1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-25 15:27:03 +01:00

* sha256.c, sha512.c: New.

* Makefile.am, algorithms.h, md.c (load_digest_module,
string_to_digest_algo): Add read-only support for the new SHAs.
This commit is contained in:
David Shaw 2003-02-04 18:50:44 +00:00
parent defeb83a8d
commit 39db2a7190
6 changed files with 793 additions and 3 deletions

View File

@ -1,3 +1,10 @@
2003-02-04 David Shaw <dshaw@jabberwocky.com>
* sha256.c, sha512.c: New.
* Makefile.am, algorithms.h, md.c (load_digest_module,
string_to_digest_algo): Add read-only support for the new SHAs.
2002-11-06 Stefan Bellon <sbellon@sbellon.de> 2002-11-06 Stefan Bellon <sbellon@sbellon.de>
* rand-internal.h (rndriscos_gather_random): Added prototype. * rand-internal.h (rndriscos_gather_random): Added prototype.

View File

@ -51,7 +51,9 @@ libcipher_a_SOURCES = cipher.c \
rndw32.c \ rndw32.c \
md5.c \ md5.c \
rmd160.c \ rmd160.c \
sha1.c sha1.c \
sha256.c \
sha512.c
EXTRA_libcipher_a_SOURCES = idea-stub.c tiger.c EXTRA_libcipher_a_SOURCES = idea-stub.c tiger.c

View File

@ -22,8 +22,6 @@
const char *dynload_enum_module_names (int seq); const char *dynload_enum_module_names (int seq);
const char * const char *
md5_get_info (int algo, size_t *contextsize, md5_get_info (int algo, size_t *contextsize,
byte **r_asnoid, int *r_asnlen, int *r_mdlen, byte **r_asnoid, int *r_asnlen, int *r_mdlen,
@ -61,6 +59,32 @@ tiger_get_info (int algo, size_t *contextsize,
byte *(**r_read)( void *c ) byte *(**r_read)( void *c )
); );
const char *
sha256_get_info (int algo, size_t *contextsize,
byte **r_asnoid, int *r_asnlen, int *r_mdlen,
void (**r_init)( void *c ),
void (**r_write)( void *c, byte *buf, size_t nbytes ),
void (**r_final)( void *c ),
byte *(**r_read)( void *c )
);
const char *
sha384_get_info (int algo, size_t *contextsize,
byte **r_asnoid, int *r_asnlen, int *r_mdlen,
void (**r_init)( void *c ),
void (**r_write)( void *c, byte *buf, size_t nbytes ),
void (**r_final)( void *c ),
byte *(**r_read)( void *c )
);
const char *
sha512_get_info (int algo, size_t *contextsize,
byte **r_asnoid, int *r_asnlen, int *r_mdlen,
void (**r_init)( void *c ),
void (**r_write)( void *c, byte *buf, size_t nbytes ),
void (**r_final)( void *c ),
byte *(**r_read)( void *c )
);
const char * const char *
des_get_info( int algo, size_t *keylen, des_get_info( int algo, size_t *keylen,

