1 |
/* vi: set sw=4 ts=4: */ |
/* vi: set sw=4 ts=4: */ |
2 |
/* |
/* |
3 |
* Based on shasum from http://www.netsw.org/crypto/hash/ |
* Based on shasum from http://www.netsw.org/crypto/hash/ |
4 |
* Majorly hacked up to use Dr Brian Gladman's sha1 code |
* Majorly hacked up to use Dr Brian Gladman's sha1 code |
5 |
* |
* |
6 |
* Copyright (C) 2002 Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK. |
* Copyright (C) 2002 Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK. |
7 |
* Copyright (C) 2003 Glenn L. McGrath |
* Copyright (C) 2003 Glenn L. McGrath |
8 |
* Copyright (C) 2003 Erik Andersen |
* Copyright (C) 2003 Erik Andersen |
9 |
* |
* |
10 |
* Licensed under GPLv2 or later, see file LICENSE in this tarball for details. |
* Licensed under GPLv2 or later, see file LICENSE in this tarball for details. |
11 |
* |
* |
12 |
* --------------------------------------------------------------------------- |
* --------------------------------------------------------------------------- |
13 |
* Issue Date: 10/11/2002 |
* Issue Date: 10/11/2002 |
14 |
* |
* |
15 |
* This is a byte oriented version of SHA1 that operates on arrays of bytes |
* This is a byte oriented version of SHA1 that operates on arrays of bytes |
16 |
* stored in memory. It runs at 22 cycles per byte on a Pentium P4 processor |
* stored in memory. It runs at 22 cycles per byte on a Pentium P4 processor |
17 |
|
* |
18 |
|
* --------------------------------------------------------------------------- |
19 |
|
* |
20 |
|
* SHA256 and SHA512 parts are: |
21 |
|
* Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>. |
22 |
|
* Shrank by Denys Vlasenko. |
23 |
|
* |
24 |
|
* --------------------------------------------------------------------------- |
25 |
|
* |
26 |
|
* The best way to test random blocksizes is to go to coreutils/md5_sha1_sum.c |
27 |
|
* and replace "4096" with something like "2000 + time(NULL) % 2097", |
28 |
|
* then rebuild and compare "shaNNNsum bigfile" results. |
29 |
*/ |
*/ |
30 |
|
|
31 |
#include "libbb.h" |
#include "libbb.h" |
32 |
|
|
33 |
#define SHA1_BLOCK_SIZE 64 |
#define rotl32(x,n) (((x) << (n)) | ((x) >> (32 - (n)))) |
34 |
#define SHA1_DIGEST_SIZE 20 |
#define rotr32(x,n) (((x) >> (n)) | ((x) << (32 - (n)))) |
35 |
#define SHA1_HASH_SIZE SHA1_DIGEST_SIZE |
/* for sha512: */ |
36 |
#define SHA2_GOOD 0 |
#define rotr64(x,n) (((x) >> (n)) | ((x) << (64 - (n)))) |
37 |
#define SHA2_BAD 1 |
#if BB_LITTLE_ENDIAN |
38 |
|
static inline uint64_t hton64(uint64_t v) |
39 |
|
{ |
40 |
|
return (((uint64_t)htonl(v)) << 32) | htonl(v >> 32); |
41 |
|
} |
42 |
|
#else |
43 |
|
#define hton64(v) (v) |
44 |
|
#endif |
45 |
|
#define ntoh64(v) hton64(v) |
46 |
|
|
47 |
|
/* To check alignment gcc has an appropriate operator. Other |
48 |
|
compilers don't. */ |
49 |
|
#if defined(__GNUC__) && __GNUC__ >= 2 |
50 |
|
# define UNALIGNED_P(p,type) (((uintptr_t) p) % __alignof__(type) != 0) |
51 |
|
#else |
52 |
|
# define UNALIGNED_P(p,type) (((uintptr_t) p) % sizeof(type) != 0) |
53 |
|
#endif |
54 |
|
|
55 |
|
|
56 |
|
/* Some arch headers have conflicting defines */ |
57 |
|
#undef ch |
58 |
|
#undef parity |
59 |
|
#undef maj |
60 |
|
#undef rnd |
61 |
|
|
62 |
|
