Annotation of /trunk/mkinitrd-magellan/busybox/libbb/sha1.c
Parent Directory
| 
Revision Log
Revision 984 -
(hide annotations)
(download)
Sun May 30 11:32:42 2010 UTC (13 years, 11 months ago) by niro
File MIME type: text/plain
File size: 12964 byte(s)
Sun May 30 11:32:42 2010 UTC (13 years, 11 months ago) by niro
File MIME type: text/plain
File size: 12964 byte(s)
-updated to busybox-1.16.1 and enabled blkid/uuid support in default config
| 1 | niro | 532 | /* vi: set sw=4 ts=4: */ |
| 2 | /* | ||
| 3 | niro | 984 | * Based on shasum from http://www.netsw.org/crypto/hash/ |
| 4 | * Majorly hacked up to use Dr Brian Gladman's sha1 code | ||
| 5 | niro | 532 | * |
| 6 | niro | 984 | * Copyright (C) 2002 Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK. |
| 7 | * Copyright (C) 2003 Glenn L. McGrath | ||
| 8 | * Copyright (C) 2003 Erik Andersen | ||
| 9 | niro | 532 | * |
| 10 | * Licensed under GPLv2 or later, see file LICENSE in this tarball for details. | ||
| 11 | * | ||
| 12 | niro | 984 | * --------------------------------------------------------------------------- |
| 13 | * Issue Date: 10/11/2002 | ||
| 14 | niro | 532 | * |
| 15 | niro | 984 | * This is a byte oriented version of SHA1 that operates on arrays of bytes |
| 16 | * stored in memory. It runs at 22 cycles per byte on a Pentium P4 processor | ||
| 17 | * | ||
| 18 | * --------------------------------------------------------------------------- | ||
| 19 | * | ||
| 20 | * SHA256 and SHA512 parts are: | ||
| 21 | * Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>. | ||
| 22 | * Shrank by Denys Vlasenko. | ||
| 23 | * | ||
| 24 | * --------------------------------------------------------------------------- | ||
| 25 | * | ||
| 26 | * The best way to test random blocksizes is to go to coreutils/md5_sha1_sum.c | ||
| 27 | * and replace "4096" with something like "2000 + time(NULL) % 2097", | ||
| 28 | * then rebuild and compare "shaNNNsum bigfile" results. | ||
| 29 | niro | 532 | */ |
| 30 | |||
| 31 | #include "libbb.h" | ||
| 32 | |||
| 33 | niro | 984 | #define rotl32(x,n) (((x) << (n)) | ((x) >> (32 - (n)))) |
| 34 | #define rotr32(x,n) (((x) >> (n)) | ((x) << (32 - (n)))) | ||
| 35 | /* for sha512: */ | ||
| 36 | #define rotr64(x,n) (((x) >> (n)) | ((x) << (64 - (n)))) | ||
| 37 | #if BB_LITTLE_ENDIAN | ||
| 38 | static inline uint64_t hton64(uint64_t v) | ||
| 39 | { | ||
| 40 | return (((uint64_t)htonl(v)) << 32) | htonl(v >> 32); | ||
| 41 | } | ||
| 42 | #else | ||
| 43 | #define hton64(v) (v) | ||
| 44 | #endif | ||
| 45 | #define ntoh64(v) hton64(v) | ||
| 46 | niro | 532 | |
| 47 | niro | 984 | /* To check alignment gcc has an appropriate operator. Other |
| 48 | compilers don't. */ | ||
| 49 | #if defined(__GNUC__) && __GNUC__ >= 2 | ||
| 50 | # define UNALIGNED_P(p,type) (((uintptr_t) p) % __alignof__(type) != 0) | ||
| 51 | #else | ||
| 52 | # define UNALIGNED_P(p,type) (((uintptr_t) p) % sizeof(type) != 0) | ||
| 53 | #endif | ||
| 54 | niro | 532 | |
| 55 | |||
| 56 | niro | 984 | /* Some arch headers have conflicting defines */ |
| 57 | #undef ch | ||
| 58 | #undef parity | ||
| 59 | #undef maj | ||
| 60 | #undef rnd | ||
| 61 | |||
| 62 | static void FAST_FUNC sha1_process_block64(sha1_ctx_t *ctx) | ||
| 63 | { | ||
| 64 | unsigned t; | ||
| 65 | uint32_t W[80], a, b, c, d, e; | ||
| 66 | const uint32_t *words = (uint32_t*) ctx->wbuffer; | ||
