xref: /OK3568_Linux_fs/u-boot/lib/avb/libavb/avb_sha256.c (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun /* SHA-256 and SHA-512 implementation based on code by Oliver Gay
2*4882a593Smuzhiyun  * <olivier.gay@a3.epfl.ch> under a BSD-style license. See below.
3*4882a593Smuzhiyun  */
4*4882a593Smuzhiyun 
5*4882a593Smuzhiyun /*
6*4882a593Smuzhiyun  * FIPS 180-2 SHA-224/256/384/512 implementation
7*4882a593Smuzhiyun  * Last update: 02/02/2007
8*4882a593Smuzhiyun  * Issue date:  04/30/2005
9*4882a593Smuzhiyun  *
10*4882a593Smuzhiyun  * Copyright (C) 2005, 2007 Olivier Gay <olivier.gay@a3.epfl.ch>
11*4882a593Smuzhiyun  * All rights reserved.
12*4882a593Smuzhiyun  *
13*4882a593Smuzhiyun  * Redistribution and use in source and binary forms, with or without
14*4882a593Smuzhiyun  * modification, are permitted provided that the following conditions
15*4882a593Smuzhiyun  * are met:
16*4882a593Smuzhiyun  * 1. Redistributions of source code must retain the above copyright
17*4882a593Smuzhiyun  *    notice, this list of conditions and the following disclaimer.
18*4882a593Smuzhiyun  * 2. Redistributions in binary form must reproduce the above copyright
19*4882a593Smuzhiyun  *    notice, this list of conditions and the following disclaimer in the
20*4882a593Smuzhiyun  *    documentation and/or other materials provided with the distribution.
21*4882a593Smuzhiyun  * 3. Neither the name of the project nor the names of its contributors
22*4882a593Smuzhiyun  *    may be used to endorse or promote products derived from this software
23*4882a593Smuzhiyun  *    without specific prior written permission.
24*4882a593Smuzhiyun  *
25*4882a593Smuzhiyun  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
26*4882a593Smuzhiyun  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27*4882a593Smuzhiyun  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28*4882a593Smuzhiyun  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
29*4882a593Smuzhiyun  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30*4882a593Smuzhiyun  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31*4882a593Smuzhiyun  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32*4882a593Smuzhiyun  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33*4882a593Smuzhiyun  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34*4882a593Smuzhiyun  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35*4882a593Smuzhiyun  * SUCH DAMAGE.
36*4882a593Smuzhiyun  */
37*4882a593Smuzhiyun 
38*4882a593Smuzhiyun #include <android_avb/avb_sha.h>
39*4882a593Smuzhiyun #include <android_avb/avb_util.h>
40*4882a593Smuzhiyun 
41*4882a593Smuzhiyun #ifdef CONFIG_DM_CRYPTO
avb_sha256_init(AvbSHA256Ctx * ctx)42*4882a593Smuzhiyun void avb_sha256_init(AvbSHA256Ctx* ctx) {
43*4882a593Smuzhiyun   ctx->crypto_ctx.algo = CRYPTO_SHA256;
44*4882a593Smuzhiyun   ctx->crypto_ctx.length = ctx->tot_len;
45*4882a593Smuzhiyun   memset(ctx->buf, 0, sizeof(ctx->buf));
46*4882a593Smuzhiyun 
47*4882a593Smuzhiyun   ctx->crypto_dev = crypto_get_device(ctx->crypto_ctx.algo);
48*4882a593Smuzhiyun   if (!ctx->crypto_dev)
49*4882a593Smuzhiyun     avb_error("Can't get sha256 crypto device\n");
50*4882a593Smuzhiyun   else
51*4882a593Smuzhiyun     crypto_sha_init(ctx->crypto_dev, &ctx->crypto_ctx);
52*4882a593Smuzhiyun }
53*4882a593Smuzhiyun 
avb_sha256_update(AvbSHA256Ctx * ctx,const uint8_t * data,size_t len)54*4882a593Smuzhiyun void avb_sha256_update(AvbSHA256Ctx* ctx, const uint8_t* data, size_t len) {
55*4882a593Smuzhiyun   if (ctx->crypto_dev)
56*4882a593Smuzhiyun     crypto_sha_update(ctx->crypto_dev, (u32 *)data, len);