static void FAST_FUNC sha1_process_block64(sha1_ctx_t *ctx) |
63 |
|
{ |
64 |
|
unsigned t; |
65 |
|
uint32_t W[80], a, b, c, d, e; |
66 |
|
const uint32_t *words = (uint32_t*) ctx->wbuffer; |
67 |
|
|
68 |
|
for (t = 0; t < 16; ++t) { |
69 |
|
W[t] = ntohl(*words); |
70 |
|
words++; |
71 |
|
} |
72 |
|
|
73 |
#define rotl32(x,n) (((x) << n) | ((x) >> (32 - n))) |
for (/*t = 16*/; t < 80; ++t) { |
74 |
|
uint32_t T = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16]; |
75 |
|
W[t] = rotl32(T, 1); |
76 |
|
} |
77 |
|
|
78 |
#define SHA1_MASK (SHA1_BLOCK_SIZE - 1) |
a = ctx->hash[0]; |
79 |
|
b = ctx->hash[1]; |
80 |
|
c = ctx->hash[2]; |
81 |
|
d = ctx->hash[3]; |
82 |
|
e = ctx->hash[4]; |
83 |
|
|
84 |
/* reverse byte order in 32-bit words */ |
/* Reverse byte order in 32-bit words */ |
85 |
#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) |
#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) |
86 |
#define parity(x,y,z) ((x) ^ (y) ^ (z)) |
#define parity(x,y,z) ((x) ^ (y) ^ (z)) |
87 |
#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) |
#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) |
|
|
|
88 |
/* A normal version as set out in the FIPS. This version uses */ |
/* A normal version as set out in the FIPS. This version uses */ |
89 |
/* partial loop unrolling and is optimised for the Pentium 4 */ |
/* partial loop unrolling and is optimised for the Pentium 4 */ |
90 |
#define rnd(f,k) \ |
#define rnd(f,k) \ |
91 |
do { \ |
do { \ |
92 |
t = a; a = rotl32(a,5) + f(b,c,d) + e + k + w[i]; \ |
uint32_t T = a; \ |
93 |
e = d; d = c; c = rotl32(b, 30); b = t; \ |
a = rotl32(a, 5) + f(b, c, d) + e + k + W[t]; \ |
94 |
|
e = d; \ |
95 |
|
d = c; \ |
96 |
|
c = rotl32(b, 30); \ |
97 |
|
b = T; \ |
98 |
} while (0) |
} while (0) |
99 |
|
|
100 |
static void sha1_compile(sha1_ctx_t *ctx) |
for (t = 0; t < 20; ++t) |
101 |
{ |
rnd(ch, 0x5a827999); |
102 |
uint32_t w[80], i, a, b, c, d, e, t; |
|
103 |
|
for (/*t = 20*/; t < 40; ++t) |
104 |
|
rnd(parity, 0x6ed9eba1); |
105 |
|
|
106 |
|
for (/*t = 40*/; t < 60; ++t) |
107 |
|
rnd(maj, 0x8f1bbcdc); |
108 |
|
|
109 |
|
for (/*t = 60*/; t < 80; ++t) |
110 |
|
rnd(parity, 0xca62c1d6); |
111 |
|
#undef ch |
112 |
|
#undef parity |
113 |
|
#undef maj |
114 |
|
#undef rnd |
115 |
|
|
116 |
|
ctx->hash[0] += a; |
117 |
|
ctx->hash[1] += b; |
118 |
|
ctx->hash[2] += c; |
119 |
|
ctx->hash[3] += d; |
120 |
|
ctx->hash[4] += e; |
121 |
|
} |
122 |
|
|
123 |
|
/* Constants for SHA512 from FIPS 180-2:4.2.3. |
124 |
|
* SHA256 constants from FIPS 180-2:4.2.2 |
125 |
|
* are the most significant half of first 64 elements |
126 |
|
* of the same array. |
127 |
|
*/ |
128 |
|
static const uint64_t sha_K[80] = { |
129 |
|
0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, |
130 |
|
0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, |
131 |
|
0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, |
132 |
|
0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, |
133 |
|
0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, |
134 |
|
0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, |
135 |
|
0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, |
136 |
|
0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, |
