Roman Peniaev | 35c31fe | 2014-07-21 21:53:44 +0900 | [diff] [blame] | 1 | /* |
| 2 | * FIPS 180-2 SHA-224/256/384/512 implementation |
| 3 | * Last update: 02/02/2007 |
| 4 | * Issue date: 04/30/2005 |
| 5 | * |
| 6 | * Since this code has been incorporated into a GPLv2 project, it is |
| 7 | * distributed under GPLv2 inside mmc-utils. The original BSD license |
| 8 | * that the code was released under is included below for clarity. |
| 9 | * |
| 10 | * Copyright (C) 2005, 2007 Olivier Gay <olivier.gay@a3.epfl.ch> |
| 11 | * All rights reserved. |
| 12 | * |
| 13 | * Redistribution and use in source and binary forms, with or without |
| 14 | * modification, are permitted provided that the following conditions |
| 15 | * are met: |
| 16 | * 1. Redistributions of source code must retain the above copyright |
| 17 | * notice, this list of conditions and the following disclaimer. |
| 18 | * 2. Redistributions in binary form must reproduce the above copyright |
| 19 | * notice, this list of conditions and the following disclaimer in the |
| 20 | * documentation and/or other materials provided with the distribution. |
| 21 | * 3. Neither the name of the project nor the names of its contributors |
| 22 | * may be used to endorse or promote products derived from this software |
| 23 | * without specific prior written permission. |
| 24 | * |
| 25 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND |
| 26 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 27 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 28 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
| 29 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 30 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 31 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 32 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 33 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 34 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 35 | * SUCH DAMAGE. |
| 36 | */ |
| 37 | |
| 38 | #if 0 |
| 39 | #define UNROLL_LOOPS /* Enable loops unrolling */ |
| 40 | #endif |
| 41 | |
| 42 | #include <string.h> |
| 43 | |
| 44 | #include "sha2.h" |
| 45 | |
| 46 | #define SHFR(x, n) (x >> n) |
| 47 | #define ROTR(x, n) ((x >> n) | (x << ((sizeof(x) << 3) - n))) |
| 48 | #define ROTL(x, n) ((x << n) | (x >> ((sizeof(x) << 3) - n))) |
| 49 | #define CH(x, y, z) ((x & y) ^ (~x & z)) |
| 50 | #define MAJ(x, y, z) ((x & y) ^ (x & z) ^ (y & z)) |
| 51 | |
| 52 | #define SHA256_F1(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) |
| 53 | #define SHA256_F2(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) |
| 54 | #define SHA256_F3(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHFR(x, 3)) |
| 55 | #define SHA256_F4(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHFR(x, 10)) |
| 56 | |
| 57 | #define SHA512_F1(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39)) |
| 58 | #define SHA512_F2(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41)) |
| 59 | #define SHA512_F3(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHFR(x, 7)) |
| 60 | #define SHA512_F4(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHFR(x, 6)) |
| 61 | |
| 62 | #define UNPACK32(x, str) \ |
| 63 | { \ |
| 64 | *((str) + 3) = (uint8) ((x) ); \ |
| 65 | *((str) + 2) = (uint8) ((x) >> 8); \ |
| 66 | *((str) + 1) = (uint8) ((x) >> 16); \ |
| 67 | *((str) + 0) = (uint8) ((x) >> 24); \ |
| 68 | } |
| 69 | |
| 70 | #define PACK32(str, x) \ |
| 71 | { \ |
| 72 | *(x) = ((uint32) *((str) + 3) ) \ |
| 73 | | ((uint32) *((str) + 2) << 8) \ |
| 74 | | ((uint32) *((str) + 1) << 16) \ |
| 75 | | ((uint32) *((str) + 0) << 24); \ |
| 76 | } |
| 77 | |
| 78 | #define UNPACK64(x, str) \ |
| 79 | { \ |
| 80 | *((str) + 7) = (uint8) ((x) ); \ |
| 81 | *((str) + 6) = (uint8) ((x) >> 8); \ |
| 82 | *((str) + 5) = (uint8) ((x) >> 16); \ |
| 83 | *((str) + 4) = (uint8) ((x) >> 24); \ |
| 84 | *((str) + 3) = (uint8) ((x) >> 32); \ |
| 85 | *((str) + 2) = (uint8) ((x) >> 40); \ |
| 86 | *((str) + 1) = (uint8) ((x) >> 48); \ |
| 87 | *((str) + 0) = (uint8) ((x) >> 56); \ |
| 88 | } |
| 89 | |
| 90 | #define PACK64(str, x) \ |
| 91 | { \ |
| 92 | *(x) = ((uint64) *((str) + 7) ) \ |
| 93 | | ((uint64) *((str) + 6) << 8) \ |
| 94 | | ((uint64) *((str) + 5) << 16) \ |
| 95 | | ((uint64) *((str) + 4) << 24) \ |
| 96 | | ((uint64) *((str) + 3) << 32) \ |
| 97 | | ((uint64) *((str) + 2) << 40) \ |
| 98 | | ((uint64) *((str) + 1) << 48) \ |
| 99 | | ((uint64) *((str) + 0) << 56); \ |
| 100 | } |
| 101 | |
| 102 | /* Macros used for loops unrolling */ |
| 103 | |
| 104 | #define SHA256_SCR(i) \ |
| 105 | { \ |
| 106 | w[i] = SHA256_F4(w[i - 2]) + w[i - 7] \ |
