1e71b7053SJung-uk Kim /* 2e71b7053SJung-uk Kim * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. 3e71b7053SJung-uk Kim * 4e71b7053SJung-uk Kim * Licensed under the OpenSSL license (the "License"). You may not use 5e71b7053SJung-uk Kim * this file except in compliance with the License. You can obtain a copy 6e71b7053SJung-uk Kim * in the file LICENSE in the source distribution or at 7e71b7053SJung-uk Kim * https://www.openssl.org/source/license.html 83b4e3dcbSSimon L. B. Nielsen */ 9e71b7053SJung-uk Kim 103b4e3dcbSSimon L. B. Nielsen #include <openssl/opensslconf.h> 113b4e3dcbSSimon L. B. Nielsen 123b4e3dcbSSimon L. B. Nielsen #include <stdlib.h> 133b4e3dcbSSimon L. B. Nielsen #include <string.h> 143b4e3dcbSSimon L. B. Nielsen 153b4e3dcbSSimon L. B. Nielsen #include <openssl/crypto.h> 163b4e3dcbSSimon L. B. Nielsen #include <openssl/sha.h> 173b4e3dcbSSimon L. B. Nielsen #include <openssl/opensslv.h> 183b4e3dcbSSimon L. B. Nielsen 19e71b7053SJung-uk Kim int SHA224_Init(SHA256_CTX *c) 203b4e3dcbSSimon L. B. Nielsen { 211f13597dSJung-uk Kim memset(c, 0, sizeof(*c)); 226f9291ceSJung-uk Kim c->h[0] = 0xc1059ed8UL; 236f9291ceSJung-uk Kim c->h[1] = 0x367cd507UL; 246f9291ceSJung-uk Kim c->h[2] = 0x3070dd17UL; 256f9291ceSJung-uk Kim c->h[3] = 0xf70e5939UL; 266f9291ceSJung-uk Kim c->h[4] = 0xffc00b31UL; 276f9291ceSJung-uk Kim c->h[5] = 0x68581511UL; 286f9291ceSJung-uk Kim c->h[6] = 0x64f98fa7UL; 296f9291ceSJung-uk Kim c->h[7] = 0xbefa4fa4UL; 301f13597dSJung-uk Kim c->md_len = SHA224_DIGEST_LENGTH; 313b4e3dcbSSimon L. B. Nielsen return 1; 323b4e3dcbSSimon L. B. Nielsen } 333b4e3dcbSSimon L. B. Nielsen 34e71b7053SJung-uk Kim int SHA256_Init(SHA256_CTX *c) 353b4e3dcbSSimon L. B. Nielsen { 361f13597dSJung-uk Kim memset(c, 0, sizeof(*c)); 376f9291ceSJung-uk Kim c->h[0] = 0x6a09e667UL; 386f9291ceSJung-uk Kim c->h[1] = 0xbb67ae85UL; 396f9291ceSJung-uk Kim c->h[2] = 0x3c6ef372UL; 406f9291ceSJung-uk Kim c->h[3] = 0xa54ff53aUL; 416f9291ceSJung-uk Kim c->h[4] = 0x510e527fUL; 426f9291ceSJung-uk Kim c->h[5] = 0x9b05688cUL; 436f9291ceSJung-uk Kim c->h[6] = 0x1f83d9abUL; 446f9291ceSJung-uk Kim c->h[7] = 0x5be0cd19UL; 451f13597dSJung-uk Kim c->md_len = SHA256_DIGEST_LENGTH; 463b4e3dcbSSimon L. B. Nielsen return 1; 473b4e3dcbSSimon L. B. Nielsen } 483b4e3dcbSSimon L. B. Nielsen 493b4e3dcbSSimon L. B. Nielsen unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md) 503b4e3dcbSSimon L. B. Nielsen { 513b4e3dcbSSimon L. B. Nielsen SHA256_CTX c; 523b4e3dcbSSimon L. B. Nielsen static unsigned char m[SHA224_DIGEST_LENGTH]; 533b4e3dcbSSimon L. B. Nielsen 546f9291ceSJung-uk Kim if (md == NULL) 556f9291ceSJung-uk Kim md = m; 563b4e3dcbSSimon L. B. Nielsen SHA224_Init(&c); 573b4e3dcbSSimon L. B. Nielsen SHA256_Update(&c, d, n); 583b4e3dcbSSimon L. B. Nielsen SHA256_Final(md, &c); 593b4e3dcbSSimon L. B. Nielsen OPENSSL_cleanse(&c, sizeof(c)); 60e71b7053SJung-uk