static int _InitHmac(Hmac* hmac, int type, void* heap)
{
int ret = 0;
switch (type) {
#ifndef NO_MD5
case MD5:
ret = wc_InitMd5(&hmac->hash.md5);
break;
#endif /* !NO_MD5 */
#ifndef NO_SHA
case SHA:
ret = wc_InitSha(&hmac->hash.sha);
break;
#endif /* !NO_SHA */
#ifdef WOLFSSL_SHA224
case SHA224:
ret = wc_InitSha224(&hmac->hash.sha224);
break;
#endif /* WOLFSSL_SHA224 */
#ifndef NO_SHA256
case SHA256:
ret = wc_InitSha256(&hmac->hash.sha256);
break;
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA512
#ifdef WOLFSSL_SHA384
case SHA384:
ret = wc_InitSha384(&hmac->hash.sha384);
break;
#endif /* WOLFSSL_SHA384 */
case SHA512:
ret = wc_InitSha512(&hmac->hash.sha512);
break;
#endif /* WOLFSSL_SHA512 */
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256);
break;
#endif /* HAVE_BLAKE2 */
default:
ret = BAD_FUNC_ARG;
break;
}
/* default to NULL heap hint or test value */
#ifdef WOLFSSL_HEAP_TEST
hmac->heap = (void)WOLFSSL_HEAP_TEST;
#else
hmac->heap = heap;
#endif /* WOLFSSL_HEAP_TEST */
return ret;
}
int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
Sha256* sha256;
#else
Sha256 sha256[1];
#endif
#ifdef WOLFSSL_SMALL_STACK
sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (sha256 == NULL)
return MEMORY_E;
#endif
if ((ret = wc_InitSha256(sha256)) != 0) {
WOLFSSL_MSG("InitSha256 failed");
}
else if ((ret = wc_Sha256Update(sha256, data, len)) != 0) {
WOLFSSL_MSG("Sha256Update failed");
}
else if ((ret = wc_Sha256Final(sha256, hash)) != 0) {
WOLFSSL_MSG("Sha256Final failed");
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
int wc_HashInit(wc_HashAlg* hash, enum wc_HashType type)
{
int ret = HASH_TYPE_E; /* Default to hash type error */
if (hash == NULL)
return BAD_FUNC_ARG;
switch (type) {
case WC_HASH_TYPE_MD5:
#ifndef NO_MD5
wc_InitMd5(&hash->md5);
#endif
break;
case WC_HASH_TYPE_SHA:
#ifndef NO_SHA
ret = wc_InitSha(&hash->sha);
if (ret != 0)
return ret;
#endif
break;
case WC_HASH_TYPE_SHA224:
#ifdef WOLFSSL_SHA224
ret = wc_InitSha224(&hash->sha224);
if (ret != 0)
return ret;
#endif
break;
case WC_HASH_TYPE_SHA256:
#ifndef NO_SHA256
ret = wc_InitSha256(&hash->sha256);
if (ret != 0)
return ret;
#endif
break;
case WC_HASH_TYPE_SHA384:
#ifdef WOLFSSL_SHA384
ret = wc_InitSha384(&hash->sha384);
if (ret != 0)
return ret;
#endif
break;
case WC_HASH_TYPE_SHA512:
#ifdef WOLFSSL_SHA512
ret = wc_InitSha512(&hash->sha512);
if (ret != 0)
return ret;
#endif
break;
/* not supported */
case WC_HASH_TYPE_MD5_SHA:
case WC_HASH_TYPE_MD2:
case WC_HASH_TYPE_MD4:
case WC_HASH_TYPE_NONE:
default:
return BAD_FUNC_ARG;
};
return 0;
}
/* Sets up the generator, loading the seed from persistent storage if possible*/
int pico_rand_init(void) {
int i = 0;
pico_rand_generator.key = PICO_ZALLOC(sizeof(uint8_t) * PICO_RAND_ENCRYPT_KEY_SIZE);
pico_rand_generator.pool = PICO_ZALLOC(sizeof(Sha256) * PICO_RAND_POOL_COUNT); /* n pools of strings; in practice, hashes iteratively updated */
pico_rand_generator.counter = PICO_ZALLOC(sizeof(struct pico_rand_counter_fortuna));
pico_rand_generator.aes = PICO_ZALLOC(sizeof(Aes));
pico_rand_generator.sha = PICO_ZALLOC(sizeof(Sha256));
if (NULL == pico_rand_generator.key ||
NULL == pico_rand_generator.pool ||
NULL == pico_rand_generator.aes ||
NULL == pico_rand_generator.sha) {
return -1; /* Failed to allocate memory! */
}
/* Set counter to 0 (also indicates unseeded state) */
pico_rand_init_counter (pico_rand_generator.counter);
for (i = 0; i < PICO_RAND_POOL_COUNT; i++) {
wc_InitSha256(&(pico_rand_generator.pool[i])); /* TODO right? What does this look like in assembly? */
}
#ifdef PICO_RAND_SEED_PERSISTENT
pico_rand_seed_load();
/* Set up timer for saving seed */
#endif /* PICO_RAND_SEED_PERSISTENT */
return 0;
}
/* Sets up the generator */
int fortuna_init(void)
{
int i = 0;
fortuna_generator.key = kalloc(sizeof(uint8_t) * FORTUNA_ENCRYPT_KEY_SIZE);
fortuna_generator.pool = kalloc(sizeof(Sha256) * FORTUNA_POOL_COUNT); /* n pools of strings; in practice, hashes iteratively updated */
