137a7bc39SJason Zhu /* SHA-256 and SHA-512 implementation based on code by Oliver Gay 237a7bc39SJason Zhu * <olivier.gay@a3.epfl.ch> under a BSD-style license. See below. 337a7bc39SJason Zhu */ 437a7bc39SJason Zhu 537a7bc39SJason Zhu /* 637a7bc39SJason Zhu * FIPS 180-2 SHA-224/256/384/512 implementation 737a7bc39SJason Zhu * Last update: 02/02/2007 837a7bc39SJason Zhu * Issue date: 04/30/2005 937a7bc39SJason Zhu * 1037a7bc39SJason Zhu * Copyright (C) 2005, 2007 Olivier Gay <olivier.gay@a3.epfl.ch> 1137a7bc39SJason Zhu * All rights reserved. 1237a7bc39SJason Zhu * 1337a7bc39SJason Zhu * Redistribution and use in source and binary forms, with or without 1437a7bc39SJason Zhu * modification, are permitted provided that the following conditions 1537a7bc39SJason Zhu * are met: 1637a7bc39SJason Zhu * 1. Redistributions of source code must retain the above copyright 1737a7bc39SJason Zhu * notice, this list of conditions and the following disclaimer. 1837a7bc39SJason Zhu * 2. Redistributions in binary form must reproduce the above copyright 1937a7bc39SJason Zhu * notice, this list of conditions and the following disclaimer in the 2037a7bc39SJason Zhu * documentation and/or other materials provided with the distribution. 2137a7bc39SJason Zhu * 3. Neither the name of the project nor the names of its contributors 2237a7bc39SJason Zhu * may be used to endorse or promote products derived from this software 2337a7bc39SJason Zhu * without specific prior written permission. 2437a7bc39SJason Zhu * 2537a7bc39SJason Zhu * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 2637a7bc39SJason Zhu * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2737a7bc39SJason Zhu * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2837a7bc39SJason Zhu * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 2937a7bc39SJason Zhu * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 3037a7bc39SJason Zhu * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 3137a7bc39SJason Zhu * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 3237a7bc39SJason Zhu * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 3337a7bc39SJason Zhu * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3437a7bc39SJason Zhu * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3537a7bc39SJason Zhu * SUCH DAMAGE. 3637a7bc39SJason Zhu */ 3737a7bc39SJason Zhu 3837a7bc39SJason Zhu #include <android_avb/avb_sha.h> 39*5b0bc491SJoseph Chen #include <android_avb/avb_util.h> 4037a7bc39SJason Zhu 41*5b0bc491SJoseph Chen #ifdef CONFIG_DM_CRYPTO 42*5b0bc491SJoseph Chen void avb_sha256_init(AvbSHA256Ctx* ctx) { 43*5b0bc491SJoseph Chen ctx->crypto_ctx.algo = CRYPTO_SHA256; 44*5b0bc491SJoseph Chen ctx->crypto_ctx.length = ctx->tot_len; 45*5b0bc491SJoseph Chen memset(ctx->buf, 0, sizeof(ctx->buf)); 46*5b0bc491SJoseph Chen 47*5b0bc491SJoseph Chen ctx->crypto_dev = crypto_get_device(ctx->crypto_ctx.algo); 48*5b0bc491SJoseph Chen if (!ctx->crypto_dev) 49*5b0bc491SJoseph Chen avb_error("Can't get sha256 crypto device\n"); 50*5b0bc491SJoseph Chen else 51*5b0bc491SJoseph Chen crypto_sha_init(ctx->crypto_dev, &ctx->crypto_ctx); 52*5b0bc491SJoseph Chen } 53*5b0bc491SJoseph Chen 54*5b0bc491SJoseph Chen void