Commit | Line | Data |
---|---|---|
b4a26b17 IJ |
1 | /* sha512.c - Functions to compute SHA512 and SHA384 message digest of files or |
2 | memory blocks according to the NIST specification FIPS-180-2. | |
3 | ||
4 | Copyright (C) 2005, 2006, 2008, 2009, 2010 Free Software Foundation, Inc. | |
5 | ||
6 | This program is free software: you can redistribute it and/or modify | |
7 | it under the terms of the GNU General Public License as published by | |
8 | the Free Software Foundation, either version 3 of the License, or | |
9 | (at your option) any later version. | |
10 | ||
11 | This program is distributed in the hope that it will be useful, | |
12 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | GNU General Public License for more details. | |
15 | ||
16 | You should have received a copy of the GNU General Public License | |
17 | along with this program. If not, see <http://www.gnu.org/licenses/>. */ | |
18 | ||
19 | /* Written by David Madore, considerably copypasting from | |
20 | Scott G. Miller's sha1.c | |
21 | */ | |
22 | ||
23 | #include <config.h> | |
24 | ||
757aecff MW |
25 | #include "secnet.h" |
26 | ||
b4a26b17 IJ |
27 | #include "sha512.h" |
28 | ||
29 | #include <stddef.h> | |
30 | #include <stdlib.h> | |
31 | #include <string.h> | |
32 | ||
33 | #if USE_UNLOCKED_IO | |
34 | # include "unlocked-io.h" | |
35 | #endif | |
36 | ||
37 | #ifdef WORDS_BIGENDIAN | |
38 | # define SWAP(n) (n) | |
39 | #else | |
40 | # define SWAP(n) \ | |
41 | u64or (u64or (u64or (u64shl (n, 56), \ | |
42 | u64shl (u64and (n, u64lo (0x0000ff00)), 40)), \ | |
43 | u64or (u64shl (u64and (n, u64lo (0x00ff0000)), 24), \ | |
44 | u64shl (u64and (n, u64lo (0xff000000)), 8))), \ | |
45 | u64or (u64or (u64and (u64shr (n, 8), u64lo (0xff000000)), \ | |
46 | u64and (u64shr (n, 24), u64lo (0x00ff0000))), \ | |
47 | u64or (u64and (u64shr (n, 40), u64lo (0x0000ff00)), \ | |
48 | u64shr (n, 56)))) | |
49 | #endif | |
50 | ||
51 | #define BLOCKSIZE 32768 | |
52 | #if BLOCKSIZE % 128 != 0 | |
53 | # error "invalid BLOCKSIZE" | |
54 | #endif | |
55 | ||
56 | /* This array contains the bytes used to pad the buffer to the next | |
57 | 128-byte boundary. */ | |
58 | static const unsigned char fillbuf[128] = { 0x80, 0 /* , 0, 0, ... */ }; | |
59 | ||
60 | ||
61 | /* | |
62 | Takes a pointer to a 512 bit block of data (eight 64 bit ints) and | |
63 | intializes it to the start constants of the SHA512 algorithm. This | |
64 | must be called before using hash in the call to sha512_hash | |
65 | */ | |
66 | void | |
67 | sha512_init_ctx (struct sha512_ctx *ctx) | |
68 | { | |
69 | ctx->state[0] = u64hilo (0x6a09e667, 0xf3bcc908); | |
70 | ctx->state[1] = u64hilo (0xbb67ae85, 0x84caa73b); | |
71 | ctx->state[2] = u64hilo (0x3c6ef372, 0xfe94f82b); | |
72 | ctx->state[3] = u64hilo (0xa54ff53a, 0x5f1d36f1); | |
73 | ctx->state[4] = u64hilo (0x510e527f, 0xade682d1); | |
