10Sstevel@tonic-gate /* 2*6281Sda73024 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 30Sstevel@tonic-gate * Use is subject to license terms. 40Sstevel@tonic-gate */ 50Sstevel@tonic-gate 60Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 70Sstevel@tonic-gate 80Sstevel@tonic-gate /* 90Sstevel@tonic-gate * The basic framework for this code came from the reference 100Sstevel@tonic-gate * implementation for MD5. That implementation is Copyright (C) 110Sstevel@tonic-gate * 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * License to copy and use this software is granted provided that it 140Sstevel@tonic-gate * is identified as the "RSA Data Security, Inc. MD5 Message-Digest 150Sstevel@tonic-gate * Algorithm" in all material mentioning or referencing this software 160Sstevel@tonic-gate * or this function. 170Sstevel@tonic-gate * 180Sstevel@tonic-gate * License is also granted to make and use derivative works provided 190Sstevel@tonic-gate * that such works are identified as "derived from the RSA Data 200Sstevel@tonic-gate * Security, Inc. MD5 Message-Digest Algorithm" in all material 210Sstevel@tonic-gate * mentioning or referencing the derived work. 220Sstevel@tonic-gate * 230Sstevel@tonic-gate * RSA Data Security, Inc. makes no representations concerning either 240Sstevel@tonic-gate * the merchantability of this software or the suitability of this 250Sstevel@tonic-gate * software for any particular purpose. It is provided "as is" 260Sstevel@tonic-gate * without express or implied warranty of any kind. 270Sstevel@tonic-gate * 280Sstevel@tonic-gate * These notices must be retained in any copies of any part of this 290Sstevel@tonic-gate * documentation and/or software. 300Sstevel@tonic-gate * 310Sstevel@tonic-gate * NOTE: Cleaned-up and optimized, version of SHA2, based on the FIPS 180-2 320Sstevel@tonic-gate * standard, available at http://www.itl.nist.gov/div897/pubs/fip180-2.htm 330Sstevel@tonic-gate * Not as fast as one would like -- further optimizations are encouraged 340Sstevel@tonic-gate * and appreciated. 350Sstevel@tonic-gate */ 360Sstevel@tonic-gate 370Sstevel@tonic-gate #include <sys/types.h> 380Sstevel@tonic-gate #include <sys/param.h> 390Sstevel@tonic-gate #include <sys/systm.h> 400Sstevel@tonic-gate #include <sys/sysmacros.h> 411694Sdarrenm #define _SHA2_IMPL 420Sstevel@tonic-gate #include <sys/sha2.h> 430Sstevel@tonic-gate #include <sys/sha2_consts.h> 440Sstevel@tonic-gate 45*6281Sda73024 #ifdef _KERNEL 46*6281Sda73024 #include <sys/cmn_err.h> 470Sstevel@tonic-gate 48*6281Sda73024 #else 490Sstevel@tonic-gate #include <strings.h> 500Sstevel@tonic-gate #include <stdlib.h> 510Sstevel@tonic-gate #include <errno.h> 520Sstevel@tonic-gate 531694Sdarrenm #pragma weak SHA256Update = SHA2Update 541694Sdarrenm #pragma weak SHA384Update = SHA2Update 551694Sdarrenm #pragma weak SHA512Update = SHA2Update 561694Sdarrenm 571694Sdarrenm #pragma weak SHA256Final = SHA2Final 581694Sdarrenm #pragma weak SHA384Final = SHA2Final 591694Sdarrenm #pragma weak SHA512Final = SHA2Final 601694Sdarrenm 61*6281Sda73024 #endif /* _KERNEL */ 621694Sdarrenm 630Sstevel@tonic-gate static void Encode(uint8_t *, uint32_t *, size_t); 640Sstevel@tonic-gate static void Encode64(uint8_t *, uint64_t *, size_t); 65*6281Sda73024 66*6281Sda73024 #if defined(__amd64) 67*6281Sda73024 #define SHA512Transform(ctx, in) SHA512TransformBlocks((ctx), (in), 1) 68*6281Sda73024 #define SHA256Transform(ctx, in) SHA256TransformBlocks((ctx), (in), 1) 69*6281Sda73024 70*6281Sda73024 void SHA512TransformBlocks(SHA2_CTX *ctx, const void *in, size_t num); 71*6281Sda73024 void SHA256TransformBlocks(SHA2_CTX *ctx, const void *in, size_t num); 72*6281Sda73024 73*6281Sda73024 #else 740Sstevel@tonic-gate static void SHA256Transform(SHA2_CTX *, const uint8_t *); 750Sstevel@tonic-gate static void SHA512Transform(SHA2_CTX *, const uint8_t *); 76*6281Sda73024 #endif /* __amd64 */ 770Sstevel@tonic-gate 780Sstevel@tonic-gate static uint8_t PADDING[128] = { 0x80, /* all zeros */ }; 790Sstevel@tonic-gate 800Sstevel@tonic-gate /* Ch and Maj are the basic SHA2 functions. */ 810Sstevel@tonic-gate #define Ch(b, c, d) (((b) & (c)) ^ ((~b) & (d))) 820Sstevel@tonic-gate #define Maj(b, c, d) (((b) & (c)) ^ ((b) & (d)) ^ ((c) & (d))) 830Sstevel@tonic-gate 840Sstevel@tonic-gate /* Rotates x right n bits. */ 850Sstevel@tonic-gate #define ROTR(x, n) \ 860Sstevel@tonic-gate (((x) >> (n)) | ((x) << ((sizeof (x) * NBBY)-(n)))) 870Sstevel@tonic-gate 880Sstevel@tonic-gate /* Shift x right n bits */ 890Sstevel@tonic-gate #define SHR(x, n) ((x) >> (n)) 900Sstevel@tonic-gate 910Sstevel@tonic-gate /* SHA256 Functions */ 920Sstevel@tonic-gate #define BIGSIGMA0_256(x) (ROTR((x), 2) ^ ROTR((x), 13) ^ ROTR((x), 22)) 930Sstevel@tonic-gate #define BIGSIGMA1_256(x) (ROTR((x), 6) ^ ROTR((x), 11) ^ ROTR((x), 25)) 940Sstevel@tonic-gate #define SIGMA0_256(x) (ROTR((x), 7) ^ ROTR((x), 18) ^ SHR((x), 3)) 950Sstevel@tonic-gate #define SIGMA1_256(x) (ROTR((x), 17) ^ ROTR((x), 19) ^ SHR((x), 10)) 960Sstevel@tonic-gate 970Sstevel@tonic-gate #define SHA256ROUND(a, b, c, d, e, f, g, h, i, w) \ 980Sstevel@tonic-gate T1 = h + BIGSIGMA1_256(e) + Ch(e, f, g) + SHA256_CONST(i) + w; \ 990Sstevel@tonic-gate d += T1; \ 1000Sstevel@tonic-gate T2 = BIGSIGMA0_256(a) + Maj(a, b, c); \ 1010Sstevel@tonic-gate h = T1 + T2 1020Sstevel@tonic-gate 1030Sstevel@tonic-gate /* SHA384/512 Functions */ 1040Sstevel@tonic-gate #define BIGSIGMA0(x) (ROTR((x), 28) ^ ROTR((x), 34) ^ ROTR((x), 39)) 1050Sstevel@tonic-gate #define BIGSIGMA1(x) (ROTR((x), 14) ^ ROTR((x), 18) ^ ROTR((x), 41)) 1060Sstevel@tonic-gate #define SIGMA0(x) (ROTR((x), 1) ^ ROTR((x), 8) ^ SHR((x), 7)) 1070Sstevel@tonic-gate #define SIGMA1(x) (ROTR((x), 19) ^ ROTR((x), 61) ^ SHR((x), 6)) 1080Sstevel@tonic-gate #define SHA512ROUND(a, b, c, d, e, f, g, h, i, w) \ 1090Sstevel@tonic-gate T1 = h + BIGSIGMA1(e) + Ch(e, f, g) + SHA512_CONST(i) + w; \ 1100Sstevel@tonic-gate d += T1; \ 1110Sstevel@tonic-gate T2 = BIGSIGMA0(a) + Maj(a, b, c); \ 1120Sstevel@tonic-gate h = T1 + T2 1130Sstevel@tonic-gate 1140Sstevel@tonic-gate /* 1150Sstevel@tonic-gate * sparc optimization: 1160Sstevel@tonic-gate * 1170Sstevel@tonic-gate * on the sparc, we can load big endian 32-bit data easily. note that 1180Sstevel@tonic-gate * special care must be taken to ensure the address is 32-bit aligned. 