Lines Matching +full:- +full:- +full:local
2 * FIPS-180-2 compliant SHA-256 implementation
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
10 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
15 /* TODO: Re-consider above after https://reviews.llvm.org/D131064 merged.
18 * these are normally only enabled by the -march option on the command line.
20 * requiring -march on the command line.
26 /* See: https://arm-software.github.io/acle/main/acle.html#cryptographic-extensions
52 /* *INDENT-OFF* */
63 # error "Must use minimum -march=armv8-a+crypto for MBEDTLS_SHA256_USE_A64_CRYPTO_*"
81 # pragma GCC target ("arch=armv8-a+crypto")
88 /* *INDENT-ON* */
212 * SHA-256 context setup
230 ctx->total[0] = 0; in mbedtls_sha256_starts()
231 ctx->total[1] = 0; in mbedtls_sha256_starts()
235 ctx->state[0] = 0x6A09E667; in mbedtls_sha256_starts()
236 ctx->state[1] = 0xBB67AE85; in mbedtls_sha256_starts()
237 ctx->state[2] = 0x3C6EF372; in mbedtls_sha256_starts()
238 ctx->state[3] = 0xA54FF53A; in mbedtls_sha256_starts()
239 ctx->state[4] = 0x510E527F; in mbedtls_sha256_starts()
240 ctx->state[5] = 0x9B05688C; in mbedtls_sha256_starts()
241 ctx->state[6] = 0x1F83D9AB; in mbedtls_sha256_starts()
242 ctx->state[7] = 0x5BE0CD19; in mbedtls_sha256_starts()
246 ctx->state[0] = 0xC1059ED8; in mbedtls_sha256_starts()
247 ctx->state[1] = 0x367CD507; in mbedtls_sha256_starts()
248 ctx->state[2] = 0x3070DD17; in mbedtls_sha256_starts()
249 ctx->state[3] = 0xF70E5939; in mbedtls_sha256_starts()
250 ctx->state[4] = 0xFFC00B31; in mbedtls_sha256_starts()
251 ctx->state[5] = 0x68581511; in mbedtls_sha256_starts()
252 ctx->state[6] = 0x64F98FA7; in mbedtls_sha256_starts()
253 ctx->state[7] = 0xBEFA4FA4; in mbedtls_sha256_starts()
258 ctx->is224 = is224; in mbedtls_sha256_starts()
298 uint32x4_t abcd = vld1q_u32(&ctx->state[0]); in mbedtls_internal_sha256_process_many_a64_crypto()
299 uint32x4_t efgh = vld1q_u32(&ctx->state[4]); in mbedtls_internal_sha256_process_many_a64_crypto()
307 len -= SHA256_BLOCK_SIZE) { in mbedtls_internal_sha256_process_many_a64_crypto()
384 vst1q_u32(&ctx->state[0], abcd); in mbedtls_internal_sha256_process_many_a64_crypto()
385 vst1q_u32(&ctx->state[4], efgh); in mbedtls_internal_sha256_process_many_a64_crypto()
402 SHA256_BLOCK_SIZE) ? 0 : -1; in mbedtls_internal_sha256_process_a64_crypto()
426 #define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n))))
439 local.W[t] = S1(local.W[(t) - 2]) + local.W[(t) - 7] + \
440 S0(local.W[(t) - 15]) + local.W[(t) - 16] \
446 local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \
447 local.temp2 = S2(a) + F0((a), (b), (c)); \
448 (d) += local.temp1; (h) = local.temp1 + local.temp2; \
464 } local; in mbedtls_internal_sha256_process_c() local
469 local.A[i] = ctx->state[i]; in mbedtls_internal_sha256_process_c()
475 local.W[i] = MBEDTLS_GET_UINT32_BE(data, 4 * i); in mbedtls_internal_sha256_process_c()
480 P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], in mbedtls_internal_sha256_process_c()
481 local.A[5], local.A[6], local.A[7], local.W[i], K[i]); in mbedtls_internal_sha256_process_c()
483 local.temp1 = local.A[7]; local.A[7] = local.A[6]; in mbedtls_internal_sha256_process_c()
484 local.A[6] = local.A[5]; local.A[5] = local.A[4]; in mbedtls_internal_sha256_process_c()
485 local.A[4] = local.A[3]; local.A[3] = local.A[2]; in mbedtls_internal_sha256_process_c()
486 local.A[2] = local.A[1]; local.A[1] = local.A[0]; in mbedtls_internal_sha256_process_c()
487 local.A[0] = local.temp1; in mbedtls_internal_sha256_process_c()
491 local.W[i] = MBEDTLS_GET_UINT32_BE(data, 4 * i); in mbedtls_internal_sha256_process_c()
495 P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], in mbedtls_internal_sha256_process_c()
496 local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0]); in mbedtls_internal_sha256_process_c()
497 P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3], in mbedtls_internal_sha256_process_c()
498 local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1]); in mbedtls_internal_sha256_process_c()
499 P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2], in mbedtls_internal_sha256_process_c()
500 local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2]); in mbedtls_internal_sha256_process_c()
501 P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1], in mbedtls_internal_sha256_process_c()
502 local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3]); in mbedtls_internal_sha256_process_c()
503 P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0], in mbedtls_internal_sha256_process_c()
504 local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4]); in mbedtls_internal_sha256_process_c()
505 P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7], in mbedtls_internal_sha256_process_c()
506 local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5]); in mbedtls_internal_sha256_process_c()
