]>
Commit | Line | Data |
---|---|---|
ad5611d8 TR |
1 | /**************************** sha.h ****************************/ |
2 | /***************** See RFC 6234 for details. *******************/ | |
3 | /* | |
4 | Copyright (c) 2011 IETF Trust and the persons identified as | |
5 | authors of the code. All rights reserved. | |
6 | ||
7 | Redistribution and use in source and binary forms, with or | |
8 | without modification, are permitted provided that the following | |
9 | conditions are met: | |
10 | ||
11 | - Redistributions of source code must retain the above | |
12 | copyright notice, this list of conditions and | |
13 | the following disclaimer. | |
14 | ||
15 | - Redistributions in binary form must reproduce the above | |
16 | copyright notice, this list of conditions and the following | |
17 | disclaimer in the documentation and/or other materials provided | |
18 | with the distribution. | |
19 | ||
20 | - Neither the name of Internet Society, IETF or IETF Trust, nor | |
21 | the names of specific contributors, may be used to endorse or | |
22 | promote products derived from this software without specific | |
23 | prior written permission. | |
24 | ||
25 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND | |
26 | CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, | |
27 | INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF | |
28 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
29 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR | |
30 | CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
31 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
32 | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
33 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
34 | HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
35 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR | |
36 | OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, | |
37 | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
38 | */ | |
39 | #ifndef _SHA_H_ | |
40 | #define _SHA_H_ | |
41 | ||
42 | /* | |
43 | * Description: | |
44 | * This file implements the Secure Hash Algorithms | |
45 | * as defined in the U.S. National Institute of Standards | |
46 | * and Technology Federal Information Processing Standards | |
47 | * Publication (FIPS PUB) 180-3 published in October 2008 | |
48 | * and formerly defined in its predecessors, FIPS PUB 180-1 | |
49 | * and FIP PUB 180-2. | |
50 | * | |
51 | * A combined document showing all algorithms is available at | |
52 | * http://csrc.nist.gov/publications/fips/ | |
53 | * fips180-3/fips180-3_final.pdf | |
54 | * | |
55 | * The five hashes are defined in these sizes: | |
56 | * SHA-1 20 byte / 160 bit | |
57 | * SHA-224 28 byte / 224 bit | |
58 | * SHA-256 32 byte / 256 bit | |
59 | * SHA-384 48 byte / 384 bit | |
60 | * SHA-512 64 byte / 512 bit | |
61 | * | |
62 | * Compilation Note: | |
63 | * These files may be compiled with two options: | |
64 | * USE_32BIT_ONLY - use 32-bit arithmetic only, for systems | |
65 | * without 64-bit integers | |
66 | * | |
67 | * USE_MODIFIED_MACROS - use alternate form of the SHA_Ch() | |
68 | * and SHA_Maj() macros that are equivalent | |
69 | * and potentially faster on many systems | |
70 | * | |
71 | */ | |
72 | ||
73 | #include <stdint.h> | |
74 | /* | |
75 | * If you do not have the ISO standard stdint.h header file, then you | |
76 | * must typedef the following: | |
77 | * name meaning | |
78 | * uint64_t unsigned 64-bit integer | |
79 | * uint32_t unsigned 32-bit integer | |
80 | * uint8_t unsigned 8-bit integer (i.e., unsigned char) | |
81 | * int_least16_t integer of >= 16 bits | |
82 | * | |
83 | * See stdint-example.h | |
84 | */ | |
85 | ||
86 | #ifndef _SHA_enum_ | |
87 | #define _SHA_enum_ | |
88 | /* | |