57*4882a593Smuzhiyun }
58*4882a593Smuzhiyun 
avb_sha256_final(AvbSHA256Ctx * ctx)59*4882a593Smuzhiyun uint8_t* avb_sha256_final(AvbSHA256Ctx* ctx) {
60*4882a593Smuzhiyun   if (ctx->crypto_dev)
61*4882a593Smuzhiyun     crypto_sha_final(ctx->crypto_dev, &ctx->crypto_ctx, ctx->buf);
62*4882a593Smuzhiyun 
63*4882a593Smuzhiyun   return ctx->buf;
64*4882a593Smuzhiyun }
65*4882a593Smuzhiyun #else
66*4882a593Smuzhiyun #define SHFR(x, n) (x >> n)
67*4882a593Smuzhiyun #define ROTR(x, n) ((x >> n) | (x << ((sizeof(x) << 3) - n)))
68*4882a593Smuzhiyun #define ROTL(x, n) ((x << n) | (x >> ((sizeof(x) << 3) - n)))
69*4882a593Smuzhiyun #define CH(x, y, z) ((x & y) ^ (~x & z))
70*4882a593Smuzhiyun #define MAJ(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
71*4882a593Smuzhiyun 
72*4882a593Smuzhiyun #define SHA256_F1(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
73*4882a593Smuzhiyun #define SHA256_F2(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
74*4882a593Smuzhiyun #define SHA256_F3(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHFR(x, 3))
75*4882a593Smuzhiyun #define SHA256_F4(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHFR(x, 10))
76*4882a593Smuzhiyun 
77*4882a593Smuzhiyun #define UNPACK32(x, str)                 \
78*4882a593Smuzhiyun   {                                      \
79*4882a593Smuzhiyun     *((str) + 3) = (uint8_t)((x));       \
80*4882a593Smuzhiyun     *((str) + 2) = (uint8_t)((x) >> 8);  \
81*4882a593Smuzhiyun     *((str) + 1) = (uint8_t)((x) >> 16); \
82*4882a593Smuzhiyun     *((str) + 0) = (uint8_t)((x) >> 24); \
83*4882a593Smuzhiyun   }
84*4882a593Smuzhiyun 
85*4882a593Smuzhiyun #define UNPACK64(x, str)                         \
86*4882a593Smuzhiyun   {                                              \
87*4882a593Smuzhiyun     *((str) + 7) = (uint8_t)x;                   \
88*4882a593Smuzhiyun     *((str) + 6) = (uint8_t)((uint64_t)x >> 8);  \
89*4882a593Smuzhiyun     *((str) + 5) = (uint8_t)((uint64_t)x >> 16); \
90*4882a593Smuzhiyun     *((str) + 4) = (uint8_t)((uint64_t)x >> 24); \
91*4882a593Smuzhiyun     *((str) + 3) = (uint8_t)((uint64_t)x >> 32); \
92*4882a593Smuzhiyun     *((str) + 2) = (uint8_t)((uint64_t)x >> 40); \
93*4882a593Smuzhiyun     *((str) + 1) = (uint8_t)((uint64_t)x >> 48); \
94*4882a593Smuzhiyun     *((str) + 0) = (uint8_t)((uint64_t)x >> 56); \
95*4882a593Smuzhiyun   }
96*4882a593Smuzhiyun 
97*4882a593Smuzhiyun #define PACK32(str, x)                                                    \
98*4882a593Smuzhiyun   {                                                                       \
99*4882a593Smuzhiyun     *(x) = ((uint32_t) * ((str) + 3)) | ((uint32_t) * ((str) + 2) << 8) | \
100*4882a593Smuzhiyun            ((uint32_t) * ((str) + 1) << 16) |                             \
101*4882a593Smuzhiyun            ((uint32_t) * ((str) + 0) << 24);                              \
102*4882a593Smuzhiyun   }
103*4882a593Smuzhiyun 
104*4882a593Smuzhiyun /* Macros used for loops unrolling */
105*4882a593Smuzhiyun 
106*4882a593Smuzhiyun #define SHA256_SCR(i) \
107*4882a593Smuzhiyun   { w[i] = SHA256_F4(w[i - 2]) + w[i - 7] + SHA256_F3(w[i - 15]) + w[i - 16]; }
108*4882a593Smuzhiyun 
109*4882a593Smuzhiyun #define SHA256_EXP(a, b, c, d, e, f, g, h, j)                               \
110*4882a593Smuzhiyun   {                                                                         \
111*4882a593Smuzhiyun     t1 = wv[h] + SHA256_F2(wv[e]) + CH(wv[e], wv[f], wv[g]) + sha256_k[j] + \