View File

@ -28,6 +28,7 @@
#include "cipher.h" #include "cipher.h"
#include "errors.h" #include "errors.h"
#include "algorithms.h" #include "algorithms.h"
#include "i18n.h"
/**************** /****************
* This structure is used for the list of available algorithms * This structure is used for the list of available algorithms
@ -99,6 +100,12 @@ load_digest_module (void)
if (!new_list_item (DIGEST_ALGO_TIGER, tiger_get_info)) if (!new_list_item (DIGEST_ALGO_TIGER, tiger_get_info))
BUG(); BUG();
#endif #endif
if (!new_list_item (DIGEST_ALGO_SHA512, sha512_get_info))
BUG ();
if (!new_list_item (DIGEST_ALGO_SHA384, sha384_get_info))
BUG ();
if (!new_list_item (DIGEST_ALGO_SHA256, sha256_get_info))
BUG ();
if (!new_list_item (DIGEST_ALGO_MD5, md5_get_info)) if (!new_list_item (DIGEST_ALGO_MD5, md5_get_info))
BUG (); BUG ();
if (!new_list_item (DIGEST_ALGO_RMD160, rmd160_get_info)) if (!new_list_item (DIGEST_ALGO_RMD160, rmd160_get_info))
@ -117,6 +124,22 @@ string_to_digest_algo( const char *string )
{ {
struct md_digest_list_s *r; struct md_digest_list_s *r;
/* Hi there. I see you changing that code so you can use the new
SHA hashes. Before you do it, please think about it. There
are no official releases of any OpenPGP programs that generate
these hashes, and we're trying to get a code base that can
understand the hashes before we release one that generates
them. - dshaw */
if(!ascii_strcasecmp("sha256",string)
|| !ascii_strcasecmp("sha384",string)
|| !ascii_strcasecmp("sha512",string))
{
log_info(_("digest algorithm `%s' is read-only in this release\n"),
string);
return 0;
}
do { do {
for(r = digest_list; r; r = r->next ) for(r = digest_list; r; r = r->next )
if( !ascii_strcasecmp( r->name, string ) ) if( !ascii_strcasecmp( r->name, string ) )