1190Sstevel@tonic-gate * in the interest of speed, we don't check to make sure, since 1200Sstevel@tonic-gate * careful programming can guarantee this for us. 1210Sstevel@tonic-gate */ 1220Sstevel@tonic-gate 1230Sstevel@tonic-gate #if defined(_BIG_ENDIAN) 1240Sstevel@tonic-gate 1250Sstevel@tonic-gate #define LOAD_BIG_32(addr) (*(uint32_t *)(addr)) 1260Sstevel@tonic-gate 1270Sstevel@tonic-gate #else /* little endian -- will work on big endian, but slowly */ 1280Sstevel@tonic-gate 1290Sstevel@tonic-gate #define LOAD_BIG_32(addr) \ 1300Sstevel@tonic-gate (((addr)[0] << 24) | ((addr)[1] << 16) | ((addr)[2] << 8) | (addr)[3]) 1310Sstevel@tonic-gate #endif 1320Sstevel@tonic-gate 1330Sstevel@tonic-gate 1340Sstevel@tonic-gate #if defined(_BIG_ENDIAN) 1350Sstevel@tonic-gate 1360Sstevel@tonic-gate #define LOAD_BIG_64(addr) (*(uint64_t *)(addr)) 1370Sstevel@tonic-gate 1380Sstevel@tonic-gate #else /* little endian -- will work on big endian, but slowly */ 1390Sstevel@tonic-gate 1400Sstevel@tonic-gate #define LOAD_BIG_64(addr) \ 1410Sstevel@tonic-gate (((uint64_t)(addr)[0] << 56) | ((uint64_t)(addr)[1] << 48) | \ 1420Sstevel@tonic-gate ((uint64_t)(addr)[2] << 40) | ((uint64_t)(addr)[3] << 32) | \ 1430Sstevel@tonic-gate ((uint64_t)(addr)[4] << 24) | ((uint64_t)(addr)[5] << 16) | \ 1440Sstevel@tonic-gate ((uint64_t)(addr)[6] << 8) | (uint64_t)(addr)[7]) 1450Sstevel@tonic-gate #endif 1460Sstevel@tonic-gate 1470Sstevel@tonic-gate 148*6281Sda73024 #if !defined(__amd64) 1490Sstevel@tonic-gate /* SHA256 Transform */ 1500Sstevel@tonic-gate 1510Sstevel@tonic-gate static void 1520Sstevel@tonic-gate SHA256Transform(SHA2_CTX *ctx, const uint8_t *blk) 1530Sstevel@tonic-gate { 1540Sstevel@tonic-gate uint32_t a = ctx->state.s32[0]; 1550Sstevel@tonic-gate uint32_t b = ctx->state.s32[1]; 1560Sstevel@tonic-gate uint32_t c = ctx->state.s32[2]; 1570Sstevel@tonic-gate uint32_t d = ctx->state.s32[3]; 1580Sstevel@tonic-gate uint32_t e = ctx->state.s32[4]; 1590Sstevel@tonic-gate uint32_t f = ctx->state.s32[5]; 1600Sstevel@tonic-gate uint32_t g = ctx->state.s32[6]; 1610Sstevel@tonic-gate uint32_t h = ctx->state.s32[7]; 1620Sstevel@tonic-gate 1630Sstevel@tonic-gate uint32_t w0, w1, w2, w3, w4, w5, w6, w7; 1640Sstevel@tonic-gate uint32_t w8, w9, w10, w11, w12, w13, w14, w15; 1650Sstevel@tonic-gate uint32_t T1, T2; 1660Sstevel@tonic-gate 1670Sstevel@tonic-gate #if defined(__sparc) 1680Sstevel@tonic-gate static const uint32_t sha256_consts[] = { 1690Sstevel@tonic-gate SHA256_CONST_0, SHA256_CONST_1, SHA256_CONST_2, 1700Sstevel@tonic-gate SHA256_CONST_3, SHA256_CONST_4, SHA256_CONST_5, 1710Sstevel@tonic-gate SHA256_CONST_6, SHA256_CONST_7, SHA256_CONST_8, 1720Sstevel@tonic-gate SHA256_CONST_9, SHA256_CONST_10, SHA256_CONST_11, 1730Sstevel@tonic-gate SHA256_CONST_12, SHA256_CONST_13, SHA256_CONST_14, 1740Sstevel@tonic-gate SHA256_CONST_15, SHA256_CONST_16, SHA256_CONST_17, 1750Sstevel@tonic-gate SHA256_CONST_18, SHA256_CONST_19, SHA256_CONST_20, 1760Sstevel@tonic-gate SHA256_CONST_21, SHA256_CONST_22, SHA256_CONST_23, 1770Sstevel@tonic-gate SHA256_CONST_24, SHA256_CONST_25, SHA256_CONST_26, 1780Sstevel@tonic-gate SHA256_CONST_27, SHA256_CONST_28, SHA256_CONST_29, 1790Sstevel@tonic-gate SHA256_CONST_30, SHA256_CONST_31, SHA256_CONST_32, 1800Sstevel@tonic-gate SHA256_CONST_33, SHA256_CONST_34, SHA256_CONST_35, 1810Sstevel@tonic-gate SHA256_CONST_36, SHA256_CONST_37, SHA256_CONST_38, 1820Sstevel@tonic-gate SHA256_CONST_39, SHA256_CONST_40, SHA256_CONST_41, 1830Sstevel@tonic-gate SHA256_CONST_42, SHA256_CONST_43, SHA256_CONST_44, 1840Sstevel@tonic-gate SHA256_CONST_45, SHA256_CONST_46, SHA256_CONST_47, 1850Sstevel@tonic-gate SHA256_CONST_48, SHA256_CONST_49, SHA256_CONST_50, 1860Sstevel@tonic-gate SHA256_CONST_51, SHA256_CONST_52, SHA256_CONST_53, 1870Sstevel@tonic-gate SHA256_CONST_54, SHA256_CONST_55, SHA256_CONST_56, 1880Sstevel@tonic-gate SHA256_CONST_57, SHA256_CONST_58, SHA256_CONST_59, 1890Sstevel@tonic-gate SHA256_CONST_60, SHA256_CONST_61, SHA256_CONST_62, 1900Sstevel@tonic-gate SHA256_CONST_63 1910Sstevel@tonic-gate }; 192*6281Sda73024 #endif /* __sparc */ 1930Sstevel@tonic-gate 1940Sstevel@tonic-gate if ((uintptr_t)blk & 0x3) { /* not 4-byte aligned? */ 1950Sstevel@tonic-gate bcopy(blk, ctx->buf_un.buf32, sizeof (ctx->buf_un.buf32)); 1960Sstevel@tonic-gate blk = (uint8_t *)ctx->buf_un.buf32; 1970Sstevel@tonic-gate } 1980Sstevel@tonic-gate 1991694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 200676Sizick w0 = LOAD_BIG_32(blk + 4 * 0); 201676Sizick SHA256ROUND(a, b, c, d, e, f, g, h, 0, w0); 2021694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 203676Sizick w1 = LOAD_BIG_32(blk + 4 * 1); 204676Sizick SHA256ROUND(h, a, b, c, d, e, f, g, 1, w1); 2051694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 206676Sizick w2 = LOAD_BIG_32(blk + 4 * 2); 207676Sizick SHA256ROUND(g, h, a, b, c, d, e, f, 2, w2); 2081694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 209676Sizick w3 = LOAD_BIG_32(blk + 4 * 3); 210676Sizick SHA256ROUND(f, g, h, a, b, c, d, e, 3, w3); 2111694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 212676Sizick w4 = LOAD_BIG_32(blk + 4 * 4); 213676Sizick SHA256ROUND(e, f, g, h, a, b, c, d, 4, w4); 2141694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 215676Sizick w5 = LOAD_BIG_32(blk + 4 * 5); 216676Sizick SHA256ROUND(d, e, f, g, h, a, b, c, 5, w5); 2171694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 218676Sizick w6 = LOAD_BIG_32(blk + 4 * 6); 219676Sizick SHA256ROUND(c, d, e, f, g, h, a, b, 6, w6); 2201694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 221676Sizick w7 = LOAD_BIG_32(blk + 4 * 7); 222676Sizick SHA256ROUND(b, c, d, e, f, g, h, a, 7, w7); 2231694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 224676Sizick w8 = LOAD_BIG_32(blk + 4 * 8); 225676Sizick SHA256ROUND(a, b, c, d, e, f, g, h, 8, w8); 2261694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 227676Sizick w9 = LOAD_BIG_32(blk + 4 * 9); 228676Sizick SHA256ROUND(h, a, b, c, d, e, f, g, 9, w9); 2291694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 230676Sizick w10 = LOAD_BIG_32(blk + 4 * 10); 231676Sizick