112*4882a593Smuzhiyun          w[j];                                                              \
113*4882a593Smuzhiyun     t2 = SHA256_F1(wv[a]) + MAJ(wv[a], wv[b], wv[c]);                       \
114*4882a593Smuzhiyun     wv[d] += t1;                                                            \
115*4882a593Smuzhiyun     wv[h] = t1 + t2;                                                        \
116*4882a593Smuzhiyun   }
117*4882a593Smuzhiyun 
118*4882a593Smuzhiyun static const uint32_t sha256_h0[8] = {0x6a09e667,
119*4882a593Smuzhiyun                                       0xbb67ae85,
120*4882a593Smuzhiyun                                       0x3c6ef372,
121*4882a593Smuzhiyun                                       0xa54ff53a,
122*4882a593Smuzhiyun                                       0x510e527f,
123*4882a593Smuzhiyun                                       0x9b05688c,
124*4882a593Smuzhiyun                                       0x1f83d9ab,
125*4882a593Smuzhiyun                                       0x5be0cd19};
126*4882a593Smuzhiyun 
127*4882a593Smuzhiyun static const uint32_t sha256_k[64] = {
128*4882a593Smuzhiyun     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1,
129*4882a593Smuzhiyun     0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
130*4882a593Smuzhiyun     0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786,
131*4882a593Smuzhiyun     0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
132*4882a593Smuzhiyun     0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147,
133*4882a593Smuzhiyun     0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
134*4882a593Smuzhiyun     0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b,
135*4882a593Smuzhiyun     0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
136*4882a593Smuzhiyun     0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a,
137*4882a593Smuzhiyun     0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
138*4882a593Smuzhiyun     0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2};
139*4882a593Smuzhiyun 
140*4882a593Smuzhiyun /* SHA-256 implementation */
avb_sha256_init(AvbSHA256Ctx * ctx)141*4882a593Smuzhiyun void avb_sha256_init(AvbSHA256Ctx* ctx) {
142*4882a593Smuzhiyun #ifndef UNROLL_LOOPS
143*4882a593Smuzhiyun   int i;
144*4882a593Smuzhiyun   for (i = 0; i < 8; i++) {
145*4882a593Smuzhiyun     ctx->h[i] = sha256_h0[i];
146*4882a593Smuzhiyun   }
147*4882a593Smuzhiyun #else
148*4882a593Smuzhiyun   ctx->h[0] = sha256_h0[0];
149*4882a593Smuzhiyun   ctx->h[1] = sha256_h0[1];
150*4882a593Smuzhiyun   ctx->h[2] = sha256_h0[2];
151*4882a593Smuzhiyun   ctx->h[3] = sha256_h0[3];
152*4882a593Smuzhiyun   ctx->h[4] = sha256_h0[4];
153*4882a593Smuzhiyun   ctx->h[5] = sha256_h0[5];
154*4882a593Smuzhiyun   ctx->h[6] = sha256_h0[6];
155*4882a593Smuzhiyun   ctx->h[7] = sha256_h0[7];
156*4882a593Smuzhiyun #endif /* !UNROLL_LOOPS */
157*4882a593Smuzhiyun 
158*4882a593Smuzhiyun   ctx->len = 0;
159*4882a593Smuzhiyun   ctx->tot_len = 0;
160*4882a593Smuzhiyun }
161*4882a593Smuzhiyun 
SHA256_transform(AvbSHA256Ctx * ctx,const uint8_t * message,size_t block_nb)162*4882a593Smuzhiyun static void SHA256_transform(AvbSHA256Ctx* ctx,
163*4882a593Smuzhiyun                              const uint8_t* message,
164*4882a593Smuzhiyun                              size_t block_nb) {
165*4882a593Smuzhiyun   uint32_t w[64];
166*4882a593Smuzhiyun   uint32_t wv[8];
167*4882a593Smuzhiyun   uint32_t t1, t2;
168*4882a593Smuzhiyun   const unsigned char* sub_block;
169*4882a593Smuzhiyun   size_t i;
170*4882a593Smuzhiyun 
171*4882a593Smuzhiyun #ifndef UNROLL_LOOPS
172*4882a593Smuzhiyun   size_t j;
