1*ba610be9SJohn Baldwin /*
2*ba610be9SJohn Baldwin * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
3*ba610be9SJohn Baldwin *
4*ba610be9SJohn Baldwin * Licensed under the OpenSSL license (the "License"). You may not use
5*ba610be9SJohn Baldwin * this file except in compliance with the License. You can obtain a copy
6*ba610be9SJohn Baldwin * in the file LICENSE in the source distribution or at
7*ba610be9SJohn Baldwin * https://www.openssl.org/source/license.html
8*ba610be9SJohn Baldwin */
9*ba610be9SJohn Baldwin
10*ba610be9SJohn Baldwin #include <sys/cdefs.h>
11*ba610be9SJohn Baldwin #include <sys/libkern.h>
12*ba610be9SJohn Baldwin #include <sys/malloc.h>
13*ba610be9SJohn Baldwin
14*ba610be9SJohn Baldwin #include <opencrypto/cryptodev.h>
15*ba610be9SJohn Baldwin #include <opencrypto/xform_auth.h>
16*ba610be9SJohn Baldwin
17*ba610be9SJohn Baldwin #include <crypto/openssl/ossl.h>
18*ba610be9SJohn Baldwin #include <crypto/openssl/ossl_sha.h>
19*ba610be9SJohn Baldwin
20*ba610be9SJohn Baldwin /* sha256-x86_64.S */
21*ba610be9SJohn Baldwin void sha256_block_data_order(SHA256_CTX *c, const void *in, size_t num);
22*ba610be9SJohn Baldwin
23*ba610be9SJohn Baldwin /* From crypto/sha/sha256.c */
24*ba610be9SJohn Baldwin
25*ba610be9SJohn Baldwin static void
ossl_sha224_init(void * c_)26*ba610be9SJohn Baldwin ossl_sha224_init(void *c_)
27*ba610be9SJohn Baldwin {
28*ba610be9SJohn Baldwin SHA256_CTX *c = c_;
29*ba610be9SJohn Baldwin memset(c, 0, sizeof(*c));
30*ba610be9SJohn Baldwin c->h[0] = 0xc1059ed8UL;
31*ba610be9SJohn Baldwin c->h[1] = 0x367cd507UL;
32*ba610be9SJohn Baldwin c->h[2] = 0x3070dd17UL;
33*ba610be9SJohn Baldwin c->h[3] = 0xf70e5939UL;
34*ba610be9SJohn Baldwin c->h[4] = 0xffc00b31UL;
35*ba610be9SJohn Baldwin c->h[5] = 0x68581511UL;
36*ba610be9SJohn Baldwin c->h[6] = 0x64f98fa7UL;
37*ba610be9SJohn Baldwin c->h[7] = 0xbefa4fa4UL;
38*ba610be9SJohn Baldwin c->md_len = SHA224_DIGEST_LENGTH;
39*ba610be9SJohn Baldwin }
40*ba610be9SJohn Baldwin
41*ba610be9SJohn Baldwin static void
ossl_sha256_init(void * c_)42*ba610be9SJohn Baldwin ossl_sha256_init(void *c_)
43*ba610be9SJohn Baldwin {
44*ba610be9SJohn Baldwin SHA256_CTX *c = c_;
45*ba610be9SJohn Baldwin memset(c, 0, sizeof(*c));
46*ba610be9SJohn Baldwin c->h[0] = 0x6a09e667UL;
47*ba610be9SJohn Baldwin c->h[1] = 0xbb67ae85UL;
48*ba610be9SJohn Baldwin c->h[2] = 0x3c6ef372UL;
49*ba610be9SJohn Baldwin c->h[3] = 0xa54ff53aUL;
50*ba610be9SJohn Baldwin c->h[4] = 0x510e527fUL;
51*ba610be9SJohn Baldwin c->h[5] = 0x9b05688cUL;
52*ba610be9SJohn Baldwin c->h[6] = 0x1f83d9abUL;
53*ba610be9SJohn Baldwin c->h[7] = 0x5be0cd19UL;
54*ba610be9SJohn Baldwin c->md_len = SHA256_DIGEST_LENGTH;
55*ba610be9SJohn Baldwin }
56*ba610be9SJohn Baldwin
57*ba610be9SJohn Baldwin
58*ba610be9SJohn Baldwin #define DATA_ORDER_IS_BIG_ENDIAN
59*ba610be9SJohn Baldwin
60*ba610be9SJohn Baldwin #define HASH_LONG SHA_LONG
61*ba610be9SJohn Baldwin #define HASH_CTX SHA256_CTX
62*ba610be9SJohn Baldwin #define HASH_CBLOCK SHA_CBLOCK
63*ba610be9SJohn Baldwin
64*ba610be9SJohn Baldwin /*
65*ba610be9SJohn Baldwin * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
66*ba610be9SJohn Baldwin * default: case below covers for it. It's not clear however if it's
67*ba610be9SJohn Baldwin * permitted to truncate to amount of bytes not divisible by 4. I bet not,
68*ba610be9SJohn Baldwin * but if it is, then default: case shall be extended. For reference.
