1d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt/*
2d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt * SHA-384 hash implementation and interface functions
3d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt * Copyright (c) 2015, Pali Rohár <pali.rohar@gmail.com>
4d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt *
5d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt * This software may be distributed under the terms of the BSD license.
6d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt * See README for more details.
7d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt */
8d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt
9d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt#include "includes.h"
10d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt
11d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt#include "common.h"
12d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt#include "sha384_i.h"
13d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt#include "crypto.h"
14d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt
15d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt
16d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt/**
17d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt * sha384_vector - SHA384 hash for data vector
18d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt * @num_elem: Number of elements in the data vector
19d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt * @addr: Pointers to the data areas
20d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt * @len: Lengths of the data blocks
21d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt * @mac: Buffer for the hash
22d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt * Returns: 0 on success, -1 of failure
23d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt */
24d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidtint sha384_vector(size_t num_elem, const u8 *addr[], const size_t *len,
25d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt		  u8 *mac)
26d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt{
27d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	struct sha384_state ctx;
28d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	size_t i;
29d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt
30d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	sha384_init(&ctx);
31d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	for (i = 0; i < num_elem; i++)
32d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt		if (sha384_process(&ctx, addr[i], len[i]))
33d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt			return -1;
34d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	if (sha384_done(&ctx, mac))
35d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt		return -1;
36d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	return 0;
37d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt}
38d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt
39d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt
40d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt/* ===== start - public domain SHA384 implementation ===== */
41d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt
42d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt/* This is based on SHA384 implementation in LibTomCrypt that was released into
43d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt * public domain by Tom St Denis. */
44d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt
45d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt#define CONST64(n) n ## ULL
46d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt
47d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt/**
48d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt   Initialize the hash state
49d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt   @param md   The hash state you wish to initialize
50d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt   @return CRYPT_OK if successful
51d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt*/
52d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidtvoid sha384_init(struct sha384_state *md)
53d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt{
54d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	md->curlen = 0;
55d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	md->length = 0;
56d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	md->state[0] = CONST64(0xcbbb9d5dc1059ed8);
57d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	md->state[1] = CONST64(0x629a292a367cd507);
58d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	md->state[2] = CONST64(0x9159015a3070dd17);
59d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	md->state[3] = CONST64(0x152fecd8f70e5939);
60d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	md->state[4] = CONST64(0x67332667ffc00b31);
61d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	md->state[5] = CONST64(0x8eb44a8768581511);
62d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	md->state[6] = CONST64(0xdb0c2e0d64f98fa7);
63d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	md->state[7] = CONST64(0x47b5481dbefa4fa4);
64d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt}
65d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt
66d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidtint sha384_process(struct sha384_state *md, const unsigned char *in,
67d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt		   unsigned long inlen)
68d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt{
69d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	return sha512_process(md, in, inlen);
70d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt}
71d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt
72d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt/**
73d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt   Terminate the hash to get the digest
74d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt   @param md  The hash state
75d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt   @param out [out] The destination of the hash (48 bytes)
76d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt   @return CRYPT_OK if successful
77d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt*/
78d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidtint sha384_done(struct sha384_state *md, unsigned char *out)
79d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt{
80d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	unsigned char buf[64];
81d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt
82d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	if (md->curlen >= sizeof(md->buf))
83d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt		return -1;
84d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt
85d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	if (sha512_done(md, buf) != 0)
86d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt		return -1;
87d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt
88d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	os_memcpy(out, buf, 48);
89d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt	return 0;
90d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt}
91d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt
92d7ff03d48f825360eec2a371e3361306f2fd721bDmitry Shmidt/* ===== end - public domain SHA384 implementation ===== */
93