Kim return md; 613b4e3dcbSSimon L. B. Nielsen } 623b4e3dcbSSimon L. B. Nielsen 633b4e3dcbSSimon L. B. Nielsen unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md) 643b4e3dcbSSimon L. B. Nielsen { 653b4e3dcbSSimon L. B. Nielsen SHA256_CTX c; 663b4e3dcbSSimon L. B. Nielsen static unsigned char m[SHA256_DIGEST_LENGTH]; 673b4e3dcbSSimon L. B. Nielsen 686f9291ceSJung-uk Kim if (md == NULL) 696f9291ceSJung-uk Kim md = m; 703b4e3dcbSSimon L. B. Nielsen SHA256_Init(&c); 713b4e3dcbSSimon L. B. Nielsen SHA256_Update(&c, d, n); 723b4e3dcbSSimon L. B. Nielsen SHA256_Final(md, &c); 733b4e3dcbSSimon L. B. Nielsen OPENSSL_cleanse(&c, sizeof(c)); 74e71b7053SJung-uk Kim return md; 753b4e3dcbSSimon L. B. Nielsen } 763b4e3dcbSSimon L. B. Nielsen 773b4e3dcbSSimon L. B. Nielsen int SHA224_Update(SHA256_CTX *c, const void *data, size_t len) 786f9291ceSJung-uk Kim { 796f9291ceSJung-uk Kim return SHA256_Update(c, data, len); 806f9291ceSJung-uk Kim } 816f9291ceSJung-uk Kim 823b4e3dcbSSimon L. B. Nielsen int SHA224_Final(unsigned char *md, SHA256_CTX *c) 836f9291ceSJung-uk Kim { 846f9291ceSJung-uk Kim return SHA256_Final(md, c); 856f9291ceSJung-uk Kim } 863b4e3dcbSSimon L. B. Nielsen 873b4e3dcbSSimon L. B. Nielsen #define DATA_ORDER_IS_BIG_ENDIAN 883b4e3dcbSSimon L. B. Nielsen 893b4e3dcbSSimon L. B. Nielsen #define HASH_LONG SHA_LONG 903b4e3dcbSSimon L. B. Nielsen #define HASH_CTX SHA256_CTX 913b4e3dcbSSimon L. B. Nielsen #define HASH_CBLOCK SHA_CBLOCK 92e71b7053SJung-uk Kim 933b4e3dcbSSimon L. B. Nielsen /* 943b4e3dcbSSimon L. B. Nielsen * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." 953b4e3dcbSSimon L. B. Nielsen * default: case below covers for it. It's not clear however if it's 963b4e3dcbSSimon L. B. Nielsen * permitted to truncate to amount of bytes not divisible by 4. I bet not, 973b4e3dcbSSimon L. B. Nielsen * but if it is, then default: case shall be extended. For reference. 98e71b7053SJung-uk Kim * Idea behind separate cases for pre-defined lengths is to let the 993b4e3dcbSSimon L. B. Nielsen * compiler decide if it's appropriate to unroll small loops. 1003b4e3dcbSSimon L. B. Nielsen */ 1013b4e3dcbSSimon L. B. Nielsen #define HASH_MAKE_STRING(c,s) do { \ 1023b4e3dcbSSimon L. B. Nielsen unsigned long ll; \ 1031f13597dSJung-uk Kim unsigned int nn; \ 1043b4e3dcbSSimon L. B. Nielsen switch ((c)->md_len) \ 1053b4e3dcbSSimon L. B. Nielsen { case SHA224_DIGEST_LENGTH: \ 1061f13597dSJung-uk Kim for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++) \ 10709286989SJung-uk Kim { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \ 1083b4e3dcbSSimon L. B. Nielsen break; \ 1093b4e3dcbSSimon L. B. Nielsen case SHA256_DIGEST_LENGTH: \ 1101f13597dSJung-uk Kim for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++) \ 11109286989SJung-uk Kim { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \ 1123b4e3dcbSSimon L. B. Nielsen