]> git.ipfire.org Git - thirdparty/u-boot.git/blob - lib/sha256.c
projects / thirdparty / u-boot.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
usb: composite: Move bitmap related operations to ./include/linux/bitmap.h
[thirdparty/u-boot.git] / lib / sha256.c
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * FIPS-180-2 compliant SHA-256 implementation
4 *
5 * Copyright (C) 2001-2003 Christophe Devine
6 */
7
8 #ifndef USE_HOSTCC
9 #include <common.h>
10 #include <linux/string.h>
11 #else
12 #include <string.h>
13 #endif /* USE_HOSTCC */
14 #include <watchdog.h>
15 #include <u-boot/sha256.h>
16
17 const uint8_t sha256_der_prefix[SHA256_DER_LEN] = {
18 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
19 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
20 0x00, 0x04, 0x20
21 };
22
23 /*
24 * 32-bit integer manipulation macros (big endian)
25 */
26 #ifndef GET_UINT32_BE
27 #define GET_UINT32_BE(n,b,i) { \
28 (n) = ( (unsigned long) (b)[(i) ] << 24 ) \
29 | ( (unsigned long) (b)[(i) + 1] << 16 ) \
30 | ( (unsigned long) (b)[(i) + 2] << 8 ) \
31 | ( (unsigned long) (b)[(i) + 3] ); \
32 }
33 #endif
34 #ifndef PUT_UINT32_BE
35 #define PUT_UINT32_BE(n,b,i) { \
36 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
37 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
38 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
39 (b)[(i) + 3] = (unsigned char) ( (n) ); \
40 }
41 #endif
42
43 void sha256_starts(sha256_context * ctx)
44 {
45 ctx->total[0] = 0;
46 ctx->total[1] = 0;
47
48 ctx->state[0] = 0x6A09E667;
49 ctx->state[1] = 0xBB67AE85;
50 ctx->state[2] = 0x3C6EF372;
51 ctx->state[3] = 0xA54FF53A;
52 ctx->state[4] = 0x510E527F;
53 ctx->state[5] = 0x9B05688C;
54 ctx->state[6] = 0x1F83D9AB;
55 ctx->state[7] = 0x5BE0CD19;
56 }
57
58 static void sha256_process(sha256_context *ctx, const uint8_t data[64])
59 {
60 uint32_t temp1, temp2;
61 uint32_t W[64];
62 uint32_t A, B, C, D, E, F, G, H;
63
64 GET_UINT32_BE(W[0], data, 0);
65 GET_UINT32_BE(W[1], data, 4);
66 GET_UINT32_BE(W[2], data, 8);
67 GET_UINT32_BE(W[3], data, 12);
68 GET_UINT32_BE(W[4], data, 16);
69 GET_UINT32_BE(W[5], data, 20);
70 GET_UINT32_BE(W[6], data, 24);
71 GET_UINT32_BE(W[7], data, 28);
72 GET_UINT32_BE(W[8], data, 32);
73 GET_UINT32_BE(W[9], data, 36);
74 GET_UINT32_BE(W[10], data, 40);
75 GET_UINT32_BE(W[11], data, 44);
76 GET_UINT32_BE(W[12], data, 48);
77 GET_UINT32_BE(W[13], data, 52);
78 GET_UINT32_BE(W[14], data, 56);
79 GET_UINT32_BE(W[15], data, 60);
80
81 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
82 #define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
83
84 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
85 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
86
87 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
88 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
89
90 #define F0(x,y,z) ((x & y) | (z & (x | y)))
91 #define F1(x,y,z) (z ^ (x & (y ^ z)))
92
93 #define R(t) \
94 ( \
95 W[t] = S1(W[t - 2]) + W[t - 7] + \
96 S0(W[t - 15]) + W[t - 16] \
97 )
98
99 #define P(a,b,c,d,e,f,g,h,x,K) { \
100 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
101 temp2 = S2(a) + F0(a,b,c); \
102 d += temp1; h = temp1 + temp2; \
103 }
104
105 A = ctx->state[0];
