• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /**
2  * \file sha256.h
3  *
4  * \brief This file contains SHA-224 and SHA-256 definitions and functions.
5  *
6  * The Secure Hash Algorithms 224 and 256 (SHA-224 and SHA-256) cryptographic
7  * hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
8  */
9 /*
10  *  Copyright The Mbed TLS Contributors
11  *  SPDX-License-Identifier: Apache-2.0
12  *
13  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
14  *  not use this file except in compliance with the License.
15  *  You may obtain a copy of the License at
16  *
17  *  http://www.apache.org/licenses/LICENSE-2.0
18  *
19  *  Unless required by applicable law or agreed to in writing, software
20  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22  *  See the License for the specific language governing permissions and
23  *  limitations under the License.
24  */
25 #ifndef MBEDTLS_SHA256_H
26 #define MBEDTLS_SHA256_H
27 #include "mbedtls/private_access.h"
28 
29 #include "mbedtls/build_info.h"
30 
31 #include <stddef.h>
32 #include <stdint.h>
33 
34 /** SHA-256 input data was malformed. */
35 #define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA                 -0x0074
36 
37 #ifdef __cplusplus
38 extern "C" {
39 #endif
40 
41 #if !defined(MBEDTLS_SHA256_ALT)
42 // Regular implementation
43 //
44 
45 /**
46  * \brief          The SHA-256 context structure.
47  *
48  *                 The structure is used both for SHA-256 and for SHA-224
49  *                 checksum calculations. The choice between these two is
50  *                 made in the call to mbedtls_sha256_starts().
51  */
52 typedef struct mbedtls_sha256_context {
53     uint32_t MBEDTLS_PRIVATE(total)[2];          /*!< The number of Bytes processed.  */
54     uint32_t MBEDTLS_PRIVATE(state)[8];          /*!< The intermediate digest state.  */
55     unsigned char MBEDTLS_PRIVATE(buffer)[64];   /*!< The data block being processed. */
56     int MBEDTLS_PRIVATE(is224);                  /*!< Determines which function to use:
57                                                     0: Use SHA-256, or 1: Use SHA-224. */
58 }
59 mbedtls_sha256_context;
60 
61 #else  /* MBEDTLS_SHA256_ALT */
62 #include "sha256_alt.h"
63 #endif /* MBEDTLS_SHA256_ALT */
64 
65 /**
66  * \brief          This function initializes a SHA-256 context.
67  *
68  * \param ctx      The SHA-256 context to initialize. This must not be \c NULL.
69  */
70 void mbedtls_sha256_init(mbedtls_sha256_context *ctx);
71 
72 /**
73  * \brief          This function clears a SHA-256 context.
74  *
75  * \param ctx      The SHA-256 context to clear. This may be \c NULL, in which
76  *                 case this function returns immediately. If it is not \c NULL,
77  *                 it must point to an initialized SHA-256 context.
78  */
79 void mbedtls_sha256_free(mbedtls_sha256_context *ctx);
80 
81 /**
82  * \brief          This function clones the state of a SHA-256 context.
83  *
84  * \param dst      The destination context. This must be initialized.
85  * \param src      The context to clone. This must be initialized.
86  */
87 void mbedtls_sha256_clone(mbedtls_sha256_context *dst,
88                           const mbedtls_sha256_context *src);
89 
90 /**
91  * \brief          This function starts a SHA-224 or SHA-256 checksum
92  *                 calculation.
93  *
94  * \param ctx      The context to use. This must be initialized.
95  * \param is224    This determines which function to use. This must be
96  *                 either \c 0 for SHA-256, or \c 1 for SHA-224.
97  *
98  * \note           is224 must be defined accordingly to the enabled
99  *                 MBEDTLS_SHA224_C/MBEDTLS_SHA256_C symbols otherwise the
100  *                 function will return #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
101  *
102  * \return         \c 0 on success.
103  * \return         A negative error code on failure.
