10Sstevel@tonic-gate /* 26281Sda73024 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 30Sstevel@tonic-gate * Use is subject to license terms. 40Sstevel@tonic-gate */ 50Sstevel@tonic-gate 60Sstevel@tonic-gate /* 70Sstevel@tonic-gate * The basic framework for this code came from the reference 80Sstevel@tonic-gate * implementation for MD5. That implementation is Copyright (C) 90Sstevel@tonic-gate * 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved. 100Sstevel@tonic-gate * 110Sstevel@tonic-gate * License to copy and use this software is granted provided that it 120Sstevel@tonic-gate * is identified as the "RSA Data Security, Inc. MD5 Message-Digest 130Sstevel@tonic-gate * Algorithm" in all material mentioning or referencing this software 140Sstevel@tonic-gate * or this function. 150Sstevel@tonic-gate * 160Sstevel@tonic-gate * License is also granted to make and use derivative works provided 170Sstevel@tonic-gate * that such works are identified as "derived from the RSA Data 180Sstevel@tonic-gate * Security, Inc. MD5 Message-Digest Algorithm" in all material 190Sstevel@tonic-gate * mentioning or referencing the derived work. 200Sstevel@tonic-gate * 210Sstevel@tonic-gate * RSA Data Security, Inc. makes no representations concerning either 220Sstevel@tonic-gate * the merchantability of this software or the suitability of this 230Sstevel@tonic-gate * software for any particular purpose. It is provided "as is" 240Sstevel@tonic-gate * without express or implied warranty of any kind. 250Sstevel@tonic-gate * 260Sstevel@tonic-gate * These notices must be retained in any copies of any part of this 270Sstevel@tonic-gate * documentation and/or software. 280Sstevel@tonic-gate * 290Sstevel@tonic-gate * NOTE: Cleaned-up and optimized, version of SHA2, based on the FIPS 180-2 30*7421SDaniel.Anderson@Sun.COM * standard, available at 31*7421SDaniel.Anderson@Sun.COM * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf 320Sstevel@tonic-gate * Not as fast as one would like -- further optimizations are encouraged 330Sstevel@tonic-gate * and appreciated. 340Sstevel@tonic-gate */ 350Sstevel@tonic-gate 360Sstevel@tonic-gate #include <sys/types.h> 370Sstevel@tonic-gate #include <sys/param.h> 380Sstevel@tonic-gate #include <sys/systm.h> 390Sstevel@tonic-gate #include <sys/sysmacros.h> 401694Sdarrenm #define _SHA2_IMPL 410Sstevel@tonic-gate #include <sys/sha2.h> 420Sstevel@tonic-gate #include <sys/sha2_consts.h> 430Sstevel@tonic-gate 446281Sda73024 #ifdef _KERNEL 456281Sda73024 #include <sys/cmn_err.h> 460Sstevel@tonic-gate 476281Sda73024 #else 480Sstevel@tonic-gate #include <strings.h> 490Sstevel@tonic-gate #include <stdlib.h> 500Sstevel@tonic-gate #include <errno.h> 510Sstevel@tonic-gate 521694Sdarrenm #pragma weak SHA256Update = SHA2Update 531694Sdarrenm #pragma weak SHA384Update = SHA2Update 541694Sdarrenm #pragma weak SHA512Update = SHA2Update 551694Sdarrenm 561694Sdarrenm #pragma weak SHA256Final = SHA2Final 571694Sdarrenm #pragma weak SHA384Final = SHA2Final 581694Sdarrenm #pragma weak SHA512Final = SHA2Final 591694Sdarrenm 606281Sda73024 #endif /* _KERNEL */ 611694Sdarrenm 62*7421SDaniel.Anderson@Sun.COM #ifdef _LITTLE_ENDIAN 63*7421SDaniel.Anderson@Sun.COM #include <sys/byteorder.h> 64*7421SDaniel.Anderson@Sun.COM #define HAVE_HTONL 65*7421SDaniel.Anderson@Sun.COM #endif 66*7421SDaniel.Anderson@Sun.COM 670Sstevel@tonic-gate static void Encode(uint8_t *, uint32_t *, size_t); 680Sstevel@tonic-gate static void Encode64(uint8_t *, uint64_t *, size_t); 696281Sda73024 706281Sda73024 #if defined(__amd64) 716281Sda73024 #define SHA512Transform(ctx, in) SHA512TransformBlocks((ctx), (in), 1) 726281Sda73024 #define SHA256Transform(ctx, in) SHA256TransformBlocks((ctx), (in), 1) 736281Sda73024 746281Sda73024 void SHA512TransformBlocks(SHA2_CTX *ctx, const void *in, size_t num); 756281Sda73024 void SHA256TransformBlocks(SHA2_CTX *ctx, const void *in, size_t num); 766281Sda73024 776281Sda73024 #else 780Sstevel@tonic-gate static void SHA256Transform(SHA2_CTX *, const uint8_t *); 790Sstevel@tonic-gate static void SHA512Transform(SHA2_CTX *, const uint8_t *); 806281Sda73024 #endif /* __amd64 */ 810Sstevel@tonic-gate 820Sstevel@tonic-gate static uint8_t PADDING[128] = { 0x80, /* all zeros */ }; 830Sstevel@tonic-gate 840Sstevel@tonic-gate /* Ch and Maj are the basic SHA2 functions. */ 850Sstevel@tonic-gate #define Ch(b, c, d) (((b) & (c)) ^ ((~b) & (d))) 860Sstevel@tonic-gate #define Maj(b, c, d) (((b) & (c)) ^ ((b) & (d)) ^ ((c) & (d))) 870Sstevel@tonic-gate 880Sstevel@tonic-gate /* Rotates x right n bits. */ 890Sstevel@tonic-gate #define ROTR(x, n) \ 900Sstevel@tonic-gate (((x) >> (n)) | ((x) << ((sizeof (x) * NBBY)-(n)))) 910Sstevel@tonic-gate 920Sstevel@tonic-gate /* Shift x right n bits */ 930Sstevel@tonic-gate #define SHR(x, n) ((x) >> (n)) 940Sstevel@tonic-gate 950Sstevel@tonic-gate /* SHA256 Functions */ 960Sstevel@tonic-gate #define BIGSIGMA0_256(x) (ROTR((x), 2) ^ ROTR((x), 13) ^ ROTR((x), 22)) 970Sstevel@tonic-gate #define BIGSIGMA1_256(x) (ROTR((x), 6) ^ ROTR((x), 11) ^ ROTR((x), 25)) 980Sstevel@tonic-gate #define SIGMA0_256(x) (ROTR((x), 7) ^ ROTR((x), 18) ^ SHR((x), 3)) 990Sstevel@tonic-gate #define SIGMA1_256(x) (ROTR((x), 17) ^ ROTR((x), 19) ^ SHR((x), 10)) 1000Sstevel@tonic-gate 1010Sstevel@tonic-gate #define SHA256ROUND(a, b, c, d, e, f, g, h, i, w) \ 1020Sstevel@tonic-gate T1 = h + BIGSIGMA1_256(e) + Ch(e, f, g) + SHA256_CONST(i) + w; \ 1030Sstevel@tonic-gate d += T1; \ 1040Sstevel@tonic-gate T2 = BIGSIGMA0_256(a) + Maj(a, b, c); \ 1050Sstevel@tonic-gate h = T1 + T2 1060Sstevel@tonic-gate 1070Sstevel@tonic-gate /* SHA384/512 Functions */ 1080Sstevel@tonic-gate #define BIGSIGMA0(x) (ROTR((x), 28) ^ ROTR((x), 34) ^ ROTR((x), 39)) 1090Sstevel@tonic-gate #define BIGSIGMA1(x) (ROTR((x), 14) ^ ROTR((x), 18) ^ ROTR((x), 41)) 1100Sstevel@tonic-gate #define SIGMA0(x) (ROTR((x), 1) ^ ROTR((x), 8) ^ SHR((x), 7)) 1110Sstevel@tonic-gate #define SIGMA1(x) (ROTR((x), 19) ^ ROTR((x), 61) ^ SHR((x), 6)) 1120Sstevel@tonic-gate #define SHA512ROUND(a, b, c, d, e, f, g, h, i, w) \ 1130Sstevel@tonic-gate T1 = h + BIGSIGMA1(e) + Ch(e, f, g) + SHA512_CONST(i) + w; \ 1140Sstevel@tonic-gate d += T1; \ 1150Sstevel@tonic-gate T2 = BIGSIGMA0(a) + Maj(a, b, c); \ 1160Sstevel@tonic-gate h = T1 + T2 1170Sstevel@tonic-gate 1180Sstevel@tonic-gate /* 1190Sstevel@tonic-gate * sparc optimization: 1200Sstevel@tonic-gate * 1210Sstevel@tonic-gate * on the sparc, we can load big endian 32-bit data easily. note that 1220Sstevel@tonic-gate * special care must be taken to ensure the address is 32-bit aligned. 