89 | * All SHA functions return one of these values. | |
90 | */ | |
91 | enum { | |
92 | shaSuccess = 0, | |
93 | shaNull, /* Null pointer parameter */ | |
94 | shaInputTooLong, /* input data too long */ | |
95 | shaStateError, /* called Input after FinalBits or Result */ | |
96 | shaBadParam /* passed a bad parameter */ | |
97 | }; | |
98 | #endif /* _SHA_enum_ */ | |
99 | ||
100 | /* | |
101 | * These constants hold size information for each of the SHA | |
102 | * hashing operations | |
103 | */ | |
104 | enum { | |
105 | SHA1_Message_Block_Size = 64, SHA224_Message_Block_Size = 64, | |
106 | SHA256_Message_Block_Size = 64, SHA384_Message_Block_Size = 128, | |
107 | SHA512_Message_Block_Size = 128, | |
108 | USHA_Max_Message_Block_Size = SHA512_Message_Block_Size, | |
109 | SHA1HashSize = 20, SHA224HashSize = 28, SHA256HashSize = 32, | |
110 | SHA384HashSize = 48, SHA512HashSize = 64, | |
111 | USHAMaxHashSize = SHA512HashSize, | |
112 | ||
113 | SHA1HashSizeBits = 160, SHA224HashSizeBits = 224, | |
114 | SHA256HashSizeBits = 256, SHA384HashSizeBits = 384, | |
115 | SHA512HashSizeBits = 512, USHAMaxHashSizeBits = SHA512HashSizeBits | |
116 | }; | |
117 | ||
118 | /* | |
119 | * These constants are used in the USHA (Unified SHA) functions. | |
120 | */ | |
121 | typedef enum SHAversion { | |
122 | SHA1, SHA224, SHA256, SHA384, SHA512 | |
123 | } SHAversion; | |
124 | ||
125 | /* | |
126 | * This structure will hold context information for the SHA-1 | |
127 | * hashing operation. | |
128 | */ | |
129 | typedef struct SHA1Context { | |
130 | uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */ | |
131 | ||
132 | uint32_t Length_High; /* Message length in bits */ | |
133 | uint32_t Length_Low; /* Message length in bits */ | |
134 | ||
135 | int_least16_t Message_Block_Index; /* Message_Block array index */ | |
136 | /* 512-bit message blocks */ | |
137 | uint8_t Message_Block[SHA1_Message_Block_Size]; | |
138 | ||
139 | int Computed; /* Is the hash computed? */ | |
140 | int Corrupted; /* Cumulative corruption code */ | |
141 | } SHA1Context; | |
142 | ||
143 | /* | |
144 | * This structure will hold context information for the SHA-256 | |
145 | * hashing operation. | |
146 | */ | |
147 | typedef struct SHA256Context { | |
148 | uint32_t Intermediate_Hash[SHA256HashSize/4]; /* Message Digest */ | |
149 | ||
150 | uint32_t Length_High; /* Message length in bits */ | |
151 | uint32_t Length_Low; /* Message length in bits */ | |
152 | ||
153 | int_least16_t Message_Block_Index; /* Message_Block array index */ | |
154 | /* 512-bit message blocks */ | |
155 | uint8_t Message_Block[SHA256_Message_Block_Size]; | |
156 | ||
157 | int Computed; /* Is the hash computed? */ | |
158 | int Corrupted; /* Cumulative corruption code */ | |
159 | } SHA256Context; | |
160 | ||
161 | /* | |
162 | * This structure will hold context information for the SHA-512 | |
163 | * hashing operation. | |
164 | */ | |
165 | typedef struct SHA512Context { | |
166 | #ifdef USE_32BIT_ONLY | |
167 | uint32_t Intermediate_Hash[SHA512HashSize/4]; /* Message Digest */ | |
168 | uint32_t Length[4]; /* Message length in bits */ | |
169 | #else /* !USE_32BIT_ONLY */ | |
170 | uint64_t Intermediate_Hash[SHA512HashSize/8]; /* Message Digest */ | |
171 | uint64_t Length_High, Length_Low; /* Message length in bits */ | |
172 | #endif /* USE_32BIT_ONLY */ | |
173 | ||
174 | int_least16_t Message_Block_Index; /* Message_Block array index */ | |
175 | /* 1024-bit message blocks */ | |
176 | uint8_t Message_Block[SHA512_Message_Block_Size]; | |
177 | ||
178 | int Computed; /* Is the hash computed?*/ | |
179 | int Corrupted; /* Cumulative corruption code */ | |
180 | } SHA512Context; | |
181 | ||
182 | /* | |
183 | * This structure will hold context information for the SHA-224 | |
