TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_test / 895c5caa9070a134bc12acdc6d0ad0354aa1f644 / . / ta / crypt / sha2_impl.c
blob: 27c56b008600524357de54e7a6a57239be9c208e [file] [log] [blame]
Pascal Brandc639ac82015-07-02 08:53:34 +0200[diff] [blame]1/*
2 * Copyright (c) 2014, STMicroelectronics International N.V.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright notice,
9 * this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
16 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
19 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
20 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
21 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
24 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25 * POSSIBILITY OF SUCH DAMAGE.
26 */
27
28/*
29 * FIPS 180-2 SHA-224/256/384/512 implementation
30 * Last update: 02/02/2007
31 * Issue date: 04/30/2005
32 *
33 * Copyright (C) 2005, 2007 Olivier Gay <olivier.gay@a3.epfl.ch>
34 * All rights reserved.
35 *
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 3. Neither the name of the project nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 */
60#include "stdint.h"
61#include "sha2_impl.h"
62
63#define SHFR(x, n) (x >> n)
64#define ROTR(x, n) ((x >> n) | (x << ((sizeof(x) << 3) - n)))
65#define ROTL(x, n) ((x << n) | (x >> ((sizeof(x) << 3) - n)))
66#define CH(x, y, z) ((x & y) ^ (~x & z))
67#define MAJ(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
68
69#define SHA256_F1(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
70#define SHA256_F2(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
71#define SHA256_F3(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHFR(x, 3))
72#define SHA256_F4(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHFR(x, 10))
73
74#define UNPACK32(x, str) \
75 { \
76 *((str) + 3) = (uint8_t) ((x)); \
77 *((str) + 2) = (uint8_t) ((x) >> 8); \
78 *((str) + 1) = (uint8_t) ((x) >> 16); \
79 *((str) + 0) = (uint8_t) ((x) >> 24); \
80 }
81
82#define PACK32(str, x) \
83 { \
84 *(x) = ((uint32_t) *((str) + 3)) \
85 | ((uint32_t) *((str) + 2) << 8) \
86 | ((uint32_t) *((str) + 1) << 16) \
87 | ((uint32_t) *((str) + 0) << 24); \
88 }
89
90/* Macros used for loops unrolling */
91#define SHA256_SCR(i) \
92{ \
93 w[i] = SHA256_F4(w[i - 2]) + w[i - 7] \
94 + SHA256_F3(w[i - 15]) + w[i - 16]; \
95}
96
97#define SHA256_EXP(a, b, c, d, e, f, g, h, j) \
98{ \
99 t1 = wv[h] + SHA256_F2(wv[e]) + CH(wv[e], wv[f], wv[g]) \
100 + sha256_k[j] + w[j]; \
101 t2 = SHA256_F1(wv[a]) + MAJ(wv[a], wv[b], wv[c]); \
102 wv[d] += t1; \
103 wv[h] = t1 + t2; \
104}
105
106uint32_t sha224_h0[8] = {
107 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
108 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4
109};
110
111uint32_t sha256_h0[8] = {
112 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
113 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
114};
115
116uint32_t sha256_k[64] = {
117 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
118 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
119 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
120 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
121 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
122 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
123 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
124 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
125 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
126 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
127 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
128 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
129 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
130 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
131 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
132 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
133};
134
135/* SHA-256 functions */
136void sha256_transf(struct sha256_ctx *ctx, const unsigned char *message,
137 unsigned int block_nb)
138{