fortuna_generator.counter = kalloc(sizeof(struct fortuna_counter));
fortuna_generator.aes = kalloc(sizeof(Aes));
fortuna_generator.sha = kalloc(sizeof(Sha256));
if (NULL == fortuna_generator.key ||
NULL == fortuna_generator.pool ||
NULL == fortuna_generator.aes ||
NULL == fortuna_generator.sha) {
return -1; /* Failed to allocate memory! */
}
/* Set counter to 0 (also indicates unseeded state) */
fortuna_init_counter(fortuna_generator.counter);
for (i = 0; i < FORTUNA_POOL_COUNT; i++) {
wc_InitSha256(&(fortuna_generator.pool[i])); /* TODO right? What does this look like in assembly? */
}
return 0;
}
/* Re-seed the generator. Called when enough data has been used from the current 'run' */
static int pico_rand_reseed(uint8_t* seed, uint8_t seed_size) {
uint8_t* sha_input = NULL;
sha_input = (uint8_t*) PICO_ZALLOC (seed_size + PICO_RAND_ENCRYPT_KEY_SIZE); /* Seed size + 256b of current SHA hash key */
if (NULL == sha_input) {
/* Failed to alloc, don't increment counter */
return 0;
} else {
memcpy (sha_input, pico_rand_generator.key, PICO_RAND_ENCRYPT_KEY_SIZE); /* Current key */
memcpy (sha_input + PICO_RAND_ENCRYPT_KEY_SIZE, seed, seed_size); /* New seed */
}
wc_InitSha256(pico_rand_generator.sha);
wc_Sha256Update(pico_rand_generator.sha, sha_input, seed_size + 32);
wc_Sha256Final(pico_rand_generator.sha, pico_rand_generator.key);
pico_rand_increment_counter(pico_rand_generator.counter);
PICO_FREE (sha_input);
return 1;
}
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
{
byte data[DRBG_SEED_LEN];
int i;
int len;
word32 checkBlock;
Sha256 sha;
byte digest[SHA256_DIGEST_SIZE];
/* Special case: outSz is 0 and out is NULL. wc_Generate a block to save for
* the continuous test. */
if (outSz == 0) outSz = 1;
len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
XMEMCPY(data, V, sizeof(data));
for (i = 0; i < len; i++) {
if (wc_InitSha256(&sha) != 0 ||
wc_Sha256Update(&sha, data, sizeof(data)) != 0 ||
wc_Sha256Final(&sha, digest) != 0) {
return DRBG_FAILURE;
}
XMEMCPY(&checkBlock, digest, sizeof(word32));
if (drbg->reseedCtr > 1 && checkBlock == drbg->lastBlock) {
if (drbg->matchCount == 1) {
return DRBG_CONT_FAILURE;
}
else {
if (i == len) {
len++;
}
drbg->matchCount = 1;
}
}
else {
drbg->matchCount = 0;
drbg->lastBlock = checkBlock;
}
if (out != NULL) {
if (outSz >= OUTPUT_BLOCK_LEN) {
XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
outSz -= OUTPUT_BLOCK_LEN;
out += OUTPUT_BLOCK_LEN;
array_add_one(data, DRBG_SEED_LEN);
}
else if (out != NULL && outSz != 0) {
XMEMCPY(out, digest, outSz);
outSz = 0;
}
}
}
ForceZero(data, sizeof(data));
return DRBG_SUCCESS;
}
int wc_Sha256Final(Sha256* sha256, byte* hash)
{
byte* local = (byte*)sha256->buffer;
int ret;
AddLength(sha256, sha256->buffLen); /* before adding pads */
local[sha256->buffLen++] = 0x80; /* add 1 */
/* pad with zeros */
if (sha256->buffLen > SHA256_PAD_SIZE) {
XMEMSET(&local[sha256->buffLen], 0, SHA256_BLOCK_SIZE - sha256->buffLen);
sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen;
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
#endif
ret = XTRANSFORM(sha256, local);
if (ret != 0)
return ret;
sha256->buffLen = 0;
}
XMEMSET(&local[sha256->buffLen], 0, SHA256_PAD_SIZE - sha256->buffLen);
/* put lengths in bits */
sha256->hiLen = (sha256->loLen >> (8*sizeof(sha256->loLen) - 3)) +
(sha256->hiLen << 3);
sha256->loLen = sha256->loLen << 3;
/* store lengths */
#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
#endif
/* ! length ordering dependent on digest endian type ! */
XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
XMEMCPY(&local[SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
sizeof(word32));
#ifdef FREESCALE_MMCAU
/* Kinetis requires only these bytes reversed */
ByteReverseWords(&sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
&sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
2 * sizeof(word32));
#endif
ret = XTRANSFORM(sha256, local);