318
cipher/sha256.c Normal file
View File

@ -0,0 +1,318 @@
/* sha256.c - SHA256 hash function
* Copyright (C) 2003 Free Software Foundation, Inc.
*
* Please see below for more legal information!
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* Test vectors from FIPS-180-2:
*
* "abc"
* BA7816BF 8F01CFEA 414140DE 5DAE2223 B00361A3 96177A9C B410FF61 F20015AD
*
* "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
* 248D6A61 D20638B8 E5C02693 0C3E6039 A33CE459 64FF2167 F6ECEDD4 19DB06C1
*
* "a" x 1000000
* CDC76E5C 9914FB92 81A1C7E2 84D73E67 F1809A48 A497200E 046D39CC C7112CD0
*/
#include <config.h>
#include <string.h>
#include "util.h"
#include "algorithms.h"
typedef struct {
u32 h0,h1,h2,h3,h4,h5,h6,h7;
u32 nblocks;
byte buf[64];
int count;
} SHA256_CONTEXT;
static void
burn_stack (int bytes)
{
char buf[128];
wipememory(buf,sizeof buf);
bytes -= sizeof buf;
if (bytes > 0)
burn_stack (bytes);
}
void
sha256_init( SHA256_CONTEXT *hd )
{
hd->h0 = 0x6a09e667;
hd->h1 = 0xbb67ae85;
hd->h2 = 0x3c6ef372;
hd->h3 = 0xa54ff53a;
hd->h4 = 0x510e527f;
hd->h5 = 0x9b05688c;
hd->h6 = 0x1f83d9ab;
hd->h7 = 0x5be0cd19;
hd->nblocks = 0;
hd->count = 0;
}
/****************
* Transform the message w which consists of 16 32-bit words
*/
static void
transform( SHA256_CONTEXT *hd, byte *data )
{
u32 a,b,c,d,e,f,g,h;
u32 w[64];
int t;
static const u32 k[]=
{
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1,
0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786,
0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147,
0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b,
0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a,
0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
};
/* get values from the chaining vars */
a = hd->h0;
b = hd->h1;
c = hd->h2;
d = hd->h3;
e = hd->h4;
f = hd->h5;
g = hd->h6;
h = hd->h7;
#ifdef BIG_ENDIAN_HOST
memcpy( w, data, 64 );
#else
{
int i;
byte *p2;
for(i=0, p2=(byte*)w; i < 16; i++, p2 += 4 )
{
p2[3] = *data++;
p2[2] = *data++;
p2[1] = *data++;
p2[0] = *data++;
}
}
#endif
#define ROTR(x,n) (((x)>>(n)) | ((x)<<(32-(n))))
#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
#define Sum0(x) (ROTR((x),2) ^ ROTR((x),13) ^ ROTR((x),22))
#define Sum1(x) (ROTR((x),6) ^ ROTR((x),11) ^ ROTR((x),25))
#define S0(x) (ROTR((x),7) ^ ROTR((x),18) ^ ((x)>>3))
#define S1(x) (ROTR((x),17) ^ ROTR((x),19) ^ ((x)>>10))
for(t=16;t<64;t++)
w[t] = S1(w[t-2]) + w[t-7] + S0(w[t-15]) + w[t-16];
for(t=0;t<64;t++)
{
u32 t1,t2;
t1=h+Sum1(e)+Ch(e,f,g)+k[t]+w[t];
t2=Sum0(a)+Maj(a,b,c);
h=g;
g=f;
f=e;
e=d+t1;
d=c;
c=b;
b=a;
a=t1+t2;
/* printf("t=%d a=%08lX b=%08lX c=%08lX d=%08lX e=%08lX f=%08lX g=%08lX h=%08lX\n",t,a,b,c,d,e,f,g,h); */
}
/* update chaining vars */
hd->h0 += a;
hd->h1 += b;
hd->h2 += c;
hd->h3 += d;
hd->h4 += e;
hd->h5 += f;
hd->h6 += g;
hd->h7 += h;
}
/* Update the message digest with the contents
* of INBUF with length INLEN.
*/
static void
sha256_write( SHA256_CONTEXT *hd, byte *inbuf, size_t inlen)
{
if( hd->count == 64 ) { /* flush the buffer */
