1 /* 2 * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <sys/cdefs.h> 11 __FBSDID("$FreeBSD$"); 12 13 #include <sys/libkern.h> 14 #include <sys/malloc.h> 15 16 #include <opencrypto/cryptodev.h> 17 #include <opencrypto/xform_auth.h> 18 19 #include <crypto/openssl/ossl.h> 20 #include <crypto/openssl/ossl_sha.h> 21 22 /* sha256-x86_64.S */ 23 void sha256_block_data_order(SHA256_CTX *c, const void *in, size_t num); 24 25 /* From crypto/sha/sha256.c */ 26 27 static void 28 ossl_sha224_init(void *c_) 29 { 30 SHA256_CTX *c = c_; 31 memset(c, 0, sizeof(*c)); 32 c->h[0] = 0xc1059ed8UL; 33 c->h[1] = 0x367cd507UL; 34 c->h[2] = 0x3070dd17UL; 35 c->h[3] = 0xf70e5939UL; 36 c->h[4] = 0xffc00b31UL; 37 c->h[5] = 0x68581511UL; 38 c->h[6] = 0x64f98fa7UL; 39 c->h[7] = 0xbefa4fa4UL; 40 c->md_len = SHA224_DIGEST_LENGTH; 41 } 42 43 static void 44 ossl_sha256_init(void *c_) 45 { 46 SHA256_CTX *c = c_; 47 memset(c, 0, sizeof(*c)); 48 c->h[0] = 0x6a09e667UL; 49 c->h[1] = 0xbb67ae85UL; 50 c->h[2] = 0x3c6ef372UL; 51 c->h[3] = 0xa54ff53aUL; 52 c->h[4] = 0x510e527fUL; 53 c->h[5] = 0x9b05688cUL; 54 c->h[6] = 0x1f83d9abUL; 55 c->h[7] = 0x5be0cd19UL; 56 c->md_len = SHA256_DIGEST_LENGTH; 57 } 58 59 60 #define DATA_ORDER_IS_BIG_ENDIAN 61 62 #define HASH_LONG SHA_LONG 63 #define HASH_CTX SHA256_CTX 64 #define HASH_CBLOCK SHA_CBLOCK 65 66 /* 67 * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." 68 * default: case below covers for it. It's not clear however if it's 69 * permitted to truncate to amount of bytes not divisible by 4. I bet not, 70 * but if it is, then default: case shall be extended. For reference. 71 * Idea behind separate cases for pre-defined lengths is to let the 72 * compiler decide if it's appropriate to unroll small loops. 73 */ 74 #define HASH_MAKE_STRING(c,s) do { \ 75 unsigned long ll; \ 76 unsigned int nn; \ 77 switch ((c)->md_len) \ 78 { case SHA224_DIGEST_LENGTH: \ 79 for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++) \ 80 { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \ 81 break; \ 82 case SHA256_DIGEST_LENGTH: \ 83 for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++) \ 84 { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \ 85 break; \ 86 default: \ 87 __assert_unreachable(); \ 88 break; \ 89 } \ 90 } while (0) 91 92 #define HASH_UPDATE ossl_sha256_update 93 #define HASH_FINAL ossl_sha256_final 94 #define HASH_BLOCK_DATA_ORDER sha256_block_data_order 95 96 #include "ossl_hash.h" 97 98 struct auth_hash ossl_hash_sha224 = { 99 .type = CRYPTO_SHA2_224, 100 .name = "OpenSSL-SHA2-224", 101 .hashsize = SHA2_224_HASH_LEN, 102 .ctxsize = sizeof(SHA256_CTX), 103 .blocksize = SHA2_224_BLOCK_LEN, 104 .Init = ossl_sha224_init, 105 .Update = HASH_UPDATE, 106 .Final = HASH_FINAL, 107 }; 108 109 struct auth_hash ossl_hash_sha256 = { 110 .type = CRYPTO_SHA2_256, 111 .name = "OpenSSL-SHA2-256", 112 .hashsize = SHA2_256_HASH_LEN, 113 .ctxsize = sizeof(SHA256_CTX), 114 .blocksize = SHA2_256_BLOCK_LEN, 115 .Init = ossl_sha256_init, 116 .Update = HASH_UPDATE, 117 .Final = HASH_FINAL, 118 }; 119 120 _Static_assert(sizeof(SHA256_CTX) <= sizeof(struct ossl_hash_context), 121 "ossl_hash_context too small"); 122