1230Sstevel@tonic-gate * in the interest of speed, we don't check to make sure, since 1240Sstevel@tonic-gate * careful programming can guarantee this for us. 1250Sstevel@tonic-gate */ 1260Sstevel@tonic-gate 1270Sstevel@tonic-gate #if defined(_BIG_ENDIAN) 1280Sstevel@tonic-gate #define LOAD_BIG_32(addr) (*(uint32_t *)(addr)) 129*7421SDaniel.Anderson@Sun.COM #define LOAD_BIG_64(addr) (*(uint64_t *)(addr)) 1300Sstevel@tonic-gate 131*7421SDaniel.Anderson@Sun.COM #elif defined(HAVE_HTONL) 132*7421SDaniel.Anderson@Sun.COM #define LOAD_BIG_32(addr) htonl(*((uint32_t *)(addr))) 133*7421SDaniel.Anderson@Sun.COM #define LOAD_BIG_64(addr) htonll(*((uint64_t *)(addr))) 1340Sstevel@tonic-gate 135*7421SDaniel.Anderson@Sun.COM #else 136*7421SDaniel.Anderson@Sun.COM /* little endian -- will work on big endian, but slowly */ 1370Sstevel@tonic-gate #define LOAD_BIG_32(addr) \ 1380Sstevel@tonic-gate (((addr)[0] << 24) | ((addr)[1] << 16) | ((addr)[2] << 8) | (addr)[3]) 1390Sstevel@tonic-gate #define LOAD_BIG_64(addr) \ 1400Sstevel@tonic-gate (((uint64_t)(addr)[0] << 56) | ((uint64_t)(addr)[1] << 48) | \ 1410Sstevel@tonic-gate ((uint64_t)(addr)[2] << 40) | ((uint64_t)(addr)[3] << 32) | \ 1420Sstevel@tonic-gate ((uint64_t)(addr)[4] << 24) | ((uint64_t)(addr)[5] << 16) | \ 1430Sstevel@tonic-gate ((uint64_t)(addr)[6] << 8) | (uint64_t)(addr)[7]) 144*7421SDaniel.Anderson@Sun.COM #endif /* _BIG_ENDIAN */ 1450Sstevel@tonic-gate 1460Sstevel@tonic-gate 1476281Sda73024 #if !defined(__amd64) 1480Sstevel@tonic-gate /* SHA256 Transform */ 1490Sstevel@tonic-gate 1500Sstevel@tonic-gate static void 1510Sstevel@tonic-gate SHA256Transform(SHA2_CTX *ctx, const uint8_t *blk) 1520Sstevel@tonic-gate { 1530Sstevel@tonic-gate uint32_t a = ctx->state.s32[0]; 1540Sstevel@tonic-gate uint32_t b = ctx->state.s32[1]; 1550Sstevel@tonic-gate uint32_t c = ctx->state.s32[2]; 1560Sstevel@tonic-gate uint32_t d = ctx->state.s32[3]; 1570Sstevel@tonic-gate uint32_t e = ctx->state.s32[4]; 1580Sstevel@tonic-gate uint32_t f = ctx->state.s32[5]; 1590Sstevel@tonic-gate uint32_t g = ctx->state.s32[6]; 1600Sstevel@tonic-gate uint32_t h = ctx->state.s32[7]; 1610Sstevel@tonic-gate 1620Sstevel@tonic-gate uint32_t w0, w1, w2, w3, w4, w5, w6, w7; 1630Sstevel@tonic-gate uint32_t w8, w9, w10, w11, w12, w13, w14, w15; 1640Sstevel@tonic-gate uint32_t T1, T2; 1650Sstevel@tonic-gate 1660Sstevel@tonic-gate #if defined(__sparc) 1670Sstevel@tonic-gate static const uint32_t sha256_consts[] = { 1680Sstevel@tonic-gate SHA256_CONST_0, SHA256_CONST_1, SHA256_CONST_2, 1690Sstevel@tonic-gate SHA256_CONST_3, SHA256_CONST_4, SHA256_CONST_5, 1700Sstevel@tonic-gate SHA256_CONST_6, SHA256_CONST_7, SHA256_CONST_8, 1710Sstevel@tonic-gate SHA256_CONST_9, SHA256_CONST_10, SHA256_CONST_11, 1720Sstevel@tonic-gate SHA256_CONST_12, SHA256_CONST_13, SHA256_CONST_14, 1730Sstevel@tonic-gate SHA256_CONST_15, SHA256_CONST_16, SHA256_CONST_17, 1740Sstevel@tonic-gate SHA256_CONST_18, SHA256_CONST_19, SHA256_CONST_20, 1750Sstevel@tonic-gate SHA256_CONST_21, SHA256_CONST_22, SHA256_CONST_23, 1760Sstevel@tonic-gate SHA256_CONST_24, SHA256_CONST_25, SHA256_CONST_26, 1770Sstevel@tonic-gate SHA256_CONST_27, SHA256_CONST_28, SHA256_CONST_29, 1780Sstevel@tonic-gate SHA256_CONST_30, SHA256_CONST_31, SHA256_CONST_32, 1790Sstevel@tonic-gate SHA256_CONST_33, SHA256_CONST_34, SHA256_CONST_35, 1800Sstevel@tonic-gate SHA256_CONST_36, SHA256_CONST_37, SHA256_CONST_38, 1810Sstevel@tonic-gate SHA256_CONST_39, SHA256_CONST_40, SHA256_CONST_41, 1820Sstevel@tonic-gate SHA256_CONST_42, SHA256_CONST_43, SHA256_CONST_44, 1830Sstevel@tonic-gate SHA256_CONST_45, SHA256_CONST_46, SHA256_CONST_47, 1840Sstevel@tonic-gate SHA256_CONST_48, SHA256_CONST_49, SHA256_CONST_50, 1850Sstevel@tonic-gate SHA256_CONST_51, SHA256_CONST_52, SHA256_CONST_53, 1860Sstevel@tonic-gate SHA256_CONST_54, SHA256_CONST_55, SHA256_CONST_56, 1870Sstevel@tonic-gate SHA256_CONST_57, SHA256_CONST_58, SHA256_CONST_59, 1880Sstevel@tonic-gate SHA256_CONST_60, SHA256_CONST_61, SHA256_CONST_62, 1890Sstevel@tonic-gate SHA256_CONST_63 1900Sstevel@tonic-gate }; 1916281Sda73024 #endif /* __sparc */ 1920Sstevel@tonic-gate 1930Sstevel@tonic-gate if ((uintptr_t)blk & 0x3) { /* not 4-byte aligned? */ 1940Sstevel@tonic-gate bcopy(blk, ctx->buf_un.buf32, sizeof (ctx->buf_un.buf32)); 1950Sstevel@tonic-gate blk = (uint8_t *)ctx->buf_un.buf32; 1960Sstevel@tonic-gate } 1970Sstevel@tonic-gate 1981694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 199676Sizick w0 = LOAD_BIG_32(blk + 4 * 0); 200676Sizick SHA256ROUND(a, b, c, d, e, f, g, h, 0, w0); 2011694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 202676Sizick w1 = LOAD_BIG_32(blk + 4 * 1); 203676Sizick SHA256ROUND(h, a, b, c, d, e, f, g, 1, w1); 2041694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 205676Sizick w2 = LOAD_BIG_32(blk + 4 * 2); 206676Sizick SHA256ROUND(g, h, a, b, c, d, e, f, 2, w2); 2071694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 208676Sizick w3 = LOAD_BIG_32(blk + 4 * 3); 209676Sizick SHA256ROUND(f, g, h, a, b, c, d, e, 3, w3); 2101694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 211676Sizick w4 = LOAD_BIG_32(blk + 4 * 4); 212676Sizick SHA256ROUND(e, f, g, h, a, b, c, d, 4, w4); 2131694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 214676Sizick w5 = LOAD_BIG_32(blk + 4 * 5); 215676Sizick SHA256ROUND(d, e, f, g, h, a, b, c, 5, w5); 2161694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 217676Sizick w6 = LOAD_BIG_32(blk + 4 * 6); 218676Sizick SHA256ROUND(c, d, e, f, g, h, a, b, 6, w6); 2191694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 220676Sizick w7 = LOAD_BIG_32(blk + 4 * 7); 221676Sizick SHA256ROUND(b, c, d, e, f, g, h, a, 7, w7); 2221694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 223676Sizick w8 = LOAD_BIG_32(blk + 4 * 8); 224676Sizick SHA256ROUND(a, b, c, d, e, f, g, h, 8, w8); 2251694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 226676Sizick w9 = LOAD_BIG_32(blk + 4 * 9); 227676Sizick SHA256ROUND(h, a, b, c, d, e, f, g, 9, w9); 2281694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 229676Sizick w10 = LOAD_BIG_32(blk + 4 * 10); 230676Sizick SHA256ROUND(g, h, a, b, c, d, e, f, 10, w10); 2311694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 232676Sizick w11 = LOAD_BIG_32(blk + 4 * 11); 233676Sizick SHA256ROUND(f, g, h, a, b, c, d, e, 11, w11); 2341694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 235676Sizick w12 = LOAD_BIG_32(blk + 4 * 12); 236676Sizick SHA256ROUND(e, f, g, h, a, b, c, d, 12, w12); 2371694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 238676Sizick w13 = LOAD_BIG_32(blk + 4 * 13); 239676Sizick SHA256ROUND(d, e, f, g, h, a, b, c, 13, w13); 2401694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 241676Sizick w14 = LOAD_BIG_32(blk + 4 * 14); 242676Sizick SHA256ROUND(c, d, e, f, g, h, a, b, 14, w14); 2431694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 244676Sizick w15 = LOAD_BIG_32(blk + 4 * 15); 245676Sizick SHA256ROUND(b, c, d, e, f, g, h, a, 15, w15); 246676Sizick 2470Sstevel@tonic-gate w0 = SIGMA1_256(w14) + w9 + SIGMA0_256(w1) + w0; 2480Sstevel@tonic-gate SHA256ROUND(a, b, c, d, e, f, g, h, 16, w0); 2490Sstevel@tonic-gate w1 = SIGMA1_256(w15) + w10 + SIGMA0_256(w2) + w1; 2500Sstevel@tonic-gate SHA256ROUND(h, a, b, c, d, e, f, g, 17, w1); 2510Sstevel@tonic-gate w2 = SIGMA1_256(w0) + w11 + SIGMA0_256(w3) + w2; 2520Sstevel@tonic-gate SHA256ROUND(g, h, a, b, c, d, e, f, 18, w2); 2530Sstevel@tonic-gate w3 = SIGMA1_256(w1) + w12 + SIGMA0_256(w4) + w3; 2540Sstevel@tonic-gate SHA256ROUND(f, g, h, a, b, c, d, e, 19, w3); 2550Sstevel@tonic-gate w4 = SIGMA1_256(w2) + w13 + SIGMA0_256(w5) + w4; 2560Sstevel@tonic-gate SHA256ROUND(e, f, g, h, a, b, c, d, 20, w4); 2570Sstevel@tonic-gate w5 = SIGMA1_256(w3) + w14 + SIGMA0_256(w6) + w5; 2580Sstevel@tonic-gate SHA256ROUND(d, e, f, g, h, a, b, c, 21, w5); 2590Sstevel@tonic-gate w6 = SIGMA1_256(w4) + w15 + SIGMA0_256(w7) + w6; 2600Sstevel@tonic-gate SHA256ROUND(c, d, e, f, g, h, a, b, 22, w6); 2610Sstevel@tonic-gate w7 = SIGMA1_256(w5) + w0 + SIGMA0_256(w8) + w7; 2620Sstevel@tonic-gate SHA256ROUND(b, c, d, e, f, g, h, a, 23, w7); 2630Sstevel@tonic-gate w8 = SIGMA1_256(w6) + w1 + SIGMA0_256(w9) + w8; 2640Sstevel@tonic-gate SHA256ROUND(a, b, c, d, e, f, g, h, 24, w8); 2650Sstevel@tonic-gate w9 = SIGMA1_256(w7) + w2 + SIGMA0_256(w10) + w9; 2660Sstevel@tonic-gate SHA256ROUND(h, a, b, c, d, e, f, g, 25, w9); 2670Sstevel@tonic-gate w10 = SIGMA1_256(w8) + w3 + SIGMA0_256(w11) + w10; 2680Sstevel@tonic-gate SHA256ROUND(g, h, a, b, c, d, e, f, 26, w10); 2690Sstevel@tonic-gate w11 = SIGMA1_256(w9) + w4 + SIGMA0_256(w12) + w11; 2700Sstevel@tonic-gate SHA256ROUND(f, g, h, a, b, c, d, e, 27, w11); 2710Sstevel@tonic-gate w12 = SIGMA1_256(w10) + w5 + SIGMA0_256(w13) + w12; 2720Sstevel@tonic-gate SHA256ROUND(e, f, g, h, a, b, c, d, 28, w12); 2730Sstevel@tonic-gate w13 = SIGMA1_256(w11) + w6 + SIGMA0_256(w14) + w13; 2740Sstevel@tonic-gate SHA256ROUND(d, e, f, g, h, a, b, c, 29, w13); 2750Sstevel@tonic-gate w14 = SIGMA1_256(w12) + w7 + SIGMA0_256(w15) + w14; 2760Sstevel@tonic-gate SHA256ROUND(c, d, e, f, g, h, a, b, 30, w14); 2770Sstevel@tonic-gate w15 = SIGMA1_256(w13) + w8 + SIGMA0_256(w0) + w15; 2780Sstevel@tonic-gate SHA256ROUND(b, c, d, e, f, g, h, a, 31, w15); 2790Sstevel@tonic-gate 2800Sstevel@tonic-gate w0 = SIGMA1_256(w14) + w9 + SIGMA0_256(w1) + w0; 2810Sstevel@tonic-gate SHA256ROUND(a, b, c, d, e, f, g, h, 32, w0); 2820Sstevel@tonic-gate w1 = SIGMA1_256(w15) + w10 + SIGMA0_256(w2) + w1; 2830Sstevel@tonic-gate SHA256ROUND(h, a, b, c, d, e, f, g, 33, w1); 2840Sstevel@tonic-gate w2 = SIGMA1_256(w0) + w11 + SIGMA0_256(w3) + w2; 2850Sstevel@tonic-gate SHA256ROUND(g, h, a, b, c, d, e, f, 34, w2); 2860Sstevel@tonic-gate w3 = SIGMA1_256(w1) + w12 + SIGMA0_256(w4) + w3; 2870Sstevel@tonic-gate SHA256ROUND(f, g, h, a, b, c, d, e, 35, w3); 2880Sstevel@tonic-gate w4 = SIGMA1_256(w2) + w13 + SIGMA0_256(w5) + w4; 2890Sstevel@tonic-gate SHA256ROUND(e, f, g, h, a, b, c, d, 36, w4); 2900Sstevel@tonic-gate w5 = SIGMA1_256(w3) + w14 + SIGMA0_256(w6) + w5; 2910Sstevel@tonic-gate SHA256ROUND(d, e, f, g, h, a, b, c, 37, w5); 2920Sstevel@tonic-gate w6 = SIGMA1_256(w4) + w15 + SIGMA0_256(w7) + w6; 2930Sstevel@tonic-gate SHA256ROUND(c, d, e, f, g, h, a, b, 38, w6); 2940Sstevel@tonic-gate w7 = SIGMA1_256(w5) + w0 + SIGMA0_256(w8) + w7; 2950Sstevel@tonic-gate SHA256ROUND(b, c, d, e, f, g, h, a, 39, w7); 2960Sstevel@tonic-gate w8 = SIGMA1_256(w6) + w1 + SIGMA0_256(w9) + w8; 2970Sstevel@tonic-gate SHA256ROUND(a, b, c, d, e, f, g, h, 40, w8); 2980Sstevel@tonic-gate w9 = SIGMA1_256(w7) + w2 + SIGMA0_256(w10) + w9; 2990Sstevel@tonic-gate SHA256ROUND(h, a, b, c, d, e, f, g, 41, w9); 3000Sstevel@tonic-gate w10 = SIGMA1_256(w8) + w3 + SIGMA0_256(w11) + w10; 3010Sstevel@tonic-gate SHA256ROUND(g, h, a, b, c, d, e, f, 42, w10); 3020Sstevel@tonic-gate w11 = SIGMA1_256(w9) + w4 + SIGMA0_256(w12) + w11; 3030Sstevel@tonic-gate SHA256ROUND(f, g, h, a, b, c, d, e, 43, w11); 3040Sstevel@tonic-gate w12 = SIGMA1_256(w10) + w5 + SIGMA0_256(w13) + w12; 3050Sstevel@tonic-gate SHA256ROUND(e, f, g, h, a, b, c, d, 44, w12); 3060Sstevel@tonic-gate w13 = SIGMA1_256(w11) + w6 + SIGMA0_256(w14) + w13; 3070Sstevel@tonic-gate SHA256ROUND(d, e, f, g, h, a, b, c, 45, w13); 3080Sstevel@tonic-gate w14 = SIGMA1_256(w12) + w7 + SIGMA0_256(w15) + w14; 3090Sstevel@tonic-gate SHA256ROUND(c, d, e, f, g, h, a, b, 46, w14); 3100Sstevel@tonic-gate w15 = SIGMA1_256(w13) + w8 + SIGMA0_256(w0) + w15; 3110Sstevel@tonic-gate SHA256ROUND(b, c, d, e, f, g, h, a, 47, w15); 3120Sstevel@tonic-gate 3130Sstevel@tonic-gate w0 = SIGMA1_256(w14) + w9 + SIGMA0_256(w1) + w0; 3140Sstevel@tonic-gate SHA256ROUND(a, b, c, d, e, f, g, h, 48, w0); 3150Sstevel@tonic-gate w1 = SIGMA1_256(w15) + w10 + SIGMA0_256(w2) + w1; 3160Sstevel@tonic-gate SHA256ROUND(h, a, b, c, d, e, f, g, 49, w1); 3170Sstevel@tonic-gate w2 = SIGMA1_256(w0) + w11 + SIGMA0_256(w3) + w2; 3180Sstevel@tonic-gate SHA256ROUND(g, h, a, b, c, d, e, f, 50, w2); 3190Sstevel@tonic-gate w3 = SIGMA1_256(w1) + w12 + SIGMA0_256(w4) + w3; 3200Sstevel@tonic-gate SHA256ROUND(f, g, h, a, b, c, d, e, 51, w3); 3210Sstevel@tonic-gate w4 = SIGMA1_256(w2) + w13 + SIGMA0_256(w5) + w4; 3220Sstevel@tonic-gate SHA256ROUND(e, f, g, h, a, b, c, d, 52, w4); 3230Sstevel@tonic-gate w5 = SIGMA1_256(w3) + w14 + SIGMA0_256(w6) + w5; 3240Sstevel@tonic-gate SHA256ROUND(d, e, f, g, h, a, b, c, 53, w5); 3250Sstevel@tonic-gate w6 = SIGMA1_256(w4) + w15 + SIGMA0_256(w7) + w6; 3260Sstevel@tonic-gate SHA256ROUND(c, d, e, f, g, h, a, b, 54, w6); 3270Sstevel@tonic-gate w7 = SIGMA1_256(w5) + w0 + SIGMA0_256(w8) + w7; 3280Sstevel@tonic-gate SHA256ROUND(b, c, d, e, f, g, h, a, 55, w7); 3290Sstevel@tonic-gate w8 = SIGMA1_256(w6) + w1 + SIGMA0_256(w9) + w8; 3300Sstevel@tonic-gate SHA256ROUND(a, b, c, d, e, f, g, h, 56, w8); 3310Sstevel@tonic-gate w9 = SIGMA1_256(w7) + w2 + SIGMA0_256(w10) + w9; 3320Sstevel@tonic-gate SHA256ROUND(h, a, b, c, d, e, f, g, 57, w9); 3330Sstevel@tonic-gate w10 = SIGMA1_256(w8) + w3 + SIGMA0_256(w11) + w10; 3340Sstevel@tonic-gate SHA256ROUND(g, h, a, b, c, d, e, f, 58, w10); 3350Sstevel@tonic-gate w11 = SIGMA1_256(w9) + w4 + SIGMA0_256(w12) + w11; 3360Sstevel@tonic-gate SHA256ROUND(f, g, h, a, b, c, d, e, 59, w11); 3370Sstevel@tonic-gate w12 = SIGMA1_256(w10) + w5 + SIGMA0_256(w13) + w12; 3380Sstevel@tonic-gate SHA256ROUND(e, f, g, h, a, b, c, d, 60, w12); 3390Sstevel@tonic-gate w13 = SIGMA1_256(w11) + w6 + SIGMA0_256(w14) + w13; 3400Sstevel@tonic-gate SHA256ROUND(d, e, f, g, h, a, b, c, 61, w13); 3410Sstevel@tonic-gate w14 = SIGMA1_256(w12) + w7 + SIGMA0_256(w15) + w14; 3420Sstevel@tonic-gate SHA256ROUND(c, d, e, f, g, h, a, b, 62, w14); 3430Sstevel@tonic-gate w15 = SIGMA1_256(w13) + w8 + SIGMA0_256(w0) + w15; 3440Sstevel@tonic-gate SHA256ROUND(b, c, d, e, f, g, h, a, 63, w15); 3450Sstevel@tonic-gate 3460Sstevel@tonic-gate ctx->state.s32[0] += a; 3470Sstevel@tonic-gate ctx->state.s32[1] += b; 3480Sstevel@tonic-gate ctx->state.s32[2] += c; 3490Sstevel@tonic-gate ctx->state.s32[3] += d; 3500Sstevel@tonic-gate ctx->state.s32[4] += e; 3510Sstevel@tonic-gate ctx->state.s32[5] += f; 3520Sstevel@tonic-gate ctx->state.s32[6] += g; 3530Sstevel@tonic-gate ctx->state.s32[7] += h; 3540Sstevel@tonic-gate } 3550Sstevel@tonic-gate 3560Sstevel@tonic-gate 3570Sstevel@tonic-gate /* SHA384 and SHA512 Transform */ 3580Sstevel@tonic-gate 3590Sstevel@tonic-gate static void 3600Sstevel@tonic-gate SHA512Transform(SHA2_CTX *ctx, const uint8_t *blk) 3610Sstevel@tonic-gate { 3620Sstevel@tonic-gate 3630Sstevel@tonic-gate uint64_t a = ctx->state.s64[0]; 3640Sstevel@tonic-gate uint64_t b = ctx->state.s64[1]; 3650Sstevel@tonic-gate uint64_t c = ctx->state.s64[2]; 3660Sstevel@tonic-gate uint64_t d = ctx->state.s64[3]; 3670Sstevel@tonic-gate uint64_t e = ctx->state.s64[4]; 3680Sstevel@tonic-gate uint64_t f = ctx->state.s64[5]; 3690Sstevel@tonic-gate uint64_t g = ctx->state.s64[6]; 3700Sstevel@tonic-gate uint64_t h = ctx->state.s64[7]; 3710Sstevel@tonic-gate 3720Sstevel@tonic-gate uint64_t w0, w1, w2, w3, w4, w5, w6, w7; 3730Sstevel@tonic-gate uint64_t w8, w9, w10, w11, w12, w13, w14, w15; 3740Sstevel@tonic-gate uint64_t T1, T2; 3750Sstevel@tonic-gate 3760Sstevel@tonic-gate #if defined(__sparc) 3770Sstevel@tonic-gate static const uint64_t sha512_consts[] = { 3780Sstevel@tonic-gate SHA512_CONST_0, SHA512_CONST_1, SHA512_CONST_2, 3790Sstevel@tonic-gate SHA512_CONST_3, SHA512_CONST_4, SHA512_CONST_5, 3800Sstevel@tonic-gate SHA512_CONST_6, SHA512_CONST_7, SHA512_CONST_8, 3810Sstevel@tonic-gate SHA512_CONST_9, SHA512_CONST_10, SHA512_CONST_11, 3820Sstevel@tonic-gate SHA512_CONST_12, SHA512_CONST_13, SHA512_CONST_14, 3830Sstevel@tonic-gate SHA512_CONST_15, SHA512_CONST_16, SHA512_CONST_17, 3840Sstevel@tonic-gate SHA512_CONST_18, SHA512_CONST_19, SHA512_CONST_20, 3850Sstevel@tonic-gate SHA512_CONST_21, SHA512_CONST_22, SHA512_CONST_23, 3860Sstevel@tonic-gate SHA512_CONST_24, SHA512_CONST_25, SHA512_CONST_26, 3870Sstevel@tonic-gate SHA512_CONST_27, SHA512_CONST_28, SHA512_CONST_29, 3880Sstevel@tonic-gate SHA512_CONST_30, SHA512_CONST_31, SHA512_CONST_32, 3890Sstevel@tonic-gate SHA512_CONST_33, SHA512_CONST_34, SHA512_CONST_35, 3900Sstevel@tonic-gate SHA512_CONST_36, SHA512_CONST_37, SHA512_CONST_38, 3910Sstevel@tonic-gate SHA512_CONST_39, SHA512_CONST_40, SHA512_CONST_41, 3920Sstevel@tonic-gate SHA512_CONST_42, SHA512_CONST_43, SHA512_CONST_44, 3930Sstevel@tonic-gate SHA512_CONST_45, SHA512_CONST_46, SHA512_CONST_47, 3940Sstevel@tonic-gate SHA512_CONST_48, SHA512_CONST_49, SHA512_CONST_50, 3950Sstevel@tonic-gate SHA512_CONST_51, SHA512_CONST_52, SHA512_CONST_53, 3960Sstevel@tonic-gate SHA512_CONST_54, SHA512_CONST_55, SHA512_CONST_56, 3970Sstevel@tonic-gate SHA512_CONST_57, SHA512_CONST_58, SHA512_CONST_59, 3980Sstevel@tonic-gate SHA512_CONST_60, SHA512_CONST_61, SHA512_CONST_62, 3990Sstevel@tonic-gate SHA512_CONST_63, SHA512_CONST_64, SHA512_CONST_65, 4000Sstevel@tonic-gate SHA512_CONST_66, SHA512_CONST_67, SHA512_CONST_68, 4010Sstevel@tonic-gate SHA512_CONST_69, SHA512_CONST_70, SHA512_CONST_71, 4020Sstevel@tonic-gate SHA512_CONST_72, SHA512_CONST_73, SHA512_CONST_74, 4030Sstevel@tonic-gate SHA512_CONST_75, SHA512_CONST_76, SHA512_CONST_77, 4040Sstevel@tonic-gate SHA512_CONST_78, SHA512_CONST_79 4050Sstevel@tonic-gate }; 4066281Sda73024 #endif /* __sparc */ 4070Sstevel@tonic-gate 4080Sstevel@tonic-gate 4090Sstevel@tonic-gate if ((uintptr_t)blk & 0x7) { /* not 8-byte aligned? */ 4100Sstevel@tonic-gate bcopy(blk, ctx->buf_un.buf64, sizeof (ctx->buf_un.buf64)); 4110Sstevel@tonic-gate blk = (uint8_t *)ctx->buf_un.buf64; 4120Sstevel@tonic-gate } 4130Sstevel@tonic-gate 4141694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 415676Sizick w0 = LOAD_BIG_64(blk + 8 * 0); 416676Sizick SHA512ROUND(a, b, c, d, e, f, g, h, 0, w0); 4171694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 418676Sizick w1 = LOAD_BIG_64(blk + 8 * 1); 419676Sizick SHA512ROUND(h, a, b, c, d, e, f, g, 1, w1); 4201694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 421676Sizick w2 = LOAD_BIG_64(blk + 8 * 2); 422676Sizick SHA512ROUND(g, h, a, b, c, d, e, f, 2, w2); 4231694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 424676Sizick w3 = LOAD_BIG_64(blk + 8 * 3); 425676Sizick SHA512ROUND(f, g, h, a, b, c, d, e, 3, w3); 4261694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 427676Sizick w4 = LOAD_BIG_64(blk + 8 * 4); 428676Sizick SHA512ROUND(e, f, g, h, a, b, c, d, 