SHA256ROUND(g, h, a, b, c, d, e, f, 10, w10); 2321694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 233676Sizick w11 = LOAD_BIG_32(blk + 4 * 11); 234676Sizick SHA256ROUND(f, g, h, a, b, c, d, e, 11, w11); 2351694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 236676Sizick w12 = LOAD_BIG_32(blk + 4 * 12); 237676Sizick SHA256ROUND(e, f, g, h, a, b, c, d, 12, w12); 2381694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 239676Sizick w13 = LOAD_BIG_32(blk + 4 * 13); 240676Sizick SHA256ROUND(d, e, f, g, h, a, b, c, 13, w13); 2411694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 242676Sizick w14 = LOAD_BIG_32(blk + 4 * 14); 243676Sizick SHA256ROUND(c, d, e, f, g, h, a, b, 14, w14); 2441694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 245676Sizick w15 = LOAD_BIG_32(blk + 4 * 15); 246676Sizick SHA256ROUND(b, c, d, e, f, g, h, a, 15, w15); 247676Sizick 2480Sstevel@tonic-gate w0 = SIGMA1_256(w14) + w9 + SIGMA0_256(w1) + w0; 2490Sstevel@tonic-gate SHA256ROUND(a, b, c, d, e, f, g, h, 16, w0); 2500Sstevel@tonic-gate w1 = SIGMA1_256(w15) + w10 + SIGMA0_256(w2) + w1; 2510Sstevel@tonic-gate SHA256ROUND(h, a, b, c, d, e, f, g, 17, w1); 2520Sstevel@tonic-gate w2 = SIGMA1_256(w0) + w11 + SIGMA0_256(w3) + w2; 2530Sstevel@tonic-gate SHA256ROUND(g, h, a, b, c, d, e, f, 18, w2); 2540Sstevel@tonic-gate w3 = SIGMA1_256(w1) + w12 + SIGMA0_256(w4) + w3; 2550Sstevel@tonic-gate SHA256ROUND(f, g, h, a, b, c, d, e, 19, w3); 2560Sstevel@tonic-gate w4 = SIGMA1_256(w2) + w13 + SIGMA0_256(w5) + w4; 2570Sstevel@tonic-gate SHA256ROUND(e, f, g, h, a, b, c, d, 20, w4); 2580Sstevel@tonic-gate w5 = SIGMA1_256(w3) + w14 + SIGMA0_256(w6) + w5; 2590Sstevel@tonic-gate SHA256ROUND(d, e, f, g, h, a, b, c, 21, w5); 2600Sstevel@tonic-gate w6 = SIGMA1_256(w4) + w15 + SIGMA0_256(w7) + w6; 2610Sstevel@tonic-gate SHA256ROUND(c, d, e, f, g, h, a, b, 22, w6); 2620Sstevel@tonic-gate w7 = SIGMA1_256(w5) + w0 + SIGMA0_256(w8) + w7; 2630Sstevel@tonic-gate SHA256ROUND(b, c, d, e, f, g, h, a, 23, w7); 2640Sstevel@tonic-gate w8 = SIGMA1_256(w6) + w1 + SIGMA0_256(w9) + w8; 2650Sstevel@tonic-gate SHA256ROUND(a, b, c, d, e, f, g, h, 24, w8); 2660Sstevel@tonic-gate w9 = SIGMA1_256(w7) + w2 + SIGMA0_256(w10) + w9; 2670Sstevel@tonic-gate SHA256ROUND(h, a, b, c, d, e, f, g, 25, w9); 2680Sstevel@tonic-gate w10 = SIGMA1_256(w8) + w3 + SIGMA0_256(w11) + w10; 2690Sstevel@tonic-gate SHA256ROUND(g, h, a, b, c, d, e, f, 26, w10); 2700Sstevel@tonic-gate w11 = SIGMA1_256(w9) + w4 + SIGMA0_256(w12) + w11; 2710Sstevel@tonic-gate SHA256ROUND(f, g, h, a, b, c, d, e, 27, w11); 2720Sstevel@tonic-gate w12 = SIGMA1_256(w10) + w5 + SIGMA0_256(w13) + w12; 2730Sstevel@tonic-gate SHA256ROUND(e, f, g, h, a, b, c, d, 28, w12); 2740Sstevel@tonic-gate w13 = SIGMA1_256(w11) + w6 + SIGMA0_256(w14) + w13; 2750Sstevel@tonic-gate SHA256ROUND(d, e, f, g, h, a, b, c, 29, w13); 2760Sstevel@tonic-gate w14 = SIGMA1_256(w12) + w7 + SIGMA0_256(w15) + w14; 2770Sstevel@tonic-gate SHA256ROUND(c, d, e, f, g, h, a, b, 30, w14); 2780Sstevel@tonic-gate w15 = SIGMA1_256(w13) + w8 + SIGMA0_256(w0) + w15; 2790Sstevel@tonic-gate SHA256ROUND(b, c, d, e, f, g, h, a, 31, w15); 2800Sstevel@tonic-gate 2810Sstevel@tonic-gate w0 = SIGMA1_256(w14) + w9 + SIGMA0_256(w1) + w0; 2820Sstevel@tonic-gate SHA256ROUND(a, b, c, d, e, f, g, h, 32, w0); 2830Sstevel@tonic-gate w1 = SIGMA1_256(w15) + w10 + SIGMA0_256(w2) + w1; 2840Sstevel@tonic-gate SHA256ROUND(h, a, b, c, d, e, f, g, 33, w1); 2850Sstevel@tonic-gate w2 = SIGMA1_256(w0) + w11 + SIGMA0_256(w3) + w2; 2860Sstevel@tonic-gate SHA256ROUND(g, h, a, b, c, d, e, f, 34, w2); 2870Sstevel@tonic-gate w3 = SIGMA1_256(w1) + w12 + SIGMA0_256(w4) + w3; 2880Sstevel@tonic-gate SHA256ROUND(f, g, h, a, b, c, d, e, 35, w3); 2890Sstevel@tonic-gate w4 = SIGMA1_256(w2) + w13 + SIGMA0_256(w5) + w4; 2900Sstevel@tonic-gate SHA256ROUND(e, f, g, h, a, b, c, d, 36, w4); 2910Sstevel@tonic-gate w5 = SIGMA1_256(w3) + w14 + SIGMA0_256(w6) + w5; 2920Sstevel@tonic-gate SHA256ROUND(d, e, f, g, h, a, b, c, 37, w5); 2930Sstevel@tonic-gate w6 = SIGMA1_256(w4) + w15 + SIGMA0_256(w7) + w6; 2940Sstevel@tonic-gate SHA256ROUND(c, d, e, f, g, h, a, b, 38, w6); 2950Sstevel@tonic-gate w7 = SIGMA1_256(w5) + w0 + SIGMA0_256(w8) + w7; 2960Sstevel@tonic-gate SHA256ROUND(b, c, d, e, f, g, h, a, 39, w7); 2970Sstevel@tonic-gate w8 = SIGMA1_256(w6) + w1 + SIGMA0_256(w9) + w8; 2980Sstevel@tonic-gate SHA256ROUND(a, b, c, d, e, f, g, h, 40, w8); 2990Sstevel@tonic-gate w9 = SIGMA1_256(w7) + w2 + SIGMA0_256(w10) + w9; 3000Sstevel@tonic-gate SHA256ROUND(h, a, b, c, d, e, f, g, 41, w9); 3010Sstevel@tonic-gate w10 = SIGMA1_256(w8) + w3 + SIGMA0_256(w11) + w10; 3020Sstevel@tonic-gate SHA256ROUND(g, h, a, b, c, d, e, f, 42, w10); 3030Sstevel@tonic-gate w11 = SIGMA1_256(w9) + w4 + SIGMA0_256(w12) + w11; 3040Sstevel@tonic-gate SHA256ROUND(f, g, h, a, b, c, d, e, 43, w11); 3050Sstevel@tonic-gate w12 = SIGMA1_256(w10) + w5 + SIGMA0_256(w13) + w12; 3060Sstevel@tonic-gate SHA256ROUND(e, f, g, h, a, b, c, d, 44, w12); 3070Sstevel@tonic-gate w13 = SIGMA1_256(w11) + w6 + SIGMA0_256(w14) + w13; 3080Sstevel@tonic-gate SHA256ROUND(d, e, f, g, h, a, b, c, 45, w13); 3090Sstevel@tonic-gate w14 = SIGMA1_256(w12) + w7 + SIGMA0_256(w15) + w14; 3100Sstevel@tonic-gate SHA256ROUND(c, d, e, f, g, h, a, b, 46, w14); 3110Sstevel@tonic-gate w15 = SIGMA1_256(w13) + w8 + SIGMA0_256(w0) + w15; 3120Sstevel@tonic-gate SHA256ROUND(b, c, d, e, f, g, h, a, 47, w15); 3130Sstevel@tonic-gate 3140Sstevel@tonic-gate w0 = SIGMA1_256(w14) + w9 + SIGMA0_256(w1) + w0; 3150Sstevel@tonic-gate SHA256ROUND(a, b, c, d, e, f, g, h, 48, w0); 3160Sstevel@tonic-gate w1 = SIGMA1_256(w15) + w10 + SIGMA0_256(w2) + w1; 3170Sstevel@tonic-gate SHA256ROUND(h, a, b, c, d, e, f, g, 49, w1); 3180Sstevel@tonic-gate w2 = SIGMA1_256(w0) + w11 + SIGMA0_256(w3) + w2; 3190Sstevel@tonic-gate SHA256ROUND(g, h, a, b, c, d, e, f, 50, w2); 3200Sstevel@tonic-gate w3 = SIGMA1_256(w1) + w12 + SIGMA0_256(w4) + w3; 3210Sstevel@tonic-gate SHA256ROUND(f, g, h, a, b, c, d, e, 51, w3); 3220Sstevel@tonic-gate w4 = SIGMA1_256(w2) + w13 + SIGMA0_256(w5) + w4; 3230Sstevel@tonic-gate SHA256ROUND(e, f, g, h, a, b, c, d, 52, w4); 3240Sstevel@tonic-gate w5 = SIGMA1_256(w3) + w14 + SIGMA0_256(w6) + w5; 3250Sstevel@tonic-gate