Lines Matching +full:- +full:w
2 * FIPS-180-2 compliant SHA-384/512 implementation
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8 * The SHA-512 Secure Hash Standard was published by NIST in 2002.
10 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
15 /* TODO: Re-consider above after https://reviews.llvm.org/D131064 merged.
18 * these are normally only enabled by the -march option on the command line.
20 * requiring -march on the command line.
50 /* *INDENT-OFF* */
55 * Best performance comes from most recent compilers, with intrinsics and -O3.
56 * Must compile with -march=armv8.2-a+sha3, but we can't detect armv8.2-a, and
57 * can't always detect __ARM_FEATURE_SHA512 (notably clang 7-12).
63 * Clang 7-12 don't have intrinsics (but we work around that with inline
74 # error "Must use minimum -march=armv8.2-a+sha3 for MBEDTLS_SHA512_USE_A64_CRYPTO_*"
91 # pragma GCC target ("arch=armv8.2-a+sha3")
98 /* *INDENT-ON* */
150 * SHA-512 support. So we fall back to the C code only.
242 * SHA-512 context setup
260 ctx->total[0] = 0; in mbedtls_sha512_starts()
261 ctx->total[1] = 0; in mbedtls_sha512_starts()
265 ctx->state[0] = UL64(0x6A09E667F3BCC908); in mbedtls_sha512_starts()
266 ctx->state[1] = UL64(0xBB67AE8584CAA73B); in mbedtls_sha512_starts()
267 ctx->state[2] = UL64(0x3C6EF372FE94F82B); in mbedtls_sha512_starts()
268 ctx->state[3] = UL64(0xA54FF53A5F1D36F1); in mbedtls_sha512_starts()
269 ctx->state[4] = UL64(0x510E527FADE682D1); in mbedtls_sha512_starts()
270 ctx->state[5] = UL64(0x9B05688C2B3E6C1F); in mbedtls_sha512_starts()
271 ctx->state[6] = UL64(0x1F83D9ABFB41BD6B); in mbedtls_sha512_starts()
272 ctx->state[7] = UL64(0x5BE0CD19137E2179); in mbedtls_sha512_starts()
276 ctx->state[0] = UL64(0xCBBB9D5DC1059ED8); in mbedtls_sha512_starts()
277 ctx->state[1] = UL64(0x629A292A367CD507); in mbedtls_sha512_starts()
278 ctx->state[2] = UL64(0x9159015A3070DD17); in mbedtls_sha512_starts()
279 ctx->state[3] = UL64(0x152FECD8F70E5939); in mbedtls_sha512_starts()
280 ctx->state[4] = UL64(0x67332667FFC00B31); in mbedtls_sha512_starts()
281 ctx->state[5] = UL64(0x8EB44A8768581511); in mbedtls_sha512_starts()
282 ctx->state[6] = UL64(0xDB0C2E0D64F98FA7); in mbedtls_sha512_starts()
283 ctx->state[7] = UL64(0x47B5481DBEFA4FA4); in mbedtls_sha512_starts()
288 ctx->is384 = is384; in mbedtls_sha512_starts()
352 /* Accelerated SHA-512 implementation originally written by Simon Tatham for PuTTY,
353 * under the MIT licence; dual-licensed as Apache 2 with his kind permission.
361 asm ("sha512su0 %0.2D,%1.2D" : "+w" (x) : "w" (y)); in vsha512su0q_u64()
366 asm ("sha512su1 %0.2D,%1.2D,%2.2D" : "+w" (x) : "w" (y), "w" (z)); in vsha512su1q_u64()
371 asm ("sha512h %0,%1,%2.2D" : "+w" (x) : "w" (y), "w" (z)); in vsha512hq_u64()
376 asm ("sha512h2 %0,%1,%2.2D" : "+w" (x) : "w" (y), "w" (z)); in vsha512h2q_u64()
384 uint64x2_t ab = vld1q_u64(&ctx->state[0]); in mbedtls_internal_sha512_process_many_a64_crypto()
385 uint64x2_t cd = vld1q_u64(&ctx->state[2]); in mbedtls_internal_sha512_process_many_a64_crypto()
386 uint64x2_t ef = vld1q_u64(&ctx->state[4]); in mbedtls_internal_sha512_process_many_a64_crypto()
387 uint64x2_t gh = vld1q_u64(&ctx->state[6]); in mbedtls_internal_sha512_process_many_a64_crypto()
395 len -= SHA512_BLOCK_SIZE) { in mbedtls_internal_sha512_process_many_a64_crypto()
551 vst1q_u64(&ctx->state[0], ab); in mbedtls_internal_sha512_process_many_a64_crypto()
552 vst1q_u64(&ctx->state[2], cd); in mbedtls_internal_sha512_process_many_a64_crypto()
553 vst1q_u64(&ctx->state[4], ef); in mbedtls_internal_sha512_process_many_a64_crypto()
554 vst1q_u64(&ctx->state[6], gh); in mbedtls_internal_sha512_process_many_a64_crypto()
571 SHA512_BLOCK_SIZE) ? 0 : -1; in mbedtls_internal_sha512_process_a64_crypto()
606 uint64_t temp1, temp2, W[80]; in mbedtls_internal_sha512_process_c() member
611 #define ROTR(x, n) (SHR((x), (n)) | ((x) << (64 - (n)))) in mbedtls_internal_sha512_process_c()
631 local.A[i] = ctx->state[i]; in mbedtls_internal_sha512_process_c()
637 local.W[i] = MBEDTLS_GET_UINT64_BE(data, i << 3); in mbedtls_internal_sha512_process_c()
