SHA2.h

Go to the documentation of this file.

/*
 * Copyright (c) 2017-2020, Texas Instruments Incorporated
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * *  Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * *  Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * *  Neither the name of Texas Instruments Incorporated nor the names of
 *    its contributors may be used to endorse or promote products derived
 *    from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
/*!****************************************************************************
 *  @file       SHA2.h
 *
 *  @brief      SHA2 driver header
 *
 *  @anchor ti_drivers_SHA2_Overview
 *  # Overview #
 *
 *  SHA2 (Secure Hash Algorithm 2) is a cryptographic hashing algorithm that
 *  maps an input of arbitrary length to a fixed-length output with negligible
 *  probability of collision. A collision would occur when two different inputs
 *  map to the same output.
 *
 *  It is not currently technologicaly feasible to derive an input from
 *  the hash digest (output) itself.
 *
 *  Hashes are often used to ensure the integrity of messages. They are also
 *  used to as constituent parts of more complicated cyptographic schemes.
 *  HMAC is a message authentication code that is based on hash functions such
 *  as SHA2 rather than a block cipher.
 *  Hashes may themselves be used as or form a part of key derivation functions
 *  used to derive symmetric keys from sources of entropy such as an Elliptic
 *  Curve Diffie-Helman key exchange (ECDH).
 *
 *  SHA2 is not actually a single algorithm, but a suite of similar algorithms
 *  that produce hash digests of different lengths. 224, 256, 384, and 512-bit
 *  outputs are available.
 *
 *  "Hash" may refer to either the process of hashing when used as a verb and
 *  the output digest when used as a noun.
 *
 *  @anchor ti_drivers_SHA2_Usage
 *  # Usage #
 *
 *  Before starting a SHA2 operation, the application must do the following:
 *      - Call #SHA2_init() to initialize the driver
 *      - Call #SHA2_Params_init() to initialize the SHA2_Params to default values.
 *      - Modify the #SHA2_Params as desired
 *      - Call #SHA2_open() to open an instance of the driver
 *
 *  There are two general ways to execute a SHA2 operation:
 *
 *  - one-step (in one operation)
 *  - multi-step (multiple partial operations)