106 B = ctx->state[1];
107 C = ctx->state[2];
108 D = ctx->state[3];
109 E = ctx->state[4];
110 F = ctx->state[5];
111 G = ctx->state[6];
112 H = ctx->state[7];
113
114 P(A, B, C, D, E, F, G, H, W[0], 0x428A2F98);
115 P(H, A, B, C, D, E, F, G, W[1], 0x71374491);
116 P(G, H, A, B, C, D, E, F, W[2], 0xB5C0FBCF);
117 P(F, G, H, A, B, C, D, E, W[3], 0xE9B5DBA5);
118 P(E, F, G, H, A, B, C, D, W[4], 0x3956C25B);
119 P(D, E, F, G, H, A, B, C, W[5], 0x59F111F1);
120 P(C, D, E, F, G, H, A, B, W[6], 0x923F82A4);
121 P(B, C, D, E, F, G, H, A, W[7], 0xAB1C5ED5);
122 P(A, B, C, D, E, F, G, H, W[8], 0xD807AA98);
123 P(H, A, B, C, D, E, F, G, W[9], 0x12835B01);
124 P(G, H, A, B, C, D, E, F, W[10], 0x243185BE);
125 P(F, G, H, A, B, C, D, E, W[11], 0x550C7DC3);
126 P(E, F, G, H, A, B, C, D, W[12], 0x72BE5D74);
127 P(D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE);
128 P(C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7);
129 P(B, C, D, E, F, G, H, A, W[15], 0xC19BF174);
130 P(A, B, C, D, E, F, G, H, R(16), 0xE49B69C1);
131 P(H, A, B, C, D, E, F, G, R(17), 0xEFBE4786);
132 P(G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6);
133 P(F, G, H, A, B, C, D, E, R(19), 0x240CA1CC);
134 P(E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F);
135 P(D, E, F, G, H, A, B, C, R(21), 0x4A7484AA);
136 P(C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC);
137 P(B, C, D, E, F, G, H, A, R(23), 0x76F988DA);
138 P(A, B, C, D, E, F, G, H, R(24), 0x983E5152);
139 P(H, A, B, C, D, E, F, G, R(25), 0xA831C66D);
140 P(G, H, A, B, C, D, E, F, R(26), 0xB00327C8);
141 P(F, G, H, A, B, C, D, E, R(27), 0xBF597FC7);
142 P(E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3);
143 P(D, E, F, G, H, A, B, C, R(29), 0xD5A79147);
144 P(C, D, E, F, G, H, A, B, R(30), 0x06CA6351);
145 P(B, C, D, E, F, G, H, A, R(31), 0x14292967);
146 P(A, B, C, D, E, F, G, H, R(32), 0x27B70A85);
147 P(H, A, B, C, D, E, F, G, R(33), 0x2E1B2138);
148 P(G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC);
149 P(F, G, H, A, B, C, D, E, R(35), 0x53380D13);
150 P(E, F, G, H, A, B, C, D, R(36), 0x650A7354);
151 P(D, E, F, G, H, A, B, C, R(37), 0x766A0ABB);
152 P(C, D, E, F, G, H, A, B, R(38), 0x81C2C92E);
153 P(B, C, D, E, F, G, H, A, R(39), 0x92722C85);
154 P(A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1);
155 P(H, A, B, C, D, E, F, G, R(41), 0xA81A664B);
156 P(G, H, A, B, C, D, E, F, R(42), 0xC24B8B70);
157 P(F, G, H, A, B, C, D, E, R(43), 0xC76C51A3);
158 P(E, F, G, H, A, B, C, D, R(44), 0xD192E819);
159 P(D, E, F, G, H, A, B, C, R(45), 0xD6990624);
160 P(C, D, E, F, G, H, A, B, R(46), 0xF40E3585);
161 P(B, C, D, E, F, G, H, A, R(47), 0x106AA070);
162 P(A, B, C, D, E, F, G, H, R(48), 0x19A4C116);
163 P(H, A, B, C, D, E, F, G, R(49), 0x1E376C08);
164 P(G, H, A, B, C, D, E, F, R(50), 0x2748774C);
165 P(F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5);
166 P(E, F, G, H, A, B, C, D, R(52), 0x391C0CB3);
167 P(D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A);
168 P(C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F);
169 P(B, C, D, E, F, G, H, A, R(55), 0x682E6FF3);
170 P(A, B, C, D, E, F, G, H, R(56), 0x748F82EE);
171 P(H, A, B, C, D, E, F, G, R(57), 0x78A5636F);
172 P(G, H, A, B, C, D, E, F, R(58), 0x84C87814);
