3 * Copyright (C) 2006-2014 wolfSSL Inc.
5 * This file is part of CyaSSL.
7 * CyaSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * CyaSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
27 #include <cyassl/ctaocrypt/settings.h>
31 #ifdef CYASSL_PIC32MZ_HASH
32 #define InitSha InitSha_sw
33 #define ShaUpdate ShaUpdate_sw
34 #define ShaFinal ShaFinal_sw
38 /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
39 #define FIPS_NO_WRAPPERS
42 #include <cyassl/ctaocrypt/sha.h>
43 #include <cyassl/ctaocrypt/logging.h>
44 #include <cyassl/ctaocrypt/error-crypt.h>
47 #include <cyassl/ctaocrypt/misc.h>
49 #include <ctaocrypt/src/misc.c>
52 #ifdef FREESCALE_MMCAU
54 #define XTRANSFORM(S,B) cau_sha1_hash_n((B), 1, ((S))->digest)
56 #define XTRANSFORM(S,B) Transform((S))
62 * STM32F2 hardware SHA1 support through the STM32F2 standard peripheral
63 * library. Documentation located in STM32F2xx Standard Peripheral Library
64 * document (See note in README).
66 #include "stm32f2xx.h"
67 #include "stm32f2xx_hash.h"
71 /* STM32F2 struct notes:
72 * sha->buffer = first 4 bytes used to hold partial block if needed
73 * sha->buffLen = num bytes currently stored in sha->buffer
74 * sha->loLen = num bytes that have been written to STM32 FIFO
76 XMEMSET(sha->buffer, 0, SHA_REG_SIZE);
80 /* initialize HASH peripheral */
83 /* configure algo used, algo mode, datatype */
84 HASH->CR &= ~ (HASH_CR_ALGO | HASH_CR_DATATYPE | HASH_CR_MODE);
85 HASH->CR |= (HASH_AlgoSelection_SHA1 | HASH_AlgoMode_HASH
88 /* reset HASH processor */
89 HASH->CR |= HASH_CR_INIT;
94 int ShaUpdate(Sha* sha, const byte* data, word32 len)
100 /* if saved partial block is available */
102 fill = 4 - sha->buffLen;
104 /* if enough data to fill, fill and push to FIFO */
106 XMEMCPY((byte*)sha->buffer + sha->buffLen, data, fill);
107 HASH_DataIn(*(uint32_t*)sha->buffer);
114 /* append partial to existing stored block */
115 XMEMCPY((byte*)sha->buffer + sha->buffLen, data, len);
121 /* write input block in the IN FIFO */
122 for(i = 0; i < len; i += 4)
126 /* store incomplete last block, not yet in FIFO */
127 XMEMSET(sha->buffer, 0, SHA_REG_SIZE);
128 XMEMCPY((byte*)sha->buffer, data, diff);
131 HASH_DataIn(*(uint32_t*)data);
136 /* keep track of total data length thus far */
137 sha->loLen += (len - sha->buffLen);
142 int ShaFinal(Sha* sha, byte* hash)
144 __IO uint16_t nbvalidbitsdata = 0;
146 /* finish reading any trailing bytes into FIFO */
148 HASH_DataIn(*(uint32_t*)sha->buffer);
149 sha->loLen += sha->buffLen;
152 /* calculate number of valid bits in last word of input data */
153 nbvalidbitsdata = 8 * (sha->loLen % SHA_REG_SIZE);
155 /* configure number of valid bits in last word of the data */
156 HASH_SetLastWordValidBitsNbr(nbvalidbitsdata);
158 /* start HASH processor */
161 /* wait until Busy flag == RESET */
162 while (HASH_GetFlagStatus(HASH_FLAG_BUSY) != RESET) {}
164 /* read message digest */
165 sha->digest[0] = HASH->HR[0];
166 sha->digest[1] = HASH->HR[1];
167 sha->digest[2] = HASH->HR[2];
168 sha->digest[3] = HASH->HR[3];
169 sha->digest[4] = HASH->HR[4];
171 ByteReverseWords(sha->digest, sha->digest, SHA_DIGEST_SIZE);
173 XMEMCPY(hash, sha->digest, SHA_DIGEST_SIZE);
175 return InitSha(sha); /* reset state */
178 #else /* CTaoCrypt software implementation */
182 static INLINE word32 min(word32 a, word32 b)
184 return a > b ? b : a;
190 int InitSha(Sha* sha)
192 #ifdef FREESCALE_MMCAU
193 cau_sha1_initialize_output(sha->digest);
195 sha->digest[0] = 0x67452301L;
196 sha->digest[1] = 0xEFCDAB89L;
197 sha->digest[2] = 0x98BADCFEL;
198 sha->digest[3] = 0x10325476L;
199 sha->digest[4] = 0xC3D2E1F0L;
209 #ifndef FREESCALE_MMCAU
211 #define blk0(i) (W[i] = sha->buffer[i])
212 #define blk1(i) (W[i&15] = \
213 rotlFixed(W[(i+13)&15]^W[(i+8)&15]^W[(i+2)&15]^W[i&15],1))
215 #define f1(x,y,z) (z^(x &(y^z)))
216 #define f2(x,y,z) (x^y^z)
217 #define f3(x,y,z) ((x&y)|(z&(x|y)))
218 #define f4(x,y,z) (x^y^z)
220 /* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
221 #define R0(v,w,x,y,z,i) z+= f1(w,x,y) + blk0(i) + 0x5A827999+ \
222 rotlFixed(v,5); w = rotlFixed(w,30);
223 #define R1(v,w,x,y,z,i) z+= f1(w,x,y) + blk1(i) + 0x5A827999+ \
224 rotlFixed(v,5); w = rotlFixed(w,30);
225 #define R2(v,w,x,y,z,i) z+= f2(w,x,y) + blk1(i) + 0x6ED9EBA1+ \
226 rotlFixed(v,5); w = rotlFixed(w,30);
227 #define R3(v,w,x,y,z,i) z+= f3(w,x,y) + blk1(i) + 0x8F1BBCDC+ \
228 rotlFixed(v,5); w = rotlFixed(w,30);
229 #define R4(v,w,x,y,z,i) z+= f4(w,x,y) + blk1(i) + 0xCA62C1D6+ \
230 rotlFixed(v,5); w = rotlFixed(w,30);
233 static void Transform(Sha* sha)