139 uint32_t w[64];
140 uint32_t wv[8];
141 uint32_t t1, t2;
142 const unsigned char *sub_block;
143 int i;
144
145#ifndef UNROLL_LOOPS
146 int j;
147#endif
148
149 for (i = 0; i < (int)block_nb; i++) {
150 sub_block = message + (i << 6);
151
152#ifndef UNROLL_LOOPS
153 for (j = 0; j < 16; j++)
154 PACK32(&sub_block[j << 2], &w[j]);
155
156 for (j = 16; j < 64; j++)
157 SHA256_SCR(j);
158
159 for (j = 0; j < 8; j++)
160 wv[j] = ctx->h[j];
161
162 for (j = 0; j < 64; j++) {
163 t1 = wv[7] + SHA256_F2(wv[4]) + CH(wv[4], wv[5], wv[6])
164 + sha256_k[j] + w[j];
165 t2 = SHA256_F1(wv[0]) + MAJ(wv[0], wv[1], wv[2]);
166 wv[7] = wv[6];
167 wv[6] = wv[5];
168 wv[5] = wv[4];
169 wv[4] = wv[3] + t1;
170 wv[3] = wv[2];
171 wv[2] = wv[1];
172 wv[1] = wv[0];
173 wv[0] = t1 + t2;
174 }
175
176 for (j = 0; j < 8; j++)
177 ctx->h[j] += wv[j];
178#else
179 PACK32(&sub_block[0], &w[0]);
180 PACK32(&sub_block[4], &w[1]);
181 PACK32(&sub_block[8], &w[2]);
182 PACK32(&sub_block[12], &w[3]);
183 PACK32(&sub_block[16], &w[4]);
184 PACK32(&sub_block[20], &w[5]);
185 PACK32(&sub_block[24], &w[6]);
186 PACK32(&sub_block[28], &w[7]);
187 PACK32(&sub_block[32], &w[8]);
188 PACK32(&sub_block[36], &w[9]);
189 PACK32(&sub_block[40], &w[10]);
190 PACK32(&sub_block[44], &w[11]);
191 PACK32(&sub_block[48], &w[12]);
192 PACK32(&sub_block[52], &w[13]);
193 PACK32(&sub_block[56], &w[14]);
194 PACK32(&sub_block[60], &w[15]);
195
196 SHA256_SCR(16);
197 SHA256_SCR(17);
198 SHA256_SCR(18);
199 SHA256_SCR(19);
200 SHA256_SCR(20);
201 SHA256_SCR(21);
202 SHA256_SCR(22);
203 SHA256_SCR(23);
204 SHA256_SCR(24);
205 SHA256_SCR(25);
206 SHA256_SCR(26);
207 SHA256_SCR(27);
208 SHA256_SCR(28);
209 SHA256_SCR(29);
210 SHA256_SCR(30);
211 SHA256_SCR(31);
212 SHA256_SCR(32);
213 SHA256_SCR(33);
214 SHA256_SCR(34);
215 SHA256_SCR(35);
216 SHA256_SCR(36);
217 SHA256_SCR(37);
218 SHA256_SCR(38);
219 SHA256_SCR(39);
220 SHA256_SCR(40);
221 SHA256_SCR(41);
222 SHA256_SCR(42);
223 SHA256_SCR(43);
224 SHA256_SCR(44);
225 SHA256_SCR(45);
226 SHA256_SCR(46);
227 SHA256_SCR(47);
228 SHA256_SCR(48);
229 SHA256_SCR(49);
230 SHA256_SCR(50);
231 SHA256_SCR(51);
232 SHA256_SCR(52);
233 SHA256_SCR(53);
234 SHA256_SCR(54);
235 SHA256_SCR(55);
236 SHA256_SCR(56);
237 SHA256_SCR(57);
238 SHA256_SCR(58);
239 SHA256_SCR(59);
240 SHA256_SCR(60);
241 SHA256_SCR(61);
242 SHA256_SCR(62);
243 SHA256_SCR(63);
244
245 wv[0] = ctx->h[0];
246 wv[1] = ctx->h[1];
247 wv[2] = ctx->h[2];
248 wv[3] = ctx->h[3];
249 wv[4] = ctx->h[4];
250 wv[5] = ctx->h[5];
251 wv[6] = ctx->h[6];
252 wv[7] = ctx->h[7];
253
254 SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 0);
255 SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 1);
256 SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 2);
257 SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 3);
258 SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 4);
259 SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 5);
260 SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 6);
261 SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 7);
262 SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 8);
263 SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 9);
264 SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 10);
265 SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 11);
266 SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 12);
267 SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 13);
268 SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 14);
269 SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 15);
270 SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 16);
271 SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 17);
272 SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 18);
273 SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 19);
274 SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 20);
275 SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 21);
276 SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 22);
