Blame view
crypto/sha256_generic.c
11 KB
1da177e4c Linux-2.6.12-rc2 |
1 2 3 4 |
/* * Cryptographic API. * * SHA-256, as specified in |
8c882f641 crypto: Fix dead ... |
5 |
* http://csrc.nist.gov/groups/STM/cavp/documents/shs/sha256-384-512.pdf |
1da177e4c Linux-2.6.12-rc2 |
6 7 8 9 10 11 |
* * SHA-256 code by Jean-Luc Cooke <jlcooke@certainkey.com>. * * Copyright (c) Jean-Luc Cooke <jlcooke@certainkey.com> * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk> * Copyright (c) 2002 James Morris <jmorris@intercode.com.au> |
cd12fb906 [CRYPTO] sha256-g... |
12 |
* SHA224 Support Copyright 2007 Intel Corporation <jonathan.lynch@intel.com> |
1da177e4c Linux-2.6.12-rc2 |
13 14 15 16 17 18 19 |
* * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the Free * Software Foundation; either version 2 of the License, or (at your option) * any later version. * */ |
50e109b5b crypto: sha256 - ... |
20 |
#include <crypto/internal/hash.h> |
1da177e4c Linux-2.6.12-rc2 |
21 22 23 |
#include <linux/init.h> #include <linux/module.h> #include <linux/mm.h> |
06ace7a9b [CRYPTO] Use stan... |
24 |
#include <linux/types.h> |
5265eeb2b [CRYPTO] sha: Add... |
25 |
#include <crypto/sha.h> |
a2e5ba4fe crypto: sha256-ge... |
26 |
#include <crypto/sha256_base.h> |
1da177e4c Linux-2.6.12-rc2 |
27 |
#include <asm/byteorder.h> |
be34c4ef6 crypto: sha - Han... |
28 |
#include <asm/unaligned.h> |
1da177e4c Linux-2.6.12-rc2 |
29 |
|
0c4c78de0 crypto: hash - ad... |
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
const u8 sha224_zero_message_hash[SHA224_DIGEST_SIZE] = { 0xd1, 0x4a, 0x02, 0x8c, 0x2a, 0x3a, 0x2b, 0xc9, 0x47, 0x61, 0x02, 0xbb, 0x28, 0x82, 0x34, 0xc4, 0x15, 0xa2, 0xb0, 0x1f, 0x82, 0x8e, 0xa6, 0x2a, 0xc5, 0xb3, 0xe4, 0x2f }; EXPORT_SYMBOL_GPL(sha224_zero_message_hash); const u8 sha256_zero_message_hash[SHA256_DIGEST_SIZE] = { 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 }; EXPORT_SYMBOL_GPL(sha256_zero_message_hash); |
1da177e4c Linux-2.6.12-rc2 |
45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
static inline u32 Ch(u32 x, u32 y, u32 z) { return z ^ (x & (y ^ z)); } static inline u32 Maj(u32 x, u32 y, u32 z) { return (x & y) | (z & (x | y)); } #define e0(x) (ror32(x, 2) ^ ror32(x,13) ^ ror32(x,22)) #define e1(x) (ror32(x, 6) ^ ror32(x,11) ^ ror32(x,25)) #define s0(x) (ror32(x, 7) ^ ror32(x,18) ^ (x >> 3)) #define s1(x) (ror32(x,17) ^ ror32(x,19) ^ (x >> 10)) |
1da177e4c Linux-2.6.12-rc2 |
59 60 |
static inline void LOAD_OP(int I, u32 *W, const u8 *input) { |
be34c4ef6 crypto: sha - Han... |
61 |
W[I] = get_unaligned_be32((__u32 *)input + I); |
1da177e4c Linux-2.6.12-rc2 |
62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
} static inline void BLEND_OP(int I, u32 *W) { W[I] = s1(W[I-2]) + W[I-7] + s0(W[I-15]) + W[I-16]; } static void sha256_transform(u32 *state, const u8 *input) { u32 a, b, c, d, e, f, g, h, t1, t2; u32 W[64]; int i; /* load the input */ for (i = 0; i < 16; i++) LOAD_OP(i, W, input); /* now blend */ for (i = 16; i < 64; i++) BLEND_OP(i, W); |
50e109b5b crypto: sha256 - ... |
82 |
|
1da177e4c Linux-2.6.12-rc2 |
83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 |