avb_sha256_update(AvbSHA256Ctx* ctx, const uint8_t* data, size_t len) { 55*5b0bc491SJoseph Chen if (ctx->crypto_dev) 56*5b0bc491SJoseph Chen crypto_sha_update(ctx->crypto_dev, (u32 *)data, len); 57*5b0bc491SJoseph Chen } 58*5b0bc491SJoseph Chen 59*5b0bc491SJoseph Chen uint8_t* avb_sha256_final(AvbSHA256Ctx* ctx) { 60*5b0bc491SJoseph Chen if (ctx->crypto_dev) 61*5b0bc491SJoseph Chen crypto_sha_final(ctx->crypto_dev, &ctx->crypto_ctx, ctx->buf); 62*5b0bc491SJoseph Chen 63*5b0bc491SJoseph Chen return ctx->buf; 64*5b0bc491SJoseph Chen } 65*5b0bc491SJoseph Chen #else 6637a7bc39SJason Zhu #define SHFR(x, n) (x >> n) 6737a7bc39SJason Zhu #define ROTR(x, n) ((x >> n) | (x << ((sizeof(x) << 3) - n))) 6837a7bc39SJason Zhu #define ROTL(x, n) ((x << n) | (x >> ((sizeof(x) << 3) - n))) 6937a7bc39SJason Zhu #define CH(x, y, z) ((x & y) ^ (~x & z)) 7037a7bc39SJason Zhu #define MAJ(x, y, z) ((x & y) ^ (x & z) ^ (y & z)) 7137a7bc39SJason Zhu 7237a7bc39SJason Zhu #define SHA256_F1(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) 7337a7bc39SJason Zhu #define SHA256_F2(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) 7437a7bc39SJason Zhu #define SHA256_F3(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHFR(x, 3)) 7537a7bc39SJason Zhu #define SHA256_F4(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHFR(x, 10)) 7637a7bc39SJason Zhu 7737a7bc39SJason Zhu #define UNPACK32(x, str) \ 7837a7bc39SJason Zhu { \ 7937a7bc39SJason Zhu *((str) + 3) = (uint8_t)((x)); \ 8037a7bc39SJason Zhu *((str) + 2) = (uint8_t)((x) >> 8); \ 8137a7bc39SJason Zhu *((str) + 1) = (uint8_t)((x) >> 16); \ 8237a7bc39SJason Zhu *((str) + 0) = (uint8_t)((x) >> 24); \ 8337a7bc39SJason Zhu } 8437a7bc39SJason Zhu 8569fdc596SJason Zhu #define UNPACK64(x, str) \ 8669fdc596SJason Zhu { \ 8769fdc596SJason Zhu *((str) + 7) = (uint8_t)x; \ 8869fdc596SJason Zhu *((str) + 6) = (uint8_t)((uint64_t)x >> 8); \ 8969fdc596SJason Zhu *((str) + 5) = (uint8_t)((uint64_t)x >> 16); \ 9069fdc596SJason Zhu *((str) + 4) = (uint8_t)((uint64_t)x >> 24); \ 9169fdc596SJason Zhu *((str) + 3) = (uint8_t)((uint64_t)x >> 32); \ 9269fdc596SJason Zhu *((str) + 2) = (uint8_t)((uint64_t)x >> 40); \ 9369fdc596SJason Zhu *((str) + 1) = (uint8_t)((uint64_t)x >> 48); \ 9469fdc596SJason Zhu *((str) + 0) = (uint8_t)((uint64_t)x >> 56); \ 9569fdc596SJason Zhu } 9669fdc596SJason Zhu 9737a7bc39SJason Zhu #define PACK32(str, x) \ 9837a7bc39SJason Zhu { \ 9937a7bc39SJason Zhu *(x) = ((uint32_t) * ((str) + 3)) | ((uint32_t) * ((str) + 2) << 8) | \ 10037a7bc39SJason Zhu ((uint32_t) * ((str) + 1) << 16) | \ 10137a7bc39SJason Zhu ((uint32_t) * ((str) + 0) << 24); \ 10237a7bc39SJason Zhu } 10337a7bc39SJason Zhu 10437a7bc39SJason Zhu /* Macros used for loops unrolling */ 10537a7bc39SJason Zhu 10637a7bc39SJason Zhu #define SHA256_SCR(i) \ 10737a7bc39SJason Zhu { w[i] = SHA256_F4(w[i - 2]) + w[i - 7] + SHA256_F3(w[i - 15]) + w[i - 16]; } 10837a7bc39SJason Zhu 10937a7bc39SJason Zhu #define SHA256_EXP(a, b, c, d, e, f, g, h, j) \ 11037a7bc39SJason Zhu { \ 11137a7bc39SJason Zhu t1 = wv[h] + SHA256_F2(wv[e]) + CH(wv[e], wv[f], wv[g]) + sha256_k[j] + \ 11237a7bc39SJason Zhu w[j]; \ 11337a7bc39SJason Zhu t2 = SHA256_F1(wv[a]) + MAJ(wv[a], wv[b], wv[c]); \ 