277 SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 23);
278 SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 24);
279 SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 25);
280 SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 26);
281 SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 27);
282 SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 28);
283 SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 29);
284 SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 30);
285 SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 31);
286 SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 32);
287 SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 33);
288 SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 34);
289 SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 35);
290 SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 36);
291 SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 37);
292 SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 38);
293 SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 39);
294 SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 40);
295 SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 41);
296 SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 42);
297 SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 43);
298 SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 44);
299 SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 45);
300 SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 46);
301 SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 47);
302 SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 48);
303 SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 49);
304 SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 50);
305 SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 51);
306 SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 52);
307 SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 53);
308 SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 54);
309 SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 55);
310 SHA256_EXP(0, 1, 2, 3, 4, 5, 6, 7, 56);
311 SHA256_EXP(7, 0, 1, 2, 3, 4, 5, 6, 57);
312 SHA256_EXP(6, 7, 0, 1, 2, 3, 4, 5, 58);
313 SHA256_EXP(5, 6, 7, 0, 1, 2, 3, 4, 59);
314 SHA256_EXP(4, 5, 6, 7, 0, 1, 2, 3, 60);
315 SHA256_EXP(3, 4, 5, 6, 7, 0, 1, 2, 61);
316 SHA256_EXP(2, 3, 4, 5, 6, 7, 0, 1, 62);
317 SHA256_EXP(1, 2, 3, 4, 5, 6, 7, 0, 63);
318
319 ctx->h[0] += wv[0];
320 ctx->h[1] += wv[1];
321 ctx->h[2] += wv[2];
322 ctx->h[3] += wv[3];
323 ctx->h[4] += wv[4];
324 ctx->h[5] += wv[5];
325 ctx->h[6] += wv[6];
326 ctx->h[7] += wv[7];
327#endif
328 }
329}
330
331void sha256(const unsigned char *message,
332 unsigned int len, unsigned char *digest)
333{
334 struct sha256_ctx ctx;
335
336 sha256_init(&ctx);
337 sha256_update(&ctx, message, len);
338 sha256_final(&ctx, digest);
339}
340
341void sha256_init(struct sha256_ctx *ctx)
342{
343#ifndef UNROLL_LOOPS
344 int i;
345
346 for (i = 0; i < 8; i++)
347 ctx->h[i] = sha256_h0[i];
348#else
349 ctx->h[0] = sha256_h0[0];
350 ctx->h[1] = sha256_h0[1];
351 ctx->h[2] = sha256_h0[2];
352 ctx->h[3] = sha256_h0[3];
353 ctx->h[4] = sha256_h0[4];
354 ctx->h[5] = sha256_h0[5];
355 ctx->h[6] = sha256_h0[6];
356 ctx->h[7] = sha256_h0[7];
357#endif
358
359 ctx->len = 0;
360 ctx->tot_len = 0;
361}
362
363void sha256_update(struct sha256_ctx *ctx, const unsigned char *message,
364 unsigned int len)
365{
366 unsigned int block_nb;
367 unsigned int new_len, rem_len, tmp_len;
368 const unsigned char *shifted_message;
369 unsigned long int i;
370
371 tmp_len = SHA256_BLOCK_SIZE - ctx->len;
372 rem_len = len < tmp_len ? len : tmp_len;
373
374 for (i = 0; i < rem_len; i++)
375 ctx->block[ctx->len + i] = message[i];
376
377 if (ctx->len + len < SHA256_BLOCK_SIZE) {
378 ctx->len += len;
379 return;
380 }
381
382 new_len = len - rem_len;
383 block_nb = new_len / SHA256_BLOCK_SIZE;
384
385 shifted_message = message + rem_len;
386
387 sha256_transf(ctx, ctx->block, 1);