if (ret != 0)
return ret;
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords(sha256->digest, sha256->digest, SHA256_DIGEST_SIZE);
#endif
XMEMCPY(hash, sha256->digest, SHA256_DIGEST_SIZE);
return wc_InitSha256(sha256); /* reset state */
}
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type,
const byte* inA, word32 inASz,
const byte* inB, word32 inBSz)
{
byte ctr;
int i;
int len;
word32 bits = (outSz * 8); /* reverse byte order */
Sha256 sha;
byte digest[SHA256_DIGEST_SIZE];
(void)drbg;
#ifdef LITTLE_ENDIAN_ORDER
bits = ByteReverseWord32(bits);
#endif
len = (outSz / OUTPUT_BLOCK_LEN)
+ ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
for (i = 0, ctr = 1; i < len; i++, ctr++)
{
if (wc_InitSha256(&sha) != 0)
return DRBG_FAILURE;
if (wc_Sha256Update(&sha, &ctr, sizeof(ctr)) != 0)
return DRBG_FAILURE;
if (wc_Sha256Update(&sha, (byte*)&bits, sizeof(bits)) != 0)
return DRBG_FAILURE;
/* churning V is the only string that doesn't have the type added */
if (type != drbgInitV)
if (wc_Sha256Update(&sha, &type, sizeof(type)) != 0)
return DRBG_FAILURE;
if (wc_Sha256Update(&sha, inA, inASz) != 0)
return DRBG_FAILURE;
if (inB != NULL && inBSz > 0)
if (wc_Sha256Update(&sha, inB, inBSz) != 0)
return DRBG_FAILURE;
if (wc_Sha256Final(&sha, digest) != 0)
return DRBG_FAILURE;
if (outSz > OUTPUT_BLOCK_LEN) {
XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
outSz -= OUTPUT_BLOCK_LEN;
out += OUTPUT_BLOCK_LEN;
}
else {
XMEMCPY(out, digest, outSz);
}
}
ForceZero(digest, sizeof(digest));
return DRBG_SUCCESS;
}
/* Initialize SHA-256 */
int CRYPT_SHA256_Initialize(CRYPT_SHA256_CTX* sha256)
{
typedef char sha_test[sizeof(CRYPT_SHA256_CTX) >= sizeof(Sha256) ? 1 : -1];
(void)sizeof(sha_test);
if (sha256 == NULL)
return BAD_FUNC_ARG;
return wc_InitSha256((Sha256*)sha256);
}
static int InitHmac(Hmac* hmac, int type)
{
int ret = 0;
hmac->innerHashKeyed = 0;
hmac->macType = (byte)type;
if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384
|| type == SHA512 || type == BLAKE2B_ID))
return BAD_FUNC_ARG;
switch (type) {
#ifndef NO_MD5
case MD5:
wc_InitMd5(&hmac->hash.md5);
break;
#endif
#ifndef NO_SHA
case SHA:
ret = wc_InitSha(&hmac->hash.sha);
break;
#endif
#ifndef NO_SHA256
case SHA256:
ret = wc_InitSha256(&hmac->hash.sha256);
break;
#endif
#ifdef WOLFSSL_SHA384
case SHA384:
ret = wc_InitSha384(&hmac->hash.sha384);
break;
#endif
#ifdef WOLFSSL_SHA512
case SHA512:
ret = wc_InitSha512(&hmac->hash.sha512);
break;
#endif
#ifdef HAVE_BLAKE2
case BLAKE2B_ID:
ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256);
break;
#endif
default:
return BAD_FUNC_ARG;
}
return ret;
}
int wc_Sha256Final(Sha256 *sha256, byte *hash)
{
byte *local = (byte *)sha256->buffer;
int ret;
AddLength(sha256, sha256->buffLen); /* before adding pads */
local[sha256->buffLen++] = 0x80; /* add 1 */
/* pad with zeros */
if (sha256->buffLen > SHA256_PAD_SIZE) {
XMEMSET(&local[sha256->buffLen], 0, SHA256_BLOCK_SIZE - sha256->buffLen);
sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen;
ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
ret = XTRANSFORM(sha256, local);
if (ret != 0)
return ret;
sha256->buffLen = 0;
}
XMEMSET(&local[sha256->buffLen], 0, SHA256_PAD_SIZE - sha256->buffLen);
/* put lengths in bits */
sha256->hiLen = (sha256->loLen >> (8 * sizeof(sha256->loLen) - 3)) +
(sha256->hiLen << 3);
sha256->loLen = sha256->loLen << 3;
/* store lengths */
ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
/* ! length ordering dependent on digest endian type ! */
XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
XMEMCPY(&local[SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
sizeof(word32));
ret = XTRANSFORM(sha256, local);
if (ret != 0)
return ret;
ByteReverseWords(sha256->digest, sha256->digest, SHA256_DIGEST_SIZE);
XMEMCPY(hash, sha256->digest, SHA256_DIGEST_SIZE);
return wc_InitSha256(sha256); /* reset state */
}
int sha256_test(void)
{
Sha256 sha;
byte hash[SHA256_DIGEST_SIZE];
