1/**************************** sha.h ****************************/
2/***************** See RFC 6234 for details. *******************/
3/*
4 Copyright (c) 2011 IETF Trust and the persons identified as
5 authors of the code. All rights reserved.
6
7 Redistribution and use in source and binary forms, with or
8 without modification, are permitted provided that the following
9 conditions are met:
10
11 - Redistributions of source code must retain the above
12 copyright notice, this list of conditions and
13 the following disclaimer.
14
15 - Redistributions in binary form must reproduce the above
16 copyright notice, this list of conditions and the following
17 disclaimer in the documentation and/or other materials provided
18 with the distribution.
19
20 - Neither the name of Internet Society, IETF or IETF Trust, nor
21 the names of specific contributors, may be used to endorse or
22 promote products derived from this software without specific
23 prior written permission.
24
25 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
26 CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
27 INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
28 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
29 DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
30 CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
31 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
32 NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
33 LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
35 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
36 OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
37 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
38*/
39#ifndef _SHA_H_
40#define _SHA_H_
41
42/*
43 * Description:
44 * This file implements the Secure Hash Algorithms
45 * as defined in the U.S. National Institute of Standards
46 * and Technology Federal Information Processing Standards
47 * Publication (FIPS PUB) 180-3 published in October 2008
48 * and formerly defined in its predecessors, FIPS PUB 180-1
49 * and FIP PUB 180-2.
50 *
51 * A combined document showing all algorithms is available at
52 * http://csrc.nist.gov/publications/fips/
53 * fips180-3/fips180-3_final.pdf
54 *
55 * The five hashes are defined in these sizes:
56 * SHA-1 20 byte / 160 bit
57 * SHA-224 28 byte / 224 bit
58 * SHA-256 32 byte / 256 bit
59 * SHA-384 48 byte / 384 bit
60 * SHA-512 64 byte / 512 bit
61 *
62 * Compilation Note:
63 * These files may be compiled with two options:
64 * USE_32BIT_ONLY - use 32-bit arithmetic only, for systems
65 * without 64-bit integers
66 *
67 * USE_MODIFIED_MACROS - use alternate form of the SHA_Ch()
68 * and SHA_Maj() macros that are equivalent
69 * and potentially faster on many systems
70 *
71 */
72
73// stdint.h include commented out by Nokia, it is not available on all platforms.
74// #include <stdint.h>
75/*
76 * If you do not have the ISO standard stdint.h header file, then you
77 * must typedef the following:
78 * name meaning
79 * uint64_t unsigned 64-bit integer
80 * uint32_t unsigned 32-bit integer
81 * uint8_t unsigned 8-bit integer (i.e., unsigned char)
82 * int_least16_t integer of >= 16 bits
83 *
84 * See stdint-example.h
85 */
86
87#ifndef _SHA_enum_
88#define _SHA_enum_
89/*
90 * All SHA functions return one of these values.
91 */
92enum {
93 shaSuccess = 0,
94 shaNull, /* Null pointer parameter */
95 shaInputTooLong, /* input data too long */
96 shaStateError, /* called Input after FinalBits or Result */
97 shaBadParam /* passed a bad parameter */
98};
99#endif /* _SHA_enum_ */
100
101/*
102 * These constants hold size information for each of the SHA
103 * hashing operations
104 */
105enum {
106 SHA1_Message_Block_Size = 64, SHA224_Message_Block_Size = 64,
107 SHA256_Message_Block_Size = 64, SHA384_Message_Block_Size = 128,
108 SHA512_Message_Block_Size = 128,
109 USHA_Max_Message_Block_Size = SHA512_Message_Block_Size,
110
111 SHA1HashSize = 20, SHA224HashSize = 28, SHA256HashSize = 32,
112 SHA384HashSize = 48, SHA512HashSize = 64,
113 USHAMaxHashSize = SHA512HashSize,
114
115 SHA1HashSizeBits = 160, SHA224HashSizeBits = 224,
116 SHA256HashSizeBits = 256, SHA384HashSizeBits = 384,
117 SHA512HashSizeBits = 512, USHAMaxHashSizeBits = SHA512HashSizeBits
118};
119
120/*
121 * These constants are used in the USHA (Unified SHA) functions.
122 */
123typedef enum SHAversion {
124 SHA1, SHA224, SHA256, SHA384, SHA512
125} SHAversion;
126
127/*
128 * This structure will hold context information for the SHA-1
129 * hashing operation.