| 107 | + SHA256_F3(w[i - 15]) + w[i - 16]; \ |
| 108 | } |
| 109 | |
| 110 | #define SHA512_SCR(i) \ |
| 111 | { \ |
| 112 | w[i] = SHA512_F4(w[i - 2]) + w[i - 7] \ |
| 113 | + SHA512_F3(w[i - 15]) + w[i - 16]; \ |
| 114 | } |
| 115 | |
| 116 | #define SHA256_EXP(a, b, c, d, e, f, g, h, j) \ |
| 117 | { \ |
| 118 | t1 = wv[h] + SHA256_F2(wv[e]) + CH(wv[e], wv[f], wv[g]) \ |
| 119 | + sha256_k[j] + w[j]; \ |
| 120 | t2 = SHA256_F1(wv[a]) + MAJ(wv[a], wv[b], wv[c]); \ |
| 121 | wv[d] += t1; \ |
| 122 | wv[h] = t1 + t2; \ |
| 123 | } |
| 124 | |
| 125 | #define SHA512_EXP(a, b, c, d, e, f, g ,h, j) \ |
| 126 | { \ |
| 127 | t1 = wv[h] + SHA512_F2(wv[e]) + CH(wv[e], wv[f], wv[g]) \ |
| 128 | + sha512_k[j] + w[j]; \ |
| 129 | t2 = SHA512_F1(wv[a]) + MAJ(wv[a], wv[b], wv[c]); \ |
| 130 | wv[d] += t1; \ |
| 131 | wv[h] = t1 + t2; \ |
| 132 | } |
| 133 | |
| 134 | uint32 sha224_h0[8] = |
| 135 | {0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, |
| 136 | 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4}; |
| 137 | |
| 138 | uint32 sha256_h0[8] = |
| 139 | {0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, |
| 140 | 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19}; |
| 141 | |
| 142 | uint64 sha384_h0[8] = |
| 143 | {0xcbbb9d5dc1059ed8ULL, 0x629a292a367cd507ULL, |
| 144 | 0x9159015a3070dd17ULL, 0x152fecd8f70e5939ULL, |
| 145 | 0x67332667ffc00b31ULL, 0x8eb44a8768581511ULL, |
| 146 | 0xdb0c2e0d64f98fa7ULL, 0x47b5481dbefa4fa4ULL}; |
| 147 | |
| 148 | uint64 sha512_h0[8] = |
| 149 | {0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, |
| 150 | 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL, |
| 151 | 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, |
| 152 | 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL}; |
| 153 | |
| 154 | uint32 sha256_k[64] = |
| 155 | {0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, |
| 156 | 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, |
| 157 | 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, |
| 158 | 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, |
| 159 | 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, |
| 160 | 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, |
| 161 | 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, |
| 162 | 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, |
| 163 | 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, |
| 164 | 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, |
| 165 | 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, |
| 166 | 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, |
| 167 | 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, |
| 168 | 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, |
| 169 | 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, |
| 170 | 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2}; |
| 171 | |
| 172 | uint64 sha512_k[80] = |
| 173 | {0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, |
| 174 | 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, |
| 175 | 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, |
| 176 | 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, |
| 177 | 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, |
| 178 | 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, |
| 179 | 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, |
| 180 | 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, |
| 181 | 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, |
| 182 | 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, |
| 183 | 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, |
| 184 | 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, |
| 185 | 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, |
| 186 | 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, |
| 187 | 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, |
| 188 | 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, |
| 189 | 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, |
| 190 | 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, |
| 191 | 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, |
| 192 | 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, |
| 193 | 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, |
| 194 | 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, |
| 195 | 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, |
| 196 | 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, |
| 197 | 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, |
| 198 | 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, |
| 199 | 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, |