4, w4); 4291694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 430676Sizick w5 = LOAD_BIG_64(blk + 8 * 5); 431676Sizick SHA512ROUND(d, e, f, g, h, a, b, c, 5, w5); 4321694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 433676Sizick w6 = LOAD_BIG_64(blk + 8 * 6); 434676Sizick SHA512ROUND(c, d, e, f, g, h, a, b, 6, w6); 4351694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 436676Sizick w7 = LOAD_BIG_64(blk + 8 * 7); 437676Sizick SHA512ROUND(b, c, d, e, f, g, h, a, 7, w7); 4381694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 439676Sizick w8 = LOAD_BIG_64(blk + 8 * 8); 440676Sizick SHA512ROUND(a, b, c, d, e, f, g, h, 8, w8); 4411694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 442676Sizick w9 = LOAD_BIG_64(blk + 8 * 9); 443676Sizick SHA512ROUND(h, a, b, c, d, e, f, g, 9, w9); 4441694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 445676Sizick w10 = LOAD_BIG_64(blk + 8 * 10); 446676Sizick SHA512ROUND(g, h, a, b, c, d, e, f, 10, w10); 4471694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 448676Sizick w11 = LOAD_BIG_64(blk + 8 * 11); 449676Sizick SHA512ROUND(f, g, h, a, b, c, d, e, 11, w11); 4501694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 451676Sizick w12 = LOAD_BIG_64(blk + 8 * 12); 452676Sizick SHA512ROUND(e, f, g, h, a, b, c, d, 12, w12); 4531694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 454676Sizick w13 = LOAD_BIG_64(blk + 8 * 13); 455676Sizick SHA512ROUND(d, e, f, g, h, a, b, c, 13, w13); 4561694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 457676Sizick w14 = LOAD_BIG_64(blk + 8 * 14); 458676Sizick SHA512ROUND(c, d, e, f, g, h, a, b, 14, w14); 4591694Sdarrenm /* LINTED E_BAD_PTR_CAST_ALIGN */ 460676Sizick w15 = LOAD_BIG_64(blk + 8 * 15); 461676Sizick SHA512ROUND(b, c, d, e, f, g, h, a, 15, w15); 462676Sizick 4630Sstevel@tonic-gate w0 = SIGMA1(w14) + w9 + SIGMA0(w1) + w0; 4640Sstevel@tonic-gate SHA512ROUND(a, b, c, d, e, f, g, h, 16, w0); 4650Sstevel@tonic-gate w1 = SIGMA1(w15) + w10 + SIGMA0(w2) + w1; 4660Sstevel@tonic-gate SHA512ROUND(h, a, b, c, d, e, f, g, 17, w1); 4670Sstevel@tonic-gate w2 = SIGMA1(w0) + w11 + SIGMA0(w3) + w2; 4680Sstevel@tonic-gate SHA512ROUND(g, h, a, b, c, d, e, f, 18, w2); 4690Sstevel@tonic-gate w3 = SIGMA1(w1) + w12 + SIGMA0(w4) + w3; 4700Sstevel@tonic-gate SHA512ROUND(f, g, h, a, b, c, d, e, 19, w3); 4710Sstevel@tonic-gate w4 = SIGMA1(w2) + w13 + SIGMA0(w5) + w4; 4720Sstevel@tonic-gate SHA512ROUND(e, f, g, h, a, b, c, d, 20, w4); 4730Sstevel@tonic-gate w5 = SIGMA1(w3) + w14 + SIGMA0(w6) + w5; 4740Sstevel@tonic-gate SHA512ROUND(d, e, f, g, h, a, b, c, 21, w5); 4750Sstevel@tonic-gate w6 = SIGMA1(w4) + w15 + SIGMA0(w7) + w6; 4760Sstevel@tonic-gate SHA512ROUND(c, d, e, f, g, h, a, b, 22, w6); 4770Sstevel@tonic-gate w7 = SIGMA1(w5) + w0 + SIGMA0(w8) + w7; 4780Sstevel@tonic-gate SHA512ROUND(b, c, d, e, f, g, h, a, 23, w7); 4790Sstevel@tonic-gate w8 = SIGMA1(w6) + w1 + SIGMA0(w9) + w8; 4800Sstevel@tonic-gate SHA512ROUND(a, b, c, d, e, f, g, h, 24, w8); 4810Sstevel@tonic-gate w9 = SIGMA1(w7) + w2 + SIGMA0(w10) + w9; 4820Sstevel@tonic-gate SHA512ROUND(h, a, b, c, d, e, f, g, 25, w9); 4830Sstevel@tonic-gate w10 = SIGMA1(w8) + w3 + SIGMA0(w11) + w10; 4840Sstevel@tonic-gate SHA512ROUND(g, h, a, b, c, d, e, f, 26, w10); 4850Sstevel@tonic-gate w11 = SIGMA1(w9) + w4 + SIGMA0(w12) + w11; 4860Sstevel@tonic-gate SHA512ROUND(f, g, h, a, b, c, d, e, 27, w11); 4870Sstevel@tonic-gate w12 = SIGMA1(w10) + w5 + SIGMA0(w13) + w12; 4880Sstevel@tonic-gate SHA512ROUND(e, f, g, h, a, b, c, d, 28, w12); 4890Sstevel@tonic-gate w13 = SIGMA1(w11) + w6 + SIGMA0(w14) + w13; 4900Sstevel@tonic-gate SHA512ROUND(d, e, f, g, h, a, b, c, 29, w13); 4910Sstevel@tonic-gate w14 = SIGMA1(w12) + w7 + SIGMA0(w15) + w14; 4920Sstevel@tonic-gate SHA512ROUND(c, d, e, f, g, h, a, b, 30, w14); 4930Sstevel@tonic-gate w15 = SIGMA1(w13) + w8 + SIGMA0(w0) + w15; 4940Sstevel@tonic-gate SHA512ROUND(b, c, d, e, f, g, h, a, 31, w15); 4950Sstevel@tonic-gate 4960Sstevel@tonic-gate w0 = SIGMA1(w14) + w9 + SIGMA0(w1) + w0; 4970Sstevel@tonic-gate SHA512ROUND(a, b, c, d, e, f, g, h, 32, w0); 4980Sstevel@tonic-gate w1 = SIGMA1(w15) + w10 + SIGMA0(w2) + w1; 4990Sstevel@tonic-gate SHA512ROUND(h, a, b, c, d, e, f, g, 33, w1); 5000Sstevel@tonic-gate w2 = SIGMA1(w0) + w11 + SIGMA0(w3) + w2; 5010Sstevel@tonic-gate SHA512ROUND(g, h, a, b, c, d, e, f, 34, w2); 5020Sstevel@tonic-gate w3 = SIGMA1(w1) + w12 + SIGMA0(w4) + w3; 5030Sstevel@tonic-gate SHA512ROUND(f, g, h, a, b, c, d, e, 35, w3); 5040Sstevel@tonic-gate w4 = SIGMA1(w2) + w13 + SIGMA0(w5) + w4; 5050Sstevel@tonic-gate SHA512ROUND(e, f, g, h, a, b, c, d, 36, w4); 5060Sstevel@tonic-gate w5 = SIGMA1(w3) + w14 + SIGMA0(w6) + w5; 5070Sstevel@tonic-gate SHA512ROUND(d, e, f, g, h, a, b, c, 37, w5); 5080Sstevel@tonic-gate w6 = SIGMA1(w4) + w15 + SIGMA0(w7) + w6; 5090Sstevel@tonic-gate SHA512ROUND(c, d, e, f, g, h, a, b, 38, w6); 5100Sstevel@tonic-gate w7 = SIGMA1(w5) + w0 + SIGMA0(w8) + w7; 5110Sstevel@tonic-gate SHA512ROUND(b, c, d, e, f, g, h, a, 39, w7); 5120Sstevel@tonic-gate w8 = SIGMA1(w6) + w1 + SIGMA0(w9) + w8; 5130Sstevel@tonic-gate SHA512ROUND(a, b, c, d, e, f, g, h, 40, w8); 5140Sstevel@tonic-gate w9 = SIGMA1(w7) + w2 + SIGMA0(w10) + w9; 5150Sstevel@tonic-gate SHA512ROUND(h, a, b, c, d, e, f, g, 41, w9); 5160Sstevel@tonic-gate w10 = SIGMA1(w8) + w3 + SIGMA0(w11) + w10; 5170Sstevel@tonic-gate SHA512ROUND(g, h, a, b, c, d, e, f, 42, w10); 5180Sstevel@tonic-gate w11 = SIGMA1(w9) + w4 + SIGMA0(w12) + w11; 5190Sstevel@tonic-gate SHA512ROUND(f, g, h, a, b, c, d, e, 43, w11); 5200Sstevel@tonic-gate w12 = SIGMA1(w10) + w5 + SIGMA0(w13) + w12; 5210Sstevel@tonic-gate SHA512ROUND(e, f, g, h, a, b, c, d, 44, w12); 5220Sstevel@tonic-gate w13 = SIGMA1(w11) + w6 + SIGMA0(w14) + w13; 5230Sstevel@tonic-gate SHA512ROUND(d, e, f, g, h, a, b, c, 45, w13); 5240Sstevel@tonic-gate w14 = SIGMA1(w12) + w7 + SIGMA0(w15) + w14; 5250Sstevel@tonic-gate SHA512ROUND(c, d, e, f, g, h, a, b, 46, w14); 5260Sstevel@tonic-gate w15 = SIGMA1(w13) + w8 + SIGMA0(w0) + w15; 5270Sstevel@tonic-gate SHA512ROUND(b, c, d, e, f, g, h, a, 47, w15); 5280Sstevel@tonic-gate 5290Sstevel@tonic-gate w0 = SIGMA1(w14) + w9 + SIGMA0(w1) + w0; 5300Sstevel@tonic-gate SHA512ROUND(a, b, c, d, e, f, g, h, 48, w0); 