SHA256ROUND(d, e, f, g, h, a, b, c, 53, w5); 3260Sstevel@tonic-gate w6 = SIGMA1_256(w4) + w15 + SIGMA0_256(w7) + w6; 3270Sstevel@tonic-gate SHA256ROUND(c, d, e, f, g, h, a, b, 54, w6); 3280Sstevel@tonic-gate w7 = SIGMA1_256(w5) + w0 + SIGMA0_256(w8) + w7; 3290Sstevel@tonic-gate SHA256ROUND(b, c, d, e, f, g, h, a, 55, w7); 3300Sstevel@tonic-gate w8 = SIGMA1_256(w6) + w1 + SIGMA0_256(w9) + w8; 3310Sstevel@tonic-gate SHA256ROUND(a, b, c, d, e, f, g, h, 56, w8); 3320Sstevel@tonic-gate w9 = SIGMA1_256(w7) + w2 + SIGMA0_256(w10) + w9; 3330Sstevel@tonic-gate SHA256ROUND(h, a, b, c, d, e, f, g, 57, w9); 3340Sstevel@tonic-gate w10 = SIGMA1_256(w8) + w3 + SIGMA0_256(w11) + w10; 3350Sstevel@tonic-gate SHA256ROUND(g, h, a, b, c, d, e, f, 58, w10); 3360Sstevel@tonic-gate w11 = SIGMA1_256(w9) + w4 + SIGMA0_256(w12) + w11; 3370Sstevel@tonic-gate SHA256ROUND(f, g, h, a, b, c, d, e, 59, w11); 3380Sstevel@tonic-gate w12 = SIGMA1_256(w10) + w5 + SIGMA0_256(w13) + w12; 3390Sstevel@tonic-gate SHA256ROUND(e, f, g, h, a, b, c, d, 60, w12); 3400Sstevel@tonic-gate w13 = SIGMA1_256(w11) + w6 + SIGMA0_256(w14) + w13; 3410Sstevel@tonic-gate SHA256ROUND(d, e, f, g, h, a, b, c, 61, w13); 3420Sstevel@tonic-gate w14 = SIGMA1_256(w12) + w7 + SIGMA0_256(w15) + w14; 3430Sstevel@tonic-gate SHA256ROUND(c, d, e, f, g, h, a, b, 62, w14); 3440Sstevel@tonic-gate w15 = SIGMA1_256(w13) + w8 + SIGMA0_256(w0) + w15; 3450Sstevel@tonic-gate SHA256ROUND(b, c, d, e, f, g, h, a, 63, w15); 3460Sstevel@tonic-gate 3470Sstevel@tonic-gate ctx->state.s32[0] += a; 3480Sstevel@tonic-gate ctx->state.s32[1] += b; 3490Sstevel@tonic-gate ctx->state.s32[2] += c; 3500Sstevel@tonic-gate ctx->state.s32[3] += d; 3510Sstevel@tonic-gate ctx->state.s32[4] += e; 3520Sstevel@tonic-gate ctx->state.s32[5] += f; 3530Sstevel@tonic-gate ctx->state.s32[6] += g; 3540Sstevel@tonic-gate ctx->state.s32[7] += h; 3550Sstevel@tonic-gate } 3560Sstevel@tonic-gate 3570Sstevel@tonic-gate 3580Sstevel@tonic-gate /* SHA384 and SHA512 Transform */ 3590Sstevel@tonic-gate 3600Sstevel@tonic-gate static void 3610Sstevel@tonic-gate SHA512Transform(SHA2_CTX *ctx, const uint8_t *blk) 3620Sstevel@tonic-gate { 3630Sstevel@tonic-gate 3640Sstevel@tonic-gate uint64_t a = ctx->state.s64[0]; 3650Sstevel@tonic-gate uint64_t b = ctx->state.s64[1]; 3660Sstevel@tonic-gate uint64_t c = ctx->state.s64[2]; 3670Sstevel@tonic-gate uint64_t d = ctx->state.s64[3]; 3680Sstevel@tonic-gate uint64_t e = ctx->state.s64[4]; 3690Sstevel@tonic-gate uint64_t f = ctx->state.s64[5]; 3700Sstevel@tonic-gate uint64_t g = ctx->state.s64[6]; 3710Sstevel@tonic-gate uint64_t h = ctx->state.s64[7]; 3720Sstevel@tonic-gate 3730Sstevel@tonic-gate uint64_t w0, w1, w2, w3, w4, w5, w6, w7; 3740Sstevel@tonic-gate uint64_t w8, w9, w10, w11, w12, w13, w14, w15; 3750Sstevel@tonic-gate uint64_t T1, T2; 3760Sstevel@tonic-gate 3770Sstevel@tonic-gate #if defined(__sparc) 3780Sstevel@tonic-gate static const uint64_t sha512_consts[] = { 3790Sstevel@tonic-gate SHA512_CONST_0, SHA512_CONST_1, SHA512_CONST_2, 3800Sstevel@tonic-gate SHA512_CONST_3, SHA512_CONST_4, SHA512_CONST_5, 3810Sstevel@tonic-gate SHA512_CONST_6, SHA512_CONST_7, SHA512_CONST_8, 3820Sstevel@tonic-gate SHA512_CONST_9, SHA512_CONST_10, SHA512_CONST_11, 3830Sstevel@tonic-gate SHA512_CONST_12, SHA512_CONST_13, SHA512_CONST_14, 3840Sstevel@tonic-gate SHA512_CONST_15, SHA512_CONST_16, SHA512_CONST_17, 3850Sstevel@tonic-gate SHA512_CONST_18, SHA512_CONST_19, SHA512_CONST_20, 3860Sstevel@tonic-gate SHA512_CONST_21, SHA512_CONST_22, SHA512_CONST_23, 3870Sstevel@tonic-gate SHA512_CONST_24, SHA512_CONST_25, SHA512_CONST_26, 3880Sstevel@tonic-gate SHA512_CONST_27, SHA512_CONST_28, SHA512_CONST_29, 3890Sstevel@tonic-gate SHA512_CONST_30, SHA512_CONST_31, SHA512_CONST_32, 3900Sstevel@tonic-gate SHA512_CONST_33, SHA512_CONST_34, SHA512_CONST_35, 3910Sstevel@tonic-gate SHA512_CONST_36, SHA512_CONST_37, SHA512_CONST_38, 3920Sstevel@tonic-gate SHA512_CONST_39, SHA512_CONST_40, SHA512_CONST_41, 3930Sstevel@tonic-gate SHA512_CONST_42, SHA512_CONST_43, SHA512_CONST_44, 3940Sstevel@tonic-gate SHA512_CONST_45, SHA512_CONST_46, SHA512_CONST_47, 3950Sstevel@tonic-gate SHA512_CONST_48, SHA512_CONST_49, SHA512_CONST_50, 3960Sstevel@tonic-gate SHA512_CONST_51, SHA512_CONST_52, SHA512_CONST_53, 3970Sstevel@tonic-gate SHA512_CONST_54, SHA512_CONST_55, SHA512_CONST_56, 3980Sstevel@tonic-gate SHA512_CONST_57, SHA512_CONST_58, SHA512_CONST_59, 3990Sstevel@tonic-gate SHA512_CONST_60, SHA512_CONST_61, SHA512_CONST_62, 4000Sstevel@tonic-gate SHA512_CONST_63, SHA512_CONST_64, SHA512_CONST_65, 4010Sstevel@tonic-gate SHA512_CONST_66, SHA512_CONST_67, SHA512_CONST_68, 4020Sstevel@tonic-gate SHA512_CONST_69, SHA512_CONST_70, SHA512_CONST_71, 4030Sstevel@tonic-gate SHA512_CONST_72, SHA512_CONST_73, SHA512_CONST_74, 4040Sstevel@tonic-gate SHA512_CONST_75, SHA512_CONST_76, SHA512_CONST_77, 4050Sstevel@tonic-gate SHA512_CONST_78, SHA512_CONST_79 4060Sstevel@tonic-gate }; 407*6281Sda73024 #endif /* __sparc */ 4080Sstevel@tonic-gate 4090Sstevel@tonic-gate 4100Sstevel@tonic-gate if ((uintptr_t)blk & 0x7) { /* not 8-byte aligned? */ 4110Sstevel@tonic-gate bcopy(blk, ctx->buf_un.buf64, sizeof (ctx->buf_un.buf64)); 4120Sstevel@tonic-gate blk = (uint8_t *)ctx->buf_un.buf64; 4130Sstevel@tonic-gate } 4140Sstevel@tonic-gate 4151694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 416676Sizick w0 = LOAD_BIG_64(blk + 8 * 0); 417676Sizick SHA512ROUND(a, b, c, d, e, f, g, h, 0, w0); 4181694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 419676Sizick w1 = LOAD_BIG_64(blk + 8 * 1); 420676Sizick SHA512ROUND(h, a, b, c, d, e, f, g, 1, w1); 4211694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 422676Sizick w2 = LOAD_BIG_64(blk + 8 * 2); 423676Sizick SHA512ROUND(g, h, a, b, c, d, e, f, 2, w2); 4241694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 425676Sizick w3 = LOAD_BIG_64(blk + 8 * 3); 426676Sizick SHA512ROUND(f, g, h, a, b, c, d, e, 3, w3); 4271694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 428676Sizick w4 = LOAD_BIG_64(blk + 8 * 4); 429676Sizick SHA512ROUND(e, f, g, h, a, b, c, d, 4, w4); 4301694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 431676Sizick w5 = LOAD_BIG_64(blk + 8 * 5); 432676Sizick