69*ba610be9SJohn Baldwin * Idea behind separate cases for pre-defined lengths is to let the
70*ba610be9SJohn Baldwin * compiler decide if it's appropriate to unroll small loops.
71*ba610be9SJohn Baldwin */
72*ba610be9SJohn Baldwin #define HASH_MAKE_STRING(c,s) do { \
73*ba610be9SJohn Baldwin unsigned long ll; \
74*ba610be9SJohn Baldwin unsigned int nn; \
75*ba610be9SJohn Baldwin switch ((c)->md_len) \
76*ba610be9SJohn Baldwin { case SHA224_DIGEST_LENGTH: \
77*ba610be9SJohn Baldwin for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++) \
78*ba610be9SJohn Baldwin { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \
79*ba610be9SJohn Baldwin break; \
80*ba610be9SJohn Baldwin case SHA256_DIGEST_LENGTH: \
81*ba610be9SJohn Baldwin for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++) \
82*ba610be9SJohn Baldwin { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \
83*ba610be9SJohn Baldwin break; \
84*ba610be9SJohn Baldwin default: \
85*ba610be9SJohn Baldwin __assert_unreachable(); \
86*ba610be9SJohn Baldwin break; \
87*ba610be9SJohn Baldwin } \
88*ba610be9SJohn Baldwin } while (0)
89*ba610be9SJohn Baldwin
90*ba610be9SJohn Baldwin #define HASH_UPDATE ossl_sha256_update
91*ba610be9SJohn Baldwin #define HASH_FINAL ossl_sha256_final
92*ba610be9SJohn Baldwin #define HASH_BLOCK_DATA_ORDER sha256_block_data_order
93*ba610be9SJohn Baldwin
94*ba610be9SJohn Baldwin #include "ossl_hash.h"
95*ba610be9SJohn Baldwin
96*ba610be9SJohn Baldwin struct auth_hash ossl_hash_sha224 = {
97*ba610be9SJohn Baldwin .type = CRYPTO_SHA2_224,
98*ba610be9SJohn Baldwin .name = "OpenSSL-SHA2-224",
99*ba610be9SJohn Baldwin .hashsize = SHA2_224_HASH_LEN,
100*ba610be9SJohn Baldwin .ctxsize = sizeof(SHA256_CTX),
101*ba610be9SJohn Baldwin .blocksize = SHA2_224_BLOCK_LEN,
102*ba610be9SJohn Baldwin .Init = ossl_sha224_init,
103*ba610be9SJohn Baldwin .Update = HASH_UPDATE,
104*ba610be9SJohn Baldwin .Final = HASH_FINAL,
105*ba610be9SJohn Baldwin };
106*ba610be9SJohn Baldwin
107*ba610be9SJohn Baldwin struct auth_hash ossl_hash_sha256 = {
108*ba610be9SJohn Baldwin .type = CRYPTO_SHA2_256,
109*ba610be9SJohn Baldwin .name = "OpenSSL-SHA2-256",
110*ba610be9SJohn Baldwin .hashsize = SHA2_256_HASH_LEN,
111*ba610be9SJohn Baldwin .ctxsize = sizeof(SHA256_CTX),
112*ba610be9SJohn Baldwin .blocksize = SHA2_256_BLOCK_LEN,
113*ba610be9SJohn Baldwin .Init = ossl_sha256_init,
114*ba610be9SJohn Baldwin .Update = HASH_UPDATE,
115*ba610be9SJohn Baldwin .Final = HASH_FINAL,
116*ba610be9SJohn Baldwin };
117*ba610be9SJohn Baldwin
118*ba610be9SJohn Baldwin _Static_assert(sizeof(SHA256_CTX) <= sizeof(struct ossl_hash_context),
119*ba610be9SJohn Baldwin "ossl_hash_context too small");
120