Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 8a56dc2b6b48b05590810e7f4c3567508410000c / . / blocks.c
blob: ba569b00a888d1b867e7006b598ac3d550d04df9 [file] [log] [blame]
Damien Miller8a56dc22013-12-18 17:48:11 +1100[diff] [blame^]1/* $OpenBSD: blocks.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */
Damien Miller5be9d9e2013-12-07 11:24:01 +1100[diff] [blame]2
Damien Miller8a56dc22013-12-18 17:48:11 +1100[diff] [blame^]3/*
4 * Public Domain, Author: Daniel J. Bernstein
5 * Copied from nacl-20110221/crypto_hashblocks/sha512/ref/blocks.c
6 */
Damien Miller5be9d9e2013-12-07 11:24:01 +1100[diff] [blame]7
8#include "crypto_api.h"
9
10typedef unsigned long long uint64;
11
12static uint64 load_bigendian(const unsigned char *x)
13{
14 return
15 (uint64) (x[7]) \
16 | (((uint64) (x[6])) << 8) \
17 | (((uint64) (x[5])) << 16) \
18 | (((uint64) (x[4])) << 24) \
19 | (((uint64) (x[3])) << 32) \
20 | (((uint64) (x[2])) << 40) \
21 | (((uint64) (x[1])) << 48) \
22 | (((uint64) (x[0])) << 56)
23 ;
24}
25
26static void store_bigendian(unsigned char *x,uint64 u)
27{
28 x[7] = u; u >>= 8;
29 x[6] = u; u >>= 8;
30 x[5] = u; u >>= 8;
31 x[4] = u; u >>= 8;
32 x[3] = u; u >>= 8;
33 x[2] = u; u >>= 8;
34 x[1] = u; u >>= 8;
35 x[0] = u;
36}
37
38#define SHR(x,c) ((x) >> (c))
39#define ROTR(x,c) (((x) >> (c)) | ((x) << (64 - (c))))
40
41#define Ch(x,y,z) ((x & y) ^ (~x & z))
42#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
43#define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
44#define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
45#define sigma0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x,7))
46#define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x,6))
47
48#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0;
49
50#define EXPAND \
51 M(w0 ,w14,w9 ,w1 ) \
52 M(w1 ,w15,w10,w2 ) \
53 M(w2 ,w0 ,w11,w3 ) \
54 M(w3 ,w1 ,w12,w4 ) \
55 M(w4 ,w2 ,w13,w5 ) \
56 M(w5 ,w3 ,w14,w6 ) \
57 M(w6 ,w4 ,w15,w7 ) \
58 M(w7 ,w5 ,w0 ,w8 ) \
59 M(w8 ,w6 ,w1 ,w9 ) \
60 M(w9 ,w7 ,w2 ,w10) \
61 M(w10,w8 ,w3 ,w11) \
62 M(w11,w9 ,w4 ,w12) \
63 M(w12,w10,w5 ,w13) \
64 M(w13,w11,w6 ,w14) \
65 M(w14,w12,w7 ,w15) \
66 M(w15,w13,w8 ,w0 )
67
68#define F(w,k) \
69 T1 = h + Sigma1(e) + Ch(e,f,g) + k + w; \
70 T2 = Sigma0(a) + Maj(a,b,c); \
71 h = g; \
72 g = f; \
73 f = e; \
74 e = d + T1; \
75 d = c; \
76 c = b; \
77 b = a; \
78 a = T1 + T2;
79
80int crypto_hashblocks_sha512(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen)
81{
82 uint64 state[8];
83 uint64 a;
84 uint64 b;
85 uint64 c;
86 uint64 d;
87 uint64 e;
88 uint64 f;
89 uint64 g;
90 uint64 h;
91 uint64 T1;
92 uint64 T2;
93
94 a = load_bigendian(statebytes + 0); state[0] = a;
95 b = load_bigendian(statebytes + 8); state[1] = b;
96 c = load_bigendian(statebytes + 16); state[2] = c;
97 d = load_bigendian(statebytes + 24); state[3] = d;
98 e = load_bigendian(statebytes + 32); state[4] = e;
99 f = load_bigendian(statebytes + 40); state[5] = f;
100 g = load_bigendian(statebytes + 48); state[6] = g;
101 h = load_bigendian(statebytes + 56); state[7] = h;
102
103 while (inlen >= 128) {
104 uint64 w0 = load_bigendian(in + 0);
105 uint64 w1 = load_bigendian(in + 8);
106 uint64 w2 = load_bigendian(in + 16);
107 uint64 w3 = load_bigendian(in + 24);
108 uint64 w4 = load_bigendian(in + 32);
109 uint64 w5 = load_bigendian(in + 40);
110 uint64 w6 = load_bigendian(in + 48);
111 uint64 w7 = load_bigendian(in + 56);
112 uint64 w8 = load_bigendian(in + 64);
113 uint64 w9 = load_bigendian(in + 72);
114 uint64 w10 = load_bigendian(in + 80);
115 uint64 w11 = load_bigendian(in + 88);
116 uint64 w12 = load_bigendian(in + 96);
