137a7bc39SJason Zhu /* SHA-256 and SHA-512 implementation based on code by Oliver Gay 237a7bc39SJason Zhu * <olivier.gay@a3.epfl.ch> under a BSD-style license. See below. 337a7bc39SJason Zhu */ 437a7bc39SJason Zhu 537a7bc39SJason Zhu /* 637a7bc39SJason Zhu * FIPS 180-2 SHA-224/256/384/512 implementation 737a7bc39SJason Zhu * Last update: 02/02/2007 837a7bc39SJason Zhu * Issue date: 04/30/2005 937a7bc39SJason Zhu * 1037a7bc39SJason Zhu * Copyright (C) 2005, 2007 Olivier Gay <olivier.gay@a3.epfl.ch> 1137a7bc39SJason Zhu * All rights reserved. 1237a7bc39SJason Zhu * 1337a7bc39SJason Zhu * Redistribution and use in source and binary forms, with or without 1437a7bc39SJason Zhu * modification, are permitted provided that the following conditions 1537a7bc39SJason Zhu * are met: 1637a7bc39SJason Zhu * 1. Redistributions of source code must retain the above copyright 1737a7bc39SJason Zhu * notice, this list of conditions and the following disclaimer. 1837a7bc39SJason Zhu * 2. Redistributions in binary form must reproduce the above copyright 1937a7bc39SJason Zhu * notice, this list of conditions and the following disclaimer in the 2037a7bc39SJason Zhu * documentation and/or other materials provided with the distribution. 2137a7bc39SJason Zhu * 3. Neither the name of the project nor the names of its contributors 2237a7bc39SJason Zhu * may be used to endorse or promote products derived from this software 2337a7bc39SJason Zhu * without specific prior written permission. 2437a7bc39SJason Zhu * 2537a7bc39SJason Zhu * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 2637a7bc39SJason Zhu * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2737a7bc39SJason Zhu * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2837a7bc39SJason Zhu * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 2937a7bc39SJason Zhu * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 3037a7bc39SJason Zhu * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 3137a7bc39SJason Zhu * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 3237a7bc39SJason Zhu * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 3337a7bc39SJason Zhu * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3437a7bc39SJason Zhu * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3537a7bc39SJason Zhu * SUCH DAMAGE. 3637a7bc39SJason Zhu */ 3737a7bc39SJason Zhu 3837a7bc39SJason Zhu #include <android_avb/avb_sha.h> 3937a7bc39SJason Zhu 4037a7bc39SJason Zhu #define SHFR(x, n) (x >> n) 4137a7bc39SJason Zhu #define ROTR(x, n) ((x >> n) | (x << ((sizeof(x) << 3) - n))) 4237a7bc39SJason Zhu #define ROTL(x, n) ((x << n) | (x >> ((sizeof(x) << 3) - n))) 4337a7bc39SJason Zhu #define CH(x, y, z) ((x & y) ^ (~x & z)) 4437a7bc39SJason Zhu #define MAJ(x, y, z) ((x & y) ^ (x & z) ^ (y & z)) 4537a7bc39SJason Zhu 4637a7bc39SJason Zhu #define SHA256_F1(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) 4737a7bc39SJason Zhu #define SHA256_F2(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) 4837a7bc39SJason Zhu #define SHA256_F3(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHFR(x, 3)) 4937a7bc39SJason Zhu #define SHA256_F4(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHFR(x, 10)) 5037a7bc39SJason Zhu 5137a7bc39SJason Zhu #define UNPACK32(x, str) \ 5237a7bc39SJason Zhu { \ 5337a7bc39SJason Zhu *((str) + 3) = (uint8_t)((x)); \ 5437a7bc39SJason Zhu *((str) + 2) = (uint8_t)((x) >> 8); \ 5537a7bc39SJason Zhu *((str) + 1) = (uint8_t)((x) >> 16); \ 5637a7bc39SJason Zhu *((str) + 0) = (uint8_t)((x) >> 24); \ 