11437a7bc39SJason Zhu wv[d] += t1; \ 11537a7bc39SJason Zhu wv[h] = t1 + t2; \ 11637a7bc39SJason Zhu } 11737a7bc39SJason Zhu 11837a7bc39SJason Zhu static const uint32_t sha256_h0[8] = {0x6a09e667, 11937a7bc39SJason Zhu 0xbb67ae85, 12037a7bc39SJason Zhu 0x3c6ef372, 12137a7bc39SJason Zhu 0xa54ff53a, 12237a7bc39SJason Zhu 0x510e527f, 12337a7bc39SJason Zhu 0x9b05688c, 12437a7bc39SJason Zhu 0x1f83d9ab, 12537a7bc39SJason Zhu 0x5be0cd19}; 12637a7bc39SJason Zhu 12737a7bc39SJason Zhu static const uint32_t sha256_k[64] = { 12837a7bc39SJason Zhu 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 12937a7bc39SJason Zhu 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 13037a7bc39SJason Zhu 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 13137a7bc39SJason Zhu 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 13237a7bc39SJason Zhu 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 13337a7bc39SJason Zhu 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 13437a7bc39SJason Zhu 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 13537a7bc39SJason Zhu 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 13637a7bc39SJason Zhu 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 13737a7bc39SJason Zhu 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 13837a7bc39SJason Zhu 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2}; 13937a7bc39SJason Zhu 14037a7bc39SJason Zhu /* SHA-256 implementation */ 14137a7bc39SJason Zhu void avb_sha256_init(AvbSHA256Ctx* ctx) { 14237a7bc39SJason Zhu #ifndef UNROLL_LOOPS 14337a7bc39SJason Zhu int i; 14437a7bc39SJason Zhu for (i = 0; i < 8; i++) { 14537a7bc39SJason Zhu ctx->h[i] = sha256_h0[i]; 14637a7bc39SJason Zhu } 14737a7bc39SJason Zhu #else 14837a7bc39SJason Zhu ctx->h[0] = sha256_h0[0]; 14937a7bc39SJason Zhu ctx->h[1] = sha256_h0[1]; 15037a7bc39SJason Zhu ctx->h[2] = sha256_h0[2]; 15137a7bc39SJason Zhu ctx->h[3] = sha256_h0[3]; 15237a7bc39SJason Zhu ctx->h[4] = sha256_h0[4]; 15337a7bc39SJason Zhu ctx->h[5] = sha256_h0[5]; 15437a7bc39SJason Zhu ctx->h[6] = sha256_h0[6]; 15537a7bc39SJason Zhu ctx->h[7] = sha256_h0[7]; 15637a7bc39SJason Zhu #endif /* !UNROLL_LOOPS */ 15737a7bc39SJason Zhu 15837a7bc39SJason Zhu ctx->len = 0; 15937a7bc39SJason Zhu ctx->tot_len = 0; 16037a7bc39SJason Zhu } 16137a7bc39SJason Zhu 16237a7bc39SJason Zhu static void SHA256_transform(AvbSHA256Ctx* ctx, 16337a7bc39SJason Zhu const uint8_t* message, 16469fdc596SJason Zhu size_t block_nb) { 16537a7bc39SJason Zhu uint32_t w[64]; 16637a7bc39SJason Zhu uint32_t wv[8]; 16737a7bc39SJason Zhu uint32_t t1, t2; 16837a7bc39SJason Zhu const unsigned char* sub_block; 16969fdc596SJason Zhu size_t i; 17037a7bc39SJason Zhu 17137a7bc39SJason Zhu #ifndef UNROLL_LOOPS 17269fdc596SJason Zhu size_t j; 17337a7bc39SJason Zhu #endif 17437a7bc39SJason Zhu 17569fdc596SJason Zhu for (i = 0; i < block_nb; i++) { 17637a7bc39SJason Zhu sub_block = message + (i << 6); 17737a7bc39SJason Zhu 17837a7bc39SJason Zhu #ifndef UNROLL_LOOPS 17937a7bc39SJason Zhu for (j = 0; j < 16; j++) { 18037a7bc39SJason Zhu PACK32(&sub_block[j << 2], &w[j]); 18137a7bc39SJason Zhu } 18237a7bc39SJason Zhu 18337a7bc39SJason Zhu for (j = 16; j < 64; j++) { 18437a7bc39SJason Zhu SHA256_SCR(j); 