^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * SHA-256, as specified in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) * http://csrc.nist.gov/groups/STM/cavp/documents/shs/sha256-384-512.pdf
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * SHA-256 code by Jean-Luc Cooke <jlcooke@certainkey.com>.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) * Copyright (c) Jean-Luc Cooke <jlcooke@certainkey.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) * Copyright (c) 2014 Red Hat Inc.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <linux/bitops.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <linux/export.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include <linux/string.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include <crypto/sha.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #include <asm/unaligned.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #include <trace/hooks/fips140.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) static inline u32 Ch(u32 x, u32 y, u32 z)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) return z ^ (x & (y ^ z));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) static inline u32 Maj(u32 x, u32 y, u32 z)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) return (x & y) | (z & (x | y));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) #define e0(x) (ror32(x, 2) ^ ror32(x, 13) ^ ror32(x, 22))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) #define e1(x) (ror32(x, 6) ^ ror32(x, 11) ^ ror32(x, 25))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) #define s0(x) (ror32(x, 7) ^ ror32(x, 18) ^ (x >> 3))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) #define s1(x) (ror32(x, 17) ^ ror32(x, 19) ^ (x >> 10))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) static inline void LOAD_OP(int I, u32 *W, const u8 *input)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) W[I] = get_unaligned_be32((__u32 *)input + I);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) static inline void BLEND_OP(int I, u32 *W)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) W[I] = s1(W[I-2]) + W[I-7] + s0(W[I-15]) + W[I-16];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) static void sha256_transform(u32 *state, const u8 *input)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) u32 a, b, c, d, e, f, g, h, t1, t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) u32 W[64];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) /* load the input */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) for (i = 0; i < 16; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) LOAD_OP(i, W, input);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) /* now blend */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) for (i = 16; i < 64; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) BLEND_OP(i, W);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) /* load the state into our registers */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) a = state[0]; b = state[1]; c = state[2]; d = state[3];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) e = state[4]; f = state[5]; g = state[6]; h = state[7];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) /* now iterate */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) t1 = h + e1(e) + Ch(e, f, g) + 0x428a2f98 + W[0];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) t2 = e0(a) + Maj(a, b, c); d += t1; h = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) t1 = g + e1(d) + Ch(d, e, f) + 0x71374491 + W[1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) t2 = e0(h) + Maj(h, a, b); c += t1; g = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) t1 = f + e1(c) + Ch(c, d, e) + 0xb5c0fbcf + W[2];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) t2 = e0(g) + Maj(g, h, a); b += t1; f = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) t1 = e + e1(b) + Ch(b, c, d) + 0xe9b5dba5 + W[3];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) t2 = e0(f) + Maj(f, g, h); a += t1; e = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) t1 = d + e1(a) + Ch(a, b, c) + 0x3956c25b + W[4];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) t2 = e0(e) + Maj(e, f, g); h += t1; d = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) t1 = c + e1(h) + Ch(h, a, b) + 0x59f111f1 + W[5];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) t2 = e0(d) + Maj(d, e, f); g += t1; c = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) t1 = b + e1(g) + Ch(g, h, a) + 0x923f82a4 + W[6];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) t2 = e0(c) + Maj(c, d, e); f += t1; b = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) t1 = a + e1(f) + Ch(f, g, h) + 0xab1c5ed5 + W[7];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) t2 = e0(b) + Maj(b, c, d); e += t1; a = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) t1 = h + e1(e) + Ch(e, f, g) + 0xd807aa98 + W[8];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) t2 = e0(a) + Maj(a, b, c); d += t1; h = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) t1 = g + e1(d) + Ch(d, e, f) + 0x12835b01 + W[9];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) t2 = e0(h) + Maj(h, a, b); c += t1; g = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) t1 = f + e1(c) + Ch(c, d, e) + 0x243185be + W[10];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) t2 = e0(g) + Maj(g, h, a); b += t1; f = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) t1 = e + e1(b) + Ch(b, c, d) + 0x550c7dc3 + W[11];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) t2 = e0(f) + Maj(f, g, h); a += t1; e = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) t1 = d + e1(a) + Ch(a, b, c) + 0x72be5d74 + W[12];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) t2 = e0(e) + Maj(e, f, g); h += t1; d = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) t1 = c + e1(h) + Ch(h, a, b) + 0x80deb1fe + W[13];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) t2 = e0(d) + Maj(d, e, f); g += t1; c = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) t1 = b + e1(g) + Ch(g, h, a) + 0x9bdc06a7 + W[14];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) t2 = e0(c) + Maj(c, d, e); f += t1; b = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) t1 = a + e1(f) + Ch(f, g, h) + 0xc19bf174 + W[15];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) t2 = e0(b) + Maj(b, c, d); e += t1; a = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) t1 = h + e1(e) + Ch(e, f, g) + 0xe49b69c1 + W[16];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) t2 = e0(a) + Maj(a, b, c); d += t1; h = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) t1 = g + e1(d) + Ch(d, e, f) + 0xefbe4786 + W[17];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) t2 = e0(h) + Maj(h, a, b); c += t1; g = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) t1 = f + e1(c) + Ch(c, d, e) + 0x0fc19dc6 + W[18];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) t2 = e0(g) + Maj(g, h, a); b += t1; f = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) t1 = e + e1(b) + Ch(b, c, d) + 0x240ca1cc + W[19];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) t2 = e0(f) + Maj(f, g, h); a += t1; e = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) t1 = d + e1(a) + Ch(a, b, c) + 0x2de92c6f + W[20];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) t2 = e0(e) + Maj(e, f, g); h += t1; d = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) t1 = c + e1(h) + Ch(h, a, b) + 0x4a7484aa + W[21];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) t2 = e0(d) + Maj(d, e, f); g += t1; c = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) t1 = b + e1(g) + Ch(g, h, a) + 0x5cb0a9dc + W[22];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) t2 = e0(c) + Maj(c, d, e); f += t1; b = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) t1 = a + e1(f) + Ch(f, g, h) + 0x76f988da + W[23];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) t2 = e0(b) + Maj(b, c, d); e += t1; a = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) t1 = h + e1(e) + Ch(e, f, g) + 0x983e5152 + W[24];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) t2 = e0(a) + Maj(a, b, c); d += t1; h = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) t1 = g + e1(d) + Ch(d, e, f) + 0xa831c66d + W[25];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) t2 = e0(h) + Maj(h, a, b); c += t1; g = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) t1 = f + e1(c) + Ch(c, d, e) + 0xb00327c8 + W[26];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) t2 = e0(g) + Maj(g, h, a); b += t1; f = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) t1 = e + e1(b) + Ch(b, c, d) + 0xbf597fc7 + W[27];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) t2 = e0(f) + Maj(f, g, h); a += t1; e = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) t1 = d + e1(a) + Ch(a, b, c) + 0xc6e00bf3 + W[28];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) t2 = e0(e) + Maj(e, f, g); h += t1; d = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) t1 = c + e1(h) + Ch(h, a, b) + 0xd5a79147 + W[29];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) t2 = e0(d) + Maj(d, e, f); g += t1; c = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) t1 = b + e1(g) + Ch(g, h, a) + 0x06ca6351 + W[30];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) t2 = e0(c) + Maj(c, d, e); f += t1; b = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) t1 = a + e1(f) + Ch(f, g, h) + 0x14292967 + W[31];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) t2 = e0(b) + Maj(b, c, d); e += t1; a = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) t1 = h + e1(e) + Ch(e, f, g) + 0x27b70a85 + W[32];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) t2 = e0(a) + Maj(a, b, c); d += t1; h = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) t1 = g + e1(d) + Ch(d, e, f) + 0x2e1b2138 + W[33];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) t2 = e0(h) + Maj(h, a, b); c += t1; g = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) t1 = f + e1(c) + Ch(c, d, e) + 0x4d2c6dfc + W[34];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) t2 = e0(g) + Maj(g, h, a); b += t1; f = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) t1 = e + e1(b) + Ch(b, c, d) + 0x53380d13 + W[35];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) t2 = e0(f) + Maj(f, g, h); a += t1; e = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) t1 = d + e1(a) + Ch(a, b, c) + 0x650a7354 + W[36];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) t2 = e0(e) + Maj(e, f, g); h += t1; d = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) t1 = c + e1(h) + Ch(h, a, b) + 0x766a0abb + W[37];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) t2 = e0(d) + Maj(d, e, f); g += t1; c = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) t1 = b + e1(g) + Ch(g, h, a) + 0x81c2c92e + W[38];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) t2 = e0(c) + Maj(c, d, e); f += t1; b = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) t1 = a + e1(f) + Ch(f, g, h) + 0x92722c85 + W[39];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) t2 = e0(b) + Maj(b, c, d); e += t1; a = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) t1 = h + e1(e) + Ch(e, f, g) + 0xa2bfe8a1 + W[40];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) t2 = e0(a) + Maj(a, b, c); d += t1; h = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) t1 = g + e1(d) + Ch(d, e, f) + 0xa81a664b + W[41];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) t2 = e0(h) + Maj(h, a, b); c += t1; g = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) t1 = f + e1(c) + Ch(c, d, e) + 0xc24b8b70 + W[42];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) t2 = e0(g) + Maj(g, h, a); b += t1; f = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) t1 = e + e1(b) + Ch(b, c, d) + 0xc76c51a3 + W[43];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) t2 = e0(f) + Maj(f, g, h); a += t1; e = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) t1 = d + e1(a) + Ch(a, b, c) + 0xd192e819 + W[44];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) t2 = e0(e) + Maj(e, f, g); h += t1; d = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) t1 = c + e1(h) + Ch(h, a, b) + 0xd6990624 + W[45];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) t2 = e0(d) + Maj(d, e, f); g += t1; c = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) t1 = b + e1(g) + Ch(g, h, a) + 0xf40e3585 + W[46];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) t2 = e0(c) + Maj(c, d, e); f += t1; b = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) t1 = a + e1(f) + Ch(f, g, h) + 0x106aa070 + W[47];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) t2 = e0(b) + Maj(b, c, d); e += t1; a = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) t1 = h + e1(e) + Ch(e, f, g) + 0x19a4c116 + W[48];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) t2 = e0(a) + Maj(a, b, c); d += t1; h = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) t1 = g + e1(d) + Ch(d, e, f) + 0x1e376c08 + W[49];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) t2 = e0(h) + Maj(h, a, b); c += t1; g = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) t1 = f + e1(c) + Ch(c, d, e) + 0x2748774c + W[50];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) t2 = e0(g) + Maj(g, h, a); b += t1; f = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) t1 = e + e1(b) + Ch(b, c, d) + 0x34b0bcb5 + W[51];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) t2 = e0(f) + Maj(f, g, h); a += t1; e = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) t1 = d + e1(a) + Ch(a, b, c) + 0x391c0cb3 + W[52];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) t2 = e0(e) + Maj(e, f, g); h += t1; d = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) t1 = c + e1(h) + Ch(h, a, b) + 0x4ed8aa4a + W[53];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) t2 = e0(d) + Maj(d, e, f); g += t1; c = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) t1 = b + e1(g) + Ch(g, h, a) + 0x5b9cca4f + W[54];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) t2 = e0(c) + Maj(c, d, e); f += t1; b = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) t1 = a + e1(f) + Ch(f, g, h) + 0x682e6ff3 + W[55];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) t2 = e0(b) + Maj(b, c, d); e += t1; a = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) t1 = h + e1(e) + Ch(e, f, g) + 0x748f82ee + W[56];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) t2 = e0(a) + Maj(a, b, c); d += t1; h = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) t1 = g + e1(d) + Ch(d, e, f) + 0x78a5636f + W[57];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) t2 = e0(h) + Maj(h, a, b); c += t1; g = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) t1 = f + e1(c) + Ch(c, d, e) + 0x84c87814 + W[58];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) t2 = e0(g) + Maj(g, h, a); b += t1; f = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) t1 = e + e1(b) + Ch(b, c, d) + 0x8cc70208 + W[59];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) t2 = e0(f) + Maj(f, g, h); a += t1; e = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) t1 = d + e1(a) + Ch(a, b, c) + 0x90befffa + W[60];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) t2 = e0(e) + Maj(e, f, g); h += t1; d = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) t1 = c + e1(h) + Ch(h, a, b) + 0xa4506ceb + W[61];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) t2 = e0(d) + Maj(d, e, f); g += t1; c = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) t1 = b + e1(g) + Ch(g, h, a) + 0xbef9a3f7 + W[62];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) t2 = e0(c) + Maj(c, d, e); f += t1; b = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) t1 = a + e1(f) + Ch(f, g, h) + 0xc67178f2 + W[63];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) t2 = e0(b) + Maj(b, c, d); e += t1; a = t1 + t2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) state[0] += a; state[1] += b; state[2] += c; state[3] += d;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) state[4] += e; state[5] += f; state[6] += g; state[7] += h;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) /* clear