testVector a, b;
testVector test_sha[2];
int ret;
int times = sizeof(test_sha) / sizeof(struct testVector), i;
a.input = "abc";
a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
"\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
"\x15\xAD";
a.inLen = XSTRLEN(a.input);
a.outLen = XSTRLEN(a.output);
b.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
b.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
"\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
"\x06\xC1";
b.inLen = XSTRLEN(b.input);
b.outLen = XSTRLEN(b.output);
test_sha[0] = a;
test_sha[1] = b;
ret = wc_InitSha256(&sha);
if (ret != 0)
return ret;
for (i = 0; i < times; ++i) {
ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
if (ret != 0)
return ret;
ret = wc_Sha256Final(&sha, hash);
if (ret != 0)
return ret;
if (XMEMCMP(hash, test_sha[i].output, SHA256_DIGEST_SIZE) != 0)
return -10 - i;
}
return 0;
}
void file_test(const char* file, byte* check)
{
FILE* f;
int i = 0, j, ret;
Sha256 sha256;
byte buf[1024];
byte shasum[SHA256_DIGEST_SIZE];
ret = wc_InitSha256(&sha256);
if (ret != 0) {
printf("Can't wc_InitSha256 %d\n", ret);
return;
}
if( !( f = fopen( file, "rb" ) )) {
printf("Can't open %s\n", file);
return;
}
while( ( i = (int)fread(buf, 1, sizeof(buf), f )) > 0 ) {
ret = wc_Sha256Update(&sha256, buf, i);
if (ret != 0) {
printf("Can't wc_Sha256Update %d\n", ret);
fclose(f);
return;
}
}
ret = wc_Sha256Final(&sha256, shasum);
if (ret != 0) {
printf("Can't wc_Sha256Final %d\n", ret);
fclose(f);
return;
}
memcpy(check, shasum, sizeof(shasum));
for(j = 0; j < SHA256_DIGEST_SIZE; ++j )
printf( "%02x", shasum[j] );
printf(" %s\n", file);
fclose(f);
}
void sha256_rsa_pubkey
(
unsigned char hash[SHA256_DIGEST_SIZE],
RsaKey* key
)
{
// Expect a 2048 bit RSA key.
assert(key->n.used == 32);
uint8_t buf[1024];
/* SetRsaPublicKey() only exports n and e without wrapping them in
additional ASN.1 (PKCS#1). */
int pub_rsa_key_der_len = SetRsaPublicKey(buf, key, sizeof(buf), 0);
assert(pub_rsa_key_der_len == 270);
Sha256 sha;
wc_InitSha256(&sha);
wc_Sha256Update(&sha, buf, pub_rsa_key_der_len);
wc_Sha256Final(&sha, hash);
}
static int SrpHashInit(SrpHash* hash, SrpType type)
{
hash->type = type;
switch (type) {
case SRP_TYPE_SHA:
#ifndef NO_SHA
return wc_InitSha(&hash->data.sha);
#else
return BAD_FUNC_ARG;
#endif
case SRP_TYPE_SHA256:
#ifndef NO_SHA256
return wc_InitSha256(&hash->data.sha256);
#else
return BAD_FUNC_ARG;
#endif
case SRP_TYPE_SHA384:
#ifdef WOLFSSL_SHA384
return wc_InitSha384(&hash->data.sha384);
#else
return BAD_FUNC_ARG;
#endif
case SRP_TYPE_SHA512:
#ifdef WOLFSSL_SHA512
return wc_InitSha512(&hash->data.sha512);
#else
return BAD_FUNC_ARG;
#endif
default:
return BAD_FUNC_ARG;
}
}
/* check mcapi sha256 against internal */
static int check_sha256(void)
{
CRYPT_SHA256_CTX mcSha256;
Sha256 defSha256;
int ret;
byte mcDigest[CRYPT_SHA256_DIGEST_SIZE];
byte defDigest[SHA256_DIGEST_SIZE];
CRYPT_SHA256_Initialize(&mcSha256);
ret = wc_InitSha256(&defSha256);
if (ret != 0) {
printf("sha256 init default failed\n");
return -1;
}
CRYPT_SHA256_DataAdd(&mcSha256, ourData, OUR_DATA_SIZE);
ret = wc_Sha256Update(&defSha256, ourData, OUR_DATA_SIZE);
if (ret != 0) {
printf("sha256 update default failed\n");
return -1;
}
CRYPT_SHA256_Finalize(&mcSha256, mcDigest);
ret = wc_Sha256Final(&defSha256, defDigest);
if (ret != 0) {
printf("sha256 final default failed\n");
return -1;
}
if (memcmp(mcDigest, defDigest, CRYPT_SHA256_DIGEST_SIZE) != 0) {
printf("sha256 final memcmp fialed\n");
return -1;
}
printf("sha256 mcapi test passed\n");
return 0;
}
/* Re-seed the generator. Called when enough data has been used from the current 'run' */
static int fortuna_reseed(uint8_t *seed, uint8_t seed_size)
{
uint8_t *sha_input = NULL;
sha_input = (uint8_t *)kalloc(seed_size + FORTUNA_ENCRYPT_KEY_SIZE); /* Seed size + 256b of current SHA hash key */
if (NULL == sha_input) {
/* Failed to alloc, don't increment counter */