| 200 | 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, |
| 201 | 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, |
| 202 | 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, |
| 203 | 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, |
| 204 | 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, |
| 205 | 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, |
| 206 | 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, |
| 207 | 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, |
| 208 | 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, |
| 209 | 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, |
| 210 | 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, |
| 211 | 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, |
| 212 | 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL}; |
| 213 | |
| 214 | /* SHA-256 functions */ |
| 215 | |
| 216 | void sha256_transf(sha256_ctx *ctx, const unsigned char *message, |
| 217 | unsigned int block_nb) |
| 218 | { |
| 219 | uint32 w[64]; |
| 220 | uint32 wv[8]; |
| 221 | uint32 t1, t2; |
| 222 | const unsigned char *sub_block; |
| 223 | int i; |
| 224 | |
| 225 | #ifndef UNROLL_LOOPS |
| 226 | int j; |
| 227 | #endif |
| 228 | |
| 229 | for (i = 0; i < (int) block_nb; i++) { |
| 230 | sub_block = message + (i << 6); |
| 231 | |
| 232 | #ifndef UNROLL_LOOPS |
| 233 | for (j = 0; j < 16; j++) { |
| 234 | PACK32(&sub_block[j << 2], &w[j]); |
| 235 | } |
| 236 | |
| 237 | for (j = 16; j < 64; j++) { |
| 238 | SHA256_SCR(j); |
| 239 | } |
| 240 | |
| 241 | for (j = 0; j < 8; j++) { |
| 242 | wv[j] = ctx->h[j]; |
| 243 | } |
| 244 | |
| 245 | for (j = 0; j < 64; j++) { |
| 246 | t1 = wv[7] + SHA256_F2(wv[4]) + CH(wv[4], wv[5], wv[6]) |
| 247 | + sha256_k[j] + w[j]; |
| 248 | t2 = SHA256_F1(wv[0]) + MAJ(wv[0], wv[1], wv[2]); |
| 249 | wv[7] = wv[6]; |
| 250 | wv[6] = wv[5]; |
| 251 | wv[5] = wv[4]; |
| 252 | wv[4] = wv[3] + t1; |
| 253 | wv[3] = wv[2]; |
| 254 | wv[2] = wv[1]; |
| 255 | wv[1] = wv[0]; |
| 256 | wv[0] = t1 + t2; |
| 257 | } |
| 258 | |
| 259 | for (j = 0; j < 8; j++) { |
| 260 | ctx->h[j] += wv[j]; |
| 261 | } |
| 262 | #else |
| 263 | PACK32(&sub_block[ 0], &w[ 0]); PACK32(&sub_block[ 4], &w[ 1]); |
| 264 | PACK32(&sub_block[ 8], &w[ 2]); PACK32(&sub_block[12], &w[ 3]); |
| 265 | PACK32(&sub_block[16], &w[ 4]); PACK32(&sub_block[20], &w[ 5]); |
| 266 | PACK32(&sub_block[24], &w[ 6]); PACK32(&sub_block[28], &w[ 7]); |
| 267 | PACK32(&sub_block[32], &w[ 8]); PACK32(&sub_block[36], &w[ 9]); |
| 268 | PACK32(&sub_block[40], &w[10]); PACK32(&sub_block[44], &w[11]); |
| 269 | PACK32(&sub_block[48], &w[12]); PACK32(&sub_block[52], &w[13]); |
| 270 | PACK32(&sub_block[56], &w[14]); PACK32(&sub_block[60], &w[15]); |
| 271 | |
| 272 | SHA256_SCR(16); SHA256_SCR(17); SHA256_SCR(18); SHA256_SCR(19); |
| 273 | SHA256_SCR(20); SHA256_SCR(21); SHA256_SCR(22); SHA256_SCR(23); |
| 274 | SHA256_SCR(24); SHA256_SCR(25); SHA256_SCR(26); SHA256_SCR(27); |
| 275 | SHA256_SCR(28); SHA256_SCR(29); SHA256_SCR(30); SHA256_SCR(31); |
| 276 | SHA256_SCR(32); SHA256_SCR(33); SHA256_SCR(34); SHA256_SCR(35); |
| 277 | SHA256_SCR(36); SHA256_SCR(37); SHA256_SCR(38); SHA256_SCR(39); |
| 278 | SHA256_SCR(40); SHA256_SCR(41); SHA256_SCR(42); SHA256_SCR(43); |
| 279 | SHA256_SCR(44); SHA256_SCR(45); SHA256_SCR(46); SHA256_SCR(47); |
| 280 | SHA256_SCR(48); SHA256_SCR(49); SHA256_SCR(50); SHA256_SCR(51); |
| 281 | SHA256_SCR(52); SHA256_SCR(53); SHA256_SCR(54); SHA256_SCR(55); |
| 282 | SHA256_SCR(56); SHA256_SCR(57); SHA256_SCR(58); SHA256_SCR(59); |
| 283 | SHA256_SCR(60); SHA256_SCR(61); SHA256_SCR(62); SHA256_SCR(63); |
| 284 | |
| 285 | wv[0] = ctx->h[0]; wv[1] = ctx->h[1]; |
| 286 | wv[2] = ctx->h[2]; wv[3] = ctx->h[3]; |
| 287 | wv[4] = ctx->h[4]; wv[5] = ctx->h[5]; |
| 288 | wv[6] = ctx->h[6]; wv[7] = ctx->h[7]; |
| 289 | |
| 290 | SHA256_EXP(0,1,2,3,4,5,6,7, 0); SHA256_EXP(7,0,1,2,3,4,5,6, 1); |
| 291 | SHA256_EXP(6,7,0,1,2,3,4,5, 2); SHA256_EXP(5,6,7,0,1,2,3,4, 3); |
| 292 | SHA256_EXP(4,5,6,7,0,1,2,3, 4); SHA256_EXP(3,4,5,6,7,0,1,2, 5); |
| 293 | SHA256_EXP(2,3,4,5,6,7,0,1, 6); SHA256_EXP(1,2,3,4,5,6,7,0, 7); |
| 294 | SHA256_EXP(0,1,2,3,4,5,6,7, 8); SHA256_EXP(7,0,1,2,3,4,5,6, 9); |
| 295 | SHA256_EXP(6,7,0,1,2,3,4,5,10); SHA256_EXP(5,6,7,0,1,2,3,4,11); |
| 296 | SHA256_EXP(4,5,6,7,0,1,2,3,12); SHA256_EXP(3,4,5,6,7,0,1,2,13); |
| 297 | SHA256_EXP(2,3,4,5,6,7,0,1,14); SHA256_EXP(1,2,3,4,5,6,7,0,15); |
| 298 | SHA256_EXP(0,1,2,3,4,5,6,7,16); SHA256_EXP(7,0,1,2,3,4,5,6,17); |
| 299 | SHA256_EXP(6,7,0,1,2,3,4,5,18); SHA256_EXP(5,6,7,0,1,2,3,4,19); |
| 300 | SHA256_EXP(4,5,6,7,0,1,2,3,20); SHA256_EXP(3,4,5,6,7,0,1,2,21); |