74 | ctx->state[5] = u64hilo (0x9b05688c, 0x2b3e6c1f); | |
75 | ctx->state[6] = u64hilo (0x1f83d9ab, 0xfb41bd6b); | |
76 | ctx->state[7] = u64hilo (0x5be0cd19, 0x137e2179); | |
77 | ||
78 | ctx->total[0] = ctx->total[1] = u64lo (0); | |
79 | ctx->buflen = 0; | |
80 | } | |
81 | ||
82 | void | |
83 | sha384_init_ctx (struct sha512_ctx *ctx) | |
84 | { | |
85 | ctx->state[0] = u64hilo (0xcbbb9d5d, 0xc1059ed8); | |
86 | ctx->state[1] = u64hilo (0x629a292a, 0x367cd507); | |
87 | ctx->state[2] = u64hilo (0x9159015a, 0x3070dd17); | |
88 | ctx->state[3] = u64hilo (0x152fecd8, 0xf70e5939); | |
89 | ctx->state[4] = u64hilo (0x67332667, 0xffc00b31); | |
90 | ctx->state[5] = u64hilo (0x8eb44a87, 0x68581511); | |
91 | ctx->state[6] = u64hilo (0xdb0c2e0d, 0x64f98fa7); | |
92 | ctx->state[7] = u64hilo (0x47b5481d, 0xbefa4fa4); | |
93 | ||
94 | ctx->total[0] = ctx->total[1] = u64lo (0); | |
95 | ctx->buflen = 0; | |
96 | } | |
97 | ||
98 | /* Copy the value from V into the memory location pointed to by *CP, | |
99 | If your architecture allows unaligned access, this is equivalent to | |
100 | * (__typeof__ (v) *) cp = v */ | |
101 | static inline void | |
102 | set_uint64 (char *cp, u64 v) | |
103 | { | |
104 | memcpy (cp, &v, sizeof v); | |
105 | } | |
106 | ||
107 | /* Put result from CTX in first 64 bytes following RESBUF. | |
108 | The result must be in little endian byte order. */ | |
109 | void * | |
110 | sha512_read_ctx (const struct sha512_ctx *ctx, void *resbuf) | |
111 | { | |
112 | int i; | |
113 | char *r = resbuf; | |
114 | ||
115 | for (i = 0; i < 8; i++) | |
116 | set_uint64 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i])); | |
117 | ||
118 | return resbuf; | |
119 | } | |
120 | ||
121 | void * | |
122 | sha384_read_ctx (const struct sha512_ctx *ctx, void *resbuf) | |
123 | { | |
124 | int i; | |
125 | char *r = resbuf; | |
126 | ||
127 | for (i = 0; i < 6; i++) | |
128 | set_uint64 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i])); | |
129 | ||
130 | return resbuf; | |
131 | } | |
132 | ||
133 | /* Process the remaining bytes in the internal buffer and the usual | |
134 | prolog according to the standard and write the result to RESBUF. */ | |
135 | static void | |
136 | sha512_conclude_ctx (struct sha512_ctx *ctx) | |
137 | { | |
138 | /* Take yet unprocessed bytes into account. */ | |
139 | size_t bytes = ctx->buflen; | |
140 | size_t size = (bytes < 112) ? 128 / 8 : 128 * 2 / 8; | |
141 | ||
142 | /* Now count remaining bytes. */ | |
143 | ctx->total[0] = u64plus (ctx->total[0], u64lo (bytes)); | |
144 | if (u64lt (ctx->total[0], u64lo (bytes))) | |
145 | ctx->total[1] = u64plus (ctx->total[1], u64lo (1)); | |
146 | ||
147 | /* Put the 128-bit file length in *bits* at the end of the buffer. | |
148 | Use set_uint64 rather than a simple assignment, to avoid risk of | |
149 | unaligned access. */ | |
150 | set_uint64 ((char *) &ctx->buffer[size - 2], | |