5737a7bc39SJason Zhu } 5837a7bc39SJason Zhu 59*69fdc596SJason Zhu #define UNPACK64(x, str) \ 60*69fdc596SJason Zhu { \ 61*69fdc596SJason Zhu *((str) + 7) = (uint8_t)x; \ 62*69fdc596SJason Zhu *((str) + 6) = (uint8_t)((uint64_t)x >> 8); \ 63*69fdc596SJason Zhu *((str) + 5) = (uint8_t)((uint64_t)x >> 16); \ 64*69fdc596SJason Zhu *((str) + 4) = (uint8_t)((uint64_t)x >> 24); \ 65*69fdc596SJason Zhu *((str) + 3) = (uint8_t)((uint64_t)x >> 32); \ 66*69fdc596SJason Zhu *((str) + 2) = (uint8_t)((uint64_t)x >> 40); \ 67*69fdc596SJason Zhu *((str) + 1) = (uint8_t)((uint64_t)x >> 48); \ 68*69fdc596SJason Zhu *((str) + 0) = (uint8_t)((uint64_t)x >> 56); \ 69*69fdc596SJason Zhu } 70*69fdc596SJason Zhu 7137a7bc39SJason Zhu #define PACK32(str, x) \ 7237a7bc39SJason Zhu { \ 7337a7bc39SJason Zhu *(x) = ((uint32_t) * ((str) + 3)) | ((uint32_t) * ((str) + 2) << 8) | \ 7437a7bc39SJason Zhu ((uint32_t) * ((str) + 1) << 16) | \ 7537a7bc39SJason Zhu ((uint32_t) * ((str) + 0) << 24); \ 7637a7bc39SJason Zhu } 7737a7bc39SJason Zhu 7837a7bc39SJason Zhu /* Macros used for loops unrolling */ 7937a7bc39SJason Zhu 8037a7bc39SJason Zhu #define SHA256_SCR(i) \ 8137a7bc39SJason Zhu { w[i] = SHA256_F4(w[i - 2]) + w[i - 7] + SHA256_F3(w[i - 15]) + w[i - 16]; } 8237a7bc39SJason Zhu 8337a7bc39SJason Zhu #define SHA256_EXP(a, b, c, d, e, f, g, h, j) \ 8437a7bc39SJason Zhu { \ 8537a7bc39SJason Zhu t1 = wv[h] + SHA256_F2(wv[e]) + CH(wv[e], wv[f], wv[g]) + sha256_k[j] + \ 8637a7bc39SJason Zhu w[j]; \ 8737a7bc39SJason Zhu t2 = SHA256_F1(wv[a]) + MAJ(wv[a], wv[b], wv[c]); \ 8837a7bc39SJason Zhu wv[d] += t1; \ 8937a7bc39SJason Zhu wv[h] = t1 + t2; \ 9037a7bc39SJason Zhu } 9137a7bc39SJason Zhu 9237a7bc39SJason Zhu static const uint32_t sha256_h0[8] = {0x6a09e667, 9337a7bc39SJason Zhu 0xbb67ae85, 9437a7bc39SJason Zhu 0x3c6ef372, 9537a7bc39SJason Zhu 0xa54ff53a, 9637a7bc39SJason Zhu 0x510e527f, 9737a7bc39SJason Zhu 0x9b05688c, 9837a7bc39SJason Zhu 0x1f83d9ab, 9937a7bc39SJason Zhu 0x5be0cd19}; 10037a7bc39SJason Zhu 10137a7bc39SJason Zhu static const uint32_t sha256_k[64] = { 10237a7bc39SJason Zhu 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 10337a7bc39SJason Zhu 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 10437a7bc39SJason Zhu 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 10537a7bc39SJason Zhu 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 10637a7bc39SJason Zhu 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 10737a7bc39SJason Zhu 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 10837a7bc39SJason Zhu 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 10937a7bc39SJason Zhu 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 11037a7bc39SJason Zhu 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 11137a7bc39SJason Zhu 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 11237a7bc39SJason Zhu 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2}; 11337a7bc39SJason Zhu 11437a7bc39SJason Zhu /* SHA-256 implementation */ 11537a7bc39SJason Zhu void avb_sha256_init(AvbSHA256Ctx* ctx) { 11637a7bc39SJason Zhu #ifndef UNROLL_LOOPS 11737a7bc39SJason Zhu int i; 11837a7bc39SJason Zhu for (i = 0; i < 8; i++) { 11937a7bc39SJason Zhu ctx->h[i] = sha256_h0[i]; 12037a7bc39SJason Zhu } 12137a7bc39SJason Zhu #else 12237a7bc39SJason Zhu ctx->h[0] = sha256_h0[0]; 12337a7bc39SJason Zhu ctx->h[1] = sha256_h0[1]; 12437a7bc39SJason Zhu ctx->h[2] = sha256_h0[2]; 12537a7bc39SJason Zhu ctx->h[3] = sha256_h0[3]; 12637a7bc39SJason Zhu ctx->h[4] = sha256_h0[4]; 12737a7bc39SJason