| 301 | SHA256_EXP(2,3,4,5,6,7,0,1,22); SHA256_EXP(1,2,3,4,5,6,7,0,23); |
| 302 | SHA256_EXP(0,1,2,3,4,5,6,7,24); SHA256_EXP(7,0,1,2,3,4,5,6,25); |
| 303 | SHA256_EXP(6,7,0,1,2,3,4,5,26); SHA256_EXP(5,6,7,0,1,2,3,4,27); |
| 304 | SHA256_EXP(4,5,6,7,0,1,2,3,28); SHA256_EXP(3,4,5,6,7,0,1,2,29); |
| 305 | SHA256_EXP(2,3,4,5,6,7,0,1,30); SHA256_EXP(1,2,3,4,5,6,7,0,31); |
| 306 | SHA256_EXP(0,1,2,3,4,5,6,7,32); SHA256_EXP(7,0,1,2,3,4,5,6,33); |
| 307 | SHA256_EXP(6,7,0,1,2,3,4,5,34); SHA256_EXP(5,6,7,0,1,2,3,4,35); |
| 308 | SHA256_EXP(4,5,6,7,0,1,2,3,36); SHA256_EXP(3,4,5,6,7,0,1,2,37); |
| 309 | SHA256_EXP(2,3,4,5,6,7,0,1,38); SHA256_EXP(1,2,3,4,5,6,7,0,39); |
| 310 | SHA256_EXP(0,1,2,3,4,5,6,7,40); SHA256_EXP(7,0,1,2,3,4,5,6,41); |
| 311 | SHA256_EXP(6,7,0,1,2,3,4,5,42); SHA256_EXP(5,6,7,0,1,2,3,4,43); |
| 312 | SHA256_EXP(4,5,6,7,0,1,2,3,44); SHA256_EXP(3,4,5,6,7,0,1,2,45); |
| 313 | SHA256_EXP(2,3,4,5,6,7,0,1,46); SHA256_EXP(1,2,3,4,5,6,7,0,47); |
| 314 | SHA256_EXP(0,1,2,3,4,5,6,7,48); SHA256_EXP(7,0,1,2,3,4,5,6,49); |
| 315 | SHA256_EXP(6,7,0,1,2,3,4,5,50); SHA256_EXP(5,6,7,0,1,2,3,4,51); |
| 316 | SHA256_EXP(4,5,6,7,0,1,2,3,52); SHA256_EXP(3,4,5,6,7,0,1,2,53); |
| 317 | SHA256_EXP(2,3,4,5,6,7,0,1,54); SHA256_EXP(1,2,3,4,5,6,7,0,55); |
| 318 | SHA256_EXP(0,1,2,3,4,5,6,7,56); SHA256_EXP(7,0,1,2,3,4,5,6,57); |
| 319 | SHA256_EXP(6,7,0,1,2,3,4,5,58); SHA256_EXP(5,6,7,0,1,2,3,4,59); |
| 320 | SHA256_EXP(4,5,6,7,0,1,2,3,60); SHA256_EXP(3,4,5,6,7,0,1,2,61); |
| 321 | SHA256_EXP(2,3,4,5,6,7,0,1,62); SHA256_EXP(1,2,3,4,5,6,7,0,63); |
| 322 | |
| 323 | ctx->h[0] += wv[0]; ctx->h[1] += wv[1]; |
| 324 | ctx->h[2] += wv[2]; ctx->h[3] += wv[3]; |
| 325 | ctx->h[4] += wv[4]; ctx->h[5] += wv[5]; |
| 326 | ctx->h[6] += wv[6]; ctx->h[7] += wv[7]; |
| 327 | #endif /* !UNROLL_LOOPS */ |
| 328 | } |
| 329 | } |
| 330 | |
| 331 | void sha256(const unsigned char *message, unsigned int len, unsigned char *digest) |
| 332 | { |
| 333 | sha256_ctx ctx; |
| 334 | |
| 335 | sha256_init(&ctx); |
| 336 | sha256_update(&ctx, message, len); |
| 337 | sha256_final(&ctx, digest); |
| 338 | } |
| 339 | |
| 340 | void sha256_init(sha256_ctx *ctx) |
| 341 | { |
| 342 | #ifndef UNROLL_LOOPS |
| 343 | int i; |
| 344 | for (i = 0; i < 8; i++) { |
| 345 | ctx->h[i] = sha256_h0[i]; |
| 346 | } |
| 347 | #else |
| 348 | ctx->h[0] = sha256_h0[0]; ctx->h[1] = sha256_h0[1]; |
| 349 | ctx->h[2] = sha256_h0[2]; ctx->h[3] = sha256_h0[3]; |
| 350 | ctx->h[4] = sha256_h0[4]; ctx->h[5] = sha256_h0[5]; |
| 351 | ctx->h[6] = sha256_h0[6]; ctx->h[7] = sha256_h0[7]; |
| 352 | #endif /* !UNROLL_LOOPS */ |
| 353 | |
| 354 | ctx->len = 0; |
| 355 | ctx->tot_len = 0; |
| 356 | } |
| 357 | |
| 358 | void sha256_update(sha256_ctx *ctx, const unsigned char *message, |
| 359 | unsigned int len) |
| 360 | { |
| 361 | unsigned int block_nb; |
| 362 | unsigned int new_len, rem_len, tmp_len; |
| 363 | const unsigned char *shifted_message; |
| 364 | |
| 365 | tmp_len = SHA256_BLOCK_SIZE - ctx->len; |
| 366 | rem_len = len < tmp_len ? len : tmp_len; |
| 367 | |
| 368 | memcpy(&ctx->block[ctx->len], message, rem_len); |
| 369 | |
| 370 | if (ctx->len + len < SHA256_BLOCK_SIZE) { |
| 371 | ctx->len += len; |
| 372 | return; |
| 373 | } |
| 374 | |
| 375 | new_len = len - rem_len; |
| 376 | block_nb = new_len / SHA256_BLOCK_SIZE; |
| 377 | |
| 378 | shifted_message = message + rem_len; |
| 379 | |
| 380 | sha256_transf(ctx, ctx->block, 1); |
| 381 | sha256_transf(ctx, shifted_message, block_nb); |
| 382 | |
| 383 | rem_len = new_len % SHA256_BLOCK_SIZE; |
| 384 | |
| 385 | memcpy(ctx->block, &shifted_message[block_nb << 6], |
| 386 | rem_len); |
| 387 | |
| 388 | ctx->len = rem_len; |
| 389 | ctx->tot_len += (block_nb + 1) << 6; |
| 390 | } |
| 391 | |
| 392 | void sha256_final(sha256_ctx *ctx, unsigned char *digest) |
| 393 | { |
| 394 | unsigned int block_nb; |
| 395 | unsigned int pm_len; |
| 396 | unsigned int len_b; |
| 397 | |
| 398 | #ifndef UNROLL_LOOPS |
| 399 | int i; |
| 400 | #endif |
| 401 | |
| 402 | block_nb = (1 + ((SHA256_BLOCK_SIZE - 9) |
| 403 | < (ctx->len % SHA256_BLOCK_SIZE))); |
| 404 | |
| 405 | len_b = (ctx->tot_len + ctx->len) << 3; |
| 406 | pm_len = block_nb << 6; |
| 407 | |
| 408 | memset(ctx->block + ctx->len, 0, pm_len - ctx->len); |
| 409 | ctx->block[ctx->len] = 0x80; |
| 410 | UNPACK32(len_b, ctx->block + pm_len - 4); |
| 411 | |
| 412 | sha256_transf(ctx, ctx->block, block_nb); |
| 413 | |
| 414 | #ifndef UNROLL_LOOPS |
| 415 | for (i = 0 ; i < 8; i++) { |
| 416 | UNPACK32(ctx->h[i], &digest[i << 2]); |
| 417 | } |
| 418 | #else |
| 419 | UNPACK32(ctx->h[0], &digest[ 0]); |
| 420 | UNPACK32(ctx->h[1], &digest[ 4]); |
| 421 | UNPACK32(ctx->h[2], &digest[ 8]); |
