diff options
Diffstat (limited to 'common/sha512.c')
-rw-r--r-- | common/sha512.c | 480 |
1 files changed, 480 insertions, 0 deletions
diff --git a/common/sha512.c b/common/sha512.c new file mode 100644 index 0000000..37f4a72 --- /dev/null +++ b/common/sha512.c @@ -0,0 +1,480 @@ +/*- + * + * This code is extracted from the SourceForce.net project found at: + * + * https://sourceforge.net/projects/sha/ + * + * + * Copyright (c) 2001-2003 Allan Saddi <allan@saddi.com> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY ALLAN SADDI AND HIS CONTRIBUTORS ``AS IS'' + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL ALLAN SADDI OR HIS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * $Id: sha512.c 680 2003-07-25 21:58:07Z asaddi $ + */ + +/* + * Define WORDS_BIGENDIAN if compiling on a big-endian architecture. + * + * Define SHA512_TEST to test the implementation using the NIST's + * sample messages. The output should be: + * + * ddaf35a193617aba cc417349ae204131 12e6fa4e89a97ea2 0a9eeee64b55d39a + * 2192992a274fc1a8 36ba3c23a3feebbd 454d4423643ce80e 2a9ac94fa54ca49f + * 8e959b75dae313da 8cf4f72814fc143f 8f7779c6eb9f7fa1 7299aeadb6889018 + * 501d289e4900f7e4 331b99dec4b5433a c7d329eeb6dd2654 5e96e55b874be909 + * e718483d0ce76964 4e2e42c7bc15b463 8e1f98b13b204428 5632a803afa973eb + * de0ff244877ea60a 4cb0432ce577c31b eb009c5c2c49aa2e 4eadb217ad8cc09b + */ + +#include <stdint.h> +#include <string.h> + +#include "sha512.h" + +#ifndef lint +static const char rcsid[] = + "$Id: sha512.c 680 2003-07-25 21:58:07Z asaddi $"; +#endif /* !lint */ + +#define ROTL(x, n) (((x) << (n)) | ((x) >> (32 - (n)))) +#define ROTR(x, n) (((x) >> (n)) | ((x) << (32 - (n)))) +#define ROTL64(x, n) (((x) << (n)) | ((x) >> (64 - (n)))) +#define ROTR64(x, n) (((x) >> (n)) | ((x) << (64 - (n)))) + +#define Ch(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) +#define Maj(x, y, z) (((x) & ((y) | (z))) | ((y) & (z))) +#define SIGMA0(x) (ROTR64((x), 28) ^ ROTR64((x), 34) ^ ROTR64((x), 39)) +#define SIGMA1(x) (ROTR64((x), 14) ^ ROTR64((x), 18) ^ ROTR64((x), 41)) +#define sigma0(x) (ROTR64((x), 1) ^ ROTR64((x), 8) ^ ((x) >> 7)) +#define sigma1(x) (ROTR64((x), 19) ^ ROTR64((x), 61) ^ ((x) >> 6)) + +#define DO_ROUND() { \ + t1 = h + SIGMA1(e) + Ch(e, f, g) + *(Kp++) + *(W++); \ + t2 = SIGMA0(a) + Maj(a, b, c); \ + h = g; \ + g = f; \ + f = e; \ + e = d + t1; \ + d = c; \ + c = b; \ + b = a; \ + a = t1 + t2; \ +} + +static const uint64_t K[80] = { + 0x428a2f98d728ae22LL, 0x7137449123ef65cdLL, + 0xb5c0fbcfec4d3b2fLL, 0xe9b5dba58189dbbcLL, + 0x3956c25bf348b538LL, 0x59f111f1b605d019LL, + 0x923f82a4af194f9bLL, 0xab1c5ed5da6d8118LL, + 0xd807aa98a3030242LL, 0x12835b0145706fbeLL, + 0x243185be4ee4b28cLL, 0x550c7dc3d5ffb4e2LL, + 0x72be5d74f27b896fLL, 0x80deb1fe3b1696b1LL, + 0x9bdc06a725c71235LL, 0xc19bf174cf692694LL, + 0xe49b69c19ef14ad2LL, 