507 P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6], in mbedtls_internal_sha256_process_c()
508 local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6]); in mbedtls_internal_sha256_process_c()
509 P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5], in mbedtls_internal_sha256_process_c()
510 local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7]); in mbedtls_internal_sha256_process_c()
514 P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], in mbedtls_internal_sha256_process_c()
515 local.A[5], local.A[6], local.A[7], R(i+0), K[i+0]); in mbedtls_internal_sha256_process_c()
516 P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3], in mbedtls_internal_sha256_process_c()
517 local.A[4], local.A[5], local.A[6], R(i+1), K[i+1]); in mbedtls_internal_sha256_process_c()
518 P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2], in mbedtls_internal_sha256_process_c()
519 local.A[3], local.A[4], local.A[5], R(i+2), K[i+2]); in mbedtls_internal_sha256_process_c()
520 P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1], in mbedtls_internal_sha256_process_c()
521 local.A[2], local.A[3], local.A[4], R(i+3), K[i+3]); in mbedtls_internal_sha256_process_c()
522 P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0], in mbedtls_internal_sha256_process_c()
523 local.A[1], local.A[2], local.A[3], R(i+4), K[i+4]); in mbedtls_internal_sha256_process_c()
524 P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7], in mbedtls_internal_sha256_process_c()
525 local.A[0], local.A[1], local.A[2], R(i+5), K[i+5]); in mbedtls_internal_sha256_process_c()
526 P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6], in mbedtls_internal_sha256_process_c()
527 local.A[7], local.A[0], local.A[1], R(i+6), K[i+6]); in mbedtls_internal_sha256_process_c()
528 P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5], in mbedtls_internal_sha256_process_c()
529 local.A[6], local.A[7], local.A[0], R(i+7), K[i+7]); in mbedtls_internal_sha256_process_c()
534 ctx->state[i] += local.A[i]; in mbedtls_internal_sha256_process_c()
538 mbedtls_platform_zeroize(&local, sizeof(local)); in mbedtls_internal_sha256_process_c()
559 len -= SHA256_BLOCK_SIZE; in mbedtls_internal_sha256_process_many_c()
609 * SHA-256 process buffer
623 left = ctx->total[0] & 0x3F; in mbedtls_sha256_update()
624 fill = SHA256_BLOCK_SIZE - left; in mbedtls_sha256_update()
626 ctx->total[0] += (uint32_t) ilen; in mbedtls_sha256_update()
627 ctx->total[0] &= 0xFFFFFFFF; in mbedtls_sha256_update()
629 if (ctx->total[0] < (uint32_t) ilen) { in mbedtls_sha256_update()
630 ctx->total[1]++; in mbedtls_sha256_update()
634 memcpy((void *) (ctx->buffer + left), input, fill); in mbedtls_sha256_update()
636 if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) { in mbedtls_sha256_update()
641 ilen -= fill; in mbedtls_sha256_update()
653 ilen -= processed; in mbedtls_sha256_update()
657 memcpy((void *) (ctx->buffer + left), input, ilen); in mbedtls_sha256_update()
664 * SHA-256 final digest
677 used = ctx->total[0] & 0x3F; in mbedtls_sha256_finish()
679 ctx->buffer[used++] = 0x80; in mbedtls_sha256_finish()
683 memset(ctx->buffer + used, 0, 56 - used); in mbedtls_sha256_finish()
686 memset(ctx->buffer + used, 0, SHA256_BLOCK_SIZE - used); in mbedtls_sha256_finish()
688 if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) { in mbedtls_sha256_finish()
692 memset(ctx->buffer, 0, 56); in mbedtls_sha256_finish()
698 high = (ctx->total[0] >> 29) in mbedtls_sha256_finish()
699 | (ctx->total[1] << 3); in mbedtls_sha256_finish()
700 low = (ctx->total[0] << 3); in mbedtls_sha256_finish()
702 MBEDTLS_PUT_UINT32_BE(high, ctx->buffer, 56); in mbedtls_sha256_finish()
703 MBEDTLS_PUT_UINT32_BE(low, ctx->buffer, 60); in mbedtls_sha256_finish()
705 if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) { in mbedtls_sha256_finish()
712 MBEDTLS_PUT_UINT32_BE(ctx->state[0], output, 0); in mbedtls_sha256_finish()
713 MBEDTLS_PUT_UINT32_BE(ctx->state[1], output, 4); in mbedtls_sha256_finish()
714 MBEDTLS_PUT_UINT32_BE(ctx->state[2], output, 8); in mbedtls_sha256_finish()
715 MBEDTLS_PUT_UINT32_BE(ctx->state[3], output, 12); in mbedtls_sha256_finish()
716 MBEDTLS_PUT_UINT32_BE(ctx->state[4], output, 16); in mbedtls_sha256_finish()
717 MBEDTLS_PUT_UINT32_BE(ctx->state[5], output, 20); in mbedtls_sha256_finish()
718 MBEDTLS_PUT_UINT32_BE(ctx->state[6], output, 24); in mbedtls_sha256_finish()
721 truncated = ctx->is224; in mbedtls_sha256_finish()
724 MBEDTLS_PUT_UINT32_BE(ctx->state[7], output, 28); in mbedtls_sha256_finish()
737 * output = SHA-256( input buffer )
783 * FIPS-180-2 test vectors
800 * SHA-224 test vectors
821 * SHA-256 test vectors
872 mbedtls_printf(" SHA-%d test #%d: ", 256 - is224 * 32, i + 1); in mbedtls_sha256_common_self_test()
902 if (memcmp(sha256sum, sha_test_sum[i], 32 - is224 * 4) != 0) { in mbedtls_sha256_common_self_test()