SHA512ROUND(d, e, f, g, h, a, b, c, 5, w5); 4331694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 434676Sizick w6 = LOAD_BIG_64(blk + 8 * 6); 435676Sizick SHA512ROUND(c, d, e, f, g, h, a, b, 6, w6); 4361694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 437676Sizick w7 = LOAD_BIG_64(blk + 8 * 7); 438676Sizick SHA512ROUND(b, c, d, e, f, g, h, a, 7, w7); 4391694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 440676Sizick w8 = LOAD_BIG_64(blk + 8 * 8); 441676Sizick SHA512ROUND(a, b, c, d, e, f, g, h, 8, w8); 4421694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 443676Sizick w9 = LOAD_BIG_64(blk + 8 * 9); 444676Sizick SHA512ROUND(h, a, b, c, d, e, f, g, 9, w9); 4451694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 446676Sizick w10 = LOAD_BIG_64(blk + 8 * 10); 447676Sizick SHA512ROUND(g, h, a, b, c, d, e, f, 10, w10); 4481694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 449676Sizick w11 = LOAD_BIG_64(blk + 8 * 11); 450676Sizick SHA512ROUND(f, g, h, a, b, c, d, e, 11, w11); 4511694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 452676Sizick w12 = LOAD_BIG_64(blk + 8 * 12); 453676Sizick SHA512ROUND(e, f, g, h, a, b, c, d, 12, w12); 4541694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 455676Sizick w13 = LOAD_BIG_64(blk + 8 * 13); 456676Sizick SHA512ROUND(d, e, f, g, h, a, b, c, 13, w13); 4571694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 458676Sizick w14 = LOAD_BIG_64(blk + 8 * 14); 459676Sizick SHA512ROUND(c, d, e, f, g, h, a, b, 14, w14); 4601694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 461676Sizick w15 = LOAD_BIG_64(blk + 8 * 15); 462676Sizick SHA512ROUND(b, c, d, e, f, g, h, a, 15, w15); 463676Sizick 4640Sstevel@tonic-gate w0 = SIGMA1(w14) + w9 + SIGMA0(w1) + w0; 4650Sstevel@tonic-gate SHA512ROUND(a, b, c, d, e, f, g, h, 16, w0); 4660Sstevel@tonic-gate w1 = SIGMA1(w15) + w10 + SIGMA0(w2) + w1; 4670Sstevel@tonic-gate SHA512ROUND(h, a, b, c, d, e, f, g, 17, w1); 4680Sstevel@tonic-gate w2 = SIGMA1(w0) + w11 + SIGMA0(w3) + w2; 4690Sstevel@tonic-gate SHA512ROUND(g, h, a, b, c, d, e, f, 18, w2); 4700Sstevel@tonic-gate w3 = SIGMA1(w1) + w12 + SIGMA0(w4) + w3; 4710Sstevel@tonic-gate SHA512ROUND(f, g, h, a, b, c, d, e, 19, w3); 4720Sstevel@tonic-gate w4 = SIGMA1(w2) + w13 + SIGMA0(w5) + w4; 4730Sstevel@tonic-gate SHA512ROUND(e, f, g, h, a, b, c, d, 20, w4); 4740Sstevel@tonic-gate w5 = SIGMA1(w3) + w14 + SIGMA0(w6) + w5; 4750Sstevel@tonic-gate SHA512ROUND(d, e, f, g, h, a, b, c, 21, w5); 4760Sstevel@tonic-gate w6 = SIGMA1(w4) + w15 + SIGMA0(w7) + w6; 4770Sstevel@tonic-gate SHA512ROUND(c, d, e, f, g, h, a, b, 22, w6); 4780Sstevel@tonic-gate w7 = SIGMA1(w5) + w0 + SIGMA0(w8) + w7; 4790Sstevel@tonic-gate SHA512ROUND(b, c, d, e, f, g, h, a, 23, w7); 4800Sstevel@tonic-gate w8 = SIGMA1(w6) + w1 + SIGMA0(w9) + w8; 4810Sstevel@tonic-gate SHA512ROUND(a, b, c, d, e, f, g, h, 24, w8); 4820Sstevel@tonic-gate w9 = SIGMA1(w7) + w2 + SIGMA0(w10) + w9; 4830Sstevel@tonic-gate SHA512ROUND(h, a, b, c, d, e, f, g, 25, w9); 4840Sstevel@tonic-gate w10 = SIGMA1(w8) + w3 + SIGMA0(w11) + w10; 4850Sstevel@tonic-gate SHA512ROUND(g, h, a, b, c, d, e, f, 26, w10); 4860Sstevel@tonic-gate w11 = SIGMA1(w9) + w4 + SIGMA0(w12) + w11; 4870Sstevel@tonic-gate SHA512ROUND(f, g, h, a, b, c, d, e, 27, w11); 4880Sstevel@tonic-gate w12 = SIGMA1(w10) + w5 + SIGMA0(w13) + w12; 4890Sstevel@tonic-gate SHA512ROUND(e, f, g, h, a, b, c, d, 28, w12); 4900Sstevel@tonic-gate w13 = SIGMA1(w11) + w6 + SIGMA0(w14) + w13; 4910Sstevel@tonic-gate SHA512ROUND(d, e, f, g, h, a, b, c, 29, w13); 4920Sstevel@tonic-gate w14 = SIGMA1(w12) + w7 + SIGMA0(w15) + w14; 4930Sstevel@tonic-gate SHA512ROUND(c, d, e, f, g, h, a, b, 30, w14); 4940Sstevel@tonic-gate w15 = SIGMA1(w13) + w8 + SIGMA0(w0) + w15; 4950Sstevel@tonic-gate SHA512ROUND(b, c, d, e, f, g, h, a, 31, w15); 4960Sstevel@tonic-gate 4970Sstevel@tonic-gate w0 = SIGMA1(w14) + w9 + SIGMA0(w1) + w0; 4980Sstevel@tonic-gate SHA512ROUND(a, b, c, d, e, f, g, h, 32, w0); 4990Sstevel@tonic-gate w1 = SIGMA1(w15) + w10 + SIGMA0(w2) + w1; 5000Sstevel@tonic-gate SHA512ROUND(h, a, b, c, d, e, f, g, 33, w1); 5010Sstevel@tonic-gate w2 = SIGMA1(w0) + w11 + SIGMA0(w3) + w2; 5020Sstevel@tonic-gate SHA512ROUND(g, h, a, b, c, d, e, f, 34, w2); 5030Sstevel@tonic-gate w3 = SIGMA1(w1) + w12 + SIGMA0(w4) + w3; 5040Sstevel@tonic-gate SHA512ROUND(f, g, h, a, b, c, d, e, 35, w3); 5050Sstevel@tonic-gate w4 = SIGMA1(w2) + w13 + SIGMA0(w5) + w4; 5060Sstevel@tonic-gate SHA512ROUND(e, f, g, h, a, b, c, d, 36, w4); 5070Sstevel@tonic-gate w5 = SIGMA1(w3) + w14 + SIGMA0(w6) + w5; 5080Sstevel@tonic-gate SHA512ROUND(d, e, f, g, h, a, b, c, 37, w5); 5090Sstevel@tonic-gate w6 = SIGMA1(w4) + w15 + SIGMA0(w7) + w6; 5100Sstevel@tonic-gate SHA512ROUND(c, d, e, f, g, h, a, b, 38, w6); 5110Sstevel@tonic-gate w7 = SIGMA1(w5) + w0 + SIGMA0(w8) + w7; 5120Sstevel@tonic-gate SHA512ROUND(b, c, d, e, f, g, h, a, 39, w7); 5130Sstevel@tonic-gate w8 = SIGMA1(w6) + w1 + SIGMA0(w9) + w8; 5140Sstevel@tonic-gate SHA512ROUND(a, b, c, d, e, f, g, h, 40, w8); 5150Sstevel@tonic-gate w9 = SIGMA1(w7) + w2 + SIGMA0(w10) + w9; 5160Sstevel@tonic-gate SHA512ROUND(h, a, b, c, d, e, f, g, 41, w9); 5170Sstevel@tonic-gate w10 = SIGMA1(w8) + w3 + SIGMA0(w11) + w10; 5180Sstevel@tonic-gate SHA512ROUND(g, h, a, b, c, d, e, f, 42, w10); 5190Sstevel@tonic-gate w11 = SIGMA1(w9) + w4 + SIGMA0(w12) + w11; 5200Sstevel@tonic-gate SHA512ROUND(f, g, h, a, b, c, d, e, 43, w11); 5210Sstevel@tonic-gate w12 = SIGMA1(w10) + w5 + SIGMA0(w13) + w12; 5220Sstevel@tonic-gate SHA512ROUND(e, f, g, h, a, b, c, d, 44, w12); 5230Sstevel@tonic-gate w13 = SIGMA1(w11) + w6 + SIGMA0(w14) + w13; 5240Sstevel@tonic-gate SHA512ROUND(d, e, f, g, h, a, b, c, 45, w13); 5250Sstevel@tonic-gate w14 = SIGMA1(w12) + w7 + SIGMA0(w15) + w14; 5260Sstevel@tonic-gate SHA512ROUND(c, d, e, f, g, h, a, b, 46, w14); 5270Sstevel@tonic-gate w15 = SIGMA1(w13) + w8 + SIGMA0(w0) + w15; 5280Sstevel@tonic-gate SHA512ROUND(b, c, d, e, f, g, h, a, 47, w15); 5290Sstevel@tonic-gate 5300Sstevel@tonic-gate w0 = SIGMA1(w14) + w9 + SIGMA0(w1) + w0; 5310Sstevel@tonic-gate SHA512ROUND(a, b, c, d, e, f, g, h, 48, w0); 5320Sstevel@tonic-gate w1 = SIGMA1(w15) + w10 + SIGMA0(w2) + w1; 5330Sstevel@tonic-gate