0xefbe4786384f25e3LL, + 0x0fc19dc68b8cd5b5LL, 0x240ca1cc77ac9c65LL, + 0x2de92c6f592b0275LL, 0x4a7484aa6ea6e483LL, + 0x5cb0a9dcbd41fbd4LL, 0x76f988da831153b5LL, + 0x983e5152ee66dfabLL, 0xa831c66d2db43210LL, + 0xb00327c898fb213fLL, 0xbf597fc7beef0ee4LL, + 0xc6e00bf33da88fc2LL, 0xd5a79147930aa725LL, + 0x06ca6351e003826fLL, 0x142929670a0e6e70LL, + 0x27b70a8546d22ffcLL, 0x2e1b21385c26c926LL, + 0x4d2c6dfc5ac42aedLL, 0x53380d139d95b3dfLL, + 0x650a73548baf63deLL, 0x766a0abb3c77b2a8LL, + 0x81c2c92e47edaee6LL, 0x92722c851482353bLL, + 0xa2bfe8a14cf10364LL, 0xa81a664bbc423001LL, + 0xc24b8b70d0f89791LL, 0xc76c51a30654be30LL, + 0xd192e819d6ef5218LL, 0xd69906245565a910LL, + 0xf40e35855771202aLL, 0x106aa07032bbd1b8LL, + 0x19a4c116b8d2d0c8LL, 0x1e376c085141ab53LL, + 0x2748774cdf8eeb99LL, 0x34b0bcb5e19b48a8LL, + 0x391c0cb3c5c95a63LL, 0x4ed8aa4ae3418acbLL, + 0x5b9cca4f7763e373LL, 0x682e6ff3d6b2b8a3LL, + 0x748f82ee5defb2fcLL, 0x78a5636f43172f60LL, + 0x84c87814a1f0ab72LL, 0x8cc702081a6439ecLL, + 0x90befffa23631e28LL, 0xa4506cebde82bde9LL, + 0xbef9a3f7b2c67915LL, 0xc67178f2e372532bLL, + 0xca273eceea26619cLL, 0xd186b8c721c0c207LL, + 0xeada7dd6cde0eb1eLL, 0xf57d4f7fee6ed178LL, + 0x06f067aa72176fbaLL, 0x0a637dc5a2c898a6LL, + 0x113f9804bef90daeLL, 0x1b710b35131c471bLL, + 0x28db77f523047d84LL, 0x32caab7b40c72493LL, + 0x3c9ebe0a15c9bebcLL, 0x431d67c49c100d4cLL, + 0x4cc5d4becb3e42b6LL, 0x597f299cfc657e2aLL, + 0x5fcb6fab3ad6faecLL, 0x6c44198c4a475817LL +}; + +#ifndef RUNTIME_ENDIAN + +#ifdef WORDS_BIGENDIAN + +#define BYTESWAP(x) (x) +#define BYTESWAP64(x) (x) + +#else /* WORDS_BIGENDIAN */ + +#define BYTESWAP(x) ((ROTR((x), 8) & 0xff00ff00L) | \ + (ROTL((x), 8) & 0x00ff00ffL)) +#define BYTESWAP64(x) _byteswap64(x) + +static inline uint64_t _byteswap64(uint64_t x) +{ + uint32_t a = x >> 32; + uint32_t b = (uint32_t) x; + return ((uint64_t) BYTESWAP(b) << 32) | (uint64_t) BYTESWAP(a); +} + +#endif /* WORDS_BIGENDIAN */ + +#else /* !RUNTIME_ENDIAN */ + +#define BYTESWAP(x) _byteswap(sc->littleEndian, x) +#define BYTESWAP64(x) _byteswap64(sc->littleEndian, x) + +#define _BYTESWAP(x) ((ROTR((x), 8) & 0xff00ff00L) | \ + (ROTL((x), 8) & 0x00ff00ffL)) +#define _BYTESWAP64(x) __byteswap64(x) + +static inline uint64_t __byteswap64(uint64_t x) +{ + uint32_t a = x >> 32; + uint32_t b = (uint32_t) x; + return ((uint64_t) _BYTESWAP(b) << 32) | (uint64_t) _BYTESWAP(a); +} + +static inline uint32_t _byteswap(int littleEndian, uint32_t x) +{ + if (!littleEndian) + return x; + else + return _BYTESWAP(x); +} + +static inline uint64_t _byteswap64(int littleEndian, uint64_t x) +{ + if (!littleEndian) + return x; + else + return _BYTESWAP64(x); +} + +static inline void setEndian(int *littleEndianp) +{ + union { + uint32_t w; + uint8_t b[4]; + } endian; + + endian.w = 1L; + *littleEndianp = endian.b[0] != 0; +} + +#endif /* !RUNTIME_ENDIAN */ + +static const uint8_t padding[128] = { + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +}; + +void +SHA512Init (SHA512Context *sc) +{ +#ifdef RUNTIME_ENDIAN + setEndian (&sc->littleEndian); +#endif /* RUNTIME_ENDIAN */ + + sc->totalLength[0] = 0LL; + sc->totalLength[1] = 0LL; + sc->hash[0] = 0x6a09e667f3bcc908LL; + sc->hash[1] = 0xbb67ae8584caa73bLL; + sc->hash[2] = 0x3c6ef372fe94f82bLL; + sc->hash[3] = 0xa54ff53a5f1d36f1LL; + sc->hash[4] = 0x510e527fade682d1LL; + sc->hash[5] = 0x9b05688c2b3e6c1fLL; + sc->hash[6] = 0x1f83d9abfb41bd6bLL; + sc->hash[7] = 0x5be0cd19137e2179LL; + sc->bufferLength = 0L; +} + +static void +burnStack (int size) +{ + char buf[128]; + + memset (buf, 0, sizeof (buf)); + size -= sizeof (buf); + if (size > 0) + burnStack (size); +} + +static void +SHA512Guts (SHA512Context *sc, const uint64_t *cbuf) +{ + uint64_t buf[80]; + uint64_t *W, *W2, *W7, *W15, *W16; + uint64_t a, b, c, d, e, f, g, h; + uint64_t t1, t2; + const uint64_t *Kp; + int i; + + W = buf; + + for (i = 15; i >= 0; i--) { + *(W++) = BYTESWAP64(*cbuf); + cbuf++; + } + + W16 = &buf[0]; + W15 = &buf[1]; + W7 = &buf[9]; + W2 = &buf[14]; + + for (i = 63; i >= 0; i--) { + *(W++) = sigma1(*W2) + *(W7++) + sigma0(*W15) + *(W16++); + W2++; + W15++; + } + + a = sc->hash[0]; + b = sc->hash[1]; + c = sc->hash[2]; + d = sc->hash[3]; + e = sc->hash[4]; + f = sc->hash[5]; + g = sc->hash[6]; + h = sc->hash[7]; + + Kp = K; + W = buf; + + for (i = 79; i >= 0; i--) + DO_ROUND(); + + sc->hash[0] += a; + sc->hash[1] += b; + sc->hash[2] += c; + sc->hash[3] += d; + sc->hash[4] += e; + sc->hash[5] += f; + sc->hash[6] += g; + sc->hash[7] += h; +} + +void +SHA512Update (SHA512Context *sc, const void *vdata, uint32_t len) +{ + const uint8_t *data = vdata; + uint32_t bufferBytesLeft; + uint32_t bytesToCopy; + uint64_t carryCheck; + int needBurn = 0; + +#ifdef SHA512_FAST_COPY + if (sc->bufferLength) { + bufferBytesLeft = 128L - sc->bufferLength; + + bytesToCopy = bufferBytesLeft; + if (bytesToCopy > len) + bytesToCopy = len; + + memcpy (&sc->buffer.bytes[sc->bufferLength], data, bytesToCopy); + + carryCheck = sc->totalLength[1]; + sc->totalLength[1] += bytesToCopy * 8L; + if (sc->totalLength[1] < carryCheck) + sc->totalLength[0]++; + + sc->bufferLength += bytesToCopy; + data += bytesToCopy; + len -= bytesToCopy; + + if (sc->bufferLength == 128L) { + SHA512Guts (sc, sc->buffer.words); + needBurn = 1; + sc->bufferLength = 0L; + } + } + + while (len > 127) { + carryCheck = sc->totalLength[1]; + sc->totalLength[1] += 1024L; + if (sc->totalLength[1] < carryCheck) + sc->totalLength[0]++; + + SHA512Guts (sc, data); + needBurn = 1; + + data += 128L; + len -= 128L; + } + + if (len) { + memcpy (&sc->buffer.bytes[sc->bufferLength], data, len); + + carryCheck = sc->totalLength[1]; + sc->totalLength[1] += len * 8L; + if (sc->totalLength[1] < carryCheck) + sc->totalLength[0]++; + + sc->bufferLength += len; + } +#else /* SHA512_FAST_COPY */ + while (len) { + bufferBytesLeft = 128L - sc->bufferLength; + + bytesToCopy = bufferBytesLeft; + if (bytesToCopy > len) + bytesToCopy = len; + + memcpy (&sc->buffer.bytes[sc->bufferLength], data, bytesToCopy); + + carryCheck = sc->totalLength[1]; + sc->totalLength[1] += bytesToCopy * 8L; + if (sc->totalLength[1] < carryCheck) + sc->totalLength[0]++; + + sc->bufferLength += bytesToCopy; + data += bytesToCopy; + len -= bytesToCopy; + + if (sc->bufferLength == 128L) { + SHA512Guts (sc, sc->buffer.words); + needBurn = 1; + sc->bufferLength = 0L; + } + } +#endif /* SHA512_FAST_COPY */ + + if (needBurn) + burnStack (sizeof (uint64_t[90]) + sizeof (uint64_t *[6]) + sizeof (int)); +} + +void +SHA512Final (SHA512Context *sc, uint8_t hash[SHA512_HASH_SIZE]) +{ + uint32_t bytesToPad; + uint64_t lengthPad[2]; + int i; + + bytesToPad = 240L - sc->bufferLength; + if (bytesToPad > 128L) + bytesToPad -= 128L; + + lengthPad[0] = BYTESWAP64(sc->totalLength[0]); + lengthPad[1] = BYTESWAP64(sc->totalLength[1]); + + SHA512Update (sc, padding, bytesToPad); + SHA512Update (sc, lengthPad, 16L); + + if (hash) { + for (i = 0; i < SHA512_HASH_WORDS; i++) { +#ifdef SHA384_FAST_COPY + *((uint64_t *) hash) = BYTESWAP64(sc->hash[i]); +#else /* SHA384_FAST_COPY */ + hash[0] = (uint8_t) (sc->hash[i] >> 56); + hash[1] = (uint8_t) (sc->hash[i] >> 48); + hash[2] = (uint8_t) (sc->hash[i] >> 40); + hash[3] = (uint8_t) (sc->hash[i] >> 32); + hash[4] = (uint8_t) (sc->hash[i] >> 24); + hash[5] = (uint8_t) (sc->hash[i] >> 16); + hash[6] = (uint8_t) (sc->hash[i] >> 8); + hash[7] = (uint8_t) sc->hash[i]; +#endif /* SHA384_FAST_COPY */ + hash += 8; + } + } +} + +#ifdef SHA512_TEST + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +int +main (int argc, char *argv[]) +{ + SHA512Context foo; + uint8_t hash[SHA512_HASH_SIZE]; + char buf[1000]; + int i; + + SHA512Init (&foo); + SHA512Update (&foo, "abc", 3); + SHA512Final (&foo, hash); + + for (i = 0; i < SHA512_HASH_SIZE;) { + printf ("%02x", hash[i++]); + if (!(i % 8)) + printf (" "); + if (!(i % 32)) + printf ("\n"); + } + + SHA512Init (&foo); + SHA512Update (&foo, + "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" + "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", + 112); + SHA512Final (&foo, hash); + + for (i = 0; i < SHA512_HASH_SIZE;) { + printf ("%02x", hash[i++]); + if (!(i % 8)) + printf (" "); + if (!(i % 32)) + printf ("\n"); + } + + SHA512Init (&foo); + memset (buf, 'a', sizeof (buf)); + for (i = 0; i < 1000; i++) + SHA512Update (&foo, buf, sizeof (buf)); + SHA512Final (&foo, hash); + + for (i = 0; i < SHA512_HASH_SIZE;) { + printf ("%02x", hash[i++]); + if (!(i % 8)) + printf (" "); + if (!(i % 32)) + printf ("\n"); + } + + exit (0); +} + +#endif /* SHA512_TEST */ |