| 422 | UNPACK32(ctx->h[3], &digest[12]); |
| 423 | UNPACK32(ctx->h[4], &digest[16]); |
| 424 | UNPACK32(ctx->h[5], &digest[20]); |
| 425 | UNPACK32(ctx->h[6], &digest[24]); |
| 426 | UNPACK32(ctx->h[7], &digest[28]); |
| 427 | #endif /* !UNROLL_LOOPS */ |
| 428 | } |
| 429 | |
| 430 | /* SHA-512 functions */ |
| 431 | |
| 432 | void sha512_transf(sha512_ctx *ctx, const unsigned char *message, |
| 433 | unsigned int block_nb) |
| 434 | { |
| 435 | uint64 w[80]; |
| 436 | uint64 wv[8]; |
| 437 | uint64 t1, t2; |
| 438 | const unsigned char *sub_block; |
| 439 | int i, j; |
| 440 | |
| 441 | for (i = 0; i < (int) block_nb; i++) { |
| 442 | sub_block = message + (i << 7); |
| 443 | |
| 444 | #ifndef UNROLL_LOOPS |
| 445 | for (j = 0; j < 16; j++) { |
| 446 | PACK64(&sub_block[j << 3], &w[j]); |
| 447 | } |
| 448 | |
| 449 | for (j = 16; j < 80; j++) { |
| 450 | SHA512_SCR(j); |
| 451 | } |
| 452 | |
| 453 | for (j = 0; j < 8; j++) { |
| 454 | wv[j] = ctx->h[j]; |
| 455 | } |
| 456 | |
| 457 | for (j = 0; j < 80; j++) { |
| 458 | t1 = wv[7] + SHA512_F2(wv[4]) + CH(wv[4], wv[5], wv[6]) |
| 459 | + sha512_k[j] + w[j]; |
| 460 | t2 = SHA512_F1(wv[0]) + MAJ(wv[0], wv[1], wv[2]); |
| 461 | wv[7] = wv[6]; |
| 462 | wv[6] = wv[5]; |
| 463 | wv[5] = wv[4]; |
| 464 | wv[4] = wv[3] + t1; |
| 465 | wv[3] = wv[2]; |
| 466 | wv[2] = wv[1]; |
| 467 | wv[1] = wv[0]; |
| 468 | wv[0] = t1 + t2; |
| 469 | } |
| 470 | |
| 471 | for (j = 0; j < 8; j++) { |
| 472 | ctx->h[j] += wv[j]; |
| 473 | } |
| 474 | #else |
| 475 | PACK64(&sub_block[ 0], &w[ 0]); PACK64(&sub_block[ 8], &w[ 1]); |
| 476 | PACK64(&sub_block[ 16], &w[ 2]); PACK64(&sub_block[ 24], &w[ 3]); |
| 477 | PACK64(&sub_block[ 32], &w[ 4]); PACK64(&sub_block[ 40], &w[ 5]); |
| 478 | PACK64(&sub_block[ 48], &w[ 6]); PACK64(&sub_block[ 56], &w[ 7]); |
| 479 | PACK64(&sub_block[ 64], &w[ 8]); PACK64(&sub_block[ 72], &w[ 9]); |
| 480 | PACK64(&sub_block[ 80], &w[10]); PACK64(&sub_block[ 88], &w[11]); |
| 481 | PACK64(&sub_block[ 96], &w[12]); PACK64(&sub_block[104], &w[13]); |
| 482 | PACK64(&sub_block[112], &w[14]); PACK64(&sub_block[120], &w[15]); |
| 483 | |
| 484 | SHA512_SCR(16); SHA512_SCR(17); SHA512_SCR(18); SHA512_SCR(19); |
| 485 | SHA512_SCR(20); SHA512_SCR(21); SHA512_SCR(22); SHA512_SCR(23); |
| 486 | SHA512_SCR(24); SHA512_SCR(25); SHA512_SCR(26); SHA512_SCR(27); |
| 487 | SHA512_SCR(28); SHA512_SCR(29); SHA512_SCR(30); SHA512_SCR(31); |
| 488 | SHA512_SCR(32); SHA512_SCR(33); SHA512_SCR(34); SHA512_SCR(35); |
| 489 | SHA512_SCR(36); SHA512_SCR(37); SHA512_SCR(38); SHA512_SCR(39); |
| 490 | SHA512_SCR(40); SHA512_SCR(41); SHA512_SCR(42); SHA512_SCR(43); |
| 491 | SHA512_SCR(44); SHA512_SCR(45); SHA512_SCR(46); SHA512_SCR(47); |
| 492 | SHA512_SCR(48); SHA512_SCR(49); SHA512_SCR(50); SHA512_SCR(51); |
| 493 | SHA512_SCR(52); SHA512_SCR(53); SHA512_SCR(54); SHA512_SCR(55); |
| 494 | SHA512_SCR(56); SHA512_SCR(57); SHA512_SCR(58); SHA512_SCR(59); |
| 495 | SHA512_SCR(60); SHA512_SCR(61); SHA512_SCR(62); SHA512_SCR(63); |
| 496 | SHA512_SCR(64); SHA512_SCR(65); SHA512_SCR(66); SHA512_SCR(67); |
| 497 | SHA512_SCR(68); SHA512_SCR(69); SHA512_SCR(70); SHA512_SCR(71); |
| 498 | SHA512_SCR(72); SHA512_SCR(73); SHA512_SCR(74); SHA512_SCR(75); |
| 499 | SHA512_SCR(76); SHA512_SCR(77); SHA512_SCR(78); SHA512_SCR(79); |
| 500 | |
| 501 | wv[0] = ctx->h[0]; wv[1] = ctx->h[1]; |
| 502 | wv[2] = ctx->h[2]; wv[3] = ctx->h[3]; |
| 503 | wv[4] = ctx->h[4]; wv[5] = ctx->h[5]; |
| 504 | wv[6] = ctx->h[6]; wv[7] = ctx->h[7]; |
| 505 | |
| 506 | j = 0; |
| 507 | |
| 508 | do { |
| 509 | SHA512_EXP(0,1,2,3,4,5,6,7,j); j++; |
| 510 | SHA512_EXP(7,0,1,2,3,4,5,6,j); j++; |
| 511 | SHA512_EXP(6,7,0,1,2,3,4,5,j); j++; |
| 512 | SHA512_EXP(5,6,7,0,1,2,3,4,j); j++; |
| 513 | SHA512_EXP(4,5,6,7,0,1,2,3,j); j++; |
| 514 | SHA512_EXP(3,4,5,6,7,0,1,2,j); j++; |
| 515 | SHA512_EXP(2,3,4,5,6,7,0,1,j); j++; |
| 516 | SHA512_EXP(1,2,3,4,5,6,7,0,j); j++; |
| 517 | } while (j < 80); |
| 518 | |
| 519 | ctx->h[0] += wv[0]; ctx->h[1] += wv[1]; |
| 520 | ctx->h[2] += wv[2]; ctx->h[3] += wv[3]; |
| 521 | ctx->h[4] += wv[4]; ctx->h[5] += wv[5]; |
| 522 | ctx->h[6] += wv[6]; ctx->h[7] += wv[7]; |
| 523 | #endif /* !UNROLL_LOOPS */ |
| 524 | } |
| 525 | } |
| 526 | |
| 527 | void sha512(const unsigned char *message, unsigned int len, |
| 528 | unsigned char *digest) |
| 529 | { |
| 530 | sha512_ctx ctx; |
| 531 | |
| 532 | sha512_init(&ctx); |
| 533 | sha512_update(&ctx, message, len); |
| 534 | sha512_final(&ctx, digest); |
| 535 | } |
| 536 | |
| 537 | void sha512_init(sha512_ctx *ctx) |
| 538 | { |
| 539 | #ifndef UNROLL_LOOPS |
| 540 | int i; |
| 541 | for (i = 0; i < 8; i++) { |