| 67 | |||
| 68 | for (t = 0; t < 16; ++t) { | ||
| 69 | W[t] = ntohl(*words); | ||
| 70 | words++; | ||
| 71 | } | ||
| 72 | |||
| 73 | for (/*t = 16*/; t < 80; ++t) { | ||
| 74 | uint32_t T = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16]; | ||
| 75 | W[t] = rotl32(T, 1); | ||
| 76 | } | ||
| 77 | |||
| 78 | a = ctx->hash[0]; | ||
| 79 | b = ctx->hash[1]; | ||
| 80 | c = ctx->hash[2]; | ||
| 81 | d = ctx->hash[3]; | ||
| 82 | e = ctx->hash[4]; | ||
| 83 | |||
| 84 | /* Reverse byte order in 32-bit words */ | ||
| 85 | niro | 532 | #define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) |
| 86 | #define parity(x,y,z) ((x) ^ (y) ^ (z)) | ||
| 87 | #define maj(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) | ||
| 88 | /* A normal version as set out in the FIPS. This version uses */ | ||
| 89 | /* partial loop unrolling and is optimised for the Pentium 4 */ | ||
| 90 | #define rnd(f,k) \ | ||
| 91 | do { \ | ||
| 92 | niro | 984 | uint32_t T = a; \ |
| 93 | a = rotl32(a, 5) + f(b, c, d) + e + k + W[t]; \ | ||
| 94 | e = d; \ | ||
| 95 | d = c; \ | ||
| 96 | c = rotl32(b, 30); \ | ||
| 97 | b = T; \ | ||
| 98 | niro | 532 | } while (0) |
| 99 | |||
| 100 | niro | 984 | for (t = 0; t < 20; ++t) |
| 101 | rnd(ch, 0x5a827999); | ||
| 102 | |||
| 103 | for (/*t = 20*/; t < 40; ++t) | ||
| 104 | rnd(parity, 0x6ed9eba1); | ||
| 105 | |||
| 106 | for (/*t = 40*/; t < 60; ++t) | ||
| 107 | rnd(maj, 0x8f1bbcdc); | ||
| 108 | |||
| 109 | for (/*t = 60*/; t < 80; ++t) | ||
| 110 | rnd(parity, 0xca62c1d6); | ||
| 111 | #undef ch | ||
| 112 | #undef parity | ||
| 113 | #undef maj | ||
| 114 | #undef rnd | ||
| 115 | |||
| 116 | ctx->hash[0] += a; | ||
| 117 | ctx->hash[1] += b; | ||
| 118 | ctx->hash[2] += c; | ||
| 119 | ctx->hash[3] += d; | ||
| 120 | ctx->hash[4] += e; | ||
| 121 | } | ||
| 122 | |||
| 123 | /* Constants for SHA512 from FIPS 180-2:4.2.3. | ||
| 124 | * SHA256 constants from FIPS 180-2:4.2.2 | ||
| 125 | * are the most significant half of first 64 elements | ||
| 126 | * of the same array. | ||
| 127 | */ | ||
| 128 | static const uint64_t sha_K[80] = { | ||
| 129 | 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, | ||
| 130 | 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, | ||
| 131 | 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, | ||
| 132 | 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, | ||
| 133 | 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, | ||
| 134 | 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, | ||
| 135 | 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, | ||
| 136 | 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, | ||
| 137 | 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, | ||
| 138 | 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, | ||
| 139 | 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, | ||
| 140 | 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, | ||
| 141 | 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, | ||
| 142 | 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, | ||
| 143 | 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, | ||
| 144 | 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, | ||
| 145 | 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, | ||
| 146 | 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, | ||