 *  @anchor ti_drivers_SHA2_Synopsis
 *  # Synopsis
 *
 *  @anchor ti_drivers_SHA2_Synopsis_Code
 *  @code
 *
 *  // Import SHA2 Driver definitions
 *  #include <ti/drivers/SHA2.h>
 *
 *  // Define name for SHA2 channel index
 *  #define SHA2_INSTANCE 0
 *
 *  SHA2_init();
 *
 *  handle = SHA2_open(SHA2_INSTANCE, NULL);
 *
 *  result = SHA2_hashData(handle, message, strlen(message), actualDigest);
 *
 *  SHA2_close(handle);
 *  @endcode
 *
 *  @anchor ti_drivers_SHA2_Examples
 *  # Examples #
 *
 *  ## One-step hash operation #
 *
 *  The #SHA2_hashData() function can perform a SHA2 operation in a single call.
 *  It will always use the most highly optimized routine with the least overhead and
 *  the fastest runtime. However, it requires that the entire input message is
 *  available to the function in a contiguous location at the start of the call.
 *  The single call operation is required when hashing a message with a length smaller
 *  than or equal to one hash-block length. All devices support single call operations.
 *
 *  After a SHA2 operation completes, the application may either start
 *  another operation or close the driver by calling #SHA2_close().
 *
 *  @code
 *  SHA2_Params params;
 *  SHA2_Handle handle;
 *  int_fast16_t result;
 *
 *  char message[] = "A Ferengi without profit is no Ferengi at all.";
 *
 *  uint8_t actualDigest[SHA2_DIGEST_LENGTH_BYTES_256];
 *  uint8_t expectedDigest[] = {
 *      0x93, 0xD6, 0x5C, 0x07,
 *      0xA6, 0x26, 0x88, 0x9C,
 *      0x87, 0xCC, 0x82, 0x24,
 *      0x47, 0xC6, 0xE4, 0x28,
 *      0xC0, 0xBD, 0xC6, 0xED,
 *      0xAA, 0x8C, 0xD2, 0x53,
 *      0x77, 0xAA, 0x73, 0x14,
 *      0xA3, 0xE2, 0xDE, 0x43
 *  };
 *
 *  SHA2_init();
 *
 *  SHA2_Params_init(&params);
 *  params.returnBehavior = SHA2_RETURN_BEHAVIOR_BLOCKING;
 *  handle = SHA2_open(0, &params);
 *  assert(handle != NULL);
 *
 *  result = SHA2_hashData(handle, message, strlen(message), actualDigest);
 *  assert(result == SHA2_STATUS_SUCCESS);
 *
 *  result = memcmp(actualDigest, expectedDigest, SHA2_DIGEST_LENGTH_BYTES_256);
 *  assert(result == 0);
 *
 *  SHA2_close(handle);
 *  @endcode
 *
 *  ## Partial hash operation #
 *
 *  When trying to operate on data that is too large to fit into available memory,
 *  partial processing is more advisable. The segments are processed with
 *  #SHA2_addData() whereas the final digest is computed by #SHA2_finalize().
 *
 *  @code
 *  SHA2_Handle handle;
 *  int_fast16_t result;
 *  SHA2_Params params;
 *
 *  const char message[] =
 *      "Premature optimization is the root of all evil (or at least most of it) in programming.";
 *
 *  uint8_t actualDigest[SHA2_DIGEST_LENGTH_BYTES_256];
 *  uint8_t expectedDigest[] = {
 *      0xF2, 0x6A, 0xFF, 0x01,
 *      0x11, 0x6B, 0xF6, 0x77,
 *      0x63, 0x91, 0xFE, 0xD9,
 *      0x47, 0x56, 0x99, 0xB2,
 *      0xAD, 0x7D, 0x64, 0x16,
 *      0xF7, 0x40, 0x1A, 0x5B,
 *      0xCC, 0xC7, 0x08, 0x3D,
 *      0xE8, 0x6B, 0x35, 0x6D,
 *  };
 *
 *  SHA2_init();
 *
 *  SHA2_Params_init(&params);
 *  params.returnBehavior = SHA2_RETURN_BEHAVIOR_BLOCKING;
 *  handle = SHA2_open(0, &params);
 *  assert(handle != NULL);
 *
 *  // We can configure the driver even after SHA2_open()
 *  result = SHA2_setHashType(handle, SHA2_HASH_TYPE_256);
 *  assert(result == SHA2_STATUS_SUCCESS);
 *
 *  // Process data in chunks. The driver buffers incomplete blocks internally.
 *  result = SHA2_addData(handle, &message[0], 17);