173*4882a593Smuzhiyun #endif
174*4882a593Smuzhiyun 
175*4882a593Smuzhiyun   for (i = 0; i < block_nb; i++) {
176*4882a593Smuzhiyun     sub_block = message + (i << 6);
177*4882a593Smuzhiyun 
178*4882a593Smuzhiyun #ifndef UNROLL_LOOPS
179*4882a593Smuzhiyun     for (j = 0; j < 16; j++) {
180*4882a593Smuzhiyun       PACK32(&sub_block[j << 2], &w[j]);
181*4882a593Smuzhiyun     }
182*4882a593Smuzhiyun 
183*4882a593Smuzhiyun     for (j = 16; j < 64; j++) {
184*4882a593Smuzhiyun       SHA256_SCR(j);
185*4882a593Smuzhiyun     }
186*4882a593Smuzhiyun 
187*4882a593Smuzhiyun     for (j = 0; j < 8; j++) {
188*4882a593Smuzhiyun       wv[j] = ctx->h[j];
189*4882a593Smuzhiyun     }
190*4882a593Smuzhiyun 
191*4882a593Smuzhiyun     for (j = 0; j < 64; j++) {
192*4882a593Smuzhiyun       t1 = wv[7] + SHA256_F2(wv[4]) + CH(wv[4], wv[5], wv[6]) + sha256_k[j] +
193*4882a593Smuzhiyun            w[j];
194*4882a593Smuzhiyun       t2 = SHA256_F1(wv[0]) + MAJ(wv[0], wv[1], wv[2]);
195*4882a593Smuzhiyun       wv[7] = wv[6];
196*4882a593Smuzhiyun       wv[6] = wv[5];
197*4882a593Smuzhiyun       wv[5] = wv[4];
198*4882a593Smuzhiyun       wv[4] = wv[3] + t1;
199*4882a593Smuzhiyun       wv[3] = wv[2];
200*4882a593Smuzhiyun       wv[2] = wv[1];
201*4882a593Smuzhiyun       wv[1] = wv[0];
202*4882a593Smuzhiyun       wv[0] = t1 + t2;
203*4882a593Smuzhiyun     }
204*4882a593Smuzhiyun 
205*4882a593Smuzhiyun     for (j = 0; j < 8; j++) {
206*4882a593Smuzhiyun       ctx->h[j] += wv[j];
207*4882a593Smuzhiyun     }
208*4882a593Smuzhiyun #else
209*4882a593Smuzhiyun     PACK32(&sub_block[0], &w[0]);
210*4882a593Smuzhiyun     PACK32(&sub_block[4], &w[1]);
211*4882a593Smuzhiyun     PACK32(&sub_block[8], &w[2]);
212*4882a593Smuzhiyun     PACK32(&sub_block[12], &w[3]);
213*4882a593Smuzhiyun     PACK32(&sub_block[16], &w[4]);
214*4882a593Smuzhiyun     PACK32(&sub_block[20], &w[5]);
215*4882a593Smuzhiyun     PACK32(&sub_block[24], &w[6]);
216*4882a593Smuzhiyun     PACK32(&sub_block[28], &w[7]);
217*4882a593Smuzhiyun     PACK32(&sub_block[32], &w[8]);
218*4882a593Smuzhiyun     PACK32(&sub_block[36], &w[9]);
219*4882a593Smuzhiyun     PACK32(&sub_block[40], &w[10]);
220*4882a593Smuzhiyun     PACK32(&sub_block[44], &w[11]);
221*4882a593Smuzhiyun     PACK32(&sub_block[48], &w[12]);
222*4882a593Smuzhiyun     PACK32(&sub_block[52], &w[13]);
223*4882a593Smuzhiyun     PACK32(&sub_block[56], &w[14]);
224*4882a593Smuzhiyun     PACK32(&sub_block[60], &w[15]);
225*4882a593Smuzhiyun 
226*4882a593Smuzhiyun     SHA256_SCR(16);
227*4882a593Smuzhiyun     SHA256_SCR(17);
228*4882a593Smuzhiyun     SHA256_SCR(18);
229*4882a593Smuzhiyun     SHA256_SCR(19);
230*4882a593Smuzhiyun     SHA256_SCR(20);
231*4882a593Smuzhiyun     SHA256_SCR(21);
232*4882a593Smuzhiyun     SHA256_SCR(22);
233*4882a593Smuzhiyun     SHA256_SCR(23);
234*4882a593Smuzhiyun     SHA256_SCR(24);
235*4882a593Smuzhiyun     SHA256_SCR(25);
236*4882a593Smuzhiyun     SHA256_SCR(26);
237*4882a593Smuzhiyun     SHA256_SCR(27);
238*4882a593Smuzhiyun     SHA256_SCR(28);
239*4882a593Smuzhiyun     SHA256_SCR(29);
240*4882a593Smuzhiyun     SHA256_SCR(30);
241*4882a593Smuzhiyun     SHA256_SCR(31);
242*4882a593Smuzhiyun     SHA256_SCR(32);
243*4882a593Smuzhiyun     SHA256_SCR(33);
244*4882a593Smuzhiyun     SHA256_SCR(34);
245*4882a593Smuzhiyun     SHA256_SCR(35);
246*4882a593Smuzhiyun     SHA256_SCR(36);
247*4882a593Smuzhiyun     SHA256_SCR(37);
248*4882a593Smuzhiyun     SHA256_SCR(38);
249*4882a593Smuzhiyun     SHA256_SCR(39);
250*4882a593Smuzhiyun     SHA256_SCR(40);
251*4882a593Smuzhiyun     SHA256_SCR(41);