130 */
131typedef struct SHA1Context {
132 uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */
133
134 uint32_t Length_High; /* Message length in bits */
135 uint32_t Length_Low; /* Message length in bits */
136
137 int_least16_t Message_Block_Index; /* Message_Block array index */
138 /* 512-bit message blocks */
139 uint8_t Message_Block[SHA1_Message_Block_Size];
140
141 int Computed; /* Is the hash computed? */
142 int Corrupted; /* Cumulative corruption code */
143} SHA1Context;
144
145/*
146 * This structure will hold context information for the SHA-256
147 * hashing operation.
148 */
149typedef struct SHA256Context {
150 uint32_t Intermediate_Hash[SHA256HashSize/4]; /* Message Digest */
151
152 uint32_t Length_High; /* Message length in bits */
153 uint32_t Length_Low; /* Message length in bits */
154
155 int_least16_t Message_Block_Index; /* Message_Block array index */
156 /* 512-bit message blocks */
157 uint8_t Message_Block[SHA256_Message_Block_Size];
158
159 int Computed; /* Is the hash computed? */
160 int Corrupted; /* Cumulative corruption code */
161} SHA256Context;
162
163/*
164 * This structure will hold context information for the SHA-512
165 * hashing operation.
166 */
167typedef struct SHA512Context {
168#ifdef USE_32BIT_ONLY
169 uint32_t Intermediate_Hash[SHA512HashSize/4]; /* Message Digest */
170 uint32_t Length[4]; /* Message length in bits */
171#else /* !USE_32BIT_ONLY */
172 uint64_t Intermediate_Hash[SHA512HashSize/8]; /* Message Digest */
173 uint64_t Length_High, Length_Low; /* Message length in bits */
174#endif /* USE_32BIT_ONLY */
175
176 int_least16_t Message_Block_Index; /* Message_Block array index */
177 /* 1024-bit message blocks */
178 uint8_t Message_Block[SHA512_Message_Block_Size];
179
180 int Computed; /* Is the hash computed?*/
181 int Corrupted; /* Cumulative corruption code */
182} SHA512Context;
183
184/*
185 * This structure will hold context information for the SHA-224
186 * hashing operation. It uses the SHA-256 structure for computation.
187 */
188typedef struct SHA256Context SHA224Context;
189
190/*
191 * This structure will hold context information for the SHA-384
192 * hashing operation. It uses the SHA-512 structure for computation.
193 */
194typedef struct SHA512Context SHA384Context;
195
196/*
197 * This structure holds context information for all SHA
198 * hashing operations.
199 */
200typedef struct USHAContext {
201 int whichSha; /* which SHA is being used */
202 union {
203 SHA1Context sha1Context;
204 SHA224Context sha224Context; SHA256Context sha256Context;
205 SHA384Context sha384Context; SHA512Context sha512Context;
206 } ctx;
207} USHAContext;
208
209/*
210 * This structure will hold context information for the HMAC
211 * keyed-hashing operation.
212 */
213typedef struct HMACContext {
214 int whichSha; /* which SHA is being used */
215 int hashSize; /* hash size of SHA being used */
216 int blockSize; /* block size of SHA being used */
217 USHAContext shaContext; /* SHA context */
218 unsigned char k_opad[USHA_Max_Message_Block_Size];
219 /* outer padding - key XORd with opad */
220 int Computed; /* Is the MAC computed? */
221 int Corrupted; /* Cumulative corruption code */
222
223} HMACContext;
224
225/*
226 * This structure will hold context information for the HKDF
227 * extract-and-expand Key Derivation Functions.