| 147 | 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, | ||
| 148 | 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, | ||
| 149 | 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, | ||
| 150 | 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, | ||
| 151 | 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, | ||
| 152 | 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, | ||
| 153 | 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, | ||
| 154 | 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, | ||
| 155 | 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, | ||
| 156 | 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, | ||
| 157 | 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, | ||
| 158 | 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, | ||
| 159 | 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, | ||
| 160 | 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, | ||
| 161 | 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, /* [64]+ are used for sha512 only */ | ||
| 162 | 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, | ||
| 163 | 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, | ||
| 164 | 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, | ||
| 165 | 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, | ||
| 166 | 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, | ||
| 167 | 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, | ||
| 168 | 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL | ||
| 169 | }; | ||
| 170 | |||
| 171 | #undef Ch | ||
| 172 | #undef Maj | ||
| 173 | #undef S0 | ||
| 174 | #undef S1 | ||
| 175 | #undef R0 | ||
| 176 | #undef R1 | ||
| 177 | |||
| 178 | static void FAST_FUNC sha256_process_block64(sha256_ctx_t *ctx) | ||
| 179 | niro | 532 | { |
| 180 | niro | 984 | unsigned t; |
| 181 | uint32_t W[64], a, b, c, d, e, f, g, h; | ||
| 182 | const uint32_t *words = (uint32_t*) ctx->wbuffer; | ||
| 183 | niro | 532 | |
| 184 | niro | 984 | /* Operators defined in FIPS 180-2:4.1.2. */ |
| 185 | #define Ch(x, y, z) ((x & y) ^ (~x & z)) | ||
| 186 | #define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z)) | ||
| 187 | #define S0(x) (rotr32(x, 2) ^ rotr32(x, 13) ^ rotr32(x, 22)) | ||
| 188 | #define S1(x) (rotr32(x, 6) ^ rotr32(x, 11) ^ rotr32(x, 25)) | ||
| 189 | #define R0(x) (rotr32(x, 7) ^ rotr32(x, 18) ^ (x >> 3)) | ||
| 190 | #define R1(x) (rotr32(x, 17) ^ rotr32(x, 19) ^ (x >> 10)) | ||
| 191 | niro | 532 | |
| 192 | niro | 984 | /* Compute the message schedule according to FIPS 180-2:6.2.2 step 2. */ |
| 193 | for (t = 0; t < 16; ++t) { | ||
| 194 | W[t] = ntohl(*words); | ||
| 195 | words++; | ||
| 196 | } | ||
| 197 | niro | 532 | |
| 198 | niro | 984 | for (/*t = 16*/; t < 64; ++t) |
| 199 | W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16]; | ||
| 200 | |||
| 201 | niro | 532 | a = ctx->hash[0]; |
| 202 | b = ctx->hash[1]; | ||
| 203 | c = ctx->hash[2]; | ||
| 204 | d = ctx->hash[3]; | ||
| 205 | e = ctx->hash[4]; | ||
| 206 | niro | 984 | f = ctx->hash[5]; |
| 207 | g = ctx->hash[6]; | ||
| 208 | h = ctx->hash[7]; | ||
| 209 | niro | 532 | |
| 210 | niro | 984 | /* The actual computation according to FIPS 180-2:6.2.2 step 3. */ |
| 211 | for (t = 0; t < 64; ++t) { | ||
| 212 | /* Need to fetch upper half of sha_K[t] | ||
