb_holder[(sizeof(int) + sizeof(void*) + 4) / sizeof(void*)]; 246 #endif 247 } WOLFSSL_SHA512_CTX; 248 249 WOLFSSL_API int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX* sha); 250 WOLFSSL_API int wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX* sha, 251 const void* input, unsigned long sz); 252 WOLFSSL_API int wolfSSL_SHA512_Final(byte* output, WOLFSSL_SHA512_CTX* sha); 253 WOLFSSL_API int wolfSSL_SHA512_Transform(WOLFSSL_SHA512_CTX* sha512, 254 const unsigned char* data); 255 #if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) 256 enum { 257 SHA512_DIGEST_LENGTH = 64 258 }; 259 260 typedef WOLFSSL_SHA512_CTX SHA512_CTX; 261 262 #define SHA512_Init wolfSSL_SHA512_Init 263 #define SHA512_Update wolfSSL_SHA512_Update 264 #define SHA512_Final wolfSSL_SHA512_Final 265 #define SHA512_Transform wolfSSL_SHA512_Transform 266 #if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) 267 /* SHA512 is only available in non-fips mode because of SHA512 enum in FIPS 268 * build. */ 269 #define SHA512 wolfSSL_SHA512 270 #endif 271 #endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ 272 273 #if !defined(WOLFSSL_NOSHA512_224) 274 typedef struct WOLFSSL_SHA512_CTX WOLFSSL_SHA512_224_CTX; 275 typedef WOLFSSL_SHA512_224_CTX SHA512_224_CTX; 276 277 WOLFSSL_API int wolfSSL_SHA512_224_Init(WOLFSSL_SHA512_CTX* sha); 278 WOLFSSL_API int wolfSSL_SHA512_224_Update(WOLFSSL_SHA512_224_CTX* sha, 279 const void* input, unsigned long sz); 280 WOLFSSL_API int wolfSSL_SHA512_224_Final(byte* output, 281 WOLFSSL_SHA512_224_CTX* sha); 282 WOLFSSL_API int wolfSSL_SHA512_224_Transform(WOLFSSL_SHA512_CTX* sha512, 283 const unsigned char* data); 284 285 #if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) 286 #define SHA512_224_Init wolfSSL_SHA512_224_Init 287 #define SHA512_224_Update wolfSSL_SHA512_224_Update 288 #define SHA512_224_Final wolfSSL_SHA512_224_Final 289 #define SHA512_224_Transform wolfSSL_SHA512_224_Transform 290 291 #if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) 292 #define SHA512_224 wolfSSL_SHA512_224 293 #endif 294 #endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ 295 #endif /* !WOLFSSL_NOSHA512_224 */ 296 297 #if !defined(WOLFSSL_NOSHA512_256) 298 typedef struct WOLFSSL_SHA512_CTX WOLFSSL_SHA512_256_CTX; 299 typedef WOLFSSL_SHA512_256_CTX SHA512_256_CTX; 300 301 WOLFSSL_API int wolfSSL_SHA512_256_Init(WOLFSSL_SHA512_CTX* sha); 302 WOLFSSL_API int wolfSSL_SHA512_256_Update(WOLFSSL_SHA512_256_CTX* sha, 303 const void* input, unsigned long sz); 304 WOLFSSL_API int wolfSSL_SHA512_256_Final(byte* output, WOLFSSL_SHA512_256_CTX* sha); 305 WOLFSSL_API int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX* sha512, 306 const unsigned char* data); 307 308 #if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) 309 #define SHA512_256_Init wolfSSL_SHA512_256_Init 310 #define SHA512_256_Update wolfSSL_SHA512_256_Update 311 #define SHA512_256_Final wolfSSL_SHA512_256_Final 312 #define SHA512_256_Transform wolfSSL_SHA512_256_Transform 313 314 #if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) 315 #define SHA512_256 wolfSSL_SHA512_256 316 #endif 317 #endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ 318 #endif /* !WOLFSSL_NOSHA512_256 */ 319 320 321 #endif /* WOLFSSL_SHA512 */ 322 323 324 325 326 #ifdef __cplusplus 327 } /* extern "C" */ 328 #endif 329 330 331 #endif /* WOLFSSL_SHA_H_ */