/* load the state into our registers */ a=state[0]; b=state[1]; c=state[2]; d=state[3]; e=state[4]; f=state[5]; g=state[6]; h=state[7]; /* now iterate */ t1 = h + e1(e) + Ch(e,f,g) + 0x428a2f98 + W[ 0]; t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2; t1 = g + e1(d) + Ch(d,e,f) + 0x71374491 + W[ 1]; t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2; t1 = f + e1(c) + Ch(c,d,e) + 0xb5c0fbcf + W[ 2]; t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2; t1 = e + e1(b) + Ch(b,c,d) + 0xe9b5dba5 + W[ 3]; t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2; t1 = d + e1(a) + Ch(a,b,c) + 0x3956c25b + W[ 4]; t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2; t1 = c + e1(h) + Ch(h,a,b) + 0x59f111f1 + W[ 5]; t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2; t1 = b + e1(g) + Ch(g,h,a) + 0x923f82a4 + W[ 6]; t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2; t1 = a + e1(f) + Ch(f,g,h) + 0xab1c5ed5 + W[ 7]; t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2; t1 = h + e1(e) + Ch(e,f,g) + 0xd807aa98 + W[ 8]; t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2; t1 = g + e1(d) + Ch(d,e,f) + 0x12835b01 + W[ 9]; t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2; t1 = f + e1(c) + Ch(c,d,e) + 0x243185be + W[10]; t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2; t1 = e + e1(b) + Ch(b,c,d) + 0x550c7dc3 + W[11]; t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2; t1 = d + e1(a) + Ch(a,b,c) + 0x72be5d74 + W[12]; t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2; t1 = c + e1(h) + Ch(h,a,b) + 0x80deb1fe + W[13]; t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2; t1 = b + e1(g) + Ch(g,h,a) + 0x9bdc06a7 + W[14]; t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2; t1 = a + e1(f) + Ch(f,g,h) + 0xc19bf174 + W[15]; t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2; t1 = h + e1(e) + Ch(e,f,g) + 0xe49b69c1 + W[16]; t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2; t1 = g + e1(d) + Ch(d,e,f) + 0xefbe4786 + W[17]; t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2; t1 = f + e1(c) + Ch(c,d,e) + 0x0fc19dc6 + W[18]; t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2; t1 = e + e1(b) + Ch(b,c,d) + 0x240ca1cc + W[19]; t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2; t1 = d + e1(a) + Ch(a,b,c) + 0x2de92c6f + W[20]; t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2; t1 = c + e1(h) + Ch(h,a,b) + 0x4a7484aa + W[21]; t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2; t1 = b + e1(g) + Ch(g,h,a) + 0x5cb0a9dc + W[22]; t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2; t1 = a + e1(f) + Ch(f,g,h) + 0x76f988da + W[23]; t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2; t1 = h + e1(e) + Ch(e,f,g) + 0x983e5152 + W[24]; t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2; t1 = g + e1(d) + Ch(d,e,f) + 0xa831c66d + W[25]; t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2; t1 = f + e1(c) + Ch(c,d,e) + 0xb00327c8 + W[26]; t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2; t1 = e + e1(b) + Ch(b,c,d) + 0xbf597fc7 + W[27]; t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2; t1 = d + e1(a) + Ch(a,b,c) + 0xc6e00bf3 + W[28]; t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2; t1 = c + e1(h) + Ch(h,a,b) + 0xd5a79147 + W[29]; t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2; t1 = b + e1(g) + Ch(g,h,a) + 0x06ca6351 + W[30]; t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2; t1 = a + e1(f) + Ch(f,g,h) + 0x14292967 + W[31]; t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2; t1 = h + e1(e) + Ch(e,f,g) + 0x27b70a85 + W[32]; t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2; t1 = g + e1(d) + Ch(d,e,f) + 0x2e1b2138 + W[33]; t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2; t1 = f + e1(c) + Ch(c,d,e) + 0x4d2c6dfc + W[34]; t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2; t1 = e + e1(b) + Ch(b,c,d) + 0x53380d13 + W[35]; t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2; t1 = d + e1(a) + Ch(a,b,c) + 0x650a7354 + W[36]; t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2; t1 = c + e1(h) + Ch(h,a,b) + 0x766a0abb + W[37]; t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2; t1 = b + e1(g) + Ch(g,h,a) + 0x81c2c92e + W[38]; t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2; t1 = a + e1(f) + Ch(f,g,h) + 0x92722c85 + W[39]; t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2; t1 = h + e1(e) + Ch(e,f,g) + 0xa2bfe8a1 + W[40]; t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2; t1 = g + e1(d) + Ch(d,e,f) + 0xa81a664b + W[41]; t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2; t1 = f + e1(c) + Ch(c,d,e) + 0xc24b8b70 + W[42]; t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2; t1 = e + e1(b) + Ch(b,c,d) + 0xc76c51a3 + W[43]; t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2; t1 = d + e1(a) + Ch(a,b,c) + 0xd192e819 + W[44]; t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2; t1 = c + e1(h) + Ch(h,a,b) + 0xd6990624 + W[45]; t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2; t1 = b + e1(g) + Ch(g,h,a) + 0xf40e3585 + W[46]; t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2; t1 = a + e1(f) + Ch(f,g,h) + 0x106aa070 + W[47]; t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2; t1 = h + e1(e) + Ch(e,f,g) + 0x19a4c116 + W[48]; t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2; t1 = g + e1(d) + Ch(d,e,f) + 0x1e376c08 + W[49]; t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2; t1 = f + e1(c) + Ch(c,d,e) + 0x2748774c + W[50]; t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2; t1 = e + e1(b) + Ch(b,c,d) + 0x34b0bcb5 + W[51]; t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2; t1 = d + e1(a) + Ch(a,b,c) + 0x391c0cb3 + W[52]; t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2; t1 = c + e1(h) + Ch(h,a,b) + 0x4ed8aa4a + W[53]; t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2; t1 = b + e1(g) + Ch(g,h,a) + 0x5b9cca4f + W[54]; t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2; t1 = a + e1(f) + Ch(f,g,h) + 0x682e6ff3 + W[55]; t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2; t1 = h + e1(e) + Ch(e,f,g) + 0x748f82ee + W[56]; t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2; t1 = g + e1(d) + Ch(d,e,f) + 0x78a5636f + W[57]; t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2; t1 = f + e1(c) + Ch(c,d,e) + 0x84c87814 + W[58]; t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2; t1 = e + e1(b) + Ch(b,c,d) + 0x8cc70208 + W[59]; t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2; t1 = d + e1(a) + Ch(a,b,c) + 0x90befffa + W[60]; t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2; t1 = c + e1(h) + Ch(h,a,b) + 0xa4506ceb + W[61]; t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2; t1 = b + e1(g) + Ch(g,h,a) + 0xbef9a3f7 + W[62]; t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2; t1 = a + e1(f) + Ch(f,g,h) + 0xc67178f2 + W[63]; t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2; state[0] += a; state[1] += b; state[2] += c; state[3] += d; state[4] += e; state[5] += f; state[6] += g; state[7] += h; /* clear any sensitive info... */ a = b = c = d = e = f = g = h = t1 = t2 = 0; |
7185ad267 crypto: memzero_e... |
229 |
memzero_explicit(W, 64 * sizeof(u32)); |
1da177e4c Linux-2.6.12-rc2 |
230 |
} |
a2e5ba4fe crypto: sha256-ge... |
231 232 |
static void sha256_generic_block_fn(struct sha256_state *sst, u8 const *src, int blocks) |
cd12fb906 [CRYPTO] sha256-g... |
233 |
{ |
a2e5ba4fe crypto: sha256-ge... |
234 235 236 237 |
while (blocks--) { sha256_transform(sst->state, src); src += SHA256_BLOCK_SIZE; } |
1da177e4c Linux-2.6.12-rc2 |
238 |
} |
35d2c9d0c crypto: sha256 - ... |
239 |
int crypto_sha256_update(struct shash_desc *desc, const u8 *data, |
6c2bb98bc [CRYPTO] all: Pas... |
240 |
unsigned int len) |
1da177e4c Linux-2.6.12-rc2 |
241 |
{ |
a2e5ba4fe crypto: sha256-ge... |
242 |
return sha256_base_do_update(desc, data, len, sha256_generic_block_fn); |
