| blob | e175e705f5210359a44bb47763dd5a2cdec3f585 |
1 /* sha512.c - Functions to compute SHA512 and SHA384 message digest of files or
2 memory blocks according to the NIST specification FIPS-180-2.
4 Copyright (C) 2005-2006, 2008-2018 Free Software Foundation, Inc.
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <https://www.gnu.org/licenses/>. */
19 /* Written by David Madore, considerably copypasting from
20 Scott G. Miller's sha1.c
21 */
23 #include <config.h>
25 #if HAVE_OPENSSL_SHA512
26 # define GL_OPENSSL_INLINE _GL_EXTERN_INLINE
27 #endif
30 #include <stdalign.h>
31 #include <stdint.h>
32 #include <stdlib.h>
33 #include <string.h>
35 #if USE_UNLOCKED_IO
37 #endif
39 #ifdef WORDS_BIGENDIAN
40 # define SWAP(n) (n)
41 #else
42 # define SWAP(n) \
43 u64or (u64or (u64or (u64shl (n, 56), \
44 u64shl (u64and (n, u64lo (0x0000ff00)), 40)), \
45 u64or (u64shl (u64and (n, u64lo (0x00ff0000)), 24), \
46 u64shl (u64and (n, u64lo (0xff000000)), 8))), \
47 u64or (u64or (u64and (u64shr (n, 8), u64lo (0xff000000)), \
48 u64and (u64shr (n, 24), u64lo (0x00ff0000))), \
49 u64or (u64and (u64shr (n, 40), u64lo (0x0000ff00)), \
50 u64shr (n, 56))))
51 #endif
53 #define BLOCKSIZE 32768
54 #if BLOCKSIZE % 128 != 0
56 #endif
58 #if ! HAVE_OPENSSL_SHA512
59 /* This array contains the bytes used to pad the buffer to the next
60 128-byte boundary. */
64 /*
65 Takes a pointer to a 512 bit block of data (eight 64 bit ints) and
66 initializes it to the start constants of the SHA512 algorithm. This
67 must be called before using hash in the call to sha512_hash
68 */
69 void
71 {
83 }
85 void
87 {
99 }
101 /* Copy the value from V into the memory location pointed to by *CP,
102 If your architecture allows unaligned access, this is equivalent to
103 * (__typeof__ (v) *) cp = v */
104 static void
106 {
108 }
110 /* Put result from CTX in first 64 bytes following RESBUF.
111 The result must be in little endian byte order. */
114 {
122 }
126 {
134 }
136 /* Process the remaining bytes in the internal buffer and the usual
137 prolog according to the standard and write the result to RESBUF. */
138 static void
140 {
141 /* Take yet unprocessed bytes into account. */
145 /* Now count remaining bytes. */
150 /* Put the 128-bit file length in *bits* at the end of the buffer.
151 Use set_uint64 rather than a simple assignment, to avoid risk of
152 unaligned access. */
161 /* Process last bytes. */
163 }
167 {
170 }
174 {
177 }
178 #endif
180 #ifdef GL_COMPILE_CRYPTO_STREAM
184 /* Compute message digest for bytes read from STREAM using algorithm ALG.
185 Write the message digest into RESBLOCK, which contains HASHLEN bytes.
186 The initial and finishing operations are INIT_CTX and FINISH_CTX.
187 Return zero if and only if successful. */
188 static int
192 {
194 {
197 }
207 /* Iterate over full file contents. */
209 {
210 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
211 computation function processes the whole buffer so that with the
212 next round of the loop another block can be read. */
216 /* Read block. Take care for partial reads. */
218 {
227 {
228 /* Check for the error flag IFF N == 0, so that we don't
229 exit the loop after a partial read due to e.g., EAGAIN
230 or EWOULDBLOCK. */
232 {
235 }
237 }
239 /* We've read at least one byte, so ignore errors. But always
240 check for EOF, since feof may be true even though N > 0.
