| blob | 852c43495057502a0d344e0206d7091bcf7fe3c4 |
1 /* sha512.c - Functions to compute SHA512 and SHA384 message digest of files or
2 memory blocks according to the NIST specification FIPS-180-2.
4 Copyright (C) 2005-2006, 2008-2018 Free Software Foundation, Inc.
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <https://www.gnu.org/licenses/>. */
19 /* Written by David Madore, considerably copypasting from
20 Scott G. Miller's sha1.c
21 */
23 #include <config.h>
25 #if HAVE_OPENSSL_SHA512
26 # define GL_OPENSSL_INLINE _GL_EXTERN_INLINE
27 #endif
30 #include <stdalign.h>
31 #include <stdint.h>
32 #include <stdlib.h>
33 #include <string.h>
37 #if USE_UNLOCKED_IO
39 #endif
41 #ifdef WORDS_BIGENDIAN
42 # define SWAP(n) (n)
43 #else
44 # define SWAP(n) \
45 u64or (u64or (u64or (u64shl (n, 56), \
46 u64shl (u64and (n, u64lo (0x0000ff00)), 40)), \
47 u64or (u64shl (u64and (n, u64lo (0x00ff0000)), 24), \
48 u64shl (u64and (n, u64lo (0xff000000)), 8))), \
49 u64or (u64or (u64and (u64shr (n, 8), u64lo (0xff000000)), \
50 u64and (u64shr (n, 24), u64lo (0x00ff0000))), \
51 u64or (u64and (u64shr (n, 40), u64lo (0x0000ff00)), \
52 u64shr (n, 56))))
53 #endif
55 #define BLOCKSIZE 32768
56 #if BLOCKSIZE % 128 != 0
58 #endif
60 #if ! HAVE_OPENSSL_SHA512
61 /* This array contains the bytes used to pad the buffer to the next
62 128-byte boundary. */
66 /*
67 Takes a pointer to a 512 bit block of data (eight 64 bit ints) and
68 initializes it to the start constants of the SHA512 algorithm. This
69 must be called before using hash in the call to sha512_hash
70 */
71 void
73 {
85 }
87 void
89 {
101 }
103 /* Copy the value from V into the memory location pointed to by *CP,
104 If your architecture allows unaligned access, this is equivalent to
105 * (__typeof__ (v) *) cp = v */
106 static void
108 {
110 }
112 /* Put result from CTX in first 64 bytes following RESBUF.
113 The result must be in little endian byte order. */
116 {
124 }
128 {
136 }
138 /* Process the remaining bytes in the internal buffer and the usual
139 prolog according to the standard and write the result to RESBUF. */
140 static void
142 {
143 /* Take yet unprocessed bytes into account. */
147 /* Now count remaining bytes. */
152 /* Put the 128-bit file length in *bits* at the end of the buffer.
153 Use set_uint64 rather than a simple assignment, to avoid risk of
154 unaligned access. */
163 /* Process last bytes. */
165 }
169 {
172 }
176 {
179 }
180 #endif
182 /* Compute message digest for bytes read from STREAM using algorithm ALG.
183 Write the message digest into RESBLOCK, which contains HASHLEN bytes.
184 The initial and finishing operations are INIT_CTX and FINISH_CTX.
185 Return zero if and only if successful. */
186 static int
190 {
192 {
195 }
205 /* Iterate over full file contents. */
207 {
208 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
209 computation function processes the whole buffer so that with the
210 next round of the loop another block can be read. */
214 /* Read block. Take care for partial reads. */
216 {
225 {
226 /* Check for the error flag IFF N == 0, so that we don't
227 exit the loop after a partial read due to e.g., EAGAIN
228 or EWOULDBLOCK. */
230 {
233 }
235 }
237 /* We've read at least one byte, so ignore errors. But always
238 check for EOF, since feof may be true even though N > 0.