Zhu ctx->h[5] = sha256_h0[5]; 12837a7bc39SJason Zhu ctx->h[6] = sha256_h0[6]; 12937a7bc39SJason Zhu ctx->h[7] = sha256_h0[7]; 13037a7bc39SJason Zhu #endif /* !UNROLL_LOOPS */ 13137a7bc39SJason Zhu 13237a7bc39SJason Zhu ctx->len = 0; 13337a7bc39SJason Zhu ctx->tot_len = 0; 13437a7bc39SJason Zhu } 13537a7bc39SJason Zhu 13637a7bc39SJason Zhu static void SHA256_transform(AvbSHA256Ctx* ctx, 13737a7bc39SJason Zhu const uint8_t* message, 138*69fdc596SJason Zhu size_t block_nb) { 13937a7bc39SJason Zhu uint32_t w[64]; 14037a7bc39SJason Zhu uint32_t wv[8]; 14137a7bc39SJason Zhu uint32_t t1, t2; 14237a7bc39SJason Zhu const unsigned char* sub_block; 143*69fdc596SJason Zhu size_t i; 14437a7bc39SJason Zhu 14537a7bc39SJason Zhu #ifndef UNROLL_LOOPS 146*69fdc596SJason Zhu size_t j; 14737a7bc39SJason Zhu #endif 14837a7bc39SJason Zhu 149*69fdc596SJason Zhu for (i = 0; i < block_nb; i++) { 15037a7bc39SJason Zhu sub_block = message + (i << 6); 15137a7bc39SJason Zhu 15237a7bc39SJason Zhu #ifndef UNROLL_LOOPS 15337a7bc39SJason Zhu for (j = 0; j < 16; j++) { 15437a7bc39SJason Zhu PACK32(&sub_block[j << 2], &w[j]); 15537a7bc39SJason Zhu } 15637a7bc39SJason Zhu 15737a7bc39SJason Zhu for (j = 16; j < 64; j++) { 15837a7bc39SJason Zhu SHA256_SCR(j); 15937a7bc39SJason Zhu } 16037a7bc39SJason Zhu 16137a7bc39SJason Zhu for (j = 0; j < 8; j++) { 16237a7bc39SJason Zhu wv[j] = ctx->h[j]; 16337a7bc39SJason Zhu } 16437a7bc39SJason Zhu 16537a7bc39SJason Zhu for (j = 0; j < 64; j++) { 16637a7bc39SJason Zhu t1 = wv[7] + SHA256_F2(wv[4]) + CH(wv[4], wv[5], wv[6]) + sha256_k[j] + 16737a7bc39SJason Zhu w[j]; 16837a7bc39SJason Zhu t2 = SHA256_F1(wv[0]) + MAJ(wv[0], wv[1], wv[2]); 16937a7bc39SJason Zhu wv[7] = wv[6]; 17037a7bc39SJason Zhu wv[6] = wv[5]; 17137a7bc39SJason Zhu wv[5] = wv[4]; 17237a7bc39SJason Zhu wv[4] = wv[3] + t1; 17337a7bc39SJason Zhu wv[3] = wv[2]; 17437a7bc39SJason Zhu wv[2] = wv[1]; 17537a7bc39SJason Zhu wv[1] = wv[0]; 17637a7bc39SJason Zhu wv[0] = t1 + t2; 17737a7bc39SJason Zhu } 17837a7bc39SJason Zhu 17937a7bc39SJason Zhu for (j = 0; j < 8; j++) { 18037a7bc39SJason Zhu ctx->h[j] += wv[j]; 18137a7bc39SJason Zhu } 18237a7bc39SJason Zhu #else 18337a7bc39SJason Zhu PACK32(&sub_block[0], &w[0]); 18437a7bc39SJason Zhu PACK32(&sub_block[4], &w[1]); 18537a7bc39SJason Zhu PACK32(&sub_block[8], &w[2]); 18637a7bc39SJason Zhu PACK32(&sub_block[12], &w[3]); 18737a7bc39SJason Zhu PACK32(&sub_block[16], &w[4]); 18837a7bc39SJason Zhu PACK32(&sub_block[20], &w[5]); 18937a7bc39SJason Zhu PACK32(&sub_block[24], &w[6]); 19037a7bc39SJason Zhu PACK32(&sub_block[28], &w[7]); 19137a7bc39SJason Zhu PACK32(&sub_block[32], &w[8]); 19237a7bc39SJason Zhu PACK32(&sub_block[36], &w[9]); 19337a7bc39SJason Zhu PACK32(&sub_block[40], &w[10]); 19437a7bc39SJason Zhu PACK32(&sub_block[44], &w[11]); 19537a7bc39SJason Zhu PACK32(&sub_block[48], &w[12]); 19637a7bc39SJason Zhu PACK32(&sub_block[52], &w[13]); 19737a7bc39SJason Zhu PACK32(&sub_block[56], &w[14]); 19837a7bc39SJason Zhu PACK32(&sub_block[60], &w[15]); 19937a7bc39SJason Zhu 20037a7bc39SJason Zhu SHA256_SCR(16); 20137a7bc39SJason Zhu SHA256_SCR(17); 20237a7bc39SJason Zhu SHA256_SCR(18); 20337a7bc39SJason Zhu SHA256_SCR(19); 20437a7bc39SJason Zhu SHA256_SCR(20); 20537a7bc39SJason Zhu SHA256_SCR(21); 20637a7bc39SJason Zhu SHA256_SCR(22); 20737a7bc39SJason Zhu SHA256_SCR(23); 20837a7bc39SJason Zhu SHA256_SCR(24); 20937a7bc39SJason Zhu SHA256_SCR(25); 21037a7bc39SJason Zhu SHA256_SCR(26); 21137a7bc39SJason Zhu SHA256_SCR(27); 21237a7bc39SJason Zhu