 *  assert(result == SHA2_STATUS_SUCCESS);
 *
 *  result = SHA2_addData(handle, &message[17], strlen(message) - 17);
 *  assert(result == SHA2_STATUS_SUCCESS);
 *
 *  // Compute the resulting digest
 *  result = SHA2_finalize(handle, actualDigest);
 *  assert(result == SHA2_STATUS_SUCCESS);
 *
 *  // Verify
 *  result = memcmp(actualDigest, expectedDigest, SHA2_DIGEST_LENGTH_BYTES_256);
 *  assert(result == 0);
 *
 *  SHA2_close(handle);
 *  @endcode
 *
 *  ## One-step HMAC operation #
 *
 *  The #SHA2_hmac() function can perform a SHA2 operation in a single call.
 *  It will always use the most highly optimized routine with the least overhead
 *  and the fastest runtime. It requires that the entire input message is
 *  available to the function in a contiguous location at the start of the call.
 *
 *  After a SHA2 operation completes, the application may either start
 *  another operation or close the driver by calling #SHA2_close().
 *
 *  @code
 *  SHA2_Params params;
 *  SHA2_Handle handle;
 *  int_fast16_t result;
 *  CryptoKey hmacKey;
 *
 *  uint8_t message[] = {
 *          0xb1, 0x68, 0x9c, 0x25, 0x91, 0xea, 0xf3, 0xc9,
 *          0xe6, 0x60, 0x70, 0xf8, 0xa7, 0x79, 0x54, 0xff,
 *          0xb8, 0x17, 0x49, 0xf1, 0xb0, 0x03, 0x46, 0xf9,
 *          0xdf, 0xe0, 0xb2, 0xee, 0x90, 0x5d, 0xcc, 0x28,
 *          0x8b, 0xaf, 0x4a, 0x92, 0xde, 0x3f, 0x40, 0x01,
 *          0xdd, 0x9f, 0x44, 0xc4, 0x68, 0xc3, 0xd0, 0x7d,
 *          0x6c, 0x6e, 0xe8, 0x2f, 0xac, 0xea, 0xfc, 0x97,
 *          0xc2, 0xfc, 0x0f, 0xc0, 0x60, 0x17, 0x19, 0xd2,
 *          0xdc, 0xd0, 0xaa, 0x2a, 0xec, 0x92, 0xd1, 0xb0,
 *          0xae, 0x93, 0x3c, 0x65, 0xeb, 0x06, 0xa0, 0x3c,
 *          0x9c, 0x93, 0x5c, 0x2b, 0xad, 0x04, 0x59, 0x81,
 *          0x02, 0x41, 0x34, 0x7a, 0xb8, 0x7e, 0x9f, 0x11,
 *          0xad, 0xb3, 0x04, 0x15, 0x42, 0x4c, 0x6c, 0x7f,
 *          0x5f, 0x22, 0xa0, 0x03, 0xb8, 0xab, 0x8d, 0xe5,
 *          0x4f, 0x6d, 0xed, 0x0e, 0x3a, 0xb9, 0x24, 0x5f,
 *          0xa7, 0x95, 0x68, 0x45, 0x1d, 0xfa, 0x25, 0x8e};
 *
 *  // In this case, keyingMaterial is 40 bytes long. It could also be
 *  // any other length.
 *  uint8_t keyingMaterial[] = {
 *          0x97, 0x79, 0xd9, 0x12, 0x06, 0x42, 0x79, 0x7f,
 *          0x17, 0x47, 0x02, 0x5d, 0x5b, 0x22, 0xb7, 0xac,
 *          0x60, 0x7c, 0xab, 0x08, 0xe1, 0x75, 0x8f, 0x2f,
 *          0x3a, 0x46, 0xc8, 0xbe, 0x1e, 0x25, 0xc5, 0x3b,
 *          0x8c, 0x6a, 0x8f, 0x58, 0xff, 0xef, 0xa1, 0x76};
 *
 *
 *
 *  uint8_t actualHmac[SHA2_DIGEST_LENGTH_BYTES_256];
 *  uint8_t expectedHmac[] = {
 *      0x76, 0x9f, 0x00, 0xd3, 0xe6, 0xa6, 0xcc, 0x1f,
 *      0xb4, 0x26, 0xa1, 0x4a, 0x4f, 0x76, 0xc6, 0x46,
 *      0x2e, 0x61, 0x49, 0x72, 0x6e, 0x0d, 0xee, 0x0e,
 *      0xc0, 0xcf, 0x97, 0xa1, 0x66, 0x05, 0xac, 0x8b
 *  };
 *
 *  SHA2_init();
 *
 *  SHA2_Params_init(&params);
 *  params.returnBehavior = SHA2_RETURN_BEHAVIOR_BLOCKING;
 *  handle = SHA2_open(0, &params);
 *  assert(handle != NULL);
 *
 *  CryptoKeyPlaintext_initKey(&hmacKey,
 *                             keyingMaterial,
 *                             sizeof(keyingMaterial));
 *
 *  result = SHA2_hmac(handle,
 *                     &hmacKey,
 *                     message,
 *                     sizeof(message),
 *                     actualHmac);
 *  assert(result == SHA2_STATUS_SUCCESS);
 *
 *  result = memcmp(actualHmac, expectedHmac, SHA2_DIGEST_LENGTH_BYTES_256);
 *  assert(result == 0);
 *
 *  SHA2_close(handle);
 *  @endcode
 */