173 P(F, G, H, A, B, C, D, E, R(59), 0x8CC70208);
174 P(E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA);
175 P(D, E, F, G, H, A, B, C, R(61), 0xA4506CEB);
176 P(C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7);
177 P(B, C, D, E, F, G, H, A, R(63), 0xC67178F2);
178
179 ctx->state[0] += A;
180 ctx->state[1] += B;
181 ctx->state[2] += C;
182 ctx->state[3] += D;
183 ctx->state[4] += E;
184 ctx->state[5] += F;
185 ctx->state[6] += G;
186 ctx->state[7] += H;
187 }
188
189 void sha256_update(sha256_context *ctx, const uint8_t *input, uint32_t length)
190 {
191 uint32_t left, fill;
192
193 if (!length)
194 return;
195
196 left = ctx->total[0] & 0x3F;
197 fill = 64 - left;
198
199 ctx->total[0] += length;
200 ctx->total[0] &= 0xFFFFFFFF;
201
202 if (ctx->total[0] < length)
203 ctx->total[1]++;
204
205 if (left && length >= fill) {
206 memcpy((void *) (ctx->buffer + left), (void *) input, fill);
207 sha256_process(ctx, ctx->buffer);
208 length -= fill;
209 input += fill;
210 left = 0;
211 }
212
213 while (length >= 64) {
214 sha256_process(ctx, input);
215 length -= 64;
216 input += 64;
217 }
218
219 if (length)
220 memcpy((void *) (ctx->buffer + left), (void *) input, length);
221 }
222
223 static uint8_t sha256_padding[64] = {
224 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
225 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
226 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
227 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
228 };
229
230 void sha256_finish(sha256_context * ctx, uint8_t digest[32])
231 {
232 uint32_t last, padn;
233 uint32_t high, low;
234 uint8_t msglen[8];
235
236 high = ((ctx->total[0] >> 29)
237 | (ctx->total[1] << 3));
238 low = (ctx->total[0] << 3);
239
240 PUT_UINT32_BE(high, msglen, 0);
241 PUT_UINT32_BE(low, msglen, 4);
242
243 last = ctx->total[0] & 0x3F;
244 padn = (last < 56) ? (56 - last) : (120 - last);
245
246 sha256_update(ctx, sha256_padding, padn);
247 sha256_update(ctx, msglen, 8);
248
249 PUT_UINT32_BE(ctx->state[0], digest, 0);
250 PUT_UINT32_BE(ctx->state[1], digest, 4);
251 PUT_UINT32_BE(ctx->state[2], digest, 8);
252 PUT_UINT32_BE(ctx->state[3], digest, 12);
253 PUT_UINT32_BE(ctx->state[4], digest, 16);
254 PUT_UINT32_BE(ctx->state[5], digest, 20);
255 PUT_UINT32_BE(ctx->state[6], digest, 24);
256 PUT_UINT32_BE(ctx->state[7], digest, 28);
257 }
258
259 /*
260 * Output = SHA-256( input buffer ). Trigger the watchdog every 'chunk_sz'
261 * bytes of input processed.
262 */
263 void sha256_csum_wd(const unsigned char *input, unsigned int ilen,
264 unsigned char *output, unsigned int chunk_sz)
265 {
266 sha256_context ctx;
267 #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
268 const unsigned char *end;
269 unsigned char *curr;
270 int chunk;
271 #endif
272
273 sha256_starts(&ctx);
274
275 #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
276 curr = (unsigned char *)input;
277 end = input + ilen;
278 while (curr < end) {
279 chunk = end - curr;
280 if (chunk > chunk_sz)
281 chunk = chunk_sz;
282 sha256_update(&ctx, curr, chunk);
283 curr += chunk;
284 WATCHDOG_RESET();
285 }
286 #else
287 sha256_update(&ctx, input, ilen);
288 #endif
289
290 sha256_finish(&ctx, output);
291 }
"Das U-Boot" Source Tree