SHA512ROUND(h, a, b, c, d, e, f, g, 49, w1); 5340Sstevel@tonic-gate w2 = SIGMA1(w0) + w11 + SIGMA0(w3) + w2; 5350Sstevel@tonic-gate SHA512ROUND(g, h, a, b, c, d, e, f, 50, w2); 5360Sstevel@tonic-gate w3 = SIGMA1(w1) + w12 + SIGMA0(w4) + w3; 5370Sstevel@tonic-gate SHA512ROUND(f, g, h, a, b, c, d, e, 51, w3); 5380Sstevel@tonic-gate w4 = SIGMA1(w2) + w13 + SIGMA0(w5) + w4; 5390Sstevel@tonic-gate SHA512ROUND(e, f, g, h, a, b, c, d, 52, w4); 5400Sstevel@tonic-gate w5 = SIGMA1(w3) + w14 + SIGMA0(w6) + w5; 5410Sstevel@tonic-gate SHA512ROUND(d, e, f, g, h, a, b, c, 53, w5); 5420Sstevel@tonic-gate w6 = SIGMA1(w4) + w15 + SIGMA0(w7) + w6; 5430Sstevel@tonic-gate SHA512ROUND(c, d, e, f, g, h, a, b, 54, w6); 5440Sstevel@tonic-gate w7 = SIGMA1(w5) + w0 + SIGMA0(w8) + w7; 5450Sstevel@tonic-gate SHA512ROUND(b, c, d, e, f, g, h, a, 55, w7); 5460Sstevel@tonic-gate w8 = SIGMA1(w6) + w1 + SIGMA0(w9) + w8; 5470Sstevel@tonic-gate SHA512ROUND(a, b, c, d, e, f, g, h, 56, w8); 5480Sstevel@tonic-gate w9 = SIGMA1(w7) + w2 + SIGMA0(w10) + w9; 5490Sstevel@tonic-gate SHA512ROUND(h, a, b, c, d, e, f, g, 57, w9); 5500Sstevel@tonic-gate w10 = SIGMA1(w8) + w3 + SIGMA0(w11) + w10; 5510Sstevel@tonic-gate SHA512ROUND(g, h, a, b, c, d, e, f, 58, w10); 5520Sstevel@tonic-gate w11 = SIGMA1(w9) + w4 + SIGMA0(w12) + w11; 5530Sstevel@tonic-gate SHA512ROUND(f, g, h, a, b, c, d, e, 59, w11); 5540Sstevel@tonic-gate w12 = SIGMA1(w10) + w5 + SIGMA0(w13) + w12; 5550Sstevel@tonic-gate SHA512ROUND(e, f, g, h, a, b, c, d, 60, w12); 5560Sstevel@tonic-gate w13 = SIGMA1(w11) + w6 + SIGMA0(w14) + w13; 5570Sstevel@tonic-gate SHA512ROUND(d, e, f, g, h, a, b, c, 61, w13); 5580Sstevel@tonic-gate w14 = SIGMA1(w12) + w7 + SIGMA0(w15) + w14; 5590Sstevel@tonic-gate SHA512ROUND(c, d, e, f, g, h, a, b, 62, w14); 5600Sstevel@tonic-gate w15 = SIGMA1(w13) + w8 + SIGMA0(w0) + w15; 5610Sstevel@tonic-gate SHA512ROUND(b, c, d, e, f, g, h, a, 63, w15); 5620Sstevel@tonic-gate 5630Sstevel@tonic-gate w0 = SIGMA1(w14) + w9 + SIGMA0(w1) + w0; 5640Sstevel@tonic-gate SHA512ROUND(a, b, c, d, e, f, g, h, 64, w0); 5650Sstevel@tonic-gate w1 = SIGMA1(w15) + w10 + SIGMA0(w2) + w1; 5660Sstevel@tonic-gate SHA512ROUND(h, a, b, c, d, e, f, g, 65, w1); 5670Sstevel@tonic-gate w2 = SIGMA1(w0) + w11 + SIGMA0(w3) + w2; 5680Sstevel@tonic-gate SHA512ROUND(g, h, a, b, c, d, e, f, 66, w2); 5690Sstevel@tonic-gate w3 = SIGMA1(w1) + w12 + SIGMA0(w4) + w3; 5700Sstevel@tonic-gate SHA512ROUND(f, g, h, a, b, c, d, e, 67, w3); 5710Sstevel@tonic-gate w4 = SIGMA1(w2) + w13 + SIGMA0(w5) + w4; 5720Sstevel@tonic-gate SHA512ROUND(e, f, g, h, a, b, c, d, 68, w4); 5730Sstevel@tonic-gate w5 = SIGMA1(w3) + w14 + SIGMA0(w6) + w5; 5740Sstevel@tonic-gate SHA512ROUND(d, e, f, g, h, a, b, c, 69, w5); 5750Sstevel@tonic-gate w6 = SIGMA1(w4) + w15 + SIGMA0(w7) + w6; 5760Sstevel@tonic-gate SHA512ROUND(c, d, e, f, g, h, a, b, 70, w6); 5770Sstevel@tonic-gate w7 = SIGMA1(w5) + w0 + SIGMA0(w8) + w7; 5780Sstevel@tonic-gate SHA512ROUND(b, c, d, e, f, g, h, a, 71, w7); 5790Sstevel@tonic-gate w8 = SIGMA1(w6) + w1 + SIGMA0(w9) + w8; 5800Sstevel@tonic-gate SHA512ROUND(a, b, c, d, e, f, g, h, 72, w8); 5810Sstevel@tonic-gate w9 = SIGMA1(w7) + w2 + SIGMA0(w10) + w9; 5820Sstevel@tonic-gate SHA512ROUND(h, a, b, c, d, e, f, g, 73, w9); 5830Sstevel@tonic-gate w10 = SIGMA1(w8) + w3 + SIGMA0(w11) + w10; 5840Sstevel@tonic-gate SHA512ROUND(g, h, a, b, c, d, e, f, 74, w10); 5850Sstevel@tonic-gate w11 = SIGMA1(w9) + w4 + SIGMA0(w12) + w11; 5860Sstevel@tonic-gate SHA512ROUND(f, g, h, a, b, c, d, e, 75, w11); 5870Sstevel@tonic-gate w12 = SIGMA1(w10) + w5 + SIGMA0(w13) + w12; 5880Sstevel@tonic-gate SHA512ROUND(e, f, g, h, a, b, c, d, 76, w12); 5890Sstevel@tonic-gate w13 = SIGMA1(w11) + w6 + SIGMA0(w14) + w13; 5900Sstevel@tonic-gate SHA512ROUND(d, e, f, g, h, a, b, c, 77, w13); 5910Sstevel@tonic-gate w14 = SIGMA1(w12) + w7 + SIGMA0(w15) + w14; 5920Sstevel@tonic-gate SHA512ROUND(c, d, e, f, g, h, a, b, 78, w14); 5930Sstevel@tonic-gate w15 = SIGMA1(w13) + w8 + SIGMA0(w0) + w15; 5940Sstevel@tonic-gate SHA512ROUND(b, c, d, e, f, g, h, a, 79, w15); 5950Sstevel@tonic-gate 5960Sstevel@tonic-gate ctx->state.s64[0] += a; 5970Sstevel@tonic-gate ctx->state.s64[1] += b; 5980Sstevel@tonic-gate ctx->state.s64[2] += c; 5990Sstevel@tonic-gate ctx->state.s64[3] += d; 6000Sstevel@tonic-gate ctx->state.s64[4] += e; 6010Sstevel@tonic-gate ctx->state.s64[5] += f; 6020Sstevel@tonic-gate ctx->state.s64[6] += g; 6030Sstevel@tonic-gate ctx->state.s64[7] += h; 6040Sstevel@tonic-gate 6050Sstevel@tonic-gate } 606*6281Sda73024 #endif /* !__amd64 */ 6070Sstevel@tonic-gate 6080Sstevel@tonic-gate 6090Sstevel@tonic-gate /* 6100Sstevel@tonic-gate * Encode() 6110Sstevel@tonic-gate * 6120Sstevel@tonic-gate * purpose: to convert a list of numbers from little endian to big endian 6130Sstevel@tonic-gate * input: uint8_t * : place to store the converted big endian numbers 6140Sstevel@tonic-gate * uint32_t * : place to get numbers to convert from 6150Sstevel@tonic-gate * size_t : the length of the input in bytes 6160Sstevel@tonic-gate * output: void 6170Sstevel@tonic-gate */ 6180Sstevel@tonic-gate 6190Sstevel@tonic-gate static void 6201694Sdarrenm Encode(uint8_t *_RESTRICT_KYWD output, uint32_t *_RESTRICT_KYWD input, 6211694Sdarrenm size_t len) 6220Sstevel@tonic-gate { 6230Sstevel@tonic-gate size_t i, j; 6240Sstevel@tonic-gate 6250Sstevel@tonic-gate #if defined(__sparc) 6260Sstevel@tonic-gate if (IS_P2ALIGNED(output, sizeof (uint32_t))) { 6270Sstevel@tonic-gate for (i = 0, j = 0; j < len; i++, j += 4) { 6280Sstevel@tonic-gate /* LINTED: pointer alignment */ 6290Sstevel@tonic-gate *((uint32_t *)(output + j)) = input[i]; 6300Sstevel@tonic-gate } 6310Sstevel@tonic-gate } else { 6320Sstevel@tonic-gate #endif /* little endian -- will work on big endian, but slowly */ 6330Sstevel@tonic-gate for (i = 0, j = 0; j < len; i++, j += 4) { 6340Sstevel@tonic-gate output[j] = (input[i] >> 24) & 0xff; 6350Sstevel@tonic-gate output[j + 1] = (input[i] >> 16) & 0xff; 6360Sstevel@tonic-gate output[j + 2] = (input[i] >> 8) & 0xff; 6370Sstevel@tonic-gate output[j + 3] = input[i] & 0xff; 6380Sstevel@tonic-gate } 6390Sstevel@tonic-gate #if defined(__sparc) 6400Sstevel@tonic-gate } 6410Sstevel@tonic-gate #endif 6420Sstevel@tonic-gate } 6430Sstevel@tonic-gate 