199767f8919635c4928607450d9e0abb932109ceToomas Soome * CDDL HEADER START
199767f8919635c4928607450d9e0abb932109ceToomas Soome * The contents of this file are subject to the terms of the
199767f8919635c4928607450d9e0abb932109ceToomas Soome * Common Development and Distribution License, Version 1.0 only
199767f8919635c4928607450d9e0abb932109ceToomas Soome * (the "License"). You may not use this file except in compliance
199767f8919635c4928607450d9e0abb932109ceToomas Soome * with the License.
199767f8919635c4928607450d9e0abb932109ceToomas Soome * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
199767f8919635c4928607450d9e0abb932109ceToomas Soome * See the License for the specific language governing permissions
199767f8919635c4928607450d9e0abb932109ceToomas Soome * and limitations under the License.
199767f8919635c4928607450d9e0abb932109ceToomas Soome * When distributing Covered Code, include this CDDL HEADER in each
199767f8919635c4928607450d9e0abb932109ceToomas Soome * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
199767f8919635c4928607450d9e0abb932109ceToomas Soome * If applicable, add the following below this CDDL HEADER, with the
199767f8919635c4928607450d9e0abb932109ceToomas Soome * fields enclosed by brackets "[]" replaced with your own identifying
199767f8919635c4928607450d9e0abb932109ceToomas Soome * information: Portions Copyright [yyyy] [name of copyright owner]
199767f8919635c4928607450d9e0abb932109ceToomas Soome * CDDL HEADER END
199767f8919635c4928607450d9e0abb932109ceToomas Soome * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
199767f8919635c4928607450d9e0abb932109ceToomas Soome * Use is subject to license terms.
199767f8919635c4928607450d9e0abb932109ceToomas Soome * Copyright 2013 Saso Kiselkov. All rights reserved.
199767f8919635c4928607450d9e0abb932109ceToomas Soome * Copyright 2015 Toomas Soome <tsoome@me.com>
199767f8919635c4928607450d9e0abb932109ceToomas Soome * SHA-256 and SHA-512/256 hashes, as specified in FIPS 180-4, available at:
199767f8919635c4928607450d9e0abb932109ceToomas Soome * This is a very compact implementation of SHA-256 and SHA-512/256.
199767f8919635c4928607450d9e0abb932109ceToomas Soome * It is designed to be simple and portable, not to be fast.
199767f8919635c4928607450d9e0abb932109ceToomas Soome * The literal definitions according to FIPS180-4 would be:
199767f8919635c4928607450d9e0abb932109ceToomas Soome * Ch(x, y, z) (((x) & (y)) ^ ((~(x)) & (z)))
199767f8919635c4928607450d9e0abb932109ceToomas Soome * Maj(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
199767f8919635c4928607450d9e0abb932109ceToomas Soome * We use logical equivalents which require one less op.
199767f8919635c4928607450d9e0abb932109ceToomas Soome#define Maj(x, y, z) (((x) & (y)) ^ ((z) & ((x) ^ (y))))
199767f8919635c4928607450d9e0abb932109ceToomas Soome#define ROTR(x, n) (((x) >> (n)) | ((x) << ((sizeof (x) * NBBY)-(n))))
199767f8919635c4928607450d9e0abb932109ceToomas Soome/* SHA-224/256 operations */
199767f8919635c4928607450d9e0abb932109ceToomas Soome#define BIGSIGMA0_256(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
199767f8919635c4928607450d9e0abb932109ceToomas Soome#define BIGSIGMA1_256(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
199767f8919635c4928607450d9e0abb932109ceToomas Soome#define SIGMA0_256(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ ((x) >> 3))
199767f8919635c4928607450d9e0abb932109ceToomas Soome#define SIGMA1_256(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ ((x) >> 10))
199767f8919635c4928607450d9e0abb932109ceToomas Soome/* SHA-384/512 operations */
199767f8919635c4928607450d9e0abb932109ceToomas Soome#define BIGSIGMA0_512(x) (ROTR((x), 28) ^ ROTR((x), 34) ^ ROTR((x), 39))
199767f8919635c4928607450d9e0abb932109ceToomas Soome#define BIGSIGMA1_512(x) (ROTR((x), 14) ^ ROTR((x), 18) ^ ROTR((x), 41))
199767f8919635c4928607450d9e0abb932109ceToomas Soome#define SIGMA0_512(x) (ROTR((x), 1) ^ ROTR((x), 8) ^ ((x) >> 7))
199767f8919635c4928607450d9e0abb932109ceToomas Soome#define SIGMA1_512(x) (ROTR((x), 19) ^ ROTR((x), 61) ^ ((x) >> 6))
199767f8919635c4928607450d9e0abb932109ceToomas Soome/* SHA-256 round constants */
199767f8919635c4928607450d9e0abb932109ceToomas Soome 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
199767f8919635c4928607450d9e0abb932109ceToomas Soome 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
199767f8919635c4928607450d9e0abb932109ceToomas Soome 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
199767f8919635c4928607450d9e0abb932109ceToomas Soome 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
199767f8919635c4928607450d9e0abb932109ceToomas Soome 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
199767f8919635c4928607450d9e0abb932109ceToomas Soome 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
199767f8919635c4928607450d9e0abb932109ceToomas Soome 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
199767f8919635c4928607450d9e0abb932109ceToomas Soome 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
199767f8919635c4928607450d9e0abb932109ceToomas Soome 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
199767f8919635c4928607450d9e0abb932109ceToomas Soome 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
199767f8919635c4928607450d9e0abb932109ceToomas Soome 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
199767f8919635c4928607450d9e0abb932109ceToomas Soome 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
199767f8919635c4928607450d9e0abb932109ceToomas Soome 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
199767f8919635c4928607450d9e0abb932109ceToomas Soome 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
199767f8919635c4928607450d9e0abb932109ceToomas Soome 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
199767f8919635c4928607450d9e0abb932109ceToomas Soome/* SHA-512 round constants */
199767f8919635c4928607450d9e0abb932109ceToomas Soome uint32_t a, b, c, d, e, f, g, h, t, T1, T2, W[64];
199767f8919635c4928607450d9e0abb932109ceToomas Soome /* copy chunk into the first 16 words of the message schedule */
199767f8919635c4928607450d9e0abb932109ceToomas Soome for (t = 0; t < 16; t++, cp += sizeof (uint32_t))
199767f8919635c4928607450d9e0abb932109ceToomas Soome W[t] = (cp[0] << 24) | (cp[1] << 16) | (cp[2] << 8) | cp[3];
199767f8919635c4928607450d9e0abb932109ceToomas Soome /* extend the first 16 words into the remaining 48 words */
199767f8919635c4928607450d9e0abb932109ceToomas Soome /* init working variables to the current hash value */
199767f8919635c4928607450d9e0abb932109ceToomas Soome /* iterate the compression function for all rounds of the hash */
199767f8919635c4928607450d9e0abb932109ceToomas Soome for (t = 0; t < 64; t++) {
199767f8919635c4928607450d9e0abb932109ceToomas Soome T1 = h + BIGSIGMA1_256(e) + Ch(e, f, g) + SHA256_K[t] + W[t];
199767f8919635c4928607450d9e0abb932109ceToomas Soome h = g; g = f; f = e; e = d + T1;
199767f8919635c4928607450d9e0abb932109ceToomas Soome /* add the compressed chunk to the current hash value */
199767f8919635c4928607450d9e0abb932109ceToomas Soome uint64_t a, b, c, d, e, f, g, h, t, T1, T2, W[80];
199767f8919635c4928607450d9e0abb932109ceToomas Soome /* copy chunk into the first 16 words of the message schedule */
199767f8919635c4928607450d9e0abb932109ceToomas Soome for (t = 0; t < 16; t++, cp += sizeof (uint64_t))
199767f8919635c4928607450d9e0abb932109ceToomas Soome W[t] = ((uint64_t)cp[0] << 56) | ((uint64_t)cp[1] << 48) |
199767f8919635c4928607450d9e0abb932109ceToomas Soome ((uint64_t)cp[2] << 40) | ((uint64_t)cp[3] << 32) |
199767f8919635c4928607450d9e0abb932109ceToomas Soome ((uint64_t)cp[4] << 24) | ((uint64_t)cp[5] << 16) |
199767f8919635c4928607450d9e0abb932109ceToomas Soome /* extend the first 16 words into the remaining 64 words */
199767f8919635c4928607450d9e0abb932109ceToomas Soome /* init working variables to the current hash value */
199767f8919635c4928607450d9e0abb932109ceToomas Soome /* iterate the compression function for all rounds of the hash */
199767f8919635c4928607450d9e0abb932109ceToomas Soome for (t = 0; t < 80; t++) {
199767f8919635c4928607450d9e0abb932109ceToomas Soome T1 = h + BIGSIGMA1_512(e) + Ch(e, f, g) + SHA512_K[t] + W[t];
199767f8919635c4928607450d9e0abb932109ceToomas Soome h = g; g = f; f = e; e = d + T1;
199767f8919635c4928607450d9e0abb932109ceToomas Soome /* add the compressed chunk to the current hash value */
199767f8919635c4928607450d9e0abb932109ceToomas Soome * Implements the SHA-224 and SHA-256 hash algos - to select between them
199767f8919635c4928607450d9e0abb932109ceToomas Soome * pass the appropriate initial values of 'H' and truncate the last 32 bits
199767f8919635c4928607450d9e0abb932109ceToomas Soome * in case of SHA-224.
199767f8919635c4928607450d9e0abb932109ceToomas SoomeSHA256(uint32_t *H, const void *buf, uint64_t size, zio_cksum_t *zcp)
199767f8919635c4928607450d9e0abb932109ceToomas Soome unsigned i, k;
199767f8919635c4928607450d9e0abb932109ceToomas Soome /* process all blocks up to the last one */
199767f8919635c4928607450d9e0abb932109ceToomas Soome /* process the last block and padding */
199767f8919635c4928607450d9e0abb932109ceToomas Soome for (k = 0; k < padsize; k++)
199767f8919635c4928607450d9e0abb932109ceToomas Soome for (pad[padsize++] = 0x80; (padsize & 63) != 56; padsize++)
199767f8919635c4928607450d9e0abb932109ceToomas Soome for (i = 0; i < 8; i++)
199767f8919635c4928607450d9e0abb932109ceToomas Soome * encode 64bit data in big-endian format.
199767f8919635c4928607450d9e0abb932109ceToomas SoomeEncode64(uint8_t *output, uint64_t *input, size_t len)
199767f8919635c4928607450d9e0abb932109ceToomas Soome * Implements the SHA-384, SHA-512 and SHA-512/t hash algos - to select
199767f8919635c4928607450d9e0abb932109ceToomas Soome * between them pass the appropriate initial values for 'H'. The output
199767f8919635c4928607450d9e0abb932109ceToomas Soome * of this function is truncated to the first 256 bits that fit into 'zcp'.
199767f8919635c4928607450d9e0abb932109ceToomas SoomeSHA512(uint64_t *H, const void *buf, uint64_t size, zio_cksum_t *zcp)
199767f8919635c4928607450d9e0abb932109ceToomas Soome unsigned i, k;
199767f8919635c4928607450d9e0abb932109ceToomas Soome /* process all blocks up to the last one */
199767f8919635c4928607450d9e0abb932109ceToomas Soome /* process the last block and padding */
199767f8919635c4928607450d9e0abb932109ceToomas Soome for (k = 0; k < padsize; k++)
199767f8919635c4928607450d9e0abb932109ceToomas Soome for (pad[padsize++] = 0x80; padsize < 112; padsize++)
199767f8919635c4928607450d9e0abb932109ceToomas Soome for (pad[padsize++] = 0x80; padsize < 240; padsize++)
199767f8919635c4928607450d9e0abb932109ceToomas Soome /* truncate the output to the first 256 bits which fit into 'zcp' */
199767f8919635c4928607450d9e0abb932109ceToomas Soome Encode64((uint8_t *)zcp, H, sizeof (uint64_t) * 4);
199767f8919635c4928607450d9e0abb932109ceToomas Soomezio_checksum_SHA256(const void *buf, uint64_t size,
199767f8919635c4928607450d9e0abb932109ceToomas Soome /* SHA-256 as per FIPS 180-4. */
199767f8919635c4928607450d9e0abb932109ceToomas Soome 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
199767f8919635c4928607450d9e0abb932109ceToomas Soomezio_checksum_SHA512_native(const void *buf, uint64_t size,
199767f8919635c4928607450d9e0abb932109ceToomas Soome /* SHA-512/256 as per FIPS 180-4. */
199767f8919635c4928607450d9e0abb932109ceToomas Soomezio_checksum_SHA512_byteswap(const void *buf, uint64_t size,