#ifndef ti_drivers_SHA2__include
#define ti_drivers_SHA2__include

#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>

#include <ti/drivers/cryptoutils/cryptokey/CryptoKey.h>

#ifdef __cplusplus
extern "C" {
#endif

#define SHA2_STATUS_RESERVED        (-32)

#define SHA2_STATUS_SUCCESS         (0)

#define SHA2_STATUS_ERROR           (-1)

#define SHA2_STATUS_RESOURCE_UNAVAILABLE (-2)

#define SHA2_STATUS_CANCELED (-3)

typedef enum {
    SHA2_RETURN_BEHAVIOR_CALLBACK = 1,      
    SHA2_RETURN_BEHAVIOR_BLOCKING = 2,      
    SHA2_RETURN_BEHAVIOR_POLLING  = 4,      
} SHA2_ReturnBehavior;

typedef enum {
    SHA2_HASH_TYPE_224 = 0,
    SHA2_HASH_TYPE_256 = 1,
    SHA2_HASH_TYPE_384 = 2,
    SHA2_HASH_TYPE_512 = 3,
} SHA2_HashType;

typedef enum {
    SHA2_DIGEST_LENGTH_BYTES_224 = 28,
    SHA2_DIGEST_LENGTH_BYTES_256 = 32,
    SHA2_DIGEST_LENGTH_BYTES_384 = 48,
    SHA2_DIGEST_LENGTH_BYTES_512 = 64,
} SHA2_DigestLengthBytes;

typedef enum {
    SHA2_BLOCK_SIZE_BYTES_224 = 64,
    SHA2_BLOCK_SIZE_BYTES_256 = 64,
    SHA2_BLOCK_SIZE_BYTES_384 = 128,
    SHA2_BLOCK_SIZE_BYTES_512 = 128,
} SHA2_BlockSizeBytes;

typedef struct {
    void               *object;

    void         const *hwAttrs;
} SHA2_Config;

typedef SHA2_Config* SHA2_Handle;

typedef void (*SHA2_CallbackFxn) (SHA2_Handle handle, int_fast16_t returnStatus);

typedef struct {
    SHA2_HashType           hashType;                   
    SHA2_ReturnBehavior     returnBehavior;             
    SHA2_CallbackFxn        callbackFxn;                
    uint32_t                timeout;                    
} SHA2_Params;

extern const SHA2_Config SHA2_config[];

extern const uint_least8_t SHA2_count;

extern const SHA2_Params SHA2_defaultParams;


void SHA2_init(void);

void SHA2_Params_init(SHA2_Params *params);

SHA2_Handle SHA2_open(uint_least8_t index, const SHA2_Params *params);

void SHA2_close(SHA2_Handle handle);

int_fast16_t SHA2_setupHmac(SHA2_Handle handle, CryptoKey *key);

int_fast16_t SHA2_addData(SHA2_Handle handle, const void* data, size_t length);

int_fast16_t SHA2_finalize(SHA2_Handle handle, void *digest);

int_fast16_t SHA2_finalizeHmac(SHA2_Handle handle, void *hmac);

int_fast16_t SHA2_hashData(SHA2_Handle handle,
                           const void* data,
                           size_t dataLength,
                           void *digest);

int_fast16_t SHA2_hmac(SHA2_Handle handle,
                       CryptoKey *key,
                       const void *data,
                       size_t dataLength,
                       void *hmac);

void SHA2_reset(SHA2_Handle handle);

int_fast16_t SHA2_cancelOperation(SHA2_Handle handle);

int_fast16_t SHA2_setHashType(SHA2_Handle handle, SHA2_HashType type);

SHA2_Handle SHA2_construct(SHA2_Config *config, const SHA2_Params *params);

#ifdef __cplusplus
}
#endif

#endif /* ti_drivers_SHA2__include */