SHA256_SCR(28); 21337a7bc39SJason Zhu SHA256_SCR(29); 21437a7bc39SJason Zhu SHA256_SCR(30); 21537a7bc39SJason Zhu SHA256_SCR(31); 21637a7bc39SJason Zhu SHA256_SCR(32); 21737a7bc39SJason Zhu SHA256_SCR(33); 21837a7bc39SJason Zhu SHA256_SCR(34); 21937a7bc39SJason Zhu SHA256_SCR(35); 22037a7bc39SJason Zhu SHA256_SCR(36); 22137a7bc39SJason Zhu SHA256_SCR(37); 22237a7bc39SJason Zhu SHA256_SCR(38); 22337a7bc39SJason Zhu SHA256_SCR(39); 22437a7bc39SJason Zhu SHA256_SCR(40); 22537a7bc39SJason Zhu SHA256_SCR(41); 22637a7bc39SJason Zhu SHA256_SCR(42); 22737a7bc39SJason Zhu SHA256_SCR(43); 22837a7bc39SJason Zhu SHA256_SCR(44); 22937a7bc39SJason Zhu SHA256_SCR(45); 23037a7bc39SJason Zhu SHA256_SCR(46); 23137a7bc39SJason Zhu SHA256_SCR(47); 23237a7bc39SJason Zhu SHA256_SCR(48); 23337a7bc39SJason Zhu SHA256_SCR(49); 23437a7bc39SJason Zhu SHA256_SCR(50); 23537a7bc39SJason Zhu SHA256_SCR(51); 23637a7bc39SJason Zhu SHA256_SCR(52); 23737a7bc39SJason Zhu SHA256_SCR(53); 23837a7bc39SJason Zhu SHA256_SCR(54); 23937a7bc39SJason Zhu SHA256_SCR(55); 24037a7bc39SJason Zhu SHA256_SCR(56); 24137a7bc39SJason Zhu SHA256_SCR(57); 24237a7bc39SJason Zhu SHA256_SCR(58); 24337a7bc39SJason Zhu SHA256_SCR(59); 24437a7bc39SJason Zhu SHA256_SCR(60); 24537a7bc39SJason Zhu SHA256_SCR(61); 24637a7bc39SJason Zhu SHA256_SCR(62); 24737a7bc39SJason Zhu SHA256_SCR(63); 24837a7bc39SJason Zhu 24937a7bc39SJason Zhu wv[0] = ctx->h[0]; 25037a7bc39SJason Zhu wv[1] = ctx->h[1]; 25137a7bc39SJason Zhu wv[2] = ctx->h[2]; 25237a7bc39SJason Zhu wv[3] = ctx->h[3]; 25337a7bc39SJason Zhu wv[4] = ctx->h[4]; 25437a7bc39SJason Zhu wv[5] = ctx->h[5]; 25537a7bc39SJason Zhu wv[6] = ctx->h[6]; 25637a7bc39SJason Zhu wv[7] = ctx->h[7]; 25737a7bc39SJason Zhu 25837a7bc39SJason Zhu SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 0); 25937a7bc39SJason Zhu SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 1); 26037a7bc39SJason Zhu SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 2); 26137a7bc39SJason Zhu SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 3); 26237a7bc39SJason Zhu SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 4); 26337a7bc39SJason Zhu SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 5); 26437a7bc39SJason Zhu SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 6); 26537a7bc39SJason Zhu SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 7); 26637a7bc39SJason Zhu SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 8); 26737a7bc39SJason Zhu SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 9); 26837a7bc39SJason Zhu SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 10); 26937a7bc39SJason Zhu SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 11); 27037a7bc39SJason Zhu SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 12); 27137a7bc39SJason Zhu SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 13); 27237a7bc39SJason Zhu SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 14); 27337a7bc39SJason Zhu SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 15); 27437a7bc39SJason Zhu SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 16); 27537a7bc39SJason Zhu SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 17); 27637a7bc39SJason Zhu SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 18); 27737a7bc39SJason Zhu SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 19); 27837a7bc39SJason Zhu SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 20); 27937a7bc39SJason Zhu SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 21); 