return 0;
} else {
memcpy(sha_input, fortuna_generator.key, FORTUNA_ENCRYPT_KEY_SIZE); /* Current key */
memcpy(sha_input + FORTUNA_ENCRYPT_KEY_SIZE, seed, seed_size); /* New seed */
}
wc_InitSha256(fortuna_generator.sha);
wc_Sha256Update(fortuna_generator.sha, sha_input, seed_size + 32);
wc_Sha256Final(fortuna_generator.sha, fortuna_generator.key);
fortuna_increment_counter(fortuna_generator.counter);
kfree(sha_input);
return 1;
}
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type,
const byte* inA, word32 inASz,
const byte* inB, word32 inBSz)
{
int ret = DRBG_FAILURE;
byte ctr;
int i;
int len;
word32 bits = (outSz * 8); /* reverse byte order */
Sha256 sha;
DECLARE_VAR(digest, byte, SHA256_DIGEST_SIZE, drbg->heap);
(void)drbg;
#ifdef WOLFSSL_ASYNC_CRYPT
if (digest == NULL)
return DRBG_FAILURE;
#endif
#ifdef LITTLE_ENDIAN_ORDER
bits = ByteReverseWord32(bits);
#endif
len = (outSz / OUTPUT_BLOCK_LEN)
+ ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
for (i = 0, ctr = 1; i < len; i++, ctr++) {
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wc_InitSha256_ex(&sha, drbg->heap, drbg->devId);
#else
ret = wc_InitSha256(&sha);
#endif
if (ret != 0)
break;
if (ret == 0)
ret = wc_Sha256Update(&sha, &ctr, sizeof(ctr));
if (ret == 0)
ret = wc_Sha256Update(&sha, (byte*)&bits, sizeof(bits));
if (ret == 0) {
/* churning V is the only string that doesn't have the type added */
if (type != drbgInitV)
ret = wc_Sha256Update(&sha, &type, sizeof(type));
}
if (ret == 0)
ret = wc_Sha256Update(&sha, inA, inASz);
if (ret == 0) {
if (inB != NULL && inBSz > 0)
ret = wc_Sha256Update(&sha, inB, inBSz);
}
if (ret == 0)
ret = wc_Sha256Final(&sha, digest);
wc_Sha256Free(&sha);
if (ret == 0) {
if (outSz > OUTPUT_BLOCK_LEN) {
XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
outSz -= OUTPUT_BLOCK_LEN;
out += OUTPUT_BLOCK_LEN;
}
else {
XMEMCPY(out, digest, outSz);
}
}
}
ForceZero(digest, SHA256_DIGEST_SIZE);
FREE_VAR(digest, drbg->heap);
return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
}
/*
* benchmarking funciton
*/
int wolfCLU_benchmark(int timer, int* option)
{
int i = 0; /* A looping variable */
int loop = 1; /* benchmarking loop */
int64_t blocks = 0; /* blocks used during benchmarking */
#ifndef NO_AES
Aes aes; /* aes declaration */
#endif
#ifndef NO_DES3
Des3 des3; /* 3des declaration */
#endif
RNG rng; /* random number generator */
int ret = 0; /* return variable */
double stop = 0.0; /* stop breaks loop */
double start; /* start time */
double currTime; /* current time*/
ALIGN16 byte* plain; /* plain text */
ALIGN16 byte* cipher; /* cipher */
ALIGN16 byte* key; /* key for testing */
ALIGN16 byte* iv; /* iv for initial encoding */
byte* digest; /* message digest */
wc_InitRng(&rng);
signal(SIGALRM, wolfCLU_stop);
i = 0;
#ifndef NO_AES
/* aes test */
if (option[i] == 1) {
plain = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
return MEMORY_E;
}
cipher = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (cipher == NULL) {
wolfCLU_freeBins(plain, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
key = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL) {
wolfCLU_freeBins(plain, cipher, NULL, NULL, NULL);
return MEMORY_E;
}
iv = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (iv == NULL) {
wolfCLU_freeBins(plain, cipher, key, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, AES_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, cipher, AES_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, key, AES_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, iv, AES_BLOCK_SIZE);
start = wolfCLU_getTime();
alarm(timer);
wc_AesSetKey(&aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
while (loop) {
wc_AesCbcEncrypt(&aes, cipher, plain, AES_BLOCK_SIZE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
printf("\n");
printf("AES-CBC ");
wolfCLU_stats(start, AES_BLOCK_SIZE, blocks);
XMEMSET(plain, 0, AES_BLOCK_SIZE);
XMEMSET(cipher, 0, AES_BLOCK_SIZE);