5310Sstevel@tonic-gate w1 = SIGMA1(w15) + w10 + SIGMA0(w2) + w1; 5320Sstevel@tonic-gate SHA512ROUND(h, a, b, c, d, e, f, g, 49, w1); 5330Sstevel@tonic-gate w2 = SIGMA1(w0) + w11 + SIGMA0(w3) + w2; 5340Sstevel@tonic-gate SHA512ROUND(g, h, a, b, c, d, e, f, 50, w2); 5350Sstevel@tonic-gate w3 = SIGMA1(w1) + w12 + SIGMA0(w4) + w3; 5360Sstevel@tonic-gate SHA512ROUND(f, g, h, a, b, c, d, e, 51, w3); 5370Sstevel@tonic-gate w4 = SIGMA1(w2) + w13 + SIGMA0(w5) + w4; 5380Sstevel@tonic-gate SHA512ROUND(e, f, g, h, a, b, c, d, 52, w4); 5390Sstevel@tonic-gate w5 = SIGMA1(w3) + w14 + SIGMA0(w6) + w5; 5400Sstevel@tonic-gate SHA512ROUND(d, e, f, g, h, a, b, c, 53, w5); 5410Sstevel@tonic-gate w6 = SIGMA1(w4) + w15 + SIGMA0(w7) + w6; 5420Sstevel@tonic-gate SHA512ROUND(c, d, e, f, g, h, a, b, 54, w6); 5430Sstevel@tonic-gate w7 = SIGMA1(w5) + w0 + SIGMA0(w8) + w7; 5440Sstevel@tonic-gate SHA512ROUND(b, c, d, e, f, g, h, a, 55, w7); 5450Sstevel@tonic-gate w8 = SIGMA1(w6) + w1 + SIGMA0(w9) + w8; 5460Sstevel@tonic-gate SHA512ROUND(a, b, c, d, e, f, g, h, 56, w8); 5470Sstevel@tonic-gate w9 = SIGMA1(w7) + w2 + SIGMA0(w10) + w9; 5480Sstevel@tonic-gate SHA512ROUND(h, a, b, c, d, e, f, g, 57, w9); 5490Sstevel@tonic-gate w10 = SIGMA1(w8) + w3 + SIGMA0(w11) + w10; 5500Sstevel@tonic-gate SHA512ROUND(g, h, a, b, c, d, e, f, 58, w10); 5510Sstevel@tonic-gate w11 = SIGMA1(w9) + w4 + SIGMA0(w12) + w11; 5520Sstevel@tonic-gate SHA512ROUND(f, g, h, a, b, c, d, e, 59, w11); 5530Sstevel@tonic-gate w12 = SIGMA1(w10) + w5 + SIGMA0(w13) + w12; 5540Sstevel@tonic-gate SHA512ROUND(e, f, g, h, a, b, c, d, 60, w12); 5550Sstevel@tonic-gate w13 = SIGMA1(w11) + w6 + SIGMA0(w14) + w13; 5560Sstevel@tonic-gate SHA512ROUND(d, e, f, g, h, a, b, c, 61, w13); 5570Sstevel@tonic-gate w14 = SIGMA1(w12) + w7 + SIGMA0(w15) + w14; 5580Sstevel@tonic-gate SHA512ROUND(c, d, e, f, g, h, a, b, 62, w14); 5590Sstevel@tonic-gate w15 = SIGMA1(w13) + w8 + SIGMA0(w0) + w15; 5600Sstevel@tonic-gate SHA512ROUND(b, c, d, e, f, g, h, a, 63, w15); 5610Sstevel@tonic-gate 5620Sstevel@tonic-gate w0 = SIGMA1(w14) + w9 + SIGMA0(w1) + w0; 5630Sstevel@tonic-gate SHA512ROUND(a, b, c, d, e, f, g, h, 64, w0); 5640Sstevel@tonic-gate w1 = SIGMA1(w15) + w10 + SIGMA0(w2) + w1; 5650Sstevel@tonic-gate SHA512ROUND(h, a, b, c, d, e, f, g, 65, w1); 5660Sstevel@tonic-gate w2 = SIGMA1(w0) + w11 + SIGMA0(w3) + w2; 5670Sstevel@tonic-gate SHA512ROUND(g, h, a, b, c, d, e, f, 66, w2); 5680Sstevel@tonic-gate w3 = SIGMA1(w1) + w12 + SIGMA0(w4) + w3; 5690Sstevel@tonic-gate SHA512ROUND(f, g, h, a, b, c, d, e, 67, w3); 5700Sstevel@tonic-gate w4 = SIGMA1(w2) + w13 + SIGMA0(w5) + w4; 5710Sstevel@tonic-gate SHA512ROUND(e, f, g, h, a, b, c, d, 68, w4); 5720Sstevel@tonic-gate w5 = SIGMA1(w3) + w14 + SIGMA0(w6) + w5; 5730Sstevel@tonic-gate SHA512ROUND(d, e, f, g, h, a, b, c, 69, w5); 5740Sstevel@tonic-gate w6 = SIGMA1(w4) + w15 + SIGMA0(w7) + w6; 5750Sstevel@tonic-gate SHA512ROUND(c, d, e, f, g, h, a, b, 70, w6); 5760Sstevel@tonic-gate w7 = SIGMA1(w5) + w0 + SIGMA0(w8) + w7; 5770Sstevel@tonic-gate SHA512ROUND(b, c, d, e, f, g, h, a, 71, w7); 5780Sstevel@tonic-gate w8 = SIGMA1(w6) + w1 + SIGMA0(w9) + w8; 5790Sstevel@tonic-gate SHA512ROUND(a, b, c, d, e, f, g, h, 72, w8); 5800Sstevel@tonic-gate w9 = SIGMA1(w7) + w2 + SIGMA0(w10) + w9; 5810Sstevel@tonic-gate SHA512ROUND(h, a, b, c, d, e, f, g, 73, w9); 5820Sstevel@tonic-gate w10 = SIGMA1(w8) + w3 + SIGMA0(w11) + w10; 5830Sstevel@tonic-gate SHA512ROUND(g, h, a, b, c, d, e, f, 74, w10); 5840Sstevel@tonic-gate w11 = SIGMA1(w9) + w4 + SIGMA0(w12) + w11; 5850Sstevel@tonic-gate SHA512ROUND(f, g, h, a, b, c, d, e, 75, w11); 5860Sstevel@tonic-gate w12 = SIGMA1(w10) + w5 + SIGMA0(w13) + w12; 5870Sstevel@tonic-gate SHA512ROUND(e, f, g, h, a, b, c, d, 76, w12); 5880Sstevel@tonic-gate w13 = SIGMA1(w11) + w6 + SIGMA0(w14) + w13; 5890Sstevel@tonic-gate SHA512ROUND(d, e, f, g, h, a, b, c, 77, w13); 5900Sstevel@tonic-gate w14 = SIGMA1(w12) + w7 + SIGMA0(w15) + w14; 5910Sstevel@tonic-gate SHA512ROUND(c, d, e, f, g, h, a, b, 78, w14); 5920Sstevel@tonic-gate w15 = SIGMA1(w13) + w8 + SIGMA0(w0) + w15; 5930Sstevel@tonic-gate SHA512ROUND(b, c, d, e, f, g, h, a, 79, w15); 5940Sstevel@tonic-gate 5950Sstevel@tonic-gate ctx->state.s64[0] += a; 5960Sstevel@tonic-gate ctx->state.s64[1] += b; 5970Sstevel@tonic-gate ctx->state.s64[2] += c; 5980Sstevel@tonic-gate ctx->state.s64[3] += d; 5990Sstevel@tonic-gate ctx->state.s64[4] += e; 6000Sstevel@tonic-gate ctx->state.s64[5] += f; 6010Sstevel@tonic-gate ctx->state.s64[6] += g; 6020Sstevel@tonic-gate ctx->state.s64[7] += h; 6030Sstevel@tonic-gate 6040Sstevel@tonic-gate } 6056281Sda73024 #endif /* !__amd64 */ 6060Sstevel@tonic-gate 6070Sstevel@tonic-gate 6080Sstevel@tonic-gate /* 6090Sstevel@tonic-gate * Encode() 6100Sstevel@tonic-gate * 6110Sstevel@tonic-gate * purpose: to convert a list of numbers from little endian to big endian 6120Sstevel@tonic-gate * input: uint8_t * : place to store the converted big endian numbers 6130Sstevel@tonic-gate * uint32_t * : place to get numbers to convert from 6140Sstevel@tonic-gate * size_t : the length of the input in bytes 6150Sstevel@tonic-gate * output: void 6160Sstevel@tonic-gate */ 6170Sstevel@tonic-gate 6180Sstevel@tonic-gate static void 6191694Sdarrenm Encode(uint8_t *_RESTRICT_KYWD output, uint32_t *_RESTRICT_KYWD input, 6201694Sdarrenm size_t len) 6210Sstevel@tonic-gate { 6220Sstevel@tonic-gate size_t i, j; 6230Sstevel@tonic-gate 6240Sstevel@tonic-gate #if defined(__sparc) 6250Sstevel@tonic-gate if (IS_P2ALIGNED(output, sizeof (uint32_t))) { 6260Sstevel@tonic-gate for (i = 0, j = 0; j < len; i++, j += 4) { 6270Sstevel@tonic-gate /* LINTED: pointer alignment */ 6280Sstevel@tonic-gate *((uint32_t *)(output + j)) = input[i]; 6290Sstevel@tonic-gate } 6300Sstevel@tonic-gate } else { 6310Sstevel@tonic-gate #endif /* little endian -- will work on big endian, but slowly */ 6320Sstevel@tonic-gate for (i = 0, j = 0; j < len; i++, j += 4) { 6330Sstevel@tonic-gate output[j] = (input[i] >> 24) & 0xff; 6340Sstevel@tonic-gate output[j + 1] = (input[i] >> 16) & 0xff; 6350Sstevel@tonic-gate output[j + 2] = (input[i] >> 8) & 0xff; 6360Sstevel@tonic-gate output[j + 3] = input[i] & 0xff; 6370Sstevel@tonic-gate } 6380Sstevel@tonic-gate #if defined(__sparc) 6390Sstevel@tonic-gate } 6400Sstevel@tonic-gate #endif 6410Sstevel@tonic-gate } 6420Sstevel@tonic-gate 6430Sstevel@tonic-gate static void 6441694Sdarrenm Encode64(uint8_t *_RESTRICT_KYWD output, uint64_t *_RESTRICT_KYWD input, 6451694Sdarrenm size_t len) 6460Sstevel@tonic-gate { 6470Sstevel@tonic-gate size_t i, j; 6480Sstevel@tonic-gate 6490Sstevel@tonic-gate #if defined(__sparc) 6500Sstevel@tonic-gate if (IS_P2ALIGNED(output, sizeof (uint64_t))) { 6510Sstevel@tonic-gate for (i = 0, j = 0; j < len; i++, j += 8) { 6520Sstevel@tonic-gate /* LINTED: pointer alignment */ 6530Sstevel@tonic-gate *((uint64_t *)(output + j)) = input[i]; 6540Sstevel@tonic-gate } 6550Sstevel@tonic-gate } else { 6560Sstevel@tonic-gate #endif /* little endian -- will work on big endian, but slowly */ 6570Sstevel@tonic-gate for (i = 0, j = 0; j < len; i++, j += 8) { 6580Sstevel@tonic-gate 6590Sstevel@tonic-gate output[j] = (input[i] >> 56) & 0xff; 6600Sstevel@tonic-gate output[j + 1] = (input[i] >> 48) & 0xff; 6610Sstevel@tonic-gate output[j + 2] = (input[i] >> 40) & 0xff; 6620Sstevel@tonic-gate output[j + 3] = (input[i] >> 32) & 0xff; 6630Sstevel@tonic-gate output[j + 4] = (input[i] >> 24) & 0xff; 6640Sstevel@tonic-gate output[j + 5] = (input[i] >> 16) & 0xff; 6650Sstevel@tonic-gate output[j + 6] = (input[i] >> 8) & 0xff; 6660Sstevel@tonic-gate output[j + 7] = input[i] & 0xff; 6670Sstevel@tonic-gate } 6680Sstevel@tonic-gate #if defined(__sparc) 6690Sstevel@tonic-gate } 6700Sstevel@tonic-gate #endif 6710Sstevel@tonic-gate } 6720Sstevel@tonic-gate 6730Sstevel@tonic-gate 6740Sstevel@tonic-gate void 6750Sstevel@tonic-gate SHA2Init(uint64_t mech, SHA2_CTX *ctx) 6760Sstevel@tonic-gate { 6770Sstevel@tonic-gate 6780Sstevel@tonic-gate switch (mech) { 6790Sstevel@tonic-gate case SHA256_MECH_INFO_TYPE: 6800Sstevel@tonic-gate case SHA256_HMAC_MECH_INFO_TYPE: 6810Sstevel@tonic-gate case SHA256_HMAC_GEN_MECH_INFO_TYPE: 6820Sstevel@tonic-gate ctx->state.s32[0] = 0x6a09e667U; 6830Sstevel@tonic-gate ctx->state.s32[1] = 0xbb67ae85U; 6840Sstevel@tonic-gate ctx->state.s32[2] = 0x3c6ef372U; 6850Sstevel@tonic-gate ctx->state.s32[3] = 0xa54ff53aU; 6860Sstevel@tonic-gate ctx->state.s32[4] = 0x510e527fU; 6870Sstevel@tonic-gate ctx->state.s32[5] = 0x9b05688cU; 6880Sstevel@tonic-gate ctx->state.s32[6] = 0x1f83d9abU; 6890Sstevel@tonic-gate ctx->state.s32[7] = 0x5be0cd19U; 6900Sstevel@tonic-gate break; 6910Sstevel@tonic-gate case SHA384_MECH_INFO_TYPE: 6920Sstevel@tonic-gate case SHA384_HMAC_MECH_INFO_TYPE: 6930Sstevel@tonic-gate case SHA384_HMAC_GEN_MECH_INFO_TYPE: 6940Sstevel@tonic-gate ctx->state.s64[0] = 0xcbbb9d5dc1059ed8ULL; 6950Sstevel@tonic-gate ctx->state.s64[1] = 0x629a292a367cd507ULL; 6960Sstevel@tonic-gate ctx->state.s64[2] = 0x9159015a3070dd17ULL; 6970Sstevel@tonic-gate ctx->state.s64[3] = 0x152fecd8f70e5939ULL; 6980Sstevel@tonic-gate ctx->state.s64[4] = 0x67332667ffc00b31ULL; 6990Sstevel@tonic-gate ctx->state.s64[5] = 0x8eb44a8768581511ULL; 7000Sstevel@tonic-gate ctx->state.s64[6] = 0xdb0c2e0d64f98fa7ULL; 7010Sstevel@tonic-gate ctx->state.s64[7] = 0x47b5481dbefa4fa4ULL; 7020Sstevel@tonic-gate break; 7030Sstevel@tonic-gate case SHA512_MECH_INFO_TYPE: 7040Sstevel@tonic-gate case SHA512_HMAC_MECH_INFO_TYPE: 7050Sstevel@tonic-gate case SHA512_HMAC_GEN_MECH_INFO_TYPE: 7060Sstevel@tonic-gate ctx->state.s64[0] = 0x6a09e667f3bcc908ULL; 7070Sstevel@tonic-gate ctx->state.s64[1] = 0xbb67ae8584caa73bULL; 7080Sstevel@tonic-gate ctx->state.s64[2] = 0x3c6ef372fe94f82bULL; 7090Sstevel@tonic-gate ctx->state.s64[3] = 0xa54ff53a5f1d36f1ULL; 7100Sstevel@tonic-gate ctx->state.s64[4] = 0x510e527fade682d1ULL; 7110Sstevel@tonic-gate ctx->state.s64[5] = 0x9b05688c2b3e6c1fULL; 7120Sstevel@tonic-gate ctx->state.s64[6] = 0x1f83d9abfb41bd6bULL; 7130Sstevel@tonic-gate ctx->state.s64[7] = 0x5be0cd19137e2179ULL; 7140Sstevel@tonic-gate break; 7150Sstevel@tonic-gate #ifdef _KERNEL 7160Sstevel@tonic-gate default: 717*7421SDaniel.Anderson@Sun.COM cmn_err(CE_PANIC, 718*7421SDaniel.Anderson@Sun.COM "sha2_init: failed to find a supported algorithm: 0x%x", 7190Sstevel@tonic-gate (uint32_t)mech); 7200Sstevel@tonic-gate 7210Sstevel@tonic-gate #endif /* _KERNEL */ 7220Sstevel@tonic-gate } 7230Sstevel@tonic-gate 7240Sstevel@tonic-gate ctx->algotype = mech; 7250Sstevel@tonic-gate ctx->count.c64[0] = ctx->count.c64[1] = 0; 7260Sstevel@tonic-gate } 7270Sstevel@tonic-gate 7281694Sdarrenm #ifndef _KERNEL 7291694Sdarrenm 7301694Sdarrenm #pragma inline(SHA256Init, SHA384Init, SHA512Init) 7311694Sdarrenm void 7321694Sdarrenm SHA256Init(SHA256_CTX *ctx) 7331694Sdarrenm { 7341694Sdarrenm SHA2Init(SHA256, ctx); 7351694Sdarrenm } 7361694Sdarrenm 7371694Sdarrenm void 7381694Sdarrenm SHA384Init(SHA384_CTX *ctx) 7391694Sdarrenm { 7401694Sdarrenm SHA2Init(SHA384, ctx); 7411694Sdarrenm } 7421694Sdarrenm 7431694Sdarrenm void 7441694Sdarrenm SHA512Init(SHA512_CTX *ctx) 7451694Sdarrenm { 7461694Sdarrenm SHA2Init(SHA512, ctx); 7471694Sdarrenm } 7481694Sdarrenm 7491694Sdarrenm #endif /* _KERNEL */ 7501694Sdarrenm 7510Sstevel@tonic-gate /* 7520Sstevel@tonic-gate * SHA2Update() 7530Sstevel@tonic-gate * 7540Sstevel@tonic-gate * purpose: continues an sha2 digest operation, using the message block 7550Sstevel@tonic-gate * to update the context. 7560Sstevel@tonic-gate * input: SHA2_CTX * : the context to update 7571694Sdarrenm * void * : the message block 7586281Sda73024 * size_t : the length of the message block, in bytes 7590Sstevel@tonic-gate * output: void 7600Sstevel@tonic-gate */ 7610Sstevel@tonic-gate 7620Sstevel@tonic-gate void 7631694Sdarrenm SHA2Update(SHA2_CTX *ctx, const void *inptr, size_t input_len) 7640Sstevel@tonic-gate { 7656281Sda73024 uint32_t i, buf_index, buf_len, buf_limit; 7666281Sda73024 const uint8_t *input = inptr; 7676281Sda73024 uint32_t algotype = ctx->algotype; 7686281Sda73024 #if defined(__amd64) 7696281Sda73024 uint32_t block_count; 7706281Sda73024 #endif /* !