239 Otherwise, we could end up calling fread after EOF. */
242 }
244 /* Process buffer with BLOCKSIZE bytes. Note that
245 BLOCKSIZE % 128 == 0
246 */
248 }
250 process_partial_block:;
252 /* Process any remaining bytes. */
256 /* Construct result in desired memory. */
260 }
262 int
264 {
267 }
269 int
271 {
274 }
276 #if ! HAVE_OPENSSL_SHA512
277 /* Compute SHA512 message digest for LEN bytes beginning at BUFFER. The
278 result is always in little endian byte order, so that a byte-wise
279 output yields to the wanted ASCII representation of the message
280 digest. */
283 {
286 /* Initialize the computation context. */
289 /* Process whole buffer but last len % 128 bytes. */
292 /* Put result in desired memory area. */
294 }
298 {
301 /* Initialize the computation context. */
304 /* Process whole buffer but last len % 128 bytes. */
307 /* Put result in desired memory area. */
309 }
311 void
313 {
314 /* When we already have some bits in our internal buffer concatenate
315 both inputs first. */
317 {
325 {
329 /* The regions in the following copy operation cannot overlap,
330 because ctx->buflen < 128 ≤ (left_over + add) & ~127. */
334 }
338 }
340 /* Process available complete blocks. */
342 {
343 #if !(_STRING_ARCH_unaligned || _STRING_INLINE_unaligned)
344 # define UNALIGNED_P(p) ((uintptr_t) (p) % alignof (u64) != 0)
347 {
351 }
352 else
353 #endif
354 {
358 }
359 }
361 /* Move remaining bytes in internal buffer. */
363 {
369 {
372 /* The regions in the following copy operation cannot overlap,
373 because left_over ≤ 128. */
375 }
377 }
378 }
380 /* --- Code below is the primary difference between sha1.c and sha512.c --- */
382 /* SHA512 round constants */
383 #define K(I) sha512_round_constants[I]
425 };
427 /* Round functions. */
428 #define F2(A, B, C) u64or (u64and (A, B), u64and (C, u64or (A, B)))
429 #define F1(E, F, G) u64xor (G, u64and (E, u64xor (F, G)))
431 /* Process LEN bytes of BUFFER, accumulating context into CTX.
432 It is assumed that LEN % 128 == 0.
433 Most of this code comes from GnuPG's cipher/sha1.c. */
435 void
437 {
451 /* First increment the byte count. FIPS PUB 180-2 specifies the possible
452 length of the file up to 2^128 bits. Here we only compute the
453 number of bytes. Do a double word increment. */
459 #define S0(x) u64xor (u64rol(x, 63), u64xor (u64rol (x, 56), u64shr (x, 7)))
460 #define S1(x) u64xor (u64rol (x, 45), u64xor (u64rol (x, 3), u64shr (x, 6)))
461 #define SS0(x) u64xor (u64rol (x, 36), u64xor (u64rol (x, 30), u64rol (x, 25)))
462 #define SS1(x) u64xor (u64rol(x, 50), u64xor (u64rol (x, 46), u64rol (x, 23)))
464 #define M(I) (x[(I) & 15] \
465 = u64plus (x[(I) & 15], \
466 u64plus (S1 (x[((I) - 2) & 15]), \
467 u64plus (x[((I) - 7) & 15], \
468 S0 (x[((I) - 15) & 15])))))
470 #define R(A, B, C, D, E, F, G, H, K, M) \
471 do \
472 { \
473 u64 t0 = u64plus (SS0 (A), F2 (A, B, C)); \
474 u64 t1 = \
475 u64plus (H, u64plus (SS1 (E), \
476 u64plus (F1 (E, F, G), u64plus (K, M)))); \
477 D = u64plus (D, t1); \
478 H = u64plus (t0, t1); \
479 } \
480 while (0)
483 {
485 /* FIXME: see sha1.c for a better implementation. */
487 {
489 words++;
490 }
581 }
582 }
583 #endif
585 /*
586 * Hey Emacs!
587 * Local Variables:
588 * coding: utf-8
589 * End:
590 */