151 | SWAP (u64or (u64shl (ctx->total[1], 3), | |
152 | u64shr (ctx->total[0], 61)))); | |
153 | set_uint64 ((char *) &ctx->buffer[size - 1], | |
154 | SWAP (u64shl (ctx->total[0], 3))); | |
155 | ||
156 | memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 8 - bytes); | |
157 | ||
158 | /* Process last bytes. */ | |
159 | sha512_process_block (ctx->buffer, size * 8, ctx); | |
160 | } | |
161 | ||
162 | void * | |
163 | sha512_finish_ctx (struct sha512_ctx *ctx, void *resbuf) | |
164 | { | |
165 | sha512_conclude_ctx (ctx); | |
166 | return sha512_read_ctx (ctx, resbuf); | |
167 | } | |
168 | ||
169 | void * | |
170 | sha384_finish_ctx (struct sha512_ctx *ctx, void *resbuf) | |
171 | { | |
172 | sha512_conclude_ctx (ctx); | |
173 | return sha384_read_ctx (ctx, resbuf); | |
174 | } | |
175 | ||
b4a26b17 IJ |
176 | void |
177 | sha512_process_bytes (const void *buffer, size_t len, struct sha512_ctx *ctx) | |
178 | { | |
179 | /* When we already have some bits in our internal buffer concatenate | |
180 | both inputs first. */ | |
181 | if (ctx->buflen != 0) | |
182 | { | |
183 | size_t left_over = ctx->buflen; | |
184 | size_t add = 256 - left_over > len ? len : 256 - left_over; | |
185 | ||
186 | memcpy (&((char *) ctx->buffer)[left_over], buffer, add); | |
187 | ctx->buflen += add; | |
188 | ||
189 | if (ctx->buflen > 128) | |
190 | { | |
191 | sha512_process_block (ctx->buffer, ctx->buflen & ~127, ctx); | |
192 | ||
193 | ctx->buflen &= 127; | |
194 | /* The regions in the following copy operation cannot overlap. */ | |
195 | memcpy (ctx->buffer, | |
196 | &((char *) ctx->buffer)[(left_over + add) & ~127], | |
197 | ctx->buflen); | |
198 | } | |
199 | ||
200 | buffer = (const char *) buffer + add; | |
201 | len -= add; | |
202 | } | |
203 | ||
204 | /* Process available complete blocks. */ | |
205 | if (len >= 128) | |
206 | { | |
207 | #if !_STRING_ARCH_unaligned | |
208 | # define alignof(type) offsetof (struct { char c; type x; }, x) | |
209 | # define UNALIGNED_P(p) (((size_t) p) % alignof (u64) != 0) | |
210 | if (UNALIGNED_P (buffer)) | |
211 | while (len > 128) | |
212 | { | |
213 | sha512_process_block (memcpy (ctx->buffer, buffer, 128), 128, ctx); | |
214 | buffer = (const char *) buffer + 128; | |
215 | len -= 128; | |
216 | } | |
217 | else | |
218 | #endif | |
219 | { | |
220 | sha512_process_block (buffer, len & ~127, ctx); | |
221 | buffer = (const char *) buffer + (len & ~127); | |
222 | len &= 127; | |
223 | } | |
224 | } | |
225 | ||
226 | /* Move remaining bytes in internal buffer. */ | |
227 | if (len > 0) | |
228 | { | |
229 | size_t left_over = ctx->buflen; | |
230 | ||
231 | memcpy (&((char *) ctx->buffer)[left_over], buffer, len); | |
232 | left_over += len; | |
233 | if (left_over >= 128) | |
234 | { | |
235 | sha512_process_block (ctx->buffer, 128, ctx); | |
236 | left_over -= 128; | |
237 | memcpy (ctx->buffer, &ctx->buffer[16], left_over); | |
238 | } | |
