1 // SPDX-License-Identifier: BSD-3-Clause
6  * FIPS 180-2 SHA-224/256/384/512 implementation
14 #define ROTR(x, n) ((x >> n) | (x << ((sizeof(x) << 3) - n)))
15 #define ROTL(x, n) ((x << n) | (x >> ((sizeof(x) << 3) - n)))
56   { w[i] = SHA512_F4(w[i - 2]) + w[i - 7] + SHA512_F3(w[i - 15]) + w[i - 16]; }
58 #define SHA512_EXP(a, b, c, d, e, f, g, h, j)                               \  argument
60     t1 = wv[h] + SHA512_F2(wv[e]) + CH(wv[e], wv[f], wv[g]) + sha512_k[j] + \
61          w[j];                                                              \
105 /* SHA-512 implementation */
109   ctx->h[0] = sha512_h0[0];  in avb_sha512_init()
110   ctx->h[1] = sha512_h0[1];  in avb_sha512_init()
111   ctx->h[2] = sha512_h0[2];  in avb_sha512_init()
112   ctx->h[3] = sha512_h0[3];  in avb_sha512_init()
113   ctx->h[4] = sha512_h0[4];  in avb_sha512_init()
114   ctx->h[5] = sha512_h0[5];  in avb_sha512_init()
115   ctx->h[6] = sha512_h0[6];  in avb_sha512_init()
116   ctx->h[7] = sha512_h0[7];  in avb_sha512_init()
121     ctx->h[i] = sha512_h0[i];  in avb_sha512_init()
124   ctx->len = 0;  in avb_sha512_init()
125   ctx->tot_len = 0;  in avb_sha512_init()
135   int i, j;  in SHA512_transform()  local
223     wv[0] = ctx->h[0];  in SHA512_transform()
224     wv[1] = ctx->h[1];  in SHA512_transform()
225     wv[2] = ctx->h[2];  in SHA512_transform()
226     wv[3] = ctx->h[3];  in SHA512_transform()
227     wv[4] = ctx->h[4];  in SHA512_transform()
228     wv[5] = ctx->h[5];  in SHA512_transform()
229     wv[6] = ctx->h[6];  in SHA512_transform()
230     wv[7] = ctx->h[7];  in SHA512_transform()
232     j = 0;  in SHA512_transform()
235       SHA512_EXP(0, 1, 2, 3, 4, 5, 6, 7, j);  in SHA512_transform()
236       j++;  in SHA512_transform()
237       SHA512_EXP(7, 0, 1, 2, 3, 4, 5, 6, j);  in SHA512_transform()
238       j++;  in SHA512_transform()
239       SHA512_EXP(6, 7, 0, 1, 2, 3, 4, 5, j);  in SHA512_transform()
240       j++;  in SHA512_transform()
241       SHA512_EXP(5, 6, 7, 0, 1, 2, 3, 4, j);  in SHA512_transform()
242       j++;  in SHA512_transform()
243       SHA512_EXP(4, 5, 6, 7, 0, 1, 2, 3, j);  in SHA512_transform()
244       j++;  in SHA512_transform()
245       SHA512_EXP(3, 4, 5, 6, 7, 0, 1, 2, j);  in SHA512_transform()
246       j++;  in SHA512_transform()
247       SHA512_EXP(2, 3, 4, 5, 6, 7, 0, 1, j);  in SHA512_transform()
248       j++;  in SHA512_transform()
249       SHA512_EXP(1, 2, 3, 4, 5, 6, 7, 0, j);  in SHA512_transform()
250       j++;  in SHA512_transform()
251     } while (j < 80);  in SHA512_transform()
253     ctx->h[0] += wv[0];  in SHA512_transform()
254     ctx->h[1] += wv[1];  in SHA512_transform()
255     ctx->h[2] += wv[2];  in SHA512_transform()
256     ctx->h[3] += wv[3];  in SHA512_transform()
257     ctx->h[4] += wv[4];  in SHA512_transform()
258     ctx->h[5] += wv[5];  in SHA512_transform()
259     ctx->h[6] += wv[6];  in SHA512_transform()
260     ctx->h[7] += wv[7];  in SHA512_transform()
262     for (j = 0; j < 16; j++) {  in SHA512_transform()
263       PACK64(&sub_block[j << 3], &w[j]);  in SHA512_transform()
266     for (j = 16; j < 80; j++) {  in SHA512_transform()
267       SHA512_SCR(j);  in SHA512_transform()
270     for (j = 0; j < 8; j++) {  in SHA512_transform()
271       wv[j] = ctx->h[j];  in SHA512_transform()
274     for (j = 0; j < 80; j++) {  in SHA512_transform()
275       t1 = wv[7] + SHA512_F2(wv[4]) + CH(wv[4], wv[5], wv[6]) + sha512_k[j] +  in SHA512_transform()
276            w[j];  in SHA512_transform()
288     for (j = 0; j < 8; j++)  in SHA512_transform()
289       ctx->h[j] += wv[j];  in SHA512_transform()
299   tmp_len = AVB_SHA512_BLOCK_SIZE - ctx->len;  in avb_sha512_update()
302   avb_memcpy(&ctx->block[ctx->len], data, rem_len);  in avb_sha512_update()
304   if (ctx->len + len < AVB_SHA512_BLOCK_SIZE) {  in avb_sha512_update()
305     ctx->len += len;  in avb_sha512_update()
309   new_len = len - rem_len;  in avb_sha512_update()
314   SHA512_transform(ctx, ctx->block, 1);  in avb_sha512_update()
319   avb_memcpy(ctx->block, &shifted_data[block_nb << 7], rem_len);  in avb_sha512_update()
321   ctx->len = rem_len;  in avb_sha512_update()
322   ctx->tot_len += (block_nb + 1) << 7;  in avb_sha512_update()
335       1 + ((AVB_SHA512_BLOCK_SIZE - 17) < (ctx->len % AVB_SHA512_BLOCK_SIZE));  in avb_sha512_final()
337   len_b = (ctx->tot_len + ctx->len) << 3;  in avb_sha512_final()
340   avb_memset(ctx->block + ctx->len, 0, pm_len - ctx->len);  in avb_sha512_final()
341   ctx->block[ctx->len] = 0x80;  in avb_sha512_final()
342   UNPACK32(len_b, ctx->block + pm_len - 4);  in avb_sha512_final()
344   SHA512_transform(ctx, ctx->block, block_nb);  in avb_sha512_final()
347   UNPACK64(ctx->h[0], &ctx->buf[0]);  in avb_sha512_final()
348   UNPACK64(ctx->h[1], &ctx->buf[8]);  in avb_sha512_final()
349   UNPACK64(ctx->h[2], &ctx->buf[16]);  in avb_sha512_final()
350   UNPACK64(ctx->h[3], &ctx->buf[24]);  in avb_sha512_final()
351   UNPACK64(ctx->h[4], &ctx->buf[32]);  in avb_sha512_final()
352   UNPACK64(ctx->h[5], &ctx->buf[40]);  in avb_sha512_final()
353   UNPACK64(ctx->h[6], &ctx->buf[48]);  in avb_sha512_final()
354   UNPACK64(ctx->h[7], &ctx->buf[56]);  in avb_sha512_final()
357     UNPACK64(ctx->h[i], &ctx->buf[i << 3]);  in avb_sha512_final()
360   return ctx->buf;  in avb_sha512_final()