| 542 | ctx->h[i] = sha512_h0[i]; |
| 543 | } |
| 544 | #else |
| 545 | ctx->h[0] = sha512_h0[0]; ctx->h[1] = sha512_h0[1]; |
| 546 | ctx->h[2] = sha512_h0[2]; ctx->h[3] = sha512_h0[3]; |
| 547 | ctx->h[4] = sha512_h0[4]; ctx->h[5] = sha512_h0[5]; |
| 548 | ctx->h[6] = sha512_h0[6]; ctx->h[7] = sha512_h0[7]; |
| 549 | #endif /* !UNROLL_LOOPS */ |
| 550 | |
| 551 | ctx->len = 0; |
| 552 | ctx->tot_len = 0; |
| 553 | } |
| 554 | |
| 555 | void sha512_update(sha512_ctx *ctx, const unsigned char *message, |
| 556 | unsigned int len) |
| 557 | { |
| 558 | unsigned int block_nb; |
| 559 | unsigned int new_len, rem_len, tmp_len; |
| 560 | const unsigned char *shifted_message; |
| 561 | |
| 562 | tmp_len = SHA512_BLOCK_SIZE - ctx->len; |
| 563 | rem_len = len < tmp_len ? len : tmp_len; |
| 564 | |
| 565 | memcpy(&ctx->block[ctx->len], message, rem_len); |
| 566 | |
| 567 | if (ctx->len + len < SHA512_BLOCK_SIZE) { |
| 568 | ctx->len += len; |
| 569 | return; |
| 570 | } |
| 571 | |
| 572 | new_len = len - rem_len; |
| 573 | block_nb = new_len / SHA512_BLOCK_SIZE; |
| 574 | |
| 575 | shifted_message = message + rem_len; |
| 576 | |
| 577 | sha512_transf(ctx, ctx->block, 1); |
| 578 | sha512_transf(ctx, shifted_message, block_nb); |
| 579 | |
| 580 | rem_len = new_len % SHA512_BLOCK_SIZE; |
| 581 | |
| 582 | memcpy(ctx->block, &shifted_message[block_nb << 7], |
| 583 | rem_len); |
| 584 | |
| 585 | ctx->len = rem_len; |
| 586 | ctx->tot_len += (block_nb + 1) << 7; |
| 587 | } |
| 588 | |
| 589 | void sha512_final(sha512_ctx *ctx, unsigned char *digest) |
| 590 | { |
| 591 | unsigned int block_nb; |
| 592 | unsigned int pm_len; |
| 593 | unsigned int len_b; |
| 594 | |
| 595 | #ifndef UNROLL_LOOPS |
| 596 | int i; |
| 597 | #endif |
| 598 | |
| 599 | block_nb = 1 + ((SHA512_BLOCK_SIZE - 17) |
| 600 | < (ctx->len % SHA512_BLOCK_SIZE)); |
| 601 | |
| 602 | len_b = (ctx->tot_len + ctx->len) << 3; |
| 603 | pm_len = block_nb << 7; |
| 604 | |
| 605 | memset(ctx->block + ctx->len, 0, pm_len - ctx->len); |
| 606 | ctx->block[ctx->len] = 0x80; |
| 607 | UNPACK32(len_b, ctx->block + pm_len - 4); |
| 608 | |
| 609 | sha512_transf(ctx, ctx->block, block_nb); |
| 610 | |
| 611 | #ifndef UNROLL_LOOPS |
| 612 | for (i = 0 ; i < 8; i++) { |
| 613 | UNPACK64(ctx->h[i], &digest[i << 3]); |
| 614 | } |
| 615 | #else |
| 616 | UNPACK64(ctx->h[0], &digest[ 0]); |
| 617 | UNPACK64(ctx->h[1], &digest[ 8]); |
| 618 | UNPACK64(ctx->h[2], &digest[16]); |
| 619 | UNPACK64(ctx->h[3], &digest[24]); |
| 620 | UNPACK64(ctx->h[4], &digest[32]); |
| 621 | UNPACK64(ctx->h[5], &digest[40]); |
| 622 | UNPACK64(ctx->h[6], &digest[48]); |
| 623 | UNPACK64(ctx->h[7], &digest[56]); |
| 624 | #endif /* !UNROLL_LOOPS */ |
| 625 | } |
| 626 | |
| 627 | /* SHA-384 functions */ |
| 628 | |
| 629 | void sha384(const unsigned char *message, unsigned int len, |
| 630 | unsigned char *digest) |
| 631 | { |
| 632 | sha384_ctx ctx; |
| 633 | |
| 634 | sha384_init(&ctx); |
| 635 | sha384_update(&ctx, message, len); |
| 636 | sha384_final(&ctx, digest); |
| 637 | } |
| 638 | |
| 639 | void sha384_init(sha384_ctx *ctx) |
| 640 | { |
| 641 | #ifndef UNROLL_LOOPS |
| 642 | int i; |
| 643 | for (i = 0; i < 8; i++) { |
| 644 | ctx->h[i] = sha384_h0[i]; |
| 645 | } |
| 646 | #else |
| 647 | ctx->h[0] = sha384_h0[0]; ctx->h[1] = sha384_h0[1]; |
| 648 | ctx->h[2] = sha384_h0[2]; ctx->h[3] = sha384_h0[3]; |
| 649 | ctx->h[4] = sha384_h0[4]; ctx->h[5] = sha384_h0[5]; |
| 650 | ctx->h[6] = sha384_h0[6]; ctx->h[7] = sha384_h0[7]; |
| 651 | #endif /* !UNROLL_LOOPS */ |
| 652 | |
| 653 | ctx->len = 0; |
| 654 | ctx->tot_len = 0; |
| 655 | } |
| 656 | |
| 657 | void sha384_update(sha384_ctx *ctx, const unsigned char *message, |
| 658 | unsigned int len) |
| 659 | { |
| 660 | unsigned int block_nb; |
| 661 | unsigned int new_len, rem_len, tmp_len; |
| 662 | const unsigned char *shifted_message; |
| 663 | |
| 664 | tmp_len = SHA384_BLOCK_SIZE - ctx->len; |
| 665 | rem_len = len < tmp_len ? len : tmp_len; |
| 666 | |
| 667 | memcpy(&ctx->block[ctx->len], message, rem_len); |
| 668 | |
| 669 | if (ctx->len + len < SHA384_BLOCK_SIZE) { |
| 670 | ctx->len += len; |
| 671 | return; |
| 672 | } |
| 673 | |
| 674 | new_len = len - rem_len; |
| 675 | block_nb = new_len / SHA384_BLOCK_SIZE; |
| 676 | |
| 677 | shifted_message = message + rem_len; |
| 678 | |
| 679 | sha512_transf(ctx, ctx->block, 1); |
| 680 | sha512_transf(ctx, shifted_message, block_nb); |
| 681 | |
| 682 | rem_len = new_len % SHA384_BLOCK_SIZE; |
| 683 | |
| 684 | memcpy(ctx->block, &shifted_message[block_nb << 7], |
| 685 | rem_len); |
| 686 | |
| 687 | ctx->len = rem_len; |
| 688 | ctx->tot_len += (block_nb + 1) << 7; |