239 | ctx->buflen = left_over; | |
240 | } | |
241 | } | |
242 | ||
243 | /* --- Code below is the primary difference between sha1.c and sha512.c --- */ | |
244 | ||
245 | /* SHA512 round constants */ | |
246 | #define K(I) sha512_round_constants[I] | |
247 | static u64 const sha512_round_constants[80] = { | |
248 | u64init (0x428a2f98, 0xd728ae22), u64init (0x71374491, 0x23ef65cd), | |
249 | u64init (0xb5c0fbcf, 0xec4d3b2f), u64init (0xe9b5dba5, 0x8189dbbc), | |
250 | u64init (0x3956c25b, 0xf348b538), u64init (0x59f111f1, 0xb605d019), | |
251 | u64init (0x923f82a4, 0xaf194f9b), u64init (0xab1c5ed5, 0xda6d8118), | |
252 | u64init (0xd807aa98, 0xa3030242), u64init (0x12835b01, 0x45706fbe), | |
253 | u64init (0x243185be, 0x4ee4b28c), u64init (0x550c7dc3, 0xd5ffb4e2), | |
254 | u64init (0x72be5d74, 0xf27b896f), u64init (0x80deb1fe, 0x3b1696b1), | |
255 | u64init (0x9bdc06a7, 0x25c71235), u64init (0xc19bf174, 0xcf692694), | |
256 | u64init (0xe49b69c1, 0x9ef14ad2), u64init (0xefbe4786, 0x384f25e3), | |
257 | u64init (0x0fc19dc6, 0x8b8cd5b5), u64init (0x240ca1cc, 0x77ac9c65), | |
258 | u64init (0x2de92c6f, 0x592b0275), u64init (0x4a7484aa, 0x6ea6e483), | |
259 | u64init (0x5cb0a9dc, 0xbd41fbd4), u64init (0x76f988da, 0x831153b5), | |
260 | u64init (0x983e5152, 0xee66dfab), u64init (0xa831c66d, 0x2db43210), | |
261 | u64init (0xb00327c8, 0x98fb213f), u64init (0xbf597fc7, 0xbeef0ee4), | |
262 | u64init (0xc6e00bf3, 0x3da88fc2), u64init (0xd5a79147, 0x930aa725), | |
263 | u64init (0x06ca6351, 0xe003826f), u64init (0x14292967, 0x0a0e6e70), | |
264 | u64init (0x27b70a85, 0x46d22ffc), u64init (0x2e1b2138, 0x5c26c926), | |
265 | u64init (0x4d2c6dfc, 0x5ac42aed), u64init (0x53380d13, 0x9d95b3df), | |
266 | u64init (0x650a7354, 0x8baf63de), u64init (0x766a0abb, 0x3c77b2a8), | |
267 | u64init (0x81c2c92e, 0x47edaee6), u64init (0x92722c85, 0x1482353b), | |
268 | u64init (0xa2bfe8a1, 0x4cf10364), u64init (0xa81a664b, 0xbc423001), | |
269 | u64init (0xc24b8b70, 0xd0f89791), u64init (0xc76c51a3, 0x0654be30), | |
270 | u64init (0xd192e819, 0xd6ef5218), u64init (0xd6990624, 0x5565a910), | |
271 | u64init (0xf40e3585, 0x5771202a), u64init (0x106aa070, 0x32bbd1b8), | |
272 | u64init (0x19a4c116, 0xb8d2d0c8), u64init (0x1e376c08, 0x5141ab53), | |
273 | u64init (0x2748774c, 0xdf8eeb99), u64init (0x34b0bcb5, 0xe19b48a8), | |
274 | u64init (0x391c0cb3, 0xc5c95a63), u64init (0x4ed8aa4a, 0xe3418acb), | |
275 | u64init (0x5b9cca4f, 0x7763e373), u64init (0x682e6ff3, 0xd6b2b8a3), | |
276 | u64init (0x748f82ee, 0x5defb2fc), u64init (0x78a5636f, 0x43172f60), | |
277 | u64init (0x84c87814, 0xa1f0ab72), u64init (0x8cc70208, 0x1a6439ec), | |
278 | u64init (0x90befffa, 0x23631e28), u64init (0xa4506ceb, 0xde82bde9), | |
279 | u64init (0xbef9a3f7, 0xb2c67915), u64init (0xc67178f2, 0xe372532b), | |
280 | u64init (0xca273ece, 0xea26619c), u64init (0xd186b8c7, 0x21c0c207), | |
