commit e4fe4633ffc128c8cdee1802d8294f315633f952
author Fabio Utzig <utzig@apache.org> Mon Feb 03 09:55:28 2020 -0300
committer Fabio Utzig <utzig@utzig.org> Tue Feb 04 06:09:01 2020 -0300
tree 006bb46a8fd9d82d7906d0586fde52c51ea05577
parent 36e9029ff01d1e64a77d2e2a0bb9e2cc75ab97c8

Add sha-512 port of tinycrypt's sha-256

A patch adding sha-512 to upstream tinycrypt was submitted:
https://github.com/intel/tinycrypt/pull/42

While it is not accepted, add the code under a new ext/tinycrypt-sha512
depedency.

Signed-off-by: Fabio Utzig <utzig@apache.org>

ext/tinycrypt-sha512/lib/include/tinycrypt/sha512.h

diff --git a/ext/tinycrypt-sha512/lib/include/tinycrypt/sha512.h b/ext/tinycrypt-sha512/lib/include/tinycrypt/sha512.h
new file mode 100644
index 0000000..f0211b2
--- /dev/null
+++ b/ext/tinycrypt-sha512/lib/include/tinycrypt/sha512.h
@@ -0,0 +1,129 @@
+/* sha512.h - TinyCrypt interface to a SHA-512 implementation */
+
+/*
+ *  Copyright (C) 2020 by Intel Corporation, All Rights Reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions are met:
+ *
+ *    - Redistributions of source code must retain the above copyright notice,
+ *     this list of conditions and the following disclaimer.
+ *
+ *    - Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ *    - Neither the name of Intel Corporation nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ *  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *  POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @file
+ * @brief Interface to a SHA-512 implementation.
+ *
+ *  Overview:   SHA-512 is a NIST approved cryptographic hashing algorithm
+ *              specified in FIPS 180. A hash algorithm maps data of arbitrary
+ *              size to data of fixed length.
+ *
+ *  Security:   SHA-512 provides 256 bits of security against collision attacks
+ *              and 512 bits of security against pre-image attacks. SHA-512 does
+ *              NOT behave like a random oracle, but it can be used as one if
+ *              the string being hashed is prefix-free encoded before hashing.
+ *
+ *  Usage:      1) call tc_sha512_init to initialize a struct
+ *              tc_sha512_state_struct before hashing a new string.
+ *
+ *              2) call tc_sha512_update to hash the next string segment;
+ *              tc_sha512_update can be called as many times as needed to hash
+ *              all of the segments of a string; the order is important.
+ *
+ *              3) call tc_sha512_final to out put the digest from a hashing
+ *              operation.
+ */
+
+#ifndef __TC_SHA512_H__
+#define __TC_SHA512_H__
+
+#include <stddef.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define TC_SHA512_BLOCK_SIZE (128)
+#define TC_SHA512_DIGEST_SIZE (64)
+#define TC_SHA512_STATE_BLOCKS (TC_SHA512_DIGEST_SIZE/8)
+
+struct tc_sha512_state_struct {
+	uint64_t iv[TC_SHA512_STATE_BLOCKS];
+	uint64_t bits_hashed;
+	uint8_t leftover[TC_SHA512_BLOCK_SIZE];
+	size_t leftover_offset;
+};
+
+typedef struct tc_sha512_state_struct *TCSha512State_t;
+
+/**
+ *  @brief SHA512 initialization procedure
+ *  Initializes s
+ *  @return returns TC_CRYPTO_SUCCESS (1)
+ *          returns TC_CRYPTO_FAIL (0) if s == NULL
+ *  @param s Sha512 state struct
+ */
+int tc_sha512_init(TCSha512State_t s);
+
+/**
+ *  @brief SHA512 update procedure
+ *  Hashes data_length bytes addressed by data into state s
+ *  @return returns TC_CRYPTO_SUCCESS (1)
+ *          returns TC_CRYPTO_FAIL (0) if:
+ *                s == NULL,
+ *                s->iv == NULL,
+ *                data == NULL
+ *  @note Assumes s has been initialized by tc_sha512_init
+ *  @warning The state buffer 'leftover' is left in memory after processing
+ *           If your application intends to have sensitive data in this
+ *           buffer, remind to erase it after the data has been processed
+ *  @param s Sha512 state struct
+ *  @param data message to hash
+ *  @param datalen length of message to hash
+ */
+int tc_sha512_update (TCSha512State_t s, const uint8_t *data, size_t datalen);
+
+/**
+ *  @brief SHA512 final procedure
+ *  Inserts the completed hash computation into digest
+ *  @return returns TC_CRYPTO_SUCCESS (1)
+ *          returns TC_CRYPTO_FAIL (0) if:
+ *                s == NULL,
+ *                s->iv == NULL,
+ *                digest == NULL
+ *  @note Assumes: s has been initialized by tc_sha512_init
+ *        digest points to at least TC_SHA512_DIGEST_SIZE bytes
+ *  @warning The state buffer 'leftover' is left in memory after processing
+ *           If your application intends to have sensitive data in this
+ *           buffer, remind to erase it after the data has been processed
+ *  @param digest unsigned eight bit integer
+ *  @param Sha512 state struct
+ */
+int tc_sha512_final(uint8_t *digest, TCSha512State_t s);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __TC_SHA512_H__ */