int wc_Sha256Final(wc_Sha256* sha256, byte* hash)
{
CRYSError_t ret = 0;
CRYS_HASH_Result_t hashResult;
if (sha256 == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
ret = CRYS_HASH_Finish(&sha256->ctx, hashResult);
if (ret != SA_SILIB_RET_OK){
WOLFSSL_MSG("Error CRYS_HASH_Finish failed");
return ret;
}
XMEMCPY(sha256->digest, hashResult, WC_SHA256_DIGEST_SIZE);
XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
/* reset state */
return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID);
}
int wc_InitSha256(Sha256* sha256)
{
return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID);
}
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
{
int ret = DRBG_FAILURE;
byte data[DRBG_SEED_LEN];
int i;
int len;
word32 checkBlock;
Sha256 sha;
DECLARE_VAR(digest, byte, SHA256_DIGEST_SIZE, drbg->heap);
/* Special case: outSz is 0 and out is NULL. wc_Generate a block to save for
* the continuous test. */
if (outSz == 0) outSz = 1;
len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
XMEMCPY(data, V, sizeof(data));
for (i = 0; i < len; i++) {
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wc_InitSha256_ex(&sha, drbg->heap, drbg->devId);
#else
ret = wc_InitSha256(&sha);
#endif
if (ret == 0)
ret = wc_Sha256Update(&sha, data, sizeof(data));
if (ret == 0)
ret = wc_Sha256Final(&sha, digest);
wc_Sha256Free(&sha);
if (ret == 0) {
XMEMCPY(&checkBlock, digest, sizeof(word32));
if (drbg->reseedCtr > 1 && checkBlock == drbg->lastBlock) {
if (drbg->matchCount == 1) {
return DRBG_CONT_FAILURE;
}
else {
if (i == len) {
len++;
}
drbg->matchCount = 1;
}
}
else {
drbg->matchCount = 0;
drbg->lastBlock = checkBlock;
}
if (out != NULL && outSz != 0) {
if (outSz >= OUTPUT_BLOCK_LEN) {
XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
outSz -= OUTPUT_BLOCK_LEN;
out += OUTPUT_BLOCK_LEN;
array_add_one(data, DRBG_SEED_LEN);
}
else {
XMEMCPY(out, digest, outSz);
outSz = 0;
}
}
}
}
ForceZero(data, sizeof(data));
FREE_VAR(digest, drbg->heap);
return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
}
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type,
const byte* inA, word32 inASz,
const byte* inB, word32 inBSz)
{
int ret = DRBG_FAILURE;
byte ctr;
int i;
int len;
word32 bits = (outSz * 8); /* reverse byte order */
Sha256 sha;
DECLARE_VAR(digest, byte, SHA256_DIGEST_SIZE, drbg->heap);
(void)drbg;
#ifdef WOLFSSL_ASYNC_CRYPT
if (digest == NULL)
return DRBG_FAILURE;
#endif
#ifdef LITTLE_ENDIAN_ORDER
bits = ByteReverseWord32(bits);
#endif
len = (outSz / OUTPUT_BLOCK_LEN)
+ ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
for (i = 0, ctr = 1; i < len; i++, ctr++) {
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wc_InitSha256_ex(&sha, drbg->heap, drbg->devId);
#else
ret = wc_InitSha256(&sha);
#endif
if (ret != 0)
break;
if (ret == 0)
ret = wc_Sha256Update(&sha, &ctr, sizeof(ctr));
if (ret == 0)
ret = wc_Sha256Update(&sha, (byte*)&bits, sizeof(bits));
if (ret == 0) {
/* churning V is the only string that doesn't have the type added */
if (type != drbgInitV)
ret = wc_Sha256Update(&sha, &type, sizeof(type));
}
if (ret == 0)
ret = wc_Sha256Update(&sha, inA, inASz);
if (ret == 0) {
if (inB != NULL && inBSz > 0)
ret = wc_Sha256Update(&sha, inB, inBSz);
}
if (ret == 0)
ret = wc_Sha256Final(&sha, digest);
wc_Sha256Free(&sha);
if (ret == 0) {
if (outSz > OUTPUT_BLOCK_LEN) {
XMEMCPY(out, digest, OUTPUT_BLOCK_LEN);
outSz -= OUTPUT_BLOCK_LEN;
out += OUTPUT_BLOCK_LEN;
}
else {
XMEMCPY(out, digest, outSz);
}
}
}
ForceZero(digest, SHA256_DIGEST_SIZE);
FREE_VAR(digest, drbg->heap);
return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
}