281 | u64init (0xeada7dd6, 0xcde0eb1e), u64init (0xf57d4f7f, 0xee6ed178), | |
282 | u64init (0x06f067aa, 0x72176fba), u64init (0x0a637dc5, 0xa2c898a6), | |
283 | u64init (0x113f9804, 0xbef90dae), u64init (0x1b710b35, 0x131c471b), | |
284 | u64init (0x28db77f5, 0x23047d84), u64init (0x32caab7b, 0x40c72493), | |
285 | u64init (0x3c9ebe0a, 0x15c9bebc), u64init (0x431d67c4, 0x9c100d4c), | |
286 | u64init (0x4cc5d4be, 0xcb3e42b6), u64init (0x597f299c, 0xfc657e2a), | |
287 | u64init (0x5fcb6fab, 0x3ad6faec), u64init (0x6c44198c, 0x4a475817), | |
288 | }; | |
289 | ||
290 | /* Round functions. */ | |
291 | #define F2(A, B, C) u64or (u64and (A, B), u64and (C, u64or (A, B))) | |
292 | #define F1(E, F, G) u64xor (G, u64and (E, u64xor (F, G))) | |
293 | ||
294 | /* Process LEN bytes of BUFFER, accumulating context into CTX. | |
295 | It is assumed that LEN % 128 == 0. | |
296 | Most of this code comes from GnuPG's cipher/sha1.c. */ | |
297 | ||
298 | void | |
299 | sha512_process_block (const void *buffer, size_t len, struct sha512_ctx *ctx) | |
300 | { | |
301 | u64 const *words = buffer; | |
302 | u64 const *endp = words + len / sizeof (u64); | |
303 | u64 x[16]; | |
304 | u64 a = ctx->state[0]; | |
305 | u64 b = ctx->state[1]; | |
306 | u64 c = ctx->state[2]; | |
307 | u64 d = ctx->state[3]; | |
308 | u64 e = ctx->state[4]; | |
309 | u64 f = ctx->state[5]; | |
310 | u64 g = ctx->state[6]; | |
311 | u64 h = ctx->state[7]; | |
312 | ||
313 | /* First increment the byte count. FIPS PUB 180-2 specifies the possible | |
314 | length of the file up to 2^128 bits. Here we only compute the | |
315 | number of bytes. Do a double word increment. */ | |
316 | ctx->total[0] = u64plus (ctx->total[0], u64lo (len)); | |
317 | if (u64lt (ctx->total[0], u64lo (len))) | |
318 | ctx->total[1] = u64plus (ctx->total[1], u64lo (1)); | |
319 | ||
320 | #define S0(x) u64xor (u64rol(x, 63), u64xor (u64rol (x, 56), u64shr (x, 7))) | |
321 | #define S1(x) u64xor (u64rol (x, 45), u64xor (u64rol (x, 3), u64shr (x, 6))) | |
322 | #define SS0(x) u64xor (u64rol (x, 36), u64xor (u64rol (x, 30), u64rol (x, 25))) | |
323 | #define SS1(x) u64xor (u64rol(x, 50), u64xor (u64rol (x, 46), u64rol (x, 23))) | |
324 | ||
325 | #define M(I) (x[(I) & 15] \ | |
326 | = u64plus (x[(I) & 15], \ | |
327 | u64plus (S1 (x[((I) - 2) & 15]), \ | |
328 | u64plus (x[((I) - 7) & 15], \ | |
329 | S0 (x[((I) - 15) & 15]))))) | |
330 | ||
331 | #define R(A, B, C, D, E, F, G, H, K, M) \ | |
332 | do \ | |
333 | { \ | |
334 | u64 t0 = u64plus (SS0 (A), F2 (A, B, C)); \ | |
335 | u64 t1 = \ | |
336 | u64plus (H, u64plus (SS1 (E), \ | |
337 | u64plus (F1 (E, F, G), u64plus (K, M)))); \ | |
338 | D = u64plus (D, t1); \ | |
339 | H = u64plus (t0, t1); \ | |
340 | } \ | |
341 | while (0) | |
342 | ||
343 | while (words < endp) | |
344 | { | |
345 | int t; | |
346 | /* FIXME: see sha1.c for a better implementation. */ | |
347 | for (t = 0; t < 16; t++) | |
348 | { | |