639 local.W[i] = S1(local.W[i - 2]) + local.W[i - 7] + in mbedtls_internal_sha512_process_c()
640 S0(local.W[i - 15]) + local.W[i - 16]; in mbedtls_internal_sha512_process_c()
644 local.A[5], local.A[6], local.A[7], local.W[i], K[i]); in mbedtls_internal_sha512_process_c()
654 local.W[i] = MBEDTLS_GET_UINT64_BE(data, i << 3); in mbedtls_internal_sha512_process_c()
658 local.W[i] = S1(local.W[i - 2]) + local.W[i - 7] + in mbedtls_internal_sha512_process_c()
659 S0(local.W[i - 15]) + local.W[i - 16]; in mbedtls_internal_sha512_process_c()
665 local.A[5], local.A[6], local.A[7], local.W[i], K[i]); i++; in mbedtls_internal_sha512_process_c()
667 local.A[4], local.A[5], local.A[6], local.W[i], K[i]); i++; in mbedtls_internal_sha512_process_c()
669 local.A[3], local.A[4], local.A[5], local.W[i], K[i]); i++; in mbedtls_internal_sha512_process_c()
671 local.A[2], local.A[3], local.A[4], local.W[i], K[i]); i++; in mbedtls_internal_sha512_process_c()
673 local.A[1], local.A[2], local.A[3], local.W[i], K[i]); i++; in mbedtls_internal_sha512_process_c()
675 local.A[0], local.A[1], local.A[2], local.W[i], K[i]); i++; in mbedtls_internal_sha512_process_c()
677 local.A[7], local.A[0], local.A[1], local.W[i], K[i]); i++; in mbedtls_internal_sha512_process_c()
679 local.A[6], local.A[7], local.A[0], local.W[i], K[i]); i++; in mbedtls_internal_sha512_process_c()
684 ctx->state[i] += local.A[i]; in mbedtls_internal_sha512_process_c()
709 len -= SHA512_BLOCK_SIZE; in mbedtls_internal_sha512_process_many_c()
758 * SHA-512 process buffer
772 left = (unsigned int) (ctx->total[0] & 0x7F); in mbedtls_sha512_update()
773 fill = SHA512_BLOCK_SIZE - left; in mbedtls_sha512_update()
775 ctx->total[0] += (uint64_t) ilen; in mbedtls_sha512_update()
777 if (ctx->total[0] < (uint64_t) ilen) { in mbedtls_sha512_update()
778 ctx->total[1]++; in mbedtls_sha512_update()
782 memcpy((void *) (ctx->buffer + left), input, fill); in mbedtls_sha512_update()
784 if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) { in mbedtls_sha512_update()
789 ilen -= fill; in mbedtls_sha512_update()
801 ilen -= processed; in mbedtls_sha512_update()
805 memcpy((void *) (ctx->buffer + left), input, ilen); in mbedtls_sha512_update()
812 * SHA-512 final digest
825 used = ctx->total[0] & 0x7F; in mbedtls_sha512_finish()
827 ctx->buffer[used++] = 0x80; in mbedtls_sha512_finish()
831 memset(ctx->buffer + used, 0, 112 - used); in mbedtls_sha512_finish()
834 memset(ctx->buffer + used, 0, SHA512_BLOCK_SIZE - used); in mbedtls_sha512_finish()
836 if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) { in mbedtls_sha512_finish()
840 memset(ctx->buffer, 0, 112); in mbedtls_sha512_finish()
846 high = (ctx->total[0] >> 61) in mbedtls_sha512_finish()
847 | (ctx->total[1] << 3); in mbedtls_sha512_finish()
848 low = (ctx->total[0] << 3); in mbedtls_sha512_finish()
850 sha512_put_uint64_be(high, ctx->buffer, 112); in mbedtls_sha512_finish()
851 sha512_put_uint64_be(low, ctx->buffer, 120); in mbedtls_sha512_finish()
853 if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) { in mbedtls_sha512_finish()
860 sha512_put_uint64_be(ctx->state[0], output, 0); in mbedtls_sha512_finish()
861 sha512_put_uint64_be(ctx->state[1], output, 8); in mbedtls_sha512_finish()
862 sha512_put_uint64_be(ctx->state[2], output, 16); in mbedtls_sha512_finish()
863 sha512_put_uint64_be(ctx->state[3], output, 24); in mbedtls_sha512_finish()
864 sha512_put_uint64_be(ctx->state[4], output, 32); in mbedtls_sha512_finish()
865 sha512_put_uint64_be(ctx->state[5], output, 40); in mbedtls_sha512_finish()
868 truncated = ctx->is384; in mbedtls_sha512_finish()
871 sha512_put_uint64_be(ctx->state[6], output, 48); in mbedtls_sha512_finish()
872 sha512_put_uint64_be(ctx->state[7], output, 56); in mbedtls_sha512_finish()
885 * output = SHA-512( input buffer )
932 * FIPS-180-2 test vectors
951 * SHA-384 test vectors
978 * SHA-512 test vectors
1038 mbedtls_printf(" SHA-%d test #%d: ", 512 - is384 * 128, i + 1); in mbedtls_sha512_common_self_test()
1066 if (memcmp(sha512sum, sha_test_sum[i], 64 - is384 * 16) != 0) { in mbedtls_sha512_common_self_test()