transform( hd, hd->buf );
burn_stack (328);
hd->count = 0;
hd->nblocks++;
}
if( !inbuf )
return;
if( hd->count ) {
for( ; inlen && hd->count < 64; inlen-- )
hd->buf[hd->count++] = *inbuf++;
sha256_write( hd, NULL, 0 );
if( !inlen )
return;
}
while( inlen >= 64 ) {
transform( hd, inbuf );
hd->count = 0;
hd->nblocks++;
inlen -= 64;
inbuf += 64;
}
burn_stack (328);
for( ; inlen && hd->count < 64; inlen-- )
hd->buf[hd->count++] = *inbuf++;
}
/* The routine final terminates the computation and
* returns the digest.
* The handle is prepared for a new cycle, but adding bytes to the
* handle will the destroy the returned buffer.
* Returns: 32 bytes representing the digest.
*/
static void
sha256_final(SHA256_CONTEXT *hd)
{
u32 t, msb, lsb;
byte *p;
sha256_write(hd, NULL, 0); /* flush */;
t = hd->nblocks;
/* multiply by 64 to make a byte count */
lsb = t << 6;
msb = t >> 26;
/* add the count */
t = lsb;
if( (lsb += hd->count) < t )
msb++;
/* multiply by 8 to make a bit count */
t = lsb;
lsb <<= 3;
msb <<= 3;
msb |= t >> 29;
if( hd->count < 56 ) { /* enough room */
hd->buf[hd->count++] = 0x80; /* pad */
while( hd->count < 56 )
hd->buf[hd->count++] = 0; /* pad */
}
else { /* need one extra block */
hd->buf[hd->count++] = 0x80; /* pad character */
while( hd->count < 64 )
hd->buf[hd->count++] = 0;
sha256_write(hd, NULL, 0); /* flush */;
memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
}
/* append the 64 bit count */
hd->buf[56] = msb >> 24;
hd->buf[57] = msb >> 16;
hd->buf[58] = msb >> 8;
hd->buf[59] = msb ;
hd->buf[60] = lsb >> 24;
hd->buf[61] = lsb >> 16;
hd->buf[62] = lsb >> 8;
hd->buf[63] = lsb ;
transform( hd, hd->buf );
burn_stack (328);
p = hd->buf;
#ifdef BIG_ENDIAN_HOST
#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
#else /* little endian */
#define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16; \
*p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)
#endif
X(0);
X(1);
X(2);
X(3);
X(4);
X(5);
X(6);
X(7);
#undef X
}
static byte *
sha256_read( SHA256_CONTEXT *hd )
{
return hd->buf;
}
/****************
* Return some information about the algorithm. We need algo here to
* distinguish different flavors of the algorithm.
* Returns: A pointer to string describing the algorithm or NULL if
* the ALGO is invalid.
*/
const char *
sha256_get_info( int algo, size_t *contextsize,
byte **r_asnoid, int *r_asnlen, int *r_mdlen,
void (**r_init)( void *c ),
void (**r_write)( void *c, byte *buf, size_t nbytes ),
void (**r_final)( void *c ),
byte *(**r_read)( void *c )
)
{
static byte asn[] = /* Object ID is 2.16.840.1.101.3.4.2.1 */
{
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
0x00, 0x04, 0x20
};
if( algo != 8 )
return NULL;
*contextsize = sizeof(SHA256_CONTEXT);
*r_asnoid = asn;
*r_asnlen = DIM(asn);
*r_mdlen = 32;
*(void (**)(SHA256_CONTEXT *))r_init = sha256_init;
*(void (**)(SHA256_CONTEXT *, byte*, size_t))r_write = sha256_write;
*(void (**)(SHA256_CONTEXT *))r_final = sha256_final;
*(byte *(**)(SHA256_CONTEXT *))r_read = sha256_read;
return "SHA256";
}