137 |
|
0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, |
138 |
|
0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, |
139 |
|
0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, |
140 |
|
0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, |
141 |
|
0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, |
142 |
|
0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, |
143 |
|
0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, |
144 |
|
0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, |
145 |
|
0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, |
146 |
|
0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, |
147 |
|
0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, |
148 |
|
0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, |
149 |
|
0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, |
150 |
|
0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, |
151 |
|
0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, |
152 |
|
0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, |
153 |
|
0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, |
154 |
|
0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, |
155 |
|
0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, |
156 |
|
0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, |
157 |
|
0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, |
158 |
|
0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, |
159 |
|
0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, |
160 |
|
0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, |
161 |
|
0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, /* [64]+ are used for sha512 only */ |
162 |
|
0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, |
163 |
|
0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, |
164 |
|
0x113f9804bef90daeULL, 0x1b710b35131c471bULL, |
165 |
|
0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, |
166 |
|
0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, |
167 |
|
0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, |
168 |
|
0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL |
169 |
|
}; |
170 |
|
|
171 |
|
#undef Ch |
172 |
|
#undef Maj |
173 |
|
#undef S0 |
174 |
|
#undef S1 |
175 |
|
#undef R0 |
176 |
|
#undef R1 |
177 |
|
|
178 |
/* note that words are compiled from the buffer into 32-bit */ |
static void FAST_FUNC sha256_process_block64(sha256_ctx_t *ctx) |
179 |
/* words in big-endian order so an order reversal is needed */ |
{ |
180 |
/* here on little endian machines */ |
unsigned t; |
181 |
for (i = 0; i < SHA1_BLOCK_SIZE / 4; ++i) |
uint32_t W[64], a, b, c, d, e, f, g, h; |
182 |
w[i] = htonl(ctx->wbuf[i]); |
const uint32_t *words = (uint32_t*) ctx->wbuffer; |
183 |
|
|
184 |
|
/* Operators defined in FIPS 180-2:4.1.2. */ |
185 |
|
#define Ch(x, y, z) ((x & y) ^ (~x & z)) |
186 |
|
#define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z)) |
187 |
|
#define S0(x) (rotr32(x, 2) ^ rotr32(x, 13) ^ rotr32(x, 22)) |
188 |
|
#define S1(x) (rotr32(x, 6) ^ rotr32(x, 11) ^ rotr32(x, 25)) |
189 |
|
#define R0(x) (rotr32(x, 7) ^ rotr32(x, 18) ^ (x >> 3)) |
190 |
|
#define R1(x) (rotr32(x, 17) ^ rotr32(x, 19) ^ (x >> 10)) |