252*4882a593Smuzhiyun     SHA256_SCR(42);
253*4882a593Smuzhiyun     SHA256_SCR(43);
254*4882a593Smuzhiyun     SHA256_SCR(44);
255*4882a593Smuzhiyun     SHA256_SCR(45);
256*4882a593Smuzhiyun     SHA256_SCR(46);
257*4882a593Smuzhiyun     SHA256_SCR(47);
258*4882a593Smuzhiyun     SHA256_SCR(48);
259*4882a593Smuzhiyun     SHA256_SCR(49);
260*4882a593Smuzhiyun     SHA256_SCR(50);
261*4882a593Smuzhiyun     SHA256_SCR(51);
262*4882a593Smuzhiyun     SHA256_SCR(52);
263*4882a593Smuzhiyun     SHA256_SCR(53);
264*4882a593Smuzhiyun     SHA256_SCR(54);
265*4882a593Smuzhiyun     SHA256_SCR(55);
266*4882a593Smuzhiyun     SHA256_SCR(56);
267*4882a593Smuzhiyun     SHA256_SCR(57);
268*4882a593Smuzhiyun     SHA256_SCR(58);
269*4882a593Smuzhiyun     SHA256_SCR(59);
270*4882a593Smuzhiyun     SHA256_SCR(60);
271*4882a593Smuzhiyun     SHA256_SCR(61);
272*4882a593Smuzhiyun     SHA256_SCR(62);
273*4882a593Smuzhiyun     SHA256_SCR(63);
274*4882a593Smuzhiyun 
275*4882a593Smuzhiyun     wv[0] = ctx->h[0];
276*4882a593Smuzhiyun     wv[1] = ctx->h[1];
277*4882a593Smuzhiyun     wv[2] = ctx->h[2];
278*4882a593Smuzhiyun     wv[3] = ctx->h[3];
279*4882a593Smuzhiyun     wv[4] = ctx->h[4];
280*4882a593Smuzhiyun     wv[5] = ctx->h[5];
281*4882a593Smuzhiyun     wv[6] = ctx->h[6];
282*4882a593Smuzhiyun     wv[7] = ctx->h[7];
283*4882a593Smuzhiyun 
284*4882a593Smuzhiyun     SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 0);
285*4882a593Smuzhiyun     SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 1);
286*4882a593Smuzhiyun     SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 2);
287*4882a593Smuzhiyun     SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 3);
288*4882a593Smuzhiyun     SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 4);
289*4882a593Smuzhiyun     SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 5);
290*4882a593Smuzhiyun     SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 6);
291*4882a593Smuzhiyun     SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 7);
292*4882a593Smuzhiyun     SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 8);
293*4882a593Smuzhiyun     SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 9);
294*4882a593Smuzhiyun     SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 10);
295*4882a593Smuzhiyun     SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 11);
296*4882a593Smuzhiyun     SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 12);
297*4882a593Smuzhiyun     SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 13);
298*4882a593Smuzhiyun     SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 14);
299*4882a593Smuzhiyun     SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 15);
300*4882a593Smuzhiyun     SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 16);
301*4882a593Smuzhiyun     SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 17);
302*4882a593Smuzhiyun     SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 18);
303*4882a593Smuzhiyun     SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 19);
304*4882a593Smuzhiyun     SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 20);
305*4882a593Smuzhiyun     SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 21);
306*4882a593Smuzhiyun     SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 22);
307*4882a593Smuzhiyun     SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 23);
308*4882a593Smuzhiyun     SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 24);
309*4882a593Smuzhiyun     SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 25);