416
cipher/sha512.c Normal file
View File

@ -0,0 +1,416 @@
/* sha512.c - SHA384 and SHA512 hash functions
* Copyright (C) 2003 Free Software Foundation, Inc.
*
* Please see below for more legal information!
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/* Test vectors from FIPS-180-2:
*
* "abc"
* 384:
* CB00753F 45A35E8B B5A03D69 9AC65007 272C32AB 0EDED163
* 1A8B605A 43FF5BED 8086072B A1E7CC23 58BAECA1 34C825A7
* 512:
* DDAF35A1 93617ABA CC417349 AE204131 12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A
* 2192992A 274FC1A8 36BA3C23 A3FEEBBD 454D4423 643CE80E 2A9AC94F A54CA49F
*
* "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
* 384:
* 09330C33 F71147E8 3D192FC7 82CD1B47 53111B17 3B3B05D2
* 2FA08086 E3B0F712 FCC7C71A 557E2DB9 66C3E9FA 91746039
* 512:
* 8E959B75 DAE313DA 8CF4F728 14FC143F 8F7779C6 EB9F7FA1 7299AEAD B6889018
* 501D289E 4900F7E4 331B99DE C4B5433A C7D329EE B6DD2654 5E96E55B 874BE909
*
* "a" x 1000000
* 384:
* 9D0E1809 716474CB 086E834E 310A4A1C ED149E9C 00F24852
* 7972CEC5 704C2A5B 07B8B3DC 38ECC4EB AE97DDD8 7F3D8985
* 512:
* E718483D 0CE76964 4E2E42C7 BC15B463 8E1F98B1 3B204428 5632A803 AFA973EB
* DE0FF244 877EA60A 4CB0432C E577C31B EB009C5C 2C49AA2E 4EADB217 AD8CC09B
*/
#include <config.h>
#include <string.h>
#include "util.h"
#include "algorithms.h"
typedef struct {
u64 h0,h1,h2,h3,h4,h5,h6,h7;
u64 nblocks;
byte buf[128];
int count;
} SHA512_CONTEXT;
static void
burn_stack (int bytes)
{
char buf[128];
wipememory(buf,sizeof buf);
bytes -= sizeof buf;
if (bytes > 0)
burn_stack (bytes);
}
void
sha512_init( SHA512_CONTEXT *hd )
{
hd->h0 = 0x6a09e667f3bcc908;
hd->h1 = 0xbb67ae8584caa73b;
hd->h2 = 0x3c6ef372fe94f82b;
hd->h3 = 0xa54ff53a5f1d36f1;
hd->h4 = 0x510e527fade682d1;
hd->h5 = 0x9b05688c2b3e6c1f;
hd->h6 = 0x1f83d9abfb41bd6b;
hd->h7 = 0x5be0cd19137e2179;
hd->nblocks = 0;
hd->count = 0;
}
void
sha384_init( SHA512_CONTEXT *hd )
{
hd->h0 = 0xcbbb9d5dc1059ed8;
hd->h1 = 0x629a292a367cd507;
hd->h2 = 0x9159015a3070dd17;
hd->h3 = 0x152fecd8f70e5939;
hd->h4 = 0x67332667ffc00b31;
hd->h5 = 0x8eb44a8768581511;
hd->h6 = 0xdb0c2e0d64f98fa7;
hd->h7 = 0x47b5481dbefa4fa4;
hd->nblocks = 0;
hd->count = 0;
}
/****************
* Transform the message W which consists of 16 64-bit-words
*/
static void
transform( SHA512_CONTEXT *hd, byte *data )
{
u64 a,b,c,d,e,f,g,h;
u64 w[80];
int t;
static const u64 k[]=
{
0x428a2f98d728ae22, 0x7137449123ef65cd, 0xb5c0fbcfec4d3b2f,
0xe9b5dba58189dbbc, 0x3956c25bf348b538, 0x59f111f1b605d019,
0x923f82a4af194f9b, 0xab1c5ed5da6d8118, 0xd807aa98a3030242,
0x12835b0145706fbe, 0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2,
0x72be5d74f27b896f, 0x80deb1fe3b1696b1, 0x9bdc06a725c71235,
0xc19bf174cf692694, 0xe49b69c19ef14ad2, 0xefbe4786384f25e3,
0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65, 0x2de92c6f592b0275,
0x4a7484aa6ea6e483, 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5,
0x983e5152ee66dfab, 0xa831c66d2db43210, 0xb00327c898fb213f,
0xbf597fc7beef0ee4, 0xc6e00bf33da88fc2, 0xd5a79147930aa725,
0x06ca6351e003826f, 0x142929670a0e6e70, 0x27b70a8546d22ffc,
0x2e1b21385c26c926, 0x4d2c6dfc5ac42aed, 0x53380d139d95b3df,
0x650a73548baf63de, 0x766a0abb3c77b2a8, 0x81c2c92e47edaee6,
0x92722c851482353b, 0xa2bfe8a14cf10364, 0xa81a664bbc423001,
0xc24b8b70d0f89791, 0xc76c51a30654be30, 0xd192e819d6ef5218,