191 |
|
|
192 |
|
/* Compute the message schedule according to FIPS 180-2:6.2.2 step 2. */ |
193 |
|
for (t = 0; t < 16; ++t) { |
194 |
|
W[t] = ntohl(*words); |
195 |
|
words++; |
196 |
|
} |
197 |
|
|
198 |
for (i = SHA1_BLOCK_SIZE / 4; i < 80; ++i) |
for (/*t = 16*/; t < 64; ++t) |
199 |
w[i] = rotl32(w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16], 1); |
W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16]; |
200 |
|
|
201 |
a = ctx->hash[0]; |
a = ctx->hash[0]; |
202 |
b = ctx->hash[1]; |
b = ctx->hash[1]; |
203 |
c = ctx->hash[2]; |
c = ctx->hash[2]; |
204 |
d = ctx->hash[3]; |
d = ctx->hash[3]; |
205 |
e = ctx->hash[4]; |
e = ctx->hash[4]; |
206 |
|
f = ctx->hash[5]; |
207 |
for (i = 0; i < 20; ++i) { |
g = ctx->hash[6]; |
208 |
rnd(ch, 0x5a827999); |
h = ctx->hash[7]; |
209 |
} |
|
210 |
|
/* The actual computation according to FIPS 180-2:6.2.2 step 3. */ |
211 |
for (i = 20; i < 40; ++i) { |
for (t = 0; t < 64; ++t) { |
212 |
rnd(parity, 0x6ed9eba1); |
/* Need to fetch upper half of sha_K[t] |
213 |
|
* (I hope compiler is clever enough to just fetch |
214 |
|
* upper half) |
215 |
|
*/ |
216 |
|
uint32_t K_t = sha_K[t] >> 32; |
217 |
|
uint32_t T1 = h + S1(e) + Ch(e, f, g) + K_t + W[t]; |
218 |
|
uint32_t T2 = S0(a) + Maj(a, b, c); |
219 |
|
h = g; |
220 |
|
g = f; |
221 |
|
f = e; |
222 |
|
e = d + T1; |
223 |
|
d = c; |
224 |
|
c = b; |
225 |
|
b = a; |
226 |
|
a = T1 + T2; |
227 |
} |
} |
228 |
|
#undef Ch |
229 |
|
#undef Maj |
230 |
|
#undef S0 |
231 |
|
#undef S1 |
232 |
|
#undef R0 |
233 |
|
#undef R1 |
234 |
|
/* Add the starting values of the context according to FIPS 180-2:6.2.2 |
235 |
|
step 4. */ |
236 |
|
ctx->hash[0] += a; |
237 |
|
ctx->hash[1] += b; |
238 |
|
ctx->hash[2] += c; |
239 |
|
ctx->hash[3] += d; |
240 |
|
ctx->hash[4] += e; |
241 |
|
ctx->hash[5] += f; |
242 |
|
ctx->hash[6] += g; |
243 |
|
ctx->hash[7] += h; |
244 |
|
} |
245 |
|
|
246 |
for (i = 40; i < 60; ++i) { |
static void FAST_FUNC sha512_process_block128(sha512_ctx_t *ctx) |
247 |
rnd(maj, 0x8f1bbcdc); |
{ |
248 |
|
unsigned t; |
249 |
|
uint64_t W[80]; |
250 |
|
/* On i386, having assignments here (not later as sha256 does) |
251 |
|
* produces 99 bytes smaller code with gcc 4.3.1 |
252 |
|
*/ |
253 |
|
uint64_t a = ctx->hash[0]; |
254 |
|
uint64_t b = ctx->hash[1]; |
255 |
|
uint64_t c = ctx->hash[2]; |
256 |
|
uint64_t d = ctx->hash[3]; |
257 |
|
uint64_t e = ctx->hash[4]; |
258 |
|
uint64_t f = ctx->hash[5]; |
259 |
|
uint64_t g = ctx->hash[6]; |
260 |
|
uint64_t h = ctx->hash[7]; |
261 |
|
const uint64_t *words = (uint64_t*) ctx->wbuffer; |
262 |
|
|
263 |
|
/* Operators defined in FIPS 180-2:4.1.2. */ |
264 |
|
#define Ch(x, y, z) ((x & y) ^ (~x & z)) |
265 |
|
#define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z)) |
266 |
|
#define S0(x) (rotr64(x, 28) ^ rotr64(x, 34) ^ rotr64(x, 39)) |
267 |
|
#define S1(x) (rotr64(x, 14) ^ rotr64(x, 18) ^ rotr64(x, 41)) |
268 |
|
#define R0(x) (rotr64(x, 1) ^ rotr64(x, 8) ^ (x >> 7)) |
269 |
|
#define R1(x) (rotr64(x, 19) ^ rotr64(x, 61) ^ (x >> 6)) |
270 |
|
|
271 |
|
/* Compute the message schedule according to FIPS 180-2:6.3.2 step 2. */ |
272 |
|
for (t = 0; t < 16; ++t) { |