310*4882a593Smuzhiyun     SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 26);
311*4882a593Smuzhiyun     SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 27);
312*4882a593Smuzhiyun     SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 28);
313*4882a593Smuzhiyun     SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 29);
314*4882a593Smuzhiyun     SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 30);
315*4882a593Smuzhiyun     SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 31);
316*4882a593Smuzhiyun     SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 32);
317*4882a593Smuzhiyun     SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 33);
318*4882a593Smuzhiyun     SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 34);
319*4882a593Smuzhiyun     SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 35);
320*4882a593Smuzhiyun     SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 36);
321*4882a593Smuzhiyun     SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 37);
322*4882a593Smuzhiyun     SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 38);
323*4882a593Smuzhiyun     SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 39);
324*4882a593Smuzhiyun     SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 40);
325*4882a593Smuzhiyun     SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 41);
326*4882a593Smuzhiyun     SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 42);
327*4882a593Smuzhiyun     SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 43);
328*4882a593Smuzhiyun     SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 44);
329*4882a593Smuzhiyun     SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 45);
330*4882a593Smuzhiyun     SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 46);
331*4882a593Smuzhiyun     SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 47);
332*4882a593Smuzhiyun     SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 48);
333*4882a593Smuzhiyun     SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 49);
334*4882a593Smuzhiyun     SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 50);
335*4882a593Smuzhiyun     SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 51);
336*4882a593Smuzhiyun     SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 52);
337*4882a593Smuzhiyun     SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 53);
338*4882a593Smuzhiyun     SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 54);
339*4882a593Smuzhiyun     SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 55);
340*4882a593Smuzhiyun     SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 56);
341*4882a593Smuzhiyun     SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 57);
342*4882a593Smuzhiyun     SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 58);
343*4882a593Smuzhiyun     SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 59);
344*4882a593Smuzhiyun     SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 60);
345*4882a593Smuzhiyun     SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 61);
346*4882a593Smuzhiyun     SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 62);
347*4882a593Smuzhiyun     SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 63);
348*4882a593Smuzhiyun 
349*4882a593Smuzhiyun     ctx->h[0] += wv[0];
350*4882a593Smuzhiyun     ctx->h[1] += wv[1];
351*4882a593Smuzhiyun     ctx->h[2] += wv[2];
352*4882a593Smuzhiyun     ctx->h[3] += wv[3];
353*4882a593Smuzhiyun     ctx->h[4] += wv[4];
354*4882a593Smuzhiyun     ctx->h[5] += wv[5];
