1*78acc472SPeter Tyser /* 2*78acc472SPeter Tyser * FIPS-180-2 compliant SHA-256 implementation 3*78acc472SPeter Tyser * 4*78acc472SPeter Tyser * Copyright (C) 2001-2003 Christophe Devine 5*78acc472SPeter Tyser * 6*78acc472SPeter Tyser * This program is free software; you can redistribute it and/or modify 7*78acc472SPeter Tyser * it under the terms of the GNU General Public License as published by 8*78acc472SPeter Tyser * the Free Software Foundation; either version 2 of the License, or 9*78acc472SPeter Tyser * (at your option) any later version. 10*78acc472SPeter Tyser * 11*78acc472SPeter Tyser * This program is distributed in the hope that it will be useful, 12*78acc472SPeter Tyser * but WITHOUT ANY WARRANTY; without even the implied warranty of 13*78acc472SPeter Tyser * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14*78acc472SPeter Tyser * GNU General Public License for more details. 15*78acc472SPeter Tyser * 16*78acc472SPeter Tyser * You should have received a copy of the GNU General Public License 17*78acc472SPeter Tyser * along with this program; if not, write to the Free Software 18*78acc472SPeter Tyser * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19*78acc472SPeter Tyser */ 20*78acc472SPeter Tyser 21*78acc472SPeter Tyser #ifndef USE_HOSTCC 22*78acc472SPeter Tyser #include <common.h> 23*78acc472SPeter Tyser #endif /* USE_HOSTCC */ 24*78acc472SPeter Tyser #include <watchdog.h> 25*78acc472SPeter Tyser #include <linux/string.h> 26*78acc472SPeter Tyser #include <sha256.h> 27*78acc472SPeter Tyser 28*78acc472SPeter Tyser /* 29*78acc472SPeter Tyser * 32-bit integer manipulation macros (big endian) 30*78acc472SPeter Tyser */ 31*78acc472SPeter Tyser #ifndef GET_UINT32_BE 32*78acc472SPeter Tyser #define GET_UINT32_BE(n,b,i) { \ 33*78acc472SPeter Tyser (n) = ( (unsigned long) (b)[(i) ] << 24 ) \ 34*78acc472SPeter Tyser | ( (unsigned long) (b)[(i) + 1] << 16 ) \ 35*78acc472SPeter Tyser | ( (unsigned long) (b)[(i) + 2] << 8 ) \ 36*78acc472SPeter Tyser | ( (unsigned long) (b)[(i) + 3] ); \ 37*78acc472SPeter Tyser } 38*78acc472SPeter Tyser #endif 39*78acc472SPeter Tyser #ifndef PUT_UINT32_BE 40*78acc472SPeter Tyser #define PUT_UINT32_BE(n,b,i) { \ 41*78acc472SPeter Tyser (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 42*78acc472SPeter Tyser (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 43*78acc472SPeter Tyser (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 44*78acc472SPeter Tyser (b)[(i) + 3] = (unsigned char) ( (n) ); \ 45*78acc472SPeter Tyser } 46*78acc472SPeter Tyser #endif 47*78acc472SPeter Tyser 48*78acc472SPeter Tyser void sha256_starts(sha256_context * ctx) 49*78acc472SPeter Tyser { 50*78acc472SPeter Tyser ctx->total[0] = 0; 51*78acc472SPeter Tyser ctx->total[1] = 0; 52*78acc472SPeter Tyser 53*78acc472SPeter Tyser ctx->state[0] = 0x6A09E667; 54*78acc472SPeter Tyser ctx->state[1] = 0xBB67AE85; 55*78acc472SPeter