273 |
|
W[t] = ntoh64(*words); |
274 |
|
words++; |
275 |
} |
} |
276 |
|
for (/*t = 16*/; t < 80; ++t) |
277 |
|
W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16]; |
278 |
|
|
279 |
for (i = 60; i < 80; ++i) { |
/* The actual computation according to FIPS 180-2:6.3.2 step 3. */ |
280 |
rnd(parity, 0xca62c1d6); |
for (t = 0; t < 80; ++t) { |
281 |
|
uint64_t T1 = h + S1(e) + Ch(e, f, g) + sha_K[t] + W[t]; |
282 |
|
uint64_t T2 = S0(a) + Maj(a, b, c); |
283 |
|
h = g; |
284 |
|
g = f; |
285 |
|
f = e; |
286 |
|
e = d + T1; |
287 |
|
d = c; |
288 |
|
c = b; |
289 |
|
b = a; |
290 |
|
a = T1 + T2; |
291 |
} |
} |
292 |
|
#undef Ch |
293 |
|
#undef Maj |
294 |
|
#undef S0 |
295 |
|
#undef S1 |
296 |
|
#undef R0 |
297 |
|
#undef R1 |
298 |
|
/* Add the starting values of the context according to FIPS 180-2:6.3.2 |
299 |
|
step 4. */ |
300 |
ctx->hash[0] += a; |
ctx->hash[0] += a; |
301 |
ctx->hash[1] += b; |
ctx->hash[1] += b; |
302 |
ctx->hash[2] += c; |
ctx->hash[2] += c; |
303 |
ctx->hash[3] += d; |
ctx->hash[3] += d; |
304 |
ctx->hash[4] += e; |
ctx->hash[4] += e; |
305 |
|
ctx->hash[5] += f; |
306 |
|
ctx->hash[6] += g; |
307 |
|
ctx->hash[7] += h; |
308 |
} |
} |
309 |
|
|
310 |
|
|
311 |
void FAST_FUNC sha1_begin(sha1_ctx_t *ctx) |
void FAST_FUNC sha1_begin(sha1_ctx_t *ctx) |
312 |
{ |
{ |
|
ctx->count[0] = ctx->count[1] = 0; |
|
313 |
ctx->hash[0] = 0x67452301; |
ctx->hash[0] = 0x67452301; |
314 |
ctx->hash[1] = 0xefcdab89; |
ctx->hash[1] = 0xefcdab89; |
315 |
ctx->hash[2] = 0x98badcfe; |
ctx->hash[2] = 0x98badcfe; |
316 |
ctx->hash[3] = 0x10325476; |
ctx->hash[3] = 0x10325476; |
317 |
ctx->hash[4] = 0xc3d2e1f0; |
ctx->hash[4] = 0xc3d2e1f0; |
318 |
|
ctx->total64 = 0; |
319 |
|
ctx->process_block = sha1_process_block64; |
320 |
|
} |
321 |
|
|
322 |
|
static const uint32_t init256[] = { |
323 |
|
0x6a09e667, |
324 |
|
0xbb67ae85, |
325 |
|
0x3c6ef372, |
326 |
|
0xa54ff53a, |
327 |
|
0x510e527f, |
328 |
|
0x9b05688c, |
329 |
|
0x1f83d9ab, |
330 |
|
0x5be0cd19 |
331 |
|
}; |
332 |
|
static const uint32_t init512_lo[] = { |
333 |
|
0xf3bcc908, |
334 |
|
0x84caa73b, |
335 |
|
0xfe94f82b, |
336 |
|
0x5f1d36f1, |
337 |
|
0xade682d1, |
338 |
|
0x2b3e6c1f, |
339 |
|
0xfb41bd6b, |
340 |
|
0x137e2179 |
341 |
|
}; |
342 |
|
|
343 |
|
/* Initialize structure containing state of computation. |
344 |
|
(FIPS 180-2:5.3.2) */ |
345 |
|
void FAST_FUNC sha256_begin(sha256_ctx_t *ctx) |
346 |
|
{ |
347 |
|
memcpy(ctx->hash, init256, sizeof(init256)); |
348 |
|
ctx->total64 = 0; |
349 |
|
ctx->process_block = sha256_process_block64; |
350 |
} |
} |
351 |
|
|
352 |
/* SHA1 hash data in an array of bytes into hash buffer and call the */ |
/* Initialize structure containing state of computation. |
353 |
/* hash_compile function as required. */ |
(FIPS 180-2:5.3.3) */ |
354 |
void FAST_FUNC sha1_hash(const void *data, size_t length, sha1_ctx_t *ctx) |
void FAST_FUNC sha512_begin(sha512_ctx_t *ctx) |
355 |
|
{ |
356 |
|
int i; |
357 |
|
for (i = 0; i < 8; i++) |
358 |
|
ctx->hash[i] = ((uint64_t)(init256[i]) << 32) + init512_lo[i]; |
359 |
|
ctx->total64[0] = ctx->total64[1] = 0; |
360 |
|
} |
361 |
|
|
362 |
|
|
363 |
|
/* Used also for sha256 */ |
364 |
|