| 213 | * (I hope compiler is clever enough to just fetch | ||
| 214 | * upper half) | ||
| 215 | */ | ||
| 216 | uint32_t K_t = sha_K[t] >> 32; | ||
| 217 | uint32_t T1 = h + S1(e) + Ch(e, f, g) + K_t + W[t]; | ||
| 218 | uint32_t T2 = S0(a) + Maj(a, b, c); | ||
| 219 | h = g; | ||
| 220 | g = f; | ||
| 221 | f = e; | ||
| 222 | e = d + T1; | ||
| 223 | d = c; | ||
| 224 | c = b; | ||
| 225 | b = a; | ||
| 226 | a = T1 + T2; | ||
| 227 | niro | 532 | } |
| 228 | niro | 984 | #undef Ch |
| 229 | #undef Maj | ||
| 230 | #undef S0 | ||
| 231 | #undef S1 | ||
| 232 | #undef R0 | ||
| 233 | #undef R1 | ||
| 234 | /* Add the starting values of the context according to FIPS 180-2:6.2.2 | ||
| 235 | step 4. */ | ||
| 236 | ctx->hash[0] += a; | ||
| 237 | ctx->hash[1] += b; | ||
| 238 | ctx->hash[2] += c; | ||
| 239 | ctx->hash[3] += d; | ||
| 240 | ctx->hash[4] += e; | ||
| 241 | ctx->hash[5] += f; | ||
| 242 | ctx->hash[6] += g; | ||
| 243 | ctx->hash[7] += h; | ||
| 244 | } | ||
| 245 | niro | 532 | |
| 246 | niro | 984 | static void FAST_FUNC sha512_process_block128(sha512_ctx_t *ctx) |
| 247 | { | ||
| 248 | unsigned t; | ||
| 249 | uint64_t W[80]; | ||
| 250 | /* On i386, having assignments here (not later as sha256 does) | ||
| 251 | * produces 99 bytes smaller code with gcc 4.3.1 | ||
| 252 | */ | ||
| 253 | uint64_t a = ctx->hash[0]; | ||
| 254 | uint64_t b = ctx->hash[1]; | ||
| 255 | uint64_t c = ctx->hash[2]; | ||
| 256 | uint64_t d = ctx->hash[3]; | ||
| 257 | uint64_t e = ctx->hash[4]; | ||
| 258 | uint64_t f = ctx->hash[5]; | ||
| 259 | uint64_t g = ctx->hash[6]; | ||
| 260 | uint64_t h = ctx->hash[7]; | ||
| 261 | const uint64_t *words = (uint64_t*) ctx->wbuffer; | ||
| 262 | niro | 532 | |
| 263 | niro | 984 | /* Operators defined in FIPS 180-2:4.1.2. */ |
| 264 | #define Ch(x, y, z) ((x & y) ^ (~x & z)) | ||
| 265 | #define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z)) | ||
| 266 | #define S0(x) (rotr64(x, 28) ^ rotr64(x, 34) ^ rotr64(x, 39)) | ||
| 267 | #define S1(x) (rotr64(x, 14) ^ rotr64(x, 18) ^ rotr64(x, 41)) | ||
| 268 | #define R0(x) (rotr64(x, 1) ^ rotr64(x, 8) ^ (x >> 7)) | ||
| 269 | #define R1(x) (rotr64(x, 19) ^ rotr64(x, 61) ^ (x >> 6)) | ||
| 270 | |||
| 271 | /* Compute the message schedule according to FIPS 180-2:6.3.2 step 2. */ | ||
| 272 | for (t = 0; t < 16; ++t) { | ||
| 273 | W[t] = ntoh64(*words); | ||
| 274 | words++; | ||
| 275 | niro | 532 | } |
| 276 | niro | 984 | for (/*t = 16*/; t < 80; ++t) |
| 277 | W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16]; | ||
| 278 | niro | 532 | |
| 279 | niro | 984 | /* The actual computation according to FIPS 180-2:6.3.2 step 3. */ |
| 280 | for (t = 0; t < 80; ++t) { | ||
| 281 | uint64_t T1 = h + S1(e) + Ch(e, f, g) + sha_K[t] + W[t]; | ||
| 282 | uint64_t T2 = S0(a) + Maj(a, b, c); | ||
| 283 | h = g; | ||
| 284 | g = f; | ||
| 285 | f = e; | ||
| 286 | e = d + T1; | ||
| 287 | d = c; | ||
| 288 | c = b; | ||
| 289 | b = a; | ||
| 290 | a = T1 + T2; | ||
| 291 | niro | 532 | } |
| 292 | niro | 984 | #undef Ch |
| 293 | #undef Maj | ||
| 294 | #undef S0 | ||
| 295 | #undef S1 | ||
| 296 | #undef R0 | ||
| 297 | #undef R1 | ||
| 298 | /* Add the starting values of the context according to FIPS 180-2:6.3.2 | ||
| 299 | step 4. */ | ||
| 300 | niro | 532 | ctx->hash[0] += a; |
| 301 | ctx->hash[1] += b; | ||
| 302 | ctx->hash[2] += c; | ||