Tyser ctx->state[2] = 0x3C6EF372; 56*78acc472SPeter Tyser ctx->state[3] = 0xA54FF53A; 57*78acc472SPeter Tyser ctx->state[4] = 0x510E527F; 58*78acc472SPeter Tyser ctx->state[5] = 0x9B05688C; 59*78acc472SPeter Tyser ctx->state[6] = 0x1F83D9AB; 60*78acc472SPeter Tyser ctx->state[7] = 0x5BE0CD19; 61*78acc472SPeter Tyser } 62*78acc472SPeter Tyser 63*78acc472SPeter Tyser void sha256_process(sha256_context * ctx, uint8_t data[64]) 64*78acc472SPeter Tyser { 65*78acc472SPeter Tyser uint32_t temp1, temp2; 66*78acc472SPeter Tyser uint32_t W[64]; 67*78acc472SPeter Tyser uint32_t A, B, C, D, E, F, G, H; 68*78acc472SPeter Tyser 69*78acc472SPeter Tyser GET_UINT32_BE(W[0], data, 0); 70*78acc472SPeter Tyser GET_UINT32_BE(W[1], data, 4); 71*78acc472SPeter Tyser GET_UINT32_BE(W[2], data, 8); 72*78acc472SPeter Tyser GET_UINT32_BE(W[3], data, 12); 73*78acc472SPeter Tyser GET_UINT32_BE(W[4], data, 16); 74*78acc472SPeter Tyser GET_UINT32_BE(W[5], data, 20); 75*78acc472SPeter Tyser GET_UINT32_BE(W[6], data, 24); 76*78acc472SPeter Tyser GET_UINT32_BE(W[7], data, 28); 77*78acc472SPeter Tyser GET_UINT32_BE(W[8], data, 32); 78*78acc472SPeter Tyser GET_UINT32_BE(W[9], data, 36); 79*78acc472SPeter Tyser GET_UINT32_BE(W[10], data, 40); 80*78acc472SPeter Tyser GET_UINT32_BE(W[11], data, 44); 81*78acc472SPeter Tyser GET_UINT32_BE(W[12], data, 48); 82*78acc472SPeter Tyser GET_UINT32_BE(W[13], data, 52); 83*78acc472SPeter Tyser GET_UINT32_BE(W[14], data, 56); 84*78acc472SPeter Tyser GET_UINT32_BE(W[15], data, 60); 85*78acc472SPeter Tyser 86*78acc472SPeter Tyser #define SHR(x,n) ((x & 0xFFFFFFFF) >> n) 87*78acc472SPeter Tyser #define ROTR(x,n) (SHR(x,n) | (x << (32 - n))) 88*78acc472SPeter Tyser 89*78acc472SPeter Tyser #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) 90*78acc472SPeter Tyser #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) 91*78acc472SPeter Tyser 92*78acc472SPeter Tyser #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) 93*78acc472SPeter Tyser #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) 94*78acc472SPeter Tyser 95*78acc472SPeter Tyser #define F0(x,y,z) ((x & y) | (z & (x | y))) 96*78acc472SPeter Tyser #define F1(x,y,z) (z ^ (x & (y ^ z))) 97*78acc472SPeter Tyser 98*78acc472SPeter Tyser #define R(t) \ 99*78acc472SPeter Tyser ( \ 100*78acc472SPeter Tyser W[t] = S1(W[t - 2]) + W[t - 7] + \ 101*78acc472SPeter Tyser S0(W[t - 15]) + W[t - 16] \ 102*78acc472SPeter Tyser ) 103*78acc472SPeter Tyser 104*78acc472SPeter Tyser #define P(a,b,c,d,e,f,g,h,x,K) { \ 105*78acc472SPeter Tyser temp1 = h + S3(e) + F1(e,f,g) + K + x; \ 106*78acc472SPeter Tyser temp2 = S2(a) + F0(a,b,c); \ 107*78acc472SPeter Tyser d += temp1; h = temp1 + temp2; \ 108*78acc472SPeter Tyser } 109*78acc472SPeter Tyser 110*78acc472SPeter Tyser A = ctx->state[0]; 111*78acc472SPeter Tyser B = ctx->state[1]; 112*78acc472SPeter Tyser C = ctx->state[2]; 113*78acc472SPeter Tyser D = ctx->state[3]; 114*78acc472SPeter Tyser E = ctx->state[4]; 115*78acc472SPeter Tyser F = ctx->state[5]; 116*78acc472SPeter Tyser G = ctx->state[6]; 117*78acc472SPeter Tyser H = ctx->state[7]; 118*78acc472SPeter Tyser 119*78acc472SPeter Tyser P(A, B, C, D, E, F, G, H, W[0], 0x428A2F98); 120*78acc472SPeter Tyser P(H, A, B, C, D, E, F, G, W[1], 0x71374491); 121*78acc472SPeter Tyser P(G, H, A, B, C, D, E, F, W[2], 0xB5C0FBCF); 122*78acc472SPeter Tyser P(F, G, H, A, B, C, D, E, W[3], 0xE9B5DBA5); 123*78acc472SPeter Tyser P(E, F, G, H, A, B, C, D, W[4], 0x3956C25B); 124*78acc472SPeter Tyser P(D, E, F, G, H, A, B, C, W[5], 0x59F111F1); 125*78acc472SPeter Tyser P(C, D, E, F, G, H, A, B, W[6], 0x923F82A4); 126*78acc472SPeter Tyser P(B, C, D, E, F, G, H, A, W[7], 0xAB1C5ED5); 127*78acc472SPeter Tyser P(A, B, C, D, E, F, G, H, W[8], 0xD807AA98); 128*78acc472SPeter Tyser P(H, A, B, C, D, E, F, G, W[9], 0x12835B01); 129*78acc472SPeter Tyser P(G, H, A, B, C, D, E, F, W[10], 0x243185BE); 130*78acc472SPeter Tyser P(F, G, H, A, B, C, D, E, W[11], 0x550C7DC3); 131*78acc472SPeter Tyser P(E, F, G, H, A, B, C, D, W[12], 0x72BE5D74); 132*78acc472SPeter Tyser P(D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE); 133*78acc472SPeter Tyser P(C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7); 134*78acc472SPeter Tyser P(B, C, D, E, F, G, H, A, W[15], 0xC19BF174); 135*78acc472SPeter Tyser P(A, B, C, D, E, F, G, H, R(16), 0xE49B69C1); 136*78acc472SPeter Tyser P(H, A, B, C, D, E, F, G, R(17), 0xEFBE4786); 137*78acc472SPeter Tyser P(G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6); 138*78acc472SPeter Tyser P(F, G, H, A, B, C, D, E, R(19), 0x240CA1CC); 139*78acc472SPeter Tyser P(E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F); 140*78acc472SPeter Tyser P(D, E, F, G, H, A, B, C, R(21), 0x4A7484AA); 141*78acc472SPeter Tyser P(C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC); 142*78acc472SPeter Tyser P(B, C, D, E, F, G, H, A, R(23), 0x76F988DA); 143*78acc472SPeter Tyser P(A, B, C, D, E, F, G, H, R(24), 0x983E5152); 144*78acc472SPeter Tyser P(H, A, B, C, D, E, F, G, R(25), 0xA831C66D); 145*78acc472SPeter Tyser P(G, H, A, B, C, D, E, F, R(26), 0xB00327C8); 146*78acc472SPeter Tyser P(F, G, H, A, B, C, D, E, R(27), 0xBF597FC7); 147*78acc472SPeter Tyser P(E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3); 148*78acc472SPeter Tyser P(D, E, F, G, H, A, B, C, R(29), 0xD5A79147); 149*78acc472SPeter Tyser P(C, D, E, F, G, H, A, B, R(30), 0x06CA6351); 150*78acc472SPeter Tyser P(B, C, D, E, F, G, H, A, R(31), 0x14292967); 151*78acc472SPeter Tyser P(A, B, C, D, E, F, G, H, R(32), 0x27B70A85); 152*78acc472SPeter Tyser P(H, A, B, C, D, E, F, G, R(33), 0x2E1B2138); 153*78acc472SPeter Tyser P(G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC); 154*78acc472SPeter Tyser P(F, G, H, A, B, C, D, E, R(35), 0x53380D13); 155*78acc472SPeter Tyser P(E, F, G, H, A, B, C, D, R(36), 