18537a7bc39SJason Zhu } 18637a7bc39SJason Zhu 18737a7bc39SJason Zhu for (j = 0; j < 8; j++) { 18837a7bc39SJason Zhu wv[j] = ctx->h[j]; 18937a7bc39SJason Zhu } 19037a7bc39SJason Zhu 19137a7bc39SJason Zhu for (j = 0; j < 64; j++) { 19237a7bc39SJason Zhu t1 = wv[7] + SHA256_F2(wv[4]) + CH(wv[4], wv[5], wv[6]) + sha256_k[j] + 19337a7bc39SJason Zhu w[j]; 19437a7bc39SJason Zhu t2 = SHA256_F1(wv[0]) + MAJ(wv[0], wv[1], wv[2]); 19537a7bc39SJason Zhu wv[7] = wv[6]; 19637a7bc39SJason Zhu wv[6] = wv[5]; 19737a7bc39SJason Zhu wv[5] = wv[4]; 19837a7bc39SJason Zhu wv[4] = wv[3] + t1; 19937a7bc39SJason Zhu wv[3] = wv[2]; 20037a7bc39SJason Zhu wv[2] = wv[1]; 20137a7bc39SJason Zhu wv[1] = wv[0]; 20237a7bc39SJason Zhu wv[0] = t1 + t2; 20337a7bc39SJason Zhu } 20437a7bc39SJason Zhu 20537a7bc39SJason Zhu for (j = 0; j < 8; j++) { 20637a7bc39SJason Zhu ctx->h[j] += wv[j]; 20737a7bc39SJason Zhu } 20837a7bc39SJason Zhu #else 20937a7bc39SJason Zhu PACK32(&sub_block[0], &w[0]); 21037a7bc39SJason Zhu PACK32(&sub_block[4], &w[1]); 21137a7bc39SJason Zhu PACK32(&sub_block[8], &w[2]); 21237a7bc39SJason Zhu PACK32(&sub_block[12], &w[3]); 21337a7bc39SJason Zhu PACK32(&sub_block[16], &w[4]); 21437a7bc39SJason Zhu PACK32(&sub_block[20], &w[5]); 21537a7bc39SJason Zhu PACK32(&sub_block[24], &w[6]); 21637a7bc39SJason Zhu PACK32(&sub_block[28], &w[7]); 21737a7bc39SJason Zhu PACK32(&sub_block[32], &w[8]); 21837a7bc39SJason Zhu PACK32(&sub_block[36], &w[9]); 21937a7bc39SJason Zhu PACK32(&sub_block[40], &w[10]); 22037a7bc39SJason Zhu PACK32(&sub_block[44], &w[11]); 22137a7bc39SJason Zhu PACK32(&sub_block[48], &w[12]); 22237a7bc39SJason Zhu PACK32(&sub_block[52], &w[13]); 22337a7bc39SJason Zhu PACK32(&sub_block[56], &w[14]); 22437a7bc39SJason Zhu PACK32(&sub_block[60], &w[15]); 22537a7bc39SJason Zhu 22637a7bc39SJason Zhu SHA256_SCR(16); 22737a7bc39SJason Zhu SHA256_SCR(17); 22837a7bc39SJason Zhu SHA256_SCR(18); 22937a7bc39SJason Zhu SHA256_SCR(19); 23037a7bc39SJason Zhu SHA256_SCR(20); 23137a7bc39SJason Zhu SHA256_SCR(21); 23237a7bc39SJason Zhu SHA256_SCR(22); 23337a7bc39SJason Zhu SHA256_SCR(23); 23437a7bc39SJason Zhu SHA256_SCR(24); 23537a7bc39SJason Zhu SHA256_SCR(25); 23637a7bc39SJason Zhu SHA256_SCR(26); 23737a7bc39SJason Zhu SHA256_SCR(27); 23837a7bc39SJason Zhu SHA256_SCR(28); 23937a7bc39SJason Zhu SHA256_SCR(29); 24037a7bc39SJason Zhu SHA256_SCR(30); 24137a7bc39SJason Zhu SHA256_SCR(31); 24237a7bc39SJason Zhu SHA256_SCR(32); 24337a7bc39SJason Zhu SHA256_SCR(33); 24437a7bc39SJason Zhu SHA256_SCR(34); 24537a7bc39SJason Zhu SHA256_SCR(35); 24637a7bc39SJason Zhu SHA256_SCR(36); 24737a7bc39SJason Zhu SHA256_SCR(37); 24837a7bc39SJason Zhu SHA256_SCR(38); 24937a7bc39SJason Zhu SHA256_SCR(39); 25037a7bc39SJason Zhu SHA256_SCR(40); 25137a7bc39SJason Zhu SHA256_SCR(41); 25237a7bc39SJason Zhu SHA256_SCR(42); 25337a7bc39SJason Zhu SHA256_SCR(43); 25437a7bc39SJason Zhu SHA256_SCR(44); 25537a7bc39SJason Zhu SHA256_SCR(45); 25637a7bc39SJason Zhu SHA256_SCR(46); 25737a7bc39SJason Zhu SHA256_SCR(47); 25837a7bc39SJason Zhu SHA256_SCR(48); 25937a7bc39SJason Zhu SHA256_SCR(49); 26037a7bc39SJason Zhu SHA256_SCR(50); 26137a7bc39SJason Zhu SHA256_SCR(51); 26237a7bc39SJason Zhu SHA256_SCR(52); 26337a7bc39SJason