| 303 | ctx->hash[3] += d; | ||
| 304 | ctx->hash[4] += e; | ||
| 305 | niro | 984 | ctx->hash[5] += f; |
| 306 | ctx->hash[6] += g; | ||
| 307 | ctx->hash[7] += h; | ||
| 308 | niro | 532 | } |
| 309 | |||
| 310 | niro | 984 | |
| 311 | niro | 816 | void FAST_FUNC sha1_begin(sha1_ctx_t *ctx) |
| 312 | niro | 532 | { |
| 313 | ctx->hash[0] = 0x67452301; | ||
| 314 | ctx->hash[1] = 0xefcdab89; | ||
| 315 | ctx->hash[2] = 0x98badcfe; | ||
| 316 | ctx->hash[3] = 0x10325476; | ||
| 317 | ctx->hash[4] = 0xc3d2e1f0; | ||
| 318 | niro | 984 | ctx->total64 = 0; |
| 319 | ctx->process_block = sha1_process_block64; | ||
| 320 | niro | 532 | } |
| 321 | |||
| 322 | niro | 984 | static const uint32_t init256[] = { |
| 323 | 0x6a09e667, | ||
| 324 | 0xbb67ae85, | ||
| 325 | 0x3c6ef372, | ||
| 326 | 0xa54ff53a, | ||
| 327 | 0x510e527f, | ||
| 328 | 0x9b05688c, | ||
| 329 | 0x1f83d9ab, | ||
| 330 | 0x5be0cd19 | ||
| 331 | }; | ||
| 332 | static const uint32_t init512_lo[] = { | ||
| 333 | 0xf3bcc908, | ||
| 334 | 0x84caa73b, | ||
| 335 | 0xfe94f82b, | ||
| 336 | 0x5f1d36f1, | ||
| 337 | 0xade682d1, | ||
| 338 | 0x2b3e6c1f, | ||
| 339 | 0xfb41bd6b, | ||
| 340 | 0x137e2179 | ||
| 341 | }; | ||
| 342 | |||
| 343 | /* Initialize structure containing state of computation. | ||
| 344 | (FIPS 180-2:5.3.2) */ | ||
| 345 | void FAST_FUNC sha256_begin(sha256_ctx_t *ctx) | ||
| 346 | niro | 532 | { |
| 347 | niro | 984 | memcpy(ctx->hash, init256, sizeof(init256)); |
| 348 | ctx->total64 = 0; | ||
| 349 | ctx->process_block = sha256_process_block64; | ||
| 350 | } | ||
| 351 | niro | 532 | |
| 352 | niro | 984 | /* Initialize structure containing state of computation. |
| 353 | (FIPS 180-2:5.3.3) */ | ||
| 354 | void FAST_FUNC sha512_begin(sha512_ctx_t *ctx) | ||
| 355 | { | ||
| 356 | int i; | ||
| 357 | for (i = 0; i < 8; i++) | ||
| 358 | ctx->hash[i] = ((uint64_t)(init256[i]) << 32) + init512_lo[i]; | ||
| 359 | ctx->total64[0] = ctx->total64[1] = 0; | ||
| 360 | } | ||
| 361 | niro | 532 | |
| 362 | niro | 984 | |
| 363 | /* Used also for sha256 */ | ||
| 364 | void FAST_FUNC sha1_hash(const void *buffer, size_t len, sha1_ctx_t *ctx) | ||
| 365 | { | ||
| 366 | unsigned in_buf = ctx->total64 & 63; | ||
| 367 | unsigned add = 64 - in_buf; | ||
| 368 | |||
| 369 | ctx->total64 += len; | ||
| 370 | |||
| 371 | while (len >= add) { /* transfer whole blocks while possible */ | ||
| 372 | memcpy(ctx->wbuffer + in_buf, buffer, add); | ||
| 373 | buffer = (const char *)buffer + add; | ||
| 374 | len -= add; | ||
| 375 | add = 64; | ||
| 376 | in_buf = 0; | ||
| 377 | ctx->process_block(ctx); | ||
| 378 | niro | 532 | } |
| 379 | |||
| 380 | niro | 984 | memcpy(ctx->wbuffer + in_buf, buffer, len); |
| 381 | niro | 532 | } |
| 382 | |||
| 383 | niro | 984 | void FAST_FUNC sha512_hash(const void *buffer, size_t len, sha512_ctx_t *ctx) |
| 384 | niro | 532 | { |
| 385 | niro | 984 | unsigned in_buf = ctx->total64[0] & 127; |
| 386 | unsigned add = 128 - in_buf; | ||
| 387 | niro | 532 | |
| 388 | niro | 984 | /* First increment the byte count. FIPS 180-2 specifies the possible |
| 389 | length of the file up to 2^128 _bits_. | ||
| 390 | We compute the number of _bytes_ and convert to bits later. */ | ||
| 391 | ctx->total64[0] += len; | ||
| 392 | if (ctx->total64[0] < len) | ||
| 393 | ctx->total64[1]++; | ||
| 394 | niro | 532 | |