0x650A7354); 156*78acc472SPeter Tyser P(D, E, F, G, H, A, B, C, R(37), 0x766A0ABB); 157*78acc472SPeter Tyser P(C, D, E, F, G, H, A, B, R(38), 0x81C2C92E); 158*78acc472SPeter Tyser P(B, C, D, E, F, G, H, A, R(39), 0x92722C85); 159*78acc472SPeter Tyser P(A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1); 160*78acc472SPeter Tyser P(H, A, B, C, D, E, F, G, R(41), 0xA81A664B); 161*78acc472SPeter Tyser P(G, H, A, B, C, D, E, F, R(42), 0xC24B8B70); 162*78acc472SPeter Tyser P(F, G, H, A, B, C, D, E, R(43), 0xC76C51A3); 163*78acc472SPeter Tyser P(E, F, G, H, A, B, C, D, R(44), 0xD192E819); 164*78acc472SPeter Tyser P(D, E, F, G, H, A, B, C, R(45), 0xD6990624); 165*78acc472SPeter Tyser P(C, D, E, F, G, H, A, B, R(46), 0xF40E3585); 166*78acc472SPeter Tyser P(B, C, D, E, F, G, H, A, R(47), 0x106AA070); 167*78acc472SPeter Tyser P(A, B, C, D, E, F, G, H, R(48), 0x19A4C116); 168*78acc472SPeter Tyser P(H, A, B, C, D, E, F, G, R(49), 0x1E376C08); 169*78acc472SPeter Tyser P(G, H, A, B, C, D, E, F, R(50), 0x2748774C); 170*78acc472SPeter Tyser P(F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5); 171*78acc472SPeter Tyser P(E, F, G, H, A, B, C, D, R(52), 0x391C0CB3); 172*78acc472SPeter Tyser P(D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A); 173*78acc472SPeter Tyser P(C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F); 174*78acc472SPeter Tyser P(B, C, D, E, F, G, H, A, R(55), 0x682E6FF3); 175*78acc472SPeter Tyser P(A, B, C, D, E, F, G, H, R(56), 0x748F82EE); 176*78acc472SPeter Tyser P(H, A, B, C, D, E, F, G, R(57), 0x78A5636F); 177*78acc472SPeter Tyser P(G, H, A, B, C, D, E, F, R(58), 0x84C87814); 178*78acc472SPeter Tyser P(F, G, H, A, B, C, D, E, R(59), 0x8CC70208); 179*78acc472SPeter Tyser P(E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA); 180*78acc472SPeter Tyser P(D, E, F, G, H, A, B, C, R(61), 0xA4506CEB); 181*78acc472SPeter Tyser P(C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7); 182*78acc472SPeter Tyser P(B, C, D, E, F, G, H, A, R(63), 0xC67178F2); 183*78acc472SPeter Tyser 184*78acc472SPeter Tyser ctx->state[0] += A; 185*78acc472SPeter Tyser ctx->state[1] += B; 186*78acc472SPeter Tyser ctx->state[2] += C; 187*78acc472SPeter Tyser ctx->state[3] += D; 188*78acc472SPeter Tyser ctx->state[4] += E; 189*78acc472SPeter Tyser ctx->state[5] += F; 190*78acc472SPeter Tyser ctx->state[6] += G; 191*78acc472SPeter Tyser ctx->state[7] += H; 192*78acc472SPeter Tyser } 193*78acc472SPeter Tyser 194*78acc472SPeter Tyser void sha256_update(sha256_context * ctx, uint8_t * input, uint32_t length) 195*78acc472SPeter Tyser { 196*78acc472SPeter Tyser uint32_t left, fill; 197*78acc472SPeter Tyser 198*78acc472SPeter Tyser if (!length) 199*78acc472SPeter Tyser return; 200*78acc472SPeter Tyser 201*78acc472SPeter Tyser left = ctx->total[0] & 0x3F; 202*78acc472SPeter Tyser fill = 64 - left; 203*78acc472SPeter Tyser 204*78acc472SPeter