break; \ 1133b4e3dcbSSimon L. B. Nielsen default: \ 1143b4e3dcbSSimon L. B. Nielsen if ((c)->md_len > SHA256_DIGEST_LENGTH) \ 1153b4e3dcbSSimon L. B. Nielsen return 0; \ 1161f13597dSJung-uk Kim for (nn=0;nn<(c)->md_len/4;nn++) \ 11709286989SJung-uk Kim { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \ 1183b4e3dcbSSimon L. B. Nielsen break; \ 1193b4e3dcbSSimon L. B. Nielsen } \ 1203b4e3dcbSSimon L. B. Nielsen } while (0) 1213b4e3dcbSSimon L. B. Nielsen 1223b4e3dcbSSimon L. B. Nielsen #define HASH_UPDATE SHA256_Update 1233b4e3dcbSSimon L. B. Nielsen #define HASH_TRANSFORM SHA256_Transform 1243b4e3dcbSSimon L. B. Nielsen #define HASH_FINAL SHA256_Final 1253b4e3dcbSSimon L. B. Nielsen #define HASH_BLOCK_DATA_ORDER sha256_block_data_order 126db522d3aSSimon L. B. Nielsen #ifndef SHA256_ASM 127db522d3aSSimon L. B. Nielsen static 128db522d3aSSimon L. B. Nielsen #endif 1293b4e3dcbSSimon L. B. Nielsen void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num); 1303b4e3dcbSSimon L. B. Nielsen 131*17f01e99SJung-uk Kim #include "crypto/md32_common.h" 1323b4e3dcbSSimon L. B. Nielsen 133db522d3aSSimon L. B. Nielsen #ifndef SHA256_ASM 1343b4e3dcbSSimon L. B. Nielsen static const SHA_LONG K256[64] = { 1353b4e3dcbSSimon L. B. Nielsen 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 1363b4e3dcbSSimon L. B. Nielsen 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 1373b4e3dcbSSimon L. B. Nielsen 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, 1383b4e3dcbSSimon L. B. Nielsen 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, 1393b4e3dcbSSimon L. B. Nielsen 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, 1403b4e3dcbSSimon L. B. Nielsen 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 1413b4e3dcbSSimon L. B. Nielsen 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 1423b4e3dcbSSimon L. B. Nielsen 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, 1433b4e3dcbSSimon L. B. Nielsen 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, 1443b4e3dcbSSimon L. B. Nielsen 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, 1453b4e3dcbSSimon L. B. Nielsen 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 1463b4e3dcbSSimon L. B. Nielsen 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 1473b4e3dcbSSimon L. B. Nielsen 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, 1483b4e3dcbSSimon L. B. Nielsen 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, 1493b4e3dcbSSimon L. B. Nielsen 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, 1506f9291ceSJung-uk Kim 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL 1516f9291ceSJung-uk Kim }; 1523b4e3dcbSSimon L. B. Nielsen 1533b4e3dcbSSimon L. B. Nielsen /* 1543b4e3dcbSSimon L. B. Nielsen * FIPS specification refers to right rotations, while our ROTATE macro 1553b4e3dcbSSimon L. B. Nielsen * is left one. This is why you might notice that rotation