104  */
105 int mbedtls_sha256_starts(mbedtls_sha256_context *ctx, int is224);
106 
107 /**
108  * \brief          This function feeds an input buffer into an ongoing
109  *                 SHA-256 checksum calculation.
110  *
111  * \param ctx      The SHA-256 context. This must be initialized
112  *                 and have a hash operation started.
113  * \param input    The buffer holding the data. This must be a readable
114  *                 buffer of length \p ilen Bytes.
115  * \param ilen     The length of the input data in Bytes.
116  *
117  * \return         \c 0 on success.
118  * \return         A negative error code on failure.
119  */
120 int mbedtls_sha256_update(mbedtls_sha256_context *ctx,
121                           const unsigned char *input,
122                           size_t ilen);
123 
124 /**
125  * \brief          This function finishes the SHA-256 operation, and writes
126  *                 the result to the output buffer.
127  *
128  * \param ctx      The SHA-256 context. This must be initialized
129  *                 and have a hash operation started.
130  * \param output   The SHA-224 or SHA-256 checksum result.
131  *                 This must be a writable buffer of length \c 32 bytes
132  *                 for SHA-256, \c 28 bytes for SHA-224.
133  *
134  * \return         \c 0 on success.
135  * \return         A negative error code on failure.
136  */
137 int mbedtls_sha256_finish(mbedtls_sha256_context *ctx,
138                           unsigned char *output);
139 
140 /**
141  * \brief          This function processes a single data block within
142  *                 the ongoing SHA-256 computation. This function is for
143  *                 internal use only.
144  *
145  * \param ctx      The SHA-256 context. This must be initialized.
146  * \param data     The buffer holding one block of data. This must
147  *                 be a readable buffer of length \c 64 Bytes.
148  *
149  * \return         \c 0 on success.
150  * \return         A negative error code on failure.
151  */
152 int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx,
153                                     const unsigned char data[64]);
154 
155 /**
156  * \brief          This function calculates the SHA-224 or SHA-256
157  *                 checksum of a buffer.
158  *
159  *                 The function allocates the context, performs the
160  *                 calculation, and frees the context.
161  *
162  *                 The SHA-256 result is calculated as
163  *                 output = SHA-256(input buffer).
164  *
165  * \param input    The buffer holding the data. This must be a readable
166  *                 buffer of length \p ilen Bytes.
167  * \param ilen     The length of the input data in Bytes.
168  * \param output   The SHA-224 or SHA-256 checksum result.
169  *                 This must be a writable buffer of length \c 32 bytes
170  *                 for SHA-256, \c 28 bytes for SHA-224.
171  * \param is224    Determines which function to use. This must be
172  *                 either \c 0 for SHA-256, or \c 1 for SHA-224.
173  *
174  * \return         \c 0 on success.
175  * \return         A negative error code on failure.
176  */
177 int mbedtls_sha256(const unsigned char *input,
178                    size_t ilen,
179                    unsigned char *output,
180                    int is224);
181 
182 #if defined(MBEDTLS_SELF_TEST)
183 
184 #if defined(MBEDTLS_SHA224_C)
185 /**
186  * \brief          The SHA-224 checkup routine.
187  *
188  * \return         \c 0 on success.
189  * \return         \c 1 on failure.
190  */
191 int mbedtls_sha224_self_test(int verbose);
192 #endif /* MBEDTLS_SHA224_C */
193 
194 #if defined(MBEDTLS_SHA256_C)
195 /**
196  * \brief          The SHA-256 checkup routine.
197  *
198  * \return         \c 0 on success.
199  * \return         \c 1 on failure.
200  */
201 int mbedtls_sha256_self_test(int verbose);
202 #endif /* MBEDTLS_SHA256_C */
203 
204 #endif /* MBEDTLS_SELF_TEST */
205 
206 #ifdef __cplusplus
207 }
208 #endif
209 
210 #endif /* mbedtls_sha256.h */
211