void FAST_FUNC sha1_hash(const void *buffer, size_t len, sha1_ctx_t *ctx) |
365 |
{ |
{ |
366 |
uint32_t pos = (uint32_t) (ctx->count[0] & SHA1_MASK); |
unsigned in_buf = ctx->total64 & 63; |
367 |
uint32_t freeb = SHA1_BLOCK_SIZE - pos; |
unsigned add = 64 - in_buf; |
|
const unsigned char *sp = data; |
|
368 |
|
|
369 |
if ((ctx->count[0] += length) < length) |
ctx->total64 += len; |
|
++(ctx->count[1]); |
|
370 |
|
|
371 |
while (length >= freeb) { /* tranfer whole blocks while possible */ |
while (len >= add) { /* transfer whole blocks while possible */ |
372 |
memcpy(((unsigned char *) ctx->wbuf) + pos, sp, freeb); |
memcpy(ctx->wbuffer + in_buf, buffer, add); |
373 |
sp += freeb; |
buffer = (const char *)buffer + add; |
374 |
length -= freeb; |
len -= add; |
375 |
freeb = SHA1_BLOCK_SIZE; |
add = 64; |
376 |
pos = 0; |
in_buf = 0; |
377 |
sha1_compile(ctx); |
ctx->process_block(ctx); |
378 |
} |
} |
379 |
|
|
380 |
memcpy(((unsigned char *) ctx->wbuf) + pos, sp, length); |
memcpy(ctx->wbuffer + in_buf, buffer, len); |
381 |
} |
} |
382 |
|
|
383 |
void* FAST_FUNC sha1_end(void *resbuf, sha1_ctx_t *ctx) |
void FAST_FUNC sha512_hash(const void *buffer, size_t len, sha512_ctx_t *ctx) |
384 |
{ |
{ |
385 |
/* SHA1 Final padding and digest calculation */ |
unsigned in_buf = ctx->total64[0] & 127; |
386 |
#if BB_BIG_ENDIAN |
unsigned add = 128 - in_buf; |
387 |
static uint32_t mask[4] = { 0x00000000, 0xff000000, 0xffff0000, 0xffffff00 }; |
|
388 |
static uint32_t bits[4] = { 0x80000000, 0x00800000, 0x00008000, 0x00000080 }; |
/* First increment the byte count. FIPS 180-2 specifies the possible |
389 |
#else |
length of the file up to 2^128 _bits_. |
390 |
static uint32_t mask[4] = { 0x00000000, 0x000000ff, 0x0000ffff, 0x00ffffff }; |
We compute the number of _bytes_ and convert to bits later. */ |
391 |
static uint32_t bits[4] = { 0x00000080, 0x00008000, 0x00800000, 0x80000000 }; |
ctx->total64[0] += len; |
392 |
#endif |
if (ctx->total64[0] < len) |
393 |
|
ctx->total64[1]++; |
394 |
|
|
395 |
|
while (len >= add) { /* transfer whole blocks while possible */ |
396 |
|
memcpy(ctx->wbuffer + in_buf, buffer, add); |
397 |
|
buffer = (const char *)buffer + add; |
398 |
|
len -= add; |
399 |
|
add = 128; |
400 |
|
in_buf = 0; |
401 |
|
sha512_process_block128(ctx); |
402 |
|
} |
403 |
|
|
404 |
|
memcpy(ctx->wbuffer + in_buf, buffer, len); |
405 |
|
} |
406 |
|
|
407 |
|
|
408 |
uint8_t *hval = resbuf; |
/* Used also for sha256 */ |
409 |
uint32_t i, cnt = (uint32_t) (ctx->count[0] & SHA1_MASK); |
void FAST_FUNC sha1_end(void *resbuf, sha1_ctx_t *ctx) |
410 |
|
{ |
411 |
|
unsigned pad, in_buf; |
412 |
|
|
413 |
|
in_buf = ctx->total64 & 63; |
414 |
|
/* Pad the buffer to the next 64-byte boundary with 0x80,0,0,0... */ |
415 |
|
ctx->wbuffer[in_buf++] = 0x80; |
416 |
|
|
417 |
|
/* This loop iterates either once or twice, no more, no less */ |
418 |
|
while (1) { |
419 |
|
pad = 64 - in_buf; |
420 |
|
memset(ctx->wbuffer + in_buf, 0, pad); |
421 |
|
in_buf = 0; |
422 |
|
/* Do we have enough space for the length count? */ |
423 |
|
if (pad >= 8) { |
424 |
|
/* Store the 64-bit counter of bits in the buffer in BE format */ |
425 |
|
uint64_t t = ctx->total64 << 3; |