388 sha256_transf(ctx, shifted_message, block_nb);
389
390 rem_len = new_len % SHA256_BLOCK_SIZE;
391
392 for (i = 0; i < rem_len; i++)
393 ctx->block[i] = shifted_message[(block_nb << 6) + i];
394
395 ctx->len = rem_len;
396 ctx->tot_len += (block_nb + 1) << 6;
397}
398
399void sha256_final(struct sha256_ctx *ctx, unsigned char *digest)
400{
401 unsigned int block_nb;
402 unsigned int pm_len;
403 unsigned int len_b;
404 unsigned long int i_m;
405
406#ifndef UNROLL_LOOPS
407 int i;
408#endif
409
410 block_nb = (1 + ((SHA256_BLOCK_SIZE - 9)
411 < (ctx->len % SHA256_BLOCK_SIZE)));
412
413 len_b = (ctx->tot_len + ctx->len) << 3;
414 pm_len = block_nb << 6;
415
416 for (i_m = 0; i_m < pm_len - ctx->len; i_m++)
417 ctx->block[ctx->len + i_m] = 0;
418
419 ctx->block[ctx->len] = 0x80;
420 UNPACK32(len_b, ctx->block + pm_len - 4);
421
422 sha256_transf(ctx, ctx->block, block_nb);
423
424#ifndef UNROLL_LOOPS
425 for (i = 0; i < 8; i++)
426 UNPACK32(ctx->h[i], &digest[i << 2]);
427#else
428 UNPACK32(ctx->h[0], &digest[0]);
429 UNPACK32(ctx->h[1], &digest[4]);
430 UNPACK32(ctx->h[2], &digest[8]);
431 UNPACK32(ctx->h[3], &digest[12]);
432 UNPACK32(ctx->h[4], &digest[16]);
433 UNPACK32(ctx->h[5], &digest[20]);
434 UNPACK32(ctx->h[6], &digest[24]);
435 UNPACK32(ctx->h[7], &digest[28]);
436#endif
437}
438
439/* SHA-224 functions */
440void sha224(const unsigned char *message, unsigned int len,
441 unsigned char *digest)
442{
443 struct sha224_ctx ctx;
444
445 sha224_init(&ctx);
446 sha224_update(&ctx, message, len);
447 sha224_final(&ctx, digest);
448}
449
450void sha224_init(struct sha224_ctx *ctx)
451{
452#ifndef UNROLL_LOOPS
453 int i;
454
455 for (i = 0; i < 8; i++)
456 ctx->h[i] = sha224_h0[i];
457#else
458 ctx->h[0] = sha224_h0[0];
459 ctx->h[1] = sha224_h0[1];
460 ctx->h[2] = sha224_h0[2];
461 ctx->h[3] = sha224_h0[3];
462 ctx->h[4] = sha224_h0[4];
463 ctx->h[5] = sha224_h0[5];
464 ctx->h[6] = sha224_h0[6];
465 ctx->h[7] = sha224_h0[7];
466#endif
467
468 ctx->len = 0;
469 ctx->tot_len = 0;
470}
471
472void sha224_update(struct sha224_ctx *ctx, const unsigned char *message,
473 unsigned int len)
474{
475 unsigned int block_nb;
476 unsigned int new_len, rem_len, tmp_len;
477 const unsigned char *shifted_message;
478 unsigned long int i;
479
480 tmp_len = SHA224_BLOCK_SIZE - ctx->len;
481 rem_len = len < tmp_len ? len : tmp_len;
482
483 for (i = 0; i < rem_len; i++)
484 ctx->block[ctx->len + i] = message[i];
485
486 if (ctx->len + len < SHA224_BLOCK_SIZE) {
487 ctx->len += len;
488 return;
489 }
490
491 new_len = len - rem_len;
492 block_nb = new_len / SHA224_BLOCK_SIZE;
493
494 shifted_message = message + rem_len;
495
496 sha256_transf((struct sha256_ctx *)ctx, ctx->block, 1);
497 sha256_transf((struct sha256_ctx *)ctx, shifted_message, block_nb);
498
499 rem_len = new_len % SHA224_BLOCK_SIZE;
500
501 for (i = 0; i < rem_len; i++)
502 ctx->block[i] = shifted_message[(block_nb << 6) + i];
503
504 ctx->len = rem_len;
505 ctx->tot_len += (block_nb + 1) << 6;
506}
507
508void sha224_final(struct sha224_ctx *ctx, unsigned char *digest)
509{
510 unsigned int block_nb;
511 unsigned int pm_len;
512 unsigned int len_b;
513 unsigned long int i_m;
514
515#ifndef UNROLL_LOOPS
516 int i;
517#endif
518
519 block_nb = (1 + ((SHA224_BLOCK_SIZE - 9)
520 < (ctx->len % SHA224_BLOCK_SIZE)));
521
522 len_b = (ctx->tot_len + ctx->len) << 3;
523 pm_len = block_nb << 6;
524
525 for (i_m = 0; i_m < pm_len - ctx->len; i_m++)
526 ctx->block[ctx->len + i_m] = 0;
527
528 ctx->block[ctx->len] = 0x80;
529 UNPACK32(len_b, ctx->block + pm_len - 4);
530
531 sha256_transf((struct sha256_ctx *)ctx, ctx->block, block_nb);
532
533#ifndef UNROLL_LOOPS
534 for (i = 0; i < 7; i++)
535 UNPACK32(ctx->h[i], &digest[i << 2]);
536#else
537 UNPACK32(ctx->h[0], &digest[0]);
538 UNPACK32(ctx->h[1], &digest[4]);
539 UNPACK32(ctx->h[2], &digest[8]);
540 UNPACK32(ctx->h[3], &digest[12]);
541 UNPACK32(ctx->h[4], &digest[16]);
542 UNPACK32(ctx->h[5], &digest[20]);
543 UNPACK32(ctx->h[6], &digest[24]);
544#endif
545}