| 689 | } |
| 690 | |
| 691 | void sha384_final(sha384_ctx *ctx, unsigned char *digest) |
| 692 | { |
| 693 | unsigned int block_nb; |
| 694 | unsigned int pm_len; |
| 695 | unsigned int len_b; |
| 696 | |
| 697 | #ifndef UNROLL_LOOPS |
| 698 | int i; |
| 699 | #endif |
| 700 | |
| 701 | block_nb = (1 + ((SHA384_BLOCK_SIZE - 17) |
| 702 | < (ctx->len % SHA384_BLOCK_SIZE))); |
| 703 | |
| 704 | len_b = (ctx->tot_len + ctx->len) << 3; |
| 705 | pm_len = block_nb << 7; |
| 706 | |
| 707 | memset(ctx->block + ctx->len, 0, pm_len - ctx->len); |
| 708 | ctx->block[ctx->len] = 0x80; |
| 709 | UNPACK32(len_b, ctx->block + pm_len - 4); |
| 710 | |
| 711 | sha512_transf(ctx, ctx->block, block_nb); |
| 712 | |
| 713 | #ifndef UNROLL_LOOPS |
| 714 | for (i = 0 ; i < 6; i++) { |
| 715 | UNPACK64(ctx->h[i], &digest[i << 3]); |
| 716 | } |
| 717 | #else |
| 718 | UNPACK64(ctx->h[0], &digest[ 0]); |
| 719 | UNPACK64(ctx->h[1], &digest[ 8]); |
| 720 | UNPACK64(ctx->h[2], &digest[16]); |
| 721 | UNPACK64(ctx->h[3], &digest[24]); |
| 722 | UNPACK64(ctx->h[4], &digest[32]); |
| 723 | UNPACK64(ctx->h[5], &digest[40]); |
| 724 | #endif /* !UNROLL_LOOPS */ |
| 725 | } |
| 726 | |
| 727 | /* SHA-224 functions */ |
| 728 | |
| 729 | void sha224(const unsigned char *message, unsigned int len, |
| 730 | unsigned char *digest) |
| 731 | { |
| 732 | sha224_ctx ctx; |
| 733 | |
| 734 | sha224_init(&ctx); |
| 735 | sha224_update(&ctx, message, len); |
| 736 | sha224_final(&ctx, digest); |
| 737 | } |
| 738 | |
| 739 | void sha224_init(sha224_ctx *ctx) |
| 740 | { |
| 741 | #ifndef UNROLL_LOOPS |
| 742 | int i; |
| 743 | for (i = 0; i < 8; i++) { |
| 744 | ctx->h[i] = sha224_h0[i]; |
| 745 | } |
| 746 | #else |
| 747 | ctx->h[0] = sha224_h0[0]; ctx->h[1] = sha224_h0[1]; |
| 748 | ctx->h[2] = sha224_h0[2]; ctx->h[3] = sha224_h0[3]; |
| 749 | ctx->h[4] = sha224_h0[4]; ctx->h[5] = sha224_h0[5]; |
| 750 | ctx->h[6] = sha224_h0[6]; ctx->h[7] = sha224_h0[7]; |
| 751 | #endif /* !UNROLL_LOOPS */ |
| 752 | |
| 753 | ctx->len = 0; |
| 754 | ctx->tot_len = 0; |
| 755 | } |
| 756 | |
| 757 | void sha224_update(sha224_ctx *ctx, const unsigned char *message, |
| 758 | unsigned int len) |
| 759 | { |
| 760 | unsigned int block_nb; |
| 761 | unsigned int new_len, rem_len, tmp_len; |
| 762 | const unsigned char *shifted_message; |
| 763 | |
| 764 | tmp_len = SHA224_BLOCK_SIZE - ctx->len; |
| 765 | rem_len = len < tmp_len ? len : tmp_len; |
| 766 | |
| 767 | memcpy(&ctx->block[ctx->len], message, rem_len); |
| 768 | |
| 769 | if (ctx->len + len < SHA224_BLOCK_SIZE) { |
| 770 | ctx->len += len; |
| 771 | return; |
| 772 | } |
| 773 | |
| 774 | new_len = len - rem_len; |
| 775 | block_nb = new_len / SHA224_BLOCK_SIZE; |
| 776 | |
| 777 | shifted_message = message + rem_len; |
| 778 | |
| 779 | sha256_transf(ctx, ctx->block, 1); |
| 780 | sha256_transf(ctx, shifted_message, block_nb); |
| 781 | |
| 782 | rem_len = new_len % SHA224_BLOCK_SIZE; |
| 783 | |
| 784 | memcpy(ctx->block, &shifted_message[block_nb << 6], |
| 785 | rem_len); |
| 786 | |
| 787 | ctx->len = rem_len; |
| 788 | ctx->tot_len += (block_nb + 1) << 6; |
| 789 | } |
| 790 | |
| 791 | void sha224_final(sha224_ctx *ctx, unsigned char *digest) |
| 792 | { |
| 793 | unsigned int block_nb; |
| 794 | unsigned int pm_len; |
| 795 | unsigned int len_b; |
| 796 | |
| 797 | #ifndef UNROLL_LOOPS |
| 798 | int i; |
| 799 | #endif |
| 800 | |
| 801 | block_nb = (1 + ((SHA224_BLOCK_SIZE - 9) |
| 802 | < (ctx->len % SHA224_BLOCK_SIZE))); |
| 803 | |
| 804 | len_b = (ctx->tot_len + ctx->len) << 3; |
| 805 | pm_len = block_nb << 6; |
| 806 | |
| 807 | memset(ctx->block + ctx->len, 0, pm_len - ctx->len); |
| 808 | ctx->block[ctx->len] = 0x80; |
| 809 | UNPACK32(len_b, ctx->block + pm_len - 4); |
| 810 | |
| 811 | sha256_transf(ctx, ctx->block, block_nb); |
| 812 | |
| 813 | #ifndef UNROLL_LOOPS |
| 814 | for (i = 0 ; i < 7; i++) { |
| 815 | UNPACK32(ctx->h[i], &digest[i << 2]); |
| 816 | } |
| 817 | #else |
| 818 | UNPACK32(ctx->h[0], &digest[ 0]); |
| 819 | UNPACK32(ctx->h[1], &digest[ 4]); |
| 820 | UNPACK32(ctx->h[2], &digest[ 8]); |
| 821 | UNPACK32(ctx->h[3], &digest[12]); |
| 822 | UNPACK32(ctx->h[4], &digest[16]); |
| 823 | UNPACK32(ctx->h[5], &digest[20]); |
| 824 | UNPACK32(ctx->h[6], &digest[24]); |
| 825 | #endif /* !UNROLL_LOOPS */ |
| 826 | } |
| 827 | |
| 828 | #ifdef TEST_VECTORS |
| 829 | |
| 830 | /* FIPS 180-2 Validation tests */ |
| 831 | |
| 832 | #include <stdio.h> |
| 833 | #include <stdlib.h> |
| 834 | |
| 835 | void test(const char *vector, unsigned char *digest, |
| 836 | unsigned int digest_size) |
| 837 | { |
| 838 | char output[2 * SHA512_DIGEST_SIZE + 1]; |