coefficients 1563b4e3dcbSSimon L. B. Nielsen * differ from those observed in FIPS document by 32-N... 1573b4e3dcbSSimon L. B. Nielsen */ 1583b4e3dcbSSimon L. B. Nielsen # define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) 1593b4e3dcbSSimon L. B. Nielsen # define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) 1603b4e3dcbSSimon L. B. Nielsen # define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) 1613b4e3dcbSSimon L. B. Nielsen # define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) 1623b4e3dcbSSimon L. B. Nielsen 1633b4e3dcbSSimon L. B. Nielsen # define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) 1643b4e3dcbSSimon L. B. Nielsen # define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) 1653b4e3dcbSSimon L. B. Nielsen 1663b4e3dcbSSimon L. B. Nielsen # ifdef OPENSSL_SMALL_FOOTPRINT 1673b4e3dcbSSimon L. B. Nielsen 1686f9291ceSJung-uk Kim static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, 1696f9291ceSJung-uk Kim size_t num) 1703b4e3dcbSSimon L. B. Nielsen { 1713b4e3dcbSSimon L. B. Nielsen unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1, T2; 172db522d3aSSimon L. B. Nielsen SHA_LONG X[16], l; 1733b4e3dcbSSimon L. B. Nielsen int i; 1743b4e3dcbSSimon L. B. Nielsen const unsigned char *data = in; 1753b4e3dcbSSimon L. B. Nielsen 1763b4e3dcbSSimon L. B. Nielsen while (num--) { 1773b4e3dcbSSimon L. B. Nielsen 1786f9291ceSJung-uk Kim a = ctx->h[0]; 1796f9291ceSJung-uk Kim b = ctx->h[1]; 1806f9291ceSJung-uk Kim c = ctx->h[2]; 1816f9291ceSJung-uk Kim d = ctx->h[3]; 1826f9291ceSJung-uk Kim e = ctx->h[4]; 1836f9291ceSJung-uk Kim f = ctx->h[5]; 1846f9291ceSJung-uk Kim g = ctx->h[6]; 1856f9291ceSJung-uk Kim h = ctx->h[7]; 1863b4e3dcbSSimon L. B. Nielsen 1876f9291ceSJung-uk Kim for (i = 0; i < 16; i++) { 188e71b7053SJung-uk Kim (void)HOST_c2l(data, l); 1896f9291ceSJung-uk Kim T1 = X[i] = l; 1903b4e3dcbSSimon L. B. Nielsen T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i]; 1913b4e3dcbSSimon L. B. Nielsen T2 = Sigma0(a) + Maj(a, b, c); 1926f9291ceSJung-uk Kim h = g; 1936f9291ceSJung-uk Kim g = f; 1946f9291ceSJung-uk Kim f = e; 1956f9291ceSJung-uk Kim e = d + T1; 1966f9291ceSJung-uk Kim d = c; 1976f9291ceSJung-uk Kim c = b; 1986f9291ceSJung-uk Kim b = a; 1996f9291ceSJung-uk Kim a = T1 + T2; 2003b4e3dcbSSimon L. B. Nielsen } 2013b4e3dcbSSimon L. B. Nielsen 2026f9291ceSJung-uk Kim for (; i < 64; i++) { 2036f9291ceSJung-uk Kim s0 = X[(i + 1) & 0x0f]; 2046f9291ceSJung-uk Kim s0 = sigma0(s0); 2056f9291ceSJung-uk Kim s1 = X[(i + 14) & 0x0f]; 2066f9291ceSJung-uk Kim s1 = sigma1(s1); 2073b4e3dcbSSimon L. B. Nielsen 2083b4e3dcbSSimon L. B. Nielsen T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf]; 2093b4e3dcbSSimon L. B. Nielsen T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i]; 2103b4e3dcbSSimon L. B. Nielsen T2 = Sigma0(a) + Maj(a, b, c); 2116f9291ceSJung-uk Kim h = g; 