6440Sstevel@tonic-gate static void 6451694Sdarrenm Encode64(uint8_t *_RESTRICT_KYWD output, uint64_t *_RESTRICT_KYWD input, 6461694Sdarrenm size_t len) 6470Sstevel@tonic-gate { 6480Sstevel@tonic-gate size_t i, j; 6490Sstevel@tonic-gate 6500Sstevel@tonic-gate #if defined(__sparc) 6510Sstevel@tonic-gate if (IS_P2ALIGNED(output, sizeof (uint64_t))) { 6520Sstevel@tonic-gate for (i = 0, j = 0; j < len; i++, j += 8) { 6530Sstevel@tonic-gate /* LINTED: pointer alignment */ 6540Sstevel@tonic-gate *((uint64_t *)(output + j)) = input[i]; 6550Sstevel@tonic-gate } 6560Sstevel@tonic-gate } else { 6570Sstevel@tonic-gate #endif /* little endian -- will work on big endian, but slowly */ 6580Sstevel@tonic-gate for (i = 0, j = 0; j < len; i++, j += 8) { 6590Sstevel@tonic-gate 6600Sstevel@tonic-gate output[j] = (input[i] >> 56) & 0xff; 6610Sstevel@tonic-gate output[j + 1] = (input[i] >> 48) & 0xff; 6620Sstevel@tonic-gate output[j + 2] = (input[i] >> 40) & 0xff; 6630Sstevel@tonic-gate output[j + 3] = (input[i] >> 32) & 0xff; 6640Sstevel@tonic-gate output[j + 4] = (input[i] >> 24) & 0xff; 6650Sstevel@tonic-gate output[j + 5] = (input[i] >> 16) & 0xff; 6660Sstevel@tonic-gate output[j + 6] = (input[i] >> 8) & 0xff; 6670Sstevel@tonic-gate output[j + 7] = input[i] & 0xff; 6680Sstevel@tonic-gate } 6690Sstevel@tonic-gate #if defined(__sparc) 6700Sstevel@tonic-gate } 6710Sstevel@tonic-gate #endif 6720Sstevel@tonic-gate } 6730Sstevel@tonic-gate 6740Sstevel@tonic-gate 6750Sstevel@tonic-gate void 6760Sstevel@tonic-gate SHA2Init(uint64_t mech, SHA2_CTX *ctx) 6770Sstevel@tonic-gate { 6780Sstevel@tonic-gate 6790Sstevel@tonic-gate switch (mech) { 6800Sstevel@tonic-gate case SHA256_MECH_INFO_TYPE: 6810Sstevel@tonic-gate case SHA256_HMAC_MECH_INFO_TYPE: 6820Sstevel@tonic-gate case SHA256_HMAC_GEN_MECH_INFO_TYPE: 6830Sstevel@tonic-gate ctx->state.s32[0] = 0x6a09e667U; 6840Sstevel@tonic-gate ctx->state.s32[1] = 0xbb67ae85U; 6850Sstevel@tonic-gate ctx->state.s32[2] = 0x3c6ef372U; 6860Sstevel@tonic-gate ctx->state.s32[3] = 0xa54ff53aU; 6870Sstevel@tonic-gate ctx->state.s32[4] = 0x510e527fU; 6880Sstevel@tonic-gate ctx->state.s32[5] = 0x9b05688cU; 6890Sstevel@tonic-gate ctx->state.s32[6] = 0x1f83d9abU; 6900Sstevel@tonic-gate ctx->state.s32[7] = 0x5be0cd19U; 6910Sstevel@tonic-gate break; 6920Sstevel@tonic-gate case SHA384_MECH_INFO_TYPE: 6930Sstevel@tonic-gate case SHA384_HMAC_MECH_INFO_TYPE: 6940Sstevel@tonic-gate case SHA384_HMAC_GEN_MECH_INFO_TYPE: 6950Sstevel@tonic-gate ctx->state.s64[0] = 0xcbbb9d5dc1059ed8ULL; 6960Sstevel@tonic-gate ctx->state.s64[1] = 0x629a292a367cd507ULL; 6970Sstevel@tonic-gate ctx->state.s64[2] = 0x9159015a3070dd17ULL; 6980Sstevel@tonic-gate ctx->state.s64[3] = 0x152fecd8f70e5939ULL; 6990Sstevel@tonic-gate ctx->state.s64[4] = 0x67332667ffc00b31ULL; 7000Sstevel@tonic-gate ctx->state.s64[5] = 0x8eb44a8768581511ULL; 7010Sstevel@tonic-gate ctx->state.s64[6] = 0xdb0c2e0d64f98fa7ULL; 7020Sstevel@tonic-gate ctx->state.s64[7] = 0x47b5481dbefa4fa4ULL; 7030Sstevel@tonic-gate break; 7040Sstevel@tonic-gate case SHA512_MECH_INFO_TYPE: 7050Sstevel@tonic-gate case SHA512_HMAC_MECH_INFO_TYPE: 7060Sstevel@tonic-gate case SHA512_HMAC_GEN_MECH_INFO_TYPE: 7070Sstevel@tonic-gate ctx->state.s64[0] = 0x6a09e667f3bcc908ULL; 7080Sstevel@tonic-gate ctx->state.s64[1] = 0xbb67ae8584caa73bULL; 7090Sstevel@tonic-gate ctx->state.s64[2] = 0x3c6ef372fe94f82bULL; 7100Sstevel@tonic-gate ctx->state.s64[3] = 0xa54ff53a5f1d36f1ULL; 7110Sstevel@tonic-gate ctx->state.s64[4] = 0x510e527fade682d1ULL; 7120Sstevel@tonic-gate ctx->state.s64[5] = 0x9b05688c2b3e6c1fULL; 7130Sstevel@tonic-gate ctx->state.s64[6] = 0x1f83d9abfb41bd6bULL; 7140Sstevel@tonic-gate ctx->state.s64[7] = 0x5be0cd19137e2179ULL; 7150Sstevel@tonic-gate break; 7160Sstevel@tonic-gate #ifdef _KERNEL 7170Sstevel@tonic-gate default: 7181694Sdarrenm cmn_err(CE_PANIC, "sha2_init: " 7190Sstevel@tonic-gate "failed to find a supported algorithm: 0x%x", 7200Sstevel@tonic-gate (uint32_t)mech); 7210Sstevel@tonic-gate 7220Sstevel@tonic-gate #endif /* _KERNEL */ 7230Sstevel@tonic-gate } 7240Sstevel@tonic-gate 7250Sstevel@tonic-gate ctx->algotype = mech; 7260Sstevel@tonic-gate ctx->count.c64[0] = ctx->count.c64[1] = 0; 7270Sstevel@tonic-gate } 7280Sstevel@tonic-gate 7291694Sdarrenm #ifndef _KERNEL 7301694Sdarrenm 7311694Sdarrenm #pragma inline(SHA256Init, SHA384Init, SHA512Init) 7321694Sdarrenm void 7331694Sdarrenm SHA256Init(SHA256_CTX *ctx) 7341694Sdarrenm { 7351694Sdarrenm SHA2Init(SHA256, ctx); 7361694Sdarrenm } 7371694Sdarrenm 7381694Sdarrenm void 7391694Sdarrenm SHA384Init(SHA384_CTX *ctx) 7401694Sdarrenm { 7411694Sdarrenm SHA2Init(SHA384, ctx); 7421694Sdarrenm } 7431694Sdarrenm 7441694Sdarrenm void 7451694Sdarrenm SHA512Init(SHA512_CTX *ctx) 7461694Sdarrenm { 7471694Sdarrenm SHA2Init(SHA512, ctx); 7481694Sdarrenm } 7491694Sdarrenm 7501694Sdarrenm #endif /* _KERNEL */ 7511694Sdarrenm 7520Sstevel@tonic-gate /* 7530Sstevel@tonic-gate * SHA2Update() 7540Sstevel@tonic-gate * 7550Sstevel@tonic-gate * purpose: continues an sha2 digest operation, using the message block 7560Sstevel@tonic-gate * to update the context. 7570Sstevel@tonic-gate * input: SHA2_CTX * : the context to update 7581694Sdarrenm * void * : the message block 759*6281Sda73024 * size_t : the length of the message block, in bytes 7600Sstevel@tonic-gate * output: void 7610Sstevel@tonic-gate */ 7620Sstevel@tonic-gate 7630Sstevel@tonic-gate void 7641694Sdarrenm SHA2Update(SHA2_CTX *ctx, const void *inptr, size_t input_len) 7650Sstevel@tonic-gate { 766*6281Sda73024 uint32_t i, buf_index, buf_len, buf_limit; 767*6281Sda73024 const uint8_t *input = inptr; 768*6281Sda73024 uint32_t algotype = ctx->algotype; 769*6281Sda73024 #if defined(__amd64) 770*6281Sda73024 uint32_t block_count; 771*6281Sda73024 #endif /* !