28037a7bc39SJason Zhu SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 22); 28137a7bc39SJason Zhu SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 23); 28237a7bc39SJason Zhu SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 24); 28337a7bc39SJason Zhu SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 25); 28437a7bc39SJason Zhu SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 26); 28537a7bc39SJason Zhu SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 27); 28637a7bc39SJason Zhu SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 28); 28737a7bc39SJason Zhu SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 29); 28837a7bc39SJason Zhu SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 30); 28937a7bc39SJason Zhu SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 31); 29037a7bc39SJason Zhu SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 32); 29137a7bc39SJason Zhu SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 33); 29237a7bc39SJason Zhu SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 34); 29337a7bc39SJason Zhu SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 35); 29437a7bc39SJason Zhu SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 36); 29537a7bc39SJason Zhu SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 37); 29637a7bc39SJason Zhu SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 38); 29737a7bc39SJason Zhu SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 39); 29837a7bc39SJason Zhu SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 40); 29937a7bc39SJason Zhu SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 41); 30037a7bc39SJason Zhu SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 42); 30137a7bc39SJason Zhu SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 43); 30237a7bc39SJason Zhu SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 44); 30337a7bc39SJason Zhu SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 45); 30437a7bc39SJason Zhu SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 46); 30537a7bc39SJason Zhu SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 47); 30637a7bc39SJason Zhu SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 48); 30737a7bc39SJason Zhu SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 49); 30837a7bc39SJason Zhu SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 50); 30937a7bc39SJason Zhu SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 51); 31037a7bc39SJason Zhu SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 52); 31137a7bc39SJason Zhu SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 53); 31237a7bc39SJason Zhu SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 54); 31337a7bc39SJason Zhu SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 55); 31437a7bc39SJason Zhu SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 56); 31537a7bc39SJason Zhu SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 57); 31637a7bc39SJason Zhu SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 58); 31737a7bc39SJason Zhu SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 59); 31837a7bc39SJason Zhu SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 60); 31937a7bc39SJason Zhu SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 61); 32037a7bc39SJason Zhu SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 62); 32137a7bc39SJason Zhu SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 63); 32237a7bc39SJason Zhu 32337a7bc39SJason Zhu ctx->h[0] += wv[0]; 