any sensitive info... */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) a = b = c = d = e = f = g = h = t1 = t2 = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) memzero_explicit(W, 64 * sizeof(u32));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) void sha256_update(struct sha256_state *sctx, const u8 *data, unsigned int len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) unsigned int partial, done;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) const u8 *src;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) partial = sctx->count & 0x3f;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) sctx->count += len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) done = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) src = data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) if ((partial + len) > 63) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) if (partial) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) done = -partial;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) memcpy(sctx->buf + partial, data, done + 64);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) src = sctx->buf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) do {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) sha256_transform(sctx->state, src);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) done += 64;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) src = data + done;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) } while (done + 63 < len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) partial = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) memcpy(sctx->buf + partial, src, len - done);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) EXPORT_SYMBOL(sha256_update);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) void sha224_update(struct sha256_state *sctx, const u8 *data, unsigned int len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) sha256_update(sctx, data, len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) EXPORT_SYMBOL(sha224_update);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) static void __sha256_final(struct sha256_state *sctx, u8 *out, int digest_words)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) __be32 *dst = (__be32 *)out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) __be64 bits;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) unsigned int index, pad_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) static const u8 padding[64] = { 0x80, };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) /* Save number of bits */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) bits = cpu_to_be64(sctx->count << 3);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) /* Pad out to 56 mod 64. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) index = sctx->count & 0x3f;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) pad_len = (index < 56) ? (56 - index) : ((64+56) - index);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) sha256_update(sctx, padding, pad_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) /* Append length (before padding) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) sha256_update(sctx, (const u8 *)&bits, sizeof(bits));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) /* Store state in digest */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) for (i = 0; i < digest_words; i++)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) put_unaligned_be32(sctx->state[i], &dst[i]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) /* Zeroize sensitive information. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) memset(sctx, 0, sizeof(*sctx));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) void sha256_final(struct sha256_state *sctx, u8 *out)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) __sha256_final(sctx, out, 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) EXPORT_SYMBOL(sha256_final);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) void sha224_final(struct sha256_state *sctx, u8 *out)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) __sha256_final(sctx, out, 7);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) EXPORT_SYMBOL(sha224_final);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) void sha256(const u8 *data, unsigned int len, u8 *out)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) struct sha256_state sctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) #if defined(CONFIG_CRYPTO_FIPS140) && !defined(BUILD_FIPS140_KO)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) int hook_inuse = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) trace_android_vh_sha256(data, len, out, &hook_inuse);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) if (hook_inuse)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) sha256_init(&sctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) sha256_update(&sctx, data, len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) sha256_final(&sctx, out);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) EXPORT_SYMBOL(sha256);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) MODULE_LICENSE("GPL");
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags