os/security/cryptoplugins/cryptospiplugins/source/softwarecrypto/sha224and256impl.cpp
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/security/cryptoplugins/cryptospiplugins/source/softwarecrypto/sha224and256impl.cpp Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,499 @@
1.4 +/*
1.5 +* Copyright (c) 2007-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +* All rights reserved.
1.7 +* This component and the accompanying materials are made available
1.8 +* under the terms of the License "Eclipse Public License v1.0"
1.9 +* which accompanies this distribution, and is available
1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.11 +*
1.12 +* Initial Contributors:
1.13 +* Nokia Corporation - initial contribution.
1.14 +*
1.15 +* Contributors:
1.16 +*
1.17 +* Description:
1.18 +* Common implementation of SHA224 and SHA256
1.19 +* RFC 4634 (US Secure Hash Algorithms (SHA and HMAC-SHA))
1.20 +*
1.21 +*/
1.22 +
1.23 +
1.24 +/**
1.25 + @file
1.26 +*/
1.27 +
1.28 +
1.29 +#include <cryptospi/hashplugin.h>
1.30 +#include "pluginconfig.h"
1.31 +#include "sha224and256impl.h"
1.32 +
1.33 +using namespace SoftwareCrypto;
1.34 +
1.35 +/**
1.36 + * SHA256 Constants
1.37 + *
1.38 + * SHA-256 uses a sequence of sixty-four constant 32-bit words.
1.39 + * These words represent the first thirty-two bits of the fractional
1.40 + * parts of the cube roots of the first sixtyfour prime numbers.
1.41 + *
1.42 + * FIPS 180-2 Section 4.2.2
1.43 + */
1.44 +const TUint K[64] =
1.45 + {
1.46 + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
1.47 + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
1.48 + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
1.49 + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
1.50 + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
1.51 + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
1.52 + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
1.53 + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
1.54 + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
1.55 + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
1.56 + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
1.57 + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
1.58 + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
1.59 + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
1.60 + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
1.61 + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
1.62 + };
1.63 +
1.64 +/**
1.65 + * Define the SHA SIGMA and sigma macros
1.66 + *
1.67 + * FIPS 180-2 section 4.1.2
1.68 + */
1.69 +// Equation 4.4
1.70 +inline TUint SHA256_SIGMA0(TUint aWord)
1.71 + {
1.72 + return (SHA_ROTR<TUint>( 2,aWord) ^ SHA_ROTR<TUint>(13,aWord) ^ SHA_ROTR<TUint>(22,aWord));
1.73 + }
1.74 +// Equation 4.5
1.75 +inline TUint SHA256_SIGMA1(TUint aWord)
1.76 + {
1.77 + return (SHA_ROTR<TUint>( 6,aWord) ^ SHA_ROTR<TUint>(11,aWord) ^ SHA_ROTR<TUint>(25,aWord));
1.78 + }
1.79 +// Equation 4.6
1.80 +inline TUint SHA256_sigma0(TUint aWord)
1.81 + {
1.82 + return (SHA_ROTR<TUint>( 7,aWord) ^ SHA_ROTR<TUint>(18,aWord) ^ SHA_SHR<TUint>( 3,aWord));
1.83 + }
1.84 +// Equation 4.7
1.85 +inline TUint SHA256_sigma1(TUint aWord)
1.86 + {
1.87 + return (SHA_ROTR<TUint>(17,aWord) ^ SHA_ROTR<TUint>(19,aWord) ^ SHA_SHR<TUint>(10,aWord));
1.88 + }
1.89 +
1.90 +
1.91 +// Macros
1.92 +inline TUint MakeWord(const TUint8* aData)
1.93 + {
1.94 + return (aData[0] << 24 | aData[1] << 16 | aData[2] << 8 | aData[3]);
1.95 + }
1.96 +
1.97 +
1.98 +CSHA224And256Impl* CSHA224And256Impl::NewL()
1.99 + {
1.100 + CSHA224And256Impl* self=new (ELeave) CSHA224And256Impl();
1.101 + return self;
1.102 + }
1.103 +
1.104 +CSHA224And256Impl::CSHA224And256Impl() : iHash(KSHA256HashSize)
1.105 + {
1.106 + }
1.107 +
1.108 +CSHA224And256Impl::CSHA224And256Impl(const CSHA224And256Impl& aSHA256Impl)
1.109 + : iHash(aSHA256Impl.iHash),
1.110 + iA(aSHA256Impl.iA),
1.111 + iB(aSHA256Impl.iB),
1.112 + iC(aSHA256Impl.iC),
1.113 + iD(aSHA256Impl.iD),
1.114 + iE(aSHA256Impl.iE),
1.115 + iF(aSHA256Impl.iF),
1.116 + iG(aSHA256Impl.iG),
1.117 + iH(aSHA256Impl.iH),
1.118 + iNl(aSHA256Impl.iNl),
1.119 + iNh(aSHA256Impl.iNh)
1.120 + {
1.121 + Mem::Copy(iData, aSHA256Impl.iData, KSHA256BlockSize*sizeof(TUint));
1.122 + }
1.123 +
1.124 +void CSHA224And256Impl::Reset(const TAny* aValArray)
1.125 + {
1.126 + const TUint* values = static_cast<const TUint*>(aValArray);
1.127 + /**
1.128 + * Initial Hash Value
1.129 + *
1.130 + * These words were obtained by taking the first thirty-two bits
1.131 + * of the fractional parts of the square roots of the first eight
1.132 + * prime numbers.
1.133 + *
1.134 + * FIPS 180-2 Section 5.3.2
1.135 + */
1.136 + iA=values[0];
1.137 + iB=values[1];
1.138 + iC=values[2];
1.139 + iD=values[3];
1.140 + iE=values[4];
1.141 + iF=values[5];
1.142 + iG=values[6];
1.143 + iH=values[7];
1.144 + iNh=0;
1.145 + iNl=0;
1.146 + }
1.147 +
1.148 +// This assumes a big-endian architecture
1.149 +void CSHA224And256Impl::Update(const TUint8* aData,TUint aLength)
1.150 + {
1.151 + while((aLength / 4) > 0 && (iNl % 4 == 0))
1.152 + {
1.153 + iData[iNl>>2] = MakeWord(aData);
1.154 + iNl+=4;
1.155 + aData+=4;
1.156 + aLength-=4;
1.157 + if(iNl==KSHA256BlockSize)
1.158 + {
1.159 + Block();
1.160 + AddLength(KSHA256BlockSize);
1.161 + }
1.162 + }
1.163 +
1.164 + while(aLength--)
1.165 + {
1.166 + if(!(iNl&0x03))
1.167 + {
1.168 + iData[iNl >> 2] = 0;
1.169 + }
1.170 + iData[iNl >> 2] |= *aData << ((3 - iNl&0x03) << 3) ;
1.171 + ++aData;
1.172 + ++iNl;
1.173 + if(iNl==KSHA256BlockSize)
1.174 + {
1.175 + Block();
1.176 + AddLength(KSHA256BlockSize);
1.177 + }
1.178 + }
1.179 + }
1.180 +
1.181 +//This function will panic if the total input length is longer than 2^64 in bits
1.182 +_LIT(KPanicString, "Message length exceeds supported length");
1.183 +inline void CSHA224And256Impl::AddLength(const TUint aLength)
1.184 + {
1.185 + TUint64 temp = iNh;
1.186 + iNh += aLength << 3;
1.187 + __ASSERT_ALWAYS((temp <= iNh), User::Panic(KPanicString, KErrOverflow));
1.188 + }
1.189 +
1.190 +
1.191 +static inline void CSHA256_16( const TUint aA,
1.192 + const TUint aB,
1.193 + const TUint aC,
1.194 + TUint& aD,
1.195 + const TUint aE,
1.196 + const TUint aF,
1.197 + const TUint aG,
1.198 + TUint& aH,
1.199 + TUint aTemp1,
1.200 + TUint aTemp2,
1.201 + const TUint aK,
1.202 + const TUint aWord)
1.203 + {
1.204 + aTemp1 = aH + SHA256_SIGMA1(aE) + SHA_Ch(aE,aF,aG) + aK + aWord;
1.205 + aTemp2 = SHA256_SIGMA0(aA) + SHA_Maj(aA,aB,aC);
1.206 + aD = aD + aTemp1;
1.207 + aH = aTemp1 + aTemp2;
1.208 + }
1.209 +
1.210 +static inline void CSHA256_48( const TUint aA,
1.211 + const TUint aB,
1.212 + const TUint aC,
1.213 + TUint& aD,
1.214 + const TUint aE,
1.215 + const TUint aF,
1.216 + const TUint aG,
1.217 + TUint& aH,
1.218 + TUint aTemp1,
1.219 + TUint aTemp2,
1.220 + const TUint aK,
1.221 + TUint& aWord0,
1.222 + const TUint aWord2,
1.223 + const TUint aWord7,
1.224 + const TUint aWord15,
1.225 + const TUint aWord16)
1.226 + {
1.227 + aWord0 = SHA256_sigma1(aWord2) + aWord7 + SHA256_sigma0(aWord15) + aWord16;
1.228 + CSHA256_16(aA, aB, aC, aD, aE, aF, aG, aH, aTemp1, aTemp2, aK, aWord0);
1.229 + }
1.230 +
1.231 +/**
1.232 + * This function actually calculates the hash.
1.233 + * Function is defined in FIPS 180-2 section 6.2.2
1.234 + *
1.235 + * This function is the expanded version of the following loop.
1.236 + * for(TUint i = 0; i < 64; ++i)
1.237 + * {
1.238 + * if(i >= 16)
1.239 + * {
1.240 + * iData[i] = SHA256_sigma1(iData[i-2]) + iData[i-7] + SHA256_sigma0(iData[i-15]) + iData[i-16];
1.241 + * }
1.242 + *
1.243 + * temp1 = tempH + SHA256_SIGMA1(tempE) + SHA_Ch(tempE,tempF,tempG) + K[i] + iData[i];
1.244 + * temp2 = SHA256_SIGMA0(tempA) + SHA_Maj(tempA,tempB,tempC);
1.245 + * tempH = tempG;
1.246 + * tempG = tempF;
1.247 + * tempF = tempE;
1.248 + * tempE = tempD + temp1;
1.249 + * tempD = tempC;
1.250 + * tempC = tempB;
1.251 + * tempB = tempA;
1.252 + * tempA = temp1 + temp2;
1.253 + * }
1.254 + */
1.255 +void CSHA224And256Impl::Block()
1.256 + {
1.257 + TUint tempA=iA;
1.258 + TUint tempB=iB;
1.259 + TUint tempC=iC;
1.260 + TUint tempD=iD;
1.261 + TUint tempE=iE;
1.262 + TUint tempF=iF;
1.263 + TUint tempG=iG;
1.264 + TUint tempH=iH;
1.265 + TUint temp1=0;
1.266 + TUint temp2=0;
1.267 +
1.268 + CSHA256_16(tempA,tempB,tempC,tempD,tempE,tempF,tempG,tempH,temp1,temp2,K[0],iData[0]);
1.269 + CSHA256_16(tempH,tempA,tempB,tempC,tempD,tempE,tempF,tempG,temp1,temp2,K[1],iData[1]);
1.270 + CSHA256_16(tempG,tempH,tempA,tempB,tempC,tempD,tempE,tempF,temp1,temp2,K[2],iData[2]);
1.271 + CSHA256_16(tempF,tempG,tempH,tempA,tempB,tempC,tempD,tempE,temp1,temp2,K[3],iData[3]);
1.272 + CSHA256_16(tempE,tempF,tempG,tempH,tempA,tempB,tempC,tempD,temp1,temp2,K[4],iData[4]);
1.273 + CSHA256_16(tempD,tempE,tempF,tempG,tempH,tempA,tempB,tempC,temp1,temp2,K[5],iData[5]);
1.274 + CSHA256_16(tempC,tempD,tempE,tempF,tempG,tempH,tempA,tempB,temp1,temp2,K[6],iData[6]);
1.275 + CSHA256_16(tempB,tempC,tempD,tempE,tempF,tempG,tempH,tempA,temp1,temp2,K[7],iData[7]);
1.276 +
1.277 + CSHA256_16(tempA,tempB,tempC,tempD,tempE,tempF,tempG,tempH,temp1,temp2,K[8],iData[8]);
1.278 + CSHA256_16(tempH,tempA,tempB,tempC,tempD,tempE,tempF,tempG,temp1,temp2,K[9],iData[9]);
1.279 + CSHA256_16(tempG,tempH,tempA,tempB,tempC,tempD,tempE,tempF,temp1,temp2,K[10],iData[10]);
1.280 + CSHA256_16(tempF,tempG,tempH,tempA,tempB,tempC,tempD,tempE,temp1,temp2,K[11],iData[11]);
1.281 + CSHA256_16(tempE,tempF,tempG,tempH,tempA,tempB,tempC,tempD,temp1,temp2,K[12],iData[12]);
1.282 + CSHA256_16(tempD,tempE,tempF,tempG,tempH,tempA,tempB,tempC,temp1,temp2,K[13],iData[13]);
1.283 + CSHA256_16(tempC,tempD,tempE,tempF,tempG,tempH,tempA,tempB,temp1,temp2,K[14],iData[14]);
1.284 + CSHA256_16(tempB,tempC,tempD,tempE,tempF,tempG,tempH,tempA,temp1,temp2,K[15],iData[15]);
1.285 +
1.286 + CSHA256_48( tempA, tempB, tempC, tempD, tempE, tempF, tempG, tempH, temp1, temp2,
1.287 + K[16], iData[16], iData[14], iData[9], iData[1], iData[0]);
1.288 + CSHA256_48( tempH, tempA, tempB, tempC, tempD, tempE, tempF, tempG, temp1, temp2,
1.289 + K[17], iData[17], iData[15], iData[10], iData[2], iData[1]);
1.290 + CSHA256_48( tempG, tempH, tempA, tempB, tempC, tempD, tempE, tempF, temp1, temp2,
1.291 + K[18], iData[18], iData[16], iData[11], iData[3], iData[2]);
1.292 + CSHA256_48( tempF, tempG, tempH, tempA, tempB, tempC, tempD, tempE, temp1, temp2,
1.293 + K[19], iData[19], iData[17], iData[12], iData[4], iData[3]);
1.294 + CSHA256_48( tempE, tempF, tempG, tempH, tempA, tempB, tempC, tempD, temp1, temp2,
1.295 + K[20], iData[20], iData[18], iData[13], iData[5], iData[4]);
1.296 + CSHA256_48( tempD, tempE, tempF, tempG, tempH, tempA, tempB, tempC, temp1, temp2,
1.297 + K[21], iData[21], iData[19], iData[14], iData[6], iData[5]);
1.298 + CSHA256_48( tempC, tempD, tempE, tempF, tempG, tempH, tempA, tempB, temp1, temp2,
1.299 + K[22], iData[22], iData[20], iData[15], iData[7], iData[6]);
1.300 + CSHA256_48( tempB, tempC, tempD, tempE, tempF, tempG, tempH, tempA, temp1, temp2,
1.301 + K[23], iData[23], iData[21], iData[16], iData[8], iData[7]);
1.302 +
1.303 + CSHA256_48( tempA, tempB, tempC, tempD, tempE, tempF, tempG, tempH, temp1, temp2,
1.304 + K[24], iData[24], iData[22], iData[17], iData[9], iData[8]);
1.305 + CSHA256_48( tempH, tempA, tempB, tempC, tempD, tempE, tempF, tempG, temp1, temp2,
1.306 + K[25], iData[25], iData[23], iData[18], iData[10], iData[9]);
1.307 + CSHA256_48( tempG, tempH, tempA, tempB, tempC, tempD, tempE, tempF, temp1, temp2,
1.308 + K[26], iData[26], iData[24], iData[19], iData[11], iData[10]);
1.309 + CSHA256_48( tempF, tempG, tempH, tempA, tempB, tempC, tempD, tempE, temp1, temp2,
1.310 + K[27], iData[27], iData[25], iData[20], iData[12], iData[11]);
1.311 + CSHA256_48( tempE, tempF, tempG, tempH, tempA, tempB, tempC, tempD, temp1, temp2,
1.312 + K[28], iData[28], iData[26], iData[21], iData[13], iData[12]);
1.313 + CSHA256_48( tempD, tempE, tempF, tempG, tempH, tempA, tempB, tempC, temp1, temp2,
1.314 + K[29], iData[29], iData[27], iData[22], iData[14], iData[13]);
1.315 + CSHA256_48( tempC, tempD, tempE, tempF, tempG, tempH, tempA, tempB, temp1, temp2,
1.316 + K[30], iData[30], iData[28], iData[23], iData[15], iData[14]);
1.317 + CSHA256_48( tempB, tempC, tempD, tempE, tempF, tempG, tempH, tempA, temp1, temp2,
1.318 + K[31], iData[31], iData[29], iData[24], iData[16], iData[15]);
1.319 +
1.320 + CSHA256_48( tempA, tempB, tempC, tempD, tempE, tempF, tempG, tempH, temp1, temp2,
1.321 + K[32], iData[32], iData[30], iData[25], iData[17], iData[16]);
1.322 + CSHA256_48( tempH, tempA, tempB, tempC, tempD, tempE, tempF, tempG, temp1, temp2,
1.323 + K[33], iData[33], iData[31], iData[26], iData[18], iData[17]);
1.324 + CSHA256_48( tempG, tempH, tempA, tempB, tempC, tempD, tempE, tempF, temp1, temp2,
1.325 + K[34], iData[34], iData[32], iData[27], iData[19], iData[18]);
1.326 + CSHA256_48( tempF, tempG, tempH, tempA, tempB, tempC, tempD, tempE, temp1, temp2,
1.327 + K[35], iData[35], iData[33], iData[28], iData[20], iData[19]);
1.328 + CSHA256_48( tempE, tempF, tempG, tempH, tempA, tempB, tempC, tempD, temp1, temp2,
1.329 + K[36], iData[36], iData[34], iData[29], iData[21], iData[20]);
1.330 + CSHA256_48( tempD, tempE, tempF, tempG, tempH, tempA, tempB, tempC, temp1, temp2,
1.331 + K[37], iData[37], iData[35], iData[30], iData[22], iData[21]);
1.332 + CSHA256_48( tempC, tempD, tempE, tempF, tempG, tempH, tempA, tempB, temp1, temp2,
1.333 + K[38], iData[38], iData[36], iData[31], iData[23], iData[22]);
1.334 + CSHA256_48( tempB, tempC, tempD, tempE, tempF, tempG, tempH, tempA, temp1, temp2,
1.335 + K[39], iData[39], iData[37], iData[32], iData[24], iData[23]);
1.336 +
1.337 + CSHA256_48( tempA, tempB, tempC, tempD, tempE, tempF, tempG, tempH, temp1, temp2,
1.338 + K[40], iData[40], iData[38], iData[33], iData[25], iData[24]);
1.339 + CSHA256_48( tempH, tempA, tempB, tempC, tempD, tempE, tempF, tempG, temp1, temp2,
1.340 + K[41], iData[41], iData[39], iData[34], iData[26], iData[25]);
1.341 + CSHA256_48( tempG, tempH, tempA, tempB, tempC, tempD, tempE, tempF, temp1, temp2,
1.342 + K[42], iData[42], iData[40], iData[35], iData[27], iData[26]);
1.343 + CSHA256_48( tempF, tempG, tempH, tempA, tempB, tempC, tempD, tempE, temp1, temp2,
1.344 + K[43], iData[43], iData[41], iData[36], iData[28], iData[27]);
1.345 + CSHA256_48( tempE, tempF, tempG, tempH, tempA, tempB, tempC, tempD, temp1, temp2,
1.346 + K[44], iData[44], iData[42], iData[37], iData[29], iData[28]);
1.347 + CSHA256_48( tempD, tempE, tempF, tempG, tempH, tempA, tempB, tempC, temp1, temp2,
1.348 + K[45], iData[45], iData[43], iData[38], iData[30], iData[29]);
1.349 + CSHA256_48( tempC, tempD, tempE, tempF, tempG, tempH, tempA, tempB, temp1, temp2,
1.350 + K[46], iData[46], iData[44], iData[39], iData[31], iData[30]);
1.351 + CSHA256_48( tempB, tempC, tempD, tempE, tempF, tempG, tempH, tempA, temp1, temp2,
1.352 + K[47], iData[47], iData[45], iData[40], iData[32], iData[31]);
1.353 +
1.354 + CSHA256_48( tempA, tempB, tempC, tempD, tempE, tempF, tempG, tempH, temp1, temp2,
1.355 + K[48], iData[48], iData[46], iData[41], iData[33], iData[32]);
1.356 + CSHA256_48( tempH, tempA, tempB, tempC, tempD, tempE, tempF, tempG, temp1, temp2,
1.357 + K[49], iData[49], iData[47], iData[42], iData[34], iData[33]);
1.358 + CSHA256_48( tempG, tempH, tempA, tempB, tempC, tempD, tempE, tempF, temp1, temp2,
1.359 + K[50], iData[50], iData[48], iData[43], iData[35], iData[34]);
1.360 + CSHA256_48( tempF, tempG, tempH, tempA, tempB, tempC, tempD, tempE, temp1, temp2,
1.361 + K[51], iData[51], iData[49], iData[44], iData[36], iData[35]);
1.362 + CSHA256_48( tempE, tempF, tempG, tempH, tempA, tempB, tempC, tempD, temp1, temp2,
1.363 + K[52], iData[52], iData[50], iData[45], iData[37], iData[36]);
1.364 + CSHA256_48( tempD, tempE, tempF, tempG, tempH, tempA, tempB, tempC, temp1, temp2,
1.365 + K[53], iData[53], iData[51], iData[46], iData[38], iData[37]);
1.366 + CSHA256_48( tempC, tempD, tempE, tempF, tempG, tempH, tempA, tempB, temp1, temp2,
1.367 + K[54], iData[54], iData[52], iData[47], iData[39], iData[38]);
1.368 + CSHA256_48( tempB, tempC, tempD, tempE, tempF, tempG, tempH, tempA, temp1, temp2,
1.369 + K[55], iData[55], iData[53], iData[48], iData[40], iData[39]);
1.370 +
1.371 + CSHA256_48( tempA, tempB, tempC, tempD, tempE, tempF, tempG, tempH, temp1, temp2,
1.372 + K[56], iData[56], iData[54], iData[49], iData[41], iData[40]);
1.373 + CSHA256_48( tempH, tempA, tempB, tempC, tempD, tempE, tempF, tempG, temp1, temp2,
1.374 + K[57], iData[57], iData[55], iData[50], iData[42], iData[41]);
1.375 + CSHA256_48( tempG, tempH, tempA, tempB, tempC, tempD, tempE, tempF, temp1, temp2,
1.376 + K[58], iData[58], iData[56], iData[51], iData[43], iData[42]);
1.377 + CSHA256_48( tempF, tempG, tempH, tempA, tempB, tempC, tempD, tempE, temp1, temp2,
1.378 + K[59], iData[59], iData[57], iData[52], iData[44], iData[43]);
1.379 + CSHA256_48( tempE, tempF, tempG, tempH, tempA, tempB, tempC, tempD, temp1, temp2,
1.380 + K[60], iData[60], iData[58], iData[53], iData[45], iData[44]);
1.381 + CSHA256_48( tempD, tempE, tempF, tempG, tempH, tempA, tempB, tempC, temp1, temp2,
1.382 + K[61], iData[61], iData[59], iData[54], iData[46], iData[45]);
1.383 + CSHA256_48( tempC, tempD, tempE, tempF, tempG, tempH, tempA, tempB, temp1, temp2,
1.384 + K[62], iData[62], iData[60], iData[55], iData[47], iData[46]);
1.385 + CSHA256_48( tempB, tempC, tempD, tempE, tempF, tempG, tempH, tempA, temp1, temp2,
1.386 + K[63], iData[63], iData[61], iData[56], iData[48], iData[47]);
1.387 +
1.388 + iA+=tempA;
1.389 + iB+=tempB;
1.390 + iC+=tempC;
1.391 + iD+=tempD;
1.392 + iE+=tempE;
1.393 + iF+=tempF;
1.394 + iG+=tempG;
1.395 + iH+=tempH;
1.396 +
1.397 + iNl=0;
1.398 + }
1.399 +
1.400 +/**
1.401 + * According to the standard, the message must be padded to an
1.402 + * even 512 bits. The first padding bit must be a '1'. The last
1.403 + * 64 bits represent the length of the original message. All bits
1.404 + * in between should be 0. This helper function will pad the
1.405 + * message according to those rules by filling the iData array
1.406 + * accordingly.