XMEMSET(key, 0, AES_BLOCK_SIZE);
XMEMSET(iv, 0, AES_BLOCK_SIZE);
wolfCLU_freeBins(plain, cipher, key, iv, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifdef WOLFSSL_AES_COUNTER
/* aes-ctr test */
if (option[i] == 1) {
plain = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
return MEMORY_E;
}
cipher = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (cipher == NULL) {
wolfCLU_freeBins(plain, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
key = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL) {
wolfCLU_freeBins(plain, cipher, NULL, NULL, NULL);
return MEMORY_E;
}
iv = XMALLOC(AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (iv == NULL) {
wolfCLU_freeBins(plain, cipher, key, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, AES_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, cipher, AES_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, key, AES_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, iv, AES_BLOCK_SIZE);
start = wolfCLU_getTime();
alarm(timer);
wc_AesSetKeyDirect(&aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
while (loop) {
wc_AesCtrEncrypt(&aes, cipher, plain, AES_BLOCK_SIZE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
printf("AES-CTR ");
wolfCLU_stats(start, AES_BLOCK_SIZE, blocks);
XMEMSET(plain, 0, AES_BLOCK_SIZE);
XMEMSET(cipher, 0, AES_BLOCK_SIZE);
XMEMSET(key, 0, AES_BLOCK_SIZE);
XMEMSET(iv, 0, AES_BLOCK_SIZE);
wolfCLU_freeBins(plain, cipher, key, iv, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifndef NO_DES3
/* 3des test */
if (option[i] == 1) {
plain = XMALLOC(DES3_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
return MEMORY_E;
}
cipher = XMALLOC(DES3_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (cipher == NULL) {
wolfCLU_freeBins(plain, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
key = XMALLOC(DES3_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL) {
wolfCLU_freeBins(plain, cipher, NULL, NULL, NULL);
return MEMORY_E;
}
iv = XMALLOC(DES3_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (iv == NULL) {
wolfCLU_freeBins(plain, cipher, key, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, DES3_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, cipher, DES3_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, key, DES3_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, iv, DES3_BLOCK_SIZE);
start = wolfCLU_getTime();
alarm(timer);
wc_Des3_SetKey(&des3, key, iv, DES_ENCRYPTION);
while (loop) {
wc_Des3_CbcEncrypt(&des3, cipher, plain, DES3_BLOCK_SIZE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
printf("3DES ");
wolfCLU_stats(start, DES3_BLOCK_SIZE, blocks);
XMEMSET(plain, 0, DES3_BLOCK_SIZE);
XMEMSET(cipher, 0, DES3_BLOCK_SIZE);
XMEMSET(key, 0, DES3_BLOCK_SIZE);
XMEMSET(iv, 0, DES3_BLOCK_SIZE);
wolfCLU_freeBins(plain, cipher, key, iv, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifdef HAVE_CAMELLIA
#define CAM_SZ CAMELLIA_BLOCK_SIZE
/* camellia test */
if (option[i] == 1) {
Camellia camellia;
plain = XMALLOC(CAM_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
return MEMORY_E;
}
cipher = XMALLOC(CAM_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (cipher == NULL) {
wolfCLU_freeBins(plain, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
key = XMALLOC(CAM_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL) {
wolfCLU_freeBins(plain, cipher, NULL, NULL, NULL);
return MEMORY_E;
}
iv = XMALLOC(CAM_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (iv == NULL) {
wolfCLU_freeBins(plain, cipher, key, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, CAMELLIA_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, cipher, CAMELLIA_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, key, CAMELLIA_BLOCK_SIZE);
wc_RNG_GenerateBlock(&rng, iv, CAMELLIA_BLOCK_SIZE);
start = wolfCLU_getTime();
alarm(timer);
wc_CamelliaSetKey(&camellia, key, CAMELLIA_BLOCK_SIZE, iv);
while (loop) {