235 word32 W[SHA_BLOCK_SIZE / sizeof(word32)];
237 /* Copy context->state[] to working vars */
238 word32 a = sha->digest[0];
239 word32 b = sha->digest[1];
240 word32 c = sha->digest[2];
241 word32 d = sha->digest[3];
242 word32 e = sha->digest[4];
247 for (i = 0; i < 16; i++) {
248 R0(a, b, c, d, e, i);
249 t = e; e = d; d = c; c = b; b = a; a = t;
252 for (; i < 20; i++) {
253 R1(a, b, c, d, e, i);
254 t = e; e = d; d = c; c = b; b = a; a = t;
257 for (; i < 40; i++) {
258 R2(a, b, c, d, e, i);
259 t = e; e = d; d = c; c = b; b = a; a = t;
262 for (; i < 60; i++) {
263 R3(a, b, c, d, e, i);
264 t = e; e = d; d = c; c = b; b = a; a = t;
267 for (; i < 80; i++) {
268 R4(a, b, c, d, e, i);
269 t = e; e = d; d = c; c = b; b = a; a = t;
272 /* nearly 1 K bigger in code size but 25% faster */
273 /* 4 rounds of 20 operations each. Loop unrolled. */
274 R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
275 R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
276 R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
277 R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
279 R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
281 R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
282 R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
283 R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
284 R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
285 R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
287 R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
288 R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
289 R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
290 R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
291 R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
293 R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
294 R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
295 R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
296 R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
297 R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
300 /* Add the working vars back into digest state[] */
308 #endif /* FREESCALE_MMCAU */
311 static INLINE void AddLength(Sha* sha, word32 len)
313 word32 tmp = sha->loLen;
314 if ( (sha->loLen += len) < tmp)
315 sha->hiLen++; /* carry low to high */
319 int ShaUpdate(Sha* sha, const byte* data, word32 len)
321 /* do block size increments */
322 byte* local = (byte*)sha->buffer;
325 word32 add = min(len, SHA_BLOCK_SIZE - sha->buffLen);
326 XMEMCPY(&local[sha->buffLen], data, add);
332 if (sha->buffLen == SHA_BLOCK_SIZE) {
333 #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
334 ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
336 XTRANSFORM(sha, local);
337 AddLength(sha, SHA_BLOCK_SIZE);
346 int ShaFinal(Sha* sha, byte* hash)
348 byte* local = (byte*)sha->buffer;
350 AddLength(sha, sha->buffLen); /* before adding pads */
352 local[sha->buffLen++] = 0x80; /* add 1 */
355 if (sha->buffLen > SHA_PAD_SIZE) {
356 XMEMSET(&local[sha->buffLen], 0, SHA_BLOCK_SIZE - sha->buffLen);
357 sha->buffLen += SHA_BLOCK_SIZE - sha->buffLen;
359 #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
360 ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
362 XTRANSFORM(sha, local);
365 XMEMSET(&local[sha->buffLen], 0, SHA_PAD_SIZE - sha->buffLen);
367 /* put lengths in bits */
368 sha->hiLen = (sha->loLen >> (8*sizeof(sha->loLen) - 3)) +
370 sha->loLen = sha->loLen << 3;
373 #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
374 ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
376 /* ! length ordering dependent on digest endian type ! */
377 XMEMCPY(&local[SHA_PAD_SIZE], &sha->hiLen, sizeof(word32));
378 XMEMCPY(&local[SHA_PAD_SIZE + sizeof(word32)], &sha->loLen, sizeof(word32));
380 #ifdef FREESCALE_MMCAU
381 /* Kinetis requires only these bytes reversed */
382 ByteReverseWords(&sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
383 &sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
387 XTRANSFORM(sha, local);
388 #ifdef LITTLE_ENDIAN_ORDER
389 ByteReverseWords(sha->digest, sha->digest, SHA_DIGEST_SIZE);
391 XMEMCPY(hash, sha->digest, SHA_DIGEST_SIZE);
393 return InitSha(sha); /* reset state */
396 #endif /* STM32F2_HASH */
399 int ShaHash(const byte* data, word32 len, byte* hash)
402 #ifdef CYASSL_SMALL_STACK
408 #ifdef CYASSL_SMALL_STACK
409 sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
414 if ((ret = InitSha(sha)) != 0) {
415 CYASSL_MSG("InitSha failed");
418 ShaUpdate(sha, data, len);
422 #ifdef CYASSL_SMALL_STACK
423 XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
projects / freertos / blob