2126f9291ceSJung-uk Kim g = f; 2136f9291ceSJung-uk Kim f = e; 2146f9291ceSJung-uk Kim e = d + T1; 2156f9291ceSJung-uk Kim d = c; 2166f9291ceSJung-uk Kim c = b; 2176f9291ceSJung-uk Kim b = a; 2186f9291ceSJung-uk Kim a = T1 + T2; 2193b4e3dcbSSimon L. B. Nielsen } 2203b4e3dcbSSimon L. B. Nielsen 2216f9291ceSJung-uk Kim ctx->h[0] += a; 2226f9291ceSJung-uk Kim ctx->h[1] += b; 2236f9291ceSJung-uk Kim ctx->h[2] += c; 2246f9291ceSJung-uk Kim ctx->h[3] += d; 2256f9291ceSJung-uk Kim ctx->h[4] += e; 2266f9291ceSJung-uk Kim ctx->h[5] += f; 2276f9291ceSJung-uk Kim ctx->h[6] += g; 2286f9291ceSJung-uk Kim ctx->h[7] += h; 2293b4e3dcbSSimon L. B. Nielsen 2303b4e3dcbSSimon L. B. Nielsen } 2313b4e3dcbSSimon L. B. Nielsen } 2323b4e3dcbSSimon L. B. Nielsen 2333b4e3dcbSSimon L. B. Nielsen # else 2343b4e3dcbSSimon L. B. Nielsen 2353b4e3dcbSSimon L. B. Nielsen # define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ 2363b4e3dcbSSimon L. B. Nielsen T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \ 2373b4e3dcbSSimon L. B. Nielsen h = Sigma0(a) + Maj(a,b,c); \ 2383b4e3dcbSSimon L. B. Nielsen d += T1; h += T1; } while (0) 2393b4e3dcbSSimon L. B. Nielsen 2403b4e3dcbSSimon L. B. Nielsen # define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ 2413b4e3dcbSSimon L. B. Nielsen s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ 2423b4e3dcbSSimon L. B. Nielsen s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ 2433b4e3dcbSSimon L. B. Nielsen T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ 2443b4e3dcbSSimon L. B. Nielsen ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) 2453b4e3dcbSSimon L. B. Nielsen 2466f9291ceSJung-uk Kim static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, 2476f9291ceSJung-uk Kim size_t num) 2483b4e3dcbSSimon L. B. Nielsen { 2493b4e3dcbSSimon L. B. Nielsen unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1; 2503b4e3dcbSSimon L. B. Nielsen SHA_LONG X[16]; 2513b4e3dcbSSimon L. B. Nielsen int i; 2523b4e3dcbSSimon L. B. Nielsen const unsigned char *data = in; 2536f9291ceSJung-uk Kim const union { 2546f9291ceSJung-uk Kim long one; 2556f9291ceSJung-uk Kim char little; 2566f9291ceSJung-uk Kim } is_endian = { 2576f9291ceSJung-uk Kim 1 2586f9291ceSJung-uk Kim }; 2593b4e3dcbSSimon L. B. Nielsen 2603b4e3dcbSSimon L. B. Nielsen while (num--) { 2613b4e3dcbSSimon L. B. Nielsen 2626f9291ceSJung-uk Kim a = ctx->h[0]; 2636f9291ceSJung-uk Kim b = ctx->h[1]; 2646f9291ceSJung-uk Kim c = ctx->h[2]; 2656f9291ceSJung-uk Kim d = ctx->h[3]; 2666f9291ceSJung-uk Kim e = ctx->h[4]; 2676f9291ceSJung-uk Kim f = ctx->h[5]; 2686f9291ceSJung-uk Kim g = ctx->h[6]; 2696f9291ceSJung-uk Kim h = ctx->h[7]; 2703b4e3dcbSSimon L. B. Nielsen 2716f9291ceSJung-uk Kim if (!is_endian.little && sizeof(SHA_LONG) == 4 2726f9291ceSJung-uk Kim && ((size_t)in % 4) == 0) { 2733b4e3dcbSSimon L. B. Nielsen const SHA_LONG *W = (const SHA_LONG *)data; 