1.407 + */
1.408 +void CSHA224And256Impl::PadMessage()
1.409 + {
1.410 + const TUint padByte = 0x80;
1.411 +
1.412 + if(!(iNl&0x03))
1.413 + {
1.414 + iData[iNl >> 2] = 0;
1.415 + }
1.416 + iData[iNl >> 2] |= padByte << ((3 - iNl&0x03) << 3) ;
1.417 +
1.418 + if (iNl >= (KSHA256BlockSize - 2*sizeof(TUint)))
1.419 + {
1.420 + if (iNl < (KSHA256BlockSize - sizeof(TUint)))
1.421 + iData[(KSHA256BlockSize >> 2) - 1]=0;
1.422 + Block();
1.423 + Mem::FillZ(iData, KSHA256BlockSize);
1.424 + }
1.425 + else
1.426 + {
1.427 + const TUint offset=(iNl+4)>>2; //+4 to account for the word added in the
1.428 + //switch statement above
1.429 + Mem::FillZ(iData+offset,(KSHA256BlockSize - offset*sizeof(TUint)));
1.430 + }
1.431 +
1.432 + //Length in bits
1.433 + TUint64 msgLength = iNh;
1.434 +
1.435 + iData[(KSHA256BlockSize >> 2) - 2] = (msgLength) >> 32;
1.436 + iData[(KSHA256BlockSize >> 2) - 1] = (msgLength & 0xFFFFFFFF);
1.437 + }
1.438 +
1.439 +inline void CSHA224And256Impl::CopyWordToHash(TUint aVal, TUint aIndex)
1.440 + {
1.441 + TUint value = MakeWord(reinterpret_cast<TUint8*>(&aVal));
1.442 + Mem::Copy(const_cast<TUint8*>(iHash.Ptr())+ (4*aIndex), &value, sizeof(aVal));
1.443 + }
1.444 +
1.445 +const TDes8& CSHA224And256Impl::Final()
1.446 + {
1.447 + AddLength(iNl);
1.448 + PadMessage();
1.449 + Block();
1.450 + //
1.451 + // Generate hash value into iHash
1.452 + //
1.453 + CopyWordToHash(iA, 0);
1.454 + CopyWordToHash(iB, 1);
1.455 + CopyWordToHash(iC, 2);
1.456 + CopyWordToHash(iD, 3);
1.457 + CopyWordToHash(iE, 4);
1.458 + CopyWordToHash(iF, 5);
1.459 + CopyWordToHash(iG, 6);
1.460 + CopyWordToHash(iH, 7);
1.461 +
1.462 + return iHash;
1.463 + }
1.464 +
1.465 +void CSHA224And256Impl::RestoreState()
1.466 + {
1.467 + iA = iACopy;
1.468 + iB = iBCopy;
1.469 + iC = iCCopy;
1.470 + iD = iDCopy;
1.471 + iE = iECopy;
1.472 + iF = iFCopy;
1.473 + iG = iGCopy;
1.474 + iH = iHCopy;
1.475 + iNl = iNlCopy;
1.476 + iNh = iNhCopy;
1.477 + Mem::Copy(iData, iDataCopy, KSHA256BlockSize*sizeof(TUint));
1.478 + }
1.479 +
1.480 +void CSHA224And256Impl::StoreState()
1.481 + {
1.482 + iACopy = iA;
1.483 + iBCopy = iB;
1.484 + iCCopy = iC;
1.485 + iDCopy = iD;
1.486 + iECopy = iE;
1.487 + iFCopy = iF;
1.488 + iGCopy = iG;
1.489 + iHCopy = iH;
1.490 + iNlCopy = iNl;
1.491 + iNhCopy = iNh;
1.492 + Mem::Copy(iDataCopy, iData, KSHA256BlockSize*sizeof(TUint));
1.493 + }
1.494 +
1.495 +// Implemented in hmacimpl.cpp or softwarehashbase.cpp
1.496 +// but required as derived from MHash. No coverage here.
1.497 +#ifdef _BullseyeCoverage
1.498 +#pragma suppress_warnings on
1.499 +#pragma BullseyeCoverage off
1.500 +#pragma suppress_warnings off
1.501 +#endif
1.502 +