wc_CamelliaCbcEncrypt(&camellia, cipher, plain, CAMELLIA_BLOCK_SIZE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
printf("Camellia ");
wolfCLU_stats(start, CAMELLIA_BLOCK_SIZE, blocks);
XMEMSET(plain, 0, CAMELLIA_BLOCK_SIZE);
XMEMSET(cipher, 0, CAMELLIA_BLOCK_SIZE);
XMEMSET(key, 0, CAMELLIA_BLOCK_SIZE);
XMEMSET(iv, 0, CAMELLIA_BLOCK_SIZE);
wolfCLU_freeBins(plain, cipher, key, iv, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifndef NO_MD5
/* md5 test */
if (option[i] == 1) {
Md5 md5;
digest = XMALLOC(MD5_DIGEST_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (digest == NULL)
return MEMORY_E;
plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, MEGABYTE);
wc_InitMd5(&md5);
start = wolfCLU_getTime();
alarm(timer);
while (loop) {
wc_Md5Update(&md5, plain, MEGABYTE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
wc_Md5Final(&md5, digest);
printf("MD5 ");
wolfCLU_stats(start, MEGABYTE, blocks);
XMEMSET(plain, 0, MEGABYTE);
XMEMSET(digest, 0, MD5_DIGEST_SIZE);
wolfCLU_freeBins(digest, plain, NULL, NULL, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifndef NO_SHA
/* sha test */
if (option[i] == 1) {
Sha sha;
digest = XMALLOC(SHA_DIGEST_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (digest == NULL)
return MEMORY_E;
plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, MEGABYTE);
wc_InitSha(&sha);
start = wolfCLU_getTime();
alarm(timer);
while (loop) {
wc_ShaUpdate(&sha, plain, MEGABYTE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
wc_ShaFinal(&sha, digest);
printf("Sha ");
wolfCLU_stats(start, MEGABYTE, blocks);
XMEMSET(plain, 0, MEGABYTE);
XMEMSET(digest, 0, SHA_DIGEST_SIZE);
wolfCLU_freeBins(plain, digest, NULL, NULL, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifndef NO_SHA256
#define SHA256_SZ SHA256_DIGEST_SIZE
/* sha256 test */
if (option[i] == 1) {
Sha256 sha256;
digest = XMALLOC(SHA256_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (digest == NULL)
return MEMORY_E;
plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, MEGABYTE);
wc_InitSha256(&sha256);
start = wolfCLU_getTime();
alarm(timer);
while (loop) {
wc_Sha256Update(&sha256, plain, MEGABYTE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
wc_Sha256Final(&sha256, digest);
printf("Sha256 ");
wolfCLU_stats(start, MEGABYTE, blocks);
XMEMSET(plain, 0, MEGABYTE);
XMEMSET(digest, 0, SHA256_DIGEST_SIZE);
wolfCLU_freeBins(plain, digest, NULL, NULL, NULL);
/* resets used for debug, uncomment if needed */
blocks = 0;
loop = 1;
}
i++;
#endif
#ifdef WOLFSSL_SHA384
#define SHA384_SZ SHA384_DIGEST_SIZE
/* sha384 test */
if (option[i] == 1) {
Sha384 sha384;
digest = XMALLOC(SHA384_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (digest == NULL)
return MEMORY_E;
plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, MEGABYTE);
wc_InitSha384(&sha384);
start = wolfCLU_getTime();
alarm(timer);
while (loop) {
wc_Sha384Update(&sha384, plain, MEGABYTE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
wc_Sha384Final(&sha384, digest);
printf("Sha384 ");
wolfCLU_stats(start, MEGABYTE, blocks);
XMEMSET(plain, 0, MEGABYTE);
XMEMSET(digest, 0, SHA384_DIGEST_SIZE);
wolfCLU_freeBins(plain, digest, NULL, NULL, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifdef WOLFSSL_SHA512
#define SHA512_SZ SHA512_DIGEST_SIZE
/* sha512 test */
if (option[i] == 1) {
Sha512 sha512;
digest = XMALLOC(SHA512_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (digest == NULL)
return MEMORY_E;
plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, MEGABYTE);
wc_InitSha512(&sha512);
start = wolfCLU_getTime();
alarm(timer);
while (loop) {
wc_Sha512Update(&sha512, plain, MEGABYTE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
wc_Sha512Final(&sha512, digest);
printf("Sha512 ");
wolfCLU_stats(start, MEGABYTE, blocks);
XMEMSET(plain, 0, MEGABYTE);
XMEMSET(digest, 0, SHA512_DIGEST_SIZE);
wolfCLU_freeBins(plain, digest, NULL, NULL, NULL);
blocks = 0;
loop = 1;
}
i++;
#endif
#ifdef HAVE_BLAKE2