2743b4e3dcbSSimon L. B. Nielsen 2756f9291ceSJung-uk Kim T1 = X[0] = W[0]; 2766f9291ceSJung-uk Kim ROUND_00_15(0, a, b, c, d, e, f, g, h); 2776f9291ceSJung-uk Kim T1 = X[1] = W[1]; 2786f9291ceSJung-uk Kim ROUND_00_15(1, h, a, b, c, d, e, f, g); 2796f9291ceSJung-uk Kim T1 = X[2] = W[2]; 2806f9291ceSJung-uk Kim ROUND_00_15(2, g, h, a, b, c, d, e, f); 2816f9291ceSJung-uk Kim T1 = X[3] = W[3]; 2826f9291ceSJung-uk Kim ROUND_00_15(3, f, g, h, a, b, c, d, e); 2836f9291ceSJung-uk Kim T1 = X[4] = W[4]; 2846f9291ceSJung-uk Kim ROUND_00_15(4, e, f, g, h, a, b, c, d); 2856f9291ceSJung-uk Kim T1 = X[5] = W[5]; 2866f9291ceSJung-uk Kim ROUND_00_15(5, d, e, f, g, h, a, b, c); 2876f9291ceSJung-uk Kim T1 = X[6] = W[6]; 2886f9291ceSJung-uk Kim ROUND_00_15(6, c, d, e, f, g, h, a, b); 2896f9291ceSJung-uk Kim T1 = X[7] = W[7]; 2906f9291ceSJung-uk Kim ROUND_00_15(7, b, c, d, e, f, g, h, a); 2916f9291ceSJung-uk Kim T1 = X[8] = W[8]; 2926f9291ceSJung-uk Kim ROUND_00_15(8, a, b, c, d, e, f, g, h); 2936f9291ceSJung-uk Kim T1 = X[9] = W[9]; 2946f9291ceSJung-uk Kim ROUND_00_15(9, h, a, b, c, d, e, f, g); 2956f9291ceSJung-uk Kim T1 = X[10] = W[10]; 2966f9291ceSJung-uk Kim ROUND_00_15(10, g, h, a, b, c, d, e, f); 2976f9291ceSJung-uk Kim T1 = X[11] = W[11]; 2986f9291ceSJung-uk Kim ROUND_00_15(11, f, g, h, a, b, c, d, e); 2996f9291ceSJung-uk Kim T1 = X[12] = W[12]; 3006f9291ceSJung-uk Kim ROUND_00_15(12, e, f, g, h, a, b, c, d); 3016f9291ceSJung-uk Kim T1 = X[13] = W[13]; 3026f9291ceSJung-uk Kim ROUND_00_15(13, d, e, f, g, h, a, b, c); 3036f9291ceSJung-uk Kim T1 = X[14] = W[14]; 3046f9291ceSJung-uk Kim ROUND_00_15(14, c, d, e, f, g, h, a, b); 3056f9291ceSJung-uk Kim T1 = X[15] = W[15]; 3066f9291ceSJung-uk Kim ROUND_00_15(15, b, c, d, e, f, g, h, a); 3073b4e3dcbSSimon L. B. Nielsen 3083b4e3dcbSSimon L. B. Nielsen data += SHA256_CBLOCK; 3096f9291ceSJung-uk Kim } else { 3103b4e3dcbSSimon L. B. Nielsen SHA_LONG l; 3113b4e3dcbSSimon L. B. Nielsen 312e71b7053SJung-uk Kim (void)HOST_c2l(data, l); 3136f9291ceSJung-uk Kim T1 = X[0] = l; 3146f9291ceSJung-uk Kim ROUND_00_15(0, a, b, c, d, e, f, g, h); 315e71b7053SJung-uk Kim (void)HOST_c2l(data, l); 3166f9291ceSJung-uk Kim T1 = X[1] = l; 3176f9291ceSJung-uk Kim ROUND_00_15(1, h, a, b, c, d, e, f, g); 318e71b7053SJung-uk Kim (void)HOST_c2l(data, l); 3196f9291ceSJung-uk Kim T1 = X[2] = l; 3206f9291ceSJung-uk Kim ROUND_00_15(2, g, h, a, b, c, d, e, f); 321e71b7053SJung-uk Kim (void)HOST_c2l(data, l); 3226f9291ceSJung-uk Kim T1 = X[3] = l; 3236f9291ceSJung-uk Kim ROUND_00_15(3, f, g, h, a, b, c, d, e); 324e71b7053SJung-uk Kim (void)HOST_c2l(data, l); 3256f9291ceSJung-uk Kim T1 = X[4] = l; 3266f9291ceSJung-uk Kim ROUND_00_15(4, e, f, g, h, a, b, c, d); 327e71b7053SJung-uk Kim (void)HOST_c2l(data, l); 3286f9291ceSJung-uk Kim T1 = X[5] = l; 3296f9291ceSJung-uk Kim ROUND_00_15(5, d, e, f, g, h, a, b, c); 330e71b7053SJung-uk Kim (void)HOST_c2l(data, l); 3316f9291ceSJung-uk Kim T1 = X[6] = l; 3326f9291ceSJung-uk Kim ROUND_00_15(6, c, d, e, f, g, h, a, b); 333e71b7053SJung-uk Kim (void)HOST_c2l(data, l); 3346f9291ceSJung-uk Kim T1 = X[7] = l; 3356f9291ceSJung-uk Kim ROUND_00_15(7, b, c, d, e, f, g, h, a); 336e71b7053SJung-uk Kim (void)HOST_c2l(data, l); 3376f9291ceSJung-uk Kim T1 = X[8] = l; 3386f9291ceSJung-uk Kim ROUND_00_15(8, a, b, c, d, e, f, g, h); 339e71b7053SJung-uk Kim (void)HOST_c2l(data, l); 3406f9291ceSJung-uk Kim T1 = X[9] = l; 3416f9291ceSJung-uk Kim ROUND_00_15(9, h, a, b, c, d, e, f, g); 342e71b7053SJung-uk Kim (void)HOST_c2l(data, l); 3436f9291ceSJung-uk Kim T1 = X[10] = l; 3446f9291ceSJung-uk Kim ROUND_00_15(10, g, h, a, b, c, d, e, f); 345e71b7053SJung-uk Kim (void)HOST_c2l(data, l); 3466f9291ceSJung-uk Kim T1 = X[11] = l; 3476f9291ceSJung-uk Kim ROUND_00_15(11, f, g, h, a, b, c, d, e); 348e71b7053SJung-uk Kim (void)HOST_c2l(data, l); 3496f9291ceSJung-uk Kim T1 = X[12] = l; 3506f9291ceSJung-uk Kim ROUND_00_15(12, e, f, g, h, a, b, c, d); 351e71b7053SJung-uk Kim (void)HOST_c2l(data, l); 3526f9291ceSJung-uk Kim T1 = X[13] = l; 3536f9291ceSJung-uk Kim ROUND_00_15(13, d, e, f, g, h, a, b, c); 354e71b7053SJung-uk Kim (void)HOST_c2l(data, l); 3556f9291ceSJung-uk Kim T1 = X[14] = l; 3566f9291ceSJung-uk Kim ROUND_00_15(14, c, d, e, f, g, h, a, b); 357e71b7053SJung-uk Kim (void)HOST_c2l(data, l); 3586f9291ceSJung-uk Kim T1 = X[15] = l; 3596f9291ceSJung-uk Kim ROUND_00_15(15, b, c, d, e, f, g, h, a); 3603b4e3dcbSSimon L. B. Nielsen } 3613b4e3dcbSSimon L. B. Nielsen 3626f9291ceSJung-uk Kim for (i = 16; i < 64; i += 8) { 3633b4e3dcbSSimon L. B. Nielsen ROUND_16_63(i + 0, a, b, c, d, e, f, g, h, X); 3643b4e3dcbSSimon L. B. Nielsen ROUND_16_63(i + 1, h, a, b, c, d, e, f, g, X); 3653b4e3dcbSSimon L. B. Nielsen ROUND_16_63(i + 2, g, h, a, b, c, d, e, f, X); 3663b4e3dcbSSimon L. B. Nielsen ROUND_16_63(i + 3, f, g, h, a, b, c, d, e, X); 3673b4e3dcbSSimon L. B. Nielsen ROUND_16_63(i + 4, e, f, g, h, a, b, c, d, X); 3683b4e3dcbSSimon L. B. Nielsen ROUND_16_63(i + 5, d, e, f, g, h, a, b, c, X); 3693b4e3dcbSSimon L. B. Nielsen ROUND_16_63(i + 6, c, d, e, f, g, h, a, b, X); 3703b4e3dcbSSimon L. B. Nielsen ROUND_16_63(i + 7, b, c, d, e, f, g, h, a, X); 3713b4e3dcbSSimon L. B. Nielsen } 3723b4e3dcbSSimon L. B. Nielsen 3736f9291ceSJung-uk Kim ctx->h[0] += a; 3746f9291ceSJung-uk Kim ctx->h[1] += b; 3756f9291ceSJung-uk Kim ctx->h[2] += c; 3766f9291ceSJung-uk Kim ctx->h[3] += d; 3776f9291ceSJung-uk Kim ctx->h[4] += e; 3786f9291ceSJung-uk Kim ctx->h[5] += f; 3796f9291ceSJung-uk Kim ctx->h[6] += g; 3806f9291ceSJung-uk Kim ctx->h[7] += h; 3813b4e3dcbSSimon L. B. Nielsen 3823b4e3dcbSSimon L. B. Nielsen } 3833b4e3dcbSSimon L. B. Nielsen } 3843b4e3dcbSSimon L. B. Nielsen 3853b4e3dcbSSimon L. B. Nielsen # endif 3863b4e3dcbSSimon L. B. Nielsen #endif /* SHA256_ASM */ 387