349 | x[t] = SWAP (*words); | |
350 | words++; | |
351 | } | |
352 | ||
353 | R( a, b, c, d, e, f, g, h, K( 0), x[ 0] ); | |
354 | R( h, a, b, c, d, e, f, g, K( 1), x[ 1] ); | |
355 | R( g, h, a, b, c, d, e, f, K( 2), x[ 2] ); | |
356 | R( f, g, h, a, b, c, d, e, K( 3), x[ 3] ); | |
357 | R( e, f, g, h, a, b, c, d, K( 4), x[ 4] ); | |
358 | R( d, e, f, g, h, a, b, c, K( 5), x[ 5] ); | |
359 | R( c, d, e, f, g, h, a, b, K( 6), x[ 6] ); | |
360 | R( b, c, d, e, f, g, h, a, K( 7), x[ 7] ); | |
361 | R( a, b, c, d, e, f, g, h, K( 8), x[ 8] ); | |
362 | R( h, a, b, c, d, e, f, g, K( 9), x[ 9] ); | |
363 | R( g, h, a, b, c, d, e, f, K(10), x[10] ); | |
364 | R( f, g, h, a, b, c, d, e, K(11), x[11] ); | |
365 | R( e, f, g, h, a, b, c, d, K(12), x[12] ); | |
366 | R( d, e, f, g, h, a, b, c, K(13), x[13] ); | |
367 | R( c, d, e, f, g, h, a, b, K(14), x[14] ); | |
368 | R( b, c, d, e, f, g, h, a, K(15), x[15] ); | |
369 | R( a, b, c, d, e, f, g, h, K(16), M(16) ); | |
370 | R( h, a, b, c, d, e, f, g, K(17), M(17) ); | |
371 | R( g, h, a, b, c, d, e, f, K(18), M(18) ); | |
372 | R( f, g, h, a, b, c, d, e, K(19), M(19) ); | |
373 | R( e, f, g, h, a, b, c, d, K(20), M(20) ); | |
374 | R( d, e, f, g, h, a, b, c, K(21), M(21) ); | |
375 | R( c, d, e, f, g, h, a, b, K(22), M(22) ); | |
376 | R( b, c, d, e, f, g, h, a, K(23), M(23) ); | |
377 | R( a, b, c, d, e, f, g, h, K(24), M(24) ); | |
378 | R( h, a, b, c, d, e, f, g, K(25), M(25) ); | |
379 | R( g, h, a, b, c, d, e, f, K(26), M(26) ); | |
380 | R( f, g, h, a, b, c, d, e, K(27), M(27) ); | |
381 | R( e, f, g, h, a, b, c, d, K(28), M(28) ); | |
382 | R( d, e, f, g, h, a, b, c, K(29), M(29) ); | |
383 | R( c, d, e, f, g, h, a, b, K(30), M(30) ); | |
384 | R( b, c, d, e, f, g, h, a, K(31), M(31) ); | |
385 | R( a, b, c, d, e, f, g, h, K(32), M(32) ); | |
386 | R( h, a, b, c, d, e, f, g, K(33), M(33) ); | |
387 | R( g, h, a, b, c, d, e, f, K(34), M(34) ); | |
388 | R( f, g, h, a, b, c, d, e, K(35), M(35) ); | |
389 | R( e, f, g, h, a, b, c, d, K(36), M(36) ); | |
390 | R( d, e, f, g, h, a, b, c, K(37), M(37) ); | |
391 | R( c, d, e, f, g, h, a, b, K(38), M(38) ); | |
392 | R( b, c, d, e, f, g, h, a, K(39), M(39) ); | |
393 | R( a, b, c, d, e, f, g, h, K(40), M(40) ); | |
394 | R( h, a, b, c, d, e, f, g, K(41), M(41) ); | |
395 | R( g, h, a, b, c, d, e, f, K(42), M(42) ); | |
396 | R( f, g, h, a, b, c, d, e, K(43), M(43) ); | |
397 | R( e, f, g, h, a, b, c, d, K(44), M(44) ); | |
398 | R( d, e, f, g, h, a, b, c, K(45), M(45) ); | |
399 | R( c, d, e, f, g, h, a, b, K(46), M(46) ); | |
400 | R( b, c, d, e, f, g, h, a, K(47), M(47) ); | |
401 | R( a, b, c, d, e, f, g, h, K(48), M(48) ); | |
402 | R( h, a, b, c, d, e, f, g, K(49), M(49) ); | |
403 | R( g, h, a, b, c, d, e, f, K(50), M(50) ); | |
404 | R( f, g, h, a, b, c, d, e, K(51), M(51) ); | |
405 | R( e, f, g, h, a, b, c, d, K(52), M(52) ); | |
406 | R( d, e, f, g, h, a, b, c, K(53), M(53) ); | |