/* blake2b test */
if (option[i] == 1) {
Blake2b b2b;
digest = XMALLOC(BLAKE_DIGEST_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (digest == NULL)
return MEMORY_E;
plain = XMALLOC(MEGABYTE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (plain == NULL) {
wolfCLU_freeBins(digest, NULL, NULL, NULL, NULL);
return MEMORY_E;
}
wc_RNG_GenerateBlock(&rng, plain, MEGABYTE);
wc_InitBlake2b(&b2b, BLAKE_DIGEST_SIZE);
start = wolfCLU_getTime();
alarm(timer);
while (loop) {
wc_Blake2bUpdate(&b2b, plain, MEGABYTE);
blocks++;
currTime = wolfCLU_getTime();
stop = currTime - start;
/* if stop >= timer, loop = 0 */
loop = (stop >= timer) ? 0 : 1;
}
wc_Blake2bFinal(&b2b, digest, BLAKE_DIGEST_SIZE);
printf("Blake2b ");
wolfCLU_stats(start, MEGABYTE, blocks);
XMEMSET(plain, 0, MEGABYTE);
XMEMSET(digest, 0, BLAKE_DIGEST_SIZE);
wolfCLU_freeBins(digest, plain, NULL, NULL, NULL);
}
#endif
return ret;
}
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
{
int ret = DRBG_FAILURE;
byte data[DRBG_SEED_LEN];
int i;
int len;
word32 checkBlock;
Sha256 sha;
DECLARE_VAR(digest, byte, SHA256_DIGEST_SIZE, drbg->heap);
/* Special case: outSz is 0 and out is NULL. wc_Generate a block to save for
* the continuous test. */
if (outSz == 0) outSz = 1;
len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
XMEMCPY(data, V, sizeof(data));
for (i = 0; i < len; i++) {
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wc_InitSha256_ex(&sha, drbg->heap, drbg->devId);
#else
ret = wc_InitSha256(&sha);
#endif
if (ret == 0)
ret = wc_Sha256Update(&sha, data, sizeof(data));
if (ret == 0)
ret = wc_Sha256Final(&sha, digest);
wc_Sha256Free(&sha);
if (ret == 0) {
XMEMCPY(&checkBlock, digest, sizeof(word32));
if (drbg->reseedCtr > 1 && checkBlock == drbg->lastBlock) {
if (drbg->matchCount == 1) {
return DRBG_CONT_FAILURE;
}
else {
if (i == len) {
len++;
}
drbg->matchCount = 1;
}
}
else {
drbg->matchCount = 0;
drbg->lastBlock = checkBlock;
}
if (out != NULL && outSz != 0) {
if (outSz >= OUTPUT_BLOCK_LEN) {
XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
outSz -= OUTPUT_BLOCK_LEN;
out += OUTPUT_BLOCK_LEN;
array_add_one(data, DRBG_SEED_LEN);
}
else {
XMEMCPY(out, digest, outSz);
outSz = 0;
}
}
}
}
ForceZero(data, sizeof(data));
FREE_VAR(digest, drbg->heap);
return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
}
/* helper for PKCS12_PBKDF(), does hash operation */
int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
byte* Ai, word32 u, int iterations)
{
int i;
int ret = 0;
if (buffer == NULL || Ai == NULL)
return BAD_FUNC_ARG;
switch (hashType) {
#ifndef NO_MD5
case MD5:
{
Md5 md5;
wc_InitMd5(&md5);
wc_Md5Update(&md5, buffer, totalLen);
wc_Md5Final(&md5, Ai);
for (i = 1; i < iterations; i++) {
wc_Md5Update(&md5, Ai, u);
wc_Md5Final(&md5, Ai);
}
}
break;
#endif /* NO_MD5 */
#ifndef NO_SHA
case SHA:
{
Sha sha;
ret = wc_InitSha(&sha);
if (ret != 0)
break;
wc_ShaUpdate(&sha, buffer, totalLen);
wc_ShaFinal(&sha, Ai);
for (i = 1; i < iterations; i++) {
wc_ShaUpdate(&sha, Ai, u);
wc_ShaFinal(&sha, Ai);
}
}
break;
#endif /* NO_SHA */
#ifndef NO_SHA256
case SHA256:
{
Sha256 sha256;
ret = wc_InitSha256(&sha256);
if (ret != 0)
break;
ret = wc_Sha256Update(&sha256, buffer, totalLen);
if (ret != 0)
break;
ret = wc_Sha256Final(&sha256, Ai);
if (ret != 0)
break;
for (i = 1; i < iterations; i++) {
ret = wc_Sha256Update(&sha256, Ai, u);
if (ret != 0)
break;
ret = wc_Sha256Final(&sha256, Ai);
if (ret != 0)
break;
}
}
break;
#endif /* NO_SHA256 */
#ifdef WOLFSSL_SHA512
case SHA512:
{
Sha512 sha512;
ret = wc_InitSha512(&sha512);
if (ret != 0)
break;
ret = wc_Sha512Update(&sha512, buffer, totalLen);
if (ret != 0)
break;
ret = wc_Sha512Final(&sha512, Ai);
if (ret != 0)
break;
for (i = 1; i < iterations; i++) {
ret = wc_Sha512Update(&sha512, Ai, u);
if (ret != 0)
break;
ret = wc_Sha512Final(&sha512, Ai);
if (ret != 0)
break;
}
}
break;
#endif /* WOLFSSL_SHA512 */
default:
ret = BAD_FUNC_ARG;
break;
}
return ret;
}