1da177e4c Linux-2.6.12-rc2 |
243 |
} |
35d2c9d0c crypto: sha256 - ... |
244 |
EXPORT_SYMBOL(crypto_sha256_update); |
1da177e4c Linux-2.6.12-rc2 |
245 |
|
50e109b5b crypto: sha256 - ... |
246 |
static int sha256_final(struct shash_desc *desc, u8 *out) |
1da177e4c Linux-2.6.12-rc2 |
247 |
{ |
a2e5ba4fe crypto: sha256-ge... |
248 249 |
sha256_base_do_finalize(desc, sha256_generic_block_fn); return sha256_base_finish(desc, out); |
1da177e4c Linux-2.6.12-rc2 |
250 |
} |
a2e5ba4fe crypto: sha256-ge... |
251 252 |
int crypto_sha256_finup(struct shash_desc *desc, const u8 *data, unsigned int len, u8 *hash) |
cd12fb906 [CRYPTO] sha256-g... |
253 |
{ |
a2e5ba4fe crypto: sha256-ge... |
254 255 |
sha256_base_do_update(desc, data, len, sha256_generic_block_fn); return sha256_final(desc, hash); |
9b2fda7b9 crypto: sha256_ge... |
256 |
} |
a2e5ba4fe crypto: sha256-ge... |
257 |
EXPORT_SYMBOL(crypto_sha256_finup); |
9b2fda7b9 crypto: sha256_ge... |
258 |
|
6aeb49bc5 crypto: sha256 - ... |
259 |
static struct shash_alg sha256_algs[2] = { { |
50e109b5b crypto: sha256 - ... |
260 |
.digestsize = SHA256_DIGEST_SIZE, |
a2e5ba4fe crypto: sha256-ge... |
261 |
.init = sha256_base_init, |
35d2c9d0c crypto: sha256 - ... |
262 |
.update = crypto_sha256_update, |
50e109b5b crypto: sha256 - ... |
263 |
.final = sha256_final, |
a2e5ba4fe crypto: sha256-ge... |
264 |
.finup = crypto_sha256_finup, |
9b2fda7b9 crypto: sha256_ge... |
265 |
.descsize = sizeof(struct sha256_state), |
50e109b5b crypto: sha256 - ... |
266 267 268 269 270 271 272 |
.base = { .cra_name = "sha256", .cra_driver_name= "sha256-generic", .cra_flags = CRYPTO_ALG_TYPE_SHASH, .cra_blocksize = SHA256_BLOCK_SIZE, .cra_module = THIS_MODULE, } |
6aeb49bc5 crypto: sha256 - ... |
273 |
}, { |
50e109b5b crypto: sha256 - ... |
274 |
.digestsize = SHA224_DIGEST_SIZE, |
a2e5ba4fe crypto: sha256-ge... |
275 |
.init = sha224_base_init, |
35d2c9d0c crypto: sha256 - ... |
276 |
.update = crypto_sha256_update, |
a2e5ba4fe crypto: sha256-ge... |
277 278 |
.final = sha256_final, .finup = crypto_sha256_finup, |
9b2fda7b9 crypto: sha256_ge... |
279 |
.descsize = sizeof(struct sha256_state), |
50e109b5b crypto: sha256 - ... |
280 281 282 283 284 285 286 |
.base = { .cra_name = "sha224", .cra_driver_name= "sha224-generic", .cra_flags = CRYPTO_ALG_TYPE_SHASH, .cra_blocksize = SHA224_BLOCK_SIZE, .cra_module = THIS_MODULE, } |
6aeb49bc5 crypto: sha256 - ... |
287 |
} }; |
1da177e4c Linux-2.6.12-rc2 |
288 |
|
3af5b90bd [CRYPTO] all: Cle... |
289 |
static int __init sha256_generic_mod_init(void) |
1da177e4c Linux-2.6.12-rc2 |
290 |
{ |
6aeb49bc5 crypto: sha256 - ... |
291 |
return crypto_register_shashes(sha256_algs, ARRAY_SIZE(sha256_algs)); |
1da177e4c Linux-2.6.12-rc2 |
292 |
} |
3af5b90bd [CRYPTO] all: Cle... |
293 |
static void __exit sha256_generic_mod_fini(void) |
1da177e4c Linux-2.6.12-rc2 |
294 |
{ |
6aeb49bc5 crypto: sha256 - ... |
295 |
crypto_unregister_shashes(sha256_algs, ARRAY_SIZE(sha256_algs)); |
1da177e4c Linux-2.6.12-rc2 |
296 |
} |
3af5b90bd [CRYPTO] all: Cle... |
297 298 |
module_init(sha256_generic_mod_init); module_exit(sha256_generic_mod_fini); |
1da177e4c Linux-2.6.12-rc2 |
299 300 |
MODULE_LICENSE("GPL"); |
cd12fb906 [CRYPTO] sha256-g... |
301 |
MODULE_DESCRIPTION("SHA-224 and SHA-256 Secure Hash Algorithm"); |
b3be9a6d9 [CRYPTO] sha: Add... |
302 |
|
5d26a105b crypto: prefix mo... |
303 |
MODULE_ALIAS_CRYPTO("sha224"); |
3e14dcf7c crypto: add missi... |
304 |
MODULE_ALIAS_CRYPTO("sha224-generic"); |
5d26a105b crypto: prefix mo... |
305 |
MODULE_ALIAS_CRYPTO("sha256"); |
3e14dcf7c crypto: add missi... |
306 |
MODULE_ALIAS_CRYPTO("sha256-generic"); |