| 839 | int i; |
| 840 | |
| 841 | output[2 * digest_size] = '\0'; |
| 842 | |
| 843 | for (i = 0; i < (int) digest_size ; i++) { |
| 844 | sprintf(output + 2 * i, "%02x", digest[i]); |
| 845 | } |
| 846 | |
| 847 | printf("H: %s\n", output); |
| 848 | if (strcmp(vector, output)) { |
| 849 | fprintf(stderr, "Test failed.\n"); |
| 850 | exit(EXIT_FAILURE); |
| 851 | } |
| 852 | } |
| 853 | |
| 854 | int main(void) |
| 855 | { |
| 856 | static const char *vectors[4][3] = |
| 857 | { /* SHA-224 */ |
| 858 | { |
| 859 | "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7", |
| 860 | "75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525", |
| 861 | "20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67", |
| 862 | }, |
| 863 | /* SHA-256 */ |
| 864 | { |
| 865 | "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad", |
| 866 | "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1", |
| 867 | "cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0", |
| 868 | }, |
| 869 | /* SHA-384 */ |
| 870 | { |
| 871 | "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed" |
| 872 | "8086072ba1e7cc2358baeca134c825a7", |
| 873 | "09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712" |
| 874 | "fcc7c71a557e2db966c3e9fa91746039", |
| 875 | "9d0e1809716474cb086e834e310a4a1ced149e9c00f248527972cec5704c2a5b" |
| 876 | "07b8b3dc38ecc4ebae97ddd87f3d8985", |
| 877 | }, |
| 878 | /* SHA-512 */ |
| 879 | { |
| 880 | "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a" |
| 881 | "2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f", |
| 882 | "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018" |
| 883 | "501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909", |
| 884 | "e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973eb" |
| 885 | "de0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b" |
| 886 | } |
| 887 | }; |
| 888 | |
| 889 | static const char message1[] = "abc"; |
| 890 | static const char message2a[] = "abcdbcdecdefdefgefghfghighijhi" |
| 891 | "jkijkljklmklmnlmnomnopnopq"; |
| 892 | static const char message2b[] = "abcdefghbcdefghicdefghijdefghijkefghij" |
| 893 | "klfghijklmghijklmnhijklmnoijklmnopjklm" |
| 894 | "nopqklmnopqrlmnopqrsmnopqrstnopqrstu"; |
| 895 | unsigned char *message3; |
| 896 | unsigned int message3_len = 1000000; |
| 897 | unsigned char digest[SHA512_DIGEST_SIZE]; |
| 898 | |
| 899 | message3 = malloc(message3_len); |
| 900 | if (message3 == NULL) { |
| 901 | fprintf(stderr, "Can't allocate memory\n"); |
| 902 | return -1; |
| 903 | } |
| 904 | memset(message3, 'a', message3_len); |
| 905 | |
| 906 | printf("SHA-2 FIPS 180-2 Validation tests\n\n"); |
| 907 | printf("SHA-224 Test vectors\n"); |
| 908 | |
| 909 | sha224((const unsigned char *) message1, strlen(message1), digest); |
| 910 | test(vectors[0][0], digest, SHA224_DIGEST_SIZE); |
| 911 | sha224((const unsigned char *) message2a, strlen(message2a), digest); |
| 912 | test(vectors[0][1], digest, SHA224_DIGEST_SIZE); |
| 913 | sha224(message3, message3_len, digest); |
| 914 | test(vectors[0][2], digest, SHA224_DIGEST_SIZE); |
| 915 | printf("\n"); |
| 916 | |
| 917 | printf("SHA-256 Test vectors\n"); |
| 918 | |
| 919 | sha256((const unsigned char *) message1, strlen(message1), digest); |
| 920 | test(vectors[1][0], digest, SHA256_DIGEST_SIZE); |
| 921 | sha256((const unsigned char *) message2a, strlen(message2a), digest); |
| 922 | test(vectors[1][1], digest, SHA256_DIGEST_SIZE); |
| 923 | sha256(message3, message3_len, digest); |
| 924 | test(vectors[1][2], digest, SHA256_DIGEST_SIZE); |
| 925 | printf("\n"); |
| 926 | |
| 927 | printf("SHA-384 Test vectors\n"); |
| 928 | |
| 929 | sha384((const unsigned char *) message1, strlen(message1), digest); |
| 930 | test(vectors[2][0], digest, SHA384_DIGEST_SIZE); |
| 931 | sha384((const unsigned char *)message2b, strlen(message2b), digest); |
| 932 | test(vectors[2][1], digest, SHA384_DIGEST_SIZE); |
| 933 | sha384(message3, message3_len, digest); |
| 934 | test(vectors[2][2], digest, SHA384_DIGEST_SIZE); |
| 935 | printf("\n"); |
| 936 | |
| 937 | printf("SHA-512 Test vectors\n"); |
| 938 | |
| 939 | sha512((const unsigned char *) message1, strlen(message1), digest); |
| 940 | test(vectors[3][0], digest, SHA512_DIGEST_SIZE); |
| 941 | sha512((const unsigned char *) message2b, strlen(message2b), digest); |
| 942 | test(vectors[3][1], digest, SHA512_DIGEST_SIZE); |
| 943 | sha512(message3, message3_len, digest); |
| 944 | test(vectors[3][2], digest, SHA512_DIGEST_SIZE); |
| 945 | printf("\n"); |
| 946 | |
| 947 | printf("All tests passed.\n"); |
| 948 | |
| 949 | return 0; |
| 950 | } |
| 951 | |
| 952 | #endif /* TEST_VECTORS */ |
| 953 | |