0xd69906245565a910, 0xf40e35855771202a, 0x106aa07032bbd1b8,
0x19a4c116b8d2d0c8, 0x1e376c085141ab53, 0x2748774cdf8eeb99,
0x34b0bcb5e19b48a8, 0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb,
0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3, 0x748f82ee5defb2fc,
0x78a5636f43172f60, 0x84c87814a1f0ab72, 0x8cc702081a6439ec,
0x90befffa23631e28, 0xa4506cebde82bde9, 0xbef9a3f7b2c67915,
0xc67178f2e372532b, 0xca273eceea26619c, 0xd186b8c721c0c207,
0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178, 0x06f067aa72176fba,
0x0a637dc5a2c898a6, 0x113f9804bef90dae, 0x1b710b35131c471b,
0x28db77f523047d84, 0x32caab7b40c72493, 0x3c9ebe0a15c9bebc,
0x431d67c49c100d4c, 0x4cc5d4becb3e42b6, 0x597f299cfc657e2a,
0x5fcb6fab3ad6faec, 0x6c44198c4a475817
};
/* get values from the chaining vars */
a = hd->h0;
b = hd->h1;
c = hd->h2;
d = hd->h3;
e = hd->h4;
f = hd->h5;
g = hd->h6;
h = hd->h7;
#ifdef BIG_ENDIAN_HOST
memcpy( w, data, 128 );
#else
{
int i;
byte *p2;
for(i=0, p2=(byte*)w; i < 16; i++, p2 += 8 )
{
p2[7] = *data++;
p2[6] = *data++;
p2[5] = *data++;
p2[4] = *data++;
p2[3] = *data++;
p2[2] = *data++;
p2[1] = *data++;
p2[0] = *data++;
}
}
#endif
#define ROTR(x,n) (((x)>>(n)) | ((x)<<(64-(n))))
#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
#define Sum0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
#define Sum1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
#define S0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
#define S1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
for(t=16;t<80;t++)
w[t] = S1(w[t-2]) + w[t-7] + S0(w[t-15]) + w[t-16];
for(t=0;t<80;t++)
{
u64 t1,t2;
t1=h+Sum1(e)+Ch(e,f,g)+k[t]+w[t];
t2=Sum0(a)+Maj(a,b,c);
h=g;
g=f;
f=e;
e=d+t1;
d=c;
c=b;
b=a;
a=t1+t2;
/* printf("t=%d a=%016llX b=%016llX c=%016llX d=%016llX e=%016llX f=%016llX g=%016llX h=%016llX\n",t,a,b,c,d,e,f,g,h); */
}
/* update chaining vars */
hd->h0 += a;
hd->h1 += b;
hd->h2 += c;
hd->h3 += d;
hd->h4 += e;
hd->h5 += f;
hd->h6 += g;
hd->h7 += h;
}
/* Update the message digest with the contents
* of INBUF with length INLEN.
*/
static void
sha512_write( SHA512_CONTEXT *hd, byte *inbuf, size_t inlen)
{
if( hd->count == 128 ) { /* flush the buffer */
transform( hd, hd->buf );
burn_stack (768);
hd->count = 0;
hd->nblocks++;
}
if( !inbuf )
return;
if( hd->count ) {
for( ; inlen && hd->count < 128; inlen-- )
hd->buf[hd->count++] = *inbuf++;
sha512_write( hd, NULL, 0 );
if( !inlen )
return;
}
while( inlen >= 128 ) {
transform( hd, inbuf );
hd->count = 0;
hd->nblocks++;
inlen -= 128;
inbuf += 128;
}
burn_stack (768);
for( ; inlen && hd->count < 128; inlen-- )
hd->buf[hd->count++] = *inbuf++;
}
/* The routine final terminates the computation and
* returns the digest.
* The handle is prepared for a new cycle, but adding bytes to the
* handle will the destroy the returned buffer.
* Returns: 64 bytes representing the digest. When used for sha384,
* we take the leftmost 48 of those bytes.
*/
static void
sha512_final(SHA512_CONTEXT *hd)
{
u64 t, msb, lsb;
byte *p;
sha512_write(hd, NULL, 0); /* flush */;
t = hd->nblocks;
/* multiply by 128 to make a byte count */
lsb = t << 7;
msb = t >> 57;
/* add the count */
t = lsb;
if( (lsb += hd->count) < t )
msb++;
/* multiply by 8 to make a bit count */
t = lsb;
lsb <<= 3;