__amd64 */ 7716281Sda73024 7720Sstevel@tonic-gate 7730Sstevel@tonic-gate /* check for noop */ 7740Sstevel@tonic-gate if (input_len == 0) 7750Sstevel@tonic-gate return; 7760Sstevel@tonic-gate 7776281Sda73024 if (algotype <= SHA256_HMAC_GEN_MECH_INFO_TYPE) { 7780Sstevel@tonic-gate buf_limit = 64; 7790Sstevel@tonic-gate 7800Sstevel@tonic-gate /* compute number of bytes mod 64 */ 7810Sstevel@tonic-gate buf_index = (ctx->count.c32[1] >> 3) & 0x3F; 7820Sstevel@tonic-gate 7830Sstevel@tonic-gate /* update number of bits */ 7840Sstevel@tonic-gate if ((ctx->count.c32[1] += (input_len << 3)) < (input_len << 3)) 7850Sstevel@tonic-gate ctx->count.c32[0]++; 7860Sstevel@tonic-gate 7870Sstevel@tonic-gate ctx->count.c32[0] += (input_len >> 29); 7880Sstevel@tonic-gate 7890Sstevel@tonic-gate } else { 7900Sstevel@tonic-gate buf_limit = 128; 7910Sstevel@tonic-gate 7920Sstevel@tonic-gate /* compute number of bytes mod 128 */ 7930Sstevel@tonic-gate buf_index = (ctx->count.c64[1] >> 3) & 0x7F; 7940Sstevel@tonic-gate 7950Sstevel@tonic-gate /* update number of bits */ 7960Sstevel@tonic-gate if ((ctx->count.c64[1] += (input_len << 3)) < (input_len << 3)) 7970Sstevel@tonic-gate ctx->count.c64[0]++; 7980Sstevel@tonic-gate 7990Sstevel@tonic-gate ctx->count.c64[0] += (input_len >> 29); 8000Sstevel@tonic-gate } 8010Sstevel@tonic-gate 8020Sstevel@tonic-gate buf_len = buf_limit - buf_index; 8030Sstevel@tonic-gate 8040Sstevel@tonic-gate /* transform as many times as possible */ 8050Sstevel@tonic-gate i = 0; 8060Sstevel@tonic-gate if (input_len >= buf_len) { 8070Sstevel@tonic-gate 8080Sstevel@tonic-gate /* 8090Sstevel@tonic-gate * general optimization: 8100Sstevel@tonic-gate * 8110Sstevel@tonic-gate * only do initial bcopy() and SHA2Transform() if 8120Sstevel@tonic-gate * buf_index != 0. if buf_index == 0, we're just 8130Sstevel@tonic-gate * wasting our time doing the bcopy() since there 8140Sstevel@tonic-gate * wasn't any data left over from a previous call to 8150Sstevel@tonic-gate * SHA2Update(). 8160Sstevel@tonic-gate */ 8170Sstevel@tonic-gate if (buf_index) { 8180Sstevel@tonic-gate bcopy(input, &ctx->buf_un.buf8[buf_index], buf_len); 8196281Sda73024 if (algotype <= SHA256_HMAC_GEN_MECH_INFO_TYPE) 8200Sstevel@tonic-gate SHA256Transform(ctx, ctx->buf_un.buf8); 8210Sstevel@tonic-gate else 8220Sstevel@tonic-gate SHA512Transform(ctx, ctx->buf_un.buf8); 8230Sstevel@tonic-gate 8240Sstevel@tonic-gate i = buf_len; 8250Sstevel@tonic-gate } 8260Sstevel@tonic-gate 8276281Sda73024 #if !defined(__amd64) 8286281Sda73024 if (algotype <= SHA256_HMAC_GEN_MECH_INFO_TYPE) { 8296281Sda73024 for (; i + buf_limit - 1 < input_len; i += buf_limit) { 8300Sstevel@tonic-gate SHA256Transform(ctx, &input[i]); 8316281Sda73024 } 8326281Sda73024 } else { 8336281Sda73024 for (; i + buf_limit - 1 < input_len; i += buf_limit) { 8340Sstevel@tonic-gate SHA512Transform(ctx, &input[i]); 8356281Sda73024 } 8360Sstevel@tonic-gate } 8370Sstevel@tonic-gate 8386281Sda73024 #else 8396281Sda73024 if (algotype <= SHA256_HMAC_GEN_MECH_INFO_TYPE) { 8406281Sda73024 block_count = (input_len - i) >> 6; 8416281Sda73024 if (block_count > 0) { 8426281Sda73024 SHA256TransformBlocks(ctx, &input[i], 8436281Sda73024 block_count); 8446281Sda73024 i += block_count << 6; 8456281Sda73024 } 8466281Sda73024 } else { 8476281Sda73024 block_count = (input_len - i) >> 7; 8486281Sda73024 if (block_count > 0) { 8496281Sda73024 SHA512TransformBlocks(ctx, &input[i], 8506281Sda73024 block_count); 8516281Sda73024 i += block_count << 7; 8526281Sda73024 } 8536281Sda73024 } 8546281Sda73024 #endif /* !__amd64 */ 8556281Sda73024 8560Sstevel@tonic-gate /* 8570Sstevel@tonic-gate * general optimization: 8580Sstevel@tonic-gate * 8590Sstevel@tonic-gate * if i and input_len are the same, return now instead 8600Sstevel@tonic-gate * of calling bcopy(), since the bcopy() in this case 8616281Sda73024 * will be an expensive noop. 8620Sstevel@tonic-gate */ 8630Sstevel@tonic-gate 8640Sstevel@tonic-gate if (input_len == i) 8650Sstevel@tonic-gate return; 8660Sstevel@tonic-gate 8670Sstevel@tonic-gate buf_index = 0; 8680Sstevel@tonic-gate } 8690Sstevel@tonic-gate 8700Sstevel@tonic-gate /* buffer remaining input */ 8710Sstevel@tonic-gate bcopy(&input[i], &ctx->buf_un.buf8[buf_index], input_len - i); 8720Sstevel@tonic-gate } 8730Sstevel@tonic-gate 8740Sstevel@tonic-gate 8750Sstevel@tonic-gate /* 8760Sstevel@tonic-gate * SHA2Final() 8770Sstevel@tonic-gate * 8780Sstevel@tonic-gate * purpose: ends an sha2 digest operation, finalizing the message digest and 8790Sstevel@tonic-gate * zeroing the context. 8806281Sda73024 * input: uchar_t * : a buffer to store the digest 8814002Sdarrenm * : The function actually uses void* because many 8824002Sdarrenm * : callers pass things other than uchar_t here. 8830Sstevel@tonic-gate * SHA2_CTX * : the context to finalize, save, and zero 8840Sstevel@tonic-gate * output: void 8850Sstevel@tonic-gate */ 8860Sstevel@tonic-gate 8870Sstevel@tonic-gate void 8881694Sdarrenm SHA2Final(void *digest, SHA2_CTX *ctx) 8890Sstevel@tonic-gate { 8900Sstevel@tonic-gate uint8_t bitcount_be[sizeof (ctx->count.c32)]; 8910Sstevel@tonic-gate uint8_t bitcount_be64[sizeof (ctx->count.c64)]; 8920Sstevel@tonic-gate uint32_t index; 8936281Sda73024 uint32_t algotype = ctx->algotype; 8940Sstevel@tonic-gate 8956281Sda73024 if (algotype <= SHA256_HMAC_GEN_MECH_INFO_TYPE) { 8960Sstevel@tonic-gate index = (ctx->count.c32[1] >> 3) & 0x3f; 8970Sstevel@tonic-gate Encode(bitcount_be, ctx->count.c32, sizeof (bitcount_be)); 8980Sstevel@tonic-gate SHA2Update(ctx, PADDING, ((index < 56) ? 56 : 120) - index); 8990Sstevel@tonic-gate SHA2Update(ctx, bitcount_be, sizeof (bitcount_be)); 9000Sstevel@tonic-gate Encode(digest, ctx->state.s32, sizeof (ctx->state.s32)); 9010Sstevel@tonic-gate 9020Sstevel@tonic-gate } else { 9030Sstevel@tonic-gate index = (ctx->count.c64[1] >> 3) & 0x7f; 9040Sstevel@tonic-gate Encode64(bitcount_be64, ctx->count.c64, 9050Sstevel@tonic-gate sizeof (bitcount_be64)); 9060Sstevel@tonic-gate SHA2Update(ctx, PADDING, ((index < 112) ? 112 : 240) - index); 9070Sstevel@tonic-gate SHA2Update(ctx, bitcount_be64, sizeof (bitcount_be64)); 9086281Sda73024 if (algotype <= SHA384_HMAC_GEN_MECH_INFO_TYPE) { 9090Sstevel@tonic-gate ctx->state.s64[6] = ctx->state.s64[7] = 0; 9100Sstevel@tonic-gate Encode64(digest, ctx->state.s64, 9110Sstevel@tonic-gate sizeof (uint64_t) * 6); 9120Sstevel@tonic-gate } else 9130Sstevel@tonic-gate Encode64(digest, ctx->state.s64, 9140Sstevel@tonic-gate sizeof (ctx->state.s64)); 9150Sstevel@tonic-gate } 9161551Sdarrenm 9171551Sdarrenm /* zeroize sensitive information */ 9181551Sdarrenm bzero(ctx, sizeof (*ctx)); 9190Sstevel@tonic-gate } 920