241 Otherwise, we could end up calling fread after EOF. */
244 }
246 /* Process buffer with BLOCKSIZE bytes. Note that
247 BLOCKSIZE % 128 == 0
248 */
250 }
252 process_partial_block:;
254 /* Process any remaining bytes. */
258 /* Construct result in desired memory. */
262 }
264 int
266 {
269 }
271 int
273 {
276 }
277 #endif
279 #if ! HAVE_OPENSSL_SHA512
280 /* Compute SHA512 message digest for LEN bytes beginning at BUFFER. The
281 result is always in little endian byte order, so that a byte-wise
282 output yields to the wanted ASCII representation of the message
283 digest. */
286 {
289 /* Initialize the computation context. */
292 /* Process whole buffer but last len % 128 bytes. */
295 /* Put result in desired memory area. */
297 }
301 {
304 /* Initialize the computation context. */
307 /* Process whole buffer but last len % 128 bytes. */
310 /* Put result in desired memory area. */
312 }
314 void
316 {
317 /* When we already have some bits in our internal buffer concatenate
318 both inputs first. */
320 {
328 {
332 /* The regions in the following copy operation cannot overlap,
333 because ctx->buflen < 128 ≤ (left_over + add) & ~127. */
337 }
341 }
343 /* Process available complete blocks. */
345 {
346 #if !(_STRING_ARCH_unaligned || _STRING_INLINE_unaligned)
347 # define UNALIGNED_P(p) ((uintptr_t) (p) % alignof (u64) != 0)
350 {
354 }
355 else
356 #endif
357 {
361 }
362 }
364 /* Move remaining bytes in internal buffer. */
366 {
372 {
375 /* The regions in the following copy operation cannot overlap,
376 because left_over ≤ 128. */
378 }
380 }
381 }
383 /* --- Code below is the primary difference between sha1.c and sha512.c --- */
385 /* SHA512 round constants */
386 #define K(I) sha512_round_constants[I]
428 };
430 /* Round functions. */
431 #define F2(A, B, C) u64or (u64and (A, B), u64and (C, u64or (A, B)))
432 #define F1(E, F, G) u64xor (G, u64and (E, u64xor (F, G)))
434 /* Process LEN bytes of BUFFER, accumulating context into CTX.
435 It is assumed that LEN % 128 == 0.
436 Most of this code comes from GnuPG's cipher/sha1.c. */
438 void
440 {
454 /* First increment the byte count. FIPS PUB 180-2 specifies the possible
455 length of the file up to 2^128 bits. Here we only compute the
456 number of bytes. Do a double word increment. */
462 #define S0(x) u64xor (u64rol(x, 63), u64xor (u64rol (x, 56), u64shr (x, 7)))
463 #define S1(x) u64xor (u64rol (x, 45), u64xor (u64rol (x, 3), u64shr (x, 6)))
464 #define SS0(x) u64xor (u64rol (x, 36), u64xor (u64rol (x, 30), u64rol (x, 25)))
465 #define SS1(x) u64xor (u64rol(x, 50), u64xor (u64rol (x, 46), u64rol (x, 23)))
467 #define M(I) (x[(I) & 15] \
468 = u64plus (x[(I) & 15], \
469 u64plus (S1 (x[((I) - 2) & 15]), \
470 u64plus (x[((I) - 7) & 15], \
471 S0 (x[((I) - 15) & 15])))))
473 #define R(A, B, C, D, E, F, G, H, K, M) \
474 do \
475 { \
476 u64 t0 = u64plus (SS0 (A), F2 (A, B, C)); \
477 u64 t1 = \
478 u64plus (H, u64plus (SS1 (E), \
479 u64plus (F1 (E, F, G), u64plus (K, M)))); \
480 D = u64plus (D, t1); \
481 H = u64plus (t0, t1); \
482 } \
483 while (0)
486 {
488 /* FIXME: see sha1.c for a better implementation. */
490 {
492 words++;
493 }
584 }
585 }
586 #endif
588 /*
589 * Hey Emacs!
590 * Local Variables:
591 * coding: utf-8
592 * End:
593 */