Zhu SHA256_SCR(53); 26437a7bc39SJason Zhu SHA256_SCR(54); 26537a7bc39SJason Zhu SHA256_SCR(55); 26637a7bc39SJason Zhu SHA256_SCR(56); 26737a7bc39SJason Zhu SHA256_SCR(57); 26837a7bc39SJason Zhu SHA256_SCR(58); 26937a7bc39SJason Zhu SHA256_SCR(59); 27037a7bc39SJason Zhu SHA256_SCR(60); 27137a7bc39SJason Zhu SHA256_SCR(61); 27237a7bc39SJason Zhu SHA256_SCR(62); 27337a7bc39SJason Zhu SHA256_SCR(63); 27437a7bc39SJason Zhu 27537a7bc39SJason Zhu wv[0] = ctx->h[0]; 27637a7bc39SJason Zhu wv[1] = ctx->h[1]; 27737a7bc39SJason Zhu wv[2] = ctx->h[2]; 27837a7bc39SJason Zhu wv[3] = ctx->h[3]; 27937a7bc39SJason Zhu wv[4] = ctx->h[4]; 28037a7bc39SJason Zhu wv[5] = ctx->h[5]; 28137a7bc39SJason Zhu wv[6] = ctx->h[6]; 28237a7bc39SJason Zhu wv[7] = ctx->h[7]; 28337a7bc39SJason Zhu 28437a7bc39SJason Zhu SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 0); 28537a7bc39SJason Zhu SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 1); 28637a7bc39SJason Zhu SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 2); 28737a7bc39SJason Zhu SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 3); 28837a7bc39SJason Zhu SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 4); 28937a7bc39SJason Zhu SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 5); 29037a7bc39SJason Zhu SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 6); 29137a7bc39SJason Zhu SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 7); 29237a7bc39SJason Zhu SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 8); 29337a7bc39SJason Zhu SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 9); 29437a7bc39SJason Zhu SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 10); 29537a7bc39SJason Zhu SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 11); 29637a7bc39SJason Zhu SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 12); 29737a7bc39SJason Zhu SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 13); 29837a7bc39SJason Zhu SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 14); 29937a7bc39SJason Zhu SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 15); 30037a7bc39SJason Zhu SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 16); 30137a7bc39SJason Zhu SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 17); 30237a7bc39SJason Zhu SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 18); 30337a7bc39SJason Zhu SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 19); 30437a7bc39SJason Zhu SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 20); 30537a7bc39SJason Zhu SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 21); 30637a7bc39SJason Zhu SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 22); 30737a7bc39SJason Zhu SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 23); 30837a7bc39SJason Zhu SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 24); 30937a7bc39SJason Zhu SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 25); 31037a7bc39SJason Zhu SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 26); 31137a7bc39SJason Zhu SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 27); 31237a7bc39SJason Zhu SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 28); 31337a7bc39SJason Zhu SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 