| 395 | niro | 984 | while (len >= add) { /* transfer whole blocks while possible */ |
| 396 | memcpy(ctx->wbuffer + in_buf, buffer, add); | ||
| 397 | buffer = (const char *)buffer + add; | ||
| 398 | len -= add; | ||
| 399 | add = 128; | ||
| 400 | in_buf = 0; | ||
| 401 | sha512_process_block128(ctx); | ||
| 402 | } | ||
| 403 | niro | 532 | |
| 404 | niro | 984 | memcpy(ctx->wbuffer + in_buf, buffer, len); |
| 405 | } | ||
| 406 | niro | 532 | |
| 407 | |||
| 408 | niro | 984 | /* Used also for sha256 */ |
| 409 | void FAST_FUNC sha1_end(void *resbuf, sha1_ctx_t *ctx) | ||
| 410 | { | ||
| 411 | unsigned pad, in_buf; | ||
| 412 | niro | 532 | |
| 413 | niro | 984 | in_buf = ctx->total64 & 63; |
| 414 | /* Pad the buffer to the next 64-byte boundary with 0x80,0,0,0... */ | ||
| 415 | ctx->wbuffer[in_buf++] = 0x80; | ||
| 416 | niro | 532 | |
| 417 | niro | 984 | /* This loop iterates either once or twice, no more, no less */ |
| 418 | while (1) { | ||
| 419 | pad = 64 - in_buf; | ||
| 420 | memset(ctx->wbuffer + in_buf, 0, pad); | ||
| 421 | in_buf = 0; | ||
| 422 | /* Do we have enough space for the length count? */ | ||
| 423 | if (pad >= 8) { | ||
| 424 | /* Store the 64-bit counter of bits in the buffer in BE format */ | ||
| 425 | uint64_t t = ctx->total64 << 3; | ||
| 426 | t = hton64(t); | ||
| 427 | /* wbuffer is suitably aligned for this */ | ||
| 428 | *(uint64_t *) (&ctx->wbuffer[64 - 8]) = t; | ||
| 429 | } | ||
| 430 | ctx->process_block(ctx); | ||
| 431 | if (pad >= 8) | ||
| 432 | break; | ||
| 433 | } | ||
| 434 | niro | 532 | |
| 435 | niro | 984 | in_buf = (ctx->process_block == sha1_process_block64) ? 5 : 8; |
| 436 | /* This way we do not impose alignment constraints on resbuf: */ | ||
| 437 | if (BB_LITTLE_ENDIAN) { | ||
| 438 | unsigned i; | ||
| 439 | for (i = 0; i < in_buf; ++i) | ||
| 440 | ctx->hash[i] = htonl(ctx->hash[i]); | ||
| 441 | } | ||
| 442 | memcpy(resbuf, ctx->hash, sizeof(ctx->hash[0]) * in_buf); | ||
| 443 | } | ||
| 444 | niro | 532 | |
| 445 | niro | 984 | void FAST_FUNC sha512_end(void *resbuf, sha512_ctx_t *ctx) |
| 446 | { | ||
| 447 | unsigned pad, in_buf; | ||
| 448 | niro | 532 | |
| 449 | niro | 984 | in_buf = ctx->total64[0] & 127; |
| 450 | /* Pad the buffer to the next 128-byte boundary with 0x80,0,0,0... | ||
| 451 | * (FIPS 180-2:5.1.2) | ||
| 452 | */ | ||
| 453 | ctx->wbuffer[in_buf++] = 0x80; | ||
| 454 | |||
| 455 | while (1) { | ||
| 456 | pad = 128 - in_buf; | ||
| 457 | memset(ctx->wbuffer + in_buf, 0, pad); | ||
| 458 | in_buf = 0; | ||
| 459 | if (pad >= 16) { | ||
| 460 | /* Store the 128-bit counter of bits in the buffer in BE format */ | ||
| 461 | uint64_t t; | ||
| 462 | t = ctx->total64[0] << 3; | ||
| 463 | t = hton64(t); | ||
| 464 | *(uint64_t *) (&ctx->wbuffer[128 - 8]) = t; | ||
| 465 | t = (ctx->total64[1] << 3) | (ctx->total64[0] >> 61); | ||
| 466 | t = hton64(t); | ||
| 467 | *(uint64_t *) (&ctx->wbuffer[128 - 16]) = t; | ||
| 468 | } | ||
| 469 | sha512_process_block128(ctx); | ||
| 470 | if (pad >= 16) | ||
| 471 | break; | ||
| 472 | } | ||
| 473 | |||
| 474 | if (BB_LITTLE_ENDIAN) { | ||
| 475 | unsigned i; | ||
| 476 | for (i = 0; i < ARRAY_SIZE(ctx->hash); ++i) | ||
| 477 | ctx->hash[i] = hton64(ctx->hash[i]); | ||
| 478 | } | ||
| 479 | memcpy(resbuf, ctx->hash, sizeof(ctx->hash)); | ||
| 480 | niro | 532 | } |