Software APIs
sha256.h
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_LIB_CRYPTO_IMPL_SHA2_SHA256_H_
6 #define OPENTITAN_SW_DEVICE_LIB_CRYPTO_IMPL_SHA2_SHA256_H_
7 
8 #include "stdint.h"
9 #include "sw/device/lib/base/hardened.h"
10 #include "sw/device/lib/crypto/drivers/otbn.h"
11 
12 #ifdef __cplusplus
13 extern "C" {
14 #endif // __cplusplus
15 
16 enum {
17  /**
18  * SHA-256 message block size in bits.
19  */
20  kSha256MessageBlockBits = 512,
21  /**
22  * SHA-256 message block size in bytes.
23  */
24  kSha256MessageBlockBytes = kSha256MessageBlockBits / 8,
25  /**
26  * SHA-256 message block size in words.
27  */
28  kSha256MessageBlockWords = kSha256MessageBlockBytes / sizeof(uint32_t),
29  /**
30  * SHA-256 state buffer size in bits.
31  */
32  kSha256StateBits = 256,
33  /**
34  * SHA-256 state buffer size in bytes.
35  */
36  kSha256StateBytes = kSha256StateBits / 8,
37  /**
38  * SHA-256 state buffer size in words.
39  */
40  kSha256StateWords = kSha256StateBytes / sizeof(uint32_t),
41  /**
42  * SHA-256 digest size in bits.
43  */
44  kSha256DigestBits = 256,
45  /**
46  * SHA-256 digest size in bytes.
47  */
48  kSha256DigestBytes = kSha256DigestBits / 8,
49  /**
50  * SHA-256 digest size in words.
51  */
52  kSha256DigestWords = kSha256DigestBytes / sizeof(uint32_t),
53 };
54 
55 /**
56  * A type that holds the context for an ongoing SHA-256 operation.
57  *
58  * IMPORTANT: Every member of this struct should be a word-aligned type and
59  * have a size divisible by `sizeof(uint32_t)`; otherwise `sha256_state_t` will
60  * not be suitable for `hardened_memcpy()`.
61  */
62 typedef struct sha256_state {
63  /**
64  * Working state for a SHA-256 or SHA-384 computation.
65  */
66  uint32_t H[kSha256StateWords];
67  /**
68  * Partial block, if any.
69  *
70  * If we get an update() with a message that isn't an even number of blocks,
71  * there's no way to know if we should pad it or not until we get the next
72  * update() or final(). The length of actual data in this block is always
73  * (total_len % kSha256MessageBlockBytes) bytes.
74  */
75  uint32_t partial_block[kSha256MessageBlockWords];
76  /**
77  * Total message length so far, in bits.
78  */
79  uint64_t total_len;
80 } sha256_state_t;
81 
82 /**
83  * One-shot SHA-256 hash computation.
84  *
85  * Returns OTCRYPTO_ASYNC_INCOMPLETE if OTBN is busy.
86  *
87  * @param msg Input message
88  * @param msg_len Input message length in bytes
89  * @param[out] digest Output buffer for digest.
90  * @return Result of the operation (OK or error).
91  */
92 OT_WARN_UNUSED_RESULT
93 status_t sha256(const uint8_t *msg, const size_t msg_len, uint32_t *digest);
94 
95 /**
96  * Set up a SHA-256 hash computation.
97  *
98  * Initializes the hash state; doesn't process anything.
99  *
100  * This interface expects the following sequence of calls:
101  * - one call to sha256_init()
102  * - zero or more calls to sha256_update()
103  * - one call to sha256_final()
104  *
105  * @param[out] state Hash context object to initialize.
106  * @return Result of the operation (OK or error).
107  */
108 void sha256_init(sha256_state_t *state);
109 
110 /**
111  * Process new message data for a SHA-256 hash computation.
112  *
113  * Incorporates the new message data into the hash context.
114  *
115  * Returns OTCRYPTO_ASYNC_INCOMPLETE if OTBN is busy.
116  *
117  * @param state Hash context object; updated in-place.
118  * @param msg Input message.
119  * @param msg_len Input message length in bytes.
120  * @return Result of the operation (OK or error).
121  */
122 OT_WARN_UNUSED_RESULT
123 status_t sha256_update(sha256_state_t *state, const uint8_t *msg,
124  const size_t msg_len);
125 
126 /**
127  * Finish a SHA-256 hash computation.
128  *
129  * Incorporates the new message data into the hash context, constructs the
130  * message padding and performs the final hash computation.
131  *
132  * The caller must ensure that at least `kSha256DigestBytes` bytes of space are
133  * available at the location pointed to by `digest`.
134  *
135  * Returns OTCRYPTO_ASYNC_INCOMPLETE if OTBN is busy.
136  *
137  * @param state Hash context object.
138  * @param msg Input message
139  * @param msg_len Input message length in bytes
140  * @param[out] digest Output buffer for digest.
141  * @return Result of the operation (OK or error).
142  */
143 OT_WARN_UNUSED_RESULT
144 status_t sha256_final(sha256_state_t *state, uint32_t *digest);
145 
146 #ifdef __cplusplus
147 } // extern "C"
148 #endif // __cplusplus
149 
150 #endif // OPENTITAN_SW_DEVICE_LIB_CRYPTO_IMPL_SHA2_SHA256_H_
Return to OpenTitan Documentation