xref: /freebsd/sys/crypto/openssl/ossl_sha256.c (revision 4d846d26) 
1 /*
2  * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the OpenSSL license (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <sys/cdefs.h>
11 __FBSDID("$FreeBSD$");
12 
13 #include <sys/libkern.h>
14 #include <sys/malloc.h>
15 
16 #include <opencrypto/cryptodev.h>
17 #include <opencrypto/xform_auth.h>
18 
19 #include <crypto/openssl/ossl.h>
20 #include <crypto/openssl/ossl_sha.h>
21 
22 /* sha256-x86_64.S */
23 void sha256_block_data_order(SHA256_CTX *c, const void *in, size_t num);
24 
25 /* From crypto/sha/sha256.c */
26 
27 static void
28 ossl_sha224_init(void *c_)
29 {
30     SHA256_CTX *c = c_;
31     memset(c, 0, sizeof(*c));
32     c->h[0] = 0xc1059ed8UL;
33     c->h[1] = 0x367cd507UL;
34     c->h[2] = 0x3070dd17UL;
35     c->h[3] = 0xf70e5939UL;
36     c->h[4] = 0xffc00b31UL;
37     c->h[5] = 0x68581511UL;
38     c->h[6] = 0x64f98fa7UL;
39     c->h[7] = 0xbefa4fa4UL;
40     c->md_len = SHA224_DIGEST_LENGTH;
41 }
42 
43 static void
44 ossl_sha256_init(void *c_)
45 {
46     SHA256_CTX *c = c_;
47     memset(c, 0, sizeof(*c));
48     c->h[0] = 0x6a09e667UL;
49     c->h[1] = 0xbb67ae85UL;
50     c->h[2] = 0x3c6ef372UL;
51     c->h[3] = 0xa54ff53aUL;
52     c->h[4] = 0x510e527fUL;
53     c->h[5] = 0x9b05688cUL;
54     c->h[6] = 0x1f83d9abUL;
55     c->h[7] = 0x5be0cd19UL;
56     c->md_len = SHA256_DIGEST_LENGTH;
57 }
58 
59 
60 #define DATA_ORDER_IS_BIG_ENDIAN
61 
62 #define HASH_LONG               SHA_LONG
63 #define HASH_CTX                SHA256_CTX
64 #define HASH_CBLOCK             SHA_CBLOCK
65 
66 /*
67  * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
68  * default: case below covers for it. It's not clear however if it's
69  * permitted to truncate to amount of bytes not divisible by 4. I bet not,
70  * but if it is, then default: case shall be extended. For reference.
71  * Idea behind separate cases for pre-defined lengths is to let the
72  * compiler decide if it's appropriate to unroll small loops.
73  */
74 #define HASH_MAKE_STRING(c,s)   do {    \
75         unsigned long ll;               \
76         unsigned int  nn;               \
77         switch ((c)->md_len)            \
78         {   case SHA224_DIGEST_LENGTH:  \
79                 for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++)       \
80                 {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
81                 break;                  \
82             case SHA256_DIGEST_LENGTH:  \
83                 for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++)       \
84                 {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
85                 break;                  \
86             default:                    \
87                 __assert_unreachable(); \
88                 break;                  \
89         }                               \
90         } while (0)
91 
92 #define HASH_UPDATE             ossl_sha256_update
93 #define HASH_FINAL              ossl_sha256_final
94 #define HASH_BLOCK_DATA_ORDER   sha256_block_data_order
95 
96 #include "ossl_hash.h"
97 
98 struct auth_hash ossl_hash_sha224 = {
99 	.type = CRYPTO_SHA2_224,
100 	.name = "OpenSSL-SHA2-224",
101 	.hashsize = SHA2_224_HASH_LEN,
102 	.ctxsize = sizeof(SHA256_CTX),
103 	.blocksize = SHA2_224_BLOCK_LEN,
104 	.Init = ossl_sha224_init,
105 	.Update = HASH_UPDATE,
106 	.Final = HASH_FINAL,
107 };
108 
109 struct auth_hash ossl_hash_sha256 = {
110 	.type = CRYPTO_SHA2_256,
111 	.name = "OpenSSL-SHA2-256",
112 	.hashsize = SHA2_256_HASH_LEN,
113 	.ctxsize = sizeof(SHA256_CTX),
114 	.blocksize = SHA2_256_BLOCK_LEN,
115 	.Init = ossl_sha256_init,
116 	.Update = HASH_UPDATE,
117 	.Final = HASH_FINAL,
118 };
119 
120 _Static_assert(sizeof(SHA256_CTX) <= sizeof(struct ossl_hash_context),
121     "ossl_hash_context too small");
122