__amd64 */ 772*6281Sda73024 7730Sstevel@tonic-gate 7740Sstevel@tonic-gate /* check for noop */ 7750Sstevel@tonic-gate if (input_len == 0) 7760Sstevel@tonic-gate return; 7770Sstevel@tonic-gate 778*6281Sda73024 if (algotype <= SHA256_HMAC_GEN_MECH_INFO_TYPE) { 7790Sstevel@tonic-gate buf_limit = 64; 7800Sstevel@tonic-gate 7810Sstevel@tonic-gate /* compute number of bytes mod 64 */ 7820Sstevel@tonic-gate buf_index = (ctx->count.c32[1] >> 3) & 0x3F; 7830Sstevel@tonic-gate 7840Sstevel@tonic-gate /* update number of bits */ 7850Sstevel@tonic-gate if ((ctx->count.c32[1] += (input_len << 3)) < (input_len << 3)) 7860Sstevel@tonic-gate ctx->count.c32[0]++; 7870Sstevel@tonic-gate 7880Sstevel@tonic-gate ctx->count.c32[0] += (input_len >> 29); 7890Sstevel@tonic-gate 7900Sstevel@tonic-gate } else { 7910Sstevel@tonic-gate buf_limit = 128; 7920Sstevel@tonic-gate 7930Sstevel@tonic-gate /* compute number of bytes mod 128 */ 7940Sstevel@tonic-gate buf_index = (ctx->count.c64[1] >> 3) & 0x7F; 7950Sstevel@tonic-gate 7960Sstevel@tonic-gate /* update number of bits */ 7970Sstevel@tonic-gate if ((ctx->count.c64[1] += (input_len << 3)) < (input_len << 3)) 7980Sstevel@tonic-gate ctx->count.c64[0]++; 7990Sstevel@tonic-gate 8000Sstevel@tonic-gate ctx->count.c64[0] += (input_len >> 29); 8010Sstevel@tonic-gate } 8020Sstevel@tonic-gate 8030Sstevel@tonic-gate buf_len = buf_limit - buf_index; 8040Sstevel@tonic-gate 8050Sstevel@tonic-gate /* transform as many times as possible */ 8060Sstevel@tonic-gate i = 0; 8070Sstevel@tonic-gate if (input_len >= buf_len) { 8080Sstevel@tonic-gate 8090Sstevel@tonic-gate /* 8100Sstevel@tonic-gate * general optimization: 8110Sstevel@tonic-gate * 8120Sstevel@tonic-gate * only do initial bcopy() and SHA2Transform() if 8130Sstevel@tonic-gate * buf_index != 0. if buf_index == 0, we're just 8140Sstevel@tonic-gate * wasting our time doing the bcopy() since there 8150Sstevel@tonic-gate * wasn't any data left over from a previous call to 8160Sstevel@tonic-gate * SHA2Update(). 8170Sstevel@tonic-gate */ 8180Sstevel@tonic-gate if (buf_index) { 8190Sstevel@tonic-gate bcopy(input, &ctx->buf_un.buf8[buf_index], buf_len); 820*6281Sda73024 if (algotype <= SHA256_HMAC_GEN_MECH_INFO_TYPE) 8210Sstevel@tonic-gate SHA256Transform(ctx, ctx->buf_un.buf8); 8220Sstevel@tonic-gate else 8230Sstevel@tonic-gate SHA512Transform(ctx, ctx->buf_un.buf8); 8240Sstevel@tonic-gate 8250Sstevel@tonic-gate i = buf_len; 8260Sstevel@tonic-gate } 8270Sstevel@tonic-gate 828*6281Sda73024 #if !defined(__amd64) 829*6281Sda73024 if (algotype <= SHA256_HMAC_GEN_MECH_INFO_TYPE) { 830*6281Sda73024 for (; i + buf_limit - 1 < input_len; i += buf_limit) { 8310Sstevel@tonic-gate SHA256Transform(ctx, &input[i]); 832*6281Sda73024 } 833*6281Sda73024 } else { 834*6281Sda73024 for (; i + buf_limit - 1 < input_len; i += buf_limit) { 8350Sstevel@tonic-gate SHA512Transform(ctx, &input[i]); 836*6281Sda73024 } 8370Sstevel@tonic-gate } 8380Sstevel@tonic-gate 839*6281Sda73024 #else 840*6281Sda73024 if (algotype <= SHA256_HMAC_GEN_MECH_INFO_TYPE) { 841*6281Sda73024 block_count = (input_len - i) >> 6; 842*6281Sda73024 if (block_count > 0) { 843*6281Sda73024 SHA256TransformBlocks(ctx, &input[i], 844*6281Sda73024 block_count); 845*6281Sda73024 i += block_count << 6; 846*6281Sda73024 } 847*6281Sda73024 } else { 848*6281Sda73024 block_count = (input_len - i) >> 7; 849*6281Sda73024 if (block_count > 0) { 850*6281Sda73024 SHA512TransformBlocks(ctx, &input[i], 851*6281Sda73024 block_count); 852*6281Sda73024 i += block_count << 7; 853*6281Sda73024 } 854*6281Sda73024 } 855*6281Sda73024 #endif /* !__amd64 */ 856*6281Sda73024 8570Sstevel@tonic-gate /* 8580Sstevel@tonic-gate * general optimization: 8590Sstevel@tonic-gate * 8600Sstevel@tonic-gate * if i and input_len are the same, return now instead 8610Sstevel@tonic-gate * of calling bcopy(), since the bcopy() in this case 862*6281Sda73024 * will be an expensive noop. 8630Sstevel@tonic-gate */ 8640Sstevel@tonic-gate 8650Sstevel@tonic-gate if (input_len == i) 8660Sstevel@tonic-gate return; 8670Sstevel@tonic-gate 8680Sstevel@tonic-gate buf_index = 0; 8690Sstevel@tonic-gate } 8700Sstevel@tonic-gate 8710Sstevel@tonic-gate /* buffer remaining input */ 8720Sstevel@tonic-gate bcopy(&input[i], &ctx->buf_un.buf8[buf_index], input_len - i); 8730Sstevel@tonic-gate } 8740Sstevel@tonic-gate 8750Sstevel@tonic-gate 8760Sstevel@tonic-gate /* 8770Sstevel@tonic-gate * SHA2Final() 8780Sstevel@tonic-gate * 8790Sstevel@tonic-gate * purpose: ends an sha2 digest operation, finalizing the message digest and 8800Sstevel@tonic-gate * zeroing the context. 881*6281Sda73024 * input: uchar_t * : a buffer to store the digest 8824002Sdarrenm * : The function actually uses void* because many 8834002Sdarrenm * : callers pass things other than uchar_t here. 8840Sstevel@tonic-gate * SHA2_CTX * : the context to finalize, save, and zero 8850Sstevel@tonic-gate * output: void 8860Sstevel@tonic-gate */ 8870Sstevel@tonic-gate 8880Sstevel@tonic-gate void 8891694Sdarrenm SHA2Final(void *digest, SHA2_CTX *ctx) 8900Sstevel@tonic-gate { 8910Sstevel@tonic-gate uint8_t bitcount_be[sizeof (ctx->count.c32)]; 8920Sstevel@tonic-gate uint8_t bitcount_be64[sizeof (ctx->count.c64)]; 8930Sstevel@tonic-gate uint32_t index; 894*6281Sda73024 uint32_t algotype = ctx->algotype; 8950Sstevel@tonic-gate 896*6281Sda73024 if (algotype <= SHA256_HMAC_GEN_MECH_INFO_TYPE) { 8970Sstevel@tonic-gate index = (ctx->count.c32[1] >> 3) & 0x3f; 8980Sstevel@tonic-gate Encode(bitcount_be, ctx->count.c32, sizeof (bitcount_be)); 8990Sstevel@tonic-gate SHA2Update(ctx, PADDING, ((index < 56) ? 56 : 120) - index); 9000Sstevel@tonic-gate SHA2Update(ctx, bitcount_be, sizeof (bitcount_be)); 9010Sstevel@tonic-gate Encode(digest, ctx->state.s32, sizeof (ctx->state.s32)); 9020Sstevel@tonic-gate 9030Sstevel@tonic-gate } else { 9040Sstevel@tonic-gate index = (ctx->count.c64[1] >> 3) & 0x7f; 9050Sstevel@tonic-gate Encode64(bitcount_be64, ctx->count.c64, 9060Sstevel@tonic-gate sizeof (bitcount_be64)); 9070Sstevel@tonic-gate SHA2Update(ctx, PADDING, ((index < 112) ? 112 : 240) - index); 9080Sstevel@tonic-gate SHA2Update(ctx, bitcount_be64, sizeof (bitcount_be64)); 909*6281Sda73024 if (algotype <= SHA384_HMAC_GEN_MECH_INFO_TYPE) { 9100Sstevel@tonic-gate ctx->state.s64[6] = ctx->state.s64[7] = 0; 9110Sstevel@tonic-gate Encode64(digest, ctx->state.s64, 9120Sstevel@tonic-gate sizeof (uint64_t) * 6); 9130Sstevel@tonic-gate } else 9140Sstevel@tonic-gate Encode64(digest, ctx->state.s64, 9150Sstevel@tonic-gate sizeof (ctx->state.s64)); 9160Sstevel@tonic-gate } 9171551Sdarrenm 9181551Sdarrenm /* zeroize sensitive information */ 9191551Sdarrenm bzero(ctx, sizeof (*ctx)); 9200Sstevel@tonic-gate } 921