355*4882a593Smuzhiyun     ctx->h[6] += wv[6];
356*4882a593Smuzhiyun     ctx->h[7] += wv[7];
357*4882a593Smuzhiyun #endif /* !UNROLL_LOOPS */
358*4882a593Smuzhiyun   }
359*4882a593Smuzhiyun }
360*4882a593Smuzhiyun 
avb_sha256_update(AvbSHA256Ctx * ctx,const uint8_t * data,size_t len)361*4882a593Smuzhiyun void avb_sha256_update(AvbSHA256Ctx* ctx, const uint8_t* data, size_t len) {
362*4882a593Smuzhiyun   size_t block_nb;
363*4882a593Smuzhiyun   size_t new_len, rem_len, tmp_len;
364*4882a593Smuzhiyun   const uint8_t* shifted_data;
365*4882a593Smuzhiyun 
366*4882a593Smuzhiyun   tmp_len = AVB_SHA256_BLOCK_SIZE - ctx->len;
367*4882a593Smuzhiyun   rem_len = len < tmp_len ? len : tmp_len;
368*4882a593Smuzhiyun 
369*4882a593Smuzhiyun   avb_memcpy(&ctx->block[ctx->len], data, rem_len);
370*4882a593Smuzhiyun 
371*4882a593Smuzhiyun   if (ctx->len + len < AVB_SHA256_BLOCK_SIZE) {
372*4882a593Smuzhiyun     ctx->len += len;
373*4882a593Smuzhiyun     return;
374*4882a593Smuzhiyun   }
375*4882a593Smuzhiyun 
376*4882a593Smuzhiyun   new_len = len - rem_len;
377*4882a593Smuzhiyun   block_nb = new_len / AVB_SHA256_BLOCK_SIZE;
378*4882a593Smuzhiyun 
379*4882a593Smuzhiyun   shifted_data = data + rem_len;
380*4882a593Smuzhiyun 
381*4882a593Smuzhiyun   SHA256_transform(ctx, ctx->block, 1);
382*4882a593Smuzhiyun   SHA256_transform(ctx, shifted_data, block_nb);
383*4882a593Smuzhiyun 
384*4882a593Smuzhiyun   rem_len = new_len % AVB_SHA256_BLOCK_SIZE;
385*4882a593Smuzhiyun 
386*4882a593Smuzhiyun   avb_memcpy(ctx->block, &shifted_data[block_nb << 6], rem_len);
387*4882a593Smuzhiyun 
388*4882a593Smuzhiyun   ctx->len = rem_len;
389*4882a593Smuzhiyun   ctx->tot_len += (block_nb + 1) << 6;
390*4882a593Smuzhiyun }
391*4882a593Smuzhiyun 
avb_sha256_final(AvbSHA256Ctx * ctx)392*4882a593Smuzhiyun uint8_t* avb_sha256_final(AvbSHA256Ctx* ctx) {
393*4882a593Smuzhiyun   size_t block_nb;
394*4882a593Smuzhiyun   size_t pm_len;
395*4882a593Smuzhiyun   uint64_t len_b;
396*4882a593Smuzhiyun #ifndef UNROLL_LOOPS
397*4882a593Smuzhiyun   size_t i;
398*4882a593Smuzhiyun #endif
399*4882a593Smuzhiyun 
400*4882a593Smuzhiyun   block_nb =
401*4882a593Smuzhiyun       (1 + ((AVB_SHA256_BLOCK_SIZE - 9) < (ctx->len % AVB_SHA256_BLOCK_SIZE)));
402*4882a593Smuzhiyun 
403*4882a593Smuzhiyun   len_b = (ctx->tot_len + ctx->len) << 3;
404*4882a593Smuzhiyun   pm_len = block_nb << 6;
405*4882a593Smuzhiyun 
406*4882a593Smuzhiyun   avb_memset(ctx->block + ctx->len, 0, pm_len - ctx->len);
407*4882a593Smuzhiyun   ctx->block[ctx->len] = 0x80;
408*4882a593Smuzhiyun   UNPACK64(len_b, ctx->block + pm_len - 8);
409*4882a593Smuzhiyun 
410*4882a593Smuzhiyun   SHA256_transform(ctx, ctx->block, block_nb);
411*4882a593Smuzhiyun 
412*4882a593Smuzhiyun #ifndef UNROLL_LOOPS
413*4882a593Smuzhiyun   for (i = 0; i < 8; i++) {
414*4882a593Smuzhiyun     UNPACK32(ctx->h[i], &ctx->buf[i << 2]);
415*4882a593Smuzhiyun   }
416*4882a593Smuzhiyun #else
417*4882a593Smuzhiyun   UNPACK32(ctx->h[0], &ctx->buf[0]);
418*4882a593Smuzhiyun   UNPACK32(ctx->h[1], &ctx->buf[4]);
419*4882a593Smuzhiyun   UNPACK32(ctx->h[2], &ctx->buf[8]);
420*4882a593Smuzhiyun   UNPACK32(ctx->h[3], &ctx->buf[12]);
421*4882a593Smuzhiyun   UNPACK32(ctx->h[4], &ctx->buf[16]);
422*4882a593Smuzhiyun   UNPACK32(ctx->h[5], &ctx->buf[20]);
423*4882a593Smuzhiyun   UNPACK32(ctx->h[6], &ctx->buf[24]);
424*4882a593Smuzhiyun   UNPACK32(ctx->h[7], &ctx->buf[28]);
425*4882a593Smuzhiyun #endif /* !UNROLL_LOOPS */
426*4882a593Smuzhiyun 
427*4882a593Smuzhiyun   return ctx->buf;
428*4882a593Smuzhiyun }
429*4882a593Smuzhiyun #endif
430