184 | * hashing operation. It uses the SHA-256 structure for computation. | |
185 | */ | |
186 | typedef struct SHA256Context SHA224Context; | |
187 | ||
188 | /* | |
189 | * This structure will hold context information for the SHA-384 | |
190 | * hashing operation. It uses the SHA-512 structure for computation. | |
191 | */ | |
192 | typedef struct SHA512Context SHA384Context; | |
193 | ||
194 | /* | |
195 | * This structure holds context information for all SHA | |
196 | * hashing operations. | |
197 | */ | |
198 | typedef struct USHAContext { | |
199 | int whichSha; /* which SHA is being used */ | |
200 | union { | |
201 | SHA1Context sha1Context; | |
202 | SHA224Context sha224Context; SHA256Context sha256Context; | |
203 | SHA384Context sha384Context; SHA512Context sha512Context; | |
204 | } ctx; | |
205 | } USHAContext; | |
206 | ||
207 | /* | |
208 | * This structure will hold context information for the HMAC | |
209 | * keyed-hashing operation. | |
210 | */ | |
211 | typedef struct HMACContext { | |
212 | int whichSha; /* which SHA is being used */ | |
213 | int hashSize; /* hash size of SHA being used */ | |
214 | int blockSize; /* block size of SHA being used */ | |
215 | USHAContext shaContext; /* SHA context */ | |
216 | unsigned char k_opad[USHA_Max_Message_Block_Size]; | |
217 | /* outer padding - key XORd with opad */ | |
218 | int Computed; /* Is the MAC computed? */ | |
219 | int Corrupted; /* Cumulative corruption code */ | |
220 | ||
221 | } HMACContext; | |
222 | ||
223 | /* | |
224 | * This structure will hold context information for the HKDF | |
225 | * extract-and-expand Key Derivation Functions. | |
226 | */ | |
227 | typedef struct HKDFContext { | |
228 | int whichSha; /* which SHA is being used */ | |
229 | HMACContext hmacContext; | |
230 | int hashSize; /* hash size of SHA being used */ | |
231 | unsigned char prk[USHAMaxHashSize]; | |
232 | /* pseudo-random key - output of hkdfInput */ | |
233 | int Computed; /* Is the key material computed? */ | |
234 | int Corrupted; /* Cumulative corruption code */ | |
235 | } HKDFContext; | |
236 | ||
237 | /* | |
238 | * Function Prototypes | |
239 | */ | |
240 | ||
241 | /* SHA-1 */ | |
242 | extern int SHA1Reset(SHA1Context *); | |
243 | extern int SHA1Input(SHA1Context *, const uint8_t *bytes, | |
244 | unsigned int bytecount); | |
245 | extern int SHA1FinalBits(SHA1Context *, uint8_t bits, | |
246 | unsigned int bit_count); | |
247 | extern int SHA1Result(SHA1Context *, | |
248 | uint8_t Message_Digest[SHA1HashSize]); | |
249 | ||
250 | /* SHA-224 */ | |
251 | extern int SHA224Reset(SHA224Context *); | |
252 | extern int SHA224Input(SHA224Context *, const uint8_t *bytes, | |
253 | unsigned int bytecount); | |
254 | extern int SHA224FinalBits(SHA224Context *, uint8_t bits, | |
255 | unsigned int bit_count); | |
256 | extern int SHA224Result(SHA224Context *, | |
257 | uint8_t Message_Digest[SHA224HashSize]); | |
258 | ||
259 | /* SHA-256 */ | |
260 | extern int SHA256Reset(SHA256Context *); | |
261 | extern int SHA256Input(SHA256Context *, const uint8_t *bytes, | |
262 | unsigned int bytecount); | |
263 | extern int SHA256FinalBits(SHA256Context *, uint8_t bits, | |
264 | unsigned int bit_count); | |
265 | extern int SHA256Result(SHA256Context *, | |
266 | uint8_t Message_Digest[SHA256HashSize]); | |
267 | ||
268 | /* SHA-384 */ | |
269 | extern int SHA384Reset(SHA384Context *); | |
270 | extern int SHA384Input(SHA384Context *, const uint8_t *bytes, | |
271 | unsigned int bytecount); | |
272 | extern int SHA384FinalBits(SHA384Context *, uint8_t bits, | |
273 | unsigned int bit_count); | |
274 | extern int SHA384Result(SHA384Context *, | |
275 | uint8_t Message_Digest[SHA384HashSize]); | |
276 | ||
277 | /* SHA-512 */ | |
278 | extern int SHA512Reset(SHA512Context *); | |
279 | extern int SHA512Input(SHA512Context *, const uint8_t *bytes, | |
280 | unsigned int bytecount); | |
281 | extern int SHA512FinalBits(SHA512Context *, uint8_t bits, | |
282 | unsigned int bit_count); | |
283 | extern int SHA512Result(SHA512Context *, | |
284 | uint8_t Message_Digest[SHA512HashSize]); | |
285 | ||
286 | /* Unified SHA functions, chosen by whichSha */ | |
287 | extern int USHAReset(USHAContext *context, SHAversion whichSha); | |
288 | extern int USHAInput(USHAContext *context, | |
289 | const uint8_t *bytes, unsigned int bytecount); | |
290 | extern int USHAFinalBits(USHAContext *context, | |
291 | uint8_t bits, unsigned int bit_count); | |
292 | extern int USHAResult(USHAContext *context, | |
293 | uint8_t Message_Digest[USHAMaxHashSize]); | |
294 | extern int USHABlockSize(enum SHAversion whichSha); | |
295 | extern int USHAHashSize(enum SHAversion whichSha); | |
296 | extern int USHAHashSizeBits(enum SHAversion whichSha); | |
297 | extern const char *USHAHashName(enum SHAversion whichSha); | |
298 | ||
299 | /* | |
300 | * HMAC Keyed-Hashing for Message Authentication, RFC 2104, | |
301 | * for all SHAs. | |
302 | * This interface allows a fixed-length text input to be used. | |
303 | */ | |
304 | extern int hmac(SHAversion whichSha, /* which SHA algorithm to use */ | |
305 | const unsigned char *text, /* pointer to data stream */ | |
306 | int text_len, /* length of data stream */ | |
307 | const unsigned char *key, /* pointer to authentication key */ | |
308 | int key_len, /* length of authentication key */ | |
309 | uint8_t digest[USHAMaxHashSize]); /* caller digest to fill in */ | |
310 | ||
311 | /* | |
312 | * HMAC Keyed-Hashing for Message Authentication, RFC 2104, | |
313 | * for all SHAs. | |
314 | * This interface allows any length of text input to be used. | |
315 | */ | |
316 | extern int hmacReset(HMACContext *context, enum SHAversion whichSha, | |
317 | const unsigned char *key, int key_len); | |
318 | extern int hmacInput(HMACContext *context, const unsigned char *text, | |
319 | int text_len); | |
320 | extern int hmacFinalBits(HMACContext *context, uint8_t bits, | |
321 | unsigned int bit_count); | |
322 | extern int hmacResult(HMACContext *context, | |
323 | uint8_t digest[USHAMaxHashSize]); | |
324 | ||
325 | /* | |
326 | * HKDF HMAC-based Extract-and-Expand Key Derivation Function, | |
327 | * RFC 5869, for all SHAs. | |
328 | */ | |
329 | extern int hkdf(SHAversion whichSha, const unsigned char *salt, | |
330 | int salt_len, const unsigned char *ikm, int ikm_len, | |
331 | const unsigned char *info, int info_len, | |
332 | uint8_t okm[ ], int okm_len); | |
333 | extern int hkdfExtract(SHAversion whichSha, const unsigned char *salt, | |
334 | int salt_len, const unsigned char *ikm, | |
335 | int ikm_len, uint8_t prk[USHAMaxHashSize]); | |
336 | extern int hkdfExpand(SHAversion whichSha, const uint8_t prk[ ], | |
337 | int prk_len, const unsigned char *info, | |
338 | int info_len, uint8_t okm[ ], int okm_len); | |
339 | ||
340 | /* | |
341 | * HKDF HMAC-based Extract-and-Expand Key Derivation Function, | |
342 | * RFC 5869, for all SHAs. | |
343 | * This interface allows any length of text input to be used. | |
344 | */ | |
345 | extern int hkdfReset(HKDFContext *context, enum SHAversion whichSha, | |
346 | const unsigned char *salt, int salt_len); | |
347 | extern int hkdfInput(HKDFContext *context, const unsigned char *ikm, | |
348 | int ikm_len); | |
349 | extern int hkdfFinalBits(HKDFContext *context, uint8_t ikm_bits, | |
350 | unsigned int ikm_bit_count); | |
351 | extern int hkdfResult(HKDFContext *context, | |
352 | uint8_t prk[USHAMaxHashSize], | |
353 | const unsigned char *info, int info_len, | |
354 | uint8_t okm[USHAMaxHashSize], int okm_len); | |
355 | #endif /* _SHA_H_ */ |