1 // SPDX-License-Identifier: BSD-2-Clause
10  * 2011-10-26
40 	ctx->total[0] = 0;  in sm3_init()
41 	ctx->total[1] = 0;  in sm3_init()
43 	ctx->state[0] = 0x7380166F;  in sm3_init()
44 	ctx->state[1] = 0x4914B2B9;  in sm3_init()
45 	ctx->state[2] = 0x172442D7;  in sm3_init()
46 	ctx->state[3] = 0xDA8A0600;  in sm3_init()
47 	ctx->state[4] = 0xA96F30BC;  in sm3_init()
48 	ctx->state[5] = 0x163138AA;  in sm3_init()
49 	ctx->state[6] = 0xE38DEE4D;  in sm3_init()
50 	ctx->state[7] = 0xB0FB0E4E;  in sm3_init()
62 	return SHL(val, shift) | (val >> (32 - shift));  in rotl()
70 	uint32_t SS1, SS2, TT1, TT2, W[68], W1[64];  in sm3_process()  local
81 	GET_UINT32_BE(W[0], data,  0);  in sm3_process()
82 	GET_UINT32_BE(W[1], data,  4);  in sm3_process()
83 	GET_UINT32_BE(W[2], data,  8);  in sm3_process()
84 	GET_UINT32_BE(W[3], data, 12);  in sm3_process()
85 	GET_UINT32_BE(W[4], data, 16);  in sm3_process()
86 	GET_UINT32_BE(W[5], data, 20);  in sm3_process()
87 	GET_UINT32_BE(W[6], data, 24);  in sm3_process()
88 	GET_UINT32_BE(W[7], data, 28);  in sm3_process()
89 	GET_UINT32_BE(W[8], data, 32);  in sm3_process()
90 	GET_UINT32_BE(W[9], data, 36);  in sm3_process()
91 	GET_UINT32_BE(W[10], data, 40);  in sm3_process()
92 	GET_UINT32_BE(W[11], data, 44);  in sm3_process()
93 	GET_UINT32_BE(W[12], data, 48);  in sm3_process()
94 	GET_UINT32_BE(W[13], data, 52);  in sm3_process()
95 	GET_UINT32_BE(W[14], data, 56);  in sm3_process()
96 	GET_UINT32_BE(W[15], data, 60);  in sm3_process()
109 		 * W[j] = P1( W[j-16] ^ W[j-9] ^ ROTL(W[j-3],15)) ^  in sm3_process()
110 		 *        ROTL(W[j - 13],7 ) ^ W[j-6];  in sm3_process()
113 		Temp1 = W[j - 16] ^ W[j - 9];  in sm3_process()
114 		Temp2 = ROTL(W[j - 3], 15);  in sm3_process()
117 		Temp5 =  ROTL(W[j - 13], 7) ^ W[j - 6];  in sm3_process()
118 		W[j] = Temp4 ^ Temp5;  in sm3_process()
122 		W1[j] = W[j] ^ W[j + 4];  in sm3_process()
124 	A = ctx->state[0];  in sm3_process()
125 	B = ctx->state[1];  in sm3_process()
126 	C = ctx->state[2];  in sm3_process()
127 	D = ctx->state[3];  in sm3_process()
128 	E = ctx->state[4];  in sm3_process()
129 	F = ctx->state[5];  in sm3_process()
130 	G = ctx->state[6];  in sm3_process()
131 	H = ctx->state[7];  in sm3_process()
137 		TT2 = GG0(E, F, G) + H + SS1 + W[j];  in sm3_process()
152 		TT2 = GG1(E, F, G) + H + SS1 + W[j];  in sm3_process()
163 	ctx->state[0] ^= A;  in sm3_process()
164 	ctx->state[1] ^= B;  in sm3_process()
165 	ctx->state[2] ^= C;  in sm3_process()
166 	ctx->state[3] ^= D;  in sm3_process()
167 	ctx->state[4] ^= E;  in sm3_process()
168 	ctx->state[5] ^= F;  in sm3_process()
169 	ctx->state[6] ^= G;  in sm3_process()
170 	ctx->state[7] ^= H;  in sm3_process()
178 		crypto_accel_sm3_compress(ctx->state, input, block_count);  in sm3_process_blocks()
196 	left = ctx->total[0] & 0x3F;  in sm3_update()
197 	fill = 64 - left;  in sm3_update()
199 	ctx->total[0] += ilen;  in sm3_update()
201 	if (ctx->total[0] < ilen)  in sm3_update()
202 		ctx->total[1]++;  in sm3_update()
205 		memcpy(ctx->buffer + left, input, fill);  in sm3_update()
206 		sm3_process_blocks(ctx, ctx->buffer, 1);  in sm3_update()
208 		ilen -= fill;  in sm3_update()
214 	ilen -= block_count * SM3_BLOCK_SIZE;  in sm3_update()
218 		memcpy(ctx->buffer + left, input, ilen);  in sm3_update()
234 	high = (ctx->total[0] >> 29) | (ctx->total[1] <<  3);  in sm3_final()
235 	low  = ctx->total[0] << 3;  in sm3_final()
240 	last = ctx->total[0] & 0x3F;  in sm3_final()
241 	padn = (last < 56) ? (56 - last) : (120 - last);  in sm3_final()
246 	PUT_UINT32_BE(ctx->state[0], output,  0);  in sm3_final()
247 	PUT_UINT32_BE(ctx->state[1], output,  4);  in sm3_final()
248 	PUT_UINT32_BE(ctx->state[2], output,  8);  in sm3_final()
249 	PUT_UINT32_BE(ctx->state[3], output, 12);  in sm3_final()
250 	PUT_UINT32_BE(ctx->state[4], output, 16);  in sm3_final()
251 	PUT_UINT32_BE(ctx->state[5], output, 20);  in sm3_final()
252 	PUT_UINT32_BE(ctx->state[6], output, 24);  in sm3_final()
253 	PUT_UINT32_BE(ctx->state[7], output, 28);  in sm3_final()
278 	memset(ctx->ipad, 0x36, 64);  in sm3_hmac_init()
279 	memset(ctx->opad, 0x5C, 64);  in sm3_hmac_init()
282 		ctx->ipad[i] ^= key[i];  in sm3_hmac_init()
283 		ctx->opad[i] ^= key[i];  in sm3_hmac_init()
287 	sm3_update(ctx, ctx->ipad, 64);  in sm3_hmac_init()
303 	sm3_update(ctx, ctx->opad, 64);  in sm3_hmac_final()