32437a7bc39SJason Zhu ctx->h[1] += wv[1]; 32537a7bc39SJason Zhu ctx->h[2] += wv[2]; 32637a7bc39SJason Zhu ctx->h[3] += wv[3]; 32737a7bc39SJason Zhu ctx->h[4] += wv[4]; 32837a7bc39SJason Zhu ctx->h[5] += wv[5]; 32937a7bc39SJason Zhu ctx->h[6] += wv[6]; 33037a7bc39SJason Zhu ctx->h[7] += wv[7]; 33137a7bc39SJason Zhu #endif /* !UNROLL_LOOPS */ 33237a7bc39SJason Zhu } 33337a7bc39SJason Zhu } 33437a7bc39SJason Zhu 335*69fdc596SJason Zhu void avb_sha256_update(AvbSHA256Ctx* ctx, const uint8_t* data, size_t len) { 336*69fdc596SJason Zhu size_t block_nb; 337*69fdc596SJason Zhu size_t new_len, rem_len, tmp_len; 33837a7bc39SJason Zhu const uint8_t* shifted_data; 33937a7bc39SJason Zhu 34037a7bc39SJason Zhu tmp_len = AVB_SHA256_BLOCK_SIZE - ctx->len; 34137a7bc39SJason Zhu rem_len = len < tmp_len ? len : tmp_len; 34237a7bc39SJason Zhu 34337a7bc39SJason Zhu avb_memcpy(&ctx->block[ctx->len], data, rem_len); 34437a7bc39SJason Zhu 34537a7bc39SJason Zhu if (ctx->len + len < AVB_SHA256_BLOCK_SIZE) { 34637a7bc39SJason Zhu ctx->len += len; 34737a7bc39SJason Zhu return; 34837a7bc39SJason Zhu } 34937a7bc39SJason Zhu 35037a7bc39SJason Zhu new_len = len - rem_len; 35137a7bc39SJason Zhu block_nb = new_len / AVB_SHA256_BLOCK_SIZE; 35237a7bc39SJason Zhu 35337a7bc39SJason Zhu shifted_data = data + rem_len; 35437a7bc39SJason Zhu 35537a7bc39SJason Zhu SHA256_transform(ctx, ctx->block, 1); 35637a7bc39SJason Zhu SHA256_transform(ctx, shifted_data, block_nb); 35737a7bc39SJason Zhu 35837a7bc39SJason Zhu rem_len = new_len % AVB_SHA256_BLOCK_SIZE; 35937a7bc39SJason Zhu 36037a7bc39SJason Zhu avb_memcpy(ctx->block, &shifted_data[block_nb << 6], rem_len); 36137a7bc39SJason Zhu 36237a7bc39SJason Zhu ctx->len = rem_len; 36337a7bc39SJason Zhu ctx->tot_len += (block_nb + 1) << 6; 36437a7bc39SJason Zhu } 36537a7bc39SJason Zhu 36637a7bc39SJason Zhu uint8_t* avb_sha256_final(AvbSHA256Ctx* ctx) { 367*69fdc596SJason Zhu size_t block_nb; 368*69fdc596SJason Zhu size_t pm_len; 369*69fdc596SJason Zhu uint64_t len_b; 37037a7bc39SJason Zhu #ifndef UNROLL_LOOPS 371*69fdc596SJason Zhu size_t i; 37237a7bc39SJason Zhu #endif 37337a7bc39SJason Zhu 37437a7bc39SJason Zhu block_nb = 37537a7bc39SJason Zhu (1 + ((AVB_SHA256_BLOCK_SIZE - 9) < (ctx->len % AVB_SHA256_BLOCK_SIZE))); 37637a7bc39SJason Zhu 37737a7bc39SJason Zhu len_b = (ctx->tot_len + ctx->len) << 3; 37837a7bc39SJason Zhu pm_len = block_nb << 6; 37937a7bc39SJason Zhu 38037a7bc39SJason Zhu avb_memset(ctx->block + ctx->len, 0, pm_len - ctx->len); 38137a7bc39SJason Zhu ctx->block[ctx->len] = 0x80; 382*69fdc596SJason Zhu UNPACK64(len_b, ctx->block + pm_len - 8); 38337a7bc39SJason Zhu 38437a7bc39SJason Zhu SHA256_transform(ctx, ctx->block, block_nb); 38537a7bc39SJason Zhu 38637a7bc39SJason Zhu #ifndef UNROLL_LOOPS 38737a7bc39SJason Zhu for (i = 0; i < 8; i++) { 38837a7bc39SJason Zhu UNPACK32(ctx->h[i], &ctx->buf[i << 2]); 38937a7bc39SJason Zhu } 39037a7bc39SJason Zhu #else 39137a7bc39SJason Zhu UNPACK32(ctx->h[0], &ctx->buf[0]); 39237a7bc39SJason Zhu UNPACK32(ctx->h[1], &ctx->buf[4]); 39337a7bc39SJason Zhu UNPACK32(ctx->h[2], &ctx->buf[8]); 39437a7bc39SJason Zhu UNPACK32(ctx->h[3], &ctx->buf[12]); 39537a7bc39SJason Zhu UNPACK32(ctx->h[4], &ctx->buf[16]); 39637a7bc39SJason Zhu UNPACK32(ctx->h[5], &ctx->buf[20]); 39737a7bc39SJason Zhu UNPACK32(ctx->h[6], &ctx->buf[24]); 39837a7bc39SJason Zhu UNPACK32(ctx->h[7], &ctx->buf[28]); 39937a7bc39SJason Zhu #endif /* !UNROLL_LOOPS */ 40037a7bc39SJason Zhu 40137a7bc39SJason Zhu return ctx->buf; 40237a7bc39SJason Zhu } 403