msb <<= 3;
msb |= t >> 61;
if( hd->count < 112 ) { /* enough room */
hd->buf[hd->count++] = 0x80; /* pad */
while( hd->count < 112 )
hd->buf[hd->count++] = 0; /* pad */
}
else { /* need one extra block */
hd->buf[hd->count++] = 0x80; /* pad character */
while( hd->count < 128 )
hd->buf[hd->count++] = 0;
sha512_write(hd, NULL, 0); /* flush */;
memset(hd->buf, 0, 112 ); /* fill next block with zeroes */
}
/* append the 128 bit count */
hd->buf[112] = msb >> 56;
hd->buf[113] = msb >> 48;
hd->buf[114] = msb >> 40;
hd->buf[115] = msb >> 32;
hd->buf[116] = msb >> 24;
hd->buf[117] = msb >> 16;
hd->buf[118] = msb >> 8;
hd->buf[119] = msb ;
hd->buf[120] = lsb >> 56;
hd->buf[121] = lsb >> 48;
hd->buf[122] = lsb >> 40;
hd->buf[123] = lsb >> 32;
hd->buf[124] = lsb >> 24;
hd->buf[125] = lsb >> 16;
hd->buf[126] = lsb >> 8;
hd->buf[127] = lsb ;
transform( hd, hd->buf );
burn_stack (768);
p = hd->buf;
#ifdef BIG_ENDIAN_HOST
#define X(a) do { *(u64*)p = hd->h##a ; p += 8; } while(0)
#else /* little endian */
#define X(a) do { *p++ = hd->h##a >> 56; *p++ = hd->h##a >> 48; \
*p++ = hd->h##a >> 40; *p++ = hd->h##a >> 32; \
*p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16; \
*p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)
#endif
X(0);
X(1);
X(2);
X(3);
X(4);
X(5);
/* Note that these last two chunks are included even for SHA384.
We just ignore them. */
X(6);
X(7);
#undef X
}
static byte *
sha512_read( SHA512_CONTEXT *hd )
{
return hd->buf;
}
/****************
* Return some information about the algorithm. We need algo here to
* distinguish different flavors of the algorithm.
* Returns: A pointer to string describing the algorithm or NULL if
* the ALGO is invalid.
*/
const char *
sha512_get_info( int algo, size_t *contextsize,
byte **r_asnoid, int *r_asnlen, int *r_mdlen,
void (**r_init)( void *c ),
void (**r_write)( void *c, byte *buf, size_t nbytes ),
void (**r_final)( void *c ),
byte *(**r_read)( void *c )
)
{
static byte asn[] = /* Object ID is 2.16.840.1.101.3.4.2.3 */
{
0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,
0x00, 0x04, 0x40
};
if( algo != 10 )
return NULL;
*contextsize = sizeof(SHA512_CONTEXT);
*r_asnoid = asn;
*r_asnlen = DIM(asn);
*r_mdlen = 64;
*(void (**)(SHA512_CONTEXT *))r_init = sha512_init;
*(void (**)(SHA512_CONTEXT *, byte*, size_t))r_write = sha512_write;
*(void (**)(SHA512_CONTEXT *))r_final = sha512_final;
*(byte *(**)(SHA512_CONTEXT *))r_read = sha512_read;
return "SHA512";
}
/* SHA384 is really a truncated SHA512 with a different
initialization */
const char *
sha384_get_info( int algo, size_t *contextsize,
byte **r_asnoid, int *r_asnlen, int *r_mdlen,
void (**r_init)( void *c ),
void (**r_write)( void *c, byte *buf, size_t nbytes ),
void (**r_final)( void *c ),
byte *(**r_read)( void *c )
)
{
static byte asn[] = /* Object ID is 2.16.840.1.101.3.4.2.2 */
{
0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05,
0x00, 0x04, 0x30
};
if( algo != 9 )
return NULL;
*contextsize = sizeof(SHA512_CONTEXT);
*r_asnoid = asn;
*r_asnlen = DIM(asn);
*r_mdlen = 48;
*(void (**)(SHA512_CONTEXT *))r_init = sha384_init;
*(void (**)(SHA512_CONTEXT *, byte*, size_t))r_write = sha512_write;
*(void (**)(SHA512_CONTEXT *))r_final = sha512_final;
*(byte *(**)(SHA512_CONTEXT *))r_read = sha512_read;
return "SHA384";
}