Tyser ctx->total[0] += length; 205*78acc472SPeter Tyser ctx->total[0] &= 0xFFFFFFFF; 206*78acc472SPeter Tyser 207*78acc472SPeter Tyser if (ctx->total[0] < length) 208*78acc472SPeter Tyser ctx->total[1]++; 209*78acc472SPeter Tyser 210*78acc472SPeter Tyser if (left && length >= fill) { 211*78acc472SPeter Tyser memcpy((void *) (ctx->buffer + left), (void *) input, fill); 212*78acc472SPeter Tyser sha256_process(ctx, ctx->buffer); 213*78acc472SPeter Tyser length -= fill; 214*78acc472SPeter Tyser input += fill; 215*78acc472SPeter Tyser left = 0; 216*78acc472SPeter Tyser } 217*78acc472SPeter Tyser 218*78acc472SPeter Tyser while (length >= 64) { 219*78acc472SPeter Tyser sha256_process(ctx, input); 220*78acc472SPeter Tyser length -= 64; 221*78acc472SPeter Tyser input += 64; 222*78acc472SPeter Tyser } 223*78acc472SPeter Tyser 224*78acc472SPeter Tyser if (length) 225*78acc472SPeter Tyser memcpy((void *) (ctx->buffer + left), (void *) input, length); 226*78acc472SPeter Tyser } 227*78acc472SPeter Tyser 228*78acc472SPeter Tyser static uint8_t sha256_padding[64] = { 229*78acc472SPeter Tyser 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 230*78acc472SPeter Tyser 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 231*78acc472SPeter Tyser 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 232*78acc472SPeter Tyser 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 233*78acc472SPeter Tyser }; 234*78acc472SPeter Tyser 235*78acc472SPeter Tyser void sha256_finish(sha256_context * ctx, uint8_t digest[32]) 236*78acc472SPeter Tyser { 237*78acc472SPeter Tyser uint32_t last, padn; 238*78acc472SPeter Tyser uint32_t high, low; 239*78acc472SPeter Tyser uint8_t msglen[8]; 240*78acc472SPeter Tyser 241*78acc472SPeter Tyser high = ((ctx->total[0] >> 29) 242*78acc472SPeter Tyser | (ctx->total[1] << 3)); 243*78acc472SPeter Tyser low = (ctx->total[0] << 3); 244*78acc472SPeter Tyser 245*78acc472SPeter Tyser PUT_UINT32_BE(high, msglen, 0); 246*78acc472SPeter Tyser PUT_UINT32_BE(low, msglen, 4); 247*78acc472SPeter Tyser 248*78acc472SPeter Tyser last = ctx->total[0] & 0x3F; 249*78acc472SPeter Tyser padn = (last < 56) ? (56 - last) : (120 - last); 250*78acc472SPeter Tyser 251*78acc472SPeter Tyser sha256_update(ctx, sha256_padding, padn); 252*78acc472SPeter Tyser sha256_update(ctx, msglen, 8); 253*78acc472SPeter Tyser 254*78acc472SPeter Tyser PUT_UINT32_BE(ctx->state[0], digest, 0); 255*78acc472SPeter Tyser PUT_UINT32_BE(ctx->state[1], digest, 4); 256*78acc472SPeter Tyser PUT_UINT32_BE(ctx->state[2], digest, 8); 257*78acc472SPeter Tyser PUT_UINT32_BE(ctx->state[3], digest, 12); 258*78acc472SPeter Tyser PUT_UINT32_BE(ctx->state[4], digest, 16); 259*78acc472SPeter Tyser PUT_UINT32_BE(ctx->state[5], digest, 20); 260*78acc472SPeter Tyser PUT_UINT32_BE(ctx->state[6], digest, 24); 261*78acc472SPeter Tyser PUT_UINT32_BE(ctx->state[7], digest, 28); 262*78acc472SPeter Tyser } 263