228 */
229typedef struct HKDFContext {
230 int whichSha; /* which SHA is being used */
231 HMACContext hmacContext;
232 int hashSize; /* hash size of SHA being used */
233 unsigned char prk[USHAMaxHashSize];
234 /* pseudo-random key - output of hkdfInput */
235 int Computed; /* Is the key material computed? */
236 int Corrupted; /* Cumulative corruption code */
237} HKDFContext;
238
239/*
240 * Function Prototypes
241 */
242
243/* SHA-1 */
244extern int SHA1Reset(SHA1Context *);
245extern int SHA1Input(SHA1Context *, const uint8_t *bytes,
246 unsigned int bytecount);
247extern int SHA1FinalBits(SHA1Context *, uint8_t bits,
248 unsigned int bit_count);
249extern int SHA1Result(SHA1Context *,
250 uint8_t Message_Digest[SHA1HashSize]);
251
252/* SHA-224 */
253extern int SHA224Reset(SHA224Context *);
254extern int SHA224Input(SHA224Context *, const uint8_t *bytes,
255 unsigned int bytecount);
256extern int SHA224FinalBits(SHA224Context *, uint8_t bits,
257 unsigned int bit_count);
258extern int SHA224Result(SHA224Context *,
259 uint8_t Message_Digest[SHA224HashSize]);
260
261/* SHA-256 */
262extern int SHA256Reset(SHA256Context *);
263extern int SHA256Input(SHA256Context *, const uint8_t *bytes,
264 unsigned int bytecount);
265extern int SHA256FinalBits(SHA256Context *, uint8_t bits,
266 unsigned int bit_count);
267extern int SHA256Result(SHA256Context *,
268 uint8_t Message_Digest[SHA256HashSize]);
269
270/* SHA-384 */
271extern int SHA384Reset(SHA384Context *);
272extern int SHA384Input(SHA384Context *, const uint8_t *bytes,
273 unsigned int bytecount);
274extern int SHA384FinalBits(SHA384Context *, uint8_t bits,
275 unsigned int bit_count);
276extern int SHA384Result(SHA384Context *,
277 uint8_t Message_Digest[SHA384HashSize]);
278
279/* SHA-512 */
280extern int SHA512Reset(SHA512Context *);
281extern int SHA512Input(SHA512Context *, const uint8_t *bytes,
282 unsigned int bytecount);
283extern int SHA512FinalBits(SHA512Context *, uint8_t bits,
284 unsigned int bit_count);
285extern int SHA512Result(SHA512Context *,
286 uint8_t Message_Digest[SHA512HashSize]);
287
288/* Unified SHA functions, chosen by whichSha */
289extern int USHAReset(USHAContext *context, SHAversion whichSha);
290extern int USHAInput(USHAContext *context,
291 const uint8_t *bytes, unsigned int bytecount);
292extern int USHAFinalBits(USHAContext *context,
293 uint8_t bits, unsigned int bit_count);
294extern int USHAResult(USHAContext *context,
295 uint8_t Message_Digest[USHAMaxHashSize]);
296extern int USHABlockSize(enum SHAversion whichSha);
297extern int USHAHashSize(enum SHAversion whichSha);
298extern int USHAHashSizeBits(enum SHAversion whichSha);
299extern const char *USHAHashName(enum SHAversion whichSha);
300
301/*
302 * HMAC Keyed-Hashing for Message Authentication, RFC 2104,
303 * for all SHAs.
304 * This interface allows a fixed-length text input to be used.
305 */
306extern int hmac(SHAversion whichSha, /* which SHA algorithm to use */
307 const unsigned char *text, /* pointer to data stream */
308 int text_len, /* length of data stream */
309 const unsigned char *key, /* pointer to authentication key */
310 int key_len, /* length of authentication key */
311 uint8_t digest[USHAMaxHashSize]); /* caller digest to fill in */
312
313/*
314 * HMAC Keyed-Hashing for Message Authentication, RFC 2104,
315 * for all SHAs.
316 * This interface allows any length of text input to be used.
317 */
318extern int hmacReset(HMACContext *context, enum SHAversion whichSha,
319 const unsigned char *key, int key_len);
320extern int hmacInput(HMACContext *context, const unsigned char *text,
321 int text_len);
322extern int hmacFinalBits(HMACContext *context, uint8_t bits,
323 unsigned int bit_count);
324extern int hmacResult(HMACContext *context,
325 uint8_t digest[USHAMaxHashSize]);
326
327/*
328 * HKDF HMAC-based Extract-and-Expand Key Derivation Function,
329 * RFC 5869, for all SHAs.
330 */
331extern int hkdf(SHAversion whichSha, const unsigned char *salt,
332 int salt_len, const unsigned char *ikm, int ikm_len,
333 const unsigned char *info, int info_len,
334 uint8_t okm[ ], int okm_len);
335extern int hkdfExtract(SHAversion whichSha, const unsigned char *salt,
336 int salt_len, const unsigned char *ikm,
337 int ikm_len, uint8_t prk[USHAMaxHashSize]);
338extern int hkdfExpand(SHAversion whichSha, const uint8_t prk[ ],
339 int prk_len, const unsigned char *info,
340 int info_len, uint8_t okm[ ], int okm_len);
341
342/*
343 * HKDF HMAC-based Extract-and-Expand Key Derivation Function,
344 * RFC 5869, for all SHAs.
345 * This interface allows any length of text input to be used.
346 */
347extern int hkdfReset(HKDFContext *context, enum SHAversion whichSha,
348 const unsigned char *salt, int salt_len);
349extern int hkdfInput(HKDFContext *context, const unsigned char *ikm,
350 int ikm_len);
351extern int hkdfFinalBits(HKDFContext *context, uint8_t ikm_bits,
352 unsigned int ikm_bit_count);
353extern int hkdfResult(HKDFContext *context,
354 uint8_t prk[USHAMaxHashSize],
355 const unsigned char *info, int info_len,
356 uint8_t okm[USHAMaxHashSize], int okm_len);
357#endif /* _SHA_H_ */
358