407 | R( c, d, e, f, g, h, a, b, K(54), M(54) ); | |
408 | R( b, c, d, e, f, g, h, a, K(55), M(55) ); | |
409 | R( a, b, c, d, e, f, g, h, K(56), M(56) ); | |
410 | R( h, a, b, c, d, e, f, g, K(57), M(57) ); | |
411 | R( g, h, a, b, c, d, e, f, K(58), M(58) ); | |
412 | R( f, g, h, a, b, c, d, e, K(59), M(59) ); | |
413 | R( e, f, g, h, a, b, c, d, K(60), M(60) ); | |
414 | R( d, e, f, g, h, a, b, c, K(61), M(61) ); | |
415 | R( c, d, e, f, g, h, a, b, K(62), M(62) ); | |
416 | R( b, c, d, e, f, g, h, a, K(63), M(63) ); | |
417 | R( a, b, c, d, e, f, g, h, K(64), M(64) ); | |
418 | R( h, a, b, c, d, e, f, g, K(65), M(65) ); | |
419 | R( g, h, a, b, c, d, e, f, K(66), M(66) ); | |
420 | R( f, g, h, a, b, c, d, e, K(67), M(67) ); | |
421 | R( e, f, g, h, a, b, c, d, K(68), M(68) ); | |
422 | R( d, e, f, g, h, a, b, c, K(69), M(69) ); | |
423 | R( c, d, e, f, g, h, a, b, K(70), M(70) ); | |
424 | R( b, c, d, e, f, g, h, a, K(71), M(71) ); | |
425 | R( a, b, c, d, e, f, g, h, K(72), M(72) ); | |
426 | R( h, a, b, c, d, e, f, g, K(73), M(73) ); | |
427 | R( g, h, a, b, c, d, e, f, K(74), M(74) ); | |
428 | R( f, g, h, a, b, c, d, e, K(75), M(75) ); | |
429 | R( e, f, g, h, a, b, c, d, K(76), M(76) ); | |
430 | R( d, e, f, g, h, a, b, c, K(77), M(77) ); | |
431 | R( c, d, e, f, g, h, a, b, K(78), M(78) ); | |
432 | R( b, c, d, e, f, g, h, a, K(79), M(79) ); | |
433 | ||
434 | a = ctx->state[0] = u64plus (ctx->state[0], a); | |
435 | b = ctx->state[1] = u64plus (ctx->state[1], b); | |
436 | c = ctx->state[2] = u64plus (ctx->state[2], c); | |
437 | d = ctx->state[3] = u64plus (ctx->state[3], d); | |
438 | e = ctx->state[4] = u64plus (ctx->state[4], e); | |
439 | f = ctx->state[5] = u64plus (ctx->state[5], f); | |
440 | g = ctx->state[6] = u64plus (ctx->state[6], g); | |
441 | h = ctx->state[7] = u64plus (ctx->state[7], h); | |
442 | } | |
443 | } | |
757aecff MW |
444 | |
445 | struct sha512 { | |
446 | closure_t cl; | |
447 | struct hash_if ops; | |
448 | }; | |
449 | ||
450 | static void *sha512_init(void) | |
451 | { struct sha512_ctx *ctx; NEW(ctx); sha512_init_ctx(ctx); return ctx; } | |
452 | ||
453 | static void sha512_update(void *st, const void *buf, int32_t len) | |
454 | { struct sha512_ctx *ctx = st; sha512_process_bytes(buf, len, ctx); } | |
455 | ||
456 | static void sha512_final(void *st, uint8_t *digest) | |
457 | { struct sha512_ctx *ctx = st; sha512_finish_ctx(ctx, digest); free(ctx); } | |
458 | ||
459 | void sha512_module(dict_t *dict) | |
460 | { | |
461 | struct sha512 *st; | |
462 | ||
463 | NEW(st); | |
464 | st->cl.description="sha512"; | |
465 | st->cl.type=CL_HASH; | |
466 | st->cl.apply=NULL; | |
467 | st->cl.interface=&st->ops; | |
468 | st->ops.len=64; | |
469 | st->ops.init=sha512_init; | |
470 | st->ops.update=sha512_update; | |
471 | st->ops.final=sha512_final; | |
472 | ||
473 | dict_add(dict,"sha512",new_closure(&st->cl)); | |
474 | } |