117 uint64 w13 = load_bigendian(in + 104);
118 uint64 w14 = load_bigendian(in + 112);
119 uint64 w15 = load_bigendian(in + 120);
120
121 F(w0 ,0x428a2f98d728ae22ULL)
122 F(w1 ,0x7137449123ef65cdULL)
123 F(w2 ,0xb5c0fbcfec4d3b2fULL)
124 F(w3 ,0xe9b5dba58189dbbcULL)
125 F(w4 ,0x3956c25bf348b538ULL)
126 F(w5 ,0x59f111f1b605d019ULL)
127 F(w6 ,0x923f82a4af194f9bULL)
128 F(w7 ,0xab1c5ed5da6d8118ULL)
129 F(w8 ,0xd807aa98a3030242ULL)
130 F(w9 ,0x12835b0145706fbeULL)
131 F(w10,0x243185be4ee4b28cULL)
132 F(w11,0x550c7dc3d5ffb4e2ULL)
133 F(w12,0x72be5d74f27b896fULL)
134 F(w13,0x80deb1fe3b1696b1ULL)
135 F(w14,0x9bdc06a725c71235ULL)
136 F(w15,0xc19bf174cf692694ULL)
137
138 EXPAND
139
140 F(w0 ,0xe49b69c19ef14ad2ULL)
141 F(w1 ,0xefbe4786384f25e3ULL)
142 F(w2 ,0x0fc19dc68b8cd5b5ULL)
143 F(w3 ,0x240ca1cc77ac9c65ULL)
144 F(w4 ,0x2de92c6f592b0275ULL)
145 F(w5 ,0x4a7484aa6ea6e483ULL)
146 F(w6 ,0x5cb0a9dcbd41fbd4ULL)
147 F(w7 ,0x76f988da831153b5ULL)
148 F(w8 ,0x983e5152ee66dfabULL)
149 F(w9 ,0xa831c66d2db43210ULL)
150 F(w10,0xb00327c898fb213fULL)
151 F(w11,0xbf597fc7beef0ee4ULL)
152 F(w12,0xc6e00bf33da88fc2ULL)
153 F(w13,0xd5a79147930aa725ULL)
154 F(w14,0x06ca6351e003826fULL)
155 F(w15,0x142929670a0e6e70ULL)
156
157 EXPAND
158
159 F(w0 ,0x27b70a8546d22ffcULL)
160 F(w1 ,0x2e1b21385c26c926ULL)
161 F(w2 ,0x4d2c6dfc5ac42aedULL)
162 F(w3 ,0x53380d139d95b3dfULL)
163 F(w4 ,0x650a73548baf63deULL)
164 F(w5 ,0x766a0abb3c77b2a8ULL)
165 F(w6 ,0x81c2c92e47edaee6ULL)
166 F(w7 ,0x92722c851482353bULL)
167 F(w8 ,0xa2bfe8a14cf10364ULL)
168 F(w9 ,0xa81a664bbc423001ULL)
169 F(w10,0xc24b8b70d0f89791ULL)
170 F(w11,0xc76c51a30654be30ULL)
171 F(w12,0xd192e819d6ef5218ULL)
172 F(w13,0xd69906245565a910ULL)
173 F(w14,0xf40e35855771202aULL)
174 F(w15,0x106aa07032bbd1b8ULL)
175
176 EXPAND
177
178 F(w0 ,0x19a4c116b8d2d0c8ULL)
179 F(w1 ,0x1e376c085141ab53ULL)
180 F(w2 ,0x2748774cdf8eeb99ULL)
181 F(w3 ,0x34b0bcb5e19b48a8ULL)
182 F(w4 ,0x391c0cb3c5c95a63ULL)
183 F(w5 ,0x4ed8aa4ae3418acbULL)
184 F(w6 ,0x5b9cca4f7763e373ULL)
185 F(w7 ,0x682e6ff3d6b2b8a3ULL)
186 F(w8 ,0x748f82ee5defb2fcULL)
187 F(w9 ,0x78a5636f43172f60ULL)
188 F(w10,0x84c87814a1f0ab72ULL)
189 F(w11,0x8cc702081a6439ecULL)
190 F(w12,0x90befffa23631e28ULL)
191 F(w13,0xa4506cebde82bde9ULL)
192 F(w14,0xbef9a3f7b2c67915ULL)
193 F(w15,0xc67178f2e372532bULL)
194
195 EXPAND
196
197 F(w0 ,0xca273eceea26619cULL)
198 F(w1 ,0xd186b8c721c0c207ULL)
199 F(w2 ,0xeada7dd6cde0eb1eULL)
200 F(w3 ,0xf57d4f7fee6ed178ULL)
201 F(w4 ,0x06f067aa72176fbaULL)
202 F(w5 ,0x0a637dc5a2c898a6ULL)
203 F(w6 ,0x113f9804bef90daeULL)
204 F(w7 ,0x1b710b35131c471bULL)
205 F(w8 ,0x28db77f523047d84ULL)
206 F(w9 ,0x32caab7b40c72493ULL)
207 F(w10,0x3c9ebe0a15c9bebcULL)
208 F(w11,0x431d67c49c100d4cULL)
209 F(w12,0x4cc5d4becb3e42b6ULL)
210 F(w13,0x597f299cfc657e2aULL)
211 F(w14,0x5fcb6fab3ad6faecULL)
212 F(w15,0x6c44198c4a475817ULL)
213
214 a += state[0];
215 b += state[1];
216 c += state[2];
217 d += state[3];
218 e += state[4];
219 f += state[5];
220 g += state[6];
221 h += state[7];
222
223 state[0] = a;
224 state[1] = b;
225 state[2] = c;
226 state[3] = d;
227 state[4] = e;
228 state[5] = f;
229 state[6] = g;
230 state[7] = h;
231
232 in += 128;
233 inlen -= 128;
234 }
235
236 store_bigendian(statebytes + 0,state[0]);
237 store_bigendian(statebytes + 8,state[1]);
238 store_bigendian(statebytes + 16,state[2]);
239 store_bigendian(statebytes + 24,state[3]);
240 store_bigendian(statebytes + 32,state[4]);
241 store_bigendian(statebytes + 40,state[5]);
242 store_bigendian(statebytes + 48,state[6]);
243 store_bigendian(statebytes + 56,state[7]);
244
245 return inlen;
246}