29); 31437a7bc39SJason Zhu SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 30); 31537a7bc39SJason Zhu SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 31); 31637a7bc39SJason Zhu SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 32); 31737a7bc39SJason Zhu SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 33); 31837a7bc39SJason Zhu SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 34); 31937a7bc39SJason Zhu SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 35); 32037a7bc39SJason Zhu SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 36); 32137a7bc39SJason Zhu SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 37); 32237a7bc39SJason Zhu SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 38); 32337a7bc39SJason Zhu SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 39); 32437a7bc39SJason Zhu SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 40); 32537a7bc39SJason Zhu SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 41); 32637a7bc39SJason Zhu SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 42); 32737a7bc39SJason Zhu SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 43); 32837a7bc39SJason Zhu SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 44); 32937a7bc39SJason Zhu SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 45); 33037a7bc39SJason Zhu SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 46); 33137a7bc39SJason Zhu SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 47); 33237a7bc39SJason Zhu SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 48); 33337a7bc39SJason Zhu SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 49); 33437a7bc39SJason Zhu SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 50); 33537a7bc39SJason Zhu SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 51); 33637a7bc39SJason Zhu SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 52); 33737a7bc39SJason Zhu SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 53); 33837a7bc39SJason Zhu SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 54); 33937a7bc39SJason Zhu SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 55); 34037a7bc39SJason Zhu SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 56); 34137a7bc39SJason Zhu SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 57); 34237a7bc39SJason Zhu SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 58); 34337a7bc39SJason Zhu SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 59); 34437a7bc39SJason Zhu SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 60); 34537a7bc39SJason Zhu SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 61); 34637a7bc39SJason Zhu SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 62); 34737a7bc39SJason Zhu SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 63); 34837a7bc39SJason Zhu 34937a7bc39SJason Zhu ctx->h[0] += wv[0]; 35037a7bc39SJason Zhu ctx->h[1] += wv[1]; 35137a7bc39SJason Zhu ctx->h[2] += wv[2]; 35237a7bc39SJason Zhu ctx->h[3] += wv[3]; 35337a7bc39SJason Zhu ctx->h[4] += wv[4]; 35437a7bc39SJason Zhu ctx->h[5] += wv[5]; 35537a7bc39SJason Zhu ctx->h[6] += wv[6]; 35637a7bc39SJason Zhu ctx->h[7] += wv[7]; 35737a7bc39SJason Zhu #endif /* !UNROLL_LOOPS */ 35837a7bc39SJason Zhu } 35937a7bc39SJason Zhu } 36037a7bc39SJason Zhu 36169fdc596SJason Zhu void avb_sha256_update(AvbSHA256Ctx* ctx, const uint8_t* data, size_t len) { 36269fdc596SJason Zhu size_t block_nb; 36369fdc596SJason Zhu size_t new_len, rem_len, tmp_len; 36437a7bc39SJason Zhu const uint8_t* shifted_data; 36537a7bc39SJason Zhu 36637a7bc39SJason Zhu tmp_len = AVB_SHA256_BLOCK_SIZE - ctx->len; 36737a7bc39SJason Zhu rem_len = len < tmp_len ? len : tmp_len; 36837a7bc39SJason Zhu 36937a7bc39SJason Zhu avb_memcpy(&ctx->block[ctx->len], data, rem_len); 37037a7bc39SJason Zhu 37137a7bc39SJason Zhu if (ctx->len + len < AVB_SHA256_BLOCK_SIZE) { 37237a7bc39SJason Zhu ctx->len += len; 37337a7bc39SJason Zhu return; 37437a7bc39SJason Zhu } 37537a7bc39SJason Zhu 37637a7bc39SJason Zhu new_len = len - rem_len; 37737a7bc39SJason Zhu block_nb = new_len / AVB_SHA256_BLOCK_SIZE; 37837a7bc39SJason Zhu 37937a7bc39SJason Zhu shifted_data = data + rem_len; 38037a7bc39SJason Zhu 38137a7bc39SJason Zhu SHA256_transform(ctx, ctx->block, 1); 38237a7bc39SJason Zhu SHA256_transform(ctx, shifted_data, block_nb); 38337a7bc39SJason Zhu 38437a7bc39SJason Zhu rem_len = new_len % AVB_SHA256_BLOCK_SIZE; 38537a7bc39SJason Zhu 38637a7bc39SJason Zhu avb_memcpy(ctx->block, &shifted_data[block_nb << 6], rem_len); 38737a7bc39SJason Zhu 38837a7bc39SJason Zhu ctx->len = rem_len; 38937a7bc39SJason Zhu ctx->tot_len += (block_nb + 1) << 6; 39037a7bc39SJason Zhu } 39137a7bc39SJason Zhu 39237a7bc39SJason Zhu uint8_t* avb_sha256_final(AvbSHA256Ctx* ctx) { 39369fdc596SJason Zhu size_t block_nb; 39469fdc596SJason Zhu size_t pm_len; 39569fdc596SJason Zhu uint64_t len_b; 39637a7bc39SJason Zhu #ifndef UNROLL_LOOPS 39769fdc596SJason Zhu size_t i; 39837a7bc39SJason Zhu #endif 39937a7bc39SJason Zhu 40037a7bc39SJason Zhu block_nb = 40137a7bc39SJason Zhu (1 + ((AVB_SHA256_BLOCK_SIZE - 9) < (ctx->len % AVB_SHA256_BLOCK_SIZE))); 40237a7bc39SJason Zhu 40337a7bc39SJason Zhu len_b = (ctx->tot_len + ctx->len) << 3; 40437a7bc39SJason Zhu pm_len = block_nb << 6; 40537a7bc39SJason Zhu 40637a7bc39SJason Zhu avb_memset(ctx->block + ctx->len, 0, pm_len - ctx->len); 40737a7bc39SJason Zhu ctx->block[ctx->len] = 0x80; 40869fdc596SJason Zhu UNPACK64(len_b, ctx->block + pm_len - 8); 40937a7bc39SJason Zhu 41037a7bc39SJason Zhu SHA256_transform(ctx, ctx->block, block_nb); 41137a7bc39SJason Zhu 41237a7bc39SJason Zhu #ifndef UNROLL_LOOPS 41337a7bc39SJason Zhu for (i = 0; i < 8; i++) { 41437a7bc39SJason Zhu UNPACK32(ctx->h[i], &ctx->buf[i << 2]); 41537a7bc39SJason Zhu } 41637a7bc39SJason Zhu #else 41737a7bc39SJason Zhu UNPACK32(ctx->h[0], &ctx->buf[0]); 41837a7bc39SJason Zhu UNPACK32(ctx->h[1], &ctx->buf[4]); 41937a7bc39SJason Zhu UNPACK32(ctx->h[2], &ctx->buf[8]); 42037a7bc39SJason Zhu UNPACK32(ctx->h[3], &ctx->buf[12]); 42137a7bc39SJason Zhu UNPACK32(ctx->h[4], &ctx->buf[16]); 42237a7bc39SJason Zhu UNPACK32(ctx->h[5], &ctx->buf[20]); 42337a7bc39SJason Zhu UNPACK32(ctx->h[6], &ctx->buf[24]); 42437a7bc39SJason Zhu UNPACK32(ctx->h[7], &ctx->buf[28]); 42537a7bc39SJason Zhu #endif /* !UNROLL_LOOPS */ 42637a7bc39SJason Zhu 42737a7bc39SJason Zhu return ctx->buf; 42837a7bc39SJason Zhu } 429*5b0bc491SJoseph Chen #endif 430