426 |
|
t = hton64(t); |
427 |
|
/* wbuffer is suitably aligned for this */ |
428 |
|
*(uint64_t *) (&ctx->wbuffer[64 - 8]) = t; |
429 |
|
} |
430 |
|
ctx->process_block(ctx); |
431 |
|
if (pad >= 8) |
432 |
|
break; |
433 |
|
} |
434 |
|
|
435 |
/* mask out the rest of any partial 32-bit word and then set */ |
in_buf = (ctx->process_block == sha1_process_block64) ? 5 : 8; |
436 |
/* the next byte to 0x80. On big-endian machines any bytes in */ |
/* This way we do not impose alignment constraints on resbuf: */ |
437 |
/* the buffer will be at the top end of 32 bit words, on little */ |
if (BB_LITTLE_ENDIAN) { |
438 |
/* endian machines they will be at the bottom. Hence the AND */ |
unsigned i; |
439 |
/* and OR masks above are reversed for little endian systems */ |
for (i = 0; i < in_buf; ++i) |
440 |
ctx->wbuf[cnt >> 2] = |
ctx->hash[i] = htonl(ctx->hash[i]); |
441 |
(ctx->wbuf[cnt >> 2] & mask[cnt & 3]) | bits[cnt & 3]; |
} |
442 |
|
memcpy(resbuf, ctx->hash, sizeof(ctx->hash[0]) * in_buf); |
443 |
/* we need 9 or more empty positions, one for the padding byte */ |
} |
|
/* (above) and eight for the length count. If there is not */ |
|
|
/* enough space pad and empty the buffer */ |
|
|
if (cnt > SHA1_BLOCK_SIZE - 9) { |
|
|
if (cnt < 60) |
|
|
ctx->wbuf[15] = 0; |
|
|
sha1_compile(ctx); |
|
|
cnt = 0; |
|
|
} else /* compute a word index for the empty buffer positions */ |
|
|
cnt = (cnt >> 2) + 1; |
|
|
|
|
|
while (cnt < 14) /* and zero pad all but last two positions */ |
|
|
ctx->wbuf[cnt++] = 0; |
|
|
|
|
|
/* assemble the eight byte counter in the buffer in big-endian */ |
|
|
/* format */ |
|
|
|
|
|
ctx->wbuf[14] = htonl((ctx->count[1] << 3) | (ctx->count[0] >> 29)); |
|
|
ctx->wbuf[15] = htonl(ctx->count[0] << 3); |
|
|
|
|
|
sha1_compile(ctx); |
|
444 |
|
|
445 |
/* extract the hash value as bytes in case the hash buffer is */ |
void FAST_FUNC sha512_end(void *resbuf, sha512_ctx_t *ctx) |
446 |
/* misaligned for 32-bit words */ |
{ |
447 |
|
unsigned pad, in_buf; |
448 |
|
|
449 |
for (i = 0; i < SHA1_DIGEST_SIZE; ++i) |
in_buf = ctx->total64[0] & 127; |
450 |
hval[i] = (unsigned char) (ctx->hash[i >> 2] >> 8 * (~i & 3)); |
/* Pad the buffer to the next 128-byte boundary with 0x80,0,0,0... |
451 |
|
* (FIPS 180-2:5.1.2) |
452 |
|
*/ |
453 |
|
ctx->wbuffer[in_buf++] = 0x80; |
454 |
|
|
455 |
|
while (1) { |
456 |
|
pad = 128 - in_buf; |
457 |
|
memset(ctx->wbuffer + in_buf, 0, pad); |
458 |
|
in_buf = 0; |
459 |
|
if (pad >= 16) { |
460 |
|
/* Store the 128-bit counter of bits in the buffer in BE format */ |
461 |
|
uint64_t t; |
462 |
|
t = ctx->total64[0] << 3; |
463 |
|
t = hton64(t); |
464 |
|
*(uint64_t *) (&ctx->wbuffer[128 - 8]) = t; |
465 |
|
t = (ctx->total64[1] << 3) | (ctx->total64[0] >> 61); |
466 |
|
t = hton64(t); |
467 |
|
*(uint64_t *) (&ctx->wbuffer[128 - 16]) = t; |
468 |
|
} |
469 |
|
sha512_process_block128(ctx); |
470 |
|
if (pad >= 16) |
471 |
|
break; |
472 |
|
} |
473 |
|
|
474 |
return resbuf; |
if (BB_LITTLE_ENDIAN) { |
475 |
|
unsigned i; |
476 |
|
for (i = 0; i < ARRAY_SIZE(ctx->hash); ++i) |
477 |
|
ctx->hash[i] = hton64(ctx->hash[i]); |
478 |
|
} |
479 |
|
memcpy(resbuf, ctx->hash, sizeof(ctx->hash)); |
480 |
} |
} |